mirror of
https://git.kernel.org/pub/scm/network/wireless/iwd.git
synced 2024-11-22 14:39:39 +01:00
auto-t: add test for encrypted profiles
This commit is contained in:
parent
1157e0a184
commit
73e428cf3f
154
autotests/testEncryptedProfiles/connection_test.py
Normal file
154
autotests/testEncryptedProfiles/connection_test.py
Normal file
@ -0,0 +1,154 @@
|
||||
#!/usr/bin/python3
|
||||
|
||||
import unittest
|
||||
import sys
|
||||
|
||||
sys.path.append('../util')
|
||||
import iwd
|
||||
import os
|
||||
from iwd import IWD
|
||||
from iwd import NetworkType
|
||||
from iwd import PSKAgent
|
||||
|
||||
class Test(unittest.TestCase):
|
||||
def profile_is_encrypted(self, profile):
|
||||
with open('/tmp/iwd/' + profile) as f:
|
||||
contents = f.read()
|
||||
|
||||
if 'Passphrase' in contents:
|
||||
return False
|
||||
|
||||
return True
|
||||
|
||||
def validate(self, wd):
|
||||
devices = wd.list_devices(1)
|
||||
device = devices[0]
|
||||
|
||||
ordered_network = device.get_ordered_network('ssidCCMP')
|
||||
|
||||
self.assertEqual(ordered_network.type, NetworkType.psk)
|
||||
|
||||
condition = 'not obj.connected'
|
||||
wd.wait_for_object_condition(ordered_network.network_object, condition)
|
||||
|
||||
ordered_network.network_object.connect()
|
||||
|
||||
condition = 'obj.state == DeviceState.connected'
|
||||
wd.wait_for_object_condition(device, condition)
|
||||
|
||||
device.disconnect()
|
||||
|
||||
condition = 'not obj.connected'
|
||||
wd.wait_for_object_condition(ordered_network.network_object, condition)
|
||||
|
||||
# Tests that an existing plaintext profile gets encrypted
|
||||
def test_new_profile(self):
|
||||
IWD.copy_to_storage('ssidCCMP.psk')
|
||||
|
||||
mtime = os.path.getmtime('/tmp/iwd/' + 'ssidCCMP.psk')
|
||||
self.assertFalse(self.profile_is_encrypted('ssidCCMP.psk'))
|
||||
|
||||
wd = IWD(True)
|
||||
|
||||
# Make sure profile was accepted
|
||||
condition = 'len(obj.list_known_networks()) == 1'
|
||||
wd.wait_for_object_condition(wd, condition)
|
||||
|
||||
# Check the file was modified (should be encrypted now)
|
||||
self.assertNotEqual(mtime, os.path.getmtime('/tmp/iwd/' + 'ssidCCMP.psk'))
|
||||
|
||||
self.validate(wd)
|
||||
|
||||
self.assertTrue(self.profile_is_encrypted('ssidCCMP.psk'))
|
||||
|
||||
# Tests that a new connection with agent gets written to an encrypted profile
|
||||
def test_agent_profile(self):
|
||||
wd = IWD(True)
|
||||
|
||||
psk_agent = PSKAgent("secret123")
|
||||
wd.register_psk_agent(psk_agent)
|
||||
|
||||
with self.assertRaises(FileNotFoundError):
|
||||
self.profile_is_encrypted('ssidCCMP.psk')
|
||||
|
||||
self.validate(wd)
|
||||
|
||||
self.assertTrue(self.profile_is_encrypted('ssidCCMP.psk'))
|
||||
|
||||
wd.unregister_psk_agent(psk_agent)
|
||||
|
||||
# Tests that an invalid profile gets re-written after an agent request
|
||||
def test_invalid_profile_rewritten(self):
|
||||
bad_config = '[Security]\nPassphrase=incorrect\n'
|
||||
os.system('echo "%s" > /tmp/iwd/ssidCCMP.psk' % bad_config)
|
||||
|
||||
wd = IWD(True)
|
||||
|
||||
condition = 'len(obj.list_known_networks()) == 1'
|
||||
wd.wait_for_object_condition(wd, condition)
|
||||
|
||||
# IWD should still encrypt the profile automatically
|
||||
self.assertTrue(self.profile_is_encrypted('ssidCCMP.psk'))
|
||||
|
||||
# This should fail
|
||||
with self.assertRaises(iwd.FailedEx):
|
||||
self.validate(wd)
|
||||
|
||||
psk_agent = PSKAgent("secret123")
|
||||
wd.register_psk_agent(psk_agent)
|
||||
|
||||
self.validate(wd)
|
||||
|
||||
self.assertTrue(self.profile_is_encrypted('ssidCCMP.psk'))
|
||||
|
||||
# Tests that a profile that doesn't decrypt wont become a known network
|
||||
def test_decryption_failure(self):
|
||||
bad_config = \
|
||||
'''
|
||||
[Security]
|
||||
EncryptedSalt=000102030405060708090a0b0c0d0e0f
|
||||
EncryptedSecurity=aabbccddeeff00112233445566778899
|
||||
'''
|
||||
os.system('echo "%s" > /tmp/iwd/ssidCCMP.psk' % bad_config)
|
||||
|
||||
wd = IWD(True)
|
||||
|
||||
self.assertEqual(wd.list_known_networks(), [])
|
||||
|
||||
def test_runtime_profile(self):
|
||||
wd = IWD(True)
|
||||
|
||||
self.assertEqual(wd.list_known_networks(), [])
|
||||
|
||||
# Add profile after IWD starts
|
||||
IWD.copy_to_storage('ssidCCMP.psk')
|
||||
|
||||
self.validate(wd)
|
||||
|
||||
# Should now be encrypted
|
||||
self.assertTrue(self.profile_is_encrypted('ssidCCMP.psk'))
|
||||
|
||||
with open('/tmp/iwd/ssidCCMP.psk') as f:
|
||||
profile = f.read()
|
||||
|
||||
# Edit the profile, corrupting it
|
||||
profile.replace('EncryptedSecurity=', 'EncryptedSecurity=00')
|
||||
|
||||
devices = wd.list_devices(1)
|
||||
device = devices[0]
|
||||
condition = 'obj.state == DeviceState.disconnected'
|
||||
wd.wait_for_object_condition(device, condition)
|
||||
|
||||
def tearDown(self):
|
||||
IWD.clear_storage()
|
||||
|
||||
@classmethod
|
||||
def setUpClass(cls):
|
||||
os.environ['CREDENTIALS_DIRECTORY'] = '/tmp'
|
||||
|
||||
@classmethod
|
||||
def tearDownClass(cls):
|
||||
IWD.clear_storage()
|
||||
|
||||
if __name__ == '__main__':
|
||||
unittest.main(exit=True)
|
6
autotests/testEncryptedProfiles/hw.conf
Normal file
6
autotests/testEncryptedProfiles/hw.conf
Normal file
@ -0,0 +1,6 @@
|
||||
[SETUP]
|
||||
num_radios=2
|
||||
start_iwd=0
|
||||
|
||||
[HOSTAPD]
|
||||
rad0=ssidCCMP.conf
|
1
autotests/testEncryptedProfiles/iwd-secret
Normal file
1
autotests/testEncryptedProfiles/iwd-secret
Normal file
@ -0,0 +1 @@
|
||||
secret123
|
2
autotests/testEncryptedProfiles/main.conf
Normal file
2
autotests/testEncryptedProfiles/main.conf
Normal file
@ -0,0 +1,2 @@
|
||||
[General]
|
||||
SystemdEncrypt=iwd-secret
|
10
autotests/testEncryptedProfiles/ssidCCMP.conf
Normal file
10
autotests/testEncryptedProfiles/ssidCCMP.conf
Normal file
@ -0,0 +1,10 @@
|
||||
hw_mode=g
|
||||
channel=1
|
||||
ssid=ssidCCMP
|
||||
|
||||
wpa=2
|
||||
wpa_pairwise=CCMP
|
||||
wpa_passphrase=secret123
|
||||
|
||||
ieee80211w=2
|
||||
wpa_key_mgmt=WPA-PSK-SHA256
|
2
autotests/testEncryptedProfiles/ssidCCMP.psk
Normal file
2
autotests/testEncryptedProfiles/ssidCCMP.psk
Normal file
@ -0,0 +1,2 @@
|
||||
[Security]
|
||||
Passphrase=secret123
|
Loading…
Reference in New Issue
Block a user