Commit Graph

92 Commits

Author SHA1 Message Date
Jouni Malinen
91a0703157 tests: Layer 2 Update frame behavior in mac80211
This verifies mac80211 behavior for Layer 2 Update frame use and other
unexpected frames from a not fully authentication station.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-09-17 12:39:03 +03:00
Jouni Malinen
938c6e7b3d tests: Wait for AP-STA-CONNECT before running connectivity test
When going through 4-way handshake, the station side reports
CTRL-EVENT-CONNECTED after having sent out EAPOL-Key msg 4/4. The AP
side reports AP-STA-CONNECT after having completed processing of this
frame. Especially when using UML with time travel, it is possible for
the connectivity test to be started before the AP side has configured
the pairwise TK if the test is triggered based on CTRL-EVENT-CONNECTED
instead of AP-STA-CONNECT.

Add explicit wait for AP-STA-CONNECT in some of these cases to reduce
likelihood of reporting failures for test cases that are actually
behaving as expected. This shows up with "dev1->dev2 unicast data
delivery failed" in the test log.

Do the same before requesting reauthentication from the station side
since that has a similar issue with the EAPOL-Start frame getting
encrypted before the AP is ready for it.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-05 00:10:32 +03:00
Jouni Malinen
298eb0792e tests: Give more time in ap_wpa2_psk_ext_delayed_ptk_rekey for UML
Waiting for exactly one second for a one second timeout with
time-travel=inf-cpu is not exactly robust, so increase that wait to be
able to see the last EAPOL-Key TX attempt from hostapd.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-27 22:53:53 +03:00
Jouni Malinen
bfce94e094 tests: WPA2-PSK and local error cases on supplicant
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-16 21:35:04 +03:00
Jouni Malinen
8030e2b594 tests: Protocol testing for supplicant PMF/IGTK KDE handling
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-16 19:31:34 +03:00
Jouni Malinen
fab49f6145 tests: Python coding style cleanup (pylint3 bad-whitespace)
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-16 18:52:09 +02:00
Jouni Malinen
61929f4b07 tests: Empty token in wpa_psk_file
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-18 18:41:43 +02:00
Jouni Malinen
dd12e58e5f tests: ap_wpa_ie_parsing to allow EAPOL-Key msg 2/4 rejection
Once mac80211 starts reporting the used Association Request frame IEs in
the association event, wpa_supplicant will update RSN supplicant IE
information based on that and that will make the AP reject EAPOL-Key msg
2/4 in this particular test scenario due to the hack of including two
RSN IEs in the Association Request frame. Accept this sequence as a
valid test execution in addition to the previously expected connection
to avoid reporting incorrect failures.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-15 02:09:41 +02:00
Jouni Malinen
236bbda8e4 tests: Use floor division (//) to avoid issues with python3
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-04 12:26:34 +02:00
Jouni Malinen
b3361e5dc9 tests: Explicit str/bytes conversion for key_lifetime_in_memory
This is needed for python3.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-04 12:26:34 +02:00
Masashi Honma
15dfcb69df tests: Use 'b' prefix to mark Bytes literals explicitly for python3
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-04 12:26:33 +02:00
Masashi Honma
f94df3c0b0 tests: Explicitly encode str to bytes when needed for python3
Avoid implicit conversion errors when constructing bytes objects or
passing a str object to a function that needs a bytes object.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-04 12:26:33 +02:00
Masashi Honma
7ab74770e7 tests: Convert binascii.hexlify() output to a string object for python3
This is needed in cases the hexlify() output is used to concatenate with
a string or used in string comparisons.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-04 12:26:33 +02:00
Jouni Malinen
0eb34f8f28 tests: WPA2-PSK AP with PSK from a file (keyid and reload)
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-01-26 17:52:04 +02:00
Jouni Malinen
06809f618d tests: WPA2-PSK+FT AP and workaround for incorrect STA behavior
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-01-06 21:20:34 +02:00
Jouni Malinen
c773c7d5dd tests: WPA2-PSK/TKIP and MIC=0 in msg 3/4
Verify that unauthenticated EAPOL-Key message does not get decrypted.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-08-08 16:51:35 +03:00
Jouni Malinen
007bf37e4b tests: Processing of truncated RSNE fields
Verify that truncated RSN Capabilities field and PMKIDCount field get
ignored.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-02-19 12:26:26 +02:00
Jouni Malinen
fe4af86c16 tests: WPA2-PSK AP and association request RSN IE with PMKID
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-01-12 00:50:45 +02:00
Jouni Malinen
257ad53c1d tests: WPA2-PSK AP and GTK rekey by AP request
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-29 17:00:50 +02:00
Jouni Malinen
60890ca4ee tests: Delayed PTK rekey exchange attack protection
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-20 20:32:37 +03:00
Jouni Malinen
ec765bc797 tests: Disabling of EAPOL-Key retries
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-17 00:07:17 +03:00
Jouni Malinen
3bcc524733 tests: WPA2-PSK AP and PTK rekey enforced by station and ANonce change
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-16 17:48:25 +03:00
Jouni Malinen
b74f82a4f8 tests: Comment out during-association TK-in-memory checks
TK needs to be maintained in memory for additional testing
functionality, so for now, comment out these checks.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-16 17:43:10 +03:00
Jouni Malinen
f4528fbf51 tests: 4-way handshake msg 3/4 replay with extra msg 1/4
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-16 02:03:47 +03:00
Jouni Malinen
c29475a932 tests: Delayed EAPOL-Key msg 3/4 replaying attack
This hits the new wpa_supplicant code path that rejects reconfiguration
of the same GTK.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-16 02:03:47 +03:00
Jouni Malinen
6db556b21d tests: Allow wpa_supplicant to maintain GTK in memory during association
This is needed to allow GTK configuration triggers to verify whether the
key has changed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-16 02:03:47 +03:00
Andrei Otcheretianski
79f846a7a9 tests: Rename ap_wpa2_psk_file test
There are two different tests with the same name in test_ap_psk.py.
Fix that.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2017-03-06 23:38:48 +02:00
Jouni Malinen
069daec4ee tests: Fix EAPOL frame source address in protocol tests
The send_eapol() calls for delivering frames to wpa_supplicant had a
copy-paste bug from the earlier hostapd cases. These were supposed to
use the BSSID, not the address of the station, as the source address.
The local address worked for most cases since it was practically
ignored, but this could prevent the race condition workaround for
association event from working. Fix this by using the correct source
address (BSSID).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-28 11:24:15 +02:00
Jouni Malinen
ac723b35bb tests: WPA2-PSK EAPOL-Key retry limit configuration
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-07 00:25:36 +02:00
Jouni Malinen
50bb5c8627 tests: WPA-PSK AP and only rsn_pairwise set
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-09-23 11:45:55 +03:00
Jouni Malinen
bc6e32880f tests: Remove extra semicolons from python scripts
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-07-03 22:37:01 +03:00
Jonathan Afek
9fd6804d61 tests: Mark 525 tests as remote compatible
After successfully passing the 525 tests on a remote setup mark the
tests as remote compatible.

Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
2016-06-27 21:47:37 +03:00
Jonathan Afek
bb04a9a9a3 tests: Use general cmd_execute() for bridge setup commands
The hwsim tests used to execute shell commands in the tests using the
subprocess python module. Use the cmd_execute() general function for
executing shell commands to setup bridge so that this would also work on
remote setups.

Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
2016-06-27 21:47:37 +03:00
Jonathan Afek
10e09d8316 tests: Use cmd_execute() for ip link set up/down commands
The hwsim tests used to execute shell commands in the tests using the
subprocess python module. Use the cmd_execute() general function for
executing "ip link set up/down" commands so that this would also work on
remote setups.

Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
2016-06-27 21:10:35 +03:00
Jonathan Afek
525f8293e5 tests: Use cmd_execute() in find_wpas_process()
The hwsim tests used to execute shell commands in the tests using the
subprocess python module. Use the cmd_execute() general function for
executing "ps ax" so that this would also work on remote setups.

Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
2016-06-27 21:10:35 +03:00
Janusz Dziedzic
84f3f3a5e6 tests: Use hostapd.add_ap() instead of HostapdGlobal() (PSK)
This makes ap_cli_order more usable for testing with remote hosts.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-04-24 19:24:49 +03:00
Janusz Dziedzic
41ba40e74d tests: Pass full apdev to add_ap() function (7)
Pass the full apdev to the add_ap() function instead of just ifname.
This allows us to handle also remote hosts while we can check
apdev['hostname'], apdev['port'].

This step (7) converts the cases where a local variable is used to store
apdev[#]['ifname'] before passing it as the argument to hostapd.add_ap().

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-04-03 22:46:14 +03:00
Janusz Dziedzic
afc26df29c tests: Pass full apdev to add_ap() function (4)
Pass the full apdev to the add_ap() function instead of just ifname.
This allows us to handle also remote hosts while we can check
apdev['hostname'], apdev['port'].

This step (4) converts the cases that call hostapd.add_ap() from a
helper function that got apdev[i] as an argument.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-04-03 22:46:12 +03:00
Janusz Dziedzic
8b8a1864ff tests: Pass full apdev to add_ap() function (1)
Pass the full apdev to the add_ap() function instead of just ifname.
This allows us to handle also remote hosts while we can check
apdev['hostname'], apdev['port'].

This step (1) converts the cases where apdev[#]['ifname'] was used as
the argument to hostapd.add_ap().

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-04-03 22:45:57 +03:00
Jouni Malinen
8e416cecdb tests: Make key-lifetime-in-memory more robust for GTK check
The decrypted copy of a GTK from EAPOL-Key is cleared from memory only
after having sent out CTRL-EVENT-CONNECTED. As such, there was a race
condition on the test case reading the wpa_supplicant process memory
after the connection. This was unlikely to occur due to the one second
sleep, but even with that, it would be at least theorically possible to
hit this race under heavy load (e.g., when using large number of VMs to
run parallel testing). Avoid this by running a PING command to make sure
wpa_supplicant has returned to eloop before reading the process memory.
This should make it less likely to report false positives on GTK being
found in memory.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-14 17:23:47 +02:00
Jouni Malinen
f089cdf98e tests: Add more memory details on key-lifetime-in-memory
This makes it easier to see where in memory the key was found and what
there is in memory around that location.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-14 15:49:01 +02:00
Jouni Malinen
0ceff76e7b tests: WPA2 AP processing of RSN IE differences
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-06 20:00:10 +02:00
Jouni Malinen
8eb45bde38 tests: Write GTK locations into debug log in key_lifetime_in_memory
It looks like it is possible for the GTK to be found from memory every
now and then. This makes these test cases fail. Write the memory
addresses in which the GTK was found to the log to make it somewhat
easier to try to figure out where the key can be left in memory.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-06 17:48:43 +02:00
Avraham Stern
f487e306b9 tests: Set bridge ageing in ap_wpa2_bridge_fdb test
Set the bridge ageing to 1 sec to make the bridge clear unused
addresses after this interval. Otherwise the test depends on
the local configuration of brctl.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2015-10-16 20:22:54 +03:00
Jouni Malinen
a359c7bb23 tests: Read monitor messages more frequently
These test cases left at least one of the attached monitor sockets
blocking for excessive time: ap_wpa2_eap_aka_ext,
ap_hs20_req_conn_capab_and_roaming_partner_preference,
ap_hs20_min_bandwidth_and_roaming_partner_preference, ap_wpa_ie_parsing.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-04 20:45:20 +03:00
Jouni Malinen
4b9d79b66e tests: Make it less likely to overflow wlan5 control iface socket
Number of test cases did not read all control interface socket events
from the dynamically added wlan5 interface. This could result in hitting
maximum socket TX queue length and failures in the following test cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-04 01:42:42 +03:00
Jouni Malinen
242339ded1 tests: WPA2-PSK and retry for EAPOL-Key msg 3/4
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-10-01 18:55:19 +03:00
Johannes Berg
b1f69186d2 tests: Add test for hostapd cli ordering
When the 'SET wpa 2' command is executed last, it seems to somehow
reset parts of the settings, causing hostapd to beacon with the
pairwise cipher suite selector set to 00-0F-AC:0 (none/use-group).
This is not permitted and should be rejected; wpa_supplicant also
cannot connect.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2015-09-27 15:55:11 +03:00
Jouni Malinen
ecafa0cf47 tests: RSN element protocol testing for STA side
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-08 20:04:07 +03:00
Jouni Malinen
a1eabc74b8 tests: Skip WPA(V1) test cases in FIPS mode
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00