Commit graph

115 commits

Author SHA1 Message Date
Jouni Malinen
8c4e4c01f6 tests: WPA2-Enterprise connection using EAP-PSK and OOM
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-29 23:23:56 +03:00
Jouni Malinen
27f2fab021 tests: WPA2-Enterprise connection using EAP-FAST and OOM in PRF
This is a regression test case for a memory leak on a TLS PRF error
path. In addition, this provides more coverage for this error path.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-19 01:23:24 +03:00
Jouni Malinen
5e0bedc63c tests: EAP-EKE with server OOM
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-24 13:36:16 +03:00
Jouni Malinen
f7e3c17b68 tests: WPA2-Enterprise connection using EAP-EKE with serverid NAI
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-24 12:48:52 +03:00
Jouni Malinen
5748d1e5f8 tests: EAP-TTLS with server certificate valid beyond UNIX time 2^31
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-24 11:24:35 +03:00
Jouni Malinen
768ea0bc32 tests: DH params with 2048-bit key
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-24 11:03:42 +03:00
Jouni Malinen
febf575200 tests: EAP-TTLS with TLS session ticket enabled
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-04-01 12:57:11 +03:00
Jouni Malinen
0d33f5040f tests: EAP-PEAP/MSCHAPv2 with domain name
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-29 22:06:06 +03:00
Jouni Malinen
b898a6ee72 tests: WPA2-Enterprise connection using EAP-pwd and NTHash
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-28 09:45:25 +02:00
Jouni Malinen
52352802ee tests: Linux packet socket workaround and EAPOL RX in operational state
This verifies that the packet socket workaround does not get disabled if
EAPOL frames are processed during operation state (i.e., when processing
reauthentication/rekeying on a functional association).

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-22 16:06:23 +02:00
Jouni Malinen
b638f70316 tests: Replace subprocess.call for rm with os.remove()
There is no need to use sudo and external rm to remove files now that
run-tests.py is required to run as root.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-07 15:37:13 +02:00
Jouni Malinen
f4cd0f6454 tests: EAP-PEAP/MSCHAPv2 password failure
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-01 17:37:35 +02:00
Jouni Malinen
54f2cae2e6 tests: Make *_key_lifetime_in_memory more robust
It was possible for the GTK-found-in-memory case to be triggered due to
a retransmission of EAPOL-Key msg 3/4 especially when running test cases
under heavy load (i.e., timeout on hostapd due to not receiving the 4/4
response quickly enough). Make this false failure report less likely by
waiting a bit longer after the connection has been completed before
fetching the process memory.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-31 18:06:06 +02:00
Jouni Malinen
ef318402f6 tests: EAP-MSCHAPv2 server out-of-memory cases
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-28 16:17:25 +02:00
Jouni Malinen
95a15d793e tests: EAP-GTC server error cases
In addition, no-password-configured coverage extended to EAP-MD5 and
EAP-MSCHAPv2 as well.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-28 15:59:36 +02:00
Jouni Malinen
467775c5ac tests: Pending EAP peer processing with VENDOR-TEST
This extends the VENDOR-TEST EAP method peer implementation to allow
pending processing case to be selected at run time. The
ap_wpa2_eap_vendor_test test case is similarly extended to include this
option as the second case for full coverage.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-28 13:09:31 +02:00
Jouni Malinen
a08fdb17aa tests: EAPOL supplicant invalid frame handling
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-28 13:09:31 +02:00
Jouni Malinen
48bb2e68c0 tests: STATUS-VERBOSE
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-28 13:09:31 +02:00
Jouni Malinen
90ad11e625 tests: Make active scans more robust
This makes testing under very heavy load or under extensive kernel
debugging options more robust by allowing number of test cases to scan
multiple times before giving up on active scans. The main reason for
many of the related test failures is in Probe Response frame from
hostapd not getting out quickly enough especially when multiple BSSes
are operating.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-23 00:52:40 +02:00
Jouni Malinen
0258cf1006 tests: Clean up ap_wpa2_eap_aka_ext
Use a loop over set of test values instead of duplicated functionality
implemented separately for each case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-17 17:09:46 +02:00
Jouni Malinen
584e4197bd tests: Make ap_wpa2_eap_aka_ext faster and more robust
Use SELECT_NETWORK instead of REASSOCIATE for the first reconnection to
avoid unnecessary long wait for temporary network disabling to be
cleared. In addition, wait for the disconnect event after issuing the
DISCONNECT commands to avoid issues due to any pending events during the
immediately following reconnection attempt.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-17 16:59:40 +02:00
Jouni Malinen
ee9533eb0e tests: EAP-MD5 server error cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-17 12:02:11 +02:00
Jouni Malinen
061cbb258f tests: domain_match checking against server certificate
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-14 15:45:18 +02:00
Jouni Malinen
37b4a66ce6 tests: Valid OCSP response with revoked and unknown cert status
This increases testing coverage for OCSP processing by confirming that
valid OCSP response showing revoked certificate status prevents
successful handshake completion. In addition, unknown certificate status
is verified to prevent connection if OCSP is required and allow
connection if OCSP is optional.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-12 00:19:21 +02:00
Jouni Malinen
4bf4e9db86 tests: Skip ap_wpa2_eap_ttls_server_cert_hash if probing not supported
The ca_cert="probe://" functionality is currently supported only with
OpenSSL.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-12 00:19:21 +02:00
Jouni Malinen
62750c3e80 tests: Use RSA key format in ap_wpa2_eap_tls_blob
This format as a DER encoded blob is supported by both OpenSSL and
GnuTLS while the previous OpenSSL specific format did not get accepted
by GnuTLS.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-12 00:19:21 +02:00
Jouni Malinen
24579e7047 tests: Split domain_suffix_match test cases based on match type
With GnuTLS, domain_suffix_match is currently requiring full match, so
split the test cases in a way that can be reported more cleanly as PASS
or SKIP based on TLS library behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-12 00:19:21 +02:00
Jouni Malinen
506b2f05f2 tests: Split subject_match and altsubject_match to separate test cases
These parameters are supported only with OpenSSL, so split any test case
that used those for a successful connection into two test cases. Skip
all test cases where these are used without the selected TLS library
supporting them to avoid reporting failures incorrectly. Though, verify
that subject_match and altsubject_match get rejected properly if TLS
library does not support these.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-12 00:19:21 +02:00
Jouni Malinen
3b51cc6359 tests: Skip EAP-pwd and EAP-FAST test cases if not supported
Check wpa_supplicant EAP capability and skip EAP-pwd and EAP-FAST test
cases if the build did not include support for these. This is cleaner
than reporting failures for such test cases when the selected TLS
library does not support the EAP method.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-12 00:19:21 +02:00
Jouni Malinen
a783340d04 tests: Skip OpenSSL cipher string tests with other TLS libraries
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-12 00:19:21 +02:00
Jouni Malinen
37d6135507 tests: Increase altsubject_match testing coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-11 00:27:01 +02:00
Jouni Malinen
81e787b750 tests: Convert test skipping to use exception
Instead of returning "skip" from the test function, raise the new
HwsimSkip exception to indicate a test case was skipped.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-08 22:43:47 +02:00
Jouni Malinen
750904dd42 tests: Extend EAP key lifetime in memory to cover MSK and EMSK
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-03 15:49:57 +02:00
Jouni Malinen
5b3c40a65b tests: Verify that wpa_supplicant clears keys from memory
Check that PMK and PTK and not left in memory (heap or stack)
unnecessarily after they are not needed anymore.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-30 10:37:02 +02:00
Jouni Malinen
5f35a5e27f tests: Add wait_connected() and wait_disconnected() helpers
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-20 13:10:09 +02:00
Jouni Malinen
2fc4749c91 tests: Verify that EAP-FAST PAC and TLS session ticket was used
This provides a regression test that would have caught the recent
issue with tls_openssl.c change breaking EAP-FAST.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-09 23:47:47 +02:00
Jouni Malinen
d463c5566f tests: Additional coverage for SCAN_RESULTS and BSS entry flags
This increases wpa_supplicant_ie_txt(), print_bss_info(), and
wpa_supplicant_ctrl_iface_scan_result() testing coverage to include the
previously missing key management options.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:06 +02:00
Jouni Malinen
47dcb1186f tests: Move external_sim reset to test cases that change this
This removes unnecessary reset() step from between every test case.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-11-28 23:02:29 +02:00
Jouni Malinen
a8375c94c0 tests: Pass wpas/hapd instance to test_connectivity()
This makes it easier to replace data connectivity testing to use
something else than local hwsim_test binary on the controller device.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-19 17:54:49 +03:00
Jouni Malinen
89f20842f6 tests: OpenSSL cipherlist configuration
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-12 11:59:04 +03:00
Jouni Malinen
c1d1b6998d tests: Update server and user certificates
The previous versions expired, so need to re-sign these to fix number of
the EAP test cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-09-30 00:40:23 +03:00
Jouni Malinen
9a5cfd7007 tests: No EAP fast session resumption between network blocks
Verify that EAP fast session resumption is skipped if the connection
uses a different network configuration than the last EAP connection.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-26 20:23:08 +03:00
Jouni Malinen
72cbc6847b tests: EAP-SIM external_sim error cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-21 19:43:11 +03:00
Jouni Malinen
d8e02214ea tests: EAP-AKA external_sim error cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-21 11:30:57 +03:00
Jouni Malinen
32747a3eee tests: EAP-SIM/AKA invalid Milenage key configuration
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-20 10:59:08 +03:00
Jouni Malinen
b246e2af79 tests: Non-ASCII EAP user identity
This is a regression test for printf_encode() bounds checking issues
that can now be caught under valgrind.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-06-02 17:36:51 +03:00
Jouni Malinen
745f87715e tests: Verify SQLite DB as hostapd EAP user database
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-26 17:21:43 +03:00
Jouni Malinen
c4d370117b tests: EAP-PEAP parameters
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-18 00:44:39 +03:00
Jouni Malinen
ea6464b07f tests: EAP-PEAP crypto_binding=0/1
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-18 00:33:59 +03:00
Jouni Malinen
873e7c297c tests: EAP-FAST using PAC file
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-18 00:28:31 +03:00