From: Michael Braun <michael-dev@xxxxxxxxxxxxx> time.sleep in run_roams is required because the target AP sets the key once the station was associated. There are races, when the station processes the (re)association reply AND the test suite starts FT_DS before the AP processes its local confirmation and thus wpa_auth_sm_event(ASSOC_FT). Therefore, the ActionFrame will be lost, as the AP driver is missing the key. Since this is this speed is highly synthetic, wait a few milli seconds before roaming back. Signed-off-by: Michael Braun <michael-dev@xxxxxxxxxxxxx> --- tests/hwsim/auth_serv/eap_user.conf | 5 +++ tests/hwsim/test_ap_ft.py | 83 +++++++++++++++++++++++++++++++++---- 2 files changed, 79 insertions(+), 9 deletions(-) diff --git a/tests/hwsim/auth_serv/eap_user.conf b/tests/hwsim/auth_serv/eap_user.conf index 53bb7e0..4aaee14 100644 --- a/tests/hwsim/auth_serv/eap_user.conf +++ b/tests/hwsim/auth_serv/eap_user.conf @@ -60,6 +60,11 @@ radius_accept_attr=25:x:00112233445566778899 radius_accept_attr=89:s:gpsk-chargeable-user-identity radius_accept_attr=25:x:00112233445566778899aa +"gpsk-vlan1" GPSK "abcdefghijklmnop0123456789abcdef" +radius_accept_attr=64:d:13 +radius_accept_attr=65:d:6 +radius_accept_attr=81:s:1 + "gpsk-user-session-timeout" GPSK "abcdefghijklmnop0123456789abcdef" radius_accept_attr=27:d:3 diff --git a/tests/hwsim/test_ap_ft.py b/tests/hwsim/test_ap_ft.py index 28b35ab..6fb6287 100644 --- a/tests/hwsim/test_ap_ft.py +++ b/tests/hwsim/test_ap_ft.py @@ -93,11 +93,12 @@ def ft_params2_r0kh_mismatch(rsn=True, ssid=None, passphrase=None): def run_roams(dev, apdev, hapd0, hapd1, ssid, passphrase, over_ds=False, sae=False, eap=False, fail_test=False, roams=1, - pairwise_cipher="CCMP", group_cipher="TKIP CCMP", ptk_rekey="0"): + pairwise_cipher="CCMP", group_cipher="TKIP CCMP", ptk_rekey="0", + eap_identity="gpsk user", conndev=False): logger.info("Connect to first AP") if eap: dev.connect(ssid, key_mgmt="FT-EAP", proto="WPA2", ieee80211w="1", - eap="GPSK", identity="gpsk user", + eap="GPSK", identity=eap_identity, password="abcdefghijklmnop0123456789abcdef", scan_freq="2412", pairwise=pairwise_cipher, group=group_cipher, @@ -121,11 +122,16 @@ def run_roams(dev, apdev, hapd0, hapd1, ssid, passphrase, over_ds=False, ap2 = apdev[0] hapd1ap = hapd1 hapd2ap = hapd0 - hwsim_utils.test_connectivity(dev, hapd1ap) + if conndev: + hwsim_utils.test_connectivity_iface(dev, hapd1ap, conndev) + else: + hwsim_utils.test_connectivity(dev, hapd1ap) dev.scan_for_bss(ap2['bssid'], freq="2412") for i in range(0, roams): + # roaming artificially fast makes data test fail because key is setup later + time.sleep(0.01) logger.info("Roam to the second AP") if over_ds: dev.roam_over_ds(ap2['bssid'], fail_test=fail_test) @@ -136,8 +142,13 @@ def run_roams(dev, apdev, hapd0, hapd1, ssid, passphrase, over_ds=False, if dev.get_status_field('bssid') != ap2['bssid']: raise Exception("Did not connect to correct AP") if i == 0 or i == roams - 1: - hwsim_utils.test_connectivity(dev, hapd2ap) + if conndev: + hwsim_utils.test_connectivity_iface(dev, hapd2ap, conndev) + else: + hwsim_utils.test_connectivity(dev, hapd2ap) + # roaming artificially fast makes data test fail because key is setup later + time.sleep(0.01) logger.info("Roam back to the first AP") if over_ds: dev.roam_over_ds(ap1['bssid']) @@ -146,7 +157,10 @@ def run_roams(dev, apdev, hapd0, hapd1, ssid, passphrase, over_ds=False, if dev.get_status_field('bssid') != ap1['bssid']: raise Exception("Did not connect to correct AP") if i == 0 or i == roams - 1: - hwsim_utils.test_connectivity(dev, hapd1ap) + if conndev: + hwsim_utils.test_connectivity_iface(dev, hapd1ap, conndev) + else: + hwsim_utils.test_connectivity(dev, hapd1ap) def test_ap_ft(dev, apdev): """WPA2-PSK-FT AP""" @@ -409,15 +423,23 @@ def test_ap_ft_sae_over_ds(dev, apdev): run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, sae=True, over_ds=True) -def test_ap_ft_eap(dev, apdev): +def generic_ap_ft_eap(dev, apdev, vlan, over_ds=False): """WPA2-EAP-FT AP""" ssid = "test-ft" passphrase="12345678" + if vlan: + identity="gpsk-vlan1" + conndev="brvlan1" + else: + identity="gpsk user" + conndev=False radius = hostapd.radius_params() params = ft_params1(ssid=ssid, passphrase=passphrase) params['wpa_key_mgmt'] = "FT-EAP" params["ieee8021x"] = "1" + if vlan: + params["dynamic_vlan"] = "1" params = dict(radius.items() + params.items()) hapd = hostapd.add_ap(apdev[0]['ifname'], params) key_mgmt = hapd.get_config()['key_mgmt'] @@ -426,10 +448,12 @@ def test_ap_ft_eap(dev, apdev): params = ft_params2(ssid=ssid, passphrase=passphrase) params['wpa_key_mgmt'] = "FT-EAP" params["ieee8021x"] = "1" + if vlan: + params["dynamic_vlan"] = "1" params = dict(radius.items() + params.items()) hapd1 = hostapd.add_ap(apdev[1]['ifname'], params) - run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True) + run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True, eap_identity=identity, conndev=conndev, over_ds=over_ds) if "[WPA2-FT/EAP-CCMP]" not in dev[0].request("SCAN_RESULTS"): raise Exception("Scan results missing RSN element info") check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-3"), @@ -450,16 +474,48 @@ def test_ap_ft_eap(dev, apdev): time.sleep(0.1) hwsim_utils.test_connectivity(dev[0], ap) -def test_ap_ft_eap_pull(dev, apdev): +def test_ap_ft_eap(dev, apdev): + """WPA2-EAP-FT AP""" + generic_ap_ft_eap(dev, apdev, vlan=False) + +def test_ap_ft_eap_vlan(dev, apdev): + """WPA2-EAP-FT AP w VLAN""" + generic_ap_ft_eap(dev, apdev, vlan=True) + +def test_ap_ft_eap_vlan_multi(dev, apdev): + """WPA2-EAP-FT AP w VLAN""" + generic_ap_ft_eap(dev, apdev, vlan=True, roams=50) + +def test_ap_ft_eap_over_ds(dev, apdev): + """WPA2-EAP-FT AP w over_ds""" + generic_ap_ft_eap(dev, apdev, vlan=False, over_ds=True) + +def test_ap_ft_eap_vlan_over_ds(dev, apdev): + """WPA2-EAP-FT AP w VLAN + over_ds""" + generic_ap_ft_eap(dev, apdev, vlan=True, over_ds=True) + +def test_ap_ft_eap_vlan_over_ds_multi(dev, apdev): + """WPA2-EAP-FT AP w VLAN + over_ds""" + generic_ap_ft_eap(dev, apdev, vlan=True, over_ds=True, roams=50) + +def generic_ap_ft_eap_pull(dev, apdev, vlan): """WPA2-EAP-FT AP (pull PMK)""" ssid = "test-ft" passphrase="12345678" + if vlan: + identity="gpsk-vlan1" + conndev="brvlan1" + else: + identity="gpsk user" + conndev=False radius = hostapd.radius_params() params = ft_params1(ssid=ssid, passphrase=passphrase) params['wpa_key_mgmt'] = "FT-EAP" params["ieee8021x"] = "1" params["pmk_r1_push"] = "0" + if vlan: + params["dynamic_vlan"] = "1" params = dict(radius.items() + params.items()) hapd = hostapd.add_ap(apdev[0]['ifname'], params) key_mgmt = hapd.get_config()['key_mgmt'] @@ -469,10 +525,19 @@ def test_ap_ft_eap_pull(dev, apdev): params['wpa_key_mgmt'] = "FT-EAP" params["ieee8021x"] = "1" params["pmk_r1_push"] = "0" + if vlan: + params["dynamic_vlan"] = "1" params = dict(radius.items() + params.items()) hapd1 = hostapd.add_ap(apdev[1]['ifname'], params) - run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True) + run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True, eap_identity=identity, conndev=conndev) + +def test_ap_ft_eap_pull(dev, apdev): + """WPA2-EAP-FT AP (pull PMK)""" + generic_ap_ft_eap_pull(dev, apdev, vlan=False) + +def test_ap_ft_eap_pull_vlan(dev, apdev): + generic_ap_ft_eap_pull(dev, apdev, vlan=True) def test_ap_ft_mismatching_rrb_key_push(dev, apdev): """WPA2-PSK-FT AP over DS with mismatching RRB key (push)""" -- 1.9.1 _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap