diff --git a/tests/hwsim/test_sae_pk.py b/tests/hwsim/test_sae_pk.py index 8903f83b6..9f544be04 100644 --- a/tests/hwsim/test_sae_pk.py +++ b/tests/hwsim/test_sae_pk.py @@ -7,11 +7,12 @@ import hostapd from utils import * -SAE_PK_SEC2_SSID = "SAE-PK test" +SAE_PK_SSID = "SAE-PK test" + SAE_PK_SEC2_PW = "dwxm-zv66-p5ue" SAE_PK_SEC2_PW_FULL = "dwxm-zv66-p5ue-fotp-owjy-lfby-2xpg-vmwq-chtz-hilu-m3t2-qleg" SAE_PK_SEC2_M = "431ff8322f93b9dc50ded9f3d14ace22" -SAE_PK_SEC2_PK = "MHcCAQEEIAJIGlfnteonDb7rQyP/SGQjwzrZAnfrXIm4280VWajYoAoGCCqGSM49AwEHoUQDQgAEeRkstKQV+FSAMqBayqFknn2nAQsdsh/MhdX6tiHOTAFin/sUMFRMyspPtIu7YvlKdsexhI0jPVhaYZn1jKWhZg==" +SAE_PK_19_PK = "MHcCAQEEIAJIGlfnteonDb7rQyP/SGQjwzrZAnfrXIm4280VWajYoAoGCCqGSM49AwEHoUQDQgAEeRkstKQV+FSAMqBayqFknn2nAQsdsh/MhdX6tiHOTAFin/sUMFRMyspPtIu7YvlKdsexhI0jPVhaYZn1jKWhZg==" SAE_PK_20_PW = "f3bh-5un3-wz7o-al3p" SAE_PK_20_M = "50bf37ba0033ed110a74e3a7aa52f4e9" @@ -50,8 +51,8 @@ def test_sae_pk(dev, apdev): p = SAE_PK_SEC2_PW_FULL[:i] if p.endswith('-'): continue - run_sae_pk(apdev[0], dev[0], SAE_PK_SEC2_SSID, p, SAE_PK_SEC2_M, - SAE_PK_SEC2_PK) + run_sae_pk(apdev[0], dev[0], SAE_PK_SSID, p, SAE_PK_SEC2_M, + SAE_PK_19_PK) def test_sae_pk_group_negotiation(dev, apdev): """SAE-PK""" @@ -60,8 +61,8 @@ def test_sae_pk_group_negotiation(dev, apdev): dev[0].set("sae_groups", "20 19") try: - run_sae_pk(apdev[0], dev[0], SAE_PK_SEC2_SSID, SAE_PK_SEC2_PW, - SAE_PK_SEC2_M, SAE_PK_SEC2_PK, ap_groups="19 20") + run_sae_pk(apdev[0], dev[0], SAE_PK_SSID, SAE_PK_SEC2_PW, + SAE_PK_SEC2_M, SAE_PK_19_PK, ap_groups="19 20") finally: dev[0].set("sae_groups", "") @@ -71,8 +72,8 @@ def test_sae_pk_sec_2(dev, apdev): dev[0].flush_scan_cache() dev[0].set("sae_groups", "") - run_sae_pk(apdev[0], dev[0], SAE_PK_SEC2_SSID, SAE_PK_SEC2_PW, - SAE_PK_SEC2_M, SAE_PK_SEC2_PK) + run_sae_pk(apdev[0], dev[0], SAE_PK_SSID, SAE_PK_SEC2_PW, + SAE_PK_SEC2_M, SAE_PK_19_PK) def test_sae_pk_sec_3(dev, apdev): """SAE-PK with Sec 3""" @@ -80,12 +81,9 @@ def test_sae_pk_sec_3(dev, apdev): dev[0].flush_scan_cache() dev[0].set("sae_groups", "") - ssid = "SAE-PK test" pw = "iian-qey6-pu5t" m = "128e51ddb5e2e24388f9ed14b687e2eb" - pk = "MHcCAQEEIAJIGlfnteonDb7rQyP/SGQjwzrZAnfrXIm4280VWajYoAoGCCqGSM49AwEHoUQDQgAEeRkstKQV+FSAMqBayqFknn2nAQsdsh/MhdX6tiHOTAFin/sUMFRMyspPtIu7YvlKdsexhI0jPVhaYZn1jKWhZg==" - - run_sae_pk(apdev[0], dev[0], ssid, pw, m, pk) + run_sae_pk(apdev[0], dev[0], SAE_PK_SSID, pw, m, SAE_PK_19_PK) def test_sae_pk_sec_4(dev, apdev): """SAE-PK with Sec 4""" @@ -93,12 +91,9 @@ def test_sae_pk_sec_4(dev, apdev): dev[0].flush_scan_cache() dev[0].set("sae_groups", "") - ssid = "SAE-PK test" pw = "ssko-2lmu-7hzs-bqct" m = "a5e38c7251ea310cc348fbcdadfa8bcb" - pk = "MHcCAQEEIAJIGlfnteonDb7rQyP/SGQjwzrZAnfrXIm4280VWajYoAoGCCqGSM49AwEHoUQDQgAEeRkstKQV+FSAMqBayqFknn2nAQsdsh/MhdX6tiHOTAFin/sUMFRMyspPtIu7YvlKdsexhI0jPVhaYZn1jKWhZg==" - - run_sae_pk(apdev[0], dev[0], ssid, pw, m, pk) + run_sae_pk(apdev[0], dev[0], SAE_PK_SSID, pw, m, SAE_PK_19_PK) def test_sae_pk_sec_5(dev, apdev): """SAE-PK with Sec 5""" @@ -106,12 +101,9 @@ def test_sae_pk_sec_5(dev, apdev): dev[0].flush_scan_cache() dev[0].set("sae_groups", "") - ssid = "SAE-PK test" pw = "3qqu-f4xq-dz37-fes3-fbgc" m = "d2e5fa27d1be8897f987f2d480d2af6b" - pk = "MHcCAQEEIAJIGlfnteonDb7rQyP/SGQjwzrZAnfrXIm4280VWajYoAoGCCqGSM49AwEHoUQDQgAEeRkstKQV+FSAMqBayqFknn2nAQsdsh/MhdX6tiHOTAFin/sUMFRMyspPtIu7YvlKdsexhI0jPVhaYZn1jKWhZg==" - - run_sae_pk(apdev[0], dev[0], ssid, pw, m, pk) + run_sae_pk(apdev[0], dev[0], SAE_PK_SSID, pw, m, SAE_PK_19_PK) def test_sae_pk_group_20(dev, apdev): """SAE-PK with group 20""" @@ -120,7 +112,7 @@ def test_sae_pk_group_20(dev, apdev): dev[0].set("sae_groups", "20") try: - run_sae_pk(apdev[0], dev[0], SAE_PK_SEC2_SSID, SAE_PK_20_PW, + run_sae_pk(apdev[0], dev[0], SAE_PK_SSID, SAE_PK_20_PW, SAE_PK_20_M, SAE_PK_20_PK, ap_groups="20") finally: dev[0].set("sae_groups", "") @@ -131,7 +123,7 @@ def test_sae_pk_group_20_sae_group_19(dev, apdev): dev[0].flush_scan_cache() dev[0].set("sae_groups", "19") try: - run_sae_pk(apdev[0], dev[0], SAE_PK_SEC2_SSID, SAE_PK_20_PW, + run_sae_pk(apdev[0], dev[0], SAE_PK_SSID, SAE_PK_20_PW, SAE_PK_20_M, SAE_PK_20_PK, ap_groups="19") finally: dev[0].set("sae_groups", "") @@ -142,7 +134,7 @@ def test_sae_pk_group_20_sae_group_21(dev, apdev): dev[0].flush_scan_cache() dev[0].set("sae_groups", "21") try: - run_sae_pk(apdev[0], dev[0], SAE_PK_SEC2_SSID, SAE_PK_20_PW, + run_sae_pk(apdev[0], dev[0], SAE_PK_SSID, SAE_PK_20_PW, SAE_PK_20_M, SAE_PK_20_PK, ap_groups="21") finally: dev[0].set("sae_groups", "") @@ -153,8 +145,8 @@ def test_sae_pk_group_19_sae_group_20(dev, apdev): dev[0].flush_scan_cache() dev[0].set("sae_groups", "20") try: - run_sae_pk(apdev[0], dev[0], SAE_PK_SEC2_SSID, SAE_PK_SEC2_PW, - SAE_PK_SEC2_M, SAE_PK_SEC2_PK, ap_groups="20") + run_sae_pk(apdev[0], dev[0], SAE_PK_SSID, SAE_PK_SEC2_PW, + SAE_PK_SEC2_M, SAE_PK_19_PK, ap_groups="20") finally: dev[0].set("sae_groups", "") @@ -163,12 +155,12 @@ def test_sae_pk_password_without_pk(dev, apdev): check_sae_pk_capab(dev[0]) dev[0].set("sae_groups", "") - params = hostapd.wpa2_params(ssid=SAE_PK_SEC2_SSID) + params = hostapd.wpa2_params(ssid=SAE_PK_SSID) params['wpa_key_mgmt'] = 'SAE' params['sae_password'] = SAE_PK_SEC2_PW hapd = hostapd.add_ap(apdev[0], params) - dev[0].connect(SAE_PK_SEC2_SSID, sae_password=SAE_PK_SEC2_PW, + dev[0].connect(SAE_PK_SSID, sae_password=SAE_PK_SEC2_PW, key_mgmt="SAE", scan_freq="2412") if dev[0].get_status_field("sae_pk") != "0": raise Exception("Unexpected sae_pk STATUS value") @@ -178,12 +170,12 @@ def test_sae_pk_only(dev, apdev): check_sae_pk_capab(dev[0]) dev[0].set("sae_groups", "") - params = hostapd.wpa2_params(ssid=SAE_PK_SEC2_SSID) + params = hostapd.wpa2_params(ssid=SAE_PK_SSID) params['wpa_key_mgmt'] = 'SAE' params['sae_password'] = SAE_PK_SEC2_PW hapd = hostapd.add_ap(apdev[0], params) - dev[0].connect(SAE_PK_SEC2_SSID, sae_password=SAE_PK_SEC2_PW, + dev[0].connect(SAE_PK_SSID, sae_password=SAE_PK_SEC2_PW, key_mgmt="SAE", sae_pk="1", scan_freq="2412", wait_connect=False) ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED", @@ -195,10 +187,10 @@ def test_sae_pk_only(dev, apdev): dev[0].request("DISCONNECT") dev[0].dump_monitor() - params = hostapd.wpa2_params(ssid=SAE_PK_SEC2_SSID) + params = hostapd.wpa2_params(ssid=SAE_PK_SSID) params['wpa_key_mgmt'] = 'SAE' params['sae_password'] = ['%s|pk=%s:%s' % (SAE_PK_SEC2_PW, SAE_PK_SEC2_M, - SAE_PK_SEC2_PK)] + SAE_PK_19_PK)] hapd2 = hostapd.add_ap(apdev[1], params) bssid2 = hapd2.own_addr() @@ -215,16 +207,16 @@ def test_sae_pk_modes(dev, apdev): check_sae_pk_capab(dev[0]) dev[0].set("sae_groups", "") - params = hostapd.wpa2_params(ssid=SAE_PK_SEC2_SSID) + params = hostapd.wpa2_params(ssid=SAE_PK_SSID) params['wpa_key_mgmt'] = 'SAE' params["ieee80211w"] = "2" params['sae_password'] = ['%s|pk=%s:%s' % (SAE_PK_SEC2_PW, SAE_PK_SEC2_M, - SAE_PK_SEC2_PK)] + SAE_PK_19_PK)] hapd = hostapd.add_ap(apdev[0], params) tests = [(2, 0), (1, 1), (0, 1)] for sae_pk, expected in tests: - dev[0].connect(SAE_PK_SEC2_SSID, sae_password=SAE_PK_SEC2_PW, + dev[0].connect(SAE_PK_SSID, sae_password=SAE_PK_SEC2_PW, key_mgmt="SAE", sae_pk=str(sae_pk), ieee80211w="2", scan_freq="2412") val = dev[0].get_status_field("sae_pk") @@ -239,12 +231,12 @@ def test_sae_pk_not_on_ap(dev, apdev): check_sae_pk_capab(dev[0]) dev[0].set("sae_groups", "") - params = hostapd.wpa2_params(ssid=SAE_PK_SEC2_SSID) + params = hostapd.wpa2_params(ssid=SAE_PK_SSID) params['wpa_key_mgmt'] = 'SAE' params['sae_password'] = SAE_PK_SEC2_PW hapd = hostapd.add_ap(apdev[0], params) - dev[0].connect(SAE_PK_SEC2_SSID, sae_password=SAE_PK_SEC2_PW, + dev[0].connect(SAE_PK_SSID, sae_password=SAE_PK_SEC2_PW, key_mgmt="SAE", scan_freq="2412") if dev[0].get_status_field("sae_pk") == "1": raise Exception("SAE-PK was claimed to be used") @@ -254,14 +246,14 @@ def test_sae_pk_transition_disable(dev, apdev): check_sae_pk_capab(dev[0]) dev[0].set("sae_groups", "") - params = hostapd.wpa2_params(ssid=SAE_PK_SEC2_SSID) + params = hostapd.wpa2_params(ssid=SAE_PK_SSID) params['wpa_key_mgmt'] = 'SAE' params['sae_password'] = ['%s|pk=%s:%s' % (SAE_PK_SEC2_PW, SAE_PK_SEC2_M, - SAE_PK_SEC2_PK)] + SAE_PK_19_PK)] params['transition_disable'] = '0x02' hapd = hostapd.add_ap(apdev[0], params) - id = dev[0].connect(SAE_PK_SEC2_SSID, sae_password=SAE_PK_SEC2_PW, + id = dev[0].connect(SAE_PK_SSID, sae_password=SAE_PK_SEC2_PW, key_mgmt="SAE", scan_freq="2412") ev = dev[0].wait_event(["TRANSITION-DISABLE"], timeout=1) if ev is None: @@ -278,16 +270,16 @@ def test_sae_pk_mixed(dev, apdev): check_sae_pk_capab(dev[0]) dev[0].set("sae_groups", "") - params = hostapd.wpa2_params(ssid=SAE_PK_SEC2_SSID) + params = hostapd.wpa2_params(ssid=SAE_PK_SSID) params['wpa_key_mgmt'] = 'SAE' params['sae_password'] = SAE_PK_SEC2_PW hapd = hostapd.add_ap(apdev[0], params) bssid = hapd.own_addr() - params = hostapd.wpa2_params(ssid=SAE_PK_SEC2_SSID) + params = hostapd.wpa2_params(ssid=SAE_PK_SSID) params['wpa_key_mgmt'] = 'SAE' params['sae_password'] = ['%s|pk=%s:%s' % (SAE_PK_SEC2_PW, SAE_PK_SEC2_M, - SAE_PK_SEC2_PK)] + SAE_PK_19_PK)] # Disable HT from the SAE-PK BSS to make the station prefer the other BSS # by default. params['ieee80211n'] = '0' @@ -297,7 +289,7 @@ def test_sae_pk_mixed(dev, apdev): dev[0].scan_for_bss(bssid, freq=2412) dev[0].scan_for_bss(bssid2, freq=2412) - dev[0].connect(SAE_PK_SEC2_SSID, sae_password=SAE_PK_SEC2_PW, + dev[0].connect(SAE_PK_SSID, sae_password=SAE_PK_SEC2_PW, key_mgmt="SAE", scan_freq="2412") if dev[0].get_status_field("sae_pk") != "1": @@ -306,7 +298,7 @@ def test_sae_pk_mixed(dev, apdev): raise Exception("Unexpected BSSID selected") def check_sae_pk_sta_connect_failure(dev): - dev.connect(SAE_PK_SEC2_SSID, sae_password=SAE_PK_SEC2_PW, + dev.connect(SAE_PK_SSID, sae_password=SAE_PK_SEC2_PW, key_mgmt="SAE", scan_freq="2412", wait_connect=False) ev = dev.wait_event(["CTRL-EVENT-CONNECTED", "CTRL-EVENT-SSID-TEMP-DISABLED"], timeout=10) @@ -320,10 +312,10 @@ def test_sae_pk_missing_ie(dev, apdev): check_sae_pk_capab(dev[0]) dev[0].set("sae_groups", "") - params = hostapd.wpa2_params(ssid=SAE_PK_SEC2_SSID) + params = hostapd.wpa2_params(ssid=SAE_PK_SSID) params['wpa_key_mgmt'] = 'SAE' params['sae_password'] = ['%s|pk=%s:%s' % (SAE_PK_SEC2_PW, SAE_PK_SEC2_M, - SAE_PK_SEC2_PK)] + SAE_PK_19_PK)] params['sae_pk_omit'] = '1' hapd = hostapd.add_ap(apdev[0], params) check_sae_pk_sta_connect_failure(dev[0]) @@ -333,10 +325,10 @@ def test_sae_pk_unexpected_status(dev, apdev): check_sae_pk_capab(dev[0]) dev[0].set("sae_groups", "") - params = hostapd.wpa2_params(ssid=SAE_PK_SEC2_SSID) + params = hostapd.wpa2_params(ssid=SAE_PK_SSID) params['wpa_key_mgmt'] = 'SAE' params['sae_password'] = ['%s|pk=%s:%s' % (SAE_PK_SEC2_PW, SAE_PK_SEC2_M, - SAE_PK_SEC2_PK)] + SAE_PK_19_PK)] params['sae_commit_status'] = '126' hapd = hostapd.add_ap(apdev[0], params) check_sae_pk_sta_connect_failure(dev[0]) @@ -347,10 +339,10 @@ def test_sae_pk_invalid_signature(dev, apdev): dev[0].set("sae_groups", "") other = "MHcCAQEEILw+nTjFzRyhVea0G6KbwZu18oWrfhzppxj+MceUO3YLoAoGCCqGSM49AwEHoUQDQgAELdou6LuTDNiMVlMB65KsWhQFbPXR9url0EA6luWzUfAuGoDXYJUBTVz6Nv3mz6oQcDrSiDmz/LejndJ0YHGgfQ==" - params = hostapd.wpa2_params(ssid=SAE_PK_SEC2_SSID) + params = hostapd.wpa2_params(ssid=SAE_PK_SSID) params['wpa_key_mgmt'] = 'SAE' params['sae_password'] = ['%s|pk=%s:%s:%s' % (SAE_PK_SEC2_PW, SAE_PK_SEC2_M, - SAE_PK_SEC2_PK, other)] + SAE_PK_19_PK, other)] hapd = hostapd.add_ap(apdev[0], params) check_sae_pk_sta_connect_failure(dev[0]) @@ -360,9 +352,9 @@ def test_sae_pk_invalid_fingerprint(dev, apdev): dev[0].set("sae_groups", "") other = "431ff8322f93b9dc50ded9f3d14ace21" - params = hostapd.wpa2_params(ssid=SAE_PK_SEC2_SSID) + params = hostapd.wpa2_params(ssid=SAE_PK_SSID) params['wpa_key_mgmt'] = 'SAE' params['sae_password'] = ['%s|pk=%s:%s' % (SAE_PK_SEC2_PW, other, - SAE_PK_SEC2_PK)] + SAE_PK_19_PK)] hapd = hostapd.add_ap(apdev[0], params) check_sae_pk_sta_connect_failure(dev[0])