projects / thirdparty / hostap.git / blame
| Commit | Line | Data |
|---|---|---|
| 0eff1ab3 JM |
1 | # Cipher suite tests |
| 2 | # Copyright (c) 2013, Jouni Malinen <j@w1.fi> | |
| 3 | # | |
| 4 | # This software may be distributed under the terms of the BSD license. | |
| 5 | # See README for more details. | |
| 6 | ||
| 7 | import time | |
| 0eff1ab3 JM |
8 | import logging |
| 9 | logger = logging.getLogger() | |
| aa034377 | 10 | import os.path |
| 0eff1ab3 JM |
11 | |
| 12 | import hwsim_utils | |
| 13 | import hostapd | |
| 81e787b7 | 14 | from utils import HwsimSkip |
| 0eff1ab3 JM |
15 | |
| 16 | def check_cipher(dev, ap, cipher): | |
| 17 | if cipher not in dev.get_capability("pairwise"): | |
| 81e787b7 | 18 | raise HwsimSkip("Cipher %s not supported" % cipher) |
| 0eff1ab3 JM |
19 | params = { "ssid": "test-wpa2-psk", |
| 20 | "wpa_passphrase": "12345678", | |
| 21 | "wpa": "2", | |
| 22 | "wpa_key_mgmt": "WPA-PSK", | |
| 23 | "rsn_pairwise": cipher } | |
| a8375c94 | 24 | hapd = hostapd.add_ap(ap['ifname'], params) |
| 0eff1ab3 | 25 | dev.connect("test-wpa2-psk", psk="12345678", |
| 7daa9b9a | 26 | pairwise=cipher, group=cipher, scan_freq="2412") |
| a8375c94 | 27 | hwsim_utils.test_connectivity(dev, hapd) |
| 0eff1ab3 JM |
28 | |
| 29 | def test_ap_cipher_tkip(dev, apdev): | |
| 30 | """WPA2-PSK/TKIP connection""" | |
| 81e787b7 | 31 | check_cipher(dev[0], apdev[0], "TKIP") |
| 0eff1ab3 | 32 | |
| aa034377 JM |
33 | def test_ap_cipher_tkip_countermeasures_ap(dev, apdev): |
| 34 | """WPA-PSK/TKIP countermeasures (detected by AP)""" | |
| 35 | testfile = "/sys/kernel/debug/ieee80211/%s/netdev:%s/tkip_mic_test" % (dev[0].get_driver_status_field("phyname"), dev[0].ifname) | |
| 36 | if not os.path.exists(testfile): | |
| 81e787b7 | 37 | raise HwsimSkip("tkip_mic_test not supported in mac80211") |
| aa034377 JM |
38 | |
| 39 | params = { "ssid": "tkip-countermeasures", | |
| 40 | "wpa_passphrase": "12345678", | |
| 41 | "wpa": "1", | |
| 42 | "wpa_key_mgmt": "WPA-PSK", | |
| 43 | "wpa_pairwise": "TKIP" } | |
| 44 | hapd = hostapd.add_ap(apdev[0]['ifname'], params) | |
| 45 | ||
| 46 | dev[0].connect("tkip-countermeasures", psk="12345678", | |
| 47 | pairwise="TKIP", group="TKIP", scan_freq="2412") | |
| 48 | ||
| 49 | dev[0].dump_monitor() | |
| dc4c3dc4 JM |
50 | with open(testfile, "w") as f: |
| 51 | f.write(apdev[0]['bssid']) | |
| aa034377 JM |
52 | ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1) |
| 53 | if ev is not None: | |
| 54 | raise Exception("Unexpected disconnection on first Michael MIC failure") | |
| 55 | ||
| dc4c3dc4 JM |
56 | with open(testfile, "w") as f: |
| 57 | f.write("ff:ff:ff:ff:ff:ff") | |
| 5f35a5e2 JM |
58 | ev = dev[0].wait_disconnected(timeout=10, |
| 59 | error="No disconnection after two Michael MIC failures") | |
| aa034377 JM |
60 | if "reason=14" not in ev: |
| 61 | raise Exception("Unexpected disconnection reason: " + ev) | |
| 62 | ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1) | |
| 63 | if ev is not None: | |
| 64 | raise Exception("Unexpected connection during TKIP countermeasures") | |
| 65 | ||
| 66 | def test_ap_cipher_tkip_countermeasures_sta(dev, apdev): | |
| 67 | """WPA-PSK/TKIP countermeasures (detected by STA)""" | |
| 68 | params = { "ssid": "tkip-countermeasures", | |
| 69 | "wpa_passphrase": "12345678", | |
| 70 | "wpa": "1", | |
| 71 | "wpa_key_mgmt": "WPA-PSK", | |
| 72 | "wpa_pairwise": "TKIP" } | |
| 73 | hapd = hostapd.add_ap(apdev[0]['ifname'], params) | |
| 74 | ||
| 75 | testfile = "/sys/kernel/debug/ieee80211/%s/netdev:%s/tkip_mic_test" % (hapd.get_driver_status_field("phyname"), apdev[0]['ifname']) | |
| 76 | if not os.path.exists(testfile): | |
| 81e787b7 | 77 | raise HwsimSkip("tkip_mic_test not supported in mac80211") |
| aa034377 JM |
78 | |
| 79 | dev[0].connect("tkip-countermeasures", psk="12345678", | |
| 80 | pairwise="TKIP", group="TKIP", scan_freq="2412") | |
| 81 | ||
| 82 | dev[0].dump_monitor() | |
| dc4c3dc4 JM |
83 | with open(testfile, "w") as f: |
| 84 | f.write(dev[0].p2p_dev_addr()) | |
| aa034377 JM |
85 | ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1) |
| 86 | if ev is not None: | |
| 87 | raise Exception("Unexpected disconnection on first Michael MIC failure") | |
| 88 | ||
| dc4c3dc4 JM |
89 | with open(testfile, "w") as f: |
| 90 | f.write("ff:ff:ff:ff:ff:ff") | |
| 5f35a5e2 JM |
91 | ev = dev[0].wait_disconnected(timeout=10, |
| 92 | error="No disconnection after two Michael MIC failures") | |
| aa034377 JM |
93 | if "reason=14 locally_generated=1" not in ev: |
| 94 | raise Exception("Unexpected disconnection reason: " + ev) | |
| 95 | ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1) | |
| 96 | if ev is not None: | |
| 97 | raise Exception("Unexpected connection during TKIP countermeasures") | |
| 98 | ||
| 0eff1ab3 JM |
99 | def test_ap_cipher_ccmp(dev, apdev): |
| 100 | """WPA2-PSK/CCMP connection""" | |
| 81e787b7 | 101 | check_cipher(dev[0], apdev[0], "CCMP") |
| 0eff1ab3 JM |
102 | |
| 103 | def test_ap_cipher_gcmp(dev, apdev): | |
| 104 | """WPA2-PSK/GCMP connection""" | |
| 81e787b7 | 105 | check_cipher(dev[0], apdev[0], "GCMP") |
| 0eff1ab3 JM |
106 | |
| 107 | def test_ap_cipher_ccmp_256(dev, apdev): | |
| 108 | """WPA2-PSK/CCMP-256 connection""" | |
| 81e787b7 | 109 | check_cipher(dev[0], apdev[0], "CCMP-256") |
| 0eff1ab3 JM |
110 | |
| 111 | def test_ap_cipher_gcmp_256(dev, apdev): | |
| 112 | """WPA2-PSK/GCMP-256 connection""" | |
| 81e787b7 | 113 | check_cipher(dev[0], apdev[0], "GCMP-256") |
| 2e3aec56 JM |
114 | |
| 115 | def test_ap_cipher_mixed_wpa_wpa2(dev, apdev): | |
| 116 | """WPA2-PSK/CCMP/ and WPA-PSK/TKIP mixed configuration""" | |
| 117 | ssid = "test-wpa-wpa2-psk" | |
| 118 | passphrase = "12345678" | |
| 119 | params = { "ssid": ssid, | |
| 120 | "wpa_passphrase": passphrase, | |
| 121 | "wpa": "3", | |
| 122 | "wpa_key_mgmt": "WPA-PSK", | |
| 123 | "rsn_pairwise": "CCMP", | |
| 124 | "wpa_pairwise": "TKIP" } | |
| a8375c94 | 125 | hapd = hostapd.add_ap(apdev[0]['ifname'], params) |
| 2e3aec56 JM |
126 | dev[0].connect(ssid, psk=passphrase, proto="WPA2", |
| 127 | pairwise="CCMP", group="TKIP", scan_freq="2412") | |
| 128 | status = dev[0].get_status() | |
| 129 | if status['key_mgmt'] != 'WPA2-PSK': | |
| 130 | raise Exception("Incorrect key_mgmt reported") | |
| 131 | if status['pairwise_cipher'] != 'CCMP': | |
| 132 | raise Exception("Incorrect pairwise_cipher reported") | |
| 133 | if status['group_cipher'] != 'TKIP': | |
| 134 | raise Exception("Incorrect group_cipher reported") | |
| 135 | bss = dev[0].get_bss(apdev[0]['bssid']) | |
| 136 | if bss['ssid'] != ssid: | |
| 137 | raise Exception("Unexpected SSID in the BSS entry") | |
| 138 | if "[WPA-PSK-TKIP]" not in bss['flags']: | |
| 139 | raise Exception("Missing BSS flag WPA-PSK-TKIP") | |
| 140 | if "[WPA2-PSK-CCMP]" not in bss['flags']: | |
| 141 | raise Exception("Missing BSS flag WPA2-PSK-CCMP") | |
| a8375c94 | 142 | hwsim_utils.test_connectivity(dev[0], hapd) |
| 2e3aec56 JM |
143 | |
| 144 | dev[1].connect(ssid, psk=passphrase, proto="WPA", | |
| 145 | pairwise="TKIP", group="TKIP", scan_freq="2412") | |
| 146 | status = dev[1].get_status() | |
| 147 | if status['key_mgmt'] != 'WPA-PSK': | |
| 148 | raise Exception("Incorrect key_mgmt reported") | |
| 149 | if status['pairwise_cipher'] != 'TKIP': | |
| 150 | raise Exception("Incorrect pairwise_cipher reported") | |
| 151 | if status['group_cipher'] != 'TKIP': | |
| 152 | raise Exception("Incorrect group_cipher reported") | |
| a8375c94 JM |
153 | hwsim_utils.test_connectivity(dev[1], hapd) |
| 154 | hwsim_utils.test_connectivity(dev[0], dev[1]) |