tests: Start ERP authentication server without AP

There is no actual need for running the authentication server with
driver=nl80211, so simplify this by using driver=none instead. This
frees up apdev[1] for actual AP needs in the test cases.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2019-05-06 23:36:30 +03:00 committed by Jouni Malinen
parent 8528ad0c60
commit e374def207
3 changed files with 36 additions and 39 deletions

View file

@ -501,7 +501,7 @@ class Hostapd:
self.request("NOTE " + txt) self.request("NOTE " + txt)
def add_ap(apdev, params, wait_enabled=True, no_enable=False, timeout=30, def add_ap(apdev, params, wait_enabled=True, no_enable=False, timeout=30,
global_ctrl_override=None): global_ctrl_override=None, driver=False):
if isinstance(apdev, dict): if isinstance(apdev, dict):
ifname = apdev['ifname'] ifname = apdev['ifname']
try: try:
@ -520,7 +520,7 @@ def add_ap(apdev, params, wait_enabled=True, no_enable=False, timeout=30,
hapd_global = HostapdGlobal(apdev, hapd_global = HostapdGlobal(apdev,
global_ctrl_override=global_ctrl_override) global_ctrl_override=global_ctrl_override)
hapd_global.remove(ifname) hapd_global.remove(ifname)
hapd_global.add(ifname) hapd_global.add(ifname, driver=driver)
port = hapd_global.get_ctrl_iface_port(ifname) port = hapd_global.get_ctrl_iface_port(ifname)
hapd = Hostapd(ifname, hostname=hostname, port=port) hapd = Hostapd(ifname, hostname=hostname, port=port)
if not hapd.ping(): if not hapd.ping():

View file

@ -107,9 +107,10 @@ def test_erp_server_no_match(dev, apdev):
raise Exception("Unexpected use of ERP") raise Exception("Unexpected use of ERP")
dev[0].wait_connected(timeout=15, error="Reconnection timed out") dev[0].wait_connected(timeout=15, error="Reconnection timed out")
def start_erp_as(apdev, erp_domain="example.com", msk_dump=None, tls13=False, def start_erp_as(erp_domain="example.com", msk_dump=None, tls13=False,
eap_user_file="auth_serv/eap_user.conf"): eap_user_file="auth_serv/eap_user.conf"):
params = {"ssid": "as", "beacon_int": "2000", params = {"driver": "none",
"interface": "as-erp",
"radius_server_clients": "auth_serv/radius_clients.conf", "radius_server_clients": "auth_serv/radius_clients.conf",
"radius_server_auth_port": '18128', "radius_server_auth_port": '18128',
"eap_server": "1", "eap_server": "1",
@ -128,12 +129,13 @@ def start_erp_as(apdev, erp_domain="example.com", msk_dump=None, tls13=False,
params["dump_msk_file"] = msk_dump params["dump_msk_file"] = msk_dump
if tls13: if tls13:
params["tls_flags"] = "[ENABLE-TLSv1.3]" params["tls_flags"] = "[ENABLE-TLSv1.3]"
return hostapd.add_ap(apdev, params) apdev = {'ifname': 'as-erp'}
return hostapd.add_ap(apdev, params, driver="none")
def test_erp_radius(dev, apdev): def test_erp_radius(dev, apdev):
"""ERP enabled on RADIUS server and peer""" """ERP enabled on RADIUS server and peer"""
check_erp_capa(dev[0]) check_erp_capa(dev[0])
start_erp_as(apdev[1]) start_erp_as()
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
params['auth_server_port'] = "18128" params['auth_server_port'] = "18128"
params['erp_send_reauth_start'] = '1' params['erp_send_reauth_start'] = '1'
@ -164,7 +166,7 @@ def test_erp_radius_no_wildcard_user(dev, apdev, params):
'erp_radius_no_wildcard_user.eap_users') 'erp_radius_no_wildcard_user.eap_users')
with open(user_file, 'w') as f: with open(user_file, 'w') as f:
f.write('"user@example.com" PSK 0123456789abcdef0123456789abcdef\n') f.write('"user@example.com" PSK 0123456789abcdef0123456789abcdef\n')
start_erp_as(apdev[1], eap_user_file=user_file) start_erp_as(eap_user_file=user_file)
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
params['auth_server_port'] = "18128" params['auth_server_port'] = "18128"
params['erp_send_reauth_start'] = '1' params['erp_send_reauth_start'] = '1'
@ -256,7 +258,7 @@ def test_erp_radius_eap_methods(dev, apdev):
"""ERP enabled on RADIUS server and peer""" """ERP enabled on RADIUS server and peer"""
check_erp_capa(dev[0]) check_erp_capa(dev[0])
eap_methods = dev[0].get_capability("eap") eap_methods = dev[0].get_capability("eap")
start_erp_as(apdev[1]) start_erp_as()
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
params['auth_server_port'] = "18128" params['auth_server_port'] = "18128"
params['erp_send_reauth_start'] = '1' params['erp_send_reauth_start'] = '1'
@ -309,7 +311,7 @@ def test_erp_radius_eap_tls_v13(dev, apdev):
raise HwsimSkip("No TLS v1.3 support in TLS library") raise HwsimSkip("No TLS v1.3 support in TLS library")
eap_methods = dev[0].get_capability("eap") eap_methods = dev[0].get_capability("eap")
start_erp_as(apdev[1], tls13=True) start_erp_as(tls13=True)
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
params['auth_server_port'] = "18128" params['auth_server_port'] = "18128"
params['erp_send_reauth_start'] = '1' params['erp_send_reauth_start'] = '1'

View file

@ -36,7 +36,7 @@ def test_fils_sk_full_auth(dev, apdev, params):
check_fils_capa(dev[0]) check_fils_capa(dev[0])
check_erp_capa(dev[0]) check_erp_capa(dev[0])
start_erp_as(apdev[1], msk_dump=os.path.join(params['logdir'], "msk.lst")) start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
bssid = apdev[0]['bssid'] bssid = apdev[0]['bssid']
params = hostapd.wpa2_eap_params(ssid="fils") params = hostapd.wpa2_eap_params(ssid="fils")
@ -84,7 +84,7 @@ def test_fils_sk_sha384_full_auth(dev, apdev, params):
check_fils_capa(dev[0]) check_fils_capa(dev[0])
check_erp_capa(dev[0]) check_erp_capa(dev[0])
start_erp_as(apdev[1], msk_dump=os.path.join(params['logdir'], "msk.lst")) start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
bssid = apdev[0]['bssid'] bssid = apdev[0]['bssid']
params = hostapd.wpa2_eap_params(ssid="fils") params = hostapd.wpa2_eap_params(ssid="fils")
@ -132,7 +132,7 @@ def test_fils_sk_pmksa_caching(dev, apdev, params):
check_fils_capa(dev[0]) check_fils_capa(dev[0])
check_erp_capa(dev[0]) check_erp_capa(dev[0])
start_erp_as(apdev[1], msk_dump=os.path.join(params['logdir'], "msk.lst")) start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
bssid = apdev[0]['bssid'] bssid = apdev[0]['bssid']
params = hostapd.wpa2_eap_params(ssid="fils") params = hostapd.wpa2_eap_params(ssid="fils")
@ -186,7 +186,7 @@ def test_fils_sk_pmksa_caching_ocv(dev, apdev, params):
check_fils_capa(dev[0]) check_fils_capa(dev[0])
check_erp_capa(dev[0]) check_erp_capa(dev[0])
start_erp_as(apdev[1], msk_dump=os.path.join(params['logdir'], "msk.lst")) start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
bssid = apdev[0]['bssid'] bssid = apdev[0]['bssid']
params = hostapd.wpa2_eap_params(ssid="fils") params = hostapd.wpa2_eap_params(ssid="fils")
@ -326,8 +326,7 @@ def test_fils_sk_pmksa_caching_ctrl_ext(dev, apdev, params):
check_fils_capa(dev[0]) check_fils_capa(dev[0])
check_erp_capa(dev[0]) check_erp_capa(dev[0])
hapd_as = start_erp_as(apdev[1], hapd_as = start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
msk_dump=os.path.join(params['logdir'], "msk.lst"))
bssid = apdev[0]['bssid'] bssid = apdev[0]['bssid']
params = hostapd.wpa2_eap_params(ssid="fils") params = hostapd.wpa2_eap_params(ssid="fils")
@ -395,8 +394,7 @@ def run_fils_sk_erp(dev, apdev, key_mgmt, params):
check_fils_capa(dev[0]) check_fils_capa(dev[0])
check_erp_capa(dev[0]) check_erp_capa(dev[0])
start_erp_as(apdev[1], start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
msk_dump=os.path.join(params['logdir'], "msk.lst"))
bssid = apdev[0]['bssid'] bssid = apdev[0]['bssid']
params = hostapd.wpa2_eap_params(ssid="fils") params = hostapd.wpa2_eap_params(ssid="fils")
@ -435,7 +433,7 @@ def test_fils_sk_erp_followed_by_pmksa_caching(dev, apdev, params):
check_fils_capa(dev[0]) check_fils_capa(dev[0])
check_erp_capa(dev[0]) check_erp_capa(dev[0])
start_erp_as(apdev[1], msk_dump=os.path.join(params['logdir'], "msk.lst")) start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
bssid = apdev[0]['bssid'] bssid = apdev[0]['bssid']
params = hostapd.wpa2_eap_params(ssid="fils") params = hostapd.wpa2_eap_params(ssid="fils")
@ -504,7 +502,7 @@ def test_fils_sk_erp_another_ssid(dev, apdev, params):
check_fils_capa(dev[0]) check_fils_capa(dev[0])
check_erp_capa(dev[0]) check_erp_capa(dev[0])
start_erp_as(apdev[1], msk_dump=os.path.join(params['logdir'], "msk.lst")) start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
bssid = apdev[0]['bssid'] bssid = apdev[0]['bssid']
params = hostapd.wpa2_eap_params(ssid="fils") params = hostapd.wpa2_eap_params(ssid="fils")
@ -560,7 +558,7 @@ def test_fils_sk_multiple_realms(dev, apdev, params):
check_fils_capa(dev[0]) check_fils_capa(dev[0])
check_erp_capa(dev[0]) check_erp_capa(dev[0])
start_erp_as(apdev[1], msk_dump=os.path.join(params['logdir'], "msk.lst")) start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
bssid = apdev[0]['bssid'] bssid = apdev[0]['bssid']
params = hostapd.wpa2_eap_params(ssid="fils") params = hostapd.wpa2_eap_params(ssid="fils")
@ -746,7 +744,7 @@ def run_fils_sk_hlp(dev, apdev, rapid_commit_server, params):
check_fils_capa(dev[0]) check_fils_capa(dev[0])
check_erp_capa(dev[0]) check_erp_capa(dev[0])
start_erp_as(apdev[1], msk_dump=os.path.join(params['logdir'], "msk.lst")) start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP) sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
@ -851,7 +849,7 @@ def test_fils_sk_hlp_timeout(dev, apdev, params):
check_fils_capa(dev[0]) check_fils_capa(dev[0])
check_erp_capa(dev[0]) check_erp_capa(dev[0])
start_erp_as(apdev[1], msk_dump=os.path.join(params['logdir'], "msk.lst")) start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP) sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
@ -894,7 +892,7 @@ def test_fils_sk_hlp_oom(dev, apdev, params):
check_fils_capa(dev[0]) check_fils_capa(dev[0])
check_erp_capa(dev[0]) check_erp_capa(dev[0])
start_erp_as(apdev[1], msk_dump=os.path.join(params['logdir'], "msk.lst")) start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP) sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
@ -986,7 +984,7 @@ def test_fils_sk_hlp_req_parsing(dev, apdev, params):
check_fils_capa(dev[0]) check_fils_capa(dev[0])
check_erp_capa(dev[0]) check_erp_capa(dev[0])
start_erp_as(apdev[1], msk_dump=os.path.join(params['logdir'], "msk.lst")) start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
bssid = apdev[0]['bssid'] bssid = apdev[0]['bssid']
params = fils_hlp_config(fils_hlp_wait_time=30) params = fils_hlp_config(fils_hlp_wait_time=30)
@ -1155,7 +1153,7 @@ def test_fils_sk_hlp_dhcp_parsing(dev, apdev, params):
check_fils_capa(dev[0]) check_fils_capa(dev[0])
check_erp_capa(dev[0]) check_erp_capa(dev[0])
start_erp_as(apdev[1], msk_dump=os.path.join(params['logdir'], "msk.lst")) start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP) sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
@ -1317,7 +1315,7 @@ def test_fils_sk_erp_and_reauth(dev, apdev, params):
check_fils_capa(dev[0]) check_fils_capa(dev[0])
check_erp_capa(dev[0]) check_erp_capa(dev[0])
start_erp_as(apdev[1], msk_dump=os.path.join(params['logdir'], "msk.lst")) start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
bssid = apdev[0]['bssid'] bssid = apdev[0]['bssid']
params = hostapd.wpa2_eap_params(ssid="fils") params = hostapd.wpa2_eap_params(ssid="fils")
@ -1357,7 +1355,7 @@ def test_fils_sk_erp_sim(dev, apdev, params):
check_erp_capa(dev[0]) check_erp_capa(dev[0])
realm = 'wlan.mnc001.mcc232.3gppnetwork.org' realm = 'wlan.mnc001.mcc232.3gppnetwork.org'
start_erp_as(apdev[1], erp_domain=realm, start_erp_as(erp_domain=realm,
msk_dump=os.path.join(params['logdir'], "msk.lst")) msk_dump=os.path.join(params['logdir'], "msk.lst"))
bssid = apdev[0]['bssid'] bssid = apdev[0]['bssid']
@ -1438,7 +1436,7 @@ def run_fils_sk_pfs(dev, apdev, group, params):
if not (tls.startswith("OpenSSL") and ("build=OpenSSL 1.0.2" in tls or "build=OpenSSL 1.1" in tls) and ("run=OpenSSL 1.0.2" in tls or "run=OpenSSL 1.1" in tls)): if not (tls.startswith("OpenSSL") and ("build=OpenSSL 1.0.2" in tls or "build=OpenSSL 1.1" in tls) and ("run=OpenSSL 1.0.2" in tls or "run=OpenSSL 1.1" in tls)):
raise HwsimSkip("Brainpool EC group not supported") raise HwsimSkip("Brainpool EC group not supported")
start_erp_as(apdev[1], msk_dump=os.path.join(params['logdir'], "msk.lst")) start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
bssid = apdev[0]['bssid'] bssid = apdev[0]['bssid']
params = hostapd.wpa2_eap_params(ssid="fils") params = hostapd.wpa2_eap_params(ssid="fils")
@ -1478,7 +1476,7 @@ def test_fils_sk_pfs_group_mismatch(dev, apdev, params):
check_fils_sk_pfs_capa(dev[0]) check_fils_sk_pfs_capa(dev[0])
check_erp_capa(dev[0]) check_erp_capa(dev[0])
start_erp_as(apdev[1], msk_dump=os.path.join(params['logdir'], "msk.lst")) start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
bssid = apdev[0]['bssid'] bssid = apdev[0]['bssid']
params = hostapd.wpa2_eap_params(ssid="fils") params = hostapd.wpa2_eap_params(ssid="fils")
@ -1514,7 +1512,7 @@ def test_fils_sk_pfs_pmksa_caching(dev, apdev, params):
check_fils_sk_pfs_capa(dev[0]) check_fils_sk_pfs_capa(dev[0])
check_erp_capa(dev[0]) check_erp_capa(dev[0])
start_erp_as(apdev[1], msk_dump=os.path.join(params['logdir'], "msk.lst")) start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
bssid = apdev[0]['bssid'] bssid = apdev[0]['bssid']
params = hostapd.wpa2_eap_params(ssid="fils") params = hostapd.wpa2_eap_params(ssid="fils")
@ -1621,7 +1619,7 @@ def test_fils_sk_auth_mismatch(dev, apdev, params):
check_fils_sk_pfs_capa(dev[0]) check_fils_sk_pfs_capa(dev[0])
check_erp_capa(dev[0]) check_erp_capa(dev[0])
start_erp_as(apdev[1], msk_dump=os.path.join(params['logdir'], "msk.lst")) start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
bssid = apdev[0]['bssid'] bssid = apdev[0]['bssid']
params = hostapd.wpa2_eap_params(ssid="fils") params = hostapd.wpa2_eap_params(ssid="fils")
@ -1659,7 +1657,7 @@ def setup_fils_rekey(dev, apdev, params, wpa_ptk_rekey=0, wpa_group_rekey=0,
check_fils_capa(dev[0]) check_fils_capa(dev[0])
check_erp_capa(dev[0]) check_erp_capa(dev[0])
start_erp_as(apdev[1], msk_dump=os.path.join(params['logdir'], "msk.lst")) start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
bssid = apdev[0]['bssid'] bssid = apdev[0]['bssid']
params = hostapd.wpa2_eap_params(ssid="fils") params = hostapd.wpa2_eap_params(ssid="fils")
@ -1743,8 +1741,7 @@ def test_fils_and_ft(dev, apdev, params):
check_fils_capa(dev[0]) check_fils_capa(dev[0])
check_erp_capa(dev[0]) check_erp_capa(dev[0])
er = start_erp_as(apdev[1], er = start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
msk_dump=os.path.join(params['logdir'], "msk.lst"))
bssid = apdev[0]['bssid'] bssid = apdev[0]['bssid']
params = hostapd.wpa2_eap_params(ssid="fils") params = hostapd.wpa2_eap_params(ssid="fils")
@ -1887,8 +1884,7 @@ def run_fils_and_ft_setup(dev, apdev, params, key_mgmt):
check_fils_capa(dev[0]) check_fils_capa(dev[0])
check_erp_capa(dev[0]) check_erp_capa(dev[0])
er = start_erp_as(apdev[1], er = start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
msk_dump=os.path.join(params['logdir'], "msk.lst"))
logger.info("Set up ERP key hierarchy without FILS/FT authentication") logger.info("Set up ERP key hierarchy without FILS/FT authentication")
bssid = apdev[0]['bssid'] bssid = apdev[0]['bssid']
@ -1974,7 +1970,7 @@ def test_fils_assoc_replay(dev, apdev, params):
check_fils_capa(dev[0]) check_fils_capa(dev[0])
check_erp_capa(dev[0]) check_erp_capa(dev[0])
start_erp_as(apdev[1]) start_erp_as()
bssid = apdev[0]['bssid'] bssid = apdev[0]['bssid']
params = hostapd.wpa2_eap_params(ssid="fils") params = hostapd.wpa2_eap_params(ssid="fils")
@ -2063,8 +2059,7 @@ def test_fils_sk_erp_server_flush(dev, apdev, params):
check_fils_capa(dev[0]) check_fils_capa(dev[0])
check_erp_capa(dev[0]) check_erp_capa(dev[0])
hapd_as = start_erp_as(apdev[1], msk_dump=os.path.join(params['logdir'], hapd_as = start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
"msk.lst"))
bssid = apdev[0]['bssid'] bssid = apdev[0]['bssid']
params = hostapd.wpa2_eap_params(ssid="fils") params = hostapd.wpa2_eap_params(ssid="fils")