From 515b176e9cb9cc5ef386c205409fb385d147aa43 Mon Sep 17 00:00:00 2001 From: Michael Braun Date: Fri, 10 Apr 2015 14:49:45 +0200 Subject: [PATCH] tests: Verify RSN preauth with dynamic VLANs This change add two new tests to verify hostapd operation when used with VLANs. Both are based on pmksa_cache_preauth and enable dynamic VLANs, pmksa_cache_preauth_vlan_used additionally uses a station with VID 1. Signed-off-by: Michael Braun --- tests/hwsim/hostapd.wlan3.vlan | 1 + tests/hwsim/hostapd.wlan4.vlan | 1 + tests/hwsim/test_pmksa_cache.py | 136 ++++++++++++++++++++++++++++++++ 3 files changed, 138 insertions(+) create mode 100644 tests/hwsim/hostapd.wlan3.vlan create mode 100644 tests/hwsim/hostapd.wlan4.vlan diff --git a/tests/hwsim/hostapd.wlan3.vlan b/tests/hwsim/hostapd.wlan3.vlan new file mode 100644 index 000000000..3155e2659 --- /dev/null +++ b/tests/hwsim/hostapd.wlan3.vlan @@ -0,0 +1 @@ +1 wlan3.1 diff --git a/tests/hwsim/hostapd.wlan4.vlan b/tests/hwsim/hostapd.wlan4.vlan new file mode 100644 index 000000000..75ac704f3 --- /dev/null +++ b/tests/hwsim/hostapd.wlan4.vlan @@ -0,0 +1 @@ +1 wlan4.1 diff --git a/tests/hwsim/test_pmksa_cache.py b/tests/hwsim/test_pmksa_cache.py index 46bbcb18d..0899c845d 100644 --- a/tests/hwsim/test_pmksa_cache.py +++ b/tests/hwsim/test_pmksa_cache.py @@ -386,6 +386,142 @@ def test_pmksa_cache_preauth(dev, apdev): subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down']) subprocess.call(['brctl', 'delbr', 'ap-br0']) +def test_pmksa_cache_preauth_vlan_enabled(dev, apdev): + """RSN pre-authentication to generate PMKSA cache entry (dynamic_vlan optional but station without VLAN set)""" + try: + params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") + params['bridge'] = 'ap-br0' + params['dynamic_vlan'] = '1' + hostapd.add_ap(apdev[0]['ifname'], params) + subprocess.call(['brctl', 'setfd', 'ap-br0', '0']) + subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up']) + eap_connect(dev[0], apdev[0], "PAX", "pax.user@example.com", + password_hex="0123456789abcdef0123456789abcdef") + + params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") + params['bridge'] = 'ap-br0' + params['rsn_preauth'] = '1' + params['rsn_preauth_interfaces'] = 'ap-br0' + params['dynamic_vlan'] = '1' + hostapd.add_ap(apdev[1]['ifname'], params) + bssid1 = apdev[1]['bssid'] + dev[0].scan(freq="2412") + success = False + status_seen = False + for i in range(0, 50): + if not status_seen: + status = dev[0].request("STATUS") + if "Pre-authentication EAPOL state machines:" in status: + status_seen = True + time.sleep(0.1) + pmksa = dev[0].get_pmksa(bssid1) + if pmksa: + success = True + break + if not success: + raise Exception("No PMKSA cache entry created from pre-authentication") + if not status_seen: + raise Exception("Pre-authentication EAPOL status was not available") + + dev[0].scan(freq="2412") + if "[WPA2-EAP-CCMP-preauth]" not in dev[0].request("SCAN_RESULTS"): + raise Exception("Scan results missing RSN element info") + dev[0].request("ROAM " + bssid1) + ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED", + "CTRL-EVENT-CONNECTED"], timeout=10) + if ev is None: + raise Exception("Roaming with the AP timed out") + if "CTRL-EVENT-EAP-STARTED" in ev: + raise Exception("Unexpected EAP exchange") + pmksa2 = dev[0].get_pmksa(bssid1) + if pmksa2 is None: + raise Exception("No PMKSA cache entry") + if pmksa['pmkid'] != pmksa2['pmkid']: + raise Exception("Unexpected PMKID change") + + finally: + subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down']) + subprocess.call(['brctl', 'delbr', 'ap-br0']) + +def test_pmksa_cache_preauth_vlan_used(dev, apdev): + """RSN pre-authentication to generate PMKSA cache entry (station with VLAN set)""" + try: + subprocess.call(['brctl', 'addbr', 'brvlan1']) + subprocess.call(['brctl', 'setfd', 'brvlan1', '0']) + params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") + params['bridge'] = 'ap-br0' + params['dynamic_vlan'] = '1' + params['vlan_file'] = 'hostapd.wlan3.vlan' + hapd = hostapd.add_ap(apdev[0]['ifname'], params) + subprocess.call(['brctl', 'setfd', 'ap-br0', '0']) + subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up']) + eap_connect(dev[0], apdev[0], "PAX", "vlan1", + password_hex="0123456789abcdef0123456789abcdef") + + params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") + params['bridge'] = 'ap-br0' + params['rsn_preauth'] = '1' + params['rsn_preauth_interfaces'] = 'brvlan1' + params['dynamic_vlan'] = '1' + params['vlan_file'] = 'hostapd.wlan4.vlan' + hostapd.add_ap(apdev[1]['ifname'], params) + bssid1 = apdev[1]['bssid'] + dev[0].scan(freq="2412") + success = False + status_seen = False + for i in range(0, 50): + if not status_seen: + status = dev[0].request("STATUS") + if "Pre-authentication EAPOL state machines:" in status: + status_seen = True + time.sleep(0.1) + pmksa = dev[0].get_pmksa(bssid1) + if pmksa: + success = True + break + if not success: + raise Exception("No PMKSA cache entry created from pre-authentication") + if not status_seen: + raise Exception("Pre-authentication EAPOL status was not available") + + dev[0].scan(freq="2412") + if "[WPA2-EAP-CCMP-preauth]" not in dev[0].request("SCAN_RESULTS"): + raise Exception("Scan results missing RSN element info") + dev[0].request("ROAM " + bssid1) + ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED", + "CTRL-EVENT-CONNECTED"], timeout=10) + if ev is None: + raise Exception("Roaming with the AP timed out") + if "CTRL-EVENT-EAP-STARTED" in ev: + raise Exception("Unexpected EAP exchange") + pmksa2 = dev[0].get_pmksa(bssid1) + if pmksa2 is None: + raise Exception("No PMKSA cache entry") + if pmksa['pmkid'] != pmksa2['pmkid']: + raise Exception("Unexpected PMKID change") + + # Disconnect the STA from both APs to avoid forceful ifdown by the + # test script on a VLAN that this has an associated STA. That used to + # trigger a mac80211 warning. + dev[0].request("DISCONNECT") + hapd.request("DISABLE") + + finally: + subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'], + stderr=open('/dev/null', 'w')) + subprocess.call(['ip', 'link', 'set', 'dev', 'brvlan1', 'down']) + subprocess.call(['ip', 'link', 'set', 'dev', 'wlan3.1', 'down'], + stderr=open('/dev/null', 'w')) + subprocess.call(['ip', 'link', 'set', 'dev', 'wlan4.1', 'down'], + stderr=open('/dev/null', 'w')) + subprocess.call(['brctl', 'delif', 'brvlan1', 'wlan3.1'], + stderr=open('/dev/null', 'w')) + subprocess.call(['brctl', 'delif', 'brvlan1', 'wlan4.1'], + stderr=open('/dev/null', 'w')) + subprocess.call(['brctl', 'delbr', 'ap-br0'], + stderr=open('/dev/null', 'w')) + subprocess.call(['brctl', 'delbr', 'brvlan1']) + def test_pmksa_cache_disabled(dev, apdev): """PMKSA cache disabling on AP""" params = hostapd.wpa2_eap_params(ssid="test-pmksa-cache")