]> git.ipfire.org Git - thirdparty/hostap.git/blame - tests/hwsim/test_ap_psk.py
projects / thirdparty / hostap.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
tests: Fix ap_ft_reassoc_replay for case where wlantest has the PSK
[thirdparty/hostap.git] / tests / hwsim / test_ap_psk.py
CommitLineData
c89d9ebb
JM		 1# WPA2-Personal tests
2# Copyright (c) 2014, Qualcomm Atheros, Inc.
3#
4# This software may be distributed under the terms of the BSD license.
5# See README for more details.
6
9fd6804d 7from remotehost import remote_compatible
821490f5 8import binascii
e0c46c8e 9from Crypto.Cipher import AES
821490f5
JM		 10import hashlib
11import hmac
c89d9ebb
JM		 12import logging
13logger = logging.getLogger()
138ec97e 14import os
5b3c40a6 15import re
8030e2b5 16import socket
821490f5 17import struct
d1fc5736
JM		 18import subprocess
19import time
c89d9ebb
JM		 20
21import hostapd
8030e2b5 22from utils import HwsimSkip, fail_test, skip_with_fips, start_monitor, stop_monitor, radiotap_build
fb5c8cea 23import hwsim_utils
a1512a0c 24from wpasupplicant import WpaSupplicant
c89d9ebb 25
eaf3f9b1
JM		 26def check_mib(dev, vals):
27 mib = dev.get_mib()
28 for v in vals:
29 if mib[v[0]] != v[1]:
30 raise Exception("Unexpected {} = {} (expected {})".format(v[0], mib[v[0]], v[1]))
31
9fd6804d 32@remote_compatible
c89d9ebb
JM		 33def test_ap_wpa2_psk(dev, apdev):
34 """WPA2-PSK AP with PSK instead of passphrase"""
35 ssid = "test-wpa2-psk"
36 passphrase = 'qwertyuiop'
37 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
38 params = hostapd.wpa2_params(ssid=ssid)
39 params['wpa_psk'] = psk
8b8a1864 40 hapd = hostapd.add_ap(apdev[0], params)
65038313
JM		 41 key_mgmt = hapd.get_config()['key_mgmt']
42 if key_mgmt.split(' ')[0] != "WPA-PSK":
43 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
c89d9ebb
JM		 44 dev[0].connect(ssid, raw_psk=psk, scan_freq="2412")
45 dev[1].connect(ssid, psk=passphrase, scan_freq="2412")
46
de748924
JM		 47 sig = dev[0].request("SIGNAL_POLL").splitlines()
48 pkt = dev[0].request("PKTCNT_POLL").splitlines()
49 if "FREQUENCY=2412" not in sig:
50 raise Exception("Unexpected SIGNAL_POLL value: " + str(sig))
51 if "TXBAD=0" not in pkt:
52 raise Exception("Unexpected TXBAD value: " + str(pkt))
53
c89d9ebb
JM		 54def test_ap_wpa2_psk_file(dev, apdev):
55 """WPA2-PSK AP with PSK from a file"""
56 ssid = "test-wpa2-psk"
57 passphrase = 'qwertyuiop'
58 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
59 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
60 params['wpa_psk_file'] = 'hostapd.wpa_psk'
8b8a1864 61 hostapd.add_ap(apdev[0], params)
c89d9ebb
JM		 62 dev[1].connect(ssid, psk="very secret", scan_freq="2412", wait_connect=False)
63 dev[2].connect(ssid, raw_psk=psk, scan_freq="2412")
64 dev[2].request("REMOVE_NETWORK all")
65 dev[0].connect(ssid, psk="very secret", scan_freq="2412")
66 dev[0].request("REMOVE_NETWORK all")
67 dev[2].connect(ssid, psk="another passphrase for all STAs", scan_freq="2412")
68 dev[0].connect(ssid, psk="another passphrase for all STAs", scan_freq="2412")
69 ev = dev[1].wait_event(["WPA: 4-Way Handshake failed"], timeout=10)
70 if ev is None:
71 raise Exception("Timed out while waiting for failure report")
72 dev[1].request("REMOVE_NETWORK all")
fb5c8cea 73
0eb34f8f
JM		 74def check_no_keyid(hapd, dev):
75 addr = dev.own_addr()
76 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=1)
77 if ev is None:
78 raise Exception("No AP-STA-CONNECTED indicated")
79 if addr not in ev:
80 raise Exception("AP-STA-CONNECTED for unexpected STA")
81 if "keyid=" in ev:
82 raise Exception("Unexpected keyid indication")
83
84def check_keyid(hapd, dev, keyid):
85 addr = dev.own_addr()
86 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=1)
87 if ev is None:
88 raise Exception("No AP-STA-CONNECTED indicated")
89 if addr not in ev:
90 raise Exception("AP-STA-CONNECTED for unexpected STA")
91 if "keyid=" + keyid not in ev:
92 raise Exception("Incorrect keyid indication")
93 sta = hapd.get_sta(addr)
94 if 'keyid' not in sta or sta['keyid'] != keyid:
95 raise Exception("Incorrect keyid in STA output")
96 dev.request("REMOVE_NETWORK all")
97
98def check_disconnect(dev, expected):
99 for i in range(2):
100 if expected[i]:
101 dev[i].wait_disconnected()
102 dev[i].request("REMOVE_NETWORK all")
103 else:
104 ev = dev[i].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=0.1)
105 if ev is not None:
106 raise Exception("Unexpected disconnection")
107 dev[i].request("REMOVE_NETWORK all")
108 dev[i].wait_disconnected()
109
110def test_ap_wpa2_psk_file_keyid(dev, apdev, params):
111 """WPA2-PSK AP with PSK from a file (keyid and reload)"""
112 psk_file = os.path.join(params['logdir'], 'ap_wpa2_psk_file_keyid.wpa_psk')
113 with open(psk_file, 'w') as f:
114 f.write('00:00:00:00:00:00 secret passphrase\n')
115 f.write('02:00:00:00:00:00 very secret\n')
116 f.write('00:00:00:00:00:00 another passphrase for all STAs\n')
117 ssid = "test-wpa2-psk"
118 params = hostapd.wpa2_params(ssid=ssid, passphrase='qwertyuiop')
119 params['wpa_psk_file'] = psk_file
120 hapd = hostapd.add_ap(apdev[0], params)
121
122 dev[0].connect(ssid, psk="very secret", scan_freq="2412")
123 check_no_keyid(hapd, dev[0])
124
125 dev[1].connect(ssid, psk="another passphrase for all STAs",
126 scan_freq="2412")
127 check_no_keyid(hapd, dev[1])
128
129 dev[2].connect(ssid, psk="qwertyuiop", scan_freq="2412")
130 check_no_keyid(hapd, dev[2])
131
132 with open(psk_file, 'w') as f:
133 f.write('00:00:00:00:00:00 secret passphrase\n')
134 f.write('02:00:00:00:00:00 very secret\n')
135 f.write('00:00:00:00:00:00 changed passphrase\n')
136 if "OK" not in hapd.request("RELOAD_WPA_PSK"):
137 raise Exception("RELOAD_WPA_PSK failed")
138
fab49f61 139 check_disconnect(dev, [False, True, False])
0eb34f8f
JM		 140
141 with open(psk_file, 'w') as f:
142 f.write('00:00:00:00:00:00 secret passphrase\n')
143 f.write('keyid=foo 02:00:00:00:00:00 very secret\n')
144 f.write('keyid=bar 00:00:00:00:00:00 another passphrase for all STAs\n')
145 if "OK" not in hapd.request("RELOAD_WPA_PSK"):
146 raise Exception("RELOAD_WPA_PSK failed")
147
148 dev[0].connect(ssid, psk="very secret", scan_freq="2412")
149 check_keyid(hapd, dev[0], "foo")
150
151 dev[1].connect(ssid, psk="another passphrase for all STAs",
152 scan_freq="2412")
153 check_keyid(hapd, dev[1], "bar")
154
155 dev[2].connect(ssid, psk="qwertyuiop", scan_freq="2412")
156 check_no_keyid(hapd, dev[2])
157
158 dev[0].wait_disconnected()
159 dev[0].connect(ssid, psk="secret passphrase", scan_freq="2412")
160 check_no_keyid(hapd, dev[0])
161
162 with open(psk_file, 'w') as f:
163 f.write('# empty\n')
164 if "OK" not in hapd.request("RELOAD_WPA_PSK"):
165 raise Exception("RELOAD_WPA_PSK failed")
166
fab49f61 167 check_disconnect(dev, [True, True, False])
0eb34f8f 168
9fd6804d 169@remote_compatible
53f4ed68
JM		 170def test_ap_wpa2_psk_mem(dev, apdev):
171 """WPA2-PSK AP with passphrase only in memory"""
172 try:
173 _test_ap_wpa2_psk_mem(dev, apdev)
174 finally:
175 dev[0].request("SCAN_INTERVAL 5")
176 dev[1].request("SCAN_INTERVAL 5")
177
178def _test_ap_wpa2_psk_mem(dev, apdev):
179 ssid = "test-wpa2-psk"
180 passphrase = 'qwertyuiop'
181 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
182 params = hostapd.wpa2_params(ssid=ssid)
183 params['wpa_psk'] = psk
8b8a1864 184 hapd = hostapd.add_ap(apdev[0], params)
53f4ed68
JM		 185
186 dev[0].connect(ssid, mem_only_psk="1", scan_freq="2412", wait_connect=False)
187 dev[0].request("SCAN_INTERVAL 1")
188 ev = dev[0].wait_event(["CTRL-REQ-PSK_PASSPHRASE"], timeout=10)
189 if ev is None:
190 raise Exception("Request for PSK/passphrase timed out")
191 id = ev.split(':')[0].split('-')[-1]
192 dev[0].request("CTRL-RSP-PSK_PASSPHRASE-" + id + ':"' + passphrase + '"')
193 dev[0].wait_connected(timeout=10)
194
195 dev[1].connect(ssid, mem_only_psk="1", scan_freq="2412", wait_connect=False)
196 dev[1].request("SCAN_INTERVAL 1")
197 ev = dev[1].wait_event(["CTRL-REQ-PSK_PASSPHRASE"], timeout=10)
198 if ev is None:
199 raise Exception("Request for PSK/passphrase timed out(2)")
200 id = ev.split(':')[0].split('-')[-1]
201 dev[1].request("CTRL-RSP-PSK_PASSPHRASE-" + id + ':' + psk)
202 dev[1].wait_connected(timeout=10)
203
9fd6804d 204@remote_compatible
d1635d97
JM		 205def test_ap_wpa2_ptk_rekey(dev, apdev):
206 """WPA2-PSK AP and PTK rekey enforced by station"""
207 ssid = "test-wpa2-psk"
208 passphrase = 'qwertyuiop'
209 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
8b8a1864 210 hapd = hostapd.add_ap(apdev[0], params)
d1635d97
JM		 211 dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412")
212 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
213 if ev is None:
214 raise Exception("PTK rekey timed out")
a8375c94 215 hwsim_utils.test_connectivity(dev[0], hapd)
d1635d97 216
3bcc5247
JM		 217def test_ap_wpa2_ptk_rekey_anonce(dev, apdev):
218 """WPA2-PSK AP and PTK rekey enforced by station and ANonce change"""
219 ssid = "test-wpa2-psk"
220 passphrase = 'qwertyuiop'
221 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
222 hapd = hostapd.add_ap(apdev[0], params)
223 dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412")
224 dev[0].dump_monitor()
225 anonce1 = dev[0].request("GET anonce")
226 if "OK" not in dev[0].request("KEY_REQUEST 0 1"):
227 raise Exception("KEY_REQUEST failed")
228 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
229 if ev is None:
230 raise Exception("PTK rekey timed out")
231 anonce2 = dev[0].request("GET anonce")
232 if anonce1 == anonce2:
233 raise Exception("AP did not update ANonce in requested PTK rekeying")
234 hwsim_utils.test_connectivity(dev[0], hapd)
235
9fd6804d 236@remote_compatible
6c87b4b8
JM		 237def test_ap_wpa2_ptk_rekey_ap(dev, apdev):
238 """WPA2-PSK AP and PTK rekey enforced by AP"""
239 ssid = "test-wpa2-psk"
240 passphrase = 'qwertyuiop'
241 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
242 params['wpa_ptk_rekey'] = '2'
8b8a1864 243 hapd = hostapd.add_ap(apdev[0], params)
6c87b4b8
JM		 244 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
245 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
246 if ev is None:
247 raise Exception("PTK rekey timed out")
a8375c94 248 hwsim_utils.test_connectivity(dev[0], hapd)
6c87b4b8 249
9fd6804d 250@remote_compatible
d1635d97
JM		 251def test_ap_wpa2_sha256_ptk_rekey(dev, apdev):
252 """WPA2-PSK/SHA256 AKM AP and PTK rekey enforced by station"""
253 ssid = "test-wpa2-psk"
254 passphrase = 'qwertyuiop'
255 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
256 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
8b8a1864 257 hapd = hostapd.add_ap(apdev[0], params)
d1635d97
JM		 258 dev[0].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK-SHA256",
259 wpa_ptk_rekey="1", scan_freq="2412")
260 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
261 if ev is None:
262 raise Exception("PTK rekey timed out")
a8375c94 263 hwsim_utils.test_connectivity(dev[0], hapd)
fab49f61
JM		 264 check_mib(dev[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-6"),
265 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-6")])
d1635d97 266
9fd6804d 267@remote_compatible
6c87b4b8
JM		 268def test_ap_wpa2_sha256_ptk_rekey_ap(dev, apdev):
269 """WPA2-PSK/SHA256 AKM AP and PTK rekey enforced by AP"""
270 ssid = "test-wpa2-psk"
271 passphrase = 'qwertyuiop'
272 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
273 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
274 params['wpa_ptk_rekey'] = '2'
8b8a1864 275 hapd = hostapd.add_ap(apdev[0], params)
6c87b4b8
JM		 276 dev[0].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK-SHA256",
277 scan_freq="2412")
278 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
279 if ev is None:
280 raise Exception("PTK rekey timed out")
a8375c94 281 hwsim_utils.test_connectivity(dev[0], hapd)
fab49f61
JM		 282 check_mib(dev[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-6"),
283 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-6")])
6c87b4b8 284
9fd6804d 285@remote_compatible
fb5c8cea
JM		 286def test_ap_wpa_ptk_rekey(dev, apdev):
287 """WPA-PSK/TKIP AP and PTK rekey enforced by station"""
a1eabc74 288 skip_with_fips(dev[0])
fb5c8cea
JM		 289 ssid = "test-wpa-psk"
290 passphrase = 'qwertyuiop'
291 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
8b8a1864 292 hapd = hostapd.add_ap(apdev[0], params)
fb5c8cea 293 dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412")
91bc6c36
JM		 294 if "[WPA-PSK-TKIP]" not in dev[0].request("SCAN_RESULTS"):
295 raise Exception("Scan results missing WPA element info")
fb5c8cea
JM		 296 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
297 if ev is None:
298 raise Exception("PTK rekey timed out")
a8375c94 299 hwsim_utils.test_connectivity(dev[0], hapd)
138ec97e 300
9fd6804d 301@remote_compatible
6c87b4b8
JM		 302def test_ap_wpa_ptk_rekey_ap(dev, apdev):
303 """WPA-PSK/TKIP AP and PTK rekey enforced by AP"""
a1eabc74 304 skip_with_fips(dev[0])
6c87b4b8
JM		 305 ssid = "test-wpa-psk"
306 passphrase = 'qwertyuiop'
307 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
308 params['wpa_ptk_rekey'] = '2'
8b8a1864 309 hapd = hostapd.add_ap(apdev[0], params)
6c87b4b8
JM		 310 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
311 ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=10)
312 if ev is None:
313 raise Exception("PTK rekey timed out")
a8375c94 314 hwsim_utils.test_connectivity(dev[0], hapd)
6c87b4b8 315
9fd6804d 316@remote_compatible
12124240
JM		 317def test_ap_wpa_ccmp(dev, apdev):
318 """WPA-PSK/CCMP"""
319 ssid = "test-wpa-psk"
320 passphrase = 'qwertyuiop'
321 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
322 params['wpa_pairwise'] = "CCMP"
8b8a1864 323 hapd = hostapd.add_ap(apdev[0], params)
12124240 324 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
938c6e7b 325 hapd.wait_sta()
a8375c94 326 hwsim_utils.test_connectivity(dev[0], hapd)
fab49f61
JM		 327 check_mib(dev[0], [("dot11RSNAConfigGroupCipherSize", "128"),
328 ("dot11RSNAGroupCipherRequested", "00-50-f2-4"),
329 ("dot11RSNAPairwiseCipherRequested", "00-50-f2-4"),
330 ("dot11RSNAAuthenticationSuiteRequested", "00-50-f2-2"),
331 ("dot11RSNAGroupCipherSelected", "00-50-f2-4"),
332 ("dot11RSNAPairwiseCipherSelected", "00-50-f2-4"),
333 ("dot11RSNAAuthenticationSuiteSelected", "00-50-f2-2"),
334 ("dot1xSuppSuppControlledPortStatus", "Authorized")])
12124240 335
79f846a7 336def test_ap_wpa2_psk_file_errors(dev, apdev):
138ec97e 337 """WPA2-PSK AP with various PSK file error and success cases"""
18945a8c
B		 338 addr0 = dev[0].own_addr()
339 addr1 = dev[1].own_addr()
340 addr2 = dev[2].own_addr()
138ec97e
JM		 341 ssid = "psk"
342 pskfile = "/tmp/ap_wpa2_psk_file_errors.psk_file"
343 try:
344 os.remove(pskfile)
345 except:
346 pass
347
fab49f61
JM		 348 params = {"ssid": ssid, "wpa": "2", "wpa_key_mgmt": "WPA-PSK",
349 "rsn_pairwise": "CCMP", "wpa_psk_file": pskfile}
138ec97e
JM		 350
351 try:
352 # missing PSK file
8b8a1864 353 hapd = hostapd.add_ap(apdev[0], params, no_enable=True)
138ec97e
JM		 354 if "FAIL" not in hapd.request("ENABLE"):
355 raise Exception("Unexpected ENABLE success")
356 hapd.request("DISABLE")
357
358 # invalid MAC address
359 with open(pskfile, "w") as f:
360 f.write("\n")
361 f.write("foo\n")
362 if "FAIL" not in hapd.request("ENABLE"):
363 raise Exception("Unexpected ENABLE success")
364 hapd.request("DISABLE")
365
366 # no PSK on line
367 with open(pskfile, "w") as f:
368 f.write("00:11:22:33:44:55\n")
369 if "FAIL" not in hapd.request("ENABLE"):
370 raise Exception("Unexpected ENABLE success")
371 hapd.request("DISABLE")
372
373 # invalid PSK
374 with open(pskfile, "w") as f:
375 f.write("00:11:22:33:44:55 1234567\n")
376 if "FAIL" not in hapd.request("ENABLE"):
377 raise Exception("Unexpected ENABLE success")
378 hapd.request("DISABLE")
379
61929f4b
JM		 380 # empty token at the end of the line
381 with open(pskfile, "w") as f:
382 f.write("=\n")
383 if "FAIL" not in hapd.request("ENABLE"):
384 raise Exception("Unexpected ENABLE success")
385 hapd.request("DISABLE")
386
138ec97e
JM		 387 # valid PSK file
388 with open(pskfile, "w") as f:
389 f.write("00:11:22:33:44:55 12345678\n")
390 f.write(addr0 + " 123456789\n")
391 f.write(addr1 + " 123456789a\n")
392 f.write(addr2 + " 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\n")
393 if "FAIL" in hapd.request("ENABLE"):
394 raise Exception("Unexpected ENABLE failure")
395
396 dev[0].connect(ssid, psk="123456789", scan_freq="2412")
397 dev[1].connect(ssid, psk="123456789a", scan_freq="2412")
398 dev[2].connect(ssid, raw_psk="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef", scan_freq="2412")
399
400 finally:
401 try:
402 os.remove(pskfile)
403 except:
404 pass
6796e502 405
9fd6804d 406@remote_compatible
6796e502
JM		 407def test_ap_wpa2_psk_wildcard_ssid(dev, apdev):
408 """WPA2-PSK AP and wildcard SSID configuration"""
409 ssid = "test-wpa2-psk"
410 passphrase = 'qwertyuiop'
411 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
412 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
8b8a1864 413 hapd = hostapd.add_ap(apdev[0], params)
6796e502
JM		 414 dev[0].connect("", bssid=apdev[0]['bssid'], psk=passphrase,
415 scan_freq="2412")
416 dev[1].connect("", bssid=apdev[0]['bssid'], raw_psk=psk, scan_freq="2412")
3b25ad4c 417
9fd6804d 418@remote_compatible
3b25ad4c
JM		 419def test_ap_wpa2_gtk_rekey(dev, apdev):
420 """WPA2-PSK AP and GTK rekey enforced by AP"""
421 ssid = "test-wpa2-psk"
422 passphrase = 'qwertyuiop'
423 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
424 params['wpa_group_rekey'] = '1'
8b8a1864 425 hapd = hostapd.add_ap(apdev[0], params)
3b25ad4c
JM		 426 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
427 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
428 if ev is None:
429 raise Exception("GTK rekey timed out")
a8375c94 430 hwsim_utils.test_connectivity(dev[0], hapd)
3b25ad4c 431
257ad53c
JM		 432def test_ap_wpa2_gtk_rekey_request(dev, apdev):
433 """WPA2-PSK AP and GTK rekey by AP request"""
434 ssid = "test-wpa2-psk"
435 passphrase = 'qwertyuiop'
436 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
437 hapd = hostapd.add_ap(apdev[0], params)
438 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
439 if "OK" not in hapd.request("REKEY_GTK"):
440 raise Exception("REKEY_GTK failed")
441 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
442 if ev is None:
443 raise Exception("GTK rekey timed out")
444 hwsim_utils.test_connectivity(dev[0], hapd)
445
9fd6804d 446@remote_compatible
3b25ad4c
JM		 447def test_ap_wpa_gtk_rekey(dev, apdev):
448 """WPA-PSK/TKIP AP and GTK rekey enforced by AP"""
a1eabc74 449 skip_with_fips(dev[0])
3b25ad4c
JM		 450 ssid = "test-wpa-psk"
451 passphrase = 'qwertyuiop'
452 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
453 params['wpa_group_rekey'] = '1'
8b8a1864 454 hapd = hostapd.add_ap(apdev[0], params)
3b25ad4c
JM		 455 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
456 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
457 if ev is None:
458 raise Exception("GTK rekey timed out")
a8375c94 459 hwsim_utils.test_connectivity(dev[0], hapd)
3b25ad4c 460
9fd6804d 461@remote_compatible
3b25ad4c
JM		 462def test_ap_wpa2_gmk_rekey(dev, apdev):
463 """WPA2-PSK AP and GMK and GTK rekey enforced by AP"""
464 ssid = "test-wpa2-psk"
465 passphrase = 'qwertyuiop'
466 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
467 params['wpa_group_rekey'] = '1'
468 params['wpa_gmk_rekey'] = '2'
8b8a1864 469 hapd = hostapd.add_ap(apdev[0], params)
3b25ad4c
JM		 470 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
471 for i in range(0, 3):
472 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
473 if ev is None:
474 raise Exception("GTK rekey timed out")
a8375c94 475 hwsim_utils.test_connectivity(dev[0], hapd)
3b25ad4c 476
9fd6804d 477@remote_compatible
3b25ad4c
JM		 478def test_ap_wpa2_strict_rekey(dev, apdev):
479 """WPA2-PSK AP and strict GTK rekey enforced by AP"""
480 ssid = "test-wpa2-psk"
481 passphrase = 'qwertyuiop'
482 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
483 params['wpa_strict_rekey'] = '1'
8b8a1864 484 hapd = hostapd.add_ap(apdev[0], params)
3b25ad4c
JM		 485 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
486 dev[1].connect(ssid, psk=passphrase, scan_freq="2412")
487 dev[1].request("DISCONNECT")
488 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
489 if ev is None:
490 raise Exception("GTK rekey timed out")
a8375c94 491 hwsim_utils.test_connectivity(dev[0], hapd)
d1fc5736 492
9fd6804d 493@remote_compatible
d1fc5736
JM		 494def test_ap_wpa2_bridge_fdb(dev, apdev):
495 """Bridge FDB entry removal"""
bb04a9a9 496 hapd = None
d1fc5736
JM		 497 try:
498 ssid = "test-wpa2-psk"
499 passphrase = "12345678"
500 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
501 params['bridge'] = 'ap-br0'
bb04a9a9
JA		 502 hapd = hostapd.add_ap(apdev[0], params)
503 hapd.cmd_execute(['brctl', 'setfd', 'ap-br0', '0'])
504 hapd.cmd_execute(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
d1fc5736
JM		 505 dev[0].connect(ssid, psk=passphrase, scan_freq="2412",
506 bssid=apdev[0]['bssid'])
507 dev[1].connect(ssid, psk=passphrase, scan_freq="2412",
508 bssid=apdev[0]['bssid'])
938c6e7b
JM		 509 hapd.wait_sta()
510 hapd.wait_sta()
d1fc5736
JM		 511 addr0 = dev[0].p2p_interface_addr()
512 hwsim_utils.test_connectivity_sta(dev[0], dev[1])
bb04a9a9
JA		 513 err, macs1 = hapd.cmd_execute(['brctl', 'showmacs', 'ap-br0'])
514 hapd.cmd_execute(['brctl', 'setageing', 'ap-br0', '1'])
d1fc5736
JM		 515 dev[0].request("DISCONNECT")
516 dev[1].request("DISCONNECT")
517 time.sleep(1)
bb04a9a9 518 err, macs2 = hapd.cmd_execute(['brctl', 'showmacs', 'ap-br0'])
d1fc5736
JM		 519
520 addr1 = dev[1].p2p_interface_addr()
521 if addr0 not in macs1 or addr1 not in macs1:
522 raise Exception("Bridge FDB entry missing")
523 if addr0 in macs2 or addr1 in macs2:
524 raise Exception("Bridge FDB entry was not removed")
525 finally:
bb04a9a9
JA		 526 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', 'ap-br0',
527 'down'])
528 hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', 'ap-br0'])
cf0b9c86 529
9fd6804d 530@remote_compatible
8619c334
JM		 531def test_ap_wpa2_already_in_bridge(dev, apdev):
532 """hostapd behavior with interface already in bridge"""
533 ifname = apdev[0]['ifname']
534 br_ifname = 'ext-ap-br0'
535 try:
536 ssid = "test-wpa2-psk"
537 passphrase = "12345678"
bb04a9a9
JA		 538 hostapd.cmd_execute(apdev[0], ['brctl', 'addbr', br_ifname])
539 hostapd.cmd_execute(apdev[0], ['brctl', 'setfd', br_ifname, '0'])
540 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname,
541 'up'])
542 hostapd.cmd_execute(apdev[0], ['iw', ifname, 'set', 'type', '__ap'])
543 hostapd.cmd_execute(apdev[0], ['brctl', 'addif', br_ifname, ifname])
8619c334 544 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
41ba40e7 545 hapd = hostapd.add_ap(apdev[0], params)
8619c334
JM		 546 if hapd.get_driver_status_field('brname') != br_ifname:
547 raise Exception("Bridge name not identified correctly")
548 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
549 finally:
bb04a9a9
JA		 550 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname,
551 'down'])
552 hostapd.cmd_execute(apdev[0], ['brctl', 'delif', br_ifname, ifname])
553 hostapd.cmd_execute(apdev[0], ['iw', ifname, 'set', 'type', 'station'])
554 hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', br_ifname])
8619c334 555
9fd6804d 556@remote_compatible
542452a9
JM		 557def test_ap_wpa2_in_different_bridge(dev, apdev):
558 """hostapd behavior with interface in different bridge"""
559 ifname = apdev[0]['ifname']
560 br_ifname = 'ext-ap-br0'
561 try:
562 ssid = "test-wpa2-psk"
563 passphrase = "12345678"
bb04a9a9
JA		 564 hostapd.cmd_execute(apdev[0], ['brctl', 'addbr', br_ifname])
565 hostapd.cmd_execute(apdev[0], ['brctl', 'setfd', br_ifname, '0'])
566 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname,
567 'up'])
568 hostapd.cmd_execute(apdev[0], ['iw', ifname, 'set', 'type', '__ap'])
569 hostapd.cmd_execute(apdev[0], ['brctl', 'addif', br_ifname, ifname])
542452a9
JM		 570 time.sleep(0.5)
571 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
572 params['bridge'] = 'ap-br0'
41ba40e7 573 hapd = hostapd.add_ap(apdev[0], params)
bb04a9a9
JA		 574 hostapd.cmd_execute(apdev[0], ['brctl', 'setfd', 'ap-br0', '0'])
575 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', 'ap-br0',
576 'up'])
542452a9
JM		 577 brname = hapd.get_driver_status_field('brname')
578 if brname != 'ap-br0':
579 raise Exception("Incorrect bridge: " + brname)
580 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
938c6e7b 581 hapd.wait_sta()
542452a9
JM		 582 hwsim_utils.test_connectivity_iface(dev[0], hapd, "ap-br0")
583 if hapd.get_driver_status_field("added_bridge") != "1":
584 raise Exception("Unexpected added_bridge value")
585 if hapd.get_driver_status_field("added_if_into_bridge") != "1":
586 raise Exception("Unexpected added_if_into_bridge value")
587 dev[0].request("DISCONNECT")
588 hapd.disable()
542452a9 589 finally:
bb04a9a9
JA		 590 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname,
591 'down'])
592 hostapd.cmd_execute(apdev[0], ['brctl', 'delif', br_ifname, ifname,
593 "2>", "/dev/null"], shell=True)
594 hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', br_ifname])
542452a9 595
9fd6804d 596@remote_compatible
8619c334
JM		 597def test_ap_wpa2_ext_add_to_bridge(dev, apdev):
598 """hostapd behavior with interface added to bridge externally"""
599 ifname = apdev[0]['ifname']
600 br_ifname = 'ext-ap-br0'
601 try:
602 ssid = "test-wpa2-psk"
603 passphrase = "12345678"
604 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
41ba40e7 605 hapd = hostapd.add_ap(apdev[0], params)
8619c334 606
bb04a9a9
JA		 607 hostapd.cmd_execute(apdev[0], ['brctl', 'addbr', br_ifname])
608 hostapd.cmd_execute(apdev[0], ['brctl', 'setfd', br_ifname, '0'])
609 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname,
610 'up'])
611 hostapd.cmd_execute(apdev[0], ['brctl', 'addif', br_ifname, ifname])
8619c334
JM		 612 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
613 if hapd.get_driver_status_field('brname') != br_ifname:
614 raise Exception("Bridge name not identified correctly")
615 finally:
bb04a9a9
JA		 616 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname,
617 'down'])
618 hostapd.cmd_execute(apdev[0], ['brctl', 'delif', br_ifname, ifname])
619 hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', br_ifname])
8619c334 620
cf0b9c86
JM		 621def test_ap_wpa2_psk_ext(dev, apdev):
622 """WPA2-PSK AP using external EAPOL I/O"""
623 bssid = apdev[0]['bssid']
624 ssid = "test-wpa2-psk"
625 passphrase = 'qwertyuiop'
626 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
627 params = hostapd.wpa2_params(ssid=ssid)
628 params['wpa_psk'] = psk
8b8a1864 629 hapd = hostapd.add_ap(apdev[0], params)
cf0b9c86
JM		 630 hapd.request("SET ext_eapol_frame_io 1")
631 dev[0].request("SET ext_eapol_frame_io 1")
632 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
633 addr = dev[0].p2p_interface_addr()
634 while True:
635 ev = hapd.wait_event(["EAPOL-TX", "AP-STA-CONNECTED"], timeout=15)
636 if ev is None:
637 raise Exception("Timeout on EAPOL-TX from hostapd")
638 if "AP-STA-CONNECTED" in ev:
5f35a5e2 639 dev[0].wait_connected(timeout=15)
cf0b9c86
JM		 640 break
641 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
642 if "OK" not in res:
643 raise Exception("EAPOL_RX to wpa_supplicant failed")
644 ev = dev[0].wait_event(["EAPOL-TX", "CTRL-EVENT-CONNECTED"], timeout=15)
645 if ev is None:
646 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
647 if "CTRL-EVENT-CONNECTED" in ev:
648 break
649 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
650 if "OK" not in res:
651 raise Exception("EAPOL_RX to hostapd failed")
821490f5 652
242339de
JM		 653def test_ap_wpa2_psk_ext_retry_msg_3(dev, apdev):
654 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4"""
655 bssid = apdev[0]['bssid']
656 ssid = "test-wpa2-psk"
657 passphrase = 'qwertyuiop'
658 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
659 params = hostapd.wpa2_params(ssid=ssid)
660 params['wpa_psk'] = psk
8b8a1864 661 hapd = hostapd.add_ap(apdev[0], params)
242339de
JM		 662 hapd.request("SET ext_eapol_frame_io 1")
663 dev[0].request("SET ext_eapol_frame_io 1")
664 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
665 addr = dev[0].p2p_interface_addr()
666
667 # EAPOL-Key msg 1/4
668 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
669 if ev is None:
670 raise Exception("Timeout on EAPOL-TX from hostapd")
671 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
672 if "OK" not in res:
673 raise Exception("EAPOL_RX to wpa_supplicant failed")
674
675 # EAPOL-Key msg 2/4
676 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
677 if ev is None:
678 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
679 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
680 if "OK" not in res:
681 raise Exception("EAPOL_RX to hostapd failed")
682
683 # EAPOL-Key msg 3/4
684 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
685 if ev is None:
686 raise Exception("Timeout on EAPOL-TX from hostapd")
687 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
688 if "OK" not in res:
689 raise Exception("EAPOL_RX to wpa_supplicant failed")
690
691 # EAPOL-Key msg 4/4
692 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
693 if ev is None:
694 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
695 # Do not send to the AP
696 dev[0].wait_connected(timeout=15)
697
698 # EAPOL-Key msg 3/4 (retry)
699 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
700 if ev is None:
701 raise Exception("Timeout on EAPOL-TX from hostapd")
702 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
703 if "OK" not in res:
704 raise Exception("EAPOL_RX to wpa_supplicant failed")
705
706 # EAPOL-Key msg 4/4
707 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
708 if ev is None:
709 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
710 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
711 if "OK" not in res:
712 raise Exception("EAPOL_RX to hostapd failed")
713
714 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
715 if ev is None:
716 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
717
718 hwsim_utils.test_connectivity(dev[0], hapd)
719
c29475a9
JM		 720def test_ap_wpa2_psk_ext_retry_msg_3b(dev, apdev):
721 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (b)"""
722 bssid = apdev[0]['bssid']
723 ssid = "test-wpa2-psk"
724 passphrase = 'qwertyuiop'
725 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
726 params = hostapd.wpa2_params(ssid=ssid)
727 params['wpa_psk'] = psk
728 hapd = hostapd.add_ap(apdev[0], params)
729 hapd.request("SET ext_eapol_frame_io 1")
730 dev[0].request("SET ext_eapol_frame_io 1")
731 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
732 addr = dev[0].p2p_interface_addr()
733
734 # EAPOL-Key msg 1/4
735 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
736 if ev is None:
737 raise Exception("Timeout on EAPOL-TX from hostapd")
738 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
739 if "OK" not in res:
740 raise Exception("EAPOL_RX to wpa_supplicant failed")
741
742 # EAPOL-Key msg 2/4
743 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
744 if ev is None:
745 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
746 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
747 if "OK" not in res:
748 raise Exception("EAPOL_RX to hostapd failed")
749
750 # EAPOL-Key msg 3/4
751 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
752 if ev is None:
753 raise Exception("Timeout on EAPOL-TX from hostapd")
754 # Do not send the first msg 3/4 to the STA yet; wait for retransmission
755 # from AP.
756 msg3_1 = ev
757
758 # EAPOL-Key msg 3/4 (retry)
759 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
760 if ev is None:
761 raise Exception("Timeout on EAPOL-TX from hostapd")
762 msg3_2 = ev
763
764 # Send the first msg 3/4 to STA
765 res = dev[0].request("EAPOL_RX " + bssid + " " + msg3_1.split(' ')[2])
766 if "OK" not in res:
767 raise Exception("EAPOL_RX to wpa_supplicant failed")
768
769 # EAPOL-Key msg 4/4
770 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
771 if ev is None:
772 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
773 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
774 if "OK" not in res:
775 raise Exception("EAPOL_RX to hostapd failed")
776 dev[0].wait_connected(timeout=15)
777 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
778 if ev is None:
779 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
780
781 hwsim_utils.test_connectivity(dev[0], hapd)
782
783 # Send the second msg 3/4 to STA
784 res = dev[0].request("EAPOL_RX " + bssid + " " + msg3_2.split(' ')[2])
785 if "OK" not in res:
786 raise Exception("EAPOL_RX to wpa_supplicant failed")
787 # EAPOL-Key msg 4/4
788 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
789 if ev is None:
790 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
791 # Do not send the second msg 4/4 to the AP
792
793 hwsim_utils.test_connectivity(dev[0], hapd)
794
f4528fbf
JM		 795def test_ap_wpa2_psk_ext_retry_msg_3c(dev, apdev):
796 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (c)"""
797 bssid = apdev[0]['bssid']
798 ssid = "test-wpa2-psk"
799 passphrase = 'qwertyuiop'
800 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
801 params = hostapd.wpa2_params(ssid=ssid)
802 params['wpa_psk'] = psk
803 hapd = hostapd.add_ap(apdev[0], params)
804 hapd.request("SET ext_eapol_frame_io 1")
805 dev[0].request("SET ext_eapol_frame_io 1")
806 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
807 addr = dev[0].p2p_interface_addr()
808
809 # EAPOL-Key msg 1/4
810 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
811 if ev is None:
812 raise Exception("Timeout on EAPOL-TX from hostapd")
813 msg1 = ev.split(' ')[2]
814 res = dev[0].request("EAPOL_RX " + bssid + " " + msg1)
815 if "OK" not in res:
816 raise Exception("EAPOL_RX to wpa_supplicant failed")
817
818 # EAPOL-Key msg 2/4
819 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
820 if ev is None:
821 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
822 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
823 if "OK" not in res:
824 raise Exception("EAPOL_RX to hostapd failed")
825
826 # EAPOL-Key msg 3/4
827 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
828 if ev is None:
829 raise Exception("Timeout on EAPOL-TX from hostapd")
830 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
831 if "OK" not in res:
832 raise Exception("EAPOL_RX to wpa_supplicant failed")
833
834 # EAPOL-Key msg 4/4
835 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
836 if ev is None:
837 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
838 msg4 = ev.split(' ')[2]
839 # Do not send msg 4/4 to hostapd to trigger retry
840
841 # STA believes everything is ready
842 dev[0].wait_connected()
843
844 # EAPOL-Key msg 3/4 (retry)
845 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
846 if ev is None:
847 raise Exception("Timeout on EAPOL-TX from hostapd")
848 msg3 = ev.split(' ')[2]
849
850 # Send a forged msg 1/4 to STA (update replay counter)
851 msg1b = msg1[0:18] + msg3[18:34] + msg1[34:]
852 # and replace nonce (this results in "WPA: ANonce from message 1 of
853 # 4-Way Handshake differs from 3 of 4-Way Handshake - drop packet" when
854 # wpa_supplicant processed msg 3/4 afterwards)
855 #msg1b = msg1[0:18] + msg3[18:34] + 32*"ff" + msg1[98:]
856 res = dev[0].request("EAPOL_RX " + bssid + " " + msg1b)
857 if "OK" not in res:
858 raise Exception("EAPOL_RX to wpa_supplicant failed")
859 # EAPOL-Key msg 2/4
860 ev = dev[0].wait_event(["EAPOL-TX"], timeout=1)
861 if ev is None:
862 # wpa_supplicant seems to have ignored the forged message. This means
863 # the attack would fail.
864 logger.info("wpa_supplicant ignored forged EAPOL-Key msg 1/4")
865 return
866 # Do not send msg 2/4 to hostapd
867
868 # Send previously received msg 3/4 to STA
869 res = dev[0].request("EAPOL_RX " + bssid + " " + msg3)
870 if "OK" not in res:
871 raise Exception("EAPOL_RX to wpa_supplicant failed")
872
873 # EAPOL-Key msg 4/4
874 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
875 if ev is None:
876 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
877 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
878 if "OK" not in res:
879 raise Exception("EAPOL_RX to hostapd failed")
880
881 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
882 if ev is None:
883 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
884
885 hwsim_utils.test_connectivity(dev[0], hapd)
886
887def test_ap_wpa2_psk_ext_retry_msg_3d(dev, apdev):
888 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (d)"""
889 bssid = apdev[0]['bssid']
890 ssid = "test-wpa2-psk"
891 passphrase = 'qwertyuiop'
892 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
893 params = hostapd.wpa2_params(ssid=ssid)
894 params['wpa_psk'] = psk
895 hapd = hostapd.add_ap(apdev[0], params)
896 hapd.request("SET ext_eapol_frame_io 1")
897 dev[0].request("SET ext_eapol_frame_io 1")
898 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
899 addr = dev[0].p2p_interface_addr()
900
901 # EAPOL-Key msg 1/4
902 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
903 if ev is None:
904 raise Exception("Timeout on EAPOL-TX from hostapd")
905 msg1 = ev.split(' ')[2]
906 res = dev[0].request("EAPOL_RX " + bssid + " " + msg1)
907 if "OK" not in res:
908 raise Exception("EAPOL_RX to wpa_supplicant failed")
909
910 # EAPOL-Key msg 2/4
911 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
912 if ev is None:
913 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
914 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
915 if "OK" not in res:
916 raise Exception("EAPOL_RX to hostapd failed")
917
918 # EAPOL-Key msg 3/4
919 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
920 if ev is None:
921 raise Exception("Timeout on EAPOL-TX from hostapd")
922 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
923 if "OK" not in res:
924 raise Exception("EAPOL_RX to wpa_supplicant failed")
925
926 # EAPOL-Key msg 4/4
927 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
928 if ev is None:
929 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
930 msg4 = ev.split(' ')[2]
931 # Do not send msg 4/4 to hostapd to trigger retry
932
933 # STA believes everything is ready
934 dev[0].wait_connected()
935
936 # EAPOL-Key msg 3/4 (retry)
937 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
938 if ev is None:
939 raise Exception("Timeout on EAPOL-TX from hostapd")
940 msg3 = ev.split(' ')[2]
941
942 # Send a forged msg 1/4 to STA (update replay counter)
943 msg1b = msg1[0:18] + msg3[18:34] + msg1[34:]
944 res = dev[0].request("EAPOL_RX " + bssid + " " + msg1b)
945 if "OK" not in res:
946 raise Exception("EAPOL_RX to wpa_supplicant failed")
947 # EAPOL-Key msg 2/4
948 ev = dev[0].wait_event(["EAPOL-TX"], timeout=1)
949 if ev is None:
950 # wpa_supplicant seems to have ignored the forged message. This means
951 # the attack would fail.
952 logger.info("wpa_supplicant ignored forged EAPOL-Key msg 1/4")
953 return
954 # Do not send msg 2/4 to hostapd
955
956 # EAPOL-Key msg 3/4 (retry 2)
957 # New one needed to get the correct Replay Counter value
958 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
959 if ev is None:
960 raise Exception("Timeout on EAPOL-TX from hostapd")
961 msg3 = ev.split(' ')[2]
962
963 # Send msg 3/4 to STA
964 res = dev[0].request("EAPOL_RX " + bssid + " " + msg3)
965 if "OK" not in res:
966 raise Exception("EAPOL_RX to wpa_supplicant failed")
967
968 # EAPOL-Key msg 4/4
969 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
970 if ev is None:
971 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
972 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
973 if "OK" not in res:
974 raise Exception("EAPOL_RX to hostapd failed")
975
976 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
977 if ev is None:
978 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
979
980 hwsim_utils.test_connectivity(dev[0], hapd)
981
982def test_ap_wpa2_psk_ext_retry_msg_3e(dev, apdev):
983 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (e)"""
984 bssid = apdev[0]['bssid']
985 ssid = "test-wpa2-psk"
986 passphrase = 'qwertyuiop'
987 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
988 params = hostapd.wpa2_params(ssid=ssid)
989 params['wpa_psk'] = psk
990 hapd = hostapd.add_ap(apdev[0], params)
991 hapd.request("SET ext_eapol_frame_io 1")
992 dev[0].request("SET ext_eapol_frame_io 1")
993 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
994 addr = dev[0].p2p_interface_addr()
995
996 # EAPOL-Key msg 1/4
997 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
998 if ev is None:
999 raise Exception("Timeout on EAPOL-TX from hostapd")
1000 msg1 = ev.split(' ')[2]
1001 res = dev[0].request("EAPOL_RX " + bssid + " " + msg1)
1002 if "OK" not in res:
1003 raise Exception("EAPOL_RX to wpa_supplicant failed")
1004
1005 # EAPOL-Key msg 2/4
1006 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
1007 if ev is None:
1008 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1009 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
1010 if "OK" not in res:
1011 raise Exception("EAPOL_RX to hostapd failed")
1012
1013 # EAPOL-Key msg 3/4
1014 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1015 if ev is None:
1016 raise Exception("Timeout on EAPOL-TX from hostapd")
1017 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
1018 if "OK" not in res:
1019 raise Exception("EAPOL_RX to wpa_supplicant failed")
1020
1021 # EAPOL-Key msg 4/4
1022 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
1023 if ev is None:
1024 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1025 msg4 = ev.split(' ')[2]
1026 # Do not send msg 4/4 to hostapd to trigger retry
1027
1028 # STA believes everything is ready
1029 dev[0].wait_connected()
1030
1031 # EAPOL-Key msg 3/4 (retry)
1032 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1033 if ev is None:
1034 raise Exception("Timeout on EAPOL-TX from hostapd")
1035 msg3 = ev.split(' ')[2]
1036
1037 # Send a forged msg 1/4 to STA (update replay counter and replace ANonce)
1038 msg1b = msg1[0:18] + msg3[18:34] + 32*"ff" + msg1[98:]
1039 res = dev[0].request("EAPOL_RX " + bssid + " " + msg1b)
1040 if "OK" not in res:
1041 raise Exception("EAPOL_RX to wpa_supplicant failed")
1042 # EAPOL-Key msg 2/4
1043 ev = dev[0].wait_event(["EAPOL-TX"], timeout=1)
1044 if ev is None:
1045 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1046 # Do not send msg 2/4 to hostapd
1047
1048 # Send a forged msg 1/4 to STA (back to previously used ANonce)
1049 msg1b = msg1[0:18] + msg3[18:34] + msg1[34:]
1050 res = dev[0].request("EAPOL_RX " + bssid + " " + msg1b)
1051 if "OK" not in res:
1052 raise Exception("EAPOL_RX to wpa_supplicant failed")
1053 # EAPOL-Key msg 2/4
1054 ev = dev[0].wait_event(["EAPOL-TX"], timeout=1)
1055 if ev is None:
1056 # wpa_supplicant seems to have ignored the forged message. This means
1057 # the attack would fail.
1058 logger.info("wpa_supplicant ignored forged EAPOL-Key msg 1/4")
1059 return
1060 # Do not send msg 2/4 to hostapd
1061
1062 # EAPOL-Key msg 3/4 (retry 2)
1063 # New one needed to get the correct Replay Counter value
1064 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1065 if ev is None:
1066 raise Exception("Timeout on EAPOL-TX from hostapd")
1067 msg3 = ev.split(' ')[2]
1068
1069 # Send msg 3/4 to STA
1070 res = dev[0].request("EAPOL_RX " + bssid + " " + msg3)
1071 if "OK" not in res:
1072 raise Exception("EAPOL_RX to wpa_supplicant failed")
1073
1074 # EAPOL-Key msg 4/4
1075 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
1076 if ev is None:
1077 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1078 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
1079 if "OK" not in res:
1080 raise Exception("EAPOL_RX to hostapd failed")
1081
1082 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
1083 if ev is None:
1084 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
1085
1086 hwsim_utils.test_connectivity(dev[0], hapd)
1087
60890ca4
JM		 1088def test_ap_wpa2_psk_ext_delayed_ptk_rekey(dev, apdev):
1089 """WPA2-PSK AP using external EAPOL I/O and delayed PTK rekey exchange"""
1090 bssid = apdev[0]['bssid']
1091 ssid = "test-wpa2-psk"
1092 passphrase = 'qwertyuiop'
1093 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
1094 params = hostapd.wpa2_params(ssid=ssid)
1095 params['wpa_psk'] = psk
1096 params['wpa_ptk_rekey'] = '3'
1097 hapd = hostapd.add_ap(apdev[0], params)
1098 hapd.request("SET ext_eapol_frame_io 1")
1099 dev[0].request("SET ext_eapol_frame_io 1")
1100 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
1101 addr = dev[0].p2p_interface_addr()
1102
1103 # EAPOL-Key msg 1/4
1104 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1105 if ev is None:
1106 raise Exception("Timeout on EAPOL-TX from hostapd")
1107 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
1108 if "OK" not in res:
1109 raise Exception("EAPOL_RX to wpa_supplicant failed")
1110
1111 # EAPOL-Key msg 2/4
1112 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
1113 if ev is None:
1114 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1115 msg2 = ev.split(' ')[2]
1116 # Do not send this to the AP
1117
1118 # EAPOL-Key msg 1/4 (retry)
1119 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1120 if ev is None:
1121 raise Exception("Timeout on EAPOL-TX from hostapd")
1122 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
1123 if "OK" not in res:
1124 raise Exception("EAPOL_RX to wpa_supplicant failed")
1125
1126 # EAPOL-Key msg 2/4
1127 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
1128 if ev is None:
1129 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1130 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
1131 if "OK" not in res:
1132 raise Exception("EAPOL_RX to hostapd failed")
1133
1134 # EAPOL-Key msg 3/4
1135 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1136 if ev is None:
1137 raise Exception("Timeout on EAPOL-TX from hostapd")
1138 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
1139 if "OK" not in res:
1140 raise Exception("EAPOL_RX to wpa_supplicant failed")
1141
1142 # EAPOL-Key msg 4/4
1143 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
1144 if ev is None:
1145 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1146 msg4 = ev.split(' ')[2]
1147 # Do not send msg 4/4 to AP
1148
1149 # EAPOL-Key msg 3/4 (retry)
1150 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1151 if ev is None:
1152 raise Exception("Timeout on EAPOL-TX from hostapd")
1153 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
1154 if "OK" not in res:
1155 raise Exception("EAPOL_RX to wpa_supplicant failed")
1156
1157 # EAPOL-Key msg 4/4
1158 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
1159 if ev is None:
1160 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1161 msg4b = ev.split(' ')[2]
1162 # Do not send msg 4/4 to AP
1163
1164 # Send the previous EAPOL-Key msg 4/4 to AP
1165 res = hapd.request("EAPOL_RX " + addr + " " + msg4)
1166 if "OK" not in res:
1167 raise Exception("EAPOL_RX to hostapd failed")
1168
1169 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
1170 if ev is None:
1171 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
1172
1173 # Wait for PTK rekeying to be initialized
1174 # EAPOL-Key msg 1/4
1175 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1176 if ev is None:
1177 raise Exception("Timeout on EAPOL-TX from hostapd")
1178
1179 # EAPOL-Key msg 2/4 from the previous 4-way handshake
1180 # hostapd is expected to ignore this due to unexpected Replay Counter
1181 res = hapd.request("EAPOL_RX " + addr + " " + msg2)
1182 if "OK" not in res:
1183 raise Exception("EAPOL_RX to hostapd failed")
1184
1185 # EAPOL-Key msg 3/4 (actually, this ends up being retransmitted 1/4)
1186 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1187 if ev is None:
1188 raise Exception("Timeout on EAPOL-TX from hostapd")
1189 keyinfo = ev.split(' ')[2][10:14]
1190 if keyinfo != "008a":
1191 raise Exception("Unexpected key info when expected msg 1/4:" + keyinfo)
1192
1193 # EAPOL-Key msg 4/4 from the previous 4-way handshake
1194 # hostapd is expected to ignore this due to unexpected Replay Counter
1195 res = hapd.request("EAPOL_RX " + addr + " " + msg4b)
1196 if "OK" not in res:
1197 raise Exception("EAPOL_RX to hostapd failed")
1198
1199 # Check if any more EAPOL-Key frames are seen. If the second 4-way handshake
1200 # was accepted, there would be no more EAPOL-Key frames. If the Replay
1201 # Counters were rejected, there would be a retransmitted msg 1/4 here.
298eb079 1202 ev = hapd.wait_event(["EAPOL-TX"], timeout=1.1)
60890ca4
JM		 1203 if ev is None:
1204 raise Exception("Did not see EAPOL-TX from hostapd in the end (expected msg 1/4)")
1205 keyinfo = ev.split(' ')[2][10:14]
1206 if keyinfo != "008a":
1207 raise Exception("Unexpected key info when expected msg 1/4:" + keyinfo)
1208
821490f5
JM		 1209def parse_eapol(data):
1210 (version, type, length) = struct.unpack('>BBH', data[0:4])
1211 payload = data[4:]
1212 if length > len(payload):
1213 raise Exception("Invalid EAPOL length")
1214 if length < len(payload):
1215 payload = payload[0:length]
1216 eapol = {}
1217 eapol['version'] = version
1218 eapol['type'] = type
1219 eapol['length'] = length
1220 eapol['payload'] = payload
1221 if type == 3:
1222 # EAPOL-Key
1223 (eapol['descr_type'],) = struct.unpack('B', payload[0:1])
1224 payload = payload[1:]
a52fd1c3 1225 if eapol['descr_type'] == 2 or eapol['descr_type'] == 254:
821490f5
JM		 1226 # RSN EAPOL-Key
1227 (key_info, key_len) = struct.unpack('>HH', payload[0:4])
1228 eapol['rsn_key_info'] = key_info
1229 eapol['rsn_key_len'] = key_len
1230 eapol['rsn_replay_counter'] = payload[4:12]
1231 eapol['rsn_key_nonce'] = payload[12:44]
1232 eapol['rsn_key_iv'] = payload[44:60]
1233 eapol['rsn_key_rsc'] = payload[60:68]
1234 eapol['rsn_key_id'] = payload[68:76]
1235 eapol['rsn_key_mic'] = payload[76:92]
1236 payload = payload[92:]
1237 (eapol['rsn_key_data_len'],) = struct.unpack('>H', payload[0:2])
1238 payload = payload[2:]
1239 eapol['rsn_key_data'] = payload
1240 return eapol
1241
1242def build_eapol(msg):
1243 data = struct.pack(">BBH", msg['version'], msg['type'], msg['length'])
1244 if msg['type'] == 3:
1245 data += struct.pack('>BHH', msg['descr_type'], msg['rsn_key_info'],
1246 msg['rsn_key_len'])
1247 data += msg['rsn_replay_counter']
1248 data += msg['rsn_key_nonce']
1249 data += msg['rsn_key_iv']
1250 data += msg['rsn_key_rsc']
1251 data += msg['rsn_key_id']
1252 data += msg['rsn_key_mic']
1253 data += struct.pack('>H', msg['rsn_key_data_len'])
1254 data += msg['rsn_key_data']
1255 else:
1256 data += msg['payload']
1257 return data
1258
1259def sha1_prf(key, label, data, outlen):
15dfcb69 1260 res = b''
821490f5
JM		 1261 counter = 0
1262 while outlen > 0:
f94df3c0 1263 m = hmac.new(key, label.encode(), hashlib.sha1)
821490f5
JM		 1264 m.update(struct.pack('B', 0))
1265 m.update(data)
1266 m.update(struct.pack('B', counter))
1267 counter += 1
1268 hash = m.digest()
1269 if outlen > len(hash):
1270 res += hash
1271 outlen -= len(hash)
1272 else:
1273 res += hash[0:outlen]
1274 outlen = 0
1275 return res
1276
1277def pmk_to_ptk(pmk, addr1, addr2, nonce1, nonce2):
1278 if addr1 < addr2:
fab49f61 1279 data = binascii.unhexlify(addr1.replace(':', '')) + binascii.unhexlify(addr2.replace(':', ''))
821490f5 1280 else:
fab49f61 1281 data = binascii.unhexlify(addr2.replace(':', '')) + binascii.unhexlify(addr1.replace(':', ''))
821490f5
JM		 1282 if nonce1 < nonce2:
1283 data += nonce1 + nonce2
1284 else:
1285 data += nonce2 + nonce1
1286 label = "Pairwise key expansion"
1287 ptk = sha1_prf(pmk, label, data, 48)
1288 kck = ptk[0:16]
1289 kek = ptk[16:32]
1290 return (ptk, kck, kek)
1291
1292def eapol_key_mic(kck, msg):
1293 msg['rsn_key_mic'] = binascii.unhexlify('00000000000000000000000000000000')
1294 data = build_eapol(msg)
1295 m = hmac.new(kck, data, hashlib.sha1)
1296 msg['rsn_key_mic'] = m.digest()[0:16]
1297
1298def rsn_eapol_key_set(msg, key_info, key_len, nonce, data):
1299 msg['rsn_key_info'] = key_info
1300 msg['rsn_key_len'] = key_len
1301 if nonce:
1302 msg['rsn_key_nonce'] = nonce
1303 else:
1304 msg['rsn_key_nonce'] = binascii.unhexlify('0000000000000000000000000000000000000000000000000000000000000000')
1305 if data:
1306 msg['rsn_key_data_len'] = len(data)
1307 msg['rsn_key_data'] = data
1308 msg['length'] = 95 + len(data)
1309 else:
1310 msg['rsn_key_data_len'] = 0
15dfcb69 1311 msg['rsn_key_data'] = b''
821490f5
JM		 1312 msg['length'] = 95
1313
1314def recv_eapol(hapd):
1315 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1316 if ev is None:
1317 raise Exception("Timeout on EAPOL-TX from hostapd")
1318 eapol = binascii.unhexlify(ev.split(' ')[2])
1319 return parse_eapol(eapol)
1320
1321def send_eapol(hapd, addr, data):
7ab74770 1322 res = hapd.request("EAPOL_RX " + addr + " " + binascii.hexlify(data).decode())
821490f5
JM		 1323 if "OK" not in res:
1324 raise Exception("EAPOL_RX to hostapd failed")
1325
1326def reply_eapol(info, hapd, addr, msg, key_info, nonce, data, kck):
1327 logger.info("Send EAPOL-Key msg " + info)
1328 rsn_eapol_key_set(msg, key_info, 0, nonce, data)
1329 eapol_key_mic(kck, msg)
1330 send_eapol(hapd, addr, build_eapol(msg))
1331
1332def hapd_connected(hapd):
1333 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
1334 if ev is None:
1335 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
1336
8030e2b5 1337def eapol_test(apdev, dev, wpa2=True, ieee80211w=0):
821490f5 1338 bssid = apdev['bssid']
a52fd1c3
JM		 1339 if wpa2:
1340 ssid = "test-wpa2-psk"
1341 else:
1342 ssid = "test-wpa-psk"
821490f5
JM		 1343 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
1344 pmk = binascii.unhexlify(psk)
a52fd1c3
JM		 1345 if wpa2:
1346 params = hostapd.wpa2_params(ssid=ssid)
1347 else:
1348 params = hostapd.wpa_params(ssid=ssid)
821490f5 1349 params['wpa_psk'] = psk
8030e2b5 1350 params['ieee80211w'] = str(ieee80211w)
afc26df2 1351 hapd = hostapd.add_ap(apdev, params)
821490f5
JM		 1352 hapd.request("SET ext_eapol_frame_io 1")
1353 dev.request("SET ext_eapol_frame_io 1")
8030e2b5
JM		 1354 dev.connect(ssid, raw_psk=psk, scan_freq="2412", wait_connect=False,
1355 ieee80211w=str(ieee80211w))
821490f5 1356 addr = dev.p2p_interface_addr()
a52fd1c3 1357 if wpa2:
8030e2b5
JM		 1358 if ieee80211w == 2:
1359 rsne = binascii.unhexlify('30140100000fac040100000fac040100000fac02cc00')
1360 else:
1361 rsne = binascii.unhexlify('30140100000fac040100000fac040100000fac020000')
a52fd1c3
JM		 1362 else:
1363 rsne = binascii.unhexlify('dd160050f20101000050f20201000050f20201000050f202')
821490f5 1364 snonce = binascii.unhexlify('1111111111111111111111111111111111111111111111111111111111111111')
fab49f61 1365 return (bssid, ssid, hapd, snonce, pmk, addr, rsne)
821490f5 1366
9fd6804d 1367@remote_compatible
821490f5
JM		 1368def test_ap_wpa2_psk_ext_eapol(dev, apdev):
1369 """WPA2-PSK AP using external EAPOL supplicant"""
fab49f61 1370 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
821490f5
JM		 1371
1372 msg = recv_eapol(hapd)
1373 anonce = msg['rsn_key_nonce']
1374 logger.info("Replay same data back")
1375 send_eapol(hapd, addr, build_eapol(msg))
1376
1377 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1378
1379 logger.info("Truncated Key Data in EAPOL-Key msg 2/4")
1380 rsn_eapol_key_set(msg, 0x0101, 0, snonce, rsne)
1381 msg['length'] = 95 + 22 - 1
1382 send_eapol(hapd, addr, build_eapol(msg))
1383
1384 reply_eapol("2/4", hapd, addr, msg, 0x010a, snonce, rsne, kck)
1385
1386 msg = recv_eapol(hapd)
1387 if anonce != msg['rsn_key_nonce']:
1388 raise Exception("ANonce changed")
1389 logger.info("Replay same data back")
1390 send_eapol(hapd, addr, build_eapol(msg))
1391
1392 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
1393 hapd_connected(hapd)
1394
9fd6804d 1395@remote_compatible
821490f5
JM		 1396def test_ap_wpa2_psk_ext_eapol_retry1(dev, apdev):
1397 """WPA2 4-way handshake with EAPOL-Key 1/4 retransmitted"""
fab49f61 1398 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
821490f5
JM		 1399
1400 msg1 = recv_eapol(hapd)
1401 anonce = msg1['rsn_key_nonce']
1402
1403 msg2 = recv_eapol(hapd)
1404 if anonce != msg2['rsn_key_nonce']:
1405 raise Exception("ANonce changed")
1406
1407 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1408
1409 logger.info("Send EAPOL-Key msg 2/4")
1410 msg = msg2
1411 rsn_eapol_key_set(msg, 0x010a, 0, snonce, rsne)
1412 eapol_key_mic(kck, msg)
1413 send_eapol(hapd, addr, build_eapol(msg))
1414
1415 msg = recv_eapol(hapd)
1416 if anonce != msg['rsn_key_nonce']:
1417 raise Exception("ANonce changed")
1418
1419 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
1420 hapd_connected(hapd)
1421
9fd6804d 1422@remote_compatible
821490f5
JM		 1423def test_ap_wpa2_psk_ext_eapol_retry1b(dev, apdev):
1424 """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted"""
fab49f61 1425 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
821490f5
JM		 1426
1427 msg1 = recv_eapol(hapd)
1428 anonce = msg1['rsn_key_nonce']
1429 msg2 = recv_eapol(hapd)
1430 if anonce != msg2['rsn_key_nonce']:
1431 raise Exception("ANonce changed")
1432
1433 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1434 reply_eapol("2/4 (a)", hapd, addr, msg1, 0x010a, snonce, rsne, kck)
1435 reply_eapol("2/4 (b)", hapd, addr, msg2, 0x010a, snonce, rsne, kck)
1436
1437 msg = recv_eapol(hapd)
1438 if anonce != msg['rsn_key_nonce']:
1439 raise Exception("ANonce changed")
1440
1441 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
1442 hapd_connected(hapd)
1443
9fd6804d 1444@remote_compatible
821490f5
JM		 1445def test_ap_wpa2_psk_ext_eapol_retry1c(dev, apdev):
1446 """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted and SNonce changing"""
fab49f61 1447 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
821490f5
JM		 1448
1449 msg1 = recv_eapol(hapd)
1450 anonce = msg1['rsn_key_nonce']
1451
1452 msg2 = recv_eapol(hapd)
1453 if anonce != msg2['rsn_key_nonce']:
1454 raise Exception("ANonce changed")
1455 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1456 reply_eapol("2/4 (a)", hapd, addr, msg1, 0x010a, snonce, rsne, kck)
1457
1458 snonce2 = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1459 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce2, anonce)
1460 reply_eapol("2/4 (b)", hapd, addr, msg2, 0x010a, snonce2, rsne, kck)
1461
1462 msg = recv_eapol(hapd)
1463 if anonce != msg['rsn_key_nonce']:
1464 raise Exception("ANonce changed")
1465 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
1466 hapd_connected(hapd)
1467
9fd6804d 1468@remote_compatible
821490f5
JM		 1469def test_ap_wpa2_psk_ext_eapol_retry1d(dev, apdev):
1470 """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted and SNonce changing and older used"""
fab49f61 1471 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
821490f5
JM		 1472
1473 msg1 = recv_eapol(hapd)
1474 anonce = msg1['rsn_key_nonce']
1475 msg2 = recv_eapol(hapd)
1476 if anonce != msg2['rsn_key_nonce']:
1477 raise Exception("ANonce changed")
1478
1479 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1480 reply_eapol("2/4 (a)", hapd, addr, msg1, 0x010a, snonce, rsne, kck)
1481
1482 snonce2 = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1483 (ptk2, kck2, kek2) = pmk_to_ptk(pmk, addr, bssid, snonce2, anonce)
1484
1485 reply_eapol("2/4 (b)", hapd, addr, msg2, 0x010a, snonce2, rsne, kck2)
1486 msg = recv_eapol(hapd)
1487 if anonce != msg['rsn_key_nonce']:
1488 raise Exception("ANonce changed")
1489 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
1490 hapd_connected(hapd)
53b9bedb 1491
9fd6804d 1492@remote_compatible
53b9bedb
JM		 1493def test_ap_wpa2_psk_ext_eapol_type_diff(dev, apdev):
1494 """WPA2 4-way handshake using external EAPOL supplicant"""
fab49f61 1495 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
53b9bedb
JM		 1496
1497 msg = recv_eapol(hapd)
1498 anonce = msg['rsn_key_nonce']
1499
1500 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1501
1502 # Incorrect descriptor type (frame dropped)
1503 msg['descr_type'] = 253
1504 rsn_eapol_key_set(msg, 0x010a, 0, snonce, rsne)
1505 eapol_key_mic(kck, msg)
1506 send_eapol(hapd, addr, build_eapol(msg))
1507
1508 # Incorrect descriptor type, but with a workaround (frame processed)
1509 msg['descr_type'] = 254
1510 rsn_eapol_key_set(msg, 0x010a, 0, snonce, rsne)
1511 eapol_key_mic(kck, msg)
1512 send_eapol(hapd, addr, build_eapol(msg))
1513
1514 msg = recv_eapol(hapd)
1515 if anonce != msg['rsn_key_nonce']:
1516 raise Exception("ANonce changed")
1517 logger.info("Replay same data back")
1518 send_eapol(hapd, addr, build_eapol(msg))
1519
1520 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
1521 hapd_connected(hapd)
a52fd1c3 1522
9fd6804d 1523@remote_compatible
a52fd1c3
JM		 1524def test_ap_wpa_psk_ext_eapol(dev, apdev):
1525 """WPA2-PSK AP using external EAPOL supplicant"""
fab49f61
JM		 1526 (bssid, ssid, hapd, snonce, pmk, addr, wpae) = eapol_test(apdev[0], dev[0],
1527 wpa2=False)
a52fd1c3
JM		 1528
1529 msg = recv_eapol(hapd)
1530 anonce = msg['rsn_key_nonce']
1531 logger.info("Replay same data back")
1532 send_eapol(hapd, addr, build_eapol(msg))
1533 logger.info("Too short data")
1534 send_eapol(hapd, addr, build_eapol(msg)[0:98])
1535
1536 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1537 msg['descr_type'] = 2
1538 reply_eapol("2/4(invalid type)", hapd, addr, msg, 0x010a, snonce, wpae, kck)
1539 msg['descr_type'] = 254
1540 reply_eapol("2/4", hapd, addr, msg, 0x010a, snonce, wpae, kck)
1541
1542 msg = recv_eapol(hapd)
1543 if anonce != msg['rsn_key_nonce']:
1544 raise Exception("ANonce changed")
1545 logger.info("Replay same data back")
1546 send_eapol(hapd, addr, build_eapol(msg))
1547
1548 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
1549 hapd_connected(hapd)
64d04af5 1550
9fd6804d 1551@remote_compatible
64d04af5
JM		 1552def test_ap_wpa2_psk_ext_eapol_key_info(dev, apdev):
1553 """WPA2-PSK 4-way handshake with strange key info values"""
fab49f61 1554 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
64d04af5
JM		 1555
1556 msg = recv_eapol(hapd)
1557 anonce = msg['rsn_key_nonce']
1558
1559 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1560 rsn_eapol_key_set(msg, 0x0000, 0, snonce, rsne)
1561 send_eapol(hapd, addr, build_eapol(msg))
1562 rsn_eapol_key_set(msg, 0xffff, 0, snonce, rsne)
1563 send_eapol(hapd, addr, build_eapol(msg))
1564 # SMK M1
1565 rsn_eapol_key_set(msg, 0x2802, 0, snonce, rsne)
1566 send_eapol(hapd, addr, build_eapol(msg))
1567 # SMK M3
1568 rsn_eapol_key_set(msg, 0x2002, 0, snonce, rsne)
1569 send_eapol(hapd, addr, build_eapol(msg))
1570 # Request
1571 rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne)
1572 send_eapol(hapd, addr, build_eapol(msg))
1573 # Request
1574 rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne)
1575 tmp_kck = binascii.unhexlify('00000000000000000000000000000000')
1576 eapol_key_mic(tmp_kck, msg)
1577 send_eapol(hapd, addr, build_eapol(msg))
1578
1579 reply_eapol("2/4", hapd, addr, msg, 0x010a, snonce, rsne, kck)
1580
1581 msg = recv_eapol(hapd)
1582 if anonce != msg['rsn_key_nonce']:
1583 raise Exception("ANonce changed")
1584
1585 # Request (valic MIC)
1586 rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne)
1587 eapol_key_mic(kck, msg)
1588 send_eapol(hapd, addr, build_eapol(msg))
1589 # Request (valid MIC, replayed counter)
1590 rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne)
1591 eapol_key_mic(kck, msg)
1592 send_eapol(hapd, addr, build_eapol(msg))
1593
1594 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
1595 hapd_connected(hapd)
5b3c40a6 1596
15dfcb69 1597def build_eapol_key_1_4(anonce, replay_counter=1, key_data=b'', key_len=16):
e0c46c8e
JM		 1598 msg = {}
1599 msg['version'] = 2
1600 msg['type'] = 3
1601 msg['length'] = 95 + len(key_data)
1602
1603 msg['descr_type'] = 2
1604 msg['rsn_key_info'] = 0x8a
1605 msg['rsn_key_len'] = key_len
1606 msg['rsn_replay_counter'] = struct.pack('>Q', replay_counter)
1607 msg['rsn_key_nonce'] = anonce
1608 msg['rsn_key_iv'] = binascii.unhexlify('00000000000000000000000000000000')
1609 msg['rsn_key_rsc'] = binascii.unhexlify('0000000000000000')
1610 msg['rsn_key_id'] = binascii.unhexlify('0000000000000000')
1611 msg['rsn_key_mic'] = binascii.unhexlify('00000000000000000000000000000000')
1612 msg['rsn_key_data_len'] = len(key_data)
1613 msg['rsn_key_data'] = key_data
1614 return msg
1615
1616def build_eapol_key_3_4(anonce, kck, key_data, replay_counter=2,
1617 key_info=0x13ca, extra_len=0, descr_type=2, key_len=16):
1618 msg = {}
1619 msg['version'] = 2
1620 msg['type'] = 3
1621 msg['length'] = 95 + len(key_data) + extra_len
1622
1623 msg['descr_type'] = descr_type
1624 msg['rsn_key_info'] = key_info
1625 msg['rsn_key_len'] = key_len
1626 msg['rsn_replay_counter'] = struct.pack('>Q', replay_counter)
1627 msg['rsn_key_nonce'] = anonce
1628 msg['rsn_key_iv'] = binascii.unhexlify('00000000000000000000000000000000')
1629 msg['rsn_key_rsc'] = binascii.unhexlify('0000000000000000')
1630 msg['rsn_key_id'] = binascii.unhexlify('0000000000000000')
1631 msg['rsn_key_data_len'] = len(key_data)
1632 msg['rsn_key_data'] = key_data
1633 eapol_key_mic(kck, msg)
1634 return msg
1635
1636def aes_wrap(kek, plain):
236bbda8 1637 n = len(plain) // 8
e0c46c8e
JM		 1638 a = 0xa6a6a6a6a6a6a6a6
1639 enc = AES.new(kek).encrypt
1640 r = [plain[i * 8:(i + 1) * 8] for i in range(0, n)]
1641 for j in range(6):
1642 for i in range(1, n + 1):
1643 b = enc(struct.pack('>Q', a) + r[i - 1])
1644 a = struct.unpack('>Q', b[:8])[0] ^ (n * j + i)
fab49f61 1645 r[i - 1] = b[8:]
15dfcb69 1646 return struct.pack('>Q', a) + b''.join(r)
e0c46c8e
JM		 1647
1648def pad_key_data(plain):
1649 pad_len = len(plain) % 8
1650 if pad_len:
1651 pad_len = 8 - pad_len
15dfcb69 1652 plain += b'\xdd'
e0c46c8e 1653 pad_len -= 1
15dfcb69 1654 plain += pad_len * b'\x00'
e0c46c8e
JM		 1655 return plain
1656
1657def test_ap_wpa2_psk_supp_proto(dev, apdev):
1658 """WPA2-PSK 4-way handshake protocol testing for supplicant"""
fab49f61 1659 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
e0c46c8e
JM		 1660
1661 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1662 msg = recv_eapol(hapd)
1663 dev[0].dump_monitor()
1664
1665 # Build own EAPOL-Key msg 1/4
1666 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1667 counter = 1
1668 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1669 counter += 1
069daec4 1670 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1671 msg = recv_eapol(dev[0])
1672 snonce = msg['rsn_key_nonce']
1673
1674 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1675
1676 logger.debug("Invalid AES wrap data length 0")
1677 dev[0].dump_monitor()
15dfcb69 1678 msg = build_eapol_key_3_4(anonce, kck, b'', replay_counter=counter)
e0c46c8e 1679 counter += 1
069daec4 1680 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1681 ev = dev[0].wait_event(["WPA: Unsupported AES-WRAP len 0"])
1682 if ev is None:
1683 raise Exception("Unsupported AES-WRAP len 0 not reported")
1684
1685 logger.debug("Invalid AES wrap data length 1")
1686 dev[0].dump_monitor()
15dfcb69 1687 msg = build_eapol_key_3_4(anonce, kck, b'1', replay_counter=counter)
e0c46c8e 1688 counter += 1
069daec4 1689 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1690 ev = dev[0].wait_event(["WPA: Unsupported AES-WRAP len 1"])
1691 if ev is None:
1692 raise Exception("Unsupported AES-WRAP len 1 not reported")
1693
1694 logger.debug("Invalid AES wrap data length 9")
1695 dev[0].dump_monitor()
15dfcb69 1696 msg = build_eapol_key_3_4(anonce, kck, b'123456789', replay_counter=counter)
e0c46c8e 1697 counter += 1
069daec4 1698 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1699 ev = dev[0].wait_event(["WPA: Unsupported AES-WRAP len 9"])
1700 if ev is None:
1701 raise Exception("Unsupported AES-WRAP len 9 not reported")
1702
1703 logger.debug("Invalid AES wrap data payload")
1704 dev[0].dump_monitor()
15dfcb69 1705 msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter)
e0c46c8e 1706 # do not increment counter to test replay protection
069daec4 1707 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1708 ev = dev[0].wait_event(["WPA: AES unwrap failed"])
1709 if ev is None:
1710 raise Exception("AES unwrap failure not reported")
1711
1712 logger.debug("Replay Count not increasing")
1713 dev[0].dump_monitor()
15dfcb69 1714 msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter)
e0c46c8e 1715 counter += 1
069daec4 1716 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1717 ev = dev[0].wait_event(["WPA: EAPOL-Key Replay Counter did not increase"])
1718 if ev is None:
1719 raise Exception("Replay Counter replay not reported")
1720
1721 logger.debug("Missing Ack bit in key info")
1722 dev[0].dump_monitor()
15dfcb69 1723 msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter,
e0c46c8e
JM		 1724 key_info=0x134a)
1725 counter += 1
069daec4 1726 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1727 ev = dev[0].wait_event(["WPA: No Ack bit in key_info"])
1728 if ev is None:
1729 raise Exception("Missing Ack bit not reported")
1730
1731 logger.debug("Unexpected Request bit in key info")
1732 dev[0].dump_monitor()
15dfcb69 1733 msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter,
e0c46c8e
JM		 1734 key_info=0x1bca)
1735 counter += 1
069daec4 1736 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1737 ev = dev[0].wait_event(["WPA: EAPOL-Key with Request bit"])
1738 if ev is None:
1739 raise Exception("Request bit not reported")
1740
1741 logger.debug("Unsupported key descriptor version 0")
1742 dev[0].dump_monitor()
15dfcb69 1743 msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef',
e0c46c8e
JM		 1744 replay_counter=counter, key_info=0x13c8)
1745 counter += 1
069daec4 1746 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1747 ev = dev[0].wait_event(["WPA: Unsupported EAPOL-Key descriptor version 0"])
1748 if ev is None:
1749 raise Exception("Unsupported EAPOL-Key descriptor version 0 not reported")
1750
1751 logger.debug("Key descriptor version 1 not allowed with CCMP")
1752 dev[0].dump_monitor()
15dfcb69 1753 msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef',
e0c46c8e
JM		 1754 replay_counter=counter, key_info=0x13c9)
1755 counter += 1
069daec4 1756 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1757 ev = dev[0].wait_event(["WPA: CCMP is used, but EAPOL-Key descriptor version (1) is not 2"])
1758 if ev is None:
1759 raise Exception("Not allowed EAPOL-Key descriptor version not reported")
1760
1761 logger.debug("Invalid AES wrap payload with key descriptor version 2")
1762 dev[0].dump_monitor()
15dfcb69 1763 msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef',
e0c46c8e
JM		 1764 replay_counter=counter, key_info=0x13ca)
1765 counter += 1
069daec4 1766 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1767 ev = dev[0].wait_event(["WPA: AES unwrap failed"])
1768 if ev is None:
1769 raise Exception("AES unwrap failure not reported")
1770
1771 logger.debug("Key descriptor version 3 workaround")
1772 dev[0].dump_monitor()
15dfcb69 1773 msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef',
e0c46c8e
JM		 1774 replay_counter=counter, key_info=0x13cb)
1775 counter += 1
069daec4 1776 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1777 ev = dev[0].wait_event(["WPA: CCMP is used, but EAPOL-Key descriptor version (3) is not 2"])
1778 if ev is None:
1779 raise Exception("CCMP key descriptor mismatch not reported")
1780 ev = dev[0].wait_event(["WPA: Interoperability workaround"])
1781 if ev is None:
1782 raise Exception("AES-128-CMAC workaround not reported")
1783 ev = dev[0].wait_event(["WPA: Invalid EAPOL-Key MIC - dropping packet"])
1784 if ev is None:
1785 raise Exception("MIC failure with AES-128-CMAC workaround not reported")
1786
1787 logger.debug("Unsupported key descriptor version 4")
1788 dev[0].dump_monitor()
15dfcb69 1789 msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef',
e0c46c8e
JM		 1790 replay_counter=counter, key_info=0x13cc)
1791 counter += 1
069daec4 1792 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1793 ev = dev[0].wait_event(["WPA: Unsupported EAPOL-Key descriptor version 4"])
1794 if ev is None:
1795 raise Exception("Unsupported EAPOL-Key descriptor version 4 not reported")
1796
1797 logger.debug("Unsupported key descriptor version 7")
1798 dev[0].dump_monitor()
15dfcb69 1799 msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef',
e0c46c8e
JM		 1800 replay_counter=counter, key_info=0x13cf)
1801 counter += 1
069daec4 1802 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1803 ev = dev[0].wait_event(["WPA: Unsupported EAPOL-Key descriptor version 7"])
1804 if ev is None:
1805 raise Exception("Unsupported EAPOL-Key descriptor version 7 not reported")
1806
1807 logger.debug("Too short EAPOL header length")
1808 dev[0].dump_monitor()
15dfcb69 1809 msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter,
e0c46c8e
JM		 1810 extra_len=-1)
1811 counter += 1
069daec4 1812 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1813 ev = dev[0].wait_event(["WPA: Invalid EAPOL-Key frame - key_data overflow (8 > 7)"])
1814 if ev is None:
1815 raise Exception("Key data overflow not reported")
1816
1817 logger.debug("Too long EAPOL header length")
15dfcb69 1818 msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter,
e0c46c8e
JM		 1819 extra_len=1)
1820 counter += 1
069daec4 1821 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1822
1823 logger.debug("Unsupported descriptor type 0")
15dfcb69 1824 msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter,
e0c46c8e
JM		 1825 descr_type=0)
1826 counter += 1
069daec4 1827 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1828
1829 logger.debug("WPA descriptor type 0")
15dfcb69 1830 msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter,
e0c46c8e
JM		 1831 descr_type=254)
1832 counter += 1
069daec4 1833 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1834
1835 logger.debug("Non-zero key index for pairwise key")
1836 dev[0].dump_monitor()
15dfcb69 1837 wrapped = aes_wrap(kek, 16*b'z')
e0c46c8e
JM		 1838 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
1839 key_info=0x13ea)
1840 counter += 1
069daec4 1841 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1842 ev = dev[0].wait_event(["WPA: Ignored EAPOL-Key (Pairwise) with non-zero key index"])
1843 if ev is None:
1844 raise Exception("Non-zero key index not reported")
1845
1846 logger.debug("Invalid Key Data plaintext payload --> disconnect")
1847 dev[0].dump_monitor()
15dfcb69 1848 wrapped = aes_wrap(kek, 16*b'z')
e0c46c8e
JM		 1849 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1850 counter += 1
069daec4 1851 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1852 dev[0].wait_disconnected(timeout=1)
1853
1854def test_ap_wpa2_psk_supp_proto_no_ie(dev, apdev):
1855 """WPA2-PSK supplicant protocol testing: IE not included"""
fab49f61 1856 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
e0c46c8e
JM		 1857
1858 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1859 msg = recv_eapol(hapd)
1860 dev[0].dump_monitor()
1861
1862 # Build own EAPOL-Key msg 1/4
1863 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1864 counter = 1
1865 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1866 counter += 1
069daec4 1867 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1868 msg = recv_eapol(dev[0])
1869 snonce = msg['rsn_key_nonce']
1870
1871 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1872
1873 logger.debug("No IEs in msg 3/4 --> disconnect")
1874 dev[0].dump_monitor()
15dfcb69 1875 wrapped = aes_wrap(kek, 16*b'\x00')
e0c46c8e
JM		 1876 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1877 counter += 1
069daec4 1878 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1879 dev[0].wait_disconnected(timeout=1)
1880
1881def test_ap_wpa2_psk_supp_proto_ie_mismatch(dev, apdev):
1882 """WPA2-PSK supplicant protocol testing: IE mismatch"""
fab49f61 1883 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
e0c46c8e
JM		 1884
1885 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1886 msg = recv_eapol(hapd)
1887 dev[0].dump_monitor()
1888
1889 # Build own EAPOL-Key msg 1/4
1890 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1891 counter = 1
1892 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1893 counter += 1
069daec4 1894 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1895 msg = recv_eapol(dev[0])
1896 snonce = msg['rsn_key_nonce']
1897
1898 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1899
1900 logger.debug("Msg 3/4 with mismatching IE")
1901 dev[0].dump_monitor()
1902 wrapped = aes_wrap(kek, pad_key_data(binascii.unhexlify('30060100000fac04dd16000fac010100dc11188831bf4aa4a8678d2b41498618')))
1903 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1904 counter += 1
069daec4 1905 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1906 dev[0].wait_disconnected(timeout=1)
1907
1908def test_ap_wpa2_psk_supp_proto_ok(dev, apdev):
1909 """WPA2-PSK supplicant protocol testing: success"""
fab49f61 1910 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
e0c46c8e
JM		 1911
1912 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1913 msg = recv_eapol(hapd)
1914 dev[0].dump_monitor()
1915
1916 # Build own EAPOL-Key msg 1/4
1917 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1918 counter = 1
1919 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1920 counter += 1
069daec4 1921 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1922 msg = recv_eapol(dev[0])
1923 snonce = msg['rsn_key_nonce']
1924
1925 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1926
1927 logger.debug("Valid EAPOL-Key msg 3/4")
1928 dev[0].dump_monitor()
1929 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
1930 wrapped = aes_wrap(kek, pad_key_data(plain))
1931 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1932 counter += 1
069daec4 1933 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1934 dev[0].wait_connected(timeout=1)
1935
1936def test_ap_wpa2_psk_supp_proto_no_gtk(dev, apdev):
1937 """WPA2-PSK supplicant protocol testing: no GTK"""
fab49f61 1938 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
e0c46c8e
JM		 1939
1940 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1941 msg = recv_eapol(hapd)
1942 dev[0].dump_monitor()
1943
1944 # Build own EAPOL-Key msg 1/4
1945 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1946 counter = 1
1947 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1948 counter += 1
069daec4 1949 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1950 msg = recv_eapol(dev[0])
1951 snonce = msg['rsn_key_nonce']
1952
1953 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1954
1955 logger.debug("EAPOL-Key msg 3/4 without GTK KDE")
1956 dev[0].dump_monitor()
1957 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00')
1958 wrapped = aes_wrap(kek, pad_key_data(plain))
1959 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1960 counter += 1
069daec4 1961 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1962 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.1)
1963 if ev is not None:
1964 raise Exception("Unexpected connection completion reported")
1965
1966def test_ap_wpa2_psk_supp_proto_anonce_change(dev, apdev):
1967 """WPA2-PSK supplicant protocol testing: ANonce change"""
fab49f61 1968 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
e0c46c8e
JM		 1969
1970 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1971 msg = recv_eapol(hapd)
1972 dev[0].dump_monitor()
1973
1974 # Build own EAPOL-Key msg 1/4
1975 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1976 counter = 1
1977 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1978 counter += 1
069daec4 1979 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1980 msg = recv_eapol(dev[0])
1981 snonce = msg['rsn_key_nonce']
1982
1983 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1984
1985 logger.debug("Valid EAPOL-Key msg 3/4")
1986 dev[0].dump_monitor()
1987 anonce2 = binascii.unhexlify('3333333333333333333333333333333333333333333333333333333333333333')
1988 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
1989 wrapped = aes_wrap(kek, pad_key_data(plain))
1990 msg = build_eapol_key_3_4(anonce2, kck, wrapped, replay_counter=counter)
1991 counter += 1
069daec4 1992 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1993 ev = dev[0].wait_event(["WPA: ANonce from message 1 of 4-Way Handshake differs from 3 of 4-Way Handshake"])
1994 if ev is None:
1995 raise Exception("ANonce change not reported")
1996
1997def test_ap_wpa2_psk_supp_proto_unexpected_group_msg(dev, apdev):
1998 """WPA2-PSK supplicant protocol testing: unexpected group message"""
fab49f61 1999 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
e0c46c8e
JM		 2000
2001 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2002 msg = recv_eapol(hapd)
2003 dev[0].dump_monitor()
2004
2005 # Build own EAPOL-Key msg 1/4
2006 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2007 counter = 1
2008 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
2009 counter += 1
069daec4 2010 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 2011 msg = recv_eapol(dev[0])
2012 snonce = msg['rsn_key_nonce']
2013
2014 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
2015
2016 logger.debug("Group key 1/2 instead of msg 3/4")
2017 dev[0].dump_monitor()
2018 wrapped = aes_wrap(kek, binascii.unhexlify('dd16000fac010100dc11188831bf4aa4a8678d2b41498618'))
2019 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
2020 key_info=0x13c2)
2021 counter += 1
069daec4 2022 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 2023 ev = dev[0].wait_event(["WPA: Group Key Handshake started prior to completion of 4-way handshake"])
2024 if ev is None:
2025 raise Exception("Unexpected group key message not reported")
2026 dev[0].wait_disconnected(timeout=1)
2027
9fd6804d 2028@remote_compatible
e0c46c8e
JM		 2029def test_ap_wpa2_psk_supp_proto_msg_1_invalid_kde(dev, apdev):
2030 """WPA2-PSK supplicant protocol testing: invalid KDE in msg 1/4"""
fab49f61 2031 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
e0c46c8e
JM		 2032
2033 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2034 msg = recv_eapol(hapd)
2035 dev[0].dump_monitor()
2036
2037 # Build own EAPOL-Key msg 1/4 with invalid KDE
2038 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2039 counter = 1
2040 msg = build_eapol_key_1_4(anonce, replay_counter=counter,
2041 key_data=binascii.unhexlify('5555'))
2042 counter += 1
069daec4 2043 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 2044 dev[0].wait_disconnected(timeout=1)
2045
2046def test_ap_wpa2_psk_supp_proto_wrong_pairwise_key_len(dev, apdev):
2047 """WPA2-PSK supplicant protocol testing: wrong pairwise key length"""
fab49f61 2048 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
e0c46c8e
JM		 2049
2050 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2051 msg = recv_eapol(hapd)
2052 dev[0].dump_monitor()
2053
2054 # Build own EAPOL-Key msg 1/4
2055 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2056 counter = 1
2057 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
2058 counter += 1
069daec4 2059 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 2060 msg = recv_eapol(dev[0])
2061 snonce = msg['rsn_key_nonce']
2062
2063 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
2064
2065 logger.debug("Valid EAPOL-Key msg 3/4")
2066 dev[0].dump_monitor()
2067 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
2068 wrapped = aes_wrap(kek, pad_key_data(plain))
2069 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
2070 key_len=15)
2071 counter += 1
069daec4 2072 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 2073 ev = dev[0].wait_event(["WPA: Invalid CCMP key length 15"])
2074 if ev is None:
2075 raise Exception("Invalid CCMP key length not reported")
2076 dev[0].wait_disconnected(timeout=1)
2077
2078def test_ap_wpa2_psk_supp_proto_wrong_group_key_len(dev, apdev):
2079 """WPA2-PSK supplicant protocol testing: wrong group key length"""
fab49f61 2080 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
e0c46c8e
JM		 2081
2082 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2083 msg = recv_eapol(hapd)
2084 dev[0].dump_monitor()
2085
2086 # Build own EAPOL-Key msg 1/4
2087 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2088 counter = 1
2089 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
2090 counter += 1
069daec4 2091 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 2092 msg = recv_eapol(dev[0])
2093 snonce = msg['rsn_key_nonce']
2094
2095 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
2096
2097 logger.debug("Valid EAPOL-Key msg 3/4")
2098 dev[0].dump_monitor()
2099 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd15000fac010100dc11188831bf4aa4a8678d2b414986')
2100 wrapped = aes_wrap(kek, pad_key_data(plain))
2101 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
2102 counter += 1
069daec4 2103 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 2104 ev = dev[0].wait_event(["WPA: Unsupported CCMP Group Cipher key length 15"])
2105 if ev is None:
2106 raise Exception("Invalid CCMP key length not reported")
2107 dev[0].wait_disconnected(timeout=1)
2108
2109def test_ap_wpa2_psk_supp_proto_gtk_tx_bit_workaround(dev, apdev):
2110 """WPA2-PSK supplicant protocol testing: GTK TX bit workaround"""
fab49f61 2111 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
e0c46c8e
JM		 2112
2113 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2114 msg = recv_eapol(hapd)
2115 dev[0].dump_monitor()
2116
2117 # Build own EAPOL-Key msg 1/4
2118 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2119 counter = 1
2120 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
2121 counter += 1
069daec4 2122 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 2123 msg = recv_eapol(dev[0])
2124 snonce = msg['rsn_key_nonce']
2125
2126 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
2127
2128 logger.debug("Valid EAPOL-Key msg 3/4")
2129 dev[0].dump_monitor()
2130 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010500dc11188831bf4aa4a8678d2b41498618')
2131 wrapped = aes_wrap(kek, pad_key_data(plain))
2132 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
2133 counter += 1
069daec4 2134 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 2135 ev = dev[0].wait_event(["WPA: Tx bit set for GTK, but pairwise keys are used - ignore Tx bit"])
2136 if ev is None:
2137 raise Exception("GTK Tx bit workaround not reported")
2138 dev[0].wait_connected(timeout=1)
2139
2140def test_ap_wpa2_psk_supp_proto_gtk_keyidx_0_and_3(dev, apdev):
2141 """WPA2-PSK supplicant protocol testing: GTK key index 0 and 3"""
fab49f61 2142 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
e0c46c8e
JM		 2143
2144 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2145 msg = recv_eapol(hapd)
2146 dev[0].dump_monitor()
2147
2148 # Build own EAPOL-Key msg 1/4
2149 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2150 counter = 1
2151 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
2152 counter += 1
069daec4 2153 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 2154 msg = recv_eapol(dev[0])
2155 snonce = msg['rsn_key_nonce']
2156
2157 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
2158
2159 logger.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)")
2160 dev[0].dump_monitor()
2161 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618')
2162 wrapped = aes_wrap(kek, pad_key_data(plain))
2163 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
2164 counter += 1
069daec4 2165 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 2166 dev[0].wait_connected(timeout=1)
2167
2168 logger.debug("Valid EAPOL-Key group msg 1/2 (GTK keyidx 3)")
2169 dev[0].dump_monitor()
2170 plain = binascii.unhexlify('dd16000fac010300dc11188831bf4aa4a8678d2b41498618')
2171 wrapped = aes_wrap(kek, pad_key_data(plain))
2172 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
2173 key_info=0x13c2)
2174 counter += 1
069daec4 2175 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 2176 msg = recv_eapol(dev[0])
2177 ev = dev[0].wait_event(["WPA: Group rekeying completed"])
2178 if ev is None:
2179 raise Exception("GTK rekeing not reported")
2180
2181 logger.debug("Unencrypted GTK KDE in group msg 1/2")
2182 dev[0].dump_monitor()
2183 plain = binascii.unhexlify('dd16000fac010300dc11188831bf4aa4a8678d2b41498618')
2184 msg = build_eapol_key_3_4(anonce, kck, plain, replay_counter=counter,
2185 key_info=0x03c2)
2186 counter += 1
069daec4 2187 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 2188 ev = dev[0].wait_event(["WPA: GTK IE in unencrypted key data"])
2189 if ev is None:
2190 raise Exception("Unencrypted GTK KDE not reported")
2191 dev[0].wait_disconnected(timeout=1)
2192
2193def test_ap_wpa2_psk_supp_proto_no_gtk_in_group_msg(dev, apdev):
2194 """WPA2-PSK supplicant protocol testing: GTK KDE missing from group msg"""
fab49f61 2195 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
e0c46c8e
JM		 2196
2197 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2198 msg = recv_eapol(hapd)
2199 dev[0].dump_monitor()
2200
2201 # Build own EAPOL-Key msg 1/4
2202 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2203 counter = 1
2204 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
2205 counter += 1
069daec4 2206 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 2207 msg = recv_eapol(dev[0])
2208 snonce = msg['rsn_key_nonce']
2209
2210 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
2211
2212 logger.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)")
2213 dev[0].dump_monitor()
2214 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618')
2215 wrapped = aes_wrap(kek, pad_key_data(plain))
2216 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
2217 counter += 1
069daec4 2218 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 2219 dev[0].wait_connected(timeout=1)
2220
2221 logger.debug("No GTK KDE in EAPOL-Key group msg 1/2")
2222 dev[0].dump_monitor()
2223 plain = binascii.unhexlify('dd00dd00dd00dd00dd00dd00dd00dd00')
2224 wrapped = aes_wrap(kek, pad_key_data(plain))
2225 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
2226 key_info=0x13c2)
2227 counter += 1
069daec4 2228 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 2229 ev = dev[0].wait_event(["WPA: No GTK IE in Group Key msg 1/2"])
2230 if ev is None:
2231 raise Exception("Missing GTK KDE not reported")
2232 dev[0].wait_disconnected(timeout=1)
2233
2234def test_ap_wpa2_psk_supp_proto_too_long_gtk_in_group_msg(dev, apdev):
2235 """WPA2-PSK supplicant protocol testing: too long GTK KDE in group msg"""
fab49f61 2236 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
e0c46c8e
JM		 2237
2238 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2239 msg = recv_eapol(hapd)
2240 dev[0].dump_monitor()
2241
2242 # Build own EAPOL-Key msg 1/4
2243 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2244 counter = 1
2245 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
2246 counter += 1
069daec4 2247 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 2248 msg = recv_eapol(dev[0])
2249 snonce = msg['rsn_key_nonce']
2250
2251 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
2252
2253 logger.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)")
2254 dev[0].dump_monitor()
2255 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618')
2256 wrapped = aes_wrap(kek, pad_key_data(plain))
2257 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
2258 counter += 1
069daec4 2259 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 2260 dev[0].wait_connected(timeout=1)
2261
2262 logger.debug("EAPOL-Key group msg 1/2 with too long GTK KDE")
2263 dev[0].dump_monitor()
2264 plain = binascii.unhexlify('dd27000fac010100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff')
2265 wrapped = aes_wrap(kek, pad_key_data(plain))
2266 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
2267 key_info=0x13c2)
2268 counter += 1
069daec4 2269 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 2270 ev = dev[0].wait_event(["WPA: Unsupported CCMP Group Cipher key length 33"])
2271 if ev is None:
2272 raise Exception("Too long GTK KDE not reported")
2273 dev[0].wait_disconnected(timeout=1)
2274
2275def test_ap_wpa2_psk_supp_proto_too_long_gtk_kde(dev, apdev):
2276 """WPA2-PSK supplicant protocol testing: too long GTK KDE"""
fab49f61 2277 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
e0c46c8e
JM		 2278
2279 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2280 msg = recv_eapol(hapd)
2281 dev[0].dump_monitor()
2282
2283 # Build own EAPOL-Key msg 1/4
2284 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2285 counter = 1
2286 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
2287 counter += 1
069daec4 2288 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 2289 msg = recv_eapol(dev[0])
2290 snonce = msg['rsn_key_nonce']
2291
2292 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
2293
2294 logger.debug("EAPOL-Key msg 3/4 with too short GTK KDE")
2295 dev[0].dump_monitor()
2296 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd27000fac010100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff')
2297 wrapped = aes_wrap(kek, pad_key_data(plain))
2298 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
2299 counter += 1
069daec4 2300 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 2301 dev[0].wait_disconnected(timeout=1)
2302
2303def test_ap_wpa2_psk_supp_proto_gtk_not_encrypted(dev, apdev):
2304 """WPA2-PSK supplicant protocol testing: GTK KDE not encrypted"""
fab49f61 2305 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
e0c46c8e
JM		 2306
2307 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2308 msg = recv_eapol(hapd)
2309 dev[0].dump_monitor()
2310
2311 # Build own EAPOL-Key msg 1/4
2312 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2313 counter = 1
2314 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
2315 counter += 1
069daec4 2316 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 2317 msg = recv_eapol(dev[0])
2318 snonce = msg['rsn_key_nonce']
2319
2320 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
2321
2322 logger.debug("Valid EAPOL-Key msg 3/4")
2323 dev[0].dump_monitor()
2324 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
2325 msg = build_eapol_key_3_4(anonce, kck, plain, replay_counter=counter,
2326 key_info=0x03ca)
2327 counter += 1
069daec4 2328 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 2329 ev = dev[0].wait_event(["WPA: GTK IE in unencrypted key data"])
2330 if ev is None:
2331 raise Exception("Unencrypted GTK KDE not reported")
2332 dev[0].wait_disconnected(timeout=1)
2333
8030e2b5
JM		 2334def run_psk_supp_proto_pmf2(dev, apdev, igtk_kde=None, fail=False):
2335 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0],
2336 ieee80211w=2)
2337
2338 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2339 msg = recv_eapol(hapd)
2340 dev[0].dump_monitor()
2341
2342 # Build own EAPOL-Key msg 1/4
2343 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2344 counter = 1
2345 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
2346 counter += 1
2347 send_eapol(dev[0], bssid, build_eapol(msg))
2348 msg = recv_eapol(dev[0])
2349 snonce = msg['rsn_key_nonce']
2350
2351 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
2352
2353 logger.debug("EAPOL-Key msg 3/4")
2354 dev[0].dump_monitor()
2355 gtk_kde = binascii.unhexlify('dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
2356 plain = rsne + gtk_kde
2357 if igtk_kde:
2358 plain += igtk_kde
2359 wrapped = aes_wrap(kek, pad_key_data(plain))
2360 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
2361 counter += 1
2362 send_eapol(dev[0], bssid, build_eapol(msg))
2363 if fail:
2364 dev[0].wait_disconnected(timeout=1)
2365 return
2366
2367 dev[0].wait_connected(timeout=1)
2368
2369 # Verify that an unprotected broadcast Deauthentication frame is ignored
2370 bssid = binascii.unhexlify(hapd.own_addr().replace(':', ''))
2371 sock = start_monitor(apdev[1]["ifname"])
2372 radiotap = radiotap_build()
2373 frame = binascii.unhexlify("c0003a01")
2374 frame += 6*b'\xff' + bssid + bssid
2375 frame += binascii.unhexlify("1000" + "0300")
2376 sock.send(radiotap + frame)
2377 # And same with incorrect BIP protection
2378 for keyid in ["0400", "0500", "0600", "0004", "0005", "0006", "ffff"]:
2379 frame2 = frame + binascii.unhexlify("4c10" + keyid + "010000000000c0e5ca5f2b3b4de9")
2380 sock.send(radiotap + frame2)
2381 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=0.5)
2382 if ev is not None:
2383 raise Exception("Unexpected disconnection")
2384
2385def run_psk_supp_proto_pmf(dev, apdev, igtk_kde=None, fail=False):
2386 try:
2387 run_psk_supp_proto_pmf2(dev, apdev, igtk_kde=igtk_kde, fail=fail)
2388 finally:
2389 stop_monitor(apdev[1]["ifname"])
2390
2391def test_ap_wpa2_psk_supp_proto_no_igtk(dev, apdev):
2392 """WPA2-PSK supplicant protocol testing: no IGTK KDE"""
2393 run_psk_supp_proto_pmf(dev, apdev, igtk_kde=None)
2394
2395def test_ap_wpa2_psk_supp_proto_igtk_ok(dev, apdev):
2396 """WPA2-PSK supplicant protocol testing: valid IGTK KDE"""
2397 igtk_kde = binascii.unhexlify('dd1c' + '000fac09' + '0400' + 6*'00' + 16*'77')
2398 run_psk_supp_proto_pmf(dev, apdev, igtk_kde=igtk_kde)
2399
2400def test_ap_wpa2_psk_supp_proto_igtk_keyid_swap(dev, apdev):
2401 """WPA2-PSK supplicant protocol testing: swapped IGTK KeyID"""
2402 igtk_kde = binascii.unhexlify('dd1c' + '000fac09' + '0004' + 6*'00' + 16*'77')
2403 run_psk_supp_proto_pmf(dev, apdev, igtk_kde=igtk_kde)
2404
2405def test_ap_wpa2_psk_supp_proto_igtk_keyid_too_large(dev, apdev):
2406 """WPA2-PSK supplicant protocol testing: too large IGTK KeyID"""
2407 igtk_kde = binascii.unhexlify('dd1c' + '000fac09' + 'ffff' + 6*'00' + 16*'77')
2408 run_psk_supp_proto_pmf(dev, apdev, igtk_kde=igtk_kde, fail=True)
2409
2410def test_ap_wpa2_psk_supp_proto_igtk_keyid_unexpected(dev, apdev):
2411 """WPA2-PSK supplicant protocol testing: unexpected IGTK KeyID"""
2412 igtk_kde = binascii.unhexlify('dd1c' + '000fac09' + '0006' + 6*'00' + 16*'77')
2413 run_psk_supp_proto_pmf(dev, apdev, igtk_kde=igtk_kde, fail=True)
2414
5b3c40a6
JM		 2415def find_wpas_process(dev):
2416 ifname = dev.ifname
525f8293 2417 err, data = dev.cmd_execute(['ps', 'ax'])
5b3c40a6
JM		 2418 for l in data.splitlines():
2419 if "wpa_supplicant" not in l:
2420 continue
2421 if "-i" + ifname not in l:
2422 continue
2423 return int(l.strip().split(' ')[0])
2424 raise Exception("Could not find wpa_supplicant process")
2425
2426def read_process_memory(pid, key=None):
2427 buf = bytes()
f089cdf9 2428 logger.info("Reading process memory (pid=%d)" % pid)
5b3c40a6 2429 with open('/proc/%d/maps' % pid, 'r') as maps, \
b3361e5d 2430 open('/proc/%d/mem' % pid, 'rb') as mem:
5b3c40a6
JM		 2431 for l in maps.readlines():
2432 m = re.match(r'([0-9a-f]+)-([0-9a-f]+) ([-r][-w][-x][-p])', l)
2433 if not m:
2434 continue
2435 start = int(m.group(1), 16)
2436 end = int(m.group(2), 16)
2437 perm = m.group(3)
2438 if start > 0xffffffffffff:
2439 continue
2440 if end < start:
2441 continue
2442 if not perm.startswith('rw'):
2443 continue
fab49f61 2444 for name in ["[heap]", "[stack]"]:
f089cdf9
JM		 2445 if name in l:
2446 logger.info("%s 0x%x-0x%x is at %d-%d" % (name, start, end, len(buf), len(buf) + (end - start)))
5b3c40a6
JM		 2447 mem.seek(start)
2448 data = mem.read(end - start)
2449 buf += data
2450 if key and key in data:
2451 logger.info("Key found in " + l)
f089cdf9 2452 logger.info("Total process memory read: %d bytes" % len(buf))
5b3c40a6
JM		 2453 return buf
2454
2455def verify_not_present(buf, key, fname, keyname):
2456 pos = buf.find(key)
2457 if pos < 0:
2458 return
2459
2460 prefix = 2048 if pos > 2048 else pos
b3361e5d 2461 with open(fname + keyname, 'wb') as f:
5b3c40a6
JM		 2462 f.write(buf[pos - prefix:pos + 2048])
2463 raise Exception(keyname + " found after disassociation")
2464
2465def get_key_locations(buf, key, keyname):
2466 count = 0
2467 pos = 0
2468 while True:
2469 pos = buf.find(key, pos)
2470 if pos < 0:
2471 break
2472 logger.info("Found %s at %d" % (keyname, pos))
bc6e3288 2473 context = 128
f089cdf9
JM		 2474 start = pos - context if pos > context else 0
2475 before = binascii.hexlify(buf[start:pos])
2476 context += len(key)
2477 end = pos + context if pos < len(buf) - context else len(buf) - context
2478 after = binascii.hexlify(buf[pos + len(key):end])
2479 logger.debug("Memory context %d-%d: %s|%s|%s" % (start, end, before, binascii.hexlify(key), after))
5b3c40a6
JM		 2480 count += 1
2481 pos += len(key)
2482 return count
2483
2484def test_wpa2_psk_key_lifetime_in_memory(dev, apdev, params):
2485 """WPA2-PSK and PSK/PTK lifetime in memory"""
2486 ssid = "test-wpa2-psk"
2487 passphrase = 'qwertyuiop'
2488 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
2489 pmk = binascii.unhexlify(psk)
2490 p = hostapd.wpa2_params(ssid=ssid)
2491 p['wpa_psk'] = psk
8b8a1864 2492 hapd = hostapd.add_ap(apdev[0], p)
5b3c40a6
JM		 2493
2494 pid = find_wpas_process(dev[0])
2495
2496 id = dev[0].connect(ssid, raw_psk=psk, scan_freq="2412",
2497 only_add_network=True)
2498
2499 logger.info("Checking keys in memory after network profile configuration")
2500 buf = read_process_memory(pid, pmk)
2501 get_key_locations(buf, pmk, "PMK")
2502
2503 dev[0].request("REMOVE_NETWORK all")
2504 logger.info("Checking keys in memory after network profile removal")
2505 buf = read_process_memory(pid, pmk)
2506 get_key_locations(buf, pmk, "PMK")
2507
2508 id = dev[0].connect(ssid, psk=passphrase, scan_freq="2412",
2509 only_add_network=True)
2510
2511 logger.info("Checking keys in memory before connection")
2512 buf = read_process_memory(pid, pmk)
2513 get_key_locations(buf, pmk, "PMK")
2514
2515 dev[0].connect_network(id, timeout=20)
8e416cec
JM		 2516 # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
2517 # event has been delivered, so verify that wpa_supplicant has returned to
2518 # eloop before reading process memory.
54f2cae2 2519 time.sleep(1)
8e416cec 2520 dev[0].ping()
5b3c40a6
JM		 2521
2522 buf = read_process_memory(pid, pmk)
2523
2524 dev[0].request("DISCONNECT")
2525 dev[0].wait_disconnected()
2526
2527 dev[0].relog()
2528 ptk = None
2529 gtk = None
2530 with open(os.path.join(params['logdir'], 'log0'), 'r') as f:
2531 for l in f.readlines():
2532 if "WPA: PTK - hexdump" in l:
2533 val = l.strip().split(':')[3].replace(' ', '')
2534 ptk = binascii.unhexlify(val)
2535 if "WPA: Group Key - hexdump" in l:
2536 val = l.strip().split(':')[3].replace(' ', '')
2537 gtk = binascii.unhexlify(val)
2538 if not pmk or not ptk or not gtk:
2539 raise Exception("Could not find keys from debug log")
2540 if len(gtk) != 16:
2541 raise Exception("Unexpected GTK length")
2542
2543 kck = ptk[0:16]
2544 kek = ptk[16:32]
2545 tk = ptk[32:48]
2546
2547 logger.info("Checking keys in memory while associated")
2548 get_key_locations(buf, pmk, "PMK")
2549 if pmk not in buf:
81e787b7 2550 raise HwsimSkip("PMK not found while associated")
5b3c40a6
JM		 2551 if kck not in buf:
2552 raise Exception("KCK not found while associated")
2553 if kek not in buf:
2554 raise Exception("KEK not found while associated")
b74f82a4
JM		 2555 #if tk in buf:
2556 # raise Exception("TK found from memory")
5b3c40a6
JM		 2557
2558 logger.info("Checking keys in memory after disassociation")
2559 buf = read_process_memory(pid, pmk)
2560 get_key_locations(buf, pmk, "PMK")
2561
2562 # Note: PMK/PSK is still present in network configuration
2563
2564 fname = os.path.join(params['logdir'],
2565 'wpa2_psk_key_lifetime_in_memory.memctx-')
2566 verify_not_present(buf, kck, fname, "KCK")
2567 verify_not_present(buf, kek, fname, "KEK")
2568 verify_not_present(buf, tk, fname, "TK")
6db556b2
JM		 2569 if gtk in buf:
2570 get_key_locations(buf, gtk, "GTK")
5b3c40a6
JM		 2571 verify_not_present(buf, gtk, fname, "GTK")
2572
2573 dev[0].request("REMOVE_NETWORK all")
2574
2575 logger.info("Checking keys in memory after network profile removal")
2576 buf = read_process_memory(pid, pmk)
2577 get_key_locations(buf, pmk, "PMK")
2578
2579 verify_not_present(buf, pmk, fname, "PMK")
2580 verify_not_present(buf, kck, fname, "KCK")
2581 verify_not_present(buf, kek, fname, "KEK")
2582 verify_not_present(buf, tk, fname, "TK")
2583 verify_not_present(buf, gtk, fname, "GTK")
214457de 2584
9fd6804d 2585@remote_compatible
214457de
JM		 2586def test_ap_wpa2_psk_wep(dev, apdev):
2587 """WPA2-PSK AP and WEP enabled"""
2588 ssid = "test-wpa2-psk"
2589 passphrase = 'qwertyuiop'
2590 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
8b8a1864 2591 hapd = hostapd.add_ap(apdev[0], params)
214457de
JM		 2592 try:
2593 hapd.set('wep_key0', '"hello"')
2594 raise Exception("WEP key accepted to WPA2 network")
2595 except Exception:
2596 pass
a1512a0c
JM		 2597
2598def test_ap_wpa2_psk_wpas_in_bridge(dev, apdev):
2599 """WPA2-PSK AP and wpas interface in a bridge"""
fab49f61
JM		 2600 br_ifname = 'sta-br0'
2601 ifname = 'wlan5'
a1512a0c
JM		 2602 try:
2603 _test_ap_wpa2_psk_wpas_in_bridge(dev, apdev)
2604 finally:
2605 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'down'])
2606 subprocess.call(['brctl', 'delif', br_ifname, ifname])
2607 subprocess.call(['brctl', 'delbr', br_ifname])
f245b450 2608 subprocess.call(['iw', ifname, 'set', '4addr', 'off'])
a1512a0c
JM		 2609
2610def _test_ap_wpa2_psk_wpas_in_bridge(dev, apdev):
2611 ssid = "test-wpa2-psk"
2612 passphrase = 'qwertyuiop'
2613 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
8b8a1864 2614 hapd = hostapd.add_ap(apdev[0], params)
a1512a0c 2615
fab49f61
JM		 2616 br_ifname = 'sta-br0'
2617 ifname = 'wlan5'
a1512a0c
JM		 2618 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
2619 subprocess.call(['brctl', 'addbr', br_ifname])
2620 subprocess.call(['brctl', 'setfd', br_ifname, '0'])
2621 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'up'])
2622 subprocess.call(['iw', ifname, 'set', '4addr', 'on'])
2623 subprocess.check_call(['brctl', 'addif', br_ifname, ifname])
2624 wpas.interface_add(ifname, br_ifname=br_ifname)
4b9d79b6 2625 wpas.dump_monitor()
a1512a0c
JM		 2626
2627 wpas.connect(ssid, psk=passphrase, scan_freq="2412")
4b9d79b6 2628 wpas.dump_monitor()
eb88a5ba 2629
9fd6804d 2630@remote_compatible
eb88a5ba
JM		 2631def test_ap_wpa2_psk_ifdown(dev, apdev):
2632 """AP with open mode and external ifconfig down"""
2633 ssid = "test-wpa2-psk"
2634 passphrase = 'qwertyuiop'
2635 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
8b8a1864 2636 hapd = hostapd.add_ap(apdev[0], params)
eb88a5ba
JM		 2637 bssid = apdev[0]['bssid']
2638
2639 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
10e09d83 2640 hapd.cmd_execute(['ip', 'link', 'set', 'dev', apdev[0]['ifname'], 'down'])
eb88a5ba
JM		 2641 ev = hapd.wait_event(["INTERFACE-DISABLED"], timeout=10)
2642 if ev is None:
2643 raise Exception("No INTERFACE-DISABLED event")
2644 # this wait tests beacon loss detection in mac80211
2645 dev[0].wait_disconnected()
10e09d83 2646 hapd.cmd_execute(['ip', 'link', 'set', 'dev', apdev[0]['ifname'], 'up'])
eb88a5ba
JM		 2647 ev = hapd.wait_event(["INTERFACE-ENABLED"], timeout=10)
2648 if ev is None:
2649 raise Exception("No INTERFACE-ENABLED event")
2650 dev[0].wait_connected()
938c6e7b 2651 hapd.wait_sta()
eb88a5ba 2652 hwsim_utils.test_connectivity(dev[0], hapd)
0f74bd41
JM		 2653
2654def test_ap_wpa2_psk_drop_first_msg_4(dev, apdev):
2655 """WPA2-PSK and first EAPOL-Key msg 4/4 dropped"""
2656 bssid = apdev[0]['bssid']
2657 ssid = "test-wpa2-psk"
2658 passphrase = 'qwertyuiop'
2659 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
2660 params = hostapd.wpa2_params(ssid=ssid)
2661 params['wpa_psk'] = psk
8b8a1864 2662 hapd = hostapd.add_ap(apdev[0], params)
0f74bd41
JM		 2663 hapd.request("SET ext_eapol_frame_io 1")
2664 dev[0].request("SET ext_eapol_frame_io 1")
2665 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
2666 addr = dev[0].own_addr()
2667
2668 # EAPOL-Key msg 1/4
2669 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
2670 if ev is None:
2671 raise Exception("Timeout on EAPOL-TX from hostapd")
2672 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
2673 if "OK" not in res:
2674 raise Exception("EAPOL_RX to wpa_supplicant failed")
2675
2676 # EAPOL-Key msg 2/4
2677 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
2678 if ev is None:
2679 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
2680 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
2681 if "OK" not in res:
2682 raise Exception("EAPOL_RX to hostapd failed")
2683
2684 # EAPOL-Key msg 3/4
2685 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
2686 if ev is None:
2687 raise Exception("Timeout on EAPOL-TX from hostapd")
2688 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
2689 if "OK" not in res:
2690 raise Exception("EAPOL_RX to wpa_supplicant failed")
2691
2692 # EAPOL-Key msg 4/4
2693 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
2694 if ev is None:
2695 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
2696 logger.info("Drop the first EAPOL-Key msg 4/4")
2697
2698 # wpa_supplicant believes now that 4-way handshake succeeded; hostapd
2699 # doesn't. Use normal EAPOL TX/RX to handle retries.
2700 hapd.request("SET ext_eapol_frame_io 0")
2701 dev[0].request("SET ext_eapol_frame_io 0")
2702 dev[0].wait_connected()
2703
2704 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
2705 if ev is None:
2706 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
2707
2708 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=0.1)
2709 if ev is not None:
2710 logger.info("Disconnection detected")
2711 # The EAPOL-Key retries are supposed to allow the connection to be
2712 # established without having to reassociate. However, this does not
2713 # currently work since mac80211 ends up encrypting EAPOL-Key msg 4/4
2714 # after the pairwise key has been configured and AP will drop those and
2715 # disconnect the station after reaching retransmission limit. Connection
2716 # is then established after reassociation. Once that behavior has been
2717 # optimized to prevent EAPOL-Key frame encryption for retransmission
2718 # case, this exception can be uncommented here.
2719 #raise Exception("Unexpected disconnection")
a14a5f24 2720
9fd6804d 2721@remote_compatible
a14a5f24
JM		 2722def test_ap_wpa2_psk_disable_enable(dev, apdev):
2723 """WPA2-PSK AP getting disabled and re-enabled"""
2724 ssid = "test-wpa2-psk"
2725 passphrase = 'qwertyuiop'
2726 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
2727 params = hostapd.wpa2_params(ssid=ssid)
2728 params['wpa_psk'] = psk
8b8a1864 2729 hapd = hostapd.add_ap(apdev[0], params)
a14a5f24
JM		 2730 dev[0].connect(ssid, raw_psk=psk, scan_freq="2412")
2731
2732 for i in range(2):
2733 hapd.request("DISABLE")
2734 dev[0].wait_disconnected()
2735 hapd.request("ENABLE")
2736 dev[0].wait_connected()
938c6e7b 2737 hapd.wait_sta()
a14a5f24 2738 hwsim_utils.test_connectivity(dev[0], hapd)
97c6d0d8 2739
9fd6804d 2740@remote_compatible
97c6d0d8
JM		 2741def test_ap_wpa2_psk_incorrect_passphrase(dev, apdev):
2742 """WPA2-PSK AP and station using incorrect passphrase"""
2743 ssid = "test-wpa2-psk"
2744 passphrase = 'qwertyuiop'
2745 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
8b8a1864 2746 hapd = hostapd.add_ap(apdev[0], params)
97c6d0d8
JM		 2747 dev[0].connect(ssid, psk="incorrect passphrase", scan_freq="2412",
2748 wait_connect=False)
2749 ev = hapd.wait_event(["AP-STA-POSSIBLE-PSK-MISMATCH"], timeout=10)
2750 if ev is None:
2751 raise Exception("No AP-STA-POSSIBLE-PSK-MISMATCH reported")
a539d3f7
JM		 2752 dev[0].dump_monitor()
2753
2754 hapd.disable()
2755 hapd.set("wpa_passphrase", "incorrect passphrase")
2756 hapd.enable()
2757
2758 dev[0].wait_connected(timeout=20)
4b0e0c53 2759
9fd6804d 2760@remote_compatible
4b0e0c53
JM		 2761def test_ap_wpa_ie_parsing(dev, apdev):
2762 """WPA IE parsing"""
a1eabc74 2763 skip_with_fips(dev[0])
4b0e0c53
JM		 2764 ssid = "test-wpa-psk"
2765 passphrase = 'qwertyuiop'
2766 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
8b8a1864 2767 hapd = hostapd.add_ap(apdev[0], params)
4b0e0c53
JM		 2768 id = dev[0].connect(ssid, psk=passphrase, scan_freq="2412",
2769 only_add_network=True)
2770
fab49f61
JM		 2771 tests = ["dd040050f201",
2772 "dd050050f20101",
2773 "dd060050f2010100",
2774 "dd060050f2010001",
2775 "dd070050f201010000",
2776 "dd080050f20101000050",
2777 "dd090050f20101000050f2",
2778 "dd0a0050f20101000050f202",
2779 "dd0b0050f20101000050f20201",
2780 "dd0c0050f20101000050f2020100",
2781 "dd0c0050f20101000050f2020000",
2782 "dd0c0050f20101000050f202ffff",
2783 "dd0d0050f20101000050f202010000",
2784 "dd0e0050f20101000050f20201000050",
2785 "dd0f0050f20101000050f20201000050f2",
2786 "dd100050f20101000050f20201000050f202",
2787 "dd110050f20101000050f20201000050f20201",
2788 "dd120050f20101000050f20201000050f2020100",
2789 "dd120050f20101000050f20201000050f2020000",
2790 "dd120050f20101000050f20201000050f202ffff",
2791 "dd130050f20101000050f20201000050f202010000",
2792 "dd140050f20101000050f20201000050f20201000050",
2793 "dd150050f20101000050f20201000050f20201000050f2"]
4b0e0c53
JM		 2794 for t in tests:
2795 try:
2796 if "OK" not in dev[0].request("VENDOR_ELEM_ADD 13 " + t):
2797 raise Exception("VENDOR_ELEM_ADD failed")
2798 dev[0].select_network(id)
2799 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
2800 if ev is None:
2801 raise Exception("Association rejection not reported")
2802 dev[0].request("DISCONNECT")
a359c7bb 2803 dev[0].dump_monitor()
4b0e0c53
JM		 2804 finally:
2805 dev[0].request("VENDOR_ELEM_REMOVE 13 *")
2806
fab49f61
JM		 2807 tests = ["dd170050f20101000050f20201000050f20201000050f202ff",
2808 "dd180050f20101000050f20201000050f20201000050f202ffff",
2809 "dd190050f20101000050f20201000050f20201000050f202ffffff"]
4b0e0c53
JM		 2810 for t in tests:
2811 try:
2812 if "OK" not in dev[0].request("VENDOR_ELEM_ADD 13 " + t):
2813 raise Exception("VENDOR_ELEM_ADD failed")
2814 dev[0].select_network(id)
dd12e58e
JM		 2815 ev = dev[0].wait_event(['CTRL-EVENT-CONNECTED',
2816 'WPA: 4-Way Handshake failed'], timeout=10)
2817 if ev is None:
2818 raise Exception("Association failed unexpectedly")
4b0e0c53 2819 dev[0].request("DISCONNECT")
a359c7bb 2820 dev[0].dump_monitor()
4b0e0c53
JM		 2821 finally:
2822 dev[0].request("VENDOR_ELEM_REMOVE 13 *")
bf7071bb 2823
9fd6804d 2824@remote_compatible
bf7071bb
JM		 2825def test_ap_wpa2_psk_no_random(dev, apdev):
2826 """WPA2-PSK AP and no random numbers available"""
2827 ssid = "test-wpa2-psk"
2828 passphrase = 'qwertyuiop'
2829 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
2830 params = hostapd.wpa2_params(ssid=ssid)
2831 params['wpa_psk'] = psk
8b8a1864 2832 hapd = hostapd.add_ap(apdev[0], params)
bf7071bb
JM		 2833 with fail_test(hapd, 1, "wpa_gmk_to_gtk"):
2834 id = dev[0].connect(ssid, raw_psk=psk, scan_freq="2412",
2835 wait_connect=False)
2836 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=15)
2837 if ev is None:
2838 raise Exception("Disconnection event not reported")
2839 dev[0].request("DISCONNECT")
2840 dev[0].select_network(id, freq=2412)
2841 dev[0].wait_connected()
ecafa0cf 2842
9fd6804d 2843@remote_compatible
ecafa0cf
JM		 2844def test_rsn_ie_proto_psk_sta(dev, apdev):
2845 """RSN element protocol testing for PSK cases on STA side"""
2846 bssid = apdev[0]['bssid']
2847 ssid = "test-wpa2-psk"
2848 passphrase = 'qwertyuiop'
2849 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
2850 # This is the RSN element used normally by hostapd
2851 params['own_ie_override'] = '30140100000fac040100000fac040100000fac020c00'
8b8a1864 2852 hapd = hostapd.add_ap(apdev[0], params)
ecafa0cf
JM		 2853 if "FAIL" not in hapd.request("SET own_ie_override qwerty"):
2854 raise Exception("Invalid own_ie_override value accepted")
2855 id = dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
2856
fab49f61
JM		 2857 tests = [('No RSN Capabilities field',
2858 '30120100000fac040100000fac040100000fac02'),
2859 ('Reserved RSN Capabilities bits set',
2860 '30140100000fac040100000fac040100000fac023cff'),
2861 ('Truncated RSN Capabilities field',
2862 '30130100000fac040100000fac040100000fac023c'),
2863 ('Extra pairwise cipher suite (unsupported)',
2864 '30180100000fac040200ffffffff000fac040100000fac020c00'),
2865 ('Extra AKM suite (unsupported)',
2866 '30180100000fac040100000fac040200ffffffff000fac020c00'),
2867 ('PMKIDCount field included',
2868 '30160100000fac040100000fac040100000fac020c000000'),
2869 ('Truncated PMKIDCount field',
2870 '30150100000fac040100000fac040100000fac020c0000'),
2871 ('Unexpected Group Management Cipher Suite with PMF disabled',
2872 '301a0100000fac040100000fac040100000fac020c000000000fac06'),
2873 ('Extra octet after defined fields (future extensibility)',
2874 '301b0100000fac040100000fac040100000fac020c000000000fac0600')]
2875 for txt, ie in tests:
ecafa0cf
JM		 2876 dev[0].request("DISCONNECT")
2877 dev[0].wait_disconnected()
007bf37e
JM		 2878 dev[0].dump_monitor()
2879 dev[0].request("NOTE " + txt)
ecafa0cf
JM		 2880 logger.info(txt)
2881 hapd.disable()
2882 hapd.set('own_ie_override', ie)
2883 hapd.enable()
2884 dev[0].request("BSS_FLUSH 0")
2885 dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
2886 dev[0].select_network(id, freq=2412)
2887 dev[0].wait_connected()
b1f69186 2888
9fd6804d 2889@remote_compatible
b1f69186
JB		 2890def test_ap_cli_order(dev, apdev):
2891 ssid = "test-rsn-setup"
2892 passphrase = 'zzzzzzzz'
b1f69186 2893
84f3f3a5 2894 hapd = hostapd.add_ap(apdev[0], {}, no_enable=True)
b1f69186
JB		 2895 hapd.set('ssid', ssid)
2896 hapd.set('wpa_passphrase', passphrase)
2897 hapd.set('rsn_pairwise', 'CCMP')
2898 hapd.set('wpa_key_mgmt', 'WPA-PSK')
2899 hapd.set('wpa', '2')
2900 hapd.enable()
2901 cfg = hapd.get_config()
2902 if cfg['group_cipher'] != 'CCMP':
2903 raise Exception("Unexpected group_cipher: " + cfg['group_cipher'])
2904 if cfg['rsn_pairwise_cipher'] != 'CCMP':
2905 raise Exception("Unexpected rsn_pairwise_cipher: " + cfg['rsn_pairwise_cipher'])
2906
2907 ev = hapd.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=30)
2908 if ev is None:
2909 raise Exception("AP startup timed out")
2910 if "AP-ENABLED" not in ev:
2911 raise Exception("AP startup failed")
2912
2913 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
0ceff76e
JM		 2914
2915def set_test_assoc_ie(dev, ie):
2916 if "OK" not in dev.request("TEST_ASSOC_IE " + ie):
2917 raise Exception("Could not set TEST_ASSOC_IE")
2918
9fd6804d 2919@remote_compatible
0ceff76e
JM		 2920def test_ap_wpa2_psk_assoc_rsn(dev, apdev):
2921 """WPA2-PSK AP and association request RSN IE differences"""
2922 ssid = "test-wpa2-psk"
2923 passphrase = 'qwertyuiop'
2924 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
8b8a1864 2925 hapd = hostapd.add_ap(apdev[0], params)
0ceff76e 2926
fab49f61
JM		 2927 tests = [("Normal wpa_supplicant assoc req RSN IE",
2928 "30140100000fac040100000fac040100000fac020000"),
2929 ("RSN IE without RSN Capabilities",
2930 "30120100000fac040100000fac040100000fac02")]
0ceff76e
JM		 2931 for title, ie in tests:
2932 logger.info(title)
2933 set_test_assoc_ie(dev[0], ie)
2934 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
2935 dev[0].request("REMOVE_NETWORK all")
2936 dev[0].wait_disconnected()
2937
fab49f61
JM		 2938 tests = [("WPA IE instead of RSN IE and only RSN enabled on AP",
2939 "dd160050f20101000050f20201000050f20201000050f202", 40),
2940 ("Empty RSN IE", "3000", 40),
2941 ("RSN IE with truncated Version", "300101", 40),
2942 ("RSN IE with only Version", "30020100", 43)]
0ceff76e
JM		 2943 for title, ie, status in tests:
2944 logger.info(title)
2945 set_test_assoc_ie(dev[0], ie)
2946 dev[0].connect(ssid, psk=passphrase, scan_freq="2412",
2947 wait_connect=False)
2948 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"])
2949 if ev is None:
2950 raise Exception("Association rejection not reported")
2951 if "status_code=" + str(status) not in ev:
2952 raise Exception("Unexpected status code: " + ev)
2953 dev[0].request("REMOVE_NETWORK all")
2954 dev[0].dump_monitor()
50bb5c86 2955
06809f61
JM		 2956def test_ap_wpa2_psk_ft_workaround(dev, apdev):
2957 """WPA2-PSK+FT AP and workaround for incorrect STA behavior"""
2958 ssid = "test-wpa2-psk-ft"
2959 passphrase = 'qwertyuiop'
2960
fab49f61
JM		 2961 params = {"wpa": "2",
2962 "wpa_key_mgmt": "FT-PSK WPA-PSK",
2963 "rsn_pairwise": "CCMP",
2964 "ssid": ssid,
2965 "wpa_passphrase": passphrase}
06809f61
JM		 2966 params["mobility_domain"] = "a1b2"
2967 params["r0_key_lifetime"] = "10000"
2968 params["pmk_r1_push"] = "1"
2969 params["reassociation_deadline"] = "1000"
2970 params['nas_identifier'] = "nas1.w1.fi"
2971 params['r1_key_holder'] = "000102030405"
2972 hapd = hostapd.add_ap(apdev[0], params)
2973
2974 # Include both WPA-PSK and FT-PSK AKMs in Association Request frame
2975 set_test_assoc_ie(dev[0],
2976 "30180100000fac040100000fac040200000fac02000fac040000")
2977 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
2978 dev[0].request("REMOVE_NETWORK all")
2979 dev[0].wait_disconnected()
2980
fe4af86c
JM		 2981def test_ap_wpa2_psk_assoc_rsn_pmkid(dev, apdev):
2982 """WPA2-PSK AP and association request RSN IE with PMKID"""
2983 ssid = "test-wpa2-psk"
2984 passphrase = 'qwertyuiop'
2985 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
2986 hapd = hostapd.add_ap(apdev[0], params)
2987
2988 set_test_assoc_ie(dev[0], "30260100000fac040100000fac040100000fac0200000100" + 16*'00')
2989 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
2990 dev[0].request("REMOVE_NETWORK all")
2991 dev[0].wait_disconnected()
2992
50bb5c86
JM		 2993def test_ap_wpa_psk_rsn_pairwise(dev, apdev):
2994 """WPA-PSK AP and only rsn_pairwise set"""
fab49f61
JM		 2995 params = {"ssid": "wpapsk", "wpa": "1", "wpa_key_mgmt": "WPA-PSK",
2996 "rsn_pairwise": "TKIP", "wpa_passphrase": "1234567890"}
50bb5c86
JM		 2997 hapd = hostapd.add_ap(apdev[0], params)
2998 dev[0].connect("wpapsk", psk="1234567890", proto="WPA", pairwise="TKIP",
2999 scan_freq="2412")
ac723b35
JM		 3000
3001def test_ap_wpa2_eapol_retry_limit(dev, apdev):
3002 """WPA2-PSK EAPOL-Key retry limit configuration"""
3003 ssid = "test-wpa2-psk"
3004 passphrase = 'qwertyuiop'
3005 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
3006 params['wpa_ptk_rekey'] = '2'
3007 params['wpa_group_update_count'] = '1'
3008 params['wpa_pairwise_update_count'] = '1'
3009 hapd = hostapd.add_ap(apdev[0], params)
3010 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
3011 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
3012 if ev is None:
3013 raise Exception("PTK rekey timed out")
3014
3015 if "FAIL" not in hapd.request("SET wpa_group_update_count 0"):
3016 raise Exception("Invalid wpa_group_update_count value accepted")
3017 if "FAIL" not in hapd.request("SET wpa_pairwise_update_count 0"):
3018 raise Exception("Invalid wpa_pairwise_update_count value accepted")
ec765bc7
JM		 3019
3020def test_ap_wpa2_disable_eapol_retry(dev, apdev):
3021 """WPA2-PSK disable EAPOL-Key retry"""
3022 ssid = "test-wpa2-psk"
3023 passphrase = 'qwertyuiop'
3024 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
3025 params['wpa_disable_eapol_key_retries'] = '1'
3026 hapd = hostapd.add_ap(apdev[0], params)
3027 bssid = apdev[0]['bssid']
3028
3029 logger.info("Verify working 4-way handshake without retries")
3030 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
3031 dev[0].request("REMOVE_NETWORK all")
3032 dev[0].wait_disconnected()
3033 dev[0].dump_monitor()
3034 addr = dev[0].own_addr()
3035
3036 logger.info("Verify no retransmission of message 3/4")
3037 hapd.request("SET ext_eapol_frame_io 1")
3038 dev[0].request("SET ext_eapol_frame_io 1")
3039 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
3040
3041 ev = hapd.wait_event(["EAPOL-TX"], timeout=5)
3042 if ev is None:
3043 raise Exception("Timeout on EAPOL-TX (M1) from hostapd")
3044 ev = hapd.wait_event(["EAPOL-TX"], timeout=5)
3045 if ev is None:
3046 raise Exception("Timeout on EAPOL-TX (M1 retry) from hostapd")
3047 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
3048 if "OK" not in res:
3049 raise Exception("EAPOL_RX (M1) to wpa_supplicant failed")
3050 ev = dev[0].wait_event(["EAPOL-TX"], timeout=5)
3051 if ev is None:
3052 raise Exception("Timeout on EAPOL-TX (M2) from wpa_supplicant")
3053 dev[0].dump_monitor()
3054 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
3055 if "OK" not in res:
3056 raise Exception("EAPOL_RX (M2) to hostapd failed")
3057
3058 ev = hapd.wait_event(["EAPOL-TX"], timeout=5)
3059 if ev is None:
3060 raise Exception("Timeout on EAPOL-TX (M3) from hostapd")
3061 ev = hapd.wait_event(["EAPOL-TX"], timeout=2)
3062 if ev is not None:
3063 raise Exception("Unexpected EAPOL-TX M3 retry from hostapd")
3064 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=3)
3065 if ev is None:
3066 raise Exception("Disconnection not reported")
3067 dev[0].request("REMOVE_NETWORK all")
3068 dev[0].dump_monitor()
3069
3070def test_ap_wpa2_disable_eapol_retry_group(dev, apdev):
3071 """WPA2-PSK disable EAPOL-Key retry for group handshake"""
3072 ssid = "test-wpa2-psk"
3073 passphrase = 'qwertyuiop'
3074 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
3075 params['wpa_disable_eapol_key_retries'] = '1'
3076 params['wpa_strict_rekey'] = '1'
3077 hapd = hostapd.add_ap(apdev[0], params)
3078 bssid = apdev[0]['bssid']
3079
3080 id = dev[1].connect(ssid, psk=passphrase, scan_freq="2412")
3081 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
3082 dev[0].dump_monitor()
3083 addr = dev[0].own_addr()
3084
3085 dev[1].request("DISCONNECT")
3086 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
3087 if ev is None:
3088 raise Exception("GTK rekey timed out")
3089 dev[1].request("RECONNECT")
3090 dev[1].wait_connected()
3091 dev[0].dump_monitor()
3092
3093 hapd.request("SET ext_eapol_frame_io 1")
3094 dev[0].request("SET ext_eapol_frame_io 1")
3095 dev[1].request("DISCONNECT")
3096
3097 ev = hapd.wait_event(["EAPOL-TX"], timeout=5)
3098 if ev is None:
3099 raise Exception("Timeout on EAPOL-TX (group M1) from hostapd")
3100 ev = hapd.wait_event(["EAPOL-TX"], timeout=2)
3101 if ev is not None:
3102 raise Exception("Unexpected EAPOL-TX group M1 retry from hostapd")
3103 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=3)
3104 if ev is None:
3105 raise Exception("Disconnection not reported")
3106 dev[0].request("REMOVE_NETWORK all")
3107 dev[0].dump_monitor()
c773c7d5
JM		 3108
3109def test_ap_wpa2_psk_mic_0(dev, apdev):
3110 """WPA2-PSK/TKIP and MIC=0 in EAPOL-Key msg 3/4"""
3111 bssid = apdev[0]['bssid']
3112 ssid = "test-wpa2-psk"
3113 passphrase = 'qwertyuiop'
3114 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
3115 params['rsn_pairwise'] = "TKIP"
3116 hapd = hostapd.add_ap(apdev[0], params)
3117 hapd.request("SET ext_eapol_frame_io 1")
3118 dev[0].request("SET ext_eapol_frame_io 1")
3119 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
3120 addr = dev[0].own_addr()
3121
3122 # EAPOL-Key msg 1/4
3123 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
3124 if ev is None:
3125 raise Exception("Timeout on EAPOL-TX from hostapd")
3126 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
3127 if "OK" not in res:
3128 raise Exception("EAPOL_RX to wpa_supplicant failed")
3129
3130 # EAPOL-Key msg 2/4
3131 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
3132 if ev is None:
3133 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
3134 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
3135 if "OK" not in res:
3136 raise Exception("EAPOL_RX to hostapd failed")
3137 dev[0].dump_monitor()
3138
3139 # EAPOL-Key msg 3/4
3140 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
3141 if ev is None:
3142 raise Exception("Timeout on EAPOL-TX from hostapd")
3143 msg3 = ev.split(' ')[2]
3144 res = dev[0].request("EAPOL_RX " + bssid + " " + msg3)
3145 if "OK" not in res:
3146 raise Exception("EAPOL_RX to wpa_supplicant failed")
3147
3148 # EAPOL-Key msg 4/4
3149 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
3150 if ev is None:
3151 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
3152 # Do not send to the AP
3153
3154 # EAPOL-Key msg 3/4 with MIC=0 and modifications
3155 eapol_hdr = msg3[0:8]
3156 key_type = msg3[8:10]
3157 key_info = msg3[10:14]
3158 key_length = msg3[14:18]
3159 replay_counter = msg3[18:34]
3160 key_nonce = msg3[34:98]
3161 key_iv = msg3[98:130]
3162 key_rsc = msg3[130:146]
3163 key_id = msg3[146:162]
3164 key_mic = msg3[162:194]
3165 key_data_len = msg3[194:198]
3166 key_data = msg3[198:]
3167
3168 msg3b = eapol_hdr + key_type
3169 msg3b += "12c9" # Clear MIC bit from key_info (originally 13c9)
3170 msg3b += key_length
3171 msg3b += '0000000000000003'
3172 msg3b += key_nonce + key_iv + key_rsc + key_id
3173 msg3b += 32*'0' # Clear MIC value
3174 msg3b += key_data_len + key_data
3175 dev[0].dump_monitor()
3176 res = dev[0].request("EAPOL_RX " + bssid + " " + msg3b)
3177 if "OK" not in res:
3178 raise Exception("EAPOL_RX to wpa_supplicant failed")
3179 ev = dev[0].wait_event(["EAPOL-TX", "WPA: Ignore EAPOL-Key"], timeout=2)
3180 if ev is None:
3181 raise Exception("No event from wpa_supplicant")
3182 if "EAPOL-TX" in ev:
3183 raise Exception("Unexpected EAPOL-Key message from wpa_supplicant")
3184 dev[0].request("DISCONNECT")
bfce94e0
JM		 3185
3186def test_ap_wpa2_psk_local_error(dev, apdev):
3187 """WPA2-PSK and local error cases on supplicant"""
3188 ssid = "test-wpa2-psk"
3189 passphrase = 'qwertyuiop'
3190 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
3191 params["wpa_key_mgmt"] = "WPA-PSK WPA-PSK-SHA256"
3192 hapd = hostapd.add_ap(apdev[0], params)
3193
3194 with fail_test(dev[0], 1, "sha1_prf;wpa_pmk_to_ptk"):
3195 id = dev[0].connect(ssid, key_mgmt="WPA-PSK", psk=passphrase,
3196 scan_freq="2412", wait_connect=False)
3197 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=5)
3198 if ev is None:
3199 raise Exception("Disconnection event not reported")
3200 dev[0].request("REMOVE_NETWORK all")
3201 dev[0].dump_monitor()
3202
3203 with fail_test(dev[0], 1, "sha256_prf;wpa_pmk_to_ptk"):
3204 id = dev[0].connect(ssid, key_mgmt="WPA-PSK-SHA256", psk=passphrase,
3205 scan_freq="2412", wait_connect=False)
3206 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=5)
3207 if ev is None:
3208 raise Exception("Disconnection event not reported")
3209 dev[0].request("REMOVE_NETWORK all")
3210 dev[0].dump_monitor()
Unnamed repository; edit this file 'description' to name the repository.