2020-05-30 22:30:42 +02:00
|
|
|
# Test cases for SAE-PK
|
|
|
|
# Copyright (c) 2020, The Linux Foundation
|
|
|
|
#
|
|
|
|
# This software may be distributed under the terms of the BSD license.
|
|
|
|
# See README for more details.
|
|
|
|
|
|
|
|
import hostapd
|
|
|
|
from utils import *
|
|
|
|
|
2020-06-09 21:54:35 +02:00
|
|
|
SAE_PK_SSID = "SAE-PK test"
|
|
|
|
|
2020-08-05 16:44:32 +02:00
|
|
|
SAE_PK_SEC3_PW = "r6cr-6ksa-56og"
|
|
|
|
SAE_PK_SEC3_M = "089ec11475d55f0d38403f5117a6d64d"
|
2020-06-09 21:54:35 +02:00
|
|
|
SAE_PK_19_PK = "MHcCAQEEIAJIGlfnteonDb7rQyP/SGQjwzrZAnfrXIm4280VWajYoAoGCCqGSM49AwEHoUQDQgAEeRkstKQV+FSAMqBayqFknn2nAQsdsh/MhdX6tiHOTAFin/sUMFRMyspPtIu7YvlKdsexhI0jPVhaYZn1jKWhZg=="
|
2020-06-07 11:01:52 +02:00
|
|
|
|
2020-08-05 16:44:32 +02:00
|
|
|
SAE_PK_20_PW = "4zsy-uspe-xbfr-3ifo"
|
|
|
|
SAE_PK_20_M = "206902f9f09b62e3fafcd487c65f5c64"
|
2020-06-09 21:45:57 +02:00
|
|
|
SAE_PK_20_PK = "MIGkAgEBBDA4wpA6w/fK0g3a2V6QmcoxNoFCVuQPyzWvKYimJkgXsVsXt2ERXQ7dGOVXeycM5DqgBwYFK4EEACKhZANiAARTdszGBNe2PGCnc8Wvs+IDvdVEf4PPBrty0meRZf6UTbGouquTHpy6KKTq5sxrulYzsQFimg4op0UJBGxAzqo0EtTgMlLiBvY0I3Nl3N69MhWo8nvnmguvGGN32AAPXpQ="
|
|
|
|
|
2020-08-05 16:44:32 +02:00
|
|
|
SAE_PK_21_PW = "vluk-umpa-3mbw-zrhe-s2n2"
|
|
|
|
SAE_PK_21_M = "1c63c1b17e9a999f0693b4341a970a63"
|
|
|
|
SAE_PK_21_PK = "MIHcAgEBBEIBnFBjU0ywxo1dLTYcg2aZdMfNY7JHt4GTADRTgJ7RRo9qzRIlfmK7p+BP1c8YM8ia8v7YDTut00rDOfzkdmLOi0WgBwYFK4EEACOhgYkDgYYABAD6n3DHI+qaj/lElhe2sUSKqAe4sweckMlr9bhdmwp8Wsx5lKR/Tt7WPexeqFrA47nChw5WMWy6qJanCKNFvGYG0ADUWnxesYczGtCdUYJQgs3X5tHSapMssz6tP8QL0X9adTI/H3tFYhiVIdor03eZDUVnej78/F31CcHcjGBEyItVfw=="
|
2020-06-10 00:04:11 +02:00
|
|
|
|
2020-07-31 19:34:38 +02:00
|
|
|
def run_sae_pk(apdev, dev, ssid, pw, m, pk, ap_groups=None,
|
|
|
|
confirm_immediate=False):
|
2020-05-30 22:30:42 +02:00
|
|
|
params = hostapd.wpa2_params(ssid=ssid)
|
|
|
|
params['wpa_key_mgmt'] = 'SAE'
|
|
|
|
params['sae_password'] = ['%s|pk=%s:%s' % (pw, m, pk)]
|
|
|
|
if ap_groups:
|
|
|
|
params['sae_groups'] = ap_groups
|
2020-07-31 19:34:38 +02:00
|
|
|
if confirm_immediate:
|
|
|
|
params['sae_confirm_immediate'] = '1'
|
2020-05-30 22:30:42 +02:00
|
|
|
hapd = hostapd.add_ap(apdev, params)
|
|
|
|
bssid = hapd.own_addr()
|
|
|
|
|
|
|
|
dev.connect(ssid, sae_password=pw, key_mgmt="SAE", scan_freq="2412")
|
|
|
|
bss = dev.get_bss(bssid)
|
|
|
|
if 'flags' not in bss:
|
|
|
|
raise Exception("Could not get BSS flags from BSS table")
|
|
|
|
if "[SAE-H2E]" not in bss['flags'] or "[SAE-PK]" not in bss['flags']:
|
|
|
|
raise Exception("Unexpected BSS flags: " + bss['flags'])
|
2020-06-06 11:10:41 +02:00
|
|
|
status = dev.get_status()
|
|
|
|
if "sae_h2e" not in status or "sae_pk" not in status or \
|
|
|
|
status["sae_h2e"] != "1" or status["sae_pk"] != "1":
|
|
|
|
raise Exception("SAE-PK or H2E not indicated in STATUS")
|
2020-05-30 22:30:42 +02:00
|
|
|
dev.request("REMOVE_NETWORK *")
|
|
|
|
dev.wait_disconnected()
|
|
|
|
hapd.disable()
|
|
|
|
|
|
|
|
def test_sae_pk(dev, apdev):
|
|
|
|
"""SAE-PK"""
|
|
|
|
check_sae_pk_capab(dev[0])
|
2020-06-08 16:48:57 +02:00
|
|
|
dev[0].flush_scan_cache()
|
2020-05-30 22:30:42 +02:00
|
|
|
dev[0].set("sae_groups", "")
|
|
|
|
|
2020-08-05 16:44:32 +02:00
|
|
|
passwords = [SAE_PK_SEC3_PW,
|
|
|
|
"r6cr-6ksa-56oo-5557",
|
|
|
|
"r6cr-6ksa-56oo-555p-wi44",
|
|
|
|
"r6cr-6ksa-56oo-555p-wi4b-vghb",
|
|
|
|
"r6cr-6ksa-56oo-555p-wi4b-vghv-vwro",
|
|
|
|
"r6cr-6ksa-56oo-555p-wi4b-vghv-vwrp-taqj",
|
|
|
|
"r6cr-6ksa-56oo-555p-wi4b-vghv-vwrp-taq5-4zfq",
|
|
|
|
"r6cr-6ksa-56oo-555p-wi4b-vghv-vwrp-taq5-4zfa-ye3x",
|
|
|
|
"r6cr-6ksa-56oo-555p-wi4b-vghv-vwrp-taq5-4zfa-ye35-4rne",
|
|
|
|
"r6cr-6ksa-56oo-555p-wi4b-vghv-vwrp-taq5-4zfa-ye35-4rny-5yqz"]
|
|
|
|
for p in passwords:
|
|
|
|
run_sae_pk(apdev[0], dev[0], SAE_PK_SSID, p, SAE_PK_SEC3_M,
|
2020-06-09 21:54:35 +02:00
|
|
|
SAE_PK_19_PK)
|
2020-05-30 22:30:42 +02:00
|
|
|
|
|
|
|
def test_sae_pk_group_negotiation(dev, apdev):
|
|
|
|
"""SAE-PK"""
|
|
|
|
check_sae_pk_capab(dev[0])
|
2020-06-08 16:48:57 +02:00
|
|
|
dev[0].flush_scan_cache()
|
2020-05-30 22:30:42 +02:00
|
|
|
dev[0].set("sae_groups", "20 19")
|
|
|
|
|
|
|
|
try:
|
2020-08-05 16:44:32 +02:00
|
|
|
run_sae_pk(apdev[0], dev[0], SAE_PK_SSID, SAE_PK_SEC3_PW,
|
|
|
|
SAE_PK_SEC3_M, SAE_PK_19_PK, ap_groups="19 20")
|
2020-05-30 22:30:42 +02:00
|
|
|
finally:
|
|
|
|
dev[0].set("sae_groups", "")
|
|
|
|
|
|
|
|
def test_sae_pk_sec_3(dev, apdev):
|
|
|
|
"""SAE-PK with Sec 3"""
|
|
|
|
check_sae_pk_capab(dev[0])
|
2020-06-08 16:48:57 +02:00
|
|
|
dev[0].flush_scan_cache()
|
2020-05-30 22:30:42 +02:00
|
|
|
dev[0].set("sae_groups", "")
|
|
|
|
|
2020-08-05 16:44:32 +02:00
|
|
|
run_sae_pk(apdev[0], dev[0], SAE_PK_SSID, SAE_PK_SEC3_PW, SAE_PK_SEC3_M,
|
|
|
|
SAE_PK_19_PK)
|
2020-05-30 22:30:42 +02:00
|
|
|
|
|
|
|
def test_sae_pk_sec_5(dev, apdev):
|
|
|
|
"""SAE-PK with Sec 5"""
|
|
|
|
check_sae_pk_capab(dev[0])
|
2020-06-08 16:48:57 +02:00
|
|
|
dev[0].flush_scan_cache()
|
2020-05-30 22:30:42 +02:00
|
|
|
dev[0].set("sae_groups", "")
|
|
|
|
|
2020-08-05 16:44:32 +02:00
|
|
|
pw = "hbbi-f4xq-b457-jjew-muei"
|
2020-05-30 22:30:42 +02:00
|
|
|
m = "d2e5fa27d1be8897f987f2d480d2af6b"
|
2020-06-09 21:54:35 +02:00
|
|
|
run_sae_pk(apdev[0], dev[0], SAE_PK_SSID, pw, m, SAE_PK_19_PK)
|
2020-05-30 22:30:42 +02:00
|
|
|
|
|
|
|
def test_sae_pk_group_20(dev, apdev):
|
|
|
|
"""SAE-PK with group 20"""
|
|
|
|
check_sae_pk_capab(dev[0])
|
2020-06-08 16:48:57 +02:00
|
|
|
dev[0].flush_scan_cache()
|
2020-05-30 22:30:42 +02:00
|
|
|
dev[0].set("sae_groups", "20")
|
|
|
|
|
2020-06-09 21:45:57 +02:00
|
|
|
try:
|
2020-06-09 21:54:35 +02:00
|
|
|
run_sae_pk(apdev[0], dev[0], SAE_PK_SSID, SAE_PK_20_PW,
|
2020-06-09 21:45:57 +02:00
|
|
|
SAE_PK_20_M, SAE_PK_20_PK, ap_groups="20")
|
|
|
|
finally:
|
|
|
|
dev[0].set("sae_groups", "")
|
2020-05-30 22:30:42 +02:00
|
|
|
|
2020-06-10 00:04:11 +02:00
|
|
|
def test_sae_pk_group_21(dev, apdev):
|
|
|
|
"""SAE-PK with group 21"""
|
|
|
|
check_sae_pk_capab(dev[0])
|
|
|
|
dev[0].flush_scan_cache()
|
|
|
|
dev[0].set("sae_groups", "21")
|
|
|
|
|
|
|
|
try:
|
|
|
|
run_sae_pk(apdev[0], dev[0], SAE_PK_SSID, SAE_PK_21_PW,
|
|
|
|
SAE_PK_21_M, SAE_PK_21_PK, ap_groups="21")
|
|
|
|
finally:
|
|
|
|
dev[0].set("sae_groups", "")
|
|
|
|
|
2020-06-09 21:45:57 +02:00
|
|
|
def test_sae_pk_group_20_sae_group_19(dev, apdev):
|
|
|
|
"""SAE-PK with group 20 with SAE group 19"""
|
|
|
|
check_sae_pk_capab(dev[0])
|
|
|
|
dev[0].flush_scan_cache()
|
|
|
|
dev[0].set("sae_groups", "19")
|
2020-05-30 22:30:42 +02:00
|
|
|
try:
|
2020-06-09 21:54:35 +02:00
|
|
|
run_sae_pk(apdev[0], dev[0], SAE_PK_SSID, SAE_PK_20_PW,
|
2020-06-09 21:45:57 +02:00
|
|
|
SAE_PK_20_M, SAE_PK_20_PK, ap_groups="19")
|
|
|
|
finally:
|
|
|
|
dev[0].set("sae_groups", "")
|
|
|
|
|
|
|
|
def test_sae_pk_group_20_sae_group_21(dev, apdev):
|
|
|
|
"""SAE-PK with group 20 with SAE group 21"""
|
|
|
|
check_sae_pk_capab(dev[0])
|
|
|
|
dev[0].flush_scan_cache()
|
|
|
|
dev[0].set("sae_groups", "21")
|
|
|
|
try:
|
2020-06-09 21:54:35 +02:00
|
|
|
run_sae_pk(apdev[0], dev[0], SAE_PK_SSID, SAE_PK_20_PW,
|
2020-06-09 21:45:57 +02:00
|
|
|
SAE_PK_20_M, SAE_PK_20_PK, ap_groups="21")
|
|
|
|
finally:
|
|
|
|
dev[0].set("sae_groups", "")
|
|
|
|
|
|
|
|
def test_sae_pk_group_19_sae_group_20(dev, apdev):
|
|
|
|
"""SAE-PK with group 19 with SAE group 20"""
|
|
|
|
check_sae_pk_capab(dev[0])
|
|
|
|
dev[0].flush_scan_cache()
|
|
|
|
dev[0].set("sae_groups", "20")
|
|
|
|
try:
|
2020-08-05 16:44:32 +02:00
|
|
|
run_sae_pk(apdev[0], dev[0], SAE_PK_SSID, SAE_PK_SEC3_PW,
|
|
|
|
SAE_PK_SEC3_M, SAE_PK_19_PK, ap_groups="20")
|
2020-05-30 22:30:42 +02:00
|
|
|
finally:
|
|
|
|
dev[0].set("sae_groups", "")
|
2020-06-06 10:17:03 +02:00
|
|
|
|
|
|
|
def test_sae_pk_password_without_pk(dev, apdev):
|
|
|
|
"""SAE-PK password but not SAE-PK on the AP"""
|
|
|
|
check_sae_pk_capab(dev[0])
|
|
|
|
dev[0].set("sae_groups", "")
|
|
|
|
|
2020-06-09 21:54:35 +02:00
|
|
|
params = hostapd.wpa2_params(ssid=SAE_PK_SSID)
|
2020-06-06 10:17:03 +02:00
|
|
|
params['wpa_key_mgmt'] = 'SAE'
|
2020-08-05 16:44:32 +02:00
|
|
|
params['sae_password'] = SAE_PK_SEC3_PW
|
2020-06-06 10:17:03 +02:00
|
|
|
hapd = hostapd.add_ap(apdev[0], params)
|
|
|
|
|
2020-08-05 16:44:32 +02:00
|
|
|
dev[0].connect(SAE_PK_SSID, sae_password=SAE_PK_SEC3_PW,
|
2020-06-07 11:01:52 +02:00
|
|
|
key_mgmt="SAE", scan_freq="2412")
|
2020-06-06 11:10:41 +02:00
|
|
|
if dev[0].get_status_field("sae_pk") != "0":
|
|
|
|
raise Exception("Unexpected sae_pk STATUS value")
|
2020-06-06 10:17:03 +02:00
|
|
|
|
|
|
|
def test_sae_pk_only(dev, apdev):
|
|
|
|
"""SAE-PK only"""
|
|
|
|
check_sae_pk_capab(dev[0])
|
|
|
|
dev[0].set("sae_groups", "")
|
|
|
|
|
2020-06-09 21:54:35 +02:00
|
|
|
params = hostapd.wpa2_params(ssid=SAE_PK_SSID)
|
2020-06-06 10:17:03 +02:00
|
|
|
params['wpa_key_mgmt'] = 'SAE'
|
2020-08-05 16:44:32 +02:00
|
|
|
params['sae_password'] = SAE_PK_SEC3_PW
|
2020-06-06 10:17:03 +02:00
|
|
|
hapd = hostapd.add_ap(apdev[0], params)
|
|
|
|
|
2020-08-05 16:44:32 +02:00
|
|
|
dev[0].connect(SAE_PK_SSID, sae_password=SAE_PK_SEC3_PW,
|
2020-06-07 11:01:52 +02:00
|
|
|
key_mgmt="SAE", sae_pk="1",
|
2020-06-06 10:17:03 +02:00
|
|
|
scan_freq="2412", wait_connect=False)
|
|
|
|
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
|
|
|
|
"CTRL-EVENT-NETWORK-NOT-FOUND"], timeout=10)
|
|
|
|
if ev is None:
|
|
|
|
raise Exception("No result for the connection attempt")
|
|
|
|
if "CTRL-EVENT-CONNECTED" in ev:
|
|
|
|
raise Exception("Unexpected connection without SAE-PK")
|
|
|
|
dev[0].request("DISCONNECT")
|
|
|
|
dev[0].dump_monitor()
|
|
|
|
|
2020-06-09 21:54:35 +02:00
|
|
|
params = hostapd.wpa2_params(ssid=SAE_PK_SSID)
|
2020-06-06 10:17:03 +02:00
|
|
|
params['wpa_key_mgmt'] = 'SAE'
|
2020-08-05 16:44:32 +02:00
|
|
|
params['sae_password'] = ['%s|pk=%s:%s' % (SAE_PK_SEC3_PW, SAE_PK_SEC3_M,
|
2020-06-09 21:54:35 +02:00
|
|
|
SAE_PK_19_PK)]
|
2020-06-06 10:17:03 +02:00
|
|
|
hapd2 = hostapd.add_ap(apdev[1], params)
|
|
|
|
bssid2 = hapd2.own_addr()
|
|
|
|
|
|
|
|
dev[0].scan_for_bss(bssid2, freq=2412, force_scan=True)
|
|
|
|
dev[0].request("RECONNECT")
|
|
|
|
ev = dev[0].wait_connected()
|
|
|
|
if bssid2 not in ev:
|
|
|
|
raise Exception("Unexpected connection BSSID")
|
2020-06-06 11:10:41 +02:00
|
|
|
if dev[0].get_status_field("sae_pk") != "1":
|
|
|
|
raise Exception("SAE-PK was not used")
|
2020-06-06 11:18:55 +02:00
|
|
|
|
2020-06-07 10:53:00 +02:00
|
|
|
def test_sae_pk_modes(dev, apdev):
|
|
|
|
"""SAE-PK modes"""
|
|
|
|
check_sae_pk_capab(dev[0])
|
|
|
|
dev[0].set("sae_groups", "")
|
|
|
|
|
2020-06-09 21:54:35 +02:00
|
|
|
params = hostapd.wpa2_params(ssid=SAE_PK_SSID)
|
2020-06-07 10:53:00 +02:00
|
|
|
params['wpa_key_mgmt'] = 'SAE'
|
|
|
|
params["ieee80211w"] = "2"
|
2020-08-05 16:44:32 +02:00
|
|
|
params['sae_password'] = ['%s|pk=%s:%s' % (SAE_PK_SEC3_PW, SAE_PK_SEC3_M,
|
2020-06-09 21:54:35 +02:00
|
|
|
SAE_PK_19_PK)]
|
2020-06-07 10:53:00 +02:00
|
|
|
hapd = hostapd.add_ap(apdev[0], params)
|
|
|
|
|
|
|
|
tests = [(2, 0), (1, 1), (0, 1)]
|
|
|
|
for sae_pk, expected in tests:
|
2020-08-05 16:44:32 +02:00
|
|
|
dev[0].connect(SAE_PK_SSID, sae_password=SAE_PK_SEC3_PW,
|
2020-06-07 11:01:52 +02:00
|
|
|
key_mgmt="SAE", sae_pk=str(sae_pk), ieee80211w="2",
|
|
|
|
scan_freq="2412")
|
2020-06-07 10:53:00 +02:00
|
|
|
val = dev[0].get_status_field("sae_pk")
|
|
|
|
if val != str(expected):
|
|
|
|
raise Exception("Unexpected sae_pk=%d result %s" % (sae_pk, val))
|
|
|
|
dev[0].request("REMOVE_NETWORK *")
|
|
|
|
dev[0].wait_disconnected()
|
|
|
|
dev[0].dump_monitor()
|
|
|
|
|
2020-06-07 11:04:14 +02:00
|
|
|
def test_sae_pk_not_on_ap(dev, apdev):
|
|
|
|
"""SAE-PK password, but no PK on AP"""
|
|
|
|
check_sae_pk_capab(dev[0])
|
|
|
|
dev[0].set("sae_groups", "")
|
|
|
|
|
2020-06-09 21:54:35 +02:00
|
|
|
params = hostapd.wpa2_params(ssid=SAE_PK_SSID)
|
2020-06-07 11:04:14 +02:00
|
|
|
params['wpa_key_mgmt'] = 'SAE'
|
2020-08-05 16:44:32 +02:00
|
|
|
params['sae_password'] = SAE_PK_SEC3_PW
|
2020-06-07 11:04:14 +02:00
|
|
|
hapd = hostapd.add_ap(apdev[0], params)
|
|
|
|
|
2020-08-05 16:44:32 +02:00
|
|
|
dev[0].connect(SAE_PK_SSID, sae_password=SAE_PK_SEC3_PW,
|
2020-06-07 11:04:14 +02:00
|
|
|
key_mgmt="SAE", scan_freq="2412")
|
|
|
|
if dev[0].get_status_field("sae_pk") == "1":
|
|
|
|
raise Exception("SAE-PK was claimed to be used")
|
|
|
|
|
2020-06-06 11:18:55 +02:00
|
|
|
def test_sae_pk_transition_disable(dev, apdev):
|
|
|
|
"""SAE-PK transition disable indication"""
|
|
|
|
check_sae_pk_capab(dev[0])
|
|
|
|
dev[0].set("sae_groups", "")
|
|
|
|
|
2020-06-09 21:54:35 +02:00
|
|
|
params = hostapd.wpa2_params(ssid=SAE_PK_SSID)
|
2020-06-06 11:18:55 +02:00
|
|
|
params['wpa_key_mgmt'] = 'SAE'
|
2020-08-05 16:44:32 +02:00
|
|
|
params['sae_password'] = ['%s|pk=%s:%s' % (SAE_PK_SEC3_PW, SAE_PK_SEC3_M,
|
2020-06-09 21:54:35 +02:00
|
|
|
SAE_PK_19_PK)]
|
2020-06-06 11:18:55 +02:00
|
|
|
params['transition_disable'] = '0x02'
|
|
|
|
hapd = hostapd.add_ap(apdev[0], params)
|
|
|
|
|
2020-08-05 16:44:32 +02:00
|
|
|
id = dev[0].connect(SAE_PK_SSID, sae_password=SAE_PK_SEC3_PW,
|
2020-06-07 11:01:52 +02:00
|
|
|
key_mgmt="SAE", scan_freq="2412")
|
2020-06-06 11:18:55 +02:00
|
|
|
ev = dev[0].wait_event(["TRANSITION-DISABLE"], timeout=1)
|
|
|
|
if ev is None:
|
|
|
|
raise Exception("Transition disable not indicated")
|
|
|
|
if ev.split(' ')[1] != "02":
|
|
|
|
raise Exception("Unexpected transition disable bitmap: " + ev)
|
|
|
|
|
2020-06-07 10:53:00 +02:00
|
|
|
val = dev[0].get_network(id, "sae_pk")
|
2020-06-06 11:18:55 +02:00
|
|
|
if val != "1":
|
2020-06-07 10:53:00 +02:00
|
|
|
raise Exception("Unexpected sae_pk value: " + str(val))
|
2020-06-07 15:50:09 +02:00
|
|
|
|
|
|
|
def test_sae_pk_mixed(dev, apdev):
|
|
|
|
"""SAE-PK mixed deployment"""
|
2020-07-31 19:34:38 +02:00
|
|
|
run_sae_pk_mixed(dev, apdev)
|
|
|
|
|
|
|
|
def test_sae_pk_mixed_immediate_confirm(dev, apdev):
|
|
|
|
"""SAE-PK mixed deployment with immediate confirm on AP"""
|
|
|
|
run_sae_pk_mixed(dev, apdev, confirm_immediate=True)
|
|
|
|
|
|
|
|
def run_sae_pk_mixed(dev, apdev, confirm_immediate=False):
|
2020-06-07 15:50:09 +02:00
|
|
|
check_sae_pk_capab(dev[0])
|
|
|
|
dev[0].set("sae_groups", "")
|
|
|
|
|
2020-06-09 21:54:35 +02:00
|
|
|
params = hostapd.wpa2_params(ssid=SAE_PK_SSID)
|
2020-06-07 15:50:09 +02:00
|
|
|
params['wpa_key_mgmt'] = 'SAE'
|
2020-08-05 16:44:32 +02:00
|
|
|
params['sae_password'] = SAE_PK_SEC3_PW
|
2020-07-31 19:34:38 +02:00
|
|
|
if confirm_immediate:
|
|
|
|
params['sae_confirm_immediate'] = '1'
|
2020-06-07 15:50:09 +02:00
|
|
|
hapd = hostapd.add_ap(apdev[0], params)
|
|
|
|
bssid = hapd.own_addr()
|
|
|
|
|
2020-06-09 21:54:35 +02:00
|
|
|
params = hostapd.wpa2_params(ssid=SAE_PK_SSID)
|
2020-06-07 15:50:09 +02:00
|
|
|
params['wpa_key_mgmt'] = 'SAE'
|
2020-08-05 16:44:32 +02:00
|
|
|
params['sae_password'] = ['%s|pk=%s:%s' % (SAE_PK_SEC3_PW, SAE_PK_SEC3_M,
|
2020-06-09 21:54:35 +02:00
|
|
|
SAE_PK_19_PK)]
|
2020-06-07 15:50:09 +02:00
|
|
|
# Disable HT from the SAE-PK BSS to make the station prefer the other BSS
|
|
|
|
# by default.
|
|
|
|
params['ieee80211n'] = '0'
|
|
|
|
hapd2 = hostapd.add_ap(apdev[1], params)
|
|
|
|
bssid2 = hapd2.own_addr()
|
|
|
|
|
|
|
|
dev[0].scan_for_bss(bssid, freq=2412)
|
|
|
|
dev[0].scan_for_bss(bssid2, freq=2412)
|
|
|
|
|
2020-08-05 16:44:32 +02:00
|
|
|
dev[0].connect(SAE_PK_SSID, sae_password=SAE_PK_SEC3_PW,
|
2020-06-07 15:50:09 +02:00
|
|
|
key_mgmt="SAE", scan_freq="2412")
|
|
|
|
|
|
|
|
if dev[0].get_status_field("sae_pk") != "1":
|
|
|
|
raise Exception("SAE-PK was not used")
|
|
|
|
if dev[0].get_status_field("bssid") != bssid2:
|
|
|
|
raise Exception("Unexpected BSSID selected")
|
2020-06-08 13:13:14 +02:00
|
|
|
|
|
|
|
def check_sae_pk_sta_connect_failure(dev):
|
2020-08-05 16:44:32 +02:00
|
|
|
dev.connect(SAE_PK_SSID, sae_password=SAE_PK_SEC3_PW,
|
2020-06-08 13:13:14 +02:00
|
|
|
key_mgmt="SAE", scan_freq="2412", wait_connect=False)
|
|
|
|
ev = dev.wait_event(["CTRL-EVENT-CONNECTED",
|
|
|
|
"CTRL-EVENT-SSID-TEMP-DISABLED"], timeout=10)
|
|
|
|
if ev is None:
|
|
|
|
raise Exception("No result for the connection attempt")
|
|
|
|
if "CTRL-EVENT-CONNECTED" in ev:
|
|
|
|
raise Exception("Unexpected connection")
|
|
|
|
|
|
|
|
def test_sae_pk_missing_ie(dev, apdev):
|
|
|
|
"""SAE-PK and missing SAE-PK IE in confirm"""
|
|
|
|
check_sae_pk_capab(dev[0])
|
|
|
|
dev[0].set("sae_groups", "")
|
|
|
|
|
2020-06-09 21:54:35 +02:00
|
|
|
params = hostapd.wpa2_params(ssid=SAE_PK_SSID)
|
2020-06-08 13:13:14 +02:00
|
|
|
params['wpa_key_mgmt'] = 'SAE'
|
2020-08-05 16:44:32 +02:00
|
|
|
params['sae_password'] = ['%s|pk=%s:%s' % (SAE_PK_SEC3_PW, SAE_PK_SEC3_M,
|
2020-06-09 21:54:35 +02:00
|
|
|
SAE_PK_19_PK)]
|
2020-06-08 13:13:14 +02:00
|
|
|
params['sae_pk_omit'] = '1'
|
|
|
|
hapd = hostapd.add_ap(apdev[0], params)
|
|
|
|
check_sae_pk_sta_connect_failure(dev[0])
|
|
|
|
|
|
|
|
def test_sae_pk_unexpected_status(dev, apdev):
|
|
|
|
"""SAE-PK and unexpected status code in commit"""
|
|
|
|
check_sae_pk_capab(dev[0])
|
|
|
|
dev[0].set("sae_groups", "")
|
|
|
|
|
2020-06-09 21:54:35 +02:00
|
|
|
params = hostapd.wpa2_params(ssid=SAE_PK_SSID)
|
2020-06-08 13:13:14 +02:00
|
|
|
params['wpa_key_mgmt'] = 'SAE'
|
2020-08-05 16:44:32 +02:00
|
|
|
params['sae_password'] = ['%s|pk=%s:%s' % (SAE_PK_SEC3_PW, SAE_PK_SEC3_M,
|
2020-06-09 21:54:35 +02:00
|
|
|
SAE_PK_19_PK)]
|
2020-06-08 13:13:14 +02:00
|
|
|
params['sae_commit_status'] = '126'
|
|
|
|
hapd = hostapd.add_ap(apdev[0], params)
|
|
|
|
check_sae_pk_sta_connect_failure(dev[0])
|
|
|
|
|
|
|
|
def test_sae_pk_invalid_signature(dev, apdev):
|
|
|
|
"""SAE-PK and invalid signature"""
|
|
|
|
check_sae_pk_capab(dev[0])
|
|
|
|
dev[0].set("sae_groups", "")
|
|
|
|
|
|
|
|
other = "MHcCAQEEILw+nTjFzRyhVea0G6KbwZu18oWrfhzppxj+MceUO3YLoAoGCCqGSM49AwEHoUQDQgAELdou6LuTDNiMVlMB65KsWhQFbPXR9url0EA6luWzUfAuGoDXYJUBTVz6Nv3mz6oQcDrSiDmz/LejndJ0YHGgfQ=="
|
2020-06-09 21:54:35 +02:00
|
|
|
params = hostapd.wpa2_params(ssid=SAE_PK_SSID)
|
2020-06-08 13:13:14 +02:00
|
|
|
params['wpa_key_mgmt'] = 'SAE'
|
2020-08-05 16:44:32 +02:00
|
|
|
params['sae_password'] = ['%s|pk=%s:%s:%s' % (SAE_PK_SEC3_PW, SAE_PK_SEC3_M,
|
2020-06-09 21:54:35 +02:00
|
|
|
SAE_PK_19_PK, other)]
|
2020-06-08 13:13:14 +02:00
|
|
|
hapd = hostapd.add_ap(apdev[0], params)
|
|
|
|
check_sae_pk_sta_connect_failure(dev[0])
|
|
|
|
|
|
|
|
def test_sae_pk_invalid_fingerprint(dev, apdev):
|
|
|
|
"""SAE-PK and invalid fingerprint"""
|
|
|
|
check_sae_pk_capab(dev[0])
|
|
|
|
dev[0].set("sae_groups", "")
|
|
|
|
|
|
|
|
other = "431ff8322f93b9dc50ded9f3d14ace21"
|
2020-06-09 21:54:35 +02:00
|
|
|
params = hostapd.wpa2_params(ssid=SAE_PK_SSID)
|
2020-06-08 13:13:14 +02:00
|
|
|
params['wpa_key_mgmt'] = 'SAE'
|
2020-08-05 16:44:32 +02:00
|
|
|
params['sae_password'] = ['%s|pk=%s:%s' % (SAE_PK_SEC3_PW, other,
|
2020-06-09 21:54:35 +02:00
|
|
|
SAE_PK_19_PK)]
|
2020-06-08 13:13:14 +02:00
|
|
|
hapd = hostapd.add_ap(apdev[0], params)
|
|
|
|
check_sae_pk_sta_connect_failure(dev[0])
|
2020-06-25 00:19:51 +02:00
|
|
|
|
2020-07-31 19:34:38 +02:00
|
|
|
def test_sae_pk_confirm_immediate(dev, apdev):
|
|
|
|
"""SAE-PK with immediate confirm on AP"""
|
|
|
|
check_sae_pk_capab(dev[0])
|
|
|
|
dev[0].flush_scan_cache()
|
|
|
|
dev[0].set("sae_groups", "")
|
|
|
|
|
2020-08-05 16:44:32 +02:00
|
|
|
run_sae_pk(apdev[0], dev[0], SAE_PK_SSID, SAE_PK_SEC3_PW,
|
|
|
|
SAE_PK_SEC3_M, SAE_PK_19_PK, confirm_immediate=True)
|
2020-08-06 22:53:37 +02:00
|
|
|
|
|
|
|
def test_sae_pk_and_psk(dev, apdev):
|
|
|
|
"""SAE-PK and PSK"""
|
|
|
|
check_sae_pk_capab(dev[0])
|
|
|
|
dev[0].flush_scan_cache()
|
|
|
|
dev[0].set("sae_groups", "")
|
|
|
|
dev[2].set("sae_groups", "")
|
|
|
|
|
|
|
|
params = hostapd.wpa2_params(ssid=SAE_PK_SSID)
|
|
|
|
params['wpa_key_mgmt'] = 'SAE WPA-PSK'
|
|
|
|
params['sae_password'] = ['%s|pk=%s:%s' % (SAE_PK_SEC3_PW,
|
|
|
|
SAE_PK_SEC3_M,
|
|
|
|
SAE_PK_19_PK)]
|
|
|
|
params['wpa_passphrase'] = SAE_PK_SEC3_PW
|
|
|
|
hapd = hostapd.add_ap(apdev[0], params)
|
|
|
|
bssid = hapd.own_addr()
|
|
|
|
|
|
|
|
dev[0].connect(SAE_PK_SSID, sae_password=SAE_PK_SEC3_PW, key_mgmt="SAE",
|
|
|
|
scan_freq="2412")
|
|
|
|
dev[1].connect(SAE_PK_SSID, psk=SAE_PK_SEC3_PW, key_mgmt="WPA-PSK",
|
|
|
|
scan_freq="2412")
|
|
|
|
dev[2].connect(SAE_PK_SSID, sae_password=SAE_PK_SEC3_PW, key_mgmt="SAE",
|
|
|
|
sae_pk="2", scan_freq="2412")
|
|
|
|
dev[0].request("REMOVE_NETWORK *")
|
|
|
|
dev[0].wait_disconnected()
|
|
|
|
dev[0].dump_monitor()
|
|
|
|
dev[0].connect(SAE_PK_SSID, psk=SAE_PK_SEC3_PW, key_mgmt="SAE",
|
|
|
|
scan_freq="2412")
|
|
|
|
status = dev[0].get_status()
|
|
|
|
if "sae_h2e" not in status or "sae_pk" not in status or \
|
|
|
|
status["sae_h2e"] != "1" or status["sae_pk"] != "1":
|
|
|
|
raise Exception("SAE-PK or H2E not indicated in STATUS")
|
2020-08-07 00:09:06 +02:00
|
|
|
|
|
|
|
def test_sae_pk_and_psk_invalid_password(dev, apdev):
|
|
|
|
"""SAE-PK and PSK using invalid password combination"""
|
|
|
|
check_sae_pk_capab(dev[0])
|
|
|
|
dev[0].flush_scan_cache()
|
|
|
|
|
|
|
|
params = hostapd.wpa2_params(ssid=SAE_PK_SSID)
|
|
|
|
params['wpa_key_mgmt'] = 'SAE WPA-PSK'
|
|
|
|
params['sae_password'] = ['%s|pk=%s:%s' % (SAE_PK_SEC3_PW,
|
|
|
|
SAE_PK_SEC3_M,
|
|
|
|
SAE_PK_19_PK)]
|
|
|
|
params['wpa_passphrase'] = SAE_PK_20_PW
|
|
|
|
hapd = hostapd.add_ap(apdev[0], params, no_enable=True)
|
|
|
|
res = hapd.request("ENABLE")
|
|
|
|
if "FAIL" not in res:
|
|
|
|
raise Exception("Invalid configuration accepted")
|
2020-09-11 14:53:56 +02:00
|
|
|
|
|
|
|
def test_sae_pk_invalid_pw(dev, apdev):
|
|
|
|
"""SAE-PK with invalid password on AP"""
|
|
|
|
check_sae_pk_capab(dev[0])
|
|
|
|
dev[0].set("sae_groups", "")
|
|
|
|
|
|
|
|
params = hostapd.wpa2_params(ssid=SAE_PK_SSID)
|
|
|
|
params['wpa_key_mgmt'] = 'SAE'
|
|
|
|
params["ieee80211w"] = "2"
|
|
|
|
params["sae_pk_password_check_skip"] = "1"
|
|
|
|
invalid_pw = "r6cr+6ksa+56og"
|
|
|
|
params['sae_password'] = ['%s|pk=%s:%s' % (invalid_pw, SAE_PK_SEC3_M,
|
|
|
|
SAE_PK_19_PK)]
|
|
|
|
hapd = hostapd.add_ap(apdev[0], params)
|
|
|
|
|
|
|
|
dev[0].connect(SAE_PK_SSID, sae_password=invalid_pw,
|
|
|
|
key_mgmt="SAE", ieee80211w="2", scan_freq="2412")
|
|
|
|
dev[0].request("REMOVE_NETWORK *")
|
|
|
|
dev[0].wait_disconnected()
|
|
|
|
dev[0].dump_monitor()
|
|
|
|
|
|
|
|
dev[0].connect(SAE_PK_SSID, sae_password=SAE_PK_SEC3_PW,
|
|
|
|
key_mgmt="SAE", ieee80211w="2", scan_freq="2412",
|
|
|
|
wait_connect=False)
|
|
|
|
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
|
|
|
|
"CTRL-EVENT-SSID-TEMP-DISABLED"], timeout=10)
|
|
|
|
if ev is None:
|
|
|
|
raise Exception("No result for the connection attempt")
|
|
|
|
if "CTRL-EVENT-CONNECTED" in ev:
|
|
|
|
raise Exception("Unexpected connection with invalid SAE-PK password")
|
|
|
|
dev[0].request("DISCONNECT")
|