Пример #1
0
def test_tnc_peap_soh_errors(dev, apdev):
    """TNC PEAP-SoH local error cases"""
    params = int_eap_server_params()
    params["tnc"] = "1"
    hostapd.add_ap(apdev[0], params)

    tests = [ (1, "tncc_build_soh"),
              (1, "eap_msg_alloc;=eap_peap_phase2_request") ]
    for count, func in tests:
        with alloc_fail(dev[0], count, func):
            dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
                           eap="PEAP", identity="user", password="******",
                           ca_cert="auth_serv/ca.pem",
                           phase1="peapver=0 tnc=soh cryptobinding=0",
                           phase2="auth=MSCHAPV2",
                           scan_freq="2412", wait_connect=False)
            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
            dev[0].request("REMOVE_NETWORK all")
            dev[0].wait_disconnected()

    with fail_test(dev[0], 1, "os_get_random;tncc_build_soh"):
        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
                       eap="PEAP", identity="user", password="******",
                       ca_cert="auth_serv/ca.pem",
                       phase1="peapver=0 tnc=soh cryptobinding=0",
                       phase2="auth=MSCHAPV2",
                       scan_freq="2412", wait_connect=False)
        wait_fail_trigger(dev[0], "GET_FAIL")
        dev[0].request("REMOVE_NETWORK all")
        dev[0].wait_disconnected()
Пример #2
0
def test_ap_bss_load_fail(dev, apdev):
    """BSS Load update failing to get survey data"""
    hapd = hostapd.add_ap(apdev[0],
                          { "ssid": "open",
                            "bss_load_update_period": "1" })
    with fail_test(hapd, 1, "wpa_driver_nl80211_get_survey"):
        wait_fail_trigger(hapd, "GET_FAIL")
Пример #3
0
def test_ap_bss_load_fail(dev, apdev):
    """BSS Load update failing to get survey data"""
    hapd = hostapd.add_ap(apdev[0],
                          { "ssid": "open",
                            "bss_load_update_period": "1" })
    with fail_test(hapd, 1, "wpa_driver_nl80211_get_survey"):
        wait_fail_trigger(hapd, "GET_FAIL")
Пример #4
0
def test_tnc_ttls_errors(dev, apdev):
    """TNC TTLS local error cases"""
    if not os.path.exists("tnc/libhostap_imc.so"):
        raise HwsimSkip("No IMC installed")
    check_eap_capa(dev[0], "MSCHAPV2")

    params = int_eap_server_params()
    params["tnc"] = "1"
    params["fragment_size"] = "150"
    hostapd.add_ap(apdev[0], params)

    tests = [(1, "eap_ttls_process_phase2_eap;eap_ttls_process_tnc_start",
              "DOMAIN\mschapv2 user", "auth=MSCHAPV2"),
             (1, "eap_ttls_process_phase2_eap;eap_ttls_process_tnc_start",
              "mschap user", "auth=MSCHAP"),
             (1, "=eap_tnc_init", "chap user", "auth=CHAP"),
             (1, "tncc_init;eap_tnc_init", "pap user", "auth=PAP"),
             (1, "eap_msg_alloc;eap_tnc_build_frag_ack",
              "pap user", "auth=PAP"),
             (1, "eap_msg_alloc;eap_tnc_build_msg",
              "pap user", "auth=PAP"),
             (1, "wpabuf_alloc;=eap_tnc_process_fragment",
              "pap user", "auth=PAP"),
             (1, "eap_msg_alloc;=eap_tnc_process", "pap user", "auth=PAP"),
             (1, "wpabuf_alloc;=eap_tnc_process", "pap user", "auth=PAP"),
             (1, "dup_binstr;tncc_process_if_tnccs", "pap user", "auth=PAP"),
             (1, "tncc_get_base64;tncc_process_if_tnccs",
              "pap user", "auth=PAP"),
             (1, "tncc_if_tnccs_start", "pap user", "auth=PAP"),
             (1, "tncc_if_tnccs_end", "pap user", "auth=PAP"),
             (1, "tncc_parse_imc", "pap user", "auth=PAP"),
             (2, "tncc_parse_imc", "pap user", "auth=PAP"),
             (3, "tncc_parse_imc", "pap user", "auth=PAP"),
             (1, "os_readfile;tncc_read_config", "pap user", "auth=PAP"),
             (1, "tncc_init", "pap user", "auth=PAP"),
             (1, "TNC_TNCC_ReportMessageTypes", "pap user", "auth=PAP"),
             (1, "base64_gen_encode;?base64_encode;TNC_TNCC_SendMessage",
              "pap user", "auth=PAP"),
             (1, "=TNC_TNCC_SendMessage", "pap user", "auth=PAP"),
             (1, "tncc_get_base64;tncc_process_if_tnccs",
              "pap user", "auth=PAP")]
    for count, func, identity, phase2 in tests:
        with alloc_fail(dev[0], count, func):
            dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
                           scan_freq="2412",
                           eap="TTLS", anonymous_identity="ttls",
                           identity=identity, password="******",
                           ca_cert="auth_serv/ca.pem", phase2=phase2,
                           fragment_size="150", wait_connect=False)
            ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
                                   timeout=15)
            if ev is None:
                raise Exception("Timeout on EAP start")
            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL",
                              note="Allocation failure not triggered for: %d:%s" % (count, func))
            dev[0].request("REMOVE_NETWORK all")
            dev[0].wait_disconnected()
            dev[0].dump_monitor()
Пример #5
0
def wait_eap_proposed(dev, wait_trigger=None):
    ev = dev.wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=10)
    if ev is None:
        raise Exception("Timeout on EAP start")
    if wait_trigger:
        wait_fail_trigger(dev, wait_trigger)
    dev.request("REMOVE_NETWORK all")
    dev.wait_disconnected()
    dev.dump_monitor()
Пример #6
0
def test_macsec_psk_fail_cp2(dev, apdev):
    """MACsec PSK local failures in CP state machine (2)"""
    try:
        add_veth()
        wpa = add_wpas_interfaces()
        set_mka_psk_config(wpa[0])
        with alloc_fail(wpa[1], 1, "ieee802_1x_cp_sm_init"):
            set_mka_psk_config(wpa[1])
            wait_fail_trigger(wpa[1], "GET_ALLOC_FAIL", max_iter=100)

        wait_mka_done(wpa)
    finally:
        cleanup_macsec()
Пример #7
0
def test_macsec_psk_fail_cp2(dev, apdev):
    """MACsec PSK local failures in CP state machine (2)"""
    try:
        add_veth()
        wpa = add_wpas_interfaces()
        set_mka_psk_config(wpa[0])
        with alloc_fail(wpa[1], 1, "ieee802_1x_cp_sm_init"):
            set_mka_psk_config(wpa[1])
            wait_fail_trigger(wpa[1], "GET_ALLOC_FAIL", max_iter=100)

        wait_mka_done(wpa)
    finally:
        cleanup_macsec()
Пример #8
0
def test_ap_pmf_sta_sa_query_local_failure(dev, apdev):
    """WPA2-PSK AP with station using SA Query (local failure)"""
    ssid = "assoc-comeback"
    addr = dev[0].own_addr()
    wpas = start_wpas_ap(ssid)
    dev[0].connect(ssid, psk="12345678", ieee80211w="1",
                   key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
                   scan_freq="2412")
    with fail_test(dev[0], 1, "os_get_random;sme_sa_query_timer"):
        wpas.request("DEAUTHENTICATE " + addr + " reason=6 test=0")
        wait_fail_trigger(dev[0], "GET_FAIL")
    dev[0].request("DISCONNECT")
    wpas.request("DISCONNECT")
    dev[0].wait_disconnected()
Пример #9
0
def test_ap_open_drv_fail(dev, apdev):
    """AP with open mode and driver operations failing"""
    hapd = hostapd.add_ap(apdev[0], { "ssid": "open" })

    with fail_test(dev[0], 1, "wpa_driver_nl80211_authenticate"):
        dev[0].connect("open", key_mgmt="NONE", scan_freq="2412",
                       wait_connect=False)
        wait_fail_trigger(dev[0], "GET_FAIL")
        dev[0].request("REMOVE_NETWORK all")

    with fail_test(dev[0], 1, "wpa_driver_nl80211_associate"):
        dev[0].connect("open", key_mgmt="NONE", scan_freq="2412",
                       wait_connect=False)
        wait_fail_trigger(dev[0], "GET_FAIL")
        dev[0].request("REMOVE_NETWORK all")
Пример #10
0
def test_ap_open_drv_fail(dev, apdev):
    """AP with open mode and driver operations failing"""
    hapd = hostapd.add_ap(apdev[0], { "ssid": "open" })

    with fail_test(dev[0], 1, "wpa_driver_nl80211_authenticate"):
        dev[0].connect("open", key_mgmt="NONE", scan_freq="2412",
                       wait_connect=False)
        wait_fail_trigger(dev[0], "GET_FAIL")
        dev[0].request("REMOVE_NETWORK all")

    with fail_test(dev[0], 1, "wpa_driver_nl80211_associate"):
        dev[0].connect("open", key_mgmt="NONE", scan_freq="2412",
                       wait_connect=False)
        wait_fail_trigger(dev[0], "GET_FAIL")
        dev[0].request("REMOVE_NETWORK all")
Пример #11
0
def test_sae_oom_wpas(dev, apdev):
    """SAE and OOM in wpa_supplicant"""
    if "SAE" not in dev[0].get_capability("auth_alg"):
        raise HwsimSkip("SAE not supported")
    params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678")
    params['wpa_key_mgmt'] = 'SAE'
    hapd = hostapd.add_ap(apdev[0], params)

    dev[0].request("SET sae_groups 25")
    tls = dev[0].request("GET tls_library")
    if "BoringSSL" in tls:
        dev[0].request("SET sae_groups 26")
    with alloc_fail(dev[0], 1, "sae_set_group"):
        dev[0].connect("test-sae",
                       psk="12345678",
                       key_mgmt="SAE",
                       scan_freq="2412")
        dev[0].request("REMOVE_NETWORK all")

    dev[0].request("SET sae_groups ")
    with alloc_fail(dev[0], 2, "sae_set_group"):
        dev[0].connect("test-sae",
                       psk="12345678",
                       key_mgmt="SAE",
                       scan_freq="2412")
        dev[0].request("REMOVE_NETWORK all")

    with alloc_fail(dev[0], 1, "wpabuf_alloc;sme_auth_build_sae_commit"):
        dev[0].connect("test-sae",
                       psk="12345678",
                       key_mgmt="SAE",
                       scan_freq="2412")
        dev[0].request("REMOVE_NETWORK all")

    with alloc_fail(dev[0], 1, "wpabuf_alloc;sme_auth_build_sae_confirm"):
        dev[0].connect("test-sae",
                       psk="12345678",
                       key_mgmt="SAE",
                       scan_freq="2412",
                       wait_connect=False)
        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
        dev[0].request("REMOVE_NETWORK all")

    with alloc_fail(dev[0], 1, "=sme_authenticate"):
        dev[0].connect("test-sae",
                       psk="12345678",
                       key_mgmt="SAE",
                       scan_freq="2412",
                       wait_connect=False)
        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
        dev[0].request("REMOVE_NETWORK all")

    with alloc_fail(dev[0], 1, "radio_add_work;sme_authenticate"):
        dev[0].connect("test-sae",
                       psk="12345678",
                       key_mgmt="SAE",
                       scan_freq="2412",
                       wait_connect=False)
        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
        dev[0].request("REMOVE_NETWORK all")
Пример #12
0
def test_tnc_peap_soh_errors(dev, apdev):
    """TNC PEAP-SoH local error cases"""
    params = int_eap_server_params()
    params["tnc"] = "1"
    hostapd.add_ap(apdev[0]['ifname'], params)

    tests = [(1, "tncc_build_soh"),
             (1, "eap_msg_alloc;=eap_peap_phase2_request")]
    for count, func in tests:
        with alloc_fail(dev[0], count, func):
            dev[0].connect("test-wpa2-eap",
                           key_mgmt="WPA-EAP",
                           eap="PEAP",
                           identity="user",
                           password="******",
                           ca_cert="auth_serv/ca.pem",
                           phase1="peapver=0 tnc=soh cryptobinding=0",
                           phase2="auth=MSCHAPV2",
                           scan_freq="2412",
                           wait_connect=False)
            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
            dev[0].request("REMOVE_NETWORK all")
            dev[0].wait_disconnected()

    with fail_test(dev[0], 1, "os_get_random;tncc_build_soh"):
        dev[0].connect("test-wpa2-eap",
                       key_mgmt="WPA-EAP",
                       eap="PEAP",
                       identity="user",
                       password="******",
                       ca_cert="auth_serv/ca.pem",
                       phase1="peapver=0 tnc=soh cryptobinding=0",
                       phase2="auth=MSCHAPV2",
                       scan_freq="2412",
                       wait_connect=False)
        wait_fail_trigger(dev[0], "GET_FAIL")
        dev[0].request("REMOVE_NETWORK all")
        dev[0].wait_disconnected()
Пример #13
0
def test_erp_home_realm_oom(dev, apdev):
    """ERP and home realm OOM"""
    check_erp_capa(dev[0])
    params = int_eap_server_params()
    params['erp_send_reauth_start'] = '1'
    params['erp_domain'] = 'example.com'
    params['eap_server_erp'] = '1'
    params['disable_pmksa_caching'] = '1'
    hapd = hostapd.add_ap(apdev[0]['ifname'], params)

    for count in range(1, 3):
        with alloc_fail(dev[0], count, "eap_home_realm"):
            dev[0].request("ERP_FLUSH")
            dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
                           identity="*****@*****.**",
                           anonymous_identity="*****@*****.**",
                           password="******",
                           ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
                           erp="1", scan_freq="2412", wait_connect=False)
            dev[0].wait_connected(timeout=10)
            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
            dev[0].request("REMOVE_NETWORK all")
            dev[0].wait_disconnected()

    for count in range(1, 3):
        with alloc_fail(dev[0], count, "eap_home_realm"):
            dev[0].request("ERP_FLUSH")
            dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
                           identity="erp-ttls",
                           anonymous_identity="*****@*****.**",
                           password="******",
                           ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
                           erp="1", scan_freq="2412", wait_connect=False)
            dev[0].wait_connected(timeout=10)
            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
            dev[0].request("REMOVE_NETWORK all")
            dev[0].wait_disconnected()

    for count in range(1, 3):
        dev[0].request("ERP_FLUSH")
        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
                       identity="*****@*****.**",
                       anonymous_identity="*****@*****.**",
                       password="******",
                       ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
                       erp="1", scan_freq="2412", wait_connect=False)
        dev[0].wait_connected(timeout=10)
        if range > 1:
            continue
        with alloc_fail(dev[0], count, "eap_home_realm"):
            dev[0].request("DISCONNECT")
            dev[0].wait_disconnected(timeout=15)
            dev[0].request("RECONNECT")
            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
            dev[0].request("REMOVE_NETWORK all")
            dev[0].wait_disconnected()
Пример #14
0
def test_erp_home_realm_oom(dev, apdev):
    """ERP and home realm OOM"""
    check_erp_capa(dev[0])
    params = int_eap_server_params()
    params['erp_send_reauth_start'] = '1'
    params['erp_domain'] = 'example.com'
    params['eap_server_erp'] = '1'
    params['disable_pmksa_caching'] = '1'
    hapd = hostapd.add_ap(apdev[0], params)

    for count in range(1, 3):
        with alloc_fail(dev[0], count, "eap_get_realm"):
            dev[0].request("ERP_FLUSH")
            dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
                           identity="*****@*****.**",
                           anonymous_identity="*****@*****.**",
                           password="******",
                           ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
                           erp="1", scan_freq="2412", wait_connect=False)
            dev[0].wait_connected(timeout=10)
            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
            dev[0].request("REMOVE_NETWORK all")
            dev[0].wait_disconnected()

    for count in range(1, 3):
        with alloc_fail(dev[0], count, "eap_get_realm"):
            dev[0].request("ERP_FLUSH")
            dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
                           identity="erp-ttls",
                           anonymous_identity="*****@*****.**",
                           password="******",
                           ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
                           erp="1", scan_freq="2412", wait_connect=False)
            dev[0].wait_connected(timeout=10)
            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
            dev[0].request("REMOVE_NETWORK all")
            dev[0].wait_disconnected()

    for count in range(1, 3):
        dev[0].request("ERP_FLUSH")
        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
                       identity="*****@*****.**",
                       anonymous_identity="*****@*****.**",
                       password="******",
                       ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
                       erp="1", scan_freq="2412", wait_connect=False)
        dev[0].wait_connected(timeout=10)
        if range > 1:
            continue
        with alloc_fail(dev[0], count, "eap_get_realm"):
            dev[0].request("DISCONNECT")
            dev[0].wait_disconnected(timeout=15)
            dev[0].request("RECONNECT")
            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
            dev[0].request("REMOVE_NETWORK all")
            dev[0].wait_disconnected()
Пример #15
0
def test_rsn_preauth_local_errors(dev, apdev):
    """RSN pre-authentication and local errors on AP"""
    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
    params['rsn_preauth'] = '1'
    params['rsn_preauth_interfaces'] = "lo"
    hapd = hostapd.add_ap(apdev[0], params)
    bssid = hapd.own_addr()
    _bssid = binascii.unhexlify(bssid.replace(':', ''))

    sock = socket.socket(socket.AF_PACKET, socket.SOCK_RAW,
                         socket.htons(0x88c7))
    sock.bind(("lo", socket.htons(0x88c7)))

    foreign = b"\x02\x03\x04\x05\x06\x07"
    foreign2 = b"\x02\x03\x04\x05\x06\x08"
    proto = b"\x88\xc7"

    with alloc_fail(hapd, 1, "ap_sta_add;rsn_preauth_receive"):
        sock.send(_bssid + foreign + proto + struct.pack('>BBH', 2, 1, 0))
        wait_fail_trigger(hapd, "GET_ALLOC_FAIL")

    with alloc_fail(hapd, 1, "eapol_auth_alloc;rsn_preauth_receive"):
        sock.send(_bssid + foreign + proto + struct.pack('>BBH', 2, 1, 0))
        wait_fail_trigger(hapd, "GET_ALLOC_FAIL")
    sock.send(_bssid + foreign + proto + struct.pack('>BBH', 2, 1, 0))

    with alloc_fail(hapd, 1, "eap_server_sm_init;ieee802_1x_new_station;rsn_preauth_receive"):
        sock.send(_bssid + foreign2 + proto + struct.pack('>BBH', 2, 1, 0))
        wait_fail_trigger(hapd, "GET_ALLOC_FAIL")
    sock.send(_bssid + foreign2 + proto + struct.pack('>BBH', 2, 1, 0))

    hapd.request("DISABLE")
    tests = [(1, "=rsn_preauth_iface_add"),
             (2, "=rsn_preauth_iface_add"),
             (1, "l2_packet_init;rsn_preauth_iface_add"),
             (1, "rsn_preauth_iface_init"),
             (1, "rsn_preauth_iface_init")]
    for count, func in tests:
        with alloc_fail(hapd, count, func):
            if "FAIL" not in hapd.request("ENABLE"):
                raise Exception("ENABLE succeeded unexpectedly")

    hapd.set("rsn_preauth_interfaces", "lo  lo lo does-not-exist lo ")
    if "FAIL" not in hapd.request("ENABLE"):
        raise Exception("ENABLE succeeded unexpectedly")
    hapd.set("rsn_preauth_interfaces", " lo  lo ")
    if "OK" not in hapd.request("ENABLE"):
        raise Exception("ENABLE failed")
    sock.send(_bssid + foreign + proto + struct.pack('>BBH', 2, 1, 0))
    sock.send(_bssid + foreign2 + proto + struct.pack('>BBH', 2, 1, 0))
Пример #16
0
def test_sae_oom_wpas(dev, apdev):
    """SAE and OOM in wpa_supplicant"""
    if "SAE" not in dev[0].get_capability("auth_alg"):
        raise HwsimSkip("SAE not supported")
    params = hostapd.wpa2_params(ssid="test-sae",
                                 passphrase="12345678")
    params['wpa_key_mgmt'] = 'SAE'
    hapd = hostapd.add_ap(apdev[0], params)

    dev[0].request("SET sae_groups 25")
    tls = dev[0].request("GET tls_library")
    if "BoringSSL" in tls:
        dev[0].request("SET sae_groups 26")
    with alloc_fail(dev[0], 1, "sae_set_group"):
        dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
                       scan_freq="2412")
        dev[0].request("REMOVE_NETWORK all")

    dev[0].request("SET sae_groups ")
    with alloc_fail(dev[0], 2, "sae_set_group"):
        dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
                       scan_freq="2412")
        dev[0].request("REMOVE_NETWORK all")

    with alloc_fail(dev[0], 1, "wpabuf_alloc;sme_auth_build_sae_commit"):
        dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
                       scan_freq="2412")
        dev[0].request("REMOVE_NETWORK all")

    with alloc_fail(dev[0], 1, "wpabuf_alloc;sme_auth_build_sae_confirm"):
        dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
                       scan_freq="2412", wait_connect=False)
        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
        dev[0].request("REMOVE_NETWORK all")

    with alloc_fail(dev[0], 1, "=sme_authenticate"):
        dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
                       scan_freq="2412", wait_connect=False)
        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
        dev[0].request("REMOVE_NETWORK all")

    with alloc_fail(dev[0], 1, "radio_add_work;sme_authenticate"):
        dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
                       scan_freq="2412", wait_connect=False)
        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
        dev[0].request("REMOVE_NETWORK all")
def test_sae_bignum_failure(dev, apdev):
    """SAE and bignum failure"""
    if "SAE" not in dev[0].get_capability("auth_alg"):
        raise HwsimSkip("SAE not supported")
    params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678")
    params['wpa_key_mgmt'] = 'SAE'
    params['sae_groups'] = '19 5 22'
    hapd = hostapd.add_ap(apdev[0], params)

    dev[0].request("SET sae_groups 19")
    tests = [ (1, "crypto_bignum_init_set;get_rand_1_to_p_1"),
              (1, "crypto_bignum_init;is_quadratic_residue_blind"),
              (1, "crypto_bignum_mulmod;is_quadratic_residue_blind"),
              (2, "crypto_bignum_mulmod;is_quadratic_residue_blind"),
              (3, "crypto_bignum_mulmod;is_quadratic_residue_blind"),
              (1, "crypto_bignum_legendre;is_quadratic_residue_blind"),
              (1, "crypto_bignum_init_set;sae_test_pwd_seed_ecc"),
              (1, "crypto_ec_point_compute_y_sqr;sae_test_pwd_seed_ecc"),
              (1, "crypto_bignum_init_set;get_random_qr_qnr"),
              (1, "crypto_bignum_to_bin;sae_derive_pwe_ecc"),
              (1, "crypto_ec_point_init;sae_derive_pwe_ecc"),
              (1, "crypto_ec_point_solve_y_coord;sae_derive_pwe_ecc"),
              (1, "crypto_ec_point_init;sae_derive_commit_element_ecc"),
              (1, "crypto_ec_point_mul;sae_derive_commit_element_ecc"),
              (1, "crypto_ec_point_invert;sae_derive_commit_element_ecc"),
              (1, "crypto_bignum_init;=sae_derive_commit"),
              (1, "crypto_ec_point_init;sae_derive_k_ecc"),
              (1, "crypto_ec_point_mul;sae_derive_k_ecc"),
              (1, "crypto_ec_point_add;sae_derive_k_ecc"),
              (2, "crypto_ec_point_mul;sae_derive_k_ecc"),
              (1, "crypto_ec_point_to_bin;sae_derive_k_ecc"),
              (1, "crypto_bignum_legendre;get_random_qr_qnr"),
              (1, "sha256_prf;sae_derive_keys"),
              (1, "crypto_bignum_init;sae_derive_keys"),
              (1, "crypto_bignum_init_set;sae_parse_commit_scalar"),
              (1, "crypto_bignum_to_bin;sae_parse_commit_element_ecc"),
              (1, "crypto_ec_point_from_bin;sae_parse_commit_element_ecc") ]
    for count, func in tests:
        with fail_test(dev[0], count, func):
            dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
                           scan_freq="2412", wait_connect=False)
            wait_fail_trigger(dev[0], "GET_FAIL")
            dev[0].request("REMOVE_NETWORK all")

    dev[0].request("SET sae_groups 5")
    tests = [ (1, "crypto_bignum_init_set;sae_set_group"),
              (2, "crypto_bignum_init_set;sae_set_group"),
              (1, "crypto_bignum_init_set;sae_get_rand"),
              (1, "crypto_bignum_init_set;sae_test_pwd_seed_ffc"),
              (1, "crypto_bignum_exptmod;sae_test_pwd_seed_ffc"),
              (1, "crypto_bignum_init;sae_derive_pwe_ffc"),
              (1, "crypto_bignum_init;sae_derive_commit_element_ffc"),
              (1, "crypto_bignum_exptmod;sae_derive_commit_element_ffc"),
              (1, "crypto_bignum_inverse;sae_derive_commit_element_ffc"),
              (1, "crypto_bignum_init;sae_derive_k_ffc"),
              (1, "crypto_bignum_exptmod;sae_derive_k_ffc"),
              (1, "crypto_bignum_mulmod;sae_derive_k_ffc"),
              (2, "crypto_bignum_exptmod;sae_derive_k_ffc"),
              (1, "crypto_bignum_to_bin;sae_derive_k_ffc"),
              (1, "crypto_bignum_init_set;sae_parse_commit_element_ffc"),
              (1, "crypto_bignum_init;sae_parse_commit_element_ffc"),
              (2, "crypto_bignum_init_set;sae_parse_commit_element_ffc"),
              (1, "crypto_bignum_exptmod;sae_parse_commit_element_ffc") ]
    for count, func in tests:
        with fail_test(dev[0], count, func):
            dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
                           scan_freq="2412", wait_connect=False)
            wait_fail_trigger(dev[0], "GET_FAIL")
            dev[0].request("REMOVE_NETWORK all")

    dev[0].request("SET sae_groups 22")
    tests = [ (1, "crypto_bignum_init_set;sae_test_pwd_seed_ffc"),
              (1, "crypto_bignum_sub;sae_test_pwd_seed_ffc"),
              (1, "crypto_bignum_div;sae_test_pwd_seed_ffc") ]
    for count, func in tests:
        with fail_test(dev[0], count, func):
            dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
                           scan_freq="2412", wait_connect=False)
            wait_fail_trigger(dev[0], "GET_FAIL")
            dev[0].request("REMOVE_NETWORK all")
Пример #18
0
def test_owe_local_errors(dev, apdev):
    """Opportunistic Wireless Encryption - local errors on supplicant"""
    if "OWE" not in dev[0].get_capability("key_mgmt"):
        raise HwsimSkip("OWE not supported")
    params = {
        "ssid": "owe",
        "wpa": "2",
        "ieee80211w": "2",
        "wpa_key_mgmt": "OWE",
        "rsn_pairwise": "CCMP"
    }
    hapd = hostapd.add_ap(apdev[0], params)
    bssid = hapd.own_addr()

    dev[0].scan_for_bss(bssid, freq="2412")

    tests = [(1, "crypto_ecdh_init;owe_build_assoc_req"),
             (1, "crypto_ecdh_get_pubkey;owe_build_assoc_req"),
             (1, "wpabuf_alloc;owe_build_assoc_req")]
    for count, func in tests:
        with alloc_fail(dev[0], count, func):
            dev[0].connect("owe",
                           key_mgmt="OWE",
                           owe_group="20",
                           ieee80211w="2",
                           scan_freq="2412",
                           wait_connect=False)
            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
            dev[0].request("REMOVE_NETWORK all")
            dev[0].dump_monitor()

    tests = [(1, "crypto_ecdh_set_peerkey;owe_process_assoc_resp"),
             (1, "crypto_ecdh_get_pubkey;owe_process_assoc_resp"),
             (1, "wpabuf_alloc;=owe_process_assoc_resp")]
    for count, func in tests:
        with alloc_fail(dev[0], count, func):
            dev[0].connect("owe",
                           key_mgmt="OWE",
                           owe_group="20",
                           ieee80211w="2",
                           scan_freq="2412",
                           wait_connect=False)
            dev[0].wait_disconnected()
            dev[0].request("REMOVE_NETWORK all")
            dev[0].dump_monitor()

    tests = [(1, "hmac_sha256;owe_process_assoc_resp", 19),
             (1, "hmac_sha256_kdf;owe_process_assoc_resp", 19),
             (1, "hmac_sha384;owe_process_assoc_resp", 20),
             (1, "hmac_sha384_kdf;owe_process_assoc_resp", 20),
             (1, "hmac_sha512;owe_process_assoc_resp", 21),
             (1, "hmac_sha512_kdf;owe_process_assoc_resp", 21)]
    for count, func, group in tests:
        with fail_test(dev[0], count, func):
            dev[0].connect("owe",
                           key_mgmt="OWE",
                           owe_group=str(group),
                           ieee80211w="2",
                           scan_freq="2412",
                           wait_connect=False)
            dev[0].wait_disconnected()
            dev[0].request("REMOVE_NETWORK all")
            dev[0].dump_monitor()

    dev[0].connect("owe",
                   key_mgmt="OWE",
                   owe_group="18",
                   ieee80211w="2",
                   scan_freq="2412",
                   wait_connect=False)
    ev = dev[0].wait_event(["SME: Trying to authenticate"], timeout=5)
    if ev is None:
        raise Exception("No authentication attempt")
    time.sleep(0.5)
    dev[0].request("REMOVE_NETWORK all")
    dev[0].dump_monitor()
Пример #19
0
def test_authsrv_oom(dev, apdev):
    """Authentication server OOM"""
    params = authsrv_params()
    authsrv = hostapd.add_ap(apdev[1], params)

    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
    params['auth_server_port'] = "18128"
    hapd = hostapd.add_ap(apdev[0], params)

    dev[0].scan_for_bss(hapd.own_addr(), 2412)
    with alloc_fail(authsrv, 1, "hostapd_radius_get_eap_user"):
        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
                       eap="TTLS", identity="user",
                       anonymous_identity="ttls", password="******",
                       ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
                       wait_connect=False, scan_freq="2412")
        ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
        if ev is None:
            raise Exception("EAP failure not reported")
    dev[0].request("REMOVE_NETWORK all")
    dev[0].wait_disconnected()
    dev[0].dump_monitor()

    with alloc_fail(authsrv, 1, "srv_log"):
        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
                       eap="TTLS", identity="user",
                       anonymous_identity="ttls", password="******",
                       ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
                       scan_freq="2412")
    dev[0].request("REMOVE_NETWORK all")
    dev[0].wait_disconnected()
    dev[0].dump_monitor()

    with alloc_fail(authsrv, 1, "radius_server_new_session"):
        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
                       eap="TTLS", identity="user",
                       anonymous_identity="ttls", password="******",
                       ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
                       wait_connect=False, scan_freq="2412")
        dev[0].wait_disconnected()
    dev[0].request("REMOVE_NETWORK all")
    dev[0].dump_monitor()

    for count in range(1, 3):
        with alloc_fail(authsrv, count, "=radius_server_get_new_session"):
            dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
                           eap="TTLS", identity="user",
                           anonymous_identity="ttls", password="******",
                           ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
                           wait_connect=False, scan_freq="2412")
            dev[0].wait_disconnected()
        dev[0].request("REMOVE_NETWORK all")
        dev[0].dump_monitor()

    with alloc_fail(authsrv, 1, "eap_server_sm_init"):
        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
                       eap="TTLS", identity="user",
                       anonymous_identity="ttls", password="******",
                       ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
                       wait_connect=False, scan_freq="2412")
        dev[0].wait_disconnected()
    dev[0].request("REMOVE_NETWORK all")
    dev[0].dump_monitor()

    tests = [ "radius_server_encapsulate_eap",
              "radius_server_receive_auth" ]
    for t in tests:
        with alloc_fail(authsrv, 1, t):
            dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
                           eap="TTLS", identity="user",
                           anonymous_identity="ttls", password="******",
                           ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
                           wait_connect=False, scan_freq="2412")
            wait_fail_trigger(authsrv, "GET_ALLOC_FAIL")
        dev[0].request("REMOVE_NETWORK all")
        dev[0].wait_disconnected()
        dev[0].dump_monitor()

    tests = [ "radius_msg_add_attr;radius_server_encapsulate_eap",
              "radius_msg_add_eap;radius_server_encapsulate_eap",
              "radius_msg_finish_srv;radius_server_encapsulate_eap" ]
    for t in tests:
        with fail_test(authsrv, 1, t):
            dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
                           eap="TTLS", identity="user",
                           anonymous_identity="ttls", password="******",
                           ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
                           wait_connect=False, scan_freq="2412")
            wait_fail_trigger(authsrv, "GET_FAIL")
        dev[0].request("REMOVE_NETWORK all")
        dev[0].wait_disconnected()
        dev[0].dump_monitor()

    with alloc_fail(authsrv, 1, "radius_server_get_new_session"):
        with fail_test(authsrv, 1, "radius_msg_add_eap;radius_server_reject"):
            dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
                           eap="TTLS", identity="user",
                           anonymous_identity="ttls", password="******",
                           ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
                           wait_connect=False, scan_freq="2412")
            wait_fail_trigger(authsrv, "GET_FAIL")
        dev[0].request("REMOVE_NETWORK all")
        dev[0].wait_disconnected()
        dev[0].dump_monitor()

    with alloc_fail(authsrv, 1, "radius_server_get_new_session"):
        with fail_test(authsrv, 1,
                       "radius_msg_finish_srv;radius_server_reject"):
            dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
                           eap="TTLS", identity="user",
                           anonymous_identity="ttls", password="******",
                           ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
                           wait_connect=False, scan_freq="2412")
            wait_fail_trigger(authsrv, "GET_FAIL")
        dev[0].request("REMOVE_NETWORK all")
        dev[0].wait_disconnected()
        dev[0].dump_monitor()

    authsrv.disable()
    with alloc_fail(authsrv, 1, "radius_server_init;hostapd_setup_radius_srv"):
        if "FAIL" not in authsrv.request("ENABLE"):
            raise Exception("ENABLE succeeded during OOM")
    with alloc_fail(authsrv, 2, "radius_server_init;hostapd_setup_radius_srv"):
        authsrv.request("ENABLE")
        # This is actually allowed to continue even though memory allocation
        # fails.
    authsrv.disable()

    for count in range(1, 4):
        with alloc_fail(authsrv, count,
                        "radius_server_read_clients;radius_server_init;hostapd_setup_radius_srv"):
            if "FAIL" not in authsrv.request("ENABLE"):
                raise Exception("ENABLE succeeded during OOM")

    with alloc_fail(authsrv, 1, "eloop_sock_table_add_sock;radius_server_init;hostapd_setup_radius_srv"):
        if "FAIL" not in authsrv.request("ENABLE"):
            raise Exception("ENABLE succeeded during OOM")

    with alloc_fail(authsrv, 1, "tls_init;authsrv_init"):
        if "FAIL" not in authsrv.request("ENABLE"):
            raise Exception("ENABLE succeeded during OOM")

    for count in range(1, 3):
        with alloc_fail(authsrv, count, "eap_sim_db_init;authsrv_init"):
            if "FAIL" not in authsrv.request("ENABLE"):
                raise Exception("ENABLE succeeded during OOM")
Пример #20
0
def test_scan_fail(dev, apdev):
    """Scan failures"""
    with fail_test(dev[0], 1, "wpa_driver_nl80211_scan"):
        dev[0].request("DISCONNECT")
        if "OK" not in dev[0].request("SCAN freq=2412"):
            raise Exception("SCAN failed")
        ev = dev[0].wait_event(["CTRL-EVENT-SCAN-FAILED"], timeout=5)
        if ev is None:
            raise Exception("Did not see scan failure event")
    dev[0].dump_monitor()

    for i in range(1, 5):
        with alloc_fail(dev[0], i,
                        "wpa_scan_clone_params;wpa_supplicant_trigger_scan"):
            if "OK" not in dev[0].request("SCAN ssid 112233 freq=2412"):
                raise Exception("SCAN failed")
            ev = dev[0].wait_event(["CTRL-EVENT-SCAN-FAILED"], timeout=5)
            if ev is None:
                raise Exception("Did not see scan failure event")
        dev[0].dump_monitor()

    with alloc_fail(dev[0], 1, "radio_add_work;wpa_supplicant_trigger_scan"):
        if "OK" not in dev[0].request("SCAN freq=2412"):
            raise Exception("SCAN failed")
        ev = dev[0].wait_event(["CTRL-EVENT-SCAN-FAILED"], timeout=5)
        if ev is None:
            raise Exception("Did not see scan failure event")
    dev[0].dump_monitor()

    try:
        if "OK" not in dev[0].request("SET filter_ssids 1"):
            raise Exception("SET failed")
        id = dev[0].connect("test-scan", key_mgmt="NONE", only_add_network=True)
        with alloc_fail(dev[0], 1, "wpa_supplicant_build_filter_ssids"):
            # While the filter list cannot be created due to memory allocation
            # failure, this scan is expected to be completed without SSID
            # filtering.
            if "OK" not in dev[0].request("SCAN freq=2412"):
                raise Exception("SCAN failed")
            ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"])
            if ev is None:
                raise Exception("Scan did not complete")
        dev[0].remove_network(id)
    finally:
        dev[0].request("SET filter_ssids 0")
    dev[0].dump_monitor()

    with alloc_fail(dev[0], 1, "nl80211_get_scan_results"):
        if "OK" not in dev[0].request("SCAN freq=2412"):
            raise Exception("SCAN failed")
        ev = dev[0].wait_event(["CTRL-EVENT-SCAN-STARTED"], timeout=5)
        if ev is None:
            raise Exception("Did not see scan started event")
        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
    dev[0].dump_monitor()

    try:
        if "OK" not in dev[0].request("SET setband 2G"):
            raise Exception("SET setband failed")
        with alloc_fail(dev[0], 1, "=wpa_setband_scan_freqs_list"):
            # While the frequency list cannot be created due to memory
            # allocation failure, this scan is expected to be completed without
            # frequency filtering.
            if "OK" not in dev[0].request("SCAN"):
                raise Exception("SCAN failed")
            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
            dev[0].request("ABORT_SCAN")
            ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"])
            if ev is None:
                raise Exception("Scan did not complete")
    finally:
        dev[0].request("SET setband AUTO")
    dev[0].dump_monitor()

    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
    wpas.interface_add("wlan5")
    wpas.request("SET preassoc_mac_addr 1")
    with fail_test(wpas, 1, "nl80211_set_mac_addr;wpas_trigger_scan_cb"):
        if "OK" not in wpas.request("SCAN freq=2412"):
            raise Exception("SCAN failed")
        ev = wpas.wait_event(["CTRL-EVENT-SCAN-FAILED"], timeout=5)
        if ev is None:
            raise Exception("Did not see scan failure event")
    wpas.request("SET preassoc_mac_addr 0")
    wpas.dump_monitor()

    hapd = hostapd.add_ap(apdev[0], { "ssid": "open" })
    with alloc_fail(dev[0], 1, "wpa_bss_add"):
        dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
Пример #21
0
def test_scan_fail(dev, apdev):
    """Scan failures"""
    with fail_test(dev[0], 1, "wpa_driver_nl80211_scan"):
        dev[0].request("DISCONNECT")
        if "OK" not in dev[0].request("SCAN freq=2412"):
            raise Exception("SCAN failed")
        ev = dev[0].wait_event(["CTRL-EVENT-SCAN-FAILED"], timeout=5)
        if ev is None:
            raise Exception("Did not see scan failure event")
    dev[0].dump_monitor()

    for i in range(1, 5):
        with alloc_fail(dev[0], i,
                        "wpa_scan_clone_params;wpa_supplicant_trigger_scan"):
            if "OK" not in dev[0].request("SCAN ssid 112233 freq=2412"):
                raise Exception("SCAN failed")
            ev = dev[0].wait_event(["CTRL-EVENT-SCAN-FAILED"], timeout=5)
            if ev is None:
                raise Exception("Did not see scan failure event")
        dev[0].dump_monitor()

    with alloc_fail(dev[0], 1, "radio_add_work;wpa_supplicant_trigger_scan"):
        if "OK" not in dev[0].request("SCAN freq=2412"):
            raise Exception("SCAN failed")
        ev = dev[0].wait_event(["CTRL-EVENT-SCAN-FAILED"], timeout=5)
        if ev is None:
            raise Exception("Did not see scan failure event")
    dev[0].dump_monitor()

    try:
        if "OK" not in dev[0].request("SET filter_ssids 1"):
            raise Exception("SET failed")
        id = dev[0].connect("test-scan",
                            key_mgmt="NONE",
                            only_add_network=True)
        with alloc_fail(dev[0], 1, "wpa_supplicant_build_filter_ssids"):
            # While the filter list cannot be created due to memory allocation
            # failure, this scan is expected to be completed without SSID
            # filtering.
            if "OK" not in dev[0].request("SCAN freq=2412"):
                raise Exception("SCAN failed")
            ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"])
            if ev is None:
                raise Exception("Scan did not complete")
        dev[0].remove_network(id)
    finally:
        dev[0].request("SET filter_ssids 0")
    dev[0].dump_monitor()

    with alloc_fail(dev[0], 1, "nl80211_get_scan_results"):
        if "OK" not in dev[0].request("SCAN freq=2412"):
            raise Exception("SCAN failed")
        ev = dev[0].wait_event(["CTRL-EVENT-SCAN-STARTED"], timeout=5)
        if ev is None:
            raise Exception("Did not see scan started event")
        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
    dev[0].dump_monitor()

    try:
        if "OK" not in dev[0].request("SET setband 2G"):
            raise Exception("SET setband failed")
        with alloc_fail(dev[0], 1, "=wpa_setband_scan_freqs_list"):
            # While the frequency list cannot be created due to memory
            # allocation failure, this scan is expected to be completed without
            # frequency filtering.
            if "OK" not in dev[0].request("SCAN"):
                raise Exception("SCAN failed")
            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
            dev[0].request("ABORT_SCAN")
            ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"])
            if ev is None:
                raise Exception("Scan did not complete")
    finally:
        dev[0].request("SET setband AUTO")
    dev[0].dump_monitor()

    wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
    wpas.interface_add("wlan5")
    wpas.request("SET preassoc_mac_addr 1")
    with fail_test(wpas, 1, "nl80211_set_mac_addr;wpas_trigger_scan_cb"):
        if "OK" not in wpas.request("SCAN freq=2412"):
            raise Exception("SCAN failed")
        ev = wpas.wait_event(["CTRL-EVENT-SCAN-FAILED"], timeout=5)
        if ev is None:
            raise Exception("Did not see scan failure event")
    wpas.request("SET preassoc_mac_addr 0")
    wpas.dump_monitor()

    hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
    with alloc_fail(dev[0], 1, "wpa_bss_add"):
        dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
Пример #22
0
def test_ibss_rsn_eapol_trigger(dev):
    """IBSS RSN and EAPOL trigger for a new peer"""
    ssid = "ibss-rsn"

    id = add_ibss_rsn(dev[0], ssid, scan_freq=2412)
    connect_ibss_cmd(dev[0], id)
    bssid0 = wait_ibss_connection(dev[0])

    send_eapol_rx(dev[0], "02:ff:00:00:00:01")
    send_eapol_rx(dev[0], "02:ff:00:00:00:01")

    dst = "02:ff:00:00:00:01"
    logger.info("Too short EAPOL frame")
    if "OK" not in dev[0].request("EAPOL_RX %s 0203005e02008a001000000000000000013a54fb19d8a785f5986bdc2ba800553550bc9513e6603eb50809154588c22b1100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" % dst):
        raise Exception("EAPOL_RX for %s failed" % dst)
    logger.info("RSN: EAPOL frame (type 255) discarded, not a Key frame")
    if "OK" not in dev[0].request("EAPOL_RX %s 02ff005f02008a001000000000000000013a54fb19d8a785f5986bdc2ba800553550bc9513e6603eb50809154588c22b110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" % dst):
        raise Exception("EAPOL_RX for %s failed" % dst)
    logger.info("RSN: EAPOL frame payload size 96 invalid (frame size 99)")
    if "OK" not in dev[0].request("EAPOL_RX %s 0203006002008a001000000000000000013a54fb19d8a785f5986bdc2ba800553550bc9513e6603eb50809154588c22b110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" % dst):
        raise Exception("EAPOL_RX for %s failed" % dst)
    logger.info("RSN: EAPOL-Key type (255) unknown, discarded")
    if "OK" not in dev[0].request("EAPOL_RX %s 0203005fff008a001000000000000000013a54fb19d8a785f5986bdc2ba800553550bc9513e6603eb50809154588c22b110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" % dst):
        raise Exception("EAPOL_RX for %s failed" % dst)

    with alloc_fail(dev[0], 1, "ibss_rsn_rx_eapol"):
        send_eapol_rx(dev[0], "02:ff:00:00:00:02")
        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")

    with alloc_fail(dev[0], 1, "wpa_auth_sta_init;ibss_rsn_auth_init"):
        send_eapol_rx(dev[0], "02:ff:00:00:00:03")
        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")

    with alloc_fail(dev[0], 1, "=ibss_rsn_peer_init"):
        send_eapol_rx(dev[0], "02:ff:00:00:00:04")
        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")

    with alloc_fail(dev[0], 1, "ibss_rsn_process_rx_eapol"):
        send_eapol_rx(dev[0], "02:ff:00:00:00:05")
        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")

    with alloc_fail(dev[0], 1,
                    "wpa_sm_set_assoc_wpa_ie_default;ibss_rsn_supp_init"):
        send_eapol_rx(dev[0], "02:ff:00:00:00:06")
        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")

    with alloc_fail(dev[0], 1, "wpa_sm_init;ibss_rsn_supp_init"):
        send_eapol_rx(dev[0], "02:ff:00:00:00:07")
        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")

    with alloc_fail(dev[0], 1, "=ibss_rsn_supp_init"):
        send_eapol_rx(dev[0], "02:ff:00:00:00:08")
        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")

    with alloc_fail(dev[0], 1, "supp_alloc_eapol"):
        send_eapol_rx(dev[0], "02:ff:00:00:00:09")
        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")

    with alloc_fail(dev[0], 1, "wpa_validate_wpa_ie;ibss_rsn_auth_init"):
        send_eapol_rx(dev[0], "02:ff:00:00:00:0a")
        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")

    logger.info("RSN: Timeout on waiting Authentication frame response")
    if "OK" not in dev[0].request("IBSS_RSN 02:ff:00:00:00:0b"):
        raise Exception("Unexpected IBSS_RSN result")
    time.sleep(1.1)
Пример #23
0
def test_owe_local_errors(dev, apdev):
    """Opportunistic Wireless Encryption - local errors on supplicant"""
    if "OWE" not in dev[0].get_capability("key_mgmt"):
        raise HwsimSkip("OWE not supported")
    params = {"ssid": "owe",
              "wpa": "2",
              "ieee80211w": "2",
              "wpa_key_mgmt": "OWE",
              "rsn_pairwise": "CCMP"}
    hapd = hostapd.add_ap(apdev[0], params)
    bssid = hapd.own_addr()

    dev[0].scan_for_bss(bssid, freq="2412")

    tests = [(1, "crypto_ecdh_init;owe_build_assoc_req"),
             (1, "crypto_ecdh_get_pubkey;owe_build_assoc_req"),
             (1, "wpabuf_alloc;owe_build_assoc_req")]
    for count, func in tests:
        with alloc_fail(dev[0], count, func):
            dev[0].connect("owe", key_mgmt="OWE", owe_group="20",
                           ieee80211w="2",
                           scan_freq="2412", wait_connect=False)
            wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
            dev[0].request("REMOVE_NETWORK all")
            dev[0].dump_monitor()

    tests = [(1, "crypto_ecdh_set_peerkey;owe_process_assoc_resp"),
             (1, "crypto_ecdh_get_pubkey;owe_process_assoc_resp"),
             (1, "wpabuf_alloc;=owe_process_assoc_resp")]
    for count, func in tests:
        with alloc_fail(dev[0], count, func):
            dev[0].connect("owe", key_mgmt="OWE", owe_group="20",
                           ieee80211w="2",
                           scan_freq="2412", wait_connect=False)
            dev[0].wait_disconnected()
            dev[0].request("REMOVE_NETWORK all")
            dev[0].dump_monitor()

    tests = [(1, "hmac_sha256;owe_process_assoc_resp", 19),
             (1, "hmac_sha256_kdf;owe_process_assoc_resp", 19),
             (1, "hmac_sha384;owe_process_assoc_resp", 20),
             (1, "hmac_sha384_kdf;owe_process_assoc_resp", 20),
             (1, "hmac_sha512;owe_process_assoc_resp", 21),
             (1, "hmac_sha512_kdf;owe_process_assoc_resp", 21)]
    for count, func, group in tests:
        with fail_test(dev[0], count, func):
            dev[0].connect("owe", key_mgmt="OWE", owe_group=str(group),
                           ieee80211w="2",
                           scan_freq="2412", wait_connect=False)
            dev[0].wait_disconnected()
            dev[0].request("REMOVE_NETWORK all")
            dev[0].dump_monitor()

    dev[0].connect("owe", key_mgmt="OWE", owe_group="18",
                   ieee80211w="2",
                   scan_freq="2412", wait_connect=False)
    ev = dev[0].wait_event(["SME: Trying to authenticate"], timeout=5)
    if ev is None:
        raise Exception("No authentication attempt")
    time.sleep(0.5)
    dev[0].request("REMOVE_NETWORK all")
    dev[0].dump_monitor()
Пример #24
0
def test_tnc_ttls_errors(dev, apdev):
    """TNC TTLS local error cases"""
    if not os.path.exists("tnc/libhostap_imc.so"):
        raise HwsimSkip("No IMC installed")
    check_eap_capa(dev[0], "MSCHAPV2")

    params = int_eap_server_params()
    params["tnc"] = "1"
    params["fragment_size"] = "150"
    hostapd.add_ap(apdev[0]['ifname'], params)

    tests = [
        (1, "eap_ttls_process_phase2_eap;eap_ttls_process_tnc_start",
         "DOMAIN\mschapv2 user", "auth=MSCHAPV2"),
        (1, "eap_ttls_process_phase2_eap;eap_ttls_process_tnc_start",
         "mschap user", "auth=MSCHAP"),
        (1, "=eap_tnc_init", "chap user", "auth=CHAP"),
        (1, "tncc_init;eap_tnc_init", "pap user", "auth=PAP"),
        (1, "eap_msg_alloc;eap_tnc_build_frag_ack", "pap user", "auth=PAP"),
        (1, "eap_msg_alloc;eap_tnc_build_msg", "pap user", "auth=PAP"),
        (1, "wpabuf_alloc;=eap_tnc_process_fragment", "pap user", "auth=PAP"),
        (1, "eap_msg_alloc;=eap_tnc_process", "pap user", "auth=PAP"),
        (1, "wpabuf_alloc;=eap_tnc_process", "pap user", "auth=PAP"),
        (1, "dup_binstr;tncc_process_if_tnccs", "pap user", "auth=PAP"),
        (1, "tncc_get_base64;tncc_process_if_tnccs", "pap user", "auth=PAP"),
        (1, "tncc_if_tnccs_start", "pap user", "auth=PAP"),
        (1, "tncc_if_tnccs_end", "pap user", "auth=PAP"),
        (1, "tncc_parse_imc", "pap user", "auth=PAP"),
        (2, "tncc_parse_imc", "pap user", "auth=PAP"),
        (3, "tncc_parse_imc", "pap user", "auth=PAP"),
        (1, "os_readfile;tncc_read_config", "pap user", "auth=PAP"),
        (1, "tncc_init", "pap user", "auth=PAP"),
        (1, "TNC_TNCC_ReportMessageTypes", "pap user", "auth=PAP"),
        (1, "base64_encode;TNC_TNCC_SendMessage", "pap user", "auth=PAP"),
        (1, "=TNC_TNCC_SendMessage", "pap user", "auth=PAP"),
        (1, "tncc_get_base64;tncc_process_if_tnccs", "pap user", "auth=PAP")
    ]
    for count, func, identity, phase2 in tests:
        with alloc_fail(dev[0], count, func):
            dev[0].connect("test-wpa2-eap",
                           key_mgmt="WPA-EAP",
                           scan_freq="2412",
                           eap="TTLS",
                           anonymous_identity="ttls",
                           identity=identity,
                           password="******",
                           ca_cert="auth_serv/ca.pem",
                           phase2=phase2,
                           fragment_size="150",
                           wait_connect=False)
            ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
                                   timeout=15)
            if ev is None:
                raise Exception("Timeout on EAP start")
            wait_fail_trigger(
                dev[0],
                "GET_ALLOC_FAIL",
                note="Allocation failure not triggered for: %d:%s" %
                (count, func))
            dev[0].request("REMOVE_NETWORK all")
            dev[0].wait_disconnected()
            dev[0].dump_monitor()
Пример #25
0
def test_erp_local_errors(dev, apdev):
    """ERP and local error cases"""
    check_erp_capa(dev[0])
    params = int_eap_server_params()
    params['erp_send_reauth_start'] = '1'
    params['erp_domain'] = 'example.com'
    params['eap_server_erp'] = '1'
    params['disable_pmksa_caching'] = '1'
    hapd = hostapd.add_ap(apdev[0], params)

    dev[0].request("ERP_FLUSH")
    with alloc_fail(dev[0], 1, "eap_peer_erp_init"):
        dev[0].connect("test-wpa2-eap",
                       key_mgmt="WPA-EAP",
                       eap="TTLS",
                       identity="*****@*****.**",
                       anonymous_identity="*****@*****.**",
                       password="******",
                       ca_cert="auth_serv/ca.pem",
                       phase2="auth=PAP",
                       erp="1",
                       scan_freq="2412")
        dev[0].request("REMOVE_NETWORK all")
        dev[0].wait_disconnected()

    for count in range(1, 6):
        dev[0].request("ERP_FLUSH")
        with fail_test(dev[0], count, "hmac_sha256_kdf;eap_peer_erp_init"):
            dev[0].connect("test-wpa2-eap",
                           key_mgmt="WPA-EAP",
                           eap="TTLS",
                           identity="*****@*****.**",
                           anonymous_identity="*****@*****.**",
                           password="******",
                           ca_cert="auth_serv/ca.pem",
                           phase2="auth=PAP",
                           erp="1",
                           scan_freq="2412")
            dev[0].request("REMOVE_NETWORK all")
            dev[0].wait_disconnected()

    dev[0].request("ERP_FLUSH")
    with alloc_fail(dev[0], 1, "eap_msg_alloc;eap_peer_erp_reauth_start"):
        dev[0].connect("test-wpa2-eap",
                       key_mgmt="WPA-EAP",
                       eap="TTLS",
                       identity="*****@*****.**",
                       anonymous_identity="*****@*****.**",
                       password="******",
                       ca_cert="auth_serv/ca.pem",
                       phase2="auth=PAP",
                       erp="1",
                       scan_freq="2412")
        dev[0].request("DISCONNECT")
        dev[0].wait_disconnected(timeout=15)
        dev[0].request("RECONNECT")
        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
        dev[0].request("REMOVE_NETWORK all")
        dev[0].wait_disconnected()

    dev[0].request("ERP_FLUSH")
    with fail_test(dev[0], 1, "hmac_sha256;eap_peer_erp_reauth_start"):
        dev[0].connect("test-wpa2-eap",
                       key_mgmt="WPA-EAP",
                       eap="TTLS",
                       identity="*****@*****.**",
                       anonymous_identity="*****@*****.**",
                       password="******",
                       ca_cert="auth_serv/ca.pem",
                       phase2="auth=PAP",
                       erp="1",
                       scan_freq="2412")
        dev[0].request("DISCONNECT")
        dev[0].wait_disconnected(timeout=15)
        dev[0].request("RECONNECT")
        wait_fail_trigger(dev[0], "GET_FAIL")
        dev[0].request("REMOVE_NETWORK all")
        dev[0].wait_disconnected()

    dev[0].request("ERP_FLUSH")
    with fail_test(dev[0], 1, "hmac_sha256;eap_peer_finish"):
        dev[0].connect("test-wpa2-eap",
                       key_mgmt="WPA-EAP",
                       eap="TTLS",
                       identity="*****@*****.**",
                       anonymous_identity="*****@*****.**",
                       password="******",
                       ca_cert="auth_serv/ca.pem",
                       phase2="auth=PAP",
                       erp="1",
                       scan_freq="2412")
        dev[0].request("DISCONNECT")
        dev[0].wait_disconnected(timeout=15)
        dev[0].request("RECONNECT")
        wait_fail_trigger(dev[0], "GET_FAIL")
        dev[0].request("REMOVE_NETWORK all")
        dev[0].wait_disconnected()

    dev[0].request("ERP_FLUSH")
    with alloc_fail(dev[0], 1, "eap_peer_erp_init"):
        dev[0].connect("test-wpa2-eap",
                       key_mgmt="WPA-EAP",
                       eap="TTLS",
                       identity="*****@*****.**",
                       anonymous_identity="*****@*****.**",
                       password="******",
                       ca_cert="auth_serv/ca.pem",
                       phase2="auth=PAP",
                       erp="1",
                       scan_freq="2412")
        dev[0].request("DISCONNECT")
        dev[0].wait_disconnected(timeout=15)

    dev[0].request("ERP_FLUSH")
    with alloc_fail(dev[0], 1, "eap_peer_finish"):
        dev[0].connect("test-wpa2-eap",
                       key_mgmt="WPA-EAP",
                       eap="TTLS",
                       identity="*****@*****.**",
                       anonymous_identity="*****@*****.**",
                       password="******",
                       ca_cert="auth_serv/ca.pem",
                       phase2="auth=PAP",
                       erp="1",
                       scan_freq="2412")
        dev[0].request("DISCONNECT")
        dev[0].wait_disconnected(timeout=15)
        dev[0].request("RECONNECT")
        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
        dev[0].request("REMOVE_NETWORK all")
        dev[0].wait_disconnected()

    dev[0].request("ERP_FLUSH")
    with fail_test(dev[0], 1, "hmac_sha256_kdf;eap_peer_finish"):
        dev[0].connect("test-wpa2-eap",
                       key_mgmt="WPA-EAP",
                       eap="TTLS",
                       identity="*****@*****.**",
                       anonymous_identity="*****@*****.**",
                       password="******",
                       ca_cert="auth_serv/ca.pem",
                       phase2="auth=PAP",
                       erp="1",
                       scan_freq="2412")
        dev[0].request("DISCONNECT")
        dev[0].wait_disconnected(timeout=15)
        dev[0].request("RECONNECT")
        wait_fail_trigger(dev[0], "GET_FAIL")
        dev[0].request("REMOVE_NETWORK all")
        dev[0].wait_disconnected()
Пример #26
0
def test_authsrv_oom(dev, apdev):
    """Authentication server OOM"""
    params = authsrv_params()
    authsrv = hostapd.add_ap(apdev[1], params)

    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
    params['auth_server_port'] = "18128"
    hapd = hostapd.add_ap(apdev[0], params)

    dev[0].scan_for_bss(hapd.own_addr(), 2412)
    with alloc_fail(authsrv, 1, "hostapd_radius_get_eap_user"):
        dev[0].connect("test-wpa2-eap",
                       key_mgmt="WPA-EAP",
                       eap="TTLS",
                       identity="user",
                       anonymous_identity="ttls",
                       password="******",
                       ca_cert="auth_serv/ca.pem",
                       phase2="autheap=GTC",
                       wait_connect=False,
                       scan_freq="2412")
        ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
        if ev is None:
            raise Exception("EAP failure not reported")
    dev[0].request("REMOVE_NETWORK all")
    dev[0].wait_disconnected()
    dev[0].dump_monitor()

    with alloc_fail(authsrv, 1, "srv_log"):
        dev[0].connect("test-wpa2-eap",
                       key_mgmt="WPA-EAP",
                       eap="TTLS",
                       identity="user",
                       anonymous_identity="ttls",
                       password="******",
                       ca_cert="auth_serv/ca.pem",
                       phase2="autheap=GTC",
                       scan_freq="2412")
    dev[0].request("REMOVE_NETWORK all")
    dev[0].wait_disconnected()
    dev[0].dump_monitor()

    with alloc_fail(authsrv, 1, "radius_server_new_session"):
        dev[0].connect("test-wpa2-eap",
                       key_mgmt="WPA-EAP",
                       eap="TTLS",
                       identity="user",
                       anonymous_identity="ttls",
                       password="******",
                       ca_cert="auth_serv/ca.pem",
                       phase2="autheap=GTC",
                       wait_connect=False,
                       scan_freq="2412")
        dev[0].wait_disconnected()
    dev[0].request("REMOVE_NETWORK all")
    dev[0].dump_monitor()

    for count in range(1, 3):
        with alloc_fail(authsrv, count, "=radius_server_get_new_session"):
            dev[0].connect("test-wpa2-eap",
                           key_mgmt="WPA-EAP",
                           eap="TTLS",
                           identity="user",
                           anonymous_identity="ttls",
                           password="******",
                           ca_cert="auth_serv/ca.pem",
                           phase2="autheap=GTC",
                           wait_connect=False,
                           scan_freq="2412")
            dev[0].wait_disconnected()
        dev[0].request("REMOVE_NETWORK all")
        dev[0].dump_monitor()

    with alloc_fail(authsrv, 1, "eap_server_sm_init"):
        dev[0].connect("test-wpa2-eap",
                       key_mgmt="WPA-EAP",
                       eap="TTLS",
                       identity="user",
                       anonymous_identity="ttls",
                       password="******",
                       ca_cert="auth_serv/ca.pem",
                       phase2="autheap=GTC",
                       wait_connect=False,
                       scan_freq="2412")
        dev[0].wait_disconnected()
    dev[0].request("REMOVE_NETWORK all")
    dev[0].dump_monitor()

    tests = ["radius_server_encapsulate_eap", "radius_server_receive_auth"]
    for t in tests:
        with alloc_fail(authsrv, 1, t):
            dev[0].connect("test-wpa2-eap",
                           key_mgmt="WPA-EAP",
                           eap="TTLS",
                           identity="user",
                           anonymous_identity="ttls",
                           password="******",
                           ca_cert="auth_serv/ca.pem",
                           phase2="autheap=GTC",
                           wait_connect=False,
                           scan_freq="2412")
            wait_fail_trigger(authsrv, "GET_ALLOC_FAIL")
        dev[0].request("REMOVE_NETWORK all")
        dev[0].wait_disconnected()
        dev[0].dump_monitor()

    tests = [
        "radius_msg_add_attr;radius_server_encapsulate_eap",
        "radius_msg_add_eap;radius_server_encapsulate_eap",
        "radius_msg_finish_srv;radius_server_encapsulate_eap"
    ]
    for t in tests:
        with fail_test(authsrv, 1, t):
            dev[0].connect("test-wpa2-eap",
                           key_mgmt="WPA-EAP",
                           eap="TTLS",
                           identity="user",
                           anonymous_identity="ttls",
                           password="******",
                           ca_cert="auth_serv/ca.pem",
                           phase2="autheap=GTC",
                           wait_connect=False,
                           scan_freq="2412")
            wait_fail_trigger(authsrv, "GET_FAIL")
        dev[0].request("REMOVE_NETWORK all")
        dev[0].wait_disconnected()
        dev[0].dump_monitor()

    with alloc_fail(authsrv, 1, "radius_server_get_new_session"):
        with fail_test(authsrv, 1, "radius_msg_add_eap;radius_server_reject"):
            dev[0].connect("test-wpa2-eap",
                           key_mgmt="WPA-EAP",
                           eap="TTLS",
                           identity="user",
                           anonymous_identity="ttls",
                           password="******",
                           ca_cert="auth_serv/ca.pem",
                           phase2="autheap=GTC",
                           wait_connect=False,
                           scan_freq="2412")
            wait_fail_trigger(authsrv, "GET_FAIL")
        dev[0].request("REMOVE_NETWORK all")
        dev[0].wait_disconnected()
        dev[0].dump_monitor()

    with alloc_fail(authsrv, 1, "radius_server_get_new_session"):
        with fail_test(authsrv, 1,
                       "radius_msg_finish_srv;radius_server_reject"):
            dev[0].connect("test-wpa2-eap",
                           key_mgmt="WPA-EAP",
                           eap="TTLS",
                           identity="user",
                           anonymous_identity="ttls",
                           password="******",
                           ca_cert="auth_serv/ca.pem",
                           phase2="autheap=GTC",
                           wait_connect=False,
                           scan_freq="2412")
            wait_fail_trigger(authsrv, "GET_FAIL")
        dev[0].request("REMOVE_NETWORK all")
        dev[0].wait_disconnected()
        dev[0].dump_monitor()

    authsrv.disable()
    with alloc_fail(authsrv, 1, "radius_server_init;hostapd_setup_radius_srv"):
        if "FAIL" not in authsrv.request("ENABLE"):
            raise Exception("ENABLE succeeded during OOM")
    with alloc_fail(authsrv, 2, "radius_server_init;hostapd_setup_radius_srv"):
        if "FAIL" not in authsrv.request("ENABLE"):
            raise Exception("ENABLE succeeded during OOM")

    for count in range(1, 4):
        with alloc_fail(
                authsrv, count,
                "radius_server_read_clients;radius_server_init;hostapd_setup_radius_srv"
        ):
            if "FAIL" not in authsrv.request("ENABLE"):
                raise Exception("ENABLE succeeded during OOM")

    with alloc_fail(
            authsrv, 1,
            "eloop_sock_table_add_sock;radius_server_init;hostapd_setup_radius_srv"
    ):
        if "FAIL" not in authsrv.request("ENABLE"):
            raise Exception("ENABLE succeeded during OOM")

    with alloc_fail(authsrv, 1, "tls_init;authsrv_init"):
        if "FAIL" not in authsrv.request("ENABLE"):
            raise Exception("ENABLE succeeded during OOM")

    for count in range(1, 3):
        with alloc_fail(authsrv, count, "eap_sim_db_init;authsrv_init"):
            if "FAIL" not in authsrv.request("ENABLE"):
                raise Exception("ENABLE succeeded during OOM")
Пример #27
0
def test_ibss_rsn_eapol_trigger(dev):
    """IBSS RSN and EAPOL trigger for a new peer"""
    ssid = "ibss-rsn"

    id = add_ibss_rsn(dev[0], ssid, scan_freq=2412)
    connect_ibss_cmd(dev[0], id)
    bssid0 = wait_ibss_connection(dev[0])

    send_eapol_rx(dev[0], "02:ff:00:00:00:01")
    send_eapol_rx(dev[0], "02:ff:00:00:00:01")

    dst = "02:ff:00:00:00:01"
    logger.info("Too short EAPOL frame")
    if "OK" not in dev[0].request("EAPOL_RX %s 0203005e02008a001000000000000000013a54fb19d8a785f5986bdc2ba800553550bc9513e6603eb50809154588c22b1100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" % dst):
        raise Exception("EAPOL_RX for %s failed" % dst)
    logger.info("RSN: EAPOL frame (type 255) discarded, not a Key frame")
    if "OK" not in dev[0].request("EAPOL_RX %s 02ff005f02008a001000000000000000013a54fb19d8a785f5986bdc2ba800553550bc9513e6603eb50809154588c22b110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" % dst):
        raise Exception("EAPOL_RX for %s failed" % dst)
    logger.info("RSN: EAPOL frame payload size 96 invalid (frame size 99)")
    if "OK" not in dev[0].request("EAPOL_RX %s 0203006002008a001000000000000000013a54fb19d8a785f5986bdc2ba800553550bc9513e6603eb50809154588c22b110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" % dst):
        raise Exception("EAPOL_RX for %s failed" % dst)
    logger.info("RSN: EAPOL-Key type (255) unknown, discarded")
    if "OK" not in dev[0].request("EAPOL_RX %s 0203005fff008a001000000000000000013a54fb19d8a785f5986bdc2ba800553550bc9513e6603eb50809154588c22b110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" % dst):
        raise Exception("EAPOL_RX for %s failed" % dst)

    with alloc_fail(dev[0], 1, "ibss_rsn_rx_eapol"):
        send_eapol_rx(dev[0], "02:ff:00:00:00:02")
        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")

    with alloc_fail(dev[0], 1, "wpa_auth_sta_init;ibss_rsn_auth_init"):
        send_eapol_rx(dev[0], "02:ff:00:00:00:03")
        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")

    with alloc_fail(dev[0], 1, "=ibss_rsn_peer_init"):
        send_eapol_rx(dev[0], "02:ff:00:00:00:04")
        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")

    with alloc_fail(dev[0], 1, "ibss_rsn_process_rx_eapol"):
        send_eapol_rx(dev[0], "02:ff:00:00:00:05")
        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")

    with alloc_fail(dev[0], 1,
                    "wpa_sm_set_assoc_wpa_ie_default;ibss_rsn_supp_init"):
        send_eapol_rx(dev[0], "02:ff:00:00:00:06")
        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")

    with alloc_fail(dev[0], 1, "wpa_sm_init;ibss_rsn_supp_init"):
        send_eapol_rx(dev[0], "02:ff:00:00:00:07")
        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")

    with alloc_fail(dev[0], 1, "=ibss_rsn_supp_init"):
        send_eapol_rx(dev[0], "02:ff:00:00:00:08")
        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")

    with alloc_fail(dev[0], 1, "supp_alloc_eapol"):
        send_eapol_rx(dev[0], "02:ff:00:00:00:09")
        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")

    with alloc_fail(dev[0], 1, "wpa_validate_wpa_ie;ibss_rsn_auth_init"):
        send_eapol_rx(dev[0], "02:ff:00:00:00:0a")
        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")

    logger.info("RSN: Timeout on waiting Authentication frame response")
    if "OK" not in dev[0].request("IBSS_RSN 02:ff:00:00:00:0b"):
        raise Exception("Unexpected IBSS_RSN result")
    time.sleep(1.1)
Пример #28
0
def test_erp_local_errors(dev, apdev):
    """ERP and local error cases"""
    check_erp_capa(dev[0])
    params = int_eap_server_params()
    params['erp_send_reauth_start'] = '1'
    params['erp_domain'] = 'example.com'
    params['eap_server_erp'] = '1'
    params['disable_pmksa_caching'] = '1'
    hapd = hostapd.add_ap(apdev[0]['ifname'], params)

    dev[0].request("ERP_FLUSH")
    with alloc_fail(dev[0], 1, "eap_peer_erp_init"):
        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
                       identity="*****@*****.**",
                       anonymous_identity="*****@*****.**",
                       password="******",
                       ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
                       erp="1", scan_freq="2412")
        dev[0].request("REMOVE_NETWORK all")
        dev[0].wait_disconnected()

    for count in range(1, 6):
        dev[0].request("ERP_FLUSH")
        with fail_test(dev[0], count, "hmac_sha256_kdf;eap_peer_erp_init"):
            dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
                           identity="*****@*****.**",
                           anonymous_identity="*****@*****.**",
                           password="******",
                           ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
                           erp="1", scan_freq="2412")
            dev[0].request("REMOVE_NETWORK all")
            dev[0].wait_disconnected()

    dev[0].request("ERP_FLUSH")
    with alloc_fail(dev[0], 1, "eap_msg_alloc;eap_peer_erp_reauth_start"):
        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
                       identity="*****@*****.**",
                       anonymous_identity="*****@*****.**",
                       password="******",
                       ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
                       erp="1", scan_freq="2412")
        dev[0].request("DISCONNECT")
        dev[0].wait_disconnected(timeout=15)
        dev[0].request("RECONNECT")
        wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
        dev[0].request("REMOVE_NETWORK all")
        dev[0].wait_disconnected()

    dev[0].request("ERP_FLUSH")
    with fail_test(dev[0], 1, "hmac_sha256;eap_peer_erp_reauth_start"):
        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
                       identity="*****@*****.**",
                       anonymous_identity="*****@*****.**",
                       password="******",
                       ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
                       erp="1", scan_freq="2412")
        dev[0].request("DISCONNECT")
        dev[0].wait_disconnected(timeout=15)
        dev[0].request("RECONNECT")
        wait_fail_trigger(dev[0], "GET_FAIL")
        dev[0].request("REMOVE_NETWORK all")
        dev[0].wait_disconnected()

    dev[0].request("ERP_FLUSH")
    with fail_test(dev[0], 1, "hmac_sha256;eap_peer_finish"):
        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
                       identity="*****@*****.**",
                       anonymous_identity="*****@*****.**",
                       password="******",
                       ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
                       erp="1", scan_freq="2412")
        dev[0].request("DISCONNECT")
        dev[0].wait_disconnected(timeout=15)
        dev[0].request("RECONNECT")
        wait_fail_trigger(dev[0], "GET_FAIL")
        dev[0].request("REMOVE_NETWORK all")
        dev[0].wait_disconnected()