tests: SAE with extended key AKM
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This commit is contained in:
parent
e35f6ed1d4
commit
2a9a61d6cd
1 changed files with 93 additions and 0 deletions
|
@ -2789,3 +2789,96 @@ def test_sae_reject(dev, apdev):
|
|||
raise Exception("Authentication rejection not reported")
|
||||
dev[0].request("REMOVE_NETWORK all")
|
||||
dev[0].dump_monitor()
|
||||
|
||||
def test_sae_ext_key_19(dev, apdev):
|
||||
"""SAE with extended key AKM (group 19)"""
|
||||
run_sae_ext_key(dev, apdev, 19)
|
||||
|
||||
def test_sae_ext_key_20(dev, apdev):
|
||||
"""SAE with extended key AKM (group 20)"""
|
||||
run_sae_ext_key(dev, apdev, 20)
|
||||
|
||||
def test_sae_ext_key_21(dev, apdev):
|
||||
"""SAE with extended key AKM (group 21)"""
|
||||
run_sae_ext_key(dev, apdev, 21)
|
||||
|
||||
def run_sae_ext_key(dev, apdev, group):
|
||||
check_sae_capab(dev[0])
|
||||
params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678")
|
||||
params['wpa_key_mgmt'] = 'SAE-EXT-KEY'
|
||||
params['sae_groups'] = str(group)
|
||||
params['ieee80211w'] = '2'
|
||||
hapd = hostapd.add_ap(apdev[0], params)
|
||||
key_mgmt = hapd.get_config()['key_mgmt']
|
||||
if key_mgmt.split(' ')[0] != "SAE-EXT-KEY":
|
||||
raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
|
||||
|
||||
dev[0].set("sae_groups", str(group))
|
||||
id = dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE-EXT-KEY",
|
||||
ieee80211w="2", scan_freq="2412")
|
||||
hapd.wait_sta()
|
||||
if dev[0].get_status_field('sae_group') != str(group):
|
||||
raise Exception("Expected SAE group not used")
|
||||
bss = dev[0].get_bss(apdev[0]['bssid'])
|
||||
if 'flags' not in bss:
|
||||
raise Exception("Could not get BSS flags from BSS table")
|
||||
if "[WPA2-SAE-EXT-KEY-CCMP]" not in bss['flags']:
|
||||
raise Exception("Unexpected BSS flags: " + bss['flags'])
|
||||
|
||||
res = hapd.request("STA-FIRST")
|
||||
if ("sae_group=%d" % group) not in res.splitlines():
|
||||
raise Exception("hostapd STA output did not specify SAE group")
|
||||
|
||||
sta0 = hapd.get_sta(dev[0].own_addr())
|
||||
if sta0['wpa'] != '2' or sta0['AKMSuiteSelector'] != '00-0f-ac-24':
|
||||
raise Exception("SAE STA(0) AKM suite selector reported incorrectly")
|
||||
|
||||
pmk_h = hapd.request("GET_PMK " + dev[0].own_addr())
|
||||
pmk_w = dev[0].get_pmk(id)
|
||||
if pmk_h != pmk_w:
|
||||
raise Exception("Fetched PMK does not match: hostapd %s, wpa_supplicant %s" % (pmk_h, pmk_w))
|
||||
if group == 19:
|
||||
pmk_len = 32
|
||||
elif group == 20:
|
||||
pmk_len = 48
|
||||
elif group == 21:
|
||||
pmk_len = 64
|
||||
if len(pmk_h) != 2 * pmk_len:
|
||||
raise Exception("Unexpected SAE PMK length: %d" % (len(pmk_h) / 2))
|
||||
dev[0].request("DISCONNECT")
|
||||
dev[0].wait_disconnected()
|
||||
pmk_h2 = hapd.request("GET_PMK " + dev[0].own_addr())
|
||||
if pmk_h != pmk_h2:
|
||||
raise Exception("Fetched PMK from PMKSA cache does not match: %s, %s" % (pmk_h, pmk_h2))
|
||||
|
||||
dev[0].request("RECONNECT")
|
||||
dev[0].wait_connected(timeout=15, error="Reconnect timed out")
|
||||
val = dev[0].get_status_field('sae_group')
|
||||
if val is not None:
|
||||
raise Exception("SAE group claimed to have been used: " + val)
|
||||
sta0 = hapd.get_sta(dev[0].own_addr())
|
||||
if sta0['wpa'] != '2' or sta0['AKMSuiteSelector'] != '00-0f-ac-24':
|
||||
raise Exception("SAE STA(0) AKM suite selector reported incorrectly after PMKSA caching")
|
||||
|
||||
def test_sae_akms(dev, apdev):
|
||||
"""SAE with both AKMs)"""
|
||||
check_sae_capab(dev[0])
|
||||
check_sae_capab(dev[1])
|
||||
check_sae_capab(dev[2])
|
||||
params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678")
|
||||
params['wpa_key_mgmt'] = 'SAE SAE-EXT-KEY'
|
||||
params['sae_groups'] = "19 20"
|
||||
params['ieee80211w'] = '2'
|
||||
hapd = hostapd.add_ap(apdev[0], params)
|
||||
|
||||
dev[0].set("sae_groups", "20")
|
||||
dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE-EXT-KEY",
|
||||
ieee80211w="2", scan_freq="2412")
|
||||
|
||||
dev[1].set("sae_groups", "20")
|
||||
dev[1].connect("test-sae", psk="12345678", key_mgmt="SAE",
|
||||
ieee80211w="2", scan_freq="2412")
|
||||
|
||||
dev[2].set("sae_groups", "19")
|
||||
dev[2].connect("test-sae", psk="12345678", key_mgmt="SAE",
|
||||
ieee80211w="2", scan_freq="2412")
|
||||
|
|
Loading…
Reference in a new issue