]>
Commit | Line | Data |
---|---|---|
c89d9ebb JM |
1 | # WPA2-Personal tests |
2 | # Copyright (c) 2014, Qualcomm Atheros, Inc. | |
3 | # | |
4 | # This software may be distributed under the terms of the BSD license. | |
5 | # See README for more details. | |
6 | ||
9fd6804d | 7 | from remotehost import remote_compatible |
821490f5 | 8 | import binascii |
e0c46c8e | 9 | from Crypto.Cipher import AES |
821490f5 JM |
10 | import hashlib |
11 | import hmac | |
c89d9ebb JM |
12 | import logging |
13 | logger = logging.getLogger() | |
138ec97e | 14 | import os |
5b3c40a6 | 15 | import re |
8030e2b5 | 16 | import socket |
821490f5 | 17 | import struct |
d1fc5736 JM |
18 | import subprocess |
19 | import time | |
c89d9ebb JM |
20 | |
21 | import hostapd | |
8030e2b5 | 22 | from utils import HwsimSkip, fail_test, skip_with_fips, start_monitor, stop_monitor, radiotap_build |
fb5c8cea | 23 | import hwsim_utils |
a1512a0c | 24 | from wpasupplicant import WpaSupplicant |
c89d9ebb | 25 | |
eaf3f9b1 JM |
26 | def check_mib(dev, vals): |
27 | mib = dev.get_mib() | |
28 | for v in vals: | |
29 | if mib[v[0]] != v[1]: | |
30 | raise Exception("Unexpected {} = {} (expected {})".format(v[0], mib[v[0]], v[1])) | |
31 | ||
9fd6804d | 32 | @remote_compatible |
c89d9ebb JM |
33 | def test_ap_wpa2_psk(dev, apdev): |
34 | """WPA2-PSK AP with PSK instead of passphrase""" | |
35 | ssid = "test-wpa2-psk" | |
36 | passphrase = 'qwertyuiop' | |
37 | psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6' | |
38 | params = hostapd.wpa2_params(ssid=ssid) | |
39 | params['wpa_psk'] = psk | |
8b8a1864 | 40 | hapd = hostapd.add_ap(apdev[0], params) |
65038313 JM |
41 | key_mgmt = hapd.get_config()['key_mgmt'] |
42 | if key_mgmt.split(' ')[0] != "WPA-PSK": | |
43 | raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt) | |
c89d9ebb JM |
44 | dev[0].connect(ssid, raw_psk=psk, scan_freq="2412") |
45 | dev[1].connect(ssid, psk=passphrase, scan_freq="2412") | |
46 | ||
de748924 JM |
47 | sig = dev[0].request("SIGNAL_POLL").splitlines() |
48 | pkt = dev[0].request("PKTCNT_POLL").splitlines() | |
49 | if "FREQUENCY=2412" not in sig: | |
50 | raise Exception("Unexpected SIGNAL_POLL value: " + str(sig)) | |
51 | if "TXBAD=0" not in pkt: | |
52 | raise Exception("Unexpected TXBAD value: " + str(pkt)) | |
53 | ||
c89d9ebb JM |
54 | def test_ap_wpa2_psk_file(dev, apdev): |
55 | """WPA2-PSK AP with PSK from a file""" | |
56 | ssid = "test-wpa2-psk" | |
57 | passphrase = 'qwertyuiop' | |
58 | psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6' | |
59 | params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) | |
60 | params['wpa_psk_file'] = 'hostapd.wpa_psk' | |
8b8a1864 | 61 | hostapd.add_ap(apdev[0], params) |
c89d9ebb JM |
62 | dev[1].connect(ssid, psk="very secret", scan_freq="2412", wait_connect=False) |
63 | dev[2].connect(ssid, raw_psk=psk, scan_freq="2412") | |
64 | dev[2].request("REMOVE_NETWORK all") | |
65 | dev[0].connect(ssid, psk="very secret", scan_freq="2412") | |
66 | dev[0].request("REMOVE_NETWORK all") | |
67 | dev[2].connect(ssid, psk="another passphrase for all STAs", scan_freq="2412") | |
68 | dev[0].connect(ssid, psk="another passphrase for all STAs", scan_freq="2412") | |
69 | ev = dev[1].wait_event(["WPA: 4-Way Handshake failed"], timeout=10) | |
70 | if ev is None: | |
71 | raise Exception("Timed out while waiting for failure report") | |
72 | dev[1].request("REMOVE_NETWORK all") | |
fb5c8cea | 73 | |
0eb34f8f JM |
74 | def check_no_keyid(hapd, dev): |
75 | addr = dev.own_addr() | |
76 | ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=1) | |
77 | if ev is None: | |
78 | raise Exception("No AP-STA-CONNECTED indicated") | |
79 | if addr not in ev: | |
80 | raise Exception("AP-STA-CONNECTED for unexpected STA") | |
81 | if "keyid=" in ev: | |
82 | raise Exception("Unexpected keyid indication") | |
83 | ||
84 | def check_keyid(hapd, dev, keyid): | |
85 | addr = dev.own_addr() | |
86 | ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=1) | |
87 | if ev is None: | |
88 | raise Exception("No AP-STA-CONNECTED indicated") | |
89 | if addr not in ev: | |
90 | raise Exception("AP-STA-CONNECTED for unexpected STA") | |
91 | if "keyid=" + keyid not in ev: | |
92 | raise Exception("Incorrect keyid indication") | |
93 | sta = hapd.get_sta(addr) | |
94 | if 'keyid' not in sta or sta['keyid'] != keyid: | |
95 | raise Exception("Incorrect keyid in STA output") | |
96 | dev.request("REMOVE_NETWORK all") | |
97 | ||
98 | def check_disconnect(dev, expected): | |
99 | for i in range(2): | |
100 | if expected[i]: | |
101 | dev[i].wait_disconnected() | |
102 | dev[i].request("REMOVE_NETWORK all") | |
103 | else: | |
104 | ev = dev[i].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=0.1) | |
105 | if ev is not None: | |
106 | raise Exception("Unexpected disconnection") | |
107 | dev[i].request("REMOVE_NETWORK all") | |
108 | dev[i].wait_disconnected() | |
109 | ||
110 | def test_ap_wpa2_psk_file_keyid(dev, apdev, params): | |
111 | """WPA2-PSK AP with PSK from a file (keyid and reload)""" | |
112 | psk_file = os.path.join(params['logdir'], 'ap_wpa2_psk_file_keyid.wpa_psk') | |
113 | with open(psk_file, 'w') as f: | |
114 | f.write('00:00:00:00:00:00 secret passphrase\n') | |
115 | f.write('02:00:00:00:00:00 very secret\n') | |
116 | f.write('00:00:00:00:00:00 another passphrase for all STAs\n') | |
117 | ssid = "test-wpa2-psk" | |
118 | params = hostapd.wpa2_params(ssid=ssid, passphrase='qwertyuiop') | |
119 | params['wpa_psk_file'] = psk_file | |
120 | hapd = hostapd.add_ap(apdev[0], params) | |
121 | ||
122 | dev[0].connect(ssid, psk="very secret", scan_freq="2412") | |
123 | check_no_keyid(hapd, dev[0]) | |
124 | ||
125 | dev[1].connect(ssid, psk="another passphrase for all STAs", | |
126 | scan_freq="2412") | |
127 | check_no_keyid(hapd, dev[1]) | |
128 | ||
129 | dev[2].connect(ssid, psk="qwertyuiop", scan_freq="2412") | |
130 | check_no_keyid(hapd, dev[2]) | |
131 | ||
132 | with open(psk_file, 'w') as f: | |
133 | f.write('00:00:00:00:00:00 secret passphrase\n') | |
134 | f.write('02:00:00:00:00:00 very secret\n') | |
135 | f.write('00:00:00:00:00:00 changed passphrase\n') | |
136 | if "OK" not in hapd.request("RELOAD_WPA_PSK"): | |
137 | raise Exception("RELOAD_WPA_PSK failed") | |
138 | ||
fab49f61 | 139 | check_disconnect(dev, [False, True, False]) |
0eb34f8f JM |
140 | |
141 | with open(psk_file, 'w') as f: | |
142 | f.write('00:00:00:00:00:00 secret passphrase\n') | |
143 | f.write('keyid=foo 02:00:00:00:00:00 very secret\n') | |
144 | f.write('keyid=bar 00:00:00:00:00:00 another passphrase for all STAs\n') | |
145 | if "OK" not in hapd.request("RELOAD_WPA_PSK"): | |
146 | raise Exception("RELOAD_WPA_PSK failed") | |
147 | ||
148 | dev[0].connect(ssid, psk="very secret", scan_freq="2412") | |
149 | check_keyid(hapd, dev[0], "foo") | |
150 | ||
151 | dev[1].connect(ssid, psk="another passphrase for all STAs", | |
152 | scan_freq="2412") | |
153 | check_keyid(hapd, dev[1], "bar") | |
154 | ||
155 | dev[2].connect(ssid, psk="qwertyuiop", scan_freq="2412") | |
156 | check_no_keyid(hapd, dev[2]) | |
157 | ||
158 | dev[0].wait_disconnected() | |
159 | dev[0].connect(ssid, psk="secret passphrase", scan_freq="2412") | |
160 | check_no_keyid(hapd, dev[0]) | |
161 | ||
162 | with open(psk_file, 'w') as f: | |
163 | f.write('# empty\n') | |
164 | if "OK" not in hapd.request("RELOAD_WPA_PSK"): | |
165 | raise Exception("RELOAD_WPA_PSK failed") | |
166 | ||
fab49f61 | 167 | check_disconnect(dev, [True, True, False]) |
0eb34f8f | 168 | |
9fd6804d | 169 | @remote_compatible |
53f4ed68 JM |
170 | def test_ap_wpa2_psk_mem(dev, apdev): |
171 | """WPA2-PSK AP with passphrase only in memory""" | |
172 | try: | |
173 | _test_ap_wpa2_psk_mem(dev, apdev) | |
174 | finally: | |
175 | dev[0].request("SCAN_INTERVAL 5") | |
176 | dev[1].request("SCAN_INTERVAL 5") | |
177 | ||
178 | def _test_ap_wpa2_psk_mem(dev, apdev): | |
179 | ssid = "test-wpa2-psk" | |
180 | passphrase = 'qwertyuiop' | |
181 | psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6' | |
182 | params = hostapd.wpa2_params(ssid=ssid) | |
183 | params['wpa_psk'] = psk | |
8b8a1864 | 184 | hapd = hostapd.add_ap(apdev[0], params) |
53f4ed68 JM |
185 | |
186 | dev[0].connect(ssid, mem_only_psk="1", scan_freq="2412", wait_connect=False) | |
187 | dev[0].request("SCAN_INTERVAL 1") | |
188 | ev = dev[0].wait_event(["CTRL-REQ-PSK_PASSPHRASE"], timeout=10) | |
189 | if ev is None: | |
190 | raise Exception("Request for PSK/passphrase timed out") | |
191 | id = ev.split(':')[0].split('-')[-1] | |
192 | dev[0].request("CTRL-RSP-PSK_PASSPHRASE-" + id + ':"' + passphrase + '"') | |
193 | dev[0].wait_connected(timeout=10) | |
194 | ||
195 | dev[1].connect(ssid, mem_only_psk="1", scan_freq="2412", wait_connect=False) | |
196 | dev[1].request("SCAN_INTERVAL 1") | |
197 | ev = dev[1].wait_event(["CTRL-REQ-PSK_PASSPHRASE"], timeout=10) | |
198 | if ev is None: | |
199 | raise Exception("Request for PSK/passphrase timed out(2)") | |
200 | id = ev.split(':')[0].split('-')[-1] | |
201 | dev[1].request("CTRL-RSP-PSK_PASSPHRASE-" + id + ':' + psk) | |
202 | dev[1].wait_connected(timeout=10) | |
203 | ||
9fd6804d | 204 | @remote_compatible |
d1635d97 JM |
205 | def test_ap_wpa2_ptk_rekey(dev, apdev): |
206 | """WPA2-PSK AP and PTK rekey enforced by station""" | |
207 | ssid = "test-wpa2-psk" | |
208 | passphrase = 'qwertyuiop' | |
209 | params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 210 | hapd = hostapd.add_ap(apdev[0], params) |
d1635d97 JM |
211 | dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412") |
212 | ev = dev[0].wait_event(["WPA: Key negotiation completed"]) | |
213 | if ev is None: | |
214 | raise Exception("PTK rekey timed out") | |
a8375c94 | 215 | hwsim_utils.test_connectivity(dev[0], hapd) |
d1635d97 | 216 | |
3bcc5247 JM |
217 | def test_ap_wpa2_ptk_rekey_anonce(dev, apdev): |
218 | """WPA2-PSK AP and PTK rekey enforced by station and ANonce change""" | |
219 | ssid = "test-wpa2-psk" | |
220 | passphrase = 'qwertyuiop' | |
221 | params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) | |
222 | hapd = hostapd.add_ap(apdev[0], params) | |
223 | dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412") | |
224 | dev[0].dump_monitor() | |
225 | anonce1 = dev[0].request("GET anonce") | |
226 | if "OK" not in dev[0].request("KEY_REQUEST 0 1"): | |
227 | raise Exception("KEY_REQUEST failed") | |
228 | ev = dev[0].wait_event(["WPA: Key negotiation completed"]) | |
229 | if ev is None: | |
230 | raise Exception("PTK rekey timed out") | |
231 | anonce2 = dev[0].request("GET anonce") | |
232 | if anonce1 == anonce2: | |
233 | raise Exception("AP did not update ANonce in requested PTK rekeying") | |
234 | hwsim_utils.test_connectivity(dev[0], hapd) | |
235 | ||
9fd6804d | 236 | @remote_compatible |
6c87b4b8 JM |
237 | def test_ap_wpa2_ptk_rekey_ap(dev, apdev): |
238 | """WPA2-PSK AP and PTK rekey enforced by AP""" | |
239 | ssid = "test-wpa2-psk" | |
240 | passphrase = 'qwertyuiop' | |
241 | params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) | |
242 | params['wpa_ptk_rekey'] = '2' | |
8b8a1864 | 243 | hapd = hostapd.add_ap(apdev[0], params) |
6c87b4b8 JM |
244 | dev[0].connect(ssid, psk=passphrase, scan_freq="2412") |
245 | ev = dev[0].wait_event(["WPA: Key negotiation completed"]) | |
246 | if ev is None: | |
247 | raise Exception("PTK rekey timed out") | |
a8375c94 | 248 | hwsim_utils.test_connectivity(dev[0], hapd) |
6c87b4b8 | 249 | |
9fd6804d | 250 | @remote_compatible |
d1635d97 JM |
251 | def test_ap_wpa2_sha256_ptk_rekey(dev, apdev): |
252 | """WPA2-PSK/SHA256 AKM AP and PTK rekey enforced by station""" | |
253 | ssid = "test-wpa2-psk" | |
254 | passphrase = 'qwertyuiop' | |
255 | params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) | |
256 | params["wpa_key_mgmt"] = "WPA-PSK-SHA256" | |
8b8a1864 | 257 | hapd = hostapd.add_ap(apdev[0], params) |
d1635d97 JM |
258 | dev[0].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK-SHA256", |
259 | wpa_ptk_rekey="1", scan_freq="2412") | |
260 | ev = dev[0].wait_event(["WPA: Key negotiation completed"]) | |
261 | if ev is None: | |
262 | raise Exception("PTK rekey timed out") | |
a8375c94 | 263 | hwsim_utils.test_connectivity(dev[0], hapd) |
fab49f61 JM |
264 | check_mib(dev[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-6"), |
265 | ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-6")]) | |
d1635d97 | 266 | |
9fd6804d | 267 | @remote_compatible |
6c87b4b8 JM |
268 | def test_ap_wpa2_sha256_ptk_rekey_ap(dev, apdev): |
269 | """WPA2-PSK/SHA256 AKM AP and PTK rekey enforced by AP""" | |
270 | ssid = "test-wpa2-psk" | |
271 | passphrase = 'qwertyuiop' | |
272 | params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) | |
273 | params["wpa_key_mgmt"] = "WPA-PSK-SHA256" | |
274 | params['wpa_ptk_rekey'] = '2' | |
8b8a1864 | 275 | hapd = hostapd.add_ap(apdev[0], params) |
6c87b4b8 JM |
276 | dev[0].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK-SHA256", |
277 | scan_freq="2412") | |
278 | ev = dev[0].wait_event(["WPA: Key negotiation completed"]) | |
279 | if ev is None: | |
280 | raise Exception("PTK rekey timed out") | |
a8375c94 | 281 | hwsim_utils.test_connectivity(dev[0], hapd) |
fab49f61 JM |
282 | check_mib(dev[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-6"), |
283 | ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-6")]) | |
6c87b4b8 | 284 | |
9fd6804d | 285 | @remote_compatible |
fb5c8cea JM |
286 | def test_ap_wpa_ptk_rekey(dev, apdev): |
287 | """WPA-PSK/TKIP AP and PTK rekey enforced by station""" | |
a1eabc74 | 288 | skip_with_fips(dev[0]) |
fb5c8cea JM |
289 | ssid = "test-wpa-psk" |
290 | passphrase = 'qwertyuiop' | |
291 | params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 292 | hapd = hostapd.add_ap(apdev[0], params) |
fb5c8cea | 293 | dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412") |
91bc6c36 JM |
294 | if "[WPA-PSK-TKIP]" not in dev[0].request("SCAN_RESULTS"): |
295 | raise Exception("Scan results missing WPA element info") | |
fb5c8cea JM |
296 | ev = dev[0].wait_event(["WPA: Key negotiation completed"]) |
297 | if ev is None: | |
298 | raise Exception("PTK rekey timed out") | |
a8375c94 | 299 | hwsim_utils.test_connectivity(dev[0], hapd) |
138ec97e | 300 | |
9fd6804d | 301 | @remote_compatible |
6c87b4b8 JM |
302 | def test_ap_wpa_ptk_rekey_ap(dev, apdev): |
303 | """WPA-PSK/TKIP AP and PTK rekey enforced by AP""" | |
a1eabc74 | 304 | skip_with_fips(dev[0]) |
6c87b4b8 JM |
305 | ssid = "test-wpa-psk" |
306 | passphrase = 'qwertyuiop' | |
307 | params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase) | |
308 | params['wpa_ptk_rekey'] = '2' | |
8b8a1864 | 309 | hapd = hostapd.add_ap(apdev[0], params) |
6c87b4b8 JM |
310 | dev[0].connect(ssid, psk=passphrase, scan_freq="2412") |
311 | ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=10) | |
312 | if ev is None: | |
313 | raise Exception("PTK rekey timed out") | |
a8375c94 | 314 | hwsim_utils.test_connectivity(dev[0], hapd) |
6c87b4b8 | 315 | |
9fd6804d | 316 | @remote_compatible |
12124240 JM |
317 | def test_ap_wpa_ccmp(dev, apdev): |
318 | """WPA-PSK/CCMP""" | |
319 | ssid = "test-wpa-psk" | |
320 | passphrase = 'qwertyuiop' | |
321 | params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase) | |
322 | params['wpa_pairwise'] = "CCMP" | |
8b8a1864 | 323 | hapd = hostapd.add_ap(apdev[0], params) |
12124240 | 324 | dev[0].connect(ssid, psk=passphrase, scan_freq="2412") |
938c6e7b | 325 | hapd.wait_sta() |
a8375c94 | 326 | hwsim_utils.test_connectivity(dev[0], hapd) |
fab49f61 JM |
327 | check_mib(dev[0], [("dot11RSNAConfigGroupCipherSize", "128"), |
328 | ("dot11RSNAGroupCipherRequested", "00-50-f2-4"), | |
329 | ("dot11RSNAPairwiseCipherRequested", "00-50-f2-4"), | |
330 | ("dot11RSNAAuthenticationSuiteRequested", "00-50-f2-2"), | |
331 | ("dot11RSNAGroupCipherSelected", "00-50-f2-4"), | |
332 | ("dot11RSNAPairwiseCipherSelected", "00-50-f2-4"), | |
333 | ("dot11RSNAAuthenticationSuiteSelected", "00-50-f2-2"), | |
334 | ("dot1xSuppSuppControlledPortStatus", "Authorized")]) | |
12124240 | 335 | |
79f846a7 | 336 | def test_ap_wpa2_psk_file_errors(dev, apdev): |
138ec97e | 337 | """WPA2-PSK AP with various PSK file error and success cases""" |
18945a8c B |
338 | addr0 = dev[0].own_addr() |
339 | addr1 = dev[1].own_addr() | |
340 | addr2 = dev[2].own_addr() | |
138ec97e JM |
341 | ssid = "psk" |
342 | pskfile = "/tmp/ap_wpa2_psk_file_errors.psk_file" | |
343 | try: | |
344 | os.remove(pskfile) | |
345 | except: | |
346 | pass | |
347 | ||
fab49f61 JM |
348 | params = {"ssid": ssid, "wpa": "2", "wpa_key_mgmt": "WPA-PSK", |
349 | "rsn_pairwise": "CCMP", "wpa_psk_file": pskfile} | |
138ec97e JM |
350 | |
351 | try: | |
352 | # missing PSK file | |
8b8a1864 | 353 | hapd = hostapd.add_ap(apdev[0], params, no_enable=True) |
138ec97e JM |
354 | if "FAIL" not in hapd.request("ENABLE"): |
355 | raise Exception("Unexpected ENABLE success") | |
356 | hapd.request("DISABLE") | |
357 | ||
358 | # invalid MAC address | |
359 | with open(pskfile, "w") as f: | |
360 | f.write("\n") | |
361 | f.write("foo\n") | |
362 | if "FAIL" not in hapd.request("ENABLE"): | |
363 | raise Exception("Unexpected ENABLE success") | |
364 | hapd.request("DISABLE") | |
365 | ||
366 | # no PSK on line | |
367 | with open(pskfile, "w") as f: | |
368 | f.write("00:11:22:33:44:55\n") | |
369 | if "FAIL" not in hapd.request("ENABLE"): | |
370 | raise Exception("Unexpected ENABLE success") | |
371 | hapd.request("DISABLE") | |
372 | ||
373 | # invalid PSK | |
374 | with open(pskfile, "w") as f: | |
375 | f.write("00:11:22:33:44:55 1234567\n") | |
376 | if "FAIL" not in hapd.request("ENABLE"): | |
377 | raise Exception("Unexpected ENABLE success") | |
378 | hapd.request("DISABLE") | |
379 | ||
61929f4b JM |
380 | # empty token at the end of the line |
381 | with open(pskfile, "w") as f: | |
382 | f.write("=\n") | |
383 | if "FAIL" not in hapd.request("ENABLE"): | |
384 | raise Exception("Unexpected ENABLE success") | |
385 | hapd.request("DISABLE") | |
386 | ||
138ec97e JM |
387 | # valid PSK file |
388 | with open(pskfile, "w") as f: | |
389 | f.write("00:11:22:33:44:55 12345678\n") | |
390 | f.write(addr0 + " 123456789\n") | |
391 | f.write(addr1 + " 123456789a\n") | |
392 | f.write(addr2 + " 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\n") | |
393 | if "FAIL" in hapd.request("ENABLE"): | |
394 | raise Exception("Unexpected ENABLE failure") | |
395 | ||
396 | dev[0].connect(ssid, psk="123456789", scan_freq="2412") | |
397 | dev[1].connect(ssid, psk="123456789a", scan_freq="2412") | |
398 | dev[2].connect(ssid, raw_psk="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef", scan_freq="2412") | |
399 | ||
400 | finally: | |
401 | try: | |
402 | os.remove(pskfile) | |
403 | except: | |
404 | pass | |
6796e502 | 405 | |
9fd6804d | 406 | @remote_compatible |
6796e502 JM |
407 | def test_ap_wpa2_psk_wildcard_ssid(dev, apdev): |
408 | """WPA2-PSK AP and wildcard SSID configuration""" | |
409 | ssid = "test-wpa2-psk" | |
410 | passphrase = 'qwertyuiop' | |
411 | psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6' | |
412 | params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 413 | hapd = hostapd.add_ap(apdev[0], params) |
6796e502 JM |
414 | dev[0].connect("", bssid=apdev[0]['bssid'], psk=passphrase, |
415 | scan_freq="2412") | |
416 | dev[1].connect("", bssid=apdev[0]['bssid'], raw_psk=psk, scan_freq="2412") | |
3b25ad4c | 417 | |
9fd6804d | 418 | @remote_compatible |
3b25ad4c JM |
419 | def test_ap_wpa2_gtk_rekey(dev, apdev): |
420 | """WPA2-PSK AP and GTK rekey enforced by AP""" | |
421 | ssid = "test-wpa2-psk" | |
422 | passphrase = 'qwertyuiop' | |
423 | params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) | |
424 | params['wpa_group_rekey'] = '1' | |
8b8a1864 | 425 | hapd = hostapd.add_ap(apdev[0], params) |
3b25ad4c JM |
426 | dev[0].connect(ssid, psk=passphrase, scan_freq="2412") |
427 | ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2) | |
428 | if ev is None: | |
429 | raise Exception("GTK rekey timed out") | |
a8375c94 | 430 | hwsim_utils.test_connectivity(dev[0], hapd) |
3b25ad4c | 431 | |
257ad53c JM |
432 | def test_ap_wpa2_gtk_rekey_request(dev, apdev): |
433 | """WPA2-PSK AP and GTK rekey by AP request""" | |
434 | ssid = "test-wpa2-psk" | |
435 | passphrase = 'qwertyuiop' | |
436 | params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) | |
437 | hapd = hostapd.add_ap(apdev[0], params) | |
438 | dev[0].connect(ssid, psk=passphrase, scan_freq="2412") | |
439 | if "OK" not in hapd.request("REKEY_GTK"): | |
440 | raise Exception("REKEY_GTK failed") | |
441 | ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2) | |
442 | if ev is None: | |
443 | raise Exception("GTK rekey timed out") | |
444 | hwsim_utils.test_connectivity(dev[0], hapd) | |
445 | ||
9fd6804d | 446 | @remote_compatible |
3b25ad4c JM |
447 | def test_ap_wpa_gtk_rekey(dev, apdev): |
448 | """WPA-PSK/TKIP AP and GTK rekey enforced by AP""" | |
a1eabc74 | 449 | skip_with_fips(dev[0]) |
3b25ad4c JM |
450 | ssid = "test-wpa-psk" |
451 | passphrase = 'qwertyuiop' | |
452 | params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase) | |
453 | params['wpa_group_rekey'] = '1' | |
8b8a1864 | 454 | hapd = hostapd.add_ap(apdev[0], params) |
3b25ad4c JM |
455 | dev[0].connect(ssid, psk=passphrase, scan_freq="2412") |
456 | ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2) | |
457 | if ev is None: | |
458 | raise Exception("GTK rekey timed out") | |
a8375c94 | 459 | hwsim_utils.test_connectivity(dev[0], hapd) |
3b25ad4c | 460 | |
9fd6804d | 461 | @remote_compatible |
3b25ad4c JM |
462 | def test_ap_wpa2_gmk_rekey(dev, apdev): |
463 | """WPA2-PSK AP and GMK and GTK rekey enforced by AP""" | |
464 | ssid = "test-wpa2-psk" | |
465 | passphrase = 'qwertyuiop' | |
466 | params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) | |
467 | params['wpa_group_rekey'] = '1' | |
468 | params['wpa_gmk_rekey'] = '2' | |
8b8a1864 | 469 | hapd = hostapd.add_ap(apdev[0], params) |
3b25ad4c JM |
470 | dev[0].connect(ssid, psk=passphrase, scan_freq="2412") |
471 | for i in range(0, 3): | |
472 | ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2) | |
473 | if ev is None: | |
474 | raise Exception("GTK rekey timed out") | |
a8375c94 | 475 | hwsim_utils.test_connectivity(dev[0], hapd) |
3b25ad4c | 476 | |
9fd6804d | 477 | @remote_compatible |
3b25ad4c JM |
478 | def test_ap_wpa2_strict_rekey(dev, apdev): |
479 | """WPA2-PSK AP and strict GTK rekey enforced by AP""" | |
480 | ssid = "test-wpa2-psk" | |
481 | passphrase = 'qwertyuiop' | |
482 | params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) | |
483 | params['wpa_strict_rekey'] = '1' | |
8b8a1864 | 484 | hapd = hostapd.add_ap(apdev[0], params) |
3b25ad4c JM |
485 | dev[0].connect(ssid, psk=passphrase, scan_freq="2412") |
486 | dev[1].connect(ssid, psk=passphrase, scan_freq="2412") | |
487 | dev[1].request("DISCONNECT") | |
488 | ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2) | |
489 | if ev is None: | |
490 | raise Exception("GTK rekey timed out") | |
a8375c94 | 491 | hwsim_utils.test_connectivity(dev[0], hapd) |
d1fc5736 | 492 | |
9fd6804d | 493 | @remote_compatible |
d1fc5736 JM |
494 | def test_ap_wpa2_bridge_fdb(dev, apdev): |
495 | """Bridge FDB entry removal""" | |
bb04a9a9 | 496 | hapd = None |
d1fc5736 JM |
497 | try: |
498 | ssid = "test-wpa2-psk" | |
499 | passphrase = "12345678" | |
500 | params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) | |
501 | params['bridge'] = 'ap-br0' | |
bb04a9a9 JA |
502 | hapd = hostapd.add_ap(apdev[0], params) |
503 | hapd.cmd_execute(['brctl', 'setfd', 'ap-br0', '0']) | |
504 | hapd.cmd_execute(['ip', 'link', 'set', 'dev', 'ap-br0', 'up']) | |
d1fc5736 JM |
505 | dev[0].connect(ssid, psk=passphrase, scan_freq="2412", |
506 | bssid=apdev[0]['bssid']) | |
507 | dev[1].connect(ssid, psk=passphrase, scan_freq="2412", | |
508 | bssid=apdev[0]['bssid']) | |
938c6e7b JM |
509 | hapd.wait_sta() |
510 | hapd.wait_sta() | |
d1fc5736 JM |
511 | addr0 = dev[0].p2p_interface_addr() |
512 | hwsim_utils.test_connectivity_sta(dev[0], dev[1]) | |
bb04a9a9 JA |
513 | err, macs1 = hapd.cmd_execute(['brctl', 'showmacs', 'ap-br0']) |
514 | hapd.cmd_execute(['brctl', 'setageing', 'ap-br0', '1']) | |
d1fc5736 JM |
515 | dev[0].request("DISCONNECT") |
516 | dev[1].request("DISCONNECT") | |
517 | time.sleep(1) | |
bb04a9a9 | 518 | err, macs2 = hapd.cmd_execute(['brctl', 'showmacs', 'ap-br0']) |
d1fc5736 JM |
519 | |
520 | addr1 = dev[1].p2p_interface_addr() | |
521 | if addr0 not in macs1 or addr1 not in macs1: | |
522 | raise Exception("Bridge FDB entry missing") | |
523 | if addr0 in macs2 or addr1 in macs2: | |
524 | raise Exception("Bridge FDB entry was not removed") | |
525 | finally: | |
bb04a9a9 JA |
526 | hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', 'ap-br0', |
527 | 'down']) | |
528 | hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', 'ap-br0']) | |
cf0b9c86 | 529 | |
9fd6804d | 530 | @remote_compatible |
8619c334 JM |
531 | def test_ap_wpa2_already_in_bridge(dev, apdev): |
532 | """hostapd behavior with interface already in bridge""" | |
533 | ifname = apdev[0]['ifname'] | |
534 | br_ifname = 'ext-ap-br0' | |
535 | try: | |
536 | ssid = "test-wpa2-psk" | |
537 | passphrase = "12345678" | |
bb04a9a9 JA |
538 | hostapd.cmd_execute(apdev[0], ['brctl', 'addbr', br_ifname]) |
539 | hostapd.cmd_execute(apdev[0], ['brctl', 'setfd', br_ifname, '0']) | |
540 | hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname, | |
541 | 'up']) | |
542 | hostapd.cmd_execute(apdev[0], ['iw', ifname, 'set', 'type', '__ap']) | |
543 | hostapd.cmd_execute(apdev[0], ['brctl', 'addif', br_ifname, ifname]) | |
8619c334 | 544 | params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) |
41ba40e7 | 545 | hapd = hostapd.add_ap(apdev[0], params) |
8619c334 JM |
546 | if hapd.get_driver_status_field('brname') != br_ifname: |
547 | raise Exception("Bridge name not identified correctly") | |
548 | dev[0].connect(ssid, psk=passphrase, scan_freq="2412") | |
549 | finally: | |
bb04a9a9 JA |
550 | hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname, |
551 | 'down']) | |
552 | hostapd.cmd_execute(apdev[0], ['brctl', 'delif', br_ifname, ifname]) | |
553 | hostapd.cmd_execute(apdev[0], ['iw', ifname, 'set', 'type', 'station']) | |
554 | hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', br_ifname]) | |
8619c334 | 555 | |
9fd6804d | 556 | @remote_compatible |
542452a9 JM |
557 | def test_ap_wpa2_in_different_bridge(dev, apdev): |
558 | """hostapd behavior with interface in different bridge""" | |
559 | ifname = apdev[0]['ifname'] | |
560 | br_ifname = 'ext-ap-br0' | |
561 | try: | |
562 | ssid = "test-wpa2-psk" | |
563 | passphrase = "12345678" | |
bb04a9a9 JA |
564 | hostapd.cmd_execute(apdev[0], ['brctl', 'addbr', br_ifname]) |
565 | hostapd.cmd_execute(apdev[0], ['brctl', 'setfd', br_ifname, '0']) | |
566 | hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname, | |
567 | 'up']) | |
568 | hostapd.cmd_execute(apdev[0], ['iw', ifname, 'set', 'type', '__ap']) | |
569 | hostapd.cmd_execute(apdev[0], ['brctl', 'addif', br_ifname, ifname]) | |
542452a9 JM |
570 | time.sleep(0.5) |
571 | params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) | |
572 | params['bridge'] = 'ap-br0' | |
41ba40e7 | 573 | hapd = hostapd.add_ap(apdev[0], params) |
bb04a9a9 JA |
574 | hostapd.cmd_execute(apdev[0], ['brctl', 'setfd', 'ap-br0', '0']) |
575 | hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', 'ap-br0', | |
576 | 'up']) | |
542452a9 JM |
577 | brname = hapd.get_driver_status_field('brname') |
578 | if brname != 'ap-br0': | |
579 | raise Exception("Incorrect bridge: " + brname) | |
580 | dev[0].connect(ssid, psk=passphrase, scan_freq="2412") | |
938c6e7b | 581 | hapd.wait_sta() |
542452a9 JM |
582 | hwsim_utils.test_connectivity_iface(dev[0], hapd, "ap-br0") |
583 | if hapd.get_driver_status_field("added_bridge") != "1": | |
584 | raise Exception("Unexpected added_bridge value") | |
585 | if hapd.get_driver_status_field("added_if_into_bridge") != "1": | |
586 | raise Exception("Unexpected added_if_into_bridge value") | |
587 | dev[0].request("DISCONNECT") | |
588 | hapd.disable() | |
542452a9 | 589 | finally: |
bb04a9a9 JA |
590 | hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname, |
591 | 'down']) | |
592 | hostapd.cmd_execute(apdev[0], ['brctl', 'delif', br_ifname, ifname, | |
593 | "2>", "/dev/null"], shell=True) | |
594 | hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', br_ifname]) | |
542452a9 | 595 | |
9fd6804d | 596 | @remote_compatible |
8619c334 JM |
597 | def test_ap_wpa2_ext_add_to_bridge(dev, apdev): |
598 | """hostapd behavior with interface added to bridge externally""" | |
599 | ifname = apdev[0]['ifname'] | |
600 | br_ifname = 'ext-ap-br0' | |
601 | try: | |
602 | ssid = "test-wpa2-psk" | |
603 | passphrase = "12345678" | |
604 | params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) | |
41ba40e7 | 605 | hapd = hostapd.add_ap(apdev[0], params) |
8619c334 | 606 | |
bb04a9a9 JA |
607 | hostapd.cmd_execute(apdev[0], ['brctl', 'addbr', br_ifname]) |
608 | hostapd.cmd_execute(apdev[0], ['brctl', 'setfd', br_ifname, '0']) | |
609 | hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname, | |
610 | 'up']) | |
611 | hostapd.cmd_execute(apdev[0], ['brctl', 'addif', br_ifname, ifname]) | |
8619c334 JM |
612 | dev[0].connect(ssid, psk=passphrase, scan_freq="2412") |
613 | if hapd.get_driver_status_field('brname') != br_ifname: | |
614 | raise Exception("Bridge name not identified correctly") | |
615 | finally: | |
bb04a9a9 JA |
616 | hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname, |
617 | 'down']) | |
618 | hostapd.cmd_execute(apdev[0], ['brctl', 'delif', br_ifname, ifname]) | |
619 | hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', br_ifname]) | |
8619c334 | 620 | |
cf0b9c86 JM |
621 | def test_ap_wpa2_psk_ext(dev, apdev): |
622 | """WPA2-PSK AP using external EAPOL I/O""" | |
623 | bssid = apdev[0]['bssid'] | |
624 | ssid = "test-wpa2-psk" | |
625 | passphrase = 'qwertyuiop' | |
626 | psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6' | |
627 | params = hostapd.wpa2_params(ssid=ssid) | |
628 | params['wpa_psk'] = psk | |
8b8a1864 | 629 | hapd = hostapd.add_ap(apdev[0], params) |
cf0b9c86 JM |
630 | hapd.request("SET ext_eapol_frame_io 1") |
631 | dev[0].request("SET ext_eapol_frame_io 1") | |
632 | dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False) | |
633 | addr = dev[0].p2p_interface_addr() | |
634 | while True: | |
635 | ev = hapd.wait_event(["EAPOL-TX", "AP-STA-CONNECTED"], timeout=15) | |
636 | if ev is None: | |
637 | raise Exception("Timeout on EAPOL-TX from hostapd") | |
638 | if "AP-STA-CONNECTED" in ev: | |
5f35a5e2 | 639 | dev[0].wait_connected(timeout=15) |
cf0b9c86 JM |
640 | break |
641 | res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2]) | |
642 | if "OK" not in res: | |
643 | raise Exception("EAPOL_RX to wpa_supplicant failed") | |
644 | ev = dev[0].wait_event(["EAPOL-TX", "CTRL-EVENT-CONNECTED"], timeout=15) | |
645 | if ev is None: | |
646 | raise Exception("Timeout on EAPOL-TX from wpa_supplicant") | |
647 | if "CTRL-EVENT-CONNECTED" in ev: | |
648 | break | |
649 | res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2]) | |
650 | if "OK" not in res: | |
651 | raise Exception("EAPOL_RX to hostapd failed") | |
821490f5 | 652 | |
242339de JM |
653 | def test_ap_wpa2_psk_ext_retry_msg_3(dev, apdev): |
654 | """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4""" | |
655 | bssid = apdev[0]['bssid'] | |
656 | ssid = "test-wpa2-psk" | |
657 | passphrase = 'qwertyuiop' | |
658 | psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6' | |
659 | params = hostapd.wpa2_params(ssid=ssid) | |
660 | params['wpa_psk'] = psk | |
8b8a1864 | 661 | hapd = hostapd.add_ap(apdev[0], params) |
242339de JM |
662 | hapd.request("SET ext_eapol_frame_io 1") |
663 | dev[0].request("SET ext_eapol_frame_io 1") | |
664 | dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False) | |
665 | addr = dev[0].p2p_interface_addr() | |
666 | ||
667 | # EAPOL-Key msg 1/4 | |
668 | ev = hapd.wait_event(["EAPOL-TX"], timeout=15) | |
669 | if ev is None: | |
670 | raise Exception("Timeout on EAPOL-TX from hostapd") | |
671 | res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2]) | |
672 | if "OK" not in res: | |
673 | raise Exception("EAPOL_RX to wpa_supplicant failed") | |
674 | ||
675 | # EAPOL-Key msg 2/4 | |
676 | ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) | |
677 | if ev is None: | |
678 | raise Exception("Timeout on EAPOL-TX from wpa_supplicant") | |
679 | res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2]) | |
680 | if "OK" not in res: | |
681 | raise Exception("EAPOL_RX to hostapd failed") | |
682 | ||
683 | # EAPOL-Key msg 3/4 | |
684 | ev = hapd.wait_event(["EAPOL-TX"], timeout=15) | |
685 | if ev is None: | |
686 | raise Exception("Timeout on EAPOL-TX from hostapd") | |
687 | res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2]) | |
688 | if "OK" not in res: | |
689 | raise Exception("EAPOL_RX to wpa_supplicant failed") | |
690 | ||
691 | # EAPOL-Key msg 4/4 | |
692 | ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) | |
693 | if ev is None: | |
694 | raise Exception("Timeout on EAPOL-TX from wpa_supplicant") | |
695 | # Do not send to the AP | |
696 | dev[0].wait_connected(timeout=15) | |
697 | ||
698 | # EAPOL-Key msg 3/4 (retry) | |
699 | ev = hapd.wait_event(["EAPOL-TX"], timeout=15) | |
700 | if ev is None: | |
701 | raise Exception("Timeout on EAPOL-TX from hostapd") | |
702 | res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2]) | |
703 | if "OK" not in res: | |
704 | raise Exception("EAPOL_RX to wpa_supplicant failed") | |
705 | ||
706 | # EAPOL-Key msg 4/4 | |
707 | ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) | |
708 | if ev is None: | |
709 | raise Exception("Timeout on EAPOL-TX from wpa_supplicant") | |
710 | res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2]) | |
711 | if "OK" not in res: | |
712 | raise Exception("EAPOL_RX to hostapd failed") | |
713 | ||
714 | ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15) | |
715 | if ev is None: | |
716 | raise Exception("Timeout on AP-STA-CONNECTED from hostapd") | |
717 | ||
718 | hwsim_utils.test_connectivity(dev[0], hapd) | |
719 | ||
c29475a9 JM |
720 | def test_ap_wpa2_psk_ext_retry_msg_3b(dev, apdev): |
721 | """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (b)""" | |
722 | bssid = apdev[0]['bssid'] | |
723 | ssid = "test-wpa2-psk" | |
724 | passphrase = 'qwertyuiop' | |
725 | psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6' | |
726 | params = hostapd.wpa2_params(ssid=ssid) | |
727 | params['wpa_psk'] = psk | |
728 | hapd = hostapd.add_ap(apdev[0], params) | |
729 | hapd.request("SET ext_eapol_frame_io 1") | |
730 | dev[0].request("SET ext_eapol_frame_io 1") | |
731 | dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False) | |
732 | addr = dev[0].p2p_interface_addr() | |
733 | ||
734 | # EAPOL-Key msg 1/4 | |
735 | ev = hapd.wait_event(["EAPOL-TX"], timeout=15) | |
736 | if ev is None: | |
737 | raise Exception("Timeout on EAPOL-TX from hostapd") | |
738 | res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2]) | |
739 | if "OK" not in res: | |
740 | raise Exception("EAPOL_RX to wpa_supplicant failed") | |
741 | ||
742 | # EAPOL-Key msg 2/4 | |
743 | ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) | |
744 | if ev is None: | |
745 | raise Exception("Timeout on EAPOL-TX from wpa_supplicant") | |
746 | res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2]) | |
747 | if "OK" not in res: | |
748 | raise Exception("EAPOL_RX to hostapd failed") | |
749 | ||
750 | # EAPOL-Key msg 3/4 | |
751 | ev = hapd.wait_event(["EAPOL-TX"], timeout=15) | |
752 | if ev is None: | |
753 | raise Exception("Timeout on EAPOL-TX from hostapd") | |
754 | # Do not send the first msg 3/4 to the STA yet; wait for retransmission | |
755 | # from AP. | |
756 | msg3_1 = ev | |
757 | ||
758 | # EAPOL-Key msg 3/4 (retry) | |
759 | ev = hapd.wait_event(["EAPOL-TX"], timeout=15) | |
760 | if ev is None: | |
761 | raise Exception("Timeout on EAPOL-TX from hostapd") | |
762 | msg3_2 = ev | |
763 | ||
764 | # Send the first msg 3/4 to STA | |
765 | res = dev[0].request("EAPOL_RX " + bssid + " " + msg3_1.split(' ')[2]) | |
766 | if "OK" not in res: | |
767 | raise Exception("EAPOL_RX to wpa_supplicant failed") | |
768 | ||
769 | # EAPOL-Key msg 4/4 | |
770 | ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) | |
771 | if ev is None: | |
772 | raise Exception("Timeout on EAPOL-TX from wpa_supplicant") | |
773 | res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2]) | |
774 | if "OK" not in res: | |
775 | raise Exception("EAPOL_RX to hostapd failed") | |
776 | dev[0].wait_connected(timeout=15) | |
777 | ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15) | |
778 | if ev is None: | |
779 | raise Exception("Timeout on AP-STA-CONNECTED from hostapd") | |
780 | ||
781 | hwsim_utils.test_connectivity(dev[0], hapd) | |
782 | ||
783 | # Send the second msg 3/4 to STA | |
784 | res = dev[0].request("EAPOL_RX " + bssid + " " + msg3_2.split(' ')[2]) | |
785 | if "OK" not in res: | |
786 | raise Exception("EAPOL_RX to wpa_supplicant failed") | |
787 | # EAPOL-Key msg 4/4 | |
788 | ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) | |
789 | if ev is None: | |
790 | raise Exception("Timeout on EAPOL-TX from wpa_supplicant") | |
791 | # Do not send the second msg 4/4 to the AP | |
792 | ||
793 | hwsim_utils.test_connectivity(dev[0], hapd) | |
794 | ||
f4528fbf JM |
795 | def test_ap_wpa2_psk_ext_retry_msg_3c(dev, apdev): |
796 | """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (c)""" | |
797 | bssid = apdev[0]['bssid'] | |
798 | ssid = "test-wpa2-psk" | |
799 | passphrase = 'qwertyuiop' | |
800 | psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6' | |
801 | params = hostapd.wpa2_params(ssid=ssid) | |
802 | params['wpa_psk'] = psk | |
803 | hapd = hostapd.add_ap(apdev[0], params) | |
804 | hapd.request("SET ext_eapol_frame_io 1") | |
805 | dev[0].request("SET ext_eapol_frame_io 1") | |
806 | dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False) | |
807 | addr = dev[0].p2p_interface_addr() | |
808 | ||
809 | # EAPOL-Key msg 1/4 | |
810 | ev = hapd.wait_event(["EAPOL-TX"], timeout=15) | |
811 | if ev is None: | |
812 | raise Exception("Timeout on EAPOL-TX from hostapd") | |
813 | msg1 = ev.split(' ')[2] | |
814 | res = dev[0].request("EAPOL_RX " + bssid + " " + msg1) | |
815 | if "OK" not in res: | |
816 | raise Exception("EAPOL_RX to wpa_supplicant failed") | |
817 | ||
818 | # EAPOL-Key msg 2/4 | |
819 | ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) | |
820 | if ev is None: | |
821 | raise Exception("Timeout on EAPOL-TX from wpa_supplicant") | |
822 | res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2]) | |
823 | if "OK" not in res: | |
824 | raise Exception("EAPOL_RX to hostapd failed") | |
825 | ||
826 | # EAPOL-Key msg 3/4 | |
827 | ev = hapd.wait_event(["EAPOL-TX"], timeout=15) | |
828 | if ev is None: | |
829 | raise Exception("Timeout on EAPOL-TX from hostapd") | |
830 | res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2]) | |
831 | if "OK" not in res: | |
832 | raise Exception("EAPOL_RX to wpa_supplicant failed") | |
833 | ||
834 | # EAPOL-Key msg 4/4 | |
835 | ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) | |
836 | if ev is None: | |
837 | raise Exception("Timeout on EAPOL-TX from wpa_supplicant") | |
838 | msg4 = ev.split(' ')[2] | |
839 | # Do not send msg 4/4 to hostapd to trigger retry | |
840 | ||
841 | # STA believes everything is ready | |
842 | dev[0].wait_connected() | |
843 | ||
844 | # EAPOL-Key msg 3/4 (retry) | |
845 | ev = hapd.wait_event(["EAPOL-TX"], timeout=15) | |
846 | if ev is None: | |
847 | raise Exception("Timeout on EAPOL-TX from hostapd") | |
848 | msg3 = ev.split(' ')[2] | |
849 | ||
850 | # Send a forged msg 1/4 to STA (update replay counter) | |
851 | msg1b = msg1[0:18] + msg3[18:34] + msg1[34:] | |
852 | # and replace nonce (this results in "WPA: ANonce from message 1 of | |
853 | # 4-Way Handshake differs from 3 of 4-Way Handshake - drop packet" when | |
854 | # wpa_supplicant processed msg 3/4 afterwards) | |
855 | #msg1b = msg1[0:18] + msg3[18:34] + 32*"ff" + msg1[98:] | |
856 | res = dev[0].request("EAPOL_RX " + bssid + " " + msg1b) | |
857 | if "OK" not in res: | |
858 | raise Exception("EAPOL_RX to wpa_supplicant failed") | |
859 | # EAPOL-Key msg 2/4 | |
860 | ev = dev[0].wait_event(["EAPOL-TX"], timeout=1) | |
861 | if ev is None: | |
862 | # wpa_supplicant seems to have ignored the forged message. This means | |
863 | # the attack would fail. | |
864 | logger.info("wpa_supplicant ignored forged EAPOL-Key msg 1/4") | |
865 | return | |
866 | # Do not send msg 2/4 to hostapd | |
867 | ||
868 | # Send previously received msg 3/4 to STA | |
869 | res = dev[0].request("EAPOL_RX " + bssid + " " + msg3) | |
870 | if "OK" not in res: | |
871 | raise Exception("EAPOL_RX to wpa_supplicant failed") | |
872 | ||
873 | # EAPOL-Key msg 4/4 | |
874 | ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) | |
875 | if ev is None: | |
876 | raise Exception("Timeout on EAPOL-TX from wpa_supplicant") | |
877 | res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2]) | |
878 | if "OK" not in res: | |
879 | raise Exception("EAPOL_RX to hostapd failed") | |
880 | ||
881 | ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15) | |
882 | if ev is None: | |
883 | raise Exception("Timeout on AP-STA-CONNECTED from hostapd") | |
884 | ||
885 | hwsim_utils.test_connectivity(dev[0], hapd) | |
886 | ||
887 | def test_ap_wpa2_psk_ext_retry_msg_3d(dev, apdev): | |
888 | """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (d)""" | |
889 | bssid = apdev[0]['bssid'] | |
890 | ssid = "test-wpa2-psk" | |
891 | passphrase = 'qwertyuiop' | |
892 | psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6' | |
893 | params = hostapd.wpa2_params(ssid=ssid) | |
894 | params['wpa_psk'] = psk | |
895 | hapd = hostapd.add_ap(apdev[0], params) | |
896 | hapd.request("SET ext_eapol_frame_io 1") | |
897 | dev[0].request("SET ext_eapol_frame_io 1") | |
898 | dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False) | |
899 | addr = dev[0].p2p_interface_addr() | |
900 | ||
901 | # EAPOL-Key msg 1/4 | |
902 | ev = hapd.wait_event(["EAPOL-TX"], timeout=15) | |
903 | if ev is None: | |
904 | raise Exception("Timeout on EAPOL-TX from hostapd") | |
905 | msg1 = ev.split(' ')[2] | |
906 | res = dev[0].request("EAPOL_RX " + bssid + " " + msg1) | |
907 | if "OK" not in res: | |
908 | raise Exception("EAPOL_RX to wpa_supplicant failed") | |
909 | ||
910 | # EAPOL-Key msg 2/4 | |
911 | ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) | |
912 | if ev is None: | |
913 | raise Exception("Timeout on EAPOL-TX from wpa_supplicant") | |
914 | res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2]) | |
915 | if "OK" not in res: | |
916 | raise Exception("EAPOL_RX to hostapd failed") | |
917 | ||
918 | # EAPOL-Key msg 3/4 | |
919 | ev = hapd.wait_event(["EAPOL-TX"], timeout=15) | |
920 | if ev is None: | |
921 | raise Exception("Timeout on EAPOL-TX from hostapd") | |
922 | res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2]) | |
923 | if "OK" not in res: | |
924 | raise Exception("EAPOL_RX to wpa_supplicant failed") | |
925 | ||
926 | # EAPOL-Key msg 4/4 | |
927 | ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) | |
928 | if ev is None: | |
929 | raise Exception("Timeout on EAPOL-TX from wpa_supplicant") | |
930 | msg4 = ev.split(' ')[2] | |
931 | # Do not send msg 4/4 to hostapd to trigger retry | |
932 | ||
933 | # STA believes everything is ready | |
934 | dev[0].wait_connected() | |
935 | ||
936 | # EAPOL-Key msg 3/4 (retry) | |
937 | ev = hapd.wait_event(["EAPOL-TX"], timeout=15) | |
938 | if ev is None: | |
939 | raise Exception("Timeout on EAPOL-TX from hostapd") | |
940 | msg3 = ev.split(' ')[2] | |
941 | ||
942 | # Send a forged msg 1/4 to STA (update replay counter) | |
943 | msg1b = msg1[0:18] + msg3[18:34] + msg1[34:] | |
944 | res = dev[0].request("EAPOL_RX " + bssid + " " + msg1b) | |
945 | if "OK" not in res: | |
946 | raise Exception("EAPOL_RX to wpa_supplicant failed") | |
947 | # EAPOL-Key msg 2/4 | |
948 | ev = dev[0].wait_event(["EAPOL-TX"], timeout=1) | |
949 | if ev is None: | |
950 | # wpa_supplicant seems to have ignored the forged message. This means | |
951 | # the attack would fail. | |
952 | logger.info("wpa_supplicant ignored forged EAPOL-Key msg 1/4") | |
953 | return | |
954 | # Do not send msg 2/4 to hostapd | |
955 | ||
956 | # EAPOL-Key msg 3/4 (retry 2) | |
957 | # New one needed to get the correct Replay Counter value | |
958 | ev = hapd.wait_event(["EAPOL-TX"], timeout=15) | |
959 | if ev is None: | |
960 | raise Exception("Timeout on EAPOL-TX from hostapd") | |
961 | msg3 = ev.split(' ')[2] | |
962 | ||
963 | # Send msg 3/4 to STA | |
964 | res = dev[0].request("EAPOL_RX " + bssid + " " + msg3) | |
965 | if "OK" not in res: | |
966 | raise Exception("EAPOL_RX to wpa_supplicant failed") | |
967 | ||
968 | # EAPOL-Key msg 4/4 | |
969 | ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) | |
970 | if ev is None: | |
971 | raise Exception("Timeout on EAPOL-TX from wpa_supplicant") | |
972 | res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2]) | |
973 | if "OK" not in res: | |
974 | raise Exception("EAPOL_RX to hostapd failed") | |
975 | ||
976 | ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15) | |
977 | if ev is None: | |
978 | raise Exception("Timeout on AP-STA-CONNECTED from hostapd") | |
979 | ||
980 | hwsim_utils.test_connectivity(dev[0], hapd) | |
981 | ||
982 | def test_ap_wpa2_psk_ext_retry_msg_3e(dev, apdev): | |
983 | """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (e)""" | |
984 | bssid = apdev[0]['bssid'] | |
985 | ssid = "test-wpa2-psk" | |
986 | passphrase = 'qwertyuiop' | |
987 | psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6' | |
988 | params = hostapd.wpa2_params(ssid=ssid) | |
989 | params['wpa_psk'] = psk | |
990 | hapd = hostapd.add_ap(apdev[0], params) | |
991 | hapd.request("SET ext_eapol_frame_io 1") | |
992 | dev[0].request("SET ext_eapol_frame_io 1") | |
993 | dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False) | |
994 | addr = dev[0].p2p_interface_addr() | |
995 | ||
996 | # EAPOL-Key msg 1/4 | |
997 | ev = hapd.wait_event(["EAPOL-TX"], timeout=15) | |
998 | if ev is None: | |
999 | raise Exception("Timeout on EAPOL-TX from hostapd") | |
1000 | msg1 = ev.split(' ')[2] | |
1001 | res = dev[0].request("EAPOL_RX " + bssid + " " + msg1) | |
1002 | if "OK" not in res: | |
1003 | raise Exception("EAPOL_RX to wpa_supplicant failed") | |
1004 | ||
1005 | # EAPOL-Key msg 2/4 | |
1006 | ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) | |
1007 | if ev is None: | |
1008 | raise Exception("Timeout on EAPOL-TX from wpa_supplicant") | |
1009 | res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2]) | |
1010 | if "OK" not in res: | |
1011 | raise Exception("EAPOL_RX to hostapd failed") | |
1012 | ||
1013 | # EAPOL-Key msg 3/4 | |
1014 | ev = hapd.wait_event(["EAPOL-TX"], timeout=15) | |
1015 | if ev is None: | |
1016 | raise Exception("Timeout on EAPOL-TX from hostapd") | |
1017 | res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2]) | |
1018 | if "OK" not in res: | |
1019 | raise Exception("EAPOL_RX to wpa_supplicant failed") | |
1020 | ||
1021 | # EAPOL-Key msg 4/4 | |
1022 | ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) | |
1023 | if ev is None: | |
1024 | raise Exception("Timeout on EAPOL-TX from wpa_supplicant") | |
1025 | msg4 = ev.split(' ')[2] | |
1026 | # Do not send msg 4/4 to hostapd to trigger retry | |
1027 | ||
1028 | # STA believes everything is ready | |
1029 | dev[0].wait_connected() | |
1030 | ||
1031 | # EAPOL-Key msg 3/4 (retry) | |
1032 | ev = hapd.wait_event(["EAPOL-TX"], timeout=15) | |
1033 | if ev is None: | |
1034 | raise Exception("Timeout on EAPOL-TX from hostapd") | |
1035 | msg3 = ev.split(' ')[2] | |
1036 | ||
1037 | # Send a forged msg 1/4 to STA (update replay counter and replace ANonce) | |
1038 | msg1b = msg1[0:18] + msg3[18:34] + 32*"ff" + msg1[98:] | |
1039 | res = dev[0].request("EAPOL_RX " + bssid + " " + msg1b) | |
1040 | if "OK" not in res: | |
1041 | raise Exception("EAPOL_RX to wpa_supplicant failed") | |
1042 | # EAPOL-Key msg 2/4 | |
1043 | ev = dev[0].wait_event(["EAPOL-TX"], timeout=1) | |
1044 | if ev is None: | |
1045 | raise Exception("Timeout on EAPOL-TX from wpa_supplicant") | |
1046 | # Do not send msg 2/4 to hostapd | |
1047 | ||
1048 | # Send a forged msg 1/4 to STA (back to previously used ANonce) | |
1049 | msg1b = msg1[0:18] + msg3[18:34] + msg1[34:] | |
1050 | res = dev[0].request("EAPOL_RX " + bssid + " " + msg1b) | |
1051 | if "OK" not in res: | |
1052 | raise Exception("EAPOL_RX to wpa_supplicant failed") | |
1053 | # EAPOL-Key msg 2/4 | |
1054 | ev = dev[0].wait_event(["EAPOL-TX"], timeout=1) | |
1055 | if ev is None: | |
1056 | # wpa_supplicant seems to have ignored the forged message. This means | |
1057 | # the attack would fail. | |
1058 | logger.info("wpa_supplicant ignored forged EAPOL-Key msg 1/4") | |
1059 | return | |
1060 | # Do not send msg 2/4 to hostapd | |
1061 | ||
1062 | # EAPOL-Key msg 3/4 (retry 2) | |
1063 | # New one needed to get the correct Replay Counter value | |
1064 | ev = hapd.wait_event(["EAPOL-TX"], timeout=15) | |
1065 | if ev is None: | |
1066 | raise Exception("Timeout on EAPOL-TX from hostapd") | |
1067 | msg3 = ev.split(' ')[2] | |
1068 | ||
1069 | # Send msg 3/4 to STA | |
1070 | res = dev[0].request("EAPOL_RX " + bssid + " " + msg3) | |
1071 | if "OK" not in res: | |
1072 | raise Exception("EAPOL_RX to wpa_supplicant failed") | |
1073 | ||
1074 | # EAPOL-Key msg 4/4 | |
1075 | ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) | |
1076 | if ev is None: | |
1077 | raise Exception("Timeout on EAPOL-TX from wpa_supplicant") | |
1078 | res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2]) | |
1079 | if "OK" not in res: | |
1080 | raise Exception("EAPOL_RX to hostapd failed") | |
1081 | ||
1082 | ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15) | |
1083 | if ev is None: | |
1084 | raise Exception("Timeout on AP-STA-CONNECTED from hostapd") | |
1085 | ||
1086 | hwsim_utils.test_connectivity(dev[0], hapd) | |
1087 | ||
60890ca4 JM |
1088 | def test_ap_wpa2_psk_ext_delayed_ptk_rekey(dev, apdev): |
1089 | """WPA2-PSK AP using external EAPOL I/O and delayed PTK rekey exchange""" | |
1090 | bssid = apdev[0]['bssid'] | |
1091 | ssid = "test-wpa2-psk" | |
1092 | passphrase = 'qwertyuiop' | |
1093 | psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6' | |
1094 | params = hostapd.wpa2_params(ssid=ssid) | |
1095 | params['wpa_psk'] = psk | |
1096 | params['wpa_ptk_rekey'] = '3' | |
1097 | hapd = hostapd.add_ap(apdev[0], params) | |
1098 | hapd.request("SET ext_eapol_frame_io 1") | |
1099 | dev[0].request("SET ext_eapol_frame_io 1") | |
1100 | dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False) | |
1101 | addr = dev[0].p2p_interface_addr() | |
1102 | ||
1103 | # EAPOL-Key msg 1/4 | |
1104 | ev = hapd.wait_event(["EAPOL-TX"], timeout=15) | |
1105 | if ev is None: | |
1106 | raise Exception("Timeout on EAPOL-TX from hostapd") | |
1107 | res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2]) | |
1108 | if "OK" not in res: | |
1109 | raise Exception("EAPOL_RX to wpa_supplicant failed") | |
1110 | ||
1111 | # EAPOL-Key msg 2/4 | |
1112 | ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) | |
1113 | if ev is None: | |
1114 | raise Exception("Timeout on EAPOL-TX from wpa_supplicant") | |
1115 | msg2 = ev.split(' ')[2] | |
1116 | # Do not send this to the AP | |
1117 | ||
1118 | # EAPOL-Key msg 1/4 (retry) | |
1119 | ev = hapd.wait_event(["EAPOL-TX"], timeout=15) | |
1120 | if ev is None: | |
1121 | raise Exception("Timeout on EAPOL-TX from hostapd") | |
1122 | res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2]) | |
1123 | if "OK" not in res: | |
1124 | raise Exception("EAPOL_RX to wpa_supplicant failed") | |
1125 | ||
1126 | # EAPOL-Key msg 2/4 | |
1127 | ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) | |
1128 | if ev is None: | |
1129 | raise Exception("Timeout on EAPOL-TX from wpa_supplicant") | |
1130 | res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2]) | |
1131 | if "OK" not in res: | |
1132 | raise Exception("EAPOL_RX to hostapd failed") | |
1133 | ||
1134 | # EAPOL-Key msg 3/4 | |
1135 | ev = hapd.wait_event(["EAPOL-TX"], timeout=15) | |
1136 | if ev is None: | |
1137 | raise Exception("Timeout on EAPOL-TX from hostapd") | |
1138 | res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2]) | |
1139 | if "OK" not in res: | |
1140 | raise Exception("EAPOL_RX to wpa_supplicant failed") | |
1141 | ||
1142 | # EAPOL-Key msg 4/4 | |
1143 | ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) | |
1144 | if ev is None: | |
1145 | raise Exception("Timeout on EAPOL-TX from wpa_supplicant") | |
1146 | msg4 = ev.split(' ')[2] | |
1147 | # Do not send msg 4/4 to AP | |
1148 | ||
1149 | # EAPOL-Key msg 3/4 (retry) | |
1150 | ev = hapd.wait_event(["EAPOL-TX"], timeout=15) | |
1151 | if ev is None: | |
1152 | raise Exception("Timeout on EAPOL-TX from hostapd") | |
1153 | res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2]) | |
1154 | if "OK" not in res: | |
1155 | raise Exception("EAPOL_RX to wpa_supplicant failed") | |
1156 | ||
1157 | # EAPOL-Key msg 4/4 | |
1158 | ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) | |
1159 | if ev is None: | |
1160 | raise Exception("Timeout on EAPOL-TX from wpa_supplicant") | |
1161 | msg4b = ev.split(' ')[2] | |
1162 | # Do not send msg 4/4 to AP | |
1163 | ||
1164 | # Send the previous EAPOL-Key msg 4/4 to AP | |
1165 | res = hapd.request("EAPOL_RX " + addr + " " + msg4) | |
1166 | if "OK" not in res: | |
1167 | raise Exception("EAPOL_RX to hostapd failed") | |
1168 | ||
1169 | ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15) | |
1170 | if ev is None: | |
1171 | raise Exception("Timeout on AP-STA-CONNECTED from hostapd") | |
1172 | ||
1173 | # Wait for PTK rekeying to be initialized | |
1174 | # EAPOL-Key msg 1/4 | |
1175 | ev = hapd.wait_event(["EAPOL-TX"], timeout=15) | |
1176 | if ev is None: | |
1177 | raise Exception("Timeout on EAPOL-TX from hostapd") | |
1178 | ||
1179 | # EAPOL-Key msg 2/4 from the previous 4-way handshake | |
1180 | # hostapd is expected to ignore this due to unexpected Replay Counter | |
1181 | res = hapd.request("EAPOL_RX " + addr + " " + msg2) | |
1182 | if "OK" not in res: | |
1183 | raise Exception("EAPOL_RX to hostapd failed") | |
1184 | ||
1185 | # EAPOL-Key msg 3/4 (actually, this ends up being retransmitted 1/4) | |
1186 | ev = hapd.wait_event(["EAPOL-TX"], timeout=15) | |
1187 | if ev is None: | |
1188 | raise Exception("Timeout on EAPOL-TX from hostapd") | |
1189 | keyinfo = ev.split(' ')[2][10:14] | |
1190 | if keyinfo != "008a": | |
1191 | raise Exception("Unexpected key info when expected msg 1/4:" + keyinfo) | |
1192 | ||
1193 | # EAPOL-Key msg 4/4 from the previous 4-way handshake | |
1194 | # hostapd is expected to ignore this due to unexpected Replay Counter | |
1195 | res = hapd.request("EAPOL_RX " + addr + " " + msg4b) | |
1196 | if "OK" not in res: | |
1197 | raise Exception("EAPOL_RX to hostapd failed") | |
1198 | ||
1199 | # Check if any more EAPOL-Key frames are seen. If the second 4-way handshake | |
1200 | # was accepted, there would be no more EAPOL-Key frames. If the Replay | |
1201 | # Counters were rejected, there would be a retransmitted msg 1/4 here. | |
298eb079 | 1202 | ev = hapd.wait_event(["EAPOL-TX"], timeout=1.1) |
60890ca4 JM |
1203 | if ev is None: |
1204 | raise Exception("Did not see EAPOL-TX from hostapd in the end (expected msg 1/4)") | |
1205 | keyinfo = ev.split(' ')[2][10:14] | |
1206 | if keyinfo != "008a": | |
1207 | raise Exception("Unexpected key info when expected msg 1/4:" + keyinfo) | |
1208 | ||
821490f5 JM |
1209 | def parse_eapol(data): |
1210 | (version, type, length) = struct.unpack('>BBH', data[0:4]) | |
1211 | payload = data[4:] | |
1212 | if length > len(payload): | |
1213 | raise Exception("Invalid EAPOL length") | |
1214 | if length < len(payload): | |
1215 | payload = payload[0:length] | |
1216 | eapol = {} | |
1217 | eapol['version'] = version | |
1218 | eapol['type'] = type | |
1219 | eapol['length'] = length | |
1220 | eapol['payload'] = payload | |
1221 | if type == 3: | |
1222 | # EAPOL-Key | |
1223 | (eapol['descr_type'],) = struct.unpack('B', payload[0:1]) | |
1224 | payload = payload[1:] | |
a52fd1c3 | 1225 | if eapol['descr_type'] == 2 or eapol['descr_type'] == 254: |
821490f5 JM |
1226 | # RSN EAPOL-Key |
1227 | (key_info, key_len) = struct.unpack('>HH', payload[0:4]) | |
1228 | eapol['rsn_key_info'] = key_info | |
1229 | eapol['rsn_key_len'] = key_len | |
1230 | eapol['rsn_replay_counter'] = payload[4:12] | |
1231 | eapol['rsn_key_nonce'] = payload[12:44] | |
1232 | eapol['rsn_key_iv'] = payload[44:60] | |
1233 | eapol['rsn_key_rsc'] = payload[60:68] | |
1234 | eapol['rsn_key_id'] = payload[68:76] | |
1235 | eapol['rsn_key_mic'] = payload[76:92] | |
1236 | payload = payload[92:] | |
1237 | (eapol['rsn_key_data_len'],) = struct.unpack('>H', payload[0:2]) | |
1238 | payload = payload[2:] | |
1239 | eapol['rsn_key_data'] = payload | |
1240 | return eapol | |
1241 | ||
1242 | def build_eapol(msg): | |
1243 | data = struct.pack(">BBH", msg['version'], msg['type'], msg['length']) | |
1244 | if msg['type'] == 3: | |
1245 | data += struct.pack('>BHH', msg['descr_type'], msg['rsn_key_info'], | |
1246 | msg['rsn_key_len']) | |
1247 | data += msg['rsn_replay_counter'] | |
1248 | data += msg['rsn_key_nonce'] | |
1249 | data += msg['rsn_key_iv'] | |
1250 | data += msg['rsn_key_rsc'] | |
1251 | data += msg['rsn_key_id'] | |
1252 | data += msg['rsn_key_mic'] | |
1253 | data += struct.pack('>H', msg['rsn_key_data_len']) | |
1254 | data += msg['rsn_key_data'] | |
1255 | else: | |
1256 | data += msg['payload'] | |
1257 | return data | |
1258 | ||
1259 | def sha1_prf(key, label, data, outlen): | |
15dfcb69 | 1260 | res = b'' |
821490f5 JM |
1261 | counter = 0 |
1262 | while outlen > 0: | |
f94df3c0 | 1263 | m = hmac.new(key, label.encode(), hashlib.sha1) |
821490f5 JM |
1264 | m.update(struct.pack('B', 0)) |
1265 | m.update(data) | |
1266 | m.update(struct.pack('B', counter)) | |
1267 | counter += 1 | |
1268 | hash = m.digest() | |
1269 | if outlen > len(hash): | |
1270 | res += hash | |
1271 | outlen -= len(hash) | |
1272 | else: | |
1273 | res += hash[0:outlen] | |
1274 | outlen = 0 | |
1275 | return res | |
1276 | ||
1277 | def pmk_to_ptk(pmk, addr1, addr2, nonce1, nonce2): | |
1278 | if addr1 < addr2: | |
fab49f61 | 1279 | data = binascii.unhexlify(addr1.replace(':', '')) + binascii.unhexlify(addr2.replace(':', '')) |
821490f5 | 1280 | else: |
fab49f61 | 1281 | data = binascii.unhexlify(addr2.replace(':', '')) + binascii.unhexlify(addr1.replace(':', '')) |
821490f5 JM |
1282 | if nonce1 < nonce2: |
1283 | data += nonce1 + nonce2 | |
1284 | else: | |
1285 | data += nonce2 + nonce1 | |
1286 | label = "Pairwise key expansion" | |
1287 | ptk = sha1_prf(pmk, label, data, 48) | |
1288 | kck = ptk[0:16] | |
1289 | kek = ptk[16:32] | |
1290 | return (ptk, kck, kek) | |
1291 | ||
1292 | def eapol_key_mic(kck, msg): | |
1293 | msg['rsn_key_mic'] = binascii.unhexlify('00000000000000000000000000000000') | |
1294 | data = build_eapol(msg) | |
1295 | m = hmac.new(kck, data, hashlib.sha1) | |
1296 | msg['rsn_key_mic'] = m.digest()[0:16] | |
1297 | ||
1298 | def rsn_eapol_key_set(msg, key_info, key_len, nonce, data): | |
1299 | msg['rsn_key_info'] = key_info | |
1300 | msg['rsn_key_len'] = key_len | |
1301 | if nonce: | |
1302 | msg['rsn_key_nonce'] = nonce | |
1303 | else: | |
1304 | msg['rsn_key_nonce'] = binascii.unhexlify('0000000000000000000000000000000000000000000000000000000000000000') | |
1305 | if data: | |
1306 | msg['rsn_key_data_len'] = len(data) | |
1307 | msg['rsn_key_data'] = data | |
1308 | msg['length'] = 95 + len(data) | |
1309 | else: | |
1310 | msg['rsn_key_data_len'] = 0 | |
15dfcb69 | 1311 | msg['rsn_key_data'] = b'' |
821490f5 JM |
1312 | msg['length'] = 95 |
1313 | ||
1314 | def recv_eapol(hapd): | |
1315 | ev = hapd.wait_event(["EAPOL-TX"], timeout=15) | |
1316 | if ev is None: | |
1317 | raise Exception("Timeout on EAPOL-TX from hostapd") | |
1318 | eapol = binascii.unhexlify(ev.split(' ')[2]) | |
1319 | return parse_eapol(eapol) | |
1320 | ||
1321 | def send_eapol(hapd, addr, data): | |
7ab74770 | 1322 | res = hapd.request("EAPOL_RX " + addr + " " + binascii.hexlify(data).decode()) |
821490f5 JM |
1323 | if "OK" not in res: |
1324 | raise Exception("EAPOL_RX to hostapd failed") | |
1325 | ||
1326 | def reply_eapol(info, hapd, addr, msg, key_info, nonce, data, kck): | |
1327 | logger.info("Send EAPOL-Key msg " + info) | |
1328 | rsn_eapol_key_set(msg, key_info, 0, nonce, data) | |
1329 | eapol_key_mic(kck, msg) | |
1330 | send_eapol(hapd, addr, build_eapol(msg)) | |
1331 | ||
1332 | def hapd_connected(hapd): | |
1333 | ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15) | |
1334 | if ev is None: | |
1335 | raise Exception("Timeout on AP-STA-CONNECTED from hostapd") | |
1336 | ||
8030e2b5 | 1337 | def eapol_test(apdev, dev, wpa2=True, ieee80211w=0): |
821490f5 | 1338 | bssid = apdev['bssid'] |
a52fd1c3 JM |
1339 | if wpa2: |
1340 | ssid = "test-wpa2-psk" | |
1341 | else: | |
1342 | ssid = "test-wpa-psk" | |
821490f5 JM |
1343 | psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6' |
1344 | pmk = binascii.unhexlify(psk) | |
a52fd1c3 JM |
1345 | if wpa2: |
1346 | params = hostapd.wpa2_params(ssid=ssid) | |
1347 | else: | |
1348 | params = hostapd.wpa_params(ssid=ssid) | |
821490f5 | 1349 | params['wpa_psk'] = psk |
8030e2b5 | 1350 | params['ieee80211w'] = str(ieee80211w) |
afc26df2 | 1351 | hapd = hostapd.add_ap(apdev, params) |
821490f5 JM |
1352 | hapd.request("SET ext_eapol_frame_io 1") |
1353 | dev.request("SET ext_eapol_frame_io 1") | |
8030e2b5 JM |
1354 | dev.connect(ssid, raw_psk=psk, scan_freq="2412", wait_connect=False, |
1355 | ieee80211w=str(ieee80211w)) | |
821490f5 | 1356 | addr = dev.p2p_interface_addr() |
a52fd1c3 | 1357 | if wpa2: |
8030e2b5 JM |
1358 | if ieee80211w == 2: |
1359 | rsne = binascii.unhexlify('30140100000fac040100000fac040100000fac02cc00') | |
1360 | else: | |
1361 | rsne = binascii.unhexlify('30140100000fac040100000fac040100000fac020000') | |
a52fd1c3 JM |
1362 | else: |
1363 | rsne = binascii.unhexlify('dd160050f20101000050f20201000050f20201000050f202') | |
821490f5 | 1364 | snonce = binascii.unhexlify('1111111111111111111111111111111111111111111111111111111111111111') |
fab49f61 | 1365 | return (bssid, ssid, hapd, snonce, pmk, addr, rsne) |
821490f5 | 1366 | |
9fd6804d | 1367 | @remote_compatible |
821490f5 JM |
1368 | def test_ap_wpa2_psk_ext_eapol(dev, apdev): |
1369 | """WPA2-PSK AP using external EAPOL supplicant""" | |
fab49f61 | 1370 | (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) |
821490f5 JM |
1371 | |
1372 | msg = recv_eapol(hapd) | |
1373 | anonce = msg['rsn_key_nonce'] | |
1374 | logger.info("Replay same data back") | |
1375 | send_eapol(hapd, addr, build_eapol(msg)) | |
1376 | ||
1377 | (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) | |
1378 | ||
1379 | logger.info("Truncated Key Data in EAPOL-Key msg 2/4") | |
1380 | rsn_eapol_key_set(msg, 0x0101, 0, snonce, rsne) | |
1381 | msg['length'] = 95 + 22 - 1 | |
1382 | send_eapol(hapd, addr, build_eapol(msg)) | |
1383 | ||
1384 | reply_eapol("2/4", hapd, addr, msg, 0x010a, snonce, rsne, kck) | |
1385 | ||
1386 | msg = recv_eapol(hapd) | |
1387 | if anonce != msg['rsn_key_nonce']: | |
1388 | raise Exception("ANonce changed") | |
1389 | logger.info("Replay same data back") | |
1390 | send_eapol(hapd, addr, build_eapol(msg)) | |
1391 | ||
1392 | reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck) | |
1393 | hapd_connected(hapd) | |
1394 | ||
9fd6804d | 1395 | @remote_compatible |
821490f5 JM |
1396 | def test_ap_wpa2_psk_ext_eapol_retry1(dev, apdev): |
1397 | """WPA2 4-way handshake with EAPOL-Key 1/4 retransmitted""" | |
fab49f61 | 1398 | (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) |
821490f5 JM |
1399 | |
1400 | msg1 = recv_eapol(hapd) | |
1401 | anonce = msg1['rsn_key_nonce'] | |
1402 | ||
1403 | msg2 = recv_eapol(hapd) | |
1404 | if anonce != msg2['rsn_key_nonce']: | |
1405 | raise Exception("ANonce changed") | |
1406 | ||
1407 | (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) | |
1408 | ||
1409 | logger.info("Send EAPOL-Key msg 2/4") | |
1410 | msg = msg2 | |
1411 | rsn_eapol_key_set(msg, 0x010a, 0, snonce, rsne) | |
1412 | eapol_key_mic(kck, msg) | |
1413 | send_eapol(hapd, addr, build_eapol(msg)) | |
1414 | ||
1415 | msg = recv_eapol(hapd) | |
1416 | if anonce != msg['rsn_key_nonce']: | |
1417 | raise Exception("ANonce changed") | |
1418 | ||
1419 | reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck) | |
1420 | hapd_connected(hapd) | |
1421 | ||
9fd6804d | 1422 | @remote_compatible |
821490f5 JM |
1423 | def test_ap_wpa2_psk_ext_eapol_retry1b(dev, apdev): |
1424 | """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted""" | |
fab49f61 | 1425 | (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) |
821490f5 JM |
1426 | |
1427 | msg1 = recv_eapol(hapd) | |
1428 | anonce = msg1['rsn_key_nonce'] | |
1429 | msg2 = recv_eapol(hapd) | |
1430 | if anonce != msg2['rsn_key_nonce']: | |
1431 | raise Exception("ANonce changed") | |
1432 | ||
1433 | (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) | |
1434 | reply_eapol("2/4 (a)", hapd, addr, msg1, 0x010a, snonce, rsne, kck) | |
1435 | reply_eapol("2/4 (b)", hapd, addr, msg2, 0x010a, snonce, rsne, kck) | |
1436 | ||
1437 | msg = recv_eapol(hapd) | |
1438 | if anonce != msg['rsn_key_nonce']: | |
1439 | raise Exception("ANonce changed") | |
1440 | ||
1441 | reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck) | |
1442 | hapd_connected(hapd) | |
1443 | ||
9fd6804d | 1444 | @remote_compatible |
821490f5 JM |
1445 | def test_ap_wpa2_psk_ext_eapol_retry1c(dev, apdev): |
1446 | """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted and SNonce changing""" | |
fab49f61 | 1447 | (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) |
821490f5 JM |
1448 | |
1449 | msg1 = recv_eapol(hapd) | |
1450 | anonce = msg1['rsn_key_nonce'] | |
1451 | ||
1452 | msg2 = recv_eapol(hapd) | |
1453 | if anonce != msg2['rsn_key_nonce']: | |
1454 | raise Exception("ANonce changed") | |
1455 | (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) | |
1456 | reply_eapol("2/4 (a)", hapd, addr, msg1, 0x010a, snonce, rsne, kck) | |
1457 | ||
1458 | snonce2 = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') | |
1459 | (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce2, anonce) | |
1460 | reply_eapol("2/4 (b)", hapd, addr, msg2, 0x010a, snonce2, rsne, kck) | |
1461 | ||
1462 | msg = recv_eapol(hapd) | |
1463 | if anonce != msg['rsn_key_nonce']: | |
1464 | raise Exception("ANonce changed") | |
1465 | reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck) | |
1466 | hapd_connected(hapd) | |
1467 | ||
9fd6804d | 1468 | @remote_compatible |
821490f5 JM |
1469 | def test_ap_wpa2_psk_ext_eapol_retry1d(dev, apdev): |
1470 | """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted and SNonce changing and older used""" | |
fab49f61 | 1471 | (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) |
821490f5 JM |
1472 | |
1473 | msg1 = recv_eapol(hapd) | |
1474 | anonce = msg1['rsn_key_nonce'] | |
1475 | msg2 = recv_eapol(hapd) | |
1476 | if anonce != msg2['rsn_key_nonce']: | |
1477 | raise Exception("ANonce changed") | |
1478 | ||
1479 | (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) | |
1480 | reply_eapol("2/4 (a)", hapd, addr, msg1, 0x010a, snonce, rsne, kck) | |
1481 | ||
1482 | snonce2 = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') | |
1483 | (ptk2, kck2, kek2) = pmk_to_ptk(pmk, addr, bssid, snonce2, anonce) | |
1484 | ||
1485 | reply_eapol("2/4 (b)", hapd, addr, msg2, 0x010a, snonce2, rsne, kck2) | |
1486 | msg = recv_eapol(hapd) | |
1487 | if anonce != msg['rsn_key_nonce']: | |
1488 | raise Exception("ANonce changed") | |
1489 | reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck) | |
1490 | hapd_connected(hapd) | |
53b9bedb | 1491 | |
9fd6804d | 1492 | @remote_compatible |
53b9bedb JM |
1493 | def test_ap_wpa2_psk_ext_eapol_type_diff(dev, apdev): |
1494 | """WPA2 4-way handshake using external EAPOL supplicant""" | |
fab49f61 | 1495 | (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) |
53b9bedb JM |
1496 | |
1497 | msg = recv_eapol(hapd) | |
1498 | anonce = msg['rsn_key_nonce'] | |
1499 | ||
1500 | (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) | |
1501 | ||
1502 | # Incorrect descriptor type (frame dropped) | |
1503 | msg['descr_type'] = 253 | |
1504 | rsn_eapol_key_set(msg, 0x010a, 0, snonce, rsne) | |
1505 | eapol_key_mic(kck, msg) | |
1506 | send_eapol(hapd, addr, build_eapol(msg)) | |
1507 | ||
1508 | # Incorrect descriptor type, but with a workaround (frame processed) | |
1509 | msg['descr_type'] = 254 | |
1510 | rsn_eapol_key_set(msg, 0x010a, 0, snonce, rsne) | |
1511 | eapol_key_mic(kck, msg) | |
1512 | send_eapol(hapd, addr, build_eapol(msg)) | |
1513 | ||
1514 | msg = recv_eapol(hapd) | |
1515 | if anonce != msg['rsn_key_nonce']: | |
1516 | raise Exception("ANonce changed") | |
1517 | logger.info("Replay same data back") | |
1518 | send_eapol(hapd, addr, build_eapol(msg)) | |
1519 | ||
1520 | reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck) | |
1521 | hapd_connected(hapd) | |
a52fd1c3 | 1522 | |
9fd6804d | 1523 | @remote_compatible |
a52fd1c3 JM |
1524 | def test_ap_wpa_psk_ext_eapol(dev, apdev): |
1525 | """WPA2-PSK AP using external EAPOL supplicant""" | |
fab49f61 JM |
1526 | (bssid, ssid, hapd, snonce, pmk, addr, wpae) = eapol_test(apdev[0], dev[0], |
1527 | wpa2=False) | |
a52fd1c3 JM |
1528 | |
1529 | msg = recv_eapol(hapd) | |
1530 | anonce = msg['rsn_key_nonce'] | |
1531 | logger.info("Replay same data back") | |
1532 | send_eapol(hapd, addr, build_eapol(msg)) | |
1533 | logger.info("Too short data") | |
1534 | send_eapol(hapd, addr, build_eapol(msg)[0:98]) | |
1535 | ||
1536 | (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) | |
1537 | msg['descr_type'] = 2 | |
1538 | reply_eapol("2/4(invalid type)", hapd, addr, msg, 0x010a, snonce, wpae, kck) | |
1539 | msg['descr_type'] = 254 | |
1540 | reply_eapol("2/4", hapd, addr, msg, 0x010a, snonce, wpae, kck) | |
1541 | ||
1542 | msg = recv_eapol(hapd) | |
1543 | if anonce != msg['rsn_key_nonce']: | |
1544 | raise Exception("ANonce changed") | |
1545 | logger.info("Replay same data back") | |
1546 | send_eapol(hapd, addr, build_eapol(msg)) | |
1547 | ||
1548 | reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck) | |
1549 | hapd_connected(hapd) | |
64d04af5 | 1550 | |
9fd6804d | 1551 | @remote_compatible |
64d04af5 JM |
1552 | def test_ap_wpa2_psk_ext_eapol_key_info(dev, apdev): |
1553 | """WPA2-PSK 4-way handshake with strange key info values""" | |
fab49f61 | 1554 | (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) |
64d04af5 JM |
1555 | |
1556 | msg = recv_eapol(hapd) | |
1557 | anonce = msg['rsn_key_nonce'] | |
1558 | ||
1559 | (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) | |
1560 | rsn_eapol_key_set(msg, 0x0000, 0, snonce, rsne) | |
1561 | send_eapol(hapd, addr, build_eapol(msg)) | |
1562 | rsn_eapol_key_set(msg, 0xffff, 0, snonce, rsne) | |
1563 | send_eapol(hapd, addr, build_eapol(msg)) | |
1564 | # SMK M1 | |
1565 | rsn_eapol_key_set(msg, 0x2802, 0, snonce, rsne) | |
1566 | send_eapol(hapd, addr, build_eapol(msg)) | |
1567 | # SMK M3 | |
1568 | rsn_eapol_key_set(msg, 0x2002, 0, snonce, rsne) | |
1569 | send_eapol(hapd, addr, build_eapol(msg)) | |
1570 | # Request | |
1571 | rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne) | |
1572 | send_eapol(hapd, addr, build_eapol(msg)) | |
1573 | # Request | |
1574 | rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne) | |
1575 | tmp_kck = binascii.unhexlify('00000000000000000000000000000000') | |
1576 | eapol_key_mic(tmp_kck, msg) | |
1577 | send_eapol(hapd, addr, build_eapol(msg)) | |
1578 | ||
1579 | reply_eapol("2/4", hapd, addr, msg, 0x010a, snonce, rsne, kck) | |
1580 | ||
1581 | msg = recv_eapol(hapd) | |
1582 | if anonce != msg['rsn_key_nonce']: | |
1583 | raise Exception("ANonce changed") | |
1584 | ||
1585 | # Request (valic MIC) | |
1586 | rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne) | |
1587 | eapol_key_mic(kck, msg) | |
1588 | send_eapol(hapd, addr, build_eapol(msg)) | |
1589 | # Request (valid MIC, replayed counter) | |
1590 | rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne) | |
1591 | eapol_key_mic(kck, msg) | |
1592 | send_eapol(hapd, addr, build_eapol(msg)) | |
1593 | ||
1594 | reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck) | |
1595 | hapd_connected(hapd) | |
5b3c40a6 | 1596 | |
15dfcb69 | 1597 | def build_eapol_key_1_4(anonce, replay_counter=1, key_data=b'', key_len=16): |
e0c46c8e JM |
1598 | msg = {} |
1599 | msg['version'] = 2 | |
1600 | msg['type'] = 3 | |
1601 | msg['length'] = 95 + len(key_data) | |
1602 | ||
1603 | msg['descr_type'] = 2 | |
1604 | msg['rsn_key_info'] = 0x8a | |
1605 | msg['rsn_key_len'] = key_len | |
1606 | msg['rsn_replay_counter'] = struct.pack('>Q', replay_counter) | |
1607 | msg['rsn_key_nonce'] = anonce | |
1608 | msg['rsn_key_iv'] = binascii.unhexlify('00000000000000000000000000000000') | |
1609 | msg['rsn_key_rsc'] = binascii.unhexlify('0000000000000000') | |
1610 | msg['rsn_key_id'] = binascii.unhexlify('0000000000000000') | |
1611 | msg['rsn_key_mic'] = binascii.unhexlify('00000000000000000000000000000000') | |
1612 | msg['rsn_key_data_len'] = len(key_data) | |
1613 | msg['rsn_key_data'] = key_data | |
1614 | return msg | |
1615 | ||
1616 | def build_eapol_key_3_4(anonce, kck, key_data, replay_counter=2, | |
1617 | key_info=0x13ca, extra_len=0, descr_type=2, key_len=16): | |
1618 | msg = {} | |
1619 | msg['version'] = 2 | |
1620 | msg['type'] = 3 | |
1621 | msg['length'] = 95 + len(key_data) + extra_len | |
1622 | ||
1623 | msg['descr_type'] = descr_type | |
1624 | msg['rsn_key_info'] = key_info | |
1625 | msg['rsn_key_len'] = key_len | |
1626 | msg['rsn_replay_counter'] = struct.pack('>Q', replay_counter) | |
1627 | msg['rsn_key_nonce'] = anonce | |
1628 | msg['rsn_key_iv'] = binascii.unhexlify('00000000000000000000000000000000') | |
1629 | msg['rsn_key_rsc'] = binascii.unhexlify('0000000000000000') | |
1630 | msg['rsn_key_id'] = binascii.unhexlify('0000000000000000') | |
1631 | msg['rsn_key_data_len'] = len(key_data) | |
1632 | msg['rsn_key_data'] = key_data | |
1633 | eapol_key_mic(kck, msg) | |
1634 | return msg | |
1635 | ||
1636 | def aes_wrap(kek, plain): | |
236bbda8 | 1637 | n = len(plain) // 8 |
e0c46c8e JM |
1638 | a = 0xa6a6a6a6a6a6a6a6 |
1639 | enc = AES.new(kek).encrypt | |
1640 | r = [plain[i * 8:(i + 1) * 8] for i in range(0, n)] | |
1641 | for j in range(6): | |
1642 | for i in range(1, n + 1): | |
1643 | b = enc(struct.pack('>Q', a) + r[i - 1]) | |
1644 | a = struct.unpack('>Q', b[:8])[0] ^ (n * j + i) | |
fab49f61 | 1645 | r[i - 1] = b[8:] |
15dfcb69 | 1646 | return struct.pack('>Q', a) + b''.join(r) |
e0c46c8e JM |
1647 | |
1648 | def pad_key_data(plain): | |
1649 | pad_len = len(plain) % 8 | |
1650 | if pad_len: | |
1651 | pad_len = 8 - pad_len | |
15dfcb69 | 1652 | plain += b'\xdd' |
e0c46c8e | 1653 | pad_len -= 1 |
15dfcb69 | 1654 | plain += pad_len * b'\x00' |
e0c46c8e JM |
1655 | return plain |
1656 | ||
1657 | def test_ap_wpa2_psk_supp_proto(dev, apdev): | |
1658 | """WPA2-PSK 4-way handshake protocol testing for supplicant""" | |
fab49f61 | 1659 | (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) |
e0c46c8e JM |
1660 | |
1661 | # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated | |
1662 | msg = recv_eapol(hapd) | |
1663 | dev[0].dump_monitor() | |
1664 | ||
1665 | # Build own EAPOL-Key msg 1/4 | |
1666 | anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') | |
1667 | counter = 1 | |
1668 | msg = build_eapol_key_1_4(anonce, replay_counter=counter) | |
1669 | counter += 1 | |
069daec4 | 1670 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
1671 | msg = recv_eapol(dev[0]) |
1672 | snonce = msg['rsn_key_nonce'] | |
1673 | ||
1674 | (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) | |
1675 | ||
1676 | logger.debug("Invalid AES wrap data length 0") | |
1677 | dev[0].dump_monitor() | |
15dfcb69 | 1678 | msg = build_eapol_key_3_4(anonce, kck, b'', replay_counter=counter) |
e0c46c8e | 1679 | counter += 1 |
069daec4 | 1680 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
1681 | ev = dev[0].wait_event(["WPA: Unsupported AES-WRAP len 0"]) |
1682 | if ev is None: | |
1683 | raise Exception("Unsupported AES-WRAP len 0 not reported") | |
1684 | ||
1685 | logger.debug("Invalid AES wrap data length 1") | |
1686 | dev[0].dump_monitor() | |
15dfcb69 | 1687 | msg = build_eapol_key_3_4(anonce, kck, b'1', replay_counter=counter) |
e0c46c8e | 1688 | counter += 1 |
069daec4 | 1689 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
1690 | ev = dev[0].wait_event(["WPA: Unsupported AES-WRAP len 1"]) |
1691 | if ev is None: | |
1692 | raise Exception("Unsupported AES-WRAP len 1 not reported") | |
1693 | ||
1694 | logger.debug("Invalid AES wrap data length 9") | |
1695 | dev[0].dump_monitor() | |
15dfcb69 | 1696 | msg = build_eapol_key_3_4(anonce, kck, b'123456789', replay_counter=counter) |
e0c46c8e | 1697 | counter += 1 |
069daec4 | 1698 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
1699 | ev = dev[0].wait_event(["WPA: Unsupported AES-WRAP len 9"]) |
1700 | if ev is None: | |
1701 | raise Exception("Unsupported AES-WRAP len 9 not reported") | |
1702 | ||
1703 | logger.debug("Invalid AES wrap data payload") | |
1704 | dev[0].dump_monitor() | |
15dfcb69 | 1705 | msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter) |
e0c46c8e | 1706 | # do not increment counter to test replay protection |
069daec4 | 1707 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
1708 | ev = dev[0].wait_event(["WPA: AES unwrap failed"]) |
1709 | if ev is None: | |
1710 | raise Exception("AES unwrap failure not reported") | |
1711 | ||
1712 | logger.debug("Replay Count not increasing") | |
1713 | dev[0].dump_monitor() | |
15dfcb69 | 1714 | msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter) |
e0c46c8e | 1715 | counter += 1 |
069daec4 | 1716 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
1717 | ev = dev[0].wait_event(["WPA: EAPOL-Key Replay Counter did not increase"]) |
1718 | if ev is None: | |
1719 | raise Exception("Replay Counter replay not reported") | |
1720 | ||
1721 | logger.debug("Missing Ack bit in key info") | |
1722 | dev[0].dump_monitor() | |
15dfcb69 | 1723 | msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter, |
e0c46c8e JM |
1724 | key_info=0x134a) |
1725 | counter += 1 | |
069daec4 | 1726 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
1727 | ev = dev[0].wait_event(["WPA: No Ack bit in key_info"]) |
1728 | if ev is None: | |
1729 | raise Exception("Missing Ack bit not reported") | |
1730 | ||
1731 | logger.debug("Unexpected Request bit in key info") | |
1732 | dev[0].dump_monitor() | |
15dfcb69 | 1733 | msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter, |
e0c46c8e JM |
1734 | key_info=0x1bca) |
1735 | counter += 1 | |
069daec4 | 1736 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
1737 | ev = dev[0].wait_event(["WPA: EAPOL-Key with Request bit"]) |
1738 | if ev is None: | |
1739 | raise Exception("Request bit not reported") | |
1740 | ||
1741 | logger.debug("Unsupported key descriptor version 0") | |
1742 | dev[0].dump_monitor() | |
15dfcb69 | 1743 | msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef', |
e0c46c8e JM |
1744 | replay_counter=counter, key_info=0x13c8) |
1745 | counter += 1 | |
069daec4 | 1746 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
1747 | ev = dev[0].wait_event(["WPA: Unsupported EAPOL-Key descriptor version 0"]) |
1748 | if ev is None: | |
1749 | raise Exception("Unsupported EAPOL-Key descriptor version 0 not reported") | |
1750 | ||
1751 | logger.debug("Key descriptor version 1 not allowed with CCMP") | |
1752 | dev[0].dump_monitor() | |
15dfcb69 | 1753 | msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef', |
e0c46c8e JM |
1754 | replay_counter=counter, key_info=0x13c9) |
1755 | counter += 1 | |
069daec4 | 1756 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
1757 | ev = dev[0].wait_event(["WPA: CCMP is used, but EAPOL-Key descriptor version (1) is not 2"]) |
1758 | if ev is None: | |
1759 | raise Exception("Not allowed EAPOL-Key descriptor version not reported") | |
1760 | ||
1761 | logger.debug("Invalid AES wrap payload with key descriptor version 2") | |
1762 | dev[0].dump_monitor() | |
15dfcb69 | 1763 | msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef', |
e0c46c8e JM |
1764 | replay_counter=counter, key_info=0x13ca) |
1765 | counter += 1 | |
069daec4 | 1766 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
1767 | ev = dev[0].wait_event(["WPA: AES unwrap failed"]) |
1768 | if ev is None: | |
1769 | raise Exception("AES unwrap failure not reported") | |
1770 | ||
1771 | logger.debug("Key descriptor version 3 workaround") | |
1772 | dev[0].dump_monitor() | |
15dfcb69 | 1773 | msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef', |
e0c46c8e JM |
1774 | replay_counter=counter, key_info=0x13cb) |
1775 | counter += 1 | |
069daec4 | 1776 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
1777 | ev = dev[0].wait_event(["WPA: CCMP is used, but EAPOL-Key descriptor version (3) is not 2"]) |
1778 | if ev is None: | |
1779 | raise Exception("CCMP key descriptor mismatch not reported") | |
1780 | ev = dev[0].wait_event(["WPA: Interoperability workaround"]) | |
1781 | if ev is None: | |
1782 | raise Exception("AES-128-CMAC workaround not reported") | |
1783 | ev = dev[0].wait_event(["WPA: Invalid EAPOL-Key MIC - dropping packet"]) | |
1784 | if ev is None: | |
1785 | raise Exception("MIC failure with AES-128-CMAC workaround not reported") | |
1786 | ||
1787 | logger.debug("Unsupported key descriptor version 4") | |
1788 | dev[0].dump_monitor() | |
15dfcb69 | 1789 | msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef', |
e0c46c8e JM |
1790 | replay_counter=counter, key_info=0x13cc) |
1791 | counter += 1 | |
069daec4 | 1792 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
1793 | ev = dev[0].wait_event(["WPA: Unsupported EAPOL-Key descriptor version 4"]) |
1794 | if ev is None: | |
1795 | raise Exception("Unsupported EAPOL-Key descriptor version 4 not reported") | |
1796 | ||
1797 | logger.debug("Unsupported key descriptor version 7") | |
1798 | dev[0].dump_monitor() | |
15dfcb69 | 1799 | msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef', |
e0c46c8e JM |
1800 | replay_counter=counter, key_info=0x13cf) |
1801 | counter += 1 | |
069daec4 | 1802 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
1803 | ev = dev[0].wait_event(["WPA: Unsupported EAPOL-Key descriptor version 7"]) |
1804 | if ev is None: | |
1805 | raise Exception("Unsupported EAPOL-Key descriptor version 7 not reported") | |
1806 | ||
1807 | logger.debug("Too short EAPOL header length") | |
1808 | dev[0].dump_monitor() | |
15dfcb69 | 1809 | msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter, |
e0c46c8e JM |
1810 | extra_len=-1) |
1811 | counter += 1 | |
069daec4 | 1812 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
1813 | ev = dev[0].wait_event(["WPA: Invalid EAPOL-Key frame - key_data overflow (8 > 7)"]) |
1814 | if ev is None: | |
1815 | raise Exception("Key data overflow not reported") | |
1816 | ||
1817 | logger.debug("Too long EAPOL header length") | |
15dfcb69 | 1818 | msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter, |
e0c46c8e JM |
1819 | extra_len=1) |
1820 | counter += 1 | |
069daec4 | 1821 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
1822 | |
1823 | logger.debug("Unsupported descriptor type 0") | |
15dfcb69 | 1824 | msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter, |
e0c46c8e JM |
1825 | descr_type=0) |
1826 | counter += 1 | |
069daec4 | 1827 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
1828 | |
1829 | logger.debug("WPA descriptor type 0") | |
15dfcb69 | 1830 | msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter, |
e0c46c8e JM |
1831 | descr_type=254) |
1832 | counter += 1 | |
069daec4 | 1833 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
1834 | |
1835 | logger.debug("Non-zero key index for pairwise key") | |
1836 | dev[0].dump_monitor() | |
15dfcb69 | 1837 | wrapped = aes_wrap(kek, 16*b'z') |
e0c46c8e JM |
1838 | msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter, |
1839 | key_info=0x13ea) | |
1840 | counter += 1 | |
069daec4 | 1841 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
1842 | ev = dev[0].wait_event(["WPA: Ignored EAPOL-Key (Pairwise) with non-zero key index"]) |
1843 | if ev is None: | |
1844 | raise Exception("Non-zero key index not reported") | |
1845 | ||
1846 | logger.debug("Invalid Key Data plaintext payload --> disconnect") | |
1847 | dev[0].dump_monitor() | |
15dfcb69 | 1848 | wrapped = aes_wrap(kek, 16*b'z') |
e0c46c8e JM |
1849 | msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter) |
1850 | counter += 1 | |
069daec4 | 1851 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
1852 | dev[0].wait_disconnected(timeout=1) |
1853 | ||
1854 | def test_ap_wpa2_psk_supp_proto_no_ie(dev, apdev): | |
1855 | """WPA2-PSK supplicant protocol testing: IE not included""" | |
fab49f61 | 1856 | (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) |
e0c46c8e JM |
1857 | |
1858 | # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated | |
1859 | msg = recv_eapol(hapd) | |
1860 | dev[0].dump_monitor() | |
1861 | ||
1862 | # Build own EAPOL-Key msg 1/4 | |
1863 | anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') | |
1864 | counter = 1 | |
1865 | msg = build_eapol_key_1_4(anonce, replay_counter=counter) | |
1866 | counter += 1 | |
069daec4 | 1867 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
1868 | msg = recv_eapol(dev[0]) |
1869 | snonce = msg['rsn_key_nonce'] | |
1870 | ||
1871 | (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) | |
1872 | ||
1873 | logger.debug("No IEs in msg 3/4 --> disconnect") | |
1874 | dev[0].dump_monitor() | |
15dfcb69 | 1875 | wrapped = aes_wrap(kek, 16*b'\x00') |
e0c46c8e JM |
1876 | msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter) |
1877 | counter += 1 | |
069daec4 | 1878 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
1879 | dev[0].wait_disconnected(timeout=1) |
1880 | ||
1881 | def test_ap_wpa2_psk_supp_proto_ie_mismatch(dev, apdev): | |
1882 | """WPA2-PSK supplicant protocol testing: IE mismatch""" | |
fab49f61 | 1883 | (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) |
e0c46c8e JM |
1884 | |
1885 | # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated | |
1886 | msg = recv_eapol(hapd) | |
1887 | dev[0].dump_monitor() | |
1888 | ||
1889 | # Build own EAPOL-Key msg 1/4 | |
1890 | anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') | |
1891 | counter = 1 | |
1892 | msg = build_eapol_key_1_4(anonce, replay_counter=counter) | |
1893 | counter += 1 | |
069daec4 | 1894 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
1895 | msg = recv_eapol(dev[0]) |
1896 | snonce = msg['rsn_key_nonce'] | |
1897 | ||
1898 | (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) | |
1899 | ||
1900 | logger.debug("Msg 3/4 with mismatching IE") | |
1901 | dev[0].dump_monitor() | |
1902 | wrapped = aes_wrap(kek, pad_key_data(binascii.unhexlify('30060100000fac04dd16000fac010100dc11188831bf4aa4a8678d2b41498618'))) | |
1903 | msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter) | |
1904 | counter += 1 | |
069daec4 | 1905 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
1906 | dev[0].wait_disconnected(timeout=1) |
1907 | ||
1908 | def test_ap_wpa2_psk_supp_proto_ok(dev, apdev): | |
1909 | """WPA2-PSK supplicant protocol testing: success""" | |
fab49f61 | 1910 | (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) |
e0c46c8e JM |
1911 | |
1912 | # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated | |
1913 | msg = recv_eapol(hapd) | |
1914 | dev[0].dump_monitor() | |
1915 | ||
1916 | # Build own EAPOL-Key msg 1/4 | |
1917 | anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') | |
1918 | counter = 1 | |
1919 | msg = build_eapol_key_1_4(anonce, replay_counter=counter) | |
1920 | counter += 1 | |
069daec4 | 1921 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
1922 | msg = recv_eapol(dev[0]) |
1923 | snonce = msg['rsn_key_nonce'] | |
1924 | ||
1925 | (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) | |
1926 | ||
1927 | logger.debug("Valid EAPOL-Key msg 3/4") | |
1928 | dev[0].dump_monitor() | |
1929 | plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618') | |
1930 | wrapped = aes_wrap(kek, pad_key_data(plain)) | |
1931 | msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter) | |
1932 | counter += 1 | |
069daec4 | 1933 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
1934 | dev[0].wait_connected(timeout=1) |
1935 | ||
1936 | def test_ap_wpa2_psk_supp_proto_no_gtk(dev, apdev): | |
1937 | """WPA2-PSK supplicant protocol testing: no GTK""" | |
fab49f61 | 1938 | (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) |
e0c46c8e JM |
1939 | |
1940 | # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated | |
1941 | msg = recv_eapol(hapd) | |
1942 | dev[0].dump_monitor() | |
1943 | ||
1944 | # Build own EAPOL-Key msg 1/4 | |
1945 | anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') | |
1946 | counter = 1 | |
1947 | msg = build_eapol_key_1_4(anonce, replay_counter=counter) | |
1948 | counter += 1 | |
069daec4 | 1949 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
1950 | msg = recv_eapol(dev[0]) |
1951 | snonce = msg['rsn_key_nonce'] | |
1952 | ||
1953 | (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) | |
1954 | ||
1955 | logger.debug("EAPOL-Key msg 3/4 without GTK KDE") | |
1956 | dev[0].dump_monitor() | |
1957 | plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00') | |
1958 | wrapped = aes_wrap(kek, pad_key_data(plain)) | |
1959 | msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter) | |
1960 | counter += 1 | |
069daec4 | 1961 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
1962 | ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.1) |
1963 | if ev is not None: | |
1964 | raise Exception("Unexpected connection completion reported") | |
1965 | ||
1966 | def test_ap_wpa2_psk_supp_proto_anonce_change(dev, apdev): | |
1967 | """WPA2-PSK supplicant protocol testing: ANonce change""" | |
fab49f61 | 1968 | (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) |
e0c46c8e JM |
1969 | |
1970 | # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated | |
1971 | msg = recv_eapol(hapd) | |
1972 | dev[0].dump_monitor() | |
1973 | ||
1974 | # Build own EAPOL-Key msg 1/4 | |
1975 | anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') | |
1976 | counter = 1 | |
1977 | msg = build_eapol_key_1_4(anonce, replay_counter=counter) | |
1978 | counter += 1 | |
069daec4 | 1979 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
1980 | msg = recv_eapol(dev[0]) |
1981 | snonce = msg['rsn_key_nonce'] | |
1982 | ||
1983 | (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) | |
1984 | ||
1985 | logger.debug("Valid EAPOL-Key msg 3/4") | |
1986 | dev[0].dump_monitor() | |
1987 | anonce2 = binascii.unhexlify('3333333333333333333333333333333333333333333333333333333333333333') | |
1988 | plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618') | |
1989 | wrapped = aes_wrap(kek, pad_key_data(plain)) | |
1990 | msg = build_eapol_key_3_4(anonce2, kck, wrapped, replay_counter=counter) | |
1991 | counter += 1 | |
069daec4 | 1992 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
1993 | ev = dev[0].wait_event(["WPA: ANonce from message 1 of 4-Way Handshake differs from 3 of 4-Way Handshake"]) |
1994 | if ev is None: | |
1995 | raise Exception("ANonce change not reported") | |
1996 | ||
1997 | def test_ap_wpa2_psk_supp_proto_unexpected_group_msg(dev, apdev): | |
1998 | """WPA2-PSK supplicant protocol testing: unexpected group message""" | |
fab49f61 | 1999 | (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) |
e0c46c8e JM |
2000 | |
2001 | # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated | |
2002 | msg = recv_eapol(hapd) | |
2003 | dev[0].dump_monitor() | |
2004 | ||
2005 | # Build own EAPOL-Key msg 1/4 | |
2006 | anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') | |
2007 | counter = 1 | |
2008 | msg = build_eapol_key_1_4(anonce, replay_counter=counter) | |
2009 | counter += 1 | |
069daec4 | 2010 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
2011 | msg = recv_eapol(dev[0]) |
2012 | snonce = msg['rsn_key_nonce'] | |
2013 | ||
2014 | (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) | |
2015 | ||
2016 | logger.debug("Group key 1/2 instead of msg 3/4") | |
2017 | dev[0].dump_monitor() | |
2018 | wrapped = aes_wrap(kek, binascii.unhexlify('dd16000fac010100dc11188831bf4aa4a8678d2b41498618')) | |
2019 | msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter, | |
2020 | key_info=0x13c2) | |
2021 | counter += 1 | |
069daec4 | 2022 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
2023 | ev = dev[0].wait_event(["WPA: Group Key Handshake started prior to completion of 4-way handshake"]) |
2024 | if ev is None: | |
2025 | raise Exception("Unexpected group key message not reported") | |
2026 | dev[0].wait_disconnected(timeout=1) | |
2027 | ||
9fd6804d | 2028 | @remote_compatible |
e0c46c8e JM |
2029 | def test_ap_wpa2_psk_supp_proto_msg_1_invalid_kde(dev, apdev): |
2030 | """WPA2-PSK supplicant protocol testing: invalid KDE in msg 1/4""" | |
fab49f61 | 2031 | (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) |
e0c46c8e JM |
2032 | |
2033 | # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated | |
2034 | msg = recv_eapol(hapd) | |
2035 | dev[0].dump_monitor() | |
2036 | ||
2037 | # Build own EAPOL-Key msg 1/4 with invalid KDE | |
2038 | anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') | |
2039 | counter = 1 | |
2040 | msg = build_eapol_key_1_4(anonce, replay_counter=counter, | |
2041 | key_data=binascii.unhexlify('5555')) | |
2042 | counter += 1 | |
069daec4 | 2043 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
2044 | dev[0].wait_disconnected(timeout=1) |
2045 | ||
2046 | def test_ap_wpa2_psk_supp_proto_wrong_pairwise_key_len(dev, apdev): | |
2047 | """WPA2-PSK supplicant protocol testing: wrong pairwise key length""" | |
fab49f61 | 2048 | (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) |
e0c46c8e JM |
2049 | |
2050 | # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated | |
2051 | msg = recv_eapol(hapd) | |
2052 | dev[0].dump_monitor() | |
2053 | ||
2054 | # Build own EAPOL-Key msg 1/4 | |
2055 | anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') | |
2056 | counter = 1 | |
2057 | msg = build_eapol_key_1_4(anonce, replay_counter=counter) | |
2058 | counter += 1 | |
069daec4 | 2059 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
2060 | msg = recv_eapol(dev[0]) |
2061 | snonce = msg['rsn_key_nonce'] | |
2062 | ||
2063 | (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) | |
2064 | ||
2065 | logger.debug("Valid EAPOL-Key msg 3/4") | |
2066 | dev[0].dump_monitor() | |
2067 | plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618') | |
2068 | wrapped = aes_wrap(kek, pad_key_data(plain)) | |
2069 | msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter, | |
2070 | key_len=15) | |
2071 | counter += 1 | |
069daec4 | 2072 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
2073 | ev = dev[0].wait_event(["WPA: Invalid CCMP key length 15"]) |
2074 | if ev is None: | |
2075 | raise Exception("Invalid CCMP key length not reported") | |
2076 | dev[0].wait_disconnected(timeout=1) | |
2077 | ||
2078 | def test_ap_wpa2_psk_supp_proto_wrong_group_key_len(dev, apdev): | |
2079 | """WPA2-PSK supplicant protocol testing: wrong group key length""" | |
fab49f61 | 2080 | (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) |
e0c46c8e JM |
2081 | |
2082 | # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated | |
2083 | msg = recv_eapol(hapd) | |
2084 | dev[0].dump_monitor() | |
2085 | ||
2086 | # Build own EAPOL-Key msg 1/4 | |
2087 | anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') | |
2088 | counter = 1 | |
2089 | msg = build_eapol_key_1_4(anonce, replay_counter=counter) | |
2090 | counter += 1 | |
069daec4 | 2091 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
2092 | msg = recv_eapol(dev[0]) |
2093 | snonce = msg['rsn_key_nonce'] | |
2094 | ||
2095 | (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) | |
2096 | ||
2097 | logger.debug("Valid EAPOL-Key msg 3/4") | |
2098 | dev[0].dump_monitor() | |
2099 | plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd15000fac010100dc11188831bf4aa4a8678d2b414986') | |
2100 | wrapped = aes_wrap(kek, pad_key_data(plain)) | |
2101 | msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter) | |
2102 | counter += 1 | |
069daec4 | 2103 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
2104 | ev = dev[0].wait_event(["WPA: Unsupported CCMP Group Cipher key length 15"]) |
2105 | if ev is None: | |
2106 | raise Exception("Invalid CCMP key length not reported") | |
2107 | dev[0].wait_disconnected(timeout=1) | |
2108 | ||
2109 | def test_ap_wpa2_psk_supp_proto_gtk_tx_bit_workaround(dev, apdev): | |
2110 | """WPA2-PSK supplicant protocol testing: GTK TX bit workaround""" | |
fab49f61 | 2111 | (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) |
e0c46c8e JM |
2112 | |
2113 | # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated | |
2114 | msg = recv_eapol(hapd) | |
2115 | dev[0].dump_monitor() | |
2116 | ||
2117 | # Build own EAPOL-Key msg 1/4 | |
2118 | anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') | |
2119 | counter = 1 | |
2120 | msg = build_eapol_key_1_4(anonce, replay_counter=counter) | |
2121 | counter += 1 | |
069daec4 | 2122 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
2123 | msg = recv_eapol(dev[0]) |
2124 | snonce = msg['rsn_key_nonce'] | |
2125 | ||
2126 | (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) | |
2127 | ||
2128 | logger.debug("Valid EAPOL-Key msg 3/4") | |
2129 | dev[0].dump_monitor() | |
2130 | plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010500dc11188831bf4aa4a8678d2b41498618') | |
2131 | wrapped = aes_wrap(kek, pad_key_data(plain)) | |
2132 | msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter) | |
2133 | counter += 1 | |
069daec4 | 2134 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
2135 | ev = dev[0].wait_event(["WPA: Tx bit set for GTK, but pairwise keys are used - ignore Tx bit"]) |
2136 | if ev is None: | |
2137 | raise Exception("GTK Tx bit workaround not reported") | |
2138 | dev[0].wait_connected(timeout=1) | |
2139 | ||
2140 | def test_ap_wpa2_psk_supp_proto_gtk_keyidx_0_and_3(dev, apdev): | |
2141 | """WPA2-PSK supplicant protocol testing: GTK key index 0 and 3""" | |
fab49f61 | 2142 | (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) |
e0c46c8e JM |
2143 | |
2144 | # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated | |
2145 | msg = recv_eapol(hapd) | |
2146 | dev[0].dump_monitor() | |
2147 | ||
2148 | # Build own EAPOL-Key msg 1/4 | |
2149 | anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') | |
2150 | counter = 1 | |
2151 | msg = build_eapol_key_1_4(anonce, replay_counter=counter) | |
2152 | counter += 1 | |
069daec4 | 2153 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
2154 | msg = recv_eapol(dev[0]) |
2155 | snonce = msg['rsn_key_nonce'] | |
2156 | ||
2157 | (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) | |
2158 | ||
2159 | logger.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)") | |
2160 | dev[0].dump_monitor() | |
2161 | plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618') | |
2162 | wrapped = aes_wrap(kek, pad_key_data(plain)) | |
2163 | msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter) | |
2164 | counter += 1 | |
069daec4 | 2165 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
2166 | dev[0].wait_connected(timeout=1) |
2167 | ||
2168 | logger.debug("Valid EAPOL-Key group msg 1/2 (GTK keyidx 3)") | |
2169 | dev[0].dump_monitor() | |
2170 | plain = binascii.unhexlify('dd16000fac010300dc11188831bf4aa4a8678d2b41498618') | |
2171 | wrapped = aes_wrap(kek, pad_key_data(plain)) | |
2172 | msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter, | |
2173 | key_info=0x13c2) | |
2174 | counter += 1 | |
069daec4 | 2175 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
2176 | msg = recv_eapol(dev[0]) |
2177 | ev = dev[0].wait_event(["WPA: Group rekeying completed"]) | |
2178 | if ev is None: | |
2179 | raise Exception("GTK rekeing not reported") | |
2180 | ||
2181 | logger.debug("Unencrypted GTK KDE in group msg 1/2") | |
2182 | dev[0].dump_monitor() | |
2183 | plain = binascii.unhexlify('dd16000fac010300dc11188831bf4aa4a8678d2b41498618') | |
2184 | msg = build_eapol_key_3_4(anonce, kck, plain, replay_counter=counter, | |
2185 | key_info=0x03c2) | |
2186 | counter += 1 | |
069daec4 | 2187 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
2188 | ev = dev[0].wait_event(["WPA: GTK IE in unencrypted key data"]) |
2189 | if ev is None: | |
2190 | raise Exception("Unencrypted GTK KDE not reported") | |
2191 | dev[0].wait_disconnected(timeout=1) | |
2192 | ||
2193 | def test_ap_wpa2_psk_supp_proto_no_gtk_in_group_msg(dev, apdev): | |
2194 | """WPA2-PSK supplicant protocol testing: GTK KDE missing from group msg""" | |
fab49f61 | 2195 | (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) |
e0c46c8e JM |
2196 | |
2197 | # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated | |
2198 | msg = recv_eapol(hapd) | |
2199 | dev[0].dump_monitor() | |
2200 | ||
2201 | # Build own EAPOL-Key msg 1/4 | |
2202 | anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') | |
2203 | counter = 1 | |
2204 | msg = build_eapol_key_1_4(anonce, replay_counter=counter) | |
2205 | counter += 1 | |
069daec4 | 2206 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
2207 | msg = recv_eapol(dev[0]) |
2208 | snonce = msg['rsn_key_nonce'] | |
2209 | ||
2210 | (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) | |
2211 | ||
2212 | logger.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)") | |
2213 | dev[0].dump_monitor() | |
2214 | plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618') | |
2215 | wrapped = aes_wrap(kek, pad_key_data(plain)) | |
2216 | msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter) | |
2217 | counter += 1 | |
069daec4 | 2218 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
2219 | dev[0].wait_connected(timeout=1) |
2220 | ||
2221 | logger.debug("No GTK KDE in EAPOL-Key group msg 1/2") | |
2222 | dev[0].dump_monitor() | |
2223 | plain = binascii.unhexlify('dd00dd00dd00dd00dd00dd00dd00dd00') | |
2224 | wrapped = aes_wrap(kek, pad_key_data(plain)) | |
2225 | msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter, | |
2226 | key_info=0x13c2) | |
2227 | counter += 1 | |
069daec4 | 2228 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
2229 | ev = dev[0].wait_event(["WPA: No GTK IE in Group Key msg 1/2"]) |
2230 | if ev is None: | |
2231 | raise Exception("Missing GTK KDE not reported") | |
2232 | dev[0].wait_disconnected(timeout=1) | |
2233 | ||
2234 | def test_ap_wpa2_psk_supp_proto_too_long_gtk_in_group_msg(dev, apdev): | |
2235 | """WPA2-PSK supplicant protocol testing: too long GTK KDE in group msg""" | |
fab49f61 | 2236 | (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) |
e0c46c8e JM |
2237 | |
2238 | # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated | |
2239 | msg = recv_eapol(hapd) | |
2240 | dev[0].dump_monitor() | |
2241 | ||
2242 | # Build own EAPOL-Key msg 1/4 | |
2243 | anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') | |
2244 | counter = 1 | |
2245 | msg = build_eapol_key_1_4(anonce, replay_counter=counter) | |
2246 | counter += 1 | |
069daec4 | 2247 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
2248 | msg = recv_eapol(dev[0]) |
2249 | snonce = msg['rsn_key_nonce'] | |
2250 | ||
2251 | (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) | |
2252 | ||
2253 | logger.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)") | |
2254 | dev[0].dump_monitor() | |
2255 | plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618') | |
2256 | wrapped = aes_wrap(kek, pad_key_data(plain)) | |
2257 | msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter) | |
2258 | counter += 1 | |
069daec4 | 2259 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
2260 | dev[0].wait_connected(timeout=1) |
2261 | ||
2262 | logger.debug("EAPOL-Key group msg 1/2 with too long GTK KDE") | |
2263 | dev[0].dump_monitor() | |
2264 | plain = binascii.unhexlify('dd27000fac010100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff') | |
2265 | wrapped = aes_wrap(kek, pad_key_data(plain)) | |
2266 | msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter, | |
2267 | key_info=0x13c2) | |
2268 | counter += 1 | |
069daec4 | 2269 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
2270 | ev = dev[0].wait_event(["WPA: Unsupported CCMP Group Cipher key length 33"]) |
2271 | if ev is None: | |
2272 | raise Exception("Too long GTK KDE not reported") | |
2273 | dev[0].wait_disconnected(timeout=1) | |
2274 | ||
2275 | def test_ap_wpa2_psk_supp_proto_too_long_gtk_kde(dev, apdev): | |
2276 | """WPA2-PSK supplicant protocol testing: too long GTK KDE""" | |
fab49f61 | 2277 | (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) |
e0c46c8e JM |
2278 | |
2279 | # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated | |
2280 | msg = recv_eapol(hapd) | |
2281 | dev[0].dump_monitor() | |
2282 | ||
2283 | # Build own EAPOL-Key msg 1/4 | |
2284 | anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') | |
2285 | counter = 1 | |
2286 | msg = build_eapol_key_1_4(anonce, replay_counter=counter) | |
2287 | counter += 1 | |
069daec4 | 2288 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
2289 | msg = recv_eapol(dev[0]) |
2290 | snonce = msg['rsn_key_nonce'] | |
2291 | ||
2292 | (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) | |
2293 | ||
2294 | logger.debug("EAPOL-Key msg 3/4 with too short GTK KDE") | |
2295 | dev[0].dump_monitor() | |
2296 | plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd27000fac010100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff') | |
2297 | wrapped = aes_wrap(kek, pad_key_data(plain)) | |
2298 | msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter) | |
2299 | counter += 1 | |
069daec4 | 2300 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
2301 | dev[0].wait_disconnected(timeout=1) |
2302 | ||
2303 | def test_ap_wpa2_psk_supp_proto_gtk_not_encrypted(dev, apdev): | |
2304 | """WPA2-PSK supplicant protocol testing: GTK KDE not encrypted""" | |
fab49f61 | 2305 | (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) |
e0c46c8e JM |
2306 | |
2307 | # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated | |
2308 | msg = recv_eapol(hapd) | |
2309 | dev[0].dump_monitor() | |
2310 | ||
2311 | # Build own EAPOL-Key msg 1/4 | |
2312 | anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') | |
2313 | counter = 1 | |
2314 | msg = build_eapol_key_1_4(anonce, replay_counter=counter) | |
2315 | counter += 1 | |
069daec4 | 2316 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
2317 | msg = recv_eapol(dev[0]) |
2318 | snonce = msg['rsn_key_nonce'] | |
2319 | ||
2320 | (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) | |
2321 | ||
2322 | logger.debug("Valid EAPOL-Key msg 3/4") | |
2323 | dev[0].dump_monitor() | |
2324 | plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618') | |
2325 | msg = build_eapol_key_3_4(anonce, kck, plain, replay_counter=counter, | |
2326 | key_info=0x03ca) | |
2327 | counter += 1 | |
069daec4 | 2328 | send_eapol(dev[0], bssid, build_eapol(msg)) |
e0c46c8e JM |
2329 | ev = dev[0].wait_event(["WPA: GTK IE in unencrypted key data"]) |
2330 | if ev is None: | |
2331 | raise Exception("Unencrypted GTK KDE not reported") | |
2332 | dev[0].wait_disconnected(timeout=1) | |
2333 | ||
8030e2b5 JM |
2334 | def run_psk_supp_proto_pmf2(dev, apdev, igtk_kde=None, fail=False): |
2335 | (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0], | |
2336 | ieee80211w=2) | |
2337 | ||
2338 | # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated | |
2339 | msg = recv_eapol(hapd) | |
2340 | dev[0].dump_monitor() | |
2341 | ||
2342 | # Build own EAPOL-Key msg 1/4 | |
2343 | anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') | |
2344 | counter = 1 | |
2345 | msg = build_eapol_key_1_4(anonce, replay_counter=counter) | |
2346 | counter += 1 | |
2347 | send_eapol(dev[0], bssid, build_eapol(msg)) | |
2348 | msg = recv_eapol(dev[0]) | |
2349 | snonce = msg['rsn_key_nonce'] | |
2350 | ||
2351 | (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) | |
2352 | ||
2353 | logger.debug("EAPOL-Key msg 3/4") | |
2354 | dev[0].dump_monitor() | |
2355 | gtk_kde = binascii.unhexlify('dd16000fac010100dc11188831bf4aa4a8678d2b41498618') | |
2356 | plain = rsne + gtk_kde | |
2357 | if igtk_kde: | |
2358 | plain += igtk_kde | |
2359 | wrapped = aes_wrap(kek, pad_key_data(plain)) | |
2360 | msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter) | |
2361 | counter += 1 | |
2362 | send_eapol(dev[0], bssid, build_eapol(msg)) | |
2363 | if fail: | |
2364 | dev[0].wait_disconnected(timeout=1) | |
2365 | return | |
2366 | ||
2367 | dev[0].wait_connected(timeout=1) | |
2368 | ||
2369 | # Verify that an unprotected broadcast Deauthentication frame is ignored | |
2370 | bssid = binascii.unhexlify(hapd.own_addr().replace(':', '')) | |
2371 | sock = start_monitor(apdev[1]["ifname"]) | |
2372 | radiotap = radiotap_build() | |
2373 | frame = binascii.unhexlify("c0003a01") | |
2374 | frame += 6*b'\xff' + bssid + bssid | |
2375 | frame += binascii.unhexlify("1000" + "0300") | |
2376 | sock.send(radiotap + frame) | |
2377 | # And same with incorrect BIP protection | |
2378 | for keyid in ["0400", "0500", "0600", "0004", "0005", "0006", "ffff"]: | |
2379 | frame2 = frame + binascii.unhexlify("4c10" + keyid + "010000000000c0e5ca5f2b3b4de9") | |
2380 | sock.send(radiotap + frame2) | |
2381 | ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=0.5) | |
2382 | if ev is not None: | |
2383 | raise Exception("Unexpected disconnection") | |
2384 | ||
2385 | def run_psk_supp_proto_pmf(dev, apdev, igtk_kde=None, fail=False): | |
2386 | try: | |
2387 | run_psk_supp_proto_pmf2(dev, apdev, igtk_kde=igtk_kde, fail=fail) | |
2388 | finally: | |
2389 | stop_monitor(apdev[1]["ifname"]) | |
2390 | ||
2391 | def test_ap_wpa2_psk_supp_proto_no_igtk(dev, apdev): | |
2392 | """WPA2-PSK supplicant protocol testing: no IGTK KDE""" | |
2393 | run_psk_supp_proto_pmf(dev, apdev, igtk_kde=None) | |
2394 | ||
2395 | def test_ap_wpa2_psk_supp_proto_igtk_ok(dev, apdev): | |
2396 | """WPA2-PSK supplicant protocol testing: valid IGTK KDE""" | |
2397 | igtk_kde = binascii.unhexlify('dd1c' + '000fac09' + '0400' + 6*'00' + 16*'77') | |
2398 | run_psk_supp_proto_pmf(dev, apdev, igtk_kde=igtk_kde) | |
2399 | ||
2400 | def test_ap_wpa2_psk_supp_proto_igtk_keyid_swap(dev, apdev): | |
2401 | """WPA2-PSK supplicant protocol testing: swapped IGTK KeyID""" | |
2402 | igtk_kde = binascii.unhexlify('dd1c' + '000fac09' + '0004' + 6*'00' + 16*'77') | |
2403 | run_psk_supp_proto_pmf(dev, apdev, igtk_kde=igtk_kde) | |
2404 | ||
2405 | def test_ap_wpa2_psk_supp_proto_igtk_keyid_too_large(dev, apdev): | |
2406 | """WPA2-PSK supplicant protocol testing: too large IGTK KeyID""" | |
2407 | igtk_kde = binascii.unhexlify('dd1c' + '000fac09' + 'ffff' + 6*'00' + 16*'77') | |
2408 | run_psk_supp_proto_pmf(dev, apdev, igtk_kde=igtk_kde, fail=True) | |
2409 | ||
2410 | def test_ap_wpa2_psk_supp_proto_igtk_keyid_unexpected(dev, apdev): | |
2411 | """WPA2-PSK supplicant protocol testing: unexpected IGTK KeyID""" | |
2412 | igtk_kde = binascii.unhexlify('dd1c' + '000fac09' + '0006' + 6*'00' + 16*'77') | |
2413 | run_psk_supp_proto_pmf(dev, apdev, igtk_kde=igtk_kde, fail=True) | |
2414 | ||
5b3c40a6 JM |
2415 | def find_wpas_process(dev): |
2416 | ifname = dev.ifname | |
525f8293 | 2417 | err, data = dev.cmd_execute(['ps', 'ax']) |
5b3c40a6 JM |
2418 | for l in data.splitlines(): |
2419 | if "wpa_supplicant" not in l: | |
2420 | continue | |
2421 | if "-i" + ifname not in l: | |
2422 | continue | |
2423 | return int(l.strip().split(' ')[0]) | |
2424 | raise Exception("Could not find wpa_supplicant process") | |
2425 | ||
2426 | def read_process_memory(pid, key=None): | |
2427 | buf = bytes() | |
f089cdf9 | 2428 | logger.info("Reading process memory (pid=%d)" % pid) |
5b3c40a6 | 2429 | with open('/proc/%d/maps' % pid, 'r') as maps, \ |
b3361e5d | 2430 | open('/proc/%d/mem' % pid, 'rb') as mem: |
5b3c40a6 JM |
2431 | for l in maps.readlines(): |
2432 | m = re.match(r'([0-9a-f]+)-([0-9a-f]+) ([-r][-w][-x][-p])', l) | |
2433 | if not m: | |
2434 | continue | |
2435 | start = int(m.group(1), 16) | |
2436 | end = int(m.group(2), 16) | |
2437 | perm = m.group(3) | |
2438 | if start > 0xffffffffffff: | |
2439 | continue | |
2440 | if end < start: | |
2441 | continue | |
2442 | if not perm.startswith('rw'): | |
2443 | continue | |
fab49f61 | 2444 | for name in ["[heap]", "[stack]"]: |
f089cdf9 JM |
2445 | if name in l: |
2446 | logger.info("%s 0x%x-0x%x is at %d-%d" % (name, start, end, len(buf), len(buf) + (end - start))) | |
5b3c40a6 JM |
2447 | mem.seek(start) |
2448 | data = mem.read(end - start) | |
2449 | buf += data | |
2450 | if key and key in data: | |
2451 | logger.info("Key found in " + l) | |
f089cdf9 | 2452 | logger.info("Total process memory read: %d bytes" % len(buf)) |
5b3c40a6 JM |
2453 | return buf |
2454 | ||
2455 | def verify_not_present(buf, key, fname, keyname): | |
2456 | pos = buf.find(key) | |
2457 | if pos < 0: | |
2458 | return | |
2459 | ||
2460 | prefix = 2048 if pos > 2048 else pos | |
b3361e5d | 2461 | with open(fname + keyname, 'wb') as f: |
5b3c40a6 JM |
2462 | f.write(buf[pos - prefix:pos + 2048]) |
2463 | raise Exception(keyname + " found after disassociation") | |
2464 | ||
2465 | def get_key_locations(buf, key, keyname): | |
2466 | count = 0 | |
2467 | pos = 0 | |
2468 | while True: | |
2469 | pos = buf.find(key, pos) | |
2470 | if pos < 0: | |
2471 | break | |
2472 | logger.info("Found %s at %d" % (keyname, pos)) | |
bc6e3288 | 2473 | context = 128 |
f089cdf9 JM |
2474 | start = pos - context if pos > context else 0 |
2475 | before = binascii.hexlify(buf[start:pos]) | |
2476 | context += len(key) | |
2477 | end = pos + context if pos < len(buf) - context else len(buf) - context | |
2478 | after = binascii.hexlify(buf[pos + len(key):end]) | |
2479 | logger.debug("Memory context %d-%d: %s|%s|%s" % (start, end, before, binascii.hexlify(key), after)) | |
5b3c40a6 JM |
2480 | count += 1 |
2481 | pos += len(key) | |
2482 | return count | |
2483 | ||
2484 | def test_wpa2_psk_key_lifetime_in_memory(dev, apdev, params): | |
2485 | """WPA2-PSK and PSK/PTK lifetime in memory""" | |
2486 | ssid = "test-wpa2-psk" | |
2487 | passphrase = 'qwertyuiop' | |
2488 | psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6' | |
2489 | pmk = binascii.unhexlify(psk) | |
2490 | p = hostapd.wpa2_params(ssid=ssid) | |
2491 | p['wpa_psk'] = psk | |
8b8a1864 | 2492 | hapd = hostapd.add_ap(apdev[0], p) |
5b3c40a6 JM |
2493 | |
2494 | pid = find_wpas_process(dev[0]) | |
2495 | ||
2496 | id = dev[0].connect(ssid, raw_psk=psk, scan_freq="2412", | |
2497 | only_add_network=True) | |
2498 | ||
2499 | logger.info("Checking keys in memory after network profile configuration") | |
2500 | buf = read_process_memory(pid, pmk) | |
2501 | get_key_locations(buf, pmk, "PMK") | |
2502 | ||
2503 | dev[0].request("REMOVE_NETWORK all") | |
2504 | logger.info("Checking keys in memory after network profile removal") | |
2505 | buf = read_process_memory(pid, pmk) | |
2506 | get_key_locations(buf, pmk, "PMK") | |
2507 | ||
2508 | id = dev[0].connect(ssid, psk=passphrase, scan_freq="2412", | |
2509 | only_add_network=True) | |
2510 | ||
2511 | logger.info("Checking keys in memory before connection") | |
2512 | buf = read_process_memory(pid, pmk) | |
2513 | get_key_locations(buf, pmk, "PMK") | |
2514 | ||
2515 | dev[0].connect_network(id, timeout=20) | |
8e416cec JM |
2516 | # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED |
2517 | # event has been delivered, so verify that wpa_supplicant has returned to | |
2518 | # eloop before reading process memory. | |
54f2cae2 | 2519 | time.sleep(1) |
8e416cec | 2520 | dev[0].ping() |
5b3c40a6 JM |
2521 | |
2522 | buf = read_process_memory(pid, pmk) | |
2523 | ||
2524 | dev[0].request("DISCONNECT") | |
2525 | dev[0].wait_disconnected() | |
2526 | ||
2527 | dev[0].relog() | |
2528 | ptk = None | |
2529 | gtk = None | |
2530 | with open(os.path.join(params['logdir'], 'log0'), 'r') as f: | |
2531 | for l in f.readlines(): | |
2532 | if "WPA: PTK - hexdump" in l: | |
2533 | val = l.strip().split(':')[3].replace(' ', '') | |
2534 | ptk = binascii.unhexlify(val) | |
2535 | if "WPA: Group Key - hexdump" in l: | |
2536 | val = l.strip().split(':')[3].replace(' ', '') | |
2537 | gtk = binascii.unhexlify(val) | |
2538 | if not pmk or not ptk or not gtk: | |
2539 | raise Exception("Could not find keys from debug log") | |
2540 | if len(gtk) != 16: | |
2541 | raise Exception("Unexpected GTK length") | |
2542 | ||
2543 | kck = ptk[0:16] | |
2544 | kek = ptk[16:32] | |
2545 | tk = ptk[32:48] | |
2546 | ||
2547 | logger.info("Checking keys in memory while associated") | |
2548 | get_key_locations(buf, pmk, "PMK") | |
2549 | if pmk not in buf: | |
81e787b7 | 2550 | raise HwsimSkip("PMK not found while associated") |
5b3c40a6 JM |
2551 | if kck not in buf: |
2552 | raise Exception("KCK not found while associated") | |
2553 | if kek not in buf: | |
2554 | raise Exception("KEK not found while associated") | |
b74f82a4 JM |
2555 | #if tk in buf: |
2556 | # raise Exception("TK found from memory") | |
5b3c40a6 JM |
2557 | |
2558 | logger.info("Checking keys in memory after disassociation") | |
2559 | buf = read_process_memory(pid, pmk) | |
2560 | get_key_locations(buf, pmk, "PMK") | |
2561 | ||
2562 | # Note: PMK/PSK is still present in network configuration | |
2563 | ||
2564 | fname = os.path.join(params['logdir'], | |
2565 | 'wpa2_psk_key_lifetime_in_memory.memctx-') | |
2566 | verify_not_present(buf, kck, fname, "KCK") | |
2567 | verify_not_present(buf, kek, fname, "KEK") | |
2568 | verify_not_present(buf, tk, fname, "TK") | |
6db556b2 JM |
2569 | if gtk in buf: |
2570 | get_key_locations(buf, gtk, "GTK") | |
5b3c40a6 JM |
2571 | verify_not_present(buf, gtk, fname, "GTK") |
2572 | ||
2573 | dev[0].request("REMOVE_NETWORK all") | |
2574 | ||
2575 | logger.info("Checking keys in memory after network profile removal") | |
2576 | buf = read_process_memory(pid, pmk) | |
2577 | get_key_locations(buf, pmk, "PMK") | |
2578 | ||
2579 | verify_not_present(buf, pmk, fname, "PMK") | |
2580 | verify_not_present(buf, kck, fname, "KCK") | |
2581 | verify_not_present(buf, kek, fname, "KEK") | |
2582 | verify_not_present(buf, tk, fname, "TK") | |
2583 | verify_not_present(buf, gtk, fname, "GTK") | |
214457de | 2584 | |
9fd6804d | 2585 | @remote_compatible |
214457de JM |
2586 | def test_ap_wpa2_psk_wep(dev, apdev): |
2587 | """WPA2-PSK AP and WEP enabled""" | |
2588 | ssid = "test-wpa2-psk" | |
2589 | passphrase = 'qwertyuiop' | |
2590 | params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 2591 | hapd = hostapd.add_ap(apdev[0], params) |
214457de JM |
2592 | try: |
2593 | hapd.set('wep_key0', '"hello"') | |
2594 | raise Exception("WEP key accepted to WPA2 network") | |
2595 | except Exception: | |
2596 | pass | |
a1512a0c JM |
2597 | |
2598 | def test_ap_wpa2_psk_wpas_in_bridge(dev, apdev): | |
2599 | """WPA2-PSK AP and wpas interface in a bridge""" | |
fab49f61 JM |
2600 | br_ifname = 'sta-br0' |
2601 | ifname = 'wlan5' | |
a1512a0c JM |
2602 | try: |
2603 | _test_ap_wpa2_psk_wpas_in_bridge(dev, apdev) | |
2604 | finally: | |
2605 | subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'down']) | |
2606 | subprocess.call(['brctl', 'delif', br_ifname, ifname]) | |
2607 | subprocess.call(['brctl', 'delbr', br_ifname]) | |
f245b450 | 2608 | subprocess.call(['iw', ifname, 'set', '4addr', 'off']) |
a1512a0c JM |
2609 | |
2610 | def _test_ap_wpa2_psk_wpas_in_bridge(dev, apdev): | |
2611 | ssid = "test-wpa2-psk" | |
2612 | passphrase = 'qwertyuiop' | |
2613 | params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 2614 | hapd = hostapd.add_ap(apdev[0], params) |
a1512a0c | 2615 | |
fab49f61 JM |
2616 | br_ifname = 'sta-br0' |
2617 | ifname = 'wlan5' | |
a1512a0c JM |
2618 | wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5') |
2619 | subprocess.call(['brctl', 'addbr', br_ifname]) | |
2620 | subprocess.call(['brctl', 'setfd', br_ifname, '0']) | |
2621 | subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'up']) | |
2622 | subprocess.call(['iw', ifname, 'set', '4addr', 'on']) | |
2623 | subprocess.check_call(['brctl', 'addif', br_ifname, ifname]) | |
2624 | wpas.interface_add(ifname, br_ifname=br_ifname) | |
4b9d79b6 | 2625 | wpas.dump_monitor() |
a1512a0c JM |
2626 | |
2627 | wpas.connect(ssid, psk=passphrase, scan_freq="2412") | |
4b9d79b6 | 2628 | wpas.dump_monitor() |
eb88a5ba | 2629 | |
9fd6804d | 2630 | @remote_compatible |
eb88a5ba JM |
2631 | def test_ap_wpa2_psk_ifdown(dev, apdev): |
2632 | """AP with open mode and external ifconfig down""" | |
2633 | ssid = "test-wpa2-psk" | |
2634 | passphrase = 'qwertyuiop' | |
2635 | params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 2636 | hapd = hostapd.add_ap(apdev[0], params) |
eb88a5ba JM |
2637 | bssid = apdev[0]['bssid'] |
2638 | ||
2639 | dev[0].connect(ssid, psk=passphrase, scan_freq="2412") | |
10e09d83 | 2640 | hapd.cmd_execute(['ip', 'link', 'set', 'dev', apdev[0]['ifname'], 'down']) |
eb88a5ba JM |
2641 | ev = hapd.wait_event(["INTERFACE-DISABLED"], timeout=10) |
2642 | if ev is None: | |
2643 | raise Exception("No INTERFACE-DISABLED event") | |
2644 | # this wait tests beacon loss detection in mac80211 | |
2645 | dev[0].wait_disconnected() | |
10e09d83 | 2646 | hapd.cmd_execute(['ip', 'link', 'set', 'dev', apdev[0]['ifname'], 'up']) |
eb88a5ba JM |
2647 | ev = hapd.wait_event(["INTERFACE-ENABLED"], timeout=10) |
2648 | if ev is None: | |
2649 | raise Exception("No INTERFACE-ENABLED event") | |
2650 | dev[0].wait_connected() | |
938c6e7b | 2651 | hapd.wait_sta() |
eb88a5ba | 2652 | hwsim_utils.test_connectivity(dev[0], hapd) |
0f74bd41 JM |
2653 | |
2654 | def test_ap_wpa2_psk_drop_first_msg_4(dev, apdev): | |
2655 | """WPA2-PSK and first EAPOL-Key msg 4/4 dropped""" | |
2656 | bssid = apdev[0]['bssid'] | |
2657 | ssid = "test-wpa2-psk" | |
2658 | passphrase = 'qwertyuiop' | |
2659 | psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6' | |
2660 | params = hostapd.wpa2_params(ssid=ssid) | |
2661 | params['wpa_psk'] = psk | |
8b8a1864 | 2662 | hapd = hostapd.add_ap(apdev[0], params) |
0f74bd41 JM |
2663 | hapd.request("SET ext_eapol_frame_io 1") |
2664 | dev[0].request("SET ext_eapol_frame_io 1") | |
2665 | dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False) | |
2666 | addr = dev[0].own_addr() | |
2667 | ||
2668 | # EAPOL-Key msg 1/4 | |
2669 | ev = hapd.wait_event(["EAPOL-TX"], timeout=15) | |
2670 | if ev is None: | |
2671 | raise Exception("Timeout on EAPOL-TX from hostapd") | |
2672 | res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2]) | |
2673 | if "OK" not in res: | |
2674 | raise Exception("EAPOL_RX to wpa_supplicant failed") | |
2675 | ||
2676 | # EAPOL-Key msg 2/4 | |
2677 | ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) | |
2678 | if ev is None: | |
2679 | raise Exception("Timeout on EAPOL-TX from wpa_supplicant") | |
2680 | res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2]) | |
2681 | if "OK" not in res: | |
2682 | raise Exception("EAPOL_RX to hostapd failed") | |
2683 | ||
2684 | # EAPOL-Key msg 3/4 | |
2685 | ev = hapd.wait_event(["EAPOL-TX"], timeout=15) | |
2686 | if ev is None: | |
2687 | raise Exception("Timeout on EAPOL-TX from hostapd") | |
2688 | res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2]) | |
2689 | if "OK" not in res: | |
2690 | raise Exception("EAPOL_RX to wpa_supplicant failed") | |
2691 | ||
2692 | # EAPOL-Key msg 4/4 | |
2693 | ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) | |
2694 | if ev is None: | |
2695 | raise Exception("Timeout on EAPOL-TX from wpa_supplicant") | |
2696 | logger.info("Drop the first EAPOL-Key msg 4/4") | |
2697 | ||
2698 | # wpa_supplicant believes now that 4-way handshake succeeded; hostapd | |
2699 | # doesn't. Use normal EAPOL TX/RX to handle retries. | |
2700 | hapd.request("SET ext_eapol_frame_io 0") | |
2701 | dev[0].request("SET ext_eapol_frame_io 0") | |
2702 | dev[0].wait_connected() | |
2703 | ||
2704 | ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15) | |
2705 | if ev is None: | |
2706 | raise Exception("Timeout on AP-STA-CONNECTED from hostapd") | |
2707 | ||
2708 | ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=0.1) | |
2709 | if ev is not None: | |
2710 | logger.info("Disconnection detected") | |
2711 | # The EAPOL-Key retries are supposed to allow the connection to be | |
2712 | # established without having to reassociate. However, this does not | |
2713 | # currently work since mac80211 ends up encrypting EAPOL-Key msg 4/4 | |
2714 | # after the pairwise key has been configured and AP will drop those and | |
2715 | # disconnect the station after reaching retransmission limit. Connection | |
2716 | # is then established after reassociation. Once that behavior has been | |
2717 | # optimized to prevent EAPOL-Key frame encryption for retransmission | |
2718 | # case, this exception can be uncommented here. | |
2719 | #raise Exception("Unexpected disconnection") | |
a14a5f24 | 2720 | |
9fd6804d | 2721 | @remote_compatible |
a14a5f24 JM |
2722 | def test_ap_wpa2_psk_disable_enable(dev, apdev): |
2723 | """WPA2-PSK AP getting disabled and re-enabled""" | |
2724 | ssid = "test-wpa2-psk" | |
2725 | passphrase = 'qwertyuiop' | |
2726 | psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6' | |
2727 | params = hostapd.wpa2_params(ssid=ssid) | |
2728 | params['wpa_psk'] = psk | |
8b8a1864 | 2729 | hapd = hostapd.add_ap(apdev[0], params) |
a14a5f24 JM |
2730 | dev[0].connect(ssid, raw_psk=psk, scan_freq="2412") |
2731 | ||
2732 | for i in range(2): | |
2733 | hapd.request("DISABLE") | |
2734 | dev[0].wait_disconnected() | |
2735 | hapd.request("ENABLE") | |
2736 | dev[0].wait_connected() | |
938c6e7b | 2737 | hapd.wait_sta() |
a14a5f24 | 2738 | hwsim_utils.test_connectivity(dev[0], hapd) |
97c6d0d8 | 2739 | |
9fd6804d | 2740 | @remote_compatible |
97c6d0d8 JM |
2741 | def test_ap_wpa2_psk_incorrect_passphrase(dev, apdev): |
2742 | """WPA2-PSK AP and station using incorrect passphrase""" | |
2743 | ssid = "test-wpa2-psk" | |
2744 | passphrase = 'qwertyuiop' | |
2745 | params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 2746 | hapd = hostapd.add_ap(apdev[0], params) |
97c6d0d8 JM |
2747 | dev[0].connect(ssid, psk="incorrect passphrase", scan_freq="2412", |
2748 | wait_connect=False) | |
2749 | ev = hapd.wait_event(["AP-STA-POSSIBLE-PSK-MISMATCH"], timeout=10) | |
2750 | if ev is None: | |
2751 | raise Exception("No AP-STA-POSSIBLE-PSK-MISMATCH reported") | |
a539d3f7 JM |
2752 | dev[0].dump_monitor() |
2753 | ||
2754 | hapd.disable() | |
2755 | hapd.set("wpa_passphrase", "incorrect passphrase") | |
2756 | hapd.enable() | |
2757 | ||
2758 | dev[0].wait_connected(timeout=20) | |
4b0e0c53 | 2759 | |
9fd6804d | 2760 | @remote_compatible |
4b0e0c53 JM |
2761 | def test_ap_wpa_ie_parsing(dev, apdev): |
2762 | """WPA IE parsing""" | |
a1eabc74 | 2763 | skip_with_fips(dev[0]) |
4b0e0c53 JM |
2764 | ssid = "test-wpa-psk" |
2765 | passphrase = 'qwertyuiop' | |
2766 | params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 2767 | hapd = hostapd.add_ap(apdev[0], params) |
4b0e0c53 JM |
2768 | id = dev[0].connect(ssid, psk=passphrase, scan_freq="2412", |
2769 | only_add_network=True) | |
2770 | ||
fab49f61 JM |
2771 | tests = ["dd040050f201", |
2772 | "dd050050f20101", | |
2773 | "dd060050f2010100", | |
2774 | "dd060050f2010001", | |
2775 | "dd070050f201010000", | |
2776 | "dd080050f20101000050", | |
2777 | "dd090050f20101000050f2", | |
2778 | "dd0a0050f20101000050f202", | |
2779 | "dd0b0050f20101000050f20201", | |
2780 | "dd0c0050f20101000050f2020100", | |
2781 | "dd0c0050f20101000050f2020000", | |
2782 | "dd0c0050f20101000050f202ffff", | |
2783 | "dd0d0050f20101000050f202010000", | |
2784 | "dd0e0050f20101000050f20201000050", | |
2785 | "dd0f0050f20101000050f20201000050f2", | |
2786 | "dd100050f20101000050f20201000050f202", | |
2787 | "dd110050f20101000050f20201000050f20201", | |
2788 | "dd120050f20101000050f20201000050f2020100", | |
2789 | "dd120050f20101000050f20201000050f2020000", | |
2790 | "dd120050f20101000050f20201000050f202ffff", | |
2791 | "dd130050f20101000050f20201000050f202010000", | |
2792 | "dd140050f20101000050f20201000050f20201000050", | |
2793 | "dd150050f20101000050f20201000050f20201000050f2"] | |
4b0e0c53 JM |
2794 | for t in tests: |
2795 | try: | |
2796 | if "OK" not in dev[0].request("VENDOR_ELEM_ADD 13 " + t): | |
2797 | raise Exception("VENDOR_ELEM_ADD failed") | |
2798 | dev[0].select_network(id) | |
2799 | ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10) | |
2800 | if ev is None: | |
2801 | raise Exception("Association rejection not reported") | |
2802 | dev[0].request("DISCONNECT") | |
a359c7bb | 2803 | dev[0].dump_monitor() |
4b0e0c53 JM |
2804 | finally: |
2805 | dev[0].request("VENDOR_ELEM_REMOVE 13 *") | |
2806 | ||
fab49f61 JM |
2807 | tests = ["dd170050f20101000050f20201000050f20201000050f202ff", |
2808 | "dd180050f20101000050f20201000050f20201000050f202ffff", | |
2809 | "dd190050f20101000050f20201000050f20201000050f202ffffff"] | |
4b0e0c53 JM |
2810 | for t in tests: |
2811 | try: | |
2812 | if "OK" not in dev[0].request("VENDOR_ELEM_ADD 13 " + t): | |
2813 | raise Exception("VENDOR_ELEM_ADD failed") | |
2814 | dev[0].select_network(id) | |
dd12e58e JM |
2815 | ev = dev[0].wait_event(['CTRL-EVENT-CONNECTED', |
2816 | 'WPA: 4-Way Handshake failed'], timeout=10) | |
2817 | if ev is None: | |
2818 | raise Exception("Association failed unexpectedly") | |
4b0e0c53 | 2819 | dev[0].request("DISCONNECT") |
a359c7bb | 2820 | dev[0].dump_monitor() |
4b0e0c53 JM |
2821 | finally: |
2822 | dev[0].request("VENDOR_ELEM_REMOVE 13 *") | |
bf7071bb | 2823 | |
9fd6804d | 2824 | @remote_compatible |
bf7071bb JM |
2825 | def test_ap_wpa2_psk_no_random(dev, apdev): |
2826 | """WPA2-PSK AP and no random numbers available""" | |
2827 | ssid = "test-wpa2-psk" | |
2828 | passphrase = 'qwertyuiop' | |
2829 | psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6' | |
2830 | params = hostapd.wpa2_params(ssid=ssid) | |
2831 | params['wpa_psk'] = psk | |
8b8a1864 | 2832 | hapd = hostapd.add_ap(apdev[0], params) |
bf7071bb JM |
2833 | with fail_test(hapd, 1, "wpa_gmk_to_gtk"): |
2834 | id = dev[0].connect(ssid, raw_psk=psk, scan_freq="2412", | |
2835 | wait_connect=False) | |
2836 | ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=15) | |
2837 | if ev is None: | |
2838 | raise Exception("Disconnection event not reported") | |
2839 | dev[0].request("DISCONNECT") | |
2840 | dev[0].select_network(id, freq=2412) | |
2841 | dev[0].wait_connected() | |
ecafa0cf | 2842 | |
9fd6804d | 2843 | @remote_compatible |
ecafa0cf JM |
2844 | def test_rsn_ie_proto_psk_sta(dev, apdev): |
2845 | """RSN element protocol testing for PSK cases on STA side""" | |
2846 | bssid = apdev[0]['bssid'] | |
2847 | ssid = "test-wpa2-psk" | |
2848 | passphrase = 'qwertyuiop' | |
2849 | params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) | |
2850 | # This is the RSN element used normally by hostapd | |
2851 | params['own_ie_override'] = '30140100000fac040100000fac040100000fac020c00' | |
8b8a1864 | 2852 | hapd = hostapd.add_ap(apdev[0], params) |
ecafa0cf JM |
2853 | if "FAIL" not in hapd.request("SET own_ie_override qwerty"): |
2854 | raise Exception("Invalid own_ie_override value accepted") | |
2855 | id = dev[0].connect(ssid, psk=passphrase, scan_freq="2412") | |
2856 | ||
fab49f61 JM |
2857 | tests = [('No RSN Capabilities field', |
2858 | '30120100000fac040100000fac040100000fac02'), | |
2859 | ('Reserved RSN Capabilities bits set', | |
2860 | '30140100000fac040100000fac040100000fac023cff'), | |
2861 | ('Truncated RSN Capabilities field', | |
2862 | '30130100000fac040100000fac040100000fac023c'), | |
2863 | ('Extra pairwise cipher suite (unsupported)', | |
2864 | '30180100000fac040200ffffffff000fac040100000fac020c00'), | |
2865 | ('Extra AKM suite (unsupported)', | |
2866 | '30180100000fac040100000fac040200ffffffff000fac020c00'), | |
2867 | ('PMKIDCount field included', | |
2868 | '30160100000fac040100000fac040100000fac020c000000'), | |
2869 | ('Truncated PMKIDCount field', | |
2870 | '30150100000fac040100000fac040100000fac020c0000'), | |
2871 | ('Unexpected Group Management Cipher Suite with PMF disabled', | |
2872 | '301a0100000fac040100000fac040100000fac020c000000000fac06'), | |
2873 | ('Extra octet after defined fields (future extensibility)', | |
2874 | '301b0100000fac040100000fac040100000fac020c000000000fac0600')] | |
2875 | for txt, ie in tests: | |
ecafa0cf JM |
2876 | dev[0].request("DISCONNECT") |
2877 | dev[0].wait_disconnected() | |
007bf37e JM |
2878 | dev[0].dump_monitor() |
2879 | dev[0].request("NOTE " + txt) | |
ecafa0cf JM |
2880 | logger.info(txt) |
2881 | hapd.disable() | |
2882 | hapd.set('own_ie_override', ie) | |
2883 | hapd.enable() | |
2884 | dev[0].request("BSS_FLUSH 0") | |
2885 | dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True) | |
2886 | dev[0].select_network(id, freq=2412) | |
2887 | dev[0].wait_connected() | |
b1f69186 | 2888 | |
9fd6804d | 2889 | @remote_compatible |
b1f69186 JB |
2890 | def test_ap_cli_order(dev, apdev): |
2891 | ssid = "test-rsn-setup" | |
2892 | passphrase = 'zzzzzzzz' | |
b1f69186 | 2893 | |
84f3f3a5 | 2894 | hapd = hostapd.add_ap(apdev[0], {}, no_enable=True) |
b1f69186 JB |
2895 | hapd.set('ssid', ssid) |
2896 | hapd.set('wpa_passphrase', passphrase) | |
2897 | hapd.set('rsn_pairwise', 'CCMP') | |
2898 | hapd.set('wpa_key_mgmt', 'WPA-PSK') | |
2899 | hapd.set('wpa', '2') | |
2900 | hapd.enable() | |
2901 | cfg = hapd.get_config() | |
2902 | if cfg['group_cipher'] != 'CCMP': | |
2903 | raise Exception("Unexpected group_cipher: " + cfg['group_cipher']) | |
2904 | if cfg['rsn_pairwise_cipher'] != 'CCMP': | |
2905 | raise Exception("Unexpected rsn_pairwise_cipher: " + cfg['rsn_pairwise_cipher']) | |
2906 | ||
2907 | ev = hapd.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=30) | |
2908 | if ev is None: | |
2909 | raise Exception("AP startup timed out") | |
2910 | if "AP-ENABLED" not in ev: | |
2911 | raise Exception("AP startup failed") | |
2912 | ||
2913 | dev[0].connect(ssid, psk=passphrase, scan_freq="2412") | |
0ceff76e JM |
2914 | |
2915 | def set_test_assoc_ie(dev, ie): | |
2916 | if "OK" not in dev.request("TEST_ASSOC_IE " + ie): | |
2917 | raise Exception("Could not set TEST_ASSOC_IE") | |
2918 | ||
9fd6804d | 2919 | @remote_compatible |
0ceff76e JM |
2920 | def test_ap_wpa2_psk_assoc_rsn(dev, apdev): |
2921 | """WPA2-PSK AP and association request RSN IE differences""" | |
2922 | ssid = "test-wpa2-psk" | |
2923 | passphrase = 'qwertyuiop' | |
2924 | params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 2925 | hapd = hostapd.add_ap(apdev[0], params) |
0ceff76e | 2926 | |
fab49f61 JM |
2927 | tests = [("Normal wpa_supplicant assoc req RSN IE", |
2928 | "30140100000fac040100000fac040100000fac020000"), | |
2929 | ("RSN IE without RSN Capabilities", | |
2930 | "30120100000fac040100000fac040100000fac02")] | |
0ceff76e JM |
2931 | for title, ie in tests: |
2932 | logger.info(title) | |
2933 | set_test_assoc_ie(dev[0], ie) | |
2934 | dev[0].connect(ssid, psk=passphrase, scan_freq="2412") | |
2935 | dev[0].request("REMOVE_NETWORK all") | |
2936 | dev[0].wait_disconnected() | |
2937 | ||
fab49f61 JM |
2938 | tests = [("WPA IE instead of RSN IE and only RSN enabled on AP", |
2939 | "dd160050f20101000050f20201000050f20201000050f202", 40), | |
2940 | ("Empty RSN IE", "3000", 40), | |
2941 | ("RSN IE with truncated Version", "300101", 40), | |
2942 | ("RSN IE with only Version", "30020100", 43)] | |
0ceff76e JM |
2943 | for title, ie, status in tests: |
2944 | logger.info(title) | |
2945 | set_test_assoc_ie(dev[0], ie) | |
2946 | dev[0].connect(ssid, psk=passphrase, scan_freq="2412", | |
2947 | wait_connect=False) | |
2948 | ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"]) | |
2949 | if ev is None: | |
2950 | raise Exception("Association rejection not reported") | |
2951 | if "status_code=" + str(status) not in ev: | |
2952 | raise Exception("Unexpected status code: " + ev) | |
2953 | dev[0].request("REMOVE_NETWORK all") | |
2954 | dev[0].dump_monitor() | |
50bb5c86 | 2955 | |
06809f61 JM |
2956 | def test_ap_wpa2_psk_ft_workaround(dev, apdev): |
2957 | """WPA2-PSK+FT AP and workaround for incorrect STA behavior""" | |
2958 | ssid = "test-wpa2-psk-ft" | |
2959 | passphrase = 'qwertyuiop' | |
2960 | ||
fab49f61 JM |
2961 | params = {"wpa": "2", |
2962 | "wpa_key_mgmt": "FT-PSK WPA-PSK", | |
2963 | "rsn_pairwise": "CCMP", | |
2964 | "ssid": ssid, | |
2965 | "wpa_passphrase": passphrase} | |
06809f61 JM |
2966 | params["mobility_domain"] = "a1b2" |
2967 | params["r0_key_lifetime"] = "10000" | |
2968 | params["pmk_r1_push"] = "1" | |
2969 | params["reassociation_deadline"] = "1000" | |
2970 | params['nas_identifier'] = "nas1.w1.fi" | |
2971 | params['r1_key_holder'] = "000102030405" | |
2972 | hapd = hostapd.add_ap(apdev[0], params) | |
2973 | ||
2974 | # Include both WPA-PSK and FT-PSK AKMs in Association Request frame | |
2975 | set_test_assoc_ie(dev[0], | |
2976 | "30180100000fac040100000fac040200000fac02000fac040000") | |
2977 | dev[0].connect(ssid, psk=passphrase, scan_freq="2412") | |
2978 | dev[0].request("REMOVE_NETWORK all") | |
2979 | dev[0].wait_disconnected() | |
2980 | ||
fe4af86c JM |
2981 | def test_ap_wpa2_psk_assoc_rsn_pmkid(dev, apdev): |
2982 | """WPA2-PSK AP and association request RSN IE with PMKID""" | |
2983 | ssid = "test-wpa2-psk" | |
2984 | passphrase = 'qwertyuiop' | |
2985 | params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) | |
2986 | hapd = hostapd.add_ap(apdev[0], params) | |
2987 | ||
2988 | set_test_assoc_ie(dev[0], "30260100000fac040100000fac040100000fac0200000100" + 16*'00') | |
2989 | dev[0].connect(ssid, psk=passphrase, scan_freq="2412") | |
2990 | dev[0].request("REMOVE_NETWORK all") | |
2991 | dev[0].wait_disconnected() | |
2992 | ||
50bb5c86 JM |
2993 | def test_ap_wpa_psk_rsn_pairwise(dev, apdev): |
2994 | """WPA-PSK AP and only rsn_pairwise set""" | |
fab49f61 JM |
2995 | params = {"ssid": "wpapsk", "wpa": "1", "wpa_key_mgmt": "WPA-PSK", |
2996 | "rsn_pairwise": "TKIP", "wpa_passphrase": "1234567890"} | |
50bb5c86 JM |
2997 | hapd = hostapd.add_ap(apdev[0], params) |
2998 | dev[0].connect("wpapsk", psk="1234567890", proto="WPA", pairwise="TKIP", | |
2999 | scan_freq="2412") | |
ac723b35 JM |
3000 | |
3001 | def test_ap_wpa2_eapol_retry_limit(dev, apdev): | |
3002 | """WPA2-PSK EAPOL-Key retry limit configuration""" | |
3003 | ssid = "test-wpa2-psk" | |
3004 | passphrase = 'qwertyuiop' | |
3005 | params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) | |
3006 | params['wpa_ptk_rekey'] = '2' | |
3007 | params['wpa_group_update_count'] = '1' | |
3008 | params['wpa_pairwise_update_count'] = '1' | |
3009 | hapd = hostapd.add_ap(apdev[0], params) | |
3010 | dev[0].connect(ssid, psk=passphrase, scan_freq="2412") | |
3011 | ev = dev[0].wait_event(["WPA: Key negotiation completed"]) | |
3012 | if ev is None: | |
3013 | raise Exception("PTK rekey timed out") | |
3014 | ||
3015 | if "FAIL" not in hapd.request("SET wpa_group_update_count 0"): | |
3016 | raise Exception("Invalid wpa_group_update_count value accepted") | |
3017 | if "FAIL" not in hapd.request("SET wpa_pairwise_update_count 0"): | |
3018 | raise Exception("Invalid wpa_pairwise_update_count value accepted") | |
ec765bc7 JM |
3019 | |
3020 | def test_ap_wpa2_disable_eapol_retry(dev, apdev): | |
3021 | """WPA2-PSK disable EAPOL-Key retry""" | |
3022 | ssid = "test-wpa2-psk" | |
3023 | passphrase = 'qwertyuiop' | |
3024 | params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) | |
3025 | params['wpa_disable_eapol_key_retries'] = '1' | |
3026 | hapd = hostapd.add_ap(apdev[0], params) | |
3027 | bssid = apdev[0]['bssid'] | |
3028 | ||
3029 | logger.info("Verify working 4-way handshake without retries") | |
3030 | dev[0].connect(ssid, psk=passphrase, scan_freq="2412") | |
3031 | dev[0].request("REMOVE_NETWORK all") | |
3032 | dev[0].wait_disconnected() | |
3033 | dev[0].dump_monitor() | |
3034 | addr = dev[0].own_addr() | |
3035 | ||
3036 | logger.info("Verify no retransmission of message 3/4") | |
3037 | hapd.request("SET ext_eapol_frame_io 1") | |
3038 | dev[0].request("SET ext_eapol_frame_io 1") | |
3039 | dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False) | |
3040 | ||
3041 | ev = hapd.wait_event(["EAPOL-TX"], timeout=5) | |
3042 | if ev is None: | |
3043 | raise Exception("Timeout on EAPOL-TX (M1) from hostapd") | |
3044 | ev = hapd.wait_event(["EAPOL-TX"], timeout=5) | |
3045 | if ev is None: | |
3046 | raise Exception("Timeout on EAPOL-TX (M1 retry) from hostapd") | |
3047 | res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2]) | |
3048 | if "OK" not in res: | |
3049 | raise Exception("EAPOL_RX (M1) to wpa_supplicant failed") | |
3050 | ev = dev[0].wait_event(["EAPOL-TX"], timeout=5) | |
3051 | if ev is None: | |
3052 | raise Exception("Timeout on EAPOL-TX (M2) from wpa_supplicant") | |
3053 | dev[0].dump_monitor() | |
3054 | res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2]) | |
3055 | if "OK" not in res: | |
3056 | raise Exception("EAPOL_RX (M2) to hostapd failed") | |
3057 | ||
3058 | ev = hapd.wait_event(["EAPOL-TX"], timeout=5) | |
3059 | if ev is None: | |
3060 | raise Exception("Timeout on EAPOL-TX (M3) from hostapd") | |
3061 | ev = hapd.wait_event(["EAPOL-TX"], timeout=2) | |
3062 | if ev is not None: | |
3063 | raise Exception("Unexpected EAPOL-TX M3 retry from hostapd") | |
3064 | ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=3) | |
3065 | if ev is None: | |
3066 | raise Exception("Disconnection not reported") | |
3067 | dev[0].request("REMOVE_NETWORK all") | |
3068 | dev[0].dump_monitor() | |
3069 | ||
3070 | def test_ap_wpa2_disable_eapol_retry_group(dev, apdev): | |
3071 | """WPA2-PSK disable EAPOL-Key retry for group handshake""" | |
3072 | ssid = "test-wpa2-psk" | |
3073 | passphrase = 'qwertyuiop' | |
3074 | params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) | |
3075 | params['wpa_disable_eapol_key_retries'] = '1' | |
3076 | params['wpa_strict_rekey'] = '1' | |
3077 | hapd = hostapd.add_ap(apdev[0], params) | |
3078 | bssid = apdev[0]['bssid'] | |
3079 | ||
3080 | id = dev[1].connect(ssid, psk=passphrase, scan_freq="2412") | |
3081 | dev[0].connect(ssid, psk=passphrase, scan_freq="2412") | |
3082 | dev[0].dump_monitor() | |
3083 | addr = dev[0].own_addr() | |
3084 | ||
3085 | dev[1].request("DISCONNECT") | |
3086 | ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2) | |
3087 | if ev is None: | |
3088 | raise Exception("GTK rekey timed out") | |
3089 | dev[1].request("RECONNECT") | |
3090 | dev[1].wait_connected() | |
3091 | dev[0].dump_monitor() | |
3092 | ||
3093 | hapd.request("SET ext_eapol_frame_io 1") | |
3094 | dev[0].request("SET ext_eapol_frame_io 1") | |
3095 | dev[1].request("DISCONNECT") | |
3096 | ||
3097 | ev = hapd.wait_event(["EAPOL-TX"], timeout=5) | |
3098 | if ev is None: | |
3099 | raise Exception("Timeout on EAPOL-TX (group M1) from hostapd") | |
3100 | ev = hapd.wait_event(["EAPOL-TX"], timeout=2) | |
3101 | if ev is not None: | |
3102 | raise Exception("Unexpected EAPOL-TX group M1 retry from hostapd") | |
3103 | ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=3) | |
3104 | if ev is None: | |
3105 | raise Exception("Disconnection not reported") | |
3106 | dev[0].request("REMOVE_NETWORK all") | |
3107 | dev[0].dump_monitor() | |
c773c7d5 JM |
3108 | |
3109 | def test_ap_wpa2_psk_mic_0(dev, apdev): | |
3110 | """WPA2-PSK/TKIP and MIC=0 in EAPOL-Key msg 3/4""" | |
3111 | bssid = apdev[0]['bssid'] | |
3112 | ssid = "test-wpa2-psk" | |
3113 | passphrase = 'qwertyuiop' | |
3114 | params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) | |
3115 | params['rsn_pairwise'] = "TKIP" | |
3116 | hapd = hostapd.add_ap(apdev[0], params) | |
3117 | hapd.request("SET ext_eapol_frame_io 1") | |
3118 | dev[0].request("SET ext_eapol_frame_io 1") | |
3119 | dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False) | |
3120 | addr = dev[0].own_addr() | |
3121 | ||
3122 | # EAPOL-Key msg 1/4 | |
3123 | ev = hapd.wait_event(["EAPOL-TX"], timeout=15) | |
3124 | if ev is None: | |
3125 | raise Exception("Timeout on EAPOL-TX from hostapd") | |
3126 | res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2]) | |
3127 | if "OK" not in res: | |
3128 | raise Exception("EAPOL_RX to wpa_supplicant failed") | |
3129 | ||
3130 | # EAPOL-Key msg 2/4 | |
3131 | ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) | |
3132 | if ev is None: | |
3133 | raise Exception("Timeout on EAPOL-TX from wpa_supplicant") | |
3134 | res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2]) | |
3135 | if "OK" not in res: | |
3136 | raise Exception("EAPOL_RX to hostapd failed") | |
3137 | dev[0].dump_monitor() | |
3138 | ||
3139 | # EAPOL-Key msg 3/4 | |
3140 | ev = hapd.wait_event(["EAPOL-TX"], timeout=15) | |
3141 | if ev is None: | |
3142 | raise Exception("Timeout on EAPOL-TX from hostapd") | |
3143 | msg3 = ev.split(' ')[2] | |
3144 | res = dev[0].request("EAPOL_RX " + bssid + " " + msg3) | |
3145 | if "OK" not in res: | |
3146 | raise Exception("EAPOL_RX to wpa_supplicant failed") | |
3147 | ||
3148 | # EAPOL-Key msg 4/4 | |
3149 | ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) | |
3150 | if ev is None: | |
3151 | raise Exception("Timeout on EAPOL-TX from wpa_supplicant") | |
3152 | # Do not send to the AP | |
3153 | ||
3154 | # EAPOL-Key msg 3/4 with MIC=0 and modifications | |
3155 | eapol_hdr = msg3[0:8] | |
3156 | key_type = msg3[8:10] | |
3157 | key_info = msg3[10:14] | |
3158 | key_length = msg3[14:18] | |
3159 | replay_counter = msg3[18:34] | |
3160 | key_nonce = msg3[34:98] | |
3161 | key_iv = msg3[98:130] | |
3162 | key_rsc = msg3[130:146] | |
3163 | key_id = msg3[146:162] | |
3164 | key_mic = msg3[162:194] | |
3165 | key_data_len = msg3[194:198] | |
3166 | key_data = msg3[198:] | |
3167 | ||
3168 | msg3b = eapol_hdr + key_type | |
3169 | msg3b += "12c9" # Clear MIC bit from key_info (originally 13c9) | |
3170 | msg3b += key_length | |
3171 | msg3b += '0000000000000003' | |
3172 | msg3b += key_nonce + key_iv + key_rsc + key_id | |
3173 | msg3b += 32*'0' # Clear MIC value | |
3174 | msg3b += key_data_len + key_data | |
3175 | dev[0].dump_monitor() | |
3176 | res = dev[0].request("EAPOL_RX " + bssid + " " + msg3b) | |
3177 | if "OK" not in res: | |
3178 | raise Exception("EAPOL_RX to wpa_supplicant failed") | |
3179 | ev = dev[0].wait_event(["EAPOL-TX", "WPA: Ignore EAPOL-Key"], timeout=2) | |
3180 | if ev is None: | |
3181 | raise Exception("No event from wpa_supplicant") | |
3182 | if "EAPOL-TX" in ev: | |
3183 | raise Exception("Unexpected EAPOL-Key message from wpa_supplicant") | |
3184 | dev[0].request("DISCONNECT") | |
bfce94e0 JM |
3185 | |
3186 | def test_ap_wpa2_psk_local_error(dev, apdev): | |
3187 | """WPA2-PSK and local error cases on supplicant""" | |
3188 | ssid = "test-wpa2-psk" | |
3189 | passphrase = 'qwertyuiop' | |
3190 | params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) | |
3191 | params["wpa_key_mgmt"] = "WPA-PSK WPA-PSK-SHA256" | |
3192 | hapd = hostapd.add_ap(apdev[0], params) | |
3193 | ||
3194 | with fail_test(dev[0], 1, "sha1_prf;wpa_pmk_to_ptk"): | |
3195 | id = dev[0].connect(ssid, key_mgmt="WPA-PSK", psk=passphrase, | |
3196 | scan_freq="2412", wait_connect=False) | |
3197 | ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=5) | |
3198 | if ev is None: | |
3199 | raise Exception("Disconnection event not reported") | |
3200 | dev[0].request("REMOVE_NETWORK all") | |
3201 | dev[0].dump_monitor() | |
3202 | ||
3203 | with fail_test(dev[0], 1, "sha256_prf;wpa_pmk_to_ptk"): | |
3204 | id = dev[0].connect(ssid, key_mgmt="WPA-PSK-SHA256", psk=passphrase, | |
3205 | scan_freq="2412", wait_connect=False) | |
3206 | ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=5) | |
3207 | if ev is None: | |
3208 | raise Exception("Disconnection event not reported") | |
3209 | dev[0].request("REMOVE_NETWORK all") | |
3210 | dev[0].dump_monitor() |