acts_tests/tests/google/wifi/WifiWpa3EnterpriseTest.py - third_party/android.googlesource.com/platform/tools/test/connectivity - Git at Google

 #!/usr/bin/env python3.4
 #
 #   Copyright 2020 - The Android Open Source Project
 #
 #   Licensed under the Apache License, Version 2.0 (the "License");
 #   you may not use this file except in compliance with the License.
 #   You may obtain a copy of the License at
 #
 #       http://www.apache.org/licenses/LICENSE-2.0
 #
 #   Unless required by applicable law or agreed to in writing, software
 #   distributed under the License is distributed on an "AS IS" BASIS,
 #   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 #   See the License for the specific language governing permissions and
 #   limitations under the License.

 from acts import asserts
 from acts.test_decorators import test_tracker_info
 import acts_contrib.test_utils.wifi.wifi_test_utils as wutils
 from acts_contrib.test_utils.wifi.WifiBaseTest import WifiBaseTest

 WifiEnums = wutils.WifiEnums

 EAP = WifiEnums.Eap
 Ent = WifiEnums.Enterprise
 WPA3_SECURITY = "SUITE_B_192"


 class WifiWpa3EnterpriseTest(WifiBaseTest):
   """Tests for WPA3 Enterprise."""

   def setup_class(self):
     super().setup_class()

     self.dut = self.android_devices[0]
     wutils.wifi_test_device_init(self.dut)
     req_params = [
         "ec2_ca_cert", "ec2_client_cert", "ec2_client_key", "rsa3072_ca_cert",
         "rsa3072_client_cert", "rsa3072_client_key", "wpa3_ec2_network",
         "wpa3_rsa3072_network", "rsa2048_client_cert", "rsa2048_client_key",
         "rsa3072_client_cert_expired", "rsa3072_client_cert_corrupted",
         "rsa3072_client_cert_unsigned", "rsa3072_client_key_unsigned",
     ]
     self.unpack_userparams(req_param_names=req_params,)

   def setup_test(self):
     super().setup_test()
     for ad in self.android_devices:
       ad.droid.wakeLockAcquireBright()
       ad.droid.wakeUpNow()
     wutils.wifi_toggle_state(self.dut, True)

   def teardown_test(self):
     super().teardown_test()
     for ad in self.android_devices:
       ad.droid.wakeLockRelease()
       ad.droid.goToSleepNow()
     wutils.reset_wifi(self.dut)

   ### Tests ###

   @test_tracker_info(uuid="404c6165-6e23-4ec1-bc2c-9dfdd5c7dc87")
   def test_connect_to_wpa3_enterprise_ec2(self):
     asserts.skip_if(
         self.dut.build_info["build_id"].startswith("R"),
         "No SL4A support for EC certs in R builds. Skipping this testcase")
     config = {
         Ent.EAP: int(EAP.TLS),
         Ent.CA_CERT: self.ec2_ca_cert,
         WifiEnums.SSID_KEY: self.wpa3_ec2_network[WifiEnums.SSID_KEY],
         Ent.CLIENT_CERT: self.ec2_client_cert,
         Ent.PRIVATE_KEY_ID: self.ec2_client_key,
         WifiEnums.SECURITY: WPA3_SECURITY,
         "identity": self.wpa3_ec2_network["identity"],
         "domain_suffix_match": self.wpa3_ec2_network["domain"],
         "cert_algo": self.wpa3_ec2_network["cert_algo"]
     }
     wutils.connect_to_wifi_network(self.dut, config)

   @test_tracker_info(uuid="b6d22585-f7c1-418d-bd4b-b627af8c228c")
   def test_connect_to_wpa3_enterprise_rsa3072(self):
     config = {
         Ent.EAP: int(EAP.TLS),
         Ent.CA_CERT: self.rsa3072_ca_cert,
         WifiEnums.SSID_KEY: self.wpa3_rsa3072_network[WifiEnums.SSID_KEY],
         Ent.CLIENT_CERT: self.rsa3072_client_cert,
         Ent.PRIVATE_KEY_ID: self.rsa3072_client_key,
         WifiEnums.SECURITY: WPA3_SECURITY,
         "identity": self.wpa3_rsa3072_network["identity"],
         "domain_suffix_match": self.wpa3_rsa3072_network["domain"]
     }
     # Synology AP is slow in sending out IP address after the connection.
     # Increasing the wait time to receive IP address to 60s from 15s.
     wutils.connect_to_wifi_network(self.dut, config, check_connectivity=False)
     wutils.validate_connection(self.dut, wait_time=60)

   @test_tracker_info(uuid="4779c662-1925-4c26-a4d6-3d729393796e")
   def test_connect_to_wpa3_enterprise_insecure_rsa_cert(self):
     config = {
         Ent.EAP: int(EAP.TLS),
         Ent.CA_CERT: self.rsa3072_ca_cert,
         WifiEnums.SSID_KEY: self.wpa3_rsa3072_network[WifiEnums.SSID_KEY],
         Ent.CLIENT_CERT: self.rsa2048_client_cert,
         Ent.PRIVATE_KEY_ID: self.rsa2048_client_key,
         WifiEnums.SECURITY: WPA3_SECURITY,
         "identity": self.wpa3_rsa3072_network["identity"],
         "domain_suffix_match": self.wpa3_rsa3072_network["domain"]
     }
     logcat_msg = "E WifiKeyStore: Invalid certificate type for Suite-B"
     try:
       wutils.connect_to_wifi_network(self.dut, config)
       asserts.fail("WPA3 Ent worked with insecure RSA key. Expected to fail.")
     except:
       logcat_search = self.dut.search_logcat(logcat_msg)
       self.log.info("Logcat search results: %s" % logcat_search)
       asserts.assert_true(logcat_search, "No valid error msg in logcat")

   @test_tracker_info(uuid="897957f3-de25-4f9e-b6fc-9d7798ea1e6f")
   def test_connect_to_wpa3_enterprise_expired_rsa_cert(self):
     config = {
         Ent.EAP: int(EAP.TLS),
         Ent.CA_CERT: self.rsa3072_ca_cert,
         WifiEnums.SSID_KEY: self.wpa3_rsa3072_network[WifiEnums.SSID_KEY],
         Ent.CLIENT_CERT: self.rsa3072_client_cert_expired,
         Ent.PRIVATE_KEY_ID: self.rsa2048_client_key,
         WifiEnums.SECURITY: WPA3_SECURITY,
         "identity": self.wpa3_rsa3072_network["identity"],
         "domain_suffix_match": self.wpa3_rsa3072_network["domain"]
     }
     logcat_msg = "E WifiKeyStore: Invalid certificate type for Suite-B"
     try:
       wutils.connect_to_wifi_network(self.dut, config)
       asserts.fail("WPA3 Ent worked with expired cert. Expected to fail.")
     except:
       logcat_search = self.dut.search_logcat(logcat_msg)
       self.log.info("Logcat search results: %s" % logcat_search)
       asserts.assert_true(logcat_search, "No valid error msg in logcat")

   @test_tracker_info(uuid="f7ab30e2-f2b5-488a-8667-e45920fc24d1")
   def test_connect_to_wpa3_enterprise_corrupted_rsa_cert(self):
     config = {
         Ent.EAP: int(EAP.TLS),
         Ent.CA_CERT: self.rsa3072_ca_cert,
         WifiEnums.SSID_KEY: self.wpa3_rsa3072_network[WifiEnums.SSID_KEY],
         Ent.CLIENT_CERT: self.rsa3072_client_cert_corrupted,
         Ent.PRIVATE_KEY_ID: self.rsa2048_client_key,
         WifiEnums.SECURITY: WPA3_SECURITY,
         "identity": self.wpa3_rsa3072_network["identity"],
         "domain_suffix_match": self.wpa3_rsa3072_network["domain"]
     }
     try:
       wutils.connect_to_wifi_network(self.dut, config)
       asserts.fail("WPA3 Ent worked with corrupted cert. Expected to fail.")
     except:
       asserts.explicit_pass("Connection failed as expected.")

   @test_tracker_info(uuid="f934f388-dc0b-4c78-a493-026b798c15ca")
   def test_connect_to_wpa3_enterprise_unsigned_rsa_cert(self):
     config = {
         Ent.EAP: int(EAP.TLS),
         Ent.CA_CERT: self.rsa3072_ca_cert,
         WifiEnums.SSID_KEY: self.wpa3_rsa3072_network[WifiEnums.SSID_KEY],
         Ent.CLIENT_CERT: self.rsa3072_client_cert_unsigned,
         Ent.PRIVATE_KEY_ID: self.rsa3072_client_key_unsigned,
         WifiEnums.SECURITY: WPA3_SECURITY,
         "identity": self.wpa3_rsa3072_network["identity"],
         "domain_suffix_match": self.wpa3_rsa3072_network["domain"]
     }
     try:
       wutils.connect_to_wifi_network(self.dut, config)
       asserts.fail("WPA3 Ent worked with unsigned cert. Expected to fail.")
     except:
       asserts.explicit_pass("Connection failed as expected.")

   @test_tracker_info(uuid="7082dc90-5eb8-4055-8b48-b555a98a837a")
   def test_connect_to_wpa3_enterprise_wrong_domain_rsa_cert(self):
     config = {
         Ent.EAP: int(EAP.TLS),
         Ent.CA_CERT: self.rsa3072_ca_cert,
         WifiEnums.SSID_KEY: self.wpa3_rsa3072_network[WifiEnums.SSID_KEY],
         Ent.CLIENT_CERT: self.rsa3072_client_cert,
         Ent.PRIVATE_KEY_ID: self.rsa3072_client_key,
         WifiEnums.SECURITY: WPA3_SECURITY,
         "identity": self.wpa3_rsa3072_network["identity"],
         "domain_suffix_match": self.wpa3_rsa3072_network["domain"]+"_wrong"
     }
     try:
       wutils.connect_to_wifi_network(self.dut, config)
       asserts.fail("WPA3 Ent worked with unsigned cert. Expected to fail.")
     except:
       asserts.explicit_pass("Connection failed as expected.")

   @test_tracker_info(uuid="9ad5fd82-f115-42c3-b8e8-520144485ea1")
   def test_network_selection_status_for_wpa3_ent_wrong_domain_rsa_cert(self):
     config = {
         Ent.EAP: int(EAP.TLS),
         Ent.CA_CERT: self.rsa3072_ca_cert,
         WifiEnums.SSID_KEY: self.wpa3_rsa3072_network[WifiEnums.SSID_KEY],
         Ent.CLIENT_CERT: self.rsa3072_client_cert,
         Ent.PRIVATE_KEY_ID: self.rsa2048_client_key,
         WifiEnums.SECURITY: WPA3_SECURITY,
         "identity": self.wpa3_rsa3072_network["identity"],
         "domain_suffix_match": self.wpa3_rsa3072_network["domain"]+"_wrong"
     }
     try:
       wutils.connect_to_wifi_network(self.dut, config)
       asserts.fail("WPA3 Ent worked with corrupted cert. Expected to fail.")
     except:
       asserts.assert_true(
           self.dut.droid.wifiIsNetworkTemporaryDisabledForNetwork(config),
           "WiFi network is not temporary disabled.")
       asserts.explicit_pass(
           "Connection failed with correct network selection status.")
	#!/usr/bin/env python3.4
	#
	# Copyright 2020 - The Android Open Source Project
	#
	# Licensed under the Apache License, Version 2.0 (the "License");
	# you may not use this file except in compliance with the License.
	# You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.

	from acts import asserts
	from acts.test_decorators import test_tracker_info
	import acts_contrib.test_utils.wifi.wifi_test_utils as wutils
	from acts_contrib.test_utils.wifi.WifiBaseTest import WifiBaseTest

	WifiEnums = wutils.WifiEnums

	EAP = WifiEnums.Eap
	Ent = WifiEnums.Enterprise
	WPA3_SECURITY = "SUITE_B_192"


	class WifiWpa3EnterpriseTest(WifiBaseTest):
	"""Tests for WPA3 Enterprise."""

	def setup_class(self):
	super().setup_class()

	self.dut = self.android_devices[0]
	wutils.wifi_test_device_init(self.dut)
	req_params = [
	"ec2_ca_cert", "ec2_client_cert", "ec2_client_key", "rsa3072_ca_cert",
	"rsa3072_client_cert", "rsa3072_client_key", "wpa3_ec2_network",
	"wpa3_rsa3072_network", "rsa2048_client_cert", "rsa2048_client_key",
	"rsa3072_client_cert_expired", "rsa3072_client_cert_corrupted",
	"rsa3072_client_cert_unsigned", "rsa3072_client_key_unsigned",
	]
	self.unpack_userparams(req_param_names=req_params,)

	def setup_test(self):
	super().setup_test()
	for ad in self.android_devices:
	ad.droid.wakeLockAcquireBright()
	ad.droid.wakeUpNow()
	wutils.wifi_toggle_state(self.dut, True)

	def teardown_test(self):
	super().teardown_test()
	for ad in self.android_devices:
	ad.droid.wakeLockRelease()
	ad.droid.goToSleepNow()
	wutils.reset_wifi(self.dut)

	### Tests ###

	@test_tracker_info(uuid="404c6165-6e23-4ec1-bc2c-9dfdd5c7dc87")
	def test_connect_to_wpa3_enterprise_ec2(self):
	asserts.skip_if(
	self.dut.build_info["build_id"].startswith("R"),
	"No SL4A support for EC certs in R builds. Skipping this testcase")
	config = {
	Ent.EAP: int(EAP.TLS),
	Ent.CA_CERT: self.ec2_ca_cert,
	WifiEnums.SSID_KEY: self.wpa3_ec2_network[WifiEnums.SSID_KEY],
	Ent.CLIENT_CERT: self.ec2_client_cert,
	Ent.PRIVATE_KEY_ID: self.ec2_client_key,
	WifiEnums.SECURITY: WPA3_SECURITY,
	"identity": self.wpa3_ec2_network["identity"],
	"domain_suffix_match": self.wpa3_ec2_network["domain"],
	"cert_algo": self.wpa3_ec2_network["cert_algo"]
	}
	wutils.connect_to_wifi_network(self.dut, config)

	@test_tracker_info(uuid="b6d22585-f7c1-418d-bd4b-b627af8c228c")
	def test_connect_to_wpa3_enterprise_rsa3072(self):
	config = {
	Ent.EAP: int(EAP.TLS),
	Ent.CA_CERT: self.rsa3072_ca_cert,
	WifiEnums.SSID_KEY: self.wpa3_rsa3072_network[WifiEnums.SSID_KEY],
	Ent.CLIENT_CERT: self.rsa3072_client_cert,
	Ent.PRIVATE_KEY_ID: self.rsa3072_client_key,
	WifiEnums.SECURITY: WPA3_SECURITY,
	"identity": self.wpa3_rsa3072_network["identity"],
	"domain_suffix_match": self.wpa3_rsa3072_network["domain"]
	}
	# Synology AP is slow in sending out IP address after the connection.
	# Increasing the wait time to receive IP address to 60s from 15s.
	wutils.connect_to_wifi_network(self.dut, config, check_connectivity=False)
	wutils.validate_connection(self.dut, wait_time=60)

	@test_tracker_info(uuid="4779c662-1925-4c26-a4d6-3d729393796e")
	def test_connect_to_wpa3_enterprise_insecure_rsa_cert(self):
	config = {
	Ent.EAP: int(EAP.TLS),
	Ent.CA_CERT: self.rsa3072_ca_cert,
	WifiEnums.SSID_KEY: self.wpa3_rsa3072_network[WifiEnums.SSID_KEY],
	Ent.CLIENT_CERT: self.rsa2048_client_cert,
	Ent.PRIVATE_KEY_ID: self.rsa2048_client_key,
	WifiEnums.SECURITY: WPA3_SECURITY,
	"identity": self.wpa3_rsa3072_network["identity"],
	"domain_suffix_match": self.wpa3_rsa3072_network["domain"]
	}
	logcat_msg = "E WifiKeyStore: Invalid certificate type for Suite-B"
	try:
	wutils.connect_to_wifi_network(self.dut, config)
	asserts.fail("WPA3 Ent worked with insecure RSA key. Expected to fail.")
	except:
	logcat_search = self.dut.search_logcat(logcat_msg)
	self.log.info("Logcat search results: %s" % logcat_search)
	asserts.assert_true(logcat_search, "No valid error msg in logcat")

	@test_tracker_info(uuid="897957f3-de25-4f9e-b6fc-9d7798ea1e6f")
	def test_connect_to_wpa3_enterprise_expired_rsa_cert(self):
	config = {
	Ent.EAP: int(EAP.TLS),
	Ent.CA_CERT: self.rsa3072_ca_cert,
	WifiEnums.SSID_KEY: self.wpa3_rsa3072_network[WifiEnums.SSID_KEY],
	Ent.CLIENT_CERT: self.rsa3072_client_cert_expired,
	Ent.PRIVATE_KEY_ID: self.rsa2048_client_key,
	WifiEnums.SECURITY: WPA3_SECURITY,
	"identity": self.wpa3_rsa3072_network["identity"],
	"domain_suffix_match": self.wpa3_rsa3072_network["domain"]
	}
	logcat_msg = "E WifiKeyStore: Invalid certificate type for Suite-B"
	try:
	wutils.connect_to_wifi_network(self.dut, config)
	asserts.fail("WPA3 Ent worked with expired cert. Expected to fail.")
	except:
	logcat_search = self.dut.search_logcat(logcat_msg)
	self.log.info("Logcat search results: %s" % logcat_search)
	asserts.assert_true(logcat_search, "No valid error msg in logcat")

	@test_tracker_info(uuid="f7ab30e2-f2b5-488a-8667-e45920fc24d1")
	def test_connect_to_wpa3_enterprise_corrupted_rsa_cert(self):
	config = {
	Ent.EAP: int(EAP.TLS),
	Ent.CA_CERT: self.rsa3072_ca_cert,
	WifiEnums.SSID_KEY: self.wpa3_rsa3072_network[WifiEnums.SSID_KEY],
	Ent.CLIENT_CERT: self.rsa3072_client_cert_corrupted,
	Ent.PRIVATE_KEY_ID: self.rsa2048_client_key,
	WifiEnums.SECURITY: WPA3_SECURITY,
	"identity": self.wpa3_rsa3072_network["identity"],
	"domain_suffix_match": self.wpa3_rsa3072_network["domain"]
	}
	try:
	wutils.connect_to_wifi_network(self.dut, config)
	asserts.fail("WPA3 Ent worked with corrupted cert. Expected to fail.")
	except:
	asserts.explicit_pass("Connection failed as expected.")

	@test_tracker_info(uuid="f934f388-dc0b-4c78-a493-026b798c15ca")
	def test_connect_to_wpa3_enterprise_unsigned_rsa_cert(self):
	config = {
	Ent.EAP: int(EAP.TLS),
	Ent.CA_CERT: self.rsa3072_ca_cert,
	WifiEnums.SSID_KEY: self.wpa3_rsa3072_network[WifiEnums.SSID_KEY],
	Ent.CLIENT_CERT: self.rsa3072_client_cert_unsigned,
	Ent.PRIVATE_KEY_ID: self.rsa3072_client_key_unsigned,
	WifiEnums.SECURITY: WPA3_SECURITY,
	"identity": self.wpa3_rsa3072_network["identity"],
	"domain_suffix_match": self.wpa3_rsa3072_network["domain"]
	}
	try:
	wutils.connect_to_wifi_network(self.dut, config)
	asserts.fail("WPA3 Ent worked with unsigned cert. Expected to fail.")
	except:
	asserts.explicit_pass("Connection failed as expected.")

	@test_tracker_info(uuid="7082dc90-5eb8-4055-8b48-b555a98a837a")
	def test_connect_to_wpa3_enterprise_wrong_domain_rsa_cert(self):
	config = {
	Ent.EAP: int(EAP.TLS),
	Ent.CA_CERT: self.rsa3072_ca_cert,
	WifiEnums.SSID_KEY: self.wpa3_rsa3072_network[WifiEnums.SSID_KEY],
	Ent.CLIENT_CERT: self.rsa3072_client_cert,
	Ent.PRIVATE_KEY_ID: self.rsa3072_client_key,
	WifiEnums.SECURITY: WPA3_SECURITY,
	"identity": self.wpa3_rsa3072_network["identity"],
	"domain_suffix_match": self.wpa3_rsa3072_network["domain"]+"_wrong"
	}
	try:
	wutils.connect_to_wifi_network(self.dut, config)
	asserts.fail("WPA3 Ent worked with unsigned cert. Expected to fail.")
	except:
	asserts.explicit_pass("Connection failed as expected.")

	@test_tracker_info(uuid="9ad5fd82-f115-42c3-b8e8-520144485ea1")
	def test_network_selection_status_for_wpa3_ent_wrong_domain_rsa_cert(self):
	config = {
	Ent.EAP: int(EAP.TLS),
	Ent.CA_CERT: self.rsa3072_ca_cert,
	WifiEnums.SSID_KEY: self.wpa3_rsa3072_network[WifiEnums.SSID_KEY],
	Ent.CLIENT_CERT: self.rsa3072_client_cert,
	Ent.PRIVATE_KEY_ID: self.rsa2048_client_key,
	WifiEnums.SECURITY: WPA3_SECURITY,
	"identity": self.wpa3_rsa3072_network["identity"],
	"domain_suffix_match": self.wpa3_rsa3072_network["domain"]+"_wrong"
	}
	try:
	wutils.connect_to_wifi_network(self.dut, config)
	asserts.fail("WPA3 Ent worked with corrupted cert. Expected to fail.")
	except:
	asserts.assert_true(
	self.dut.droid.wifiIsNetworkTemporaryDisabledForNetwork(config),
	"WiFi network is not temporary disabled.")
	asserts.explicit_pass(
	"Connection failed with correct network selection status.")