diff --git a/tests/hwsim/test_sae.py b/tests/hwsim/test_sae.py index f0c007428..6fcb81ae9 100644 --- a/tests/hwsim/test_sae.py +++ b/tests/hwsim/test_sae.py @@ -13,7 +13,7 @@ logger = logging.getLogger() import hwsim_utils import hostapd -from utils import HwsimSkip, alloc_fail, fail_test +from utils import HwsimSkip, alloc_fail, fail_test, wait_fail_trigger from test_ap_psk import find_wpas_process, read_process_memory, verify_not_present, get_key_locations def test_sae(dev, apdev): @@ -728,6 +728,11 @@ def test_sae_pwe_failure(dev, apdev): scan_freq="2412") dev[0].request("REMOVE_NETWORK all") dev[0].wait_disconnected() + with fail_test(dev[0], 1, "sae_test_pwd_seed_ecc"): + dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE", + scan_freq="2412") + dev[0].request("REMOVE_NETWORK all") + dev[0].wait_disconnected() dev[0].request("SET sae_groups 5") with fail_test(dev[0], 1, "hmac_sha256_vector;sae_derive_pwe_ffc"): @@ -747,3 +752,84 @@ def test_sae_pwe_failure(dev, apdev): scan_freq="2412") dev[0].request("REMOVE_NETWORK all") dev[0].wait_disconnected() + +def test_sae_bignum_failure(dev, apdev): + """SAE and bignum failure""" + if "SAE" not in dev[0].get_capability("auth_alg"): + raise HwsimSkip("SAE not supported") + params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678") + params['wpa_key_mgmt'] = 'SAE' + params['sae_groups'] = '19 5 22' + hapd = hostapd.add_ap(apdev[0]['ifname'], params) + + dev[0].request("SET sae_groups 19") + tests = [ (1, "crypto_bignum_init_set;get_rand_1_to_p_1"), + (1, "crypto_bignum_init;is_quadratic_residue_blind"), + (1, "crypto_bignum_mulmod;is_quadratic_residue_blind"), + (2, "crypto_bignum_mulmod;is_quadratic_residue_blind"), + (3, "crypto_bignum_mulmod;is_quadratic_residue_blind"), + (1, "crypto_bignum_legendre;is_quadratic_residue_blind"), + (1, "crypto_bignum_init_set;sae_test_pwd_seed_ecc"), + (1, "crypto_ec_point_compute_y_sqr;sae_test_pwd_seed_ecc"), + (1, "crypto_bignum_init_set;get_random_qr_qnr"), + (1, "crypto_bignum_to_bin;sae_derive_pwe_ecc"), + (1, "crypto_ec_point_init;sae_derive_pwe_ecc"), + (1, "crypto_ec_point_solve_y_coord;sae_derive_pwe_ecc"), + (1, "crypto_ec_point_init;sae_derive_commit_element_ecc"), + (1, "crypto_ec_point_mul;sae_derive_commit_element_ecc"), + (1, "crypto_ec_point_invert;sae_derive_commit_element_ecc"), + (1, "crypto_bignum_init;=sae_derive_commit"), + (1, "crypto_ec_point_init;sae_derive_k_ecc"), + (1, "crypto_ec_point_mul;sae_derive_k_ecc"), + (1, "crypto_ec_point_add;sae_derive_k_ecc"), + (2, "crypto_ec_point_mul;sae_derive_k_ecc"), + (1, "crypto_ec_point_to_bin;sae_derive_k_ecc"), + (1, "crypto_bignum_legendre;get_random_qr_qnr"), + (1, "sha256_prf;sae_derive_keys"), + (1, "crypto_bignum_init;sae_derive_keys"), + (1, "crypto_bignum_init_set;sae_parse_commit_scalar"), + (1, "crypto_bignum_to_bin;sae_parse_commit_element_ecc"), + (1, "crypto_ec_point_from_bin;sae_parse_commit_element_ecc") ] + for count, func in tests: + with fail_test(dev[0], count, func): + dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE", + scan_freq="2412", wait_connect=False) + wait_fail_trigger(dev[0], "GET_FAIL") + dev[0].request("REMOVE_NETWORK all") + + dev[0].request("SET sae_groups 5") + tests = [ (1, "crypto_bignum_init_set;sae_set_group"), + (2, "crypto_bignum_init_set;sae_set_group"), + (1, "crypto_bignum_init_set;sae_get_rand"), + (1, "crypto_bignum_init_set;sae_test_pwd_seed_ffc"), + (1, "crypto_bignum_exptmod;sae_test_pwd_seed_ffc"), + (1, "crypto_bignum_init;sae_derive_pwe_ffc"), + (1, "crypto_bignum_init;sae_derive_commit_element_ffc"), + (1, "crypto_bignum_exptmod;sae_derive_commit_element_ffc"), + (1, "crypto_bignum_inverse;sae_derive_commit_element_ffc"), + (1, "crypto_bignum_init;sae_derive_k_ffc"), + (1, "crypto_bignum_exptmod;sae_derive_k_ffc"), + (1, "crypto_bignum_mulmod;sae_derive_k_ffc"), + (2, "crypto_bignum_exptmod;sae_derive_k_ffc"), + (1, "crypto_bignum_to_bin;sae_derive_k_ffc"), + (1, "crypto_bignum_init_set;sae_parse_commit_element_ffc"), + (1, "crypto_bignum_init;sae_parse_commit_element_ffc"), + (2, "crypto_bignum_init_set;sae_parse_commit_element_ffc"), + (1, "crypto_bignum_exptmod;sae_parse_commit_element_ffc") ] + for count, func in tests: + with fail_test(dev[0], count, func): + dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE", + scan_freq="2412", wait_connect=False) + wait_fail_trigger(dev[0], "GET_FAIL") + dev[0].request("REMOVE_NETWORK all") + + dev[0].request("SET sae_groups 22") + tests = [ (1, "crypto_bignum_init_set;sae_test_pwd_seed_ffc"), + (1, "crypto_bignum_sub;sae_test_pwd_seed_ffc"), + (1, "crypto_bignum_div;sae_test_pwd_seed_ffc") ] + for count, func in tests: + with fail_test(dev[0], count, func): + dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE", + scan_freq="2412", wait_connect=False) + wait_fail_trigger(dev[0], "GET_FAIL") + dev[0].request("REMOVE_NETWORK all")