mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-25 00:38:24 -05:00
tests: Additional SAE protocol testing
Check behavior with delayed/replayed SAE commit message. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
1b5865a53f
commit
46746fc170
@ -749,6 +749,168 @@ def test_sae_proto_ffc(dev, apdev):
|
||||
hapd.set("ext_mgmt_frame_handling", "0")
|
||||
hapd.dump_monitor()
|
||||
|
||||
|
||||
def test_sae_proto_commit_delayed(dev, apdev):
|
||||
"""SAE protocol testing - Commit delayed"""
|
||||
if "SAE" not in dev[0].get_capability("auth_alg"):
|
||||
raise HwsimSkip("SAE not supported")
|
||||
params = hostapd.wpa2_params(ssid="test-sae",
|
||||
passphrase="12345678")
|
||||
params['wpa_key_mgmt'] = 'SAE'
|
||||
hapd = hostapd.add_ap(apdev[0], params)
|
||||
bssid = apdev[0]['bssid']
|
||||
|
||||
dev[0].request("SET sae_groups 19")
|
||||
|
||||
dev[0].scan_for_bss(bssid, freq=2412)
|
||||
hapd.set("ext_mgmt_frame_handling", "1")
|
||||
dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
|
||||
scan_freq="2412", wait_connect=False)
|
||||
|
||||
logger.info("Commit")
|
||||
for i in range(0, 10):
|
||||
req = hapd.mgmt_rx()
|
||||
if req is None:
|
||||
raise Exception("MGMT RX wait timed out (commit)")
|
||||
if req['subtype'] == 11:
|
||||
break
|
||||
req = None
|
||||
if not req:
|
||||
raise Exception("Authentication frame (commit) not received")
|
||||
|
||||
hapd.dump_monitor()
|
||||
time.sleep(2.5)
|
||||
hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())
|
||||
|
||||
logger.info("Commit/Confirm")
|
||||
for i in range(0, 10):
|
||||
req = hapd.mgmt_rx()
|
||||
if req is None:
|
||||
raise Exception("MGMT RX wait timed out (confirm)")
|
||||
if req['subtype'] == 11:
|
||||
trans, = struct.unpack('<H', req['payload'][2:4])
|
||||
if trans == 1:
|
||||
logger.info("Extra Commit")
|
||||
hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())
|
||||
continue
|
||||
break
|
||||
req = None
|
||||
if not req:
|
||||
raise Exception("Authentication frame (confirm) not received")
|
||||
|
||||
hapd.dump_monitor()
|
||||
hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())
|
||||
|
||||
logger.info("Association Request")
|
||||
for i in range(0, 10):
|
||||
req = hapd.mgmt_rx()
|
||||
if req is None:
|
||||
raise Exception("MGMT RX wait timed out (AssocReq)")
|
||||
if req['subtype'] == 0:
|
||||
break
|
||||
req = None
|
||||
if not req:
|
||||
raise Exception("Association Request frame not received")
|
||||
|
||||
hapd.dump_monitor()
|
||||
hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())
|
||||
ev = hapd.wait_event(["MGMT-TX-STATUS"], timeout=5)
|
||||
if ev is None:
|
||||
raise Exception("Management frame TX status not reported (1)")
|
||||
if "stype=1 ok=1" not in ev:
|
||||
raise Exception("Unexpected management frame TX status (1): " + ev)
|
||||
cmd = "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev.split(' ')[1:4]))
|
||||
if "OK" not in hapd.request(cmd):
|
||||
raise Exception("MGMT_TX_STATUS_PROCESS failed")
|
||||
|
||||
hapd.set("ext_mgmt_frame_handling", "0")
|
||||
|
||||
dev[0].wait_connected()
|
||||
|
||||
def test_sae_proto_commit_replay(dev, apdev):
|
||||
"""SAE protocol testing - Commit replay"""
|
||||
if "SAE" not in dev[0].get_capability("auth_alg"):
|
||||
raise HwsimSkip("SAE not supported")
|
||||
params = hostapd.wpa2_params(ssid="test-sae",
|
||||
passphrase="12345678")
|
||||
params['wpa_key_mgmt'] = 'SAE'
|
||||
hapd = hostapd.add_ap(apdev[0], params)
|
||||
bssid = apdev[0]['bssid']
|
||||
|
||||
dev[0].request("SET sae_groups 19")
|
||||
|
||||
dev[0].scan_for_bss(bssid, freq=2412)
|
||||
hapd.set("ext_mgmt_frame_handling", "1")
|
||||
dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
|
||||
scan_freq="2412", wait_connect=False)
|
||||
|
||||
logger.info("Commit")
|
||||
for i in range(0, 10):
|
||||
req = hapd.mgmt_rx()
|
||||
if req is None:
|
||||
raise Exception("MGMT RX wait timed out (commit)")
|
||||
if req['subtype'] == 11:
|
||||
break
|
||||
req = None
|
||||
if not req:
|
||||
raise Exception("Authentication frame (commit) not received")
|
||||
|
||||
hapd.dump_monitor()
|
||||
hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())
|
||||
logger.info("Replay Commit")
|
||||
hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())
|
||||
|
||||
logger.info("Confirm")
|
||||
for i in range(0, 10):
|
||||
req = hapd.mgmt_rx()
|
||||
if req is None:
|
||||
raise Exception("MGMT RX wait timed out (confirm)")
|
||||
if req['subtype'] == 11:
|
||||
trans, = struct.unpack('<H', req['payload'][2:4])
|
||||
if trans == 1:
|
||||
logger.info("Extra Commit")
|
||||
hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())
|
||||
continue
|
||||
break
|
||||
req = None
|
||||
if not req:
|
||||
raise Exception("Authentication frame (confirm) not received")
|
||||
|
||||
hapd.dump_monitor()
|
||||
hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())
|
||||
|
||||
logger.info("Association Request")
|
||||
for i in range(0, 10):
|
||||
req = hapd.mgmt_rx()
|
||||
if req is None:
|
||||
raise Exception("MGMT RX wait timed out (AssocReq)")
|
||||
if req['subtype'] == 0:
|
||||
break
|
||||
req = None
|
||||
if not req:
|
||||
raise Exception("Association Request frame not received")
|
||||
|
||||
hapd.dump_monitor()
|
||||
hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())
|
||||
for i in range(0, 10):
|
||||
ev = hapd.wait_event(["MGMT-TX-STATUS"], timeout=5)
|
||||
if ev is None:
|
||||
raise Exception("Management frame TX status not reported (1)")
|
||||
if "stype=11 ok=1" in ev:
|
||||
continue
|
||||
if "stype=12 ok=1" in ev:
|
||||
continue
|
||||
if "stype=1 ok=1" not in ev:
|
||||
raise Exception("Unexpected management frame TX status (1): " + ev)
|
||||
cmd = "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev.split(' ')[1:4]))
|
||||
if "OK" not in hapd.request(cmd):
|
||||
raise Exception("MGMT_TX_STATUS_PROCESS failed")
|
||||
break
|
||||
|
||||
hapd.set("ext_mgmt_frame_handling", "0")
|
||||
|
||||
dev[0].wait_connected()
|
||||
|
||||
def test_sae_proto_confirm_replay(dev, apdev):
|
||||
"""SAE protocol testing - Confirm replay"""
|
||||
if "SAE" not in dev[0].get_capability("auth_alg"):
|
||||
@ -777,10 +939,6 @@ def test_sae_proto_confirm_replay(dev, apdev):
|
||||
if not req:
|
||||
raise Exception("Authentication frame (commit) not received")
|
||||
|
||||
bssid = hapd.own_addr().replace(':', '')
|
||||
addr = dev[0].own_addr().replace(':', '')
|
||||
hdr = "b0003a01" + bssid + addr + bssid + "1000"
|
||||
|
||||
hapd.dump_monitor()
|
||||
hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user