tests: RSN pre-authentication processing on AP
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
3f23260da8
commit
d62391fec9
1 changed files with 98 additions and 1 deletions
|
@ -4,15 +4,18 @@
|
||||||
# This software may be distributed under the terms of the BSD license.
|
# This software may be distributed under the terms of the BSD license.
|
||||||
# See README for more details.
|
# See README for more details.
|
||||||
|
|
||||||
|
import binascii
|
||||||
import logging
|
import logging
|
||||||
logger = logging.getLogger()
|
logger = logging.getLogger()
|
||||||
|
import socket
|
||||||
|
import struct
|
||||||
import subprocess
|
import subprocess
|
||||||
import time
|
import time
|
||||||
|
|
||||||
import hostapd
|
import hostapd
|
||||||
import hwsim_utils
|
import hwsim_utils
|
||||||
from wpasupplicant import WpaSupplicant
|
from wpasupplicant import WpaSupplicant
|
||||||
from utils import alloc_fail, HwsimSkip
|
from utils import alloc_fail, HwsimSkip, wait_fail_trigger
|
||||||
from test_ap_eap import eap_connect
|
from test_ap_eap import eap_connect
|
||||||
|
|
||||||
def test_pmksa_cache_on_roam_back(dev, apdev):
|
def test_pmksa_cache_on_roam_back(dev, apdev):
|
||||||
|
@ -979,3 +982,97 @@ def test_pmksa_cache_ctrl_ext(dev, apdev):
|
||||||
raise Exception("Connection with the AP timed out")
|
raise Exception("Connection with the AP timed out")
|
||||||
if "CTRL-EVENT-EAP-STARTED" in ev:
|
if "CTRL-EVENT-EAP-STARTED" in ev:
|
||||||
raise Exception("Unexpected EAP exchange after external PMKSA cache restore")
|
raise Exception("Unexpected EAP exchange after external PMKSA cache restore")
|
||||||
|
|
||||||
|
def test_rsn_preauth_processing(dev, apdev):
|
||||||
|
"""RSN pre-authentication processing on AP"""
|
||||||
|
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||||
|
params['rsn_preauth'] = '1'
|
||||||
|
params['rsn_preauth_interfaces'] = "lo"
|
||||||
|
hapd = hostapd.add_ap(apdev[0], params)
|
||||||
|
bssid = hapd.own_addr()
|
||||||
|
_bssid = binascii.unhexlify(bssid.replace(':', ''))
|
||||||
|
eap_connect(dev[0], hapd, "PAX", "pax.user@example.com",
|
||||||
|
password_hex="0123456789abcdef0123456789abcdef")
|
||||||
|
addr = dev[0].own_addr()
|
||||||
|
_addr = binascii.unhexlify(addr.replace(':', ''))
|
||||||
|
|
||||||
|
sock = socket.socket(socket.AF_PACKET, socket.SOCK_RAW,
|
||||||
|
socket.htons(0x88c7))
|
||||||
|
sock.bind(("lo", socket.htons(0x88c7)))
|
||||||
|
|
||||||
|
foreign = "\x02\x03\x04\x05\x06\x07"
|
||||||
|
proto = "\x88\xc7"
|
||||||
|
tests = []
|
||||||
|
# RSN: too short pre-auth packet (len=14)
|
||||||
|
tests += [ _bssid + foreign + proto ]
|
||||||
|
# Not EAPOL-Start
|
||||||
|
tests += [ _bssid + foreign + proto + struct.pack('>BBH', 0, 0, 0) ]
|
||||||
|
# RSN: pre-auth for foreign address 02:03:04:05:06:07
|
||||||
|
tests += [ foreign + foreign + proto + struct.pack('>BBH', 0, 0, 0) ]
|
||||||
|
# RSN: pre-auth for already association STA 02:00:00:00:00:00
|
||||||
|
tests += [ _bssid + _addr + proto + struct.pack('>BBH', 0, 0, 0) ]
|
||||||
|
# New STA
|
||||||
|
tests += [ _bssid + foreign + proto + struct.pack('>BBH', 0, 1, 1) ]
|
||||||
|
# IEEE 802.1X: received EAPOL-Start from STA
|
||||||
|
tests += [ _bssid + foreign + proto + struct.pack('>BBH', 0, 1, 0) ]
|
||||||
|
# frame too short for this IEEE 802.1X packet
|
||||||
|
tests += [ _bssid + foreign + proto + struct.pack('>BBH', 0, 1, 1) ]
|
||||||
|
# EAPOL-Key - Dropped key data from unauthorized Supplicant
|
||||||
|
tests += [ _bssid + foreign + proto + struct.pack('>BBH', 2, 3, 0) ]
|
||||||
|
# EAPOL-Encapsulated-ASF-Alert
|
||||||
|
tests += [ _bssid + foreign + proto + struct.pack('>BBH', 2, 4, 0) ]
|
||||||
|
# unknown IEEE 802.1X packet type
|
||||||
|
tests += [ _bssid + foreign + proto + struct.pack('>BBH', 2, 255, 0) ]
|
||||||
|
for t in tests:
|
||||||
|
sock.send(t)
|
||||||
|
|
||||||
|
def test_rsn_preauth_local_errors(dev, apdev):
|
||||||
|
"""RSN pre-authentication and local errors on AP"""
|
||||||
|
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||||
|
params['rsn_preauth'] = '1'
|
||||||
|
params['rsn_preauth_interfaces'] = "lo"
|
||||||
|
hapd = hostapd.add_ap(apdev[0], params)
|
||||||
|
bssid = hapd.own_addr()
|
||||||
|
_bssid = binascii.unhexlify(bssid.replace(':', ''))
|
||||||
|
|
||||||
|
sock = socket.socket(socket.AF_PACKET, socket.SOCK_RAW,
|
||||||
|
socket.htons(0x88c7))
|
||||||
|
sock.bind(("lo", socket.htons(0x88c7)))
|
||||||
|
|
||||||
|
foreign = "\x02\x03\x04\x05\x06\x07"
|
||||||
|
foreign2 = "\x02\x03\x04\x05\x06\x08"
|
||||||
|
proto = "\x88\xc7"
|
||||||
|
|
||||||
|
with alloc_fail(hapd, 1, "ap_sta_add;rsn_preauth_receive"):
|
||||||
|
sock.send(_bssid + foreign + proto + struct.pack('>BBH', 2, 1, 0))
|
||||||
|
wait_fail_trigger(hapd, "GET_ALLOC_FAIL")
|
||||||
|
|
||||||
|
with alloc_fail(hapd, 1, "eapol_auth_alloc;rsn_preauth_receive"):
|
||||||
|
sock.send(_bssid + foreign + proto + struct.pack('>BBH', 2, 1, 0))
|
||||||
|
wait_fail_trigger(hapd, "GET_ALLOC_FAIL")
|
||||||
|
sock.send(_bssid + foreign + proto + struct.pack('>BBH', 2, 1, 0))
|
||||||
|
|
||||||
|
with alloc_fail(hapd, 1, "eap_server_sm_init;ieee802_1x_new_station;rsn_preauth_receive"):
|
||||||
|
sock.send(_bssid + foreign2 + proto + struct.pack('>BBH', 2, 1, 0))
|
||||||
|
wait_fail_trigger(hapd, "GET_ALLOC_FAIL")
|
||||||
|
sock.send(_bssid + foreign2 + proto + struct.pack('>BBH', 2, 1, 0))
|
||||||
|
|
||||||
|
hapd.request("DISABLE")
|
||||||
|
tests = [ (1, "=rsn_preauth_iface_add"),
|
||||||
|
(2, "=rsn_preauth_iface_add"),
|
||||||
|
(1, "l2_packet_init;rsn_preauth_iface_add"),
|
||||||
|
(1, "rsn_preauth_iface_init"),
|
||||||
|
(1, "rsn_preauth_iface_init") ]
|
||||||
|
for count,func in tests:
|
||||||
|
with alloc_fail(hapd, count, func):
|
||||||
|
if "FAIL" not in hapd.request("ENABLE"):
|
||||||
|
raise Exception("ENABLE succeeded unexpectedly")
|
||||||
|
|
||||||
|
hapd.set("rsn_preauth_interfaces", "lo lo lo does-not-exist lo ")
|
||||||
|
if "FAIL" not in hapd.request("ENABLE"):
|
||||||
|
raise Exception("ENABLE succeeded unexpectedly")
|
||||||
|
hapd.set("rsn_preauth_interfaces", " lo lo ")
|
||||||
|
if "OK" not in hapd.request("ENABLE"):
|
||||||
|
raise Exception("ENABLE failed")
|
||||||
|
sock.send(_bssid + foreign + proto + struct.pack('>BBH', 2, 1, 0))
|
||||||
|
sock.send(_bssid + foreign2 + proto + struct.pack('>BBH', 2, 1, 0))
|
||||||
|
|
Loading…
Reference in a new issue