Commit graph

4127 commits

Author SHA1 Message Date
Juliusz Sosinowicz
b3333a9f4c tests: Add a note for wolfSSL testing with Brainpool curves
Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2022-05-01 17:02:31 +03:00
Jouni Malinen
924fa4c5d9 tests: IMSI privacy with imsi_privacy_key on peer
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-01 16:25:16 +03:00
Jouni Malinen
9dd2ea5368 tests: IMSI privacy with imsi_identity
Add RSA public key (in an X.509v3 certificate) and private key for IMSI
privacy. These were generated with
openssl req -new -x509 -sha256 -newkey rsa:2048 -nodes -days 7500 \
	-keyout imsi-privacy-key.pem -out imsi-privacy-cert.pem

Test the case where wpa_supplicant side RSA-OAEP operation for IMSI
privacy is done in an external component while the hostapd (EAP server)
processing of the encrypted identity is internal.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-01 16:25:16 +03:00
Jouni Malinen
894b0a120f tests: HE with 20 MHz channel width on 6 GHz
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-04-29 11:19:43 +03:00
Jouni Malinen
794011d465 tests: Update regulatory database to VMs
Update the wireless-regdb database to the wireless-regdb.git version of
2022-04-08.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-04-29 11:19:43 +03:00
Jouni Malinen
b5b5a3951a tests: MBO and dynamic association disallowed change with passive scanning
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-24 12:12:21 +03:00
Jouni Malinen
387b341ead tests: Fix SAE-PK capability checks for sigma_dut test cases
These were testing only of SAE, not SAE-PK capability, and needs to be
skipped in SAE-PK is not included in the build.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-18 11:20:33 +03:00
Jouni Malinen
cc821f1c32 tests: Check DPP in build for couple of missing cases
These test cases need to be skipped in DPP is not included in the build.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-18 11:11:29 +03:00
Juliusz Sosinowicz
af052e6e11 tests: Include additional tests for wolfSSL builds
Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2022-04-17 22:02:55 +03:00
Juliusz Sosinowicz
1cda3e76fc tests: Include EAP-pwd for wolfSSL builds
Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2022-04-17 22:02:55 +03:00
Johannes Berg
2f336ca580 tests: Pretend the RNG is initialized withinthe VM
We don't particularly care about the quality of random numbers
during the test. So far, there hasn't been an issue with the
RNG not being initialized completely, we only get a few prints
about uninitialized reads from urandom. However, if some tool
were to actually use /dev/random, it might get stuck. Call the
RNDADDTOENTCNT ioctl to unblock this.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2022-04-16 16:51:54 +03:00
Jouni Malinen
698c05da2b tests: Update server and user certificates (2022)
The previous versions are going to be expiring soon, so need to re-sign
these to avoid EAP test case failures. This contains updates from
running tests/hwsim/auth_server/update.sh.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-16 13:22:16 +03:00
Jouni Malinen
b08d100de6 tests: Remove test cases for wpa_supplicant dh_file parameter
This parameter has no impact to TLS client functionality, so these is
not really any point to maintain these test cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-15 23:42:15 +03:00
Jouni Malinen
6c9e76e58a tests: Fix ap_wpa2_eap_fast_eap_vendor to check EAP-FAST support in build
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-15 13:49:19 +03:00
Jouni Malinen
e9078209c4 tests: Use group 20 instead of 25 in some SAE test cases
BoringSSL does not support group 25, so replace these cases with a
supported group 20 to meet the real testing need here.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-15 13:47:58 +03:00
Jouni Malinen
ae301fd37a tests: Skip sigma_dut_suite_b_rsa DHE case with BoringSSL
BoringSSL is known not to support this option, so skip it to allow rest
of the test case to be performed without known failures.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-15 13:43:30 +03:00
Jouni Malinen
26dd47f1d1 tests: Skip sae_pwe_group_25 with BoringSSL
BoringSSL does not support this 192-bit EC group, so do not try to run
the test case that is known to fail.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-15 13:36:35 +03:00
Jouni Malinen
364022ddef tests: sigma_dut DPP URI curves list override
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-04-14 17:06:02 +03:00
Jouni Malinen
339aef0980 tests: DPP URI supported curves
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-04-14 16:59:15 +03:00
Jouni Malinen
73b41762d0 tests: Fetch commitid on the host when running tests in a VM
git has started rejecting repositories owned by other users and refusing
to run the "git rev-parse HEAD" command in this type of cases. That
resulted in issues with the VM testing model where the VM is practically
running everything as root while the host is a normal development
environment and likely a non-root user owned files.

Fix this by fetching the commitid on the host and pass it to the VM so
that no git operations need to be run within the VM itself.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-04-14 11:59:22 +03:00
Jouni Malinen
58701128e8 tests: Handle git rev-parse failures more robustly
Do not add the --commit argument if the current git commitid cannot be
determined. This prevents complete failure to run the tests if the git
command cannot be used for some reason (like a recent change that
stopped allowing root user within the VM from running the git operation
for the case where the host system uses non-root account).

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-04-14 11:50:41 +03:00
Jouni Malinen
658296ea5b tests: Use build_beacon_request() to make beacon request more readable
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-09 19:37:58 +03:00
Jouni Malinen
060a522576 tests: Beacon request - active scan mode and NO_IR channel
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-09 19:17:00 +03:00
Jouni Malinen
7310995d87 tests: EAP-TLSv1.3 with OCSP stapling
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-04-07 00:47:31 +03:00
Jouni Malinen
1ba0043034 tests: EAP-TLSv1.3 and fragmentation
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-04-07 00:47:31 +03:00
Jouni Malinen
202842b8b3 tests: EAP-TLSv1.3 and missing protected success indication
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-04-07 00:45:40 +03:00
Jouni Malinen
e955998220 tests: WPA2-PSK AP and GTK rekey failing with one STA
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-04-05 17:25:24 +03:00
Jouni Malinen
b1cc775cf3 tests: Opportunistic Wireless Encryption - duplicated association attempt
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-02 17:52:50 +03:00
Jouni Malinen
1a630283db tests: wpa_psk_radius=3
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-02 17:52:50 +03:00
Jouni Malinen
1fb907a684 tests: wpa_supplicant AP mode - ACL management
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-03-24 23:22:42 +02:00
Jouni Malinen
b37bbcc390 tests: Clear country configuration at the end of wpas_ap_async_fail
This was causing a failure in the following sequence:
wpas_ap_async_fail wpas_ctrl_country

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-03-13 18:26:45 +02:00
Jouni Malinen
7f661f942d tests: Make DPP relay tests more robust
Flush scan results to avoid failure caused by incorrect channel
selection based on an old result for the same BSSID. This was found with
the following test sequence:
ap_track_sta_no_auth dpp_network_intro_version_missing_req dpp_controller_relay_pkex

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-03-13 18:26:45 +02:00
Jouni Malinen
7c8fcd6baf tests: Fix sigma_dut_cmd() processing for the return value
The first sock.recv() may return both the status,RUNNING and the
following status line if the sigma_dut process ends up being faster in
writing the result than the test script is in reading the result. This
resulted in unexpected behavior and odd error messages when parsing the
result in the test cases. Fix this by dropping the status,RUNNING line
from the result in case the buffer includes multiple lines.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-03-12 19:00:36 +02:00
Jouni Malinen
0c51cf624c tests: sigma_dut DPP Configurator (MUD URL, NAK change)
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-03-10 18:29:34 +02:00
Jouni Malinen
e792f38db8 tests: DPP PKEX with netAccessKey curve change
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-03-10 01:30:33 +02:00
Jouni Malinen
5ce5ed88a9 tests: Fix dpp_own_config_curve_mismatch to match implementation
This test case was assuming the Configurator would change the
netAccessKey curve every time based on the protocol keys, but that is
not the case anymore, so force that change here for a negative test.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-03-10 01:30:33 +02:00
Jouni Malinen
c4a36d050a tests: Fix dpp_intro_mismatch to match implementation
This test case was assuming the Configurator would change the
netAccessKey curve every time based on the protocol keys, but that is
not the case anymore, so force that change here for a negative test.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-03-10 01:30:33 +02:00
Jouni Malinen
800ae647df tests: Check DPP3 support in the build for netAccessKey curve changes
These test cases need to be skipped if CONFIG_DPP3=y is not defined in
the build.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-03-09 21:26:28 +02:00
Jouni Malinen
77ae98511d tests: sigma_dut and DPP netAccessKey curve change
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-03-09 01:20:49 +02:00
Jouni Malinen
117dc4ea41 tests: DPP curve change for netAccessKey
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-03-09 01:07:59 +02:00
Jouni Malinen
1d4cd24d0b tests: sigma_dut and DPP Reconfig Auth Req error cases
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-03-08 00:06:00 +02:00
Jouni Malinen
fc78c13550 tests: sigma_dut and DPP PKEXv1 responder
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-03-07 21:38:25 +02:00
Jouni Malinen
c34b35b54e tests: WPA3 with SAE password from RADIUS
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-03-04 12:25:47 +02:00
Jouni Malinen
08cd7a75bf tests: HE AP and capability parsing
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-03-03 01:51:56 +02:00
Jouni Malinen
a201ab385e tests: Fetch all event messages in wpas_ctrl_many_networks
Do not leave a large number of network added/removed events remaining
for the following test case to handle. This removes some possible
failure test case sequences like the following one:
wpas_ctrl_many_networks dbus_ap_scan_2_ap_mode_scan

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-02-26 19:12:11 +02:00
Jouni Malinen
a038e6dea4 tests: wpa_supplicant AP mode and PSK/PTK lifetime in memory"
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-02-26 19:12:11 +02:00
Jouni Malinen
fa34e3255e tests: Make test cases more robust by clearing scan cache explicitly
This test cases can fail if previously executed tests leave older scan
results in cfg80211 scan table. Clear that scan table explicitly to
avoid such issues.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-02-26 19:12:11 +02:00
Jouni Malinen
7a8fff486f tests: Make OCV test cases more robust by clearing scan results on AP
This is needed to avoid pri/sec channel switching based on potential
scan results from the previous test cases.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-02-24 00:23:25 +02:00
Jouni Malinen
d5fba20c1e tests: Add a script for find a minimal failing test sequence
min-seq.py can be used to find a minimal test sequence that can be used
to reproduce test failures. This is meant for being able to process the
recently added "Failure sequence:" entries from parallel-vm.log to
reduce manual work needed to debug commonly failing test case sequences.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-02-24 00:23:25 +02:00
Jouni Malinen
010e7dddce tests: Clear sae_groups in sigma_dut_ap_ft_rsnxe_used_mismatch
This is needed to avoid test failures when a previous test case might
have restricted the set of allowed SAE groups.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-02-24 00:23:25 +02:00