jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

tests: IGTK and BIGTK replay protection

Browse source 
Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2021-03-06 12:41:05 +02:00
parent 5a7e806b69
commit f7835ac163
1 changed files with 37 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

41
tests/hwsim/test_ap_ciphers.py
View file

@ -649,12 +649,24 @@ def test_ap_cipher_replay_protection_sta_gtk_gcmp(dev, apdev):
raise HwsimSkip("GCMP not supported") raise HwsimSkip("GCMP not supported")
run_ap_cipher_replay_protection_sta(dev, apdev, "GCMP", keytype=KT_GTK) run_ap_cipher_replay_protection_sta(dev, apdev, "GCMP", keytype=KT_GTK)
def test_ap_cipher_replay_protection_sta_igtk(dev, apdev):
"""CCMP replay protection on STA (IGTK)"""
run_ap_cipher_replay_protection_sta(dev, apdev, "CCMP", keytype=KT_IGTK)
def test_ap_cipher_replay_protection_sta_bigtk(dev, apdev):
"""CCMP replay protection on STA (BIGTK)"""
run_ap_cipher_replay_protection_sta(dev, apdev, "CCMP", keytype=KT_BIGTK)
def run_ap_cipher_replay_protection_sta(dev, apdev, cipher, keytype=KT_PTK): def run_ap_cipher_replay_protection_sta(dev, apdev, cipher, keytype=KT_PTK):
params = {"ssid": "test-wpa2-psk", params = {"ssid": "test-wpa2-psk",
"wpa_passphrase": "12345678", "wpa_passphrase": "12345678",
"wpa": "2", "wpa": "2",
"wpa_key_mgmt": "WPA-PSK", "wpa_key_mgmt": "WPA-PSK",
"rsn_pairwise": cipher} "rsn_pairwise": cipher}
if keytype == KT_IGTK or keytype == KT_BIGTK:
params['ieee80211w'] = '2'
if keytype == KT_BIGTK:
params['beacon_prot'] = '1'
hapd = hostapd.add_ap(apdev[0], params) hapd = hostapd.add_ap(apdev[0], params)
Wlantest.setup(hapd) Wlantest.setup(hapd)
@ -663,10 +675,14 @@ def run_ap_cipher_replay_protection_sta(dev, apdev, cipher, keytype=KT_PTK):
wt.add_passphrase("12345678") wt.add_passphrase("12345678")
phy = dev[0].get_driver_status_field("phyname") phy = dev[0].get_driver_status_field("phyname")
dev[0].connect("test-wpa2-psk", psk="12345678", dev[0].connect("test-wpa2-psk", psk="12345678", ieee80211w='1',
beacon_prot='1',
pairwise=cipher, group=cipher, scan_freq="2412") pairwise=cipher, group=cipher, scan_freq="2412")
hapd.wait_sta() hapd.wait_sta()
if keytype == KT_BIGTK:
time.sleep(1)
if cipher != "TKIP": if cipher != "TKIP":
replays = get_tk_replay_counter(phy, keytype) replays = get_tk_replay_counter(phy, keytype)
if replays != 0: if replays != 0:
@ -680,12 +696,29 @@ def run_ap_cipher_replay_protection_sta(dev, apdev, cipher, keytype=KT_PTK):
if replays != 0: if replays != 0:
raise Exception("Unexpected replay reported (2)") raise Exception("Unexpected replay reported (2)")
if keytype == KT_IGTK:
hapd.request("DEAUTHENTICATE ff:ff:ff:ff:ff:ff test=1")
ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
if ev:
dev[0].wait_connected()
addr = "ff:ff:ff:ff:ff:ff" if keytype != KT_PTK else dev[0].own_addr() addr = "ff:ff:ff:ff:ff:ff" if keytype != KT_PTK else dev[0].own_addr()
if "OK" not in hapd.request("RESET_PN " + addr): cmd = "RESET_PN " + addr
if keytype == KT_IGTK:
cmd += " IGTK"
if keytype == KT_BIGTK:
cmd += " BIGTK"
if "OK" not in hapd.request(cmd):
raise Exception("RESET_PN failed") raise Exception("RESET_PN failed")
time.sleep(0.1) time.sleep(0.1)
hwsim_utils.test_connectivity(dev[0], hapd, timeout=1, if keytype == KT_IGTK:
success_expected=False) hapd.request("DEAUTHENTICATE ff:ff:ff:ff:ff:ff test=1")
ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
elif keytype == KT_BIGTK:
time.sleep(1)
else:
hwsim_utils.test_connectivity(dev[0], hapd, timeout=1,
success_expected=False)
if cipher != "TKIP": if cipher != "TKIP":
replays = get_tk_replay_counter(phy, keytype) replays = get_tk_replay_counter(phy, keytype)