Commit Graph

3216 Commits

Author SHA1 Message Date
Jouni Malinen
ba6ce9c657 tests: DPP and duplicated Authentication Response
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-13 13:22:40 +02:00
Jouni Malinen
a1983aa72c tests: Make sae_anti_clogging_during_attack more robust
Accept a smaller number of token responses in second round to avoid
failing this test case as frequently.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-12 17:31:40 +02:00
Jouni Malinen
53b4f0fe6a tests: Disable fragm/rts_threshold after testing it
The configurated fragmentation/RTS threshold value survives AP mode
interface restarts, so these values need to be explicitly cleared back
to default (disabled). This fixes an issue where some test cases could
not work correctly if fragmentation on the interface was enabled. For
example, this combination used to fail:
ap_fragmentation_open ap_hs20_fetch_osu

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-12 17:18:38 +02:00
Jouni Malinen
abaa0893f0 tests: Fix scan_specific_bssid in case Beacon frame is seen
The first scan for the unknown BSSID could have been timed in a manner
that allows passive scanning to find the real AP even if that AP's
beacon interval was 1000 (e.g., heavy CPU load changed timing so that
the AP beaconing started at suitable time). The check for BSS result
entry not including Probe Response frame was comparing incorrect BSS
entries (bss2 vs. bss1) which resulted in the test case claiming failure
even when there was no unexpected Probe Response frame.

Fix this by comparing the beacon_ie and ie parameters from the same BSS
entry (bss1).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-12 16:36:46 +02:00
Jouni Malinen
9efd3447c7 tests: Make AP discovery more robust in eap_proto test cases
Number of these test cases start connection attempt in wpa_supplicant
and then expected a specific failure to happen relatively quickly. This
could result in timeouts if the first scanning round missed to find the
AP (e.g., due to CPU load pushing out the Probe Response frame long
enough for the station having left the channel) and wpa_supplicant then
waiting five seconds before starting a new scan.

Make this more robust by scanning explicitly for the specific BSSID
before starting the connection attempt.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-12 16:24:15 +02:00
Jouni Malinen
914d8ecac7 tests: SAE group negotiation (no match)
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-12 00:25:48 +02:00
Jouni Malinen
f4f17e9aa1 tests: check_cert_subject
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-11 14:09:45 +02:00
Lubomir Rintel
192d061add tests: Drop testing of the old D-Bus interface
This old interface has been obsoleted and should not have been used
since 2010, so remove testing for it in preparation to dropping the
interface completely from wpa_supplicant.

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
2019-03-09 18:23:09 +02:00
Jouni Malinen
a5387062e5 tests: Use a helper function for DPP_BOOTSTRAP_GEN commands
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-03-09 18:13:10 +02:00
Jouni Malinen
0422d06b54 tests: Use a helper function for DPP_QR_CODE commands
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-03-09 16:55:54 +02:00
Jouni Malinen
7010f4bed5 tests: DPP provisioning updating wpa_supplicant configuration file
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-03-09 16:23:04 +02:00
Jouni Malinen
0defc42a49 tests: Add wlantest description for ap_ft_pmf_*_over_ds
This is convenient to allow easier examination of the FT Action frames.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-03-09 11:37:02 +02:00
Jouni Malinen
0c481b7866 tests: Use run_ap_ft_pmf_bip_over_ds() for ap_ft_pmf_over_ds
No need to duplicate this functionality when all the ap_ft_pmf_*_over_ds
test cases are doing practically the same thing and the
no-specific-cipher-configuration case can be addressed easily with the
same helper function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-03-09 11:33:49 +02:00
Jouni Malinen
46b8ea2105 tests: Fix ap_ft_pmf_over_ds
The main step of the test case was accidentally removed when adding the
cipher specific versions.

Fixes: ffcaca68d3 ("tests: FT with different BIP algorithms")
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-03-09 11:26:38 +02:00
Jouni Malinen
9ebbdd0aa3 tests: Report authentication server memory leaks more visible
It was too easy to miss memory leaks in the hostapd-as-AS log.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-08 16:52:52 +02:00
Jouni Malinen
dc0f727c99 tests: WPS with PSK+SAE
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-06 21:52:49 +02:00
Jouni Malinen
e43352ff41 tests: SAE anti clogging during an attack
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-06 13:07:25 +02:00
Jouni Malinen
a053ab9590 tests: More complete group list for sae_groups
Add group 1 for completeness sake and also and Brainpool groups with
OpenSSL 1.1.*.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-06 13:05:23 +02:00
Jouni Malinen
c097f12c8f tests: Enable needed SAE groups explicitly in sae_oom_wpas
Configure the sae_groups parameter for hostapd explicitly in preparation
for the default value change in the implementation.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-05 17:14:05 +02:00
Jouni Malinen
656f4a3edd tests: Enable needed SAE groups explicitly in sigma_dut_sae
Configure the sae_groups parameter for hostapd explicitly in preparation
for the default value change in the implementation.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-05 17:12:44 +02:00
Jouni Malinen
3d5b88b5a0 tests: FT-SAE with Password Identifier
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-26 20:40:32 +02:00
Jouni Malinen
05103c400b tests: More robust connect command testing
Avoid an invalid failure case due to scan results being left behind from
connect_cmd_bssid_hint when executing connect_cmd_reject_assoc by
explicitly clearing the scan results from dev5. This fixes an error case
that happened with the following test case sequence:
connect_cmd_bssid_hint connect_cmd_reject_assoc

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-25 21:58:28 +02:00
Jouni Malinen
fe5400dda2 tests: Make MACsec test cases clear monitor socket more thoroughly
The wpas (dev5) control interface socket did not always get cleared in
the MACsec test cases and this could result in issues with following
test cases if the dev5 message queue hit the maximum limit.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-25 21:40:23 +02:00
Lubomir Rintel
5644f0ce3a tests: Remove CONFIG_PEERKEY
The functionality has been removed in commit a0bf1b68c0 ('Remove all
PeerKey functionality').

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
2019-02-25 19:48:49 +02:00
Jouni Malinen
f3e671591e tests: libFuzzer integration for test-json and test-x509
Allow these test tools to be used with libFuzzer in addition to
afl-fuzz.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-25 19:48:49 +02:00
Arnout Vandecappelle (Essensium/Mind)
b1daf498a1 tests: Multi-AP WPS provisioning
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-02-18 22:35:42 +02:00
Arnout Vandecappelle (Essensium/Mind)
cb3c156e7b tests: Update multi_ap_fronthaul_on_ap to match implementation
Now that the backhaul STA Multi-AP association is not rejected anymore
by the AP, update the test case to expect disconnection to be triggered
by the STA.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-02-18 20:26:32 +02:00
Arnout Vandecappelle (Essensium/Mind)
a1debd3384 tests: Refactor test_multi_ap
With just one additional argument, the run_multi_ap_association()
function can be used for all tests.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-02-18 20:15:22 +02:00
Jouni Malinen
61929f4b07 tests: Empty token in wpa_psk_file
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-18 18:41:43 +02:00
Jouni Malinen
5a3a131993 tests: Mark log files to use utf-8 encoding
This seems to be needed when using python3 in VM for the ssid_utf8 test
case debug prints from the control interface requests. This breaks
python2 support for the same logging entries, but there does not seem to
be any easy way of addressing this in a manner that works for both
python versions, so move ahead with the python3-only support from now
on.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-18 18:19:06 +02:00
Masashi Honma
432496cdd8 tests: Switch default python version to 3
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-02-17 17:26:01 +02:00
Jouni Malinen
258d88248b tests: AP VLAN based on SAE Password Identifier
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-17 17:24:23 +02:00
Jouni Malinen
cf4643aa7d tests: Force diff chan in p2ps_channel_active_go_and_station_different_mcc
This test case was failing pretty frequently due to an issue in being
able to send out the Provision Discovery Response frame on the operating
channel. Now that wpa_supplicant has a fix for that issue, modify this
test case to hit this error condition every time. In addition, make sure
the possible exception from p2ps_exact_seek() does not get hidden with a
failing remove_group() call in the finally section.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-17 16:55:50 +02:00
Jouni Malinen
e1348d21e9 tests: OpenSSL ECDH curve configuration
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-17 14:01:57 +02:00
Jouni Malinen
836f0ddac1 tests: EAP-PEAP/EAP-GTC
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-15 12:03:45 +02:00
Jouni Malinen
810dcfb667 tests: Wi-Fi generation indication for HT and VHT
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-15 02:09:41 +02:00
Jouni Malinen
dd12e58e5f tests: ap_wpa_ie_parsing to allow EAPOL-Key msg 2/4 rejection
Once mac80211 starts reporting the used Association Request frame IEs in
the association event, wpa_supplicant will update RSN supplicant IE
information based on that and that will make the AP reject EAPOL-Key msg
2/4 in this particular test scenario due to the hack of including two
RSN IEs in the Association Request frame. Accept this sequence as a
valid test execution in addition to the previously expected connection
to avoid reporting incorrect failures.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-15 02:09:41 +02:00
Jouni Malinen
b4788908ca tests: AP VLAN based on PSK/passphrase
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-14 13:36:54 +02:00
Jouni Malinen
051c8cae6a tests: DPP and two initiators
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-14 11:50:40 +02:00
Jouni Malinen
6c02fa214b tests: AP not receiving Authentication frame ACK
Verify that the not-associated STA gets deauthenticated, not
disassociated, on inactivity timeout.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-11 17:42:59 +02:00
Masashi Honma
51c83edfca tests: Catch only specific exceptions
This allows unexpected cases to terminate parallel-vm.py without being
hidden by the exception handler.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-02-11 12:42:52 +02:00
Jouni Malinen
b623634262 tests: Document some of the test tools
This will hopefully make it easier for others to use these test tools.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-11 02:35:29 +02:00
Jouni Malinen
a4a9737d6b tests: Fix wnm-fuzzer by adding dummy configuration
Some of the WNM implementation expects configuration to be available
(e.g., ieee802_!1_rx_wnm_coloc_intf_req() dereferences wpa_s->conf), so
add a dummy configuration to allow the fuzzer tool to be used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-11 02:35:29 +02:00
Jouni Malinen
525923b1d7 tests: EAPOL-Key fuzzing tool
Add test-eapol program that can be used for fuzzing the EAPOL-Key
Supplicant and Authenticator implementations. This tool can write
Supplicant or Authenticator messages into a file as an initialization
step and for the fuzzing step, that file (with potential modifications)
can be used to replace the internally generated message contents.

The TEST_FUZZ=y build parameter is used to make a special build where a
hardcoded random number generator and hardcoded timestamp are used to
force deterministic behavior for the EAPOL-Key operations. This will
also make the implementation ignore Key MIC and AES keywrap errors to
allow processing of modified messages to continue further.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-11 02:35:29 +02:00
Jouni Malinen
79fa1b4530 tests: JSON parser fuzzer
test-json can be used for fuzz testing the JSON parser implementation in
src/utils/json.c.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-11 02:35:29 +02:00
Jouni Malinen
1ac9c020b5 tests: TLS fuzzing tool
Add test-tls program that can be used for fuzzing the internal TLS
client and server implementations. This tool can write client or server
messages into a file as an initialization step and for the fuzzing step,
that file (with potential modifications) can be used to replace the
internally generated message contents.

The TEST_FUZZ=y build parameter is used to make a special build where a
hardcoded random number generator and hardcoded timestamp are used to
force deterministic behavior for the TLS operations.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-11 02:35:29 +02:00
Jouni Malinen
b49ec25979 tests: Add a simple HTTPS server for TLS testing
This makes it easier to use TLS testing tools against the internal TLS
implementation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-10 01:55:39 +02:00
Masashi Honma
45d3e2edbd tests: Explicitly flush stdin for python3
Without this flush(), test does not run.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-02-10 01:43:50 +02:00
Masashi Honma
3069be8fe3 tests: Encode VM input for python3
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-02-10 01:43:50 +02:00
Masashi Honma
689a956049 tests: Decode VM output for python3
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-02-10 01:43:50 +02:00