aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* tests: Add remote directory to testsJanusz Dziedzic2016-05-143-0/+512
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add tests/remote directory and files: config.py - handle devices/setup_params table run-tests.py - run test cases test_devices.py - run basic configuration tests You can add own configuration file, by default this is cfg.py, and put there devices and setup_params definition in format you can find in config.py file. You can use -c option or just create cfg.py file. Print available devices/test_cases: ./run-tests.py Check devices (ssh connection, authorized_keys, interfaces): ./run-test.py -t devices Run sanity tests (test_sanity_*): ./run-test.py -d <dut_name> -t sanity Run all tests: ./run-tests.py -d <dut_name> -t all Run test_A and test_B: ./run-tests.py -d <dut_name> -t "test_A, test_B" Set reference device, and run sanity tests: ./run-tests.py -d <dut_name> -r <ref_name> -t sanity Multiple duts/refs/monitors could be setup: e.g. ./run-tests.py -d <dut_name> -r <ref1_name> -r <ref2_name> -t sanity Monitor could be set like this: ./run-tests.py -d <dut_name> -t sanity -m all -m <standalone_monitor> You can also add filters to tests you would like to run ./run-tests.py -d <dut_name> -t all -k wep -k g_only ./run-tests.py -d <dut_name> -t all -k VHT80 ./run-test.py doesn't start/terminate wpa_supplicant or hostpad, test cases are resposible for that, while we don't know test case requirements. Restart (-R) trace (-T) and perf (-P) options available. This request trace/perf logs from the hosts (if possible). As parameters each test case get: - devices - table of available devices - setup_params - duts - names of DUTs should be tested - refs - names of reference devices should be used - monitors - names of monitors list Each test could return append_text. Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
* tests: remotehost.py use joinJanusz Dziedzic2016-05-141-9/+4
| | | | | | Use join instead of for. Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
* Send CTRL-EVENT-REGDOM-CHANGE event on the parent interfaceIlan Peer2016-05-141-1/+10
| | | | | | | | | | | | | | The NL80211_CMD_WIPHY_REG_CHANGE can be handled by any of the interfaces that are currently controlled by the wpa_supplicant. However, some applications expect the REGDOM_CHANGE event to be sent on the control interface of the initially added interface (and do not expect the event on any of child interfaces). To resolve this, when processing NL80211_CMD_WIPHY_REG_CHANGE, find the highest parent in the chain, and use its control interface to emit the CTRL-EVENT-REGDOM-CHANGE event. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* tests: Secure mesh and the first plink Open droppedJouni Malinen2016-05-132-0/+53
| | | | | | | This is a regression test case to verify that MTK is calculated properly also in this unexpected sequence. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add MGMT_RX_PROCESS test command for wpa_supplicantJouni Malinen2016-05-131-0/+73
| | | | | | | | | | This makes it easier to write hwsim test cases to verify management frame processing sequences with dropped or modified frames. When ext_mgmt_frame_handling is used, this new command can be used to request wpa_supplicant to process a received a management frame, e.g., based on information reported in the MGMT-RX events. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* mesh: Calculate MTK before sending it to MAC in case Open is droppedPeter Oh2016-05-131-0/+2
| | | | | | | | | | | | | | | IEEE Std 802.11-2012 13.5.6.3 State transitions require an action sending SETKEYS primitive to MAC when OPN_ACPT event occurs in CNF_RCVD state in case of AMPE is used, but since MTK calculation is missed in this condition, all zero valued key are passed to MAC and cause unicast packet decryption error. This could happen if the first transmission of plink Open frame is dropped and Confirm frame is processed first followed by retransmitted Open frame. Fix this by calculating the MTK also in this sequence of unexpected messages. Signed-off-by: Peter Oh <poh@qca.qualcomm.com>
* mesh: Add missing action to cancel timerPeter Oh2016-05-131-0/+1
| | | | | | | | | | | | | IEEE Std 802.11-2012 Table 13-2, MPM finite state machine requires to clear retryTimer when CNF_ACPT event occurs in OPN_SNT state which is missing, so add it to comply with the standard. This was found while debugging an MTK issue and this commit fixes a potential issue that mesh sends invalid event (PLINK_OPEN) which will lead another invalid timer register such as MeshConfirm Timer. This behaviour might lead to undefined mesh state. Signed-off-by: Peter Oh <poh@qca.qualcomm.com>
* D-Bus: Check driver capability for IBSS in Modes property of CapabilitiesSaurav Babu2016-05-131-2/+3
| | | | | | | Instead of hardcoding "ad-hoc" in the array of supported capabilities, add this only if the driver indicates support for IBSS. Signed-off-by: Saurav Babu <saurav.babu@samsung.com>
* wpa_cli: Add backspace key process for some terminalSiWon Kang2016-05-131-0/+6
| | | | | | | | | | In some terminal, verified with gtkterm and teraterm, backspace key is not properly processed. For instance, type 'abc', 3 times of backspace key press then '123' shows the result of 'abc123' instead of '123'. To fix this, add a routine to process '\b' character input when using edit_simple.c instead of edit.c (i.e., without CONFIG_WPA_CLI_EDIT=y). Signed-off-by: Siwon Kang <kkangshawn@gmail.com>
* wpa_supplicant: Fix CONFIG_AP build without CTRL_IFACEJohannes Berg2016-05-131-1/+1
| | | | | | | | wpas_ap_pmksa_cache_list() and wpas_ap_pmksa_cache_flush() should be under the #ifdef since they're only called for the control iface and use functionality that otherwise isn't available. Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
* drivers: Add NEED_RADIOTAPJohannes Berg2016-05-132-2/+10
| | | | | | | | If there's ever a driver that, like nl80211, requires radiotap, we need to have a NEED_RADIOTAP variable to avoid trying to link the radiotap helpers twice. Introduce that. Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
* OpenSSL: Make dh5_init() match the generic implementationJouni Malinen2016-05-131-0/+2
| | | | | | | | | | | Commit 4104267e81b0a0acdb43f693a67f236b3237a719 ('Fix memory leak on NFC DH generation error path') modified the generic (non-OpenSSL) implementation of dh5_init() to free the previously assigned public key, if any. However, that commit did not modify the OpenSSL specific version of this function. Add the same change there to maintain consistent behavior between these two implementations of the same function. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* WPS: Fix segmentation fault in new DH key derivationRujun Wang2016-05-131-1/+1
| | | | | | | | | | | | Commit 4104267e81b0a0acdb43f693a67f236b3237a719 ('Fix memory leak on NFC DH generation error path') modified dh5_init() behavior in the non-OpenSSL implementation to free the public key (if any was previously set). However, this did not update one of the callers to make sure the publ argument in the call is initialized. This could result in trying to free invalid pointer and segmentation fault when hostapd or wpa_supplicant was built against some other crypto library than OpenSSL. Signed-off-by: Rujun Wang <chinawrj@gmail.com>
* OpenSSL: BoringSSL has SSL_get_client_random(), etc.David Benjamin2016-05-101-2/+6
| | | | | | | | | | | | | | | | | | | | BoringSSL added OpenSSL 1.1.0's SSL_get_client_random() and friends in working towards opaquifying the SSL struct. But it, for the moment, still looks more like 1.0.2 than 1.1.0 and advertises OPENSSL_VERSION_NUMBER as such. This means that there is no need to define those in BoringSSL and defining them causes conflicts. (C does not like having static and non-static functions with the same name.) As requested, this is conditioned on defined(BORINGSSL_API_VERSION) so wpa_supplicant may continue to support older BoringSSLs for a time. (BoringSSL revisions without the accessors predate BoringSSL maintaining a BORINGSSL_API_VERSION.) Also add a missing opensslv.h include. tls_openssl.c is sensitive to OPENSSL_VERSION_NUMBER, so it should include the header directly rather than rely on another header to do so. Signed-off-by: David Benjamin <davidben@google.com>
* tests: Open network connection with pmf=2Jouni Malinen2016-05-051-0/+23
| | | | | | | This verifies that pmf=2 is ignored for a non-RSN network while a network profile specific ieee80211w=2 is enforced. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Skip connection attempt for non-RSN networks if PMF is set to requiredSunil Dutt2016-05-051-0/+8
| | | | | | | | Since ieee80211w=2 is an explicit configuration to wpa_supplicant, the connection attempt for such non-PMF (non-RSN) capable networks should be skipped. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Ignore pmf=1/2 parameter for non-RSN networksJouni Malinen2016-05-053-5/+21
| | | | | | | | | PMF is available only with RSN and pmf=2 could have prevented open network connections. Change the global wpa_supplicant pmf parameter to be interpreted as applying only to RSN cases to allow it to be used with open networks. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: wpa_supplicant config file parsing of arbitrary global valuesJouni Malinen2016-05-021-0/+52
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Reject SET commands with newline characters in the string valuesJouni Malinen2016-05-021-0/+6
| | | | | | | | | | | | | | | | | | | | | | | Many of the global configuration parameters are written as strings without filtering and if there is an embedded newline character in the value, unexpected configuration file data might be written. This fixes an issue where wpa_supplicant could have updated the configuration file global parameter with arbitrary data from the control interface or D-Bus interface. While those interfaces are supposed to be accessible only for trusted users/applications, it may be possible that an untrusted user has access to a management software component that does not validate the value of a parameter before passing it to wpa_supplicant. This could allow such an untrusted user to inject almost arbitrary data into the configuration file. Such configuration file could result in wpa_supplicant trying to load a library (e.g., opensc_engine_path, pkcs11_engine_path, pkcs11_module_path, load_dynamic_eap) from user controlled location when starting again. This would allow code from that library to be executed under the wpa_supplicant process privileges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: Use \t instead of \n in discovery_ctrl_char_in_devnameJouni Malinen2016-05-021-1/+1
| | | | | | | This is needed to allow the SET command to be modified to reject newline characters. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: wpa_supplicant config parsing of arbitrary cred valuesJouni Malinen2016-05-021-0/+48
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Reject SET_CRED commands with newline characters in the string valuesJouni Malinen2016-05-021-1/+8
| | | | | | | | | | | | | | | | | | | | | | | Most of the cred block parameters are written as strings without filtering and if there is an embedded newline character in the value, unexpected configuration file data might be written. This fixes an issue where wpa_supplicant could have updated the configuration file cred parameter with arbitrary data from the control interface or D-Bus interface. While those interfaces are supposed to be accessible only for trusted users/applications, it may be possible that an untrusted user has access to a management software component that does not validate the credential value before passing it to wpa_supplicant. This could allow such an untrusted user to inject almost arbitrary data into the configuration file. Such configuration file could result in wpa_supplicant trying to load a library (e.g., opensc_engine_path, pkcs11_engine_path, pkcs11_module_path, load_dynamic_eap) from user controlled location when starting again. This would allow code from that library to be executed under the wpa_supplicant process privileges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Remove newlines from wpa_supplicant config network outputPaul Stewart2016-05-023-2/+25
| | | | | | | | | | Spurious newlines output while writing the config file can corrupt the wpa_supplicant configuration. Avoid writing these for the network block parameters. This is a generic filter that cover cases that may not have been explicitly addressed with a more specific commit to avoid control characters in the psk parameter. Signed-off-by: Paul Stewart <pstew@google.com>
* tests: wpa_supplicant config file writing with arbitrary PSK valueJouni Malinen2016-05-021-0/+45
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Reject psk parameter set with invalid passphrase characterJouni Malinen2016-05-021-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | WPA/WPA2-Personal passphrase is not allowed to include control characters. Reject a passphrase configuration attempt if that passphrase includes an invalid passphrase. This fixes an issue where wpa_supplicant could have updated the configuration file psk parameter with arbitrary data from the control interface or D-Bus interface. While those interfaces are supposed to be accessible only for trusted users/applications, it may be possible that an untrusted user has access to a management software component that does not validate the passphrase value before passing it to wpa_supplicant. This could allow such an untrusted user to inject up to 63 characters of almost arbitrary data into the configuration file. Such configuration file could result in wpa_supplicant trying to load a library (e.g., opensc_engine_path, pkcs11_engine_path, pkcs11_module_path, load_dynamic_eap) from user controlled location when starting again. This would allow code from that library to be executed under the wpa_supplicant process privileges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: wpa_supplicant config file parsing/writing with WPSJouni Malinen2016-05-023-0/+96
| | | | | | | | This verifies that a WPA2PSK passphrase with control characters gets rejected in a WPS Credential and that control characters in SSID get written as a hexdump. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* WPS: Reject a Credential with invalid passphraseJouni Malinen2016-05-023-0/+23
| | | | | | | | | | | | | | | WPA/WPA2-Personal passphrase is not allowed to include control characters. Reject a Credential received from a WPS Registrar both as STA (Credential) and AP (AP Settings) if the credential is for WPAPSK or WPA2PSK authentication type and includes an invalid passphrase. This fixes an issue where hostapd or wpa_supplicant could have updated the configuration file PSK/passphrase parameter with arbitrary data from an external device (Registrar) that may not be fully trusted. Should such data include a newline character, the resulting configuration file could become invalid and fail to be parsed. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* nl80211: Try running without mgmt frame subscription (driver AP SME)Rafał Miłecki2016-04-281-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | One of supported code paths already allows this scenario. It is used if driver doesn't report NL80211_ATTR_DEVICE_AP_SME and doesn't support monitor interface. In such situation: 1) We don't quit if subscribing for WLAN_FC_STYPE_PROBE_REQ fails 2) We don't try subscribing for WLAN_FC_STYPE_ACTION 3) We fallback to AP SME mode after failing to create monitor interface 4) We don't quit if subscribing for WLAN_FC_STYPE_PROBE_REQ fails Above scenario is used, e.g., with brcmfmac. As you can see - thanks to events provided by cfg80211 - it's not really required to receive Probe Request or action frames. However, the previous implementation did not allow using hostapd with drivers that: 1) Report NL80211_ATTR_DEVICE_AP_SME 2) Don't support subscribing for PROBE_REQ and/or ACTION frames In case of using such a driver hostapd will cancel setup after failing to subscribe for WLAN_FC_STYPE_ACTION. I noticed it after setting flag WIPHY_FLAG_HAVE_AP_SME in brcmfmac driver for my experiments. This patch allows working with such drivers with just a small warning printed as debug message. Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
* Android: Remove EAP-FAST optionDmitry Shmidt2016-04-281-1/+1
| | | | | | Current BoringSSL version is not suitable for EAP-FAST. Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
* WPS: Explicitly clear wpabuf memory with key informationJouni Malinen2016-04-285-48/+48
| | | | | | | | This reduces duration that private keying material might remain in the process memory by clearing wpabuf data used in WPS operations when there is possibility of the buffer including keys or related material. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: Do not use tabs for indentationJouni Malinen2016-04-247-52/+52
| | | | | | | Be more consistent with indentation (always uses spaces in Python files). Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Test configuration propagation to group interfaceAndrei Otcheretianski2016-04-241-0/+28
| | | | | | | | When a dedicated P2P Device interface is used, its configuration should be cloned to the group interface. Add a test that covers this both when a separate group interface is used and not. Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
* P2P: Copy config from p2pdev when not using dedicated group interfaceAndrei Otcheretianski2016-04-241-21/+12
| | | | | | | | | | | | | | | | | | | | When the P2P Device interface is used and an existing interface is used for P2P GO/Client, the P2P Device configuration was not cloned to the configuration of the existing interface. Thus, configuration parameters such as idle_group_time, etc., were not propagated to the P2P GO/Client interface. Handle this by copying all configuration parameters of the P2P device interface to the reused interface, with the following exceptions: 1. Copy the NFC key data only if it was not set in the configuration file. 2. The WPS string fields are set only if they were not previously set in the configuration of the destination interface (based on the assumption that these fields should be identical among all interfaces). Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
* P2P: Fix wpas_p2p_nfc_auth_join()Andrei Otcheretianski2016-04-241-9/+9
| | | | | | | | | Use the p2pdev pointer instead of the parent pointer to comply with the flows when a dedicated P2P Device interface is used and p2p_no_group_iface == 1 (in which case the parent of the reused interface isn't necessary the same as p2pdev). Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
* tests: Fix persistent_group_peer_dropped testsAndrei Otcheretianski2016-04-241-2/+2
| | | | | | | Use the global control interface to remove P2P network blocks, to support cases when a dedicated P2P Device interface is used. Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
* tests: Don't use proxy in urllib.urlopen()Andrei Otcheretianski2016-04-241-3/+4
| | | | | | | | Some environments define default system wide HTTP proxy. Using default system configuration may result in a failure to open some HTTP URLs. Fix this by ensuring that no proxies are used. Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
* tests: Use global control interface for P2P configurationsAndrei Otcheretianski2016-04-241-52/+52
| | | | Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
* tests: Use global control interface to set p2p_no_group_ifaceIlan Peer2016-04-242-16/+16
| | | | Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* tests: Parse group results in a couple of p2p_channel testsIlan Peer2016-04-241-0/+2
| | | | | | | | In p2p_channel_vht80_autogo and p2p_channel_vht80p80_autogo, parse the P2P-GROUP-STARTED event prior to calling the group_request() method, as otherwise the group ifname is not set. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* tests: Modify use of GET command to support P2P Device interfaceAvraham Stern2016-04-241-2/+2
| | | | | | | | Support configurations that use a dedicated P2P Device interface by using the global control interface and specifying the interface name for the GET commands fetching the ip_addr_go parameter. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
* tests: persistent_group_profile_add to support P2P Device interfaceAvraham Stern2016-04-242-5/+26
| | | | | | | | | Modify the persistent_group_profile_add test to support configurations that use a dedicated P2P Device interface by sending the ADD_NETWORK and SET_NETWORK commands on the global control interface and specifying the P2P Device interface name. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
* tests: Store P2P Device ifname in class WpaSupplicantAvraham Stern2016-04-241-0/+10
| | | | | | | | | | | | | | Add an attribute to class WpaSupplicant with the name of the P2P Device interface. If a separate interface is not used for P2P Device, this attribute will hold the name of the only used interface (with functions also as the P2P Device management interface). This attribute will be used to direct P2P related commands to the P2P Device interface, which is needed for configurations that use a separate interface for the P2P Device. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
* tests: Modify p2p_msg_long_ssid to support P2P Device interfaceAvraham Stern2016-04-241-1/+1
| | | | | | | | Waiting for the P2P-DEVICE-FOUND event should be done on the global control interface to support configurations that use a dedicated P2P Device interface. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
* tests: Modify autogo_scan to support P2P Device interfaceAvraham Stern2016-04-241-4/+10
| | | | | | | | | | | | Support configurations that use a dedicated P2P Device interface by sending the P2P_CONNECT command on the global control interface. In addition, when a dedicated P2P Device interface is used, there is no need to manually respond to the Provision Discovery Request since the request is processed by the P2P Device interface and this interface was not set for external RX management frames handling. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
* tests: Fix error message in test_p2ps_connect_p2ps_method_4()Ilan Peer2016-04-241-2/+2
| | | | | | | This fixes commit 2f0f69a9ec93e063822628578bceb947cf083918 ('tests: Use p2ps_provision() and p2ps_connect_pd() in p2ps_connect_p2ps_method()'). Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* tests: Add couple of roam failure testsIlan Peer2016-04-241-0/+53
| | | | | | | 1. Fail roaming to an AP which exceeded its number of allowed stations. 2. Fail roaming due to passphrase mismatch. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* tests: Remove unused eap_connect importJouni Malinen2016-04-241-1/+0
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Convert Host() class to use list of arguments instead of stringJouni Malinen2016-04-243-13/+9
| | | | | | | | It is better to use a list of command line arguments for the local execution case and convert that to a space-separated string for the remote case. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Print traceback if test failsJanusz Dziedzic2016-04-241-0/+2
| | | | | | This is useful in case we hit a problem in test code. Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
* tests: Use hapd from hostapd.add_bss()Janusz Dziedzic2016-04-242-9/+4
| | | | Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>