mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2025-01-18 10:54:03 -05:00
tests: SAE with Password Identifier
This verifies SAE Password Identifier functionality in both the infrastructure and mesh BSS cases. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
parent
9be19d0b9c
commit
9a0ae89d62
@ -1246,3 +1246,51 @@ def test_sae_connect_cmd(dev, apdev):
|
||||
timeout=15)
|
||||
if ev is None:
|
||||
raise Exception("No connection result reported")
|
||||
|
||||
def test_sae_password_id(dev, apdev):
|
||||
"""SAE and password identifier"""
|
||||
if "SAE" not in dev[0].get_capability("auth_alg"):
|
||||
raise HwsimSkip("SAE not supported")
|
||||
params = hostapd.wpa2_params(ssid="test-sae")
|
||||
params['wpa_key_mgmt'] = 'SAE'
|
||||
params['sae_password'] = [ 'secret|mac=ff:ff:ff:ff:ff:ff|id=pw id',
|
||||
'foo|mac=02:02:02:02:02:02',
|
||||
'another secret|mac=ff:ff:ff:ff:ff:ff|id=' + 29*'A' ]
|
||||
hapd = hostapd.add_ap(apdev[0], params)
|
||||
|
||||
dev[0].request("SET sae_groups ")
|
||||
dev[0].connect("test-sae", sae_password="secret", sae_password_id="pw id",
|
||||
key_mgmt="SAE", scan_freq="2412")
|
||||
dev[0].request("REMOVE_NETWORK all")
|
||||
dev[0].wait_disconnected()
|
||||
|
||||
# SAE Password Identifier element with the exact same length as the
|
||||
# optional Anti-Clogging Token field
|
||||
dev[0].connect("test-sae", sae_password="another secret",
|
||||
sae_password_id=29*'A',
|
||||
key_mgmt="SAE", scan_freq="2412")
|
||||
dev[0].request("REMOVE_NETWORK all")
|
||||
dev[0].wait_disconnected()
|
||||
|
||||
dev[0].connect("test-sae", sae_password="secret", sae_password_id="unknown",
|
||||
key_mgmt="SAE", scan_freq="2412", wait_connect=False)
|
||||
|
||||
ev = dev[0].wait_event(["CTRL-EVENT-SAE-UNKNOWN-PASSWORD-IDENTIFIER"],
|
||||
timeout=10)
|
||||
if ev is None:
|
||||
raise Exception("Unknown password identifier not reported")
|
||||
dev[0].request("REMOVE_NETWORK all")
|
||||
|
||||
def test_sae_forced_anti_clogging_pw_id(dev, apdev):
|
||||
"""SAE anti clogging (forced and Password Identifier)"""
|
||||
if "SAE" not in dev[0].get_capability("auth_alg"):
|
||||
raise HwsimSkip("SAE not supported")
|
||||
params = hostapd.wpa2_params(ssid="test-sae")
|
||||
params['wpa_key_mgmt'] = 'SAE'
|
||||
params['sae_anti_clogging_threshold'] = '0'
|
||||
params['sae_password'] = 'secret|id=' + 29*'A'
|
||||
hostapd.add_ap(apdev[0], params)
|
||||
for i in range(0, 2):
|
||||
dev[i].request("SET sae_groups ")
|
||||
dev[i].connect("test-sae", sae_password="secret",
|
||||
sae_password_id=29*'A', key_mgmt="SAE", scan_freq="2412")
|
||||
|
@ -305,7 +305,7 @@ def _test_mesh_open_rssi_threshold(dev, apdev, value, expected):
|
||||
": " + str(mesh_rssi_threshold))
|
||||
|
||||
def add_mesh_secure_net(dev, psk=True, pmf=False, pairwise=None, group=None,
|
||||
sae_password=False):
|
||||
sae_password=False, sae_password_id=None):
|
||||
id = dev.add_network()
|
||||
dev.set_network(id, "mode", "5")
|
||||
dev.set_network_quoted(id, "ssid", "wpas-mesh-sec")
|
||||
@ -313,6 +313,8 @@ def add_mesh_secure_net(dev, psk=True, pmf=False, pairwise=None, group=None,
|
||||
dev.set_network(id, "frequency", "2412")
|
||||
if sae_password:
|
||||
dev.set_network_quoted(id, "sae_password", "thisismypassphrase!")
|
||||
if sae_password_id:
|
||||
dev.set_network_quoted(id, "sae_password_id", sae_password_id)
|
||||
if psk:
|
||||
dev.set_network_quoted(id, "psk", "thisismypassphrase!")
|
||||
if pmf:
|
||||
@ -371,6 +373,48 @@ def test_wpas_mesh_secure_sae_password(dev, apdev):
|
||||
|
||||
hwsim_utils.test_connectivity(dev[0], dev[1])
|
||||
|
||||
def test_wpas_mesh_secure_sae_password_id(dev, apdev):
|
||||
"""Secure mesh using sae_password and password identifier"""
|
||||
check_mesh_support(dev[0], secure=True)
|
||||
dev[0].request("SET sae_groups ")
|
||||
id = add_mesh_secure_net(dev[0], psk=False, sae_password=True,
|
||||
sae_password_id="pw id")
|
||||
dev[0].mesh_group_add(id)
|
||||
|
||||
dev[1].request("SET sae_groups ")
|
||||
id = add_mesh_secure_net(dev[1], sae_password=True,
|
||||
sae_password_id="pw id")
|
||||
dev[1].mesh_group_add(id)
|
||||
|
||||
check_mesh_group_added(dev[0])
|
||||
check_mesh_group_added(dev[1])
|
||||
|
||||
check_mesh_peer_connected(dev[0])
|
||||
check_mesh_peer_connected(dev[1])
|
||||
|
||||
hwsim_utils.test_connectivity(dev[0], dev[1])
|
||||
|
||||
def test_wpas_mesh_secure_sae_password_id_mismatch(dev, apdev):
|
||||
"""Secure mesh using sae_password and password identifier mismatch"""
|
||||
check_mesh_support(dev[0], secure=True)
|
||||
dev[0].request("SET sae_groups ")
|
||||
id = add_mesh_secure_net(dev[0], psk=False, sae_password=True,
|
||||
sae_password_id="pw id")
|
||||
dev[0].mesh_group_add(id)
|
||||
|
||||
dev[1].request("SET sae_groups ")
|
||||
id = add_mesh_secure_net(dev[1], sae_password=True,
|
||||
sae_password_id="wrong")
|
||||
dev[1].mesh_group_add(id)
|
||||
|
||||
check_mesh_group_added(dev[0])
|
||||
check_mesh_group_added(dev[1])
|
||||
|
||||
ev = dev[0].wait_event(["CTRL-EVENT-SAE-UNKNOWN-PASSWORD-IDENTIFIER"],
|
||||
timeout=10)
|
||||
if ev is None:
|
||||
raise Exception("Unknown Password Identifier not noticed")
|
||||
|
||||
def test_mesh_secure_pmf(dev, apdev):
|
||||
"""Secure mesh network connectivity with PMF enabled"""
|
||||
check_mesh_support(dev[0], secure=True)
|
||||
|
@ -1011,7 +1011,8 @@ class WpaSupplicant:
|
||||
"private_key2", "phase1", "phase2", "domain_suffix_match",
|
||||
"altsubject_match", "subject_match", "pac_file", "dh_file",
|
||||
"bgscan", "ht_mcs", "id_str", "openssl_ciphers",
|
||||
"domain_match", "dpp_connector", "sae_password" ]
|
||||
"domain_match", "dpp_connector", "sae_password",
|
||||
"sae_password_id" ]
|
||||
for field in quoted:
|
||||
if field in kwargs and kwargs[field]:
|
||||
self.set_network_quoted(id, field, kwargs[field])
|
||||
|
Loading…
Reference in New Issue
Block a user