# This software may be distributed under the terms of the BSD license.
# See README for more details.
+from remotehost import remote_compatible
import binascii
from Crypto.Cipher import AES
import hashlib
if mib[v[0]] != v[1]:
raise Exception("Unexpected {} = {} (expected {})".format(v[0], mib[v[0]], v[1]))
+@remote_compatible
def test_ap_wpa2_psk(dev, apdev):
"""WPA2-PSK AP with PSK instead of passphrase"""
ssid = "test-wpa2-psk"
raise Exception("Timed out while waiting for failure report")
dev[1].request("REMOVE_NETWORK all")
+@remote_compatible
def test_ap_wpa2_psk_mem(dev, apdev):
"""WPA2-PSK AP with passphrase only in memory"""
try:
dev[1].request("CTRL-RSP-PSK_PASSPHRASE-" + id + ':' + psk)
dev[1].wait_connected(timeout=10)
+@remote_compatible
def test_ap_wpa2_ptk_rekey(dev, apdev):
"""WPA2-PSK AP and PTK rekey enforced by station"""
ssid = "test-wpa2-psk"
raise Exception("PTK rekey timed out")
hwsim_utils.test_connectivity(dev[0], hapd)
+@remote_compatible
def test_ap_wpa2_ptk_rekey_ap(dev, apdev):
"""WPA2-PSK AP and PTK rekey enforced by AP"""
ssid = "test-wpa2-psk"
raise Exception("PTK rekey timed out")
hwsim_utils.test_connectivity(dev[0], hapd)
+@remote_compatible
def test_ap_wpa2_sha256_ptk_rekey(dev, apdev):
"""WPA2-PSK/SHA256 AKM AP and PTK rekey enforced by station"""
ssid = "test-wpa2-psk"
check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-6"),
("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-6") ])
+@remote_compatible
def test_ap_wpa2_sha256_ptk_rekey_ap(dev, apdev):
"""WPA2-PSK/SHA256 AKM AP and PTK rekey enforced by AP"""
ssid = "test-wpa2-psk"
check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-6"),
("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-6") ])
+@remote_compatible
def test_ap_wpa_ptk_rekey(dev, apdev):
"""WPA-PSK/TKIP AP and PTK rekey enforced by station"""
skip_with_fips(dev[0])
raise Exception("PTK rekey timed out")
hwsim_utils.test_connectivity(dev[0], hapd)
+@remote_compatible
def test_ap_wpa_ptk_rekey_ap(dev, apdev):
"""WPA-PSK/TKIP AP and PTK rekey enforced by AP"""
skip_with_fips(dev[0])
raise Exception("PTK rekey timed out")
hwsim_utils.test_connectivity(dev[0], hapd)
+@remote_compatible
def test_ap_wpa_ccmp(dev, apdev):
"""WPA-PSK/CCMP"""
ssid = "test-wpa-psk"
("dot11RSNAAuthenticationSuiteSelected", "00-50-f2-2"),
("dot1xSuppSuppControlledPortStatus", "Authorized") ])
-def test_ap_wpa2_psk_file(dev, apdev):
+def test_ap_wpa2_psk_file_errors(dev, apdev):
"""WPA2-PSK AP with various PSK file error and success cases"""
addr0 = dev[0].own_addr()
addr1 = dev[1].own_addr()
except:
pass
+@remote_compatible
def test_ap_wpa2_psk_wildcard_ssid(dev, apdev):
"""WPA2-PSK AP and wildcard SSID configuration"""
ssid = "test-wpa2-psk"
scan_freq="2412")
dev[1].connect("", bssid=apdev[0]['bssid'], raw_psk=psk, scan_freq="2412")
+@remote_compatible
def test_ap_wpa2_gtk_rekey(dev, apdev):
"""WPA2-PSK AP and GTK rekey enforced by AP"""
ssid = "test-wpa2-psk"
raise Exception("GTK rekey timed out")
hwsim_utils.test_connectivity(dev[0], hapd)
+@remote_compatible
def test_ap_wpa_gtk_rekey(dev, apdev):
"""WPA-PSK/TKIP AP and GTK rekey enforced by AP"""
skip_with_fips(dev[0])
raise Exception("GTK rekey timed out")
hwsim_utils.test_connectivity(dev[0], hapd)
+@remote_compatible
def test_ap_wpa2_gmk_rekey(dev, apdev):
"""WPA2-PSK AP and GMK and GTK rekey enforced by AP"""
ssid = "test-wpa2-psk"
raise Exception("GTK rekey timed out")
hwsim_utils.test_connectivity(dev[0], hapd)
+@remote_compatible
def test_ap_wpa2_strict_rekey(dev, apdev):
"""WPA2-PSK AP and strict GTK rekey enforced by AP"""
ssid = "test-wpa2-psk"
raise Exception("GTK rekey timed out")
hwsim_utils.test_connectivity(dev[0], hapd)
+@remote_compatible
def test_ap_wpa2_bridge_fdb(dev, apdev):
"""Bridge FDB entry removal"""
+ hapd = None
try:
ssid = "test-wpa2-psk"
passphrase = "12345678"
params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
params['bridge'] = 'ap-br0'
- hostapd.add_ap(apdev[0], params)
- subprocess.call(['brctl', 'setfd', 'ap-br0', '0'])
- subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
+ hapd = hostapd.add_ap(apdev[0], params)
+ hapd.cmd_execute(['brctl', 'setfd', 'ap-br0', '0'])
+ hapd.cmd_execute(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
dev[0].connect(ssid, psk=passphrase, scan_freq="2412",
bssid=apdev[0]['bssid'])
dev[1].connect(ssid, psk=passphrase, scan_freq="2412",
bssid=apdev[0]['bssid'])
addr0 = dev[0].p2p_interface_addr()
hwsim_utils.test_connectivity_sta(dev[0], dev[1])
- cmd = subprocess.Popen(['brctl', 'showmacs', 'ap-br0'],
- stdout=subprocess.PIPE)
- macs1 = cmd.stdout.read()
- cmd = subprocess.call(['brctl', 'setageing', 'ap-br0', '1'])
+ err, macs1 = hapd.cmd_execute(['brctl', 'showmacs', 'ap-br0'])
+ hapd.cmd_execute(['brctl', 'setageing', 'ap-br0', '1'])
dev[0].request("DISCONNECT")
dev[1].request("DISCONNECT")
time.sleep(1)
- cmd = subprocess.Popen(['brctl', 'showmacs', 'ap-br0'],
- stdout=subprocess.PIPE)
- macs2 = cmd.stdout.read()
+ err, macs2 = hapd.cmd_execute(['brctl', 'showmacs', 'ap-br0'])
addr1 = dev[1].p2p_interface_addr()
if addr0 not in macs1 or addr1 not in macs1:
if addr0 in macs2 or addr1 in macs2:
raise Exception("Bridge FDB entry was not removed")
finally:
- subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'])
- subprocess.call(['brctl', 'delbr', 'ap-br0'])
+ hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', 'ap-br0',
+ 'down'])
+ hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', 'ap-br0'])
+@remote_compatible
def test_ap_wpa2_already_in_bridge(dev, apdev):
"""hostapd behavior with interface already in bridge"""
ifname = apdev[0]['ifname']
try:
ssid = "test-wpa2-psk"
passphrase = "12345678"
- subprocess.call(['brctl', 'addbr', br_ifname])
- subprocess.call(['brctl', 'setfd', br_ifname, '0'])
- subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'up'])
- subprocess.call(['iw', ifname, 'set', 'type', '__ap'])
- subprocess.call(['brctl', 'addif', br_ifname, ifname])
+ hostapd.cmd_execute(apdev[0], ['brctl', 'addbr', br_ifname])
+ hostapd.cmd_execute(apdev[0], ['brctl', 'setfd', br_ifname, '0'])
+ hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname,
+ 'up'])
+ hostapd.cmd_execute(apdev[0], ['iw', ifname, 'set', 'type', '__ap'])
+ hostapd.cmd_execute(apdev[0], ['brctl', 'addif', br_ifname, ifname])
params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
hapd = hostapd.add_ap(apdev[0], params)
if hapd.get_driver_status_field('brname') != br_ifname:
raise Exception("Bridge name not identified correctly")
dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
finally:
- subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'down'])
- subprocess.call(['brctl', 'delif', br_ifname, ifname])
- subprocess.call(['iw', ifname, 'set', 'type', 'station'])
- subprocess.call(['brctl', 'delbr', br_ifname])
+ hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname,
+ 'down'])
+ hostapd.cmd_execute(apdev[0], ['brctl', 'delif', br_ifname, ifname])
+ hostapd.cmd_execute(apdev[0], ['iw', ifname, 'set', 'type', 'station'])
+ hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', br_ifname])
+@remote_compatible
def test_ap_wpa2_in_different_bridge(dev, apdev):
"""hostapd behavior with interface in different bridge"""
ifname = apdev[0]['ifname']
try:
ssid = "test-wpa2-psk"
passphrase = "12345678"
- subprocess.call(['brctl', 'addbr', br_ifname])
- subprocess.call(['brctl', 'setfd', br_ifname, '0'])
- subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'up'])
- subprocess.call(['iw', ifname, 'set', 'type', '__ap'])
- subprocess.call(['brctl', 'addif', br_ifname, ifname])
+ hostapd.cmd_execute(apdev[0], ['brctl', 'addbr', br_ifname])
+ hostapd.cmd_execute(apdev[0], ['brctl', 'setfd', br_ifname, '0'])
+ hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname,
+ 'up'])
+ hostapd.cmd_execute(apdev[0], ['iw', ifname, 'set', 'type', '__ap'])
+ hostapd.cmd_execute(apdev[0], ['brctl', 'addif', br_ifname, ifname])
time.sleep(0.5)
params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
params['bridge'] = 'ap-br0'
hapd = hostapd.add_ap(apdev[0], params)
- subprocess.call(['brctl', 'setfd', 'ap-br0', '0'])
- subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
+ hostapd.cmd_execute(apdev[0], ['brctl', 'setfd', 'ap-br0', '0'])
+ hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', 'ap-br0',
+ 'up'])
brname = hapd.get_driver_status_field('brname')
if brname != 'ap-br0':
raise Exception("Incorrect bridge: " + brname)
dev[0].request("DISCONNECT")
hapd.disable()
finally:
- subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'down'])
- subprocess.call(['brctl', 'delif', br_ifname, ifname],
- stderr=open('/dev/null', 'w'))
- subprocess.call(['brctl', 'delbr', br_ifname])
+ hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname,
+ 'down'])
+ hostapd.cmd_execute(apdev[0], ['brctl', 'delif', br_ifname, ifname,
+ "2>", "/dev/null"], shell=True)
+ hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', br_ifname])
+@remote_compatible
def test_ap_wpa2_ext_add_to_bridge(dev, apdev):
"""hostapd behavior with interface added to bridge externally"""
ifname = apdev[0]['ifname']
params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
hapd = hostapd.add_ap(apdev[0], params)
- subprocess.call(['brctl', 'addbr', br_ifname])
- subprocess.call(['brctl', 'setfd', br_ifname, '0'])
- subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'up'])
- subprocess.call(['brctl', 'addif', br_ifname, ifname])
+ hostapd.cmd_execute(apdev[0], ['brctl', 'addbr', br_ifname])
+ hostapd.cmd_execute(apdev[0], ['brctl', 'setfd', br_ifname, '0'])
+ hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname,
+ 'up'])
+ hostapd.cmd_execute(apdev[0], ['brctl', 'addif', br_ifname, ifname])
dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
if hapd.get_driver_status_field('brname') != br_ifname:
raise Exception("Bridge name not identified correctly")
finally:
- subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'down'])
- subprocess.call(['brctl', 'delif', br_ifname, ifname])
- subprocess.call(['brctl', 'delbr', br_ifname])
+ hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname,
+ 'down'])
+ hostapd.cmd_execute(apdev[0], ['brctl', 'delif', br_ifname, ifname])
+ hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', br_ifname])
def test_ap_wpa2_psk_ext(dev, apdev):
"""WPA2-PSK AP using external EAPOL I/O"""
hwsim_utils.test_connectivity(dev[0], hapd)
+def test_ap_wpa2_psk_ext_retry_msg_3b(dev, apdev):
+ """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (b)"""
+ bssid = apdev[0]['bssid']
+ ssid = "test-wpa2-psk"
+ passphrase = 'qwertyuiop'
+ psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
+ params = hostapd.wpa2_params(ssid=ssid)
+ params['wpa_psk'] = psk
+ hapd = hostapd.add_ap(apdev[0], params)
+ hapd.request("SET ext_eapol_frame_io 1")
+ dev[0].request("SET ext_eapol_frame_io 1")
+ dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
+ addr = dev[0].p2p_interface_addr()
+
+ # EAPOL-Key msg 1/4
+ ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
+ if ev is None:
+ raise Exception("Timeout on EAPOL-TX from hostapd")
+ res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
+ if "OK" not in res:
+ raise Exception("EAPOL_RX to wpa_supplicant failed")
+
+ # EAPOL-Key msg 2/4
+ ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
+ if ev is None:
+ raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
+ res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
+ if "OK" not in res:
+ raise Exception("EAPOL_RX to hostapd failed")
+
+ # EAPOL-Key msg 3/4
+ ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
+ if ev is None:
+ raise Exception("Timeout on EAPOL-TX from hostapd")
+ # Do not send the first msg 3/4 to the STA yet; wait for retransmission
+ # from AP.
+ msg3_1 = ev
+
+ # EAPOL-Key msg 3/4 (retry)
+ ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
+ if ev is None:
+ raise Exception("Timeout on EAPOL-TX from hostapd")
+ msg3_2 = ev
+
+ # Send the first msg 3/4 to STA
+ res = dev[0].request("EAPOL_RX " + bssid + " " + msg3_1.split(' ')[2])
+ if "OK" not in res:
+ raise Exception("EAPOL_RX to wpa_supplicant failed")
+
+ # EAPOL-Key msg 4/4
+ ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
+ if ev is None:
+ raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
+ res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
+ if "OK" not in res:
+ raise Exception("EAPOL_RX to hostapd failed")
+ dev[0].wait_connected(timeout=15)
+ ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
+ if ev is None:
+ raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
+
+ hwsim_utils.test_connectivity(dev[0], hapd)
+
+ # Send the second msg 3/4 to STA
+ res = dev[0].request("EAPOL_RX " + bssid + " " + msg3_2.split(' ')[2])
+ if "OK" not in res:
+ raise Exception("EAPOL_RX to wpa_supplicant failed")
+ # EAPOL-Key msg 4/4
+ ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
+ if ev is None:
+ raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
+ # Do not send the second msg 4/4 to the AP
+
+ hwsim_utils.test_connectivity(dev[0], hapd)
+
+def test_ap_wpa2_psk_ext_retry_msg_3c(dev, apdev):
+ """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (c)"""
+ bssid = apdev[0]['bssid']
+ ssid = "test-wpa2-psk"
+ passphrase = 'qwertyuiop'
+ psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
+ params = hostapd.wpa2_params(ssid=ssid)
+ params['wpa_psk'] = psk
+ hapd = hostapd.add_ap(apdev[0], params)
+ hapd.request("SET ext_eapol_frame_io 1")
+ dev[0].request("SET ext_eapol_frame_io 1")
+ dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
+ addr = dev[0].p2p_interface_addr()
+
+ # EAPOL-Key msg 1/4
+ ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
+ if ev is None:
+ raise Exception("Timeout on EAPOL-TX from hostapd")
+ msg1 = ev.split(' ')[2]
+ res = dev[0].request("EAPOL_RX " + bssid + " " + msg1)
+ if "OK" not in res:
+ raise Exception("EAPOL_RX to wpa_supplicant failed")
+
+ # EAPOL-Key msg 2/4
+ ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
+ if ev is None:
+ raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
+ res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
+ if "OK" not in res:
+ raise Exception("EAPOL_RX to hostapd failed")
+
+ # EAPOL-Key msg 3/4
+ ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
+ if ev is None:
+ raise Exception("Timeout on EAPOL-TX from hostapd")
+ res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
+ if "OK" not in res:
+ raise Exception("EAPOL_RX to wpa_supplicant failed")
+
+ # EAPOL-Key msg 4/4
+ ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
+ if ev is None:
+ raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
+ msg4 = ev.split(' ')[2]
+ # Do not send msg 4/4 to hostapd to trigger retry
+
+ # STA believes everything is ready
+ dev[0].wait_connected()
+
+ # EAPOL-Key msg 3/4 (retry)
+ ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
+ if ev is None:
+ raise Exception("Timeout on EAPOL-TX from hostapd")
+ msg3 = ev.split(' ')[2]
+
+ # Send a forged msg 1/4 to STA (update replay counter)
+ msg1b = msg1[0:18] + msg3[18:34] + msg1[34:]
+ # and replace nonce (this results in "WPA: ANonce from message 1 of
+ # 4-Way Handshake differs from 3 of 4-Way Handshake - drop packet" when
+ # wpa_supplicant processed msg 3/4 afterwards)
+ #msg1b = msg1[0:18] + msg3[18:34] + 32*"ff" + msg1[98:]
+ res = dev[0].request("EAPOL_RX " + bssid + " " + msg1b)
+ if "OK" not in res:
+ raise Exception("EAPOL_RX to wpa_supplicant failed")
+ # EAPOL-Key msg 2/4
+ ev = dev[0].wait_event(["EAPOL-TX"], timeout=1)
+ if ev is None:
+ # wpa_supplicant seems to have ignored the forged message. This means
+ # the attack would fail.
+ logger.info("wpa_supplicant ignored forged EAPOL-Key msg 1/4")
+ return
+ # Do not send msg 2/4 to hostapd
+
+ # Send previously received msg 3/4 to STA
+ res = dev[0].request("EAPOL_RX " + bssid + " " + msg3)
+ if "OK" not in res:
+ raise Exception("EAPOL_RX to wpa_supplicant failed")
+
+ # EAPOL-Key msg 4/4
+ ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
+ if ev is None:
+ raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
+ res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
+ if "OK" not in res:
+ raise Exception("EAPOL_RX to hostapd failed")
+
+ ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
+ if ev is None:
+ raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
+
+ hwsim_utils.test_connectivity(dev[0], hapd)
+
+def test_ap_wpa2_psk_ext_retry_msg_3d(dev, apdev):
+ """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (d)"""
+ bssid = apdev[0]['bssid']
+ ssid = "test-wpa2-psk"
+ passphrase = 'qwertyuiop'
+ psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
+ params = hostapd.wpa2_params(ssid=ssid)
+ params['wpa_psk'] = psk
+ hapd = hostapd.add_ap(apdev[0], params)
+ hapd.request("SET ext_eapol_frame_io 1")
+ dev[0].request("SET ext_eapol_frame_io 1")
+ dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
+ addr = dev[0].p2p_interface_addr()
+
+ # EAPOL-Key msg 1/4
+ ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
+ if ev is None:
+ raise Exception("Timeout on EAPOL-TX from hostapd")
+ msg1 = ev.split(' ')[2]
+ res = dev[0].request("EAPOL_RX " + bssid + " " + msg1)
+ if "OK" not in res:
+ raise Exception("EAPOL_RX to wpa_supplicant failed")
+
+ # EAPOL-Key msg 2/4
+ ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
+ if ev is None:
+ raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
+ res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
+ if "OK" not in res:
+ raise Exception("EAPOL_RX to hostapd failed")
+
+ # EAPOL-Key msg 3/4
+ ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
+ if ev is None:
+ raise Exception("Timeout on EAPOL-TX from hostapd")
+ res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
+ if "OK" not in res:
+ raise Exception("EAPOL_RX to wpa_supplicant failed")
+
+ # EAPOL-Key msg 4/4
+ ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
+ if ev is None:
+ raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
+ msg4 = ev.split(' ')[2]
+ # Do not send msg 4/4 to hostapd to trigger retry
+
+ # STA believes everything is ready
+ dev[0].wait_connected()
+
+ # EAPOL-Key msg 3/4 (retry)
+ ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
+ if ev is None:
+ raise Exception("Timeout on EAPOL-TX from hostapd")
+ msg3 = ev.split(' ')[2]
+
+ # Send a forged msg 1/4 to STA (update replay counter)
+ msg1b = msg1[0:18] + msg3[18:34] + msg1[34:]
+ res = dev[0].request("EAPOL_RX " + bssid + " " + msg1b)
+ if "OK" not in res:
+ raise Exception("EAPOL_RX to wpa_supplicant failed")
+ # EAPOL-Key msg 2/4
+ ev = dev[0].wait_event(["EAPOL-TX"], timeout=1)
+ if ev is None:
+ # wpa_supplicant seems to have ignored the forged message. This means
+ # the attack would fail.
+ logger.info("wpa_supplicant ignored forged EAPOL-Key msg 1/4")
+ return
+ # Do not send msg 2/4 to hostapd
+
+ # EAPOL-Key msg 3/4 (retry 2)
+ # New one needed to get the correct Replay Counter value
+ ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
+ if ev is None:
+ raise Exception("Timeout on EAPOL-TX from hostapd")
+ msg3 = ev.split(' ')[2]
+
+ # Send msg 3/4 to STA
+ res = dev[0].request("EAPOL_RX " + bssid + " " + msg3)
+ if "OK" not in res:
+ raise Exception("EAPOL_RX to wpa_supplicant failed")
+
+ # EAPOL-Key msg 4/4
+ ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
+ if ev is None:
+ raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
+ res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
+ if "OK" not in res:
+ raise Exception("EAPOL_RX to hostapd failed")
+
+ ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
+ if ev is None:
+ raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
+
+ hwsim_utils.test_connectivity(dev[0], hapd)
+
+def test_ap_wpa2_psk_ext_retry_msg_3e(dev, apdev):
+ """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (e)"""
+ bssid = apdev[0]['bssid']
+ ssid = "test-wpa2-psk"
+ passphrase = 'qwertyuiop'
+ psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
+ params = hostapd.wpa2_params(ssid=ssid)
+ params['wpa_psk'] = psk
+ hapd = hostapd.add_ap(apdev[0], params)
+ hapd.request("SET ext_eapol_frame_io 1")
+ dev[0].request("SET ext_eapol_frame_io 1")
+ dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
+ addr = dev[0].p2p_interface_addr()
+
+ # EAPOL-Key msg 1/4
+ ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
+ if ev is None:
+ raise Exception("Timeout on EAPOL-TX from hostapd")
+ msg1 = ev.split(' ')[2]
+ res = dev[0].request("EAPOL_RX " + bssid + " " + msg1)
+ if "OK" not in res:
+ raise Exception("EAPOL_RX to wpa_supplicant failed")
+
+ # EAPOL-Key msg 2/4
+ ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
+ if ev is None:
+ raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
+ res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
+ if "OK" not in res:
+ raise Exception("EAPOL_RX to hostapd failed")
+
+ # EAPOL-Key msg 3/4
+ ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
+ if ev is None:
+ raise Exception("Timeout on EAPOL-TX from hostapd")
+ res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
+ if "OK" not in res:
+ raise Exception("EAPOL_RX to wpa_supplicant failed")
+
+ # EAPOL-Key msg 4/4
+ ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
+ if ev is None:
+ raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
+ msg4 = ev.split(' ')[2]
+ # Do not send msg 4/4 to hostapd to trigger retry
+
+ # STA believes everything is ready
+ dev[0].wait_connected()
+
+ # EAPOL-Key msg 3/4 (retry)
+ ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
+ if ev is None:
+ raise Exception("Timeout on EAPOL-TX from hostapd")
+ msg3 = ev.split(' ')[2]
+
+ # Send a forged msg 1/4 to STA (update replay counter and replace ANonce)
+ msg1b = msg1[0:18] + msg3[18:34] + 32*"ff" + msg1[98:]
+ res = dev[0].request("EAPOL_RX " + bssid + " " + msg1b)
+ if "OK" not in res:
+ raise Exception("EAPOL_RX to wpa_supplicant failed")
+ # EAPOL-Key msg 2/4
+ ev = dev[0].wait_event(["EAPOL-TX"], timeout=1)
+ if ev is None:
+ raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
+ # Do not send msg 2/4 to hostapd
+
+ # Send a forged msg 1/4 to STA (back to previously used ANonce)
+ msg1b = msg1[0:18] + msg3[18:34] + msg1[34:]
+ res = dev[0].request("EAPOL_RX " + bssid + " " + msg1b)
+ if "OK" not in res:
+ raise Exception("EAPOL_RX to wpa_supplicant failed")
+ # EAPOL-Key msg 2/4
+ ev = dev[0].wait_event(["EAPOL-TX"], timeout=1)
+ if ev is None:
+ # wpa_supplicant seems to have ignored the forged message. This means
+ # the attack would fail.
+ logger.info("wpa_supplicant ignored forged EAPOL-Key msg 1/4")
+ return
+ # Do not send msg 2/4 to hostapd
+
+ # EAPOL-Key msg 3/4 (retry 2)
+ # New one needed to get the correct Replay Counter value
+ ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
+ if ev is None:
+ raise Exception("Timeout on EAPOL-TX from hostapd")
+ msg3 = ev.split(' ')[2]
+
+ # Send msg 3/4 to STA
+ res = dev[0].request("EAPOL_RX " + bssid + " " + msg3)
+ if "OK" not in res:
+ raise Exception("EAPOL_RX to wpa_supplicant failed")
+
+ # EAPOL-Key msg 4/4
+ ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
+ if ev is None:
+ raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
+ res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
+ if "OK" not in res:
+ raise Exception("EAPOL_RX to hostapd failed")
+
+ ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
+ if ev is None:
+ raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
+
+ hwsim_utils.test_connectivity(dev[0], hapd)
+
def parse_eapol(data):
(version, type, length) = struct.unpack('>BBH', data[0:4])
payload = data[4:]
snonce = binascii.unhexlify('1111111111111111111111111111111111111111111111111111111111111111')
return (bssid,ssid,hapd,snonce,pmk,addr,rsne)
+@remote_compatible
def test_ap_wpa2_psk_ext_eapol(dev, apdev):
"""WPA2-PSK AP using external EAPOL supplicant"""
(bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
hapd_connected(hapd)
+@remote_compatible
def test_ap_wpa2_psk_ext_eapol_retry1(dev, apdev):
"""WPA2 4-way handshake with EAPOL-Key 1/4 retransmitted"""
(bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
hapd_connected(hapd)
+@remote_compatible
def test_ap_wpa2_psk_ext_eapol_retry1b(dev, apdev):
"""WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted"""
(bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
hapd_connected(hapd)
+@remote_compatible
def test_ap_wpa2_psk_ext_eapol_retry1c(dev, apdev):
"""WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted and SNonce changing"""
(bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
hapd_connected(hapd)
+@remote_compatible
def test_ap_wpa2_psk_ext_eapol_retry1d(dev, apdev):
"""WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted and SNonce changing and older used"""
(bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
hapd_connected(hapd)
+@remote_compatible
def test_ap_wpa2_psk_ext_eapol_type_diff(dev, apdev):
"""WPA2 4-way handshake using external EAPOL supplicant"""
(bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
hapd_connected(hapd)
+@remote_compatible
def test_ap_wpa_psk_ext_eapol(dev, apdev):
"""WPA2-PSK AP using external EAPOL supplicant"""
(bssid,ssid,hapd,snonce,pmk,addr,wpae) = eapol_test(apdev[0], dev[0],
reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
hapd_connected(hapd)
+@remote_compatible
def test_ap_wpa2_psk_ext_eapol_key_info(dev, apdev):
"""WPA2-PSK 4-way handshake with strange key info values"""
(bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
counter = 1
msg = build_eapol_key_1_4(anonce, replay_counter=counter)
counter += 1
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
msg = recv_eapol(dev[0])
snonce = msg['rsn_key_nonce']
dev[0].dump_monitor()
msg = build_eapol_key_3_4(anonce, kck, '', replay_counter=counter)
counter += 1
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
ev = dev[0].wait_event(["WPA: Unsupported AES-WRAP len 0"])
if ev is None:
raise Exception("Unsupported AES-WRAP len 0 not reported")
dev[0].dump_monitor()
msg = build_eapol_key_3_4(anonce, kck, '1', replay_counter=counter)
counter += 1
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
ev = dev[0].wait_event(["WPA: Unsupported AES-WRAP len 1"])
if ev is None:
raise Exception("Unsupported AES-WRAP len 1 not reported")
dev[0].dump_monitor()
msg = build_eapol_key_3_4(anonce, kck, '123456789', replay_counter=counter)
counter += 1
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
ev = dev[0].wait_event(["WPA: Unsupported AES-WRAP len 9"])
if ev is None:
raise Exception("Unsupported AES-WRAP len 9 not reported")
dev[0].dump_monitor()
msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter)
# do not increment counter to test replay protection
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
ev = dev[0].wait_event(["WPA: AES unwrap failed"])
if ev is None:
raise Exception("AES unwrap failure not reported")
dev[0].dump_monitor()
msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter)
counter += 1
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
ev = dev[0].wait_event(["WPA: EAPOL-Key Replay Counter did not increase"])
if ev is None:
raise Exception("Replay Counter replay not reported")
msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter,
key_info=0x134a)
counter += 1
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
ev = dev[0].wait_event(["WPA: No Ack bit in key_info"])
if ev is None:
raise Exception("Missing Ack bit not reported")
msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter,
key_info=0x1bca)
counter += 1
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
ev = dev[0].wait_event(["WPA: EAPOL-Key with Request bit"])
if ev is None:
raise Exception("Request bit not reported")
msg = build_eapol_key_3_4(anonce, kck, '0123456789abcdef',
replay_counter=counter, key_info=0x13c8)
counter += 1
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
ev = dev[0].wait_event(["WPA: Unsupported EAPOL-Key descriptor version 0"])
if ev is None:
raise Exception("Unsupported EAPOL-Key descriptor version 0 not reported")
msg = build_eapol_key_3_4(anonce, kck, '0123456789abcdef',
replay_counter=counter, key_info=0x13c9)
counter += 1
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
ev = dev[0].wait_event(["WPA: CCMP is used, but EAPOL-Key descriptor version (1) is not 2"])
if ev is None:
raise Exception("Not allowed EAPOL-Key descriptor version not reported")
msg = build_eapol_key_3_4(anonce, kck, '0123456789abcdef',
replay_counter=counter, key_info=0x13ca)
counter += 1
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
ev = dev[0].wait_event(["WPA: AES unwrap failed"])
if ev is None:
raise Exception("AES unwrap failure not reported")
msg = build_eapol_key_3_4(anonce, kck, '0123456789abcdef',
replay_counter=counter, key_info=0x13cb)
counter += 1
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
ev = dev[0].wait_event(["WPA: CCMP is used, but EAPOL-Key descriptor version (3) is not 2"])
if ev is None:
raise Exception("CCMP key descriptor mismatch not reported")
msg = build_eapol_key_3_4(anonce, kck, '0123456789abcdef',
replay_counter=counter, key_info=0x13cc)
counter += 1
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
ev = dev[0].wait_event(["WPA: Unsupported EAPOL-Key descriptor version 4"])
if ev is None:
raise Exception("Unsupported EAPOL-Key descriptor version 4 not reported")
msg = build_eapol_key_3_4(anonce, kck, '0123456789abcdef',
replay_counter=counter, key_info=0x13cf)
counter += 1
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
ev = dev[0].wait_event(["WPA: Unsupported EAPOL-Key descriptor version 7"])
if ev is None:
raise Exception("Unsupported EAPOL-Key descriptor version 7 not reported")
msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter,
extra_len=-1)
counter += 1
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
ev = dev[0].wait_event(["WPA: Invalid EAPOL-Key frame - key_data overflow (8 > 7)"])
if ev is None:
raise Exception("Key data overflow not reported")
msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter,
extra_len=1)
counter += 1
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
logger.debug("Unsupported descriptor type 0")
msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter,
descr_type=0)
counter += 1
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
logger.debug("WPA descriptor type 0")
msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter,
descr_type=254)
counter += 1
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
logger.debug("Non-zero key index for pairwise key")
dev[0].dump_monitor()
msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
key_info=0x13ea)
counter += 1
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
ev = dev[0].wait_event(["WPA: Ignored EAPOL-Key (Pairwise) with non-zero key index"])
if ev is None:
raise Exception("Non-zero key index not reported")
wrapped = aes_wrap(kek, 16*'z')
msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
counter += 1
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
dev[0].wait_disconnected(timeout=1)
def test_ap_wpa2_psk_supp_proto_no_ie(dev, apdev):
counter = 1
msg = build_eapol_key_1_4(anonce, replay_counter=counter)
counter += 1
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
msg = recv_eapol(dev[0])
snonce = msg['rsn_key_nonce']
wrapped = aes_wrap(kek, 16*'\0')
msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
counter += 1
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
dev[0].wait_disconnected(timeout=1)
def test_ap_wpa2_psk_supp_proto_ie_mismatch(dev, apdev):
counter = 1
msg = build_eapol_key_1_4(anonce, replay_counter=counter)
counter += 1
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
msg = recv_eapol(dev[0])
snonce = msg['rsn_key_nonce']
wrapped = aes_wrap(kek, pad_key_data(binascii.unhexlify('30060100000fac04dd16000fac010100dc11188831bf4aa4a8678d2b41498618')))
msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
counter += 1
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
dev[0].wait_disconnected(timeout=1)
def test_ap_wpa2_psk_supp_proto_ok(dev, apdev):
counter = 1
msg = build_eapol_key_1_4(anonce, replay_counter=counter)
counter += 1
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
msg = recv_eapol(dev[0])
snonce = msg['rsn_key_nonce']
wrapped = aes_wrap(kek, pad_key_data(plain))
msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
counter += 1
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
dev[0].wait_connected(timeout=1)
def test_ap_wpa2_psk_supp_proto_no_gtk(dev, apdev):
counter = 1
msg = build_eapol_key_1_4(anonce, replay_counter=counter)
counter += 1
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
msg = recv_eapol(dev[0])
snonce = msg['rsn_key_nonce']
wrapped = aes_wrap(kek, pad_key_data(plain))
msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
counter += 1
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.1)
if ev is not None:
raise Exception("Unexpected connection completion reported")
counter = 1
msg = build_eapol_key_1_4(anonce, replay_counter=counter)
counter += 1
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
msg = recv_eapol(dev[0])
snonce = msg['rsn_key_nonce']
wrapped = aes_wrap(kek, pad_key_data(plain))
msg = build_eapol_key_3_4(anonce2, kck, wrapped, replay_counter=counter)
counter += 1
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
ev = dev[0].wait_event(["WPA: ANonce from message 1 of 4-Way Handshake differs from 3 of 4-Way Handshake"])
if ev is None:
raise Exception("ANonce change not reported")
counter = 1
msg = build_eapol_key_1_4(anonce, replay_counter=counter)
counter += 1
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
msg = recv_eapol(dev[0])
snonce = msg['rsn_key_nonce']
msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
key_info=0x13c2)
counter += 1
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
ev = dev[0].wait_event(["WPA: Group Key Handshake started prior to completion of 4-way handshake"])
if ev is None:
raise Exception("Unexpected group key message not reported")
dev[0].wait_disconnected(timeout=1)
+@remote_compatible
def test_ap_wpa2_psk_supp_proto_msg_1_invalid_kde(dev, apdev):
"""WPA2-PSK supplicant protocol testing: invalid KDE in msg 1/4"""
(bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
msg = build_eapol_key_1_4(anonce, replay_counter=counter,
key_data=binascii.unhexlify('5555'))
counter += 1
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
dev[0].wait_disconnected(timeout=1)
def test_ap_wpa2_psk_supp_proto_wrong_pairwise_key_len(dev, apdev):
counter = 1
msg = build_eapol_key_1_4(anonce, replay_counter=counter)
counter += 1
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
msg = recv_eapol(dev[0])
snonce = msg['rsn_key_nonce']
msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
key_len=15)
counter += 1
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
ev = dev[0].wait_event(["WPA: Invalid CCMP key length 15"])
if ev is None:
raise Exception("Invalid CCMP key length not reported")
counter = 1
msg = build_eapol_key_1_4(anonce, replay_counter=counter)
counter += 1
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
msg = recv_eapol(dev[0])
snonce = msg['rsn_key_nonce']
wrapped = aes_wrap(kek, pad_key_data(plain))
msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
counter += 1
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
ev = dev[0].wait_event(["WPA: Unsupported CCMP Group Cipher key length 15"])
if ev is None:
raise Exception("Invalid CCMP key length not reported")
counter = 1
msg = build_eapol_key_1_4(anonce, replay_counter=counter)
counter += 1
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
msg = recv_eapol(dev[0])
snonce = msg['rsn_key_nonce']
wrapped = aes_wrap(kek, pad_key_data(plain))
msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
counter += 1
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
ev = dev[0].wait_event(["WPA: Tx bit set for GTK, but pairwise keys are used - ignore Tx bit"])
if ev is None:
raise Exception("GTK Tx bit workaround not reported")
counter = 1
msg = build_eapol_key_1_4(anonce, replay_counter=counter)
counter += 1
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
msg = recv_eapol(dev[0])
snonce = msg['rsn_key_nonce']
wrapped = aes_wrap(kek, pad_key_data(plain))
msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
counter += 1
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
dev[0].wait_connected(timeout=1)
logger.debug("Valid EAPOL-Key group msg 1/2 (GTK keyidx 3)")
msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
key_info=0x13c2)
counter += 1
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
msg = recv_eapol(dev[0])
ev = dev[0].wait_event(["WPA: Group rekeying completed"])
if ev is None:
msg = build_eapol_key_3_4(anonce, kck, plain, replay_counter=counter,
key_info=0x03c2)
counter += 1
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
ev = dev[0].wait_event(["WPA: GTK IE in unencrypted key data"])
if ev is None:
raise Exception("Unencrypted GTK KDE not reported")
counter = 1
msg = build_eapol_key_1_4(anonce, replay_counter=counter)
counter += 1
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
msg = recv_eapol(dev[0])
snonce = msg['rsn_key_nonce']
wrapped = aes_wrap(kek, pad_key_data(plain))
msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
counter += 1
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
dev[0].wait_connected(timeout=1)
logger.debug("No GTK KDE in EAPOL-Key group msg 1/2")
msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
key_info=0x13c2)
counter += 1
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
ev = dev[0].wait_event(["WPA: No GTK IE in Group Key msg 1/2"])
if ev is None:
raise Exception("Missing GTK KDE not reported")
counter = 1
msg = build_eapol_key_1_4(anonce, replay_counter=counter)
counter += 1
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
msg = recv_eapol(dev[0])
snonce = msg['rsn_key_nonce']
wrapped = aes_wrap(kek, pad_key_data(plain))
msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
counter += 1
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
dev[0].wait_connected(timeout=1)
logger.debug("EAPOL-Key group msg 1/2 with too long GTK KDE")
msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
key_info=0x13c2)
counter += 1
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
ev = dev[0].wait_event(["WPA: Unsupported CCMP Group Cipher key length 33"])
if ev is None:
raise Exception("Too long GTK KDE not reported")
counter = 1
msg = build_eapol_key_1_4(anonce, replay_counter=counter)
counter += 1
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
msg = recv_eapol(dev[0])
snonce = msg['rsn_key_nonce']
wrapped = aes_wrap(kek, pad_key_data(plain))
msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
counter += 1
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
dev[0].wait_disconnected(timeout=1)
def test_ap_wpa2_psk_supp_proto_gtk_not_encrypted(dev, apdev):
counter = 1
msg = build_eapol_key_1_4(anonce, replay_counter=counter)
counter += 1
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
msg = recv_eapol(dev[0])
snonce = msg['rsn_key_nonce']
msg = build_eapol_key_3_4(anonce, kck, plain, replay_counter=counter,
key_info=0x03ca)
counter += 1
- send_eapol(dev[0], addr, build_eapol(msg))
+ send_eapol(dev[0], bssid, build_eapol(msg))
ev = dev[0].wait_event(["WPA: GTK IE in unencrypted key data"])
if ev is None:
raise Exception("Unencrypted GTK KDE not reported")
if pos < 0:
break
logger.info("Found %s at %d" % (keyname, pos))
- context = 128;
+ context = 128
start = pos - context if pos > context else 0
before = binascii.hexlify(buf[start:pos])
context += len(key)
raise Exception("KCK not found while associated")
if kek not in buf:
raise Exception("KEK not found while associated")
- if tk in buf:
- raise Exception("TK found from memory")
- if gtk in buf:
- get_key_locations(buf, gtk, "GTK")
- raise Exception("GTK found from memory")
+ #if tk in buf:
+ # raise Exception("TK found from memory")
logger.info("Checking keys in memory after disassociation")
buf = read_process_memory(pid, pmk)
verify_not_present(buf, kck, fname, "KCK")
verify_not_present(buf, kek, fname, "KEK")
verify_not_present(buf, tk, fname, "TK")
+ if gtk in buf:
+ get_key_locations(buf, gtk, "GTK")
verify_not_present(buf, gtk, fname, "GTK")
dev[0].request("REMOVE_NETWORK all")
verify_not_present(buf, tk, fname, "TK")
verify_not_present(buf, gtk, fname, "GTK")
+@remote_compatible
def test_ap_wpa2_psk_wep(dev, apdev):
"""WPA2-PSK AP and WEP enabled"""
ssid = "test-wpa2-psk"
wpas.connect(ssid, psk=passphrase, scan_freq="2412")
wpas.dump_monitor()
+@remote_compatible
def test_ap_wpa2_psk_ifdown(dev, apdev):
"""AP with open mode and external ifconfig down"""
ssid = "test-wpa2-psk"
# case, this exception can be uncommented here.
#raise Exception("Unexpected disconnection")
+@remote_compatible
def test_ap_wpa2_psk_disable_enable(dev, apdev):
"""WPA2-PSK AP getting disabled and re-enabled"""
ssid = "test-wpa2-psk"
dev[0].wait_connected()
hwsim_utils.test_connectivity(dev[0], hapd)
+@remote_compatible
def test_ap_wpa2_psk_incorrect_passphrase(dev, apdev):
"""WPA2-PSK AP and station using incorrect passphrase"""
ssid = "test-wpa2-psk"
dev[0].wait_connected(timeout=20)
+@remote_compatible
def test_ap_wpa_ie_parsing(dev, apdev):
"""WPA IE parsing"""
skip_with_fips(dev[0])
finally:
dev[0].request("VENDOR_ELEM_REMOVE 13 *")
+@remote_compatible
def test_ap_wpa2_psk_no_random(dev, apdev):
"""WPA2-PSK AP and no random numbers available"""
ssid = "test-wpa2-psk"
dev[0].select_network(id, freq=2412)
dev[0].wait_connected()
+@remote_compatible
def test_rsn_ie_proto_psk_sta(dev, apdev):
"""RSN element protocol testing for PSK cases on STA side"""
bssid = apdev[0]['bssid']
dev[0].select_network(id, freq=2412)
dev[0].wait_connected()
+@remote_compatible
def test_ap_cli_order(dev, apdev):
ssid = "test-rsn-setup"
passphrase = 'zzzzzzzz'
if "OK" not in dev.request("TEST_ASSOC_IE " + ie):
raise Exception("Could not set TEST_ASSOC_IE")
+@remote_compatible
def test_ap_wpa2_psk_assoc_rsn(dev, apdev):
"""WPA2-PSK AP and association request RSN IE differences"""
ssid = "test-wpa2-psk"
raise Exception("Unexpected status code: " + ev)
dev[0].request("REMOVE_NETWORK all")
dev[0].dump_monitor()
+
+def test_ap_wpa_psk_rsn_pairwise(dev, apdev):
+ """WPA-PSK AP and only rsn_pairwise set"""
+ params = { "ssid": "wpapsk", "wpa": "1", "wpa_key_mgmt": "WPA-PSK",
+ "rsn_pairwise": "TKIP", "wpa_passphrase": "1234567890" }
+ hapd = hostapd.add_ap(apdev[0], params)
+ dev[0].connect("wpapsk", psk="1234567890", proto="WPA", pairwise="TKIP",
+ scan_freq="2412")
+
+def test_ap_wpa2_eapol_retry_limit(dev, apdev):
+ """WPA2-PSK EAPOL-Key retry limit configuration"""
+ ssid = "test-wpa2-psk"
+ passphrase = 'qwertyuiop'
+ params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
+ params['wpa_ptk_rekey'] = '2'
+ params['wpa_group_update_count'] = '1'
+ params['wpa_pairwise_update_count'] = '1'
+ hapd = hostapd.add_ap(apdev[0], params)
+ dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
+ ev = dev[0].wait_event(["WPA: Key negotiation completed"])
+ if ev is None:
+ raise Exception("PTK rekey timed out")
+
+ if "FAIL" not in hapd.request("SET wpa_group_update_count 0"):
+ raise Exception("Invalid wpa_group_update_count value accepted")
+ if "FAIL" not in hapd.request("SET wpa_pairwise_update_count 0"):
+ raise Exception("Invalid wpa_pairwise_update_count value accepted")