Verify PTK0 rekey blocking is working as intended.
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
raise Exception("Could not ping hostapd")
hapd.set_defaults()
fields = ["ssid", "wpa_passphrase", "nas_identifier", "wpa_key_mgmt",
- "wpa",
+ "wpa", "wpa_deny_ptk0_rekey",
"wpa_pairwise", "rsn_pairwise", "auth_server_addr",
"acct_server_addr", "osu_server_uri"]
for field in fields:
if state != "COMPLETED":
raise Exception("Reauthentication did not complete")
+def test_ap_wpa2_eap_reauth_ptk_rekey_blocked_ap(dev, apdev):
+ """WPA2-Enterprise and Authenticator forcing reauthentication with PTK rekey blocked on AP"""
+ params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
+ params['eap_reauth_period'] = '2'
+ params['wpa_deny_ptk0_rekey'] = '2'
+ hapd = hostapd.add_ap(apdev[0], params)
+ eap_connect(dev[0], hapd, "PAX", "pax.user@example.com",
+ password_hex="0123456789abcdef0123456789abcdef")
+ logger.info("Wait for disconnect due to reauth")
+ ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
+ "CTRL-EVENT-DISCONNECTED"], timeout=10)
+ if ev is None:
+ raise Exception("Timeout on reauthentication")
+ if "CTRL-EVENT-EAP-STARTED" in ev:
+ raise Exception("Reauthentication without disconnect")
+
+ ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=1)
+ if ev is None:
+ raise Exception("Timeout on reconnect")
+
+def test_ap_wpa2_eap_reauth_ptk_rekey_blocked_sta(dev, apdev):
+ """WPA2-Enterprise and Authenticator forcing reauthentication with PTK rekey blocked on station"""
+ params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
+ params['eap_reauth_period'] = '2'
+ hapd = hostapd.add_ap(apdev[0], params)
+ eap_connect(dev[0], hapd, "PAX", "pax.user@example.com",
+ password_hex="0123456789abcdef0123456789abcdef",
+ wpa_deny_ptk0_rekey="2")
+ logger.info("Wait for disconnect due to reauth")
+ ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
+ "CTRL-EVENT-DISCONNECTED"], timeout=10)
+ if ev is None:
+ raise Exception("Timeout on reauthentication")
+ if "CTRL-EVENT-EAP-STARTED" in ev:
+ raise Exception("Reauthentication without disconnect")
+
+ ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=1)
+ if ev is None:
+ raise Exception("Timeout on reconnect")
+
def test_ap_wpa2_eap_request_identity_message(dev, apdev):
"""Optional displayable message in EAP Request-Identity"""
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
hapd = hostapd.add_ap(apdev[0], params)
dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412")
- ev = dev[0].wait_event(["WPA: Key negotiation completed"])
+ ev = dev[0].wait_event(["WPA: Key negotiation completed",
+ "CTRL-EVENT-DISCONNECTED"])
if ev is None:
raise Exception("PTK rekey timed out")
+ if "CTRL-EVENT-DISCONNECTED" in ev:
+ raise Exception("Disconnect instead of rekey")
hwsim_utils.test_connectivity(dev[0], hapd)
+def test_ap_wpa2_ptk_rekey_blocked_ap(dev, apdev):
+ """WPA2-PSK AP and PTK rekey enforced by station and AP blocking it"""
+ ssid = "test-wpa2-psk"
+ passphrase = 'qwertyuiop'
+ params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
+ params['wpa_deny_ptk0_rekey'] = "2"
+ hapd = hostapd.add_ap(apdev[0], params)
+ dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412")
+ ev = dev[0].wait_event(["WPA: Key negotiation completed",
+ "CTRL-EVENT-DISCONNECTED"])
+ if ev is None:
+ raise Exception("PTK rekey timed out")
+ if "WPA: Key negotiation completed" in ev:
+ raise Exception("No disconnect, PTK rekey succeeded")
+ ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=1)
+ if ev is None:
+ raise Exception("Reconnect too slow")
+
+def test_ap_wpa2_ptk_rekey_blocked_sta(dev, apdev):
+ """WPA2-PSK AP and PTK rekey enforced by station while also blocking it"""
+ ssid = "test-wpa2-psk"
+ passphrase = 'qwertyuiop'
+ params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
+ hapd = hostapd.add_ap(apdev[0], params)
+ dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412",
+ wpa_deny_ptk0_rekey="2")
+ ev = dev[0].wait_event(["WPA: Key negotiation completed",
+ "CTRL-EVENT-DISCONNECTED"])
+ if ev is None:
+ raise Exception("PTK rekey timed out")
+ if "WPA: Key negotiation completed" in ev:
+ raise Exception("No disconnect, PTK rekey succeeded")
+ ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=1)
+ if ev is None:
+ raise Exception("Reconnect too slow")
+
def test_ap_wpa2_ptk_rekey_anonce(dev, apdev):
"""WPA2-PSK AP and PTK rekey enforced by station and ANonce change"""
ssid = "test-wpa2-psk"
"owe_ptk_workaround",
"roaming_consortium_selection", "ocv",
"multi_ap_backhaul_sta", "rx_stbc", "tx_stbc",
- "ft_eap_pmksa_caching", "beacon_prot"]
+ "ft_eap_pmksa_caching", "beacon_prot",
+ "wpa_deny_ptk0_rekey"]
for field in not_quoted:
if field in kwargs and kwargs[field]:
self.set_network(id, field, kwargs[field])
projects / thirdparty / hostap.git / commitdiff
