def test_wpa2_ocv_sta_group_hs(dev, apdev): """OCV group handshake (STA)""" params = { "channel": "1", "ieee80211w": "1", "ocv": "1", "freq": "2412", "wpa_strict_rekey": "1" } conn = STAConnection(apdev[0], dev[0], params.copy()) conn.confirm_valid_oci(81, 1, 0) # Send a EAPOL-Key msg 1/2 with a bad OCI logger.info("Bad OCI element") plain = conn.gtkie + make_ocikde(1, 1, 1) wrapped = aes_wrap(conn.kek, pad_key_data(plain)) msg = build_eapol_key_1_2(conn.kck, wrapped, replay_counter=3) send_eapol(dev[0], conn.bssid, build_eapol(msg)) # We shouldn't get a EAPOL-Key message back ev = dev[0].wait_event(["EAPOL-TX"], timeout=1) if ev is not None: raise Exception("Received response to invalid EAPOL-Key 1/2") # Reset AP to try with valid OCI conn.hapd.disable() conn = STAConnection(apdev[0], dev[0], params.copy()) conn.confirm_valid_oci(81, 1, 0) # Send a EAPOL-Key msg 1/2 with a good OCI logger.info("Good OCI element") plain = conn.gtkie + make_ocikde(81, 1, 0) wrapped = aes_wrap(conn.kek, pad_key_data(plain)) msg = build_eapol_key_1_2(conn.kck, wrapped, replay_counter=4) send_eapol(dev[0], conn.bssid, build_eapol(msg)) # Wait for EAPOL-Key msg 2/2 conn.msg = recv_eapol(dev[0]) if conn.msg["rsn_key_info"] != 0x0302: raise Exception("Didn't receive 2/2 of group key handshake")
def test_wpa2_ocv_sta_group_hs(dev, apdev): """OCV group handshake (STA)""" params = {"channel": "1", "ieee80211w": "1", "ocv": "1", "freq": "2412", "wpa_strict_rekey": "1"} conn = STAConnection(apdev[0], dev[0], params.copy()) conn.confirm_valid_oci(81, 1, 0) # Send a EAPOL-Key msg 1/2 with a bad OCI logger.info("Bad OCI element") plain = conn.gtkie + make_ocikde(1, 1, 1) wrapped = aes_wrap(conn.kek, pad_key_data(plain)) msg = build_eapol_key_1_2(conn.kck, wrapped, replay_counter=3) send_eapol(dev[0], conn.bssid, build_eapol(msg)) # We shouldn't get a EAPOL-Key message back ev = dev[0].wait_event(["EAPOL-TX"], timeout=1) if ev is not None: raise Exception("Received response to invalid EAPOL-Key 1/2") # Reset AP to try with valid OCI conn.hapd.disable() conn = STAConnection(apdev[0], dev[0], params.copy()) conn.confirm_valid_oci(81, 1, 0) # Send a EAPOL-Key msg 1/2 with a good OCI logger.info("Good OCI element") plain = conn.gtkie + make_ocikde(81, 1, 0) wrapped = aes_wrap(conn.kek, pad_key_data(plain)) msg = build_eapol_key_1_2(conn.kck, wrapped, replay_counter=4) send_eapol(dev[0], conn.bssid, build_eapol(msg)) # Wait for EAPOL-Key msg 2/2 conn.msg = recv_eapol(dev[0]) if conn.msg["rsn_key_info"] != 0x0302: raise Exception("Didn't receive 2/2 of group key handshake")
def confirm_valid_oci(self, op_class, channel, seg1_idx): logger.debug("Valid OCI element to complete handshake") ocikde = make_ocikde(op_class, channel, seg1_idx) plain = self.rsne + self.gtkie + ocikde wrapped = aes_wrap(self.kek, pad_key_data(plain)) msg = build_eapol_key_3_4(self.anonce, self.kck, wrapped, replay_counter=self.counter) self.dev.dump_monitor() send_eapol(self.dev, self.bssid, build_eapol(msg)) self.counter += 1 self.dev.wait_connected(timeout=1)
def test_bad_oci(self, logmsg, op_class, channel, seg1_idx, errmsg): logger.info("Bad OCI element: " + logmsg) if op_class is None: ocikde = b'' else: ocikde = make_ocikde(op_class, channel, seg1_idx) plain = self.rsne + self.gtkie + ocikde wrapped = aes_wrap(self.kek, pad_key_data(plain)) msg = build_eapol_key_3_4(self.anonce, self.kck, wrapped, replay_counter=self.counter) self.dev.dump_monitor() send_eapol(self.dev, self.bssid, build_eapol(msg)) self.counter += 1 ev = self.dev.wait_event([errmsg], timeout=5) if ev is None: raise Exception("Bad OCI not reported")