aboutsummaryrefslogtreecommitdiffstats
path: root/tests
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2018-12-29 09:37:01 (GMT)
committerJouni Malinen <j@w1.fi>2018-12-29 10:18:41 (GMT)
commit0d09bd083289348ddaceb3220c5633842630ced5 (patch)
treeccece683859314d596368aea7bc56570c0e2a73f /tests
parent8c652ecfbe32ae3c0d40a75a31f103cd149c911e (diff)
downloadhostap-0d09bd083289348ddaceb3220c5633842630ced5.zip
hostap-0d09bd083289348ddaceb3220c5633842630ced5.tar.gz
hostap-0d09bd083289348ddaceb3220c5633842630ced5.tar.bz2
tests: Use more robust way to determine MKA is done for MACsec testing
Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'tests')
-rw-r--r--tests/hwsim/test_macsec.py60
1 files changed, 47 insertions, 13 deletions
diff --git a/tests/hwsim/test_macsec.py b/tests/hwsim/test_macsec.py
index ce5ee9f..c24c472 100644
--- a/tests/hwsim/test_macsec.py
+++ b/tests/hwsim/test_macsec.py
@@ -171,23 +171,57 @@ def add_wpas_interfaces(count=2):
return wpa
-def wait_key_distribution(wpas0, wpas1, expect_failure=False):
+def lower_addr(addr1, addr2):
+ a1 = addr1.split(':')
+ a2 = addr2.split(':')
+ for i in range(6):
+ if a1[i].decode("hex") < a2[i].decode("hex"):
+ return True
+ if a1[i].decode("hex") > a2[i].decode("hex"):
+ return False
+ return False
+
+def wait_mka_done(wpa, expect_failure=False):
max_iter = 14 if expect_failure else 40
for i in range(max_iter):
- key_tx0 = int(wpas0.get_status_field("Number of Keys Distributed"))
- key_rx0 = int(wpas0.get_status_field("Number of Keys Received"))
- key_tx1 = int(wpas1.get_status_field("Number of Keys Distributed"))
- key_rx1 = int(wpas1.get_status_field("Number of Keys Received"))
- if (key_tx0 > 0 or key_rx0 > 0) and (key_tx1 > 0 or key_rx1 > 0):
- return
+ done = True
+ for w in wpa:
+ secured = w.get_status_field("Secured")
+ peers = int(w.get_status_field("live_peers"))
+ if expect_failure and (secured == "Yes" or peers > 0):
+ raise Exception("MKA completed unexpectedly")
+ if peers != len(wpa) - 1 or secured != "Yes":
+ done = False
+ break
+ w.dump_monitor()
+ if done:
+ break
time.sleep(0.5)
if expect_failure:
- if key_tx0 != 0 or key_rx0 != 0 or key_tx1 != 0 or key_rx1 != 0:
- raise Exception("Unexpected key distribution")
return
- raise Exception("No key distribution seen")
+ if not done:
+ raise Exception("MKA not completed successfully")
+
+ key_server = None
+ ks_prio = 999
+ for w in wpa:
+ logger.info("%s STATUS:\n%s" % (w.ifname, w.request("STATUS")))
+ addr = w.get_status_field("address")
+ prio = int(w.get_status_field("Actor Priority"))
+ if key_server is None or prio < ks_prio or \
+ (prio == ks_prio and lower_addr(addr, ks_addr)):
+ key_server = w
+ ks_addr = addr
+ ks_prio = prio
+
+ logger.info("Expected key server: " + key_server.ifname)
+ if key_server.get_status_field("is_key_server") != "Yes":
+ raise Exception("Expected key server was not elected")
+ for w in wpa:
+ if w != key_server and w.get_status_field("is_key_server") == "Yes":
+ raise Exception("Unexpected key server")
def run_macsec_psk(dev, apdev, params, prefix, integ_only=False, port0=None,
port1=None, ckn0=None, ckn1=None, cak0=None, cak1=None,
@@ -232,7 +266,7 @@ def run_macsec_psk(dev, apdev, params, prefix, integ_only=False, port0=None,
macsec_ifname0 = wpas0.get_driver_status_field("parent_ifname")
macsec_ifname1 = wpas1.get_driver_status_field("parent_ifname")
- wait_key_distribution(wpas0, wpas1, expect_failure=expect_failure)
+ wait_mka_done(wpa, expect_failure=expect_failure)
if expect_failure:
for i in range(len(cmd)):
@@ -500,7 +534,7 @@ def test_macsec_psk_fail_cp(dev, apdev):
set_mka_psk_config(wpa[1])
wait_fail_trigger(wpa[0], "GET_ALLOC_FAIL", max_iter=100)
- wait_key_distribution(wpa[0], wpa[1])
+ wait_mka_done(wpa)
finally:
cleanup_macsec()
@@ -514,6 +548,6 @@ def test_macsec_psk_fail_cp2(dev, apdev):
set_mka_psk_config(wpa[1])
wait_fail_trigger(wpa[1], "GET_ALLOC_FAIL", max_iter=100)
- wait_key_distribution(wpa[0], wpa[1])
+ wait_mka_done(wpa)
finally:
cleanup_macsec()