Looks like the previous fix for a newer OpenSSL versions broke
functionality with older versions that did not seem to like @SECLEVEL=0
in the cipher list. Make that addition conditional on OpenSSL version to
work with both versions.
Fixes: e87e6f609b ("tests: Fix EAP-FAST protocol testing with newer OpenSSL and pyOpenSSL")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Number of these test cases start connection attempt in wpa_supplicant
and then expected a specific failure to happen relatively quickly. This
could result in timeouts if the first scanning round missed to find the
AP (e.g., due to CPU load pushing out the Probe Response frame long
enough for the station having left the channel) and wpa_supplicant then
waiting five seconds before starting a new scan.
Make this more robust by scanning explicitly for the specific BSSID
before starting the connection attempt.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
All other test cases seem to work, but radius_das_disconnect_time_window
is still failing due to incorrect authenticator or Message-Authenticator
in Disconnect-Request.
Signed-off-by: Jouni Malinen <j@w1.fi>
Avoid implicit conversion errors when constructing bytes objects or
passing a str object to a function that needs a bytes object.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Signed-off-by: Jouni Malinen <j@w1.fi>
This is needed in cases the hexlify() output is used to concatenate with
a string or used in string comparisons.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Signed-off-by: Jouni Malinen <j@w1.fi>
Verify that EAP-AKA' client rejects Challenge with an appended AT_KDF
and a modified AT_KDF value during KDF negotiation.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
These test cases depend on ERP processing to reach the get_emsk handler
function. Since ERP really needs the realm to derive a proper
keyName-NAI, modify these test cases to pass the realm part in the
identity to allow error checking to be introduced for rejecting ERP
cases where the realm is not available.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
OpenSSL.SSL.Connection.state_string() was replaced with
get_state_string() in pyopenssl. Add workaround code to be able to use
either of these names.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Something broke eap_fast_tlv_nak_oom when moving from Ubuntu 14.04 to
16.04. OpenSSL.SSL.Connection() state_string() returns None in these
cases and the debug log prints for that were causing the case to fail.
For now, work around this by checking whether the state string is None
before trying to print it.
Signed-off-by: Jouni Malinen <j@w1.fi>
The extension of aes_128_ctr_encrypt() to allow AES-192 and AES-256 to
be used in addition to AES-128 for CTR mode encryption resulted in the
backtrace for the function calls changing. Update the test cases that
started failing due to that change.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Pass the full apdev to the add_ap() function instead of just ifname.
This allows us to handle also remote hosts while we can check
apdev['hostname'], apdev['port'].
This step (3) converts the cases that use the start_ap() helper
function.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Pass the full apdev to the add_ap() function instead of just ifname.
This allows us to handle also remote hosts while we can check
apdev['hostname'], apdev['port'].
This step (1) converts the cases where apdev[#]['ifname'] was used as
the argument to hostapd.add_ap().
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
The use of the newer OpenSSL API in openssl_hmac_vector() removes one of
the memory allocations, so the TEST_ALLOC_FAIL here could not trigger.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>