# Cipher suite tests
-# Copyright (c) 2013, Jouni Malinen <j@w1.fi>
+# Copyright (c) 2013-2015, Jouni Malinen <j@w1.fi>
#
# This software may be distributed under the terms of the BSD license.
# See README for more details.
+from remotehost import remote_compatible
import time
-import subprocess
import logging
logger = logging.getLogger()
import os.path
import hwsim_utils
import hostapd
+from utils import HwsimSkip, skip_with_fips
+from wlantest import Wlantest
def check_cipher(dev, ap, cipher):
if cipher not in dev.get_capability("pairwise"):
- return "skip"
+ raise HwsimSkip("Cipher %s not supported" % cipher)
params = { "ssid": "test-wpa2-psk",
"wpa_passphrase": "12345678",
"wpa": "2",
"wpa_key_mgmt": "WPA-PSK",
"rsn_pairwise": cipher }
- hostapd.add_ap(ap['ifname'], params)
+ hapd = hostapd.add_ap(ap, params)
dev.connect("test-wpa2-psk", psk="12345678",
pairwise=cipher, group=cipher, scan_freq="2412")
- hwsim_utils.test_connectivity(dev.ifname, ap['ifname'])
+ hwsim_utils.test_connectivity(dev, hapd)
+def check_group_mgmt_cipher(dev, ap, cipher):
+ if cipher not in dev.get_capability("group_mgmt"):
+ raise HwsimSkip("Cipher %s not supported" % cipher)
+ params = { "ssid": "test-wpa2-psk-pmf",
+ "wpa_passphrase": "12345678",
+ "wpa": "2",
+ "ieee80211w": "2",
+ "wpa_key_mgmt": "WPA-PSK-SHA256",
+ "rsn_pairwise": "CCMP",
+ "group_mgmt_cipher": cipher }
+ hapd = hostapd.add_ap(ap, params)
+
+ Wlantest.setup(hapd)
+ wt = Wlantest()
+ wt.flush()
+ wt.add_passphrase("12345678")
+
+ dev.connect("test-wpa2-psk-pmf", psk="12345678", ieee80211w="2",
+ key_mgmt="WPA-PSK-SHA256",
+ pairwise="CCMP", group="CCMP", scan_freq="2412")
+ hwsim_utils.test_connectivity(dev, hapd)
+ hapd.request("DEAUTHENTICATE ff:ff:ff:ff:ff:ff")
+ dev.wait_disconnected()
+ if wt.get_bss_counter('valid_bip_mmie', ap['bssid']) < 1:
+ raise Exception("No valid BIP MMIE seen")
+ if wt.get_bss_counter('bip_deauth', ap['bssid']) < 1:
+ raise Exception("No valid BIP deauth seen")
+
+ if cipher == "AES-128-CMAC":
+ group_mgmt = "BIP"
+ else:
+ group_mgmt = cipher
+ res = wt.info_bss('group_mgmt', ap['bssid']).strip()
+ if res != group_mgmt:
+ raise Exception("Unexpected group mgmt cipher: " + res)
+
+@remote_compatible
def test_ap_cipher_tkip(dev, apdev):
"""WPA2-PSK/TKIP connection"""
- return check_cipher(dev[0], apdev[0], "TKIP")
+ skip_with_fips(dev[0])
+ check_cipher(dev[0], apdev[0], "TKIP")
+@remote_compatible
def test_ap_cipher_tkip_countermeasures_ap(dev, apdev):
"""WPA-PSK/TKIP countermeasures (detected by AP)"""
+ skip_with_fips(dev[0])
testfile = "/sys/kernel/debug/ieee80211/%s/netdev:%s/tkip_mic_test" % (dev[0].get_driver_status_field("phyname"), dev[0].ifname)
- if not os.path.exists(testfile):
- return "skip"
+ if dev[0].cmd_execute([ "ls", testfile ])[0] != 0:
+ raise HwsimSkip("tkip_mic_test not supported in mac80211")
params = { "ssid": "tkip-countermeasures",
"wpa_passphrase": "12345678",
"wpa": "1",
"wpa_key_mgmt": "WPA-PSK",
"wpa_pairwise": "TKIP" }
- hapd = hostapd.add_ap(apdev[0]['ifname'], params)
+ hapd = hostapd.add_ap(apdev[0], params)
dev[0].connect("tkip-countermeasures", psk="12345678",
pairwise="TKIP", group="TKIP", scan_freq="2412")
dev[0].dump_monitor()
- cmd = subprocess.Popen(["sudo", "tee", testfile],
- stdin=subprocess.PIPE, stdout=subprocess.PIPE)
- cmd.stdin.write(apdev[0]['bssid'])
- cmd.stdin.close()
- cmd.stdout.read()
- cmd.stdout.close()
+ dev[0].cmd_execute([ "echo", "-n", apdev[0]['bssid'], ">", testfile ],
+ shell=True)
ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
if ev is not None:
raise Exception("Unexpected disconnection on first Michael MIC failure")
- cmd = subprocess.Popen(["sudo", "tee", testfile],
- stdin=subprocess.PIPE, stdout=subprocess.PIPE)
- cmd.stdin.write("ff:ff:ff:ff:ff:ff")
- cmd.stdin.close()
- cmd.stdout.read()
- cmd.stdout.close()
- ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=10)
- if ev is None:
- raise Exception("No disconnection after two Michael MIC failures")
+ dev[0].cmd_execute([ "echo", "-n", "ff:ff:ff:ff:ff:ff", ">", testfile ],
+ shell=True)
+ ev = dev[0].wait_disconnected(timeout=10,
+ error="No disconnection after two Michael MIC failures")
if "reason=14" not in ev:
raise Exception("Unexpected disconnection reason: " + ev)
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
if ev is not None:
raise Exception("Unexpected connection during TKIP countermeasures")
+@remote_compatible
def test_ap_cipher_tkip_countermeasures_sta(dev, apdev):
"""WPA-PSK/TKIP countermeasures (detected by STA)"""
+ skip_with_fips(dev[0])
params = { "ssid": "tkip-countermeasures",
"wpa_passphrase": "12345678",
"wpa": "1",
"wpa_key_mgmt": "WPA-PSK",
"wpa_pairwise": "TKIP" }
- hapd = hostapd.add_ap(apdev[0]['ifname'], params)
+ hapd = hostapd.add_ap(apdev[0], params)
testfile = "/sys/kernel/debug/ieee80211/%s/netdev:%s/tkip_mic_test" % (hapd.get_driver_status_field("phyname"), apdev[0]['ifname'])
- if not os.path.exists(testfile):
- return "skip"
+ if hapd.cmd_execute([ "ls", testfile ])[0] != 0:
+ raise HwsimSkip("tkip_mic_test not supported in mac80211")
dev[0].connect("tkip-countermeasures", psk="12345678",
pairwise="TKIP", group="TKIP", scan_freq="2412")
dev[0].dump_monitor()
- cmd = subprocess.Popen(["sudo", "tee", testfile],
- stdin=subprocess.PIPE, stdout=subprocess.PIPE)
- cmd.stdin.write(dev[0].p2p_dev_addr())
- cmd.stdin.close()
- cmd.stdout.read()
- cmd.stdout.close()
+ hapd.cmd_execute([ "echo", "-n", dev[0].own_addr(), ">", testfile ],
+ shell=True)
ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
if ev is not None:
raise Exception("Unexpected disconnection on first Michael MIC failure")
- cmd = subprocess.Popen(["sudo", "tee", testfile],
- stdin=subprocess.PIPE, stdout=subprocess.PIPE)
- cmd.stdin.write("ff:ff:ff:ff:ff:ff")
- cmd.stdin.close()
- cmd.stdout.read()
- cmd.stdout.close()
- ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=10)
- if ev is None:
- raise Exception("No disconnection after two Michael MIC failures")
+ hapd.cmd_execute([ "echo", "-n", "ff:ff:ff:ff:ff:ff", ">", testfile ],
+ shell=True)
+ ev = dev[0].wait_disconnected(timeout=10,
+ error="No disconnection after two Michael MIC failures")
if "reason=14 locally_generated=1" not in ev:
raise Exception("Unexpected disconnection reason: " + ev)
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
if ev is not None:
raise Exception("Unexpected connection during TKIP countermeasures")
+@remote_compatible
def test_ap_cipher_ccmp(dev, apdev):
"""WPA2-PSK/CCMP connection"""
- return check_cipher(dev[0], apdev[0], "CCMP")
+ check_cipher(dev[0], apdev[0], "CCMP")
def test_ap_cipher_gcmp(dev, apdev):
"""WPA2-PSK/GCMP connection"""
- return check_cipher(dev[0], apdev[0], "GCMP")
+ check_cipher(dev[0], apdev[0], "GCMP")
def test_ap_cipher_ccmp_256(dev, apdev):
"""WPA2-PSK/CCMP-256 connection"""
- return check_cipher(dev[0], apdev[0], "CCMP-256")
+ check_cipher(dev[0], apdev[0], "CCMP-256")
def test_ap_cipher_gcmp_256(dev, apdev):
"""WPA2-PSK/GCMP-256 connection"""
- return check_cipher(dev[0], apdev[0], "GCMP-256")
+ check_cipher(dev[0], apdev[0], "GCMP-256")
+@remote_compatible
def test_ap_cipher_mixed_wpa_wpa2(dev, apdev):
"""WPA2-PSK/CCMP/ and WPA-PSK/TKIP mixed configuration"""
+ skip_with_fips(dev[0])
ssid = "test-wpa-wpa2-psk"
passphrase = "12345678"
params = { "ssid": ssid,
"wpa_key_mgmt": "WPA-PSK",
"rsn_pairwise": "CCMP",
"wpa_pairwise": "TKIP" }
- hostapd.add_ap(apdev[0]['ifname'], params)
+ hapd = hostapd.add_ap(apdev[0], params)
dev[0].connect(ssid, psk=passphrase, proto="WPA2",
pairwise="CCMP", group="TKIP", scan_freq="2412")
status = dev[0].get_status()
raise Exception("Missing BSS flag WPA-PSK-TKIP")
if "[WPA2-PSK-CCMP]" not in bss['flags']:
raise Exception("Missing BSS flag WPA2-PSK-CCMP")
- hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname'])
+ hwsim_utils.test_connectivity(dev[0], hapd)
dev[1].connect(ssid, psk=passphrase, proto="WPA",
pairwise="TKIP", group="TKIP", scan_freq="2412")
raise Exception("Incorrect pairwise_cipher reported")
if status['group_cipher'] != 'TKIP':
raise Exception("Incorrect group_cipher reported")
- hwsim_utils.test_connectivity(dev[1].ifname, apdev[0]['ifname'])
- hwsim_utils.test_connectivity(dev[0].ifname, dev[1].ifname)
+ hwsim_utils.test_connectivity(dev[1], hapd)
+ hwsim_utils.test_connectivity(dev[0], dev[1])
+
+@remote_compatible
+def test_ap_cipher_bip(dev, apdev):
+ """WPA2-PSK with BIP"""
+ check_group_mgmt_cipher(dev[0], apdev[0], "AES-128-CMAC")
+
+def test_ap_cipher_bip_gmac_128(dev, apdev):
+ """WPA2-PSK with BIP-GMAC-128"""
+ check_group_mgmt_cipher(dev[0], apdev[0], "BIP-GMAC-128")
+
+def test_ap_cipher_bip_gmac_256(dev, apdev):
+ """WPA2-PSK with BIP-GMAC-256"""
+ check_group_mgmt_cipher(dev[0], apdev[0], "BIP-GMAC-256")
+
+def test_ap_cipher_bip_cmac_256(dev, apdev):
+ """WPA2-PSK with BIP-CMAC-256"""
+ check_group_mgmt_cipher(dev[0], apdev[0], "BIP-CMAC-256")
projects / mech_eap.git / blobdiff