| blob | 0ec75b4606764bbac0fea9294929bd6dff89ca42 |
1 { pkgs, runTest }:
3 let
5 inherit (pkgs) lib;
7 meta = with lib.maintainers; {
8 maintainers = [ oddlama rnhmjoj ];
9 };
11 naughtyPassphrase = ''!,./;'[]\-=<>?:"{}|_+@$%^&*()`~ # ceci n'est pas un commentaire'';
13 runConnectionTest = name: extraConfig: runTest {
14 name = "wpa_supplicant-${name}";
15 inherit meta;
17 nodes.machine = {
18 # add a virtual wlan interface
19 boot.kernelModules = [ "mac80211_hwsim" ];
21 # wireless access point
22 services.hostapd = {
23 enable = true;
24 radios.wlan0 = {
25 band = "2g";
26 channel = 6;
27 countryCode = "US";
28 networks = {
29 wlan0 = {
30 ssid = "nixos-test-sae";
31 authentication = {
32 mode = "wpa3-sae";
33 saePasswords = [ { password = naughtyPassphrase; } ];
34 };
35 bssid = "02:00:00:00:00:00";
36 };
37 wlan0-1 = {
38 ssid = "nixos-test-mixed";
39 authentication = {
40 mode = "wpa3-sae-transition";
41 saeAddToMacAllow = true;
42 saePasswordsFile = pkgs.writeText "password" naughtyPassphrase;
43 wpaPasswordFile = pkgs.writeText "password" naughtyPassphrase;
44 };
45 bssid = "02:00:00:00:00:01";
46 };
47 wlan0-2 = {
48 ssid = "nixos-test-wpa2";
49 authentication = {
50 mode = "wpa2-sha256";
51 wpaPassword = naughtyPassphrase;
52 };
53 bssid = "02:00:00:00:00:02";
54 };
55 };
56 };
57 };
59 # wireless client
60 networking.wireless = lib.mkMerge [
61 {
62 # the override is needed because the wifi is
63 # disabled with mkVMOverride in qemu-vm.nix.
64 enable = lib.mkOverride 0 true;
65 userControlled.enable = true;
66 interfaces = [ "wlan1" ];
67 fallbackToWPA2 = lib.mkDefault true;
69 # secrets
70 secretsFile = pkgs.writeText "wpa-secrets" ''
71 psk_nixos_test=${naughtyPassphrase}
72 '';
73 }
74 extraConfig
75 ];
76 };
78 testScript = ''
79 # save hostapd config file for manual inspection
80 machine.wait_for_unit("hostapd.service")
81 machine.copy_from_vm("/run/hostapd/wlan0.hostapd.conf")
83 with subtest("Daemon can connect to the access point"):
84 machine.wait_for_unit("wpa_supplicant-wlan1.service")
85 machine.wait_until_succeeds(
86 "wpa_cli -i wlan1 status | grep -q wpa_state=COMPLETED"
87 )
88 '';
89 };
91 in
93 {
94 # Test the basic setup:
95 # - automatic interface discovery
96 # - WPA2 fallbacks
97 # - connecting to the daemon
98 basic = runTest {
99 name = "wpa_supplicant-basic";
100 inherit meta;
102 nodes.machine = {
103 # add a virtual wlan interface
104 boot.kernelModules = [ "mac80211_hwsim" ];
106 # wireless client
107 networking.wireless = {
108 # the override is needed because the wifi is
109 # disabled with mkVMOverride in qemu-vm.nix.
110 enable = lib.mkOverride 0 true;
111 userControlled.enable = true;
112 fallbackToWPA2 = true;
114 networks = {
115 # test WPA2 fallback
116 mixed-wpa = {
117 psk = "password";
118 authProtocols = [ "WPA-PSK" "SAE" ];
119 };
120 sae-only = {
121 psk = "password";
122 authProtocols = [ "SAE" ];
123 };
124 };
125 };
126 };
128 testScript = ''
129 with subtest("Daemon is running and accepting connections"):
130 machine.wait_for_unit("wpa_supplicant.service")
131 status = machine.wait_until_succeeds("wpa_cli status")
132 assert "Failed to connect" not in status, \
133 "Failed to connect to the daemon"
135 # get the configuration file
136 cmdline = machine.succeed("cat /proc/$(pgrep wpa)/cmdline").split('\x00')
137 config_file = cmdline[cmdline.index("-c") + 1]
139 with subtest("WPA2 fallbacks have been generated"):
140 assert int(machine.succeed(f"grep -c sae-only {config_file}")) == 1
141 assert int(machine.succeed(f"grep -c mixed-wpa {config_file}")) == 2
143 # save file for manual inspection
144 machine.copy_from_vm(config_file)
145 '';
146 };
148 # Test configuring the daemon imperatively
149 imperative = runTest {
150 name = "wpa_supplicant-imperative";
151 inherit meta;
153 nodes.machine = {
154 # add a virtual wlan interface
155 boot.kernelModules = [ "mac80211_hwsim" ];
157 # wireless client
158 networking.wireless = {
159 enable = lib.mkOverride 0 true;
160 userControlled.enable = true;
161 allowAuxiliaryImperativeNetworks = true;
162 interfaces = [ "wlan1" ];
163 };
164 };
166 testScript = ''
167 with subtest("Daemon is running and accepting connections"):
168 machine.wait_for_unit("wpa_supplicant-wlan1.service")
169 status = machine.wait_until_succeeds("wpa_cli -i wlan1 status")
170 assert "Failed to connect" not in status, \
171 "Failed to connect to the daemon"
173 with subtest("Daemon can be configured imperatively"):
174 machine.succeed("wpa_cli -i wlan1 add_network")
175 machine.succeed("wpa_cli -i wlan1 set_network 0 ssid '\"nixos-test\"'")
176 machine.succeed("wpa_cli -i wlan1 set_network 0 psk '\"reproducibility\"'")
177 machine.succeed("wpa_cli -i wlan1 save_config")
178 machine.succeed("grep -q nixos-test /etc/wpa_supplicant.conf")
179 '';
180 };
182 # Test connecting to a SAE-only hotspot using SAE
183 saeOnly = runConnectionTest "sae-only" {
184 fallbackToWPA2 = false;
185 networks.nixos-test-sae = {
186 pskRaw = "ext:psk_nixos_test";
187 authProtocols = [ "SAE" ];
188 };
189 };
191 # Test connecting to a mixed SAE/WPA2 hotspot using SAE
192 mixedUsingSae = runConnectionTest "mixed-using-sae" {
193 fallbackToWPA2 = false;
194 networks.nixos-test-mixed = {
195 pskRaw = "ext:psk_nixos_test";
196 authProtocols = [ "SAE" ];
197 };
198 };
200 # Test connecting to a mixed SAE/WPA2 hotspot using WPA2
201 mixedUsingWpa2 = runConnectionTest "mixed-using-wpa2" {
202 fallbackToWPA2 = true;
203 networks.nixos-test-mixed = {
204 pskRaw = "ext:psk_nixos_test";
205 authProtocols = [ "WPA-PSK-SHA256" ];
206 };
207 };
209 # Test connecting to a legacy WPA2-only hotspot using WPA2
210 legacy = runConnectionTest "legacy" {
211 fallbackToWPA2 = true;
212 networks.nixos-test-wpa2 = {
213 pskRaw = "ext:psk_nixos_test";
214 authProtocols = [ "WPA-PSK-SHA256" ];
215 };
216 };
217 }