This test was copied from testFT-PSK-roam, but for SAE. The test behaves
as follows:
- Connect to SAE network (full authentication)
- Fast transition to another SAE AP
- Fast transition to a PSK/WPA2 AP
This is a temporary fix to address the recent split of
the Device interface. This patch contains a workaround that
re-enables the auto-tests while the test framework is being
reworked to satisfy the need of the new API and should not
be considered as a permanent solution.
Fixed two issues:
1. There is no longer a dbus exception when switching to AP mode when
connected in station mode so that assert was removed.
2. After the device/station change the timing must have changed, causing
autoconnect to take over before an explicit connect call. Added a
psk provisioning file that disables autoconnect.
Make sure stop_ap is called on success and on failure in both tests so
that one can succeed after the other has failed. Also make sure to move
both interfaces out of autoconnect state.
The default behavior of NetworkObject.connect() is to wait for the
Connect dbus method to reply before returning back to the test. This
change makes it possible to connect, but not wait for a reply and
continue on with the test (by specifying wait=False). This is
specifically required to test SAE anti-clogging, where the AP needs
to have several simultaneous connections at once for the anti-clogging
logic to trigger. This change also adds Device.wait_for_connected()
which waits for the device interface State variable to be "connected".
1) wait for a device to become available
2) add try, except block for the clean termination of iwd in
the case of a failure
3) increase the max execution time to help with valgrind
1) wait for a device to become available
2) add try, except block for the clean termination of iwd in
the case of a failure
3) remove waits
4) eliminate a race condition on get_ordered_networks()
list_devices() was updated to take an integer rather than a bool
for the wait_to_appear argument. This updates any tests that
explicily passed True/False as the argument to list_devices.
The list_devices API has a race condition where sometimes it will
return zero or less than the expected number of devices and fail
the test. A fix is in place for when only a single devices is
expected, but some tests expect more than one device. This changes
wait_to_appear to an integer, and the caller can specify the number
of devices they expect to get back. The default stays as it was,
zero or "return cached devices".
The single AP test worked fine, but adding a failure test caused some
problems. Since the kernel is never restarted between tests it maintains
old stale scan results from the previous test. This was causing an
assert to sometimes fail in the second test being run because it was
returning > 1 ordered networks. This change iterates through the ordered
network list and chooses the appropriate network rather than assuming
get_ordered_networks() will always return only one network object
1) Renamed the test to reflect the usage of PEAP
2) Prevented the creation of an extra instance of iwd
3) Refactored to start catching the exceptions and properly
dispose an instance of iwd
4) Switched to list_devices with wait option
1) Removed duplicated entries form .conf
2) Refactored to start catching the exceptions and properly
dispose an instance of iwd
3) Switched to list_devices with wait option
Previously, we had to wait for an arbitrary amount of time after
iwd was started form the python scripts to make sure that the
radio objects are available on the D-bus. This patch allows to
wait inside of list_devices() method and get back a list of the
devices once they are available.
These tests were failing (both with/without ofono) because iwd
was trying to autoconnect before the autotest had issued a
connect request (causing iwd to return a busy response). To fix
this, autoconnect was explicitly disabled in the config file.
Update the expected DBus exception in the manual connect case, affected
by recent EAP changes. Also slightly improve the comment in the file
although it's still not 100% correct.
This also tests multiple agent requests for one network connection
because the TTLS client private key is not in the config file and the
MSCHAPV2 password is not in the config file.
Make 3 connections in test EAP-TLS, one with an unencrypted private key,
one with the private key passphrase provided in the provisioning file
and one with the passphrase provided through the agent. Also improve
the scanning logic at the beginning.
Allow passing a list of passphrases for subsequent agent requests to the
PSKAgent constructor. This also makes existing tests stricter because
a spurious agent request will not receive the same passphrase.
If --gdb is used with test-runner, all the timeouts in the
IWD class must be turned off otherwise the test will fail.
Inside test-runner, a environment variable (IWD_TEST_TIMEOUTS)
is set to either 'on' or 'off'. Then the IWD class (and any
others) can handle the timeouts accordingly. Note that this
does not turn off dbus timeouts, rather it ignores timeout
failures. This does mean that ultimately the test will most
likely fail due to a dbus timeout, but it at least gives you
unlimited debugging time.
Two autotests:
1. Tests SA Query procedure when the AP goes down. In this case the AP
goes down ungracefully, now allowing it to send out any deauth
frames. When the AP comes back up, IWD still thinks its connected.
The AP will then send unprotected disassociate frames so the client
can re-connect. This kicks off the SA Query procedure, which the AP
will not respond to. At this point we can deauth and reconnect to
the AP.
2. Test SA Query procedure when a disassociate frame has been spoofed.
In this case we receive an unprotected disassociate frame and start
SA Query. The AP should then respond to the SA query within the
timeout. We then know the frame was spoofed and can remain
connected.
Changed disassociate reason to 0x07 when spoofing a disassociate
frame. This along with 0x06 are the only two reason codes that
should be accepted in an unprotected disassociate frame.
Using the hwsim dbus interface ".Interface" under the radios
object you can now send an arbitrary frame out from that radio.
Two methods have been added, spoof_frame and spoof_disassociate.
The hwsim SendFrame method requires the radio frequency which
is obtained from the hostapd config file. This adds a generic
API to get any config value from the hostapd config, as well
as a get_freq API that converts the channel number to a
frequency.
For testing SA Query, the autotest needs the ablility to force
kill (and restart) hostapd without giving it time to deauth its
stations gracefully. A method was added to the HostapdCLI class
which does a killall -9 hostapd, resets the wlnX interface,
and restarts hostapd with the same arguments as it had before.
The AuthCenter will now wait for the RX thread to start before
continuing with the test.
Also removed the non blocking option and fixed the loop to
handle a blocking recvfrom call.
If the peer detects a sync error, it sends back AUTS. The
authentication center must then re-synchronize and update
the SQN it has saved for the given ISMI.
For testing purposes, it is useful to run hlrauc.py by itself
not including it from another python script like autotests do.
Better error checking was also added as testing can result in
badly formatted data.
We need to reset self._exception after _wait_for_async_op raises an
exception, otherwise _wait_for_async_op will report that exception for
every future operation (this wasn't an issue when an exception always
meant that the test was failing and objects were torn down anyway)
In the beacon loss test try to simulate a periodic communication problem
because we don't support roaming if the AP goes away completely.
2 seconds seems to be enough to consistently trigger the beacon_loss
event without triggering a disconnect by the linux kernel or hiding the AP
from the roam scan. Also set the RSSI for that AP lower so that it is
not reselected by iwd.
Implemented milenage algorithm in hlrauc.py. Unlike EAP-SIM, the
authentication center must compute several values to give back
to the server (hostapd). This was already done by IWD as the peer
in EAP-AKA, but was also needed on the server side (HLR AuC).