]> git.ipfire.org Git - thirdparty/hostap.git/blame - tests/hwsim/test_ap_ft.py
projects / thirdparty / hostap.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
tests: FT-EAP with VLAN
[thirdparty/hostap.git] / tests / hwsim / test_ap_ft.py
CommitLineData
cd7f1b9a 1# Fast BSS Transition tests
c8942286 2# Copyright (c) 2013-2017, Jouni Malinen <j@w1.fi>
cd7f1b9a
JM		 3#
4# This software may be distributed under the terms of the BSD license.
5# See README for more details.
6
9fd6804d 7from remotehost import remote_compatible
5b3c40a6
JM		 8import binascii
9import os
cd7f1b9a 10import time
cd7f1b9a 11import logging
c9aa4308 12logger = logging.getLogger()
c8942286 13import struct
cd7f1b9a
JM		 14
15import hwsim_utils
16import hostapd
d7f0bef9 17from tshark import run_tshark
c8942286 18from utils import HwsimSkip, alloc_fail, fail_test, wait_fail_trigger, skip_with_fips, parse_ie
cd7f1b9a 19from wlantest import Wlantest
5b3c40a6 20from test_ap_psk import check_mib, find_wpas_process, read_process_memory, verify_not_present, get_key_locations
cd7f1b9a
JM		 21
22def ft_base_rsn():
23 params = { "wpa": "2",
24 "wpa_key_mgmt": "FT-PSK",
25 "rsn_pairwise": "CCMP" }
26 return params
27
28def ft_base_mixed():
29 params = { "wpa": "3",
30 "wpa_key_mgmt": "WPA-PSK FT-PSK",
31 "wpa_pairwise": "TKIP",
32 "rsn_pairwise": "CCMP" }
33 return params
34
35def ft_params(rsn=True, ssid=None, passphrase=None):
36 if rsn:
37 params = ft_base_rsn()
38 else:
39 params = ft_base_mixed()
40 if ssid:
41 params["ssid"] = ssid
42 if passphrase:
43 params["wpa_passphrase"] = passphrase
44
45 params["mobility_domain"] = "a1b2"
46 params["r0_key_lifetime"] = "10000"
47 params["pmk_r1_push"] = "1"
48 params["reassociation_deadline"] = "1000"
49 return params
50
d0175d6e 51def ft_params1a(rsn=True, ssid=None, passphrase=None):
cd7f1b9a
JM		 52 params = ft_params(rsn, ssid, passphrase)
53 params['nas_identifier'] = "nas1.w1.fi"
54 params['r1_key_holder'] = "000102030405"
d0175d6e
MB		 55 return params
56
942b52a8 57def ft_params1(rsn=True, ssid=None, passphrase=None, discovery=False):
d0175d6e 58 params = ft_params1a(rsn, ssid, passphrase)
942b52a8
MB		 59 if discovery:
60 params['r0kh'] = "ff:ff:ff:ff:ff:ff * 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
61 params['r1kh'] = "00:00:00:00:00:00 00:00:00:00:00:00 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
62 else:
63 params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f",
64 "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f" ]
65 params['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f"
cd7f1b9a
JM		 66 return params
67
c95dd8e4
JM		 68def ft_params1_old_key(rsn=True, ssid=None, passphrase=None):
69 params = ft_params1a(rsn, ssid, passphrase)
70 params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f",
71 "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f" ]
72 params['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f"
73 return params
74
d0175d6e 75def ft_params2a(rsn=True, ssid=None, passphrase=None):
cd7f1b9a
JM		 76 params = ft_params(rsn, ssid, passphrase)
77 params['nas_identifier'] = "nas2.w1.fi"
78 params['r1_key_holder'] = "000102030406"
d0175d6e
MB		 79 return params
80
942b52a8 81def ft_params2(rsn=True, ssid=None, passphrase=None, discovery=False):
d0175d6e 82 params = ft_params2a(rsn, ssid, passphrase)
942b52a8
MB		 83 if discovery:
84 params['r0kh'] = "ff:ff:ff:ff:ff:ff * 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
85 params['r1kh'] = "00:00:00:00:00:00 00:00:00:00:00:00 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
86 else:
87 params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f",
88 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f" ]
89 params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"
cd7f1b9a
JM		 90 return params
91
c95dd8e4
JM		 92def ft_params2_old_key(rsn=True, ssid=None, passphrase=None):
93 params = ft_params2a(rsn, ssid, passphrase)
94 params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f",
95 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f" ]
96 params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f"
97 return params
98
3b808945
JM		 99def ft_params1_r0kh_mismatch(rsn=True, ssid=None, passphrase=None):
100 params = ft_params(rsn, ssid, passphrase)
101 params['nas_identifier'] = "nas1.w1.fi"
102 params['r1_key_holder'] = "000102030405"
9441a227
MB		 103 params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f",
104 "12:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f" ]
105 params['r1kh'] = "12:00:00:00:04:00 10:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f"
3b808945
JM		 106 return params
107
108def ft_params2_incorrect_rrb_key(rsn=True, ssid=None, passphrase=None):
109 params = ft_params(rsn, ssid, passphrase)
110 params['nas_identifier'] = "nas2.w1.fi"
111 params['r1_key_holder'] = "000102030406"
9441a227
MB		 112 params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0ef1200102030405060708090a0b0c0d0ef1",
113 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0ef2000102030405060708090a0b0c0d0ef2" ]
114 params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0ef3300102030405060708090a0b0c0d0ef3"
3b808945
JM		 115 return params
116
117def ft_params2_r0kh_mismatch(rsn=True, ssid=None, passphrase=None):
118 params = ft_params(rsn, ssid, passphrase)
119 params['nas_identifier'] = "nas2.w1.fi"
120 params['r1_key_holder'] = "000102030406"
9441a227
MB		 121 params['r0kh'] = [ "12:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f",
122 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f" ]
123 params['r1kh'] = "12:00:00:00:03:00 10:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"
3b808945
JM		 124 return params
125
7b741a53
JM		 126def run_roams(dev, apdev, hapd0, hapd1, ssid, passphrase, over_ds=False,
127 sae=False, eap=False, fail_test=False, roams=1,
fd7205fa 128 pairwise_cipher="CCMP", group_cipher="TKIP CCMP", ptk_rekey="0",
9c50a6d3 129 test_connectivity=True, eap_identity="gpsk user", conndev=False):
cd7f1b9a 130 logger.info("Connect to first AP")
6f62809b
JM		 131 if eap:
132 dev.connect(ssid, key_mgmt="FT-EAP", proto="WPA2", ieee80211w="1",
9c50a6d3 133 eap="GPSK", identity=eap_identity,
2f816c21 134 password="abcdefghijklmnop0123456789abcdef",
7b741a53 135 scan_freq="2412",
1025603b
JM		 136 pairwise=pairwise_cipher, group=group_cipher,
137 wpa_ptk_rekey=ptk_rekey)
6e658cc4 138 else:
6f62809b
JM		 139 if sae:
140 key_mgmt="FT-SAE"
141 else:
142 key_mgmt="FT-PSK"
143 dev.connect(ssid, psk=passphrase, key_mgmt=key_mgmt, proto="WPA2",
7b741a53 144 ieee80211w="1", scan_freq="2412",
1025603b
JM		 145 pairwise=pairwise_cipher, group=group_cipher,
146 wpa_ptk_rekey=ptk_rekey)
cd7f1b9a
JM		 147 if dev.get_status_field('bssid') == apdev[0]['bssid']:
148 ap1 = apdev[0]
149 ap2 = apdev[1]
a8375c94
JM		 150 hapd1ap = hapd0
151 hapd2ap = hapd1
cd7f1b9a
JM		 152 else:
153 ap1 = apdev[1]
154 ap2 = apdev[0]
a8375c94
JM		 155 hapd1ap = hapd1
156 hapd2ap = hapd0
fd7205fa 157 if test_connectivity:
9c50a6d3
MB		 158 if conndev:
159 hwsim_utils.test_connectivity_iface(dev, hapd1ap, conndev)
160 else:
161 hwsim_utils.test_connectivity(dev, hapd1ap)
cd7f1b9a 162
655bc8bf 163 dev.scan_for_bss(ap2['bssid'], freq="2412")
40602101
JM		 164
165 for i in range(0, roams):
166 logger.info("Roam to the second AP")
167 if over_ds:
168 dev.roam_over_ds(ap2['bssid'], fail_test=fail_test)
169 else:
170 dev.roam(ap2['bssid'], fail_test=fail_test)
171 if fail_test:
172 return
173 if dev.get_status_field('bssid') != ap2['bssid']:
174 raise Exception("Did not connect to correct AP")
fd7205fa 175 if (i == 0 or i == roams - 1) and test_connectivity:
9c50a6d3
MB		 176 if conndev:
177 hwsim_utils.test_connectivity_iface(dev, hapd2ap, conndev)
178 else:
179 hwsim_utils.test_connectivity(dev, hapd2ap)
40602101
JM		 180
181 logger.info("Roam back to the first AP")
182 if over_ds:
183 dev.roam_over_ds(ap1['bssid'])
184 else:
185 dev.roam(ap1['bssid'])
186 if dev.get_status_field('bssid') != ap1['bssid']:
187 raise Exception("Did not connect to correct AP")
fd7205fa 188 if (i == 0 or i == roams - 1) and test_connectivity:
9c50a6d3
MB		 189 if conndev:
190 hwsim_utils.test_connectivity_iface(dev, hapd1ap, conndev)
191 else:
192 hwsim_utils.test_connectivity(dev, hapd1ap)
cd7f1b9a
JM		 193
194def test_ap_ft(dev, apdev):
195 """WPA2-PSK-FT AP"""
196 ssid = "test-ft"
197 passphrase="12345678"
198
199 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 200 hapd0 = hostapd.add_ap(apdev[0], params)
cd7f1b9a 201 params = ft_params2(ssid=ssid, passphrase=passphrase)
8b8a1864 202 hapd1 = hostapd.add_ap(apdev[1], params)
cd7f1b9a 203
a8375c94 204 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
91bc6c36
JM		 205 if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"):
206 raise Exception("Scan results missing RSN element info")
cd7f1b9a 207
c95dd8e4
JM		 208def test_ap_ft_old_key(dev, apdev):
209 """WPA2-PSK-FT AP (old key)"""
210 ssid = "test-ft"
211 passphrase="12345678"
212
213 params = ft_params1_old_key(ssid=ssid, passphrase=passphrase)
214 hapd0 = hostapd.add_ap(apdev[0], params)
215 params = ft_params2_old_key(ssid=ssid, passphrase=passphrase)
216 hapd1 = hostapd.add_ap(apdev[1], params)
217
218 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
219
e4612f84
JM		 220def test_ap_ft_multi_akm(dev, apdev):
221 """WPA2-PSK-FT AP with non-FT AKMs enabled"""
222 ssid = "test-ft"
223 passphrase="12345678"
224
225 params = ft_params1(ssid=ssid, passphrase=passphrase)
226 params["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256"
227 hapd0 = hostapd.add_ap(apdev[0], params)
228 params = ft_params2(ssid=ssid, passphrase=passphrase)
229 params["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256"
230 hapd1 = hostapd.add_ap(apdev[1], params)
231
232 Wlantest.setup(hapd0)
233 wt = Wlantest()
234 wt.flush()
235 wt.add_passphrase(passphrase)
236
237 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
238 if "[WPA2-PSK+FT/PSK+PSK-SHA256-CCMP]" not in dev[0].request("SCAN_RESULTS"):
239 raise Exception("Scan results missing RSN element info")
240 dev[1].connect(ssid, psk=passphrase, scan_freq="2412")
241 dev[2].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK-SHA256",
242 scan_freq="2412")
243
d0175d6e
MB		 244def test_ap_ft_local_key_gen(dev, apdev):
245 """WPA2-PSK-FT AP with local key generation (without pull/push)"""
246 ssid = "test-ft"
247 passphrase="12345678"
248
249 params = ft_params1a(ssid=ssid, passphrase=passphrase)
250 params['ft_psk_generate_local'] = "1";
8344ba12 251 del params['pmk_r1_push']
b098542c 252 hapd0 = hostapd.add_ap(apdev[0], params)
d0175d6e
MB		 253 params = ft_params2a(ssid=ssid, passphrase=passphrase)
254 params['ft_psk_generate_local'] = "1";
8344ba12 255 del params['pmk_r1_push']
b098542c 256 hapd1 = hostapd.add_ap(apdev[1], params)
d0175d6e
MB		 257
258 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
259 if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"):
260 raise Exception("Scan results missing RSN element info")
261
40602101
JM		 262def test_ap_ft_many(dev, apdev):
263 """WPA2-PSK-FT AP multiple times"""
264 ssid = "test-ft"
265 passphrase="12345678"
266
267 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 268 hapd0 = hostapd.add_ap(apdev[0], params)
40602101 269 params = ft_params2(ssid=ssid, passphrase=passphrase)
8b8a1864 270 hapd1 = hostapd.add_ap(apdev[1], params)
40602101 271
a8375c94 272 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, roams=50)
40602101 273
cd7f1b9a
JM		 274def test_ap_ft_mixed(dev, apdev):
275 """WPA2-PSK-FT mixed-mode AP"""
276 ssid = "test-ft-mixed"
277 passphrase="12345678"
278
279 params = ft_params1(rsn=False, ssid=ssid, passphrase=passphrase)
8b8a1864 280 hapd = hostapd.add_ap(apdev[0], params)
65038313
JM		 281 key_mgmt = hapd.get_config()['key_mgmt']
282 vals = key_mgmt.split(' ')
283 if vals[0] != "WPA-PSK" or vals[1] != "FT-PSK":
284 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
cd7f1b9a 285 params = ft_params2(rsn=False, ssid=ssid, passphrase=passphrase)
8b8a1864 286 hapd1 = hostapd.add_ap(apdev[1], params)
cd7f1b9a 287
a8375c94 288 run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase)
cd7f1b9a
JM		 289
290def test_ap_ft_pmf(dev, apdev):
291 """WPA2-PSK-FT AP with PMF"""
292 ssid = "test-ft"
293 passphrase="12345678"
294
295 params = ft_params1(ssid=ssid, passphrase=passphrase)
bc6e3288 296 params["ieee80211w"] = "2"
8b8a1864 297 hapd0 = hostapd.add_ap(apdev[0], params)
cd7f1b9a 298 params = ft_params2(ssid=ssid, passphrase=passphrase)
bc6e3288 299 params["ieee80211w"] = "2"
8b8a1864 300 hapd1 = hostapd.add_ap(apdev[1], params)
cd7f1b9a 301
a8375c94 302 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
b553eab1
JM		 303
304def test_ap_ft_over_ds(dev, apdev):
305 """WPA2-PSK-FT AP over DS"""
306 ssid = "test-ft"
307 passphrase="12345678"
308
309 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 310 hapd0 = hostapd.add_ap(apdev[0], params)
b553eab1 311 params = ft_params2(ssid=ssid, passphrase=passphrase)
8b8a1864 312 hapd1 = hostapd.add_ap(apdev[1], params)
b553eab1 313
a8375c94 314 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True)
eaf3f9b1
JM		 315 check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"),
316 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4") ])
b553eab1 317
55139acb
JM		 318def test_ap_ft_over_ds_disabled(dev, apdev):
319 """WPA2-PSK-FT AP over DS disabled"""
320 ssid = "test-ft"
321 passphrase="12345678"
322
323 params = ft_params1(ssid=ssid, passphrase=passphrase)
324 params['ft_over_ds'] = '0'
325 hapd0 = hostapd.add_ap(apdev[0], params)
326 params = ft_params2(ssid=ssid, passphrase=passphrase)
327 params['ft_over_ds'] = '0'
328 hapd1 = hostapd.add_ap(apdev[1], params)
329
330 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
331 fail_test=True)
332
40602101
JM		 333def test_ap_ft_over_ds_many(dev, apdev):
334 """WPA2-PSK-FT AP over DS multiple times"""
335 ssid = "test-ft"
336 passphrase="12345678"
337
338 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 339 hapd0 = hostapd.add_ap(apdev[0], params)
40602101 340 params = ft_params2(ssid=ssid, passphrase=passphrase)
8b8a1864 341 hapd1 = hostapd.add_ap(apdev[1], params)
40602101 342
a8375c94
JM		 343 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
344 roams=50)
40602101 345
9fd6804d 346@remote_compatible
c337d07a
JM		 347def test_ap_ft_over_ds_unknown_target(dev, apdev):
348 """WPA2-PSK-FT AP"""
349 ssid = "test-ft"
350 passphrase="12345678"
351
352 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 353 hapd0 = hostapd.add_ap(apdev[0], params)
c337d07a
JM		 354
355 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
356 scan_freq="2412")
357 dev[0].roam_over_ds("02:11:22:33:44:55", fail_test=True)
358
9fd6804d 359@remote_compatible
211bb7c5
JM		 360def test_ap_ft_over_ds_unexpected(dev, apdev):
361 """WPA2-PSK-FT AP over DS and unexpected response"""
362 ssid = "test-ft"
363 passphrase="12345678"
364
365 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 366 hapd0 = hostapd.add_ap(apdev[0], params)
211bb7c5 367 params = ft_params2(ssid=ssid, passphrase=passphrase)
8b8a1864 368 hapd1 = hostapd.add_ap(apdev[1], params)
211bb7c5
JM		 369
370 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
371 scan_freq="2412")
372 if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
373 ap1 = apdev[0]
374 ap2 = apdev[1]
375 hapd1ap = hapd0
376 hapd2ap = hapd1
377 else:
378 ap1 = apdev[1]
379 ap2 = apdev[0]
380 hapd1ap = hapd1
381 hapd2ap = hapd0
382
383 addr = dev[0].own_addr()
384 hapd1ap.set("ext_mgmt_frame_handling", "1")
385 logger.info("Foreign STA address")
386 msg = {}
387 msg['fc'] = 13 << 4
388 msg['da'] = addr
389 msg['sa'] = ap1['bssid']
390 msg['bssid'] = ap1['bssid']
391 msg['payload'] = binascii.unhexlify("06021122334455660102030405060000")
392 hapd1ap.mgmt_tx(msg)
393
394 logger.info("No over-the-DS in progress")
395 msg['payload'] = binascii.unhexlify("0602" + addr.replace(':', '') + "0102030405060000")
396 hapd1ap.mgmt_tx(msg)
397
398 logger.info("Non-zero status code")
399 msg['payload'] = binascii.unhexlify("0602" + addr.replace(':', '') + "0102030405060100")
400 hapd1ap.mgmt_tx(msg)
401
402 hapd1ap.dump_monitor()
403
404 dev[0].scan_for_bss(ap2['bssid'], freq="2412")
405 if "OK" not in dev[0].request("FT_DS " + ap2['bssid']):
406 raise Exception("FT_DS failed")
407
408 req = hapd1ap.mgmt_rx()
409
410 logger.info("Foreign Target AP")
411 msg['payload'] = binascii.unhexlify("0602" + addr.replace(':', '') + "0102030405060000")
412 hapd1ap.mgmt_tx(msg)
413
414 addrs = addr.replace(':', '') + ap2['bssid'].replace(':', '')
415
416 logger.info("No IEs")
417 msg['payload'] = binascii.unhexlify("0602" + addrs + "0000")
418 hapd1ap.mgmt_tx(msg)
419
420 logger.info("Invalid IEs (trigger parsing failure)")
421 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003700")
422 hapd1ap.mgmt_tx(msg)
423
424 logger.info("Too short MDIE")
425 msg['payload'] = binascii.unhexlify("0602" + addrs + "000036021122")
426 hapd1ap.mgmt_tx(msg)
427
428 logger.info("Mobility domain mismatch")
429 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603112201")
430 hapd1ap.mgmt_tx(msg)
431
432 logger.info("No FTIE")
433 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201")
434 hapd1ap.mgmt_tx(msg)
435
436 logger.info("FTIE SNonce mismatch")
437 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "1000000000000000000000000000000000000000000000000000000000000001" + "030a6e6173322e77312e6669")
438 hapd1ap.mgmt_tx(msg)
439
440 logger.info("No R0KH-ID subelem in FTIE")
441 snonce = binascii.hexlify(req['payload'][111:111+32])
442 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b20137520000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce)
443 hapd1ap.mgmt_tx(msg)
444
445 logger.info("No R0KH-ID subelem mismatch in FTIE")
446 snonce = binascii.hexlify(req['payload'][111:111+32])
447 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce + "030a11223344556677889900")
448 hapd1ap.mgmt_tx(msg)
449
450 logger.info("No R1KH-ID subelem in FTIE")
451 r0khid = binascii.hexlify(req['payload'][145:145+10])
452 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce + "030a" + r0khid)
453 hapd1ap.mgmt_tx(msg)
454
455 logger.info("No RSNE")
456 r0khid = binascii.hexlify(req['payload'][145:145+10])
457 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b20137660000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce + "030a" + r0khid + "0106000102030405")
458 hapd1ap.mgmt_tx(msg)
459
b553eab1
JM		 460def test_ap_ft_pmf_over_ds(dev, apdev):
461 """WPA2-PSK-FT AP over DS with PMF"""
462 ssid = "test-ft"
463 passphrase="12345678"
464
465 params = ft_params1(ssid=ssid, passphrase=passphrase)
bc6e3288 466 params["ieee80211w"] = "2"
8b8a1864 467 hapd0 = hostapd.add_ap(apdev[0], params)
b553eab1 468 params = ft_params2(ssid=ssid, passphrase=passphrase)
bc6e3288 469 params["ieee80211w"] = "2"
8b8a1864 470 hapd1 = hostapd.add_ap(apdev[1], params)
b553eab1 471
a8375c94 472 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True)
6e658cc4 473
aaba98d3
JM		 474def test_ap_ft_over_ds_pull(dev, apdev):
475 """WPA2-PSK-FT AP over DS (pull PMK)"""
476 ssid = "test-ft"
477 passphrase="12345678"
478
479 params = ft_params1(ssid=ssid, passphrase=passphrase)
480 params["pmk_r1_push"] = "0"
8b8a1864 481 hapd0 = hostapd.add_ap(apdev[0], params)
aaba98d3
JM		 482 params = ft_params2(ssid=ssid, passphrase=passphrase)
483 params["pmk_r1_push"] = "0"
8b8a1864 484 hapd1 = hostapd.add_ap(apdev[1], params)
aaba98d3 485
a8375c94 486 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True)
aaba98d3 487
c95dd8e4
JM		 488def test_ap_ft_over_ds_pull_old_key(dev, apdev):
489 """WPA2-PSK-FT AP over DS (pull PMK; old key)"""
490 ssid = "test-ft"
491 passphrase="12345678"
492
493 params = ft_params1_old_key(ssid=ssid, passphrase=passphrase)
494 params["pmk_r1_push"] = "0"
495 hapd0 = hostapd.add_ap(apdev[0], params)
496 params = ft_params2_old_key(ssid=ssid, passphrase=passphrase)
497 params["pmk_r1_push"] = "0"
498 hapd1 = hostapd.add_ap(apdev[1], params)
499
500 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True)
501
6e658cc4
JM		 502def test_ap_ft_sae(dev, apdev):
503 """WPA2-PSK-FT-SAE AP"""
b9749b6a
JM		 504 if "SAE" not in dev[0].get_capability("auth_alg"):
505 raise HwsimSkip("SAE not supported")
6e658cc4
JM		 506 ssid = "test-ft"
507 passphrase="12345678"
508
509 params = ft_params1(ssid=ssid, passphrase=passphrase)
510 params['wpa_key_mgmt'] = "FT-SAE"
8b8a1864 511 hapd0 = hostapd.add_ap(apdev[0], params)
6e658cc4
JM		 512 params = ft_params2(ssid=ssid, passphrase=passphrase)
513 params['wpa_key_mgmt'] = "FT-SAE"
8b8a1864 514 hapd = hostapd.add_ap(apdev[1], params)
65038313
JM		 515 key_mgmt = hapd.get_config()['key_mgmt']
516 if key_mgmt.split(' ')[0] != "FT-SAE":
517 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
6e658cc4 518
17ffdf39 519 dev[0].request("SET sae_groups ")
a8375c94 520 run_roams(dev[0], apdev, hapd0, hapd, ssid, passphrase, sae=True)
6e658cc4
JM		 521
522def test_ap_ft_sae_over_ds(dev, apdev):
523 """WPA2-PSK-FT-SAE AP over DS"""
b9749b6a
JM		 524 if "SAE" not in dev[0].get_capability("auth_alg"):
525 raise HwsimSkip("SAE not supported")
6e658cc4
JM		 526 ssid = "test-ft"
527 passphrase="12345678"
528
529 params = ft_params1(ssid=ssid, passphrase=passphrase)
530 params['wpa_key_mgmt'] = "FT-SAE"
8b8a1864 531 hapd0 = hostapd.add_ap(apdev[0], params)
6e658cc4
JM		 532 params = ft_params2(ssid=ssid, passphrase=passphrase)
533 params['wpa_key_mgmt'] = "FT-SAE"
8b8a1864 534 hapd1 = hostapd.add_ap(apdev[1], params)
6e658cc4 535
17ffdf39 536 dev[0].request("SET sae_groups ")
a8375c94
JM		 537 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, sae=True,
538 over_ds=True)
6f62809b 539
9c50a6d3
MB		 540def generic_ap_ft_eap(dev, apdev, vlan=False, over_ds=False, discovery=False,
541 roams=1):
6f62809b
JM		 542 ssid = "test-ft"
543 passphrase="12345678"
9c50a6d3
MB		 544 if vlan:
545 identity="gpsk-vlan1"
546 conndev="brvlan1"
547 else:
548 identity="gpsk user"
549 conndev=False
6f62809b
JM		 550
551 radius = hostapd.radius_params()
942b52a8 552 params = ft_params1(ssid=ssid, passphrase=passphrase, discovery=discovery)
6f62809b
JM		 553 params['wpa_key_mgmt'] = "FT-EAP"
554 params["ieee8021x"] = "1"
9c50a6d3
MB		 555 if vlan:
556 params["dynamic_vlan"] = "1"
6f62809b 557 params = dict(radius.items() + params.items())
8b8a1864 558 hapd = hostapd.add_ap(apdev[0], params)
65038313
JM		 559 key_mgmt = hapd.get_config()['key_mgmt']
560 if key_mgmt.split(' ')[0] != "FT-EAP":
561 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
942b52a8 562 params = ft_params2(ssid=ssid, passphrase=passphrase, discovery=discovery)
6f62809b
JM		 563 params['wpa_key_mgmt'] = "FT-EAP"
564 params["ieee8021x"] = "1"
9c50a6d3
MB		 565 if vlan:
566 params["dynamic_vlan"] = "1"
6f62809b 567 params = dict(radius.items() + params.items())
8b8a1864 568 hapd1 = hostapd.add_ap(apdev[1], params)
6f62809b 569
942b52a8 570 run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True,
9c50a6d3
MB		 571 over_ds=over_ds, roams=roams, eap_identity=identity,
572 conndev=conndev)
91bc6c36
JM		 573 if "[WPA2-FT/EAP-CCMP]" not in dev[0].request("SCAN_RESULTS"):
574 raise Exception("Scan results missing RSN element info")
eaf3f9b1
JM		 575 check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-3"),
576 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-3") ])
aaba98d3 577
4013d688
JM		 578 # Verify EAPOL reauthentication after FT protocol
579 if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
580 ap = hapd
581 else:
582 ap = hapd1
583 ap.request("EAPOL_REAUTH " + dev[0].own_addr())
584 ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)
585 if ev is None:
586 raise Exception("EAP authentication did not start")
587 ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=5)
588 if ev is None:
589 raise Exception("EAP authentication did not succeed")
590 time.sleep(0.1)
9c50a6d3
MB		 591 if conndev:
592 hwsim_utils.test_connectivity_iface(dev[0], ap, conndev)
593 else:
594 hwsim_utils.test_connectivity(dev[0], ap)
4013d688 595
942b52a8
MB		 596def test_ap_ft_eap(dev, apdev):
597 """WPA2-EAP-FT AP"""
598 generic_ap_ft_eap(dev, apdev)
599
9c50a6d3
MB		 600def test_ap_ft_eap_vlan(dev, apdev):
601 """WPA2-EAP-FT AP with VLAN"""
602 generic_ap_ft_eap(dev, apdev, vlan=True)
603
604def test_ap_ft_eap_vlan_multi(dev, apdev):
605 """WPA2-EAP-FT AP with VLAN"""
606 generic_ap_ft_eap(dev, apdev, vlan=True, roams=50)
607
942b52a8
MB		 608def test_ap_ft_eap_over_ds(dev, apdev):
609 """WPA2-EAP-FT AP using over-the-DS"""
610 generic_ap_ft_eap(dev, apdev, over_ds=True)
611
612def test_ap_ft_eap_dis(dev, apdev):
613 """WPA2-EAP-FT AP with AP discovery"""
614 generic_ap_ft_eap(dev, apdev, discovery=True)
615
616def test_ap_ft_eap_dis_over_ds(dev, apdev):
617 """WPA2-EAP-FT AP with AP discovery and over-the-DS"""
618 generic_ap_ft_eap(dev, apdev, over_ds=True, discovery=True)
619
9c50a6d3
MB		 620def test_ap_ft_eap_vlan(dev, apdev):
621 """WPA2-EAP-FT AP with VLAN"""
622 generic_ap_ft_eap(dev, apdev, vlan=True)
623
624def test_ap_ft_eap_vlan_multi(dev, apdev):
625 """WPA2-EAP-FT AP with VLAN"""
626 generic_ap_ft_eap(dev, apdev, vlan=True, roams=50)
627
628def test_ap_ft_eap_vlan_over_ds(dev, apdev):
629 """WPA2-EAP-FT AP with VLAN + over_ds"""
630 generic_ap_ft_eap(dev, apdev, vlan=True, over_ds=True)
631
632def test_ap_ft_eap_vlan_over_ds_multi(dev, apdev):
633 """WPA2-EAP-FT AP with VLAN + over_ds"""
634 generic_ap_ft_eap(dev, apdev, vlan=True, over_ds=True, roams=50)
635
636def generic_ap_ft_eap_pull(dev, apdev, vlan=False):
aaba98d3
JM		 637 """WPA2-EAP-FT AP (pull PMK)"""
638 ssid = "test-ft"
639 passphrase="12345678"
9c50a6d3
MB		 640 if vlan:
641 identity="gpsk-vlan1"
642 conndev="brvlan1"
643 else:
644 identity="gpsk user"
645 conndev=False
aaba98d3
JM		 646
647 radius = hostapd.radius_params()
648 params = ft_params1(ssid=ssid, passphrase=passphrase)
649 params['wpa_key_mgmt'] = "FT-EAP"
650 params["ieee8021x"] = "1"
651 params["pmk_r1_push"] = "0"
9c50a6d3
MB		 652 if vlan:
653 params["dynamic_vlan"] = "1"
aaba98d3 654 params = dict(radius.items() + params.items())
8b8a1864 655 hapd = hostapd.add_ap(apdev[0], params)
aaba98d3
JM		 656 key_mgmt = hapd.get_config()['key_mgmt']
657 if key_mgmt.split(' ')[0] != "FT-EAP":
658 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
659 params = ft_params2(ssid=ssid, passphrase=passphrase)
660 params['wpa_key_mgmt'] = "FT-EAP"
661 params["ieee8021x"] = "1"
662 params["pmk_r1_push"] = "0"
9c50a6d3
MB		 663 if vlan:
664 params["dynamic_vlan"] = "1"
aaba98d3 665 params = dict(radius.items() + params.items())
8b8a1864 666 hapd1 = hostapd.add_ap(apdev[1], params)
aaba98d3 667
9c50a6d3
MB		 668 run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True,
669 eap_identity=identity, conndev=conndev)
670
671def test_ap_ft_eap_pull(dev, apdev):
672 """WPA2-EAP-FT AP (pull PMK)"""
673 generic_ap_ft_eap_pull(dev, apdev)
674
675def test_ap_ft_eap_pull_vlan(dev, apdev):
676 generic_ap_ft_eap_pull(dev, apdev, vlan=True)
3b808945 677
f81c1411
JM		 678def test_ap_ft_eap_pull_wildcard(dev, apdev):
679 """WPA2-EAP-FT AP (pull PMK) - wildcard R0KH/R1KH"""
680 ssid = "test-ft"
681 passphrase="12345678"
682
683 radius = hostapd.radius_params()
684 params = ft_params1(ssid=ssid, passphrase=passphrase, discovery=True)
685 params['wpa_key_mgmt'] = "WPA-EAP FT-EAP"
686 params["ieee8021x"] = "1"
687 params["pmk_r1_push"] = "0"
688 params["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
689 params["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
690 params["ft_psk_generate_local"] = "1"
691 params["eap_server"] = "0"
692 params = dict(radius.items() + params.items())
693 hapd = hostapd.add_ap(apdev[0], params)
694 params = ft_params2(ssid=ssid, passphrase=passphrase, discovery=True)
695 params['wpa_key_mgmt'] = "WPA-EAP FT-EAP"
696 params["ieee8021x"] = "1"
697 params["pmk_r1_push"] = "0"
698 params["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
699 params["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
700 params["ft_psk_generate_local"] = "1"
701 params["eap_server"] = "0"
702 params = dict(radius.items() + params.items())
703 hapd1 = hostapd.add_ap(apdev[1], params)
704
705 run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True)
706
9fd6804d 707@remote_compatible
3b808945
JM		 708def test_ap_ft_mismatching_rrb_key_push(dev, apdev):
709 """WPA2-PSK-FT AP over DS with mismatching RRB key (push)"""
710 ssid = "test-ft"
711 passphrase="12345678"
712
713 params = ft_params1(ssid=ssid, passphrase=passphrase)
bc6e3288 714 params["ieee80211w"] = "2"
8b8a1864 715 hapd0 = hostapd.add_ap(apdev[0], params)
3b808945 716 params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase)
bc6e3288 717 params["ieee80211w"] = "2"
8b8a1864 718 hapd1 = hostapd.add_ap(apdev[1], params)
3b808945 719
a8375c94
JM		 720 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
721 fail_test=True)
3b808945 722
9fd6804d 723@remote_compatible
3b808945
JM		 724def test_ap_ft_mismatching_rrb_key_pull(dev, apdev):
725 """WPA2-PSK-FT AP over DS with mismatching RRB key (pull)"""
726 ssid = "test-ft"
727 passphrase="12345678"
728
729 params = ft_params1(ssid=ssid, passphrase=passphrase)
730 params["pmk_r1_push"] = "0"
8b8a1864 731 hapd0 = hostapd.add_ap(apdev[0], params)
3b808945
JM		 732 params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase)
733 params["pmk_r1_push"] = "0"
8b8a1864 734 hapd1 = hostapd.add_ap(apdev[1], params)
3b808945 735
a8375c94
JM		 736 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
737 fail_test=True)
3b808945 738
9fd6804d 739@remote_compatible
ae14a2e2
JM		 740def test_ap_ft_mismatching_r0kh_id_pull(dev, apdev):
741 """WPA2-PSK-FT AP over DS with mismatching R0KH-ID (pull)"""
742 ssid = "test-ft"
743 passphrase="12345678"
744
745 params = ft_params1(ssid=ssid, passphrase=passphrase)
746 params["pmk_r1_push"] = "0"
747 params["nas_identifier"] = "nas0.w1.fi"
8b8a1864 748 hostapd.add_ap(apdev[0], params)
2f816c21
JM		 749 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
750 scan_freq="2412")
ae14a2e2
JM		 751
752 params = ft_params2(ssid=ssid, passphrase=passphrase)
753 params["pmk_r1_push"] = "0"
8b8a1864 754 hostapd.add_ap(apdev[1], params)
ae14a2e2
JM		 755
756 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
757 dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True)
758
9fd6804d 759@remote_compatible
3b808945
JM		 760def test_ap_ft_mismatching_rrb_r0kh_push(dev, apdev):
761 """WPA2-PSK-FT AP over DS with mismatching R0KH key (push)"""
762 ssid = "test-ft"
763 passphrase="12345678"
764
765 params = ft_params1(ssid=ssid, passphrase=passphrase)
bc6e3288 766 params["ieee80211w"] = "2"
8b8a1864 767 hapd0 = hostapd.add_ap(apdev[0], params)
3b808945 768 params = ft_params2_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
bc6e3288 769 params["ieee80211w"] = "2"
8b8a1864 770 hapd1 = hostapd.add_ap(apdev[1], params)
3b808945 771
a8375c94
JM		 772 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
773 fail_test=True)
3b808945 774
9fd6804d 775@remote_compatible
3b808945
JM		 776def test_ap_ft_mismatching_rrb_r0kh_pull(dev, apdev):
777 """WPA2-PSK-FT AP over DS with mismatching R0KH key (pull)"""
778 ssid = "test-ft"
779 passphrase="12345678"
780
781 params = ft_params1_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
782 params["pmk_r1_push"] = "0"
8b8a1864 783 hapd0 = hostapd.add_ap(apdev[0], params)
3b808945
JM		 784 params = ft_params2(ssid=ssid, passphrase=passphrase)
785 params["pmk_r1_push"] = "0"
8b8a1864 786 hapd1 = hostapd.add_ap(apdev[1], params)
3b808945 787
a8375c94
JM		 788 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
789 fail_test=True)
c6b6e105 790
150948e6
MB		 791def test_ap_ft_mismatching_rrb_key_push_eap(dev, apdev):
792 """WPA2-EAP-FT AP over DS with mismatching RRB key (push)"""
793 ssid = "test-ft"
794 passphrase="12345678"
795
796 radius = hostapd.radius_params()
797 params = ft_params1(ssid=ssid, passphrase=passphrase)
798 params["ieee80211w"] = "2";
799 params['wpa_key_mgmt'] = "FT-EAP"
800 params["ieee8021x"] = "1"
801 params = dict(radius.items() + params.items())
b098542c 802 hapd0 = hostapd.add_ap(apdev[0], params)
150948e6
MB		 803 params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase)
804 params["ieee80211w"] = "2";
805 params['wpa_key_mgmt'] = "FT-EAP"
806 params["ieee8021x"] = "1"
807 params = dict(radius.items() + params.items())
b098542c 808 hapd1 = hostapd.add_ap(apdev[1], params)
150948e6
MB		 809
810 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
811 fail_test=True, eap=True)
812
813def test_ap_ft_mismatching_rrb_key_pull_eap(dev, apdev):
814 """WPA2-EAP-FT AP over DS with mismatching RRB key (pull)"""
815 ssid = "test-ft"
816 passphrase="12345678"
817
818 radius = hostapd.radius_params()
819 params = ft_params1(ssid=ssid, passphrase=passphrase)
820 params["pmk_r1_push"] = "0"
821 params['wpa_key_mgmt'] = "FT-EAP"
822 params["ieee8021x"] = "1"
823 params = dict(radius.items() + params.items())
b098542c 824 hapd0 = hostapd.add_ap(apdev[0], params)
150948e6
MB		 825 params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase)
826 params["pmk_r1_push"] = "0"
827 params['wpa_key_mgmt'] = "FT-EAP"
828 params["ieee8021x"] = "1"
829 params = dict(radius.items() + params.items())
b098542c 830 hapd1 = hostapd.add_ap(apdev[1], params)
150948e6
MB		 831
832 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
833 fail_test=True, eap=True)
834
835def test_ap_ft_mismatching_r0kh_id_pull_eap(dev, apdev):
836 """WPA2-EAP-FT AP over DS with mismatching R0KH-ID (pull)"""
837 ssid = "test-ft"
838 passphrase="12345678"
839
840 radius = hostapd.radius_params()
841 params = ft_params1(ssid=ssid, passphrase=passphrase)
842 params["pmk_r1_push"] = "0"
843 params["nas_identifier"] = "nas0.w1.fi"
844 params['wpa_key_mgmt'] = "FT-EAP"
845 params["ieee8021x"] = "1"
846 params = dict(radius.items() + params.items())
b098542c 847 hostapd.add_ap(apdev[0], params)
150948e6
MB		 848 dev[0].connect(ssid, key_mgmt="FT-EAP", proto="WPA2", ieee80211w="1",
849 eap="GPSK", identity="gpsk user",
850 password="abcdefghijklmnop0123456789abcdef",
851 scan_freq="2412")
852
853 params = ft_params2(ssid=ssid, passphrase=passphrase)
854 params["pmk_r1_push"] = "0"
855 params['wpa_key_mgmt'] = "FT-EAP"
856 params["ieee8021x"] = "1"
857 params = dict(radius.items() + params.items())
b098542c 858 hostapd.add_ap(apdev[1], params)
150948e6
MB		 859
860 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
861 dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True)
862
863def test_ap_ft_mismatching_rrb_r0kh_push_eap(dev, apdev):
864 """WPA2-EAP-FT AP over DS with mismatching R0KH key (push)"""
865 ssid = "test-ft"
866 passphrase="12345678"
867
868 radius = hostapd.radius_params()
869 params = ft_params1(ssid=ssid, passphrase=passphrase)
870 params["ieee80211w"] = "2";
871 params['wpa_key_mgmt'] = "FT-EAP"
872 params["ieee8021x"] = "1"
873 params = dict(radius.items() + params.items())
b098542c 874 hapd0 = hostapd.add_ap(apdev[0], params)
150948e6
MB		 875 params = ft_params2_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
876 params["ieee80211w"] = "2";
877 params['wpa_key_mgmt'] = "FT-EAP"
878 params["ieee8021x"] = "1"
879 params = dict(radius.items() + params.items())
b098542c 880 hapd1 = hostapd.add_ap(apdev[1], params)
150948e6
MB		 881
882 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
883 fail_test=True, eap=True)
884
885def test_ap_ft_mismatching_rrb_r0kh_pull_eap(dev, apdev):
886 """WPA2-EAP-FT AP over DS with mismatching R0KH key (pull)"""
887 ssid = "test-ft"
888 passphrase="12345678"
889
890 radius = hostapd.radius_params()
891 params = ft_params1_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
892 params["pmk_r1_push"] = "0"
893 params['wpa_key_mgmt'] = "FT-EAP"
894 params["ieee8021x"] = "1"
895 params = dict(radius.items() + params.items())
b098542c 896 hapd0 = hostapd.add_ap(apdev[0], params)
150948e6
MB		 897 params = ft_params2(ssid=ssid, passphrase=passphrase)
898 params["pmk_r1_push"] = "0"
899 params['wpa_key_mgmt'] = "FT-EAP"
900 params["ieee8021x"] = "1"
901 params = dict(radius.items() + params.items())
b098542c 902 hapd1 = hostapd.add_ap(apdev[1], params)
150948e6
MB		 903
904 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
905 fail_test=True, eap=True)
906
c6b6e105
JM		 907def test_ap_ft_gtk_rekey(dev, apdev):
908 """WPA2-PSK-FT AP and GTK rekey"""
909 ssid = "test-ft"
910 passphrase="12345678"
911
912 params = ft_params1(ssid=ssid, passphrase=passphrase)
913 params['wpa_group_rekey'] = '1'
8b8a1864 914 hapd = hostapd.add_ap(apdev[0], params)
c6b6e105
JM		 915
916 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2f816c21 917 ieee80211w="1", scan_freq="2412")
c6b6e105
JM		 918
919 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
920 if ev is None:
921 raise Exception("GTK rekey timed out after initial association")
a8375c94 922 hwsim_utils.test_connectivity(dev[0], hapd)
c6b6e105
JM		 923
924 params = ft_params2(ssid=ssid, passphrase=passphrase)
925 params['wpa_group_rekey'] = '1'
8b8a1864 926 hapd1 = hostapd.add_ap(apdev[1], params)
c6b6e105
JM		 927
928 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
929 dev[0].roam(apdev[1]['bssid'])
930 if dev[0].get_status_field('bssid') != apdev[1]['bssid']:
931 raise Exception("Did not connect to correct AP")
a8375c94 932 hwsim_utils.test_connectivity(dev[0], hapd1)
c6b6e105
JM		 933
934 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
935 if ev is None:
936 raise Exception("GTK rekey timed out after FT protocol")
a8375c94 937 hwsim_utils.test_connectivity(dev[0], hapd1)
5b3c40a6
JM		 938
939def test_ft_psk_key_lifetime_in_memory(dev, apdev, params):
940 """WPA2-PSK-FT and key lifetime in memory"""
941 ssid = "test-ft"
942 passphrase="04c2726b4b8d5f1b4db9c07aa4d9e9d8f765cb5d25ec817e6cc4fcdd5255db0"
943 psk = '93c90846ff67af9037ed83fb72b63dbeddaa81d47f926c20909b5886f1d9358d'
944 pmk = binascii.unhexlify(psk)
945 p = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 946 hapd0 = hostapd.add_ap(apdev[0], p)
5b3c40a6 947 p = ft_params2(ssid=ssid, passphrase=passphrase)
8b8a1864 948 hapd1 = hostapd.add_ap(apdev[1], p)
5b3c40a6
JM		 949
950 pid = find_wpas_process(dev[0])
951
952 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
953 scan_freq="2412")
8e416cec
JM		 954 # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
955 # event has been delivered, so verify that wpa_supplicant has returned to
956 # eloop before reading process memory.
54f2cae2 957 time.sleep(1)
8e416cec 958 dev[0].ping()
5b3c40a6
JM		 959
960 buf = read_process_memory(pid, pmk)
961
962 dev[0].request("DISCONNECT")
963 dev[0].wait_disconnected()
964
965 dev[0].relog()
966 pmkr0 = None
967 pmkr1 = None
968 ptk = None
969 gtk = None
970 with open(os.path.join(params['logdir'], 'log0'), 'r') as f:
971 for l in f.readlines():
972 if "FT: PMK-R0 - hexdump" in l:
973 val = l.strip().split(':')[3].replace(' ', '')
974 pmkr0 = binascii.unhexlify(val)
975 if "FT: PMK-R1 - hexdump" in l:
976 val = l.strip().split(':')[3].replace(' ', '')
977 pmkr1 = binascii.unhexlify(val)
f918b95b 978 if "FT: KCK - hexdump" in l:
5b3c40a6 979 val = l.strip().split(':')[3].replace(' ', '')
f918b95b
JM		 980 kck = binascii.unhexlify(val)
981 if "FT: KEK - hexdump" in l:
982 val = l.strip().split(':')[3].replace(' ', '')
983 kek = binascii.unhexlify(val)
984 if "FT: TK - hexdump" in l:
985 val = l.strip().split(':')[3].replace(' ', '')
986 tk = binascii.unhexlify(val)
5b3c40a6
JM		 987 if "WPA: Group Key - hexdump" in l:
988 val = l.strip().split(':')[3].replace(' ', '')
989 gtk = binascii.unhexlify(val)
f918b95b 990 if not pmkr0 or not pmkr1 or not kck or not kek or not tk or not gtk:
5b3c40a6
JM		 991 raise Exception("Could not find keys from debug log")
992 if len(gtk) != 16:
993 raise Exception("Unexpected GTK length")
994
5b3c40a6
JM		 995 logger.info("Checking keys in memory while associated")
996 get_key_locations(buf, pmk, "PMK")
997 get_key_locations(buf, pmkr0, "PMK-R0")
998 get_key_locations(buf, pmkr1, "PMK-R1")
999 if pmk not in buf:
81e787b7 1000 raise HwsimSkip("PMK not found while associated")
5b3c40a6 1001 if pmkr0 not in buf:
81e787b7 1002 raise HwsimSkip("PMK-R0 not found while associated")
5b3c40a6 1003 if pmkr1 not in buf:
81e787b7 1004 raise HwsimSkip("PMK-R1 not found while associated")
5b3c40a6
JM		 1005 if kck not in buf:
1006 raise Exception("KCK not found while associated")
1007 if kek not in buf:
1008 raise Exception("KEK not found while associated")
b74f82a4
JM		 1009 #if tk in buf:
1010 # raise Exception("TK found from memory")
5b3c40a6
JM		 1011
1012 logger.info("Checking keys in memory after disassociation")
1013 buf = read_process_memory(pid, pmk)
1014 get_key_locations(buf, pmk, "PMK")
1015 get_key_locations(buf, pmkr0, "PMK-R0")
1016 get_key_locations(buf, pmkr1, "PMK-R1")
1017
1018 # Note: PMK/PSK is still present in network configuration
1019
1020 fname = os.path.join(params['logdir'],
1021 'ft_psk_key_lifetime_in_memory.memctx-')
1022 verify_not_present(buf, pmkr0, fname, "PMK-R0")
1023 verify_not_present(buf, pmkr1, fname, "PMK-R1")
1024 verify_not_present(buf, kck, fname, "KCK")
1025 verify_not_present(buf, kek, fname, "KEK")
1026 verify_not_present(buf, tk, fname, "TK")
6db556b2
JM		 1027 if gtk in buf:
1028 get_key_locations(buf, gtk, "GTK")
5b3c40a6
JM		 1029 verify_not_present(buf, gtk, fname, "GTK")
1030
1031 dev[0].request("REMOVE_NETWORK all")
1032
1033 logger.info("Checking keys in memory after network profile removal")
1034 buf = read_process_memory(pid, pmk)
1035 get_key_locations(buf, pmk, "PMK")
1036 get_key_locations(buf, pmkr0, "PMK-R0")
1037 get_key_locations(buf, pmkr1, "PMK-R1")
1038
1039 verify_not_present(buf, pmk, fname, "PMK")
1040 verify_not_present(buf, pmkr0, fname, "PMK-R0")
1041 verify_not_present(buf, pmkr1, fname, "PMK-R1")
1042 verify_not_present(buf, kck, fname, "KCK")
1043 verify_not_present(buf, kek, fname, "KEK")
1044 verify_not_present(buf, tk, fname, "TK")
1045 verify_not_present(buf, gtk, fname, "GTK")
664093b5 1046
9fd6804d 1047@remote_compatible
664093b5
JM		 1048def test_ap_ft_invalid_resp(dev, apdev):
1049 """WPA2-PSK-FT AP and invalid response IEs"""
1050 ssid = "test-ft"
1051 passphrase="12345678"
1052
1053 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 1054 hapd0 = hostapd.add_ap(apdev[0], params)
664093b5
JM		 1055 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1056 scan_freq="2412")
1057
1058 params = ft_params2(ssid=ssid, passphrase=passphrase)
8b8a1864 1059 hapd1 = hostapd.add_ap(apdev[1], params)
664093b5
JM		 1060
1061 tests = [
1062 # Various IEs for test coverage. The last one is FTIE with invalid
1063 # R1KH-ID subelement.
1064 "020002000000" + "3800" + "38051122334455" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010100",
1065 # FTIE with invalid R0KH-ID subelement (len=0).
1066 "020002000000" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010300",
1067 # FTIE with invalid R0KH-ID subelement (len=49).
1068 "020002000000" + "378500010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001033101020304050607080910111213141516171819202122232425262728293031323334353637383940414243444546474849",
1069 # Invalid RSNE.
1070 "020002000000" + "3000",
1071 # Required IEs missing from protected IE count.
1072 "020002000000" + "3603a1b201" + "375200010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
1073 # RIC missing from protected IE count.
1074 "020002000000" + "3603a1b201" + "375200020203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
1075 # Protected IE missing.
1076 "020002000000" + "3603a1b201" + "375200ff0203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900" + "0000" ]
1077 for t in tests:
1078 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
1079 hapd1.set("ext_mgmt_frame_handling", "1")
1080 hapd1.dump_monitor()
1081 if "OK" not in dev[0].request("ROAM " + apdev[1]['bssid']):
1082 raise Exception("ROAM failed")
1083 auth = None
1084 for i in range(20):
1085 msg = hapd1.mgmt_rx()
1086 if msg['subtype'] == 11:
1087 auth = msg
1088 break
1089 if not auth:
1090 raise Exception("Authentication frame not seen")
1091
1092 resp = {}
1093 resp['fc'] = auth['fc']
1094 resp['da'] = auth['sa']
1095 resp['sa'] = auth['da']
1096 resp['bssid'] = auth['bssid']
1097 resp['payload'] = binascii.unhexlify(t)
1098 hapd1.mgmt_tx(resp)
1099 hapd1.set("ext_mgmt_frame_handling", "0")
1100 dev[0].wait_disconnected()
1101
1102 dev[0].request("RECONNECT")
1103 dev[0].wait_connected()
7b741a53
JM		 1104
1105def test_ap_ft_gcmp_256(dev, apdev):
1106 """WPA2-PSK-FT AP with GCMP-256 cipher"""
1107 if "GCMP-256" not in dev[0].get_capability("pairwise"):
1108 raise HwsimSkip("Cipher GCMP-256 not supported")
1109 ssid = "test-ft"
1110 passphrase="12345678"
1111
1112 params = ft_params1(ssid=ssid, passphrase=passphrase)
1113 params['rsn_pairwise'] = "GCMP-256"
8b8a1864 1114 hapd0 = hostapd.add_ap(apdev[0], params)
7b741a53
JM		 1115 params = ft_params2(ssid=ssid, passphrase=passphrase)
1116 params['rsn_pairwise'] = "GCMP-256"
8b8a1864 1117 hapd1 = hostapd.add_ap(apdev[1], params)
7b741a53
JM		 1118
1119 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase,
1120 pairwise_cipher="GCMP-256", group_cipher="GCMP-256")
cf671d54
JM		 1121
1122def test_ap_ft_oom(dev, apdev):
1123 """WPA2-PSK-FT and OOM"""
38934ed1 1124 skip_with_fips(dev[0])
cf671d54
JM		 1125 ssid = "test-ft"
1126 passphrase="12345678"
1127
1128 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 1129 hapd0 = hostapd.add_ap(apdev[0], params)
cf671d54 1130 params = ft_params2(ssid=ssid, passphrase=passphrase)
8b8a1864 1131 hapd1 = hostapd.add_ap(apdev[1], params)
cf671d54
JM		 1132
1133 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1134 scan_freq="2412")
1135 if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
1136 dst = apdev[1]['bssid']
1137 else:
1138 dst = apdev[0]['bssid']
1139
1140 dev[0].scan_for_bss(dst, freq="2412")
1141 with alloc_fail(dev[0], 1, "wpa_ft_gen_req_ies"):
1142 dev[0].roam(dst)
7cbc8e67 1143 with fail_test(dev[0], 1, "wpa_ft_mic"):
cf671d54
JM		 1144 dev[0].roam(dst, fail_test=True)
1145 with fail_test(dev[0], 1, "os_get_random;wpa_ft_prepare_auth_request"):
1146 dev[0].roam(dst, fail_test=True)
34d3eaa8 1147
dcbb5d80
JM		 1148 dev[0].request("REMOVE_NETWORK all")
1149 with alloc_fail(dev[0], 1, "=sme_update_ft_ies"):
1150 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1151 scan_freq="2412")
1152
682a79f0
JM		 1153def test_ap_ft_ap_oom(dev, apdev):
1154 """WPA2-PSK-FT and AP OOM"""
1155 ssid = "test-ft"
1156 passphrase="12345678"
1157
1158 params = ft_params1(ssid=ssid, passphrase=passphrase)
1159 hapd0 = hostapd.add_ap(apdev[0], params)
1160 bssid0 = hapd0.own_addr()
1161
1162 dev[0].scan_for_bss(bssid0, freq="2412")
1163 with alloc_fail(hapd0, 1, "wpa_ft_store_pmk_r0"):
1164 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1165 scan_freq="2412")
1166
1167 params = ft_params2(ssid=ssid, passphrase=passphrase)
1168 hapd1 = hostapd.add_ap(apdev[1], params)
1169 bssid1 = hapd1.own_addr()
1170 dev[0].scan_for_bss(bssid1, freq="2412")
1171 # This roam will fail due to missing PMK-R0 (OOM prevented storing it)
1172 dev[0].roam(bssid1)
1173
1174def test_ap_ft_ap_oom2(dev, apdev):
1175 """WPA2-PSK-FT and AP OOM 2"""
1176 ssid = "test-ft"
1177 passphrase="12345678"
1178
1179 params = ft_params1(ssid=ssid, passphrase=passphrase)
1180 hapd0 = hostapd.add_ap(apdev[0], params)
1181 bssid0 = hapd0.own_addr()
1182
1183 dev[0].scan_for_bss(bssid0, freq="2412")
1184 with alloc_fail(hapd0, 1, "wpa_ft_store_pmk_r1"):
1185 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1186 scan_freq="2412")
1187
1188 params = ft_params2(ssid=ssid, passphrase=passphrase)
1189 hapd1 = hostapd.add_ap(apdev[1], params)
1190 bssid1 = hapd1.own_addr()
1191 dev[0].scan_for_bss(bssid1, freq="2412")
1192 dev[0].roam(bssid1)
1193 if dev[0].get_status_field('bssid') != bssid1:
1194 raise Exception("Did not roam to AP1")
1195 # This roam will fail due to missing PMK-R1 (OOM prevented storing it)
1196 dev[0].roam(bssid0)
1197
1198def test_ap_ft_ap_oom3(dev, apdev):
1199 """WPA2-PSK-FT and AP OOM 3"""
1200 ssid = "test-ft"
1201 passphrase="12345678"
1202
1203 params = ft_params1(ssid=ssid, passphrase=passphrase)
1204 hapd0 = hostapd.add_ap(apdev[0], params)
1205 bssid0 = hapd0.own_addr()
1206
1207 dev[0].scan_for_bss(bssid0, freq="2412")
1208 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1209 scan_freq="2412")
1210
1211 params = ft_params2(ssid=ssid, passphrase=passphrase)
1212 hapd1 = hostapd.add_ap(apdev[1], params)
1213 bssid1 = hapd1.own_addr()
1214 dev[0].scan_for_bss(bssid1, freq="2412")
1215 with alloc_fail(hapd1, 1, "wpa_ft_pull_pmk_r1"):
1216 # This will fail due to not being able to send out PMK-R1 pull request
1217 dev[0].roam(bssid1)
1218
ba88dd65 1219 with fail_test(hapd1, 2, "os_get_random;wpa_ft_pull_pmk_r1"):
682a79f0
JM		 1220 # This will fail due to not being able to send out PMK-R1 pull request
1221 dev[0].roam(bssid1)
1222
ba88dd65
MB		 1223 with fail_test(hapd1, 2, "aes_siv_encrypt;wpa_ft_pull_pmk_r1"):
1224 # This will fail due to not being able to send out PMK-R1 pull request
1225 dev[0].roam(bssid1)
1226
1227def test_ap_ft_ap_oom3b(dev, apdev):
1228 """WPA2-PSK-FT and AP OOM 3b"""
1229 ssid = "test-ft"
1230 passphrase="12345678"
1231
1232 params = ft_params1(ssid=ssid, passphrase=passphrase)
1233 hapd0 = hostapd.add_ap(apdev[0], params)
1234 bssid0 = hapd0.own_addr()
1235
1236 dev[0].scan_for_bss(bssid0, freq="2412")
1237 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1238 scan_freq="2412")
1239
1240 params = ft_params2(ssid=ssid, passphrase=passphrase)
1241 hapd1 = hostapd.add_ap(apdev[1], params)
1242 bssid1 = hapd1.own_addr()
1243 dev[0].scan_for_bss(bssid1, freq="2412")
1244 with fail_test(hapd1, 1, "os_get_random;wpa_ft_pull_pmk_r1"):
682a79f0
JM		 1245 # This will fail due to not being able to send out PMK-R1 pull request
1246 dev[0].roam(bssid1)
1247
1248def test_ap_ft_ap_oom4(dev, apdev):
1249 """WPA2-PSK-FT and AP OOM 4"""
1250 ssid = "test-ft"
1251 passphrase="12345678"
1252
1253 params = ft_params1(ssid=ssid, passphrase=passphrase)
1254 hapd0 = hostapd.add_ap(apdev[0], params)
1255 bssid0 = hapd0.own_addr()
1256
1257 dev[0].scan_for_bss(bssid0, freq="2412")
1258 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1259 scan_freq="2412")
1260
1261 params = ft_params2(ssid=ssid, passphrase=passphrase)
1262 hapd1 = hostapd.add_ap(apdev[1], params)
1263 bssid1 = hapd1.own_addr()
1264 dev[0].scan_for_bss(bssid1, freq="2412")
1265 with alloc_fail(hapd1, 1, "wpa_ft_gtk_subelem"):
1266 dev[0].roam(bssid1)
1267 if dev[0].get_status_field('bssid') != bssid1:
1268 raise Exception("Did not roam to AP1")
1269
1270 with fail_test(hapd0, 1, "wpa_auth_get_seqnum;wpa_ft_gtk_subelem"):
1271 dev[0].roam(bssid0)
1272 if dev[0].get_status_field('bssid') != bssid0:
1273 raise Exception("Did not roam to AP0")
1274
1275 with fail_test(hapd0, 1, "aes_wrap;wpa_ft_gtk_subelem"):
1276 dev[0].roam(bssid1)
1277 if dev[0].get_status_field('bssid') != bssid1:
1278 raise Exception("Did not roam to AP1")
1279
1280def test_ap_ft_ap_oom5(dev, apdev):
1281 """WPA2-PSK-FT and AP OOM 5"""
1282 ssid = "test-ft"
1283 passphrase="12345678"
1284
1285 params = ft_params1(ssid=ssid, passphrase=passphrase)
1286 hapd0 = hostapd.add_ap(apdev[0], params)
1287 bssid0 = hapd0.own_addr()
1288
1289 dev[0].scan_for_bss(bssid0, freq="2412")
1290 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1291 scan_freq="2412")
1292
1293 params = ft_params2(ssid=ssid, passphrase=passphrase)
1294 hapd1 = hostapd.add_ap(apdev[1], params)
1295 bssid1 = hapd1.own_addr()
1296 dev[0].scan_for_bss(bssid1, freq="2412")
1297 with alloc_fail(hapd1, 1, "=wpa_ft_process_auth_req"):
1298 # This will fail to roam
1299 dev[0].roam(bssid1)
1300
1301 with fail_test(hapd1, 1, "os_get_random;wpa_ft_process_auth_req"):
1302 # This will fail to roam
1303 dev[0].roam(bssid1)
1304
1305 with fail_test(hapd1, 1, "sha256_prf_bits;wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
1306 # This will fail to roam
1307 dev[0].roam(bssid1)
1308
1309 with fail_test(hapd1, 3, "wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
1310 # This will fail to roam
1311 dev[0].roam(bssid1)
1312
1313 with fail_test(hapd1, 1, "wpa_derive_pmk_r1_name;wpa_ft_process_auth_req"):
1314 # This will fail to roam
1315 dev[0].roam(bssid1)
1316
1317def test_ap_ft_ap_oom6(dev, apdev):
1318 """WPA2-PSK-FT and AP OOM 6"""
1319 ssid = "test-ft"
1320 passphrase="12345678"
1321
1322 params = ft_params1(ssid=ssid, passphrase=passphrase)
1323 hapd0 = hostapd.add_ap(apdev[0], params)
1324 bssid0 = hapd0.own_addr()
1325
1326 dev[0].scan_for_bss(bssid0, freq="2412")
1327 with fail_test(hapd0, 1, "wpa_derive_pmk_r0;wpa_auth_derive_ptk_ft"):
1328 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1329 scan_freq="2412")
1330 dev[0].request("REMOVE_NETWORK all")
1331 dev[0].wait_disconnected()
1332 with fail_test(hapd0, 1, "wpa_derive_pmk_r1;wpa_auth_derive_ptk_ft"):
1333 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1334 scan_freq="2412")
1335 dev[0].request("REMOVE_NETWORK all")
1336 dev[0].wait_disconnected()
1337 with fail_test(hapd0, 1, "wpa_pmk_r1_to_ptk;wpa_auth_derive_ptk_ft"):
1338 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1339 scan_freq="2412")
1340
1341def test_ap_ft_ap_oom7(dev, apdev):
1342 """WPA2-PSK-FT and AP OOM 7"""
1343 ssid = "test-ft"
1344 passphrase="12345678"
1345
1346 params = ft_params1(ssid=ssid, passphrase=passphrase)
1347 params["ieee80211w"] = "2"
1348 hapd0 = hostapd.add_ap(apdev[0], params)
1349 bssid0 = hapd0.own_addr()
1350
1351 dev[0].scan_for_bss(bssid0, freq="2412")
1352 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1353 ieee80211w="2", scan_freq="2412")
1354
1355 params = ft_params2(ssid=ssid, passphrase=passphrase)
1356 params["ieee80211w"] = "2"
1357 hapd1 = hostapd.add_ap(apdev[1], params)
1358 bssid1 = hapd1.own_addr()
1359 dev[0].scan_for_bss(bssid1, freq="2412")
1360 with alloc_fail(hapd1, 1, "wpa_ft_igtk_subelem"):
1361 # This will fail to roam
1362 dev[0].roam(bssid1)
1363 with fail_test(hapd1, 1, "aes_wrap;wpa_ft_igtk_subelem"):
1364 # This will fail to roam
1365 dev[0].roam(bssid1)
1366 with alloc_fail(hapd1, 1, "=wpa_sm_write_assoc_resp_ies"):
1367 # This will fail to roam
1368 dev[0].roam(bssid1)
1369 with fail_test(hapd1, 1, "wpa_ft_mic;wpa_sm_write_assoc_resp_ies"):
1370 # This will fail to roam
1371 dev[0].roam(bssid1)
1372
1373def test_ap_ft_ap_oom8(dev, apdev):
1374 """WPA2-PSK-FT and AP OOM 8"""
1375 ssid = "test-ft"
1376 passphrase="12345678"
1377
1378 params = ft_params1(ssid=ssid, passphrase=passphrase)
1379 params['ft_psk_generate_local'] = "1";
1380 hapd0 = hostapd.add_ap(apdev[0], params)
1381 bssid0 = hapd0.own_addr()
1382
1383 dev[0].scan_for_bss(bssid0, freq="2412")
1384 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1385 scan_freq="2412")
1386
1387 params = ft_params2(ssid=ssid, passphrase=passphrase)
1388 params['ft_psk_generate_local'] = "1";
1389 hapd1 = hostapd.add_ap(apdev[1], params)
1390 bssid1 = hapd1.own_addr()
1391 dev[0].scan_for_bss(bssid1, freq="2412")
1392 with fail_test(hapd1, 1, "wpa_derive_pmk_r0;wpa_ft_psk_pmk_r1"):
1393 # This will fail to roam
1394 dev[0].roam(bssid1)
1395 with fail_test(hapd1, 1, "wpa_derive_pmk_r1;wpa_ft_psk_pmk_r1"):
1396 # This will fail to roam
1397 dev[0].roam(bssid1)
1398
1399def test_ap_ft_ap_oom9(dev, apdev):
1400 """WPA2-PSK-FT and AP OOM 9"""
1401 ssid = "test-ft"
1402 passphrase="12345678"
1403
1404 params = ft_params1(ssid=ssid, passphrase=passphrase)
1405 hapd0 = hostapd.add_ap(apdev[0], params)
1406 bssid0 = hapd0.own_addr()
1407
1408 dev[0].scan_for_bss(bssid0, freq="2412")
1409 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1410 scan_freq="2412")
1411
1412 params = ft_params2(ssid=ssid, passphrase=passphrase)
1413 hapd1 = hostapd.add_ap(apdev[1], params)
1414 bssid1 = hapd1.own_addr()
1415 dev[0].scan_for_bss(bssid1, freq="2412")
1416
1417 with alloc_fail(hapd0, 1, "wpa_ft_action_rx"):
1418 # This will fail to roam
1419 if "OK" not in dev[0].request("FT_DS " + bssid1):
1420 raise Exception("FT_DS failed")
1421 wait_fail_trigger(hapd0, "GET_ALLOC_FAIL")
1422
1423 with alloc_fail(hapd1, 1, "wpa_ft_rrb_rx_request"):
1424 # This will fail to roam
1425 if "OK" not in dev[0].request("FT_DS " + bssid1):
1426 raise Exception("FT_DS failed")
1427 wait_fail_trigger(hapd1, "GET_ALLOC_FAIL")
1428
1429 with alloc_fail(hapd1, 1, "wpa_ft_send_rrb_auth_resp"):
1430 # This will fail to roam
1431 if "OK" not in dev[0].request("FT_DS " + bssid1):
1432 raise Exception("FT_DS failed")
1433 wait_fail_trigger(hapd1, "GET_ALLOC_FAIL")
1434
1435def test_ap_ft_ap_oom10(dev, apdev):
1436 """WPA2-PSK-FT and AP OOM 10"""
1437 ssid = "test-ft"
1438 passphrase="12345678"
1439
1440 params = ft_params1(ssid=ssid, passphrase=passphrase)
1441 hapd0 = hostapd.add_ap(apdev[0], params)
1442 bssid0 = hapd0.own_addr()
1443
1444 dev[0].scan_for_bss(bssid0, freq="2412")
1445 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1446 scan_freq="2412")
1447
1448 params = ft_params2(ssid=ssid, passphrase=passphrase)
1449 hapd1 = hostapd.add_ap(apdev[1], params)
1450 bssid1 = hapd1.own_addr()
1451 dev[0].scan_for_bss(bssid1, freq="2412")
1452
9441a227 1453 with fail_test(hapd0, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_pull"):
682a79f0
JM		 1454 # This will fail to roam
1455 if "OK" not in dev[0].request("FT_DS " + bssid1):
1456 raise Exception("FT_DS failed")
1457 wait_fail_trigger(hapd0, "GET_FAIL")
1458
1459 with fail_test(hapd0, 1, "wpa_derive_pmk_r1;wpa_ft_rrb_rx_pull"):
1460 # This will fail to roam
1461 if "OK" not in dev[0].request("FT_DS " + bssid1):
1462 raise Exception("FT_DS failed")
1463 wait_fail_trigger(hapd0, "GET_FAIL")
1464
9441a227 1465 with fail_test(hapd0, 1, "aes_siv_encrypt;wpa_ft_rrb_rx_pull"):
682a79f0
JM		 1466 # This will fail to roam
1467 if "OK" not in dev[0].request("FT_DS " + bssid1):
1468 raise Exception("FT_DS failed")
1469 wait_fail_trigger(hapd0, "GET_FAIL")
1470
9441a227 1471 with fail_test(hapd1, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_resp"):
682a79f0
JM		 1472 # This will fail to roam
1473 if "OK" not in dev[0].request("FT_DS " + bssid1):
1474 raise Exception("FT_DS failed")
1475 wait_fail_trigger(hapd1, "GET_FAIL")
1476
1477def test_ap_ft_ap_oom11(dev, apdev):
1478 """WPA2-PSK-FT and AP OOM 11"""
1479 ssid = "test-ft"
1480 passphrase="12345678"
1481
1482 params = ft_params1(ssid=ssid, passphrase=passphrase)
1483 hapd0 = hostapd.add_ap(apdev[0], params)
1484 bssid0 = hapd0.own_addr()
1485
1486 dev[0].scan_for_bss(bssid0, freq="2412")
1487 with fail_test(hapd0, 1, "wpa_derive_pmk_r1;wpa_ft_generate_pmk_r1"):
1488 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1489 scan_freq="2412")
1490 wait_fail_trigger(hapd0, "GET_FAIL")
1491
1492 dev[1].scan_for_bss(bssid0, freq="2412")
9441a227 1493 with fail_test(hapd0, 1, "aes_siv_encrypt;wpa_ft_generate_pmk_r1"):
682a79f0
JM		 1494 dev[1].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1495 scan_freq="2412")
1496 wait_fail_trigger(hapd0, "GET_FAIL")
1497
a04e6f3d
JM		 1498def test_ap_ft_over_ds_proto_ap(dev, apdev):
1499 """WPA2-PSK-FT AP over DS protocol testing for AP processing"""
1500 ssid = "test-ft"
1501 passphrase="12345678"
1502
1503 params = ft_params1(ssid=ssid, passphrase=passphrase)
1504 hapd0 = hostapd.add_ap(apdev[0], params)
1505 bssid0 = hapd0.own_addr()
1506 _bssid0 = bssid0.replace(':', '')
1507 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1508 scan_freq="2412")
1509 addr = dev[0].own_addr()
1510 _addr = addr.replace(':', '')
1511
1512 params = ft_params2(ssid=ssid, passphrase=passphrase)
1513 hapd1 = hostapd.add_ap(apdev[1], params)
1514 bssid1 = hapd1.own_addr()
1515 _bssid1 = bssid1.replace(':', '')
1516
1517 hapd0.set("ext_mgmt_frame_handling", "1")
1518 hdr = "d0003a01" + _bssid0 + _addr + _bssid0 + "1000"
1519 valid = "0601" + _addr + _bssid1
1520 tests = [ "0601",
1521 "0601" + _addr,
1522 "0601" + _addr + _bssid0,
1523 "0601" + _addr + "ffffffffffff",
1524 "0601" + _bssid0 + _bssid0,
1525 valid,
1526 valid + "01",
1527 valid + "3700",
1528 valid + "3600",
1529 valid + "3603ffffff",
1530 valid + "3603a1b2ff",
1531 valid + "3603a1b2ff" + "3700",
1532 valid + "3603a1b2ff" + "37520000" + 16*"00" + 32*"00" + 32*"00",
1533 valid + "3603a1b2ff" + "37520001" + 16*"00" + 32*"00" + 32*"00",
1534 valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa",
1535 valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "3000",
1536 valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000facff00000100a225368fe0983b5828a37a0acb37f253",
1537 valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac030100000fac0400000100a225368fe0983b5828a37a0acb37f253",
1538 valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000fac0400000100a225368fe0983b5828a37a0acb37f253",
1539 valid + "0001" ]
1540 for t in tests:
1541 hapd0.dump_monitor()
1542 if "OK" not in hapd0.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + t):
1543 raise Exception("MGMT_RX_PROCESS failed")
1544
1545 hapd0.set("ext_mgmt_frame_handling", "0")
1546
34d3eaa8
JM		 1547def test_ap_ft_over_ds_proto(dev, apdev):
1548 """WPA2-PSK-FT AP over DS protocol testing"""
1549 ssid = "test-ft"
1550 passphrase="12345678"
1551
1552 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 1553 hapd0 = hostapd.add_ap(apdev[0], params)
34d3eaa8
JM		 1554 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1555 scan_freq="2412")
1556
1557 # FT Action Response while no FT-over-DS in progress
1558 msg = {}
1559 msg['fc'] = 13 << 4
1560 msg['da'] = dev[0].own_addr()
1561 msg['sa'] = apdev[0]['bssid']
1562 msg['bssid'] = apdev[0]['bssid']
1563 msg['payload'] = binascii.unhexlify("06020200000000000200000004000000")
1564 hapd0.mgmt_tx(msg)
1565
1566 params = ft_params2(ssid=ssid, passphrase=passphrase)
8b8a1864 1567 hapd1 = hostapd.add_ap(apdev[1], params)
34d3eaa8
JM		 1568 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
1569 hapd0.set("ext_mgmt_frame_handling", "1")
1570 hapd0.dump_monitor()
1571 dev[0].request("FT_DS " + apdev[1]['bssid'])
1572 for i in range(0, 10):
1573 req = hapd0.mgmt_rx()
1574 if req is None:
1575 raise Exception("MGMT RX wait timed out")
1576 if req['subtype'] == 13:
1577 break
1578 req = None
1579 if not req:
1580 raise Exception("FT Action frame not received")
1581
1582 # FT Action Response for unexpected Target AP
1583 msg['payload'] = binascii.unhexlify("0602020000000000" + "f20000000400" + "0000")
1584 hapd0.mgmt_tx(msg)
1585
1586 # FT Action Response without MDIE
1587 msg['payload'] = binascii.unhexlify("0602020000000000" + "020000000400" + "0000")
1588 hapd0.mgmt_tx(msg)
1589
1590 # FT Action Response without FTIE
1591 msg['payload'] = binascii.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201")
1592 hapd0.mgmt_tx(msg)
1593
1594 # FT Action Response with FTIE SNonce mismatch
1595 msg['payload'] = binascii.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201" + "3766000000000000000000000000000000000000c4e67ac1999bebd00ff4ae4d5dcaf87896bb060b469f7c78d49623fb395c3455ffffff6b693fe6f8d8c5dfac0a22344750775bd09437f98b238c9f87b97f790c0106000102030406030a6e6173312e77312e6669")
1596 hapd0.mgmt_tx(msg)
6f3815c0 1597
9fd6804d 1598@remote_compatible
6f3815c0
JM		 1599def test_ap_ft_rrb(dev, apdev):
1600 """WPA2-PSK-FT RRB protocol testing"""
1601 ssid = "test-ft"
1602 passphrase="12345678"
1603
1604 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 1605 hapd0 = hostapd.add_ap(apdev[0], params)
6f3815c0
JM		 1606
1607 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1608 scan_freq="2412")
1609
1610 _dst_ll = binascii.unhexlify(apdev[0]['bssid'].replace(':',''))
1611 _src_ll = binascii.unhexlify(dev[0].own_addr().replace(':',''))
1612 proto = '\x89\x0d'
1613 ehdr = _dst_ll + _src_ll + proto
1614
1615 # Too short RRB frame
1616 pkt = ehdr + '\x01'
1617 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1618 raise Exception("DATA_TEST_FRAME failed")
1619
1620 # RRB discarded frame wikth unrecognized type
1621 pkt = ehdr + '\x02' + '\x02' + '\x01\x00' + _src_ll
1622 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1623 raise Exception("DATA_TEST_FRAME failed")
1624
1625 # RRB frame too short for action frame
1626 pkt = ehdr + '\x01' + '\x02' + '\x01\x00' + _src_ll
1627 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1628 raise Exception("DATA_TEST_FRAME failed")
1629
1630 # Too short RRB frame (not enough room for Action Frame body)
1631 pkt = ehdr + '\x01' + '\x02' + '\x00\x00' + _src_ll
1632 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1633 raise Exception("DATA_TEST_FRAME failed")
1634
1635 # Unexpected Action frame category
1636 pkt = ehdr + '\x01' + '\x02' + '\x0e\x00' + _src_ll + '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1637 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1638 raise Exception("DATA_TEST_FRAME failed")
1639
1640 # Unexpected Action in RRB Request
1641 pkt = ehdr + '\x01' + '\x00' + '\x0e\x00' + _src_ll + '\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1642 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1643 raise Exception("DATA_TEST_FRAME failed")
1644
1645 # Target AP address in RRB Request does not match with own address
1646 pkt = ehdr + '\x01' + '\x00' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1647 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1648 raise Exception("DATA_TEST_FRAME failed")
1649
1650 # Not enough room for status code in RRB Response
1651 pkt = ehdr + '\x01' + '\x01' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1652 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1653 raise Exception("DATA_TEST_FRAME failed")
1654
1655 # RRB discarded frame with unknown packet_type
1656 pkt = ehdr + '\x01' + '\x02' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1657 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1658 raise Exception("DATA_TEST_FRAME failed")
1659
1660 # RRB Response with non-zero status code; no STA match
1661 pkt = ehdr + '\x01' + '\x01' + '\x10\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + '\xff\xff'
1662 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1663 raise Exception("DATA_TEST_FRAME failed")
1664
1665 # RRB Response with zero status code and extra data; STA match
1666 pkt = ehdr + '\x01' + '\x01' + '\x11\x00' + _src_ll + '\x06\x01' + _src_ll + '\x00\x00\x00\x00\x00\x00' + '\x00\x00' + '\x00'
1667 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1668 raise Exception("DATA_TEST_FRAME failed")
1669
1670 # Too short PMK-R1 pull
1671 pkt = ehdr + '\x01' + '\xc8' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1672 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1673 raise Exception("DATA_TEST_FRAME failed")
1674
1675 # Too short PMK-R1 resp
1676 pkt = ehdr + '\x01' + '\xc9' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1677 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1678 raise Exception("DATA_TEST_FRAME failed")
1679
1680 # Too short PMK-R1 push
1681 pkt = ehdr + '\x01' + '\xca' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1682 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1683 raise Exception("DATA_TEST_FRAME failed")
1684
1685 # No matching R0KH address found for PMK-R0 pull response
1686 pkt = ehdr + '\x01' + '\xc9' + '\x5a\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + 76*'\00'
1687 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1688 raise Exception("DATA_TEST_FRAME failed")
ecafa0cf 1689
9fd6804d 1690@remote_compatible
ecafa0cf
JM		 1691def test_rsn_ie_proto_ft_psk_sta(dev, apdev):
1692 """RSN element protocol testing for FT-PSK + PMF cases on STA side"""
1693 bssid = apdev[0]['bssid']
1694 ssid = "test-ft"
1695 passphrase="12345678"
1696
1697 params = ft_params1(ssid=ssid, passphrase=passphrase)
bc6e3288 1698 params["ieee80211w"] = "1"
ecafa0cf
JM		 1699 # This is the RSN element used normally by hostapd
1700 params['own_ie_override'] = '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'
8b8a1864 1701 hapd = hostapd.add_ap(apdev[0], params)
ecafa0cf
JM		 1702 id = dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1703 ieee80211w="1", scan_freq="2412",
1704 pairwise="CCMP", group="CCMP")
1705
1706 tests = [ ('PMKIDCount field included',
1707 '30160100000fac040100000fac040100000fac048c000000' + '3603a1b201'),
1708 ('Extra IE before RSNE',
1709 'dd0400000000' + '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'),
1710 ('PMKIDCount and Group Management Cipher suite fields included',
1711 '301a0100000fac040100000fac040100000fac048c000000000fac06' + '3603a1b201'),
1712 ('Extra octet after defined fields (future extensibility)',
1713 '301b0100000fac040100000fac040100000fac048c000000000fac0600' + '3603a1b201'),
1714 ('No RSN Capabilities field (PMF disabled in practice)',
1715 '30120100000fac040100000fac040100000fac04' + '3603a1b201') ]
1716 for txt,ie in tests:
1717 dev[0].request("DISCONNECT")
1718 dev[0].wait_disconnected()
1719 logger.info(txt)
1720 hapd.disable()
1721 hapd.set('own_ie_override', ie)
1722 hapd.enable()
1723 dev[0].request("BSS_FLUSH 0")
1724 dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
1725 dev[0].select_network(id, freq=2412)
1726 dev[0].wait_connected()
1727
1728 dev[0].request("DISCONNECT")
1729 dev[0].wait_disconnected()
1730
1731 logger.info('Invalid RSNE causing internal hostapd error')
1732 hapd.disable()
1733 hapd.set('own_ie_override', '30130100000fac040100000fac040100000fac048c' + '3603a1b201')
1734 hapd.enable()
1735 dev[0].request("BSS_FLUSH 0")
1736 dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
1737 dev[0].select_network(id, freq=2412)
1738 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
1739 # complete.
1740 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
1741 if ev is not None:
1742 raise Exception("Unexpected connection")
1743 dev[0].request("DISCONNECT")
1744
1745 logger.info('Unexpected PMKID causing internal hostapd error')
1746 hapd.disable()
1747 hapd.set('own_ie_override', '30260100000fac040100000fac040100000fac048c000100ffffffffffffffffffffffffffffffff' + '3603a1b201')
1748 hapd.enable()
1749 dev[0].request("BSS_FLUSH 0")
1750 dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
1751 dev[0].select_network(id, freq=2412)
1752 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
1753 # complete.
1754 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
1755 if ev is not None:
1756 raise Exception("Unexpected connection")
1757 dev[0].request("DISCONNECT")
1025603b
JM		 1758
1759def test_ap_ft_ptk_rekey(dev, apdev):
1760 """WPA2-PSK-FT PTK rekeying triggered by station after roam"""
1761 ssid = "test-ft"
1762 passphrase="12345678"
1763
1764 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 1765 hapd0 = hostapd.add_ap(apdev[0], params)
1025603b 1766 params = ft_params2(ssid=ssid, passphrase=passphrase)
8b8a1864 1767 hapd1 = hostapd.add_ap(apdev[1], params)
1025603b
JM		 1768
1769 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, ptk_rekey="1")
1770
1771 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED",
1772 "WPA: Key negotiation completed"], timeout=5)
1773 if ev is None:
1774 raise Exception("No event received after roam")
1775 if "CTRL-EVENT-DISCONNECTED" in ev:
1776 raise Exception("Unexpected disconnection after roam")
1777
1778 if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
1779 hapd = hapd0
1780 else:
1781 hapd = hapd1
1782 hwsim_utils.test_connectivity(dev[0], hapd)
1783
1784def test_ap_ft_ptk_rekey_ap(dev, apdev):
1785 """WPA2-PSK-FT PTK rekeying triggered by AP after roam"""
1786 ssid = "test-ft"
1787 passphrase="12345678"
1788
1789 params = ft_params1(ssid=ssid, passphrase=passphrase)
1790 params['wpa_ptk_rekey'] = '2'
8b8a1864 1791 hapd0 = hostapd.add_ap(apdev[0], params)
1025603b
JM		 1792 params = ft_params2(ssid=ssid, passphrase=passphrase)
1793 params['wpa_ptk_rekey'] = '2'
8b8a1864 1794 hapd1 = hostapd.add_ap(apdev[1], params)
1025603b
JM		 1795
1796 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
1797
1798 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED",
1799 "WPA: Key negotiation completed"], timeout=5)
1800 if ev is None:
1801 raise Exception("No event received after roam")
1802 if "CTRL-EVENT-DISCONNECTED" in ev:
1803 raise Exception("Unexpected disconnection after roam")
1804
1805 if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
1806 hapd = hapd0
1807 else:
1808 hapd = hapd1
1809 hwsim_utils.test_connectivity(dev[0], hapd)
186ca473
MB		 1810
1811def test_ap_ft_internal_rrb_check(dev, apdev):
1812 """RRB internal delivery only to WPA enabled BSS"""
1813 ssid = "test-ft"
1814 passphrase="12345678"
1815
1816 radius = hostapd.radius_params()
1817 params = ft_params1(ssid=ssid, passphrase=passphrase)
1818 params['wpa_key_mgmt'] = "FT-EAP"
1819 params["ieee8021x"] = "1"
1820 params = dict(radius.items() + params.items())
8b8a1864 1821 hapd = hostapd.add_ap(apdev[0], params)
186ca473
MB		 1822 key_mgmt = hapd.get_config()['key_mgmt']
1823 if key_mgmt.split(' ')[0] != "FT-EAP":
1824 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
1825
8b8a1864 1826 hapd1 = hostapd.add_ap(apdev[1], { "ssid" : ssid })
186ca473
MB		 1827
1828 # Connect to WPA enabled AP
1829 dev[0].connect(ssid, key_mgmt="FT-EAP", proto="WPA2", ieee80211w="1",
1830 eap="GPSK", identity="gpsk user",
1831 password="abcdefghijklmnop0123456789abcdef",
1832 scan_freq="2412")
1833
1834 # Try over_ds roaming to non-WPA-enabled AP.
1835 # If hostapd does not check hapd->wpa_auth internally, it will crash now.
1836 dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True)
c85fcff2
JM		 1837
1838def test_ap_ft_extra_ie(dev, apdev):
1839 """WPA2-PSK-FT AP with WPA2-PSK enabled and unexpected MDE"""
1840 ssid = "test-ft"
1841 passphrase="12345678"
1842
1843 params = ft_params1(ssid=ssid, passphrase=passphrase)
1844 params["wpa_key_mgmt"] = "WPA-PSK FT-PSK"
1845 hapd0 = hostapd.add_ap(apdev[0], params)
1846 dev[1].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1847 scan_freq="2412")
1848 dev[2].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK", proto="WPA2",
1849 scan_freq="2412")
1850 try:
1851 # Add Mobility Domain element to test AP validation code.
1852 dev[0].request("VENDOR_ELEM_ADD 13 3603a1b201")
1853 dev[0].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK", proto="WPA2",
1854 scan_freq="2412", wait_connect=False)
1855 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
1856 "CTRL-EVENT-ASSOC-REJECT"], timeout=10)
1857 if ev is None:
1858 raise Exception("No connection result")
1859 if "CTRL-EVENT-CONNECTED" in ev:
1860 raise Exception("Non-FT association accepted with MDE")
1861 if "status_code=43" not in ev:
1862 raise Exception("Unexpected status code: " + ev)
1863 dev[0].request("DISCONNECT")
1864 finally:
1865 dev[0].request("VENDOR_ELEM_REMOVE 13 *")
fd7205fa
JM		 1866
1867def test_ap_ft_ric(dev, apdev):
1868 """WPA2-PSK-FT AP and RIC"""
1869 ssid = "test-ft"
1870 passphrase="12345678"
1871
1872 params = ft_params1(ssid=ssid, passphrase=passphrase)
1873 hapd0 = hostapd.add_ap(apdev[0], params)
1874 params = ft_params2(ssid=ssid, passphrase=passphrase)
1875 hapd1 = hostapd.add_ap(apdev[1], params)
1876
1877 dev[0].set("ric_ies", "")
1878 dev[0].set("ric_ies", '""')
1879 if "FAIL" not in dev[0].request("SET ric_ies q"):
1880 raise Exception("Invalid ric_ies value accepted")
1881
1882 tests = [ "3900",
1883 "3900ff04eeeeeeee",
1884 "390400000000",
1885 "390400000000" + "390400000000",
1886 "390400000000" + "dd050050f20202",
1887 "390400000000" + "dd3d0050f2020201" + 55*"00",
1888 "390400000000" + "dd3d0050f2020201aa300010270000000000000000000000000000000000000000000000000000ffffff7f00000000000000000000000040420f00ffff0000",
1889 "390401010000" + "dd3d0050f2020201aa3000dc050000000000000000000000000000000000000000000000000000dc050000000000000000000000000000808d5b0028230000" ]
1890 for t in tests:
1891 dev[0].set("ric_ies", t)
1892 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase,
1893 test_connectivity=False)
1894 dev[0].request("REMOVE_NETWORK all")
1895 dev[0].wait_disconnected()
1896 dev[0].dump_monitor()
c8942286
JM		 1897
1898def ie_hex(ies, id):
1899 return binascii.hexlify(struct.pack('BB', id, len(ies[id])) + ies[id])
1900
1901def test_ap_ft_reassoc_proto(dev, apdev):
1902 """WPA2-PSK-FT AP Reassociation Request frame parsing"""
1903 ssid = "test-ft"
1904 passphrase="12345678"
1905
1906 params = ft_params1(ssid=ssid, passphrase=passphrase)
1907 hapd0 = hostapd.add_ap(apdev[0], params)
1908 params = ft_params2(ssid=ssid, passphrase=passphrase)
1909 hapd1 = hostapd.add_ap(apdev[1], params)
1910
1911 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1912 ieee80211w="1", scan_freq="2412")
1913 if dev[0].get_status_field('bssid') == hapd0.own_addr():
1914 hapd1ap = hapd0
1915 hapd2ap = hapd1
1916 else:
1917 hapd1ap = hapd1
1918 hapd2ap = hapd0
1919
1920 dev[0].scan_for_bss(hapd2ap.own_addr(), freq="2412")
1921 hapd2ap.set("ext_mgmt_frame_handling", "1")
1922 dev[0].request("ROAM " + hapd2ap.own_addr())
1923
1924 while True:
1925 req = hapd2ap.mgmt_rx()
1926 hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']))
1927 if req['subtype'] == 11:
1928 break
1929
1930 while True:
1931 req = hapd2ap.mgmt_rx()
1932 if req['subtype'] == 2:
1933 break
1934 hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']))
1935
1936 # IEEE 802.11 header + fixed fields before IEs
1937 hdr = binascii.hexlify(req['frame'][0:34])
1938 ies = parse_ie(binascii.hexlify(req['frame'][34:]))
1939 # First elements: SSID, Supported Rates, Extended Supported Rates
1940 ies1 = ie_hex(ies, 0) + ie_hex(ies, 1) + ie_hex(ies, 50)
1941
1942 rsne = ie_hex(ies, 48)
1943 mde = ie_hex(ies, 54)
1944 fte = ie_hex(ies, 55)
1945 tests = [ ]
1946 # RSN: Trying to use FT, but MDIE not included
1947 tests += [ rsne ]
1948 # RSN: Attempted to use unknown MDIE
1949 tests += [ rsne + "3603000000" ]
1950 # Invalid RSN pairwise cipher
1951 tests += [ "30260100000fac040100000fac030100000fac040000010029208a42cd25c85aa571567dce10dae3" ]
1952 # FT: No PMKID in RSNIE
1953 tests += [ "30160100000fac040100000fac040100000fac0400000000" + ie_hex(ies, 54) ]
1954 # FT: Invalid FTIE
1955 tests += [ rsne + mde ]
1956 # FT: RIC IE(s) in the frame, but not included in protected IE count
1957 # FT: Failed to parse FT IEs
1958 tests += [ rsne + mde + fte + "3900" ]
1959 # FT: SNonce mismatch in FTIE
1960 tests += [ rsne + mde + "37520000" + 16*"00" + 32*"00" + 32*"00" ]
1961 # FT: ANonce mismatch in FTIE
1962 tests += [ rsne + mde + fte[0:40] + 32*"00" + fte[104:] ]
1963 # FT: No R0KH-ID subelem in FTIE
1964 tests += [ rsne + mde + "3752" + fte[4:168] ]
1965 # FT: R0KH-ID in FTIE did not match with the current R0KH-ID
1966 tests += [ rsne + mde + "3755" + fte[4:168] + "0301ff" ]
1967 # FT: No R1KH-ID subelem in FTIE
1968 tests += [ rsne + mde + "375e" + fte[4:168] + "030a" + "nas1.w1.fi".encode("hex") ]
1969 # FT: Unknown R1KH-ID used in ReassocReq
1970 tests += [ rsne + mde + "3766" + fte[4:168] + "030a" + "nas1.w1.fi".encode("hex") + "0106000000000000" ]
1971 # FT: PMKID in Reassoc Req did not match with the PMKR1Name derived from auth request
1972 tests += [ rsne[:-32] + 16*"00" + mde + fte ]
1973 # Invalid MIC in FTIE
1974 tests += [ rsne + mde + fte[0:8] + 16*"00" + fte[40:] ]
1975 for t in tests:
1976 hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + ies1 + t)
1977
1978def test_ap_ft_reassoc_local_fail(dev, apdev):
1979 """WPA2-PSK-FT AP Reassociation Request frame and local failure"""
1980 ssid = "test-ft"
1981 passphrase="12345678"
1982
1983 params = ft_params1(ssid=ssid, passphrase=passphrase)
1984 hapd0 = hostapd.add_ap(apdev[0], params)
1985 params = ft_params2(ssid=ssid, passphrase=passphrase)
1986 hapd1 = hostapd.add_ap(apdev[1], params)
1987
1988 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1989 ieee80211w="1", scan_freq="2412")
1990 if dev[0].get_status_field('bssid') == hapd0.own_addr():
1991 hapd1ap = hapd0
1992 hapd2ap = hapd1
1993 else:
1994 hapd1ap = hapd1
1995 hapd2ap = hapd0
1996
1997 dev[0].scan_for_bss(hapd2ap.own_addr(), freq="2412")
1998 # FT: Failed to calculate MIC
1999 with fail_test(hapd2ap, 1, "wpa_ft_validate_reassoc"):
2000 dev[0].request("ROAM " + hapd2ap.own_addr())
2001 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
2002 dev[0].request("DISCONNECT")
2003 if ev is None:
2004 raise Exception("Association reject not seen")
d7f0bef9
JM		 2005
2006def test_ap_ft_reassoc_replay(dev, apdev, params):
2007 """WPA2-PSK-FT AP and replayed Reassociation Request frame"""
2008 capfile = os.path.join(params['logdir'], "hwsim0.pcapng")
2009 ssid = "test-ft"
2010 passphrase="12345678"
2011
2012 params = ft_params1(ssid=ssid, passphrase=passphrase)
2013 hapd0 = hostapd.add_ap(apdev[0], params)
2014 params = ft_params2(ssid=ssid, passphrase=passphrase)
2015 hapd1 = hostapd.add_ap(apdev[1], params)
2016
2017 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2018 scan_freq="2412")
2019 if dev[0].get_status_field('bssid') == hapd0.own_addr():
2020 hapd1ap = hapd0
2021 hapd2ap = hapd1
2022 else:
2023 hapd1ap = hapd1
2024 hapd2ap = hapd0
2025
2026 dev[0].scan_for_bss(hapd2ap.own_addr(), freq="2412")
2027 hapd2ap.set("ext_mgmt_frame_handling", "1")
2028 dev[0].dump_monitor()
2029 if "OK" not in dev[0].request("ROAM " + hapd2ap.own_addr()):
2030 raise Exception("ROAM failed")
2031
2032 reassocreq = None
2033 count = 0
2034 while count < 100:
2035 req = hapd2ap.mgmt_rx()
2036 count += 1
2037 hapd2ap.dump_monitor()
2038 hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']))
2039 if req['subtype'] == 2:
2040 reassocreq = req
2041 ev = hapd2ap.wait_event(["MGMT-TX-STATUS"], timeout=5)
2042 if ev is None:
2043 raise Exception("No TX status seen")
2044 cmd = "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev.split(' ')[1:4]))
2045 if "OK" not in hapd2ap.request(cmd):
2046 raise Exception("MGMT_TX_STATUS_PROCESS failed")
2047 break
2048 hapd2ap.set("ext_mgmt_frame_handling", "0")
2049 if reassocreq is None:
2050 raise Exception("No Reassociation Request frame seen")
2051 dev[0].wait_connected()
2052 dev[0].dump_monitor()
2053 hapd2ap.dump_monitor()
2054
2055 hwsim_utils.test_connectivity(dev[0], hapd2ap)
2056
2057 logger.info("Replay the last Reassociation Request frame")
2058 hapd2ap.dump_monitor()
2059 hapd2ap.set("ext_mgmt_frame_handling", "1")
2060 hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']))
2061 ev = hapd2ap.wait_event(["MGMT-TX-STATUS"], timeout=5)
2062 if ev is None:
2063 raise Exception("No TX status seen")
2064 cmd = "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev.split(' ')[1:4]))
2065 if "OK" not in hapd2ap.request(cmd):
2066 raise Exception("MGMT_TX_STATUS_PROCESS failed")
2067 hapd2ap.set("ext_mgmt_frame_handling", "0")
2068
2069 try:
2070 hwsim_utils.test_connectivity(dev[0], hapd2ap)
2071 ok = True
2072 except:
2073 ok = False
2074
2075 ap = hapd2ap.own_addr()
2076 sta = dev[0].own_addr()
2077 filt = "wlan.fc.type == 2 && " + \
2078 "wlan.da == " + sta + " && " + \
2079 "wlan.sa == " + ap
2080 fields = [ "wlan.ccmp.extiv" ]
2081 res = run_tshark(capfile, filt, fields)
2082 vals = res.splitlines()
2083 logger.info("CCMP PN: " + str(vals))
2084 if len(vals) < 2:
2085 raise Exception("Could not find all CCMP protected frames from capture")
2086 if len(set(vals)) < len(vals):
2087 raise Exception("Duplicate CCMP PN used")
2088
2089 if not ok:
2090 raise Exception("The second hwsim connectivity test failed")
0dc3c5f2
JM		 2091
2092def test_ap_ft_psk_file(dev, apdev):
2093 """WPA2-PSK-FT AP with PSK from a file"""
2094 ssid = "test-ft"
2095 passphrase="12345678"
2096
2097 params = ft_params1a(ssid=ssid, passphrase=passphrase)
2098 params['wpa_psk_file'] = 'hostapd.wpa_psk'
2099 hapd = hostapd.add_ap(apdev[0], params)
2100
2101 dev[1].connect(ssid, psk="very secret",
2102 key_mgmt="FT-PSK", proto="WPA2", ieee80211w="1",
2103 scan_freq="2412", wait_connect=False)
2104 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2105 ieee80211w="1", scan_freq="2412")
2106 dev[0].request("REMOVE_NETWORK all")
2107 dev[0].wait_disconnected()
2108 dev[0].connect(ssid, psk="very secret", key_mgmt="FT-PSK", proto="WPA2",
2109 ieee80211w="1", scan_freq="2412")
2110 dev[0].request("REMOVE_NETWORK all")
2111 dev[0].wait_disconnected()
2112 dev[0].connect(ssid, psk="secret passphrase",
2113 key_mgmt="FT-PSK", proto="WPA2", ieee80211w="1",
2114 scan_freq="2412")
2115 dev[2].connect(ssid, psk="another passphrase for all STAs",
2116 key_mgmt="FT-PSK", proto="WPA2", ieee80211w="1",
2117 scan_freq="2412")
2118 ev = dev[1].wait_event(["WPA: 4-Way Handshake failed"], timeout=10)
2119 if ev is None:
2120 raise Exception("Timed out while waiting for failure report")
2121 dev[1].request("REMOVE_NETWORK all")
Unnamed repository; edit this file 'description' to name the repository.