mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2025-01-18 02:44:03 -05:00
tests: Delayed group rekey retransmit test for IGTK
Add a test for delayed group rekey retransmission that checks that the IGTK is protected against it by not resetting the IPN replay counter when reinstalling such a key. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This commit is contained in:
parent
7f508ff968
commit
34ac7d871a
@ -867,6 +867,69 @@ def run_ap_wpa2_delayed_group_m1_retransmission(dev, apdev):
|
|||||||
if a < b:
|
if a < b:
|
||||||
raise Exception("RX counter decreased: idx=%d before=%d after=%d" % (i, b, a))
|
raise Exception("RX counter decreased: idx=%d before=%d after=%d" % (i, b, a))
|
||||||
|
|
||||||
|
def test_ap_wpa2_delayed_group_m1_retransmission_igtk(dev, apdev):
|
||||||
|
"""Delayed group M1 retransmission (check IGTK protection)"""
|
||||||
|
require_under_vm()
|
||||||
|
try:
|
||||||
|
subprocess.call(['sysctl', '-w', 'net.ipv6.conf.all.disable_ipv6=1'],
|
||||||
|
stdout=open('/dev/null', 'w'))
|
||||||
|
subprocess.call(['sysctl', '-w',
|
||||||
|
'net.ipv6.conf.default.disable_ipv6=1'],
|
||||||
|
stdout=open('/dev/null', 'w'))
|
||||||
|
run_ap_wpa2_delayed_group_m1_retransmission_igtk(dev, apdev)
|
||||||
|
finally:
|
||||||
|
subprocess.call(['sysctl', '-w', 'net.ipv6.conf.all.disable_ipv6=0'],
|
||||||
|
stdout=open('/dev/null', 'w'))
|
||||||
|
subprocess.call(['sysctl', '-w',
|
||||||
|
'net.ipv6.conf.default.disable_ipv6=0'],
|
||||||
|
stdout=open('/dev/null', 'w'))
|
||||||
|
|
||||||
|
def run_ap_wpa2_delayed_group_m1_retransmission_igtk(dev, apdev):
|
||||||
|
params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678",
|
||||||
|
ieee80211w="2")
|
||||||
|
hapd = hostapd.add_ap(apdev[0], params)
|
||||||
|
|
||||||
|
Wlantest.setup(hapd)
|
||||||
|
wt = Wlantest()
|
||||||
|
wt.flush()
|
||||||
|
wt.add_passphrase("12345678")
|
||||||
|
|
||||||
|
phy = dev[0].get_driver_status_field("phyname")
|
||||||
|
dev[0].connect("test-wpa2-psk", psk="12345678", scan_freq="2412",
|
||||||
|
ieee80211w="1")
|
||||||
|
hapd.wait_sta()
|
||||||
|
|
||||||
|
hwsim_utils.test_connectivity(dev[0], hapd, timeout=1)
|
||||||
|
|
||||||
|
# deauth once to see that works OK
|
||||||
|
addr = dev[0].own_addr()
|
||||||
|
hapd.request("DEAUTHENTICATE ff:ff:ff:ff:ff:ff")
|
||||||
|
dev[0].wait_disconnected(timeout=10)
|
||||||
|
|
||||||
|
# now to check the protection
|
||||||
|
dev[0].request("RECONNECT")
|
||||||
|
dev[0].wait_connected()
|
||||||
|
hapd.wait_sta()
|
||||||
|
|
||||||
|
hwsim_utils.test_connectivity(dev[0], hapd, timeout=1)
|
||||||
|
|
||||||
|
if "OK" not in hapd.request("RESEND_GROUP_M1 " + addr):
|
||||||
|
raise Exception("RESEND_GROUP_M1 failed")
|
||||||
|
if "OK" not in hapd.request("RESET_PN ff:ff:ff:ff:ff:ff IGTK"):
|
||||||
|
raise Exception("RESET_PN failed")
|
||||||
|
|
||||||
|
time.sleep(0.1)
|
||||||
|
hapd.request("DEAUTHENTICATE ff:ff:ff:ff:ff:ff test=1")
|
||||||
|
|
||||||
|
ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=0.1)
|
||||||
|
if ev is not None:
|
||||||
|
raise Exception("Unexpected disconnection")
|
||||||
|
|
||||||
|
hwsim_utils.test_connectivity(dev[0], hapd, timeout=1)
|
||||||
|
|
||||||
|
dev[0].request("DISCONNECT")
|
||||||
|
dev[0].wait_disconnected()
|
||||||
|
|
||||||
def test_ap_wpa2_delayed_m1_m3_zero_tk(dev, apdev):
|
def test_ap_wpa2_delayed_m1_m3_zero_tk(dev, apdev):
|
||||||
"""Delayed M1+M3 retransmission and zero TK"""
|
"""Delayed M1+M3 retransmission and zero TK"""
|
||||||
params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678")
|
params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678")
|
||||||
|
Loading…
Reference in New Issue
Block a user