Commit graph

4407 commits

Author SHA1 Message Date
Ilan Peer
24b4c3abef tests: Extend SAE-EXT-KEY testing
Extend the SAE-EXT-KEY testing to also cover GCMP-256.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2022-12-16 22:37:31 +02:00
Jouni Malinen
6cc0a885c8 tests: require_he=1
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-12-16 20:31:14 +02:00
Aloka Dixit
96ab7529c1 tests: MBSSID and EMA
Add test cases for MBSSID functionality with EMA.

Add helper functions to create the configuration file, start hostapd
instance and client association with the transmitting interface.

he_ap_mbssid_open: 4 VAPs with open security in multiple BSSID
configuration. The first interface transmits beacons and probe responses
which include the multiple BSSID element(s) with remaining profiles.

he_ap_mbssid_same_security: 2 VAPs, all with SAE. In such a case the
Multiple BSSID elements in management frames do not include RSN and RSNE
elements as all non-transmitting profiles have exact same security
configuration as the transmitting interface.

he_ap_mbssid_mixed_security{1,2}: 8 VAPs with mixed security
configurations (SAE, OWE, WPA2-PSK, open). he_ap_mbssid_mixed_security1:
Transmitting interface uses SAE. In this case the non-transmitting
profiles will include non inheritance element (IEEE Std 802.11-2020,
9.4.2.240) wherever the security differs from the transmitting profile.
he_ap_mbssid_mixed_security2: Transmitting profile is open hence no need
for the non inheritance elements. Instead each non-transmitting profile
includes RSN, RSNE if applicable.

he_ap_ema: Enhanced multi-BSS advertisements (EMA) with 8 VAPs all with
SAE configuration.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
2022-12-02 23:06:32 +02:00
Daniel Gabay
bb67d5b52b AP: Add testing option to delay EAPOL Tx
Add a testing option to delay EAPOL-Key messages 1/4 and 3/4. By setting
delay_eapol_tx=1, the actual EAPOL Tx will occur on the last possible
attempt (wpa_pairwise_update_count) thus all previous attempts will fail
on timeout which is the wanted delay.

In addition, add an hwsim test that uses this testing option to verify
that non protected Robust Action frames are dropped prior to keys
installation in MFP.

Signed-off-by: Daniel Gabay <daniel.gabay@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2022-12-02 13:07:03 +02:00
Jouni Malinen
12d8b8a91e tests: EAP-TEAP with and without EAP method sequence optimization
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-12-01 17:53:05 +02:00
Andrei Otcheretianski
1b025bda57 tests: Extend EHT estimated throughput testing
Add a basic test to verify AP selection algorithm with EHT AP.

Signed-off-by: Ayala Beker <ayala.beker@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2022-11-30 20:33:44 +02:00
Jouni Malinen
ed68ac9301 tests: Public key hash information in authentication and AP association
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-29 16:37:54 +02:00
Jouni Malinen
8de2881426 tests: Automatic channel selection for 40 MHz channel (HE)
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-28 23:31:36 +02:00
Jouni Malinen
cd4be06c2b tests: Random MAC address per ESS (mac_addr=3)
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-28 19:10:40 +02:00
Jouni Malinen
ef11556242 tests: DPP Controller/Relay with chirping (duplicate)
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-28 16:42:21 +02:00
Johannes Berg
48c7e04be6 tests: Add mode for running UML kernel under gdb
The new --gdb option can be used when KERNELDIR (and optionally
MODULEDIR) are set and we therefore run UML. It runs the entire
VM under the debugger, with a script to load the right modules
into gdb so you can debug easily.

This needs CONFIG_GDB_SCRIPTS=y to be used in the kernel build.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2022-11-28 15:43:00 +02:00
Jouni Malinen
74874275dc tests: hostapd behavior with second BSS bridge interface already existing
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-28 11:39:06 +02:00
Jouni Malinen
e174ec7a07 tests: Check hostapd PID file removal in all cases
Only one of the test cases was doing this, but it's more robust for all
the cases using dynamically started hostapd process to do same.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-27 15:54:26 +02:00
Raphaël Mélotte
e7829e4466 tests: Add ap_reload_bss_only
The test checks that when the SSID of a BSS is changed using
SET+RELOAD_BSS, the stations already connected to other BSSes on the
same radio are not disconnected.

It also checks that stations can connect using the new SSID after the
reload.

Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
2022-11-27 15:51:08 +02:00
Raphaël Mélotte
1a27b8838a tests: Add ap_config_reload_on_sighup_config_id
The test checks that when reloading the configuration with SIGHUP,
stations that are connected to BSSes whose config_id did not change are
not disconnected. It also checks that for the BSSes that have a
different config_id and SSID, the new SSID is applied correctly.

Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
2022-11-27 15:44:58 +02:00
Raphaël Mélotte
34e4a17b48 tests: Add iface_params and bss_params to write_hostapd_config()
To make it easier to write custom hostapd configuration files, add
"iface_params" and "bss_params".

They are both meant to be lists of parameters that the user can supply
to append additional parameters to the configuration file.

Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
2022-11-27 15:43:53 +02:00
Jouni Malinen
af97aaa503 tests: Random MAC address with two APs
This verifies locally generated deauthentication determination when the
MAC address changes.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-27 14:18:53 +02:00
Damien Dejean
f5ce680ee6 D-Bus: Hotspot 2.0 credentials with multiple domains
Add the support of multiple domains for interworking credentials in
D-Bus API AddCred() using an array of strings.

Signed-off-by: Damien Dejean <damiendejean@chromium.org>
2022-11-27 14:18:53 +02:00
Jouni Malinen
e5dfce38f7 RSN: Split EAPOL-Key group msg 1/2 processing more completely for WPA(v1)
Separate more of WPA(v1) functionality away from the RSN processing
code path.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-27 14:18:53 +02:00
Jouni Malinen
5ab43c738e RSN: Split WPA(v1) processing of EAPOL-Key frames into a separate function
This is a step in separating RSN and WPA(v1) processing of EAPOL-Key
frames into separate functions. This allows the implementation to be
simplified and potentially allows the validation rules to be made
stricter more easily. This is also a step towards allowing WPA(v1)
functionality to be removed from the build in the future.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-27 08:30:58 +02:00
Damien Dejean
5f89fffb76 tests: New Passpoint Home OI parameters
Move testing to use the new Home OI parameters while maintaining a
couple of tests for the deprecated parameters.

Signed-off-by: Damien Dejean <damiendejean@chromium.org>
2022-11-26 18:59:10 +02:00
Jouni Malinen
bb9099785e tests: WPS PBC provisioning with configured AP and passive scanning
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-24 18:54:33 +02:00
Jouni Malinen
00bd744ed5 tests: OCV on 2.4 GHz with PMF getting enabled automatically on STA
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-24 17:21:08 +02:00
Jouni Malinen
7c62bccc6e tests: SAE and preferred AP using wrong password
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-24 12:06:59 +02:00
Jouni Malinen
22a5d615ba tests: HS 2.0 deauthentication imminent with and without URL timing
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-21 22:57:51 +02:00
Glenn Strauss
8e364713ef tests: Check IMSI privacy support using a helper function
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-11-20 17:23:10 +02:00
Jouni Malinen
bb171f0020 tests: DPP network introduction with PMKSA cleared on AP
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-20 11:08:26 +02:00
Jouni Malinen
1e602adabb tests: Add PMKSA cache entry again in dpp_akm_sha*
This is going to be needed once wpa_supplicant starts dropping the PMKSA
cache entry on status code 53 (invalid PMKID) rejection of association.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-20 11:08:26 +02:00
Jouni Malinen
f49b604555 tests: Fix pasn-init fuzz tester build
Change of the wpas_pasn_start() prototype did not update the fuzzer
tool.

Fixes: 309765eb66 ("PASN: Use separate variables for BSSID and peer address")
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-19 17:21:45 +02:00
Jouni Malinen
6cb34798f8 tests: SAE-EXT-KEY, H2E, and rejected groups indication
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-10 21:13:05 +02:00
Jouni Malinen
252729d902 tests: Random MAC address with PMKSA caching
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-10 21:13:05 +02:00
Jouni Malinen
f1f796a39f tests: hostapd dump_msk_file
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-10 21:13:05 +02:00
Jouni Malinen
1e0b7379d6 tests: FT with mobility domain changes
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-09 00:54:41 +02:00
Jouni Malinen
bbe5f0c1eb FT: Do not try to use FT protocol between mobility domains
wpa_supplicant has support for only a single FT key hierarchy and as
such, cannot use more than a single mobility domain at a time. Do not
allow FT protocol to be started if there is a request to reassociate to
a different BSS within the same ESS if that BSS is in a different
mobility domain. This results in the initial mobility domain association
being used whenever moving to another mobility domain.

While it would be possible to add support for multiple FT key hierachies
and multiple mobility domains in theory, there does not yet seem to be
sufficient justification to add the complexity needed for that due to
limited, if any, deployment of such networks. As such, it is simplest to
just prevent these attempts for now and start with a clean initial
mobility domain association.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-09 00:54:41 +02:00
Jouni Malinen
0ccb3b6cf2 tests: External password storage for SAE
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-07 14:02:55 +02:00
Veerendranath Jakkam
08512e5f35 MLD STA: Extend key configuration functions to support Link ID
Add support to specify a Link ID for set key operation for MLO
connection. This does not change the existing uses and only provides the
mechanism for extension in following commits.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-11-06 23:36:49 +02:00
Jouni Malinen
66d7f554e2 tests: Fuzz testing for PASN
Add test tools for fuzzing PASN initiator and responder handling of
received PASN Authentication frames.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-06 17:22:14 +02:00
Jouni Malinen
2e840fb2ab tests: Fix CC and CFLAGS default processing for fuzzing
"make LIBFUZZER=y" was supposed to set CC and CFLAGS to working values
by default if not overridden by something external. That did not seem to
work since the defaults from the other build system components ended up
setting these variables before the checks here. Fix this by replacing
the known default values for non-fuzzing builds.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-06 17:11:47 +02:00
Jeffery Miller
c6f8af507e Add option to disable SAE key_mgmt without PMF
Add the `sae_check_mfp` global option to limit SAE when PMF will
not be selected for the connection.
With this option SAE is avoided when the hardware is not capable
of PMF due to missing ciphers.
With this option SAE is avoided on capable hardware when the AP
does not enable PMF.

Allows falling back to PSK on drivers with the
WPA_DRIVER_FLAGS_SAE capability but do not support the BIP cipher
necessary for PMF. This enables configurations that can fall back
to WPA-PSK and avoid problems associating with APs configured
with `sae_require_mfp=1`.

Useful when `pmf=1` and `sae_check_mfp=1` are enabled and networks
are configured with ieee80211w=3 (default) and key_mgmt="WPA-PSK SAE".
In this configuration if the device is unable to use PMF due to
lacking BIP group ciphers it will avoid SAE and fallback to
WPA-PSK for that connection.

Signed-off-by: Jeffery Miller <jefferymiller@google.com>
2022-11-05 17:48:17 +02:00
Jouni Malinen
a3094ef80d tests: Allow more time for sigma_dut sta_reassoc commands
When these are issued while associated, scanning all channels can take a
significant amount of time. That happened to work for existing test
cases somewhat by accident since the scan was sometimes limited to only
the current operating channel. However, that is now changing and the
following two test cases started failing with the change, so make them
wait longer:
sigma_dut_sae_pw_id_ft sigma_dut_ft_rsnxe_used_mismatch

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-05 13:43:06 +02:00
Shivani Baranwal
ef10a574d6 tests: P2P persistent group formation with extended listen
Add a new P2P persistent group formation, re-invocation, and cancel test
to verify that P2P_EXT_LISTEN is avoided and the scan is performed in
the P2P Client role to find the P2P GO for the ongoing P2P persistent
group formation on the current interface.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2022-11-05 12:17:23 +02:00
Jouni Malinen
ab22b676a5 tests: FT-SAE-EXT-KEY
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-16 17:43:38 +03:00
Jouni Malinen
2e0400061f tests: wpa_supplicant AP mode with pmf=1/2
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-10 12:34:04 +03:00
Jouni Malinen
97104a6588 tests: Clear sae_groups when SAE could be used
This makes sigma_dut_ap_dpp_qr* test cases with SAE more robust by
avoiding unexpected behavior. This was found with the following test
sequence:
mesh_sae_anti_clogging sigma_dut_ap_dpp_qr_sae

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-07 20:59:34 +03:00
Jouni Malinen
db46138de4 tests: sigma_dut DPP reconfiguration using SAE (Enrollee)
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-07 19:44:48 +03:00
Jouni Malinen
5007766d78 tests: Clear vendor elements at the end of wpas_ap_vendor_elems
This is needed to avoid surprises in the following test cases. This was
found with a failure in the following test sequence:
wpas_ap_vendor_elems p2p_ext_discovery_go

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-05 00:22:52 +03:00
Jouni Malinen
56321c0ac2 tests: Make sigma_dut_dpp_qr_mutual_resp_enrollee_connector_privacy more robust
Clear the dpp_connector_privacy_default parameter value that sigma_dut
set in wpa_supplicant at the end of the test case to avoid surprising
behavior for the following test cases. This was found with a failure in
the following test sequence:
sigma_dut_dpp_qr_mutual_resp_enrollee_connector_privacy
sigma_dut_dpp_proto_peer_disc_req

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-05 00:22:27 +03:00
Jouni Malinen
ca94fd70c8 tests: sigma_dut and DPP AP provisioning with SAE
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-03 19:20:21 +03:00
Jouni Malinen
14cc63295e tests: DPP AP configuration for SAE-only
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-03 12:34:16 +03:00
Jouni Malinen
6ef455db67 tests: Automatic channel selection and 2.4 GHz channel 14
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-23 00:25:24 +03:00