Commit graph

333 commits

Author SHA1 Message Date
Jouni Malinen
e6edadba86 tests: ap_wpa2_eap_too_many_roundtrips to use shorter fragment
This is needed with the increased maximum EAP round limit since the
server side sends out longer messages in this exchange and that prevent
the short message limit from being reached.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-18 17:46:34 +03:00
Jouni Malinen
8315c1ef5b tests: Vendor EAP method in Phase 2
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-17 16:18:33 +03:00
Jouni Malinen
b02f0f88fb tests: TOD-TOFU policy reporting
Also rename the previously added test case to use the TOD-STRICT name
for the earlier policy OID.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-16 16:40:36 +03:00
Jouni Malinen
6379bd6acf tests: Server checking CRL with check_crl_strict=0
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-11 16:37:48 +03:00
Jouni Malinen
ce30a79a14 tests: private_key_passwd2 in hostapd configuration
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-11 16:37:48 +03:00
Jouni Malinen
3bfa7f798b tests: Additional tls_flags coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-10 17:22:32 +03:00
Jouni Malinen
3948417305 tests: Additional EAP-GPSK local error case coverage
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-07 00:04:45 +03:00
Jouni Malinen
938c6e7b3d tests: Wait for AP-STA-CONNECT before running connectivity test
When going through 4-way handshake, the station side reports
CTRL-EVENT-CONNECTED after having sent out EAPOL-Key msg 4/4. The AP
side reports AP-STA-CONNECT after having completed processing of this
frame. Especially when using UML with time travel, it is possible for
the connectivity test to be started before the AP side has configured
the pairwise TK if the test is triggered based on CTRL-EVENT-CONNECTED
instead of AP-STA-CONNECT.

Add explicit wait for AP-STA-CONNECT in some of these cases to reduce
likelihood of reporting failures for test cases that are actually
behaving as expected. This shows up with "dev1->dev2 unicast data
delivery failed" in the test log.

Do the same before requesting reauthentication from the station side
since that has a similar issue with the EAPOL-Start frame getting
encrypted before the AP is ready for it.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-05 00:10:32 +03:00
Jouni Malinen
bef411a91b tests: hostapd eap_sim_id options
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-01 10:46:07 +03:00
Jouni Malinen
14b408c04c tests: Remove testing of EAP-pwd with Brainpool curves
This is in preparation of marking groups using Brainpool curves disabled
for SAE and EAP-pwd.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-07-27 23:36:27 +03:00
Jouni Malinen
036fc6bdbd tests: Disabled EAP-pwd group
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-07-23 13:31:50 +03:00
Jouni Malinen
1c63a1c4c6 tests: Prepare EAP-pwd test cases for allowed group configuration
Enable all supported groups in the existing ap_wpa2_eap_pwd_groups and
ap_wpa2_eap_pwd_invalid_group test cases to maintain current testing
functionality once wpa_supplicant is modified to use a different default
for the enabled groups.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-07-23 13:15:23 +03:00
Jouni Malinen
4ff0b909a9 tests: EAP-TLS and both RSA and EC sertificates certificates
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-07-12 18:13:10 +03:00
Jouni Malinen
f185715c59 tests: EAP-TLS and TLS 1.3 (EC certificates)
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-07-11 16:10:43 +03:00
Jouni Malinen
1363fdb283 tests: EAP-TLS server certificate validation and TOD
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-14 23:10:50 +03:00
Jouni Malinen
f50187a64c tests: EAP-SIM with external GSM auth and anonymous identity
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-31 16:52:15 +03:00
Jouni Malinen
73dbcd7951 tests: Make pmksa_cache_preauth_auto more robust
It is fine for the station to associate with either AP in this test
case, so do not force AP side connection check with apdev[0].

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-28 17:14:33 +03:00
Jouni Malinen
2a0db3eb5d tests: PEM encoded ca_cert blob
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-28 13:47:15 +03:00
Jouni Malinen
f19c56e383 tests: Fix ap_wpa2_eap_status loop with UML time-travel=inf-cpu
Busy loop for waiting is not going to work with time-travel=inf-cpu, so
need to something a bit more explicit to wait for the wpa_supplicant
process to proceed while not fully breaking the idea of this test case
to iteration through large number of STATUS-VERBOSE commands to hit
different states.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-27 22:43:07 +03:00
Jouni Malinen
c7c267fa51 tests: EAP-pwd rejection of groups 25, 26, and 27
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-13 18:28:05 +03:00
Jouni Malinen
caf4d1c979 tests: Remove testing of EAP-pwd groups 25, 26, and 27
This is in preparation of disallowing all use of these groups. Negative
test case for the groups will be added in a separate commit after the
implementation has been changed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-13 18:28:05 +03:00
Jouni Malinen
e8d8f4b680 tests: EAP-EKE rejection of unsupported DH groups 2 and 5
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-13 12:20:24 +03:00
Jouni Malinen
e01a492caa tests: Helper function for DISCONNECT + ABORT_SCAN + wait
Use a helper function to perform this common sequence to disconnect and
stop any possibly started reconnection attempt.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-03-17 17:58:33 +02:00
Jouni Malinen
fab49f6145 tests: Python coding style cleanup (pylint3 bad-whitespace)
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-16 18:52:09 +02:00
Jouni Malinen
8cfc758827 tests: Make ap_wpa2_eap_peap_params more robust
One of the steps that expected failure due to PMKID mismatch did not
stop connection attempts. This could result in the following test step
failing due to the previous profile with peaplabel=1 getting used to
derive the MSK incorrectly.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-15 13:51:55 +02:00
Jouni Malinen
f4f17e9aa1 tests: check_cert_subject
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-11 14:09:45 +02:00
Jouni Malinen
836f0ddac1 tests: EAP-PEAP/EAP-GTC
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-15 12:03:45 +02:00
Jouni Malinen
6447b87400 tests: EAP-TLS and TLS 1.3
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-10 01:43:50 +02:00
Jouni Malinen
cdc23db2a6 tests: PEAP/GTC key lifetime in memory
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-05 23:34:30 +02:00
Jouni Malinen
06faf9e40b tests: Support python3 in multi-ocsp test cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-05 03:04:56 +02:00
Jouni Malinen
b3361e5dc9 tests: Explicit str/bytes conversion for key_lifetime_in_memory
This is needed for python3.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-04 12:26:34 +02:00
Masashi Honma
54c58f29c0 tests: Replace str.encode('hex') with binascii.hexlify() for python3
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-04 12:26:34 +02:00
Masashi Honma
d5e6ffd661 tests: Decode subprocess.check_output() return value for python3
Explicit conversion to str is needed here for python3 compatibility.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-02-04 12:26:33 +02:00
Masashi Honma
cc02ce96cf tests: Explicit str/bytes conversion for socket operations for python3
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-04 12:26:33 +02:00
Masashi Honma
04fa9fc7fd tests: Decode Popen() output values for python3
Explicit conversion to str is needed here for python3 compatibility.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-02-04 12:26:33 +02:00
Masashi Honma
9c06eda01c tests: Use python3 compatible libraries
This patch is made by using 2to3 command with some modifications.

$ find . -name *.py | xargs 2to3 -f imports -w -n

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-02-02 12:03:04 +02:00
Masashi Honma
bc664dfc09 tests: python3 requires a raw string due to the backslash
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-02-02 11:35:05 +02:00
Jouni Malinen
a18d58f47c tests: EAP-TLS and server reloading CRL from ca_cert
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-01-27 18:48:16 +02:00
Masashi Honma
bab493b904 tests: Use python3 compatible "except" statement
This patch is made by using 2to3 command.

$ find . -name *.py | xargs 2to3 -f except -w -n

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-01-26 12:11:35 +02:00
Jouni Malinen
67e34a284a tests: OpenSSL systemwide policy and overrides
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-01-05 17:14:26 +02:00
Jouni Malinen
720a2e7906 tests: Data connectivity after REAUTHENTICATE
Verify that not updating GTK (i.e., only update PTK) in the driver does
not break connectivity. This case is different after the check for
"already in-use GTK" and rejection of GTK reinstallation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-01-02 12:28:16 +02:00
Jouni Malinen
fb643190dc tests: dot1xAuthSessionUserName
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-01-01 21:29:25 +02:00
Jouni Malinen
1dd66fc103 tests: Update server and user certificates (2018)
The previous versions expired, so need to re-sign these to fix number of
the EAP test cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-10-04 01:16:55 +03:00
Jouni Malinen
5e597ed9f0 tests: EAP-pwd with salted passwords
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-05-28 22:15:20 +03:00
Jouni Malinen
6bf7a54754 tests: Brainpool curves in ap_wpa2_eap_pwd_groups with OpenSSL 1.1.x
The OpenSSL version check should not have been limited to 1.0.2 only.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-05-17 22:03:25 +03:00
Jouni Malinen
585e728a5c tests: Skip OCSP tests with wolfSSL
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-05-02 13:32:51 +03:00
Sean Parkinson
f08362e9ce tests: Use same certificates as used for GnuTLS with wolfSSL
Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2018-05-02 00:37:57 +03:00
Jouni Malinen
832b736fb2 tests: Add TLS v1.3 into ap_wpa2_eap_tls_versions
When running with OpenSSL 1.1.1, verify that EAP-TLS can be used with
TLS v1.3.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-05-01 22:13:38 +03:00
Jouni Malinen
0d34c13a72 tests: Ignore openssl_cipher_suite_config_hapd failure (OpenSSL 1.1.1)
It looks like OpenSSL 1.1.1 accepted the openssl_ciphers=FOO test
configuration or well, at least does not reject it like previous
versions did. For now, ignore this failure.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-05-01 22:13:38 +03:00
Jouni Malinen
a61ee84d0c tests: Fix ap_wpa2_eap_fast_cipher_suites with OpenSSL 1.1.1
RC4-SHA cipher case ended up allowing the handshake to be started just
to fail with "no ciphers available" when trying to generate ClientHello.
Fix this by handling an EAP failure case for the RC4-SHA test step with
OpenSSL 1.1.*.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-05-01 13:23:25 +03:00
Jouni Malinen
5a30fcf573 tests: EAP-ERROR-CODE
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-03-31 12:02:25 +03:00
Jouni Malinen
c9aba19bd3 tests: WPA2-Enterprise connection using EAP-PSK after MAC address change
This is a regression test for a sequence where wpa_supplicant interface
MAC address is changed externally and the ifdown-ifup sequence is
processed only after the interface has already been set UP.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-03-30 12:16:49 +03:00
Sean Parkinson
d8003dcba2 tests: Add support for wolfSSL cryptographic library
Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2018-03-03 11:52:40 +02:00
Sean Parkinson
ff7affcc77 tests: Check PKCS#12 support in additional test cases
These test cases use PKCS#12, so skip them if the build does not include
support for it.

Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2018-03-03 11:52:40 +02:00
Sean Parkinson
ead550b9dd tests: Verify MSCHAPV2 support in eap_peap_session_resumption
This test case uses EAP-MSCHAPv2 within the PEAP tunnel, so verify that
the build includes support for that before running the test.

Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2018-03-03 11:52:40 +02:00
Jouni Malinen
80ad068001 tests: Update ap_wpa2_eap_assoc_rsn to match implementation change
This covers the new status code for group management cipher mismatch.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-01-12 02:08:39 +02:00
Jouni Malinen
b4635f0a61 tests: GnuTLS configuration of intermediate CA certificate
GnuTLS seems to require the intermediate CA certificate to be included
both in the ca_cert and client_cert file for the cases of server and
client certificates using different intermediate CA certificates. Use
the user_and_ica.pem file with GnuTLS builds and reorder the
certificates in that file to make this work with GnuTLS.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-29 12:01:22 +02:00
Jouni Malinen
2d9ad634c8 tests: Skip eap_tls_pkcs8_pkcs5_v15 with GnuTLS
It looks like this private key format is not supported in GnuTLS (tested
with version 3.4.10).

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-28 22:33:12 +02:00
Jouni Malinen
9626bfbb8d tests: Skip ap_wpa2_eap_fast_eap_sim if no EAP-FAST support
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-11-18 17:50:08 +02:00
Jouni Malinen
41d5af5544 tests: ap_wpa2_eap_tls_versions to test TLSv1.2 with OpenSSL 1.1
Change the test condition from "is OpenSSL 1.0.2" to "is not OpenSSL
1.0.1", so that the TLSv1.2 test step gets executed with OpenSSL 1.0.2
and 1.1 (and newer).

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-30 12:08:19 +02:00
Jouni Malinen
b74f82a4f8 tests: Comment out during-association TK-in-memory checks
TK needs to be maintained in memory for additional testing
functionality, so for now, comment out these checks.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-16 17:43:10 +03:00
Jouni Malinen
6db556b21d tests: Allow wpa_supplicant to maintain GTK in memory during association
This is needed to allow GTK configuration triggers to verify whether the
key has changed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-16 02:03:47 +03:00
Jouni Malinen
0ba13e8613 tests: Update server and user certificates (2017)
The previous versions expired, so need to re-sign these to fix number of
the EAP test cases. In addition, add a shell script (update.sh) and the
needed CA files to automate this full update process.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-01 18:47:02 +03:00
Jouni Malinen
b99d62c735 tests: Remove forgotten print from ap_wpa2_eap_sim_zero_db_timeout
This was supposed to be used during development testing only.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-09-10 02:15:05 +03:00
Jouni Malinen
c25aada9ec tests: EAP-AKA' with external UMTS auth to hit Synchronization-Failure
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-09-10 01:39:37 +03:00
Jouni Malinen
0a0c4dc1d7 tests: Use a domain name in the identity for get_emsk OOM tests
These test cases depend on ERP processing to reach the get_emsk handler
function. Since ERP really needs the realm to derive a proper
keyName-NAI, modify these test cases to pass the realm part in the
identity to allow error checking to be introduced for rejecting ERP
cases where the realm is not available.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-05-22 13:51:07 +03:00
Jouni Malinen
b7288e5d32 tests: OCSP test coverage with SHA-1 hash
The previous fix to the OCSP request construction ended up finally
moving from SHA-1 -based hash to SHA-256 for OCSP test cases. To
maintain coverage for SHA-1, add cloned versions of the two test cases
so that both SHA-256 and SHA-1 cases get covered.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-05-09 23:41:50 +03:00
Johannes Berg
d40d959e48 tests: Fix openssl ocsp command and check for errors
Fix the openssl ocsp command line and check if it returns an error - so
that instead of having something unusable later we error out
immediately. Moving the -sha256 argument earlier fixes hash function use
for the OCSP request generation (the old version used SHA-1).

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2017-05-09 23:36:36 +03:00
Jouni Malinen
8a303f09a2 tests: EAP-AKA within EAP-TTLS/PEAP/FAST tunnel and reauth
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-10 19:48:12 +02:00
Jouni Malinen
f22bc11846 tests: EAP-SIM tunneled within EAP-TTLS/PEAP/FAST
This verifies both the internal and external GSM authentication
operation when EAP-SIM is tunneled within EAP-TTLS/PEAP/FAST.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-10 19:48:12 +02:00
Jouni Malinen
a821797219 tests: WPA2-Enterprise using EAP-SIM with zero database timeout
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-28 18:43:33 +02:00
Jouni Malinen
4c62638234 tests: EAP-FAST and provisioning options
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-28 18:43:33 +02:00
Jouni Malinen
db98b58736 tests: Remove trailing whitespace
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-28 14:31:42 +02:00
Jouni Malinen
969e525091 tests: Skip eap_tls_pkcs8_pkcs5_v15 with BoringSSL
It does not look like BoringSSL allows pbeWithMD5AndDES-CBC to be used
to protect the local private key, so skip this test case.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-21 12:31:20 +02:00
Jouni Malinen
677c2283e7 tests: Update eap_proto_psk_errors and ap_wpa2_eap_psk_oom
The extension of aes_128_ctr_encrypt() to allow AES-192 and AES-256 to
be used in addition to AES-128 for CTR mode encryption resulted in the
backtrace for the function calls changing. Update the test cases that
started failing due to that change.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 20:27:31 +03:00
Jouni Malinen
5b71cb552b tests: Update server and user certificates (2015)
The previous versions expired, so need to re-sign these to fix number of
the EAP test cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-09-30 22:45:03 +03:00
Jouni Malinen
78d2233f01 tests: Fix ap_wpa2_eap_too_many_roundtrips with OpenSSL 1.1.0
Use a smaller fragment_size to force the roundtrip limit to be reached
with OpenSSL 1.1.0 which seemed to result in a bit shorter TLS messages
being used and being able to complete the authentication successfully
with the previously used fragment_size value.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-07-15 13:30:57 +03:00
Jouni Malinen
2833743d4c tests: WPA2-Enterprise connection using EAP-GPSK and wildcard SSID
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-19 22:41:23 +03:00
Jouni Malinen
90b4c73fdf tests: Fix ap_wpa2_eap_fast_prf_oom with the updated PRF implementation
This is needed to work with the tls_openssl.c changes that renamed the
function that is used for deriving the EAP-FAST keys.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-23 20:40:14 +03:00
Janusz Dziedzic
6f334bf7a0 tests: Use hapd from hostapd.add_ap()
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-04-24 20:16:29 +03:00
Janusz Dziedzic
3b3e26875a tests: Use hapd from hostapd.add_ap() in eap_connect()
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-04-24 20:06:17 +03:00
Janusz Dziedzic
8b8a1864ff tests: Pass full apdev to add_ap() function (1)
Pass the full apdev to the add_ap() function instead of just ifname.
This allows us to handle also remote hosts while we can check
apdev['hostname'], apdev['port'].

This step (1) converts the cases where apdev[#]['ifname'] was used as
the argument to hostapd.add_ap().

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-04-03 22:45:57 +03:00
Jouni Malinen
07f0da3003 tests: EAP-SIM fast reauth with no-change SET_NETWORK
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-31 17:19:12 +03:00
Jouni Malinen
71666dc33a tests: Allow RC4-SHA failure in ap_wpa2_eap_fast_cipher_suites
This needs to be allowed with OpenSSL 1.1.0 since the RC4-based cipher
has been disabled by default.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-21 13:12:10 +02:00
Jouni Malinen
6c7fed4683 tests: EAP-SIM and check fast reauth with bssid change
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-16 19:46:27 +02:00
Jouni Malinen
40ae4a2ff2 tests: Fix root_ocsp() for multi-OCSP test cases
Incorrect path and file name was used in the openssl command to generate
one of the OCSP responses. Also fix
ap_wpa2_eap_tls_intermediate_ca_ocsp_multi to expect success rather than
failure due to OCSP response. Based on the test description, this was
supposed to succeed, but apparently that root_ocsp() bug prevented this
from happening.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-09 19:48:35 +02:00
Jouni Malinen
29b508e7dc tests: WPA2-Enterprise with EAP-GPSK and PTK rekey enforced by AP
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-02 17:11:38 +02:00
Jouni Malinen
d7ef6e6371 tests: Verify fast_max_pac_list_len=0 special case
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-02-20 10:06:02 +02:00
Jouni Malinen
0918fe4dda tests: EAP state machine status information
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-02-07 21:26:15 +02:00
Jouni Malinen
592790bf15 tests: Additional EAP-FAST PAC coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-02-06 13:23:42 +02:00
Jouni Malinen
31dd315382 tests: PKCS#12 with extra certs on the server
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-06 01:14:43 +02:00
Jouni Malinen
93aa1e1621 tests: EAP-FAST and binary PAC errors
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-06 00:28:16 +02:00
Jouni Malinen
a89faedc22 tests: EAP-TLS error cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-02-02 00:39:39 +02:00
Jouni Malinen
35372f6cd6 tests: EAP-IKEv2 with default fragment_size
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-15 10:36:41 +02:00
Jouni Malinen
7cbc8e6719 tests: fail_test instead of alloc_fail for aes_{encrypt,decrypt}_init
This is needed to fix ap_wpa2_eap_psk_oom, ap_wpa2_eap_sim_oom,
eap_proto_psk_errors, and ap_ft_oom with the new OpenSSL dynamic memory
allocation design.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-14 20:10:16 +02:00
Jouni Malinen
c397edf2bb tests: EAP-SIM/AKA with external GSM/UMTS auth failing
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-08 18:04:29 +02:00
Jouni Malinen
40c654cc1d tests: EAP-SIM with external GSM auth and replacing SIM
These test cases verify that EAP-SIM with external GSM auth supports the
use case of replacing the SIM. The first test case does this incorrectly
by not clearing the pseudonym identity (anonymous_identity in the
network profile) while the second one clears that and shows successful
connection.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-08 18:03:11 +02:00
Jouni Malinen
447fb0b0da tests: Make eap_check_auth() error on missing selectedMethod clearer
It was possible to hit an error case in ap_wpa2_eap_in_bridge where the
selectedMethod STATUS field was not available. This resulted in not very
helpful "'selectedMethod'" message in the test log file. Make this
clearer by dumping all received STATUS fields and a clearer exception
message indicating that selectedMethod was missing.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-01-07 00:27:50 +02:00
Jouni Malinen
ac713c0929 tests: WPA2-Enterprise connection using EAP-TTLS/EAP-GTC (OOM)
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-01-06 20:11:15 +02:00
Jouni Malinen
79a3973c95 tests: WPA2-Enterprise connection using EAP vendor test (OOM)
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-01-06 20:01:59 +02:00