tests: Write MSK dump files from authentication server

author Jouni Malinen <jouni@qca.qualcomm.com>

Tue, 5 Sep 2017 16:12:29 +0000 (19:12 +0300)

committer Jouni Malinen <j@w1.fi>

Tue, 5 Sep 2017 16:29:01 +0000 (19:29 +0300)
author Jouni Malinen <jouni@qca.qualcomm.com>
Tue, 5 Sep 2017 16:12:29 +0000 (19:12 +0300)
committer Jouni Malinen <j@w1.fi>
Tue, 5 Sep 2017 16:29:01 +0000 (19:29 +0300)
diff --git a/tests/hwsim/auth_serv/as.conf b/tests/hwsim/auth_serv/as.conf

index 61afc9ab71d63a442ad87057e62f76c90a11afc4..e58a8d6ec021e0e7201201ec7e31276e48efb965 100644 (file)
--- a/tests/hwsim/auth_serv/as.conf
+++ b/tests/hwsim/auth_serv/as.conf
@@ -20,3 +20,5 @@ pac_opaque_encr_key=000102030405060708090a0b0c0d0e0f
  eap_fast_a_id=101112131415161718191a1b1c1d1e1f
  eap_fast_a_id_info=test server
  eap_sim_aka_result_ind=1
+
+dump_msk_file=LOGDIR/as-msk.lst
diff --git a/tests/hwsim/auth_serv/as2.conf b/tests/hwsim/auth_serv/as2.conf

index 9bacbfa52f5535c39ae529ff323f8a92502608d3..1c2697f51b6fee41d93c4fe933d1de0ba2c6a053 100644 (file)
--- a/tests/hwsim/auth_serv/as2.conf
+++ b/tests/hwsim/auth_serv/as2.conf
@@ -20,3 +20,5 @@ pac_opaque_encr_key=000102030405060708090a0b0c0d0e0f
  eap_fast_a_id=101112131415161718191a1b1c1d1e1f
  eap_fast_a_id_info=test server2
  eap_sim_aka_result_ind=1
+
+dump_msk_file=LOGDIR/as2-msk.lst
diff --git a/tests/hwsim/example-hostapd.config b/tests/hwsim/example-hostapd.config

index 9c672269f966d0e881337f6dfc76d7a20c254bbe..a972f582f4e73d3bec3a4268ea116f2a1776c0fb 100644 (file)
--- a/tests/hwsim/example-hostapd.config
+++ b/tests/hwsim/example-hostapd.config
@@ -76,6 +76,7 @@ CONFIG_FST=y
  CONFIG_FST_TEST=y
  
  CONFIG_TESTING_OPTIONS=y
+CFLAGS += -DCONFIG_RADIUS_TEST
  CONFIG_MODULE_TESTS=y
  
  CONFIG_SUITEB=y
diff --git a/tests/hwsim/test_erp.py b/tests/hwsim/test_erp.py

index 6ac2d8bc98e3b55d56291f5a66a1b848fdef0da8..17d4cfd0eb5f703b6645d902c0fd07302cb92fe8 100644 (file)
--- a/tests/hwsim/test_erp.py
+++ b/tests/hwsim/test_erp.py
@@ -107,7 +107,7 @@ def test_erp_server_no_match(dev, apdev):
          raise Exception("Unexpected use of ERP")
      dev[0].wait_connected(timeout=15, error="Reconnection timed out")
  
-def start_erp_as(apdev, erp_domain="example.com"):
+def start_erp_as(apdev, erp_domain="example.com", msk_dump=None):
      params = { "ssid": "as", "beacon_int": "2000",
                 "radius_server_clients": "auth_serv/radius_clients.conf",
                 "radius_server_auth_port": '18128',
@@ -123,6 +123,8 @@ def start_erp_as(apdev, erp_domain="example.com"):
                 "eap_fast_a_id_info": "test server",
                 "eap_server_erp": "1",
                 "erp_domain": erp_domain }
+    if msk_dump:
+        params["dump_msk_file"] = msk_dump
      return hostapd.add_ap(apdev, params)
  
  def test_erp_radius(dev, apdev):
diff --git a/tests/hwsim/test_fils.py b/tests/hwsim/test_fils.py

index a91360d9a986f67f0865dc7e48673867e6b833e9..bd23654cb502fc6b88dbf3e5da911fa55c82087f 100644 (file)
--- a/tests/hwsim/test_fils.py
+++ b/tests/hwsim/test_fils.py
@@ -30,12 +30,12 @@ def check_fils_sk_pfs_capa(dev):
      if capa is None or "FILS-SK-PFS" not in capa:
          raise HwsimSkip("FILS-SK-PFS not supported")
  
-def test_fils_sk_full_auth(dev, apdev):
+def test_fils_sk_full_auth(dev, apdev, params):
      """FILS SK full authentication"""
      check_fils_capa(dev[0])
      check_erp_capa(dev[0])
  
-    start_erp_as(apdev[1])
+    start_erp_as(apdev[1], msk_dump=os.path.join(params['logdir'], "msk.lst"))
  
      bssid = apdev[0]['bssid']
      params = hostapd.wpa2_eap_params(ssid="fils")
@@ -78,12 +78,12 @@ def test_fils_sk_full_auth(dev, apdev):
      if conf['key_mgmt'] != 'FILS-SHA256':
          raise Exception("Unexpected config key_mgmt: " + conf['key_mgmt'])
  
-def test_fils_sk_sha384_full_auth(dev, apdev):
+def test_fils_sk_sha384_full_auth(dev, apdev, params):
      """FILS SK full authentication (SHA384)"""
      check_fils_capa(dev[0])
      check_erp_capa(dev[0])
  
-    start_erp_as(apdev[1])
+    start_erp_as(apdev[1], msk_dump=os.path.join(params['logdir'], "msk.lst"))
  
      bssid = apdev[0]['bssid']
      params = hostapd.wpa2_eap_params(ssid="fils")
@@ -126,12 +126,12 @@ def test_fils_sk_sha384_full_auth(dev, apdev):
      if conf['key_mgmt'] != 'FILS-SHA384':
          raise Exception("Unexpected config key_mgmt: " + conf['key_mgmt'])
  
-def test_fils_sk_pmksa_caching(dev, apdev):
+def test_fils_sk_pmksa_caching(dev, apdev, params):
      """FILS SK and PMKSA caching"""
      check_fils_capa(dev[0])
      check_erp_capa(dev[0])
  
-    start_erp_as(apdev[1])
+    start_erp_as(apdev[1], msk_dump=os.path.join(params['logdir'], "msk.lst"))
  
      bssid = apdev[0]['bssid']
      params = hostapd.wpa2_eap_params(ssid="fils")
@@ -259,12 +259,13 @@ def test_fils_sk_pmksa_caching_and_cache_id(dev, apdev):
      if pmksa['pmkid'] != pmksa2['pmkid']:
          raise Exception("Unexpected PMKID change")
  
-def test_fils_sk_pmksa_caching_ctrl_ext(dev, apdev):
+def test_fils_sk_pmksa_caching_ctrl_ext(dev, apdev, params):
      """FILS SK and PMKSA caching with Cache Identifier and external management"""
      check_fils_capa(dev[0])
      check_erp_capa(dev[0])
  
-    hapd_as = start_erp_as(apdev[1])
+    hapd_as = start_erp_as(apdev[1],
+                           msk_dump=os.path.join(params['logdir'], "msk.lst"))
  
      bssid = apdev[0]['bssid']
      params = hostapd.wpa2_eap_params(ssid="fils")
@@ -320,19 +321,20 @@ def test_fils_sk_pmksa_caching_ctrl_ext(dev, apdev):
      if bssid2 not in ev:
          raise Exception("Unexpected BSS selected")
  
-def test_fils_sk_erp(dev, apdev):
+def test_fils_sk_erp(dev, apdev, params):
      """FILS SK using ERP"""
-    run_fils_sk_erp(dev, apdev, "FILS-SHA256")
+    run_fils_sk_erp(dev, apdev, "FILS-SHA256", params)
  
-def test_fils_sk_erp_sha384(dev, apdev):
+def test_fils_sk_erp_sha384(dev, apdev, params):
      """FILS SK using ERP and SHA384"""
-    run_fils_sk_erp(dev, apdev, "FILS-SHA384")
+    run_fils_sk_erp(dev, apdev, "FILS-SHA384", params)
  
-def run_fils_sk_erp(dev, apdev, key_mgmt):
+def run_fils_sk_erp(dev, apdev, key_mgmt, params):
      check_fils_capa(dev[0])
      check_erp_capa(dev[0])
  
-    start_erp_as(apdev[1])
+    start_erp_as(apdev[1],
+                 msk_dump=os.path.join(params['logdir'], "msk.lst"))
  
      bssid = apdev[0]['bssid']
      params = hostapd.wpa2_eap_params(ssid="fils")
@@ -366,11 +368,11 @@ def run_fils_sk_erp(dev, apdev, key_mgmt):
          raise Exception("Association failed")
      hwsim_utils.test_connectivity(dev[0], hapd)
  
-def test_fils_sk_erp_followed_by_pmksa_caching(dev, apdev):
+def test_fils_sk_erp_followed_by_pmksa_caching(dev, apdev, params):
      check_fils_capa(dev[0])
      check_erp_capa(dev[0])
  
-    start_erp_as(apdev[1])
+    start_erp_as(apdev[1], msk_dump=os.path.join(params['logdir'], "msk.lst"))
  
      bssid = apdev[0]['bssid']
      params = hostapd.wpa2_eap_params(ssid="fils")
@@ -434,12 +436,12 @@ def test_fils_sk_erp_followed_by_pmksa_caching(dev, apdev):
      if pmksa['pmkid'] != pmksa2['pmkid']:
             raise Exception("Unexpected PMKID change")
  
-def test_fils_sk_erp_another_ssid(dev, apdev):
+def test_fils_sk_erp_another_ssid(dev, apdev, params):
      """FILS SK using ERP and roam to another SSID"""
      check_fils_capa(dev[0])
      check_erp_capa(dev[0])
  
-    start_erp_as(apdev[1])
+    start_erp_as(apdev[1], msk_dump=os.path.join(params['logdir'], "msk.lst"))
  
      bssid = apdev[0]['bssid']
      params = hostapd.wpa2_eap_params(ssid="fils")
@@ -490,12 +492,12 @@ def test_fils_sk_erp_another_ssid(dev, apdev):
          raise Exception("Association failed")
      hwsim_utils.test_connectivity(dev[0], hapd)
  
-def test_fils_sk_multiple_realms(dev, apdev):
+def test_fils_sk_multiple_realms(dev, apdev, params):
      """FILS SK and multiple realms"""
      check_fils_capa(dev[0])
      check_erp_capa(dev[0])
  
-    start_erp_as(apdev[1])
+    start_erp_as(apdev[1], msk_dump=os.path.join(params['logdir'], "msk.lst"))
  
      bssid = apdev[0]['bssid']
      params = hostapd.wpa2_eap_params(ssid="fils")
@@ -669,19 +671,19 @@ def fils_hlp_config(fils_hlp_wait_time=10000):
      params['fils_hlp_wait_time'] = str(fils_hlp_wait_time)
      return params
  
-def test_fils_sk_hlp(dev, apdev):
+def test_fils_sk_hlp(dev, apdev, params):
      """FILS SK HLP (rapid commit server)"""
-    run_fils_sk_hlp(dev, apdev, True)
+    run_fils_sk_hlp(dev, apdev, True, params)
  
-def test_fils_sk_hlp_no_rapid_commit(dev, apdev):
+def test_fils_sk_hlp_no_rapid_commit(dev, apdev, params):
      """FILS SK HLP (no rapid commit server)"""
-    run_fils_sk_hlp(dev, apdev, False)
+    run_fils_sk_hlp(dev, apdev, False, params)
  
-def run_fils_sk_hlp(dev, apdev, rapid_commit_server):
+def run_fils_sk_hlp(dev, apdev, rapid_commit_server, params):
      check_fils_capa(dev[0])
      check_erp_capa(dev[0])
  
-    start_erp_as(apdev[1])
+    start_erp_as(apdev[1], msk_dump=os.path.join(params['logdir'], "msk.lst"))
  
      sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
      sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
@@ -781,12 +783,12 @@ def run_fils_sk_hlp(dev, apdev, rapid_commit_server):
  
      dev[0].request("FILS_HLP_REQ_FLUSH")
  
-def test_fils_sk_hlp_timeout(dev, apdev):
+def test_fils_sk_hlp_timeout(dev, apdev, params):
      """FILS SK HLP (rapid commit server timeout)"""
      check_fils_capa(dev[0])
      check_erp_capa(dev[0])
  
-    start_erp_as(apdev[1])
+    start_erp_as(apdev[1], msk_dump=os.path.join(params['logdir'], "msk.lst"))
  
      sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
      sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
@@ -824,12 +826,12 @@ def test_fils_sk_hlp_timeout(dev, apdev):
  
      dev[0].request("FILS_HLP_REQ_FLUSH")
  
-def test_fils_sk_hlp_oom(dev, apdev):
+def test_fils_sk_hlp_oom(dev, apdev, params):
      """FILS SK HLP and hostapd OOM"""
      check_fils_capa(dev[0])
      check_erp_capa(dev[0])
  
-    start_erp_as(apdev[1])
+    start_erp_as(apdev[1], msk_dump=os.path.join(params['logdir'], "msk.lst"))
  
      sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
      sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
@@ -916,12 +918,12 @@ def test_fils_sk_hlp_oom(dev, apdev):
  
      dev[0].request("FILS_HLP_REQ_FLUSH")
  
-def test_fils_sk_hlp_req_parsing(dev, apdev):
+def test_fils_sk_hlp_req_parsing(dev, apdev, params):
      """FILS SK HLP request parsing"""
      check_fils_capa(dev[0])
      check_erp_capa(dev[0])
  
-    start_erp_as(apdev[1])
+    start_erp_as(apdev[1], msk_dump=os.path.join(params['logdir'], "msk.lst"))
  
      bssid = apdev[0]['bssid']
      params = fils_hlp_config(fils_hlp_wait_time=30)
@@ -1085,12 +1087,12 @@ def test_fils_sk_hlp_req_parsing(dev, apdev):
  
      dev[0].request("FILS_HLP_REQ_FLUSH")
  
-def test_fils_sk_hlp_dhcp_parsing(dev, apdev):
+def test_fils_sk_hlp_dhcp_parsing(dev, apdev, params):
      """FILS SK HLP and DHCP response parsing"""
      check_fils_capa(dev[0])
      check_erp_capa(dev[0])
  
-    start_erp_as(apdev[1])
+    start_erp_as(apdev[1], msk_dump=os.path.join(params['logdir'], "msk.lst"))
  
      sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
      sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
@@ -1247,12 +1249,12 @@ def test_fils_sk_hlp_dhcp_parsing(dev, apdev):
  
      dev[0].request("FILS_HLP_REQ_FLUSH")
  
-def test_fils_sk_erp_and_reauth(dev, apdev):
+def test_fils_sk_erp_and_reauth(dev, apdev, params):
      """FILS SK using ERP and AP going away"""
      check_fils_capa(dev[0])
      check_erp_capa(dev[0])
  
-    start_erp_as(apdev[1])
+    start_erp_as(apdev[1], msk_dump=os.path.join(params['logdir'], "msk.lst"))
  
      bssid = apdev[0]['bssid']
      params = hostapd.wpa2_eap_params(ssid="fils")
@@ -1286,13 +1288,14 @@ def test_fils_sk_erp_and_reauth(dev, apdev):
      if "EVENT-ASSOC-REJECT" in ev:
          raise Exception("Association failed")
  
-def test_fils_sk_erp_sim(dev, apdev):
+def test_fils_sk_erp_sim(dev, apdev, params):
      """FILS SK using ERP with SIM"""
      check_fils_capa(dev[0])
      check_erp_capa(dev[0])
  
      realm='wlan.mnc001.mcc232.3gppnetwork.org'
-    start_erp_as(apdev[1], erp_domain=realm)
+    start_erp_as(apdev[1], erp_domain=realm,
+                 msk_dump=os.path.join(params['logdir'], "msk.lst"))
  
      bssid = apdev[0]['bssid']
      params = hostapd.wpa2_eap_params(ssid="fils")
@@ -1324,43 +1327,43 @@ def test_fils_sk_erp_sim(dev, apdev):
      if "EVENT-ASSOC-REJECT" in ev:
          raise Exception("Association failed")
  
-def test_fils_sk_pfs_19(dev, apdev):
+def test_fils_sk_pfs_19(dev, apdev, params):
      """FILS SK with PFS (DH group 19)"""
-    rul_fils_sk_pfs(dev, apdev, "19")
+    run_fils_sk_pfs(dev, apdev, "19", params)
  
-def test_fils_sk_pfs_20(dev, apdev):
+def test_fils_sk_pfs_20(dev, apdev, params):
      """FILS SK with PFS (DH group 20)"""
-    rul_fils_sk_pfs(dev, apdev, "20")
+    run_fils_sk_pfs(dev, apdev, "20", params)
  
-def test_fils_sk_pfs_21(dev, apdev):
+def test_fils_sk_pfs_21(dev, apdev, params):
      """FILS SK with PFS (DH group 21)"""
-    rul_fils_sk_pfs(dev, apdev, "21")
+    run_fils_sk_pfs(dev, apdev, "21", params)
  
-def test_fils_sk_pfs_25(dev, apdev):
+def test_fils_sk_pfs_25(dev, apdev, params):
      """FILS SK with PFS (DH group 25)"""
-    rul_fils_sk_pfs(dev, apdev, "25")
+    run_fils_sk_pfs(dev, apdev, "25", params)
  
-def test_fils_sk_pfs_26(dev, apdev):
+def test_fils_sk_pfs_26(dev, apdev, params):
      """FILS SK with PFS (DH group 26)"""
-    rul_fils_sk_pfs(dev, apdev, "26")
+    run_fils_sk_pfs(dev, apdev, "26", params)
  
-def test_fils_sk_pfs_27(dev, apdev):
+def test_fils_sk_pfs_27(dev, apdev, params):
      """FILS SK with PFS (DH group 27)"""
-    rul_fils_sk_pfs(dev, apdev, "27")
+    run_fils_sk_pfs(dev, apdev, "27", params)
  
-def test_fils_sk_pfs_28(dev, apdev):
+def test_fils_sk_pfs_28(dev, apdev, params):
      """FILS SK with PFS (DH group 28)"""
-    rul_fils_sk_pfs(dev, apdev, "28")
+    run_fils_sk_pfs(dev, apdev, "28", params)
  
-def test_fils_sk_pfs_29(dev, apdev):
+def test_fils_sk_pfs_29(dev, apdev, params):
      """FILS SK with PFS (DH group 29)"""
-    rul_fils_sk_pfs(dev, apdev, "29")
+    run_fils_sk_pfs(dev, apdev, "29", params)
  
-def test_fils_sk_pfs_30(dev, apdev):
+def test_fils_sk_pfs_30(dev, apdev, params):
      """FILS SK with PFS (DH group 30)"""
-    rul_fils_sk_pfs(dev, apdev, "30")
+    run_fils_sk_pfs(dev, apdev, "30", params)
  
-def rul_fils_sk_pfs(dev, apdev, group):
+def run_fils_sk_pfs(dev, apdev, group, params):
      check_fils_sk_pfs_capa(dev[0])
      check_erp_capa(dev[0])
  
@@ -1369,7 +1372,7 @@ def rul_fils_sk_pfs(dev, apdev, group):
          if not (tls.startswith("OpenSSL") and ("build=OpenSSL 1.0.2" in tls or "build=OpenSSL 1.1" in tls) and ("run=OpenSSL 1.0.2" in tls or "run=OpenSSL 1.1" in tls)):
              raise HwsimSkip("Brainpool EC group not supported")
  
-    start_erp_as(apdev[1])
+    start_erp_as(apdev[1], msk_dump=os.path.join(params['logdir'], "msk.lst"))
  
      bssid = apdev[0]['bssid']
      params = hostapd.wpa2_eap_params(ssid="fils")
@@ -1404,12 +1407,12 @@ def rul_fils_sk_pfs(dev, apdev, group):
          raise Exception("Association failed")
      hwsim_utils.test_connectivity(dev[0], hapd)
  
-def test_fils_sk_pfs_group_mismatch(dev, apdev):
+def test_fils_sk_pfs_group_mismatch(dev, apdev, params):
      """FILS SK PFS DH group mismatch"""
      check_fils_sk_pfs_capa(dev[0])
      check_erp_capa(dev[0])
  
-    start_erp_as(apdev[1])
+    start_erp_as(apdev[1], msk_dump=os.path.join(params['logdir'], "msk.lst"))
  
      bssid = apdev[0]['bssid']
      params = hostapd.wpa2_eap_params(ssid="fils")
@@ -1440,12 +1443,12 @@ def test_fils_sk_pfs_group_mismatch(dev, apdev):
      if "auth_type=5 auth_transaction=2 status_code=77" not in ev:
          raise Exception("Unexpected auth reject value: " + ev)
  
-def test_fils_sk_auth_mismatch(dev, apdev):
+def test_fils_sk_auth_mismatch(dev, apdev, params):
      """FILS SK authentication type mismatch (PFS not supported)"""
      check_fils_sk_pfs_capa(dev[0])
      check_erp_capa(dev[0])
  
-    start_erp_as(apdev[1])
+    start_erp_as(apdev[1], msk_dump=os.path.join(params['logdir'], "msk.lst"))
  
      bssid = apdev[0]['bssid']
      params = hostapd.wpa2_eap_params(ssid="fils")
@@ -1478,12 +1481,12 @@ def test_fils_sk_auth_mismatch(dev, apdev):
      dev[0].wait_connected()
      hwsim_utils.test_connectivity(dev[0], hapd)
  
-def test_fils_auth_gtk_rekey(dev, apdev):
+def test_fils_auth_gtk_rekey(dev, apdev, params):
      """GTK rekeying after FILS authentication"""
      check_fils_capa(dev[0])
      check_erp_capa(dev[0])
  
-    start_erp_as(apdev[1])
+    start_erp_as(apdev[1], msk_dump=os.path.join(params['logdir'], "msk.lst"))
  
      bssid = apdev[0]['bssid']
      params = hostapd.wpa2_eap_params(ssid="fils")
@@ -1525,12 +1528,13 @@ def test_fils_auth_gtk_rekey(dev, apdev):
          raise Exception("Rekeying failed - disconnected")
      hwsim_utils.test_connectivity(dev[0], hapd)
  
-def test_fils_and_ft(dev, apdev):
+def test_fils_and_ft(dev, apdev, params):
      """FILS SK using ERP and FT initial mobility domain association"""
      check_fils_capa(dev[0])
      check_erp_capa(dev[0])
  
-    er = start_erp_as(apdev[1])
+    er = start_erp_as(apdev[1],
+                      msk_dump=os.path.join(params['logdir'], "msk.lst"))
  
      bssid = apdev[0]['bssid']
      params = hostapd.wpa2_eap_params(ssid="fils")
author	Jouni Malinen <jouni@qca.qualcomm.com>
	Tue, 5 Sep 2017 16:12:29 +0000 (19:12 +0300)
committer	Jouni Malinen <j@w1.fi>
	Tue, 5 Sep 2017 16:29:01 +0000 (19:29 +0300)
tests/hwsim/auth_serv/as.conf		patch \| blob \| blame \| history
tests/hwsim/auth_serv/as2.conf		patch \| blob \| blame \| history
tests/hwsim/example-hostapd.config		patch \| blob \| blame \| history
tests/hwsim/test_erp.py		patch \| blob \| blame \| history
tests/hwsim/test_fils.py		patch \| blob \| blame \| history