tests: Verify that SAE is supported for test cases requiring it
This makes it more convenient to run tests with wpa_supplicant builds that do not support SAE (e.g., due to crypto library not providing sufficient functionality for this). Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
db5adfe777
commit
b9749b6aaa
4 changed files with 49 additions and 16 deletions
|
|
@ -267,6 +267,8 @@ def test_ap_ft_over_ds_pull(dev, apdev):
|
|||
|
||||
def test_ap_ft_sae(dev, apdev):
|
||||
"""WPA2-PSK-FT-SAE AP"""
|
||||
if "SAE" not in dev[0].get_capability("auth_alg"):
|
||||
raise HwsimSkip("SAE not supported")
|
||||
ssid = "test-ft"
|
||||
passphrase="12345678"
|
||||
|
||||
|
|
@ -285,6 +287,8 @@ def test_ap_ft_sae(dev, apdev):
|
|||
|
||||
def test_ap_ft_sae_over_ds(dev, apdev):
|
||||
"""WPA2-PSK-FT-SAE AP over DS"""
|
||||
if "SAE" not in dev[0].get_capability("auth_alg"):
|
||||
raise HwsimSkip("SAE not supported")
|
||||
ssid = "test-ft"
|
||||
passphrase="12345678"
|
||||
|
||||
|
|
|
|||
|
|
@ -12,6 +12,7 @@ import hwsim_utils
|
|||
|
||||
def test_ap_mixed_security(dev, apdev):
|
||||
"""WPA/WPA2 with PSK, EAP, SAE, FT in a single BSS"""
|
||||
sae = "SAE" in dev[0].get_capability("auth_alg")
|
||||
ssid = "test-mixed"
|
||||
passphrase = 'qwertyuiop'
|
||||
params = hostapd.wpa_mixed_params(ssid=ssid, passphrase=passphrase)
|
||||
|
|
@ -28,12 +29,13 @@ def test_ap_mixed_security(dev, apdev):
|
|||
identity="gpsk user",
|
||||
password="abcdefghijklmnop0123456789abcdef",
|
||||
scan_freq="2412")
|
||||
dev[2].connect(ssid, psk=passphrase, key_mgmt="SAE", scan_freq="2412")
|
||||
if sae:
|
||||
dev[2].connect(ssid, psk=passphrase, key_mgmt="SAE", scan_freq="2412")
|
||||
|
||||
bss = dev[0].get_bss(apdev[0]['bssid'])
|
||||
if "[WPA-EAP+PSK-TKIP]" not in bss['flags']:
|
||||
raise Exception("Unexpected flags (WPA): " + bss['flags'])
|
||||
if "[WPA2-EAP+PSK+SAE+FT/EAP+FT/PSK+FT/SAE+EAP-SHA256+PSK-SHA256-CCMP]" not in bss['flags']:
|
||||
if sae and "[WPA2-EAP+PSK+SAE+FT/EAP+FT/PSK+FT/SAE+EAP-SHA256+PSK-SHA256-CCMP]" not in bss['flags']:
|
||||
raise Exception("Unexpected flags (WPA2): " + bss['flags'])
|
||||
|
||||
if dev[0].get_status_field("key_mgmt") != "WPA-PSK":
|
||||
|
|
@ -42,14 +44,16 @@ def test_ap_mixed_security(dev, apdev):
|
|||
raise Exception("Unexpected pairwise(1)")
|
||||
if dev[1].get_status_field("key_mgmt") != "WPA2-EAP-SHA256":
|
||||
raise Exception("Unexpected key_mgmt(2)")
|
||||
if dev[2].get_status_field("key_mgmt") != "SAE":
|
||||
if sae and dev[2].get_status_field("key_mgmt") != "SAE":
|
||||
raise Exception("Unexpected key_mgmt(3)")
|
||||
|
||||
hwsim_utils.test_connectivity(dev[0], dev[1])
|
||||
hwsim_utils.test_connectivity(dev[1], dev[2])
|
||||
hwsim_utils.test_connectivity(dev[0], dev[2])
|
||||
if sae:
|
||||
hwsim_utils.test_connectivity(dev[1], dev[2])
|
||||
hwsim_utils.test_connectivity(dev[0], dev[2])
|
||||
for i in range(3):
|
||||
hwsim_utils.test_connectivity(dev[i], hapd)
|
||||
if i < 2 or sae:
|
||||
hwsim_utils.test_connectivity(dev[i], hapd)
|
||||
dev[i].request("DISCONNECT")
|
||||
|
||||
dev[0].connect(ssid, key_mgmt="WPA-PSK WPA-PSK-SHA256", psk=passphrase,
|
||||
|
|
@ -58,8 +62,9 @@ def test_ap_mixed_security(dev, apdev):
|
|||
identity="gpsk user",
|
||||
password="abcdefghijklmnop0123456789abcdef",
|
||||
scan_freq="2412")
|
||||
dev[2].connect(ssid, key_mgmt="WPA-PSK WPA-PSK-SHA256 SAE", psk=passphrase,
|
||||
scan_freq="2412")
|
||||
if sae:
|
||||
dev[2].connect(ssid, key_mgmt="WPA-PSK WPA-PSK-SHA256 SAE",
|
||||
psk=passphrase, scan_freq="2412")
|
||||
|
||||
if dev[0].get_status_field("key_mgmt") != "WPA2-PSK-SHA256":
|
||||
raise Exception("Unexpected key_mgmt(1b)")
|
||||
|
|
@ -67,7 +72,7 @@ def test_ap_mixed_security(dev, apdev):
|
|||
raise Exception("Unexpected pairwise(1b)")
|
||||
if dev[1].get_status_field("key_mgmt") != "WPA/IEEE 802.1X/EAP":
|
||||
raise Exception("Unexpected key_mgmt(2b)")
|
||||
if dev[2].get_status_field("key_mgmt") != "SAE":
|
||||
if sae and dev[2].get_status_field("key_mgmt") != "SAE":
|
||||
raise Exception("Unexpected key_mgmt(3b)")
|
||||
|
||||
for i in range(3):
|
||||
|
|
@ -77,11 +82,13 @@ def test_ap_mixed_security(dev, apdev):
|
|||
dev[1].connect(ssid, key_mgmt="FT-EAP", eap="GPSK", identity="gpsk user",
|
||||
password="abcdefghijklmnop0123456789abcdef",
|
||||
scan_freq="2412")
|
||||
dev[2].connect(ssid, psk=passphrase, key_mgmt="FT-SAE", scan_freq="2412")
|
||||
if sae:
|
||||
dev[2].connect(ssid, psk=passphrase, key_mgmt="FT-SAE",
|
||||
scan_freq="2412")
|
||||
|
||||
if dev[0].get_status_field("key_mgmt") != "FT-PSK":
|
||||
raise Exception("Unexpected key_mgmt(1c)")
|
||||
if dev[1].get_status_field("key_mgmt") != "FT-EAP":
|
||||
raise Exception("Unexpected key_mgmt(2c)")
|
||||
if dev[2].get_status_field("key_mgmt") != "FT-SAE":
|
||||
if sae and dev[2].get_status_field("key_mgmt") != "FT-SAE":
|
||||
raise Exception("Unexpected key_mgmt(3c)")
|
||||
|
|
|
|||
|
|
@ -18,6 +18,8 @@ from test_ap_psk import find_wpas_process, read_process_memory, verify_not_prese
|
|||
|
||||
def test_sae(dev, apdev):
|
||||
"""SAE with default group"""
|
||||
if "SAE" not in dev[0].get_capability("auth_alg"):
|
||||
raise HwsimSkip("SAE not supported")
|
||||
params = hostapd.wpa2_params(ssid="test-sae",
|
||||
passphrase="12345678")
|
||||
params['wpa_key_mgmt'] = 'SAE'
|
||||
|
|
@ -39,6 +41,8 @@ def test_sae(dev, apdev):
|
|||
|
||||
def test_sae_pmksa_caching(dev, apdev):
|
||||
"""SAE and PMKSA caching"""
|
||||
if "SAE" not in dev[0].get_capability("auth_alg"):
|
||||
raise HwsimSkip("SAE not supported")
|
||||
params = hostapd.wpa2_params(ssid="test-sae",
|
||||
passphrase="12345678")
|
||||
params['wpa_key_mgmt'] = 'SAE'
|
||||
|
|
@ -55,6 +59,8 @@ def test_sae_pmksa_caching(dev, apdev):
|
|||
|
||||
def test_sae_pmksa_caching_disabled(dev, apdev):
|
||||
"""SAE and PMKSA caching disabled"""
|
||||
if "SAE" not in dev[0].get_capability("auth_alg"):
|
||||
raise HwsimSkip("SAE not supported")
|
||||
params = hostapd.wpa2_params(ssid="test-sae",
|
||||
passphrase="12345678")
|
||||
params['wpa_key_mgmt'] = 'SAE'
|
||||
|
|
@ -72,6 +78,8 @@ def test_sae_pmksa_caching_disabled(dev, apdev):
|
|||
|
||||
def test_sae_groups(dev, apdev):
|
||||
"""SAE with all supported groups"""
|
||||
if "SAE" not in dev[0].get_capability("auth_alg"):
|
||||
raise HwsimSkip("SAE not supported")
|
||||
# This would be the full list of supported groups, but groups 14-16
|
||||
# (2048-4096 bit MODP) are a bit too slow on some VMs and can result in
|
||||
# hitting mac80211 authentication timeout, so skip them for now.
|
||||
|
|
@ -95,6 +103,8 @@ def test_sae_groups(dev, apdev):
|
|||
|
||||
def test_sae_group_nego(dev, apdev):
|
||||
"""SAE group negotiation"""
|
||||
if "SAE" not in dev[0].get_capability("auth_alg"):
|
||||
raise HwsimSkip("SAE not supported")
|
||||
params = hostapd.wpa2_params(ssid="test-sae-group-nego",
|
||||
passphrase="12345678")
|
||||
params['wpa_key_mgmt'] = 'SAE'
|
||||
|
|
@ -109,6 +119,8 @@ def test_sae_group_nego(dev, apdev):
|
|||
|
||||
def test_sae_anti_clogging(dev, apdev):
|
||||
"""SAE anti clogging"""
|
||||
if "SAE" not in dev[0].get_capability("auth_alg"):
|
||||
raise HwsimSkip("SAE not supported")
|
||||
params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678")
|
||||
params['wpa_key_mgmt'] = 'SAE'
|
||||
params['sae_anti_clogging_threshold'] = '1'
|
||||
|
|
@ -128,6 +140,8 @@ def test_sae_anti_clogging(dev, apdev):
|
|||
|
||||
def test_sae_forced_anti_clogging(dev, apdev):
|
||||
"""SAE anti clogging (forced)"""
|
||||
if "SAE" not in dev[0].get_capability("auth_alg"):
|
||||
raise HwsimSkip("SAE not supported")
|
||||
params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678")
|
||||
params['wpa_key_mgmt'] = 'SAE WPA-PSK'
|
||||
params['sae_anti_clogging_threshold'] = '0'
|
||||
|
|
@ -140,6 +154,8 @@ def test_sae_forced_anti_clogging(dev, apdev):
|
|||
|
||||
def test_sae_mixed(dev, apdev):
|
||||
"""Mixed SAE and non-SAE network"""
|
||||
if "SAE" not in dev[0].get_capability("auth_alg"):
|
||||
raise HwsimSkip("SAE not supported")
|
||||
params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678")
|
||||
params['wpa_key_mgmt'] = 'SAE WPA-PSK'
|
||||
params['sae_anti_clogging_threshold'] = '0'
|
||||
|
|
@ -153,6 +169,8 @@ def test_sae_mixed(dev, apdev):
|
|||
|
||||
def test_sae_missing_password(dev, apdev):
|
||||
"""SAE and missing password"""
|
||||
if "SAE" not in dev[0].get_capability("auth_alg"):
|
||||
raise HwsimSkip("SAE not supported")
|
||||
params = hostapd.wpa2_params(ssid="test-sae",
|
||||
passphrase="12345678")
|
||||
params['wpa_key_mgmt'] = 'SAE'
|
||||
|
|
@ -169,6 +187,8 @@ def test_sae_missing_password(dev, apdev):
|
|||
|
||||
def test_sae_key_lifetime_in_memory(dev, apdev, params):
|
||||
"""SAE and key lifetime in memory"""
|
||||
if "SAE" not in dev[0].get_capability("auth_alg"):
|
||||
raise HwsimSkip("SAE not supported")
|
||||
password = "5ad144a7c1f5a5503baa6fa01dabc15b1843e8c01662d78d16b70b5cd23cf8b"
|
||||
p = hostapd.wpa2_params(ssid="test-sae", passphrase=password)
|
||||
p['wpa_key_mgmt'] = 'SAE'
|
||||
|
|
|
|||
|
|
@ -14,10 +14,12 @@ import hwsim_utils
|
|||
from wpasupplicant import WpaSupplicant
|
||||
from utils import HwsimSkip
|
||||
|
||||
def check_mesh_support(dev):
|
||||
def check_mesh_support(dev, secure=False):
|
||||
flags = int(dev.get_driver_status_field('capa.flags'), 16)
|
||||
if flags & 0x100000000 == 0:
|
||||
raise HwsimSkip("Driver does not support mesh")
|
||||
if secure and "SAE" not in dev.get_capability("auth_alg"):
|
||||
raise HwsimSkip("SAE not supported")
|
||||
|
||||
def check_mesh_scan(dev, params, other_started=False, beacon_int=0):
|
||||
if not other_started:
|
||||
|
|
@ -232,7 +234,7 @@ def add_mesh_secure_net(dev, psk=True):
|
|||
|
||||
def test_wpas_mesh_secure(dev, apdev):
|
||||
"""wpa_supplicant secure MESH network connectivity"""
|
||||
check_mesh_support(dev[0])
|
||||
check_mesh_support(dev[0], secure=True)
|
||||
dev[0].request("SET sae_groups ")
|
||||
id = add_mesh_secure_net(dev[0])
|
||||
dev[0].mesh_group_add(id)
|
||||
|
|
@ -254,7 +256,7 @@ def test_wpas_mesh_secure(dev, apdev):
|
|||
|
||||
def test_wpas_mesh_secure_sae_group_mismatch(dev, apdev):
|
||||
"""wpa_supplicant secure MESH and SAE group mismatch"""
|
||||
check_mesh_support(dev[0])
|
||||
check_mesh_support(dev[0], secure=True)
|
||||
addr0 = dev[0].p2p_interface_addr()
|
||||
addr1 = dev[1].p2p_interface_addr()
|
||||
addr2 = dev[2].p2p_interface_addr()
|
||||
|
|
@ -305,7 +307,7 @@ def test_wpas_mesh_secure_sae_group_mismatch(dev, apdev):
|
|||
|
||||
def test_wpas_mesh_secure_sae_missing_password(dev, apdev):
|
||||
"""wpa_supplicant secure MESH and missing SAE password"""
|
||||
check_mesh_support(dev[0])
|
||||
check_mesh_support(dev[0], secure=True)
|
||||
id = add_mesh_secure_net(dev[0], psk=False)
|
||||
dev[0].set_network(id, "psk", "8f20b381f9b84371d61b5080ad85cac3c61ab3ca9525be5b2d0f4da3d979187a")
|
||||
dev[0].mesh_group_add(id)
|
||||
|
|
@ -321,7 +323,7 @@ def test_wpas_mesh_secure_sae_missing_password(dev, apdev):
|
|||
|
||||
def test_wpas_mesh_secure_no_auto(dev, apdev):
|
||||
"""wpa_supplicant secure MESH network connectivity"""
|
||||
check_mesh_support(dev[0])
|
||||
check_mesh_support(dev[0], secure=True)
|
||||
dev[0].request("SET sae_groups 19")
|
||||
id = add_mesh_secure_net(dev[0])
|
||||
dev[0].mesh_group_add(id)
|
||||
|
|
|
|||
Loading…
Reference in a new issue