Commit graph

125 commits

Author SHA1 Message Date
Jouni Malinen
9bad3c975d tests: Update server and user certificates (2023)
At least some of the previous versions have expired, so need to re-sign
these to avoid EAP test case failures. This contains updates from
running tests/hwsim/auth_server/update.sh.

Signed-off-by: Jouni Malinen <j@w1.fi>
2023-04-18 11:40:10 +03:00
Jouni Malinen
22a5d615ba tests: HS 2.0 deauthentication imminent with and without URL timing
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-21 22:57:51 +02:00
Jouni Malinen
3550696160 tests: Add forgotten files for expired IMSI privacy cert tests
Fixes: 426932f061 ("tests: EAP-AKA and expired imsi_privacy_key")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-24 21:16:36 +03:00
Jouni Malinen
9dd2ea5368 tests: IMSI privacy with imsi_identity
Add RSA public key (in an X.509v3 certificate) and private key for IMSI
privacy. These were generated with
openssl req -new -x509 -sha256 -newkey rsa:2048 -nodes -days 7500 \
	-keyout imsi-privacy-key.pem -out imsi-privacy-cert.pem

Test the case where wpa_supplicant side RSA-OAEP operation for IMSI
privacy is done in an external component while the hostapd (EAP server)
processing of the encrypted identity is internal.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-01 16:25:16 +03:00
Jouni Malinen
698c05da2b tests: Update server and user certificates (2022)
The previous versions are going to be expiring soon, so need to re-sign
these to avoid EAP test case failures. This contains updates from
running tests/hwsim/auth_server/update.sh.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-16 13:22:16 +03:00
Arowa Suliman
ed5e1b7223 Replace "dummy" with "stub" in comments/documentation
Replace the word "dummy" with the inclusive word "stub".

Signed-off-by: Arowa Suliman <arowa@chromium.org>
2021-10-11 20:52:50 +03:00
Jouni Malinen
af89683a43 tests: Update RSA 3k certificates
The previous ones expired and caused test failures.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-08-19 13:57:53 +03:00
Jouni Malinen
6162890798 tests: Update server and user certificates (2020)
The previous versions expired, so need to re-sign these to fix number of
the EAP test cases. This contains updates from running
tests/hwsim/auth_server/update.sh.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-05-03 20:03:28 +03:00
Jouni Malinen
49de30404e tests: Fix ap_wpa2_eap_tls_ocsp_multi_revoked
The index-revoked.txt file had not been updated when the server
certificate was updated.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-14 13:46:03 +02:00
Jouni Malinen
948bd894f7 tests: EAP-TEAP with client certificate in Phase 1
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-06-20 18:08:12 +03:00
Jouni Malinen
82f2e3ddce tests: Move from 1024 bit private keys to 2048 bit keys
Crypto libraries are starting to refuse to accept the old shorter keys,
so move all test certificates and DH to use 2048 bit (or longer) keys.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-05-03 18:21:13 +03:00
Jouni Malinen
b5c28af431 tests: Remove unnecessary copying of ocsp-multi-server-cache.der
This file is not being modified, so the original one from the auth_serv
directory can be used directly.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-12-27 20:14:02 +02:00
Jouni Malinen
b472fe2973 tests: Update server and user certificates (2019)
The previous versions expired, so need to re-sign these to fix number of
the EAP test cases. This contains updates from running
tests/hwsim/auth_server/update.sh.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-04 16:03:04 +03:00
Jouni Malinen
4619dc0607 tests: EAP-TEAP with machine username/password credential
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-20 13:24:14 +03:00
Jouni Malinen
8315c1ef5b tests: Vendor EAP method in Phase 2
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-17 16:18:33 +03:00
Jouni Malinen
eec147dccb tests: Update RSA 3k certificates before the previous ones expire
In addition, update the generation script to allow convenient update of
the server and user certificates without having to generate new keys.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-16 16:40:36 +03:00
Jouni Malinen
b1dfe96ae1 tests: Add a server certificate with TOD-TOFU policy
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-16 16:40:36 +03:00
Jouni Malinen
6379bd6acf tests: Server checking CRL with check_crl_strict=0
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-11 16:37:48 +03:00
Jouni Malinen
aeb7ab8edb tests: Additional EAP-TEAP coverage
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-07 01:19:00 +03:00
Jouni Malinen
90270e15cb tests: EAP-TEAP
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-07-09 16:56:02 +03:00
Jouni Malinen
82b9de98c3 tests: Add a server certificate with TOD policy
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-12 22:29:09 +03:00
Jouni Malinen
78ed42d8a2 tests: ERP/FILS with external hostapd process as RADIUS server
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-06 16:47:38 +03:00
Jouni Malinen
cdc23db2a6 tests: PEAP/GTC key lifetime in memory
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-05 23:34:30 +02:00
Jouni Malinen
671c390a23 tests: Fix multi-ocsp response conents
These were not updated when the server certificates were updated the
last time (or the previous time).

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-05 03:01:38 +02:00
Jouni Malinen
fb643190dc tests: dot1xAuthSessionUserName
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-01-01 21:29:25 +02:00
Jouni Malinen
1dd66fc103 tests: Update server and user certificates (2018)
The previous versions expired, so need to re-sign these to fix number of
the EAP test cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-10-04 01:16:55 +03:00
Jouni Malinen
ed83029c29 tests: Move hs20_t_c_server_url parameter from AP to AS
This is needed with the modified hostapd implementation to fix the
ap_hs20_terms_and_conditions* test cases.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-06-21 20:52:54 +03:00
Jouni Malinen
5e597ed9f0 tests: EAP-pwd with salted passwords
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-05-28 22:15:20 +03:00
Jouni Malinen
1150d0756a tests: Enable TLS v1.3 explicitly in the authentication server
For testing purposes, enable TLS v1.3 in the authentication server so
that the protocol version can be controlled from wpa_supplicant side
more easily.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-05-01 22:13:38 +03:00
Jouni Malinen
045c7c6817 tests: Hotspot 2.0 Terms and Conditions signaling - CoA
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-04-25 12:57:46 +03:00
Jouni Malinen
0f7fc6b98d tests: Hotspot 2.0 Terms and Conditions signaling
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-04-24 00:35:47 +03:00
Michael Braun
9c50a6d3a3 tests: FT-EAP with VLAN
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2018-04-06 19:01:16 +03:00
Jouni Malinen
b70a3fc169 tests: Add the EC root CA private keys to repository
These were forgotten from the initial commit adding the EC PKI.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-01-12 22:42:23 +02:00
Jouni Malinen
7fd583d62c tests: Suite B 192-bit RSA validation with 2048-bit client cert
Verify that unexpected 2048-bit RSA client certificate gets rejected by
the RADIUS server if the server is configured to use Suite B at 192-bit
level.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-01-12 22:40:55 +02:00
Jouni Malinen
9ec824b9c1 tests: Suite B 192-bit validation with p256 client cert
Verify that unexpected p256 client certificate gets rejected if the
server is configured to use Suite B at 192-bit level.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-01-12 20:30:07 +02:00
Jouni Malinen
b4635f0a61 tests: GnuTLS configuration of intermediate CA certificate
GnuTLS seems to require the intermediate CA certificate to be included
both in the ca_cert and client_cert file for the cases of server and
client certificates using different intermediate CA certificates. Use
the user_and_ica.pem file with GnuTLS builds and reorder the
certificates in that file to make this work with GnuTLS.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-29 12:01:22 +02:00
Jouni Malinen
0ba13e8613 tests: Update server and user certificates (2017)
The previous versions expired, so need to re-sign these to fix number of
the EAP test cases. In addition, add a shell script (update.sh) and the
needed CA files to automate this full update process.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-01 18:47:02 +03:00
Jouni Malinen
78b6be046d tests: Suite B with RSA keys
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-09-18 12:12:48 +03:00
Jouni Malinen
cc8330b88b tests: Write MSK dump files from authentication server
This makes it easier to post-process frame capture files if frames need
to be decrypted in test cases that do not configure wlantest with the
PMK directly (i.e., mainly the cases when a RADIUS server is used).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-09-05 19:29:01 +03:00
Jouni Malinen
0a0c4dc1d7 tests: Use a domain name in the identity for get_emsk OOM tests
These test cases depend on ERP processing to reach the get_emsk handler
function. Since ERP really needs the realm to derive a proper
keyName-NAI, modify these test cases to pass the realm part in the
identity to allow error checking to be introduced for rejecting ERP
cases where the realm is not available.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-05-22 13:51:07 +03:00
Jouni Malinen
c90c62e5d3 tests: hostapd authentication server test cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-05 16:51:04 +02:00
Jouni Malinen
209527aeed tests: Renew expired server certificates
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-18 21:39:01 +02:00
Jouni Malinen
f22bc11846 tests: EAP-SIM tunneled within EAP-TTLS/PEAP/FAST
This verifies both the internal and external GSM authentication
operation when EAP-SIM is tunneled within EAP-TTLS/PEAP/FAST.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-10 19:48:12 +02:00
Jouni Malinen
49897fb065 tests: Invalid VLAN ID from RADIUS server for ACL
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-26 18:39:49 +02:00
Jouni Malinen
5b71cb552b tests: Update server and user certificates (2015)
The previous versions expired, so need to re-sign these to fix number of
the EAP test cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-09-30 22:45:03 +03:00
Jouni Malinen
604f559ae4 tests: Hotspot 2.0 and failures during profile configuration
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-07-04 17:49:57 +03:00
Jouni Malinen
8b29661192 tests: Accept "user@example.com" as user identity similarly to "user"
This is needed to allow updated Interworking behavior that adds the
realm to the EAP-Response/Identity value.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-11 21:06:15 +02:00
Jouni Malinen
71fd685fb8 tests: Set ocsp_stapling_response_multi in as2.conf
This keeps the as.conf and as2.conf more consistent.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-09 19:49:24 +02:00
Michael Braun
3fdb5005f5 tests: Tagged-VLAN only change on reauthentication
Check VLAN ID change during reauthentication when using tagged-only
configuration.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-02-27 21:49:27 +02:00
Jouni Malinen
78dd5c11ac tests: Renew expired certificates
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-19 18:44:39 +02:00