logger = logging.getLogger()
import hostapd
-from utils import HwsimSkip
+from utils import HwsimSkip, fail_test
def check_suite_b_capa(dev):
if "GCMP" not in dev[0].get_capability("pairwise"):
def check_suite_b_tls_lib(dev):
tls = dev[0].request("GET tls_library")
if not tls.startswith("OpenSSL"):
- raise HwsimSkip("TLS library not supported for Suite B: " + tls);
+ raise HwsimSkip("TLS library not supported for Suite B: " + tls)
supported = False
for ver in [ '1.0.2', '1.1.0' ]:
if "build=OpenSSL " + ver in tls and "run=OpenSSL " + ver in tls:
if not supported:
raise HwsimSkip("OpenSSL version not supported for Suite B: " + tls)
-def test_suite_b(dev, apdev):
- """WPA2/GCMP connection at Suite B 128-bit level"""
- check_suite_b_capa(dev)
- dev[0].flush_scan_cache()
+def suite_b_ap_params():
params = { "ssid": "test-suite-b",
"wpa": "2",
"wpa_key_mgmt": "WPA-EAP-SUITE-B",
"ca_cert": "auth_serv/ec-ca.pem",
"server_cert": "auth_serv/ec-server.pem",
"private_key": "auth_serv/ec-server.key" }
- hapd = hostapd.add_ap(apdev[0]['ifname'], params)
+ return params
+
+def test_suite_b(dev, apdev):
+ """WPA2/GCMP connection at Suite B 128-bit level"""
+ check_suite_b_capa(dev)
+ dev[0].flush_scan_cache()
+ params = suite_b_ap_params()
+ hapd = hostapd.add_ap(apdev[0], params)
dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B", ieee80211w="2",
openssl_ciphers="SUITEB128",
check_suite_b_capa(dev)
dev[0].flush_scan_cache()
params = suite_b_as_params()
- hostapd.add_ap(apdev[1]['ifname'], params)
+ hostapd.add_ap(apdev[1], params)
params = { "ssid": "test-suite-b",
"wpa": "2",
'auth_server_port': "18129",
'auth_server_shared_secret': "radius",
'nas_identifier': "nas.w1.fi" }
- hapd = hostapd.add_ap(apdev[0]['ifname'], params)
+ hapd = hostapd.add_ap(apdev[0], params)
dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B", ieee80211w="2",
openssl_ciphers="SUITEB128",
raise HwsimSkip("WPA-EAP-SUITE-B-192 not supported")
check_suite_b_tls_lib(dev)
-def test_suite_b_192(dev, apdev):
- """WPA2/GCMP-256 connection at Suite B 192-bit level"""
- check_suite_b_192_capa(dev)
- dev[0].flush_scan_cache()
+def suite_b_192_ap_params():
params = { "ssid": "test-suite-b",
"wpa": "2",
"wpa_key_mgmt": "WPA-EAP-SUITE-B-192",
"ca_cert": "auth_serv/ec2-ca.pem",
"server_cert": "auth_serv/ec2-server.pem",
"private_key": "auth_serv/ec2-server.key" }
- hapd = hostapd.add_ap(apdev[0]['ifname'], params)
+ return params
+
+def test_suite_b_192(dev, apdev):
+ """WPA2/GCMP-256 connection at Suite B 192-bit level"""
+ check_suite_b_192_capa(dev)
+ dev[0].flush_scan_cache()
+ params = suite_b_192_ap_params()
+ hapd = hostapd.add_ap(apdev[0], params)
dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
ieee80211w="2",
params['server_cert'] = 'auth_serv/ec2-server.pem'
params['private_key'] = 'auth_serv/ec2-server.key'
params['openssl_ciphers'] = 'SUITEB192'
- hostapd.add_ap(apdev[1]['ifname'], params)
+ hostapd.add_ap(apdev[1], params)
params = { "ssid": "test-suite-b",
"wpa": "2",
'auth_server_port': "18129",
'auth_server_shared_secret': "radius",
'nas_identifier': "nas.w1.fi" }
- hapd = hostapd.add_ap(apdev[0]['ifname'], params)
+ hapd = hostapd.add_ap(apdev[0], params)
dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
ieee80211w="2",
client_cert="auth_serv/ec2-user.pem",
private_key="auth_serv/ec2-user.key",
pairwise="GCMP-256", group="GCMP-256", scan_freq="2412")
+
+def test_suite_b_pmkid_failure(dev, apdev):
+ """WPA2/GCMP connection at Suite B 128-bit level and PMKID derivation failure"""
+ check_suite_b_capa(dev)
+ dev[0].flush_scan_cache()
+ params = suite_b_ap_params()
+ hapd = hostapd.add_ap(apdev[0], params)
+
+ with fail_test(dev[0], 1, "rsn_pmkid_suite_b"):
+ dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B",
+ ieee80211w="2",
+ openssl_ciphers="SUITEB128",
+ eap="TLS", identity="tls user",
+ ca_cert="auth_serv/ec-ca.pem",
+ client_cert="auth_serv/ec-user.pem",
+ private_key="auth_serv/ec-user.key",
+ pairwise="GCMP", group="GCMP", scan_freq="2412")
+
+def test_suite_b_192_pmkid_failure(dev, apdev):
+ """WPA2/GCMP-256 connection at Suite B 192-bit level and PMKID derivation failure"""
+ check_suite_b_192_capa(dev)
+ dev[0].flush_scan_cache()
+ params = suite_b_192_ap_params()
+ hapd = hostapd.add_ap(apdev[0], params)
+
+ with fail_test(dev[0], 1, "rsn_pmkid_suite_b"):
+ dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
+ ieee80211w="2",
+ openssl_ciphers="SUITEB192",
+ eap="TLS", identity="tls user",
+ ca_cert="auth_serv/ec2-ca.pem",
+ client_cert="auth_serv/ec2-user.pem",
+ private_key="auth_serv/ec2-user.key",
+ pairwise="GCMP-256", group="GCMP-256", scan_freq="2412")
+
+def test_suite_b_mic_failure(dev, apdev):
+ """WPA2/GCMP connection at Suite B 128-bit level and MIC derivation failure"""
+ check_suite_b_capa(dev)
+ dev[0].flush_scan_cache()
+ params = suite_b_ap_params()
+ hapd = hostapd.add_ap(apdev[0], params)
+
+ with fail_test(dev[0], 1, "wpa_eapol_key_mic"):
+ dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B",
+ ieee80211w="2",
+ openssl_ciphers="SUITEB128",
+ eap="TLS", identity="tls user",
+ ca_cert="auth_serv/ec-ca.pem",
+ client_cert="auth_serv/ec-user.pem",
+ private_key="auth_serv/ec-user.key",
+ pairwise="GCMP", group="GCMP", scan_freq="2412",
+ wait_connect=False)
+ dev[0].wait_disconnected()
+
+def test_suite_b_192_mic_failure(dev, apdev):
+ """WPA2/GCMP connection at Suite B 192-bit level and MIC derivation failure"""
+ check_suite_b_capa(dev)
+ dev[0].flush_scan_cache()
+ params = suite_b_192_ap_params()
+ hapd = hostapd.add_ap(apdev[0], params)
+
+ with fail_test(dev[0], 1, "wpa_eapol_key_mic"):
+ dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
+ ieee80211w="2",
+ openssl_ciphers="SUITEB192",
+ eap="TLS", identity="tls user",
+ ca_cert="auth_serv/ec2-ca.pem",
+ client_cert="auth_serv/ec2-user.pem",
+ private_key="auth_serv/ec2-user.key",
+ pairwise="GCMP-256", group="GCMP-256", scan_freq="2412",
+ wait_connect=False)
+ dev[0].wait_disconnected()