Commit graph

307 commits

Author SHA1 Message Date
Jouni Malinen
6162890798 tests: Update server and user certificates (2020)
The previous versions expired, so need to re-sign these to fix number of
the EAP test cases. This contains updates from running
tests/hwsim/auth_server/update.sh.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-05-03 20:03:28 +03:00
Jouni Malinen
aa6a50849c tests: EAP-SIM with decorated anonymous identity
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-03-19 21:12:43 +02:00
Jouni Malinen
cf47a43335 tests: EAP-SIM DB error cases (SQLite)
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-07 17:58:14 +02:00
Jouni Malinen
b54410127d tests: hapd->tmp_eap_user clearing on interface deinit/reinit
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-06 11:45:48 +02:00
Jouni Malinen
8d80aa3fca tests: Fix openssl_systemwide_policy cleanup
Need to close the WpaSupplicant instance on the extra radio before
returning from this test case since that interface is going to be
removed and WpaSupplicant.__del__() can time out on trying to detach the
monitor connection after that.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-03-01 12:34:05 +02:00
Jouni Malinen
fcdf5d93ea tests: EAP-TTLS and PEAP with TLS 1.3
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-02-20 18:00:54 +02:00
Jouni Malinen
0f84a56219 tests: More explicit TLS version enabling in version tests
This is needed to allow the test cases to work on systems using
secpolicy=2 default (e.g., Ubuntu 20.04).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-09-08 19:32:36 +03:00
Jouni Malinen
f636bc3abc tests: Skip TOD-TOFU/STRICT tests if build does not support this
This functionality is currently available only with OpenSSL and internal
TLS implementation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-05-16 21:58:10 +03:00
Jouni Malinen
82f2e3ddce tests: Move from 1024 bit private keys to 2048 bit keys
Crypto libraries are starting to refuse to accept the old shorter keys,
so move all test certificates and DH to use 2048 bit (or longer) keys.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-05-03 18:21:13 +03:00
Jouni Malinen
7e88ed8e2d tests: Use function decorator to clean up --long processing
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-18 11:35:32 +03:00
Jouni Malinen
48ac765919 tests: ap_wpa2_eap_assoc_rsn to allow TKIP-disabled hostapd build
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-17 23:51:58 +03:00
Jouni Malinen
21cf2c5baf tests: Skip more tests based on missing TKIP support
This makes it more convenient to run tests with builds that disable
TKIP/WPA(v1) support completely.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-17 23:51:58 +03:00
Jouni Malinen
431e5d5819 tests: Add forgotten step to ap_wpa3_eap_transition_disable
This was supposed to be included, but was forgotten in an editor window
with pending changes..

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-26 00:57:40 +02:00
Jouni Malinen
5cf5680e5c tests: Transition disable
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-26 00:22:57 +02:00
Alexander Wetzel
5742d12d4a tests: Allow PTK0 rekey for tests
Verify PTK0 rekey blocking is working as intended.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-02-23 13:11:02 +02:00
Jouni Malinen
e0d9f5fc15 tests: Replace tabs with spaces in python indentation
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-03 02:03:32 +02:00
Jouni Malinen
362889638b tests: Check for TLS EC support in build
These test cases need to be skipped with CONFIG_TLS=internal.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-26 16:54:07 +02:00
Jouni Malinen
09f96acb9d tests: PSK/EAP without nl80211 control port
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-05 21:31:33 +02:00
Jouni Malinen
d07ca835cb tests: Move ocsp-resp-*-signed*.der generation into test case
There is no need to generate these OCSP responses for every single test
session. Generate these more dynamically if a test case that uses these
files is executed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-12-27 20:14:02 +02:00
Jouni Malinen
b6bb4cd8c5 tests: Move ocsp-server-cache-{revoked,unknown}.der generation into test case
There is no need to generate these OCSP responses for every single test
session. Generate these more dynamically if a test case that uses these
files is executed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-12-27 20:14:02 +02:00
Jouni Malinen
662c2fa01a tests: Use the run_openssl() helper for running openssl
This avoids unnecessary duplication of the same functionality to run
openssl and check result.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-12-27 20:14:02 +02:00
Jouni Malinen
47ccb9ce24 tests: Move ocsp-server-cache-key-id.der generation into test case
There is no need to generate this OCSP response for every single test
session. Generate this more dynamically if the test case that uses the
particular file is executed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-12-27 20:14:02 +02:00
Jouni Malinen
b472fe2973 tests: Update server and user certificates (2019)
The previous versions expired, so need to re-sign these to fix number of
the EAP test cases. This contains updates from running
tests/hwsim/auth_server/update.sh.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-04 16:03:04 +03:00
Jouni Malinen
e0ee87c706 tests: Too many EAP roundtrips (server)
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-09-01 17:19:35 +03:00
Jouni Malinen
e6edadba86 tests: ap_wpa2_eap_too_many_roundtrips to use shorter fragment
This is needed with the increased maximum EAP round limit since the
server side sends out longer messages in this exchange and that prevent
the short message limit from being reached.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-18 17:46:34 +03:00
Jouni Malinen
8315c1ef5b tests: Vendor EAP method in Phase 2
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-17 16:18:33 +03:00
Jouni Malinen
b02f0f88fb tests: TOD-TOFU policy reporting
Also rename the previously added test case to use the TOD-STRICT name
for the earlier policy OID.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-16 16:40:36 +03:00
Jouni Malinen
6379bd6acf tests: Server checking CRL with check_crl_strict=0
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-11 16:37:48 +03:00
Jouni Malinen
ce30a79a14 tests: private_key_passwd2 in hostapd configuration
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-11 16:37:48 +03:00
Jouni Malinen
3bfa7f798b tests: Additional tls_flags coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-10 17:22:32 +03:00
Jouni Malinen
3948417305 tests: Additional EAP-GPSK local error case coverage
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-07 00:04:45 +03:00
Jouni Malinen
938c6e7b3d tests: Wait for AP-STA-CONNECT before running connectivity test
When going through 4-way handshake, the station side reports
CTRL-EVENT-CONNECTED after having sent out EAPOL-Key msg 4/4. The AP
side reports AP-STA-CONNECT after having completed processing of this
frame. Especially when using UML with time travel, it is possible for
the connectivity test to be started before the AP side has configured
the pairwise TK if the test is triggered based on CTRL-EVENT-CONNECTED
instead of AP-STA-CONNECT.

Add explicit wait for AP-STA-CONNECT in some of these cases to reduce
likelihood of reporting failures for test cases that are actually
behaving as expected. This shows up with "dev1->dev2 unicast data
delivery failed" in the test log.

Do the same before requesting reauthentication from the station side
since that has a similar issue with the EAPOL-Start frame getting
encrypted before the AP is ready for it.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-05 00:10:32 +03:00
Jouni Malinen
bef411a91b tests: hostapd eap_sim_id options
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-01 10:46:07 +03:00
Jouni Malinen
14b408c04c tests: Remove testing of EAP-pwd with Brainpool curves
This is in preparation of marking groups using Brainpool curves disabled
for SAE and EAP-pwd.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-07-27 23:36:27 +03:00
Jouni Malinen
036fc6bdbd tests: Disabled EAP-pwd group
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-07-23 13:31:50 +03:00
Jouni Malinen
1c63a1c4c6 tests: Prepare EAP-pwd test cases for allowed group configuration
Enable all supported groups in the existing ap_wpa2_eap_pwd_groups and
ap_wpa2_eap_pwd_invalid_group test cases to maintain current testing
functionality once wpa_supplicant is modified to use a different default
for the enabled groups.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-07-23 13:15:23 +03:00
Jouni Malinen
4ff0b909a9 tests: EAP-TLS and both RSA and EC sertificates certificates
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-07-12 18:13:10 +03:00
Jouni Malinen
f185715c59 tests: EAP-TLS and TLS 1.3 (EC certificates)
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-07-11 16:10:43 +03:00
Jouni Malinen
1363fdb283 tests: EAP-TLS server certificate validation and TOD
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-14 23:10:50 +03:00
Jouni Malinen
f50187a64c tests: EAP-SIM with external GSM auth and anonymous identity
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-31 16:52:15 +03:00
Jouni Malinen
73dbcd7951 tests: Make pmksa_cache_preauth_auto more robust
It is fine for the station to associate with either AP in this test
case, so do not force AP side connection check with apdev[0].

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-28 17:14:33 +03:00
Jouni Malinen
2a0db3eb5d tests: PEM encoded ca_cert blob
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-28 13:47:15 +03:00
Jouni Malinen
f19c56e383 tests: Fix ap_wpa2_eap_status loop with UML time-travel=inf-cpu
Busy loop for waiting is not going to work with time-travel=inf-cpu, so
need to something a bit more explicit to wait for the wpa_supplicant
process to proceed while not fully breaking the idea of this test case
to iteration through large number of STATUS-VERBOSE commands to hit
different states.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-27 22:43:07 +03:00
Jouni Malinen
c7c267fa51 tests: EAP-pwd rejection of groups 25, 26, and 27
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-13 18:28:05 +03:00
Jouni Malinen
caf4d1c979 tests: Remove testing of EAP-pwd groups 25, 26, and 27
This is in preparation of disallowing all use of these groups. Negative
test case for the groups will be added in a separate commit after the
implementation has been changed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-13 18:28:05 +03:00
Jouni Malinen
e8d8f4b680 tests: EAP-EKE rejection of unsupported DH groups 2 and 5
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-13 12:20:24 +03:00
Jouni Malinen
e01a492caa tests: Helper function for DISCONNECT + ABORT_SCAN + wait
Use a helper function to perform this common sequence to disconnect and
stop any possibly started reconnection attempt.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-03-17 17:58:33 +02:00
Jouni Malinen
fab49f6145 tests: Python coding style cleanup (pylint3 bad-whitespace)
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-16 18:52:09 +02:00
Jouni Malinen
8cfc758827 tests: Make ap_wpa2_eap_peap_params more robust
One of the steps that expected failure due to PMKID mismatch did not
stop connection attempts. This could result in the following test step
failing due to the previous profile with peaplabel=1 getting used to
derive the MSK incorrectly.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-15 13:51:55 +02:00
Jouni Malinen
f4f17e9aa1 tests: check_cert_subject
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-11 14:09:45 +02:00