jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
hostap/tests/hwsim/start.sh

240 lines
6.9 KiB
Bash
Raw Normal View History

tests: Add forgotten new files to the repository Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-27 13:40:10 +01:00
#!/bin/sh
DIR="$( cd "$( dirname "$0" )" && pwd )"
WPAS=$DIR/../../wpa_supplicant/wpa_supplicant
tests: Wait for hostapd/wpa_supplicant to reply at start Instead of waiting for a fixed duration, poll hostapd/wpa_supplicant through the control interface until they are ready to reply in order to avoid starting test case execution too early. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-08-26 15:47:15 +02:00
WPACLI=$DIR/../../wpa_supplicant/wpa_cli
tests: Add forgotten new files to the repository Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-27 13:40:10 +01:00
HAPD=$DIR/../../hostapd/hostapd
tests: Collect code coverage separately from each component in vm Use a more robust design for collecting the gcov logs from the case where test cases are run within a virtual machine. This generates a writable-from-vm build tree for each component separately so that the lcov and gcov can easily find the matching source code and data files. In addition, prepare the reports automatically at the end of the vm-run.sh --codecov execution. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-27 09:16:50 +01:00
HAPD_AS=$DIR/../../hostapd/hostapd
tests: Verify that hostapd-as-RADIUS-server started Large number of test cases will fail if hostapd fails to start as the RADIUS server. To make this more obvious, verify that the RADIUS server instance is running and do not even start test execution if the setup if not work properly. Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-25 12:30:54 +01:00
HAPDCLI=$DIR/../../hostapd/hostapd_cli
tests: Add forgotten new files to the repository Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-27 13:40:10 +01:00
WLANTEST=$DIR/../../wlantest/wlantest
tests: Start RADIUS authentication server This can be used to run WPA2-Enterprise test cases. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-29 18:14:16 +02:00
HLR_AUC_GW=$DIR/../../hostapd/hlr_auc_gw
tests: Fix current log dir symbolic link Fix updating of the current symbolic link when LOGDIR is already set. The current symbolic link was only set, if LOGDIR has not been previously defined. If the user had chosen to cancel the running test iteration and run it again by running start.sh again, the current symbolic link was not updated. Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
2014-02-27 16:18:36 +01:00
DATE="$(date +%s)"
tests: Add forgotten new files to the repository Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-27 13:40:10 +01:00
tests: Allow specifying LOGDIR for hwsim scripts Instead of hardcoding logs/, allow putting LOGDIR into the environment. This helps run tests in a VM where the rootfs might be mounted read-only. Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-10-30 14:55:58 +01:00
if [ -z "$LOGDIR" ] ; then
tests: Use a symlink for default LOGDIR between scripts This allows run-tests.py to use the same logs/<date> default logdir as start.sh which is quite convenient for manual test runs. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-31 13:27:57 +01:00
LOGDIR="$DIR/logs/$DATE"
hwsim tests: Move logging into timestamped subdirectory Instead of logging many files called "<timestamp>-*", log into a new "<timestamp>/*" in the logs/ subdirectory and only put the last-debug file into logs/. If a LOGDIR is specified in the environment, instead just put everything into that directory (so the caller should make sure to give it a timestamp or so) and skip the creation of last-debug entirely. Also clean up a bit and pass the LOGDIR from run-all.sh to start.sh rather than having start.sh create the timestamp and run-all.sh detect the latest one when having run start.sh. Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-10-30 22:08:10 +01:00
mkdir -p $LOGDIR
tests: Collect code coverage separately from each component in vm Use a more robust design for collecting the gcov logs from the case where test cases are run within a virtual machine. This generates a writable-from-vm build tree for each component separately so that the lcov and gcov can easily find the matching source code and data files. In addition, prepare the reports automatically at the end of the vm-run.sh --codecov execution. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-27 09:16:50 +01:00
else
if [ -e $LOGDIR/alt-wpa_supplicant/wpa_supplicant/wpa_supplicant ]; then
WPAS=$LOGDIR/alt-wpa_supplicant/wpa_supplicant/wpa_supplicant
tests: Fix --codecov cases to find correct wpa_cli/hostapd_cli It was possible for the separate builds to not include wpa_cli/hostapd_cli in the default location. Make sure hostapd_cli gets built for --codecov cases and update both WPACLI and HAPDCLI paths to match the alternative location. Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-29 14:47:08 +01:00
WPACLI=$LOGDIR/alt-wpa_supplicant/wpa_supplicant/wpa_cli
tests: Extra coverage for command line arguments The results for these are not currently verified, but this allows --codecov runs to get more coverage for the command line argument parsers. Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-14 11:24:15 +01:00
# extra code coverage
$WPAS > /dev/null 2>&1
$WPAS -efoo -Ifoo -mfoo -ofoo -Ofoo -pfoo -Pfoo -h > /dev/null 2>&1
$WPAS -bfoo -B -Cfoo -q -W -N -L > /dev/null 2>&1
$WPAS -T -v > /dev/null 2>&1
$WPAS -u -z > /dev/null 2>&1
tests: Collect code coverage separately from each component in vm Use a more robust design for collecting the gcov logs from the case where test cases are run within a virtual machine. This generates a writable-from-vm build tree for each component separately so that the lcov and gcov can easily find the matching source code and data files. In addition, prepare the reports automatically at the end of the vm-run.sh --codecov execution. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-27 09:16:50 +01:00
fi
if [ -e $LOGDIR/alt-hostapd/hostapd/hostapd ]; then
HAPD=$LOGDIR/alt-hostapd/hostapd/hostapd
tests: Fix --codecov cases to find correct wpa_cli/hostapd_cli It was possible for the separate builds to not include wpa_cli/hostapd_cli in the default location. Make sure hostapd_cli gets built for --codecov cases and update both WPACLI and HAPDCLI paths to match the alternative location. Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-29 14:47:08 +01:00
HAPDCLI=$LOGDIR/alt-hostapd/hostapd/hostapd_cli
tests: Extra coverage for command line arguments The results for these are not currently verified, but this allows --codecov runs to get more coverage for the command line argument parsers. Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-14 11:24:15 +01:00
# extra code coverage
$HAPD > /dev/null 2>&1
$HAPD -v > /dev/null 2>&1
$HAPD -B -efoo -Pfoo -T -bfoo -h > /dev/null 2>&1
$HAPD -ufoo > /dev/null 2>&1
$HAPD -u00:11:22:33:44:55 > /dev/null 2>&1
$HAPD -gfoo > /dev/null 2>&1
$HAPD -Gfoo-not-exists > /dev/null 2>&1
$HAPD -z > /dev/null 2>&1
tests: Collect code coverage separately from each component in vm Use a more robust design for collecting the gcov logs from the case where test cases are run within a virtual machine. This generates a writable-from-vm build tree for each component separately so that the lcov and gcov can easily find the matching source code and data files. In addition, prepare the reports automatically at the end of the vm-run.sh --codecov execution. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-27 09:16:50 +01:00
fi
if [ -e $LOGDIR/alt-hostapd-as/hostapd/hostapd ]; then
HAPD_AS=$LOGDIR/alt-hostapd-as/hostapd/hostapd
tests: Build hlr_auc_gw separately for code coverage analysis This improves accuracy of the code coverage reports with hostapd-as-AS and hlr_auc_gw getting analyzed separately. Signed-off-by: Jouni Malinen <j@w1.fi>
2014-02-15 16:07:35 +01:00
fi
if [ -e $LOGDIR/alt-hlr_auc_gw/hostapd/hlr_auc_gw ]; then
HLR_AUC_GW=$LOGDIR/alt-hlr_auc_gw/hostapd/hlr_auc_gw
tests: Extra coverage for command line arguments The results for these are not currently verified, but this allows --codecov runs to get more coverage for the command line argument parsers. Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-14 11:24:15 +01:00
# extra code coverage
$HLR_AUC_GW > /dev/null 2>&1
$HLR_AUC_GW -Dfoo -i7 -sfoo -h > /dev/null 2>&1
$HLR_AUC_GW -i100 > /dev/null 2>&1
$HLR_AUC_GW -z > /dev/null 2>&1
tests: Collect code coverage separately from each component in vm Use a more robust design for collecting the gcov logs from the case where test cases are run within a virtual machine. This generates a writable-from-vm build tree for each component separately so that the lcov and gcov can easily find the matching source code and data files. In addition, prepare the reports automatically at the end of the vm-run.sh --codecov execution. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-27 09:16:50 +01:00
fi
tests: Allow specifying LOGDIR for hwsim scripts Instead of hardcoding logs/, allow putting LOGDIR into the environment. This helps run tests in a VM where the rootfs might be mounted read-only. Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-10-30 14:55:58 +01:00
fi
tests: Fix current log dir symbolic link Fix updating of the current symbolic link when LOGDIR is already set. The current symbolic link was only set, if LOGDIR has not been previously defined. If the user had chosen to cancel the running test iteration and run it again by running start.sh again, the current symbolic link was not updated. Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
2014-02-27 16:18:36 +01:00
if test -w "$DIR/logs" ; then
rm -rf $DIR/logs/current
ln -sf $DATE $DIR/logs/current
fi
tests: Auto detect group name Some older systems used admin group, but adm group seems to be more common nowadays, so detect this automatically rather than assume admin group is used. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-29 15:41:17 +02:00
if groups | tr ' ' "\n" | grep -q ^admin$; then
GROUP=admin
else
GROUP=adm
fi
tests: Use proper admin group in start.sh wpa_supplicant configuration files had a hardcoded GROUP=admin. The start.sh script failed on a system without admin group (some systems have it named adm). Generate configuration files with appropriate GROUP in the log dir and use them. Signed-hostap: Michal Kazior <michal.kazior@tieto.com>
2013-11-08 08:13:14 +01:00
for i in 0 1 2; do
sed "s/ GROUP=.*$/ GROUP=$GROUP/" "$DIR/p2p$i.conf" > "$LOGDIR/p2p$i.conf"
done
tests: Generate a fresh OCSP response for each test run GnuTLS has a hardcoded three day limit on OCSP response age regardless of the next update value in the response. To make this work in the test scripts, try to generate a new response when starting the authentication server. The old mechanism of a response without next update value is used as a backup option if openssl is not available or fails to generate the response for some reason. Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-11 19:17:51 +01:00
sed "s/group=admin/group=$GROUP/;s%LOGDIR%$LOGDIR%g" "$DIR/auth_serv/as.conf" > "$LOGDIR/as.conf"
sed "s/group=admin/group=$GROUP/;s%LOGDIR%$LOGDIR%g" "$DIR/auth_serv/as2.conf" > "$LOGDIR/as2.conf"
tests: Verify RADIUS server MIB values Enable hostapd control interface for the RADIUS server instance and verify that the RADIUS server MIB counters are incremented. Signed-off-by: Jouni Malinen <j@w1.fi>
2014-02-15 14:57:21 +01:00
tests: Merge start-p2p-concurrent.sh functionality into start.sh Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-29 15:37:25 +02:00
if [ "$1" = "valgrind" ]; then
tests: Add option to run test cases under valgrind/concurrent P2P ./run-all.sh can now take an optional argument to select whether to run all test cases as before (default), to run these under valgrind ("valgrind"), to run P2P test cases with concurrent station interface ("concurrent"), or the concurrent P2P test cases under valgrind ("concurrent-valgrind"). valgrind cases report errors if a test case fails or valgrind reports an error. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-08-24 19:33:21 +02:00
VALGRIND=y
hwsim tests: Move logging into timestamped subdirectory Instead of logging many files called "<timestamp>-*", log into a new "<timestamp>/*" in the logs/ subdirectory and only put the last-debug file into logs/. If a LOGDIR is specified in the environment, instead just put everything into that directory (so the caller should make sure to give it a timestamp or so) and skip the creation of last-debug entirely. Also clean up a bit and pass the LOGDIR from run-all.sh to start.sh rather than having start.sh create the timestamp and run-all.sh detect the latest one when having run start.sh. Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-10-30 22:08:10 +01:00
VALGRIND_WPAS="valgrind --log-file=$LOGDIR/valgrind-wlan%d"
VALGRIND_HAPD="valgrind --log-file=$LOGDIR/valgrind-hostapd"
tests: Silence chmod errors These will fail if used on a readonly file system and are only needed for valgrind runs. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-10-30 18:55:00 +01:00
chmod -f a+rx $WPAS
chmod -f a+rx $HAPD
tests: Run hostapd-AS under valgrind if requested Previously, only hostapd-AP and wpa_supplicant processed were run under valgrind when valgrind testing was enabled. Extend this to include hostapd as authentication server. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-06-02 15:20:08 +02:00
chmod -f a+rx $HAPD_AS
HAPD_AS="valgrind --log-file=$LOGDIR/valgrind-auth-serv $HAPD_AS"
tests: Merge start-p2p-concurrent.sh functionality into start.sh Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-29 15:37:25 +02:00
shift
tests: Add option to run test cases under valgrind/concurrent P2P ./run-all.sh can now take an optional argument to select whether to run all test cases as before (default), to run these under valgrind ("valgrind"), to run P2P test cases with concurrent station interface ("concurrent"), or the concurrent P2P test cases under valgrind ("concurrent-valgrind"). valgrind cases report errors if a test case fails or valgrind reports an error. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-08-24 19:33:21 +02:00
else
unset VALGRIND
tests: Reduce duplication in startup code Instead of hard-coding four different cases, use variables (and printf) to reduce the duplication. Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-10-30 18:43:59 +01:00
VALGRIND_WPAS=
VALGRIND_HAPD=
tests: Add option to run test cases under valgrind/concurrent P2P ./run-all.sh can now take an optional argument to select whether to run all test cases as before (default), to run these under valgrind ("valgrind"), to run P2P test cases with concurrent station interface ("concurrent"), or the concurrent P2P test cases under valgrind ("concurrent-valgrind"). valgrind cases report errors if a test case fails or valgrind reports an error. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-08-24 19:33:21 +02:00
fi
tests: Merge start-p2p-concurrent.sh functionality into start.sh Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-29 15:37:25 +02:00
if [ "$1" = "trace" ]; then
tests: Add support for using Linux kernel tracing functionality run-all.sh and start.sh scripts can now take 'trace' command line argument to request Linux tracing information from mac80211, cfg80211, and wpa_supplicant to be recorded. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-28 09:36:56 +02:00
TRACE="T"
tests: Merge start-p2p-concurrent.sh functionality into start.sh Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-29 15:37:25 +02:00
shift
tests: Add support for using Linux kernel tracing functionality run-all.sh and start.sh scripts can now take 'trace' command line argument to request Linux tracing information from mac80211, cfg80211, and wpa_supplicant to be recorded. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-28 09:36:56 +02:00
else
TRACE=""
fi
tests: Rename stop-wifi.sh to stop.sh This makes script naming more consistent with start.sh. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-02 14:39:25 +01:00
$DIR/stop.sh
tests: Add channels argument to run-all.sh and start.sh Add an option to run-all.sh and start.sh to get as an argument the number of concurrent channels that mac80211_hwsim will be loaded with. To start mac80211_hwsim with more than one channel, the following parameter should be added to command line: channels=<num_channels> The default is one channel (no concurrent channels). The driver should be loaded with multi channel support in order to run some tests. Signed-off-by: Haim Dreyfuss <haim.dreyfuss@intel.com>
2014-06-10 19:50:29 +02:00
TMP=$1
if [ x${TMP%=[0-9]*} = "xchannels" ]; then
NUM_CH=${TMP#channels=}
shift
else
NUM_CH=1
fi
tests: Add FST module tests Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-08-05 17:25:59 +02:00
test -f /proc/modules && sudo modprobe mac80211_hwsim radios=7 channels=$NUM_CH support_p2p_device=0
tests: Add forgotten new files to the repository Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-27 13:40:10 +01:00
sudo ifconfig hwsim0 up
tests: Use wlantest without capture file write buffering This makes the run_tshark() operations more reliable while still allowing to reduce the extra wait by forcing wlantest to flush the packets to the pcapng file. Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-26 23:12:38 +01:00
sudo $WLANTEST -i hwsim0 -n $LOGDIR/hwsim0.pcapng -c -dtN -L $LOGDIR/hwsim0 &
tests: Reduce duplication in startup code Instead of hard-coding four different cases, use variables (and printf) to reduce the duplication. Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-10-30 18:43:59 +01:00
for i in 0 1 2; do
tests: Enable wpa_supplicant D-Bus support for hwsim tests This allows automated testing of the wpa_supplicant D-Bus interface. The instance controlling wlan0 registers with D-Bus if dbus-daemon was started successfully. This is only used in VM testing, i.e., not when run-tests.sh is used on the host system with D-Bus running for normal system purposes. Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-26 16:44:24 +01:00
DBUSARG=""
if [ $i = "0" -a -r /var/run/dbus/pid -a -r /var/run/dbus/hwsim-test ]; then
if $WPAS | grep -q -- -u; then
DBUSARG="-u"
fi
fi
tests: Use proper admin group in start.sh wpa_supplicant configuration files had a hardcoded GROUP=admin. The start.sh script failed on a system without admin group (some systems have it named adm). Generate configuration files with appropriate GROUP in the log dir and use them. Signed-hostap: Michal Kazior <michal.kazior@tieto.com>
2013-11-08 08:13:14 +01:00
sudo $(printf -- "$VALGRIND_WPAS" $i) $WPAS -g /tmp/wpas-wlan$i -G$GROUP -Dnl80211 -iwlan$i -c $LOGDIR/p2p$i.conf \
tests: Enable wpa_supplicant D-Bus support for hwsim tests This allows automated testing of the wpa_supplicant D-Bus interface. The instance controlling wlan0 registers with D-Bus if dbus-daemon was started successfully. This is only used in VM testing, i.e., not when run-tests.sh is used on the host system with D-Bus running for normal system purposes. Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-26 16:44:24 +01:00
-ddKt$TRACE -f $LOGDIR/log$i $DBUSARG &
tests: Reduce duplication in startup code Instead of hard-coding four different cases, use variables (and printf) to reduce the duplication. Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-10-30 18:43:59 +01:00
done
tests: Verify dynamic wpa_supplicant interface addition/removal Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-30 22:08:25 +01:00
sudo $(printf -- "$VALGRIND_WPAS" 5) $WPAS -g /tmp/wpas-wlan5 -G$GROUP \
-ddKt$TRACE -f $LOGDIR/log5 &
tests: Fix hostapd debug level Remove the duplicated -ddKt command line argument to avoid setting hostapd debug level to EXCESSIVE. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-03 16:53:52 +02:00
sudo $VALGRIND_HAPD $HAPD -ddKt$TRACE -g /var/run/hostapd-global -G $GROUP -f $LOGDIR/hostapd &
tests: Reduce duplication in startup code Instead of hard-coding four different cases, use variables (and printf) to reduce the duplication. Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-10-30 18:43:59 +01:00
tests: Start RADIUS authentication server This can be used to run WPA2-Enterprise test cases. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-29 18:14:16 +02:00
if [ -x $HLR_AUC_GW ]; then
tests: Update hlr_auc_gw Milenage file This increases hlr_auc_gw.c test coverage and allows the SQN updated to be checked if desired. Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-30 15:25:27 +02:00
cp $DIR/auth_serv/hlr_auc_gw.milenage_db $LOGDIR/hlr_auc_gw.milenage_db
sudo $HLR_AUC_GW -u -m $LOGDIR/hlr_auc_gw.milenage_db -g $DIR/auth_serv/hlr_auc_gw.gsm > $LOGDIR/hlr_auc_gw &
tests: Start RADIUS authentication server This can be used to run WPA2-Enterprise test cases. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-29 18:14:16 +02:00
fi
tests: Generate a fresh OCSP response for each test run GnuTLS has a hardcoded three day limit on OCSP response age regardless of the next update value in the response. To make this work in the test scripts, try to generate a new response when starting the authentication server. The old mechanism of a response without next update value is used as a backup option if openssl is not available or fails to generate the response for some reason. Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-11 19:17:51 +01:00
openssl ocsp -index $DIR/auth_serv/index.txt \
-rsigner $DIR/auth_serv/ocsp-responder.pem \
-rkey $DIR/auth_serv/ocsp-responder.key \
-CA $DIR/auth_serv/ca.pem \
-issuer $DIR/auth_serv/ca.pem \
-verify_other $DIR/auth_serv/ca.pem -trust_other \
-ndays 7 \
-reqin $DIR/auth_serv/ocsp-req.der \
-respout $LOGDIR/ocsp-server-cache.der > $LOGDIR/ocsp.log 2>&1
if [ ! -r $LOGDIR/ocsp-server-cache.der ]; then
cp $DIR/auth_serv/ocsp-server-cache.der $LOGDIR/ocsp-server-cache.der
fi
tests: Valid OCSP response with revoked and unknown cert status This increases testing coverage for OCSP processing by confirming that valid OCSP response showing revoked certificate status prevents successful handshake completion. In addition, unknown certificate status is verified to prevent connection if OCSP is required and allow connection if OCSP is optional. Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-11 22:13:35 +01:00
tests: Minimal testing of OCSP stapling with ocsp_multi Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-22 18:33:18 +01:00
cp $DIR/auth_serv/ocsp-multi-server-cache.der $LOGDIR/ocsp-multi-server-cache.der
tests: OCSP certificate signed OCSP response using key ID Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-16 23:48:59 +01:00
openssl ocsp -index $DIR/auth_serv/index.txt \
-rsigner $DIR/auth_serv/ocsp-responder.pem \
-rkey $DIR/auth_serv/ocsp-responder.key \
-resp_key_id \
-CA $DIR/auth_serv/ca.pem \
-issuer $DIR/auth_serv/ca.pem \
-verify_other $DIR/auth_serv/ca.pem -trust_other \
-ndays 7 \
-reqin $DIR/auth_serv/ocsp-req.der \
-respout $LOGDIR/ocsp-server-cache-key-id.der > $LOGDIR/ocsp.log 2>&1
tests: Valid OCSP response with revoked and unknown cert status This increases testing coverage for OCSP processing by confirming that valid OCSP response showing revoked certificate status prevents successful handshake completion. In addition, unknown certificate status is verified to prevent connection if OCSP is required and allow connection if OCSP is optional. Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-11 22:13:35 +01:00
for i in unknown revoked; do
openssl ocsp -index $DIR/auth_serv/index-$i.txt \
-rsigner $DIR/auth_serv/ocsp-responder.pem \
-rkey $DIR/auth_serv/ocsp-responder.key \
-CA $DIR/auth_serv/ca.pem \
-issuer $DIR/auth_serv/ca.pem \
-verify_other $DIR/auth_serv/ca.pem -trust_other \
-ndays 7 \
-reqin $DIR/auth_serv/ocsp-req.der \
-respout $LOGDIR/ocsp-server-cache-$i.der >> $LOGDIR/ocsp.log 2>&1
done
tests: Additional OCSP coverage Verify OCSP stapling response that is signed by the CA rather than a separate OCSP responder. In addition, verify that invalid signer certificate (missing OCSP delegation) gets rejected. Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-10 16:27:42 +02:00
openssl ocsp -reqout $LOGDIR/ocsp-req.der -issuer $DIR/auth_serv/ca.pem \
-serial 0xD8D3E3A6CBE3CCE2 -no_nonce -sha256 >> $LOGDIR/ocsp.log 2>&1
for i in "" "-unknown" "-revoked"; do
openssl ocsp -index $DIR/auth_serv/index$i.txt \
-rsigner $DIR/auth_serv/ca.pem \
-rkey $DIR/auth_serv/ca-key.pem \
-CA $DIR/auth_serv/ca.pem \
-ndays 7 \
-reqin $LOGDIR/ocsp-req.der \
-resp_no_certs \
-respout $LOGDIR/ocsp-resp-ca-signed$i.der >> $LOGDIR/ocsp.log 2>&1
done
openssl ocsp -index $DIR/auth_serv/index.txt \
-rsigner $DIR/auth_serv/server.pem \
-rkey $DIR/auth_serv/server.key \
-CA $DIR/auth_serv/ca.pem \
-ndays 7 \
-reqin $LOGDIR/ocsp-req.der \
-respout $LOGDIR/ocsp-resp-server-signed.der >> $LOGDIR/ocsp.log 2>&1
tests: EAP-SIM/AKA/AKA' with SQLite Extend EAP-SIM/AKA/AKA' test coverage by setting up another authentication server instance to store dynamic SIM/AKA/AKA' information into an SQLite database. This allows the stored reauth/pseudonym data to be modified on the server side and by doing so, allows testing fallback from reauth to pseudonym/permanent identity. Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-11 00:06:00 +02:00
touch $LOGDIR/hostapd.db
sudo $HAPD_AS -ddKt $LOGDIR/as.conf $LOGDIR/as2.conf > $LOGDIR/auth_serv &
tests: Start RADIUS authentication server This can be used to run WPA2-Enterprise test cases. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-29 18:14:16 +02:00
tests: Wait for hostapd/wpa_supplicant to reply at start Instead of waiting for a fixed duration, poll hostapd/wpa_supplicant through the control interface until they are ready to reply in order to avoid starting test case execution too early. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-08-26 15:47:15 +02:00
# wait for programs to be fully initialized
tests: Optimize start.sh execution time There is no need to wait for one extra second to chown log files when running as root which is always the case in VM execution. Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-22 18:22:42 +01:00
for i in 0 1 2 3 4 5 6 7 8 9; do
if [ -e /tmp/wpas-wlan0 ]; then
break
fi
sleep 0.05
done
tests: Wait for hostapd/wpa_supplicant to reply at start Instead of waiting for a fixed duration, poll hostapd/wpa_supplicant through the control interface until they are ready to reply in order to avoid starting test case execution too early. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-08-26 15:47:15 +02:00
for i in 0 1 2; do
for j in `seq 1 10`; do
if $WPACLI -g /tmp/wpas-wlan$i ping | grep -q PONG; then
break
fi
if [ $j = "10" ]; then
echo "Could not connect to /tmp/wpas-wlan$i"
tests: Exit early if startup fails There is no point trying to go through the tests if hostapd and wpa_supplicant processes cannot be started properly. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-28 17:19:38 +02:00
exit 1
tests: Wait for hostapd/wpa_supplicant to reply at start Instead of waiting for a fixed duration, poll hostapd/wpa_supplicant through the control interface until they are ready to reply in order to avoid starting test case execution too early. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-08-26 15:47:15 +02:00
fi
sleep 1
done
done
for j in `seq 1 10`; do
if $WPACLI -g /var/run/hostapd-global ping | grep -q PONG; then
break
fi
if [ $j = "10" ]; then
echo "Could not connect to /var/run/hostapd-global"
tests: Exit early if startup fails There is no point trying to go through the tests if hostapd and wpa_supplicant processes cannot be started properly. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-28 17:19:38 +02:00
exit 1
tests: Wait for hostapd/wpa_supplicant to reply at start Instead of waiting for a fixed duration, poll hostapd/wpa_supplicant through the control interface until they are ready to reply in order to avoid starting test case execution too early. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-08-26 15:47:15 +02:00
fi
sleep 1
done
tests: Exit early if startup fails There is no point trying to go through the tests if hostapd and wpa_supplicant processes cannot be started properly. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-28 17:19:38 +02:00
tests: Verify that hostapd-as-RADIUS-server started Large number of test cases will fail if hostapd fails to start as the RADIUS server. To make this more obvious, verify that the RADIUS server instance is running and do not even start test execution if the setup if not work properly. Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-25 12:30:54 +01:00
for j in `seq 1 10`; do
if $HAPDCLI -i as ping | grep -q PONG; then
break
fi
if [ $j = "10" ]; then
echo "Could not connect to hostapd-as-RADIUS-server"
exit 1
fi
sleep 1
done
tests: Optimize start.sh execution time There is no need to wait for one extra second to chown log files when running as root which is always the case in VM execution. Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-22 18:22:42 +01:00
if [ $USER = "0" -o $USER = "root" ]; then
exit 0
fi
sleep 0.75
sudo chown -f $USER $LOGDIR/hwsim0.pcapng $LOGDIR/hwsim0 $LOGDIR/log* $LOGDIR/hostapd
if [ "x$VALGRIND" = "xy" ]; then
sudo chown -f $USER $LOGDIR/*valgrind*
fi
tests: Exit early if startup fails There is no point trying to go through the tests if hostapd and wpa_supplicant processes cannot be started properly. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-28 17:19:38 +02:00
exit 0
Reference in a new issue Copy permalink