mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2025-01-18 19:04:02 -05:00
938c6e7b3d
When going through 4-way handshake, the station side reports CTRL-EVENT-CONNECTED after having sent out EAPOL-Key msg 4/4. The AP side reports AP-STA-CONNECT after having completed processing of this frame. Especially when using UML with time travel, it is possible for the connectivity test to be started before the AP side has configured the pairwise TK if the test is triggered based on CTRL-EVENT-CONNECTED instead of AP-STA-CONNECT. Add explicit wait for AP-STA-CONNECT in some of these cases to reduce likelihood of reporting failures for test cases that are actually behaving as expected. This shows up with "dev1->dev2 unicast data delivery failed" in the test log. Do the same before requesting reauthentication from the station side since that has a similar issue with the EAPOL-Start frame getting encrypted before the AP is ready for it. Signed-off-by: Jouni Malinen <j@w1.fi>
245 lines
9.0 KiB
Python
245 lines
9.0 KiB
Python
# Roaming tests
|
|
# Copyright (c) 2013, Jouni Malinen <j@w1.fi>
|
|
#
|
|
# This software may be distributed under the terms of the BSD license.
|
|
# See README for more details.
|
|
|
|
from remotehost import remote_compatible
|
|
import time
|
|
import logging
|
|
logger = logging.getLogger()
|
|
|
|
import hwsim_utils
|
|
import hostapd
|
|
from wpasupplicant import WpaSupplicant
|
|
|
|
@remote_compatible
|
|
def test_ap_roam_open(dev, apdev):
|
|
"""Roam between two open APs"""
|
|
hapd0 = hostapd.add_ap(apdev[0], {"ssid": "test-open"})
|
|
dev[0].connect("test-open", key_mgmt="NONE")
|
|
hwsim_utils.test_connectivity(dev[0], hapd0)
|
|
hapd1 = hostapd.add_ap(apdev[1], {"ssid": "test-open"})
|
|
dev[0].scan(type="ONLY")
|
|
dev[0].roam(apdev[1]['bssid'])
|
|
hwsim_utils.test_connectivity(dev[0], hapd1)
|
|
dev[0].roam(apdev[0]['bssid'])
|
|
hwsim_utils.test_connectivity(dev[0], hapd0)
|
|
|
|
@remote_compatible
|
|
def test_ap_roam_open_failed(dev, apdev):
|
|
"""Roam failure due to rejected authentication"""
|
|
hapd0 = hostapd.add_ap(apdev[0], {"ssid": "test-open"})
|
|
dev[0].connect("test-open", key_mgmt="NONE", scan_freq="2412")
|
|
hwsim_utils.test_connectivity(dev[0], hapd0)
|
|
params = {"ssid": "test-open", "max_num_sta": "0"}
|
|
hapd1 = hostapd.add_ap(apdev[1], params)
|
|
bssid = hapd1.own_addr()
|
|
|
|
dev[0].scan_for_bss(bssid, freq=2412)
|
|
dev[0].dump_monitor()
|
|
if "OK" not in dev[0].request("ROAM " + bssid):
|
|
raise Exception("ROAM failed")
|
|
|
|
ev = dev[0].wait_event(["CTRL-EVENT-AUTH-REJECT"], 1)
|
|
if not ev:
|
|
raise Exception("CTRL-EVENT-AUTH-REJECT was not seen")
|
|
|
|
dev[0].wait_connected(timeout=5)
|
|
hwsim_utils.test_connectivity(dev[0], hapd0)
|
|
|
|
@remote_compatible
|
|
def test_ap_roam_wpa2_psk(dev, apdev):
|
|
"""Roam between two WPA2-PSK APs"""
|
|
params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678")
|
|
hapd0 = hostapd.add_ap(apdev[0], params)
|
|
dev[0].connect("test-wpa2-psk", psk="12345678")
|
|
hapd0.wait_sta()
|
|
hwsim_utils.test_connectivity(dev[0], hapd0)
|
|
hapd1 = hostapd.add_ap(apdev[1], params)
|
|
dev[0].scan(type="ONLY")
|
|
dev[0].roam(apdev[1]['bssid'])
|
|
hapd1.wait_sta()
|
|
hwsim_utils.test_connectivity(dev[0], hapd1)
|
|
dev[0].roam(apdev[0]['bssid'])
|
|
hapd0.wait_sta()
|
|
hwsim_utils.test_connectivity(dev[0], hapd0)
|
|
|
|
def get_blacklist(dev):
|
|
return dev.request("BLACKLIST").splitlines()
|
|
|
|
def test_ap_reconnect_auth_timeout(dev, apdev, params):
|
|
"""Reconnect to 2nd AP and authentication times out"""
|
|
wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
|
|
wpas.interface_add("wlan5",
|
|
drv_params="force_connect_cmd=1,force_bss_selection=1")
|
|
|
|
params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678")
|
|
hapd0 = hostapd.add_ap(apdev[0], params)
|
|
bssid0 = hapd0.own_addr()
|
|
|
|
wpas.scan_for_bss(bssid0, freq=2412)
|
|
id = wpas.connect("test-wpa2-psk", psk="12345678", scan_freq="2412")
|
|
hapd0.wait_sta()
|
|
hwsim_utils.test_connectivity(wpas, hapd0)
|
|
|
|
hapd1 = hostapd.add_ap(apdev[1], params)
|
|
bssid1 = hapd1.own_addr()
|
|
|
|
wpas.request("BLACKLIST " + bssid0)
|
|
|
|
wpas.scan_for_bss(bssid1, freq=2412)
|
|
wpas.request("DISCONNECT")
|
|
if "OK" not in wpas.request("SET ignore_auth_resp 1"):
|
|
raise Exception("SET ignore_auth_resp failed")
|
|
if "OK" not in wpas.request("ENABLE_NETWORK " + str(id)):
|
|
raise Exception("ENABLE_NETWORK failed")
|
|
if "OK" not in wpas.request("SELECT_NETWORK " + str(id)):
|
|
raise Exception("SELECT_NETWORK failed")
|
|
|
|
logger.info("Wait ~10s for auth timeout...")
|
|
time.sleep(10)
|
|
ev = wpas.wait_event(["CTRL-EVENT-SCAN-STARTED"], 12)
|
|
if not ev:
|
|
raise Exception("CTRL-EVENT-SCAN-STARTED not seen")
|
|
|
|
b = get_blacklist(wpas)
|
|
if '00:00:00:00:00:00' in b:
|
|
raise Exception("Unexpected blacklist contents: " + str(b))
|
|
if bssid1 not in b:
|
|
raise Exception("Unexpected blacklist contents: " + str(b))
|
|
|
|
def test_ap_roam_with_reassoc_auth_timeout(dev, apdev, params):
|
|
"""Roam using reassoc between two APs and authentication times out"""
|
|
wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
|
|
wpas.interface_add("wlan5",
|
|
drv_params="force_connect_cmd=1,force_bss_selection=1")
|
|
|
|
params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678")
|
|
hapd0 = hostapd.add_ap(apdev[0], params)
|
|
bssid0 = hapd0.own_addr()
|
|
|
|
id = wpas.connect("test-wpa2-psk", psk="12345678", scan_freq="2412")
|
|
hapd0.wait_sta()
|
|
hwsim_utils.test_connectivity(wpas, hapd0)
|
|
|
|
hapd1 = hostapd.add_ap(apdev[1], params)
|
|
bssid1 = hapd1.own_addr()
|
|
wpas.scan_for_bss(bssid1, freq=2412)
|
|
|
|
if "OK" not in wpas.request("SET_NETWORK " + str(id) + " bssid " + bssid1):
|
|
raise Exception("SET_NETWORK failed")
|
|
if "OK" not in wpas.request("SET ignore_auth_resp 1"):
|
|
raise Exception("SET ignore_auth_resp failed")
|
|
if "OK" not in wpas.request("REASSOCIATE"):
|
|
raise Exception("REASSOCIATE failed")
|
|
|
|
logger.info("Wait ~10s for auth timeout...")
|
|
time.sleep(10)
|
|
ev = wpas.wait_event(["CTRL-EVENT-SCAN-STARTED"], 12)
|
|
if not ev:
|
|
raise Exception("CTRL-EVENT-SCAN-STARTED not seen")
|
|
|
|
b = get_blacklist(wpas)
|
|
if bssid0 in b:
|
|
raise Exception("Unexpected blacklist contents: " + str(b))
|
|
|
|
def test_ap_roam_wpa2_psk_failed(dev, apdev, params):
|
|
"""Roam failure with WPA2-PSK AP due to wrong passphrase"""
|
|
params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678")
|
|
hapd0 = hostapd.add_ap(apdev[0], params)
|
|
id = dev[0].connect("test-wpa2-psk", psk="12345678", scan_freq="2412")
|
|
hapd0.wait_sta()
|
|
hwsim_utils.test_connectivity(dev[0], hapd0)
|
|
params['wpa_passphrase'] = "22345678"
|
|
hapd1 = hostapd.add_ap(apdev[1], params)
|
|
bssid = hapd1.own_addr()
|
|
dev[0].scan_for_bss(bssid, freq=2412)
|
|
|
|
dev[0].dump_monitor()
|
|
if "OK" not in dev[0].request("ROAM " + bssid):
|
|
raise Exception("ROAM failed")
|
|
|
|
ev = dev[0].wait_event(["CTRL-EVENT-SSID-TEMP-DISABLED",
|
|
"CTRL-EVENT-CONNECTED"], 5)
|
|
if "CTRL-EVENT-CONNECTED" in ev:
|
|
raise Exception("Got unexpected CTRL-EVENT-CONNECTED")
|
|
if "CTRL-EVENT-SSID-TEMP-DISABLED" not in ev:
|
|
raise Exception("CTRL-EVENT-SSID-TEMP-DISABLED not seen")
|
|
|
|
if "OK" not in dev[0].request("SELECT_NETWORK id=" + str(id)):
|
|
raise Exception("SELECT_NETWORK failed")
|
|
|
|
ev = dev[0].wait_event(["CTRL-EVENT-SSID-REENABLED"], 3)
|
|
if not ev:
|
|
raise Exception("CTRL-EVENT-SSID-REENABLED not seen")
|
|
|
|
dev[0].wait_connected(timeout=5)
|
|
hapd0.wait_sta()
|
|
hwsim_utils.test_connectivity(dev[0], hapd0)
|
|
|
|
@remote_compatible
|
|
def test_ap_reassociation_to_same_bss(dev, apdev):
|
|
"""Reassociate to the same BSS"""
|
|
hapd = hostapd.add_ap(apdev[0], {"ssid": "test-open"})
|
|
dev[0].connect("test-open", key_mgmt="NONE")
|
|
hapd.wait_sta()
|
|
|
|
dev[0].request("REASSOCIATE")
|
|
dev[0].wait_connected(timeout=10, error="Reassociation timed out")
|
|
hapd.wait_sta()
|
|
hwsim_utils.test_connectivity(dev[0], hapd)
|
|
|
|
dev[0].request("REATTACH")
|
|
dev[0].wait_connected(timeout=10, error="Reattach timed out")
|
|
hapd.wait_sta()
|
|
hwsim_utils.test_connectivity(dev[0], hapd)
|
|
|
|
# Wait for previous scan results to expire to trigger new scan
|
|
time.sleep(5)
|
|
dev[0].request("REATTACH")
|
|
dev[0].wait_connected(timeout=10, error="Reattach timed out")
|
|
hapd.wait_sta()
|
|
hwsim_utils.test_connectivity(dev[0], hapd)
|
|
|
|
@remote_compatible
|
|
def test_ap_roam_set_bssid(dev, apdev):
|
|
"""Roam control"""
|
|
hostapd.add_ap(apdev[0], {"ssid": "test-open"})
|
|
hostapd.add_ap(apdev[1], {"ssid": "test-open"})
|
|
id = dev[0].connect("test-open", key_mgmt="NONE", bssid=apdev[1]['bssid'],
|
|
scan_freq="2412")
|
|
if dev[0].get_status_field('bssid') != apdev[1]['bssid']:
|
|
raise Exception("Unexpected BSS")
|
|
# for now, these are just verifying that the code path to indicate
|
|
# within-ESS roaming changes can be executed; the actual results of those
|
|
# operations are not currently verified (that would require a test driver
|
|
# that does BSS selection)
|
|
dev[0].set_network(id, "bssid", "")
|
|
dev[0].set_network(id, "bssid", apdev[0]['bssid'])
|
|
dev[0].set_network(id, "bssid", apdev[1]['bssid'])
|
|
|
|
@remote_compatible
|
|
def test_ap_roam_wpa2_psk_race(dev, apdev):
|
|
"""Roam between two WPA2-PSK APs and try to hit a disconnection race"""
|
|
params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678")
|
|
hapd0 = hostapd.add_ap(apdev[0], params)
|
|
dev[0].connect("test-wpa2-psk", psk="12345678", scan_freq="2412")
|
|
hapd0.wait_sta()
|
|
hwsim_utils.test_connectivity(dev[0], hapd0)
|
|
|
|
params['channel'] = '2'
|
|
hapd1 = hostapd.add_ap(apdev[1], params)
|
|
dev[0].scan_for_bss(apdev[1]['bssid'], freq=2417)
|
|
dev[0].roam(apdev[1]['bssid'])
|
|
hapd1.wait_sta()
|
|
hwsim_utils.test_connectivity(dev[0], hapd1)
|
|
dev[0].roam(apdev[0]['bssid'])
|
|
hapd0.wait_sta()
|
|
hwsim_utils.test_connectivity(dev[0], hapd0)
|
|
# Wait at least two seconds to trigger the previous issue with the
|
|
# disconnection callback.
|
|
for i in range(3):
|
|
time.sleep(0.8)
|
|
hwsim_utils.test_connectivity(dev[0], hapd0)
|