Commit graph

52 commits

Author SHA1 Message Date
Jouni Malinen
c26081bf92 tests: Wait for group key handshake before testing Michael MIC failure
Avoid potential race condition in ap_cipher_tkip_countermeasures_ap by
sending the first test frame only after the AP has completed processing
the 4-way handshake and also wait a bit to allow the group key handshake
to be completed.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-12-14 11:02:12 +02:00
Jouni Malinen
4bfe80f297 tests: Skip ap_cipher_wpa_sae without SAE support
Even though the STA in this test case does not actually use SAE, it
needs to recognize the "SAE H2E only "BSS membership selector.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-14 13:08:04 +02:00
Jouni Malinen
e6dae30ce1 tests: EAPOL/key config test command failures
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-07 12:25:38 +02:00
Jouni Malinen
f7835ac163 tests: IGTK and BIGTK replay protection
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-06 13:17:55 +02:00
Andrei Otcheretianski
ba7542f62d tests: Add mixed SAE/WPA-PSK AP test
Verify WPA-PSK/TKIP connection on SAE configured AP.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2021-02-06 12:09:30 +02:00
Johannes Berg
570ae3ef54 tests: Unify IPv6 disabling
Add a decorator that disables IPv6 and requires running
under a VM, rather than open-coding that many times.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-05-17 01:31:19 +03:00
Johannes Berg
34ac7d871a tests: Delayed group rekey retransmit test for IGTK
Add a test for delayed group rekey retransmission that checks that
the IGTK is protected against it by not resetting the IPN replay
counter when reinstalling such a key.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-05-17 01:31:19 +03:00
Johannes Berg
7f508ff968 tests: Reset the correct key's PN for group key handshake testing
While adding support for IGTK and BIGTK here, I tested this without
protections (i.e., with protections removed from both wpa_supplicant and
the driver), and while I got some bad resets on the debugfs values, it
should have failed with "unexpected connectivity".

Fix this to be correct - we need to reset the GTK PN, not the PTK PN in
this test.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-05-17 01:31:19 +03:00
Johannes Berg
889218c14a tests: Extend debugfs key state reading for IGTK/BIGTK
Extend the debugfs read helpers to work with IGTK and BIGTK.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-05-17 01:31:19 +03:00
Johannes Berg
4a0b27c62f tests: Replace gtk boolean by keytype in cipher suite tests
Replace the gtk boolean by a keytype value indicating
GTK or PTK, to be able to extend to other types later.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-05-17 00:02:18 +03:00
Jouni Malinen
7e88ed8e2d tests: Use function decorator to clean up --long processing
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-18 11:35:32 +03:00
Jouni Malinen
21cf2c5baf tests: Skip more tests based on missing TKIP support
This makes it more convenient to run tests with builds that disable
TKIP/WPA(v1) support completely.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-17 23:51:58 +03:00
Alexander Wetzel
e1650a7b0e tests: Set key_flag when using SET_KEY
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-01-09 12:38:36 +02:00
Jouni Malinen
dad2f3253c tests: Initial GTK/IGTK RSC setting
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-04 13:07:47 +02:00
Jouni Malinen
ece9aa627a tests: Make ap_cipher_mixed_wpa_wpa2 more robust
Explicitly clear cfg80211 scan cache to avoid issues with old BSS
entries from previous test cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-12-28 19:03:22 +02:00
Jouni Malinen
938c6e7b3d tests: Wait for AP-STA-CONNECT before running connectivity test
When going through 4-way handshake, the station side reports
CTRL-EVENT-CONNECTED after having sent out EAPOL-Key msg 4/4. The AP
side reports AP-STA-CONNECT after having completed processing of this
frame. Especially when using UML with time travel, it is possible for
the connectivity test to be started before the AP side has configured
the pairwise TK if the test is triggered based on CTRL-EVENT-CONNECTED
instead of AP-STA-CONNECT.

Add explicit wait for AP-STA-CONNECT in some of these cases to reduce
likelihood of reporting failures for test cases that are actually
behaving as expected. This shows up with "dev1->dev2 unicast data
delivery failed" in the test log.

Do the same before requesting reauthentication from the station side
since that has a similar issue with the EAPOL-Start frame getting
encrypted before the AP is ready for it.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-05 00:10:32 +03:00
Jouni Malinen
fab49f6145 tests: Python coding style cleanup (pylint3 bad-whitespace)
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-16 18:52:09 +02:00
Masashi Honma
bab493b904 tests: Use python3 compatible "except" statement
This patch is made by using 2to3 command.

$ find . -name *.py | xargs 2to3 -f except -w -n

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-01-26 12:11:35 +02:00
Jouni Malinen
24b5b786e6 tests: WPA2-PSK/GCMP/CCMP ciphers
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-04-24 00:35:47 +03:00
Jouni Malinen
20daa57b92 tests: RESEND_M3 and RESEND_GROUP_M1 with PMF in use
This covers an additional code path that has a bug in IGTK PN clearing.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-04-01 21:42:49 +03:00
Jouni Malinen
18b8c35b41 tests: Fix ap_cipher_tkip_countermeasures_sta2
hostapd implementation was changed to use a valid Status Code when
rejecting the connection. This test case was forgotten at the time, but
it needs a matching change to allow the new value (1 instead of 14).

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-11-19 16:02:07 +02:00
Jouni Malinen
5068af8536 tests: hostapd group_cipher override
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-17 12:33:54 +02:00
Jouni Malinen
c45d45ba61 tests: WPA+WPA2-PSK/TKIP countermeasures (detected by mixed mode AP)
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:59:46 +02:00
Jouni Malinen
c9dc89968d tests: Skip new ap_ciphers tests cleanly for missing mac80211 debugfs
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-19 23:32:26 +03:00
Jouni Malinen
fd1b15aca3 tests: CCMP/TKIP/GCMP replay protection
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-19 20:47:44 +03:00
Jouni Malinen
862363babe tests: Plaintext EAPOL-Key frames when TK is configured
These test cases do not really verify any specific DUT behavior
automatically, i.e., these are here to generate sniffer captures for
manual analysis.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-19 18:32:16 +03:00
Jouni Malinen
4bb2272bab tests: Delayed M1+M3 retransmission and zero TK
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-18 11:28:55 +03:00
Jouni Malinen
59cbfa7c86 tests: Delayed 4-way handshake M1 and M3 retransmission
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-18 11:27:38 +03:00
Jouni Malinen
724152a1ef tests: Delayed group M1 retransmission
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-18 11:25:27 +03:00
Jouni Malinen
53041e75d2 tests: PMF group mgmt cipher constraints
Verify new wpa_supplicant group_mgmt parameter functionality.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-09-26 17:40:02 +03:00
Jouni Malinen
c299dea558 tests: WPA-PSK/TKIP countermeasures (detected by two STAs)
This includes check for hostapd ending TKIP countermeasures.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-10 19:48:12 +02:00
Jonathan Afek
9fd6804d61 tests: Mark 525 tests as remote compatible
After successfully passing the 525 tests on a remote setup mark the
tests as remote compatible.

Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
2016-06-27 21:47:37 +03:00
Jouni Malinen
e9f2d54f44 tests: Use shell in local cmd_execute() only if needed
The generic cmd_execute() function was introduced in a manner that
converted the argument array to a string and used shell to run the
command unconditionally. This is not really desirable, so move back to
using the command array by default and use the single command string
with a shell only when really needed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-27 21:10:35 +03:00
Jonathan Afek
f885b8e97c tests: ap_ciphers tests start using general cmd_execute() function
The ap_ciphers tests used to do file operations locally in python. Start
using the cmd_execute() general function for file operations so that
this would also work on remote setups.

Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
2016-06-19 23:48:07 +03:00
Jonathan Afek
8efc83d4e7 tests: Add support for wlantest for remote hwsim tests
Use a monitor interface given in the command line that is not also a
station or an AP as a monitor running wlantest on the channel used by
the test. This makes all the tests that use wlantest available for
execution on real hardware on remote hosts.

Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
2016-05-28 16:34:09 +03:00
Janusz Dziedzic
afc26df29c tests: Pass full apdev to add_ap() function (4)
Pass the full apdev to the add_ap() function instead of just ifname.
This allows us to handle also remote hosts while we can check
apdev['hostname'], apdev['port'].

This step (4) converts the cases that call hostapd.add_ap() from a
helper function that got apdev[i] as an argument.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-04-03 22:46:12 +03:00
Janusz Dziedzic
8b8a1864ff tests: Pass full apdev to add_ap() function (1)
Pass the full apdev to the add_ap() function instead of just ifname.
This allows us to handle also remote hosts while we can check
apdev['hostname'], apdev['port'].

This step (1) converts the cases where apdev[#]['ifname'] was used as
the argument to hostapd.add_ap().

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-04-03 22:45:57 +03:00
Avraham Stern
f3b7761ab7 tests: Fix ap_cipher_tkip_countermeasures_sta test
Write the main interface address to the tkip_mic_test debugfs file
to generate Michael MIC failure event (which is different than the
p2p_dev_addr when a dedicated P2P Device interface is used).

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2015-10-16 20:11:05 +03:00
Jouni Malinen
a1eabc74b8 tests: Skip WPA(V1) test cases in FIPS mode
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00
Jouni Malinen
287eb3f9d7 tests: Group management frame cipher suites
This extends testing coverage of PMF group management cipher suites to
include all the cases supported by the driver (existing BIP =
AES-128-CMAC and the new BIP-GMAC-128, BIP-GMAC-256, BIP-CMAC-256).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-24 19:37:42 +02:00
Jouni Malinen
81e787b750 tests: Convert test skipping to use exception
Instead of returning "skip" from the test function, raise the new
HwsimSkip exception to indicate a test case was skipped.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-08 22:43:47 +02:00
Jouni Malinen
5f35a5e27f tests: Add wait_connected() and wait_disconnected() helpers
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-20 13:10:09 +02:00
Jouni Malinen
dc4c3dc4a2 tests: Simplify Michael MIC test file writing
Since run-tests.py is now required to run as root, there is no need to
use the somewhat awkward "sudo tee" construction; instead, just write
directly to the file.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-30 01:05:39 +02:00
Jouni Malinen
a8375c94c0 tests: Pass wpas/hapd instance to test_connectivity()
This makes it easier to replace data connectivity testing to use
something else than local hwsim_test binary on the controller device.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-19 17:54:49 +03:00
Jouni Malinen
9e669cb5ff tests: Hide stdout from Popen() to avoid undesired stdout prints
ap_cipher_tkip_countermeasures_{ap,sta} printed out the MAC addresses in
stdout which resulted in the debug log not starting the PASS/FAIL
information at the beginning of the line. Hide these unnecessary prints
to avoid that.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-29 15:37:18 +03:00
Jouni Malinen
aa034377f7 tests: TKIP countermeasures
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-12 22:39:11 +02:00
Jouni Malinen
9b3e2ad3a7 tests: Fix reporting of skipped cipher suite tests
The return value was lost and GCMP, CCMP-256, and GCMP-256 test cases
were reporting PASS instead of SKIP.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-11 15:03:38 +02:00
Jouni Malinen
5be9dcbb86 tests: Remove unnecessary interpreter line from most python files
Only run-tests.py is actually executed, so there is no need to specify
the interpreter in all the helper files and test script files.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-02-21 20:21:53 +02:00
Jouni Malinen
ad36d27d6a tests: Remove ignore_old_scan_res workaround
Now that wpa_supplicant requests the driver (cfg80211) to clear its scan
cache automatically after each BSS_FLUSH/FLUSH command, the previously
used ignore_old_scan_res workaround should not be needed for the hwsim
test cases anymore.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-03 08:59:59 +02:00
Jouni Malinen
2e3aec56e7 tests: Verify mixed mode WPA+WPA2 operation
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-31 19:03:39 +02:00