aboutsummaryrefslogtreecommitdiffstats
path: root/tests/cipher-and-key-mgmt-testing.txt
diff options
context:
space:
mode:
authorJouni Malinen <jouni@qca.qualcomm.com>2017-10-20 15:18:53 (GMT)
committerJouni Malinen <j@w1.fi>2017-10-20 17:32:36 (GMT)
commit6e3027a57ecbf4c4bbfaf0b43a8f4117ffbef74f (patch)
tree080ebf16a131ffbb5ad170f176fa17fe5e0986a4 /tests/cipher-and-key-mgmt-testing.txt
parent3d0fb95583de4f86bfba0153195b84b476a0deaa (diff)
downloadhostap-6e3027a57ecbf4c4bbfaf0b43a8f4117ffbef74f.zip
hostap-6e3027a57ecbf4c4bbfaf0b43a8f4117ffbef74f.tar.gz
hostap-6e3027a57ecbf4c4bbfaf0b43a8f4117ffbef74f.tar.bz2
Fix the notes on EAPOL-Key testing procedures
The extra sanity check for replay protection in these procedures ended up breaking the tests. RESET_PN cannot be used before RESEND_* commands since that would prevent the DUT from accepting the retransmitted EAPOL-Key frames. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Diffstat (limited to 'tests/cipher-and-key-mgmt-testing.txt')
-rw-r--r--tests/cipher-and-key-mgmt-testing.txt39
1 files changed, 6 insertions, 33 deletions
diff --git a/tests/cipher-and-key-mgmt-testing.txt b/tests/cipher-and-key-mgmt-testing.txt
index 5030ca8..1b93b77 100644
--- a/tests/cipher-and-key-mgmt-testing.txt
+++ b/tests/cipher-and-key-mgmt-testing.txt
@@ -236,19 +236,10 @@ the following hostapd_cli commands:
Test broadcast connectivity; should work
-> raw RESET_PN ff:ff:ff:ff:ff:ff
-OK
-
-Test broadcast connectivity; should not work; if it does, replay
-protection is completely broken and the following step cannot be
-executed reliably. The following command needs to be run before there
-has been large enough number of new frames to increment the PN on the
-test tool. It would also be possible to execute "raw RESET_PN
-ff:ff:ff:ff:ff:ff" again after the initial sanity testing to get back to
-PN 0 for the next step.
-
> raw RESEND_GROUP_M1 <DUT MAC address>
OK
+> raw RESET_PN ff:ff:ff:ff:ff:ff
+OK
Test broadcast connectivity; should not work; if it does, the device
does not implement protection for delayed retransmission of Group Key
@@ -263,19 +254,10 @@ broadcast traffic, but with the following hostapd_cli commands:
Test broadcast connectivity; should work
-> raw RESET_PN ff:ff:ff:ff:ff:ff
-OK
-
-Test broadcast connectivity; should not work; if it does, replay
-protection is completely broken and the following step cannot be
-executed reliably. The following command needs to be run before there
-has been large enough number of new frames to increment the PN on the
-test tool. It would also be possible to execute "raw RESET_PN
-ff:ff:ff:ff:ff:ff" again after the initial sanity testing to get back to
-PN 0 for the next step.
-
> raw RESEND_M3 <DUT MAC address>
OK
+> raw RESET_PN ff:ff:ff:ff:ff:ff
+OK
Test broadcast connectivity; should not work; if it does, the device
does not implement protection for delayed retransmission of 4-way
@@ -310,19 +292,10 @@ unicast traffic, but with the following hostapd_cli commands:
Test unicast connectivity; should work
-> raw RESET_PN <DUT MAC address>
-OK
-
-Test unicast connectivity; should not work; if it does, replay
-protection is completely broken and the following step cannot be
-executed reliably. The following command needs to be run before there
-has been large enough number of new frames to increment the PN on the
-test tool. It would also be possible to execute "raw RESET_PN <DUT MAC
-address>" again after the initial sanity testing to get back to PN 0 for
-the next step.
-
> raw RESEND_M3 <DUT MAC address>
OK
+> raw RESET_PN <DUT MAC address>
+OK
Test unicast connectivity; should not work; if it does, the device
does not implement protection for delayed retransmission of 4-way