Commit graph

4319 commits

Author SHA1 Message Date
Jouni Malinen
b092d8ee63 tests: imsi_privacy_attr
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-25 20:19:52 +03:00
Jouni Malinen
1004fb7ee4 tests: Testing functionality to discard DPP Public Action frames
This can be used to make sure wpa_supplicant does not process DPP
messages sent in Public Action frames when a test setup is targeting
DPP-over-TCP.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-24 23:30:39 +03:00
Jouni Malinen
3550696160 tests: Add forgotten files for expired IMSI privacy cert tests
Fixes: 426932f061 ("tests: EAP-AKA and expired imsi_privacy_key")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-24 21:16:36 +03:00
Jouni Malinen
b9a222cdd7 tests: sigma_dut and DPP curve-from-URI special functionality
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-24 12:49:27 +03:00
Jouni Malinen
fa36e7ee48 tests: sigma_dut controlled STA and EAP-AKA parameters
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-24 00:44:03 +03:00
Jouni Malinen
99165cc4b0 Rename wpa_supplicant imsi_privacy_key configuration parameter
Use imsi_privacy_cert as the name of the configuration parameter for the
X.509v3 certificate that contains the RSA public key needed for IMSI
privacy. The only allowed format for this information is a PEM-encoded
X.509 certificate, so the previous name was somewhat confusing.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-24 00:44:03 +03:00
Jouni Malinen
dde7f90a41 tests: Update VM setup example to use Ubuntu 22.04 and UML
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-24 00:34:08 +03:00
Jouni Malinen
426932f061 tests: EAP-AKA and expired imsi_privacy_key
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-24 00:34:08 +03:00
Johannes Berg
39e6623082 tests: Work around reentrant logging issues due to __del__ misuse
Unfortunately, some objects (WlantestCapture, WpaSupplicant
and wpaspy.Ctrl) use __del__ and actually have some logic
there. This is more or less wrong, and we should be using
context managers for it. However, cleaning that up is a
pretty large task.

Unfortunately, __del__ can cause reentrant logging which is
wrong too, because it might be invoked while in the middle
of a logging call, and the __del__ of these objects closes
connections and logs while doing that.

Since we're (likely) using cpython, we can work around this
by explicitly calling gc.collect() in a context where the
logging and close is fine, not only ensuring that all the
connections are closed properly before the next test, but
also fixing the issue with reentrant logging.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2022-05-22 11:46:57 +03:00
Jouni Malinen
72641f924e tests: Clean up failed test list in parallel-vm.py
Instead of printing a very long line of the failed tests, print the test
case names on separate lines up to the number of available lines at the
bottom of the screen. This avoids some issues with curses and overlong
lines. Furthermore, display the last failed test cases instead of
somewhat confusing sequence of test case names from the VMs.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-22 11:43:38 +03:00
Jouni Malinen
e36a7c7940 tests: Support pycryptodome
This is a drop-in replacement for pycrypto and the only version that is
now available in Ubuntu 22.04.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-22 11:08:59 +03:00
Jouni Malinen
a44744d3bb tests: Set ECB mode for AES explicitly to work with cryptodome
AES.new() needs the mode to be set explicitly.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-22 11:08:23 +03:00
Jouni Malinen
e90ea900a9 tests: sigma_dut DPP TCP Configurator as initiator with addr from URI
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-19 22:54:44 +03:00
Jouni Malinen
e58dabbcfb tests: DPP URI with host info
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-19 17:55:25 +03:00
Jouni Malinen
7173992b96 tests: Flush scan table in ap_wps_priority to make it more robust
This test case could fail if there was an old BSS entry from a previous
test case in the scan results.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-16 19:09:23 +03:00
Jouni Malinen
b9313e17e8 tests: Update ap_wpa2_psk_ext_delayed_ptk_rekey to match implementation
This test case was checking the exact key info bits in EAPOL-Key frames
during PTK rekeying as such, needs to be updated to match the
implementation change on the Secure bit setting.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-16 19:06:47 +03:00
Jouni Malinen
d2ce1b4d6c tests: Wait for request before responding in dscp_response
There was a possible race condition here between the hostapd request
transmission and wpa_supplicant response command. Wait for the
wpa_supplicant event that indicates reception of the request before
issuing the DSCP_RESP command to avoid failures.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-09 11:45:33 +03:00
Ilan Peer
95f4935739 tests: Add coverage for testing disabling collocated 6 GHz scan
Extend 'scan' test to cover 'non_coloc_6ghz' parsing.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2022-05-07 21:37:08 +03:00
Jouni Malinen
29dcebea70 tests: WPA2-EAP AP with PMF and EAP frame injection
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-07 21:37:08 +03:00
Jouni Malinen
18c0ac8901 Provide information about the encryption status of received EAPOL frames
This information was already available from the nl80211 control port RX
path, but it was not provided to upper layers within wpa_supplicant and
hostapd. It can be helpful, so parse the information from the driver
event.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-07 21:37:03 +03:00
Jouni Malinen
8bbd62afe4 tests: PMF and EAPOL-Key msg 1/4 injection
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-07 18:54:09 +03:00
Jouni Malinen
f8967ece23 tests: Do not require disconnection in ap_wpa2_psk_supp_proto_msg_1_invalid_kde
The wpa_supplicant implementation for this functionality is going to be
changed to not require disconnection, so prepare the test case to not
fail.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-07 18:54:09 +03:00
Jouni Malinen
4f0cff704b tests: WPA2-PSK with PMF and Association Request frame injection
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-07 18:54:09 +03:00
Veerendranath Jakkam
9d07b9447e tests: EHT open connection
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-05-05 13:26:05 +03:00
Juliusz Sosinowicz
3890fa5031 tests: Enable additional TLS test cases with wolfSSL
Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2022-05-01 17:27:11 +03:00
Juliusz Sosinowicz
b3333a9f4c tests: Add a note for wolfSSL testing with Brainpool curves
Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2022-05-01 17:02:31 +03:00
Jouni Malinen
924fa4c5d9 tests: IMSI privacy with imsi_privacy_key on peer
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-01 16:25:16 +03:00
Jouni Malinen
9dd2ea5368 tests: IMSI privacy with imsi_identity
Add RSA public key (in an X.509v3 certificate) and private key for IMSI
privacy. These were generated with
openssl req -new -x509 -sha256 -newkey rsa:2048 -nodes -days 7500 \
	-keyout imsi-privacy-key.pem -out imsi-privacy-cert.pem

Test the case where wpa_supplicant side RSA-OAEP operation for IMSI
privacy is done in an external component while the hostapd (EAP server)
processing of the encrypted identity is internal.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-01 16:25:16 +03:00
Jouni Malinen
894b0a120f tests: HE with 20 MHz channel width on 6 GHz
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-04-29 11:19:43 +03:00
Jouni Malinen
794011d465 tests: Update regulatory database to VMs
Update the wireless-regdb database to the wireless-regdb.git version of
2022-04-08.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-04-29 11:19:43 +03:00
Jouni Malinen
b5b5a3951a tests: MBO and dynamic association disallowed change with passive scanning
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-24 12:12:21 +03:00
Jouni Malinen
387b341ead tests: Fix SAE-PK capability checks for sigma_dut test cases
These were testing only of SAE, not SAE-PK capability, and needs to be
skipped in SAE-PK is not included in the build.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-18 11:20:33 +03:00
Jouni Malinen
cc821f1c32 tests: Check DPP in build for couple of missing cases
These test cases need to be skipped in DPP is not included in the build.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-18 11:11:29 +03:00
Juliusz Sosinowicz
af052e6e11 tests: Include additional tests for wolfSSL builds
Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2022-04-17 22:02:55 +03:00
Juliusz Sosinowicz
1cda3e76fc tests: Include EAP-pwd for wolfSSL builds
Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2022-04-17 22:02:55 +03:00
Johannes Berg
2f336ca580 tests: Pretend the RNG is initialized withinthe VM
We don't particularly care about the quality of random numbers
during the test. So far, there hasn't been an issue with the
RNG not being initialized completely, we only get a few prints
about uninitialized reads from urandom. However, if some tool
were to actually use /dev/random, it might get stuck. Call the
RNDADDTOENTCNT ioctl to unblock this.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2022-04-16 16:51:54 +03:00
Jouni Malinen
698c05da2b tests: Update server and user certificates (2022)
The previous versions are going to be expiring soon, so need to re-sign
these to avoid EAP test case failures. This contains updates from
running tests/hwsim/auth_server/update.sh.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-16 13:22:16 +03:00
Jouni Malinen
86877bbc32 tests: Remove unused DH file from TLS client fuzzer
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-15 23:42:15 +03:00
Jouni Malinen
b08d100de6 tests: Remove test cases for wpa_supplicant dh_file parameter
This parameter has no impact to TLS client functionality, so these is
not really any point to maintain these test cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-15 23:42:15 +03:00
Jouni Malinen
6c9e76e58a tests: Fix ap_wpa2_eap_fast_eap_vendor to check EAP-FAST support in build
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-15 13:49:19 +03:00
Jouni Malinen
e9078209c4 tests: Use group 20 instead of 25 in some SAE test cases
BoringSSL does not support group 25, so replace these cases with a
supported group 20 to meet the real testing need here.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-15 13:47:58 +03:00
Jouni Malinen
ae301fd37a tests: Skip sigma_dut_suite_b_rsa DHE case with BoringSSL
BoringSSL is known not to support this option, so skip it to allow rest
of the test case to be performed without known failures.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-15 13:43:30 +03:00
Jouni Malinen
26dd47f1d1 tests: Skip sae_pwe_group_25 with BoringSSL
BoringSSL does not support this 192-bit EC group, so do not try to run
the test case that is known to fail.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-15 13:36:35 +03:00
Jouni Malinen
3f94dcdd1a tests: Build with LibreSSL 3.4
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-15 13:00:26 +03:00
Jouni Malinen
364022ddef tests: sigma_dut DPP URI curves list override
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-04-14 17:06:02 +03:00
Jouni Malinen
339aef0980 tests: DPP URI supported curves
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-04-14 16:59:15 +03:00
Jouni Malinen
73b41762d0 tests: Fetch commitid on the host when running tests in a VM
git has started rejecting repositories owned by other users and refusing
to run the "git rev-parse HEAD" command in this type of cases. That
resulted in issues with the VM testing model where the VM is practically
running everything as root while the host is a normal development
environment and likely a non-root user owned files.

Fix this by fetching the commitid on the host and pass it to the VM so
that no git operations need to be run within the VM itself.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-04-14 11:59:22 +03:00
Jouni Malinen
58701128e8 tests: Handle git rev-parse failures more robustly
Do not add the --commit argument if the current git commitid cannot be
determined. This prevents complete failure to run the tests if the git
command cannot be used for some reason (like a recent change that
stopped allowing root user within the VM from running the git operation
for the case where the host system uses non-root account).

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-04-14 11:50:41 +03:00
Jouni Malinen
658296ea5b tests: Use build_beacon_request() to make beacon request more readable
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-09 19:37:58 +03:00
Jouni Malinen
060a522576 tests: Beacon request - active scan mode and NO_IR channel
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-09 19:17:00 +03:00