Cyclic0007/wolfssl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #7446 from julek-wolfssl/hostap

Browse Source 
hostap update
This commit is contained in:
David Garske
2024-05-13 10:35:01 -07:00
committed by GitHub
parent 4b81a99f91 df425b306f
commit 29f7578a61
17 changed files with 2879 additions and 423 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
.github/workflows/hostap.yml → .github/workflows/disabled/hostap.yml vendored
View File

122
.github/workflows/hostap-files/configs/07c9f183ea744ac04585fb6dd10220c75a5e2e74/hostapd.config vendored Normal file
View File

@@ -0,0 +1,122 @@
#CC=ccache gcc
CONFIG_DRIVER_NONE=y
CONFIG_DRIVER_NL80211=y
CONFIG_RSN_PREAUTH=y
#CONFIG_TLS=internal
#CONFIG_INTERNAL_LIBTOMMATH=y
#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
#CONFIG_TLS=openssl
CONFIG_TLS=wolfssl
CONFIG_EAP=y
CONFIG_ERP=y
CONFIG_EAP_MD5=y
CONFIG_EAP_TLS=y
CONFIG_EAP_MSCHAPV2=y
CONFIG_EAP_PEAP=y
CONFIG_EAP_GTC=y
CONFIG_EAP_TTLS=y
CONFIG_EAP_SIM=y
CONFIG_EAP_AKA=y
CONFIG_EAP_AKA_PRIME=y
CONFIG_EAP_GPSK=y
CONFIG_EAP_GPSK_SHA256=y
CONFIG_EAP_SAKE=y
CONFIG_EAP_PAX=y
CONFIG_EAP_PSK=y
CONFIG_EAP_VENDOR_TEST=y
CONFIG_EAP_FAST=y
CONFIG_EAP_TEAP=y
CONFIG_EAP_IKEV2=y
CONFIG_EAP_TNC=y
CFLAGS += -DTNC_CONFIG_FILE=\"tnc/tnc_config\"
LIBS += -rdynamic
CONFIG_EAP_UNAUTH_TLS=y
ifeq ($(CONFIG_TLS), openssl)
CONFIG_EAP_PWD=y
endif
ifeq ($(CONFIG_TLS), wolfssl)
CONFIG_EAP_PWD=y
endif
CONFIG_EAP_EKE=y
CONFIG_PKCS12=y
CONFIG_RADIUS_SERVER=y
CONFIG_IPV6=y
CONFIG_TLSV11=y
CONFIG_TLSV12=y
CONFIG_FULL_DYNAMIC_VLAN=y
CONFIG_VLAN_NETLINK=y
CONFIG_LIBNL32=y
CONFIG_LIBNL3_ROUTE=y
CONFIG_IEEE80211R=y
CONFIG_IEEE80211AC=y
CONFIG_IEEE80211AX=y
CONFIG_OCV=y
CONFIG_WPS=y
CONFIG_WPS_UPNP=y
CONFIG_WPS_NFC=y
#CONFIG_WPS_STRICT=y
CONFIG_WPA_TRACE=y
CONFIG_WPA_TRACE_BFD=y
CONFIG_P2P_MANAGER=y
CONFIG_DEBUG_FILE=y
CONFIG_DEBUG_LINUX_TRACING=y
CONFIG_WPA_CLI_EDIT=y
CONFIG_ACS=y
CONFIG_NO_RANDOM_POOL=y
CONFIG_WNM=y
CONFIG_INTERWORKING=y
CONFIG_HS20=y
CONFIG_SQLITE=y
CONFIG_SAE=y
CONFIG_SAE_PK=y
CFLAGS += -DALL_DH_GROUPS
CONFIG_FST=y
CONFIG_FST_TEST=y
CONFIG_TESTING_OPTIONS=y
CFLAGS += -DCONFIG_RADIUS_TEST
CONFIG_MODULE_TESTS=y
CONFIG_SUITEB=y
CONFIG_SUITEB192=y
# AddressSanitizer (ASan) can be enabled by uncommenting the following lines.
# This can be used as a more efficient memory error detector than valgrind
# (though, with still some CPU and memory cost, so VM cases will need more
# memory allocated for the guest).
#CFLAGS += -fsanitize=address -O1 -fno-omit-frame-pointer -g
#LIBS += -fsanitize=address -fno-omit-frame-pointer -g
#LIBS_h += -fsanitize=address -fno-omit-frame-pointer -g
#LIBS_n += -fsanitize=address -fno-omit-frame-pointer -g
#LIBS_c += -fsanitize=address -fno-omit-frame-pointer -g
# Undefined Behavior Sanitizer (UBSan) can be enabled by uncommenting the
# following lines.
#CFLAGS += -Wno-format-nonliteral
#CFLAGS += -fsanitize=undefined
##CFLAGS += -fno-sanitize-recover
#LIBS += -fsanitize=undefined
##LIBS += -fno-sanitize-recover
#LIBS_h += -fsanitize=undefined
#LIBS_n += -fsanitize=undefined
#LIBS_c += -fsanitize=undefined
CONFIG_MBO=y
CONFIG_TAXONOMY=y
CONFIG_FILS=y
CONFIG_FILS_SK_PFS=y
CONFIG_OWE=y
CONFIG_DPP=y
CONFIG_DPP2=y
CONFIG_WEP=y
CONFIG_PASN=y
CONFIG_AIRTIME_POLICY=y
CONFIG_IEEE80211BE=y

1677
.github/workflows/hostap-files/configs/07c9f183ea744ac04585fb6dd10220c75a5e2e74/tests vendored Normal file
View File

File diff suppressed because it is too large Load Diff

164
.github/workflows/hostap-files/configs/07c9f183ea744ac04585fb6dd10220c75a5e2e74/wpa_supplicant.config vendored Normal file
View File

@@ -0,0 +1,164 @@
#CC=ccache gcc
#CONFIG_TLS=openssl
CONFIG_TLS=wolfssl
#CONFIG_TLS=internal
#CONFIG_INTERNAL_LIBTOMMATH=y
#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
CONFIG_IEEE8021X_EAPOL=y
CONFIG_ERP=y
CONFIG_EAP_MD5=y
CONFIG_MSCHAPV2=y
CONFIG_EAP_TLS=y
CONFIG_EAP_PEAP=y
CONFIG_EAP_TTLS=y
CONFIG_EAP_GTC=y
CONFIG_EAP_OTP=y
CONFIG_EAP_PSK=y
CONFIG_EAP_PAX=y
CONFIG_EAP_LEAP=y
CONFIG_EAP_SIM=y
CONFIG_EAP_AKA=y
CONFIG_EAP_AKA_PRIME=y
CONFIG_EAP_VENDOR_TEST=y
CONFIG_EAP_TLV=y
CONFIG_EAP_SAKE=y
CONFIG_EAP_GPSK=y
CONFIG_EAP_GPSK_SHA256=y
CONFIG_EAP_EKE=y
CONFIG_EAP_TNC=y
CFLAGS += -DTNC_CONFIG_FILE=\"tnc/tnc_config\"
LIBS += -rdynamic
CONFIG_EAP_FAST=y
CONFIG_EAP_TEAP=y
CONFIG_EAP_IKEV2=y
ifeq ($(CONFIG_TLS), openssl)
CONFIG_EAP_PWD=y
endif
ifeq ($(CONFIG_TLS), wolfssl)
CONFIG_EAP_PWD=y
endif
CONFIG_USIM_SIMULATOR=y
CONFIG_SIM_SIMULATOR=y
#CONFIG_PCSC=y
CONFIG_IPV6=y
CONFIG_DRIVER_NONE=y
CONFIG_PKCS12=y
CONFIG_CTRL_IFACE=unix
CONFIG_WPA_CLI_EDIT=y
CONFIG_OCSP=y
#CONFIG_ELOOP_POLL=y
CONFIG_CTRL_IFACE_DBUS_NEW=y
CONFIG_CTRL_IFACE_DBUS_INTRO=y
CONFIG_IEEE80211R=y
CONFIG_IEEE80211AC=y
CONFIG_IEEE80211AX=y
CONFIG_OCV=y
CONFIG_DEBUG_FILE=y
CONFIG_WPS=y
#CONFIG_WPS_STRICT=y
CONFIG_WPS_UPNP=y
CONFIG_WPS_NFC=y
CONFIG_WPS_ER=y
#CONFIG_WPS_REG_DISABLE_OPEN=y
CONFIG_DRIVER_WEXT=y
CONFIG_DRIVER_NL80211=y
CFLAGS += -I/usr/include/libnl3
CONFIG_LIBNL32=y
CONFIG_IBSS_RSN=y
CONFIG_AP=y
CONFIG_MESH=y
CONFIG_P2P=y
CONFIG_WIFI_DISPLAY=y
CONFIG_ACS=y
CONFIG_BGSCAN_SIMPLE=y
CONFIG_BGSCAN_LEARN=y
CONFIG_WPA_TRACE=y
CONFIG_WPA_TRACE_BFD=y
CONFIG_TDLS=y
CONFIG_TDLS_TESTING=y
CONFIG_NO_RANDOM_POOL=y
CONFIG_TLSV11=y
CONFIG_TLSV12=y
CONFIG_HT_OVERRIDES=y
CONFIG_VHT_OVERRIDES=y
CONFIG_HE_OVERRIDES=y
CONFIG_DEBUG_LINUX_TRACING=y
CONFIG_INTERWORKING=y
CONFIG_HS20=y
CONFIG_AUTOSCAN_EXPONENTIAL=y
CONFIG_AUTOSCAN_PERIODIC=y
CONFIG_EXT_PASSWORD_TEST=y
CONFIG_EXT_PASSWORD_FILE=y
CONFIG_EAP_UNAUTH_TLS=y
CONFIG_SAE=y
CONFIG_SAE_PK=y
CFLAGS += -DALL_DH_GROUPS
CONFIG_WNM=y
CONFIG_FST=y
CONFIG_FST_TEST=y
CONFIG_TESTING_OPTIONS=y
CONFIG_MODULE_TESTS=y
CONFIG_SUITEB=y
CONFIG_SUITEB192=y
# AddressSanitizer (ASan) can be enabled by uncommenting the following lines.
# This can be used as a more efficient memory error detector than valgrind
# (though, with still some CPU and memory cost, so VM cases will need more
# memory allocated for the guest).
#CFLAGS += -fsanitize=address -O1 -fno-omit-frame-pointer -g
#LIBS += -fsanitize=address -fno-omit-frame-pointer -g
#LIBS_c += -fsanitize=address -fno-omit-frame-pointer -g
#LIBS_p += -fsanitize=address -fno-omit-frame-pointer -g
# Undefined Behavior Sanitizer (UBSan) can be enabled by uncommenting the
# following lines.
#CFLAGS += -Wno-format-nonliteral
#CFLAGS += -fsanitize=undefined
##CFLAGS += -fno-sanitize-recover
#LIBS += -fsanitize=undefined
##LIBS += -fno-sanitize-recover
#LIBS_c += -fsanitize=undefined
#LIBS_p += -fsanitize=undefined
CONFIG_MBO=y
CONFIG_FILS=y
CONFIG_FILS_SK_PFS=y
CONFIG_PMKSA_CACHE_EXTERNAL=y
CONFIG_OWE=y
CONFIG_DPP=y
CONFIG_DPP2=y
CONFIG_WEP=y
CONFIG_PASN=y

51
.github/workflows/hostap-files/configs/b607d2723e927a3446d89aed813f1aa6068186bb/tests vendored
View File

@@ -191,13 +191,7 @@ ap_wpa2_psk_supp_proto_no_gtk_in_group_msg
ap_wpa2_psk_supp_proto_too_long_gtk_in_group_msg
ap_wpa2_psk_supp_proto_too_long_gtk_kde
ap_wpa2_psk_supp_proto_gtk_not_encrypted
ap_wpa2_psk_supp_proto_no_igtk
ap_wpa2_psk_supp_proto_igtk_ok
ap_wpa2_psk_supp_proto_igtk_keyid_swap
ap_wpa2_psk_supp_proto_igtk_keyid_too_large
ap_wpa2_psk_supp_proto_igtk_keyid_unexpected
ap_wpa2_psk_wep
ap_wpa2_psk_ifdown
ap_wpa2_psk_drop_first_msg_4
ap_wpa2_psk_disable_enable
ap_wpa2_psk_incorrect_passphrase
@@ -210,10 +204,7 @@ ap_wpa2_disable_eapol_retry
ap_wpa2_disable_eapol_retry_group
ap_wpa2_psk_mic_0
ap_wpa2_psk_local_error
ap_wpa2_psk_inject_assoc
ap_wpa2_psk_no_control_port
ap_wpa2_psk_ap_control_port
ap_wpa2_psk_ap_control_port_disabled
ap_wpa2_psk_rsne_mismatch_ap
ap_wpa2_psk_rsne_mismatch_ap2
ap_wpa2_psk_rsne_mismatch_ap3
@@ -253,10 +244,8 @@ ap_wpa2_eap_aka_sql
ap_wpa2_eap_aka_config
ap_wpa2_eap_aka_ext
ap_wpa2_eap_aka_ext_auth_fail
ap_wpa2_eap_aka_prime
ap_wpa2_eap_aka_prime_imsi_identity
ap_wpa2_eap_aka_prime_imsi_privacy_key
ap_wpa2_eap_aka_prime_sql
ap_wpa2_eap_aka_prime_ext_auth_fail
ap_wpa2_eap_aka_prime_ext
ap_wpa2_eap_ttls_pap
@@ -416,19 +405,6 @@ ap_wpa2_radius_server_get_id
ap_wpa2_eap_tls_tod
ap_wpa2_eap_tls_tod_tofu
ap_wpa2_eap_sake_no_control_port
ap_wpa2_tdls
ap_wpa2_tdls_concurrent_init
ap_wpa2_tdls_concurrent_init2
ap_wpa2_tdls_decline_resp
ap_wpa2_tdls_long_lifetime
ap_wpa2_tdls_long_frame
ap_wpa2_tdls_reneg
ap_wpa2_tdls_wrong_lifetime_resp
ap_wpa2_tdls_diff_rsnie
ap_wpa2_tdls_wrong_tpk_m2_mic
ap_wpa2_tdls_wrong_tpk_m3_mic
ap_wpa2_tdls_double_tpk_m2
ap_wpa2_tdls_responder_teardown
dpp_network_intro_version
dpp_network_intro_version_change
dpp_network_intro_version_missing_req
@@ -459,12 +435,9 @@ dpp_qr_code_curves
dpp_qr_code_curves_brainpool
dpp_qr_code_unsupported_curve
dpp_qr_code_keygen_fail
dpp_qr_code_curve_select
dpp_qr_code_auth_broadcast
dpp_configurator_enrollee
dpp_configurator_enrollee_prime256v1
dpp_configurator_enrollee_secp384r1
dpp_configurator_enrollee_secp521r1
dpp_configurator_enrollee_brainpoolP256r1
dpp_configurator_enrollee_brainpoolP384r1
dpp_configurator_enrollee_brainpoolP512r1
@@ -477,7 +450,6 @@ dpp_qr_code_curve_brainpoolP384r1
dpp_qr_code_curve_brainpoolP512r1
dpp_qr_code_set_key
dpp_qr_code_auth_mutual
dpp_qr_code_auth_mutual2
dpp_qr_code_auth_mutual_p_256
dpp_qr_code_auth_mutual_p_384
dpp_qr_code_auth_mutual_p_521
@@ -514,13 +486,11 @@ dpp_config_no_signed_connector
dpp_config_unexpected_signed_connector_char
dpp_config_root_not_an_object
dpp_config_no_wi_fi_tech
dpp_config_unsupported_wi_fi_tech
dpp_config_no_discovery
dpp_config_no_discovery_ssid
dpp_config_too_long_discovery_ssid
dpp_config_no_cred
dpp_config_no_cred_akm
dpp_config_unsupported_cred_akm
dpp_config_error_legacy_no_pass
dpp_config_error_legacy_too_long_pass
dpp_config_error_legacy_psk_with_sae
@@ -531,13 +501,10 @@ dpp_config_connector_error_ext_sign
dpp_config_connector_error_too_short_timestamp
dpp_config_connector_error_invalid_timestamp
dpp_config_connector_error_invalid_timestamp_date
dpp_config_connector_error_invalid_time_zone
dpp_config_connector_error_invalid_time_zone_2
dpp_config_connector_error_expired_1
dpp_config_connector_error_expired_2
dpp_config_connector_error_expired_3
dpp_config_connector_error_expired_4
dpp_config_connector_error_expired_5
dpp_config_connector_error_expired_6
dpp_config_connector_error_no_groups
dpp_config_connector_error_empty_groups
@@ -565,13 +532,6 @@ dpp_ap_config_p256_bp256
dpp_ap_config_bp256_p256
dpp_ap_config_p521_bp512
dpp_ap_config_reconfig_configurator
dpp_auto_connect_1
dpp_auto_connect_2
dpp_auto_connect_2_connect_cmd
dpp_auto_connect_2_sta_ver1
dpp_auto_connect_2_ap_ver1
dpp_auto_connect_2_ver1
dpp_auto_connect_2_conf_ver1
dpp_auto_connect_legacy
dpp_auto_connect_legacy_ssid_charset
dpp_auto_connect_legacy_sae_1
@@ -580,13 +540,6 @@ dpp_auto_connect_legacy_psk_sae_1
dpp_auto_connect_legacy_psk_sae_2
dpp_auto_connect_legacy_psk_sae_3
dpp_auto_connect_legacy_pmf_required
dpp_qr_code_auth_responder_configurator
dpp_qr_code_auth_responder_configurator_group_id
dpp_qr_code_auth_enrollee_init_netrole
dpp_qr_code_hostapd_init
dpp_qr_code_hostapd_init_offchannel
dpp_qr_code_hostapd_init_offchannel_neg_freq
dpp_qr_code_hostapd_ignore_mismatch
dpp_test_vector_p_256
dpp_test_vector_p_256_b
dpp_test_vector_p_521
@@ -603,7 +556,6 @@ dpp_pkex_no_identifier
dpp_pkex_identifier_mismatch
dpp_pkex_identifier_mismatch2
dpp_pkex_identifier_mismatch3
dpp_pkex_5ghz
dpp_pkex_test_vector
dpp_pkex_code_mismatch
dpp_pkex_code_mismatch_limit
@@ -625,7 +577,6 @@ dpp_pkex_hostapd_errors
dpp_pkex_nak_curve_change
dpp_pkex_nak_curve_change2
dpp_hostapd_configurator
dpp_hostapd_configurator_enrollee_v1
dpp_hostapd_configurator_responder
dpp_hostapd_configurator_fragmentation
dpp_hostapd_enrollee_fragmentation
@@ -650,7 +601,6 @@ dpp_proto_stop_at_pkex_cr_req
dpp_proto_stop_at_pkex_cr_resp
dpp_proto_network_introduction
dpp_hostapd_auth_conf_timeout
dpp_hostapd_auth_resp_retries
dpp_tcp
dpp_tcp_port
dpp_tcp_mutual
@@ -702,6 +652,5 @@ dpp_qr_code_config_event_initiator_failure
dpp_qr_code_config_event_initiator_no_response
dpp_qr_code_config_event_initiator_both
dpp_tcp_qr_code_config_event_initiator
dpp_qr_code_config_event_responder
dpp_discard_public_action

47
.github/workflows/hostap-files/configs/hostap_2_10/extra.patch vendored Normal file
View File

@@ -0,0 +1,47 @@
From a53a6a67dc121b45d611318e2a37815cc209839c Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Fri, 19 Apr 2024 16:41:38 +0200
Subject: [PATCH] Fixes for running tests under UML
- Apply commit ID fix from more recent commit
- priv_sz and pub_sz are checked and fail on UML. Probably because stack is zeroed out.
---
src/crypto/crypto_wolfssl.c | 2 +-
tests/hwsim/run-all.sh | 8 +++++++-
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/crypto/crypto_wolfssl.c b/src/crypto/crypto_wolfssl.c
index 00ecf61352..a57fa50697 100644
--- a/src/crypto/crypto_wolfssl.c
+++ b/src/crypto/crypto_wolfssl.c
@@ -785,7 +785,7 @@ int crypto_dh_init(u8 generator, const u8 *prime, size_t prime_len, u8 *privkey,
int ret = -1;
WC_RNG rng;
DhKey *dh = NULL;
- word32 priv_sz, pub_sz;
+ word32 priv_sz = prime_len, pub_sz = prime_len;
if (TEST_FAIL())
return -1;
diff --git a/tests/hwsim/run-all.sh b/tests/hwsim/run-all.sh
index ee48cd0581..75c3a58b52 100755
--- a/tests/hwsim/run-all.sh
+++ b/tests/hwsim/run-all.sh
@@ -15,7 +15,13 @@ export LOGDIR
if [ -z "$DBFILE" ]; then
DB=""
else
- DB="-S $DBFILE --commit $(git rev-parse HEAD)"
+ DB="-S $DBFILE"
+ if [ -z "$COMMITID" ]; then
+ COMMITID="$(git rev-parse HEAD)"
+ fi
+ if [ -n "$COMMITID" ]; then
+ DB="$DB --commit $COMMITID"
+ fi
if [ -n "$BUILD" ]; then
DB="$DB -b $BUILD"
fi
--
2.34.1

14
.github/workflows/hostap-files/configs/hostap_2_10/tests vendored
View File

@@ -163,7 +163,6 @@ ap_wpa2_disable_eapol_retry_group
ap_wpa2_psk_mic_0
ap_wpa2_psk_local_error
ap_wpa2_psk_inject_assoc
ap_wpa2_psk_no_control_port
ap_wpa2_psk_ap_control_port
ap_wpa2_psk_ap_control_port_disabled
ap_wpa2_psk_rsne_mismatch_ap
@@ -269,16 +268,3 @@ ap_wpa2_eap_psk_mac_addr_change
ap_wpa2_eap_server_get_id
ap_wpa2_radius_server_get_id
ap_wpa2_eap_sake_no_control_port
ap_wpa2_tdls
ap_wpa2_tdls_concurrent_init
ap_wpa2_tdls_concurrent_init2
ap_wpa2_tdls_decline_resp
ap_wpa2_tdls_long_lifetime
ap_wpa2_tdls_long_frame
ap_wpa2_tdls_reneg
ap_wpa2_tdls_wrong_lifetime_resp
ap_wpa2_tdls_diff_rsnie
ap_wpa2_tdls_wrong_tpk_m2_mic
ap_wpa2_tdls_wrong_tpk_m3_mic
ap_wpa2_tdls_double_tpk_m2
ap_wpa2_tdls_responder_teardown

313
.github/workflows/hostap-vm.yml vendored Normal file
View File

@@ -0,0 +1,313 @@
name: hostap and wpa-supplicant Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
env:
LINUX_REF: v6.6
jobs:
build_wolfssl:
strategy:
matrix:
include:
- build_id: hostap-vm-build1
wolf_extra_config: --disable-tls13
- build_id: hostap-vm-build2
wolf_extra_config: >-
--enable-wpas-dpp --enable-brainpool --with-eccminsz=192
--enable-tlsv10 --enable-oldtls
name: Build wolfSSL
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 10
steps:
# No way to view the full strategy in the browser (really weird)
- name: Print strategy
run: |
cat <<EOF
${{ toJSON(matrix) }}
EOF
- if: ${{ runner.debug }}
name: Enable wolfSSL debug logging
run: |
echo "wolf_debug_flags=--enable-debug" >> $GITHUB_ENV
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: >-
--enable-wpas CPPFLAGS=-DWOLFSSL_STATIC_RSA
${{ env.wolf_debug_flags }} ${{ matrix.wolf_extra_config }}
install: true
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.build_id }}
path: build-dir
retention-days: 5
build_uml_linux:
name: Build UML (UserMode Linux)
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 10
steps:
- name: Checking if we have kernel in cache
uses: actions/cache@v4
id: cache
with:
path: linux/linux
key: ${{ env.LINUX_REF }}
lookup-only: true
- name: Checkout hostap
if: steps.cache.outputs.cache-hit != 'true'
uses: actions/checkout@v4
with:
repository: julek-wolfssl/hostap-mirror
path: hostap
- name: Checkout linux
if: steps.cache.outputs.cache-hit != 'true'
uses: actions/checkout@v4
with:
repository: torvalds/linux
path: linux
- name: Compile linux
if: steps.cache.outputs.cache-hit != 'true'
run: |
cp hostap/tests/hwsim/vm/kernel-config.uml linux/.config
cd linux
yes "" | ARCH=um make -j $(nproc)
hostap_test:
strategy:
fail-fast: false
matrix:
# should hostapd be compiled with wolfssl
hostapd: [true, false]
# should wpa_supplicant be compiled with wolfssl
wpa_supplicant: [true, false]
# Fix the versions of hostap and osp to not break testing when a new
# patch is added in to osp. Tests are read from the corresponding
# configs/hostap_ref/tests file.
config: [
{
hostap_ref: hostap_2_10,
remove_teap: true,
# TLS 1.3 does not work for this version
build_id: hostap-vm-build1,
},
# Test the dpp patch
{
hostap_ref: b607d2723e927a3446d89aed813f1aa6068186bb,
osp_ref: ad5b52a49b3cc2a5bfb47ccc1d6a5137132e9446,
build_id: hostap-vm-build2
},
{
hostap_ref: 07c9f183ea744ac04585fb6dd10220c75a5e2e74,
osp_ref: e1876fbbf298ee442bc7ab8561331ebc7de17528,
build_id: hostap-vm-build2
},
]
exclude:
# don't test openssl on both sides
- hostapd: false
wpa_supplicant: false
# no hostapd support for dpp yet
- hostapd: true
config: {
hostap_ref: b607d2723e927a3446d89aed813f1aa6068186bb,
osp_ref: ad5b52a49b3cc2a5bfb47ccc1d6a5137132e9446,
build_id: hostap-vm-build2
}
name: hwsim test
# For openssl 1.1
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 45
needs: [build_wolfssl, build_uml_linux]
steps:
- name: Checking if we have kernel in cache
uses: actions/cache/restore@v4
id: cache
with:
path: linux/linux
key: ${{ env.LINUX_REF }}
fail-on-cache-miss: true
- name: show file structure
run: tree
# No way to view the full strategy in the browser (really weird)
- name: Print strategy
run: |
cat <<EOF
${{ toJSON(matrix) }}
EOF
- name: Print computed job run ID
run: |
SHA_SUM=$(sha256sum << 'END_OF_HEREDOC' | cut -d " " -f 1
${{ toJSON(github) }}
END_OF_HEREDOC
)
echo "our_job_run_id=$SHA_SUM" >> $GITHUB_ENV
echo Our job run ID is $SHA_SUM
- name: Checkout wolfSSL
uses: actions/checkout@v4
with:
path: wolfssl
- name: Download lib
uses: actions/download-artifact@v4
with:
name: ${{ matrix.config.build_id }}
path: build-dir
- name: Install dependencies
run: |
# Don't prompt for anything
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
# hostap dependencies
sudo apt-get install -y libpcap0.8 libpcap-dev curl libcurl4-openssl-dev \
libnl-3-dev binutils-dev libssl-dev libiberty-dev libnl-genl-3-dev \
libnl-route-3-dev libdbus-1-dev bridge-utils tshark
sudo pip3 install pycryptodome
- name: Checkout hostap
uses: actions/checkout@v4
with:
repository: julek-wolfssl/hostap-mirror
path: hostap
ref: ${{ matrix.config.hostap_ref }}
- name: Update certs
working-directory: hostap/tests/hwsim/auth_serv
run: ./update.sh
- if: ${{ matrix.config.osp_ref }}
name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
ref: ${{ matrix.config.osp_ref }}
- if: ${{ matrix.config.osp_ref }}
name: Apply patch files
working-directory: hostap
run: |
for f in $GITHUB_WORKSPACE/osp/hostap-patches/pending/*
do
patch -p1 < $f
done
- name: Apply extra patches
working-directory: hostap
run: |
FILE=$GITHUB_WORKSPACE/wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/extra.patch
if [ -f "$FILE" ]; then
patch -p1 < $FILE
fi
- if: ${{ matrix.hostapd }}
name: Setup hostapd config file
run: |
cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/hostapd.config \
hostap/hostapd/.config
cat <<EOF >> hostap/hostapd/.config
CFLAGS += -I$GITHUB_WORKSPACE/build-dir/include -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
LIBS += -L$GITHUB_WORKSPACE/build-dir/lib -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
EOF
- if: ${{ matrix.wpa_supplicant }}
name: Setup wpa_supplicant config file
run: |
cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/wpa_supplicant.config \
hostap/wpa_supplicant/.config
cat <<EOF >> hostap/wpa_supplicant/.config
CFLAGS += -I$GITHUB_WORKSPACE/build-dir/include -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
LIBS += -L$GITHUB_WORKSPACE/build-dir/lib -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
EOF
- name: Build hostap and wpa_supplicant
working-directory: hostap/tests/hwsim/
run: ./build.sh
- if: ${{ matrix.hostapd }}
name: Confirm hostapd linking with wolfSSL
run: ldd hostap/hostapd/hostapd | grep wolfssl
- if: ${{ matrix.wpa_supplicant }}
name: Confirm wpa_supplicant linking with wolfSSL
run: ldd hostap/wpa_supplicant/wpa_supplicant | grep wolfssl
- if: ${{ matrix.config.remove_teap }}
name: Remove EAP-TEAP from test configuration
working-directory: hostap/tests/hwsim/auth_serv
run: |
sed -e 's/"erp-teap@example.com"\tTEAP//' -i eap_user.conf
sed -e 's/"erp-teap@example.com"\tMSCHAPV2\t"password"\t\[2\]//' -i eap_user.conf
sed -e 's/"TEAP"\t\tTEAP//' -i eap_user.conf
sed -e 's/TEAP,//' -i eap_user.conf
- if: ${{ runner.debug }}
name: Enable hostap debug logging
run: |
echo "hostap_debug_flags=--debug" >> $GITHUB_ENV
- name: Run tests
id: testing
working-directory: hostap/tests/hwsim/
run: |
cat <<EOF >> vm/vm-config
KERNELDIR=$GITHUB_WORKSPACE/linux
KVMARGS="-cpu host"
EOF
# Run tests in increments of 200 to not stall out the parallel-vm script
while mapfile -t -n 200 ary && ((${#ary[@]})); do
TESTS=$(printf '%s\n' "${ary[@]}" | tr '\n' ' ')
HWSIM_RES=0 # Not set when command succeeds
./vm/parallel-vm.py ${{ env.hostap_debug_flags }} --nocurses $(nproc) $TESTS || HWSIM_RES=$?
if [ "$HWSIM_RES" -ne "0" ]; then
# Let's re-run the failing tests. We gather the failed tests from the log file.
FAILED_TESTS=$(grep 'failed tests' /tmp/hwsim-test-logs/*-parallel.log | sed 's/failed tests: //' | tr ' ' '\n' | sort | uniq | tr '\n' ' ')
printf 'failed tests: %s\n' "$FAILED_TESTS"
./vm/parallel-vm.py ${{ env.hostap_debug_flags }} --nocurses $(nproc) $FAILED_TESTS
fi
rm -r /tmp/hwsim-test-logs
done < $GITHUB_WORKSPACE/wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/tests
# The logs are quite big. It hasn't been useful so far so let's not waste
# precious gh space.
#- name: zip logs
# if: ${{ failure() && steps.testing.outcome == 'failure' }}
# working-directory: hostap/tests/hwsim/
# run: |
# rm /tmp/hwsim-test-logs/latest
# zip -9 -r logs.zip /tmp/hwsim-test-logs
#
#- name: Upload failure logs
# if: ${{ failure() && steps.testing.outcome == 'failure' }}
# uses: actions/upload-artifact@v4
# with:
# name: hostap-logs-${{ env.our_job_run_id }}
# path: hostap/tests/hwsim/logs.zip
# retention-days: 5