1hostap.git test tools
2---------------------
3
4The tests directory with its subdirectories contain number of tools used
5for testing wpa_supplicant and hostapd implementations.
6
7hwsim directory contains the test setup for full system testing of
8wpa_supplicant and hostapd with a simulated radio (mac80211_hwsim). See
9hwsim/READM and hwsim/vm/README for more details.
10
11
12Build testing
13-------------
14
15wpa_supplicant and hostapd support number of build option
16combinations. The test scripts in the build subdirectory can be used to
17verify that various combinations do not break the builds. More
18configuration examples can be added there
19(build-{hostapd,wpa_supplicant}-*.config) to get them included in test
20builds.
21
22# Example
23cd build
24./run-build-tests.h
25
26
27Fuzz testing
28------------
29
30Newer fuzz testing tools are under the fuzzing directory. See
31fuzzing/README for more details on them. The following text describes
32the older fuzz testing tools that are subject to removal once the same
33newer tools have the same coverage available.
34
35Number of the test tools here can be used for fuzz testing with tools
36like American fuzzy lop (afl-fuzz) that are designed to modify an
37external file for program input. ap-mgmt-fuzzer, eapol-fuzzer,
38test-eapol, test-json, test-tls, and test-x509 are examples of such
39tools that expose hostap.git module functionality with input from a file
40specified on the command line.
41
42Here are some examples of how fuzzing can be performed:
43
44##### JSON parser
45make clean
46CC=afl-gcc make test-json
47mkdir json-examples
48cat > json-examples/1.json <<EOF
49{"a":[[]],"b":1,"c":"q","d":{"e":[{}]}}
50EOF
51afl-fuzz -i json-examples -o json-findings -- $PWD/test-json @@
52
53Alternatively, using libFuzzer from LLVM:
54make clean
55make test-json LIBFUZZER=y
56mkdir json-examples
57cat > json-examples/1.json <<EOF
58{"a":[[]],"b":1,"c":"q","d":{"e":[{}]}}
59EOF
60./test-json json-examples
61
62##### EAPOL-Key Supplicant
63make clean
64CC=afl-gcc make test-eapol TEST_FUZZ=y
65mkdir eapol-auth-examples
66./test-eapol auth write eapol-auth-examples/auth.msg
67afl-fuzz -i eapol-auth-examples -o eapol-auth-findings -- $PWD/test-eapol auth read @@
68
69##### EAPOL-Key Authenticator
70make clean
71CC=afl-gcc make test-eapol TEST_FUZZ=y
72mkdir eapol-supp-examples
73./test-eapol supp write eapol-supp-examples/supp.msg
74afl-fuzz -i eapol-supp-examples -o eapol-supp-findings -- $PWD/test-eapol supp read @@
75
76##### TLS client
77make clean
78CC=afl-gcc make test-tls TEST_FUZZ=y
79mkdir tls-server-examples
80./test-tls server write tls-server-examples/server.msg
81afl-fuzz -i tls-server-examples -o tls-server-findings -- $PWD/test-tls server read @@
82
83##### TLS server
84make clean
85CC=afl-gcc make test-tls TEST_FUZZ=y
86mkdir tls-client-examples
87./test-tls client write tls-client-examples/client.msg
88afl-fuzz -i tls-client-examples -o tls-client-findings -- $PWD/test-tls client read @@
89
90##### AP management frame processing
91cd ap-mgmt-fuzzer
92make clean
93CC=afl-gcc make
94mkdir multi-examples
95cp multi.dat multi-examples
96afl-fuzz -i multi-examples -o multi-findings -- $PWD/ap-mgmt-fuzzer -m @@
97
98##### EAPOL-Key Supplicant (separate)
99cd eapol-fuzzer
100make clean
101CC=afl-gcc make
102mkdir eapol-examples
103cp *.dat eapol-examples
104afl-fuzz -i eapol-examples -o eapol-findings -- $PWD/eapol-fuzzer @@
105
106##### P2P
107cd p2p-fuzzer
108make clean
109CC=afl-gcc make
110mkdir p2p-proberesp-examples
111cp proberesp*.dat p2p-proberesp-examples
112afl-fuzz -i p2p-proberesp-examples -o p2p-proberesp-findings -- $PWD/p2p-fuzzer proberesp @@
113mkdir p2p-action-examples
114cp go*.dat inv*.dat p2ps*.dat p2p-action-examples
115afl-fuzz -i p2p-action-examples -o p2p-action-findings -- $PWD/p2p-fuzzer action @@
116
117##### WNM
118cd wnm-fuzzer
119make clean
120CC=afl-gcc make
121mkdir wnm-examples
122cp *.dat wnm-examples
123afl-fuzz -i wnm-examples -o wnm-findings -- $PWD/wnm-fuzzer @@
124