It looks like mac80211 scan-while-associated can now take over 10
seconds with the current wireless-regdb rules for world roaming due to
number of additional DFS channel having been enabled for passive
scanning. This resulted in ap_hs20_session_info failing due to the wait
for the scan result event timing out. That is not really a real failure,
so increase the timeout to avoid reporting this incorrectly.
Signed-off-by: Jouni Malinen <j@w1.fi>
This uses mac80211_hwsim dfs_simulate_radar to get the real kernel side
CAC operation executed and aborted due to radar detection. This allows
another channel to be selected properly through another CAC run.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Simulate a radar detection event to verify that hostapd switches
channels properly and the station follows the AP to the new channel.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It looks like association with DFS works fine with the current kernel
version, so re-enable this part of the DFS test cases.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Since this requires a recent CRDA version and updated wireless-regdb, do
not report failures yet (i.e., indicate that the test case was skipped
if AP startup fails).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This allows the aes_wrap() and aes_unwrap() implementation to be
verified against KW_{AE,AD}_{128,192,256}.txt test vectors from
http://csrc.nist.gov/groups/STM/cavp/documents/mac/kwtestvectors.zip
For example:
./test-aes NIST-KW-AE kwtestvectors/KW_AE_128.txt
./test-aes NIST-KW-AE kwtestvectors/KW_AE_192.txt
./test-aes NIST-KW-AE kwtestvectors/KW_AE_256.txt
./test-aes NIST-KW-AD kwtestvectors/KW_AD_128.txt
./test-aes NIST-KW-AD kwtestvectors/KW_AD_192.txt
./test-aes NIST-KW-AD kwtestvectors/KW_AD_256.txt
Signed-off-by: Jouni Malinen <j@w1.fi>
This adds kek_len argument to aes_wrap() and aes_unwrap() functions and
allows AES to be initialized with 192 and 256 bit KEK in addition to
the previously supported 128 bit KEK.
The test vectors in test-aes.c are extended to cover all the test
vectors from RFC 3394.
Signed-off-by: Jouni Malinen <j@w1.fi>
This verifies that hostapd uses Session-Timeout value from Access-Accept
as the lifetime for the PMKSA cache entries and expires entries both
while the station is disconnected and during an association.
Signed-off-by: Jouni Malinen <j@w1.fi>
This reverts commit bf700cc3d2. The
concurrent initialization test case is now expected to work again with
the STA entry added early enough to avoid the recently added mac80211
validation step failure.
Signed-off-by: Jouni Malinen <j@w1.fi>
Older mac80211 implementations did not set the link identifier
appropriately, resulting in an incorrect teardown packet being sent the
peer. wpa_supplicant adds the FTE containing the MIC field calculated
using the correct link-identifier. This causes a MIC failure on the
other side and the teardown is discarded. Verify this case is fixed by
newer kernel and wpa_supplicant code.
Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
Remove and re-start the persistent group manually to increase test
coverage to include the case of re-configuring the PSK list entries from
a stored persistent group.
Signed-off-by: Jouni Malinen <j@w1.fi>
If the previuous test case used a non-RSN AP and that was left in
cfg80211 scan results, it was possible for ap_hs20_random_mac_addr to
pick that old AP from the previous test and reject to connect through
Hotspot 2.0 mechanisms. Work around this test issue by requesting new
set of scan result at the beginning of the test.
Signed-off-by: Jouni Malinen <j@w1.fi>
The scan for WPS-AUTH validation may miss a Probe Response frame if the
hostapd process gets blocked under load, e.g., when testing with
parallel-vm.sh.
Signed-off-by: Jouni Malinen <j@w1.fi>
Previously, periodic autoscan could have been left running and that
could result in the following test cases failing in some cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
Some of the test cases where using INTERWORKING_SELECT internally
without using scan_for_bss like the helper functions did. Add explicit
scan_for_bss calls to make the test cases less likely to fail due to
missing BSSes in scan results. This could cause false failure reports
when runnign under heavy load with parallel-vm.sh.
Signed-off-by: Jouni Malinen <j@w1.fi>
This avoids unexpected connection attempts in cases a matching network
is enabled and there is no existing connection (e.g., when testing with
ENABLE_NETWORK no-connect option).
Signed-off-by: Jouni Malinen <j@w1.fi>
A mac80211 TDLS validation change ended up breaking test functionality
that was needed for this test case. Instead of reporting this known
issue as a FAIL every time, mark the test as SKIP since the issues is
known and there are no plans of "fixing" it.
Signed-off-by: Jouni Malinen <j@w1.fi>
Verify that EAP fast session resumption is skipped if the connection
uses a different network configuration than the last EAP connection.
Signed-off-by: Jouni Malinen <j@w1.fi>
This test case for enforcing the incorrect init=DRIVER instead of
init=CORE for the event due to bug in the event message.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It was possible for this test case to fail due to PBC overlap that was
detected based on previous test case having used PBC. Make that false
positive less likely to happen by explicitly clearing the scan cache on
dev[1].
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>