The blacklist design will be modified in the following commits and that
would result in this validation step based on the older implementation
starting to fail. Remove this check to avoid such testing failures.
Signed-off-by: Jouni Malinen <j@w1.fi>
The file was already outdated again, so rewrite it to ignore
anything but c, h and sh files that start with "test-".
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Instead of building in the source tree, put most object
files into the build/ folder at the root, and put each
thing that's being built into a separate folder.
This then allows us to build hostapd and wpa_supplicant
(or other combinations) without "make clean" inbetween.
For the tests keep the objects in place for now (and to
do that, add the build rule) so that we don't have to
rewrite all of that with $(call BUILDOBJS,...) which is
just noise there.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Clean up in a more common fashion as well, initially for ../src/.
Also add $(Q) to the clean target in src/
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Some things are used by most of the binaries, pull them
into a common rule fragment that we can use properly.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Remove this part of the dbus_network test case since it would be causing
failures after wpa_supplicant is modified to accept empty strings
through D-Bus.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This is useful to run monitor quickly:
./run-tests.py -t run_monitor -m mon:36,20,36,0:1,20,1,0
In such example we will get one PCAP for 36/20 and 1/20.
After execution, PCAP file is in the log directory, e.g.:
./logs/2019_11_11_13_36_24/run_monitor_mon_wlp3s0_wlp5s0.pcap
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
This is mainly for standalone monitor in case we know and would like to
setup specific monitor configuration.
-m monitor:<chan>,<bw>, <cf1>, <cf2>:...
For example:
-m monitor:1,40,3,0
-m e4300:1,40,3,0:11,40,9,0
This also supports monitor with multiple interfaces (one pcap).
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
Before we have to kill an application we start in the thread - in most
cases using killall and sometimes kill other applicantions, e.g., tcpdump,
iper, iperf3, tshark.
With this patch we are able to stop/kill a single application/thread
instead, based on the pid file.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
In case we are using ssh MUX (which speed up a lot test execution) with
remotehost we could hit cases where ssh will hang up. This depends on
different ssh versions and remotehost implementation.
stderr as a tmpfile fixes this problem.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
This is needed to allow the test cases to work on systems using
secpolicy=2 default (e.g., Ubuntu 20.04).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Addition of MSCS support broke the test tool build due to references to
a functions from a new file. Fix this by bringing in that file to the
fuzzer build as well.
Signed-off-by: Jouni Malinen <j@w1.fi>
Update the SAE-PK implementation to match the changes in the protocol
design:
- allow only Sec values 3 and 5 and encode this as a single bit field
with multiple copies
- add a checksum character
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Instead of overriding the subject field with something arbitrary, use
the value that is included in the CSR now that there is something there.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The parsed 'length' field might pointsbeyond the end of the frame, for
some malformed frames. I haven't figured the source of said packets (I'm
using kernel 4.14.177, FWIW), but we can at least be safer about our
handling of them here.
Signed-off-by: Brian Norris <briannorris@chromium.org>
Instead of checking if the kernel allows modules (via the presence of
/proc/modules), check if mac80211_hwsim is already there and load it
only if not. This gets rid of some ugly prints from modprobe in case
code isn't even a module and cannot be found, etc.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
With python3 bytes are returned for stdout, so need to use b''
strings instead of normal strings. These are just a few places
I ran into, almost certainly more places need it.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
If we want the test to actually use 160/80+80 we need to explicitly
advertise that we support it ourselves, since the kernel is going to be
a bit more strict about this.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Clear scan results explicitly in test cases that check BSS entry flags
to avoid incorrect failures based on results from earlier test cases.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Lambda >= 12 is needed with Sec = 2, so drop the shorter password
lengths in the sae_pk and module_wpa_supplicant test cases.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Now that there is a pending mac80211 patch ("mac80211: allow SA-QUERY
processing in userspace") to allow wpa_supplicant to take care of SA
Query Request processing, start enforcing correct behavior for this in
ocv_sa_query and wpa2_ocv_sta_override_sa_query_resp.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
If the current country code cannot be fetched, do not try to report the
current value in the log since that will result in TypeError exception.
Signed-off-by: Jouni Malinen <j@w1.fi>
Couple of VHT test cases missed explicit setting of hapd to None before
trying to start hostapd. Add those to avoid unexpected exceptions in
case hostapd start fails.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add a decorator that clears ignore_old_scan_res parameter value instead
of doing this with try/finally in large number of test cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add a decorator that disables IPv6 and requires running
under a VM, rather than open-coding that many times.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The freqlist parameter uses comma, not space, separated values. Add
another test case for checking freqlist values that do not use the
preferred channel numbers to make sure the frequency list is actually
used as a constraint for selecting the channel.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add a test for delayed group rekey retransmission that checks that
the IGTK is protected against it by not resetting the IPN replay
counter when reinstalling such a key.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
While adding support for IGTK and BIGTK here, I tested this without
protections (i.e., with protections removed from both wpa_supplicant and
the driver), and while I got some bad resets on the debugfs values, it
should have failed with "unexpected connectivity".
Fix this to be correct - we need to reset the GTK PN, not the PTK PN in
this test.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Replace the gtk boolean by a keytype value indicating
GTK or PTK, to be able to extend to other types later.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
When run after other tests, It was likely that the target
bss was already present in scan_fail, so the
scan_for_bss() wouldn't trip the allocation failure in
wpa_bss_add(). Flush the scan results before the scan to
ensure wpa_bss_add() is called and consistently pass
scan_fail.
Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com>
If sigma_dut is not installed, start_sigma_dut() will
throw an exception. Call start_sigma_dut() inside the
try/except to correctly reset the regulatory domain.
This fixes several seemingly random failures due to
regulatory domain not being reset.
Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com>
Extend DPP chirping mechanism to allow Reconfig Announcement frames to
be transmitted instead of the Presence Announcement frames. Add a new
wpa_supplicant control interface command "DPP_RECONFIG <network id>" to
initiate reconfiguration for a specific network profile.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The memory allocation in dpp_peer_intro() was moved into a helper
function dpp_check_signed_connector(), so update the test case to match.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This test case seems to be failing every now and then due to the AP not
getting out the Deauthentication frame after PMKSA expiration if the STA
is in power save mode.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
It looks like this test case was supposed to set power_save off at the
end instead of repeating the same setting twice.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
These test cases are using externally generated PMKSA cache entry which
does not support use of PFS. This will start failing if the station
claims to support PFS in such cases, so explicitly disable PFS
functionality in these test cases for now.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Otherwise the test will continue on and fail later due to unexpected
foreign ARP request. The try/except design here did not work properly to
detect this.
Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com>
Crypto libraries are starting to refuse to accept the old shorter keys,
so move all test certificates and DH to use 2048 bit (or longer) keys.
Signed-off-by: Jouni Malinen <j@w1.fi>
Python 3.8 removed the previously used default of MD5 algorithm, so
provide the explicit digestmod=hashlib.md5 parameter to the couple of
places that were missing it.
Signed-off-by: Jouni Malinen <j@w1.fi>
The ap_beacon_rate_* test cases could end up terminating before the very
first Beacon frame is captured, so wait a bit after the connection to
make sure at least one Beacon frame is going to be in the capture file.
Signed-off-by: Jouni Malinen <j@w1.fi>
This test case was using sigma_dut to set sae_pwe=2, but that value was
not cleared in the end. This could result in following SAE test cases
failing due to unexpected behavior.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
$(LIBS) got included twice into the linker command line from $^ and
$(LIBS). The former ended up getting converted based on host CPU rather
than target. Fix that by removing duplication and -lcrypto from $(LIBS).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The eloop_register_read_sock() call in i802_init() will be skipped if
the driver supports control port for EAPOL RX, so need to skip this part
of the test case conditionally.
Signed-off-by: Jouni Malinen <j@w1.fi>