]>
git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_pmksa_cache.py
1 # WPA2-Enterprise PMKSA caching tests
2 # Copyright (c) 2013-2014, Jouni Malinen <j@w1.fi>
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
9 logger
= logging
.getLogger()
17 from wpasupplicant
import WpaSupplicant
18 from utils
import alloc_fail
, HwsimSkip
, wait_fail_trigger
19 from test_ap_eap
import eap_connect
21 def test_pmksa_cache_on_roam_back(dev
, apdev
):
22 """PMKSA cache to skip EAP on reassociation back to same AP"""
23 params
= hostapd
.wpa2_eap_params(ssid
="test-pmksa-cache")
24 hostapd
.add_ap(apdev
[0], params
)
25 bssid
= apdev
[0]['bssid']
26 dev
[0].connect("test-pmksa-cache", proto
="RSN", key_mgmt
="WPA-EAP",
27 eap
="GPSK", identity
="gpsk user",
28 password
="abcdefghijklmnop0123456789abcdef",
30 pmksa
= dev
[0].get_pmksa(bssid
)
32 raise Exception("No PMKSA cache entry created")
33 if pmksa
['opportunistic'] != '0':
34 raise Exception("Unexpected opportunistic PMKSA cache entry")
36 hostapd
.add_ap(apdev
[1], params
)
37 bssid2
= apdev
[1]['bssid']
40 logger
.info("Roam to AP2")
41 # It can take some time for the second AP to become ready to reply to Probe
42 # Request frames especially under heavy CPU load, so allow couple of rounds
43 # of scanning to avoid reporting errors incorrectly just because of scans
44 # not having seen the target AP.
45 for i
in range(0, 10):
46 dev
[0].scan(freq
="2412")
47 if dev
[0].get_bss(bssid2
) is not None:
49 logger
.info("Scan again to find target AP")
50 dev
[0].request("ROAM " + bssid2
)
51 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout
=10)
53 raise Exception("EAP success timed out")
54 dev
[0].wait_connected(timeout
=10, error
="Roaming timed out")
55 pmksa2
= dev
[0].get_pmksa(bssid2
)
57 raise Exception("No PMKSA cache entry found")
58 if pmksa2
['opportunistic'] != '0':
59 raise Exception("Unexpected opportunistic PMKSA cache entry")
62 logger
.info("Roam back to AP1")
63 dev
[0].scan(freq
="2412")
64 dev
[0].request("ROAM " + bssid
)
65 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED",
66 "CTRL-EVENT-CONNECTED"], timeout
=10)
68 raise Exception("Roaming with the AP timed out")
69 if "CTRL-EVENT-EAP-STARTED" in ev
:
70 raise Exception("Unexpected EAP exchange")
71 pmksa1b
= dev
[0].get_pmksa(bssid
)
73 raise Exception("No PMKSA cache entry found")
74 if pmksa
['pmkid'] != pmksa1b
['pmkid']:
75 raise Exception("Unexpected PMKID change for AP1")
78 if "FAIL" in dev
[0].request("PMKSA_FLUSH"):
79 raise Exception("PMKSA_FLUSH failed")
80 if dev
[0].get_pmksa(bssid
) is not None or dev
[0].get_pmksa(bssid2
) is not None:
81 raise Exception("PMKSA_FLUSH did not remove PMKSA entries")
82 dev
[0].wait_disconnected(timeout
=5)
83 dev
[0].wait_connected(timeout
=15, error
="Reconnection timed out")
85 def test_pmksa_cache_and_reauth(dev
, apdev
):
86 """PMKSA caching and EAPOL reauthentication"""
87 params
= hostapd
.wpa2_eap_params(ssid
="test-pmksa-cache")
88 hapd
= hostapd
.add_ap(apdev
[0], params
)
89 bssid
= apdev
[0]['bssid']
90 dev
[0].connect("test-pmksa-cache", proto
="RSN", key_mgmt
="WPA-EAP",
91 eap
="GPSK", identity
="gpsk user",
92 password
="abcdefghijklmnop0123456789abcdef",
95 hostapd
.add_ap(apdev
[1], params
)
96 bssid2
= apdev
[1]['bssid']
99 logger
.info("Roam to AP2")
100 # It can take some time for the second AP to become ready to reply to Probe
101 # Request frames especially under heavy CPU load, so allow couple of rounds
102 # of scanning to avoid reporting errors incorrectly just because of scans
103 # not having seen the target AP.
104 for i
in range(0, 10):
105 dev
[0].scan(freq
="2412")
106 if dev
[0].get_bss(bssid2
) is not None:
108 logger
.info("Scan again to find target AP")
109 dev
[0].request("ROAM " + bssid2
)
110 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout
=10)
112 raise Exception("EAP success timed out")
113 dev
[0].wait_connected(timeout
=10, error
="Roaming timed out")
115 dev
[0].dump_monitor()
116 logger
.info("Roam back to AP1")
117 dev
[0].scan(freq
="2412")
118 dev
[0].request("ROAM " + bssid
)
119 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED",
120 "CTRL-EVENT-CONNECTED"], timeout
=10)
122 raise Exception("Roaming with the AP timed out")
123 if "CTRL-EVENT-EAP-STARTED" in ev
:
124 raise Exception("Unexpected EAP exchange")
126 # Verify EAPOL reauthentication after PMKSA caching
127 hapd
.request("EAPOL_REAUTH " + dev
[0].own_addr())
128 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout
=5)
130 raise Exception("EAP authentication did not start")
131 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout
=5)
133 raise Exception("EAP authentication did not succeed")
135 def test_pmksa_cache_opportunistic_only_on_sta(dev
, apdev
):
136 """Opportunistic PMKSA caching enabled only on station"""
137 params
= hostapd
.wpa2_eap_params(ssid
="test-pmksa-cache")
138 hostapd
.add_ap(apdev
[0], params
)
139 bssid
= apdev
[0]['bssid']
140 dev
[0].connect("test-pmksa-cache", proto
="RSN", key_mgmt
="WPA-EAP",
141 eap
="GPSK", identity
="gpsk user",
142 password
="abcdefghijklmnop0123456789abcdef", okc
=True,
144 pmksa
= dev
[0].get_pmksa(bssid
)
146 raise Exception("No PMKSA cache entry created")
147 if pmksa
['opportunistic'] != '0':
148 raise Exception("Unexpected opportunistic PMKSA cache entry")
150 hostapd
.add_ap(apdev
[1], params
)
151 bssid2
= apdev
[1]['bssid']
153 dev
[0].dump_monitor()
154 logger
.info("Roam to AP2")
155 dev
[0].scan(freq
="2412")
156 dev
[0].request("ROAM " + bssid2
)
157 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout
=10)
159 raise Exception("EAP success timed out")
160 dev
[0].wait_connected(timeout
=10, error
="Roaming timed out")
161 pmksa2
= dev
[0].get_pmksa(bssid2
)
163 raise Exception("No PMKSA cache entry found")
164 if pmksa2
['opportunistic'] != '0':
165 raise Exception("Unexpected opportunistic PMKSA cache entry")
167 dev
[0].dump_monitor()
168 logger
.info("Roam back to AP1")
169 dev
[0].scan(freq
="2412")
170 dev
[0].request("ROAM " + bssid
)
171 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED",
172 "CTRL-EVENT-CONNECTED"], timeout
=10)
174 raise Exception("Roaming with the AP timed out")
175 if "CTRL-EVENT-EAP-STARTED" in ev
:
176 raise Exception("Unexpected EAP exchange")
177 pmksa1b
= dev
[0].get_pmksa(bssid
)
179 raise Exception("No PMKSA cache entry found")
180 if pmksa
['pmkid'] != pmksa1b
['pmkid']:
181 raise Exception("Unexpected PMKID change for AP1")
183 def test_pmksa_cache_opportunistic(dev
, apdev
):
184 """Opportunistic PMKSA caching"""
185 params
= hostapd
.wpa2_eap_params(ssid
="test-pmksa-cache")
187 hostapd
.add_ap(apdev
[0], params
)
188 bssid
= apdev
[0]['bssid']
189 dev
[0].connect("test-pmksa-cache", proto
="RSN", key_mgmt
="WPA-EAP",
190 eap
="GPSK", identity
="gpsk user",
191 password
="abcdefghijklmnop0123456789abcdef", okc
=True,
193 pmksa
= dev
[0].get_pmksa(bssid
)
195 raise Exception("No PMKSA cache entry created")
196 if pmksa
['opportunistic'] != '0':
197 raise Exception("Unexpected opportunistic PMKSA cache entry")
199 hostapd
.add_ap(apdev
[1], params
)
200 bssid2
= apdev
[1]['bssid']
202 dev
[0].dump_monitor()
203 logger
.info("Roam to AP2")
204 dev
[0].scan(freq
="2412")
205 dev
[0].request("ROAM " + bssid2
)
206 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED",
207 "CTRL-EVENT-CONNECTED"], timeout
=10)
209 raise Exception("Roaming with the AP timed out")
210 if "CTRL-EVENT-EAP-STARTED" in ev
:
211 raise Exception("Unexpected EAP exchange")
212 pmksa2
= dev
[0].get_pmksa(bssid2
)
214 raise Exception("No PMKSA cache entry created")
216 dev
[0].dump_monitor()
217 logger
.info("Roam back to AP1")
218 dev
[0].scan(freq
="2412")
219 dev
[0].request("ROAM " + bssid
)
220 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED",
221 "CTRL-EVENT-CONNECTED"], timeout
=10)
223 raise Exception("Roaming with the AP timed out")
224 if "CTRL-EVENT-EAP-STARTED" in ev
:
225 raise Exception("Unexpected EAP exchange")
227 pmksa1b
= dev
[0].get_pmksa(bssid
)
229 raise Exception("No PMKSA cache entry found")
230 if pmksa
['pmkid'] != pmksa1b
['pmkid']:
231 raise Exception("Unexpected PMKID change for AP1")
233 def test_pmksa_cache_opportunistic_connect(dev
, apdev
):
234 """Opportunistic PMKSA caching with connect API"""
235 params
= hostapd
.wpa2_eap_params(ssid
="test-pmksa-cache")
237 hostapd
.add_ap(apdev
[0], params
)
238 bssid
= apdev
[0]['bssid']
239 wpas
= WpaSupplicant(global_iface
='/tmp/wpas-wlan5')
240 wpas
.interface_add("wlan5", drv_params
="force_connect_cmd=1")
241 wpas
.connect("test-pmksa-cache", proto
="RSN", key_mgmt
="WPA-EAP",
242 eap
="GPSK", identity
="gpsk user",
243 password
="abcdefghijklmnop0123456789abcdef", okc
=True,
245 pmksa
= wpas
.get_pmksa(bssid
)
247 raise Exception("No PMKSA cache entry created")
248 if pmksa
['opportunistic'] != '0':
249 raise Exception("Unexpected opportunistic PMKSA cache entry")
251 hostapd
.add_ap(apdev
[1], params
)
252 bssid2
= apdev
[1]['bssid']
255 logger
.info("Roam to AP2")
256 wpas
.scan_for_bss(bssid2
, freq
="2412", force_scan
=True)
257 wpas
.request("ROAM " + bssid2
)
258 ev
= wpas
.wait_event(["CTRL-EVENT-EAP-STARTED",
259 "CTRL-EVENT-CONNECTED"], timeout
=10)
261 raise Exception("Roaming with the AP timed out")
262 if "CTRL-EVENT-EAP-STARTED" in ev
:
263 raise Exception("Unexpected EAP exchange")
264 pmksa2
= wpas
.get_pmksa(bssid2
)
266 raise Exception("No PMKSA cache entry created")
269 logger
.info("Roam back to AP1")
270 wpas
.scan(freq
="2412")
271 wpas
.request("ROAM " + bssid
)
272 ev
= wpas
.wait_event(["CTRL-EVENT-EAP-STARTED",
273 "CTRL-EVENT-CONNECTED"], timeout
=10)
275 raise Exception("Roaming with the AP timed out")
276 if "CTRL-EVENT-EAP-STARTED" in ev
:
277 raise Exception("Unexpected EAP exchange")
279 pmksa1b
= wpas
.get_pmksa(bssid
)
281 raise Exception("No PMKSA cache entry found")
282 if pmksa
['pmkid'] != pmksa1b
['pmkid']:
283 raise Exception("Unexpected PMKID change for AP1")
285 def test_pmksa_cache_expiration(dev
, apdev
):
286 """PMKSA cache entry expiration"""
287 params
= hostapd
.wpa2_eap_params(ssid
="test-pmksa-cache")
288 hapd
= hostapd
.add_ap(apdev
[0], params
)
289 bssid
= apdev
[0]['bssid']
290 dev
[0].request("SET dot11RSNAConfigPMKLifetime 10")
291 dev
[0].connect("test-pmksa-cache", proto
="RSN", key_mgmt
="WPA-EAP",
292 eap
="GPSK", identity
="gpsk user",
293 password
="abcdefghijklmnop0123456789abcdef",
295 pmksa
= dev
[0].get_pmksa(bssid
)
297 raise Exception("No PMKSA cache entry created")
298 logger
.info("Wait for PMKSA cache entry to expire")
299 ev
= dev
[0].wait_event(["WPA: Key negotiation completed",
300 "CTRL-EVENT-DISCONNECTED"], timeout
=15)
302 raise Exception("No EAP reauthentication seen")
303 if "CTRL-EVENT-DISCONNECTED" in ev
:
304 raise Exception("Unexpected disconnection")
305 pmksa2
= dev
[0].get_pmksa(bssid
)
306 if pmksa
['pmkid'] == pmksa2
['pmkid']:
307 raise Exception("PMKID did not change")
308 hwsim_utils
.test_connectivity(dev
[0], hapd
)
310 def test_pmksa_cache_expiration_disconnect(dev
, apdev
):
311 """PMKSA cache entry expiration (disconnect)"""
312 params
= hostapd
.wpa2_eap_params(ssid
="test-pmksa-cache")
313 hapd
= hostapd
.add_ap(apdev
[0], params
)
314 bssid
= apdev
[0]['bssid']
315 dev
[0].request("SET dot11RSNAConfigPMKLifetime 2")
316 dev
[0].request("SET dot11RSNAConfigPMKReauthThreshold 100")
317 dev
[0].connect("test-pmksa-cache", proto
="RSN", key_mgmt
="WPA-EAP",
318 eap
="GPSK", identity
="gpsk user",
319 password
="abcdefghijklmnop0123456789abcdef",
321 pmksa
= dev
[0].get_pmksa(bssid
)
323 raise Exception("No PMKSA cache entry created")
324 hapd
.request("SET auth_server_shared_secret incorrect")
325 logger
.info("Wait for PMKSA cache entry to expire")
326 ev
= dev
[0].wait_event(["WPA: Key negotiation completed",
327 "CTRL-EVENT-DISCONNECTED"], timeout
=15)
329 raise Exception("No EAP reauthentication seen")
330 if "CTRL-EVENT-DISCONNECTED" not in ev
:
331 raise Exception("Missing disconnection")
332 hapd
.request("SET auth_server_shared_secret radius")
333 ev
= dev
[0].wait_event(["WPA: Key negotiation completed"], timeout
=15)
335 raise Exception("No EAP reauthentication seen")
336 pmksa2
= dev
[0].get_pmksa(bssid
)
337 if pmksa
['pmkid'] == pmksa2
['pmkid']:
338 raise Exception("PMKID did not change")
340 def test_pmksa_cache_and_cui(dev
, apdev
):
341 """PMKSA cache and Chargeable-User-Identity"""
342 params
= hostapd
.wpa2_eap_params(ssid
="cui")
343 params
['radius_request_cui'] = '1'
344 params
['acct_server_addr'] = "127.0.0.1"
345 params
['acct_server_port'] = "1813"
346 params
['acct_server_shared_secret'] = "radius"
347 hapd
= hostapd
.add_ap(apdev
[0], params
)
348 bssid
= apdev
[0]['bssid']
349 dev
[0].connect("cui", proto
="RSN", key_mgmt
="WPA-EAP",
350 eap
="GPSK", identity
="gpsk-cui",
351 password
="abcdefghijklmnop0123456789abcdef",
353 pmksa
= dev
[0].get_pmksa(bssid
)
355 raise Exception("No PMKSA cache entry created")
356 ev
= hapd
.wait_event(["AP-STA-CONNECTED"], timeout
=5)
358 raise Exception("No connection event received from hostapd")
360 dev
[0].dump_monitor()
361 logger
.info("Disconnect and reconnect to the same AP")
362 dev
[0].request("DISCONNECT")
363 dev
[0].wait_disconnected()
364 dev
[0].request("RECONNECT")
365 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED",
366 "CTRL-EVENT-CONNECTED"], timeout
=10)
368 raise Exception("Reconnect timed out")
369 if "CTRL-EVENT-EAP-STARTED" in ev
:
370 raise Exception("Unexpected EAP exchange")
371 pmksa1b
= dev
[0].get_pmksa(bssid
)
373 raise Exception("No PMKSA cache entry found")
374 if pmksa
['pmkid'] != pmksa1b
['pmkid']:
375 raise Exception("Unexpected PMKID change for AP1")
377 dev
[0].request("REAUTHENTICATE")
378 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout
=10)
380 raise Exception("EAP success timed out")
381 for i
in range(0, 20):
382 state
= dev
[0].get_status_field("wpa_state")
383 if state
== "COMPLETED":
386 if state
!= "COMPLETED":
387 raise Exception("Reauthentication did not complete")
389 def test_pmksa_cache_preauth_auto(dev
, apdev
):
390 """RSN pre-authentication based on pre-connection scan results"""
392 run_pmksa_cache_preauth_auto(dev
, apdev
)
394 hostapd
.cmd_execute(apdev
[0], ['ip', 'link', 'set', 'dev',
395 'ap-br0', 'down', '2>', '/dev/null'],
397 hostapd
.cmd_execute(apdev
[0], ['brctl', 'delbr', 'ap-br0',
398 '2>', '/dev/null'], shell
=True)
400 def run_pmksa_cache_preauth_auto(dev
, apdev
):
401 params
= hostapd
.wpa2_eap_params(ssid
="test-wpa2-eap")
402 params
['bridge'] = 'ap-br0'
403 params
['rsn_preauth'] = '1'
404 params
['rsn_preauth_interfaces'] = 'ap-br0'
406 hapd
= hostapd
.add_ap(apdev
[0], params
)
407 hapd
.cmd_execute(['brctl', 'setfd', 'ap-br0', '0'])
408 hapd
.cmd_execute(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
409 hapd2
= hostapd
.add_ap(apdev
[1], params
)
411 eap_connect(dev
[0], hapd
, "PAX", "pax.user@example.com",
412 password_hex
="0123456789abcdef0123456789abcdef")
417 res1
= dev
[0].get_pmksa(apdev
[0]['bssid'])
418 res2
= dev
[0].get_pmksa(apdev
[1]['bssid'])
423 raise Exception("The expected PMKSA cache entries not found")
425 def generic_pmksa_cache_preauth(dev
, apdev
, extraparams
, identity
, databridge
,
426 force_disconnect
=False):
428 extraparams
= [{}, {}]
430 params
= hostapd
.wpa2_eap_params(ssid
="test-wpa2-eap")
431 params
['bridge'] = 'ap-br0'
432 for key
, value
in extraparams
[0].items():
435 hapd
= hostapd
.add_ap(apdev
[0], params
)
436 hapd
.cmd_execute(['brctl', 'setfd', 'ap-br0', '0'])
437 hapd
.cmd_execute(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
438 eap_connect(dev
[0], hapd
, "PAX", identity
,
439 password_hex
="0123456789abcdef0123456789abcdef")
441 # Verify connectivity in the correct VLAN
442 hwsim_utils
.test_connectivity_iface(dev
[0], hapd
, databridge
)
444 params
= hostapd
.wpa2_eap_params(ssid
="test-wpa2-eap")
445 params
['bridge'] = 'ap-br0'
446 params
['rsn_preauth'] = '1'
447 params
['rsn_preauth_interfaces'] = databridge
448 for key
, value
in extraparams
[1].items():
450 hostapd
.add_ap(apdev
[1], params
)
451 bssid1
= apdev
[1]['bssid']
452 dev
[0].scan(freq
="2412")
455 for i
in range(0, 50):
457 status
= dev
[0].request("STATUS")
458 if "Pre-authentication EAPOL state machines:" in status
:
461 pmksa
= dev
[0].get_pmksa(bssid1
)
466 raise Exception("No PMKSA cache entry created from pre-authentication")
468 raise Exception("Pre-authentication EAPOL status was not available")
470 dev
[0].scan(freq
="2412")
471 if "[WPA2-EAP-CCMP-preauth]" not in dev
[0].request("SCAN_RESULTS"):
472 raise Exception("Scan results missing RSN element info")
473 dev
[0].request("ROAM " + bssid1
)
474 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED",
475 "CTRL-EVENT-CONNECTED"], timeout
=10)
477 raise Exception("Roaming with the AP timed out")
478 if "CTRL-EVENT-EAP-STARTED" in ev
:
479 raise Exception("Unexpected EAP exchange")
480 pmksa2
= dev
[0].get_pmksa(bssid1
)
482 raise Exception("No PMKSA cache entry")
483 if pmksa
['pmkid'] != pmksa2
['pmkid']:
484 raise Exception("Unexpected PMKID change")
486 # Verify connectivity in the correct VLAN
487 hwsim_utils
.test_connectivity_iface(dev
[0], hapd
, databridge
)
489 if not force_disconnect
:
492 # Disconnect the STA from both APs to avoid forceful ifdown by the
493 # test script on a VLAN that this has an associated STA. That used to
494 # trigger a mac80211 warning.
495 dev
[0].request("DISCONNECT")
496 hapd
.request("DISABLE")
499 hostapd
.cmd_execute(apdev
[0], ['ip', 'link', 'set', 'dev',
500 'ap-br0', 'down', '2>', '/dev/null'],
502 hostapd
.cmd_execute(apdev
[0], ['brctl', 'delbr', 'ap-br0',
503 '2>', '/dev/null'], shell
=True)
505 def test_pmksa_cache_preauth(dev
, apdev
):
506 """RSN pre-authentication to generate PMKSA cache entry"""
507 generic_pmksa_cache_preauth(dev
, apdev
, None,
508 "pax.user@example.com", "ap-br0")
510 def test_pmksa_cache_preauth_per_sta_vif(dev
, apdev
):
511 """RSN pre-authentication to generate PMKSA cache entry with per_sta_vif"""
512 extraparams
= [{}, {}]
513 extraparams
[0]['per_sta_vif'] = "1"
514 extraparams
[1]['per_sta_vif'] = "1"
515 generic_pmksa_cache_preauth(dev
, apdev
, extraparams
,
516 "pax.user@example.com", "ap-br0")
518 def test_pmksa_cache_preauth_vlan_enabled(dev
, apdev
):
519 """RSN pre-authentication to generate PMKSA cache entry (dynamic_vlan optional but station without VLAN set)"""
520 extraparams
= [{}, {}]
521 extraparams
[0]['dynamic_vlan'] = '1'
522 extraparams
[1]['dynamic_vlan'] = '1'
523 generic_pmksa_cache_preauth(dev
, apdev
, extraparams
,
524 "pax.user@example.com", "ap-br0")
526 def test_pmksa_cache_preauth_vlan_enabled_per_sta_vif(dev
, apdev
):
527 """RSN pre-authentication to generate PMKSA cache entry (dynamic_vlan optional but station without VLAN set, with per_sta_vif enabled)"""
528 extraparams
= [{}, {}]
529 extraparams
[0]['per_sta_vif'] = "1"
530 extraparams
[1]['per_sta_vif'] = "1"
531 extraparams
[0]['dynamic_vlan'] = '1'
532 extraparams
[1]['dynamic_vlan'] = '1'
533 generic_pmksa_cache_preauth(dev
, apdev
, extraparams
,
534 "pax.user@example.com", "ap-br0")
536 def test_pmksa_cache_preauth_vlan_used(dev
, apdev
):
537 """RSN pre-authentication to generate PMKSA cache entry (station with VLAN set)"""
538 run_pmksa_cache_preauth_vlan_used(dev
, apdev
, None, force_disconnect
=True)
540 def run_pmksa_cache_preauth_vlan_used(dev
, apdev
, extraparams
=None,
541 force_disconnect
=False):
543 subprocess
.call(['brctl', 'addbr', 'brvlan1'])
544 subprocess
.call(['brctl', 'setfd', 'brvlan1', '0'])
546 extraparams
= [{}, {}]
547 extraparams
[0]['dynamic_vlan'] = '1'
548 extraparams
[0]['vlan_file'] = 'hostapd.wlan3.vlan'
549 extraparams
[1]['dynamic_vlan'] = '1'
550 extraparams
[1]['vlan_file'] = 'hostapd.wlan4.vlan'
551 generic_pmksa_cache_preauth(dev
, apdev
, extraparams
,
553 force_disconnect
=force_disconnect
)
555 subprocess
.call(['ip', 'link', 'set', 'dev', 'brvlan1', 'down'])
556 subprocess
.call(['ip', 'link', 'set', 'dev', 'wlan3.1', 'down'],
557 stderr
=open('/dev/null', 'w'))
558 subprocess
.call(['ip', 'link', 'set', 'dev', 'wlan4.1', 'down'],
559 stderr
=open('/dev/null', 'w'))
560 subprocess
.call(['brctl', 'delif', 'brvlan1', 'wlan3.1'],
561 stderr
=open('/dev/null', 'w'))
562 subprocess
.call(['brctl', 'delif', 'brvlan1', 'wlan4.1'],
563 stderr
=open('/dev/null', 'w'))
564 subprocess
.call(['brctl', 'delbr', 'brvlan1'])
566 def test_pmksa_cache_preauth_vlan_used_per_sta_vif(dev
, apdev
):
567 """RSN pre-authentication to generate PMKSA cache entry (station with VLAN set, per_sta_vif=1)"""
568 extraparams
= [{}, {}]
569 extraparams
[0]['per_sta_vif'] = "1"
570 extraparams
[1]['per_sta_vif'] = "1"
571 run_pmksa_cache_preauth_vlan_used(dev
, apdev
, extraparams
)
573 def test_pmksa_cache_disabled(dev
, apdev
):
574 """PMKSA cache disabling on AP"""
575 params
= hostapd
.wpa2_eap_params(ssid
="test-pmksa-cache")
576 params
['disable_pmksa_caching'] = '1'
577 hostapd
.add_ap(apdev
[0], params
)
578 bssid
= apdev
[0]['bssid']
579 dev
[0].connect("test-pmksa-cache", proto
="RSN", key_mgmt
="WPA-EAP",
580 eap
="GPSK", identity
="gpsk user",
581 password
="abcdefghijklmnop0123456789abcdef",
584 hostapd
.add_ap(apdev
[1], params
)
585 bssid2
= apdev
[1]['bssid']
587 dev
[0].dump_monitor()
588 logger
.info("Roam to AP2")
589 dev
[0].scan_for_bss(bssid2
, freq
="2412")
590 dev
[0].request("ROAM " + bssid2
)
591 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout
=10)
593 raise Exception("EAP success timed out")
594 dev
[0].wait_connected(timeout
=10, error
="Roaming timed out")
596 dev
[0].dump_monitor()
597 logger
.info("Roam back to AP1")
598 dev
[0].scan(freq
="2412")
599 dev
[0].request("ROAM " + bssid
)
600 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED",
601 "CTRL-EVENT-CONNECTED"], timeout
=20)
603 raise Exception("Roaming with the AP timed out")
604 if "CTRL-EVENT-CONNECTED" in ev
:
605 raise Exception("EAP exchange missing")
606 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=20)
608 raise Exception("Roaming with the AP timed out")
610 def test_pmksa_cache_ap_expiration(dev
, apdev
):
611 """PMKSA cache entry expiring on AP"""
612 params
= hostapd
.wpa2_eap_params(ssid
="test-pmksa-cache")
613 hapd
= hostapd
.add_ap(apdev
[0], params
)
614 bssid
= apdev
[0]['bssid']
615 dev
[0].connect("test-pmksa-cache", proto
="RSN", key_mgmt
="WPA-EAP",
616 eap
="GPSK", identity
="gpsk-user-session-timeout",
617 password
="abcdefghijklmnop0123456789abcdef",
619 ev
= hapd
.wait_event(["AP-STA-CONNECTED"], timeout
=5)
621 raise Exception("No connection event received from hostapd")
622 dev
[0].request("DISCONNECT")
624 dev
[0].dump_monitor()
625 dev
[0].request("RECONNECT")
626 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED",
627 "CTRL-EVENT-CONNECTED"], timeout
=20)
629 raise Exception("Roaming with the AP timed out")
630 if "CTRL-EVENT-CONNECTED" in ev
:
631 raise Exception("EAP exchange missing")
632 dev
[0].wait_connected(timeout
=20, error
="Reconnect timed out")
633 dev
[0].dump_monitor()
634 dev
[0].wait_disconnected(timeout
=20)
635 dev
[0].wait_connected(timeout
=20, error
="Reassociation timed out")
637 def test_pmksa_cache_multiple_sta(dev
, apdev
):
638 """PMKSA cache with multiple stations"""
639 params
= hostapd
.wpa2_eap_params(ssid
="test-pmksa-cache")
640 hostapd
.add_ap(apdev
[0], params
)
641 bssid
= apdev
[0]['bssid']
644 dev
[0].connect("test-pmksa-cache", proto
="RSN", key_mgmt
="WPA-EAP",
645 eap
="GPSK", identity
="gpsk-user-session-timeout",
646 password
="abcdefghijklmnop0123456789abcdef",
648 dev
[1].connect("test-pmksa-cache", proto
="RSN", key_mgmt
="WPA-EAP",
649 eap
="GPSK", identity
="gpsk user",
650 password
="abcdefghijklmnop0123456789abcdef",
652 dev
[2].connect("test-pmksa-cache", proto
="RSN", key_mgmt
="WPA-EAP",
653 eap
="GPSK", identity
="gpsk-user-session-timeout",
654 password
="abcdefghijklmnop0123456789abcdef",
657 wpas
= WpaSupplicant(global_iface
='/tmp/wpas-wlan5')
658 wpas
.interface_add("wlan5")
659 wpas
.flush_scan_cache()
660 wpas
.connect("test-pmksa-cache", proto
="RSN", key_mgmt
="WPA-EAP",
661 eap
="GPSK", identity
="gpsk user",
662 password
="abcdefghijklmnop0123456789abcdef",
665 hostapd
.add_ap(apdev
[1], params
)
666 bssid2
= apdev
[1]['bssid']
668 logger
.info("Roam to AP2")
669 for sta
in [dev
[1], dev
[0], dev
[2], wpas
]:
671 sta
.scan_for_bss(bssid2
, freq
="2412")
672 if "OK" not in sta
.request("ROAM " + bssid2
):
673 raise Exception("ROAM command failed (" + sta
.ifname
+ ")")
674 ev
= sta
.wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout
=10)
676 raise Exception("EAP success timed out")
677 sta
.wait_connected(timeout
=10, error
="Roaming timed out")
680 logger
.info("Roam back to AP1")
681 for sta
in [dev
[1], wpas
, dev
[0], dev
[2]]:
683 sta
.scan(freq
="2412")
685 sta
.request("ROAM " + bssid
)
686 sta
.wait_connected(timeout
=10, error
="Roaming timed out")
691 logger
.info("Roam back to AP2")
692 for sta
in [dev
[1], wpas
, dev
[0], dev
[2]]:
694 sta
.scan(freq
="2412")
696 sta
.request("ROAM " + bssid2
)
697 sta
.wait_connected(timeout
=10, error
="Roaming timed out")
700 def test_pmksa_cache_opportunistic_multiple_sta(dev
, apdev
):
701 """Opportunistic PMKSA caching with multiple stations"""
702 params
= hostapd
.wpa2_eap_params(ssid
="test-pmksa-cache")
704 hostapd
.add_ap(apdev
[0], params
)
705 bssid
= apdev
[0]['bssid']
708 wpas
= WpaSupplicant(global_iface
='/tmp/wpas-wlan5')
709 wpas
.interface_add("wlan5")
710 wpas
.flush_scan_cache()
711 for sta
in [dev
[0], dev
[1], dev
[2], wpas
]:
712 sta
.connect("test-pmksa-cache", proto
="RSN", key_mgmt
="WPA-EAP",
713 eap
="GPSK", identity
="gpsk user",
714 password
="abcdefghijklmnop0123456789abcdef", okc
=True,
717 hostapd
.add_ap(apdev
[1], params
)
718 bssid2
= apdev
[1]['bssid']
720 logger
.info("Roam to AP2")
721 for sta
in [dev
[2], dev
[0], wpas
, dev
[1]]:
723 sta
.scan_for_bss(bssid2
, freq
="2412")
724 if "OK" not in sta
.request("ROAM " + bssid2
):
725 raise Exception("ROAM command failed")
726 ev
= sta
.wait_event(["CTRL-EVENT-EAP-STARTED",
727 "CTRL-EVENT-CONNECTED"], timeout
=10)
729 raise Exception("Roaming with the AP timed out")
730 if "CTRL-EVENT-EAP-STARTED" in ev
:
731 raise Exception("Unexpected EAP exchange")
732 pmksa2
= sta
.get_pmksa(bssid2
)
734 raise Exception("No PMKSA cache entry created")
737 logger
.info("Roam back to AP1")
738 for sta
in [dev
[0], dev
[1], dev
[2], wpas
]:
740 sta
.scan_for_bss(bssid
, freq
="2412")
741 sta
.request("ROAM " + bssid
)
742 ev
= sta
.wait_event(["CTRL-EVENT-EAP-STARTED",
743 "CTRL-EVENT-CONNECTED"], timeout
=10)
745 raise Exception("Roaming with the AP timed out")
746 if "CTRL-EVENT-EAP-STARTED" in ev
:
747 raise Exception("Unexpected EAP exchange")
749 def test_pmksa_cache_preauth_oom(dev
, apdev
):
750 """RSN pre-authentication to generate PMKSA cache entry and OOM"""
752 _test_pmksa_cache_preauth_oom(dev
, apdev
)
754 hostapd
.cmd_execute(apdev
[0], ['ip', 'link', 'set', 'dev', 'ap-br0',
756 hostapd
.cmd_execute(apdev
[0], ['brctl', 'delbr', 'ap-br0'])
758 def _test_pmksa_cache_preauth_oom(dev
, apdev
):
759 params
= hostapd
.wpa2_eap_params(ssid
="test-wpa2-eap")
760 params
['bridge'] = 'ap-br0'
761 hapd
= hostapd
.add_ap(apdev
[0], params
)
762 hostapd
.cmd_execute(apdev
[0], ['brctl', 'setfd', 'ap-br0', '0'])
763 hostapd
.cmd_execute(apdev
[0], ['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
764 eap_connect(dev
[0], hapd
, "PAX", "pax.user@example.com",
765 password_hex
="0123456789abcdef0123456789abcdef",
766 bssid
=apdev
[0]['bssid'])
768 params
= hostapd
.wpa2_eap_params(ssid
="test-wpa2-eap")
769 params
['bridge'] = 'ap-br0'
770 params
['rsn_preauth'] = '1'
771 params
['rsn_preauth_interfaces'] = 'ap-br0'
772 hapd
= hostapd
.add_ap(apdev
[1], params
)
773 bssid1
= apdev
[1]['bssid']
775 tests
= [(1, "rsn_preauth_receive"),
776 (2, "rsn_preauth_receive"),
777 (1, "rsn_preauth_send"),
778 (1, "wpa_auth_pmksa_add_preauth;rsn_preauth_finished")]
780 hapd
.request("DEAUTHENTICATE ff:ff:ff:ff:ff:ff")
781 with
alloc_fail(hapd
, test
[0], test
[1]):
782 dev
[0].scan_for_bss(bssid1
, freq
="2412")
783 if "OK" not in dev
[0].request("PREAUTH " + bssid1
):
784 raise Exception("PREAUTH failed")
790 pmksa
= dev
[0].get_pmksa(bssid1
)
794 state
= hapd
.request('GET_ALLOC_FAIL')
795 if state
.startswith('0:'):
799 logger
.info("PMKSA cache success: " + str(success
))
801 dev
[0].request("PMKSA_FLUSH")
802 dev
[0].wait_disconnected()
803 dev
[0].wait_connected()
804 dev
[0].dump_monitor()
806 def test_pmksa_cache_size_limit(dev
, apdev
):
807 """PMKSA cache size limit in wpa_supplicant"""
809 _test_pmksa_cache_size_limit(dev
, apdev
)
812 hapd
= hostapd
.HostapdGlobal(apdev
[0])
814 hapd
.remove(apdev
[0]['ifname'])
817 params
= hostapd
.wpa2_eap_params(ssid
="test-pmksa-cache")
818 bssid
= apdev
[0]['bssid']
819 params
['bssid'] = bssid
820 hostapd
.add_ap(apdev
[0], params
)
822 def _test_pmksa_cache_size_limit(dev
, apdev
):
823 params
= hostapd
.wpa2_eap_params(ssid
="test-pmksa-cache")
824 id = dev
[0].connect("test-pmksa-cache", proto
="RSN", key_mgmt
="WPA-EAP",
825 eap
="GPSK", identity
="gpsk user",
826 password
="abcdefghijklmnop0123456789abcdef",
827 scan_freq
="2412", only_add_network
=True)
829 bssid
= apdev
[0]['bssid'][0:15] + "%02x" % i
830 logger
.info("Iteration with BSSID " + bssid
)
831 params
['bssid'] = bssid
832 hostapd
.add_ap(apdev
[0], params
)
833 dev
[0].request("BSS_FLUSH 0")
834 dev
[0].scan_for_bss(bssid
, freq
=2412, only_new
=True)
835 dev
[0].select_network(id)
836 dev
[0].wait_connected()
837 dev
[0].request("DISCONNECT")
838 dev
[0].wait_disconnected()
839 dev
[0].dump_monitor()
840 entries
= len(dev
[0].request("PMKSA").splitlines()) - 1
843 raise Exception("Unexpected number of PMKSA entries after expected removal of the oldest entry")
844 elif i
+ 1 != entries
:
845 raise Exception("Unexpected number of PMKSA entries")
847 hapd
= hostapd
.HostapdGlobal(apdev
[0])
849 hapd
.remove(apdev
[0]['ifname'])
851 def test_pmksa_cache_preauth_timeout(dev
, apdev
):
852 """RSN pre-authentication timing out"""
854 _test_pmksa_cache_preauth_timeout(dev
, apdev
)
856 dev
[0].request("SET dot11RSNAConfigSATimeout 60")
858 def _test_pmksa_cache_preauth_timeout(dev
, apdev
):
859 dev
[0].request("SET dot11RSNAConfigSATimeout 1")
860 params
= hostapd
.wpa2_eap_params(ssid
="test-wpa2-eap")
861 hapd
= hostapd
.add_ap(apdev
[0], params
)
862 eap_connect(dev
[0], hapd
, "PAX", "pax.user@example.com",
863 password_hex
="0123456789abcdef0123456789abcdef",
864 bssid
=apdev
[0]['bssid'])
865 if "OK" not in dev
[0].request("PREAUTH f2:11:22:33:44:55"):
866 raise Exception("PREAUTH failed")
867 ev
= dev
[0].wait_event(["RSN: pre-authentication with"], timeout
=5)
869 raise Exception("No timeout event seen")
870 if "timed out" not in ev
:
871 raise Exception("Unexpected event: " + ev
)
873 def test_pmksa_cache_preauth_wpas_oom(dev
, apdev
):
874 """RSN pre-authentication OOM in wpa_supplicant"""
875 params
= hostapd
.wpa2_eap_params(ssid
="test-wpa2-eap")
876 hapd
= hostapd
.add_ap(apdev
[0], params
)
877 eap_connect(dev
[0], hapd
, "PAX", "pax.user@example.com",
878 password_hex
="0123456789abcdef0123456789abcdef",
879 bssid
=apdev
[0]['bssid'])
880 for i
in range(1, 11):
881 with
alloc_fail(dev
[0], i
, "rsn_preauth_init"):
882 res
= dev
[0].request("PREAUTH f2:11:22:33:44:55").strip()
883 logger
.info("Iteration %d - PREAUTH command results: %s" % (i
, res
))
885 state
= dev
[0].request('GET_ALLOC_FAIL')
886 if state
.startswith('0:'):
890 def test_pmksa_cache_ctrl(dev
, apdev
):
891 """PMKSA cache control interface operations"""
892 params
= hostapd
.wpa2_eap_params(ssid
="test-pmksa-cache")
893 hapd
= hostapd
.add_ap(apdev
[0], params
)
894 bssid
= apdev
[0]['bssid']
895 addr
= dev
[0].own_addr()
897 dev
[0].connect("test-pmksa-cache", proto
="RSN", key_mgmt
="WPA-EAP",
898 eap
="GPSK", identity
="gpsk user",
899 password
="abcdefghijklmnop0123456789abcdef",
902 pmksa_sta
= dev
[0].get_pmksa(bssid
)
903 if pmksa_sta
is None:
904 raise Exception("No PMKSA cache entry created on STA")
905 pmksa_ap
= hapd
.get_pmksa(addr
)
907 raise Exception("No PMKSA cache entry created on AP")
908 if pmksa_sta
['pmkid'] != pmksa_ap
['pmkid']:
909 raise Exception("PMKID mismatch in PMKSA cache entries")
911 if "OK" not in hapd
.request("PMKSA_FLUSH"):
912 raise Exception("PMKSA_FLUSH failed")
913 pmksa_ap
= hapd
.get_pmksa(addr
)
914 if pmksa_ap
is not None:
915 raise Exception("PMKSA cache entry was not removed on AP")
917 dev
[0].request("DISCONNECT")
918 dev
[0].wait_disconnected()
919 dev
[0].request("RECONNECT")
920 dev
[0].wait_connected()
922 pmksa_sta2
= dev
[0].get_pmksa(bssid
)
923 if pmksa_sta2
is None:
924 raise Exception("No PMKSA cache entry created on STA after reconnect")
925 pmksa_ap2
= hapd
.get_pmksa(addr
)
926 if pmksa_ap2
is None:
927 raise Exception("No PMKSA cache entry created on AP after reconnect")
928 if pmksa_sta2
['pmkid'] != pmksa_ap2
['pmkid']:
929 raise Exception("PMKID mismatch in PMKSA cache entries after reconnect")
930 if pmksa_sta2
['pmkid'] == pmksa_sta
['pmkid']:
931 raise Exception("PMKID did not change after reconnect")
933 def test_pmksa_cache_ctrl_events(dev
, apdev
):
934 """PMKSA cache control interface events"""
935 params
= hostapd
.wpa2_eap_params(ssid
="test-pmksa-cache")
936 hapd
= hostapd
.add_ap(apdev
[0], params
)
937 bssid
= apdev
[0]['bssid']
939 id = dev
[0].connect("test-pmksa-cache", proto
="RSN", key_mgmt
="WPA-EAP",
940 eap
="GPSK", identity
="gpsk user",
941 password
="abcdefghijklmnop0123456789abcdef",
942 scan_freq
="2412", wait_connect
=False)
944 ev
= dev
[0].wait_event(["PMKSA-CACHE-ADDED"], timeout
=15)
946 raise Exception("No PMKSA-CACHE-ADDED event")
947 dev
[0].wait_connected()
948 items
= ev
.split(' ')
949 if items
[1] != bssid
:
950 raise Exception("BSSID mismatch: " + ev
)
951 if int(items
[2]) != id:
952 raise Exception("network_id mismatch: " + ev
)
954 dev
[0].request("PMKSA_FLUSH")
955 ev
= dev
[0].wait_event(["PMKSA-CACHE-REMOVED"], timeout
=15)
957 raise Exception("No PMKSA-CACHE-REMOVED event")
958 dev
[0].wait_disconnected()
959 dev
[0].request("DISCONNECT")
960 items
= ev
.split(' ')
961 if items
[1] != bssid
:
962 raise Exception("BSSID mismatch: " + ev
)
963 if int(items
[2]) != id:
964 raise Exception("network_id mismatch: " + ev
)
966 def test_pmksa_cache_ctrl_ext(dev
, apdev
):
967 """PMKSA cache control interface for external management"""
968 params
= hostapd
.wpa2_eap_params(ssid
="test-pmksa-cache")
969 hapd
= hostapd
.add_ap(apdev
[0], params
)
970 bssid
= apdev
[0]['bssid']
972 id = dev
[0].connect("test-pmksa-cache", proto
="RSN", key_mgmt
="WPA-EAP",
973 eap
="GPSK", identity
="gpsk user",
974 password
="abcdefghijklmnop0123456789abcdef",
977 res1
= dev
[0].request("PMKSA_GET %d" % id)
978 logger
.info("PMKSA_GET: " + res1
)
979 if "UNKNOWN COMMAND" in res1
:
980 raise HwsimSkip("PMKSA_GET not supported in the build")
981 if bssid
not in res1
:
982 raise Exception("PMKSA cache entry missing")
984 hostapd
.add_ap(apdev
[1], params
)
985 bssid2
= apdev
[1]['bssid']
986 dev
[0].scan_for_bss(bssid2
, freq
=2412, force_scan
=True)
987 dev
[0].request("ROAM " + bssid2
)
988 dev
[0].wait_connected()
990 res2
= dev
[0].request("PMKSA_GET %d" % id)
991 logger
.info("PMKSA_GET: " + res2
)
992 if bssid
not in res2
:
993 raise Exception("PMKSA cache entry 1 missing")
994 if bssid2
not in res2
:
995 raise Exception("PMKSA cache entry 2 missing")
997 dev
[0].request("REMOVE_NETWORK all")
998 dev
[0].wait_disconnected()
999 dev
[0].request("PMKSA_FLUSH")
1001 id = dev
[0].connect("test-pmksa-cache", proto
="RSN", key_mgmt
="WPA-EAP",
1002 eap
="GPSK", identity
="gpsk user",
1003 password
="abcdefghijklmnop0123456789abcdef",
1004 scan_freq
="2412", only_add_network
=True)
1005 res3
= dev
[0].request("PMKSA_GET %d" % id)
1007 raise Exception("Unexpected PMKSA cache entry remains: " + res3
)
1008 res4
= dev
[0].request("PMKSA_GET %d" % (id + 1234))
1009 if not res4
.startswith('FAIL'):
1010 raise Exception("Unexpected PMKSA cache entry for unknown network: " + res4
)
1012 for entry
in res2
.splitlines():
1013 if "OK" not in dev
[0].request("PMKSA_ADD %d %s" % (id, entry
)):
1014 raise Exception("Failed to add PMKSA entry")
1016 dev
[0].select_network(id)
1017 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED",
1018 "CTRL-EVENT-CONNECTED"], timeout
=15)
1020 raise Exception("Connection with the AP timed out")
1021 if "CTRL-EVENT-EAP-STARTED" in ev
:
1022 raise Exception("Unexpected EAP exchange after external PMKSA cache restore")
1024 def test_rsn_preauth_processing(dev
, apdev
):
1025 """RSN pre-authentication processing on AP"""
1026 params
= hostapd
.wpa2_eap_params(ssid
="test-wpa2-eap")
1027 params
['rsn_preauth'] = '1'
1028 params
['rsn_preauth_interfaces'] = "lo"
1029 hapd
= hostapd
.add_ap(apdev
[0], params
)
1030 bssid
= hapd
.own_addr()
1031 _bssid
= binascii
.unhexlify(bssid
.replace(':', ''))
1032 eap_connect(dev
[0], hapd
, "PAX", "pax.user@example.com",
1033 password_hex
="0123456789abcdef0123456789abcdef")
1034 addr
= dev
[0].own_addr()
1035 _addr
= binascii
.unhexlify(addr
.replace(':', ''))
1037 sock
= socket
.socket(socket
.AF_PACKET
, socket
.SOCK_RAW
,
1038 socket
.htons(0x88c7))
1039 sock
.bind(("lo", socket
.htons(0x88c7)))
1041 foreign
= b
"\x02\x03\x04\x05\x06\x07"
1044 # RSN: too short pre-auth packet (len=14)
1045 tests
+= [_bssid
+ foreign
+ proto
]
1047 tests
+= [_bssid
+ foreign
+ proto
+ struct
.pack('>BBH', 0, 0, 0)]
1048 # RSN: pre-auth for foreign address 02:03:04:05:06:07
1049 tests
+= [foreign
+ foreign
+ proto
+ struct
.pack('>BBH', 0, 0, 0)]
1050 # RSN: pre-auth for already association STA 02:00:00:00:00:00
1051 tests
+= [_bssid
+ _addr
+ proto
+ struct
.pack('>BBH', 0, 0, 0)]
1053 tests
+= [_bssid
+ foreign
+ proto
+ struct
.pack('>BBH', 0, 1, 1)]
1054 # IEEE 802.1X: received EAPOL-Start from STA
1055 tests
+= [_bssid
+ foreign
+ proto
+ struct
.pack('>BBH', 0, 1, 0)]
1056 # frame too short for this IEEE 802.1X packet
1057 tests
+= [_bssid
+ foreign
+ proto
+ struct
.pack('>BBH', 0, 1, 1)]
1058 # EAPOL-Key - Dropped key data from unauthorized Supplicant
1059 tests
+= [_bssid
+ foreign
+ proto
+ struct
.pack('>BBH', 2, 3, 0)]
1060 # EAPOL-Encapsulated-ASF-Alert
1061 tests
+= [_bssid
+ foreign
+ proto
+ struct
.pack('>BBH', 2, 4, 0)]
1062 # unknown IEEE 802.1X packet type
1063 tests
+= [_bssid
+ foreign
+ proto
+ struct
.pack('>BBH', 2, 255, 0)]
1067 def test_rsn_preauth_local_errors(dev
, apdev
):
1068 """RSN pre-authentication and local errors on AP"""
1069 params
= hostapd
.wpa2_eap_params(ssid
="test-wpa2-eap")
1070 params
['rsn_preauth'] = '1'
1071 params
['rsn_preauth_interfaces'] = "lo"
1072 hapd
= hostapd
.add_ap(apdev
[0], params
)
1073 bssid
= hapd
.own_addr()
1074 _bssid
= binascii
.unhexlify(bssid
.replace(':', ''))
1076 sock
= socket
.socket(socket
.AF_PACKET
, socket
.SOCK_RAW
,
1077 socket
.htons(0x88c7))
1078 sock
.bind(("lo", socket
.htons(0x88c7)))
1080 foreign
= b
"\x02\x03\x04\x05\x06\x07"
1081 foreign2
= b
"\x02\x03\x04\x05\x06\x08"
1084 with
alloc_fail(hapd
, 1, "ap_sta_add;rsn_preauth_receive"):
1085 sock
.send(_bssid
+ foreign
+ proto
+ struct
.pack('>BBH', 2, 1, 0))
1086 wait_fail_trigger(hapd
, "GET_ALLOC_FAIL")
1088 with
alloc_fail(hapd
, 1, "eapol_auth_alloc;rsn_preauth_receive"):
1089 sock
.send(_bssid
+ foreign
+ proto
+ struct
.pack('>BBH', 2, 1, 0))
1090 wait_fail_trigger(hapd
, "GET_ALLOC_FAIL")
1091 sock
.send(_bssid
+ foreign
+ proto
+ struct
.pack('>BBH', 2, 1, 0))
1093 with
alloc_fail(hapd
, 1, "eap_server_sm_init;ieee802_1x_new_station;rsn_preauth_receive"):
1094 sock
.send(_bssid
+ foreign2
+ proto
+ struct
.pack('>BBH', 2, 1, 0))
1095 wait_fail_trigger(hapd
, "GET_ALLOC_FAIL")
1096 sock
.send(_bssid
+ foreign2
+ proto
+ struct
.pack('>BBH', 2, 1, 0))
1098 hapd
.request("DISABLE")
1099 tests
= [(1, "=rsn_preauth_iface_add"),
1100 (2, "=rsn_preauth_iface_add"),
1101 (1, "l2_packet_init;rsn_preauth_iface_add"),
1102 (1, "rsn_preauth_iface_init"),
1103 (1, "rsn_preauth_iface_init")]
1104 for count
, func
in tests
:
1105 with
alloc_fail(hapd
, count
, func
):
1106 if "FAIL" not in hapd
.request("ENABLE"):
1107 raise Exception("ENABLE succeeded unexpectedly")
1109 hapd
.set("rsn_preauth_interfaces", "lo lo lo does-not-exist lo ")
1110 if "FAIL" not in hapd
.request("ENABLE"):
1111 raise Exception("ENABLE succeeded unexpectedly")
1112 hapd
.set("rsn_preauth_interfaces", " lo lo ")
1113 if "OK" not in hapd
.request("ENABLE"):
1114 raise Exception("ENABLE failed")
1115 sock
.send(_bssid
+ foreign
+ proto
+ struct
.pack('>BBH', 2, 1, 0))
1116 sock
.send(_bssid
+ foreign2
+ proto
+ struct
.pack('>BBH', 2, 1, 0))