pass
return vals
-def test_ap_pmf_beacon_protection_bip(dev, apdev):
- """WPA2-PSK Beacon protection (BIP)"""
- """WPA2-PSK AP with PMF required and Beacon protection enabled (BIP)"""
- run_ap_pmf_beacon_protection(dev, apdev, "AES-128-CMAC")
-
-def test_ap_pmf_beacon_protection_bip_cmac_256(dev, apdev):
- """WPA2-PSK Beacon protection (BIP-CMAC-256)"""
- run_ap_pmf_beacon_protection(dev, apdev, "BIP-CMAC-256")
-
-def test_ap_pmf_beacon_protection_bip_gmac_128(dev, apdev):
- """WPA2-PSK Beacon protection (BIP-GMAC-128)"""
- run_ap_pmf_beacon_protection(dev, apdev, "BIP-GMAC-128")
-
-def test_ap_pmf_beacon_protection_bip_gmac_256(dev, apdev):
- """WPA2-PSK Beacon protection (BIP-GMAC-256)"""
- run_ap_pmf_beacon_protection(dev, apdev, "BIP-GMAC-256")
-
-def run_ap_pmf_beacon_protection(dev, apdev, cipher):
- ssid = "test-beacon-prot"
- params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
- params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
- params["ieee80211w"] = "2"
- params["beacon_prot"] = "1"
- params["group_mgmt_cipher"] = cipher
- try:
- hapd = hostapd.add_ap(apdev[0], params)
- except Exception as e:
- if "Failed to enable hostapd interface" in str(e):
- raise HwsimSkip("Beacon protection not supported")
- raise
-
- bssid = hapd.own_addr()
-
- Wlantest.setup(hapd)
- wt = Wlantest()
- wt.flush()
- wt.add_passphrase("12345678")
-
- # STA with Beacon protection enabled
- dev[0].connect(ssid, psk="12345678", ieee80211w="2", beacon_prot="1",
- key_mgmt="WPA-PSK-SHA256", proto="WPA2", scan_freq="2412")
-
- # STA with Beacon protection disabled
- dev[1].connect(ssid, psk="12345678", ieee80211w="2",
- key_mgmt="WPA-PSK-SHA256", proto="WPA2", scan_freq="2412")
-
- time.sleep(1)
-
+def check_mac80211_bigtk(dev, hapd):
sta_key = None
ap_key = None
- phy = dev[0].get_driver_status_field("phyname")
+ phy = dev.get_driver_status_field("phyname")
keys = "/sys/kernel/debug/ieee80211/%s/keys" % phy
try:
for key in os.listdir(keys):
if tx_spec < 3:
raise Exception("AP did not update BIGTK BIPN sufficiently")
+def test_ap_pmf_beacon_protection_bip(dev, apdev):
+ """WPA2-PSK Beacon protection (BIP)"""
+ """WPA2-PSK AP with PMF required and Beacon protection enabled (BIP)"""
+ run_ap_pmf_beacon_protection(dev, apdev, "AES-128-CMAC")
+
+def test_ap_pmf_beacon_protection_bip_cmac_256(dev, apdev):
+ """WPA2-PSK Beacon protection (BIP-CMAC-256)"""
+ run_ap_pmf_beacon_protection(dev, apdev, "BIP-CMAC-256")
+
+def test_ap_pmf_beacon_protection_bip_gmac_128(dev, apdev):
+ """WPA2-PSK Beacon protection (BIP-GMAC-128)"""
+ run_ap_pmf_beacon_protection(dev, apdev, "BIP-GMAC-128")
+
+def test_ap_pmf_beacon_protection_bip_gmac_256(dev, apdev):
+ """WPA2-PSK Beacon protection (BIP-GMAC-256)"""
+ run_ap_pmf_beacon_protection(dev, apdev, "BIP-GMAC-256")
+
+def run_ap_pmf_beacon_protection(dev, apdev, cipher):
+ ssid = "test-beacon-prot"
+ params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
+ params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
+ params["ieee80211w"] = "2"
+ params["beacon_prot"] = "1"
+ params["group_mgmt_cipher"] = cipher
+ try:
+ hapd = hostapd.add_ap(apdev[0], params)
+ except Exception as e:
+ if "Failed to enable hostapd interface" in str(e):
+ raise HwsimSkip("Beacon protection not supported")
+ raise
+
+ bssid = hapd.own_addr()
+
+ Wlantest.setup(hapd)
+ wt = Wlantest()
+ wt.flush()
+ wt.add_passphrase("12345678")
+
+ # STA with Beacon protection enabled
+ dev[0].connect(ssid, psk="12345678", ieee80211w="2", beacon_prot="1",
+ key_mgmt="WPA-PSK-SHA256", proto="WPA2", scan_freq="2412")
+
+ # STA with Beacon protection disabled
+ dev[1].connect(ssid, psk="12345678", ieee80211w="2",
+ key_mgmt="WPA-PSK-SHA256", proto="WPA2", scan_freq="2412")
+
+ time.sleep(1)
+ check_mac80211_bigtk(dev[0], hapd)
+
valid_bip = wt.get_bss_counter('valid_bip_mmie', bssid)
invalid_bip = wt.get_bss_counter('invalid_bip_mmie', bssid)
missing_bip = wt.get_bss_counter('missing_bip_mmie', bssid)
from test_suite_b import check_suite_b_192_capa, suite_b_as_params, suite_b_192_rsa_ap_params
from test_ap_eap import check_eap_capa, int_eap_server_params, check_domain_match, check_domain_suffix_match
from test_ap_hs20 import hs20_ap_params
+from test_ap_pmf import check_mac80211_bigtk
def check_sigma_dut():
if not os.path.exists("./sigma_dut"):
stop_sigma_dut(sigma)
subprocess.call(['iw', 'reg', 'set', '00'])
dev[0].flush_scan_cache()
+
+def test_sigma_dut_beacon_prot(dev, apdev):
+ """sigma_dut controlled STA and beacon protection"""
+ ssid = "test-pmf-required"
+ params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
+ params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
+ params["ieee80211w"] = "2"
+ params["beacon_prot"] = "1"
+ try:
+ hapd = hostapd.add_ap(apdev[0], params)
+ except Exception as e:
+ if "Failed to enable hostapd interface" in str(e):
+ raise HwsimSkip("Beacon protection not supported")
+ raise
+
+ ifname = dev[0].ifname
+ sigma = start_sigma_dut(ifname)
+
+ try:
+ sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
+ sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
+ sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,type,PSK,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required,BeaconProtection,1" % (ifname, "test-pmf-required", "12345678"))
+ sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-pmf-required"),
+ timeout=10)
+ sigma_dut_wait_connected(ifname)
+
+ time.sleep(1)
+ check_mac80211_bigtk(dev[0], hapd)
+
+ sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
+ finally:
+ stop_sigma_dut(sigma)
+ dev[0].set("ignore_old_scan_res", "0")
projects / thirdparty / hostap.git / commitdiff
