Commit graph

325 commits

Author SHA1 Message Date
Jouni Malinen
b2a1e7fe7a tests: PEAP and TTLS phase2_auth behavior
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-07-17 21:25:06 +03:00
Jouni Malinen
9bad3c975d tests: Update server and user certificates (2023)
At least some of the previous versions have expired, so need to re-sign
these to avoid EAP test case failures. This contains updates from
running tests/hwsim/auth_server/update.sh.

Signed-off-by: Jouni Malinen <j@w1.fi>
2023-04-18 11:40:10 +03:00
Glenn Strauss
8e364713ef tests: Check IMSI privacy support using a helper function
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-11-20 17:23:10 +02:00
Jouni Malinen
b092d8ee63 tests: imsi_privacy_attr
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-25 20:19:52 +03:00
Jouni Malinen
99165cc4b0 Rename wpa_supplicant imsi_privacy_key configuration parameter
Use imsi_privacy_cert as the name of the configuration parameter for the
X.509v3 certificate that contains the RSA public key needed for IMSI
privacy. The only allowed format for this information is a PEM-encoded
X.509 certificate, so the previous name was somewhat confusing.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-24 00:44:03 +03:00
Jouni Malinen
426932f061 tests: EAP-AKA and expired imsi_privacy_key
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-24 00:34:08 +03:00
Juliusz Sosinowicz
3890fa5031 tests: Enable additional TLS test cases with wolfSSL
Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2022-05-01 17:27:11 +03:00
Jouni Malinen
924fa4c5d9 tests: IMSI privacy with imsi_privacy_key on peer
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-01 16:25:16 +03:00
Jouni Malinen
9dd2ea5368 tests: IMSI privacy with imsi_identity
Add RSA public key (in an X.509v3 certificate) and private key for IMSI
privacy. These were generated with
openssl req -new -x509 -sha256 -newkey rsa:2048 -nodes -days 7500 \
	-keyout imsi-privacy-key.pem -out imsi-privacy-cert.pem

Test the case where wpa_supplicant side RSA-OAEP operation for IMSI
privacy is done in an external component while the hostapd (EAP server)
processing of the encrypted identity is internal.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-01 16:25:16 +03:00
Juliusz Sosinowicz
af052e6e11 tests: Include additional tests for wolfSSL builds
Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2022-04-17 22:02:55 +03:00
Jouni Malinen
698c05da2b tests: Update server and user certificates (2022)
The previous versions are going to be expiring soon, so need to re-sign
these to avoid EAP test case failures. This contains updates from
running tests/hwsim/auth_server/update.sh.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-16 13:22:16 +03:00
Jouni Malinen
b08d100de6 tests: Remove test cases for wpa_supplicant dh_file parameter
This parameter has no impact to TLS client functionality, so these is
not really any point to maintain these test cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-15 23:42:15 +03:00
Jouni Malinen
6c9e76e58a tests: Fix ap_wpa2_eap_fast_eap_vendor to check EAP-FAST support in build
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-15 13:49:19 +03:00
Jouni Malinen
7310995d87 tests: EAP-TLSv1.3 with OCSP stapling
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-04-07 00:47:31 +03:00
Jouni Malinen
1ba0043034 tests: EAP-TLSv1.3 and fragmentation
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-04-07 00:47:31 +03:00
Jouni Malinen
202842b8b3 tests: EAP-TLSv1.3 and missing protected success indication
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-04-07 00:45:40 +03:00
Jouni Malinen
f5fcac731f tests: Update capability checks to include OpenSSL 3.0
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-01-11 17:42:55 +02:00
Jouni Malinen
2bbc5a2b09 tests: wpa_supplicant config blobs and PEM encoding
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-08-19 17:41:13 +03:00
Jouni Malinen
6162890798 tests: Update server and user certificates (2020)
The previous versions expired, so need to re-sign these to fix number of
the EAP test cases. This contains updates from running
tests/hwsim/auth_server/update.sh.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-05-03 20:03:28 +03:00
Jouni Malinen
aa6a50849c tests: EAP-SIM with decorated anonymous identity
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-03-19 21:12:43 +02:00
Jouni Malinen
cf47a43335 tests: EAP-SIM DB error cases (SQLite)
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-07 17:58:14 +02:00
Jouni Malinen
b54410127d tests: hapd->tmp_eap_user clearing on interface deinit/reinit
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-06 11:45:48 +02:00
Jouni Malinen
8d80aa3fca tests: Fix openssl_systemwide_policy cleanup
Need to close the WpaSupplicant instance on the extra radio before
returning from this test case since that interface is going to be
removed and WpaSupplicant.__del__() can time out on trying to detach the
monitor connection after that.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-03-01 12:34:05 +02:00
Jouni Malinen
fcdf5d93ea tests: EAP-TTLS and PEAP with TLS 1.3
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-02-20 18:00:54 +02:00
Jouni Malinen
0f84a56219 tests: More explicit TLS version enabling in version tests
This is needed to allow the test cases to work on systems using
secpolicy=2 default (e.g., Ubuntu 20.04).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-09-08 19:32:36 +03:00
Jouni Malinen
f636bc3abc tests: Skip TOD-TOFU/STRICT tests if build does not support this
This functionality is currently available only with OpenSSL and internal
TLS implementation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-05-16 21:58:10 +03:00
Jouni Malinen
82f2e3ddce tests: Move from 1024 bit private keys to 2048 bit keys
Crypto libraries are starting to refuse to accept the old shorter keys,
so move all test certificates and DH to use 2048 bit (or longer) keys.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-05-03 18:21:13 +03:00
Jouni Malinen
7e88ed8e2d tests: Use function decorator to clean up --long processing
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-18 11:35:32 +03:00
Jouni Malinen
48ac765919 tests: ap_wpa2_eap_assoc_rsn to allow TKIP-disabled hostapd build
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-17 23:51:58 +03:00
Jouni Malinen
21cf2c5baf tests: Skip more tests based on missing TKIP support
This makes it more convenient to run tests with builds that disable
TKIP/WPA(v1) support completely.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-17 23:51:58 +03:00
Jouni Malinen
431e5d5819 tests: Add forgotten step to ap_wpa3_eap_transition_disable
This was supposed to be included, but was forgotten in an editor window
with pending changes..

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-26 00:57:40 +02:00
Jouni Malinen
5cf5680e5c tests: Transition disable
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-26 00:22:57 +02:00
Alexander Wetzel
5742d12d4a tests: Allow PTK0 rekey for tests
Verify PTK0 rekey blocking is working as intended.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-02-23 13:11:02 +02:00
Jouni Malinen
e0d9f5fc15 tests: Replace tabs with spaces in python indentation
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-03 02:03:32 +02:00
Jouni Malinen
362889638b tests: Check for TLS EC support in build
These test cases need to be skipped with CONFIG_TLS=internal.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-26 16:54:07 +02:00
Jouni Malinen
09f96acb9d tests: PSK/EAP without nl80211 control port
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-05 21:31:33 +02:00
Jouni Malinen
d07ca835cb tests: Move ocsp-resp-*-signed*.der generation into test case
There is no need to generate these OCSP responses for every single test
session. Generate these more dynamically if a test case that uses these
files is executed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-12-27 20:14:02 +02:00
Jouni Malinen
b6bb4cd8c5 tests: Move ocsp-server-cache-{revoked,unknown}.der generation into test case
There is no need to generate these OCSP responses for every single test
session. Generate these more dynamically if a test case that uses these
files is executed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-12-27 20:14:02 +02:00
Jouni Malinen
662c2fa01a tests: Use the run_openssl() helper for running openssl
This avoids unnecessary duplication of the same functionality to run
openssl and check result.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-12-27 20:14:02 +02:00
Jouni Malinen
47ccb9ce24 tests: Move ocsp-server-cache-key-id.der generation into test case
There is no need to generate this OCSP response for every single test
session. Generate this more dynamically if the test case that uses the
particular file is executed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-12-27 20:14:02 +02:00
Jouni Malinen
b472fe2973 tests: Update server and user certificates (2019)
The previous versions expired, so need to re-sign these to fix number of
the EAP test cases. This contains updates from running
tests/hwsim/auth_server/update.sh.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-04 16:03:04 +03:00
Jouni Malinen
e0ee87c706 tests: Too many EAP roundtrips (server)
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-09-01 17:19:35 +03:00
Jouni Malinen
e6edadba86 tests: ap_wpa2_eap_too_many_roundtrips to use shorter fragment
This is needed with the increased maximum EAP round limit since the
server side sends out longer messages in this exchange and that prevent
the short message limit from being reached.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-18 17:46:34 +03:00
Jouni Malinen
8315c1ef5b tests: Vendor EAP method in Phase 2
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-17 16:18:33 +03:00
Jouni Malinen
b02f0f88fb tests: TOD-TOFU policy reporting
Also rename the previously added test case to use the TOD-STRICT name
for the earlier policy OID.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-16 16:40:36 +03:00
Jouni Malinen
6379bd6acf tests: Server checking CRL with check_crl_strict=0
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-11 16:37:48 +03:00
Jouni Malinen
ce30a79a14 tests: private_key_passwd2 in hostapd configuration
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-11 16:37:48 +03:00
Jouni Malinen
3bfa7f798b tests: Additional tls_flags coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-10 17:22:32 +03:00
Jouni Malinen
3948417305 tests: Additional EAP-GPSK local error case coverage
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-07 00:04:45 +03:00
Jouni Malinen
938c6e7b3d tests: Wait for AP-STA-CONNECT before running connectivity test
When going through 4-way handshake, the station side reports
CTRL-EVENT-CONNECTED after having sent out EAPOL-Key msg 4/4. The AP
side reports AP-STA-CONNECT after having completed processing of this
frame. Especially when using UML with time travel, it is possible for
the connectivity test to be started before the AP side has configured
the pairwise TK if the test is triggered based on CTRL-EVENT-CONNECTED
instead of AP-STA-CONNECT.

Add explicit wait for AP-STA-CONNECT in some of these cases to reduce
likelihood of reporting failures for test cases that are actually
behaving as expected. This shows up with "dev1->dev2 unicast data
delivery failed" in the test log.

Do the same before requesting reauthentication from the station side
since that has a similar issue with the EAPOL-Start frame getting
encrypted before the AP is ready for it.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-05 00:10:32 +03:00