3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-12-31 23:42:52 +01:00
Commit Graph

338 Commits

Author SHA1 Message Date
Andrew Zaborowski
5140c005c1 unit: Authenticator 4-way handshake error scenario 2020-08-17 09:53:14 -05:00
Andrew Zaborowski
5dd7f5a0fe unit: Add an authenticator-side 4-Way Handshake test
Test the eapol.c code responsible for the access point mode 4-way
handshake with correct IEs and PSK on both sides (success scenario).
2020-08-17 09:51:50 -05:00
Ard Biesheuvel
1db8a85a60 crypto: incorporate C implementation of ARC4
Incorporate the LGPL v2.1 licensed implementation of ARC4, taken from
the Nettle project (https://git.lysator.liu.se/nettle/nettle.git,
commit 3e7a480a1e351884), and tweak it a bit so we don't have to
operate on a skip buffer to fast forward the stream cipher, but can
simply invoke it with NULL dst or src arguments to achieve the same.

This removes the dependency [via libell] on the OS's implementation of
ecb(arc4), which may be going away, and which is not usually accelerated
in the first place.
2020-08-03 16:28:24 -05:00
Denis Kenzior
45824ff7eb unit: Update to the new handshake API 2020-04-02 00:41:18 -05:00
Torstein Husebø
759dbdd37f treewide: fix typos 2020-01-21 16:03:28 -06:00
Andrew Zaborowski
5888f66258 unit: Add a test for building M8 encrypted settings
There's are two changes to the example raw data in m8_encrypted_settings,
one is to change the Network Index value to 1 and the other is to drop
the Network Key Index attribute:

Network Index     R     Deprecated - use fixed value 1 for
                        backwards compatibility.

Network Key       O     Deprecated. Only included by WSC 1.0
Index                   devices. Ignored by WSC 2.0 or newer
                        devices.
2020-01-09 14:07:52 -06:00
Andrew Zaborowski
37816f6ebf unit: Update p2p_free_* function names 2019-11-21 14:02:33 -06:00
Denis Kenzior
217dc6d4cc unit: Fixup test-wsc
- Add missing break statement
- Add missing va_end
- Fix logic inversion introduced by 2d995b17c1dff

Fixes: 2d95b17c1d ("unit: Update event handler in WSC, eapol tests")
Reported-By: Will Dietz <w@wdtz.org>
2019-11-05 10:46:46 -06:00
Andrew Zaborowski
2d95b17c1d unit: Update event handler in WSC, eapol tests 2019-10-30 14:26:14 -05:00
Marcel Holtmann
152b56a12a treewide: Move the Intel copyright forward to 2019 2019-10-25 00:43:08 +02:00
Denis Kenzior
1ddd047a73 unit: Remove calls to __eap_set_config
These just end up setting a value that is already the default.
2019-10-24 13:48:26 -05:00
Denis Kenzior
c8247c3754 unit: assert that l_settings creation/loading succeeds 2019-10-17 12:42:45 -05:00
James Prestwood
f71a28ce38 unit: update wsc/eapol with new eap_init
test-eapol was passing zero as the MTU, so this simply needed to be
updated to remove that parameter.

test-wsc was actually setting a MTU value so when building the
settings we now add the proper value so the MTU can be set with
__eap_set_config.
2019-10-11 15:45:26 -05:00
Marcel Holtmann
5508833bab build: Hide the PKCS8 unit tests behind MAINTAINER_MODE for now 2019-10-11 08:57:38 +02:00
James Prestwood
fddf15f527 unit: add test for embedded certs to test-eapol
Refactored eapol_sm_test_tls to take a l_settings object rather than
a settings string. This lets the caller either load from data or
from file (the new test loads the build time generated tls-settings
file).
2019-10-07 14:41:15 -05:00
James Prestwood
f8de0a58f3 unit: update test-eapol to new ELL APIs 2019-10-02 10:37:39 -05:00
Denis Kenzior
f3db34aadf unit: Update to new RSNe builder behavior 2019-09-11 15:28:10 -05:00
Andrew Zaborowski
969c1871c5 unit: Update values in EAP-TLS-ServerDomainMask tests
Use more realistic domain name mask strings to be matched against the
DNS Name values in the subjectAltName extension.
2019-08-26 11:12:07 -05:00
Andrew Zaborowski
c5627ad62e build: Add a DNSName in the test server cert 2019-08-26 11:12:02 -05:00
Andrew Zaborowski
9c4c9a71c5 unit: Test the EAP-TLS-ServerSubjectMatch config option 2019-08-23 09:31:59 -05:00
Denis Kenzior
483194ee91 unit: Update to the new handshake_state API 2019-07-15 21:45:32 -05:00
Andrew Zaborowski
38099f75d6 unit: Add p2putil tests 2019-07-08 22:16:16 -05:00
James Prestwood
6c372c6c19 unit: update test-eapol with new handshake APIs 2019-06-07 14:22:39 -05:00
Marcel Holtmann
cde9933124 build: Generate certificates for unit testing locally 2019-05-11 10:11:12 +02:00
James Prestwood
14ac9e4aeb unit: fix test-sae after auth_proto changes
The SAE unit test needed to be updated to use the handshake_driver,
but in addition all the packet building needed a major overhaul. SAE
was changed to behave more like OWE/FILS, in that netdev passes the
raw mpdu frame into the RX callbacks. Before, only the authentication
data was passed. This requires the unit tests to now build up the
entire authentication frame, and in some cases append the header
to the data coming from the TX functions.
2019-05-03 14:43:35 -05:00
James Prestwood
a70ef82432 unit: update test-{crypto,eapol} with PTK changes
Updated to use l_checksum_type instead of boolean
2019-04-26 12:31:04 -05:00
James Prestwood
e999aa02a1 unit: update test-eapol with _verify_ptk_3_of_4 change 2019-04-26 12:24:53 -05:00
James Prestwood
a89e064d91 unit: update test-ie to use new builder APIs 2019-04-23 12:56:20 -05:00
James Prestwood
0a1f6a1d7c unit: update test-sae to free SM
This unit test was relying on the bad behavior of SAE to
free the SM internally. Now we explicitly free the SM in
each test.
2019-04-22 16:26:11 -05:00
James Prestwood
62e20ca285 eapol: pass mic_len in gtk 1/2 verify
FILS authentication does away with the MIC, so checking for key_mic
in the eapol key frame does not allow FILS to work. Now we pass in
the mic_len to eapol_verify_gtk_1_of_2, and if it is non-zero we can
check that the MIC is present in the frame.
2019-04-17 18:40:46 -05:00
James Prestwood
ea228bc8ab unit: test for AES-SIV 2019-04-17 13:55:11 -05:00
James Prestwood
27f7a523b4 unit: add tests for util_get_{domain,username}
test-ssid-to-utf8 was hijacked and renamed to test-util, and
two tests were added for the new utility functions.
2019-04-08 16:30:41 -05:00
Denis Kenzior
9c6589a6ad unit: Update to the new validate_mgmt_ies behavior 2019-04-05 16:31:30 -05:00
James Prestwood
05dcbfd982 unit: update AKM values to 32 bits in test-ie 2019-04-04 16:11:32 -05:00
James Prestwood
5338904824 unit: add check for SHA256/HMAC in SAE test 2019-04-04 11:43:01 -05:00
Marcel Holtmann
ea074ffe67 build: Create ELL_UNIT_TEST_DATA define for certificate directory 2019-04-03 19:16:29 +02:00
Denis Kenzior
f8af73f2c7 unit: Use l_container_of 2019-04-03 11:49:36 -05:00
Tim Kourt
2a104185a0 unit: Rename EAP TLS type 2019-04-02 14:34:43 -05:00
Andrew Zaborowski
7031045dfb unit: Update mschapv2 test to use mschap_nt_password_hash 2019-03-19 11:34:46 -05:00
James Prestwood
8fbd0870fc unit: fix test-sae to use new status codes 2019-02-27 16:16:03 -06:00
Denis Kenzior
c638fd50c8 unit: Add IWD_TLS_DEBUG environment variable handling 2019-02-22 14:48:44 -06:00
James Prestwood
08b6f4c432 unit: fix test-sae bad group test
When this test was written only group 19 was supported. The 'bad_group'
test used, at the time, unsupported group 20. Now group 20 is supported
so this test was expecting a failure. This updates the test to use group
0xff, which is not a valid ECC group and should always fail.
2019-02-07 12:16:14 -06:00
Denis Kenzior
3cf0184089 unit: Add another test with an out-of-order tag 2019-02-07 10:44:37 -06:00
Andrew Zaborowski
62851b9e47 unit: Fix usage of sizeof(struct eapol_key) in test-eapol 2019-01-22 11:40:47 -06:00
James Prestwood
f6013d8730 unit: update test-eapol to work with crypto/eapol changes 2019-01-17 15:20:28 -06:00
James Prestwood
79f7cb85c3 unit: update test-crypto to work with eapol/crypto changes 2019-01-17 15:20:28 -06:00
Denis Kenzior
6bf7e638b0 unit: Fix asan warning
==24642==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffe00450850 at pc 0x7f2043eef5e3 bp 0x7ffe00450660 sp 0x7ffe0044fdf0
WRITE of size 3 at 0x7ffe00450850 thread T0
    #0 0x7f2043eef5e2 in __interceptor_vsprintf /var/tmp/portage/sys-devel/gcc-8.2.0-r2/work/gcc-8.2.0/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:1522
    #1 0x7f2043eef956 in __interceptor_sprintf /var/tmp/portage/sys-devel/gcc-8.2.0-r2/work/gcc-8.2.0/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:1553
    #2 0x4026f1 in prf_test unit/test-prf-sha1.c:64
    #3 0x407478 in l_test_run ell/test.c:83
    #4 0x4029e3 in main unit/test-prf-sha1.c:130
    #5 0x7f2042dd9ed9 in __libc_start_main (/lib64/libc.so.6+0x20ed9)
    #6 0x401f79 in _start (/home/denkenz/iwd-master/unit/test-prf-sha1+0x401f79)
2019-01-11 11:34:49 -06:00
Tim Kourt
58f7b06c01 unit: Switch eap-mschapv2 test to use mschaputil 2019-01-10 17:04:57 -06:00
Denis Kenzior
9b722197ba ecc: Remove remaining ECC/ECDH files
ECC primitives have now been fully converted / moved to ell.
2019-01-10 16:27:09 -06:00
James Prestwood
e5cf66ddb2 unit: fix test-sae to use a valid peer point
Now that the peer element is validated we must send valid point data.
This should have been done in the beginning anyways, but since the
point data was not previously validated this test still passed.

Since this particular unit test is really testing timeouts we can just
use the commit buffer for other tests since it contains a valid scalar
and point.
2019-01-10 16:26:29 -06:00
Andrew Zaborowski
1578a37ac2 unit: Call the new l_tls_start in eap-tls test 2018-12-19 10:05:38 -06:00
James Prestwood
c2094c5e04 ecdh: remove ECDH and unit tests
ECDH was moved into ell and is no longer needed in IWD
2018-12-12 11:12:27 -06:00
James Prestwood
007d972046 unit: allow ECDH test vector to run without l_getrandom
Using the gcc wrap feature, l_getrandom was redefined to use a known
good, hardcoded random value. The two other tests were also disabled
if l_getrandom is not supported since these do require randomness
for proper testing.
2018-11-20 17:28:44 -06:00
James Prestwood
44c4074c35 unit: add ECDH test vector
RFC 5114 defines a test vector for each ECP group. These values were
hard coded into a new ECDH unit test.
2018-11-19 13:46:34 -06:00
Andrew Zaborowski
8c333a585a unit: Update for l_tls API changes 2018-11-19 13:04:30 -06:00
James Prestwood
dddbf22ab7 unit: added ECDH unit tests 2018-11-16 16:25:20 -06:00
Marcel Holtmann
16824cad05 unit: Use L_ARRAY_SIZE instead own version of it 2018-11-09 14:49:33 +01:00
Tim Kourt
f369c9006e unit: use new setting key name for EAP-MD5 2018-10-29 18:46:07 -05:00
Tim Kourt
949e672b75 unit: Fix TTLS test
Single AVP should not be padded with zeros as padding is only
used to separate AVPs in a sequence.

RFC 5281 Section 10.2.  AVP Sequences

   Data encapsulated within the TLS record layer must consist entirely
   of a sequence of zero or more AVPs.  Each AVP must begin on a four-
   octet boundary relative to the first AVP in the sequence.  If an AVP
   is not a multiple of four octets, it must be padded with zeros to the
   next four-octet boundary.

   Note that the AVP Length does not include the padding.
2018-10-19 10:00:10 -05:00
Marcel Holtmann
8f8a214fbd build: Use new l_tls_prf_get_bytes and remove ell/tls-private.h usage 2018-10-19 09:30:59 +02:00
Marcel Holtmann
467d3958b4 build: Use l_tls_prf_get_bytes instead of tls_prf_get_bytes 2018-10-19 08:46:57 +02:00
Marcel Holtmann
b27edce298 build: Use include "" instead of include <> for ell/tls-private.h 2018-10-19 08:24:57 +02:00
Denis Kenzior
d22e57c994 treewide: Remove use of key-private.h 2018-10-19 00:31:41 -05:00
Andrew Zaborowski
6405f487c6 unit: Update handshake_state WPA/RSN IE setter names 2018-08-27 11:46:38 -05:00
James Prestwood
700b7de175 unit: check random support on test-sae 2018-08-23 14:55:10 -05:00
James Prestwood
801188885c unit: updated test-sae to use le API's following sae.c 2018-08-23 12:24:06 -05:00
James Prestwood
41d35e561a unit: fix buffer overrun in SAE test 2018-08-15 15:54:18 -05:00
James Prestwood
26246e75c8 unit: tests for SAE 2018-08-15 13:26:58 -05:00
Denis Kenzior
db378dd2e8 unit: Fix compilation warning
Some compilers complained that:

../unit/test-ecc.c: In function ‘run_test’:
../unit/test-ecc.c:295:38: warning: ‘lres’ may be used uninitialized in
	this function [-Wmaybe-uninitialized]

assert(data->lres == lres);
                     ^
2018-08-10 14:46:03 -05:00
James Prestwood
c629d71427 unit: updated eapol test to reflect API changes
verify/calculate_mic and key decryption API's now take the AKM suite
2018-08-09 15:06:44 -05:00
James Prestwood
99d1e0595e unit: added test for vli_legendre 2018-08-08 16:06:29 -05:00
Denis Kenzior
412a03f236 unit: drop unit tests for removed functions 2018-07-30 08:59:55 -05:00
Tim Kourt
243a574d75 unit: add client token finder test 2018-07-25 11:47:49 -05:00
Denis Kenzior
41361053b3 unit: Print tls_alert 2018-06-28 13:23:29 -05:00
Denis Kenzior
5446389d32 unit: Store handshake_failed in test_handshake_state
Instead of using a global variable
2018-06-27 17:01:22 -05:00
James Prestwood
5d31fc25d7 unit: updated unit test with eapol deauth removal 2018-06-27 16:45:53 -05:00
Denis Kenzior
7c0bc22b7c unit: Update to the new API 2018-06-21 20:10:07 -05:00
Denis Kenzior
180a893c0c unit: Update to the new EAP API 2018-06-14 20:01:22 -05:00
Tim Kourt
c23849adf6 unit: add include for the changed public func 2018-05-31 19:39:42 -05:00
Denis Kenzior
5616962bb2 unit: Update scan_get_security usage to new API 2018-05-24 19:22:16 -05:00
James Prestwood
d810e7ab45 unit: updated ecc unit tests to use byte conversion 2018-05-04 19:33:55 -05:00
James Prestwood
49d313ab68 unit: Add ECC math sanity tests 2018-05-03 10:48:46 -05:00
Denis Kenzior
736db5c27c unit: update to the new API 2018-05-01 16:19:38 -05:00
Tim Kourt
7501d9372b unit: network args parser validation 2018-03-28 14:33:00 -05:00
Andrew Zaborowski
b1356680b7 unit: Update handshake_state_set_pmk parameters 2018-03-15 11:40:17 -05:00
Denis Kenzior
973b7b4555 unit: Additional support checks for WSC tests 2018-01-24 11:07:36 -06:00
Denis Kenzior
9e0d11f948 unit: pin generation test depends on getrandom
Turn this test off if the kernel doesn't have it
2018-01-24 09:17:00 -06:00
Denis Kenzior
f91380c195 unit: Skip EAPoL tests when kernel features are missing 2018-01-23 15:50:35 -06:00
Denis Kenzior
b64efb83bc unit: Don't run WSC tests if kernel features missing
WSC uses Diffie-Hellman and AES-CBC, so don't bother running the tests
that need these in case the feature is not present in the kernel.
2018-01-23 15:50:32 -06:00
Denis Kenzior
a1f4a9901d unit: Add EAPoL retransmission test 2017-10-19 16:47:35 -05:00
Andrew Zaborowski
525ecbb113 unit: Remove pbkdf2_sha1 tests
They can now be moved to ELL.
2017-10-09 14:34:31 -05:00
Andrew Zaborowski
47ae1c2f06 unit: Add IE order tests in test-mpdu 2017-09-22 12:15:37 -05:00
Andrew Zaborowski
786b93ffc4 unit: Add Extended Element ID tests in test-ie 2017-09-22 12:00:15 -05:00
Andrew Zaborowski
fd661d5e9f unit: Use new mpdu.h structs 2017-08-31 15:13:31 -05:00
Denis Kenzior
da029bead8 unit: Use overlapped in/out buffers
Since aes_wrap & aes_unwrap advertise support for overlapped in/out
buffers, make sure that the unit test actually tests this as well.
valgrind will complain if the memory is overlapped and memcpy is used
instead of memmove.
2017-08-31 13:16:28 -05:00
Denis Kenzior
9da2d64980 unit: Add check that AES is present 2017-08-31 13:15:15 -05:00
Andrew Zaborowski
ef652642b5 unit: Test aes_wrap and aed_unwrap in test-crypto 2017-08-31 13:10:47 -05:00
James Prestwood
83995b5099 unit: update SIM unit tests to derive MAC changes 2017-08-30 17:31:43 -05:00
James Prestwood
8b575103b6 unit: Added unit tests for EAP-AKA' API's
This adds unit tests for the new key derivation functions
in simutil.c. The test data was obtained from RFC 5448
(case 1 and 2).
2017-08-30 16:39:10 -05:00
James Prestwood
b2fe7fe230 unit: EAP-SIM unit tests
Several unit tests for EAP-SIM functionality:
 - Get/Add attributes
 - MAC calculation
 - PRNG test
2017-08-21 18:03:13 -05:00