tests: Verify that SAE is supported for test cases requiring it

This makes it more convenient to run tests with wpa_supplicant builds
that do not support SAE (e.g., due to crypto library not providing
sufficient functionality for this).

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2015-01-11 19:42:57 +02:00
parent db5adfe777
commit b9749b6aaa
4 changed files with 49 additions and 16 deletions

View file

@ -267,6 +267,8 @@ def test_ap_ft_over_ds_pull(dev, apdev):
def test_ap_ft_sae(dev, apdev):
"""WPA2-PSK-FT-SAE AP"""
if "SAE" not in dev[0].get_capability("auth_alg"):
raise HwsimSkip("SAE not supported")
ssid = "test-ft"
passphrase="12345678"
@ -285,6 +287,8 @@ def test_ap_ft_sae(dev, apdev):
def test_ap_ft_sae_over_ds(dev, apdev):
"""WPA2-PSK-FT-SAE AP over DS"""
if "SAE" not in dev[0].get_capability("auth_alg"):
raise HwsimSkip("SAE not supported")
ssid = "test-ft"
passphrase="12345678"

View file

@ -12,6 +12,7 @@ import hwsim_utils
def test_ap_mixed_security(dev, apdev):
"""WPA/WPA2 with PSK, EAP, SAE, FT in a single BSS"""
sae = "SAE" in dev[0].get_capability("auth_alg")
ssid = "test-mixed"
passphrase = 'qwertyuiop'
params = hostapd.wpa_mixed_params(ssid=ssid, passphrase=passphrase)
@ -28,12 +29,13 @@ def test_ap_mixed_security(dev, apdev):
identity="gpsk user",
password="abcdefghijklmnop0123456789abcdef",
scan_freq="2412")
dev[2].connect(ssid, psk=passphrase, key_mgmt="SAE", scan_freq="2412")
if sae:
dev[2].connect(ssid, psk=passphrase, key_mgmt="SAE", scan_freq="2412")
bss = dev[0].get_bss(apdev[0]['bssid'])
if "[WPA-EAP+PSK-TKIP]" not in bss['flags']:
raise Exception("Unexpected flags (WPA): " + bss['flags'])
if "[WPA2-EAP+PSK+SAE+FT/EAP+FT/PSK+FT/SAE+EAP-SHA256+PSK-SHA256-CCMP]" not in bss['flags']:
if sae and "[WPA2-EAP+PSK+SAE+FT/EAP+FT/PSK+FT/SAE+EAP-SHA256+PSK-SHA256-CCMP]" not in bss['flags']:
raise Exception("Unexpected flags (WPA2): " + bss['flags'])
if dev[0].get_status_field("key_mgmt") != "WPA-PSK":
@ -42,14 +44,16 @@ def test_ap_mixed_security(dev, apdev):
raise Exception("Unexpected pairwise(1)")
if dev[1].get_status_field("key_mgmt") != "WPA2-EAP-SHA256":
raise Exception("Unexpected key_mgmt(2)")
if dev[2].get_status_field("key_mgmt") != "SAE":
if sae and dev[2].get_status_field("key_mgmt") != "SAE":
raise Exception("Unexpected key_mgmt(3)")
hwsim_utils.test_connectivity(dev[0], dev[1])
hwsim_utils.test_connectivity(dev[1], dev[2])
hwsim_utils.test_connectivity(dev[0], dev[2])
if sae:
hwsim_utils.test_connectivity(dev[1], dev[2])
hwsim_utils.test_connectivity(dev[0], dev[2])
for i in range(3):
hwsim_utils.test_connectivity(dev[i], hapd)
if i < 2 or sae:
hwsim_utils.test_connectivity(dev[i], hapd)
dev[i].request("DISCONNECT")
dev[0].connect(ssid, key_mgmt="WPA-PSK WPA-PSK-SHA256", psk=passphrase,
@ -58,8 +62,9 @@ def test_ap_mixed_security(dev, apdev):
identity="gpsk user",
password="abcdefghijklmnop0123456789abcdef",
scan_freq="2412")
dev[2].connect(ssid, key_mgmt="WPA-PSK WPA-PSK-SHA256 SAE", psk=passphrase,
scan_freq="2412")
if sae:
dev[2].connect(ssid, key_mgmt="WPA-PSK WPA-PSK-SHA256 SAE",
psk=passphrase, scan_freq="2412")
if dev[0].get_status_field("key_mgmt") != "WPA2-PSK-SHA256":
raise Exception("Unexpected key_mgmt(1b)")
@ -67,7 +72,7 @@ def test_ap_mixed_security(dev, apdev):
raise Exception("Unexpected pairwise(1b)")
if dev[1].get_status_field("key_mgmt") != "WPA/IEEE 802.1X/EAP":
raise Exception("Unexpected key_mgmt(2b)")
if dev[2].get_status_field("key_mgmt") != "SAE":
if sae and dev[2].get_status_field("key_mgmt") != "SAE":
raise Exception("Unexpected key_mgmt(3b)")
for i in range(3):
@ -77,11 +82,13 @@ def test_ap_mixed_security(dev, apdev):
dev[1].connect(ssid, key_mgmt="FT-EAP", eap="GPSK", identity="gpsk user",
password="abcdefghijklmnop0123456789abcdef",
scan_freq="2412")
dev[2].connect(ssid, psk=passphrase, key_mgmt="FT-SAE", scan_freq="2412")
if sae:
dev[2].connect(ssid, psk=passphrase, key_mgmt="FT-SAE",
scan_freq="2412")
if dev[0].get_status_field("key_mgmt") != "FT-PSK":
raise Exception("Unexpected key_mgmt(1c)")
if dev[1].get_status_field("key_mgmt") != "FT-EAP":
raise Exception("Unexpected key_mgmt(2c)")
if dev[2].get_status_field("key_mgmt") != "FT-SAE":
if sae and dev[2].get_status_field("key_mgmt") != "FT-SAE":
raise Exception("Unexpected key_mgmt(3c)")

View file

@ -18,6 +18,8 @@ from test_ap_psk import find_wpas_process, read_process_memory, verify_not_prese
def test_sae(dev, apdev):
"""SAE with default group"""
if "SAE" not in dev[0].get_capability("auth_alg"):
raise HwsimSkip("SAE not supported")
params = hostapd.wpa2_params(ssid="test-sae",
passphrase="12345678")
params['wpa_key_mgmt'] = 'SAE'
@ -39,6 +41,8 @@ def test_sae(dev, apdev):
def test_sae_pmksa_caching(dev, apdev):
"""SAE and PMKSA caching"""
if "SAE" not in dev[0].get_capability("auth_alg"):
raise HwsimSkip("SAE not supported")
params = hostapd.wpa2_params(ssid="test-sae",
passphrase="12345678")
params['wpa_key_mgmt'] = 'SAE'
@ -55,6 +59,8 @@ def test_sae_pmksa_caching(dev, apdev):
def test_sae_pmksa_caching_disabled(dev, apdev):
"""SAE and PMKSA caching disabled"""
if "SAE" not in dev[0].get_capability("auth_alg"):
raise HwsimSkip("SAE not supported")
params = hostapd.wpa2_params(ssid="test-sae",
passphrase="12345678")
params['wpa_key_mgmt'] = 'SAE'
@ -72,6 +78,8 @@ def test_sae_pmksa_caching_disabled(dev, apdev):
def test_sae_groups(dev, apdev):
"""SAE with all supported groups"""
if "SAE" not in dev[0].get_capability("auth_alg"):
raise HwsimSkip("SAE not supported")
# This would be the full list of supported groups, but groups 14-16
# (2048-4096 bit MODP) are a bit too slow on some VMs and can result in
# hitting mac80211 authentication timeout, so skip them for now.
@ -95,6 +103,8 @@ def test_sae_groups(dev, apdev):
def test_sae_group_nego(dev, apdev):
"""SAE group negotiation"""
if "SAE" not in dev[0].get_capability("auth_alg"):
raise HwsimSkip("SAE not supported")
params = hostapd.wpa2_params(ssid="test-sae-group-nego",
passphrase="12345678")
params['wpa_key_mgmt'] = 'SAE'
@ -109,6 +119,8 @@ def test_sae_group_nego(dev, apdev):
def test_sae_anti_clogging(dev, apdev):
"""SAE anti clogging"""
if "SAE" not in dev[0].get_capability("auth_alg"):
raise HwsimSkip("SAE not supported")
params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678")
params['wpa_key_mgmt'] = 'SAE'
params['sae_anti_clogging_threshold'] = '1'
@ -128,6 +140,8 @@ def test_sae_anti_clogging(dev, apdev):
def test_sae_forced_anti_clogging(dev, apdev):
"""SAE anti clogging (forced)"""
if "SAE" not in dev[0].get_capability("auth_alg"):
raise HwsimSkip("SAE not supported")
params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678")
params['wpa_key_mgmt'] = 'SAE WPA-PSK'
params['sae_anti_clogging_threshold'] = '0'
@ -140,6 +154,8 @@ def test_sae_forced_anti_clogging(dev, apdev):
def test_sae_mixed(dev, apdev):
"""Mixed SAE and non-SAE network"""
if "SAE" not in dev[0].get_capability("auth_alg"):
raise HwsimSkip("SAE not supported")
params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678")
params['wpa_key_mgmt'] = 'SAE WPA-PSK'
params['sae_anti_clogging_threshold'] = '0'
@ -153,6 +169,8 @@ def test_sae_mixed(dev, apdev):
def test_sae_missing_password(dev, apdev):
"""SAE and missing password"""
if "SAE" not in dev[0].get_capability("auth_alg"):
raise HwsimSkip("SAE not supported")
params = hostapd.wpa2_params(ssid="test-sae",
passphrase="12345678")
params['wpa_key_mgmt'] = 'SAE'
@ -169,6 +187,8 @@ def test_sae_missing_password(dev, apdev):
def test_sae_key_lifetime_in_memory(dev, apdev, params):
"""SAE and key lifetime in memory"""
if "SAE" not in dev[0].get_capability("auth_alg"):
raise HwsimSkip("SAE not supported")
password = "5ad144a7c1f5a5503baa6fa01dabc15b1843e8c01662d78d16b70b5cd23cf8b"
p = hostapd.wpa2_params(ssid="test-sae", passphrase=password)
p['wpa_key_mgmt'] = 'SAE'

View file

@ -14,10 +14,12 @@ import hwsim_utils
from wpasupplicant import WpaSupplicant
from utils import HwsimSkip
def check_mesh_support(dev):
def check_mesh_support(dev, secure=False):
flags = int(dev.get_driver_status_field('capa.flags'), 16)
if flags & 0x100000000 == 0:
raise HwsimSkip("Driver does not support mesh")
if secure and "SAE" not in dev.get_capability("auth_alg"):
raise HwsimSkip("SAE not supported")
def check_mesh_scan(dev, params, other_started=False, beacon_int=0):
if not other_started:
@ -232,7 +234,7 @@ def add_mesh_secure_net(dev, psk=True):
def test_wpas_mesh_secure(dev, apdev):
"""wpa_supplicant secure MESH network connectivity"""
check_mesh_support(dev[0])
check_mesh_support(dev[0], secure=True)
dev[0].request("SET sae_groups ")
id = add_mesh_secure_net(dev[0])
dev[0].mesh_group_add(id)
@ -254,7 +256,7 @@ def test_wpas_mesh_secure(dev, apdev):
def test_wpas_mesh_secure_sae_group_mismatch(dev, apdev):
"""wpa_supplicant secure MESH and SAE group mismatch"""
check_mesh_support(dev[0])
check_mesh_support(dev[0], secure=True)
addr0 = dev[0].p2p_interface_addr()
addr1 = dev[1].p2p_interface_addr()
addr2 = dev[2].p2p_interface_addr()
@ -305,7 +307,7 @@ def test_wpas_mesh_secure_sae_group_mismatch(dev, apdev):
def test_wpas_mesh_secure_sae_missing_password(dev, apdev):
"""wpa_supplicant secure MESH and missing SAE password"""
check_mesh_support(dev[0])
check_mesh_support(dev[0], secure=True)
id = add_mesh_secure_net(dev[0], psk=False)
dev[0].set_network(id, "psk", "8f20b381f9b84371d61b5080ad85cac3c61ab3ca9525be5b2d0f4da3d979187a")
dev[0].mesh_group_add(id)
@ -321,7 +323,7 @@ def test_wpas_mesh_secure_sae_missing_password(dev, apdev):
def test_wpas_mesh_secure_no_auto(dev, apdev):
"""wpa_supplicant secure MESH network connectivity"""
check_mesh_support(dev[0])
check_mesh_support(dev[0], secure=True)
dev[0].request("SET sae_groups 19")
id = add_mesh_secure_net(dev[0])
dev[0].mesh_group_add(id)