| #!/usr/bin/env python3 |
| # |
| # Copyright 2022 The Fuchsia Authors |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| |
| from mobly import asserts, test_runner |
| from mobly.records import TestResultRecord |
| |
| from antlion import utils |
| from antlion.controllers.access_point import setup_ap |
| from antlion.controllers.ap_lib.hostapd_constants import ( |
| AP_DEFAULT_CHANNEL_5G, |
| AP_SSID_LENGTH_5G, |
| ) |
| from antlion.controllers.ap_lib.hostapd_security import Security, SecurityMode |
| from antlion.test_utils.abstract_devices.wlan_device import create_wlan_device |
| from antlion.test_utils.wifi import base_test |
| |
| |
| # TODO(fxb/68956): Add security protocol check to mixed mode tests when info is |
| # available. |
| class WlanTargetSecurityTest(base_test.WifiBaseTest): |
| """Tests Fuchsia's target security concept and security upgrading |
| |
| Testbed Requirements: |
| * One Fuchsia device |
| * One Whirlwind Access Point |
| """ |
| |
| def setup_class(self): |
| super().setup_class() |
| |
| if "dut" in self.user_params and self.user_params["dut"] != "fuchsia_devices": |
| raise AttributeError( |
| "WlanTargetSecurityTest is only relevant for Fuchsia devices." |
| ) |
| |
| self.fuchsia_device = self.fuchsia_devices[0] |
| if self.fuchsia_device.association_mechanism != "policy": |
| raise AttributeError("Must use WLAN policy layer to test target security.") |
| |
| self.dut = create_wlan_device(self.fuchsia_device) |
| self.access_point = self.access_points[0] |
| |
| def teardown_class(self): |
| self.dut.disconnect() |
| self.access_point.stop_all_aps() |
| super().teardown_class() |
| |
| def teardown_test(self): |
| self.dut.disconnect() |
| self.download_ap_logs() |
| self.access_point.stop_all_aps() |
| super().teardown_test() |
| |
| def on_fail(self, record: TestResultRecord): |
| self.dut.disconnect() |
| self.access_point.stop_all_aps() |
| super().on_fail(record) |
| |
| def setup_ap(self, security_mode: SecurityMode = SecurityMode.OPEN): |
| """Sets up an AP using the provided security mode. |
| |
| Args: |
| security_mode: string, security mode for AP |
| Returns: |
| Tuple, (ssid, password). Returns a password even if for open |
| security, since non-open target securities require a credential |
| to attempt a connection. |
| """ |
| ssid = utils.rand_ascii_str(AP_SSID_LENGTH_5G) |
| # Length 13, so it can be used for WEP or WPA |
| password = utils.rand_ascii_str(13) |
| security_profile = Security(security_mode=security_mode, password=password) |
| |
| setup_ap( |
| access_point=self.access_point, |
| profile_name="whirlwind", |
| channel=AP_DEFAULT_CHANNEL_5G, |
| ssid=ssid, |
| security=security_profile, |
| ) |
| |
| return (ssid, password) |
| |
| # Open Security on AP |
| def test_associate_open_ap_with_open_target_security(self): |
| ssid, _ = self.setup_ap() |
| asserts.assert_true(self.dut.associate(ssid), "Failed to associate.") |
| |
| def test_reject_open_ap_with_wep_target_security(self): |
| ssid, password = self.setup_ap() |
| asserts.assert_false( |
| self.dut.associate( |
| ssid, target_security=SecurityMode.WEP, target_pwd=password |
| ), |
| "Should not have associated.", |
| ) |
| |
| def test_reject_open_ap_with_wpa_target_security(self): |
| ssid, password = self.setup_ap() |
| asserts.assert_false( |
| self.dut.associate( |
| ssid, target_security=SecurityMode.WPA, target_pwd=password |
| ), |
| "Should not have associated.", |
| ) |
| |
| def test_reject_open_ap_with_wpa2_target_security(self): |
| ssid, password = self.setup_ap() |
| asserts.assert_false( |
| self.dut.associate( |
| ssid, target_security=SecurityMode.WPA2, target_pwd=password |
| ), |
| "Should not have associated.", |
| ) |
| |
| def test_reject_open_ap_with_wpa3_target_security(self): |
| ssid, password = self.setup_ap() |
| asserts.assert_false( |
| self.dut.associate( |
| ssid, target_security=SecurityMode.WPA3, target_pwd=password |
| ), |
| "Should not have associated.", |
| ) |
| |
| # WEP Security on AP |
| def test_reject_wep_ap_with_open_target_security(self): |
| ssid, _ = self.setup_ap(SecurityMode.WEP) |
| asserts.assert_false(self.dut.associate(ssid), "Should not have associated.") |
| |
| def test_associate_wep_ap_with_wep_target_security(self): |
| ssid, password = self.setup_ap(SecurityMode.WEP) |
| asserts.assert_true( |
| self.dut.associate( |
| ssid, target_security=SecurityMode.WEP, target_pwd=password |
| ), |
| "Failed to associate.", |
| ) |
| |
| def test_reject_wep_ap_with_wpa_target_security(self): |
| ssid, password = self.setup_ap(SecurityMode.WEP) |
| asserts.assert_false( |
| self.dut.associate( |
| ssid, target_security=SecurityMode.WPA, target_pwd=password |
| ), |
| "Should not have associated.", |
| ) |
| |
| def test_reject_wep_ap_with_wpa2_target_security(self): |
| ssid, password = self.setup_ap(SecurityMode.WEP) |
| asserts.assert_false( |
| self.dut.associate( |
| ssid, target_security=SecurityMode.WPA2, target_pwd=password |
| ), |
| "Should not have associated.", |
| ) |
| |
| def test_reject_wep_ap_with_wpa3_target_security(self): |
| ssid, password = self.setup_ap(SecurityMode.WEP) |
| asserts.assert_false( |
| self.dut.associate( |
| ssid, target_security=SecurityMode.WPA3, target_pwd=password |
| ), |
| "Should not have associated.", |
| ) |
| |
| # WPA Security on AP |
| def test_reject_wpa_ap_with_open_target_security(self): |
| ssid, _ = self.setup_ap(SecurityMode.WPA) |
| asserts.assert_false(self.dut.associate(ssid), "Should not have associated.") |
| |
| def test_reject_wpa_ap_with_wep_target_security(self): |
| ssid, password = self.setup_ap(SecurityMode.WPA) |
| asserts.assert_false( |
| self.dut.associate( |
| ssid, target_security=SecurityMode.WEP, target_pwd=password |
| ), |
| "Should not have associated.", |
| ) |
| |
| def test_associate_wpa_ap_with_wpa_target_security(self): |
| ssid, password = self.setup_ap(SecurityMode.WPA) |
| asserts.assert_true( |
| self.dut.associate( |
| ssid, target_security=SecurityMode.WPA, target_pwd=password |
| ), |
| "Failed to associate.", |
| ) |
| |
| def test_reject_wpa_ap_with_wpa2_target_security(self): |
| ssid, password = self.setup_ap(SecurityMode.WPA) |
| asserts.assert_false( |
| self.dut.associate( |
| ssid, target_security=SecurityMode.WPA2, target_pwd=password |
| ), |
| "Should not have associated.", |
| ) |
| |
| def test_reject_wpa_ap_with_wpa3_target_security(self): |
| ssid, password = self.setup_ap(SecurityMode.WPA) |
| asserts.assert_false( |
| self.dut.associate( |
| ssid, target_security=SecurityMode.WPA3, target_pwd=password |
| ), |
| "Should not have associated.", |
| ) |
| |
| # WPA2 Security on AP |
| def test_reject_wpa2_ap_with_open_target_security(self): |
| ssid, _ = self.setup_ap(SecurityMode.WPA2) |
| asserts.assert_false(self.dut.associate(ssid), "Should not have associated.") |
| |
| def test_reject_wpa2_ap_with_wep_target_security(self): |
| ssid, password = self.setup_ap(SecurityMode.WPA2) |
| asserts.assert_false( |
| self.dut.associate( |
| ssid, target_security=SecurityMode.WEP, target_pwd=password |
| ), |
| "Should not have associated.", |
| ) |
| |
| def test_associate_wpa2_ap_with_wpa_target_security(self): |
| ssid, password = self.setup_ap(SecurityMode.WPA2) |
| asserts.assert_true( |
| self.dut.associate( |
| ssid, target_security=SecurityMode.WPA, target_pwd=password |
| ), |
| "Failed to associate.", |
| ) |
| |
| def test_associate_wpa2_ap_with_wpa2_target_security(self): |
| ssid, password = self.setup_ap(SecurityMode.WPA2) |
| asserts.assert_true( |
| self.dut.associate( |
| ssid, target_security=SecurityMode.WPA2, target_pwd=password |
| ), |
| "Failed to associate.", |
| ) |
| |
| def test_reject_wpa2_ap_with_wpa3_target_security(self): |
| ssid, password = self.setup_ap(SecurityMode.WPA2) |
| asserts.assert_false( |
| self.dut.associate( |
| ssid, target_security=SecurityMode.WPA3, target_pwd=password |
| ), |
| "Should not have associated.", |
| ) |
| |
| # WPA/WPA2 Security on AP |
| def test_reject_wpa_wpa2_ap_with_open_target_security(self): |
| ssid, _ = self.setup_ap(SecurityMode.WPA_WPA2) |
| asserts.assert_false(self.dut.associate(ssid), "Should not have associated.") |
| |
| def test_reject_wpa_wpa2_ap_with_wep_target_security(self): |
| ssid, password = self.setup_ap(SecurityMode.WPA_WPA2) |
| asserts.assert_false( |
| self.dut.associate( |
| ssid, target_security=SecurityMode.WEP, target_pwd=password |
| ), |
| "Should not have associated.", |
| ) |
| |
| def test_associate_wpa_wpa2_ap_with_wpa_target_security(self): |
| ssid, password = self.setup_ap(SecurityMode.WPA_WPA2) |
| asserts.assert_true( |
| self.dut.associate( |
| ssid, target_security=SecurityMode.WPA, target_pwd=password |
| ), |
| "Failed to associate.", |
| ) |
| |
| def test_associate_wpa_wpa2_ap_with_wpa2_target_security(self): |
| ssid, password = self.setup_ap(SecurityMode.WPA_WPA2) |
| asserts.assert_true( |
| self.dut.associate( |
| ssid, target_security=SecurityMode.WPA2, target_pwd=password |
| ), |
| "Failed to associate.", |
| ) |
| |
| def test_reject_wpa_wpa2_ap_with_wpa3_target_security(self): |
| ssid, password = self.setup_ap(SecurityMode.WPA_WPA2) |
| asserts.assert_false( |
| self.dut.associate( |
| ssid, target_security=SecurityMode.WPA3, target_pwd=password |
| ), |
| "Should not have associated.", |
| ) |
| |
| # WPA3 Security on AP |
| def test_reject_wpa3_ap_with_open_target_security(self): |
| ssid, _ = self.setup_ap(SecurityMode.WPA3) |
| asserts.assert_false(self.dut.associate(ssid), "Should not have associated.") |
| |
| def test_reject_wpa3_ap_with_wep_target_security(self): |
| ssid, password = self.setup_ap(SecurityMode.WPA3) |
| asserts.assert_false( |
| self.dut.associate( |
| ssid, target_security=SecurityMode.WEP, target_pwd=password |
| ), |
| "Should not have associated.", |
| ) |
| |
| def test_associate_wpa3_ap_with_wpa_target_security(self): |
| ssid, password = self.setup_ap(SecurityMode.WPA3) |
| asserts.assert_false( |
| self.dut.associate( |
| ssid, target_security=SecurityMode.WPA, target_pwd=password |
| ), |
| "Expected failure to associate. WPA credentials for WPA3 was " |
| "temporarily disabled, see https://fxbug.dev/85817 for context. " |
| "If this feature was reenabled, please update this test's " |
| "expectation.", |
| ) |
| |
| def test_associate_wpa3_ap_with_wpa2_target_security(self): |
| ssid, password = self.setup_ap(SecurityMode.WPA3) |
| asserts.assert_true( |
| self.dut.associate( |
| ssid, target_security=SecurityMode.WPA2, target_pwd=password |
| ), |
| "Failed to associate.", |
| ) |
| |
| def test_associate_wpa3_ap_with_wpa3_target_security(self): |
| ssid, password = self.setup_ap(SecurityMode.WPA3) |
| asserts.assert_true( |
| self.dut.associate( |
| ssid, target_security=SecurityMode.WPA3, target_pwd=password |
| ), |
| "Failed to associate.", |
| ) |
| |
| # WPA2/WPA3 Security on AP |
| def test_reject_wpa2_wpa3_ap_with_open_target_security(self): |
| ssid, _ = self.setup_ap(SecurityMode.WPA2_WPA3) |
| asserts.assert_false(self.dut.associate(ssid), "Should not have associated.") |
| |
| def test_reject_wpa2_wpa3_ap_with_wep_target_security(self): |
| ssid, password = self.setup_ap(SecurityMode.WPA2_WPA3) |
| asserts.assert_false( |
| self.dut.associate( |
| ssid, target_security=SecurityMode.WEP, target_pwd=password |
| ), |
| "Should not have associated.", |
| ) |
| |
| def test_associate_wpa2_wpa3_ap_with_wpa_target_security(self): |
| ssid, password = self.setup_ap(SecurityMode.WPA2_WPA3) |
| asserts.assert_false( |
| self.dut.associate( |
| ssid, target_security=SecurityMode.WPA, target_pwd=password |
| ), |
| "Expected failure to associate. WPA credentials for WPA3 was " |
| "temporarily disabled, see https://fxbug.dev/85817 for context. " |
| "If this feature was reenabled, please update this test's " |
| "expectation.", |
| ) |
| |
| def test_associate_wpa2_wpa3_ap_with_wpa2_target_security(self): |
| ssid, password = self.setup_ap(SecurityMode.WPA2_WPA3) |
| asserts.assert_true( |
| self.dut.associate( |
| ssid, target_security=SecurityMode.WPA2, target_pwd=password |
| ), |
| "Failed to associate.", |
| ) |
| |
| def test_associate_wpa2_wpa3_ap_with_wpa3_target_security(self): |
| ssid, password = self.setup_ap(SecurityMode.WPA2_WPA3) |
| asserts.assert_true( |
| self.dut.associate( |
| ssid, target_security=SecurityMode.WPA3, target_pwd=password |
| ), |
| "Failed to associate.", |
| ) |
| |
| |
| if __name__ == "__main__": |
| test_runner.main() |