]> git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_owe.py
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tests: Fix ap_ft_reassoc_replay for case where wlantest has the PSK
[thirdparty/hostap.git] / tests / hwsim / test_owe.py
1 # Test cases for Opportunistic Wireless Encryption (OWE)
2 # Copyright (c) 2017, Jouni Malinen <j@w1.fi>
3 #
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
6
7 import binascii
8 import logging
9 logger = logging.getLogger()
10 import time
11 import os
12 import struct
13
14 import hostapd
15 from wpasupplicant import WpaSupplicant
16 import hwsim_utils
17 from tshark import run_tshark
18 from utils import HwsimSkip, fail_test, alloc_fail, wait_fail_trigger
19
20 def test_owe(dev, apdev):
21 """Opportunistic Wireless Encryption"""
22 if "OWE" not in dev[0].get_capability("key_mgmt"):
23 raise HwsimSkip("OWE not supported")
24 params = {"ssid": "owe",
25 "wpa": "2",
26 "ieee80211w": "2",
27 "wpa_key_mgmt": "OWE",
28 "rsn_pairwise": "CCMP"}
29 hapd = hostapd.add_ap(apdev[0], params)
30 bssid = hapd.own_addr()
31
32 dev[0].scan_for_bss(bssid, freq="2412")
33 bss = dev[0].get_bss(bssid)
34 if "[WPA2-OWE-CCMP]" not in bss['flags']:
35 raise Exception("OWE AKM not recognized: " + bss['flags'])
36
37 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
38 scan_freq="2412")
39 hwsim_utils.test_connectivity(dev[0], hapd)
40 val = dev[0].get_status_field("key_mgmt")
41 if val != "OWE":
42 raise Exception("Unexpected key_mgmt: " + val)
43
44 def test_owe_groups(dev, apdev):
45 """Opportunistic Wireless Encryption - DH groups"""
46 if "OWE" not in dev[0].get_capability("key_mgmt"):
47 raise HwsimSkip("OWE not supported")
48 params = {"ssid": "owe",
49 "wpa": "2",
50 "wpa_key_mgmt": "OWE",
51 "rsn_pairwise": "CCMP"}
52 hapd = hostapd.add_ap(apdev[0], params)
53 bssid = hapd.own_addr()
54
55 dev[0].scan_for_bss(bssid, freq="2412")
56 for group in [19, 20, 21]:
57 dev[0].connect("owe", key_mgmt="OWE", owe_group=str(group))
58 hwsim_utils.test_connectivity(dev[0], hapd)
59 dev[0].request("REMOVE_NETWORK all")
60 dev[0].wait_disconnected()
61 dev[0].dump_monitor()
62
63 def test_owe_pmksa_caching(dev, apdev):
64 """Opportunistic Wireless Encryption and PMKSA caching"""
65 run_owe_pmksa_caching(dev, apdev)
66
67 def test_owe_pmksa_caching_connect_cmd(dev, apdev):
68 """Opportunistic Wireless Encryption and PMKSA caching using cfg80211 connect command"""
69 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
70 wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
71 run_owe_pmksa_caching([wpas], apdev)
72
73 def run_owe_pmksa_caching(dev, apdev):
74 if "OWE" not in dev[0].get_capability("key_mgmt"):
75 raise HwsimSkip("OWE not supported")
76 params = {"ssid": "owe",
77 "wpa": "2",
78 "wpa_key_mgmt": "OWE",
79 "rsn_pairwise": "CCMP"}
80 hapd = hostapd.add_ap(apdev[0], params)
81 bssid = hapd.own_addr()
82
83 dev[0].scan_for_bss(bssid, freq="2412")
84 id = dev[0].connect("owe", key_mgmt="OWE")
85 hwsim_utils.test_connectivity(dev[0], hapd)
86 pmksa = dev[0].get_pmksa(bssid)
87 dev[0].request("DISCONNECT")
88 dev[0].wait_disconnected()
89 dev[0].dump_monitor()
90
91 dev[0].select_network(id, 2412)
92 dev[0].wait_connected()
93 hwsim_utils.test_connectivity(dev[0], hapd)
94 pmksa2 = dev[0].get_pmksa(bssid)
95 dev[0].request("DISCONNECT")
96 dev[0].wait_disconnected()
97 dev[0].dump_monitor()
98
99 if "OK" not in hapd.request("PMKSA_FLUSH"):
100 raise Exception("PMKSA_FLUSH failed")
101
102 dev[0].select_network(id, 2412)
103 dev[0].wait_connected()
104 hwsim_utils.test_connectivity(dev[0], hapd)
105 pmksa3 = dev[0].get_pmksa(bssid)
106 dev[0].request("DISCONNECT")
107 dev[0].wait_disconnected()
108 dev[0].dump_monitor()
109
110 if pmksa is None or pmksa2 is None or pmksa3 is None:
111 raise Exception("PMKSA entry missing")
112 if pmksa['pmkid'] != pmksa2['pmkid']:
113 raise Exception("Unexpected PMKID change when using PMKSA caching")
114 if pmksa['pmkid'] == pmksa3['pmkid']:
115 raise Exception("PMKID did not change after PMKSA cache flush")
116
117 def test_owe_and_psk(dev, apdev):
118 """Opportunistic Wireless Encryption and WPA2-PSK enabled"""
119 if "OWE" not in dev[0].get_capability("key_mgmt"):
120 raise HwsimSkip("OWE not supported")
121 params = {"ssid": "owe+psk",
122 "wpa": "2",
123 "wpa_key_mgmt": "OWE WPA-PSK",
124 "rsn_pairwise": "CCMP",
125 "wpa_passphrase": "12345678"}
126 hapd = hostapd.add_ap(apdev[0], params)
127 bssid = hapd.own_addr()
128
129 dev[0].scan_for_bss(bssid, freq="2412")
130 dev[0].connect("owe+psk", psk="12345678")
131 hwsim_utils.test_connectivity(dev[0], hapd)
132
133 dev[1].scan_for_bss(bssid, freq="2412")
134 dev[1].connect("owe+psk", key_mgmt="OWE")
135 hwsim_utils.test_connectivity(dev[1], hapd)
136
137 def test_owe_transition_mode(dev, apdev):
138 """Opportunistic Wireless Encryption transition mode"""
139 run_owe_transition_mode(dev, apdev)
140
141 def test_owe_transition_mode_connect_cmd(dev, apdev):
142 """Opportunistic Wireless Encryption transition mode using cfg80211 connect command"""
143 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
144 wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
145 run_owe_transition_mode([wpas], apdev)
146
147 def run_owe_transition_mode(dev, apdev):
148 if "OWE" not in dev[0].get_capability("key_mgmt"):
149 raise HwsimSkip("OWE not supported")
150 dev[0].flush_scan_cache()
151 params = {"ssid": "owe-random",
152 "wpa": "2",
153 "wpa_key_mgmt": "OWE",
154 "rsn_pairwise": "CCMP",
155 "ieee80211w": "2",
156 "owe_transition_bssid": apdev[1]['bssid'],
157 "owe_transition_ssid": '"owe-test"',
158 "ignore_broadcast_ssid": "1"}
159 hapd = hostapd.add_ap(apdev[0], params)
160 bssid = hapd.own_addr()
161
162 params = {"ssid": "owe-test",
163 "owe_transition_bssid": apdev[0]['bssid'],
164 "owe_transition_ssid": '"owe-random"'}
165 hapd2 = hostapd.add_ap(apdev[1], params)
166 bssid2 = hapd2.own_addr()
167
168 dev[0].scan_for_bss(bssid, freq="2412")
169 dev[0].scan_for_bss(bssid2, freq="2412")
170
171 bss = dev[0].get_bss(bssid)
172 if "[WPA2-OWE-CCMP]" not in bss['flags']:
173 raise Exception("OWE AKM not recognized: " + bss['flags'])
174 if "[OWE-TRANS]" not in bss['flags']:
175 raise Exception("OWE transition not recognized: " + bss['flags'])
176
177 bss = dev[0].get_bss(bssid2)
178 if "[OWE-TRANS-OPEN]" not in bss['flags']:
179 raise Exception("OWE transition (open) not recognized: " + bss['flags'])
180
181 id = dev[0].connect("owe-test", key_mgmt="OWE", ieee80211w="2",
182 scan_freq="2412")
183 hwsim_utils.test_connectivity(dev[0], hapd)
184 val = dev[0].get_status_field("key_mgmt")
185 if val != "OWE":
186 raise Exception("Unexpected key_mgmt: " + val)
187
188 logger.info("Move to OWE only mode (disable transition mode)")
189
190 dev[0].request("DISCONNECT")
191 dev[0].wait_disconnected()
192 dev[0].dump_monitor()
193
194 hapd2.disable()
195 hapd.disable()
196 dev[0].flush_scan_cache()
197 hapd.set("owe_transition_bssid", "00:00:00:00:00:00")
198 hapd.set("ignore_broadcast_ssid", '0')
199 hapd.set("ssid", 'owe-test')
200 hapd.enable()
201
202 dev[0].scan_for_bss(bssid, freq="2412")
203 dev[0].select_network(id, 2412)
204 dev[0].wait_connected()
205 hwsim_utils.test_connectivity(dev[0], hapd)
206
207 def test_owe_transition_mode_open_only_ap(dev, apdev):
208 """Opportunistic Wireless Encryption transition mode connect to open-only AP"""
209 if "OWE" not in dev[0].get_capability("key_mgmt"):
210 raise HwsimSkip("OWE not supported")
211 dev[0].flush_scan_cache()
212 params = {"ssid": "owe-test-open"}
213 hapd = hostapd.add_ap(apdev[0], params)
214 bssid = hapd.own_addr()
215
216 dev[0].scan_for_bss(bssid, freq="2412")
217
218 bss = dev[0].get_bss(bssid)
219
220 id = dev[0].connect("owe-test-open", key_mgmt="OWE", ieee80211w="2",
221 scan_freq="2412")
222 hwsim_utils.test_connectivity(dev[0], hapd)
223 val = dev[0].get_status_field("key_mgmt")
224 if val != "NONE":
225 raise Exception("Unexpected key_mgmt: " + val)
226
227 def test_owe_transition_mode_open_multiple_scans(dev, apdev):
228 """Opportunistic Wireless Encryption transition mode and need for multiple scans"""
229 if "OWE" not in dev[0].get_capability("key_mgmt"):
230 raise HwsimSkip("OWE not supported")
231 dev[0].flush_scan_cache()
232 params = {"ssid": "owe-test",
233 "owe_transition_bssid": apdev[0]['bssid'],
234 "owe_transition_ssid": '"owe-random"'}
235 hapd2 = hostapd.add_ap(apdev[1], params)
236 bssid2 = hapd2.own_addr()
237
238 dev[0].scan_for_bss(bssid2, freq="2412")
239
240 dev[0].dump_monitor()
241 id = dev[0].connect("owe-test", key_mgmt="OWE", ieee80211w="2",
242 scan_freq="2412", wait_connect=False)
243 ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=1)
244
245 params = {"ssid": "owe-random",
246 "wpa": "2",
247 "wpa_key_mgmt": "OWE",
248 "rsn_pairwise": "CCMP",
249 "ieee80211w": "2",
250 "owe_transition_bssid": apdev[1]['bssid'],
251 "owe_transition_ssid": '"owe-test"',
252 "ignore_broadcast_ssid": "1"}
253 hapd = hostapd.add_ap(apdev[0], params)
254 bssid = hapd.own_addr()
255
256 dev[0].wait_connected()
257
258 val = dev[0].get_status_field("key_mgmt")
259 if val != "OWE":
260 raise Exception("Unexpected key_mgmt: " + val)
261
262 def test_owe_transition_mode_multi_bss(dev, apdev):
263 """Opportunistic Wireless Encryption transition mode (multi BSS)"""
264 try:
265 run_owe_transition_mode_multi_bss(dev, apdev)
266 finally:
267 dev[0].request("SCAN_INTERVAL 5")
268
269 def run_owe_transition_mode_multi_bss(dev, apdev):
270 if "OWE" not in dev[0].get_capability("key_mgmt"):
271 raise HwsimSkip("OWE not supported")
272 ifname1 = apdev[0]['ifname']
273 ifname2 = apdev[0]['ifname'] + '-2'
274 hapd1 = hostapd.add_bss(apdev[0], ifname1, 'owe-bss-1.conf')
275 hapd2 = hostapd.add_bss(apdev[0], ifname2, 'owe-bss-2.conf')
276 hapd2.bssidx = 1
277
278 bssid = hapd1.own_addr()
279 bssid2 = hapd2.own_addr()
280
281 # Beaconing with the OWE Transition Mode element can start only once both
282 # BSSs are enabled, so the very first Beacon frame may go out without this
283 # element. Wait a bit to avoid getting incomplete scan results.
284 time.sleep(0.1)
285
286 dev[0].request("SCAN_INTERVAL 1")
287 dev[0].scan_for_bss(bssid2, freq="2412")
288 dev[0].scan_for_bss(bssid, freq="2412")
289 dev[0].connect("transition-mode-open", key_mgmt="OWE")
290 val = dev[0].get_status_field("bssid")
291 if val != bssid2:
292 raise Exception("Unexpected bssid: " + val)
293 val = dev[0].get_status_field("key_mgmt")
294 if val != "OWE":
295 raise Exception("Unexpected key_mgmt: " + val)
296 hwsim_utils.test_connectivity(dev[0], hapd2)
297
298 def test_owe_unsupported_group(dev, apdev):
299 """Opportunistic Wireless Encryption and unsupported group"""
300 try:
301 run_owe_unsupported_group(dev, apdev)
302 finally:
303 dev[0].request("VENDOR_ELEM_REMOVE 13 *")
304
305 def test_owe_unsupported_group_connect_cmd(dev, apdev):
306 """Opportunistic Wireless Encryption and unsupported group using cfg80211 connect command"""
307 try:
308 wpas = None
309 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
310 wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
311 run_owe_unsupported_group([wpas], apdev)
312 finally:
313 if wpas:
314 wpas.request("VENDOR_ELEM_REMOVE 13 *")
315
316 def run_owe_unsupported_group(dev, apdev):
317 if "OWE" not in dev[0].get_capability("key_mgmt"):
318 raise HwsimSkip("OWE not supported")
319 # Override OWE Dh Parameters element with a payload that uses invalid group
320 # 0 (and actual group 19 data) to make the AP reject this with the specific
321 # status code 77.
322 dev[0].request("VENDOR_ELEM_ADD 13 ff23200000783590fb7440e03d5b3b33911f86affdcc6b4411b707846ac4ff08ddc8831ccd")
323
324 params = {"ssid": "owe",
325 "wpa": "2",
326 "wpa_key_mgmt": "OWE",
327 "rsn_pairwise": "CCMP"}
328 hapd = hostapd.add_ap(apdev[0], params)
329 bssid = hapd.own_addr()
330
331 dev[0].scan_for_bss(bssid, freq="2412")
332 dev[0].connect("owe", key_mgmt="OWE", wait_connect=False)
333 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
334 dev[0].request("DISCONNECT")
335 if ev is None:
336 raise Exception("Association not rejected")
337 if "status_code=77" not in ev:
338 raise Exception("Unexpected rejection reason: " + ev)
339
340 def test_owe_limited_group_set(dev, apdev):
341 """Opportunistic Wireless Encryption and limited group set"""
342 if "OWE" not in dev[0].get_capability("key_mgmt"):
343 raise HwsimSkip("OWE not supported")
344 params = {"ssid": "owe",
345 "wpa": "2",
346 "wpa_key_mgmt": "OWE",
347 "rsn_pairwise": "CCMP",
348 "owe_groups": "20 21"}
349 hapd = hostapd.add_ap(apdev[0], params)
350 bssid = hapd.own_addr()
351
352 dev[0].scan_for_bss(bssid, freq="2412")
353 dev[0].connect("owe", key_mgmt="OWE", owe_group="19", wait_connect=False)
354 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
355 dev[0].request("DISCONNECT")
356 if ev is None:
357 raise Exception("Association not rejected")
358 if "status_code=77" not in ev:
359 raise Exception("Unexpected rejection reason: " + ev)
360 dev[0].dump_monitor()
361
362 for group in [20, 21]:
363 dev[0].connect("owe", key_mgmt="OWE", owe_group=str(group))
364 dev[0].request("REMOVE_NETWORK all")
365 dev[0].wait_disconnected()
366 dev[0].dump_monitor()
367
368 def test_owe_limited_group_set_pmf(dev, apdev, params):
369 """Opportunistic Wireless Encryption and limited group set (PMF)"""
370 if "OWE" not in dev[0].get_capability("key_mgmt"):
371 raise HwsimSkip("OWE not supported")
372 pcapng = os.path.join(params['logdir'], "hwsim0.pcapng")
373
374 params = {"ssid": "owe",
375 "wpa": "2",
376 "ieee80211w": "2",
377 "wpa_key_mgmt": "OWE",
378 "rsn_pairwise": "CCMP",
379 "owe_groups": "21"}
380 hapd = hostapd.add_ap(apdev[0], params)
381 bssid = hapd.own_addr()
382
383 dev[0].scan_for_bss(bssid, freq="2412")
384 dev[0].connect("owe", key_mgmt="OWE", owe_group="19", ieee80211w="2",
385 scan_freq="2412", wait_connect=False)
386 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
387 dev[0].request("DISCONNECT")
388 if ev is None:
389 raise Exception("Association not rejected")
390 if "status_code=77" not in ev:
391 raise Exception("Unexpected rejection reason: " + ev)
392 dev[0].dump_monitor()
393
394 dev[0].connect("owe", key_mgmt="OWE", owe_group="20", ieee80211w="2",
395 scan_freq="2412", wait_connect=False)
396 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
397 dev[0].request("DISCONNECT")
398 if ev is None:
399 raise Exception("Association not rejected (2)")
400 if "status_code=77" not in ev:
401 raise Exception("Unexpected rejection reason (2): " + ev)
402 dev[0].dump_monitor()
403
404 dev[0].connect("owe", key_mgmt="OWE", owe_group="21", ieee80211w="2",
405 scan_freq="2412")
406 dev[0].request("REMOVE_NETWORK all")
407 dev[0].wait_disconnected()
408 dev[0].dump_monitor()
409
410 out = run_tshark(pcapng,
411 "wlan.fc.type_subtype == 1",
412 display=['wlan_mgt.fixed.status_code'])
413 status = out.splitlines()
414 logger.info("Association Response frame status codes: " + str(status))
415 if len(status) != 3:
416 raise Exception("Unexpected number of Association Response frames")
417 if int(status[0]) != 77 or int(status[1]) != 77 or int(status[2]) != 0:
418 raise Exception("Unexpected Association Response frame status code")
419
420 def test_owe_group_negotiation(dev, apdev):
421 """Opportunistic Wireless Encryption and group negotiation"""
422 run_owe_group_negotiation(dev[0], apdev)
423
424 def test_owe_group_negotiation_connect_cmd(dev, apdev):
425 """Opportunistic Wireless Encryption and group negotiation (connect command)"""
426 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
427 wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
428 run_owe_group_negotiation(wpas, apdev)
429
430 def run_owe_group_negotiation(dev, apdev):
431 if "OWE" not in dev.get_capability("key_mgmt"):
432 raise HwsimSkip("OWE not supported")
433 params = {"ssid": "owe",
434 "wpa": "2",
435 "wpa_key_mgmt": "OWE",
436 "rsn_pairwise": "CCMP",
437 "owe_groups": "21"}
438 hapd = hostapd.add_ap(apdev[0], params)
439 bssid = hapd.own_addr()
440
441 dev.scan_for_bss(bssid, freq="2412")
442 dev.connect("owe", key_mgmt="OWE")
443
444 def test_owe_assoc_reject(dev, apdev):
445 """Opportunistic Wireless Encryption association rejection handling"""
446 if "OWE" not in dev[0].get_capability("key_mgmt"):
447 raise HwsimSkip("OWE not supported")
448 params = {"ssid": "owe",
449 "require_ht": "1",
450 "wpa": "2",
451 "ieee80211w": "2",
452 "wpa_key_mgmt": "OWE",
453 "rsn_pairwise": "CCMP",
454 "owe_groups": "19"}
455 hapd = hostapd.add_ap(apdev[0], params)
456 bssid = hapd.own_addr()
457
458 # First, reject two associations with HT-required (i.e., not OWE related)
459 dev[0].scan_for_bss(bssid, freq="2412")
460 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
461 disable_ht="1", scan_freq="2412", wait_connect=False)
462 for i in range(0, 2):
463 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
464 if ev is None:
465 raise Exception("Association rejection not reported")
466
467 # Then, verify that STA tries OWE with the default group (19) on the next
468 # attempt instead of having moved to testing another group.
469 hapd.set("require_ht", "0")
470 for i in range(0, 2):
471 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT",
472 "CTRL-EVENT-CONNECTED"], timeout=10)
473 if ev is None:
474 raise Exception("Association result not reported")
475 if "CTRL-EVENT-CONNECTED" in ev:
476 break
477 if "status_code=77" in ev:
478 raise Exception("Unexpected unsupport group rejection")
479 if "CTRL-EVENT-CONNECTED" not in ev:
480 raise Exception("Did not connect successfully")
481
482 def test_owe_local_errors(dev, apdev):
483 """Opportunistic Wireless Encryption - local errors on supplicant"""
484 if "OWE" not in dev[0].get_capability("key_mgmt"):
485 raise HwsimSkip("OWE not supported")
486 params = {"ssid": "owe",
487 "wpa": "2",
488 "ieee80211w": "2",
489 "wpa_key_mgmt": "OWE",
490 "rsn_pairwise": "CCMP"}
491 hapd = hostapd.add_ap(apdev[0], params)
492 bssid = hapd.own_addr()
493
494 dev[0].scan_for_bss(bssid, freq="2412")
495
496 tests = [(1, "crypto_ecdh_init;owe_build_assoc_req"),
497 (1, "crypto_ecdh_get_pubkey;owe_build_assoc_req"),
498 (1, "wpabuf_alloc;owe_build_assoc_req")]
499 for count, func in tests:
500 with alloc_fail(dev[0], count, func):
501 dev[0].connect("owe", key_mgmt="OWE", owe_group="20",
502 ieee80211w="2",
503 scan_freq="2412", wait_connect=False)
504 wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
505 dev[0].request("REMOVE_NETWORK all")
506 dev[0].dump_monitor()
507
508 tests = [(1, "crypto_ecdh_set_peerkey;owe_process_assoc_resp"),
509 (1, "crypto_ecdh_get_pubkey;owe_process_assoc_resp"),
510 (1, "wpabuf_alloc;=owe_process_assoc_resp")]
511 for count, func in tests:
512 with alloc_fail(dev[0], count, func):
513 dev[0].connect("owe", key_mgmt="OWE", owe_group="20",
514 ieee80211w="2",
515 scan_freq="2412", wait_connect=False)
516 dev[0].wait_disconnected()
517 dev[0].request("REMOVE_NETWORK all")
518 dev[0].dump_monitor()
519
520 tests = [(1, "hmac_sha256;owe_process_assoc_resp", 19),
521 (1, "hmac_sha256_kdf;owe_process_assoc_resp", 19),
522 (1, "hmac_sha384;owe_process_assoc_resp", 20),
523 (1, "hmac_sha384_kdf;owe_process_assoc_resp", 20),
524 (1, "hmac_sha512;owe_process_assoc_resp", 21),
525 (1, "hmac_sha512_kdf;owe_process_assoc_resp", 21)]
526 for count, func, group in tests:
527 with fail_test(dev[0], count, func):
528 dev[0].connect("owe", key_mgmt="OWE", owe_group=str(group),
529 ieee80211w="2",
530 scan_freq="2412", wait_connect=False)
531 dev[0].wait_disconnected()
532 dev[0].request("REMOVE_NETWORK all")
533 dev[0].dump_monitor()
534
535 dev[0].connect("owe", key_mgmt="OWE", owe_group="18",
536 ieee80211w="2",
537 scan_freq="2412", wait_connect=False)
538 ev = dev[0].wait_event(["SME: Trying to authenticate"], timeout=5)
539 if ev is None:
540 raise Exception("No authentication attempt")
541 time.sleep(0.5)
542 dev[0].request("REMOVE_NETWORK all")
543 dev[0].dump_monitor()
544
545 def hapd_auth(hapd):
546 for i in range(0, 10):
547 req = hapd.mgmt_rx()
548 if req is None:
549 raise Exception("MGMT RX wait timed out")
550 if req['subtype'] == 11:
551 break
552 req = None
553 if not req:
554 raise Exception("Authentication frame not received")
555
556 resp = {}
557 resp['fc'] = req['fc']
558 resp['da'] = req['sa']
559 resp['sa'] = req['da']
560 resp['bssid'] = req['bssid']
561 resp['payload'] = struct.pack('<HHH', 0, 2, 0)
562 hapd.mgmt_tx(resp)
563
564 def hapd_assoc(hapd, extra):
565 for i in range(0, 10):
566 req = hapd.mgmt_rx()
567 if req is None:
568 raise Exception("MGMT RX wait timed out")
569 if req['subtype'] == 0:
570 break
571 req = None
572 if not req:
573 raise Exception("Association Request frame not received")
574
575 resp = {}
576 resp['fc'] = 0x0010
577 resp['da'] = req['sa']
578 resp['sa'] = req['da']
579 resp['bssid'] = req['bssid']
580 payload = struct.pack('<HHH', 0x0411, 0, 0xc001)
581 payload += binascii.unhexlify("010882848b960c121824")
582 resp['payload'] = payload + extra
583 hapd.mgmt_tx(resp)
584
585 def test_owe_invalid_assoc_resp(dev, apdev):
586 """Opportunistic Wireless Encryption - invalid Association Response frame"""
587 if "OWE" not in dev[0].get_capability("key_mgmt"):
588 raise HwsimSkip("OWE not supported")
589 params = {"ssid": "owe",
590 "wpa": "2",
591 "ieee80211w": "2",
592 "wpa_key_mgmt": "OWE",
593 "rsn_pairwise": "CCMP"}
594 hapd = hostapd.add_ap(apdev[0], params)
595 bssid = hapd.own_addr()
596
597 dev[0].scan_for_bss(bssid, freq="2412")
598
599 hapd.set("ext_mgmt_frame_handling", "1")
600 # OWE: No Diffie-Hellman Parameter element found in Association Response frame
601 tests = [b'']
602 # No room for group --> no DH Params
603 tests += [binascii.unhexlify('ff0120')]
604 # OWE: Unexpected Diffie-Hellman group in response: 18
605 tests += [binascii.unhexlify('ff03201200')]
606 # OWE: Invalid peer DH public key
607 tests += [binascii.unhexlify('ff23201300' + 31*'00' + '01')]
608 # OWE: Invalid peer DH public key
609 tests += [binascii.unhexlify('ff24201300' + 33*'ee')]
610 for extra in tests:
611 dev[0].connect("owe", key_mgmt="OWE", owe_group="19", ieee80211w="2",
612 scan_freq="2412", wait_connect=False)
613 hapd_auth(hapd)
614 hapd_assoc(hapd, extra)
615 dev[0].wait_disconnected()
616 dev[0].request("REMOVE_NETWORK all")
617 dev[0].dump_monitor()
618
619 # OWE: Empty public key (this ends up getting padded to a valid point)
620 dev[0].connect("owe", key_mgmt="OWE", owe_group="19", ieee80211w="2",
621 scan_freq="2412", wait_connect=False)
622 hapd_auth(hapd)
623 hapd_assoc(hapd, binascii.unhexlify('ff03201300'))
624 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED", "PMKSA-CACHE-ADDED"],
625 timeout=5)
626 if ev is None:
627 raise Exception("No result reported for empty public key")
628 dev[0].request("REMOVE_NETWORK all")
629 dev[0].dump_monitor()
Unnamed repository; edit this file 'description' to name the repository.