IWDTestBot · IWDTestBot · Mar 16, 2022 · Jun 24, 2022 · Jun 24, 2022 · Aug 5, 2022
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,269 @@
+name: IWD CI
+
+#
+# The basic flow of the CI is as follows:
+#
+# 1. Get all inputs, or default values, and set as 'setup' job output
+# 2. Find any cached binaries (hostapd, wpa_supplicant, kernel etc)
+# 3. Checkout all dependent repositories
+# 4. Tar all local files. This is an unfortunate requirement since github jobs
+#    cannot share local files. Since there are multiple CI's acting on the same
+#    set of repositories it makes more sense to retain these and re-download
+#    them for each CI job.
+# 5. Run each CI, currently 'main' and 'musl'.
+#       * 'main' is the default IWD CI which runs all the build steps as well
+#          as test-runner
+#       * 'musl' uses an alpine docker image to test the build on musl-libc
+#
+#     Both CI's use the 'iwd-ci-v2' repo which calls into 'ci-docker'. The
+#     'ci-docker' action essentially re-implements the native Github docker
+#     action but allows arbitrary options to be passed in (e.g. privileged or
+#     mounting non-standard directories)
+#
+
+on:
+  pull_request:
+  workflow_dispatch:
+    inputs:
+      tests:
+        description: Tests to run (comma separated, no spaces)
+        default: all
+      kernel:
+        description: Kernel version
+        default: '5.16'
+      hostapd_version:
+        description: Hostapd and wpa_supplicant version
+        default: '09a281e52a25b5461c4b08d261f093181266a554'
+      ell_ref:
+        description: ELL reference
+        default: refs/heads/workflow
+
+  repository_dispatch:
+    types: [ell-dispatch]
+
+jobs:
+  setup:
+    runs-on: ubuntu-22.04
+    outputs:
+      tests: ${{ steps.inputs.outputs.tests }}
+      kernel: ${{ steps.inputs.outputs.kernel }}
+      hostapd_version: ${{ steps.inputs.outputs.hostapd_version }}
+      ell_ref: ${{ steps.inputs.outputs.ell_ref }}
+      repository: ${{ steps.inputs.outputs.repository }}
+      ref_branch: ${{ steps.inputs.outputs.ref_branch }}
+    steps:
+      #
+      # This makes CI inputs consistent depending on how the CI was invoked:
+      #  * pull_request trigger won't have any inputs, so these need to be set
+      #    to default values.
+      #  * workflow_dispatch sets all inputs from the user input
+      #  * repository_dispatch sets all inputs based on the JSON payload of
+      #    the request.
+      #
+    - name: Setup Inputs
+      id: inputs
+      run: |
+        if [ ${{ github.event_name }} == 'workflow_dispatch' ]
+        then
+          TESTS=${{ github.event.inputs.tests }}
+          KERNEL=${{ github.event.inputs.kernel }}
+          HOSTAPD_VERSION=${{ github.event.inputs.hostapd_version }}
+          ELL_REF=${{ github.event.inputs.ell_ref }}
+          REF="$GITHUB_REF"
+          REPO="$GITHUB_REPOSITORY"
+        elif [ ${{ github.event_name }} == 'repository_dispatch' ]
+        then
+          TESTS=all
+          KERNEL=5.16
+          HOSTAPD_VERSION=09a281e52a25b5461c4b08d261f093181266a554
+          ELL_REF=${{ github.event.client_payload.ref }}
+          REF=$ELL_REF
+          REPO=${{ github.event.client_payload.repo }}
+        else
+          TESTS=all
+          KERNEL=5.16
+          HOSTAPD_VERSION=09a281e52a25b5461c4b08d261f093181266a554
+          ELL_REF="refs/heads/workflow"
+          REF="$GITHUB_REF"
+          REPO="$GITHUB_REPOSITORY"
+        fi
+
+        #
+        # Now that the inputs are sorted, set the output of this step to these
+        # values so future jobs can refer to them.
+        #
+        echo ::set-output name=tests::$TESTS
+        echo ::set-output name=kernel::$KERNEL
+        echo ::set-output name=hostapd_version::$HOSTAPD_VERSION
+        echo ::set-output name=ell_ref::$ELL_REF
+        echo ::set-output name=repository::$REPO
+        echo ::set-output name=ref_branch::$REF
+
+    - name: Cache UML Kernel
+      id: cache-uml-kernel
+      uses: actions/cache@v3
+      with:
+        path: ${{ github.workspace }}/cache/um-linux-${{ steps.inputs.outputs.kernel }}
+        key: um-linux-${{ steps.inputs.outputs.kernel }}_ubuntu22
+
+    - name: Cache Hostapd
+      id: cache-hostapd
+      uses: actions/cache@v3
+      with:
+        path: |
+          ${{ github.workspace }}/cache/hostapd_${{ steps.inputs.outputs.hostapd_version }}
+          ${{ github.workspace }}/cache/hostapd_cli_${{ steps.inputs.outputs.hostapd_version }}
+        key: hostapd_${{ steps.inputs.outputs.hostapd_version }}_ssl3
+
+    - name: Cache WpaSupplicant
+      id: cache-wpas
+      uses: actions/cache@v3
+      with:
+        path: |
+          ${{ github.workspace }}/cache/wpa_supplicant_${{ steps.inputs.outputs.hostapd_version }}
+          ${{ github.workspace }}/cache/wpa_cli_${{ steps.inputs.outputs.hostapd_version }}
+        key: wpa_supplicant_${{ steps.inputs.outputs.hostapd_version }}_ssl3
+
+    - name: Checkout IWD
+      uses: actions/checkout@v3
+      with:
+        path: iwd
+        repository: IWDTestBot/iwd
+        token: ${{ secrets.ACTION_TOKEN }}
+
+    - name: Checkout ELL
+      uses: actions/checkout@v3
+      with:
+        path: ell
+        repository: IWDTestBot/ell
+        ref: ${{ steps.inputs.outputs.ell_ref }}
+
+    - name: Checkout CiBase
+      uses: actions/checkout@v3
+      with:
+        repository: IWDTestBot/cibase
+        path: cibase
+
+    - name: Checkout CI
+      uses: actions/checkout@v3
+      with:
+        repository: IWDTestBot/iwd-ci-v2
+        path: iwd-ci
+
+    - name: Tar files
+      run: |
+        FILES="iwd ell cibase iwd-ci cache"
+
+        if [ "${{ steps.cache-uml-kernel.outputs.cache-hit }}" == 'true' ]
+        then
+          FILES+=" ${{ github.workspace }}/cache/um-linux-${{ steps.inputs.outputs.kernel }}"
+        fi
+
+        if [ "${{ steps.cache-hostapd.outputs.cache-hit }}" == 'true' ]
+        then
+          FILES+=" ${{ github.workspace }}/cache/hostapd_${{ steps.inputs.outputs.hostapd_version }}"
+          FILES+=" ${{ github.workspace }}/cache/hostapd_cli_${{ steps.inputs.outputs.hostapd_version }}"
+        fi
+        if [ "${{ steps.cache-wpas.outputs.cache-hit }}" == 'true' ]
+        then
+          FILES+=" ${{ github.workspace }}/cache/wpa_supplicant_${{ steps.inputs.outputs.hostapd_version }}"
+          FILES+=" ${{ github.workspace }}/cache/wpa_cli_${{ steps.inputs.outputs.hostapd_version }}"
+        fi
+
+        tar -cvf archive.tar $FILES
+
+    - name: Upload artifacts
+      uses: actions/upload-artifact@v3
+      with:
+        name: iwd-artifacts
+        path: |
+          archive.tar
+
+  iwd-alpine-ci:
+    runs-on: ubuntu-22.04
+    needs: setup
+    steps:
+    - name: Download artifacts
+      uses: actions/download-artifact@v3
+      with:
+        name: iwd-artifacts
+
+    - name: Untar
+      run: tar -xf archive.tar
+
+    - name: Modprobe pkcs8_key_parser
+      run: |
+        sudo modprobe pkcs8_key_parser
+
+    - name: Alpine CI
+      uses: IWDTestBot/iwd-ci-v2@master
+      with:
+        ref_branch: ${{ needs.setup.outputs.ref_branch }}
+        repository: ${{ needs.setup.outputs.repository }}
+        github_token: ${{ secrets.ACTION_TOKEN }}
+        email_token: ${{ secrets.EMAIL_TOKEN }}
+        patchwork_token: ${{ secrets.PATCHWORK_TOKEN }}
+        ci: musl
+
+  iwd-ci:
+    runs-on: ubuntu-22.04
+    needs: setup
+    steps:
+    - name: Download artifacts
+      uses: actions/download-artifact@v3
+      with:
+        name: iwd-artifacts
+
+    - name: Untar
+      run: tar -xf archive.tar
+
+    - name: Cache UML Kernel
+      id: cache-uml-kernel
+      uses: actions/cache@v3
+      with:
+        path: ${{ github.workspace }}/cache/um-linux-${{ needs.setup.outputs.kernel }}
+        key: um-linux-${{ needs.setup.outputs.kernel }}_ubuntu22
+
+    - name: Cache Hostapd
+      id: cache-hostapd
+      uses: actions/cache@v3
+      with:
+        path: |
+          ${{ github.workspace }}/cache/hostapd_${{ needs.setup.outputs.hostapd_version }}
+          ${{ github.workspace }}/cache/hostapd_cli_${{ needs.setup.outputs.hostapd_version }}
+        key: hostapd_${{ needs.setup.outputs.hostapd_version }}_ssl3
+
+    - name: Cache WpaSupplicant
+      id: cache-wpas
+      uses: actions/cache@v3
+      with:
+        path: |
+          ${{ github.workspace }}/cache/wpa_supplicant_${{ needs.setup.outputs.hostapd_version }}
+          ${{ github.workspace }}/cache/wpa_cli_${{ needs.setup.outputs.hostapd_version }}
+        key: wpa_supplicant_${{ needs.setup.outputs.hostapd_version }}_ssl3
+
+    - name: Modprobe pkcs8_key_parser
+      run: |
+        sudo modprobe pkcs8_key_parser
+        echo ${{ needs.setup.outputs.ref_branch }}
+        echo ${{ needs.setup.outputs.repository }}
+
+    - name: Run CI
+      uses: IWDTestBot/iwd-ci-v2@master
+      with:
+        ref_branch: ${{ needs.setup.outputs.ref_branch }}
+        repository: ${{ needs.setup.outputs.repository }}
+        tests: ${{ needs.setup.outputs.tests }}
+        kernel: ${{ needs.setup.outputs.kernel }}
+        hostapd_version: ${{ needs.setup.outputs.hostapd_version }}
+        github_token: ${{ secrets.ACTION_TOKEN }}
+        email_token: ${{ secrets.EMAIL_TOKEN }}
+        patchwork_token: ${{ secrets.PATCHWORK_TOKEN }}
+        ci: main
+
+    - name: Upload Logs
+      if: always()
+      uses: actions/upload-artifact@v3
+      with:
+        name: test-runner-logs
+        path: ${{ github.workspace }}/log
diff --git a/.github/workflows/pw-to-pr-email.txt b/.github/workflows/pw-to-pr-email.txt
@@ -0,0 +1,16 @@
+This is an automated email and please do not reply to this email.
+
+Dear Submitter,
+
+Thank you for submitting the patches to the IWD mailing list.
+While preparing the CI tests, the patches you submitted couldn't be applied to the current HEAD of the repository.
+
+----- Output -----
+{}
+
+Please resolve the issue and submit the patches again.
+
+
+---
+Regards,
+IWDTestBot
diff --git a/.github/workflows/pw-to-pr.json b/.github/workflows/pw-to-pr.json
@@ -0,0 +1,14 @@
+{
+    "email": {
+        "enable": true,
+        "server": "smtp.gmail.com",
+        "port": 587,
+        "user": "iwd.ci.bot@gmail.com",
+        "starttls": true,
+        "default-to": "prestwoj@gmail.com",
+        "only-maintainers": false,
+        "maintainers": [
+            "prestwoj@gmail.com"
+        ]
+    }
+}
diff --git a/.github/workflows/schedule_work.yml b/.github/workflows/schedule_work.yml
@@ -0,0 +1,43 @@
+name: Sync Upstream
+on:
+  schedule:
+  - cron:  "*/15 * * * *"
+  workflow_dispatch:
+
+jobs:
+  repo-sync:
+    runs-on: ubuntu-latest
+    steps:
+
+    - uses: actions/checkout@v2
+      with:
+        persist-credentials: false
+        fetch-depth: 0
+
+    - name: Manage Repo
+      uses: IWDTestBot/action-manage-repo@master
+      with:
+        src_repo: "https://git.kernel.org/pub/scm/network/wireless/iwd.git"
+        src_branch: "master"
+        dest_branch: "master"
+        workflow_branch: "workflow"
+        github_token: ${{ secrets.GITHUB_TOKEN }}
+
+  create_pr:
+    needs: repo-sync
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+      with:
+        fetch-depth: 0
+
+    - name: Patchwork to PR
+      uses: IWDTestBot/action-patchwork-to-pr@master
+      with:
+        pw_key_str: "user"
+        github_token: ${{ secrets.ACTION_TOKEN }}
+        email_token: ${{ secrets.EMAIL_TOKEN }}
+        patchwork_token: ${{ secrets.PATCHWORK_TOKEN }}
+        config: https://raw.githubusercontent.com/IWDTestBot/iwd/workflow/.github/workflows/pw-to-pr.json
+        patchwork_id: "408"
+        email_message: https://raw.githubusercontent.com/IWDTestBot/iwd/workflow/.github/workflows/pw-to-pr-email.txt
diff --git a/autotests/util/iwd.py b/autotests/util/iwd.py
@@ -111,7 +111,14 @@ def _failure(self, ex):
         self._exception = _convert_dbus_ex(ex)
 
     def _wait_for_async_op(self):
-        ctx.non_block_wait(lambda s: s._is_completed, 30, self, exception=None)
+        def check_complete(s):
+            if s._is_completed:
+                return True
+
+            time.sleep(0.1)
+            return False
+
+        ctx.non_block_wait(check_complete, 30, self, exception=None)
 
         self._is_completed = False
         if self._exception is not None:

diff --git a/src/eapol.c b/src/eapol.c
@@ -1161,6 +1161,25 @@ static void eapol_handle_ptk_1_of_4(struct eapol_sm *sm,
 		return;
 	}
 
+	/*
+	 * Work around buggy OWE APs. Early hostapd implementations for OWE
+	 * incorrectly used SHA256 for the PTK derivation even in groups 20 and
+	 * 21 (should be SHA384/512). If we've already sent two 2/4 messages
+	 * without a response and the AKM is OWE assume this workaround is
+	 * needed and re-derive the PTK.
+	 *
+	 * TODO: This could be improved by checking if 2/4 was ACK'ed. If not
+	 *       this could just be a lost packet.
+	 */
+	if (sm->frame_retry >= 2 &&
+			sm->handshake->akm_suite == IE_RSN_AKM_SUITE_OWE &&
+			!sm->handshake->retry_owe_workaround) {
+		sm->handshake->retry_owe_workaround = true;
+
+		if (!handshake_state_derive_ptk(sm->handshake))
+			goto error_unspecified;
+	}
+
 	pmkid = handshake_util_find_pmkid_kde(EAPOL_KEY_DATA(ek, sm->mic_len),
 					EAPOL_KEY_DATA_LEN(ek, sm->mic_len));
 
@@ -1336,6 +1355,8 @@ static void eapol_handle_ptk_1_of_4(struct eapol_sm *sm,
 	l_timeout_remove(sm->eapol_start_timeout);
 	sm->eapol_start_timeout = NULL;
 
+	sm->frame_retry++;
+
 	return;
 
 error_unspecified: