From f321705e3142ea60e4d7480615c6e8ed81a79557 Mon Sep 17 00:00:00 2001 From: Ilan Peer Date: Tue, 23 May 2023 13:14:55 +0300 Subject: [PATCH] tests: Add basic test for 802.1X-SHA384 with EAP-PSK Signed-off-by: Ilan Peer --- tests/hwsim/test_ap_eap.py | 35 +++++++++++++++++++++++++++++------ 1 file changed, 29 insertions(+), 6 deletions(-) diff --git a/tests/hwsim/test_ap_eap.py b/tests/hwsim/test_ap_eap.py index 6f969dbba..7f36618b8 100644 --- a/tests/hwsim/test_ap_eap.py +++ b/tests/hwsim/test_ap_eap.py @@ -152,8 +152,8 @@ def read_pem(fname, decode=True): def eap_connect(dev, hapd, method, identity, raw_identity=None, sha256=False, expect_failure=False, local_error_report=False, maybe_local_error=False, report_failure=False, - expect_cert_error=None, **kwargs): - id = dev.connect("test-wpa2-eap", key_mgmt="WPA-EAP WPA-EAP-SHA256", + expect_cert_error=None, sha384=False, **kwargs): + id = dev.connect("test-wpa2-eap", key_mgmt="WPA-EAP WPA-EAP-SHA256 WPA-EAP-SHA384", eap=method, identity=identity, raw_identity=raw_identity, wait_connect=False, scan_freq="2412", ieee80211w="1", **kwargs) @@ -162,7 +162,8 @@ def eap_connect(dev, hapd, method, identity, raw_identity=None, local_error_report=local_error_report, maybe_local_error=maybe_local_error, report_failure=report_failure, - expect_cert_error=expect_cert_error) + expect_cert_error=expect_cert_error, + sha384=sha384) if expect_failure: return id if hapd: @@ -174,7 +175,7 @@ def eap_connect(dev, hapd, method, identity, raw_identity=None, def eap_check_auth(dev, method, initial, rsn=True, sha256=False, expect_failure=False, local_error_report=False, maybe_local_error=False, report_failure=False, - expect_cert_error=None): + expect_cert_error=None, sha384=False): ev = dev.wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=16) if ev is None: raise Exception("Association and EAP start timed out") @@ -239,6 +240,8 @@ def eap_check_auth(dev, method, initial, rsn=True, sha256=False, raise Exception("Incorrect EAP method status") if sha256: e = "WPA2-EAP-SHA256" + elif sha384: + e = "WPA2-EAP-SHA384" elif rsn: e = "WPA2/IEEE 802.1X/EAP" else: @@ -247,10 +250,10 @@ def eap_check_auth(dev, method, initial, rsn=True, sha256=False, raise Exception("Unexpected key_mgmt status: " + status["key_mgmt"]) return status -def eap_reauth(dev, method, rsn=True, sha256=False, expect_failure=False): +def eap_reauth(dev, method, rsn=True, sha256=False, expect_failure=False, sha384=False): dev.request("REAUTHENTICATE") return eap_check_auth(dev, method, False, rsn=rsn, sha256=sha256, - expect_failure=expect_failure) + expect_failure=expect_failure, sha384=sha384) def test_ap_wpa2_eap_sim(dev, apdev): """WPA2-Enterprise connection using EAP-SIM""" @@ -7837,3 +7840,23 @@ def test_ap_wpa3_eap_transition_disable(dev, apdev): dev[0].wait_disconnected() dev[0].request("RECONNECT") dev[0].wait_connected() + +def test_ap_wpa2_eap_sha384_psk(dev, apdev): + """WPA2-Enterprise connection using 802.1X-SHA384 and EAP-PSK""" + params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") + params["wpa_key_mgmt"] = "WPA-EAP-SHA384" + params["ieee80211w"] = "2" + hapd = hostapd.add_ap(apdev[0], params) + + eap_connect(dev[0], hapd, "PSK", "psk.user@example.com", + password_hex="0123456789abcdef0123456789abcdef", sha384=True) + + eap_reauth(dev[0], "PSK", sha384=True) + check_mib(dev[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-23"), + ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-23")]) + + bss = dev[0].get_bss(apdev[0]['bssid']) + if 'flags' not in bss: + raise Exception("Could not get BSS flags from BSS table") + if "[WPA2-EAP-SHA384-CCMP]" not in bss['flags']: + raise Exception("Unexpected BSS flags: " + bss['flags'])