]>
git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_owe.py
1 # Test cases for Opportunistic Wireless Encryption (OWE)
2 # Copyright (c) 2017, Jouni Malinen <j@w1.fi>
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
9 logger
= logging
.getLogger()
15 from wpasupplicant
import WpaSupplicant
17 from tshark
import run_tshark
18 from utils
import HwsimSkip
, fail_test
, alloc_fail
, wait_fail_trigger
20 def test_owe(dev
, apdev
):
21 """Opportunistic Wireless Encryption"""
22 if "OWE" not in dev
[0].get_capability("key_mgmt"):
23 raise HwsimSkip("OWE not supported")
24 params
= {"ssid": "owe",
27 "wpa_key_mgmt": "OWE",
28 "rsn_pairwise": "CCMP"}
29 hapd
= hostapd
.add_ap(apdev
[0], params
)
30 bssid
= hapd
.own_addr()
32 dev
[0].scan_for_bss(bssid
, freq
="2412")
33 bss
= dev
[0].get_bss(bssid
)
34 if "[WPA2-OWE-CCMP]" not in bss
['flags']:
35 raise Exception("OWE AKM not recognized: " + bss
['flags'])
37 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
39 hwsim_utils
.test_connectivity(dev
[0], hapd
)
40 val
= dev
[0].get_status_field("key_mgmt")
42 raise Exception("Unexpected key_mgmt: " + val
)
44 def test_owe_groups(dev
, apdev
):
45 """Opportunistic Wireless Encryption - DH groups"""
46 if "OWE" not in dev
[0].get_capability("key_mgmt"):
47 raise HwsimSkip("OWE not supported")
48 params
= {"ssid": "owe",
50 "wpa_key_mgmt": "OWE",
51 "rsn_pairwise": "CCMP"}
52 hapd
= hostapd
.add_ap(apdev
[0], params
)
53 bssid
= hapd
.own_addr()
55 dev
[0].scan_for_bss(bssid
, freq
="2412")
56 for group
in [19, 20, 21]:
57 dev
[0].connect("owe", key_mgmt
="OWE", owe_group
=str(group
))
58 hwsim_utils
.test_connectivity(dev
[0], hapd
)
59 dev
[0].request("REMOVE_NETWORK all")
60 dev
[0].wait_disconnected()
63 def test_owe_pmksa_caching(dev
, apdev
):
64 """Opportunistic Wireless Encryption and PMKSA caching"""
65 run_owe_pmksa_caching(dev
, apdev
)
67 def test_owe_pmksa_caching_connect_cmd(dev
, apdev
):
68 """Opportunistic Wireless Encryption and PMKSA caching using cfg80211 connect command"""
69 wpas
= WpaSupplicant(global_iface
='/tmp/wpas-wlan5')
70 wpas
.interface_add("wlan5", drv_params
="force_connect_cmd=1")
71 run_owe_pmksa_caching([wpas
], apdev
)
73 def run_owe_pmksa_caching(dev
, apdev
):
74 if "OWE" not in dev
[0].get_capability("key_mgmt"):
75 raise HwsimSkip("OWE not supported")
76 params
= {"ssid": "owe",
78 "wpa_key_mgmt": "OWE",
79 "rsn_pairwise": "CCMP"}
80 hapd
= hostapd
.add_ap(apdev
[0], params
)
81 bssid
= hapd
.own_addr()
83 dev
[0].scan_for_bss(bssid
, freq
="2412")
84 id = dev
[0].connect("owe", key_mgmt
="OWE")
85 hwsim_utils
.test_connectivity(dev
[0], hapd
)
86 pmksa
= dev
[0].get_pmksa(bssid
)
87 dev
[0].request("DISCONNECT")
88 dev
[0].wait_disconnected()
91 dev
[0].select_network(id, 2412)
92 dev
[0].wait_connected()
93 hwsim_utils
.test_connectivity(dev
[0], hapd
)
94 pmksa2
= dev
[0].get_pmksa(bssid
)
95 dev
[0].request("DISCONNECT")
96 dev
[0].wait_disconnected()
99 if "OK" not in hapd
.request("PMKSA_FLUSH"):
100 raise Exception("PMKSA_FLUSH failed")
102 dev
[0].select_network(id, 2412)
103 dev
[0].wait_connected()
104 hwsim_utils
.test_connectivity(dev
[0], hapd
)
105 pmksa3
= dev
[0].get_pmksa(bssid
)
106 dev
[0].request("DISCONNECT")
107 dev
[0].wait_disconnected()
108 dev
[0].dump_monitor()
110 if pmksa
is None or pmksa2
is None or pmksa3
is None:
111 raise Exception("PMKSA entry missing")
112 if pmksa
['pmkid'] != pmksa2
['pmkid']:
113 raise Exception("Unexpected PMKID change when using PMKSA caching")
114 if pmksa
['pmkid'] == pmksa3
['pmkid']:
115 raise Exception("PMKID did not change after PMKSA cache flush")
117 def test_owe_and_psk(dev
, apdev
):
118 """Opportunistic Wireless Encryption and WPA2-PSK enabled"""
119 if "OWE" not in dev
[0].get_capability("key_mgmt"):
120 raise HwsimSkip("OWE not supported")
121 params
= {"ssid": "owe+psk",
123 "wpa_key_mgmt": "OWE WPA-PSK",
124 "rsn_pairwise": "CCMP",
125 "wpa_passphrase": "12345678"}
126 hapd
= hostapd
.add_ap(apdev
[0], params
)
127 bssid
= hapd
.own_addr()
129 dev
[0].scan_for_bss(bssid
, freq
="2412")
130 dev
[0].connect("owe+psk", psk
="12345678")
131 hwsim_utils
.test_connectivity(dev
[0], hapd
)
133 dev
[1].scan_for_bss(bssid
, freq
="2412")
134 dev
[1].connect("owe+psk", key_mgmt
="OWE")
135 hwsim_utils
.test_connectivity(dev
[1], hapd
)
137 def test_owe_transition_mode(dev
, apdev
):
138 """Opportunistic Wireless Encryption transition mode"""
139 run_owe_transition_mode(dev
, apdev
)
141 def test_owe_transition_mode_connect_cmd(dev
, apdev
):
142 """Opportunistic Wireless Encryption transition mode using cfg80211 connect command"""
143 wpas
= WpaSupplicant(global_iface
='/tmp/wpas-wlan5')
144 wpas
.interface_add("wlan5", drv_params
="force_connect_cmd=1")
145 run_owe_transition_mode([wpas
], apdev
)
147 def run_owe_transition_mode(dev
, apdev
):
148 if "OWE" not in dev
[0].get_capability("key_mgmt"):
149 raise HwsimSkip("OWE not supported")
150 dev
[0].flush_scan_cache()
151 params
= {"ssid": "owe-random",
153 "wpa_key_mgmt": "OWE",
154 "rsn_pairwise": "CCMP",
156 "owe_transition_bssid": apdev
[1]['bssid'],
157 "owe_transition_ssid": '"owe-test"',
158 "ignore_broadcast_ssid": "1"}
159 hapd
= hostapd
.add_ap(apdev
[0], params
)
160 bssid
= hapd
.own_addr()
162 params
= {"ssid": "owe-test",
163 "owe_transition_bssid": apdev
[0]['bssid'],
164 "owe_transition_ssid": '"owe-random"'}
165 hapd2
= hostapd
.add_ap(apdev
[1], params
)
166 bssid2
= hapd2
.own_addr()
168 dev
[0].scan_for_bss(bssid
, freq
="2412")
169 dev
[0].scan_for_bss(bssid2
, freq
="2412")
171 bss
= dev
[0].get_bss(bssid
)
172 if "[WPA2-OWE-CCMP]" not in bss
['flags']:
173 raise Exception("OWE AKM not recognized: " + bss
['flags'])
174 if "[OWE-TRANS]" not in bss
['flags']:
175 raise Exception("OWE transition not recognized: " + bss
['flags'])
177 bss
= dev
[0].get_bss(bssid2
)
178 if "[OWE-TRANS-OPEN]" not in bss
['flags']:
179 raise Exception("OWE transition (open) not recognized: " + bss
['flags'])
181 id = dev
[0].connect("owe-test", key_mgmt
="OWE", ieee80211w
="2",
183 hwsim_utils
.test_connectivity(dev
[0], hapd
)
184 val
= dev
[0].get_status_field("key_mgmt")
186 raise Exception("Unexpected key_mgmt: " + val
)
188 logger
.info("Move to OWE only mode (disable transition mode)")
190 dev
[0].request("DISCONNECT")
191 dev
[0].wait_disconnected()
192 dev
[0].dump_monitor()
196 dev
[0].flush_scan_cache()
197 hapd
.set("owe_transition_bssid", "00:00:00:00:00:00")
198 hapd
.set("ignore_broadcast_ssid", '0')
199 hapd
.set("ssid", 'owe-test')
202 dev
[0].scan_for_bss(bssid
, freq
="2412")
203 dev
[0].select_network(id, 2412)
204 dev
[0].wait_connected()
205 hwsim_utils
.test_connectivity(dev
[0], hapd
)
207 def test_owe_transition_mode_open_only_ap(dev
, apdev
):
208 """Opportunistic Wireless Encryption transition mode connect to open-only AP"""
209 if "OWE" not in dev
[0].get_capability("key_mgmt"):
210 raise HwsimSkip("OWE not supported")
211 dev
[0].flush_scan_cache()
212 params
= {"ssid": "owe-test-open"}
213 hapd
= hostapd
.add_ap(apdev
[0], params
)
214 bssid
= hapd
.own_addr()
216 dev
[0].scan_for_bss(bssid
, freq
="2412")
218 bss
= dev
[0].get_bss(bssid
)
220 id = dev
[0].connect("owe-test-open", key_mgmt
="OWE", ieee80211w
="2",
222 hwsim_utils
.test_connectivity(dev
[0], hapd
)
223 val
= dev
[0].get_status_field("key_mgmt")
225 raise Exception("Unexpected key_mgmt: " + val
)
227 def test_owe_transition_mode_open_multiple_scans(dev
, apdev
):
228 """Opportunistic Wireless Encryption transition mode and need for multiple scans"""
229 if "OWE" not in dev
[0].get_capability("key_mgmt"):
230 raise HwsimSkip("OWE not supported")
231 dev
[0].flush_scan_cache()
232 params
= {"ssid": "owe-test",
233 "owe_transition_bssid": apdev
[0]['bssid'],
234 "owe_transition_ssid": '"owe-random"'}
235 hapd2
= hostapd
.add_ap(apdev
[1], params
)
236 bssid2
= hapd2
.own_addr()
238 dev
[0].scan_for_bss(bssid2
, freq
="2412")
240 dev
[0].dump_monitor()
241 id = dev
[0].connect("owe-test", key_mgmt
="OWE", ieee80211w
="2",
242 scan_freq
="2412", wait_connect
=False)
243 ev
= dev
[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout
=1)
245 params
= {"ssid": "owe-random",
247 "wpa_key_mgmt": "OWE",
248 "rsn_pairwise": "CCMP",
250 "owe_transition_bssid": apdev
[1]['bssid'],
251 "owe_transition_ssid": '"owe-test"',
252 "ignore_broadcast_ssid": "1"}
253 hapd
= hostapd
.add_ap(apdev
[0], params
)
254 bssid
= hapd
.own_addr()
256 dev
[0].wait_connected()
258 val
= dev
[0].get_status_field("key_mgmt")
260 raise Exception("Unexpected key_mgmt: " + val
)
262 def test_owe_transition_mode_multi_bss(dev
, apdev
):
263 """Opportunistic Wireless Encryption transition mode (multi BSS)"""
265 run_owe_transition_mode_multi_bss(dev
, apdev
)
267 dev
[0].request("SCAN_INTERVAL 5")
269 def run_owe_transition_mode_multi_bss(dev
, apdev
):
270 if "OWE" not in dev
[0].get_capability("key_mgmt"):
271 raise HwsimSkip("OWE not supported")
272 ifname1
= apdev
[0]['ifname']
273 ifname2
= apdev
[0]['ifname'] + '-2'
274 hapd1
= hostapd
.add_bss(apdev
[0], ifname1
, 'owe-bss-1.conf')
275 hapd2
= hostapd
.add_bss(apdev
[0], ifname2
, 'owe-bss-2.conf')
278 bssid
= hapd1
.own_addr()
279 bssid2
= hapd2
.own_addr()
281 # Beaconing with the OWE Transition Mode element can start only once both
282 # BSSs are enabled, so the very first Beacon frame may go out without this
283 # element. Wait a bit to avoid getting incomplete scan results.
286 dev
[0].request("SCAN_INTERVAL 1")
287 dev
[0].scan_for_bss(bssid2
, freq
="2412")
288 dev
[0].scan_for_bss(bssid
, freq
="2412")
289 dev
[0].connect("transition-mode-open", key_mgmt
="OWE")
290 val
= dev
[0].get_status_field("bssid")
292 raise Exception("Unexpected bssid: " + val
)
293 val
= dev
[0].get_status_field("key_mgmt")
295 raise Exception("Unexpected key_mgmt: " + val
)
296 hwsim_utils
.test_connectivity(dev
[0], hapd2
)
298 def test_owe_unsupported_group(dev
, apdev
):
299 """Opportunistic Wireless Encryption and unsupported group"""
301 run_owe_unsupported_group(dev
, apdev
)
303 dev
[0].request("VENDOR_ELEM_REMOVE 13 *")
305 def test_owe_unsupported_group_connect_cmd(dev
, apdev
):
306 """Opportunistic Wireless Encryption and unsupported group using cfg80211 connect command"""
309 wpas
= WpaSupplicant(global_iface
='/tmp/wpas-wlan5')
310 wpas
.interface_add("wlan5", drv_params
="force_connect_cmd=1")
311 run_owe_unsupported_group([wpas
], apdev
)
314 wpas
.request("VENDOR_ELEM_REMOVE 13 *")
316 def run_owe_unsupported_group(dev
, apdev
):
317 if "OWE" not in dev
[0].get_capability("key_mgmt"):
318 raise HwsimSkip("OWE not supported")
319 # Override OWE Dh Parameters element with a payload that uses invalid group
320 # 0 (and actual group 19 data) to make the AP reject this with the specific
322 dev
[0].request("VENDOR_ELEM_ADD 13 ff23200000783590fb7440e03d5b3b33911f86affdcc6b4411b707846ac4ff08ddc8831ccd")
324 params
= {"ssid": "owe",
326 "wpa_key_mgmt": "OWE",
327 "rsn_pairwise": "CCMP"}
328 hapd
= hostapd
.add_ap(apdev
[0], params
)
329 bssid
= hapd
.own_addr()
331 dev
[0].scan_for_bss(bssid
, freq
="2412")
332 dev
[0].connect("owe", key_mgmt
="OWE", wait_connect
=False)
333 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
334 dev
[0].request("DISCONNECT")
336 raise Exception("Association not rejected")
337 if "status_code=77" not in ev
:
338 raise Exception("Unexpected rejection reason: " + ev
)
340 def test_owe_limited_group_set(dev
, apdev
):
341 """Opportunistic Wireless Encryption and limited group set"""
342 if "OWE" not in dev
[0].get_capability("key_mgmt"):
343 raise HwsimSkip("OWE not supported")
344 params
= {"ssid": "owe",
346 "wpa_key_mgmt": "OWE",
347 "rsn_pairwise": "CCMP",
348 "owe_groups": "20 21"}
349 hapd
= hostapd
.add_ap(apdev
[0], params
)
350 bssid
= hapd
.own_addr()
352 dev
[0].scan_for_bss(bssid
, freq
="2412")
353 dev
[0].connect("owe", key_mgmt
="OWE", owe_group
="19", wait_connect
=False)
354 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
355 dev
[0].request("DISCONNECT")
357 raise Exception("Association not rejected")
358 if "status_code=77" not in ev
:
359 raise Exception("Unexpected rejection reason: " + ev
)
360 dev
[0].dump_monitor()
362 for group
in [20, 21]:
363 dev
[0].connect("owe", key_mgmt
="OWE", owe_group
=str(group
))
364 dev
[0].request("REMOVE_NETWORK all")
365 dev
[0].wait_disconnected()
366 dev
[0].dump_monitor()
368 def test_owe_limited_group_set_pmf(dev
, apdev
, params
):
369 """Opportunistic Wireless Encryption and limited group set (PMF)"""
370 if "OWE" not in dev
[0].get_capability("key_mgmt"):
371 raise HwsimSkip("OWE not supported")
372 pcapng
= os
.path
.join(params
['logdir'], "hwsim0.pcapng")
374 params
= {"ssid": "owe",
377 "wpa_key_mgmt": "OWE",
378 "rsn_pairwise": "CCMP",
380 hapd
= hostapd
.add_ap(apdev
[0], params
)
381 bssid
= hapd
.own_addr()
383 dev
[0].scan_for_bss(bssid
, freq
="2412")
384 dev
[0].connect("owe", key_mgmt
="OWE", owe_group
="19", ieee80211w
="2",
385 scan_freq
="2412", wait_connect
=False)
386 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
387 dev
[0].request("DISCONNECT")
389 raise Exception("Association not rejected")
390 if "status_code=77" not in ev
:
391 raise Exception("Unexpected rejection reason: " + ev
)
392 dev
[0].dump_monitor()
394 dev
[0].connect("owe", key_mgmt
="OWE", owe_group
="20", ieee80211w
="2",
395 scan_freq
="2412", wait_connect
=False)
396 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
397 dev
[0].request("DISCONNECT")
399 raise Exception("Association not rejected (2)")
400 if "status_code=77" not in ev
:
401 raise Exception("Unexpected rejection reason (2): " + ev
)
402 dev
[0].dump_monitor()
404 dev
[0].connect("owe", key_mgmt
="OWE", owe_group
="21", ieee80211w
="2",
406 dev
[0].request("REMOVE_NETWORK all")
407 dev
[0].wait_disconnected()
408 dev
[0].dump_monitor()
410 out
= run_tshark(pcapng
,
411 "wlan.fc.type_subtype == 1",
412 display
=['wlan_mgt.fixed.status_code'])
413 status
= out
.splitlines()
414 logger
.info("Association Response frame status codes: " + str(status
))
416 raise Exception("Unexpected number of Association Response frames")
417 if int(status
[0]) != 77 or int(status
[1]) != 77 or int(status
[2]) != 0:
418 raise Exception("Unexpected Association Response frame status code")
420 def test_owe_group_negotiation(dev
, apdev
):
421 """Opportunistic Wireless Encryption and group negotiation"""
422 run_owe_group_negotiation(dev
[0], apdev
)
424 def test_owe_group_negotiation_connect_cmd(dev
, apdev
):
425 """Opportunistic Wireless Encryption and group negotiation (connect command)"""
426 wpas
= WpaSupplicant(global_iface
='/tmp/wpas-wlan5')
427 wpas
.interface_add("wlan5", drv_params
="force_connect_cmd=1")
428 run_owe_group_negotiation(wpas
, apdev
)
430 def run_owe_group_negotiation(dev
, apdev
):
431 if "OWE" not in dev
.get_capability("key_mgmt"):
432 raise HwsimSkip("OWE not supported")
433 params
= {"ssid": "owe",
435 "wpa_key_mgmt": "OWE",
436 "rsn_pairwise": "CCMP",
438 hapd
= hostapd
.add_ap(apdev
[0], params
)
439 bssid
= hapd
.own_addr()
441 dev
.scan_for_bss(bssid
, freq
="2412")
442 dev
.connect("owe", key_mgmt
="OWE")
444 def test_owe_assoc_reject(dev
, apdev
):
445 """Opportunistic Wireless Encryption association rejection handling"""
446 if "OWE" not in dev
[0].get_capability("key_mgmt"):
447 raise HwsimSkip("OWE not supported")
448 params
= {"ssid": "owe",
452 "wpa_key_mgmt": "OWE",
453 "rsn_pairwise": "CCMP",
455 hapd
= hostapd
.add_ap(apdev
[0], params
)
456 bssid
= hapd
.own_addr()
458 # First, reject two associations with HT-required (i.e., not OWE related)
459 dev
[0].scan_for_bss(bssid
, freq
="2412")
460 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
461 disable_ht
="1", scan_freq
="2412", wait_connect
=False)
462 for i
in range(0, 2):
463 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
465 raise Exception("Association rejection not reported")
467 # Then, verify that STA tries OWE with the default group (19) on the next
468 # attempt instead of having moved to testing another group.
469 hapd
.set("require_ht", "0")
470 for i
in range(0, 2):
471 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT",
472 "CTRL-EVENT-CONNECTED"], timeout
=10)
474 raise Exception("Association result not reported")
475 if "CTRL-EVENT-CONNECTED" in ev
:
477 if "status_code=77" in ev
:
478 raise Exception("Unexpected unsupport group rejection")
479 if "CTRL-EVENT-CONNECTED" not in ev
:
480 raise Exception("Did not connect successfully")
482 def test_owe_local_errors(dev
, apdev
):
483 """Opportunistic Wireless Encryption - local errors on supplicant"""
484 if "OWE" not in dev
[0].get_capability("key_mgmt"):
485 raise HwsimSkip("OWE not supported")
486 params
= {"ssid": "owe",
489 "wpa_key_mgmt": "OWE",
490 "rsn_pairwise": "CCMP"}
491 hapd
= hostapd
.add_ap(apdev
[0], params
)
492 bssid
= hapd
.own_addr()
494 dev
[0].scan_for_bss(bssid
, freq
="2412")
496 tests
= [(1, "crypto_ecdh_init;owe_build_assoc_req"),
497 (1, "crypto_ecdh_get_pubkey;owe_build_assoc_req"),
498 (1, "wpabuf_alloc;owe_build_assoc_req")]
499 for count
, func
in tests
:
500 with
alloc_fail(dev
[0], count
, func
):
501 dev
[0].connect("owe", key_mgmt
="OWE", owe_group
="20",
503 scan_freq
="2412", wait_connect
=False)
504 wait_fail_trigger(dev
[0], "GET_ALLOC_FAIL")
505 dev
[0].request("REMOVE_NETWORK all")
506 dev
[0].dump_monitor()
508 tests
= [(1, "crypto_ecdh_set_peerkey;owe_process_assoc_resp"),
509 (1, "crypto_ecdh_get_pubkey;owe_process_assoc_resp"),
510 (1, "wpabuf_alloc;=owe_process_assoc_resp")]
511 for count
, func
in tests
:
512 with
alloc_fail(dev
[0], count
, func
):
513 dev
[0].connect("owe", key_mgmt
="OWE", owe_group
="20",
515 scan_freq
="2412", wait_connect
=False)
516 dev
[0].wait_disconnected()
517 dev
[0].request("REMOVE_NETWORK all")
518 dev
[0].dump_monitor()
520 tests
= [(1, "hmac_sha256;owe_process_assoc_resp", 19),
521 (1, "hmac_sha256_kdf;owe_process_assoc_resp", 19),
522 (1, "hmac_sha384;owe_process_assoc_resp", 20),
523 (1, "hmac_sha384_kdf;owe_process_assoc_resp", 20),
524 (1, "hmac_sha512;owe_process_assoc_resp", 21),
525 (1, "hmac_sha512_kdf;owe_process_assoc_resp", 21)]
526 for count
, func
, group
in tests
:
527 with
fail_test(dev
[0], count
, func
):
528 dev
[0].connect("owe", key_mgmt
="OWE", owe_group
=str(group
),
530 scan_freq
="2412", wait_connect
=False)
531 dev
[0].wait_disconnected()
532 dev
[0].request("REMOVE_NETWORK all")
533 dev
[0].dump_monitor()
535 dev
[0].connect("owe", key_mgmt
="OWE", owe_group
="18",
537 scan_freq
="2412", wait_connect
=False)
538 ev
= dev
[0].wait_event(["SME: Trying to authenticate"], timeout
=5)
540 raise Exception("No authentication attempt")
542 dev
[0].request("REMOVE_NETWORK all")
543 dev
[0].dump_monitor()
546 for i
in range(0, 10):
549 raise Exception("MGMT RX wait timed out")
550 if req
['subtype'] == 11:
554 raise Exception("Authentication frame not received")
557 resp
['fc'] = req
['fc']
558 resp
['da'] = req
['sa']
559 resp
['sa'] = req
['da']
560 resp
['bssid'] = req
['bssid']
561 resp
['payload'] = struct
.pack('<HHH', 0, 2, 0)
564 def hapd_assoc(hapd
, extra
):
565 for i
in range(0, 10):
568 raise Exception("MGMT RX wait timed out")
569 if req
['subtype'] == 0:
573 raise Exception("Association Request frame not received")
577 resp
['da'] = req
['sa']
578 resp
['sa'] = req
['da']
579 resp
['bssid'] = req
['bssid']
580 payload
= struct
.pack('<HHH', 0x0411, 0, 0xc001)
581 payload
+= binascii
.unhexlify("010882848b960c121824")
582 resp
['payload'] = payload
+ extra
585 def test_owe_invalid_assoc_resp(dev
, apdev
):
586 """Opportunistic Wireless Encryption - invalid Association Response frame"""
587 if "OWE" not in dev
[0].get_capability("key_mgmt"):
588 raise HwsimSkip("OWE not supported")
589 params
= {"ssid": "owe",
592 "wpa_key_mgmt": "OWE",
593 "rsn_pairwise": "CCMP"}
594 hapd
= hostapd
.add_ap(apdev
[0], params
)
595 bssid
= hapd
.own_addr()
597 dev
[0].scan_for_bss(bssid
, freq
="2412")
599 hapd
.set("ext_mgmt_frame_handling", "1")
600 # OWE: No Diffie-Hellman Parameter element found in Association Response frame
602 # No room for group --> no DH Params
603 tests
+= [binascii
.unhexlify('ff0120')]
604 # OWE: Unexpected Diffie-Hellman group in response: 18
605 tests
+= [binascii
.unhexlify('ff03201200')]
606 # OWE: Invalid peer DH public key
607 tests
+= [binascii
.unhexlify('ff23201300' + 31*'00' + '01')]
608 # OWE: Invalid peer DH public key
609 tests
+= [binascii
.unhexlify('ff24201300' + 33*'ee')]
611 dev
[0].connect("owe", key_mgmt
="OWE", owe_group
="19", ieee80211w
="2",
612 scan_freq
="2412", wait_connect
=False)
614 hapd_assoc(hapd
, extra
)
615 dev
[0].wait_disconnected()
616 dev
[0].request("REMOVE_NETWORK all")
617 dev
[0].dump_monitor()
619 # OWE: Empty public key (this ends up getting padded to a valid point)
620 dev
[0].connect("owe", key_mgmt
="OWE", owe_group
="19", ieee80211w
="2",
621 scan_freq
="2412", wait_connect
=False)
623 hapd_assoc(hapd
, binascii
.unhexlify('ff03201300'))
624 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECTED", "PMKSA-CACHE-ADDED"],
627 raise Exception("No result reported for empty public key")
628 dev
[0].request("REMOVE_NETWORK all")
629 dev
[0].dump_monitor()