DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

tests: Update capability checks to include OpenSSL 3.1 and 3.2

Browse source 
Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2023-12-02 11:22:24 +02:00
parent 033634019d
commit a7fdd58039
3 changed files with 21 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
tests/hwsim/test_ap_eap.py
View file

@ -99,7 +99,11 @@ def check_pkcs5_v15_support(dev):
def check_tls13_support(dev): def check_tls13_support(dev):
tls = dev.request("GET tls_library") tls = dev.request("GET tls_library")
if "run=OpenSSL 1.1.1" not in tls and "run=OpenSSL 3.0" not in tls and "wolfSSL" not in tls: ok = ['run=OpenSSL 1.1.1', 'run=OpenSSL 3.0', 'run=OpenSSL 3.1',
'run=OpenSSL 3.2', 'wolfSSL']
for s in ok:
if s in tls:
return
raise HwsimSkip("TLS v1.3 not supported") raise HwsimSkip("TLS v1.3 not supported")
def check_ocsp_multi_support(dev): def check_ocsp_multi_support(dev):
@ -4312,7 +4316,7 @@ def test_ap_wpa2_eap_fast_cipher_suites(dev, apdev):
if cipher == "RC4-SHA" and \ if cipher == "RC4-SHA" and \
("Could not select EAP method" in str(e) or \ ("Could not select EAP method" in str(e) or \
"EAP failed" in str(e)): "EAP failed" in str(e)):
if "run=OpenSSL 1.1" in tls or "run=OpenSSL 3.0" in tls: if "run=OpenSSL" in tls:
logger.info("Allow failure due to missing TLS library support") logger.info("Allow failure due to missing TLS library support")
dev[0].request("REMOVE_NETWORK all") dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected() dev[0].wait_disconnected()
@ -6184,7 +6188,7 @@ def test_ap_wpa2_eap_tls_versions(dev, apdev):
"tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=0 tls_disable_tlsv1_2=1", "TLSv1.1") "tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=0 tls_disable_tlsv1_2=1", "TLSv1.1")
check_tls_ver(dev[2], hapd, check_tls_ver(dev[2], hapd,
"tls_disable_tlsv1_0=0 tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1", "TLSv1") "tls_disable_tlsv1_0=0 tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1", "TLSv1")
if "run=OpenSSL 1.1.1" in tls or "run=OpenSSL 3.0" in tls: if "run=OpenSSL 1.1.1" in tls or "run=OpenSSL 3." in tls:
check_tls_ver(dev[0], hapd, check_tls_ver(dev[0], hapd,
"tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1 tls_disable_tlsv1_3=0", "TLSv1.3") "tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1 tls_disable_tlsv1_3=0", "TLSv1.3")

21
tests/hwsim/test_fils.py
View file

@ -1417,18 +1417,21 @@ def test_fils_sk_pfs_30(dev, apdev, params):
"""FILS SK with PFS (DH group 30)""" """FILS SK with PFS (DH group 30)"""
run_fils_sk_pfs(dev, apdev, "30", params) run_fils_sk_pfs(dev, apdev, "30", params)
def check_ec_group(dev, group):
tls = dev.request("GET tls_library")
if tls.startswith("wolfSSL"):
return
if int(group) in [25]:
if not (tls.startswith("OpenSSL") and ("build=OpenSSL 1.0.2" in tls or "build=OpenSSL 1.1" in tls or "build=OpenSSL 3." in tls) and ("run=OpenSSL 1.0.2" in tls or "run=OpenSSL 1.1" in tls or "run=OpenSSL 3." in tls)):
raise HwsimSkip("EC group not supported")
if int(group) in [27, 28, 29, 30]:
if not (tls.startswith("OpenSSL") and ("build=OpenSSL 1.0.2" in tls or "build=OpenSSL 1.1" in tls or "build=OpenSSL 3." in tls) and ("run=OpenSSL 1.0.2" in tls or "run=OpenSSL 1.1" in tls or "run=OpenSSL 3." in tls)):
raise HwsimSkip("Brainpool EC group not supported")
def run_fils_sk_pfs(dev, apdev, group, params): def run_fils_sk_pfs(dev, apdev, group, params):
check_fils_sk_pfs_capa(dev[0]) check_fils_sk_pfs_capa(dev[0])
check_erp_capa(dev[0]) check_erp_capa(dev[0])
check_ec_group(dev[0], group)
tls = dev[0].request("GET tls_library")
if not tls.startswith("wolfSSL"):
if int(group) in [25]:
if not (tls.startswith("OpenSSL") and ("build=OpenSSL 1.0.2" in tls or "build=OpenSSL 1.1" in tls or "build=OpenSSL 3.0" in tls) and ("run=OpenSSL 1.0.2" in tls or "run=OpenSSL 1.1" in tls or "run=OpenSSL 3.0" in tls)):
raise HwsimSkip("EC group not supported")
if int(group) in [27, 28, 29, 30]:
if not (tls.startswith("OpenSSL") and ("build=OpenSSL 1.0.2" in tls or "build=OpenSSL 1.1" in tls or "build=OpenSSL 3.0" in tls) and ("run=OpenSSL 1.0.2" in tls or "run=OpenSSL 1.1" in tls or "run=OpenSSL 3.0" in tls)):
raise HwsimSkip("Brainpool EC group not supported")
start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst")) start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))

2
tests/hwsim/test_suite_b.py
View file

@ -30,7 +30,7 @@ def check_suite_b_tls_lib(dev, dhe=False, level128=False):
if not tls.startswith("OpenSSL"): if not tls.startswith("OpenSSL"):
raise HwsimSkip("TLS library not supported for Suite B: " + tls) raise HwsimSkip("TLS library not supported for Suite B: " + tls)
supported = False supported = False
for ver in ['1.0.2', '1.1.0', '1.1.1', '3.0']: for ver in ['1.0.2', '1.1.0', '1.1.1', '3.']:
if "build=OpenSSL " + ver in tls and "run=OpenSSL " + ver in tls: if "build=OpenSSL " + ver in tls and "run=OpenSSL " + ver in tls:
supported = True supported = True
break break