]> git.ipfire.org Git - thirdparty/hostap.git/blame - tests/hwsim/test_ap_psk.py
projects / thirdparty / hostap.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
RSN: Ignore IGTK configuration errors with swapped KeyID values
[thirdparty/hostap.git] / tests / hwsim / test_ap_psk.py
CommitLineData
c89d9ebb
JM		 1# WPA2-Personal tests
2# Copyright (c) 2014, Qualcomm Atheros, Inc.
3#
4# This software may be distributed under the terms of the BSD license.
5# See README for more details.
6
9fd6804d 7from remotehost import remote_compatible
821490f5 8import binascii
e0c46c8e 9from Crypto.Cipher import AES
821490f5
JM		 10import hashlib
11import hmac
c89d9ebb
JM		 12import logging
13logger = logging.getLogger()
138ec97e 14import os
5b3c40a6 15import re
821490f5 16import struct
d1fc5736
JM		 17import subprocess
18import time
c89d9ebb
JM		 19
20import hostapd
a1eabc74 21from utils import HwsimSkip, fail_test, skip_with_fips
fb5c8cea 22import hwsim_utils
a1512a0c 23from wpasupplicant import WpaSupplicant
c89d9ebb 24
eaf3f9b1
JM		 25def check_mib(dev, vals):
26 mib = dev.get_mib()
27 for v in vals:
28 if mib[v[0]] != v[1]:
29 raise Exception("Unexpected {} = {} (expected {})".format(v[0], mib[v[0]], v[1]))
30
9fd6804d 31@remote_compatible
c89d9ebb
JM		 32def test_ap_wpa2_psk(dev, apdev):
33 """WPA2-PSK AP with PSK instead of passphrase"""
34 ssid = "test-wpa2-psk"
35 passphrase = 'qwertyuiop'
36 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
37 params = hostapd.wpa2_params(ssid=ssid)
38 params['wpa_psk'] = psk
8b8a1864 39 hapd = hostapd.add_ap(apdev[0], params)
65038313
JM		 40 key_mgmt = hapd.get_config()['key_mgmt']
41 if key_mgmt.split(' ')[0] != "WPA-PSK":
42 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
c89d9ebb
JM		 43 dev[0].connect(ssid, raw_psk=psk, scan_freq="2412")
44 dev[1].connect(ssid, psk=passphrase, scan_freq="2412")
45
de748924
JM		 46 sig = dev[0].request("SIGNAL_POLL").splitlines()
47 pkt = dev[0].request("PKTCNT_POLL").splitlines()
48 if "FREQUENCY=2412" not in sig:
49 raise Exception("Unexpected SIGNAL_POLL value: " + str(sig))
50 if "TXBAD=0" not in pkt:
51 raise Exception("Unexpected TXBAD value: " + str(pkt))
52
c89d9ebb
JM		 53def test_ap_wpa2_psk_file(dev, apdev):
54 """WPA2-PSK AP with PSK from a file"""
55 ssid = "test-wpa2-psk"
56 passphrase = 'qwertyuiop'
57 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
58 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
59 params['wpa_psk_file'] = 'hostapd.wpa_psk'
8b8a1864 60 hostapd.add_ap(apdev[0], params)
c89d9ebb
JM		 61 dev[1].connect(ssid, psk="very secret", scan_freq="2412", wait_connect=False)
62 dev[2].connect(ssid, raw_psk=psk, scan_freq="2412")
63 dev[2].request("REMOVE_NETWORK all")
64 dev[0].connect(ssid, psk="very secret", scan_freq="2412")
65 dev[0].request("REMOVE_NETWORK all")
66 dev[2].connect(ssid, psk="another passphrase for all STAs", scan_freq="2412")
67 dev[0].connect(ssid, psk="another passphrase for all STAs", scan_freq="2412")
68 ev = dev[1].wait_event(["WPA: 4-Way Handshake failed"], timeout=10)
69 if ev is None:
70 raise Exception("Timed out while waiting for failure report")
71 dev[1].request("REMOVE_NETWORK all")
fb5c8cea 72
0eb34f8f
JM		 73def check_no_keyid(hapd, dev):
74 addr = dev.own_addr()
75 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=1)
76 if ev is None:
77 raise Exception("No AP-STA-CONNECTED indicated")
78 if addr not in ev:
79 raise Exception("AP-STA-CONNECTED for unexpected STA")
80 if "keyid=" in ev:
81 raise Exception("Unexpected keyid indication")
82
83def check_keyid(hapd, dev, keyid):
84 addr = dev.own_addr()
85 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=1)
86 if ev is None:
87 raise Exception("No AP-STA-CONNECTED indicated")
88 if addr not in ev:
89 raise Exception("AP-STA-CONNECTED for unexpected STA")
90 if "keyid=" + keyid not in ev:
91 raise Exception("Incorrect keyid indication")
92 sta = hapd.get_sta(addr)
93 if 'keyid' not in sta or sta['keyid'] != keyid:
94 raise Exception("Incorrect keyid in STA output")
95 dev.request("REMOVE_NETWORK all")
96
97def check_disconnect(dev, expected):
98 for i in range(2):
99 if expected[i]:
100 dev[i].wait_disconnected()
101 dev[i].request("REMOVE_NETWORK all")
102 else:
103 ev = dev[i].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=0.1)
104 if ev is not None:
105 raise Exception("Unexpected disconnection")
106 dev[i].request("REMOVE_NETWORK all")
107 dev[i].wait_disconnected()
108
109def test_ap_wpa2_psk_file_keyid(dev, apdev, params):
110 """WPA2-PSK AP with PSK from a file (keyid and reload)"""
111 psk_file = os.path.join(params['logdir'], 'ap_wpa2_psk_file_keyid.wpa_psk')
112 with open(psk_file, 'w') as f:
113 f.write('00:00:00:00:00:00 secret passphrase\n')
114 f.write('02:00:00:00:00:00 very secret\n')
115 f.write('00:00:00:00:00:00 another passphrase for all STAs\n')
116 ssid = "test-wpa2-psk"
117 params = hostapd.wpa2_params(ssid=ssid, passphrase='qwertyuiop')
118 params['wpa_psk_file'] = psk_file
119 hapd = hostapd.add_ap(apdev[0], params)
120
121 dev[0].connect(ssid, psk="very secret", scan_freq="2412")
122 check_no_keyid(hapd, dev[0])
123
124 dev[1].connect(ssid, psk="another passphrase for all STAs",
125 scan_freq="2412")
126 check_no_keyid(hapd, dev[1])
127
128 dev[2].connect(ssid, psk="qwertyuiop", scan_freq="2412")
129 check_no_keyid(hapd, dev[2])
130
131 with open(psk_file, 'w') as f:
132 f.write('00:00:00:00:00:00 secret passphrase\n')
133 f.write('02:00:00:00:00:00 very secret\n')
134 f.write('00:00:00:00:00:00 changed passphrase\n')
135 if "OK" not in hapd.request("RELOAD_WPA_PSK"):
136 raise Exception("RELOAD_WPA_PSK failed")
137
fab49f61 138 check_disconnect(dev, [False, True, False])
0eb34f8f
JM		 139
140 with open(psk_file, 'w') as f:
141 f.write('00:00:00:00:00:00 secret passphrase\n')
142 f.write('keyid=foo 02:00:00:00:00:00 very secret\n')
143 f.write('keyid=bar 00:00:00:00:00:00 another passphrase for all STAs\n')
144 if "OK" not in hapd.request("RELOAD_WPA_PSK"):
145 raise Exception("RELOAD_WPA_PSK failed")
146
147 dev[0].connect(ssid, psk="very secret", scan_freq="2412")
148 check_keyid(hapd, dev[0], "foo")
149
150 dev[1].connect(ssid, psk="another passphrase for all STAs",
151 scan_freq="2412")
152 check_keyid(hapd, dev[1], "bar")
153
154 dev[2].connect(ssid, psk="qwertyuiop", scan_freq="2412")
155 check_no_keyid(hapd, dev[2])
156
157 dev[0].wait_disconnected()
158 dev[0].connect(ssid, psk="secret passphrase", scan_freq="2412")
159 check_no_keyid(hapd, dev[0])
160
161 with open(psk_file, 'w') as f:
162 f.write('# empty\n')
163 if "OK" not in hapd.request("RELOAD_WPA_PSK"):
164 raise Exception("RELOAD_WPA_PSK failed")
165
fab49f61 166 check_disconnect(dev, [True, True, False])
0eb34f8f 167
9fd6804d 168@remote_compatible
53f4ed68
JM		 169def test_ap_wpa2_psk_mem(dev, apdev):
170 """WPA2-PSK AP with passphrase only in memory"""
171 try:
172 _test_ap_wpa2_psk_mem(dev, apdev)
173 finally:
174 dev[0].request("SCAN_INTERVAL 5")
175 dev[1].request("SCAN_INTERVAL 5")
176
177def _test_ap_wpa2_psk_mem(dev, apdev):
178 ssid = "test-wpa2-psk"
179 passphrase = 'qwertyuiop'
180 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
181 params = hostapd.wpa2_params(ssid=ssid)
182 params['wpa_psk'] = psk
8b8a1864 183 hapd = hostapd.add_ap(apdev[0], params)
53f4ed68
JM		 184
185 dev[0].connect(ssid, mem_only_psk="1", scan_freq="2412", wait_connect=False)
186 dev[0].request("SCAN_INTERVAL 1")
187 ev = dev[0].wait_event(["CTRL-REQ-PSK_PASSPHRASE"], timeout=10)
188 if ev is None:
189 raise Exception("Request for PSK/passphrase timed out")
190 id = ev.split(':')[0].split('-')[-1]
191 dev[0].request("CTRL-RSP-PSK_PASSPHRASE-" + id + ':"' + passphrase + '"')
192 dev[0].wait_connected(timeout=10)
193
194 dev[1].connect(ssid, mem_only_psk="1", scan_freq="2412", wait_connect=False)
195 dev[1].request("SCAN_INTERVAL 1")
196 ev = dev[1].wait_event(["CTRL-REQ-PSK_PASSPHRASE"], timeout=10)
197 if ev is None:
198 raise Exception("Request for PSK/passphrase timed out(2)")
199 id = ev.split(':')[0].split('-')[-1]
200 dev[1].request("CTRL-RSP-PSK_PASSPHRASE-" + id + ':' + psk)
201 dev[1].wait_connected(timeout=10)
202
9fd6804d 203@remote_compatible
d1635d97
JM		 204def test_ap_wpa2_ptk_rekey(dev, apdev):
205 """WPA2-PSK AP and PTK rekey enforced by station"""
206 ssid = "test-wpa2-psk"
207 passphrase = 'qwertyuiop'
208 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
8b8a1864 209 hapd = hostapd.add_ap(apdev[0], params)
d1635d97
JM		 210 dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412")
211 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
212 if ev is None:
213 raise Exception("PTK rekey timed out")
a8375c94 214 hwsim_utils.test_connectivity(dev[0], hapd)
d1635d97 215
3bcc5247
JM		 216def test_ap_wpa2_ptk_rekey_anonce(dev, apdev):
217 """WPA2-PSK AP and PTK rekey enforced by station and ANonce change"""
218 ssid = "test-wpa2-psk"
219 passphrase = 'qwertyuiop'
220 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
221 hapd = hostapd.add_ap(apdev[0], params)
222 dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412")
223 dev[0].dump_monitor()
224 anonce1 = dev[0].request("GET anonce")
225 if "OK" not in dev[0].request("KEY_REQUEST 0 1"):
226 raise Exception("KEY_REQUEST failed")
227 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
228 if ev is None:
229 raise Exception("PTK rekey timed out")
230 anonce2 = dev[0].request("GET anonce")
231 if anonce1 == anonce2:
232 raise Exception("AP did not update ANonce in requested PTK rekeying")
233 hwsim_utils.test_connectivity(dev[0], hapd)
234
9fd6804d 235@remote_compatible
6c87b4b8
JM		 236def test_ap_wpa2_ptk_rekey_ap(dev, apdev):
237 """WPA2-PSK AP and PTK rekey enforced by AP"""
238 ssid = "test-wpa2-psk"
239 passphrase = 'qwertyuiop'
240 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
241 params['wpa_ptk_rekey'] = '2'
8b8a1864 242 hapd = hostapd.add_ap(apdev[0], params)
6c87b4b8
JM		 243 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
244 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
245 if ev is None:
246 raise Exception("PTK rekey timed out")
a8375c94 247 hwsim_utils.test_connectivity(dev[0], hapd)
6c87b4b8 248
9fd6804d 249@remote_compatible
d1635d97
JM		 250def test_ap_wpa2_sha256_ptk_rekey(dev, apdev):
251 """WPA2-PSK/SHA256 AKM AP and PTK rekey enforced by station"""
252 ssid = "test-wpa2-psk"
253 passphrase = 'qwertyuiop'
254 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
255 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
8b8a1864 256 hapd = hostapd.add_ap(apdev[0], params)
d1635d97
JM		 257 dev[0].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK-SHA256",
258 wpa_ptk_rekey="1", scan_freq="2412")
259 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
260 if ev is None:
261 raise Exception("PTK rekey timed out")
a8375c94 262 hwsim_utils.test_connectivity(dev[0], hapd)
fab49f61
JM		 263 check_mib(dev[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-6"),
264 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-6")])
d1635d97 265
9fd6804d 266@remote_compatible
6c87b4b8
JM		 267def test_ap_wpa2_sha256_ptk_rekey_ap(dev, apdev):
268 """WPA2-PSK/SHA256 AKM AP and PTK rekey enforced by AP"""
269 ssid = "test-wpa2-psk"
270 passphrase = 'qwertyuiop'
271 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
272 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
273 params['wpa_ptk_rekey'] = '2'
8b8a1864 274 hapd = hostapd.add_ap(apdev[0], params)
6c87b4b8
JM		 275 dev[0].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK-SHA256",
276 scan_freq="2412")
277 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
278 if ev is None:
279 raise Exception("PTK rekey timed out")
a8375c94 280 hwsim_utils.test_connectivity(dev[0], hapd)
fab49f61
JM		 281 check_mib(dev[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-6"),
282 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-6")])
6c87b4b8 283
9fd6804d 284@remote_compatible
fb5c8cea
JM		 285def test_ap_wpa_ptk_rekey(dev, apdev):
286 """WPA-PSK/TKIP AP and PTK rekey enforced by station"""
a1eabc74 287 skip_with_fips(dev[0])
fb5c8cea
JM		 288 ssid = "test-wpa-psk"
289 passphrase = 'qwertyuiop'
290 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
8b8a1864 291 hapd = hostapd.add_ap(apdev[0], params)
fb5c8cea 292 dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412")
91bc6c36
JM		 293 if "[WPA-PSK-TKIP]" not in dev[0].request("SCAN_RESULTS"):
294 raise Exception("Scan results missing WPA element info")
fb5c8cea
JM		 295 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
296 if ev is None:
297 raise Exception("PTK rekey timed out")
a8375c94 298 hwsim_utils.test_connectivity(dev[0], hapd)
138ec97e 299
9fd6804d 300@remote_compatible
6c87b4b8
JM		 301def test_ap_wpa_ptk_rekey_ap(dev, apdev):
302 """WPA-PSK/TKIP AP and PTK rekey enforced by AP"""
a1eabc74 303 skip_with_fips(dev[0])
6c87b4b8
JM		 304 ssid = "test-wpa-psk"
305 passphrase = 'qwertyuiop'
306 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
307 params['wpa_ptk_rekey'] = '2'
8b8a1864 308 hapd = hostapd.add_ap(apdev[0], params)
6c87b4b8
JM		 309 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
310 ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=10)
311 if ev is None:
312 raise Exception("PTK rekey timed out")
a8375c94 313 hwsim_utils.test_connectivity(dev[0], hapd)
6c87b4b8 314
9fd6804d 315@remote_compatible
12124240
JM		 316def test_ap_wpa_ccmp(dev, apdev):
317 """WPA-PSK/CCMP"""
318 ssid = "test-wpa-psk"
319 passphrase = 'qwertyuiop'
320 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
321 params['wpa_pairwise'] = "CCMP"
8b8a1864 322 hapd = hostapd.add_ap(apdev[0], params)
12124240 323 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
a8375c94 324 hwsim_utils.test_connectivity(dev[0], hapd)
fab49f61
JM		 325 check_mib(dev[0], [("dot11RSNAConfigGroupCipherSize", "128"),
326 ("dot11RSNAGroupCipherRequested", "00-50-f2-4"),
327 ("dot11RSNAPairwiseCipherRequested", "00-50-f2-4"),
328 ("dot11RSNAAuthenticationSuiteRequested", "00-50-f2-2"),
329 ("dot11RSNAGroupCipherSelected", "00-50-f2-4"),
330 ("dot11RSNAPairwiseCipherSelected", "00-50-f2-4"),
331 ("dot11RSNAAuthenticationSuiteSelected", "00-50-f2-2"),
332 ("dot1xSuppSuppControlledPortStatus", "Authorized")])
12124240 333
79f846a7 334def test_ap_wpa2_psk_file_errors(dev, apdev):
138ec97e 335 """WPA2-PSK AP with various PSK file error and success cases"""
18945a8c
B		 336 addr0 = dev[0].own_addr()
337 addr1 = dev[1].own_addr()
338 addr2 = dev[2].own_addr()
138ec97e
JM		 339 ssid = "psk"
340 pskfile = "/tmp/ap_wpa2_psk_file_errors.psk_file"
341 try:
342 os.remove(pskfile)
343 except:
344 pass
345
fab49f61
JM		 346 params = {"ssid": ssid, "wpa": "2", "wpa_key_mgmt": "WPA-PSK",
347 "rsn_pairwise": "CCMP", "wpa_psk_file": pskfile}
138ec97e
JM		 348
349 try:
350 # missing PSK file
8b8a1864 351 hapd = hostapd.add_ap(apdev[0], params, no_enable=True)
138ec97e
JM		 352 if "FAIL" not in hapd.request("ENABLE"):
353 raise Exception("Unexpected ENABLE success")
354 hapd.request("DISABLE")
355
356 # invalid MAC address
357 with open(pskfile, "w") as f:
358 f.write("\n")
359 f.write("foo\n")
360 if "FAIL" not in hapd.request("ENABLE"):
361 raise Exception("Unexpected ENABLE success")
362 hapd.request("DISABLE")
363
364 # no PSK on line
365 with open(pskfile, "w") as f:
366 f.write("00:11:22:33:44:55\n")
367 if "FAIL" not in hapd.request("ENABLE"):
368 raise Exception("Unexpected ENABLE success")
369 hapd.request("DISABLE")
370
371 # invalid PSK
372 with open(pskfile, "w") as f:
373 f.write("00:11:22:33:44:55 1234567\n")
374 if "FAIL" not in hapd.request("ENABLE"):
375 raise Exception("Unexpected ENABLE success")
376 hapd.request("DISABLE")
377
61929f4b
JM		 378 # empty token at the end of the line
379 with open(pskfile, "w") as f:
380 f.write("=\n")
381 if "FAIL" not in hapd.request("ENABLE"):
382 raise Exception("Unexpected ENABLE success")
383 hapd.request("DISABLE")
384
138ec97e
JM		 385 # valid PSK file
386 with open(pskfile, "w") as f:
387 f.write("00:11:22:33:44:55 12345678\n")
388 f.write(addr0 + " 123456789\n")
389 f.write(addr1 + " 123456789a\n")
390 f.write(addr2 + " 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\n")
391 if "FAIL" in hapd.request("ENABLE"):
392 raise Exception("Unexpected ENABLE failure")
393
394 dev[0].connect(ssid, psk="123456789", scan_freq="2412")
395 dev[1].connect(ssid, psk="123456789a", scan_freq="2412")
396 dev[2].connect(ssid, raw_psk="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef", scan_freq="2412")
397
398 finally:
399 try:
400 os.remove(pskfile)
401 except:
402 pass
6796e502 403
9fd6804d 404@remote_compatible
6796e502
JM		 405def test_ap_wpa2_psk_wildcard_ssid(dev, apdev):
406 """WPA2-PSK AP and wildcard SSID configuration"""
407 ssid = "test-wpa2-psk"
408 passphrase = 'qwertyuiop'
409 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
410 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
8b8a1864 411 hapd = hostapd.add_ap(apdev[0], params)
6796e502
JM		 412 dev[0].connect("", bssid=apdev[0]['bssid'], psk=passphrase,
413 scan_freq="2412")
414 dev[1].connect("", bssid=apdev[0]['bssid'], raw_psk=psk, scan_freq="2412")
3b25ad4c 415
9fd6804d 416@remote_compatible
3b25ad4c
JM		 417def test_ap_wpa2_gtk_rekey(dev, apdev):
418 """WPA2-PSK AP and GTK rekey enforced by AP"""
419 ssid = "test-wpa2-psk"
420 passphrase = 'qwertyuiop'
421 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
422 params['wpa_group_rekey'] = '1'
8b8a1864 423 hapd = hostapd.add_ap(apdev[0], params)
3b25ad4c
JM		 424 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
425 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
426 if ev is None:
427 raise Exception("GTK rekey timed out")
a8375c94 428 hwsim_utils.test_connectivity(dev[0], hapd)
3b25ad4c 429
257ad53c
JM		 430def test_ap_wpa2_gtk_rekey_request(dev, apdev):
431 """WPA2-PSK AP and GTK rekey by AP request"""
432 ssid = "test-wpa2-psk"
433 passphrase = 'qwertyuiop'
434 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
435 hapd = hostapd.add_ap(apdev[0], params)
436 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
437 if "OK" not in hapd.request("REKEY_GTK"):
438 raise Exception("REKEY_GTK failed")
439 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
440 if ev is None:
441 raise Exception("GTK rekey timed out")
442 hwsim_utils.test_connectivity(dev[0], hapd)
443
9fd6804d 444@remote_compatible
3b25ad4c
JM		 445def test_ap_wpa_gtk_rekey(dev, apdev):
446 """WPA-PSK/TKIP AP and GTK rekey enforced by AP"""
a1eabc74 447 skip_with_fips(dev[0])
3b25ad4c
JM		 448 ssid = "test-wpa-psk"
449 passphrase = 'qwertyuiop'
450 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
451 params['wpa_group_rekey'] = '1'
8b8a1864 452 hapd = hostapd.add_ap(apdev[0], params)
3b25ad4c
JM		 453 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
454 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
455 if ev is None:
456 raise Exception("GTK rekey timed out")
a8375c94 457 hwsim_utils.test_connectivity(dev[0], hapd)
3b25ad4c 458
9fd6804d 459@remote_compatible
3b25ad4c
JM		 460def test_ap_wpa2_gmk_rekey(dev, apdev):
461 """WPA2-PSK AP and GMK and GTK rekey enforced by AP"""
462 ssid = "test-wpa2-psk"
463 passphrase = 'qwertyuiop'
464 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
465 params['wpa_group_rekey'] = '1'
466 params['wpa_gmk_rekey'] = '2'
8b8a1864 467 hapd = hostapd.add_ap(apdev[0], params)
3b25ad4c
JM		 468 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
469 for i in range(0, 3):
470 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
471 if ev is None:
472 raise Exception("GTK rekey timed out")
a8375c94 473 hwsim_utils.test_connectivity(dev[0], hapd)
3b25ad4c 474
9fd6804d 475@remote_compatible
3b25ad4c
JM		 476def test_ap_wpa2_strict_rekey(dev, apdev):
477 """WPA2-PSK AP and strict GTK rekey enforced by AP"""
478 ssid = "test-wpa2-psk"
479 passphrase = 'qwertyuiop'
480 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
481 params['wpa_strict_rekey'] = '1'
8b8a1864 482 hapd = hostapd.add_ap(apdev[0], params)
3b25ad4c
JM		 483 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
484 dev[1].connect(ssid, psk=passphrase, scan_freq="2412")
485 dev[1].request("DISCONNECT")
486 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
487 if ev is None:
488 raise Exception("GTK rekey timed out")
a8375c94 489 hwsim_utils.test_connectivity(dev[0], hapd)
d1fc5736 490
9fd6804d 491@remote_compatible
d1fc5736
JM		 492def test_ap_wpa2_bridge_fdb(dev, apdev):
493 """Bridge FDB entry removal"""
bb04a9a9 494 hapd = None
d1fc5736
JM		 495 try:
496 ssid = "test-wpa2-psk"
497 passphrase = "12345678"
498 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
499 params['bridge'] = 'ap-br0'
bb04a9a9
JA		 500 hapd = hostapd.add_ap(apdev[0], params)
501 hapd.cmd_execute(['brctl', 'setfd', 'ap-br0', '0'])
502 hapd.cmd_execute(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
d1fc5736
JM		 503 dev[0].connect(ssid, psk=passphrase, scan_freq="2412",
504 bssid=apdev[0]['bssid'])
505 dev[1].connect(ssid, psk=passphrase, scan_freq="2412",
506 bssid=apdev[0]['bssid'])
507 addr0 = dev[0].p2p_interface_addr()
508 hwsim_utils.test_connectivity_sta(dev[0], dev[1])
bb04a9a9
JA		 509 err, macs1 = hapd.cmd_execute(['brctl', 'showmacs', 'ap-br0'])
510 hapd.cmd_execute(['brctl', 'setageing', 'ap-br0', '1'])
d1fc5736
JM		 511 dev[0].request("DISCONNECT")
512 dev[1].request("DISCONNECT")
513 time.sleep(1)
bb04a9a9 514 err, macs2 = hapd.cmd_execute(['brctl', 'showmacs', 'ap-br0'])
d1fc5736
JM		 515
516 addr1 = dev[1].p2p_interface_addr()
517 if addr0 not in macs1 or addr1 not in macs1:
518 raise Exception("Bridge FDB entry missing")
519 if addr0 in macs2 or addr1 in macs2:
520 raise Exception("Bridge FDB entry was not removed")
521 finally:
bb04a9a9
JA		 522 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', 'ap-br0',
523 'down'])
524 hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', 'ap-br0'])
cf0b9c86 525
9fd6804d 526@remote_compatible
8619c334
JM		 527def test_ap_wpa2_already_in_bridge(dev, apdev):
528 """hostapd behavior with interface already in bridge"""
529 ifname = apdev[0]['ifname']
530 br_ifname = 'ext-ap-br0'
531 try:
532 ssid = "test-wpa2-psk"
533 passphrase = "12345678"
bb04a9a9
JA		 534 hostapd.cmd_execute(apdev[0], ['brctl', 'addbr', br_ifname])
535 hostapd.cmd_execute(apdev[0], ['brctl', 'setfd', br_ifname, '0'])
536 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname,
537 'up'])
538 hostapd.cmd_execute(apdev[0], ['iw', ifname, 'set', 'type', '__ap'])
539 hostapd.cmd_execute(apdev[0], ['brctl', 'addif', br_ifname, ifname])
8619c334 540 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
41ba40e7 541 hapd = hostapd.add_ap(apdev[0], params)
8619c334
JM		 542 if hapd.get_driver_status_field('brname') != br_ifname:
543 raise Exception("Bridge name not identified correctly")
544 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
545 finally:
bb04a9a9
JA		 546 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname,
547 'down'])
548 hostapd.cmd_execute(apdev[0], ['brctl', 'delif', br_ifname, ifname])
549 hostapd.cmd_execute(apdev[0], ['iw', ifname, 'set', 'type', 'station'])
550 hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', br_ifname])
8619c334 551
9fd6804d 552@remote_compatible
542452a9
JM		 553def test_ap_wpa2_in_different_bridge(dev, apdev):
554 """hostapd behavior with interface in different bridge"""
555 ifname = apdev[0]['ifname']
556 br_ifname = 'ext-ap-br0'
557 try:
558 ssid = "test-wpa2-psk"
559 passphrase = "12345678"
bb04a9a9
JA		 560 hostapd.cmd_execute(apdev[0], ['brctl', 'addbr', br_ifname])
561 hostapd.cmd_execute(apdev[0], ['brctl', 'setfd', br_ifname, '0'])
562 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname,
563 'up'])
564 hostapd.cmd_execute(apdev[0], ['iw', ifname, 'set', 'type', '__ap'])
565 hostapd.cmd_execute(apdev[0], ['brctl', 'addif', br_ifname, ifname])
542452a9
JM		 566 time.sleep(0.5)
567 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
568 params['bridge'] = 'ap-br0'
41ba40e7 569 hapd = hostapd.add_ap(apdev[0], params)
bb04a9a9
JA		 570 hostapd.cmd_execute(apdev[0], ['brctl', 'setfd', 'ap-br0', '0'])
571 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', 'ap-br0',
572 'up'])
542452a9
JM		 573 brname = hapd.get_driver_status_field('brname')
574 if brname != 'ap-br0':
575 raise Exception("Incorrect bridge: " + brname)
576 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
577 hwsim_utils.test_connectivity_iface(dev[0], hapd, "ap-br0")
578 if hapd.get_driver_status_field("added_bridge") != "1":
579 raise Exception("Unexpected added_bridge value")
580 if hapd.get_driver_status_field("added_if_into_bridge") != "1":
581 raise Exception("Unexpected added_if_into_bridge value")
582 dev[0].request("DISCONNECT")
583 hapd.disable()
542452a9 584 finally:
bb04a9a9
JA		 585 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname,
586 'down'])
587 hostapd.cmd_execute(apdev[0], ['brctl', 'delif', br_ifname, ifname,
588 "2>", "/dev/null"], shell=True)
589 hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', br_ifname])
542452a9 590
9fd6804d 591@remote_compatible
8619c334
JM		 592def test_ap_wpa2_ext_add_to_bridge(dev, apdev):
593 """hostapd behavior with interface added to bridge externally"""
594 ifname = apdev[0]['ifname']
595 br_ifname = 'ext-ap-br0'
596 try:
597 ssid = "test-wpa2-psk"
598 passphrase = "12345678"
599 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
41ba40e7 600 hapd = hostapd.add_ap(apdev[0], params)
8619c334 601
bb04a9a9
JA		 602 hostapd.cmd_execute(apdev[0], ['brctl', 'addbr', br_ifname])
603 hostapd.cmd_execute(apdev[0], ['brctl', 'setfd', br_ifname, '0'])
604 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname,
605 'up'])
606 hostapd.cmd_execute(apdev[0], ['brctl', 'addif', br_ifname, ifname])
8619c334
JM		 607 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
608 if hapd.get_driver_status_field('brname') != br_ifname:
609 raise Exception("Bridge name not identified correctly")
610 finally:
bb04a9a9
JA		 611 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname,
612 'down'])
613 hostapd.cmd_execute(apdev[0], ['brctl', 'delif', br_ifname, ifname])
614 hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', br_ifname])
8619c334 615
cf0b9c86
JM		 616def test_ap_wpa2_psk_ext(dev, apdev):
617 """WPA2-PSK AP using external EAPOL I/O"""
618 bssid = apdev[0]['bssid']
619 ssid = "test-wpa2-psk"
620 passphrase = 'qwertyuiop'
621 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
622 params = hostapd.wpa2_params(ssid=ssid)
623 params['wpa_psk'] = psk
8b8a1864 624 hapd = hostapd.add_ap(apdev[0], params)
cf0b9c86
JM		 625 hapd.request("SET ext_eapol_frame_io 1")
626 dev[0].request("SET ext_eapol_frame_io 1")
627 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
628 addr = dev[0].p2p_interface_addr()
629 while True:
630 ev = hapd.wait_event(["EAPOL-TX", "AP-STA-CONNECTED"], timeout=15)
631 if ev is None:
632 raise Exception("Timeout on EAPOL-TX from hostapd")
633 if "AP-STA-CONNECTED" in ev:
5f35a5e2 634 dev[0].wait_connected(timeout=15)
cf0b9c86
JM		 635 break
636 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
637 if "OK" not in res:
638 raise Exception("EAPOL_RX to wpa_supplicant failed")
639 ev = dev[0].wait_event(["EAPOL-TX", "CTRL-EVENT-CONNECTED"], timeout=15)
640 if ev is None:
641 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
642 if "CTRL-EVENT-CONNECTED" in ev:
643 break
644 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
645 if "OK" not in res:
646 raise Exception("EAPOL_RX to hostapd failed")
821490f5 647
242339de
JM		 648def test_ap_wpa2_psk_ext_retry_msg_3(dev, apdev):
649 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4"""
650 bssid = apdev[0]['bssid']
651 ssid = "test-wpa2-psk"
652 passphrase = 'qwertyuiop'
653 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
654 params = hostapd.wpa2_params(ssid=ssid)
655 params['wpa_psk'] = psk
8b8a1864 656 hapd = hostapd.add_ap(apdev[0], params)
242339de
JM		 657 hapd.request("SET ext_eapol_frame_io 1")
658 dev[0].request("SET ext_eapol_frame_io 1")
659 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
660 addr = dev[0].p2p_interface_addr()
661
662 # EAPOL-Key msg 1/4
663 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
664 if ev is None:
665 raise Exception("Timeout on EAPOL-TX from hostapd")
666 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
667 if "OK" not in res:
668 raise Exception("EAPOL_RX to wpa_supplicant failed")
669
670 # EAPOL-Key msg 2/4
671 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
672 if ev is None:
673 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
674 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
675 if "OK" not in res:
676 raise Exception("EAPOL_RX to hostapd failed")
677
678 # EAPOL-Key msg 3/4
679 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
680 if ev is None:
681 raise Exception("Timeout on EAPOL-TX from hostapd")
682 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
683 if "OK" not in res:
684 raise Exception("EAPOL_RX to wpa_supplicant failed")
685
686 # EAPOL-Key msg 4/4
687 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
688 if ev is None:
689 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
690 # Do not send to the AP
691 dev[0].wait_connected(timeout=15)
692
693 # EAPOL-Key msg 3/4 (retry)
694 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
695 if ev is None:
696 raise Exception("Timeout on EAPOL-TX from hostapd")
697 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
698 if "OK" not in res:
699 raise Exception("EAPOL_RX to wpa_supplicant failed")
700
701 # EAPOL-Key msg 4/4
702 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
703 if ev is None:
704 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
705 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
706 if "OK" not in res:
707 raise Exception("EAPOL_RX to hostapd failed")
708
709 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
710 if ev is None:
711 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
712
713 hwsim_utils.test_connectivity(dev[0], hapd)
714
c29475a9
JM		 715def test_ap_wpa2_psk_ext_retry_msg_3b(dev, apdev):
716 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (b)"""
717 bssid = apdev[0]['bssid']
718 ssid = "test-wpa2-psk"
719 passphrase = 'qwertyuiop'
720 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
721 params = hostapd.wpa2_params(ssid=ssid)
722 params['wpa_psk'] = psk
723 hapd = hostapd.add_ap(apdev[0], params)
724 hapd.request("SET ext_eapol_frame_io 1")
725 dev[0].request("SET ext_eapol_frame_io 1")
726 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
727 addr = dev[0].p2p_interface_addr()
728
729 # EAPOL-Key msg 1/4
730 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
731 if ev is None:
732 raise Exception("Timeout on EAPOL-TX from hostapd")
733 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
734 if "OK" not in res:
735 raise Exception("EAPOL_RX to wpa_supplicant failed")
736
737 # EAPOL-Key msg 2/4
738 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
739 if ev is None:
740 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
741 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
742 if "OK" not in res:
743 raise Exception("EAPOL_RX to hostapd failed")
744
745 # EAPOL-Key msg 3/4
746 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
747 if ev is None:
748 raise Exception("Timeout on EAPOL-TX from hostapd")
749 # Do not send the first msg 3/4 to the STA yet; wait for retransmission
750 # from AP.
751 msg3_1 = ev
752
753 # EAPOL-Key msg 3/4 (retry)
754 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
755 if ev is None:
756 raise Exception("Timeout on EAPOL-TX from hostapd")
757 msg3_2 = ev
758
759 # Send the first msg 3/4 to STA
760 res = dev[0].request("EAPOL_RX " + bssid + " " + msg3_1.split(' ')[2])
761 if "OK" not in res:
762 raise Exception("EAPOL_RX to wpa_supplicant failed")
763
764 # EAPOL-Key msg 4/4
765 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
766 if ev is None:
767 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
768 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
769 if "OK" not in res:
770 raise Exception("EAPOL_RX to hostapd failed")
771 dev[0].wait_connected(timeout=15)
772 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
773 if ev is None:
774 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
775
776 hwsim_utils.test_connectivity(dev[0], hapd)
777
778 # Send the second msg 3/4 to STA
779 res = dev[0].request("EAPOL_RX " + bssid + " " + msg3_2.split(' ')[2])
780 if "OK" not in res:
781 raise Exception("EAPOL_RX to wpa_supplicant failed")
782 # EAPOL-Key msg 4/4
783 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
784 if ev is None:
785 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
786 # Do not send the second msg 4/4 to the AP
787
788 hwsim_utils.test_connectivity(dev[0], hapd)
789
f4528fbf
JM		 790def test_ap_wpa2_psk_ext_retry_msg_3c(dev, apdev):
791 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (c)"""
792 bssid = apdev[0]['bssid']
793 ssid = "test-wpa2-psk"
794 passphrase = 'qwertyuiop'
795 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
796 params = hostapd.wpa2_params(ssid=ssid)
797 params['wpa_psk'] = psk
798 hapd = hostapd.add_ap(apdev[0], params)
799 hapd.request("SET ext_eapol_frame_io 1")
800 dev[0].request("SET ext_eapol_frame_io 1")
801 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
802 addr = dev[0].p2p_interface_addr()
803
804 # EAPOL-Key msg 1/4
805 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
806 if ev is None:
807 raise Exception("Timeout on EAPOL-TX from hostapd")
808 msg1 = ev.split(' ')[2]
809 res = dev[0].request("EAPOL_RX " + bssid + " " + msg1)
810 if "OK" not in res:
811 raise Exception("EAPOL_RX to wpa_supplicant failed")
812
813 # EAPOL-Key msg 2/4
814 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
815 if ev is None:
816 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
817 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
818 if "OK" not in res:
819 raise Exception("EAPOL_RX to hostapd failed")
820
821 # EAPOL-Key msg 3/4
822 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
823 if ev is None:
824 raise Exception("Timeout on EAPOL-TX from hostapd")
825 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
826 if "OK" not in res:
827 raise Exception("EAPOL_RX to wpa_supplicant failed")
828
829 # EAPOL-Key msg 4/4
830 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
831 if ev is None:
832 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
833 msg4 = ev.split(' ')[2]
834 # Do not send msg 4/4 to hostapd to trigger retry
835
836 # STA believes everything is ready
837 dev[0].wait_connected()
838
839 # EAPOL-Key msg 3/4 (retry)
840 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
841 if ev is None:
842 raise Exception("Timeout on EAPOL-TX from hostapd")
843 msg3 = ev.split(' ')[2]
844
845 # Send a forged msg 1/4 to STA (update replay counter)
846 msg1b = msg1[0:18] + msg3[18:34] + msg1[34:]
847 # and replace nonce (this results in "WPA: ANonce from message 1 of
848 # 4-Way Handshake differs from 3 of 4-Way Handshake - drop packet" when
849 # wpa_supplicant processed msg 3/4 afterwards)
850 #msg1b = msg1[0:18] + msg3[18:34] + 32*"ff" + msg1[98:]
851 res = dev[0].request("EAPOL_RX " + bssid + " " + msg1b)
852 if "OK" not in res:
853 raise Exception("EAPOL_RX to wpa_supplicant failed")
854 # EAPOL-Key msg 2/4
855 ev = dev[0].wait_event(["EAPOL-TX"], timeout=1)
856 if ev is None:
857 # wpa_supplicant seems to have ignored the forged message. This means
858 # the attack would fail.
859 logger.info("wpa_supplicant ignored forged EAPOL-Key msg 1/4")
860 return
861 # Do not send msg 2/4 to hostapd
862
863 # Send previously received msg 3/4 to STA
864 res = dev[0].request("EAPOL_RX " + bssid + " " + msg3)
865 if "OK" not in res:
866 raise Exception("EAPOL_RX to wpa_supplicant failed")
867
868 # EAPOL-Key msg 4/4
869 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
870 if ev is None:
871 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
872 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
873 if "OK" not in res:
874 raise Exception("EAPOL_RX to hostapd failed")
875
876 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
877 if ev is None:
878 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
879
880 hwsim_utils.test_connectivity(dev[0], hapd)
881
882def test_ap_wpa2_psk_ext_retry_msg_3d(dev, apdev):
883 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (d)"""
884 bssid = apdev[0]['bssid']
885 ssid = "test-wpa2-psk"
886 passphrase = 'qwertyuiop'
887 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
888 params = hostapd.wpa2_params(ssid=ssid)
889 params['wpa_psk'] = psk
890 hapd = hostapd.add_ap(apdev[0], params)
891 hapd.request("SET ext_eapol_frame_io 1")
892 dev[0].request("SET ext_eapol_frame_io 1")
893 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
894 addr = dev[0].p2p_interface_addr()
895
896 # EAPOL-Key msg 1/4
897 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
898 if ev is None:
899 raise Exception("Timeout on EAPOL-TX from hostapd")
900 msg1 = ev.split(' ')[2]
901 res = dev[0].request("EAPOL_RX " + bssid + " " + msg1)
902 if "OK" not in res:
903 raise Exception("EAPOL_RX to wpa_supplicant failed")
904
905 # EAPOL-Key msg 2/4
906 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
907 if ev is None:
908 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
909 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
910 if "OK" not in res:
911 raise Exception("EAPOL_RX to hostapd failed")
912
913 # EAPOL-Key msg 3/4
914 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
915 if ev is None:
916 raise Exception("Timeout on EAPOL-TX from hostapd")
917 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
918 if "OK" not in res:
919 raise Exception("EAPOL_RX to wpa_supplicant failed")
920
921 # EAPOL-Key msg 4/4
922 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
923 if ev is None:
924 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
925 msg4 = ev.split(' ')[2]
926 # Do not send msg 4/4 to hostapd to trigger retry
927
928 # STA believes everything is ready
929 dev[0].wait_connected()
930
931 # EAPOL-Key msg 3/4 (retry)
932 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
933 if ev is None:
934 raise Exception("Timeout on EAPOL-TX from hostapd")
935 msg3 = ev.split(' ')[2]
936
937 # Send a forged msg 1/4 to STA (update replay counter)
938 msg1b = msg1[0:18] + msg3[18:34] + msg1[34:]
939 res = dev[0].request("EAPOL_RX " + bssid + " " + msg1b)
940 if "OK" not in res:
941 raise Exception("EAPOL_RX to wpa_supplicant failed")
942 # EAPOL-Key msg 2/4
943 ev = dev[0].wait_event(["EAPOL-TX"], timeout=1)
944 if ev is None:
945 # wpa_supplicant seems to have ignored the forged message. This means
946 # the attack would fail.
947 logger.info("wpa_supplicant ignored forged EAPOL-Key msg 1/4")
948 return
949 # Do not send msg 2/4 to hostapd
950
951 # EAPOL-Key msg 3/4 (retry 2)
952 # New one needed to get the correct Replay Counter value
953 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
954 if ev is None:
955 raise Exception("Timeout on EAPOL-TX from hostapd")
956 msg3 = ev.split(' ')[2]
957
958 # Send msg 3/4 to STA
959 res = dev[0].request("EAPOL_RX " + bssid + " " + msg3)
960 if "OK" not in res:
961 raise Exception("EAPOL_RX to wpa_supplicant failed")
962
963 # EAPOL-Key msg 4/4
964 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
965 if ev is None:
966 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
967 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
968 if "OK" not in res:
969 raise Exception("EAPOL_RX to hostapd failed")
970
971 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
972 if ev is None:
973 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
974
975 hwsim_utils.test_connectivity(dev[0], hapd)
976
977def test_ap_wpa2_psk_ext_retry_msg_3e(dev, apdev):
978 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (e)"""
979 bssid = apdev[0]['bssid']
980 ssid = "test-wpa2-psk"
981 passphrase = 'qwertyuiop'
982 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
983 params = hostapd.wpa2_params(ssid=ssid)
984 params['wpa_psk'] = psk
985 hapd = hostapd.add_ap(apdev[0], params)
986 hapd.request("SET ext_eapol_frame_io 1")
987 dev[0].request("SET ext_eapol_frame_io 1")
988 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
989 addr = dev[0].p2p_interface_addr()
990
991 # EAPOL-Key msg 1/4
992 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
993 if ev is None:
994 raise Exception("Timeout on EAPOL-TX from hostapd")
995 msg1 = ev.split(' ')[2]
996 res = dev[0].request("EAPOL_RX " + bssid + " " + msg1)
997 if "OK" not in res:
998 raise Exception("EAPOL_RX to wpa_supplicant failed")
999
1000 # EAPOL-Key msg 2/4
1001 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
1002 if ev is None:
1003 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1004 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
1005 if "OK" not in res:
1006 raise Exception("EAPOL_RX to hostapd failed")
1007
1008 # EAPOL-Key msg 3/4
1009 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1010 if ev is None:
1011 raise Exception("Timeout on EAPOL-TX from hostapd")
1012 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
1013 if "OK" not in res:
1014 raise Exception("EAPOL_RX to wpa_supplicant failed")
1015
1016 # EAPOL-Key msg 4/4
1017 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
1018 if ev is None:
1019 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1020 msg4 = ev.split(' ')[2]
1021 # Do not send msg 4/4 to hostapd to trigger retry
1022
1023 # STA believes everything is ready
1024 dev[0].wait_connected()
1025
1026 # EAPOL-Key msg 3/4 (retry)
1027 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1028 if ev is None:
1029 raise Exception("Timeout on EAPOL-TX from hostapd")
1030 msg3 = ev.split(' ')[2]
1031
1032 # Send a forged msg 1/4 to STA (update replay counter and replace ANonce)
1033 msg1b = msg1[0:18] + msg3[18:34] + 32*"ff" + msg1[98:]
1034 res = dev[0].request("EAPOL_RX " + bssid + " " + msg1b)
1035 if "OK" not in res:
1036 raise Exception("EAPOL_RX to wpa_supplicant failed")
1037 # EAPOL-Key msg 2/4
1038 ev = dev[0].wait_event(["EAPOL-TX"], timeout=1)
1039 if ev is None:
1040 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1041 # Do not send msg 2/4 to hostapd
1042
1043 # Send a forged msg 1/4 to STA (back to previously used ANonce)
1044 msg1b = msg1[0:18] + msg3[18:34] + msg1[34:]
1045 res = dev[0].request("EAPOL_RX " + bssid + " " + msg1b)
1046 if "OK" not in res:
1047 raise Exception("EAPOL_RX to wpa_supplicant failed")
1048 # EAPOL-Key msg 2/4
1049 ev = dev[0].wait_event(["EAPOL-TX"], timeout=1)
1050 if ev is None:
1051 # wpa_supplicant seems to have ignored the forged message. This means
1052 # the attack would fail.
1053 logger.info("wpa_supplicant ignored forged EAPOL-Key msg 1/4")
1054 return
1055 # Do not send msg 2/4 to hostapd
1056
1057 # EAPOL-Key msg 3/4 (retry 2)
1058 # New one needed to get the correct Replay Counter value
1059 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1060 if ev is None:
1061 raise Exception("Timeout on EAPOL-TX from hostapd")
1062 msg3 = ev.split(' ')[2]
1063
1064 # Send msg 3/4 to STA
1065 res = dev[0].request("EAPOL_RX " + bssid + " " + msg3)
1066 if "OK" not in res:
1067 raise Exception("EAPOL_RX to wpa_supplicant failed")
1068
1069 # EAPOL-Key msg 4/4
1070 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
1071 if ev is None:
1072 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1073 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
1074 if "OK" not in res:
1075 raise Exception("EAPOL_RX to hostapd failed")
1076
1077 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
1078 if ev is None:
1079 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
1080
1081 hwsim_utils.test_connectivity(dev[0], hapd)
1082
60890ca4
JM		 1083def test_ap_wpa2_psk_ext_delayed_ptk_rekey(dev, apdev):
1084 """WPA2-PSK AP using external EAPOL I/O and delayed PTK rekey exchange"""
1085 bssid = apdev[0]['bssid']
1086 ssid = "test-wpa2-psk"
1087 passphrase = 'qwertyuiop'
1088 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
1089 params = hostapd.wpa2_params(ssid=ssid)
1090 params['wpa_psk'] = psk
1091 params['wpa_ptk_rekey'] = '3'
1092 hapd = hostapd.add_ap(apdev[0], params)
1093 hapd.request("SET ext_eapol_frame_io 1")
1094 dev[0].request("SET ext_eapol_frame_io 1")
1095 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
1096 addr = dev[0].p2p_interface_addr()
1097
1098 # EAPOL-Key msg 1/4
1099 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1100 if ev is None:
1101 raise Exception("Timeout on EAPOL-TX from hostapd")
1102 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
1103 if "OK" not in res:
1104 raise Exception("EAPOL_RX to wpa_supplicant failed")
1105
1106 # EAPOL-Key msg 2/4
1107 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
1108 if ev is None:
1109 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1110 msg2 = ev.split(' ')[2]
1111 # Do not send this to the AP
1112
1113 # EAPOL-Key msg 1/4 (retry)
1114 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1115 if ev is None:
1116 raise Exception("Timeout on EAPOL-TX from hostapd")
1117 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
1118 if "OK" not in res:
1119 raise Exception("EAPOL_RX to wpa_supplicant failed")
1120
1121 # EAPOL-Key msg 2/4
1122 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
1123 if ev is None:
1124 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1125 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
1126 if "OK" not in res:
1127 raise Exception("EAPOL_RX to hostapd failed")
1128
1129 # EAPOL-Key msg 3/4
1130 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1131 if ev is None:
1132 raise Exception("Timeout on EAPOL-TX from hostapd")
1133 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
1134 if "OK" not in res:
1135 raise Exception("EAPOL_RX to wpa_supplicant failed")
1136
1137 # EAPOL-Key msg 4/4
1138 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
1139 if ev is None:
1140 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1141 msg4 = ev.split(' ')[2]
1142 # Do not send msg 4/4 to AP
1143
1144 # EAPOL-Key msg 3/4 (retry)
1145 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1146 if ev is None:
1147 raise Exception("Timeout on EAPOL-TX from hostapd")
1148 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
1149 if "OK" not in res:
1150 raise Exception("EAPOL_RX to wpa_supplicant failed")
1151
1152 # EAPOL-Key msg 4/4
1153 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
1154 if ev is None:
1155 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1156 msg4b = ev.split(' ')[2]
1157 # Do not send msg 4/4 to AP
1158
1159 # Send the previous EAPOL-Key msg 4/4 to AP
1160 res = hapd.request("EAPOL_RX " + addr + " " + msg4)
1161 if "OK" not in res:
1162 raise Exception("EAPOL_RX to hostapd failed")
1163
1164 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
1165 if ev is None:
1166 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
1167
1168 # Wait for PTK rekeying to be initialized
1169 # EAPOL-Key msg 1/4
1170 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1171 if ev is None:
1172 raise Exception("Timeout on EAPOL-TX from hostapd")
1173
1174 # EAPOL-Key msg 2/4 from the previous 4-way handshake
1175 # hostapd is expected to ignore this due to unexpected Replay Counter
1176 res = hapd.request("EAPOL_RX " + addr + " " + msg2)
1177 if "OK" not in res:
1178 raise Exception("EAPOL_RX to hostapd failed")
1179
1180 # EAPOL-Key msg 3/4 (actually, this ends up being retransmitted 1/4)
1181 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1182 if ev is None:
1183 raise Exception("Timeout on EAPOL-TX from hostapd")
1184 keyinfo = ev.split(' ')[2][10:14]
1185 if keyinfo != "008a":
1186 raise Exception("Unexpected key info when expected msg 1/4:" + keyinfo)
1187
1188 # EAPOL-Key msg 4/4 from the previous 4-way handshake
1189 # hostapd is expected to ignore this due to unexpected Replay Counter
1190 res = hapd.request("EAPOL_RX " + addr + " " + msg4b)
1191 if "OK" not in res:
1192 raise Exception("EAPOL_RX to hostapd failed")
1193
1194 # Check if any more EAPOL-Key frames are seen. If the second 4-way handshake
1195 # was accepted, there would be no more EAPOL-Key frames. If the Replay
1196 # Counters were rejected, there would be a retransmitted msg 1/4 here.
1197 ev = hapd.wait_event(["EAPOL-TX"], timeout=1)
1198 if ev is None:
1199 raise Exception("Did not see EAPOL-TX from hostapd in the end (expected msg 1/4)")
1200 keyinfo = ev.split(' ')[2][10:14]
1201 if keyinfo != "008a":
1202 raise Exception("Unexpected key info when expected msg 1/4:" + keyinfo)
1203
821490f5
JM		 1204def parse_eapol(data):
1205 (version, type, length) = struct.unpack('>BBH', data[0:4])
1206 payload = data[4:]
1207 if length > len(payload):
1208 raise Exception("Invalid EAPOL length")
1209 if length < len(payload):
1210 payload = payload[0:length]
1211 eapol = {}
1212 eapol['version'] = version
1213 eapol['type'] = type
1214 eapol['length'] = length
1215 eapol['payload'] = payload
1216 if type == 3:
1217 # EAPOL-Key
1218 (eapol['descr_type'],) = struct.unpack('B', payload[0:1])
1219 payload = payload[1:]
a52fd1c3 1220 if eapol['descr_type'] == 2 or eapol['descr_type'] == 254:
821490f5
JM		 1221 # RSN EAPOL-Key
1222 (key_info, key_len) = struct.unpack('>HH', payload[0:4])
1223 eapol['rsn_key_info'] = key_info
1224 eapol['rsn_key_len'] = key_len
1225 eapol['rsn_replay_counter'] = payload[4:12]
1226 eapol['rsn_key_nonce'] = payload[12:44]
1227 eapol['rsn_key_iv'] = payload[44:60]
1228 eapol['rsn_key_rsc'] = payload[60:68]
1229 eapol['rsn_key_id'] = payload[68:76]
1230 eapol['rsn_key_mic'] = payload[76:92]
1231 payload = payload[92:]
1232 (eapol['rsn_key_data_len'],) = struct.unpack('>H', payload[0:2])
1233 payload = payload[2:]
1234 eapol['rsn_key_data'] = payload
1235 return eapol
1236
1237def build_eapol(msg):
1238 data = struct.pack(">BBH", msg['version'], msg['type'], msg['length'])
1239 if msg['type'] == 3:
1240 data += struct.pack('>BHH', msg['descr_type'], msg['rsn_key_info'],
1241 msg['rsn_key_len'])
1242 data += msg['rsn_replay_counter']
1243 data += msg['rsn_key_nonce']
1244 data += msg['rsn_key_iv']
1245 data += msg['rsn_key_rsc']
1246 data += msg['rsn_key_id']
1247 data += msg['rsn_key_mic']
1248 data += struct.pack('>H', msg['rsn_key_data_len'])
1249 data += msg['rsn_key_data']
1250 else:
1251 data += msg['payload']
1252 return data
1253
1254def sha1_prf(key, label, data, outlen):
15dfcb69 1255 res = b''
821490f5
JM		 1256 counter = 0
1257 while outlen > 0:
f94df3c0 1258 m = hmac.new(key, label.encode(), hashlib.sha1)
821490f5
JM		 1259 m.update(struct.pack('B', 0))
1260 m.update(data)
1261 m.update(struct.pack('B', counter))
1262 counter += 1
1263 hash = m.digest()
1264 if outlen > len(hash):
1265 res += hash
1266 outlen -= len(hash)
1267 else:
1268 res += hash[0:outlen]
1269 outlen = 0
1270 return res
1271
1272def pmk_to_ptk(pmk, addr1, addr2, nonce1, nonce2):
1273 if addr1 < addr2:
fab49f61 1274 data = binascii.unhexlify(addr1.replace(':', '')) + binascii.unhexlify(addr2.replace(':', ''))
821490f5 1275 else:
fab49f61 1276 data = binascii.unhexlify(addr2.replace(':', '')) + binascii.unhexlify(addr1.replace(':', ''))
821490f5
JM		 1277 if nonce1 < nonce2:
1278 data += nonce1 + nonce2
1279 else:
1280 data += nonce2 + nonce1
1281 label = "Pairwise key expansion"
1282 ptk = sha1_prf(pmk, label, data, 48)
1283 kck = ptk[0:16]
1284 kek = ptk[16:32]
1285 return (ptk, kck, kek)
1286
1287def eapol_key_mic(kck, msg):
1288 msg['rsn_key_mic'] = binascii.unhexlify('00000000000000000000000000000000')
1289 data = build_eapol(msg)
1290 m = hmac.new(kck, data, hashlib.sha1)
1291 msg['rsn_key_mic'] = m.digest()[0:16]
1292
1293def rsn_eapol_key_set(msg, key_info, key_len, nonce, data):
1294 msg['rsn_key_info'] = key_info
1295 msg['rsn_key_len'] = key_len
1296 if nonce:
1297 msg['rsn_key_nonce'] = nonce
1298 else:
1299 msg['rsn_key_nonce'] = binascii.unhexlify('0000000000000000000000000000000000000000000000000000000000000000')
1300 if data:
1301 msg['rsn_key_data_len'] = len(data)
1302 msg['rsn_key_data'] = data
1303 msg['length'] = 95 + len(data)
1304 else:
1305 msg['rsn_key_data_len'] = 0
15dfcb69 1306 msg['rsn_key_data'] = b''
821490f5
JM		 1307 msg['length'] = 95
1308
1309def recv_eapol(hapd):
1310 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1311 if ev is None:
1312 raise Exception("Timeout on EAPOL-TX from hostapd")
1313 eapol = binascii.unhexlify(ev.split(' ')[2])
1314 return parse_eapol(eapol)
1315
1316def send_eapol(hapd, addr, data):
7ab74770 1317 res = hapd.request("EAPOL_RX " + addr + " " + binascii.hexlify(data).decode())
821490f5
JM		 1318 if "OK" not in res:
1319 raise Exception("EAPOL_RX to hostapd failed")
1320
1321def reply_eapol(info, hapd, addr, msg, key_info, nonce, data, kck):
1322 logger.info("Send EAPOL-Key msg " + info)
1323 rsn_eapol_key_set(msg, key_info, 0, nonce, data)
1324 eapol_key_mic(kck, msg)
1325 send_eapol(hapd, addr, build_eapol(msg))
1326
1327def hapd_connected(hapd):
1328 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
1329 if ev is None:
1330 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
1331
a52fd1c3 1332def eapol_test(apdev, dev, wpa2=True):
821490f5 1333 bssid = apdev['bssid']
a52fd1c3
JM		 1334 if wpa2:
1335 ssid = "test-wpa2-psk"
1336 else:
1337 ssid = "test-wpa-psk"
821490f5
JM		 1338 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
1339 pmk = binascii.unhexlify(psk)
a52fd1c3
JM		 1340 if wpa2:
1341 params = hostapd.wpa2_params(ssid=ssid)
1342 else:
1343 params = hostapd.wpa_params(ssid=ssid)
821490f5 1344 params['wpa_psk'] = psk
afc26df2 1345 hapd = hostapd.add_ap(apdev, params)
821490f5
JM		 1346 hapd.request("SET ext_eapol_frame_io 1")
1347 dev.request("SET ext_eapol_frame_io 1")
e0c46c8e 1348 dev.connect(ssid, raw_psk=psk, scan_freq="2412", wait_connect=False)
821490f5 1349 addr = dev.p2p_interface_addr()
a52fd1c3
JM		 1350 if wpa2:
1351 rsne = binascii.unhexlify('30140100000fac040100000fac040100000fac020000')
1352 else:
1353 rsne = binascii.unhexlify('dd160050f20101000050f20201000050f20201000050f202')
821490f5 1354 snonce = binascii.unhexlify('1111111111111111111111111111111111111111111111111111111111111111')
fab49f61 1355 return (bssid, ssid, hapd, snonce, pmk, addr, rsne)
821490f5 1356
9fd6804d 1357@remote_compatible
821490f5
JM		 1358def test_ap_wpa2_psk_ext_eapol(dev, apdev):
1359 """WPA2-PSK AP using external EAPOL supplicant"""
fab49f61 1360 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
821490f5
JM		 1361
1362 msg = recv_eapol(hapd)
1363 anonce = msg['rsn_key_nonce']
1364 logger.info("Replay same data back")
1365 send_eapol(hapd, addr, build_eapol(msg))
1366
1367 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1368
1369 logger.info("Truncated Key Data in EAPOL-Key msg 2/4")
1370 rsn_eapol_key_set(msg, 0x0101, 0, snonce, rsne)
1371 msg['length'] = 95 + 22 - 1
1372 send_eapol(hapd, addr, build_eapol(msg))
1373
1374 reply_eapol("2/4", hapd, addr, msg, 0x010a, snonce, rsne, kck)
1375
1376 msg = recv_eapol(hapd)
1377 if anonce != msg['rsn_key_nonce']:
1378 raise Exception("ANonce changed")
1379 logger.info("Replay same data back")
1380 send_eapol(hapd, addr, build_eapol(msg))
1381
1382 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
1383 hapd_connected(hapd)
1384
9fd6804d 1385@remote_compatible
821490f5
JM		 1386def test_ap_wpa2_psk_ext_eapol_retry1(dev, apdev):
1387 """WPA2 4-way handshake with EAPOL-Key 1/4 retransmitted"""
fab49f61 1388 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
821490f5
JM		 1389
1390 msg1 = recv_eapol(hapd)
1391 anonce = msg1['rsn_key_nonce']
1392
1393 msg2 = recv_eapol(hapd)
1394 if anonce != msg2['rsn_key_nonce']:
1395 raise Exception("ANonce changed")
1396
1397 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1398
1399 logger.info("Send EAPOL-Key msg 2/4")
1400 msg = msg2
1401 rsn_eapol_key_set(msg, 0x010a, 0, snonce, rsne)
1402 eapol_key_mic(kck, msg)
1403 send_eapol(hapd, addr, build_eapol(msg))
1404
1405 msg = recv_eapol(hapd)
1406 if anonce != msg['rsn_key_nonce']:
1407 raise Exception("ANonce changed")
1408
1409 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
1410 hapd_connected(hapd)
1411
9fd6804d 1412@remote_compatible
821490f5
JM		 1413def test_ap_wpa2_psk_ext_eapol_retry1b(dev, apdev):
1414 """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted"""
fab49f61 1415 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
821490f5
JM		 1416
1417 msg1 = recv_eapol(hapd)
1418 anonce = msg1['rsn_key_nonce']
1419 msg2 = recv_eapol(hapd)
1420 if anonce != msg2['rsn_key_nonce']:
1421 raise Exception("ANonce changed")
1422
1423 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1424 reply_eapol("2/4 (a)", hapd, addr, msg1, 0x010a, snonce, rsne, kck)
1425 reply_eapol("2/4 (b)", hapd, addr, msg2, 0x010a, snonce, rsne, kck)
1426
1427 msg = recv_eapol(hapd)
1428 if anonce != msg['rsn_key_nonce']:
1429 raise Exception("ANonce changed")
1430
1431 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
1432 hapd_connected(hapd)
1433
9fd6804d 1434@remote_compatible
821490f5
JM		 1435def test_ap_wpa2_psk_ext_eapol_retry1c(dev, apdev):
1436 """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted and SNonce changing"""
fab49f61 1437 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
821490f5
JM		 1438
1439 msg1 = recv_eapol(hapd)
1440 anonce = msg1['rsn_key_nonce']
1441
1442 msg2 = recv_eapol(hapd)
1443 if anonce != msg2['rsn_key_nonce']:
1444 raise Exception("ANonce changed")
1445 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1446 reply_eapol("2/4 (a)", hapd, addr, msg1, 0x010a, snonce, rsne, kck)
1447
1448 snonce2 = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1449 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce2, anonce)
1450 reply_eapol("2/4 (b)", hapd, addr, msg2, 0x010a, snonce2, rsne, kck)
1451
1452 msg = recv_eapol(hapd)
1453 if anonce != msg['rsn_key_nonce']:
1454 raise Exception("ANonce changed")
1455 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
1456 hapd_connected(hapd)
1457
9fd6804d 1458@remote_compatible
821490f5
JM		 1459def test_ap_wpa2_psk_ext_eapol_retry1d(dev, apdev):
1460 """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted and SNonce changing and older used"""
fab49f61 1461 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
821490f5
JM		 1462
1463 msg1 = recv_eapol(hapd)
1464 anonce = msg1['rsn_key_nonce']
1465 msg2 = recv_eapol(hapd)
1466 if anonce != msg2['rsn_key_nonce']:
1467 raise Exception("ANonce changed")
1468
1469 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1470 reply_eapol("2/4 (a)", hapd, addr, msg1, 0x010a, snonce, rsne, kck)
1471
1472 snonce2 = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1473 (ptk2, kck2, kek2) = pmk_to_ptk(pmk, addr, bssid, snonce2, anonce)
1474
1475 reply_eapol("2/4 (b)", hapd, addr, msg2, 0x010a, snonce2, rsne, kck2)
1476 msg = recv_eapol(hapd)
1477 if anonce != msg['rsn_key_nonce']:
1478 raise Exception("ANonce changed")
1479 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
1480 hapd_connected(hapd)
53b9bedb 1481
9fd6804d 1482@remote_compatible
53b9bedb
JM		 1483def test_ap_wpa2_psk_ext_eapol_type_diff(dev, apdev):
1484 """WPA2 4-way handshake using external EAPOL supplicant"""
fab49f61 1485 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
53b9bedb
JM		 1486
1487 msg = recv_eapol(hapd)
1488 anonce = msg['rsn_key_nonce']
1489
1490 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1491
1492 # Incorrect descriptor type (frame dropped)
1493 msg['descr_type'] = 253
1494 rsn_eapol_key_set(msg, 0x010a, 0, snonce, rsne)
1495 eapol_key_mic(kck, msg)
1496 send_eapol(hapd, addr, build_eapol(msg))
1497
1498 # Incorrect descriptor type, but with a workaround (frame processed)
1499 msg['descr_type'] = 254
1500 rsn_eapol_key_set(msg, 0x010a, 0, snonce, rsne)
1501 eapol_key_mic(kck, msg)
1502 send_eapol(hapd, addr, build_eapol(msg))
1503
1504 msg = recv_eapol(hapd)
1505 if anonce != msg['rsn_key_nonce']:
1506 raise Exception("ANonce changed")
1507 logger.info("Replay same data back")
1508 send_eapol(hapd, addr, build_eapol(msg))
1509
1510 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
1511 hapd_connected(hapd)
a52fd1c3 1512
9fd6804d 1513@remote_compatible
a52fd1c3
JM		 1514def test_ap_wpa_psk_ext_eapol(dev, apdev):
1515 """WPA2-PSK AP using external EAPOL supplicant"""
fab49f61
JM		 1516 (bssid, ssid, hapd, snonce, pmk, addr, wpae) = eapol_test(apdev[0], dev[0],
1517 wpa2=False)
a52fd1c3
JM		 1518
1519 msg = recv_eapol(hapd)
1520 anonce = msg['rsn_key_nonce']
1521 logger.info("Replay same data back")
1522 send_eapol(hapd, addr, build_eapol(msg))
1523 logger.info("Too short data")
1524 send_eapol(hapd, addr, build_eapol(msg)[0:98])
1525
1526 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1527 msg['descr_type'] = 2
1528 reply_eapol("2/4(invalid type)", hapd, addr, msg, 0x010a, snonce, wpae, kck)
1529 msg['descr_type'] = 254
1530 reply_eapol("2/4", hapd, addr, msg, 0x010a, snonce, wpae, kck)
1531
1532 msg = recv_eapol(hapd)
1533 if anonce != msg['rsn_key_nonce']:
1534 raise Exception("ANonce changed")
1535 logger.info("Replay same data back")
1536 send_eapol(hapd, addr, build_eapol(msg))
1537
1538 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
1539 hapd_connected(hapd)
64d04af5 1540
9fd6804d 1541@remote_compatible
64d04af5
JM		 1542def test_ap_wpa2_psk_ext_eapol_key_info(dev, apdev):
1543 """WPA2-PSK 4-way handshake with strange key info values"""
fab49f61 1544 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
64d04af5
JM		 1545
1546 msg = recv_eapol(hapd)
1547 anonce = msg['rsn_key_nonce']
1548
1549 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1550 rsn_eapol_key_set(msg, 0x0000, 0, snonce, rsne)
1551 send_eapol(hapd, addr, build_eapol(msg))
1552 rsn_eapol_key_set(msg, 0xffff, 0, snonce, rsne)
1553 send_eapol(hapd, addr, build_eapol(msg))
1554 # SMK M1
1555 rsn_eapol_key_set(msg, 0x2802, 0, snonce, rsne)
1556 send_eapol(hapd, addr, build_eapol(msg))
1557 # SMK M3
1558 rsn_eapol_key_set(msg, 0x2002, 0, snonce, rsne)
1559 send_eapol(hapd, addr, build_eapol(msg))
1560 # Request
1561 rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne)
1562 send_eapol(hapd, addr, build_eapol(msg))
1563 # Request
1564 rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne)
1565 tmp_kck = binascii.unhexlify('00000000000000000000000000000000')
1566 eapol_key_mic(tmp_kck, msg)
1567 send_eapol(hapd, addr, build_eapol(msg))
1568
1569 reply_eapol("2/4", hapd, addr, msg, 0x010a, snonce, rsne, kck)
1570
1571 msg = recv_eapol(hapd)
1572 if anonce != msg['rsn_key_nonce']:
1573 raise Exception("ANonce changed")
1574
1575 # Request (valic MIC)
1576 rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne)
1577 eapol_key_mic(kck, msg)
1578 send_eapol(hapd, addr, build_eapol(msg))
1579 # Request (valid MIC, replayed counter)
1580 rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne)
1581 eapol_key_mic(kck, msg)
1582 send_eapol(hapd, addr, build_eapol(msg))
1583
1584 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
1585 hapd_connected(hapd)
5b3c40a6 1586
15dfcb69 1587def build_eapol_key_1_4(anonce, replay_counter=1, key_data=b'', key_len=16):
e0c46c8e
JM		 1588 msg = {}
1589 msg['version'] = 2
1590 msg['type'] = 3
1591 msg['length'] = 95 + len(key_data)
1592
1593 msg['descr_type'] = 2
1594 msg['rsn_key_info'] = 0x8a
1595 msg['rsn_key_len'] = key_len
1596 msg['rsn_replay_counter'] = struct.pack('>Q', replay_counter)
1597 msg['rsn_key_nonce'] = anonce
1598 msg['rsn_key_iv'] = binascii.unhexlify('00000000000000000000000000000000')
1599 msg['rsn_key_rsc'] = binascii.unhexlify('0000000000000000')
1600 msg['rsn_key_id'] = binascii.unhexlify('0000000000000000')
1601 msg['rsn_key_mic'] = binascii.unhexlify('00000000000000000000000000000000')
1602 msg['rsn_key_data_len'] = len(key_data)
1603 msg['rsn_key_data'] = key_data
1604 return msg
1605
1606def build_eapol_key_3_4(anonce, kck, key_data, replay_counter=2,
1607 key_info=0x13ca, extra_len=0, descr_type=2, key_len=16):
1608 msg = {}
1609 msg['version'] = 2
1610 msg['type'] = 3
1611 msg['length'] = 95 + len(key_data) + extra_len
1612
1613 msg['descr_type'] = descr_type
1614 msg['rsn_key_info'] = key_info
1615 msg['rsn_key_len'] = key_len
1616 msg['rsn_replay_counter'] = struct.pack('>Q', replay_counter)
1617 msg['rsn_key_nonce'] = anonce
1618 msg['rsn_key_iv'] = binascii.unhexlify('00000000000000000000000000000000')
1619 msg['rsn_key_rsc'] = binascii.unhexlify('0000000000000000')
1620 msg['rsn_key_id'] = binascii.unhexlify('0000000000000000')
1621 msg['rsn_key_data_len'] = len(key_data)
1622 msg['rsn_key_data'] = key_data
1623 eapol_key_mic(kck, msg)
1624 return msg
1625
1626def aes_wrap(kek, plain):
236bbda8 1627 n = len(plain) // 8
e0c46c8e
JM		 1628 a = 0xa6a6a6a6a6a6a6a6
1629 enc = AES.new(kek).encrypt
1630 r = [plain[i * 8:(i + 1) * 8] for i in range(0, n)]
1631 for j in range(6):
1632 for i in range(1, n + 1):
1633 b = enc(struct.pack('>Q', a) + r[i - 1])
1634 a = struct.unpack('>Q', b[:8])[0] ^ (n * j + i)
fab49f61 1635 r[i - 1] = b[8:]
15dfcb69 1636 return struct.pack('>Q', a) + b''.join(r)
e0c46c8e
JM		 1637
1638def pad_key_data(plain):
1639 pad_len = len(plain) % 8
1640 if pad_len:
1641 pad_len = 8 - pad_len
15dfcb69 1642 plain += b'\xdd'
e0c46c8e 1643 pad_len -= 1
15dfcb69 1644 plain += pad_len * b'\x00'
e0c46c8e
JM		 1645 return plain
1646
1647def test_ap_wpa2_psk_supp_proto(dev, apdev):
1648 """WPA2-PSK 4-way handshake protocol testing for supplicant"""
fab49f61 1649 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
e0c46c8e
JM		 1650
1651 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1652 msg = recv_eapol(hapd)
1653 dev[0].dump_monitor()
1654
1655 # Build own EAPOL-Key msg 1/4
1656 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1657 counter = 1
1658 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1659 counter += 1
069daec4 1660 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1661 msg = recv_eapol(dev[0])
1662 snonce = msg['rsn_key_nonce']
1663
1664 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1665
1666 logger.debug("Invalid AES wrap data length 0")
1667 dev[0].dump_monitor()
15dfcb69 1668 msg = build_eapol_key_3_4(anonce, kck, b'', replay_counter=counter)
e0c46c8e 1669 counter += 1
069daec4 1670 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1671 ev = dev[0].wait_event(["WPA: Unsupported AES-WRAP len 0"])
1672 if ev is None:
1673 raise Exception("Unsupported AES-WRAP len 0 not reported")
1674
1675 logger.debug("Invalid AES wrap data length 1")
1676 dev[0].dump_monitor()
15dfcb69 1677 msg = build_eapol_key_3_4(anonce, kck, b'1', replay_counter=counter)
e0c46c8e 1678 counter += 1
069daec4 1679 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1680 ev = dev[0].wait_event(["WPA: Unsupported AES-WRAP len 1"])
1681 if ev is None:
1682 raise Exception("Unsupported AES-WRAP len 1 not reported")
1683
1684 logger.debug("Invalid AES wrap data length 9")
1685 dev[0].dump_monitor()
15dfcb69 1686 msg = build_eapol_key_3_4(anonce, kck, b'123456789', replay_counter=counter)
e0c46c8e 1687 counter += 1
069daec4 1688 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1689 ev = dev[0].wait_event(["WPA: Unsupported AES-WRAP len 9"])
1690 if ev is None:
1691 raise Exception("Unsupported AES-WRAP len 9 not reported")
1692
1693 logger.debug("Invalid AES wrap data payload")
1694 dev[0].dump_monitor()
15dfcb69 1695 msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter)
e0c46c8e 1696 # do not increment counter to test replay protection
069daec4 1697 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1698 ev = dev[0].wait_event(["WPA: AES unwrap failed"])
1699 if ev is None:
1700 raise Exception("AES unwrap failure not reported")
1701
1702 logger.debug("Replay Count not increasing")
1703 dev[0].dump_monitor()
15dfcb69 1704 msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter)
e0c46c8e 1705 counter += 1
069daec4 1706 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1707 ev = dev[0].wait_event(["WPA: EAPOL-Key Replay Counter did not increase"])
1708 if ev is None:
1709 raise Exception("Replay Counter replay not reported")
1710
1711 logger.debug("Missing Ack bit in key info")
1712 dev[0].dump_monitor()
15dfcb69 1713 msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter,
e0c46c8e
JM		 1714 key_info=0x134a)
1715 counter += 1
069daec4 1716 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1717 ev = dev[0].wait_event(["WPA: No Ack bit in key_info"])
1718 if ev is None:
1719 raise Exception("Missing Ack bit not reported")
1720
1721 logger.debug("Unexpected Request bit in key info")
1722 dev[0].dump_monitor()
15dfcb69 1723 msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter,
e0c46c8e
JM		 1724 key_info=0x1bca)
1725 counter += 1
069daec4 1726 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1727 ev = dev[0].wait_event(["WPA: EAPOL-Key with Request bit"])
1728 if ev is None:
1729 raise Exception("Request bit not reported")
1730
1731 logger.debug("Unsupported key descriptor version 0")
1732 dev[0].dump_monitor()
15dfcb69 1733 msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef',
e0c46c8e
JM		 1734 replay_counter=counter, key_info=0x13c8)
1735 counter += 1
069daec4 1736 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1737 ev = dev[0].wait_event(["WPA: Unsupported EAPOL-Key descriptor version 0"])
1738 if ev is None:
1739 raise Exception("Unsupported EAPOL-Key descriptor version 0 not reported")
1740
1741 logger.debug("Key descriptor version 1 not allowed with CCMP")
1742 dev[0].dump_monitor()
15dfcb69 1743 msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef',
e0c46c8e
JM		 1744 replay_counter=counter, key_info=0x13c9)
1745 counter += 1
069daec4 1746 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1747 ev = dev[0].wait_event(["WPA: CCMP is used, but EAPOL-Key descriptor version (1) is not 2"])
1748 if ev is None:
1749 raise Exception("Not allowed EAPOL-Key descriptor version not reported")
1750
1751 logger.debug("Invalid AES wrap payload with key descriptor version 2")
1752 dev[0].dump_monitor()
15dfcb69 1753 msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef',
e0c46c8e
JM		 1754 replay_counter=counter, key_info=0x13ca)
1755 counter += 1
069daec4 1756 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1757 ev = dev[0].wait_event(["WPA: AES unwrap failed"])
1758 if ev is None:
1759 raise Exception("AES unwrap failure not reported")
1760
1761 logger.debug("Key descriptor version 3 workaround")
1762 dev[0].dump_monitor()
15dfcb69 1763 msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef',
e0c46c8e
JM		 1764 replay_counter=counter, key_info=0x13cb)
1765 counter += 1
069daec4 1766 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1767 ev = dev[0].wait_event(["WPA: CCMP is used, but EAPOL-Key descriptor version (3) is not 2"])
1768 if ev is None:
1769 raise Exception("CCMP key descriptor mismatch not reported")
1770 ev = dev[0].wait_event(["WPA: Interoperability workaround"])
1771 if ev is None:
1772 raise Exception("AES-128-CMAC workaround not reported")
1773 ev = dev[0].wait_event(["WPA: Invalid EAPOL-Key MIC - dropping packet"])
1774 if ev is None:
1775 raise Exception("MIC failure with AES-128-CMAC workaround not reported")
1776
1777 logger.debug("Unsupported key descriptor version 4")
1778 dev[0].dump_monitor()
15dfcb69 1779 msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef',
e0c46c8e
JM		 1780 replay_counter=counter, key_info=0x13cc)
1781 counter += 1
069daec4 1782 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1783 ev = dev[0].wait_event(["WPA: Unsupported EAPOL-Key descriptor version 4"])
1784 if ev is None:
1785 raise Exception("Unsupported EAPOL-Key descriptor version 4 not reported")
1786
1787 logger.debug("Unsupported key descriptor version 7")
1788 dev[0].dump_monitor()
15dfcb69 1789 msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef',
e0c46c8e
JM		 1790 replay_counter=counter, key_info=0x13cf)
1791 counter += 1
069daec4 1792 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1793 ev = dev[0].wait_event(["WPA: Unsupported EAPOL-Key descriptor version 7"])
1794 if ev is None:
1795 raise Exception("Unsupported EAPOL-Key descriptor version 7 not reported")
1796
1797 logger.debug("Too short EAPOL header length")
1798 dev[0].dump_monitor()
15dfcb69 1799 msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter,
e0c46c8e
JM		 1800 extra_len=-1)
1801 counter += 1
069daec4 1802 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1803 ev = dev[0].wait_event(["WPA: Invalid EAPOL-Key frame - key_data overflow (8 > 7)"])
1804 if ev is None:
1805 raise Exception("Key data overflow not reported")
1806
1807 logger.debug("Too long EAPOL header length")
15dfcb69 1808 msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter,
e0c46c8e
JM		 1809 extra_len=1)
1810 counter += 1
069daec4 1811 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1812
1813 logger.debug("Unsupported descriptor type 0")
15dfcb69 1814 msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter,
e0c46c8e
JM		 1815 descr_type=0)
1816 counter += 1
069daec4 1817 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1818
1819 logger.debug("WPA descriptor type 0")
15dfcb69 1820 msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter,
e0c46c8e
JM		 1821 descr_type=254)
1822 counter += 1
069daec4 1823 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1824
1825 logger.debug("Non-zero key index for pairwise key")
1826 dev[0].dump_monitor()
15dfcb69 1827 wrapped = aes_wrap(kek, 16*b'z')
e0c46c8e
JM		 1828 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
1829 key_info=0x13ea)
1830 counter += 1
069daec4 1831 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1832 ev = dev[0].wait_event(["WPA: Ignored EAPOL-Key (Pairwise) with non-zero key index"])
1833 if ev is None:
1834 raise Exception("Non-zero key index not reported")
1835
1836 logger.debug("Invalid Key Data plaintext payload --> disconnect")
1837 dev[0].dump_monitor()
15dfcb69 1838 wrapped = aes_wrap(kek, 16*b'z')
e0c46c8e
JM		 1839 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1840 counter += 1
069daec4 1841 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1842 dev[0].wait_disconnected(timeout=1)
1843
1844def test_ap_wpa2_psk_supp_proto_no_ie(dev, apdev):
1845 """WPA2-PSK supplicant protocol testing: IE not included"""
fab49f61 1846 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
e0c46c8e
JM		 1847
1848 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1849 msg = recv_eapol(hapd)
1850 dev[0].dump_monitor()
1851
1852 # Build own EAPOL-Key msg 1/4
1853 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1854 counter = 1
1855 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1856 counter += 1
069daec4 1857 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1858 msg = recv_eapol(dev[0])
1859 snonce = msg['rsn_key_nonce']
1860
1861 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1862
1863 logger.debug("No IEs in msg 3/4 --> disconnect")
1864 dev[0].dump_monitor()
15dfcb69 1865 wrapped = aes_wrap(kek, 16*b'\x00')
e0c46c8e
JM		 1866 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1867 counter += 1
069daec4 1868 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1869 dev[0].wait_disconnected(timeout=1)
1870
1871def test_ap_wpa2_psk_supp_proto_ie_mismatch(dev, apdev):
1872 """WPA2-PSK supplicant protocol testing: IE mismatch"""
fab49f61 1873 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
e0c46c8e
JM		 1874
1875 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1876 msg = recv_eapol(hapd)
1877 dev[0].dump_monitor()
1878
1879 # Build own EAPOL-Key msg 1/4
1880 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1881 counter = 1
1882 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1883 counter += 1
069daec4 1884 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1885 msg = recv_eapol(dev[0])
1886 snonce = msg['rsn_key_nonce']
1887
1888 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1889
1890 logger.debug("Msg 3/4 with mismatching IE")
1891 dev[0].dump_monitor()
1892 wrapped = aes_wrap(kek, pad_key_data(binascii.unhexlify('30060100000fac04dd16000fac010100dc11188831bf4aa4a8678d2b41498618')))
1893 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1894 counter += 1
069daec4 1895 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1896 dev[0].wait_disconnected(timeout=1)
1897
1898def test_ap_wpa2_psk_supp_proto_ok(dev, apdev):
1899 """WPA2-PSK supplicant protocol testing: success"""
fab49f61 1900 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
e0c46c8e
JM		 1901
1902 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1903 msg = recv_eapol(hapd)
1904 dev[0].dump_monitor()
1905
1906 # Build own EAPOL-Key msg 1/4
1907 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1908 counter = 1
1909 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1910 counter += 1
069daec4 1911 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1912 msg = recv_eapol(dev[0])
1913 snonce = msg['rsn_key_nonce']
1914
1915 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1916
1917 logger.debug("Valid EAPOL-Key msg 3/4")
1918 dev[0].dump_monitor()
1919 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
1920 wrapped = aes_wrap(kek, pad_key_data(plain))
1921 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1922 counter += 1
069daec4 1923 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1924 dev[0].wait_connected(timeout=1)
1925
1926def test_ap_wpa2_psk_supp_proto_no_gtk(dev, apdev):
1927 """WPA2-PSK supplicant protocol testing: no GTK"""
fab49f61 1928 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
e0c46c8e
JM		 1929
1930 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1931 msg = recv_eapol(hapd)
1932 dev[0].dump_monitor()
1933
1934 # Build own EAPOL-Key msg 1/4
1935 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1936 counter = 1
1937 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1938 counter += 1
069daec4 1939 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1940 msg = recv_eapol(dev[0])
1941 snonce = msg['rsn_key_nonce']
1942
1943 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1944
1945 logger.debug("EAPOL-Key msg 3/4 without GTK KDE")
1946 dev[0].dump_monitor()
1947 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00')
1948 wrapped = aes_wrap(kek, pad_key_data(plain))
1949 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1950 counter += 1
069daec4 1951 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1952 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.1)
1953 if ev is not None:
1954 raise Exception("Unexpected connection completion reported")
1955
1956def test_ap_wpa2_psk_supp_proto_anonce_change(dev, apdev):
1957 """WPA2-PSK supplicant protocol testing: ANonce change"""
fab49f61 1958 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
e0c46c8e
JM		 1959
1960 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1961 msg = recv_eapol(hapd)
1962 dev[0].dump_monitor()
1963
1964 # Build own EAPOL-Key msg 1/4
1965 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1966 counter = 1
1967 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1968 counter += 1
069daec4 1969 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1970 msg = recv_eapol(dev[0])
1971 snonce = msg['rsn_key_nonce']
1972
1973 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1974
1975 logger.debug("Valid EAPOL-Key msg 3/4")
1976 dev[0].dump_monitor()
1977 anonce2 = binascii.unhexlify('3333333333333333333333333333333333333333333333333333333333333333')
1978 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
1979 wrapped = aes_wrap(kek, pad_key_data(plain))
1980 msg = build_eapol_key_3_4(anonce2, kck, wrapped, replay_counter=counter)
1981 counter += 1
069daec4 1982 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 1983 ev = dev[0].wait_event(["WPA: ANonce from message 1 of 4-Way Handshake differs from 3 of 4-Way Handshake"])
1984 if ev is None:
1985 raise Exception("ANonce change not reported")
1986
1987def test_ap_wpa2_psk_supp_proto_unexpected_group_msg(dev, apdev):
1988 """WPA2-PSK supplicant protocol testing: unexpected group message"""
fab49f61 1989 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
e0c46c8e
JM		 1990
1991 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1992 msg = recv_eapol(hapd)
1993 dev[0].dump_monitor()
1994
1995 # Build own EAPOL-Key msg 1/4
1996 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1997 counter = 1
1998 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1999 counter += 1
069daec4 2000 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 2001 msg = recv_eapol(dev[0])
2002 snonce = msg['rsn_key_nonce']
2003
2004 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
2005
2006 logger.debug("Group key 1/2 instead of msg 3/4")
2007 dev[0].dump_monitor()
2008 wrapped = aes_wrap(kek, binascii.unhexlify('dd16000fac010100dc11188831bf4aa4a8678d2b41498618'))
2009 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
2010 key_info=0x13c2)
2011 counter += 1
069daec4 2012 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 2013 ev = dev[0].wait_event(["WPA: Group Key Handshake started prior to completion of 4-way handshake"])
2014 if ev is None:
2015 raise Exception("Unexpected group key message not reported")
2016 dev[0].wait_disconnected(timeout=1)
2017
9fd6804d 2018@remote_compatible
e0c46c8e
JM		 2019def test_ap_wpa2_psk_supp_proto_msg_1_invalid_kde(dev, apdev):
2020 """WPA2-PSK supplicant protocol testing: invalid KDE in msg 1/4"""
fab49f61 2021 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
e0c46c8e
JM		 2022
2023 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2024 msg = recv_eapol(hapd)
2025 dev[0].dump_monitor()
2026
2027 # Build own EAPOL-Key msg 1/4 with invalid KDE
2028 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2029 counter = 1
2030 msg = build_eapol_key_1_4(anonce, replay_counter=counter,
2031 key_data=binascii.unhexlify('5555'))
2032 counter += 1
069daec4 2033 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 2034 dev[0].wait_disconnected(timeout=1)
2035
2036def test_ap_wpa2_psk_supp_proto_wrong_pairwise_key_len(dev, apdev):
2037 """WPA2-PSK supplicant protocol testing: wrong pairwise key length"""
fab49f61 2038 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
e0c46c8e
JM		 2039
2040 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2041 msg = recv_eapol(hapd)
2042 dev[0].dump_monitor()
2043
2044 # Build own EAPOL-Key msg 1/4
2045 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2046 counter = 1
2047 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
2048 counter += 1
069daec4 2049 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 2050 msg = recv_eapol(dev[0])
2051 snonce = msg['rsn_key_nonce']
2052
2053 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
2054
2055 logger.debug("Valid EAPOL-Key msg 3/4")
2056 dev[0].dump_monitor()
2057 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
2058 wrapped = aes_wrap(kek, pad_key_data(plain))
2059 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
2060 key_len=15)
2061 counter += 1
069daec4 2062 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 2063 ev = dev[0].wait_event(["WPA: Invalid CCMP key length 15"])
2064 if ev is None:
2065 raise Exception("Invalid CCMP key length not reported")
2066 dev[0].wait_disconnected(timeout=1)
2067
2068def test_ap_wpa2_psk_supp_proto_wrong_group_key_len(dev, apdev):
2069 """WPA2-PSK supplicant protocol testing: wrong group key length"""
fab49f61 2070 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
e0c46c8e
JM		 2071
2072 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2073 msg = recv_eapol(hapd)
2074 dev[0].dump_monitor()
2075
2076 # Build own EAPOL-Key msg 1/4
2077 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2078 counter = 1
2079 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
2080 counter += 1
069daec4 2081 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 2082 msg = recv_eapol(dev[0])
2083 snonce = msg['rsn_key_nonce']
2084
2085 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
2086
2087 logger.debug("Valid EAPOL-Key msg 3/4")
2088 dev[0].dump_monitor()
2089 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd15000fac010100dc11188831bf4aa4a8678d2b414986')
2090 wrapped = aes_wrap(kek, pad_key_data(plain))
2091 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
2092 counter += 1
069daec4 2093 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 2094 ev = dev[0].wait_event(["WPA: Unsupported CCMP Group Cipher key length 15"])
2095 if ev is None:
2096 raise Exception("Invalid CCMP key length not reported")
2097 dev[0].wait_disconnected(timeout=1)
2098
2099def test_ap_wpa2_psk_supp_proto_gtk_tx_bit_workaround(dev, apdev):
2100 """WPA2-PSK supplicant protocol testing: GTK TX bit workaround"""
fab49f61 2101 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
e0c46c8e
JM		 2102
2103 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2104 msg = recv_eapol(hapd)
2105 dev[0].dump_monitor()
2106
2107 # Build own EAPOL-Key msg 1/4
2108 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2109 counter = 1
2110 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
2111 counter += 1
069daec4 2112 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 2113 msg = recv_eapol(dev[0])
2114 snonce = msg['rsn_key_nonce']
2115
2116 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
2117
2118 logger.debug("Valid EAPOL-Key msg 3/4")
2119 dev[0].dump_monitor()
2120 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010500dc11188831bf4aa4a8678d2b41498618')
2121 wrapped = aes_wrap(kek, pad_key_data(plain))
2122 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
2123 counter += 1
069daec4 2124 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 2125 ev = dev[0].wait_event(["WPA: Tx bit set for GTK, but pairwise keys are used - ignore Tx bit"])
2126 if ev is None:
2127 raise Exception("GTK Tx bit workaround not reported")
2128 dev[0].wait_connected(timeout=1)
2129
2130def test_ap_wpa2_psk_supp_proto_gtk_keyidx_0_and_3(dev, apdev):
2131 """WPA2-PSK supplicant protocol testing: GTK key index 0 and 3"""
fab49f61 2132 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
e0c46c8e
JM		 2133
2134 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2135 msg = recv_eapol(hapd)
2136 dev[0].dump_monitor()
2137
2138 # Build own EAPOL-Key msg 1/4
2139 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2140 counter = 1
2141 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
2142 counter += 1
069daec4 2143 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 2144 msg = recv_eapol(dev[0])
2145 snonce = msg['rsn_key_nonce']
2146
2147 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
2148
2149 logger.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)")
2150 dev[0].dump_monitor()
2151 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618')
2152 wrapped = aes_wrap(kek, pad_key_data(plain))
2153 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
2154 counter += 1
069daec4 2155 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 2156 dev[0].wait_connected(timeout=1)
2157
2158 logger.debug("Valid EAPOL-Key group msg 1/2 (GTK keyidx 3)")
2159 dev[0].dump_monitor()
2160 plain = binascii.unhexlify('dd16000fac010300dc11188831bf4aa4a8678d2b41498618')
2161 wrapped = aes_wrap(kek, pad_key_data(plain))
2162 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
2163 key_info=0x13c2)
2164 counter += 1
069daec4 2165 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 2166 msg = recv_eapol(dev[0])
2167 ev = dev[0].wait_event(["WPA: Group rekeying completed"])
2168 if ev is None:
2169 raise Exception("GTK rekeing not reported")
2170
2171 logger.debug("Unencrypted GTK KDE in group msg 1/2")
2172 dev[0].dump_monitor()
2173 plain = binascii.unhexlify('dd16000fac010300dc11188831bf4aa4a8678d2b41498618')
2174 msg = build_eapol_key_3_4(anonce, kck, plain, replay_counter=counter,
2175 key_info=0x03c2)
2176 counter += 1
069daec4 2177 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 2178 ev = dev[0].wait_event(["WPA: GTK IE in unencrypted key data"])
2179 if ev is None:
2180 raise Exception("Unencrypted GTK KDE not reported")
2181 dev[0].wait_disconnected(timeout=1)
2182
2183def test_ap_wpa2_psk_supp_proto_no_gtk_in_group_msg(dev, apdev):
2184 """WPA2-PSK supplicant protocol testing: GTK KDE missing from group msg"""
fab49f61 2185 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
e0c46c8e
JM		 2186
2187 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2188 msg = recv_eapol(hapd)
2189 dev[0].dump_monitor()
2190
2191 # Build own EAPOL-Key msg 1/4
2192 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2193 counter = 1
2194 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
2195 counter += 1
069daec4 2196 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 2197 msg = recv_eapol(dev[0])
2198 snonce = msg['rsn_key_nonce']
2199
2200 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
2201
2202 logger.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)")
2203 dev[0].dump_monitor()
2204 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618')
2205 wrapped = aes_wrap(kek, pad_key_data(plain))
2206 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
2207 counter += 1
069daec4 2208 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 2209 dev[0].wait_connected(timeout=1)
2210
2211 logger.debug("No GTK KDE in EAPOL-Key group msg 1/2")
2212 dev[0].dump_monitor()
2213 plain = binascii.unhexlify('dd00dd00dd00dd00dd00dd00dd00dd00')
2214 wrapped = aes_wrap(kek, pad_key_data(plain))
2215 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
2216 key_info=0x13c2)
2217 counter += 1
069daec4 2218 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 2219 ev = dev[0].wait_event(["WPA: No GTK IE in Group Key msg 1/2"])
2220 if ev is None:
2221 raise Exception("Missing GTK KDE not reported")
2222 dev[0].wait_disconnected(timeout=1)
2223
2224def test_ap_wpa2_psk_supp_proto_too_long_gtk_in_group_msg(dev, apdev):
2225 """WPA2-PSK supplicant protocol testing: too long GTK KDE in group msg"""
fab49f61 2226 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
e0c46c8e
JM		 2227
2228 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2229 msg = recv_eapol(hapd)
2230 dev[0].dump_monitor()
2231
2232 # Build own EAPOL-Key msg 1/4
2233 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2234 counter = 1
2235 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
2236 counter += 1
069daec4 2237 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 2238 msg = recv_eapol(dev[0])
2239 snonce = msg['rsn_key_nonce']
2240
2241 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
2242
2243 logger.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)")
2244 dev[0].dump_monitor()
2245 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618')
2246 wrapped = aes_wrap(kek, pad_key_data(plain))
2247 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
2248 counter += 1
069daec4 2249 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 2250 dev[0].wait_connected(timeout=1)
2251
2252 logger.debug("EAPOL-Key group msg 1/2 with too long GTK KDE")
2253 dev[0].dump_monitor()
2254 plain = binascii.unhexlify('dd27000fac010100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff')
2255 wrapped = aes_wrap(kek, pad_key_data(plain))
2256 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
2257 key_info=0x13c2)
2258 counter += 1
069daec4 2259 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 2260 ev = dev[0].wait_event(["WPA: Unsupported CCMP Group Cipher key length 33"])
2261 if ev is None:
2262 raise Exception("Too long GTK KDE not reported")
2263 dev[0].wait_disconnected(timeout=1)
2264
2265def test_ap_wpa2_psk_supp_proto_too_long_gtk_kde(dev, apdev):
2266 """WPA2-PSK supplicant protocol testing: too long GTK KDE"""
fab49f61 2267 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
e0c46c8e
JM		 2268
2269 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2270 msg = recv_eapol(hapd)
2271 dev[0].dump_monitor()
2272
2273 # Build own EAPOL-Key msg 1/4
2274 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2275 counter = 1
2276 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
2277 counter += 1
069daec4 2278 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 2279 msg = recv_eapol(dev[0])
2280 snonce = msg['rsn_key_nonce']
2281
2282 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
2283
2284 logger.debug("EAPOL-Key msg 3/4 with too short GTK KDE")
2285 dev[0].dump_monitor()
2286 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd27000fac010100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff')
2287 wrapped = aes_wrap(kek, pad_key_data(plain))
2288 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
2289 counter += 1
069daec4 2290 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 2291 dev[0].wait_disconnected(timeout=1)
2292
2293def test_ap_wpa2_psk_supp_proto_gtk_not_encrypted(dev, apdev):
2294 """WPA2-PSK supplicant protocol testing: GTK KDE not encrypted"""
fab49f61 2295 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
e0c46c8e
JM		 2296
2297 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2298 msg = recv_eapol(hapd)
2299 dev[0].dump_monitor()
2300
2301 # Build own EAPOL-Key msg 1/4
2302 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2303 counter = 1
2304 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
2305 counter += 1
069daec4 2306 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 2307 msg = recv_eapol(dev[0])
2308 snonce = msg['rsn_key_nonce']
2309
2310 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
2311
2312 logger.debug("Valid EAPOL-Key msg 3/4")
2313 dev[0].dump_monitor()
2314 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
2315 msg = build_eapol_key_3_4(anonce, kck, plain, replay_counter=counter,
2316 key_info=0x03ca)
2317 counter += 1
069daec4 2318 send_eapol(dev[0], bssid, build_eapol(msg))
e0c46c8e
JM		 2319 ev = dev[0].wait_event(["WPA: GTK IE in unencrypted key data"])
2320 if ev is None:
2321 raise Exception("Unencrypted GTK KDE not reported")
2322 dev[0].wait_disconnected(timeout=1)
2323
5b3c40a6
JM		 2324def find_wpas_process(dev):
2325 ifname = dev.ifname
525f8293 2326 err, data = dev.cmd_execute(['ps', 'ax'])
5b3c40a6
JM		 2327 for l in data.splitlines():
2328 if "wpa_supplicant" not in l:
2329 continue
2330 if "-i" + ifname not in l:
2331 continue
2332 return int(l.strip().split(' ')[0])
2333 raise Exception("Could not find wpa_supplicant process")
2334
2335def read_process_memory(pid, key=None):
2336 buf = bytes()
f089cdf9 2337 logger.info("Reading process memory (pid=%d)" % pid)
5b3c40a6 2338 with open('/proc/%d/maps' % pid, 'r') as maps, \
b3361e5d 2339 open('/proc/%d/mem' % pid, 'rb') as mem:
5b3c40a6
JM		 2340 for l in maps.readlines():
2341 m = re.match(r'([0-9a-f]+)-([0-9a-f]+) ([-r][-w][-x][-p])', l)
2342 if not m:
2343 continue
2344 start = int(m.group(1), 16)
2345 end = int(m.group(2), 16)
2346 perm = m.group(3)
2347 if start > 0xffffffffffff:
2348 continue
2349 if end < start:
2350 continue
2351 if not perm.startswith('rw'):
2352 continue
fab49f61 2353 for name in ["[heap]", "[stack]"]:
f089cdf9
JM		 2354 if name in l:
2355 logger.info("%s 0x%x-0x%x is at %d-%d" % (name, start, end, len(buf), len(buf) + (end - start)))
5b3c40a6
JM		 2356 mem.seek(start)
2357 data = mem.read(end - start)
2358 buf += data
2359 if key and key in data:
2360 logger.info("Key found in " + l)
f089cdf9 2361 logger.info("Total process memory read: %d bytes" % len(buf))
5b3c40a6
JM		 2362 return buf
2363
2364def verify_not_present(buf, key, fname, keyname):
2365 pos = buf.find(key)
2366 if pos < 0:
2367 return
2368
2369 prefix = 2048 if pos > 2048 else pos
b3361e5d 2370 with open(fname + keyname, 'wb') as f:
5b3c40a6
JM		 2371 f.write(buf[pos - prefix:pos + 2048])
2372 raise Exception(keyname + " found after disassociation")
2373
2374def get_key_locations(buf, key, keyname):
2375 count = 0
2376 pos = 0
2377 while True:
2378 pos = buf.find(key, pos)
2379 if pos < 0:
2380 break
2381 logger.info("Found %s at %d" % (keyname, pos))
bc6e3288 2382 context = 128
f089cdf9
JM		 2383 start = pos - context if pos > context else 0
2384 before = binascii.hexlify(buf[start:pos])
2385 context += len(key)
2386 end = pos + context if pos < len(buf) - context else len(buf) - context
2387 after = binascii.hexlify(buf[pos + len(key):end])
2388 logger.debug("Memory context %d-%d: %s|%s|%s" % (start, end, before, binascii.hexlify(key), after))
5b3c40a6
JM		 2389 count += 1
2390 pos += len(key)
2391 return count
2392
2393def test_wpa2_psk_key_lifetime_in_memory(dev, apdev, params):
2394 """WPA2-PSK and PSK/PTK lifetime in memory"""
2395 ssid = "test-wpa2-psk"
2396 passphrase = 'qwertyuiop'
2397 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
2398 pmk = binascii.unhexlify(psk)
2399 p = hostapd.wpa2_params(ssid=ssid)
2400 p['wpa_psk'] = psk
8b8a1864 2401 hapd = hostapd.add_ap(apdev[0], p)
5b3c40a6
JM		 2402
2403 pid = find_wpas_process(dev[0])
2404
2405 id = dev[0].connect(ssid, raw_psk=psk, scan_freq="2412",
2406 only_add_network=True)
2407
2408 logger.info("Checking keys in memory after network profile configuration")
2409 buf = read_process_memory(pid, pmk)
2410 get_key_locations(buf, pmk, "PMK")
2411
2412 dev[0].request("REMOVE_NETWORK all")
2413 logger.info("Checking keys in memory after network profile removal")
2414 buf = read_process_memory(pid, pmk)
2415 get_key_locations(buf, pmk, "PMK")
2416
2417 id = dev[0].connect(ssid, psk=passphrase, scan_freq="2412",
2418 only_add_network=True)
2419
2420 logger.info("Checking keys in memory before connection")
2421 buf = read_process_memory(pid, pmk)
2422 get_key_locations(buf, pmk, "PMK")
2423
2424 dev[0].connect_network(id, timeout=20)
8e416cec
JM		 2425 # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
2426 # event has been delivered, so verify that wpa_supplicant has returned to
2427 # eloop before reading process memory.
54f2cae2 2428 time.sleep(1)
8e416cec 2429 dev[0].ping()
5b3c40a6
JM		 2430
2431 buf = read_process_memory(pid, pmk)
2432
2433 dev[0].request("DISCONNECT")
2434 dev[0].wait_disconnected()
2435
2436 dev[0].relog()
2437 ptk = None
2438 gtk = None
2439 with open(os.path.join(params['logdir'], 'log0'), 'r') as f:
2440 for l in f.readlines():
2441 if "WPA: PTK - hexdump" in l:
2442 val = l.strip().split(':')[3].replace(' ', '')
2443 ptk = binascii.unhexlify(val)
2444 if "WPA: Group Key - hexdump" in l:
2445 val = l.strip().split(':')[3].replace(' ', '')
2446 gtk = binascii.unhexlify(val)
2447 if not pmk or not ptk or not gtk:
2448 raise Exception("Could not find keys from debug log")
2449 if len(gtk) != 16:
2450 raise Exception("Unexpected GTK length")
2451
2452 kck = ptk[0:16]
2453 kek = ptk[16:32]
2454 tk = ptk[32:48]
2455
2456 logger.info("Checking keys in memory while associated")
2457 get_key_locations(buf, pmk, "PMK")
2458 if pmk not in buf:
81e787b7 2459 raise HwsimSkip("PMK not found while associated")
5b3c40a6
JM		 2460 if kck not in buf:
2461 raise Exception("KCK not found while associated")
2462 if kek not in buf:
2463 raise Exception("KEK not found while associated")
b74f82a4
JM		 2464 #if tk in buf:
2465 # raise Exception("TK found from memory")
5b3c40a6
JM		 2466
2467 logger.info("Checking keys in memory after disassociation")
2468 buf = read_process_memory(pid, pmk)
2469 get_key_locations(buf, pmk, "PMK")
2470
2471 # Note: PMK/PSK is still present in network configuration
2472
2473 fname = os.path.join(params['logdir'],
2474 'wpa2_psk_key_lifetime_in_memory.memctx-')
2475 verify_not_present(buf, kck, fname, "KCK")
2476 verify_not_present(buf, kek, fname, "KEK")
2477 verify_not_present(buf, tk, fname, "TK")
6db556b2
JM		 2478 if gtk in buf:
2479 get_key_locations(buf, gtk, "GTK")
5b3c40a6
JM		 2480 verify_not_present(buf, gtk, fname, "GTK")
2481
2482 dev[0].request("REMOVE_NETWORK all")
2483
2484 logger.info("Checking keys in memory after network profile removal")
2485 buf = read_process_memory(pid, pmk)
2486 get_key_locations(buf, pmk, "PMK")
2487
2488 verify_not_present(buf, pmk, fname, "PMK")
2489 verify_not_present(buf, kck, fname, "KCK")
2490 verify_not_present(buf, kek, fname, "KEK")
2491 verify_not_present(buf, tk, fname, "TK")
2492 verify_not_present(buf, gtk, fname, "GTK")
214457de 2493
9fd6804d 2494@remote_compatible
214457de
JM		 2495def test_ap_wpa2_psk_wep(dev, apdev):
2496 """WPA2-PSK AP and WEP enabled"""
2497 ssid = "test-wpa2-psk"
2498 passphrase = 'qwertyuiop'
2499 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
8b8a1864 2500 hapd = hostapd.add_ap(apdev[0], params)
214457de
JM		 2501 try:
2502 hapd.set('wep_key0', '"hello"')
2503 raise Exception("WEP key accepted to WPA2 network")
2504 except Exception:
2505 pass
a1512a0c
JM		 2506
2507def test_ap_wpa2_psk_wpas_in_bridge(dev, apdev):
2508 """WPA2-PSK AP and wpas interface in a bridge"""
fab49f61
JM		 2509 br_ifname = 'sta-br0'
2510 ifname = 'wlan5'
a1512a0c
JM		 2511 try:
2512 _test_ap_wpa2_psk_wpas_in_bridge(dev, apdev)
2513 finally:
2514 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'down'])
2515 subprocess.call(['brctl', 'delif', br_ifname, ifname])
2516 subprocess.call(['brctl', 'delbr', br_ifname])
f245b450 2517 subprocess.call(['iw', ifname, 'set', '4addr', 'off'])
a1512a0c
JM		 2518
2519def _test_ap_wpa2_psk_wpas_in_bridge(dev, apdev):
2520 ssid = "test-wpa2-psk"
2521 passphrase = 'qwertyuiop'
2522 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
8b8a1864 2523 hapd = hostapd.add_ap(apdev[0], params)
a1512a0c 2524
fab49f61
JM		 2525 br_ifname = 'sta-br0'
2526 ifname = 'wlan5'
a1512a0c
JM		 2527 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
2528 subprocess.call(['brctl', 'addbr', br_ifname])
2529 subprocess.call(['brctl', 'setfd', br_ifname, '0'])
2530 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'up'])
2531 subprocess.call(['iw', ifname, 'set', '4addr', 'on'])
2532 subprocess.check_call(['brctl', 'addif', br_ifname, ifname])
2533 wpas.interface_add(ifname, br_ifname=br_ifname)
4b9d79b6 2534 wpas.dump_monitor()
a1512a0c
JM		 2535
2536 wpas.connect(ssid, psk=passphrase, scan_freq="2412")
4b9d79b6 2537 wpas.dump_monitor()
eb88a5ba 2538
9fd6804d 2539@remote_compatible
eb88a5ba
JM		 2540def test_ap_wpa2_psk_ifdown(dev, apdev):
2541 """AP with open mode and external ifconfig down"""
2542 ssid = "test-wpa2-psk"
2543 passphrase = 'qwertyuiop'
2544 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
8b8a1864 2545 hapd = hostapd.add_ap(apdev[0], params)
eb88a5ba
JM		 2546 bssid = apdev[0]['bssid']
2547
2548 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
10e09d83 2549 hapd.cmd_execute(['ip', 'link', 'set', 'dev', apdev[0]['ifname'], 'down'])
eb88a5ba
JM		 2550 ev = hapd.wait_event(["INTERFACE-DISABLED"], timeout=10)
2551 if ev is None:
2552 raise Exception("No INTERFACE-DISABLED event")
2553 # this wait tests beacon loss detection in mac80211
2554 dev[0].wait_disconnected()
10e09d83 2555 hapd.cmd_execute(['ip', 'link', 'set', 'dev', apdev[0]['ifname'], 'up'])
eb88a5ba
JM		 2556 ev = hapd.wait_event(["INTERFACE-ENABLED"], timeout=10)
2557 if ev is None:
2558 raise Exception("No INTERFACE-ENABLED event")
2559 dev[0].wait_connected()
2560 hwsim_utils.test_connectivity(dev[0], hapd)
0f74bd41
JM		 2561
2562def test_ap_wpa2_psk_drop_first_msg_4(dev, apdev):
2563 """WPA2-PSK and first EAPOL-Key msg 4/4 dropped"""
2564 bssid = apdev[0]['bssid']
2565 ssid = "test-wpa2-psk"
2566 passphrase = 'qwertyuiop'
2567 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
2568 params = hostapd.wpa2_params(ssid=ssid)
2569 params['wpa_psk'] = psk
8b8a1864 2570 hapd = hostapd.add_ap(apdev[0], params)
0f74bd41
JM		 2571 hapd.request("SET ext_eapol_frame_io 1")
2572 dev[0].request("SET ext_eapol_frame_io 1")
2573 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
2574 addr = dev[0].own_addr()
2575
2576 # EAPOL-Key msg 1/4
2577 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
2578 if ev is None:
2579 raise Exception("Timeout on EAPOL-TX from hostapd")
2580 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
2581 if "OK" not in res:
2582 raise Exception("EAPOL_RX to wpa_supplicant failed")
2583
2584 # EAPOL-Key msg 2/4
2585 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
2586 if ev is None:
2587 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
2588 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
2589 if "OK" not in res:
2590 raise Exception("EAPOL_RX to hostapd failed")
2591
2592 # EAPOL-Key msg 3/4
2593 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
2594 if ev is None:
2595 raise Exception("Timeout on EAPOL-TX from hostapd")
2596 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
2597 if "OK" not in res:
2598 raise Exception("EAPOL_RX to wpa_supplicant failed")
2599
2600 # EAPOL-Key msg 4/4
2601 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
2602 if ev is None:
2603 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
2604 logger.info("Drop the first EAPOL-Key msg 4/4")
2605
2606 # wpa_supplicant believes now that 4-way handshake succeeded; hostapd
2607 # doesn't. Use normal EAPOL TX/RX to handle retries.
2608 hapd.request("SET ext_eapol_frame_io 0")
2609 dev[0].request("SET ext_eapol_frame_io 0")
2610 dev[0].wait_connected()
2611
2612 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
2613 if ev is None:
2614 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
2615
2616 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=0.1)
2617 if ev is not None:
2618 logger.info("Disconnection detected")
2619 # The EAPOL-Key retries are supposed to allow the connection to be
2620 # established without having to reassociate. However, this does not
2621 # currently work since mac80211 ends up encrypting EAPOL-Key msg 4/4
2622 # after the pairwise key has been configured and AP will drop those and
2623 # disconnect the station after reaching retransmission limit. Connection
2624 # is then established after reassociation. Once that behavior has been
2625 # optimized to prevent EAPOL-Key frame encryption for retransmission
2626 # case, this exception can be uncommented here.
2627 #raise Exception("Unexpected disconnection")
a14a5f24 2628
9fd6804d 2629@remote_compatible
a14a5f24
JM		 2630def test_ap_wpa2_psk_disable_enable(dev, apdev):
2631 """WPA2-PSK AP getting disabled and re-enabled"""
2632 ssid = "test-wpa2-psk"
2633 passphrase = 'qwertyuiop'
2634 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
2635 params = hostapd.wpa2_params(ssid=ssid)
2636 params['wpa_psk'] = psk
8b8a1864 2637 hapd = hostapd.add_ap(apdev[0], params)
a14a5f24
JM		 2638 dev[0].connect(ssid, raw_psk=psk, scan_freq="2412")
2639
2640 for i in range(2):
2641 hapd.request("DISABLE")
2642 dev[0].wait_disconnected()
2643 hapd.request("ENABLE")
2644 dev[0].wait_connected()
2645 hwsim_utils.test_connectivity(dev[0], hapd)
97c6d0d8 2646
9fd6804d 2647@remote_compatible
97c6d0d8
JM		 2648def test_ap_wpa2_psk_incorrect_passphrase(dev, apdev):
2649 """WPA2-PSK AP and station using incorrect passphrase"""
2650 ssid = "test-wpa2-psk"
2651 passphrase = 'qwertyuiop'
2652 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
8b8a1864 2653 hapd = hostapd.add_ap(apdev[0], params)
97c6d0d8
JM		 2654 dev[0].connect(ssid, psk="incorrect passphrase", scan_freq="2412",
2655 wait_connect=False)
2656 ev = hapd.wait_event(["AP-STA-POSSIBLE-PSK-MISMATCH"], timeout=10)
2657 if ev is None:
2658 raise Exception("No AP-STA-POSSIBLE-PSK-MISMATCH reported")
a539d3f7
JM		 2659 dev[0].dump_monitor()
2660
2661 hapd.disable()
2662 hapd.set("wpa_passphrase", "incorrect passphrase")
2663 hapd.enable()
2664
2665 dev[0].wait_connected(timeout=20)
4b0e0c53 2666
9fd6804d 2667@remote_compatible
4b0e0c53
JM		 2668def test_ap_wpa_ie_parsing(dev, apdev):
2669 """WPA IE parsing"""
a1eabc74 2670 skip_with_fips(dev[0])
4b0e0c53
JM		 2671 ssid = "test-wpa-psk"
2672 passphrase = 'qwertyuiop'
2673 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
8b8a1864 2674 hapd = hostapd.add_ap(apdev[0], params)
4b0e0c53
JM		 2675 id = dev[0].connect(ssid, psk=passphrase, scan_freq="2412",
2676 only_add_network=True)
2677
fab49f61
JM		 2678 tests = ["dd040050f201",
2679 "dd050050f20101",
2680 "dd060050f2010100",
2681 "dd060050f2010001",
2682 "dd070050f201010000",
2683 "dd080050f20101000050",
2684 "dd090050f20101000050f2",
2685 "dd0a0050f20101000050f202",
2686 "dd0b0050f20101000050f20201",
2687 "dd0c0050f20101000050f2020100",
2688 "dd0c0050f20101000050f2020000",
2689 "dd0c0050f20101000050f202ffff",
2690 "dd0d0050f20101000050f202010000",
2691 "dd0e0050f20101000050f20201000050",
2692 "dd0f0050f20101000050f20201000050f2",
2693 "dd100050f20101000050f20201000050f202",
2694 "dd110050f20101000050f20201000050f20201",
2695 "dd120050f20101000050f20201000050f2020100",
2696 "dd120050f20101000050f20201000050f2020000",
2697 "dd120050f20101000050f20201000050f202ffff",
2698 "dd130050f20101000050f20201000050f202010000",
2699 "dd140050f20101000050f20201000050f20201000050",
2700 "dd150050f20101000050f20201000050f20201000050f2"]
4b0e0c53
JM		 2701 for t in tests:
2702 try:
2703 if "OK" not in dev[0].request("VENDOR_ELEM_ADD 13 " + t):
2704 raise Exception("VENDOR_ELEM_ADD failed")
2705 dev[0].select_network(id)
2706 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
2707 if ev is None:
2708 raise Exception("Association rejection not reported")
2709 dev[0].request("DISCONNECT")
a359c7bb 2710 dev[0].dump_monitor()
4b0e0c53
JM		 2711 finally:
2712 dev[0].request("VENDOR_ELEM_REMOVE 13 *")
2713
fab49f61
JM		 2714 tests = ["dd170050f20101000050f20201000050f20201000050f202ff",
2715 "dd180050f20101000050f20201000050f20201000050f202ffff",
2716 "dd190050f20101000050f20201000050f20201000050f202ffffff"]
4b0e0c53
JM		 2717 for t in tests:
2718 try:
2719 if "OK" not in dev[0].request("VENDOR_ELEM_ADD 13 " + t):
2720 raise Exception("VENDOR_ELEM_ADD failed")
2721 dev[0].select_network(id)
dd12e58e
JM		 2722 ev = dev[0].wait_event(['CTRL-EVENT-CONNECTED',
2723 'WPA: 4-Way Handshake failed'], timeout=10)
2724 if ev is None:
2725 raise Exception("Association failed unexpectedly")
4b0e0c53 2726 dev[0].request("DISCONNECT")
a359c7bb 2727 dev[0].dump_monitor()
4b0e0c53
JM		 2728 finally:
2729 dev[0].request("VENDOR_ELEM_REMOVE 13 *")
bf7071bb 2730
9fd6804d 2731@remote_compatible
bf7071bb
JM		 2732def test_ap_wpa2_psk_no_random(dev, apdev):
2733 """WPA2-PSK AP and no random numbers available"""
2734 ssid = "test-wpa2-psk"
2735 passphrase = 'qwertyuiop'
2736 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
2737 params = hostapd.wpa2_params(ssid=ssid)
2738 params['wpa_psk'] = psk
8b8a1864 2739 hapd = hostapd.add_ap(apdev[0], params)
bf7071bb
JM		 2740 with fail_test(hapd, 1, "wpa_gmk_to_gtk"):
2741 id = dev[0].connect(ssid, raw_psk=psk, scan_freq="2412",
2742 wait_connect=False)
2743 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=15)
2744 if ev is None:
2745 raise Exception("Disconnection event not reported")
2746 dev[0].request("DISCONNECT")
2747 dev[0].select_network(id, freq=2412)
2748 dev[0].wait_connected()
ecafa0cf 2749
9fd6804d 2750@remote_compatible
ecafa0cf
JM		 2751def test_rsn_ie_proto_psk_sta(dev, apdev):
2752 """RSN element protocol testing for PSK cases on STA side"""
2753 bssid = apdev[0]['bssid']
2754 ssid = "test-wpa2-psk"
2755 passphrase = 'qwertyuiop'
2756 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
2757 # This is the RSN element used normally by hostapd
2758 params['own_ie_override'] = '30140100000fac040100000fac040100000fac020c00'
8b8a1864 2759 hapd = hostapd.add_ap(apdev[0], params)
ecafa0cf
JM		 2760 if "FAIL" not in hapd.request("SET own_ie_override qwerty"):
2761 raise Exception("Invalid own_ie_override value accepted")
2762 id = dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
2763
fab49f61
JM		 2764 tests = [('No RSN Capabilities field',
2765 '30120100000fac040100000fac040100000fac02'),
2766 ('Reserved RSN Capabilities bits set',
2767 '30140100000fac040100000fac040100000fac023cff'),
2768 ('Truncated RSN Capabilities field',
2769 '30130100000fac040100000fac040100000fac023c'),
2770 ('Extra pairwise cipher suite (unsupported)',
2771 '30180100000fac040200ffffffff000fac040100000fac020c00'),
2772 ('Extra AKM suite (unsupported)',
2773 '30180100000fac040100000fac040200ffffffff000fac020c00'),
2774 ('PMKIDCount field included',
2775 '30160100000fac040100000fac040100000fac020c000000'),
2776 ('Truncated PMKIDCount field',
2777 '30150100000fac040100000fac040100000fac020c0000'),
2778 ('Unexpected Group Management Cipher Suite with PMF disabled',
2779 '301a0100000fac040100000fac040100000fac020c000000000fac06'),
2780 ('Extra octet after defined fields (future extensibility)',
2781 '301b0100000fac040100000fac040100000fac020c000000000fac0600')]
2782 for txt, ie in tests:
ecafa0cf
JM		 2783 dev[0].request("DISCONNECT")
2784 dev[0].wait_disconnected()
007bf37e
JM		 2785 dev[0].dump_monitor()
2786 dev[0].request("NOTE " + txt)
ecafa0cf
JM		 2787 logger.info(txt)
2788 hapd.disable()
2789 hapd.set('own_ie_override', ie)
2790 hapd.enable()
2791 dev[0].request("BSS_FLUSH 0")
2792 dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
2793 dev[0].select_network(id, freq=2412)
2794 dev[0].wait_connected()
b1f69186 2795
9fd6804d 2796@remote_compatible
b1f69186
JB		 2797def test_ap_cli_order(dev, apdev):
2798 ssid = "test-rsn-setup"
2799 passphrase = 'zzzzzzzz'
b1f69186 2800
84f3f3a5 2801 hapd = hostapd.add_ap(apdev[0], {}, no_enable=True)
b1f69186
JB		 2802 hapd.set('ssid', ssid)
2803 hapd.set('wpa_passphrase', passphrase)
2804 hapd.set('rsn_pairwise', 'CCMP')
2805 hapd.set('wpa_key_mgmt', 'WPA-PSK')
2806 hapd.set('wpa', '2')
2807 hapd.enable()
2808 cfg = hapd.get_config()
2809 if cfg['group_cipher'] != 'CCMP':
2810 raise Exception("Unexpected group_cipher: " + cfg['group_cipher'])
2811 if cfg['rsn_pairwise_cipher'] != 'CCMP':
2812 raise Exception("Unexpected rsn_pairwise_cipher: " + cfg['rsn_pairwise_cipher'])
2813
2814 ev = hapd.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=30)
2815 if ev is None:
2816 raise Exception("AP startup timed out")
2817 if "AP-ENABLED" not in ev:
2818 raise Exception("AP startup failed")
2819
2820 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
0ceff76e
JM		 2821
2822def set_test_assoc_ie(dev, ie):
2823 if "OK" not in dev.request("TEST_ASSOC_IE " + ie):
2824 raise Exception("Could not set TEST_ASSOC_IE")
2825
9fd6804d 2826@remote_compatible
0ceff76e
JM		 2827def test_ap_wpa2_psk_assoc_rsn(dev, apdev):
2828 """WPA2-PSK AP and association request RSN IE differences"""
2829 ssid = "test-wpa2-psk"
2830 passphrase = 'qwertyuiop'
2831 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
8b8a1864 2832 hapd = hostapd.add_ap(apdev[0], params)
0ceff76e 2833
fab49f61
JM		 2834 tests = [("Normal wpa_supplicant assoc req RSN IE",
2835 "30140100000fac040100000fac040100000fac020000"),
2836 ("RSN IE without RSN Capabilities",
2837 "30120100000fac040100000fac040100000fac02")]
0ceff76e
JM		 2838 for title, ie in tests:
2839 logger.info(title)
2840 set_test_assoc_ie(dev[0], ie)
2841 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
2842 dev[0].request("REMOVE_NETWORK all")
2843 dev[0].wait_disconnected()
2844
fab49f61
JM		 2845 tests = [("WPA IE instead of RSN IE and only RSN enabled on AP",
2846 "dd160050f20101000050f20201000050f20201000050f202", 40),
2847 ("Empty RSN IE", "3000", 40),
2848 ("RSN IE with truncated Version", "300101", 40),
2849 ("RSN IE with only Version", "30020100", 43)]
0ceff76e
JM		 2850 for title, ie, status in tests:
2851 logger.info(title)
2852 set_test_assoc_ie(dev[0], ie)
2853 dev[0].connect(ssid, psk=passphrase, scan_freq="2412",
2854 wait_connect=False)
2855 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"])
2856 if ev is None:
2857 raise Exception("Association rejection not reported")
2858 if "status_code=" + str(status) not in ev:
2859 raise Exception("Unexpected status code: " + ev)
2860 dev[0].request("REMOVE_NETWORK all")
2861 dev[0].dump_monitor()
50bb5c86 2862
06809f61
JM		 2863def test_ap_wpa2_psk_ft_workaround(dev, apdev):
2864 """WPA2-PSK+FT AP and workaround for incorrect STA behavior"""
2865 ssid = "test-wpa2-psk-ft"
2866 passphrase = 'qwertyuiop'
2867
fab49f61
JM		 2868 params = {"wpa": "2",
2869 "wpa_key_mgmt": "FT-PSK WPA-PSK",
2870 "rsn_pairwise": "CCMP",
2871 "ssid": ssid,
2872 "wpa_passphrase": passphrase}
06809f61
JM		 2873 params["mobility_domain"] = "a1b2"
2874 params["r0_key_lifetime"] = "10000"
2875 params["pmk_r1_push"] = "1"
2876 params["reassociation_deadline"] = "1000"
2877 params['nas_identifier'] = "nas1.w1.fi"
2878 params['r1_key_holder'] = "000102030405"
2879 hapd = hostapd.add_ap(apdev[0], params)
2880
2881 # Include both WPA-PSK and FT-PSK AKMs in Association Request frame
2882 set_test_assoc_ie(dev[0],
2883 "30180100000fac040100000fac040200000fac02000fac040000")
2884 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
2885 dev[0].request("REMOVE_NETWORK all")
2886 dev[0].wait_disconnected()
2887
fe4af86c
JM		 2888def test_ap_wpa2_psk_assoc_rsn_pmkid(dev, apdev):
2889 """WPA2-PSK AP and association request RSN IE with PMKID"""
2890 ssid = "test-wpa2-psk"
2891 passphrase = 'qwertyuiop'
2892 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
2893 hapd = hostapd.add_ap(apdev[0], params)
2894
2895 set_test_assoc_ie(dev[0], "30260100000fac040100000fac040100000fac0200000100" + 16*'00')
2896 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
2897 dev[0].request("REMOVE_NETWORK all")
2898 dev[0].wait_disconnected()
2899
50bb5c86
JM		 2900def test_ap_wpa_psk_rsn_pairwise(dev, apdev):
2901 """WPA-PSK AP and only rsn_pairwise set"""
fab49f61
JM		 2902 params = {"ssid": "wpapsk", "wpa": "1", "wpa_key_mgmt": "WPA-PSK",
2903 "rsn_pairwise": "TKIP", "wpa_passphrase": "1234567890"}
50bb5c86
JM		 2904 hapd = hostapd.add_ap(apdev[0], params)
2905 dev[0].connect("wpapsk", psk="1234567890", proto="WPA", pairwise="TKIP",
2906 scan_freq="2412")
ac723b35
JM		 2907
2908def test_ap_wpa2_eapol_retry_limit(dev, apdev):
2909 """WPA2-PSK EAPOL-Key retry limit configuration"""
2910 ssid = "test-wpa2-psk"
2911 passphrase = 'qwertyuiop'
2912 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
2913 params['wpa_ptk_rekey'] = '2'
2914 params['wpa_group_update_count'] = '1'
2915 params['wpa_pairwise_update_count'] = '1'
2916 hapd = hostapd.add_ap(apdev[0], params)
2917 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
2918 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
2919 if ev is None:
2920 raise Exception("PTK rekey timed out")
2921
2922 if "FAIL" not in hapd.request("SET wpa_group_update_count 0"):
2923 raise Exception("Invalid wpa_group_update_count value accepted")
2924 if "FAIL" not in hapd.request("SET wpa_pairwise_update_count 0"):
2925 raise Exception("Invalid wpa_pairwise_update_count value accepted")
ec765bc7
JM		 2926
2927def test_ap_wpa2_disable_eapol_retry(dev, apdev):
2928 """WPA2-PSK disable EAPOL-Key retry"""
2929 ssid = "test-wpa2-psk"
2930 passphrase = 'qwertyuiop'
2931 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
2932 params['wpa_disable_eapol_key_retries'] = '1'
2933 hapd = hostapd.add_ap(apdev[0], params)
2934 bssid = apdev[0]['bssid']
2935
2936 logger.info("Verify working 4-way handshake without retries")
2937 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
2938 dev[0].request("REMOVE_NETWORK all")
2939 dev[0].wait_disconnected()
2940 dev[0].dump_monitor()
2941 addr = dev[0].own_addr()
2942
2943 logger.info("Verify no retransmission of message 3/4")
2944 hapd.request("SET ext_eapol_frame_io 1")
2945 dev[0].request("SET ext_eapol_frame_io 1")
2946 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
2947
2948 ev = hapd.wait_event(["EAPOL-TX"], timeout=5)
2949 if ev is None:
2950 raise Exception("Timeout on EAPOL-TX (M1) from hostapd")
2951 ev = hapd.wait_event(["EAPOL-TX"], timeout=5)
2952 if ev is None:
2953 raise Exception("Timeout on EAPOL-TX (M1 retry) from hostapd")
2954 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
2955 if "OK" not in res:
2956 raise Exception("EAPOL_RX (M1) to wpa_supplicant failed")
2957 ev = dev[0].wait_event(["EAPOL-TX"], timeout=5)
2958 if ev is None:
2959 raise Exception("Timeout on EAPOL-TX (M2) from wpa_supplicant")
2960 dev[0].dump_monitor()
2961 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
2962 if "OK" not in res:
2963 raise Exception("EAPOL_RX (M2) to hostapd failed")
2964
2965 ev = hapd.wait_event(["EAPOL-TX"], timeout=5)
2966 if ev is None:
2967 raise Exception("Timeout on EAPOL-TX (M3) from hostapd")
2968 ev = hapd.wait_event(["EAPOL-TX"], timeout=2)
2969 if ev is not None:
2970 raise Exception("Unexpected EAPOL-TX M3 retry from hostapd")
2971 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=3)
2972 if ev is None:
2973 raise Exception("Disconnection not reported")
2974 dev[0].request("REMOVE_NETWORK all")
2975 dev[0].dump_monitor()
2976
2977def test_ap_wpa2_disable_eapol_retry_group(dev, apdev):
2978 """WPA2-PSK disable EAPOL-Key retry for group handshake"""
2979 ssid = "test-wpa2-psk"
2980 passphrase = 'qwertyuiop'
2981 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
2982 params['wpa_disable_eapol_key_retries'] = '1'
2983 params['wpa_strict_rekey'] = '1'
2984 hapd = hostapd.add_ap(apdev[0], params)
2985 bssid = apdev[0]['bssid']
2986
2987 id = dev[1].connect(ssid, psk=passphrase, scan_freq="2412")
2988 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
2989 dev[0].dump_monitor()
2990 addr = dev[0].own_addr()
2991
2992 dev[1].request("DISCONNECT")
2993 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
2994 if ev is None:
2995 raise Exception("GTK rekey timed out")
2996 dev[1].request("RECONNECT")
2997 dev[1].wait_connected()
2998 dev[0].dump_monitor()
2999
3000 hapd.request("SET ext_eapol_frame_io 1")
3001 dev[0].request("SET ext_eapol_frame_io 1")
3002 dev[1].request("DISCONNECT")
3003
3004 ev = hapd.wait_event(["EAPOL-TX"], timeout=5)
3005 if ev is None:
3006 raise Exception("Timeout on EAPOL-TX (group M1) from hostapd")
3007 ev = hapd.wait_event(["EAPOL-TX"], timeout=2)
3008 if ev is not None:
3009 raise Exception("Unexpected EAPOL-TX group M1 retry from hostapd")
3010 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=3)
3011 if ev is None:
3012 raise Exception("Disconnection not reported")
3013 dev[0].request("REMOVE_NETWORK all")
3014 dev[0].dump_monitor()
c773c7d5
JM		 3015
3016def test_ap_wpa2_psk_mic_0(dev, apdev):
3017 """WPA2-PSK/TKIP and MIC=0 in EAPOL-Key msg 3/4"""
3018 bssid = apdev[0]['bssid']
3019 ssid = "test-wpa2-psk"
3020 passphrase = 'qwertyuiop'
3021 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
3022 params['rsn_pairwise'] = "TKIP"
3023 hapd = hostapd.add_ap(apdev[0], params)
3024 hapd.request("SET ext_eapol_frame_io 1")
3025 dev[0].request("SET ext_eapol_frame_io 1")
3026 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
3027 addr = dev[0].own_addr()
3028
3029 # EAPOL-Key msg 1/4
3030 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
3031 if ev is None:
3032 raise Exception("Timeout on EAPOL-TX from hostapd")
3033 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
3034 if "OK" not in res:
3035 raise Exception("EAPOL_RX to wpa_supplicant failed")
3036
3037 # EAPOL-Key msg 2/4
3038 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
3039 if ev is None:
3040 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
3041 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
3042 if "OK" not in res:
3043 raise Exception("EAPOL_RX to hostapd failed")
3044 dev[0].dump_monitor()
3045
3046 # EAPOL-Key msg 3/4
3047 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
3048 if ev is None:
3049 raise Exception("Timeout on EAPOL-TX from hostapd")
3050 msg3 = ev.split(' ')[2]
3051 res = dev[0].request("EAPOL_RX " + bssid + " " + msg3)
3052 if "OK" not in res:
3053 raise Exception("EAPOL_RX to wpa_supplicant failed")
3054
3055 # EAPOL-Key msg 4/4
3056 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
3057 if ev is None:
3058 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
3059 # Do not send to the AP
3060
3061 # EAPOL-Key msg 3/4 with MIC=0 and modifications
3062 eapol_hdr = msg3[0:8]
3063 key_type = msg3[8:10]
3064 key_info = msg3[10:14]
3065 key_length = msg3[14:18]
3066 replay_counter = msg3[18:34]
3067 key_nonce = msg3[34:98]
3068 key_iv = msg3[98:130]
3069 key_rsc = msg3[130:146]
3070 key_id = msg3[146:162]
3071 key_mic = msg3[162:194]
3072 key_data_len = msg3[194:198]
3073 key_data = msg3[198:]
3074
3075 msg3b = eapol_hdr + key_type
3076 msg3b += "12c9" # Clear MIC bit from key_info (originally 13c9)
3077 msg3b += key_length
3078 msg3b += '0000000000000003'
3079 msg3b += key_nonce + key_iv + key_rsc + key_id
3080 msg3b += 32*'0' # Clear MIC value
3081 msg3b += key_data_len + key_data
3082 dev[0].dump_monitor()
3083 res = dev[0].request("EAPOL_RX " + bssid + " " + msg3b)
3084 if "OK" not in res:
3085 raise Exception("EAPOL_RX to wpa_supplicant failed")
3086 ev = dev[0].wait_event(["EAPOL-TX", "WPA: Ignore EAPOL-Key"], timeout=2)
3087 if ev is None:
3088 raise Exception("No event from wpa_supplicant")
3089 if "EAPOL-TX" in ev:
3090 raise Exception("Unexpected EAPOL-Key message from wpa_supplicant")
3091 dev[0].request("DISCONNECT")
Unnamed repository; edit this file 'description' to name the repository.