| // Copyright 2020 The ChromiumOS Authors |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| package wifi |
| |
| import ( |
| "context" |
| "fmt" |
| "strings" |
| "time" |
| |
| "go.chromium.org/tast-tests/cros/common/crypto/certificate" |
| "go.chromium.org/tast-tests/cros/common/network/ping" |
| "go.chromium.org/tast-tests/cros/common/perf" |
| "go.chromium.org/tast-tests/cros/common/shillconst" |
| "go.chromium.org/tast-tests/cros/common/tbdep" |
| tdreq "go.chromium.org/tast-tests/cros/common/testdevicerequirements" |
| "go.chromium.org/tast-tests/cros/common/wifi/security/dynamicwep" |
| "go.chromium.org/tast-tests/cros/common/wifi/security/owe" |
| "go.chromium.org/tast-tests/cros/common/wifi/security/tunneled1x" |
| "go.chromium.org/tast-tests/cros/common/wifi/security/wep" |
| "go.chromium.org/tast-tests/cros/common/wifi/security/wpa" |
| "go.chromium.org/tast-tests/cros/common/wifi/security/wpaeap" |
| "go.chromium.org/tast-tests/cros/common/wifi/wpacli" |
| "go.chromium.org/tast-tests/cros/remote/network/cmd" |
| "go.chromium.org/tast-tests/cros/remote/wificell" |
| ap "go.chromium.org/tast-tests/cros/remote/wificell/hostapd" |
| "go.chromium.org/tast-tests/cros/remote/wificell/wifiutil" |
| "go.chromium.org/tast-tests/cros/services/cros/wifi" |
| "go.chromium.org/tast/core/ctxutil" |
| "go.chromium.org/tast/core/testing" |
| "go.chromium.org/tast/core/testing/hwdep" |
| ) |
| |
| type simpleConnectTestcase struct { |
| // A slice of configs for colocated AP's that are controlled by one |
| // hostapd. |
| apConfigs []ap.ApConfig |
| // Override the SSIDs set by user or randomly generated in all hostapd |
| // confs with same one that are randomly pre-generated. |
| useSameSSID bool |
| pingOps []ping.Option |
| expectedFailure bool |
| expectedSecurity string |
| expectedKeyMgmt string |
| } |
| |
| // EAP certs/keys for EAP tests. |
| var ( |
| eapCert1 = certificate.TestCert1() |
| eapCert2 = certificate.TestCert2() |
| eapCert3 = certificate.TestCert3() |
| eapCert3AltSub = certificate.TestCert3AltSubjectMatch() |
| eapCert3DomainSuffix = certificate.TestCert3DomainSuffixMatch() |
| ) |
| |
| func init() { |
| testing.AddTest(&testing.Test{ |
| Func: SimpleConnect, |
| Desc: "Verifies that DUT can connect to the host via AP in different WiFi configuration", |
| Contacts: []string{ |
| "chromeos-wifi-champs@google.com", // WiFi oncall rotation |
| }, |
| BugComponent: "b:893827", // ChromeOS > Platform > Connectivity > WiFi |
| Attr: []string{"group:wificell", "wificell_func"}, |
| TestBedDeps: []string{tbdep.Wificell, tbdep.WifiStateNormal, tbdep.BluetoothStateNormal, tbdep.PeripheralWifiStateWorking}, |
| ServiceDeps: []string{wificell.ShillServiceName}, |
| Requirements: []string{tdreq.WiFiGenSupportWiFi, tdreq.WiFiProcPassFW, tdreq.WiFiProcPassAVL, tdreq.WiFiProcPassAVLBeforeUpdates, tdreq.WiFiProcPassMatfunc, tdreq.WiFiProcPassMatfuncBeforeUpdates}, |
| VariantCategory: `{"name": "WifiBtChipset_Soc_Kernel"}`, |
| Params: []testing.Param{ |
| // Parameters generated by simple_connect_test.go. DO NOT EDIT. |
| { |
| // Verifies that DUT can connect to an open 802.11a network on channels 48, 157. |
| Name: "80211a", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211a), ap.Channel(48)}, |
| }}, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211a), ap.Channel(157)}, |
| }}, |
| }}, |
| ExtraRequirements: []string{"wifi-gen-0004-v01", "wifi-sec-0001-v01"}, |
| }, { |
| // Verifies that DUT can connect to an open 802.11b network on channels 1, 6, 11. |
| Name: "80211b", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211b), ap.Channel(1)}, |
| }}, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211b), ap.Channel(6)}, |
| }}, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211b), ap.Channel(11)}, |
| }}, |
| }}, |
| ExtraRequirements: []string{"wifi-gen-0004-v01"}, |
| }, { |
| // Verifies that DUT can connect to an open 802.11g network on channels 1, 6, 11. |
| Name: "80211g", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| }}, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(6)}, |
| }}, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(11)}, |
| }}, |
| }}, |
| ExtraRequirements: []string{"wifi-gen-0004-v01"}, |
| }, { |
| // Verifies that DUT can connect to an open 802.11n network on 2.4GHz channels 1, 6, 11 with a channel width of 20MHz. |
| Name: "80211n24ht20", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211nPure), ap.Channel(1), ap.HTCaps(ap.HTCapHT20)}, |
| }}, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211nPure), ap.Channel(6), ap.HTCaps(ap.HTCapHT20)}, |
| }}, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211nPure), ap.Channel(11), ap.HTCaps(ap.HTCapHT20)}, |
| }}, |
| }}, |
| ExtraRequirements: []string{"wifi-gen-0004-v01", "wifi-gen-0007-v02"}, |
| }, { |
| // Verifies that DUT can connect to an open 802.11n network on 2.4GHz channel 6 with a channel width of 40MHz. |
| Name: "80211n24ht40", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211nPure), ap.Channel(6), ap.HTCaps(ap.HTCapHT40)}, |
| }}, |
| }}, |
| ExtraRequirements: []string{"wifi-gen-0004-v01", "wifi-gen-0007-v02"}, |
| }, { |
| // Verifies that DUT can connect to an open 802.11n network on 5GHz channel 48 with a channel width of 20MHz. |
| Name: "80211n5ht20", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211nPure), ap.Channel(48), ap.HTCaps(ap.HTCapHT20)}, |
| }}, |
| }}, |
| ExtraRequirements: []string{"wifi-gen-0004-v01", "wifi-gen-0007-v02"}, |
| }, { |
| // Verifies that DUT can connect to an open 802.11n network on 5GHz channel 48 |
| // (40MHz channel with the second 20MHz chunk of the 40MHz channel on the channel below the center channel). |
| Name: "80211n5ht40", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211nPure), ap.Channel(48), ap.HTCaps(ap.HTCapHT40Minus)}, |
| }}, |
| }}, |
| ExtraRequirements: []string{"wifi-gen-0004-v01", "wifi-gen-0007-v02"}, |
| }, { |
| // Verifies that DUT can connect to an open 802.11n network on 5 GHz channel with short guard intervals enabled (both 20/40 Mhz). |
| Name: "80211nsgi", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| ExtraAttr: []string{"wificell_cq"}, |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211nPure), ap.Channel(48), ap.HTCaps(ap.HTCapHT20, ap.HTCapSGI20)}, |
| }}, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211nPure), ap.Channel(48), ap.HTCaps(ap.HTCapHT40Minus, ap.HTCapSGI40)}, |
| }}, |
| }}, |
| ExtraRequirements: []string{"wifi-gen-0004-v01"}, |
| }, { |
| // Verifies that DUT can connect to an open 802.11ac network on channel 40 with a channel width of 20MHz. |
| Name: "80211acvht20", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ |
| ap.Mode(ap.Mode80211acPure), ap.Channel(40), ap.HTCaps(ap.HTCapHT20), |
| ap.VHTChWidth(ap.VHTChWidth20Or40), |
| }, |
| }}, |
| }}, |
| ExtraRequirements: []string{"wifi-gen-0004-v01"}, |
| }, { |
| // Verifies that DUT can connect to an open 802.11ac network on channel 48 with a channel width of 40MHz. |
| Name: "80211acvht40", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ |
| ap.Mode(ap.Mode80211acPure), ap.Channel(48), ap.HTCaps(ap.HTCapHT40), |
| ap.VHTChWidth(ap.VHTChWidth20Or40), |
| }, |
| }}, |
| }}, |
| ExtraRequirements: []string{"wifi-gen-0004-v01"}, |
| }, { |
| // Verifies that DUT can connect to an open 802.11ac network on 5GHz channel 36 with center channel of 42 and channel width of 80MHz. |
| Name: "80211acvht80mixed", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ |
| ap.Mode(ap.Mode80211acMixed), ap.Channel(36), ap.HTCaps(ap.HTCapHT40Plus), |
| ap.VHTCaps(ap.VHTCapSGI80), ap.VHTCenterChannel(42), ap.VHTChWidth(ap.VHTChWidth80), |
| }, |
| }}, |
| }}, |
| ExtraRequirements: []string{"wifi-gen-0004-v01"}, |
| }, { |
| // Verifies that DUT can connect to an open 802.11ac network on channel 157 with center channel of 155 and channel width of 80MHz. |
| // The router is forced to use VHT WiFi standard. |
| Name: "80211acvht80pure", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ |
| ap.Mode(ap.Mode80211acPure), ap.Channel(157), ap.HTCaps(ap.HTCapHT40Plus), |
| ap.VHTCaps(ap.VHTCapSGI80), ap.VHTCenterChannel(155), ap.VHTChWidth(ap.VHTChWidth80), |
| }, |
| }}, |
| }}, |
| ExtraRequirements: []string{"wifi-gen-0004-v01"}, |
| }, { |
| // Verifies that DUT can connect to an open 802.11ax network on channel 40 with a channel width of 20MHz. |
| Name: "80211axhe20", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| ExtraAttr: []string{"wificell_unstable", "wificell_func_ax"}, |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ |
| ap.Mode(ap.Mode80211axPure), ap.Channel(40), ap.HTCaps(ap.HTCapHT20), |
| ap.HEChWidth(ap.HEChWidth20Or40), |
| }, |
| }}, |
| }}, |
| ExtraHardwareDeps: hwdep.D(hwdep.Wifi80211ax()), |
| ExtraRequirements: []string{"wifi-gen-0002-v01", "wifi-rf-0006-v01"}, |
| ExtraTestBedDeps: []string{"wifi_router_features:WIFI_ROUTER_FEATURE_IEEE_802_11_AX"}, |
| VariantCategory: `{"name": "WifiBtChipset_Soc_Kernel_80211_AX"}`, |
| }, { |
| // Verifies that DUT can connect to an open 802.11ax network on channel 157 with a channel width of 40MHz. |
| Name: "80211axhe40", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| ExtraAttr: []string{"wificell_unstable", "wificell_func_ax"}, |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ |
| ap.Mode(ap.Mode80211axPure), ap.Channel(157), ap.HTCaps(ap.HTCapHT40, ap.HTCapLDPC), |
| ap.HEChWidth(ap.HEChWidth20Or40), |
| }, |
| }}, |
| }}, |
| ExtraHardwareDeps: hwdep.D(hwdep.Wifi80211ax()), |
| ExtraRequirements: []string{"wifi-gen-0002-v01", "wifi-rf-0006-v01"}, |
| ExtraTestBedDeps: []string{"wifi_router_features:WIFI_ROUTER_FEATURE_IEEE_802_11_AX"}, |
| VariantCategory: `{"name": "WifiBtChipset_Soc_Kernel_80211_AX"}`, |
| }, { |
| // Verifies that DUT can connect to an open 802.11ax network on 5GHz channel 157 with center channel of 155 and channel width of 80MHz. |
| Name: "80211axhe80mixed", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| ExtraAttr: []string{"wificell_unstable", "wificell_func_ax"}, |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ |
| ap.Mode(ap.Mode80211axMixed), ap.Channel(157), ap.HTCaps(ap.HTCapHT40Plus, ap.HTCapLDPC), |
| ap.VHTCaps(ap.VHTCapSGI80), ap.VHTCenterChannel(155), ap.VHTChWidth(ap.VHTChWidth80), ap.HECenterChannel(155), ap.HEChWidth(ap.HEChWidth80), |
| }, |
| }}, |
| }}, |
| ExtraHardwareDeps: hwdep.D(hwdep.Wifi80211ax()), |
| ExtraRequirements: []string{"wifi-gen-0002-v01", "wifi-rf-0006-v01"}, |
| ExtraTestBedDeps: []string{"wifi_router_features:WIFI_ROUTER_FEATURE_IEEE_802_11_AX"}, |
| VariantCategory: `{"name": "WifiBtChipset_Soc_Kernel_80211_AX"}`, |
| }, { |
| // Verifies that DUT can connect to an open 802.11ax network on channel 157 with center channel of 155 and channel width of 80MHz. |
| // The router is forced to use HE WiFi standard. |
| Name: "80211axhe80pure", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| ExtraAttr: []string{"wificell_unstable", "wificell_func_ax"}, |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ |
| ap.Mode(ap.Mode80211axPure), ap.Channel(157), ap.HTCaps(ap.HTCapHT40Plus, ap.HTCapLDPC), |
| ap.VHTCaps(ap.VHTCapSGI80), ap.VHTCenterChannel(155), ap.VHTChWidth(ap.VHTChWidth80), ap.HECenterChannel(155), ap.HEChWidth(ap.HEChWidth80), |
| }, |
| }}, |
| }}, |
| ExtraHardwareDeps: hwdep.D(hwdep.Wifi80211ax()), |
| ExtraRequirements: []string{"wifi-gen-0002-v01", "wifi-rf-0006-v01"}, |
| ExtraTestBedDeps: []string{"wifi_router_features:WIFI_ROUTER_FEATURE_IEEE_802_11_AX"}, |
| VariantCategory: `{"name": "WifiBtChipset_Soc_Kernel_80211_AX"}`, |
| }, { |
| // Verifies that DUT can connect to an OWE 802.11ax network on 6GHz PSC channel 21 with a channel width of 20MHz. |
| Name: "80211axeowe", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211axPure), ap.Channel(21), ap.HTCaps(ap.HTCapHT20), |
| ap.HEChWidth(ap.HEChWidth20Or40), ap.Is6GHz(), ap.PMF(ap.PMFRequired)}, |
| SecConfFac: owe.NewConfigFactory(owe.ModePureOWE), |
| }}, |
| expectedSecurity: shillconst.SecurityOWE, |
| }}, |
| ExtraHardwareDeps: hwdep.D(hwdep.Wifi80211ax6E()), |
| ExtraRequirements: []string{"wifi-gen-0003-v01", "wifi-rf-0006-v01", "wifi-sec-0008-v02", "wifi-cert-0004-v02"}, |
| ExtraTestBedDeps: []string{"wifi_router_features:WIFI_ROUTER_FEATURE_IEEE_802_11_AX_E"}, |
| VariantCategory: `{"name": "WifiBtChipset_Soc_Kernel_80211_AXE"}`, |
| }, { |
| // Verifies that DUT can connect to a WPA3-SAE ("pure") 802.11ax network on 6GHz PSC channel 21 with a channel width of 20MHz. |
| Name: "80211axe20", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| ExtraSoftwareDeps: []string{"wpa3_sae"}, |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211axPure), ap.Channel(21), ap.HTCaps(ap.HTCapHT20), |
| ap.HEChWidth(ap.HEChWidth20Or40), ap.Is6GHz(), ap.PMF(ap.PMFRequired)}, |
| SecConfFac: wpa.NewConfigFactory("chromeos", |
| wpa.Mode(wpa.ModePureWPA3), wpa.Ciphers2(wpa.CipherCCMP)), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA3, |
| }}, |
| ExtraHardwareDeps: hwdep.D(hwdep.Wifi80211ax6E()), |
| ExtraRequirements: []string{"wifi-gen-0003-v01", "wifi-rf-0006-v01"}, |
| ExtraTestBedDeps: []string{"wifi_router_features:WIFI_ROUTER_FEATURE_IEEE_802_11_AX_E"}, |
| VariantCategory: `{"name": "WifiBtChipset_Soc_Kernel_80211_AXE"}`, |
| }, { |
| // Verifies that DUT can connect to a WPA3-SAE ("pure") 802.11ax network on 6GHz PSC channel 21 with a channel width of 40MHz. |
| Name: "80211axe40", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| ExtraSoftwareDeps: []string{"wpa3_sae"}, |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211axPure), ap.Channel(21), ap.HTCaps(ap.HTCapLDPC), ap.HECenterChannel(19), |
| ap.HEChWidth(ap.HEChWidth20Or40), ap.Is6GHz(), ap.PMF(ap.PMFRequired)}, |
| SecConfFac: wpa.NewConfigFactory("chromeos", |
| wpa.Mode(wpa.ModePureWPA3), wpa.Ciphers2(wpa.CipherCCMP)), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA3, |
| }}, |
| ExtraHardwareDeps: hwdep.D(hwdep.Wifi80211ax6E()), |
| ExtraRequirements: []string{"wifi-gen-0003-v01", "wifi-rf-0006-v01"}, |
| ExtraTestBedDeps: []string{"wifi_router_features:WIFI_ROUTER_FEATURE_IEEE_802_11_AX_E"}, |
| VariantCategory: `{"name": "WifiBtChipset_Soc_Kernel_80211_AXE"}`, |
| }, { |
| // Verifies that DUT can connect to a WPA3-SAE ("mixed") 802.11ax network on 6GHz PSC channel 5 with center channel of 7 and channel width of 80MHz. |
| Name: "80211axe80mixed", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| ExtraSoftwareDeps: []string{"wpa3_sae"}, |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211axMixed), ap.Channel(5), ap.HTCaps(ap.HTCapLDPC), |
| ap.VHTCaps(ap.VHTCapSGI80), ap.HECenterChannel(7), ap.HEChWidth(ap.HEChWidth80), |
| ap.Is6GHz(), ap.PMF(ap.PMFRequired)}, |
| SecConfFac: wpa.NewConfigFactory("chromeos", |
| wpa.Mode(wpa.ModePureWPA3), wpa.Ciphers2(wpa.CipherCCMP)), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA3, |
| }}, |
| ExtraHardwareDeps: hwdep.D(hwdep.Wifi80211ax6E()), |
| ExtraRequirements: []string{"wifi-gen-0003-v01", "wifi-rf-0006-v01"}, |
| ExtraTestBedDeps: []string{"wifi_router_features:WIFI_ROUTER_FEATURE_IEEE_802_11_AX_E"}, |
| VariantCategory: `{"name": "WifiBtChipset_Soc_Kernel_80211_AXE"}`, |
| }, { |
| // Verifies that DUT can connect to a WPA3-SAE ("pure") 802.11ax network on 6GHz PSC channel 5 with center channel of 7 and channel width of 80MHz. |
| // The router is forced to use HE WiFi standard. |
| Name: "80211axe80pure", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| ExtraSoftwareDeps: []string{"wpa3_sae"}, |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211axPure), ap.Channel(5), ap.HTCaps(ap.HTCapLDPC), |
| ap.VHTCaps(ap.VHTCapSGI80), ap.HECenterChannel(7), ap.HEChWidth(ap.HEChWidth80), |
| ap.Is6GHz(), ap.PMF(ap.PMFRequired)}, |
| SecConfFac: wpa.NewConfigFactory("chromeos", |
| wpa.Mode(wpa.ModePureWPA3), wpa.Ciphers2(wpa.CipherCCMP)), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA3, |
| }}, |
| ExtraHardwareDeps: hwdep.D(hwdep.Wifi80211ax6E()), |
| ExtraRequirements: []string{"wifi-gen-0003-v01", "wifi-rf-0006-v01"}, |
| ExtraTestBedDeps: []string{"wifi_router_features:WIFI_ROUTER_FEATURE_IEEE_802_11_AX_E"}, |
| VariantCategory: `{"name": "WifiBtChipset_Soc_Kernel_80211_AXE"}`, |
| }, { |
| // Verifies that DUT can connect to a WPA3-SAE ("mixed") 802.11ax network on 6GHz PSC channel 5 with center channel of 15 and channel width of 160MHz. |
| Name: "80211axe160mixed", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| ExtraSoftwareDeps: []string{"wpa3_sae"}, |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211axMixed), ap.Channel(5), ap.HTCaps(ap.HTCapLDPC), |
| ap.VHTCaps(ap.VHTCapSGI160), ap.HECenterChannel(15), ap.HEChWidth(ap.HEChWidth160), |
| ap.Is6GHz(), ap.PMF(ap.PMFRequired)}, |
| SecConfFac: wpa.NewConfigFactory("chromeos", |
| wpa.Mode(wpa.ModePureWPA3), wpa.Ciphers2(wpa.CipherCCMP)), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA3, |
| }}, |
| ExtraHardwareDeps: hwdep.D(hwdep.Wifi80211ax6E()), |
| ExtraRequirements: []string{"wifi-gen-0003-v01", "wifi-rf-0016-v01"}, |
| ExtraTestBedDeps: []string{"wifi_router_features:WIFI_ROUTER_FEATURE_IEEE_802_11_AX_E"}, |
| VariantCategory: `{"name": "WifiBtChipset_Soc_Kernel_80211_AXE"}`, |
| }, { |
| // Verifies that DUT can connect to a WPA3-SAE ("pure") 802.11ax network on 6GHz PSC channel 5 with center channel of 15 and channel width of 160MHz. |
| // The router is forced to use HE WiFi standard. |
| Name: "80211axe160pure", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| ExtraSoftwareDeps: []string{"wpa3_sae"}, |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211axPure), ap.Channel(5), ap.HTCaps(ap.HTCapLDPC), |
| ap.VHTCaps(ap.VHTCapSGI160), ap.HECenterChannel(15), ap.HEChWidth(ap.HEChWidth160), |
| ap.Is6GHz(), ap.PMF(ap.PMFRequired)}, |
| SecConfFac: wpa.NewConfigFactory("chromeos", |
| wpa.Mode(wpa.ModePureWPA3), wpa.Ciphers2(wpa.CipherCCMP)), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA3, |
| }}, |
| ExtraHardwareDeps: hwdep.D(hwdep.Wifi80211ax6E()), |
| ExtraRequirements: []string{"wifi-gen-0003-v01", "wifi-rf-0016-v01"}, |
| ExtraTestBedDeps: []string{"wifi_router_features:WIFI_ROUTER_FEATURE_IEEE_802_11_AX_E"}, |
| VariantCategory: `{"name": "WifiBtChipset_Soc_Kernel_80211_AXE"}`, |
| }, { |
| // Verifies that DUT can connect to an open 802.11be network on channel 40 with a channel width of 20MHz. |
| Name: "80211beeht20", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| ExtraAttr: []string{"wificell_func_be"}, |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211bePure), ap.Channel(40), ap.HTCaps(ap.HTCapHT20), |
| ap.EHTChWidth(ap.EHTChWidth20Or40), ap.EHTCenterChannel(40), ap.PMF(ap.PMFRequired)}, |
| SecConfFac: wpa.NewConfigFactory("chromeos", |
| wpa.Mode(wpa.ModePureWPA3), wpa.Ciphers2(wpa.CipherCCMP)), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA3, |
| }}, |
| ExtraHardwareDeps: hwdep.D(hwdep.Wifi80211be()), |
| ExtraTestBedDeps: []string{"wifi_router_features:WIFI_ROUTER_FEATURE_IEEE_802_11_BE"}, |
| VariantCategory: `{"name": "WifiBtChipset_Soc_Kernel_80211_BE"}`, |
| }, { |
| // Verifies that DUT can connect to an open 802.11be network on channel 157 with a channel width of 40MHz. |
| Name: "80211beeht40", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| ExtraAttr: []string{"wificell_func_be"}, |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211bePure), ap.Channel(157), ap.HTCaps(ap.HTCapHT40, ap.HTCapLDPC), |
| ap.EHTChWidth(ap.EHTChWidth20Or40), ap.EHTCenterChannel(159), ap.PMF(ap.PMFRequired)}, |
| SecConfFac: wpa.NewConfigFactory("chromeos", |
| wpa.Mode(wpa.ModePureWPA3), wpa.Ciphers2(wpa.CipherCCMP)), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA3, |
| }}, |
| ExtraHardwareDeps: hwdep.D(hwdep.Wifi80211be()), |
| ExtraTestBedDeps: []string{"wifi_router_features:WIFI_ROUTER_FEATURE_IEEE_802_11_BE"}, |
| VariantCategory: `{"name": "WifiBtChipset_Soc_Kernel_80211_BE"}`, |
| }, { |
| // Verifies that DUT can connect to an open 802.11be network on 5GHz channel 157 with center channel of 155 and channel width of 80MHz. |
| Name: "80211beeht80mixed", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| ExtraAttr: []string{"wificell_func_be"}, |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211beMixed), ap.Channel(157), ap.HTCaps(ap.HTCapHT40Plus, ap.HTCapLDPC), |
| ap.VHTCaps(ap.VHTCapSGI80), ap.VHTCenterChannel(155), ap.VHTChWidth(ap.VHTChWidth80), |
| ap.EHTCenterChannel(155), ap.EHTChWidth(ap.EHTChWidth80), ap.PMF(ap.PMFRequired)}, |
| SecConfFac: wpa.NewConfigFactory("chromeos", |
| wpa.Mode(wpa.ModePureWPA3), wpa.Ciphers2(wpa.CipherCCMP)), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA3, |
| }}, |
| ExtraHardwareDeps: hwdep.D(hwdep.Wifi80211be()), |
| ExtraTestBedDeps: []string{"wifi_router_features:WIFI_ROUTER_FEATURE_IEEE_802_11_BE"}, |
| VariantCategory: `{"name": "WifiBtChipset_Soc_Kernel_80211_BE"}`, |
| }, { |
| // Verifies that DUT can connect to an open 802.11be network on channel 157 with center channel of 155 and channel width of 80MHz. |
| // The router is forced to use EHT WiFi standard. |
| Name: "80211beeht80pure", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| ExtraAttr: []string{"wificell_func_be"}, |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211bePure), ap.Channel(157), ap.HTCaps(ap.HTCapHT40Plus, ap.HTCapLDPC), |
| ap.VHTCaps(ap.VHTCapSGI80), ap.VHTCenterChannel(155), ap.VHTChWidth(ap.VHTChWidth80), |
| ap.EHTCenterChannel(155), ap.EHTChWidth(ap.EHTChWidth80), ap.PMF(ap.PMFRequired)}, |
| SecConfFac: wpa.NewConfigFactory("chromeos", |
| wpa.Mode(wpa.ModePureWPA3), wpa.Ciphers2(wpa.CipherCCMP)), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA3, |
| }}, |
| ExtraHardwareDeps: hwdep.D(hwdep.Wifi80211be()), |
| ExtraTestBedDeps: []string{"wifi_router_features:WIFI_ROUTER_FEATURE_IEEE_802_11_BE"}, |
| VariantCategory: `{"name": "WifiBtChipset_Soc_Kernel_80211_BE"}`, |
| }, { |
| // Verifies that DUT can connect to an OWE 802.11be network on 6GHz PSC channel 21 with a channel width of 20MHz. |
| Name: "80211beehtowe_6ghz", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| ExtraAttr: []string{"wificell_unstable"}, |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211bePure), ap.Channel(21), ap.HTCaps(ap.HTCapHT20), |
| ap.EHTChWidth(ap.EHTChWidth20Or40), ap.Is6GHz(), ap.PMF(ap.PMFRequired), |
| ap.EHTCenterChannel(21)}, |
| SecConfFac: owe.NewConfigFactory(owe.ModePureOWE), |
| }}, |
| expectedSecurity: shillconst.SecurityOWE, |
| }}, |
| ExtraHardwareDeps: hwdep.D(hwdep.Wifi80211be()), |
| ExtraRequirements: []string{"wifi-sec-0008-v02", "wifi-cert-0004-v02"}, |
| ExtraTestBedDeps: []string{"wifi_router_features:WIFI_ROUTER_FEATURE_IEEE_802_11_BE"}, |
| VariantCategory: `{"name": "WifiBtChipset_Soc_Kernel_80211_BE"}`, |
| }, { |
| // Verifies that DUT can connect to a WPA3-SAE ("pure") 802.11be network on 6GHz PSC channel 21 with a channel width of 20MHz. |
| Name: "80211beeht20_6ghz", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| ExtraAttr: []string{"wificell_unstable"}, |
| ExtraSoftwareDeps: []string{"wpa3_sae"}, |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211bePure), ap.Channel(21), ap.HTCaps(ap.HTCapHT20), |
| ap.EHTChWidth(ap.EHTChWidth20Or40), ap.Is6GHz(), ap.PMF(ap.PMFRequired), |
| ap.EHTCenterChannel(21)}, |
| SecConfFac: wpa.NewConfigFactory("chromeos", |
| wpa.Mode(wpa.ModePureWPA3), wpa.Ciphers2(wpa.CipherCCMP)), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA3, |
| }}, |
| ExtraHardwareDeps: hwdep.D(hwdep.Wifi80211be()), |
| ExtraTestBedDeps: []string{"wifi_router_features:WIFI_ROUTER_FEATURE_IEEE_802_11_BE"}, |
| VariantCategory: `{"name": "WifiBtChipset_Soc_Kernel_80211_BE"}`, |
| }, { |
| // Verifies that DUT can connect to a WPA3-SAE ("pure") 802.11be network on 6GHz PSC channel 21 with a channel width of 40MHz. |
| Name: "80211beeht40_6ghz", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| ExtraAttr: []string{"wificell_unstable"}, |
| ExtraSoftwareDeps: []string{"wpa3_sae"}, |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211bePure), ap.Channel(21), ap.HTCaps(ap.HTCapLDPC), ap.EHTCenterChannel(19), |
| ap.EHTChWidth(ap.EHTChWidth20Or40), ap.Is6GHz(), ap.PMF(ap.PMFRequired)}, |
| SecConfFac: wpa.NewConfigFactory("chromeos", |
| wpa.Mode(wpa.ModePureWPA3), wpa.Ciphers2(wpa.CipherCCMP)), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA3, |
| }}, |
| ExtraHardwareDeps: hwdep.D(hwdep.Wifi80211be()), |
| ExtraTestBedDeps: []string{"wifi_router_features:WIFI_ROUTER_FEATURE_IEEE_802_11_BE"}, |
| VariantCategory: `{"name": "WifiBtChipset_Soc_Kernel_80211_BE"}`, |
| }, { |
| // Verifies that DUT can connect to a WPA3-SAE ("mixed") 802.11be network on 6GHz PSC channel 5 with center channel of 7 and channel width of 80MHz. |
| Name: "80211beeht80mixed_6ghz", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| ExtraAttr: []string{"wificell_unstable"}, |
| ExtraSoftwareDeps: []string{"wpa3_sae"}, |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211beMixed), ap.Channel(5), ap.HTCaps(ap.HTCapLDPC), |
| ap.VHTCaps(ap.VHTCapSGI80), ap.EHTCenterChannel(7), ap.EHTChWidth(ap.EHTChWidth80), |
| ap.Is6GHz(), ap.PMF(ap.PMFRequired)}, |
| SecConfFac: wpa.NewConfigFactory("chromeos", |
| wpa.Mode(wpa.ModePureWPA3), wpa.Ciphers2(wpa.CipherCCMP)), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA3, |
| }}, |
| ExtraHardwareDeps: hwdep.D(hwdep.Wifi80211be()), |
| ExtraTestBedDeps: []string{"wifi_router_features:WIFI_ROUTER_FEATURE_IEEE_802_11_BE"}, |
| VariantCategory: `{"name": "WifiBtChipset_Soc_Kernel_80211_BE"}`, |
| }, { |
| // Verifies that DUT can connect to a WPA3-SAE ("pure") 802.11be network on 6GHz PSC channel 5 with center channel of 7 and channel width of 80MHz. |
| // The router is forced to use EHT WiFi standard. |
| Name: "80211beeht80pure_6ghz", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| ExtraAttr: []string{"wificell_unstable"}, |
| ExtraSoftwareDeps: []string{"wpa3_sae"}, |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211bePure), ap.Channel(5), ap.HTCaps(ap.HTCapLDPC), |
| ap.VHTCaps(ap.VHTCapSGI80), ap.EHTCenterChannel(7), ap.EHTChWidth(ap.EHTChWidth80), |
| ap.Is6GHz(), ap.PMF(ap.PMFRequired)}, |
| SecConfFac: wpa.NewConfigFactory("chromeos", |
| wpa.Mode(wpa.ModePureWPA3), wpa.Ciphers2(wpa.CipherCCMP)), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA3, |
| }}, |
| ExtraHardwareDeps: hwdep.D(hwdep.Wifi80211be()), |
| ExtraTestBedDeps: []string{"wifi_router_features:WIFI_ROUTER_FEATURE_IEEE_802_11_BE"}, |
| VariantCategory: `{"name": "WifiBtChipset_Soc_Kernel_80211_BE"}`, |
| }, { |
| // Verifies that DUT can connect to a WPA3-SAE ("mixed") 802.11be network on 6GHz PSC channel 5 with center channel of 15 and channel width of 160MHz. |
| Name: "80211beeht160mixed_6ghz", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| ExtraAttr: []string{"wificell_unstable"}, |
| ExtraSoftwareDeps: []string{"wpa3_sae"}, |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ |
| ap.Mode(ap.Mode80211beMixed), ap.Channel(5), ap.HTCaps(ap.HTCapLDPC), |
| ap.VHTCaps(ap.VHTCapSGI160), ap.EHTCenterChannel(15), ap.EHTChWidth(ap.EHTChWidth160), |
| ap.Is6GHz(), ap.PMF(ap.PMFRequired)}, |
| SecConfFac: wpa.NewConfigFactory("chromeos", |
| wpa.Mode(wpa.ModePureWPA3), wpa.Ciphers2(wpa.CipherCCMP)), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA3, |
| }}, |
| ExtraHardwareDeps: hwdep.D(hwdep.Wifi80211be()), |
| ExtraTestBedDeps: []string{"wifi_router_features:WIFI_ROUTER_FEATURE_IEEE_802_11_BE"}, |
| VariantCategory: `{"name": "WifiBtChipset_Soc_Kernel_80211_BE"}`, |
| }, { |
| // Verifies that DUT can connect to a WPA3-SAE ("pure") 802.11be network on 6GHz PSC channel 5 with center channel of 15 and channel width of 160MHz. |
| // The router is forced to use EHT WiFi standard. |
| Name: "80211beeht160pure_6ghz", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| ExtraAttr: []string{"wificell_unstable"}, |
| ExtraSoftwareDeps: []string{"wpa3_sae"}, |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211bePure), ap.Channel(5), ap.HTCaps(ap.HTCapLDPC), |
| ap.VHTCaps(ap.VHTCapSGI160), ap.EHTCenterChannel(15), ap.EHTChWidth(ap.EHTChWidth160), |
| ap.Is6GHz(), ap.PMF(ap.PMFRequired)}, |
| SecConfFac: wpa.NewConfigFactory("chromeos", |
| wpa.Mode(wpa.ModePureWPA3), wpa.Ciphers2(wpa.CipherCCMP)), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA3, |
| }}, |
| ExtraHardwareDeps: hwdep.D(hwdep.Wifi80211be()), |
| ExtraTestBedDeps: []string{"wifi_router_features:WIFI_ROUTER_FEATURE_IEEE_802_11_BE"}, |
| VariantCategory: `{"name": "WifiBtChipset_Soc_Kernel_80211_BE"}`, |
| }, { |
| // Verifies that DUT can connect to a WPA3-SAE ("mixed") 802.11be network on 6GHz PSC channel 5 with center channel of 31 and channel width of 320MHz. |
| // The router is forced to use EHT WiFi standard. |
| Name: "80211beeht320mixed_6ghz", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| ExtraAttr: []string{"wificell_unstable"}, |
| ExtraSoftwareDeps: []string{"wpa3_sae"}, |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ |
| ap.Mode(ap.Mode80211beMixed), ap.Channel(5), ap.HTCaps(ap.HTCapLDPC), |
| ap.EHTCenterChannel(31), ap.EHTChWidth(ap.EHTChWidth320), |
| ap.Is6GHz(), ap.PMF(ap.PMFRequired)}, |
| SecConfFac: wpa.NewConfigFactory("chromeos", |
| wpa.Mode(wpa.ModePureWPA3), wpa.Ciphers2(wpa.CipherCCMP)), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA3, |
| }}, |
| ExtraHardwareDeps: hwdep.D(hwdep.Wifi80211be()), |
| ExtraTestBedDeps: []string{"wifi_router_features:WIFI_ROUTER_FEATURE_IEEE_802_11_BE"}, |
| VariantCategory: `{"name": "WifiBtChipset_Soc_Kernel_80211_BE"}`, |
| }, { |
| // Verifies that DUT can connect to a WPA3-SAE ("pure") 802.11be network on 6GHz PSC channel 5 with center channel of 31 and channel width of 320MHz. |
| // The router is forced to use EHT WiFi standard. |
| Name: "80211beeht320pure_6ghz", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| ExtraAttr: []string{"wificell_unstable"}, |
| ExtraSoftwareDeps: []string{"wpa3_sae"}, |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ |
| ap.Mode(ap.Mode80211bePure), ap.Channel(5), ap.HTCaps(ap.HTCapLDPC), |
| ap.EHTCenterChannel(31), ap.EHTChWidth(ap.EHTChWidth320), |
| ap.Is6GHz(), ap.PMF(ap.PMFRequired)}, |
| SecConfFac: wpa.NewConfigFactory("chromeos", |
| wpa.Mode(wpa.ModePureWPA3), wpa.Ciphers2(wpa.CipherCCMP)), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA3, |
| }}, |
| ExtraHardwareDeps: hwdep.D(hwdep.Wifi80211be()), |
| ExtraTestBedDeps: []string{"wifi_router_features:WIFI_ROUTER_FEATURE_IEEE_802_11_BE"}, |
| VariantCategory: `{"name": "WifiBtChipset_Soc_Kernel_80211_BE"}`, |
| }, { |
| // Verifies that DUT can connect to a WiFi5 GCMP-128 network on WPA3. |
| Name: "gcmp_128", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211acPure), ap.Channel(36), ap.HTCaps(ap.HTCapHT40Plus), |
| ap.VHTCenterChannel(42), ap.VHTChWidth(ap.VHTChWidth80), ap.PMF(ap.PMFRequired)}, |
| SecConfFac: wpa.NewConfigFactory("chromeos", |
| wpa.Mode(wpa.ModePureWPA3), wpa.Ciphers2(wpa.CipherGCMP128), |
| wpa.GroupCipherOverride(wpa.CipherGCMP128)), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA3, |
| }}, |
| ExtraHardwareDeps: hwdep.D(hwdep.WifiGCMP()), |
| ExtraTestBedDeps: []string{"wifi_router_features:WIFI_ROUTER_FEATURE_GCMP"}, |
| }, { |
| // Verifies that DUT can connect to a WiFi5 GCMP-256 network on WPA3. |
| Name: "gcmp_256", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211acPure), ap.Channel(36), ap.HTCaps(ap.HTCapHT40Plus), |
| ap.VHTCenterChannel(42), ap.VHTChWidth(ap.VHTChWidth80), ap.PMF(ap.PMFRequired)}, |
| SecConfFac: wpa.NewConfigFactory("chromeos", |
| wpa.Mode(wpa.ModePureWPA3), wpa.Ciphers2(wpa.CipherGCMP256), |
| wpa.GroupCipherOverride(wpa.CipherGCMP256)), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA3, |
| }}, |
| ExtraHardwareDeps: hwdep.D(hwdep.WifiGCMP()), |
| ExtraTestBedDeps: []string{"wifi_router_features:WIFI_ROUTER_FEATURE_GCMP"}, |
| }, { |
| // Verifies that DUT can connect to a WiFi5 network that supports CCMP and GCMP on WPA2. |
| Name: "gcmp_ccmp", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211acPure), ap.Channel(36), ap.HTCaps(ap.HTCapHT40Plus), |
| ap.VHTCenterChannel(42), ap.VHTChWidth(ap.VHTChWidth80), ap.PMF(ap.PMFRequired)}, |
| SecConfFac: wpa.NewConfigFactory("chromeos", |
| wpa.Mode(wpa.ModePureWPA2), wpa.Ciphers2(wpa.CipherCCMP, wpa.CipherGCMP128)), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA2, |
| }}, |
| ExtraTestBedDeps: []string{"wifi_router_features:WIFI_ROUTER_FEATURE_GCMP"}, |
| }, { |
| // Verifies that DUT can connect to an OWE network on 2.4GHz. |
| Name: "owe", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: owe.NewConfigFactory(owe.ModePureOWE), |
| }}, |
| expectedSecurity: shillconst.SecurityOWE, |
| }}, |
| // Skip Marvell WiFi since they do not support OWE. |
| ExtraHardwareDeps: hwdep.D(hwdep.WifiNotMarvell()), |
| ExtraRequirements: []string{"wifi-sec-0008-v02", "wifi-cert-0004-v02"}, |
| }, { |
| // Verifies that DUT can connect to a hidden network on 2.4GHz channel. |
| Name: "hidden24g", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(6), ap.Hidden()}, |
| }}, |
| }}, |
| }, { |
| // Verifies that DUT can connect to a hidden network on 5GHz channels. |
| Name: "hidden5ht20", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211nPure), ap.Channel(36), ap.HTCaps(ap.HTCapHT20), ap.Hidden(), ap.SpectrumManagement()}, |
| }}, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211nPure), ap.Channel(48), ap.HTCaps(ap.HTCapHT20), ap.Hidden(), ap.SpectrumManagement()}, |
| }}, |
| }}, |
| // TODO(b/189972561) Enable this test on Trogdor once active scanning on 5 GHz channel is enabled. |
| ExtraHardwareDeps: hwdep.D(hwdep.SkipOnPlatform("strongbad", "strongbad64", "strongbad-kernelnext", "trogdor", "trogdor64", "trogdor-kernelnext")), |
| }, { |
| // Verifies that DUT can connect to a WEP network with both open and shared system authentication and 40-bit pre-shared keys. |
| Name: "wep40", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: wep.NewConfigFactory(wep40Keys(), wep.DefaultKey(0), wep.AuthAlgs(wep.AuthAlgoOpen)), |
| }}, |
| expectedSecurity: shillconst.SecurityWEP, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: wep.NewConfigFactory(wep40Keys(), wep.DefaultKey(1), wep.AuthAlgs(wep.AuthAlgoOpen)), |
| }}, |
| expectedSecurity: shillconst.SecurityWEP, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: wep.NewConfigFactory(wep40Keys(), wep.DefaultKey(2), wep.AuthAlgs(wep.AuthAlgoOpen)), |
| }}, |
| expectedSecurity: shillconst.SecurityWEP, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: wep.NewConfigFactory(wep40Keys(), wep.DefaultKey(3), wep.AuthAlgs(wep.AuthAlgoOpen)), |
| }}, |
| expectedSecurity: shillconst.SecurityWEP, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: wep.NewConfigFactory(wep40Keys(), wep.DefaultKey(0), wep.AuthAlgs(wep.AuthAlgoShared)), |
| }}, |
| expectedSecurity: shillconst.SecurityWEP, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: wep.NewConfigFactory(wep40Keys(), wep.DefaultKey(1), wep.AuthAlgs(wep.AuthAlgoShared)), |
| }}, |
| expectedSecurity: shillconst.SecurityWEP, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: wep.NewConfigFactory(wep40Keys(), wep.DefaultKey(2), wep.AuthAlgs(wep.AuthAlgoShared)), |
| }}, |
| expectedSecurity: shillconst.SecurityWEP, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: wep.NewConfigFactory(wep40Keys(), wep.DefaultKey(3), wep.AuthAlgs(wep.AuthAlgoShared)), |
| }}, |
| expectedSecurity: shillconst.SecurityWEP, |
| }}, |
| ExtraHardwareDeps: hwdep.D(hwdep.WifiWEP()), |
| ExtraRequirements: []string{"wifi-sec-0007-v01"}, |
| }, { |
| // Verifies that DUT can connect to a WEP network with both open and shared system authentication and 104-bit pre-shared keys. |
| Name: "wep104", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: wep.NewConfigFactory(wep104Keys(), wep.DefaultKey(0), wep.AuthAlgs(wep.AuthAlgoOpen)), |
| }}, |
| expectedSecurity: shillconst.SecurityWEP, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: wep.NewConfigFactory(wep104Keys(), wep.DefaultKey(1), wep.AuthAlgs(wep.AuthAlgoOpen)), |
| }}, |
| expectedSecurity: shillconst.SecurityWEP, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: wep.NewConfigFactory(wep104Keys(), wep.DefaultKey(2), wep.AuthAlgs(wep.AuthAlgoOpen)), |
| }}, |
| expectedSecurity: shillconst.SecurityWEP, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: wep.NewConfigFactory(wep104Keys(), wep.DefaultKey(3), wep.AuthAlgs(wep.AuthAlgoOpen)), |
| }}, |
| expectedSecurity: shillconst.SecurityWEP, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: wep.NewConfigFactory(wep104Keys(), wep.DefaultKey(0), wep.AuthAlgs(wep.AuthAlgoShared)), |
| }}, |
| expectedSecurity: shillconst.SecurityWEP, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: wep.NewConfigFactory(wep104Keys(), wep.DefaultKey(1), wep.AuthAlgs(wep.AuthAlgoShared)), |
| }}, |
| expectedSecurity: shillconst.SecurityWEP, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: wep.NewConfigFactory(wep104Keys(), wep.DefaultKey(2), wep.AuthAlgs(wep.AuthAlgoShared)), |
| }}, |
| expectedSecurity: shillconst.SecurityWEP, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: wep.NewConfigFactory(wep104Keys(), wep.DefaultKey(3), wep.AuthAlgs(wep.AuthAlgoShared)), |
| }}, |
| expectedSecurity: shillconst.SecurityWEP, |
| }}, |
| ExtraHardwareDeps: hwdep.D(hwdep.WifiWEP()), |
| ExtraRequirements: []string{"wifi-sec-0007-v01"}, |
| }, { |
| // Verifies that DUT can connect to a hidden WEP network with open/shared system authentication and 40/104-bit pre-shared keys. |
| Name: "wephidden", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1), ap.Hidden()}, |
| SecConfFac: wep.NewConfigFactory(wep40KeysHidden(), wep.AuthAlgs(wep.AuthAlgoOpen)), |
| }}, |
| expectedSecurity: shillconst.SecurityWEP, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1), ap.Hidden()}, |
| SecConfFac: wep.NewConfigFactory(wep40KeysHidden(), wep.AuthAlgs(wep.AuthAlgoShared)), |
| }}, |
| expectedSecurity: shillconst.SecurityWEP, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1), ap.Hidden()}, |
| SecConfFac: wep.NewConfigFactory(wep104KeysHidden(), wep.AuthAlgs(wep.AuthAlgoOpen)), |
| }}, |
| expectedSecurity: shillconst.SecurityWEP, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1), ap.Hidden()}, |
| SecConfFac: wep.NewConfigFactory(wep104KeysHidden(), wep.AuthAlgs(wep.AuthAlgoShared)), |
| }}, |
| expectedSecurity: shillconst.SecurityWEP, |
| }}, |
| ExtraHardwareDeps: hwdep.D(hwdep.WifiWEP()), |
| ExtraRequirements: []string{"wifi-sec-0007-v01"}, |
| }, { |
| // Verifies that DUT can connect to a protected network supporting for pure WPA with TKIP. |
| Name: "wpatkip", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: wpa.NewConfigFactory( |
| "chromeos", wpa.Mode(wpa.ModePureWPA), |
| wpa.Ciphers(wpa.CipherTKIP), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA, |
| }}, |
| }, { |
| // Verifies that DUT can connect to a protected network supporting for pure WPA with AES based CCMP. |
| Name: "wpaccmp", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: wpa.NewConfigFactory( |
| "chromeos", wpa.Mode(wpa.ModePureWPA), |
| wpa.Ciphers(wpa.CipherCCMP), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA, |
| }}, |
| }, { |
| // Verifies that DUT can connect to a protected network supporting for pure WPA with both AES based CCMP and TKIP. |
| Name: "wpamulti", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| ExtraAttr: []string{"wificell_cq"}, |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: wpa.NewConfigFactory( |
| "chromeos", wpa.Mode(wpa.ModePureWPA), |
| wpa.Ciphers(wpa.CipherTKIP, wpa.CipherCCMP), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA, |
| }}, |
| }, { |
| // Verifies that DUT can connect to a protected network supporting for WPA2 (aka RSN) with TKIP. Some AP still uses TKIP in WPA2. |
| Name: "wpa2tkip", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: wpa.NewConfigFactory( |
| "chromeos", wpa.Mode(wpa.ModePureWPA2), |
| wpa.Ciphers2(wpa.CipherTKIP), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA2, |
| }}, |
| ExtraRequirements: []string{"wifi-sec-0005-v01"}, |
| }, { |
| // Verifies that DUT can connect to an AP broadcasting a WPA2 network using AES based CCMP. |
| // In addition, the client must also support 802.11w protected management frames. |
| Name: "wpa2pmf", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| ExtraAttr: []string{"wificell_cq"}, |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1), ap.PMF(ap.PMFRequired)}, |
| SecConfFac: wpa.NewConfigFactory( |
| "chromeos", wpa.Mode(wpa.ModePureWPA2), |
| wpa.Ciphers2(wpa.CipherCCMP), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA2, |
| }}, |
| ExtraRequirements: []string{"wifi-gen-0006-v01", "wifi-sec-0005-v01"}, |
| }, { |
| // Verifies that DUT can connect to an AP broadcasting a WPA2 network using AES based CCMP. |
| // In addition, the client must also support 802.11w protected management frames. |
| // And the client uses WPA-PSK-SHA256 for key management suite |
| Name: "wpa2pmfsha256", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1), ap.PMF(ap.PMFRequired)}, |
| SecConfFac: wpa.NewConfigFactory( |
| "chromeos", wpa.Mode(wpa.ModePureWPA2), wpa.KeyMgmt([]string{wpa.KeyMgmtWPAPSKSHA256}), |
| wpa.Ciphers2(wpa.CipherCCMP), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA2, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1), ap.PMF(ap.PMFRequired)}, |
| SecConfFac: wpa.NewConfigFactory( |
| "chromeos", wpa.Mode(wpa.ModePureWPA2), wpa.KeyMgmt([]string{wpa.KeyMgmtWPAPSK, wpa.KeyMgmtWPAPSKSHA256}), |
| wpa.Ciphers2(wpa.CipherCCMP), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA2, |
| }}, |
| ExtraRequirements: []string{"wifi-gen-0006-v01", "wifi-sec-0005-v01"}, |
| }, { |
| // Verifies that DUT can connect to an AP broadcasting a WPA2 network using AES based CCMP. |
| // In addition, the client may also negotiate use of 802.11w protected management frames. |
| Name: "wpa2pmfoptional", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1), ap.PMF(ap.PMFOptional)}, |
| SecConfFac: wpa.NewConfigFactory( |
| "chromeos", wpa.Mode(wpa.ModePureWPA2), |
| wpa.Ciphers2(wpa.CipherCCMP), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA2, |
| }}, |
| ExtraRequirements: []string{"wifi-gen-0006-v01", "wifi-sec-0005-v01"}, |
| }, { |
| // Verifies that DUT can connect to a protected network supporting for WPA2 (aka RSN) and encrypted under AES. |
| Name: "wpa2", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: wpa.NewConfigFactory( |
| "chromeos", wpa.Mode(wpa.ModePureWPA2), |
| wpa.Ciphers2(wpa.CipherCCMP), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA2, |
| }}, |
| ExtraRequirements: []string{"wifi-sec-0005-v01"}, |
| }, { |
| // Verifies that DUT can connect to a protected network supporting for both WPA and WPA2 with TKIP/AES supported for WPA and AES supported for WPA2. |
| Name: "wpamixed", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: wpa.NewConfigFactory( |
| "chromeos", wpa.Mode(wpa.ModeMixed), |
| wpa.Ciphers(wpa.CipherTKIP, wpa.CipherCCMP), wpa.Ciphers2(wpa.CipherCCMP), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAWPA2, |
| }}, |
| }, { |
| // Verifies that DUT can connect to an AP in WPA2/WPA3 mixed mode. WiFi alliance suggests PMF in this mode. |
| Name: "wpa3mixed", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ |
| ap.Mode(ap.Mode80211acMixed), ap.Channel(36), ap.HTCaps(ap.HTCapHT40Plus), |
| ap.VHTCenterChannel(42), ap.VHTChWidth(ap.VHTChWidth80), |
| ap.PMF(ap.PMFOptional), |
| }, |
| SecConfFac: wpa.NewConfigFactory( |
| "chromeos", wpa.Mode(wpa.ModeMixedWPA3), |
| wpa.Ciphers2(wpa.CipherCCMP), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA2WPA3, |
| }}, |
| ExtraRequirements: []string{"wifi-gen-0006-v01", "wifi-sec-0002-v01"}, |
| }, { |
| // Verifies that DUT can connect to an AP in WPA3-SAE-EXT ("mixed") mode. WiFi alliance requires PMF in this mode. |
| Name: "wpa3extmixed", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| // Not all WiFi chips support SAE. We enable the feature as a Software dependency for now, but eventually |
| // this will require a hardware dependency (crbug.com/1070299). |
| ExtraSoftwareDeps: []string{"wpa3_sae"}, |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ |
| ap.Mode(ap.Mode80211acMixed), ap.Channel(36), ap.HTCaps(ap.HTCapHT40Plus), |
| ap.VHTCenterChannel(42), ap.VHTChWidth(ap.VHTChWidth80), |
| ap.PMF(ap.PMFOptional), |
| }, |
| SecConfFac: wpa.NewConfigFactory( |
| "chromeos", wpa.Mode(wpa.ModeMixedWPA3Ext), |
| wpa.Ciphers2(wpa.CipherCCMP), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA2WPA3, |
| expectedKeyMgmt: wpa.KeyMgmtSAEEXT, |
| }}, |
| ExtraRequirements: []string{"wifi-gen-0006-v01", "wifi-sec-0002-v01"}, |
| ExtraTestBedDeps: []string{"wifi_router_features:WIFI_ROUTER_FEATURE_SAE_EXT_KEY"}, |
| VariantCategory: `{"name": "WifiBtChipset_Soc_Kernel_SAE_EXT_KEY"}`, |
| }, { |
| // Verifies that DUT can connect to an AP in WPA3-SAE ("pure") mode. WiFi alliance requires PMF in this mode. |
| Name: "wpa3", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| // Not all WiFi chips support SAE. We enable the feature as a Software dependency for now, but eventually |
| // this will require a hardware dependency (crbug.com/1070299). |
| ExtraSoftwareDeps: []string{"wpa3_sae"}, |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ |
| ap.Mode(ap.Mode80211acMixed), ap.Channel(36), ap.HTCaps(ap.HTCapHT40Plus), |
| ap.VHTCenterChannel(42), ap.VHTChWidth(ap.VHTChWidth80), |
| ap.PMF(ap.PMFRequired), |
| }, |
| SecConfFac: wpa.NewConfigFactory( |
| "chromeos", wpa.Mode(wpa.ModePureWPA3), |
| wpa.Ciphers2(wpa.CipherCCMP), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA3, |
| expectedKeyMgmt: wpa.KeyMgmtSAE, |
| }}, |
| ExtraRequirements: []string{"wifi-gen-0006-v01", "wifi-sec-0002-v01"}, |
| }, { |
| // Verifies that DUT can connect to an AP in WPA3-SAE-EXT ("pure") mode. WiFi alliance requires PMF in this mode. |
| Name: "wpa3ext", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| // Not all WiFi chips support SAE. We enable the feature as a Software dependency for now, but eventually |
| // this will require a hardware dependency (crbug.com/1070299). |
| ExtraSoftwareDeps: []string{"wpa3_sae"}, |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ |
| ap.Mode(ap.Mode80211acMixed), ap.Channel(36), ap.HTCaps(ap.HTCapHT40Plus), |
| ap.VHTCenterChannel(42), ap.VHTChWidth(ap.VHTChWidth80), |
| ap.PMF(ap.PMFRequired), |
| }, |
| SecConfFac: wpa.NewConfigFactory( |
| "chromeos", wpa.Mode(wpa.ModePureWPA3Ext), |
| wpa.Ciphers2(wpa.CipherCCMP), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA3, |
| expectedKeyMgmt: wpa.KeyMgmtSAEEXT, |
| }}, |
| ExtraRequirements: []string{"wifi-gen-0006-v01", "wifi-sec-0002-v01"}, |
| ExtraTestBedDeps: []string{"wifi_router_features:WIFI_ROUTER_FEATURE_SAE_EXT_KEY"}, |
| VariantCategory: `{"name": "WifiBtChipset_Soc_Kernel_SAE_EXT_KEY"}`, |
| }, { |
| // Verifies that DUT can connect to a protected 802.11ac network supporting for WPA. |
| Name: "wpavht80", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211acPure), ap.Channel(36), ap.HTCaps(ap.HTCapHT40Plus), |
| ap.VHTCenterChannel(42), ap.VHTChWidth(ap.VHTChWidth80)}, |
| SecConfFac: wpa.NewConfigFactory( |
| "chromeos", wpa.Mode(wpa.ModePureWPA), |
| wpa.Ciphers(wpa.CipherTKIP, wpa.CipherCCMP)), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA, |
| }}, |
| }, { |
| // Verifies that DUT can connect to a protected network whose WPA passphrase can be pure unicode, mixed unicode and ASCII, and all the punctuations. |
| Name: "wpaoddpassphrase", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: wpa.NewConfigFactory( |
| "\xe4\xb8\x80\xe4\xba\x8c\xe4\xb8\x89", wpa.Mode(wpa.ModePureWPA), |
| wpa.Ciphers(wpa.CipherTKIP), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: wpa.NewConfigFactory( |
| "\xe4\xb8\x80\xe4\xba\x8c\xe4\xb8\x89", wpa.Mode(wpa.ModePureWPA2), |
| wpa.Ciphers2(wpa.CipherCCMP), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA2, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: wpa.NewConfigFactory( |
| "abcdef\xc2\xa2", wpa.Mode(wpa.ModePureWPA), |
| wpa.Ciphers(wpa.CipherTKIP), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: wpa.NewConfigFactory( |
| "abcdef\xc2\xa2", wpa.Mode(wpa.ModePureWPA2), |
| wpa.Ciphers2(wpa.CipherCCMP), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA2, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: wpa.NewConfigFactory( |
| " !\"#$%&'()>*+,-./:;<=>?@[\\]^_{|}~", wpa.Mode(wpa.ModePureWPA), |
| wpa.Ciphers(wpa.CipherTKIP), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: wpa.NewConfigFactory( |
| " !\"#$%&'()>*+,-./:;<=>?@[\\]^_{|}~", wpa.Mode(wpa.ModePureWPA2), |
| wpa.Ciphers2(wpa.CipherCCMP), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA2, |
| }}, |
| }, { |
| // Verifies that DUT can connect to a hidden network supporting for WPA with TKIP, WPA with TKIP/AES, WPA2 with AES, and mixed WPA with TKIP/AES and WPA2 with AES. |
| Name: "wpahidden", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1), ap.Hidden()}, |
| SecConfFac: wpa.NewConfigFactory( |
| "chromeos", wpa.Mode(wpa.ModePureWPA), |
| wpa.Ciphers(wpa.CipherTKIP), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1), ap.Hidden()}, |
| SecConfFac: wpa.NewConfigFactory( |
| "chromeos", wpa.Mode(wpa.ModePureWPA), |
| wpa.Ciphers(wpa.CipherTKIP, wpa.CipherCCMP), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1), ap.Hidden()}, |
| SecConfFac: wpa.NewConfigFactory( |
| "chromeos", wpa.Mode(wpa.ModePureWPA2), |
| wpa.Ciphers2(wpa.CipherCCMP), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA2, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1), ap.Hidden()}, |
| SecConfFac: wpa.NewConfigFactory( |
| "chromeos", wpa.Mode(wpa.ModeMixed), |
| wpa.Ciphers(wpa.CipherTKIP, wpa.CipherCCMP), wpa.Ciphers2(wpa.CipherCCMP), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAWPA2, |
| }}, |
| }, { |
| // Verifies that DUT can connect to a WPA network using a raw PMK value instead of an ASCII passphrase. |
| Name: "raw_pmk", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: wpa.NewConfigFactory( |
| strings.Repeat("0123456789abcdef", 4), // length = 64. |
| wpa.Mode(wpa.ModePureWPA), |
| wpa.Ciphers(wpa.CipherTKIP)), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA, |
| }}, |
| }, { |
| // Verifies that DUT can connect to an open network on a DFS channel. |
| // DFS (dynamic frequency selection) channels are channels that may be unavailable if radar interference is detected. |
| // See: https://en.wikipedia.org/wiki/Dynamic_frequency_selection, https://en.wikipedia.org/wiki/List_of_WLAN_channels |
| Name: "dfs", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| ExtraAttr: []string{"wificell_cq"}, |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211nMixed), ap.Channel(120), ap.HTCaps(ap.HTCapHT40), ap.SpectrumManagement()}, |
| }}, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211nMixed), ap.Channel(136), ap.HTCaps(ap.HTCapHT40), ap.SpectrumManagement()}, |
| }}, |
| }}, |
| }, { |
| // Verifies that DUT can connect to a networks with the longest and shortest SSID. |
| Name: "ssid_limits", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| ExtraAttr: []string{"wificell_cq"}, |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: wifiutil.CommonAPOptions(ap.SSID("a")), |
| }}, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: wifiutil.CommonAPOptions(ap.SSID(strings.Repeat("MaxLengthSSID", 4)[:32])), |
| }}, |
| }}, |
| }, { |
| // This test case verifies that the DUT accepts ascii and non-ascii type characters as the SSID. |
| Name: "non_ascii_ssid", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| Val: []simpleConnectTestcase{{ |
| // TODO(crbug.com/1082582): shill don't allow leading 0x00 now, so let's append it in the |
| // end to keep the coverage. |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: wifiutil.CommonAPOptions(ap.SSID(byteSequenceStr(1, 31) + "\x00")), |
| }}, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: wifiutil.CommonAPOptions(ap.SSID(byteSequenceStr(32, 63))), |
| }}, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: wifiutil.CommonAPOptions(ap.SSID(byteSequenceStr(64, 95))), |
| }}, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: wifiutil.CommonAPOptions(ap.SSID(byteSequenceStr(96, 127))), |
| }}, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: wifiutil.CommonAPOptions(ap.SSID(byteSequenceStr(128, 159))), |
| }}, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: wifiutil.CommonAPOptions(ap.SSID(byteSequenceStr(160, 191))), |
| }}, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: wifiutil.CommonAPOptions(ap.SSID(byteSequenceStr(192, 223))), |
| }}, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: wifiutil.CommonAPOptions(ap.SSID(byteSequenceStr(224, 255))), |
| }}, |
| }, { |
| // Valid Unicode characters. |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: wifiutil.CommonAPOptions(ap.SSID("\xe4\xb8\xad\xe5\x9b\xbd")), |
| }}, |
| }, { |
| // Single extended ASCII character (a-grave). |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: wifiutil.CommonAPOptions(ap.SSID("\xe0")), |
| }}, |
| }, { |
| // Mix of ASCII and Unicode characters as SSID. |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: wifiutil.CommonAPOptions(ap.SSID("Chrome\xe7\xac\x94\xe8\xae\xb0\xe6\x9c\xac")), |
| }}, |
| }}, |
| // TODO(b/158150763): Skip Marvell WiFi as there's a known issue to make the test always fail. |
| ExtraHardwareDeps: hwdep.D(hwdep.WifiNotMarvell()), |
| }, { |
| // Verifies that DUT can connect to a protected network supporting for dynamic WEP encryption. |
| Name: "8021xwep", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: dynamicwep.NewConfigFactory( |
| eapCert1.CACred.Cert, eapCert1.ServerCred, |
| dynamicwep.ClientCACert(eapCert1.CACred.Cert), |
| dynamicwep.ClientCred(eapCert1.ClientCred), |
| dynamicwep.RekeyPeriod(10)), |
| }}, |
| pingOps: []ping.Option{ping.Count(15), ping.Interval(1)}, |
| expectedSecurity: shillconst.SecurityWEP, |
| }}, |
| // Skip on Marvell because of 8021xwep test failure post security fixes b/187853331, no plans to fix. |
| // Skip on trogdor and strongbad board because of 8021xwep test regression post Qualcomm FW746 b/194644867, |
| // Qualcomm looks at the security fixes in the FW. |
| // TODO(b/194644867): revisit after FW fix and verification. |
| ExtraHardwareDeps: hwdep.D(hwdep.WifiNotMarvell(), hwdep.SkipOnPlatform("trogdor", "strongbad", "trogdor-kernelnext"), hwdep.WifiWEP()), |
| ExtraRequirements: []string{"wifi-sec-0007-v01"}, |
| }, { |
| // Verifies that DUT can connect to a protected network supporting for WPA-EAP encryption. |
| Name: "8021xwpa", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: wpaeap.NewConfigFactory( |
| eapCert1.CACred.Cert, eapCert1.ServerCred, |
| wpaeap.ClientCACert(eapCert1.CACred.Cert), |
| wpaeap.ClientCred(eapCert1.ClientCred)), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }, { |
| // Failure due to lack of CACert on client. |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: wpaeap.NewConfigFactory( |
| eapCert1.CACred.Cert, eapCert1.ServerCred, |
| wpaeap.ClientCred(eapCert1.ClientCred)), |
| }}, |
| expectedFailure: true, |
| }, { |
| // Failure due to unmatched CACert. |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: wpaeap.NewConfigFactory( |
| eapCert1.CACred.Cert, eapCert1.ServerCred, |
| wpaeap.ClientCACert(eapCert2.CACred.Cert), |
| wpaeap.ClientCred(eapCert1.ClientCred)), |
| }}, |
| expectedFailure: true, |
| }, { |
| // Should succeed if we specify that we have no CACert. |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: wpaeap.NewConfigFactory( |
| eapCert1.CACred.Cert, eapCert1.ServerCred, |
| wpaeap.ClientCred(eapCert1.ClientCred), |
| wpaeap.NotUseSystemCAs()), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }, { |
| // Failure due to wrong certificate chain on client. |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: wpaeap.NewConfigFactory( |
| eapCert1.CACred.Cert, eapCert1.ServerCred, |
| wpaeap.ClientCACert(eapCert1.CACred.Cert), |
| wpaeap.ClientCred(eapCert2.ClientCred)), |
| }}, |
| expectedFailure: true, |
| }, { |
| // Failure due to expired cert on server. |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: wpaeap.NewConfigFactory( |
| eapCert1.CACred.Cert, eapCert1.ExpiredServerCred, |
| wpaeap.ClientCACert(eapCert1.CACred.Cert), |
| wpaeap.ClientCred(eapCert1.ClientCred)), |
| }}, |
| expectedFailure: true, |
| }}, |
| // TODO(b/189986748): Remove the skiplist once those flaky boards have reached AUE. |
| ExtraHardwareDeps: hwdep.D(hwdep.SkipOnPlatform("banjo", "candy", "gnawty", "kip", "ninja", "sumo", "swanky", "winky")), |
| ExtraRequirements: []string{"wifi-sec-0006-v01"}, |
| }, { |
| // Verifies that DUT can connect to an WPA3-Enterprise-transition AP |
| Name: "8021xwpa3mixed", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1), ap.PMF(ap.PMFOptional)}, |
| SecConfFac: wpaeap.NewConfigFactory( |
| eapCert1.CACred.Cert, eapCert1.ServerCred, |
| wpaeap.ClientCACert(eapCert1.CACred.Cert), |
| wpaeap.ClientCred(eapCert1.ClientCred), |
| wpaeap.Mode(wpa.ModeMixedWPA3), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA2WPA3Enterprise, |
| }}, |
| ExtraRequirements: []string{"wifi-sec-0003-v01"}, |
| }, { |
| // Verifies that DUT can connect to an WPA3-Enterprise-only AP |
| Name: "8021xwpa3", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1), ap.PMF(ap.PMFRequired)}, |
| SecConfFac: wpaeap.NewConfigFactory( |
| eapCert1.CACred.Cert, eapCert1.ServerCred, |
| wpaeap.ClientCACert(eapCert1.CACred.Cert), |
| wpaeap.ClientCred(eapCert1.ClientCred), |
| wpaeap.Mode(wpa.ModePureWPA3), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA3Enterprise, |
| }}, |
| ExtraRequirements: []string{"wifi-sec-0003-v01"}, |
| }, { |
| // Verifies that DUT CANNOT connect to a PEAP network with wrong settings. |
| // We do these tests for only one inner authentication protocol because we |
| // presume that supplicant reuses this code between inner authentication types. |
| Name: "8021xpeap_fail", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| Val: []simpleConnectTestcase{{ |
| // Failure due to bad password. |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert1.CACred.Cert, eapCert1.ServerCred, eapCert1.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypePEAP), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeMSCHAPV2), |
| tunneled1x.ClientPassword("wrongpassword"), |
| ), |
| }}, |
| expectedFailure: true, |
| }, { |
| // Failure due to wrong client CA. |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert1.CACred.Cert, eapCert1.ServerCred, eapCert2.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypePEAP), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeMSCHAPV2), |
| ), |
| }}, |
| expectedFailure: true, |
| }, { |
| // Failure due to expired server cred. |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert1.CACred.Cert, eapCert1.ExpiredServerCred, eapCert1.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypePEAP), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeMSCHAPV2), |
| ), |
| }}, |
| expectedFailure: true, |
| }, { |
| // Failure due to that a subject alternative name (SAN) is set but does not match any of the server certificate SANs. |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypePEAP), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeMSCHAPV2), |
| tunneled1x.AltSubjectMatch([]string{`{"Type":"DNS","Value":"wrong_dns.com"}`}), |
| ), |
| }}, |
| expectedFailure: true, |
| }, { |
| // Failure due the set domain suffix match that does not match any of the dNSName in the server certificate SANs. |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypePEAP), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeMSCHAPV2), |
| tunneled1x.DomainSuffixMatch([]string{"wrongdomain.com"}), |
| ), |
| }}, |
| expectedFailure: true, |
| }}, |
| }, { |
| // Verifies that DUT can connect to a protected network supporting for PEAP authentication with tunneled MSCHAPV2. |
| Name: "8021xpeap_mschapv2", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert1.CACred.Cert, eapCert1.ServerCred, eapCert1.CACred.Cert, "testuser", "password", |
| tunneled1x.Mode(wpa.ModePureWPA2), |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypePEAP), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeMSCHAPV2), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA2Enterprise, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypePEAP), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeMSCHAPV2), |
| tunneled1x.AltSubjectMatch([]string{eapCert3AltSub[0]}), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypePEAP), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeMSCHAPV2), |
| tunneled1x.AltSubjectMatch([]string{eapCert3AltSub[1]}), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypePEAP), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeMSCHAPV2), |
| tunneled1x.AltSubjectMatch([]string{eapCert3AltSub[2]}), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }, { |
| // Should success since having multiple entries in 'altsubject_match' is treated as OR, not AND. |
| // For more information about how wpa_supplicant uses altsubject_match field: |
| // https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypePEAP), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeMSCHAPV2), |
| tunneled1x.AltSubjectMatch([]string{`{"Type":"DNS","Value":"wrong_dns.com"}`, eapCert3AltSub[0]}), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypePEAP), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeMSCHAPV2), |
| tunneled1x.DomainSuffixMatch(eapCert3DomainSuffix), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }, { |
| // Should succeed since having multiple entries in 'domain_suffix_match' is treated as OR, not AND. |
| // For more information about how wpa_supplicant uses domain_suffix_match field: |
| // https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypePEAP), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeMSCHAPV2), |
| tunneled1x.DomainSuffixMatch([]string{"wrongdomain1.com", eapCert3DomainSuffix[0], "wrongdomain1.com"}), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }}, |
| }, { |
| // Verifies that DUT can connect to a protected network supporting for PEAP authentication with tunneled MD5. |
| Name: "8021xpeap_md5", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert1.CACred.Cert, eapCert1.ServerCred, eapCert1.CACred.Cert, "testuser", "password", |
| tunneled1x.Mode(wpa.ModePureWPA2), |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypePEAP), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeMD5), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA2Enterprise, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypePEAP), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeMD5), |
| tunneled1x.AltSubjectMatch([]string{eapCert3AltSub[0]}), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypePEAP), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeMD5), |
| tunneled1x.AltSubjectMatch([]string{eapCert3AltSub[1]}), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypePEAP), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeMD5), |
| tunneled1x.AltSubjectMatch([]string{eapCert3AltSub[2]}), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }, { |
| // Should success since having multiple entries in 'altsubject_match' is treated as OR, not AND. |
| // For more information about how wpa_supplicant uses altsubject_match field: |
| // https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypePEAP), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeMD5), |
| tunneled1x.AltSubjectMatch([]string{`{"Type":"DNS","Value":"wrong_dns.com"}`, eapCert3AltSub[0]}), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypePEAP), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeMD5), |
| tunneled1x.DomainSuffixMatch(eapCert3DomainSuffix), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }, { |
| // Should succeed since having multiple entries in 'domain_suffix_match' is treated as OR, not AND. |
| // For more information about how wpa_supplicant uses domain_suffix_match field: |
| // https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypePEAP), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeMD5), |
| tunneled1x.DomainSuffixMatch([]string{"wrongdomain1.com", eapCert3DomainSuffix[0], "wrongdomain1.com"}), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }}, |
| }, { |
| // Verifies that DUT can connect to a protected network supporting for PEAP authentication with tunneled GTC. |
| Name: "8021xpeap_gtc", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert1.CACred.Cert, eapCert1.ServerCred, eapCert1.CACred.Cert, "testuser", "password", |
| tunneled1x.Mode(wpa.ModePureWPA2), |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypePEAP), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeGTC), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA2Enterprise, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypePEAP), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeGTC), |
| tunneled1x.AltSubjectMatch([]string{eapCert3AltSub[0]}), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypePEAP), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeGTC), |
| tunneled1x.AltSubjectMatch([]string{eapCert3AltSub[1]}), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypePEAP), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeGTC), |
| tunneled1x.AltSubjectMatch([]string{eapCert3AltSub[2]}), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }, { |
| // Should success since having multiple entries in 'altsubject_match' is treated as OR, not AND. |
| // For more information about how wpa_supplicant uses altsubject_match field: |
| // https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypePEAP), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeGTC), |
| tunneled1x.AltSubjectMatch([]string{`{"Type":"DNS","Value":"wrong_dns.com"}`, eapCert3AltSub[0]}), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypePEAP), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeGTC), |
| tunneled1x.DomainSuffixMatch(eapCert3DomainSuffix), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }, { |
| // Should succeed since having multiple entries in 'domain_suffix_match' is treated as OR, not AND. |
| // For more information about how wpa_supplicant uses domain_suffix_match field: |
| // https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypePEAP), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeGTC), |
| tunneled1x.DomainSuffixMatch([]string{"wrongdomain1.com", eapCert3DomainSuffix[0], "wrongdomain1.com"}), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }}, |
| }, { |
| // Verifies that DUT CANNOT connect to a TTLS network with wrong settings. |
| // We do these tests for only one inner authentication protocol because we |
| // presume that supplicant reuses this code between inner authentication types. |
| Name: "8021xttls_fail", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| Val: []simpleConnectTestcase{{ |
| // Failure due to bad password. |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert1.CACred.Cert, eapCert1.ServerCred, eapCert1.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypeTTLS), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeMD5), |
| tunneled1x.ClientPassword("wrongpassword"), |
| ), |
| }}, |
| expectedFailure: true, |
| }, { |
| // Failure due to wrong client CA. |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert1.CACred.Cert, eapCert1.ServerCred, eapCert2.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypeTTLS), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeMD5), |
| ), |
| }}, |
| expectedFailure: true, |
| }, { |
| // Failure due to expired server cred. |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert1.CACred.Cert, eapCert1.ExpiredServerCred, eapCert1.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypeTTLS), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeMD5), |
| ), |
| }}, |
| expectedFailure: true, |
| }, { |
| // Failure due to that a subject alternative name (SAN) is set but does not match any of the server certificate SANs. |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypeTTLS), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeMD5), |
| tunneled1x.AltSubjectMatch([]string{`{"Type":"DNS","Value":"wrong_dns.com"}`}), |
| ), |
| }}, |
| expectedFailure: true, |
| }, { |
| // Failure due the set domain suffix match that does not match any of the dNSName in the server certificate SANs. |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypeTTLS), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeMD5), |
| tunneled1x.DomainSuffixMatch([]string{"wrongdomain.com"}), |
| ), |
| }}, |
| expectedFailure: true, |
| }}, |
| }, { |
| // Verifies that DUT can connect to a protected network supporting for TTLS authentication with tunneled MSCHAPV2. |
| Name: "8021xttls_mschapv2", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert1.CACred.Cert, eapCert1.ServerCred, eapCert1.CACred.Cert, "testuser", "password", |
| tunneled1x.Mode(wpa.ModePureWPA2), |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypeTTLS), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeMSCHAPV2), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA2Enterprise, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypeTTLS), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeMSCHAPV2), |
| tunneled1x.AltSubjectMatch([]string{eapCert3AltSub[0]}), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypeTTLS), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeMSCHAPV2), |
| tunneled1x.AltSubjectMatch([]string{eapCert3AltSub[1]}), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypeTTLS), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeMSCHAPV2), |
| tunneled1x.AltSubjectMatch([]string{eapCert3AltSub[2]}), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }, { |
| // Should success since having multiple entries in 'altsubject_match' is treated as OR, not AND. |
| // For more information about how wpa_supplicant uses altsubject_match field: |
| // https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypeTTLS), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeMSCHAPV2), |
| tunneled1x.AltSubjectMatch([]string{`{"Type":"DNS","Value":"wrong_dns.com"}`, eapCert3AltSub[0]}), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypeTTLS), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeMSCHAPV2), |
| tunneled1x.DomainSuffixMatch(eapCert3DomainSuffix), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }, { |
| // Should succeed since having multiple entries in 'domain_suffix_match' is treated as OR, not AND. |
| // For more information about how wpa_supplicant uses domain_suffix_match field: |
| // https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypeTTLS), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeMSCHAPV2), |
| tunneled1x.DomainSuffixMatch([]string{"wrongdomain1.com", eapCert3DomainSuffix[0], "wrongdomain1.com"}), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }}, |
| }, { |
| // Verifies that DUT can connect to a protected network supporting for TTLS authentication with tunneled MD5. |
| Name: "8021xttls_md5", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert1.CACred.Cert, eapCert1.ServerCred, eapCert1.CACred.Cert, "testuser", "password", |
| tunneled1x.Mode(wpa.ModePureWPA2), |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypeTTLS), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeMD5), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA2Enterprise, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypeTTLS), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeMD5), |
| tunneled1x.AltSubjectMatch([]string{eapCert3AltSub[0]}), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypeTTLS), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeMD5), |
| tunneled1x.AltSubjectMatch([]string{eapCert3AltSub[1]}), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypeTTLS), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeMD5), |
| tunneled1x.AltSubjectMatch([]string{eapCert3AltSub[2]}), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }, { |
| // Should success since having multiple entries in 'altsubject_match' is treated as OR, not AND. |
| // For more information about how wpa_supplicant uses altsubject_match field: |
| // https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypeTTLS), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeMD5), |
| tunneled1x.AltSubjectMatch([]string{`{"Type":"DNS","Value":"wrong_dns.com"}`, eapCert3AltSub[0]}), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypeTTLS), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeMD5), |
| tunneled1x.DomainSuffixMatch(eapCert3DomainSuffix), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }, { |
| // Should succeed since having multiple entries in 'domain_suffix_match' is treated as OR, not AND. |
| // For more information about how wpa_supplicant uses domain_suffix_match field: |
| // https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypeTTLS), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeMD5), |
| tunneled1x.DomainSuffixMatch([]string{"wrongdomain1.com", eapCert3DomainSuffix[0], "wrongdomain1.com"}), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }}, |
| }, { |
| // Verifies that DUT can connect to a protected network supporting for TTLS authentication with tunneled GTC. |
| Name: "8021xttls_gtc", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert1.CACred.Cert, eapCert1.ServerCred, eapCert1.CACred.Cert, "testuser", "password", |
| tunneled1x.Mode(wpa.ModePureWPA2), |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypeTTLS), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeGTC), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA2Enterprise, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypeTTLS), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeGTC), |
| tunneled1x.AltSubjectMatch([]string{eapCert3AltSub[0]}), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypeTTLS), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeGTC), |
| tunneled1x.AltSubjectMatch([]string{eapCert3AltSub[1]}), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypeTTLS), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeGTC), |
| tunneled1x.AltSubjectMatch([]string{eapCert3AltSub[2]}), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }, { |
| // Should success since having multiple entries in 'altsubject_match' is treated as OR, not AND. |
| // For more information about how wpa_supplicant uses altsubject_match field: |
| // https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypeTTLS), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeGTC), |
| tunneled1x.AltSubjectMatch([]string{`{"Type":"DNS","Value":"wrong_dns.com"}`, eapCert3AltSub[0]}), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypeTTLS), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeGTC), |
| tunneled1x.DomainSuffixMatch(eapCert3DomainSuffix), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }, { |
| // Should succeed since having multiple entries in 'domain_suffix_match' is treated as OR, not AND. |
| // For more information about how wpa_supplicant uses domain_suffix_match field: |
| // https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypeTTLS), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeGTC), |
| tunneled1x.DomainSuffixMatch([]string{"wrongdomain1.com", eapCert3DomainSuffix[0], "wrongdomain1.com"}), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }}, |
| }, { |
| // Verifies that DUT can connect to a protected network supporting for TTLS authentication with tunneled TTLSMSCHAPV2. |
| Name: "8021xttls_ttlsmschapv2", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert1.CACred.Cert, eapCert1.ServerCred, eapCert1.CACred.Cert, "testuser", "password", |
| tunneled1x.Mode(wpa.ModePureWPA2), |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypeTTLS), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeTTLSMSCHAPV2), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA2Enterprise, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypeTTLS), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeTTLSMSCHAPV2), |
| tunneled1x.AltSubjectMatch([]string{eapCert3AltSub[0]}), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypeTTLS), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeTTLSMSCHAPV2), |
| tunneled1x.AltSubjectMatch([]string{eapCert3AltSub[1]}), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypeTTLS), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeTTLSMSCHAPV2), |
| tunneled1x.AltSubjectMatch([]string{eapCert3AltSub[2]}), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }, { |
| // Should success since having multiple entries in 'altsubject_match' is treated as OR, not AND. |
| // For more information about how wpa_supplicant uses altsubject_match field: |
| // https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypeTTLS), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeTTLSMSCHAPV2), |
| tunneled1x.AltSubjectMatch([]string{`{"Type":"DNS","Value":"wrong_dns.com"}`, eapCert3AltSub[0]}), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypeTTLS), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeTTLSMSCHAPV2), |
| tunneled1x.DomainSuffixMatch(eapCert3DomainSuffix), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }, { |
| // Should succeed since having multiple entries in 'domain_suffix_match' is treated as OR, not AND. |
| // For more information about how wpa_supplicant uses domain_suffix_match field: |
| // https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypeTTLS), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeTTLSMSCHAPV2), |
| tunneled1x.DomainSuffixMatch([]string{"wrongdomain1.com", eapCert3DomainSuffix[0], "wrongdomain1.com"}), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }}, |
| }, { |
| // Verifies that DUT can connect to a protected network supporting for TTLS authentication with tunneled TTLSMSCHAP. |
| Name: "8021xttls_ttlsmschap", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert1.CACred.Cert, eapCert1.ServerCred, eapCert1.CACred.Cert, "testuser", "password", |
| tunneled1x.Mode(wpa.ModePureWPA2), |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypeTTLS), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeTTLSMSCHAP), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA2Enterprise, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypeTTLS), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeTTLSMSCHAP), |
| tunneled1x.AltSubjectMatch([]string{eapCert3AltSub[0]}), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypeTTLS), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeTTLSMSCHAP), |
| tunneled1x.AltSubjectMatch([]string{eapCert3AltSub[1]}), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypeTTLS), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeTTLSMSCHAP), |
| tunneled1x.AltSubjectMatch([]string{eapCert3AltSub[2]}), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }, { |
| // Should success since having multiple entries in 'altsubject_match' is treated as OR, not AND. |
| // For more information about how wpa_supplicant uses altsubject_match field: |
| // https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypeTTLS), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeTTLSMSCHAP), |
| tunneled1x.AltSubjectMatch([]string{`{"Type":"DNS","Value":"wrong_dns.com"}`, eapCert3AltSub[0]}), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypeTTLS), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeTTLSMSCHAP), |
| tunneled1x.DomainSuffixMatch(eapCert3DomainSuffix), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }, { |
| // Should succeed since having multiple entries in 'domain_suffix_match' is treated as OR, not AND. |
| // For more information about how wpa_supplicant uses domain_suffix_match field: |
| // https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypeTTLS), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeTTLSMSCHAP), |
| tunneled1x.DomainSuffixMatch([]string{"wrongdomain1.com", eapCert3DomainSuffix[0], "wrongdomain1.com"}), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }}, |
| }, { |
| // Verifies that DUT can connect to a protected network supporting for TTLS authentication with tunneled TTLSPAP. |
| Name: "8021xttls_ttlspap", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesCapture), |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert1.CACred.Cert, eapCert1.ServerCred, eapCert1.CACred.Cert, "testuser", "password", |
| tunneled1x.Mode(wpa.ModePureWPA2), |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypeTTLS), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeTTLSPAP), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPA2Enterprise, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypeTTLS), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeTTLSPAP), |
| tunneled1x.AltSubjectMatch([]string{eapCert3AltSub[0]}), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypeTTLS), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeTTLSPAP), |
| tunneled1x.AltSubjectMatch([]string{eapCert3AltSub[1]}), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypeTTLS), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeTTLSPAP), |
| tunneled1x.AltSubjectMatch([]string{eapCert3AltSub[2]}), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }, { |
| // Should success since having multiple entries in 'altsubject_match' is treated as OR, not AND. |
| // For more information about how wpa_supplicant uses altsubject_match field: |
| // https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypeTTLS), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeTTLSPAP), |
| tunneled1x.AltSubjectMatch([]string{`{"Type":"DNS","Value":"wrong_dns.com"}`, eapCert3AltSub[0]}), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }, { |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypeTTLS), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeTTLSPAP), |
| tunneled1x.DomainSuffixMatch(eapCert3DomainSuffix), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }, { |
| // Should succeed since having multiple entries in 'domain_suffix_match' is treated as OR, not AND. |
| // For more information about how wpa_supplicant uses domain_suffix_match field: |
| // https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211g), ap.Channel(1)}, |
| SecConfFac: tunneled1x.NewConfigFactory( |
| eapCert3.CACred.Cert, eapCert3.ServerCred, eapCert3.CACred.Cert, "testuser", "password", |
| tunneled1x.OuterProtocol(tunneled1x.Layer1TypeTTLS), |
| tunneled1x.InnerProtocol(tunneled1x.Layer2TypeTTLSPAP), |
| tunneled1x.DomainSuffixMatch([]string{"wrongdomain1.com", eapCert3DomainSuffix[0], "wrongdomain1.com"}), |
| ), |
| }}, |
| expectedSecurity: shillconst.SecurityWPAEnterprise, |
| }}, |
| }, { |
| // Verifies that DUT can connect to an open 802.11n network on 5 GHz channel and records power measurements. |
| Name: "powern", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesPower), |
| ExtraAttr: []string{"wificell_unstable"}, |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211nPure), ap.Channel(48), ap.HTCaps(ap.HTCapHT20)}, |
| }}, |
| pingOps: []ping.Option{ping.Count(100), ping.Interval(1)}, |
| }}, |
| }, { |
| // Verifies that DUT can connect to an open 802.11ac network on channel 40 with a channel width of 20MHz and records power measurements. |
| Name: "powerac", |
| Fixture: wificell.FixtureID(wificell.TFFeaturesPower), |
| ExtraAttr: []string{"wificell_unstable"}, |
| Val: []simpleConnectTestcase{{ |
| apConfigs: []ap.ApConfig{{ |
| ApOpts: []ap.Option{ap.Mode(ap.Mode80211acPure), ap.Channel(40), ap.HTCaps(ap.HTCapHT20), ap.VHTChWidth(ap.VHTChWidth20Or40)}, |
| }}, |
| pingOps: []ping.Option{ping.Count(100), ping.Interval(1)}, |
| }}, |
| }, |
| }, |
| }) |
| } |
| |
| func SimpleConnect(ctx context.Context, s *testing.State) { |
| tf := s.FixtValue().(*wificell.TestFixture) |
| |
| pv := perf.NewValues() |
| defer func() { |
| if err := pv.Save(s.OutDir()); err != nil { |
| s.Log("Failed to save perf data, err: ", err) |
| } |
| }() |
| runner := wpacli.NewRunner(&cmd.RemoteCmdRunner{Host: s.DUT().Conn()}) |
| testOnce := func(ctx context.Context, s *testing.State, apConfigs []ap.ApConfig, pingOps []ping.Option, expectedFailure bool, expectedSecurity, expectedKeyMgmt string) { |
| apIface, err := tf.ConfigureMultiAP(ctx, wificell.DefaultRouter, apConfigs) |
| if err != nil { |
| s.Fatal("Failed to configure ap, err: ", err) |
| } |
| |
| defer func(ctx context.Context) { |
| if err := tf.DeconfigAP(ctx, apIface); err != nil { |
| s.Error("Failed to deconfig ap, err: ", err) |
| } |
| }(ctx) |
| ctx, cancel := tf.ReserveForDeconfigAP(ctx, apIface) |
| defer cancel() |
| s.Log("AP setup done") |
| |
| // For 6GHz tests, initialize the DUT regdomain to US so that the DUT is |
| // able to actively scan the 6GHz band. |
| if apIface.Config().Is6GHz { |
| initialRegDomain, err := tf.InitializeRegdomainUS(ctx) |
| if err != nil { |
| s.Fatal("Failed to initialize the regulatory domain: ", err) |
| } |
| defer func(ctx context.Context) { |
| if err := tf.ResetRegdomain(ctx, initialRegDomain); err != nil { |
| s.Error("Failed to reset the regulatory domain: ", err) |
| } |
| }(ctx) |
| ctx, cancel = ctxutil.Shorten(ctx, 500*time.Millisecond) |
| defer cancel() |
| } |
| |
| // Some tests may fail as expected at following ConnectWifiAP(). In that case entries should still be deleted properly. |
| defer func(ctx context.Context) { |
| req := &wifi.DeleteEntriesForSSIDRequest{Ssid: []byte(apIface.Config().SSID)} |
| if _, err := tf.WifiClient().DeleteEntriesForSSID(ctx, req); err != nil { |
| s.Errorf("Failed to remove entries for ssid=%s, err: %v", apIface.Config().SSID, err) |
| } |
| }(ctx) |
| |
| resp, err := tf.ConnectWifiAP(ctx, apIface) |
| if err != nil { |
| if expectedFailure { |
| s.Log("Failed to connect to WiFi as expected") |
| // If we expect to fail, then this test is already done. |
| return |
| } |
| s.Fatal("Failed to connect to WiFi, err: ", err) |
| } |
| defer func(ctx context.Context) { |
| if err := tf.CleanDisconnectWifi(ctx); err != nil { |
| s.Error("Failed to disconnect WiFi, err: ", err) |
| } |
| }(ctx) |
| ctx, cancel = tf.ReserveForDisconnect(ctx) |
| defer cancel() |
| if expectedFailure { |
| s.Fatal("Expected to fail to connect to WiFi, but it was successful") |
| } |
| s.Log("Connected") |
| |
| desc := apIface.Config().PerfDesc() |
| |
| pv.Set(perf.Metric{ |
| Name: desc, |
| Variant: "Discovery", |
| Unit: "seconds", |
| Direction: perf.SmallerIsBetter, |
| }, float64(resp.DiscoveryTime)/1e9) |
| pv.Set(perf.Metric{ |
| Name: desc, |
| Variant: "Association", |
| Unit: "seconds", |
| Direction: perf.SmallerIsBetter, |
| }, float64(resp.AssociationTime)/1e9) |
| pv.Set(perf.Metric{ |
| Name: desc, |
| Variant: "Configuration", |
| Unit: "seconds", |
| Direction: perf.SmallerIsBetter, |
| }, float64(resp.ConfigurationTime)/1e9) |
| ping := func(ctx context.Context) error { |
| return tf.PingFromDUT(ctx, apIface.ServerIP().String(), pingOps...) |
| } |
| |
| if err := tf.AssertNoDisconnect(ctx, wificell.DefaultDUT, ping); err != nil { |
| s.Fatal("Failed to ping from DUT, err: ", err) |
| } |
| |
| s.Log("Checking the status of the SSID in the DUT") |
| serInfo, err := tf.WifiClient().QueryService(ctx) |
| if err != nil { |
| s.Fatal("Failed to get the WiFi service information from DUT, err: ", err) |
| } |
| |
| if serInfo.Wifi.HiddenSsid != apIface.Config().Hidden { |
| s.Fatalf("Unexpected hidden SSID status: got %t, want %t ", serInfo.Wifi.HiddenSsid, apIface.Config().Hidden) |
| } |
| |
| if expectedSecurity == "" { |
| expectedSecurity = shillconst.SecurityNone |
| } |
| if expectedSecurity != serInfo.Wifi.Security { |
| s.Fatalf("Wrong security of the service: got %s, want %s ", serInfo.Wifi.Security, expectedSecurity) |
| } |
| keyMgmt, err := runner.KeyMgmt(ctx) |
| if err != nil { |
| s.Fatal("Unable to get KeyMgmt from WiFi interface") |
| } |
| if len(expectedKeyMgmt) > 0 && expectedKeyMgmt != keyMgmt { |
| s.Fatalf("Wrong KeyMgmt of the service: got %s, want %s ", keyMgmt, expectedKeyMgmt) |
| } |
| |
| // TODO(crbug.com/1034875): Assert no deauth detected from the server side. |
| // TODO(crbug.com/1034875): Maybe some more check on the WiFi capabilities to |
| // verify we really have the settings as expected. (ref: crrev.com/c/1995105) |
| s.Log("Deconfiguring") |
| } |
| |
| testcases := s.Param().([]simpleConnectTestcase) |
| for i, tc := range testcases { |
| subtest := func(ctx context.Context, s *testing.State) { |
| if tc.useSameSSID && tc.apConfigs != nil { |
| ssid := ap.RandomSSID("TAST_TEST_REUSE_") |
| for idx := range tc.apConfigs { |
| s.Logf("Overriding SSID set by user or randomly generated: use SSID=%s for hostapd conf at index=%d", ssid, idx) |
| tc.apConfigs[idx].ApOpts = append(tc.apConfigs[idx].ApOpts, ap.SSID(ssid)) |
| } |
| } |
| |
| testOnce(ctx, s, tc.apConfigs, tc.pingOps, tc.expectedFailure, tc.expectedSecurity, tc.expectedKeyMgmt) |
| } |
| if !s.Run(ctx, fmt.Sprintf("Testcase #%d", i), subtest) { |
| // Stop if any sub-test failed. |
| return |
| } |
| } |
| s.Log("Tearing down") |
| } |
| |
| // WEP keys for WEP tests. |
| |
| func wep40Keys() []string { |
| return []string{"abcde", "fedcba9876", "ab\xe4\xb8\x89", "\xe4\xb8\x89\xc2\xa2"} |
| } |
| |
| func wep104Keys() []string { |
| return []string{ |
| "0123456789abcdef0123456789", "mlk:ihgfedcba", |
| "d\xe4\xb8\x80\xe4\xba\x8c\xe4\xb8\x89\xe5\x9b\x9b", |
| "\xe4\xb8\x80\xe4\xba\x8c\xe4\xb8\x89\xc2\xa2\xc2\xa3", |
| } |
| } |
| |
| func wep40KeysHidden() []string { |
| return []string{"0123456789", "89abcdef01", "9876543210", "fedcba9876"} |
| } |
| |
| func wep104KeysHidden() []string { |
| return []string{ |
| "0123456789abcdef0123456789", "89abcdef0123456789abcdef01", |
| "fedcba9876543210fedcba9876", "109fedcba987654321fedcba98", |
| } |
| } |
| |
| // byteSequenceStr generates a string from the slice of bytes in [start, end]. |
| // Both start and end are included in the result string. |
| // If start > end, empty string will be returned. |
| func byteSequenceStr(start, end byte) string { |
| var ret []byte |
| if start > end { |
| return "" |
| } |
| for i := start; i < end; i++ { |
| ret = append(ret, i) |
| } |
| ret = append(ret, end) |
| return string(ret) |
| } |
