From 14ee49c24b35756458c29715f792250ff9fe6347 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Thu, 26 Mar 2020 11:52:47 +0200 Subject: [PATCH] tests: sigma_dut controlled STA and beacon protection Signed-off-by: Jouni Malinen --- tests/hwsim/test_ap_pmf.py | 100 +++++++++++++++++----------------- tests/hwsim/test_sigma_dut.py | 34 ++++++++++++ 2 files changed, 85 insertions(+), 49 deletions(-) diff --git a/tests/hwsim/test_ap_pmf.py b/tests/hwsim/test_ap_pmf.py index 3913c5ce7..7feb173b6 100644 --- a/tests/hwsim/test_ap_pmf.py +++ b/tests/hwsim/test_ap_pmf.py @@ -927,58 +927,11 @@ def mac80211_read_key(keydir): pass return vals -def test_ap_pmf_beacon_protection_bip(dev, apdev): - """WPA2-PSK Beacon protection (BIP)""" - """WPA2-PSK AP with PMF required and Beacon protection enabled (BIP)""" - run_ap_pmf_beacon_protection(dev, apdev, "AES-128-CMAC") - -def test_ap_pmf_beacon_protection_bip_cmac_256(dev, apdev): - """WPA2-PSK Beacon protection (BIP-CMAC-256)""" - run_ap_pmf_beacon_protection(dev, apdev, "BIP-CMAC-256") - -def test_ap_pmf_beacon_protection_bip_gmac_128(dev, apdev): - """WPA2-PSK Beacon protection (BIP-GMAC-128)""" - run_ap_pmf_beacon_protection(dev, apdev, "BIP-GMAC-128") - -def test_ap_pmf_beacon_protection_bip_gmac_256(dev, apdev): - """WPA2-PSK Beacon protection (BIP-GMAC-256)""" - run_ap_pmf_beacon_protection(dev, apdev, "BIP-GMAC-256") - -def run_ap_pmf_beacon_protection(dev, apdev, cipher): - ssid = "test-beacon-prot" - params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678") - params["wpa_key_mgmt"] = "WPA-PSK-SHA256" - params["ieee80211w"] = "2" - params["beacon_prot"] = "1" - params["group_mgmt_cipher"] = cipher - try: - hapd = hostapd.add_ap(apdev[0], params) - except Exception as e: - if "Failed to enable hostapd interface" in str(e): - raise HwsimSkip("Beacon protection not supported") - raise - - bssid = hapd.own_addr() - - Wlantest.setup(hapd) - wt = Wlantest() - wt.flush() - wt.add_passphrase("12345678") - - # STA with Beacon protection enabled - dev[0].connect(ssid, psk="12345678", ieee80211w="2", beacon_prot="1", - key_mgmt="WPA-PSK-SHA256", proto="WPA2", scan_freq="2412") - - # STA with Beacon protection disabled - dev[1].connect(ssid, psk="12345678", ieee80211w="2", - key_mgmt="WPA-PSK-SHA256", proto="WPA2", scan_freq="2412") - - time.sleep(1) - +def check_mac80211_bigtk(dev, hapd): sta_key = None ap_key = None - phy = dev[0].get_driver_status_field("phyname") + phy = dev.get_driver_status_field("phyname") keys = "/sys/kernel/debug/ieee80211/%s/keys" % phy try: for key in os.listdir(keys): @@ -1034,6 +987,55 @@ def run_ap_pmf_beacon_protection(dev, apdev, cipher): if tx_spec < 3: raise Exception("AP did not update BIGTK BIPN sufficiently") +def test_ap_pmf_beacon_protection_bip(dev, apdev): + """WPA2-PSK Beacon protection (BIP)""" + """WPA2-PSK AP with PMF required and Beacon protection enabled (BIP)""" + run_ap_pmf_beacon_protection(dev, apdev, "AES-128-CMAC") + +def test_ap_pmf_beacon_protection_bip_cmac_256(dev, apdev): + """WPA2-PSK Beacon protection (BIP-CMAC-256)""" + run_ap_pmf_beacon_protection(dev, apdev, "BIP-CMAC-256") + +def test_ap_pmf_beacon_protection_bip_gmac_128(dev, apdev): + """WPA2-PSK Beacon protection (BIP-GMAC-128)""" + run_ap_pmf_beacon_protection(dev, apdev, "BIP-GMAC-128") + +def test_ap_pmf_beacon_protection_bip_gmac_256(dev, apdev): + """WPA2-PSK Beacon protection (BIP-GMAC-256)""" + run_ap_pmf_beacon_protection(dev, apdev, "BIP-GMAC-256") + +def run_ap_pmf_beacon_protection(dev, apdev, cipher): + ssid = "test-beacon-prot" + params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678") + params["wpa_key_mgmt"] = "WPA-PSK-SHA256" + params["ieee80211w"] = "2" + params["beacon_prot"] = "1" + params["group_mgmt_cipher"] = cipher + try: + hapd = hostapd.add_ap(apdev[0], params) + except Exception as e: + if "Failed to enable hostapd interface" in str(e): + raise HwsimSkip("Beacon protection not supported") + raise + + bssid = hapd.own_addr() + + Wlantest.setup(hapd) + wt = Wlantest() + wt.flush() + wt.add_passphrase("12345678") + + # STA with Beacon protection enabled + dev[0].connect(ssid, psk="12345678", ieee80211w="2", beacon_prot="1", + key_mgmt="WPA-PSK-SHA256", proto="WPA2", scan_freq="2412") + + # STA with Beacon protection disabled + dev[1].connect(ssid, psk="12345678", ieee80211w="2", + key_mgmt="WPA-PSK-SHA256", proto="WPA2", scan_freq="2412") + + time.sleep(1) + check_mac80211_bigtk(dev[0], hapd) + valid_bip = wt.get_bss_counter('valid_bip_mmie', bssid) invalid_bip = wt.get_bss_counter('invalid_bip_mmie', bssid) missing_bip = wt.get_bss_counter('missing_bip_mmie', bssid) diff --git a/tests/hwsim/test_sigma_dut.py b/tests/hwsim/test_sigma_dut.py index eb3bf0821..69e48aed6 100644 --- a/tests/hwsim/test_sigma_dut.py +++ b/tests/hwsim/test_sigma_dut.py @@ -26,6 +26,7 @@ from test_dpp import check_dpp_capab, update_hapd_config, wait_auth_success from test_suite_b import check_suite_b_192_capa, suite_b_as_params, suite_b_192_rsa_ap_params from test_ap_eap import check_eap_capa, int_eap_server_params, check_domain_match, check_domain_suffix_match from test_ap_hs20 import hs20_ap_params +from test_ap_pmf import check_mac80211_bigtk def check_sigma_dut(): if not os.path.exists("./sigma_dut"): @@ -4048,3 +4049,36 @@ def run_sigma_dut_ap_channel(dev, apdev, params, channel, mode, scan_freq, stop_sigma_dut(sigma) subprocess.call(['iw', 'reg', 'set', '00']) dev[0].flush_scan_cache() + +def test_sigma_dut_beacon_prot(dev, apdev): + """sigma_dut controlled STA and beacon protection""" + ssid = "test-pmf-required" + params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678") + params["wpa_key_mgmt"] = "WPA-PSK-SHA256" + params["ieee80211w"] = "2" + params["beacon_prot"] = "1" + try: + hapd = hostapd.add_ap(apdev[0], params) + except Exception as e: + if "Failed to enable hostapd interface" in str(e): + raise HwsimSkip("Beacon protection not supported") + raise + + ifname = dev[0].ifname + sigma = start_sigma_dut(ifname) + + try: + sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname) + sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname) + sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,type,PSK,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required,BeaconProtection,1" % (ifname, "test-pmf-required", "12345678")) + sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-pmf-required"), + timeout=10) + sigma_dut_wait_connected(ifname) + + time.sleep(1) + check_mac80211_bigtk(dev[0], hapd) + + sigma_dut_cmd_check("sta_reset_default,interface," + ifname) + finally: + stop_sigma_dut(sigma) + dev[0].set("ignore_old_scan_res", "0")