From patchwork Fri Apr 10 12:49:45 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: michael-dev X-Patchwork-Id: 460082 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from maxx.maxx.shmoo.com (maxx.shmoo.com [205.134.188.171]) by ozlabs.org (Postfix) with ESMTP id 7F3E814016A for ; Fri, 10 Apr 2015 22:50:50 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id 379FA17C22E; Fri, 10 Apr 2015 08:50:47 -0400 (EDT) X-Virus-Scanned: amavisd-new at maxx.shmoo.com Received: from maxx.maxx.shmoo.com ([127.0.0.1]) by localhost (maxx.shmoo.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M7imLFsZmjRD; Fri, 10 Apr 2015 08:50:46 -0400 (EDT) Received: from maxx.shmoo.com (localhost [127.0.0.1]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id 63C5217C22F; Fri, 10 Apr 2015 08:50:19 -0400 (EDT) X-Original-To: mailman-post+hostap@maxx.shmoo.com Delivered-To: mailman-post+hostap@maxx.shmoo.com Received: from localhost (localhost [127.0.0.1]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id 302F317C22E for ; Fri, 10 Apr 2015 08:50:15 -0400 (EDT) X-Virus-Scanned: amavisd-new at maxx.shmoo.com Received: from maxx.maxx.shmoo.com ([127.0.0.1]) by localhost (maxx.shmoo.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z1tisBvP4bAE for ; Fri, 10 Apr 2015 08:50:10 -0400 (EDT) Received: from mail.fem.tu-ilmenau.de (mail.fem.tu-ilmenau.de [141.24.220.54]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id BBFDE9D3AC for ; Fri, 10 Apr 2015 08:50:07 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by mail.fem.tu-ilmenau.de (Postfix) with ESMTP id 646CC6652; Fri, 10 Apr 2015 14:50:07 +0200 (CEST) X-Virus-Scanned: amavisd-new at fem.tu-ilmenau.de Received: from mail.fem.tu-ilmenau.de ([127.0.0.1]) by localhost (mail.fem.tu-ilmenau.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OtUVwz05bQxi; Fri, 10 Apr 2015 14:50:06 +0200 (CEST) Received: from a234.fem.tu-ilmenau.de (ray-controller.net.fem.tu-ilmenau.de [10.42.51.234]) by mail.fem.tu-ilmenau.de (Postfix) with ESMTP; Fri, 10 Apr 2015 14:50:06 +0200 (CEST) Received: by a234.fem.tu-ilmenau.de (Postfix, from userid 1000) id 9A0BC308F833; Fri, 10 Apr 2015 14:50:03 +0200 (CEST) From: Michael Braun To: hostap@lists.shmoo.com Subject: [PATCH 1/6] test: verify RSN preauth with dynamic vlans Date: Fri, 10 Apr 2015 14:49:45 +0200 Message-Id: <1428670190-22671-2-git-send-email-michael-dev@fami-braun.de> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1428670190-22671-1-git-send-email-michael-dev@fami-braun.de> References: <1428670190-22671-1-git-send-email-michael-dev@fami-braun.de> X-BeenThere: hostap@lists.shmoo.com X-Mailman-Version: 2.1.11 Precedence: list List-Id: HostAP Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: hostap-bounces@lists.shmoo.com Errors-To: hostap-bounces@lists.shmoo.com This change add two new tests to verify hostapd operation when used with VLANs. Both are based on test_pmksa_cache_preauth and enable dynamic vlans, test_pmksa_cache_preauth_vlan_used additionally uses a station with VID 1. Signed-off-by: Michael Braun --- tests/hwsim/hostapd.wlan3.vlan | 1 + tests/hwsim/hostapd.wlan4.vlan | 1 + tests/hwsim/test_pmksa_cache.py | 126 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 128 insertions(+) create mode 100644 tests/hwsim/hostapd.wlan3.vlan create mode 100644 tests/hwsim/hostapd.wlan4.vlan diff --git a/tests/hwsim/hostapd.wlan3.vlan b/tests/hwsim/hostapd.wlan3.vlan new file mode 100644 index 0000000..3155e26 --- /dev/null +++ b/tests/hwsim/hostapd.wlan3.vlan @@ -0,0 +1 @@ +1 wlan3.1 diff --git a/tests/hwsim/hostapd.wlan4.vlan b/tests/hwsim/hostapd.wlan4.vlan new file mode 100644 index 0000000..75ac704 --- /dev/null +++ b/tests/hwsim/hostapd.wlan4.vlan @@ -0,0 +1 @@ +1 wlan4.1 diff --git a/tests/hwsim/test_pmksa_cache.py b/tests/hwsim/test_pmksa_cache.py index 46bbcb1..cacb3b6 100644 --- a/tests/hwsim/test_pmksa_cache.py +++ b/tests/hwsim/test_pmksa_cache.py @@ -386,6 +386,132 @@ def test_pmksa_cache_preauth(dev, apdev): subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down']) subprocess.call(['brctl', 'delbr', 'ap-br0']) +def test_pmksa_cache_preauth_vlan_enabled(dev, apdev): + """RSN pre-authentication to generate PMKSA cache entry""" + """Variant: dynamiv_vlan optional but station without VLAN set""" + try: + params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") + params['bridge'] = 'ap-br0' + params['dynamic_vlan'] = '1' + hostapd.add_ap(apdev[0]['ifname'], params) + subprocess.call(['brctl', 'setfd', 'ap-br0', '0']) + subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up']) + eap_connect(dev[0], apdev[0], "PAX", "pax.user@example.com", + password_hex="0123456789abcdef0123456789abcdef") + + params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") + params['bridge'] = 'ap-br0' + params['rsn_preauth'] = '1' + params['rsn_preauth_interfaces'] = 'ap-br0' + params['dynamic_vlan'] = '1' + hostapd.add_ap(apdev[1]['ifname'], params) + bssid1 = apdev[1]['bssid'] + dev[0].scan(freq="2412") + success = False + status_seen = False + for i in range(0, 50): + if not status_seen: + status = dev[0].request("STATUS") + if "Pre-authentication EAPOL state machines:" in status: + status_seen = True + time.sleep(0.1) + pmksa = dev[0].get_pmksa(bssid1) + if pmksa: + success = True + break + if not success: + raise Exception("No PMKSA cache entry created from pre-authentication") + if not status_seen: + raise Exception("Pre-authentication EAPOL status was not available") + + dev[0].scan(freq="2412") + if "[WPA2-EAP-CCMP-preauth]" not in dev[0].request("SCAN_RESULTS"): + raise Exception("Scan results missing RSN element info") + dev[0].request("ROAM " + bssid1) + ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED", + "CTRL-EVENT-CONNECTED"], timeout=10) + if ev is None: + raise Exception("Roaming with the AP timed out") + if "CTRL-EVENT-EAP-STARTED" in ev: + raise Exception("Unexpected EAP exchange") + pmksa2 = dev[0].get_pmksa(bssid1) + if pmksa2 is None: + raise Exception("No PMKSA cache entry") + if pmksa['pmkid'] != pmksa2['pmkid']: + raise Exception("Unexpected PMKID change") + + finally: + subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down']) + subprocess.call(['brctl', 'delbr', 'ap-br0']) + +def test_pmksa_cache_preauth_vlan_used(dev, apdev): + """RSN pre-authentication to generate PMKSA cache entry""" + """Variant: station with VLAN set""" + try: + subprocess.call(['brctl', 'addbr', 'brvlan1']) + subprocess.call(['brctl', 'setfd', 'brvlan1', '0']) + params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") + params['bridge'] = 'ap-br0' + params['dynamic_vlan'] = '1' + params['vlan_file'] = 'hostapd.wlan3.vlan' + hostapd.add_ap(apdev[0]['ifname'], params) + subprocess.call(['brctl', 'setfd', 'ap-br0', '0']) + subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up']) + eap_connect(dev[0], apdev[0], "PAX", "vlan1", + password_hex="0123456789abcdef0123456789abcdef") + + params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") + params['bridge'] = 'ap-br0' + params['rsn_preauth'] = '1' + params['rsn_preauth_interfaces'] = 'brvlan1' + params['dynamic_vlan'] = '1' + params['vlan_file'] = 'hostapd.wlan4.vlan' + hostapd.add_ap(apdev[1]['ifname'], params) + bssid1 = apdev[1]['bssid'] + dev[0].scan(freq="2412") + success = False + status_seen = False + for i in range(0, 50): + if not status_seen: + status = dev[0].request("STATUS") + if "Pre-authentication EAPOL state machines:" in status: + status_seen = True + time.sleep(0.1) + pmksa = dev[0].get_pmksa(bssid1) + if pmksa: + success = True + break + if not success: + raise Exception("No PMKSA cache entry created from pre-authentication") + if not status_seen: + raise Exception("Pre-authentication EAPOL status was not available") + + dev[0].scan(freq="2412") + if "[WPA2-EAP-CCMP-preauth]" not in dev[0].request("SCAN_RESULTS"): + raise Exception("Scan results missing RSN element info") + dev[0].request("ROAM " + bssid1) + ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED", + "CTRL-EVENT-CONNECTED"], timeout=10) + if ev is None: + raise Exception("Roaming with the AP timed out") + if "CTRL-EVENT-EAP-STARTED" in ev: + raise Exception("Unexpected EAP exchange") + pmksa2 = dev[0].get_pmksa(bssid1) + if pmksa2 is None: + raise Exception("No PMKSA cache entry") + if pmksa['pmkid'] != pmksa2['pmkid']: + raise Exception("Unexpected PMKID change") + + finally: + subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down']) + subprocess.call(['ip', 'link', 'set', 'dev', 'brvlan1', 'down']) + subprocess.call(['ip', 'link', 'set', 'dev', 'wlan3.1', 'down']) + subprocess.call(['ip', 'link', 'set', 'dev', 'wlan4.1', 'down']) + subprocess.call(['brctl', 'delif', 'brvlan1', 'wlan3.1']) + subprocess.call(['brctl', 'delif', 'brvlan1', 'wlan4.1']) + subprocess.call(['brctl', 'delbr', 'ap-br0']) + subprocess.call(['brctl', 'delbr', 'brvlan1']) + def test_pmksa_cache_disabled(dev, apdev): """PMKSA cache disabling on AP""" params = hostapd.wpa2_eap_params(ssid="test-pmksa-cache")