Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 6dacb8e98b
Branches Tags
krackattacks
/
tests
/
hwsim
/
test_ap_wps.py

test_ap_wps.py 8.5 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201 
  1. #!/usr/bin/python
    2. 

  2. #
    3. 

  3. # WPS tests
    4. 

  4. # Copyright (c) 2013, Jouni Malinen <j@w1.fi>
    5. 

  5. #
    6. 

  6. # This software may be distributed under the terms of the BSD license.
    7. 

  7. # See README for more details.
    8. 

  8. 

  9. import time
    10. 

  10. import subprocess
    11. 

  11. import logging
    12. 

  12. logger = logging.getLogger(__name__)
    13. 

  13. 

  14. import hwsim_utils
    15. 

  15. import hostapd
    16. 

  16. 

  17. def test_ap_wps_init(dev, apdev):
    18. 

  18.     """Initial AP configuration with first WPS Enrollee"""
    19. 

  19.     ssid = "test-wps"
    20. 

  20.     hostapd.add_ap(apdev[0]['ifname'],
    21. 

  21.                    { "ssid": ssid, "eap_server": "1", "wps_state": "1" })
    22. 

  22.     hapd = hostapd.Hostapd(apdev[0]['ifname'])
    23. 

  23.     logger.info("WPS provisioning step")
    24. 

  24.     hapd.request("WPS_PBC")
    25. 

  25.     dev[0].request("BSS_FLUSH 0")
    26. 

  26.     dev[0].request("SET ignore_old_scan_res 1")
    27. 

  27.     dev[0].dump_monitor()
    28. 

  28.     dev[0].request("WPS_PBC")
    29. 

  29.     ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=15)
    30. 

  30.     if ev is None:
    31. 

  31.         raise Exception("Association with the AP timed out")
    32. 

  32.     status = dev[0].get_status()
    33. 

  33.     if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
    34. 

  34.         raise Exception("Not fully connected")
    35. 

  35.     if status['ssid'] != ssid:
    36. 

  36.         raise Exception("Unexpected SSID")
    37. 

  37.     if status['pairwise_cipher'] != 'CCMP':
    38. 

  38.         raise Exception("Unexpected encryption configuration")
    39. 

  39.     if status['key_mgmt'] != 'WPA2-PSK':
    40. 

  40.         raise Exception("Unexpected key_mgmt")
    41. 

  41. 

  42. def test_ap_wps_conf(dev, apdev):
    43. 

  43.     """WPS PBC provisioning with configured AP"""
    44. 

  44.     ssid = "test-wps-conf"
    45. 

  45.     hostapd.add_ap(apdev[0]['ifname'],
    46. 

  46.                    { "ssid": ssid, "eap_server": "1", "wps_state": "2",
    47. 

  47.                      "wpa_passphrase": "12345678", "wpa": "2",
    48. 

  48.                      "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
    49. 

  49.     hapd = hostapd.Hostapd(apdev[0]['ifname'])
    50. 

  50.     logger.info("WPS provisioning step")
    51. 

  51.     hapd.request("WPS_PBC")
    52. 

  52.     dev[0].dump_monitor()
    53. 

  53.     dev[0].request("WPS_PBC")
    54. 

  54.     ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=15)
    55. 

  55.     if ev is None:
    56. 

  56.         raise Exception("Association with the AP timed out")
    57. 

  57.     status = dev[0].get_status()
    58. 

  58.     if status['wpa_state'] != 'COMPLETED':
    59. 

  59.         raise Exception("Not fully connected")
    60. 

  60.     if status['bssid'] != apdev[0]['bssid']:
    61. 

  61.         raise Exception("Unexpected BSSID")
    62. 

  62.     if status['ssid'] != ssid:
    63. 

  63.         raise Exception("Unexpected SSID")
    64. 

  64.     if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'CCMP':
    65. 

  65.         raise Exception("Unexpected encryption configuration")
    66. 

  66.     if status['key_mgmt'] != 'WPA2-PSK':
    67. 

  67.         raise Exception("Unexpected key_mgmt")
    68. 

  68. 

  69. def test_ap_wps_conf_pin(dev, apdev):
    70. 

  70.     """WPS PIN provisioning with configured AP"""
    71. 

  71.     ssid = "test-wps-conf-pin"
    72. 

  72.     hostapd.add_ap(apdev[0]['ifname'],
    73. 

  73.                    { "ssid": ssid, "eap_server": "1", "wps_state": "2",
    74. 

  74.                      "wpa_passphrase": "12345678", "wpa": "2",
    75. 

  75.                      "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
    76. 

  76.     hapd = hostapd.Hostapd(apdev[0]['ifname'])
    77. 

  77.     logger.info("WPS provisioning step")
    78. 

  78.     pin = dev[0].wps_read_pin()
    79. 

  79.     hapd.request("WPS_PIN any " + pin)
    80. 

  80.     dev[0].request("BSS_FLUSH 0")
    81. 

  81.     dev[0].request("SET ignore_old_scan_res 1")
    82. 

  82.     dev[0].dump_monitor()
    83. 

  83.     dev[0].request("WPS_PIN any " + pin)
    84. 

  84.     ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=15)
    85. 

  85.     if ev is None:
    86. 

  86.         raise Exception("Association with the AP timed out")
    87. 

  87.     status = dev[0].get_status()
    88. 

  88.     if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
    89. 

  89.         raise Exception("Not fully connected")
    90. 

  90.     if status['ssid'] != ssid:
    91. 

  91.         raise Exception("Unexpected SSID")
    92. 

  92.     if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'CCMP':
    93. 

  93.         raise Exception("Unexpected encryption configuration")
    94. 

  94.     if status['key_mgmt'] != 'WPA2-PSK':
    95. 

  95.         raise Exception("Unexpected key_mgmt")
    96. 

  96. 

  97. def test_ap_wps_reg_connect(dev, apdev):
    98. 

  98.     """WPS registrar using AP PIN to connect"""
    99. 

  99.     ssid = "test-wps-reg-ap-pin"
    100. 

  100.     appin = "12345670"
    101. 

  101.     hostapd.add_ap(apdev[0]['ifname'],
    102. 

  102.                    { "ssid": ssid, "eap_server": "1", "wps_state": "2",
    103. 

  103.                      "wpa_passphrase": "12345678", "wpa": "2",
    104. 

  104.                      "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
    105. 

  105.                      "ap_pin": appin})
    106. 

  106.     logger.info("WPS provisioning step")
    107. 

  107.     dev[0].request("BSS_FLUSH 0")
    108. 

  108.     dev[0].request("SET ignore_old_scan_res 1")
    109. 

  109.     dev[0].dump_monitor()
    110. 

  110.     dev[0].request("WPS_REG " + apdev[0]['bssid'] + " " + appin)
    111. 

  111.     ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=15)
    112. 

  112.     if ev is None:
    113. 

  113.         raise Exception("Association with the AP timed out")
    114. 

  114.     status = dev[0].get_status()
    115. 

  115.     if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
    116. 

  116.         raise Exception("Not fully connected")
    117. 

  117.     if status['ssid'] != ssid:
    118. 

  118.         raise Exception("Unexpected SSID")
    119. 

  119.     if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'CCMP':
    120. 

  120.         raise Exception("Unexpected encryption configuration")
    121. 

  121.     if status['key_mgmt'] != 'WPA2-PSK':
    122. 

  122.         raise Exception("Unexpected key_mgmt")
    123. 

  123. 

  124. def test_ap_wps_reg_config(dev, apdev):
    125. 

  125.     """WPS registrar configuring and AP using AP PIN"""
    126. 

  126.     ssid = "test-wps-init-ap-pin"
    127. 

  127.     appin = "12345670"
    128. 

  128.     hostapd.add_ap(apdev[0]['ifname'],
    129. 

  129.                    { "ssid": ssid, "eap_server": "1", "wps_state": "2",
    130. 

  130.                      "ap_pin": appin})
    131. 

  131.     logger.info("WPS configuration step")
    132. 

  132.     dev[0].request("BSS_FLUSH 0")
    133. 

  133.     dev[0].request("SET ignore_old_scan_res 1")
    134. 

  134.     dev[0].dump_monitor()
    135. 

  135.     new_ssid = "wps-new-ssid"
    136. 

  136.     new_passphrase = "1234567890"
    137. 

  137.     dev[0].request("WPS_REG " + apdev[0]['bssid'] + " " + appin + " " + new_ssid.encode("hex") + " WPA2PSK CCMP " + new_passphrase.encode("hex"))
    138. 

  138.     ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=15)
    139. 

  139.     if ev is None:
    140. 

  140.         raise Exception("Association with the AP timed out")
    141. 

  141.     status = dev[0].get_status()
    142. 

  142.     if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
    143. 

  143.         raise Exception("Not fully connected")
    144. 

  144.     if status['ssid'] != new_ssid:
    145. 

  145.         raise Exception("Unexpected SSID")
    146. 

  146.     if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'CCMP':
    147. 

  147.         raise Exception("Unexpected encryption configuration")
    148. 

  148.     if status['key_mgmt'] != 'WPA2-PSK':
    149. 

  149.         raise Exception("Unexpected key_mgmt")
    150. 

  150. 

  151. def test_ap_wps_pbc_overlap_2ap(dev, apdev):
    152. 

  152.     """WPS PBC session overlap with two active APs"""
    153. 

  153.     hostapd.add_ap(apdev[0]['ifname'],
    154. 

  154.                    { "ssid": "wps1", "eap_server": "1", "wps_state": "2",
    155. 

  155.                      "wpa_passphrase": "12345678", "wpa": "2",
    156. 

  156.                      "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
    157. 

  157.                      "wps_independent": "1"})
    158. 

  158.     hostapd.add_ap(apdev[1]['ifname'],
    159. 

  159.                    { "ssid": "wps2", "eap_server": "1", "wps_state": "2",
    160. 

  160.                      "wpa_passphrase": "123456789", "wpa": "2",
    161. 

  161.                      "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
    162. 

  162.                      "wps_independent": "1"})
    163. 

  163.     hapd = hostapd.Hostapd(apdev[0]['ifname'])
    164. 

  164.     hapd.request("WPS_PBC")
    165. 

  165.     hapd2 = hostapd.Hostapd(apdev[1]['ifname'])
    166. 

  166.     hapd2.request("WPS_PBC")
    167. 

  167.     logger.info("WPS provisioning step")
    168. 

  168.     dev[0].dump_monitor()
    169. 

  169.     dev[0].request("WPS_PBC")
    170. 

  170.     ev = dev[0].wait_event(["WPS-OVERLAP-DETECTED"], timeout=15)
    171. 

  171.     if ev is None:
    172. 

  172.         raise Exception("PBC session overlap not detected")
    173. 

  173. 

  174. def test_ap_wps_pbc_overlap_2sta(dev, apdev):
    175. 

  175.     """WPS PBC session overlap with two active STAs"""
    176. 

  176.     ssid = "test-wps-pbc-overlap"
    177. 

  177.     hostapd.add_ap(apdev[0]['ifname'],
    178. 

  178.                    { "ssid": ssid, "eap_server": "1", "wps_state": "2",
    179. 

  179.                      "wpa_passphrase": "12345678", "wpa": "2",
    180. 

  180.                      "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
    181. 

  181.     hapd = hostapd.Hostapd(apdev[0]['ifname'])
    182. 

  182.     logger.info("WPS provisioning step")
    183. 

  183.     hapd.request("WPS_PBC")
    184. 

  184.     dev[0].request("SET ignore_old_scan_res 1")
    185. 

  185.     dev[0].request("BSS_FLUSH 0")
    186. 

  186.     dev[1].request("SET ignore_old_scan_res 1")
    187. 

  187.     dev[1].request("BSS_FLUSH 0")
    188. 

  188.     dev[0].dump_monitor()
    189. 

  189.     dev[1].dump_monitor()
    190. 

  190.     dev[0].request("WPS_PBC")
    191. 

  191.     dev[1].request("WPS_PBC")
    192. 

  192.     ev = dev[0].wait_event(["WPS-M2D"], timeout=15)
    193. 

  193.     if ev is None:
    194. 

  194.         raise Exception("PBC session overlap not detected (dev0)")
    195. 

  195.     if "config_error=12" not in ev:
    196. 

  196.         raise Exception("PBC session overlap not correctly reported (dev0)")
    197. 

  197.     ev = dev[1].wait_event(["WPS-M2D"], timeout=15)
    198. 

  198.     if ev is None:
    199. 

  199.         raise Exception("PBC session overlap not detected (dev1)")
    200. 

  200.     if "config_error=12" not in ev:
    201. 

  201.         raise Exception("PBC session overlap not correctly reported (dev1)")
    202.