From: Michael Braun <michael-dev@xxxxxxxxxxxxx> Additonally, key mismatch is tested separately for EAP now. Signed-off-by: Michael Braun <michael-dev@xxxxxxxxxxxxx> --- tests/hwsim/test_ap_ft.py | 184 +++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 182 insertions(+), 2 deletions(-) diff --git a/tests/hwsim/test_ap_ft.py b/tests/hwsim/test_ap_ft.py index 7ed94ae..7d0f515 100644 --- a/tests/hwsim/test_ap_ft.py +++ b/tests/hwsim/test_ap_ft.py @@ -52,19 +52,27 @@ def ft_params(rsn=True, ssid=None, passphrase=None): params["reassociation_deadline"] = "1000" return params -def ft_params1(rsn=True, ssid=None, passphrase=None): +def ft_params1a(rsn=True, ssid=None, passphrase=None): params = ft_params(rsn, ssid, passphrase) params['nas_identifier'] = "nas1.w1.fi" params['r1_key_holder'] = "000102030405" + return params + +def ft_params1(rsn=True, ssid=None, passphrase=None): + params = ft_params1a(rsn, ssid, passphrase) params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f", "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f" ] params['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f" return params -def ft_params2(rsn=True, ssid=None, passphrase=None): +def ft_params2a(rsn=True, ssid=None, passphrase=None): params = ft_params(rsn, ssid, passphrase) params['nas_identifier'] = "nas2.w1.fi" params['r1_key_holder'] = "000102030406" + return params + +def ft_params2(rsn=True, ssid=None, passphrase=None): + params = ft_params2a(rsn, ssid, passphrase) params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f", "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f" ] params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f" @@ -182,6 +190,22 @@ def test_ap_ft(dev, apdev): if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"): raise Exception("Scan results missing RSN element info") +def test_ap_ft_disconnected(dev, apdev): + """WPA2-PSK-FT AP w/o PULL/PUSH""" + ssid = "test-ft" + passphrase="12345678" + + params = ft_params1a(ssid=ssid, passphrase=passphrase) + params['ft_psk_generate_local'] = "1"; + hapd0 = hostapd.add_ap(apdev[0]['ifname'], params) + params = ft_params2a(ssid=ssid, passphrase=passphrase) + params['ft_psk_generate_local'] = "1"; + hapd1 = hostapd.add_ap(apdev[1]['ifname'], params) + + run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase) + if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"): + raise Exception("Scan results missing RSN element info") + def test_ap_ft_vlan(dev, apdev): """WPA2-PSK-FT AP w VLAN""" ssid = "test-ft" @@ -201,6 +225,27 @@ def test_ap_ft_vlan(dev, apdev): if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"): raise Exception("Scan results missing RSN element info") +def test_ap_ft_vlan_disconnected(dev, apdev): + """WPA2-PSK-FT AP w VLAN""" + ssid = "test-ft" + passphrase="12345678" + + params = ft_params1a(ssid=ssid, passphrase=passphrase) + params['dynamic_vlan'] = "1"; + params['accept_mac_file'] = "hostapd.accept"; + params['ft_psk_generate_local'] = "1"; + hapd0 = hostapd.add_ap(apdev[0]['ifname'], params) + + params = ft_params2a(ssid=ssid, passphrase=passphrase) + params['dynamic_vlan'] = "1"; + params['accept_mac_file'] = "hostapd.accept"; + params['ft_psk_generate_local'] = "1"; + hapd1 = hostapd.add_ap(apdev[1]['ifname'], params) + + run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, conndev="brvlan1") + if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"): + raise Exception("Scan results missing RSN element info") + def test_ap_ft_vlan_2(dev, apdev): """WPA2-PSK-FT AP w VLAN and dest-AP does not have VLAN info locally""" ssid = "test-ft" @@ -480,6 +525,25 @@ def test_ap_ft_over_ds_pull(dev, apdev): run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True) +def test_ap_ft_over_ds_pull_macaddr_radius(dev, apdev): + """WPA2-PSK-FT AP over DS (pull PMK) w macaddr_acl=RADIUS""" + ssid = "test-ft" + passphrase="12345678" + + radius = hostapd.radius_params() + params = ft_params1(ssid=ssid, passphrase=passphrase) + params["pmk_r1_push"] = "0" + params["macaddr_acl"] = "2" + params = dict(radius.items() + params.items()) + hapd0 = hostapd.add_ap(apdev[0]['ifname'], params) + params = ft_params2(ssid=ssid, passphrase=passphrase) + params["pmk_r1_push"] = "0" + params["macaddr_acl"] = "2" + params = dict(radius.items() + params.items()) + hapd1 = hostapd.add_ap(apdev[1]['ifname'], params) + + run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True) + def test_ap_ft_over_ds_pull_vlan(dev, apdev): """WPA2-PSK-FT AP over DS (pull PMK) w VLAN""" ssid = "test-ft" @@ -731,6 +795,122 @@ def test_ap_ft_mismatching_rrb_r0kh_pull(dev, apdev): run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, fail_test=True) +def test_ap_ft_mismatching_rrb_key_push_eap(dev, apdev): + """WPA2-EAP-FT AP over DS with mismatching RRB key (push)""" + ssid = "test-ft" + passphrase="12345678" + + radius = hostapd.radius_params() + params = ft_params1(ssid=ssid, passphrase=passphrase) + params["ieee80211w"] = "2"; + params['wpa_key_mgmt'] = "FT-EAP" + params["ieee8021x"] = "1" + params = dict(radius.items() + params.items()) + hapd0 = hostapd.add_ap(apdev[0]['ifname'], params) + params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase) + params["ieee80211w"] = "2"; + params['wpa_key_mgmt'] = "FT-EAP" + params["ieee8021x"] = "1" + params = dict(radius.items() + params.items()) + hapd1 = hostapd.add_ap(apdev[1]['ifname'], params) + + run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, + fail_test=True, eap=True) + +def test_ap_ft_mismatching_rrb_key_pull_eap(dev, apdev): + """WPA2-EAP-FT AP over DS with mismatching RRB key (pull)""" + ssid = "test-ft" + passphrase="12345678" + + radius = hostapd.radius_params() + params = ft_params1(ssid=ssid, passphrase=passphrase) + params["pmk_r1_push"] = "0" + params['wpa_key_mgmt'] = "FT-EAP" + params["ieee8021x"] = "1" + params = dict(radius.items() + params.items()) + hapd0 = hostapd.add_ap(apdev[0]['ifname'], params) + params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase) + params["pmk_r1_push"] = "0" + params['wpa_key_mgmt'] = "FT-EAP" + params["ieee8021x"] = "1" + params = dict(radius.items() + params.items()) + hapd1 = hostapd.add_ap(apdev[1]['ifname'], params) + + run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, + fail_test=True, eap=True) + +def test_ap_ft_mismatching_r0kh_id_pull_eap(dev, apdev): + """WPA2-EAP-FT AP over DS with mismatching R0KH-ID (pull)""" + ssid = "test-ft" + passphrase="12345678" + + radius = hostapd.radius_params() + params = ft_params1(ssid=ssid, passphrase=passphrase) + params["pmk_r1_push"] = "0" + params["nas_identifier"] = "nas0.w1.fi" + params['wpa_key_mgmt'] = "FT-EAP" + params["ieee8021x"] = "1" + params = dict(radius.items() + params.items()) + hostapd.add_ap(apdev[0]['ifname'], params) + dev[0].connect(ssid, key_mgmt="FT-EAP", proto="WPA2", ieee80211w="1", + eap="GPSK", identity="gpsk user", + password="abcdefghijklmnop0123456789abcdef", + scan_freq="2412") + + params = ft_params2(ssid=ssid, passphrase=passphrase) + params["pmk_r1_push"] = "0" + params['wpa_key_mgmt'] = "FT-EAP" + params["ieee8021x"] = "1" + params = dict(radius.items() + params.items()) + hostapd.add_ap(apdev[1]['ifname'], params) + + dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412") + dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True) + +def test_ap_ft_mismatching_rrb_r0kh_push_eap(dev, apdev): + """WPA2-EAP-FT AP over DS with mismatching R0KH key (push)""" + ssid = "test-ft" + passphrase="12345678" + + radius = hostapd.radius_params() + params = ft_params1(ssid=ssid, passphrase=passphrase) + params["ieee80211w"] = "2"; + params['wpa_key_mgmt'] = "FT-EAP" + params["ieee8021x"] = "1" + params = dict(radius.items() + params.items()) + hapd0 = hostapd.add_ap(apdev[0]['ifname'], params) + params = ft_params2_r0kh_mismatch(ssid=ssid, passphrase=passphrase) + params["ieee80211w"] = "2"; + params['wpa_key_mgmt'] = "FT-EAP" + params["ieee8021x"] = "1" + params = dict(radius.items() + params.items()) + hapd1 = hostapd.add_ap(apdev[1]['ifname'], params) + + run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, + fail_test=True, eap=True) + +def test_ap_ft_mismatching_rrb_r0kh_pull_eap(dev, apdev): + """WPA2-EAP-FT AP over DS with mismatching R0KH key (pull)""" + ssid = "test-ft" + passphrase="12345678" + + radius = hostapd.radius_params() + params = ft_params1_r0kh_mismatch(ssid=ssid, passphrase=passphrase) + params["pmk_r1_push"] = "0" + params['wpa_key_mgmt'] = "FT-EAP" + params["ieee8021x"] = "1" + params = dict(radius.items() + params.items()) + hapd0 = hostapd.add_ap(apdev[0]['ifname'], params) + params = ft_params2(ssid=ssid, passphrase=passphrase) + params["pmk_r1_push"] = "0" + params['wpa_key_mgmt'] = "FT-EAP" + params["ieee8021x"] = "1" + params = dict(radius.items() + params.items()) + hapd1 = hostapd.add_ap(apdev[1]['ifname'], params) + + run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, + fail_test=True, eap=True) + def test_ap_ft_gtk_rekey(dev, apdev): """WPA2-PSK-FT AP and GTK rekey""" ssid = "test-ft" -- 1.9.1 _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap