tests: MACsec with EAP-PSK

This verifies use of a shorter than 65 octet EAP Session-Id.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This commit is contained in:
Jouni Malinen 2023-02-10 12:41:03 +02:00 committed by Jouni Malinen
parent 72b8193f41
commit 2d3afc273d

View file

@ -151,7 +151,8 @@ def set_mka_psk_config(dev, mka_priority=None, integ_only=False, port=None,
dev.select_network(id) dev.select_network(id)
def set_mka_eap_config(dev, mka_priority=None, integ_only=False, port=None): def set_mka_eap_config(dev, mka_priority=None, integ_only=False, port=None,
eap_psk=False):
dev.set("eapol_version", "3") dev.set("eapol_version", "3")
dev.set("ap_scan", "0") dev.set("ap_scan", "0")
dev.set("fast_reauth", "1") dev.set("fast_reauth", "1")
@ -168,6 +169,11 @@ def set_mka_eap_config(dev, mka_priority=None, integ_only=False, port=None):
dev.set_network(id, "macsec_port", str(port)) dev.set_network(id, "macsec_port", str(port))
dev.set_network(id, "key_mgmt", "IEEE8021X") dev.set_network(id, "key_mgmt", "IEEE8021X")
if eap_psk:
dev.set_network(id, "eap", "PSK")
dev.set_network_quoted(id, "identity", "psk.user@example.com")
dev.set_network(id, "password", "0123456789abcdef0123456789abcdef")
else:
dev.set_network(id, "eap", "TTLS") dev.set_network(id, "eap", "TTLS")
dev.set_network_quoted(id, "ca_cert", "auth_serv/ca.pem") dev.set_network_quoted(id, "ca_cert", "auth_serv/ca.pem")
dev.set_network_quoted(id, "phase2", "auth=MSCHAPV2") dev.set_network_quoted(id, "phase2", "auth=MSCHAPV2")
@ -824,8 +830,17 @@ def test_macsec_hostapd_eap(dev, apdev, params):
finally: finally:
cleanup_macsec_hostapd() cleanup_macsec_hostapd()
def test_macsec_hostapd_eap_psk(dev, apdev, params):
"""MACsec EAP-PSK with hostapd"""
try:
run_macsec_hostapd_eap(dev, apdev, params, "macsec_hostapd_eap_psk",
eap_psk=True)
finally:
cleanup_macsec_hostapd()
def run_macsec_hostapd_eap(dev, apdev, params, prefix, integ_only=False, def run_macsec_hostapd_eap(dev, apdev, params, prefix, integ_only=False,
port0=None, port1=None, expect_failure=False): port0=None, port1=None, expect_failure=False,
eap_psk=False):
add_veth() add_veth()
cap_veth0 = os.path.join(params['logdir'], prefix + ".veth0.pcap") cap_veth0 = os.path.join(params['logdir'], prefix + ".veth0.pcap")
@ -844,7 +859,7 @@ def run_macsec_hostapd_eap(dev, apdev, params, prefix, integ_only=False,
wpas0 = wpa[0] wpas0 = wpa[0]
set_mka_eap_config(wpas0, integ_only=integ_only, port=port0, set_mka_eap_config(wpas0, integ_only=integ_only, port=port0,
mka_priority=100) mka_priority=100, eap_psk=eap_psk)
params = {"driver": "macsec_linux", params = {"driver": "macsec_linux",
"interface": "veth1", "interface": "veth1",