From fca9ef3feeba080b37c8896ca88b15aa4ab450b7 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sat, 30 May 2020 23:30:42 +0300 Subject: [PATCH] tests: SAE-PK Signed-off-by: Jouni Malinen --- tests/hwsim/example-hostapd.config | 1 + tests/hwsim/example-wpa_supplicant.config | 1 + tests/hwsim/test_sae_pk.py | 121 ++++++++++++++++++++++ tests/hwsim/utils.py | 4 + 4 files changed, 127 insertions(+) create mode 100644 tests/hwsim/test_sae_pk.py diff --git a/tests/hwsim/example-hostapd.config b/tests/hwsim/example-hostapd.config index f1a9adf7b..972d35c75 100644 --- a/tests/hwsim/example-hostapd.config +++ b/tests/hwsim/example-hostapd.config @@ -71,6 +71,7 @@ CONFIG_INTERWORKING=y CONFIG_HS20=y CONFIG_SQLITE=y CONFIG_SAE=y +CONFIG_SAE_PK=y CFLAGS += -DALL_DH_GROUPS CONFIG_FST=y diff --git a/tests/hwsim/example-wpa_supplicant.config b/tests/hwsim/example-wpa_supplicant.config index 253f329bb..9e3cc67e4 100644 --- a/tests/hwsim/example-wpa_supplicant.config +++ b/tests/hwsim/example-wpa_supplicant.config @@ -116,6 +116,7 @@ CONFIG_EXT_PASSWORD_TEST=y CONFIG_EAP_UNAUTH_TLS=y CONFIG_SAE=y +CONFIG_SAE_PK=y CFLAGS += -DALL_DH_GROUPS CONFIG_WNM=y diff --git a/tests/hwsim/test_sae_pk.py b/tests/hwsim/test_sae_pk.py new file mode 100644 index 000000000..dfecbc5e9 --- /dev/null +++ b/tests/hwsim/test_sae_pk.py @@ -0,0 +1,121 @@ +# Test cases for SAE-PK +# Copyright (c) 2020, The Linux Foundation +# +# This software may be distributed under the terms of the BSD license. +# See README for more details. + +import hostapd +from utils import * + +def run_sae_pk(apdev, dev, ssid, pw, m, pk, ap_groups=None): + params = hostapd.wpa2_params(ssid=ssid) + params['wpa_key_mgmt'] = 'SAE' + params['sae_password'] = ['%s|pk=%s:%s' % (pw, m, pk)] + if ap_groups: + params['sae_groups'] = ap_groups + hapd = hostapd.add_ap(apdev, params) + bssid = hapd.own_addr() + + dev.connect(ssid, sae_password=pw, key_mgmt="SAE", scan_freq="2412") + bss = dev.get_bss(bssid) + if 'flags' not in bss: + raise Exception("Could not get BSS flags from BSS table") + if "[SAE-H2E]" not in bss['flags'] or "[SAE-PK]" not in bss['flags']: + raise Exception("Unexpected BSS flags: " + bss['flags']) + dev.request("REMOVE_NETWORK *") + dev.wait_disconnected() + hapd.disable() + +def test_sae_pk(dev, apdev): + """SAE-PK""" + check_sae_pk_capab(dev[0]) + dev[0].set("sae_groups", "") + + ssid = "SAE-PK test" + pw = "dwxm-zv66-p5ue-fotp-owjy-lfby-2xpg-vmwq-chtz-hilu-m3t2-qleg" + m = "431ff8322f93b9dc50ded9f3d14ace22" + pk = "MHcCAQEEIAJIGlfnteonDb7rQyP/SGQjwzrZAnfrXIm4280VWajYoAoGCCqGSM49AwEHoUQDQgAEeRkstKQV+FSAMqBayqFknn2nAQsdsh/MhdX6tiHOTAFin/sUMFRMyspPtIu7YvlKdsexhI0jPVhaYZn1jKWhZg==" + + for i in range(6, len(pw) + 1): + p = pw[:i] + if p.endswith('-'): + continue + run_sae_pk(apdev[0], dev[0], ssid, p, m, pk) + +def test_sae_pk_group_negotiation(dev, apdev): + """SAE-PK""" + check_sae_pk_capab(dev[0]) + dev[0].set("sae_groups", "20 19") + + ssid = "SAE-PK test" + pw = "dwxm-zv66-p5ue-fotp-owjy-lfby-2xpg-vmwq-chtz-hilu-m3t2-qleg" + m = "431ff8322f93b9dc50ded9f3d14ace22" + pk = "MHcCAQEEIAJIGlfnteonDb7rQyP/SGQjwzrZAnfrXIm4280VWajYoAoGCCqGSM49AwEHoUQDQgAEeRkstKQV+FSAMqBayqFknn2nAQsdsh/MhdX6tiHOTAFin/sUMFRMyspPtIu7YvlKdsexhI0jPVhaYZn1jKWhZg==" + + try: + run_sae_pk(apdev[0], dev[0], ssid, pw, m, pk, ap_groups="19 20") + finally: + dev[0].set("sae_groups", "") + +def test_sae_pk_sec_2(dev, apdev): + """SAE-PK with Sec 2""" + check_sae_pk_capab(dev[0]) + dev[0].set("sae_groups", "") + + ssid = "SAE-PK test" + pw = "dwxm-zv66-p5ue" + m = "431ff8322f93b9dc50ded9f3d14ace22" + pk = "MHcCAQEEIAJIGlfnteonDb7rQyP/SGQjwzrZAnfrXIm4280VWajYoAoGCCqGSM49AwEHoUQDQgAEeRkstKQV+FSAMqBayqFknn2nAQsdsh/MhdX6tiHOTAFin/sUMFRMyspPtIu7YvlKdsexhI0jPVhaYZn1jKWhZg==" + + run_sae_pk(apdev[0], dev[0], ssid, pw, m, pk) + +def test_sae_pk_sec_3(dev, apdev): + """SAE-PK with Sec 3""" + check_sae_pk_capab(dev[0]) + dev[0].set("sae_groups", "") + + ssid = "SAE-PK test" + pw = "iian-qey6-pu5t" + m = "128e51ddb5e2e24388f9ed14b687e2eb" + pk = "MHcCAQEEIAJIGlfnteonDb7rQyP/SGQjwzrZAnfrXIm4280VWajYoAoGCCqGSM49AwEHoUQDQgAEeRkstKQV+FSAMqBayqFknn2nAQsdsh/MhdX6tiHOTAFin/sUMFRMyspPtIu7YvlKdsexhI0jPVhaYZn1jKWhZg==" + + run_sae_pk(apdev[0], dev[0], ssid, pw, m, pk) + +def test_sae_pk_sec_4(dev, apdev): + """SAE-PK with Sec 4""" + check_sae_pk_capab(dev[0]) + dev[0].set("sae_groups", "") + + ssid = "SAE-PK test" + pw = "ssko-2lmu-7hzs-bqct" + m = "a5e38c7251ea310cc348fbcdadfa8bcb" + pk = "MHcCAQEEIAJIGlfnteonDb7rQyP/SGQjwzrZAnfrXIm4280VWajYoAoGCCqGSM49AwEHoUQDQgAEeRkstKQV+FSAMqBayqFknn2nAQsdsh/MhdX6tiHOTAFin/sUMFRMyspPtIu7YvlKdsexhI0jPVhaYZn1jKWhZg==" + + run_sae_pk(apdev[0], dev[0], ssid, pw, m, pk) + +def test_sae_pk_sec_5(dev, apdev): + """SAE-PK with Sec 5""" + check_sae_pk_capab(dev[0]) + dev[0].set("sae_groups", "") + + ssid = "SAE-PK test" + pw = "3qqu-f4xq-dz37-fes3-fbgc" + m = "d2e5fa27d1be8897f987f2d480d2af6b" + pk = "MHcCAQEEIAJIGlfnteonDb7rQyP/SGQjwzrZAnfrXIm4280VWajYoAoGCCqGSM49AwEHoUQDQgAEeRkstKQV+FSAMqBayqFknn2nAQsdsh/MhdX6tiHOTAFin/sUMFRMyspPtIu7YvlKdsexhI0jPVhaYZn1jKWhZg==" + + run_sae_pk(apdev[0], dev[0], ssid, pw, m, pk) + +def test_sae_pk_group_20(dev, apdev): + """SAE-PK with group 20""" + check_sae_pk_capab(dev[0]) + dev[0].set("sae_groups", "20") + + ssid = "SAE-PK test" + pw = "f3bh-5un3-wz7o-al3p" + m = "50bf37ba0033ed110a74e3a7aa52f4e9" + pk = "MIGkAgEBBDA4wpA6w/fK0g3a2V6QmcoxNoFCVuQPyzWvKYimJkgXsVsXt2ERXQ7dGOVXeycM5DqgBwYFK4EEACKhZANiAARTdszGBNe2PGCnc8Wvs+IDvdVEf4PPBrty0meRZf6UTbGouquTHpy6KKTq5sxrulYzsQFimg4op0UJBGxAzqo0EtTgMlLiBvY0I3Nl3N69MhWo8nvnmguvGGN32AAPXpQ=" + + try: + run_sae_pk(apdev[0], dev[0], ssid, pw, m, pk, ap_groups="20") + finally: + dev[0].set("sae_groups", "") diff --git a/tests/hwsim/utils.py b/tests/hwsim/utils.py index 714f7644f..3aa7c4497 100644 --- a/tests/hwsim/utils.py +++ b/tests/hwsim/utils.py @@ -113,6 +113,10 @@ def check_sae_capab(dev): if "SAE" not in dev.get_capability("auth_alg"): raise HwsimSkip("SAE not supported") +def check_sae_pk_capab(dev): + if "PK" not in dev.get_capability("sae"): + raise HwsimSkip("SAE-PK not supported") + def check_tls_tod(dev): tls = dev.request("GET tls_library") if not tls.startswith("OpenSSL") and not tls.startswith("internal"):