1#!/usr/bin/env python3 2# 3# Copyright 2021 - The Android Open Source Project 4# 5# Licensed under the Apache License, Version 2.0 (the "License"); 6# you may not use this file except in compliance with the License. 7# You may obtain a copy of the License at 8# 9# http://www.apache.org/licenses/LICENSE-2.0 10# 11# Unless required by applicable law or agreed to in writing, software 12# distributed under the License is distributed on an "AS IS" BASIS, 13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14# See the License for the specific language governing permissions and 15# limitations under the License. 16 17from acts import asserts 18from acts import utils 19from acts.base_test import BaseTestClass 20from acts.controllers.access_point import setup_ap 21from acts.controllers.ap_lib import hostapd_constants 22from acts.controllers.ap_lib.hostapd_security import Security 23from acts_contrib.test_utils.abstract_devices.wlan_device import create_wlan_device 24 25 26# TODO(fxb/68956): Add security protocol check to mixed mode tests when info is 27# available. 28class WlanTargetSecurityTest(BaseTestClass): 29 """Tests Fuchsia's target security concept and security upgrading 30 31 Testbed Requirements: 32 * One Fuchsia device 33 * One Whirlwind Access Point 34 """ 35 def setup_class(self): 36 if 'dut' in self.user_params and self.user_params[ 37 'dut'] != 'fuchsia_devices': 38 raise AttributeError( 39 'WlanTargetSecurityTest is only relevant for Fuchsia devices.') 40 41 self.dut = create_wlan_device(self.fuchsia_devices[0]) 42 if self.dut.device.association_mechanism != 'policy': 43 raise AttributeError( 44 'Must use WLAN policy layer to test target security.') 45 46 self.access_point = self.access_points[0] 47 48 def teardown_class(self): 49 self.dut.disconnect() 50 self.access_point.stop_all_aps() 51 52 def setup_test(self): 53 self.dut.disconnect() 54 self.access_point.stop_all_aps() 55 56 def on_fail(self, test_name, begin_time): 57 super().on_fail(test_name, begin_time) 58 self.access_point.stop_all_aps() 59 60 def on_exception(self, test_name, begin_time): 61 super().on_exception(test_name, begin_time) 62 self.dut.disconnect() 63 self.access_point.stop_all_aps() 64 65 def setup_ap(self, security_mode=None): 66 """ Sets up an AP using the provided security mode. 67 68 Args: 69 security_mode: string, security mode for AP 70 Returns: 71 Tuple, (ssid, password). Returns a password even if for open 72 security, since non-open target securities require a credential 73 to attempt a connection. 74 """ 75 ssid = utils.rand_ascii_str(hostapd_constants.AP_SSID_LENGTH_5G) 76 # Length 13, so it can be used for WEP or WPA 77 password = utils.rand_ascii_str(13) 78 security_profile = None 79 80 if security_mode: 81 security_profile = Security(security_mode=security_mode, 82 password=password) 83 84 setup_ap(access_point=self.access_point, 85 profile_name='whirlwind', 86 channel=hostapd_constants.AP_DEFAULT_CHANNEL_5G, 87 ssid=ssid, 88 security=security_profile) 89 90 return (ssid, password) 91 92 # Open Security on AP 93 def test_associate_open_ap_with_open_target_security(self): 94 ssid, _ = self.setup_ap() 95 asserts.assert_true(self.dut.associate(ssid), 'Failed to associate.') 96 97 def test_reject_open_ap_with_wep_target_security(self): 98 ssid, password = self.setup_ap() 99 asserts.assert_false( 100 self.dut.associate(ssid, 101 target_security=hostapd_constants.WEP_STRING, 102 target_pwd=password), 103 'Should not have associated.') 104 105 def test_reject_open_ap_with_wpa_target_security(self): 106 ssid, password = self.setup_ap() 107 asserts.assert_false( 108 self.dut.associate(ssid, 109 target_security=hostapd_constants.WPA_STRING, 110 target_pwd=password), 111 'Should not have associated.') 112 113 def test_reject_open_ap_with_wpa2_target_security(self): 114 ssid, password = self.setup_ap() 115 asserts.assert_false( 116 self.dut.associate(ssid, 117 target_security=hostapd_constants.WPA2_STRING, 118 target_pwd=password), 119 'Should not have associated.') 120 121 def test_reject_open_ap_with_wpa3_target_security(self): 122 ssid, password = self.setup_ap() 123 asserts.assert_false( 124 self.dut.associate(ssid, 125 target_security=hostapd_constants.WPA3_STRING, 126 target_pwd=password), 127 'Should not have associated.') 128 129 # WEP Security on AP 130 def test_reject_wep_ap_with_open_target_security(self): 131 ssid, _ = self.setup_ap(hostapd_constants.WEP_STRING) 132 asserts.assert_false(self.dut.associate(ssid), 133 'Should not have associated.') 134 135 def test_associate_wep_ap_with_wep_target_security(self): 136 ssid, password = self.setup_ap(hostapd_constants.WEP_STRING) 137 asserts.assert_true( 138 self.dut.associate(ssid, 139 target_security=hostapd_constants.WEP_STRING, 140 target_pwd=password), 'Failed to associate.') 141 142 def test_reject_wep_ap_with_wpa_target_security(self): 143 ssid, password = self.setup_ap(hostapd_constants.WEP_STRING) 144 asserts.assert_false( 145 self.dut.associate(ssid, 146 target_security=hostapd_constants.WPA_STRING, 147 target_pwd=password), 148 'Should not have associated.') 149 150 def test_reject_wep_ap_with_wpa2_target_security(self): 151 ssid, password = self.setup_ap(hostapd_constants.WEP_STRING) 152 asserts.assert_false( 153 self.dut.associate(ssid, 154 target_security=hostapd_constants.WPA2_STRING, 155 target_pwd=password), 156 'Should not have associated.') 157 158 def test_reject_wep_ap_with_wpa3_target_security(self): 159 ssid, password = self.setup_ap(hostapd_constants.WEP_STRING) 160 asserts.assert_false( 161 self.dut.associate(ssid, 162 target_security=hostapd_constants.WPA3_STRING, 163 target_pwd=password), 164 'Should not have associated.') 165 166 # WPA Security on AP 167 def test_reject_wpa_ap_with_open_target_security(self): 168 ssid, _ = self.setup_ap(hostapd_constants.WPA_STRING) 169 asserts.assert_false(self.dut.associate(ssid), 170 'Should not have associated.') 171 172 def test_reject_wpa_ap_with_wep_target_security(self): 173 ssid, password = self.setup_ap(hostapd_constants.WPA_STRING) 174 asserts.assert_false( 175 self.dut.associate(ssid, 176 target_security=hostapd_constants.WEP_STRING, 177 target_pwd=password), 178 'Should not have associated.') 179 180 def test_associate_wpa_ap_with_wpa_target_security(self): 181 ssid, password = self.setup_ap(hostapd_constants.WPA_STRING) 182 asserts.assert_true( 183 self.dut.associate(ssid, 184 target_security=hostapd_constants.WPA_STRING, 185 target_pwd=password), 'Failed to associate.') 186 187 def test_reject_wpa_ap_with_wpa2_target_security(self): 188 ssid, password = self.setup_ap(hostapd_constants.WPA_STRING) 189 asserts.assert_false( 190 self.dut.associate(ssid, 191 target_security=hostapd_constants.WPA2_STRING, 192 target_pwd=password), 193 'Should not have associated.') 194 195 def test_reject_wpa_ap_with_wpa3_target_security(self): 196 ssid, password = self.setup_ap(hostapd_constants.WPA_STRING) 197 asserts.assert_false( 198 self.dut.associate(ssid, 199 target_security=hostapd_constants.WPA3_STRING, 200 target_pwd=password), 201 'Should not have associated.') 202 203 # WPA2 Security on AP 204 def test_reject_wpa2_ap_with_open_target_security(self): 205 ssid, _ = self.setup_ap(hostapd_constants.WPA2_STRING) 206 asserts.assert_false(self.dut.associate(ssid), 207 'Should not have associated.') 208 209 def test_reject_wpa2_ap_with_wep_target_security(self): 210 ssid, password = self.setup_ap(hostapd_constants.WPA2_STRING) 211 asserts.assert_false( 212 self.dut.associate(ssid, 213 target_security=hostapd_constants.WEP_STRING, 214 target_pwd=password), 215 'Should not have associated.') 216 217 def test_associate_wpa2_ap_with_wpa_target_security(self): 218 ssid, password = self.setup_ap(hostapd_constants.WPA2_STRING) 219 asserts.assert_true( 220 self.dut.associate(ssid, 221 target_security=hostapd_constants.WPA_STRING, 222 target_pwd=password), 'Failed to associate.') 223 224 def test_associate_wpa2_ap_with_wpa2_target_security(self): 225 ssid, password = self.setup_ap(hostapd_constants.WPA2_STRING) 226 asserts.assert_true( 227 self.dut.associate(ssid, 228 target_security=hostapd_constants.WPA2_STRING, 229 target_pwd=password), 'Failed to associate.') 230 231 def test_reject_wpa2_ap_with_wpa3_target_security(self): 232 ssid, password = self.setup_ap(hostapd_constants.WPA2_STRING) 233 asserts.assert_false( 234 self.dut.associate(ssid, 235 target_security=hostapd_constants.WPA3_STRING, 236 target_pwd=password), 237 'Should not have associated.') 238 239 # WPA/WPA2 Security on AP 240 def test_reject_wpa_wpa2_ap_with_open_target_security(self): 241 ssid, _ = self.setup_ap(hostapd_constants.WPA_MIXED_STRING) 242 asserts.assert_false(self.dut.associate(ssid), 243 'Should not have associated.') 244 245 def test_reject_wpa_wpa2_ap_with_wep_target_security(self): 246 ssid, password = self.setup_ap(hostapd_constants.WPA_MIXED_STRING) 247 asserts.assert_false( 248 self.dut.associate(ssid, 249 target_security=hostapd_constants.WEP_STRING, 250 target_pwd=password), 251 'Should not have associated.') 252 253 def test_associate_wpa_wpa2_ap_with_wpa_target_security(self): 254 ssid, password = self.setup_ap(hostapd_constants.WPA_MIXED_STRING) 255 asserts.assert_true( 256 self.dut.associate(ssid, 257 target_security=hostapd_constants.WPA_STRING, 258 target_pwd=password), 'Failed to associate.') 259 260 def test_associate_wpa_wpa2_ap_with_wpa2_target_security(self): 261 ssid, password = self.setup_ap(hostapd_constants.WPA_MIXED_STRING) 262 asserts.assert_true( 263 self.dut.associate(ssid, 264 target_security=hostapd_constants.WPA2_STRING, 265 target_pwd=password), 'Failed to associate.') 266 267 def test_reject_wpa_wpa2_ap_with_wpa3_target_security(self): 268 ssid, password = self.setup_ap(hostapd_constants.WPA_MIXED_STRING) 269 asserts.assert_false( 270 self.dut.associate(ssid, 271 target_security=hostapd_constants.WPA3_STRING, 272 target_pwd=password), 273 'Should not have associated.') 274 275 # WPA3 Security on AP 276 def test_reject_wpa3_ap_with_open_target_security(self): 277 ssid, _ = self.setup_ap(hostapd_constants.WPA3_STRING) 278 asserts.assert_false(self.dut.associate(ssid), 279 'Should not have associated.') 280 281 def test_reject_wpa3_ap_with_wep_target_security(self): 282 ssid, password = self.setup_ap(hostapd_constants.WPA3_STRING) 283 asserts.assert_false( 284 self.dut.associate(ssid, 285 target_security=hostapd_constants.WEP_STRING, 286 target_pwd=password), 287 'Should not have associated.') 288 289 def test_associate_wpa3_ap_with_wpa_target_security(self): 290 ssid, password = self.setup_ap(hostapd_constants.WPA3_STRING) 291 asserts.assert_true( 292 self.dut.associate(ssid, 293 target_security=hostapd_constants.WPA_STRING, 294 target_pwd=password), 'Failed to associate.') 295 296 def test_associate_wpa3_ap_with_wpa2_target_security(self): 297 ssid, password = self.setup_ap(hostapd_constants.WPA3_STRING) 298 asserts.assert_true( 299 self.dut.associate(ssid, 300 target_security=hostapd_constants.WPA2_STRING, 301 target_pwd=password), 'Failed to associate.') 302 303 def test_associate_wpa3_ap_with_wpa3_target_security(self): 304 ssid, password = self.setup_ap(hostapd_constants.WPA3_STRING) 305 asserts.assert_true( 306 self.dut.associate(ssid, 307 target_security=hostapd_constants.WPA3_STRING, 308 target_pwd=password), 'Failed to associate.') 309 310 # WPA2/WPA3 Security on AP 311 def test_reject_wpa2_wpa3_ap_with_open_target_security(self): 312 ssid, _ = self.setup_ap(hostapd_constants.WPA2_WPA3_MIXED_STRING) 313 asserts.assert_false(self.dut.associate(ssid), 314 'Should not have associated.') 315 316 def test_reject_wpa2_wpa3_ap_with_wep_target_security(self): 317 ssid, password = self.setup_ap( 318 hostapd_constants.WPA2_WPA3_MIXED_STRING) 319 asserts.assert_false( 320 self.dut.associate(ssid, 321 target_security=hostapd_constants.WEP_STRING, 322 target_pwd=password), 323 'Should not have associated.') 324 325 def test_associate_wpa2_wpa3_ap_with_wpa_target_security(self): 326 ssid, password = self.setup_ap( 327 hostapd_constants.WPA2_WPA3_MIXED_STRING) 328 asserts.assert_true( 329 self.dut.associate(ssid, 330 target_security=hostapd_constants.WPA_STRING, 331 target_pwd=password), 'Failed to associate.') 332 333 def test_associate_wpa2_wpa3_ap_with_wpa2_target_security(self): 334 ssid, password = self.setup_ap( 335 hostapd_constants.WPA2_WPA3_MIXED_STRING) 336 asserts.assert_true( 337 self.dut.associate(ssid, 338 target_security=hostapd_constants.WPA2_STRING, 339 target_pwd=password), 'Failed to associate.') 340 341 def test_associate_wpa2_wpa3_ap_with_wpa3_target_security(self): 342 ssid, password = self.setup_ap( 343 hostapd_constants.WPA2_WPA3_MIXED_STRING) 344 asserts.assert_true( 345 self.dut.associate(ssid, 346 target_security=hostapd_constants.WPA3_STRING, 347 target_pwd=password), 'Failed to associate.') 348