Number of these test cases start connection attempt in wpa_supplicant
and then expected a specific failure to happen relatively quickly. This
could result in timeouts if the first scanning round missed to find the
AP (e.g., due to CPU load pushing out the Probe Response frame long
enough for the station having left the channel) and wpa_supplicant then
waiting five seconds before starting a new scan.
Make this more robust by scanning explicitly for the specific BSSID
before starting the connection attempt.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This old interface has been obsoleted and should not have been used
since 2010, so remove testing for it in preparation to dropping the
interface completely from wpa_supplicant.
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
No need to duplicate this functionality when all the ap_ft_pmf_*_over_ds
test cases are doing practically the same thing and the
no-specific-cipher-configuration case can be addressed easily with the
same helper function.
Signed-off-by: Jouni Malinen <j@w1.fi>
The main step of the test case was accidentally removed when adding the
cipher specific versions.
Fixes: ffcaca68d3 ("tests: FT with different BIP algorithms")
Signed-off-by: Jouni Malinen <j@w1.fi>
Configure the sae_groups parameter for hostapd explicitly in preparation
for the default value change in the implementation.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Configure the sae_groups parameter for hostapd explicitly in preparation
for the default value change in the implementation.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Avoid an invalid failure case due to scan results being left behind from
connect_cmd_bssid_hint when executing connect_cmd_reject_assoc by
explicitly clearing the scan results from dev5. This fixes an error case
that happened with the following test case sequence:
connect_cmd_bssid_hint connect_cmd_reject_assoc
Signed-off-by: Jouni Malinen <j@w1.fi>
The wpas (dev5) control interface socket did not always get cleared in
the MACsec test cases and this could result in issues with following
test cases if the dev5 message queue hit the maximum limit.
Signed-off-by: Jouni Malinen <j@w1.fi>
Now that the backhaul STA Multi-AP association is not rejected anymore
by the AP, update the test case to expect disconnection to be triggered
by the STA.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
With just one additional argument, the run_multi_ap_association()
function can be used for all tests.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This seems to be needed when using python3 in VM for the ssid_utf8 test
case debug prints from the control interface requests. This breaks
python2 support for the same logging entries, but there does not seem to
be any easy way of addressing this in a manner that works for both
python versions, so move ahead with the python3-only support from now
on.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This test case was failing pretty frequently due to an issue in being
able to send out the Provision Discovery Response frame on the operating
channel. Now that wpa_supplicant has a fix for that issue, modify this
test case to hit this error condition every time. In addition, make sure
the possible exception from p2ps_exact_seek() does not get hidden with a
failing remove_group() call in the finally section.
Signed-off-by: Jouni Malinen <j@w1.fi>
Once mac80211 starts reporting the used Association Request frame IEs in
the association event, wpa_supplicant will update RSN supplicant IE
information based on that and that will make the AP reject EAPOL-Key msg
2/4 in this particular test scenario due to the hack of including two
RSN IEs in the Association Request frame. Accept this sequence as a
valid test execution in addition to the previously expected connection
to avoid reporting incorrect failures.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This allows unexpected cases to terminate parallel-vm.py without being
hidden by the exception handler.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Some of the WNM implementation expects configuration to be available
(e.g., ieee802_!1_rx_wnm_coloc_intf_req() dereferences wpa_s->conf), so
add a dummy configuration to allow the fuzzer tool to be used.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add test-eapol program that can be used for fuzzing the EAPOL-Key
Supplicant and Authenticator implementations. This tool can write
Supplicant or Authenticator messages into a file as an initialization
step and for the fuzzing step, that file (with potential modifications)
can be used to replace the internally generated message contents.
The TEST_FUZZ=y build parameter is used to make a special build where a
hardcoded random number generator and hardcoded timestamp are used to
force deterministic behavior for the EAPOL-Key operations. This will
also make the implementation ignore Key MIC and AES keywrap errors to
allow processing of modified messages to continue further.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add test-tls program that can be used for fuzzing the internal TLS
client and server implementations. This tool can write client or server
messages into a file as an initialization step and for the fuzzing step,
that file (with potential modifications) can be used to replace the
internally generated message contents.
The TEST_FUZZ=y build parameter is used to make a special build where a
hardcoded random number generator and hardcoded timestamp are used to
force deterministic behavior for the TLS operations.
Signed-off-by: Jouni Malinen <j@w1.fi>
The result of reading non blocked empty stream is different between
python2 and 3. The python2 sends "[Errno 11] Resource temporarily
unavailable" exception. The python3 could read "None" without
exception, so handle this "None" case as well.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
In recent Debian versions, ebtables is an alias managed by
the alternatives(8) mechanism. This means /usr/sbin/ebtables
is a symlink to /etc/alternatives/ebtables, which in turn
links to the real binary.
As we mount a tmpfs over /etc, we cannot access this.
Fix this by bind-mounting the real /etc to /tmp/etc and
adding a symlink from /etc/alternatives to this.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Evidently this file must exist when running the sigma_dut
dependent tests, add it to .gitignore so it's not seen as
making the tree "unclean" when it is added manually.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
For tests, build the HS 2.0 OSU client (without browser to avoid
having webkit/curl dependencies).
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Add a test that drops the authentication frame, so that
hostapd thinks the station is unknown, and then sends one
by itself, so the station thinks it's associated. This
tests mostly the kernel's capability to recover from this
scenario.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
If telnetd is installed and --telnet <port> is passed on the
vm-run.sh command line, start a telnet server (directly connected
to bash, no login) inside the VM(s) to be able to look into them
when something is wrong. Use a user network in qemu with a single
host forward from the specified port for this, listening only on
'localhost'.
Please note that this provides unauthenticated access to the guest
system from anything that can open a TCP connection on the host system.
The guess system does have access to reading all files on the host that
the user account running kvm has access to (and even write access if the
default ROTAG ,readonly parameter is cleared). In other words, this
option should not be used on any multiuser systems where kvm is run
under user accounts that are not dedicated for testing purposes (i.e.,
do not have access to any files that should not be readable to
everyone).
This needs CONFIG_VIRTIO_NET=y in the guest kernel.
For parallel-vm.py, the --telnet argument specifies the base port
and each VM index (0, 1, ...) is added to it.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Recently, qemu/seabios grew an annoying console/terminal reset,
which also causes my terminal to be left in a state where long
lines don't work well and less gets confused because of this.
Suppress this by suppressing all output from qemu before a new
magic string printed from inside.sh.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Instead of relying on existing configuration (which may conflict
with other tests) and skipping otherwise, create a new radio with
two channels in this test and use it.
Signed-off-by: Jouni Malinen <j@w1.fi>
Instead of relying on existing configuration (which may conflict
with other tests) and skipping otherwise, create a new radio with
two channels in this test and use it.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This is needed to fix issues with dict iteration resulting in different
order of attributes when trying to calculate Message-Authenticator
externally to pyrad.
Signed-off-by: Jouni Malinen <j@w1.fi>
All other test cases seem to work, but radius_das_disconnect_time_window
is still failing due to incorrect authenticator or Message-Authenticator
in Disconnect-Request.
Signed-off-by: Jouni Malinen <j@w1.fi>
Sending UTF-8 encoded data to logger file is currently not working
properly, so create a separate binary file with a copy of
sigma_dut-ap.conf instead to work with both python2 and python3.
Signed-off-by: Jouni Malinen <j@w1.fi>
Use struct.unpack() to get a list of int and then generate a list of
hexstr octets from it for ':'.join() to get consistent behavior for both
python2 and python3.
Signed-off-by: Jouni Malinen <j@w1.fi>
WPSAPHTTPServer class needs to explicitly decode the read value from
a bytes object to a str object.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Use ET.tostring() to avoid implicit bytes/str conversion issues within
ET implementation. Add XML declaration separately to match previous
behavior.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
This is needed for python3 since the two argument version of
str.translate() is not available for unicode. Furthermore, these cases
of delete colons from the string are simple enough for replace.
Signed-off-by: Jouni Malinen <j@w1.fi>
Only python3 warns to this bug.
TypeError: '>' not supported between instances of 'type' and 'int'
Exception: '>' not supported between instances of 'type' and 'int'
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Need to do this to avoid issues with following operations that assume
the output to be a str object.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Avoid implicit conversion errors when constructing bytes objects or
passing a str object to a function that needs a bytes object.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Signed-off-by: Jouni Malinen <j@w1.fi>
The wpas_config_file_key_mgmt fails with this error if wpa_supplicant is
built without CONFIG_SUITEB192=y:
Exception: SET_NETWORK failed
Exception: SET_NETWORK failed
Skip the WPA-EAP-SUITE-B-192 case if it is not supported in
wpa_supplicant so that the rest of the key_mgmt test coverage is
included.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>