This test case was checking the exact key info bits in EAPOL-Key frames
during PTK rekeying as such, needs to be updated to match the
implementation change on the Secure bit setting.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
There was a possible race condition here between the hostapd request
transmission and wpa_supplicant response command. Wait for the
wpa_supplicant event that indicates reception of the request before
issuing the DSCP_RESP command to avoid failures.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This information was already available from the nl80211 control port RX
path, but it was not provided to upper layers within wpa_supplicant and
hostapd. It can be helpful, so parse the information from the driver
event.
Signed-off-by: Jouni Malinen <j@w1.fi>
The wpa_supplicant implementation for this functionality is going to be
changed to not require disconnection, so prepare the test case to not
fail.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add RSA public key (in an X.509v3 certificate) and private key for IMSI
privacy. These were generated with
openssl req -new -x509 -sha256 -newkey rsa:2048 -nodes -days 7500 \
-keyout imsi-privacy-key.pem -out imsi-privacy-cert.pem
Test the case where wpa_supplicant side RSA-OAEP operation for IMSI
privacy is done in an external component while the hostapd (EAP server)
processing of the encrypted identity is internal.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
These were testing only of SAE, not SAE-PK capability, and needs to be
skipped in SAE-PK is not included in the build.
Signed-off-by: Jouni Malinen <j@w1.fi>
We don't particularly care about the quality of random numbers
during the test. So far, there hasn't been an issue with the
RNG not being initialized completely, we only get a few prints
about uninitialized reads from urandom. However, if some tool
were to actually use /dev/random, it might get stuck. Call the
RNDADDTOENTCNT ioctl to unblock this.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The previous versions are going to be expiring soon, so need to re-sign
these to avoid EAP test case failures. This contains updates from
running tests/hwsim/auth_server/update.sh.
Signed-off-by: Jouni Malinen <j@w1.fi>
This parameter has no impact to TLS client functionality, so these is
not really any point to maintain these test cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
BoringSSL does not support group 25, so replace these cases with a
supported group 20 to meet the real testing need here.
Signed-off-by: Jouni Malinen <j@w1.fi>
BoringSSL is known not to support this option, so skip it to allow rest
of the test case to be performed without known failures.
Signed-off-by: Jouni Malinen <j@w1.fi>
git has started rejecting repositories owned by other users and refusing
to run the "git rev-parse HEAD" command in this type of cases. That
resulted in issues with the VM testing model where the VM is practically
running everything as root while the host is a normal development
environment and likely a non-root user owned files.
Fix this by fetching the commitid on the host and pass it to the VM so
that no git operations need to be run within the VM itself.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Do not add the --commit argument if the current git commitid cannot be
determined. This prevents complete failure to run the tests if the git
command cannot be used for some reason (like a recent change that
stopped allowing root user within the VM from running the git operation
for the case where the host system uses non-root account).
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Flush scan results to avoid failure caused by incorrect channel
selection based on an old result for the same BSSID. This was found with
the following test sequence:
ap_track_sta_no_auth dpp_network_intro_version_missing_req dpp_controller_relay_pkex
Signed-off-by: Jouni Malinen <j@w1.fi>
The first sock.recv() may return both the status,RUNNING and the
following status line if the sigma_dut process ends up being faster in
writing the result than the test script is in reading the result. This
resulted in unexpected behavior and odd error messages when parsing the
result in the test cases. Fix this by dropping the status,RUNNING line
from the result in case the buffer includes multiple lines.
Signed-off-by: Jouni Malinen <j@w1.fi>
This test case was assuming the Configurator would change the
netAccessKey curve every time based on the protocol keys, but that is
not the case anymore, so force that change here for a negative test.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This test case was assuming the Configurator would change the
netAccessKey curve every time based on the protocol keys, but that is
not the case anymore, so force that change here for a negative test.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>