]>
Commit | Line | Data |
---|---|---|
0eff1ab3 JM |
1 | # Cipher suite tests |
2 | # Copyright (c) 2013, Jouni Malinen <j@w1.fi> | |
3 | # | |
4 | # This software may be distributed under the terms of the BSD license. | |
5 | # See README for more details. | |
6 | ||
7 | import time | |
0eff1ab3 JM |
8 | import logging |
9 | logger = logging.getLogger() | |
aa034377 | 10 | import os.path |
0eff1ab3 JM |
11 | |
12 | import hwsim_utils | |
13 | import hostapd | |
81e787b7 | 14 | from utils import HwsimSkip |
0eff1ab3 JM |
15 | |
16 | def check_cipher(dev, ap, cipher): | |
17 | if cipher not in dev.get_capability("pairwise"): | |
81e787b7 | 18 | raise HwsimSkip("Cipher %s not supported" % cipher) |
0eff1ab3 JM |
19 | params = { "ssid": "test-wpa2-psk", |
20 | "wpa_passphrase": "12345678", | |
21 | "wpa": "2", | |
22 | "wpa_key_mgmt": "WPA-PSK", | |
23 | "rsn_pairwise": cipher } | |
a8375c94 | 24 | hapd = hostapd.add_ap(ap['ifname'], params) |
0eff1ab3 | 25 | dev.connect("test-wpa2-psk", psk="12345678", |
7daa9b9a | 26 | pairwise=cipher, group=cipher, scan_freq="2412") |
a8375c94 | 27 | hwsim_utils.test_connectivity(dev, hapd) |
0eff1ab3 JM |
28 | |
29 | def test_ap_cipher_tkip(dev, apdev): | |
30 | """WPA2-PSK/TKIP connection""" | |
81e787b7 | 31 | check_cipher(dev[0], apdev[0], "TKIP") |
0eff1ab3 | 32 | |
aa034377 JM |
33 | def test_ap_cipher_tkip_countermeasures_ap(dev, apdev): |
34 | """WPA-PSK/TKIP countermeasures (detected by AP)""" | |
35 | testfile = "/sys/kernel/debug/ieee80211/%s/netdev:%s/tkip_mic_test" % (dev[0].get_driver_status_field("phyname"), dev[0].ifname) | |
36 | if not os.path.exists(testfile): | |
81e787b7 | 37 | raise HwsimSkip("tkip_mic_test not supported in mac80211") |
aa034377 JM |
38 | |
39 | params = { "ssid": "tkip-countermeasures", | |
40 | "wpa_passphrase": "12345678", | |
41 | "wpa": "1", | |
42 | "wpa_key_mgmt": "WPA-PSK", | |
43 | "wpa_pairwise": "TKIP" } | |
44 | hapd = hostapd.add_ap(apdev[0]['ifname'], params) | |
45 | ||
46 | dev[0].connect("tkip-countermeasures", psk="12345678", | |
47 | pairwise="TKIP", group="TKIP", scan_freq="2412") | |
48 | ||
49 | dev[0].dump_monitor() | |
dc4c3dc4 JM |
50 | with open(testfile, "w") as f: |
51 | f.write(apdev[0]['bssid']) | |
aa034377 JM |
52 | ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1) |
53 | if ev is not None: | |
54 | raise Exception("Unexpected disconnection on first Michael MIC failure") | |
55 | ||
dc4c3dc4 JM |
56 | with open(testfile, "w") as f: |
57 | f.write("ff:ff:ff:ff:ff:ff") | |
5f35a5e2 JM |
58 | ev = dev[0].wait_disconnected(timeout=10, |
59 | error="No disconnection after two Michael MIC failures") | |
aa034377 JM |
60 | if "reason=14" not in ev: |
61 | raise Exception("Unexpected disconnection reason: " + ev) | |
62 | ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1) | |
63 | if ev is not None: | |
64 | raise Exception("Unexpected connection during TKIP countermeasures") | |
65 | ||
66 | def test_ap_cipher_tkip_countermeasures_sta(dev, apdev): | |
67 | """WPA-PSK/TKIP countermeasures (detected by STA)""" | |
68 | params = { "ssid": "tkip-countermeasures", | |
69 | "wpa_passphrase": "12345678", | |
70 | "wpa": "1", | |
71 | "wpa_key_mgmt": "WPA-PSK", | |
72 | "wpa_pairwise": "TKIP" } | |
73 | hapd = hostapd.add_ap(apdev[0]['ifname'], params) | |
74 | ||
75 | testfile = "/sys/kernel/debug/ieee80211/%s/netdev:%s/tkip_mic_test" % (hapd.get_driver_status_field("phyname"), apdev[0]['ifname']) | |
76 | if not os.path.exists(testfile): | |
81e787b7 | 77 | raise HwsimSkip("tkip_mic_test not supported in mac80211") |
aa034377 JM |
78 | |
79 | dev[0].connect("tkip-countermeasures", psk="12345678", | |
80 | pairwise="TKIP", group="TKIP", scan_freq="2412") | |
81 | ||
82 | dev[0].dump_monitor() | |
dc4c3dc4 JM |
83 | with open(testfile, "w") as f: |
84 | f.write(dev[0].p2p_dev_addr()) | |
aa034377 JM |
85 | ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1) |
86 | if ev is not None: | |
87 | raise Exception("Unexpected disconnection on first Michael MIC failure") | |
88 | ||
dc4c3dc4 JM |
89 | with open(testfile, "w") as f: |
90 | f.write("ff:ff:ff:ff:ff:ff") | |
5f35a5e2 JM |
91 | ev = dev[0].wait_disconnected(timeout=10, |
92 | error="No disconnection after two Michael MIC failures") | |
aa034377 JM |
93 | if "reason=14 locally_generated=1" not in ev: |
94 | raise Exception("Unexpected disconnection reason: " + ev) | |
95 | ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1) | |
96 | if ev is not None: | |
97 | raise Exception("Unexpected connection during TKIP countermeasures") | |
98 | ||
0eff1ab3 JM |
99 | def test_ap_cipher_ccmp(dev, apdev): |
100 | """WPA2-PSK/CCMP connection""" | |
81e787b7 | 101 | check_cipher(dev[0], apdev[0], "CCMP") |
0eff1ab3 JM |
102 | |
103 | def test_ap_cipher_gcmp(dev, apdev): | |
104 | """WPA2-PSK/GCMP connection""" | |
81e787b7 | 105 | check_cipher(dev[0], apdev[0], "GCMP") |
0eff1ab3 JM |
106 | |
107 | def test_ap_cipher_ccmp_256(dev, apdev): | |
108 | """WPA2-PSK/CCMP-256 connection""" | |
81e787b7 | 109 | check_cipher(dev[0], apdev[0], "CCMP-256") |
0eff1ab3 JM |
110 | |
111 | def test_ap_cipher_gcmp_256(dev, apdev): | |
112 | """WPA2-PSK/GCMP-256 connection""" | |
81e787b7 | 113 | check_cipher(dev[0], apdev[0], "GCMP-256") |
2e3aec56 JM |
114 | |
115 | def test_ap_cipher_mixed_wpa_wpa2(dev, apdev): | |
116 | """WPA2-PSK/CCMP/ and WPA-PSK/TKIP mixed configuration""" | |
117 | ssid = "test-wpa-wpa2-psk" | |
118 | passphrase = "12345678" | |
119 | params = { "ssid": ssid, | |
120 | "wpa_passphrase": passphrase, | |
121 | "wpa": "3", | |
122 | "wpa_key_mgmt": "WPA-PSK", | |
123 | "rsn_pairwise": "CCMP", | |
124 | "wpa_pairwise": "TKIP" } | |
a8375c94 | 125 | hapd = hostapd.add_ap(apdev[0]['ifname'], params) |
2e3aec56 JM |
126 | dev[0].connect(ssid, psk=passphrase, proto="WPA2", |
127 | pairwise="CCMP", group="TKIP", scan_freq="2412") | |
128 | status = dev[0].get_status() | |
129 | if status['key_mgmt'] != 'WPA2-PSK': | |
130 | raise Exception("Incorrect key_mgmt reported") | |
131 | if status['pairwise_cipher'] != 'CCMP': | |
132 | raise Exception("Incorrect pairwise_cipher reported") | |
133 | if status['group_cipher'] != 'TKIP': | |
134 | raise Exception("Incorrect group_cipher reported") | |
135 | bss = dev[0].get_bss(apdev[0]['bssid']) | |
136 | if bss['ssid'] != ssid: | |
137 | raise Exception("Unexpected SSID in the BSS entry") | |
138 | if "[WPA-PSK-TKIP]" not in bss['flags']: | |
139 | raise Exception("Missing BSS flag WPA-PSK-TKIP") | |
140 | if "[WPA2-PSK-CCMP]" not in bss['flags']: | |
141 | raise Exception("Missing BSS flag WPA2-PSK-CCMP") | |
a8375c94 | 142 | hwsim_utils.test_connectivity(dev[0], hapd) |
2e3aec56 JM |
143 | |
144 | dev[1].connect(ssid, psk=passphrase, proto="WPA", | |
145 | pairwise="TKIP", group="TKIP", scan_freq="2412") | |
146 | status = dev[1].get_status() | |
147 | if status['key_mgmt'] != 'WPA-PSK': | |
148 | raise Exception("Incorrect key_mgmt reported") | |
149 | if status['pairwise_cipher'] != 'TKIP': | |
150 | raise Exception("Incorrect pairwise_cipher reported") | |
151 | if status['group_cipher'] != 'TKIP': | |
152 | raise Exception("Incorrect group_cipher reported") | |
a8375c94 JM |
153 | hwsim_utils.test_connectivity(dev[1], hapd) |
154 | hwsim_utils.test_connectivity(dev[0], dev[1]) |