1#!/usr/bin/env python3 2# 3# Copyright 2021 - The Android Open Source Project 4# 5# Licensed under the Apache License, Version 2.0 (the "License"); 6# you may not use this file except in compliance with the License. 7# You may obtain a copy of the License at 8# 9# http://www.apache.org/licenses/LICENSE-2.0 10# 11# Unless required by applicable law or agreed to in writing, software 12# distributed under the License is distributed on an "AS IS" BASIS, 13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14# See the License for the specific language governing permissions and 15# limitations under the License. 16 17from acts import asserts 18from acts import utils 19from acts.controllers.access_point import setup_ap 20from acts.controllers.ap_lib import hostapd_constants 21from acts.controllers.ap_lib.hostapd_security import Security 22from acts_contrib.test_utils.wifi.WifiBaseTest import WifiBaseTest 23from acts_contrib.test_utils.abstract_devices.wlan_device import create_wlan_device 24 25 26# TODO(fxb/68956): Add security protocol check to mixed mode tests when info is 27# available. 28class WlanTargetSecurityTest(WifiBaseTest): 29 """Tests Fuchsia's target security concept and security upgrading 30 31 Testbed Requirements: 32 * One Fuchsia device 33 * One Whirlwind Access Point 34 """ 35 36 def setup_class(self): 37 if 'dut' in self.user_params and self.user_params[ 38 'dut'] != 'fuchsia_devices': 39 raise AttributeError( 40 'WlanTargetSecurityTest is only relevant for Fuchsia devices.') 41 42 self.dut = create_wlan_device(self.fuchsia_devices[0]) 43 if self.dut.device.association_mechanism != 'policy': 44 raise AttributeError( 45 'Must use WLAN policy layer to test target security.') 46 47 self.access_point = self.access_points[0] 48 49 def teardown_class(self): 50 self.dut.disconnect() 51 self.access_point.stop_all_aps() 52 53 def teardown_test(self): 54 self.dut.disconnect() 55 self.download_ap_logs() 56 self.access_point.stop_all_aps() 57 58 def on_fail(self, test_name, begin_time): 59 super().on_fail(test_name, begin_time) 60 self.access_point.stop_all_aps() 61 62 def on_exception(self, test_name, begin_time): 63 super().on_exception(test_name, begin_time) 64 self.dut.disconnect() 65 self.access_point.stop_all_aps() 66 67 def setup_ap(self, security_mode=None): 68 """ Sets up an AP using the provided security mode. 69 70 Args: 71 security_mode: string, security mode for AP 72 Returns: 73 Tuple, (ssid, password). Returns a password even if for open 74 security, since non-open target securities require a credential 75 to attempt a connection. 76 """ 77 ssid = utils.rand_ascii_str(hostapd_constants.AP_SSID_LENGTH_5G) 78 # Length 13, so it can be used for WEP or WPA 79 password = utils.rand_ascii_str(13) 80 security_profile = None 81 82 if security_mode: 83 security_profile = Security(security_mode=security_mode, 84 password=password) 85 86 setup_ap(access_point=self.access_point, 87 profile_name='whirlwind', 88 channel=hostapd_constants.AP_DEFAULT_CHANNEL_5G, 89 ssid=ssid, 90 security=security_profile) 91 92 return (ssid, password) 93 94 # Open Security on AP 95 def test_associate_open_ap_with_open_target_security(self): 96 ssid, _ = self.setup_ap() 97 asserts.assert_true(self.dut.associate(ssid), 'Failed to associate.') 98 99 def test_reject_open_ap_with_wep_target_security(self): 100 ssid, password = self.setup_ap() 101 asserts.assert_false( 102 self.dut.associate(ssid, 103 target_security=hostapd_constants.WEP_STRING, 104 target_pwd=password), 105 'Should not have associated.') 106 107 def test_reject_open_ap_with_wpa_target_security(self): 108 ssid, password = self.setup_ap() 109 asserts.assert_false( 110 self.dut.associate(ssid, 111 target_security=hostapd_constants.WPA_STRING, 112 target_pwd=password), 113 'Should not have associated.') 114 115 def test_reject_open_ap_with_wpa2_target_security(self): 116 ssid, password = self.setup_ap() 117 asserts.assert_false( 118 self.dut.associate(ssid, 119 target_security=hostapd_constants.WPA2_STRING, 120 target_pwd=password), 121 'Should not have associated.') 122 123 def test_reject_open_ap_with_wpa3_target_security(self): 124 ssid, password = self.setup_ap() 125 asserts.assert_false( 126 self.dut.associate(ssid, 127 target_security=hostapd_constants.WPA3_STRING, 128 target_pwd=password), 129 'Should not have associated.') 130 131 # WEP Security on AP 132 def test_reject_wep_ap_with_open_target_security(self): 133 ssid, _ = self.setup_ap(hostapd_constants.WEP_STRING) 134 asserts.assert_false(self.dut.associate(ssid), 135 'Should not have associated.') 136 137 def test_associate_wep_ap_with_wep_target_security(self): 138 ssid, password = self.setup_ap(hostapd_constants.WEP_STRING) 139 asserts.assert_true( 140 self.dut.associate(ssid, 141 target_security=hostapd_constants.WEP_STRING, 142 target_pwd=password), 'Failed to associate.') 143 144 def test_reject_wep_ap_with_wpa_target_security(self): 145 ssid, password = self.setup_ap(hostapd_constants.WEP_STRING) 146 asserts.assert_false( 147 self.dut.associate(ssid, 148 target_security=hostapd_constants.WPA_STRING, 149 target_pwd=password), 150 'Should not have associated.') 151 152 def test_reject_wep_ap_with_wpa2_target_security(self): 153 ssid, password = self.setup_ap(hostapd_constants.WEP_STRING) 154 asserts.assert_false( 155 self.dut.associate(ssid, 156 target_security=hostapd_constants.WPA2_STRING, 157 target_pwd=password), 158 'Should not have associated.') 159 160 def test_reject_wep_ap_with_wpa3_target_security(self): 161 ssid, password = self.setup_ap(hostapd_constants.WEP_STRING) 162 asserts.assert_false( 163 self.dut.associate(ssid, 164 target_security=hostapd_constants.WPA3_STRING, 165 target_pwd=password), 166 'Should not have associated.') 167 168 # WPA Security on AP 169 def test_reject_wpa_ap_with_open_target_security(self): 170 ssid, _ = self.setup_ap(hostapd_constants.WPA_STRING) 171 asserts.assert_false(self.dut.associate(ssid), 172 'Should not have associated.') 173 174 def test_reject_wpa_ap_with_wep_target_security(self): 175 ssid, password = self.setup_ap(hostapd_constants.WPA_STRING) 176 asserts.assert_false( 177 self.dut.associate(ssid, 178 target_security=hostapd_constants.WEP_STRING, 179 target_pwd=password), 180 'Should not have associated.') 181 182 def test_associate_wpa_ap_with_wpa_target_security(self): 183 ssid, password = self.setup_ap(hostapd_constants.WPA_STRING) 184 asserts.assert_true( 185 self.dut.associate(ssid, 186 target_security=hostapd_constants.WPA_STRING, 187 target_pwd=password), 'Failed to associate.') 188 189 def test_reject_wpa_ap_with_wpa2_target_security(self): 190 ssid, password = self.setup_ap(hostapd_constants.WPA_STRING) 191 asserts.assert_false( 192 self.dut.associate(ssid, 193 target_security=hostapd_constants.WPA2_STRING, 194 target_pwd=password), 195 'Should not have associated.') 196 197 def test_reject_wpa_ap_with_wpa3_target_security(self): 198 ssid, password = self.setup_ap(hostapd_constants.WPA_STRING) 199 asserts.assert_false( 200 self.dut.associate(ssid, 201 target_security=hostapd_constants.WPA3_STRING, 202 target_pwd=password), 203 'Should not have associated.') 204 205 # WPA2 Security on AP 206 def test_reject_wpa2_ap_with_open_target_security(self): 207 ssid, _ = self.setup_ap(hostapd_constants.WPA2_STRING) 208 asserts.assert_false(self.dut.associate(ssid), 209 'Should not have associated.') 210 211 def test_reject_wpa2_ap_with_wep_target_security(self): 212 ssid, password = self.setup_ap(hostapd_constants.WPA2_STRING) 213 asserts.assert_false( 214 self.dut.associate(ssid, 215 target_security=hostapd_constants.WEP_STRING, 216 target_pwd=password), 217 'Should not have associated.') 218 219 def test_associate_wpa2_ap_with_wpa_target_security(self): 220 ssid, password = self.setup_ap(hostapd_constants.WPA2_STRING) 221 asserts.assert_true( 222 self.dut.associate(ssid, 223 target_security=hostapd_constants.WPA_STRING, 224 target_pwd=password), 'Failed to associate.') 225 226 def test_associate_wpa2_ap_with_wpa2_target_security(self): 227 ssid, password = self.setup_ap(hostapd_constants.WPA2_STRING) 228 asserts.assert_true( 229 self.dut.associate(ssid, 230 target_security=hostapd_constants.WPA2_STRING, 231 target_pwd=password), 'Failed to associate.') 232 233 def test_reject_wpa2_ap_with_wpa3_target_security(self): 234 ssid, password = self.setup_ap(hostapd_constants.WPA2_STRING) 235 asserts.assert_false( 236 self.dut.associate(ssid, 237 target_security=hostapd_constants.WPA3_STRING, 238 target_pwd=password), 239 'Should not have associated.') 240 241 # WPA/WPA2 Security on AP 242 def test_reject_wpa_wpa2_ap_with_open_target_security(self): 243 ssid, _ = self.setup_ap(hostapd_constants.WPA_MIXED_STRING) 244 asserts.assert_false(self.dut.associate(ssid), 245 'Should not have associated.') 246 247 def test_reject_wpa_wpa2_ap_with_wep_target_security(self): 248 ssid, password = self.setup_ap(hostapd_constants.WPA_MIXED_STRING) 249 asserts.assert_false( 250 self.dut.associate(ssid, 251 target_security=hostapd_constants.WEP_STRING, 252 target_pwd=password), 253 'Should not have associated.') 254 255 def test_associate_wpa_wpa2_ap_with_wpa_target_security(self): 256 ssid, password = self.setup_ap(hostapd_constants.WPA_MIXED_STRING) 257 asserts.assert_true( 258 self.dut.associate(ssid, 259 target_security=hostapd_constants.WPA_STRING, 260 target_pwd=password), 'Failed to associate.') 261 262 def test_associate_wpa_wpa2_ap_with_wpa2_target_security(self): 263 ssid, password = self.setup_ap(hostapd_constants.WPA_MIXED_STRING) 264 asserts.assert_true( 265 self.dut.associate(ssid, 266 target_security=hostapd_constants.WPA2_STRING, 267 target_pwd=password), 'Failed to associate.') 268 269 def test_reject_wpa_wpa2_ap_with_wpa3_target_security(self): 270 ssid, password = self.setup_ap(hostapd_constants.WPA_MIXED_STRING) 271 asserts.assert_false( 272 self.dut.associate(ssid, 273 target_security=hostapd_constants.WPA3_STRING, 274 target_pwd=password), 275 'Should not have associated.') 276 277 # WPA3 Security on AP 278 def test_reject_wpa3_ap_with_open_target_security(self): 279 ssid, _ = self.setup_ap(hostapd_constants.WPA3_STRING) 280 asserts.assert_false(self.dut.associate(ssid), 281 'Should not have associated.') 282 283 def test_reject_wpa3_ap_with_wep_target_security(self): 284 ssid, password = self.setup_ap(hostapd_constants.WPA3_STRING) 285 asserts.assert_false( 286 self.dut.associate(ssid, 287 target_security=hostapd_constants.WEP_STRING, 288 target_pwd=password), 289 'Should not have associated.') 290 291 def test_associate_wpa3_ap_with_wpa_target_security(self): 292 ssid, password = self.setup_ap(hostapd_constants.WPA3_STRING) 293 asserts.assert_false( 294 self.dut.associate(ssid, 295 target_security=hostapd_constants.WPA_STRING, 296 target_pwd=password), 297 'Expected failure to associate. WPA credentials for WPA3 was ' 298 'temporarily disabled, see https://fxbug.dev/85817 for context. ' 299 'If this feature was reenabled, please update this test\'s ' 300 'expectation.') 301 302 def test_associate_wpa3_ap_with_wpa2_target_security(self): 303 ssid, password = self.setup_ap(hostapd_constants.WPA3_STRING) 304 asserts.assert_true( 305 self.dut.associate(ssid, 306 target_security=hostapd_constants.WPA2_STRING, 307 target_pwd=password), 'Failed to associate.') 308 309 def test_associate_wpa3_ap_with_wpa3_target_security(self): 310 ssid, password = self.setup_ap(hostapd_constants.WPA3_STRING) 311 asserts.assert_true( 312 self.dut.associate(ssid, 313 target_security=hostapd_constants.WPA3_STRING, 314 target_pwd=password), 'Failed to associate.') 315 316 # WPA2/WPA3 Security on AP 317 def test_reject_wpa2_wpa3_ap_with_open_target_security(self): 318 ssid, _ = self.setup_ap(hostapd_constants.WPA2_WPA3_MIXED_STRING) 319 asserts.assert_false(self.dut.associate(ssid), 320 'Should not have associated.') 321 322 def test_reject_wpa2_wpa3_ap_with_wep_target_security(self): 323 ssid, password = self.setup_ap( 324 hostapd_constants.WPA2_WPA3_MIXED_STRING) 325 asserts.assert_false( 326 self.dut.associate(ssid, 327 target_security=hostapd_constants.WEP_STRING, 328 target_pwd=password), 329 'Should not have associated.') 330 331 def test_associate_wpa2_wpa3_ap_with_wpa_target_security(self): 332 ssid, password = self.setup_ap( 333 hostapd_constants.WPA2_WPA3_MIXED_STRING) 334 asserts.assert_false( 335 self.dut.associate(ssid, 336 target_security=hostapd_constants.WPA_STRING, 337 target_pwd=password), 338 'Expected failure to associate. WPA credentials for WPA3 was ' 339 'temporarily disabled, see https://fxbug.dev/85817 for context. ' 340 'If this feature was reenabled, please update this test\'s ' 341 'expectation.') 342 343 def test_associate_wpa2_wpa3_ap_with_wpa2_target_security(self): 344 ssid, password = self.setup_ap( 345 hostapd_constants.WPA2_WPA3_MIXED_STRING) 346 asserts.assert_true( 347 self.dut.associate(ssid, 348 target_security=hostapd_constants.WPA2_STRING, 349 target_pwd=password), 'Failed to associate.') 350 351 def test_associate_wpa2_wpa3_ap_with_wpa3_target_security(self): 352 ssid, password = self.setup_ap( 353 hostapd_constants.WPA2_WPA3_MIXED_STRING) 354 asserts.assert_true( 355 self.dut.associate(ssid, 356 target_security=hostapd_constants.WPA3_STRING, 357 target_pwd=password), 'Failed to associate.') 358