tests: FT-EAP with VLAN
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
This commit is contained in:
		
							parent
							
								
									17010c38d0
								
							
						
					
					
						commit
						9c50a6d3a3
					
				
					 2 changed files with 81 additions and 10 deletions
				
			
		|  | @ -65,6 +65,11 @@ radius_accept_attr=25:x:00112233445566778899 | ||||||
| radius_accept_attr=89:s:gpsk-chargeable-user-identity | radius_accept_attr=89:s:gpsk-chargeable-user-identity | ||||||
| radius_accept_attr=25:x:00112233445566778899aa | radius_accept_attr=25:x:00112233445566778899aa | ||||||
| 
 | 
 | ||||||
|  | "gpsk-vlan1"	GPSK	"abcdefghijklmnop0123456789abcdef" | ||||||
|  | radius_accept_attr=64:d:13 | ||||||
|  | radius_accept_attr=65:d:6 | ||||||
|  | radius_accept_attr=81:s:1 | ||||||
|  | 
 | ||||||
| "gpsk-user-session-timeout"	GPSK	"abcdefghijklmnop0123456789abcdef" | "gpsk-user-session-timeout"	GPSK	"abcdefghijklmnop0123456789abcdef" | ||||||
| radius_accept_attr=27:d:3 | radius_accept_attr=27:d:3 | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -126,11 +126,11 @@ def ft_params2_r0kh_mismatch(rsn=True, ssid=None, passphrase=None): | ||||||
| def run_roams(dev, apdev, hapd0, hapd1, ssid, passphrase, over_ds=False, | def run_roams(dev, apdev, hapd0, hapd1, ssid, passphrase, over_ds=False, | ||||||
|               sae=False, eap=False, fail_test=False, roams=1, |               sae=False, eap=False, fail_test=False, roams=1, | ||||||
|               pairwise_cipher="CCMP", group_cipher="TKIP CCMP", ptk_rekey="0", |               pairwise_cipher="CCMP", group_cipher="TKIP CCMP", ptk_rekey="0", | ||||||
|               test_connectivity=True): |               test_connectivity=True, eap_identity="gpsk user", conndev=False): | ||||||
|     logger.info("Connect to first AP") |     logger.info("Connect to first AP") | ||||||
|     if eap: |     if eap: | ||||||
|         dev.connect(ssid, key_mgmt="FT-EAP", proto="WPA2", ieee80211w="1", |         dev.connect(ssid, key_mgmt="FT-EAP", proto="WPA2", ieee80211w="1", | ||||||
|                     eap="GPSK", identity="gpsk user", |                     eap="GPSK", identity=eap_identity, | ||||||
|                     password="abcdefghijklmnop0123456789abcdef", |                     password="abcdefghijklmnop0123456789abcdef", | ||||||
|                     scan_freq="2412", |                     scan_freq="2412", | ||||||
|                     pairwise=pairwise_cipher, group=group_cipher, |                     pairwise=pairwise_cipher, group=group_cipher, | ||||||
|  | @ -155,6 +155,9 @@ def run_roams(dev, apdev, hapd0, hapd1, ssid, passphrase, over_ds=False, | ||||||
|         hapd1ap = hapd1 |         hapd1ap = hapd1 | ||||||
|         hapd2ap = hapd0 |         hapd2ap = hapd0 | ||||||
|     if test_connectivity: |     if test_connectivity: | ||||||
|  |         if conndev: | ||||||
|  |             hwsim_utils.test_connectivity_iface(dev, hapd1ap, conndev) | ||||||
|  |         else: | ||||||
|             hwsim_utils.test_connectivity(dev, hapd1ap) |             hwsim_utils.test_connectivity(dev, hapd1ap) | ||||||
| 
 | 
 | ||||||
|     dev.scan_for_bss(ap2['bssid'], freq="2412") |     dev.scan_for_bss(ap2['bssid'], freq="2412") | ||||||
|  | @ -170,6 +173,9 @@ def run_roams(dev, apdev, hapd0, hapd1, ssid, passphrase, over_ds=False, | ||||||
|         if dev.get_status_field('bssid') != ap2['bssid']: |         if dev.get_status_field('bssid') != ap2['bssid']: | ||||||
|             raise Exception("Did not connect to correct AP") |             raise Exception("Did not connect to correct AP") | ||||||
|         if (i == 0 or i == roams - 1) and test_connectivity: |         if (i == 0 or i == roams - 1) and test_connectivity: | ||||||
|  |             if conndev: | ||||||
|  |                 hwsim_utils.test_connectivity_iface(dev, hapd2ap, conndev) | ||||||
|  |             else: | ||||||
|                 hwsim_utils.test_connectivity(dev, hapd2ap) |                 hwsim_utils.test_connectivity(dev, hapd2ap) | ||||||
| 
 | 
 | ||||||
|         logger.info("Roam back to the first AP") |         logger.info("Roam back to the first AP") | ||||||
|  | @ -180,6 +186,9 @@ def run_roams(dev, apdev, hapd0, hapd1, ssid, passphrase, over_ds=False, | ||||||
|         if dev.get_status_field('bssid') != ap1['bssid']: |         if dev.get_status_field('bssid') != ap1['bssid']: | ||||||
|             raise Exception("Did not connect to correct AP") |             raise Exception("Did not connect to correct AP") | ||||||
|         if (i == 0 or i == roams - 1) and test_connectivity: |         if (i == 0 or i == roams - 1) and test_connectivity: | ||||||
|  |             if conndev: | ||||||
|  |                 hwsim_utils.test_connectivity_iface(dev, hapd1ap, conndev) | ||||||
|  |             else: | ||||||
|                 hwsim_utils.test_connectivity(dev, hapd1ap) |                 hwsim_utils.test_connectivity(dev, hapd1ap) | ||||||
| 
 | 
 | ||||||
| def test_ap_ft(dev, apdev): | def test_ap_ft(dev, apdev): | ||||||
|  | @ -528,14 +537,23 @@ def test_ap_ft_sae_over_ds(dev, apdev): | ||||||
|     run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, sae=True, |     run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, sae=True, | ||||||
|               over_ds=True) |               over_ds=True) | ||||||
| 
 | 
 | ||||||
| def generic_ap_ft_eap(dev, apdev, over_ds=False, discovery=False, roams=1): | def generic_ap_ft_eap(dev, apdev, vlan=False, over_ds=False, discovery=False, | ||||||
|  |                       roams=1): | ||||||
|     ssid = "test-ft" |     ssid = "test-ft" | ||||||
|     passphrase="12345678" |     passphrase="12345678" | ||||||
|  |     if vlan: | ||||||
|  |         identity="gpsk-vlan1" | ||||||
|  |         conndev="brvlan1" | ||||||
|  |     else: | ||||||
|  |         identity="gpsk user" | ||||||
|  |         conndev=False | ||||||
| 
 | 
 | ||||||
|     radius = hostapd.radius_params() |     radius = hostapd.radius_params() | ||||||
|     params = ft_params1(ssid=ssid, passphrase=passphrase, discovery=discovery) |     params = ft_params1(ssid=ssid, passphrase=passphrase, discovery=discovery) | ||||||
|     params['wpa_key_mgmt'] = "FT-EAP" |     params['wpa_key_mgmt'] = "FT-EAP" | ||||||
|     params["ieee8021x"] = "1" |     params["ieee8021x"] = "1" | ||||||
|  |     if vlan: | ||||||
|  |         params["dynamic_vlan"] = "1" | ||||||
|     params = dict(radius.items() + params.items()) |     params = dict(radius.items() + params.items()) | ||||||
|     hapd = hostapd.add_ap(apdev[0], params) |     hapd = hostapd.add_ap(apdev[0], params) | ||||||
|     key_mgmt = hapd.get_config()['key_mgmt'] |     key_mgmt = hapd.get_config()['key_mgmt'] | ||||||
|  | @ -544,11 +562,14 @@ def generic_ap_ft_eap(dev, apdev, over_ds=False, discovery=False, roams=1): | ||||||
|     params = ft_params2(ssid=ssid, passphrase=passphrase, discovery=discovery) |     params = ft_params2(ssid=ssid, passphrase=passphrase, discovery=discovery) | ||||||
|     params['wpa_key_mgmt'] = "FT-EAP" |     params['wpa_key_mgmt'] = "FT-EAP" | ||||||
|     params["ieee8021x"] = "1" |     params["ieee8021x"] = "1" | ||||||
|  |     if vlan: | ||||||
|  |         params["dynamic_vlan"] = "1" | ||||||
|     params = dict(radius.items() + params.items()) |     params = dict(radius.items() + params.items()) | ||||||
|     hapd1 = hostapd.add_ap(apdev[1], params) |     hapd1 = hostapd.add_ap(apdev[1], params) | ||||||
| 
 | 
 | ||||||
|     run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True, |     run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True, | ||||||
|               over_ds=over_ds, roams=roams) |               over_ds=over_ds, roams=roams, eap_identity=identity, | ||||||
|  |               conndev=conndev) | ||||||
|     if "[WPA2-FT/EAP-CCMP]" not in dev[0].request("SCAN_RESULTS"): |     if "[WPA2-FT/EAP-CCMP]" not in dev[0].request("SCAN_RESULTS"): | ||||||
|         raise Exception("Scan results missing RSN element info") |         raise Exception("Scan results missing RSN element info") | ||||||
|     check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-3"), |     check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-3"), | ||||||
|  | @ -567,12 +588,23 @@ def generic_ap_ft_eap(dev, apdev, over_ds=False, discovery=False, roams=1): | ||||||
|     if ev is None: |     if ev is None: | ||||||
|         raise Exception("EAP authentication did not succeed") |         raise Exception("EAP authentication did not succeed") | ||||||
|     time.sleep(0.1) |     time.sleep(0.1) | ||||||
|  |     if conndev: | ||||||
|  |         hwsim_utils.test_connectivity_iface(dev[0], ap, conndev) | ||||||
|  |     else: | ||||||
|         hwsim_utils.test_connectivity(dev[0], ap) |         hwsim_utils.test_connectivity(dev[0], ap) | ||||||
| 
 | 
 | ||||||
| def test_ap_ft_eap(dev, apdev): | def test_ap_ft_eap(dev, apdev): | ||||||
|     """WPA2-EAP-FT AP""" |     """WPA2-EAP-FT AP""" | ||||||
|     generic_ap_ft_eap(dev, apdev) |     generic_ap_ft_eap(dev, apdev) | ||||||
| 
 | 
 | ||||||
|  | def test_ap_ft_eap_vlan(dev, apdev): | ||||||
|  |     """WPA2-EAP-FT AP with VLAN""" | ||||||
|  |     generic_ap_ft_eap(dev, apdev, vlan=True) | ||||||
|  | 
 | ||||||
|  | def test_ap_ft_eap_vlan_multi(dev, apdev): | ||||||
|  |     """WPA2-EAP-FT AP with VLAN""" | ||||||
|  |     generic_ap_ft_eap(dev, apdev, vlan=True, roams=50) | ||||||
|  | 
 | ||||||
| def test_ap_ft_eap_over_ds(dev, apdev): | def test_ap_ft_eap_over_ds(dev, apdev): | ||||||
|     """WPA2-EAP-FT AP using over-the-DS""" |     """WPA2-EAP-FT AP using over-the-DS""" | ||||||
|     generic_ap_ft_eap(dev, apdev, over_ds=True) |     generic_ap_ft_eap(dev, apdev, over_ds=True) | ||||||
|  | @ -585,16 +617,40 @@ def test_ap_ft_eap_dis_over_ds(dev, apdev): | ||||||
|     """WPA2-EAP-FT AP with AP discovery and over-the-DS""" |     """WPA2-EAP-FT AP with AP discovery and over-the-DS""" | ||||||
|     generic_ap_ft_eap(dev, apdev, over_ds=True, discovery=True) |     generic_ap_ft_eap(dev, apdev, over_ds=True, discovery=True) | ||||||
| 
 | 
 | ||||||
| def test_ap_ft_eap_pull(dev, apdev): | def test_ap_ft_eap_vlan(dev, apdev): | ||||||
|  |     """WPA2-EAP-FT AP with VLAN""" | ||||||
|  |     generic_ap_ft_eap(dev, apdev, vlan=True) | ||||||
|  | 
 | ||||||
|  | def test_ap_ft_eap_vlan_multi(dev, apdev): | ||||||
|  |     """WPA2-EAP-FT AP with VLAN""" | ||||||
|  |     generic_ap_ft_eap(dev, apdev, vlan=True, roams=50) | ||||||
|  | 
 | ||||||
|  | def test_ap_ft_eap_vlan_over_ds(dev, apdev): | ||||||
|  |     """WPA2-EAP-FT AP with VLAN + over_ds""" | ||||||
|  |     generic_ap_ft_eap(dev, apdev, vlan=True, over_ds=True) | ||||||
|  | 
 | ||||||
|  | def test_ap_ft_eap_vlan_over_ds_multi(dev, apdev): | ||||||
|  |     """WPA2-EAP-FT AP with VLAN + over_ds""" | ||||||
|  |     generic_ap_ft_eap(dev, apdev, vlan=True, over_ds=True, roams=50) | ||||||
|  | 
 | ||||||
|  | def generic_ap_ft_eap_pull(dev, apdev, vlan=False): | ||||||
|     """WPA2-EAP-FT AP (pull PMK)""" |     """WPA2-EAP-FT AP (pull PMK)""" | ||||||
|     ssid = "test-ft" |     ssid = "test-ft" | ||||||
|     passphrase="12345678" |     passphrase="12345678" | ||||||
|  |     if vlan: | ||||||
|  |         identity="gpsk-vlan1" | ||||||
|  |         conndev="brvlan1" | ||||||
|  |     else: | ||||||
|  |         identity="gpsk user" | ||||||
|  |         conndev=False | ||||||
| 
 | 
 | ||||||
|     radius = hostapd.radius_params() |     radius = hostapd.radius_params() | ||||||
|     params = ft_params1(ssid=ssid, passphrase=passphrase) |     params = ft_params1(ssid=ssid, passphrase=passphrase) | ||||||
|     params['wpa_key_mgmt'] = "FT-EAP" |     params['wpa_key_mgmt'] = "FT-EAP" | ||||||
|     params["ieee8021x"] = "1" |     params["ieee8021x"] = "1" | ||||||
|     params["pmk_r1_push"] = "0" |     params["pmk_r1_push"] = "0" | ||||||
|  |     if vlan: | ||||||
|  |         params["dynamic_vlan"] = "1" | ||||||
|     params = dict(radius.items() + params.items()) |     params = dict(radius.items() + params.items()) | ||||||
|     hapd = hostapd.add_ap(apdev[0], params) |     hapd = hostapd.add_ap(apdev[0], params) | ||||||
|     key_mgmt = hapd.get_config()['key_mgmt'] |     key_mgmt = hapd.get_config()['key_mgmt'] | ||||||
|  | @ -604,10 +660,20 @@ def test_ap_ft_eap_pull(dev, apdev): | ||||||
|     params['wpa_key_mgmt'] = "FT-EAP" |     params['wpa_key_mgmt'] = "FT-EAP" | ||||||
|     params["ieee8021x"] = "1" |     params["ieee8021x"] = "1" | ||||||
|     params["pmk_r1_push"] = "0" |     params["pmk_r1_push"] = "0" | ||||||
|  |     if vlan: | ||||||
|  |         params["dynamic_vlan"] = "1" | ||||||
|     params = dict(radius.items() + params.items()) |     params = dict(radius.items() + params.items()) | ||||||
|     hapd1 = hostapd.add_ap(apdev[1], params) |     hapd1 = hostapd.add_ap(apdev[1], params) | ||||||
| 
 | 
 | ||||||
|     run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True) |     run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True, | ||||||
|  |               eap_identity=identity, conndev=conndev) | ||||||
|  | 
 | ||||||
|  | def test_ap_ft_eap_pull(dev, apdev): | ||||||
|  |     """WPA2-EAP-FT AP (pull PMK)""" | ||||||
|  |     generic_ap_ft_eap_pull(dev, apdev) | ||||||
|  | 
 | ||||||
|  | def test_ap_ft_eap_pull_vlan(dev, apdev): | ||||||
|  |     generic_ap_ft_eap_pull(dev, apdev, vlan=True) | ||||||
| 
 | 
 | ||||||
| def test_ap_ft_eap_pull_wildcard(dev, apdev): | def test_ap_ft_eap_pull_wildcard(dev, apdev): | ||||||
|     """WPA2-EAP-FT AP (pull PMK) - wildcard R0KH/R1KH""" |     """WPA2-EAP-FT AP (pull PMK) - wildcard R0KH/R1KH""" | ||||||
|  |  | ||||||
		Loading…
	
		Reference in a new issue
	
	 Michael Braun
						Michael Braun