tests: Additional SAE protocol testing

Check behavior with delayed/replayed SAE commit message.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2019-10-27 15:16:03 +02:00
parent 1b5865a53f
commit 46746fc170

View File

@ -749,6 +749,168 @@ def test_sae_proto_ffc(dev, apdev):
hapd.set("ext_mgmt_frame_handling", "0")
hapd.dump_monitor()
def test_sae_proto_commit_delayed(dev, apdev):
"""SAE protocol testing - Commit delayed"""
if "SAE" not in dev[0].get_capability("auth_alg"):
raise HwsimSkip("SAE not supported")
params = hostapd.wpa2_params(ssid="test-sae",
passphrase="12345678")
params['wpa_key_mgmt'] = 'SAE'
hapd = hostapd.add_ap(apdev[0], params)
bssid = apdev[0]['bssid']
dev[0].request("SET sae_groups 19")
dev[0].scan_for_bss(bssid, freq=2412)
hapd.set("ext_mgmt_frame_handling", "1")
dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
scan_freq="2412", wait_connect=False)
logger.info("Commit")
for i in range(0, 10):
req = hapd.mgmt_rx()
if req is None:
raise Exception("MGMT RX wait timed out (commit)")
if req['subtype'] == 11:
break
req = None
if not req:
raise Exception("Authentication frame (commit) not received")
hapd.dump_monitor()
time.sleep(2.5)
hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())
logger.info("Commit/Confirm")
for i in range(0, 10):
req = hapd.mgmt_rx()
if req is None:
raise Exception("MGMT RX wait timed out (confirm)")
if req['subtype'] == 11:
trans, = struct.unpack('<H', req['payload'][2:4])
if trans == 1:
logger.info("Extra Commit")
hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())
continue
break
req = None
if not req:
raise Exception("Authentication frame (confirm) not received")
hapd.dump_monitor()
hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())
logger.info("Association Request")
for i in range(0, 10):
req = hapd.mgmt_rx()
if req is None:
raise Exception("MGMT RX wait timed out (AssocReq)")
if req['subtype'] == 0:
break
req = None
if not req:
raise Exception("Association Request frame not received")
hapd.dump_monitor()
hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())
ev = hapd.wait_event(["MGMT-TX-STATUS"], timeout=5)
if ev is None:
raise Exception("Management frame TX status not reported (1)")
if "stype=1 ok=1" not in ev:
raise Exception("Unexpected management frame TX status (1): " + ev)
cmd = "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev.split(' ')[1:4]))
if "OK" not in hapd.request(cmd):
raise Exception("MGMT_TX_STATUS_PROCESS failed")
hapd.set("ext_mgmt_frame_handling", "0")
dev[0].wait_connected()
def test_sae_proto_commit_replay(dev, apdev):
"""SAE protocol testing - Commit replay"""
if "SAE" not in dev[0].get_capability("auth_alg"):
raise HwsimSkip("SAE not supported")
params = hostapd.wpa2_params(ssid="test-sae",
passphrase="12345678")
params['wpa_key_mgmt'] = 'SAE'
hapd = hostapd.add_ap(apdev[0], params)
bssid = apdev[0]['bssid']
dev[0].request("SET sae_groups 19")
dev[0].scan_for_bss(bssid, freq=2412)
hapd.set("ext_mgmt_frame_handling", "1")
dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
scan_freq="2412", wait_connect=False)
logger.info("Commit")
for i in range(0, 10):
req = hapd.mgmt_rx()
if req is None:
raise Exception("MGMT RX wait timed out (commit)")
if req['subtype'] == 11:
break
req = None
if not req:
raise Exception("Authentication frame (commit) not received")
hapd.dump_monitor()
hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())
logger.info("Replay Commit")
hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())
logger.info("Confirm")
for i in range(0, 10):
req = hapd.mgmt_rx()
if req is None:
raise Exception("MGMT RX wait timed out (confirm)")
if req['subtype'] == 11:
trans, = struct.unpack('<H', req['payload'][2:4])
if trans == 1:
logger.info("Extra Commit")
hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())
continue
break
req = None
if not req:
raise Exception("Authentication frame (confirm) not received")
hapd.dump_monitor()
hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())
logger.info("Association Request")
for i in range(0, 10):
req = hapd.mgmt_rx()
if req is None:
raise Exception("MGMT RX wait timed out (AssocReq)")
if req['subtype'] == 0:
break
req = None
if not req:
raise Exception("Association Request frame not received")
hapd.dump_monitor()
hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())
for i in range(0, 10):
ev = hapd.wait_event(["MGMT-TX-STATUS"], timeout=5)
if ev is None:
raise Exception("Management frame TX status not reported (1)")
if "stype=11 ok=1" in ev:
continue
if "stype=12 ok=1" in ev:
continue
if "stype=1 ok=1" not in ev:
raise Exception("Unexpected management frame TX status (1): " + ev)
cmd = "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev.split(' ')[1:4]))
if "OK" not in hapd.request(cmd):
raise Exception("MGMT_TX_STATUS_PROCESS failed")
break
hapd.set("ext_mgmt_frame_handling", "0")
dev[0].wait_connected()
def test_sae_proto_confirm_replay(dev, apdev):
"""SAE protocol testing - Confirm replay"""
if "SAE" not in dev[0].get_capability("auth_alg"):
@ -777,10 +939,6 @@ def test_sae_proto_confirm_replay(dev, apdev):
if not req:
raise Exception("Authentication frame (commit) not received")
bssid = hapd.own_addr().replace(':', '')
addr = dev[0].own_addr().replace(':', '')
hdr = "b0003a01" + bssid + addr + bssid + "1000"
hapd.dump_monitor()
hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())