Use imsi_privacy_cert as the name of the configuration parameter for the
X.509v3 certificate that contains the RSA public key needed for IMSI
privacy. The only allowed format for this information is a PEM-encoded
X.509 certificate, so the previous name was somewhat confusing.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add RSA public key (in an X.509v3 certificate) and private key for IMSI
privacy. These were generated with
openssl req -new -x509 -sha256 -newkey rsa:2048 -nodes -days 7500 \
-keyout imsi-privacy-key.pem -out imsi-privacy-cert.pem
Test the case where wpa_supplicant side RSA-OAEP operation for IMSI
privacy is done in an external component while the hostapd (EAP server)
processing of the encrypted identity is internal.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The previous versions are going to be expiring soon, so need to re-sign
these to avoid EAP test case failures. This contains updates from
running tests/hwsim/auth_server/update.sh.
Signed-off-by: Jouni Malinen <j@w1.fi>
This parameter has no impact to TLS client functionality, so these is
not really any point to maintain these test cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
The previous versions expired, so need to re-sign these to fix number of
the EAP test cases. This contains updates from running
tests/hwsim/auth_server/update.sh.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Need to close the WpaSupplicant instance on the extra radio before
returning from this test case since that interface is going to be
removed and WpaSupplicant.__del__() can time out on trying to detach the
monitor connection after that.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This is needed to allow the test cases to work on systems using
secpolicy=2 default (e.g., Ubuntu 20.04).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Crypto libraries are starting to refuse to accept the old shorter keys,
so move all test certificates and DH to use 2048 bit (or longer) keys.
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes it more convenient to run tests with builds that disable
TKIP/WPA(v1) support completely.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
There is no need to generate these OCSP responses for every single test
session. Generate these more dynamically if a test case that uses these
files is executed.
Signed-off-by: Jouni Malinen <j@w1.fi>
There is no need to generate these OCSP responses for every single test
session. Generate these more dynamically if a test case that uses these
files is executed.
Signed-off-by: Jouni Malinen <j@w1.fi>
There is no need to generate this OCSP response for every single test
session. Generate this more dynamically if the test case that uses the
particular file is executed.
Signed-off-by: Jouni Malinen <j@w1.fi>
The previous versions expired, so need to re-sign these to fix number of
the EAP test cases. This contains updates from running
tests/hwsim/auth_server/update.sh.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This is needed with the increased maximum EAP round limit since the
server side sends out longer messages in this exchange and that prevent
the short message limit from being reached.
Signed-off-by: Jouni Malinen <j@w1.fi>
When going through 4-way handshake, the station side reports
CTRL-EVENT-CONNECTED after having sent out EAPOL-Key msg 4/4. The AP
side reports AP-STA-CONNECT after having completed processing of this
frame. Especially when using UML with time travel, it is possible for
the connectivity test to be started before the AP side has configured
the pairwise TK if the test is triggered based on CTRL-EVENT-CONNECTED
instead of AP-STA-CONNECT.
Add explicit wait for AP-STA-CONNECT in some of these cases to reduce
likelihood of reporting failures for test cases that are actually
behaving as expected. This shows up with "dev1->dev2 unicast data
delivery failed" in the test log.
Do the same before requesting reauthentication from the station side
since that has a similar issue with the EAPOL-Start frame getting
encrypted before the AP is ready for it.
Signed-off-by: Jouni Malinen <j@w1.fi>