]> git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_ap_ciphers.py
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tests: Use python3 compatible "except" statement
[thirdparty/hostap.git] / tests / hwsim / test_ap_ciphers.py
1 # Cipher suite tests
2 # Copyright (c) 2013-2015, Jouni Malinen <j@w1.fi>
3 #
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
6
7 from remotehost import remote_compatible
8 import time
9 import logging
10 logger = logging.getLogger()
11 import os
12 import subprocess
13
14 import hwsim_utils
15 import hostapd
16 from utils import HwsimSkip, skip_with_fips, require_under_vm
17 from wlantest import Wlantest
18 from wpasupplicant import WpaSupplicant
19
20 def check_cipher(dev, ap, cipher, group_cipher=None):
21 if cipher not in dev.get_capability("pairwise"):
22 raise HwsimSkip("Cipher %s not supported" % cipher)
23 if group_cipher and group_cipher not in dev.get_capability("group"):
24 raise HwsimSkip("Cipher %s not supported" % group_cipher)
25 params = { "ssid": "test-wpa2-psk",
26 "wpa_passphrase": "12345678",
27 "wpa": "2",
28 "wpa_key_mgmt": "WPA-PSK",
29 "rsn_pairwise": cipher }
30 if group_cipher:
31 params["group_cipher"] = group_cipher
32 else:
33 group_cipher = cipher
34 hapd = hostapd.add_ap(ap, params)
35 dev.connect("test-wpa2-psk", psk="12345678",
36 pairwise=cipher, group=group_cipher, scan_freq="2412")
37 hwsim_utils.test_connectivity(dev, hapd)
38
39 def check_group_mgmt_cipher(dev, ap, cipher, sta_req_cipher=None):
40 if cipher not in dev.get_capability("group_mgmt"):
41 raise HwsimSkip("Cipher %s not supported" % cipher)
42 params = { "ssid": "test-wpa2-psk-pmf",
43 "wpa_passphrase": "12345678",
44 "wpa": "2",
45 "ieee80211w": "2",
46 "wpa_key_mgmt": "WPA-PSK-SHA256",
47 "rsn_pairwise": "CCMP",
48 "group_mgmt_cipher": cipher }
49 hapd = hostapd.add_ap(ap, params)
50
51 Wlantest.setup(hapd)
52 wt = Wlantest()
53 wt.flush()
54 wt.add_passphrase("12345678")
55
56 dev.connect("test-wpa2-psk-pmf", psk="12345678", ieee80211w="2",
57 key_mgmt="WPA-PSK-SHA256", group_mgmt=sta_req_cipher,
58 pairwise="CCMP", group="CCMP", scan_freq="2412")
59 hwsim_utils.test_connectivity(dev, hapd)
60 hapd.request("DEAUTHENTICATE ff:ff:ff:ff:ff:ff")
61 dev.wait_disconnected()
62 if wt.get_bss_counter('valid_bip_mmie', ap['bssid']) < 1:
63 raise Exception("No valid BIP MMIE seen")
64 if wt.get_bss_counter('bip_deauth', ap['bssid']) < 1:
65 raise Exception("No valid BIP deauth seen")
66
67 if cipher == "AES-128-CMAC":
68 group_mgmt = "BIP"
69 else:
70 group_mgmt = cipher
71 res = wt.info_bss('group_mgmt', ap['bssid']).strip()
72 if res != group_mgmt:
73 raise Exception("Unexpected group mgmt cipher: " + res)
74
75 @remote_compatible
76 def test_ap_cipher_tkip(dev, apdev):
77 """WPA2-PSK/TKIP connection"""
78 skip_with_fips(dev[0])
79 check_cipher(dev[0], apdev[0], "TKIP")
80
81 @remote_compatible
82 def test_ap_cipher_tkip_countermeasures_ap(dev, apdev):
83 """WPA-PSK/TKIP countermeasures (detected by AP)"""
84 skip_with_fips(dev[0])
85 testfile = "/sys/kernel/debug/ieee80211/%s/netdev:%s/tkip_mic_test" % (dev[0].get_driver_status_field("phyname"), dev[0].ifname)
86 if dev[0].cmd_execute([ "ls", testfile ])[0] != 0:
87 raise HwsimSkip("tkip_mic_test not supported in mac80211")
88
89 params = { "ssid": "tkip-countermeasures",
90 "wpa_passphrase": "12345678",
91 "wpa": "1",
92 "wpa_key_mgmt": "WPA-PSK",
93 "wpa_pairwise": "TKIP" }
94 hapd = hostapd.add_ap(apdev[0], params)
95
96 dev[0].connect("tkip-countermeasures", psk="12345678",
97 pairwise="TKIP", group="TKIP", scan_freq="2412")
98
99 dev[0].dump_monitor()
100 dev[0].cmd_execute([ "echo", "-n", apdev[0]['bssid'], ">", testfile ],
101 shell=True)
102 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
103 if ev is not None:
104 raise Exception("Unexpected disconnection on first Michael MIC failure")
105
106 dev[0].cmd_execute([ "echo", "-n", "ff:ff:ff:ff:ff:ff", ">", testfile ],
107 shell=True)
108 ev = dev[0].wait_disconnected(timeout=10,
109 error="No disconnection after two Michael MIC failures")
110 if "reason=14" not in ev:
111 raise Exception("Unexpected disconnection reason: " + ev)
112 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
113 if ev is not None:
114 raise Exception("Unexpected connection during TKIP countermeasures")
115
116 def test_ap_cipher_tkip_countermeasures_ap_mixed_mode(dev, apdev):
117 """WPA+WPA2-PSK/TKIP countermeasures (detected by mixed mode AP)"""
118 skip_with_fips(dev[0])
119 testfile = "/sys/kernel/debug/ieee80211/%s/netdev:%s/tkip_mic_test" % (dev[0].get_driver_status_field("phyname"), dev[0].ifname)
120 if dev[0].cmd_execute([ "ls", testfile ])[0] != 0:
121 raise HwsimSkip("tkip_mic_test not supported in mac80211")
122
123 params = { "ssid": "tkip-countermeasures",
124 "wpa_passphrase": "12345678",
125 "wpa": "3",
126 "wpa_key_mgmt": "WPA-PSK",
127 "wpa_pairwise": "TKIP",
128 "rsn_pairwise": "CCMP" }
129 hapd = hostapd.add_ap(apdev[0], params)
130
131 dev[0].connect("tkip-countermeasures", psk="12345678",
132 pairwise="TKIP", group="TKIP", scan_freq="2412")
133 dev[1].connect("tkip-countermeasures", psk="12345678",
134 pairwise="CCMP", scan_freq="2412")
135
136 dev[0].dump_monitor()
137 dev[0].cmd_execute([ "echo", "-n", apdev[0]['bssid'], ">", testfile ],
138 shell=True)
139 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
140 if ev is not None:
141 raise Exception("Unexpected disconnection on first Michael MIC failure")
142
143 dev[0].cmd_execute([ "echo", "-n", "ff:ff:ff:ff:ff:ff", ">", testfile ],
144 shell=True)
145
146 ev = dev[0].wait_disconnected(timeout=10,
147 error="No disconnection after two Michael MIC failures")
148 if "reason=14" not in ev:
149 raise Exception("Unexpected disconnection reason: " + ev)
150
151 ev = dev[1].wait_disconnected(timeout=10,
152 error="No disconnection after two Michael MIC failures (2)")
153 if "reason=14" not in ev:
154 raise Exception("Unexpected disconnection reason (2): " + ev)
155
156 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
157 if ev is not None:
158 raise Exception("Unexpected connection during TKIP countermeasures (1)")
159 ev = dev[1].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
160 if ev is not None:
161 raise Exception("Unexpected connection during TKIP countermeasures (2)")
162
163 @remote_compatible
164 def test_ap_cipher_tkip_countermeasures_sta(dev, apdev):
165 """WPA-PSK/TKIP countermeasures (detected by STA)"""
166 skip_with_fips(dev[0])
167 params = { "ssid": "tkip-countermeasures",
168 "wpa_passphrase": "12345678",
169 "wpa": "1",
170 "wpa_key_mgmt": "WPA-PSK",
171 "wpa_pairwise": "TKIP" }
172 hapd = hostapd.add_ap(apdev[0], params)
173
174 testfile = "/sys/kernel/debug/ieee80211/%s/netdev:%s/tkip_mic_test" % (hapd.get_driver_status_field("phyname"), apdev[0]['ifname'])
175 if hapd.cmd_execute([ "ls", testfile ])[0] != 0:
176 raise HwsimSkip("tkip_mic_test not supported in mac80211")
177
178 dev[0].connect("tkip-countermeasures", psk="12345678",
179 pairwise="TKIP", group="TKIP", scan_freq="2412")
180
181 dev[0].dump_monitor()
182 hapd.cmd_execute([ "echo", "-n", dev[0].own_addr(), ">", testfile ],
183 shell=True)
184 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
185 if ev is not None:
186 raise Exception("Unexpected disconnection on first Michael MIC failure")
187
188 hapd.cmd_execute([ "echo", "-n", "ff:ff:ff:ff:ff:ff", ">", testfile ],
189 shell=True)
190 ev = dev[0].wait_disconnected(timeout=10,
191 error="No disconnection after two Michael MIC failures")
192 if "reason=14 locally_generated=1" not in ev:
193 raise Exception("Unexpected disconnection reason: " + ev)
194 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
195 if ev is not None:
196 raise Exception("Unexpected connection during TKIP countermeasures")
197
198 def test_ap_cipher_tkip_countermeasures_sta2(dev, apdev, params):
199 """WPA-PSK/TKIP countermeasures (detected by two STAs) [long]"""
200 if not params['long']:
201 raise HwsimSkip("Skip test case with long duration due to --long not specified")
202 skip_with_fips(dev[0])
203 params = { "ssid": "tkip-countermeasures",
204 "wpa_passphrase": "12345678",
205 "wpa": "1",
206 "wpa_key_mgmt": "WPA-PSK",
207 "wpa_pairwise": "TKIP" }
208 hapd = hostapd.add_ap(apdev[0], params)
209
210 testfile = "/sys/kernel/debug/ieee80211/%s/netdev:%s/tkip_mic_test" % (hapd.get_driver_status_field("phyname"), apdev[0]['ifname'])
211 if hapd.cmd_execute([ "ls", testfile ])[0] != 0:
212 raise HwsimSkip("tkip_mic_test not supported in mac80211")
213
214 dev[0].connect("tkip-countermeasures", psk="12345678",
215 pairwise="TKIP", group="TKIP", scan_freq="2412")
216 dev[0].dump_monitor()
217 id = dev[1].connect("tkip-countermeasures", psk="12345678",
218 pairwise="TKIP", group="TKIP", scan_freq="2412")
219 dev[1].dump_monitor()
220
221 hapd.cmd_execute([ "echo", "-n", "ff:ff:ff:ff:ff:ff", ">", testfile ],
222 shell=True)
223 ev = dev[0].wait_disconnected(timeout=10,
224 error="No disconnection after two Michael MIC failure")
225 if "reason=14" not in ev:
226 raise Exception("Unexpected disconnection reason: " + ev)
227 ev = dev[1].wait_disconnected(timeout=5,
228 error="No disconnection after two Michael MIC failure")
229 if "reason=14" not in ev:
230 raise Exception("Unexpected disconnection reason: " + ev)
231 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
232 if ev is not None:
233 raise Exception("Unexpected connection during TKIP countermeasures")
234 ev = dev[1].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
235 if ev is not None:
236 raise Exception("Unexpected connection during TKIP countermeasures")
237
238 dev[0].request("REMOVE_NETWORK all")
239 logger.info("Waiting for TKIP countermeasures to end")
240 connected = False
241 start = os.times()[4]
242 while True:
243 now = os.times()[4]
244 if start + 70 < now:
245 break
246 dev[0].connect("tkip-countermeasures", psk="12345678",
247 pairwise="TKIP", group="TKIP", scan_freq="2412",
248 wait_connect=False)
249 ev = dev[0].wait_event(["CTRL-EVENT-AUTH-REJECT",
250 "CTRL-EVENT-CONNECTED"], timeout=10)
251 if ev is None:
252 raise Exception("No connection result")
253 if "CTRL-EVENT-CONNECTED" in ev:
254 connected = True
255 break
256 if "status_code=1" not in ev:
257 raise Exception("Unexpected connection failure reason during TKIP countermeasures: " + ev)
258 dev[0].request("REMOVE_NETWORK all")
259 time.sleep(1)
260 dev[0].dump_monitor()
261 dev[1].dump_monitor()
262 if not connected:
263 raise Exception("No connection after TKIP countermeasures terminated")
264
265 ev = dev[1].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
266 if ev is None:
267 dev[1].request("DISCONNECT")
268 dev[1].select_network(id)
269 dev[1].wait_connected()
270
271 @remote_compatible
272 def test_ap_cipher_ccmp(dev, apdev):
273 """WPA2-PSK/CCMP connection"""
274 check_cipher(dev[0], apdev[0], "CCMP")
275
276 def test_ap_cipher_gcmp(dev, apdev):
277 """WPA2-PSK/GCMP connection"""
278 check_cipher(dev[0], apdev[0], "GCMP")
279
280 def test_ap_cipher_ccmp_256(dev, apdev):
281 """WPA2-PSK/CCMP-256 connection"""
282 check_cipher(dev[0], apdev[0], "CCMP-256")
283
284 def test_ap_cipher_gcmp_256(dev, apdev):
285 """WPA2-PSK/GCMP-256 connection"""
286 check_cipher(dev[0], apdev[0], "GCMP-256")
287
288 def test_ap_cipher_gcmp_256_group_gcmp_256(dev, apdev):
289 """WPA2-PSK/GCMP-256 connection with group cipher override GCMP-256"""
290 check_cipher(dev[0], apdev[0], "GCMP-256", "GCMP-256")
291
292 def test_ap_cipher_gcmp_256_group_gcmp(dev, apdev):
293 """WPA2-PSK/GCMP-256 connection with group cipher override GCMP"""
294 check_cipher(dev[0], apdev[0], "GCMP-256", "GCMP")
295
296 def test_ap_cipher_gcmp_256_group_ccmp_256(dev, apdev):
297 """WPA2-PSK/GCMP-256 connection with group cipher override CCMP-256"""
298 check_cipher(dev[0], apdev[0], "GCMP-256", "CCMP-256")
299
300 def test_ap_cipher_gcmp_256_group_ccmp(dev, apdev):
301 """WPA2-PSK/GCMP-256 connection with group cipher override CCMP"""
302 check_cipher(dev[0], apdev[0], "GCMP-256", "CCMP")
303
304 def test_ap_cipher_gcmp_ccmp(dev, apdev, params):
305 """WPA2-PSK/GCMP/CCMP ciphers"""
306 config = os.path.join(params['logdir'], 'ap_cipher_gcmp_ccmp.conf')
307
308 for cipher in [ "CCMP", "GCMP", "CCMP-256", "GCMP-256" ]:
309 if cipher not in dev[0].get_capability("pairwise"):
310 raise HwsimSkip("Cipher %s not supported" % cipher)
311 if cipher not in dev[0].get_capability("group"):
312 raise HwsimSkip("Group cipher %s not supported" % cipher)
313
314 params = { "ssid": "test-wpa2-psk",
315 "wpa_passphrase": "12345678",
316 "wpa": "2",
317 "wpa_key_mgmt": "WPA-PSK",
318 "rsn_pairwise": "CCMP GCMP CCMP-256 GCMP-256" }
319 hapd = hostapd.add_ap(apdev[0], params)
320
321
322 for cipher in [ "CCMP", "GCMP", "CCMP-256", "GCMP-256" ]:
323 dev[0].connect("test-wpa2-psk", psk="12345678",
324 pairwise=cipher, group="CCMP", scan_freq="2412")
325 if dev[0].get_status_field("group_cipher") != "CCMP":
326 raise Exception("Unexpected group_cipher")
327 if dev[0].get_status_field("pairwise_cipher") != cipher:
328 raise Exception("Unexpected pairwise_cipher")
329 dev[0].request("REMOVE_NETWORK all")
330 dev[0].wait_disconnected()
331
332 dev[0].connect("test-wpa2-psk", psk="12345678",
333 pairwise="CCMP CCMP-256 GCMP GCMP-256",
334 group="CCMP CCMP-256 GCMP GCMP-256", scan_freq="2412")
335 if dev[0].get_status_field("group_cipher") != "CCMP":
336 raise Exception("Unexpected group_cipher")
337 res = dev[0].get_status_field("pairwise_cipher")
338 if res != "CCMP-256" and res != "GCMP-256":
339 raise Exception("Unexpected pairwise_cipher")
340
341 try:
342 with open(config, "w") as f:
343 f.write("network={\n" +
344 "\tssid=\"test-wpa2-psk\"\n" +
345 "\tkey_mgmt=WPA-PSK\n" +
346 "\tpsk=\"12345678\"\n" +
347 "\tpairwise=GCMP\n" +
348 "\tgroup=CCMP\n" +
349 "\tscan_freq=2412\n" +
350 "}\n")
351
352 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
353 wpas.interface_add("wlan5", config=config)
354 wpas.wait_connected()
355 if wpas.get_status_field("group_cipher") != "CCMP":
356 raise Exception("Unexpected group_cipher")
357 if wpas.get_status_field("pairwise_cipher") != "GCMP":
358 raise Exception("Unexpected pairwise_cipher")
359 finally:
360 os.remove(config)
361
362 @remote_compatible
363 def test_ap_cipher_mixed_wpa_wpa2(dev, apdev):
364 """WPA2-PSK/CCMP/ and WPA-PSK/TKIP mixed configuration"""
365 skip_with_fips(dev[0])
366 ssid = "test-wpa-wpa2-psk"
367 passphrase = "12345678"
368 params = { "ssid": ssid,
369 "wpa_passphrase": passphrase,
370 "wpa": "3",
371 "wpa_key_mgmt": "WPA-PSK",
372 "rsn_pairwise": "CCMP",
373 "wpa_pairwise": "TKIP" }
374 hapd = hostapd.add_ap(apdev[0], params)
375 dev[0].connect(ssid, psk=passphrase, proto="WPA2",
376 pairwise="CCMP", group="TKIP", scan_freq="2412")
377 status = dev[0].get_status()
378 if status['key_mgmt'] != 'WPA2-PSK':
379 raise Exception("Incorrect key_mgmt reported")
380 if status['pairwise_cipher'] != 'CCMP':
381 raise Exception("Incorrect pairwise_cipher reported")
382 if status['group_cipher'] != 'TKIP':
383 raise Exception("Incorrect group_cipher reported")
384 bss = dev[0].get_bss(apdev[0]['bssid'])
385 if bss['ssid'] != ssid:
386 raise Exception("Unexpected SSID in the BSS entry")
387 if "[WPA-PSK-TKIP]" not in bss['flags']:
388 raise Exception("Missing BSS flag WPA-PSK-TKIP")
389 if "[WPA2-PSK-CCMP]" not in bss['flags']:
390 raise Exception("Missing BSS flag WPA2-PSK-CCMP")
391 hwsim_utils.test_connectivity(dev[0], hapd)
392
393 dev[1].connect(ssid, psk=passphrase, proto="WPA",
394 pairwise="TKIP", group="TKIP", scan_freq="2412")
395 status = dev[1].get_status()
396 if status['key_mgmt'] != 'WPA-PSK':
397 raise Exception("Incorrect key_mgmt reported")
398 if status['pairwise_cipher'] != 'TKIP':
399 raise Exception("Incorrect pairwise_cipher reported")
400 if status['group_cipher'] != 'TKIP':
401 raise Exception("Incorrect group_cipher reported")
402 hwsim_utils.test_connectivity(dev[1], hapd)
403 hwsim_utils.test_connectivity(dev[0], dev[1])
404
405 @remote_compatible
406 def test_ap_cipher_bip(dev, apdev):
407 """WPA2-PSK with BIP"""
408 check_group_mgmt_cipher(dev[0], apdev[0], "AES-128-CMAC")
409
410 def test_ap_cipher_bip_req(dev, apdev):
411 """WPA2-PSK with BIP required"""
412 check_group_mgmt_cipher(dev[0], apdev[0], "AES-128-CMAC", "AES-128-CMAC")
413
414 def test_ap_cipher_bip_req2(dev, apdev):
415 """WPA2-PSK with BIP required (2)"""
416 check_group_mgmt_cipher(dev[0], apdev[0], "AES-128-CMAC",
417 "AES-128-CMAC BIP-GMAC-128 BIP-GMAC-256 BIP-CMAC-256")
418
419 def test_ap_cipher_bip_gmac_128(dev, apdev):
420 """WPA2-PSK with BIP-GMAC-128"""
421 check_group_mgmt_cipher(dev[0], apdev[0], "BIP-GMAC-128")
422
423 def test_ap_cipher_bip_gmac_128_req(dev, apdev):
424 """WPA2-PSK with BIP-GMAC-128 required"""
425 check_group_mgmt_cipher(dev[0], apdev[0], "BIP-GMAC-128", "BIP-GMAC-128")
426
427 def test_ap_cipher_bip_gmac_256(dev, apdev):
428 """WPA2-PSK with BIP-GMAC-256"""
429 check_group_mgmt_cipher(dev[0], apdev[0], "BIP-GMAC-256")
430
431 def test_ap_cipher_bip_gmac_256_req(dev, apdev):
432 """WPA2-PSK with BIP-GMAC-256 required"""
433 check_group_mgmt_cipher(dev[0], apdev[0], "BIP-GMAC-256", "BIP-GMAC-256")
434
435 def test_ap_cipher_bip_cmac_256(dev, apdev):
436 """WPA2-PSK with BIP-CMAC-256"""
437 check_group_mgmt_cipher(dev[0], apdev[0], "BIP-CMAC-256")
438
439 def test_ap_cipher_bip_cmac_256_req(dev, apdev):
440 """WPA2-PSK with BIP-CMAC-256 required"""
441 check_group_mgmt_cipher(dev[0], apdev[0], "BIP-CMAC-256", "BIP-CMAC-256")
442
443 def test_ap_cipher_bip_req_mismatch(dev, apdev):
444 """WPA2-PSK with BIP cipher mismatch"""
445 group_mgmt = dev[0].get_capability("group_mgmt")
446 for cipher in [ "AES-128-CMAC", "BIP-GMAC-256" ]:
447 if cipher not in group_mgmt:
448 raise HwsimSkip("Cipher %s not supported" % cipher)
449
450 params = { "ssid": "test-wpa2-psk-pmf",
451 "wpa_passphrase": "12345678",
452 "wpa": "2",
453 "ieee80211w": "2",
454 "wpa_key_mgmt": "WPA-PSK-SHA256",
455 "rsn_pairwise": "CCMP",
456 "group_mgmt_cipher": "AES-128-CMAC" }
457 hapd = hostapd.add_ap(apdev[0], params)
458
459 dev[0].scan_for_bss(hapd.own_addr(), 2412)
460 id = dev[0].connect("test-wpa2-psk-pmf", psk="12345678", ieee80211w="2",
461 key_mgmt="WPA-PSK-SHA256", group_mgmt="BIP-GMAC-256",
462 pairwise="CCMP", group="CCMP", scan_freq="2412",
463 wait_connect=False)
464 ev = dev[0].wait_event(["CTRL-EVENT-NETWORK-NOT-FOUND",
465 "CTRL-EVENT-CONNECTED"], timeout=10)
466 if ev is None:
467 raise Exception("Network selection result not indicated")
468 if "CTRL-EVENT-CONNECTED" in ev:
469 raise Exception("Unexpected connection")
470
471 dev[0].request("DISCONNECT")
472 dev[0].set_network(id, "group_mgmt", "AES-128-CMAC")
473 dev[0].select_network(id)
474 dev[0].wait_connected()
475
476 def get_rx_spec(phy, gtk=False):
477 keys = "/sys/kernel/debug/ieee80211/%s/keys" % (phy)
478 try:
479 for key in os.listdir(keys):
480 keydir = keys + "/" + key
481 files = os.listdir(keydir)
482 if not gtk and "station" not in files:
483 continue
484 if gtk and "station" in files:
485 continue
486 with open(keydir + "/rx_spec") as f:
487 return f.read()
488 except OSError as e:
489 raise HwsimSkip("debugfs not supported in mac80211")
490 return None
491
492 def get_tk_replay_counter(phy, gtk=False):
493 keys = "/sys/kernel/debug/ieee80211/%s/keys" % (phy)
494 try:
495 for key in os.listdir(keys):
496 keydir = keys + "/" + key
497 files = os.listdir(keydir)
498 if not gtk and "station" not in files:
499 continue
500 if gtk and "station" in files:
501 continue
502 with open(keydir + "/replays") as f:
503 return int(f.read())
504 except OSError as e:
505 raise HwsimSkip("debugfs not supported in mac80211")
506 return None
507
508 def test_ap_cipher_replay_protection_ap_ccmp(dev, apdev):
509 """CCMP replay protection on AP"""
510 run_ap_cipher_replay_protection_ap(dev, apdev, "CCMP")
511
512 def test_ap_cipher_replay_protection_ap_tkip(dev, apdev):
513 """TKIP replay protection on AP"""
514 run_ap_cipher_replay_protection_ap(dev, apdev, "TKIP")
515
516 def test_ap_cipher_replay_protection_ap_gcmp(dev, apdev):
517 """GCMP replay protection on AP"""
518 if "GCMP" not in dev[0].get_capability("pairwise"):
519 raise HwsimSkip("GCMP not supported")
520 run_ap_cipher_replay_protection_ap(dev, apdev, "GCMP")
521
522 def run_ap_cipher_replay_protection_ap(dev, apdev, cipher):
523 params = { "ssid": "test-wpa2-psk",
524 "wpa_passphrase": "12345678",
525 "wpa": "2",
526 "wpa_key_mgmt": "WPA-PSK",
527 "rsn_pairwise": cipher }
528 hapd = hostapd.add_ap(apdev[0], params)
529 phy = hapd.get_driver_status_field("phyname")
530
531 Wlantest.setup(hapd)
532 wt = Wlantest()
533 wt.flush()
534 wt.add_passphrase("12345678")
535
536 dev[0].connect("test-wpa2-psk", psk="12345678",
537 pairwise=cipher, group=cipher, scan_freq="2412")
538
539 if cipher != "TKIP":
540 replays = get_tk_replay_counter(phy)
541 if replays != 0:
542 raise Exception("Unexpected replay reported (1)")
543
544 for i in range(5):
545 hwsim_utils.test_connectivity(dev[0], hapd)
546
547 if cipher != "TKIP":
548 replays = get_tk_replay_counter(phy)
549 if replays != 0:
550 raise Exception("Unexpected replay reported (2)")
551
552 if "OK" not in dev[0].request("RESET_PN"):
553 raise Exception("RESET_PN failed")
554 time.sleep(0.1)
555 hwsim_utils.test_connectivity(dev[0], hapd, timeout=1,
556 success_expected=False)
557
558 if cipher != "TKIP":
559 replays = get_tk_replay_counter(phy)
560 if replays < 1:
561 raise Exception("Replays not reported")
562
563 def test_ap_cipher_replay_protection_sta_ccmp(dev, apdev):
564 """CCMP replay protection on STA (TK)"""
565 run_ap_cipher_replay_protection_sta(dev, apdev, "CCMP")
566
567 def test_ap_cipher_replay_protection_sta_tkip(dev, apdev):
568 """TKIP replay protection on STA (TK)"""
569 run_ap_cipher_replay_protection_sta(dev, apdev, "TKIP")
570
571 def test_ap_cipher_replay_protection_sta_gcmp(dev, apdev):
572 """GCMP replay protection on STA (TK)"""
573 if "GCMP" not in dev[0].get_capability("pairwise"):
574 raise HwsimSkip("GCMP not supported")
575 run_ap_cipher_replay_protection_sta(dev, apdev, "GCMP")
576
577 def test_ap_cipher_replay_protection_sta_gtk_ccmp(dev, apdev):
578 """CCMP replay protection on STA (GTK)"""
579 run_ap_cipher_replay_protection_sta(dev, apdev, "CCMP", gtk=True)
580
581 def test_ap_cipher_replay_protection_sta_gtk_tkip(dev, apdev):
582 """TKIP replay protection on STA (GTK)"""
583 run_ap_cipher_replay_protection_sta(dev, apdev, "TKIP", gtk=True)
584
585 def test_ap_cipher_replay_protection_sta_gtk_gcmp(dev, apdev):
586 """GCMP replay protection on STA (GTK)"""
587 if "GCMP" not in dev[0].get_capability("pairwise"):
588 raise HwsimSkip("GCMP not supported")
589 run_ap_cipher_replay_protection_sta(dev, apdev, "GCMP", gtk=True)
590
591 def run_ap_cipher_replay_protection_sta(dev, apdev, cipher, gtk=False):
592 params = { "ssid": "test-wpa2-psk",
593 "wpa_passphrase": "12345678",
594 "wpa": "2",
595 "wpa_key_mgmt": "WPA-PSK",
596 "rsn_pairwise": cipher }
597 hapd = hostapd.add_ap(apdev[0], params)
598
599 Wlantest.setup(hapd)
600 wt = Wlantest()
601 wt.flush()
602 wt.add_passphrase("12345678")
603
604 phy = dev[0].get_driver_status_field("phyname")
605 dev[0].connect("test-wpa2-psk", psk="12345678",
606 pairwise=cipher, group=cipher, scan_freq="2412")
607
608 if cipher != "TKIP":
609 replays = get_tk_replay_counter(phy, gtk)
610 if replays != 0:
611 raise Exception("Unexpected replay reported (1)")
612
613 for i in range(5):
614 hwsim_utils.test_connectivity(dev[0], hapd)
615
616 if cipher != "TKIP":
617 replays = get_tk_replay_counter(phy, gtk)
618 if replays != 0:
619 raise Exception("Unexpected replay reported (2)")
620
621 addr = "ff:ff:ff:ff:ff:ff" if gtk else dev[0].own_addr()
622 if "OK" not in hapd.request("RESET_PN " + addr):
623 raise Exception("RESET_PN failed")
624 time.sleep(0.1)
625 hwsim_utils.test_connectivity(dev[0], hapd, timeout=1,
626 success_expected=False)
627
628 if cipher != "TKIP":
629 replays = get_tk_replay_counter(phy, gtk)
630 if replays < 1:
631 raise Exception("Replays not reported")
632
633 def test_ap_wpa2_delayed_m3_retransmission(dev, apdev):
634 """Delayed M3 retransmission"""
635 require_under_vm()
636 try:
637 subprocess.call(['sysctl', '-w', 'net.ipv6.conf.all.disable_ipv6=1'],
638 stdout=open('/dev/null', 'w'))
639 subprocess.call(['sysctl', '-w',
640 'net.ipv6.conf.default.disable_ipv6=1'],
641 stdout=open('/dev/null', 'w'))
642 run_ap_wpa2_delayed_m3_retransmission(dev, apdev)
643 finally:
644 subprocess.call(['sysctl', '-w', 'net.ipv6.conf.all.disable_ipv6=0'],
645 stdout=open('/dev/null', 'w'))
646 subprocess.call(['sysctl', '-w',
647 'net.ipv6.conf.default.disable_ipv6=0'],
648 stdout=open('/dev/null', 'w'))
649
650 def run_ap_wpa2_delayed_m3_retransmission(dev, apdev):
651 params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678")
652 hapd = hostapd.add_ap(apdev[0], params)
653
654 Wlantest.setup(hapd)
655 wt = Wlantest()
656 wt.flush()
657 wt.add_passphrase("12345678")
658
659 phy = dev[0].get_driver_status_field("phyname")
660 dev[0].connect("test-wpa2-psk", psk="12345678", scan_freq="2412")
661
662 for i in range(5):
663 hwsim_utils.test_connectivity(dev[0], hapd)
664
665 time.sleep(0.1)
666 before_tk = get_rx_spec(phy, gtk=False).splitlines()
667 before_gtk = get_rx_spec(phy, gtk=True).splitlines()
668 addr = dev[0].own_addr()
669 if "OK" not in hapd.request("RESEND_M3 " + addr):
670 raise Exception("RESEND_M3 failed")
671 time.sleep(0.1)
672 after_tk = get_rx_spec(phy, gtk=False).splitlines()
673 after_gtk = get_rx_spec(phy, gtk=True).splitlines()
674
675 if "OK" not in hapd.request("RESET_PN " + addr):
676 raise Exception("RESET_PN failed")
677 time.sleep(0.1)
678 hwsim_utils.test_connectivity(dev[0], hapd, timeout=1,
679 success_expected=False)
680 dev[0].request("DISCONNECT")
681 dev[0].wait_disconnected()
682
683 for i in range(len(before_tk)):
684 b = int(before_tk[i], 16)
685 a = int(after_tk[i], 16)
686 if a < b:
687 raise Exception("TK RX counter decreased: idx=%d before=%d after=%d" % (i, b, a))
688
689 for i in range(len(before_gtk)):
690 b = int(before_gtk[i], 16)
691 a = int(after_gtk[i], 16)
692 if a < b:
693 raise Exception("GTK RX counter decreased: idx=%d before=%d after=%d" % (i, b, a))
694
695 def test_ap_wpa2_delayed_m1_m3_retransmission(dev, apdev):
696 """Delayed M1+M3 retransmission"""
697 require_under_vm()
698 try:
699 subprocess.call(['sysctl', '-w', 'net.ipv6.conf.all.disable_ipv6=1'],
700 stdout=open('/dev/null', 'w'))
701 subprocess.call(['sysctl', '-w',
702 'net.ipv6.conf.default.disable_ipv6=1'],
703 stdout=open('/dev/null', 'w'))
704 run_ap_wpa2_delayed_m1_m3_retransmission(dev, apdev)
705 finally:
706 subprocess.call(['sysctl', '-w', 'net.ipv6.conf.all.disable_ipv6=0'],
707 stdout=open('/dev/null', 'w'))
708 subprocess.call(['sysctl', '-w',
709 'net.ipv6.conf.default.disable_ipv6=0'],
710 stdout=open('/dev/null', 'w'))
711
712 def test_ap_wpa2_delayed_m1_m3_retransmission2(dev, apdev):
713 """Delayed M1+M3 retransmission (change M1 ANonce)"""
714 require_under_vm()
715 try:
716 subprocess.call(['sysctl', '-w', 'net.ipv6.conf.all.disable_ipv6=1'],
717 stdout=open('/dev/null', 'w'))
718 subprocess.call(['sysctl', '-w',
719 'net.ipv6.conf.default.disable_ipv6=1'],
720 stdout=open('/dev/null', 'w'))
721 run_ap_wpa2_delayed_m1_m3_retransmission(dev, apdev, True)
722 finally:
723 subprocess.call(['sysctl', '-w', 'net.ipv6.conf.all.disable_ipv6=0'],
724 stdout=open('/dev/null', 'w'))
725 subprocess.call(['sysctl', '-w',
726 'net.ipv6.conf.default.disable_ipv6=0'],
727 stdout=open('/dev/null', 'w'))
728
729 def run_ap_wpa2_delayed_m1_m3_retransmission(dev, apdev,
730 change_m1_anonce=False):
731 params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678")
732 hapd = hostapd.add_ap(apdev[0], params)
733
734 Wlantest.setup(hapd)
735 wt = Wlantest()
736 wt.flush()
737 wt.add_passphrase("12345678")
738
739 phy = dev[0].get_driver_status_field("phyname")
740 dev[0].connect("test-wpa2-psk", psk="12345678", scan_freq="2412")
741
742 for i in range(5):
743 hwsim_utils.test_connectivity(dev[0], hapd)
744
745 time.sleep(0.1)
746 before_tk = get_rx_spec(phy, gtk=False).splitlines()
747 before_gtk = get_rx_spec(phy, gtk=True).splitlines()
748 addr = dev[0].own_addr()
749 if change_m1_anonce:
750 if "OK" not in hapd.request("RESEND_M1 " + addr + " change-anonce"):
751 raise Exception("RESEND_M1 failed")
752 if "OK" not in hapd.request("RESEND_M1 " + addr):
753 raise Exception("RESEND_M1 failed")
754 if "OK" not in hapd.request("RESEND_M3 " + addr):
755 raise Exception("RESEND_M3 failed")
756 time.sleep(0.1)
757 after_tk = get_rx_spec(phy, gtk=False).splitlines()
758 after_gtk = get_rx_spec(phy, gtk=True).splitlines()
759
760 if "OK" not in hapd.request("RESET_PN " + addr):
761 raise Exception("RESET_PN failed")
762 time.sleep(0.1)
763 hwsim_utils.test_connectivity(dev[0], hapd, timeout=1,
764 success_expected=False)
765 dev[0].request("DISCONNECT")
766 dev[0].wait_disconnected()
767
768 for i in range(len(before_tk)):
769 b = int(before_tk[i], 16)
770 a = int(after_tk[i], 16)
771 if a < b:
772 raise Exception("TK RX counter decreased: idx=%d before=%d after=%d" % (i, b, a))
773
774 for i in range(len(before_gtk)):
775 b = int(before_gtk[i], 16)
776 a = int(after_gtk[i], 16)
777 if a < b:
778 raise Exception("GTK RX counter decreased: idx=%d before=%d after=%d" % (i, b, a))
779
780 def test_ap_wpa2_delayed_group_m1_retransmission(dev, apdev):
781 """Delayed group M1 retransmission"""
782 require_under_vm()
783 try:
784 subprocess.call(['sysctl', '-w', 'net.ipv6.conf.all.disable_ipv6=1'],
785 stdout=open('/dev/null', 'w'))
786 subprocess.call(['sysctl', '-w',
787 'net.ipv6.conf.default.disable_ipv6=1'],
788 stdout=open('/dev/null', 'w'))
789 run_ap_wpa2_delayed_group_m1_retransmission(dev, apdev)
790 finally:
791 subprocess.call(['sysctl', '-w', 'net.ipv6.conf.all.disable_ipv6=0'],
792 stdout=open('/dev/null', 'w'))
793 subprocess.call(['sysctl', '-w',
794 'net.ipv6.conf.default.disable_ipv6=0'],
795 stdout=open('/dev/null', 'w'))
796
797 def run_ap_wpa2_delayed_group_m1_retransmission(dev, apdev):
798 params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678")
799 hapd = hostapd.add_ap(apdev[0], params)
800
801 Wlantest.setup(hapd)
802 wt = Wlantest()
803 wt.flush()
804 wt.add_passphrase("12345678")
805
806 phy = dev[0].get_driver_status_field("phyname")
807 dev[0].connect("test-wpa2-psk", psk="12345678", scan_freq="2412")
808
809 for i in range(5):
810 hwsim_utils.test_connectivity(dev[0], hapd)
811
812 time.sleep(0.1)
813 before = get_rx_spec(phy, gtk=True).splitlines()
814 addr = dev[0].own_addr()
815 if "OK" not in hapd.request("RESEND_GROUP_M1 " + addr):
816 raise Exception("RESEND_GROUP_M1 failed")
817 time.sleep(0.1)
818 after = get_rx_spec(phy, gtk=True).splitlines()
819
820 if "OK" not in hapd.request("RESET_PN " + addr):
821 raise Exception("RESET_PN failed")
822 time.sleep(0.1)
823 hwsim_utils.test_connectivity(dev[0], hapd, timeout=1,
824 success_expected=False)
825 dev[0].request("DISCONNECT")
826 dev[0].wait_disconnected()
827
828 for i in range(len(before)):
829 b = int(before[i], 16)
830 a = int(after[i], 16)
831 if a < b:
832 raise Exception("RX counter decreased: idx=%d before=%d after=%d" % (i, b, a))
833
834 def test_ap_wpa2_delayed_m1_m3_zero_tk(dev, apdev):
835 """Delayed M1+M3 retransmission and zero TK"""
836 params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678")
837 hapd = hostapd.add_ap(apdev[0], params)
838
839 Wlantest.setup(hapd)
840 wt = Wlantest()
841 wt.flush()
842 wt.add_passphrase("12345678")
843
844 dev[0].connect("test-wpa2-psk", psk="12345678", scan_freq="2412")
845
846 hwsim_utils.test_connectivity(dev[0], hapd)
847 addr = dev[0].own_addr()
848 if "OK" not in hapd.request("RESEND_M1 " + addr + " change-anonce"):
849 raise Exception("RESEND_M1 failed")
850 if "OK" not in hapd.request("RESEND_M1 " + addr):
851 raise Exception("RESEND_M1 failed")
852 if "OK" not in hapd.request("RESEND_M3 " + addr):
853 raise Exception("RESEND_M3 failed")
854
855 if "OK" not in hapd.request("SET_KEY 3 %s %d %d %s %s" % (addr, 0, 1, 6*"00", 16*"00")):
856 raise Exception("SET_KEY failed")
857 time.sleep(0.1)
858 hwsim_utils.test_connectivity(dev[0], hapd, timeout=1, broadcast=False,
859 success_expected=False)
860 dev[0].request("DISCONNECT")
861 dev[0].wait_disconnected()
862
863 def test_ap_wpa2_plaintext_m1_m3(dev, apdev):
864 """Plaintext M1/M3 during PTK rekey"""
865 params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678")
866 hapd = hostapd.add_ap(apdev[0], params)
867
868 Wlantest.setup(hapd)
869 wt = Wlantest()
870 wt.flush()
871 wt.add_passphrase("12345678")
872
873 dev[0].connect("test-wpa2-psk", psk="12345678", scan_freq="2412")
874
875 time.sleep(0.1)
876 addr = dev[0].own_addr()
877 if "OK" not in hapd.request("RESEND_M1 " + addr + " plaintext"):
878 raise Exception("RESEND_M1 failed")
879 time.sleep(0.1)
880 if "OK" not in hapd.request("RESEND_M3 " + addr + " plaintext"):
881 raise Exception("RESEND_M3 failed")
882 time.sleep(0.1)
883
884 def test_ap_wpa2_plaintext_m1_m3_pmf(dev, apdev):
885 """Plaintext M1/M3 during PTK rekey (PMF)"""
886 params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678")
887 params["ieee80211w"] = "2"
888 hapd = hostapd.add_ap(apdev[0], params)
889
890 Wlantest.setup(hapd)
891 wt = Wlantest()
892 wt.flush()
893 wt.add_passphrase("12345678")
894
895 dev[0].connect("test-wpa2-psk", psk="12345678", ieee80211w="2",
896 scan_freq="2412")
897
898 time.sleep(0.1)
899 addr = dev[0].own_addr()
900 if "OK" not in hapd.request("RESEND_M1 " + addr + " plaintext"):
901 raise Exception("RESEND_M1 failed")
902 time.sleep(0.1)
903 if "OK" not in hapd.request("RESEND_M3 " + addr + " plaintext"):
904 raise Exception("RESEND_M3 failed")
905 time.sleep(0.1)
906
907 def test_ap_wpa2_plaintext_m3(dev, apdev):
908 """Plaintext M3 during PTK rekey"""
909 params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678")
910 hapd = hostapd.add_ap(apdev[0], params)
911
912 Wlantest.setup(hapd)
913 wt = Wlantest()
914 wt.flush()
915 wt.add_passphrase("12345678")
916
917 dev[0].connect("test-wpa2-psk", psk="12345678", scan_freq="2412")
918
919 time.sleep(0.1)
920 addr = dev[0].own_addr()
921 if "OK" not in hapd.request("RESEND_M1 " + addr):
922 raise Exception("RESEND_M1 failed")
923 time.sleep(0.1)
924 if "OK" not in hapd.request("RESEND_M3 " + addr + " plaintext"):
925 raise Exception("RESEND_M3 failed")
926 time.sleep(0.1)
927
928 def test_ap_wpa2_plaintext_group_m1(dev, apdev):
929 """Plaintext group M1"""
930 params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678")
931 hapd = hostapd.add_ap(apdev[0], params)
932
933 Wlantest.setup(hapd)
934 wt = Wlantest()
935 wt.flush()
936 wt.add_passphrase("12345678")
937
938 dev[0].connect("test-wpa2-psk", psk="12345678", scan_freq="2412")
939
940 time.sleep(0.1)
941 addr = dev[0].own_addr()
942 if "OK" not in hapd.request("RESEND_GROUP_M1 " + addr + " plaintext"):
943 raise Exception("RESEND_GROUP_M1 failed")
944 time.sleep(0.2)
945 if "OK" not in hapd.request("RESEND_GROUP_M1 " + addr):
946 raise Exception("RESEND_GROUP_M1 failed")
947 time.sleep(0.1)
948
949 def test_ap_wpa2_plaintext_group_m1_pmf(dev, apdev):
950 """Plaintext group M1 (PMF)"""
951 params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678")
952 params["ieee80211w"] = "2"
953 hapd = hostapd.add_ap(apdev[0], params)
954
955 Wlantest.setup(hapd)
956 wt = Wlantest()
957 wt.flush()
958 wt.add_passphrase("12345678")
959
960 dev[0].connect("test-wpa2-psk", psk="12345678", ieee80211w="2",
961 scan_freq="2412")
962
963 time.sleep(0.1)
964 addr = dev[0].own_addr()
965 if "OK" not in hapd.request("RESEND_GROUP_M1 " + addr + " plaintext"):
966 raise Exception("RESEND_GROUP_M1 failed")
967 time.sleep(0.2)
968 if "OK" not in hapd.request("RESEND_GROUP_M1 " + addr):
969 raise Exception("RESEND_GROUP_M1 failed")
970 time.sleep(0.1)
Unnamed repository; edit this file 'description' to name the repository.