tests: Initial GTK/IGTK RSC setting

author Jouni Malinen <j@w1.fi>

Sat, 4 Jan 2020 11:07:47 +0000 (13:07 +0200)

committer Jouni Malinen <j@w1.fi>

Sat, 4 Jan 2020 11:07:47 +0000 (13:07 +0200)
author Jouni Malinen <j@w1.fi>
Sat, 4 Jan 2020 11:07:47 +0000 (13:07 +0200)
committer Jouni Malinen <j@w1.fi>
Sat, 4 Jan 2020 11:07:47 +0000 (13:07 +0200)
diff --git a/tests/hwsim/test_ap_ciphers.py b/tests/hwsim/test_ap_ciphers.py

index 4e79391698ed2211e532b13f3f9492812bc88f37..c44d11581dd5c2a8361b0d1fe89d8d2ec32a2f0f 100644 (file)
--- a/tests/hwsim/test_ap_ciphers.py
+++ b/tests/hwsim/test_ap_ciphers.py
@@ -979,3 +979,104 @@ def test_ap_wpa2_plaintext_group_m1_pmf(dev, apdev):
      if "OK" not in hapd.request("RESEND_GROUP_M1 " + addr):
          raise Exception("RESEND_GROUP_M1 failed")
      time.sleep(0.1)
+
+def test_ap_wpa2_gtk_initial_rsc_tkip(dev, apdev):
+    """Initial group cipher RSC (TKIP)"""
+    run_ap_wpa2_gtk_initial_rsc(dev, apdev, "TKIP")
+
+def test_ap_wpa2_gtk_initial_rsc_ccmp(dev, apdev):
+    """Initial group cipher RSC (CCMP)"""
+    run_ap_wpa2_gtk_initial_rsc(dev, apdev, "CCMP")
+
+def test_ap_wpa2_gtk_initial_rsc_ccmp_256(dev, apdev):
+    """Initial group cipher RSC (CCMP-256)"""
+    run_ap_wpa2_gtk_initial_rsc(dev, apdev, "CCMP-256")
+
+def test_ap_wpa2_gtk_initial_rsc_gcmp(dev, apdev):
+    """Initial group cipher RSC (GCMP)"""
+    run_ap_wpa2_gtk_initial_rsc(dev, apdev, "GCMP")
+
+def test_ap_wpa2_gtk_initial_rsc_gcmp_256(dev, apdev):
+    """Initial group cipher RSC (GCMP-256)"""
+    run_ap_wpa2_gtk_initial_rsc(dev, apdev, "GCMP-256")
+
+def run_ap_wpa2_gtk_initial_rsc(dev, apdev, cipher):
+    if cipher not in dev[0].get_capability("pairwise") or \
+       cipher not in dev[0].get_capability("group"):
+        raise HwsimSkip("Cipher %s not supported" % cipher)
+
+    params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678")
+    params["rsn_pairwise"] = cipher
+    params["group_cipher"] = cipher
+    params["gtk_rsc_override"] = "341200000000"
+    hapd = hostapd.add_ap(apdev[0], params)
+
+    Wlantest.setup(hapd)
+    wt = Wlantest()
+    wt.flush()
+    wt.add_passphrase("12345678")
+
+    dev[0].connect("test-wpa2-psk", psk="12345678", proto="WPA2",
+                   pairwise=cipher, group=cipher, scan_freq="2412")
+    hapd.wait_sta()
+    # Verify that unicast traffic works, but broadcast traffic does not.
+    hwsim_utils.test_connectivity(dev[0], hapd, broadcast=False)
+    hwsim_utils.test_connectivity(dev[0], hapd, success_expected=False)
+    hwsim_utils.test_connectivity(dev[0], hapd, success_expected=False)
+
+def test_ap_wpa2_igtk_initial_rsc_aes_128_cmac(dev, apdev):
+    """Initial management group cipher RSC (AES-128-CMAC)"""
+    run_ap_wpa2_igtk_initial_rsc(dev, apdev, "AES-128-CMAC")
+
+def test_ap_wpa2_igtk_initial_rsc_bip_gmac_128(dev, apdev):
+    """Initial management group cipher RSC (BIP-GMAC-128)"""
+    run_ap_wpa2_igtk_initial_rsc(dev, apdev, "BIP-GMAC-128")
+
+def test_ap_wpa2_igtk_initial_rsc_bip_gmac_256(dev, apdev):
+    """Initial management group cipher RSC (BIP-GMAC-256)"""
+    run_ap_wpa2_igtk_initial_rsc(dev, apdev, "BIP-GMAC-256")
+
+def test_ap_wpa2_igtk_initial_rsc_bip_cmac_256(dev, apdev):
+    """Initial management group cipher RSC (BIP-CMAC-256)"""
+    run_ap_wpa2_igtk_initial_rsc(dev, apdev, "BIP-CMAC-256")
+
+def run_ap_wpa2_igtk_initial_rsc(dev, apdev, cipher):
+    if cipher not in dev[0].get_capability("group_mgmt"):
+        raise HwsimSkip("Cipher %s not supported" % cipher)
+
+    params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678")
+    params["ieee80211w"] = "2"
+    params["rsn_pairwise"] = "CCMP"
+    params["group_cipher"] = "CCMP"
+    params["group_mgmt_cipher"] = cipher
+    params["igtk_rsc_override"] = "341200000000"
+    hapd = hostapd.add_ap(apdev[0], params)
+
+    Wlantest.setup(hapd)
+    wt = Wlantest()
+    wt.flush()
+    wt.add_passphrase("12345678")
+
+    dev[0].connect("test-wpa2-psk", psk="12345678", proto="WPA2",
+                   ieee80211w="2", pairwise="CCMP", group="CCMP",
+                   group_mgmt=cipher,
+                   scan_freq="2412")
+    hapd.wait_sta()
+    # Verify that broadcast robust management frames are dropped.
+    dev[0].note("Sending broadcast Deauthentication and Disassociation frames with too small IPN")
+    hapd.request("DEAUTHENTICATE ff:ff:ff:ff:ff:ff test=1")
+    hapd.request("DISASSOCIATE ff:ff:ff:ff:ff:ff test=1")
+    hapd.request("DEAUTHENTICATE ff:ff:ff:ff:ff:ff test=1")
+    hapd.request("DISASSOCIATE ff:ff:ff:ff:ff:ff test=1")
+    dev[0].note("Done sending broadcast Deauthentication and Disassociation frames with too small IPN")
+    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
+    if ev is not None:
+        raise Exception("Unexpected disconnection")
+
+    # Verify thar unicast robust management frames go through.
+    hapd.request("DEAUTHENTICATE " + dev[0].own_addr() + " reason=123 test=1")
+    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
+    if ev is None:
+        raise Exception("Disconnection not reported")
+    if "reason=123" not in ev:
+        raise Exception("Unexpected disconnection reason: " + ev)
author	Jouni Malinen <j@w1.fi>
	Sat, 4 Jan 2020 11:07:47 +0000 (13:07 +0200)
committer	Jouni Malinen <j@w1.fi>
	Sat, 4 Jan 2020 11:07:47 +0000 (13:07 +0200)