| #!/usr/bin/env python3.4 |
| # |
| # Copyright 2020 - The Android Open Source Project |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| |
| from acts import asserts |
| from acts.test_decorators import test_tracker_info |
| import acts_contrib.test_utils.wifi.wifi_test_utils as wutils |
| from acts_contrib.test_utils.wifi.WifiBaseTest import WifiBaseTest |
| |
| WifiEnums = wutils.WifiEnums |
| |
| EAP = WifiEnums.Eap |
| Ent = WifiEnums.Enterprise |
| WPA3_SECURITY = "SUITE_B_192" |
| |
| |
| class WifiWpa3EnterpriseTest(WifiBaseTest): |
| """Tests for WPA3 Enterprise.""" |
| |
| def setup_class(self): |
| super().setup_class() |
| |
| self.dut = self.android_devices[0] |
| wutils.wifi_test_device_init(self.dut) |
| req_params = [ |
| "ec2_ca_cert", "ec2_client_cert", "ec2_client_key", "rsa3072_ca_cert", |
| "rsa3072_client_cert", "rsa3072_client_key", "wpa3_ec2_network", |
| "wpa3_rsa3072_network", "rsa2048_client_cert", "rsa2048_client_key", |
| "rsa3072_client_cert_expired", "rsa3072_client_cert_corrupted", |
| "rsa3072_client_cert_unsigned", "rsa3072_client_key_unsigned", |
| ] |
| self.unpack_userparams(req_param_names=req_params,) |
| |
| def setup_test(self): |
| super().setup_test() |
| for ad in self.android_devices: |
| ad.droid.wakeLockAcquireBright() |
| ad.droid.wakeUpNow() |
| wutils.wifi_toggle_state(self.dut, True) |
| |
| def teardown_test(self): |
| super().teardown_test() |
| for ad in self.android_devices: |
| ad.droid.wakeLockRelease() |
| ad.droid.goToSleepNow() |
| wutils.reset_wifi(self.dut) |
| |
| ### Tests ### |
| |
| @test_tracker_info(uuid="404c6165-6e23-4ec1-bc2c-9dfdd5c7dc87") |
| def test_connect_to_wpa3_enterprise_ec2(self): |
| asserts.skip_if( |
| self.dut.build_info["build_id"].startswith("R"), |
| "No SL4A support for EC certs in R builds. Skipping this testcase") |
| config = { |
| Ent.EAP: int(EAP.TLS), |
| Ent.CA_CERT: self.ec2_ca_cert, |
| WifiEnums.SSID_KEY: self.wpa3_ec2_network[WifiEnums.SSID_KEY], |
| Ent.CLIENT_CERT: self.ec2_client_cert, |
| Ent.PRIVATE_KEY_ID: self.ec2_client_key, |
| WifiEnums.SECURITY: WPA3_SECURITY, |
| "identity": self.wpa3_ec2_network["identity"], |
| "domain_suffix_match": self.wpa3_ec2_network["domain"], |
| "cert_algo": self.wpa3_ec2_network["cert_algo"] |
| } |
| wutils.connect_to_wifi_network(self.dut, config) |
| |
| @test_tracker_info(uuid="b6d22585-f7c1-418d-bd4b-b627af8c228c") |
| def test_connect_to_wpa3_enterprise_rsa3072(self): |
| config = { |
| Ent.EAP: int(EAP.TLS), |
| Ent.CA_CERT: self.rsa3072_ca_cert, |
| WifiEnums.SSID_KEY: self.wpa3_rsa3072_network[WifiEnums.SSID_KEY], |
| Ent.CLIENT_CERT: self.rsa3072_client_cert, |
| Ent.PRIVATE_KEY_ID: self.rsa3072_client_key, |
| WifiEnums.SECURITY: WPA3_SECURITY, |
| "identity": self.wpa3_rsa3072_network["identity"], |
| "domain_suffix_match": self.wpa3_rsa3072_network["domain"] |
| } |
| # Synology AP is slow in sending out IP address after the connection. |
| # Increasing the wait time to receive IP address to 60s from 15s. |
| wutils.connect_to_wifi_network(self.dut, config, check_connectivity=False) |
| wutils.validate_connection(self.dut, wait_time=60) |
| |
| @test_tracker_info(uuid="4779c662-1925-4c26-a4d6-3d729393796e") |
| def test_connect_to_wpa3_enterprise_insecure_rsa_cert(self): |
| config = { |
| Ent.EAP: int(EAP.TLS), |
| Ent.CA_CERT: self.rsa3072_ca_cert, |
| WifiEnums.SSID_KEY: self.wpa3_rsa3072_network[WifiEnums.SSID_KEY], |
| Ent.CLIENT_CERT: self.rsa2048_client_cert, |
| Ent.PRIVATE_KEY_ID: self.rsa2048_client_key, |
| WifiEnums.SECURITY: WPA3_SECURITY, |
| "identity": self.wpa3_rsa3072_network["identity"], |
| "domain_suffix_match": self.wpa3_rsa3072_network["domain"] |
| } |
| logcat_msg = "E WifiKeyStore: Invalid certificate type for Suite-B" |
| try: |
| wutils.connect_to_wifi_network(self.dut, config) |
| except: |
| logcat_search = self.dut.search_logcat(logcat_msg) |
| self.log.info("Logcat search results: %s" % logcat_search) |
| asserts.assert_true(logcat_search, "No valid error msg in logcat") |
| else: |
| asserts.fail("WPA3 Ent worked with insecure RSA key. Expected to fail.") |
| |
| @test_tracker_info(uuid="897957f3-de25-4f9e-b6fc-9d7798ea1e6f") |
| def test_connect_to_wpa3_enterprise_expired_rsa_cert(self): |
| config = { |
| Ent.EAP: int(EAP.TLS), |
| Ent.CA_CERT: self.rsa3072_ca_cert, |
| WifiEnums.SSID_KEY: self.wpa3_rsa3072_network[WifiEnums.SSID_KEY], |
| Ent.CLIENT_CERT: self.rsa3072_client_cert_expired, |
| Ent.PRIVATE_KEY_ID: self.rsa2048_client_key, |
| WifiEnums.SECURITY: WPA3_SECURITY, |
| "identity": self.wpa3_rsa3072_network["identity"], |
| "domain_suffix_match": self.wpa3_rsa3072_network["domain"] |
| } |
| logcat_msg = "E WifiKeyStore: Invalid certificate type for Suite-B" |
| try: |
| wutils.connect_to_wifi_network(self.dut, config) |
| except: |
| logcat_search = self.dut.search_logcat(logcat_msg) |
| self.log.info("Logcat search results: %s" % logcat_search) |
| asserts.assert_true(logcat_search, "No valid error msg in logcat") |
| else: |
| asserts.fail("WPA3 Ent worked with expired cert. Expected to fail.") |
| |
| @test_tracker_info(uuid="f7ab30e2-f2b5-488a-8667-e45920fc24d1") |
| def test_connect_to_wpa3_enterprise_corrupted_rsa_cert(self): |
| config = { |
| Ent.EAP: int(EAP.TLS), |
| Ent.CA_CERT: self.rsa3072_ca_cert, |
| WifiEnums.SSID_KEY: self.wpa3_rsa3072_network[WifiEnums.SSID_KEY], |
| Ent.CLIENT_CERT: self.rsa3072_client_cert_corrupted, |
| Ent.PRIVATE_KEY_ID: self.rsa2048_client_key, |
| WifiEnums.SECURITY: WPA3_SECURITY, |
| "identity": self.wpa3_rsa3072_network["identity"], |
| "domain_suffix_match": self.wpa3_rsa3072_network["domain"] |
| } |
| try: |
| wutils.connect_to_wifi_network(self.dut, config) |
| except: |
| asserts.explicit_pass("Connection failed as expected.") |
| else: |
| asserts.fail("WPA3 Ent worked with corrupted cert. Expected to fail.") |
| |
| @test_tracker_info(uuid="f934f388-dc0b-4c78-a493-026b798c15ca") |
| def test_connect_to_wpa3_enterprise_unsigned_rsa_cert(self): |
| config = { |
| Ent.EAP: int(EAP.TLS), |
| Ent.CA_CERT: self.rsa3072_ca_cert, |
| WifiEnums.SSID_KEY: self.wpa3_rsa3072_network[WifiEnums.SSID_KEY], |
| Ent.CLIENT_CERT: self.rsa3072_client_cert_unsigned, |
| Ent.PRIVATE_KEY_ID: self.rsa3072_client_key_unsigned, |
| WifiEnums.SECURITY: WPA3_SECURITY, |
| "identity": self.wpa3_rsa3072_network["identity"], |
| "domain_suffix_match": self.wpa3_rsa3072_network["domain"] |
| } |
| try: |
| wutils.connect_to_wifi_network(self.dut, config) |
| except: |
| asserts.explicit_pass("Connection failed as expected.") |
| else: |
| asserts.fail("WPA3 Ent worked with unsigned cert. Expected to fail.") |
| |
| @test_tracker_info(uuid="7082dc90-5eb8-4055-8b48-b555a98a837a") |
| def test_connect_to_wpa3_enterprise_wrong_domain_rsa_cert(self): |
| config = { |
| Ent.EAP: int(EAP.TLS), |
| Ent.CA_CERT: self.rsa3072_ca_cert, |
| WifiEnums.SSID_KEY: self.wpa3_rsa3072_network[WifiEnums.SSID_KEY], |
| Ent.CLIENT_CERT: self.rsa3072_client_cert, |
| Ent.PRIVATE_KEY_ID: self.rsa3072_client_key, |
| WifiEnums.SECURITY: WPA3_SECURITY, |
| "identity": self.wpa3_rsa3072_network["identity"], |
| "domain_suffix_match": self.wpa3_rsa3072_network["domain"]+"_wrong" |
| } |
| try: |
| wutils.connect_to_wifi_network(self.dut, config) |
| except: |
| asserts.explicit_pass("Connection failed as expected.") |
| else: |
| asserts.fail("WPA3 Ent worked with unsigned cert. Expected to fail.") |
| |
| @test_tracker_info(uuid="9ad5fd82-f115-42c3-b8e8-520144485ea1") |
| def test_network_selection_status_for_wpa3_ent_wrong_domain_rsa_cert(self): |
| config = { |
| Ent.EAP: int(EAP.TLS), |
| Ent.CA_CERT: self.rsa3072_ca_cert, |
| WifiEnums.SSID_KEY: self.wpa3_rsa3072_network[WifiEnums.SSID_KEY], |
| Ent.CLIENT_CERT: self.rsa3072_client_cert, |
| Ent.PRIVATE_KEY_ID: self.rsa2048_client_key, |
| WifiEnums.SECURITY: WPA3_SECURITY, |
| "identity": self.wpa3_rsa3072_network["identity"], |
| "domain_suffix_match": self.wpa3_rsa3072_network["domain"]+"_wrong" |
| } |
| try: |
| wutils.connect_to_wifi_network(self.dut, config) |
| except: |
| asserts.assert_true( |
| self.dut.droid.wifiIsNetworkTemporaryDisabledForNetwork(config), |
| "WiFi network is not temporary disabled.") |
| asserts.explicit_pass( |
| "Connection failed with correct network selection status.") |
| else: |
| asserts.fail("WPA3 Ent worked with corrupted cert. Expected to fail.") |