|
|
@@ -9,7 +9,7 @@ import logging
|
|
|
logger = logging.getLogger()
|
|
|
|
|
|
import hostapd
|
|
|
-from utils import HwsimSkip
|
|
|
+from utils import HwsimSkip, fail_test
|
|
|
|
|
|
def check_suite_b_capa(dev):
|
|
|
if "GCMP" not in dev[0].get_capability("pairwise"):
|
|
|
@@ -32,10 +32,7 @@ def check_suite_b_tls_lib(dev):
|
|
|
if not supported:
|
|
|
raise HwsimSkip("OpenSSL version not supported for Suite B: " + tls)
|
|
|
|
|
|
-def test_suite_b(dev, apdev):
|
|
|
- """WPA2/GCMP connection at Suite B 128-bit level"""
|
|
|
- check_suite_b_capa(dev)
|
|
|
- dev[0].flush_scan_cache()
|
|
|
+def suite_b_ap_params():
|
|
|
params = { "ssid": "test-suite-b",
|
|
|
"wpa": "2",
|
|
|
"wpa_key_mgmt": "WPA-EAP-SUITE-B",
|
|
|
@@ -50,6 +47,13 @@ def test_suite_b(dev, apdev):
|
|
|
"ca_cert": "auth_serv/ec-ca.pem",
|
|
|
"server_cert": "auth_serv/ec-server.pem",
|
|
|
"private_key": "auth_serv/ec-server.key" }
|
|
|
+ return params
|
|
|
+
|
|
|
+def test_suite_b(dev, apdev):
|
|
|
+ """WPA2/GCMP connection at Suite B 128-bit level"""
|
|
|
+ check_suite_b_capa(dev)
|
|
|
+ dev[0].flush_scan_cache()
|
|
|
+ params = suite_b_ap_params()
|
|
|
hapd = hostapd.add_ap(apdev[0]['ifname'], params)
|
|
|
|
|
|
dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B", ieee80211w="2",
|
|
|
@@ -131,10 +135,7 @@ def check_suite_b_192_capa(dev):
|
|
|
raise HwsimSkip("WPA-EAP-SUITE-B-192 not supported")
|
|
|
check_suite_b_tls_lib(dev)
|
|
|
|
|
|
-def test_suite_b_192(dev, apdev):
|
|
|
- """WPA2/GCMP-256 connection at Suite B 192-bit level"""
|
|
|
- check_suite_b_192_capa(dev)
|
|
|
- dev[0].flush_scan_cache()
|
|
|
+def suite_b_192_ap_params():
|
|
|
params = { "ssid": "test-suite-b",
|
|
|
"wpa": "2",
|
|
|
"wpa_key_mgmt": "WPA-EAP-SUITE-B-192",
|
|
|
@@ -148,6 +149,13 @@ def test_suite_b_192(dev, apdev):
|
|
|
"ca_cert": "auth_serv/ec2-ca.pem",
|
|
|
"server_cert": "auth_serv/ec2-server.pem",
|
|
|
"private_key": "auth_serv/ec2-server.key" }
|
|
|
+ return params
|
|
|
+
|
|
|
+def test_suite_b_192(dev, apdev):
|
|
|
+ """WPA2/GCMP-256 connection at Suite B 192-bit level"""
|
|
|
+ check_suite_b_192_capa(dev)
|
|
|
+ dev[0].flush_scan_cache()
|
|
|
+ params = suite_b_192_ap_params()
|
|
|
hapd = hostapd.add_ap(apdev[0]['ifname'], params)
|
|
|
|
|
|
dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
|
|
|
@@ -211,3 +219,75 @@ def test_suite_b_192_radius(dev, apdev):
|
|
|
client_cert="auth_serv/ec2-user.pem",
|
|
|
private_key="auth_serv/ec2-user.key",
|
|
|
pairwise="GCMP-256", group="GCMP-256", scan_freq="2412")
|
|
|
+
|
|
|
+def test_suite_b_pmkid_failure(dev, apdev):
|
|
|
+ """WPA2/GCMP connection at Suite B 128-bit level and PMKID derivation failure"""
|
|
|
+ check_suite_b_capa(dev)
|
|
|
+ dev[0].flush_scan_cache()
|
|
|
+ params = suite_b_ap_params()
|
|
|
+ hapd = hostapd.add_ap(apdev[0]['ifname'], params)
|
|
|
+
|
|
|
+ with fail_test(dev[0], 1, "rsn_pmkid_suite_b"):
|
|
|
+ dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B",
|
|
|
+ ieee80211w="2",
|
|
|
+ openssl_ciphers="SUITEB128",
|
|
|
+ eap="TLS", identity="tls user",
|
|
|
+ ca_cert="auth_serv/ec-ca.pem",
|
|
|
+ client_cert="auth_serv/ec-user.pem",
|
|
|
+ private_key="auth_serv/ec-user.key",
|
|
|
+ pairwise="GCMP", group="GCMP", scan_freq="2412")
|
|
|
+
|
|
|
+def test_suite_b_192_pmkid_failure(dev, apdev):
|
|
|
+ """WPA2/GCMP-256 connection at Suite B 192-bit level and PMKID derivation failure"""
|
|
|
+ check_suite_b_192_capa(dev)
|
|
|
+ dev[0].flush_scan_cache()
|
|
|
+ params = suite_b_192_ap_params()
|
|
|
+ hapd = hostapd.add_ap(apdev[0]['ifname'], params)
|
|
|
+
|
|
|
+ with fail_test(dev[0], 1, "rsn_pmkid_suite_b"):
|
|
|
+ dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
|
|
|
+ ieee80211w="2",
|
|
|
+ openssl_ciphers="SUITEB192",
|
|
|
+ eap="TLS", identity="tls user",
|
|
|
+ ca_cert="auth_serv/ec2-ca.pem",
|
|
|
+ client_cert="auth_serv/ec2-user.pem",
|
|
|
+ private_key="auth_serv/ec2-user.key",
|
|
|
+ pairwise="GCMP-256", group="GCMP-256", scan_freq="2412")
|
|
|
+
|
|
|
+def test_suite_b_mic_failure(dev, apdev):
|
|
|
+ """WPA2/GCMP connection at Suite B 128-bit level and MIC derivation failure"""
|
|
|
+ check_suite_b_capa(dev)
|
|
|
+ dev[0].flush_scan_cache()
|
|
|
+ params = suite_b_ap_params()
|
|
|
+ hapd = hostapd.add_ap(apdev[0]['ifname'], params)
|
|
|
+
|
|
|
+ with fail_test(dev[0], 1, "wpa_eapol_key_mic"):
|
|
|
+ dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B",
|
|
|
+ ieee80211w="2",
|
|
|
+ openssl_ciphers="SUITEB128",
|
|
|
+ eap="TLS", identity="tls user",
|
|
|
+ ca_cert="auth_serv/ec-ca.pem",
|
|
|
+ client_cert="auth_serv/ec-user.pem",
|
|
|
+ private_key="auth_serv/ec-user.key",
|
|
|
+ pairwise="GCMP", group="GCMP", scan_freq="2412",
|
|
|
+ wait_connect=False)
|
|
|
+ dev[0].wait_disconnected()
|
|
|
+
|
|
|
+def test_suite_b_192_mic_failure(dev, apdev):
|
|
|
+ """WPA2/GCMP connection at Suite B 192-bit level and MIC derivation failure"""
|
|
|
+ check_suite_b_capa(dev)
|
|
|
+ dev[0].flush_scan_cache()
|
|
|
+ params = suite_b_192_ap_params()
|
|
|
+ hapd = hostapd.add_ap(apdev[0]['ifname'], params)
|
|
|
+
|
|
|
+ with fail_test(dev[0], 1, "wpa_eapol_key_mic"):
|
|
|
+ dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
|
|
|
+ ieee80211w="2",
|
|
|
+ openssl_ciphers="SUITEB192",
|
|
|
+ eap="TLS", identity="tls user",
|
|
|
+ ca_cert="auth_serv/ec2-ca.pem",
|
|
|
+ client_cert="auth_serv/ec2-user.pem",
|
|
|
+ private_key="auth_serv/ec2-user.key",
|
|
|
+ pairwise="GCMP-256", group="GCMP-256", scan_freq="2412",
|
|
|
+ wait_connect=False)
|
|
|
+ dev[0].wait_disconnected()
|
Jouni Malinen