When going through 4-way handshake, the station side reports
CTRL-EVENT-CONNECTED after having sent out EAPOL-Key msg 4/4. The AP
side reports AP-STA-CONNECT after having completed processing of this
frame. Especially when using UML with time travel, it is possible for
the connectivity test to be started before the AP side has configured
the pairwise TK if the test is triggered based on CTRL-EVENT-CONNECTED
instead of AP-STA-CONNECT.
Add explicit wait for AP-STA-CONNECT in some of these cases to reduce
likelihood of reporting failures for test cases that are actually
behaving as expected. This shows up with "dev1->dev2 unicast data
delivery failed" in the test log.
Do the same before requesting reauthentication from the station side
since that has a similar issue with the EAPOL-Start frame getting
encrypted before the AP is ready for it.
Signed-off-by: Jouni Malinen <j@w1.fi>
Enable all supported groups in the existing ap_wpa2_eap_pwd_groups and
ap_wpa2_eap_pwd_invalid_group test cases to maintain current testing
functionality once wpa_supplicant is modified to use a different default
for the enabled groups.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
It is fine for the station to associate with either AP in this test
case, so do not force AP side connection check with apdev[0].
Signed-off-by: Jouni Malinen <j@w1.fi>
Busy loop for waiting is not going to work with time-travel=inf-cpu, so
need to something a bit more explicit to wait for the wpa_supplicant
process to proceed while not fully breaking the idea of this test case
to iteration through large number of STATUS-VERBOSE commands to hit
different states.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is in preparation of disallowing all use of these groups. Negative
test case for the groups will be added in a separate commit after the
implementation has been changed.
Signed-off-by: Jouni Malinen <j@w1.fi>
Use a helper function to perform this common sequence to disconnect and
stop any possibly started reconnection attempt.
Signed-off-by: Jouni Malinen <j@w1.fi>
One of the steps that expected failure due to PMKID mismatch did not
stop connection attempts. This could result in the following test step
failing due to the previous profile with peaplabel=1 getting used to
derive the MSK incorrectly.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This patch is made by using 2to3 command with some modifications.
$ find . -name *.py | xargs 2to3 -f imports -w -n
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Verify that not updating GTK (i.e., only update PTK) in the driver does
not break connectivity. This case is different after the check for
"already in-use GTK" and rejection of GTK reinstallation.
Signed-off-by: Jouni Malinen <j@w1.fi>
It looks like OpenSSL 1.1.1 accepted the openssl_ciphers=FOO test
configuration or well, at least does not reject it like previous
versions did. For now, ignore this failure.
Signed-off-by: Jouni Malinen <j@w1.fi>
RC4-SHA cipher case ended up allowing the handshake to be started just
to fail with "no ciphers available" when trying to generate ClientHello.
Fix this by handling an EAP failure case for the RC4-SHA test step with
OpenSSL 1.1.*.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is a regression test for a sequence where wpa_supplicant interface
MAC address is changed externally and the ifdown-ifup sequence is
processed only after the interface has already been set UP.
Signed-off-by: Jouni Malinen <j@w1.fi>
This test case uses EAP-MSCHAPv2 within the PEAP tunnel, so verify that
the build includes support for that before running the test.
Signed-off-by: Sean Parkinson <sean@wolfssl.com>
GnuTLS seems to require the intermediate CA certificate to be included
both in the ca_cert and client_cert file for the cases of server and
client certificates using different intermediate CA certificates. Use
the user_and_ica.pem file with GnuTLS builds and reorder the
certificates in that file to make this work with GnuTLS.
Signed-off-by: Jouni Malinen <j@w1.fi>