]>
Commit | Line | Data |
---|---|---|
cd7f1b9a | 1 | # Fast BSS Transition tests |
02a4ac0f | 2 | # Copyright (c) 2013-2019, Jouni Malinen <j@w1.fi> |
cd7f1b9a JM |
3 | # |
4 | # This software may be distributed under the terms of the BSD license. | |
5 | # See README for more details. | |
6 | ||
9fd6804d | 7 | from remotehost import remote_compatible |
5b3c40a6 JM |
8 | import binascii |
9 | import os | |
cd7f1b9a | 10 | import time |
cd7f1b9a | 11 | import logging |
c9aa4308 | 12 | logger = logging.getLogger() |
02a4ac0f | 13 | import signal |
c8942286 | 14 | import struct |
02a4ac0f | 15 | import subprocess |
cd7f1b9a JM |
16 | |
17 | import hwsim_utils | |
02a4ac0f | 18 | from hwsim import HWSimRadio |
cd7f1b9a | 19 | import hostapd |
d7f0bef9 | 20 | from tshark import run_tshark |
681e8495 | 21 | from utils import * |
cd7f1b9a | 22 | from wlantest import Wlantest |
5b3c40a6 | 23 | from test_ap_psk import check_mib, find_wpas_process, read_process_memory, verify_not_present, get_key_locations |
392aba4e | 24 | from test_rrm import check_beacon_req |
e1923f5b | 25 | from test_suite_b import check_suite_b_192_capa |
cd7f1b9a JM |
26 | |
27 | def ft_base_rsn(): | |
fab49f61 JM |
28 | params = {"wpa": "2", |
29 | "wpa_key_mgmt": "FT-PSK", | |
30 | "rsn_pairwise": "CCMP"} | |
cd7f1b9a JM |
31 | return params |
32 | ||
33 | def ft_base_mixed(): | |
fab49f61 JM |
34 | params = {"wpa": "3", |
35 | "wpa_key_mgmt": "WPA-PSK FT-PSK", | |
36 | "wpa_pairwise": "TKIP", | |
37 | "rsn_pairwise": "CCMP"} | |
cd7f1b9a JM |
38 | return params |
39 | ||
40 | def ft_params(rsn=True, ssid=None, passphrase=None): | |
41 | if rsn: | |
42 | params = ft_base_rsn() | |
43 | else: | |
44 | params = ft_base_mixed() | |
45 | if ssid: | |
46 | params["ssid"] = ssid | |
47 | if passphrase: | |
48 | params["wpa_passphrase"] = passphrase | |
49 | ||
50 | params["mobility_domain"] = "a1b2" | |
51 | params["r0_key_lifetime"] = "10000" | |
52 | params["pmk_r1_push"] = "1" | |
53 | params["reassociation_deadline"] = "1000" | |
54 | return params | |
55 | ||
d0175d6e | 56 | def ft_params1a(rsn=True, ssid=None, passphrase=None): |
cd7f1b9a JM |
57 | params = ft_params(rsn, ssid, passphrase) |
58 | params['nas_identifier'] = "nas1.w1.fi" | |
59 | params['r1_key_holder'] = "000102030405" | |
d0175d6e MB |
60 | return params |
61 | ||
942b52a8 | 62 | def ft_params1(rsn=True, ssid=None, passphrase=None, discovery=False): |
d0175d6e | 63 | params = ft_params1a(rsn, ssid, passphrase) |
942b52a8 MB |
64 | if discovery: |
65 | params['r0kh'] = "ff:ff:ff:ff:ff:ff * 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f" | |
66 | params['r1kh'] = "00:00:00:00:00:00 00:00:00:00:00:00 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f" | |
67 | else: | |
fab49f61 JM |
68 | params['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f", |
69 | "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"] | |
942b52a8 | 70 | params['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f" |
cd7f1b9a JM |
71 | return params |
72 | ||
c95dd8e4 JM |
73 | def ft_params1_old_key(rsn=True, ssid=None, passphrase=None): |
74 | params = ft_params1a(rsn, ssid, passphrase) | |
fab49f61 JM |
75 | params['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f", |
76 | "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f"] | |
c95dd8e4 JM |
77 | params['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f" |
78 | return params | |
79 | ||
d0175d6e | 80 | def ft_params2a(rsn=True, ssid=None, passphrase=None): |
cd7f1b9a JM |
81 | params = ft_params(rsn, ssid, passphrase) |
82 | params['nas_identifier'] = "nas2.w1.fi" | |
83 | params['r1_key_holder'] = "000102030406" | |
d0175d6e MB |
84 | return params |
85 | ||
942b52a8 | 86 | def ft_params2(rsn=True, ssid=None, passphrase=None, discovery=False): |
d0175d6e | 87 | params = ft_params2a(rsn, ssid, passphrase) |
942b52a8 MB |
88 | if discovery: |
89 | params['r0kh'] = "ff:ff:ff:ff:ff:ff * 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f" | |
90 | params['r1kh'] = "00:00:00:00:00:00 00:00:00:00:00:00 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f" | |
91 | else: | |
fab49f61 JM |
92 | params['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f", |
93 | "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f"] | |
942b52a8 | 94 | params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f" |
cd7f1b9a JM |
95 | return params |
96 | ||
c95dd8e4 JM |
97 | def ft_params2_old_key(rsn=True, ssid=None, passphrase=None): |
98 | params = ft_params2a(rsn, ssid, passphrase) | |
fab49f61 JM |
99 | params['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f", |
100 | "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f"] | |
c95dd8e4 JM |
101 | params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f" |
102 | return params | |
103 | ||
3b808945 JM |
104 | def ft_params1_r0kh_mismatch(rsn=True, ssid=None, passphrase=None): |
105 | params = ft_params(rsn, ssid, passphrase) | |
106 | params['nas_identifier'] = "nas1.w1.fi" | |
107 | params['r1_key_holder'] = "000102030405" | |
fab49f61 JM |
108 | params['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f", |
109 | "12:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"] | |
9441a227 | 110 | params['r1kh'] = "12:00:00:00:04:00 10:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f" |
3b808945 JM |
111 | return params |
112 | ||
113 | def ft_params2_incorrect_rrb_key(rsn=True, ssid=None, passphrase=None): | |
114 | params = ft_params(rsn, ssid, passphrase) | |
115 | params['nas_identifier'] = "nas2.w1.fi" | |
116 | params['r1_key_holder'] = "000102030406" | |
fab49f61 JM |
117 | params['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0ef1200102030405060708090a0b0c0d0ef1", |
118 | "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0ef2000102030405060708090a0b0c0d0ef2"] | |
9441a227 | 119 | params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0ef3300102030405060708090a0b0c0d0ef3" |
3b808945 JM |
120 | return params |
121 | ||
122 | def ft_params2_r0kh_mismatch(rsn=True, ssid=None, passphrase=None): | |
123 | params = ft_params(rsn, ssid, passphrase) | |
124 | params['nas_identifier'] = "nas2.w1.fi" | |
125 | params['r1_key_holder'] = "000102030406" | |
fab49f61 JM |
126 | params['r0kh'] = ["12:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f", |
127 | "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f"] | |
9441a227 | 128 | params['r1kh'] = "12:00:00:00:03:00 10:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f" |
3b808945 JM |
129 | return params |
130 | ||
7b741a53 JM |
131 | def run_roams(dev, apdev, hapd0, hapd1, ssid, passphrase, over_ds=False, |
132 | sae=False, eap=False, fail_test=False, roams=1, | |
fd7205fa | 133 | pairwise_cipher="CCMP", group_cipher="TKIP CCMP", ptk_rekey="0", |
473e5176 | 134 | test_connectivity=True, eap_identity="gpsk user", conndev=False, |
ffcaca68 | 135 | force_initial_conn_to_first_ap=False, sha384=False, |
3d5b88b5 | 136 | group_mgmt=None, ocv=None, sae_password=None, |
659f7954 | 137 | sae_password_id=None, sae_and_psk=False, pmksa_caching=False, |
5916637c | 138 | roam_with_reassoc=False, also_non_ft=False, only_one_way=False, |
30998360 | 139 | wait_before_roam=0, return_after_initial=False, ieee80211w="1"): |
cd7f1b9a | 140 | logger.info("Connect to first AP") |
473e5176 MB |
141 | |
142 | copts = {} | |
143 | copts["proto"] = "WPA2" | |
30998360 | 144 | copts["ieee80211w"] = ieee80211w |
473e5176 MB |
145 | copts["scan_freq"] = "2412" |
146 | copts["pairwise"] = pairwise_cipher | |
fab49f61 | 147 | copts["group"] = group_cipher |
473e5176 | 148 | copts["wpa_ptk_rekey"] = ptk_rekey |
ffcaca68 JM |
149 | if group_mgmt: |
150 | copts["group_mgmt"] = group_mgmt | |
e63d8837 MV |
151 | if ocv: |
152 | copts["ocv"] = ocv | |
6f62809b | 153 | if eap: |
9ff2b85e JM |
154 | if pmksa_caching: |
155 | copts["ft_eap_pmksa_caching"] = "1" | |
659f7954 JM |
156 | if also_non_ft: |
157 | copts["key_mgmt"] = "WPA-EAP-SUITE-B-192 FT-EAP-SHA384" if sha384 else "WPA-EAP FT-EAP" | |
158 | else: | |
159 | copts["key_mgmt"] = "FT-EAP-SHA384" if sha384 else "FT-EAP" | |
473e5176 MB |
160 | copts["eap"] = "GPSK" |
161 | copts["identity"] = eap_identity | |
162 | copts["password"] = "abcdefghijklmnop0123456789abcdef" | |
6e658cc4 | 163 | else: |
6f62809b | 164 | if sae: |
cdf53910 | 165 | copts["key_mgmt"] = "SAE FT-SAE" if sae_and_psk else "FT-SAE" |
6f62809b | 166 | else: |
473e5176 | 167 | copts["key_mgmt"] = "FT-PSK" |
3d5b88b5 JM |
168 | if passphrase: |
169 | copts["psk"] = passphrase | |
170 | if sae_password: | |
171 | copts["sae_password"] = sae_password | |
172 | if sae_password_id: | |
173 | copts["sae_password_id"] = sae_password_id | |
473e5176 MB |
174 | if force_initial_conn_to_first_ap: |
175 | copts["bssid"] = apdev[0]['bssid'] | |
659f7954 | 176 | netw = dev.connect(ssid, **copts) |
1211031a | 177 | if pmksa_caching: |
9f47fdb6 JM |
178 | if dev.get_status_field('bssid') == apdev[0]['bssid']: |
179 | hapd0.wait_sta() | |
180 | else: | |
181 | hapd1.wait_sta() | |
1211031a JM |
182 | dev.request("DISCONNECT") |
183 | dev.wait_disconnected() | |
184 | dev.request("RECONNECT") | |
9ff2b85e JM |
185 | ev = dev.wait_event(["CTRL-EVENT-CONNECTED", |
186 | "CTRL-EVENT-DISCONNECTED", | |
187 | "CTRL-EVENT-EAP-STARTED"], | |
1211031a JM |
188 | timeout=15) |
189 | if ev is None: | |
190 | raise Exception("Reconnect timed out") | |
191 | if "CTRL-EVENT-DISCONNECTED" in ev: | |
192 | raise Exception("Unexpected disconnection after RECONNECT") | |
9ff2b85e JM |
193 | if "CTRL-EVENT-EAP-STARTED" in ev: |
194 | raise Exception("Unexpected EAP start after RECONNECT") | |
473e5176 | 195 | |
cd7f1b9a JM |
196 | if dev.get_status_field('bssid') == apdev[0]['bssid']: |
197 | ap1 = apdev[0] | |
198 | ap2 = apdev[1] | |
a8375c94 JM |
199 | hapd1ap = hapd0 |
200 | hapd2ap = hapd1 | |
cd7f1b9a JM |
201 | else: |
202 | ap1 = apdev[1] | |
203 | ap2 = apdev[0] | |
a8375c94 JM |
204 | hapd1ap = hapd1 |
205 | hapd2ap = hapd0 | |
fd7205fa | 206 | if test_connectivity: |
938c6e7b | 207 | hapd1ap.wait_sta() |
9c50a6d3 MB |
208 | if conndev: |
209 | hwsim_utils.test_connectivity_iface(dev, hapd1ap, conndev) | |
210 | else: | |
211 | hwsim_utils.test_connectivity(dev, hapd1ap) | |
cd7f1b9a | 212 | |
5916637c JM |
213 | if return_after_initial: |
214 | return ap2['bssid'] | |
215 | ||
216 | if wait_before_roam: | |
217 | time.sleep(wait_before_roam) | |
655bc8bf | 218 | dev.scan_for_bss(ap2['bssid'], freq="2412") |
40602101 JM |
219 | |
220 | for i in range(0, roams): | |
e0382291 MB |
221 | # Roaming artificially fast can make data test fail because the key is |
222 | # set later. | |
223 | time.sleep(0.01) | |
40602101 | 224 | logger.info("Roam to the second AP") |
659f7954 JM |
225 | if roam_with_reassoc: |
226 | dev.set_network(netw, "bssid", ap2['bssid']) | |
227 | dev.request("REASSOCIATE") | |
228 | dev.wait_connected() | |
229 | elif over_ds: | |
40602101 JM |
230 | dev.roam_over_ds(ap2['bssid'], fail_test=fail_test) |
231 | else: | |
232 | dev.roam(ap2['bssid'], fail_test=fail_test) | |
233 | if fail_test: | |
234 | return | |
235 | if dev.get_status_field('bssid') != ap2['bssid']: | |
236 | raise Exception("Did not connect to correct AP") | |
fd7205fa | 237 | if (i == 0 or i == roams - 1) and test_connectivity: |
938c6e7b | 238 | hapd2ap.wait_sta() |
9c50a6d3 MB |
239 | if conndev: |
240 | hwsim_utils.test_connectivity_iface(dev, hapd2ap, conndev) | |
241 | else: | |
242 | hwsim_utils.test_connectivity(dev, hapd2ap) | |
40602101 | 243 | |
425e5f97 JM |
244 | if only_one_way: |
245 | return | |
e0382291 MB |
246 | # Roaming artificially fast can make data test fail because the key is |
247 | # set later. | |
248 | time.sleep(0.01) | |
40602101 | 249 | logger.info("Roam back to the first AP") |
659f7954 JM |
250 | if roam_with_reassoc: |
251 | dev.set_network(netw, "bssid", ap1['bssid']) | |
252 | dev.request("REASSOCIATE") | |
253 | dev.wait_connected() | |
254 | elif over_ds: | |
40602101 JM |
255 | dev.roam_over_ds(ap1['bssid']) |
256 | else: | |
257 | dev.roam(ap1['bssid']) | |
258 | if dev.get_status_field('bssid') != ap1['bssid']: | |
259 | raise Exception("Did not connect to correct AP") | |
fd7205fa | 260 | if (i == 0 or i == roams - 1) and test_connectivity: |
938c6e7b | 261 | hapd1ap.wait_sta() |
9c50a6d3 MB |
262 | if conndev: |
263 | hwsim_utils.test_connectivity_iface(dev, hapd1ap, conndev) | |
264 | else: | |
265 | hwsim_utils.test_connectivity(dev, hapd1ap) | |
cd7f1b9a JM |
266 | |
267 | def test_ap_ft(dev, apdev): | |
268 | """WPA2-PSK-FT AP""" | |
269 | ssid = "test-ft" | |
fab49f61 | 270 | passphrase = "12345678" |
cd7f1b9a JM |
271 | |
272 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 273 | hapd0 = hostapd.add_ap(apdev[0], params) |
cd7f1b9a | 274 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
8b8a1864 | 275 | hapd1 = hostapd.add_ap(apdev[1], params) |
cd7f1b9a | 276 | |
a8375c94 | 277 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase) |
91bc6c36 JM |
278 | if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"): |
279 | raise Exception("Scan results missing RSN element info") | |
cd7f1b9a | 280 | |
c95dd8e4 JM |
281 | def test_ap_ft_old_key(dev, apdev): |
282 | """WPA2-PSK-FT AP (old key)""" | |
283 | ssid = "test-ft" | |
fab49f61 | 284 | passphrase = "12345678" |
c95dd8e4 JM |
285 | |
286 | params = ft_params1_old_key(ssid=ssid, passphrase=passphrase) | |
287 | hapd0 = hostapd.add_ap(apdev[0], params) | |
288 | params = ft_params2_old_key(ssid=ssid, passphrase=passphrase) | |
289 | hapd1 = hostapd.add_ap(apdev[1], params) | |
290 | ||
291 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase) | |
292 | ||
e4612f84 JM |
293 | def test_ap_ft_multi_akm(dev, apdev): |
294 | """WPA2-PSK-FT AP with non-FT AKMs enabled""" | |
295 | ssid = "test-ft" | |
fab49f61 | 296 | passphrase = "12345678" |
e4612f84 JM |
297 | |
298 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
299 | params["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256" | |
300 | hapd0 = hostapd.add_ap(apdev[0], params) | |
301 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
302 | params["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256" | |
303 | hapd1 = hostapd.add_ap(apdev[1], params) | |
304 | ||
305 | Wlantest.setup(hapd0) | |
306 | wt = Wlantest() | |
307 | wt.flush() | |
308 | wt.add_passphrase(passphrase) | |
309 | ||
310 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase) | |
311 | if "[WPA2-PSK+FT/PSK+PSK-SHA256-CCMP]" not in dev[0].request("SCAN_RESULTS"): | |
312 | raise Exception("Scan results missing RSN element info") | |
313 | dev[1].connect(ssid, psk=passphrase, scan_freq="2412") | |
314 | dev[2].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK-SHA256", | |
315 | scan_freq="2412") | |
316 | ||
d0175d6e MB |
317 | def test_ap_ft_local_key_gen(dev, apdev): |
318 | """WPA2-PSK-FT AP with local key generation (without pull/push)""" | |
319 | ssid = "test-ft" | |
fab49f61 | 320 | passphrase = "12345678" |
d0175d6e MB |
321 | |
322 | params = ft_params1a(ssid=ssid, passphrase=passphrase) | |
58be42b2 | 323 | params['ft_psk_generate_local'] = "1" |
8344ba12 | 324 | del params['pmk_r1_push'] |
b098542c | 325 | hapd0 = hostapd.add_ap(apdev[0], params) |
d0175d6e | 326 | params = ft_params2a(ssid=ssid, passphrase=passphrase) |
58be42b2 | 327 | params['ft_psk_generate_local'] = "1" |
8344ba12 | 328 | del params['pmk_r1_push'] |
b098542c | 329 | hapd1 = hostapd.add_ap(apdev[1], params) |
d0175d6e MB |
330 | |
331 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase) | |
332 | if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"): | |
333 | raise Exception("Scan results missing RSN element info") | |
334 | ||
473e5176 MB |
335 | def test_ap_ft_vlan(dev, apdev): |
336 | """WPA2-PSK-FT AP with VLAN""" | |
337 | ssid = "test-ft" | |
fab49f61 | 338 | passphrase = "12345678" |
4d148384 JD |
339 | filename = hostapd.acl_file(dev, apdev, 'hostapd.accept') |
340 | hostapd.send_file(apdev[0], filename, filename) | |
341 | hostapd.send_file(apdev[1], filename, filename) | |
473e5176 MB |
342 | |
343 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
58be42b2 | 344 | params['dynamic_vlan'] = "1" |
4d148384 | 345 | params['accept_mac_file'] = filename |
473e5176 MB |
346 | hapd0 = hostapd.add_ap(apdev[0]['ifname'], params) |
347 | ||
348 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
58be42b2 | 349 | params['dynamic_vlan'] = "1" |
4d148384 | 350 | params['accept_mac_file'] = filename |
473e5176 MB |
351 | hapd1 = hostapd.add_ap(apdev[1]['ifname'], params) |
352 | ||
353 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, conndev="brvlan1") | |
354 | if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"): | |
355 | raise Exception("Scan results missing RSN element info") | |
af9d8c75 JM |
356 | if filename.startswith('/tmp/'): |
357 | os.unlink(filename) | |
473e5176 MB |
358 | |
359 | def test_ap_ft_vlan_disconnected(dev, apdev): | |
360 | """WPA2-PSK-FT AP with VLAN and local key generation""" | |
361 | ssid = "test-ft" | |
fab49f61 | 362 | passphrase = "12345678" |
4d148384 JD |
363 | filename = hostapd.acl_file(dev, apdev, 'hostapd.accept') |
364 | hostapd.send_file(apdev[0], filename, filename) | |
365 | hostapd.send_file(apdev[1], filename, filename) | |
473e5176 MB |
366 | |
367 | params = ft_params1a(ssid=ssid, passphrase=passphrase) | |
58be42b2 | 368 | params['dynamic_vlan'] = "1" |
4d148384 | 369 | params['accept_mac_file'] = filename |
58be42b2 | 370 | params['ft_psk_generate_local'] = "1" |
473e5176 MB |
371 | hapd0 = hostapd.add_ap(apdev[0]['ifname'], params) |
372 | ||
373 | params = ft_params2a(ssid=ssid, passphrase=passphrase) | |
58be42b2 | 374 | params['dynamic_vlan'] = "1" |
4d148384 | 375 | params['accept_mac_file'] = filename |
58be42b2 | 376 | params['ft_psk_generate_local'] = "1" |
473e5176 MB |
377 | hapd1 = hostapd.add_ap(apdev[1]['ifname'], params) |
378 | ||
379 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, conndev="brvlan1") | |
380 | if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"): | |
381 | raise Exception("Scan results missing RSN element info") | |
af9d8c75 JM |
382 | if filename.startswith('/tmp/'): |
383 | os.unlink(filename) | |
473e5176 MB |
384 | |
385 | def test_ap_ft_vlan_2(dev, apdev): | |
386 | """WPA2-PSK-FT AP with VLAN and dest-AP does not have VLAN info locally""" | |
387 | ssid = "test-ft" | |
fab49f61 | 388 | passphrase = "12345678" |
4d148384 JD |
389 | filename = hostapd.acl_file(dev, apdev, 'hostapd.accept') |
390 | hostapd.send_file(apdev[0], filename, filename) | |
473e5176 MB |
391 | |
392 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
58be42b2 | 393 | params['dynamic_vlan'] = "1" |
4d148384 | 394 | params['accept_mac_file'] = filename |
473e5176 MB |
395 | hapd0 = hostapd.add_ap(apdev[0]['ifname'], params) |
396 | ||
397 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
58be42b2 | 398 | params['dynamic_vlan'] = "1" |
473e5176 MB |
399 | hapd1 = hostapd.add_ap(apdev[1]['ifname'], params) |
400 | ||
401 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, conndev="brvlan1", | |
e0d9f5fc | 402 | force_initial_conn_to_first_ap=True) |
473e5176 MB |
403 | if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"): |
404 | raise Exception("Scan results missing RSN element info") | |
af9d8c75 JM |
405 | if filename.startswith('/tmp/'): |
406 | os.unlink(filename) | |
473e5176 | 407 | |
40602101 JM |
408 | def test_ap_ft_many(dev, apdev): |
409 | """WPA2-PSK-FT AP multiple times""" | |
410 | ssid = "test-ft" | |
fab49f61 | 411 | passphrase = "12345678" |
40602101 JM |
412 | |
413 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 414 | hapd0 = hostapd.add_ap(apdev[0], params) |
40602101 | 415 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
8b8a1864 | 416 | hapd1 = hostapd.add_ap(apdev[1], params) |
40602101 | 417 | |
a8375c94 | 418 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, roams=50) |
40602101 | 419 | |
473e5176 MB |
420 | def test_ap_ft_many_vlan(dev, apdev): |
421 | """WPA2-PSK-FT AP with VLAN multiple times""" | |
422 | ssid = "test-ft" | |
fab49f61 | 423 | passphrase = "12345678" |
4d148384 JD |
424 | filename = hostapd.acl_file(dev, apdev, 'hostapd.accept') |
425 | hostapd.send_file(apdev[0], filename, filename) | |
426 | hostapd.send_file(apdev[1], filename, filename) | |
473e5176 MB |
427 | |
428 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
58be42b2 | 429 | params['dynamic_vlan'] = "1" |
4d148384 | 430 | params['accept_mac_file'] = filename |
473e5176 MB |
431 | hapd0 = hostapd.add_ap(apdev[0]['ifname'], params) |
432 | ||
433 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
58be42b2 | 434 | params['dynamic_vlan'] = "1" |
4d148384 | 435 | params['accept_mac_file'] = filename |
473e5176 MB |
436 | hapd1 = hostapd.add_ap(apdev[1]['ifname'], params) |
437 | ||
438 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, roams=50, | |
439 | conndev="brvlan1") | |
af9d8c75 JM |
440 | if filename.startswith('/tmp/'): |
441 | os.unlink(filename) | |
473e5176 | 442 | |
cd7f1b9a JM |
443 | def test_ap_ft_mixed(dev, apdev): |
444 | """WPA2-PSK-FT mixed-mode AP""" | |
445 | ssid = "test-ft-mixed" | |
fab49f61 | 446 | passphrase = "12345678" |
cd7f1b9a JM |
447 | |
448 | params = ft_params1(rsn=False, ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 449 | hapd = hostapd.add_ap(apdev[0], params) |
65038313 JM |
450 | key_mgmt = hapd.get_config()['key_mgmt'] |
451 | vals = key_mgmt.split(' ') | |
452 | if vals[0] != "WPA-PSK" or vals[1] != "FT-PSK": | |
453 | raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt) | |
cd7f1b9a | 454 | params = ft_params2(rsn=False, ssid=ssid, passphrase=passphrase) |
8b8a1864 | 455 | hapd1 = hostapd.add_ap(apdev[1], params) |
cd7f1b9a | 456 | |
a8375c94 | 457 | run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase) |
cd7f1b9a JM |
458 | |
459 | def test_ap_ft_pmf(dev, apdev): | |
460 | """WPA2-PSK-FT AP with PMF""" | |
30998360 JM |
461 | run_ap_ft_pmf(dev, apdev, "1") |
462 | ||
463 | def test_ap_ft_pmf_over_ds(dev, apdev): | |
464 | """WPA2-PSK-FT AP with PMF (over DS)""" | |
465 | run_ap_ft_pmf(dev, apdev, "1", over_ds=True) | |
466 | ||
467 | def test_ap_ft_pmf_required(dev, apdev): | |
468 | """WPA2-PSK-FT AP with PMF required on STA""" | |
469 | run_ap_ft_pmf(dev, apdev, "2") | |
470 | ||
471 | def test_ap_ft_pmf_required_over_ds(dev, apdev): | |
472 | """WPA2-PSK-FT AP with PMF required on STA (over DS)""" | |
473 | run_ap_ft_pmf(dev, apdev, "2", over_ds=True) | |
474 | ||
475 | def run_ap_ft_pmf(dev, apdev, ieee80211w, over_ds=False): | |
cd7f1b9a | 476 | ssid = "test-ft" |
fab49f61 | 477 | passphrase = "12345678" |
cd7f1b9a JM |
478 | |
479 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
bc6e3288 | 480 | params["ieee80211w"] = "2" |
8b8a1864 | 481 | hapd0 = hostapd.add_ap(apdev[0], params) |
cd7f1b9a | 482 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
bc6e3288 | 483 | params["ieee80211w"] = "2" |
8b8a1864 | 484 | hapd1 = hostapd.add_ap(apdev[1], params) |
cd7f1b9a | 485 | |
dbddbf16 JM |
486 | Wlantest.setup(hapd0) |
487 | wt = Wlantest() | |
488 | wt.flush() | |
489 | wt.add_passphrase(passphrase) | |
490 | ||
30998360 JM |
491 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, |
492 | ieee80211w=ieee80211w, over_ds=over_ds) | |
493 | ||
494 | def test_ap_ft_pmf_required_mismatch(dev, apdev): | |
495 | """WPA2-PSK-FT AP with PMF required on STA but AP2 not enabling PMF""" | |
496 | run_ap_ft_pmf_required_mismatch(dev, apdev) | |
497 | ||
498 | def test_ap_ft_pmf_required_mismatch_over_ds(dev, apdev): | |
499 | """WPA2-PSK-FT AP with PMF required on STA but AP2 not enabling PMF (over DS)""" | |
500 | run_ap_ft_pmf_required_mismatch(dev, apdev, over_ds=True) | |
501 | ||
502 | def run_ap_ft_pmf_required_mismatch(dev, apdev, over_ds=False): | |
503 | ssid = "test-ft" | |
504 | passphrase = "12345678" | |
505 | ||
506 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
507 | params["ieee80211w"] = "2" | |
508 | hapd0 = hostapd.add_ap(apdev[0], params) | |
509 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
510 | params["ieee80211w"] = "0" | |
511 | hapd1 = hostapd.add_ap(apdev[1], params) | |
512 | ||
513 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, ieee80211w="2", | |
514 | force_initial_conn_to_first_ap=True, fail_test=True, | |
515 | over_ds=over_ds) | |
b553eab1 | 516 | |
ffcaca68 JM |
517 | def test_ap_ft_pmf_bip_cmac_128(dev, apdev): |
518 | """WPA2-PSK-FT AP with PMF/BIP-CMAC-128""" | |
519 | run_ap_ft_pmf_bip(dev, apdev, "AES-128-CMAC") | |
520 | ||
521 | def test_ap_ft_pmf_bip_gmac_128(dev, apdev): | |
522 | """WPA2-PSK-FT AP with PMF/BIP-GMAC-128""" | |
523 | run_ap_ft_pmf_bip(dev, apdev, "BIP-GMAC-128") | |
524 | ||
525 | def test_ap_ft_pmf_bip_gmac_256(dev, apdev): | |
526 | """WPA2-PSK-FT AP with PMF/BIP-GMAC-256""" | |
527 | run_ap_ft_pmf_bip(dev, apdev, "BIP-GMAC-256") | |
528 | ||
529 | def test_ap_ft_pmf_bip_cmac_256(dev, apdev): | |
530 | """WPA2-PSK-FT AP with PMF/BIP-CMAC-256""" | |
531 | run_ap_ft_pmf_bip(dev, apdev, "BIP-CMAC-256") | |
532 | ||
533 | def run_ap_ft_pmf_bip(dev, apdev, cipher): | |
534 | if cipher not in dev[0].get_capability("group_mgmt"): | |
535 | raise HwsimSkip("Cipher %s not supported" % cipher) | |
536 | ||
537 | ssid = "test-ft" | |
fab49f61 | 538 | passphrase = "12345678" |
ffcaca68 JM |
539 | |
540 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
541 | params["ieee80211w"] = "2" | |
542 | params["group_mgmt_cipher"] = cipher | |
543 | hapd0 = hostapd.add_ap(apdev[0], params) | |
544 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
545 | params["ieee80211w"] = "2" | |
546 | params["group_mgmt_cipher"] = cipher | |
547 | hapd1 = hostapd.add_ap(apdev[1], params) | |
548 | ||
549 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, | |
550 | group_mgmt=cipher) | |
551 | ||
e63d8837 MV |
552 | def test_ap_ft_ocv(dev, apdev): |
553 | """WPA2-PSK-FT AP with OCV""" | |
554 | ssid = "test-ft" | |
fab49f61 | 555 | passphrase = "12345678" |
e63d8837 MV |
556 | |
557 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
558 | params["ieee80211w"] = "2" | |
559 | params["ocv"] = "1" | |
560 | try: | |
561 | hapd0 = hostapd.add_ap(apdev[0], params) | |
bab493b9 | 562 | except Exception as e: |
e63d8837 MV |
563 | if "Failed to set hostapd parameter ocv" in str(e): |
564 | raise HwsimSkip("OCV not supported") | |
565 | raise | |
566 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
567 | params["ieee80211w"] = "2" | |
568 | params["ocv"] = "1" | |
569 | hapd1 = hostapd.add_ap(apdev[1], params) | |
570 | ||
571 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, ocv="1") | |
572 | ||
b553eab1 JM |
573 | def test_ap_ft_over_ds(dev, apdev): |
574 | """WPA2-PSK-FT AP over DS""" | |
575 | ssid = "test-ft" | |
fab49f61 | 576 | passphrase = "12345678" |
b553eab1 JM |
577 | |
578 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 579 | hapd0 = hostapd.add_ap(apdev[0], params) |
b553eab1 | 580 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
8b8a1864 | 581 | hapd1 = hostapd.add_ap(apdev[1], params) |
b553eab1 | 582 | |
a8375c94 | 583 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True) |
fab49f61 JM |
584 | check_mib(dev[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"), |
585 | ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4")]) | |
b553eab1 | 586 | |
02a4ac0f JM |
587 | def cleanup_ap_ft_separate_hostapd(): |
588 | subprocess.call(["brctl", "delif", "br0ft", "veth0"], | |
589 | stderr=open('/dev/null', 'w')) | |
590 | subprocess.call(["brctl", "delif", "br1ft", "veth1"], | |
591 | stderr=open('/dev/null', 'w')) | |
592 | subprocess.call(["ip", "link", "del", "veth0"], | |
593 | stderr=open('/dev/null', 'w')) | |
594 | subprocess.call(["ip", "link", "del", "veth1"], | |
595 | stderr=open('/dev/null', 'w')) | |
fab49f61 | 596 | for ifname in ['br0ft', 'br1ft', 'br-ft']: |
02a4ac0f JM |
597 | subprocess.call(['ip', 'link', 'set', 'dev', ifname, 'down'], |
598 | stderr=open('/dev/null', 'w')) | |
599 | subprocess.call(['brctl', 'delbr', ifname], | |
600 | stderr=open('/dev/null', 'w')) | |
601 | ||
602 | def test_ap_ft_separate_hostapd(dev, apdev, params): | |
603 | """WPA2-PSK-FT AP and separate hostapd process""" | |
604 | try: | |
605 | run_ap_ft_separate_hostapd(dev, apdev, params, False) | |
606 | finally: | |
607 | cleanup_ap_ft_separate_hostapd() | |
608 | ||
609 | def test_ap_ft_over_ds_separate_hostapd(dev, apdev, params): | |
610 | """WPA2-PSK-FT AP over DS and separate hostapd process""" | |
611 | try: | |
612 | run_ap_ft_separate_hostapd(dev, apdev, params, True) | |
613 | finally: | |
614 | cleanup_ap_ft_separate_hostapd() | |
615 | ||
616 | def run_ap_ft_separate_hostapd(dev, apdev, params, over_ds): | |
617 | ssid = "test-ft" | |
fab49f61 | 618 | passphrase = "12345678" |
02a4ac0f JM |
619 | logdir = params['logdir'] |
620 | pidfile = os.path.join(logdir, 'ap_ft_over_ds_separate_hostapd.pid') | |
621 | logfile = os.path.join(logdir, 'ap_ft_over_ds_separate_hostapd.hapd') | |
622 | global_ctrl = '/var/run/hostapd-ft' | |
623 | br_ifname = 'br-ft' | |
624 | ||
625 | try: | |
626 | subprocess.check_call(['brctl', 'addbr', br_ifname]) | |
627 | subprocess.check_call(['brctl', 'setfd', br_ifname, '0']) | |
628 | subprocess.check_call(['ip', 'link', 'set', 'dev', br_ifname, 'up']) | |
629 | ||
fab49f61 JM |
630 | subprocess.check_call(["ip", "link", "add", "veth0", "type", "veth", |
631 | "peer", "name", "veth0br"]) | |
632 | subprocess.check_call(["ip", "link", "add", "veth1", "type", "veth", | |
633 | "peer", "name", "veth1br"]) | |
02a4ac0f JM |
634 | subprocess.check_call(['ip', 'link', 'set', 'dev', 'veth0br', 'up']) |
635 | subprocess.check_call(['ip', 'link', 'set', 'dev', 'veth1br', 'up']) | |
636 | subprocess.check_call(['brctl', 'addif', br_ifname, 'veth0br']) | |
637 | subprocess.check_call(['brctl', 'addif', br_ifname, 'veth1br']) | |
638 | ||
639 | subprocess.check_call(['brctl', 'addbr', 'br0ft']) | |
640 | subprocess.check_call(['brctl', 'setfd', 'br0ft', '0']) | |
641 | subprocess.check_call(['ip', 'link', 'set', 'dev', 'br0ft', 'up']) | |
642 | subprocess.check_call(['ip', 'link', 'set', 'dev', 'veth0', 'up']) | |
643 | subprocess.check_call(['brctl', 'addif', 'br0ft', 'veth0']) | |
644 | subprocess.check_call(['brctl', 'addbr', 'br1ft']) | |
645 | subprocess.check_call(['brctl', 'setfd', 'br1ft', '0']) | |
646 | subprocess.check_call(['ip', 'link', 'set', 'dev', 'br1ft', 'up']) | |
647 | subprocess.check_call(['ip', 'link', 'set', 'dev', 'veth1', 'up']) | |
648 | subprocess.check_call(['brctl', 'addif', 'br1ft', 'veth1']) | |
649 | except subprocess.CalledProcessError: | |
650 | raise HwsimSkip("Bridge or veth not supported (kernel CONFIG_VETH)") | |
651 | ||
652 | with HWSimRadio() as (radio, iface): | |
653 | prg = os.path.join(logdir, 'alt-hostapd/hostapd/hostapd') | |
654 | if not os.path.exists(prg): | |
655 | prg = '../../hostapd/hostapd' | |
fab49f61 JM |
656 | cmd = [prg, '-B', '-ddKt', |
657 | '-P', pidfile, '-f', logfile, '-g', global_ctrl] | |
02a4ac0f JM |
658 | subprocess.check_call(cmd) |
659 | ||
660 | hglobal = hostapd.HostapdGlobal(global_ctrl_override=global_ctrl) | |
fab49f61 JM |
661 | apdev_ft = {'ifname': iface} |
662 | apdev2 = [apdev_ft, apdev[1]] | |
02a4ac0f JM |
663 | |
664 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
665 | params["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff" | |
666 | params["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff" | |
667 | params['bridge'] = 'br0ft' | |
668 | hapd0 = hostapd.add_ap(apdev2[0], params, | |
669 | global_ctrl_override=global_ctrl) | |
670 | apdev2[0]['bssid'] = hapd0.own_addr() | |
671 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
672 | params["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff" | |
673 | params["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff" | |
674 | params['bridge'] = 'br1ft' | |
675 | hapd1 = hostapd.add_ap(apdev2[1], params) | |
676 | ||
677 | run_roams(dev[0], apdev2, hapd0, hapd1, ssid, passphrase, | |
6f291896 | 678 | over_ds=over_ds, test_connectivity=False, roams=2) |
02a4ac0f JM |
679 | |
680 | hglobal.terminate() | |
681 | ||
682 | if os.path.exists(pidfile): | |
683 | with open(pidfile, 'r') as f: | |
684 | pid = int(f.read()) | |
685 | f.close() | |
686 | os.kill(pid, signal.SIGTERM) | |
687 | ||
e63d8837 MV |
688 | def test_ap_ft_over_ds_ocv(dev, apdev): |
689 | """WPA2-PSK-FT AP over DS""" | |
690 | ssid = "test-ft" | |
fab49f61 | 691 | passphrase = "12345678" |
e63d8837 MV |
692 | |
693 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
694 | params["ieee80211w"] = "2" | |
695 | params["ocv"] = "1" | |
696 | try: | |
697 | hapd0 = hostapd.add_ap(apdev[0], params) | |
bab493b9 | 698 | except Exception as e: |
e63d8837 MV |
699 | if "Failed to set hostapd parameter ocv" in str(e): |
700 | raise HwsimSkip("OCV not supported") | |
701 | raise | |
702 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
703 | params["ieee80211w"] = "2" | |
704 | params["ocv"] = "1" | |
705 | hapd1 = hostapd.add_ap(apdev[1], params) | |
706 | ||
707 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, | |
708 | ocv="1") | |
709 | ||
55139acb JM |
710 | def test_ap_ft_over_ds_disabled(dev, apdev): |
711 | """WPA2-PSK-FT AP over DS disabled""" | |
712 | ssid = "test-ft" | |
fab49f61 | 713 | passphrase = "12345678" |
55139acb JM |
714 | |
715 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
716 | params['ft_over_ds'] = '0' | |
717 | hapd0 = hostapd.add_ap(apdev[0], params) | |
718 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
719 | params['ft_over_ds'] = '0' | |
720 | hapd1 = hostapd.add_ap(apdev[1], params) | |
721 | ||
722 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, | |
723 | fail_test=True) | |
724 | ||
473e5176 MB |
725 | def test_ap_ft_vlan_over_ds(dev, apdev): |
726 | """WPA2-PSK-FT AP over DS with VLAN""" | |
727 | ssid = "test-ft" | |
fab49f61 | 728 | passphrase = "12345678" |
4d148384 JD |
729 | filename = hostapd.acl_file(dev, apdev, 'hostapd.accept') |
730 | hostapd.send_file(apdev[0], filename, filename) | |
731 | hostapd.send_file(apdev[1], filename, filename) | |
473e5176 MB |
732 | |
733 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
58be42b2 | 734 | params['dynamic_vlan'] = "1" |
4d148384 | 735 | params['accept_mac_file'] = filename |
473e5176 MB |
736 | hapd0 = hostapd.add_ap(apdev[0]['ifname'], params) |
737 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
58be42b2 | 738 | params['dynamic_vlan'] = "1" |
4d148384 | 739 | params['accept_mac_file'] = filename |
473e5176 MB |
740 | hapd1 = hostapd.add_ap(apdev[1]['ifname'], params) |
741 | ||
742 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, | |
743 | conndev="brvlan1") | |
fab49f61 JM |
744 | check_mib(dev[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"), |
745 | ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4")]) | |
af9d8c75 JM |
746 | if filename.startswith('/tmp/'): |
747 | os.unlink(filename) | |
473e5176 | 748 | |
40602101 JM |
749 | def test_ap_ft_over_ds_many(dev, apdev): |
750 | """WPA2-PSK-FT AP over DS multiple times""" | |
751 | ssid = "test-ft" | |
fab49f61 | 752 | passphrase = "12345678" |
40602101 JM |
753 | |
754 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 755 | hapd0 = hostapd.add_ap(apdev[0], params) |
40602101 | 756 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
8b8a1864 | 757 | hapd1 = hostapd.add_ap(apdev[1], params) |
40602101 | 758 | |
a8375c94 JM |
759 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, |
760 | roams=50) | |
40602101 | 761 | |
473e5176 MB |
762 | def test_ap_ft_vlan_over_ds_many(dev, apdev): |
763 | """WPA2-PSK-FT AP over DS with VLAN multiple times""" | |
764 | ssid = "test-ft" | |
fab49f61 | 765 | passphrase = "12345678" |
4d148384 JD |
766 | filename = hostapd.acl_file(dev, apdev, 'hostapd.accept') |
767 | hostapd.send_file(apdev[0], filename, filename) | |
768 | hostapd.send_file(apdev[1], filename, filename) | |
473e5176 MB |
769 | |
770 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
58be42b2 | 771 | params['dynamic_vlan'] = "1" |
4d148384 | 772 | params['accept_mac_file'] = filename |
473e5176 MB |
773 | hapd0 = hostapd.add_ap(apdev[0]['ifname'], params) |
774 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
58be42b2 | 775 | params['dynamic_vlan'] = "1" |
4d148384 | 776 | params['accept_mac_file'] = filename |
473e5176 MB |
777 | hapd1 = hostapd.add_ap(apdev[1]['ifname'], params) |
778 | ||
779 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, | |
780 | roams=50, conndev="brvlan1") | |
af9d8c75 JM |
781 | if filename.startswith('/tmp/'): |
782 | os.unlink(filename) | |
473e5176 | 783 | |
9fd6804d | 784 | @remote_compatible |
c337d07a JM |
785 | def test_ap_ft_over_ds_unknown_target(dev, apdev): |
786 | """WPA2-PSK-FT AP""" | |
787 | ssid = "test-ft" | |
fab49f61 | 788 | passphrase = "12345678" |
c337d07a JM |
789 | |
790 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 791 | hapd0 = hostapd.add_ap(apdev[0], params) |
c337d07a JM |
792 | |
793 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
794 | scan_freq="2412") | |
795 | dev[0].roam_over_ds("02:11:22:33:44:55", fail_test=True) | |
796 | ||
9fd6804d | 797 | @remote_compatible |
211bb7c5 JM |
798 | def test_ap_ft_over_ds_unexpected(dev, apdev): |
799 | """WPA2-PSK-FT AP over DS and unexpected response""" | |
800 | ssid = "test-ft" | |
fab49f61 | 801 | passphrase = "12345678" |
211bb7c5 JM |
802 | |
803 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 804 | hapd0 = hostapd.add_ap(apdev[0], params) |
211bb7c5 | 805 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
8b8a1864 | 806 | hapd1 = hostapd.add_ap(apdev[1], params) |
211bb7c5 JM |
807 | |
808 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
809 | scan_freq="2412") | |
810 | if dev[0].get_status_field('bssid') == apdev[0]['bssid']: | |
811 | ap1 = apdev[0] | |
812 | ap2 = apdev[1] | |
813 | hapd1ap = hapd0 | |
814 | hapd2ap = hapd1 | |
815 | else: | |
816 | ap1 = apdev[1] | |
817 | ap2 = apdev[0] | |
818 | hapd1ap = hapd1 | |
819 | hapd2ap = hapd0 | |
820 | ||
821 | addr = dev[0].own_addr() | |
822 | hapd1ap.set("ext_mgmt_frame_handling", "1") | |
823 | logger.info("Foreign STA address") | |
824 | msg = {} | |
825 | msg['fc'] = 13 << 4 | |
826 | msg['da'] = addr | |
827 | msg['sa'] = ap1['bssid'] | |
828 | msg['bssid'] = ap1['bssid'] | |
829 | msg['payload'] = binascii.unhexlify("06021122334455660102030405060000") | |
830 | hapd1ap.mgmt_tx(msg) | |
831 | ||
832 | logger.info("No over-the-DS in progress") | |
833 | msg['payload'] = binascii.unhexlify("0602" + addr.replace(':', '') + "0102030405060000") | |
834 | hapd1ap.mgmt_tx(msg) | |
835 | ||
836 | logger.info("Non-zero status code") | |
837 | msg['payload'] = binascii.unhexlify("0602" + addr.replace(':', '') + "0102030405060100") | |
838 | hapd1ap.mgmt_tx(msg) | |
839 | ||
840 | hapd1ap.dump_monitor() | |
841 | ||
842 | dev[0].scan_for_bss(ap2['bssid'], freq="2412") | |
843 | if "OK" not in dev[0].request("FT_DS " + ap2['bssid']): | |
844 | raise Exception("FT_DS failed") | |
845 | ||
846 | req = hapd1ap.mgmt_rx() | |
847 | ||
848 | logger.info("Foreign Target AP") | |
849 | msg['payload'] = binascii.unhexlify("0602" + addr.replace(':', '') + "0102030405060000") | |
850 | hapd1ap.mgmt_tx(msg) | |
851 | ||
852 | addrs = addr.replace(':', '') + ap2['bssid'].replace(':', '') | |
853 | ||
854 | logger.info("No IEs") | |
855 | msg['payload'] = binascii.unhexlify("0602" + addrs + "0000") | |
856 | hapd1ap.mgmt_tx(msg) | |
857 | ||
858 | logger.info("Invalid IEs (trigger parsing failure)") | |
859 | msg['payload'] = binascii.unhexlify("0602" + addrs + "00003700") | |
860 | hapd1ap.mgmt_tx(msg) | |
861 | ||
862 | logger.info("Too short MDIE") | |
863 | msg['payload'] = binascii.unhexlify("0602" + addrs + "000036021122") | |
864 | hapd1ap.mgmt_tx(msg) | |
865 | ||
866 | logger.info("Mobility domain mismatch") | |
867 | msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603112201") | |
868 | hapd1ap.mgmt_tx(msg) | |
869 | ||
870 | logger.info("No FTIE") | |
871 | msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201") | |
872 | hapd1ap.mgmt_tx(msg) | |
873 | ||
874 | logger.info("FTIE SNonce mismatch") | |
875 | msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "1000000000000000000000000000000000000000000000000000000000000001" + "030a6e6173322e77312e6669") | |
876 | hapd1ap.mgmt_tx(msg) | |
877 | ||
878 | logger.info("No R0KH-ID subelem in FTIE") | |
7ab74770 | 879 | snonce = binascii.hexlify(req['payload'][111:111+32]).decode() |
211bb7c5 JM |
880 | msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b20137520000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce) |
881 | hapd1ap.mgmt_tx(msg) | |
882 | ||
883 | logger.info("No R0KH-ID subelem mismatch in FTIE") | |
7ab74770 | 884 | snonce = binascii.hexlify(req['payload'][111:111+32]).decode() |
211bb7c5 JM |
885 | msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce + "030a11223344556677889900") |
886 | hapd1ap.mgmt_tx(msg) | |
887 | ||
888 | logger.info("No R1KH-ID subelem in FTIE") | |
7ab74770 | 889 | r0khid = binascii.hexlify(req['payload'][145:145+10]).decode() |
211bb7c5 JM |
890 | msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce + "030a" + r0khid) |
891 | hapd1ap.mgmt_tx(msg) | |
892 | ||
893 | logger.info("No RSNE") | |
7ab74770 | 894 | r0khid = binascii.hexlify(req['payload'][145:145+10]).decode() |
211bb7c5 JM |
895 | msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b20137660000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce + "030a" + r0khid + "0106000102030405") |
896 | hapd1ap.mgmt_tx(msg) | |
897 | ||
b553eab1 JM |
898 | def test_ap_ft_pmf_over_ds(dev, apdev): |
899 | """WPA2-PSK-FT AP over DS with PMF""" | |
0c481b78 | 900 | run_ap_ft_pmf_bip_over_ds(dev, apdev, None) |
46b8ea21 | 901 | |
ffcaca68 JM |
902 | def test_ap_ft_pmf_bip_cmac_128_over_ds(dev, apdev): |
903 | """WPA2-PSK-FT AP over DS with PMF/BIP-CMAC-128""" | |
904 | run_ap_ft_pmf_bip_over_ds(dev, apdev, "AES-128-CMAC") | |
905 | ||
906 | def test_ap_ft_pmf_bip_gmac_128_over_ds(dev, apdev): | |
907 | """WPA2-PSK-FT AP over DS with PMF/BIP-GMAC-128""" | |
908 | run_ap_ft_pmf_bip_over_ds(dev, apdev, "BIP-GMAC-128") | |
909 | ||
910 | def test_ap_ft_pmf_bip_gmac_256_over_ds(dev, apdev): | |
911 | """WPA2-PSK-FT AP over DS with PMF/BIP-GMAC-256""" | |
912 | run_ap_ft_pmf_bip_over_ds(dev, apdev, "BIP-GMAC-256") | |
913 | ||
914 | def test_ap_ft_pmf_bip_cmac_256_over_ds(dev, apdev): | |
915 | """WPA2-PSK-FT AP over DS with PMF/BIP-CMAC-256""" | |
916 | run_ap_ft_pmf_bip_over_ds(dev, apdev, "BIP-CMAC-256") | |
917 | ||
918 | def run_ap_ft_pmf_bip_over_ds(dev, apdev, cipher): | |
0c481b78 | 919 | if cipher and cipher not in dev[0].get_capability("group_mgmt"): |
ffcaca68 JM |
920 | raise HwsimSkip("Cipher %s not supported" % cipher) |
921 | ||
922 | ssid = "test-ft" | |
fab49f61 | 923 | passphrase = "12345678" |
ffcaca68 JM |
924 | |
925 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
926 | params["ieee80211w"] = "2" | |
0c481b78 JM |
927 | if cipher: |
928 | params["group_mgmt_cipher"] = cipher | |
ffcaca68 JM |
929 | hapd0 = hostapd.add_ap(apdev[0], params) |
930 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
931 | params["ieee80211w"] = "2" | |
0c481b78 JM |
932 | if cipher: |
933 | params["group_mgmt_cipher"] = cipher | |
ffcaca68 JM |
934 | hapd1 = hostapd.add_ap(apdev[1], params) |
935 | ||
0defc42a JM |
936 | Wlantest.setup(hapd0) |
937 | wt = Wlantest() | |
938 | wt.flush() | |
939 | wt.add_passphrase(passphrase) | |
940 | ||
ffcaca68 JM |
941 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, |
942 | group_mgmt=cipher) | |
6e658cc4 | 943 | |
aaba98d3 JM |
944 | def test_ap_ft_over_ds_pull(dev, apdev): |
945 | """WPA2-PSK-FT AP over DS (pull PMK)""" | |
946 | ssid = "test-ft" | |
fab49f61 | 947 | passphrase = "12345678" |
aaba98d3 JM |
948 | |
949 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
950 | params["pmk_r1_push"] = "0" | |
8b8a1864 | 951 | hapd0 = hostapd.add_ap(apdev[0], params) |
aaba98d3 JM |
952 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
953 | params["pmk_r1_push"] = "0" | |
8b8a1864 | 954 | hapd1 = hostapd.add_ap(apdev[1], params) |
aaba98d3 | 955 | |
a8375c94 | 956 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True) |
aaba98d3 | 957 | |
c95dd8e4 JM |
958 | def test_ap_ft_over_ds_pull_old_key(dev, apdev): |
959 | """WPA2-PSK-FT AP over DS (pull PMK; old key)""" | |
960 | ssid = "test-ft" | |
fab49f61 | 961 | passphrase = "12345678" |
c95dd8e4 JM |
962 | |
963 | params = ft_params1_old_key(ssid=ssid, passphrase=passphrase) | |
964 | params["pmk_r1_push"] = "0" | |
965 | hapd0 = hostapd.add_ap(apdev[0], params) | |
966 | params = ft_params2_old_key(ssid=ssid, passphrase=passphrase) | |
967 | params["pmk_r1_push"] = "0" | |
968 | hapd1 = hostapd.add_ap(apdev[1], params) | |
969 | ||
970 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True) | |
971 | ||
473e5176 MB |
972 | def test_ap_ft_over_ds_pull_vlan(dev, apdev): |
973 | """WPA2-PSK-FT AP over DS (pull PMK) with VLAN""" | |
974 | ssid = "test-ft" | |
fab49f61 | 975 | passphrase = "12345678" |
4d148384 JD |
976 | filename = hostapd.acl_file(dev, apdev, 'hostapd.accept') |
977 | hostapd.send_file(apdev[0], filename, filename) | |
978 | hostapd.send_file(apdev[1], filename, filename) | |
473e5176 MB |
979 | |
980 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
981 | params["pmk_r1_push"] = "0" | |
58be42b2 | 982 | params['dynamic_vlan'] = "1" |
4d148384 | 983 | params['accept_mac_file'] = filename |
473e5176 MB |
984 | hapd0 = hostapd.add_ap(apdev[0]['ifname'], params) |
985 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
986 | params["pmk_r1_push"] = "0" | |
58be42b2 | 987 | params['dynamic_vlan'] = "1" |
4d148384 | 988 | params['accept_mac_file'] = filename |
473e5176 MB |
989 | hapd1 = hostapd.add_ap(apdev[1]['ifname'], params) |
990 | ||
991 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, | |
992 | conndev="brvlan1") | |
af9d8c75 JM |
993 | if filename.startswith('/tmp/'): |
994 | os.unlink(filename) | |
473e5176 | 995 | |
2b8f8a47 | 996 | def start_ft_sae(dev, apdev, wpa_ptk_rekey=None, sae_pwe=None, |
2af3d99c | 997 | rsne_override=None, rsnxe_override=None, |
6f291896 JM |
998 | no_beacon_rsnxe2=False, ext_key_id=False, |
999 | skip_prune_assoc=False): | |
425e5f97 | 1000 | if "SAE" not in dev.get_capability("auth_alg"): |
b9749b6a | 1001 | raise HwsimSkip("SAE not supported") |
6e658cc4 | 1002 | ssid = "test-ft" |
fab49f61 | 1003 | passphrase = "12345678" |
6e658cc4 JM |
1004 | |
1005 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1006 | params['wpa_key_mgmt'] = "FT-SAE" | |
425e5f97 JM |
1007 | if wpa_ptk_rekey: |
1008 | params['wpa_ptk_rekey'] = str(wpa_ptk_rekey) | |
30628e0d JM |
1009 | if sae_pwe is not None: |
1010 | params['sae_pwe'] = sae_pwe | |
2b8f8a47 JM |
1011 | if rsne_override: |
1012 | params['rsne_override_ft'] = rsne_override | |
1013 | if rsnxe_override: | |
1014 | params['rsnxe_override_ft'] = rsnxe_override | |
681e8495 JM |
1015 | if ext_key_id: |
1016 | params['extended_key_id'] = '1' | |
6f291896 JM |
1017 | if skip_prune_assoc: |
1018 | params['skip_prune_assoc'] = '1' | |
8b8a1864 | 1019 | hapd0 = hostapd.add_ap(apdev[0], params) |
6e658cc4 JM |
1020 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
1021 | params['wpa_key_mgmt'] = "FT-SAE" | |
425e5f97 JM |
1022 | if wpa_ptk_rekey: |
1023 | params['wpa_ptk_rekey'] = str(wpa_ptk_rekey) | |
30628e0d JM |
1024 | if sae_pwe is not None: |
1025 | params['sae_pwe'] = sae_pwe | |
2b8f8a47 JM |
1026 | if rsne_override: |
1027 | params['rsne_override_ft'] = rsne_override | |
1028 | if rsnxe_override: | |
1029 | params['rsnxe_override_ft'] = rsnxe_override | |
2af3d99c JM |
1030 | if no_beacon_rsnxe2: |
1031 | params['no_beacon_rsnxe'] = "1" | |
681e8495 JM |
1032 | if ext_key_id: |
1033 | params['extended_key_id'] = '1' | |
6f291896 JM |
1034 | if skip_prune_assoc: |
1035 | params['skip_prune_assoc'] = '1' | |
425e5f97 JM |
1036 | hapd1 = hostapd.add_ap(apdev[1], params) |
1037 | key_mgmt = hapd1.get_config()['key_mgmt'] | |
65038313 JM |
1038 | if key_mgmt.split(' ')[0] != "FT-SAE": |
1039 | raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt) | |
6e658cc4 | 1040 | |
425e5f97 JM |
1041 | dev.request("SET sae_groups ") |
1042 | return hapd0, hapd1 | |
1043 | ||
1044 | def test_ap_ft_sae(dev, apdev): | |
1045 | """WPA2-PSK-FT-SAE AP""" | |
1046 | hapd0, hapd1 = start_ft_sae(dev[0], apdev) | |
1047 | run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True) | |
1048 | ||
30628e0d JM |
1049 | def test_ap_ft_sae_h2e(dev, apdev): |
1050 | """WPA2-PSK-FT-SAE AP (H2E)""" | |
1051 | try: | |
1052 | dev[0].set("sae_pwe", "2") | |
1053 | hapd0, hapd1 = start_ft_sae(dev[0], apdev, sae_pwe="2") | |
1054 | run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True) | |
1055 | finally: | |
1056 | dev[0].set("sae_pwe", "0") | |
1057 | ||
daf8491d JM |
1058 | def test_ap_ft_sae_h2e_and_loop(dev, apdev): |
1059 | """WPA2-PSK-FT-SAE AP (AP H2E, STA loop)""" | |
1060 | dev[0].set("sae_pwe", "0") | |
1061 | hapd0, hapd1 = start_ft_sae(dev[0], apdev, sae_pwe="2") | |
1062 | run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True) | |
1063 | ||
2af3d99c JM |
1064 | def test_ap_ft_sae_h2e_and_loop2(dev, apdev): |
1065 | """WPA2-PSK-FT-SAE AP (AP loop, STA H2E)""" | |
1066 | try: | |
1067 | dev[0].set("sae_pwe", "2") | |
1068 | hapd0, hapd1 = start_ft_sae(dev[0], apdev, sae_pwe="0") | |
1069 | run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True) | |
1070 | finally: | |
1071 | dev[0].set("sae_pwe", "0") | |
1072 | ||
1073 | def test_ap_ft_sae_h2e_downgrade_attack(dev, apdev): | |
1074 | """WPA2-PSK-FT-SAE AP (H2E downgrade attack)""" | |
1075 | try: | |
1076 | dev[0].set("sae_pwe", "2") | |
1077 | hapd0, hapd1 = start_ft_sae(dev[0], apdev, sae_pwe="2", | |
1078 | no_beacon_rsnxe2=True) | |
1079 | run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True, | |
1080 | force_initial_conn_to_first_ap=True, | |
1081 | return_after_initial=True) | |
1082 | dev[0].scan_for_bss(hapd1.own_addr(), freq="2412") | |
1083 | dev[0].request("ROAM " + hapd1.own_addr()) | |
1084 | ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10) | |
1085 | if ev is None: | |
1086 | raise Exception("Association not rejected") | |
1087 | finally: | |
1088 | dev[0].set("sae_pwe", "0") | |
1089 | ||
425e5f97 JM |
1090 | def test_ap_ft_sae_ptk_rekey0(dev, apdev): |
1091 | """WPA2-PSK-FT-SAE AP and PTK rekey triggered by station""" | |
1092 | hapd0, hapd1 = start_ft_sae(dev[0], apdev) | |
1093 | run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True, | |
1094 | ptk_rekey="1", roams=0) | |
1095 | check_ptk_rekey(dev[0], hapd0, hapd1) | |
1096 | ||
1097 | def test_ap_ft_sae_ptk_rekey1(dev, apdev): | |
1098 | """WPA2-PSK-FT-SAE AP and PTK rekey triggered by station""" | |
1099 | hapd0, hapd1 = start_ft_sae(dev[0], apdev) | |
1100 | run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True, | |
1101 | ptk_rekey="1", only_one_way=True) | |
1102 | check_ptk_rekey(dev[0], hapd0, hapd1) | |
1103 | ||
1104 | def test_ap_ft_sae_ptk_rekey_ap(dev, apdev): | |
1105 | """WPA2-PSK-FT-SAE AP and PTK rekey triggered by AP""" | |
1106 | hapd0, hapd1 = start_ft_sae(dev[0], apdev, wpa_ptk_rekey=2) | |
1107 | run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True, | |
1108 | only_one_way=True) | |
1109 | check_ptk_rekey(dev[0], hapd0, hapd1) | |
6e658cc4 | 1110 | |
681e8495 JM |
1111 | def test_ap_ft_sae_ptk_rekey_ap_ext_key_id(dev, apdev): |
1112 | """WPA2-PSK-FT-SAE AP and PTK rekey triggered by AP (Ext Key ID)""" | |
1113 | check_ext_key_id_capa(dev[0]) | |
1114 | try: | |
1115 | dev[0].set("extended_key_id", "1") | |
1116 | hapd0, hapd1 = start_ft_sae(dev[0], apdev, wpa_ptk_rekey=2, | |
1117 | ext_key_id=True) | |
1118 | check_ext_key_id_capa(hapd0) | |
1119 | check_ext_key_id_capa(hapd1) | |
1120 | run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True, | |
1121 | only_one_way=True) | |
1122 | check_ptk_rekey(dev[0], hapd0, hapd1) | |
1123 | idx = int(dev[0].request("GET last_tk_key_idx")) | |
1124 | if idx != 1: | |
1125 | raise Exception("Unexpected Key ID after TK rekey: %d" % idx) | |
1126 | finally: | |
1127 | dev[0].set("extended_key_id", "0") | |
1128 | ||
6e658cc4 JM |
1129 | def test_ap_ft_sae_over_ds(dev, apdev): |
1130 | """WPA2-PSK-FT-SAE AP over DS""" | |
425e5f97 JM |
1131 | hapd0, hapd1 = start_ft_sae(dev[0], apdev) |
1132 | run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True, | |
a8375c94 | 1133 | over_ds=True) |
6f62809b | 1134 | |
425e5f97 JM |
1135 | def test_ap_ft_sae_over_ds_ptk_rekey0(dev, apdev): |
1136 | """WPA2-PSK-FT-SAE AP over DS and PTK rekey triggered by station""" | |
1137 | hapd0, hapd1 = start_ft_sae(dev[0], apdev) | |
1138 | run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True, | |
1139 | over_ds=True, ptk_rekey="1", roams=0) | |
1140 | check_ptk_rekey(dev[0], hapd0, hapd1) | |
1141 | ||
1142 | def test_ap_ft_sae_over_ds_ptk_rekey1(dev, apdev): | |
1143 | """WPA2-PSK-FT-SAE AP over DS and PTK rekey triggered by station""" | |
1144 | hapd0, hapd1 = start_ft_sae(dev[0], apdev) | |
1145 | run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True, | |
1146 | over_ds=True, ptk_rekey="1", only_one_way=True) | |
1147 | check_ptk_rekey(dev[0], hapd0, hapd1) | |
1148 | ||
1149 | def test_ap_ft_sae_over_ds_ptk_rekey_ap(dev, apdev): | |
1150 | """WPA2-PSK-FT-SAE AP over DS and PTK rekey triggered by AP""" | |
1151 | hapd0, hapd1 = start_ft_sae(dev[0], apdev, wpa_ptk_rekey=2) | |
1152 | run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True, | |
1153 | over_ds=True, only_one_way=True) | |
1154 | check_ptk_rekey(dev[0], hapd0, hapd1) | |
1155 | ||
2b8f8a47 JM |
1156 | def test_ap_ft_sae_h2e_rsne_override(dev, apdev): |
1157 | """WPA2-PSK-FT-SAE AP (H2E) and RSNE override (same value)""" | |
1158 | try: | |
1159 | dev[0].set("sae_pwe", "2") | |
1160 | hapd0, hapd1 = start_ft_sae(dev[0], apdev, sae_pwe="2", | |
1161 | rsne_override="30260100000fac040100000fac040100000fac090c000100" + 16*"ff") | |
1162 | run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True) | |
1163 | finally: | |
1164 | dev[0].set("sae_pwe", "0") | |
1165 | ||
1166 | def test_ap_ft_sae_h2e_rsnxe_override(dev, apdev): | |
1167 | """WPA2-PSK-FT-SAE AP (H2E) and RSNXE override (same value)""" | |
1168 | try: | |
1169 | dev[0].set("sae_pwe", "2") | |
1170 | hapd0, hapd1 = start_ft_sae(dev[0], apdev, sae_pwe="2", | |
1171 | rsnxe_override="F40120") | |
1172 | run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True) | |
1173 | finally: | |
1174 | dev[0].set("sae_pwe", "0") | |
1175 | ||
1176 | def test_ap_ft_sae_h2e_rsne_mismatch(dev, apdev): | |
1177 | """WPA2-PSK-FT-SAE AP (H2E) and RSNE mismatch""" | |
1178 | try: | |
1179 | dev[0].set("sae_pwe", "2") | |
1180 | hapd0, hapd1 = start_ft_sae(dev[0], apdev, sae_pwe="2", | |
1181 | rsne_override="30260100000fac040100000fac040100000fac090c010100" + 16*"ff") | |
1182 | run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True, | |
1183 | fail_test=True) | |
1184 | finally: | |
1185 | dev[0].set("sae_pwe", "0") | |
1186 | ||
1187 | def test_ap_ft_sae_h2e_rsne_mismatch_pmkr1name(dev, apdev): | |
1188 | """WPA2-PSK-FT-SAE AP (H2E) and RSNE mismatch in PMKR1Name""" | |
1189 | try: | |
1190 | dev[0].set("sae_pwe", "2") | |
1191 | hapd0, hapd1 = start_ft_sae(dev[0], apdev, sae_pwe="2", | |
1192 | rsne_override="30260100000fac040100000fac040100000fac090c000100" + 16*"00") | |
1193 | run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True, | |
1194 | fail_test=True) | |
1195 | finally: | |
1196 | dev[0].set("sae_pwe", "0") | |
1197 | ||
1198 | def test_ap_ft_sae_h2e_rsnxe_mismatch(dev, apdev): | |
1199 | """WPA2-PSK-FT-SAE AP (H2E) and RSNXE mismatch""" | |
1200 | try: | |
1201 | dev[0].set("sae_pwe", "2") | |
1202 | hapd0, hapd1 = start_ft_sae(dev[0], apdev, sae_pwe="2", | |
1203 | rsnxe_override="F40160") | |
1204 | run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True, | |
1205 | fail_test=True) | |
1206 | finally: | |
1207 | dev[0].set("sae_pwe", "0") | |
1208 | ||
3d5b88b5 JM |
1209 | def test_ap_ft_sae_pw_id(dev, apdev): |
1210 | """FT-SAE with Password Identifier""" | |
1211 | if "SAE" not in dev[0].get_capability("auth_alg"): | |
1212 | raise HwsimSkip("SAE not supported") | |
1213 | ssid = "test-ft" | |
1214 | ||
1215 | params = ft_params1(ssid=ssid) | |
1216 | params["ieee80211w"] = "2" | |
1217 | params['wpa_key_mgmt'] = "FT-SAE" | |
1218 | params['sae_password'] = 'secret|id=pwid' | |
1219 | hapd0 = hostapd.add_ap(apdev[0], params) | |
1220 | params = ft_params2(ssid=ssid) | |
1221 | params["ieee80211w"] = "2" | |
1222 | params['wpa_key_mgmt'] = "FT-SAE" | |
1223 | params['sae_password'] = 'secret|id=pwid' | |
1224 | hapd = hostapd.add_ap(apdev[1], params) | |
1225 | ||
1226 | dev[0].request("SET sae_groups ") | |
1227 | run_roams(dev[0], apdev, hapd0, hapd, ssid, passphrase=None, sae=True, | |
1228 | sae_password="secret", sae_password_id="pwid") | |
1229 | ||
cdf53910 JM |
1230 | def test_ap_ft_sae_with_both_akms(dev, apdev): |
1231 | """SAE + FT-SAE configuration""" | |
1232 | if "SAE" not in dev[0].get_capability("auth_alg"): | |
1233 | raise HwsimSkip("SAE not supported") | |
1234 | ssid = "test-ft" | |
1235 | passphrase = "12345678" | |
1236 | ||
1237 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1238 | params['wpa_key_mgmt'] = "FT-SAE SAE" | |
1239 | hapd0 = hostapd.add_ap(apdev[0], params) | |
1240 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1241 | params['wpa_key_mgmt'] = "FT-SAE SAE" | |
1242 | hapd = hostapd.add_ap(apdev[1], params) | |
1243 | key_mgmt = hapd.get_config()['key_mgmt'] | |
1244 | if key_mgmt.split(' ')[0] != "FT-SAE": | |
1245 | raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt) | |
1246 | ||
1247 | dev[0].request("SET sae_groups ") | |
1248 | run_roams(dev[0], apdev, hapd0, hapd, ssid, passphrase, sae=True, | |
1249 | sae_and_psk=True) | |
1250 | ||
1211031a JM |
1251 | def test_ap_ft_sae_pmksa_caching(dev, apdev): |
1252 | """WPA2-FT-SAE AP and PMKSA caching for initial mobility domain association""" | |
1253 | if "SAE" not in dev[0].get_capability("auth_alg"): | |
1254 | raise HwsimSkip("SAE not supported") | |
1255 | ssid = "test-ft" | |
1256 | passphrase = "12345678" | |
1257 | ||
1258 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1259 | params['wpa_key_mgmt'] = "FT-SAE" | |
1260 | hapd0 = hostapd.add_ap(apdev[0], params) | |
1261 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1262 | params['wpa_key_mgmt'] = "FT-SAE" | |
1263 | hapd = hostapd.add_ap(apdev[1], params) | |
1264 | key_mgmt = hapd.get_config()['key_mgmt'] | |
1265 | if key_mgmt.split(' ')[0] != "FT-SAE": | |
1266 | raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt) | |
1267 | ||
1268 | dev[0].request("SET sae_groups ") | |
1269 | run_roams(dev[0], apdev, hapd0, hapd, ssid, passphrase, sae=True, | |
1270 | pmksa_caching=True) | |
1271 | ||
c0f3ee47 JM |
1272 | def test_ap_ft_sae_pmksa_caching_pwe(dev, apdev): |
1273 | """WPA2-FT-SAE AP and PMKSA caching for initial mobility domain association (STA PWE both)""" | |
1274 | if "SAE" not in dev[0].get_capability("auth_alg"): | |
1275 | raise HwsimSkip("SAE not supported") | |
1276 | ssid = "test-ft" | |
1277 | passphrase = "12345678" | |
1278 | ||
1279 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1280 | params['wpa_key_mgmt'] = "FT-SAE" | |
1281 | hapd0 = hostapd.add_ap(apdev[0], params) | |
1282 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1283 | params['wpa_key_mgmt'] = "FT-SAE" | |
1284 | hapd = hostapd.add_ap(apdev[1], params) | |
1285 | key_mgmt = hapd.get_config()['key_mgmt'] | |
1286 | if key_mgmt.split(' ')[0] != "FT-SAE": | |
1287 | raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt) | |
1288 | ||
1289 | try: | |
1290 | dev[0].request("SET sae_groups ") | |
1291 | dev[0].set("sae_pwe", "2") | |
1292 | run_roams(dev[0], apdev, hapd0, hapd, ssid, passphrase, sae=True, | |
1293 | pmksa_caching=True) | |
1294 | finally: | |
1295 | dev[0].set("sae_groups", "") | |
1296 | dev[0].set("sae_pwe", "0") | |
1297 | ||
1298 | def test_ap_ft_sae_pmksa_caching_h2e(dev, apdev): | |
1299 | """WPA2-FT-SAE AP and PMKSA caching for initial mobility domain association (H2E)""" | |
1300 | if "SAE" not in dev[0].get_capability("auth_alg"): | |
1301 | raise HwsimSkip("SAE not supported") | |
1302 | ssid = "test-ft" | |
1303 | passphrase = "12345678" | |
1304 | ||
1305 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1306 | params['wpa_key_mgmt'] = "FT-SAE" | |
1307 | params['sae_pwe'] = "1" | |
1308 | hapd0 = hostapd.add_ap(apdev[0], params) | |
1309 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1310 | params['wpa_key_mgmt'] = "FT-SAE" | |
1311 | params['sae_pwe'] = "1" | |
1312 | hapd = hostapd.add_ap(apdev[1], params) | |
1313 | key_mgmt = hapd.get_config()['key_mgmt'] | |
1314 | if key_mgmt.split(' ')[0] != "FT-SAE": | |
1315 | raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt) | |
1316 | ||
1317 | try: | |
1318 | dev[0].request("SET sae_groups ") | |
1319 | dev[0].set("sae_pwe", "1") | |
1320 | run_roams(dev[0], apdev, hapd0, hapd, ssid, passphrase, sae=True, | |
1321 | pmksa_caching=True) | |
1322 | finally: | |
1323 | dev[0].set("sae_groups", "") | |
1324 | dev[0].set("sae_pwe", "0") | |
1325 | ||
d269740a | 1326 | def generic_ap_ft_eap(dev, apdev, vlan=False, cui=False, over_ds=False, |
425e5f97 JM |
1327 | discovery=False, roams=1, wpa_ptk_rekey=0, |
1328 | only_one_way=False): | |
6f62809b | 1329 | ssid = "test-ft" |
fab49f61 | 1330 | passphrase = "12345678" |
9c50a6d3 | 1331 | if vlan: |
fab49f61 JM |
1332 | identity = "gpsk-vlan1" |
1333 | conndev = "brvlan1" | |
d269740a | 1334 | elif cui: |
fab49f61 JM |
1335 | identity = "gpsk-cui" |
1336 | conndev = False | |
9c50a6d3 | 1337 | else: |
fab49f61 JM |
1338 | identity = "gpsk user" |
1339 | conndev = False | |
6f62809b JM |
1340 | |
1341 | radius = hostapd.radius_params() | |
942b52a8 | 1342 | params = ft_params1(ssid=ssid, passphrase=passphrase, discovery=discovery) |
6f62809b JM |
1343 | params['wpa_key_mgmt'] = "FT-EAP" |
1344 | params["ieee8021x"] = "1" | |
9c50a6d3 MB |
1345 | if vlan: |
1346 | params["dynamic_vlan"] = "1" | |
35d8c254 | 1347 | params = dict(list(radius.items()) + list(params.items())) |
8b8a1864 | 1348 | hapd = hostapd.add_ap(apdev[0], params) |
65038313 JM |
1349 | key_mgmt = hapd.get_config()['key_mgmt'] |
1350 | if key_mgmt.split(' ')[0] != "FT-EAP": | |
1351 | raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt) | |
942b52a8 | 1352 | params = ft_params2(ssid=ssid, passphrase=passphrase, discovery=discovery) |
6f62809b JM |
1353 | params['wpa_key_mgmt'] = "FT-EAP" |
1354 | params["ieee8021x"] = "1" | |
9c50a6d3 MB |
1355 | if vlan: |
1356 | params["dynamic_vlan"] = "1" | |
425e5f97 JM |
1357 | if wpa_ptk_rekey: |
1358 | params["wpa_ptk_rekey"] = str(wpa_ptk_rekey) | |
35d8c254 | 1359 | params = dict(list(radius.items()) + list(params.items())) |
8b8a1864 | 1360 | hapd1 = hostapd.add_ap(apdev[1], params) |
6f62809b | 1361 | |
942b52a8 | 1362 | run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True, |
9c50a6d3 | 1363 | over_ds=over_ds, roams=roams, eap_identity=identity, |
425e5f97 | 1364 | conndev=conndev, only_one_way=only_one_way) |
91bc6c36 JM |
1365 | if "[WPA2-FT/EAP-CCMP]" not in dev[0].request("SCAN_RESULTS"): |
1366 | raise Exception("Scan results missing RSN element info") | |
fab49f61 JM |
1367 | check_mib(dev[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-3"), |
1368 | ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-3")]) | |
425e5f97 JM |
1369 | if only_one_way: |
1370 | return | |
aaba98d3 | 1371 | |
4013d688 JM |
1372 | # Verify EAPOL reauthentication after FT protocol |
1373 | if dev[0].get_status_field('bssid') == apdev[0]['bssid']: | |
1374 | ap = hapd | |
1375 | else: | |
1376 | ap = hapd1 | |
1377 | ap.request("EAPOL_REAUTH " + dev[0].own_addr()) | |
1378 | ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5) | |
1379 | if ev is None: | |
1380 | raise Exception("EAP authentication did not start") | |
1381 | ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=5) | |
1382 | if ev is None: | |
1383 | raise Exception("EAP authentication did not succeed") | |
1384 | time.sleep(0.1) | |
9c50a6d3 MB |
1385 | if conndev: |
1386 | hwsim_utils.test_connectivity_iface(dev[0], ap, conndev) | |
1387 | else: | |
1388 | hwsim_utils.test_connectivity(dev[0], ap) | |
4013d688 | 1389 | |
942b52a8 MB |
1390 | def test_ap_ft_eap(dev, apdev): |
1391 | """WPA2-EAP-FT AP""" | |
1392 | generic_ap_ft_eap(dev, apdev) | |
1393 | ||
d269740a MB |
1394 | def test_ap_ft_eap_cui(dev, apdev): |
1395 | """WPA2-EAP-FT AP with CUI""" | |
1396 | generic_ap_ft_eap(dev, apdev, vlan=False, cui=True) | |
1397 | ||
9c50a6d3 MB |
1398 | def test_ap_ft_eap_vlan(dev, apdev): |
1399 | """WPA2-EAP-FT AP with VLAN""" | |
1400 | generic_ap_ft_eap(dev, apdev, vlan=True) | |
1401 | ||
1402 | def test_ap_ft_eap_vlan_multi(dev, apdev): | |
1403 | """WPA2-EAP-FT AP with VLAN""" | |
1404 | generic_ap_ft_eap(dev, apdev, vlan=True, roams=50) | |
1405 | ||
942b52a8 MB |
1406 | def test_ap_ft_eap_over_ds(dev, apdev): |
1407 | """WPA2-EAP-FT AP using over-the-DS""" | |
1408 | generic_ap_ft_eap(dev, apdev, over_ds=True) | |
1409 | ||
1410 | def test_ap_ft_eap_dis(dev, apdev): | |
1411 | """WPA2-EAP-FT AP with AP discovery""" | |
1412 | generic_ap_ft_eap(dev, apdev, discovery=True) | |
1413 | ||
1414 | def test_ap_ft_eap_dis_over_ds(dev, apdev): | |
1415 | """WPA2-EAP-FT AP with AP discovery and over-the-DS""" | |
1416 | generic_ap_ft_eap(dev, apdev, over_ds=True, discovery=True) | |
1417 | ||
9c50a6d3 MB |
1418 | def test_ap_ft_eap_vlan(dev, apdev): |
1419 | """WPA2-EAP-FT AP with VLAN""" | |
1420 | generic_ap_ft_eap(dev, apdev, vlan=True) | |
1421 | ||
1422 | def test_ap_ft_eap_vlan_multi(dev, apdev): | |
1423 | """WPA2-EAP-FT AP with VLAN""" | |
1424 | generic_ap_ft_eap(dev, apdev, vlan=True, roams=50) | |
1425 | ||
1426 | def test_ap_ft_eap_vlan_over_ds(dev, apdev): | |
1427 | """WPA2-EAP-FT AP with VLAN + over_ds""" | |
1428 | generic_ap_ft_eap(dev, apdev, vlan=True, over_ds=True) | |
1429 | ||
1430 | def test_ap_ft_eap_vlan_over_ds_multi(dev, apdev): | |
1431 | """WPA2-EAP-FT AP with VLAN + over_ds""" | |
1432 | generic_ap_ft_eap(dev, apdev, vlan=True, over_ds=True, roams=50) | |
1433 | ||
1434 | def generic_ap_ft_eap_pull(dev, apdev, vlan=False): | |
aaba98d3 JM |
1435 | """WPA2-EAP-FT AP (pull PMK)""" |
1436 | ssid = "test-ft" | |
fab49f61 | 1437 | passphrase = "12345678" |
9c50a6d3 | 1438 | if vlan: |
fab49f61 JM |
1439 | identity = "gpsk-vlan1" |
1440 | conndev = "brvlan1" | |
9c50a6d3 | 1441 | else: |
fab49f61 JM |
1442 | identity = "gpsk user" |
1443 | conndev = False | |
aaba98d3 JM |
1444 | |
1445 | radius = hostapd.radius_params() | |
1446 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1447 | params['wpa_key_mgmt'] = "FT-EAP" | |
1448 | params["ieee8021x"] = "1" | |
1449 | params["pmk_r1_push"] = "0" | |
9c50a6d3 MB |
1450 | if vlan: |
1451 | params["dynamic_vlan"] = "1" | |
35d8c254 | 1452 | params = dict(list(radius.items()) + list(params.items())) |
8b8a1864 | 1453 | hapd = hostapd.add_ap(apdev[0], params) |
aaba98d3 JM |
1454 | key_mgmt = hapd.get_config()['key_mgmt'] |
1455 | if key_mgmt.split(' ')[0] != "FT-EAP": | |
1456 | raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt) | |
1457 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1458 | params['wpa_key_mgmt'] = "FT-EAP" | |
1459 | params["ieee8021x"] = "1" | |
1460 | params["pmk_r1_push"] = "0" | |
9c50a6d3 MB |
1461 | if vlan: |
1462 | params["dynamic_vlan"] = "1" | |
35d8c254 | 1463 | params = dict(list(radius.items()) + list(params.items())) |
8b8a1864 | 1464 | hapd1 = hostapd.add_ap(apdev[1], params) |
aaba98d3 | 1465 | |
9c50a6d3 MB |
1466 | run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True, |
1467 | eap_identity=identity, conndev=conndev) | |
1468 | ||
1469 | def test_ap_ft_eap_pull(dev, apdev): | |
1470 | """WPA2-EAP-FT AP (pull PMK)""" | |
1471 | generic_ap_ft_eap_pull(dev, apdev) | |
1472 | ||
1473 | def test_ap_ft_eap_pull_vlan(dev, apdev): | |
1474 | generic_ap_ft_eap_pull(dev, apdev, vlan=True) | |
3b808945 | 1475 | |
f81c1411 JM |
1476 | def test_ap_ft_eap_pull_wildcard(dev, apdev): |
1477 | """WPA2-EAP-FT AP (pull PMK) - wildcard R0KH/R1KH""" | |
1478 | ssid = "test-ft" | |
fab49f61 | 1479 | passphrase = "12345678" |
f81c1411 JM |
1480 | |
1481 | radius = hostapd.radius_params() | |
1482 | params = ft_params1(ssid=ssid, passphrase=passphrase, discovery=True) | |
1483 | params['wpa_key_mgmt'] = "WPA-EAP FT-EAP" | |
1484 | params["ieee8021x"] = "1" | |
1485 | params["pmk_r1_push"] = "0" | |
1486 | params["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff" | |
1487 | params["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff" | |
1488 | params["ft_psk_generate_local"] = "1" | |
1489 | params["eap_server"] = "0" | |
c6ab7b55 JM |
1490 | params["rkh_pos_timeout"] = "100" |
1491 | params["rkh_neg_timeout"] = "50" | |
1492 | params["rkh_pull_timeout"] = "1234" | |
1493 | params["rkh_pull_retries"] = "10" | |
35d8c254 | 1494 | params = dict(list(radius.items()) + list(params.items())) |
f81c1411 JM |
1495 | hapd = hostapd.add_ap(apdev[0], params) |
1496 | params = ft_params2(ssid=ssid, passphrase=passphrase, discovery=True) | |
1497 | params['wpa_key_mgmt'] = "WPA-EAP FT-EAP" | |
1498 | params["ieee8021x"] = "1" | |
1499 | params["pmk_r1_push"] = "0" | |
1500 | params["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff" | |
1501 | params["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff" | |
1502 | params["ft_psk_generate_local"] = "1" | |
1503 | params["eap_server"] = "0" | |
35d8c254 | 1504 | params = dict(list(radius.items()) + list(params.items())) |
f81c1411 JM |
1505 | hapd1 = hostapd.add_ap(apdev[1], params) |
1506 | ||
1507 | run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True) | |
1508 | ||
0d0baf9f JM |
1509 | def test_ap_ft_eap_pull_wildcard_multi_bss(dev, apdev, params): |
1510 | """WPA2-EAP-FT AP (pull PMK) - wildcard R0KH/R1KH with multiple BSSs""" | |
1511 | bssconf = os.path.join(params['logdir'], | |
1512 | 'ap_ft_eap_pull_wildcard_multi_bss.bss.conf') | |
1513 | ssid = "test-ft" | |
1514 | passphrase = "12345678" | |
1515 | radius = hostapd.radius_params() | |
1516 | ||
1517 | params = ft_params1(ssid=ssid, passphrase=passphrase, discovery=True) | |
1518 | params['wpa_key_mgmt'] = "WPA-EAP FT-EAP" | |
1519 | params["ieee8021x"] = "1" | |
1520 | params["pmk_r1_push"] = "0" | |
1521 | params["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff" | |
1522 | params["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff" | |
1523 | params["eap_server"] = "0" | |
1524 | params = dict(list(radius.items()) + list(params.items())) | |
1525 | hapd = hostapd.add_ap(apdev[0], params) | |
1526 | ifname2 = apdev[0]['ifname'] + "-2" | |
1527 | bssid2 = "02:00:00:00:03:01" | |
1528 | params['nas_identifier'] = "nas1b.w1.fi" | |
1529 | params['r1_key_holder'] = "000102030415" | |
1530 | with open(bssconf, 'w') as f: | |
1531 | f.write("driver=nl80211\n") | |
1532 | f.write("hw_mode=g\n") | |
1533 | f.write("channel=1\n") | |
1534 | f.write("ieee80211n=1\n") | |
1535 | f.write("interface=%s\n" % ifname2) | |
1536 | f.write("bssid=%s\n" % bssid2) | |
1537 | f.write("ctrl_interface=/var/run/hostapd\n") | |
1538 | for name, val in params.items(): | |
1539 | f.write("%s=%s\n" % (name, val)) | |
1540 | hapd2 = hostapd.add_bss(apdev[0], ifname2, bssconf) | |
1541 | ||
1542 | params = ft_params2(ssid=ssid, passphrase=passphrase, discovery=True) | |
1543 | params['wpa_key_mgmt'] = "WPA-EAP FT-EAP" | |
1544 | params["ieee8021x"] = "1" | |
1545 | params["pmk_r1_push"] = "0" | |
1546 | params["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff" | |
1547 | params["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff" | |
1548 | params["eap_server"] = "0" | |
1549 | params = dict(list(radius.items()) + list(params.items())) | |
1550 | hapd1 = hostapd.add_ap(apdev[1], params) | |
1551 | ||
1552 | # The first iteration of the roaming test will use wildcard R0KH discovery | |
1553 | # and RRB sequence number synchronization while the second iteration shows | |
1554 | # the clean RRB exchange where those extra steps are not needed. | |
1555 | for i in range(2): | |
1556 | hapd.note("Test iteration %d" % i) | |
1557 | dev[0].note("Test iteration %d" % i) | |
1558 | ||
1559 | id = dev[0].connect(ssid, key_mgmt="FT-EAP", eap="GPSK", | |
1560 | identity="gpsk user", | |
1561 | password="abcdefghijklmnop0123456789abcdef", | |
1562 | bssid=bssid2, | |
1563 | scan_freq="2412") | |
1564 | res = dev[0].get_status_field("bssid") | |
1565 | if res != bssid2: | |
1566 | raise Exception("Unexpected BSSID after initial connection: " + res) | |
1567 | ||
1568 | dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412") | |
1569 | dev[0].set_network(id, "bssid", "00:00:00:00:00:00") | |
1570 | dev[0].roam(apdev[1]['bssid']) | |
1571 | res = dev[0].get_status_field("bssid") | |
1572 | if res != apdev[1]['bssid']: | |
1573 | raise Exception("Unexpected BSSID after first roam: " + res) | |
1574 | ||
1575 | dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412") | |
1576 | dev[0].roam(apdev[0]['bssid']) | |
1577 | res = dev[0].get_status_field("bssid") | |
1578 | if res != apdev[0]['bssid']: | |
1579 | raise Exception("Unexpected BSSID after second roam: " + res) | |
1580 | ||
1581 | dev[0].request("REMOVE_NETWORK all") | |
1582 | dev[0].wait_disconnected() | |
1583 | dev[0].dump_monitor() | |
1584 | hapd.dump_monitor() | |
1585 | hapd2.dump_monitor() | |
1586 | ||
9fd6804d | 1587 | @remote_compatible |
3b808945 JM |
1588 | def test_ap_ft_mismatching_rrb_key_push(dev, apdev): |
1589 | """WPA2-PSK-FT AP over DS with mismatching RRB key (push)""" | |
1590 | ssid = "test-ft" | |
fab49f61 | 1591 | passphrase = "12345678" |
3b808945 JM |
1592 | |
1593 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
bc6e3288 | 1594 | params["ieee80211w"] = "2" |
8b8a1864 | 1595 | hapd0 = hostapd.add_ap(apdev[0], params) |
3b808945 | 1596 | params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase) |
bc6e3288 | 1597 | params["ieee80211w"] = "2" |
8b8a1864 | 1598 | hapd1 = hostapd.add_ap(apdev[1], params) |
3b808945 | 1599 | |
a8375c94 JM |
1600 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, |
1601 | fail_test=True) | |
3b808945 | 1602 | |
9fd6804d | 1603 | @remote_compatible |
3b808945 JM |
1604 | def test_ap_ft_mismatching_rrb_key_pull(dev, apdev): |
1605 | """WPA2-PSK-FT AP over DS with mismatching RRB key (pull)""" | |
1606 | ssid = "test-ft" | |
fab49f61 | 1607 | passphrase = "12345678" |
3b808945 JM |
1608 | |
1609 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1610 | params["pmk_r1_push"] = "0" | |
8b8a1864 | 1611 | hapd0 = hostapd.add_ap(apdev[0], params) |
3b808945 JM |
1612 | params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase) |
1613 | params["pmk_r1_push"] = "0" | |
8b8a1864 | 1614 | hapd1 = hostapd.add_ap(apdev[1], params) |
3b808945 | 1615 | |
a8375c94 JM |
1616 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, |
1617 | fail_test=True) | |
3b808945 | 1618 | |
9fd6804d | 1619 | @remote_compatible |
ae14a2e2 JM |
1620 | def test_ap_ft_mismatching_r0kh_id_pull(dev, apdev): |
1621 | """WPA2-PSK-FT AP over DS with mismatching R0KH-ID (pull)""" | |
1622 | ssid = "test-ft" | |
fab49f61 | 1623 | passphrase = "12345678" |
ae14a2e2 JM |
1624 | |
1625 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1626 | params["pmk_r1_push"] = "0" | |
1627 | params["nas_identifier"] = "nas0.w1.fi" | |
8b8a1864 | 1628 | hostapd.add_ap(apdev[0], params) |
2f816c21 JM |
1629 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", |
1630 | scan_freq="2412") | |
ae14a2e2 JM |
1631 | |
1632 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1633 | params["pmk_r1_push"] = "0" | |
8b8a1864 | 1634 | hostapd.add_ap(apdev[1], params) |
ae14a2e2 JM |
1635 | |
1636 | dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412") | |
1637 | dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True) | |
1638 | ||
9fd6804d | 1639 | @remote_compatible |
3b808945 JM |
1640 | def test_ap_ft_mismatching_rrb_r0kh_push(dev, apdev): |
1641 | """WPA2-PSK-FT AP over DS with mismatching R0KH key (push)""" | |
1642 | ssid = "test-ft" | |
fab49f61 | 1643 | passphrase = "12345678" |
3b808945 JM |
1644 | |
1645 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
bc6e3288 | 1646 | params["ieee80211w"] = "2" |
8b8a1864 | 1647 | hapd0 = hostapd.add_ap(apdev[0], params) |
3b808945 | 1648 | params = ft_params2_r0kh_mismatch(ssid=ssid, passphrase=passphrase) |
bc6e3288 | 1649 | params["ieee80211w"] = "2" |
8b8a1864 | 1650 | hapd1 = hostapd.add_ap(apdev[1], params) |
3b808945 | 1651 | |
a8375c94 JM |
1652 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, |
1653 | fail_test=True) | |
3b808945 | 1654 | |
9fd6804d | 1655 | @remote_compatible |
3b808945 JM |
1656 | def test_ap_ft_mismatching_rrb_r0kh_pull(dev, apdev): |
1657 | """WPA2-PSK-FT AP over DS with mismatching R0KH key (pull)""" | |
1658 | ssid = "test-ft" | |
fab49f61 | 1659 | passphrase = "12345678" |
3b808945 JM |
1660 | |
1661 | params = ft_params1_r0kh_mismatch(ssid=ssid, passphrase=passphrase) | |
1662 | params["pmk_r1_push"] = "0" | |
8b8a1864 | 1663 | hapd0 = hostapd.add_ap(apdev[0], params) |
3b808945 JM |
1664 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
1665 | params["pmk_r1_push"] = "0" | |
8b8a1864 | 1666 | hapd1 = hostapd.add_ap(apdev[1], params) |
3b808945 | 1667 | |
a8375c94 JM |
1668 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, |
1669 | fail_test=True) | |
c6b6e105 | 1670 | |
150948e6 MB |
1671 | def test_ap_ft_mismatching_rrb_key_push_eap(dev, apdev): |
1672 | """WPA2-EAP-FT AP over DS with mismatching RRB key (push)""" | |
1673 | ssid = "test-ft" | |
fab49f61 | 1674 | passphrase = "12345678" |
150948e6 MB |
1675 | |
1676 | radius = hostapd.radius_params() | |
1677 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
58be42b2 | 1678 | params["ieee80211w"] = "2" |
150948e6 MB |
1679 | params['wpa_key_mgmt'] = "FT-EAP" |
1680 | params["ieee8021x"] = "1" | |
35d8c254 | 1681 | params = dict(list(radius.items()) + list(params.items())) |
b098542c | 1682 | hapd0 = hostapd.add_ap(apdev[0], params) |
150948e6 | 1683 | params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase) |
58be42b2 | 1684 | params["ieee80211w"] = "2" |
150948e6 MB |
1685 | params['wpa_key_mgmt'] = "FT-EAP" |
1686 | params["ieee8021x"] = "1" | |
35d8c254 | 1687 | params = dict(list(radius.items()) + list(params.items())) |
b098542c | 1688 | hapd1 = hostapd.add_ap(apdev[1], params) |
150948e6 MB |
1689 | |
1690 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, | |
1691 | fail_test=True, eap=True) | |
1692 | ||
1693 | def test_ap_ft_mismatching_rrb_key_pull_eap(dev, apdev): | |
1694 | """WPA2-EAP-FT AP over DS with mismatching RRB key (pull)""" | |
1695 | ssid = "test-ft" | |
fab49f61 | 1696 | passphrase = "12345678" |
150948e6 MB |
1697 | |
1698 | radius = hostapd.radius_params() | |
1699 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1700 | params["pmk_r1_push"] = "0" | |
1701 | params['wpa_key_mgmt'] = "FT-EAP" | |
1702 | params["ieee8021x"] = "1" | |
35d8c254 | 1703 | params = dict(list(radius.items()) + list(params.items())) |
b098542c | 1704 | hapd0 = hostapd.add_ap(apdev[0], params) |
150948e6 MB |
1705 | params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase) |
1706 | params["pmk_r1_push"] = "0" | |
1707 | params['wpa_key_mgmt'] = "FT-EAP" | |
1708 | params["ieee8021x"] = "1" | |
35d8c254 | 1709 | params = dict(list(radius.items()) + list(params.items())) |
b098542c | 1710 | hapd1 = hostapd.add_ap(apdev[1], params) |
150948e6 MB |
1711 | |
1712 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, | |
1713 | fail_test=True, eap=True) | |
1714 | ||
1715 | def test_ap_ft_mismatching_r0kh_id_pull_eap(dev, apdev): | |
1716 | """WPA2-EAP-FT AP over DS with mismatching R0KH-ID (pull)""" | |
1717 | ssid = "test-ft" | |
fab49f61 | 1718 | passphrase = "12345678" |
150948e6 MB |
1719 | |
1720 | radius = hostapd.radius_params() | |
1721 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1722 | params["pmk_r1_push"] = "0" | |
1723 | params["nas_identifier"] = "nas0.w1.fi" | |
1724 | params['wpa_key_mgmt'] = "FT-EAP" | |
1725 | params["ieee8021x"] = "1" | |
35d8c254 | 1726 | params = dict(list(radius.items()) + list(params.items())) |
b098542c | 1727 | hostapd.add_ap(apdev[0], params) |
150948e6 MB |
1728 | dev[0].connect(ssid, key_mgmt="FT-EAP", proto="WPA2", ieee80211w="1", |
1729 | eap="GPSK", identity="gpsk user", | |
1730 | password="abcdefghijklmnop0123456789abcdef", | |
1731 | scan_freq="2412") | |
1732 | ||
1733 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1734 | params["pmk_r1_push"] = "0" | |
1735 | params['wpa_key_mgmt'] = "FT-EAP" | |
1736 | params["ieee8021x"] = "1" | |
35d8c254 | 1737 | params = dict(list(radius.items()) + list(params.items())) |
b098542c | 1738 | hostapd.add_ap(apdev[1], params) |
150948e6 MB |
1739 | |
1740 | dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412") | |
1741 | dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True) | |
1742 | ||
1743 | def test_ap_ft_mismatching_rrb_r0kh_push_eap(dev, apdev): | |
1744 | """WPA2-EAP-FT AP over DS with mismatching R0KH key (push)""" | |
1745 | ssid = "test-ft" | |
fab49f61 | 1746 | passphrase = "12345678" |
150948e6 MB |
1747 | |
1748 | radius = hostapd.radius_params() | |
1749 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
58be42b2 | 1750 | params["ieee80211w"] = "2" |
150948e6 MB |
1751 | params['wpa_key_mgmt'] = "FT-EAP" |
1752 | params["ieee8021x"] = "1" | |
35d8c254 | 1753 | params = dict(list(radius.items()) + list(params.items())) |
b098542c | 1754 | hapd0 = hostapd.add_ap(apdev[0], params) |
150948e6 | 1755 | params = ft_params2_r0kh_mismatch(ssid=ssid, passphrase=passphrase) |
58be42b2 | 1756 | params["ieee80211w"] = "2" |
150948e6 MB |
1757 | params['wpa_key_mgmt'] = "FT-EAP" |
1758 | params["ieee8021x"] = "1" | |
35d8c254 | 1759 | params = dict(list(radius.items()) + list(params.items())) |
b098542c | 1760 | hapd1 = hostapd.add_ap(apdev[1], params) |
150948e6 MB |
1761 | |
1762 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, | |
1763 | fail_test=True, eap=True) | |
1764 | ||
1765 | def test_ap_ft_mismatching_rrb_r0kh_pull_eap(dev, apdev): | |
1766 | """WPA2-EAP-FT AP over DS with mismatching R0KH key (pull)""" | |
1767 | ssid = "test-ft" | |
fab49f61 | 1768 | passphrase = "12345678" |
150948e6 MB |
1769 | |
1770 | radius = hostapd.radius_params() | |
1771 | params = ft_params1_r0kh_mismatch(ssid=ssid, passphrase=passphrase) | |
1772 | params["pmk_r1_push"] = "0" | |
1773 | params['wpa_key_mgmt'] = "FT-EAP" | |
1774 | params["ieee8021x"] = "1" | |
35d8c254 | 1775 | params = dict(list(radius.items()) + list(params.items())) |
b098542c | 1776 | hapd0 = hostapd.add_ap(apdev[0], params) |
150948e6 MB |
1777 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
1778 | params["pmk_r1_push"] = "0" | |
1779 | params['wpa_key_mgmt'] = "FT-EAP" | |
1780 | params["ieee8021x"] = "1" | |
35d8c254 | 1781 | params = dict(list(radius.items()) + list(params.items())) |
b098542c | 1782 | hapd1 = hostapd.add_ap(apdev[1], params) |
150948e6 MB |
1783 | |
1784 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, | |
1785 | fail_test=True, eap=True) | |
1786 | ||
c6b6e105 JM |
1787 | def test_ap_ft_gtk_rekey(dev, apdev): |
1788 | """WPA2-PSK-FT AP and GTK rekey""" | |
1789 | ssid = "test-ft" | |
fab49f61 | 1790 | passphrase = "12345678" |
c6b6e105 JM |
1791 | |
1792 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1793 | params['wpa_group_rekey'] = '1' | |
8b8a1864 | 1794 | hapd = hostapd.add_ap(apdev[0], params) |
c6b6e105 JM |
1795 | |
1796 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
2f816c21 | 1797 | ieee80211w="1", scan_freq="2412") |
c6b6e105 JM |
1798 | |
1799 | ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2) | |
1800 | if ev is None: | |
1801 | raise Exception("GTK rekey timed out after initial association") | |
a8375c94 | 1802 | hwsim_utils.test_connectivity(dev[0], hapd) |
c6b6e105 JM |
1803 | |
1804 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1805 | params['wpa_group_rekey'] = '1' | |
8b8a1864 | 1806 | hapd1 = hostapd.add_ap(apdev[1], params) |
c6b6e105 JM |
1807 | |
1808 | dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412") | |
1809 | dev[0].roam(apdev[1]['bssid']) | |
1810 | if dev[0].get_status_field('bssid') != apdev[1]['bssid']: | |
1811 | raise Exception("Did not connect to correct AP") | |
a8375c94 | 1812 | hwsim_utils.test_connectivity(dev[0], hapd1) |
c6b6e105 JM |
1813 | |
1814 | ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2) | |
1815 | if ev is None: | |
1816 | raise Exception("GTK rekey timed out after FT protocol") | |
a8375c94 | 1817 | hwsim_utils.test_connectivity(dev[0], hapd1) |
5b3c40a6 JM |
1818 | |
1819 | def test_ft_psk_key_lifetime_in_memory(dev, apdev, params): | |
1820 | """WPA2-PSK-FT and key lifetime in memory""" | |
1821 | ssid = "test-ft" | |
fab49f61 | 1822 | passphrase = "04c2726b4b8d5f1b4db9c07aa4d9e9d8f765cb5d25ec817e6cc4fcdd5255db0" |
5b3c40a6 JM |
1823 | psk = '93c90846ff67af9037ed83fb72b63dbeddaa81d47f926c20909b5886f1d9358d' |
1824 | pmk = binascii.unhexlify(psk) | |
1825 | p = ft_params1(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 1826 | hapd0 = hostapd.add_ap(apdev[0], p) |
5b3c40a6 | 1827 | p = ft_params2(ssid=ssid, passphrase=passphrase) |
8b8a1864 | 1828 | hapd1 = hostapd.add_ap(apdev[1], p) |
5b3c40a6 JM |
1829 | |
1830 | pid = find_wpas_process(dev[0]) | |
1831 | ||
1832 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1833 | scan_freq="2412") | |
8e416cec JM |
1834 | # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED |
1835 | # event has been delivered, so verify that wpa_supplicant has returned to | |
1836 | # eloop before reading process memory. | |
54f2cae2 | 1837 | time.sleep(1) |
8e416cec | 1838 | dev[0].ping() |
5b3c40a6 JM |
1839 | |
1840 | buf = read_process_memory(pid, pmk) | |
1841 | ||
1842 | dev[0].request("DISCONNECT") | |
1843 | dev[0].wait_disconnected() | |
1844 | ||
1845 | dev[0].relog() | |
1846 | pmkr0 = None | |
1847 | pmkr1 = None | |
1848 | ptk = None | |
1849 | gtk = None | |
1850 | with open(os.path.join(params['logdir'], 'log0'), 'r') as f: | |
1851 | for l in f.readlines(): | |
1852 | if "FT: PMK-R0 - hexdump" in l: | |
1853 | val = l.strip().split(':')[3].replace(' ', '') | |
1854 | pmkr0 = binascii.unhexlify(val) | |
1855 | if "FT: PMK-R1 - hexdump" in l: | |
1856 | val = l.strip().split(':')[3].replace(' ', '') | |
1857 | pmkr1 = binascii.unhexlify(val) | |
f918b95b | 1858 | if "FT: KCK - hexdump" in l: |
5b3c40a6 | 1859 | val = l.strip().split(':')[3].replace(' ', '') |
f918b95b JM |
1860 | kck = binascii.unhexlify(val) |
1861 | if "FT: KEK - hexdump" in l: | |
1862 | val = l.strip().split(':')[3].replace(' ', '') | |
1863 | kek = binascii.unhexlify(val) | |
1864 | if "FT: TK - hexdump" in l: | |
1865 | val = l.strip().split(':')[3].replace(' ', '') | |
1866 | tk = binascii.unhexlify(val) | |
5b3c40a6 JM |
1867 | if "WPA: Group Key - hexdump" in l: |
1868 | val = l.strip().split(':')[3].replace(' ', '') | |
1869 | gtk = binascii.unhexlify(val) | |
f918b95b | 1870 | if not pmkr0 or not pmkr1 or not kck or not kek or not tk or not gtk: |
5b3c40a6 JM |
1871 | raise Exception("Could not find keys from debug log") |
1872 | if len(gtk) != 16: | |
1873 | raise Exception("Unexpected GTK length") | |
1874 | ||
5b3c40a6 JM |
1875 | logger.info("Checking keys in memory while associated") |
1876 | get_key_locations(buf, pmk, "PMK") | |
1877 | get_key_locations(buf, pmkr0, "PMK-R0") | |
1878 | get_key_locations(buf, pmkr1, "PMK-R1") | |
1879 | if pmk not in buf: | |
81e787b7 | 1880 | raise HwsimSkip("PMK not found while associated") |
5b3c40a6 | 1881 | if pmkr0 not in buf: |
81e787b7 | 1882 | raise HwsimSkip("PMK-R0 not found while associated") |
5b3c40a6 | 1883 | if pmkr1 not in buf: |
81e787b7 | 1884 | raise HwsimSkip("PMK-R1 not found while associated") |
5b3c40a6 JM |
1885 | if kck not in buf: |
1886 | raise Exception("KCK not found while associated") | |
1887 | if kek not in buf: | |
1888 | raise Exception("KEK not found while associated") | |
b74f82a4 JM |
1889 | #if tk in buf: |
1890 | # raise Exception("TK found from memory") | |
5b3c40a6 JM |
1891 | |
1892 | logger.info("Checking keys in memory after disassociation") | |
1893 | buf = read_process_memory(pid, pmk) | |
1894 | get_key_locations(buf, pmk, "PMK") | |
1895 | get_key_locations(buf, pmkr0, "PMK-R0") | |
1896 | get_key_locations(buf, pmkr1, "PMK-R1") | |
1897 | ||
1898 | # Note: PMK/PSK is still present in network configuration | |
1899 | ||
1900 | fname = os.path.join(params['logdir'], | |
1901 | 'ft_psk_key_lifetime_in_memory.memctx-') | |
1902 | verify_not_present(buf, pmkr0, fname, "PMK-R0") | |
1903 | verify_not_present(buf, pmkr1, fname, "PMK-R1") | |
1904 | verify_not_present(buf, kck, fname, "KCK") | |
1905 | verify_not_present(buf, kek, fname, "KEK") | |
1906 | verify_not_present(buf, tk, fname, "TK") | |
6db556b2 JM |
1907 | if gtk in buf: |
1908 | get_key_locations(buf, gtk, "GTK") | |
5b3c40a6 JM |
1909 | verify_not_present(buf, gtk, fname, "GTK") |
1910 | ||
1911 | dev[0].request("REMOVE_NETWORK all") | |
1912 | ||
1913 | logger.info("Checking keys in memory after network profile removal") | |
1914 | buf = read_process_memory(pid, pmk) | |
1915 | get_key_locations(buf, pmk, "PMK") | |
1916 | get_key_locations(buf, pmkr0, "PMK-R0") | |
1917 | get_key_locations(buf, pmkr1, "PMK-R1") | |
1918 | ||
1919 | verify_not_present(buf, pmk, fname, "PMK") | |
1920 | verify_not_present(buf, pmkr0, fname, "PMK-R0") | |
1921 | verify_not_present(buf, pmkr1, fname, "PMK-R1") | |
1922 | verify_not_present(buf, kck, fname, "KCK") | |
1923 | verify_not_present(buf, kek, fname, "KEK") | |
1924 | verify_not_present(buf, tk, fname, "TK") | |
1925 | verify_not_present(buf, gtk, fname, "GTK") | |
664093b5 | 1926 | |
9fd6804d | 1927 | @remote_compatible |
664093b5 JM |
1928 | def test_ap_ft_invalid_resp(dev, apdev): |
1929 | """WPA2-PSK-FT AP and invalid response IEs""" | |
1930 | ssid = "test-ft" | |
fab49f61 | 1931 | passphrase = "12345678" |
664093b5 JM |
1932 | |
1933 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 1934 | hapd0 = hostapd.add_ap(apdev[0], params) |
664093b5 JM |
1935 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", |
1936 | scan_freq="2412") | |
1937 | ||
1938 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 1939 | hapd1 = hostapd.add_ap(apdev[1], params) |
664093b5 JM |
1940 | |
1941 | tests = [ | |
1942 | # Various IEs for test coverage. The last one is FTIE with invalid | |
1943 | # R1KH-ID subelement. | |
1944 | "020002000000" + "3800" + "38051122334455" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010100", | |
1945 | # FTIE with invalid R0KH-ID subelement (len=0). | |
1946 | "020002000000" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010300", | |
1947 | # FTIE with invalid R0KH-ID subelement (len=49). | |
1948 | "020002000000" + "378500010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001033101020304050607080910111213141516171819202122232425262728293031323334353637383940414243444546474849", | |
1949 | # Invalid RSNE. | |
1950 | "020002000000" + "3000", | |
1951 | # Required IEs missing from protected IE count. | |
1952 | "020002000000" + "3603a1b201" + "375200010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900", | |
1953 | # RIC missing from protected IE count. | |
1954 | "020002000000" + "3603a1b201" + "375200020203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900", | |
1955 | # Protected IE missing. | |
fab49f61 | 1956 | "020002000000" + "3603a1b201" + "375200ff0203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900" + "0000"] |
664093b5 JM |
1957 | for t in tests: |
1958 | dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412") | |
1959 | hapd1.set("ext_mgmt_frame_handling", "1") | |
1960 | hapd1.dump_monitor() | |
1961 | if "OK" not in dev[0].request("ROAM " + apdev[1]['bssid']): | |
1962 | raise Exception("ROAM failed") | |
1963 | auth = None | |
1964 | for i in range(20): | |
1965 | msg = hapd1.mgmt_rx() | |
1966 | if msg['subtype'] == 11: | |
1967 | auth = msg | |
1968 | break | |
1969 | if not auth: | |
1970 | raise Exception("Authentication frame not seen") | |
1971 | ||
1972 | resp = {} | |
1973 | resp['fc'] = auth['fc'] | |
1974 | resp['da'] = auth['sa'] | |
1975 | resp['sa'] = auth['da'] | |
1976 | resp['bssid'] = auth['bssid'] | |
1977 | resp['payload'] = binascii.unhexlify(t) | |
1978 | hapd1.mgmt_tx(resp) | |
1979 | hapd1.set("ext_mgmt_frame_handling", "0") | |
1980 | dev[0].wait_disconnected() | |
1981 | ||
1982 | dev[0].request("RECONNECT") | |
1983 | dev[0].wait_connected() | |
7b741a53 JM |
1984 | |
1985 | def test_ap_ft_gcmp_256(dev, apdev): | |
1986 | """WPA2-PSK-FT AP with GCMP-256 cipher""" | |
1987 | if "GCMP-256" not in dev[0].get_capability("pairwise"): | |
1988 | raise HwsimSkip("Cipher GCMP-256 not supported") | |
1989 | ssid = "test-ft" | |
fab49f61 | 1990 | passphrase = "12345678" |
7b741a53 JM |
1991 | |
1992 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1993 | params['rsn_pairwise'] = "GCMP-256" | |
8b8a1864 | 1994 | hapd0 = hostapd.add_ap(apdev[0], params) |
7b741a53 JM |
1995 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
1996 | params['rsn_pairwise'] = "GCMP-256" | |
8b8a1864 | 1997 | hapd1 = hostapd.add_ap(apdev[1], params) |
7b741a53 JM |
1998 | |
1999 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, | |
2000 | pairwise_cipher="GCMP-256", group_cipher="GCMP-256") | |
cf671d54 | 2001 | |
63a7683b | 2002 | def setup_ap_ft_oom(dev, apdev): |
38934ed1 | 2003 | skip_with_fips(dev[0]) |
cf671d54 | 2004 | ssid = "test-ft" |
fab49f61 | 2005 | passphrase = "12345678" |
cf671d54 JM |
2006 | |
2007 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 2008 | hapd0 = hostapd.add_ap(apdev[0], params) |
cf671d54 | 2009 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
8b8a1864 | 2010 | hapd1 = hostapd.add_ap(apdev[1], params) |
cf671d54 JM |
2011 | |
2012 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
2013 | scan_freq="2412") | |
2014 | if dev[0].get_status_field('bssid') == apdev[0]['bssid']: | |
2015 | dst = apdev[1]['bssid'] | |
2016 | else: | |
2017 | dst = apdev[0]['bssid'] | |
2018 | ||
2019 | dev[0].scan_for_bss(dst, freq="2412") | |
63a7683b JM |
2020 | |
2021 | return dst | |
2022 | ||
2023 | def test_ap_ft_oom(dev, apdev): | |
2024 | """WPA2-PSK-FT and OOM""" | |
2025 | dst = setup_ap_ft_oom(dev, apdev) | |
cf671d54 | 2026 | with alloc_fail(dev[0], 1, "wpa_ft_gen_req_ies"): |
2b8f8a47 | 2027 | dev[0].roam(dst, check_bssid=False, fail_test=True) |
63a7683b JM |
2028 | |
2029 | def test_ap_ft_oom2(dev, apdev): | |
2030 | """WPA2-PSK-FT and OOM (2)""" | |
2031 | dst = setup_ap_ft_oom(dev, apdev) | |
7cbc8e67 | 2032 | with fail_test(dev[0], 1, "wpa_ft_mic"): |
63a7683b JM |
2033 | dev[0].roam(dst, fail_test=True, assoc_reject_ok=True) |
2034 | ||
2035 | def test_ap_ft_oom3(dev, apdev): | |
2036 | """WPA2-PSK-FT and OOM (3)""" | |
2037 | dst = setup_ap_ft_oom(dev, apdev) | |
cf671d54 | 2038 | with fail_test(dev[0], 1, "os_get_random;wpa_ft_prepare_auth_request"): |
63a7683b | 2039 | dev[0].roam(dst) |
34d3eaa8 | 2040 | |
63a7683b JM |
2041 | def test_ap_ft_oom4(dev, apdev): |
2042 | """WPA2-PSK-FT and OOM (4)""" | |
2043 | ssid = "test-ft" | |
fab49f61 | 2044 | passphrase = "12345678" |
63a7683b | 2045 | dst = setup_ap_ft_oom(dev, apdev) |
dcbb5d80 JM |
2046 | dev[0].request("REMOVE_NETWORK all") |
2047 | with alloc_fail(dev[0], 1, "=sme_update_ft_ies"): | |
2048 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
2049 | scan_freq="2412") | |
2050 | ||
682a79f0 JM |
2051 | def test_ap_ft_ap_oom(dev, apdev): |
2052 | """WPA2-PSK-FT and AP OOM""" | |
2053 | ssid = "test-ft" | |
fab49f61 | 2054 | passphrase = "12345678" |
682a79f0 JM |
2055 | |
2056 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
2057 | hapd0 = hostapd.add_ap(apdev[0], params) | |
2058 | bssid0 = hapd0.own_addr() | |
2059 | ||
2060 | dev[0].scan_for_bss(bssid0, freq="2412") | |
2061 | with alloc_fail(hapd0, 1, "wpa_ft_store_pmk_r0"): | |
2062 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
2063 | scan_freq="2412") | |
2064 | ||
2065 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
2066 | hapd1 = hostapd.add_ap(apdev[1], params) | |
2067 | bssid1 = hapd1.own_addr() | |
2068 | dev[0].scan_for_bss(bssid1, freq="2412") | |
2069 | # This roam will fail due to missing PMK-R0 (OOM prevented storing it) | |
fd189288 | 2070 | dev[0].roam(bssid1, check_bssid=False) |
682a79f0 JM |
2071 | |
2072 | def test_ap_ft_ap_oom2(dev, apdev): | |
2073 | """WPA2-PSK-FT and AP OOM 2""" | |
2074 | ssid = "test-ft" | |
fab49f61 | 2075 | passphrase = "12345678" |
682a79f0 JM |
2076 | |
2077 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
2078 | hapd0 = hostapd.add_ap(apdev[0], params) | |
2079 | bssid0 = hapd0.own_addr() | |
2080 | ||
2081 | dev[0].scan_for_bss(bssid0, freq="2412") | |
2082 | with alloc_fail(hapd0, 1, "wpa_ft_store_pmk_r1"): | |
2083 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
2084 | scan_freq="2412") | |
2085 | ||
2086 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
2087 | hapd1 = hostapd.add_ap(apdev[1], params) | |
2088 | bssid1 = hapd1.own_addr() | |
2089 | dev[0].scan_for_bss(bssid1, freq="2412") | |
2090 | dev[0].roam(bssid1) | |
2091 | if dev[0].get_status_field('bssid') != bssid1: | |
2092 | raise Exception("Did not roam to AP1") | |
2093 | # This roam will fail due to missing PMK-R1 (OOM prevented storing it) | |
2094 | dev[0].roam(bssid0) | |
2095 | ||
2096 | def test_ap_ft_ap_oom3(dev, apdev): | |
2097 | """WPA2-PSK-FT and AP OOM 3""" | |
2098 | ssid = "test-ft" | |
fab49f61 | 2099 | passphrase = "12345678" |
682a79f0 JM |
2100 | |
2101 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
2102 | hapd0 = hostapd.add_ap(apdev[0], params) | |
2103 | bssid0 = hapd0.own_addr() | |
2104 | ||
2105 | dev[0].scan_for_bss(bssid0, freq="2412") | |
2106 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
2107 | scan_freq="2412") | |
2108 | ||
2109 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
2110 | hapd1 = hostapd.add_ap(apdev[1], params) | |
2111 | bssid1 = hapd1.own_addr() | |
2112 | dev[0].scan_for_bss(bssid1, freq="2412") | |
2113 | with alloc_fail(hapd1, 1, "wpa_ft_pull_pmk_r1"): | |
2114 | # This will fail due to not being able to send out PMK-R1 pull request | |
fd189288 | 2115 | dev[0].roam(bssid1, check_bssid=False) |
682a79f0 | 2116 | |
ba88dd65 | 2117 | with fail_test(hapd1, 2, "os_get_random;wpa_ft_pull_pmk_r1"): |
682a79f0 | 2118 | # This will fail due to not being able to send out PMK-R1 pull request |
fd189288 | 2119 | dev[0].roam(bssid1, check_bssid=False) |
682a79f0 | 2120 | |
ba88dd65 MB |
2121 | with fail_test(hapd1, 2, "aes_siv_encrypt;wpa_ft_pull_pmk_r1"): |
2122 | # This will fail due to not being able to send out PMK-R1 pull request | |
fd189288 | 2123 | dev[0].roam(bssid1, check_bssid=False) |
ba88dd65 MB |
2124 | |
2125 | def test_ap_ft_ap_oom3b(dev, apdev): | |
2126 | """WPA2-PSK-FT and AP OOM 3b""" | |
2127 | ssid = "test-ft" | |
fab49f61 | 2128 | passphrase = "12345678" |
ba88dd65 MB |
2129 | |
2130 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
2131 | hapd0 = hostapd.add_ap(apdev[0], params) | |
2132 | bssid0 = hapd0.own_addr() | |
2133 | ||
2134 | dev[0].scan_for_bss(bssid0, freq="2412") | |
2135 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
2136 | scan_freq="2412") | |
2137 | ||
2138 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
2139 | hapd1 = hostapd.add_ap(apdev[1], params) | |
2140 | bssid1 = hapd1.own_addr() | |
2141 | dev[0].scan_for_bss(bssid1, freq="2412") | |
2142 | with fail_test(hapd1, 1, "os_get_random;wpa_ft_pull_pmk_r1"): | |
682a79f0 JM |
2143 | # This will fail due to not being able to send out PMK-R1 pull request |
2144 | dev[0].roam(bssid1) | |
2145 | ||
2146 | def test_ap_ft_ap_oom4(dev, apdev): | |
2147 | """WPA2-PSK-FT and AP OOM 4""" | |
2148 | ssid = "test-ft" | |
fab49f61 | 2149 | passphrase = "12345678" |
682a79f0 JM |
2150 | |
2151 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
2152 | hapd0 = hostapd.add_ap(apdev[0], params) | |
2153 | bssid0 = hapd0.own_addr() | |
2154 | ||
2155 | dev[0].scan_for_bss(bssid0, freq="2412") | |
2156 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
2157 | scan_freq="2412") | |
2158 | ||
2159 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
2160 | hapd1 = hostapd.add_ap(apdev[1], params) | |
2161 | bssid1 = hapd1.own_addr() | |
2162 | dev[0].scan_for_bss(bssid1, freq="2412") | |
2163 | with alloc_fail(hapd1, 1, "wpa_ft_gtk_subelem"): | |
2164 | dev[0].roam(bssid1) | |
2165 | if dev[0].get_status_field('bssid') != bssid1: | |
2166 | raise Exception("Did not roam to AP1") | |
2167 | ||
360d8d4e | 2168 | with fail_test(hapd0, 1, "i802_get_seqnum;wpa_ft_gtk_subelem"): |
682a79f0 JM |
2169 | dev[0].roam(bssid0) |
2170 | if dev[0].get_status_field('bssid') != bssid0: | |
2171 | raise Exception("Did not roam to AP0") | |
2172 | ||
2173 | with fail_test(hapd0, 1, "aes_wrap;wpa_ft_gtk_subelem"): | |
2174 | dev[0].roam(bssid1) | |
2175 | if dev[0].get_status_field('bssid') != bssid1: | |
2176 | raise Exception("Did not roam to AP1") | |
2177 | ||
2178 | def test_ap_ft_ap_oom5(dev, apdev): | |
2179 | """WPA2-PSK-FT and AP OOM 5""" | |
2180 | ssid = "test-ft" | |
fab49f61 | 2181 | passphrase = "12345678" |
682a79f0 JM |
2182 | |
2183 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
2184 | hapd0 = hostapd.add_ap(apdev[0], params) | |
2185 | bssid0 = hapd0.own_addr() | |
2186 | ||
2187 | dev[0].scan_for_bss(bssid0, freq="2412") | |
2188 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
2189 | scan_freq="2412") | |
2190 | ||
2191 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
2192 | hapd1 = hostapd.add_ap(apdev[1], params) | |
2193 | bssid1 = hapd1.own_addr() | |
2194 | dev[0].scan_for_bss(bssid1, freq="2412") | |
2195 | with alloc_fail(hapd1, 1, "=wpa_ft_process_auth_req"): | |
2196 | # This will fail to roam | |
fd189288 | 2197 | dev[0].roam(bssid1, check_bssid=False) |
682a79f0 JM |
2198 | |
2199 | with fail_test(hapd1, 1, "os_get_random;wpa_ft_process_auth_req"): | |
2200 | # This will fail to roam | |
fd189288 | 2201 | dev[0].roam(bssid1, check_bssid=False) |
682a79f0 JM |
2202 | |
2203 | with fail_test(hapd1, 1, "sha256_prf_bits;wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"): | |
2204 | # This will fail to roam | |
fd189288 | 2205 | dev[0].roam(bssid1, check_bssid=False) |
682a79f0 JM |
2206 | |
2207 | with fail_test(hapd1, 3, "wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"): | |
2208 | # This will fail to roam | |
fd189288 | 2209 | dev[0].roam(bssid1, check_bssid=False) |
682a79f0 JM |
2210 | |
2211 | with fail_test(hapd1, 1, "wpa_derive_pmk_r1_name;wpa_ft_process_auth_req"): | |
2212 | # This will fail to roam | |
fd189288 | 2213 | dev[0].roam(bssid1, check_bssid=False) |
682a79f0 JM |
2214 | |
2215 | def test_ap_ft_ap_oom6(dev, apdev): | |
2216 | """WPA2-PSK-FT and AP OOM 6""" | |
2217 | ssid = "test-ft" | |
fab49f61 | 2218 | passphrase = "12345678" |
682a79f0 JM |
2219 | |
2220 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
2221 | hapd0 = hostapd.add_ap(apdev[0], params) | |
2222 | bssid0 = hapd0.own_addr() | |
2223 | ||
2224 | dev[0].scan_for_bss(bssid0, freq="2412") | |
2225 | with fail_test(hapd0, 1, "wpa_derive_pmk_r0;wpa_auth_derive_ptk_ft"): | |
2226 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
2227 | scan_freq="2412") | |
2228 | dev[0].request("REMOVE_NETWORK all") | |
2229 | dev[0].wait_disconnected() | |
2230 | with fail_test(hapd0, 1, "wpa_derive_pmk_r1;wpa_auth_derive_ptk_ft"): | |
2231 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
2232 | scan_freq="2412") | |
2233 | dev[0].request("REMOVE_NETWORK all") | |
2234 | dev[0].wait_disconnected() | |
2235 | with fail_test(hapd0, 1, "wpa_pmk_r1_to_ptk;wpa_auth_derive_ptk_ft"): | |
2236 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
2237 | scan_freq="2412") | |
2238 | ||
c5262648 JM |
2239 | def test_ap_ft_ap_oom7a(dev, apdev): |
2240 | """WPA2-PSK-FT and AP OOM 7a""" | |
682a79f0 | 2241 | ssid = "test-ft" |
fab49f61 | 2242 | passphrase = "12345678" |
682a79f0 JM |
2243 | |
2244 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
2245 | params["ieee80211w"] = "2" | |
2246 | hapd0 = hostapd.add_ap(apdev[0], params) | |
2247 | bssid0 = hapd0.own_addr() | |
2248 | ||
2249 | dev[0].scan_for_bss(bssid0, freq="2412") | |
2250 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
2251 | ieee80211w="2", scan_freq="2412") | |
2252 | ||
2253 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
2254 | params["ieee80211w"] = "2" | |
2255 | hapd1 = hostapd.add_ap(apdev[1], params) | |
2256 | bssid1 = hapd1.own_addr() | |
2257 | dev[0].scan_for_bss(bssid1, freq="2412") | |
2258 | with alloc_fail(hapd1, 1, "wpa_ft_igtk_subelem"): | |
2259 | # This will fail to roam | |
2260 | dev[0].roam(bssid1) | |
c5262648 JM |
2261 | |
2262 | def test_ap_ft_ap_oom7b(dev, apdev): | |
2263 | """WPA2-PSK-FT and AP OOM 7b""" | |
2264 | ssid = "test-ft" | |
fab49f61 | 2265 | passphrase = "12345678" |
c5262648 JM |
2266 | |
2267 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
2268 | params["ieee80211w"] = "2" | |
2269 | hapd0 = hostapd.add_ap(apdev[0], params) | |
2270 | bssid0 = hapd0.own_addr() | |
2271 | ||
2272 | dev[0].scan_for_bss(bssid0, freq="2412") | |
2273 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
2274 | ieee80211w="2", scan_freq="2412") | |
2275 | ||
2276 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
2277 | params["ieee80211w"] = "2" | |
2278 | hapd1 = hostapd.add_ap(apdev[1], params) | |
2279 | bssid1 = hapd1.own_addr() | |
2280 | dev[0].scan_for_bss(bssid1, freq="2412") | |
682a79f0 JM |
2281 | with fail_test(hapd1, 1, "aes_wrap;wpa_ft_igtk_subelem"): |
2282 | # This will fail to roam | |
2283 | dev[0].roam(bssid1) | |
c5262648 JM |
2284 | |
2285 | def test_ap_ft_ap_oom7c(dev, apdev): | |
2286 | """WPA2-PSK-FT and AP OOM 7c""" | |
2287 | ssid = "test-ft" | |
fab49f61 | 2288 | passphrase = "12345678" |
c5262648 JM |
2289 | |
2290 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
2291 | params["ieee80211w"] = "2" | |
2292 | hapd0 = hostapd.add_ap(apdev[0], params) | |
2293 | bssid0 = hapd0.own_addr() | |
2294 | ||
2295 | dev[0].scan_for_bss(bssid0, freq="2412") | |
2296 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
2297 | ieee80211w="2", scan_freq="2412") | |
2298 | ||
2299 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
2300 | params["ieee80211w"] = "2" | |
2301 | hapd1 = hostapd.add_ap(apdev[1], params) | |
2302 | bssid1 = hapd1.own_addr() | |
2303 | dev[0].scan_for_bss(bssid1, freq="2412") | |
682a79f0 JM |
2304 | with alloc_fail(hapd1, 1, "=wpa_sm_write_assoc_resp_ies"): |
2305 | # This will fail to roam | |
2306 | dev[0].roam(bssid1) | |
c5262648 JM |
2307 | |
2308 | def test_ap_ft_ap_oom7d(dev, apdev): | |
2309 | """WPA2-PSK-FT and AP OOM 7d""" | |
2310 | ssid = "test-ft" | |
fab49f61 | 2311 | passphrase = "12345678" |
c5262648 JM |
2312 | |
2313 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
2314 | params["ieee80211w"] = "2" | |
2315 | hapd0 = hostapd.add_ap(apdev[0], params) | |
2316 | bssid0 = hapd0.own_addr() | |
2317 | ||
2318 | dev[0].scan_for_bss(bssid0, freq="2412") | |
2319 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
2320 | ieee80211w="2", scan_freq="2412") | |
2321 | ||
2322 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
2323 | params["ieee80211w"] = "2" | |
2324 | hapd1 = hostapd.add_ap(apdev[1], params) | |
2325 | bssid1 = hapd1.own_addr() | |
2326 | dev[0].scan_for_bss(bssid1, freq="2412") | |
682a79f0 JM |
2327 | with fail_test(hapd1, 1, "wpa_ft_mic;wpa_sm_write_assoc_resp_ies"): |
2328 | # This will fail to roam | |
2329 | dev[0].roam(bssid1) | |
2330 | ||
2331 | def test_ap_ft_ap_oom8(dev, apdev): | |
2332 | """WPA2-PSK-FT and AP OOM 8""" | |
2333 | ssid = "test-ft" | |
fab49f61 | 2334 | passphrase = "12345678" |
682a79f0 JM |
2335 | |
2336 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
58be42b2 | 2337 | params['ft_psk_generate_local'] = "1" |
682a79f0 JM |
2338 | hapd0 = hostapd.add_ap(apdev[0], params) |
2339 | bssid0 = hapd0.own_addr() | |
2340 | ||
2341 | dev[0].scan_for_bss(bssid0, freq="2412") | |
2342 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
2343 | scan_freq="2412") | |
2344 | ||
2345 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
58be42b2 | 2346 | params['ft_psk_generate_local'] = "1" |
682a79f0 JM |
2347 | hapd1 = hostapd.add_ap(apdev[1], params) |
2348 | bssid1 = hapd1.own_addr() | |
2349 | dev[0].scan_for_bss(bssid1, freq="2412") | |
2350 | with fail_test(hapd1, 1, "wpa_derive_pmk_r0;wpa_ft_psk_pmk_r1"): | |
2351 | # This will fail to roam | |
fd189288 | 2352 | dev[0].roam(bssid1, check_bssid=False) |
682a79f0 JM |
2353 | with fail_test(hapd1, 1, "wpa_derive_pmk_r1;wpa_ft_psk_pmk_r1"): |
2354 | # This will fail to roam | |
fd189288 | 2355 | dev[0].roam(bssid1, check_bssid=False) |
682a79f0 JM |
2356 | |
2357 | def test_ap_ft_ap_oom9(dev, apdev): | |
2358 | """WPA2-PSK-FT and AP OOM 9""" | |
2359 | ssid = "test-ft" | |
fab49f61 | 2360 | passphrase = "12345678" |
682a79f0 JM |
2361 | |
2362 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
2363 | hapd0 = hostapd.add_ap(apdev[0], params) | |
2364 | bssid0 = hapd0.own_addr() | |
2365 | ||
2366 | dev[0].scan_for_bss(bssid0, freq="2412") | |
2367 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
2368 | scan_freq="2412") | |
2369 | ||
2370 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
2371 | hapd1 = hostapd.add_ap(apdev[1], params) | |
2372 | bssid1 = hapd1.own_addr() | |
2373 | dev[0].scan_for_bss(bssid1, freq="2412") | |
2374 | ||
2375 | with alloc_fail(hapd0, 1, "wpa_ft_action_rx"): | |
2376 | # This will fail to roam | |
2377 | if "OK" not in dev[0].request("FT_DS " + bssid1): | |
2378 | raise Exception("FT_DS failed") | |
2379 | wait_fail_trigger(hapd0, "GET_ALLOC_FAIL") | |
2380 | ||
2381 | with alloc_fail(hapd1, 1, "wpa_ft_rrb_rx_request"): | |
2382 | # This will fail to roam | |
2383 | if "OK" not in dev[0].request("FT_DS " + bssid1): | |
2384 | raise Exception("FT_DS failed") | |
2385 | wait_fail_trigger(hapd1, "GET_ALLOC_FAIL") | |
2386 | ||
2387 | with alloc_fail(hapd1, 1, "wpa_ft_send_rrb_auth_resp"): | |
2388 | # This will fail to roam | |
2389 | if "OK" not in dev[0].request("FT_DS " + bssid1): | |
2390 | raise Exception("FT_DS failed") | |
2391 | wait_fail_trigger(hapd1, "GET_ALLOC_FAIL") | |
2392 | ||
2393 | def test_ap_ft_ap_oom10(dev, apdev): | |
2394 | """WPA2-PSK-FT and AP OOM 10""" | |
2395 | ssid = "test-ft" | |
fab49f61 | 2396 | passphrase = "12345678" |
682a79f0 JM |
2397 | |
2398 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
2399 | hapd0 = hostapd.add_ap(apdev[0], params) | |
2400 | bssid0 = hapd0.own_addr() | |
2401 | ||
2402 | dev[0].scan_for_bss(bssid0, freq="2412") | |
2403 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
2404 | scan_freq="2412") | |
2405 | ||
2406 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
2407 | hapd1 = hostapd.add_ap(apdev[1], params) | |
2408 | bssid1 = hapd1.own_addr() | |
2409 | dev[0].scan_for_bss(bssid1, freq="2412") | |
2410 | ||
9441a227 | 2411 | with fail_test(hapd0, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_pull"): |
682a79f0 JM |
2412 | # This will fail to roam |
2413 | if "OK" not in dev[0].request("FT_DS " + bssid1): | |
2414 | raise Exception("FT_DS failed") | |
2415 | wait_fail_trigger(hapd0, "GET_FAIL") | |
2416 | ||
2417 | with fail_test(hapd0, 1, "wpa_derive_pmk_r1;wpa_ft_rrb_rx_pull"): | |
2418 | # This will fail to roam | |
2419 | if "OK" not in dev[0].request("FT_DS " + bssid1): | |
2420 | raise Exception("FT_DS failed") | |
2421 | wait_fail_trigger(hapd0, "GET_FAIL") | |
2422 | ||
9441a227 | 2423 | with fail_test(hapd0, 1, "aes_siv_encrypt;wpa_ft_rrb_rx_pull"): |
682a79f0 JM |
2424 | # This will fail to roam |
2425 | if "OK" not in dev[0].request("FT_DS " + bssid1): | |
2426 | raise Exception("FT_DS failed") | |
2427 | wait_fail_trigger(hapd0, "GET_FAIL") | |
2428 | ||
9441a227 | 2429 | with fail_test(hapd1, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_resp"): |
682a79f0 JM |
2430 | # This will fail to roam |
2431 | if "OK" not in dev[0].request("FT_DS " + bssid1): | |
2432 | raise Exception("FT_DS failed") | |
2433 | wait_fail_trigger(hapd1, "GET_FAIL") | |
2434 | ||
2435 | def test_ap_ft_ap_oom11(dev, apdev): | |
2436 | """WPA2-PSK-FT and AP OOM 11""" | |
2437 | ssid = "test-ft" | |
fab49f61 | 2438 | passphrase = "12345678" |
682a79f0 JM |
2439 | |
2440 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
2441 | hapd0 = hostapd.add_ap(apdev[0], params) | |
2442 | bssid0 = hapd0.own_addr() | |
2443 | ||
2444 | dev[0].scan_for_bss(bssid0, freq="2412") | |
2445 | with fail_test(hapd0, 1, "wpa_derive_pmk_r1;wpa_ft_generate_pmk_r1"): | |
2446 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
2447 | scan_freq="2412") | |
2448 | wait_fail_trigger(hapd0, "GET_FAIL") | |
2449 | ||
2450 | dev[1].scan_for_bss(bssid0, freq="2412") | |
9441a227 | 2451 | with fail_test(hapd0, 1, "aes_siv_encrypt;wpa_ft_generate_pmk_r1"): |
682a79f0 JM |
2452 | dev[1].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", |
2453 | scan_freq="2412") | |
2454 | wait_fail_trigger(hapd0, "GET_FAIL") | |
2455 | ||
a04e6f3d JM |
2456 | def test_ap_ft_over_ds_proto_ap(dev, apdev): |
2457 | """WPA2-PSK-FT AP over DS protocol testing for AP processing""" | |
2458 | ssid = "test-ft" | |
fab49f61 | 2459 | passphrase = "12345678" |
a04e6f3d JM |
2460 | |
2461 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
2462 | hapd0 = hostapd.add_ap(apdev[0], params) | |
2463 | bssid0 = hapd0.own_addr() | |
2464 | _bssid0 = bssid0.replace(':', '') | |
2465 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
2466 | scan_freq="2412") | |
2467 | addr = dev[0].own_addr() | |
2468 | _addr = addr.replace(':', '') | |
2469 | ||
2470 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
2471 | hapd1 = hostapd.add_ap(apdev[1], params) | |
2472 | bssid1 = hapd1.own_addr() | |
2473 | _bssid1 = bssid1.replace(':', '') | |
2474 | ||
2475 | hapd0.set("ext_mgmt_frame_handling", "1") | |
2476 | hdr = "d0003a01" + _bssid0 + _addr + _bssid0 + "1000" | |
2477 | valid = "0601" + _addr + _bssid1 | |
fab49f61 JM |
2478 | tests = ["0601", |
2479 | "0601" + _addr, | |
2480 | "0601" + _addr + _bssid0, | |
2481 | "0601" + _addr + "ffffffffffff", | |
2482 | "0601" + _bssid0 + _bssid0, | |
2483 | valid, | |
2484 | valid + "01", | |
2485 | valid + "3700", | |
2486 | valid + "3600", | |
2487 | valid + "3603ffffff", | |
2488 | valid + "3603a1b2ff", | |
2489 | valid + "3603a1b2ff" + "3700", | |
2490 | valid + "3603a1b2ff" + "37520000" + 16*"00" + 32*"00" + 32*"00", | |
2491 | valid + "3603a1b2ff" + "37520001" + 16*"00" + 32*"00" + 32*"00", | |
2492 | valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa", | |
2493 | valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "3000", | |
2494 | valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000facff00000100a225368fe0983b5828a37a0acb37f253", | |
2495 | valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac030100000fac0400000100a225368fe0983b5828a37a0acb37f253", | |
2496 | valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000fac0400000100a225368fe0983b5828a37a0acb37f253", | |
2497 | valid + "0001"] | |
a04e6f3d JM |
2498 | for t in tests: |
2499 | hapd0.dump_monitor() | |
2500 | if "OK" not in hapd0.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + t): | |
2501 | raise Exception("MGMT_RX_PROCESS failed") | |
2502 | ||
2503 | hapd0.set("ext_mgmt_frame_handling", "0") | |
2504 | ||
34d3eaa8 JM |
2505 | def test_ap_ft_over_ds_proto(dev, apdev): |
2506 | """WPA2-PSK-FT AP over DS protocol testing""" | |
2507 | ssid = "test-ft" | |
fab49f61 | 2508 | passphrase = "12345678" |
34d3eaa8 JM |
2509 | |
2510 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 2511 | hapd0 = hostapd.add_ap(apdev[0], params) |
34d3eaa8 JM |
2512 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", |
2513 | scan_freq="2412") | |
2514 | ||
2515 | # FT Action Response while no FT-over-DS in progress | |
2516 | msg = {} | |
2517 | msg['fc'] = 13 << 4 | |
2518 | msg['da'] = dev[0].own_addr() | |
2519 | msg['sa'] = apdev[0]['bssid'] | |
2520 | msg['bssid'] = apdev[0]['bssid'] | |
2521 | msg['payload'] = binascii.unhexlify("06020200000000000200000004000000") | |
2522 | hapd0.mgmt_tx(msg) | |
2523 | ||
2524 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 2525 | hapd1 = hostapd.add_ap(apdev[1], params) |
34d3eaa8 JM |
2526 | dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412") |
2527 | hapd0.set("ext_mgmt_frame_handling", "1") | |
2528 | hapd0.dump_monitor() | |
2529 | dev[0].request("FT_DS " + apdev[1]['bssid']) | |
2530 | for i in range(0, 10): | |
2531 | req = hapd0.mgmt_rx() | |
2532 | if req is None: | |
2533 | raise Exception("MGMT RX wait timed out") | |
2534 | if req['subtype'] == 13: | |
2535 | break | |
2536 | req = None | |
2537 | if not req: | |
2538 | raise Exception("FT Action frame not received") | |
2539 | ||
2540 | # FT Action Response for unexpected Target AP | |
2541 | msg['payload'] = binascii.unhexlify("0602020000000000" + "f20000000400" + "0000") | |
2542 | hapd0.mgmt_tx(msg) | |
2543 | ||
2544 | # FT Action Response without MDIE | |
2545 | msg['payload'] = binascii.unhexlify("0602020000000000" + "020000000400" + "0000") | |
2546 | hapd0.mgmt_tx(msg) | |
2547 | ||
2548 | # FT Action Response without FTIE | |
2549 | msg['payload'] = binascii.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201") | |
2550 | hapd0.mgmt_tx(msg) | |
2551 | ||
2552 | # FT Action Response with FTIE SNonce mismatch | |
2553 | msg['payload'] = binascii.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201" + "3766000000000000000000000000000000000000c4e67ac1999bebd00ff4ae4d5dcaf87896bb060b469f7c78d49623fb395c3455ffffff6b693fe6f8d8c5dfac0a22344750775bd09437f98b238c9f87b97f790c0106000102030406030a6e6173312e77312e6669") | |
2554 | hapd0.mgmt_tx(msg) | |
6f3815c0 | 2555 | |
9fd6804d | 2556 | @remote_compatible |
6f3815c0 JM |
2557 | def test_ap_ft_rrb(dev, apdev): |
2558 | """WPA2-PSK-FT RRB protocol testing""" | |
2559 | ssid = "test-ft" | |
fab49f61 | 2560 | passphrase = "12345678" |
6f3815c0 JM |
2561 | |
2562 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 2563 | hapd0 = hostapd.add_ap(apdev[0], params) |
6f3815c0 JM |
2564 | |
2565 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
2566 | scan_freq="2412") | |
2567 | ||
fab49f61 JM |
2568 | _dst_ll = binascii.unhexlify(apdev[0]['bssid'].replace(':', '')) |
2569 | _src_ll = binascii.unhexlify(dev[0].own_addr().replace(':', '')) | |
15dfcb69 | 2570 | proto = b'\x89\x0d' |
6f3815c0 JM |
2571 | ehdr = _dst_ll + _src_ll + proto |
2572 | ||
2573 | # Too short RRB frame | |
15dfcb69 | 2574 | pkt = ehdr + b'\x01' |
7ab74770 | 2575 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()): |
6f3815c0 JM |
2576 | raise Exception("DATA_TEST_FRAME failed") |
2577 | ||
2578 | # RRB discarded frame wikth unrecognized type | |
15dfcb69 | 2579 | pkt = ehdr + b'\x02' + b'\x02' + b'\x01\x00' + _src_ll |
7ab74770 | 2580 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()): |
6f3815c0 JM |
2581 | raise Exception("DATA_TEST_FRAME failed") |
2582 | ||
2583 | # RRB frame too short for action frame | |
15dfcb69 | 2584 | pkt = ehdr + b'\x01' + b'\x02' + b'\x01\x00' + _src_ll |
7ab74770 | 2585 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()): |
6f3815c0 JM |
2586 | raise Exception("DATA_TEST_FRAME failed") |
2587 | ||
2588 | # Too short RRB frame (not enough room for Action Frame body) | |
15dfcb69 | 2589 | pkt = ehdr + b'\x01' + b'\x02' + b'\x00\x00' + _src_ll |
7ab74770 | 2590 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()): |
6f3815c0 JM |
2591 | raise Exception("DATA_TEST_FRAME failed") |
2592 | ||
2593 | # Unexpected Action frame category | |
15dfcb69 | 2594 | pkt = ehdr + b'\x01' + b'\x02' + b'\x0e\x00' + _src_ll + b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' |
7ab74770 | 2595 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()): |
6f3815c0 JM |
2596 | raise Exception("DATA_TEST_FRAME failed") |
2597 | ||
2598 | # Unexpected Action in RRB Request | |
15dfcb69 | 2599 | pkt = ehdr + b'\x01' + b'\x00' + b'\x0e\x00' + _src_ll + b'\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' |
7ab74770 | 2600 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()): |
6f3815c0 JM |
2601 | raise Exception("DATA_TEST_FRAME failed") |
2602 | ||
2603 | # Target AP address in RRB Request does not match with own address | |
15dfcb69 | 2604 | pkt = ehdr + b'\x01' + b'\x00' + b'\x0e\x00' + _src_ll + b'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' |
7ab74770 | 2605 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()): |
6f3815c0 JM |
2606 | raise Exception("DATA_TEST_FRAME failed") |
2607 | ||
2608 | # Not enough room for status code in RRB Response | |
15dfcb69 | 2609 | pkt = ehdr + b'\x01' + b'\x01' + b'\x0e\x00' + _src_ll + b'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' |
7ab74770 | 2610 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()): |
6f3815c0 JM |
2611 | raise Exception("DATA_TEST_FRAME failed") |
2612 | ||
2613 | # RRB discarded frame with unknown packet_type | |
15dfcb69 | 2614 | pkt = ehdr + b'\x01' + b'\x02' + b'\x0e\x00' + _src_ll + b'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' |
7ab74770 | 2615 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()): |
6f3815c0 JM |
2616 | raise Exception("DATA_TEST_FRAME failed") |
2617 | ||
2618 | # RRB Response with non-zero status code; no STA match | |
15dfcb69 | 2619 | pkt = ehdr + b'\x01' + b'\x01' + b'\x10\x00' + _src_ll + b'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + b'\xff\xff' |
7ab74770 | 2620 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()): |
6f3815c0 JM |
2621 | raise Exception("DATA_TEST_FRAME failed") |
2622 | ||
2623 | # RRB Response with zero status code and extra data; STA match | |
15dfcb69 | 2624 | pkt = ehdr + b'\x01' + b'\x01' + b'\x11\x00' + _src_ll + b'\x06\x01' + _src_ll + b'\x00\x00\x00\x00\x00\x00' + b'\x00\x00' + b'\x00' |
7ab74770 | 2625 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()): |
6f3815c0 JM |
2626 | raise Exception("DATA_TEST_FRAME failed") |
2627 | ||
2628 | # Too short PMK-R1 pull | |
15dfcb69 | 2629 | pkt = ehdr + b'\x01' + b'\xc8' + b'\x0e\x00' + _src_ll + b'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' |
7ab74770 | 2630 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()): |
6f3815c0 JM |
2631 | raise Exception("DATA_TEST_FRAME failed") |
2632 | ||
2633 | # Too short PMK-R1 resp | |
15dfcb69 | 2634 | pkt = ehdr + b'\x01' + b'\xc9' + b'\x0e\x00' + _src_ll + b'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' |
7ab74770 | 2635 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()): |
6f3815c0 JM |
2636 | raise Exception("DATA_TEST_FRAME failed") |
2637 | ||
2638 | # Too short PMK-R1 push | |
15dfcb69 | 2639 | pkt = ehdr + b'\x01' + b'\xca' + b'\x0e\x00' + _src_ll + b'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' |
7ab74770 | 2640 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()): |
6f3815c0 JM |
2641 | raise Exception("DATA_TEST_FRAME failed") |
2642 | ||
2643 | # No matching R0KH address found for PMK-R0 pull response | |
15dfcb69 | 2644 | pkt = ehdr + b'\x01' + b'\xc9' + b'\x5a\x00' + _src_ll + b'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + 76 * b'\00' |
7ab74770 | 2645 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()): |
6f3815c0 | 2646 | raise Exception("DATA_TEST_FRAME failed") |
ecafa0cf | 2647 | |
9fd6804d | 2648 | @remote_compatible |
ecafa0cf JM |
2649 | def test_rsn_ie_proto_ft_psk_sta(dev, apdev): |
2650 | """RSN element protocol testing for FT-PSK + PMF cases on STA side""" | |
2651 | bssid = apdev[0]['bssid'] | |
2652 | ssid = "test-ft" | |
fab49f61 | 2653 | passphrase = "12345678" |
ecafa0cf JM |
2654 | |
2655 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
bc6e3288 | 2656 | params["ieee80211w"] = "1" |
ecafa0cf JM |
2657 | # This is the RSN element used normally by hostapd |
2658 | params['own_ie_override'] = '30140100000fac040100000fac040100000fac048c00' + '3603a1b201' | |
8b8a1864 | 2659 | hapd = hostapd.add_ap(apdev[0], params) |
ecafa0cf JM |
2660 | id = dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", |
2661 | ieee80211w="1", scan_freq="2412", | |
2662 | pairwise="CCMP", group="CCMP") | |
2663 | ||
fab49f61 JM |
2664 | tests = [('PMKIDCount field included', |
2665 | '30160100000fac040100000fac040100000fac048c000000' + '3603a1b201'), | |
2666 | ('Extra IE before RSNE', | |
2667 | 'dd0400000000' + '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'), | |
2668 | ('PMKIDCount and Group Management Cipher suite fields included', | |
2669 | '301a0100000fac040100000fac040100000fac048c000000000fac06' + '3603a1b201'), | |
2670 | ('Extra octet after defined fields (future extensibility)', | |
2671 | '301b0100000fac040100000fac040100000fac048c000000000fac0600' + '3603a1b201'), | |
2672 | ('No RSN Capabilities field (PMF disabled in practice)', | |
2673 | '30120100000fac040100000fac040100000fac04' + '3603a1b201')] | |
2674 | for txt, ie in tests: | |
ecafa0cf JM |
2675 | dev[0].request("DISCONNECT") |
2676 | dev[0].wait_disconnected() | |
2677 | logger.info(txt) | |
2678 | hapd.disable() | |
2679 | hapd.set('own_ie_override', ie) | |
2680 | hapd.enable() | |
2681 | dev[0].request("BSS_FLUSH 0") | |
2682 | dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True) | |
2683 | dev[0].select_network(id, freq=2412) | |
2684 | dev[0].wait_connected() | |
2685 | ||
2686 | dev[0].request("DISCONNECT") | |
2687 | dev[0].wait_disconnected() | |
2688 | ||
2689 | logger.info('Invalid RSNE causing internal hostapd error') | |
2690 | hapd.disable() | |
2691 | hapd.set('own_ie_override', '30130100000fac040100000fac040100000fac048c' + '3603a1b201') | |
2692 | hapd.enable() | |
2693 | dev[0].request("BSS_FLUSH 0") | |
2694 | dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True) | |
2695 | dev[0].select_network(id, freq=2412) | |
2696 | # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot | |
2697 | # complete. | |
2698 | ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1) | |
2699 | if ev is not None: | |
2700 | raise Exception("Unexpected connection") | |
2701 | dev[0].request("DISCONNECT") | |
2702 | ||
425e5f97 | 2703 | def start_ft(apdev, wpa_ptk_rekey=None): |
1025603b | 2704 | ssid = "test-ft" |
fab49f61 | 2705 | passphrase = "12345678" |
1025603b JM |
2706 | |
2707 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
425e5f97 JM |
2708 | if wpa_ptk_rekey: |
2709 | params['wpa_ptk_rekey'] = str(wpa_ptk_rekey) | |
8b8a1864 | 2710 | hapd0 = hostapd.add_ap(apdev[0], params) |
1025603b | 2711 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
425e5f97 JM |
2712 | if wpa_ptk_rekey: |
2713 | params['wpa_ptk_rekey'] = str(wpa_ptk_rekey) | |
8b8a1864 | 2714 | hapd1 = hostapd.add_ap(apdev[1], params) |
1025603b | 2715 | |
425e5f97 | 2716 | return hapd0, hapd1 |
1025603b | 2717 | |
425e5f97 JM |
2718 | def check_ptk_rekey(dev, hapd0=None, hapd1=None): |
2719 | ev = dev.wait_event(["CTRL-EVENT-DISCONNECTED", | |
2720 | "WPA: Key negotiation completed"], timeout=5) | |
1025603b JM |
2721 | if ev is None: |
2722 | raise Exception("No event received after roam") | |
2723 | if "CTRL-EVENT-DISCONNECTED" in ev: | |
2724 | raise Exception("Unexpected disconnection after roam") | |
2725 | ||
425e5f97 JM |
2726 | if not hapd0 or not hapd1: |
2727 | return | |
2728 | if dev.get_status_field('bssid') == hapd0.own_addr(): | |
1025603b JM |
2729 | hapd = hapd0 |
2730 | else: | |
2731 | hapd = hapd1 | |
d22f0902 | 2732 | time.sleep(0.1) |
425e5f97 | 2733 | hwsim_utils.test_connectivity(dev, hapd) |
1025603b | 2734 | |
425e5f97 JM |
2735 | def test_ap_ft_ptk_rekey(dev, apdev): |
2736 | """WPA2-PSK-FT PTK rekeying triggered by station after roam""" | |
2737 | hapd0, hapd1 = start_ft(apdev) | |
2738 | run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", ptk_rekey="1") | |
2739 | check_ptk_rekey(dev[0], hapd0, hapd1) | |
1025603b | 2740 | |
425e5f97 JM |
2741 | def test_ap_ft_ptk_rekey2(dev, apdev): |
2742 | """WPA2-PSK-FT PTK rekeying triggered by station after one roam""" | |
2743 | hapd0, hapd1 = start_ft(apdev) | |
2744 | run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", ptk_rekey="1", | |
2745 | only_one_way=True) | |
2746 | check_ptk_rekey(dev[0], hapd0, hapd1) | |
1025603b | 2747 | |
425e5f97 JM |
2748 | def test_ap_ft_ptk_rekey_ap(dev, apdev): |
2749 | """WPA2-PSK-FT PTK rekeying triggered by AP after roam""" | |
2750 | hapd0, hapd1 = start_ft(apdev, wpa_ptk_rekey=2) | |
2751 | run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678") | |
2752 | check_ptk_rekey(dev[0], hapd0, hapd1) | |
2753 | ||
2754 | def test_ap_ft_ptk_rekey_ap2(dev, apdev): | |
2755 | """WPA2-PSK-FT PTK rekeying triggered by AP after one roam""" | |
2756 | hapd0, hapd1 = start_ft(apdev, wpa_ptk_rekey=2) | |
2757 | run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", | |
2758 | only_one_way=True) | |
2759 | check_ptk_rekey(dev[0], hapd0, hapd1) | |
2760 | ||
2761 | def test_ap_ft_eap_ptk_rekey_ap(dev, apdev): | |
2762 | """WPA2-EAP-FT PTK rekeying triggered by AP""" | |
2763 | generic_ap_ft_eap(dev, apdev, only_one_way=True, wpa_ptk_rekey=2) | |
2764 | check_ptk_rekey(dev[0]) | |
186ca473 MB |
2765 | |
2766 | def test_ap_ft_internal_rrb_check(dev, apdev): | |
2767 | """RRB internal delivery only to WPA enabled BSS""" | |
2768 | ssid = "test-ft" | |
fab49f61 | 2769 | passphrase = "12345678" |
186ca473 MB |
2770 | |
2771 | radius = hostapd.radius_params() | |
2772 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
2773 | params['wpa_key_mgmt'] = "FT-EAP" | |
2774 | params["ieee8021x"] = "1" | |
35d8c254 | 2775 | params = dict(list(radius.items()) + list(params.items())) |
8b8a1864 | 2776 | hapd = hostapd.add_ap(apdev[0], params) |
186ca473 MB |
2777 | key_mgmt = hapd.get_config()['key_mgmt'] |
2778 | if key_mgmt.split(' ')[0] != "FT-EAP": | |
2779 | raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt) | |
2780 | ||
fab49f61 | 2781 | hapd1 = hostapd.add_ap(apdev[1], {"ssid": ssid}) |
186ca473 MB |
2782 | |
2783 | # Connect to WPA enabled AP | |
2784 | dev[0].connect(ssid, key_mgmt="FT-EAP", proto="WPA2", ieee80211w="1", | |
2785 | eap="GPSK", identity="gpsk user", | |
2786 | password="abcdefghijklmnop0123456789abcdef", | |
2787 | scan_freq="2412") | |
2788 | ||
2789 | # Try over_ds roaming to non-WPA-enabled AP. | |
2790 | # If hostapd does not check hapd->wpa_auth internally, it will crash now. | |
2791 | dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True) | |
c85fcff2 JM |
2792 | |
2793 | def test_ap_ft_extra_ie(dev, apdev): | |
2794 | """WPA2-PSK-FT AP with WPA2-PSK enabled and unexpected MDE""" | |
2795 | ssid = "test-ft" | |
fab49f61 | 2796 | passphrase = "12345678" |
c85fcff2 JM |
2797 | |
2798 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
2799 | params["wpa_key_mgmt"] = "WPA-PSK FT-PSK" | |
2800 | hapd0 = hostapd.add_ap(apdev[0], params) | |
2801 | dev[1].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
2802 | scan_freq="2412") | |
2803 | dev[2].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK", proto="WPA2", | |
2804 | scan_freq="2412") | |
2805 | try: | |
2806 | # Add Mobility Domain element to test AP validation code. | |
2807 | dev[0].request("VENDOR_ELEM_ADD 13 3603a1b201") | |
2808 | dev[0].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK", proto="WPA2", | |
2809 | scan_freq="2412", wait_connect=False) | |
2810 | ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED", | |
2811 | "CTRL-EVENT-ASSOC-REJECT"], timeout=10) | |
2812 | if ev is None: | |
2813 | raise Exception("No connection result") | |
2814 | if "CTRL-EVENT-CONNECTED" in ev: | |
2815 | raise Exception("Non-FT association accepted with MDE") | |
2816 | if "status_code=43" not in ev: | |
2817 | raise Exception("Unexpected status code: " + ev) | |
2818 | dev[0].request("DISCONNECT") | |
2819 | finally: | |
2820 | dev[0].request("VENDOR_ELEM_REMOVE 13 *") | |
fd7205fa JM |
2821 | |
2822 | def test_ap_ft_ric(dev, apdev): | |
2823 | """WPA2-PSK-FT AP and RIC""" | |
2824 | ssid = "test-ft" | |
fab49f61 | 2825 | passphrase = "12345678" |
fd7205fa JM |
2826 | |
2827 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
2828 | hapd0 = hostapd.add_ap(apdev[0], params) | |
2829 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
2830 | hapd1 = hostapd.add_ap(apdev[1], params) | |
2831 | ||
2832 | dev[0].set("ric_ies", "") | |
2833 | dev[0].set("ric_ies", '""') | |
2834 | if "FAIL" not in dev[0].request("SET ric_ies q"): | |
2835 | raise Exception("Invalid ric_ies value accepted") | |
2836 | ||
fab49f61 JM |
2837 | tests = ["3900", |
2838 | "3900ff04eeeeeeee", | |
2839 | "390400000000", | |
2840 | "390400000000" + "390400000000", | |
2841 | "390400000000" + "dd050050f20202", | |
2842 | "390400000000" + "dd3d0050f2020201" + 55*"00", | |
2843 | "390400000000" + "dd3d0050f2020201aa300010270000000000000000000000000000000000000000000000000000ffffff7f00000000000000000000000040420f00ffff0000", | |
2844 | "390401010000" + "dd3d0050f2020201aa3000dc050000000000000000000000000000000000000000000000000000dc050000000000000000000000000000808d5b0028230000"] | |
fd7205fa JM |
2845 | for t in tests: |
2846 | dev[0].set("ric_ies", t) | |
2847 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, | |
2848 | test_connectivity=False) | |
2849 | dev[0].request("REMOVE_NETWORK all") | |
2850 | dev[0].wait_disconnected() | |
2851 | dev[0].dump_monitor() | |
c8942286 JM |
2852 | |
2853 | def ie_hex(ies, id): | |
7ab74770 | 2854 | return binascii.hexlify(struct.pack('BB', id, len(ies[id])) + ies[id]).decode() |
c8942286 JM |
2855 | |
2856 | def test_ap_ft_reassoc_proto(dev, apdev): | |
2857 | """WPA2-PSK-FT AP Reassociation Request frame parsing""" | |
2858 | ssid = "test-ft" | |
fab49f61 | 2859 | passphrase = "12345678" |
c8942286 JM |
2860 | |
2861 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
2862 | hapd0 = hostapd.add_ap(apdev[0], params) | |
2863 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
2864 | hapd1 = hostapd.add_ap(apdev[1], params) | |
2865 | ||
2866 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
2867 | ieee80211w="1", scan_freq="2412") | |
2868 | if dev[0].get_status_field('bssid') == hapd0.own_addr(): | |
2869 | hapd1ap = hapd0 | |
2870 | hapd2ap = hapd1 | |
2871 | else: | |
2872 | hapd1ap = hapd1 | |
2873 | hapd2ap = hapd0 | |
2874 | ||
2875 | dev[0].scan_for_bss(hapd2ap.own_addr(), freq="2412") | |
2876 | hapd2ap.set("ext_mgmt_frame_handling", "1") | |
2877 | dev[0].request("ROAM " + hapd2ap.own_addr()) | |
2878 | ||
2879 | while True: | |
2880 | req = hapd2ap.mgmt_rx() | |
7ab74770 | 2881 | hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode()) |
c8942286 JM |
2882 | if req['subtype'] == 11: |
2883 | break | |
2884 | ||
2885 | while True: | |
2886 | req = hapd2ap.mgmt_rx() | |
2887 | if req['subtype'] == 2: | |
2888 | break | |
7ab74770 | 2889 | hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode()) |
c8942286 JM |
2890 | |
2891 | # IEEE 802.11 header + fixed fields before IEs | |
7ab74770 | 2892 | hdr = binascii.hexlify(req['frame'][0:34]).decode() |
c8942286 JM |
2893 | ies = parse_ie(binascii.hexlify(req['frame'][34:])) |
2894 | # First elements: SSID, Supported Rates, Extended Supported Rates | |
2895 | ies1 = ie_hex(ies, 0) + ie_hex(ies, 1) + ie_hex(ies, 50) | |
2896 | ||
2897 | rsne = ie_hex(ies, 48) | |
2898 | mde = ie_hex(ies, 54) | |
2899 | fte = ie_hex(ies, 55) | |
fab49f61 | 2900 | tests = [] |
c8942286 | 2901 | # RSN: Trying to use FT, but MDIE not included |
fab49f61 | 2902 | tests += [rsne] |
c8942286 | 2903 | # RSN: Attempted to use unknown MDIE |
fab49f61 | 2904 | tests += [rsne + "3603000000"] |
c8942286 | 2905 | # Invalid RSN pairwise cipher |
fab49f61 | 2906 | tests += ["30260100000fac040100000fac030100000fac040000010029208a42cd25c85aa571567dce10dae3"] |
c8942286 | 2907 | # FT: No PMKID in RSNIE |
fab49f61 | 2908 | tests += ["30160100000fac040100000fac040100000fac0400000000" + ie_hex(ies, 54)] |
c8942286 | 2909 | # FT: Invalid FTIE |
fab49f61 | 2910 | tests += [rsne + mde] |
c8942286 JM |
2911 | # FT: RIC IE(s) in the frame, but not included in protected IE count |
2912 | # FT: Failed to parse FT IEs | |
fab49f61 | 2913 | tests += [rsne + mde + fte + "3900"] |
c8942286 | 2914 | # FT: SNonce mismatch in FTIE |
fab49f61 | 2915 | tests += [rsne + mde + "37520000" + 16*"00" + 32*"00" + 32*"00"] |
c8942286 | 2916 | # FT: ANonce mismatch in FTIE |
fab49f61 | 2917 | tests += [rsne + mde + fte[0:40] + 32*"00" + fte[104:]] |
c8942286 | 2918 | # FT: No R0KH-ID subelem in FTIE |
fab49f61 | 2919 | tests += [rsne + mde + "3752" + fte[4:168]] |
c8942286 | 2920 | # FT: R0KH-ID in FTIE did not match with the current R0KH-ID |
fab49f61 | 2921 | tests += [rsne + mde + "3755" + fte[4:168] + "0301ff"] |
c8942286 | 2922 | # FT: No R1KH-ID subelem in FTIE |
fab49f61 | 2923 | tests += [rsne + mde + "375e" + fte[4:168] + "030a" + binascii.hexlify(b"nas1.w1.fi").decode()] |
c8942286 | 2924 | # FT: Unknown R1KH-ID used in ReassocReq |
fab49f61 | 2925 | tests += [rsne + mde + "3766" + fte[4:168] + "030a" + binascii.hexlify(b"nas1.w1.fi").decode() + "0106000000000000"] |
c8942286 | 2926 | # FT: PMKID in Reassoc Req did not match with the PMKR1Name derived from auth request |
fab49f61 | 2927 | tests += [rsne[:-32] + 16*"00" + mde + fte] |
c8942286 | 2928 | # Invalid MIC in FTIE |
fab49f61 | 2929 | tests += [rsne + mde + fte[0:8] + 16*"00" + fte[40:]] |
c8942286 JM |
2930 | for t in tests: |
2931 | hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + ies1 + t) | |
2932 | ||
2933 | def test_ap_ft_reassoc_local_fail(dev, apdev): | |
2934 | """WPA2-PSK-FT AP Reassociation Request frame and local failure""" | |
2935 | ssid = "test-ft" | |
fab49f61 | 2936 | passphrase = "12345678" |
c8942286 JM |
2937 | |
2938 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
2939 | hapd0 = hostapd.add_ap(apdev[0], params) | |
2940 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
2941 | hapd1 = hostapd.add_ap(apdev[1], params) | |
2942 | ||
2943 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
2944 | ieee80211w="1", scan_freq="2412") | |
2945 | if dev[0].get_status_field('bssid') == hapd0.own_addr(): | |
2946 | hapd1ap = hapd0 | |
2947 | hapd2ap = hapd1 | |
2948 | else: | |
2949 | hapd1ap = hapd1 | |
2950 | hapd2ap = hapd0 | |
2951 | ||
2952 | dev[0].scan_for_bss(hapd2ap.own_addr(), freq="2412") | |
2953 | # FT: Failed to calculate MIC | |
2954 | with fail_test(hapd2ap, 1, "wpa_ft_validate_reassoc"): | |
2955 | dev[0].request("ROAM " + hapd2ap.own_addr()) | |
2956 | ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10) | |
2957 | dev[0].request("DISCONNECT") | |
2958 | if ev is None: | |
2959 | raise Exception("Association reject not seen") | |
d7f0bef9 JM |
2960 | |
2961 | def test_ap_ft_reassoc_replay(dev, apdev, params): | |
2962 | """WPA2-PSK-FT AP and replayed Reassociation Request frame""" | |
2963 | capfile = os.path.join(params['logdir'], "hwsim0.pcapng") | |
2964 | ssid = "test-ft" | |
fab49f61 | 2965 | passphrase = "12345678" |
d7f0bef9 JM |
2966 | |
2967 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
2968 | hapd0 = hostapd.add_ap(apdev[0], params) | |
2969 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
2970 | hapd1 = hostapd.add_ap(apdev[1], params) | |
2971 | ||
2972 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
2973 | scan_freq="2412") | |
2974 | if dev[0].get_status_field('bssid') == hapd0.own_addr(): | |
2975 | hapd1ap = hapd0 | |
2976 | hapd2ap = hapd1 | |
2977 | else: | |
2978 | hapd1ap = hapd1 | |
2979 | hapd2ap = hapd0 | |
2980 | ||
2981 | dev[0].scan_for_bss(hapd2ap.own_addr(), freq="2412") | |
2982 | hapd2ap.set("ext_mgmt_frame_handling", "1") | |
2983 | dev[0].dump_monitor() | |
2984 | if "OK" not in dev[0].request("ROAM " + hapd2ap.own_addr()): | |
2985 | raise Exception("ROAM failed") | |
2986 | ||
2987 | reassocreq = None | |
2988 | count = 0 | |
2989 | while count < 100: | |
2990 | req = hapd2ap.mgmt_rx() | |
2991 | count += 1 | |
2992 | hapd2ap.dump_monitor() | |
7ab74770 | 2993 | hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode()) |
d7f0bef9 JM |
2994 | if req['subtype'] == 2: |
2995 | reassocreq = req | |
2996 | ev = hapd2ap.wait_event(["MGMT-TX-STATUS"], timeout=5) | |
2997 | if ev is None: | |
2998 | raise Exception("No TX status seen") | |
2999 | cmd = "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev.split(' ')[1:4])) | |
3000 | if "OK" not in hapd2ap.request(cmd): | |
3001 | raise Exception("MGMT_TX_STATUS_PROCESS failed") | |
3002 | break | |
3003 | hapd2ap.set("ext_mgmt_frame_handling", "0") | |
3004 | if reassocreq is None: | |
3005 | raise Exception("No Reassociation Request frame seen") | |
3006 | dev[0].wait_connected() | |
3007 | dev[0].dump_monitor() | |
3008 | hapd2ap.dump_monitor() | |
3009 | ||
3010 | hwsim_utils.test_connectivity(dev[0], hapd2ap) | |
3011 | ||
3012 | logger.info("Replay the last Reassociation Request frame") | |
3013 | hapd2ap.dump_monitor() | |
3014 | hapd2ap.set("ext_mgmt_frame_handling", "1") | |
7ab74770 | 3015 | hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode()) |
d7f0bef9 JM |
3016 | ev = hapd2ap.wait_event(["MGMT-TX-STATUS"], timeout=5) |
3017 | if ev is None: | |
3018 | raise Exception("No TX status seen") | |
3019 | cmd = "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev.split(' ')[1:4])) | |
3020 | if "OK" not in hapd2ap.request(cmd): | |
3021 | raise Exception("MGMT_TX_STATUS_PROCESS failed") | |
3022 | hapd2ap.set("ext_mgmt_frame_handling", "0") | |
3023 | ||
3024 | try: | |
3025 | hwsim_utils.test_connectivity(dev[0], hapd2ap) | |
3026 | ok = True | |
3027 | except: | |
3028 | ok = False | |
3029 | ||
3030 | ap = hapd2ap.own_addr() | |
3031 | sta = dev[0].own_addr() | |
3032 | filt = "wlan.fc.type == 2 && " + \ | |
3033 | "wlan.da == " + sta + " && " + \ | |
12de1490 JM |
3034 | "wlan.sa == " + ap + " && " + \ |
3035 | "wlan.fc.protected == 1" | |
fab49f61 | 3036 | fields = ["wlan.ccmp.extiv"] |
d7f0bef9 JM |
3037 | res = run_tshark(capfile, filt, fields) |
3038 | vals = res.splitlines() | |
3039 | logger.info("CCMP PN: " + str(vals)) | |
3040 | if len(vals) < 2: | |
3041 | raise Exception("Could not find all CCMP protected frames from capture") | |
3042 | if len(set(vals)) < len(vals): | |
3043 | raise Exception("Duplicate CCMP PN used") | |
3044 | ||
3045 | if not ok: | |
3046 | raise Exception("The second hwsim connectivity test failed") | |
0dc3c5f2 JM |
3047 | |
3048 | def test_ap_ft_psk_file(dev, apdev): | |
3049 | """WPA2-PSK-FT AP with PSK from a file""" | |
3050 | ssid = "test-ft" | |
fab49f61 | 3051 | passphrase = "12345678" |
0dc3c5f2 JM |
3052 | |
3053 | params = ft_params1a(ssid=ssid, passphrase=passphrase) | |
3054 | params['wpa_psk_file'] = 'hostapd.wpa_psk' | |
3055 | hapd = hostapd.add_ap(apdev[0], params) | |
3056 | ||
3057 | dev[1].connect(ssid, psk="very secret", | |
3058 | key_mgmt="FT-PSK", proto="WPA2", ieee80211w="1", | |
3059 | scan_freq="2412", wait_connect=False) | |
3060 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
3061 | ieee80211w="1", scan_freq="2412") | |
3062 | dev[0].request("REMOVE_NETWORK all") | |
3063 | dev[0].wait_disconnected() | |
3064 | dev[0].connect(ssid, psk="very secret", key_mgmt="FT-PSK", proto="WPA2", | |
3065 | ieee80211w="1", scan_freq="2412") | |
3066 | dev[0].request("REMOVE_NETWORK all") | |
3067 | dev[0].wait_disconnected() | |
3068 | dev[0].connect(ssid, psk="secret passphrase", | |
3069 | key_mgmt="FT-PSK", proto="WPA2", ieee80211w="1", | |
3070 | scan_freq="2412") | |
3071 | dev[2].connect(ssid, psk="another passphrase for all STAs", | |
3072 | key_mgmt="FT-PSK", proto="WPA2", ieee80211w="1", | |
3073 | scan_freq="2412") | |
3074 | ev = dev[1].wait_event(["WPA: 4-Way Handshake failed"], timeout=10) | |
3075 | if ev is None: | |
3076 | raise Exception("Timed out while waiting for failure report") | |
3077 | dev[1].request("REMOVE_NETWORK all") | |
62566bc2 JM |
3078 | |
3079 | def test_ap_ft_eap_ap_config_change(dev, apdev): | |
3080 | """WPA2-EAP-FT AP changing from 802.1X-only to FT-only""" | |
3081 | ssid = "test-ft" | |
fab49f61 | 3082 | passphrase = "12345678" |
62566bc2 JM |
3083 | bssid = apdev[0]['bssid'] |
3084 | ||
3085 | radius = hostapd.radius_params() | |
3086 | params = ft_params1(ssid=ssid, passphrase=passphrase, discovery=True) | |
3087 | params['wpa_key_mgmt'] = "WPA-EAP" | |
3088 | params["ieee8021x"] = "1" | |
3089 | params["pmk_r1_push"] = "0" | |
3090 | params["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff" | |
3091 | params["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff" | |
3092 | params["eap_server"] = "0" | |
35d8c254 | 3093 | params = dict(list(radius.items()) + list(params.items())) |
62566bc2 JM |
3094 | hapd = hostapd.add_ap(apdev[0], params) |
3095 | ||
3096 | dev[0].connect(ssid, key_mgmt="FT-EAP WPA-EAP", proto="WPA2", | |
3097 | eap="GPSK", identity="gpsk user", | |
3098 | password="abcdefghijklmnop0123456789abcdef", | |
3099 | scan_freq="2412") | |
3100 | dev[0].request("DISCONNECT") | |
3101 | dev[0].wait_disconnected() | |
3102 | dev[0].dump_monitor() | |
3103 | ||
3104 | hapd.disable() | |
3105 | hapd.set('wpa_key_mgmt', "FT-EAP") | |
3106 | hapd.enable() | |
3107 | ||
3108 | dev[0].request("BSS_FLUSH 0") | |
3109 | dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True) | |
3110 | ||
3111 | dev[0].request("RECONNECT") | |
3112 | dev[0].wait_connected() | |
55b3cda7 JM |
3113 | |
3114 | def test_ap_ft_eap_sha384(dev, apdev): | |
3115 | """WPA2-EAP-FT with SHA384""" | |
3116 | ssid = "test-ft" | |
fab49f61 | 3117 | passphrase = "12345678" |
55b3cda7 JM |
3118 | |
3119 | radius = hostapd.radius_params() | |
3120 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
58be42b2 | 3121 | params["ieee80211w"] = "2" |
55b3cda7 JM |
3122 | params['wpa_key_mgmt'] = "FT-EAP-SHA384" |
3123 | params["ieee8021x"] = "1" | |
35d8c254 | 3124 | params = dict(list(radius.items()) + list(params.items())) |
55b3cda7 JM |
3125 | hapd0 = hostapd.add_ap(apdev[0], params) |
3126 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
58be42b2 | 3127 | params["ieee80211w"] = "2" |
55b3cda7 JM |
3128 | params['wpa_key_mgmt'] = "FT-EAP-SHA384" |
3129 | params["ieee8021x"] = "1" | |
35d8c254 | 3130 | params = dict(list(radius.items()) + list(params.items())) |
55b3cda7 JM |
3131 | hapd1 = hostapd.add_ap(apdev[1], params) |
3132 | ||
3133 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, eap=True, | |
3134 | sha384=True) | |
3135 | ||
659f7954 JM |
3136 | def test_ap_ft_eap_sha384_reassoc(dev, apdev): |
3137 | """WPA2-EAP-FT with SHA384 using REASSOCIATE""" | |
e1923f5b | 3138 | check_suite_b_192_capa(dev) |
659f7954 JM |
3139 | ssid = "test-ft" |
3140 | passphrase = "12345678" | |
3141 | ||
3142 | radius = hostapd.radius_params() | |
3143 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
3144 | params["ieee80211w"] = "2" | |
3145 | params['wpa_key_mgmt'] = "WPA-EAP-SUITE-B-192 FT-EAP-SHA384" | |
3146 | params["ieee8021x"] = "1" | |
3147 | params = dict(list(radius.items()) + list(params.items())) | |
3148 | hapd0 = hostapd.add_ap(apdev[0], params) | |
3149 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
3150 | params["ieee80211w"] = "2" | |
3151 | params['wpa_key_mgmt'] = "WPA-EAP-SUITE-B-192 FT-EAP-SHA384" | |
3152 | params["ieee8021x"] = "1" | |
3153 | params = dict(list(radius.items()) + list(params.items())) | |
3154 | hapd1 = hostapd.add_ap(apdev[1], params) | |
3155 | ||
3156 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, eap=True, | |
3157 | sha384=True, also_non_ft=True, roam_with_reassoc=True) | |
3158 | ||
55b3cda7 JM |
3159 | def test_ap_ft_eap_sha384_over_ds(dev, apdev): |
3160 | """WPA2-EAP-FT with SHA384 over DS""" | |
3161 | ssid = "test-ft" | |
fab49f61 | 3162 | passphrase = "12345678" |
55b3cda7 JM |
3163 | |
3164 | radius = hostapd.radius_params() | |
3165 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
58be42b2 | 3166 | params["ieee80211w"] = "2" |
55b3cda7 JM |
3167 | params['wpa_key_mgmt'] = "FT-EAP-SHA384" |
3168 | params["ieee8021x"] = "1" | |
35d8c254 | 3169 | params = dict(list(radius.items()) + list(params.items())) |
55b3cda7 JM |
3170 | hapd0 = hostapd.add_ap(apdev[0], params) |
3171 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
58be42b2 | 3172 | params["ieee80211w"] = "2" |
55b3cda7 JM |
3173 | params['wpa_key_mgmt'] = "FT-EAP-SHA384" |
3174 | params["ieee8021x"] = "1" | |
35d8c254 | 3175 | params = dict(list(radius.items()) + list(params.items())) |
55b3cda7 JM |
3176 | hapd1 = hostapd.add_ap(apdev[1], params) |
3177 | ||
3178 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, | |
3179 | eap=True, sha384=True) | |
392aba4e JM |
3180 | |
3181 | def test_ap_ft_roam_rrm(dev, apdev): | |
3182 | """WPA2-PSK-FT AP and radio measurement request""" | |
3183 | ssid = "test-ft" | |
fab49f61 | 3184 | passphrase = "12345678" |
392aba4e JM |
3185 | |
3186 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
3187 | params["rrm_beacon_report"] = "1" | |
3188 | hapd0 = hostapd.add_ap(apdev[0], params) | |
3189 | bssid0 = hapd0.own_addr() | |
3190 | ||
3191 | addr = dev[0].own_addr() | |
3192 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
3193 | scan_freq="2412") | |
3194 | check_beacon_req(hapd0, addr, 1) | |
3195 | ||
3196 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
3197 | params["rrm_beacon_report"] = "1" | |
3198 | hapd1 = hostapd.add_ap(apdev[1], params) | |
3199 | bssid1 = hapd1.own_addr() | |
3200 | ||
3201 | dev[0].scan_for_bss(bssid1, freq=2412) | |
3202 | dev[0].roam(bssid1) | |
3203 | check_beacon_req(hapd1, addr, 2) | |
3204 | ||
3205 | dev[0].scan_for_bss(bssid0, freq=2412) | |
3206 | dev[0].roam(bssid0) | |
3207 | check_beacon_req(hapd0, addr, 3) | |
9ff2b85e JM |
3208 | |
3209 | def test_ap_ft_pmksa_caching(dev, apdev): | |
3210 | """FT-EAP and PMKSA caching for initial mobility domain association""" | |
3211 | ssid = "test-ft" | |
3212 | identity = "gpsk user" | |
3213 | ||
3214 | radius = hostapd.radius_params() | |
3215 | params = ft_params1(ssid=ssid) | |
3216 | params['wpa_key_mgmt'] = "FT-EAP" | |
3217 | params["ieee8021x"] = "1" | |
3218 | params["mobility_domain"] = "c3d4" | |
3219 | params = dict(list(radius.items()) + list(params.items())) | |
3220 | hapd = hostapd.add_ap(apdev[0], params) | |
3221 | ||
3222 | params = ft_params2(ssid=ssid) | |
3223 | params['wpa_key_mgmt'] = "FT-EAP" | |
3224 | params["ieee8021x"] = "1" | |
3225 | params["mobility_domain"] = "c3d4" | |
3226 | params = dict(list(radius.items()) + list(params.items())) | |
3227 | hapd1 = hostapd.add_ap(apdev[1], params) | |
3228 | ||
3229 | run_roams(dev[0], apdev, hapd, hapd1, ssid, None, eap=True, | |
3230 | eap_identity=identity, pmksa_caching=True) | |
3231 | ||
3232 | def test_ap_ft_pmksa_caching_sha384(dev, apdev): | |
3233 | """FT-EAP-SHA384 and PMKSA caching for initial mobility domain association""" | |
3234 | ssid = "test-ft" | |
3235 | identity = "gpsk user" | |
3236 | ||
3237 | radius = hostapd.radius_params() | |
3238 | params = ft_params1(ssid=ssid) | |
3239 | params['wpa_key_mgmt'] = "FT-EAP-SHA384" | |
3240 | params["ieee8021x"] = "1" | |
3241 | params["mobility_domain"] = "c3d4" | |
3242 | params = dict(list(radius.items()) + list(params.items())) | |
3243 | hapd = hostapd.add_ap(apdev[0], params) | |
3244 | ||
3245 | params = ft_params2(ssid=ssid) | |
3246 | params['wpa_key_mgmt'] = "FT-EAP-SHA384" | |
3247 | params["ieee8021x"] = "1" | |
3248 | params["mobility_domain"] = "c3d4" | |
3249 | params = dict(list(radius.items()) + list(params.items())) | |
3250 | hapd1 = hostapd.add_ap(apdev[1], params) | |
3251 | ||
3252 | run_roams(dev[0], apdev, hapd, hapd1, ssid, None, eap=True, | |
3253 | eap_identity=identity, pmksa_caching=True, sha384=True) | |
5916637c JM |
3254 | |
3255 | def test_ap_ft_r1_key_expiration(dev, apdev): | |
3256 | """WPA2-PSK-FT and PMK-R1 expiration""" | |
3257 | ssid = "test-ft" | |
3258 | passphrase = "12345678" | |
3259 | ||
3260 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
3261 | params['r1_max_key_lifetime'] = "2" | |
3262 | hapd0 = hostapd.add_ap(apdev[0], params) | |
3263 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
3264 | params['r1_max_key_lifetime'] = "2" | |
3265 | hapd1 = hostapd.add_ap(apdev[1], params) | |
3266 | ||
3267 | # This succeeds, but results in having to run another PMK-R1 pull before the | |
3268 | # second AP can complete FT protocol. | |
3269 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, wait_before_roam=4) | |
3270 | ||
3271 | def test_ap_ft_r0_key_expiration(dev, apdev): | |
3272 | """WPA2-PSK-FT and PMK-R0 expiration""" | |
3273 | ssid = "test-ft" | |
3274 | passphrase = "12345678" | |
3275 | ||
3276 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
3277 | params['ft_r0_key_lifetime'] = "2" | |
3278 | hapd0 = hostapd.add_ap(apdev[0], params) | |
3279 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
3280 | params['ft_r0_key_lifetime'] = "2" | |
3281 | hapd1 = hostapd.add_ap(apdev[1], params) | |
3282 | ||
3283 | bssid2 = run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, | |
3284 | return_after_initial=True) | |
3285 | time.sleep(4) | |
3286 | dev[0].scan_for_bss(bssid2, freq="2412") | |
3287 | if "OK" not in dev[0].request("ROAM " + bssid2): | |
3288 | raise Exception("ROAM failed") | |
3289 | ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED", | |
3290 | "CTRL-EVENT-AUTH-REJECT", | |
3291 | "CTRL-EVENT-ASSOC-REJECT"], timeout=5) | |
3292 | dev[0].request("DISCONNECT") | |
3293 | if ev is None or "CTRL-EVENT-AUTH-REJECT" not in ev: | |
3294 | raise Exception("FT protocol failure not reported") | |
3295 | if "status_code=53" not in ev: | |
3296 | raise Exception("Unexpected status in FT protocol failure: " + ev) | |
3297 | ||
3298 | # Generate a new PMK-R0 | |
3299 | dev[0].dump_monitor() | |
3300 | dev[0].request("RECONNECT") | |
3301 | dev[0].wait_connected() | |
6f291896 JM |
3302 | |
3303 | def test_ap_ft_no_full_ap_client_state(dev, apdev): | |
3304 | """WPA2-PSK-FT AP with full_ap_client_state=0""" | |
3305 | run_ap_ft_skip_prune_assoc(dev, apdev, False, False) | |
3306 | ||
3307 | def test_ap_ft_skip_prune_assoc(dev, apdev): | |
3308 | """WPA2-PSK-FT AP with skip_prune_assoc""" | |
3309 | run_ap_ft_skip_prune_assoc(dev, apdev, True, True) | |
3310 | ||
3311 | def test_ap_ft_skip_prune_assoc2(dev, apdev): | |
3312 | """WPA2-PSK-FT AP with skip_prune_assoc (disable full_ap_client_state)""" | |
3313 | run_ap_ft_skip_prune_assoc(dev, apdev, True, False, test_connectivity=False) | |
3314 | ||
3315 | def run_ap_ft_skip_prune_assoc(dev, apdev, skip_prune_assoc, | |
3316 | full_ap_client_state, test_connectivity=True): | |
3317 | ssid = "test-ft" | |
3318 | passphrase = "12345678" | |
3319 | ||
3320 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
3321 | if skip_prune_assoc: | |
3322 | params['skip_prune_assoc'] = '1' | |
3323 | if not full_ap_client_state: | |
3324 | params['driver_params'] = "full_ap_client_state=0" | |
3325 | hapd0 = hostapd.add_ap(apdev[0], params) | |
3326 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
3327 | if skip_prune_assoc: | |
3328 | params['skip_prune_assoc'] = '1' | |
3329 | if not full_ap_client_state: | |
3330 | params['driver_params'] = "full_ap_client_state=0" | |
3331 | hapd1 = hostapd.add_ap(apdev[1], params) | |
3332 | ||
3333 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, | |
3334 | test_connectivity=test_connectivity) | |
3335 | ||
3336 | def test_ap_ft_sae_skip_prune_assoc(dev, apdev): | |
3337 | """WPA2-PSK-FT-SAE AP with skip_prune_assoc""" | |
3338 | hapd0, hapd1 = start_ft_sae(dev[0], apdev, skip_prune_assoc=True) | |
3339 | run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True) |