tests: PMF tests with not-protected disconnection using hostapd

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2020-01-04 20:41:52 +02:00
parent 9bedf90047
commit e9aa399522
2 changed files with 127 additions and 2 deletions

View file

@ -631,14 +631,17 @@ def terminate(apdev):
hapd_global = HostapdGlobal(apdev) hapd_global = HostapdGlobal(apdev)
hapd_global.terminate() hapd_global.terminate()
def wpa2_params(ssid=None, passphrase=None): def wpa2_params(ssid=None, passphrase=None, wpa_key_mgmt="WPA-PSK",
ieee80211w=None):
params = {"wpa": "2", params = {"wpa": "2",
"wpa_key_mgmt": "WPA-PSK", "wpa_key_mgmt": wpa_key_mgmt,
"rsn_pairwise": "CCMP"} "rsn_pairwise": "CCMP"}
if ssid: if ssid:
params["ssid"] = ssid params["ssid"] = ssid
if passphrase: if passphrase:
params["wpa_passphrase"] = passphrase params["wpa_passphrase"] = passphrase
if ieee80211w is not None:
params["ieee80211w"] = ieee80211w
return params return params
def wpa_params(ssid=None, passphrase=None): def wpa_params(ssid=None, passphrase=None):

View file

@ -489,6 +489,128 @@ def test_ap_pmf_sta_sa_query_local_failure(dev, apdev):
wpas.request("DISCONNECT") wpas.request("DISCONNECT")
dev[0].wait_disconnected() dev[0].wait_disconnected()
def test_ap_pmf_sta_sa_query_hostapd(dev, apdev):
"""WPA2-PSK AP with station using SA Query (hostapd)"""
ssid = "assoc-comeback"
passphrase = "12345678"
addr = dev[0].own_addr()
params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase,
wpa_key_mgmt="WPA-PSK-SHA256",
ieee80211w="2")
hapd = hostapd.add_ap(apdev[0], params)
bssid = hapd.own_addr()
Wlantest.setup(hapd)
wt = Wlantest()
wt.flush()
wt.add_passphrase("12345678")
dev[0].connect(ssid, psk=passphrase, ieee80211w="2",
key_mgmt="WPA-PSK-SHA256", proto="WPA2",
scan_freq="2412")
hapd.wait_sta()
if "OK" not in hapd.request("DEAUTHENTICATE " + addr + " test=0") or \
"OK" not in hapd.request("DISASSOCIATE " + addr + " test=0"):
raise Exception("Failed to send unprotected disconnection messages")
ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
if ev is not None:
raise Exception("Unexpected disconnection")
if "OK" not in hapd.request("DEAUTHENTICATE " + addr + " reason=6 test=0") or \
"OK" not in hapd.request("DISASSOCIATE " + addr + " reason=7 test=0"):
raise Exception("Failed to send unprotected disconnection messages (2)")
ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
if ev is not None:
raise Exception("Unexpected disconnection")
if wt.get_sta_counter("valid_saqueryreq_tx", bssid, addr) < 1:
raise Exception("STA did not send SA Query")
if wt.get_sta_counter("valid_saqueryresp_rx", bssid, addr) < 1:
raise Exception("AP did not reply to SA Query")
def test_ap_pmf_sta_sa_query_no_response_hostapd(dev, apdev):
"""WPA2-PSK AP with station using SA Query and getting no response (hostapd)"""
ssid = "assoc-comeback"
passphrase = "12345678"
addr = dev[0].own_addr()
params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase,
wpa_key_mgmt="WPA-PSK-SHA256",
ieee80211w="2")
hapd = hostapd.add_ap(apdev[0], params)
bssid = hapd.own_addr()
Wlantest.setup(hapd)
wt = Wlantest()
wt.flush()
wt.add_passphrase("12345678")
dev[0].connect(ssid, psk=passphrase, ieee80211w="2",
key_mgmt="WPA-PSK-SHA256", proto="WPA2",
scan_freq="2412")
hapd.wait_sta()
hapd.set("ext_mgmt_frame_handling", "1")
if "OK" not in hapd.request("DEAUTHENTICATE " + addr + " reason=6 test=0") or \
"OK" not in hapd.request("DISASSOCIATE " + addr + " reason=7 test=0"):
raise Exception("Failed to send unprotected disconnection messages")
dev[0].wait_disconnected()
hapd.set("ext_mgmt_frame_handling", "0")
if wt.get_sta_counter("valid_saqueryreq_tx", bssid, addr) < 1:
raise Exception("STA did not send SA Query")
if wt.get_sta_counter("valid_saqueryresp_rx", bssid, addr) > 0:
raise Exception("AP replied to SA Query")
dev[0].wait_connected()
def test_ap_pmf_sta_unprot_deauth_burst_hostapd(dev, apdev):
"""WPA2-PSK AP with station receiving burst of unprotected Deauthentication frames (hostapd)"""
ssid = "deauth-attack"
passphrase = "12345678"
addr = dev[0].own_addr()
params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase,
wpa_key_mgmt="WPA-PSK-SHA256",
ieee80211w="2")
hapd = hostapd.add_ap(apdev[0], params)
bssid = hapd.own_addr()
Wlantest.setup(hapd)
wt = Wlantest()
wt.flush()
wt.add_passphrase("12345678")
dev[0].connect(ssid, psk=passphrase, ieee80211w="2",
key_mgmt="WPA-PSK-SHA256", proto="WPA2",
scan_freq="2412")
hapd.wait_sta()
for i in range(10):
if "OK" not in hapd.request("DEAUTHENTICATE " + addr + " reason=6 test=0") or \
"OK" not in hapd.request("DISASSOCIATE " + addr + " reason=7 test=0"):
raise Exception("Failed to send unprotected disconnection messages")
ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
if ev is not None:
raise Exception("Unexpected disconnection")
num_req = wt.get_sta_counter("valid_saqueryreq_tx", bssid, addr)
num_resp = wt.get_sta_counter("valid_saqueryresp_rx", bssid, addr)
if num_req < 1:
raise Exception("STA did not send SA Query")
if num_resp < 1:
raise Exception("AP did not reply to SA Query")
if num_req > 1:
raise Exception("STA initiated too many SA Query procedures (%d)" % num_req)
time.sleep(10)
for i in range(5):
if "OK" not in hapd.request("DEAUTHENTICATE " + addr + " reason=6 test=0") or \
"OK" not in hapd.request("DISASSOCIATE " + addr + " reason=7 test=0"):
raise Exception("Failed to send unprotected disconnection messages")
ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
if ev is not None:
raise Exception("Unexpected disconnection")
num_req = wt.get_sta_counter("valid_saqueryreq_tx", bssid, addr)
num_resp = wt.get_sta_counter("valid_saqueryresp_rx", bssid, addr)
if num_req != 2 or num_resp != 2:
raise Exception("Unexpected number of SA Query procedures (req=%d resp=%d)" % (num_req, num_resp))
def test_ap_pmf_required_eap(dev, apdev): def test_ap_pmf_required_eap(dev, apdev):
"""WPA2-EAP AP with PMF required""" """WPA2-EAP AP with PMF required"""
ssid = "test-pmf-required-eap" ssid = "test-pmf-required-eap"