Commit graph

1252 commits

Author SHA1 Message Date
Jouni Malinen
48bb2e68c0 tests: STATUS-VERBOSE
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-28 13:09:31 +02:00
Jouni Malinen
37551fe374 tests: Suite B 192-bit profile
This adds a Suite B test case for 192-bit level.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-27 01:43:55 +02:00
Jouni Malinen
4113a96bba tests: Complete Suite B 128-bit coverage
Enable BIP-GMAC-128 and enforce Suite B profile for TLS.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-27 01:43:55 +02:00
Jouni Malinen
f918b95b9d tests: Fix ft_psk_key_lifetime_in_memory with new PTK derivation debug
PTK is not printed out anymore as a single entry, so fetch KCK, KEK, and
TK separately.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-27 01:43:55 +02:00
Jouni Malinen
287eb3f9d7 tests: Group management frame cipher suites
This extends testing coverage of PMF group management cipher suites to
include all the cases supported by the driver (existing BIP =
AES-128-CMAC and the new BIP-GMAC-128, BIP-GMAC-256, BIP-CMAC-256).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-24 19:37:42 +02:00
Jouni Malinen
fba25c99a5 tests: Make ap_wps_er_pbc_overlap more robust
Reorder scanning in a way that allows the ER behavior to be more
predictable. The first Probe Request report is for a previously received
frame on the AP and this new sequence avoids leaving either of the PBC
test STAs to be that one.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-23 00:52:56 +02:00
Jouni Malinen
90ad11e625 tests: Make active scans more robust
This makes testing under very heavy load or under extensive kernel
debugging options more robust by allowing number of test cases to scan
multiple times before giving up on active scans. The main reason for
many of the related test failures is in Probe Response frame from
hostapd not getting out quickly enough especially when multiple BSSes
are operating.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-23 00:52:40 +02:00
Jouni Malinen
1f53fe0310 tests: P2P group formation using PBC multiple times in a row
This verifies that PBC session overlap detection does not get indicated
when forming the group with the same peer multiple times.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-22 20:53:03 +02:00
Jouni Malinen
180a858f76 tests: P2P_SERV_DISC_CANCEL_REQ during query
This is a regression test case for a specific sequence that could result
in wpa_supplicant NULL dereference when a SD request is cancelled before
the SD Request TX status callback has been processed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-22 15:55:36 +02:00
Jouni Malinen
a60dbbce44 tests: ANQP-QUERY-DONE event
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-20 02:26:21 +02:00
Jouni Malinen
31b7ecb6c8 tests: P2P NFC invitiation with driver using cfg80211 P2P Device
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-20 01:57:59 +02:00
Jouni Malinen
2dc18e9a26 tests: Error handling for scan trigger failure cases
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-19 20:25:22 +02:00
Jouni Malinen
e60be3b3d4 tests: WPS registrar learning configuration from WPA+WPA2 AP
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-19 18:39:13 +02:00
Jouni Malinen
059bcc4782 tests: Increase hostapd out-of-memory loop coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-19 02:35:43 +02:00
Jouni Malinen
214457de15 tests: WPA + WEP configuration getting rejected
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-19 01:11:36 +02:00
Jouni Malinen
9eadcfbf06 tests: Add step-by-step guide for setting up test framework
This set of notes provides information on how virtual guess OS can be
used to run the mac80211_hwsim test cases under any host OS. The
specific example here uses Ubuntu 14.04.1 server as the starting point
and lists the additional packages that need to be installed and commands
that can be used to fetch and build the test programs.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-18 18:11:11 +02:00
Jouni Malinen
a66d2248a0 tests: Close wlan5 control interface monitor more explicitly
There were couple of common cases where the control interface for the
dynamic wpa_supplicant instance could have been left in attached state
until Python ends up cleaning up the instance. This could result in
issues if many monitor interface events were queued for that attached
socket. Make this less likely to cause issues by explicitly detaching
and closing control interfaces before moving to the next test case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-18 17:13:55 +02:00
Jouni Malinen
7f08b2f91d tests: Make WNM Sleep Mode tests more robust
It was possible for the Action frame used for entring WNM Sleep Mode to
get dropped on the AP side due to it arriving prior to having processed
EAPOL-Key message 4/4 due to a race condition between Data and
Management frame processing paths. Avoid this by waiting for
AP-STA-CONNECTED event from hostapd prior to trying to enter WNM Sleep
Mode. In addition, make the check for the STA flag change more robust by
allowing the wait to be a bit longer with a loop that terminates as soon
as the flag has changed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-18 15:58:05 +02:00
Jouni Malinen
7cc9a81f1e tests: Make PMKSA caching tests more robust
When the STA is forced to disconnect immediately after completion of
4-way handshake, there is a race condition on the AP side between the
reception of EAPOL-Key msg 4/4 and the following Deauthentication frame.
It is possible for the deauthentication notification to be processed
first since that message uses different path from kernel to user space.

If hostapd does not receive EAPOL-Key msg 4/4 prior to deauthentication,
no PMKSA cache entry is added. This race condition was making the test
cases expecting PMKSA caching to work to fail every now and then. Avoid
this issue by waiting for AP-STA-CONNECTED event from hostapd. This
makes sure the PMKSA cache entry gets added on the AP side.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-18 15:47:56 +02:00
Jouni Malinen
d4155eb78a tests: Add some more time for olbc_ht update in olbc_5ghz
It looks like this test case is failing every now and then, so add some
more time for the olbc_ht value to get updated before reporting a
failure.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-18 12:55:49 +02:00
Jouni Malinen
b4de353c85 tests: Import gobject in a way that allows failures
It looks like the gobject module does not get installed by default for
Python at least on Ubuntu server, so modify the D-Bus test case files to
import this in a way that allows other test cases to be run even without
gobject module being installed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-18 12:50:20 +02:00
Jouni Malinen
57f08b3f3a tests: Make ap_anqp_sharing more robust
This test case uses get_bss() with a BSSID to find a BSS entry. That can
result in failures if there are multiple BSS entries in wpa_supplicant
BSS table for the same BSSID, e.g., due to an earlier hidden SSID test
case. Explicitly clear the cfg80211 and wpa_supplicant scan caches at
the beginning of this test case to make it less likely for earlier test
cases to trigger a failure here.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-18 12:50:20 +02:00
Jouni Malinen
296186c006 tests: Make ap_mixed_security more robust
This test case uses get_bss() with a BSSID to find a BSS entry. That can
result in failures if there are multiple BSS entries in wpa_supplicant
BSS table for the same BSSID, e.g., due to an earlier hidden SSID test
case. Explicitly clear the cfg80211 and wpa_supplicant scan caches at
the beginning of this test case to make it less likely for earlier test
cases to trigger a failure here.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-18 12:50:20 +02:00
Jouni Malinen
092ac7bb0e tests: Hotspot 2.0 ANQP fetch with hidden SSID BSS entry
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-18 12:50:20 +02:00
Jouni Malinen
3dacd58b0d tests: Write BSS table to debug log in ap_mixed_security
This makes it easier to debug test failures in BSS entry flags field.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-17 17:22:38 +02:00
Jouni Malinen
7e3a6c9e21 tests: Mark proxyarp_open as skip if traffic test fails
This step requires kernel changes that are not yet in upstream Linux
tree, so mark this as skip rather than failure for now.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-17 17:15:42 +02:00
Jouni Malinen
0258cf1006 tests: Clean up ap_wpa2_eap_aka_ext
Use a loop over set of test values instead of duplicated functionality
implemented separately for each case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-17 17:09:46 +02:00
Jouni Malinen
584e4197bd tests: Make ap_wpa2_eap_aka_ext faster and more robust
Use SELECT_NETWORK instead of REASSOCIATE for the first reconnection to
avoid unnecessary long wait for temporary network disabling to be
cleared. In addition, wait for the disconnect event after issuing the
DISCONNECT commands to avoid issues due to any pending events during the
immediately following reconnection attempt.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-17 16:59:40 +02:00
Jouni Malinen
27f527e0e2 tests: ap_hs20_fetch_osu: Print osu-providers.txt in debug log
This makes it easier to figure out what happened if the test case fails
due to not finding all the needed OSU-PROVIDER information.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-17 16:03:43 +02:00
Jouni Malinen
a4a15cf1f9 tests: Skip some scan tests if iw does not support scan flush
The external cfg80211 scan flushing operation requires a relatively
recent iw version and not all distributions include that. Avoid false
failure reports by marking these test cases skipped if the iw command
fails.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-17 13:05:34 +02:00
Jouni Malinen
e246d7d5b3 tests: Fix test skipping for some DFS/VHT cases
Due to a typo and missing hapd variable initialization, some of the DFS
and VHT test cases were marked as failures even though they were
supposed to be marked as skipped in case the kernel and wireless-regdb
did not have sufficient support for these modes.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-17 13:04:11 +02:00
Jouni Malinen
fb9adae466 tests: Fix dbus_probe_req_reporting_oom if already registered
If dbus_probe_req_reporting was run before dbus_probe_req_reporting_oom,
the SubscribeProbeReq() method succeeded since the memory allocation
that was supposed to fail in the OOM test case was not even tried.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-17 12:39:00 +02:00
Jouni Malinen
90b10d4edd tests: EAP-TNC fragmentation
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-17 12:12:33 +02:00
Jouni Malinen
ee9533eb0e tests: EAP-MD5 server error cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-17 12:02:11 +02:00
Jouni Malinen
802bf82482 tests: Add optional -1 argument to parallel-vm.py
This can be used to skip rerunning of failed test cases
(e.g., with "./parallel-vm.py 1 -1 <test case>").

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-17 11:28:46 +02:00
Jouni Malinen
e912e4bc92 tests: Interworking auto_interworking=1 with mismatching BSS
This is a regression test case to detect a failure that resulted in an
up to five second busy loop through wpa_supplicant_fast_associate() when
interworking_find_network_match() and wpa_supplicant_select_bss() get
different matching results.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-17 01:53:44 +02:00
Jouni Malinen
6ace81ea77 tests: Disconnect-Request with no session identification attributes
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-16 16:16:28 +02:00
Jouni Malinen
9921689759 tests: Use a helper function to send and check RADIUS DAS messages
No need to have this same sequence of steps duplicated in multiple
places.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-16 16:14:54 +02:00
Jouni Malinen
05dad77c8f tests: RADIUS DAS and Disconnect-Request removing PMKSA cache entry
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-16 16:07:52 +02:00
Jouni Malinen
e94a3f626d tests: RADIUS DAS with Acct-Multi-Session-Id
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-16 13:10:48 +02:00
Jouni Malinen
9142b4dd45 tests: Disconnect-Request multi-session-match
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-16 12:50:16 +02:00
Jouni Malinen
c2b48088f6 tests: Fix radius_das_disconnect match + non-match case
If Calling-Station-Id matches, but CUI does not, NAS is expected to
reject the request instead of accepting it. Verify that Disconnect-NAK
is returned for this.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-16 12:50:16 +02:00
Jouni Malinen
201c9ad77f tests: STA not getting response to SA Query
This verifies that wpa_supplicant reconnects if PMF is enabled,
unprotected Deauthentication/Disassociation frame is received, and the
AP does not reply to SA Query.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-16 01:13:59 +02:00
Jouni Malinen
e1f8fe8851 tests: INTERWORKING_CONNECT after having found hidden SSID AP
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-15 12:29:02 +02:00
Jouni Malinen
061cbb258f tests: domain_match checking against server certificate
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-14 15:45:18 +02:00
Jouni Malinen
2099fed400 tests: dbus_connect_eap to verify dNSName constraint configuration
This verifies that Certification signals include the expected
information on peer certificates and that dNSName constraint can be
configured based on that and is working both in matching and not
matching cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-14 15:45:18 +02:00
Jouni Malinen
496c4e45d8 tests: Subset of VHT functionality on 2.4 GHz
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-14 01:12:56 +02:00
Jouni Malinen
615d8a9705 tests: Add room for more vendor elems in wpas_ctrl_vendor_elem
This test case was verifying that the first unused VENDOR_ELEM value
above the current maximum is rejected. That makes it a bit inconvenient
to add new entries, so increase the elem value to leave room for new
additions without having to continuously modify this test case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-14 01:12:56 +02:00
Jouni Malinen
37b4a66ce6 tests: Valid OCSP response with revoked and unknown cert status
This increases testing coverage for OCSP processing by confirming that
valid OCSP response showing revoked certificate status prevents
successful handshake completion. In addition, unknown certificate status
is verified to prevent connection if OCSP is required and allow
connection if OCSP is optional.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-12 00:19:21 +02:00
Jouni Malinen
279a0afffb tests: Generate a fresh OCSP response for each test run
GnuTLS has a hardcoded three day limit on OCSP response age regardless
of the next update value in the response. To make this work in the test
scripts, try to generate a new response when starting the authentication
server. The old mechanism of a response without next update value is
used as a backup option if openssl is not available or fails to generate
the response for some reason.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-12 00:19:21 +02:00