Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 915135e055
Branches Tags
krackattacks
/
tests
/
hwsim
/
test_suite_b.py

test_suite_b.py 5.5 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128 
  1. # Suite B tests
    2. 

  2. # Copyright (c) 2014-2015, Jouni Malinen <j@w1.fi>
    3. 

  3. #
    4. 

  4. # This software may be distributed under the terms of the BSD license.
    5. 

  5. # See README for more details.
    6. 

  6. 

  7. import time
    8. 

  8. import logging
    9. 

  9. logger = logging.getLogger()
    10. 

  10. 

  11. import hostapd
    12. 

  12. from utils import HwsimSkip
    13. 

  13. 

  14. def test_suite_b(dev, apdev):
    15. 

  15.     """WPA2-PSK/GCMP connection at Suite B 128-bit level"""
    16. 

  16.     if "GCMP" not in dev[0].get_capability("pairwise"):
    17. 

  17.         raise HwsimSkip("GCMP not supported")
    18. 

  18.     if "BIP-GMAC-128" not in dev[0].get_capability("group_mgmt"):
    19. 

  19.         raise HwsimSkip("BIP-GMAC-128 not supported")
    20. 

  20.     if "WPA-EAP-SUITE-B" not in dev[0].get_capability("key_mgmt"):
    21. 

  21.         raise HwsimSkip("WPA-EAP-SUITE-B not supported")
    22. 

  22.     tls = dev[0].request("GET tls_library")
    23. 

  23.     if not tls.startswith("OpenSSL"):
    24. 

  24.         raise HwsimSkip("TLS library not supported for Suite B: " + tls);
    25. 

  25.     if "build=OpenSSL 1.0.2" not in tls or "run=OpenSSL 1.0.2" not in tls:
    26. 

  26.         raise HwsimSkip("OpenSSL version not supported for Suite B: " + tls)
    27. 

  27. 

  28.     params = { "ssid": "test-suite-b",
    29. 

  29.                "wpa": "2",
    30. 

  30.                "wpa_key_mgmt": "WPA-EAP-SUITE-B",
    31. 

  31.                "rsn_pairwise": "GCMP",
    32. 

  32.                "group_mgmt_cipher": "BIP-GMAC-128",
    33. 

  33.                "ieee80211w": "2",
    34. 

  34.                "ieee8021x": "1",
    35. 

  35.                "openssl_ciphers": "SUITEB128",
    36. 

  36.                #"dh_file": "auth_serv/dh.conf",
    37. 

  37.                "eap_server": "1",
    38. 

  38.                "eap_user_file": "auth_serv/eap_user.conf",
    39. 

  39.                "ca_cert": "auth_serv/ec-ca.pem",
    40. 

  40.                "server_cert": "auth_serv/ec-server.pem",
    41. 

  41.                "private_key": "auth_serv/ec-server.key" }
    42. 

  42.     hapd = hostapd.add_ap(apdev[0]['ifname'], params)
    43. 

  43. 

  44.     dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B", ieee80211w="2",
    45. 

  45.                    openssl_ciphers="SUITEB128",
    46. 

  46.                    eap="TLS", identity="tls user",
    47. 

  47.                    ca_cert="auth_serv/ec-ca.pem",
    48. 

  48.                    client_cert="auth_serv/ec-user.pem",
    49. 

  49.                    private_key="auth_serv/ec-user.key",
    50. 

  50.                    pairwise="GCMP", group="GCMP", scan_freq="2412")
    51. 

  51.     tls_cipher = dev[0].get_status_field("EAP TLS cipher")
    52. 

  52.     if tls_cipher != "ECDHE-ECDSA-AES128-GCM-SHA256":
    53. 

  53.         raise Exception("Unexpected TLS cipher: " + tls_cipher)
    54. 

  54. 

  55.     bss = dev[0].get_bss(apdev[0]['bssid'])
    56. 

  56.     if 'flags' not in bss:
    57. 

  57.         raise Exception("Could not get BSS flags from BSS table")
    58. 

  58.     if "[WPA2-EAP-SUITE-B-GCMP]" not in bss['flags']:
    59. 

  59.         raise Exception("Unexpected BSS flags: " + bss['flags'])
    60. 

  60. 

  61.     dev[0].request("DISCONNECT")
    62. 

  62.     dev[0].wait_disconnected(timeout=20)
    63. 

  63.     dev[0].dump_monitor()
    64. 

  64.     dev[0].request("RECONNECT")
    65. 

  65.     ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
    66. 

  66.                             "CTRL-EVENT-CONNECTED"], timeout=20)
    67. 

  67.     if ev is None:
    68. 

  68.         raise Exception("Roaming with the AP timed out")
    69. 

  69.     if "CTRL-EVENT-EAP-STARTED" in ev:
    70. 

  70.         raise Exception("Unexpected EAP exchange")
    71. 

  71. 

  72. def test_suite_b_192(dev, apdev):
    73. 

  73.     """WPA2-PSK/GCMP-256 connection at Suite B 192-bit level"""
    74. 

  74.     if "GCMP-256" not in dev[0].get_capability("pairwise"):
    75. 

  75.         raise HwsimSkip("GCMP-256 not supported")
    76. 

  76.     if "BIP-GMAC-256" not in dev[0].get_capability("group_mgmt"):
    77. 

  77.         raise HwsimSkip("BIP-GMAC-256 not supported")
    78. 

  78.     if "WPA-EAP-SUITE-B-192" not in dev[0].get_capability("key_mgmt"):
    79. 

  79.         raise HwsimSkip("WPA-EAP-SUITE-B-192 not supported")
    80. 

  80.     tls = dev[0].request("GET tls_library")
    81. 

  81.     if not tls.startswith("OpenSSL"):
    82. 

  82.         raise HwsimSkip("TLS library not supported for Suite B: " + tls);
    83. 

  83.     if "build=OpenSSL 1.0.2" not in tls or "run=OpenSSL 1.0.2" not in tls:
    84. 

  84.         raise HwsimSkip("OpenSSL version not supported for Suite B: " + tls)
    85. 

  85. 

  86.     params = { "ssid": "test-suite-b",
    87. 

  87.                "wpa": "2",
    88. 

  88.                "wpa_key_mgmt": "WPA-EAP-SUITE-B-192",
    89. 

  89.                "rsn_pairwise": "GCMP-256",
    90. 

  90.                "group_mgmt_cipher": "BIP-GMAC-256",
    91. 

  91.                "ieee80211w": "2",
    92. 

  92.                "ieee8021x": "1",
    93. 

  93.                "openssl_ciphers": "SUITEB192",
    94. 

  94.                "eap_server": "1",
    95. 

  95.                "eap_user_file": "auth_serv/eap_user.conf",
    96. 

  96.                "ca_cert": "auth_serv/ec2-ca.pem",
    97. 

  97.                "server_cert": "auth_serv/ec2-server.pem",
    98. 

  98.                "private_key": "auth_serv/ec2-server.key" }
    99. 

  99.     hapd = hostapd.add_ap(apdev[0]['ifname'], params)
    100. 

  100. 

  101.     dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
    102. 

  102.                    ieee80211w="2",
    103. 

  103.                    openssl_ciphers="SUITEB192",
    104. 

  104.                    eap="TLS", identity="tls user",
    105. 

  105.                    ca_cert="auth_serv/ec2-ca.pem",
    106. 

  106.                    client_cert="auth_serv/ec2-user.pem",
    107. 

  107.                    private_key="auth_serv/ec2-user.key",
    108. 

  108.                    pairwise="GCMP-256", group="GCMP-256", scan_freq="2412")
    109. 

  109.     tls_cipher = dev[0].get_status_field("EAP TLS cipher")
    110. 

  110.     if tls_cipher != "ECDHE-ECDSA-AES256-GCM-SHA384":
    111. 

  111.         raise Exception("Unexpected TLS cipher: " + tls_cipher)
    112. 

  112. 

  113.     bss = dev[0].get_bss(apdev[0]['bssid'])
    114. 

  114.     if 'flags' not in bss:
    115. 

  115.         raise Exception("Could not get BSS flags from BSS table")
    116. 

  116.     if "[WPA2-EAP-SUITE-B-192-GCMP-256]" not in bss['flags']:
    117. 

  117.         raise Exception("Unexpected BSS flags: " + bss['flags'])
    118. 

  118. 

  119.     dev[0].request("DISCONNECT")
    120. 

  120.     dev[0].wait_disconnected(timeout=20)
    121. 

  121.     dev[0].dump_monitor()
    122. 

  122.     dev[0].request("RECONNECT")
    123. 

  123.     ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
    124. 

  124.                             "CTRL-EVENT-CONNECTED"], timeout=20)
    125. 

  125.     if ev is None:
    126. 

  126.         raise Exception("Roaming with the AP timed out")
    127. 

  127.     if "CTRL-EVENT-EAP-STARTED" in ev:
    128. 

  128.         raise Exception("Unexpected EAP exchange")
    129.