diff --git a/tests/hwsim/test_wpas_mesh.py b/tests/hwsim/test_wpas_mesh.py index 06a0f5c74..a5f540a53 100644 --- a/tests/hwsim/test_wpas_mesh.py +++ b/tests/hwsim/test_wpas_mesh.py @@ -231,7 +231,7 @@ def test_wpas_mesh_open_no_auto(dev, apdev): # Test connectivity 0->1 and 1->0 hwsim_utils.test_connectivity(dev[0], dev[1]) -def add_mesh_secure_net(dev, psk=True, pmf=False): +def add_mesh_secure_net(dev, psk=True, pmf=False, pairwise=None, group=None): id = dev.add_network() dev.set_network(id, "mode", "5") dev.set_network_quoted(id, "ssid", "wpas-mesh-sec") @@ -241,6 +241,10 @@ def add_mesh_secure_net(dev, psk=True, pmf=False): dev.set_network_quoted(id, "psk", "thisismypassphrase!") if pmf: dev.set_network(id, "ieee80211w", "2") + if pairwise: + dev.set_network(id, "pairwise", pairwise) + if group: + dev.set_network(id, "group", group) return id def test_wpas_mesh_secure(dev, apdev): @@ -287,6 +291,67 @@ def test_mesh_secure_pmf(dev, apdev): # Test connectivity 0->1 and 1->0 hwsim_utils.test_connectivity(dev[0], dev[1]) +def run_mesh_secure(dev, cipher): + if cipher not in dev[0].get_capability("pairwise"): + raise HwsimSkip("Cipher %s not supported" % cipher) + check_mesh_support(dev[0], secure=True) + dev[0].request("SET sae_groups ") + id = add_mesh_secure_net(dev[0], pairwise=cipher, group=cipher) + dev[0].mesh_group_add(id) + + dev[1].request("SET sae_groups ") + id = add_mesh_secure_net(dev[1], pairwise=cipher, group=cipher) + dev[1].mesh_group_add(id) + + # Check for mesh joined + check_mesh_group_added(dev[0]) + check_mesh_group_added(dev[1]) + + # Check for peer connected + check_mesh_peer_connected(dev[0]) + check_mesh_peer_connected(dev[1]) + + # Test connectivity 0->1 and 1->0 + hwsim_utils.test_connectivity(dev[0], dev[1]) + +def test_mesh_secure_ccmp(dev, apdev): + """Secure mesh with CCMP""" + run_mesh_secure(dev, "CCMP") + +def test_mesh_secure_gcmp(dev, apdev): + """Secure mesh with GCMP""" + run_mesh_secure(dev, "GCMP") + +def test_mesh_secure_gcmp_256(dev, apdev): + """Secure mesh with GCMP-256""" + run_mesh_secure(dev, "GCMP-256") + +def test_mesh_secure_ccmp_256(dev, apdev): + """Secure mesh with CCMP-256""" + run_mesh_secure(dev, "CCMP-256") + +def test_mesh_secure_invalid_pairwise_cipher(dev, apdev): + """Secure mesh and invalid group cipher""" + check_mesh_support(dev[0], secure=True) + dev[0].request("SET sae_groups ") + id = add_mesh_secure_net(dev[0], pairwise="TKIP", group="CCMP") + if dev[0].mesh_group_add(id) != None: + raise Exception("Unexpected group add success") + ev = dev[0].wait_event(["mesh: Invalid pairwise cipher"], timeout=1) + if ev is None: + raise Exception("Invalid pairwise cipher not reported") + +def test_mesh_secure_invalid_group_cipher(dev, apdev): + """Secure mesh and invalid group cipher""" + check_mesh_support(dev[0], secure=True) + dev[0].request("SET sae_groups ") + id = add_mesh_secure_net(dev[0], pairwise="CCMP", group="TKIP") + if dev[0].mesh_group_add(id) != None: + raise Exception("Unexpected group add success") + ev = dev[0].wait_event(["mesh: Invalid group cipher"], timeout=1) + if ev is None: + raise Exception("Invalid group cipher not reported") + def test_wpas_mesh_secure_sae_group_mismatch(dev, apdev): """wpa_supplicant secure MESH and SAE group mismatch""" check_mesh_support(dev[0], secure=True)