tests: PMF group mgmt cipher constraints
Verify new wpa_supplicant group_mgmt parameter functionality. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
61a56c1480
commit
53041e75d2
1 changed files with 56 additions and 2 deletions
|
@ -28,7 +28,7 @@ def check_cipher(dev, ap, cipher):
|
||||||
pairwise=cipher, group=cipher, scan_freq="2412")
|
pairwise=cipher, group=cipher, scan_freq="2412")
|
||||||
hwsim_utils.test_connectivity(dev, hapd)
|
hwsim_utils.test_connectivity(dev, hapd)
|
||||||
|
|
||||||
def check_group_mgmt_cipher(dev, ap, cipher):
|
def check_group_mgmt_cipher(dev, ap, cipher, sta_req_cipher=None):
|
||||||
if cipher not in dev.get_capability("group_mgmt"):
|
if cipher not in dev.get_capability("group_mgmt"):
|
||||||
raise HwsimSkip("Cipher %s not supported" % cipher)
|
raise HwsimSkip("Cipher %s not supported" % cipher)
|
||||||
params = { "ssid": "test-wpa2-psk-pmf",
|
params = { "ssid": "test-wpa2-psk-pmf",
|
||||||
|
@ -46,7 +46,7 @@ def check_group_mgmt_cipher(dev, ap, cipher):
|
||||||
wt.add_passphrase("12345678")
|
wt.add_passphrase("12345678")
|
||||||
|
|
||||||
dev.connect("test-wpa2-psk-pmf", psk="12345678", ieee80211w="2",
|
dev.connect("test-wpa2-psk-pmf", psk="12345678", ieee80211w="2",
|
||||||
key_mgmt="WPA-PSK-SHA256",
|
key_mgmt="WPA-PSK-SHA256", group_mgmt=sta_req_cipher,
|
||||||
pairwise="CCMP", group="CCMP", scan_freq="2412")
|
pairwise="CCMP", group="CCMP", scan_freq="2412")
|
||||||
hwsim_utils.test_connectivity(dev, hapd)
|
hwsim_utils.test_connectivity(dev, hapd)
|
||||||
hapd.request("DEAUTHENTICATE ff:ff:ff:ff:ff:ff")
|
hapd.request("DEAUTHENTICATE ff:ff:ff:ff:ff:ff")
|
||||||
|
@ -278,14 +278,68 @@ def test_ap_cipher_bip(dev, apdev):
|
||||||
"""WPA2-PSK with BIP"""
|
"""WPA2-PSK with BIP"""
|
||||||
check_group_mgmt_cipher(dev[0], apdev[0], "AES-128-CMAC")
|
check_group_mgmt_cipher(dev[0], apdev[0], "AES-128-CMAC")
|
||||||
|
|
||||||
|
def test_ap_cipher_bip_req(dev, apdev):
|
||||||
|
"""WPA2-PSK with BIP required"""
|
||||||
|
check_group_mgmt_cipher(dev[0], apdev[0], "AES-128-CMAC", "AES-128-CMAC")
|
||||||
|
|
||||||
|
def test_ap_cipher_bip_req2(dev, apdev):
|
||||||
|
"""WPA2-PSK with BIP required (2)"""
|
||||||
|
check_group_mgmt_cipher(dev[0], apdev[0], "AES-128-CMAC",
|
||||||
|
"AES-128-CMAC BIP-GMAC-128 BIP-GMAC-256 BIP-CMAC-256")
|
||||||
|
|
||||||
def test_ap_cipher_bip_gmac_128(dev, apdev):
|
def test_ap_cipher_bip_gmac_128(dev, apdev):
|
||||||
"""WPA2-PSK with BIP-GMAC-128"""
|
"""WPA2-PSK with BIP-GMAC-128"""
|
||||||
check_group_mgmt_cipher(dev[0], apdev[0], "BIP-GMAC-128")
|
check_group_mgmt_cipher(dev[0], apdev[0], "BIP-GMAC-128")
|
||||||
|
|
||||||
|
def test_ap_cipher_bip_gmac_128_req(dev, apdev):
|
||||||
|
"""WPA2-PSK with BIP-GMAC-128 required"""
|
||||||
|
check_group_mgmt_cipher(dev[0], apdev[0], "BIP-GMAC-128", "BIP-GMAC-128")
|
||||||
|
|
||||||
def test_ap_cipher_bip_gmac_256(dev, apdev):
|
def test_ap_cipher_bip_gmac_256(dev, apdev):
|
||||||
"""WPA2-PSK with BIP-GMAC-256"""
|
"""WPA2-PSK with BIP-GMAC-256"""
|
||||||
check_group_mgmt_cipher(dev[0], apdev[0], "BIP-GMAC-256")
|
check_group_mgmt_cipher(dev[0], apdev[0], "BIP-GMAC-256")
|
||||||
|
|
||||||
|
def test_ap_cipher_bip_gmac_256_req(dev, apdev):
|
||||||
|
"""WPA2-PSK with BIP-GMAC-256 required"""
|
||||||
|
check_group_mgmt_cipher(dev[0], apdev[0], "BIP-GMAC-256", "BIP-GMAC-256")
|
||||||
|
|
||||||
def test_ap_cipher_bip_cmac_256(dev, apdev):
|
def test_ap_cipher_bip_cmac_256(dev, apdev):
|
||||||
"""WPA2-PSK with BIP-CMAC-256"""
|
"""WPA2-PSK with BIP-CMAC-256"""
|
||||||
check_group_mgmt_cipher(dev[0], apdev[0], "BIP-CMAC-256")
|
check_group_mgmt_cipher(dev[0], apdev[0], "BIP-CMAC-256")
|
||||||
|
|
||||||
|
def test_ap_cipher_bip_cmac_256_req(dev, apdev):
|
||||||
|
"""WPA2-PSK with BIP-CMAC-256 required"""
|
||||||
|
check_group_mgmt_cipher(dev[0], apdev[0], "BIP-CMAC-256", "BIP-CMAC-256")
|
||||||
|
|
||||||
|
def test_ap_cipher_bip_req_mismatch(dev, apdev):
|
||||||
|
"""WPA2-PSK with BIP cipher mismatch"""
|
||||||
|
group_mgmt = dev[0].get_capability("group_mgmt")
|
||||||
|
for cipher in [ "AES-128-CMAC", "BIP-GMAC-256" ]:
|
||||||
|
if cipher not in group_mgmt:
|
||||||
|
raise HwsimSkip("Cipher %s not supported" % cipher)
|
||||||
|
|
||||||
|
params = { "ssid": "test-wpa2-psk-pmf",
|
||||||
|
"wpa_passphrase": "12345678",
|
||||||
|
"wpa": "2",
|
||||||
|
"ieee80211w": "2",
|
||||||
|
"wpa_key_mgmt": "WPA-PSK-SHA256",
|
||||||
|
"rsn_pairwise": "CCMP",
|
||||||
|
"group_mgmt_cipher": "AES-128-CMAC" }
|
||||||
|
hapd = hostapd.add_ap(apdev[0], params)
|
||||||
|
|
||||||
|
dev[0].scan_for_bss(hapd.own_addr(), 2412)
|
||||||
|
id = dev[0].connect("test-wpa2-psk-pmf", psk="12345678", ieee80211w="2",
|
||||||
|
key_mgmt="WPA-PSK-SHA256", group_mgmt="BIP-GMAC-256",
|
||||||
|
pairwise="CCMP", group="CCMP", scan_freq="2412",
|
||||||
|
wait_connect=False)
|
||||||
|
ev = dev[0].wait_event(["CTRL-EVENT-NETWORK-NOT-FOUND",
|
||||||
|
"CTRL-EVENT-CONNECTED"], timeout=10)
|
||||||
|
if ev is None:
|
||||||
|
raise Exception("Network selection result not indicated")
|
||||||
|
if "CTRL-EVENT-CONNECTED" in ev:
|
||||||
|
raise Exception("Unexpected connection")
|
||||||
|
|
||||||
|
dev[0].request("DISCONNECT")
|
||||||
|
dev[0].set_network(id, "group_mgmt", "AES-128-CMAC")
|
||||||
|
dev[0].select_network(id)
|
||||||
|
dev[0].wait_connected()
|
||||||
|
|
Loading…
Reference in a new issue