Commit graph

114 commits

Author SHA1 Message Date
Jouni Malinen
6f291896b9 tests: FT roaming cases with authorized STA entry remaining
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-29 21:15:16 +03:00
Jouni Malinen
681e8495b4 tests: Extended Key ID
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-23 11:47:31 +02:00
Jouni Malinen
2af3d99cd3 tests: Additional FT-SAE with RSNXE testing
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-21 00:24:03 +02:00
Jouni Malinen
2b8f8a4721 tests: FT protocol RSNE/RSNXE mismatch in Reassociation Response frame
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-15 10:39:17 +02:00
Jouni Malinen
fd1892885b tests: SAE and opportunistic key caching and PMK lifetime
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-28 18:41:24 +02:00
Jouni Malinen
af9d8c758d tests: Use proper temp files for dynamically created config
Replace the hardcoded /tmp filenames for generated ACL and BSS
configuration files with proper temporary files from tempfile.mkstemp()
to avoid conflicts with existing files or with parallel uses. Remove ACL
files from the local directory at the end of each test case. BSS files
are currently left behind, but can be cleaned up separately if needed
for non-VM testing (VM testing has those on ramdrive so they get dropped
automatically at the end) and for remote devices.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-23 18:20:50 +02:00
Janusz Dziedzic
4d14838421 tests: Generate ACL files
Generate ACL files instead of using files with hardcoded values for the
STA MAC addresses. Send the generated files also to the remote client if
required.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
2020-02-23 16:38:23 +02:00
Jouni Malinen
daf8491dea tests: WPA2-PSK-FT-SAE AP (AP H2E, STA loop)
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-08 07:19:53 +02:00
Jouni Malinen
e0d9f5fc15 tests: Replace tabs with spaces in python indentation
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-03 02:03:32 +02:00
Jouni Malinen
0d0baf9f17 tests: RRB wildcard R0KH/R1KH pull with multiple BSSs
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-12-29 20:32:07 +02:00
Jouni Malinen
9f47fdb6c3 tests: Make FT PMKSA caching test cases more robust
The RECONNECT command on the station was issued immediately after
wpa_supplicant had processed EAPOL-Key msg 3/4. This could happen before
hostapd has processed EAPOL-Key msg 4/4 and especially with UML
time-travel, this could result in the following FT protocol exchange
going through in a manner that makes the hostapd process EAPOL-Key msg
4/4 from the first association as a postponed EAPOL RX at the beginning
of the second association. Avoid this by waiting hostapd to report
completion of the connection before issuing RECONNECT.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-12-24 21:16:23 +02:00
Jouni Malinen
c0f3ee475b tests: FT-SAE with PWE default and with H2E
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-12-24 21:16:23 +02:00
Jouni Malinen
6298673ff3 tests: Prepare rsn_ie_proto_ft_psk_sta for implementation change
This PMKID replacement case is not going to prevent connection after a
change in wpa_insert_pmkid() so remove it.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-12-24 21:16:23 +02:00
Jouni Malinen
360d8d4e3c tests: Make ap_ft_ap_oom4 more robust against compiler optimizations
It looks like the wpa_auth_get_seqnum() function might not always be
visible in the backtrace since the compiler may optimize that wrapper
away. Use the i802_get_seqnum() function instead as a trigger for the
get_seqnum operation failure trigger to avoid this.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-10-19 00:45:57 +03:00
Jouni Malinen
30628e0d2d tests: WPA2-PSK-FT-SAE AP (H2E)
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-18 15:33:14 +03:00
Jouni Malinen
12de149071 tests: Fix ap_ft_reassoc_replay for case where wlantest has the PSK
This test case was failing if wlantest was able to decrypt the CCMP
protected frames. Fix the tshark filter string to include only the
actually encrypted frames for PN comparison.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-24 19:20:40 +03:00
Jouni Malinen
dbddbf1647 tests: Configure wlantest for FT+PMF test cases
It is useful to get the encrypted frames decrypted in the sniffer
capture for these test cases.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-22 22:13:02 +03:00
Jouni Malinen
30998360a1 tests: Additional FT with PMF required testing coverage
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-16 13:55:26 +03:00
Jouni Malinen
c6ab7b55a6 tests: FT RKH parameters
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-11 16:37:48 +03:00
Jouni Malinen
5916637cf2 tests: FT PMK-R0/R1 expiration
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-11 16:37:48 +03:00
Jouni Malinen
d22f090245 tests: Wait after rekeying a bit before running connectivity test
The AP side may not have had enough time to configure the new TK into
the driver if the connectivity test is started immediately after the
station side event.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-05 13:49:15 +03:00
Jouni Malinen
938c6e7b3d tests: Wait for AP-STA-CONNECT before running connectivity test
When going through 4-way handshake, the station side reports
CTRL-EVENT-CONNECTED after having sent out EAPOL-Key msg 4/4. The AP
side reports AP-STA-CONNECT after having completed processing of this
frame. Especially when using UML with time travel, it is possible for
the connectivity test to be started before the AP side has configured
the pairwise TK if the test is triggered based on CTRL-EVENT-CONNECTED
instead of AP-STA-CONNECT.

Add explicit wait for AP-STA-CONNECT in some of these cases to reduce
likelihood of reporting failures for test cases that are actually
behaving as expected. This shows up with "dev1->dev2 unicast data
delivery failed" in the test log.

Do the same before requesting reauthentication from the station side
since that has a similar issue with the EAPOL-Start frame getting
encrypted before the AP is ready for it.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-05 00:10:32 +03:00
Jouni Malinen
e1923f5b6a tests: Skip ap_ft_eap_sha384_reassoc without CONFIG_SUITEB192=y
This test case required Suite B 192-bit support to be enabled in the
build, so skip it if that is not the case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-25 22:24:30 +03:00
Jouni Malinen
9ff2b85e73 tests: FT-EAP and PMKSA caching for initial mobility domain association
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-28 16:07:22 +03:00
Jouni Malinen
425e5f977e tests: FT and PTK rekeying
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-19 11:49:05 +03:00
Jouni Malinen
659f7954f4 tests: WPA2-EAP-FT with SHA384 using REASSOCIATE
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-28 01:57:10 +02:00
Jouni Malinen
1211031a60 tests: WPA2-FT-SAE AP and PMKSA caching for initial MD association
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-27 04:04:16 +02:00
Jouni Malinen
cdf5391013 tests: SAE + FT-SAE configuration
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-26 22:50:17 +02:00
Jouni Malinen
fab49f6145 tests: Python coding style cleanup (pylint3 bad-whitespace)
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-16 18:52:09 +02:00
Jouni Malinen
0defc42a49 tests: Add wlantest description for ap_ft_pmf_*_over_ds
This is convenient to allow easier examination of the FT Action frames.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-03-09 11:37:02 +02:00
Jouni Malinen
0c481b7866 tests: Use run_ap_ft_pmf_bip_over_ds() for ap_ft_pmf_over_ds
No need to duplicate this functionality when all the ap_ft_pmf_*_over_ds
test cases are doing practically the same thing and the
no-specific-cipher-configuration case can be addressed easily with the
same helper function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-03-09 11:33:49 +02:00
Jouni Malinen
46b8ea2105 tests: Fix ap_ft_pmf_over_ds
The main step of the test case was accidentally removed when adding the
cipher specific versions.

Fixes: ffcaca68d3 ("tests: FT with different BIP algorithms")
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-03-09 11:26:38 +02:00
Jouni Malinen
3d5b88b5a0 tests: FT-SAE with Password Identifier
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-26 20:40:32 +02:00
Masashi Honma
54c58f29c0 tests: Replace str.encode('hex') with binascii.hexlify() for python3
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-04 12:26:34 +02:00
Masashi Honma
15dfcb69df tests: Use 'b' prefix to mark Bytes literals explicitly for python3
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-04 12:26:33 +02:00
Masashi Honma
7ab74770e7 tests: Convert binascii.hexlify() output to a string object for python3
This is needed in cases the hexlify() output is used to concatenate with
a string or used in string comparisons.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-04 12:26:33 +02:00
Jouni Malinen
58be42b264 tests: Remove trailing semicolons from python code
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-02 12:10:53 +02:00
Masashi Honma
35d8c2545e tests: Use python3 compatible dict operation
This patch is made by using 2to3 command.

$ find . -name *.py | xargs 2to3 -f dict -w -n

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-01-26 12:53:05 +02:00
Masashi Honma
bab493b904 tests: Use python3 compatible "except" statement
This patch is made by using 2to3 command.

$ find . -name *.py | xargs 2to3 -f except -w -n

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-01-26 12:11:35 +02:00
Jouni Malinen
02a4ac0feb tests: WPA2-PSK-FT AP over DS and separate hostapd process
This is a regression test case for FT-over-DS that got broken on
mac80211-based drivers when the extra key reinstallation checks were
added.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-01-04 23:22:46 +02:00
Jouni Malinen
63a7683b2d tests: Split ap_ft_oom into separate test cases
ap_ft_oom seemed to depend on undesired wpa_supplicant behavior of
trying to do FT protocol even without being ready for reassociation.
This is going to be fixed in wpa_supplicant which would make this test
case fail, so split it into separate test cases for each failure item to
be able to avoid incorrect test failures.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-01-04 23:22:04 +02:00
Mathy Vanhoef
e63d8837dd tests: OCI validation in the FT handshake (OCV)
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-17 15:42:23 +02:00
Jouni Malinen
392aba4e87 tests: Radio measurement capability with roaming
This verifies that radio measurement capabilities are negotiated
correctly for the reassociation cases with and without FT.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-01 22:02:55 +02:00
Jouni Malinen
ffcaca68d3 tests: FT with different BIP algorithms
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-06-05 21:50:36 +03:00
Jouni Malinen
c52626489a tests: Split ap_ft_ap_oom7 into separate test cases
The implementation changes in hostapd FT error path handling in the
follow commit would result in ap_ft_ap_oom7 test case failing. This is
triggered partially by PMF protections and SA Query attempts, so it
looks like it is easier to split each failure case into a separate test
case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-06-05 21:50:01 +03:00
Jouni Malinen
55b3cda775 tests: FT-EAP-SHA384
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-06-05 20:16:37 +03:00
Jouni Malinen
62566bc23d tests: WPA2-EAP-FT AP changing from 802.1X-only to FT-only
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-05-21 22:24:36 +03:00
Michael Braun
d269740a3e tests: FT with CUI
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2018-04-06 19:09:16 +03:00
Michael Braun
473e51762d tests: FT-PSK with VLAN
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2018-04-06 19:01:16 +03:00
Michael Braun
e03822913d tests: Add a small sleep in FT run_roams()
time.sleep() in run_roams() is required because the target AP sets the
key once the station was associated. There are races, when the station
processes the (Re)Association Response frame AND the test suite starts
FT_DS before the AP processes its local confirmation and thus
wpa_auth_sm_event(ASSOC_FT). Therefore, the ActionFrame will be lost, as
the AP driver is missing the key.

Since this is this speed is highly synthetic, wait a few milliseconds
before roaming back.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2018-04-06 19:01:16 +03:00