tests: Make WPA2-Enterprise reauth test cases more robust
With the extra latencies removed from run-tests.py operations, it was possible to hit race conditions in pairwise cipher configuration at the end of the 4-way handshake. In some cases, the EAPOL-Start frame from the station was not received by the AP and that could result in these test cases failing. Since there are not really trying to test the race condition, wait for the AP side to complete key configuration prior to initiating the reauthentication sequence. Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
0c35b91c5f
commit
cb33ee143b
1 changed files with 27 additions and 21 deletions
|
|
@ -15,10 +15,12 @@ import os.path
|
|||
import hwsim_utils
|
||||
import hostapd
|
||||
|
||||
def eap_connect(dev, method, identity, anonymous_identity=None, password=None,
|
||||
def eap_connect(dev, ap, method, identity, anonymous_identity=None,
|
||||
password=None,
|
||||
phase1=None, phase2=None, ca_cert=None,
|
||||
domain_suffix_match=None, password_hex=None,
|
||||
client_cert=None, private_key=None, sha256=False):
|
||||
hapd = hostapd.Hostapd(ap['ifname'])
|
||||
id = dev.connect("test-wpa2-eap", key_mgmt="WPA-EAP WPA-EAP-SHA256",
|
||||
eap=method, identity=identity,
|
||||
anonymous_identity=anonymous_identity,
|
||||
|
|
@ -29,6 +31,9 @@ def eap_connect(dev, method, identity, anonymous_identity=None, password=None,
|
|||
client_cert=client_cert, private_key=private_key,
|
||||
ieee80211w="1")
|
||||
eap_check_auth(dev, method, True, sha256=sha256)
|
||||
ev = hapd.wait_event([ "AP-STA-CONNECTED" ], timeout=5)
|
||||
if ev is None:
|
||||
raise Exception("No connection event received from hostapd")
|
||||
return id
|
||||
|
||||
def eap_check_auth(dev, method, initial, rsn=True, sha256=False):
|
||||
|
|
@ -78,7 +83,7 @@ def test_ap_wpa2_eap_sim(dev, apdev):
|
|||
return "skip"
|
||||
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||
hostapd.add_ap(apdev[0]['ifname'], params)
|
||||
eap_connect(dev[0], "SIM", "1232010000000000",
|
||||
eap_connect(dev[0], apdev[0], "SIM", "1232010000000000",
|
||||
password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581")
|
||||
hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname'])
|
||||
eap_reauth(dev[0], "SIM")
|
||||
|
|
@ -90,7 +95,7 @@ def test_ap_wpa2_eap_aka(dev, apdev):
|
|||
return "skip"
|
||||
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||
hostapd.add_ap(apdev[0]['ifname'], params)
|
||||
eap_connect(dev[0], "AKA", "0232010000000000",
|
||||
eap_connect(dev[0], apdev[0], "AKA", "0232010000000000",
|
||||
password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:000000000123")
|
||||
hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname'])
|
||||
eap_reauth(dev[0], "AKA")
|
||||
|
|
@ -102,7 +107,7 @@ def test_ap_wpa2_eap_aka_prime(dev, apdev):
|
|||
return "skip"
|
||||
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||
hostapd.add_ap(apdev[0]['ifname'], params)
|
||||
eap_connect(dev[0], "AKA'", "6555444333222111",
|
||||
eap_connect(dev[0], apdev[0], "AKA'", "6555444333222111",
|
||||
password="5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123")
|
||||
hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname'])
|
||||
eap_reauth(dev[0], "AKA'")
|
||||
|
|
@ -111,7 +116,7 @@ def test_ap_wpa2_eap_ttls_pap(dev, apdev):
|
|||
"""WPA2-Enterprise connection using EAP-TTLS/PAP"""
|
||||
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||
hostapd.add_ap(apdev[0]['ifname'], params)
|
||||
eap_connect(dev[0], "TTLS", "pap user",
|
||||
eap_connect(dev[0], apdev[0], "TTLS", "pap user",
|
||||
anonymous_identity="ttls", password="password",
|
||||
ca_cert="auth_serv/ca.pem", phase2="auth=PAP")
|
||||
hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname'])
|
||||
|
|
@ -121,7 +126,7 @@ def test_ap_wpa2_eap_ttls_chap(dev, apdev):
|
|||
"""WPA2-Enterprise connection using EAP-TTLS/CHAP"""
|
||||
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||
hostapd.add_ap(apdev[0]['ifname'], params)
|
||||
eap_connect(dev[0], "TTLS", "chap user",
|
||||
eap_connect(dev[0], apdev[0], "TTLS", "chap user",
|
||||
anonymous_identity="ttls", password="password",
|
||||
ca_cert="auth_serv/ca.pem", phase2="auth=CHAP")
|
||||
hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname'])
|
||||
|
|
@ -131,7 +136,7 @@ def test_ap_wpa2_eap_ttls_mschap(dev, apdev):
|
|||
"""WPA2-Enterprise connection using EAP-TTLS/MSCHAP"""
|
||||
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||
hostapd.add_ap(apdev[0]['ifname'], params)
|
||||
eap_connect(dev[0], "TTLS", "mschap user",
|
||||
eap_connect(dev[0], apdev[0], "TTLS", "mschap user",
|
||||
anonymous_identity="ttls", password="password",
|
||||
ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAP",
|
||||
domain_suffix_match="server.w1.fi")
|
||||
|
|
@ -143,7 +148,7 @@ def test_ap_wpa2_eap_ttls_mschapv2(dev, apdev):
|
|||
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||
hostapd.add_ap(apdev[0]['ifname'], params)
|
||||
hapd = hostapd.Hostapd(apdev[0]['ifname'])
|
||||
eap_connect(dev[0], "TTLS", "DOMAIN\mschapv2 user",
|
||||
eap_connect(dev[0], apdev[0], "TTLS", "DOMAIN\mschapv2 user",
|
||||
anonymous_identity="ttls", password="password",
|
||||
ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
|
||||
domain_suffix_match="w1.fi")
|
||||
|
|
@ -164,7 +169,7 @@ def test_ap_wpa2_eap_ttls_eap_gtc(dev, apdev):
|
|||
"""WPA2-Enterprise connection using EAP-TTLS/EAP-GTC"""
|
||||
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||
hostapd.add_ap(apdev[0]['ifname'], params)
|
||||
eap_connect(dev[0], "TTLS", "user",
|
||||
eap_connect(dev[0], apdev[0], "TTLS", "user",
|
||||
anonymous_identity="ttls", password="password",
|
||||
ca_cert="auth_serv/ca.pem", phase2="autheap=GTC")
|
||||
hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname'])
|
||||
|
|
@ -174,7 +179,7 @@ def test_ap_wpa2_eap_ttls_eap_md5(dev, apdev):
|
|||
"""WPA2-Enterprise connection using EAP-TTLS/EAP-MD5"""
|
||||
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||
hostapd.add_ap(apdev[0]['ifname'], params)
|
||||
eap_connect(dev[0], "TTLS", "user",
|
||||
eap_connect(dev[0], apdev[0], "TTLS", "user",
|
||||
anonymous_identity="ttls", password="password",
|
||||
ca_cert="auth_serv/ca.pem", phase2="autheap=MD5")
|
||||
hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname'])
|
||||
|
|
@ -184,7 +189,7 @@ def test_ap_wpa2_eap_ttls_eap_mschapv2(dev, apdev):
|
|||
"""WPA2-Enterprise connection using EAP-TTLS/EAP-MSCHAPv2"""
|
||||
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||
hostapd.add_ap(apdev[0]['ifname'], params)
|
||||
eap_connect(dev[0], "TTLS", "user",
|
||||
eap_connect(dev[0], apdev[0], "TTLS", "user",
|
||||
anonymous_identity="ttls", password="password",
|
||||
ca_cert="auth_serv/ca.pem", phase2="autheap=MSCHAPV2")
|
||||
hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname'])
|
||||
|
|
@ -194,7 +199,7 @@ def test_ap_wpa2_eap_peap_eap_mschapv2(dev, apdev):
|
|||
"""WPA2-Enterprise connection using EAP-PEAP/EAP-MSCHAPv2"""
|
||||
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||
hostapd.add_ap(apdev[0]['ifname'], params)
|
||||
eap_connect(dev[0], "PEAP", "user",
|
||||
eap_connect(dev[0], apdev[0], "PEAP", "user",
|
||||
anonymous_identity="peap", password="password",
|
||||
ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2")
|
||||
hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname'])
|
||||
|
|
@ -204,7 +209,7 @@ def test_ap_wpa2_eap_peap_crypto_binding(dev, apdev):
|
|||
"""WPA2-Enterprise connection using EAP-PEAPv0/EAP-MSCHAPv2 and crypto binding"""
|
||||
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||
hostapd.add_ap(apdev[0]['ifname'], params)
|
||||
eap_connect(dev[0], "PEAP", "user", password="password",
|
||||
eap_connect(dev[0], apdev[0], "PEAP", "user", password="password",
|
||||
ca_cert="auth_serv/ca.pem",
|
||||
phase1="peapver=0 crypto_binding=2",
|
||||
phase2="auth=MSCHAPV2")
|
||||
|
|
@ -215,7 +220,7 @@ def test_ap_wpa2_eap_tls(dev, apdev):
|
|||
"""WPA2-Enterprise connection using EAP-TLS"""
|
||||
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||
hostapd.add_ap(apdev[0]['ifname'], params)
|
||||
eap_connect(dev[0], "TLS", "tls user", ca_cert="auth_serv/ca.pem",
|
||||
eap_connect(dev[0], apdev[0], "TLS", "tls user", ca_cert="auth_serv/ca.pem",
|
||||
client_cert="auth_serv/user.pem",
|
||||
private_key="auth_serv/user.key")
|
||||
eap_reauth(dev[0], "TLS")
|
||||
|
|
@ -327,14 +332,14 @@ def test_ap_wpa2_eap_pwd(dev, apdev):
|
|||
"""WPA2-Enterprise connection using EAP-pwd"""
|
||||
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||
hostapd.add_ap(apdev[0]['ifname'], params)
|
||||
eap_connect(dev[0], "PWD", "pwd user", password="secret password")
|
||||
eap_connect(dev[0], apdev[0], "PWD", "pwd user", password="secret password")
|
||||
eap_reauth(dev[0], "PWD")
|
||||
|
||||
def test_ap_wpa2_eap_gpsk(dev, apdev):
|
||||
"""WPA2-Enterprise connection using EAP-GPSK"""
|
||||
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||
hostapd.add_ap(apdev[0]['ifname'], params)
|
||||
id = eap_connect(dev[0], "GPSK", "gpsk user",
|
||||
id = eap_connect(dev[0], apdev[0], "GPSK", "gpsk user",
|
||||
password="abcdefghijklmnop0123456789abcdef")
|
||||
eap_reauth(dev[0], "GPSK")
|
||||
|
||||
|
|
@ -358,7 +363,7 @@ def test_ap_wpa2_eap_sake(dev, apdev):
|
|||
"""WPA2-Enterprise connection using EAP-SAKE"""
|
||||
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||
hostapd.add_ap(apdev[0]['ifname'], params)
|
||||
eap_connect(dev[0], "SAKE", "sake user",
|
||||
eap_connect(dev[0], apdev[0], "SAKE", "sake user",
|
||||
password_hex="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef")
|
||||
eap_reauth(dev[0], "SAKE")
|
||||
|
||||
|
|
@ -366,7 +371,7 @@ def test_ap_wpa2_eap_eke(dev, apdev):
|
|||
"""WPA2-Enterprise connection using EAP-EKE"""
|
||||
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||
hostapd.add_ap(apdev[0]['ifname'], params)
|
||||
id = eap_connect(dev[0], "EKE", "eke user", password="hello")
|
||||
id = eap_connect(dev[0], apdev[0], "EKE", "eke user", password="hello")
|
||||
eap_reauth(dev[0], "EKE")
|
||||
|
||||
logger.info("Test forced algorithm selection")
|
||||
|
|
@ -392,14 +397,15 @@ def test_ap_wpa2_eap_ikev2(dev, apdev):
|
|||
"""WPA2-Enterprise connection using EAP-IKEv2"""
|
||||
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||
hostapd.add_ap(apdev[0]['ifname'], params)
|
||||
eap_connect(dev[0], "IKEV2", "ikev2 user", password="ike password")
|
||||
eap_connect(dev[0], apdev[0], "IKEV2", "ikev2 user",
|
||||
password="ike password")
|
||||
eap_reauth(dev[0], "IKEV2")
|
||||
|
||||
def test_ap_wpa2_eap_pax(dev, apdev):
|
||||
"""WPA2-Enterprise connection using EAP-PAX"""
|
||||
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||
hostapd.add_ap(apdev[0]['ifname'], params)
|
||||
eap_connect(dev[0], "PAX", "pax.user@example.com",
|
||||
eap_connect(dev[0], apdev[0], "PAX", "pax.user@example.com",
|
||||
password_hex="0123456789abcdef0123456789abcdef")
|
||||
eap_reauth(dev[0], "PAX")
|
||||
|
||||
|
|
@ -409,7 +415,7 @@ def test_ap_wpa2_eap_psk(dev, apdev):
|
|||
params["wpa_key_mgmt"] = "WPA-EAP-SHA256"
|
||||
params["ieee80211w"] = "2"
|
||||
hostapd.add_ap(apdev[0]['ifname'], params)
|
||||
eap_connect(dev[0], "PSK", "psk.user@example.com",
|
||||
eap_connect(dev[0], apdev[0], "PSK", "psk.user@example.com",
|
||||
password_hex="0123456789abcdef0123456789abcdef", sha256=True)
|
||||
eap_reauth(dev[0], "PSK", sha256=True)
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue