]> git.ipfire.org Git - thirdparty/hostap.git/blame - tests/hwsim/test_ap_ft.py
projects / thirdparty / hostap.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
FT: Disable PMKSA caching with FT
[thirdparty/hostap.git] / tests / hwsim / test_ap_ft.py
CommitLineData
cd7f1b9a 1# Fast BSS Transition tests
c8942286 2# Copyright (c) 2013-2017, Jouni Malinen <j@w1.fi>
cd7f1b9a
JM		 3#
4# This software may be distributed under the terms of the BSD license.
5# See README for more details.
6
9fd6804d 7from remotehost import remote_compatible
5b3c40a6
JM		 8import binascii
9import os
cd7f1b9a 10import time
cd7f1b9a 11import logging
c9aa4308 12logger = logging.getLogger()
c8942286 13import struct
cd7f1b9a
JM		 14
15import hwsim_utils
16import hostapd
d7f0bef9 17from tshark import run_tshark
c8942286 18from utils import HwsimSkip, alloc_fail, fail_test, wait_fail_trigger, skip_with_fips, parse_ie
cd7f1b9a 19from wlantest import Wlantest
5b3c40a6 20from test_ap_psk import check_mib, find_wpas_process, read_process_memory, verify_not_present, get_key_locations
cd7f1b9a
JM		 21
22def ft_base_rsn():
23 params = { "wpa": "2",
24 "wpa_key_mgmt": "FT-PSK",
25 "rsn_pairwise": "CCMP" }
26 return params
27
28def ft_base_mixed():
29 params = { "wpa": "3",
30 "wpa_key_mgmt": "WPA-PSK FT-PSK",
31 "wpa_pairwise": "TKIP",
32 "rsn_pairwise": "CCMP" }
33 return params
34
35def ft_params(rsn=True, ssid=None, passphrase=None):
36 if rsn:
37 params = ft_base_rsn()
38 else:
39 params = ft_base_mixed()
40 if ssid:
41 params["ssid"] = ssid
42 if passphrase:
43 params["wpa_passphrase"] = passphrase
44
45 params["mobility_domain"] = "a1b2"
46 params["r0_key_lifetime"] = "10000"
47 params["pmk_r1_push"] = "1"
48 params["reassociation_deadline"] = "1000"
49 return params
50
d0175d6e 51def ft_params1a(rsn=True, ssid=None, passphrase=None):
cd7f1b9a
JM		 52 params = ft_params(rsn, ssid, passphrase)
53 params['nas_identifier'] = "nas1.w1.fi"
54 params['r1_key_holder'] = "000102030405"
d0175d6e
MB		 55 return params
56
942b52a8 57def ft_params1(rsn=True, ssid=None, passphrase=None, discovery=False):
d0175d6e 58 params = ft_params1a(rsn, ssid, passphrase)
942b52a8
MB		 59 if discovery:
60 params['r0kh'] = "ff:ff:ff:ff:ff:ff * 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
61 params['r1kh'] = "00:00:00:00:00:00 00:00:00:00:00:00 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
62 else:
63 params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f",
64 "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f" ]
65 params['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f"
cd7f1b9a
JM		 66 return params
67
c95dd8e4
JM		 68def ft_params1_old_key(rsn=True, ssid=None, passphrase=None):
69 params = ft_params1a(rsn, ssid, passphrase)
70 params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f",
71 "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f" ]
72 params['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f"
73 return params
74
d0175d6e 75def ft_params2a(rsn=True, ssid=None, passphrase=None):
cd7f1b9a
JM		 76 params = ft_params(rsn, ssid, passphrase)
77 params['nas_identifier'] = "nas2.w1.fi"
78 params['r1_key_holder'] = "000102030406"
d0175d6e
MB		 79 return params
80
942b52a8 81def ft_params2(rsn=True, ssid=None, passphrase=None, discovery=False):
d0175d6e 82 params = ft_params2a(rsn, ssid, passphrase)
942b52a8
MB		 83 if discovery:
84 params['r0kh'] = "ff:ff:ff:ff:ff:ff * 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
85 params['r1kh'] = "00:00:00:00:00:00 00:00:00:00:00:00 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
86 else:
87 params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f",
88 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f" ]
89 params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"
cd7f1b9a
JM		 90 return params
91
c95dd8e4
JM		 92def ft_params2_old_key(rsn=True, ssid=None, passphrase=None):
93 params = ft_params2a(rsn, ssid, passphrase)
94 params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f",
95 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f" ]
96 params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f"
97 return params
98
3b808945
JM		 99def ft_params1_r0kh_mismatch(rsn=True, ssid=None, passphrase=None):
100 params = ft_params(rsn, ssid, passphrase)
101 params['nas_identifier'] = "nas1.w1.fi"
102 params['r1_key_holder'] = "000102030405"
9441a227
MB		 103 params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f",
104 "12:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f" ]
105 params['r1kh'] = "12:00:00:00:04:00 10:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f"
3b808945
JM		 106 return params
107
108def ft_params2_incorrect_rrb_key(rsn=True, ssid=None, passphrase=None):
109 params = ft_params(rsn, ssid, passphrase)
110 params['nas_identifier'] = "nas2.w1.fi"
111 params['r1_key_holder'] = "000102030406"
9441a227
MB		 112 params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0ef1200102030405060708090a0b0c0d0ef1",
113 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0ef2000102030405060708090a0b0c0d0ef2" ]
114 params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0ef3300102030405060708090a0b0c0d0ef3"
3b808945
JM		 115 return params
116
117def ft_params2_r0kh_mismatch(rsn=True, ssid=None, passphrase=None):
118 params = ft_params(rsn, ssid, passphrase)
119 params['nas_identifier'] = "nas2.w1.fi"
120 params['r1_key_holder'] = "000102030406"
9441a227
MB		 121 params['r0kh'] = [ "12:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f",
122 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f" ]
123 params['r1kh'] = "12:00:00:00:03:00 10:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"
3b808945
JM		 124 return params
125
7b741a53
JM		 126def run_roams(dev, apdev, hapd0, hapd1, ssid, passphrase, over_ds=False,
127 sae=False, eap=False, fail_test=False, roams=1,
fd7205fa 128 pairwise_cipher="CCMP", group_cipher="TKIP CCMP", ptk_rekey="0",
473e5176
MB		 129 test_connectivity=True, eap_identity="gpsk user", conndev=False,
130 force_initial_conn_to_first_ap=False):
cd7f1b9a 131 logger.info("Connect to first AP")
473e5176
MB		 132
133 copts = {}
134 copts["proto"] = "WPA2"
135 copts["ieee80211w"] = "1"
136 copts["scan_freq"] = "2412"
137 copts["pairwise"] = pairwise_cipher
138 copts["group"] = group_cipher
139 copts["wpa_ptk_rekey"] = ptk_rekey
6f62809b 140 if eap:
473e5176
MB		 141 copts["key_mgmt"] = "FT-EAP"
142 copts["eap"] = "GPSK"
143 copts["identity"] = eap_identity
144 copts["password"] = "abcdefghijklmnop0123456789abcdef"
6e658cc4 145 else:
6f62809b 146 if sae:
473e5176 147 copts["key_mgmt"] = "FT-SAE"
6f62809b 148 else:
473e5176
MB		 149 copts["key_mgmt"] = "FT-PSK"
150 copts["psk"] = passphrase
151 if force_initial_conn_to_first_ap:
152 copts["bssid"] = apdev[0]['bssid']
153 dev.connect(ssid, **copts)
154
cd7f1b9a
JM		 155 if dev.get_status_field('bssid') == apdev[0]['bssid']:
156 ap1 = apdev[0]
157 ap2 = apdev[1]
a8375c94
JM		 158 hapd1ap = hapd0
159 hapd2ap = hapd1
cd7f1b9a
JM		 160 else:
161 ap1 = apdev[1]
162 ap2 = apdev[0]
a8375c94
JM		 163 hapd1ap = hapd1
164 hapd2ap = hapd0
fd7205fa 165 if test_connectivity:
9c50a6d3
MB		 166 if conndev:
167 hwsim_utils.test_connectivity_iface(dev, hapd1ap, conndev)
168 else:
169 hwsim_utils.test_connectivity(dev, hapd1ap)
cd7f1b9a 170
655bc8bf 171 dev.scan_for_bss(ap2['bssid'], freq="2412")
40602101
JM		 172
173 for i in range(0, roams):
e0382291
MB		 174 # Roaming artificially fast can make data test fail because the key is
175 # set later.
176 time.sleep(0.01)
40602101
JM		 177 logger.info("Roam to the second AP")
178 if over_ds:
179 dev.roam_over_ds(ap2['bssid'], fail_test=fail_test)
180 else:
181 dev.roam(ap2['bssid'], fail_test=fail_test)
182 if fail_test:
183 return
184 if dev.get_status_field('bssid') != ap2['bssid']:
185 raise Exception("Did not connect to correct AP")
fd7205fa 186 if (i == 0 or i == roams - 1) and test_connectivity:
9c50a6d3
MB		 187 if conndev:
188 hwsim_utils.test_connectivity_iface(dev, hapd2ap, conndev)
189 else:
190 hwsim_utils.test_connectivity(dev, hapd2ap)
40602101 191
e0382291
MB		 192 # Roaming artificially fast can make data test fail because the key is
193 # set later.
194 time.sleep(0.01)
40602101
JM		 195 logger.info("Roam back to the first AP")
196 if over_ds:
197 dev.roam_over_ds(ap1['bssid'])
198 else:
199 dev.roam(ap1['bssid'])
200 if dev.get_status_field('bssid') != ap1['bssid']:
201 raise Exception("Did not connect to correct AP")
fd7205fa 202 if (i == 0 or i == roams - 1) and test_connectivity:
9c50a6d3
MB		 203 if conndev:
204 hwsim_utils.test_connectivity_iface(dev, hapd1ap, conndev)
205 else:
206 hwsim_utils.test_connectivity(dev, hapd1ap)
cd7f1b9a
JM		 207
208def test_ap_ft(dev, apdev):
209 """WPA2-PSK-FT AP"""
210 ssid = "test-ft"
211 passphrase="12345678"
212
213 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 214 hapd0 = hostapd.add_ap(apdev[0], params)
cd7f1b9a 215 params = ft_params2(ssid=ssid, passphrase=passphrase)
8b8a1864 216 hapd1 = hostapd.add_ap(apdev[1], params)
cd7f1b9a 217
a8375c94 218 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
91bc6c36
JM		 219 if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"):
220 raise Exception("Scan results missing RSN element info")
cd7f1b9a 221
c95dd8e4
JM		 222def test_ap_ft_old_key(dev, apdev):
223 """WPA2-PSK-FT AP (old key)"""
224 ssid = "test-ft"
225 passphrase="12345678"
226
227 params = ft_params1_old_key(ssid=ssid, passphrase=passphrase)
228 hapd0 = hostapd.add_ap(apdev[0], params)
229 params = ft_params2_old_key(ssid=ssid, passphrase=passphrase)
230 hapd1 = hostapd.add_ap(apdev[1], params)
231
232 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
233
e4612f84
JM		 234def test_ap_ft_multi_akm(dev, apdev):
235 """WPA2-PSK-FT AP with non-FT AKMs enabled"""
236 ssid = "test-ft"
237 passphrase="12345678"
238
239 params = ft_params1(ssid=ssid, passphrase=passphrase)
240 params["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256"
241 hapd0 = hostapd.add_ap(apdev[0], params)
242 params = ft_params2(ssid=ssid, passphrase=passphrase)
243 params["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256"
244 hapd1 = hostapd.add_ap(apdev[1], params)
245
246 Wlantest.setup(hapd0)
247 wt = Wlantest()
248 wt.flush()
249 wt.add_passphrase(passphrase)
250
251 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
252 if "[WPA2-PSK+FT/PSK+PSK-SHA256-CCMP]" not in dev[0].request("SCAN_RESULTS"):
253 raise Exception("Scan results missing RSN element info")
254 dev[1].connect(ssid, psk=passphrase, scan_freq="2412")
255 dev[2].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK-SHA256",
256 scan_freq="2412")
257
d0175d6e
MB		 258def test_ap_ft_local_key_gen(dev, apdev):
259 """WPA2-PSK-FT AP with local key generation (without pull/push)"""
260 ssid = "test-ft"
261 passphrase="12345678"
262
263 params = ft_params1a(ssid=ssid, passphrase=passphrase)
264 params['ft_psk_generate_local'] = "1";
8344ba12 265 del params['pmk_r1_push']
b098542c 266 hapd0 = hostapd.add_ap(apdev[0], params)
d0175d6e
MB		 267 params = ft_params2a(ssid=ssid, passphrase=passphrase)
268 params['ft_psk_generate_local'] = "1";
8344ba12 269 del params['pmk_r1_push']
b098542c 270 hapd1 = hostapd.add_ap(apdev[1], params)
d0175d6e
MB		 271
272 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
273 if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"):
274 raise Exception("Scan results missing RSN element info")
275
473e5176
MB		 276def test_ap_ft_vlan(dev, apdev):
277 """WPA2-PSK-FT AP with VLAN"""
278 ssid = "test-ft"
279 passphrase="12345678"
280
281 params = ft_params1(ssid=ssid, passphrase=passphrase)
282 params['dynamic_vlan'] = "1";
283 params['accept_mac_file'] = "hostapd.accept";
284 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
285
286 params = ft_params2(ssid=ssid, passphrase=passphrase)
287 params['dynamic_vlan'] = "1";
288 params['accept_mac_file'] = "hostapd.accept";
289 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
290
291 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, conndev="brvlan1")
292 if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"):
293 raise Exception("Scan results missing RSN element info")
294
295def test_ap_ft_vlan_disconnected(dev, apdev):
296 """WPA2-PSK-FT AP with VLAN and local key generation"""
297 ssid = "test-ft"
298 passphrase="12345678"
299
300 params = ft_params1a(ssid=ssid, passphrase=passphrase)
301 params['dynamic_vlan'] = "1";
302 params['accept_mac_file'] = "hostapd.accept";
303 params['ft_psk_generate_local'] = "1";
304 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
305
306 params = ft_params2a(ssid=ssid, passphrase=passphrase)
307 params['dynamic_vlan'] = "1";
308 params['accept_mac_file'] = "hostapd.accept";
309 params['ft_psk_generate_local'] = "1";
310 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
311
312 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, conndev="brvlan1")
313 if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"):
314 raise Exception("Scan results missing RSN element info")
315
316def test_ap_ft_vlan_2(dev, apdev):
317 """WPA2-PSK-FT AP with VLAN and dest-AP does not have VLAN info locally"""
318 ssid = "test-ft"
319 passphrase="12345678"
320
321 params = ft_params1(ssid=ssid, passphrase=passphrase)
322 params['dynamic_vlan'] = "1";
323 params['accept_mac_file'] = "hostapd.accept";
324 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
325
326 params = ft_params2(ssid=ssid, passphrase=passphrase)
327 params['dynamic_vlan'] = "1";
328 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
329
330 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, conndev="brvlan1",
331 force_initial_conn_to_first_ap=True)
332 if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"):
333 raise Exception("Scan results missing RSN element info")
334
40602101
JM		 335def test_ap_ft_many(dev, apdev):
336 """WPA2-PSK-FT AP multiple times"""
337 ssid = "test-ft"
338 passphrase="12345678"
339
340 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 341 hapd0 = hostapd.add_ap(apdev[0], params)
40602101 342 params = ft_params2(ssid=ssid, passphrase=passphrase)
8b8a1864 343 hapd1 = hostapd.add_ap(apdev[1], params)
40602101 344
a8375c94 345 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, roams=50)
40602101 346
473e5176
MB		 347def test_ap_ft_many_vlan(dev, apdev):
348 """WPA2-PSK-FT AP with VLAN multiple times"""
349 ssid = "test-ft"
350 passphrase="12345678"
351
352 params = ft_params1(ssid=ssid, passphrase=passphrase)
353 params['dynamic_vlan'] = "1";
354 params['accept_mac_file'] = "hostapd.accept";
355 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
356
357 params = ft_params2(ssid=ssid, passphrase=passphrase)
358 params['dynamic_vlan'] = "1";
359 params['accept_mac_file'] = "hostapd.accept";
360 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
361
362 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, roams=50,
363 conndev="brvlan1")
364
cd7f1b9a
JM		 365def test_ap_ft_mixed(dev, apdev):
366 """WPA2-PSK-FT mixed-mode AP"""
367 ssid = "test-ft-mixed"
368 passphrase="12345678"
369
370 params = ft_params1(rsn=False, ssid=ssid, passphrase=passphrase)
8b8a1864 371 hapd = hostapd.add_ap(apdev[0], params)
65038313
JM		 372 key_mgmt = hapd.get_config()['key_mgmt']
373 vals = key_mgmt.split(' ')
374 if vals[0] != "WPA-PSK" or vals[1] != "FT-PSK":
375 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
cd7f1b9a 376 params = ft_params2(rsn=False, ssid=ssid, passphrase=passphrase)
8b8a1864 377 hapd1 = hostapd.add_ap(apdev[1], params)
cd7f1b9a 378
a8375c94 379 run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase)
cd7f1b9a
JM		 380
381def test_ap_ft_pmf(dev, apdev):
382 """WPA2-PSK-FT AP with PMF"""
383 ssid = "test-ft"
384 passphrase="12345678"
385
386 params = ft_params1(ssid=ssid, passphrase=passphrase)
bc6e3288 387 params["ieee80211w"] = "2"
8b8a1864 388 hapd0 = hostapd.add_ap(apdev[0], params)
cd7f1b9a 389 params = ft_params2(ssid=ssid, passphrase=passphrase)
bc6e3288 390 params["ieee80211w"] = "2"
8b8a1864 391 hapd1 = hostapd.add_ap(apdev[1], params)
cd7f1b9a 392
a8375c94 393 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
b553eab1
JM		 394
395def test_ap_ft_over_ds(dev, apdev):
396 """WPA2-PSK-FT AP over DS"""
397 ssid = "test-ft"
398 passphrase="12345678"
399
400 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 401 hapd0 = hostapd.add_ap(apdev[0], params)
b553eab1 402 params = ft_params2(ssid=ssid, passphrase=passphrase)
8b8a1864 403 hapd1 = hostapd.add_ap(apdev[1], params)
b553eab1 404
a8375c94 405 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True)
eaf3f9b1
JM		 406 check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"),
407 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4") ])
b553eab1 408
55139acb
JM		 409def test_ap_ft_over_ds_disabled(dev, apdev):
410 """WPA2-PSK-FT AP over DS disabled"""
411 ssid = "test-ft"
412 passphrase="12345678"
413
414 params = ft_params1(ssid=ssid, passphrase=passphrase)
415 params['ft_over_ds'] = '0'
416 hapd0 = hostapd.add_ap(apdev[0], params)
417 params = ft_params2(ssid=ssid, passphrase=passphrase)
418 params['ft_over_ds'] = '0'
419 hapd1 = hostapd.add_ap(apdev[1], params)
420
421 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
422 fail_test=True)
423
473e5176
MB		 424def test_ap_ft_vlan_over_ds(dev, apdev):
425 """WPA2-PSK-FT AP over DS with VLAN"""
426 ssid = "test-ft"
427 passphrase="12345678"
428
429 params = ft_params1(ssid=ssid, passphrase=passphrase)
430 params['dynamic_vlan'] = "1";
431 params['accept_mac_file'] = "hostapd.accept";
432 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
433 params = ft_params2(ssid=ssid, passphrase=passphrase)
434 params['dynamic_vlan'] = "1";
435 params['accept_mac_file'] = "hostapd.accept";
436 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
437
438 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
439 conndev="brvlan1")
440 check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"),
441 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4") ])
442
40602101
JM		 443def test_ap_ft_over_ds_many(dev, apdev):
444 """WPA2-PSK-FT AP over DS multiple times"""
445 ssid = "test-ft"
446 passphrase="12345678"
447
448 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 449 hapd0 = hostapd.add_ap(apdev[0], params)
40602101 450 params = ft_params2(ssid=ssid, passphrase=passphrase)
8b8a1864 451 hapd1 = hostapd.add_ap(apdev[1], params)
40602101 452
a8375c94
JM		 453 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
454 roams=50)
40602101 455
473e5176
MB		 456def test_ap_ft_vlan_over_ds_many(dev, apdev):
457 """WPA2-PSK-FT AP over DS with VLAN multiple times"""
458 ssid = "test-ft"
459 passphrase="12345678"
460
461 params = ft_params1(ssid=ssid, passphrase=passphrase)
462 params['dynamic_vlan'] = "1";
463 params['accept_mac_file'] = "hostapd.accept";
464 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
465 params = ft_params2(ssid=ssid, passphrase=passphrase)
466 params['dynamic_vlan'] = "1";
467 params['accept_mac_file'] = "hostapd.accept";
468 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
469
470 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
471 roams=50, conndev="brvlan1")
472
9fd6804d 473@remote_compatible
c337d07a
JM		 474def test_ap_ft_over_ds_unknown_target(dev, apdev):
475 """WPA2-PSK-FT AP"""
476 ssid = "test-ft"
477 passphrase="12345678"
478
479 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 480 hapd0 = hostapd.add_ap(apdev[0], params)
c337d07a
JM		 481
482 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
483 scan_freq="2412")
484 dev[0].roam_over_ds("02:11:22:33:44:55", fail_test=True)
485
9fd6804d 486@remote_compatible
211bb7c5
JM		 487def test_ap_ft_over_ds_unexpected(dev, apdev):
488 """WPA2-PSK-FT AP over DS and unexpected response"""
489 ssid = "test-ft"
490 passphrase="12345678"
491
492 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 493 hapd0 = hostapd.add_ap(apdev[0], params)
211bb7c5 494 params = ft_params2(ssid=ssid, passphrase=passphrase)
8b8a1864 495 hapd1 = hostapd.add_ap(apdev[1], params)
211bb7c5
JM		 496
497 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
498 scan_freq="2412")
499 if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
500 ap1 = apdev[0]
501 ap2 = apdev[1]
502 hapd1ap = hapd0
503 hapd2ap = hapd1
504 else:
505 ap1 = apdev[1]
506 ap2 = apdev[0]
507 hapd1ap = hapd1
508 hapd2ap = hapd0
509
510 addr = dev[0].own_addr()
511 hapd1ap.set("ext_mgmt_frame_handling", "1")
512 logger.info("Foreign STA address")
513 msg = {}
514 msg['fc'] = 13 << 4
515 msg['da'] = addr
516 msg['sa'] = ap1['bssid']
517 msg['bssid'] = ap1['bssid']
518 msg['payload'] = binascii.unhexlify("06021122334455660102030405060000")
519 hapd1ap.mgmt_tx(msg)
520
521 logger.info("No over-the-DS in progress")
522 msg['payload'] = binascii.unhexlify("0602" + addr.replace(':', '') + "0102030405060000")
523 hapd1ap.mgmt_tx(msg)
524
525 logger.info("Non-zero status code")
526 msg['payload'] = binascii.unhexlify("0602" + addr.replace(':', '') + "0102030405060100")
527 hapd1ap.mgmt_tx(msg)
528
529 hapd1ap.dump_monitor()
530
531 dev[0].scan_for_bss(ap2['bssid'], freq="2412")
532 if "OK" not in dev[0].request("FT_DS " + ap2['bssid']):
533 raise Exception("FT_DS failed")
534
535 req = hapd1ap.mgmt_rx()
536
537 logger.info("Foreign Target AP")
538 msg['payload'] = binascii.unhexlify("0602" + addr.replace(':', '') + "0102030405060000")
539 hapd1ap.mgmt_tx(msg)
540
541 addrs = addr.replace(':', '') + ap2['bssid'].replace(':', '')
542
543 logger.info("No IEs")
544 msg['payload'] = binascii.unhexlify("0602" + addrs + "0000")
545 hapd1ap.mgmt_tx(msg)
546
547 logger.info("Invalid IEs (trigger parsing failure)")
548 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003700")
549 hapd1ap.mgmt_tx(msg)
550
551 logger.info("Too short MDIE")
552 msg['payload'] = binascii.unhexlify("0602" + addrs + "000036021122")
553 hapd1ap.mgmt_tx(msg)
554
555 logger.info("Mobility domain mismatch")
556 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603112201")
557 hapd1ap.mgmt_tx(msg)
558
559 logger.info("No FTIE")
560 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201")
561 hapd1ap.mgmt_tx(msg)
562
563 logger.info("FTIE SNonce mismatch")
564 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "1000000000000000000000000000000000000000000000000000000000000001" + "030a6e6173322e77312e6669")
565 hapd1ap.mgmt_tx(msg)
566
567 logger.info("No R0KH-ID subelem in FTIE")
568 snonce = binascii.hexlify(req['payload'][111:111+32])
569 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b20137520000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce)
570 hapd1ap.mgmt_tx(msg)
571
572 logger.info("No R0KH-ID subelem mismatch in FTIE")
573 snonce = binascii.hexlify(req['payload'][111:111+32])
574 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce + "030a11223344556677889900")
575 hapd1ap.mgmt_tx(msg)
576
577 logger.info("No R1KH-ID subelem in FTIE")
578 r0khid = binascii.hexlify(req['payload'][145:145+10])
579 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce + "030a" + r0khid)
580 hapd1ap.mgmt_tx(msg)
581
582 logger.info("No RSNE")
583 r0khid = binascii.hexlify(req['payload'][145:145+10])
584 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b20137660000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce + "030a" + r0khid + "0106000102030405")
585 hapd1ap.mgmt_tx(msg)
586
b553eab1
JM		 587def test_ap_ft_pmf_over_ds(dev, apdev):
588 """WPA2-PSK-FT AP over DS with PMF"""
589 ssid = "test-ft"
590 passphrase="12345678"
591
592 params = ft_params1(ssid=ssid, passphrase=passphrase)
bc6e3288 593 params["ieee80211w"] = "2"
8b8a1864 594 hapd0 = hostapd.add_ap(apdev[0], params)
b553eab1 595 params = ft_params2(ssid=ssid, passphrase=passphrase)
bc6e3288 596 params["ieee80211w"] = "2"
8b8a1864 597 hapd1 = hostapd.add_ap(apdev[1], params)
b553eab1 598
a8375c94 599 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True)
6e658cc4 600
aaba98d3
JM		 601def test_ap_ft_over_ds_pull(dev, apdev):
602 """WPA2-PSK-FT AP over DS (pull PMK)"""
603 ssid = "test-ft"
604 passphrase="12345678"
605
606 params = ft_params1(ssid=ssid, passphrase=passphrase)
607 params["pmk_r1_push"] = "0"
8b8a1864 608 hapd0 = hostapd.add_ap(apdev[0], params)
aaba98d3
JM		 609 params = ft_params2(ssid=ssid, passphrase=passphrase)
610 params["pmk_r1_push"] = "0"
8b8a1864 611 hapd1 = hostapd.add_ap(apdev[1], params)
aaba98d3 612
a8375c94 613 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True)
aaba98d3 614
c95dd8e4
JM		 615def test_ap_ft_over_ds_pull_old_key(dev, apdev):
616 """WPA2-PSK-FT AP over DS (pull PMK; old key)"""
617 ssid = "test-ft"
618 passphrase="12345678"
619
620 params = ft_params1_old_key(ssid=ssid, passphrase=passphrase)
621 params["pmk_r1_push"] = "0"
622 hapd0 = hostapd.add_ap(apdev[0], params)
623 params = ft_params2_old_key(ssid=ssid, passphrase=passphrase)
624 params["pmk_r1_push"] = "0"
625 hapd1 = hostapd.add_ap(apdev[1], params)
626
627 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True)
628
473e5176
MB		 629def test_ap_ft_over_ds_pull_vlan(dev, apdev):
630 """WPA2-PSK-FT AP over DS (pull PMK) with VLAN"""
631 ssid = "test-ft"
632 passphrase="12345678"
633
634 params = ft_params1(ssid=ssid, passphrase=passphrase)
635 params["pmk_r1_push"] = "0"
636 params['dynamic_vlan'] = "1";
637 params['accept_mac_file'] = "hostapd.accept";
638 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
639 params = ft_params2(ssid=ssid, passphrase=passphrase)
640 params["pmk_r1_push"] = "0"
641 params['dynamic_vlan'] = "1";
642 params['accept_mac_file'] = "hostapd.accept";
643 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
644
645 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
646 conndev="brvlan1")
647
6e658cc4
JM		 648def test_ap_ft_sae(dev, apdev):
649 """WPA2-PSK-FT-SAE AP"""
b9749b6a
JM		 650 if "SAE" not in dev[0].get_capability("auth_alg"):
651 raise HwsimSkip("SAE not supported")
6e658cc4
JM		 652 ssid = "test-ft"
653 passphrase="12345678"
654
655 params = ft_params1(ssid=ssid, passphrase=passphrase)
656 params['wpa_key_mgmt'] = "FT-SAE"
8b8a1864 657 hapd0 = hostapd.add_ap(apdev[0], params)
6e658cc4
JM		 658 params = ft_params2(ssid=ssid, passphrase=passphrase)
659 params['wpa_key_mgmt'] = "FT-SAE"
8b8a1864 660 hapd = hostapd.add_ap(apdev[1], params)
65038313
JM		 661 key_mgmt = hapd.get_config()['key_mgmt']
662 if key_mgmt.split(' ')[0] != "FT-SAE":
663 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
6e658cc4 664
17ffdf39 665 dev[0].request("SET sae_groups ")
a8375c94 666 run_roams(dev[0], apdev, hapd0, hapd, ssid, passphrase, sae=True)
6e658cc4
JM		 667
668def test_ap_ft_sae_over_ds(dev, apdev):
669 """WPA2-PSK-FT-SAE AP over DS"""
b9749b6a
JM		 670 if "SAE" not in dev[0].get_capability("auth_alg"):
671 raise HwsimSkip("SAE not supported")
6e658cc4
JM		 672 ssid = "test-ft"
673 passphrase="12345678"
674
675 params = ft_params1(ssid=ssid, passphrase=passphrase)
676 params['wpa_key_mgmt'] = "FT-SAE"
8b8a1864 677 hapd0 = hostapd.add_ap(apdev[0], params)
6e658cc4
JM		 678 params = ft_params2(ssid=ssid, passphrase=passphrase)
679 params['wpa_key_mgmt'] = "FT-SAE"
8b8a1864 680 hapd1 = hostapd.add_ap(apdev[1], params)
6e658cc4 681
17ffdf39 682 dev[0].request("SET sae_groups ")
a8375c94
JM		 683 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, sae=True,
684 over_ds=True)
6f62809b 685
d269740a
MB		 686def generic_ap_ft_eap(dev, apdev, vlan=False, cui=False, over_ds=False,
687 discovery=False, roams=1):
6f62809b
JM		 688 ssid = "test-ft"
689 passphrase="12345678"
9c50a6d3
MB		 690 if vlan:
691 identity="gpsk-vlan1"
692 conndev="brvlan1"
d269740a
MB		 693 elif cui:
694 identity="gpsk-cui"
695 conndev=False
9c50a6d3
MB		 696 else:
697 identity="gpsk user"
698 conndev=False
6f62809b
JM		 699
700 radius = hostapd.radius_params()
942b52a8 701 params = ft_params1(ssid=ssid, passphrase=passphrase, discovery=discovery)
6f62809b
JM		 702 params['wpa_key_mgmt'] = "FT-EAP"
703 params["ieee8021x"] = "1"
9c50a6d3
MB		 704 if vlan:
705 params["dynamic_vlan"] = "1"
6f62809b 706 params = dict(radius.items() + params.items())
8b8a1864 707 hapd = hostapd.add_ap(apdev[0], params)
65038313
JM		 708 key_mgmt = hapd.get_config()['key_mgmt']
709 if key_mgmt.split(' ')[0] != "FT-EAP":
710 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
942b52a8 711 params = ft_params2(ssid=ssid, passphrase=passphrase, discovery=discovery)
6f62809b
JM		 712 params['wpa_key_mgmt'] = "FT-EAP"
713 params["ieee8021x"] = "1"
9c50a6d3
MB		 714 if vlan:
715 params["dynamic_vlan"] = "1"
6f62809b 716 params = dict(radius.items() + params.items())
8b8a1864 717 hapd1 = hostapd.add_ap(apdev[1], params)
6f62809b 718
942b52a8 719 run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True,
9c50a6d3
MB		 720 over_ds=over_ds, roams=roams, eap_identity=identity,
721 conndev=conndev)
91bc6c36
JM		 722 if "[WPA2-FT/EAP-CCMP]" not in dev[0].request("SCAN_RESULTS"):
723 raise Exception("Scan results missing RSN element info")
eaf3f9b1
JM		 724 check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-3"),
725 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-3") ])
aaba98d3 726
4013d688
JM		 727 # Verify EAPOL reauthentication after FT protocol
728 if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
729 ap = hapd
730 else:
731 ap = hapd1
732 ap.request("EAPOL_REAUTH " + dev[0].own_addr())
733 ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)
734 if ev is None:
735 raise Exception("EAP authentication did not start")
736 ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=5)
737 if ev is None:
738 raise Exception("EAP authentication did not succeed")
739 time.sleep(0.1)
9c50a6d3
MB		 740 if conndev:
741 hwsim_utils.test_connectivity_iface(dev[0], ap, conndev)
742 else:
743 hwsim_utils.test_connectivity(dev[0], ap)
4013d688 744
942b52a8
MB		 745def test_ap_ft_eap(dev, apdev):
746 """WPA2-EAP-FT AP"""
747 generic_ap_ft_eap(dev, apdev)
748
d269740a
MB		 749def test_ap_ft_eap_cui(dev, apdev):
750 """WPA2-EAP-FT AP with CUI"""
751 generic_ap_ft_eap(dev, apdev, vlan=False, cui=True)
752
9c50a6d3
MB		 753def test_ap_ft_eap_vlan(dev, apdev):
754 """WPA2-EAP-FT AP with VLAN"""
755 generic_ap_ft_eap(dev, apdev, vlan=True)
756
757def test_ap_ft_eap_vlan_multi(dev, apdev):
758 """WPA2-EAP-FT AP with VLAN"""
759 generic_ap_ft_eap(dev, apdev, vlan=True, roams=50)
760
942b52a8
MB		 761def test_ap_ft_eap_over_ds(dev, apdev):
762 """WPA2-EAP-FT AP using over-the-DS"""
763 generic_ap_ft_eap(dev, apdev, over_ds=True)
764
765def test_ap_ft_eap_dis(dev, apdev):
766 """WPA2-EAP-FT AP with AP discovery"""
767 generic_ap_ft_eap(dev, apdev, discovery=True)
768
769def test_ap_ft_eap_dis_over_ds(dev, apdev):
770 """WPA2-EAP-FT AP with AP discovery and over-the-DS"""
771 generic_ap_ft_eap(dev, apdev, over_ds=True, discovery=True)
772
9c50a6d3
MB		 773def test_ap_ft_eap_vlan(dev, apdev):
774 """WPA2-EAP-FT AP with VLAN"""
775 generic_ap_ft_eap(dev, apdev, vlan=True)
776
777def test_ap_ft_eap_vlan_multi(dev, apdev):
778 """WPA2-EAP-FT AP with VLAN"""
779 generic_ap_ft_eap(dev, apdev, vlan=True, roams=50)
780
781def test_ap_ft_eap_vlan_over_ds(dev, apdev):
782 """WPA2-EAP-FT AP with VLAN + over_ds"""
783 generic_ap_ft_eap(dev, apdev, vlan=True, over_ds=True)
784
785def test_ap_ft_eap_vlan_over_ds_multi(dev, apdev):
786 """WPA2-EAP-FT AP with VLAN + over_ds"""
787 generic_ap_ft_eap(dev, apdev, vlan=True, over_ds=True, roams=50)
788
789def generic_ap_ft_eap_pull(dev, apdev, vlan=False):
aaba98d3
JM		 790 """WPA2-EAP-FT AP (pull PMK)"""
791 ssid = "test-ft"
792 passphrase="12345678"
9c50a6d3
MB		 793 if vlan:
794 identity="gpsk-vlan1"
795 conndev="brvlan1"
796 else:
797 identity="gpsk user"
798 conndev=False
aaba98d3
JM		 799
800 radius = hostapd.radius_params()
801 params = ft_params1(ssid=ssid, passphrase=passphrase)
802 params['wpa_key_mgmt'] = "FT-EAP"
803 params["ieee8021x"] = "1"
804 params["pmk_r1_push"] = "0"
9c50a6d3
MB		 805 if vlan:
806 params["dynamic_vlan"] = "1"
aaba98d3 807 params = dict(radius.items() + params.items())
8b8a1864 808 hapd = hostapd.add_ap(apdev[0], params)
aaba98d3
JM		 809 key_mgmt = hapd.get_config()['key_mgmt']
810 if key_mgmt.split(' ')[0] != "FT-EAP":
811 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
812 params = ft_params2(ssid=ssid, passphrase=passphrase)
813 params['wpa_key_mgmt'] = "FT-EAP"
814 params["ieee8021x"] = "1"
815 params["pmk_r1_push"] = "0"
9c50a6d3
MB		 816 if vlan:
817 params["dynamic_vlan"] = "1"
aaba98d3 818 params = dict(radius.items() + params.items())
8b8a1864 819 hapd1 = hostapd.add_ap(apdev[1], params)
aaba98d3 820
9c50a6d3
MB		 821 run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True,
822 eap_identity=identity, conndev=conndev)
823
824def test_ap_ft_eap_pull(dev, apdev):
825 """WPA2-EAP-FT AP (pull PMK)"""
826 generic_ap_ft_eap_pull(dev, apdev)
827
828def test_ap_ft_eap_pull_vlan(dev, apdev):
829 generic_ap_ft_eap_pull(dev, apdev, vlan=True)
3b808945 830
f81c1411
JM		 831def test_ap_ft_eap_pull_wildcard(dev, apdev):
832 """WPA2-EAP-FT AP (pull PMK) - wildcard R0KH/R1KH"""
833 ssid = "test-ft"
834 passphrase="12345678"
835
836 radius = hostapd.radius_params()
837 params = ft_params1(ssid=ssid, passphrase=passphrase, discovery=True)
838 params['wpa_key_mgmt'] = "WPA-EAP FT-EAP"
839 params["ieee8021x"] = "1"
840 params["pmk_r1_push"] = "0"
841 params["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
842 params["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
843 params["ft_psk_generate_local"] = "1"
844 params["eap_server"] = "0"
845 params = dict(radius.items() + params.items())
846 hapd = hostapd.add_ap(apdev[0], params)
847 params = ft_params2(ssid=ssid, passphrase=passphrase, discovery=True)
848 params['wpa_key_mgmt'] = "WPA-EAP FT-EAP"
849 params["ieee8021x"] = "1"
850 params["pmk_r1_push"] = "0"
851 params["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
852 params["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
853 params["ft_psk_generate_local"] = "1"
854 params["eap_server"] = "0"
855 params = dict(radius.items() + params.items())
856 hapd1 = hostapd.add_ap(apdev[1], params)
857
858 run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True)
859
9fd6804d 860@remote_compatible
3b808945
JM		 861def test_ap_ft_mismatching_rrb_key_push(dev, apdev):
862 """WPA2-PSK-FT AP over DS with mismatching RRB key (push)"""
863 ssid = "test-ft"
864 passphrase="12345678"
865
866 params = ft_params1(ssid=ssid, passphrase=passphrase)
bc6e3288 867 params["ieee80211w"] = "2"
8b8a1864 868 hapd0 = hostapd.add_ap(apdev[0], params)
3b808945 869 params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase)
bc6e3288 870 params["ieee80211w"] = "2"
8b8a1864 871 hapd1 = hostapd.add_ap(apdev[1], params)
3b808945 872
a8375c94
JM		 873 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
874 fail_test=True)
3b808945 875
9fd6804d 876@remote_compatible
3b808945
JM		 877def test_ap_ft_mismatching_rrb_key_pull(dev, apdev):
878 """WPA2-PSK-FT AP over DS with mismatching RRB key (pull)"""
879 ssid = "test-ft"
880 passphrase="12345678"
881
882 params = ft_params1(ssid=ssid, passphrase=passphrase)
883 params["pmk_r1_push"] = "0"
8b8a1864 884 hapd0 = hostapd.add_ap(apdev[0], params)
3b808945
JM		 885 params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase)
886 params["pmk_r1_push"] = "0"
8b8a1864 887 hapd1 = hostapd.add_ap(apdev[1], params)
3b808945 888
a8375c94
JM		 889 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
890 fail_test=True)
3b808945 891
9fd6804d 892@remote_compatible
ae14a2e2
JM		 893def test_ap_ft_mismatching_r0kh_id_pull(dev, apdev):
894 """WPA2-PSK-FT AP over DS with mismatching R0KH-ID (pull)"""
895 ssid = "test-ft"
896 passphrase="12345678"
897
898 params = ft_params1(ssid=ssid, passphrase=passphrase)
899 params["pmk_r1_push"] = "0"
900 params["nas_identifier"] = "nas0.w1.fi"
8b8a1864 901 hostapd.add_ap(apdev[0], params)
2f816c21
JM		 902 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
903 scan_freq="2412")
ae14a2e2
JM		 904
905 params = ft_params2(ssid=ssid, passphrase=passphrase)
906 params["pmk_r1_push"] = "0"
8b8a1864 907 hostapd.add_ap(apdev[1], params)
ae14a2e2
JM		 908
909 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
910 dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True)
911
9fd6804d 912@remote_compatible
3b808945
JM		 913def test_ap_ft_mismatching_rrb_r0kh_push(dev, apdev):
914 """WPA2-PSK-FT AP over DS with mismatching R0KH key (push)"""
915 ssid = "test-ft"
916 passphrase="12345678"
917
918 params = ft_params1(ssid=ssid, passphrase=passphrase)
bc6e3288 919 params["ieee80211w"] = "2"
8b8a1864 920 hapd0 = hostapd.add_ap(apdev[0], params)
3b808945 921 params = ft_params2_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
bc6e3288 922 params["ieee80211w"] = "2"
8b8a1864 923 hapd1 = hostapd.add_ap(apdev[1], params)
3b808945 924
a8375c94
JM		 925 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
926 fail_test=True)
3b808945 927
9fd6804d 928@remote_compatible
3b808945
JM		 929def test_ap_ft_mismatching_rrb_r0kh_pull(dev, apdev):
930 """WPA2-PSK-FT AP over DS with mismatching R0KH key (pull)"""
931 ssid = "test-ft"
932 passphrase="12345678"
933
934 params = ft_params1_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
935 params["pmk_r1_push"] = "0"
8b8a1864 936 hapd0 = hostapd.add_ap(apdev[0], params)
3b808945
JM		 937 params = ft_params2(ssid=ssid, passphrase=passphrase)
938 params["pmk_r1_push"] = "0"
8b8a1864 939 hapd1 = hostapd.add_ap(apdev[1], params)
3b808945 940
a8375c94
JM		 941 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
942 fail_test=True)
c6b6e105 943
150948e6
MB		 944def test_ap_ft_mismatching_rrb_key_push_eap(dev, apdev):
945 """WPA2-EAP-FT AP over DS with mismatching RRB key (push)"""
946 ssid = "test-ft"
947 passphrase="12345678"
948
949 radius = hostapd.radius_params()
950 params = ft_params1(ssid=ssid, passphrase=passphrase)
951 params["ieee80211w"] = "2";
952 params['wpa_key_mgmt'] = "FT-EAP"
953 params["ieee8021x"] = "1"
954 params = dict(radius.items() + params.items())
b098542c 955 hapd0 = hostapd.add_ap(apdev[0], params)
150948e6
MB		 956 params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase)
957 params["ieee80211w"] = "2";
958 params['wpa_key_mgmt'] = "FT-EAP"
959 params["ieee8021x"] = "1"
960 params = dict(radius.items() + params.items())
b098542c 961 hapd1 = hostapd.add_ap(apdev[1], params)
150948e6
MB		 962
963 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
964 fail_test=True, eap=True)
965
966def test_ap_ft_mismatching_rrb_key_pull_eap(dev, apdev):
967 """WPA2-EAP-FT AP over DS with mismatching RRB key (pull)"""
968 ssid = "test-ft"
969 passphrase="12345678"
970
971 radius = hostapd.radius_params()
972 params = ft_params1(ssid=ssid, passphrase=passphrase)
973 params["pmk_r1_push"] = "0"
974 params['wpa_key_mgmt'] = "FT-EAP"
975 params["ieee8021x"] = "1"
976 params = dict(radius.items() + params.items())
b098542c 977 hapd0 = hostapd.add_ap(apdev[0], params)
150948e6
MB		 978 params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase)
979 params["pmk_r1_push"] = "0"
980 params['wpa_key_mgmt'] = "FT-EAP"
981 params["ieee8021x"] = "1"
982 params = dict(radius.items() + params.items())
b098542c 983 hapd1 = hostapd.add_ap(apdev[1], params)
150948e6
MB		 984
985 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
986 fail_test=True, eap=True)
987
988def test_ap_ft_mismatching_r0kh_id_pull_eap(dev, apdev):
989 """WPA2-EAP-FT AP over DS with mismatching R0KH-ID (pull)"""
990 ssid = "test-ft"
991 passphrase="12345678"
992
993 radius = hostapd.radius_params()
994 params = ft_params1(ssid=ssid, passphrase=passphrase)
995 params["pmk_r1_push"] = "0"
996 params["nas_identifier"] = "nas0.w1.fi"
997 params['wpa_key_mgmt'] = "FT-EAP"
998 params["ieee8021x"] = "1"
999 params = dict(radius.items() + params.items())
b098542c 1000 hostapd.add_ap(apdev[0], params)
150948e6
MB		 1001 dev[0].connect(ssid, key_mgmt="FT-EAP", proto="WPA2", ieee80211w="1",
1002 eap="GPSK", identity="gpsk user",
1003 password="abcdefghijklmnop0123456789abcdef",
1004 scan_freq="2412")
1005
1006 params = ft_params2(ssid=ssid, passphrase=passphrase)
1007 params["pmk_r1_push"] = "0"
1008 params['wpa_key_mgmt'] = "FT-EAP"
1009 params["ieee8021x"] = "1"
1010 params = dict(radius.items() + params.items())
b098542c 1011 hostapd.add_ap(apdev[1], params)
150948e6
MB		 1012
1013 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
1014 dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True)
1015
1016def test_ap_ft_mismatching_rrb_r0kh_push_eap(dev, apdev):
1017 """WPA2-EAP-FT AP over DS with mismatching R0KH key (push)"""
1018 ssid = "test-ft"
1019 passphrase="12345678"
1020
1021 radius = hostapd.radius_params()
1022 params = ft_params1(ssid=ssid, passphrase=passphrase)
1023 params["ieee80211w"] = "2";
1024 params['wpa_key_mgmt'] = "FT-EAP"
1025 params["ieee8021x"] = "1"
1026 params = dict(radius.items() + params.items())
b098542c 1027 hapd0 = hostapd.add_ap(apdev[0], params)
150948e6
MB		 1028 params = ft_params2_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
1029 params["ieee80211w"] = "2";
1030 params['wpa_key_mgmt'] = "FT-EAP"
1031 params["ieee8021x"] = "1"
1032 params = dict(radius.items() + params.items())
b098542c 1033 hapd1 = hostapd.add_ap(apdev[1], params)
150948e6
MB		 1034
1035 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
1036 fail_test=True, eap=True)
1037
1038def test_ap_ft_mismatching_rrb_r0kh_pull_eap(dev, apdev):
1039 """WPA2-EAP-FT AP over DS with mismatching R0KH key (pull)"""
1040 ssid = "test-ft"
1041 passphrase="12345678"
1042
1043 radius = hostapd.radius_params()
1044 params = ft_params1_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
1045 params["pmk_r1_push"] = "0"
1046 params['wpa_key_mgmt'] = "FT-EAP"
1047 params["ieee8021x"] = "1"
1048 params = dict(radius.items() + params.items())
b098542c 1049 hapd0 = hostapd.add_ap(apdev[0], params)
150948e6
MB		 1050 params = ft_params2(ssid=ssid, passphrase=passphrase)
1051 params["pmk_r1_push"] = "0"
1052 params['wpa_key_mgmt'] = "FT-EAP"
1053 params["ieee8021x"] = "1"
1054 params = dict(radius.items() + params.items())
b098542c 1055 hapd1 = hostapd.add_ap(apdev[1], params)
150948e6
MB		 1056
1057 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
1058 fail_test=True, eap=True)
1059
c6b6e105
JM		 1060def test_ap_ft_gtk_rekey(dev, apdev):
1061 """WPA2-PSK-FT AP and GTK rekey"""
1062 ssid = "test-ft"
1063 passphrase="12345678"
1064
1065 params = ft_params1(ssid=ssid, passphrase=passphrase)
1066 params['wpa_group_rekey'] = '1'
8b8a1864 1067 hapd = hostapd.add_ap(apdev[0], params)
c6b6e105
JM		 1068
1069 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2f816c21 1070 ieee80211w="1", scan_freq="2412")
c6b6e105
JM		 1071
1072 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
1073 if ev is None:
1074 raise Exception("GTK rekey timed out after initial association")
a8375c94 1075 hwsim_utils.test_connectivity(dev[0], hapd)
c6b6e105
JM		 1076
1077 params = ft_params2(ssid=ssid, passphrase=passphrase)
1078 params['wpa_group_rekey'] = '1'
8b8a1864 1079 hapd1 = hostapd.add_ap(apdev[1], params)
c6b6e105
JM		 1080
1081 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
1082 dev[0].roam(apdev[1]['bssid'])
1083 if dev[0].get_status_field('bssid') != apdev[1]['bssid']:
1084 raise Exception("Did not connect to correct AP")
a8375c94 1085 hwsim_utils.test_connectivity(dev[0], hapd1)
c6b6e105
JM		 1086
1087 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
1088 if ev is None:
1089 raise Exception("GTK rekey timed out after FT protocol")
a8375c94 1090 hwsim_utils.test_connectivity(dev[0], hapd1)
5b3c40a6
JM		 1091
1092def test_ft_psk_key_lifetime_in_memory(dev, apdev, params):
1093 """WPA2-PSK-FT and key lifetime in memory"""
1094 ssid = "test-ft"
1095 passphrase="04c2726b4b8d5f1b4db9c07aa4d9e9d8f765cb5d25ec817e6cc4fcdd5255db0"
1096 psk = '93c90846ff67af9037ed83fb72b63dbeddaa81d47f926c20909b5886f1d9358d'
1097 pmk = binascii.unhexlify(psk)
1098 p = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 1099 hapd0 = hostapd.add_ap(apdev[0], p)
5b3c40a6 1100 p = ft_params2(ssid=ssid, passphrase=passphrase)
8b8a1864 1101 hapd1 = hostapd.add_ap(apdev[1], p)
5b3c40a6
JM		 1102
1103 pid = find_wpas_process(dev[0])
1104
1105 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1106 scan_freq="2412")
8e416cec
JM		 1107 # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
1108 # event has been delivered, so verify that wpa_supplicant has returned to
1109 # eloop before reading process memory.
54f2cae2 1110 time.sleep(1)
8e416cec 1111 dev[0].ping()
5b3c40a6
JM		 1112
1113 buf = read_process_memory(pid, pmk)
1114
1115 dev[0].request("DISCONNECT")
1116 dev[0].wait_disconnected()
1117
1118 dev[0].relog()
1119 pmkr0 = None
1120 pmkr1 = None
1121 ptk = None
1122 gtk = None
1123 with open(os.path.join(params['logdir'], 'log0'), 'r') as f:
1124 for l in f.readlines():
1125 if "FT: PMK-R0 - hexdump" in l:
1126 val = l.strip().split(':')[3].replace(' ', '')
1127 pmkr0 = binascii.unhexlify(val)
1128 if "FT: PMK-R1 - hexdump" in l:
1129 val = l.strip().split(':')[3].replace(' ', '')
1130 pmkr1 = binascii.unhexlify(val)
f918b95b 1131 if "FT: KCK - hexdump" in l:
5b3c40a6 1132 val = l.strip().split(':')[3].replace(' ', '')
f918b95b
JM		 1133 kck = binascii.unhexlify(val)
1134 if "FT: KEK - hexdump" in l:
1135 val = l.strip().split(':')[3].replace(' ', '')
1136 kek = binascii.unhexlify(val)
1137 if "FT: TK - hexdump" in l:
1138 val = l.strip().split(':')[3].replace(' ', '')
1139 tk = binascii.unhexlify(val)
5b3c40a6
JM		 1140 if "WPA: Group Key - hexdump" in l:
1141 val = l.strip().split(':')[3].replace(' ', '')
1142 gtk = binascii.unhexlify(val)
f918b95b 1143 if not pmkr0 or not pmkr1 or not kck or not kek or not tk or not gtk:
5b3c40a6
JM		 1144 raise Exception("Could not find keys from debug log")
1145 if len(gtk) != 16:
1146 raise Exception("Unexpected GTK length")
1147
5b3c40a6
JM		 1148 logger.info("Checking keys in memory while associated")
1149 get_key_locations(buf, pmk, "PMK")
1150 get_key_locations(buf, pmkr0, "PMK-R0")
1151 get_key_locations(buf, pmkr1, "PMK-R1")
1152 if pmk not in buf:
81e787b7 1153 raise HwsimSkip("PMK not found while associated")
5b3c40a6 1154 if pmkr0 not in buf:
81e787b7 1155 raise HwsimSkip("PMK-R0 not found while associated")
5b3c40a6 1156 if pmkr1 not in buf:
81e787b7 1157 raise HwsimSkip("PMK-R1 not found while associated")
5b3c40a6
JM		 1158 if kck not in buf:
1159 raise Exception("KCK not found while associated")
1160 if kek not in buf:
1161 raise Exception("KEK not found while associated")
b74f82a4
JM		 1162 #if tk in buf:
1163 # raise Exception("TK found from memory")
5b3c40a6
JM		 1164
1165 logger.info("Checking keys in memory after disassociation")
1166 buf = read_process_memory(pid, pmk)
1167 get_key_locations(buf, pmk, "PMK")
1168 get_key_locations(buf, pmkr0, "PMK-R0")
1169 get_key_locations(buf, pmkr1, "PMK-R1")
1170
1171 # Note: PMK/PSK is still present in network configuration
1172
1173 fname = os.path.join(params['logdir'],
1174 'ft_psk_key_lifetime_in_memory.memctx-')
1175 verify_not_present(buf, pmkr0, fname, "PMK-R0")
1176 verify_not_present(buf, pmkr1, fname, "PMK-R1")
1177 verify_not_present(buf, kck, fname, "KCK")
1178 verify_not_present(buf, kek, fname, "KEK")
1179 verify_not_present(buf, tk, fname, "TK")
6db556b2
JM		 1180 if gtk in buf:
1181 get_key_locations(buf, gtk, "GTK")
5b3c40a6
JM		 1182 verify_not_present(buf, gtk, fname, "GTK")
1183
1184 dev[0].request("REMOVE_NETWORK all")
1185
1186 logger.info("Checking keys in memory after network profile removal")
1187 buf = read_process_memory(pid, pmk)
1188 get_key_locations(buf, pmk, "PMK")
1189 get_key_locations(buf, pmkr0, "PMK-R0")
1190 get_key_locations(buf, pmkr1, "PMK-R1")
1191
1192 verify_not_present(buf, pmk, fname, "PMK")
1193 verify_not_present(buf, pmkr0, fname, "PMK-R0")
1194 verify_not_present(buf, pmkr1, fname, "PMK-R1")
1195 verify_not_present(buf, kck, fname, "KCK")
1196 verify_not_present(buf, kek, fname, "KEK")
1197 verify_not_present(buf, tk, fname, "TK")
1198 verify_not_present(buf, gtk, fname, "GTK")
664093b5 1199
9fd6804d 1200@remote_compatible
664093b5
JM		 1201def test_ap_ft_invalid_resp(dev, apdev):
1202 """WPA2-PSK-FT AP and invalid response IEs"""
1203 ssid = "test-ft"
1204 passphrase="12345678"
1205
1206 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 1207 hapd0 = hostapd.add_ap(apdev[0], params)
664093b5
JM		 1208 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1209 scan_freq="2412")
1210
1211 params = ft_params2(ssid=ssid, passphrase=passphrase)
8b8a1864 1212 hapd1 = hostapd.add_ap(apdev[1], params)
664093b5
JM		 1213
1214 tests = [
1215 # Various IEs for test coverage. The last one is FTIE with invalid
1216 # R1KH-ID subelement.
1217 "020002000000" + "3800" + "38051122334455" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010100",
1218 # FTIE with invalid R0KH-ID subelement (len=0).
1219 "020002000000" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010300",
1220 # FTIE with invalid R0KH-ID subelement (len=49).
1221 "020002000000" + "378500010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001033101020304050607080910111213141516171819202122232425262728293031323334353637383940414243444546474849",
1222 # Invalid RSNE.
1223 "020002000000" + "3000",
1224 # Required IEs missing from protected IE count.
1225 "020002000000" + "3603a1b201" + "375200010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
1226 # RIC missing from protected IE count.
1227 "020002000000" + "3603a1b201" + "375200020203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
1228 # Protected IE missing.
1229 "020002000000" + "3603a1b201" + "375200ff0203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900" + "0000" ]
1230 for t in tests:
1231 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
1232 hapd1.set("ext_mgmt_frame_handling", "1")
1233 hapd1.dump_monitor()
1234 if "OK" not in dev[0].request("ROAM " + apdev[1]['bssid']):
1235 raise Exception("ROAM failed")
1236 auth = None
1237 for i in range(20):
1238 msg = hapd1.mgmt_rx()
1239 if msg['subtype'] == 11:
1240 auth = msg
1241 break
1242 if not auth:
1243 raise Exception("Authentication frame not seen")
1244
1245 resp = {}
1246 resp['fc'] = auth['fc']
1247 resp['da'] = auth['sa']
1248 resp['sa'] = auth['da']
1249 resp['bssid'] = auth['bssid']
1250 resp['payload'] = binascii.unhexlify(t)
1251 hapd1.mgmt_tx(resp)
1252 hapd1.set("ext_mgmt_frame_handling", "0")
1253 dev[0].wait_disconnected()
1254
1255 dev[0].request("RECONNECT")
1256 dev[0].wait_connected()
7b741a53
JM		 1257
1258def test_ap_ft_gcmp_256(dev, apdev):
1259 """WPA2-PSK-FT AP with GCMP-256 cipher"""
1260 if "GCMP-256" not in dev[0].get_capability("pairwise"):
1261 raise HwsimSkip("Cipher GCMP-256 not supported")
1262 ssid = "test-ft"
1263 passphrase="12345678"
1264
1265 params = ft_params1(ssid=ssid, passphrase=passphrase)
1266 params['rsn_pairwise'] = "GCMP-256"
8b8a1864 1267 hapd0 = hostapd.add_ap(apdev[0], params)
7b741a53
JM		 1268 params = ft_params2(ssid=ssid, passphrase=passphrase)
1269 params['rsn_pairwise'] = "GCMP-256"
8b8a1864 1270 hapd1 = hostapd.add_ap(apdev[1], params)
7b741a53
JM		 1271
1272 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase,
1273 pairwise_cipher="GCMP-256", group_cipher="GCMP-256")
cf671d54
JM		 1274
1275def test_ap_ft_oom(dev, apdev):
1276 """WPA2-PSK-FT and OOM"""
38934ed1 1277 skip_with_fips(dev[0])
cf671d54
JM		 1278 ssid = "test-ft"
1279 passphrase="12345678"
1280
1281 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 1282 hapd0 = hostapd.add_ap(apdev[0], params)
cf671d54 1283 params = ft_params2(ssid=ssid, passphrase=passphrase)
8b8a1864 1284 hapd1 = hostapd.add_ap(apdev[1], params)
cf671d54
JM		 1285
1286 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1287 scan_freq="2412")
1288 if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
1289 dst = apdev[1]['bssid']
1290 else:
1291 dst = apdev[0]['bssid']
1292
1293 dev[0].scan_for_bss(dst, freq="2412")
1294 with alloc_fail(dev[0], 1, "wpa_ft_gen_req_ies"):
1295 dev[0].roam(dst)
7cbc8e67 1296 with fail_test(dev[0], 1, "wpa_ft_mic"):
cf671d54
JM		 1297 dev[0].roam(dst, fail_test=True)
1298 with fail_test(dev[0], 1, "os_get_random;wpa_ft_prepare_auth_request"):
1299 dev[0].roam(dst, fail_test=True)
34d3eaa8 1300
dcbb5d80
JM		 1301 dev[0].request("REMOVE_NETWORK all")
1302 with alloc_fail(dev[0], 1, "=sme_update_ft_ies"):
1303 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1304 scan_freq="2412")
1305
682a79f0
JM		 1306def test_ap_ft_ap_oom(dev, apdev):
1307 """WPA2-PSK-FT and AP OOM"""
1308 ssid = "test-ft"
1309 passphrase="12345678"
1310
1311 params = ft_params1(ssid=ssid, passphrase=passphrase)
1312 hapd0 = hostapd.add_ap(apdev[0], params)
1313 bssid0 = hapd0.own_addr()
1314
1315 dev[0].scan_for_bss(bssid0, freq="2412")
1316 with alloc_fail(hapd0, 1, "wpa_ft_store_pmk_r0"):
1317 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1318 scan_freq="2412")
1319
1320 params = ft_params2(ssid=ssid, passphrase=passphrase)
1321 hapd1 = hostapd.add_ap(apdev[1], params)
1322 bssid1 = hapd1.own_addr()
1323 dev[0].scan_for_bss(bssid1, freq="2412")
1324 # This roam will fail due to missing PMK-R0 (OOM prevented storing it)
1325 dev[0].roam(bssid1)
1326
1327def test_ap_ft_ap_oom2(dev, apdev):
1328 """WPA2-PSK-FT and AP OOM 2"""
1329 ssid = "test-ft"
1330 passphrase="12345678"
1331
1332 params = ft_params1(ssid=ssid, passphrase=passphrase)
1333 hapd0 = hostapd.add_ap(apdev[0], params)
1334 bssid0 = hapd0.own_addr()
1335
1336 dev[0].scan_for_bss(bssid0, freq="2412")
1337 with alloc_fail(hapd0, 1, "wpa_ft_store_pmk_r1"):
1338 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1339 scan_freq="2412")
1340
1341 params = ft_params2(ssid=ssid, passphrase=passphrase)
1342 hapd1 = hostapd.add_ap(apdev[1], params)
1343 bssid1 = hapd1.own_addr()
1344 dev[0].scan_for_bss(bssid1, freq="2412")
1345 dev[0].roam(bssid1)
1346 if dev[0].get_status_field('bssid') != bssid1:
1347 raise Exception("Did not roam to AP1")
1348 # This roam will fail due to missing PMK-R1 (OOM prevented storing it)
1349 dev[0].roam(bssid0)
1350
1351def test_ap_ft_ap_oom3(dev, apdev):
1352 """WPA2-PSK-FT and AP OOM 3"""
1353 ssid = "test-ft"
1354 passphrase="12345678"
1355
1356 params = ft_params1(ssid=ssid, passphrase=passphrase)
1357 hapd0 = hostapd.add_ap(apdev[0], params)
1358 bssid0 = hapd0.own_addr()
1359
1360 dev[0].scan_for_bss(bssid0, freq="2412")
1361 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1362 scan_freq="2412")
1363
1364 params = ft_params2(ssid=ssid, passphrase=passphrase)
1365 hapd1 = hostapd.add_ap(apdev[1], params)
1366 bssid1 = hapd1.own_addr()
1367 dev[0].scan_for_bss(bssid1, freq="2412")
1368 with alloc_fail(hapd1, 1, "wpa_ft_pull_pmk_r1"):
1369 # This will fail due to not being able to send out PMK-R1 pull request
1370 dev[0].roam(bssid1)
1371
ba88dd65 1372 with fail_test(hapd1, 2, "os_get_random;wpa_ft_pull_pmk_r1"):
682a79f0
JM		 1373 # This will fail due to not being able to send out PMK-R1 pull request
1374 dev[0].roam(bssid1)
1375
ba88dd65
MB		 1376 with fail_test(hapd1, 2, "aes_siv_encrypt;wpa_ft_pull_pmk_r1"):
1377 # This will fail due to not being able to send out PMK-R1 pull request
1378 dev[0].roam(bssid1)
1379
1380def test_ap_ft_ap_oom3b(dev, apdev):
1381 """WPA2-PSK-FT and AP OOM 3b"""
1382 ssid = "test-ft"
1383 passphrase="12345678"
1384
1385 params = ft_params1(ssid=ssid, passphrase=passphrase)
1386 hapd0 = hostapd.add_ap(apdev[0], params)
1387 bssid0 = hapd0.own_addr()
1388
1389 dev[0].scan_for_bss(bssid0, freq="2412")
1390 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1391 scan_freq="2412")
1392
1393 params = ft_params2(ssid=ssid, passphrase=passphrase)
1394 hapd1 = hostapd.add_ap(apdev[1], params)
1395 bssid1 = hapd1.own_addr()
1396 dev[0].scan_for_bss(bssid1, freq="2412")
1397 with fail_test(hapd1, 1, "os_get_random;wpa_ft_pull_pmk_r1"):
682a79f0
JM		 1398 # This will fail due to not being able to send out PMK-R1 pull request
1399 dev[0].roam(bssid1)
1400
1401def test_ap_ft_ap_oom4(dev, apdev):
1402 """WPA2-PSK-FT and AP OOM 4"""
1403 ssid = "test-ft"
1404 passphrase="12345678"
1405
1406 params = ft_params1(ssid=ssid, passphrase=passphrase)
1407 hapd0 = hostapd.add_ap(apdev[0], params)
1408 bssid0 = hapd0.own_addr()
1409
1410 dev[0].scan_for_bss(bssid0, freq="2412")
1411 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1412 scan_freq="2412")
1413
1414 params = ft_params2(ssid=ssid, passphrase=passphrase)
1415 hapd1 = hostapd.add_ap(apdev[1], params)
1416 bssid1 = hapd1.own_addr()
1417 dev[0].scan_for_bss(bssid1, freq="2412")
1418 with alloc_fail(hapd1, 1, "wpa_ft_gtk_subelem"):
1419 dev[0].roam(bssid1)
1420 if dev[0].get_status_field('bssid') != bssid1:
1421 raise Exception("Did not roam to AP1")
1422
1423 with fail_test(hapd0, 1, "wpa_auth_get_seqnum;wpa_ft_gtk_subelem"):
1424 dev[0].roam(bssid0)
1425 if dev[0].get_status_field('bssid') != bssid0:
1426 raise Exception("Did not roam to AP0")
1427
1428 with fail_test(hapd0, 1, "aes_wrap;wpa_ft_gtk_subelem"):
1429 dev[0].roam(bssid1)
1430 if dev[0].get_status_field('bssid') != bssid1:
1431 raise Exception("Did not roam to AP1")
1432
1433def test_ap_ft_ap_oom5(dev, apdev):
1434 """WPA2-PSK-FT and AP OOM 5"""
1435 ssid = "test-ft"
1436 passphrase="12345678"
1437
1438 params = ft_params1(ssid=ssid, passphrase=passphrase)
1439 hapd0 = hostapd.add_ap(apdev[0], params)
1440 bssid0 = hapd0.own_addr()
1441
1442 dev[0].scan_for_bss(bssid0, freq="2412")
1443 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1444 scan_freq="2412")
1445
1446 params = ft_params2(ssid=ssid, passphrase=passphrase)
1447 hapd1 = hostapd.add_ap(apdev[1], params)
1448 bssid1 = hapd1.own_addr()
1449 dev[0].scan_for_bss(bssid1, freq="2412")
1450 with alloc_fail(hapd1, 1, "=wpa_ft_process_auth_req"):
1451 # This will fail to roam
1452 dev[0].roam(bssid1)
1453
1454 with fail_test(hapd1, 1, "os_get_random;wpa_ft_process_auth_req"):
1455 # This will fail to roam
1456 dev[0].roam(bssid1)
1457
1458 with fail_test(hapd1, 1, "sha256_prf_bits;wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
1459 # This will fail to roam
1460 dev[0].roam(bssid1)
1461
1462 with fail_test(hapd1, 3, "wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
1463 # This will fail to roam
1464 dev[0].roam(bssid1)
1465
1466 with fail_test(hapd1, 1, "wpa_derive_pmk_r1_name;wpa_ft_process_auth_req"):
1467 # This will fail to roam
1468 dev[0].roam(bssid1)
1469
1470def test_ap_ft_ap_oom6(dev, apdev):
1471 """WPA2-PSK-FT and AP OOM 6"""
1472 ssid = "test-ft"
1473 passphrase="12345678"
1474
1475 params = ft_params1(ssid=ssid, passphrase=passphrase)
1476 hapd0 = hostapd.add_ap(apdev[0], params)
1477 bssid0 = hapd0.own_addr()
1478
1479 dev[0].scan_for_bss(bssid0, freq="2412")
1480 with fail_test(hapd0, 1, "wpa_derive_pmk_r0;wpa_auth_derive_ptk_ft"):
1481 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1482 scan_freq="2412")
1483 dev[0].request("REMOVE_NETWORK all")
1484 dev[0].wait_disconnected()
1485 with fail_test(hapd0, 1, "wpa_derive_pmk_r1;wpa_auth_derive_ptk_ft"):
1486 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1487 scan_freq="2412")
1488 dev[0].request("REMOVE_NETWORK all")
1489 dev[0].wait_disconnected()
1490 with fail_test(hapd0, 1, "wpa_pmk_r1_to_ptk;wpa_auth_derive_ptk_ft"):
1491 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1492 scan_freq="2412")
1493
1494def test_ap_ft_ap_oom7(dev, apdev):
1495 """WPA2-PSK-FT and AP OOM 7"""
1496 ssid = "test-ft"
1497 passphrase="12345678"
1498
1499 params = ft_params1(ssid=ssid, passphrase=passphrase)
1500 params["ieee80211w"] = "2"
1501 hapd0 = hostapd.add_ap(apdev[0], params)
1502 bssid0 = hapd0.own_addr()
1503
1504 dev[0].scan_for_bss(bssid0, freq="2412")
1505 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1506 ieee80211w="2", scan_freq="2412")
1507
1508 params = ft_params2(ssid=ssid, passphrase=passphrase)
1509 params["ieee80211w"] = "2"
1510 hapd1 = hostapd.add_ap(apdev[1], params)
1511 bssid1 = hapd1.own_addr()
1512 dev[0].scan_for_bss(bssid1, freq="2412")
1513 with alloc_fail(hapd1, 1, "wpa_ft_igtk_subelem"):
1514 # This will fail to roam
1515 dev[0].roam(bssid1)
1516 with fail_test(hapd1, 1, "aes_wrap;wpa_ft_igtk_subelem"):
1517 # This will fail to roam
1518 dev[0].roam(bssid1)
1519 with alloc_fail(hapd1, 1, "=wpa_sm_write_assoc_resp_ies"):
1520 # This will fail to roam
1521 dev[0].roam(bssid1)
1522 with fail_test(hapd1, 1, "wpa_ft_mic;wpa_sm_write_assoc_resp_ies"):
1523 # This will fail to roam
1524 dev[0].roam(bssid1)
1525
1526def test_ap_ft_ap_oom8(dev, apdev):
1527 """WPA2-PSK-FT and AP OOM 8"""
1528 ssid = "test-ft"
1529 passphrase="12345678"
1530
1531 params = ft_params1(ssid=ssid, passphrase=passphrase)
1532 params['ft_psk_generate_local'] = "1";
1533 hapd0 = hostapd.add_ap(apdev[0], params)
1534 bssid0 = hapd0.own_addr()
1535
1536 dev[0].scan_for_bss(bssid0, freq="2412")
1537 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1538 scan_freq="2412")
1539
1540 params = ft_params2(ssid=ssid, passphrase=passphrase)
1541 params['ft_psk_generate_local'] = "1";
1542 hapd1 = hostapd.add_ap(apdev[1], params)
1543 bssid1 = hapd1.own_addr()
1544 dev[0].scan_for_bss(bssid1, freq="2412")
1545 with fail_test(hapd1, 1, "wpa_derive_pmk_r0;wpa_ft_psk_pmk_r1"):
1546 # This will fail to roam
1547 dev[0].roam(bssid1)
1548 with fail_test(hapd1, 1, "wpa_derive_pmk_r1;wpa_ft_psk_pmk_r1"):
1549 # This will fail to roam
1550 dev[0].roam(bssid1)
1551
1552def test_ap_ft_ap_oom9(dev, apdev):
1553 """WPA2-PSK-FT and AP OOM 9"""
1554 ssid = "test-ft"
1555 passphrase="12345678"
1556
1557 params = ft_params1(ssid=ssid, passphrase=passphrase)
1558 hapd0 = hostapd.add_ap(apdev[0], params)
1559 bssid0 = hapd0.own_addr()
1560
1561 dev[0].scan_for_bss(bssid0, freq="2412")
1562 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1563 scan_freq="2412")
1564
1565 params = ft_params2(ssid=ssid, passphrase=passphrase)
1566 hapd1 = hostapd.add_ap(apdev[1], params)
1567 bssid1 = hapd1.own_addr()
1568 dev[0].scan_for_bss(bssid1, freq="2412")
1569
1570 with alloc_fail(hapd0, 1, "wpa_ft_action_rx"):
1571 # This will fail to roam
1572 if "OK" not in dev[0].request("FT_DS " + bssid1):
1573 raise Exception("FT_DS failed")
1574 wait_fail_trigger(hapd0, "GET_ALLOC_FAIL")
1575
1576 with alloc_fail(hapd1, 1, "wpa_ft_rrb_rx_request"):
1577 # This will fail to roam
1578 if "OK" not in dev[0].request("FT_DS " + bssid1):
1579 raise Exception("FT_DS failed")
1580 wait_fail_trigger(hapd1, "GET_ALLOC_FAIL")
1581
1582 with alloc_fail(hapd1, 1, "wpa_ft_send_rrb_auth_resp"):
1583 # This will fail to roam
1584 if "OK" not in dev[0].request("FT_DS " + bssid1):
1585 raise Exception("FT_DS failed")
1586 wait_fail_trigger(hapd1, "GET_ALLOC_FAIL")
1587
1588def test_ap_ft_ap_oom10(dev, apdev):
1589 """WPA2-PSK-FT and AP OOM 10"""
1590 ssid = "test-ft"
1591 passphrase="12345678"
1592
1593 params = ft_params1(ssid=ssid, passphrase=passphrase)
1594 hapd0 = hostapd.add_ap(apdev[0], params)
1595 bssid0 = hapd0.own_addr()
1596
1597 dev[0].scan_for_bss(bssid0, freq="2412")
1598 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1599 scan_freq="2412")
1600
1601 params = ft_params2(ssid=ssid, passphrase=passphrase)
1602 hapd1 = hostapd.add_ap(apdev[1], params)
1603 bssid1 = hapd1.own_addr()
1604 dev[0].scan_for_bss(bssid1, freq="2412")
1605
9441a227 1606 with fail_test(hapd0, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_pull"):
682a79f0
JM		 1607 # This will fail to roam
1608 if "OK" not in dev[0].request("FT_DS " + bssid1):
1609 raise Exception("FT_DS failed")
1610 wait_fail_trigger(hapd0, "GET_FAIL")
1611
1612 with fail_test(hapd0, 1, "wpa_derive_pmk_r1;wpa_ft_rrb_rx_pull"):
1613 # This will fail to roam
1614 if "OK" not in dev[0].request("FT_DS " + bssid1):
1615 raise Exception("FT_DS failed")
1616 wait_fail_trigger(hapd0, "GET_FAIL")
1617
9441a227 1618 with fail_test(hapd0, 1, "aes_siv_encrypt;wpa_ft_rrb_rx_pull"):
682a79f0
JM		 1619 # This will fail to roam
1620 if "OK" not in dev[0].request("FT_DS " + bssid1):
1621 raise Exception("FT_DS failed")
1622 wait_fail_trigger(hapd0, "GET_FAIL")
1623
9441a227 1624 with fail_test(hapd1, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_resp"):
682a79f0
JM		 1625 # This will fail to roam
1626 if "OK" not in dev[0].request("FT_DS " + bssid1):
1627 raise Exception("FT_DS failed")
1628 wait_fail_trigger(hapd1, "GET_FAIL")
1629
1630def test_ap_ft_ap_oom11(dev, apdev):
1631 """WPA2-PSK-FT and AP OOM 11"""
1632 ssid = "test-ft"
1633 passphrase="12345678"
1634
1635 params = ft_params1(ssid=ssid, passphrase=passphrase)
1636 hapd0 = hostapd.add_ap(apdev[0], params)
1637 bssid0 = hapd0.own_addr()
1638
1639 dev[0].scan_for_bss(bssid0, freq="2412")
1640 with fail_test(hapd0, 1, "wpa_derive_pmk_r1;wpa_ft_generate_pmk_r1"):
1641 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1642 scan_freq="2412")
1643 wait_fail_trigger(hapd0, "GET_FAIL")
1644
1645 dev[1].scan_for_bss(bssid0, freq="2412")
9441a227 1646 with fail_test(hapd0, 1, "aes_siv_encrypt;wpa_ft_generate_pmk_r1"):
682a79f0
JM		 1647 dev[1].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1648 scan_freq="2412")
1649 wait_fail_trigger(hapd0, "GET_FAIL")
1650
a04e6f3d
JM		 1651def test_ap_ft_over_ds_proto_ap(dev, apdev):
1652 """WPA2-PSK-FT AP over DS protocol testing for AP processing"""
1653 ssid = "test-ft"
1654 passphrase="12345678"
1655
1656 params = ft_params1(ssid=ssid, passphrase=passphrase)
1657 hapd0 = hostapd.add_ap(apdev[0], params)
1658 bssid0 = hapd0.own_addr()
1659 _bssid0 = bssid0.replace(':', '')
1660 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1661 scan_freq="2412")
1662 addr = dev[0].own_addr()
1663 _addr = addr.replace(':', '')
1664
1665 params = ft_params2(ssid=ssid, passphrase=passphrase)
1666 hapd1 = hostapd.add_ap(apdev[1], params)
1667 bssid1 = hapd1.own_addr()
1668 _bssid1 = bssid1.replace(':', '')
1669
1670 hapd0.set("ext_mgmt_frame_handling", "1")
1671 hdr = "d0003a01" + _bssid0 + _addr + _bssid0 + "1000"
1672 valid = "0601" + _addr + _bssid1
1673 tests = [ "0601",
1674 "0601" + _addr,
1675 "0601" + _addr + _bssid0,
1676 "0601" + _addr + "ffffffffffff",
1677 "0601" + _bssid0 + _bssid0,
1678 valid,
1679 valid + "01",
1680 valid + "3700",
1681 valid + "3600",
1682 valid + "3603ffffff",
1683 valid + "3603a1b2ff",
1684 valid + "3603a1b2ff" + "3700",
1685 valid + "3603a1b2ff" + "37520000" + 16*"00" + 32*"00" + 32*"00",
1686 valid + "3603a1b2ff" + "37520001" + 16*"00" + 32*"00" + 32*"00",
1687 valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa",
1688 valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "3000",
1689 valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000facff00000100a225368fe0983b5828a37a0acb37f253",
1690 valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac030100000fac0400000100a225368fe0983b5828a37a0acb37f253",
1691 valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000fac0400000100a225368fe0983b5828a37a0acb37f253",
1692 valid + "0001" ]
1693 for t in tests:
1694 hapd0.dump_monitor()
1695 if "OK" not in hapd0.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + t):
1696 raise Exception("MGMT_RX_PROCESS failed")
1697
1698 hapd0.set("ext_mgmt_frame_handling", "0")
1699
34d3eaa8
JM		 1700def test_ap_ft_over_ds_proto(dev, apdev):
1701 """WPA2-PSK-FT AP over DS protocol testing"""
1702 ssid = "test-ft"
1703 passphrase="12345678"
1704
1705 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 1706 hapd0 = hostapd.add_ap(apdev[0], params)
34d3eaa8
JM		 1707 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1708 scan_freq="2412")
1709
1710 # FT Action Response while no FT-over-DS in progress
1711 msg = {}
1712 msg['fc'] = 13 << 4
1713 msg['da'] = dev[0].own_addr()
1714 msg['sa'] = apdev[0]['bssid']
1715 msg['bssid'] = apdev[0]['bssid']
1716 msg['payload'] = binascii.unhexlify("06020200000000000200000004000000")
1717 hapd0.mgmt_tx(msg)
1718
1719 params = ft_params2(ssid=ssid, passphrase=passphrase)
8b8a1864 1720 hapd1 = hostapd.add_ap(apdev[1], params)
34d3eaa8
JM		 1721 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
1722 hapd0.set("ext_mgmt_frame_handling", "1")
1723 hapd0.dump_monitor()
1724 dev[0].request("FT_DS " + apdev[1]['bssid'])
1725 for i in range(0, 10):
1726 req = hapd0.mgmt_rx()
1727 if req is None:
1728 raise Exception("MGMT RX wait timed out")
1729 if req['subtype'] == 13:
1730 break
1731 req = None
1732 if not req:
1733 raise Exception("FT Action frame not received")
1734
1735 # FT Action Response for unexpected Target AP
1736 msg['payload'] = binascii.unhexlify("0602020000000000" + "f20000000400" + "0000")
1737 hapd0.mgmt_tx(msg)
1738
1739 # FT Action Response without MDIE
1740 msg['payload'] = binascii.unhexlify("0602020000000000" + "020000000400" + "0000")
1741 hapd0.mgmt_tx(msg)
1742
1743 # FT Action Response without FTIE
1744 msg['payload'] = binascii.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201")
1745 hapd0.mgmt_tx(msg)
1746
1747 # FT Action Response with FTIE SNonce mismatch
1748 msg['payload'] = binascii.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201" + "3766000000000000000000000000000000000000c4e67ac1999bebd00ff4ae4d5dcaf87896bb060b469f7c78d49623fb395c3455ffffff6b693fe6f8d8c5dfac0a22344750775bd09437f98b238c9f87b97f790c0106000102030406030a6e6173312e77312e6669")
1749 hapd0.mgmt_tx(msg)
6f3815c0 1750
9fd6804d 1751@remote_compatible
6f3815c0
JM		 1752def test_ap_ft_rrb(dev, apdev):
1753 """WPA2-PSK-FT RRB protocol testing"""
1754 ssid = "test-ft"
1755 passphrase="12345678"
1756
1757 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 1758 hapd0 = hostapd.add_ap(apdev[0], params)
6f3815c0
JM		 1759
1760 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1761 scan_freq="2412")
1762
1763 _dst_ll = binascii.unhexlify(apdev[0]['bssid'].replace(':',''))
1764 _src_ll = binascii.unhexlify(dev[0].own_addr().replace(':',''))
1765 proto = '\x89\x0d'
1766 ehdr = _dst_ll + _src_ll + proto
1767
1768 # Too short RRB frame
1769 pkt = ehdr + '\x01'
1770 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1771 raise Exception("DATA_TEST_FRAME failed")
1772
1773 # RRB discarded frame wikth unrecognized type
1774 pkt = ehdr + '\x02' + '\x02' + '\x01\x00' + _src_ll
1775 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1776 raise Exception("DATA_TEST_FRAME failed")
1777
1778 # RRB frame too short for action frame
1779 pkt = ehdr + '\x01' + '\x02' + '\x01\x00' + _src_ll
1780 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1781 raise Exception("DATA_TEST_FRAME failed")
1782
1783 # Too short RRB frame (not enough room for Action Frame body)
1784 pkt = ehdr + '\x01' + '\x02' + '\x00\x00' + _src_ll
1785 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1786 raise Exception("DATA_TEST_FRAME failed")
1787
1788 # Unexpected Action frame category
1789 pkt = ehdr + '\x01' + '\x02' + '\x0e\x00' + _src_ll + '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1790 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1791 raise Exception("DATA_TEST_FRAME failed")
1792
1793 # Unexpected Action in RRB Request
1794 pkt = ehdr + '\x01' + '\x00' + '\x0e\x00' + _src_ll + '\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1795 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1796 raise Exception("DATA_TEST_FRAME failed")
1797
1798 # Target AP address in RRB Request does not match with own address
1799 pkt = ehdr + '\x01' + '\x00' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1800 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1801 raise Exception("DATA_TEST_FRAME failed")
1802
1803 # Not enough room for status code in RRB Response
1804 pkt = ehdr + '\x01' + '\x01' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1805 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1806 raise Exception("DATA_TEST_FRAME failed")
1807
1808 # RRB discarded frame with unknown packet_type
1809 pkt = ehdr + '\x01' + '\x02' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1810 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1811 raise Exception("DATA_TEST_FRAME failed")
1812
1813 # RRB Response with non-zero status code; no STA match
1814 pkt = ehdr + '\x01' + '\x01' + '\x10\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + '\xff\xff'
1815 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1816 raise Exception("DATA_TEST_FRAME failed")
1817
1818 # RRB Response with zero status code and extra data; STA match
1819 pkt = ehdr + '\x01' + '\x01' + '\x11\x00' + _src_ll + '\x06\x01' + _src_ll + '\x00\x00\x00\x00\x00\x00' + '\x00\x00' + '\x00'
1820 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1821 raise Exception("DATA_TEST_FRAME failed")
1822
1823 # Too short PMK-R1 pull
1824 pkt = ehdr + '\x01' + '\xc8' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1825 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1826 raise Exception("DATA_TEST_FRAME failed")
1827
1828 # Too short PMK-R1 resp
1829 pkt = ehdr + '\x01' + '\xc9' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1830 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1831 raise Exception("DATA_TEST_FRAME failed")
1832
1833 # Too short PMK-R1 push
1834 pkt = ehdr + '\x01' + '\xca' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1835 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1836 raise Exception("DATA_TEST_FRAME failed")
1837
1838 # No matching R0KH address found for PMK-R0 pull response
1839 pkt = ehdr + '\x01' + '\xc9' + '\x5a\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + 76*'\00'
1840 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1841 raise Exception("DATA_TEST_FRAME failed")
ecafa0cf 1842
9fd6804d 1843@remote_compatible
ecafa0cf
JM		 1844def test_rsn_ie_proto_ft_psk_sta(dev, apdev):
1845 """RSN element protocol testing for FT-PSK + PMF cases on STA side"""
1846 bssid = apdev[0]['bssid']
1847 ssid = "test-ft"
1848 passphrase="12345678"
1849
1850 params = ft_params1(ssid=ssid, passphrase=passphrase)
bc6e3288 1851 params["ieee80211w"] = "1"
ecafa0cf
JM		 1852 # This is the RSN element used normally by hostapd
1853 params['own_ie_override'] = '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'
8b8a1864 1854 hapd = hostapd.add_ap(apdev[0], params)
ecafa0cf
JM		 1855 id = dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1856 ieee80211w="1", scan_freq="2412",
1857 pairwise="CCMP", group="CCMP")
1858
1859 tests = [ ('PMKIDCount field included',
1860 '30160100000fac040100000fac040100000fac048c000000' + '3603a1b201'),
1861 ('Extra IE before RSNE',
1862 'dd0400000000' + '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'),
1863 ('PMKIDCount and Group Management Cipher suite fields included',
1864 '301a0100000fac040100000fac040100000fac048c000000000fac06' + '3603a1b201'),
1865 ('Extra octet after defined fields (future extensibility)',
1866 '301b0100000fac040100000fac040100000fac048c000000000fac0600' + '3603a1b201'),
1867 ('No RSN Capabilities field (PMF disabled in practice)',
1868 '30120100000fac040100000fac040100000fac04' + '3603a1b201') ]
1869 for txt,ie in tests:
1870 dev[0].request("DISCONNECT")
1871 dev[0].wait_disconnected()
1872 logger.info(txt)
1873 hapd.disable()
1874 hapd.set('own_ie_override', ie)
1875 hapd.enable()
1876 dev[0].request("BSS_FLUSH 0")
1877 dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
1878 dev[0].select_network(id, freq=2412)
1879 dev[0].wait_connected()
1880
1881 dev[0].request("DISCONNECT")
1882 dev[0].wait_disconnected()
1883
1884 logger.info('Invalid RSNE causing internal hostapd error')
1885 hapd.disable()
1886 hapd.set('own_ie_override', '30130100000fac040100000fac040100000fac048c' + '3603a1b201')
1887 hapd.enable()
1888 dev[0].request("BSS_FLUSH 0")
1889 dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
1890 dev[0].select_network(id, freq=2412)
1891 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
1892 # complete.
1893 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
1894 if ev is not None:
1895 raise Exception("Unexpected connection")
1896 dev[0].request("DISCONNECT")
1897
1898 logger.info('Unexpected PMKID causing internal hostapd error')
1899 hapd.disable()
1900 hapd.set('own_ie_override', '30260100000fac040100000fac040100000fac048c000100ffffffffffffffffffffffffffffffff' + '3603a1b201')
1901 hapd.enable()
1902 dev[0].request("BSS_FLUSH 0")
1903 dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
1904 dev[0].select_network(id, freq=2412)
1905 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
1906 # complete.
1907 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
1908 if ev is not None:
1909 raise Exception("Unexpected connection")
1910 dev[0].request("DISCONNECT")
1025603b
JM		 1911
1912def test_ap_ft_ptk_rekey(dev, apdev):
1913 """WPA2-PSK-FT PTK rekeying triggered by station after roam"""
1914 ssid = "test-ft"
1915 passphrase="12345678"
1916
1917 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 1918 hapd0 = hostapd.add_ap(apdev[0], params)
1025603b 1919 params = ft_params2(ssid=ssid, passphrase=passphrase)
8b8a1864 1920 hapd1 = hostapd.add_ap(apdev[1], params)
1025603b
JM		 1921
1922 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, ptk_rekey="1")
1923
1924 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED",
1925 "WPA: Key negotiation completed"], timeout=5)
1926 if ev is None:
1927 raise Exception("No event received after roam")
1928 if "CTRL-EVENT-DISCONNECTED" in ev:
1929 raise Exception("Unexpected disconnection after roam")
1930
1931 if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
1932 hapd = hapd0
1933 else:
1934 hapd = hapd1
1935 hwsim_utils.test_connectivity(dev[0], hapd)
1936
1937def test_ap_ft_ptk_rekey_ap(dev, apdev):
1938 """WPA2-PSK-FT PTK rekeying triggered by AP after roam"""
1939 ssid = "test-ft"
1940 passphrase="12345678"
1941
1942 params = ft_params1(ssid=ssid, passphrase=passphrase)
1943 params['wpa_ptk_rekey'] = '2'
8b8a1864 1944 hapd0 = hostapd.add_ap(apdev[0], params)
1025603b
JM		 1945 params = ft_params2(ssid=ssid, passphrase=passphrase)
1946 params['wpa_ptk_rekey'] = '2'
8b8a1864 1947 hapd1 = hostapd.add_ap(apdev[1], params)
1025603b
JM		 1948
1949 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
1950
1951 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED",
1952 "WPA: Key negotiation completed"], timeout=5)
1953 if ev is None:
1954 raise Exception("No event received after roam")
1955 if "CTRL-EVENT-DISCONNECTED" in ev:
1956 raise Exception("Unexpected disconnection after roam")
1957
1958 if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
1959 hapd = hapd0
1960 else:
1961 hapd = hapd1
1962 hwsim_utils.test_connectivity(dev[0], hapd)
186ca473
MB		 1963
1964def test_ap_ft_internal_rrb_check(dev, apdev):
1965 """RRB internal delivery only to WPA enabled BSS"""
1966 ssid = "test-ft"
1967 passphrase="12345678"
1968
1969 radius = hostapd.radius_params()
1970 params = ft_params1(ssid=ssid, passphrase=passphrase)
1971 params['wpa_key_mgmt'] = "FT-EAP"
1972 params["ieee8021x"] = "1"
1973 params = dict(radius.items() + params.items())
8b8a1864 1974 hapd = hostapd.add_ap(apdev[0], params)
186ca473
MB		 1975 key_mgmt = hapd.get_config()['key_mgmt']
1976 if key_mgmt.split(' ')[0] != "FT-EAP":
1977 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
1978
8b8a1864 1979 hapd1 = hostapd.add_ap(apdev[1], { "ssid" : ssid })
186ca473
MB		 1980
1981 # Connect to WPA enabled AP
1982 dev[0].connect(ssid, key_mgmt="FT-EAP", proto="WPA2", ieee80211w="1",
1983 eap="GPSK", identity="gpsk user",
1984 password="abcdefghijklmnop0123456789abcdef",
1985 scan_freq="2412")
1986
1987 # Try over_ds roaming to non-WPA-enabled AP.
1988 # If hostapd does not check hapd->wpa_auth internally, it will crash now.
1989 dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True)
c85fcff2
JM		 1990
1991def test_ap_ft_extra_ie(dev, apdev):
1992 """WPA2-PSK-FT AP with WPA2-PSK enabled and unexpected MDE"""
1993 ssid = "test-ft"
1994 passphrase="12345678"
1995
1996 params = ft_params1(ssid=ssid, passphrase=passphrase)
1997 params["wpa_key_mgmt"] = "WPA-PSK FT-PSK"
1998 hapd0 = hostapd.add_ap(apdev[0], params)
1999 dev[1].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2000 scan_freq="2412")
2001 dev[2].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK", proto="WPA2",
2002 scan_freq="2412")
2003 try:
2004 # Add Mobility Domain element to test AP validation code.
2005 dev[0].request("VENDOR_ELEM_ADD 13 3603a1b201")
2006 dev[0].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK", proto="WPA2",
2007 scan_freq="2412", wait_connect=False)
2008 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
2009 "CTRL-EVENT-ASSOC-REJECT"], timeout=10)
2010 if ev is None:
2011 raise Exception("No connection result")
2012 if "CTRL-EVENT-CONNECTED" in ev:
2013 raise Exception("Non-FT association accepted with MDE")
2014 if "status_code=43" not in ev:
2015 raise Exception("Unexpected status code: " + ev)
2016 dev[0].request("DISCONNECT")
2017 finally:
2018 dev[0].request("VENDOR_ELEM_REMOVE 13 *")
fd7205fa
JM		 2019
2020def test_ap_ft_ric(dev, apdev):
2021 """WPA2-PSK-FT AP and RIC"""
2022 ssid = "test-ft"
2023 passphrase="12345678"
2024
2025 params = ft_params1(ssid=ssid, passphrase=passphrase)
2026 hapd0 = hostapd.add_ap(apdev[0], params)
2027 params = ft_params2(ssid=ssid, passphrase=passphrase)
2028 hapd1 = hostapd.add_ap(apdev[1], params)
2029
2030 dev[0].set("ric_ies", "")
2031 dev[0].set("ric_ies", '""')
2032 if "FAIL" not in dev[0].request("SET ric_ies q"):
2033 raise Exception("Invalid ric_ies value accepted")
2034
2035 tests = [ "3900",
2036 "3900ff04eeeeeeee",
2037 "390400000000",
2038 "390400000000" + "390400000000",
2039 "390400000000" + "dd050050f20202",
2040 "390400000000" + "dd3d0050f2020201" + 55*"00",
2041 "390400000000" + "dd3d0050f2020201aa300010270000000000000000000000000000000000000000000000000000ffffff7f00000000000000000000000040420f00ffff0000",
2042 "390401010000" + "dd3d0050f2020201aa3000dc050000000000000000000000000000000000000000000000000000dc050000000000000000000000000000808d5b0028230000" ]
2043 for t in tests:
2044 dev[0].set("ric_ies", t)
2045 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase,
2046 test_connectivity=False)
2047 dev[0].request("REMOVE_NETWORK all")
2048 dev[0].wait_disconnected()
2049 dev[0].dump_monitor()
c8942286
JM		 2050
2051def ie_hex(ies, id):
2052 return binascii.hexlify(struct.pack('BB', id, len(ies[id])) + ies[id])
2053
2054def test_ap_ft_reassoc_proto(dev, apdev):
2055 """WPA2-PSK-FT AP Reassociation Request frame parsing"""
2056 ssid = "test-ft"
2057 passphrase="12345678"
2058
2059 params = ft_params1(ssid=ssid, passphrase=passphrase)
2060 hapd0 = hostapd.add_ap(apdev[0], params)
2061 params = ft_params2(ssid=ssid, passphrase=passphrase)
2062 hapd1 = hostapd.add_ap(apdev[1], params)
2063
2064 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2065 ieee80211w="1", scan_freq="2412")
2066 if dev[0].get_status_field('bssid') == hapd0.own_addr():
2067 hapd1ap = hapd0
2068 hapd2ap = hapd1
2069 else:
2070 hapd1ap = hapd1
2071 hapd2ap = hapd0
2072
2073 dev[0].scan_for_bss(hapd2ap.own_addr(), freq="2412")
2074 hapd2ap.set("ext_mgmt_frame_handling", "1")
2075 dev[0].request("ROAM " + hapd2ap.own_addr())
2076
2077 while True:
2078 req = hapd2ap.mgmt_rx()
2079 hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']))
2080 if req['subtype'] == 11:
2081 break
2082
2083 while True:
2084 req = hapd2ap.mgmt_rx()
2085 if req['subtype'] == 2:
2086 break
2087 hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']))
2088
2089 # IEEE 802.11 header + fixed fields before IEs
2090 hdr = binascii.hexlify(req['frame'][0:34])
2091 ies = parse_ie(binascii.hexlify(req['frame'][34:]))
2092 # First elements: SSID, Supported Rates, Extended Supported Rates
2093 ies1 = ie_hex(ies, 0) + ie_hex(ies, 1) + ie_hex(ies, 50)
2094
2095 rsne = ie_hex(ies, 48)
2096 mde = ie_hex(ies, 54)
2097 fte = ie_hex(ies, 55)
2098 tests = [ ]
2099 # RSN: Trying to use FT, but MDIE not included
2100 tests += [ rsne ]
2101 # RSN: Attempted to use unknown MDIE
2102 tests += [ rsne + "3603000000" ]
2103 # Invalid RSN pairwise cipher
2104 tests += [ "30260100000fac040100000fac030100000fac040000010029208a42cd25c85aa571567dce10dae3" ]
2105 # FT: No PMKID in RSNIE
2106 tests += [ "30160100000fac040100000fac040100000fac0400000000" + ie_hex(ies, 54) ]
2107 # FT: Invalid FTIE
2108 tests += [ rsne + mde ]
2109 # FT: RIC IE(s) in the frame, but not included in protected IE count
2110 # FT: Failed to parse FT IEs
2111 tests += [ rsne + mde + fte + "3900" ]
2112 # FT: SNonce mismatch in FTIE
2113 tests += [ rsne + mde + "37520000" + 16*"00" + 32*"00" + 32*"00" ]
2114 # FT: ANonce mismatch in FTIE
2115 tests += [ rsne + mde + fte[0:40] + 32*"00" + fte[104:] ]
2116 # FT: No R0KH-ID subelem in FTIE
2117 tests += [ rsne + mde + "3752" + fte[4:168] ]
2118 # FT: R0KH-ID in FTIE did not match with the current R0KH-ID
2119 tests += [ rsne + mde + "3755" + fte[4:168] + "0301ff" ]
2120 # FT: No R1KH-ID subelem in FTIE
2121 tests += [ rsne + mde + "375e" + fte[4:168] + "030a" + "nas1.w1.fi".encode("hex") ]
2122 # FT: Unknown R1KH-ID used in ReassocReq
2123 tests += [ rsne + mde + "3766" + fte[4:168] + "030a" + "nas1.w1.fi".encode("hex") + "0106000000000000" ]
2124 # FT: PMKID in Reassoc Req did not match with the PMKR1Name derived from auth request
2125 tests += [ rsne[:-32] + 16*"00" + mde + fte ]
2126 # Invalid MIC in FTIE
2127 tests += [ rsne + mde + fte[0:8] + 16*"00" + fte[40:] ]
2128 for t in tests:
2129 hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + ies1 + t)
2130
2131def test_ap_ft_reassoc_local_fail(dev, apdev):
2132 """WPA2-PSK-FT AP Reassociation Request frame and local failure"""
2133 ssid = "test-ft"
2134 passphrase="12345678"
2135
2136 params = ft_params1(ssid=ssid, passphrase=passphrase)
2137 hapd0 = hostapd.add_ap(apdev[0], params)
2138 params = ft_params2(ssid=ssid, passphrase=passphrase)
2139 hapd1 = hostapd.add_ap(apdev[1], params)
2140
2141 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2142 ieee80211w="1", scan_freq="2412")
2143 if dev[0].get_status_field('bssid') == hapd0.own_addr():
2144 hapd1ap = hapd0
2145 hapd2ap = hapd1
2146 else:
2147 hapd1ap = hapd1
2148 hapd2ap = hapd0
2149
2150 dev[0].scan_for_bss(hapd2ap.own_addr(), freq="2412")
2151 # FT: Failed to calculate MIC
2152 with fail_test(hapd2ap, 1, "wpa_ft_validate_reassoc"):
2153 dev[0].request("ROAM " + hapd2ap.own_addr())
2154 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
2155 dev[0].request("DISCONNECT")
2156 if ev is None:
2157 raise Exception("Association reject not seen")
d7f0bef9
JM		 2158
2159def test_ap_ft_reassoc_replay(dev, apdev, params):
2160 """WPA2-PSK-FT AP and replayed Reassociation Request frame"""
2161 capfile = os.path.join(params['logdir'], "hwsim0.pcapng")
2162 ssid = "test-ft"
2163 passphrase="12345678"
2164
2165 params = ft_params1(ssid=ssid, passphrase=passphrase)
2166 hapd0 = hostapd.add_ap(apdev[0], params)
2167 params = ft_params2(ssid=ssid, passphrase=passphrase)
2168 hapd1 = hostapd.add_ap(apdev[1], params)
2169
2170 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2171 scan_freq="2412")
2172 if dev[0].get_status_field('bssid') == hapd0.own_addr():
2173 hapd1ap = hapd0
2174 hapd2ap = hapd1
2175 else:
2176 hapd1ap = hapd1
2177 hapd2ap = hapd0
2178
2179 dev[0].scan_for_bss(hapd2ap.own_addr(), freq="2412")
2180 hapd2ap.set("ext_mgmt_frame_handling", "1")
2181 dev[0].dump_monitor()
2182 if "OK" not in dev[0].request("ROAM " + hapd2ap.own_addr()):
2183 raise Exception("ROAM failed")
2184
2185 reassocreq = None
2186 count = 0
2187 while count < 100:
2188 req = hapd2ap.mgmt_rx()
2189 count += 1
2190 hapd2ap.dump_monitor()
2191 hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']))
2192 if req['subtype'] == 2:
2193 reassocreq = req
2194 ev = hapd2ap.wait_event(["MGMT-TX-STATUS"], timeout=5)
2195 if ev is None:
2196 raise Exception("No TX status seen")
2197 cmd = "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev.split(' ')[1:4]))
2198 if "OK" not in hapd2ap.request(cmd):
2199 raise Exception("MGMT_TX_STATUS_PROCESS failed")
2200 break
2201 hapd2ap.set("ext_mgmt_frame_handling", "0")
2202 if reassocreq is None:
2203 raise Exception("No Reassociation Request frame seen")
2204 dev[0].wait_connected()
2205 dev[0].dump_monitor()
2206 hapd2ap.dump_monitor()
2207
2208 hwsim_utils.test_connectivity(dev[0], hapd2ap)
2209
2210 logger.info("Replay the last Reassociation Request frame")
2211 hapd2ap.dump_monitor()
2212 hapd2ap.set("ext_mgmt_frame_handling", "1")
2213 hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']))
2214 ev = hapd2ap.wait_event(["MGMT-TX-STATUS"], timeout=5)
2215 if ev is None:
2216 raise Exception("No TX status seen")
2217 cmd = "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev.split(' ')[1:4]))
2218 if "OK" not in hapd2ap.request(cmd):
2219 raise Exception("MGMT_TX_STATUS_PROCESS failed")
2220 hapd2ap.set("ext_mgmt_frame_handling", "0")
2221
2222 try:
2223 hwsim_utils.test_connectivity(dev[0], hapd2ap)
2224 ok = True
2225 except:
2226 ok = False
2227
2228 ap = hapd2ap.own_addr()
2229 sta = dev[0].own_addr()
2230 filt = "wlan.fc.type == 2 && " + \
2231 "wlan.da == " + sta + " && " + \
2232 "wlan.sa == " + ap
2233 fields = [ "wlan.ccmp.extiv" ]
2234 res = run_tshark(capfile, filt, fields)
2235 vals = res.splitlines()
2236 logger.info("CCMP PN: " + str(vals))
2237 if len(vals) < 2:
2238 raise Exception("Could not find all CCMP protected frames from capture")
2239 if len(set(vals)) < len(vals):
2240 raise Exception("Duplicate CCMP PN used")
2241
2242 if not ok:
2243 raise Exception("The second hwsim connectivity test failed")
0dc3c5f2
JM		 2244
2245def test_ap_ft_psk_file(dev, apdev):
2246 """WPA2-PSK-FT AP with PSK from a file"""
2247 ssid = "test-ft"
2248 passphrase="12345678"
2249
2250 params = ft_params1a(ssid=ssid, passphrase=passphrase)
2251 params['wpa_psk_file'] = 'hostapd.wpa_psk'
2252 hapd = hostapd.add_ap(apdev[0], params)
2253
2254 dev[1].connect(ssid, psk="very secret",
2255 key_mgmt="FT-PSK", proto="WPA2", ieee80211w="1",
2256 scan_freq="2412", wait_connect=False)
2257 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2258 ieee80211w="1", scan_freq="2412")
2259 dev[0].request("REMOVE_NETWORK all")
2260 dev[0].wait_disconnected()
2261 dev[0].connect(ssid, psk="very secret", key_mgmt="FT-PSK", proto="WPA2",
2262 ieee80211w="1", scan_freq="2412")
2263 dev[0].request("REMOVE_NETWORK all")
2264 dev[0].wait_disconnected()
2265 dev[0].connect(ssid, psk="secret passphrase",
2266 key_mgmt="FT-PSK", proto="WPA2", ieee80211w="1",
2267 scan_freq="2412")
2268 dev[2].connect(ssid, psk="another passphrase for all STAs",
2269 key_mgmt="FT-PSK", proto="WPA2", ieee80211w="1",
2270 scan_freq="2412")
2271 ev = dev[1].wait_event(["WPA: 4-Way Handshake failed"], timeout=10)
2272 if ev is None:
2273 raise Exception("Timed out while waiting for failure report")
2274 dev[1].request("REMOVE_NETWORK all")
Unnamed repository; edit this file 'description' to name the repository.