]> git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_pmksa_cache.py
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tests: Python coding style cleanup (pylint3 bad-whitespace)
[thirdparty/hostap.git] / tests / hwsim / test_pmksa_cache.py
1 # WPA2-Enterprise PMKSA caching tests
2 # Copyright (c) 2013-2014, Jouni Malinen <j@w1.fi>
3 #
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
6
7 import binascii
8 import logging
9 logger = logging.getLogger()
10 import socket
11 import struct
12 import subprocess
13 import time
14
15 import hostapd
16 import hwsim_utils
17 from wpasupplicant import WpaSupplicant
18 from utils import alloc_fail, HwsimSkip, wait_fail_trigger
19 from test_ap_eap import eap_connect
20
21 def test_pmksa_cache_on_roam_back(dev, apdev):
22 """PMKSA cache to skip EAP on reassociation back to same AP"""
23 params = hostapd.wpa2_eap_params(ssid="test-pmksa-cache")
24 hostapd.add_ap(apdev[0], params)
25 bssid = apdev[0]['bssid']
26 dev[0].connect("test-pmksa-cache", proto="RSN", key_mgmt="WPA-EAP",
27 eap="GPSK", identity="gpsk user",
28 password="abcdefghijklmnop0123456789abcdef",
29 scan_freq="2412")
30 pmksa = dev[0].get_pmksa(bssid)
31 if pmksa is None:
32 raise Exception("No PMKSA cache entry created")
33 if pmksa['opportunistic'] != '0':
34 raise Exception("Unexpected opportunistic PMKSA cache entry")
35
36 hostapd.add_ap(apdev[1], params)
37 bssid2 = apdev[1]['bssid']
38
39 dev[0].dump_monitor()
40 logger.info("Roam to AP2")
41 # It can take some time for the second AP to become ready to reply to Probe
42 # Request frames especially under heavy CPU load, so allow couple of rounds
43 # of scanning to avoid reporting errors incorrectly just because of scans
44 # not having seen the target AP.
45 for i in range(0, 10):
46 dev[0].scan(freq="2412")
47 if dev[0].get_bss(bssid2) is not None:
48 break
49 logger.info("Scan again to find target AP")
50 dev[0].request("ROAM " + bssid2)
51 ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=10)
52 if ev is None:
53 raise Exception("EAP success timed out")
54 dev[0].wait_connected(timeout=10, error="Roaming timed out")
55 pmksa2 = dev[0].get_pmksa(bssid2)
56 if pmksa2 is None:
57 raise Exception("No PMKSA cache entry found")
58 if pmksa2['opportunistic'] != '0':
59 raise Exception("Unexpected opportunistic PMKSA cache entry")
60
61 dev[0].dump_monitor()
62 logger.info("Roam back to AP1")
63 dev[0].scan(freq="2412")
64 dev[0].request("ROAM " + bssid)
65 ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
66 "CTRL-EVENT-CONNECTED"], timeout=10)
67 if ev is None:
68 raise Exception("Roaming with the AP timed out")
69 if "CTRL-EVENT-EAP-STARTED" in ev:
70 raise Exception("Unexpected EAP exchange")
71 pmksa1b = dev[0].get_pmksa(bssid)
72 if pmksa1b is None:
73 raise Exception("No PMKSA cache entry found")
74 if pmksa['pmkid'] != pmksa1b['pmkid']:
75 raise Exception("Unexpected PMKID change for AP1")
76
77 dev[0].dump_monitor()
78 if "FAIL" in dev[0].request("PMKSA_FLUSH"):
79 raise Exception("PMKSA_FLUSH failed")
80 if dev[0].get_pmksa(bssid) is not None or dev[0].get_pmksa(bssid2) is not None:
81 raise Exception("PMKSA_FLUSH did not remove PMKSA entries")
82 dev[0].wait_disconnected(timeout=5)
83 dev[0].wait_connected(timeout=15, error="Reconnection timed out")
84
85 def test_pmksa_cache_and_reauth(dev, apdev):
86 """PMKSA caching and EAPOL reauthentication"""
87 params = hostapd.wpa2_eap_params(ssid="test-pmksa-cache")
88 hapd = hostapd.add_ap(apdev[0], params)
89 bssid = apdev[0]['bssid']
90 dev[0].connect("test-pmksa-cache", proto="RSN", key_mgmt="WPA-EAP",
91 eap="GPSK", identity="gpsk user",
92 password="abcdefghijklmnop0123456789abcdef",
93 scan_freq="2412")
94
95 hostapd.add_ap(apdev[1], params)
96 bssid2 = apdev[1]['bssid']
97
98 dev[0].dump_monitor()
99 logger.info("Roam to AP2")
100 # It can take some time for the second AP to become ready to reply to Probe
101 # Request frames especially under heavy CPU load, so allow couple of rounds
102 # of scanning to avoid reporting errors incorrectly just because of scans
103 # not having seen the target AP.
104 for i in range(0, 10):
105 dev[0].scan(freq="2412")
106 if dev[0].get_bss(bssid2) is not None:
107 break
108 logger.info("Scan again to find target AP")
109 dev[0].request("ROAM " + bssid2)
110 ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=10)
111 if ev is None:
112 raise Exception("EAP success timed out")
113 dev[0].wait_connected(timeout=10, error="Roaming timed out")
114
115 dev[0].dump_monitor()
116 logger.info("Roam back to AP1")
117 dev[0].scan(freq="2412")
118 dev[0].request("ROAM " + bssid)
119 ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
120 "CTRL-EVENT-CONNECTED"], timeout=10)
121 if ev is None:
122 raise Exception("Roaming with the AP timed out")
123 if "CTRL-EVENT-EAP-STARTED" in ev:
124 raise Exception("Unexpected EAP exchange")
125
126 # Verify EAPOL reauthentication after PMKSA caching
127 hapd.request("EAPOL_REAUTH " + dev[0].own_addr())
128 ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)
129 if ev is None:
130 raise Exception("EAP authentication did not start")
131 ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=5)
132 if ev is None:
133 raise Exception("EAP authentication did not succeed")
134
135 def test_pmksa_cache_opportunistic_only_on_sta(dev, apdev):
136 """Opportunistic PMKSA caching enabled only on station"""
137 params = hostapd.wpa2_eap_params(ssid="test-pmksa-cache")
138 hostapd.add_ap(apdev[0], params)
139 bssid = apdev[0]['bssid']
140 dev[0].connect("test-pmksa-cache", proto="RSN", key_mgmt="WPA-EAP",
141 eap="GPSK", identity="gpsk user",
142 password="abcdefghijklmnop0123456789abcdef", okc=True,
143 scan_freq="2412")
144 pmksa = dev[0].get_pmksa(bssid)
145 if pmksa is None:
146 raise Exception("No PMKSA cache entry created")
147 if pmksa['opportunistic'] != '0':
148 raise Exception("Unexpected opportunistic PMKSA cache entry")
149
150 hostapd.add_ap(apdev[1], params)
151 bssid2 = apdev[1]['bssid']
152
153 dev[0].dump_monitor()
154 logger.info("Roam to AP2")
155 dev[0].scan(freq="2412")
156 dev[0].request("ROAM " + bssid2)
157 ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=10)
158 if ev is None:
159 raise Exception("EAP success timed out")
160 dev[0].wait_connected(timeout=10, error="Roaming timed out")
161 pmksa2 = dev[0].get_pmksa(bssid2)
162 if pmksa2 is None:
163 raise Exception("No PMKSA cache entry found")
164 if pmksa2['opportunistic'] != '0':
165 raise Exception("Unexpected opportunistic PMKSA cache entry")
166
167 dev[0].dump_monitor()
168 logger.info("Roam back to AP1")
169 dev[0].scan(freq="2412")
170 dev[0].request("ROAM " + bssid)
171 ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
172 "CTRL-EVENT-CONNECTED"], timeout=10)
173 if ev is None:
174 raise Exception("Roaming with the AP timed out")
175 if "CTRL-EVENT-EAP-STARTED" in ev:
176 raise Exception("Unexpected EAP exchange")
177 pmksa1b = dev[0].get_pmksa(bssid)
178 if pmksa1b is None:
179 raise Exception("No PMKSA cache entry found")
180 if pmksa['pmkid'] != pmksa1b['pmkid']:
181 raise Exception("Unexpected PMKID change for AP1")
182
183 def test_pmksa_cache_opportunistic(dev, apdev):
184 """Opportunistic PMKSA caching"""
185 params = hostapd.wpa2_eap_params(ssid="test-pmksa-cache")
186 params['okc'] = "1"
187 hostapd.add_ap(apdev[0], params)
188 bssid = apdev[0]['bssid']
189 dev[0].connect("test-pmksa-cache", proto="RSN", key_mgmt="WPA-EAP",
190 eap="GPSK", identity="gpsk user",
191 password="abcdefghijklmnop0123456789abcdef", okc=True,
192 scan_freq="2412")
193 pmksa = dev[0].get_pmksa(bssid)
194 if pmksa is None:
195 raise Exception("No PMKSA cache entry created")
196 if pmksa['opportunistic'] != '0':
197 raise Exception("Unexpected opportunistic PMKSA cache entry")
198
199 hostapd.add_ap(apdev[1], params)
200 bssid2 = apdev[1]['bssid']
201
202 dev[0].dump_monitor()
203 logger.info("Roam to AP2")
204 dev[0].scan(freq="2412")
205 dev[0].request("ROAM " + bssid2)
206 ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
207 "CTRL-EVENT-CONNECTED"], timeout=10)
208 if ev is None:
209 raise Exception("Roaming with the AP timed out")
210 if "CTRL-EVENT-EAP-STARTED" in ev:
211 raise Exception("Unexpected EAP exchange")
212 pmksa2 = dev[0].get_pmksa(bssid2)
213 if pmksa2 is None:
214 raise Exception("No PMKSA cache entry created")
215
216 dev[0].dump_monitor()
217 logger.info("Roam back to AP1")
218 dev[0].scan(freq="2412")
219 dev[0].request("ROAM " + bssid)
220 ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
221 "CTRL-EVENT-CONNECTED"], timeout=10)
222 if ev is None:
223 raise Exception("Roaming with the AP timed out")
224 if "CTRL-EVENT-EAP-STARTED" in ev:
225 raise Exception("Unexpected EAP exchange")
226
227 pmksa1b = dev[0].get_pmksa(bssid)
228 if pmksa1b is None:
229 raise Exception("No PMKSA cache entry found")
230 if pmksa['pmkid'] != pmksa1b['pmkid']:
231 raise Exception("Unexpected PMKID change for AP1")
232
233 def test_pmksa_cache_opportunistic_connect(dev, apdev):
234 """Opportunistic PMKSA caching with connect API"""
235 params = hostapd.wpa2_eap_params(ssid="test-pmksa-cache")
236 params['okc'] = "1"
237 hostapd.add_ap(apdev[0], params)
238 bssid = apdev[0]['bssid']
239 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
240 wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
241 wpas.connect("test-pmksa-cache", proto="RSN", key_mgmt="WPA-EAP",
242 eap="GPSK", identity="gpsk user",
243 password="abcdefghijklmnop0123456789abcdef", okc=True,
244 scan_freq="2412")
245 pmksa = wpas.get_pmksa(bssid)
246 if pmksa is None:
247 raise Exception("No PMKSA cache entry created")
248 if pmksa['opportunistic'] != '0':
249 raise Exception("Unexpected opportunistic PMKSA cache entry")
250
251 hostapd.add_ap(apdev[1], params)
252 bssid2 = apdev[1]['bssid']
253
254 wpas.dump_monitor()
255 logger.info("Roam to AP2")
256 wpas.scan_for_bss(bssid2, freq="2412", force_scan=True)
257 wpas.request("ROAM " + bssid2)
258 ev = wpas.wait_event(["CTRL-EVENT-EAP-STARTED",
259 "CTRL-EVENT-CONNECTED"], timeout=10)
260 if ev is None:
261 raise Exception("Roaming with the AP timed out")
262 if "CTRL-EVENT-EAP-STARTED" in ev:
263 raise Exception("Unexpected EAP exchange")
264 pmksa2 = wpas.get_pmksa(bssid2)
265 if pmksa2 is None:
266 raise Exception("No PMKSA cache entry created")
267
268 wpas.dump_monitor()
269 logger.info("Roam back to AP1")
270 wpas.scan(freq="2412")
271 wpas.request("ROAM " + bssid)
272 ev = wpas.wait_event(["CTRL-EVENT-EAP-STARTED",
273 "CTRL-EVENT-CONNECTED"], timeout=10)
274 if ev is None:
275 raise Exception("Roaming with the AP timed out")
276 if "CTRL-EVENT-EAP-STARTED" in ev:
277 raise Exception("Unexpected EAP exchange")
278
279 pmksa1b = wpas.get_pmksa(bssid)
280 if pmksa1b is None:
281 raise Exception("No PMKSA cache entry found")
282 if pmksa['pmkid'] != pmksa1b['pmkid']:
283 raise Exception("Unexpected PMKID change for AP1")
284
285 def test_pmksa_cache_expiration(dev, apdev):
286 """PMKSA cache entry expiration"""
287 params = hostapd.wpa2_eap_params(ssid="test-pmksa-cache")
288 hapd = hostapd.add_ap(apdev[0], params)
289 bssid = apdev[0]['bssid']
290 dev[0].request("SET dot11RSNAConfigPMKLifetime 10")
291 dev[0].connect("test-pmksa-cache", proto="RSN", key_mgmt="WPA-EAP",
292 eap="GPSK", identity="gpsk user",
293 password="abcdefghijklmnop0123456789abcdef",
294 scan_freq="2412")
295 pmksa = dev[0].get_pmksa(bssid)
296 if pmksa is None:
297 raise Exception("No PMKSA cache entry created")
298 logger.info("Wait for PMKSA cache entry to expire")
299 ev = dev[0].wait_event(["WPA: Key negotiation completed",
300 "CTRL-EVENT-DISCONNECTED"], timeout=15)
301 if ev is None:
302 raise Exception("No EAP reauthentication seen")
303 if "CTRL-EVENT-DISCONNECTED" in ev:
304 raise Exception("Unexpected disconnection")
305 pmksa2 = dev[0].get_pmksa(bssid)
306 if pmksa['pmkid'] == pmksa2['pmkid']:
307 raise Exception("PMKID did not change")
308 hwsim_utils.test_connectivity(dev[0], hapd)
309
310 def test_pmksa_cache_expiration_disconnect(dev, apdev):
311 """PMKSA cache entry expiration (disconnect)"""
312 params = hostapd.wpa2_eap_params(ssid="test-pmksa-cache")
313 hapd = hostapd.add_ap(apdev[0], params)
314 bssid = apdev[0]['bssid']
315 dev[0].request("SET dot11RSNAConfigPMKLifetime 2")
316 dev[0].request("SET dot11RSNAConfigPMKReauthThreshold 100")
317 dev[0].connect("test-pmksa-cache", proto="RSN", key_mgmt="WPA-EAP",
318 eap="GPSK", identity="gpsk user",
319 password="abcdefghijklmnop0123456789abcdef",
320 scan_freq="2412")
321 pmksa = dev[0].get_pmksa(bssid)
322 if pmksa is None:
323 raise Exception("No PMKSA cache entry created")
324 hapd.request("SET auth_server_shared_secret incorrect")
325 logger.info("Wait for PMKSA cache entry to expire")
326 ev = dev[0].wait_event(["WPA: Key negotiation completed",
327 "CTRL-EVENT-DISCONNECTED"], timeout=15)
328 if ev is None:
329 raise Exception("No EAP reauthentication seen")
330 if "CTRL-EVENT-DISCONNECTED" not in ev:
331 raise Exception("Missing disconnection")
332 hapd.request("SET auth_server_shared_secret radius")
333 ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=15)
334 if ev is None:
335 raise Exception("No EAP reauthentication seen")
336 pmksa2 = dev[0].get_pmksa(bssid)
337 if pmksa['pmkid'] == pmksa2['pmkid']:
338 raise Exception("PMKID did not change")
339
340 def test_pmksa_cache_and_cui(dev, apdev):
341 """PMKSA cache and Chargeable-User-Identity"""
342 params = hostapd.wpa2_eap_params(ssid="cui")
343 params['radius_request_cui'] = '1'
344 params['acct_server_addr'] = "127.0.0.1"
345 params['acct_server_port'] = "1813"
346 params['acct_server_shared_secret'] = "radius"
347 hapd = hostapd.add_ap(apdev[0], params)
348 bssid = apdev[0]['bssid']
349 dev[0].connect("cui", proto="RSN", key_mgmt="WPA-EAP",
350 eap="GPSK", identity="gpsk-cui",
351 password="abcdefghijklmnop0123456789abcdef",
352 scan_freq="2412")
353 pmksa = dev[0].get_pmksa(bssid)
354 if pmksa is None:
355 raise Exception("No PMKSA cache entry created")
356 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=5)
357 if ev is None:
358 raise Exception("No connection event received from hostapd")
359
360 dev[0].dump_monitor()
361 logger.info("Disconnect and reconnect to the same AP")
362 dev[0].request("DISCONNECT")
363 dev[0].wait_disconnected()
364 dev[0].request("RECONNECT")
365 ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
366 "CTRL-EVENT-CONNECTED"], timeout=10)
367 if ev is None:
368 raise Exception("Reconnect timed out")
369 if "CTRL-EVENT-EAP-STARTED" in ev:
370 raise Exception("Unexpected EAP exchange")
371 pmksa1b = dev[0].get_pmksa(bssid)
372 if pmksa1b is None:
373 raise Exception("No PMKSA cache entry found")
374 if pmksa['pmkid'] != pmksa1b['pmkid']:
375 raise Exception("Unexpected PMKID change for AP1")
376
377 dev[0].request("REAUTHENTICATE")
378 ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=10)
379 if ev is None:
380 raise Exception("EAP success timed out")
381 for i in range(0, 20):
382 state = dev[0].get_status_field("wpa_state")
383 if state == "COMPLETED":
384 break
385 time.sleep(0.1)
386 if state != "COMPLETED":
387 raise Exception("Reauthentication did not complete")
388
389 def test_pmksa_cache_preauth_auto(dev, apdev):
390 """RSN pre-authentication based on pre-connection scan results"""
391 try:
392 run_pmksa_cache_preauth_auto(dev, apdev)
393 finally:
394 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev',
395 'ap-br0', 'down', '2>', '/dev/null'],
396 shell=True)
397 hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', 'ap-br0',
398 '2>', '/dev/null'], shell=True)
399
400 def run_pmksa_cache_preauth_auto(dev, apdev):
401 params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
402 params['bridge'] = 'ap-br0'
403 params['rsn_preauth'] = '1'
404 params['rsn_preauth_interfaces'] = 'ap-br0'
405
406 hapd = hostapd.add_ap(apdev[0], params)
407 hapd.cmd_execute(['brctl', 'setfd', 'ap-br0', '0'])
408 hapd.cmd_execute(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
409 hapd2 = hostapd.add_ap(apdev[1], params)
410
411 eap_connect(dev[0], hapd, "PAX", "pax.user@example.com",
412 password_hex="0123456789abcdef0123456789abcdef")
413
414 found = False
415 for i in range(20):
416 time.sleep(0.5)
417 res1 = dev[0].get_pmksa(apdev[0]['bssid'])
418 res2 = dev[0].get_pmksa(apdev[1]['bssid'])
419 if res1 and res2:
420 found = True
421 break
422 if not found:
423 raise Exception("The expected PMKSA cache entries not found")
424
425 def generic_pmksa_cache_preauth(dev, apdev, extraparams, identity, databridge,
426 force_disconnect=False):
427 if not extraparams:
428 extraparams = [{}, {}]
429 try:
430 params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
431 params['bridge'] = 'ap-br0'
432 for key, value in extraparams[0].items():
433 params[key] = value
434
435 hapd = hostapd.add_ap(apdev[0], params)
436 hapd.cmd_execute(['brctl', 'setfd', 'ap-br0', '0'])
437 hapd.cmd_execute(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
438 eap_connect(dev[0], hapd, "PAX", identity,
439 password_hex="0123456789abcdef0123456789abcdef")
440
441 # Verify connectivity in the correct VLAN
442 hwsim_utils.test_connectivity_iface(dev[0], hapd, databridge)
443
444 params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
445 params['bridge'] = 'ap-br0'
446 params['rsn_preauth'] = '1'
447 params['rsn_preauth_interfaces'] = databridge
448 for key, value in extraparams[1].items():
449 params[key] = value
450 hostapd.add_ap(apdev[1], params)
451 bssid1 = apdev[1]['bssid']
452 dev[0].scan(freq="2412")
453 success = False
454 status_seen = False
455 for i in range(0, 50):
456 if not status_seen:
457 status = dev[0].request("STATUS")
458 if "Pre-authentication EAPOL state machines:" in status:
459 status_seen = True
460 time.sleep(0.1)
461 pmksa = dev[0].get_pmksa(bssid1)
462 if pmksa:
463 success = True
464 break
465 if not success:
466 raise Exception("No PMKSA cache entry created from pre-authentication")
467 if not status_seen:
468 raise Exception("Pre-authentication EAPOL status was not available")
469
470 dev[0].scan(freq="2412")
471 if "[WPA2-EAP-CCMP-preauth]" not in dev[0].request("SCAN_RESULTS"):
472 raise Exception("Scan results missing RSN element info")
473 dev[0].request("ROAM " + bssid1)
474 ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
475 "CTRL-EVENT-CONNECTED"], timeout=10)
476 if ev is None:
477 raise Exception("Roaming with the AP timed out")
478 if "CTRL-EVENT-EAP-STARTED" in ev:
479 raise Exception("Unexpected EAP exchange")
480 pmksa2 = dev[0].get_pmksa(bssid1)
481 if pmksa2 is None:
482 raise Exception("No PMKSA cache entry")
483 if pmksa['pmkid'] != pmksa2['pmkid']:
484 raise Exception("Unexpected PMKID change")
485
486 # Verify connectivity in the correct VLAN
487 hwsim_utils.test_connectivity_iface(dev[0], hapd, databridge)
488
489 if not force_disconnect:
490 return
491
492 # Disconnect the STA from both APs to avoid forceful ifdown by the
493 # test script on a VLAN that this has an associated STA. That used to
494 # trigger a mac80211 warning.
495 dev[0].request("DISCONNECT")
496 hapd.request("DISABLE")
497
498 finally:
499 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev',
500 'ap-br0', 'down', '2>', '/dev/null'],
501 shell=True)
502 hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', 'ap-br0',
503 '2>', '/dev/null'], shell=True)
504
505 def test_pmksa_cache_preauth(dev, apdev):
506 """RSN pre-authentication to generate PMKSA cache entry"""
507 generic_pmksa_cache_preauth(dev, apdev, None,
508 "pax.user@example.com", "ap-br0")
509
510 def test_pmksa_cache_preauth_per_sta_vif(dev, apdev):
511 """RSN pre-authentication to generate PMKSA cache entry with per_sta_vif"""
512 extraparams = [{}, {}]
513 extraparams[0]['per_sta_vif'] = "1"
514 extraparams[1]['per_sta_vif'] = "1"
515 generic_pmksa_cache_preauth(dev, apdev, extraparams,
516 "pax.user@example.com", "ap-br0")
517
518 def test_pmksa_cache_preauth_vlan_enabled(dev, apdev):
519 """RSN pre-authentication to generate PMKSA cache entry (dynamic_vlan optional but station without VLAN set)"""
520 extraparams = [{}, {}]
521 extraparams[0]['dynamic_vlan'] = '1'
522 extraparams[1]['dynamic_vlan'] = '1'
523 generic_pmksa_cache_preauth(dev, apdev, extraparams,
524 "pax.user@example.com", "ap-br0")
525
526 def test_pmksa_cache_preauth_vlan_enabled_per_sta_vif(dev, apdev):
527 """RSN pre-authentication to generate PMKSA cache entry (dynamic_vlan optional but station without VLAN set, with per_sta_vif enabled)"""
528 extraparams = [{}, {}]
529 extraparams[0]['per_sta_vif'] = "1"
530 extraparams[1]['per_sta_vif'] = "1"
531 extraparams[0]['dynamic_vlan'] = '1'
532 extraparams[1]['dynamic_vlan'] = '1'
533 generic_pmksa_cache_preauth(dev, apdev, extraparams,
534 "pax.user@example.com", "ap-br0")
535
536 def test_pmksa_cache_preauth_vlan_used(dev, apdev):
537 """RSN pre-authentication to generate PMKSA cache entry (station with VLAN set)"""
538 run_pmksa_cache_preauth_vlan_used(dev, apdev, None, force_disconnect=True)
539
540 def run_pmksa_cache_preauth_vlan_used(dev, apdev, extraparams=None,
541 force_disconnect=False):
542 try:
543 subprocess.call(['brctl', 'addbr', 'brvlan1'])
544 subprocess.call(['brctl', 'setfd', 'brvlan1', '0'])
545 if not extraparams:
546 extraparams = [{}, {}]
547 extraparams[0]['dynamic_vlan'] = '1'
548 extraparams[0]['vlan_file'] = 'hostapd.wlan3.vlan'
549 extraparams[1]['dynamic_vlan'] = '1'
550 extraparams[1]['vlan_file'] = 'hostapd.wlan4.vlan'
551 generic_pmksa_cache_preauth(dev, apdev, extraparams,
552 "vlan1", "brvlan1",
553 force_disconnect=force_disconnect)
554 finally:
555 subprocess.call(['ip', 'link', 'set', 'dev', 'brvlan1', 'down'])
556 subprocess.call(['ip', 'link', 'set', 'dev', 'wlan3.1', 'down'],
557 stderr=open('/dev/null', 'w'))
558 subprocess.call(['ip', 'link', 'set', 'dev', 'wlan4.1', 'down'],
559 stderr=open('/dev/null', 'w'))
560 subprocess.call(['brctl', 'delif', 'brvlan1', 'wlan3.1'],
561 stderr=open('/dev/null', 'w'))
562 subprocess.call(['brctl', 'delif', 'brvlan1', 'wlan4.1'],
563 stderr=open('/dev/null', 'w'))
564 subprocess.call(['brctl', 'delbr', 'brvlan1'])
565
566 def test_pmksa_cache_preauth_vlan_used_per_sta_vif(dev, apdev):
567 """RSN pre-authentication to generate PMKSA cache entry (station with VLAN set, per_sta_vif=1)"""
568 extraparams = [{}, {}]
569 extraparams[0]['per_sta_vif'] = "1"
570 extraparams[1]['per_sta_vif'] = "1"
571 run_pmksa_cache_preauth_vlan_used(dev, apdev, extraparams)
572
573 def test_pmksa_cache_disabled(dev, apdev):
574 """PMKSA cache disabling on AP"""
575 params = hostapd.wpa2_eap_params(ssid="test-pmksa-cache")
576 params['disable_pmksa_caching'] = '1'
577 hostapd.add_ap(apdev[0], params)
578 bssid = apdev[0]['bssid']
579 dev[0].connect("test-pmksa-cache", proto="RSN", key_mgmt="WPA-EAP",
580 eap="GPSK", identity="gpsk user",
581 password="abcdefghijklmnop0123456789abcdef",
582 scan_freq="2412")
583
584 hostapd.add_ap(apdev[1], params)
585 bssid2 = apdev[1]['bssid']
586
587 dev[0].dump_monitor()
588 logger.info("Roam to AP2")
589 dev[0].scan_for_bss(bssid2, freq="2412")
590 dev[0].request("ROAM " + bssid2)
591 ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=10)
592 if ev is None:
593 raise Exception("EAP success timed out")
594 dev[0].wait_connected(timeout=10, error="Roaming timed out")
595
596 dev[0].dump_monitor()
597 logger.info("Roam back to AP1")
598 dev[0].scan(freq="2412")
599 dev[0].request("ROAM " + bssid)
600 ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
601 "CTRL-EVENT-CONNECTED"], timeout=20)
602 if ev is None:
603 raise Exception("Roaming with the AP timed out")
604 if "CTRL-EVENT-CONNECTED" in ev:
605 raise Exception("EAP exchange missing")
606 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=20)
607 if ev is None:
608 raise Exception("Roaming with the AP timed out")
609
610 def test_pmksa_cache_ap_expiration(dev, apdev):
611 """PMKSA cache entry expiring on AP"""
612 params = hostapd.wpa2_eap_params(ssid="test-pmksa-cache")
613 hapd = hostapd.add_ap(apdev[0], params)
614 bssid = apdev[0]['bssid']
615 dev[0].connect("test-pmksa-cache", proto="RSN", key_mgmt="WPA-EAP",
616 eap="GPSK", identity="gpsk-user-session-timeout",
617 password="abcdefghijklmnop0123456789abcdef",
618 scan_freq="2412")
619 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=5)
620 if ev is None:
621 raise Exception("No connection event received from hostapd")
622 dev[0].request("DISCONNECT")
623 time.sleep(5)
624 dev[0].dump_monitor()
625 dev[0].request("RECONNECT")
626 ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
627 "CTRL-EVENT-CONNECTED"], timeout=20)
628 if ev is None:
629 raise Exception("Roaming with the AP timed out")
630 if "CTRL-EVENT-CONNECTED" in ev:
631 raise Exception("EAP exchange missing")
632 dev[0].wait_connected(timeout=20, error="Reconnect timed out")
633 dev[0].dump_monitor()
634 dev[0].wait_disconnected(timeout=20)
635 dev[0].wait_connected(timeout=20, error="Reassociation timed out")
636
637 def test_pmksa_cache_multiple_sta(dev, apdev):
638 """PMKSA cache with multiple stations"""
639 params = hostapd.wpa2_eap_params(ssid="test-pmksa-cache")
640 hostapd.add_ap(apdev[0], params)
641 bssid = apdev[0]['bssid']
642 for d in dev:
643 d.flush_scan_cache()
644 dev[0].connect("test-pmksa-cache", proto="RSN", key_mgmt="WPA-EAP",
645 eap="GPSK", identity="gpsk-user-session-timeout",
646 password="abcdefghijklmnop0123456789abcdef",
647 scan_freq="2412")
648 dev[1].connect("test-pmksa-cache", proto="RSN", key_mgmt="WPA-EAP",
649 eap="GPSK", identity="gpsk user",
650 password="abcdefghijklmnop0123456789abcdef",
651 scan_freq="2412")
652 dev[2].connect("test-pmksa-cache", proto="RSN", key_mgmt="WPA-EAP",
653 eap="GPSK", identity="gpsk-user-session-timeout",
654 password="abcdefghijklmnop0123456789abcdef",
655 scan_freq="2412")
656
657 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
658 wpas.interface_add("wlan5")
659 wpas.flush_scan_cache()
660 wpas.connect("test-pmksa-cache", proto="RSN", key_mgmt="WPA-EAP",
661 eap="GPSK", identity="gpsk user",
662 password="abcdefghijklmnop0123456789abcdef",
663 scan_freq="2412")
664
665 hostapd.add_ap(apdev[1], params)
666 bssid2 = apdev[1]['bssid']
667
668 logger.info("Roam to AP2")
669 for sta in [dev[1], dev[0], dev[2], wpas]:
670 sta.dump_monitor()
671 sta.scan_for_bss(bssid2, freq="2412")
672 if "OK" not in sta.request("ROAM " + bssid2):
673 raise Exception("ROAM command failed (" + sta.ifname + ")")
674 ev = sta.wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=10)
675 if ev is None:
676 raise Exception("EAP success timed out")
677 sta.wait_connected(timeout=10, error="Roaming timed out")
678 sta.dump_monitor()
679
680 logger.info("Roam back to AP1")
681 for sta in [dev[1], wpas, dev[0], dev[2]]:
682 sta.dump_monitor()
683 sta.scan(freq="2412")
684 sta.dump_monitor()
685 sta.request("ROAM " + bssid)
686 sta.wait_connected(timeout=10, error="Roaming timed out")
687 sta.dump_monitor()
688
689 time.sleep(4)
690
691 logger.info("Roam back to AP2")
692 for sta in [dev[1], wpas, dev[0], dev[2]]:
693 sta.dump_monitor()
694 sta.scan(freq="2412")
695 sta.dump_monitor()
696 sta.request("ROAM " + bssid2)
697 sta.wait_connected(timeout=10, error="Roaming timed out")
698 sta.dump_monitor()
699
700 def test_pmksa_cache_opportunistic_multiple_sta(dev, apdev):
701 """Opportunistic PMKSA caching with multiple stations"""
702 params = hostapd.wpa2_eap_params(ssid="test-pmksa-cache")
703 params['okc'] = "1"
704 hostapd.add_ap(apdev[0], params)
705 bssid = apdev[0]['bssid']
706 for d in dev:
707 d.flush_scan_cache()
708 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
709 wpas.interface_add("wlan5")
710 wpas.flush_scan_cache()
711 for sta in [dev[0], dev[1], dev[2], wpas]:
712 sta.connect("test-pmksa-cache", proto="RSN", key_mgmt="WPA-EAP",
713 eap="GPSK", identity="gpsk user",
714 password="abcdefghijklmnop0123456789abcdef", okc=True,
715 scan_freq="2412")
716
717 hostapd.add_ap(apdev[1], params)
718 bssid2 = apdev[1]['bssid']
719
720 logger.info("Roam to AP2")
721 for sta in [dev[2], dev[0], wpas, dev[1]]:
722 sta.dump_monitor()
723 sta.scan_for_bss(bssid2, freq="2412")
724 if "OK" not in sta.request("ROAM " + bssid2):
725 raise Exception("ROAM command failed")
726 ev = sta.wait_event(["CTRL-EVENT-EAP-STARTED",
727 "CTRL-EVENT-CONNECTED"], timeout=10)
728 if ev is None:
729 raise Exception("Roaming with the AP timed out")
730 if "CTRL-EVENT-EAP-STARTED" in ev:
731 raise Exception("Unexpected EAP exchange")
732 pmksa2 = sta.get_pmksa(bssid2)
733 if pmksa2 is None:
734 raise Exception("No PMKSA cache entry created")
735 sta.dump_monitor()
736
737 logger.info("Roam back to AP1")
738 for sta in [dev[0], dev[1], dev[2], wpas]:
739 sta.dump_monitor()
740 sta.scan_for_bss(bssid, freq="2412")
741 sta.request("ROAM " + bssid)
742 ev = sta.wait_event(["CTRL-EVENT-EAP-STARTED",
743 "CTRL-EVENT-CONNECTED"], timeout=10)
744 if ev is None:
745 raise Exception("Roaming with the AP timed out")
746 if "CTRL-EVENT-EAP-STARTED" in ev:
747 raise Exception("Unexpected EAP exchange")
748
749 def test_pmksa_cache_preauth_oom(dev, apdev):
750 """RSN pre-authentication to generate PMKSA cache entry and OOM"""
751 try:
752 _test_pmksa_cache_preauth_oom(dev, apdev)
753 finally:
754 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', 'ap-br0',
755 'down'])
756 hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', 'ap-br0'])
757
758 def _test_pmksa_cache_preauth_oom(dev, apdev):
759 params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
760 params['bridge'] = 'ap-br0'
761 hapd = hostapd.add_ap(apdev[0], params)
762 hostapd.cmd_execute(apdev[0], ['brctl', 'setfd', 'ap-br0', '0'])
763 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
764 eap_connect(dev[0], hapd, "PAX", "pax.user@example.com",
765 password_hex="0123456789abcdef0123456789abcdef",
766 bssid=apdev[0]['bssid'])
767
768 params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
769 params['bridge'] = 'ap-br0'
770 params['rsn_preauth'] = '1'
771 params['rsn_preauth_interfaces'] = 'ap-br0'
772 hapd = hostapd.add_ap(apdev[1], params)
773 bssid1 = apdev[1]['bssid']
774
775 tests = [(1, "rsn_preauth_receive"),
776 (2, "rsn_preauth_receive"),
777 (1, "rsn_preauth_send"),
778 (1, "wpa_auth_pmksa_add_preauth;rsn_preauth_finished")]
779 for test in tests:
780 hapd.request("DEAUTHENTICATE ff:ff:ff:ff:ff:ff")
781 with alloc_fail(hapd, test[0], test[1]):
782 dev[0].scan_for_bss(bssid1, freq="2412")
783 if "OK" not in dev[0].request("PREAUTH " + bssid1):
784 raise Exception("PREAUTH failed")
785
786 success = False
787 count = 0
788 for i in range(50):
789 time.sleep(0.1)
790 pmksa = dev[0].get_pmksa(bssid1)
791 if pmksa:
792 success = True
793 break
794 state = hapd.request('GET_ALLOC_FAIL')
795 if state.startswith('0:'):
796 count += 1
797 if count > 2:
798 break
799 logger.info("PMKSA cache success: " + str(success))
800
801 dev[0].request("PMKSA_FLUSH")
802 dev[0].wait_disconnected()
803 dev[0].wait_connected()
804 dev[0].dump_monitor()
805
806 def test_pmksa_cache_size_limit(dev, apdev):
807 """PMKSA cache size limit in wpa_supplicant"""
808 try:
809 _test_pmksa_cache_size_limit(dev, apdev)
810 finally:
811 try:
812 hapd = hostapd.HostapdGlobal(apdev[0])
813 hapd.flush()
814 hapd.remove(apdev[0]['ifname'])
815 except:
816 pass
817 params = hostapd.wpa2_eap_params(ssid="test-pmksa-cache")
818 bssid = apdev[0]['bssid']
819 params['bssid'] = bssid
820 hostapd.add_ap(apdev[0], params)
821
822 def _test_pmksa_cache_size_limit(dev, apdev):
823 params = hostapd.wpa2_eap_params(ssid="test-pmksa-cache")
824 id = dev[0].connect("test-pmksa-cache", proto="RSN", key_mgmt="WPA-EAP",
825 eap="GPSK", identity="gpsk user",
826 password="abcdefghijklmnop0123456789abcdef",
827 scan_freq="2412", only_add_network=True)
828 for i in range(33):
829 bssid = apdev[0]['bssid'][0:15] + "%02x" % i
830 logger.info("Iteration with BSSID " + bssid)
831 params['bssid'] = bssid
832 hostapd.add_ap(apdev[0], params)
833 dev[0].request("BSS_FLUSH 0")
834 dev[0].scan_for_bss(bssid, freq=2412, only_new=True)
835 dev[0].select_network(id)
836 dev[0].wait_connected()
837 dev[0].request("DISCONNECT")
838 dev[0].wait_disconnected()
839 dev[0].dump_monitor()
840 entries = len(dev[0].request("PMKSA").splitlines()) - 1
841 if i == 32:
842 if entries != 32:
843 raise Exception("Unexpected number of PMKSA entries after expected removal of the oldest entry")
844 elif i + 1 != entries:
845 raise Exception("Unexpected number of PMKSA entries")
846
847 hapd = hostapd.HostapdGlobal(apdev[0])
848 hapd.flush()
849 hapd.remove(apdev[0]['ifname'])
850
851 def test_pmksa_cache_preauth_timeout(dev, apdev):
852 """RSN pre-authentication timing out"""
853 try:
854 _test_pmksa_cache_preauth_timeout(dev, apdev)
855 finally:
856 dev[0].request("SET dot11RSNAConfigSATimeout 60")
857
858 def _test_pmksa_cache_preauth_timeout(dev, apdev):
859 dev[0].request("SET dot11RSNAConfigSATimeout 1")
860 params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
861 hapd = hostapd.add_ap(apdev[0], params)
862 eap_connect(dev[0], hapd, "PAX", "pax.user@example.com",
863 password_hex="0123456789abcdef0123456789abcdef",
864 bssid=apdev[0]['bssid'])
865 if "OK" not in dev[0].request("PREAUTH f2:11:22:33:44:55"):
866 raise Exception("PREAUTH failed")
867 ev = dev[0].wait_event(["RSN: pre-authentication with"], timeout=5)
868 if ev is None:
869 raise Exception("No timeout event seen")
870 if "timed out" not in ev:
871 raise Exception("Unexpected event: " + ev)
872
873 def test_pmksa_cache_preauth_wpas_oom(dev, apdev):
874 """RSN pre-authentication OOM in wpa_supplicant"""
875 params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
876 hapd = hostapd.add_ap(apdev[0], params)
877 eap_connect(dev[0], hapd, "PAX", "pax.user@example.com",
878 password_hex="0123456789abcdef0123456789abcdef",
879 bssid=apdev[0]['bssid'])
880 for i in range(1, 11):
881 with alloc_fail(dev[0], i, "rsn_preauth_init"):
882 res = dev[0].request("PREAUTH f2:11:22:33:44:55").strip()
883 logger.info("Iteration %d - PREAUTH command results: %s" % (i, res))
884 for j in range(10):
885 state = dev[0].request('GET_ALLOC_FAIL')
886 if state.startswith('0:'):
887 break
888 time.sleep(0.05)
889
890 def test_pmksa_cache_ctrl(dev, apdev):
891 """PMKSA cache control interface operations"""
892 params = hostapd.wpa2_eap_params(ssid="test-pmksa-cache")
893 hapd = hostapd.add_ap(apdev[0], params)
894 bssid = apdev[0]['bssid']
895 addr = dev[0].own_addr()
896
897 dev[0].connect("test-pmksa-cache", proto="RSN", key_mgmt="WPA-EAP",
898 eap="GPSK", identity="gpsk user",
899 password="abcdefghijklmnop0123456789abcdef",
900 scan_freq="2412")
901
902 pmksa_sta = dev[0].get_pmksa(bssid)
903 if pmksa_sta is None:
904 raise Exception("No PMKSA cache entry created on STA")
905 pmksa_ap = hapd.get_pmksa(addr)
906 if pmksa_ap is None:
907 raise Exception("No PMKSA cache entry created on AP")
908 if pmksa_sta['pmkid'] != pmksa_ap['pmkid']:
909 raise Exception("PMKID mismatch in PMKSA cache entries")
910
911 if "OK" not in hapd.request("PMKSA_FLUSH"):
912 raise Exception("PMKSA_FLUSH failed")
913 pmksa_ap = hapd.get_pmksa(addr)
914 if pmksa_ap is not None:
915 raise Exception("PMKSA cache entry was not removed on AP")
916
917 dev[0].request("DISCONNECT")
918 dev[0].wait_disconnected()
919 dev[0].request("RECONNECT")
920 dev[0].wait_connected()
921
922 pmksa_sta2 = dev[0].get_pmksa(bssid)
923 if pmksa_sta2 is None:
924 raise Exception("No PMKSA cache entry created on STA after reconnect")
925 pmksa_ap2 = hapd.get_pmksa(addr)
926 if pmksa_ap2 is None:
927 raise Exception("No PMKSA cache entry created on AP after reconnect")
928 if pmksa_sta2['pmkid'] != pmksa_ap2['pmkid']:
929 raise Exception("PMKID mismatch in PMKSA cache entries after reconnect")
930 if pmksa_sta2['pmkid'] == pmksa_sta['pmkid']:
931 raise Exception("PMKID did not change after reconnect")
932
933 def test_pmksa_cache_ctrl_events(dev, apdev):
934 """PMKSA cache control interface events"""
935 params = hostapd.wpa2_eap_params(ssid="test-pmksa-cache")
936 hapd = hostapd.add_ap(apdev[0], params)
937 bssid = apdev[0]['bssid']
938
939 id = dev[0].connect("test-pmksa-cache", proto="RSN", key_mgmt="WPA-EAP",
940 eap="GPSK", identity="gpsk user",
941 password="abcdefghijklmnop0123456789abcdef",
942 scan_freq="2412", wait_connect=False)
943
944 ev = dev[0].wait_event(["PMKSA-CACHE-ADDED"], timeout=15)
945 if ev is None:
946 raise Exception("No PMKSA-CACHE-ADDED event")
947 dev[0].wait_connected()
948 items = ev.split(' ')
949 if items[1] != bssid:
950 raise Exception("BSSID mismatch: " + ev)
951 if int(items[2]) != id:
952 raise Exception("network_id mismatch: " + ev)
953
954 dev[0].request("PMKSA_FLUSH")
955 ev = dev[0].wait_event(["PMKSA-CACHE-REMOVED"], timeout=15)
956 if ev is None:
957 raise Exception("No PMKSA-CACHE-REMOVED event")
958 dev[0].wait_disconnected()
959 dev[0].request("DISCONNECT")
960 items = ev.split(' ')
961 if items[1] != bssid:
962 raise Exception("BSSID mismatch: " + ev)
963 if int(items[2]) != id:
964 raise Exception("network_id mismatch: " + ev)
965
966 def test_pmksa_cache_ctrl_ext(dev, apdev):
967 """PMKSA cache control interface for external management"""
968 params = hostapd.wpa2_eap_params(ssid="test-pmksa-cache")
969 hapd = hostapd.add_ap(apdev[0], params)
970 bssid = apdev[0]['bssid']
971
972 id = dev[0].connect("test-pmksa-cache", proto="RSN", key_mgmt="WPA-EAP",
973 eap="GPSK", identity="gpsk user",
974 password="abcdefghijklmnop0123456789abcdef",
975 scan_freq="2412")
976
977 res1 = dev[0].request("PMKSA_GET %d" % id)
978 logger.info("PMKSA_GET: " + res1)
979 if "UNKNOWN COMMAND" in res1:
980 raise HwsimSkip("PMKSA_GET not supported in the build")
981 if bssid not in res1:
982 raise Exception("PMKSA cache entry missing")
983
984 hostapd.add_ap(apdev[1], params)
985 bssid2 = apdev[1]['bssid']
986 dev[0].scan_for_bss(bssid2, freq=2412, force_scan=True)
987 dev[0].request("ROAM " + bssid2)
988 dev[0].wait_connected()
989
990 res2 = dev[0].request("PMKSA_GET %d" % id)
991 logger.info("PMKSA_GET: " + res2)
992 if bssid not in res2:
993 raise Exception("PMKSA cache entry 1 missing")
994 if bssid2 not in res2:
995 raise Exception("PMKSA cache entry 2 missing")
996
997 dev[0].request("REMOVE_NETWORK all")
998 dev[0].wait_disconnected()
999 dev[0].request("PMKSA_FLUSH")
1000
1001 id = dev[0].connect("test-pmksa-cache", proto="RSN", key_mgmt="WPA-EAP",
1002 eap="GPSK", identity="gpsk user",
1003 password="abcdefghijklmnop0123456789abcdef",
1004 scan_freq="2412", only_add_network=True)
1005 res3 = dev[0].request("PMKSA_GET %d" % id)
1006 if res3 != '':
1007 raise Exception("Unexpected PMKSA cache entry remains: " + res3)
1008 res4 = dev[0].request("PMKSA_GET %d" % (id + 1234))
1009 if not res4.startswith('FAIL'):
1010 raise Exception("Unexpected PMKSA cache entry for unknown network: " + res4)
1011
1012 for entry in res2.splitlines():
1013 if "OK" not in dev[0].request("PMKSA_ADD %d %s" % (id, entry)):
1014 raise Exception("Failed to add PMKSA entry")
1015
1016 dev[0].select_network(id)
1017 ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
1018 "CTRL-EVENT-CONNECTED"], timeout=15)
1019 if ev is None:
1020 raise Exception("Connection with the AP timed out")
1021 if "CTRL-EVENT-EAP-STARTED" in ev:
1022 raise Exception("Unexpected EAP exchange after external PMKSA cache restore")
1023
1024 def test_rsn_preauth_processing(dev, apdev):
1025 """RSN pre-authentication processing on AP"""
1026 params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
1027 params['rsn_preauth'] = '1'
1028 params['rsn_preauth_interfaces'] = "lo"
1029 hapd = hostapd.add_ap(apdev[0], params)
1030 bssid = hapd.own_addr()
1031 _bssid = binascii.unhexlify(bssid.replace(':', ''))
1032 eap_connect(dev[0], hapd, "PAX", "pax.user@example.com",
1033 password_hex="0123456789abcdef0123456789abcdef")
1034 addr = dev[0].own_addr()
1035 _addr = binascii.unhexlify(addr.replace(':', ''))
1036
1037 sock = socket.socket(socket.AF_PACKET, socket.SOCK_RAW,
1038 socket.htons(0x88c7))
1039 sock.bind(("lo", socket.htons(0x88c7)))
1040
1041 foreign = b"\x02\x03\x04\x05\x06\x07"
1042 proto = b"\x88\xc7"
1043 tests = []
1044 # RSN: too short pre-auth packet (len=14)
1045 tests += [_bssid + foreign + proto]
1046 # Not EAPOL-Start
1047 tests += [_bssid + foreign + proto + struct.pack('>BBH', 0, 0, 0)]
1048 # RSN: pre-auth for foreign address 02:03:04:05:06:07
1049 tests += [foreign + foreign + proto + struct.pack('>BBH', 0, 0, 0)]
1050 # RSN: pre-auth for already association STA 02:00:00:00:00:00
1051 tests += [_bssid + _addr + proto + struct.pack('>BBH', 0, 0, 0)]
1052 # New STA
1053 tests += [_bssid + foreign + proto + struct.pack('>BBH', 0, 1, 1)]
1054 # IEEE 802.1X: received EAPOL-Start from STA
1055 tests += [_bssid + foreign + proto + struct.pack('>BBH', 0, 1, 0)]
1056 # frame too short for this IEEE 802.1X packet
1057 tests += [_bssid + foreign + proto + struct.pack('>BBH', 0, 1, 1)]
1058 # EAPOL-Key - Dropped key data from unauthorized Supplicant
1059 tests += [_bssid + foreign + proto + struct.pack('>BBH', 2, 3, 0)]
1060 # EAPOL-Encapsulated-ASF-Alert
1061 tests += [_bssid + foreign + proto + struct.pack('>BBH', 2, 4, 0)]
1062 # unknown IEEE 802.1X packet type
1063 tests += [_bssid + foreign + proto + struct.pack('>BBH', 2, 255, 0)]
1064 for t in tests:
1065 sock.send(t)
1066
1067 def test_rsn_preauth_local_errors(dev, apdev):
1068 """RSN pre-authentication and local errors on AP"""
1069 params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
1070 params['rsn_preauth'] = '1'
1071 params['rsn_preauth_interfaces'] = "lo"
1072 hapd = hostapd.add_ap(apdev[0], params)
1073 bssid = hapd.own_addr()
1074 _bssid = binascii.unhexlify(bssid.replace(':', ''))
1075
1076 sock = socket.socket(socket.AF_PACKET, socket.SOCK_RAW,
1077 socket.htons(0x88c7))
1078 sock.bind(("lo", socket.htons(0x88c7)))
1079
1080 foreign = b"\x02\x03\x04\x05\x06\x07"
1081 foreign2 = b"\x02\x03\x04\x05\x06\x08"
1082 proto = b"\x88\xc7"
1083
1084 with alloc_fail(hapd, 1, "ap_sta_add;rsn_preauth_receive"):
1085 sock.send(_bssid + foreign + proto + struct.pack('>BBH', 2, 1, 0))
1086 wait_fail_trigger(hapd, "GET_ALLOC_FAIL")
1087
1088 with alloc_fail(hapd, 1, "eapol_auth_alloc;rsn_preauth_receive"):
1089 sock.send(_bssid + foreign + proto + struct.pack('>BBH', 2, 1, 0))
1090 wait_fail_trigger(hapd, "GET_ALLOC_FAIL")
1091 sock.send(_bssid + foreign + proto + struct.pack('>BBH', 2, 1, 0))
1092
1093 with alloc_fail(hapd, 1, "eap_server_sm_init;ieee802_1x_new_station;rsn_preauth_receive"):
1094 sock.send(_bssid + foreign2 + proto + struct.pack('>BBH', 2, 1, 0))
1095 wait_fail_trigger(hapd, "GET_ALLOC_FAIL")
1096 sock.send(_bssid + foreign2 + proto + struct.pack('>BBH', 2, 1, 0))
1097
1098 hapd.request("DISABLE")
1099 tests = [(1, "=rsn_preauth_iface_add"),
1100 (2, "=rsn_preauth_iface_add"),
1101 (1, "l2_packet_init;rsn_preauth_iface_add"),
1102 (1, "rsn_preauth_iface_init"),
1103 (1, "rsn_preauth_iface_init")]
1104 for count, func in tests:
1105 with alloc_fail(hapd, count, func):
1106 if "FAIL" not in hapd.request("ENABLE"):
1107 raise Exception("ENABLE succeeded unexpectedly")
1108
1109 hapd.set("rsn_preauth_interfaces", "lo lo lo does-not-exist lo ")
1110 if "FAIL" not in hapd.request("ENABLE"):
1111 raise Exception("ENABLE succeeded unexpectedly")
1112 hapd.set("rsn_preauth_interfaces", " lo lo ")
1113 if "OK" not in hapd.request("ENABLE"):
1114 raise Exception("ENABLE failed")
1115 sock.send(_bssid + foreign + proto + struct.pack('>BBH', 2, 1, 0))
1116 sock.send(_bssid + foreign2 + proto + struct.pack('>BBH', 2, 1, 0))
Unnamed repository; edit this file 'description' to name the repository.