Re: [PATCH v2 3/3] tests: Extended Key ID tests

Jouni Malinen <j@xxxxx> · Mon, 23 Mar 2020 01:02:47 +0200

On Mon, Mar 23, 2020 at 12:16:25AM +0200, Jouni Malinen wrote:
> This is not the style I'd like to see in hwsim test cases. The test
> cases should continue with the current default behavior, i.e., with
> Extended Key ID use disabled by default, to maintain existing testing
> coverage. New test cases could then be added to verify Extended Key ID
> behavior. In other words, a single execution round should cover both
> not-in-use and in-use cases to sufficient level of detail. For most test
> cases, there is not really any difference, so the current test
> configuration is fine and the new test cases would need to only cover
> the cases where there is different behavior from use of Extended Key ID,
> i.e., mainly the test cases that verify PTK rekeying and potentially
> some protocol test cases to check unexpected behavior.

For example, I'm using the following test cases to verify functionality
now. I probably broke something in the AP and/or STA changes because the
connection does not really work after key configuration, so need to
figure that one out, but at least these versions should show what I'm
looking for. I'll try to take a closer look at what was broken tomorrow.
The exact version of my pending branch is pushed to hostap.git as well,
should anyone else be interested in checking this.


 From: Jouni Malinen <j@xxxxx>
 Subject: [PATCH 17/17] tests: Extended Key ID

Signed-off-by: Jouni Malinen <j@xxxxx>
---
 tests/hwsim/test_ap_ft.py  | 16 ++++++++-
 tests/hwsim/test_ap_psk.py | 74 +++++++++++++++++++++++++++++++++++++-
 tests/hwsim/test_fils.py   | 25 +++++++++++--
 tests/hwsim/utils.py       |  5 +++
 4 files changed, 116 insertions(+), 4 deletions(-)

diff --git a/tests/hwsim/test_ap_ft.py b/tests/hwsim/test_ap_ft.py
index 624451e90d24..d6f0c5737117 100644
--- a/tests/hwsim/test_ap_ft.py
+++ b/tests/hwsim/test_ap_ft.py
@@ -18,7 +18,7 @@ import hwsim_utils
 from hwsim import HWSimRadio
 import hostapd
 from tshark import run_tshark
-from utils import HwsimSkip, alloc_fail, fail_test, wait_fail_trigger, skip_with_fips, parse_ie
+from utils import *
 from wlantest import Wlantest
 from test_ap_psk import check_mib, find_wpas_process, read_process_memory, verify_not_present, get_key_locations
 from test_rrm import check_beacon_req
@@ -1099,6 +1099,20 @@ def test_ap_ft_sae_ptk_rekey_ap(dev, apdev):
               only_one_way=True)
     check_ptk_rekey(dev[0], hapd0, hapd1)
 
+def test_ap_ft_sae_ptk_rekey_ap_ext_key_id(dev, apdev):
+    """WPA2-PSK-FT-SAE AP and PTK rekey triggered by AP (Ext Key ID)"""
+    check_ext_key_id_capa(dev[0])
+    try:
+        dev[0].set("extended_key_id", "1")
+        hapd0, hapd1 = start_ft_sae(dev[0], apdev, wpa_ptk_rekey=2)
+        check_ext_key_id_capa(hapd0)
+        check_ext_key_id_capa(hapd1)
+        run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True,
+                  only_one_way=True)
+        check_ptk_rekey(dev[0], hapd0, hapd1)
+    finally:
+        dev[0].set("extended_key_id", "0")
+
 def test_ap_ft_sae_over_ds(dev, apdev):
     """WPA2-PSK-FT-SAE AP over DS"""
     hapd0, hapd1 = start_ft_sae(dev[0], apdev)
diff --git a/tests/hwsim/test_ap_psk.py b/tests/hwsim/test_ap_psk.py
index febbc07fee3c..e72b46264812 100644
--- a/tests/hwsim/test_ap_psk.py
+++ b/tests/hwsim/test_ap_psk.py
@@ -19,7 +19,7 @@ import subprocess
 import time
 
 import hostapd
-from utils import HwsimSkip, fail_test, skip_with_fips, start_monitor, stop_monitor, radiotap_build
+from utils import *
 import hwsim_utils
 from wpasupplicant import WpaSupplicant
 from tshark import run_tshark
@@ -3404,3 +3404,75 @@ def test_ap_wpa2_psk_rsnxe_mismatch_ap(dev, apdev):
         raise Exception("Unexpected connection")
     if "reason=17 locally_generated=1" not in ev:
         raise Exception("Unexpected disconnection reason: " + ev)
+
+def test_ap_wpa2_psk_ext_key_id_ptk_rekey_ap0(dev, apdev):
+    """WPA2-PSK AP and PTK rekey by AP (disabled on STA)"""
+    run_ap_wpa2_psk_ext_key_id_ptk_rekey_ap(dev, apdev, 1, 0)
+
+def test_ap_wpa2_psk_ext_key_id_ptk_rekey_ap1(dev, apdev):
+    """WPA2-PSK AP and PTK rekey by AP (start with Key ID 0)"""
+    run_ap_wpa2_psk_ext_key_id_ptk_rekey_ap(dev, apdev, 1, 1)
+
+def test_ap_wpa2_psk_ext_key_id_ptk_rekey_ap2(dev, apdev):
+    """WPA2-PSK AP and PTK rekey by AP (start with Key ID 1)"""
+    run_ap_wpa2_psk_ext_key_id_ptk_rekey_ap(dev, apdev, 2, 1)
+
+def run_ap_wpa2_psk_ext_key_id_ptk_rekey_ap(dev, apdev, ap_ext_key_id,
+                                            sta_ext_key_id):
+    check_ext_key_id_capa(dev[0])
+    ssid = "test-wpa2-psk"
+    passphrase = 'qwertyuiop'
+    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
+    params['wpa_ptk_rekey'] = '2'
+    params['extended_key_id'] = str(ap_ext_key_id)
+    hapd = hostapd.add_ap(apdev[0], params)
+    check_ext_key_id_capa(hapd)
+    try:
+        dev[0].set("extended_key_id", str(sta_ext_key_id))
+        dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
+        ev = dev[0].wait_event(["WPA: Key negotiation completed"])
+        if ev is None:
+            raise Exception("PTK rekey timed out")
+        hwsim_utils.test_connectivity(dev[0], hapd)
+    finally:
+        dev[0].set("extended_key_id", "0")
+
+def test_ap_wpa2_psk_ext_key_id_ptk_rekey_sta0(dev, apdev):
+    """Extended Key ID and PTK rekey by station (Ext Key ID disabled on AP)"""
+    run_ap_wpa2_psk_ext_key_id_ptk_rekey_sta(dev, apdev, 0)
+
+def test_ap_wpa2_psk_ext_key_id_ptk_rekey_sta1(dev, apdev):
+    """Extended Key ID and PTK rekey by station (start with Key ID 0)"""
+    run_ap_wpa2_psk_ext_key_id_ptk_rekey_sta(dev, apdev, 1)
+
+def test_ap_wpa2_psk_ext_key_id_ptk_rekey_sta2(dev, apdev):
+    """Extended Key ID and PTK rekey by station (start with Key ID 1)"""
+    run_ap_wpa2_psk_ext_key_id_ptk_rekey_sta(dev, apdev, 2)
+
+def run_ap_wpa2_psk_ext_key_id_ptk_rekey_sta(dev, apdev, ext_key_id):
+    check_ext_key_id_capa(dev[0])
+    ssid = "test-wpa2-psk"
+    passphrase = 'qwertyuiop'
+    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
+    params['extended_key_id'] = str(ext_key_id)
+    hapd = hostapd.add_ap(apdev[0], params)
+    check_ext_key_id_capa(hapd)
+
+    Wlantest.setup(hapd)
+    wt = Wlantest()
+    wt.flush()
+    wt.add_passphrase(passphrase)
+
+    try:
+        dev[0].set("extended_key_id", "1")
+        dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1",
+                       scan_freq="2412")
+        ev = dev[0].wait_event(["WPA: Key negotiation completed",
+                                "CTRL-EVENT-DISCONNECTED"])
+        if ev is None:
+            raise Exception("PTK rekey timed out")
+        if "CTRL-EVENT-DISCONNECTED" in ev:
+            raise Exception("Disconnect instead of rekey")
+        hwsim_utils.test_connectivity(dev[0], hapd)
+    finally:
+        dev[0].set("extended_key_id", "0")
diff --git a/tests/hwsim/test_fils.py b/tests/hwsim/test_fils.py
index 16fc0385247d..9b267e4aab0a 100644
--- a/tests/hwsim/test_fils.py
+++ b/tests/hwsim/test_fils.py
@@ -17,7 +17,7 @@ import hostapd
 from tshark import run_tshark
 from wpasupplicant import WpaSupplicant
 import hwsim_utils
-from utils import HwsimSkip, alloc_fail
+from utils import *
 from test_erp import check_erp_capa, start_erp_as
 from test_ap_hs20 import ip_checksum
 
@@ -1655,7 +1655,7 @@ def test_fils_sk_auth_mismatch(dev, apdev, params):
     hwsim_utils.test_connectivity(dev[0], hapd)
 
 def setup_fils_rekey(dev, apdev, params, wpa_ptk_rekey=0, wpa_group_rekey=0,
-                     pmksa_caching=True):
+                     pmksa_caching=True, ext_key_id=False):
     check_fils_capa(dev[0])
     check_erp_capa(dev[0])
 
@@ -1673,6 +1673,8 @@ def setup_fils_rekey(dev, apdev, params, wpa_ptk_rekey=0, wpa_group_rekey=0,
         params['wpa_group_rekey'] = str(wpa_group_rekey)
     if not pmksa_caching:
             params['disable_pmksa_caching'] = '1'
+    if ext_key_id:
+        params['extended_key_id'] = '1'
     hapd = hostapd.add_ap(apdev[0]['ifname'], params)
 
     dev[0].scan_for_bss(bssid, freq=2412)
@@ -2302,3 +2304,22 @@ def test_fils_sk_erp_roam_diff_akm(dev, apdev, params):
         raise Exception("Failed to connect to the second AP")
 
     hwsim_utils.test_connectivity(dev[0], hapd2)
+
+def test_fils_auth_ptk_rekey_ap_ext_key_id(dev, apdev, params):
+    """PTK rekeying after FILS authentication triggered by AP (Ext Key ID)"""
+    check_ext_key_id_capa(dev[0])
+    try:
+        dev[0].set("extended_key_id", "1")
+        hapd = setup_fils_rekey(dev, apdev, params, wpa_ptk_rekey=2)
+        check_ext_key_id_capa(hapd)
+        ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=3)
+        if ev is None:
+            raise Exception("PTK rekey timed out")
+        hwsim_utils.test_connectivity(dev[0], hapd)
+
+        ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
+        if ev is not None:
+            raise Exception("Rekeying failed - disconnected")
+        hwsim_utils.test_connectivity(dev[0], hapd)
+    finally:
+        dev[0].set("extended_key_id", "0")
diff --git a/tests/hwsim/utils.py b/tests/hwsim/utils.py
index fdd95eebf582..1e7e56c3a568 100644
--- a/tests/hwsim/utils.py
+++ b/tests/hwsim/utils.py
@@ -89,6 +89,11 @@ def skip_with_fips(dev, reason="Not supported in FIPS mode"):
     if res and 'FIPS' in res:
         raise HwsimSkip(reason)
 
+def check_ext_key_id_capa(dev):
+    res = dev.get_driver_status_field('capa.flags')
+    if (int(res, 0) & 0x8000000000000000) == 0:
+        raise HwsimSkip("Extended Key ID not supported")
+
 def get_phy(ap, ifname=None):
     phy = "phy3"
     try:
-- 
2.20.1


 
-- 
Jouni Malinen                                            PGP id EFC895FA

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap






