fragattacks/tests/hwsim/test_ap_ciphers.py
Jonathan Afek f885b8e97c tests: ap_ciphers tests start using general cmd_execute() function
The ap_ciphers tests used to do file operations locally in python. Start
using the cmd_execute() general function for file operations so that
this would also work on remote setups.

Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
2016-06-19 23:48:07 +03:00

208 lines
8.2 KiB
Python

# Cipher suite tests
# Copyright (c) 2013-2015, Jouni Malinen <j@w1.fi>
#
# This software may be distributed under the terms of the BSD license.
# See README for more details.
import time
import logging
logger = logging.getLogger()
import os.path
import hwsim_utils
import hostapd
from utils import HwsimSkip, skip_with_fips
from wlantest import Wlantest
def check_cipher(dev, ap, cipher):
if cipher not in dev.get_capability("pairwise"):
raise HwsimSkip("Cipher %s not supported" % cipher)
params = { "ssid": "test-wpa2-psk",
"wpa_passphrase": "12345678",
"wpa": "2",
"wpa_key_mgmt": "WPA-PSK",
"rsn_pairwise": cipher }
hapd = hostapd.add_ap(ap, params)
dev.connect("test-wpa2-psk", psk="12345678",
pairwise=cipher, group=cipher, scan_freq="2412")
hwsim_utils.test_connectivity(dev, hapd)
def check_group_mgmt_cipher(dev, ap, cipher):
if cipher not in dev.get_capability("group_mgmt"):
raise HwsimSkip("Cipher %s not supported" % cipher)
params = { "ssid": "test-wpa2-psk-pmf",
"wpa_passphrase": "12345678",
"wpa": "2",
"ieee80211w": "2",
"wpa_key_mgmt": "WPA-PSK-SHA256",
"rsn_pairwise": "CCMP",
"group_mgmt_cipher": cipher }
hapd = hostapd.add_ap(ap, params)
Wlantest.setup(hapd)
wt = Wlantest()
wt.flush()
wt.add_passphrase("12345678")
dev.connect("test-wpa2-psk-pmf", psk="12345678", ieee80211w="2",
key_mgmt="WPA-PSK-SHA256",
pairwise="CCMP", group="CCMP", scan_freq="2412")
hwsim_utils.test_connectivity(dev, hapd)
hapd.request("DEAUTHENTICATE ff:ff:ff:ff:ff:ff")
dev.wait_disconnected()
if wt.get_bss_counter('valid_bip_mmie', ap['bssid']) < 1:
raise Exception("No valid BIP MMIE seen")
if wt.get_bss_counter('bip_deauth', ap['bssid']) < 1:
raise Exception("No valid BIP deauth seen")
if cipher == "AES-128-CMAC":
group_mgmt = "BIP"
else:
group_mgmt = cipher
res = wt.info_bss('group_mgmt', ap['bssid']).strip()
if res != group_mgmt:
raise Exception("Unexpected group mgmt cipher: " + res)
def test_ap_cipher_tkip(dev, apdev):
"""WPA2-PSK/TKIP connection"""
skip_with_fips(dev[0])
check_cipher(dev[0], apdev[0], "TKIP")
def test_ap_cipher_tkip_countermeasures_ap(dev, apdev):
"""WPA-PSK/TKIP countermeasures (detected by AP)"""
skip_with_fips(dev[0])
testfile = "/sys/kernel/debug/ieee80211/%s/netdev:%s/tkip_mic_test" % (dev[0].get_driver_status_field("phyname"), dev[0].ifname)
if dev[0].cmd_execute([ "ls", testfile ])[0] != 0:
raise HwsimSkip("tkip_mic_test not supported in mac80211")
params = { "ssid": "tkip-countermeasures",
"wpa_passphrase": "12345678",
"wpa": "1",
"wpa_key_mgmt": "WPA-PSK",
"wpa_pairwise": "TKIP" }
hapd = hostapd.add_ap(apdev[0], params)
dev[0].connect("tkip-countermeasures", psk="12345678",
pairwise="TKIP", group="TKIP", scan_freq="2412")
dev[0].dump_monitor()
dev[0].cmd_execute([ "echo", "-n", apdev[0]['bssid'], ">", testfile ])
ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
if ev is not None:
raise Exception("Unexpected disconnection on first Michael MIC failure")
dev[0].cmd_execute([ "echo", "-n", "ff:ff:ff:ff:ff:ff", ">", testfile ])
ev = dev[0].wait_disconnected(timeout=10,
error="No disconnection after two Michael MIC failures")
if "reason=14" not in ev:
raise Exception("Unexpected disconnection reason: " + ev)
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
if ev is not None:
raise Exception("Unexpected connection during TKIP countermeasures")
def test_ap_cipher_tkip_countermeasures_sta(dev, apdev):
"""WPA-PSK/TKIP countermeasures (detected by STA)"""
skip_with_fips(dev[0])
params = { "ssid": "tkip-countermeasures",
"wpa_passphrase": "12345678",
"wpa": "1",
"wpa_key_mgmt": "WPA-PSK",
"wpa_pairwise": "TKIP" }
hapd = hostapd.add_ap(apdev[0], params)
testfile = "/sys/kernel/debug/ieee80211/%s/netdev:%s/tkip_mic_test" % (hapd.get_driver_status_field("phyname"), apdev[0]['ifname'])
if hapd.cmd_execute([ "ls", testfile ])[0] != 0:
raise HwsimSkip("tkip_mic_test not supported in mac80211")
dev[0].connect("tkip-countermeasures", psk="12345678",
pairwise="TKIP", group="TKIP", scan_freq="2412")
dev[0].dump_monitor()
hapd.cmd_execute([ "echo", "-n", dev[0].own_addr(), ">", testfile ])
ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
if ev is not None:
raise Exception("Unexpected disconnection on first Michael MIC failure")
hapd.cmd_execute([ "echo", "-n", "ff:ff:ff:ff:ff:ff", ">", testfile ])
ev = dev[0].wait_disconnected(timeout=10,
error="No disconnection after two Michael MIC failures")
if "reason=14 locally_generated=1" not in ev:
raise Exception("Unexpected disconnection reason: " + ev)
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
if ev is not None:
raise Exception("Unexpected connection during TKIP countermeasures")
def test_ap_cipher_ccmp(dev, apdev):
"""WPA2-PSK/CCMP connection"""
check_cipher(dev[0], apdev[0], "CCMP")
def test_ap_cipher_gcmp(dev, apdev):
"""WPA2-PSK/GCMP connection"""
check_cipher(dev[0], apdev[0], "GCMP")
def test_ap_cipher_ccmp_256(dev, apdev):
"""WPA2-PSK/CCMP-256 connection"""
check_cipher(dev[0], apdev[0], "CCMP-256")
def test_ap_cipher_gcmp_256(dev, apdev):
"""WPA2-PSK/GCMP-256 connection"""
check_cipher(dev[0], apdev[0], "GCMP-256")
def test_ap_cipher_mixed_wpa_wpa2(dev, apdev):
"""WPA2-PSK/CCMP/ and WPA-PSK/TKIP mixed configuration"""
skip_with_fips(dev[0])
ssid = "test-wpa-wpa2-psk"
passphrase = "12345678"
params = { "ssid": ssid,
"wpa_passphrase": passphrase,
"wpa": "3",
"wpa_key_mgmt": "WPA-PSK",
"rsn_pairwise": "CCMP",
"wpa_pairwise": "TKIP" }
hapd = hostapd.add_ap(apdev[0], params)
dev[0].connect(ssid, psk=passphrase, proto="WPA2",
pairwise="CCMP", group="TKIP", scan_freq="2412")
status = dev[0].get_status()
if status['key_mgmt'] != 'WPA2-PSK':
raise Exception("Incorrect key_mgmt reported")
if status['pairwise_cipher'] != 'CCMP':
raise Exception("Incorrect pairwise_cipher reported")
if status['group_cipher'] != 'TKIP':
raise Exception("Incorrect group_cipher reported")
bss = dev[0].get_bss(apdev[0]['bssid'])
if bss['ssid'] != ssid:
raise Exception("Unexpected SSID in the BSS entry")
if "[WPA-PSK-TKIP]" not in bss['flags']:
raise Exception("Missing BSS flag WPA-PSK-TKIP")
if "[WPA2-PSK-CCMP]" not in bss['flags']:
raise Exception("Missing BSS flag WPA2-PSK-CCMP")
hwsim_utils.test_connectivity(dev[0], hapd)
dev[1].connect(ssid, psk=passphrase, proto="WPA",
pairwise="TKIP", group="TKIP", scan_freq="2412")
status = dev[1].get_status()
if status['key_mgmt'] != 'WPA-PSK':
raise Exception("Incorrect key_mgmt reported")
if status['pairwise_cipher'] != 'TKIP':
raise Exception("Incorrect pairwise_cipher reported")
if status['group_cipher'] != 'TKIP':
raise Exception("Incorrect group_cipher reported")
hwsim_utils.test_connectivity(dev[1], hapd)
hwsim_utils.test_connectivity(dev[0], dev[1])
def test_ap_cipher_bip(dev, apdev):
"""WPA2-PSK with BIP"""
check_group_mgmt_cipher(dev[0], apdev[0], "AES-128-CMAC")
def test_ap_cipher_bip_gmac_128(dev, apdev):
"""WPA2-PSK with BIP-GMAC-128"""
check_group_mgmt_cipher(dev[0], apdev[0], "BIP-GMAC-128")
def test_ap_cipher_bip_gmac_256(dev, apdev):
"""WPA2-PSK with BIP-GMAC-256"""
check_group_mgmt_cipher(dev[0], apdev[0], "BIP-GMAC-256")
def test_ap_cipher_bip_cmac_256(dev, apdev):
"""WPA2-PSK with BIP-CMAC-256"""
check_group_mgmt_cipher(dev[0], apdev[0], "BIP-CMAC-256")