Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Fix the notes on EAPOL-Key testing procedures

The extra sanity check for replay protection in these procedures ended
up breaking the tests. RESET_PN cannot be used before RESEND_* commands
since that would prevent the DUT from accepting the retransmitted
EAPOL-Key frames.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen 7 years ago
parent
3d0fb95583
commit
6e3027a57e
1 changed files with 6 additions and 33 deletions
Split View Show Diff Stats
  1. 6 33
      tests/cipher-and-key-mgmt-testing.txt

+ 6 - 33
tests/cipher-and-key-mgmt-testing.txt
View File 

@@ -236,19 +236,10 @@ the following hostapd_cli commands:
 
 
 Test broadcast connectivity; should work
 
 
-> raw RESET_PN ff:ff:ff:ff:ff:ff
 
-OK
 
-
 
-Test broadcast connectivity; should not work; if it does, replay
 
-protection is completely broken and the following step cannot be
 
-executed reliably. The following command needs to be run before there
 
-has been large enough number of new frames to increment the PN on the
 
-test tool. It would also be possible to execute "raw RESET_PN
 
-ff:ff:ff:ff:ff:ff" again after the initial sanity testing to get back to
 
-PN 0 for the next step.
 
-
 
 > raw RESEND_GROUP_M1 <DUT MAC address>
 
 OK
 
+> raw RESET_PN ff:ff:ff:ff:ff:ff
 
+OK
 
 
 Test broadcast connectivity; should not work; if it does, the device
 
 does not implement protection for delayed retransmission of Group Key
 
@@ -263,19 +254,10 @@ broadcast traffic, but with the following hostapd_cli commands:
 
 
 Test broadcast connectivity; should work
 
 
-> raw RESET_PN ff:ff:ff:ff:ff:ff
 
-OK
 
-
 
-Test broadcast connectivity; should not work; if it does, replay
 
-protection is completely broken and the following step cannot be
 
-executed reliably. The following command needs to be run before there
 
-has been large enough number of new frames to increment the PN on the
 
-test tool. It would also be possible to execute "raw RESET_PN
 
-ff:ff:ff:ff:ff:ff" again after the initial sanity testing to get back to
 
-PN 0 for the next step.
 
-
 
 > raw RESEND_M3 <DUT MAC address>
 
 OK
 
+> raw RESET_PN ff:ff:ff:ff:ff:ff
 
+OK
 
 
 Test broadcast connectivity; should not work; if it does, the device
 
 does not implement protection for delayed retransmission of 4-way
 
@@ -310,19 +292,10 @@ unicast traffic, but with the following hostapd_cli commands:
 
 
 Test unicast connectivity; should work
 
 
-> raw RESET_PN <DUT MAC address>
 
-OK
 
-
 
-Test unicast connectivity; should not work; if it does, replay
 
-protection is completely broken and the following step cannot be
 
-executed reliably. The following command needs to be run before there
 
-has been large enough number of new frames to increment the PN on the
 
-test tool. It would also be possible to execute "raw RESET_PN <DUT MAC
 
-address>" again after the initial sanity testing to get back to PN 0 for
 
-the next step.
 
-
 
 > raw RESEND_M3 <DUT MAC address>
 
 OK
 
+> raw RESET_PN <DUT MAC address>
 
+OK
 
 
 Test unicast connectivity; should not work; if it does, the device
 
 does not implement protection for delayed retransmission of 4-way