Commit graph

71 commits

Author SHA1 Message Date
Jouni Malinen
ffcaca68d3 tests: FT with different BIP algorithms
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-06-05 21:50:36 +03:00
Jouni Malinen
c52626489a tests: Split ap_ft_ap_oom7 into separate test cases
The implementation changes in hostapd FT error path handling in the
follow commit would result in ap_ft_ap_oom7 test case failing. This is
triggered partially by PMF protections and SA Query attempts, so it
looks like it is easier to split each failure case into a separate test
case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-06-05 21:50:01 +03:00
Jouni Malinen
55b3cda775 tests: FT-EAP-SHA384
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-06-05 20:16:37 +03:00
Jouni Malinen
62566bc23d tests: WPA2-EAP-FT AP changing from 802.1X-only to FT-only
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-05-21 22:24:36 +03:00
Michael Braun
d269740a3e tests: FT with CUI
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2018-04-06 19:09:16 +03:00
Michael Braun
473e51762d tests: FT-PSK with VLAN
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2018-04-06 19:01:16 +03:00
Michael Braun
e03822913d tests: Add a small sleep in FT run_roams()
time.sleep() in run_roams() is required because the target AP sets the
key once the station was associated. There are races, when the station
processes the (Re)Association Response frame AND the test suite starts
FT_DS before the AP processes its local confirmation and thus
wpa_auth_sm_event(ASSOC_FT). Therefore, the ActionFrame will be lost, as
the AP driver is missing the key.

Since this is this speed is highly synthetic, wait a few milliseconds
before roaming back.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2018-04-06 19:01:16 +03:00
Michael Braun
9c50a6d3a3 tests: FT-EAP with VLAN
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2018-04-06 19:01:16 +03:00
Jouni Malinen
0dc3c5f2ee tests: WPA2-PSK-FT AP with PSK from a file
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-02-04 12:40:03 +02:00
Janusz Dziedzic
b098542cd4 tests: Allow ap_ft for remote tests
Fix problem when running ap_ft test cases with real HW using remote
tests and hwsim wrapper by using the newer hostapd.app_ap() API.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
2017-11-26 13:31:15 +02:00
Jouni Malinen
f81c1411f3 tests: WPA2-EAP-FT AP (pull PMK) - wildcard R0KH/R1KH
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-21 12:00:22 +03:00
Jouni Malinen
b74f82a4f8 tests: Comment out during-association TK-in-memory checks
TK needs to be maintained in memory for additional testing
functionality, so for now, comment out these checks.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-16 17:43:10 +03:00
Jouni Malinen
6db556b21d tests: Allow wpa_supplicant to maintain GTK in memory during association
This is needed to allow GTK configuration triggers to verify whether the
key has changed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-16 02:03:47 +03:00
Jouni Malinen
d7f0bef94e tests: WPA2-PSK-FT AP and replayed Reassociation Request frame
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-16 02:03:47 +03:00
Michael Braun
942b52a8f6 tests: FT with AP-to-AP broadcast messages
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2017-05-03 22:16:14 +03:00
Michael Braun
ba88dd65e7 tests: Update FT RRB function OOM paths
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2017-05-03 22:16:14 +03:00
Jouni Malinen
c95dd8e48b tests: FT using old style key for AP-to-AP protocol
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-05-03 21:55:29 +03:00
Michael Braun
9441a227ac tests: Update FT test cases for new RRB message format
This updates the AP-to-AP keys to the longer form and OOM test case
functions to match the new implementation.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2017-05-03 21:55:29 +03:00
Jouni Malinen
e4612f8443 tests: WPA2-PSK-FT AP with non-FT AKMs enabled
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-26 21:13:21 +03:00
Jouni Malinen
c89422864f tests: WPA2-PSK-FT AP Reassociation Request frame processing
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-19 11:55:51 +02:00
Jouni Malinen
fd7205fabe tests: WPA2-PSK-FT AP and RIC
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-18 21:39:01 +02:00
Jouni Malinen
a04e6f3da2 tests: WPA2-PSK-FT AP over DS protocol testing for AP processing
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-15 11:17:37 +02:00
Jouni Malinen
682a79f088 tests: WPA2-PSK-FT and AP OOM
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-15 10:35:44 +02:00
Jouni Malinen
55139acbe3 tests: WPA2-PSK-FT AP over DS disabled
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-29 01:15:11 +02:00
Jouni Malinen
8344ba1229 tests: Remove pmk_r1_push parameter from ap_ft_local_key_gen
Local key generation for FT-PSK does not use the AP-to-AP protocol and
as such, setting pmk_r1_push=1 is a bit confusing here since it gets
ignored in practice. Remove it to keep the test case easier to
understand.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-13 13:57:39 +02:00
Jouni Malinen
c85fcff2b1 tests: WPA2-PSK-FT AP with WPA2-PSK enabled and unexpected MDE
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-11-26 11:39:44 +02:00
Michael Braun
150948e68b test: FT: EAP test for mismatching keys
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-10-09 12:02:23 +03:00
Michael Braun
d0175d6e48 test: FT with locally generated PMK-R0/PMK-R1 from PSK
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-10-09 12:01:34 +03:00
Jouni Malinen
dcbb5d808b tests: FT OOM in SME
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-07-18 00:14:14 +03:00
Jouni Malinen
bc6e32880f tests: Remove extra semicolons from python scripts
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-07-03 22:37:01 +03:00
Jonathan Afek
9fd6804d61 tests: Mark 525 tests as remote compatible
After successfully passing the 525 tests on a remote setup mark the
tests as remote compatible.

Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
2016-06-27 21:47:37 +03:00
Jonathan Afek
fb120f1652 tests: Remove unused import subprocess
Number of files imported subprocess without using anything from subprocess.

Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
2016-06-27 21:10:35 +03:00
Janusz Dziedzic
8b8a1864ff tests: Pass full apdev to add_ap() function (1)
Pass the full apdev to the add_ap() function instead of just ifname.
This allows us to handle also remote hosts while we can check
apdev['hostname'], apdev['port'].

This step (1) converts the cases where apdev[#]['ifname'] was used as
the argument to hostapd.add_ap().

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-04-03 22:45:57 +03:00
Michael Braun
186ca4736d tests: FT RRB internal delivery to non-WPA BSS
A malicious station could try to do FT-over-DS with a non WPA-enabled
BSS. When this BSS is located in the same hostapd instance, internal RRB
delivery will be used and thus the FT Action Frame will be processed by
a non-WPA enabled BSS. This processing used to crash hostapd as
hapd->wpa_auth is NULL.

This test implements such a malicious request for regression testing.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-02-28 17:45:45 +02:00
Jouni Malinen
7cbc8e6719 tests: fail_test instead of alloc_fail for aes_{encrypt,decrypt}_init
This is needed to fix ap_wpa2_eap_psk_oom, ap_wpa2_eap_sim_oom,
eap_proto_psk_errors, and ap_ft_oom with the new OpenSSL dynamic memory
allocation design.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-14 20:10:16 +02:00
Jouni Malinen
8e416cecdb tests: Make key-lifetime-in-memory more robust for GTK check
The decrypted copy of a GTK from EAPOL-Key is cleared from memory only
after having sent out CTRL-EVENT-CONNECTED. As such, there was a race
condition on the test case reading the wpa_supplicant process memory
after the connection. This was unlikely to occur due to the one second
sleep, but even with that, it would be at least theorically possible to
hit this race under heavy load (e.g., when using large number of VMs to
run parallel testing). Avoid this by running a PING command to make sure
wpa_supplicant has returned to eloop before reading the process memory.
This should make it less likely to report false positives on GTK being
found in memory.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-14 17:23:47 +02:00
Jouni Malinen
1025603b3f tests: FT PTK rekeying triggered by AP/station after roam
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-10 00:14:36 +02:00
Jouni Malinen
8eb45bde38 tests: Write GTK locations into debug log in key_lifetime_in_memory
It looks like it is possible for the GTK to be found from memory every
now and then. This makes these test cases fail. Write the memory
addresses in which the GTK was found to the log to make it somewhat
easier to try to figure out where the key can be left in memory.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-06 17:48:43 +02:00
Jouni Malinen
4013d6885b tests: Verify EAPOL reauthentication after FT protocol
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-11-19 21:16:29 +02:00
Jouni Malinen
ecafa0cf47 tests: RSN element protocol testing for STA side
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-08 20:04:07 +03:00
Jouni Malinen
38934ed100 tests: Skip ap_wpa2_eap_psk_oom and ap_ft_oom in FIPS mode
omac1_aes_128() implementation within crypto_openssl.c is used in this
case and that cannot fail the memory allocation similarly to the
non-FIPS case and aes-omac1.c.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00
Jouni Malinen
6f3815c0da tests: WPA2-PSK-FT RRB protocol testing
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-17 11:16:15 +03:00
Jouni Malinen
34d3eaa8ee tests: WPA2-PSK-FT AP over DS protocol testing
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-07 16:25:06 +03:00
Jouni Malinen
cf671d54bd tests: WPA2-PSK-FT and OOM
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-07 16:25:06 +03:00
Jouni Malinen
7b741a5383 tests: WPA2-PSK-FT AP with GCMP-256 cipher
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-07 16:25:06 +03:00
Jouni Malinen
664093b55b tests: WPA2-PSK-FT AP and invalid response IEs
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-20 18:04:50 +03:00
Jouni Malinen
211bb7c5ea tests: WPA2-PSK-FT AP over DS and unexpected response
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-15 16:36:37 +02:00
Jouni Malinen
54f2cae2e6 tests: Make *_key_lifetime_in_memory more robust
It was possible for the GTK-found-in-memory case to be triggered due to
a retransmission of EAPOL-Key msg 3/4 especially when running test cases
under heavy load (i.e., timeout on hostapd due to not receiving the 4/4
response quickly enough). Make this false failure report less likely by
waiting a bit longer after the connection has been completed before
fetching the process memory.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-31 18:06:06 +02:00
Jouni Malinen
f918b95b9d tests: Fix ft_psk_key_lifetime_in_memory with new PTK derivation debug
PTK is not printed out anymore as a single entry, so fetch KCK, KEK, and
TK separately.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-27 01:43:55 +02:00
Jouni Malinen
b9749b6aaa tests: Verify that SAE is supported for test cases requiring it
This makes it more convenient to run tests with wpa_supplicant builds
that do not support SAE (e.g., due to crypto library not providing
sufficient functionality for this).

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-12 00:19:21 +02:00