From patchwork Sun Jan 8 07:51:53 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Veerendranath Jakkam X-Patchwork-Id: 1722932 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=gjm3LWt+; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=quicinc.com header.i=@quicinc.com header.a=rsa-sha256 header.s=qcppdkim1 header.b=kBsapv2f; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4NqTr36lpyz23g4 for ; Sun, 8 Jan 2023 18:54:42 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-ID:Date:Subject:CC:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=hkbbBc7kTKrK3o6b/2a6hf92cRlRBvb5qXUfGgH7TxU=; b=gjm3LWt+sRvGHN n/V842KFO9PyLITX9BL6ltCI/Zc4sovB8HwVTHZoFTrnMVBTJyrasVJQq5Jut0OJCbyS/uf+JKckx FbRsAB4tHkn35ATA4+i7zG2G6Cae8cnWkSQINgTbokDRzMgSSMu90QI8WOymggIJektH9nXz/jNff PHfFGeZfHrgUxL71ZVyxvQ8S36c2SG/cmHwh1j3lM7X/FV4m5tmhMTds+mnKiCiI66qfW30q29jKe g7Yca7hXYnE2C4GsnF7uHUHt8NxCVBINES9dZZY8ZL/9ix4IP38fRprmTnJMNpHOWPU7g2qtCCevJ l3GQd+r8CCaqTd2y3DBQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1pEQUx-00C2dk-F3; Sun, 08 Jan 2023 07:53:43 +0000 Received: from mx0a-0031df01.pphosted.com ([205.220.168.131]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1pEQUc-00C2Zm-H6 for hostap@lists.infradead.org; Sun, 08 Jan 2023 07:53:24 +0000 Received: from pps.filterd (m0279866.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 3087qqfC026683 for ; Sun, 8 Jan 2023 07:53:22 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=qcppdkim1; bh=HgCR6gzM5/1pKCSz3RM+Kk5nZY87C3KLTPR2vx4mqOU=; b=kBsapv2fLgrI7rzdFRXiZ/mFR6MTM1dwn862lfmcRdtoDM0P5mwuXZWW0v5goaMql2Bw Ml9aHTzt1ZDdQZt4EXuwHs7Qc1JXXxoLPDOjW34MfofnFsbvaSTipZ/njOfF73PS862h KpEhMko8NPgGNYDEdiR+uePQERsF4ScLwg+trg1j4UGV/lghog1++NsAFOwzYAiH/mgH Nrojji+XwquakISkmChG9Dk9LOsBqstiyWFfSs66BRyq3rPrGweAG1nfAAN1nVSTqrvD y2LkQUvcuwGeRnXeBc3PyloSdq29g53qYDDj0bbigPgTFgZoot/tgPaG2aPFV0KaUOsv pQ== Received: from nalasppmta01.qualcomm.com (Global_NAT1.qualcomm.com [129.46.96.20]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3my21fs6u4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Sun, 08 Jan 2023 07:53:22 +0000 Received: from nalasex01a.na.qualcomm.com (nalasex01a.na.qualcomm.com [10.47.209.196]) by NALASPPMTA01.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id 3087rL1i030031 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Sun, 8 Jan 2023 07:53:21 GMT Received: from cnss-mw-linux.qualcomm.com (10.80.80.8) by nalasex01a.na.qualcomm.com (10.47.209.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.36; Sat, 7 Jan 2023 23:53:19 -0800 From: Veerendranath Jakkam To: CC: Subject: [PATCH 6/6] tests: Add PASN authentication with random own mac address Date: Sun, 8 Jan 2023 13:21:53 +0530 Message-ID: <20230108075153.2660815-7-quic_vjakkam@quicinc.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230108075153.2660815-1-quic_vjakkam@quicinc.com> References: <20230108075153.2660815-1-quic_vjakkam@quicinc.com> MIME-Version: 1.0 X-Originating-IP: [10.80.80.8] X-ClientProxiedBy: nasanex01b.na.qualcomm.com (10.46.141.250) To nalasex01a.na.qualcomm.com (10.47.209.196) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-ORIG-GUID: RbsW4NQ_6HZrfdnMYOYpSLSNuPrujT_0 X-Proofpoint-GUID: RbsW4NQ_6HZrfdnMYOYpSLSNuPrujT_0 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.923,Hydra:6.0.545,FMLib:17.11.122.1 definitions=2023-01-08_04,2023-01-06_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 impostorscore=0 bulkscore=0 malwarescore=0 mlxscore=0 lowpriorityscore=0 clxscore=1015 adultscore=0 priorityscore=1501 mlxlogscore=999 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301080053 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230107_235322_663611_ACD126AF X-CRM114-Status: GOOD ( 16.61 ) X-Spam-Score: 2.7 (++) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Test case to check PASN authentication with random own mac address if underlying driver/hardware supports it, otherwise skip the test case. Signed-off-by: Vinay Gannevaram Signed-off-by: Veerendranath Jakkam --- tests/hwsim/test_pasn.py | 45 +++++++++++++++++++++++++++++++++------- 1 [...] Content analysis details: (2.7 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS [129.46.96.20 listed in zen.spamhaus.org] -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [205.220.168.131 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Test case to check PASN authentication with random own mac address if underlying driver/hardware supports it, otherwise skip the test case. Signed-off-by: Vinay Gannevaram Signed-off-by: Veerendranath Jakkam --- tests/hwsim/test_pasn.py | 45 +++++++++++++++++++++++++++++++++------- 1 file changed, 38 insertions(+), 7 deletions(-) diff --git a/tests/hwsim/test_pasn.py b/tests/hwsim/test_pasn.py index 6f7a806f5..826609c27 100644 --- a/tests/hwsim/test_pasn.py +++ b/tests/hwsim/test_pasn.py @@ -27,6 +27,11 @@ def check_pasn_capab(dev): if "PASN" not in dev.get_capability("auth_alg"): raise HwsimSkip("PASN not supported") +def check_pasn_random_ta_capab(dev): + res = dev.get_capability("auth_rand_mac") + if res is None or 'RANDOM-TA' not in res: + raise HwsimSkip("PASN random TA not supported") + def pasn_ap_params(akmp="PASN", cipher="CCMP", group="19"): params = {"ssid": "test-wpa2-pasn", "wpa_passphrase": "12345678", @@ -47,9 +52,13 @@ def start_pasn_ap(apdev, params): raise HwsimSkip("PASN not supported") raise -def check_pasn_ptk(dev, hapd, cipher, fail_ptk=False, clear_keys=True): +def check_pasn_ptk(dev, hapd, cipher, fail_ptk=False, clear_keys=True, + own_addr=None): sta_ptksa = dev.get_ptksa(hapd.own_addr(), cipher) - ap_ptksa = hapd.get_ptksa(dev.own_addr(), cipher) + if own_addr is None: + ap_ptksa = hapd.get_ptksa(dev.own_addr(), cipher) + else: + ap_ptksa = hapd.get_ptksa(own_addr, cipher) if not (sta_ptksa and ap_ptksa): if fail_ptk: @@ -64,24 +73,33 @@ def check_pasn_ptk(dev, hapd, cipher, fail_ptk=False, clear_keys=True): elif fail_ptk: raise Exception("TK/KDK match although key derivation should have failed") elif clear_keys: - cmd = "PASN_DEAUTH bssid=%s" % hapd.own_addr() + if own_addr is None: + cmd = "PASN_DEAUTH bssid=%s" % hapd.own_addr() + else: + cmd = "PASN_DEAUTH bssid=%s own_addr=%s" % (hapd.own_addr(), own_addr) dev.request(cmd) # Wait a little to let the AP process the deauth time.sleep(0.2) sta_ptksa = dev.get_ptksa(hapd.own_addr(), cipher) - ap_ptksa = hapd.get_ptksa(dev.own_addr(), cipher) + if own_addr is None: + ap_ptksa = hapd.get_ptksa(dev.own_addr(), cipher) + else: + ap_ptksa = hapd.get_ptksa(own_addr, cipher) if sta_ptksa or ap_ptksa: raise Exception("TK/KDK not deleted as expected") def check_pasn_akmp_cipher(dev, hapd, akmp="PASN", cipher="CCMP", group="19", status=0, fail=0, nid="", - fail_ptk=False): + fail_ptk=False, own_addr=None): dev.flush_scan_cache() dev.scan(type="ONLY", freq=2412) - cmd = "PASN_START bssid=%s akmp=%s cipher=%s group=%s" % (hapd.own_addr(), akmp, cipher, group) + if own_addr is None: + cmd = "PASN_START bssid=%s akmp=%s cipher=%s group=%s" % (hapd.own_addr(), akmp, cipher, group) + else: + cmd = "PASN_START bssid=%s own_addr=%s akmp=%s cipher=%s group=%s" % (hapd.own_addr(), own_addr, akmp, cipher, group) if nid != "": cmd += " nid=%s" % nid @@ -106,7 +124,10 @@ def check_pasn_akmp_cipher(dev, hapd, akmp="PASN", cipher="CCMP", if status: return - check_pasn_ptk(dev, hapd, cipher, fail_ptk) + if own_addr is None: + check_pasn_ptk(dev, hapd, cipher, fail_ptk) + else: + check_pasn_ptk(dev, hapd, cipher, fail_ptk, own_addr=own_addr) @remote_compatible def test_pasn_ccmp(dev, apdev): @@ -852,3 +873,13 @@ def test_pasn_kdk_derivation(dev, apdev): check_pasn_akmp_cipher(dev[0], hapd1, "PASN", "CCMP") finally: dev[0].set("force_kdk_derivation", "0") + +def test_pasn_random_mac(dev, apdev): + """PASN authentication with random mac address""" + check_pasn_capab(dev[0]) + check_pasn_random_ta_capab(dev[0]) + + params = pasn_ap_params("PASN", "CCMP", "19") + hapd = start_pasn_ap(apdev[0], params) + + check_pasn_akmp_cipher(dev[0], hapd, "PASN", "CCMP", own_addr="aa:cd:ef:ab:cd:ef")