Commit graph

315 commits

Author SHA1 Message Date
Jouni Malinen
8a303f09a2 tests: EAP-AKA within EAP-TTLS/PEAP/FAST tunnel and reauth
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-10 19:48:12 +02:00
Jouni Malinen
f22bc11846 tests: EAP-SIM tunneled within EAP-TTLS/PEAP/FAST
This verifies both the internal and external GSM authentication
operation when EAP-SIM is tunneled within EAP-TTLS/PEAP/FAST.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-10 19:48:12 +02:00
Jouni Malinen
a821797219 tests: WPA2-Enterprise using EAP-SIM with zero database timeout
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-28 18:43:33 +02:00
Jouni Malinen
4c62638234 tests: EAP-FAST and provisioning options
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-28 18:43:33 +02:00
Jouni Malinen
db98b58736 tests: Remove trailing whitespace
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-28 14:31:42 +02:00
Jouni Malinen
969e525091 tests: Skip eap_tls_pkcs8_pkcs5_v15 with BoringSSL
It does not look like BoringSSL allows pbeWithMD5AndDES-CBC to be used
to protect the local private key, so skip this test case.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-21 12:31:20 +02:00
Jouni Malinen
677c2283e7 tests: Update eap_proto_psk_errors and ap_wpa2_eap_psk_oom
The extension of aes_128_ctr_encrypt() to allow AES-192 and AES-256 to
be used in addition to AES-128 for CTR mode encryption resulted in the
backtrace for the function calls changing. Update the test cases that
started failing due to that change.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 20:27:31 +03:00
Jouni Malinen
5b71cb552b tests: Update server and user certificates (2015)
The previous versions expired, so need to re-sign these to fix number of
the EAP test cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-09-30 22:45:03 +03:00
Jouni Malinen
78d2233f01 tests: Fix ap_wpa2_eap_too_many_roundtrips with OpenSSL 1.1.0
Use a smaller fragment_size to force the roundtrip limit to be reached
with OpenSSL 1.1.0 which seemed to result in a bit shorter TLS messages
being used and being able to complete the authentication successfully
with the previously used fragment_size value.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-07-15 13:30:57 +03:00
Jouni Malinen
2833743d4c tests: WPA2-Enterprise connection using EAP-GPSK and wildcard SSID
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-19 22:41:23 +03:00
Jouni Malinen
90b4c73fdf tests: Fix ap_wpa2_eap_fast_prf_oom with the updated PRF implementation
This is needed to work with the tls_openssl.c changes that renamed the
function that is used for deriving the EAP-FAST keys.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-23 20:40:14 +03:00
Janusz Dziedzic
6f334bf7a0 tests: Use hapd from hostapd.add_ap()
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-04-24 20:16:29 +03:00
Janusz Dziedzic
3b3e26875a tests: Use hapd from hostapd.add_ap() in eap_connect()
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-04-24 20:06:17 +03:00
Janusz Dziedzic
8b8a1864ff tests: Pass full apdev to add_ap() function (1)
Pass the full apdev to the add_ap() function instead of just ifname.
This allows us to handle also remote hosts while we can check
apdev['hostname'], apdev['port'].

This step (1) converts the cases where apdev[#]['ifname'] was used as
the argument to hostapd.add_ap().

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-04-03 22:45:57 +03:00
Jouni Malinen
07f0da3003 tests: EAP-SIM fast reauth with no-change SET_NETWORK
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-31 17:19:12 +03:00
Jouni Malinen
71666dc33a tests: Allow RC4-SHA failure in ap_wpa2_eap_fast_cipher_suites
This needs to be allowed with OpenSSL 1.1.0 since the RC4-based cipher
has been disabled by default.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-21 13:12:10 +02:00
Jouni Malinen
6c7fed4683 tests: EAP-SIM and check fast reauth with bssid change
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-16 19:46:27 +02:00
Jouni Malinen
40ae4a2ff2 tests: Fix root_ocsp() for multi-OCSP test cases
Incorrect path and file name was used in the openssl command to generate
one of the OCSP responses. Also fix
ap_wpa2_eap_tls_intermediate_ca_ocsp_multi to expect success rather than
failure due to OCSP response. Based on the test description, this was
supposed to succeed, but apparently that root_ocsp() bug prevented this
from happening.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-09 19:48:35 +02:00
Jouni Malinen
29b508e7dc tests: WPA2-Enterprise with EAP-GPSK and PTK rekey enforced by AP
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-02 17:11:38 +02:00
Jouni Malinen
d7ef6e6371 tests: Verify fast_max_pac_list_len=0 special case
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-02-20 10:06:02 +02:00
Jouni Malinen
0918fe4dda tests: EAP state machine status information
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-02-07 21:26:15 +02:00
Jouni Malinen
592790bf15 tests: Additional EAP-FAST PAC coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-02-06 13:23:42 +02:00
Jouni Malinen
31dd315382 tests: PKCS#12 with extra certs on the server
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-06 01:14:43 +02:00
Jouni Malinen
93aa1e1621 tests: EAP-FAST and binary PAC errors
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-06 00:28:16 +02:00
Jouni Malinen
a89faedc22 tests: EAP-TLS error cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-02-02 00:39:39 +02:00
Jouni Malinen
35372f6cd6 tests: EAP-IKEv2 with default fragment_size
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-15 10:36:41 +02:00
Jouni Malinen
7cbc8e6719 tests: fail_test instead of alloc_fail for aes_{encrypt,decrypt}_init
This is needed to fix ap_wpa2_eap_psk_oom, ap_wpa2_eap_sim_oom,
eap_proto_psk_errors, and ap_ft_oom with the new OpenSSL dynamic memory
allocation design.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-14 20:10:16 +02:00
Jouni Malinen
c397edf2bb tests: EAP-SIM/AKA with external GSM/UMTS auth failing
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-08 18:04:29 +02:00
Jouni Malinen
40c654cc1d tests: EAP-SIM with external GSM auth and replacing SIM
These test cases verify that EAP-SIM with external GSM auth supports the
use case of replacing the SIM. The first test case does this incorrectly
by not clearing the pseudonym identity (anonymous_identity in the
network profile) while the second one clears that and shows successful
connection.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-08 18:03:11 +02:00
Jouni Malinen
447fb0b0da tests: Make eap_check_auth() error on missing selectedMethod clearer
It was possible to hit an error case in ap_wpa2_eap_in_bridge where the
selectedMethod STATUS field was not available. This resulted in not very
helpful "'selectedMethod'" message in the test log file. Make this
clearer by dumping all received STATUS fields and a clearer exception
message indicating that selectedMethod was missing.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-01-07 00:27:50 +02:00
Jouni Malinen
ac713c0929 tests: WPA2-Enterprise connection using EAP-TTLS/EAP-GTC (OOM)
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-01-06 20:11:15 +02:00
Jouni Malinen
79a3973c95 tests: WPA2-Enterprise connection using EAP vendor test (OOM)
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-01-06 20:01:59 +02:00
Jouni Malinen
ecd07de40c tests: EAP-FAST and different TLS cipher suites
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-31 20:53:43 +02:00
Jouni Malinen
9353f07f3b tests: Clear BSS table at the end of rsn_ie_proto_eap_sta
rsn_ie_proto_eap_sta followed by eap_ttls_mschapv2_session_resumption
showed a failure case where the special RSNE from rsn_ie_proto_eap_sta
ended up remaining in a wpa_supplicant BSS entry and the SELECT_NETWORK
command used the previous scan results without checking for changed AP
configuration. This resulted in test failure due to RSN IE being claimed
to be different in EAPOL-Key msg 3/4. This is not really a real world
issue, but try to avoid false failure reports by explicitly clearing the
BSS table at the end of rsn_ie_proto_eap_sta.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-31 00:53:20 +02:00
Jouni Malinen
412c60309a tests: Increase connection timeout for number of EAP test cases
The previously used 10 second timeout allowed only two scan attempts
(five seconds between scans) and it was possible to hit a failure every
now and then when running under heavy load and the Probe Response frame
got delayed by 40 ms or so twice in a row. Add more time for one more
scan attempt to reduce the likelihood of this happening.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-30 20:00:01 +02:00
Jouni Malinen
52811b8c90 tests: EAP-TLS with intermediate CAs and OCSP multi
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-24 00:54:30 +02:00
Jouni Malinen
98d125cafa tests: Minimal testing of OCSP stapling with ocsp_multi
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-23 00:32:52 +02:00
Jouni Malinen
8adce07a73 tests: Add dh_file parameter for integrated EAP server
This is needed for number of EAP test cases at least when using the
internal TLS server implementation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-22 17:51:54 +02:00
Jouni Malinen
3b6f3b37b8 tests: WPA2-Enterprise connection using EAP-EKE (many connections)
This tries to make it more likely to hit the special case of pub_len <
prime_len for additional code coverage.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-21 23:57:16 +02:00
Jouni Malinen
d5f5d260b8 tests: EAP-PEAP phase1 TLS flags
This adds some more test coverage for phase1 parameters that had not
previously been included in any of the test cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-20 17:36:51 +02:00
Jouni Malinen
5382712518 tests: EAP-TTLS with unsupported Phase 2 EAP method in configuration
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-20 17:33:03 +02:00
Jouni Malinen
7cb27f89f2 tests: EAP-TLS and TLS Message Length in unfragmented packets
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-20 17:25:41 +02:00
Jouni Malinen
cef42a44e2 tests: EAP-TLS and config blob missing
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-20 17:25:41 +02:00
Jouni Malinen
bfdb90d40f tests: EAP-TTLS/MSCHAP with password hash
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-20 17:25:41 +02:00
Jouni Malinen
09a4404a33 tests: EAP-PEAP version forcing
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-19 20:59:14 +02:00
Jouni Malinen
81e1ab85bc tests: EAP-PEAP session resumption with crypto binding
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-19 20:23:51 +02:00
Jouni Malinen
09ad98c58a tests: EAP-PEAP with peap_outer_success=0
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-19 20:05:50 +02:00
Jouni Malinen
c4e06b9b7b tests: EAP-TTLS with invalid phase2 parameter values
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-18 00:24:51 +02:00
Jouni Malinen
138903f91f tests: Run OCSP test cases with internal TLS library
There is no sufficient OCSP support to go through these test cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-17 21:19:59 +02:00
Jouni Malinen
58a406202a tests: OCSP certificate signed OCSP response using key ID
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-17 00:49:26 +02:00
Jouni Malinen
8e416cecdb tests: Make key-lifetime-in-memory more robust for GTK check
The decrypted copy of a GTK from EAPOL-Key is cleared from memory only
after having sent out CTRL-EVENT-CONNECTED. As such, there was a race
condition on the test case reading the wpa_supplicant process memory
after the connection. This was unlikely to occur due to the one second
sleep, but even with that, it would be at least theorically possible to
hit this race under heavy load (e.g., when using large number of VMs to
run parallel testing). Avoid this by running a PING command to make sure
wpa_supplicant has returned to eloop before reading the process memory.
This should make it less likely to report false positives on GTK being
found in memory.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-14 17:23:47 +02:00
Jouni Malinen
16c43d2a8f tests: Run PKCS#12 tests with internal TLS crypto
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-14 15:49:01 +02:00
Jouni Malinen
ca27ee0998 tests: External server certificate chain validation
This tests tls_ext_cert_check=1 behavior with EAP-TLS, EAP-TTLS,
EAP-PEAP, and EAP-FAST.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-13 21:12:20 +02:00
Jouni Malinen
0ceff76e7b tests: WPA2 AP processing of RSN IE differences
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-06 20:00:10 +02:00
Jouni Malinen
8eb45bde38 tests: Write GTK locations into debug log in key_lifetime_in_memory
It looks like it is possible for the GTK to be found from memory every
now and then. This makes these test cases fail. Write the memory
addresses in which the GTK was found to the log to make it somewhat
easier to try to figure out where the key can be left in memory.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-06 17:48:43 +02:00
Jouni Malinen
96bf8fe104 tests: PKCS #8 private key with PKCS #5 v1.5 and v2.0 format
This verifies client private key use in encrypted PKCS #8 format with
PKCS #5 v1.5 format using pbeWithMD5AndDES-CBC and PKCS #5 v2.0 format
using PBES2 with des-ede3-cbc.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-05 20:27:27 +02:00
Jouni Malinen
d6ba709aa3 tests: EAP-TLS with SHA512/SHA384 signature
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-30 00:39:38 +02:00
Jouni Malinen
cc71035f6c tests: ap_wpa2_eap_fast_prf_oom with internal TLS implementation
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-29 23:57:39 +02:00
Jouni Malinen
404597e630 tests: Skip ap_wpa2_eap_ttls_dh_params_dsa with internal TLS
DH DSA parameters are not yet supported.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-29 21:09:44 +02:00
Jouni Malinen
686eee77d2 tests: Skip PKCS#12 tests with internal TLS client implementation
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-29 21:07:39 +02:00
Jouni Malinen
e78eb40442 tests: Skip domain_match and domain_suffix_match with internal TLS
The internal TLS client in wpa_supplicant does not yet support the
functionality needed for these test cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-29 20:35:05 +02:00
Jouni Malinen
2286578fe0 tests: TLS v1.2 check in ap_wpa2_eap_tls_versions for internal TLS
The internal TLS implementation in wpa_supplicant supports TLS v1.2, so
verify that this version can be disabled.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-29 20:04:26 +02:00
Jouni Malinen
bb0a72ab46 tests: Skip OCSP test cases with the internal TLS implementation
The internal TLS client implementation does not yet support OCSP.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-29 19:32:45 +02:00
Jouni Malinen
0fc1b583e2 tests: ap_wpa2_eap_ttls_server_cert_hash with internal TLS client
Since the internal TLS client implementation in wpa_supplicant now has
sufficient support for this functionality, allow the test case to be
executed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-29 19:02:04 +02:00
Jouni Malinen
f2d789f20b tests: EAP-pwd with Brainpool EC
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-01 11:30:48 +02:00
Jouni Malinen
d4c3c055d5 tests: EAP-SIM DB error cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-31 16:28:33 +02:00
Jouni Malinen
bf0ec17a51 tests: EAP-GPSK error cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-17 21:42:36 +03:00
Jouni Malinen
7c0d66cf7a tests: EAP-MSCHAPv2 error cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-12 01:55:00 +03:00
Jouni Malinen
0d2a7bad0f tests: MSCHAP UTF-8 to UCS-2 conversion error cases
This triggers all three error cases in utf8_to_ucs2().

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-10 18:41:22 +03:00
Jouni Malinen
d79ce4a6ce tests: Additional OCSP coverage
Verify OCSP stapling response that is signed by the CA rather than a
separate OCSP responder. In addition, verify that invalid signer
certificate (missing OCSP delegation) gets rejected.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-10 17:32:53 +03:00
Jouni Malinen
0c6185fc73 tests: Run through OCSP tests with BoringSSL
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-10-09 23:48:30 +03:00
Jouni Malinen
a359c7bb23 tests: Read monitor messages more frequently
These test cases left at least one of the attached monitor sockets
blocking for excessive time: ap_wpa2_eap_aka_ext,
ap_hs20_req_conn_capab_and_roaming_partner_preference,
ap_hs20_min_bandwidth_and_roaming_partner_preference, ap_wpa_ie_parsing.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-04 20:45:20 +03:00
Jouni Malinen
4b9d79b66e tests: Make it less likely to overflow wlan5 control iface socket
Number of test cases did not read all control interface socket events
from the dynamically added wlan5 interface. This could result in hitting
maximum socket TX queue length and failures in the following test cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-04 01:42:42 +03:00
Jouni Malinen
403610d386 tests: Update server and user certificates (2015)
The previous versions expired, so need to re-sign these to fix number of
the EAP test cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-01 01:37:47 +03:00
Jouni Malinen
f455998afe tests: WPA2-Enterprise interactive identity entry and ENABLE_NETWORK
This verifies that ENABLE_NETWORK does not trigger reconnection if
already connected. The previous commit fixed a case where it was
possible for that to happen.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-09-22 12:03:53 +03:00
Jouni Malinen
f9dd43eac2 tests: EAP-TLS/TTLS/PEAP session resumption
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-24 19:28:12 +03:00
Jouni Malinen
0dae8c9974 tests: Skip TLS OCSP stapling test cases with BoringSSL builds
BoringSSL removed the OpenSSL API used to implement OCSP stapling
support.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-18 20:21:44 +03:00
Jouni Malinen
5f2e454790 tests: Allow group 25 to fail in ap_wpa2_eap_pwd_groups with BoringSSL
It looks like NID_X9_62_prime192v1 is not available, so allow that group
to fail without failing the full ap_wpa2_eap_pwd_groups test case.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-18 19:52:38 +03:00
Jouni Malinen
6da3b745f1 tests: Try users2.pkcs12 twice to add coverage
This allows manual verification of extra PKCS#12 certificate processing.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-11 01:10:15 +03:00
Jouni Malinen
ecafa0cf47 tests: RSN element protocol testing for STA side
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-08 20:04:07 +03:00
Jouni Malinen
38934ed100 tests: Skip ap_wpa2_eap_psk_oom and ap_ft_oom in FIPS mode
omac1_aes_128() implementation within crypto_openssl.c is used in this
case and that cannot fail the memory allocation similarly to the
non-FIPS case and aes-omac1.c.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00
Jouni Malinen
06cdd1cd79 tests: Allow FIPS error case for openssl_cipher_suite_config_wpas
OpenSSL rejects the cipher string 'EXPORT' in FIPS mode in a way that
results in the locally generated error showing up before the EAP method
has been accepted.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00
Jouni Malinen
0392867b6b tests: Skip EAP-pwd NTHash test in FIPS build
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00
Jouni Malinen
c8e82c94da tests: Skip EAP-IKEV2 tests if not included in the build
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00
Jouni Malinen
e7ac04ceaf tests: Skip EAP-MD5 and EAP-MSCHAPV2 test cases in FIPS mode
These would require MD5 or MD4 which are not allowed in FIPS mode.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00
Jouni Malinen
ca158ea621 tests: Skip EAP-TTLS/CHAP, MSCHAP, MSCHAPV2 test cases in FIPS mode
In addition, replace some of the CHAP cases with PAP since that enables
more coverage without breaking the main test focus.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00
Jouni Malinen
9dd21d5183 tests: Allow local disconnect in openssl_cipher_suite_config_wpas
The openssl_ciphers="EXPORT" case may result in locally generated
disconnection event if the OpenSSL version used in the build rejects
export ciphers in default configuration (which is what OpenSSL 1.1.0
will likely do). Don't report a test case failure in such a case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-28 21:00:18 +03:00
Jouni Malinen
6c4b5da46d tests: EAP-TLS and TLS version configuration
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-08 19:52:14 +03:00
Jouni Malinen
85774b70a1 tests: EAP server and OOM
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-01 00:42:09 +03:00
Jouni Malinen
405c621cdb tests: WPA2-Enterprise connection using MAC ACL
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-01 00:34:27 +03:00
Jouni Malinen
df7ad0fa11 tests: EAP-TLS and unknown OCSP signer
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-30 22:05:37 +03:00
Jouni Malinen
d2a1047e67 tests: Invalid OCSP data (parsing failure)
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-30 22:01:05 +03:00
Jouni Malinen
7be5ec991d tests: Invalid openssl_ciphers value
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-30 21:55:59 +03:00
Jouni Malinen
6eddd5303c tests: EAP-FAST/MSCHAPv2 and server OOM
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-30 21:36:12 +03:00
Jouni Malinen
b3ff3decf6 tests: DH parameter file DSA conversion and error cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-29 23:23:56 +03:00
Jouni Malinen
0c83ae0469 tests: EAP-TLS with PKCS12 that includes additional certificates
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-29 23:23:56 +03:00
Jouni Malinen
b1fb42751a tests: EAP-TLS and OOM
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-29 23:23:56 +03:00
Jouni Malinen
b197a8194b tests: EAP-TLS and server checking CRL
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-29 23:23:56 +03:00
Jouni Malinen
486f4e3c83 tests: EAP-SIM and OOM
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-29 23:23:56 +03:00
Jouni Malinen
f1ab79c34c tests: WPA2-Enterprise connection using EAP-IKEv2 and OOM
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-29 23:23:56 +03:00
Jouni Malinen
8c4e4c01f6 tests: WPA2-Enterprise connection using EAP-PSK and OOM
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-29 23:23:56 +03:00
Jouni Malinen
27f2fab021 tests: WPA2-Enterprise connection using EAP-FAST and OOM in PRF
This is a regression test case for a memory leak on a TLS PRF error
path. In addition, this provides more coverage for this error path.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-19 01:23:24 +03:00
Jouni Malinen
5e0bedc63c tests: EAP-EKE with server OOM
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-24 13:36:16 +03:00
Jouni Malinen
f7e3c17b68 tests: WPA2-Enterprise connection using EAP-EKE with serverid NAI
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-24 12:48:52 +03:00
Jouni Malinen
5748d1e5f8 tests: EAP-TTLS with server certificate valid beyond UNIX time 2^31
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-24 11:24:35 +03:00
Jouni Malinen
768ea0bc32 tests: DH params with 2048-bit key
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-24 11:03:42 +03:00
Jouni Malinen
febf575200 tests: EAP-TTLS with TLS session ticket enabled
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-04-01 12:57:11 +03:00
Jouni Malinen
0d33f5040f tests: EAP-PEAP/MSCHAPv2 with domain name
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-29 22:06:06 +03:00
Jouni Malinen
b898a6ee72 tests: WPA2-Enterprise connection using EAP-pwd and NTHash
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-28 09:45:25 +02:00
Jouni Malinen
52352802ee tests: Linux packet socket workaround and EAPOL RX in operational state
This verifies that the packet socket workaround does not get disabled if
EAPOL frames are processed during operation state (i.e., when processing
reauthentication/rekeying on a functional association).

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-22 16:06:23 +02:00
Jouni Malinen
b638f70316 tests: Replace subprocess.call for rm with os.remove()
There is no need to use sudo and external rm to remove files now that
run-tests.py is required to run as root.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-07 15:37:13 +02:00
Jouni Malinen
f4cd0f6454 tests: EAP-PEAP/MSCHAPv2 password failure
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-01 17:37:35 +02:00
Jouni Malinen
54f2cae2e6 tests: Make *_key_lifetime_in_memory more robust
It was possible for the GTK-found-in-memory case to be triggered due to
a retransmission of EAPOL-Key msg 3/4 especially when running test cases
under heavy load (i.e., timeout on hostapd due to not receiving the 4/4
response quickly enough). Make this false failure report less likely by
waiting a bit longer after the connection has been completed before
fetching the process memory.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-31 18:06:06 +02:00
Jouni Malinen
ef318402f6 tests: EAP-MSCHAPv2 server out-of-memory cases
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-28 16:17:25 +02:00
Jouni Malinen
95a15d793e tests: EAP-GTC server error cases
In addition, no-password-configured coverage extended to EAP-MD5 and
EAP-MSCHAPv2 as well.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-28 15:59:36 +02:00
Jouni Malinen
467775c5ac tests: Pending EAP peer processing with VENDOR-TEST
This extends the VENDOR-TEST EAP method peer implementation to allow
pending processing case to be selected at run time. The
ap_wpa2_eap_vendor_test test case is similarly extended to include this
option as the second case for full coverage.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-28 13:09:31 +02:00
Jouni Malinen
a08fdb17aa tests: EAPOL supplicant invalid frame handling
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-28 13:09:31 +02:00
Jouni Malinen
48bb2e68c0 tests: STATUS-VERBOSE
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-28 13:09:31 +02:00
Jouni Malinen
90ad11e625 tests: Make active scans more robust
This makes testing under very heavy load or under extensive kernel
debugging options more robust by allowing number of test cases to scan
multiple times before giving up on active scans. The main reason for
many of the related test failures is in Probe Response frame from
hostapd not getting out quickly enough especially when multiple BSSes
are operating.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-23 00:52:40 +02:00
Jouni Malinen
0258cf1006 tests: Clean up ap_wpa2_eap_aka_ext
Use a loop over set of test values instead of duplicated functionality
implemented separately for each case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-17 17:09:46 +02:00
Jouni Malinen
584e4197bd tests: Make ap_wpa2_eap_aka_ext faster and more robust
Use SELECT_NETWORK instead of REASSOCIATE for the first reconnection to
avoid unnecessary long wait for temporary network disabling to be
cleared. In addition, wait for the disconnect event after issuing the
DISCONNECT commands to avoid issues due to any pending events during the
immediately following reconnection attempt.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-17 16:59:40 +02:00
Jouni Malinen
ee9533eb0e tests: EAP-MD5 server error cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-17 12:02:11 +02:00
Jouni Malinen
061cbb258f tests: domain_match checking against server certificate
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-14 15:45:18 +02:00
Jouni Malinen
37b4a66ce6 tests: Valid OCSP response with revoked and unknown cert status
This increases testing coverage for OCSP processing by confirming that
valid OCSP response showing revoked certificate status prevents
successful handshake completion. In addition, unknown certificate status
is verified to prevent connection if OCSP is required and allow
connection if OCSP is optional.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-12 00:19:21 +02:00
Jouni Malinen
4bf4e9db86 tests: Skip ap_wpa2_eap_ttls_server_cert_hash if probing not supported
The ca_cert="probe://" functionality is currently supported only with
OpenSSL.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-12 00:19:21 +02:00
Jouni Malinen
62750c3e80 tests: Use RSA key format in ap_wpa2_eap_tls_blob
This format as a DER encoded blob is supported by both OpenSSL and
GnuTLS while the previous OpenSSL specific format did not get accepted
by GnuTLS.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-12 00:19:21 +02:00
Jouni Malinen
24579e7047 tests: Split domain_suffix_match test cases based on match type
With GnuTLS, domain_suffix_match is currently requiring full match, so
split the test cases in a way that can be reported more cleanly as PASS
or SKIP based on TLS library behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-12 00:19:21 +02:00
Jouni Malinen
506b2f05f2 tests: Split subject_match and altsubject_match to separate test cases
These parameters are supported only with OpenSSL, so split any test case
that used those for a successful connection into two test cases. Skip
all test cases where these are used without the selected TLS library
supporting them to avoid reporting failures incorrectly. Though, verify
that subject_match and altsubject_match get rejected properly if TLS
library does not support these.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-12 00:19:21 +02:00
Jouni Malinen
3b51cc6359 tests: Skip EAP-pwd and EAP-FAST test cases if not supported
Check wpa_supplicant EAP capability and skip EAP-pwd and EAP-FAST test
cases if the build did not include support for these. This is cleaner
than reporting failures for such test cases when the selected TLS
library does not support the EAP method.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-12 00:19:21 +02:00
Jouni Malinen
a783340d04 tests: Skip OpenSSL cipher string tests with other TLS libraries
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-12 00:19:21 +02:00
Jouni Malinen
37d6135507 tests: Increase altsubject_match testing coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-11 00:27:01 +02:00
Jouni Malinen
81e787b750 tests: Convert test skipping to use exception
Instead of returning "skip" from the test function, raise the new
HwsimSkip exception to indicate a test case was skipped.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-08 22:43:47 +02:00
Jouni Malinen
750904dd42 tests: Extend EAP key lifetime in memory to cover MSK and EMSK
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-03 15:49:57 +02:00
Jouni Malinen
5b3c40a65b tests: Verify that wpa_supplicant clears keys from memory
Check that PMK and PTK and not left in memory (heap or stack)
unnecessarily after they are not needed anymore.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-30 10:37:02 +02:00
Jouni Malinen
5f35a5e27f tests: Add wait_connected() and wait_disconnected() helpers
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-20 13:10:09 +02:00
Jouni Malinen
2fc4749c91 tests: Verify that EAP-FAST PAC and TLS session ticket was used
This provides a regression test that would have caught the recent
issue with tls_openssl.c change breaking EAP-FAST.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-09 23:47:47 +02:00
Jouni Malinen
d463c5566f tests: Additional coverage for SCAN_RESULTS and BSS entry flags
This increases wpa_supplicant_ie_txt(), print_bss_info(), and
wpa_supplicant_ctrl_iface_scan_result() testing coverage to include the
previously missing key management options.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:06 +02:00
Jouni Malinen
47dcb1186f tests: Move external_sim reset to test cases that change this
This removes unnecessary reset() step from between every test case.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-11-28 23:02:29 +02:00
Jouni Malinen
a8375c94c0 tests: Pass wpas/hapd instance to test_connectivity()
This makes it easier to replace data connectivity testing to use
something else than local hwsim_test binary on the controller device.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-19 17:54:49 +03:00
Jouni Malinen
89f20842f6 tests: OpenSSL cipherlist configuration
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-12 11:59:04 +03:00
Jouni Malinen
c1d1b6998d tests: Update server and user certificates
The previous versions expired, so need to re-sign these to fix number of
the EAP test cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-09-30 00:40:23 +03:00
Jouni Malinen
9a5cfd7007 tests: No EAP fast session resumption between network blocks
Verify that EAP fast session resumption is skipped if the connection
uses a different network configuration than the last EAP connection.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-26 20:23:08 +03:00
Jouni Malinen
72cbc6847b tests: EAP-SIM external_sim error cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-21 19:43:11 +03:00
Jouni Malinen
d8e02214ea tests: EAP-AKA external_sim error cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-21 11:30:57 +03:00
Jouni Malinen
32747a3eee tests: EAP-SIM/AKA invalid Milenage key configuration
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-20 10:59:08 +03:00
Jouni Malinen
b246e2af79 tests: Non-ASCII EAP user identity
This is a regression test for printf_encode() bounds checking issues
that can now be caught under valgrind.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-06-02 17:36:51 +03:00
Jouni Malinen
745f87715e tests: Verify SQLite DB as hostapd EAP user database
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-26 17:21:43 +03:00
Jouni Malinen
c4d370117b tests: EAP-PEAP parameters
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-18 00:44:39 +03:00
Jouni Malinen
ea6464b07f tests: EAP-PEAP crypto_binding=0/1
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-18 00:33:59 +03:00
Jouni Malinen
873e7c297c tests: EAP-FAST using PAC file
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-18 00:28:31 +03:00