This tests RP EAP-Initiate/Re-auth-Start transmission, ERP key
derivation, and EAP-Initiate/Re-auth + EAP-Finish/Re-auth exchange and
rMSK derivation.
Signed-off-by: Jouni Malinen <j@w1.fi>
It was apparently possible for this test case not to do what it was
supposed to do, i.e., get nl80211 Authenticate command failing due to
cfg80211 BS entry missing. With the external radio work blocking fixed,
this can be cleaned up by explicitly waiting for the scan event. In
addition, a less used channel can be selected to avoid finding other BSS
entries.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This makes it more convenient and consistent to clear the cached scan
results from cfg80211 and wpa_supplicant.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Do not leave the station trying to connect at the end of the test case
since that can have an effect to the following test case. Such sequences
should be tested in test cases that are specifically designed for that
rather than randomly between test cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
Since run-tests.py is now required to run as root, there is no need to
use the somewhat awkward "sudo tee" construction; instead, just write
directly to the file.
Signed-off-by: Jouni Malinen <j@w1.fi>
Clear scan results to avoid PBC overlap issues caused by earlier test
cases. For example, go_neg_with_bss_connected followed by
go_neg_with_bss_on_disallowed_chan resulted in failure before this
change.
Signed-off-by: Jouni Malinen <j@w1.fi>
This test case was failing every now and then due to dev1
(no_auto_peer=1) not receiving the new-peer-candidate event in time
before dev0 has already stopped retries on mesh peering open message.
This sounds somewhat expected with the default 4 * 40 ms = 160 ms
retries and 1000 TU beacon interval. Use maximum timeout 16 * 255 ms =
4080 ms to make this test case less likely to fail.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Both the wpa_supplicant and kernel configuration need wext to
run the wext testcase, enable those in the default/example
configurations.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Keep full channel scans in autogo for test coverage, but use single
channel scan in all other autogo* test cases to remove unnecessary
waiting that does not add any test coverage. This removes more than one
minute from the total test execution time.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Replace fixed sleep with waiting for a disconnection event. In addition,
remove unnecessary use of sudo.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It was possible for this test case to fail due to PBC overlap that was
detected based on previous test case having used PBC. Make that false
positive less likely to happen by explicitly clearing the scan cache on
the device.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
p2p_oper_reg_class and p2p_oper_channel need to be restored to 0, not an
arbitrary 2.4 GHz channel to avoid issues for following test cases. For
example, p2p_channel_random_social_with_op_class_change followed by
p2p_autogo_pref_chan_not_in_regulatory ended up with the latter test
case failing.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
hwsim_utils.test_connectivity() is already bidirectional test, so there
is no need to run it twice with the devices swapped for the second
iteration.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Clear wpa_supplicant and cfg80211 scan results at the end of hidden SSID
test cases to avoid potential issues for following test cases. For
example, ap_hs20_session_info could fail if executed immediately after
ssid_hidden due to the AP configuration change from open to RSN was not
noticed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is more robust and extensible than configuring IPv6 addresses on
the interfaces and trying to use ping6 or some other external tools to
generate suitable IPv6 frames.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The 50 ms wait time for Action frame response was not sufficient when
the tests are run under heavy load (e.g., multiple VMs in parallel).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Wait for GO to start before sending invitation frames in the protocol
test. Without this, it was possible to hit the 5 second timeout on
management frame RX under load.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It was possible for this test case to fail due to PBC overlap that was
detected based on previous test case having used PBC. Make that false
positive less likely to happen by explicitly clearing the scan cache on
the devices.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The "Not fully connected" report did not clearly identify what went
wrong, so make this more verbose in hope of being able to determine what
happened should this test case fail again.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It was possible to hit the 10 second timeout in some test cases under
heavy load (e.g., with large number of VMs running tests in parallel).
These timeouts are not really indicating any real error, so make them
less likely to show up in reports by increasing the connection timeout
to 30 seconds.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
There are valid status (and possibly status-driver) responses
that don't have a name=value format, ignore those in the test
framework parser.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
It took significant part of the startup latency to prefill the database
with test cases due to the SQL COMMIT operation between each added row.
Move COMMIT to outside the loop to speed startup significantly.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It can be useful to specify an exact order of test cases and also to
allow the same test case to be run multiple times when the list of tests
is provided on the command line.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
For tests that require a radio with multi-channel concurrency,
create a new one on the fly that does have more than 1 channel.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Newer versions of tshark don't like the -R (read filter) argument
for filtering and just show a deprecation warning. Use -Y (display
filter) instead, which hopefully also works on older versions.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
External tool is not needed anymore to run the data connectivity tests
since hostapd test mode now allows the possible bridge or VLAN interface
to be specified.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It was possible for some of the SAE test cases (e.g., ap_ft_sae) to fail
if they were run after the sae_groups test case that left the SAE group
configuration to a value that is not enabled by default. Fix this by
clearing sae_groups setting in the couple of test cases that were not
yet doing this.
Signed-off-by: Jouni Malinen <j@w1.fi>
except_ack() was supposed to be verifying that the frame was ACK'ed,
i.e., it was really supposed to be called expect_ack().
Signed-off-by: Jouni Malinen <j@w1.fi>
The implementation of WNM BSS transition management was extended to be
able to return a reject status code based on whether a matching entry is
found. The test case wnm_bss_tm_req was trying to enforce a different
status code to be used here based on old implementation.
Signed-off-by: Jouni Malinen <j@w1.fi>
This implements minimal RSN 4-way handshake Supplicant in Python and
uses that to test hostapd Authenticator implementation in various
possible protocol sequencies.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Change the mesh tests to check for the presence of HT in the scan
results.
[original implementation by Chun-Yeow Yeoh <yeohchunyeow@gmail.com>]
[some fixes by Masashi Honma <masashi.honma@gmail.com>]
Signed-off-by: Ashok Nagarajan <ashok.dragon@gmail.com>
Signed-off-by: Javier Cardona <javier@cozybit.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
This wpa_supplicant tests include basic tests for:
- Mesh scan
- Mesh group add/remove
- Mesh peer connected/disconnected
- Add/Set/Remove to test mesh mode network
- Open mesh connectivity test
- Secure mesh connectivity test
- no_auto_peer
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
[no_auto_peer test by: Javier Cardona <javier@cozybit.com>
Signed-off-by: Javier Lopez <jlopex@gmail.com>
The previous changes to enable stdin control broke the previous case of
showing the total number of test cases in the START lines. Fix that by
using a separate variable for the total number of test casess instead of
using length of the list of remaining test cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
This allows all VMs to be used at the end of a test sequence by
assigning test cases to VMs based on which VM is available for a new
test case rather than splitting the full task at the beginning and
potentially getting stuck with the last VM running long test cases for
significantly longer than another VM that gets shorter duration tests
assigned to it.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new -i command line argument can be used to control test case
execution from stdin to run-tests.py and vm-run.sh. This can be used,
e.g., to run multiple repeated test sequences in a virtual machine
without havign to restart the VM between each iteration.
Signed-off-by: Jouni Malinen <j@w1.fi>
Some of the paths in run-tests.py are hardcoded and could not handle
tests/hwsim/vm as the working directory. Modify the design enough to
allow ../run-tests.py -L to be used from the vm directory.
Signed-off-by: Jouni Malinen <j@w1.fi>
This allows a list of matching test cases to be produced without having
to run the test cases. Previously, -L output included all defined test
cases regardless of what else was included on the command line.
Signed-off-by: Jouni Malinen <j@w1.fi>
Previously, it was possible for a kernel panic to be missed since the
only sign of it in stdout was reduced number of passed test cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
This avoids possible mismatches in directory and log file timestamps if
the UNIX timestamp (seconds) changes during the startup sequence.
Signed-off-by: Jouni Malinen <j@w1.fi>
This parameter was used in some of the NFC test cases to make scanning
more robust in case of changing AP configuration. However, the parameter
was not cleared anywhere, so it could have been left in use for other
test cases as well. To get more consistent behavior, clear the value
back to its default between test cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
This was currently breaking parallel-run.*, as it was passing
--split num/num parameters (intended for rnu-tests.py)
to vm-run.sh which broke the --codecov and --timewrap options.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Update the code coverage documentation to also specify the
source base directory for the code coverage generation.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Add an option --build to run-all.sh to build before starting to run all
the tests. In addition, add an option --codecov to extract the code
coverage data at the end of the run.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
This verifies that station mode interface SCAN command gets executed if
P2P Device instance is running p2p_find.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
grpform_cred_ready_timeout2 is similar to the grpform_cred_ready_timeout
test case with the difference being in initiating a P2P_FIND operation
during the wait.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The issue in mac80211 was identified and proposed fix is now available,
so remove the workaround here and start reporting failures from
unexpected disconnection during CSA.
Signed-off-by: Jouni Malinen <j@w1.fi>
This verifies that last_scan_res and connect work pointers to BSS
entries get updated when scan result update ends up removing or
reallocating a BSS entry.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is needed in preparation for WPS AES being mapped to enabling both
CCMP and GCMP if the driver supports both ciphers.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The new run-tests.py argument "-l <file>" can now be used to specify the
test modules using a text file.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
"./build.sh --force-config" can be used to force copying configuration
files before building. This will overwrite any changes in .config files.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
"./build.sh --codecov" can now be used to request CONFIG_CODE_COVERAGE=y
to be added to hostapd and wpa_supplicant .config files.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
It looks like cfg80211 can trigger disconnection even without disabling
HT, so the same issue may be hit with both of the channel switches in
these test cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
ap_ht40_csa and ap_ht40_csa3 seem to show a cfg80211/mac80211 issue
where a CSA from HT40+ to HT40- channel results in HT getting disabled
due to cfg80211_chandef_compatible() check on c1->width == c2->width
claiming that the new channel is not compatible. For now, comment out
the FAIL case for these known issues to avoid constant failure for cases
that are not wpa_supplicant/hostapd issues. Once the kernel side design
has been reviewed, these error cases can be enabled here.
Signed-off-by: Jouni Malinen <j@w1.fi>
It was possible for the not-pre-authorized GO Negotiation case to end up
starting new GO Negotiation before the GO Negotiation Response frame
with status=1 was transmitted. While this works for group formation, it
could reduce test coverage for the common case where that response is
received. At a small sleep to make it less likely for this unexpected
sequence to happen during testing.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
When loading the hwsim module, disable support_p2p_device by default.
This will also become the default in the kernel, but until then it
makes sure it's not turned on by default.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Use dynamic radios for P2P_DEVICE tests to be able to test
support when the default in hwsim is to not support it.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This will be needed to be able to control dynamic mac80211_hwsim
operations like adding and removing a phy. In the past, it has been
possible to start the main programs as root and then use non-root
account for run-tests.py. However, there is already a large number of
cases within the test scripts where sudo is needed. Moving that
requirement to execution of run-tests.py allows those to be simplified
as well.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new HWSimRadio context manager allows the following
syntax to create (and appropriately destroy) a new radio:
with HWSimRadio([...]) as (radio_id, iface_name):
[...]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
For testing P2P-Device support properly, allow dynamically
creating radios with support for it in hwsim.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Instead of hardcoding reset_devs() to remove wlan5, remove all wlan*
interfaces renaming in the wpa_supplicant process to support the case of
dynamically added hwsim phy.
Signed-off-by: Jouni Malinen <j@w1.fi>
This replaces use of the external hwsim_test tool for most data
connectivity test cases. Only the cases where a special interface
(bridge/VLAN) is used are still executed through hwsim_test.
The internal DATA_TEST_* functionality makes it easier to extend the
connectivity test cases through an external device with real WLAN
hardware instead of the hwsim test setup. In addition, the error reports
from this code can be made more informative.
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes it easier to use instances of control interfaces in common
code without having to separately address hostapd and wpa_supplicant
behavior differences.
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes it easier to replace data connectivity testing to use
something else than local hwsim_test binary on the controller device.
Signed-off-by: Jouni Malinen <j@w1.fi>
Signed-hostap: Luciano Coelho <luciano.coelho@intel.com>
Skip CSA tests if the driver doesn't support this in AP mode.
Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
This adds a test which attempts to use the control interface for the
P2P group to remove the P2P group.
Signed-off-by: Toby Gray <toby.gray@realvnc.com>
This is a more advanced version of the simple parallel-vm.sh script.
Status of each VM is printed out during the test and results are
provided in more convenient format in the end.
Signed-off-by: Jouni Malinen <j@w1.fi>
Use scan_for_bss() instead of scan() to avoid errors if the active scan
fails, e.g., due to heavy load under parallel-vm.sh test run.
Signed-off-by: Jouni Malinen <j@w1.fi>
This verifies that GO is able to complete group formation even if the
P2P Client does not send WSC_Done message (or that message is dropped
for any reason) in case the P2P Client completes 4-way handshake
successfully.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It looks like mac80211 scan-while-associated can now take over 10
seconds with the current wireless-regdb rules for world roaming due to
number of additional DFS channel having been enabled for passive
scanning. This resulted in ap_hs20_session_info failing due to the wait
for the scan result event timing out. That is not really a real failure,
so increase the timeout to avoid reporting this incorrectly.
Signed-off-by: Jouni Malinen <j@w1.fi>
This uses mac80211_hwsim dfs_simulate_radar to get the real kernel side
CAC operation executed and aborted due to radar detection. This allows
another channel to be selected properly through another CAC run.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Simulate a radar detection event to verify that hostapd switches
channels properly and the station follows the AP to the new channel.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It looks like association with DFS works fine with the current kernel
version, so re-enable this part of the DFS test cases.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Since this requires a recent CRDA version and updated wireless-regdb, do
not report failures yet (i.e., indicate that the test case was skipped
if AP startup fails).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This allows the aes_wrap() and aes_unwrap() implementation to be
verified against KW_{AE,AD}_{128,192,256}.txt test vectors from
http://csrc.nist.gov/groups/STM/cavp/documents/mac/kwtestvectors.zip
For example:
./test-aes NIST-KW-AE kwtestvectors/KW_AE_128.txt
./test-aes NIST-KW-AE kwtestvectors/KW_AE_192.txt
./test-aes NIST-KW-AE kwtestvectors/KW_AE_256.txt
./test-aes NIST-KW-AD kwtestvectors/KW_AD_128.txt
./test-aes NIST-KW-AD kwtestvectors/KW_AD_192.txt
./test-aes NIST-KW-AD kwtestvectors/KW_AD_256.txt
Signed-off-by: Jouni Malinen <j@w1.fi>
This adds kek_len argument to aes_wrap() and aes_unwrap() functions and
allows AES to be initialized with 192 and 256 bit KEK in addition to
the previously supported 128 bit KEK.
The test vectors in test-aes.c are extended to cover all the test
vectors from RFC 3394.
Signed-off-by: Jouni Malinen <j@w1.fi>
This verifies that hostapd uses Session-Timeout value from Access-Accept
as the lifetime for the PMKSA cache entries and expires entries both
while the station is disconnected and during an association.
Signed-off-by: Jouni Malinen <j@w1.fi>
This reverts commit bf700cc3d2. The
concurrent initialization test case is now expected to work again with
the STA entry added early enough to avoid the recently added mac80211
validation step failure.
Signed-off-by: Jouni Malinen <j@w1.fi>
Older mac80211 implementations did not set the link identifier
appropriately, resulting in an incorrect teardown packet being sent the
peer. wpa_supplicant adds the FTE containing the MIC field calculated
using the correct link-identifier. This causes a MIC failure on the
other side and the teardown is discarded. Verify this case is fixed by
newer kernel and wpa_supplicant code.
Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
Remove and re-start the persistent group manually to increase test
coverage to include the case of re-configuring the PSK list entries from
a stored persistent group.
Signed-off-by: Jouni Malinen <j@w1.fi>
If the previuous test case used a non-RSN AP and that was left in
cfg80211 scan results, it was possible for ap_hs20_random_mac_addr to
pick that old AP from the previous test and reject to connect through
Hotspot 2.0 mechanisms. Work around this test issue by requesting new
set of scan result at the beginning of the test.
Signed-off-by: Jouni Malinen <j@w1.fi>
The scan for WPS-AUTH validation may miss a Probe Response frame if the
hostapd process gets blocked under load, e.g., when testing with
parallel-vm.sh.
Signed-off-by: Jouni Malinen <j@w1.fi>
Previously, periodic autoscan could have been left running and that
could result in the following test cases failing in some cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
Some of the test cases where using INTERWORKING_SELECT internally
without using scan_for_bss like the helper functions did. Add explicit
scan_for_bss calls to make the test cases less likely to fail due to
missing BSSes in scan results. This could cause false failure reports
when runnign under heavy load with parallel-vm.sh.
Signed-off-by: Jouni Malinen <j@w1.fi>
This avoids unexpected connection attempts in cases a matching network
is enabled and there is no existing connection (e.g., when testing with
ENABLE_NETWORK no-connect option).
Signed-off-by: Jouni Malinen <j@w1.fi>
A mac80211 TDLS validation change ended up breaking test functionality
that was needed for this test case. Instead of reporting this known
issue as a FAIL every time, mark the test as SKIP since the issues is
known and there are no plans of "fixing" it.
Signed-off-by: Jouni Malinen <j@w1.fi>
Verify that EAP fast session resumption is skipped if the connection
uses a different network configuration than the last EAP connection.
Signed-off-by: Jouni Malinen <j@w1.fi>
This test case for enforcing the incorrect init=DRIVER instead of
init=CORE for the event due to bug in the event message.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It was possible for this test case to fail due to PBC overlap that was
detected based on previous test case having used PBC. Make that false
positive less likely to happen by explicitly clearing the scan cache on
dev[1].
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Verify that when all configured preferred channels are disallowed,
the GO is instantiated on a random channel.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Verify that a standalone GO selects a random channel from the social
channels in case no other preference is set.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Verify that when trying to form a P2P group but each peer forces a
different frequency, the group formation fails.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Verify that when setting frequency as no_go_freq and setting up
autonomous GO, the GO is instantiated on a different frequency, but
when forming a P2P group and becoming a client this frequency can be
used.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Verify that when setting up autonomous GO with configured preferred
channel and a station interface is connected on a channel that is
disallowed for P2P, the GO is instantiated on the preferred channel.
Requires MCC.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Verify that when setting up an autonomous GO with configured preferred
channel and a station interface is on another channel, the GO is
instantiated on the same channel as the station interface and not on the
configured preferred channel.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Verify that when a station interface is on one frequency, and GO
negotiation is started in which both sides force a different frequency,
the P2P group is formed on the forced frequency (both as GO and client).
Requires MCC.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
After station interface is connected on a specific channel, create
autonomous GO with forced different channel.
Requires MCC.
Signed-off-by: Haim Dreyfuss <haim.dreyfuss@intel.com>
Verify that when P2P group is formed and a station interface is
connected on a channel that is disallowed for P2P, the group is formed
on a different channel than the BSS (both as GO and client).
Requires MCC.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Verify that when setting up an autonomous GO and station interface is
connected on a channel that is disallowed for P2P uses, the GO is
instantiated on a different channel than the station mode connection.
Requires MCC.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Verify that when station interface is connected and GO negotiation is
initiated, the P2P group is formed on the same channel as the station
connection.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
This test verifies that if a GO is instantiated after a connection of a
station interface, the chosen operating channel is that of the station
interface.
Signed-off-by: Haim Dreyfuss <haim.dreyfuss@intel.com>
Add an option to run-all.sh and start.sh to get as an argument the
number of concurrent channels that mac80211_hwsim will be loaded with.
To start mac80211_hwsim with more than one channel, the following
parameter should be added to command line: channels=<num_channels>
The default is one channel (no concurrent channels).
The driver should be loaded with multi channel support in order to run
some tests.
Signed-off-by: Haim Dreyfuss <haim.dreyfuss@intel.com>
This test case shows an example case where an uncancelled offchannel TX
frame command seems to end up getting following CMD_FRAME TX operations
transmitting on incorrect channel.
Signed-off-by: Jouni Malinen <j@w1.fi>
This introduces a minimal RADIUS authentication server using pyrad to
allow simple EAP handler functions to be used for writing protocol tests
for EAP peer methods. This initial commit includes test cases for
EAP-SAKE.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is a regression test for printf_encode() bounds checking issues
that can now be caught under valgrind.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, only hostapd-AP and wpa_supplicant processed were run under
valgrind when valgrind testing was enabled. Extend this to include
hostapd as authentication server.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This was still present in hostapd example configuration even though the
test driver wrapper is not used anywhere in the hwsim testing and there
are no plans of using it either.
Signed-off-by: Jouni Malinen <j@w1.fi>
These are similar to the existing test cases where PTK rekey was
triggered by the station, but here a timer on the AP is used as the
trigger.
Signed-off-by: Jouni Malinen <j@w1.fi>
This brings in a minimal pyrad-based RADIUS server to allow various
protocol tests to be run. For now, the server is not adding
Message-Authenticator, so that error case is checked. Additional tests
can be added in the future.
Signed-off-by: Jouni Malinen <j@w1.fi>
This used to result in a segmentation fault due to use of freed memory
(mismatch in pointer lifetime between hostapd.c and driver_nl80211.c).
Signed-off-by: Jouni Malinen <j@w1.fi>
This is a regression test for an issue where scanning sequence could be
terminated if interworking_find_network_match() finds a matching
network, but wpa_s->auto_select is not set. This could stop connection
attempts when auto_interworking=1 is used and the scan results have a
partially matching network and no cred match.
Signed-off-by: Jouni Malinen <j@w1.fi>
radius_{auth,acct}_unreachable tested some parts of RADIUS client code
error handling. However, they did not test everything since the send()
calls for unreachable port on localhost did not return an error (that
error was reported on receive side). Extend this with similar test cases
using unreachable IP address to get send() error returns covered as
well.
Signed-off-by: Jouni Malinen <j@w1.fi>
ap_cipher_tkip_countermeasures_{ap,sta} printed out the MAC addresses in
stdout which resulted in the debug log not starting the PASS/FAIL
information at the beginning of the line. Hide these unnecessary prints
to avoid that.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The example IMV and IMC used for TNC testing has references to
wpa_printf and other functions from hostapd/wpa_supplicant. Link the
binaries in a way that allows these symbols to be resolved while loading
the libraries at run time.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This allows the SHA-1 implementation to be validated against the
SHA1ShortMsg.rsp and SHA1LongMsg.rsp test vectors from
http://csrc.nist.gov/groups/STM/cavp/documents/shs/shabytetestvectors.zip.
Similarly, the SHA-256 can be validated against the SHA256ShortMsg.rsp
and SHA256LongMsg.rsp.
Signed-off-by: Jouni Malinen <j@w1.fi>
Incorrect password was already tested with TTLS/MSCHAPv2, but the other
non-EAP inner methods in TTLS use their own implementation of password
validation, so check each and also verify the case of no matching EAP
user entry for the specific method.
Signed-off-by: Jouni Malinen <j@w1.fi>
This documents some more steps needed during initial test setup
configuration to make it easier to get this running even without
thorough knowledge of the network setup used by the operating system.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Scan explicitly for the specific AP to work around issues where under
heavy CPU load, the single active scan round may miss the delayed Probe
Response from the AP. In addition, verify that ANQP_GET commands succeed
to make error cases clearer in the log.
Signed-off-by: Jouni Malinen <j@w1.fi>
This verifies that the wait for peer to be ready for GO Negotiation is
timed out properly at no less than 120 seconds. Since this is a long
test case, it is disabled by default without the --long option.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Allow three P2P_FIND attempts for discovering the GO on a non-social
channels since the single Probe Response frame can be missed easily
under heavy CPU load.
Signed-off-by: Jouni Malinen <j@w1.fi>
Scan explicitly for the AP that may be started during the test case
execution. This is needed to work around issues where under heavy CPU
load, the single active scan round may miss the delayed Probe Response
from the second AP.
Signed-off-by: Jouni Malinen <j@w1.fi>
Instead of checking for multiple EAP starts (which can occur if
EAPOL-Start from supplicant goes out quickly enough, e.g., due to CPU
load), look for the explicit message indicating that TTLS method
initialization failed.
Signed-off-by: Jouni Malinen <j@w1.fi>
Scan explicitly for the AP that may be started during the test case
execution. This is needed to work around issues where under heavy CPU
load, the single active scan round may miss the delayed Probe Response
from the second AP. In addition, check for ROAM/FT_DS failures to be
able to report errors more clearly.
Signed-off-by: Jouni Malinen <j@w1.fi>
Scan explicitly for the AP that may be started during the test case
execution. This is needed to work around issues where under heavy CPU
load, the single active scan round may miss the delayed Probe Response
from the second AP.
Signed-off-by: Jouni Malinen <j@w1.fi>
These can fail during heavy CPU load due to active scan dwell time not
being long enough to catch the delayed Probe Response frame from the AP.
Work around this by allowing multiple scan attempts to see the response.
Signed-off-by: Jouni Malinen <j@w1.fi>
There was a bug in this code path that resulted in the
skip-scan-to-start-GO case to not actually skip the scan. It looks like
this could be hit at least when autoscan was enabled, but it is possible
that some other sequences could hit this as well.
Signed-off-by: Jouni Malinen <j@w1.fi>
Since P2P Client scan case is now optimzied to use a specific SSID, the
WPS AP will not reply to that and the scan after GO Negotiation can
quite likely miss the AP due to dwell time being short enoguh to miss
the Beaco frame. This has made the test case somewhat pointless, but
keep it here for now with an additional scan to confirm that PBC
detection works if there is a BSS entry for a overlapping AP.
Signed-off-by: Jouni Malinen <j@w1.fi>
The single channel scan while associated to another AP and immediately
after starting the second AP can miss the Probe Response frame
especially under heavy CPU load. Avoid false error reports by allowing
multiple scan rounds to be performed. wpas_ctrl_bssid_filter is also
modified to take into account different get_bss() behavior.
Signed-off-by: Jouni Malinen <j@w1.fi>
This adds a test case for the server fragmenting an EAP-IKEv2 message.
In addition, the fragmentation threshold is made shorter to trigger
fragmentation for all messages.
Signed-off-by: Jouni Malinen <j@w1.fi>
The BSS id numbers were assumed to start from 0 at the beginning of this
test case, but that is only the case if this is run as the first test
after starting wpa_supplicant. Fix the test case to figure out the id
values dynamically to avoid false errors.
Signed-off-by: Jouni Malinen <j@w1.fi>
Extend EAP-SIM/AKA/AKA' test coverage by setting up another
authentication server instance to store dynamic SIM/AKA/AKA' information
into an SQLite database. This allows the stored reauth/pseudonym data to
be modified on the server side and by doing so, allows testing fallback
from reauth to pseudonym/permanent identity.
Signed-off-by: Jouni Malinen <j@w1.fi>
This allows control interface issues to be caught in a bit more readable
way in the debug logs. In addition, dump pending monitor socket
information more frequently and within each test case in the log files
to make the output clearer and less likely to go over the socket buffer
limit.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It is possible for the scan to miss a Probe Response frame especially
under heavy load, so try again to avoid reporting invalid failures.
Signed-off-by: Jouni Malinen <j@w1.fi>
It is possible for a scan to fail to see Probe Response or Beacon frame
under heavy load (e.g., during a parallel-vm.sh test run) since the
dwell time on a chanenl is quite short. Make the test cases using
INTERWORKING_SELECT more robust by trying again if the first attempt
does not find a matching BSS.
Signed-off-by: Jouni Malinen <j@w1.fi>
It is possible for the final step of the test case to fail under load
(e.g., when using parallel-vm.sh with large number of VMs), so run
through additional scan iterations if the WPS-AUTH flag does not get
removed immediately.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Verify that AP acts on 40 MHz intolerant STA association/disassociation
and on 20/40 co-ex report indicating 40 MHz intolerant AP showed up and
removed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It turned out that the initial test case found the GO based on the
initial full scan instead of the progressive search part. Fix this by
started the GO only after the initial full scan.
Signed-off-by: Jouni Malinen <j@w1.fi>
This can fail if Probe Response frame is missed and Beacon frame was
used to fill in the BSS entry. This can happen, e.g., during heavy load
every now and then and is not really an error, so try to workaround by
runnign another scan.
Signed-off-by: Jouni Malinen <j@w1.fi>
It seems like it is possible for a CTRL-EVENT-REGDOM-CHANGE event from a
previous test case to "leak" through to the execution of this test case.
That can result in the validation steps here failing, so wait a bit and clear the pending events before starting the test.
Signed-off-by: Jouni Malinen <j@w1.fi>
ap_multi_bss_acs test case was failing if it was executed immediately
after a test case that used 5 GHz band since the current mac80211_hwsim
channel survey implementation is very limited and reports only a single
channel. For this test case, that channel has to be from the 2.4 GHz
band.
Signed-off-by: Jouni Malinen <j@w1.fi>
run-tests.py now takes an optional --long parameter that can be used to
enable running of test cases that take a long time (multiple minutes).
By default, such test cases are skipped to avoid making the normal test
run take excessive amounts of time.
As an initial long test case, verify WPS PBC walk time expiration (two
minutes).
Signed-off-by: Jouni Malinen <j@w1.fi>
Do not report missing PBC overlap detection as an issue in this test
case since the sequence can miss the overlap due to per-SSID scan used
during group formation. In addition, increase AP beaconing frequency to
make it more likely for a Beacon frame to be seen during the optimized
scan.
Signed-off-by: Jouni Malinen <j@w1.fi>