tests: sigma_dut controlled STA and beacon protection

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2020-03-26 11:52:47 +02:00 committed by Jouni Malinen
parent 431e5d5819
commit 14ee49c24b
2 changed files with 85 additions and 49 deletions

View file

@ -927,58 +927,11 @@ def mac80211_read_key(keydir):
pass pass
return vals return vals
def test_ap_pmf_beacon_protection_bip(dev, apdev): def check_mac80211_bigtk(dev, hapd):
"""WPA2-PSK Beacon protection (BIP)"""
"""WPA2-PSK AP with PMF required and Beacon protection enabled (BIP)"""
run_ap_pmf_beacon_protection(dev, apdev, "AES-128-CMAC")
def test_ap_pmf_beacon_protection_bip_cmac_256(dev, apdev):
"""WPA2-PSK Beacon protection (BIP-CMAC-256)"""
run_ap_pmf_beacon_protection(dev, apdev, "BIP-CMAC-256")
def test_ap_pmf_beacon_protection_bip_gmac_128(dev, apdev):
"""WPA2-PSK Beacon protection (BIP-GMAC-128)"""
run_ap_pmf_beacon_protection(dev, apdev, "BIP-GMAC-128")
def test_ap_pmf_beacon_protection_bip_gmac_256(dev, apdev):
"""WPA2-PSK Beacon protection (BIP-GMAC-256)"""
run_ap_pmf_beacon_protection(dev, apdev, "BIP-GMAC-256")
def run_ap_pmf_beacon_protection(dev, apdev, cipher):
ssid = "test-beacon-prot"
params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
params["ieee80211w"] = "2"
params["beacon_prot"] = "1"
params["group_mgmt_cipher"] = cipher
try:
hapd = hostapd.add_ap(apdev[0], params)
except Exception as e:
if "Failed to enable hostapd interface" in str(e):
raise HwsimSkip("Beacon protection not supported")
raise
bssid = hapd.own_addr()
Wlantest.setup(hapd)
wt = Wlantest()
wt.flush()
wt.add_passphrase("12345678")
# STA with Beacon protection enabled
dev[0].connect(ssid, psk="12345678", ieee80211w="2", beacon_prot="1",
key_mgmt="WPA-PSK-SHA256", proto="WPA2", scan_freq="2412")
# STA with Beacon protection disabled
dev[1].connect(ssid, psk="12345678", ieee80211w="2",
key_mgmt="WPA-PSK-SHA256", proto="WPA2", scan_freq="2412")
time.sleep(1)
sta_key = None sta_key = None
ap_key = None ap_key = None
phy = dev[0].get_driver_status_field("phyname") phy = dev.get_driver_status_field("phyname")
keys = "/sys/kernel/debug/ieee80211/%s/keys" % phy keys = "/sys/kernel/debug/ieee80211/%s/keys" % phy
try: try:
for key in os.listdir(keys): for key in os.listdir(keys):
@ -1034,6 +987,55 @@ def run_ap_pmf_beacon_protection(dev, apdev, cipher):
if tx_spec < 3: if tx_spec < 3:
raise Exception("AP did not update BIGTK BIPN sufficiently") raise Exception("AP did not update BIGTK BIPN sufficiently")
def test_ap_pmf_beacon_protection_bip(dev, apdev):
"""WPA2-PSK Beacon protection (BIP)"""
"""WPA2-PSK AP with PMF required and Beacon protection enabled (BIP)"""
run_ap_pmf_beacon_protection(dev, apdev, "AES-128-CMAC")
def test_ap_pmf_beacon_protection_bip_cmac_256(dev, apdev):
"""WPA2-PSK Beacon protection (BIP-CMAC-256)"""
run_ap_pmf_beacon_protection(dev, apdev, "BIP-CMAC-256")
def test_ap_pmf_beacon_protection_bip_gmac_128(dev, apdev):
"""WPA2-PSK Beacon protection (BIP-GMAC-128)"""
run_ap_pmf_beacon_protection(dev, apdev, "BIP-GMAC-128")
def test_ap_pmf_beacon_protection_bip_gmac_256(dev, apdev):
"""WPA2-PSK Beacon protection (BIP-GMAC-256)"""
run_ap_pmf_beacon_protection(dev, apdev, "BIP-GMAC-256")
def run_ap_pmf_beacon_protection(dev, apdev, cipher):
ssid = "test-beacon-prot"
params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
params["ieee80211w"] = "2"
params["beacon_prot"] = "1"
params["group_mgmt_cipher"] = cipher
try:
hapd = hostapd.add_ap(apdev[0], params)
except Exception as e:
if "Failed to enable hostapd interface" in str(e):
raise HwsimSkip("Beacon protection not supported")
raise
bssid = hapd.own_addr()
Wlantest.setup(hapd)
wt = Wlantest()
wt.flush()
wt.add_passphrase("12345678")
# STA with Beacon protection enabled
dev[0].connect(ssid, psk="12345678", ieee80211w="2", beacon_prot="1",
key_mgmt="WPA-PSK-SHA256", proto="WPA2", scan_freq="2412")
# STA with Beacon protection disabled
dev[1].connect(ssid, psk="12345678", ieee80211w="2",
key_mgmt="WPA-PSK-SHA256", proto="WPA2", scan_freq="2412")
time.sleep(1)
check_mac80211_bigtk(dev[0], hapd)
valid_bip = wt.get_bss_counter('valid_bip_mmie', bssid) valid_bip = wt.get_bss_counter('valid_bip_mmie', bssid)
invalid_bip = wt.get_bss_counter('invalid_bip_mmie', bssid) invalid_bip = wt.get_bss_counter('invalid_bip_mmie', bssid)
missing_bip = wt.get_bss_counter('missing_bip_mmie', bssid) missing_bip = wt.get_bss_counter('missing_bip_mmie', bssid)

View file

@ -26,6 +26,7 @@ from test_dpp import check_dpp_capab, update_hapd_config, wait_auth_success
from test_suite_b import check_suite_b_192_capa, suite_b_as_params, suite_b_192_rsa_ap_params from test_suite_b import check_suite_b_192_capa, suite_b_as_params, suite_b_192_rsa_ap_params
from test_ap_eap import check_eap_capa, int_eap_server_params, check_domain_match, check_domain_suffix_match from test_ap_eap import check_eap_capa, int_eap_server_params, check_domain_match, check_domain_suffix_match
from test_ap_hs20 import hs20_ap_params from test_ap_hs20 import hs20_ap_params
from test_ap_pmf import check_mac80211_bigtk
def check_sigma_dut(): def check_sigma_dut():
if not os.path.exists("./sigma_dut"): if not os.path.exists("./sigma_dut"):
@ -4048,3 +4049,36 @@ def run_sigma_dut_ap_channel(dev, apdev, params, channel, mode, scan_freq,
stop_sigma_dut(sigma) stop_sigma_dut(sigma)
subprocess.call(['iw', 'reg', 'set', '00']) subprocess.call(['iw', 'reg', 'set', '00'])
dev[0].flush_scan_cache() dev[0].flush_scan_cache()
def test_sigma_dut_beacon_prot(dev, apdev):
"""sigma_dut controlled STA and beacon protection"""
ssid = "test-pmf-required"
params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
params["ieee80211w"] = "2"
params["beacon_prot"] = "1"
try:
hapd = hostapd.add_ap(apdev[0], params)
except Exception as e:
if "Failed to enable hostapd interface" in str(e):
raise HwsimSkip("Beacon protection not supported")
raise
ifname = dev[0].ifname
sigma = start_sigma_dut(ifname)
try:
sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,type,PSK,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required,BeaconProtection,1" % (ifname, "test-pmf-required", "12345678"))
sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-pmf-required"),
timeout=10)
sigma_dut_wait_connected(ifname)
time.sleep(1)
check_mac80211_bigtk(dev[0], hapd)
sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
finally:
stop_sigma_dut(sigma)
dev[0].set("ignore_old_scan_res", "0")