Jouni Malinen [Thu, 15 May 2014 21:27:47 +0000 (00:27 +0300)]
tests: Make GAS test cases more robust
Scan explicitly for the specific AP to work around issues where under
heavy CPU load, the single active scan round may miss the delayed Probe
Response from the AP. In addition, verify that ANQP_GET commands succeed
to make error cases clearer in the log.
Jouni Malinen [Thu, 15 May 2014 20:58:10 +0000 (23:58 +0300)]
tests: Verify P2P GO Negotiation wait-for-ready timeout
This verifies that the wait for peer to be ready for GO Negotiation is
timed out properly at no less than 120 seconds. Since this is a long
test case, it is disabled by default without the --long option.
Rashmi Ramanna [Wed, 14 May 2014 09:05:02 +0000 (14:35 +0530)]
P2P: Modify the timeout for GO Negotiation on no concurrent session
Peer should handle a GO Negotiation exchange correctly when the
responding device does not have WSC credentials available at the
time of receiving the GO Negotiation Request. WSC Credentials
(e.g., Pushbutton) can be entered within the 120 second timeout.
Presently, if concurrent session is not active, the peer would wait for
GO Negotiation Request frame from the other device for approximately one
minute due to the earlier optimization change in commit a2d63657603b8f0714274f34bea45cb5d0c0a7b9. To meet the two minute
requirement, replace this design based on number of iterations with a
more appropriate wait for the required number of seconds.
Jouni Malinen [Thu, 15 May 2014 19:16:19 +0000 (22:16 +0300)]
P2P: Refrain from performing extended listen during PD
Extend the previous commit 0f1034e3889e7b8f54ed59317f1234db8167d12e to
skip extended listen also based on ongoing provision discovery operation
(which does not show up as a separate P2P module state and as such, was
not coveraged by the previous commit).
Jouni Malinen [Thu, 15 May 2014 18:32:54 +0000 (21:32 +0300)]
P2P: Clear P2P state if active interface is disabled
The radio works for the interface get removed if interface is disabled.
This could have left P2P module in invalid state if the interface got
disabled during a p2p_find or p2p_listen operation. Clear the state in
such a case to avoid blocking following operations due to P2P module
assuming it is still in progress of doing something.
Jouni Malinen [Thu, 15 May 2014 18:09:48 +0000 (21:09 +0300)]
Add DRIVER_EVENT ctrl_iface command for testing purposes
This new command can be used to simulate driver events without having to
go through the driver wrapper or kernel code for this. This enables more
testing coverage with hwsim.
Jouni Malinen [Thu, 15 May 2014 11:13:39 +0000 (14:13 +0300)]
tests: Make discovery_group_client more robust
Allow three P2P_FIND attempts for discovering the GO on a non-social
channels since the single Probe Response frame can be missed easily
under heavy CPU load.
Jouni Malinen [Wed, 14 May 2014 22:02:03 +0000 (01:02 +0300)]
tests: Make WPS test cases more robust
Scan explicitly for the AP that may be started during the test case
execution. This is needed to work around issues where under heavy CPU
load, the single active scan round may miss the delayed Probe Response
from the second AP.
Jouni Malinen [Wed, 14 May 2014 21:31:30 +0000 (00:31 +0300)]
tests: Make ap_wpa2_eap_ttls_server_cert_hash_invalid more robust
Instead of checking for multiple EAP starts (which can occur if
EAPOL-Start from supplicant goes out quickly enough, e.g., due to CPU
load), look for the explicit message indicating that TTLS method
initialization failed.
Jouni Malinen [Wed, 14 May 2014 14:02:32 +0000 (17:02 +0300)]
tests: Make FT test cases more robust
Scan explicitly for the AP that may be started during the test case
execution. This is needed to work around issues where under heavy CPU
load, the single active scan round may miss the delayed Probe Response
from the second AP. In addition, check for ROAM/FT_DS failures to be
able to report errors more clearly.
Jouni Malinen [Wed, 14 May 2014 10:35:32 +0000 (13:35 +0300)]
tests: Make HS 2.0 test cases more robust
Scan explicitly for the AP that may be started during the test case
execution. This is needed to work around issues where under heavy CPU
load, the single active scan round may miss the delayed Probe Response
from the second AP.
Jouni Malinen [Wed, 14 May 2014 09:54:13 +0000 (12:54 +0300)]
tests: Make scan and scan_only more robust
These can fail during heavy CPU load due to active scan dwell time not
being long enough to catch the delayed Probe Response frame from the AP.
Work around this by allowing multiple scan attempts to see the response.
Jouni Malinen [Tue, 13 May 2014 23:31:55 +0000 (02:31 +0300)]
tests: Verify P2P GO start when scan_req = MANUAL_SCAN_REQ
There was a bug in this code path that resulted in the
skip-scan-to-start-GO case to not actually skip the scan. It looks like
this could be hit at least when autoscan was enabled, but it is possible
that some other sequences could hit this as well.
Jouni Malinen [Tue, 13 May 2014 23:13:18 +0000 (02:13 +0300)]
P2P: Make sure GO start does not miss connect_without_scan
It looks like there was a possible sequence for wpa_s->scan_req to be
MANUAL_SCAN_REQ at the moment a GO is to be started. This could result
in the "Request scan (that will be skipped) to start GO" to actually not
skip the scan and end up stuck waiting for something external to trigger
a scan before the GO could be started. Fix this by clearing
wpa_s->scan_req when deciding to start the GO.
This issue could be hit at least by first enabling autoscan and then
issuing P2P_GROUP_ADD. Other sequences that set wpa_s->scan_req to
MANUAL_SCAN_REQ without going through wpa_supplicant_scan() to clear it
immediately could also have similar effect (and there is even a small
window for the wpa_supplicant_scan() call to happen only after the
P2P_GROUP_ADD command is processed, so this could potentially have
happened even with SCAN + P2P_GROUP_ADD).
Jouni Malinen [Tue, 13 May 2014 22:29:55 +0000 (01:29 +0300)]
tests: Work around grpform_pbc_overlap robustness issues
Since P2P Client scan case is now optimzied to use a specific SSID, the
WPS AP will not reply to that and the scan after GO Negotiation can
quite likely miss the AP due to dwell time being short enoguh to miss
the Beaco frame. This has made the test case somewhat pointless, but
keep it here for now with an additional scan to confirm that PBC
detection works if there is a BSS entry for a overlapping AP.
Jouni Malinen [Tue, 13 May 2014 21:47:42 +0000 (00:47 +0300)]
nl80211: Fix send_frame freq for IBSS
bss->freq was not updated for IBSS, so whatever old value was stored
from a previous AP mode operation could end up having been used as the
channel when trying to send Authentication frames in an RSN IBSS. This
resulted in the frame not sent (cfg80211 rejects it) and potentially not
being able to re-establish connection due to 4-way handshake failing
with replay counter mismatches. Fix this by learning the operating
channel of the IBSS both when join event is received and when a
management frame is being transmitted since the IBSS may have changed
channels due to merges.
Jouni Malinen [Tue, 13 May 2014 21:12:40 +0000 (00:12 +0300)]
tests: Make pmksa_cache_on_roam_back more robust
The single channel scan while associated to another AP and immediately
after starting the second AP can miss the Probe Response frame
especially under heavy CPU load. Avoid false error reports by allowing
multiple scan rounds to be performed. wpas_ctrl_bssid_filter is also
modified to take into account different get_bss() behavior.
Rashmi Ramanna [Tue, 13 May 2014 10:44:18 +0000 (16:14 +0530)]
P2P: Fix scan optimization for GO during persistent group invocation
Commit 41d5ce9e0b7b37dd84fbf3c1aa5ed571c32321d4 was intended to scan for
GO on the negotiated channel for few iterations, but it did not work
correctly due to incorrect operator being used. Fix this by requiring
both conditions to be met for the single channel scan.
P2P: Validate GO operating channel on channel list changes
On receiving CHANNEL_LIST_CHANGED event from driver, verify that local
GO (if any) is operating in valid frequency. If not, we should remove
the group and reform on valid frequency. Indicate this similarly to the
avoid-frequency notification (i.e., a control interface message for
upper layers to react to this for now; potentially CSA later).
This command allows to copy network variable from one network to
another, e.g., to clone the psk field without having to extract it from
wpa_supplicant.
Hannu Mallat [Mon, 12 May 2014 11:33:12 +0000 (14:33 +0300)]
dbus: Reorder deauthentication and cleanup calls when removing a network
Valgrind indicates reference to already freed memory if function
wpa_config_remove_network() is called prior to calling
wpa_supplicant_deauthenticate(), and this can lead to a crash.
Inverting the call order fixes the problem.
Signed-off-by: Hannu Mallat <hannu.mallat@jollamobile.com>
Jouni Malinen [Sun, 11 May 2014 17:42:18 +0000 (20:42 +0300)]
tests: EAP-IKEv2 fragmentation
This adds a test case for the server fragmenting an EAP-IKEv2 message.
In addition, the fragmentation threshold is made shorter to trigger
fragmentation for all messages.
Jouni Malinen [Sun, 11 May 2014 17:40:44 +0000 (20:40 +0300)]
EAP-IKEv2: Allow frag ack without integrity checksum
RFC 5106 is not exactly clear on the requirements for the "no data"
packet that is used to acknowledge a fragmented message. Allow it to be
processed without the integrity checksum data field since it is possible
to interpret the RFC as this not being included. This fixes reassembly
of fragmented frames after keys have been derived.
Jouni Malinen [Sun, 11 May 2014 15:38:07 +0000 (18:38 +0300)]
EAP-pwd: Fix processing of group setup failure
If invalid group was negotiated, compute_password_element() left some of
the data->grp pointer uninitialized and this could result in
segmentation fault when deinitializing the EAP method. Fix this by
explicitly clearing all the pointer with eap_zalloc(). In addition,
speed up EAP failure reporting in this type of error case by indicating
that the EAP method execution cannot continue anymore on the peer side
instead of waiting for a timeout.
Jouni Malinen [Sun, 11 May 2014 15:18:58 +0000 (18:18 +0300)]
tests: Fix scan_bss_operations
The BSS id numbers were assumed to start from 0 at the beginning of this
test case, but that is only the case if this is run as the first test
after starting wpa_supplicant. Fix the test case to figure out the id
values dynamically to avoid false errors.
Jouni Malinen [Sun, 11 May 2014 09:43:09 +0000 (12:43 +0300)]
eapol_test: Check EAP-Key-Name
The new command line argument -e can be used to request the server to
send EAP-Key-Name in Access-Accept. If both the local EAP peer
implementation and server provide the EAP Session-Id, compare those
values and indicate in debug log whether a match was seen.
Jouni Malinen [Sat, 10 May 2014 22:06:00 +0000 (01:06 +0300)]
tests: EAP-SIM/AKA/AKA' with SQLite
Extend EAP-SIM/AKA/AKA' test coverage by setting up another
authentication server instance to store dynamic SIM/AKA/AKA' information
into an SQLite database. This allows the stored reauth/pseudonym data to
be modified on the server side and by doing so, allows testing fallback
from reauth to pseudonym/permanent identity.
Jouni Malinen [Sun, 11 May 2014 14:54:59 +0000 (17:54 +0300)]
EAP-SIM peer: Fix counter-too-small message building
The extra data (nonce_s) used in this message was pointing to the
parsed, decrypted data and that buffer was previously freed just before
building the new message. This resulted in use of freed data and
possibly incorrect extra data value that caused the authentication
attempt to fail. Fix this by reordering the code to free the decrypted
data only after the new message has been generated. This was already the
case for EAP-AKA/AKA', but somehow missing from EAP-SIM.
Jouni Malinen [Sat, 10 May 2014 13:15:20 +0000 (16:15 +0300)]
Interworking: Allow FT to be used for connection
This extends Interworking network selection to enable FT-EAP as an
optional key_mgmt value to allow FT to be used instead of hardcoding
WPA2-Enterprise without FT.
Sunil Dutt [Tue, 6 May 2014 16:34:37 +0000 (22:04 +0530)]
P2P: Refrain from performing extended listen during P2P connection
Do not perform extended listen period operations when either a P2P
connection is in progress. This makes the connection more robust should
an extended listen timer trigger during such an operation.
nl80211: Use max associated STAs information in AP mode
Propagate max associated STAs in AP mode advertised by the driver to
core wpa_supplicant implemantion. This allows wpa_supplicant to update
the P2P GO group limit information automatically without having to
configure this limit manually. The information (if available) is also
used in the generic AP implementation to control maximum number of STA
entries.
TDLS: Disable links during AP deauth in external flow
When de-authenticating from the AP, disable each TDLS link after
sending the teardown packet. Postpone the reset of the peer state
data until after the link disable request.
Ilan Peer [Thu, 24 Apr 2014 05:45:33 +0000 (08:45 +0300)]
nl80211: Take ownership of dynamically added interfaces
Indicate to cfg80211 that interfaces created by the wpa_supplicant
or hostapd are owned by them, and that in case that the socket that
created them closes, these interfaces should be removed.
TDLS: Pass peer's capability info to the driver in open mode
Commit 96ecea5eb14cc1362cb01b914ac4163324294a28 did not consider
to pass the VHT/HT/WMM capabilities of the peer for BSS with
open mode.
Address this issue by passing the capabilities irrespective of
the security mode.
tests: Verify global control interface before starting each test
This allows control interface issues to be caught in a bit more readable
way in the debug logs. In addition, dump pending monitor socket
information more frequently and within each test case in the log files
to make the output clearer and less likely to go over the socket buffer
limit.
It is possible for a scan to fail to see Probe Response or Beacon frame
under heavy load (e.g., during a parallel-vm.sh test run) since the
dwell time on a chanenl is quite short. Make the test cases using
INTERWORKING_SELECT more robust by trying again if the first attempt
does not find a matching BSS.
Check rx_mgmt::frame more consistently against NULL
If a driver wrapper misbehaves and does not indicate a frame body in the
event, core hostapd code should handle this consistently since that case
was already checked for in one location.
sta == NULL check is already done above based on category !=
WLAN_ACTION_PUBLIC, but that seems to be too complex for some static
analyzers, so avoid invalid reports by explicitly checking for this
again in the WLAN_ACTION_FT case.
Make dl_list_first() and dl_list_last() uses easier for static analyzers
The previous check for dl_list_len() or having an entry from the list is
sufficient, but some static analyzers cannot figure out that
dl_list_first() and dl_list_last() will return non-NULL in this type of
cases. Avoid invalid reports by explicitly checking for NULL.