Commit graph

4508 commits

Author SHA1 Message Date
Jouni Malinen
c58178b922 tests: More coverage for D-Bus CreateInterface() parameters
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-12-17 12:11:15 +02:00
Ilan Peer
24b4c3abef tests: Extend SAE-EXT-KEY testing
Extend the SAE-EXT-KEY testing to also cover GCMP-256.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2022-12-16 22:37:31 +02:00
Jouni Malinen
6cc0a885c8 tests: require_he=1
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-12-16 20:31:14 +02:00
Aloka Dixit
96ab7529c1 tests: MBSSID and EMA
Add test cases for MBSSID functionality with EMA.

Add helper functions to create the configuration file, start hostapd
instance and client association with the transmitting interface.

he_ap_mbssid_open: 4 VAPs with open security in multiple BSSID
configuration. The first interface transmits beacons and probe responses
which include the multiple BSSID element(s) with remaining profiles.

he_ap_mbssid_same_security: 2 VAPs, all with SAE. In such a case the
Multiple BSSID elements in management frames do not include RSN and RSNE
elements as all non-transmitting profiles have exact same security
configuration as the transmitting interface.

he_ap_mbssid_mixed_security{1,2}: 8 VAPs with mixed security
configurations (SAE, OWE, WPA2-PSK, open). he_ap_mbssid_mixed_security1:
Transmitting interface uses SAE. In this case the non-transmitting
profiles will include non inheritance element (IEEE Std 802.11-2020,
9.4.2.240) wherever the security differs from the transmitting profile.
he_ap_mbssid_mixed_security2: Transmitting profile is open hence no need
for the non inheritance elements. Instead each non-transmitting profile
includes RSN, RSNE if applicable.

he_ap_ema: Enhanced multi-BSS advertisements (EMA) with 8 VAPs all with
SAE configuration.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
2022-12-02 23:06:32 +02:00
Daniel Gabay
bb67d5b52b AP: Add testing option to delay EAPOL Tx
Add a testing option to delay EAPOL-Key messages 1/4 and 3/4. By setting
delay_eapol_tx=1, the actual EAPOL Tx will occur on the last possible
attempt (wpa_pairwise_update_count) thus all previous attempts will fail
on timeout which is the wanted delay.

In addition, add an hwsim test that uses this testing option to verify
that non protected Robust Action frames are dropped prior to keys
installation in MFP.

Signed-off-by: Daniel Gabay <daniel.gabay@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2022-12-02 13:07:03 +02:00
Jouni Malinen
12d8b8a91e tests: EAP-TEAP with and without EAP method sequence optimization
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-12-01 17:53:05 +02:00
Andrei Otcheretianski
1b025bda57 tests: Extend EHT estimated throughput testing
Add a basic test to verify AP selection algorithm with EHT AP.

Signed-off-by: Ayala Beker <ayala.beker@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2022-11-30 20:33:44 +02:00
Jouni Malinen
ed68ac9301 tests: Public key hash information in authentication and AP association
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-29 16:37:54 +02:00
Jouni Malinen
8de2881426 tests: Automatic channel selection for 40 MHz channel (HE)
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-28 23:31:36 +02:00
Jouni Malinen
cd4be06c2b tests: Random MAC address per ESS (mac_addr=3)
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-28 19:10:40 +02:00
Jouni Malinen
ef11556242 tests: DPP Controller/Relay with chirping (duplicate)
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-28 16:42:21 +02:00
Johannes Berg
48c7e04be6 tests: Add mode for running UML kernel under gdb
The new --gdb option can be used when KERNELDIR (and optionally
MODULEDIR) are set and we therefore run UML. It runs the entire
VM under the debugger, with a script to load the right modules
into gdb so you can debug easily.

This needs CONFIG_GDB_SCRIPTS=y to be used in the kernel build.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2022-11-28 15:43:00 +02:00
Jouni Malinen
74874275dc tests: hostapd behavior with second BSS bridge interface already existing
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-28 11:39:06 +02:00
Jouni Malinen
e174ec7a07 tests: Check hostapd PID file removal in all cases
Only one of the test cases was doing this, but it's more robust for all
the cases using dynamically started hostapd process to do same.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-27 15:54:26 +02:00
Raphaël Mélotte
e7829e4466 tests: Add ap_reload_bss_only
The test checks that when the SSID of a BSS is changed using
SET+RELOAD_BSS, the stations already connected to other BSSes on the
same radio are not disconnected.

It also checks that stations can connect using the new SSID after the
reload.

Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
2022-11-27 15:51:08 +02:00
Raphaël Mélotte
1a27b8838a tests: Add ap_config_reload_on_sighup_config_id
The test checks that when reloading the configuration with SIGHUP,
stations that are connected to BSSes whose config_id did not change are
not disconnected. It also checks that for the BSSes that have a
different config_id and SSID, the new SSID is applied correctly.

Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
2022-11-27 15:44:58 +02:00
Raphaël Mélotte
34e4a17b48 tests: Add iface_params and bss_params to write_hostapd_config()
To make it easier to write custom hostapd configuration files, add
"iface_params" and "bss_params".

They are both meant to be lists of parameters that the user can supply
to append additional parameters to the configuration file.

Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
2022-11-27 15:43:53 +02:00
Jouni Malinen
af97aaa503 tests: Random MAC address with two APs
This verifies locally generated deauthentication determination when the
MAC address changes.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-27 14:18:53 +02:00
Damien Dejean
f5ce680ee6 D-Bus: Hotspot 2.0 credentials with multiple domains
Add the support of multiple domains for interworking credentials in
D-Bus API AddCred() using an array of strings.

Signed-off-by: Damien Dejean <damiendejean@chromium.org>
2022-11-27 14:18:53 +02:00
Jouni Malinen
e5dfce38f7 RSN: Split EAPOL-Key group msg 1/2 processing more completely for WPA(v1)
Separate more of WPA(v1) functionality away from the RSN processing
code path.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-27 14:18:53 +02:00
Jouni Malinen
5ab43c738e RSN: Split WPA(v1) processing of EAPOL-Key frames into a separate function
This is a step in separating RSN and WPA(v1) processing of EAPOL-Key
frames into separate functions. This allows the implementation to be
simplified and potentially allows the validation rules to be made
stricter more easily. This is also a step towards allowing WPA(v1)
functionality to be removed from the build in the future.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-27 08:30:58 +02:00
Damien Dejean
5f89fffb76 tests: New Passpoint Home OI parameters
Move testing to use the new Home OI parameters while maintaining a
couple of tests for the deprecated parameters.

Signed-off-by: Damien Dejean <damiendejean@chromium.org>
2022-11-26 18:59:10 +02:00
Jouni Malinen
bb9099785e tests: WPS PBC provisioning with configured AP and passive scanning
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-24 18:54:33 +02:00
Jouni Malinen
00bd744ed5 tests: OCV on 2.4 GHz with PMF getting enabled automatically on STA
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-24 17:21:08 +02:00
Jouni Malinen
7c62bccc6e tests: SAE and preferred AP using wrong password
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-24 12:06:59 +02:00
Jouni Malinen
22a5d615ba tests: HS 2.0 deauthentication imminent with and without URL timing
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-21 22:57:51 +02:00
Glenn Strauss
8e364713ef tests: Check IMSI privacy support using a helper function
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-11-20 17:23:10 +02:00
Jouni Malinen
bb171f0020 tests: DPP network introduction with PMKSA cleared on AP
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-20 11:08:26 +02:00
Jouni Malinen
1e602adabb tests: Add PMKSA cache entry again in dpp_akm_sha*
This is going to be needed once wpa_supplicant starts dropping the PMKSA
cache entry on status code 53 (invalid PMKID) rejection of association.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-20 11:08:26 +02:00
Jouni Malinen
f49b604555 tests: Fix pasn-init fuzz tester build
Change of the wpas_pasn_start() prototype did not update the fuzzer
tool.

Fixes: 309765eb66 ("PASN: Use separate variables for BSSID and peer address")
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-19 17:21:45 +02:00
Jouni Malinen
6cb34798f8 tests: SAE-EXT-KEY, H2E, and rejected groups indication
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-10 21:13:05 +02:00
Jouni Malinen
252729d902 tests: Random MAC address with PMKSA caching
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-10 21:13:05 +02:00
Jouni Malinen
f1f796a39f tests: hostapd dump_msk_file
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-10 21:13:05 +02:00
Jouni Malinen
1e0b7379d6 tests: FT with mobility domain changes
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-09 00:54:41 +02:00
Jouni Malinen
bbe5f0c1eb FT: Do not try to use FT protocol between mobility domains
wpa_supplicant has support for only a single FT key hierarchy and as
such, cannot use more than a single mobility domain at a time. Do not
allow FT protocol to be started if there is a request to reassociate to
a different BSS within the same ESS if that BSS is in a different
mobility domain. This results in the initial mobility domain association
being used whenever moving to another mobility domain.

While it would be possible to add support for multiple FT key hierachies
and multiple mobility domains in theory, there does not yet seem to be
sufficient justification to add the complexity needed for that due to
limited, if any, deployment of such networks. As such, it is simplest to
just prevent these attempts for now and start with a clean initial
mobility domain association.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-09 00:54:41 +02:00
Jouni Malinen
0ccb3b6cf2 tests: External password storage for SAE
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-07 14:02:55 +02:00
Veerendranath Jakkam
08512e5f35 MLD STA: Extend key configuration functions to support Link ID
Add support to specify a Link ID for set key operation for MLO
connection. This does not change the existing uses and only provides the
mechanism for extension in following commits.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-11-06 23:36:49 +02:00
Jouni Malinen
66d7f554e2 tests: Fuzz testing for PASN
Add test tools for fuzzing PASN initiator and responder handling of
received PASN Authentication frames.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-06 17:22:14 +02:00
Jouni Malinen
2e840fb2ab tests: Fix CC and CFLAGS default processing for fuzzing
"make LIBFUZZER=y" was supposed to set CC and CFLAGS to working values
by default if not overridden by something external. That did not seem to
work since the defaults from the other build system components ended up
setting these variables before the checks here. Fix this by replacing
the known default values for non-fuzzing builds.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-06 17:11:47 +02:00
Jeffery Miller
c6f8af507e Add option to disable SAE key_mgmt without PMF
Add the `sae_check_mfp` global option to limit SAE when PMF will
not be selected for the connection.
With this option SAE is avoided when the hardware is not capable
of PMF due to missing ciphers.
With this option SAE is avoided on capable hardware when the AP
does not enable PMF.

Allows falling back to PSK on drivers with the
WPA_DRIVER_FLAGS_SAE capability but do not support the BIP cipher
necessary for PMF. This enables configurations that can fall back
to WPA-PSK and avoid problems associating with APs configured
with `sae_require_mfp=1`.

Useful when `pmf=1` and `sae_check_mfp=1` are enabled and networks
are configured with ieee80211w=3 (default) and key_mgmt="WPA-PSK SAE".
In this configuration if the device is unable to use PMF due to
lacking BIP group ciphers it will avoid SAE and fallback to
WPA-PSK for that connection.

Signed-off-by: Jeffery Miller <jefferymiller@google.com>
2022-11-05 17:48:17 +02:00
Jouni Malinen
a3094ef80d tests: Allow more time for sigma_dut sta_reassoc commands
When these are issued while associated, scanning all channels can take a
significant amount of time. That happened to work for existing test
cases somewhat by accident since the scan was sometimes limited to only
the current operating channel. However, that is now changing and the
following two test cases started failing with the change, so make them
wait longer:
sigma_dut_sae_pw_id_ft sigma_dut_ft_rsnxe_used_mismatch

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-05 13:43:06 +02:00
Shivani Baranwal
ef10a574d6 tests: P2P persistent group formation with extended listen
Add a new P2P persistent group formation, re-invocation, and cancel test
to verify that P2P_EXT_LISTEN is avoided and the scan is performed in
the P2P Client role to find the P2P GO for the ongoing P2P persistent
group formation on the current interface.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2022-11-05 12:17:23 +02:00
Jouni Malinen
ab22b676a5 tests: FT-SAE-EXT-KEY
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-16 17:43:38 +03:00
Jouni Malinen
2e0400061f tests: wpa_supplicant AP mode with pmf=1/2
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-10 12:34:04 +03:00
Jouni Malinen
97104a6588 tests: Clear sae_groups when SAE could be used
This makes sigma_dut_ap_dpp_qr* test cases with SAE more robust by
avoiding unexpected behavior. This was found with the following test
sequence:
mesh_sae_anti_clogging sigma_dut_ap_dpp_qr_sae

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-07 20:59:34 +03:00
Jouni Malinen
db46138de4 tests: sigma_dut DPP reconfiguration using SAE (Enrollee)
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-07 19:44:48 +03:00
Jouni Malinen
5007766d78 tests: Clear vendor elements at the end of wpas_ap_vendor_elems
This is needed to avoid surprises in the following test cases. This was
found with a failure in the following test sequence:
wpas_ap_vendor_elems p2p_ext_discovery_go

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-05 00:22:52 +03:00
Jouni Malinen
56321c0ac2 tests: Make sigma_dut_dpp_qr_mutual_resp_enrollee_connector_privacy more robust
Clear the dpp_connector_privacy_default parameter value that sigma_dut
set in wpa_supplicant at the end of the test case to avoid surprising
behavior for the following test cases. This was found with a failure in
the following test sequence:
sigma_dut_dpp_qr_mutual_resp_enrollee_connector_privacy
sigma_dut_dpp_proto_peer_disc_req

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-05 00:22:27 +03:00
Jouni Malinen
ca94fd70c8 tests: sigma_dut and DPP AP provisioning with SAE
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-03 19:20:21 +03:00
Jouni Malinen
14cc63295e tests: DPP AP configuration for SAE-only
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-03 12:34:16 +03:00
Jouni Malinen
6ef455db67 tests: Automatic channel selection and 2.4 GHz channel 14
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-23 00:25:24 +03:00
Jouni Malinen
f47d378cea tests: P2P and avoid frequencies preventing 80 MHz on channel 149"
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-23 00:12:33 +03:00
Johannes Berg
c52ec086da tests: hwsim: Search for UBSAN in kernel messages
If UBSAN is enabled, flag errors from it.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2022-09-16 21:39:44 +03:00
Johannes Berg
550ab94e83 tests: vm: Simplify parameter passing
Since the kernel  actually passes the command-line parameters
as environment variables to the init script, there's no need
to parse them out of /proc/cmdline.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2022-09-16 21:28:23 +03:00
Johannes Berg
6f90aa5a63 tests: hwsim: Allow configuring MODULEDIR
It can be useful to configure a different module directory, so you don't
need to install the kernel modules in the host /lib/modules/ location.
Allow configuring it in the config file.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2022-09-16 21:16:10 +03:00
Johannes Berg
6f844fa787 tests: Reload correct regdb if possible/needed
If cfg80211 is built into the kernel, then it may/will have
loaded the regdb before we mount our own /lib/firmware. This
may result in using the wrong regulatory data. Fix this by
using iw to reload the regdb after mounting it.

Fixes: a29c2399a7 ("tests: Add regulatory database to VMs")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2022-09-16 21:13:20 +03:00
Jouni Malinen
a01266c925 tests: sigma_dut and EAP-AKA with imsiPrivacyCertID
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-14 20:31:55 +03:00
Jouni Malinen
01e7acc747 tests: DPP push button and unsupported AP configuration
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-08-27 00:51:25 +03:00
Jouni Malinen
05d3681f3e tests: Skip sigma_dut_dpp_tcp_configurator_init_mutual_unsupported_curve if needed
The part about checking the supported curves from the peer depends on
CONFIG_DPP3 and this test case needs to be skipped without that.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-08-26 17:27:45 +03:00
Jouni Malinen
d6e790e209 tests: DPP PB channel changes
Prepare for an implementation change for the PB discovery channel list.
Move the standlone (not an AP) PB Configurators to a preferred channel
and enable Configurator connectivity indication in APs that act as PB
Configurators.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-08-25 15:59:13 +03:00
Jouni Malinen
d68946d510 tests: sigma_dut and DPP push button first on Enrollee
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-08-23 18:56:17 +03:00
Jouni Malinen
b704dc72ef tests: sigma_dut and updated ConfResult value for Configurator failures
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-29 18:56:49 +03:00
Jouni Malinen
10104915af tests: sigma_dut and DPP PB session overlap
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-28 21:17:15 +03:00
Jouni Malinen
8adcdd6593 tests: Temporary workaround for dpp_chirp_ap_5g
Configurator station seems to be unable to get the first Authentication
Request frame transmitted through mac80211_hwsim for some reason. It is
not really clear why this happens and why it started happening now, but
as a temporary workaround, wait a second here since that seems to avoid
this for some unknown reason.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-28 17:58:01 +03:00
Jouni Malinen
ddcd15c2de tests: Fix fuzzing/sae build
sae.c depends on wpa_common.c now and as such, this test build needs to
pull in whatever is needed there and that happens to include sha1-prf.c.
Add that to the fuzzer to fix the build.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-28 17:08:11 +03:00
Jouni Malinen
7fa67861ae tests: Fix p2p_channel_avoid3
This test case assumed that the p2p_pref_chan 128:44 parameter would
have resulted in channel 44 (5220 MHz) being selected. That does not
work anymore since that channel was marked to require DFS/radar
detection in regdb. Fix the text case by changing to use another country
with rules that match the test case expectations.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-28 16:56:21 +03:00
Jouni Malinen
ee3567d659 tests: Add more time for scan/connection
It looks like some test cases could fail due to timeouts since the 10
second wait may not be sufficient to cover some cases where 6 GHz
channels get scanned. Increase the timeouts to avoid hitting such cases.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-28 16:41:23 +03:00
Jouni Malinen
ac9e6a2ab3 tests: Allow 6 GHz opclasses in MBO checks
It looks like the host update of regulatory information can still get
through somehow, so add alternative expected values for the supported
operating classes for cases where 6 GHz frequencies were added recently.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-28 16:39:41 +03:00
Jouni Malinen
e7cbfa1c12 tests: sigma_dut and DPP Enrollee unsupported curves
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-28 11:22:44 +03:00
Jouni Malinen
ceae05cec2 tests: sigma_dut and DPP MUDURL setting for hostapd
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-27 13:43:58 +03:00
Jouni Malinen
2a9a61d6cd tests: SAE with extended key AKM
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-25 11:12:11 +03:00
Jouni Malinen
e35f6ed1d4 tests: More detailed report on SAE PMKSA caching error case
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-25 00:31:51 +03:00
Jouni Malinen
35587fa8f3 tests: DPP Controller/Relay with need to discover Controller
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-25 00:23:31 +03:00
Jouni Malinen
ca7892e98f tests: DPP Relay and adding/removing connection to a Controller
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-25 00:23:31 +03:00
Jouni Malinen
ff7cc1d490 tests: DPP Relay and dynamic Controller addition
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-23 16:58:00 +03:00
Jouni Malinen
b607d2723e tests: sigma_dut and DPP PB Configurator in wpa_supplicant
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-22 12:39:58 +03:00
Jouni Malinen
b94e46bc71 tests: PB Configurator in wpa_supplicant
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-22 12:27:24 +03:00
Jouni Malinen
ca4e82cbfe tests: sigma_dut DPP/PKEX initiator as Configurator over TCP and Wi-Fi
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-21 20:32:32 +03:00
Jouni Malinen
dfa9183b11 tests: DPP reconfig after Controller-initiated operation through Relay
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-21 13:16:26 +03:00
Jouni Malinen
17216b5242 tests: sigma_dut DPP/PKEX initiator as Configurator (TCP) through Relay
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-19 23:28:33 +03:00
Jouni Malinen
d86ed5b72b tests: Allow DPP_PKEX_REMOVE success in dpp_pkex_hostapd_errors
This is in preparation to allow the implementation in hostapd to be
changed to accept removal of PKEX information without indicating an
error after it have been automatically removed at the successful
completion of PKEX.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-19 23:28:33 +03:00
Jouni Malinen
0a4f391b1c tests: sigma_dut and DPP Connector Privacy
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-19 00:14:41 +03:00
Jouni Malinen
7d12871ba0 test: DPP Private Peer Introduction protocol
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-19 00:14:41 +03:00
Jouni Malinen
f2bb0839fb test: DPP 3rd party config information
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-16 17:22:23 +03:00
Jouni Malinen
004b1ff47a tests: DPP Controller initiating through Relay
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-09 13:09:04 +03:00
Jouni Malinen
248654d36b tests: sigma_dut DPP PB test cases
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-08 14:26:56 +03:00
Jouni Malinen
697b7d7ec7 tests: DPP push button
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-08 00:14:06 +03:00
Jouni Malinen
92f5499010 tests: Remove the 80+80 vs. 160 part from wpa2_ocv_ap_vht160_mismatch
This started failing with the OCV implementation change to ignore the
second segment when using a 160 MHz channel.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-06-16 20:31:45 +03:00
Jouni Malinen
c580c2aecd tests: Make OCV negative test error cases more robust
Try to avoid an exception while processing an exception that indicates
the test case failed. Explicit DISCONNECT command here can avoid the
undesired FAIL-BUSY from cleanup SCAN.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-06-16 20:26:11 +03:00
Jouni Malinen
b092d8ee63 tests: imsi_privacy_attr
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-25 20:19:52 +03:00
Jouni Malinen
1004fb7ee4 tests: Testing functionality to discard DPP Public Action frames
This can be used to make sure wpa_supplicant does not process DPP
messages sent in Public Action frames when a test setup is targeting
DPP-over-TCP.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-24 23:30:39 +03:00
Jouni Malinen
3550696160 tests: Add forgotten files for expired IMSI privacy cert tests
Fixes: 426932f061 ("tests: EAP-AKA and expired imsi_privacy_key")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-24 21:16:36 +03:00
Jouni Malinen
b9a222cdd7 tests: sigma_dut and DPP curve-from-URI special functionality
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-24 12:49:27 +03:00
Jouni Malinen
fa36e7ee48 tests: sigma_dut controlled STA and EAP-AKA parameters
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-24 00:44:03 +03:00
Jouni Malinen
99165cc4b0 Rename wpa_supplicant imsi_privacy_key configuration parameter
Use imsi_privacy_cert as the name of the configuration parameter for the
X.509v3 certificate that contains the RSA public key needed for IMSI
privacy. The only allowed format for this information is a PEM-encoded
X.509 certificate, so the previous name was somewhat confusing.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-24 00:44:03 +03:00
Jouni Malinen
dde7f90a41 tests: Update VM setup example to use Ubuntu 22.04 and UML
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-24 00:34:08 +03:00
Jouni Malinen
426932f061 tests: EAP-AKA and expired imsi_privacy_key
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-24 00:34:08 +03:00
Johannes Berg
39e6623082 tests: Work around reentrant logging issues due to __del__ misuse
Unfortunately, some objects (WlantestCapture, WpaSupplicant
and wpaspy.Ctrl) use __del__ and actually have some logic
there. This is more or less wrong, and we should be using
context managers for it. However, cleaning that up is a
pretty large task.

Unfortunately, __del__ can cause reentrant logging which is
wrong too, because it might be invoked while in the middle
of a logging call, and the __del__ of these objects closes
connections and logs while doing that.

Since we're (likely) using cpython, we can work around this
by explicitly calling gc.collect() in a context where the
logging and close is fine, not only ensuring that all the
connections are closed properly before the next test, but
also fixing the issue with reentrant logging.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2022-05-22 11:46:57 +03:00
Jouni Malinen
72641f924e tests: Clean up failed test list in parallel-vm.py
Instead of printing a very long line of the failed tests, print the test
case names on separate lines up to the number of available lines at the
bottom of the screen. This avoids some issues with curses and overlong
lines. Furthermore, display the last failed test cases instead of
somewhat confusing sequence of test case names from the VMs.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-22 11:43:38 +03:00
Jouni Malinen
e36a7c7940 tests: Support pycryptodome
This is a drop-in replacement for pycrypto and the only version that is
now available in Ubuntu 22.04.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-22 11:08:59 +03:00
Jouni Malinen
a44744d3bb tests: Set ECB mode for AES explicitly to work with cryptodome
AES.new() needs the mode to be set explicitly.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-22 11:08:23 +03:00
Jouni Malinen
e90ea900a9 tests: sigma_dut DPP TCP Configurator as initiator with addr from URI
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-19 22:54:44 +03:00
Jouni Malinen
e58dabbcfb tests: DPP URI with host info
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-19 17:55:25 +03:00
Jouni Malinen
7173992b96 tests: Flush scan table in ap_wps_priority to make it more robust
This test case could fail if there was an old BSS entry from a previous
test case in the scan results.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-16 19:09:23 +03:00
Jouni Malinen
b9313e17e8 tests: Update ap_wpa2_psk_ext_delayed_ptk_rekey to match implementation
This test case was checking the exact key info bits in EAPOL-Key frames
during PTK rekeying as such, needs to be updated to match the
implementation change on the Secure bit setting.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-16 19:06:47 +03:00
Jouni Malinen
d2ce1b4d6c tests: Wait for request before responding in dscp_response
There was a possible race condition here between the hostapd request
transmission and wpa_supplicant response command. Wait for the
wpa_supplicant event that indicates reception of the request before
issuing the DSCP_RESP command to avoid failures.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-09 11:45:33 +03:00
Ilan Peer
95f4935739 tests: Add coverage for testing disabling collocated 6 GHz scan
Extend 'scan' test to cover 'non_coloc_6ghz' parsing.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2022-05-07 21:37:08 +03:00
Jouni Malinen
29dcebea70 tests: WPA2-EAP AP with PMF and EAP frame injection
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-07 21:37:08 +03:00
Jouni Malinen
18c0ac8901 Provide information about the encryption status of received EAPOL frames
This information was already available from the nl80211 control port RX
path, but it was not provided to upper layers within wpa_supplicant and
hostapd. It can be helpful, so parse the information from the driver
event.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-07 21:37:03 +03:00
Jouni Malinen
8bbd62afe4 tests: PMF and EAPOL-Key msg 1/4 injection
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-07 18:54:09 +03:00
Jouni Malinen
f8967ece23 tests: Do not require disconnection in ap_wpa2_psk_supp_proto_msg_1_invalid_kde
The wpa_supplicant implementation for this functionality is going to be
changed to not require disconnection, so prepare the test case to not
fail.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-07 18:54:09 +03:00
Jouni Malinen
4f0cff704b tests: WPA2-PSK with PMF and Association Request frame injection
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-07 18:54:09 +03:00
Veerendranath Jakkam
9d07b9447e tests: EHT open connection
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-05-05 13:26:05 +03:00
Juliusz Sosinowicz
3890fa5031 tests: Enable additional TLS test cases with wolfSSL
Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2022-05-01 17:27:11 +03:00
Juliusz Sosinowicz
b3333a9f4c tests: Add a note for wolfSSL testing with Brainpool curves
Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2022-05-01 17:02:31 +03:00
Jouni Malinen
924fa4c5d9 tests: IMSI privacy with imsi_privacy_key on peer
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-01 16:25:16 +03:00
Jouni Malinen
9dd2ea5368 tests: IMSI privacy with imsi_identity
Add RSA public key (in an X.509v3 certificate) and private key for IMSI
privacy. These were generated with
openssl req -new -x509 -sha256 -newkey rsa:2048 -nodes -days 7500 \
	-keyout imsi-privacy-key.pem -out imsi-privacy-cert.pem

Test the case where wpa_supplicant side RSA-OAEP operation for IMSI
privacy is done in an external component while the hostapd (EAP server)
processing of the encrypted identity is internal.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-01 16:25:16 +03:00
Jouni Malinen
894b0a120f tests: HE with 20 MHz channel width on 6 GHz
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-04-29 11:19:43 +03:00
Jouni Malinen
794011d465 tests: Update regulatory database to VMs
Update the wireless-regdb database to the wireless-regdb.git version of
2022-04-08.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-04-29 11:19:43 +03:00
Jouni Malinen
b5b5a3951a tests: MBO and dynamic association disallowed change with passive scanning
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-24 12:12:21 +03:00
Jouni Malinen
387b341ead tests: Fix SAE-PK capability checks for sigma_dut test cases
These were testing only of SAE, not SAE-PK capability, and needs to be
skipped in SAE-PK is not included in the build.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-18 11:20:33 +03:00
Jouni Malinen
cc821f1c32 tests: Check DPP in build for couple of missing cases
These test cases need to be skipped in DPP is not included in the build.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-18 11:11:29 +03:00
Juliusz Sosinowicz
af052e6e11 tests: Include additional tests for wolfSSL builds
Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2022-04-17 22:02:55 +03:00
Juliusz Sosinowicz
1cda3e76fc tests: Include EAP-pwd for wolfSSL builds
Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2022-04-17 22:02:55 +03:00
Johannes Berg
2f336ca580 tests: Pretend the RNG is initialized withinthe VM
We don't particularly care about the quality of random numbers
during the test. So far, there hasn't been an issue with the
RNG not being initialized completely, we only get a few prints
about uninitialized reads from urandom. However, if some tool
were to actually use /dev/random, it might get stuck. Call the
RNDADDTOENTCNT ioctl to unblock this.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2022-04-16 16:51:54 +03:00
Jouni Malinen
698c05da2b tests: Update server and user certificates (2022)
The previous versions are going to be expiring soon, so need to re-sign
these to avoid EAP test case failures. This contains updates from
running tests/hwsim/auth_server/update.sh.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-16 13:22:16 +03:00
Jouni Malinen
86877bbc32 tests: Remove unused DH file from TLS client fuzzer
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-15 23:42:15 +03:00
Jouni Malinen
b08d100de6 tests: Remove test cases for wpa_supplicant dh_file parameter
This parameter has no impact to TLS client functionality, so these is
not really any point to maintain these test cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-15 23:42:15 +03:00
Jouni Malinen
6c9e76e58a tests: Fix ap_wpa2_eap_fast_eap_vendor to check EAP-FAST support in build
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-15 13:49:19 +03:00
Jouni Malinen
e9078209c4 tests: Use group 20 instead of 25 in some SAE test cases
BoringSSL does not support group 25, so replace these cases with a
supported group 20 to meet the real testing need here.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-15 13:47:58 +03:00
Jouni Malinen
ae301fd37a tests: Skip sigma_dut_suite_b_rsa DHE case with BoringSSL
BoringSSL is known not to support this option, so skip it to allow rest
of the test case to be performed without known failures.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-15 13:43:30 +03:00
Jouni Malinen
26dd47f1d1 tests: Skip sae_pwe_group_25 with BoringSSL
BoringSSL does not support this 192-bit EC group, so do not try to run
the test case that is known to fail.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-15 13:36:35 +03:00
Jouni Malinen
3f94dcdd1a tests: Build with LibreSSL 3.4
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-15 13:00:26 +03:00
Jouni Malinen
364022ddef tests: sigma_dut DPP URI curves list override
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-04-14 17:06:02 +03:00
Jouni Malinen
339aef0980 tests: DPP URI supported curves
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-04-14 16:59:15 +03:00
Jouni Malinen
73b41762d0 tests: Fetch commitid on the host when running tests in a VM
git has started rejecting repositories owned by other users and refusing
to run the "git rev-parse HEAD" command in this type of cases. That
resulted in issues with the VM testing model where the VM is practically
running everything as root while the host is a normal development
environment and likely a non-root user owned files.

Fix this by fetching the commitid on the host and pass it to the VM so
that no git operations need to be run within the VM itself.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-04-14 11:59:22 +03:00
Jouni Malinen
58701128e8 tests: Handle git rev-parse failures more robustly
Do not add the --commit argument if the current git commitid cannot be
determined. This prevents complete failure to run the tests if the git
command cannot be used for some reason (like a recent change that
stopped allowing root user within the VM from running the git operation
for the case where the host system uses non-root account).

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-04-14 11:50:41 +03:00
Jouni Malinen
658296ea5b tests: Use build_beacon_request() to make beacon request more readable
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-09 19:37:58 +03:00
Jouni Malinen
060a522576 tests: Beacon request - active scan mode and NO_IR channel
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-09 19:17:00 +03:00
Jouni Malinen
7310995d87 tests: EAP-TLSv1.3 with OCSP stapling
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-04-07 00:47:31 +03:00
Jouni Malinen
1ba0043034 tests: EAP-TLSv1.3 and fragmentation
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-04-07 00:47:31 +03:00
Jouni Malinen
202842b8b3 tests: EAP-TLSv1.3 and missing protected success indication
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-04-07 00:45:40 +03:00
Jouni Malinen
e955998220 tests: WPA2-PSK AP and GTK rekey failing with one STA
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-04-05 17:25:24 +03:00
Jouni Malinen
b1cc775cf3 tests: Opportunistic Wireless Encryption - duplicated association attempt
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-02 17:52:50 +03:00
Jouni Malinen
1a630283db tests: wpa_psk_radius=3
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-02 17:52:50 +03:00
Jouni Malinen
1fb907a684 tests: wpa_supplicant AP mode - ACL management
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-03-24 23:22:42 +02:00
Jouni Malinen
b37bbcc390 tests: Clear country configuration at the end of wpas_ap_async_fail
This was causing a failure in the following sequence:
wpas_ap_async_fail wpas_ctrl_country

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-03-13 18:26:45 +02:00
Jouni Malinen
7f661f942d tests: Make DPP relay tests more robust
Flush scan results to avoid failure caused by incorrect channel
selection based on an old result for the same BSSID. This was found with
the following test sequence:
ap_track_sta_no_auth dpp_network_intro_version_missing_req dpp_controller_relay_pkex

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-03-13 18:26:45 +02:00
Jouni Malinen
7c8fcd6baf tests: Fix sigma_dut_cmd() processing for the return value
The first sock.recv() may return both the status,RUNNING and the
following status line if the sigma_dut process ends up being faster in
writing the result than the test script is in reading the result. This
resulted in unexpected behavior and odd error messages when parsing the
result in the test cases. Fix this by dropping the status,RUNNING line
from the result in case the buffer includes multiple lines.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-03-12 19:00:36 +02:00
Jouni Malinen
0c51cf624c tests: sigma_dut DPP Configurator (MUD URL, NAK change)
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-03-10 18:29:34 +02:00