DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

tests: Enable and require PMF in SAE and OWE test cases with sigma_dut

Browse source 
All SAE and OWE associations are expected to require PMF to be
negotiated, so enable or require PMF in AP and STA configurations
accordingly to match the new sigma_dut behavior.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2018-01-04 17:06:40 +02:00 committed by Jouni Malinen
parent b7ed94834d
commit 7b498ecafb
1 changed files with 39 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

55
tests/hwsim/test_sigma_dut.py
View file

@ -253,6 +253,7 @@ def test_sigma_dut_sae(dev, apdev):
ssid = "test-sae" ssid = "test-sae"
params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678") params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
params['wpa_key_mgmt'] = 'SAE' params['wpa_key_mgmt'] = 'SAE'
params["ieee80211w"] = "2"
hapd = hostapd.add_ap(apdev[0], params) hapd = hostapd.add_ap(apdev[0], params)
sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname) sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
@ -292,6 +293,7 @@ def test_sigma_dut_sae_password(dev, apdev):
params = hostapd.wpa2_params(ssid=ssid) params = hostapd.wpa2_params(ssid=ssid)
params['sae_password'] = 100*'B' params['sae_password'] = 100*'B'
params['wpa_key_mgmt'] = 'SAE' params['wpa_key_mgmt'] = 'SAE'
params["ieee80211w"] = "2"
hapd = hostapd.add_ap(apdev[0], params) hapd = hostapd.add_ap(apdev[0], params)
sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname) sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
@ -595,12 +597,14 @@ def test_sigma_dut_ap_override_rsne(dev, apdev):
finally: finally:
stop_sigma_dut(sigma) stop_sigma_dut(sigma)
def test_sigma_dut_ap_sae(dev, apdev): def test_sigma_dut_ap_sae(dev, apdev, params):
"""sigma_dut controlled AP with SAE""" """sigma_dut controlled AP with SAE"""
logdir = os.path.join(params['logdir'],
"sigma_dut_ap_sae.sigma-hostapd")
if "SAE" not in dev[0].get_capability("auth_alg"): if "SAE" not in dev[0].get_capability("auth_alg"):
raise HwsimSkip("SAE not supported") raise HwsimSkip("SAE not supported")
with HWSimRadio() as (radio, iface): with HWSimRadio() as (radio, iface):
sigma = start_sigma_dut(iface) sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
try: try:
sigma_dut_cmd_check("ap_reset_default") sigma_dut_cmd_check("ap_reset_default")
sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng") sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
@ -609,7 +613,7 @@ def test_sigma_dut_ap_sae(dev, apdev):
dev[0].request("SET sae_groups ") dev[0].request("SET sae_groups ")
dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678", dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
scan_freq="2412") ieee80211w="2", scan_freq="2412")
if dev[0].get_status_field('sae_group') != '19': if dev[0].get_status_field('sae_group') != '19':
raise Exception("Expected default SAE group not used") raise Exception("Expected default SAE group not used")
@ -617,12 +621,14 @@ def test_sigma_dut_ap_sae(dev, apdev):
finally: finally:
stop_sigma_dut(sigma) stop_sigma_dut(sigma)
def test_sigma_dut_ap_sae_password(dev, apdev): def test_sigma_dut_ap_sae_password(dev, apdev, params):
"""sigma_dut controlled AP with SAE and long password""" """sigma_dut controlled AP with SAE and long password"""
logdir = os.path.join(params['logdir'],
"sigma_dut_ap_sae_password.sigma-hostapd")
if "SAE" not in dev[0].get_capability("auth_alg"): if "SAE" not in dev[0].get_capability("auth_alg"):
raise HwsimSkip("SAE not supported") raise HwsimSkip("SAE not supported")
with HWSimRadio() as (radio, iface): with HWSimRadio() as (radio, iface):
sigma = start_sigma_dut(iface) sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
try: try:
sigma_dut_cmd_check("ap_reset_default") sigma_dut_cmd_check("ap_reset_default")
sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng") sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
@ -631,7 +637,7 @@ def test_sigma_dut_ap_sae_password(dev, apdev):
dev[0].request("SET sae_groups ") dev[0].request("SET sae_groups ")
dev[0].connect("test-sae", key_mgmt="SAE", sae_password=100*'C', dev[0].connect("test-sae", key_mgmt="SAE", sae_password=100*'C',
scan_freq="2412") ieee80211w="2", scan_freq="2412")
if dev[0].get_status_field('sae_group') != '19': if dev[0].get_status_field('sae_group') != '19':
raise Exception("Expected default SAE group not used") raise Exception("Expected default SAE group not used")
@ -639,12 +645,14 @@ def test_sigma_dut_ap_sae_password(dev, apdev):
finally: finally:
stop_sigma_dut(sigma) stop_sigma_dut(sigma)
def test_sigma_dut_ap_sae_group(dev, apdev): def test_sigma_dut_ap_sae_group(dev, apdev, params):
"""sigma_dut controlled AP with SAE and specific group""" """sigma_dut controlled AP with SAE and specific group"""
logdir = os.path.join(params['logdir'],
"sigma_dut_ap_sae_group.sigma-hostapd")
if "SAE" not in dev[0].get_capability("auth_alg"): if "SAE" not in dev[0].get_capability("auth_alg"):
raise HwsimSkip("SAE not supported") raise HwsimSkip("SAE not supported")
with HWSimRadio() as (radio, iface): with HWSimRadio() as (radio, iface):
sigma = start_sigma_dut(iface) sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
try: try:
sigma_dut_cmd_check("ap_reset_default") sigma_dut_cmd_check("ap_reset_default")
sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng") sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
@ -653,7 +661,7 @@ def test_sigma_dut_ap_sae_group(dev, apdev):
dev[0].request("SET sae_groups ") dev[0].request("SET sae_groups ")
dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678", dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
scan_freq="2412") ieee80211w="2", scan_freq="2412")
if dev[0].get_status_field('sae_group') != '20': if dev[0].get_status_field('sae_group') != '20':
raise Exception("Expected SAE group not used") raise Exception("Expected SAE group not used")
@ -661,23 +669,33 @@ def test_sigma_dut_ap_sae_group(dev, apdev):
finally: finally:
stop_sigma_dut(sigma) stop_sigma_dut(sigma)
def test_sigma_dut_ap_psk_sae(dev, apdev): def test_sigma_dut_ap_psk_sae(dev, apdev, params):
"""sigma_dut controlled AP with PSK+SAE""" """sigma_dut controlled AP with PSK+SAE"""
if "SAE" not in dev[0].get_capability("auth_alg"): if "SAE" not in dev[0].get_capability("auth_alg"):
raise HwsimSkip("SAE not supported") raise HwsimSkip("SAE not supported")
logdir = os.path.join(params['logdir'],
"sigma_dut_ap_psk_sae.sigma-hostapd")
with HWSimRadio() as (radio, iface): with HWSimRadio() as (radio, iface):
sigma = start_sigma_dut(iface) sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
try: try:
sigma_dut_cmd_check("ap_reset_default") sigma_dut_cmd_check("ap_reset_default")
sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng") sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK-SAE,PSK,12345678") sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK-SAE,PSK,12345678")
sigma_dut_cmd_check("ap_config_commit,NAME,AP") sigma_dut_cmd_check("ap_config_commit,NAME,AP")
dev[2].request("SET sae_groups ")
dev[2].connect("test-sae", key_mgmt="SAE", psk="12345678",
scan_freq="2412", ieee80211w="0", wait_connect=False)
dev[0].request("SET sae_groups ") dev[0].request("SET sae_groups ")
dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678", dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
scan_freq="2412") scan_freq="2412", ieee80211w="2")
dev[1].connect("test-sae", psk="12345678", scan_freq="2412") dev[1].connect("test-sae", psk="12345678", scan_freq="2412")
ev = dev[2].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.1)
dev[2].request("DISCONNECT")
if ev is not None:
raise Exception("Unexpected connection without PMF")
sigma_dut_cmd_check("ap_reset_default") sigma_dut_cmd_check("ap_reset_default")
finally: finally:
stop_sigma_dut(sigma) stop_sigma_dut(sigma)
@ -700,6 +718,7 @@ def run_sigma_dut_owe(dev, apdev):
params = { "ssid": "owe", params = { "ssid": "owe",
"wpa": "2", "wpa": "2",
"wpa_key_mgmt": "OWE", "wpa_key_mgmt": "OWE",
"ieee80211w": "2",
"rsn_pairwise": "CCMP" } "rsn_pairwise": "CCMP" }
hapd = hostapd.add_ap(apdev[0], params) hapd = hostapd.add_ap(apdev[0], params)
bssid = hapd.own_addr() bssid = hapd.own_addr()
@ -743,19 +762,22 @@ def run_sigma_dut_owe(dev, apdev):
finally: finally:
stop_sigma_dut(sigma) stop_sigma_dut(sigma)
def test_sigma_dut_ap_owe(dev, apdev): def test_sigma_dut_ap_owe(dev, apdev, params):
"""sigma_dut controlled AP with OWE""" """sigma_dut controlled AP with OWE"""
logdir = os.path.join(params['logdir'],
"sigma_dut_ap_owe.sigma-hostapd")
if "OWE" not in dev[0].get_capability("key_mgmt"): if "OWE" not in dev[0].get_capability("key_mgmt"):
raise HwsimSkip("OWE not supported") raise HwsimSkip("OWE not supported")
with HWSimRadio() as (radio, iface): with HWSimRadio() as (radio, iface):
sigma = start_sigma_dut(iface) sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
try: try:
sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3") sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng") sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE") sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE")
sigma_dut_cmd_check("ap_config_commit,NAME,AP") sigma_dut_cmd_check("ap_config_commit,NAME,AP")
dev[0].connect("owe", key_mgmt="OWE", scan_freq="2412") dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
scan_freq="2412")
sigma_dut_cmd_check("ap_reset_default") sigma_dut_cmd_check("ap_reset_default")
finally: finally:
@ -816,7 +838,8 @@ def test_sigma_dut_ap_owe_transition_mode(dev, apdev, params):
res1 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,1,Interface,24G") res1 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,1,Interface,24G")
res2 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,2,Interface,24G") res2 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,2,Interface,24G")
dev[0].connect("owe", key_mgmt="OWE", scan_freq="2412") dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
scan_freq="2412")
dev[1].connect("owe", key_mgmt="NONE", scan_freq="2412") dev[1].connect("owe", key_mgmt="NONE", scan_freq="2412")
if dev[0].get_status_field('bssid') not in res1: if dev[0].get_status_field('bssid') not in res1:
raise Exception("Unexpected ap_get_mac_address WLAN_TAG,1: " + res1) raise Exception("Unexpected ap_get_mac_address WLAN_TAG,1: " + res1)