1 # Fast BSS Transition tests
2 # Copyright (c) 2013-2019, Jouni Malinen <j@w1.fi>
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
7 from remotehost
import remote_compatible
12 logger
= logging
.getLogger()
18 from hwsim
import HWSimRadio
20 from tshark
import run_tshark
21 from utils
import HwsimSkip
, alloc_fail
, fail_test
, wait_fail_trigger
, skip_with_fips
, parse_ie
22 from wlantest
import Wlantest
23 from test_ap_psk
import check_mib
, find_wpas_process
, read_process_memory
, verify_not_present
, get_key_locations
24 from test_rrm
import check_beacon_req
25 from test_suite_b
import check_suite_b_192_capa
29 "wpa_key_mgmt": "FT-PSK",
30 "rsn_pairwise": "CCMP"}
35 "wpa_key_mgmt": "WPA-PSK FT-PSK",
36 "wpa_pairwise": "TKIP",
37 "rsn_pairwise": "CCMP"}
40 def ft_params(rsn
=True, ssid
=None, passphrase
=None):
42 params
= ft_base_rsn()
44 params
= ft_base_mixed()
48 params
["wpa_passphrase"] = passphrase
50 params
["mobility_domain"] = "a1b2"
51 params
["r0_key_lifetime"] = "10000"
52 params
["pmk_r1_push"] = "1"
53 params
["reassociation_deadline"] = "1000"
56 def ft_params1a(rsn
=True, ssid
=None, passphrase
=None):
57 params
= ft_params(rsn
, ssid
, passphrase
)
58 params
['nas_identifier'] = "nas1.w1.fi"
59 params
['r1_key_holder'] = "000102030405"
62 def ft_params1(rsn
=True, ssid
=None, passphrase
=None, discovery
=False):
63 params
= ft_params1a(rsn
, ssid
, passphrase
)
65 params
['r0kh'] = "ff:ff:ff:ff:ff:ff * 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
66 params
['r1kh'] = "00:00:00:00:00:00 00:00:00:00:00:00 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
68 params
['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f",
69 "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"]
70 params
['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f"
73 def ft_params1_old_key(rsn
=True, ssid
=None, passphrase
=None):
74 params
= ft_params1a(rsn
, ssid
, passphrase
)
75 params
['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f",
76 "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f"]
77 params
['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f"
80 def ft_params2a(rsn
=True, ssid
=None, passphrase
=None):
81 params
= ft_params(rsn
, ssid
, passphrase
)
82 params
['nas_identifier'] = "nas2.w1.fi"
83 params
['r1_key_holder'] = "000102030406"
86 def ft_params2(rsn
=True, ssid
=None, passphrase
=None, discovery
=False):
87 params
= ft_params2a(rsn
, ssid
, passphrase
)
89 params
['r0kh'] = "ff:ff:ff:ff:ff:ff * 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
90 params
['r1kh'] = "00:00:00:00:00:00 00:00:00:00:00:00 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
92 params
['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f",
93 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f"]
94 params
['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"
97 def ft_params2_old_key(rsn
=True, ssid
=None, passphrase
=None):
98 params
= ft_params2a(rsn
, ssid
, passphrase
)
99 params
['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f",
100 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f"]
101 params
['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f"
104 def ft_params1_r0kh_mismatch(rsn
=True, ssid
=None, passphrase
=None):
105 params
= ft_params(rsn
, ssid
, passphrase
)
106 params
['nas_identifier'] = "nas1.w1.fi"
107 params
['r1_key_holder'] = "000102030405"
108 params
['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f",
109 "12:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"]
110 params
['r1kh'] = "12:00:00:00:04:00 10:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f"
113 def ft_params2_incorrect_rrb_key(rsn
=True, ssid
=None, passphrase
=None):
114 params
= ft_params(rsn
, ssid
, passphrase
)
115 params
['nas_identifier'] = "nas2.w1.fi"
116 params
['r1_key_holder'] = "000102030406"
117 params
['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0ef1200102030405060708090a0b0c0d0ef1",
118 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0ef2000102030405060708090a0b0c0d0ef2"]
119 params
['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0ef3300102030405060708090a0b0c0d0ef3"
122 def ft_params2_r0kh_mismatch(rsn
=True, ssid
=None, passphrase
=None):
123 params
= ft_params(rsn
, ssid
, passphrase
)
124 params
['nas_identifier'] = "nas2.w1.fi"
125 params
['r1_key_holder'] = "000102030406"
126 params
['r0kh'] = ["12:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f",
127 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f"]
128 params
['r1kh'] = "12:00:00:00:03:00 10:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"
131 def run_roams(dev
, apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=False,
132 sae
=False, eap
=False, fail_test
=False, roams
=1,
133 pairwise_cipher
="CCMP", group_cipher
="TKIP CCMP", ptk_rekey
="0",
134 test_connectivity
=True, eap_identity
="gpsk user", conndev
=False,
135 force_initial_conn_to_first_ap
=False, sha384
=False,
136 group_mgmt
=None, ocv
=None, sae_password
=None,
137 sae_password_id
=None, sae_and_psk
=False, pmksa_caching
=False,
138 roam_with_reassoc
=False, also_non_ft
=False, only_one_way
=False,
139 wait_before_roam
=0, return_after_initial
=False, ieee80211w
="1"):
140 logger
.info("Connect to first AP")
143 copts
["proto"] = "WPA2"
144 copts
["ieee80211w"] = ieee80211w
145 copts
["scan_freq"] = "2412"
146 copts
["pairwise"] = pairwise_cipher
147 copts
["group"] = group_cipher
148 copts
["wpa_ptk_rekey"] = ptk_rekey
150 copts
["group_mgmt"] = group_mgmt
155 copts
["ft_eap_pmksa_caching"] = "1"
157 copts
["key_mgmt"] = "WPA-EAP-SUITE-B-192 FT-EAP-SHA384" if sha384
else "WPA-EAP FT-EAP"
159 copts
["key_mgmt"] = "FT-EAP-SHA384" if sha384
else "FT-EAP"
160 copts
["eap"] = "GPSK"
161 copts
["identity"] = eap_identity
162 copts
["password"] = "abcdefghijklmnop0123456789abcdef"
165 copts
["key_mgmt"] = "SAE FT-SAE" if sae_and_psk
else "FT-SAE"
167 copts
["key_mgmt"] = "FT-PSK"
169 copts
["psk"] = passphrase
171 copts
["sae_password"] = sae_password
173 copts
["sae_password_id"] = sae_password_id
174 if force_initial_conn_to_first_ap
:
175 copts
["bssid"] = apdev
[0]['bssid']
176 netw
= dev
.connect(ssid
, **copts
)
178 if dev
.get_status_field('bssid') == apdev
[0]['bssid']:
182 dev
.request("DISCONNECT")
183 dev
.wait_disconnected()
184 dev
.request("RECONNECT")
185 ev
= dev
.wait_event(["CTRL-EVENT-CONNECTED",
186 "CTRL-EVENT-DISCONNECTED",
187 "CTRL-EVENT-EAP-STARTED"],
190 raise Exception("Reconnect timed out")
191 if "CTRL-EVENT-DISCONNECTED" in ev
:
192 raise Exception("Unexpected disconnection after RECONNECT")
193 if "CTRL-EVENT-EAP-STARTED" in ev
:
194 raise Exception("Unexpected EAP start after RECONNECT")
196 if dev
.get_status_field('bssid') == apdev
[0]['bssid']:
206 if test_connectivity
:
209 hwsim_utils
.test_connectivity_iface(dev
, hapd1ap
, conndev
)
211 hwsim_utils
.test_connectivity(dev
, hapd1ap
)
213 if return_after_initial
:
217 time
.sleep(wait_before_roam
)
218 dev
.scan_for_bss(ap2
['bssid'], freq
="2412")
220 for i
in range(0, roams
):
221 # Roaming artificially fast can make data test fail because the key is
224 logger
.info("Roam to the second AP")
225 if roam_with_reassoc
:
226 dev
.set_network(netw
, "bssid", ap2
['bssid'])
227 dev
.request("REASSOCIATE")
230 dev
.roam_over_ds(ap2
['bssid'], fail_test
=fail_test
)
232 dev
.roam(ap2
['bssid'], fail_test
=fail_test
)
235 if dev
.get_status_field('bssid') != ap2
['bssid']:
236 raise Exception("Did not connect to correct AP")
237 if (i
== 0 or i
== roams
- 1) and test_connectivity
:
240 hwsim_utils
.test_connectivity_iface(dev
, hapd2ap
, conndev
)
242 hwsim_utils
.test_connectivity(dev
, hapd2ap
)
246 # Roaming artificially fast can make data test fail because the key is
249 logger
.info("Roam back to the first AP")
250 if roam_with_reassoc
:
251 dev
.set_network(netw
, "bssid", ap1
['bssid'])
252 dev
.request("REASSOCIATE")
255 dev
.roam_over_ds(ap1
['bssid'])
257 dev
.roam(ap1
['bssid'])
258 if dev
.get_status_field('bssid') != ap1
['bssid']:
259 raise Exception("Did not connect to correct AP")
260 if (i
== 0 or i
== roams
- 1) and test_connectivity
:
263 hwsim_utils
.test_connectivity_iface(dev
, hapd1ap
, conndev
)
265 hwsim_utils
.test_connectivity(dev
, hapd1ap
)
267 def test_ap_ft(dev
, apdev
):
270 passphrase
= "12345678"
272 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
273 hapd0
= hostapd
.add_ap(apdev
[0], params
)
274 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
275 hapd1
= hostapd
.add_ap(apdev
[1], params
)
277 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
278 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
279 raise Exception("Scan results missing RSN element info")
281 def test_ap_ft_old_key(dev
, apdev
):
282 """WPA2-PSK-FT AP (old key)"""
284 passphrase
= "12345678"
286 params
= ft_params1_old_key(ssid
=ssid
, passphrase
=passphrase
)
287 hapd0
= hostapd
.add_ap(apdev
[0], params
)
288 params
= ft_params2_old_key(ssid
=ssid
, passphrase
=passphrase
)
289 hapd1
= hostapd
.add_ap(apdev
[1], params
)
291 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
293 def test_ap_ft_multi_akm(dev
, apdev
):
294 """WPA2-PSK-FT AP with non-FT AKMs enabled"""
296 passphrase
= "12345678"
298 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
299 params
["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256"
300 hapd0
= hostapd
.add_ap(apdev
[0], params
)
301 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
302 params
["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256"
303 hapd1
= hostapd
.add_ap(apdev
[1], params
)
305 Wlantest
.setup(hapd0
)
308 wt
.add_passphrase(passphrase
)
310 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
311 if "[WPA2-PSK+FT/PSK+PSK-SHA256-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
312 raise Exception("Scan results missing RSN element info")
313 dev
[1].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
314 dev
[2].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK-SHA256",
317 def test_ap_ft_local_key_gen(dev
, apdev
):
318 """WPA2-PSK-FT AP with local key generation (without pull/push)"""
320 passphrase
= "12345678"
322 params
= ft_params1a(ssid
=ssid
, passphrase
=passphrase
)
323 params
['ft_psk_generate_local'] = "1"
324 del params
['pmk_r1_push']
325 hapd0
= hostapd
.add_ap(apdev
[0], params
)
326 params
= ft_params2a(ssid
=ssid
, passphrase
=passphrase
)
327 params
['ft_psk_generate_local'] = "1"
328 del params
['pmk_r1_push']
329 hapd1
= hostapd
.add_ap(apdev
[1], params
)
331 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
332 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
333 raise Exception("Scan results missing RSN element info")
335 def test_ap_ft_vlan(dev
, apdev
):
336 """WPA2-PSK-FT AP with VLAN"""
338 passphrase
= "12345678"
339 filename
= hostapd
.acl_file(dev
, apdev
, 'hostapd.accept')
340 hostapd
.send_file(apdev
[0], filename
, filename
)
341 hostapd
.send_file(apdev
[1], filename
, filename
)
343 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
344 params
['dynamic_vlan'] = "1"
345 params
['accept_mac_file'] = filename
346 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
348 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
349 params
['dynamic_vlan'] = "1"
350 params
['accept_mac_file'] = filename
351 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
353 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, conndev
="brvlan1")
354 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
355 raise Exception("Scan results missing RSN element info")
357 def test_ap_ft_vlan_disconnected(dev
, apdev
):
358 """WPA2-PSK-FT AP with VLAN and local key generation"""
360 passphrase
= "12345678"
361 filename
= hostapd
.acl_file(dev
, apdev
, 'hostapd.accept')
362 hostapd
.send_file(apdev
[0], filename
, filename
)
363 hostapd
.send_file(apdev
[1], filename
, filename
)
365 params
= ft_params1a(ssid
=ssid
, passphrase
=passphrase
)
366 params
['dynamic_vlan'] = "1"
367 params
['accept_mac_file'] = filename
368 params
['ft_psk_generate_local'] = "1"
369 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
371 params
= ft_params2a(ssid
=ssid
, passphrase
=passphrase
)
372 params
['dynamic_vlan'] = "1"
373 params
['accept_mac_file'] = filename
374 params
['ft_psk_generate_local'] = "1"
375 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
377 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, conndev
="brvlan1")
378 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
379 raise Exception("Scan results missing RSN element info")
381 def test_ap_ft_vlan_2(dev
, apdev
):
382 """WPA2-PSK-FT AP with VLAN and dest-AP does not have VLAN info locally"""
384 passphrase
= "12345678"
385 filename
= hostapd
.acl_file(dev
, apdev
, 'hostapd.accept')
386 hostapd
.send_file(apdev
[0], filename
, filename
)
388 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
389 params
['dynamic_vlan'] = "1"
390 params
['accept_mac_file'] = filename
391 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
393 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
394 params
['dynamic_vlan'] = "1"
395 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
397 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, conndev
="brvlan1",
398 force_initial_conn_to_first_ap
=True)
399 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
400 raise Exception("Scan results missing RSN element info")
402 def test_ap_ft_many(dev
, apdev
):
403 """WPA2-PSK-FT AP multiple times"""
405 passphrase
= "12345678"
407 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
408 hapd0
= hostapd
.add_ap(apdev
[0], params
)
409 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
410 hapd1
= hostapd
.add_ap(apdev
[1], params
)
412 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, roams
=50)
414 def test_ap_ft_many_vlan(dev
, apdev
):
415 """WPA2-PSK-FT AP with VLAN multiple times"""
417 passphrase
= "12345678"
418 filename
= hostapd
.acl_file(dev
, apdev
, 'hostapd.accept')
419 hostapd
.send_file(apdev
[0], filename
, filename
)
420 hostapd
.send_file(apdev
[1], filename
, filename
)
422 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
423 params
['dynamic_vlan'] = "1"
424 params
['accept_mac_file'] = filename
425 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
427 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
428 params
['dynamic_vlan'] = "1"
429 params
['accept_mac_file'] = filename
430 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
432 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, roams
=50,
435 def test_ap_ft_mixed(dev
, apdev
):
436 """WPA2-PSK-FT mixed-mode AP"""
437 ssid
= "test-ft-mixed"
438 passphrase
= "12345678"
440 params
= ft_params1(rsn
=False, ssid
=ssid
, passphrase
=passphrase
)
441 hapd
= hostapd
.add_ap(apdev
[0], params
)
442 key_mgmt
= hapd
.get_config()['key_mgmt']
443 vals
= key_mgmt
.split(' ')
444 if vals
[0] != "WPA-PSK" or vals
[1] != "FT-PSK":
445 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
446 params
= ft_params2(rsn
=False, ssid
=ssid
, passphrase
=passphrase
)
447 hapd1
= hostapd
.add_ap(apdev
[1], params
)
449 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
)
451 def test_ap_ft_pmf(dev
, apdev
):
452 """WPA2-PSK-FT AP with PMF"""
453 run_ap_ft_pmf(dev
, apdev
, "1")
455 def test_ap_ft_pmf_over_ds(dev
, apdev
):
456 """WPA2-PSK-FT AP with PMF (over DS)"""
457 run_ap_ft_pmf(dev
, apdev
, "1", over_ds
=True)
459 def test_ap_ft_pmf_required(dev
, apdev
):
460 """WPA2-PSK-FT AP with PMF required on STA"""
461 run_ap_ft_pmf(dev
, apdev
, "2")
463 def test_ap_ft_pmf_required_over_ds(dev
, apdev
):
464 """WPA2-PSK-FT AP with PMF required on STA (over DS)"""
465 run_ap_ft_pmf(dev
, apdev
, "2", over_ds
=True)
467 def run_ap_ft_pmf(dev
, apdev
, ieee80211w
, over_ds
=False):
469 passphrase
= "12345678"
471 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
472 params
["ieee80211w"] = "2"
473 hapd0
= hostapd
.add_ap(apdev
[0], params
)
474 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
475 params
["ieee80211w"] = "2"
476 hapd1
= hostapd
.add_ap(apdev
[1], params
)
478 Wlantest
.setup(hapd0
)
481 wt
.add_passphrase(passphrase
)
483 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
,
484 ieee80211w
=ieee80211w
, over_ds
=over_ds
)
486 def test_ap_ft_pmf_required_mismatch(dev
, apdev
):
487 """WPA2-PSK-FT AP with PMF required on STA but AP2 not enabling PMF"""
488 run_ap_ft_pmf_required_mismatch(dev
, apdev
)
490 def test_ap_ft_pmf_required_mismatch_over_ds(dev
, apdev
):
491 """WPA2-PSK-FT AP with PMF required on STA but AP2 not enabling PMF (over DS)"""
492 run_ap_ft_pmf_required_mismatch(dev
, apdev
, over_ds
=True)
494 def run_ap_ft_pmf_required_mismatch(dev
, apdev
, over_ds
=False):
496 passphrase
= "12345678"
498 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
499 params
["ieee80211w"] = "2"
500 hapd0
= hostapd
.add_ap(apdev
[0], params
)
501 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
502 params
["ieee80211w"] = "0"
503 hapd1
= hostapd
.add_ap(apdev
[1], params
)
505 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, ieee80211w
="2",
506 force_initial_conn_to_first_ap
=True, fail_test
=True,
509 def test_ap_ft_pmf_bip_cmac_128(dev
, apdev
):
510 """WPA2-PSK-FT AP with PMF/BIP-CMAC-128"""
511 run_ap_ft_pmf_bip(dev
, apdev
, "AES-128-CMAC")
513 def test_ap_ft_pmf_bip_gmac_128(dev
, apdev
):
514 """WPA2-PSK-FT AP with PMF/BIP-GMAC-128"""
515 run_ap_ft_pmf_bip(dev
, apdev
, "BIP-GMAC-128")
517 def test_ap_ft_pmf_bip_gmac_256(dev
, apdev
):
518 """WPA2-PSK-FT AP with PMF/BIP-GMAC-256"""
519 run_ap_ft_pmf_bip(dev
, apdev
, "BIP-GMAC-256")
521 def test_ap_ft_pmf_bip_cmac_256(dev
, apdev
):
522 """WPA2-PSK-FT AP with PMF/BIP-CMAC-256"""
523 run_ap_ft_pmf_bip(dev
, apdev
, "BIP-CMAC-256")
525 def run_ap_ft_pmf_bip(dev
, apdev
, cipher
):
526 if cipher
not in dev
[0].get_capability("group_mgmt"):
527 raise HwsimSkip("Cipher %s not supported" % cipher
)
530 passphrase
= "12345678"
532 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
533 params
["ieee80211w"] = "2"
534 params
["group_mgmt_cipher"] = cipher
535 hapd0
= hostapd
.add_ap(apdev
[0], params
)
536 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
537 params
["ieee80211w"] = "2"
538 params
["group_mgmt_cipher"] = cipher
539 hapd1
= hostapd
.add_ap(apdev
[1], params
)
541 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
,
544 def test_ap_ft_ocv(dev
, apdev
):
545 """WPA2-PSK-FT AP with OCV"""
547 passphrase
= "12345678"
549 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
550 params
["ieee80211w"] = "2"
553 hapd0
= hostapd
.add_ap(apdev
[0], params
)
554 except Exception as e
:
555 if "Failed to set hostapd parameter ocv" in str(e
):
556 raise HwsimSkip("OCV not supported")
558 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
559 params
["ieee80211w"] = "2"
561 hapd1
= hostapd
.add_ap(apdev
[1], params
)
563 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, ocv
="1")
565 def test_ap_ft_over_ds(dev
, apdev
):
566 """WPA2-PSK-FT AP over DS"""
568 passphrase
= "12345678"
570 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
571 hapd0
= hostapd
.add_ap(apdev
[0], params
)
572 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
573 hapd1
= hostapd
.add_ap(apdev
[1], params
)
575 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
576 check_mib(dev
[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"),
577 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4")])
579 def cleanup_ap_ft_separate_hostapd():
580 subprocess
.call(["brctl", "delif", "br0ft", "veth0"],
581 stderr
=open('/dev/null', 'w'))
582 subprocess
.call(["brctl", "delif", "br1ft", "veth1"],
583 stderr
=open('/dev/null', 'w'))
584 subprocess
.call(["ip", "link", "del", "veth0"],
585 stderr
=open('/dev/null', 'w'))
586 subprocess
.call(["ip", "link", "del", "veth1"],
587 stderr
=open('/dev/null', 'w'))
588 for ifname
in ['br0ft', 'br1ft', 'br-ft']:
589 subprocess
.call(['ip', 'link', 'set', 'dev', ifname
, 'down'],
590 stderr
=open('/dev/null', 'w'))
591 subprocess
.call(['brctl', 'delbr', ifname
],
592 stderr
=open('/dev/null', 'w'))
594 def test_ap_ft_separate_hostapd(dev
, apdev
, params
):
595 """WPA2-PSK-FT AP and separate hostapd process"""
597 run_ap_ft_separate_hostapd(dev
, apdev
, params
, False)
599 cleanup_ap_ft_separate_hostapd()
601 def test_ap_ft_over_ds_separate_hostapd(dev
, apdev
, params
):
602 """WPA2-PSK-FT AP over DS and separate hostapd process"""
604 run_ap_ft_separate_hostapd(dev
, apdev
, params
, True)
606 cleanup_ap_ft_separate_hostapd()
608 def run_ap_ft_separate_hostapd(dev
, apdev
, params
, over_ds
):
610 passphrase
= "12345678"
611 logdir
= params
['logdir']
612 pidfile
= os
.path
.join(logdir
, 'ap_ft_over_ds_separate_hostapd.pid')
613 logfile
= os
.path
.join(logdir
, 'ap_ft_over_ds_separate_hostapd.hapd')
614 global_ctrl
= '/var/run/hostapd-ft'
618 subprocess
.check_call(['brctl', 'addbr', br_ifname
])
619 subprocess
.check_call(['brctl', 'setfd', br_ifname
, '0'])
620 subprocess
.check_call(['ip', 'link', 'set', 'dev', br_ifname
, 'up'])
622 subprocess
.check_call(["ip", "link", "add", "veth0", "type", "veth",
623 "peer", "name", "veth0br"])
624 subprocess
.check_call(["ip", "link", "add", "veth1", "type", "veth",
625 "peer", "name", "veth1br"])
626 subprocess
.check_call(['ip', 'link', 'set', 'dev', 'veth0br', 'up'])
627 subprocess
.check_call(['ip', 'link', 'set', 'dev', 'veth1br', 'up'])
628 subprocess
.check_call(['brctl', 'addif', br_ifname
, 'veth0br'])
629 subprocess
.check_call(['brctl', 'addif', br_ifname
, 'veth1br'])
631 subprocess
.check_call(['brctl', 'addbr', 'br0ft'])
632 subprocess
.check_call(['brctl', 'setfd', 'br0ft', '0'])
633 subprocess
.check_call(['ip', 'link', 'set', 'dev', 'br0ft', 'up'])
634 subprocess
.check_call(['ip', 'link', 'set', 'dev', 'veth0', 'up'])
635 subprocess
.check_call(['brctl', 'addif', 'br0ft', 'veth0'])
636 subprocess
.check_call(['brctl', 'addbr', 'br1ft'])
637 subprocess
.check_call(['brctl', 'setfd', 'br1ft', '0'])
638 subprocess
.check_call(['ip', 'link', 'set', 'dev', 'br1ft', 'up'])
639 subprocess
.check_call(['ip', 'link', 'set', 'dev', 'veth1', 'up'])
640 subprocess
.check_call(['brctl', 'addif', 'br1ft', 'veth1'])
641 except subprocess
.CalledProcessError
:
642 raise HwsimSkip("Bridge or veth not supported (kernel CONFIG_VETH)")
644 with
HWSimRadio() as (radio
, iface
):
645 prg
= os
.path
.join(logdir
, 'alt-hostapd/hostapd/hostapd')
646 if not os
.path
.exists(prg
):
647 prg
= '../../hostapd/hostapd'
648 cmd
= [prg
, '-B', '-ddKt',
649 '-P', pidfile
, '-f', logfile
, '-g', global_ctrl
]
650 subprocess
.check_call(cmd
)
652 hglobal
= hostapd
.HostapdGlobal(global_ctrl_override
=global_ctrl
)
653 apdev_ft
= {'ifname': iface
}
654 apdev2
= [apdev_ft
, apdev
[1]]
656 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
657 params
["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
658 params
["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
659 params
['bridge'] = 'br0ft'
660 hapd0
= hostapd
.add_ap(apdev2
[0], params
,
661 global_ctrl_override
=global_ctrl
)
662 apdev2
[0]['bssid'] = hapd0
.own_addr()
663 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
664 params
["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
665 params
["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
666 params
['bridge'] = 'br1ft'
667 hapd1
= hostapd
.add_ap(apdev2
[1], params
)
669 run_roams(dev
[0], apdev2
, hapd0
, hapd1
, ssid
, passphrase
,
670 over_ds
=over_ds
, test_connectivity
=False)
674 if os
.path
.exists(pidfile
):
675 with
open(pidfile
, 'r') as f
:
678 os
.kill(pid
, signal
.SIGTERM
)
680 def test_ap_ft_over_ds_ocv(dev
, apdev
):
681 """WPA2-PSK-FT AP over DS"""
683 passphrase
= "12345678"
685 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
686 params
["ieee80211w"] = "2"
689 hapd0
= hostapd
.add_ap(apdev
[0], params
)
690 except Exception as e
:
691 if "Failed to set hostapd parameter ocv" in str(e
):
692 raise HwsimSkip("OCV not supported")
694 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
695 params
["ieee80211w"] = "2"
697 hapd1
= hostapd
.add_ap(apdev
[1], params
)
699 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
702 def test_ap_ft_over_ds_disabled(dev
, apdev
):
703 """WPA2-PSK-FT AP over DS disabled"""
705 passphrase
= "12345678"
707 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
708 params
['ft_over_ds'] = '0'
709 hapd0
= hostapd
.add_ap(apdev
[0], params
)
710 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
711 params
['ft_over_ds'] = '0'
712 hapd1
= hostapd
.add_ap(apdev
[1], params
)
714 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
717 def test_ap_ft_vlan_over_ds(dev
, apdev
):
718 """WPA2-PSK-FT AP over DS with VLAN"""
720 passphrase
= "12345678"
721 filename
= hostapd
.acl_file(dev
, apdev
, 'hostapd.accept')
722 hostapd
.send_file(apdev
[0], filename
, filename
)
723 hostapd
.send_file(apdev
[1], filename
, filename
)
725 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
726 params
['dynamic_vlan'] = "1"
727 params
['accept_mac_file'] = filename
728 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
729 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
730 params
['dynamic_vlan'] = "1"
731 params
['accept_mac_file'] = filename
732 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
734 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
736 check_mib(dev
[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"),
737 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4")])
739 def test_ap_ft_over_ds_many(dev
, apdev
):
740 """WPA2-PSK-FT AP over DS multiple times"""
742 passphrase
= "12345678"
744 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
745 hapd0
= hostapd
.add_ap(apdev
[0], params
)
746 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
747 hapd1
= hostapd
.add_ap(apdev
[1], params
)
749 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
752 def test_ap_ft_vlan_over_ds_many(dev
, apdev
):
753 """WPA2-PSK-FT AP over DS with VLAN multiple times"""
755 passphrase
= "12345678"
756 filename
= hostapd
.acl_file(dev
, apdev
, 'hostapd.accept')
757 hostapd
.send_file(apdev
[0], filename
, filename
)
758 hostapd
.send_file(apdev
[1], filename
, filename
)
760 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
761 params
['dynamic_vlan'] = "1"
762 params
['accept_mac_file'] = filename
763 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
764 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
765 params
['dynamic_vlan'] = "1"
766 params
['accept_mac_file'] = filename
767 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
769 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
770 roams
=50, conndev
="brvlan1")
773 def test_ap_ft_over_ds_unknown_target(dev
, apdev
):
776 passphrase
= "12345678"
778 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
779 hapd0
= hostapd
.add_ap(apdev
[0], params
)
781 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
783 dev
[0].roam_over_ds("02:11:22:33:44:55", fail_test
=True)
786 def test_ap_ft_over_ds_unexpected(dev
, apdev
):
787 """WPA2-PSK-FT AP over DS and unexpected response"""
789 passphrase
= "12345678"
791 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
792 hapd0
= hostapd
.add_ap(apdev
[0], params
)
793 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
794 hapd1
= hostapd
.add_ap(apdev
[1], params
)
796 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
798 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
809 addr
= dev
[0].own_addr()
810 hapd1ap
.set("ext_mgmt_frame_handling", "1")
811 logger
.info("Foreign STA address")
815 msg
['sa'] = ap1
['bssid']
816 msg
['bssid'] = ap1
['bssid']
817 msg
['payload'] = binascii
.unhexlify("06021122334455660102030405060000")
820 logger
.info("No over-the-DS in progress")
821 msg
['payload'] = binascii
.unhexlify("0602" + addr
.replace(':', '') + "0102030405060000")
824 logger
.info("Non-zero status code")
825 msg
['payload'] = binascii
.unhexlify("0602" + addr
.replace(':', '') + "0102030405060100")
828 hapd1ap
.dump_monitor()
830 dev
[0].scan_for_bss(ap2
['bssid'], freq
="2412")
831 if "OK" not in dev
[0].request("FT_DS " + ap2
['bssid']):
832 raise Exception("FT_DS failed")
834 req
= hapd1ap
.mgmt_rx()
836 logger
.info("Foreign Target AP")
837 msg
['payload'] = binascii
.unhexlify("0602" + addr
.replace(':', '') + "0102030405060000")
840 addrs
= addr
.replace(':', '') + ap2
['bssid'].replace(':', '')
842 logger
.info("No IEs")
843 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "0000")
846 logger
.info("Invalid IEs (trigger parsing failure)")
847 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003700")
850 logger
.info("Too short MDIE")
851 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "000036021122")
854 logger
.info("Mobility domain mismatch")
855 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603112201")
858 logger
.info("No FTIE")
859 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201")
862 logger
.info("FTIE SNonce mismatch")
863 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "1000000000000000000000000000000000000000000000000000000000000001" + "030a6e6173322e77312e6669")
866 logger
.info("No R0KH-ID subelem in FTIE")
867 snonce
= binascii
.hexlify(req
['payload'][111:111+32]).decode()
868 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b20137520000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
)
871 logger
.info("No R0KH-ID subelem mismatch in FTIE")
872 snonce
= binascii
.hexlify(req
['payload'][111:111+32]).decode()
873 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
+ "030a11223344556677889900")
876 logger
.info("No R1KH-ID subelem in FTIE")
877 r0khid
= binascii
.hexlify(req
['payload'][145:145+10]).decode()
878 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
+ "030a" + r0khid
)
881 logger
.info("No RSNE")
882 r0khid
= binascii
.hexlify(req
['payload'][145:145+10]).decode()
883 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b20137660000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
+ "030a" + r0khid
+ "0106000102030405")
886 def test_ap_ft_pmf_over_ds(dev
, apdev
):
887 """WPA2-PSK-FT AP over DS with PMF"""
888 run_ap_ft_pmf_bip_over_ds(dev
, apdev
, None)
890 def test_ap_ft_pmf_bip_cmac_128_over_ds(dev
, apdev
):
891 """WPA2-PSK-FT AP over DS with PMF/BIP-CMAC-128"""
892 run_ap_ft_pmf_bip_over_ds(dev
, apdev
, "AES-128-CMAC")
894 def test_ap_ft_pmf_bip_gmac_128_over_ds(dev
, apdev
):
895 """WPA2-PSK-FT AP over DS with PMF/BIP-GMAC-128"""
896 run_ap_ft_pmf_bip_over_ds(dev
, apdev
, "BIP-GMAC-128")
898 def test_ap_ft_pmf_bip_gmac_256_over_ds(dev
, apdev
):
899 """WPA2-PSK-FT AP over DS with PMF/BIP-GMAC-256"""
900 run_ap_ft_pmf_bip_over_ds(dev
, apdev
, "BIP-GMAC-256")
902 def test_ap_ft_pmf_bip_cmac_256_over_ds(dev
, apdev
):
903 """WPA2-PSK-FT AP over DS with PMF/BIP-CMAC-256"""
904 run_ap_ft_pmf_bip_over_ds(dev
, apdev
, "BIP-CMAC-256")
906 def run_ap_ft_pmf_bip_over_ds(dev
, apdev
, cipher
):
907 if cipher
and cipher
not in dev
[0].get_capability("group_mgmt"):
908 raise HwsimSkip("Cipher %s not supported" % cipher
)
911 passphrase
= "12345678"
913 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
914 params
["ieee80211w"] = "2"
916 params
["group_mgmt_cipher"] = cipher
917 hapd0
= hostapd
.add_ap(apdev
[0], params
)
918 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
919 params
["ieee80211w"] = "2"
921 params
["group_mgmt_cipher"] = cipher
922 hapd1
= hostapd
.add_ap(apdev
[1], params
)
924 Wlantest
.setup(hapd0
)
927 wt
.add_passphrase(passphrase
)
929 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
932 def test_ap_ft_over_ds_pull(dev
, apdev
):
933 """WPA2-PSK-FT AP over DS (pull PMK)"""
935 passphrase
= "12345678"
937 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
938 params
["pmk_r1_push"] = "0"
939 hapd0
= hostapd
.add_ap(apdev
[0], params
)
940 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
941 params
["pmk_r1_push"] = "0"
942 hapd1
= hostapd
.add_ap(apdev
[1], params
)
944 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
946 def test_ap_ft_over_ds_pull_old_key(dev
, apdev
):
947 """WPA2-PSK-FT AP over DS (pull PMK; old key)"""
949 passphrase
= "12345678"
951 params
= ft_params1_old_key(ssid
=ssid
, passphrase
=passphrase
)
952 params
["pmk_r1_push"] = "0"
953 hapd0
= hostapd
.add_ap(apdev
[0], params
)
954 params
= ft_params2_old_key(ssid
=ssid
, passphrase
=passphrase
)
955 params
["pmk_r1_push"] = "0"
956 hapd1
= hostapd
.add_ap(apdev
[1], params
)
958 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
960 def test_ap_ft_over_ds_pull_vlan(dev
, apdev
):
961 """WPA2-PSK-FT AP over DS (pull PMK) with VLAN"""
963 passphrase
= "12345678"
964 filename
= hostapd
.acl_file(dev
, apdev
, 'hostapd.accept')
965 hostapd
.send_file(apdev
[0], filename
, filename
)
966 hostapd
.send_file(apdev
[1], filename
, filename
)
968 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
969 params
["pmk_r1_push"] = "0"
970 params
['dynamic_vlan'] = "1"
971 params
['accept_mac_file'] = filename
972 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
973 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
974 params
["pmk_r1_push"] = "0"
975 params
['dynamic_vlan'] = "1"
976 params
['accept_mac_file'] = filename
977 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
979 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
982 def start_ft_sae(dev
, apdev
, wpa_ptk_rekey
=None, sae_pwe
=None):
983 if "SAE" not in dev
.get_capability("auth_alg"):
984 raise HwsimSkip("SAE not supported")
986 passphrase
= "12345678"
988 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
989 params
['wpa_key_mgmt'] = "FT-SAE"
991 params
['wpa_ptk_rekey'] = str(wpa_ptk_rekey
)
992 if sae_pwe
is not None:
993 params
['sae_pwe'] = sae_pwe
994 hapd0
= hostapd
.add_ap(apdev
[0], params
)
995 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
996 params
['wpa_key_mgmt'] = "FT-SAE"
998 params
['wpa_ptk_rekey'] = str(wpa_ptk_rekey
)
999 if sae_pwe
is not None:
1000 params
['sae_pwe'] = sae_pwe
1001 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1002 key_mgmt
= hapd1
.get_config()['key_mgmt']
1003 if key_mgmt
.split(' ')[0] != "FT-SAE":
1004 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
1006 dev
.request("SET sae_groups ")
1009 def test_ap_ft_sae(dev
, apdev
):
1010 """WPA2-PSK-FT-SAE AP"""
1011 hapd0
, hapd1
= start_ft_sae(dev
[0], apdev
)
1012 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", sae
=True)
1014 def test_ap_ft_sae_h2e(dev
, apdev
):
1015 """WPA2-PSK-FT-SAE AP (H2E)"""
1017 dev
[0].set("sae_pwe", "2")
1018 hapd0
, hapd1
= start_ft_sae(dev
[0], apdev
, sae_pwe
="2")
1019 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", sae
=True)
1021 dev
[0].set("sae_pwe", "0")
1023 def test_ap_ft_sae_h2e_and_loop(dev
, apdev
):
1024 """WPA2-PSK-FT-SAE AP (AP H2E, STA loop)"""
1025 dev
[0].set("sae_pwe", "0")
1026 hapd0
, hapd1
= start_ft_sae(dev
[0], apdev
, sae_pwe
="2")
1027 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", sae
=True)
1029 def test_ap_ft_sae_ptk_rekey0(dev
, apdev
):
1030 """WPA2-PSK-FT-SAE AP and PTK rekey triggered by station"""
1031 hapd0
, hapd1
= start_ft_sae(dev
[0], apdev
)
1032 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", sae
=True,
1033 ptk_rekey
="1", roams
=0)
1034 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
1036 def test_ap_ft_sae_ptk_rekey1(dev
, apdev
):
1037 """WPA2-PSK-FT-SAE AP and PTK rekey triggered by station"""
1038 hapd0
, hapd1
= start_ft_sae(dev
[0], apdev
)
1039 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", sae
=True,
1040 ptk_rekey
="1", only_one_way
=True)
1041 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
1043 def test_ap_ft_sae_ptk_rekey_ap(dev
, apdev
):
1044 """WPA2-PSK-FT-SAE AP and PTK rekey triggered by AP"""
1045 hapd0
, hapd1
= start_ft_sae(dev
[0], apdev
, wpa_ptk_rekey
=2)
1046 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", sae
=True,
1048 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
1050 def test_ap_ft_sae_over_ds(dev
, apdev
):
1051 """WPA2-PSK-FT-SAE AP over DS"""
1052 hapd0
, hapd1
= start_ft_sae(dev
[0], apdev
)
1053 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", sae
=True,
1056 def test_ap_ft_sae_over_ds_ptk_rekey0(dev
, apdev
):
1057 """WPA2-PSK-FT-SAE AP over DS and PTK rekey triggered by station"""
1058 hapd0
, hapd1
= start_ft_sae(dev
[0], apdev
)
1059 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", sae
=True,
1060 over_ds
=True, ptk_rekey
="1", roams
=0)
1061 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
1063 def test_ap_ft_sae_over_ds_ptk_rekey1(dev
, apdev
):
1064 """WPA2-PSK-FT-SAE AP over DS and PTK rekey triggered by station"""
1065 hapd0
, hapd1
= start_ft_sae(dev
[0], apdev
)
1066 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", sae
=True,
1067 over_ds
=True, ptk_rekey
="1", only_one_way
=True)
1068 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
1070 def test_ap_ft_sae_over_ds_ptk_rekey_ap(dev
, apdev
):
1071 """WPA2-PSK-FT-SAE AP over DS and PTK rekey triggered by AP"""
1072 hapd0
, hapd1
= start_ft_sae(dev
[0], apdev
, wpa_ptk_rekey
=2)
1073 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", sae
=True,
1074 over_ds
=True, only_one_way
=True)
1075 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
1077 def test_ap_ft_sae_pw_id(dev
, apdev
):
1078 """FT-SAE with Password Identifier"""
1079 if "SAE" not in dev
[0].get_capability("auth_alg"):
1080 raise HwsimSkip("SAE not supported")
1083 params
= ft_params1(ssid
=ssid
)
1084 params
["ieee80211w"] = "2"
1085 params
['wpa_key_mgmt'] = "FT-SAE"
1086 params
['sae_password'] = 'secret|id=pwid'
1087 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1088 params
= ft_params2(ssid
=ssid
)
1089 params
["ieee80211w"] = "2"
1090 params
['wpa_key_mgmt'] = "FT-SAE"
1091 params
['sae_password'] = 'secret|id=pwid'
1092 hapd
= hostapd
.add_ap(apdev
[1], params
)
1094 dev
[0].request("SET sae_groups ")
1095 run_roams(dev
[0], apdev
, hapd0
, hapd
, ssid
, passphrase
=None, sae
=True,
1096 sae_password
="secret", sae_password_id
="pwid")
1098 def test_ap_ft_sae_with_both_akms(dev
, apdev
):
1099 """SAE + FT-SAE configuration"""
1100 if "SAE" not in dev
[0].get_capability("auth_alg"):
1101 raise HwsimSkip("SAE not supported")
1103 passphrase
= "12345678"
1105 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1106 params
['wpa_key_mgmt'] = "FT-SAE SAE"
1107 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1108 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1109 params
['wpa_key_mgmt'] = "FT-SAE SAE"
1110 hapd
= hostapd
.add_ap(apdev
[1], params
)
1111 key_mgmt
= hapd
.get_config()['key_mgmt']
1112 if key_mgmt
.split(' ')[0] != "FT-SAE":
1113 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
1115 dev
[0].request("SET sae_groups ")
1116 run_roams(dev
[0], apdev
, hapd0
, hapd
, ssid
, passphrase
, sae
=True,
1119 def test_ap_ft_sae_pmksa_caching(dev
, apdev
):
1120 """WPA2-FT-SAE AP and PMKSA caching for initial mobility domain association"""
1121 if "SAE" not in dev
[0].get_capability("auth_alg"):
1122 raise HwsimSkip("SAE not supported")
1124 passphrase
= "12345678"
1126 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1127 params
['wpa_key_mgmt'] = "FT-SAE"
1128 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1129 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1130 params
['wpa_key_mgmt'] = "FT-SAE"
1131 hapd
= hostapd
.add_ap(apdev
[1], params
)
1132 key_mgmt
= hapd
.get_config()['key_mgmt']
1133 if key_mgmt
.split(' ')[0] != "FT-SAE":
1134 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
1136 dev
[0].request("SET sae_groups ")
1137 run_roams(dev
[0], apdev
, hapd0
, hapd
, ssid
, passphrase
, sae
=True,
1140 def test_ap_ft_sae_pmksa_caching_pwe(dev
, apdev
):
1141 """WPA2-FT-SAE AP and PMKSA caching for initial mobility domain association (STA PWE both)"""
1142 if "SAE" not in dev
[0].get_capability("auth_alg"):
1143 raise HwsimSkip("SAE not supported")
1145 passphrase
= "12345678"
1147 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1148 params
['wpa_key_mgmt'] = "FT-SAE"
1149 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1150 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1151 params
['wpa_key_mgmt'] = "FT-SAE"
1152 hapd
= hostapd
.add_ap(apdev
[1], params
)
1153 key_mgmt
= hapd
.get_config()['key_mgmt']
1154 if key_mgmt
.split(' ')[0] != "FT-SAE":
1155 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
1158 dev
[0].request("SET sae_groups ")
1159 dev
[0].set("sae_pwe", "2")
1160 run_roams(dev
[0], apdev
, hapd0
, hapd
, ssid
, passphrase
, sae
=True,
1163 dev
[0].set("sae_groups", "")
1164 dev
[0].set("sae_pwe", "0")
1166 def test_ap_ft_sae_pmksa_caching_h2e(dev
, apdev
):
1167 """WPA2-FT-SAE AP and PMKSA caching for initial mobility domain association (H2E)"""
1168 if "SAE" not in dev
[0].get_capability("auth_alg"):
1169 raise HwsimSkip("SAE not supported")
1171 passphrase
= "12345678"
1173 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1174 params
['wpa_key_mgmt'] = "FT-SAE"
1175 params
['sae_pwe'] = "1"
1176 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1177 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1178 params
['wpa_key_mgmt'] = "FT-SAE"
1179 params
['sae_pwe'] = "1"
1180 hapd
= hostapd
.add_ap(apdev
[1], params
)
1181 key_mgmt
= hapd
.get_config()['key_mgmt']
1182 if key_mgmt
.split(' ')[0] != "FT-SAE":
1183 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
1186 dev
[0].request("SET sae_groups ")
1187 dev
[0].set("sae_pwe", "1")
1188 run_roams(dev
[0], apdev
, hapd0
, hapd
, ssid
, passphrase
, sae
=True,
1191 dev
[0].set("sae_groups", "")
1192 dev
[0].set("sae_pwe", "0")
1194 def generic_ap_ft_eap(dev
, apdev
, vlan
=False, cui
=False, over_ds
=False,
1195 discovery
=False, roams
=1, wpa_ptk_rekey
=0,
1196 only_one_way
=False):
1198 passphrase
= "12345678"
1200 identity
= "gpsk-vlan1"
1203 identity
= "gpsk-cui"
1206 identity
= "gpsk user"
1209 radius
= hostapd
.radius_params()
1210 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
, discovery
=discovery
)
1211 params
['wpa_key_mgmt'] = "FT-EAP"
1212 params
["ieee8021x"] = "1"
1214 params
["dynamic_vlan"] = "1"
1215 params
= dict(list(radius
.items()) + list(params
.items()))
1216 hapd
= hostapd
.add_ap(apdev
[0], params
)
1217 key_mgmt
= hapd
.get_config()['key_mgmt']
1218 if key_mgmt
.split(' ')[0] != "FT-EAP":
1219 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
1220 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
, discovery
=discovery
)
1221 params
['wpa_key_mgmt'] = "FT-EAP"
1222 params
["ieee8021x"] = "1"
1224 params
["dynamic_vlan"] = "1"
1226 params
["wpa_ptk_rekey"] = str(wpa_ptk_rekey
)
1227 params
= dict(list(radius
.items()) + list(params
.items()))
1228 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1230 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
, eap
=True,
1231 over_ds
=over_ds
, roams
=roams
, eap_identity
=identity
,
1232 conndev
=conndev
, only_one_way
=only_one_way
)
1233 if "[WPA2-FT/EAP-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
1234 raise Exception("Scan results missing RSN element info")
1235 check_mib(dev
[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-3"),
1236 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-3")])
1240 # Verify EAPOL reauthentication after FT protocol
1241 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
1245 ap
.request("EAPOL_REAUTH " + dev
[0].own_addr())
1246 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout
=5)
1248 raise Exception("EAP authentication did not start")
1249 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout
=5)
1251 raise Exception("EAP authentication did not succeed")
1254 hwsim_utils
.test_connectivity_iface(dev
[0], ap
, conndev
)
1256 hwsim_utils
.test_connectivity(dev
[0], ap
)
1258 def test_ap_ft_eap(dev
, apdev
):
1259 """WPA2-EAP-FT AP"""
1260 generic_ap_ft_eap(dev
, apdev
)
1262 def test_ap_ft_eap_cui(dev
, apdev
):
1263 """WPA2-EAP-FT AP with CUI"""
1264 generic_ap_ft_eap(dev
, apdev
, vlan
=False, cui
=True)
1266 def test_ap_ft_eap_vlan(dev
, apdev
):
1267 """WPA2-EAP-FT AP with VLAN"""
1268 generic_ap_ft_eap(dev
, apdev
, vlan
=True)
1270 def test_ap_ft_eap_vlan_multi(dev
, apdev
):
1271 """WPA2-EAP-FT AP with VLAN"""
1272 generic_ap_ft_eap(dev
, apdev
, vlan
=True, roams
=50)
1274 def test_ap_ft_eap_over_ds(dev
, apdev
):
1275 """WPA2-EAP-FT AP using over-the-DS"""
1276 generic_ap_ft_eap(dev
, apdev
, over_ds
=True)
1278 def test_ap_ft_eap_dis(dev
, apdev
):
1279 """WPA2-EAP-FT AP with AP discovery"""
1280 generic_ap_ft_eap(dev
, apdev
, discovery
=True)
1282 def test_ap_ft_eap_dis_over_ds(dev
, apdev
):
1283 """WPA2-EAP-FT AP with AP discovery and over-the-DS"""
1284 generic_ap_ft_eap(dev
, apdev
, over_ds
=True, discovery
=True)
1286 def test_ap_ft_eap_vlan(dev
, apdev
):
1287 """WPA2-EAP-FT AP with VLAN"""
1288 generic_ap_ft_eap(dev
, apdev
, vlan
=True)
1290 def test_ap_ft_eap_vlan_multi(dev
, apdev
):
1291 """WPA2-EAP-FT AP with VLAN"""
1292 generic_ap_ft_eap(dev
, apdev
, vlan
=True, roams
=50)
1294 def test_ap_ft_eap_vlan_over_ds(dev
, apdev
):
1295 """WPA2-EAP-FT AP with VLAN + over_ds"""
1296 generic_ap_ft_eap(dev
, apdev
, vlan
=True, over_ds
=True)
1298 def test_ap_ft_eap_vlan_over_ds_multi(dev
, apdev
):
1299 """WPA2-EAP-FT AP with VLAN + over_ds"""
1300 generic_ap_ft_eap(dev
, apdev
, vlan
=True, over_ds
=True, roams
=50)
1302 def generic_ap_ft_eap_pull(dev
, apdev
, vlan
=False):
1303 """WPA2-EAP-FT AP (pull PMK)"""
1305 passphrase
= "12345678"
1307 identity
= "gpsk-vlan1"
1310 identity
= "gpsk user"
1313 radius
= hostapd
.radius_params()
1314 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1315 params
['wpa_key_mgmt'] = "FT-EAP"
1316 params
["ieee8021x"] = "1"
1317 params
["pmk_r1_push"] = "0"
1319 params
["dynamic_vlan"] = "1"
1320 params
= dict(list(radius
.items()) + list(params
.items()))
1321 hapd
= hostapd
.add_ap(apdev
[0], params
)
1322 key_mgmt
= hapd
.get_config()['key_mgmt']
1323 if key_mgmt
.split(' ')[0] != "FT-EAP":
1324 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
1325 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1326 params
['wpa_key_mgmt'] = "FT-EAP"
1327 params
["ieee8021x"] = "1"
1328 params
["pmk_r1_push"] = "0"
1330 params
["dynamic_vlan"] = "1"
1331 params
= dict(list(radius
.items()) + list(params
.items()))
1332 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1334 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
, eap
=True,
1335 eap_identity
=identity
, conndev
=conndev
)
1337 def test_ap_ft_eap_pull(dev
, apdev
):
1338 """WPA2-EAP-FT AP (pull PMK)"""
1339 generic_ap_ft_eap_pull(dev
, apdev
)
1341 def test_ap_ft_eap_pull_vlan(dev
, apdev
):
1342 generic_ap_ft_eap_pull(dev
, apdev
, vlan
=True)
1344 def test_ap_ft_eap_pull_wildcard(dev
, apdev
):
1345 """WPA2-EAP-FT AP (pull PMK) - wildcard R0KH/R1KH"""
1347 passphrase
= "12345678"
1349 radius
= hostapd
.radius_params()
1350 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
, discovery
=True)
1351 params
['wpa_key_mgmt'] = "WPA-EAP FT-EAP"
1352 params
["ieee8021x"] = "1"
1353 params
["pmk_r1_push"] = "0"
1354 params
["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
1355 params
["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
1356 params
["ft_psk_generate_local"] = "1"
1357 params
["eap_server"] = "0"
1358 params
["rkh_pos_timeout"] = "100"
1359 params
["rkh_neg_timeout"] = "50"
1360 params
["rkh_pull_timeout"] = "1234"
1361 params
["rkh_pull_retries"] = "10"
1362 params
= dict(list(radius
.items()) + list(params
.items()))
1363 hapd
= hostapd
.add_ap(apdev
[0], params
)
1364 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
, discovery
=True)
1365 params
['wpa_key_mgmt'] = "WPA-EAP FT-EAP"
1366 params
["ieee8021x"] = "1"
1367 params
["pmk_r1_push"] = "0"
1368 params
["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
1369 params
["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
1370 params
["ft_psk_generate_local"] = "1"
1371 params
["eap_server"] = "0"
1372 params
= dict(list(radius
.items()) + list(params
.items()))
1373 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1375 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
, eap
=True)
1377 def test_ap_ft_eap_pull_wildcard_multi_bss(dev
, apdev
, params
):
1378 """WPA2-EAP-FT AP (pull PMK) - wildcard R0KH/R1KH with multiple BSSs"""
1379 bssconf
= os
.path
.join(params
['logdir'],
1380 'ap_ft_eap_pull_wildcard_multi_bss.bss.conf')
1382 passphrase
= "12345678"
1383 radius
= hostapd
.radius_params()
1385 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
, discovery
=True)
1386 params
['wpa_key_mgmt'] = "WPA-EAP FT-EAP"
1387 params
["ieee8021x"] = "1"
1388 params
["pmk_r1_push"] = "0"
1389 params
["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
1390 params
["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
1391 params
["eap_server"] = "0"
1392 params
= dict(list(radius
.items()) + list(params
.items()))
1393 hapd
= hostapd
.add_ap(apdev
[0], params
)
1394 ifname2
= apdev
[0]['ifname'] + "-2"
1395 bssid2
= "02:00:00:00:03:01"
1396 params
['nas_identifier'] = "nas1b.w1.fi"
1397 params
['r1_key_holder'] = "000102030415"
1398 with
open(bssconf
, 'w') as f
:
1399 f
.write("driver=nl80211\n")
1400 f
.write("hw_mode=g\n")
1401 f
.write("channel=1\n")
1402 f
.write("ieee80211n=1\n")
1403 f
.write("interface=%s\n" % ifname2
)
1404 f
.write("bssid=%s\n" % bssid2
)
1405 f
.write("ctrl_interface=/var/run/hostapd\n")
1406 for name
, val
in params
.items():
1407 f
.write("%s=%s\n" % (name
, val
))
1408 hapd2
= hostapd
.add_bss(apdev
[0], ifname2
, bssconf
)
1410 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
, discovery
=True)
1411 params
['wpa_key_mgmt'] = "WPA-EAP FT-EAP"
1412 params
["ieee8021x"] = "1"
1413 params
["pmk_r1_push"] = "0"
1414 params
["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
1415 params
["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
1416 params
["eap_server"] = "0"
1417 params
= dict(list(radius
.items()) + list(params
.items()))
1418 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1420 # The first iteration of the roaming test will use wildcard R0KH discovery
1421 # and RRB sequence number synchronization while the second iteration shows
1422 # the clean RRB exchange where those extra steps are not needed.
1424 hapd
.note("Test iteration %d" % i
)
1425 dev
[0].note("Test iteration %d" % i
)
1427 id = dev
[0].connect(ssid
, key_mgmt
="FT-EAP", eap
="GPSK",
1428 identity
="gpsk user",
1429 password
="abcdefghijklmnop0123456789abcdef",
1432 res
= dev
[0].get_status_field("bssid")
1434 raise Exception("Unexpected BSSID after initial connection: " + res
)
1436 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
1437 dev
[0].set_network(id, "bssid", "00:00:00:00:00:00")
1438 dev
[0].roam(apdev
[1]['bssid'])
1439 res
= dev
[0].get_status_field("bssid")
1440 if res
!= apdev
[1]['bssid']:
1441 raise Exception("Unexpected BSSID after first roam: " + res
)
1443 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
="2412")
1444 dev
[0].roam(apdev
[0]['bssid'])
1445 res
= dev
[0].get_status_field("bssid")
1446 if res
!= apdev
[0]['bssid']:
1447 raise Exception("Unexpected BSSID after second roam: " + res
)
1449 dev
[0].request("REMOVE_NETWORK all")
1450 dev
[0].wait_disconnected()
1451 dev
[0].dump_monitor()
1453 hapd2
.dump_monitor()
1456 def test_ap_ft_mismatching_rrb_key_push(dev
, apdev
):
1457 """WPA2-PSK-FT AP over DS with mismatching RRB key (push)"""
1459 passphrase
= "12345678"
1461 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1462 params
["ieee80211w"] = "2"
1463 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1464 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
1465 params
["ieee80211w"] = "2"
1466 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1468 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1472 def test_ap_ft_mismatching_rrb_key_pull(dev
, apdev
):
1473 """WPA2-PSK-FT AP over DS with mismatching RRB key (pull)"""
1475 passphrase
= "12345678"
1477 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1478 params
["pmk_r1_push"] = "0"
1479 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1480 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
1481 params
["pmk_r1_push"] = "0"
1482 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1484 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1488 def test_ap_ft_mismatching_r0kh_id_pull(dev
, apdev
):
1489 """WPA2-PSK-FT AP over DS with mismatching R0KH-ID (pull)"""
1491 passphrase
= "12345678"
1493 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1494 params
["pmk_r1_push"] = "0"
1495 params
["nas_identifier"] = "nas0.w1.fi"
1496 hostapd
.add_ap(apdev
[0], params
)
1497 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1500 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1501 params
["pmk_r1_push"] = "0"
1502 hostapd
.add_ap(apdev
[1], params
)
1504 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
1505 dev
[0].roam_over_ds(apdev
[1]['bssid'], fail_test
=True)
1508 def test_ap_ft_mismatching_rrb_r0kh_push(dev
, apdev
):
1509 """WPA2-PSK-FT AP over DS with mismatching R0KH key (push)"""
1511 passphrase
= "12345678"
1513 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1514 params
["ieee80211w"] = "2"
1515 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1516 params
= ft_params2_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
1517 params
["ieee80211w"] = "2"
1518 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1520 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1524 def test_ap_ft_mismatching_rrb_r0kh_pull(dev
, apdev
):
1525 """WPA2-PSK-FT AP over DS with mismatching R0KH key (pull)"""
1527 passphrase
= "12345678"
1529 params
= ft_params1_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
1530 params
["pmk_r1_push"] = "0"
1531 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1532 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1533 params
["pmk_r1_push"] = "0"
1534 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1536 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1539 def test_ap_ft_mismatching_rrb_key_push_eap(dev
, apdev
):
1540 """WPA2-EAP-FT AP over DS with mismatching RRB key (push)"""
1542 passphrase
= "12345678"
1544 radius
= hostapd
.radius_params()
1545 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1546 params
["ieee80211w"] = "2"
1547 params
['wpa_key_mgmt'] = "FT-EAP"
1548 params
["ieee8021x"] = "1"
1549 params
= dict(list(radius
.items()) + list(params
.items()))
1550 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1551 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
1552 params
["ieee80211w"] = "2"
1553 params
['wpa_key_mgmt'] = "FT-EAP"
1554 params
["ieee8021x"] = "1"
1555 params
= dict(list(radius
.items()) + list(params
.items()))
1556 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1558 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1559 fail_test
=True, eap
=True)
1561 def test_ap_ft_mismatching_rrb_key_pull_eap(dev
, apdev
):
1562 """WPA2-EAP-FT AP over DS with mismatching RRB key (pull)"""
1564 passphrase
= "12345678"
1566 radius
= hostapd
.radius_params()
1567 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1568 params
["pmk_r1_push"] = "0"
1569 params
['wpa_key_mgmt'] = "FT-EAP"
1570 params
["ieee8021x"] = "1"
1571 params
= dict(list(radius
.items()) + list(params
.items()))
1572 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1573 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
1574 params
["pmk_r1_push"] = "0"
1575 params
['wpa_key_mgmt'] = "FT-EAP"
1576 params
["ieee8021x"] = "1"
1577 params
= dict(list(radius
.items()) + list(params
.items()))
1578 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1580 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1581 fail_test
=True, eap
=True)
1583 def test_ap_ft_mismatching_r0kh_id_pull_eap(dev
, apdev
):
1584 """WPA2-EAP-FT AP over DS with mismatching R0KH-ID (pull)"""
1586 passphrase
= "12345678"
1588 radius
= hostapd
.radius_params()
1589 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1590 params
["pmk_r1_push"] = "0"
1591 params
["nas_identifier"] = "nas0.w1.fi"
1592 params
['wpa_key_mgmt'] = "FT-EAP"
1593 params
["ieee8021x"] = "1"
1594 params
= dict(list(radius
.items()) + list(params
.items()))
1595 hostapd
.add_ap(apdev
[0], params
)
1596 dev
[0].connect(ssid
, key_mgmt
="FT-EAP", proto
="WPA2", ieee80211w
="1",
1597 eap
="GPSK", identity
="gpsk user",
1598 password
="abcdefghijklmnop0123456789abcdef",
1601 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1602 params
["pmk_r1_push"] = "0"
1603 params
['wpa_key_mgmt'] = "FT-EAP"
1604 params
["ieee8021x"] = "1"
1605 params
= dict(list(radius
.items()) + list(params
.items()))
1606 hostapd
.add_ap(apdev
[1], params
)
1608 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
1609 dev
[0].roam_over_ds(apdev
[1]['bssid'], fail_test
=True)
1611 def test_ap_ft_mismatching_rrb_r0kh_push_eap(dev
, apdev
):
1612 """WPA2-EAP-FT AP over DS with mismatching R0KH key (push)"""
1614 passphrase
= "12345678"
1616 radius
= hostapd
.radius_params()
1617 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1618 params
["ieee80211w"] = "2"
1619 params
['wpa_key_mgmt'] = "FT-EAP"
1620 params
["ieee8021x"] = "1"
1621 params
= dict(list(radius
.items()) + list(params
.items()))
1622 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1623 params
= ft_params2_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
1624 params
["ieee80211w"] = "2"
1625 params
['wpa_key_mgmt'] = "FT-EAP"
1626 params
["ieee8021x"] = "1"
1627 params
= dict(list(radius
.items()) + list(params
.items()))
1628 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1630 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1631 fail_test
=True, eap
=True)
1633 def test_ap_ft_mismatching_rrb_r0kh_pull_eap(dev
, apdev
):
1634 """WPA2-EAP-FT AP over DS with mismatching R0KH key (pull)"""
1636 passphrase
= "12345678"
1638 radius
= hostapd
.radius_params()
1639 params
= ft_params1_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
1640 params
["pmk_r1_push"] = "0"
1641 params
['wpa_key_mgmt'] = "FT-EAP"
1642 params
["ieee8021x"] = "1"
1643 params
= dict(list(radius
.items()) + list(params
.items()))
1644 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1645 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1646 params
["pmk_r1_push"] = "0"
1647 params
['wpa_key_mgmt'] = "FT-EAP"
1648 params
["ieee8021x"] = "1"
1649 params
= dict(list(radius
.items()) + list(params
.items()))
1650 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1652 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1653 fail_test
=True, eap
=True)
1655 def test_ap_ft_gtk_rekey(dev
, apdev
):
1656 """WPA2-PSK-FT AP and GTK rekey"""
1658 passphrase
= "12345678"
1660 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1661 params
['wpa_group_rekey'] = '1'
1662 hapd
= hostapd
.add_ap(apdev
[0], params
)
1664 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1665 ieee80211w
="1", scan_freq
="2412")
1667 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
1669 raise Exception("GTK rekey timed out after initial association")
1670 hwsim_utils
.test_connectivity(dev
[0], hapd
)
1672 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1673 params
['wpa_group_rekey'] = '1'
1674 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1676 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
1677 dev
[0].roam(apdev
[1]['bssid'])
1678 if dev
[0].get_status_field('bssid') != apdev
[1]['bssid']:
1679 raise Exception("Did not connect to correct AP")
1680 hwsim_utils
.test_connectivity(dev
[0], hapd1
)
1682 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
1684 raise Exception("GTK rekey timed out after FT protocol")
1685 hwsim_utils
.test_connectivity(dev
[0], hapd1
)
1687 def test_ft_psk_key_lifetime_in_memory(dev
, apdev
, params
):
1688 """WPA2-PSK-FT and key lifetime in memory"""
1690 passphrase
= "04c2726b4b8d5f1b4db9c07aa4d9e9d8f765cb5d25ec817e6cc4fcdd5255db0"
1691 psk
= '93c90846ff67af9037ed83fb72b63dbeddaa81d47f926c20909b5886f1d9358d'
1692 pmk
= binascii
.unhexlify(psk
)
1693 p
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1694 hapd0
= hostapd
.add_ap(apdev
[0], p
)
1695 p
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1696 hapd1
= hostapd
.add_ap(apdev
[1], p
)
1698 pid
= find_wpas_process(dev
[0])
1700 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1702 # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
1703 # event has been delivered, so verify that wpa_supplicant has returned to
1704 # eloop before reading process memory.
1708 buf
= read_process_memory(pid
, pmk
)
1710 dev
[0].request("DISCONNECT")
1711 dev
[0].wait_disconnected()
1718 with
open(os
.path
.join(params
['logdir'], 'log0'), 'r') as f
:
1719 for l
in f
.readlines():
1720 if "FT: PMK-R0 - hexdump" in l
:
1721 val
= l
.strip().split(':')[3].replace(' ', '')
1722 pmkr0
= binascii
.unhexlify(val
)
1723 if "FT: PMK-R1 - hexdump" in l
:
1724 val
= l
.strip().split(':')[3].replace(' ', '')
1725 pmkr1
= binascii
.unhexlify(val
)
1726 if "FT: KCK - hexdump" in l
:
1727 val
= l
.strip().split(':')[3].replace(' ', '')
1728 kck
= binascii
.unhexlify(val
)
1729 if "FT: KEK - hexdump" in l
:
1730 val
= l
.strip().split(':')[3].replace(' ', '')
1731 kek
= binascii
.unhexlify(val
)
1732 if "FT: TK - hexdump" in l
:
1733 val
= l
.strip().split(':')[3].replace(' ', '')
1734 tk
= binascii
.unhexlify(val
)
1735 if "WPA: Group Key - hexdump" in l
:
1736 val
= l
.strip().split(':')[3].replace(' ', '')
1737 gtk
= binascii
.unhexlify(val
)
1738 if not pmkr0
or not pmkr1
or not kck
or not kek
or not tk
or not gtk
:
1739 raise Exception("Could not find keys from debug log")
1741 raise Exception("Unexpected GTK length")
1743 logger
.info("Checking keys in memory while associated")
1744 get_key_locations(buf
, pmk
, "PMK")
1745 get_key_locations(buf
, pmkr0
, "PMK-R0")
1746 get_key_locations(buf
, pmkr1
, "PMK-R1")
1748 raise HwsimSkip("PMK not found while associated")
1749 if pmkr0
not in buf
:
1750 raise HwsimSkip("PMK-R0 not found while associated")
1751 if pmkr1
not in buf
:
1752 raise HwsimSkip("PMK-R1 not found while associated")
1754 raise Exception("KCK not found while associated")
1756 raise Exception("KEK not found while associated")
1758 # raise Exception("TK found from memory")
1760 logger
.info("Checking keys in memory after disassociation")
1761 buf
= read_process_memory(pid
, pmk
)
1762 get_key_locations(buf
, pmk
, "PMK")
1763 get_key_locations(buf
, pmkr0
, "PMK-R0")
1764 get_key_locations(buf
, pmkr1
, "PMK-R1")
1766 # Note: PMK/PSK is still present in network configuration
1768 fname
= os
.path
.join(params
['logdir'],
1769 'ft_psk_key_lifetime_in_memory.memctx-')
1770 verify_not_present(buf
, pmkr0
, fname
, "PMK-R0")
1771 verify_not_present(buf
, pmkr1
, fname
, "PMK-R1")
1772 verify_not_present(buf
, kck
, fname
, "KCK")
1773 verify_not_present(buf
, kek
, fname
, "KEK")
1774 verify_not_present(buf
, tk
, fname
, "TK")
1776 get_key_locations(buf
, gtk
, "GTK")
1777 verify_not_present(buf
, gtk
, fname
, "GTK")
1779 dev
[0].request("REMOVE_NETWORK all")
1781 logger
.info("Checking keys in memory after network profile removal")
1782 buf
= read_process_memory(pid
, pmk
)
1783 get_key_locations(buf
, pmk
, "PMK")
1784 get_key_locations(buf
, pmkr0
, "PMK-R0")
1785 get_key_locations(buf
, pmkr1
, "PMK-R1")
1787 verify_not_present(buf
, pmk
, fname
, "PMK")
1788 verify_not_present(buf
, pmkr0
, fname
, "PMK-R0")
1789 verify_not_present(buf
, pmkr1
, fname
, "PMK-R1")
1790 verify_not_present(buf
, kck
, fname
, "KCK")
1791 verify_not_present(buf
, kek
, fname
, "KEK")
1792 verify_not_present(buf
, tk
, fname
, "TK")
1793 verify_not_present(buf
, gtk
, fname
, "GTK")
1796 def test_ap_ft_invalid_resp(dev
, apdev
):
1797 """WPA2-PSK-FT AP and invalid response IEs"""
1799 passphrase
= "12345678"
1801 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1802 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1803 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1806 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1807 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1810 # Various IEs for test coverage. The last one is FTIE with invalid
1811 # R1KH-ID subelement.
1812 "020002000000" + "3800" + "38051122334455" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010100",
1813 # FTIE with invalid R0KH-ID subelement (len=0).
1814 "020002000000" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010300",
1815 # FTIE with invalid R0KH-ID subelement (len=49).
1816 "020002000000" + "378500010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001033101020304050607080910111213141516171819202122232425262728293031323334353637383940414243444546474849",
1818 "020002000000" + "3000",
1819 # Required IEs missing from protected IE count.
1820 "020002000000" + "3603a1b201" + "375200010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
1821 # RIC missing from protected IE count.
1822 "020002000000" + "3603a1b201" + "375200020203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
1823 # Protected IE missing.
1824 "020002000000" + "3603a1b201" + "375200ff0203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900" + "0000"]
1826 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
1827 hapd1
.set("ext_mgmt_frame_handling", "1")
1828 hapd1
.dump_monitor()
1829 if "OK" not in dev
[0].request("ROAM " + apdev
[1]['bssid']):
1830 raise Exception("ROAM failed")
1833 msg
= hapd1
.mgmt_rx()
1834 if msg
['subtype'] == 11:
1838 raise Exception("Authentication frame not seen")
1841 resp
['fc'] = auth
['fc']
1842 resp
['da'] = auth
['sa']
1843 resp
['sa'] = auth
['da']
1844 resp
['bssid'] = auth
['bssid']
1845 resp
['payload'] = binascii
.unhexlify(t
)
1847 hapd1
.set("ext_mgmt_frame_handling", "0")
1848 dev
[0].wait_disconnected()
1850 dev
[0].request("RECONNECT")
1851 dev
[0].wait_connected()
1853 def test_ap_ft_gcmp_256(dev
, apdev
):
1854 """WPA2-PSK-FT AP with GCMP-256 cipher"""
1855 if "GCMP-256" not in dev
[0].get_capability("pairwise"):
1856 raise HwsimSkip("Cipher GCMP-256 not supported")
1858 passphrase
= "12345678"
1860 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1861 params
['rsn_pairwise'] = "GCMP-256"
1862 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1863 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1864 params
['rsn_pairwise'] = "GCMP-256"
1865 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1867 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
,
1868 pairwise_cipher
="GCMP-256", group_cipher
="GCMP-256")
1870 def setup_ap_ft_oom(dev
, apdev
):
1871 skip_with_fips(dev
[0])
1873 passphrase
= "12345678"
1875 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1876 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1877 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1878 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1880 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1882 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
1883 dst
= apdev
[1]['bssid']
1885 dst
= apdev
[0]['bssid']
1887 dev
[0].scan_for_bss(dst
, freq
="2412")
1891 def test_ap_ft_oom(dev
, apdev
):
1892 """WPA2-PSK-FT and OOM"""
1893 dst
= setup_ap_ft_oom(dev
, apdev
)
1894 with
alloc_fail(dev
[0], 1, "wpa_ft_gen_req_ies"):
1897 def test_ap_ft_oom2(dev
, apdev
):
1898 """WPA2-PSK-FT and OOM (2)"""
1899 dst
= setup_ap_ft_oom(dev
, apdev
)
1900 with
fail_test(dev
[0], 1, "wpa_ft_mic"):
1901 dev
[0].roam(dst
, fail_test
=True, assoc_reject_ok
=True)
1903 def test_ap_ft_oom3(dev
, apdev
):
1904 """WPA2-PSK-FT and OOM (3)"""
1905 dst
= setup_ap_ft_oom(dev
, apdev
)
1906 with
fail_test(dev
[0], 1, "os_get_random;wpa_ft_prepare_auth_request"):
1909 def test_ap_ft_oom4(dev
, apdev
):
1910 """WPA2-PSK-FT and OOM (4)"""
1912 passphrase
= "12345678"
1913 dst
= setup_ap_ft_oom(dev
, apdev
)
1914 dev
[0].request("REMOVE_NETWORK all")
1915 with
alloc_fail(dev
[0], 1, "=sme_update_ft_ies"):
1916 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1919 def test_ap_ft_ap_oom(dev
, apdev
):
1920 """WPA2-PSK-FT and AP OOM"""
1922 passphrase
= "12345678"
1924 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1925 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1926 bssid0
= hapd0
.own_addr()
1928 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1929 with
alloc_fail(hapd0
, 1, "wpa_ft_store_pmk_r0"):
1930 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1933 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1934 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1935 bssid1
= hapd1
.own_addr()
1936 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1937 # This roam will fail due to missing PMK-R0 (OOM prevented storing it)
1940 def test_ap_ft_ap_oom2(dev
, apdev
):
1941 """WPA2-PSK-FT and AP OOM 2"""
1943 passphrase
= "12345678"
1945 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1946 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1947 bssid0
= hapd0
.own_addr()
1949 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1950 with
alloc_fail(hapd0
, 1, "wpa_ft_store_pmk_r1"):
1951 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1954 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1955 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1956 bssid1
= hapd1
.own_addr()
1957 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1959 if dev
[0].get_status_field('bssid') != bssid1
:
1960 raise Exception("Did not roam to AP1")
1961 # This roam will fail due to missing PMK-R1 (OOM prevented storing it)
1964 def test_ap_ft_ap_oom3(dev
, apdev
):
1965 """WPA2-PSK-FT and AP OOM 3"""
1967 passphrase
= "12345678"
1969 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1970 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1971 bssid0
= hapd0
.own_addr()
1973 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1974 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1977 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1978 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1979 bssid1
= hapd1
.own_addr()
1980 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1981 with
alloc_fail(hapd1
, 1, "wpa_ft_pull_pmk_r1"):
1982 # This will fail due to not being able to send out PMK-R1 pull request
1985 with
fail_test(hapd1
, 2, "os_get_random;wpa_ft_pull_pmk_r1"):
1986 # This will fail due to not being able to send out PMK-R1 pull request
1989 with
fail_test(hapd1
, 2, "aes_siv_encrypt;wpa_ft_pull_pmk_r1"):
1990 # This will fail due to not being able to send out PMK-R1 pull request
1993 def test_ap_ft_ap_oom3b(dev
, apdev
):
1994 """WPA2-PSK-FT and AP OOM 3b"""
1996 passphrase
= "12345678"
1998 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1999 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2000 bssid0
= hapd0
.own_addr()
2002 dev
[0].scan_for_bss(bssid0
, freq
="2412")
2003 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2006 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2007 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2008 bssid1
= hapd1
.own_addr()
2009 dev
[0].scan_for_bss(bssid1
, freq
="2412")
2010 with
fail_test(hapd1
, 1, "os_get_random;wpa_ft_pull_pmk_r1"):
2011 # This will fail due to not being able to send out PMK-R1 pull request
2014 def test_ap_ft_ap_oom4(dev
, apdev
):
2015 """WPA2-PSK-FT and AP OOM 4"""
2017 passphrase
= "12345678"
2019 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2020 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2021 bssid0
= hapd0
.own_addr()
2023 dev
[0].scan_for_bss(bssid0
, freq
="2412")
2024 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2027 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2028 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2029 bssid1
= hapd1
.own_addr()
2030 dev
[0].scan_for_bss(bssid1
, freq
="2412")
2031 with
alloc_fail(hapd1
, 1, "wpa_ft_gtk_subelem"):
2033 if dev
[0].get_status_field('bssid') != bssid1
:
2034 raise Exception("Did not roam to AP1")
2036 with
fail_test(hapd0
, 1, "i802_get_seqnum;wpa_ft_gtk_subelem"):
2038 if dev
[0].get_status_field('bssid') != bssid0
:
2039 raise Exception("Did not roam to AP0")
2041 with
fail_test(hapd0
, 1, "aes_wrap;wpa_ft_gtk_subelem"):
2043 if dev
[0].get_status_field('bssid') != bssid1
:
2044 raise Exception("Did not roam to AP1")
2046 def test_ap_ft_ap_oom5(dev
, apdev
):
2047 """WPA2-PSK-FT and AP OOM 5"""
2049 passphrase
= "12345678"
2051 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2052 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2053 bssid0
= hapd0
.own_addr()
2055 dev
[0].scan_for_bss(bssid0
, freq
="2412")
2056 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2059 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2060 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2061 bssid1
= hapd1
.own_addr()
2062 dev
[0].scan_for_bss(bssid1
, freq
="2412")
2063 with
alloc_fail(hapd1
, 1, "=wpa_ft_process_auth_req"):
2064 # This will fail to roam
2067 with
fail_test(hapd1
, 1, "os_get_random;wpa_ft_process_auth_req"):
2068 # This will fail to roam
2071 with
fail_test(hapd1
, 1, "sha256_prf_bits;wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
2072 # This will fail to roam
2075 with
fail_test(hapd1
, 3, "wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
2076 # This will fail to roam
2079 with
fail_test(hapd1
, 1, "wpa_derive_pmk_r1_name;wpa_ft_process_auth_req"):
2080 # This will fail to roam
2083 def test_ap_ft_ap_oom6(dev
, apdev
):
2084 """WPA2-PSK-FT and AP OOM 6"""
2086 passphrase
= "12345678"
2088 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2089 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2090 bssid0
= hapd0
.own_addr()
2092 dev
[0].scan_for_bss(bssid0
, freq
="2412")
2093 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r0;wpa_auth_derive_ptk_ft"):
2094 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2096 dev
[0].request("REMOVE_NETWORK all")
2097 dev
[0].wait_disconnected()
2098 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r1;wpa_auth_derive_ptk_ft"):
2099 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2101 dev
[0].request("REMOVE_NETWORK all")
2102 dev
[0].wait_disconnected()
2103 with
fail_test(hapd0
, 1, "wpa_pmk_r1_to_ptk;wpa_auth_derive_ptk_ft"):
2104 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2107 def test_ap_ft_ap_oom7a(dev
, apdev
):
2108 """WPA2-PSK-FT and AP OOM 7a"""
2110 passphrase
= "12345678"
2112 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2113 params
["ieee80211w"] = "2"
2114 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2115 bssid0
= hapd0
.own_addr()
2117 dev
[0].scan_for_bss(bssid0
, freq
="2412")
2118 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2119 ieee80211w
="2", scan_freq
="2412")
2121 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2122 params
["ieee80211w"] = "2"
2123 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2124 bssid1
= hapd1
.own_addr()
2125 dev
[0].scan_for_bss(bssid1
, freq
="2412")
2126 with
alloc_fail(hapd1
, 1, "wpa_ft_igtk_subelem"):
2127 # This will fail to roam
2130 def test_ap_ft_ap_oom7b(dev
, apdev
):
2131 """WPA2-PSK-FT and AP OOM 7b"""
2133 passphrase
= "12345678"
2135 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2136 params
["ieee80211w"] = "2"
2137 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2138 bssid0
= hapd0
.own_addr()
2140 dev
[0].scan_for_bss(bssid0
, freq
="2412")
2141 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2142 ieee80211w
="2", scan_freq
="2412")
2144 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2145 params
["ieee80211w"] = "2"
2146 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2147 bssid1
= hapd1
.own_addr()
2148 dev
[0].scan_for_bss(bssid1
, freq
="2412")
2149 with
fail_test(hapd1
, 1, "aes_wrap;wpa_ft_igtk_subelem"):
2150 # This will fail to roam
2153 def test_ap_ft_ap_oom7c(dev
, apdev
):
2154 """WPA2-PSK-FT and AP OOM 7c"""
2156 passphrase
= "12345678"
2158 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2159 params
["ieee80211w"] = "2"
2160 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2161 bssid0
= hapd0
.own_addr()
2163 dev
[0].scan_for_bss(bssid0
, freq
="2412")
2164 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2165 ieee80211w
="2", scan_freq
="2412")
2167 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2168 params
["ieee80211w"] = "2"
2169 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2170 bssid1
= hapd1
.own_addr()
2171 dev
[0].scan_for_bss(bssid1
, freq
="2412")
2172 with
alloc_fail(hapd1
, 1, "=wpa_sm_write_assoc_resp_ies"):
2173 # This will fail to roam
2176 def test_ap_ft_ap_oom7d(dev
, apdev
):
2177 """WPA2-PSK-FT and AP OOM 7d"""
2179 passphrase
= "12345678"
2181 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2182 params
["ieee80211w"] = "2"
2183 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2184 bssid0
= hapd0
.own_addr()
2186 dev
[0].scan_for_bss(bssid0
, freq
="2412")
2187 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2188 ieee80211w
="2", scan_freq
="2412")
2190 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2191 params
["ieee80211w"] = "2"
2192 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2193 bssid1
= hapd1
.own_addr()
2194 dev
[0].scan_for_bss(bssid1
, freq
="2412")
2195 with
fail_test(hapd1
, 1, "wpa_ft_mic;wpa_sm_write_assoc_resp_ies"):
2196 # This will fail to roam
2199 def test_ap_ft_ap_oom8(dev
, apdev
):
2200 """WPA2-PSK-FT and AP OOM 8"""
2202 passphrase
= "12345678"
2204 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2205 params
['ft_psk_generate_local'] = "1"
2206 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2207 bssid0
= hapd0
.own_addr()
2209 dev
[0].scan_for_bss(bssid0
, freq
="2412")
2210 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2213 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2214 params
['ft_psk_generate_local'] = "1"
2215 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2216 bssid1
= hapd1
.own_addr()
2217 dev
[0].scan_for_bss(bssid1
, freq
="2412")
2218 with
fail_test(hapd1
, 1, "wpa_derive_pmk_r0;wpa_ft_psk_pmk_r1"):
2219 # This will fail to roam
2221 with
fail_test(hapd1
, 1, "wpa_derive_pmk_r1;wpa_ft_psk_pmk_r1"):
2222 # This will fail to roam
2225 def test_ap_ft_ap_oom9(dev
, apdev
):
2226 """WPA2-PSK-FT and AP OOM 9"""
2228 passphrase
= "12345678"
2230 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2231 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2232 bssid0
= hapd0
.own_addr()
2234 dev
[0].scan_for_bss(bssid0
, freq
="2412")
2235 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2238 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2239 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2240 bssid1
= hapd1
.own_addr()
2241 dev
[0].scan_for_bss(bssid1
, freq
="2412")
2243 with
alloc_fail(hapd0
, 1, "wpa_ft_action_rx"):
2244 # This will fail to roam
2245 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
2246 raise Exception("FT_DS failed")
2247 wait_fail_trigger(hapd0
, "GET_ALLOC_FAIL")
2249 with
alloc_fail(hapd1
, 1, "wpa_ft_rrb_rx_request"):
2250 # This will fail to roam
2251 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
2252 raise Exception("FT_DS failed")
2253 wait_fail_trigger(hapd1
, "GET_ALLOC_FAIL")
2255 with
alloc_fail(hapd1
, 1, "wpa_ft_send_rrb_auth_resp"):
2256 # This will fail to roam
2257 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
2258 raise Exception("FT_DS failed")
2259 wait_fail_trigger(hapd1
, "GET_ALLOC_FAIL")
2261 def test_ap_ft_ap_oom10(dev
, apdev
):
2262 """WPA2-PSK-FT and AP OOM 10"""
2264 passphrase
= "12345678"
2266 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2267 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2268 bssid0
= hapd0
.own_addr()
2270 dev
[0].scan_for_bss(bssid0
, freq
="2412")
2271 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2274 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2275 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2276 bssid1
= hapd1
.own_addr()
2277 dev
[0].scan_for_bss(bssid1
, freq
="2412")
2279 with
fail_test(hapd0
, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_pull"):
2280 # This will fail to roam
2281 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
2282 raise Exception("FT_DS failed")
2283 wait_fail_trigger(hapd0
, "GET_FAIL")
2285 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r1;wpa_ft_rrb_rx_pull"):
2286 # This will fail to roam
2287 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
2288 raise Exception("FT_DS failed")
2289 wait_fail_trigger(hapd0
, "GET_FAIL")
2291 with
fail_test(hapd0
, 1, "aes_siv_encrypt;wpa_ft_rrb_rx_pull"):
2292 # This will fail to roam
2293 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
2294 raise Exception("FT_DS failed")
2295 wait_fail_trigger(hapd0
, "GET_FAIL")
2297 with
fail_test(hapd1
, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_resp"):
2298 # This will fail to roam
2299 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
2300 raise Exception("FT_DS failed")
2301 wait_fail_trigger(hapd1
, "GET_FAIL")
2303 def test_ap_ft_ap_oom11(dev
, apdev
):
2304 """WPA2-PSK-FT and AP OOM 11"""
2306 passphrase
= "12345678"
2308 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2309 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2310 bssid0
= hapd0
.own_addr()
2312 dev
[0].scan_for_bss(bssid0
, freq
="2412")
2313 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r1;wpa_ft_generate_pmk_r1"):
2314 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2316 wait_fail_trigger(hapd0
, "GET_FAIL")
2318 dev
[1].scan_for_bss(bssid0
, freq
="2412")
2319 with
fail_test(hapd0
, 1, "aes_siv_encrypt;wpa_ft_generate_pmk_r1"):
2320 dev
[1].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2322 wait_fail_trigger(hapd0
, "GET_FAIL")
2324 def test_ap_ft_over_ds_proto_ap(dev
, apdev
):
2325 """WPA2-PSK-FT AP over DS protocol testing for AP processing"""
2327 passphrase
= "12345678"
2329 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2330 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2331 bssid0
= hapd0
.own_addr()
2332 _bssid0
= bssid0
.replace(':', '')
2333 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2335 addr
= dev
[0].own_addr()
2336 _addr
= addr
.replace(':', '')
2338 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2339 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2340 bssid1
= hapd1
.own_addr()
2341 _bssid1
= bssid1
.replace(':', '')
2343 hapd0
.set("ext_mgmt_frame_handling", "1")
2344 hdr
= "d0003a01" + _bssid0
+ _addr
+ _bssid0
+ "1000"
2345 valid
= "0601" + _addr
+ _bssid1
2348 "0601" + _addr
+ _bssid0
,
2349 "0601" + _addr
+ "ffffffffffff",
2350 "0601" + _bssid0
+ _bssid0
,
2355 valid
+ "3603ffffff",
2356 valid
+ "3603a1b2ff",
2357 valid
+ "3603a1b2ff" + "3700",
2358 valid
+ "3603a1b2ff" + "37520000" + 16*"00" + 32*"00" + 32*"00",
2359 valid
+ "3603a1b2ff" + "37520001" + 16*"00" + 32*"00" + 32*"00",
2360 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa",
2361 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "3000",
2362 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000facff00000100a225368fe0983b5828a37a0acb37f253",
2363 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac030100000fac0400000100a225368fe0983b5828a37a0acb37f253",
2364 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000fac0400000100a225368fe0983b5828a37a0acb37f253",
2367 hapd0
.dump_monitor()
2368 if "OK" not in hapd0
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr
+ t
):
2369 raise Exception("MGMT_RX_PROCESS failed")
2371 hapd0
.set("ext_mgmt_frame_handling", "0")
2373 def test_ap_ft_over_ds_proto(dev
, apdev
):
2374 """WPA2-PSK-FT AP over DS protocol testing"""
2376 passphrase
= "12345678"
2378 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2379 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2380 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2383 # FT Action Response while no FT-over-DS in progress
2386 msg
['da'] = dev
[0].own_addr()
2387 msg
['sa'] = apdev
[0]['bssid']
2388 msg
['bssid'] = apdev
[0]['bssid']
2389 msg
['payload'] = binascii
.unhexlify("06020200000000000200000004000000")
2392 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2393 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2394 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
2395 hapd0
.set("ext_mgmt_frame_handling", "1")
2396 hapd0
.dump_monitor()
2397 dev
[0].request("FT_DS " + apdev
[1]['bssid'])
2398 for i
in range(0, 10):
2399 req
= hapd0
.mgmt_rx()
2401 raise Exception("MGMT RX wait timed out")
2402 if req
['subtype'] == 13:
2406 raise Exception("FT Action frame not received")
2408 # FT Action Response for unexpected Target AP
2409 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "f20000000400" + "0000")
2412 # FT Action Response without MDIE
2413 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "020000000400" + "0000")
2416 # FT Action Response without FTIE
2417 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201")
2420 # FT Action Response with FTIE SNonce mismatch
2421 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201" + "3766000000000000000000000000000000000000c4e67ac1999bebd00ff4ae4d5dcaf87896bb060b469f7c78d49623fb395c3455ffffff6b693fe6f8d8c5dfac0a22344750775bd09437f98b238c9f87b97f790c0106000102030406030a6e6173312e77312e6669")
2425 def test_ap_ft_rrb(dev
, apdev
):
2426 """WPA2-PSK-FT RRB protocol testing"""
2428 passphrase
= "12345678"
2430 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2431 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2433 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2436 _dst_ll
= binascii
.unhexlify(apdev
[0]['bssid'].replace(':', ''))
2437 _src_ll
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
2439 ehdr
= _dst_ll
+ _src_ll
+ proto
2441 # Too short RRB frame
2442 pkt
= ehdr
+ b
'\x01'
2443 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2444 raise Exception("DATA_TEST_FRAME failed")
2446 # RRB discarded frame wikth unrecognized type
2447 pkt
= ehdr
+ b
'\x02' + b
'\x02' + b
'\x01\x00' + _src_ll
2448 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2449 raise Exception("DATA_TEST_FRAME failed")
2451 # RRB frame too short for action frame
2452 pkt
= ehdr
+ b
'\x01' + b
'\x02' + b
'\x01\x00' + _src_ll
2453 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2454 raise Exception("DATA_TEST_FRAME failed")
2456 # Too short RRB frame (not enough room for Action Frame body)
2457 pkt
= ehdr
+ b
'\x01' + b
'\x02' + b
'\x00\x00' + _src_ll
2458 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2459 raise Exception("DATA_TEST_FRAME failed")
2461 # Unexpected Action frame category
2462 pkt
= ehdr
+ b
'\x01' + b
'\x02' + b
'\x0e\x00' + _src_ll
+ b
'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2463 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2464 raise Exception("DATA_TEST_FRAME failed")
2466 # Unexpected Action in RRB Request
2467 pkt
= ehdr
+ b
'\x01' + b
'\x00' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2468 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2469 raise Exception("DATA_TEST_FRAME failed")
2471 # Target AP address in RRB Request does not match with own address
2472 pkt
= ehdr
+ b
'\x01' + b
'\x00' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2473 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2474 raise Exception("DATA_TEST_FRAME failed")
2476 # Not enough room for status code in RRB Response
2477 pkt
= ehdr
+ b
'\x01' + b
'\x01' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2478 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2479 raise Exception("DATA_TEST_FRAME failed")
2481 # RRB discarded frame with unknown packet_type
2482 pkt
= ehdr
+ b
'\x01' + b
'\x02' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2483 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2484 raise Exception("DATA_TEST_FRAME failed")
2486 # RRB Response with non-zero status code; no STA match
2487 pkt
= ehdr
+ b
'\x01' + b
'\x01' + b
'\x10\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + b
'\xff\xff'
2488 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2489 raise Exception("DATA_TEST_FRAME failed")
2491 # RRB Response with zero status code and extra data; STA match
2492 pkt
= ehdr
+ b
'\x01' + b
'\x01' + b
'\x11\x00' + _src_ll
+ b
'\x06\x01' + _src_ll
+ b
'\x00\x00\x00\x00\x00\x00' + b
'\x00\x00' + b
'\x00'
2493 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2494 raise Exception("DATA_TEST_FRAME failed")
2496 # Too short PMK-R1 pull
2497 pkt
= ehdr
+ b
'\x01' + b
'\xc8' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2498 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2499 raise Exception("DATA_TEST_FRAME failed")
2501 # Too short PMK-R1 resp
2502 pkt
= ehdr
+ b
'\x01' + b
'\xc9' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2503 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2504 raise Exception("DATA_TEST_FRAME failed")
2506 # Too short PMK-R1 push
2507 pkt
= ehdr
+ b
'\x01' + b
'\xca' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2508 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2509 raise Exception("DATA_TEST_FRAME failed")
2511 # No matching R0KH address found for PMK-R0 pull response
2512 pkt
= ehdr
+ b
'\x01' + b
'\xc9' + b
'\x5a\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + 76 * b
'\00'
2513 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2514 raise Exception("DATA_TEST_FRAME failed")
2517 def test_rsn_ie_proto_ft_psk_sta(dev
, apdev
):
2518 """RSN element protocol testing for FT-PSK + PMF cases on STA side"""
2519 bssid
= apdev
[0]['bssid']
2521 passphrase
= "12345678"
2523 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2524 params
["ieee80211w"] = "1"
2525 # This is the RSN element used normally by hostapd
2526 params
['own_ie_override'] = '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'
2527 hapd
= hostapd
.add_ap(apdev
[0], params
)
2528 id = dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2529 ieee80211w
="1", scan_freq
="2412",
2530 pairwise
="CCMP", group
="CCMP")
2532 tests
= [('PMKIDCount field included',
2533 '30160100000fac040100000fac040100000fac048c000000' + '3603a1b201'),
2534 ('Extra IE before RSNE',
2535 'dd0400000000' + '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'),
2536 ('PMKIDCount and Group Management Cipher suite fields included',
2537 '301a0100000fac040100000fac040100000fac048c000000000fac06' + '3603a1b201'),
2538 ('Extra octet after defined fields (future extensibility)',
2539 '301b0100000fac040100000fac040100000fac048c000000000fac0600' + '3603a1b201'),
2540 ('No RSN Capabilities field (PMF disabled in practice)',
2541 '30120100000fac040100000fac040100000fac04' + '3603a1b201')]
2542 for txt
, ie
in tests
:
2543 dev
[0].request("DISCONNECT")
2544 dev
[0].wait_disconnected()
2547 hapd
.set('own_ie_override', ie
)
2549 dev
[0].request("BSS_FLUSH 0")
2550 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
2551 dev
[0].select_network(id, freq
=2412)
2552 dev
[0].wait_connected()
2554 dev
[0].request("DISCONNECT")
2555 dev
[0].wait_disconnected()
2557 logger
.info('Invalid RSNE causing internal hostapd error')
2559 hapd
.set('own_ie_override', '30130100000fac040100000fac040100000fac048c' + '3603a1b201')
2561 dev
[0].request("BSS_FLUSH 0")
2562 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
2563 dev
[0].select_network(id, freq
=2412)
2564 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
2566 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=1)
2568 raise Exception("Unexpected connection")
2569 dev
[0].request("DISCONNECT")
2571 def start_ft(apdev
, wpa_ptk_rekey
=None):
2573 passphrase
= "12345678"
2575 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2577 params
['wpa_ptk_rekey'] = str(wpa_ptk_rekey
)
2578 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2579 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2581 params
['wpa_ptk_rekey'] = str(wpa_ptk_rekey
)
2582 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2586 def check_ptk_rekey(dev
, hapd0
=None, hapd1
=None):
2587 ev
= dev
.wait_event(["CTRL-EVENT-DISCONNECTED",
2588 "WPA: Key negotiation completed"], timeout
=5)
2590 raise Exception("No event received after roam")
2591 if "CTRL-EVENT-DISCONNECTED" in ev
:
2592 raise Exception("Unexpected disconnection after roam")
2594 if not hapd0
or not hapd1
:
2596 if dev
.get_status_field('bssid') == hapd0
.own_addr():
2601 hwsim_utils
.test_connectivity(dev
, hapd
)
2603 def test_ap_ft_ptk_rekey(dev
, apdev
):
2604 """WPA2-PSK-FT PTK rekeying triggered by station after roam"""
2605 hapd0
, hapd1
= start_ft(apdev
)
2606 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", ptk_rekey
="1")
2607 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
2609 def test_ap_ft_ptk_rekey2(dev
, apdev
):
2610 """WPA2-PSK-FT PTK rekeying triggered by station after one roam"""
2611 hapd0
, hapd1
= start_ft(apdev
)
2612 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", ptk_rekey
="1",
2614 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
2616 def test_ap_ft_ptk_rekey_ap(dev
, apdev
):
2617 """WPA2-PSK-FT PTK rekeying triggered by AP after roam"""
2618 hapd0
, hapd1
= start_ft(apdev
, wpa_ptk_rekey
=2)
2619 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678")
2620 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
2622 def test_ap_ft_ptk_rekey_ap2(dev
, apdev
):
2623 """WPA2-PSK-FT PTK rekeying triggered by AP after one roam"""
2624 hapd0
, hapd1
= start_ft(apdev
, wpa_ptk_rekey
=2)
2625 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678",
2627 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
2629 def test_ap_ft_eap_ptk_rekey_ap(dev
, apdev
):
2630 """WPA2-EAP-FT PTK rekeying triggered by AP"""
2631 generic_ap_ft_eap(dev
, apdev
, only_one_way
=True, wpa_ptk_rekey
=2)
2632 check_ptk_rekey(dev
[0])
2634 def test_ap_ft_internal_rrb_check(dev
, apdev
):
2635 """RRB internal delivery only to WPA enabled BSS"""
2637 passphrase
= "12345678"
2639 radius
= hostapd
.radius_params()
2640 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2641 params
['wpa_key_mgmt'] = "FT-EAP"
2642 params
["ieee8021x"] = "1"
2643 params
= dict(list(radius
.items()) + list(params
.items()))
2644 hapd
= hostapd
.add_ap(apdev
[0], params
)
2645 key_mgmt
= hapd
.get_config()['key_mgmt']
2646 if key_mgmt
.split(' ')[0] != "FT-EAP":
2647 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
2649 hapd1
= hostapd
.add_ap(apdev
[1], {"ssid": ssid
})
2651 # Connect to WPA enabled AP
2652 dev
[0].connect(ssid
, key_mgmt
="FT-EAP", proto
="WPA2", ieee80211w
="1",
2653 eap
="GPSK", identity
="gpsk user",
2654 password
="abcdefghijklmnop0123456789abcdef",
2657 # Try over_ds roaming to non-WPA-enabled AP.
2658 # If hostapd does not check hapd->wpa_auth internally, it will crash now.
2659 dev
[0].roam_over_ds(apdev
[1]['bssid'], fail_test
=True)
2661 def test_ap_ft_extra_ie(dev
, apdev
):
2662 """WPA2-PSK-FT AP with WPA2-PSK enabled and unexpected MDE"""
2664 passphrase
= "12345678"
2666 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2667 params
["wpa_key_mgmt"] = "WPA-PSK FT-PSK"
2668 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2669 dev
[1].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2671 dev
[2].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK", proto
="WPA2",
2674 # Add Mobility Domain element to test AP validation code.
2675 dev
[0].request("VENDOR_ELEM_ADD 13 3603a1b201")
2676 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK", proto
="WPA2",
2677 scan_freq
="2412", wait_connect
=False)
2678 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED",
2679 "CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
2681 raise Exception("No connection result")
2682 if "CTRL-EVENT-CONNECTED" in ev
:
2683 raise Exception("Non-FT association accepted with MDE")
2684 if "status_code=43" not in ev
:
2685 raise Exception("Unexpected status code: " + ev
)
2686 dev
[0].request("DISCONNECT")
2688 dev
[0].request("VENDOR_ELEM_REMOVE 13 *")
2690 def test_ap_ft_ric(dev
, apdev
):
2691 """WPA2-PSK-FT AP and RIC"""
2693 passphrase
= "12345678"
2695 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2696 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2697 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2698 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2700 dev
[0].set("ric_ies", "")
2701 dev
[0].set("ric_ies", '""')
2702 if "FAIL" not in dev
[0].request("SET ric_ies q"):
2703 raise Exception("Invalid ric_ies value accepted")
2708 "390400000000" + "390400000000",
2709 "390400000000" + "dd050050f20202",
2710 "390400000000" + "dd3d0050f2020201" + 55*"00",
2711 "390400000000" + "dd3d0050f2020201aa300010270000000000000000000000000000000000000000000000000000ffffff7f00000000000000000000000040420f00ffff0000",
2712 "390401010000" + "dd3d0050f2020201aa3000dc050000000000000000000000000000000000000000000000000000dc050000000000000000000000000000808d5b0028230000"]
2714 dev
[0].set("ric_ies", t
)
2715 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
,
2716 test_connectivity
=False)
2717 dev
[0].request("REMOVE_NETWORK all")
2718 dev
[0].wait_disconnected()
2719 dev
[0].dump_monitor()
2721 def ie_hex(ies
, id):
2722 return binascii
.hexlify(struct
.pack('BB', id, len(ies
[id])) + ies
[id]).decode()
2724 def test_ap_ft_reassoc_proto(dev
, apdev
):
2725 """WPA2-PSK-FT AP Reassociation Request frame parsing"""
2727 passphrase
= "12345678"
2729 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2730 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2731 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2732 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2734 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2735 ieee80211w
="1", scan_freq
="2412")
2736 if dev
[0].get_status_field('bssid') == hapd0
.own_addr():
2743 dev
[0].scan_for_bss(hapd2ap
.own_addr(), freq
="2412")
2744 hapd2ap
.set("ext_mgmt_frame_handling", "1")
2745 dev
[0].request("ROAM " + hapd2ap
.own_addr())
2748 req
= hapd2ap
.mgmt_rx()
2749 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']).decode())
2750 if req
['subtype'] == 11:
2754 req
= hapd2ap
.mgmt_rx()
2755 if req
['subtype'] == 2:
2757 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']).decode())
2759 # IEEE 802.11 header + fixed fields before IEs
2760 hdr
= binascii
.hexlify(req
['frame'][0:34]).decode()
2761 ies
= parse_ie(binascii
.hexlify(req
['frame'][34:]))
2762 # First elements: SSID, Supported Rates, Extended Supported Rates
2763 ies1
= ie_hex(ies
, 0) + ie_hex(ies
, 1) + ie_hex(ies
, 50)
2765 rsne
= ie_hex(ies
, 48)
2766 mde
= ie_hex(ies
, 54)
2767 fte
= ie_hex(ies
, 55)
2769 # RSN: Trying to use FT, but MDIE not included
2771 # RSN: Attempted to use unknown MDIE
2772 tests
+= [rsne
+ "3603000000"]
2773 # Invalid RSN pairwise cipher
2774 tests
+= ["30260100000fac040100000fac030100000fac040000010029208a42cd25c85aa571567dce10dae3"]
2775 # FT: No PMKID in RSNIE
2776 tests
+= ["30160100000fac040100000fac040100000fac0400000000" + ie_hex(ies
, 54)]
2778 tests
+= [rsne
+ mde
]
2779 # FT: RIC IE(s) in the frame, but not included in protected IE count
2780 # FT: Failed to parse FT IEs
2781 tests
+= [rsne
+ mde
+ fte
+ "3900"]
2782 # FT: SNonce mismatch in FTIE
2783 tests
+= [rsne
+ mde
+ "37520000" + 16*"00" + 32*"00" + 32*"00"]
2784 # FT: ANonce mismatch in FTIE
2785 tests
+= [rsne
+ mde
+ fte
[0:40] + 32*"00" + fte
[104:]]
2786 # FT: No R0KH-ID subelem in FTIE
2787 tests
+= [rsne
+ mde
+ "3752" + fte
[4:168]]
2788 # FT: R0KH-ID in FTIE did not match with the current R0KH-ID
2789 tests
+= [rsne
+ mde
+ "3755" + fte
[4:168] + "0301ff"]
2790 # FT: No R1KH-ID subelem in FTIE
2791 tests
+= [rsne
+ mde
+ "375e" + fte
[4:168] + "030a" + binascii
.hexlify(b
"nas1.w1.fi").decode()]
2792 # FT: Unknown R1KH-ID used in ReassocReq
2793 tests
+= [rsne
+ mde
+ "3766" + fte
[4:168] + "030a" + binascii
.hexlify(b
"nas1.w1.fi").decode() + "0106000000000000"]
2794 # FT: PMKID in Reassoc Req did not match with the PMKR1Name derived from auth request
2795 tests
+= [rsne
[:-32] + 16*"00" + mde
+ fte
]
2796 # Invalid MIC in FTIE
2797 tests
+= [rsne
+ mde
+ fte
[0:8] + 16*"00" + fte
[40:]]
2799 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr
+ ies1
+ t
)
2801 def test_ap_ft_reassoc_local_fail(dev
, apdev
):
2802 """WPA2-PSK-FT AP Reassociation Request frame and local failure"""
2804 passphrase
= "12345678"
2806 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2807 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2808 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2809 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2811 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2812 ieee80211w
="1", scan_freq
="2412")
2813 if dev
[0].get_status_field('bssid') == hapd0
.own_addr():
2820 dev
[0].scan_for_bss(hapd2ap
.own_addr(), freq
="2412")
2821 # FT: Failed to calculate MIC
2822 with
fail_test(hapd2ap
, 1, "wpa_ft_validate_reassoc"):
2823 dev
[0].request("ROAM " + hapd2ap
.own_addr())
2824 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
2825 dev
[0].request("DISCONNECT")
2827 raise Exception("Association reject not seen")
2829 def test_ap_ft_reassoc_replay(dev
, apdev
, params
):
2830 """WPA2-PSK-FT AP and replayed Reassociation Request frame"""
2831 capfile
= os
.path
.join(params
['logdir'], "hwsim0.pcapng")
2833 passphrase
= "12345678"
2835 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2836 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2837 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2838 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2840 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2842 if dev
[0].get_status_field('bssid') == hapd0
.own_addr():
2849 dev
[0].scan_for_bss(hapd2ap
.own_addr(), freq
="2412")
2850 hapd2ap
.set("ext_mgmt_frame_handling", "1")
2851 dev
[0].dump_monitor()
2852 if "OK" not in dev
[0].request("ROAM " + hapd2ap
.own_addr()):
2853 raise Exception("ROAM failed")
2858 req
= hapd2ap
.mgmt_rx()
2860 hapd2ap
.dump_monitor()
2861 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']).decode())
2862 if req
['subtype'] == 2:
2864 ev
= hapd2ap
.wait_event(["MGMT-TX-STATUS"], timeout
=5)
2866 raise Exception("No TX status seen")
2867 cmd
= "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev
.split(' ')[1:4]))
2868 if "OK" not in hapd2ap
.request(cmd
):
2869 raise Exception("MGMT_TX_STATUS_PROCESS failed")
2871 hapd2ap
.set("ext_mgmt_frame_handling", "0")
2872 if reassocreq
is None:
2873 raise Exception("No Reassociation Request frame seen")
2874 dev
[0].wait_connected()
2875 dev
[0].dump_monitor()
2876 hapd2ap
.dump_monitor()
2878 hwsim_utils
.test_connectivity(dev
[0], hapd2ap
)
2880 logger
.info("Replay the last Reassociation Request frame")
2881 hapd2ap
.dump_monitor()
2882 hapd2ap
.set("ext_mgmt_frame_handling", "1")
2883 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']).decode())
2884 ev
= hapd2ap
.wait_event(["MGMT-TX-STATUS"], timeout
=5)
2886 raise Exception("No TX status seen")
2887 cmd
= "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev
.split(' ')[1:4]))
2888 if "OK" not in hapd2ap
.request(cmd
):
2889 raise Exception("MGMT_TX_STATUS_PROCESS failed")
2890 hapd2ap
.set("ext_mgmt_frame_handling", "0")
2893 hwsim_utils
.test_connectivity(dev
[0], hapd2ap
)
2898 ap
= hapd2ap
.own_addr()
2899 sta
= dev
[0].own_addr()
2900 filt
= "wlan.fc.type == 2 && " + \
2901 "wlan.da == " + sta
+ " && " + \
2902 "wlan.sa == " + ap
+ " && " + \
2903 "wlan.fc.protected == 1"
2904 fields
= ["wlan.ccmp.extiv"]
2905 res
= run_tshark(capfile
, filt
, fields
)
2906 vals
= res
.splitlines()
2907 logger
.info("CCMP PN: " + str(vals
))
2909 raise Exception("Could not find all CCMP protected frames from capture")
2910 if len(set(vals
)) < len(vals
):
2911 raise Exception("Duplicate CCMP PN used")
2914 raise Exception("The second hwsim connectivity test failed")
2916 def test_ap_ft_psk_file(dev
, apdev
):
2917 """WPA2-PSK-FT AP with PSK from a file"""
2919 passphrase
= "12345678"
2921 params
= ft_params1a(ssid
=ssid
, passphrase
=passphrase
)
2922 params
['wpa_psk_file'] = 'hostapd.wpa_psk'
2923 hapd
= hostapd
.add_ap(apdev
[0], params
)
2925 dev
[1].connect(ssid
, psk
="very secret",
2926 key_mgmt
="FT-PSK", proto
="WPA2", ieee80211w
="1",
2927 scan_freq
="2412", wait_connect
=False)
2928 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2929 ieee80211w
="1", scan_freq
="2412")
2930 dev
[0].request("REMOVE_NETWORK all")
2931 dev
[0].wait_disconnected()
2932 dev
[0].connect(ssid
, psk
="very secret", key_mgmt
="FT-PSK", proto
="WPA2",
2933 ieee80211w
="1", scan_freq
="2412")
2934 dev
[0].request("REMOVE_NETWORK all")
2935 dev
[0].wait_disconnected()
2936 dev
[0].connect(ssid
, psk
="secret passphrase",
2937 key_mgmt
="FT-PSK", proto
="WPA2", ieee80211w
="1",
2939 dev
[2].connect(ssid
, psk
="another passphrase for all STAs",
2940 key_mgmt
="FT-PSK", proto
="WPA2", ieee80211w
="1",
2942 ev
= dev
[1].wait_event(["WPA: 4-Way Handshake failed"], timeout
=10)
2944 raise Exception("Timed out while waiting for failure report")
2945 dev
[1].request("REMOVE_NETWORK all")
2947 def test_ap_ft_eap_ap_config_change(dev
, apdev
):
2948 """WPA2-EAP-FT AP changing from 802.1X-only to FT-only"""
2950 passphrase
= "12345678"
2951 bssid
= apdev
[0]['bssid']
2953 radius
= hostapd
.radius_params()
2954 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
, discovery
=True)
2955 params
['wpa_key_mgmt'] = "WPA-EAP"
2956 params
["ieee8021x"] = "1"
2957 params
["pmk_r1_push"] = "0"
2958 params
["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
2959 params
["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
2960 params
["eap_server"] = "0"
2961 params
= dict(list(radius
.items()) + list(params
.items()))
2962 hapd
= hostapd
.add_ap(apdev
[0], params
)
2964 dev
[0].connect(ssid
, key_mgmt
="FT-EAP WPA-EAP", proto
="WPA2",
2965 eap
="GPSK", identity
="gpsk user",
2966 password
="abcdefghijklmnop0123456789abcdef",
2968 dev
[0].request("DISCONNECT")
2969 dev
[0].wait_disconnected()
2970 dev
[0].dump_monitor()
2973 hapd
.set('wpa_key_mgmt', "FT-EAP")
2976 dev
[0].request("BSS_FLUSH 0")
2977 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
2979 dev
[0].request("RECONNECT")
2980 dev
[0].wait_connected()
2982 def test_ap_ft_eap_sha384(dev
, apdev
):
2983 """WPA2-EAP-FT with SHA384"""
2985 passphrase
= "12345678"
2987 radius
= hostapd
.radius_params()
2988 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2989 params
["ieee80211w"] = "2"
2990 params
['wpa_key_mgmt'] = "FT-EAP-SHA384"
2991 params
["ieee8021x"] = "1"
2992 params
= dict(list(radius
.items()) + list(params
.items()))
2993 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2994 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2995 params
["ieee80211w"] = "2"
2996 params
['wpa_key_mgmt'] = "FT-EAP-SHA384"
2997 params
["ieee8021x"] = "1"
2998 params
= dict(list(radius
.items()) + list(params
.items()))
2999 hapd1
= hostapd
.add_ap(apdev
[1], params
)
3001 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, eap
=True,
3004 def test_ap_ft_eap_sha384_reassoc(dev
, apdev
):
3005 """WPA2-EAP-FT with SHA384 using REASSOCIATE"""
3006 check_suite_b_192_capa(dev
)
3008 passphrase
= "12345678"
3010 radius
= hostapd
.radius_params()
3011 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
3012 params
["ieee80211w"] = "2"
3013 params
['wpa_key_mgmt'] = "WPA-EAP-SUITE-B-192 FT-EAP-SHA384"
3014 params
["ieee8021x"] = "1"
3015 params
= dict(list(radius
.items()) + list(params
.items()))
3016 hapd0
= hostapd
.add_ap(apdev
[0], params
)
3017 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
3018 params
["ieee80211w"] = "2"
3019 params
['wpa_key_mgmt'] = "WPA-EAP-SUITE-B-192 FT-EAP-SHA384"
3020 params
["ieee8021x"] = "1"
3021 params
= dict(list(radius
.items()) + list(params
.items()))
3022 hapd1
= hostapd
.add_ap(apdev
[1], params
)
3024 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, eap
=True,
3025 sha384
=True, also_non_ft
=True, roam_with_reassoc
=True)
3027 def test_ap_ft_eap_sha384_over_ds(dev
, apdev
):
3028 """WPA2-EAP-FT with SHA384 over DS"""
3030 passphrase
= "12345678"
3032 radius
= hostapd
.radius_params()
3033 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
3034 params
["ieee80211w"] = "2"
3035 params
['wpa_key_mgmt'] = "FT-EAP-SHA384"
3036 params
["ieee8021x"] = "1"
3037 params
= dict(list(radius
.items()) + list(params
.items()))
3038 hapd0
= hostapd
.add_ap(apdev
[0], params
)
3039 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
3040 params
["ieee80211w"] = "2"
3041 params
['wpa_key_mgmt'] = "FT-EAP-SHA384"
3042 params
["ieee8021x"] = "1"
3043 params
= dict(list(radius
.items()) + list(params
.items()))
3044 hapd1
= hostapd
.add_ap(apdev
[1], params
)
3046 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
3047 eap
=True, sha384
=True)
3049 def test_ap_ft_roam_rrm(dev
, apdev
):
3050 """WPA2-PSK-FT AP and radio measurement request"""
3052 passphrase
= "12345678"
3054 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
3055 params
["rrm_beacon_report"] = "1"
3056 hapd0
= hostapd
.add_ap(apdev
[0], params
)
3057 bssid0
= hapd0
.own_addr()
3059 addr
= dev
[0].own_addr()
3060 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
3062 check_beacon_req(hapd0
, addr
, 1)
3064 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
3065 params
["rrm_beacon_report"] = "1"
3066 hapd1
= hostapd
.add_ap(apdev
[1], params
)
3067 bssid1
= hapd1
.own_addr()
3069 dev
[0].scan_for_bss(bssid1
, freq
=2412)
3071 check_beacon_req(hapd1
, addr
, 2)
3073 dev
[0].scan_for_bss(bssid0
, freq
=2412)
3075 check_beacon_req(hapd0
, addr
, 3)
3077 def test_ap_ft_pmksa_caching(dev
, apdev
):
3078 """FT-EAP and PMKSA caching for initial mobility domain association"""
3080 identity
= "gpsk user"
3082 radius
= hostapd
.radius_params()
3083 params
= ft_params1(ssid
=ssid
)
3084 params
['wpa_key_mgmt'] = "FT-EAP"
3085 params
["ieee8021x"] = "1"
3086 params
["mobility_domain"] = "c3d4"
3087 params
= dict(list(radius
.items()) + list(params
.items()))
3088 hapd
= hostapd
.add_ap(apdev
[0], params
)
3090 params
= ft_params2(ssid
=ssid
)
3091 params
['wpa_key_mgmt'] = "FT-EAP"
3092 params
["ieee8021x"] = "1"
3093 params
["mobility_domain"] = "c3d4"
3094 params
= dict(list(radius
.items()) + list(params
.items()))
3095 hapd1
= hostapd
.add_ap(apdev
[1], params
)
3097 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, None, eap
=True,
3098 eap_identity
=identity
, pmksa_caching
=True)
3100 def test_ap_ft_pmksa_caching_sha384(dev
, apdev
):
3101 """FT-EAP-SHA384 and PMKSA caching for initial mobility domain association"""
3103 identity
= "gpsk user"
3105 radius
= hostapd
.radius_params()
3106 params
= ft_params1(ssid
=ssid
)
3107 params
['wpa_key_mgmt'] = "FT-EAP-SHA384"
3108 params
["ieee8021x"] = "1"
3109 params
["mobility_domain"] = "c3d4"
3110 params
= dict(list(radius
.items()) + list(params
.items()))
3111 hapd
= hostapd
.add_ap(apdev
[0], params
)
3113 params
= ft_params2(ssid
=ssid
)
3114 params
['wpa_key_mgmt'] = "FT-EAP-SHA384"
3115 params
["ieee8021x"] = "1"
3116 params
["mobility_domain"] = "c3d4"
3117 params
= dict(list(radius
.items()) + list(params
.items()))
3118 hapd1
= hostapd
.add_ap(apdev
[1], params
)
3120 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, None, eap
=True,
3121 eap_identity
=identity
, pmksa_caching
=True, sha384
=True)
3123 def test_ap_ft_r1_key_expiration(dev
, apdev
):
3124 """WPA2-PSK-FT and PMK-R1 expiration"""
3126 passphrase
= "12345678"
3128 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
3129 params
['r1_max_key_lifetime'] = "2"
3130 hapd0
= hostapd
.add_ap(apdev
[0], params
)
3131 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
3132 params
['r1_max_key_lifetime'] = "2"
3133 hapd1
= hostapd
.add_ap(apdev
[1], params
)
3135 # This succeeds, but results in having to run another PMK-R1 pull before the
3136 # second AP can complete FT protocol.
3137 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, wait_before_roam
=4)
3139 def test_ap_ft_r0_key_expiration(dev
, apdev
):
3140 """WPA2-PSK-FT and PMK-R0 expiration"""
3142 passphrase
= "12345678"
3144 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
3145 params
['ft_r0_key_lifetime'] = "2"
3146 hapd0
= hostapd
.add_ap(apdev
[0], params
)
3147 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
3148 params
['ft_r0_key_lifetime'] = "2"
3149 hapd1
= hostapd
.add_ap(apdev
[1], params
)
3151 bssid2
= run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
,
3152 return_after_initial
=True)
3154 dev
[0].scan_for_bss(bssid2
, freq
="2412")
3155 if "OK" not in dev
[0].request("ROAM " + bssid2
):
3156 raise Exception("ROAM failed")
3157 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED",
3158 "CTRL-EVENT-AUTH-REJECT",
3159 "CTRL-EVENT-ASSOC-REJECT"], timeout
=5)
3160 dev
[0].request("DISCONNECT")
3161 if ev
is None or "CTRL-EVENT-AUTH-REJECT" not in ev
:
3162 raise Exception("FT protocol failure not reported")
3163 if "status_code=53" not in ev
:
3164 raise Exception("Unexpected status in FT protocol failure: " + ev
)
3166 # Generate a new PMK-R0
3167 dev
[0].dump_monitor()
3168 dev
[0].request("RECONNECT")
3169 dev
[0].wait_connected()