tests: Fix ap_ft_reassoc_replay for case where wlantest has the PSK
[thirdparty/hostap.git] / tests / hwsim / test_ap_ft.py
CommitLineData
cd7f1b9a 1# Fast BSS Transition tests
02a4ac0f 2# Copyright (c) 2013-2019, Jouni Malinen <j@w1.fi>
cd7f1b9a
JM
3#
4# This software may be distributed under the terms of the BSD license.
5# See README for more details.
6
9fd6804d 7from remotehost import remote_compatible
5b3c40a6
JM
8import binascii
9import os
cd7f1b9a 10import time
cd7f1b9a 11import logging
c9aa4308 12logger = logging.getLogger()
02a4ac0f 13import signal
c8942286 14import struct
02a4ac0f 15import subprocess
cd7f1b9a
JM
16
17import hwsim_utils
02a4ac0f 18from hwsim import HWSimRadio
cd7f1b9a 19import hostapd
d7f0bef9 20from tshark import run_tshark
c8942286 21from utils import HwsimSkip, alloc_fail, fail_test, wait_fail_trigger, skip_with_fips, parse_ie
cd7f1b9a 22from wlantest import Wlantest
5b3c40a6 23from test_ap_psk import check_mib, find_wpas_process, read_process_memory, verify_not_present, get_key_locations
392aba4e 24from test_rrm import check_beacon_req
e1923f5b 25from test_suite_b import check_suite_b_192_capa
cd7f1b9a
JM
26
27def ft_base_rsn():
fab49f61
JM
28 params = {"wpa": "2",
29 "wpa_key_mgmt": "FT-PSK",
30 "rsn_pairwise": "CCMP"}
cd7f1b9a
JM
31 return params
32
33def ft_base_mixed():
fab49f61
JM
34 params = {"wpa": "3",
35 "wpa_key_mgmt": "WPA-PSK FT-PSK",
36 "wpa_pairwise": "TKIP",
37 "rsn_pairwise": "CCMP"}
cd7f1b9a
JM
38 return params
39
40def ft_params(rsn=True, ssid=None, passphrase=None):
41 if rsn:
42 params = ft_base_rsn()
43 else:
44 params = ft_base_mixed()
45 if ssid:
46 params["ssid"] = ssid
47 if passphrase:
48 params["wpa_passphrase"] = passphrase
49
50 params["mobility_domain"] = "a1b2"
51 params["r0_key_lifetime"] = "10000"
52 params["pmk_r1_push"] = "1"
53 params["reassociation_deadline"] = "1000"
54 return params
55
d0175d6e 56def ft_params1a(rsn=True, ssid=None, passphrase=None):
cd7f1b9a
JM
57 params = ft_params(rsn, ssid, passphrase)
58 params['nas_identifier'] = "nas1.w1.fi"
59 params['r1_key_holder'] = "000102030405"
d0175d6e
MB
60 return params
61
942b52a8 62def ft_params1(rsn=True, ssid=None, passphrase=None, discovery=False):
d0175d6e 63 params = ft_params1a(rsn, ssid, passphrase)
942b52a8
MB
64 if discovery:
65 params['r0kh'] = "ff:ff:ff:ff:ff:ff * 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
66 params['r1kh'] = "00:00:00:00:00:00 00:00:00:00:00:00 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
67 else:
fab49f61
JM
68 params['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f",
69 "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"]
942b52a8 70 params['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f"
cd7f1b9a
JM
71 return params
72
c95dd8e4
JM
73def ft_params1_old_key(rsn=True, ssid=None, passphrase=None):
74 params = ft_params1a(rsn, ssid, passphrase)
fab49f61
JM
75 params['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f",
76 "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f"]
c95dd8e4
JM
77 params['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f"
78 return params
79
d0175d6e 80def ft_params2a(rsn=True, ssid=None, passphrase=None):
cd7f1b9a
JM
81 params = ft_params(rsn, ssid, passphrase)
82 params['nas_identifier'] = "nas2.w1.fi"
83 params['r1_key_holder'] = "000102030406"
d0175d6e
MB
84 return params
85
942b52a8 86def ft_params2(rsn=True, ssid=None, passphrase=None, discovery=False):
d0175d6e 87 params = ft_params2a(rsn, ssid, passphrase)
942b52a8
MB
88 if discovery:
89 params['r0kh'] = "ff:ff:ff:ff:ff:ff * 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
90 params['r1kh'] = "00:00:00:00:00:00 00:00:00:00:00:00 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
91 else:
fab49f61
JM
92 params['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f",
93 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f"]
942b52a8 94 params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"
cd7f1b9a
JM
95 return params
96
c95dd8e4
JM
97def ft_params2_old_key(rsn=True, ssid=None, passphrase=None):
98 params = ft_params2a(rsn, ssid, passphrase)
fab49f61
JM
99 params['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f",
100 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f"]
c95dd8e4
JM
101 params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f"
102 return params
103
3b808945
JM
104def ft_params1_r0kh_mismatch(rsn=True, ssid=None, passphrase=None):
105 params = ft_params(rsn, ssid, passphrase)
106 params['nas_identifier'] = "nas1.w1.fi"
107 params['r1_key_holder'] = "000102030405"
fab49f61
JM
108 params['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f",
109 "12:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"]
9441a227 110 params['r1kh'] = "12:00:00:00:04:00 10:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f"
3b808945
JM
111 return params
112
113def ft_params2_incorrect_rrb_key(rsn=True, ssid=None, passphrase=None):
114 params = ft_params(rsn, ssid, passphrase)
115 params['nas_identifier'] = "nas2.w1.fi"
116 params['r1_key_holder'] = "000102030406"
fab49f61
JM
117 params['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0ef1200102030405060708090a0b0c0d0ef1",
118 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0ef2000102030405060708090a0b0c0d0ef2"]
9441a227 119 params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0ef3300102030405060708090a0b0c0d0ef3"
3b808945
JM
120 return params
121
122def ft_params2_r0kh_mismatch(rsn=True, ssid=None, passphrase=None):
123 params = ft_params(rsn, ssid, passphrase)
124 params['nas_identifier'] = "nas2.w1.fi"
125 params['r1_key_holder'] = "000102030406"
fab49f61
JM
126 params['r0kh'] = ["12:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f",
127 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f"]
9441a227 128 params['r1kh'] = "12:00:00:00:03:00 10:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"
3b808945
JM
129 return params
130
7b741a53
JM
131def run_roams(dev, apdev, hapd0, hapd1, ssid, passphrase, over_ds=False,
132 sae=False, eap=False, fail_test=False, roams=1,
fd7205fa 133 pairwise_cipher="CCMP", group_cipher="TKIP CCMP", ptk_rekey="0",
473e5176 134 test_connectivity=True, eap_identity="gpsk user", conndev=False,
ffcaca68 135 force_initial_conn_to_first_ap=False, sha384=False,
3d5b88b5 136 group_mgmt=None, ocv=None, sae_password=None,
659f7954 137 sae_password_id=None, sae_and_psk=False, pmksa_caching=False,
5916637c 138 roam_with_reassoc=False, also_non_ft=False, only_one_way=False,
30998360 139 wait_before_roam=0, return_after_initial=False, ieee80211w="1"):
cd7f1b9a 140 logger.info("Connect to first AP")
473e5176
MB
141
142 copts = {}
143 copts["proto"] = "WPA2"
30998360 144 copts["ieee80211w"] = ieee80211w
473e5176
MB
145 copts["scan_freq"] = "2412"
146 copts["pairwise"] = pairwise_cipher
fab49f61 147 copts["group"] = group_cipher
473e5176 148 copts["wpa_ptk_rekey"] = ptk_rekey
ffcaca68
JM
149 if group_mgmt:
150 copts["group_mgmt"] = group_mgmt
e63d8837
MV
151 if ocv:
152 copts["ocv"] = ocv
6f62809b 153 if eap:
9ff2b85e
JM
154 if pmksa_caching:
155 copts["ft_eap_pmksa_caching"] = "1"
659f7954
JM
156 if also_non_ft:
157 copts["key_mgmt"] = "WPA-EAP-SUITE-B-192 FT-EAP-SHA384" if sha384 else "WPA-EAP FT-EAP"
158 else:
159 copts["key_mgmt"] = "FT-EAP-SHA384" if sha384 else "FT-EAP"
473e5176
MB
160 copts["eap"] = "GPSK"
161 copts["identity"] = eap_identity
162 copts["password"] = "abcdefghijklmnop0123456789abcdef"
6e658cc4 163 else:
6f62809b 164 if sae:
cdf53910 165 copts["key_mgmt"] = "SAE FT-SAE" if sae_and_psk else "FT-SAE"
6f62809b 166 else:
473e5176 167 copts["key_mgmt"] = "FT-PSK"
3d5b88b5
JM
168 if passphrase:
169 copts["psk"] = passphrase
170 if sae_password:
171 copts["sae_password"] = sae_password
172 if sae_password_id:
173 copts["sae_password_id"] = sae_password_id
473e5176
MB
174 if force_initial_conn_to_first_ap:
175 copts["bssid"] = apdev[0]['bssid']
659f7954 176 netw = dev.connect(ssid, **copts)
1211031a
JM
177 if pmksa_caching:
178 dev.request("DISCONNECT")
179 dev.wait_disconnected()
180 dev.request("RECONNECT")
9ff2b85e
JM
181 ev = dev.wait_event(["CTRL-EVENT-CONNECTED",
182 "CTRL-EVENT-DISCONNECTED",
183 "CTRL-EVENT-EAP-STARTED"],
1211031a
JM
184 timeout=15)
185 if ev is None:
186 raise Exception("Reconnect timed out")
187 if "CTRL-EVENT-DISCONNECTED" in ev:
188 raise Exception("Unexpected disconnection after RECONNECT")
9ff2b85e
JM
189 if "CTRL-EVENT-EAP-STARTED" in ev:
190 raise Exception("Unexpected EAP start after RECONNECT")
473e5176 191
cd7f1b9a
JM
192 if dev.get_status_field('bssid') == apdev[0]['bssid']:
193 ap1 = apdev[0]
194 ap2 = apdev[1]
a8375c94
JM
195 hapd1ap = hapd0
196 hapd2ap = hapd1
cd7f1b9a
JM
197 else:
198 ap1 = apdev[1]
199 ap2 = apdev[0]
a8375c94
JM
200 hapd1ap = hapd1
201 hapd2ap = hapd0
fd7205fa 202 if test_connectivity:
938c6e7b 203 hapd1ap.wait_sta()
9c50a6d3
MB
204 if conndev:
205 hwsim_utils.test_connectivity_iface(dev, hapd1ap, conndev)
206 else:
207 hwsim_utils.test_connectivity(dev, hapd1ap)
cd7f1b9a 208
5916637c
JM
209 if return_after_initial:
210 return ap2['bssid']
211
212 if wait_before_roam:
213 time.sleep(wait_before_roam)
655bc8bf 214 dev.scan_for_bss(ap2['bssid'], freq="2412")
40602101
JM
215
216 for i in range(0, roams):
e0382291
MB
217 # Roaming artificially fast can make data test fail because the key is
218 # set later.
219 time.sleep(0.01)
40602101 220 logger.info("Roam to the second AP")
659f7954
JM
221 if roam_with_reassoc:
222 dev.set_network(netw, "bssid", ap2['bssid'])
223 dev.request("REASSOCIATE")
224 dev.wait_connected()
225 elif over_ds:
40602101
JM
226 dev.roam_over_ds(ap2['bssid'], fail_test=fail_test)
227 else:
228 dev.roam(ap2['bssid'], fail_test=fail_test)
229 if fail_test:
230 return
231 if dev.get_status_field('bssid') != ap2['bssid']:
232 raise Exception("Did not connect to correct AP")
fd7205fa 233 if (i == 0 or i == roams - 1) and test_connectivity:
938c6e7b 234 hapd2ap.wait_sta()
9c50a6d3
MB
235 if conndev:
236 hwsim_utils.test_connectivity_iface(dev, hapd2ap, conndev)
237 else:
238 hwsim_utils.test_connectivity(dev, hapd2ap)
40602101 239
425e5f97
JM
240 if only_one_way:
241 return
e0382291
MB
242 # Roaming artificially fast can make data test fail because the key is
243 # set later.
244 time.sleep(0.01)
40602101 245 logger.info("Roam back to the first AP")
659f7954
JM
246 if roam_with_reassoc:
247 dev.set_network(netw, "bssid", ap1['bssid'])
248 dev.request("REASSOCIATE")
249 dev.wait_connected()
250 elif over_ds:
40602101
JM
251 dev.roam_over_ds(ap1['bssid'])
252 else:
253 dev.roam(ap1['bssid'])
254 if dev.get_status_field('bssid') != ap1['bssid']:
255 raise Exception("Did not connect to correct AP")
fd7205fa 256 if (i == 0 or i == roams - 1) and test_connectivity:
938c6e7b 257 hapd1ap.wait_sta()
9c50a6d3
MB
258 if conndev:
259 hwsim_utils.test_connectivity_iface(dev, hapd1ap, conndev)
260 else:
261 hwsim_utils.test_connectivity(dev, hapd1ap)
cd7f1b9a
JM
262
263def test_ap_ft(dev, apdev):
264 """WPA2-PSK-FT AP"""
265 ssid = "test-ft"
fab49f61 266 passphrase = "12345678"
cd7f1b9a
JM
267
268 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 269 hapd0 = hostapd.add_ap(apdev[0], params)
cd7f1b9a 270 params = ft_params2(ssid=ssid, passphrase=passphrase)
8b8a1864 271 hapd1 = hostapd.add_ap(apdev[1], params)
cd7f1b9a 272
a8375c94 273 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
91bc6c36
JM
274 if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"):
275 raise Exception("Scan results missing RSN element info")
cd7f1b9a 276
c95dd8e4
JM
277def test_ap_ft_old_key(dev, apdev):
278 """WPA2-PSK-FT AP (old key)"""
279 ssid = "test-ft"
fab49f61 280 passphrase = "12345678"
c95dd8e4
JM
281
282 params = ft_params1_old_key(ssid=ssid, passphrase=passphrase)
283 hapd0 = hostapd.add_ap(apdev[0], params)
284 params = ft_params2_old_key(ssid=ssid, passphrase=passphrase)
285 hapd1 = hostapd.add_ap(apdev[1], params)
286
287 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
288
e4612f84
JM
289def test_ap_ft_multi_akm(dev, apdev):
290 """WPA2-PSK-FT AP with non-FT AKMs enabled"""
291 ssid = "test-ft"
fab49f61 292 passphrase = "12345678"
e4612f84
JM
293
294 params = ft_params1(ssid=ssid, passphrase=passphrase)
295 params["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256"
296 hapd0 = hostapd.add_ap(apdev[0], params)
297 params = ft_params2(ssid=ssid, passphrase=passphrase)
298 params["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256"
299 hapd1 = hostapd.add_ap(apdev[1], params)
300
301 Wlantest.setup(hapd0)
302 wt = Wlantest()
303 wt.flush()
304 wt.add_passphrase(passphrase)
305
306 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
307 if "[WPA2-PSK+FT/PSK+PSK-SHA256-CCMP]" not in dev[0].request("SCAN_RESULTS"):
308 raise Exception("Scan results missing RSN element info")
309 dev[1].connect(ssid, psk=passphrase, scan_freq="2412")
310 dev[2].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK-SHA256",
311 scan_freq="2412")
312
d0175d6e
MB
313def test_ap_ft_local_key_gen(dev, apdev):
314 """WPA2-PSK-FT AP with local key generation (without pull/push)"""
315 ssid = "test-ft"
fab49f61 316 passphrase = "12345678"
d0175d6e
MB
317
318 params = ft_params1a(ssid=ssid, passphrase=passphrase)
58be42b2 319 params['ft_psk_generate_local'] = "1"
8344ba12 320 del params['pmk_r1_push']
b098542c 321 hapd0 = hostapd.add_ap(apdev[0], params)
d0175d6e 322 params = ft_params2a(ssid=ssid, passphrase=passphrase)
58be42b2 323 params['ft_psk_generate_local'] = "1"
8344ba12 324 del params['pmk_r1_push']
b098542c 325 hapd1 = hostapd.add_ap(apdev[1], params)
d0175d6e
MB
326
327 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
328 if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"):
329 raise Exception("Scan results missing RSN element info")
330
473e5176
MB
331def test_ap_ft_vlan(dev, apdev):
332 """WPA2-PSK-FT AP with VLAN"""
333 ssid = "test-ft"
fab49f61 334 passphrase = "12345678"
473e5176
MB
335
336 params = ft_params1(ssid=ssid, passphrase=passphrase)
58be42b2
JM
337 params['dynamic_vlan'] = "1"
338 params['accept_mac_file'] = "hostapd.accept"
473e5176
MB
339 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
340
341 params = ft_params2(ssid=ssid, passphrase=passphrase)
58be42b2
JM
342 params['dynamic_vlan'] = "1"
343 params['accept_mac_file'] = "hostapd.accept"
473e5176
MB
344 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
345
346 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, conndev="brvlan1")
347 if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"):
348 raise Exception("Scan results missing RSN element info")
349
350def test_ap_ft_vlan_disconnected(dev, apdev):
351 """WPA2-PSK-FT AP with VLAN and local key generation"""
352 ssid = "test-ft"
fab49f61 353 passphrase = "12345678"
473e5176
MB
354
355 params = ft_params1a(ssid=ssid, passphrase=passphrase)
58be42b2
JM
356 params['dynamic_vlan'] = "1"
357 params['accept_mac_file'] = "hostapd.accept"
358 params['ft_psk_generate_local'] = "1"
473e5176
MB
359 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
360
361 params = ft_params2a(ssid=ssid, passphrase=passphrase)
58be42b2
JM
362 params['dynamic_vlan'] = "1"
363 params['accept_mac_file'] = "hostapd.accept"
364 params['ft_psk_generate_local'] = "1"
473e5176
MB
365 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
366
367 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, conndev="brvlan1")
368 if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"):
369 raise Exception("Scan results missing RSN element info")
370
371def test_ap_ft_vlan_2(dev, apdev):
372 """WPA2-PSK-FT AP with VLAN and dest-AP does not have VLAN info locally"""
373 ssid = "test-ft"
fab49f61 374 passphrase = "12345678"
473e5176
MB
375
376 params = ft_params1(ssid=ssid, passphrase=passphrase)
58be42b2
JM
377 params['dynamic_vlan'] = "1"
378 params['accept_mac_file'] = "hostapd.accept"
473e5176
MB
379 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
380
381 params = ft_params2(ssid=ssid, passphrase=passphrase)
58be42b2 382 params['dynamic_vlan'] = "1"
473e5176
MB
383 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
384
385 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, conndev="brvlan1",
386 force_initial_conn_to_first_ap=True)
387 if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"):
388 raise Exception("Scan results missing RSN element info")
389
40602101
JM
390def test_ap_ft_many(dev, apdev):
391 """WPA2-PSK-FT AP multiple times"""
392 ssid = "test-ft"
fab49f61 393 passphrase = "12345678"
40602101
JM
394
395 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 396 hapd0 = hostapd.add_ap(apdev[0], params)
40602101 397 params = ft_params2(ssid=ssid, passphrase=passphrase)
8b8a1864 398 hapd1 = hostapd.add_ap(apdev[1], params)
40602101 399
a8375c94 400 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, roams=50)
40602101 401
473e5176
MB
402def test_ap_ft_many_vlan(dev, apdev):
403 """WPA2-PSK-FT AP with VLAN multiple times"""
404 ssid = "test-ft"
fab49f61 405 passphrase = "12345678"
473e5176
MB
406
407 params = ft_params1(ssid=ssid, passphrase=passphrase)
58be42b2
JM
408 params['dynamic_vlan'] = "1"
409 params['accept_mac_file'] = "hostapd.accept"
473e5176
MB
410 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
411
412 params = ft_params2(ssid=ssid, passphrase=passphrase)
58be42b2
JM
413 params['dynamic_vlan'] = "1"
414 params['accept_mac_file'] = "hostapd.accept"
473e5176
MB
415 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
416
417 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, roams=50,
418 conndev="brvlan1")
419
cd7f1b9a
JM
420def test_ap_ft_mixed(dev, apdev):
421 """WPA2-PSK-FT mixed-mode AP"""
422 ssid = "test-ft-mixed"
fab49f61 423 passphrase = "12345678"
cd7f1b9a
JM
424
425 params = ft_params1(rsn=False, ssid=ssid, passphrase=passphrase)
8b8a1864 426 hapd = hostapd.add_ap(apdev[0], params)
65038313
JM
427 key_mgmt = hapd.get_config()['key_mgmt']
428 vals = key_mgmt.split(' ')
429 if vals[0] != "WPA-PSK" or vals[1] != "FT-PSK":
430 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
cd7f1b9a 431 params = ft_params2(rsn=False, ssid=ssid, passphrase=passphrase)
8b8a1864 432 hapd1 = hostapd.add_ap(apdev[1], params)
cd7f1b9a 433
a8375c94 434 run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase)
cd7f1b9a
JM
435
436def test_ap_ft_pmf(dev, apdev):
437 """WPA2-PSK-FT AP with PMF"""
30998360
JM
438 run_ap_ft_pmf(dev, apdev, "1")
439
440def test_ap_ft_pmf_over_ds(dev, apdev):
441 """WPA2-PSK-FT AP with PMF (over DS)"""
442 run_ap_ft_pmf(dev, apdev, "1", over_ds=True)
443
444def test_ap_ft_pmf_required(dev, apdev):
445 """WPA2-PSK-FT AP with PMF required on STA"""
446 run_ap_ft_pmf(dev, apdev, "2")
447
448def test_ap_ft_pmf_required_over_ds(dev, apdev):
449 """WPA2-PSK-FT AP with PMF required on STA (over DS)"""
450 run_ap_ft_pmf(dev, apdev, "2", over_ds=True)
451
452def run_ap_ft_pmf(dev, apdev, ieee80211w, over_ds=False):
cd7f1b9a 453 ssid = "test-ft"
fab49f61 454 passphrase = "12345678"
cd7f1b9a
JM
455
456 params = ft_params1(ssid=ssid, passphrase=passphrase)
bc6e3288 457 params["ieee80211w"] = "2"
8b8a1864 458 hapd0 = hostapd.add_ap(apdev[0], params)
cd7f1b9a 459 params = ft_params2(ssid=ssid, passphrase=passphrase)
bc6e3288 460 params["ieee80211w"] = "2"
8b8a1864 461 hapd1 = hostapd.add_ap(apdev[1], params)
cd7f1b9a 462
dbddbf16
JM
463 Wlantest.setup(hapd0)
464 wt = Wlantest()
465 wt.flush()
466 wt.add_passphrase(passphrase)
467
30998360
JM
468 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase,
469 ieee80211w=ieee80211w, over_ds=over_ds)
470
471def test_ap_ft_pmf_required_mismatch(dev, apdev):
472 """WPA2-PSK-FT AP with PMF required on STA but AP2 not enabling PMF"""
473 run_ap_ft_pmf_required_mismatch(dev, apdev)
474
475def test_ap_ft_pmf_required_mismatch_over_ds(dev, apdev):
476 """WPA2-PSK-FT AP with PMF required on STA but AP2 not enabling PMF (over DS)"""
477 run_ap_ft_pmf_required_mismatch(dev, apdev, over_ds=True)
478
479def run_ap_ft_pmf_required_mismatch(dev, apdev, over_ds=False):
480 ssid = "test-ft"
481 passphrase = "12345678"
482
483 params = ft_params1(ssid=ssid, passphrase=passphrase)
484 params["ieee80211w"] = "2"
485 hapd0 = hostapd.add_ap(apdev[0], params)
486 params = ft_params2(ssid=ssid, passphrase=passphrase)
487 params["ieee80211w"] = "0"
488 hapd1 = hostapd.add_ap(apdev[1], params)
489
490 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, ieee80211w="2",
491 force_initial_conn_to_first_ap=True, fail_test=True,
492 over_ds=over_ds)
b553eab1 493
ffcaca68
JM
494def test_ap_ft_pmf_bip_cmac_128(dev, apdev):
495 """WPA2-PSK-FT AP with PMF/BIP-CMAC-128"""
496 run_ap_ft_pmf_bip(dev, apdev, "AES-128-CMAC")
497
498def test_ap_ft_pmf_bip_gmac_128(dev, apdev):
499 """WPA2-PSK-FT AP with PMF/BIP-GMAC-128"""
500 run_ap_ft_pmf_bip(dev, apdev, "BIP-GMAC-128")
501
502def test_ap_ft_pmf_bip_gmac_256(dev, apdev):
503 """WPA2-PSK-FT AP with PMF/BIP-GMAC-256"""
504 run_ap_ft_pmf_bip(dev, apdev, "BIP-GMAC-256")
505
506def test_ap_ft_pmf_bip_cmac_256(dev, apdev):
507 """WPA2-PSK-FT AP with PMF/BIP-CMAC-256"""
508 run_ap_ft_pmf_bip(dev, apdev, "BIP-CMAC-256")
509
510def run_ap_ft_pmf_bip(dev, apdev, cipher):
511 if cipher not in dev[0].get_capability("group_mgmt"):
512 raise HwsimSkip("Cipher %s not supported" % cipher)
513
514 ssid = "test-ft"
fab49f61 515 passphrase = "12345678"
ffcaca68
JM
516
517 params = ft_params1(ssid=ssid, passphrase=passphrase)
518 params["ieee80211w"] = "2"
519 params["group_mgmt_cipher"] = cipher
520 hapd0 = hostapd.add_ap(apdev[0], params)
521 params = ft_params2(ssid=ssid, passphrase=passphrase)
522 params["ieee80211w"] = "2"
523 params["group_mgmt_cipher"] = cipher
524 hapd1 = hostapd.add_ap(apdev[1], params)
525
526 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase,
527 group_mgmt=cipher)
528
e63d8837
MV
529def test_ap_ft_ocv(dev, apdev):
530 """WPA2-PSK-FT AP with OCV"""
531 ssid = "test-ft"
fab49f61 532 passphrase = "12345678"
e63d8837
MV
533
534 params = ft_params1(ssid=ssid, passphrase=passphrase)
535 params["ieee80211w"] = "2"
536 params["ocv"] = "1"
537 try:
538 hapd0 = hostapd.add_ap(apdev[0], params)
bab493b9 539 except Exception as e:
e63d8837
MV
540 if "Failed to set hostapd parameter ocv" in str(e):
541 raise HwsimSkip("OCV not supported")
542 raise
543 params = ft_params2(ssid=ssid, passphrase=passphrase)
544 params["ieee80211w"] = "2"
545 params["ocv"] = "1"
546 hapd1 = hostapd.add_ap(apdev[1], params)
547
548 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, ocv="1")
549
b553eab1
JM
550def test_ap_ft_over_ds(dev, apdev):
551 """WPA2-PSK-FT AP over DS"""
552 ssid = "test-ft"
fab49f61 553 passphrase = "12345678"
b553eab1
JM
554
555 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 556 hapd0 = hostapd.add_ap(apdev[0], params)
b553eab1 557 params = ft_params2(ssid=ssid, passphrase=passphrase)
8b8a1864 558 hapd1 = hostapd.add_ap(apdev[1], params)
b553eab1 559
a8375c94 560 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True)
fab49f61
JM
561 check_mib(dev[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"),
562 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4")])
b553eab1 563
02a4ac0f
JM
564def cleanup_ap_ft_separate_hostapd():
565 subprocess.call(["brctl", "delif", "br0ft", "veth0"],
566 stderr=open('/dev/null', 'w'))
567 subprocess.call(["brctl", "delif", "br1ft", "veth1"],
568 stderr=open('/dev/null', 'w'))
569 subprocess.call(["ip", "link", "del", "veth0"],
570 stderr=open('/dev/null', 'w'))
571 subprocess.call(["ip", "link", "del", "veth1"],
572 stderr=open('/dev/null', 'w'))
fab49f61 573 for ifname in ['br0ft', 'br1ft', 'br-ft']:
02a4ac0f
JM
574 subprocess.call(['ip', 'link', 'set', 'dev', ifname, 'down'],
575 stderr=open('/dev/null', 'w'))
576 subprocess.call(['brctl', 'delbr', ifname],
577 stderr=open('/dev/null', 'w'))
578
579def test_ap_ft_separate_hostapd(dev, apdev, params):
580 """WPA2-PSK-FT AP and separate hostapd process"""
581 try:
582 run_ap_ft_separate_hostapd(dev, apdev, params, False)
583 finally:
584 cleanup_ap_ft_separate_hostapd()
585
586def test_ap_ft_over_ds_separate_hostapd(dev, apdev, params):
587 """WPA2-PSK-FT AP over DS and separate hostapd process"""
588 try:
589 run_ap_ft_separate_hostapd(dev, apdev, params, True)
590 finally:
591 cleanup_ap_ft_separate_hostapd()
592
593def run_ap_ft_separate_hostapd(dev, apdev, params, over_ds):
594 ssid = "test-ft"
fab49f61 595 passphrase = "12345678"
02a4ac0f
JM
596 logdir = params['logdir']
597 pidfile = os.path.join(logdir, 'ap_ft_over_ds_separate_hostapd.pid')
598 logfile = os.path.join(logdir, 'ap_ft_over_ds_separate_hostapd.hapd')
599 global_ctrl = '/var/run/hostapd-ft'
600 br_ifname = 'br-ft'
601
602 try:
603 subprocess.check_call(['brctl', 'addbr', br_ifname])
604 subprocess.check_call(['brctl', 'setfd', br_ifname, '0'])
605 subprocess.check_call(['ip', 'link', 'set', 'dev', br_ifname, 'up'])
606
fab49f61
JM
607 subprocess.check_call(["ip", "link", "add", "veth0", "type", "veth",
608 "peer", "name", "veth0br"])
609 subprocess.check_call(["ip", "link", "add", "veth1", "type", "veth",
610 "peer", "name", "veth1br"])
02a4ac0f
JM
611 subprocess.check_call(['ip', 'link', 'set', 'dev', 'veth0br', 'up'])
612 subprocess.check_call(['ip', 'link', 'set', 'dev', 'veth1br', 'up'])
613 subprocess.check_call(['brctl', 'addif', br_ifname, 'veth0br'])
614 subprocess.check_call(['brctl', 'addif', br_ifname, 'veth1br'])
615
616 subprocess.check_call(['brctl', 'addbr', 'br0ft'])
617 subprocess.check_call(['brctl', 'setfd', 'br0ft', '0'])
618 subprocess.check_call(['ip', 'link', 'set', 'dev', 'br0ft', 'up'])
619 subprocess.check_call(['ip', 'link', 'set', 'dev', 'veth0', 'up'])
620 subprocess.check_call(['brctl', 'addif', 'br0ft', 'veth0'])
621 subprocess.check_call(['brctl', 'addbr', 'br1ft'])
622 subprocess.check_call(['brctl', 'setfd', 'br1ft', '0'])
623 subprocess.check_call(['ip', 'link', 'set', 'dev', 'br1ft', 'up'])
624 subprocess.check_call(['ip', 'link', 'set', 'dev', 'veth1', 'up'])
625 subprocess.check_call(['brctl', 'addif', 'br1ft', 'veth1'])
626 except subprocess.CalledProcessError:
627 raise HwsimSkip("Bridge or veth not supported (kernel CONFIG_VETH)")
628
629 with HWSimRadio() as (radio, iface):
630 prg = os.path.join(logdir, 'alt-hostapd/hostapd/hostapd')
631 if not os.path.exists(prg):
632 prg = '../../hostapd/hostapd'
fab49f61
JM
633 cmd = [prg, '-B', '-ddKt',
634 '-P', pidfile, '-f', logfile, '-g', global_ctrl]
02a4ac0f
JM
635 subprocess.check_call(cmd)
636
637 hglobal = hostapd.HostapdGlobal(global_ctrl_override=global_ctrl)
fab49f61
JM
638 apdev_ft = {'ifname': iface}
639 apdev2 = [apdev_ft, apdev[1]]
02a4ac0f
JM
640
641 params = ft_params1(ssid=ssid, passphrase=passphrase)
642 params["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
643 params["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
644 params['bridge'] = 'br0ft'
645 hapd0 = hostapd.add_ap(apdev2[0], params,
646 global_ctrl_override=global_ctrl)
647 apdev2[0]['bssid'] = hapd0.own_addr()
648 params = ft_params2(ssid=ssid, passphrase=passphrase)
649 params["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
650 params["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
651 params['bridge'] = 'br1ft'
652 hapd1 = hostapd.add_ap(apdev2[1], params)
653
654 run_roams(dev[0], apdev2, hapd0, hapd1, ssid, passphrase,
655 over_ds=over_ds, test_connectivity=False)
656
657 hglobal.terminate()
658
659 if os.path.exists(pidfile):
660 with open(pidfile, 'r') as f:
661 pid = int(f.read())
662 f.close()
663 os.kill(pid, signal.SIGTERM)
664
e63d8837
MV
665def test_ap_ft_over_ds_ocv(dev, apdev):
666 """WPA2-PSK-FT AP over DS"""
667 ssid = "test-ft"
fab49f61 668 passphrase = "12345678"
e63d8837
MV
669
670 params = ft_params1(ssid=ssid, passphrase=passphrase)
671 params["ieee80211w"] = "2"
672 params["ocv"] = "1"
673 try:
674 hapd0 = hostapd.add_ap(apdev[0], params)
bab493b9 675 except Exception as e:
e63d8837
MV
676 if "Failed to set hostapd parameter ocv" in str(e):
677 raise HwsimSkip("OCV not supported")
678 raise
679 params = ft_params2(ssid=ssid, passphrase=passphrase)
680 params["ieee80211w"] = "2"
681 params["ocv"] = "1"
682 hapd1 = hostapd.add_ap(apdev[1], params)
683
684 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
685 ocv="1")
686
55139acb
JM
687def test_ap_ft_over_ds_disabled(dev, apdev):
688 """WPA2-PSK-FT AP over DS disabled"""
689 ssid = "test-ft"
fab49f61 690 passphrase = "12345678"
55139acb
JM
691
692 params = ft_params1(ssid=ssid, passphrase=passphrase)
693 params['ft_over_ds'] = '0'
694 hapd0 = hostapd.add_ap(apdev[0], params)
695 params = ft_params2(ssid=ssid, passphrase=passphrase)
696 params['ft_over_ds'] = '0'
697 hapd1 = hostapd.add_ap(apdev[1], params)
698
699 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
700 fail_test=True)
701
473e5176
MB
702def test_ap_ft_vlan_over_ds(dev, apdev):
703 """WPA2-PSK-FT AP over DS with VLAN"""
704 ssid = "test-ft"
fab49f61 705 passphrase = "12345678"
473e5176
MB
706
707 params = ft_params1(ssid=ssid, passphrase=passphrase)
58be42b2
JM
708 params['dynamic_vlan'] = "1"
709 params['accept_mac_file'] = "hostapd.accept"
473e5176
MB
710 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
711 params = ft_params2(ssid=ssid, passphrase=passphrase)
58be42b2
JM
712 params['dynamic_vlan'] = "1"
713 params['accept_mac_file'] = "hostapd.accept"
473e5176
MB
714 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
715
716 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
717 conndev="brvlan1")
fab49f61
JM
718 check_mib(dev[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"),
719 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4")])
473e5176 720
40602101
JM
721def test_ap_ft_over_ds_many(dev, apdev):
722 """WPA2-PSK-FT AP over DS multiple times"""
723 ssid = "test-ft"
fab49f61 724 passphrase = "12345678"
40602101
JM
725
726 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 727 hapd0 = hostapd.add_ap(apdev[0], params)
40602101 728 params = ft_params2(ssid=ssid, passphrase=passphrase)
8b8a1864 729 hapd1 = hostapd.add_ap(apdev[1], params)
40602101 730
a8375c94
JM
731 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
732 roams=50)
40602101 733
473e5176
MB
734def test_ap_ft_vlan_over_ds_many(dev, apdev):
735 """WPA2-PSK-FT AP over DS with VLAN multiple times"""
736 ssid = "test-ft"
fab49f61 737 passphrase = "12345678"
473e5176
MB
738
739 params = ft_params1(ssid=ssid, passphrase=passphrase)
58be42b2
JM
740 params['dynamic_vlan'] = "1"
741 params['accept_mac_file'] = "hostapd.accept"
473e5176
MB
742 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
743 params = ft_params2(ssid=ssid, passphrase=passphrase)
58be42b2
JM
744 params['dynamic_vlan'] = "1"
745 params['accept_mac_file'] = "hostapd.accept"
473e5176
MB
746 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
747
748 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
749 roams=50, conndev="brvlan1")
750
9fd6804d 751@remote_compatible
c337d07a
JM
752def test_ap_ft_over_ds_unknown_target(dev, apdev):
753 """WPA2-PSK-FT AP"""
754 ssid = "test-ft"
fab49f61 755 passphrase = "12345678"
c337d07a
JM
756
757 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 758 hapd0 = hostapd.add_ap(apdev[0], params)
c337d07a
JM
759
760 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
761 scan_freq="2412")
762 dev[0].roam_over_ds("02:11:22:33:44:55", fail_test=True)
763
9fd6804d 764@remote_compatible
211bb7c5
JM
765def test_ap_ft_over_ds_unexpected(dev, apdev):
766 """WPA2-PSK-FT AP over DS and unexpected response"""
767 ssid = "test-ft"
fab49f61 768 passphrase = "12345678"
211bb7c5
JM
769
770 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 771 hapd0 = hostapd.add_ap(apdev[0], params)
211bb7c5 772 params = ft_params2(ssid=ssid, passphrase=passphrase)
8b8a1864 773 hapd1 = hostapd.add_ap(apdev[1], params)
211bb7c5
JM
774
775 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
776 scan_freq="2412")
777 if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
778 ap1 = apdev[0]
779 ap2 = apdev[1]
780 hapd1ap = hapd0
781 hapd2ap = hapd1
782 else:
783 ap1 = apdev[1]
784 ap2 = apdev[0]
785 hapd1ap = hapd1
786 hapd2ap = hapd0
787
788 addr = dev[0].own_addr()
789 hapd1ap.set("ext_mgmt_frame_handling", "1")
790 logger.info("Foreign STA address")
791 msg = {}
792 msg['fc'] = 13 << 4
793 msg['da'] = addr
794 msg['sa'] = ap1['bssid']
795 msg['bssid'] = ap1['bssid']
796 msg['payload'] = binascii.unhexlify("06021122334455660102030405060000")
797 hapd1ap.mgmt_tx(msg)
798
799 logger.info("No over-the-DS in progress")
800 msg['payload'] = binascii.unhexlify("0602" + addr.replace(':', '') + "0102030405060000")
801 hapd1ap.mgmt_tx(msg)
802
803 logger.info("Non-zero status code")
804 msg['payload'] = binascii.unhexlify("0602" + addr.replace(':', '') + "0102030405060100")
805 hapd1ap.mgmt_tx(msg)
806
807 hapd1ap.dump_monitor()
808
809 dev[0].scan_for_bss(ap2['bssid'], freq="2412")
810 if "OK" not in dev[0].request("FT_DS " + ap2['bssid']):
811 raise Exception("FT_DS failed")
812
813 req = hapd1ap.mgmt_rx()
814
815 logger.info("Foreign Target AP")
816 msg['payload'] = binascii.unhexlify("0602" + addr.replace(':', '') + "0102030405060000")
817 hapd1ap.mgmt_tx(msg)
818
819 addrs = addr.replace(':', '') + ap2['bssid'].replace(':', '')
820
821 logger.info("No IEs")
822 msg['payload'] = binascii.unhexlify("0602" + addrs + "0000")
823 hapd1ap.mgmt_tx(msg)
824
825 logger.info("Invalid IEs (trigger parsing failure)")
826 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003700")
827 hapd1ap.mgmt_tx(msg)
828
829 logger.info("Too short MDIE")
830 msg['payload'] = binascii.unhexlify("0602" + addrs + "000036021122")
831 hapd1ap.mgmt_tx(msg)
832
833 logger.info("Mobility domain mismatch")
834 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603112201")
835 hapd1ap.mgmt_tx(msg)
836
837 logger.info("No FTIE")
838 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201")
839 hapd1ap.mgmt_tx(msg)
840
841 logger.info("FTIE SNonce mismatch")
842 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "1000000000000000000000000000000000000000000000000000000000000001" + "030a6e6173322e77312e6669")
843 hapd1ap.mgmt_tx(msg)
844
845 logger.info("No R0KH-ID subelem in FTIE")
7ab74770 846 snonce = binascii.hexlify(req['payload'][111:111+32]).decode()
211bb7c5
JM
847 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b20137520000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce)
848 hapd1ap.mgmt_tx(msg)
849
850 logger.info("No R0KH-ID subelem mismatch in FTIE")
7ab74770 851 snonce = binascii.hexlify(req['payload'][111:111+32]).decode()
211bb7c5
JM
852 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce + "030a11223344556677889900")
853 hapd1ap.mgmt_tx(msg)
854
855 logger.info("No R1KH-ID subelem in FTIE")
7ab74770 856 r0khid = binascii.hexlify(req['payload'][145:145+10]).decode()
211bb7c5
JM
857 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce + "030a" + r0khid)
858 hapd1ap.mgmt_tx(msg)
859
860 logger.info("No RSNE")
7ab74770 861 r0khid = binascii.hexlify(req['payload'][145:145+10]).decode()
211bb7c5
JM
862 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b20137660000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce + "030a" + r0khid + "0106000102030405")
863 hapd1ap.mgmt_tx(msg)
864
b553eab1
JM
865def test_ap_ft_pmf_over_ds(dev, apdev):
866 """WPA2-PSK-FT AP over DS with PMF"""
0c481b78 867 run_ap_ft_pmf_bip_over_ds(dev, apdev, None)
46b8ea21 868
ffcaca68
JM
869def test_ap_ft_pmf_bip_cmac_128_over_ds(dev, apdev):
870 """WPA2-PSK-FT AP over DS with PMF/BIP-CMAC-128"""
871 run_ap_ft_pmf_bip_over_ds(dev, apdev, "AES-128-CMAC")
872
873def test_ap_ft_pmf_bip_gmac_128_over_ds(dev, apdev):
874 """WPA2-PSK-FT AP over DS with PMF/BIP-GMAC-128"""
875 run_ap_ft_pmf_bip_over_ds(dev, apdev, "BIP-GMAC-128")
876
877def test_ap_ft_pmf_bip_gmac_256_over_ds(dev, apdev):
878 """WPA2-PSK-FT AP over DS with PMF/BIP-GMAC-256"""
879 run_ap_ft_pmf_bip_over_ds(dev, apdev, "BIP-GMAC-256")
880
881def test_ap_ft_pmf_bip_cmac_256_over_ds(dev, apdev):
882 """WPA2-PSK-FT AP over DS with PMF/BIP-CMAC-256"""
883 run_ap_ft_pmf_bip_over_ds(dev, apdev, "BIP-CMAC-256")
884
885def run_ap_ft_pmf_bip_over_ds(dev, apdev, cipher):
0c481b78 886 if cipher and cipher not in dev[0].get_capability("group_mgmt"):
ffcaca68
JM
887 raise HwsimSkip("Cipher %s not supported" % cipher)
888
889 ssid = "test-ft"
fab49f61 890 passphrase = "12345678"
ffcaca68
JM
891
892 params = ft_params1(ssid=ssid, passphrase=passphrase)
893 params["ieee80211w"] = "2"
0c481b78
JM
894 if cipher:
895 params["group_mgmt_cipher"] = cipher
ffcaca68
JM
896 hapd0 = hostapd.add_ap(apdev[0], params)
897 params = ft_params2(ssid=ssid, passphrase=passphrase)
898 params["ieee80211w"] = "2"
0c481b78
JM
899 if cipher:
900 params["group_mgmt_cipher"] = cipher
ffcaca68
JM
901 hapd1 = hostapd.add_ap(apdev[1], params)
902
0defc42a
JM
903 Wlantest.setup(hapd0)
904 wt = Wlantest()
905 wt.flush()
906 wt.add_passphrase(passphrase)
907
ffcaca68
JM
908 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
909 group_mgmt=cipher)
6e658cc4 910
aaba98d3
JM
911def test_ap_ft_over_ds_pull(dev, apdev):
912 """WPA2-PSK-FT AP over DS (pull PMK)"""
913 ssid = "test-ft"
fab49f61 914 passphrase = "12345678"
aaba98d3
JM
915
916 params = ft_params1(ssid=ssid, passphrase=passphrase)
917 params["pmk_r1_push"] = "0"
8b8a1864 918 hapd0 = hostapd.add_ap(apdev[0], params)
aaba98d3
JM
919 params = ft_params2(ssid=ssid, passphrase=passphrase)
920 params["pmk_r1_push"] = "0"
8b8a1864 921 hapd1 = hostapd.add_ap(apdev[1], params)
aaba98d3 922
a8375c94 923 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True)
aaba98d3 924
c95dd8e4
JM
925def test_ap_ft_over_ds_pull_old_key(dev, apdev):
926 """WPA2-PSK-FT AP over DS (pull PMK; old key)"""
927 ssid = "test-ft"
fab49f61 928 passphrase = "12345678"
c95dd8e4
JM
929
930 params = ft_params1_old_key(ssid=ssid, passphrase=passphrase)
931 params["pmk_r1_push"] = "0"
932 hapd0 = hostapd.add_ap(apdev[0], params)
933 params = ft_params2_old_key(ssid=ssid, passphrase=passphrase)
934 params["pmk_r1_push"] = "0"
935 hapd1 = hostapd.add_ap(apdev[1], params)
936
937 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True)
938
473e5176
MB
939def test_ap_ft_over_ds_pull_vlan(dev, apdev):
940 """WPA2-PSK-FT AP over DS (pull PMK) with VLAN"""
941 ssid = "test-ft"
fab49f61 942 passphrase = "12345678"
473e5176
MB
943
944 params = ft_params1(ssid=ssid, passphrase=passphrase)
945 params["pmk_r1_push"] = "0"
58be42b2
JM
946 params['dynamic_vlan'] = "1"
947 params['accept_mac_file'] = "hostapd.accept"
473e5176
MB
948 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
949 params = ft_params2(ssid=ssid, passphrase=passphrase)
950 params["pmk_r1_push"] = "0"
58be42b2
JM
951 params['dynamic_vlan'] = "1"
952 params['accept_mac_file'] = "hostapd.accept"
473e5176
MB
953 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
954
955 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
956 conndev="brvlan1")
957
425e5f97
JM
958def start_ft_sae(dev, apdev, wpa_ptk_rekey=None):
959 if "SAE" not in dev.get_capability("auth_alg"):
b9749b6a 960 raise HwsimSkip("SAE not supported")
6e658cc4 961 ssid = "test-ft"
fab49f61 962 passphrase = "12345678"
6e658cc4
JM
963
964 params = ft_params1(ssid=ssid, passphrase=passphrase)
965 params['wpa_key_mgmt'] = "FT-SAE"
425e5f97
JM
966 if wpa_ptk_rekey:
967 params['wpa_ptk_rekey'] = str(wpa_ptk_rekey)
8b8a1864 968 hapd0 = hostapd.add_ap(apdev[0], params)
6e658cc4
JM
969 params = ft_params2(ssid=ssid, passphrase=passphrase)
970 params['wpa_key_mgmt'] = "FT-SAE"
425e5f97
JM
971 if wpa_ptk_rekey:
972 params['wpa_ptk_rekey'] = str(wpa_ptk_rekey)
973 hapd1 = hostapd.add_ap(apdev[1], params)
974 key_mgmt = hapd1.get_config()['key_mgmt']
65038313
JM
975 if key_mgmt.split(' ')[0] != "FT-SAE":
976 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
6e658cc4 977
425e5f97
JM
978 dev.request("SET sae_groups ")
979 return hapd0, hapd1
980
981def test_ap_ft_sae(dev, apdev):
982 """WPA2-PSK-FT-SAE AP"""
983 hapd0, hapd1 = start_ft_sae(dev[0], apdev)
984 run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True)
985
986def test_ap_ft_sae_ptk_rekey0(dev, apdev):
987 """WPA2-PSK-FT-SAE AP and PTK rekey triggered by station"""
988 hapd0, hapd1 = start_ft_sae(dev[0], apdev)
989 run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True,
990 ptk_rekey="1", roams=0)
991 check_ptk_rekey(dev[0], hapd0, hapd1)
992
993def test_ap_ft_sae_ptk_rekey1(dev, apdev):
994 """WPA2-PSK-FT-SAE AP and PTK rekey triggered by station"""
995 hapd0, hapd1 = start_ft_sae(dev[0], apdev)
996 run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True,
997 ptk_rekey="1", only_one_way=True)
998 check_ptk_rekey(dev[0], hapd0, hapd1)
999
1000def test_ap_ft_sae_ptk_rekey_ap(dev, apdev):
1001 """WPA2-PSK-FT-SAE AP and PTK rekey triggered by AP"""
1002 hapd0, hapd1 = start_ft_sae(dev[0], apdev, wpa_ptk_rekey=2)
1003 run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True,
1004 only_one_way=True)
1005 check_ptk_rekey(dev[0], hapd0, hapd1)
6e658cc4
JM
1006
1007def test_ap_ft_sae_over_ds(dev, apdev):
1008 """WPA2-PSK-FT-SAE AP over DS"""
425e5f97
JM
1009 hapd0, hapd1 = start_ft_sae(dev[0], apdev)
1010 run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True,
a8375c94 1011 over_ds=True)
6f62809b 1012
425e5f97
JM
1013def test_ap_ft_sae_over_ds_ptk_rekey0(dev, apdev):
1014 """WPA2-PSK-FT-SAE AP over DS and PTK rekey triggered by station"""
1015 hapd0, hapd1 = start_ft_sae(dev[0], apdev)
1016 run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True,
1017 over_ds=True, ptk_rekey="1", roams=0)
1018 check_ptk_rekey(dev[0], hapd0, hapd1)
1019
1020def test_ap_ft_sae_over_ds_ptk_rekey1(dev, apdev):
1021 """WPA2-PSK-FT-SAE AP over DS and PTK rekey triggered by station"""
1022 hapd0, hapd1 = start_ft_sae(dev[0], apdev)
1023 run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True,
1024 over_ds=True, ptk_rekey="1", only_one_way=True)
1025 check_ptk_rekey(dev[0], hapd0, hapd1)
1026
1027def test_ap_ft_sae_over_ds_ptk_rekey_ap(dev, apdev):
1028 """WPA2-PSK-FT-SAE AP over DS and PTK rekey triggered by AP"""
1029 hapd0, hapd1 = start_ft_sae(dev[0], apdev, wpa_ptk_rekey=2)
1030 run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True,
1031 over_ds=True, only_one_way=True)
1032 check_ptk_rekey(dev[0], hapd0, hapd1)
1033
3d5b88b5
JM
1034def test_ap_ft_sae_pw_id(dev, apdev):
1035 """FT-SAE with Password Identifier"""
1036 if "SAE" not in dev[0].get_capability("auth_alg"):
1037 raise HwsimSkip("SAE not supported")
1038 ssid = "test-ft"
1039
1040 params = ft_params1(ssid=ssid)
1041 params["ieee80211w"] = "2"
1042 params['wpa_key_mgmt'] = "FT-SAE"
1043 params['sae_password'] = 'secret|id=pwid'
1044 hapd0 = hostapd.add_ap(apdev[0], params)
1045 params = ft_params2(ssid=ssid)
1046 params["ieee80211w"] = "2"
1047 params['wpa_key_mgmt'] = "FT-SAE"
1048 params['sae_password'] = 'secret|id=pwid'
1049 hapd = hostapd.add_ap(apdev[1], params)
1050
1051 dev[0].request("SET sae_groups ")
1052 run_roams(dev[0], apdev, hapd0, hapd, ssid, passphrase=None, sae=True,
1053 sae_password="secret", sae_password_id="pwid")
1054
cdf53910
JM
1055def test_ap_ft_sae_with_both_akms(dev, apdev):
1056 """SAE + FT-SAE configuration"""
1057 if "SAE" not in dev[0].get_capability("auth_alg"):
1058 raise HwsimSkip("SAE not supported")
1059 ssid = "test-ft"
1060 passphrase = "12345678"
1061
1062 params = ft_params1(ssid=ssid, passphrase=passphrase)
1063 params['wpa_key_mgmt'] = "FT-SAE SAE"
1064 hapd0 = hostapd.add_ap(apdev[0], params)
1065 params = ft_params2(ssid=ssid, passphrase=passphrase)
1066 params['wpa_key_mgmt'] = "FT-SAE SAE"
1067 hapd = hostapd.add_ap(apdev[1], params)
1068 key_mgmt = hapd.get_config()['key_mgmt']
1069 if key_mgmt.split(' ')[0] != "FT-SAE":
1070 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
1071
1072 dev[0].request("SET sae_groups ")
1073 run_roams(dev[0], apdev, hapd0, hapd, ssid, passphrase, sae=True,
1074 sae_and_psk=True)
1075
1211031a
JM
1076def test_ap_ft_sae_pmksa_caching(dev, apdev):
1077 """WPA2-FT-SAE AP and PMKSA caching for initial mobility domain association"""
1078 if "SAE" not in dev[0].get_capability("auth_alg"):
1079 raise HwsimSkip("SAE not supported")
1080 ssid = "test-ft"
1081 passphrase = "12345678"
1082
1083 params = ft_params1(ssid=ssid, passphrase=passphrase)
1084 params['wpa_key_mgmt'] = "FT-SAE"
1085 hapd0 = hostapd.add_ap(apdev[0], params)
1086 params = ft_params2(ssid=ssid, passphrase=passphrase)
1087 params['wpa_key_mgmt'] = "FT-SAE"
1088 hapd = hostapd.add_ap(apdev[1], params)
1089 key_mgmt = hapd.get_config()['key_mgmt']
1090 if key_mgmt.split(' ')[0] != "FT-SAE":
1091 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
1092
1093 dev[0].request("SET sae_groups ")
1094 run_roams(dev[0], apdev, hapd0, hapd, ssid, passphrase, sae=True,
1095 pmksa_caching=True)
1096
d269740a 1097def generic_ap_ft_eap(dev, apdev, vlan=False, cui=False, over_ds=False,
425e5f97
JM
1098 discovery=False, roams=1, wpa_ptk_rekey=0,
1099 only_one_way=False):
6f62809b 1100 ssid = "test-ft"
fab49f61 1101 passphrase = "12345678"
9c50a6d3 1102 if vlan:
fab49f61
JM
1103 identity = "gpsk-vlan1"
1104 conndev = "brvlan1"
d269740a 1105 elif cui:
fab49f61
JM
1106 identity = "gpsk-cui"
1107 conndev = False
9c50a6d3 1108 else:
fab49f61
JM
1109 identity = "gpsk user"
1110 conndev = False
6f62809b
JM
1111
1112 radius = hostapd.radius_params()
942b52a8 1113 params = ft_params1(ssid=ssid, passphrase=passphrase, discovery=discovery)
6f62809b
JM
1114 params['wpa_key_mgmt'] = "FT-EAP"
1115 params["ieee8021x"] = "1"
9c50a6d3
MB
1116 if vlan:
1117 params["dynamic_vlan"] = "1"
35d8c254 1118 params = dict(list(radius.items()) + list(params.items()))
8b8a1864 1119 hapd = hostapd.add_ap(apdev[0], params)
65038313
JM
1120 key_mgmt = hapd.get_config()['key_mgmt']
1121 if key_mgmt.split(' ')[0] != "FT-EAP":
1122 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
942b52a8 1123 params = ft_params2(ssid=ssid, passphrase=passphrase, discovery=discovery)
6f62809b
JM
1124 params['wpa_key_mgmt'] = "FT-EAP"
1125 params["ieee8021x"] = "1"
9c50a6d3
MB
1126 if vlan:
1127 params["dynamic_vlan"] = "1"
425e5f97
JM
1128 if wpa_ptk_rekey:
1129 params["wpa_ptk_rekey"] = str(wpa_ptk_rekey)
35d8c254 1130 params = dict(list(radius.items()) + list(params.items()))
8b8a1864 1131 hapd1 = hostapd.add_ap(apdev[1], params)
6f62809b 1132
942b52a8 1133 run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True,
9c50a6d3 1134 over_ds=over_ds, roams=roams, eap_identity=identity,
425e5f97 1135 conndev=conndev, only_one_way=only_one_way)
91bc6c36
JM
1136 if "[WPA2-FT/EAP-CCMP]" not in dev[0].request("SCAN_RESULTS"):
1137 raise Exception("Scan results missing RSN element info")
fab49f61
JM
1138 check_mib(dev[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-3"),
1139 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-3")])
425e5f97
JM
1140 if only_one_way:
1141 return
aaba98d3 1142
4013d688
JM
1143 # Verify EAPOL reauthentication after FT protocol
1144 if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
1145 ap = hapd
1146 else:
1147 ap = hapd1
1148 ap.request("EAPOL_REAUTH " + dev[0].own_addr())
1149 ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)
1150 if ev is None:
1151 raise Exception("EAP authentication did not start")
1152 ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=5)
1153 if ev is None:
1154 raise Exception("EAP authentication did not succeed")
1155 time.sleep(0.1)
9c50a6d3
MB
1156 if conndev:
1157 hwsim_utils.test_connectivity_iface(dev[0], ap, conndev)
1158 else:
1159 hwsim_utils.test_connectivity(dev[0], ap)
4013d688 1160
942b52a8
MB
1161def test_ap_ft_eap(dev, apdev):
1162 """WPA2-EAP-FT AP"""
1163 generic_ap_ft_eap(dev, apdev)
1164
d269740a
MB
1165def test_ap_ft_eap_cui(dev, apdev):
1166 """WPA2-EAP-FT AP with CUI"""
1167 generic_ap_ft_eap(dev, apdev, vlan=False, cui=True)
1168
9c50a6d3
MB
1169def test_ap_ft_eap_vlan(dev, apdev):
1170 """WPA2-EAP-FT AP with VLAN"""
1171 generic_ap_ft_eap(dev, apdev, vlan=True)
1172
1173def test_ap_ft_eap_vlan_multi(dev, apdev):
1174 """WPA2-EAP-FT AP with VLAN"""
1175 generic_ap_ft_eap(dev, apdev, vlan=True, roams=50)
1176
942b52a8
MB
1177def test_ap_ft_eap_over_ds(dev, apdev):
1178 """WPA2-EAP-FT AP using over-the-DS"""
1179 generic_ap_ft_eap(dev, apdev, over_ds=True)
1180
1181def test_ap_ft_eap_dis(dev, apdev):
1182 """WPA2-EAP-FT AP with AP discovery"""
1183 generic_ap_ft_eap(dev, apdev, discovery=True)
1184
1185def test_ap_ft_eap_dis_over_ds(dev, apdev):
1186 """WPA2-EAP-FT AP with AP discovery and over-the-DS"""
1187 generic_ap_ft_eap(dev, apdev, over_ds=True, discovery=True)
1188
9c50a6d3
MB
1189def test_ap_ft_eap_vlan(dev, apdev):
1190 """WPA2-EAP-FT AP with VLAN"""
1191 generic_ap_ft_eap(dev, apdev, vlan=True)
1192
1193def test_ap_ft_eap_vlan_multi(dev, apdev):
1194 """WPA2-EAP-FT AP with VLAN"""
1195 generic_ap_ft_eap(dev, apdev, vlan=True, roams=50)
1196
1197def test_ap_ft_eap_vlan_over_ds(dev, apdev):
1198 """WPA2-EAP-FT AP with VLAN + over_ds"""
1199 generic_ap_ft_eap(dev, apdev, vlan=True, over_ds=True)
1200
1201def test_ap_ft_eap_vlan_over_ds_multi(dev, apdev):
1202 """WPA2-EAP-FT AP with VLAN + over_ds"""
1203 generic_ap_ft_eap(dev, apdev, vlan=True, over_ds=True, roams=50)
1204
1205def generic_ap_ft_eap_pull(dev, apdev, vlan=False):
aaba98d3
JM
1206 """WPA2-EAP-FT AP (pull PMK)"""
1207 ssid = "test-ft"
fab49f61 1208 passphrase = "12345678"
9c50a6d3 1209 if vlan:
fab49f61
JM
1210 identity = "gpsk-vlan1"
1211 conndev = "brvlan1"
9c50a6d3 1212 else:
fab49f61
JM
1213 identity = "gpsk user"
1214 conndev = False
aaba98d3
JM
1215
1216 radius = hostapd.radius_params()
1217 params = ft_params1(ssid=ssid, passphrase=passphrase)
1218 params['wpa_key_mgmt'] = "FT-EAP"
1219 params["ieee8021x"] = "1"
1220 params["pmk_r1_push"] = "0"
9c50a6d3
MB
1221 if vlan:
1222 params["dynamic_vlan"] = "1"
35d8c254 1223 params = dict(list(radius.items()) + list(params.items()))
8b8a1864 1224 hapd = hostapd.add_ap(apdev[0], params)
aaba98d3
JM
1225 key_mgmt = hapd.get_config()['key_mgmt']
1226 if key_mgmt.split(' ')[0] != "FT-EAP":
1227 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
1228 params = ft_params2(ssid=ssid, passphrase=passphrase)
1229 params['wpa_key_mgmt'] = "FT-EAP"
1230 params["ieee8021x"] = "1"
1231 params["pmk_r1_push"] = "0"
9c50a6d3
MB
1232 if vlan:
1233 params["dynamic_vlan"] = "1"
35d8c254 1234 params = dict(list(radius.items()) + list(params.items()))
8b8a1864 1235 hapd1 = hostapd.add_ap(apdev[1], params)
aaba98d3 1236
9c50a6d3
MB
1237 run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True,
1238 eap_identity=identity, conndev=conndev)
1239
1240def test_ap_ft_eap_pull(dev, apdev):
1241 """WPA2-EAP-FT AP (pull PMK)"""
1242 generic_ap_ft_eap_pull(dev, apdev)
1243
1244def test_ap_ft_eap_pull_vlan(dev, apdev):
1245 generic_ap_ft_eap_pull(dev, apdev, vlan=True)
3b808945 1246
f81c1411
JM
1247def test_ap_ft_eap_pull_wildcard(dev, apdev):
1248 """WPA2-EAP-FT AP (pull PMK) - wildcard R0KH/R1KH"""
1249 ssid = "test-ft"
fab49f61 1250 passphrase = "12345678"
f81c1411
JM
1251
1252 radius = hostapd.radius_params()
1253 params = ft_params1(ssid=ssid, passphrase=passphrase, discovery=True)
1254 params['wpa_key_mgmt'] = "WPA-EAP FT-EAP"
1255 params["ieee8021x"] = "1"
1256 params["pmk_r1_push"] = "0"
1257 params["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
1258 params["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
1259 params["ft_psk_generate_local"] = "1"
1260 params["eap_server"] = "0"
c6ab7b55
JM
1261 params["rkh_pos_timeout"] = "100"
1262 params["rkh_neg_timeout"] = "50"
1263 params["rkh_pull_timeout"] = "1234"
1264 params["rkh_pull_retries"] = "10"
35d8c254 1265 params = dict(list(radius.items()) + list(params.items()))
f81c1411
JM
1266 hapd = hostapd.add_ap(apdev[0], params)
1267 params = ft_params2(ssid=ssid, passphrase=passphrase, discovery=True)
1268 params['wpa_key_mgmt'] = "WPA-EAP FT-EAP"
1269 params["ieee8021x"] = "1"
1270 params["pmk_r1_push"] = "0"
1271 params["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
1272 params["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
1273 params["ft_psk_generate_local"] = "1"
1274 params["eap_server"] = "0"
35d8c254 1275 params = dict(list(radius.items()) + list(params.items()))
f81c1411
JM
1276 hapd1 = hostapd.add_ap(apdev[1], params)
1277
1278 run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True)
1279
9fd6804d 1280@remote_compatible
3b808945
JM
1281def test_ap_ft_mismatching_rrb_key_push(dev, apdev):
1282 """WPA2-PSK-FT AP over DS with mismatching RRB key (push)"""
1283 ssid = "test-ft"
fab49f61 1284 passphrase = "12345678"
3b808945
JM
1285
1286 params = ft_params1(ssid=ssid, passphrase=passphrase)
bc6e3288 1287 params["ieee80211w"] = "2"
8b8a1864 1288 hapd0 = hostapd.add_ap(apdev[0], params)
3b808945 1289 params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase)
bc6e3288 1290 params["ieee80211w"] = "2"
8b8a1864 1291 hapd1 = hostapd.add_ap(apdev[1], params)
3b808945 1292
a8375c94
JM
1293 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
1294 fail_test=True)
3b808945 1295
9fd6804d 1296@remote_compatible
3b808945
JM
1297def test_ap_ft_mismatching_rrb_key_pull(dev, apdev):
1298 """WPA2-PSK-FT AP over DS with mismatching RRB key (pull)"""
1299 ssid = "test-ft"
fab49f61 1300 passphrase = "12345678"
3b808945
JM
1301
1302 params = ft_params1(ssid=ssid, passphrase=passphrase)
1303 params["pmk_r1_push"] = "0"
8b8a1864 1304 hapd0 = hostapd.add_ap(apdev[0], params)
3b808945
JM
1305 params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase)
1306 params["pmk_r1_push"] = "0"
8b8a1864 1307 hapd1 = hostapd.add_ap(apdev[1], params)
3b808945 1308
a8375c94
JM
1309 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
1310 fail_test=True)
3b808945 1311
9fd6804d 1312@remote_compatible
ae14a2e2
JM
1313def test_ap_ft_mismatching_r0kh_id_pull(dev, apdev):
1314 """WPA2-PSK-FT AP over DS with mismatching R0KH-ID (pull)"""
1315 ssid = "test-ft"
fab49f61 1316 passphrase = "12345678"
ae14a2e2
JM
1317
1318 params = ft_params1(ssid=ssid, passphrase=passphrase)
1319 params["pmk_r1_push"] = "0"
1320 params["nas_identifier"] = "nas0.w1.fi"
8b8a1864 1321 hostapd.add_ap(apdev[0], params)
2f816c21
JM
1322 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1323 scan_freq="2412")
ae14a2e2
JM
1324
1325 params = ft_params2(ssid=ssid, passphrase=passphrase)
1326 params["pmk_r1_push"] = "0"
8b8a1864 1327 hostapd.add_ap(apdev[1], params)
ae14a2e2
JM
1328
1329 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
1330 dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True)
1331
9fd6804d 1332@remote_compatible
3b808945
JM
1333def test_ap_ft_mismatching_rrb_r0kh_push(dev, apdev):
1334 """WPA2-PSK-FT AP over DS with mismatching R0KH key (push)"""
1335 ssid = "test-ft"
fab49f61 1336 passphrase = "12345678"
3b808945
JM
1337
1338 params = ft_params1(ssid=ssid, passphrase=passphrase)
bc6e3288 1339 params["ieee80211w"] = "2"
8b8a1864 1340 hapd0 = hostapd.add_ap(apdev[0], params)
3b808945 1341 params = ft_params2_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
bc6e3288 1342 params["ieee80211w"] = "2"
8b8a1864 1343 hapd1 = hostapd.add_ap(apdev[1], params)
3b808945 1344
a8375c94
JM
1345 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
1346 fail_test=True)
3b808945 1347
9fd6804d 1348@remote_compatible
3b808945
JM
1349def test_ap_ft_mismatching_rrb_r0kh_pull(dev, apdev):
1350 """WPA2-PSK-FT AP over DS with mismatching R0KH key (pull)"""
1351 ssid = "test-ft"
fab49f61 1352 passphrase = "12345678"
3b808945
JM
1353
1354 params = ft_params1_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
1355 params["pmk_r1_push"] = "0"
8b8a1864 1356 hapd0 = hostapd.add_ap(apdev[0], params)
3b808945
JM
1357 params = ft_params2(ssid=ssid, passphrase=passphrase)
1358 params["pmk_r1_push"] = "0"
8b8a1864 1359 hapd1 = hostapd.add_ap(apdev[1], params)
3b808945 1360
a8375c94
JM
1361 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
1362 fail_test=True)
c6b6e105 1363
150948e6
MB
1364def test_ap_ft_mismatching_rrb_key_push_eap(dev, apdev):
1365 """WPA2-EAP-FT AP over DS with mismatching RRB key (push)"""
1366 ssid = "test-ft"
fab49f61 1367 passphrase = "12345678"
150948e6
MB
1368
1369 radius = hostapd.radius_params()
1370 params = ft_params1(ssid=ssid, passphrase=passphrase)
58be42b2 1371 params["ieee80211w"] = "2"
150948e6
MB
1372 params['wpa_key_mgmt'] = "FT-EAP"
1373 params["ieee8021x"] = "1"
35d8c254 1374 params = dict(list(radius.items()) + list(params.items()))
b098542c 1375 hapd0 = hostapd.add_ap(apdev[0], params)
150948e6 1376 params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase)
58be42b2 1377 params["ieee80211w"] = "2"
150948e6
MB
1378 params['wpa_key_mgmt'] = "FT-EAP"
1379 params["ieee8021x"] = "1"
35d8c254 1380 params = dict(list(radius.items()) + list(params.items()))
b098542c 1381 hapd1 = hostapd.add_ap(apdev[1], params)
150948e6
MB
1382
1383 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
1384 fail_test=True, eap=True)
1385
1386def test_ap_ft_mismatching_rrb_key_pull_eap(dev, apdev):
1387 """WPA2-EAP-FT AP over DS with mismatching RRB key (pull)"""
1388 ssid = "test-ft"
fab49f61 1389 passphrase = "12345678"
150948e6
MB
1390
1391 radius = hostapd.radius_params()
1392 params = ft_params1(ssid=ssid, passphrase=passphrase)
1393 params["pmk_r1_push"] = "0"
1394 params['wpa_key_mgmt'] = "FT-EAP"
1395 params["ieee8021x"] = "1"
35d8c254 1396 params = dict(list(radius.items()) + list(params.items()))
b098542c 1397 hapd0 = hostapd.add_ap(apdev[0], params)
150948e6
MB
1398 params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase)
1399 params["pmk_r1_push"] = "0"
1400 params['wpa_key_mgmt'] = "FT-EAP"
1401 params["ieee8021x"] = "1"
35d8c254 1402 params = dict(list(radius.items()) + list(params.items()))
b098542c 1403 hapd1 = hostapd.add_ap(apdev[1], params)
150948e6
MB
1404
1405 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
1406 fail_test=True, eap=True)
1407
1408def test_ap_ft_mismatching_r0kh_id_pull_eap(dev, apdev):
1409 """WPA2-EAP-FT AP over DS with mismatching R0KH-ID (pull)"""
1410 ssid = "test-ft"
fab49f61 1411 passphrase = "12345678"
150948e6
MB
1412
1413 radius = hostapd.radius_params()
1414 params = ft_params1(ssid=ssid, passphrase=passphrase)
1415 params["pmk_r1_push"] = "0"
1416 params["nas_identifier"] = "nas0.w1.fi"
1417 params['wpa_key_mgmt'] = "FT-EAP"
1418 params["ieee8021x"] = "1"
35d8c254 1419 params = dict(list(radius.items()) + list(params.items()))
b098542c 1420 hostapd.add_ap(apdev[0], params)
150948e6
MB
1421 dev[0].connect(ssid, key_mgmt="FT-EAP", proto="WPA2", ieee80211w="1",
1422 eap="GPSK", identity="gpsk user",
1423 password="abcdefghijklmnop0123456789abcdef",
1424 scan_freq="2412")
1425
1426 params = ft_params2(ssid=ssid, passphrase=passphrase)
1427 params["pmk_r1_push"] = "0"
1428 params['wpa_key_mgmt'] = "FT-EAP"
1429 params["ieee8021x"] = "1"
35d8c254 1430 params = dict(list(radius.items()) + list(params.items()))
b098542c 1431 hostapd.add_ap(apdev[1], params)
150948e6
MB
1432
1433 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
1434 dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True)
1435
1436def test_ap_ft_mismatching_rrb_r0kh_push_eap(dev, apdev):
1437 """WPA2-EAP-FT AP over DS with mismatching R0KH key (push)"""
1438 ssid = "test-ft"
fab49f61 1439 passphrase = "12345678"
150948e6
MB
1440
1441 radius = hostapd.radius_params()
1442 params = ft_params1(ssid=ssid, passphrase=passphrase)
58be42b2 1443 params["ieee80211w"] = "2"
150948e6
MB
1444 params['wpa_key_mgmt'] = "FT-EAP"
1445 params["ieee8021x"] = "1"
35d8c254 1446 params = dict(list(radius.items()) + list(params.items()))
b098542c 1447 hapd0 = hostapd.add_ap(apdev[0], params)
150948e6 1448 params = ft_params2_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
58be42b2 1449 params["ieee80211w"] = "2"
150948e6
MB
1450 params['wpa_key_mgmt'] = "FT-EAP"
1451 params["ieee8021x"] = "1"
35d8c254 1452 params = dict(list(radius.items()) + list(params.items()))
b098542c 1453 hapd1 = hostapd.add_ap(apdev[1], params)
150948e6
MB
1454
1455 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
1456 fail_test=True, eap=True)
1457
1458def test_ap_ft_mismatching_rrb_r0kh_pull_eap(dev, apdev):
1459 """WPA2-EAP-FT AP over DS with mismatching R0KH key (pull)"""
1460 ssid = "test-ft"
fab49f61 1461 passphrase = "12345678"
150948e6
MB
1462
1463 radius = hostapd.radius_params()
1464 params = ft_params1_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
1465 params["pmk_r1_push"] = "0"
1466 params['wpa_key_mgmt'] = "FT-EAP"
1467 params["ieee8021x"] = "1"
35d8c254 1468 params = dict(list(radius.items()) + list(params.items()))
b098542c 1469 hapd0 = hostapd.add_ap(apdev[0], params)
150948e6
MB
1470 params = ft_params2(ssid=ssid, passphrase=passphrase)
1471 params["pmk_r1_push"] = "0"
1472 params['wpa_key_mgmt'] = "FT-EAP"
1473 params["ieee8021x"] = "1"
35d8c254 1474 params = dict(list(radius.items()) + list(params.items()))
b098542c 1475 hapd1 = hostapd.add_ap(apdev[1], params)
150948e6
MB
1476
1477 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
1478 fail_test=True, eap=True)
1479
c6b6e105
JM
1480def test_ap_ft_gtk_rekey(dev, apdev):
1481 """WPA2-PSK-FT AP and GTK rekey"""
1482 ssid = "test-ft"
fab49f61 1483 passphrase = "12345678"
c6b6e105
JM
1484
1485 params = ft_params1(ssid=ssid, passphrase=passphrase)
1486 params['wpa_group_rekey'] = '1'
8b8a1864 1487 hapd = hostapd.add_ap(apdev[0], params)
c6b6e105
JM
1488
1489 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2f816c21 1490 ieee80211w="1", scan_freq="2412")
c6b6e105
JM
1491
1492 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
1493 if ev is None:
1494 raise Exception("GTK rekey timed out after initial association")
a8375c94 1495 hwsim_utils.test_connectivity(dev[0], hapd)
c6b6e105
JM
1496
1497 params = ft_params2(ssid=ssid, passphrase=passphrase)
1498 params['wpa_group_rekey'] = '1'
8b8a1864 1499 hapd1 = hostapd.add_ap(apdev[1], params)
c6b6e105
JM
1500
1501 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
1502 dev[0].roam(apdev[1]['bssid'])
1503 if dev[0].get_status_field('bssid') != apdev[1]['bssid']:
1504 raise Exception("Did not connect to correct AP")
a8375c94 1505 hwsim_utils.test_connectivity(dev[0], hapd1)
c6b6e105
JM
1506
1507 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
1508 if ev is None:
1509 raise Exception("GTK rekey timed out after FT protocol")
a8375c94 1510 hwsim_utils.test_connectivity(dev[0], hapd1)
5b3c40a6
JM
1511
1512def test_ft_psk_key_lifetime_in_memory(dev, apdev, params):
1513 """WPA2-PSK-FT and key lifetime in memory"""
1514 ssid = "test-ft"
fab49f61 1515 passphrase = "04c2726b4b8d5f1b4db9c07aa4d9e9d8f765cb5d25ec817e6cc4fcdd5255db0"
5b3c40a6
JM
1516 psk = '93c90846ff67af9037ed83fb72b63dbeddaa81d47f926c20909b5886f1d9358d'
1517 pmk = binascii.unhexlify(psk)
1518 p = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 1519 hapd0 = hostapd.add_ap(apdev[0], p)
5b3c40a6 1520 p = ft_params2(ssid=ssid, passphrase=passphrase)
8b8a1864 1521 hapd1 = hostapd.add_ap(apdev[1], p)
5b3c40a6
JM
1522
1523 pid = find_wpas_process(dev[0])
1524
1525 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1526 scan_freq="2412")
8e416cec
JM
1527 # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
1528 # event has been delivered, so verify that wpa_supplicant has returned to
1529 # eloop before reading process memory.
54f2cae2 1530 time.sleep(1)
8e416cec 1531 dev[0].ping()
5b3c40a6
JM
1532
1533 buf = read_process_memory(pid, pmk)
1534
1535 dev[0].request("DISCONNECT")
1536 dev[0].wait_disconnected()
1537
1538 dev[0].relog()
1539 pmkr0 = None
1540 pmkr1 = None
1541 ptk = None
1542 gtk = None
1543 with open(os.path.join(params['logdir'], 'log0'), 'r') as f:
1544 for l in f.readlines():
1545 if "FT: PMK-R0 - hexdump" in l:
1546 val = l.strip().split(':')[3].replace(' ', '')
1547 pmkr0 = binascii.unhexlify(val)
1548 if "FT: PMK-R1 - hexdump" in l:
1549 val = l.strip().split(':')[3].replace(' ', '')
1550 pmkr1 = binascii.unhexlify(val)
f918b95b 1551 if "FT: KCK - hexdump" in l:
5b3c40a6 1552 val = l.strip().split(':')[3].replace(' ', '')
f918b95b
JM
1553 kck = binascii.unhexlify(val)
1554 if "FT: KEK - hexdump" in l:
1555 val = l.strip().split(':')[3].replace(' ', '')
1556 kek = binascii.unhexlify(val)
1557 if "FT: TK - hexdump" in l:
1558 val = l.strip().split(':')[3].replace(' ', '')
1559 tk = binascii.unhexlify(val)
5b3c40a6
JM
1560 if "WPA: Group Key - hexdump" in l:
1561 val = l.strip().split(':')[3].replace(' ', '')
1562 gtk = binascii.unhexlify(val)
f918b95b 1563 if not pmkr0 or not pmkr1 or not kck or not kek or not tk or not gtk:
5b3c40a6
JM
1564 raise Exception("Could not find keys from debug log")
1565 if len(gtk) != 16:
1566 raise Exception("Unexpected GTK length")
1567
5b3c40a6
JM
1568 logger.info("Checking keys in memory while associated")
1569 get_key_locations(buf, pmk, "PMK")
1570 get_key_locations(buf, pmkr0, "PMK-R0")
1571 get_key_locations(buf, pmkr1, "PMK-R1")
1572 if pmk not in buf:
81e787b7 1573 raise HwsimSkip("PMK not found while associated")
5b3c40a6 1574 if pmkr0 not in buf:
81e787b7 1575 raise HwsimSkip("PMK-R0 not found while associated")
5b3c40a6 1576 if pmkr1 not in buf:
81e787b7 1577 raise HwsimSkip("PMK-R1 not found while associated")
5b3c40a6
JM
1578 if kck not in buf:
1579 raise Exception("KCK not found while associated")
1580 if kek not in buf:
1581 raise Exception("KEK not found while associated")
b74f82a4
JM
1582 #if tk in buf:
1583 # raise Exception("TK found from memory")
5b3c40a6
JM
1584
1585 logger.info("Checking keys in memory after disassociation")
1586 buf = read_process_memory(pid, pmk)
1587 get_key_locations(buf, pmk, "PMK")
1588 get_key_locations(buf, pmkr0, "PMK-R0")
1589 get_key_locations(buf, pmkr1, "PMK-R1")
1590
1591 # Note: PMK/PSK is still present in network configuration
1592
1593 fname = os.path.join(params['logdir'],
1594 'ft_psk_key_lifetime_in_memory.memctx-')
1595 verify_not_present(buf, pmkr0, fname, "PMK-R0")
1596 verify_not_present(buf, pmkr1, fname, "PMK-R1")
1597 verify_not_present(buf, kck, fname, "KCK")
1598 verify_not_present(buf, kek, fname, "KEK")
1599 verify_not_present(buf, tk, fname, "TK")
6db556b2
JM
1600 if gtk in buf:
1601 get_key_locations(buf, gtk, "GTK")
5b3c40a6
JM
1602 verify_not_present(buf, gtk, fname, "GTK")
1603
1604 dev[0].request("REMOVE_NETWORK all")
1605
1606 logger.info("Checking keys in memory after network profile removal")
1607 buf = read_process_memory(pid, pmk)
1608 get_key_locations(buf, pmk, "PMK")
1609 get_key_locations(buf, pmkr0, "PMK-R0")
1610 get_key_locations(buf, pmkr1, "PMK-R1")
1611
1612 verify_not_present(buf, pmk, fname, "PMK")
1613 verify_not_present(buf, pmkr0, fname, "PMK-R0")
1614 verify_not_present(buf, pmkr1, fname, "PMK-R1")
1615 verify_not_present(buf, kck, fname, "KCK")
1616 verify_not_present(buf, kek, fname, "KEK")
1617 verify_not_present(buf, tk, fname, "TK")
1618 verify_not_present(buf, gtk, fname, "GTK")
664093b5 1619
9fd6804d 1620@remote_compatible
664093b5
JM
1621def test_ap_ft_invalid_resp(dev, apdev):
1622 """WPA2-PSK-FT AP and invalid response IEs"""
1623 ssid = "test-ft"
fab49f61 1624 passphrase = "12345678"
664093b5
JM
1625
1626 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 1627 hapd0 = hostapd.add_ap(apdev[0], params)
664093b5
JM
1628 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1629 scan_freq="2412")
1630
1631 params = ft_params2(ssid=ssid, passphrase=passphrase)
8b8a1864 1632 hapd1 = hostapd.add_ap(apdev[1], params)
664093b5
JM
1633
1634 tests = [
1635 # Various IEs for test coverage. The last one is FTIE with invalid
1636 # R1KH-ID subelement.
1637 "020002000000" + "3800" + "38051122334455" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010100",
1638 # FTIE with invalid R0KH-ID subelement (len=0).
1639 "020002000000" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010300",
1640 # FTIE with invalid R0KH-ID subelement (len=49).
1641 "020002000000" + "378500010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001033101020304050607080910111213141516171819202122232425262728293031323334353637383940414243444546474849",
1642 # Invalid RSNE.
1643 "020002000000" + "3000",
1644 # Required IEs missing from protected IE count.
1645 "020002000000" + "3603a1b201" + "375200010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
1646 # RIC missing from protected IE count.
1647 "020002000000" + "3603a1b201" + "375200020203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
1648 # Protected IE missing.
fab49f61 1649 "020002000000" + "3603a1b201" + "375200ff0203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900" + "0000"]
664093b5
JM
1650 for t in tests:
1651 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
1652 hapd1.set("ext_mgmt_frame_handling", "1")
1653 hapd1.dump_monitor()
1654 if "OK" not in dev[0].request("ROAM " + apdev[1]['bssid']):
1655 raise Exception("ROAM failed")
1656 auth = None
1657 for i in range(20):
1658 msg = hapd1.mgmt_rx()
1659 if msg['subtype'] == 11:
1660 auth = msg
1661 break
1662 if not auth:
1663 raise Exception("Authentication frame not seen")
1664
1665 resp = {}
1666 resp['fc'] = auth['fc']
1667 resp['da'] = auth['sa']
1668 resp['sa'] = auth['da']
1669 resp['bssid'] = auth['bssid']
1670 resp['payload'] = binascii.unhexlify(t)
1671 hapd1.mgmt_tx(resp)
1672 hapd1.set("ext_mgmt_frame_handling", "0")
1673 dev[0].wait_disconnected()
1674
1675 dev[0].request("RECONNECT")
1676 dev[0].wait_connected()
7b741a53
JM
1677
1678def test_ap_ft_gcmp_256(dev, apdev):
1679 """WPA2-PSK-FT AP with GCMP-256 cipher"""
1680 if "GCMP-256" not in dev[0].get_capability("pairwise"):
1681 raise HwsimSkip("Cipher GCMP-256 not supported")
1682 ssid = "test-ft"
fab49f61 1683 passphrase = "12345678"
7b741a53
JM
1684
1685 params = ft_params1(ssid=ssid, passphrase=passphrase)
1686 params['rsn_pairwise'] = "GCMP-256"
8b8a1864 1687 hapd0 = hostapd.add_ap(apdev[0], params)
7b741a53
JM
1688 params = ft_params2(ssid=ssid, passphrase=passphrase)
1689 params['rsn_pairwise'] = "GCMP-256"
8b8a1864 1690 hapd1 = hostapd.add_ap(apdev[1], params)
7b741a53
JM
1691
1692 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase,
1693 pairwise_cipher="GCMP-256", group_cipher="GCMP-256")
cf671d54 1694
63a7683b 1695def setup_ap_ft_oom(dev, apdev):
38934ed1 1696 skip_with_fips(dev[0])
cf671d54 1697 ssid = "test-ft"
fab49f61 1698 passphrase = "12345678"
cf671d54
JM
1699
1700 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 1701 hapd0 = hostapd.add_ap(apdev[0], params)
cf671d54 1702 params = ft_params2(ssid=ssid, passphrase=passphrase)
8b8a1864 1703 hapd1 = hostapd.add_ap(apdev[1], params)
cf671d54
JM
1704
1705 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1706 scan_freq="2412")
1707 if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
1708 dst = apdev[1]['bssid']
1709 else:
1710 dst = apdev[0]['bssid']
1711
1712 dev[0].scan_for_bss(dst, freq="2412")
63a7683b
JM
1713
1714 return dst
1715
1716def test_ap_ft_oom(dev, apdev):
1717 """WPA2-PSK-FT and OOM"""
1718 dst = setup_ap_ft_oom(dev, apdev)
cf671d54
JM
1719 with alloc_fail(dev[0], 1, "wpa_ft_gen_req_ies"):
1720 dev[0].roam(dst)
63a7683b
JM
1721
1722def test_ap_ft_oom2(dev, apdev):
1723 """WPA2-PSK-FT and OOM (2)"""
1724 dst = setup_ap_ft_oom(dev, apdev)
7cbc8e67 1725 with fail_test(dev[0], 1, "wpa_ft_mic"):
63a7683b
JM
1726 dev[0].roam(dst, fail_test=True, assoc_reject_ok=True)
1727
1728def test_ap_ft_oom3(dev, apdev):
1729 """WPA2-PSK-FT and OOM (3)"""
1730 dst = setup_ap_ft_oom(dev, apdev)
cf671d54 1731 with fail_test(dev[0], 1, "os_get_random;wpa_ft_prepare_auth_request"):
63a7683b 1732 dev[0].roam(dst)
34d3eaa8 1733
63a7683b
JM
1734def test_ap_ft_oom4(dev, apdev):
1735 """WPA2-PSK-FT and OOM (4)"""
1736 ssid = "test-ft"
fab49f61 1737 passphrase = "12345678"
63a7683b 1738 dst = setup_ap_ft_oom(dev, apdev)
dcbb5d80
JM
1739 dev[0].request("REMOVE_NETWORK all")
1740 with alloc_fail(dev[0], 1, "=sme_update_ft_ies"):
1741 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1742 scan_freq="2412")
1743
682a79f0
JM
1744def test_ap_ft_ap_oom(dev, apdev):
1745 """WPA2-PSK-FT and AP OOM"""
1746 ssid = "test-ft"
fab49f61 1747 passphrase = "12345678"
682a79f0
JM
1748
1749 params = ft_params1(ssid=ssid, passphrase=passphrase)
1750 hapd0 = hostapd.add_ap(apdev[0], params)
1751 bssid0 = hapd0.own_addr()
1752
1753 dev[0].scan_for_bss(bssid0, freq="2412")
1754 with alloc_fail(hapd0, 1, "wpa_ft_store_pmk_r0"):
1755 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1756 scan_freq="2412")
1757
1758 params = ft_params2(ssid=ssid, passphrase=passphrase)
1759 hapd1 = hostapd.add_ap(apdev[1], params)
1760 bssid1 = hapd1.own_addr()
1761 dev[0].scan_for_bss(bssid1, freq="2412")
1762 # This roam will fail due to missing PMK-R0 (OOM prevented storing it)
1763 dev[0].roam(bssid1)
1764
1765def test_ap_ft_ap_oom2(dev, apdev):
1766 """WPA2-PSK-FT and AP OOM 2"""
1767 ssid = "test-ft"
fab49f61 1768 passphrase = "12345678"
682a79f0
JM
1769
1770 params = ft_params1(ssid=ssid, passphrase=passphrase)
1771 hapd0 = hostapd.add_ap(apdev[0], params)
1772 bssid0 = hapd0.own_addr()
1773
1774 dev[0].scan_for_bss(bssid0, freq="2412")
1775 with alloc_fail(hapd0, 1, "wpa_ft_store_pmk_r1"):
1776 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1777 scan_freq="2412")
1778
1779 params = ft_params2(ssid=ssid, passphrase=passphrase)
1780 hapd1 = hostapd.add_ap(apdev[1], params)
1781 bssid1 = hapd1.own_addr()
1782 dev[0].scan_for_bss(bssid1, freq="2412")
1783 dev[0].roam(bssid1)
1784 if dev[0].get_status_field('bssid') != bssid1:
1785 raise Exception("Did not roam to AP1")
1786 # This roam will fail due to missing PMK-R1 (OOM prevented storing it)
1787 dev[0].roam(bssid0)
1788
1789def test_ap_ft_ap_oom3(dev, apdev):
1790 """WPA2-PSK-FT and AP OOM 3"""
1791 ssid = "test-ft"
fab49f61 1792 passphrase = "12345678"
682a79f0
JM
1793
1794 params = ft_params1(ssid=ssid, passphrase=passphrase)
1795 hapd0 = hostapd.add_ap(apdev[0], params)
1796 bssid0 = hapd0.own_addr()
1797
1798 dev[0].scan_for_bss(bssid0, freq="2412")
1799 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1800 scan_freq="2412")
1801
1802 params = ft_params2(ssid=ssid, passphrase=passphrase)
1803 hapd1 = hostapd.add_ap(apdev[1], params)
1804 bssid1 = hapd1.own_addr()
1805 dev[0].scan_for_bss(bssid1, freq="2412")
1806 with alloc_fail(hapd1, 1, "wpa_ft_pull_pmk_r1"):
1807 # This will fail due to not being able to send out PMK-R1 pull request
1808 dev[0].roam(bssid1)
1809
ba88dd65 1810 with fail_test(hapd1, 2, "os_get_random;wpa_ft_pull_pmk_r1"):
682a79f0
JM
1811 # This will fail due to not being able to send out PMK-R1 pull request
1812 dev[0].roam(bssid1)
1813
ba88dd65
MB
1814 with fail_test(hapd1, 2, "aes_siv_encrypt;wpa_ft_pull_pmk_r1"):
1815 # This will fail due to not being able to send out PMK-R1 pull request
1816 dev[0].roam(bssid1)
1817
1818def test_ap_ft_ap_oom3b(dev, apdev):
1819 """WPA2-PSK-FT and AP OOM 3b"""
1820 ssid = "test-ft"
fab49f61 1821 passphrase = "12345678"
ba88dd65
MB
1822
1823 params = ft_params1(ssid=ssid, passphrase=passphrase)
1824 hapd0 = hostapd.add_ap(apdev[0], params)
1825 bssid0 = hapd0.own_addr()
1826
1827 dev[0].scan_for_bss(bssid0, freq="2412")
1828 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1829 scan_freq="2412")
1830
1831 params = ft_params2(ssid=ssid, passphrase=passphrase)
1832 hapd1 = hostapd.add_ap(apdev[1], params)
1833 bssid1 = hapd1.own_addr()
1834 dev[0].scan_for_bss(bssid1, freq="2412")
1835 with fail_test(hapd1, 1, "os_get_random;wpa_ft_pull_pmk_r1"):
682a79f0
JM
1836 # This will fail due to not being able to send out PMK-R1 pull request
1837 dev[0].roam(bssid1)
1838
1839def test_ap_ft_ap_oom4(dev, apdev):
1840 """WPA2-PSK-FT and AP OOM 4"""
1841 ssid = "test-ft"
fab49f61 1842 passphrase = "12345678"
682a79f0
JM
1843
1844 params = ft_params1(ssid=ssid, passphrase=passphrase)
1845 hapd0 = hostapd.add_ap(apdev[0], params)
1846 bssid0 = hapd0.own_addr()
1847
1848 dev[0].scan_for_bss(bssid0, freq="2412")
1849 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1850 scan_freq="2412")
1851
1852 params = ft_params2(ssid=ssid, passphrase=passphrase)
1853 hapd1 = hostapd.add_ap(apdev[1], params)
1854 bssid1 = hapd1.own_addr()
1855 dev[0].scan_for_bss(bssid1, freq="2412")
1856 with alloc_fail(hapd1, 1, "wpa_ft_gtk_subelem"):
1857 dev[0].roam(bssid1)
1858 if dev[0].get_status_field('bssid') != bssid1:
1859 raise Exception("Did not roam to AP1")
1860
1861 with fail_test(hapd0, 1, "wpa_auth_get_seqnum;wpa_ft_gtk_subelem"):
1862 dev[0].roam(bssid0)
1863 if dev[0].get_status_field('bssid') != bssid0:
1864 raise Exception("Did not roam to AP0")
1865
1866 with fail_test(hapd0, 1, "aes_wrap;wpa_ft_gtk_subelem"):
1867 dev[0].roam(bssid1)
1868 if dev[0].get_status_field('bssid') != bssid1:
1869 raise Exception("Did not roam to AP1")
1870
1871def test_ap_ft_ap_oom5(dev, apdev):
1872 """WPA2-PSK-FT and AP OOM 5"""
1873 ssid = "test-ft"
fab49f61 1874 passphrase = "12345678"
682a79f0
JM
1875
1876 params = ft_params1(ssid=ssid, passphrase=passphrase)
1877 hapd0 = hostapd.add_ap(apdev[0], params)
1878 bssid0 = hapd0.own_addr()
1879
1880 dev[0].scan_for_bss(bssid0, freq="2412")
1881 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1882 scan_freq="2412")
1883
1884 params = ft_params2(ssid=ssid, passphrase=passphrase)
1885 hapd1 = hostapd.add_ap(apdev[1], params)
1886 bssid1 = hapd1.own_addr()
1887 dev[0].scan_for_bss(bssid1, freq="2412")
1888 with alloc_fail(hapd1, 1, "=wpa_ft_process_auth_req"):
1889 # This will fail to roam
1890 dev[0].roam(bssid1)
1891
1892 with fail_test(hapd1, 1, "os_get_random;wpa_ft_process_auth_req"):
1893 # This will fail to roam
1894 dev[0].roam(bssid1)
1895
1896 with fail_test(hapd1, 1, "sha256_prf_bits;wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
1897 # This will fail to roam
1898 dev[0].roam(bssid1)
1899
1900 with fail_test(hapd1, 3, "wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
1901 # This will fail to roam
1902 dev[0].roam(bssid1)
1903
1904 with fail_test(hapd1, 1, "wpa_derive_pmk_r1_name;wpa_ft_process_auth_req"):
1905 # This will fail to roam
1906 dev[0].roam(bssid1)
1907
1908def test_ap_ft_ap_oom6(dev, apdev):
1909 """WPA2-PSK-FT and AP OOM 6"""
1910 ssid = "test-ft"
fab49f61 1911 passphrase = "12345678"
682a79f0
JM
1912
1913 params = ft_params1(ssid=ssid, passphrase=passphrase)
1914 hapd0 = hostapd.add_ap(apdev[0], params)
1915 bssid0 = hapd0.own_addr()
1916
1917 dev[0].scan_for_bss(bssid0, freq="2412")
1918 with fail_test(hapd0, 1, "wpa_derive_pmk_r0;wpa_auth_derive_ptk_ft"):
1919 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1920 scan_freq="2412")
1921 dev[0].request("REMOVE_NETWORK all")
1922 dev[0].wait_disconnected()
1923 with fail_test(hapd0, 1, "wpa_derive_pmk_r1;wpa_auth_derive_ptk_ft"):
1924 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1925 scan_freq="2412")
1926 dev[0].request("REMOVE_NETWORK all")
1927 dev[0].wait_disconnected()
1928 with fail_test(hapd0, 1, "wpa_pmk_r1_to_ptk;wpa_auth_derive_ptk_ft"):
1929 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1930 scan_freq="2412")
1931
c5262648
JM
1932def test_ap_ft_ap_oom7a(dev, apdev):
1933 """WPA2-PSK-FT and AP OOM 7a"""
682a79f0 1934 ssid = "test-ft"
fab49f61 1935 passphrase = "12345678"
682a79f0
JM
1936
1937 params = ft_params1(ssid=ssid, passphrase=passphrase)
1938 params["ieee80211w"] = "2"
1939 hapd0 = hostapd.add_ap(apdev[0], params)
1940 bssid0 = hapd0.own_addr()
1941
1942 dev[0].scan_for_bss(bssid0, freq="2412")
1943 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1944 ieee80211w="2", scan_freq="2412")
1945
1946 params = ft_params2(ssid=ssid, passphrase=passphrase)
1947 params["ieee80211w"] = "2"
1948 hapd1 = hostapd.add_ap(apdev[1], params)
1949 bssid1 = hapd1.own_addr()
1950 dev[0].scan_for_bss(bssid1, freq="2412")
1951 with alloc_fail(hapd1, 1, "wpa_ft_igtk_subelem"):
1952 # This will fail to roam
1953 dev[0].roam(bssid1)
c5262648
JM
1954
1955def test_ap_ft_ap_oom7b(dev, apdev):
1956 """WPA2-PSK-FT and AP OOM 7b"""
1957 ssid = "test-ft"
fab49f61 1958 passphrase = "12345678"
c5262648
JM
1959
1960 params = ft_params1(ssid=ssid, passphrase=passphrase)
1961 params["ieee80211w"] = "2"
1962 hapd0 = hostapd.add_ap(apdev[0], params)
1963 bssid0 = hapd0.own_addr()
1964
1965 dev[0].scan_for_bss(bssid0, freq="2412")
1966 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1967 ieee80211w="2", scan_freq="2412")
1968
1969 params = ft_params2(ssid=ssid, passphrase=passphrase)
1970 params["ieee80211w"] = "2"
1971 hapd1 = hostapd.add_ap(apdev[1], params)
1972 bssid1 = hapd1.own_addr()
1973 dev[0].scan_for_bss(bssid1, freq="2412")
682a79f0
JM
1974 with fail_test(hapd1, 1, "aes_wrap;wpa_ft_igtk_subelem"):
1975 # This will fail to roam
1976 dev[0].roam(bssid1)
c5262648
JM
1977
1978def test_ap_ft_ap_oom7c(dev, apdev):
1979 """WPA2-PSK-FT and AP OOM 7c"""
1980 ssid = "test-ft"
fab49f61 1981 passphrase = "12345678"
c5262648
JM
1982
1983 params = ft_params1(ssid=ssid, passphrase=passphrase)
1984 params["ieee80211w"] = "2"
1985 hapd0 = hostapd.add_ap(apdev[0], params)
1986 bssid0 = hapd0.own_addr()
1987
1988 dev[0].scan_for_bss(bssid0, freq="2412")
1989 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1990 ieee80211w="2", scan_freq="2412")
1991
1992 params = ft_params2(ssid=ssid, passphrase=passphrase)
1993 params["ieee80211w"] = "2"
1994 hapd1 = hostapd.add_ap(apdev[1], params)
1995 bssid1 = hapd1.own_addr()
1996 dev[0].scan_for_bss(bssid1, freq="2412")
682a79f0
JM
1997 with alloc_fail(hapd1, 1, "=wpa_sm_write_assoc_resp_ies"):
1998 # This will fail to roam
1999 dev[0].roam(bssid1)
c5262648
JM
2000
2001def test_ap_ft_ap_oom7d(dev, apdev):
2002 """WPA2-PSK-FT and AP OOM 7d"""
2003 ssid = "test-ft"
fab49f61 2004 passphrase = "12345678"
c5262648
JM
2005
2006 params = ft_params1(ssid=ssid, passphrase=passphrase)
2007 params["ieee80211w"] = "2"
2008 hapd0 = hostapd.add_ap(apdev[0], params)
2009 bssid0 = hapd0.own_addr()
2010
2011 dev[0].scan_for_bss(bssid0, freq="2412")
2012 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2013 ieee80211w="2", scan_freq="2412")
2014
2015 params = ft_params2(ssid=ssid, passphrase=passphrase)
2016 params["ieee80211w"] = "2"
2017 hapd1 = hostapd.add_ap(apdev[1], params)
2018 bssid1 = hapd1.own_addr()
2019 dev[0].scan_for_bss(bssid1, freq="2412")
682a79f0
JM
2020 with fail_test(hapd1, 1, "wpa_ft_mic;wpa_sm_write_assoc_resp_ies"):
2021 # This will fail to roam
2022 dev[0].roam(bssid1)
2023
2024def test_ap_ft_ap_oom8(dev, apdev):
2025 """WPA2-PSK-FT and AP OOM 8"""
2026 ssid = "test-ft"
fab49f61 2027 passphrase = "12345678"
682a79f0
JM
2028
2029 params = ft_params1(ssid=ssid, passphrase=passphrase)
58be42b2 2030 params['ft_psk_generate_local'] = "1"
682a79f0
JM
2031 hapd0 = hostapd.add_ap(apdev[0], params)
2032 bssid0 = hapd0.own_addr()
2033
2034 dev[0].scan_for_bss(bssid0, freq="2412")
2035 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2036 scan_freq="2412")
2037
2038 params = ft_params2(ssid=ssid, passphrase=passphrase)
58be42b2 2039 params['ft_psk_generate_local'] = "1"
682a79f0
JM
2040 hapd1 = hostapd.add_ap(apdev[1], params)
2041 bssid1 = hapd1.own_addr()
2042 dev[0].scan_for_bss(bssid1, freq="2412")
2043 with fail_test(hapd1, 1, "wpa_derive_pmk_r0;wpa_ft_psk_pmk_r1"):
2044 # This will fail to roam
2045 dev[0].roam(bssid1)
2046 with fail_test(hapd1, 1, "wpa_derive_pmk_r1;wpa_ft_psk_pmk_r1"):
2047 # This will fail to roam
2048 dev[0].roam(bssid1)
2049
2050def test_ap_ft_ap_oom9(dev, apdev):
2051 """WPA2-PSK-FT and AP OOM 9"""
2052 ssid = "test-ft"
fab49f61 2053 passphrase = "12345678"
682a79f0
JM
2054
2055 params = ft_params1(ssid=ssid, passphrase=passphrase)
2056 hapd0 = hostapd.add_ap(apdev[0], params)
2057 bssid0 = hapd0.own_addr()
2058
2059 dev[0].scan_for_bss(bssid0, freq="2412")
2060 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2061 scan_freq="2412")
2062
2063 params = ft_params2(ssid=ssid, passphrase=passphrase)
2064 hapd1 = hostapd.add_ap(apdev[1], params)
2065 bssid1 = hapd1.own_addr()
2066 dev[0].scan_for_bss(bssid1, freq="2412")
2067
2068 with alloc_fail(hapd0, 1, "wpa_ft_action_rx"):
2069 # This will fail to roam
2070 if "OK" not in dev[0].request("FT_DS " + bssid1):
2071 raise Exception("FT_DS failed")
2072 wait_fail_trigger(hapd0, "GET_ALLOC_FAIL")
2073
2074 with alloc_fail(hapd1, 1, "wpa_ft_rrb_rx_request"):
2075 # This will fail to roam
2076 if "OK" not in dev[0].request("FT_DS " + bssid1):
2077 raise Exception("FT_DS failed")
2078 wait_fail_trigger(hapd1, "GET_ALLOC_FAIL")
2079
2080 with alloc_fail(hapd1, 1, "wpa_ft_send_rrb_auth_resp"):
2081 # This will fail to roam
2082 if "OK" not in dev[0].request("FT_DS " + bssid1):
2083 raise Exception("FT_DS failed")
2084 wait_fail_trigger(hapd1, "GET_ALLOC_FAIL")
2085
2086def test_ap_ft_ap_oom10(dev, apdev):
2087 """WPA2-PSK-FT and AP OOM 10"""
2088 ssid = "test-ft"
fab49f61 2089 passphrase = "12345678"
682a79f0
JM
2090
2091 params = ft_params1(ssid=ssid, passphrase=passphrase)
2092 hapd0 = hostapd.add_ap(apdev[0], params)
2093 bssid0 = hapd0.own_addr()
2094
2095 dev[0].scan_for_bss(bssid0, freq="2412")
2096 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2097 scan_freq="2412")
2098
2099 params = ft_params2(ssid=ssid, passphrase=passphrase)
2100 hapd1 = hostapd.add_ap(apdev[1], params)
2101 bssid1 = hapd1.own_addr()
2102 dev[0].scan_for_bss(bssid1, freq="2412")
2103
9441a227 2104 with fail_test(hapd0, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_pull"):
682a79f0
JM
2105 # This will fail to roam
2106 if "OK" not in dev[0].request("FT_DS " + bssid1):
2107 raise Exception("FT_DS failed")
2108 wait_fail_trigger(hapd0, "GET_FAIL")
2109
2110 with fail_test(hapd0, 1, "wpa_derive_pmk_r1;wpa_ft_rrb_rx_pull"):
2111 # This will fail to roam
2112 if "OK" not in dev[0].request("FT_DS " + bssid1):
2113 raise Exception("FT_DS failed")
2114 wait_fail_trigger(hapd0, "GET_FAIL")
2115
9441a227 2116 with fail_test(hapd0, 1, "aes_siv_encrypt;wpa_ft_rrb_rx_pull"):
682a79f0
JM
2117 # This will fail to roam
2118 if "OK" not in dev[0].request("FT_DS " + bssid1):
2119 raise Exception("FT_DS failed")
2120 wait_fail_trigger(hapd0, "GET_FAIL")
2121
9441a227 2122 with fail_test(hapd1, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_resp"):
682a79f0
JM
2123 # This will fail to roam
2124 if "OK" not in dev[0].request("FT_DS " + bssid1):
2125 raise Exception("FT_DS failed")
2126 wait_fail_trigger(hapd1, "GET_FAIL")
2127
2128def test_ap_ft_ap_oom11(dev, apdev):
2129 """WPA2-PSK-FT and AP OOM 11"""
2130 ssid = "test-ft"
fab49f61 2131 passphrase = "12345678"
682a79f0
JM
2132
2133 params = ft_params1(ssid=ssid, passphrase=passphrase)
2134 hapd0 = hostapd.add_ap(apdev[0], params)
2135 bssid0 = hapd0.own_addr()
2136
2137 dev[0].scan_for_bss(bssid0, freq="2412")
2138 with fail_test(hapd0, 1, "wpa_derive_pmk_r1;wpa_ft_generate_pmk_r1"):
2139 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2140 scan_freq="2412")
2141 wait_fail_trigger(hapd0, "GET_FAIL")
2142
2143 dev[1].scan_for_bss(bssid0, freq="2412")
9441a227 2144 with fail_test(hapd0, 1, "aes_siv_encrypt;wpa_ft_generate_pmk_r1"):
682a79f0
JM
2145 dev[1].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2146 scan_freq="2412")
2147 wait_fail_trigger(hapd0, "GET_FAIL")
2148
a04e6f3d
JM
2149def test_ap_ft_over_ds_proto_ap(dev, apdev):
2150 """WPA2-PSK-FT AP over DS protocol testing for AP processing"""
2151 ssid = "test-ft"
fab49f61 2152 passphrase = "12345678"
a04e6f3d
JM
2153
2154 params = ft_params1(ssid=ssid, passphrase=passphrase)
2155 hapd0 = hostapd.add_ap(apdev[0], params)
2156 bssid0 = hapd0.own_addr()
2157 _bssid0 = bssid0.replace(':', '')
2158 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2159 scan_freq="2412")
2160 addr = dev[0].own_addr()
2161 _addr = addr.replace(':', '')
2162
2163 params = ft_params2(ssid=ssid, passphrase=passphrase)
2164 hapd1 = hostapd.add_ap(apdev[1], params)
2165 bssid1 = hapd1.own_addr()
2166 _bssid1 = bssid1.replace(':', '')
2167
2168 hapd0.set("ext_mgmt_frame_handling", "1")
2169 hdr = "d0003a01" + _bssid0 + _addr + _bssid0 + "1000"
2170 valid = "0601" + _addr + _bssid1
fab49f61
JM
2171 tests = ["0601",
2172 "0601" + _addr,
2173 "0601" + _addr + _bssid0,
2174 "0601" + _addr + "ffffffffffff",
2175 "0601" + _bssid0 + _bssid0,
2176 valid,
2177 valid + "01",
2178 valid + "3700",
2179 valid + "3600",
2180 valid + "3603ffffff",
2181 valid + "3603a1b2ff",
2182 valid + "3603a1b2ff" + "3700",
2183 valid + "3603a1b2ff" + "37520000" + 16*"00" + 32*"00" + 32*"00",
2184 valid + "3603a1b2ff" + "37520001" + 16*"00" + 32*"00" + 32*"00",
2185 valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa",
2186 valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "3000",
2187 valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000facff00000100a225368fe0983b5828a37a0acb37f253",
2188 valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac030100000fac0400000100a225368fe0983b5828a37a0acb37f253",
2189 valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000fac0400000100a225368fe0983b5828a37a0acb37f253",
2190 valid + "0001"]
a04e6f3d
JM
2191 for t in tests:
2192 hapd0.dump_monitor()
2193 if "OK" not in hapd0.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + t):
2194 raise Exception("MGMT_RX_PROCESS failed")
2195
2196 hapd0.set("ext_mgmt_frame_handling", "0")
2197
34d3eaa8
JM
2198def test_ap_ft_over_ds_proto(dev, apdev):
2199 """WPA2-PSK-FT AP over DS protocol testing"""
2200 ssid = "test-ft"
fab49f61 2201 passphrase = "12345678"
34d3eaa8
JM
2202
2203 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 2204 hapd0 = hostapd.add_ap(apdev[0], params)
34d3eaa8
JM
2205 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2206 scan_freq="2412")
2207
2208 # FT Action Response while no FT-over-DS in progress
2209 msg = {}
2210 msg['fc'] = 13 << 4
2211 msg['da'] = dev[0].own_addr()
2212 msg['sa'] = apdev[0]['bssid']
2213 msg['bssid'] = apdev[0]['bssid']
2214 msg['payload'] = binascii.unhexlify("06020200000000000200000004000000")
2215 hapd0.mgmt_tx(msg)
2216
2217 params = ft_params2(ssid=ssid, passphrase=passphrase)
8b8a1864 2218 hapd1 = hostapd.add_ap(apdev[1], params)
34d3eaa8
JM
2219 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
2220 hapd0.set("ext_mgmt_frame_handling", "1")
2221 hapd0.dump_monitor()
2222 dev[0].request("FT_DS " + apdev[1]['bssid'])
2223 for i in range(0, 10):
2224 req = hapd0.mgmt_rx()
2225 if req is None:
2226 raise Exception("MGMT RX wait timed out")
2227 if req['subtype'] == 13:
2228 break
2229 req = None
2230 if not req:
2231 raise Exception("FT Action frame not received")
2232
2233 # FT Action Response for unexpected Target AP
2234 msg['payload'] = binascii.unhexlify("0602020000000000" + "f20000000400" + "0000")
2235 hapd0.mgmt_tx(msg)
2236
2237 # FT Action Response without MDIE
2238 msg['payload'] = binascii.unhexlify("0602020000000000" + "020000000400" + "0000")
2239 hapd0.mgmt_tx(msg)
2240
2241 # FT Action Response without FTIE
2242 msg['payload'] = binascii.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201")
2243 hapd0.mgmt_tx(msg)
2244
2245 # FT Action Response with FTIE SNonce mismatch
2246 msg['payload'] = binascii.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201" + "3766000000000000000000000000000000000000c4e67ac1999bebd00ff4ae4d5dcaf87896bb060b469f7c78d49623fb395c3455ffffff6b693fe6f8d8c5dfac0a22344750775bd09437f98b238c9f87b97f790c0106000102030406030a6e6173312e77312e6669")
2247 hapd0.mgmt_tx(msg)
6f3815c0 2248
9fd6804d 2249@remote_compatible
6f3815c0
JM
2250def test_ap_ft_rrb(dev, apdev):
2251 """WPA2-PSK-FT RRB protocol testing"""
2252 ssid = "test-ft"
fab49f61 2253 passphrase = "12345678"
6f3815c0
JM
2254
2255 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 2256 hapd0 = hostapd.add_ap(apdev[0], params)
6f3815c0
JM
2257
2258 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2259 scan_freq="2412")
2260
fab49f61
JM
2261 _dst_ll = binascii.unhexlify(apdev[0]['bssid'].replace(':', ''))
2262 _src_ll = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
15dfcb69 2263 proto = b'\x89\x0d'
6f3815c0
JM
2264 ehdr = _dst_ll + _src_ll + proto
2265
2266 # Too short RRB frame
15dfcb69 2267 pkt = ehdr + b'\x01'
7ab74770 2268 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
6f3815c0
JM
2269 raise Exception("DATA_TEST_FRAME failed")
2270
2271 # RRB discarded frame wikth unrecognized type
15dfcb69 2272 pkt = ehdr + b'\x02' + b'\x02' + b'\x01\x00' + _src_ll
7ab74770 2273 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
6f3815c0
JM
2274 raise Exception("DATA_TEST_FRAME failed")
2275
2276 # RRB frame too short for action frame
15dfcb69 2277 pkt = ehdr + b'\x01' + b'\x02' + b'\x01\x00' + _src_ll
7ab74770 2278 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
6f3815c0
JM
2279 raise Exception("DATA_TEST_FRAME failed")
2280
2281 # Too short RRB frame (not enough room for Action Frame body)
15dfcb69 2282 pkt = ehdr + b'\x01' + b'\x02' + b'\x00\x00' + _src_ll
7ab74770 2283 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
6f3815c0
JM
2284 raise Exception("DATA_TEST_FRAME failed")
2285
2286 # Unexpected Action frame category
15dfcb69 2287 pkt = ehdr + b'\x01' + b'\x02' + b'\x0e\x00' + _src_ll + b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
7ab74770 2288 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
6f3815c0
JM
2289 raise Exception("DATA_TEST_FRAME failed")
2290
2291 # Unexpected Action in RRB Request
15dfcb69 2292 pkt = ehdr + b'\x01' + b'\x00' + b'\x0e\x00' + _src_ll + b'\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
7ab74770 2293 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
6f3815c0
JM
2294 raise Exception("DATA_TEST_FRAME failed")
2295
2296 # Target AP address in RRB Request does not match with own address
15dfcb69 2297 pkt = ehdr + b'\x01' + b'\x00' + b'\x0e\x00' + _src_ll + b'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
7ab74770 2298 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
6f3815c0
JM
2299 raise Exception("DATA_TEST_FRAME failed")
2300
2301 # Not enough room for status code in RRB Response
15dfcb69 2302 pkt = ehdr + b'\x01' + b'\x01' + b'\x0e\x00' + _src_ll + b'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
7ab74770 2303 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
6f3815c0
JM
2304 raise Exception("DATA_TEST_FRAME failed")
2305
2306 # RRB discarded frame with unknown packet_type
15dfcb69 2307 pkt = ehdr + b'\x01' + b'\x02' + b'\x0e\x00' + _src_ll + b'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
7ab74770 2308 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
6f3815c0
JM
2309 raise Exception("DATA_TEST_FRAME failed")
2310
2311 # RRB Response with non-zero status code; no STA match
15dfcb69 2312 pkt = ehdr + b'\x01' + b'\x01' + b'\x10\x00' + _src_ll + b'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + b'\xff\xff'
7ab74770 2313 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
6f3815c0
JM
2314 raise Exception("DATA_TEST_FRAME failed")
2315
2316 # RRB Response with zero status code and extra data; STA match
15dfcb69 2317 pkt = ehdr + b'\x01' + b'\x01' + b'\x11\x00' + _src_ll + b'\x06\x01' + _src_ll + b'\x00\x00\x00\x00\x00\x00' + b'\x00\x00' + b'\x00'
7ab74770 2318 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
6f3815c0
JM
2319 raise Exception("DATA_TEST_FRAME failed")
2320
2321 # Too short PMK-R1 pull
15dfcb69 2322 pkt = ehdr + b'\x01' + b'\xc8' + b'\x0e\x00' + _src_ll + b'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
7ab74770 2323 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
6f3815c0
JM
2324 raise Exception("DATA_TEST_FRAME failed")
2325
2326 # Too short PMK-R1 resp
15dfcb69 2327 pkt = ehdr + b'\x01' + b'\xc9' + b'\x0e\x00' + _src_ll + b'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
7ab74770 2328 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
6f3815c0
JM
2329 raise Exception("DATA_TEST_FRAME failed")
2330
2331 # Too short PMK-R1 push
15dfcb69 2332 pkt = ehdr + b'\x01' + b'\xca' + b'\x0e\x00' + _src_ll + b'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
7ab74770 2333 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
6f3815c0
JM
2334 raise Exception("DATA_TEST_FRAME failed")
2335
2336 # No matching R0KH address found for PMK-R0 pull response
15dfcb69 2337 pkt = ehdr + b'\x01' + b'\xc9' + b'\x5a\x00' + _src_ll + b'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + 76 * b'\00'
7ab74770 2338 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
6f3815c0 2339 raise Exception("DATA_TEST_FRAME failed")
ecafa0cf 2340
9fd6804d 2341@remote_compatible
ecafa0cf
JM
2342def test_rsn_ie_proto_ft_psk_sta(dev, apdev):
2343 """RSN element protocol testing for FT-PSK + PMF cases on STA side"""
2344 bssid = apdev[0]['bssid']
2345 ssid = "test-ft"
fab49f61 2346 passphrase = "12345678"
ecafa0cf
JM
2347
2348 params = ft_params1(ssid=ssid, passphrase=passphrase)
bc6e3288 2349 params["ieee80211w"] = "1"
ecafa0cf
JM
2350 # This is the RSN element used normally by hostapd
2351 params['own_ie_override'] = '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'
8b8a1864 2352 hapd = hostapd.add_ap(apdev[0], params)
ecafa0cf
JM
2353 id = dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2354 ieee80211w="1", scan_freq="2412",
2355 pairwise="CCMP", group="CCMP")
2356
fab49f61
JM
2357 tests = [('PMKIDCount field included',
2358 '30160100000fac040100000fac040100000fac048c000000' + '3603a1b201'),
2359 ('Extra IE before RSNE',
2360 'dd0400000000' + '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'),
2361 ('PMKIDCount and Group Management Cipher suite fields included',
2362 '301a0100000fac040100000fac040100000fac048c000000000fac06' + '3603a1b201'),
2363 ('Extra octet after defined fields (future extensibility)',
2364 '301b0100000fac040100000fac040100000fac048c000000000fac0600' + '3603a1b201'),
2365 ('No RSN Capabilities field (PMF disabled in practice)',
2366 '30120100000fac040100000fac040100000fac04' + '3603a1b201')]
2367 for txt, ie in tests:
ecafa0cf
JM
2368 dev[0].request("DISCONNECT")
2369 dev[0].wait_disconnected()
2370 logger.info(txt)
2371 hapd.disable()
2372 hapd.set('own_ie_override', ie)
2373 hapd.enable()
2374 dev[0].request("BSS_FLUSH 0")
2375 dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
2376 dev[0].select_network(id, freq=2412)
2377 dev[0].wait_connected()
2378
2379 dev[0].request("DISCONNECT")
2380 dev[0].wait_disconnected()
2381
2382 logger.info('Invalid RSNE causing internal hostapd error')
2383 hapd.disable()
2384 hapd.set('own_ie_override', '30130100000fac040100000fac040100000fac048c' + '3603a1b201')
2385 hapd.enable()
2386 dev[0].request("BSS_FLUSH 0")
2387 dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
2388 dev[0].select_network(id, freq=2412)
2389 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
2390 # complete.
2391 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
2392 if ev is not None:
2393 raise Exception("Unexpected connection")
2394 dev[0].request("DISCONNECT")
2395
2396 logger.info('Unexpected PMKID causing internal hostapd error')
2397 hapd.disable()
2398 hapd.set('own_ie_override', '30260100000fac040100000fac040100000fac048c000100ffffffffffffffffffffffffffffffff' + '3603a1b201')
2399 hapd.enable()
2400 dev[0].request("BSS_FLUSH 0")
2401 dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
2402 dev[0].select_network(id, freq=2412)
2403 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
2404 # complete.
2405 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
2406 if ev is not None:
2407 raise Exception("Unexpected connection")
2408 dev[0].request("DISCONNECT")
1025603b 2409
425e5f97 2410def start_ft(apdev, wpa_ptk_rekey=None):
1025603b 2411 ssid = "test-ft"
fab49f61 2412 passphrase = "12345678"
1025603b
JM
2413
2414 params = ft_params1(ssid=ssid, passphrase=passphrase)
425e5f97
JM
2415 if wpa_ptk_rekey:
2416 params['wpa_ptk_rekey'] = str(wpa_ptk_rekey)
8b8a1864 2417 hapd0 = hostapd.add_ap(apdev[0], params)
1025603b 2418 params = ft_params2(ssid=ssid, passphrase=passphrase)
425e5f97
JM
2419 if wpa_ptk_rekey:
2420 params['wpa_ptk_rekey'] = str(wpa_ptk_rekey)
8b8a1864 2421 hapd1 = hostapd.add_ap(apdev[1], params)
1025603b 2422
425e5f97 2423 return hapd0, hapd1
1025603b 2424
425e5f97
JM
2425def check_ptk_rekey(dev, hapd0=None, hapd1=None):
2426 ev = dev.wait_event(["CTRL-EVENT-DISCONNECTED",
2427 "WPA: Key negotiation completed"], timeout=5)
1025603b
JM
2428 if ev is None:
2429 raise Exception("No event received after roam")
2430 if "CTRL-EVENT-DISCONNECTED" in ev:
2431 raise Exception("Unexpected disconnection after roam")
2432
425e5f97
JM
2433 if not hapd0 or not hapd1:
2434 return
2435 if dev.get_status_field('bssid') == hapd0.own_addr():
1025603b
JM
2436 hapd = hapd0
2437 else:
2438 hapd = hapd1
d22f0902 2439 time.sleep(0.1)
425e5f97 2440 hwsim_utils.test_connectivity(dev, hapd)
1025603b 2441
425e5f97
JM
2442def test_ap_ft_ptk_rekey(dev, apdev):
2443 """WPA2-PSK-FT PTK rekeying triggered by station after roam"""
2444 hapd0, hapd1 = start_ft(apdev)
2445 run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", ptk_rekey="1")
2446 check_ptk_rekey(dev[0], hapd0, hapd1)
1025603b 2447
425e5f97
JM
2448def test_ap_ft_ptk_rekey2(dev, apdev):
2449 """WPA2-PSK-FT PTK rekeying triggered by station after one roam"""
2450 hapd0, hapd1 = start_ft(apdev)
2451 run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", ptk_rekey="1",
2452 only_one_way=True)
2453 check_ptk_rekey(dev[0], hapd0, hapd1)
1025603b 2454
425e5f97
JM
2455def test_ap_ft_ptk_rekey_ap(dev, apdev):
2456 """WPA2-PSK-FT PTK rekeying triggered by AP after roam"""
2457 hapd0, hapd1 = start_ft(apdev, wpa_ptk_rekey=2)
2458 run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678")
2459 check_ptk_rekey(dev[0], hapd0, hapd1)
2460
2461def test_ap_ft_ptk_rekey_ap2(dev, apdev):
2462 """WPA2-PSK-FT PTK rekeying triggered by AP after one roam"""
2463 hapd0, hapd1 = start_ft(apdev, wpa_ptk_rekey=2)
2464 run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678",
2465 only_one_way=True)
2466 check_ptk_rekey(dev[0], hapd0, hapd1)
2467
2468def test_ap_ft_eap_ptk_rekey_ap(dev, apdev):
2469 """WPA2-EAP-FT PTK rekeying triggered by AP"""
2470 generic_ap_ft_eap(dev, apdev, only_one_way=True, wpa_ptk_rekey=2)
2471 check_ptk_rekey(dev[0])
186ca473
MB
2472
2473def test_ap_ft_internal_rrb_check(dev, apdev):
2474 """RRB internal delivery only to WPA enabled BSS"""
2475 ssid = "test-ft"
fab49f61 2476 passphrase = "12345678"
186ca473
MB
2477
2478 radius = hostapd.radius_params()
2479 params = ft_params1(ssid=ssid, passphrase=passphrase)
2480 params['wpa_key_mgmt'] = "FT-EAP"
2481 params["ieee8021x"] = "1"
35d8c254 2482 params = dict(list(radius.items()) + list(params.items()))
8b8a1864 2483 hapd = hostapd.add_ap(apdev[0], params)
186ca473
MB
2484 key_mgmt = hapd.get_config()['key_mgmt']
2485 if key_mgmt.split(' ')[0] != "FT-EAP":
2486 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
2487
fab49f61 2488 hapd1 = hostapd.add_ap(apdev[1], {"ssid": ssid})
186ca473
MB
2489
2490 # Connect to WPA enabled AP
2491 dev[0].connect(ssid, key_mgmt="FT-EAP", proto="WPA2", ieee80211w="1",
2492 eap="GPSK", identity="gpsk user",
2493 password="abcdefghijklmnop0123456789abcdef",
2494 scan_freq="2412")
2495
2496 # Try over_ds roaming to non-WPA-enabled AP.
2497 # If hostapd does not check hapd->wpa_auth internally, it will crash now.
2498 dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True)
c85fcff2
JM
2499
2500def test_ap_ft_extra_ie(dev, apdev):
2501 """WPA2-PSK-FT AP with WPA2-PSK enabled and unexpected MDE"""
2502 ssid = "test-ft"
fab49f61 2503 passphrase = "12345678"
c85fcff2
JM
2504
2505 params = ft_params1(ssid=ssid, passphrase=passphrase)
2506 params["wpa_key_mgmt"] = "WPA-PSK FT-PSK"
2507 hapd0 = hostapd.add_ap(apdev[0], params)
2508 dev[1].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2509 scan_freq="2412")
2510 dev[2].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK", proto="WPA2",
2511 scan_freq="2412")
2512 try:
2513 # Add Mobility Domain element to test AP validation code.
2514 dev[0].request("VENDOR_ELEM_ADD 13 3603a1b201")
2515 dev[0].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK", proto="WPA2",
2516 scan_freq="2412", wait_connect=False)
2517 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
2518 "CTRL-EVENT-ASSOC-REJECT"], timeout=10)
2519 if ev is None:
2520 raise Exception("No connection result")
2521 if "CTRL-EVENT-CONNECTED" in ev:
2522 raise Exception("Non-FT association accepted with MDE")
2523 if "status_code=43" not in ev:
2524 raise Exception("Unexpected status code: " + ev)
2525 dev[0].request("DISCONNECT")
2526 finally:
2527 dev[0].request("VENDOR_ELEM_REMOVE 13 *")
fd7205fa
JM
2528
2529def test_ap_ft_ric(dev, apdev):
2530 """WPA2-PSK-FT AP and RIC"""
2531 ssid = "test-ft"
fab49f61 2532 passphrase = "12345678"
fd7205fa
JM
2533
2534 params = ft_params1(ssid=ssid, passphrase=passphrase)
2535 hapd0 = hostapd.add_ap(apdev[0], params)
2536 params = ft_params2(ssid=ssid, passphrase=passphrase)
2537 hapd1 = hostapd.add_ap(apdev[1], params)
2538
2539 dev[0].set("ric_ies", "")
2540 dev[0].set("ric_ies", '""')
2541 if "FAIL" not in dev[0].request("SET ric_ies q"):
2542 raise Exception("Invalid ric_ies value accepted")
2543
fab49f61
JM
2544 tests = ["3900",
2545 "3900ff04eeeeeeee",
2546 "390400000000",
2547 "390400000000" + "390400000000",
2548 "390400000000" + "dd050050f20202",
2549 "390400000000" + "dd3d0050f2020201" + 55*"00",
2550 "390400000000" + "dd3d0050f2020201aa300010270000000000000000000000000000000000000000000000000000ffffff7f00000000000000000000000040420f00ffff0000",
2551 "390401010000" + "dd3d0050f2020201aa3000dc050000000000000000000000000000000000000000000000000000dc050000000000000000000000000000808d5b0028230000"]
fd7205fa
JM
2552 for t in tests:
2553 dev[0].set("ric_ies", t)
2554 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase,
2555 test_connectivity=False)
2556 dev[0].request("REMOVE_NETWORK all")
2557 dev[0].wait_disconnected()
2558 dev[0].dump_monitor()
c8942286
JM
2559
2560def ie_hex(ies, id):
7ab74770 2561 return binascii.hexlify(struct.pack('BB', id, len(ies[id])) + ies[id]).decode()
c8942286
JM
2562
2563def test_ap_ft_reassoc_proto(dev, apdev):
2564 """WPA2-PSK-FT AP Reassociation Request frame parsing"""
2565 ssid = "test-ft"
fab49f61 2566 passphrase = "12345678"
c8942286
JM
2567
2568 params = ft_params1(ssid=ssid, passphrase=passphrase)
2569 hapd0 = hostapd.add_ap(apdev[0], params)
2570 params = ft_params2(ssid=ssid, passphrase=passphrase)
2571 hapd1 = hostapd.add_ap(apdev[1], params)
2572
2573 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2574 ieee80211w="1", scan_freq="2412")
2575 if dev[0].get_status_field('bssid') == hapd0.own_addr():
2576 hapd1ap = hapd0
2577 hapd2ap = hapd1
2578 else:
2579 hapd1ap = hapd1
2580 hapd2ap = hapd0
2581
2582 dev[0].scan_for_bss(hapd2ap.own_addr(), freq="2412")
2583 hapd2ap.set("ext_mgmt_frame_handling", "1")
2584 dev[0].request("ROAM " + hapd2ap.own_addr())
2585
2586 while True:
2587 req = hapd2ap.mgmt_rx()
7ab74770 2588 hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())
c8942286
JM
2589 if req['subtype'] == 11:
2590 break
2591
2592 while True:
2593 req = hapd2ap.mgmt_rx()
2594 if req['subtype'] == 2:
2595 break
7ab74770 2596 hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())
c8942286
JM
2597
2598 # IEEE 802.11 header + fixed fields before IEs
7ab74770 2599 hdr = binascii.hexlify(req['frame'][0:34]).decode()
c8942286
JM
2600 ies = parse_ie(binascii.hexlify(req['frame'][34:]))
2601 # First elements: SSID, Supported Rates, Extended Supported Rates
2602 ies1 = ie_hex(ies, 0) + ie_hex(ies, 1) + ie_hex(ies, 50)
2603
2604 rsne = ie_hex(ies, 48)
2605 mde = ie_hex(ies, 54)
2606 fte = ie_hex(ies, 55)
fab49f61 2607 tests = []
c8942286 2608 # RSN: Trying to use FT, but MDIE not included
fab49f61 2609 tests += [rsne]
c8942286 2610 # RSN: Attempted to use unknown MDIE
fab49f61 2611 tests += [rsne + "3603000000"]
c8942286 2612 # Invalid RSN pairwise cipher
fab49f61 2613 tests += ["30260100000fac040100000fac030100000fac040000010029208a42cd25c85aa571567dce10dae3"]
c8942286 2614 # FT: No PMKID in RSNIE
fab49f61 2615 tests += ["30160100000fac040100000fac040100000fac0400000000" + ie_hex(ies, 54)]
c8942286 2616 # FT: Invalid FTIE
fab49f61 2617 tests += [rsne + mde]
c8942286
JM
2618 # FT: RIC IE(s) in the frame, but not included in protected IE count
2619 # FT: Failed to parse FT IEs
fab49f61 2620 tests += [rsne + mde + fte + "3900"]
c8942286 2621 # FT: SNonce mismatch in FTIE
fab49f61 2622 tests += [rsne + mde + "37520000" + 16*"00" + 32*"00" + 32*"00"]
c8942286 2623 # FT: ANonce mismatch in FTIE
fab49f61 2624 tests += [rsne + mde + fte[0:40] + 32*"00" + fte[104:]]
c8942286 2625 # FT: No R0KH-ID subelem in FTIE
fab49f61 2626 tests += [rsne + mde + "3752" + fte[4:168]]
c8942286 2627 # FT: R0KH-ID in FTIE did not match with the current R0KH-ID
fab49f61 2628 tests += [rsne + mde + "3755" + fte[4:168] + "0301ff"]
c8942286 2629 # FT: No R1KH-ID subelem in FTIE
fab49f61 2630 tests += [rsne + mde + "375e" + fte[4:168] + "030a" + binascii.hexlify(b"nas1.w1.fi").decode()]
c8942286 2631 # FT: Unknown R1KH-ID used in ReassocReq
fab49f61 2632 tests += [rsne + mde + "3766" + fte[4:168] + "030a" + binascii.hexlify(b"nas1.w1.fi").decode() + "0106000000000000"]
c8942286 2633 # FT: PMKID in Reassoc Req did not match with the PMKR1Name derived from auth request
fab49f61 2634 tests += [rsne[:-32] + 16*"00" + mde + fte]
c8942286 2635 # Invalid MIC in FTIE
fab49f61 2636 tests += [rsne + mde + fte[0:8] + 16*"00" + fte[40:]]
c8942286
JM
2637 for t in tests:
2638 hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + ies1 + t)
2639
2640def test_ap_ft_reassoc_local_fail(dev, apdev):
2641 """WPA2-PSK-FT AP Reassociation Request frame and local failure"""
2642 ssid = "test-ft"
fab49f61 2643 passphrase = "12345678"
c8942286
JM
2644
2645 params = ft_params1(ssid=ssid, passphrase=passphrase)
2646 hapd0 = hostapd.add_ap(apdev[0], params)
2647 params = ft_params2(ssid=ssid, passphrase=passphrase)
2648 hapd1 = hostapd.add_ap(apdev[1], params)
2649
2650 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2651 ieee80211w="1", scan_freq="2412")
2652 if dev[0].get_status_field('bssid') == hapd0.own_addr():
2653 hapd1ap = hapd0
2654 hapd2ap = hapd1
2655 else:
2656 hapd1ap = hapd1
2657 hapd2ap = hapd0
2658
2659 dev[0].scan_for_bss(hapd2ap.own_addr(), freq="2412")
2660 # FT: Failed to calculate MIC
2661 with fail_test(hapd2ap, 1, "wpa_ft_validate_reassoc"):
2662 dev[0].request("ROAM " + hapd2ap.own_addr())
2663 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
2664 dev[0].request("DISCONNECT")
2665 if ev is None:
2666 raise Exception("Association reject not seen")
d7f0bef9
JM
2667
2668def test_ap_ft_reassoc_replay(dev, apdev, params):
2669 """WPA2-PSK-FT AP and replayed Reassociation Request frame"""
2670 capfile = os.path.join(params['logdir'], "hwsim0.pcapng")
2671 ssid = "test-ft"
fab49f61 2672 passphrase = "12345678"
d7f0bef9
JM
2673
2674 params = ft_params1(ssid=ssid, passphrase=passphrase)
2675 hapd0 = hostapd.add_ap(apdev[0], params)
2676 params = ft_params2(ssid=ssid, passphrase=passphrase)
2677 hapd1 = hostapd.add_ap(apdev[1], params)
2678
2679 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2680 scan_freq="2412")
2681 if dev[0].get_status_field('bssid') == hapd0.own_addr():
2682 hapd1ap = hapd0
2683 hapd2ap = hapd1
2684 else:
2685 hapd1ap = hapd1
2686 hapd2ap = hapd0
2687
2688 dev[0].scan_for_bss(hapd2ap.own_addr(), freq="2412")
2689 hapd2ap.set("ext_mgmt_frame_handling", "1")
2690 dev[0].dump_monitor()
2691 if "OK" not in dev[0].request("ROAM " + hapd2ap.own_addr()):
2692 raise Exception("ROAM failed")
2693
2694 reassocreq = None
2695 count = 0
2696 while count < 100:
2697 req = hapd2ap.mgmt_rx()
2698 count += 1
2699 hapd2ap.dump_monitor()
7ab74770 2700 hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())
d7f0bef9
JM
2701 if req['subtype'] == 2:
2702 reassocreq = req
2703 ev = hapd2ap.wait_event(["MGMT-TX-STATUS"], timeout=5)
2704 if ev is None:
2705 raise Exception("No TX status seen")
2706 cmd = "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev.split(' ')[1:4]))
2707 if "OK" not in hapd2ap.request(cmd):
2708 raise Exception("MGMT_TX_STATUS_PROCESS failed")
2709 break
2710 hapd2ap.set("ext_mgmt_frame_handling", "0")
2711 if reassocreq is None:
2712 raise Exception("No Reassociation Request frame seen")
2713 dev[0].wait_connected()
2714 dev[0].dump_monitor()
2715 hapd2ap.dump_monitor()
2716
2717 hwsim_utils.test_connectivity(dev[0], hapd2ap)
2718
2719 logger.info("Replay the last Reassociation Request frame")
2720 hapd2ap.dump_monitor()
2721 hapd2ap.set("ext_mgmt_frame_handling", "1")
7ab74770 2722 hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())
d7f0bef9
JM
2723 ev = hapd2ap.wait_event(["MGMT-TX-STATUS"], timeout=5)
2724 if ev is None:
2725 raise Exception("No TX status seen")
2726 cmd = "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev.split(' ')[1:4]))
2727 if "OK" not in hapd2ap.request(cmd):
2728 raise Exception("MGMT_TX_STATUS_PROCESS failed")
2729 hapd2ap.set("ext_mgmt_frame_handling", "0")
2730
2731 try:
2732 hwsim_utils.test_connectivity(dev[0], hapd2ap)
2733 ok = True
2734 except:
2735 ok = False
2736
2737 ap = hapd2ap.own_addr()
2738 sta = dev[0].own_addr()
2739 filt = "wlan.fc.type == 2 && " + \
2740 "wlan.da == " + sta + " && " + \
12de1490
JM
2741 "wlan.sa == " + ap + " && " + \
2742 "wlan.fc.protected == 1"
fab49f61 2743 fields = ["wlan.ccmp.extiv"]
d7f0bef9
JM
2744 res = run_tshark(capfile, filt, fields)
2745 vals = res.splitlines()
2746 logger.info("CCMP PN: " + str(vals))
2747 if len(vals) < 2:
2748 raise Exception("Could not find all CCMP protected frames from capture")
2749 if len(set(vals)) < len(vals):
2750 raise Exception("Duplicate CCMP PN used")
2751
2752 if not ok:
2753 raise Exception("The second hwsim connectivity test failed")
0dc3c5f2
JM
2754
2755def test_ap_ft_psk_file(dev, apdev):
2756 """WPA2-PSK-FT AP with PSK from a file"""
2757 ssid = "test-ft"
fab49f61 2758 passphrase = "12345678"
0dc3c5f2
JM
2759
2760 params = ft_params1a(ssid=ssid, passphrase=passphrase)
2761 params['wpa_psk_file'] = 'hostapd.wpa_psk'
2762 hapd = hostapd.add_ap(apdev[0], params)
2763
2764 dev[1].connect(ssid, psk="very secret",
2765 key_mgmt="FT-PSK", proto="WPA2", ieee80211w="1",
2766 scan_freq="2412", wait_connect=False)
2767 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2768 ieee80211w="1", scan_freq="2412")
2769 dev[0].request("REMOVE_NETWORK all")
2770 dev[0].wait_disconnected()
2771 dev[0].connect(ssid, psk="very secret", key_mgmt="FT-PSK", proto="WPA2",
2772 ieee80211w="1", scan_freq="2412")
2773 dev[0].request("REMOVE_NETWORK all")
2774 dev[0].wait_disconnected()
2775 dev[0].connect(ssid, psk="secret passphrase",
2776 key_mgmt="FT-PSK", proto="WPA2", ieee80211w="1",
2777 scan_freq="2412")
2778 dev[2].connect(ssid, psk="another passphrase for all STAs",
2779 key_mgmt="FT-PSK", proto="WPA2", ieee80211w="1",
2780 scan_freq="2412")
2781 ev = dev[1].wait_event(["WPA: 4-Way Handshake failed"], timeout=10)
2782 if ev is None:
2783 raise Exception("Timed out while waiting for failure report")
2784 dev[1].request("REMOVE_NETWORK all")
62566bc2
JM
2785
2786def test_ap_ft_eap_ap_config_change(dev, apdev):
2787 """WPA2-EAP-FT AP changing from 802.1X-only to FT-only"""
2788 ssid = "test-ft"
fab49f61 2789 passphrase = "12345678"
62566bc2
JM
2790 bssid = apdev[0]['bssid']
2791
2792 radius = hostapd.radius_params()
2793 params = ft_params1(ssid=ssid, passphrase=passphrase, discovery=True)
2794 params['wpa_key_mgmt'] = "WPA-EAP"
2795 params["ieee8021x"] = "1"
2796 params["pmk_r1_push"] = "0"
2797 params["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
2798 params["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
2799 params["eap_server"] = "0"
35d8c254 2800 params = dict(list(radius.items()) + list(params.items()))
62566bc2
JM
2801 hapd = hostapd.add_ap(apdev[0], params)
2802
2803 dev[0].connect(ssid, key_mgmt="FT-EAP WPA-EAP", proto="WPA2",
2804 eap="GPSK", identity="gpsk user",
2805 password="abcdefghijklmnop0123456789abcdef",
2806 scan_freq="2412")
2807 dev[0].request("DISCONNECT")
2808 dev[0].wait_disconnected()
2809 dev[0].dump_monitor()
2810
2811 hapd.disable()
2812 hapd.set('wpa_key_mgmt', "FT-EAP")
2813 hapd.enable()
2814
2815 dev[0].request("BSS_FLUSH 0")
2816 dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
2817
2818 dev[0].request("RECONNECT")
2819 dev[0].wait_connected()
55b3cda7
JM
2820
2821def test_ap_ft_eap_sha384(dev, apdev):
2822 """WPA2-EAP-FT with SHA384"""
2823 ssid = "test-ft"
fab49f61 2824 passphrase = "12345678"
55b3cda7
JM
2825
2826 radius = hostapd.radius_params()
2827 params = ft_params1(ssid=ssid, passphrase=passphrase)
58be42b2 2828 params["ieee80211w"] = "2"
55b3cda7
JM
2829 params['wpa_key_mgmt'] = "FT-EAP-SHA384"
2830 params["ieee8021x"] = "1"
35d8c254 2831 params = dict(list(radius.items()) + list(params.items()))
55b3cda7
JM
2832 hapd0 = hostapd.add_ap(apdev[0], params)
2833 params = ft_params2(ssid=ssid, passphrase=passphrase)
58be42b2 2834 params["ieee80211w"] = "2"
55b3cda7
JM
2835 params['wpa_key_mgmt'] = "FT-EAP-SHA384"
2836 params["ieee8021x"] = "1"
35d8c254 2837 params = dict(list(radius.items()) + list(params.items()))
55b3cda7
JM
2838 hapd1 = hostapd.add_ap(apdev[1], params)
2839
2840 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, eap=True,
2841 sha384=True)
2842
659f7954
JM
2843def test_ap_ft_eap_sha384_reassoc(dev, apdev):
2844 """WPA2-EAP-FT with SHA384 using REASSOCIATE"""
e1923f5b 2845 check_suite_b_192_capa(dev)
659f7954
JM
2846 ssid = "test-ft"
2847 passphrase = "12345678"
2848
2849 radius = hostapd.radius_params()
2850 params = ft_params1(ssid=ssid, passphrase=passphrase)
2851 params["ieee80211w"] = "2"
2852 params['wpa_key_mgmt'] = "WPA-EAP-SUITE-B-192 FT-EAP-SHA384"
2853 params["ieee8021x"] = "1"
2854 params = dict(list(radius.items()) + list(params.items()))
2855 hapd0 = hostapd.add_ap(apdev[0], params)
2856 params = ft_params2(ssid=ssid, passphrase=passphrase)
2857 params["ieee80211w"] = "2"
2858 params['wpa_key_mgmt'] = "WPA-EAP-SUITE-B-192 FT-EAP-SHA384"
2859 params["ieee8021x"] = "1"
2860 params = dict(list(radius.items()) + list(params.items()))
2861 hapd1 = hostapd.add_ap(apdev[1], params)
2862
2863 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, eap=True,
2864 sha384=True, also_non_ft=True, roam_with_reassoc=True)
2865
55b3cda7
JM
2866def test_ap_ft_eap_sha384_over_ds(dev, apdev):
2867 """WPA2-EAP-FT with SHA384 over DS"""
2868 ssid = "test-ft"
fab49f61 2869 passphrase = "12345678"
55b3cda7
JM
2870
2871 radius = hostapd.radius_params()
2872 params = ft_params1(ssid=ssid, passphrase=passphrase)
58be42b2 2873 params["ieee80211w"] = "2"
55b3cda7
JM
2874 params['wpa_key_mgmt'] = "FT-EAP-SHA384"
2875 params["ieee8021x"] = "1"
35d8c254 2876 params = dict(list(radius.items()) + list(params.items()))
55b3cda7
JM
2877 hapd0 = hostapd.add_ap(apdev[0], params)
2878 params = ft_params2(ssid=ssid, passphrase=passphrase)
58be42b2 2879 params["ieee80211w"] = "2"
55b3cda7
JM
2880 params['wpa_key_mgmt'] = "FT-EAP-SHA384"
2881 params["ieee8021x"] = "1"
35d8c254 2882 params = dict(list(radius.items()) + list(params.items()))
55b3cda7
JM
2883 hapd1 = hostapd.add_ap(apdev[1], params)
2884
2885 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
2886 eap=True, sha384=True)
392aba4e
JM
2887
2888def test_ap_ft_roam_rrm(dev, apdev):
2889 """WPA2-PSK-FT AP and radio measurement request"""
2890 ssid = "test-ft"
fab49f61 2891 passphrase = "12345678"
392aba4e
JM
2892
2893 params = ft_params1(ssid=ssid, passphrase=passphrase)
2894 params["rrm_beacon_report"] = "1"
2895 hapd0 = hostapd.add_ap(apdev[0], params)
2896 bssid0 = hapd0.own_addr()
2897
2898 addr = dev[0].own_addr()
2899 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2900 scan_freq="2412")
2901 check_beacon_req(hapd0, addr, 1)
2902
2903 params = ft_params2(ssid=ssid, passphrase=passphrase)
2904 params["rrm_beacon_report"] = "1"
2905 hapd1 = hostapd.add_ap(apdev[1], params)
2906 bssid1 = hapd1.own_addr()
2907
2908 dev[0].scan_for_bss(bssid1, freq=2412)
2909 dev[0].roam(bssid1)
2910 check_beacon_req(hapd1, addr, 2)
2911
2912 dev[0].scan_for_bss(bssid0, freq=2412)
2913 dev[0].roam(bssid0)
2914 check_beacon_req(hapd0, addr, 3)
9ff2b85e
JM
2915
2916def test_ap_ft_pmksa_caching(dev, apdev):
2917 """FT-EAP and PMKSA caching for initial mobility domain association"""
2918 ssid = "test-ft"
2919 identity = "gpsk user"
2920
2921 radius = hostapd.radius_params()
2922 params = ft_params1(ssid=ssid)
2923 params['wpa_key_mgmt'] = "FT-EAP"
2924 params["ieee8021x"] = "1"
2925 params["mobility_domain"] = "c3d4"
2926 params = dict(list(radius.items()) + list(params.items()))
2927 hapd = hostapd.add_ap(apdev[0], params)
2928
2929 params = ft_params2(ssid=ssid)
2930 params['wpa_key_mgmt'] = "FT-EAP"
2931 params["ieee8021x"] = "1"
2932 params["mobility_domain"] = "c3d4"
2933 params = dict(list(radius.items()) + list(params.items()))
2934 hapd1 = hostapd.add_ap(apdev[1], params)
2935
2936 run_roams(dev[0], apdev, hapd, hapd1, ssid, None, eap=True,
2937 eap_identity=identity, pmksa_caching=True)
2938
2939def test_ap_ft_pmksa_caching_sha384(dev, apdev):
2940 """FT-EAP-SHA384 and PMKSA caching for initial mobility domain association"""
2941 ssid = "test-ft"
2942 identity = "gpsk user"
2943
2944 radius = hostapd.radius_params()
2945 params = ft_params1(ssid=ssid)
2946 params['wpa_key_mgmt'] = "FT-EAP-SHA384"
2947 params["ieee8021x"] = "1"
2948 params["mobility_domain"] = "c3d4"
2949 params = dict(list(radius.items()) + list(params.items()))
2950 hapd = hostapd.add_ap(apdev[0], params)
2951
2952 params = ft_params2(ssid=ssid)
2953 params['wpa_key_mgmt'] = "FT-EAP-SHA384"
2954 params["ieee8021x"] = "1"
2955 params["mobility_domain"] = "c3d4"
2956 params = dict(list(radius.items()) + list(params.items()))
2957 hapd1 = hostapd.add_ap(apdev[1], params)
2958
2959 run_roams(dev[0], apdev, hapd, hapd1, ssid, None, eap=True,
2960 eap_identity=identity, pmksa_caching=True, sha384=True)
5916637c
JM
2961
2962def test_ap_ft_r1_key_expiration(dev, apdev):
2963 """WPA2-PSK-FT and PMK-R1 expiration"""
2964 ssid = "test-ft"
2965 passphrase = "12345678"
2966
2967 params = ft_params1(ssid=ssid, passphrase=passphrase)
2968 params['r1_max_key_lifetime'] = "2"
2969 hapd0 = hostapd.add_ap(apdev[0], params)
2970 params = ft_params2(ssid=ssid, passphrase=passphrase)
2971 params['r1_max_key_lifetime'] = "2"
2972 hapd1 = hostapd.add_ap(apdev[1], params)
2973
2974 # This succeeds, but results in having to run another PMK-R1 pull before the
2975 # second AP can complete FT protocol.
2976 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, wait_before_roam=4)
2977
2978def test_ap_ft_r0_key_expiration(dev, apdev):
2979 """WPA2-PSK-FT and PMK-R0 expiration"""
2980 ssid = "test-ft"
2981 passphrase = "12345678"
2982
2983 params = ft_params1(ssid=ssid, passphrase=passphrase)
2984 params['ft_r0_key_lifetime'] = "2"
2985 hapd0 = hostapd.add_ap(apdev[0], params)
2986 params = ft_params2(ssid=ssid, passphrase=passphrase)
2987 params['ft_r0_key_lifetime'] = "2"
2988 hapd1 = hostapd.add_ap(apdev[1], params)
2989
2990 bssid2 = run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase,
2991 return_after_initial=True)
2992 time.sleep(4)
2993 dev[0].scan_for_bss(bssid2, freq="2412")
2994 if "OK" not in dev[0].request("ROAM " + bssid2):
2995 raise Exception("ROAM failed")
2996 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
2997 "CTRL-EVENT-AUTH-REJECT",
2998 "CTRL-EVENT-ASSOC-REJECT"], timeout=5)
2999 dev[0].request("DISCONNECT")
3000 if ev is None or "CTRL-EVENT-AUTH-REJECT" not in ev:
3001 raise Exception("FT protocol failure not reported")
3002 if "status_code=53" not in ev:
3003 raise Exception("Unexpected status in FT protocol failure: " + ev)
3004
3005 # Generate a new PMK-R0
3006 dev[0].dump_monitor()
3007 dev[0].request("RECONNECT")
3008 dev[0].wait_connected()