tests: Make WPA2-Enterprise reauth test cases more robust

With the extra latencies removed from run-tests.py operations, it was
possible to hit race conditions in pairwise cipher configuration at the
end of the 4-way handshake. In some cases, the EAPOL-Start frame from
the station was not received by the AP and that could result in these
test cases failing. Since there are not really trying to test the race
condition, wait for the AP side to complete key configuration prior to
initiating the reauthentication sequence.

Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2014-01-05 16:35:05 +02:00
parent 0c35b91c5f
commit cb33ee143b

View File

@ -15,10 +15,12 @@ import os.path
import hwsim_utils import hwsim_utils
import hostapd import hostapd
def eap_connect(dev, method, identity, anonymous_identity=None, password=None, def eap_connect(dev, ap, method, identity, anonymous_identity=None,
password=None,
phase1=None, phase2=None, ca_cert=None, phase1=None, phase2=None, ca_cert=None,
domain_suffix_match=None, password_hex=None, domain_suffix_match=None, password_hex=None,
client_cert=None, private_key=None, sha256=False): client_cert=None, private_key=None, sha256=False):
hapd = hostapd.Hostapd(ap['ifname'])
id = dev.connect("test-wpa2-eap", key_mgmt="WPA-EAP WPA-EAP-SHA256", id = dev.connect("test-wpa2-eap", key_mgmt="WPA-EAP WPA-EAP-SHA256",
eap=method, identity=identity, eap=method, identity=identity,
anonymous_identity=anonymous_identity, anonymous_identity=anonymous_identity,
@ -29,6 +31,9 @@ def eap_connect(dev, method, identity, anonymous_identity=None, password=None,
client_cert=client_cert, private_key=private_key, client_cert=client_cert, private_key=private_key,
ieee80211w="1") ieee80211w="1")
eap_check_auth(dev, method, True, sha256=sha256) eap_check_auth(dev, method, True, sha256=sha256)
ev = hapd.wait_event([ "AP-STA-CONNECTED" ], timeout=5)
if ev is None:
raise Exception("No connection event received from hostapd")
return id return id
def eap_check_auth(dev, method, initial, rsn=True, sha256=False): def eap_check_auth(dev, method, initial, rsn=True, sha256=False):
@ -78,7 +83,7 @@ def test_ap_wpa2_eap_sim(dev, apdev):
return "skip" return "skip"
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
hostapd.add_ap(apdev[0]['ifname'], params) hostapd.add_ap(apdev[0]['ifname'], params)
eap_connect(dev[0], "SIM", "1232010000000000", eap_connect(dev[0], apdev[0], "SIM", "1232010000000000",
password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581") password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581")
hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname']) hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname'])
eap_reauth(dev[0], "SIM") eap_reauth(dev[0], "SIM")
@ -90,7 +95,7 @@ def test_ap_wpa2_eap_aka(dev, apdev):
return "skip" return "skip"
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
hostapd.add_ap(apdev[0]['ifname'], params) hostapd.add_ap(apdev[0]['ifname'], params)
eap_connect(dev[0], "AKA", "0232010000000000", eap_connect(dev[0], apdev[0], "AKA", "0232010000000000",
password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:000000000123") password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:000000000123")
hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname']) hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname'])
eap_reauth(dev[0], "AKA") eap_reauth(dev[0], "AKA")
@ -102,7 +107,7 @@ def test_ap_wpa2_eap_aka_prime(dev, apdev):
return "skip" return "skip"
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
hostapd.add_ap(apdev[0]['ifname'], params) hostapd.add_ap(apdev[0]['ifname'], params)
eap_connect(dev[0], "AKA'", "6555444333222111", eap_connect(dev[0], apdev[0], "AKA'", "6555444333222111",
password="5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123") password="5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123")
hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname']) hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname'])
eap_reauth(dev[0], "AKA'") eap_reauth(dev[0], "AKA'")
@ -111,7 +116,7 @@ def test_ap_wpa2_eap_ttls_pap(dev, apdev):
"""WPA2-Enterprise connection using EAP-TTLS/PAP""" """WPA2-Enterprise connection using EAP-TTLS/PAP"""
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
hostapd.add_ap(apdev[0]['ifname'], params) hostapd.add_ap(apdev[0]['ifname'], params)
eap_connect(dev[0], "TTLS", "pap user", eap_connect(dev[0], apdev[0], "TTLS", "pap user",
anonymous_identity="ttls", password="password", anonymous_identity="ttls", password="password",
ca_cert="auth_serv/ca.pem", phase2="auth=PAP") ca_cert="auth_serv/ca.pem", phase2="auth=PAP")
hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname']) hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname'])
@ -121,7 +126,7 @@ def test_ap_wpa2_eap_ttls_chap(dev, apdev):
"""WPA2-Enterprise connection using EAP-TTLS/CHAP""" """WPA2-Enterprise connection using EAP-TTLS/CHAP"""
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
hostapd.add_ap(apdev[0]['ifname'], params) hostapd.add_ap(apdev[0]['ifname'], params)
eap_connect(dev[0], "TTLS", "chap user", eap_connect(dev[0], apdev[0], "TTLS", "chap user",
anonymous_identity="ttls", password="password", anonymous_identity="ttls", password="password",
ca_cert="auth_serv/ca.pem", phase2="auth=CHAP") ca_cert="auth_serv/ca.pem", phase2="auth=CHAP")
hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname']) hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname'])
@ -131,7 +136,7 @@ def test_ap_wpa2_eap_ttls_mschap(dev, apdev):
"""WPA2-Enterprise connection using EAP-TTLS/MSCHAP""" """WPA2-Enterprise connection using EAP-TTLS/MSCHAP"""
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
hostapd.add_ap(apdev[0]['ifname'], params) hostapd.add_ap(apdev[0]['ifname'], params)
eap_connect(dev[0], "TTLS", "mschap user", eap_connect(dev[0], apdev[0], "TTLS", "mschap user",
anonymous_identity="ttls", password="password", anonymous_identity="ttls", password="password",
ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAP", ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAP",
domain_suffix_match="server.w1.fi") domain_suffix_match="server.w1.fi")
@ -143,7 +148,7 @@ def test_ap_wpa2_eap_ttls_mschapv2(dev, apdev):
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
hostapd.add_ap(apdev[0]['ifname'], params) hostapd.add_ap(apdev[0]['ifname'], params)
hapd = hostapd.Hostapd(apdev[0]['ifname']) hapd = hostapd.Hostapd(apdev[0]['ifname'])
eap_connect(dev[0], "TTLS", "DOMAIN\mschapv2 user", eap_connect(dev[0], apdev[0], "TTLS", "DOMAIN\mschapv2 user",
anonymous_identity="ttls", password="password", anonymous_identity="ttls", password="password",
ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2", ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
domain_suffix_match="w1.fi") domain_suffix_match="w1.fi")
@ -164,7 +169,7 @@ def test_ap_wpa2_eap_ttls_eap_gtc(dev, apdev):
"""WPA2-Enterprise connection using EAP-TTLS/EAP-GTC""" """WPA2-Enterprise connection using EAP-TTLS/EAP-GTC"""
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
hostapd.add_ap(apdev[0]['ifname'], params) hostapd.add_ap(apdev[0]['ifname'], params)
eap_connect(dev[0], "TTLS", "user", eap_connect(dev[0], apdev[0], "TTLS", "user",
anonymous_identity="ttls", password="password", anonymous_identity="ttls", password="password",
ca_cert="auth_serv/ca.pem", phase2="autheap=GTC") ca_cert="auth_serv/ca.pem", phase2="autheap=GTC")
hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname']) hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname'])
@ -174,7 +179,7 @@ def test_ap_wpa2_eap_ttls_eap_md5(dev, apdev):
"""WPA2-Enterprise connection using EAP-TTLS/EAP-MD5""" """WPA2-Enterprise connection using EAP-TTLS/EAP-MD5"""
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
hostapd.add_ap(apdev[0]['ifname'], params) hostapd.add_ap(apdev[0]['ifname'], params)
eap_connect(dev[0], "TTLS", "user", eap_connect(dev[0], apdev[0], "TTLS", "user",
anonymous_identity="ttls", password="password", anonymous_identity="ttls", password="password",
ca_cert="auth_serv/ca.pem", phase2="autheap=MD5") ca_cert="auth_serv/ca.pem", phase2="autheap=MD5")
hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname']) hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname'])
@ -184,7 +189,7 @@ def test_ap_wpa2_eap_ttls_eap_mschapv2(dev, apdev):
"""WPA2-Enterprise connection using EAP-TTLS/EAP-MSCHAPv2""" """WPA2-Enterprise connection using EAP-TTLS/EAP-MSCHAPv2"""
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
hostapd.add_ap(apdev[0]['ifname'], params) hostapd.add_ap(apdev[0]['ifname'], params)
eap_connect(dev[0], "TTLS", "user", eap_connect(dev[0], apdev[0], "TTLS", "user",
anonymous_identity="ttls", password="password", anonymous_identity="ttls", password="password",
ca_cert="auth_serv/ca.pem", phase2="autheap=MSCHAPV2") ca_cert="auth_serv/ca.pem", phase2="autheap=MSCHAPV2")
hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname']) hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname'])
@ -194,7 +199,7 @@ def test_ap_wpa2_eap_peap_eap_mschapv2(dev, apdev):
"""WPA2-Enterprise connection using EAP-PEAP/EAP-MSCHAPv2""" """WPA2-Enterprise connection using EAP-PEAP/EAP-MSCHAPv2"""
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
hostapd.add_ap(apdev[0]['ifname'], params) hostapd.add_ap(apdev[0]['ifname'], params)
eap_connect(dev[0], "PEAP", "user", eap_connect(dev[0], apdev[0], "PEAP", "user",
anonymous_identity="peap", password="password", anonymous_identity="peap", password="password",
ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2") ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2")
hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname']) hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname'])
@ -204,7 +209,7 @@ def test_ap_wpa2_eap_peap_crypto_binding(dev, apdev):
"""WPA2-Enterprise connection using EAP-PEAPv0/EAP-MSCHAPv2 and crypto binding""" """WPA2-Enterprise connection using EAP-PEAPv0/EAP-MSCHAPv2 and crypto binding"""
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
hostapd.add_ap(apdev[0]['ifname'], params) hostapd.add_ap(apdev[0]['ifname'], params)
eap_connect(dev[0], "PEAP", "user", password="password", eap_connect(dev[0], apdev[0], "PEAP", "user", password="password",
ca_cert="auth_serv/ca.pem", ca_cert="auth_serv/ca.pem",
phase1="peapver=0 crypto_binding=2", phase1="peapver=0 crypto_binding=2",
phase2="auth=MSCHAPV2") phase2="auth=MSCHAPV2")
@ -215,7 +220,7 @@ def test_ap_wpa2_eap_tls(dev, apdev):
"""WPA2-Enterprise connection using EAP-TLS""" """WPA2-Enterprise connection using EAP-TLS"""
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
hostapd.add_ap(apdev[0]['ifname'], params) hostapd.add_ap(apdev[0]['ifname'], params)
eap_connect(dev[0], "TLS", "tls user", ca_cert="auth_serv/ca.pem", eap_connect(dev[0], apdev[0], "TLS", "tls user", ca_cert="auth_serv/ca.pem",
client_cert="auth_serv/user.pem", client_cert="auth_serv/user.pem",
private_key="auth_serv/user.key") private_key="auth_serv/user.key")
eap_reauth(dev[0], "TLS") eap_reauth(dev[0], "TLS")
@ -327,14 +332,14 @@ def test_ap_wpa2_eap_pwd(dev, apdev):
"""WPA2-Enterprise connection using EAP-pwd""" """WPA2-Enterprise connection using EAP-pwd"""
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
hostapd.add_ap(apdev[0]['ifname'], params) hostapd.add_ap(apdev[0]['ifname'], params)
eap_connect(dev[0], "PWD", "pwd user", password="secret password") eap_connect(dev[0], apdev[0], "PWD", "pwd user", password="secret password")
eap_reauth(dev[0], "PWD") eap_reauth(dev[0], "PWD")
def test_ap_wpa2_eap_gpsk(dev, apdev): def test_ap_wpa2_eap_gpsk(dev, apdev):
"""WPA2-Enterprise connection using EAP-GPSK""" """WPA2-Enterprise connection using EAP-GPSK"""
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
hostapd.add_ap(apdev[0]['ifname'], params) hostapd.add_ap(apdev[0]['ifname'], params)
id = eap_connect(dev[0], "GPSK", "gpsk user", id = eap_connect(dev[0], apdev[0], "GPSK", "gpsk user",
password="abcdefghijklmnop0123456789abcdef") password="abcdefghijklmnop0123456789abcdef")
eap_reauth(dev[0], "GPSK") eap_reauth(dev[0], "GPSK")
@ -358,7 +363,7 @@ def test_ap_wpa2_eap_sake(dev, apdev):
"""WPA2-Enterprise connection using EAP-SAKE""" """WPA2-Enterprise connection using EAP-SAKE"""
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
hostapd.add_ap(apdev[0]['ifname'], params) hostapd.add_ap(apdev[0]['ifname'], params)
eap_connect(dev[0], "SAKE", "sake user", eap_connect(dev[0], apdev[0], "SAKE", "sake user",
password_hex="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef") password_hex="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef")
eap_reauth(dev[0], "SAKE") eap_reauth(dev[0], "SAKE")
@ -366,7 +371,7 @@ def test_ap_wpa2_eap_eke(dev, apdev):
"""WPA2-Enterprise connection using EAP-EKE""" """WPA2-Enterprise connection using EAP-EKE"""
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
hostapd.add_ap(apdev[0]['ifname'], params) hostapd.add_ap(apdev[0]['ifname'], params)
id = eap_connect(dev[0], "EKE", "eke user", password="hello") id = eap_connect(dev[0], apdev[0], "EKE", "eke user", password="hello")
eap_reauth(dev[0], "EKE") eap_reauth(dev[0], "EKE")
logger.info("Test forced algorithm selection") logger.info("Test forced algorithm selection")
@ -392,14 +397,15 @@ def test_ap_wpa2_eap_ikev2(dev, apdev):
"""WPA2-Enterprise connection using EAP-IKEv2""" """WPA2-Enterprise connection using EAP-IKEv2"""
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
hostapd.add_ap(apdev[0]['ifname'], params) hostapd.add_ap(apdev[0]['ifname'], params)
eap_connect(dev[0], "IKEV2", "ikev2 user", password="ike password") eap_connect(dev[0], apdev[0], "IKEV2", "ikev2 user",
password="ike password")
eap_reauth(dev[0], "IKEV2") eap_reauth(dev[0], "IKEV2")
def test_ap_wpa2_eap_pax(dev, apdev): def test_ap_wpa2_eap_pax(dev, apdev):
"""WPA2-Enterprise connection using EAP-PAX""" """WPA2-Enterprise connection using EAP-PAX"""
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
hostapd.add_ap(apdev[0]['ifname'], params) hostapd.add_ap(apdev[0]['ifname'], params)
eap_connect(dev[0], "PAX", "pax.user@example.com", eap_connect(dev[0], apdev[0], "PAX", "pax.user@example.com",
password_hex="0123456789abcdef0123456789abcdef") password_hex="0123456789abcdef0123456789abcdef")
eap_reauth(dev[0], "PAX") eap_reauth(dev[0], "PAX")
@ -409,7 +415,7 @@ def test_ap_wpa2_eap_psk(dev, apdev):
params["wpa_key_mgmt"] = "WPA-EAP-SHA256" params["wpa_key_mgmt"] = "WPA-EAP-SHA256"
params["ieee80211w"] = "2" params["ieee80211w"] = "2"
hostapd.add_ap(apdev[0]['ifname'], params) hostapd.add_ap(apdev[0]['ifname'], params)
eap_connect(dev[0], "PSK", "psk.user@example.com", eap_connect(dev[0], apdev[0], "PSK", "psk.user@example.com",
password_hex="0123456789abcdef0123456789abcdef", sha256=True) password_hex="0123456789abcdef0123456789abcdef", sha256=True)
eap_reauth(dev[0], "PSK", sha256=True) eap_reauth(dev[0], "PSK", sha256=True)