[thirdparty/hostap.git] / tests / hwsim / test_ap_ft.py

# Fast BSS Transition tests
# Copyright (c) 2013-2014, Jouni Malinen <j@w1.fi>
#
# This software may be distributed under the terms of the BSD license.
# See README for more details.

import time
import subprocess
import logging
logger = logging.getLogger()

import hwsim_utils
import hostapd
from wlantest import Wlantest
from test_ap_psk import check_mib

def ft_base_rsn():
    params = { "wpa": "2",
               "wpa_key_mgmt": "FT-PSK",
               "rsn_pairwise": "CCMP" }
    return params

def ft_base_mixed():
    params = { "wpa": "3",
               "wpa_key_mgmt": "WPA-PSK FT-PSK",
               "wpa_pairwise": "TKIP",
               "rsn_pairwise": "CCMP" }
    return params

def ft_params(rsn=True, ssid=None, passphrase=None):
    if rsn:
        params = ft_base_rsn()
    else:
        params = ft_base_mixed()
    if ssid:
        params["ssid"] = ssid
    if passphrase:
        params["wpa_passphrase"] = passphrase

    params["mobility_domain"] = "a1b2"
    params["r0_key_lifetime"] = "10000"
    params["pmk_r1_push"] = "1"
    params["reassociation_deadline"] = "1000"
    return params

def ft_params1(rsn=True, ssid=None, passphrase=None):
    params = ft_params(rsn, ssid, passphrase)
    params['nas_identifier'] = "nas1.w1.fi"
    params['r1_key_holder'] = "000102030405"
    params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f",
                       "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f" ]
    params['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f"
    return params

def ft_params2(rsn=True, ssid=None, passphrase=None):
    params = ft_params(rsn, ssid, passphrase)
    params['nas_identifier'] = "nas2.w1.fi"
    params['r1_key_holder'] = "000102030406"
    params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f",
                       "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f" ]
    params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f"
    return params

def ft_params1_r0kh_mismatch(rsn=True, ssid=None, passphrase=None):
    params = ft_params(rsn, ssid, passphrase)
    params['nas_identifier'] = "nas1.w1.fi"
    params['r1_key_holder'] = "000102030405"
    params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f",
                       "12:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f" ]
    params['r1kh'] = "12:00:00:00:04:00 10:01:02:03:04:06 200102030405060708090a0b0c0d0e0f"
    return params

def ft_params2_incorrect_rrb_key(rsn=True, ssid=None, passphrase=None):
    params = ft_params(rsn, ssid, passphrase)
    params['nas_identifier'] = "nas2.w1.fi"
    params['r1_key_holder'] = "000102030406"
    params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0ef1",
                       "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0ef2" ]
    params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0ef3"
    return params

def ft_params2_r0kh_mismatch(rsn=True, ssid=None, passphrase=None):
    params = ft_params(rsn, ssid, passphrase)
    params['nas_identifier'] = "nas2.w1.fi"
    params['r1_key_holder'] = "000102030406"
    params['r0kh'] = [ "12:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f",
                       "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f" ]
    params['r1kh'] = "12:00:00:00:03:00 10:01:02:03:04:05 300102030405060708090a0b0c0d0e0f"
    return params

def run_roams(dev, apdev, hapd0, hapd1, ssid, passphrase, over_ds=False, sae=False, eap=False, fail_test=False, roams=1):
    logger.info("Connect to first AP")
    if eap:
        dev.connect(ssid, key_mgmt="FT-EAP", proto="WPA2", ieee80211w="1",
                    eap="GPSK", identity="gpsk user",
                    password="abcdefghijklmnop0123456789abcdef",
                    scan_freq="2412")
    else:
        if sae:
            key_mgmt="FT-SAE"
        else:
            key_mgmt="FT-PSK"
        dev.connect(ssid, psk=passphrase, key_mgmt=key_mgmt, proto="WPA2",
                    ieee80211w="1", scan_freq="2412")
    if dev.get_status_field('bssid') == apdev[0]['bssid']:
        ap1 = apdev[0]
        ap2 = apdev[1]
        hapd1ap = hapd0
        hapd2ap = hapd1
    else:
        ap1 = apdev[1]
        ap2 = apdev[0]
        hapd1ap = hapd1
        hapd2ap = hapd0
    hwsim_utils.test_connectivity(dev, hapd1ap)

    dev.scan_for_bss(ap2['bssid'], freq="2412")

    for i in range(0, roams):
        logger.info("Roam to the second AP")
        if over_ds:
            dev.roam_over_ds(ap2['bssid'], fail_test=fail_test)
        else:
            dev.roam(ap2['bssid'], fail_test=fail_test)
        if fail_test:
            return
        if dev.get_status_field('bssid') != ap2['bssid']:
            raise Exception("Did not connect to correct AP")
        if i == 0 or i == roams - 1:
            hwsim_utils.test_connectivity(dev, hapd2ap)

        logger.info("Roam back to the first AP")
        if over_ds:
            dev.roam_over_ds(ap1['bssid'])
        else:
            dev.roam(ap1['bssid'])
        if dev.get_status_field('bssid') != ap1['bssid']:
            raise Exception("Did not connect to correct AP")
        if i == 0 or i == roams - 1:
            hwsim_utils.test_connectivity(dev, hapd1ap)

def test_ap_ft(dev, apdev):
    """WPA2-PSK-FT AP"""
    ssid = "test-ft"
    passphrase="12345678"

    params = ft_params1(ssid=ssid, passphrase=passphrase)
    hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
    params = ft_params2(ssid=ssid, passphrase=passphrase)
    hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)

    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
    if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"):
        raise Exception("Scan results missing RSN element info")

def test_ap_ft_many(dev, apdev):
    """WPA2-PSK-FT AP multiple times"""
    ssid = "test-ft"
    passphrase="12345678"

    params = ft_params1(ssid=ssid, passphrase=passphrase)
    hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
    params = ft_params2(ssid=ssid, passphrase=passphrase)
    hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)

    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, roams=50)

def test_ap_ft_mixed(dev, apdev):
    """WPA2-PSK-FT mixed-mode AP"""
    ssid = "test-ft-mixed"
    passphrase="12345678"

    params = ft_params1(rsn=False, ssid=ssid, passphrase=passphrase)
    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
    key_mgmt = hapd.get_config()['key_mgmt']
    vals = key_mgmt.split(' ')
    if vals[0] != "WPA-PSK" or vals[1] != "FT-PSK":
        raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
    params = ft_params2(rsn=False, ssid=ssid, passphrase=passphrase)
    hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)

    run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase)

def test_ap_ft_pmf(dev, apdev):
    """WPA2-PSK-FT AP with PMF"""
    ssid = "test-ft"
    passphrase="12345678"

    params = ft_params1(ssid=ssid, passphrase=passphrase)
    params["ieee80211w"] = "2";
    hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
    params = ft_params2(ssid=ssid, passphrase=passphrase)
    params["ieee80211w"] = "2";
    hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)

    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)

def test_ap_ft_over_ds(dev, apdev):
    """WPA2-PSK-FT AP over DS"""
    ssid = "test-ft"
    passphrase="12345678"

    params = ft_params1(ssid=ssid, passphrase=passphrase)
    hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
    params = ft_params2(ssid=ssid, passphrase=passphrase)
    hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)

    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True)
    check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"),
                        ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4") ])

def test_ap_ft_over_ds_many(dev, apdev):
    """WPA2-PSK-FT AP over DS multiple times"""
    ssid = "test-ft"
    passphrase="12345678"

    params = ft_params1(ssid=ssid, passphrase=passphrase)
    hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
    params = ft_params2(ssid=ssid, passphrase=passphrase)
    hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)

    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
              roams=50)

def test_ap_ft_over_ds_unknown_target(dev, apdev):
    """WPA2-PSK-FT AP"""
    ssid = "test-ft"
    passphrase="12345678"

    params = ft_params1(ssid=ssid, passphrase=passphrase)
    hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)

    dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
                   scan_freq="2412")
    dev[0].roam_over_ds("02:11:22:33:44:55", fail_test=True)

def test_ap_ft_pmf_over_ds(dev, apdev):
    """WPA2-PSK-FT AP over DS with PMF"""
    ssid = "test-ft"
    passphrase="12345678"

    params = ft_params1(ssid=ssid, passphrase=passphrase)
    params["ieee80211w"] = "2";
    hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
    params = ft_params2(ssid=ssid, passphrase=passphrase)
    params["ieee80211w"] = "2";
    hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)

    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True)

def test_ap_ft_over_ds_pull(dev, apdev):
    """WPA2-PSK-FT AP over DS (pull PMK)"""
    ssid = "test-ft"
    passphrase="12345678"

    params = ft_params1(ssid=ssid, passphrase=passphrase)
    params["pmk_r1_push"] = "0"
    hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
    params = ft_params2(ssid=ssid, passphrase=passphrase)
    params["pmk_r1_push"] = "0"
    hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)

    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True)

def test_ap_ft_sae(dev, apdev):
    """WPA2-PSK-FT-SAE AP"""
    ssid = "test-ft"
    passphrase="12345678"

    params = ft_params1(ssid=ssid, passphrase=passphrase)
    params['wpa_key_mgmt'] = "FT-SAE"
    hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
    params = ft_params2(ssid=ssid, passphrase=passphrase)
    params['wpa_key_mgmt'] = "FT-SAE"
    hapd = hostapd.add_ap(apdev[1]['ifname'], params)
    key_mgmt = hapd.get_config()['key_mgmt']
    if key_mgmt.split(' ')[0] != "FT-SAE":
        raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)

    dev[0].request("SET sae_groups ")
    run_roams(dev[0], apdev, hapd0, hapd, ssid, passphrase, sae=True)

def test_ap_ft_sae_over_ds(dev, apdev):
    """WPA2-PSK-FT-SAE AP over DS"""
    ssid = "test-ft"
    passphrase="12345678"

    params = ft_params1(ssid=ssid, passphrase=passphrase)
    params['wpa_key_mgmt'] = "FT-SAE"
    hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
    params = ft_params2(ssid=ssid, passphrase=passphrase)
    params['wpa_key_mgmt'] = "FT-SAE"
    hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)

    dev[0].request("SET sae_groups ")
    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, sae=True,
              over_ds=True)

def test_ap_ft_eap(dev, apdev):
    """WPA2-EAP-FT AP"""
    ssid = "test-ft"
    passphrase="12345678"

    radius = hostapd.radius_params()
    params = ft_params1(ssid=ssid, passphrase=passphrase)
    params['wpa_key_mgmt'] = "FT-EAP"
    params["ieee8021x"] = "1"
    params = dict(radius.items() + params.items())
    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
    key_mgmt = hapd.get_config()['key_mgmt']
    if key_mgmt.split(' ')[0] != "FT-EAP":
        raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
    params = ft_params2(ssid=ssid, passphrase=passphrase)
    params['wpa_key_mgmt'] = "FT-EAP"
    params["ieee8021x"] = "1"
    params = dict(radius.items() + params.items())
    hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)

    run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True)
    if "[WPA2-FT/EAP-CCMP]" not in dev[0].request("SCAN_RESULTS"):
        raise Exception("Scan results missing RSN element info")
    check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-3"),
                        ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-3") ])

def test_ap_ft_eap_pull(dev, apdev):
    """WPA2-EAP-FT AP (pull PMK)"""
    ssid = "test-ft"
    passphrase="12345678"

    radius = hostapd.radius_params()
    params = ft_params1(ssid=ssid, passphrase=passphrase)
    params['wpa_key_mgmt'] = "FT-EAP"
    params["ieee8021x"] = "1"
    params["pmk_r1_push"] = "0"
    params = dict(radius.items() + params.items())
    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
    key_mgmt = hapd.get_config()['key_mgmt']
    if key_mgmt.split(' ')[0] != "FT-EAP":
        raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
    params = ft_params2(ssid=ssid, passphrase=passphrase)
    params['wpa_key_mgmt'] = "FT-EAP"
    params["ieee8021x"] = "1"
    params["pmk_r1_push"] = "0"
    params = dict(radius.items() + params.items())
    hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)

    run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True)

def test_ap_ft_mismatching_rrb_key_push(dev, apdev):
    """WPA2-PSK-FT AP over DS with mismatching RRB key (push)"""
    ssid = "test-ft"
    passphrase="12345678"

    params = ft_params1(ssid=ssid, passphrase=passphrase)
    params["ieee80211w"] = "2";
    hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
    params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase)
    params["ieee80211w"] = "2";
    hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)

    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
              fail_test=True)

def test_ap_ft_mismatching_rrb_key_pull(dev, apdev):
    """WPA2-PSK-FT AP over DS with mismatching RRB key (pull)"""
    ssid = "test-ft"
    passphrase="12345678"

    params = ft_params1(ssid=ssid, passphrase=passphrase)
    params["pmk_r1_push"] = "0"
    hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
    params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase)
    params["pmk_r1_push"] = "0"
    hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)

    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
              fail_test=True)

def test_ap_ft_mismatching_r0kh_id_pull(dev, apdev):
    """WPA2-PSK-FT AP over DS with mismatching R0KH-ID (pull)"""
    ssid = "test-ft"
    passphrase="12345678"

    params = ft_params1(ssid=ssid, passphrase=passphrase)
    params["pmk_r1_push"] = "0"
    params["nas_identifier"] = "nas0.w1.fi"
    hostapd.add_ap(apdev[0]['ifname'], params)
    dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
                   scan_freq="2412")

    params = ft_params2(ssid=ssid, passphrase=passphrase)
    params["pmk_r1_push"] = "0"
    hostapd.add_ap(apdev[1]['ifname'], params)

    dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
    dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True)

def test_ap_ft_mismatching_rrb_r0kh_push(dev, apdev):
    """WPA2-PSK-FT AP over DS with mismatching R0KH key (push)"""
    ssid = "test-ft"
    passphrase="12345678"

    params = ft_params1(ssid=ssid, passphrase=passphrase)
    params["ieee80211w"] = "2";
    hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
    params = ft_params2_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
    params["ieee80211w"] = "2";
    hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)

    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
              fail_test=True)

def test_ap_ft_mismatching_rrb_r0kh_pull(dev, apdev):
    """WPA2-PSK-FT AP over DS with mismatching R0KH key (pull)"""
    ssid = "test-ft"
    passphrase="12345678"

    params = ft_params1_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
    params["pmk_r1_push"] = "0"
    hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
    params = ft_params2(ssid=ssid, passphrase=passphrase)
    params["pmk_r1_push"] = "0"
    hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)

    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
              fail_test=True)

def test_ap_ft_gtk_rekey(dev, apdev):
    """WPA2-PSK-FT AP and GTK rekey"""
    ssid = "test-ft"
    passphrase="12345678"

    params = ft_params1(ssid=ssid, passphrase=passphrase)
    params['wpa_group_rekey'] = '1'
    hapd = hostapd.add_ap(apdev[0]['ifname'], params)

    dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
                   ieee80211w="1", scan_freq="2412")

    ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
    if ev is None:
        raise Exception("GTK rekey timed out after initial association")
    hwsim_utils.test_connectivity(dev[0], hapd)

    params = ft_params2(ssid=ssid, passphrase=passphrase)
    params['wpa_group_rekey'] = '1'
    hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)

    dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
    dev[0].roam(apdev[1]['bssid'])
    if dev[0].get_status_field('bssid') != apdev[1]['bssid']:
        raise Exception("Did not connect to correct AP")
    hwsim_utils.test_connectivity(dev[0], hapd1)

    ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
    if ev is None:
        raise Exception("GTK rekey timed out after FT protocol")
    hwsim_utils.test_connectivity(dev[0], hapd1)
Commit	Line	Data
cd7f1b9a	1	# Fast BSS Transition tests
ae14a2e2	2	# Copyright (c) 2013-2014, Jouni Malinen <j@w1.fi>
cd7f1b9a JM	3	#
	4	# This software may be distributed under the terms of the BSD license.
	5	# See README for more details.
	6
	7	import time
	8	import subprocess
	9	import logging
c9aa4308	10	logger = logging.getLogger()
cd7f1b9a JM	11
	12	import hwsim_utils
	13	import hostapd
	14	from wlantest import Wlantest
eaf3f9b1	15	from test_ap_psk import check_mib
cd7f1b9a JM	16
	17	def ft_base_rsn():
	18	params = { "wpa": "2",
	19	"wpa_key_mgmt": "FT-PSK",
	20	"rsn_pairwise": "CCMP" }
	21	return params
	22
	23	def ft_base_mixed():
	24	params = { "wpa": "3",
	25	"wpa_key_mgmt": "WPA-PSK FT-PSK",
	26	"wpa_pairwise": "TKIP",
	27	"rsn_pairwise": "CCMP" }
	28	return params
	29
	30	def ft_params(rsn=True, ssid=None, passphrase=None):
	31	if rsn:
	32	params = ft_base_rsn()
	33	else:
	34	params = ft_base_mixed()
	35	if ssid:
	36	params["ssid"] = ssid
	37	if passphrase:
	38	params["wpa_passphrase"] = passphrase
	39
	40	params["mobility_domain"] = "a1b2"
	41	params["r0_key_lifetime"] = "10000"
	42	params["pmk_r1_push"] = "1"
	43	params["reassociation_deadline"] = "1000"
	44	return params
	45
	46	def ft_params1(rsn=True, ssid=None, passphrase=None):
	47	params = ft_params(rsn, ssid, passphrase)
	48	params['nas_identifier'] = "nas1.w1.fi"
	49	params['r1_key_holder'] = "000102030405"
	50	params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f",
	51	"02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f" ]
	52	params['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f"
	53	return params
	54
	55	def ft_params2(rsn=True, ssid=None, passphrase=None):
	56	params = ft_params(rsn, ssid, passphrase)
	57	params['nas_identifier'] = "nas2.w1.fi"
	58	params['r1_key_holder'] = "000102030406"
	59	params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f",
	60	"02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f" ]
	61	params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f"
	62	return params
	63
3b808945 JM	64	def ft_params1_r0kh_mismatch(rsn=True, ssid=None, passphrase=None):
	65	params = ft_params(rsn, ssid, passphrase)
	66	params['nas_identifier'] = "nas1.w1.fi"
	67	params['r1_key_holder'] = "000102030405"
	68	params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f",
	69	"12:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f" ]
	70	params['r1kh'] = "12:00:00:00:04:00 10:01:02:03:04:06 200102030405060708090a0b0c0d0e0f"
	71	return params
	72
	73	def ft_params2_incorrect_rrb_key(rsn=True, ssid=None, passphrase=None):
	74	params = ft_params(rsn, ssid, passphrase)
	75	params['nas_identifier'] = "nas2.w1.fi"
	76	params['r1_key_holder'] = "000102030406"
	77	params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0ef1",
	78	"02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0ef2" ]
	79	params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0ef3"
	80	return params
	81
	82	def ft_params2_r0kh_mismatch(rsn=True, ssid=None, passphrase=None):
	83	params = ft_params(rsn, ssid, passphrase)
	84	params['nas_identifier'] = "nas2.w1.fi"
	85	params['r1_key_holder'] = "000102030406"
	86	params['r0kh'] = [ "12:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f",
	87	"02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f" ]
	88	params['r1kh'] = "12:00:00:00:03:00 10:01:02:03:04:05 300102030405060708090a0b0c0d0e0f"
	89	return params
	90
a8375c94	91	def run_roams(dev, apdev, hapd0, hapd1, ssid, passphrase, over_ds=False, sae=False, eap=False, fail_test=False, roams=1):
cd7f1b9a	92	logger.info("Connect to first AP")
6f62809b JM	93	if eap:
6f62809b JM	94	dev.connect(ssid, key_mgmt="FT-EAP", proto="WPA2", ieee80211w="1",
2f816c21 JM	95	eap="GPSK", identity="gpsk user",
	96	password="abcdefghijklmnop0123456789abcdef",
	97	scan_freq="2412")
6e658cc4	98	else:
6f62809b JM	99	if sae:
	100	key_mgmt="FT-SAE"
	101	else:
	102	key_mgmt="FT-PSK"
	103	dev.connect(ssid, psk=passphrase, key_mgmt=key_mgmt, proto="WPA2",
2f816c21	104	ieee80211w="1", scan_freq="2412")
cd7f1b9a JM	105	if dev.get_status_field('bssid') == apdev[0]['bssid']:
	106	ap1 = apdev[0]
	107	ap2 = apdev[1]
a8375c94 JM	108	hapd1ap = hapd0
a8375c94 JM	109	hapd2ap = hapd1
cd7f1b9a JM	110	else:
	111	ap1 = apdev[1]
	112	ap2 = apdev[0]
a8375c94 JM	113	hapd1ap = hapd1
	114	hapd2ap = hapd0
	115	hwsim_utils.test_connectivity(dev, hapd1ap)
cd7f1b9a	116
655bc8bf	117	dev.scan_for_bss(ap2['bssid'], freq="2412")
40602101 JM	118
	119	for i in range(0, roams):
	120	logger.info("Roam to the second AP")
	121	if over_ds:
	122	dev.roam_over_ds(ap2['bssid'], fail_test=fail_test)
	123	else:
	124	dev.roam(ap2['bssid'], fail_test=fail_test)
	125	if fail_test:
	126	return
	127	if dev.get_status_field('bssid') != ap2['bssid']:
	128	raise Exception("Did not connect to correct AP")
	129	if i == 0 or i == roams - 1:
a8375c94	130	hwsim_utils.test_connectivity(dev, hapd2ap)
40602101 JM	131
	132	logger.info("Roam back to the first AP")
	133	if over_ds:
	134	dev.roam_over_ds(ap1['bssid'])
	135	else:
	136	dev.roam(ap1['bssid'])
	137	if dev.get_status_field('bssid') != ap1['bssid']:
	138	raise Exception("Did not connect to correct AP")
	139	if i == 0 or i == roams - 1:
a8375c94	140	hwsim_utils.test_connectivity(dev, hapd1ap)
cd7f1b9a JM	141
	142	def test_ap_ft(dev, apdev):
	143	"""WPA2-PSK-FT AP"""
	144	ssid = "test-ft"
	145	passphrase="12345678"
	146
	147	params = ft_params1(ssid=ssid, passphrase=passphrase)
a8375c94	148	hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
cd7f1b9a	149	params = ft_params2(ssid=ssid, passphrase=passphrase)
a8375c94	150	hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
cd7f1b9a	151
a8375c94	152	run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
91bc6c36 JM	153	if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"):
91bc6c36 JM	154	raise Exception("Scan results missing RSN element info")
cd7f1b9a	155
40602101 JM	156	def test_ap_ft_many(dev, apdev):
	157	"""WPA2-PSK-FT AP multiple times"""
	158	ssid = "test-ft"
	159	passphrase="12345678"
	160
	161	params = ft_params1(ssid=ssid, passphrase=passphrase)
a8375c94	162	hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
40602101	163	params = ft_params2(ssid=ssid, passphrase=passphrase)
a8375c94	164	hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
40602101	165
a8375c94	166	run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, roams=50)
40602101	167
cd7f1b9a JM	168	def test_ap_ft_mixed(dev, apdev):
	169	"""WPA2-PSK-FT mixed-mode AP"""
	170	ssid = "test-ft-mixed"
	171	passphrase="12345678"
	172
	173	params = ft_params1(rsn=False, ssid=ssid, passphrase=passphrase)
65038313 JM	174	hapd = hostapd.add_ap(apdev[0]['ifname'], params)
	175	key_mgmt = hapd.get_config()['key_mgmt']
	176	vals = key_mgmt.split(' ')
	177	if vals[0] != "WPA-PSK" or vals[1] != "FT-PSK":
	178	raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
cd7f1b9a	179	params = ft_params2(rsn=False, ssid=ssid, passphrase=passphrase)
a8375c94	180	hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
cd7f1b9a	181
a8375c94	182	run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase)
cd7f1b9a JM	183
	184	def test_ap_ft_pmf(dev, apdev):
	185	"""WPA2-PSK-FT AP with PMF"""
	186	ssid = "test-ft"
	187	passphrase="12345678"
	188
	189	params = ft_params1(ssid=ssid, passphrase=passphrase)
	190	params["ieee80211w"] = "2";
a8375c94	191	hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
cd7f1b9a JM	192	params = ft_params2(ssid=ssid, passphrase=passphrase)
cd7f1b9a JM	193	params["ieee80211w"] = "2";
a8375c94	194	hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
cd7f1b9a	195
a8375c94	196	run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
b553eab1 JM	197
	198	def test_ap_ft_over_ds(dev, apdev):
	199	"""WPA2-PSK-FT AP over DS"""
	200	ssid = "test-ft"
	201	passphrase="12345678"
	202
	203	params = ft_params1(ssid=ssid, passphrase=passphrase)
a8375c94	204	hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
b553eab1	205	params = ft_params2(ssid=ssid, passphrase=passphrase)
a8375c94	206	hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
b553eab1	207
a8375c94	208	run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True)
eaf3f9b1 JM	209	check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"),
eaf3f9b1 JM	210	("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4") ])
b553eab1	211
40602101 JM	212	def test_ap_ft_over_ds_many(dev, apdev):
	213	"""WPA2-PSK-FT AP over DS multiple times"""
	214	ssid = "test-ft"
	215	passphrase="12345678"
	216
	217	params = ft_params1(ssid=ssid, passphrase=passphrase)
a8375c94	218	hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
40602101	219	params = ft_params2(ssid=ssid, passphrase=passphrase)
a8375c94	220	hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
40602101	221
a8375c94 JM	222	run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
a8375c94 JM	223	roams=50)
40602101	224
c337d07a JM	225	def test_ap_ft_over_ds_unknown_target(dev, apdev):
	226	"""WPA2-PSK-FT AP"""
	227	ssid = "test-ft"
	228	passphrase="12345678"
	229
	230	params = ft_params1(ssid=ssid, passphrase=passphrase)
	231	hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
	232
	233	dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
	234	scan_freq="2412")
	235	dev[0].roam_over_ds("02:11:22:33:44:55", fail_test=True)
	236
b553eab1 JM	237	def test_ap_ft_pmf_over_ds(dev, apdev):
	238	"""WPA2-PSK-FT AP over DS with PMF"""
	239	ssid = "test-ft"
	240	passphrase="12345678"
	241
	242	params = ft_params1(ssid=ssid, passphrase=passphrase)
	243	params["ieee80211w"] = "2";
a8375c94	244	hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
b553eab1 JM	245	params = ft_params2(ssid=ssid, passphrase=passphrase)
b553eab1 JM	246	params["ieee80211w"] = "2";
a8375c94	247	hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
b553eab1	248
a8375c94	249	run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True)
6e658cc4	250
aaba98d3 JM	251	def test_ap_ft_over_ds_pull(dev, apdev):
	252	"""WPA2-PSK-FT AP over DS (pull PMK)"""
	253	ssid = "test-ft"
	254	passphrase="12345678"
	255
	256	params = ft_params1(ssid=ssid, passphrase=passphrase)
	257	params["pmk_r1_push"] = "0"
a8375c94	258	hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
aaba98d3 JM	259	params = ft_params2(ssid=ssid, passphrase=passphrase)
aaba98d3 JM	260	params["pmk_r1_push"] = "0"
a8375c94	261	hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
aaba98d3	262
a8375c94	263	run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True)
aaba98d3	264
6e658cc4 JM	265	def test_ap_ft_sae(dev, apdev):
	266	"""WPA2-PSK-FT-SAE AP"""
	267	ssid = "test-ft"
	268	passphrase="12345678"
	269
	270	params = ft_params1(ssid=ssid, passphrase=passphrase)
	271	params['wpa_key_mgmt'] = "FT-SAE"
a8375c94	272	hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
6e658cc4 JM	273	params = ft_params2(ssid=ssid, passphrase=passphrase)
6e658cc4 JM	274	params['wpa_key_mgmt'] = "FT-SAE"
65038313 JM	275	hapd = hostapd.add_ap(apdev[1]['ifname'], params)
	276	key_mgmt = hapd.get_config()['key_mgmt']
	277	if key_mgmt.split(' ')[0] != "FT-SAE":
	278	raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
6e658cc4	279
17ffdf39	280	dev[0].request("SET sae_groups ")
a8375c94	281	run_roams(dev[0], apdev, hapd0, hapd, ssid, passphrase, sae=True)
6e658cc4 JM	282
	283	def test_ap_ft_sae_over_ds(dev, apdev):
	284	"""WPA2-PSK-FT-SAE AP over DS"""
	285	ssid = "test-ft"
	286	passphrase="12345678"
	287
	288	params = ft_params1(ssid=ssid, passphrase=passphrase)
	289	params['wpa_key_mgmt'] = "FT-SAE"
a8375c94	290	hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
6e658cc4 JM	291	params = ft_params2(ssid=ssid, passphrase=passphrase)
6e658cc4 JM	292	params['wpa_key_mgmt'] = "FT-SAE"
a8375c94	293	hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
6e658cc4	294
17ffdf39	295	dev[0].request("SET sae_groups ")
a8375c94 JM	296	run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, sae=True,
a8375c94 JM	297	over_ds=True)
6f62809b JM	298
	299	def test_ap_ft_eap(dev, apdev):
	300	"""WPA2-EAP-FT AP"""
	301	ssid = "test-ft"
	302	passphrase="12345678"
	303
	304	radius = hostapd.radius_params()
	305	params = ft_params1(ssid=ssid, passphrase=passphrase)
	306	params['wpa_key_mgmt'] = "FT-EAP"
	307	params["ieee8021x"] = "1"
	308	params = dict(radius.items() + params.items())
65038313 JM	309	hapd = hostapd.add_ap(apdev[0]['ifname'], params)
	310	key_mgmt = hapd.get_config()['key_mgmt']
	311	if key_mgmt.split(' ')[0] != "FT-EAP":
	312	raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
6f62809b JM	313	params = ft_params2(ssid=ssid, passphrase=passphrase)
	314	params['wpa_key_mgmt'] = "FT-EAP"
	315	params["ieee8021x"] = "1"
	316	params = dict(radius.items() + params.items())
a8375c94	317	hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
6f62809b	318
a8375c94	319	run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True)
91bc6c36 JM	320	if "[WPA2-FT/EAP-CCMP]" not in dev[0].request("SCAN_RESULTS"):
91bc6c36 JM	321	raise Exception("Scan results missing RSN element info")
eaf3f9b1 JM	322	check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-3"),
eaf3f9b1 JM	323	("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-3") ])
aaba98d3 JM	324
	325	def test_ap_ft_eap_pull(dev, apdev):
	326	"""WPA2-EAP-FT AP (pull PMK)"""
	327	ssid = "test-ft"
	328	passphrase="12345678"
	329
	330	radius = hostapd.radius_params()
	331	params = ft_params1(ssid=ssid, passphrase=passphrase)
	332	params['wpa_key_mgmt'] = "FT-EAP"
	333	params["ieee8021x"] = "1"
	334	params["pmk_r1_push"] = "0"
	335	params = dict(radius.items() + params.items())
	336	hapd = hostapd.add_ap(apdev[0]['ifname'], params)
	337	key_mgmt = hapd.get_config()['key_mgmt']
	338	if key_mgmt.split(' ')[0] != "FT-EAP":
	339	raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
	340	params = ft_params2(ssid=ssid, passphrase=passphrase)
	341	params['wpa_key_mgmt'] = "FT-EAP"
	342	params["ieee8021x"] = "1"
	343	params["pmk_r1_push"] = "0"
	344	params = dict(radius.items() + params.items())
a8375c94	345	hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
aaba98d3	346
a8375c94	347	run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True)
3b808945 JM	348
	349	def test_ap_ft_mismatching_rrb_key_push(dev, apdev):
	350	"""WPA2-PSK-FT AP over DS with mismatching RRB key (push)"""
	351	ssid = "test-ft"
	352	passphrase="12345678"
	353
	354	params = ft_params1(ssid=ssid, passphrase=passphrase)
	355	params["ieee80211w"] = "2";
a8375c94	356	hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
3b808945 JM	357	params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase)
3b808945 JM	358	params["ieee80211w"] = "2";
a8375c94	359	hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
3b808945	360
a8375c94 JM	361	run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
a8375c94 JM	362	fail_test=True)
3b808945 JM	363
	364	def test_ap_ft_mismatching_rrb_key_pull(dev, apdev):
	365	"""WPA2-PSK-FT AP over DS with mismatching RRB key (pull)"""
	366	ssid = "test-ft"
	367	passphrase="12345678"
	368
	369	params = ft_params1(ssid=ssid, passphrase=passphrase)
	370	params["pmk_r1_push"] = "0"
a8375c94	371	hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
3b808945 JM	372	params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase)
3b808945 JM	373	params["pmk_r1_push"] = "0"
a8375c94	374	hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
3b808945	375
a8375c94 JM	376	run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
a8375c94 JM	377	fail_test=True)
3b808945	378
ae14a2e2 JM	379	def test_ap_ft_mismatching_r0kh_id_pull(dev, apdev):
	380	"""WPA2-PSK-FT AP over DS with mismatching R0KH-ID (pull)"""
	381	ssid = "test-ft"
	382	passphrase="12345678"
	383
	384	params = ft_params1(ssid=ssid, passphrase=passphrase)
	385	params["pmk_r1_push"] = "0"
	386	params["nas_identifier"] = "nas0.w1.fi"
	387	hostapd.add_ap(apdev[0]['ifname'], params)
2f816c21 JM	388	dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2f816c21 JM	389	scan_freq="2412")
ae14a2e2 JM	390
	391	params = ft_params2(ssid=ssid, passphrase=passphrase)
	392	params["pmk_r1_push"] = "0"
	393	hostapd.add_ap(apdev[1]['ifname'], params)
	394
	395	dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
	396	dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True)
	397
3b808945 JM	398	def test_ap_ft_mismatching_rrb_r0kh_push(dev, apdev):
	399	"""WPA2-PSK-FT AP over DS with mismatching R0KH key (push)"""
	400	ssid = "test-ft"
	401	passphrase="12345678"
	402
	403	params = ft_params1(ssid=ssid, passphrase=passphrase)
	404	params["ieee80211w"] = "2";
a8375c94	405	hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
3b808945 JM	406	params = ft_params2_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
3b808945 JM	407	params["ieee80211w"] = "2";
a8375c94	408	hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
3b808945	409
a8375c94 JM	410	run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
a8375c94 JM	411	fail_test=True)
3b808945 JM	412
	413	def test_ap_ft_mismatching_rrb_r0kh_pull(dev, apdev):
	414	"""WPA2-PSK-FT AP over DS with mismatching R0KH key (pull)"""
	415	ssid = "test-ft"
	416	passphrase="12345678"
	417
	418	params = ft_params1_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
	419	params["pmk_r1_push"] = "0"
a8375c94	420	hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
3b808945 JM	421	params = ft_params2(ssid=ssid, passphrase=passphrase)
3b808945 JM	422	params["pmk_r1_push"] = "0"
a8375c94	423	hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
3b808945	424
a8375c94 JM	425	run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
a8375c94 JM	426	fail_test=True)
c6b6e105 JM	427
	428	def test_ap_ft_gtk_rekey(dev, apdev):
	429	"""WPA2-PSK-FT AP and GTK rekey"""
	430	ssid = "test-ft"
	431	passphrase="12345678"
	432
	433	params = ft_params1(ssid=ssid, passphrase=passphrase)
	434	params['wpa_group_rekey'] = '1'
a8375c94	435	hapd = hostapd.add_ap(apdev[0]['ifname'], params)
c6b6e105 JM	436
c6b6e105 JM	437	dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2f816c21	438	ieee80211w="1", scan_freq="2412")
c6b6e105 JM	439
	440	ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
	441	if ev is None:
	442	raise Exception("GTK rekey timed out after initial association")
a8375c94	443	hwsim_utils.test_connectivity(dev[0], hapd)
c6b6e105 JM	444
	445	params = ft_params2(ssid=ssid, passphrase=passphrase)
	446	params['wpa_group_rekey'] = '1'
a8375c94	447	hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
c6b6e105 JM	448
	449	dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
	450	dev[0].roam(apdev[1]['bssid'])
	451	if dev[0].get_status_field('bssid') != apdev[1]['bssid']:
	452	raise Exception("Did not connect to correct AP")
a8375c94	453	hwsim_utils.test_connectivity(dev[0], hapd1)
c6b6e105 JM	454
	455	ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
	456	if ev is None:
	457	raise Exception("GTK rekey timed out after FT protocol")
a8375c94	458	hwsim_utils.test_connectivity(dev[0], hapd1)