From 74d29544f12f7fda2937b88c8772325a51c28f5c Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sun, 18 Dec 2016 20:28:10 +0200 Subject: [PATCH] tests: RSN AP and PeerKey between two STAs with sniffer check The previous PeerKey test cases did not actually verify in any way that the SMK and STK exchanges were completed since mac80211 does not support setting the key from STK. Use a sniffer check to confirm that the exchanges complete to avoid PeerKey regressions like the ones fixed in the last couple of commits. Signed-off-by: Jouni Malinen --- tests/hwsim/test_peerkey.py | 78 ++++++++++++++++++++++++++++++++++++- 1 file changed, 77 insertions(+), 1 deletion(-) diff --git a/tests/hwsim/test_peerkey.py b/tests/hwsim/test_peerkey.py index 6f9b716cb..a3d6d22ef 100644 --- a/tests/hwsim/test_peerkey.py +++ b/tests/hwsim/test_peerkey.py @@ -1,5 +1,5 @@ # PeerKey tests -# Copyright (c) 2013-2015, Jouni Malinen +# Copyright (c) 2013-2016, Jouni Malinen # # This software may be distributed under the terms of the BSD license. # See README for more details. @@ -7,12 +7,14 @@ from remotehost import remote_compatible import logging logger = logging.getLogger() +import os import time import hwsim_utils import hostapd from utils import skip_with_fips from wlantest import Wlantest +from tshark import run_tshark @remote_compatible def test_peerkey(dev, apdev): @@ -34,6 +36,80 @@ def test_peerkey(dev, apdev): # successfully completed 4-way handshake. This test case does allow the # key negotiation part to be tested for coverage, though. +def test_peerkey_sniffer_check(dev, apdev, params): + """RSN AP and PeerKey between two STAs with sniffer check""" + ssid = "test-peerkey" + passphrase = "12345678" + hparams = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) + hparams['peerkey'] = "1" + hapd = hostapd.add_ap(apdev[0], hparams) + + Wlantest.setup(hapd) + wt = Wlantest() + wt.flush() + wt.add_passphrase("12345678") + + dev[0].connect(ssid, psk=passphrase, scan_freq="2412", peerkey=True) + dev[1].connect(ssid, psk=passphrase, scan_freq="2412", peerkey=True) + hwsim_utils.test_connectivity_sta(dev[0], dev[1]) + + dev[0].request("STKSTART " + dev[1].p2p_interface_addr()) + time.sleep(1) + # NOTE: Actual use of the direct link (DLS) is not supported in + # mac80211_hwsim, so this operation fails at setting the keys after + # successfully completed 4-way handshake. This test case does allow the + # key negotiation part to be tested for coverage, though. Use sniffer to + # verify that all the SMK and STK handshake messages were transmitted. + + bssid = hapd.own_addr() + addr0 = dev[0].own_addr() + addr1 = dev[1].own_addr() + + out = run_tshark(os.path.join(params['logdir'], "hwsim0.pcapng"), + "eapol.type == 3", + display=["wlan.sa", "wlan.da", "eapol.keydes.key_info"]) + + smk = [ False, False, False, False, False ] + stk = [ False, False, False, False ] + + for pkt in out.splitlines(): + sa, da, key_info = pkt.split('\t') + key_info = int(key_info, 16) + if sa == addr0 and da == bssid and key_info == 0x2b02: + # Initiator -> AP: MIC+Secure+Request+SMK = SMK 1 + smk[0] = True + elif sa == bssid and da == addr1 and key_info == 0x2382: + # AP -> Responder: ACK+MIC+Secure+SMK = SMK 2 + smk[1] = True + elif sa == addr1 and da == bssid and key_info == 0x2302: + # Responder -> AP: MIC+Secure+SMK = SMK 3 + smk[2] = True + elif sa == bssid and da == addr1 and key_info == 0x3342: + # AP -> Responder: Install+MIC+Secure+EncrKeyData+SMK = SMK 4 + smk[3] = True + elif sa == bssid and da == addr0 and key_info == 0x3302: + # AP -> Initiator: MIC+Secure+EncrKeyData+SMK = SMK 5 + smk[4] = True + elif sa == addr0 and da == addr1 and key_info == 0x008a: + # Initiator -> Responder: Pairwise+ACK = STK 1 + stk[0] = True + elif sa == addr1 and da == addr0 and key_info == 0x010a: + # Responder -> Initiator: Pairwise+MIC = STK 2 + stk[1] = True + elif sa == addr0 and da == addr1 and key_info == 0x038a: + # Initiator -> Responder: Pairwise+ACK+MIC+Secure = STK 3 + stk[2] = True + elif sa == addr1 and da == addr0 and key_info == 0x030a: + # Responder -> Initiator: Pairwise+MIC+Secure = STK 4 + stk[3] = True + + logger.info("Seen SMK messages: " + str(smk)) + logger.info("Seen STK messages: " + str(stk)) + if False in smk: + raise Exception("Missing SMK message: " + str(smk)) + if False in stk: + raise Exception("Missing STK message: " + str(stk)) + def test_peerkey_unknown_peer(dev, apdev): """RSN AP and PeerKey attempt with unknown peer""" ssid = "test-peerkey"