Commit graph

90 commits

Author SHA1 Message Date
Jouni Malinen
279a0afffb tests: Generate a fresh OCSP response for each test run
GnuTLS has a hardcoded three day limit on OCSP response age regardless
of the next update value in the response. To make this work in the test
scripts, try to generate a new response when starting the authentication
server. The old mechanism of a response without next update value is
used as a backup option if openssl is not available or fails to generate
the response for some reason.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-12 00:19:21 +02:00
Jouni Malinen
62750c3e80 tests: Use RSA key format in ap_wpa2_eap_tls_blob
This format as a DER encoded blob is supported by both OpenSSL and
GnuTLS while the previous OpenSSL specific format did not get accepted
by GnuTLS.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-12 00:19:21 +02:00
Jouni Malinen
5b3c40a65b tests: Verify that wpa_supplicant clears keys from memory
Check that PMK and PTK and not left in memory (heap or stack)
unnecessarily after they are not needed anymore.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-30 10:37:02 +02:00
Jouni Malinen
f41f670ea5 tests: ERP with EAP-IKEv2
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-20 23:48:53 +02:00
Jouni Malinen
acc9a635c8 tests: EAP Re-authentication Protocol (ERP)
This tests RP EAP-Initiate/Re-auth-Start transmission, ERP key
derivation, and EAP-Initiate/Re-auth + EAP-Finish/Re-auth exchange and
rMSK derivation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-04 12:16:29 +02:00
Jouni Malinen
2cde175a93 tests: PMKSA cache entry timeout based on Session-Timeout
This verifies that hostapd uses Session-Timeout value from Access-Accept
as the lifetime for the PMKSA cache entries and expires entries both
while the station is disconnected and during an association.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-04 23:01:08 +03:00
Jouni Malinen
c1d1b6998d tests: Update server and user certificates
The previous versions expired, so need to re-sign these to fix number of
the EAP test cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-09-30 00:40:23 +03:00
Jouni Malinen
8583d66478 tests: EAP-AKA' and EAP-AKA both enabled (bidding mechanism)
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-18 00:04:18 +03:00
Jouni Malinen
95fb531ccc tests: EAP-TTLS/EAP-AKA, EAP-PEAP/EAP-AKA, EAP-FAST/EAP-AKA
These add some more EAP-TTLS/PEAP/FAST coverage to test pending Phase 2
response re-processing.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-17 23:43:50 +03:00
Jouni Malinen
5a0c15174b tests: UNAUTH-TLS
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-11 22:47:25 +03:00
Jouni Malinen
5b1aaf6cfb tests: EAP-SIM/AKA/AKA' with SQLite
Extend EAP-SIM/AKA/AKA' test coverage by setting up another
authentication server instance to store dynamic SIM/AKA/AKA' information
into an SQLite database. This allows the stored reauth/pseudonym data to
be modified on the server side and by doing so, allows testing fallback
from reauth to pseudonym/permanent identity.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-11 17:57:28 +03:00
Jouni Malinen
0403fa0a93 tests: Increas EAP-pwd fragmentation coverage
Verify fragmentation of additional message types.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-06 00:52:13 +03:00
Jouni Malinen
a0f350fd79 tests: EAP-SIM server using GSM triplets
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-30 16:28:48 +03:00
Jouni Malinen
19d64886ef tests: RADIUS MAC ACL
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-29 19:32:45 +02:00
Jouni Malinen
c37b02fcc4 tests: Authentication server using PKCS#12 file
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-20 00:16:00 +02:00
Jouni Malinen
8fc1f204df tests: HS 2.0 session information URL
Verify that session information is stored from Access-Accept and sent to
the station at the requested timeout. Verify that station processes this
notification.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-10 11:34:31 +02:00
Jouni Malinen
4056b0c747 tests: RADIUS Class attribute
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-10 11:16:29 +02:00
Jouni Malinen
76a30196ad tests: PMKSA cache and Chargeable-User-Identity
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-10 00:51:14 +02:00
Jouni Malinen
5cf8801181 tests: HS 2.0 subscription remediation notification
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-08 11:49:23 +02:00
Jouni Malinen
fac1722787 tests: VLAN tests using RADIUS tunnel attributes
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-08 11:35:08 +02:00
Jouni Malinen
48ef12e75f tests: Verify HS 2.0 deauth request from RADIUS Access-Accept
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-08 11:35:08 +02:00
Jouni Malinen
14bef66d66 tests: Server certificate with both client and server EKU
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-02 10:35:33 +02:00
Jouni Malinen
9d756af73e tests: Verify RADIUS functionality over IPv6
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-02 10:35:33 +02:00
Jouni Malinen
9e709315d9 tests: Verify HS 2.0 OSEN connection
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 18:10:08 +02:00
Jouni Malinen
4fcee244b9 tests: Verify RADIUS server MIB values
Enable hostapd control interface for the RADIUS server instance and
verify that the RADIUS server MIB counters are incremented.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-02-15 21:39:31 +02:00
Jouni Malinen
4287bb76bf tests: Verify RADIUS accounting functionality
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-02-15 17:08:38 +02:00
Jouni Malinen
eac674402f tests: Verify NtPasswordHash with different UTF-8 cases
This adds a password that uses one, two, and three octet encoding
for UTF-8 characters. The value is tested against a pre-configured
hash to verify that utf8_to_ucs2() function works correctly.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-02-15 12:08:50 +02:00
Jouni Malinen
6ab4a7aa5a tests: EAP-TTLS and server certificate with client EKU
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-02-15 10:33:55 +02:00
Jouni Malinen
6a4d0dbe1c tests: Expired server certificate
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-02-15 10:28:22 +02:00
Jouni Malinen
64e05f9644 tests: Domain name suffix match against CN
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-02-15 10:19:16 +02:00
Jouni Malinen
d4c7a2b9e6 tests: EAP-TLS with OCSP
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-08 17:45:56 +02:00
Jouni Malinen
2d10eb0efd tests: PKCS#12 use for EAP-TLS
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-08 17:18:22 +02:00
Jouni Malinen
9f8994c623 tests: CA certificate in DER format
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-08 17:06:36 +02:00
Jouni Malinen
e745c811ef tests: Verify EAP vendor test
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
d0ce105068 tests: Verify EAP-PEAP/EAP-TLS
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
e114c49cfc tests: Add an EAP-TLS test case
This fixes the user.key file (incorrect key was copied previously) and
adds a test case for EAP-TLS with WPA2-Enterprise.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-03 19:51:06 +02:00
Jouni Malinen
22b99086ce tests: Add more EAP test cases
This increases EAP method coverage for WPA2-Enterprise to include
EAP-pwd, EAP-GPSK, EAP-SAKE, EAP-EKE, EAP-IKEv2, EAP-PAX, and EAP-PSK.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-03 19:51:06 +02:00
Jouni Malinen
8fba2e5d42 tests: Add Hotspot 2.0 test cases for connecting with username
The test_ap_hs20_username* test cases verify that a username/password
credential can be used for Hotspot 2.0 connection and that the network
type is reported correctly.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-29 14:38:31 +02:00
Jouni Malinen
c7afc0789c tests: Add negative TLS test case to verify trust root validation
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-10-20 21:38:02 +03:00
Jouni Malinen
479cbb3892 tests: Start RADIUS authentication server
This can be used to run WPA2-Enterprise test cases.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-29 19:14:16 +03:00