Commit graph

265 commits

Author SHA1 Message Date
Jouni Malinen
48797ff87c tests: Avoid a race condition in DPP retry validation
Wait a bit to allow stopping of the DPP_LISTEN operation to be completed
before issuing the DPP_QR_CODE command that would send the frame that
these test cases expect to not get ACKed.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-12-18 17:00:55 +02:00
Jouni Malinen
9579d4eff9 tests: Wait for AP/GO event in addition to STA
Wait for AP/GO to complete processing before taking the next step in a
test instead of waiting just for STA. This avoids race conditions with
UML time-travel.

Signed-off-by: Jouni Malinen <j@w1.fi>
2023-12-10 19:40:49 +02:00
Jouni Malinen
fe26b7559f tests: Allow more time for DPP Authentication with chirping iteration
Signed-off-by: Jouni Malinen <j@w1.fi>
2023-12-10 19:40:18 +02:00
Jouni Malinen
97f7f9ce9b tests: Make dpp_two_initiators more robust
This test case has a race condition between the first and second
initiated DPP exchange. New kernel scheduling with UML time-travel is
making the first exchange complete before the first one can be started.
Making this fully robust would likely need ext_mgmt_frame_handling=1 and
more complex test script, but as an initial workaround, split URI
parsing from dev[2] to happen before dev[1] is started so that only a
single DPP_AUTH_INIT command is needed during the race window.

In addition, detect the race condition and SKIP the test instead of
reporting FAIL.

Signed-off-by: Jouni Malinen <j@w1.fi>
2023-12-10 19:30:44 +02:00
Jouni Malinen
effe5bbff7 tests: Fix DPP test case skipping without CONFIG_DPP
dpp_config_legacy_gen_two_conf_psk and dpp_config_legacy_gen_two_conf
tried to set a DPP parameter before having verified that CONFIG_DPP was
used in the build.

Signed-off-by: Jouni Malinen <j@w1.fi>
2023-11-04 18:18:25 +02:00
Jouni Malinen
8dd272fded tests: Avoid race condition in DPP GAS protocol testing
Responder receives Authentication Request and Config Request in a
sequence and it is possible for the Config Request to be received before
MGMT_RX_PROCESS has been processed for Authentication Request in the
cases where the test script is in the middle of RX processing. This can
result in DPP-AUTH-SUCCESS being delivered only after the MGMT-RX event
for Config Reques which means that wait_auth_success() would lose that
MGMT-RX event.

Avoid this issue by caching the "extra" MGMT-RX event within
wait_auth_success() and having the caller verify if the Config Request
(GAS Initial Request) has already been received before waiting to
receive it.

This makes dpp_gas, dpp_gas_comeback_after_failure, and
dpp_gas_timeout_handling more robust.

Signed-off-by: Jouni Malinen <j@w1.fi>
2023-11-04 11:33:15 +02:00
Jouni Malinen
f3c4d2db1f tests: DPP Configurator and @CONF-OBJ-SEP@
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-22 17:08:57 +02:00
Jouni Malinen
1bc93b7fe3 tests: Clear SAE groups for dpp_ap_config_sae
This is needed to avoid failures due to previously executed test cases.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-17 16:20:20 +02:00
Jouni Malinen
2377d817da tests: DPP QR Code and hostapd as initiator/Configurator (offchannel)
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-12-18 21:07:56 +02:00
Jouni Malinen
ed68ac9301 tests: Public key hash information in authentication and AP association
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-29 16:37:54 +02:00
Jouni Malinen
ef11556242 tests: DPP Controller/Relay with chirping (duplicate)
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-28 16:42:21 +02:00
Jouni Malinen
bb171f0020 tests: DPP network introduction with PMKSA cleared on AP
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-20 11:08:26 +02:00
Jouni Malinen
1e602adabb tests: Add PMKSA cache entry again in dpp_akm_sha*
This is going to be needed once wpa_supplicant starts dropping the PMKSA
cache entry on status code 53 (invalid PMKID) rejection of association.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-20 11:08:26 +02:00
Jouni Malinen
14cc63295e tests: DPP AP configuration for SAE-only
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-03 12:34:16 +03:00
Jouni Malinen
8adcdd6593 tests: Temporary workaround for dpp_chirp_ap_5g
Configurator station seems to be unable to get the first Authentication
Request frame transmitted through mac80211_hwsim for some reason. It is
not really clear why this happens and why it started happening now, but
as a temporary workaround, wait a second here since that seems to avoid
this for some unknown reason.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-28 17:58:01 +03:00
Jouni Malinen
35587fa8f3 tests: DPP Controller/Relay with need to discover Controller
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-25 00:23:31 +03:00
Jouni Malinen
ca7892e98f tests: DPP Relay and adding/removing connection to a Controller
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-25 00:23:31 +03:00
Jouni Malinen
ff7cc1d490 tests: DPP Relay and dynamic Controller addition
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-23 16:58:00 +03:00
Jouni Malinen
dfa9183b11 tests: DPP reconfig after Controller-initiated operation through Relay
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-21 13:16:26 +03:00
Jouni Malinen
d86ed5b72b tests: Allow DPP_PKEX_REMOVE success in dpp_pkex_hostapd_errors
This is in preparation to allow the implementation in hostapd to be
changed to accept removal of PKEX information without indicating an
error after it have been automatically removed at the successful
completion of PKEX.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-19 23:28:33 +03:00
Jouni Malinen
f2bb0839fb test: DPP 3rd party config information
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-16 17:22:23 +03:00
Jouni Malinen
004b1ff47a tests: DPP Controller initiating through Relay
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-09 13:09:04 +03:00
Jouni Malinen
1004fb7ee4 tests: Testing functionality to discard DPP Public Action frames
This can be used to make sure wpa_supplicant does not process DPP
messages sent in Public Action frames when a test setup is targeting
DPP-over-TCP.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-24 23:30:39 +03:00
Jouni Malinen
e58dabbcfb tests: DPP URI with host info
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-19 17:55:25 +03:00
Jouni Malinen
cc821f1c32 tests: Check DPP in build for couple of missing cases
These test cases need to be skipped in DPP is not included in the build.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-18 11:11:29 +03:00
Juliusz Sosinowicz
af052e6e11 tests: Include additional tests for wolfSSL builds
Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2022-04-17 22:02:55 +03:00
Jouni Malinen
339aef0980 tests: DPP URI supported curves
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-04-14 16:59:15 +03:00
Jouni Malinen
7f661f942d tests: Make DPP relay tests more robust
Flush scan results to avoid failure caused by incorrect channel
selection based on an old result for the same BSSID. This was found with
the following test sequence:
ap_track_sta_no_auth dpp_network_intro_version_missing_req dpp_controller_relay_pkex

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-03-13 18:26:45 +02:00
Jouni Malinen
e792f38db8 tests: DPP PKEX with netAccessKey curve change
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-03-10 01:30:33 +02:00
Jouni Malinen
5ce5ed88a9 tests: Fix dpp_own_config_curve_mismatch to match implementation
This test case was assuming the Configurator would change the
netAccessKey curve every time based on the protocol keys, but that is
not the case anymore, so force that change here for a negative test.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-03-10 01:30:33 +02:00
Jouni Malinen
c4a36d050a tests: Fix dpp_intro_mismatch to match implementation
This test case was assuming the Configurator would change the
netAccessKey curve every time based on the protocol keys, but that is
not the case anymore, so force that change here for a negative test.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-03-10 01:30:33 +02:00
Jouni Malinen
800ae647df tests: Check DPP3 support in the build for netAccessKey curve changes
These test cases need to be skipped if CONFIG_DPP3=y is not defined in
the build.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-03-09 21:26:28 +02:00
Jouni Malinen
117dc4ea41 tests: DPP curve change for netAccessKey
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-03-09 01:07:59 +02:00
Jouni Malinen
346b490505 tests: DPP session clearing on failure during GAS request handling
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-02-15 16:41:25 +02:00
Jouni Malinen
b9897f1f3c tests: Clear AP scan cache after primary BSS on channel 40
A number of test cases using 40 MHz or wider channels with the primary
channel 36 were failing when executed after dpp_chirp_ap_5g since that
test case was running an AP on the channel 40 and resulting in need to
swap the primary and the secondary channels in the following test case.
Fix this by clearing the AP scan cache explicitly for such cases.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-02-15 00:34:55 +02:00
Jouni Malinen
3fb6b7fed6 tests: Increase the wait time of Configurator GAS timeout
dpp_gas_timeout could fail with an increased timeout for the
Configurator.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-02-04 00:23:19 +02:00
Jouni Malinen
8121cd3934 tests: Increase wait in dpp_qr_code_config_event_initiator_no_response
The DPP Enrollee might wait for up to 60 seconds for the configuration,
so use a longer timeout value to be able to cover this negative test
case where the Configurator never sends the response.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-02-04 00:23:19 +02:00
Jouni Malinen
263daa30b5 tests: DPP Configurator with config query
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-02-03 00:35:49 +02:00
Jouni Malinen
a8c43b1822 tests: Use check_sae_capab() where possible
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-02-01 18:16:35 +02:00
Jouni Malinen
008e177597 tests: Update DPP PKEX version indication style
Update test cases to match implementation.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-01-25 20:42:18 +02:00
Jouni Malinen
53fae01c8b tests: DPP PKEXv2 initiator fallback to v1 in hostapd
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-01-24 22:58:38 +02:00
Jouni Malinen
9a4feed2f8 tests: Update dpp_proto_after_wrapped_data_pkex_cr_req for PKEXv2
Check for both PKEX v1 and v2 variants of the message.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-01-24 22:58:38 +02:00
Jouni Malinen
bb6fa62b3f tests: Fix DPP PKEXv2 capability checks
At least for the time being PKEXv2 needs CONFIG_DPP3=y to work in a
testable manner. Couple of the test cases did not cover this correctly
and resulted in failures (instead of skipping the tests) when the
default build configuration was used. Fix that by checking for DPP
version 3.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2021-12-14 19:45:43 +02:00
Jouni Malinen
f373c7b93f tests: DPP PKEXv2
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2021-12-07 23:26:29 +02:00
Jouni Malinen
00b2fb2d04 tests: DPP3 protocol version during network introduction
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2021-12-03 21:24:59 +02:00
Jouni Malinen
77ddd38b66 DPP3: Add build option for version 3 functionality
CONFIG_DPP3=y can now be used to configure hostapd and wpa_supplicant
builds to include DPP version 3 functionality. This functionality is
still under design and the implementation is experimental and not
suitable to be enabled in production uses before the specification has
been finalized.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2021-12-03 21:24:59 +02:00
Cedric Izoard
fa193c1a73 tests: Fix DPP test cases for BoringSSL
When checking DPP capabilities the Brainpool flag was not always set
when needed, leading to run a test with the Brainpool curves not
supported by BoringSSL.

Use a short form for the DER length of EC privateKey with NIST P-521
curve. Indeed BoringSSL returns an error when parsing DER sequence 30 81
50 ... because the length 81 50 could have been encoded as 50 and
according comment in BoringSSL:
ITU-T X.690 section 10.1 (DER length forms) requires encoding the
length with the minimum number of octets.

Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
2021-11-03 15:48:45 +02:00
Cedric Izoard
2086ae46b3 DPP: Replace dpp_bootstrap_key_der() with crypto_ec_key_get_subject_public_key()
As BoringSSL version of i2d_PUBKEY() doesn't respect the
POINT_CONVERSION_COMPRESSED flag redefine a specific
crypto_ec_key_get_subject_public_key() version for BoringSSL based on
dpp_bootstrap_key_der().

The only other user of crypto_ec_key_get_subject_public_key() is SAE-PK
for which the public key should also be formatted using compressed
format.

Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
2021-11-03 15:45:00 +02:00
Cedric Izoard
c6f2103cac DPP: Replace dpp_get_pubkey_point() with crypto_ec_key_get_pubkey_point()
Move code of dpp_get_pubkey_point() to a crypto library specific
function crypto_ec_key_get_pubkey_point().

Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
2021-10-26 18:06:32 +03:00
Jouni Malinen
a47d484919 tests: DPP Controller management in hostapd over interface addition/removal
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-10-19 00:32:02 +03:00