Commit Graph

213 Commits

Author SHA1 Message Date
Jouni Malinen
a821797219 tests: WPA2-Enterprise using EAP-SIM with zero database timeout
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-28 18:43:33 +02:00
Jouni Malinen
4c62638234 tests: EAP-FAST and provisioning options
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-28 18:43:33 +02:00
Jouni Malinen
db98b58736 tests: Remove trailing whitespace
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-28 14:31:42 +02:00
Jouni Malinen
969e525091 tests: Skip eap_tls_pkcs8_pkcs5_v15 with BoringSSL
It does not look like BoringSSL allows pbeWithMD5AndDES-CBC to be used
to protect the local private key, so skip this test case.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-21 12:31:20 +02:00
Jouni Malinen
677c2283e7 tests: Update eap_proto_psk_errors and ap_wpa2_eap_psk_oom
The extension of aes_128_ctr_encrypt() to allow AES-192 and AES-256 to
be used in addition to AES-128 for CTR mode encryption resulted in the
backtrace for the function calls changing. Update the test cases that
started failing due to that change.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 20:27:31 +03:00
Jouni Malinen
5b71cb552b tests: Update server and user certificates (2015)
The previous versions expired, so need to re-sign these to fix number of
the EAP test cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-09-30 22:45:03 +03:00
Jouni Malinen
78d2233f01 tests: Fix ap_wpa2_eap_too_many_roundtrips with OpenSSL 1.1.0
Use a smaller fragment_size to force the roundtrip limit to be reached
with OpenSSL 1.1.0 which seemed to result in a bit shorter TLS messages
being used and being able to complete the authentication successfully
with the previously used fragment_size value.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-07-15 13:30:57 +03:00
Jouni Malinen
2833743d4c tests: WPA2-Enterprise connection using EAP-GPSK and wildcard SSID
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-19 22:41:23 +03:00
Jouni Malinen
90b4c73fdf tests: Fix ap_wpa2_eap_fast_prf_oom with the updated PRF implementation
This is needed to work with the tls_openssl.c changes that renamed the
function that is used for deriving the EAP-FAST keys.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-23 20:40:14 +03:00
Janusz Dziedzic
6f334bf7a0 tests: Use hapd from hostapd.add_ap()
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-04-24 20:16:29 +03:00
Janusz Dziedzic
3b3e26875a tests: Use hapd from hostapd.add_ap() in eap_connect()
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-04-24 20:06:17 +03:00
Janusz Dziedzic
8b8a1864ff tests: Pass full apdev to add_ap() function (1)
Pass the full apdev to the add_ap() function instead of just ifname.
This allows us to handle also remote hosts while we can check
apdev['hostname'], apdev['port'].

This step (1) converts the cases where apdev[#]['ifname'] was used as
the argument to hostapd.add_ap().

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-04-03 22:45:57 +03:00
Jouni Malinen
07f0da3003 tests: EAP-SIM fast reauth with no-change SET_NETWORK
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-31 17:19:12 +03:00
Jouni Malinen
71666dc33a tests: Allow RC4-SHA failure in ap_wpa2_eap_fast_cipher_suites
This needs to be allowed with OpenSSL 1.1.0 since the RC4-based cipher
has been disabled by default.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-21 13:12:10 +02:00
Jouni Malinen
6c7fed4683 tests: EAP-SIM and check fast reauth with bssid change
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-16 19:46:27 +02:00
Jouni Malinen
40ae4a2ff2 tests: Fix root_ocsp() for multi-OCSP test cases
Incorrect path and file name was used in the openssl command to generate
one of the OCSP responses. Also fix
ap_wpa2_eap_tls_intermediate_ca_ocsp_multi to expect success rather than
failure due to OCSP response. Based on the test description, this was
supposed to succeed, but apparently that root_ocsp() bug prevented this
from happening.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-09 19:48:35 +02:00
Jouni Malinen
29b508e7dc tests: WPA2-Enterprise with EAP-GPSK and PTK rekey enforced by AP
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-02 17:11:38 +02:00
Jouni Malinen
d7ef6e6371 tests: Verify fast_max_pac_list_len=0 special case
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-02-20 10:06:02 +02:00
Jouni Malinen
0918fe4dda tests: EAP state machine status information
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-02-07 21:26:15 +02:00
Jouni Malinen
592790bf15 tests: Additional EAP-FAST PAC coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-02-06 13:23:42 +02:00
Jouni Malinen
31dd315382 tests: PKCS#12 with extra certs on the server
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-06 01:14:43 +02:00
Jouni Malinen
93aa1e1621 tests: EAP-FAST and binary PAC errors
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-06 00:28:16 +02:00
Jouni Malinen
a89faedc22 tests: EAP-TLS error cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-02-02 00:39:39 +02:00
Jouni Malinen
35372f6cd6 tests: EAP-IKEv2 with default fragment_size
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-15 10:36:41 +02:00
Jouni Malinen
7cbc8e6719 tests: fail_test instead of alloc_fail for aes_{encrypt,decrypt}_init
This is needed to fix ap_wpa2_eap_psk_oom, ap_wpa2_eap_sim_oom,
eap_proto_psk_errors, and ap_ft_oom with the new OpenSSL dynamic memory
allocation design.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-14 20:10:16 +02:00
Jouni Malinen
c397edf2bb tests: EAP-SIM/AKA with external GSM/UMTS auth failing
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-08 18:04:29 +02:00
Jouni Malinen
40c654cc1d tests: EAP-SIM with external GSM auth and replacing SIM
These test cases verify that EAP-SIM with external GSM auth supports the
use case of replacing the SIM. The first test case does this incorrectly
by not clearing the pseudonym identity (anonymous_identity in the
network profile) while the second one clears that and shows successful
connection.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-08 18:03:11 +02:00
Jouni Malinen
447fb0b0da tests: Make eap_check_auth() error on missing selectedMethod clearer
It was possible to hit an error case in ap_wpa2_eap_in_bridge where the
selectedMethod STATUS field was not available. This resulted in not very
helpful "'selectedMethod'" message in the test log file. Make this
clearer by dumping all received STATUS fields and a clearer exception
message indicating that selectedMethod was missing.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-01-07 00:27:50 +02:00
Jouni Malinen
ac713c0929 tests: WPA2-Enterprise connection using EAP-TTLS/EAP-GTC (OOM)
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-01-06 20:11:15 +02:00
Jouni Malinen
79a3973c95 tests: WPA2-Enterprise connection using EAP vendor test (OOM)
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-01-06 20:01:59 +02:00
Jouni Malinen
ecd07de40c tests: EAP-FAST and different TLS cipher suites
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-31 20:53:43 +02:00
Jouni Malinen
9353f07f3b tests: Clear BSS table at the end of rsn_ie_proto_eap_sta
rsn_ie_proto_eap_sta followed by eap_ttls_mschapv2_session_resumption
showed a failure case where the special RSNE from rsn_ie_proto_eap_sta
ended up remaining in a wpa_supplicant BSS entry and the SELECT_NETWORK
command used the previous scan results without checking for changed AP
configuration. This resulted in test failure due to RSN IE being claimed
to be different in EAPOL-Key msg 3/4. This is not really a real world
issue, but try to avoid false failure reports by explicitly clearing the
BSS table at the end of rsn_ie_proto_eap_sta.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-31 00:53:20 +02:00
Jouni Malinen
412c60309a tests: Increase connection timeout for number of EAP test cases
The previously used 10 second timeout allowed only two scan attempts
(five seconds between scans) and it was possible to hit a failure every
now and then when running under heavy load and the Probe Response frame
got delayed by 40 ms or so twice in a row. Add more time for one more
scan attempt to reduce the likelihood of this happening.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-30 20:00:01 +02:00
Jouni Malinen
52811b8c90 tests: EAP-TLS with intermediate CAs and OCSP multi
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-24 00:54:30 +02:00
Jouni Malinen
98d125cafa tests: Minimal testing of OCSP stapling with ocsp_multi
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-23 00:32:52 +02:00
Jouni Malinen
8adce07a73 tests: Add dh_file parameter for integrated EAP server
This is needed for number of EAP test cases at least when using the
internal TLS server implementation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-22 17:51:54 +02:00
Jouni Malinen
3b6f3b37b8 tests: WPA2-Enterprise connection using EAP-EKE (many connections)
This tries to make it more likely to hit the special case of pub_len <
prime_len for additional code coverage.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-21 23:57:16 +02:00
Jouni Malinen
d5f5d260b8 tests: EAP-PEAP phase1 TLS flags
This adds some more test coverage for phase1 parameters that had not
previously been included in any of the test cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-20 17:36:51 +02:00
Jouni Malinen
5382712518 tests: EAP-TTLS with unsupported Phase 2 EAP method in configuration
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-20 17:33:03 +02:00
Jouni Malinen
7cb27f89f2 tests: EAP-TLS and TLS Message Length in unfragmented packets
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-20 17:25:41 +02:00
Jouni Malinen
cef42a44e2 tests: EAP-TLS and config blob missing
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-20 17:25:41 +02:00
Jouni Malinen
bfdb90d40f tests: EAP-TTLS/MSCHAP with password hash
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-20 17:25:41 +02:00
Jouni Malinen
09a4404a33 tests: EAP-PEAP version forcing
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-19 20:59:14 +02:00
Jouni Malinen
81e1ab85bc tests: EAP-PEAP session resumption with crypto binding
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-19 20:23:51 +02:00
Jouni Malinen
09ad98c58a tests: EAP-PEAP with peap_outer_success=0
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-19 20:05:50 +02:00
Jouni Malinen
c4e06b9b7b tests: EAP-TTLS with invalid phase2 parameter values
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-18 00:24:51 +02:00
Jouni Malinen
138903f91f tests: Run OCSP test cases with internal TLS library
There is no sufficient OCSP support to go through these test cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-17 21:19:59 +02:00
Jouni Malinen
58a406202a tests: OCSP certificate signed OCSP response using key ID
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-17 00:49:26 +02:00
Jouni Malinen
8e416cecdb tests: Make key-lifetime-in-memory more robust for GTK check
The decrypted copy of a GTK from EAPOL-Key is cleared from memory only
after having sent out CTRL-EVENT-CONNECTED. As such, there was a race
condition on the test case reading the wpa_supplicant process memory
after the connection. This was unlikely to occur due to the one second
sleep, but even with that, it would be at least theorically possible to
hit this race under heavy load (e.g., when using large number of VMs to
run parallel testing). Avoid this by running a PING command to make sure
wpa_supplicant has returned to eloop before reading the process memory.
This should make it less likely to report false positives on GTK being
found in memory.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-14 17:23:47 +02:00
Jouni Malinen
16c43d2a8f tests: Run PKCS#12 tests with internal TLS crypto
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-14 15:49:01 +02:00