From patchwork Thu Apr 8 09:06:23 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilan Peer X-Patchwork-Id: 1463692 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2001:8b0:10b:1:d65d:64ff:fe57:4e05; helo=desiato.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=desiato.20200630 header.b=mC500LV3; dkim-atps=neutral Received: from desiato.infradead.org (desiato.infradead.org [IPv6:2001:8b0:10b:1:d65d:64ff:fe57:4e05]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4FGFlg6Yqtz9sTD for ; Thu, 8 Apr 2021 19:07:43 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=desiato.20200630; h=Sender:Content-Transfer-Encoding :Content-Type:MIME-Version:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:References:In-Reply-To:Message-Id:Date:Subject:Cc:To :From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=9M0VUg/lkQu9u6Xh59yHB7o2tevgD3BDByL1z7K8cCE=; b=mC500LV3lGyOVKgoGfrDzIhGoX oXgv7plznJCdvG5qKCk10Q6z6anvuoa2srWkG+8taGsKdaYRWGt0ZKpqpSRAA4HxMKlWqvBOT6pK9 QZ5RI0+QIQbEOtixZsCHSJE9G2sZbnSwJzK068ItPUMndz0dFcDMZdCDoBKpeDO2KH2Ao/hOq+3zw uKoiQDQvRxfuM6uIV+X0Y5zMQZz3hJBqn5FvJX4qDMX3ZyRL0wh+p5uMo2zQzZy4ZUgAmHii4mwgQ iNATJBvRUATkOHvpp3gqBaR6xfmejGdskDnV8H1gFvKqZGNMyTy3HOfM4PvmXNic0D6T1fplQhIoh VoPAFRHQ==; Received: from localhost ([::1] helo=desiato.infradead.org) by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux)) id 1lUQd5-007Q9Z-Br; Thu, 08 Apr 2021 09:07:11 +0000 Received: from mga09.intel.com ([134.134.136.24]) by desiato.infradead.org with esmtps (Exim 4.94 #2 (Red Hat Linux)) id 1lUQce-007Q4A-79 for hostap@lists.infradead.org; Thu, 08 Apr 2021 09:06:46 +0000 IronPort-SDR: +irhAFweFqANvJbM4aeJkUpgdzESqFiDmzlVkNuxafiNfYSPpzqpKsI37DejYMq8xHwiqu19xE Snf3bt3rZTng== X-IronPort-AV: E=McAfee;i="6000,8403,9947"; a="193609772" X-IronPort-AV: E=Sophos;i="5.82,205,1613462400"; d="scan'208";a="193609772" Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 08 Apr 2021 02:06:39 -0700 IronPort-SDR: qC73akZE7gUOmREXuO5M5PNnxwCDhwlANMlHgIloKDTzqMCgDV7VLFwJXiDvWIkIenW2j5DI+z J14qEx9XBShg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.82,205,1613462400"; d="scan'208";a="441676034" Received: from jed01615.jer.intel.com ([10.12.217.51]) by fmsmga004.fm.intel.com with ESMTP; 08 Apr 2021 02:06:38 -0700 From: Ilan Peer To: hostap@lists.infradead.org Cc: Ilan Peer Subject: [PATCH 4/5] tests: Update PASN tests with SAE to use sae_pwe=2 Date: Thu, 8 Apr 2021 12:06:23 +0300 Message-Id: <20210408090624.9490-4-ilan.peer@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210408090624.9490-1-ilan.peer@intel.com> References: <20210408090624.9490-1-ilan.peer@intel.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210408_100644_629710_19BB90B6 X-CRM114-Status: UNSURE ( 9.96 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -2.3 (--) X-Spam-Report: Spam detection software, running on the system "desiato.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: As a preparation for changing wpa_supplicant and hostapd implementation to use SAE H2E only. Signed-off-by: Ilan Peer --- tests/hwsim/test_pasn.py | 118 ++++++++++++++++++++++++ 1 file changed, 73 insertions(+), 45 deletions(-) Content analysis details: (-2.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/, medium trust [134.134.136.24 listed in list.dnswl.org] 0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3) [134.134.136.24 listed in wl.mailspike.net] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.0 RCVD_IN_MSPIKE_WL Mailspike good senders X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org As a preparation for changing wpa_supplicant and hostapd implementation to use SAE H2E only. Signed-off-by: Ilan Peer --- tests/hwsim/test_pasn.py | 118 ++++++++++++++++++++++++--------------- 1 file changed, 73 insertions(+), 45 deletions(-) diff --git a/tests/hwsim/test_pasn.py b/tests/hwsim/test_pasn.py index 19c88966bc..10175b300b 100644 --- a/tests/hwsim/test_pasn.py +++ b/tests/hwsim/test_pasn.py @@ -232,18 +232,23 @@ def test_pasn_sae_pmksa_cache(dev, apdev): params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678") params['wpa_key_mgmt'] = 'SAE PASN' + params['sae_pwe'] = "2" hapd = start_pasn_ap(apdev[0], params) - dev[0].set("sae_groups", "19") - dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE", scan_freq="2412") + try: + dev[0].set("sae_groups", "19") + dev[0].set("sae_pwe", "2") + dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE", scan_freq="2412") - hapd.wait_sta() - hwsim_utils.test_connectivity(dev[0], hapd) + hapd.wait_sta() + hwsim_utils.test_connectivity(dev[0], hapd) - dev[0].request("DISCONNECT") - dev[0].wait_disconnected() + dev[0].request("DISCONNECT") + dev[0].wait_disconnected() - check_pasn_akmp_cipher(dev[0], hapd, "SAE", "CCMP") + check_pasn_akmp_cipher(dev[0], hapd, "SAE", "CCMP") + finally: + dev[0].set("sae_pwe", "0") def check_pasn_fils_pmksa_cache(dev, apdev, params, key_mgmt): check_fils_capa(dev[0]) @@ -299,16 +304,19 @@ def test_pasn_sae_kdk(dev, apdev): params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678") params['wpa_key_mgmt'] = 'SAE PASN' + params['sae_pwe'] = "2" params['force_kdk_derivation'] = "1" hapd = start_pasn_ap(apdev[0], params) dev[0].set("force_kdk_derivation", "1") + dev[0].set("sae_pwe", "2") dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE", scan_freq="2412") check_pasn_ptk(dev[0], hapd, "CCMP", clear_keys=False) finally: dev[0].set("force_kdk_derivation", "0") + dev[0].set("sae_pwe", "0") def check_pasn_fils_kdk(dev, apdev, params, key_mgmt): @@ -384,23 +392,28 @@ def test_pasn_sae(dev, apdev): params = hostapd.wpa2_params(ssid="test-pasn-sae", passphrase="12345678") params['wpa_key_mgmt'] = 'SAE PASN' + params['sae_pwe'] = "2" hapd = start_pasn_ap(apdev[0], params) - dev[0].connect("test-pasn-sae", psk="12345678", key_mgmt="SAE", scan_freq="2412", - only_add_network=True) + try: + dev[0].set("sae_pwe", "2") + dev[0].connect("test-pasn-sae", psk="12345678", key_mgmt="SAE", scan_freq="2412", + only_add_network=True) - # first test with a valid PSK - check_pasn_akmp_cipher(dev[0], hapd, "SAE", "CCMP", nid="0") + # first test with a valid PSK + check_pasn_akmp_cipher(dev[0], hapd, "SAE", "CCMP", nid="0") - # And now with PMKSA caching - check_pasn_akmp_cipher(dev[0], hapd, "SAE", "CCMP") + # And now with PMKSA caching + check_pasn_akmp_cipher(dev[0], hapd, "SAE", "CCMP") - # And now with a wrong passphrase - if "FAIL" in dev[0].request("PMKSA_FLUSH"): - raise Exception("PMKSA_FLUSH failed") + # And now with a wrong passphrase + if "FAIL" in dev[0].request("PMKSA_FLUSH"): + raise Exception("PMKSA_FLUSH failed") - dev[0].set_network_quoted(0, "psk", "12345678787") - check_pasn_akmp_cipher(dev[0], hapd, "SAE", "CCMP", status=1, nid="0") + dev[0].set_network_quoted(0, "psk", "12345678787") + check_pasn_akmp_cipher(dev[0], hapd, "SAE", "CCMP", status=1, nid="0") + finally: + dev[0].set("sae_pwe", "0") @remote_compatible def test_pasn_sae_while_connected_same_channel(dev, apdev): @@ -412,18 +425,23 @@ def test_pasn_sae_while_connected_same_channel(dev, apdev): passphrase="12345678") hapd = hostapd.add_ap(apdev[0], params) - dev[0].connect("test-pasn-wpa2-psk", psk="12345678", scan_freq="2412") + try: + dev[0].set("sae_pwe", "2") + dev[0].connect("test-pasn-wpa2-psk", psk="12345678", scan_freq="2412") - params = hostapd.wpa2_params(ssid="test-pasn-sae", - passphrase="12345678") + params = hostapd.wpa2_params(ssid="test-pasn-sae", + passphrase="12345678") - params['wpa_key_mgmt'] = 'SAE PASN' - hapd = start_pasn_ap(apdev[1], params) + params['wpa_key_mgmt'] = 'SAE PASN' + params['sae_pwe'] = "2" + hapd = start_pasn_ap(apdev[1], params) - dev[0].connect("test-pasn-sae", psk="12345678", key_mgmt="SAE", - scan_freq="2412", only_add_network=True) + dev[0].connect("test-pasn-sae", psk="12345678", key_mgmt="SAE", + scan_freq="2412", only_add_network=True) - check_pasn_akmp_cipher(dev[0], hapd, "SAE", "CCMP", nid="1") + check_pasn_akmp_cipher(dev[0], hapd, "SAE", "CCMP", nid="1") + finally: + dev[0].set("sae_pwe", "0") @remote_compatible def test_pasn_sae_while_connected_diff_channel(dev, apdev): @@ -443,18 +461,23 @@ def test_pasn_sae_while_connected_diff_channel(dev, apdev): params['channel'] = "6" hapd = hostapd.add_ap(apdev[0], params) - wpas.connect("test-pasn-wpa2-psk", psk="12345678", scan_freq="2437") + try: + wpas.set("sae_pwe", "2") + wpas.connect("test-pasn-wpa2-psk", psk="12345678", scan_freq="2437") - params = hostapd.wpa2_params(ssid="test-pasn-sae", - passphrase="12345678") + params = hostapd.wpa2_params(ssid="test-pasn-sae", + passphrase="12345678") - params['wpa_key_mgmt'] = 'SAE PASN' - hapd = start_pasn_ap(apdev[1], params) + params['wpa_key_mgmt'] = 'SAE PASN' + params['sae_pwe'] = "2" + hapd = start_pasn_ap(apdev[1], params) - wpas.connect("test-pasn-sae", psk="12345678", key_mgmt="SAE", - scan_freq="2412", only_add_network=True) + wpas.connect("test-pasn-sae", psk="12345678", key_mgmt="SAE", + scan_freq="2412", only_add_network=True) - check_pasn_akmp_cipher(wpas, hapd, "SAE", "CCMP", nid="1") + check_pasn_akmp_cipher(wpas, hapd, "SAE", "CCMP", nid="1") + finally: + wpas.set("sae_pwe", "0") def pasn_fils_setup(wpas, apdev, params, key_mgmt): check_fils_capa(wpas) @@ -748,23 +771,28 @@ def test_pasn_comeback_after_0_sae(dev, apdev): params['wpa_key_mgmt'] = 'SAE PASN' params['anti_clogging_threshold'] = '0' params['pasn_comeback_after'] = '0' + params['sae_pwe'] = "2" hapd = start_pasn_ap(apdev[0], params) - dev[0].connect("test-pasn-sae", psk="12345678", key_mgmt="SAE", scan_freq="2412", - only_add_network=True) + try: + dev[0].set("sae_pwe", "2") + dev[0].connect("test-pasn-sae", psk="12345678", key_mgmt="SAE", scan_freq="2412", + only_add_network=True) - # first test with a valid PSK - check_pasn_akmp_cipher(dev[0], hapd, "SAE", "CCMP", nid="0") + # first test with a valid PSK + check_pasn_akmp_cipher(dev[0], hapd, "SAE", "CCMP", nid="0") - # And now with PMKSA caching - check_pasn_akmp_cipher(dev[0], hapd, "SAE", "CCMP") + # And now with PMKSA caching + check_pasn_akmp_cipher(dev[0], hapd, "SAE", "CCMP") - # And now with a wrong passphrase - if "FAIL" in dev[0].request("PMKSA_FLUSH"): - raise Exception("PMKSA_FLUSH failed") + # And now with a wrong passphrase + if "FAIL" in dev[0].request("PMKSA_FLUSH"): + raise Exception("PMKSA_FLUSH failed") - dev[0].set_network_quoted(0, "psk", "12345678787") - check_pasn_akmp_cipher(dev[0], hapd, "SAE", "CCMP", status=1, nid="0") + dev[0].set_network_quoted(0, "psk", "12345678787") + check_pasn_akmp_cipher(dev[0], hapd, "SAE", "CCMP", status=1, nid="0") + finally: + dev[0].set("sae_pwe", "0") @remote_compatible def test_pasn_comeback_multi(dev, apdev):