Commit graph

1204 commits

Author SHA1 Message Date
Jouni Malinen
37b4a66ce6 tests: Valid OCSP response with revoked and unknown cert status
This increases testing coverage for OCSP processing by confirming that
valid OCSP response showing revoked certificate status prevents
successful handshake completion. In addition, unknown certificate status
is verified to prevent connection if OCSP is required and allow
connection if OCSP is optional.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-12 00:19:21 +02:00
Jouni Malinen
279a0afffb tests: Generate a fresh OCSP response for each test run
GnuTLS has a hardcoded three day limit on OCSP response age regardless
of the next update value in the response. To make this work in the test
scripts, try to generate a new response when starting the authentication
server. The old mechanism of a response without next update value is
used as a backup option if openssl is not available or fails to generate
the response for some reason.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-12 00:19:21 +02:00
Jouni Malinen
0ff7afbc42 tests: Verify mesh support for wpas_add_set_remove_support
This test case fails if wpa_supplicant is built without mesh support, so
need to check for this.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-12 00:19:21 +02:00
Jouni Malinen
2f0347954a tests: Check mesh capability based on the modes capabilities list
This is more robust than checking the driver capability because it is
also possible for the wpa_supplicant build to be configured without mesh
support regardless of whether the driver supports it.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-12 00:19:21 +02:00
Jouni Malinen
b9749b6aaa tests: Verify that SAE is supported for test cases requiring it
This makes it more convenient to run tests with wpa_supplicant builds
that do not support SAE (e.g., due to crypto library not providing
sufficient functionality for this).

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-12 00:19:21 +02:00
Jouni Malinen
4bf4e9db86 tests: Skip ap_wpa2_eap_ttls_server_cert_hash if probing not supported
The ca_cert="probe://" functionality is currently supported only with
OpenSSL.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-12 00:19:21 +02:00
Jouni Malinen
62750c3e80 tests: Use RSA key format in ap_wpa2_eap_tls_blob
This format as a DER encoded blob is supported by both OpenSSL and
GnuTLS while the previous OpenSSL specific format did not get accepted
by GnuTLS.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-12 00:19:21 +02:00
Jouni Malinen
24579e7047 tests: Split domain_suffix_match test cases based on match type
With GnuTLS, domain_suffix_match is currently requiring full match, so
split the test cases in a way that can be reported more cleanly as PASS
or SKIP based on TLS library behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-12 00:19:21 +02:00
Jouni Malinen
524c6c33bc tests: Add ca_cert to username/password Hotspot 2.0 credentials
Proper configuration should be used here to get server validation
enabled, so update the test cases to provide the ca_cert parameter. This
was included in number of existing test cases, but not all.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-12 00:19:21 +02:00
Jouni Malinen
506b2f05f2 tests: Split subject_match and altsubject_match to separate test cases
These parameters are supported only with OpenSSL, so split any test case
that used those for a successful connection into two test cases. Skip
all test cases where these are used without the selected TLS library
supporting them to avoid reporting failures incorrectly. Though, verify
that subject_match and altsubject_match get rejected properly if TLS
library does not support these.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-12 00:19:21 +02:00
Jouni Malinen
3b51cc6359 tests: Skip EAP-pwd and EAP-FAST test cases if not supported
Check wpa_supplicant EAP capability and skip EAP-pwd and EAP-FAST test
cases if the build did not include support for these. This is cleaner
than reporting failures for such test cases when the selected TLS
library does not support the EAP method.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-12 00:19:21 +02:00
Jouni Malinen
a783340d04 tests: Skip OpenSSL cipher string tests with other TLS libraries
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-12 00:19:21 +02:00
Jouni Malinen
37d6135507 tests: Increase altsubject_match testing coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-11 00:27:01 +02:00
Jouni Malinen
c2096d9981 tests: bssid_blacklist and bssid_whitelist
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-10 17:35:53 +02:00
Jouni Malinen
70437ae55a tests: Drop mesh_ht_mode parameter from mesh test cases
This network profile parameter will be removed with the cleanup that
makes mesh use shared functions for setting channel parameters. That
will allow HT to be enabled automatically based on driver capabilities.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-10 17:35:53 +02:00
Jouni Malinen
de1d5049dc tests: Mesh in 5 GHz band
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-10 17:35:53 +02:00
Johannes Berg
2e1d7386e2 tests: Refactor tshark running
Refactor the code to run tshark into its own submodule. This allows
even remembering whether -Y or -R needs to be used for filtering.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2015-01-10 00:53:57 +02:00
Jouni Malinen
0e126c6dca tests: Out-of-memory cases for D-Bus operations
This increases testing coverage on various error paths.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-09 02:46:26 +02:00
Jouni Malinen
795b6f57a8 tests: Additional D-Bus error path coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-09 02:32:15 +02:00
Jouni Malinen
cd9548c02f tests: Add out-of-memory loop tests for hostapd startup
These test cases run hostapd interface setup multiple times with
TEST_ALLOC_FAIL commands triggering memory allocation failures one by
one at each possible location in the setup sequence. Effectively, these
test cases will hit most error paths for memory allocation issue cases
(i.e., only the cases requiring more than one allocation failure in a
sequence are not covered).

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-08 22:43:48 +02:00
Jouni Malinen
f7af5a48f4 tests: hostapd BSS addition failures
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-08 22:43:48 +02:00
Jouni Malinen
fff95bb614 tests: hostapd interface setup and memory allocation failures
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-08 22:43:48 +02:00
Jouni Malinen
f12240a371 tests: Memory allocation failure in wpa_supplicant blacklist
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-08 22:43:48 +02:00
Jouni Malinen
81e787b750 tests: Convert test skipping to use exception
Instead of returning "skip" from the test function, raise the new
HwsimSkip exception to indicate a test case was skipped.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-08 22:43:47 +02:00
Johannes Berg
9c8779daf6 tests: Use rfkill python module
Instead of calling the rfkill binary, use the built-in module.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2015-01-08 20:56:54 +02:00
Johannes Berg
bd31b92a68 tests: Add rfkill module
This can be used instead of invoking the rfkill binary.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2015-01-08 20:56:47 +02:00
Jouni Malinen
6a964b7560 tests: Make scan_random_mac more robust
There is a race condition between wlantest having received and written
the sniffer log and this test case using tshark to process it. Wait one
second before running tshark to make it less likely to get truncated
results that can result in the test case failing.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-07 16:31:22 +02:00
Jouni Malinen
51c5aeb42a tests: Convert "hwsim-SKIP" exception to use a custom class
This makes the design a bit cleaner for catching the exceptions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-07 16:31:22 +02:00
Jouni Malinen
910eb5b525 tests: Import dbus module in a cleaner way
There is no need to use prepare_dbus() function to check whether the
dbus module can be imported.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-07 13:29:25 +02:00
Jouni Malinen
c975e1c1da tests: Additional bgscan coverage
Verify error cases in bgscan module parameters. Increase learn bgscan
module coverage with parsing of the saved data and probe frequency
selection.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-06 02:49:13 +02:00
Jouni Malinen
59be78ef93 tests: Move SHA256 test cases into hwsim framework
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-05 17:34:20 +02:00
Jouni Malinen
4b462a0226 tests: Move SHA1 test cases into hwsim framework
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-05 17:29:00 +02:00
Jouni Malinen
896e1b836f tests: Move MD5 test cases into hwsim framework
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-05 17:12:27 +02:00
Jouni Malinen
88fc0dca98 tests: Move ms_funcs test cases into hwsim framework
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-05 17:05:42 +02:00
Jouni Malinen
1244408401 tests: Move AES key wrap/unwrap test cases into hwsim framework
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-05 16:35:59 +02:00
Jouni Malinen
477f83131f tests: Move AES-CBC test cases into hwsim framework
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-05 16:28:46 +02:00
Jouni Malinen
e438fb0d3a tests: Move AES-128 EAX mode test cases into hwsim framework
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-05 16:24:42 +02:00
Jouni Malinen
304d40e904 tests: Move OMAC1-AES test cases into hwsim module tests
This makes sure the test cases are executed automatically with rest of
the hwsim tests.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-05 16:02:08 +02:00
Jouni Malinen
942b75468d tests: Add module tests for AES-SIV
This moves the AES-SIV test case from tests/test-aes.c to be part of
wpa_supplicant module testing framework with a new
src/crypto/crypto_module_tests.c component. In addition, the second test
vector from RFC 5297 is also included for additional coverage.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-05 15:50:53 +02:00
Jouni Malinen
8aeb6e3dbc tests: MAC_RAND_SCAN with valid and invalid arguments
This verifies that random MAC address is used as requested in Probe
Request frames.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-04 23:06:58 +02:00
Jouni Malinen
5434f07c20 tests: TDLS channel switching
Verify correct behavior with invalid commands. In addition, allow minor
mac80211_hwsim modifications to be used to enable testing of the driver
interface to enable and disable channel switching.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-04 21:46:38 +02:00
Eliad Peller
41bf76447b tests: WMM-AC reassociation-to-same-BSS test
Make sure the tspecs are kept on reassociation to the same BSS.

Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
2015-01-04 18:59:07 +02:00
Eliad Peller
bc32f830f4 tests: wmm_ac_status and roaming case with WMM-AC
Make sure the wmm_ac_status command reflects correctly the existing
tspecs after add_ts/del_ts commands. Add a new test to verify all tspecs
are removed on roaming (while FT is not used).

Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
2015-01-04 18:57:23 +02:00
Jouni Malinen
750904dd42 tests: Extend EAP key lifetime in memory to cover MSK and EMSK
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-03 15:49:57 +02:00
Jouni Malinen
ce8ca2f9a0 tests: Make wpas_mesh_max_peering more robust
The previous version was enabling all three stations at the same time
and left dev[1] and dev[2] competing on getting connected with dev[0]
that allowed only one pairing. This was not exactly robust and the pass
criteria depended on an extra event from either dev[1] or dev[2]. Fix
that by first connecting dev[0] and dev[1] and only after that, start
dev[2]. This allows proper validation of both the peering limit on
dev[0] and no extra event on dev[2].

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:27 +02:00
Jouni Malinen
29bac7cb89 tests: Make scan_hidden more robust under heavy CPU load
It is possible for the Probe Response frame wait to time out when active
scanning is used under heavy CPU load. Make this test case more robust
by trying multiple times before declaring the scan for a hidden SSID to
have failed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:27 +02:00
Jouni Malinen
2ec82e67c1 tests: wpa_supplicant D-Bus interface
This adds new files with test cases to verify both the old and new
wpa_supplicant D-Bus interface.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:27 +02:00
Jouni Malinen
b0839232fa tests: Enable wpa_supplicant D-Bus support for hwsim tests
This allows automated testing of the wpa_supplicant D-Bus interface. The
instance controlling wlan0 registers with D-Bus if dbus-daemon was
started successfully. This is only used in VM testing, i.e., not when
run-tests.sh is used on the host system with D-Bus running for normal
system purposes.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:27 +02:00
Jouni Malinen
5b3c40a65b tests: Verify that wpa_supplicant clears keys from memory
Check that PMK and PTK and not left in memory (heap or stack)
unnecessarily after they are not needed anymore.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-30 10:37:02 +02:00
Jouni Malinen
13113d127c tests: Filter out extra files from codecov reports
wpa_cli and hostapd_cli are not currently tested for code coverage, so
filter the files specific to those components away from the code
coverage reports. *_module_tests.c are not included in normal builds, so
drop them as well. In addition, drop the system header file (byteswap.h)
that gets somehow unnecessarily included in the reports for couple of
lines.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-29 18:27:23 +02:00