This reverts commit 78fdab307e4f10275795a196489a4894b0b437d3. This test
case needs MCC support on two stations, so the earlier attempt to handle
this with one dynamic interface is not sufficient.
Jouni Malinen [Mon, 30 Nov 2015 17:42:56 +0000 (19:42 +0200)]
tests: Show vm-run.sh command line for re-running failure sequences
Now that vm-run.sh supports a long list of test cases without crashing
the VM kernel, there is no need to use the "parallel-vm.py -1 1 <tests>"
workaround. Print the re-run example commands with vm-run.sh instead. In
addition, add the --long argument if it was specified for the test run
to avoid skipping test cases in the re-run case.
Jouni Malinen [Mon, 30 Nov 2015 14:58:47 +0000 (16:58 +0200)]
tests: Force concurrent exchange in ap_wps_er_multi_add_enrollee
This makes it more likely for the two ERs to go through WPS UPnP
exchange in parallel. This was already happening every now and then and
resulted in failures. However, now that there is support for multiple
concurrent exchanges, it is useful to have this test case hit that
possibility more frequently.
Jouni Malinen [Mon, 30 Nov 2015 14:57:11 +0000 (16:57 +0200)]
WPS: Support parallel UPnP WPS protocol runs
This allows multiple external registrars to execute a WPS protocol run
with a WPS AP over UPnP. Previously, hostapd supported only a single WPS
peer entry at a time and if multiple ERs tried to go through a WPS
protocol instance concurrently, only one such exchange could succeed.
Jouni Malinen [Mon, 30 Nov 2015 12:00:41 +0000 (14:00 +0200)]
Allow sched_scan_plans to be updated at runtime
This allows the control interface SET command to be used to update the
sched_scan_plans parameter at runtime. In addition, an empty string can
be used to clear the previously configured plan.
Johannes Berg [Mon, 30 Nov 2015 10:59:09 +0000 (11:59 +0100)]
tests: Allow passing more arguments to vm-run.sh
The script is currently limited by the maximum kernel command line
length and if that's exceeded the kernel panics at boot. Fix this by
writing the arguments to a file and reading it in the VM.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Avraham Stern [Tue, 17 Nov 2015 13:08:24 +0000 (15:08 +0200)]
Add support for configuring scheduled scan plans
Add the option to configure scheduled scan plans in the config file.
Each scan plan specifies the interval between scans and the number
of scan iterations. The last plan will run infinitely and thus
specifies only the interval between scan iterations.
Avraham Stern [Tue, 17 Nov 2015 13:08:23 +0000 (15:08 +0200)]
nl80211: Add support for multiple scan plans for scheduled scan
Add 'scan plans' to driver scan parameters for scheduled scan.
Each 'scan plan' specifies the number of iterations to run the scan
request and the interval between iterations. When a scan plan
finishes (i.e., it was run for the specified number of iterations),
the next scan plan is executed. The last scan plan will run
infinitely.
The maximum number of supported scan plans, the maximum number of
iterations for a single scan plan and the maximum scan interval
are advertised by the driver.
Jouni Malinen [Sun, 29 Nov 2015 23:25:24 +0000 (01:25 +0200)]
P2P: Make p2p_go_configured() more robust against unexpected calls
A hwsim test sequence was able to hit a SIGSEGV in
p2p_go_save_group_common_freqs() called by p2p_go_configured() callback
in a case where a non-P2P AP mode operation is started in wpa_supplicant
(wpas_ap_wep test case). This callback should not have happened for
non-P2P case and the debug logs did not make it clear how this could
happen. In addition, it is unclear how this could be reproduced.
To avoid this type of issues, clear the wpa_s->ap_configured_cb pointer
as soon as the first call to the function happens. In addition, verify
that wpa_s->go_params is available before processing the GO configured
callback.
Jouni Malinen [Sun, 29 Nov 2015 21:52:30 +0000 (23:52 +0200)]
TLS client: Fix session_resumed status after TLS session ticket use
conn->session_resumed was not set to 1 after successful use of a TLS
session ticket with EAP-FAST. This resulted in the wpa_supplicant STATUS
tls_session_reused showing incorrect value (0 instead of 1) when
EAP-FAST PAC was used. Fix this by setting conn->session_resumed = 1
when TLS handshake using the session ticket succeeds.
Jouni Malinen [Sun, 29 Nov 2015 21:40:54 +0000 (23:40 +0200)]
Fix tls_connection_prf() regression with CONFIG_TLS=internal
Commit af851914f810978909dd8598ab88030fe43d0051 ('Make
tls_connection_get_keyblock_size() internal to tls_*.c') broke
tls_connection_prf() with the internal TLS implementation when using
skip_keyblock=1. In practice, this broke EAP-FAST. Fix this by deriving
the correct number of PRF bytes before skipping the keyblock.
Jouni Malinen [Sun, 29 Nov 2015 19:53:23 +0000 (21:53 +0200)]
TLS: Add support for extKeyUsage X.509v3 extension
If the server/client certificate includes the extKeyUsage extension,
verify that the listed key purposes include either the
anyExtendedKeyUsage wildcard or id-kp-serverAuth/id-kp-clientAuth,
respectively.
Jouni Malinen [Sun, 29 Nov 2015 19:01:33 +0000 (21:01 +0200)]
Add TEST_FAIL() support for internal hash functions
md4_vector(), md5_vector(), sha1_vector(), and sha256_vector() already
supported TEST_FAIL() with the OpenSSL crypto implementation, but the
same test functionality is needed for the internal crypto implementation
as well.
Jouni Malinen [Sun, 29 Nov 2015 18:03:11 +0000 (20:03 +0200)]
TLS client: Add support for disabling TLS versions
The internal TLS client implementation in wpa_supplicant can now be used
with the phase2 parameters tls_disable_tlsv1_0=1, tls_disable_tlsv1_1=1,
and tls_disable_tlsv1_2=1 to disable the specified TLS version(s).
Jouni Malinen [Sun, 29 Nov 2015 16:59:27 +0000 (18:59 +0200)]
TLS client: Add support for server certificate probing
The internal TLS client implementation can now be used with
ca_cert="probe://" to probe the server certificate chain. This is also
adding the related CTRL-EVENT-EAP-TLS-CERT-ERROR and
CTRL-EVENT-EAP-PEER-CERT events.
Jouni Malinen [Sun, 29 Nov 2015 15:30:37 +0000 (17:30 +0200)]
TLS client: Add signature_algorithms extension into ClientHello
Since we support only SHA256 (and not the default SHA1) with TLS v1.2,
the signature_algorithms extensions needs to be added into ClientHello.
This fixes interop issues with the current version of OpenSSL that uses
the default SHA1 hash if ClientHello does not specify allowed signature
algorithms.
Pali Rohár [Sun, 22 Nov 2015 01:02:58 +0000 (02:02 +0100)]
TLS client: Validate certificates with SHA384 and SHA512 hashes
This commit adds support for validating certificates with SHA384 and
SHA512 hashes. Those certificates are now very common so wpa_supplicant
needs support for them.
SHA384 and SHA512 hash functions are included in the previous commit.
Pali Rohár [Sun, 22 Nov 2015 01:02:55 +0000 (02:02 +0100)]
TLS client: Do not verify CA certificates when ca_cert is not specified
In documentation is written: "If ca_cert and ca_path are not included,
server certificate will not be verified". This is the case when
wpa_supplicant is compiled with OpenSSL library, but when using the
internal TLS implementation and some certificates in CA chain are in
unsupported format (e.g., use SHA384 or SHA512 hash functions) then
verification fails even if ca_cert property is not specified.
This commit changes behavior so that certificate verification in
internal TLS implementation is really skipped when ca_cert is not
specified.
Jouni Malinen [Sat, 28 Nov 2015 17:07:35 +0000 (19:07 +0200)]
tests: Fix OOM eloop_register_sock() test cases with new gcc
gcc 4.8 vs 5.2 seem to compile eloop_register_sock() differently. With
5.2, that function name does not show up in the backtrace since
eloop_sock_table_add_sock() is used without a separate function call.
This broke the memory allocation failure checking in this test case. Fix
this by matching against the eloop_sock_table_add_sock() function which
shows up in the backtrace for both gcc versions.
Jouni Malinen [Sat, 28 Nov 2015 17:43:55 +0000 (19:43 +0200)]
EAP-SIM peer: Fix memory leak on reauth error path
If init_for_reauth fails, the EAP-SIM peer state was not freed properly.
Use eap_sim_deinit() to make sure all allocations get freed. This could
be hit only if no random data could be derived for NONCE_MT.
Jouni Malinen [Fri, 27 Nov 2015 22:23:35 +0000 (00:23 +0200)]
tests: Fix error message for ap_open_out_of_memory
If hostapd AP started unexpectedly, this test case would fail with
NameError due to incorrect variable name being used to construct the
exception text.
Jouni Malinen [Fri, 27 Nov 2015 18:59:38 +0000 (20:59 +0200)]
tests: Enable 802.11ac support in example wpa_supplicant config
This is needed for proper test execution. The recently added VHT 80+80
test cases started verifying channel bandwidth on the station side and
those checks fail if wpa_supplicant is built without
CONFIG_IEEE80211AC=y.
Johannes Berg [Tue, 24 Nov 2015 16:39:58 +0000 (17:39 +0100)]
tests: Honor HWSIM_TEST_LOG_DIR variable in VM runs
If /tmp has a relatively small size limit, or multiple people run the
tests on the same machine, using the same output directory can easily
cause problems.
Make the test framework honor the new HWSIM_TEST_LOG_DIR environment
variable to make it easier to avoid those problems.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Fri, 27 Nov 2015 14:41:37 +0000 (15:41 +0100)]
tests: Add a simple wmediumd test
If wmediumd is available on the path, test that it can forward
packets between two virtual nodes and that stopping it makes
the regular in-kernel datapath do the needed work again.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Jouni Malinen [Fri, 27 Nov 2015 17:37:35 +0000 (19:37 +0200)]
tests: Optimize p2p_go_move_active initial wait
There is no need to wait for the initial client timeout in this type of
test sequence since that wait can be cleared by connecting and
disconnecting a client to the group. This allows the test case to be
executed much more quickly and the dependency on --long can be removed.
There is no need to wait for the initial client timeout in this type of
test sequence since that wait can be cleared by connecting and
disconnecting a client to the group. This allows the test case to be
executed much more quickly and the dependency on --long can be removed.
There is no need to wait for the initial client timeout in this type of
test sequence since that wait can be cleared by connecting and
disconnecting a client to the group. This allows the test case to be
executed much more quickly and the dependency on --long can be removed.
Jouni Malinen [Fri, 27 Nov 2015 17:20:11 +0000 (19:20 +0200)]
tests: Optimize p2p_go_move_scm initial wait
There is no need to wait for the initial client timeout in this type of
test sequence since that wait can be cleared by connecting and
disconnecting a client to the group. This allows the test case to be
executed much more quickly and the dependency on --long can be removed.
Convert p2ps_channel_active_go_and_station_different_mcc to use a
dynamically added HWSimRadio to allow the MCC case to be covered with a
single test run with the mac80211_hwsim default radios disabling MCC.
Jouni Malinen [Thu, 26 Nov 2015 22:12:38 +0000 (00:12 +0200)]
tests: Use wlantest without capture file write buffering
This makes the run_tshark() operations more reliable while still
allowing to reduce the extra wait by forcing wlantest to flush the
packets to the pcapng file.
Jouni Malinen [Thu, 26 Nov 2015 22:10:53 +0000 (00:10 +0200)]
wlantest: Add -N command line argument to remove write buffering
This makes it easier to do live parsing of captured pcap files from
wlantest without having to rename and restart the capture file. Packet
writes are flushed to disk after each packet if -N is included in the
command line.
Connect radio work is sometimes delayed for a considerable duration if
there is an ongoing scan radio work. To avoid these delays abort the
ongoing scan on that interface before queuing a connect request. Upon a
scan done indication from the driver, connect radio work will be
scheduled.
Jouni Malinen [Thu, 26 Nov 2015 16:45:59 +0000 (18:45 +0200)]
mesh: Clear wpa_s cipher selection on starting mesh
This is needed to avoid hitting WEP/TKIP detection in
ibss_mesh_setup_freq() if the previous connection used WEP or TKIP.
Previously, that could have resulted in VHT and HT getting disabled for
the mesh connection.
Jouni Malinen [Thu, 26 Nov 2015 15:47:36 +0000 (17:47 +0200)]
nl80211: Fix SIGNAL_POLL in IBSS and mesh
NL80211_CMD_GET_STATION does not work with the IBSS/mesh BSSID, so clear
the signal strength instead of returning failure when SIGNAL_POLL is
used in an IBSS/mesh.
Ahmad Kholaif [Wed, 25 Nov 2015 03:51:43 +0000 (19:51 -0800)]
IBSS/mesh: Add support for VHT80P80 configuration
A new network profile configuration parameter max_oper_chwidth=3 can be
used to specify preference to enable 80+80 MHz VHT channel for IBSS. If
that is set, the first 80 MHz segment is specified based on the
frequency parameter in the network profile and the second segment is
selected automatically (which will practically be limited to a single
possibility due to DFS requirements in most countries).
Ahmad Kholaif [Wed, 28 Oct 2015 21:14:10 +0000 (14:14 -0700)]
P2P: Add support for VHT 80+80 MHz and 160 MHz
The new max_oper_chwidth and freq2 arguments to P2P_CONNECT, P2P_INVITE,
and P2P_GROUP_ADD control interface commands can be used to request
larger VHT operating channel bandwidth to be used than the previously
used maximum 80 MHz.
Ahmad Kholaif [Wed, 28 Oct 2015 21:14:10 +0000 (14:14 -0700)]
nl80211: Add VHT 160 MHz channel flags
This extends the previous design that covered only the VHT 80 MHz cases
for VHT channel flags. New functions are introduced to allow 160 MHz
bandwidth cases to determine the center channel and check availability
of a 160 MHz channel.
Dedy Lansky [Sun, 22 Nov 2015 12:46:54 +0000 (14:46 +0200)]
FST: Improve parsing of Multiband IEs
Previously, MB IEs were parsed only from association event. Try to get
MB IEs from other management frames like Probe Response frames. The MB
IEs from the association event may not be up-to-date and in some cases
may actually be missing and updating the information based on other
frames can improve robustness of FST exchanges.
Anton Nayshtut [Tue, 10 Nov 2015 13:51:07 +0000 (15:51 +0200)]
FST: Make FST peer connection check more permissive in hostapd
Modify the FST peer connection check so it won't skip peers without MB
IEs making it more permissive for peers that didn't provide MB IEs
during association request. This can be helpful, e.g., in cases where a
STA's interface connected before it was added to the FST group. This
allows the AP to receive FST Action frames and initiate session with a
STA via STA's interface that doesn't expose MB IEs.
The adjusted FST protocol is still safe, as it protects itself in many
other ways (checking band info and it's accordance to the interfaces,
Setup IDs, connection states of the interfaces involved, etc.)
effectively avoiding all types of invalid situations.
Jouni Malinen [Mon, 23 Nov 2015 21:55:33 +0000 (23:55 +0200)]
Remove wpa_supplicant/tests
There was only a single file remaining in this directory. All the other
old test functionality has been moved under the top level tests
directory. Move the remaining file to the wpa_supplicant directory to
get rid of the subdirectory.
Jouni Malinen [Mon, 23 Nov 2015 21:52:52 +0000 (23:52 +0200)]
tests: Move EAP-SIM PRF module test into the hwsim framework
The old wpa_supplicant/Makefile target test-eap_sim_common did not work
anymore and anyway, this test is better placed in the newer hwsim
framework to make sure the test case gets executed automatically.
Jouni Malinen [Mon, 23 Nov 2015 21:45:10 +0000 (23:45 +0200)]
Remove link_test and test_wpa
These wpa_supplicant test programs have not been maintained for years
and it would take significant effort to get these into working state.
Since there does not seem to be any real need for these based on lack of
maintenance, it is easier to just drop these tools for now.
Jouni Malinen [Mon, 23 Nov 2015 21:34:52 +0000 (23:34 +0200)]
Fix CONFIG_NO_WPA=y build
Number of places were calling functions that are not included in
CONFIG_NO_WPA=y build anymore. Comment out such calls. In addition, pull
in SHA1 and MD5 for config_internal.c, if needed.
Anton Nayshtut [Wed, 18 Nov 2015 17:00:40 +0000 (19:00 +0200)]
tests: Make FST tests aware of unconditional station's MB IE exposure
This syncs the test cases with the implementation change in station's MB
IE creation. FST tests should expect MB IE regardless of the station
connection state and whether the current connection is FST-enabled or
not. This fixes the follow test cases that started reporting failures
with the previous commit change in src/fst/fst_group.c:
fst_disconnect_1_of_2_stas_from_non_fst_ap
fst_sta_connect_to_non_fst_ap
fst_second_sta_connect_to_non_fst_ap
fst_disconnect_2_of_2_stas_from_non_fst_ap
fst_second_sta_connect_to_fst_ap
fst_disconnect_1_of_2_stas_from_fst_ap
projects / thirdparty / hostap.git / log
