]>
Commit | Line | Data |
---|---|---|
cd7f1b9a | 1 | # Fast BSS Transition tests |
c8942286 | 2 | # Copyright (c) 2013-2017, Jouni Malinen <j@w1.fi> |
cd7f1b9a JM |
3 | # |
4 | # This software may be distributed under the terms of the BSD license. | |
5 | # See README for more details. | |
6 | ||
9fd6804d | 7 | from remotehost import remote_compatible |
5b3c40a6 JM |
8 | import binascii |
9 | import os | |
cd7f1b9a | 10 | import time |
cd7f1b9a | 11 | import logging |
c9aa4308 | 12 | logger = logging.getLogger() |
c8942286 | 13 | import struct |
cd7f1b9a JM |
14 | |
15 | import hwsim_utils | |
16 | import hostapd | |
d7f0bef9 | 17 | from tshark import run_tshark |
c8942286 | 18 | from utils import HwsimSkip, alloc_fail, fail_test, wait_fail_trigger, skip_with_fips, parse_ie |
cd7f1b9a | 19 | from wlantest import Wlantest |
5b3c40a6 | 20 | from test_ap_psk import check_mib, find_wpas_process, read_process_memory, verify_not_present, get_key_locations |
cd7f1b9a JM |
21 | |
22 | def ft_base_rsn(): | |
23 | params = { "wpa": "2", | |
24 | "wpa_key_mgmt": "FT-PSK", | |
25 | "rsn_pairwise": "CCMP" } | |
26 | return params | |
27 | ||
28 | def ft_base_mixed(): | |
29 | params = { "wpa": "3", | |
30 | "wpa_key_mgmt": "WPA-PSK FT-PSK", | |
31 | "wpa_pairwise": "TKIP", | |
32 | "rsn_pairwise": "CCMP" } | |
33 | return params | |
34 | ||
35 | def ft_params(rsn=True, ssid=None, passphrase=None): | |
36 | if rsn: | |
37 | params = ft_base_rsn() | |
38 | else: | |
39 | params = ft_base_mixed() | |
40 | if ssid: | |
41 | params["ssid"] = ssid | |
42 | if passphrase: | |
43 | params["wpa_passphrase"] = passphrase | |
44 | ||
45 | params["mobility_domain"] = "a1b2" | |
46 | params["r0_key_lifetime"] = "10000" | |
47 | params["pmk_r1_push"] = "1" | |
48 | params["reassociation_deadline"] = "1000" | |
49 | return params | |
50 | ||
d0175d6e | 51 | def ft_params1a(rsn=True, ssid=None, passphrase=None): |
cd7f1b9a JM |
52 | params = ft_params(rsn, ssid, passphrase) |
53 | params['nas_identifier'] = "nas1.w1.fi" | |
54 | params['r1_key_holder'] = "000102030405" | |
d0175d6e MB |
55 | return params |
56 | ||
942b52a8 | 57 | def ft_params1(rsn=True, ssid=None, passphrase=None, discovery=False): |
d0175d6e | 58 | params = ft_params1a(rsn, ssid, passphrase) |
942b52a8 MB |
59 | if discovery: |
60 | params['r0kh'] = "ff:ff:ff:ff:ff:ff * 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f" | |
61 | params['r1kh'] = "00:00:00:00:00:00 00:00:00:00:00:00 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f" | |
62 | else: | |
63 | params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f", | |
64 | "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f" ] | |
65 | params['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f" | |
cd7f1b9a JM |
66 | return params |
67 | ||
c95dd8e4 JM |
68 | def ft_params1_old_key(rsn=True, ssid=None, passphrase=None): |
69 | params = ft_params1a(rsn, ssid, passphrase) | |
70 | params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f", | |
71 | "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f" ] | |
72 | params['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f" | |
73 | return params | |
74 | ||
d0175d6e | 75 | def ft_params2a(rsn=True, ssid=None, passphrase=None): |
cd7f1b9a JM |
76 | params = ft_params(rsn, ssid, passphrase) |
77 | params['nas_identifier'] = "nas2.w1.fi" | |
78 | params['r1_key_holder'] = "000102030406" | |
d0175d6e MB |
79 | return params |
80 | ||
942b52a8 | 81 | def ft_params2(rsn=True, ssid=None, passphrase=None, discovery=False): |
d0175d6e | 82 | params = ft_params2a(rsn, ssid, passphrase) |
942b52a8 MB |
83 | if discovery: |
84 | params['r0kh'] = "ff:ff:ff:ff:ff:ff * 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f" | |
85 | params['r1kh'] = "00:00:00:00:00:00 00:00:00:00:00:00 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f" | |
86 | else: | |
87 | params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f", | |
88 | "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f" ] | |
89 | params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f" | |
cd7f1b9a JM |
90 | return params |
91 | ||
c95dd8e4 JM |
92 | def ft_params2_old_key(rsn=True, ssid=None, passphrase=None): |
93 | params = ft_params2a(rsn, ssid, passphrase) | |
94 | params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f", | |
95 | "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f" ] | |
96 | params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f" | |
97 | return params | |
98 | ||
3b808945 JM |
99 | def ft_params1_r0kh_mismatch(rsn=True, ssid=None, passphrase=None): |
100 | params = ft_params(rsn, ssid, passphrase) | |
101 | params['nas_identifier'] = "nas1.w1.fi" | |
102 | params['r1_key_holder'] = "000102030405" | |
9441a227 MB |
103 | params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f", |
104 | "12:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f" ] | |
105 | params['r1kh'] = "12:00:00:00:04:00 10:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f" | |
3b808945 JM |
106 | return params |
107 | ||
108 | def ft_params2_incorrect_rrb_key(rsn=True, ssid=None, passphrase=None): | |
109 | params = ft_params(rsn, ssid, passphrase) | |
110 | params['nas_identifier'] = "nas2.w1.fi" | |
111 | params['r1_key_holder'] = "000102030406" | |
9441a227 MB |
112 | params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0ef1200102030405060708090a0b0c0d0ef1", |
113 | "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0ef2000102030405060708090a0b0c0d0ef2" ] | |
114 | params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0ef3300102030405060708090a0b0c0d0ef3" | |
3b808945 JM |
115 | return params |
116 | ||
117 | def ft_params2_r0kh_mismatch(rsn=True, ssid=None, passphrase=None): | |
118 | params = ft_params(rsn, ssid, passphrase) | |
119 | params['nas_identifier'] = "nas2.w1.fi" | |
120 | params['r1_key_holder'] = "000102030406" | |
9441a227 MB |
121 | params['r0kh'] = [ "12:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f", |
122 | "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f" ] | |
123 | params['r1kh'] = "12:00:00:00:03:00 10:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f" | |
3b808945 JM |
124 | return params |
125 | ||
7b741a53 JM |
126 | def run_roams(dev, apdev, hapd0, hapd1, ssid, passphrase, over_ds=False, |
127 | sae=False, eap=False, fail_test=False, roams=1, | |
fd7205fa | 128 | pairwise_cipher="CCMP", group_cipher="TKIP CCMP", ptk_rekey="0", |
473e5176 | 129 | test_connectivity=True, eap_identity="gpsk user", conndev=False, |
ffcaca68 JM |
130 | force_initial_conn_to_first_ap=False, sha384=False, |
131 | group_mgmt=None): | |
cd7f1b9a | 132 | logger.info("Connect to first AP") |
473e5176 MB |
133 | |
134 | copts = {} | |
135 | copts["proto"] = "WPA2" | |
136 | copts["ieee80211w"] = "1" | |
137 | copts["scan_freq"] = "2412" | |
138 | copts["pairwise"] = pairwise_cipher | |
139 | copts["group"] = group_cipher | |
140 | copts["wpa_ptk_rekey"] = ptk_rekey | |
ffcaca68 JM |
141 | if group_mgmt: |
142 | copts["group_mgmt"] = group_mgmt | |
6f62809b | 143 | if eap: |
55b3cda7 | 144 | copts["key_mgmt"] = "FT-EAP-SHA384" if sha384 else "FT-EAP" |
473e5176 MB |
145 | copts["eap"] = "GPSK" |
146 | copts["identity"] = eap_identity | |
147 | copts["password"] = "abcdefghijklmnop0123456789abcdef" | |
6e658cc4 | 148 | else: |
6f62809b | 149 | if sae: |
473e5176 | 150 | copts["key_mgmt"] = "FT-SAE" |
6f62809b | 151 | else: |
473e5176 MB |
152 | copts["key_mgmt"] = "FT-PSK" |
153 | copts["psk"] = passphrase | |
154 | if force_initial_conn_to_first_ap: | |
155 | copts["bssid"] = apdev[0]['bssid'] | |
156 | dev.connect(ssid, **copts) | |
157 | ||
cd7f1b9a JM |
158 | if dev.get_status_field('bssid') == apdev[0]['bssid']: |
159 | ap1 = apdev[0] | |
160 | ap2 = apdev[1] | |
a8375c94 JM |
161 | hapd1ap = hapd0 |
162 | hapd2ap = hapd1 | |
cd7f1b9a JM |
163 | else: |
164 | ap1 = apdev[1] | |
165 | ap2 = apdev[0] | |
a8375c94 JM |
166 | hapd1ap = hapd1 |
167 | hapd2ap = hapd0 | |
fd7205fa | 168 | if test_connectivity: |
9c50a6d3 MB |
169 | if conndev: |
170 | hwsim_utils.test_connectivity_iface(dev, hapd1ap, conndev) | |
171 | else: | |
172 | hwsim_utils.test_connectivity(dev, hapd1ap) | |
cd7f1b9a | 173 | |
655bc8bf | 174 | dev.scan_for_bss(ap2['bssid'], freq="2412") |
40602101 JM |
175 | |
176 | for i in range(0, roams): | |
e0382291 MB |
177 | # Roaming artificially fast can make data test fail because the key is |
178 | # set later. | |
179 | time.sleep(0.01) | |
40602101 JM |
180 | logger.info("Roam to the second AP") |
181 | if over_ds: | |
182 | dev.roam_over_ds(ap2['bssid'], fail_test=fail_test) | |
183 | else: | |
184 | dev.roam(ap2['bssid'], fail_test=fail_test) | |
185 | if fail_test: | |
186 | return | |
187 | if dev.get_status_field('bssid') != ap2['bssid']: | |
188 | raise Exception("Did not connect to correct AP") | |
fd7205fa | 189 | if (i == 0 or i == roams - 1) and test_connectivity: |
9c50a6d3 MB |
190 | if conndev: |
191 | hwsim_utils.test_connectivity_iface(dev, hapd2ap, conndev) | |
192 | else: | |
193 | hwsim_utils.test_connectivity(dev, hapd2ap) | |
40602101 | 194 | |
e0382291 MB |
195 | # Roaming artificially fast can make data test fail because the key is |
196 | # set later. | |
197 | time.sleep(0.01) | |
40602101 JM |
198 | logger.info("Roam back to the first AP") |
199 | if over_ds: | |
200 | dev.roam_over_ds(ap1['bssid']) | |
201 | else: | |
202 | dev.roam(ap1['bssid']) | |
203 | if dev.get_status_field('bssid') != ap1['bssid']: | |
204 | raise Exception("Did not connect to correct AP") | |
fd7205fa | 205 | if (i == 0 or i == roams - 1) and test_connectivity: |
9c50a6d3 MB |
206 | if conndev: |
207 | hwsim_utils.test_connectivity_iface(dev, hapd1ap, conndev) | |
208 | else: | |
209 | hwsim_utils.test_connectivity(dev, hapd1ap) | |
cd7f1b9a JM |
210 | |
211 | def test_ap_ft(dev, apdev): | |
212 | """WPA2-PSK-FT AP""" | |
213 | ssid = "test-ft" | |
214 | passphrase="12345678" | |
215 | ||
216 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 217 | hapd0 = hostapd.add_ap(apdev[0], params) |
cd7f1b9a | 218 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
8b8a1864 | 219 | hapd1 = hostapd.add_ap(apdev[1], params) |
cd7f1b9a | 220 | |
a8375c94 | 221 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase) |
91bc6c36 JM |
222 | if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"): |
223 | raise Exception("Scan results missing RSN element info") | |
cd7f1b9a | 224 | |
c95dd8e4 JM |
225 | def test_ap_ft_old_key(dev, apdev): |
226 | """WPA2-PSK-FT AP (old key)""" | |
227 | ssid = "test-ft" | |
228 | passphrase="12345678" | |
229 | ||
230 | params = ft_params1_old_key(ssid=ssid, passphrase=passphrase) | |
231 | hapd0 = hostapd.add_ap(apdev[0], params) | |
232 | params = ft_params2_old_key(ssid=ssid, passphrase=passphrase) | |
233 | hapd1 = hostapd.add_ap(apdev[1], params) | |
234 | ||
235 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase) | |
236 | ||
e4612f84 JM |
237 | def test_ap_ft_multi_akm(dev, apdev): |
238 | """WPA2-PSK-FT AP with non-FT AKMs enabled""" | |
239 | ssid = "test-ft" | |
240 | passphrase="12345678" | |
241 | ||
242 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
243 | params["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256" | |
244 | hapd0 = hostapd.add_ap(apdev[0], params) | |
245 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
246 | params["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256" | |
247 | hapd1 = hostapd.add_ap(apdev[1], params) | |
248 | ||
249 | Wlantest.setup(hapd0) | |
250 | wt = Wlantest() | |
251 | wt.flush() | |
252 | wt.add_passphrase(passphrase) | |
253 | ||
254 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase) | |
255 | if "[WPA2-PSK+FT/PSK+PSK-SHA256-CCMP]" not in dev[0].request("SCAN_RESULTS"): | |
256 | raise Exception("Scan results missing RSN element info") | |
257 | dev[1].connect(ssid, psk=passphrase, scan_freq="2412") | |
258 | dev[2].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK-SHA256", | |
259 | scan_freq="2412") | |
260 | ||
d0175d6e MB |
261 | def test_ap_ft_local_key_gen(dev, apdev): |
262 | """WPA2-PSK-FT AP with local key generation (without pull/push)""" | |
263 | ssid = "test-ft" | |
264 | passphrase="12345678" | |
265 | ||
266 | params = ft_params1a(ssid=ssid, passphrase=passphrase) | |
267 | params['ft_psk_generate_local'] = "1"; | |
8344ba12 | 268 | del params['pmk_r1_push'] |
b098542c | 269 | hapd0 = hostapd.add_ap(apdev[0], params) |
d0175d6e MB |
270 | params = ft_params2a(ssid=ssid, passphrase=passphrase) |
271 | params['ft_psk_generate_local'] = "1"; | |
8344ba12 | 272 | del params['pmk_r1_push'] |
b098542c | 273 | hapd1 = hostapd.add_ap(apdev[1], params) |
d0175d6e MB |
274 | |
275 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase) | |
276 | if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"): | |
277 | raise Exception("Scan results missing RSN element info") | |
278 | ||
473e5176 MB |
279 | def test_ap_ft_vlan(dev, apdev): |
280 | """WPA2-PSK-FT AP with VLAN""" | |
281 | ssid = "test-ft" | |
282 | passphrase="12345678" | |
283 | ||
284 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
285 | params['dynamic_vlan'] = "1"; | |
286 | params['accept_mac_file'] = "hostapd.accept"; | |
287 | hapd0 = hostapd.add_ap(apdev[0]['ifname'], params) | |
288 | ||
289 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
290 | params['dynamic_vlan'] = "1"; | |
291 | params['accept_mac_file'] = "hostapd.accept"; | |
292 | hapd1 = hostapd.add_ap(apdev[1]['ifname'], params) | |
293 | ||
294 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, conndev="brvlan1") | |
295 | if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"): | |
296 | raise Exception("Scan results missing RSN element info") | |
297 | ||
298 | def test_ap_ft_vlan_disconnected(dev, apdev): | |
299 | """WPA2-PSK-FT AP with VLAN and local key generation""" | |
300 | ssid = "test-ft" | |
301 | passphrase="12345678" | |
302 | ||
303 | params = ft_params1a(ssid=ssid, passphrase=passphrase) | |
304 | params['dynamic_vlan'] = "1"; | |
305 | params['accept_mac_file'] = "hostapd.accept"; | |
306 | params['ft_psk_generate_local'] = "1"; | |
307 | hapd0 = hostapd.add_ap(apdev[0]['ifname'], params) | |
308 | ||
309 | params = ft_params2a(ssid=ssid, passphrase=passphrase) | |
310 | params['dynamic_vlan'] = "1"; | |
311 | params['accept_mac_file'] = "hostapd.accept"; | |
312 | params['ft_psk_generate_local'] = "1"; | |
313 | hapd1 = hostapd.add_ap(apdev[1]['ifname'], params) | |
314 | ||
315 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, conndev="brvlan1") | |
316 | if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"): | |
317 | raise Exception("Scan results missing RSN element info") | |
318 | ||
319 | def test_ap_ft_vlan_2(dev, apdev): | |
320 | """WPA2-PSK-FT AP with VLAN and dest-AP does not have VLAN info locally""" | |
321 | ssid = "test-ft" | |
322 | passphrase="12345678" | |
323 | ||
324 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
325 | params['dynamic_vlan'] = "1"; | |
326 | params['accept_mac_file'] = "hostapd.accept"; | |
327 | hapd0 = hostapd.add_ap(apdev[0]['ifname'], params) | |
328 | ||
329 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
330 | params['dynamic_vlan'] = "1"; | |
331 | hapd1 = hostapd.add_ap(apdev[1]['ifname'], params) | |
332 | ||
333 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, conndev="brvlan1", | |
334 | force_initial_conn_to_first_ap=True) | |
335 | if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"): | |
336 | raise Exception("Scan results missing RSN element info") | |
337 | ||
40602101 JM |
338 | def test_ap_ft_many(dev, apdev): |
339 | """WPA2-PSK-FT AP multiple times""" | |
340 | ssid = "test-ft" | |
341 | passphrase="12345678" | |
342 | ||
343 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 344 | hapd0 = hostapd.add_ap(apdev[0], params) |
40602101 | 345 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
8b8a1864 | 346 | hapd1 = hostapd.add_ap(apdev[1], params) |
40602101 | 347 | |
a8375c94 | 348 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, roams=50) |
40602101 | 349 | |
473e5176 MB |
350 | def test_ap_ft_many_vlan(dev, apdev): |
351 | """WPA2-PSK-FT AP with VLAN multiple times""" | |
352 | ssid = "test-ft" | |
353 | passphrase="12345678" | |
354 | ||
355 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
356 | params['dynamic_vlan'] = "1"; | |
357 | params['accept_mac_file'] = "hostapd.accept"; | |
358 | hapd0 = hostapd.add_ap(apdev[0]['ifname'], params) | |
359 | ||
360 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
361 | params['dynamic_vlan'] = "1"; | |
362 | params['accept_mac_file'] = "hostapd.accept"; | |
363 | hapd1 = hostapd.add_ap(apdev[1]['ifname'], params) | |
364 | ||
365 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, roams=50, | |
366 | conndev="brvlan1") | |
367 | ||
cd7f1b9a JM |
368 | def test_ap_ft_mixed(dev, apdev): |
369 | """WPA2-PSK-FT mixed-mode AP""" | |
370 | ssid = "test-ft-mixed" | |
371 | passphrase="12345678" | |
372 | ||
373 | params = ft_params1(rsn=False, ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 374 | hapd = hostapd.add_ap(apdev[0], params) |
65038313 JM |
375 | key_mgmt = hapd.get_config()['key_mgmt'] |
376 | vals = key_mgmt.split(' ') | |
377 | if vals[0] != "WPA-PSK" or vals[1] != "FT-PSK": | |
378 | raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt) | |
cd7f1b9a | 379 | params = ft_params2(rsn=False, ssid=ssid, passphrase=passphrase) |
8b8a1864 | 380 | hapd1 = hostapd.add_ap(apdev[1], params) |
cd7f1b9a | 381 | |
a8375c94 | 382 | run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase) |
cd7f1b9a JM |
383 | |
384 | def test_ap_ft_pmf(dev, apdev): | |
385 | """WPA2-PSK-FT AP with PMF""" | |
386 | ssid = "test-ft" | |
387 | passphrase="12345678" | |
388 | ||
389 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
bc6e3288 | 390 | params["ieee80211w"] = "2" |
8b8a1864 | 391 | hapd0 = hostapd.add_ap(apdev[0], params) |
cd7f1b9a | 392 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
bc6e3288 | 393 | params["ieee80211w"] = "2" |
8b8a1864 | 394 | hapd1 = hostapd.add_ap(apdev[1], params) |
cd7f1b9a | 395 | |
a8375c94 | 396 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase) |
b553eab1 | 397 | |
ffcaca68 JM |
398 | def test_ap_ft_pmf_bip_cmac_128(dev, apdev): |
399 | """WPA2-PSK-FT AP with PMF/BIP-CMAC-128""" | |
400 | run_ap_ft_pmf_bip(dev, apdev, "AES-128-CMAC") | |
401 | ||
402 | def test_ap_ft_pmf_bip_gmac_128(dev, apdev): | |
403 | """WPA2-PSK-FT AP with PMF/BIP-GMAC-128""" | |
404 | run_ap_ft_pmf_bip(dev, apdev, "BIP-GMAC-128") | |
405 | ||
406 | def test_ap_ft_pmf_bip_gmac_256(dev, apdev): | |
407 | """WPA2-PSK-FT AP with PMF/BIP-GMAC-256""" | |
408 | run_ap_ft_pmf_bip(dev, apdev, "BIP-GMAC-256") | |
409 | ||
410 | def test_ap_ft_pmf_bip_cmac_256(dev, apdev): | |
411 | """WPA2-PSK-FT AP with PMF/BIP-CMAC-256""" | |
412 | run_ap_ft_pmf_bip(dev, apdev, "BIP-CMAC-256") | |
413 | ||
414 | def run_ap_ft_pmf_bip(dev, apdev, cipher): | |
415 | if cipher not in dev[0].get_capability("group_mgmt"): | |
416 | raise HwsimSkip("Cipher %s not supported" % cipher) | |
417 | ||
418 | ssid = "test-ft" | |
419 | passphrase="12345678" | |
420 | ||
421 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
422 | params["ieee80211w"] = "2" | |
423 | params["group_mgmt_cipher"] = cipher | |
424 | hapd0 = hostapd.add_ap(apdev[0], params) | |
425 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
426 | params["ieee80211w"] = "2" | |
427 | params["group_mgmt_cipher"] = cipher | |
428 | hapd1 = hostapd.add_ap(apdev[1], params) | |
429 | ||
430 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, | |
431 | group_mgmt=cipher) | |
432 | ||
b553eab1 JM |
433 | def test_ap_ft_over_ds(dev, apdev): |
434 | """WPA2-PSK-FT AP over DS""" | |
435 | ssid = "test-ft" | |
436 | passphrase="12345678" | |
437 | ||
438 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 439 | hapd0 = hostapd.add_ap(apdev[0], params) |
b553eab1 | 440 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
8b8a1864 | 441 | hapd1 = hostapd.add_ap(apdev[1], params) |
b553eab1 | 442 | |
a8375c94 | 443 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True) |
eaf3f9b1 JM |
444 | check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"), |
445 | ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4") ]) | |
b553eab1 | 446 | |
55139acb JM |
447 | def test_ap_ft_over_ds_disabled(dev, apdev): |
448 | """WPA2-PSK-FT AP over DS disabled""" | |
449 | ssid = "test-ft" | |
450 | passphrase="12345678" | |
451 | ||
452 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
453 | params['ft_over_ds'] = '0' | |
454 | hapd0 = hostapd.add_ap(apdev[0], params) | |
455 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
456 | params['ft_over_ds'] = '0' | |
457 | hapd1 = hostapd.add_ap(apdev[1], params) | |
458 | ||
459 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, | |
460 | fail_test=True) | |
461 | ||
473e5176 MB |
462 | def test_ap_ft_vlan_over_ds(dev, apdev): |
463 | """WPA2-PSK-FT AP over DS with VLAN""" | |
464 | ssid = "test-ft" | |
465 | passphrase="12345678" | |
466 | ||
467 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
468 | params['dynamic_vlan'] = "1"; | |
469 | params['accept_mac_file'] = "hostapd.accept"; | |
470 | hapd0 = hostapd.add_ap(apdev[0]['ifname'], params) | |
471 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
472 | params['dynamic_vlan'] = "1"; | |
473 | params['accept_mac_file'] = "hostapd.accept"; | |
474 | hapd1 = hostapd.add_ap(apdev[1]['ifname'], params) | |
475 | ||
476 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, | |
477 | conndev="brvlan1") | |
478 | check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"), | |
479 | ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4") ]) | |
480 | ||
40602101 JM |
481 | def test_ap_ft_over_ds_many(dev, apdev): |
482 | """WPA2-PSK-FT AP over DS multiple times""" | |
483 | ssid = "test-ft" | |
484 | passphrase="12345678" | |
485 | ||
486 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 487 | hapd0 = hostapd.add_ap(apdev[0], params) |
40602101 | 488 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
8b8a1864 | 489 | hapd1 = hostapd.add_ap(apdev[1], params) |
40602101 | 490 | |
a8375c94 JM |
491 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, |
492 | roams=50) | |
40602101 | 493 | |
473e5176 MB |
494 | def test_ap_ft_vlan_over_ds_many(dev, apdev): |
495 | """WPA2-PSK-FT AP over DS with VLAN multiple times""" | |
496 | ssid = "test-ft" | |
497 | passphrase="12345678" | |
498 | ||
499 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
500 | params['dynamic_vlan'] = "1"; | |
501 | params['accept_mac_file'] = "hostapd.accept"; | |
502 | hapd0 = hostapd.add_ap(apdev[0]['ifname'], params) | |
503 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
504 | params['dynamic_vlan'] = "1"; | |
505 | params['accept_mac_file'] = "hostapd.accept"; | |
506 | hapd1 = hostapd.add_ap(apdev[1]['ifname'], params) | |
507 | ||
508 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, | |
509 | roams=50, conndev="brvlan1") | |
510 | ||
9fd6804d | 511 | @remote_compatible |
c337d07a JM |
512 | def test_ap_ft_over_ds_unknown_target(dev, apdev): |
513 | """WPA2-PSK-FT AP""" | |
514 | ssid = "test-ft" | |
515 | passphrase="12345678" | |
516 | ||
517 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 518 | hapd0 = hostapd.add_ap(apdev[0], params) |
c337d07a JM |
519 | |
520 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
521 | scan_freq="2412") | |
522 | dev[0].roam_over_ds("02:11:22:33:44:55", fail_test=True) | |
523 | ||
9fd6804d | 524 | @remote_compatible |
211bb7c5 JM |
525 | def test_ap_ft_over_ds_unexpected(dev, apdev): |
526 | """WPA2-PSK-FT AP over DS and unexpected response""" | |
527 | ssid = "test-ft" | |
528 | passphrase="12345678" | |
529 | ||
530 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 531 | hapd0 = hostapd.add_ap(apdev[0], params) |
211bb7c5 | 532 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
8b8a1864 | 533 | hapd1 = hostapd.add_ap(apdev[1], params) |
211bb7c5 JM |
534 | |
535 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
536 | scan_freq="2412") | |
537 | if dev[0].get_status_field('bssid') == apdev[0]['bssid']: | |
538 | ap1 = apdev[0] | |
539 | ap2 = apdev[1] | |
540 | hapd1ap = hapd0 | |
541 | hapd2ap = hapd1 | |
542 | else: | |
543 | ap1 = apdev[1] | |
544 | ap2 = apdev[0] | |
545 | hapd1ap = hapd1 | |
546 | hapd2ap = hapd0 | |
547 | ||
548 | addr = dev[0].own_addr() | |
549 | hapd1ap.set("ext_mgmt_frame_handling", "1") | |
550 | logger.info("Foreign STA address") | |
551 | msg = {} | |
552 | msg['fc'] = 13 << 4 | |
553 | msg['da'] = addr | |
554 | msg['sa'] = ap1['bssid'] | |
555 | msg['bssid'] = ap1['bssid'] | |
556 | msg['payload'] = binascii.unhexlify("06021122334455660102030405060000") | |
557 | hapd1ap.mgmt_tx(msg) | |
558 | ||
559 | logger.info("No over-the-DS in progress") | |
560 | msg['payload'] = binascii.unhexlify("0602" + addr.replace(':', '') + "0102030405060000") | |
561 | hapd1ap.mgmt_tx(msg) | |
562 | ||
563 | logger.info("Non-zero status code") | |
564 | msg['payload'] = binascii.unhexlify("0602" + addr.replace(':', '') + "0102030405060100") | |
565 | hapd1ap.mgmt_tx(msg) | |
566 | ||
567 | hapd1ap.dump_monitor() | |
568 | ||
569 | dev[0].scan_for_bss(ap2['bssid'], freq="2412") | |
570 | if "OK" not in dev[0].request("FT_DS " + ap2['bssid']): | |
571 | raise Exception("FT_DS failed") | |
572 | ||
573 | req = hapd1ap.mgmt_rx() | |
574 | ||
575 | logger.info("Foreign Target AP") | |
576 | msg['payload'] = binascii.unhexlify("0602" + addr.replace(':', '') + "0102030405060000") | |
577 | hapd1ap.mgmt_tx(msg) | |
578 | ||
579 | addrs = addr.replace(':', '') + ap2['bssid'].replace(':', '') | |
580 | ||
581 | logger.info("No IEs") | |
582 | msg['payload'] = binascii.unhexlify("0602" + addrs + "0000") | |
583 | hapd1ap.mgmt_tx(msg) | |
584 | ||
585 | logger.info("Invalid IEs (trigger parsing failure)") | |
586 | msg['payload'] = binascii.unhexlify("0602" + addrs + "00003700") | |
587 | hapd1ap.mgmt_tx(msg) | |
588 | ||
589 | logger.info("Too short MDIE") | |
590 | msg['payload'] = binascii.unhexlify("0602" + addrs + "000036021122") | |
591 | hapd1ap.mgmt_tx(msg) | |
592 | ||
593 | logger.info("Mobility domain mismatch") | |
594 | msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603112201") | |
595 | hapd1ap.mgmt_tx(msg) | |
596 | ||
597 | logger.info("No FTIE") | |
598 | msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201") | |
599 | hapd1ap.mgmt_tx(msg) | |
600 | ||
601 | logger.info("FTIE SNonce mismatch") | |
602 | msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "1000000000000000000000000000000000000000000000000000000000000001" + "030a6e6173322e77312e6669") | |
603 | hapd1ap.mgmt_tx(msg) | |
604 | ||
605 | logger.info("No R0KH-ID subelem in FTIE") | |
606 | snonce = binascii.hexlify(req['payload'][111:111+32]) | |
607 | msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b20137520000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce) | |
608 | hapd1ap.mgmt_tx(msg) | |
609 | ||
610 | logger.info("No R0KH-ID subelem mismatch in FTIE") | |
611 | snonce = binascii.hexlify(req['payload'][111:111+32]) | |
612 | msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce + "030a11223344556677889900") | |
613 | hapd1ap.mgmt_tx(msg) | |
614 | ||
615 | logger.info("No R1KH-ID subelem in FTIE") | |
616 | r0khid = binascii.hexlify(req['payload'][145:145+10]) | |
617 | msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce + "030a" + r0khid) | |
618 | hapd1ap.mgmt_tx(msg) | |
619 | ||
620 | logger.info("No RSNE") | |
621 | r0khid = binascii.hexlify(req['payload'][145:145+10]) | |
622 | msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b20137660000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce + "030a" + r0khid + "0106000102030405") | |
623 | hapd1ap.mgmt_tx(msg) | |
624 | ||
b553eab1 JM |
625 | def test_ap_ft_pmf_over_ds(dev, apdev): |
626 | """WPA2-PSK-FT AP over DS with PMF""" | |
627 | ssid = "test-ft" | |
628 | passphrase="12345678" | |
629 | ||
630 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
bc6e3288 | 631 | params["ieee80211w"] = "2" |
8b8a1864 | 632 | hapd0 = hostapd.add_ap(apdev[0], params) |
b553eab1 | 633 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
bc6e3288 | 634 | params["ieee80211w"] = "2" |
8b8a1864 | 635 | hapd1 = hostapd.add_ap(apdev[1], params) |
b553eab1 | 636 | |
ffcaca68 JM |
637 | def test_ap_ft_pmf_bip_cmac_128_over_ds(dev, apdev): |
638 | """WPA2-PSK-FT AP over DS with PMF/BIP-CMAC-128""" | |
639 | run_ap_ft_pmf_bip_over_ds(dev, apdev, "AES-128-CMAC") | |
640 | ||
641 | def test_ap_ft_pmf_bip_gmac_128_over_ds(dev, apdev): | |
642 | """WPA2-PSK-FT AP over DS with PMF/BIP-GMAC-128""" | |
643 | run_ap_ft_pmf_bip_over_ds(dev, apdev, "BIP-GMAC-128") | |
644 | ||
645 | def test_ap_ft_pmf_bip_gmac_256_over_ds(dev, apdev): | |
646 | """WPA2-PSK-FT AP over DS with PMF/BIP-GMAC-256""" | |
647 | run_ap_ft_pmf_bip_over_ds(dev, apdev, "BIP-GMAC-256") | |
648 | ||
649 | def test_ap_ft_pmf_bip_cmac_256_over_ds(dev, apdev): | |
650 | """WPA2-PSK-FT AP over DS with PMF/BIP-CMAC-256""" | |
651 | run_ap_ft_pmf_bip_over_ds(dev, apdev, "BIP-CMAC-256") | |
652 | ||
653 | def run_ap_ft_pmf_bip_over_ds(dev, apdev, cipher): | |
654 | if cipher not in dev[0].get_capability("group_mgmt"): | |
655 | raise HwsimSkip("Cipher %s not supported" % cipher) | |
656 | ||
657 | ssid = "test-ft" | |
658 | passphrase="12345678" | |
659 | ||
660 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
661 | params["ieee80211w"] = "2" | |
662 | params["group_mgmt_cipher"] = cipher | |
663 | hapd0 = hostapd.add_ap(apdev[0], params) | |
664 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
665 | params["ieee80211w"] = "2" | |
666 | params["group_mgmt_cipher"] = cipher | |
667 | hapd1 = hostapd.add_ap(apdev[1], params) | |
668 | ||
669 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, | |
670 | group_mgmt=cipher) | |
6e658cc4 | 671 | |
aaba98d3 JM |
672 | def test_ap_ft_over_ds_pull(dev, apdev): |
673 | """WPA2-PSK-FT AP over DS (pull PMK)""" | |
674 | ssid = "test-ft" | |
675 | passphrase="12345678" | |
676 | ||
677 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
678 | params["pmk_r1_push"] = "0" | |
8b8a1864 | 679 | hapd0 = hostapd.add_ap(apdev[0], params) |
aaba98d3 JM |
680 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
681 | params["pmk_r1_push"] = "0" | |
8b8a1864 | 682 | hapd1 = hostapd.add_ap(apdev[1], params) |
aaba98d3 | 683 | |
a8375c94 | 684 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True) |
aaba98d3 | 685 | |
c95dd8e4 JM |
686 | def test_ap_ft_over_ds_pull_old_key(dev, apdev): |
687 | """WPA2-PSK-FT AP over DS (pull PMK; old key)""" | |
688 | ssid = "test-ft" | |
689 | passphrase="12345678" | |
690 | ||
691 | params = ft_params1_old_key(ssid=ssid, passphrase=passphrase) | |
692 | params["pmk_r1_push"] = "0" | |
693 | hapd0 = hostapd.add_ap(apdev[0], params) | |
694 | params = ft_params2_old_key(ssid=ssid, passphrase=passphrase) | |
695 | params["pmk_r1_push"] = "0" | |
696 | hapd1 = hostapd.add_ap(apdev[1], params) | |
697 | ||
698 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True) | |
699 | ||
473e5176 MB |
700 | def test_ap_ft_over_ds_pull_vlan(dev, apdev): |
701 | """WPA2-PSK-FT AP over DS (pull PMK) with VLAN""" | |
702 | ssid = "test-ft" | |
703 | passphrase="12345678" | |
704 | ||
705 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
706 | params["pmk_r1_push"] = "0" | |
707 | params['dynamic_vlan'] = "1"; | |
708 | params['accept_mac_file'] = "hostapd.accept"; | |
709 | hapd0 = hostapd.add_ap(apdev[0]['ifname'], params) | |
710 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
711 | params["pmk_r1_push"] = "0" | |
712 | params['dynamic_vlan'] = "1"; | |
713 | params['accept_mac_file'] = "hostapd.accept"; | |
714 | hapd1 = hostapd.add_ap(apdev[1]['ifname'], params) | |
715 | ||
716 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, | |
717 | conndev="brvlan1") | |
718 | ||
6e658cc4 JM |
719 | def test_ap_ft_sae(dev, apdev): |
720 | """WPA2-PSK-FT-SAE AP""" | |
b9749b6a JM |
721 | if "SAE" not in dev[0].get_capability("auth_alg"): |
722 | raise HwsimSkip("SAE not supported") | |
6e658cc4 JM |
723 | ssid = "test-ft" |
724 | passphrase="12345678" | |
725 | ||
726 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
727 | params['wpa_key_mgmt'] = "FT-SAE" | |
8b8a1864 | 728 | hapd0 = hostapd.add_ap(apdev[0], params) |
6e658cc4 JM |
729 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
730 | params['wpa_key_mgmt'] = "FT-SAE" | |
8b8a1864 | 731 | hapd = hostapd.add_ap(apdev[1], params) |
65038313 JM |
732 | key_mgmt = hapd.get_config()['key_mgmt'] |
733 | if key_mgmt.split(' ')[0] != "FT-SAE": | |
734 | raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt) | |
6e658cc4 | 735 | |
17ffdf39 | 736 | dev[0].request("SET sae_groups ") |
a8375c94 | 737 | run_roams(dev[0], apdev, hapd0, hapd, ssid, passphrase, sae=True) |
6e658cc4 JM |
738 | |
739 | def test_ap_ft_sae_over_ds(dev, apdev): | |
740 | """WPA2-PSK-FT-SAE AP over DS""" | |
b9749b6a JM |
741 | if "SAE" not in dev[0].get_capability("auth_alg"): |
742 | raise HwsimSkip("SAE not supported") | |
6e658cc4 JM |
743 | ssid = "test-ft" |
744 | passphrase="12345678" | |
745 | ||
746 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
747 | params['wpa_key_mgmt'] = "FT-SAE" | |
8b8a1864 | 748 | hapd0 = hostapd.add_ap(apdev[0], params) |
6e658cc4 JM |
749 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
750 | params['wpa_key_mgmt'] = "FT-SAE" | |
8b8a1864 | 751 | hapd1 = hostapd.add_ap(apdev[1], params) |
6e658cc4 | 752 | |
17ffdf39 | 753 | dev[0].request("SET sae_groups ") |
a8375c94 JM |
754 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, sae=True, |
755 | over_ds=True) | |
6f62809b | 756 | |
d269740a MB |
757 | def generic_ap_ft_eap(dev, apdev, vlan=False, cui=False, over_ds=False, |
758 | discovery=False, roams=1): | |
6f62809b JM |
759 | ssid = "test-ft" |
760 | passphrase="12345678" | |
9c50a6d3 MB |
761 | if vlan: |
762 | identity="gpsk-vlan1" | |
763 | conndev="brvlan1" | |
d269740a MB |
764 | elif cui: |
765 | identity="gpsk-cui" | |
766 | conndev=False | |
9c50a6d3 MB |
767 | else: |
768 | identity="gpsk user" | |
769 | conndev=False | |
6f62809b JM |
770 | |
771 | radius = hostapd.radius_params() | |
942b52a8 | 772 | params = ft_params1(ssid=ssid, passphrase=passphrase, discovery=discovery) |
6f62809b JM |
773 | params['wpa_key_mgmt'] = "FT-EAP" |
774 | params["ieee8021x"] = "1" | |
9c50a6d3 MB |
775 | if vlan: |
776 | params["dynamic_vlan"] = "1" | |
6f62809b | 777 | params = dict(radius.items() + params.items()) |
8b8a1864 | 778 | hapd = hostapd.add_ap(apdev[0], params) |
65038313 JM |
779 | key_mgmt = hapd.get_config()['key_mgmt'] |
780 | if key_mgmt.split(' ')[0] != "FT-EAP": | |
781 | raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt) | |
942b52a8 | 782 | params = ft_params2(ssid=ssid, passphrase=passphrase, discovery=discovery) |
6f62809b JM |
783 | params['wpa_key_mgmt'] = "FT-EAP" |
784 | params["ieee8021x"] = "1" | |
9c50a6d3 MB |
785 | if vlan: |
786 | params["dynamic_vlan"] = "1" | |
6f62809b | 787 | params = dict(radius.items() + params.items()) |
8b8a1864 | 788 | hapd1 = hostapd.add_ap(apdev[1], params) |
6f62809b | 789 | |
942b52a8 | 790 | run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True, |
9c50a6d3 MB |
791 | over_ds=over_ds, roams=roams, eap_identity=identity, |
792 | conndev=conndev) | |
91bc6c36 JM |
793 | if "[WPA2-FT/EAP-CCMP]" not in dev[0].request("SCAN_RESULTS"): |
794 | raise Exception("Scan results missing RSN element info") | |
eaf3f9b1 JM |
795 | check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-3"), |
796 | ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-3") ]) | |
aaba98d3 | 797 | |
4013d688 JM |
798 | # Verify EAPOL reauthentication after FT protocol |
799 | if dev[0].get_status_field('bssid') == apdev[0]['bssid']: | |
800 | ap = hapd | |
801 | else: | |
802 | ap = hapd1 | |
803 | ap.request("EAPOL_REAUTH " + dev[0].own_addr()) | |
804 | ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5) | |
805 | if ev is None: | |
806 | raise Exception("EAP authentication did not start") | |
807 | ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=5) | |
808 | if ev is None: | |
809 | raise Exception("EAP authentication did not succeed") | |
810 | time.sleep(0.1) | |
9c50a6d3 MB |
811 | if conndev: |
812 | hwsim_utils.test_connectivity_iface(dev[0], ap, conndev) | |
813 | else: | |
814 | hwsim_utils.test_connectivity(dev[0], ap) | |
4013d688 | 815 | |
942b52a8 MB |
816 | def test_ap_ft_eap(dev, apdev): |
817 | """WPA2-EAP-FT AP""" | |
818 | generic_ap_ft_eap(dev, apdev) | |
819 | ||
d269740a MB |
820 | def test_ap_ft_eap_cui(dev, apdev): |
821 | """WPA2-EAP-FT AP with CUI""" | |
822 | generic_ap_ft_eap(dev, apdev, vlan=False, cui=True) | |
823 | ||
9c50a6d3 MB |
824 | def test_ap_ft_eap_vlan(dev, apdev): |
825 | """WPA2-EAP-FT AP with VLAN""" | |
826 | generic_ap_ft_eap(dev, apdev, vlan=True) | |
827 | ||
828 | def test_ap_ft_eap_vlan_multi(dev, apdev): | |
829 | """WPA2-EAP-FT AP with VLAN""" | |
830 | generic_ap_ft_eap(dev, apdev, vlan=True, roams=50) | |
831 | ||
942b52a8 MB |
832 | def test_ap_ft_eap_over_ds(dev, apdev): |
833 | """WPA2-EAP-FT AP using over-the-DS""" | |
834 | generic_ap_ft_eap(dev, apdev, over_ds=True) | |
835 | ||
836 | def test_ap_ft_eap_dis(dev, apdev): | |
837 | """WPA2-EAP-FT AP with AP discovery""" | |
838 | generic_ap_ft_eap(dev, apdev, discovery=True) | |
839 | ||
840 | def test_ap_ft_eap_dis_over_ds(dev, apdev): | |
841 | """WPA2-EAP-FT AP with AP discovery and over-the-DS""" | |
842 | generic_ap_ft_eap(dev, apdev, over_ds=True, discovery=True) | |
843 | ||
9c50a6d3 MB |
844 | def test_ap_ft_eap_vlan(dev, apdev): |
845 | """WPA2-EAP-FT AP with VLAN""" | |
846 | generic_ap_ft_eap(dev, apdev, vlan=True) | |
847 | ||
848 | def test_ap_ft_eap_vlan_multi(dev, apdev): | |
849 | """WPA2-EAP-FT AP with VLAN""" | |
850 | generic_ap_ft_eap(dev, apdev, vlan=True, roams=50) | |
851 | ||
852 | def test_ap_ft_eap_vlan_over_ds(dev, apdev): | |
853 | """WPA2-EAP-FT AP with VLAN + over_ds""" | |
854 | generic_ap_ft_eap(dev, apdev, vlan=True, over_ds=True) | |
855 | ||
856 | def test_ap_ft_eap_vlan_over_ds_multi(dev, apdev): | |
857 | """WPA2-EAP-FT AP with VLAN + over_ds""" | |
858 | generic_ap_ft_eap(dev, apdev, vlan=True, over_ds=True, roams=50) | |
859 | ||
860 | def generic_ap_ft_eap_pull(dev, apdev, vlan=False): | |
aaba98d3 JM |
861 | """WPA2-EAP-FT AP (pull PMK)""" |
862 | ssid = "test-ft" | |
863 | passphrase="12345678" | |
9c50a6d3 MB |
864 | if vlan: |
865 | identity="gpsk-vlan1" | |
866 | conndev="brvlan1" | |
867 | else: | |
868 | identity="gpsk user" | |
869 | conndev=False | |
aaba98d3 JM |
870 | |
871 | radius = hostapd.radius_params() | |
872 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
873 | params['wpa_key_mgmt'] = "FT-EAP" | |
874 | params["ieee8021x"] = "1" | |
875 | params["pmk_r1_push"] = "0" | |
9c50a6d3 MB |
876 | if vlan: |
877 | params["dynamic_vlan"] = "1" | |
aaba98d3 | 878 | params = dict(radius.items() + params.items()) |
8b8a1864 | 879 | hapd = hostapd.add_ap(apdev[0], params) |
aaba98d3 JM |
880 | key_mgmt = hapd.get_config()['key_mgmt'] |
881 | if key_mgmt.split(' ')[0] != "FT-EAP": | |
882 | raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt) | |
883 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
884 | params['wpa_key_mgmt'] = "FT-EAP" | |
885 | params["ieee8021x"] = "1" | |
886 | params["pmk_r1_push"] = "0" | |
9c50a6d3 MB |
887 | if vlan: |
888 | params["dynamic_vlan"] = "1" | |
aaba98d3 | 889 | params = dict(radius.items() + params.items()) |
8b8a1864 | 890 | hapd1 = hostapd.add_ap(apdev[1], params) |
aaba98d3 | 891 | |
9c50a6d3 MB |
892 | run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True, |
893 | eap_identity=identity, conndev=conndev) | |
894 | ||
895 | def test_ap_ft_eap_pull(dev, apdev): | |
896 | """WPA2-EAP-FT AP (pull PMK)""" | |
897 | generic_ap_ft_eap_pull(dev, apdev) | |
898 | ||
899 | def test_ap_ft_eap_pull_vlan(dev, apdev): | |
900 | generic_ap_ft_eap_pull(dev, apdev, vlan=True) | |
3b808945 | 901 | |
f81c1411 JM |
902 | def test_ap_ft_eap_pull_wildcard(dev, apdev): |
903 | """WPA2-EAP-FT AP (pull PMK) - wildcard R0KH/R1KH""" | |
904 | ssid = "test-ft" | |
905 | passphrase="12345678" | |
906 | ||
907 | radius = hostapd.radius_params() | |
908 | params = ft_params1(ssid=ssid, passphrase=passphrase, discovery=True) | |
909 | params['wpa_key_mgmt'] = "WPA-EAP FT-EAP" | |
910 | params["ieee8021x"] = "1" | |
911 | params["pmk_r1_push"] = "0" | |
912 | params["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff" | |
913 | params["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff" | |
914 | params["ft_psk_generate_local"] = "1" | |
915 | params["eap_server"] = "0" | |
916 | params = dict(radius.items() + params.items()) | |
917 | hapd = hostapd.add_ap(apdev[0], params) | |
918 | params = ft_params2(ssid=ssid, passphrase=passphrase, discovery=True) | |
919 | params['wpa_key_mgmt'] = "WPA-EAP FT-EAP" | |
920 | params["ieee8021x"] = "1" | |
921 | params["pmk_r1_push"] = "0" | |
922 | params["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff" | |
923 | params["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff" | |
924 | params["ft_psk_generate_local"] = "1" | |
925 | params["eap_server"] = "0" | |
926 | params = dict(radius.items() + params.items()) | |
927 | hapd1 = hostapd.add_ap(apdev[1], params) | |
928 | ||
929 | run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True) | |
930 | ||
9fd6804d | 931 | @remote_compatible |
3b808945 JM |
932 | def test_ap_ft_mismatching_rrb_key_push(dev, apdev): |
933 | """WPA2-PSK-FT AP over DS with mismatching RRB key (push)""" | |
934 | ssid = "test-ft" | |
935 | passphrase="12345678" | |
936 | ||
937 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
bc6e3288 | 938 | params["ieee80211w"] = "2" |
8b8a1864 | 939 | hapd0 = hostapd.add_ap(apdev[0], params) |
3b808945 | 940 | params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase) |
bc6e3288 | 941 | params["ieee80211w"] = "2" |
8b8a1864 | 942 | hapd1 = hostapd.add_ap(apdev[1], params) |
3b808945 | 943 | |
a8375c94 JM |
944 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, |
945 | fail_test=True) | |
3b808945 | 946 | |
9fd6804d | 947 | @remote_compatible |
3b808945 JM |
948 | def test_ap_ft_mismatching_rrb_key_pull(dev, apdev): |
949 | """WPA2-PSK-FT AP over DS with mismatching RRB key (pull)""" | |
950 | ssid = "test-ft" | |
951 | passphrase="12345678" | |
952 | ||
953 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
954 | params["pmk_r1_push"] = "0" | |
8b8a1864 | 955 | hapd0 = hostapd.add_ap(apdev[0], params) |
3b808945 JM |
956 | params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase) |
957 | params["pmk_r1_push"] = "0" | |
8b8a1864 | 958 | hapd1 = hostapd.add_ap(apdev[1], params) |
3b808945 | 959 | |
a8375c94 JM |
960 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, |
961 | fail_test=True) | |
3b808945 | 962 | |
9fd6804d | 963 | @remote_compatible |
ae14a2e2 JM |
964 | def test_ap_ft_mismatching_r0kh_id_pull(dev, apdev): |
965 | """WPA2-PSK-FT AP over DS with mismatching R0KH-ID (pull)""" | |
966 | ssid = "test-ft" | |
967 | passphrase="12345678" | |
968 | ||
969 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
970 | params["pmk_r1_push"] = "0" | |
971 | params["nas_identifier"] = "nas0.w1.fi" | |
8b8a1864 | 972 | hostapd.add_ap(apdev[0], params) |
2f816c21 JM |
973 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", |
974 | scan_freq="2412") | |
ae14a2e2 JM |
975 | |
976 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
977 | params["pmk_r1_push"] = "0" | |
8b8a1864 | 978 | hostapd.add_ap(apdev[1], params) |
ae14a2e2 JM |
979 | |
980 | dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412") | |
981 | dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True) | |
982 | ||
9fd6804d | 983 | @remote_compatible |
3b808945 JM |
984 | def test_ap_ft_mismatching_rrb_r0kh_push(dev, apdev): |
985 | """WPA2-PSK-FT AP over DS with mismatching R0KH key (push)""" | |
986 | ssid = "test-ft" | |
987 | passphrase="12345678" | |
988 | ||
989 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
bc6e3288 | 990 | params["ieee80211w"] = "2" |
8b8a1864 | 991 | hapd0 = hostapd.add_ap(apdev[0], params) |
3b808945 | 992 | params = ft_params2_r0kh_mismatch(ssid=ssid, passphrase=passphrase) |
bc6e3288 | 993 | params["ieee80211w"] = "2" |
8b8a1864 | 994 | hapd1 = hostapd.add_ap(apdev[1], params) |
3b808945 | 995 | |
a8375c94 JM |
996 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, |
997 | fail_test=True) | |
3b808945 | 998 | |
9fd6804d | 999 | @remote_compatible |
3b808945 JM |
1000 | def test_ap_ft_mismatching_rrb_r0kh_pull(dev, apdev): |
1001 | """WPA2-PSK-FT AP over DS with mismatching R0KH key (pull)""" | |
1002 | ssid = "test-ft" | |
1003 | passphrase="12345678" | |
1004 | ||
1005 | params = ft_params1_r0kh_mismatch(ssid=ssid, passphrase=passphrase) | |
1006 | params["pmk_r1_push"] = "0" | |
8b8a1864 | 1007 | hapd0 = hostapd.add_ap(apdev[0], params) |
3b808945 JM |
1008 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
1009 | params["pmk_r1_push"] = "0" | |
8b8a1864 | 1010 | hapd1 = hostapd.add_ap(apdev[1], params) |
3b808945 | 1011 | |
a8375c94 JM |
1012 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, |
1013 | fail_test=True) | |
c6b6e105 | 1014 | |
150948e6 MB |
1015 | def test_ap_ft_mismatching_rrb_key_push_eap(dev, apdev): |
1016 | """WPA2-EAP-FT AP over DS with mismatching RRB key (push)""" | |
1017 | ssid = "test-ft" | |
1018 | passphrase="12345678" | |
1019 | ||
1020 | radius = hostapd.radius_params() | |
1021 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1022 | params["ieee80211w"] = "2"; | |
1023 | params['wpa_key_mgmt'] = "FT-EAP" | |
1024 | params["ieee8021x"] = "1" | |
1025 | params = dict(radius.items() + params.items()) | |
b098542c | 1026 | hapd0 = hostapd.add_ap(apdev[0], params) |
150948e6 MB |
1027 | params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase) |
1028 | params["ieee80211w"] = "2"; | |
1029 | params['wpa_key_mgmt'] = "FT-EAP" | |
1030 | params["ieee8021x"] = "1" | |
1031 | params = dict(radius.items() + params.items()) | |
b098542c | 1032 | hapd1 = hostapd.add_ap(apdev[1], params) |
150948e6 MB |
1033 | |
1034 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, | |
1035 | fail_test=True, eap=True) | |
1036 | ||
1037 | def test_ap_ft_mismatching_rrb_key_pull_eap(dev, apdev): | |
1038 | """WPA2-EAP-FT AP over DS with mismatching RRB key (pull)""" | |
1039 | ssid = "test-ft" | |
1040 | passphrase="12345678" | |
1041 | ||
1042 | radius = hostapd.radius_params() | |
1043 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1044 | params["pmk_r1_push"] = "0" | |
1045 | params['wpa_key_mgmt'] = "FT-EAP" | |
1046 | params["ieee8021x"] = "1" | |
1047 | params = dict(radius.items() + params.items()) | |
b098542c | 1048 | hapd0 = hostapd.add_ap(apdev[0], params) |
150948e6 MB |
1049 | params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase) |
1050 | params["pmk_r1_push"] = "0" | |
1051 | params['wpa_key_mgmt'] = "FT-EAP" | |
1052 | params["ieee8021x"] = "1" | |
1053 | params = dict(radius.items() + params.items()) | |
b098542c | 1054 | hapd1 = hostapd.add_ap(apdev[1], params) |
150948e6 MB |
1055 | |
1056 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, | |
1057 | fail_test=True, eap=True) | |
1058 | ||
1059 | def test_ap_ft_mismatching_r0kh_id_pull_eap(dev, apdev): | |
1060 | """WPA2-EAP-FT AP over DS with mismatching R0KH-ID (pull)""" | |
1061 | ssid = "test-ft" | |
1062 | passphrase="12345678" | |
1063 | ||
1064 | radius = hostapd.radius_params() | |
1065 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1066 | params["pmk_r1_push"] = "0" | |
1067 | params["nas_identifier"] = "nas0.w1.fi" | |
1068 | params['wpa_key_mgmt'] = "FT-EAP" | |
1069 | params["ieee8021x"] = "1" | |
1070 | params = dict(radius.items() + params.items()) | |
b098542c | 1071 | hostapd.add_ap(apdev[0], params) |
150948e6 MB |
1072 | dev[0].connect(ssid, key_mgmt="FT-EAP", proto="WPA2", ieee80211w="1", |
1073 | eap="GPSK", identity="gpsk user", | |
1074 | password="abcdefghijklmnop0123456789abcdef", | |
1075 | scan_freq="2412") | |
1076 | ||
1077 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1078 | params["pmk_r1_push"] = "0" | |
1079 | params['wpa_key_mgmt'] = "FT-EAP" | |
1080 | params["ieee8021x"] = "1" | |
1081 | params = dict(radius.items() + params.items()) | |
b098542c | 1082 | hostapd.add_ap(apdev[1], params) |
150948e6 MB |
1083 | |
1084 | dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412") | |
1085 | dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True) | |
1086 | ||
1087 | def test_ap_ft_mismatching_rrb_r0kh_push_eap(dev, apdev): | |
1088 | """WPA2-EAP-FT AP over DS with mismatching R0KH key (push)""" | |
1089 | ssid = "test-ft" | |
1090 | passphrase="12345678" | |
1091 | ||
1092 | radius = hostapd.radius_params() | |
1093 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1094 | params["ieee80211w"] = "2"; | |
1095 | params['wpa_key_mgmt'] = "FT-EAP" | |
1096 | params["ieee8021x"] = "1" | |
1097 | params = dict(radius.items() + params.items()) | |
b098542c | 1098 | hapd0 = hostapd.add_ap(apdev[0], params) |
150948e6 MB |
1099 | params = ft_params2_r0kh_mismatch(ssid=ssid, passphrase=passphrase) |
1100 | params["ieee80211w"] = "2"; | |
1101 | params['wpa_key_mgmt'] = "FT-EAP" | |
1102 | params["ieee8021x"] = "1" | |
1103 | params = dict(radius.items() + params.items()) | |
b098542c | 1104 | hapd1 = hostapd.add_ap(apdev[1], params) |
150948e6 MB |
1105 | |
1106 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, | |
1107 | fail_test=True, eap=True) | |
1108 | ||
1109 | def test_ap_ft_mismatching_rrb_r0kh_pull_eap(dev, apdev): | |
1110 | """WPA2-EAP-FT AP over DS with mismatching R0KH key (pull)""" | |
1111 | ssid = "test-ft" | |
1112 | passphrase="12345678" | |
1113 | ||
1114 | radius = hostapd.radius_params() | |
1115 | params = ft_params1_r0kh_mismatch(ssid=ssid, passphrase=passphrase) | |
1116 | params["pmk_r1_push"] = "0" | |
1117 | params['wpa_key_mgmt'] = "FT-EAP" | |
1118 | params["ieee8021x"] = "1" | |
1119 | params = dict(radius.items() + params.items()) | |
b098542c | 1120 | hapd0 = hostapd.add_ap(apdev[0], params) |
150948e6 MB |
1121 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
1122 | params["pmk_r1_push"] = "0" | |
1123 | params['wpa_key_mgmt'] = "FT-EAP" | |
1124 | params["ieee8021x"] = "1" | |
1125 | params = dict(radius.items() + params.items()) | |
b098542c | 1126 | hapd1 = hostapd.add_ap(apdev[1], params) |
150948e6 MB |
1127 | |
1128 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, | |
1129 | fail_test=True, eap=True) | |
1130 | ||
c6b6e105 JM |
1131 | def test_ap_ft_gtk_rekey(dev, apdev): |
1132 | """WPA2-PSK-FT AP and GTK rekey""" | |
1133 | ssid = "test-ft" | |
1134 | passphrase="12345678" | |
1135 | ||
1136 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1137 | params['wpa_group_rekey'] = '1' | |
8b8a1864 | 1138 | hapd = hostapd.add_ap(apdev[0], params) |
c6b6e105 JM |
1139 | |
1140 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
2f816c21 | 1141 | ieee80211w="1", scan_freq="2412") |
c6b6e105 JM |
1142 | |
1143 | ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2) | |
1144 | if ev is None: | |
1145 | raise Exception("GTK rekey timed out after initial association") | |
a8375c94 | 1146 | hwsim_utils.test_connectivity(dev[0], hapd) |
c6b6e105 JM |
1147 | |
1148 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1149 | params['wpa_group_rekey'] = '1' | |
8b8a1864 | 1150 | hapd1 = hostapd.add_ap(apdev[1], params) |
c6b6e105 JM |
1151 | |
1152 | dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412") | |
1153 | dev[0].roam(apdev[1]['bssid']) | |
1154 | if dev[0].get_status_field('bssid') != apdev[1]['bssid']: | |
1155 | raise Exception("Did not connect to correct AP") | |
a8375c94 | 1156 | hwsim_utils.test_connectivity(dev[0], hapd1) |
c6b6e105 JM |
1157 | |
1158 | ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2) | |
1159 | if ev is None: | |
1160 | raise Exception("GTK rekey timed out after FT protocol") | |
a8375c94 | 1161 | hwsim_utils.test_connectivity(dev[0], hapd1) |
5b3c40a6 JM |
1162 | |
1163 | def test_ft_psk_key_lifetime_in_memory(dev, apdev, params): | |
1164 | """WPA2-PSK-FT and key lifetime in memory""" | |
1165 | ssid = "test-ft" | |
1166 | passphrase="04c2726b4b8d5f1b4db9c07aa4d9e9d8f765cb5d25ec817e6cc4fcdd5255db0" | |
1167 | psk = '93c90846ff67af9037ed83fb72b63dbeddaa81d47f926c20909b5886f1d9358d' | |
1168 | pmk = binascii.unhexlify(psk) | |
1169 | p = ft_params1(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 1170 | hapd0 = hostapd.add_ap(apdev[0], p) |
5b3c40a6 | 1171 | p = ft_params2(ssid=ssid, passphrase=passphrase) |
8b8a1864 | 1172 | hapd1 = hostapd.add_ap(apdev[1], p) |
5b3c40a6 JM |
1173 | |
1174 | pid = find_wpas_process(dev[0]) | |
1175 | ||
1176 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1177 | scan_freq="2412") | |
8e416cec JM |
1178 | # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED |
1179 | # event has been delivered, so verify that wpa_supplicant has returned to | |
1180 | # eloop before reading process memory. | |
54f2cae2 | 1181 | time.sleep(1) |
8e416cec | 1182 | dev[0].ping() |
5b3c40a6 JM |
1183 | |
1184 | buf = read_process_memory(pid, pmk) | |
1185 | ||
1186 | dev[0].request("DISCONNECT") | |
1187 | dev[0].wait_disconnected() | |
1188 | ||
1189 | dev[0].relog() | |
1190 | pmkr0 = None | |
1191 | pmkr1 = None | |
1192 | ptk = None | |
1193 | gtk = None | |
1194 | with open(os.path.join(params['logdir'], 'log0'), 'r') as f: | |
1195 | for l in f.readlines(): | |
1196 | if "FT: PMK-R0 - hexdump" in l: | |
1197 | val = l.strip().split(':')[3].replace(' ', '') | |
1198 | pmkr0 = binascii.unhexlify(val) | |
1199 | if "FT: PMK-R1 - hexdump" in l: | |
1200 | val = l.strip().split(':')[3].replace(' ', '') | |
1201 | pmkr1 = binascii.unhexlify(val) | |
f918b95b | 1202 | if "FT: KCK - hexdump" in l: |
5b3c40a6 | 1203 | val = l.strip().split(':')[3].replace(' ', '') |
f918b95b JM |
1204 | kck = binascii.unhexlify(val) |
1205 | if "FT: KEK - hexdump" in l: | |
1206 | val = l.strip().split(':')[3].replace(' ', '') | |
1207 | kek = binascii.unhexlify(val) | |
1208 | if "FT: TK - hexdump" in l: | |
1209 | val = l.strip().split(':')[3].replace(' ', '') | |
1210 | tk = binascii.unhexlify(val) | |
5b3c40a6 JM |
1211 | if "WPA: Group Key - hexdump" in l: |
1212 | val = l.strip().split(':')[3].replace(' ', '') | |
1213 | gtk = binascii.unhexlify(val) | |
f918b95b | 1214 | if not pmkr0 or not pmkr1 or not kck or not kek or not tk or not gtk: |
5b3c40a6 JM |
1215 | raise Exception("Could not find keys from debug log") |
1216 | if len(gtk) != 16: | |
1217 | raise Exception("Unexpected GTK length") | |
1218 | ||
5b3c40a6 JM |
1219 | logger.info("Checking keys in memory while associated") |
1220 | get_key_locations(buf, pmk, "PMK") | |
1221 | get_key_locations(buf, pmkr0, "PMK-R0") | |
1222 | get_key_locations(buf, pmkr1, "PMK-R1") | |
1223 | if pmk not in buf: | |
81e787b7 | 1224 | raise HwsimSkip("PMK not found while associated") |
5b3c40a6 | 1225 | if pmkr0 not in buf: |
81e787b7 | 1226 | raise HwsimSkip("PMK-R0 not found while associated") |
5b3c40a6 | 1227 | if pmkr1 not in buf: |
81e787b7 | 1228 | raise HwsimSkip("PMK-R1 not found while associated") |
5b3c40a6 JM |
1229 | if kck not in buf: |
1230 | raise Exception("KCK not found while associated") | |
1231 | if kek not in buf: | |
1232 | raise Exception("KEK not found while associated") | |
b74f82a4 JM |
1233 | #if tk in buf: |
1234 | # raise Exception("TK found from memory") | |
5b3c40a6 JM |
1235 | |
1236 | logger.info("Checking keys in memory after disassociation") | |
1237 | buf = read_process_memory(pid, pmk) | |
1238 | get_key_locations(buf, pmk, "PMK") | |
1239 | get_key_locations(buf, pmkr0, "PMK-R0") | |
1240 | get_key_locations(buf, pmkr1, "PMK-R1") | |
1241 | ||
1242 | # Note: PMK/PSK is still present in network configuration | |
1243 | ||
1244 | fname = os.path.join(params['logdir'], | |
1245 | 'ft_psk_key_lifetime_in_memory.memctx-') | |
1246 | verify_not_present(buf, pmkr0, fname, "PMK-R0") | |
1247 | verify_not_present(buf, pmkr1, fname, "PMK-R1") | |
1248 | verify_not_present(buf, kck, fname, "KCK") | |
1249 | verify_not_present(buf, kek, fname, "KEK") | |
1250 | verify_not_present(buf, tk, fname, "TK") | |
6db556b2 JM |
1251 | if gtk in buf: |
1252 | get_key_locations(buf, gtk, "GTK") | |
5b3c40a6 JM |
1253 | verify_not_present(buf, gtk, fname, "GTK") |
1254 | ||
1255 | dev[0].request("REMOVE_NETWORK all") | |
1256 | ||
1257 | logger.info("Checking keys in memory after network profile removal") | |
1258 | buf = read_process_memory(pid, pmk) | |
1259 | get_key_locations(buf, pmk, "PMK") | |
1260 | get_key_locations(buf, pmkr0, "PMK-R0") | |
1261 | get_key_locations(buf, pmkr1, "PMK-R1") | |
1262 | ||
1263 | verify_not_present(buf, pmk, fname, "PMK") | |
1264 | verify_not_present(buf, pmkr0, fname, "PMK-R0") | |
1265 | verify_not_present(buf, pmkr1, fname, "PMK-R1") | |
1266 | verify_not_present(buf, kck, fname, "KCK") | |
1267 | verify_not_present(buf, kek, fname, "KEK") | |
1268 | verify_not_present(buf, tk, fname, "TK") | |
1269 | verify_not_present(buf, gtk, fname, "GTK") | |
664093b5 | 1270 | |
9fd6804d | 1271 | @remote_compatible |
664093b5 JM |
1272 | def test_ap_ft_invalid_resp(dev, apdev): |
1273 | """WPA2-PSK-FT AP and invalid response IEs""" | |
1274 | ssid = "test-ft" | |
1275 | passphrase="12345678" | |
1276 | ||
1277 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 1278 | hapd0 = hostapd.add_ap(apdev[0], params) |
664093b5 JM |
1279 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", |
1280 | scan_freq="2412") | |
1281 | ||
1282 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 1283 | hapd1 = hostapd.add_ap(apdev[1], params) |
664093b5 JM |
1284 | |
1285 | tests = [ | |
1286 | # Various IEs for test coverage. The last one is FTIE with invalid | |
1287 | # R1KH-ID subelement. | |
1288 | "020002000000" + "3800" + "38051122334455" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010100", | |
1289 | # FTIE with invalid R0KH-ID subelement (len=0). | |
1290 | "020002000000" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010300", | |
1291 | # FTIE with invalid R0KH-ID subelement (len=49). | |
1292 | "020002000000" + "378500010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001033101020304050607080910111213141516171819202122232425262728293031323334353637383940414243444546474849", | |
1293 | # Invalid RSNE. | |
1294 | "020002000000" + "3000", | |
1295 | # Required IEs missing from protected IE count. | |
1296 | "020002000000" + "3603a1b201" + "375200010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900", | |
1297 | # RIC missing from protected IE count. | |
1298 | "020002000000" + "3603a1b201" + "375200020203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900", | |
1299 | # Protected IE missing. | |
1300 | "020002000000" + "3603a1b201" + "375200ff0203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900" + "0000" ] | |
1301 | for t in tests: | |
1302 | dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412") | |
1303 | hapd1.set("ext_mgmt_frame_handling", "1") | |
1304 | hapd1.dump_monitor() | |
1305 | if "OK" not in dev[0].request("ROAM " + apdev[1]['bssid']): | |
1306 | raise Exception("ROAM failed") | |
1307 | auth = None | |
1308 | for i in range(20): | |
1309 | msg = hapd1.mgmt_rx() | |
1310 | if msg['subtype'] == 11: | |
1311 | auth = msg | |
1312 | break | |
1313 | if not auth: | |
1314 | raise Exception("Authentication frame not seen") | |
1315 | ||
1316 | resp = {} | |
1317 | resp['fc'] = auth['fc'] | |
1318 | resp['da'] = auth['sa'] | |
1319 | resp['sa'] = auth['da'] | |
1320 | resp['bssid'] = auth['bssid'] | |
1321 | resp['payload'] = binascii.unhexlify(t) | |
1322 | hapd1.mgmt_tx(resp) | |
1323 | hapd1.set("ext_mgmt_frame_handling", "0") | |
1324 | dev[0].wait_disconnected() | |
1325 | ||
1326 | dev[0].request("RECONNECT") | |
1327 | dev[0].wait_connected() | |
7b741a53 JM |
1328 | |
1329 | def test_ap_ft_gcmp_256(dev, apdev): | |
1330 | """WPA2-PSK-FT AP with GCMP-256 cipher""" | |
1331 | if "GCMP-256" not in dev[0].get_capability("pairwise"): | |
1332 | raise HwsimSkip("Cipher GCMP-256 not supported") | |
1333 | ssid = "test-ft" | |
1334 | passphrase="12345678" | |
1335 | ||
1336 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1337 | params['rsn_pairwise'] = "GCMP-256" | |
8b8a1864 | 1338 | hapd0 = hostapd.add_ap(apdev[0], params) |
7b741a53 JM |
1339 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
1340 | params['rsn_pairwise'] = "GCMP-256" | |
8b8a1864 | 1341 | hapd1 = hostapd.add_ap(apdev[1], params) |
7b741a53 JM |
1342 | |
1343 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, | |
1344 | pairwise_cipher="GCMP-256", group_cipher="GCMP-256") | |
cf671d54 JM |
1345 | |
1346 | def test_ap_ft_oom(dev, apdev): | |
1347 | """WPA2-PSK-FT and OOM""" | |
38934ed1 | 1348 | skip_with_fips(dev[0]) |
cf671d54 JM |
1349 | ssid = "test-ft" |
1350 | passphrase="12345678" | |
1351 | ||
1352 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 1353 | hapd0 = hostapd.add_ap(apdev[0], params) |
cf671d54 | 1354 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
8b8a1864 | 1355 | hapd1 = hostapd.add_ap(apdev[1], params) |
cf671d54 JM |
1356 | |
1357 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1358 | scan_freq="2412") | |
1359 | if dev[0].get_status_field('bssid') == apdev[0]['bssid']: | |
1360 | dst = apdev[1]['bssid'] | |
1361 | else: | |
1362 | dst = apdev[0]['bssid'] | |
1363 | ||
1364 | dev[0].scan_for_bss(dst, freq="2412") | |
1365 | with alloc_fail(dev[0], 1, "wpa_ft_gen_req_ies"): | |
1366 | dev[0].roam(dst) | |
7cbc8e67 | 1367 | with fail_test(dev[0], 1, "wpa_ft_mic"): |
cf671d54 JM |
1368 | dev[0].roam(dst, fail_test=True) |
1369 | with fail_test(dev[0], 1, "os_get_random;wpa_ft_prepare_auth_request"): | |
1370 | dev[0].roam(dst, fail_test=True) | |
34d3eaa8 | 1371 | |
dcbb5d80 JM |
1372 | dev[0].request("REMOVE_NETWORK all") |
1373 | with alloc_fail(dev[0], 1, "=sme_update_ft_ies"): | |
1374 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1375 | scan_freq="2412") | |
1376 | ||
682a79f0 JM |
1377 | def test_ap_ft_ap_oom(dev, apdev): |
1378 | """WPA2-PSK-FT and AP OOM""" | |
1379 | ssid = "test-ft" | |
1380 | passphrase="12345678" | |
1381 | ||
1382 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1383 | hapd0 = hostapd.add_ap(apdev[0], params) | |
1384 | bssid0 = hapd0.own_addr() | |
1385 | ||
1386 | dev[0].scan_for_bss(bssid0, freq="2412") | |
1387 | with alloc_fail(hapd0, 1, "wpa_ft_store_pmk_r0"): | |
1388 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1389 | scan_freq="2412") | |
1390 | ||
1391 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1392 | hapd1 = hostapd.add_ap(apdev[1], params) | |
1393 | bssid1 = hapd1.own_addr() | |
1394 | dev[0].scan_for_bss(bssid1, freq="2412") | |
1395 | # This roam will fail due to missing PMK-R0 (OOM prevented storing it) | |
1396 | dev[0].roam(bssid1) | |
1397 | ||
1398 | def test_ap_ft_ap_oom2(dev, apdev): | |
1399 | """WPA2-PSK-FT and AP OOM 2""" | |
1400 | ssid = "test-ft" | |
1401 | passphrase="12345678" | |
1402 | ||
1403 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1404 | hapd0 = hostapd.add_ap(apdev[0], params) | |
1405 | bssid0 = hapd0.own_addr() | |
1406 | ||
1407 | dev[0].scan_for_bss(bssid0, freq="2412") | |
1408 | with alloc_fail(hapd0, 1, "wpa_ft_store_pmk_r1"): | |
1409 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1410 | scan_freq="2412") | |
1411 | ||
1412 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1413 | hapd1 = hostapd.add_ap(apdev[1], params) | |
1414 | bssid1 = hapd1.own_addr() | |
1415 | dev[0].scan_for_bss(bssid1, freq="2412") | |
1416 | dev[0].roam(bssid1) | |
1417 | if dev[0].get_status_field('bssid') != bssid1: | |
1418 | raise Exception("Did not roam to AP1") | |
1419 | # This roam will fail due to missing PMK-R1 (OOM prevented storing it) | |
1420 | dev[0].roam(bssid0) | |
1421 | ||
1422 | def test_ap_ft_ap_oom3(dev, apdev): | |
1423 | """WPA2-PSK-FT and AP OOM 3""" | |
1424 | ssid = "test-ft" | |
1425 | passphrase="12345678" | |
1426 | ||
1427 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1428 | hapd0 = hostapd.add_ap(apdev[0], params) | |
1429 | bssid0 = hapd0.own_addr() | |
1430 | ||
1431 | dev[0].scan_for_bss(bssid0, freq="2412") | |
1432 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1433 | scan_freq="2412") | |
1434 | ||
1435 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1436 | hapd1 = hostapd.add_ap(apdev[1], params) | |
1437 | bssid1 = hapd1.own_addr() | |
1438 | dev[0].scan_for_bss(bssid1, freq="2412") | |
1439 | with alloc_fail(hapd1, 1, "wpa_ft_pull_pmk_r1"): | |
1440 | # This will fail due to not being able to send out PMK-R1 pull request | |
1441 | dev[0].roam(bssid1) | |
1442 | ||
ba88dd65 | 1443 | with fail_test(hapd1, 2, "os_get_random;wpa_ft_pull_pmk_r1"): |
682a79f0 JM |
1444 | # This will fail due to not being able to send out PMK-R1 pull request |
1445 | dev[0].roam(bssid1) | |
1446 | ||
ba88dd65 MB |
1447 | with fail_test(hapd1, 2, "aes_siv_encrypt;wpa_ft_pull_pmk_r1"): |
1448 | # This will fail due to not being able to send out PMK-R1 pull request | |
1449 | dev[0].roam(bssid1) | |
1450 | ||
1451 | def test_ap_ft_ap_oom3b(dev, apdev): | |
1452 | """WPA2-PSK-FT and AP OOM 3b""" | |
1453 | ssid = "test-ft" | |
1454 | passphrase="12345678" | |
1455 | ||
1456 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1457 | hapd0 = hostapd.add_ap(apdev[0], params) | |
1458 | bssid0 = hapd0.own_addr() | |
1459 | ||
1460 | dev[0].scan_for_bss(bssid0, freq="2412") | |
1461 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1462 | scan_freq="2412") | |
1463 | ||
1464 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1465 | hapd1 = hostapd.add_ap(apdev[1], params) | |
1466 | bssid1 = hapd1.own_addr() | |
1467 | dev[0].scan_for_bss(bssid1, freq="2412") | |
1468 | with fail_test(hapd1, 1, "os_get_random;wpa_ft_pull_pmk_r1"): | |
682a79f0 JM |
1469 | # This will fail due to not being able to send out PMK-R1 pull request |
1470 | dev[0].roam(bssid1) | |
1471 | ||
1472 | def test_ap_ft_ap_oom4(dev, apdev): | |
1473 | """WPA2-PSK-FT and AP OOM 4""" | |
1474 | ssid = "test-ft" | |
1475 | passphrase="12345678" | |
1476 | ||
1477 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1478 | hapd0 = hostapd.add_ap(apdev[0], params) | |
1479 | bssid0 = hapd0.own_addr() | |
1480 | ||
1481 | dev[0].scan_for_bss(bssid0, freq="2412") | |
1482 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1483 | scan_freq="2412") | |
1484 | ||
1485 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1486 | hapd1 = hostapd.add_ap(apdev[1], params) | |
1487 | bssid1 = hapd1.own_addr() | |
1488 | dev[0].scan_for_bss(bssid1, freq="2412") | |
1489 | with alloc_fail(hapd1, 1, "wpa_ft_gtk_subelem"): | |
1490 | dev[0].roam(bssid1) | |
1491 | if dev[0].get_status_field('bssid') != bssid1: | |
1492 | raise Exception("Did not roam to AP1") | |
1493 | ||
1494 | with fail_test(hapd0, 1, "wpa_auth_get_seqnum;wpa_ft_gtk_subelem"): | |
1495 | dev[0].roam(bssid0) | |
1496 | if dev[0].get_status_field('bssid') != bssid0: | |
1497 | raise Exception("Did not roam to AP0") | |
1498 | ||
1499 | with fail_test(hapd0, 1, "aes_wrap;wpa_ft_gtk_subelem"): | |
1500 | dev[0].roam(bssid1) | |
1501 | if dev[0].get_status_field('bssid') != bssid1: | |
1502 | raise Exception("Did not roam to AP1") | |
1503 | ||
1504 | def test_ap_ft_ap_oom5(dev, apdev): | |
1505 | """WPA2-PSK-FT and AP OOM 5""" | |
1506 | ssid = "test-ft" | |
1507 | passphrase="12345678" | |
1508 | ||
1509 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1510 | hapd0 = hostapd.add_ap(apdev[0], params) | |
1511 | bssid0 = hapd0.own_addr() | |
1512 | ||
1513 | dev[0].scan_for_bss(bssid0, freq="2412") | |
1514 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1515 | scan_freq="2412") | |
1516 | ||
1517 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1518 | hapd1 = hostapd.add_ap(apdev[1], params) | |
1519 | bssid1 = hapd1.own_addr() | |
1520 | dev[0].scan_for_bss(bssid1, freq="2412") | |
1521 | with alloc_fail(hapd1, 1, "=wpa_ft_process_auth_req"): | |
1522 | # This will fail to roam | |
1523 | dev[0].roam(bssid1) | |
1524 | ||
1525 | with fail_test(hapd1, 1, "os_get_random;wpa_ft_process_auth_req"): | |
1526 | # This will fail to roam | |
1527 | dev[0].roam(bssid1) | |
1528 | ||
1529 | with fail_test(hapd1, 1, "sha256_prf_bits;wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"): | |
1530 | # This will fail to roam | |
1531 | dev[0].roam(bssid1) | |
1532 | ||
1533 | with fail_test(hapd1, 3, "wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"): | |
1534 | # This will fail to roam | |
1535 | dev[0].roam(bssid1) | |
1536 | ||
1537 | with fail_test(hapd1, 1, "wpa_derive_pmk_r1_name;wpa_ft_process_auth_req"): | |
1538 | # This will fail to roam | |
1539 | dev[0].roam(bssid1) | |
1540 | ||
1541 | def test_ap_ft_ap_oom6(dev, apdev): | |
1542 | """WPA2-PSK-FT and AP OOM 6""" | |
1543 | ssid = "test-ft" | |
1544 | passphrase="12345678" | |
1545 | ||
1546 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1547 | hapd0 = hostapd.add_ap(apdev[0], params) | |
1548 | bssid0 = hapd0.own_addr() | |
1549 | ||
1550 | dev[0].scan_for_bss(bssid0, freq="2412") | |
1551 | with fail_test(hapd0, 1, "wpa_derive_pmk_r0;wpa_auth_derive_ptk_ft"): | |
1552 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1553 | scan_freq="2412") | |
1554 | dev[0].request("REMOVE_NETWORK all") | |
1555 | dev[0].wait_disconnected() | |
1556 | with fail_test(hapd0, 1, "wpa_derive_pmk_r1;wpa_auth_derive_ptk_ft"): | |
1557 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1558 | scan_freq="2412") | |
1559 | dev[0].request("REMOVE_NETWORK all") | |
1560 | dev[0].wait_disconnected() | |
1561 | with fail_test(hapd0, 1, "wpa_pmk_r1_to_ptk;wpa_auth_derive_ptk_ft"): | |
1562 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1563 | scan_freq="2412") | |
1564 | ||
c5262648 JM |
1565 | def test_ap_ft_ap_oom7a(dev, apdev): |
1566 | """WPA2-PSK-FT and AP OOM 7a""" | |
682a79f0 JM |
1567 | ssid = "test-ft" |
1568 | passphrase="12345678" | |
1569 | ||
1570 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1571 | params["ieee80211w"] = "2" | |
1572 | hapd0 = hostapd.add_ap(apdev[0], params) | |
1573 | bssid0 = hapd0.own_addr() | |
1574 | ||
1575 | dev[0].scan_for_bss(bssid0, freq="2412") | |
1576 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1577 | ieee80211w="2", scan_freq="2412") | |
1578 | ||
1579 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1580 | params["ieee80211w"] = "2" | |
1581 | hapd1 = hostapd.add_ap(apdev[1], params) | |
1582 | bssid1 = hapd1.own_addr() | |
1583 | dev[0].scan_for_bss(bssid1, freq="2412") | |
1584 | with alloc_fail(hapd1, 1, "wpa_ft_igtk_subelem"): | |
1585 | # This will fail to roam | |
1586 | dev[0].roam(bssid1) | |
c5262648 JM |
1587 | |
1588 | def test_ap_ft_ap_oom7b(dev, apdev): | |
1589 | """WPA2-PSK-FT and AP OOM 7b""" | |
1590 | ssid = "test-ft" | |
1591 | passphrase="12345678" | |
1592 | ||
1593 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1594 | params["ieee80211w"] = "2" | |
1595 | hapd0 = hostapd.add_ap(apdev[0], params) | |
1596 | bssid0 = hapd0.own_addr() | |
1597 | ||
1598 | dev[0].scan_for_bss(bssid0, freq="2412") | |
1599 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1600 | ieee80211w="2", scan_freq="2412") | |
1601 | ||
1602 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1603 | params["ieee80211w"] = "2" | |
1604 | hapd1 = hostapd.add_ap(apdev[1], params) | |
1605 | bssid1 = hapd1.own_addr() | |
1606 | dev[0].scan_for_bss(bssid1, freq="2412") | |
682a79f0 JM |
1607 | with fail_test(hapd1, 1, "aes_wrap;wpa_ft_igtk_subelem"): |
1608 | # This will fail to roam | |
1609 | dev[0].roam(bssid1) | |
c5262648 JM |
1610 | |
1611 | def test_ap_ft_ap_oom7c(dev, apdev): | |
1612 | """WPA2-PSK-FT and AP OOM 7c""" | |
1613 | ssid = "test-ft" | |
1614 | passphrase="12345678" | |
1615 | ||
1616 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1617 | params["ieee80211w"] = "2" | |
1618 | hapd0 = hostapd.add_ap(apdev[0], params) | |
1619 | bssid0 = hapd0.own_addr() | |
1620 | ||
1621 | dev[0].scan_for_bss(bssid0, freq="2412") | |
1622 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1623 | ieee80211w="2", scan_freq="2412") | |
1624 | ||
1625 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1626 | params["ieee80211w"] = "2" | |
1627 | hapd1 = hostapd.add_ap(apdev[1], params) | |
1628 | bssid1 = hapd1.own_addr() | |
1629 | dev[0].scan_for_bss(bssid1, freq="2412") | |
682a79f0 JM |
1630 | with alloc_fail(hapd1, 1, "=wpa_sm_write_assoc_resp_ies"): |
1631 | # This will fail to roam | |
1632 | dev[0].roam(bssid1) | |
c5262648 JM |
1633 | |
1634 | def test_ap_ft_ap_oom7d(dev, apdev): | |
1635 | """WPA2-PSK-FT and AP OOM 7d""" | |
1636 | ssid = "test-ft" | |
1637 | passphrase="12345678" | |
1638 | ||
1639 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1640 | params["ieee80211w"] = "2" | |
1641 | hapd0 = hostapd.add_ap(apdev[0], params) | |
1642 | bssid0 = hapd0.own_addr() | |
1643 | ||
1644 | dev[0].scan_for_bss(bssid0, freq="2412") | |
1645 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1646 | ieee80211w="2", scan_freq="2412") | |
1647 | ||
1648 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1649 | params["ieee80211w"] = "2" | |
1650 | hapd1 = hostapd.add_ap(apdev[1], params) | |
1651 | bssid1 = hapd1.own_addr() | |
1652 | dev[0].scan_for_bss(bssid1, freq="2412") | |
682a79f0 JM |
1653 | with fail_test(hapd1, 1, "wpa_ft_mic;wpa_sm_write_assoc_resp_ies"): |
1654 | # This will fail to roam | |
1655 | dev[0].roam(bssid1) | |
1656 | ||
1657 | def test_ap_ft_ap_oom8(dev, apdev): | |
1658 | """WPA2-PSK-FT and AP OOM 8""" | |
1659 | ssid = "test-ft" | |
1660 | passphrase="12345678" | |
1661 | ||
1662 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1663 | params['ft_psk_generate_local'] = "1"; | |
1664 | hapd0 = hostapd.add_ap(apdev[0], params) | |
1665 | bssid0 = hapd0.own_addr() | |
1666 | ||
1667 | dev[0].scan_for_bss(bssid0, freq="2412") | |
1668 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1669 | scan_freq="2412") | |
1670 | ||
1671 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1672 | params['ft_psk_generate_local'] = "1"; | |
1673 | hapd1 = hostapd.add_ap(apdev[1], params) | |
1674 | bssid1 = hapd1.own_addr() | |
1675 | dev[0].scan_for_bss(bssid1, freq="2412") | |
1676 | with fail_test(hapd1, 1, "wpa_derive_pmk_r0;wpa_ft_psk_pmk_r1"): | |
1677 | # This will fail to roam | |
1678 | dev[0].roam(bssid1) | |
1679 | with fail_test(hapd1, 1, "wpa_derive_pmk_r1;wpa_ft_psk_pmk_r1"): | |
1680 | # This will fail to roam | |
1681 | dev[0].roam(bssid1) | |
1682 | ||
1683 | def test_ap_ft_ap_oom9(dev, apdev): | |
1684 | """WPA2-PSK-FT and AP OOM 9""" | |
1685 | ssid = "test-ft" | |
1686 | passphrase="12345678" | |
1687 | ||
1688 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1689 | hapd0 = hostapd.add_ap(apdev[0], params) | |
1690 | bssid0 = hapd0.own_addr() | |
1691 | ||
1692 | dev[0].scan_for_bss(bssid0, freq="2412") | |
1693 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1694 | scan_freq="2412") | |
1695 | ||
1696 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1697 | hapd1 = hostapd.add_ap(apdev[1], params) | |
1698 | bssid1 = hapd1.own_addr() | |
1699 | dev[0].scan_for_bss(bssid1, freq="2412") | |
1700 | ||
1701 | with alloc_fail(hapd0, 1, "wpa_ft_action_rx"): | |
1702 | # This will fail to roam | |
1703 | if "OK" not in dev[0].request("FT_DS " + bssid1): | |
1704 | raise Exception("FT_DS failed") | |
1705 | wait_fail_trigger(hapd0, "GET_ALLOC_FAIL") | |
1706 | ||
1707 | with alloc_fail(hapd1, 1, "wpa_ft_rrb_rx_request"): | |
1708 | # This will fail to roam | |
1709 | if "OK" not in dev[0].request("FT_DS " + bssid1): | |
1710 | raise Exception("FT_DS failed") | |
1711 | wait_fail_trigger(hapd1, "GET_ALLOC_FAIL") | |
1712 | ||
1713 | with alloc_fail(hapd1, 1, "wpa_ft_send_rrb_auth_resp"): | |
1714 | # This will fail to roam | |
1715 | if "OK" not in dev[0].request("FT_DS " + bssid1): | |
1716 | raise Exception("FT_DS failed") | |
1717 | wait_fail_trigger(hapd1, "GET_ALLOC_FAIL") | |
1718 | ||
1719 | def test_ap_ft_ap_oom10(dev, apdev): | |
1720 | """WPA2-PSK-FT and AP OOM 10""" | |
1721 | ssid = "test-ft" | |
1722 | passphrase="12345678" | |
1723 | ||
1724 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1725 | hapd0 = hostapd.add_ap(apdev[0], params) | |
1726 | bssid0 = hapd0.own_addr() | |
1727 | ||
1728 | dev[0].scan_for_bss(bssid0, freq="2412") | |
1729 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1730 | scan_freq="2412") | |
1731 | ||
1732 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1733 | hapd1 = hostapd.add_ap(apdev[1], params) | |
1734 | bssid1 = hapd1.own_addr() | |
1735 | dev[0].scan_for_bss(bssid1, freq="2412") | |
1736 | ||
9441a227 | 1737 | with fail_test(hapd0, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_pull"): |
682a79f0 JM |
1738 | # This will fail to roam |
1739 | if "OK" not in dev[0].request("FT_DS " + bssid1): | |
1740 | raise Exception("FT_DS failed") | |
1741 | wait_fail_trigger(hapd0, "GET_FAIL") | |
1742 | ||
1743 | with fail_test(hapd0, 1, "wpa_derive_pmk_r1;wpa_ft_rrb_rx_pull"): | |
1744 | # This will fail to roam | |
1745 | if "OK" not in dev[0].request("FT_DS " + bssid1): | |
1746 | raise Exception("FT_DS failed") | |
1747 | wait_fail_trigger(hapd0, "GET_FAIL") | |
1748 | ||
9441a227 | 1749 | with fail_test(hapd0, 1, "aes_siv_encrypt;wpa_ft_rrb_rx_pull"): |
682a79f0 JM |
1750 | # This will fail to roam |
1751 | if "OK" not in dev[0].request("FT_DS " + bssid1): | |
1752 | raise Exception("FT_DS failed") | |
1753 | wait_fail_trigger(hapd0, "GET_FAIL") | |
1754 | ||
9441a227 | 1755 | with fail_test(hapd1, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_resp"): |
682a79f0 JM |
1756 | # This will fail to roam |
1757 | if "OK" not in dev[0].request("FT_DS " + bssid1): | |
1758 | raise Exception("FT_DS failed") | |
1759 | wait_fail_trigger(hapd1, "GET_FAIL") | |
1760 | ||
1761 | def test_ap_ft_ap_oom11(dev, apdev): | |
1762 | """WPA2-PSK-FT and AP OOM 11""" | |
1763 | ssid = "test-ft" | |
1764 | passphrase="12345678" | |
1765 | ||
1766 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1767 | hapd0 = hostapd.add_ap(apdev[0], params) | |
1768 | bssid0 = hapd0.own_addr() | |
1769 | ||
1770 | dev[0].scan_for_bss(bssid0, freq="2412") | |
1771 | with fail_test(hapd0, 1, "wpa_derive_pmk_r1;wpa_ft_generate_pmk_r1"): | |
1772 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1773 | scan_freq="2412") | |
1774 | wait_fail_trigger(hapd0, "GET_FAIL") | |
1775 | ||
1776 | dev[1].scan_for_bss(bssid0, freq="2412") | |
9441a227 | 1777 | with fail_test(hapd0, 1, "aes_siv_encrypt;wpa_ft_generate_pmk_r1"): |
682a79f0 JM |
1778 | dev[1].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", |
1779 | scan_freq="2412") | |
1780 | wait_fail_trigger(hapd0, "GET_FAIL") | |
1781 | ||
a04e6f3d JM |
1782 | def test_ap_ft_over_ds_proto_ap(dev, apdev): |
1783 | """WPA2-PSK-FT AP over DS protocol testing for AP processing""" | |
1784 | ssid = "test-ft" | |
1785 | passphrase="12345678" | |
1786 | ||
1787 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1788 | hapd0 = hostapd.add_ap(apdev[0], params) | |
1789 | bssid0 = hapd0.own_addr() | |
1790 | _bssid0 = bssid0.replace(':', '') | |
1791 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1792 | scan_freq="2412") | |
1793 | addr = dev[0].own_addr() | |
1794 | _addr = addr.replace(':', '') | |
1795 | ||
1796 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1797 | hapd1 = hostapd.add_ap(apdev[1], params) | |
1798 | bssid1 = hapd1.own_addr() | |
1799 | _bssid1 = bssid1.replace(':', '') | |
1800 | ||
1801 | hapd0.set("ext_mgmt_frame_handling", "1") | |
1802 | hdr = "d0003a01" + _bssid0 + _addr + _bssid0 + "1000" | |
1803 | valid = "0601" + _addr + _bssid1 | |
1804 | tests = [ "0601", | |
1805 | "0601" + _addr, | |
1806 | "0601" + _addr + _bssid0, | |
1807 | "0601" + _addr + "ffffffffffff", | |
1808 | "0601" + _bssid0 + _bssid0, | |
1809 | valid, | |
1810 | valid + "01", | |
1811 | valid + "3700", | |
1812 | valid + "3600", | |
1813 | valid + "3603ffffff", | |
1814 | valid + "3603a1b2ff", | |
1815 | valid + "3603a1b2ff" + "3700", | |
1816 | valid + "3603a1b2ff" + "37520000" + 16*"00" + 32*"00" + 32*"00", | |
1817 | valid + "3603a1b2ff" + "37520001" + 16*"00" + 32*"00" + 32*"00", | |
1818 | valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa", | |
1819 | valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "3000", | |
1820 | valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000facff00000100a225368fe0983b5828a37a0acb37f253", | |
1821 | valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac030100000fac0400000100a225368fe0983b5828a37a0acb37f253", | |
1822 | valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000fac0400000100a225368fe0983b5828a37a0acb37f253", | |
1823 | valid + "0001" ] | |
1824 | for t in tests: | |
1825 | hapd0.dump_monitor() | |
1826 | if "OK" not in hapd0.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + t): | |
1827 | raise Exception("MGMT_RX_PROCESS failed") | |
1828 | ||
1829 | hapd0.set("ext_mgmt_frame_handling", "0") | |
1830 | ||
34d3eaa8 JM |
1831 | def test_ap_ft_over_ds_proto(dev, apdev): |
1832 | """WPA2-PSK-FT AP over DS protocol testing""" | |
1833 | ssid = "test-ft" | |
1834 | passphrase="12345678" | |
1835 | ||
1836 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 1837 | hapd0 = hostapd.add_ap(apdev[0], params) |
34d3eaa8 JM |
1838 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", |
1839 | scan_freq="2412") | |
1840 | ||
1841 | # FT Action Response while no FT-over-DS in progress | |
1842 | msg = {} | |
1843 | msg['fc'] = 13 << 4 | |
1844 | msg['da'] = dev[0].own_addr() | |
1845 | msg['sa'] = apdev[0]['bssid'] | |
1846 | msg['bssid'] = apdev[0]['bssid'] | |
1847 | msg['payload'] = binascii.unhexlify("06020200000000000200000004000000") | |
1848 | hapd0.mgmt_tx(msg) | |
1849 | ||
1850 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 1851 | hapd1 = hostapd.add_ap(apdev[1], params) |
34d3eaa8 JM |
1852 | dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412") |
1853 | hapd0.set("ext_mgmt_frame_handling", "1") | |
1854 | hapd0.dump_monitor() | |
1855 | dev[0].request("FT_DS " + apdev[1]['bssid']) | |
1856 | for i in range(0, 10): | |
1857 | req = hapd0.mgmt_rx() | |
1858 | if req is None: | |
1859 | raise Exception("MGMT RX wait timed out") | |
1860 | if req['subtype'] == 13: | |
1861 | break | |
1862 | req = None | |
1863 | if not req: | |
1864 | raise Exception("FT Action frame not received") | |
1865 | ||
1866 | # FT Action Response for unexpected Target AP | |
1867 | msg['payload'] = binascii.unhexlify("0602020000000000" + "f20000000400" + "0000") | |
1868 | hapd0.mgmt_tx(msg) | |
1869 | ||
1870 | # FT Action Response without MDIE | |
1871 | msg['payload'] = binascii.unhexlify("0602020000000000" + "020000000400" + "0000") | |
1872 | hapd0.mgmt_tx(msg) | |
1873 | ||
1874 | # FT Action Response without FTIE | |
1875 | msg['payload'] = binascii.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201") | |
1876 | hapd0.mgmt_tx(msg) | |
1877 | ||
1878 | # FT Action Response with FTIE SNonce mismatch | |
1879 | msg['payload'] = binascii.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201" + "3766000000000000000000000000000000000000c4e67ac1999bebd00ff4ae4d5dcaf87896bb060b469f7c78d49623fb395c3455ffffff6b693fe6f8d8c5dfac0a22344750775bd09437f98b238c9f87b97f790c0106000102030406030a6e6173312e77312e6669") | |
1880 | hapd0.mgmt_tx(msg) | |
6f3815c0 | 1881 | |
9fd6804d | 1882 | @remote_compatible |
6f3815c0 JM |
1883 | def test_ap_ft_rrb(dev, apdev): |
1884 | """WPA2-PSK-FT RRB protocol testing""" | |
1885 | ssid = "test-ft" | |
1886 | passphrase="12345678" | |
1887 | ||
1888 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 1889 | hapd0 = hostapd.add_ap(apdev[0], params) |
6f3815c0 JM |
1890 | |
1891 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1892 | scan_freq="2412") | |
1893 | ||
1894 | _dst_ll = binascii.unhexlify(apdev[0]['bssid'].replace(':','')) | |
1895 | _src_ll = binascii.unhexlify(dev[0].own_addr().replace(':','')) | |
1896 | proto = '\x89\x0d' | |
1897 | ehdr = _dst_ll + _src_ll + proto | |
1898 | ||
1899 | # Too short RRB frame | |
1900 | pkt = ehdr + '\x01' | |
1901 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)): | |
1902 | raise Exception("DATA_TEST_FRAME failed") | |
1903 | ||
1904 | # RRB discarded frame wikth unrecognized type | |
1905 | pkt = ehdr + '\x02' + '\x02' + '\x01\x00' + _src_ll | |
1906 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)): | |
1907 | raise Exception("DATA_TEST_FRAME failed") | |
1908 | ||
1909 | # RRB frame too short for action frame | |
1910 | pkt = ehdr + '\x01' + '\x02' + '\x01\x00' + _src_ll | |
1911 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)): | |
1912 | raise Exception("DATA_TEST_FRAME failed") | |
1913 | ||
1914 | # Too short RRB frame (not enough room for Action Frame body) | |
1915 | pkt = ehdr + '\x01' + '\x02' + '\x00\x00' + _src_ll | |
1916 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)): | |
1917 | raise Exception("DATA_TEST_FRAME failed") | |
1918 | ||
1919 | # Unexpected Action frame category | |
1920 | pkt = ehdr + '\x01' + '\x02' + '\x0e\x00' + _src_ll + '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' | |
1921 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)): | |
1922 | raise Exception("DATA_TEST_FRAME failed") | |
1923 | ||
1924 | # Unexpected Action in RRB Request | |
1925 | pkt = ehdr + '\x01' + '\x00' + '\x0e\x00' + _src_ll + '\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' | |
1926 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)): | |
1927 | raise Exception("DATA_TEST_FRAME failed") | |
1928 | ||
1929 | # Target AP address in RRB Request does not match with own address | |
1930 | pkt = ehdr + '\x01' + '\x00' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' | |
1931 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)): | |
1932 | raise Exception("DATA_TEST_FRAME failed") | |
1933 | ||
1934 | # Not enough room for status code in RRB Response | |
1935 | pkt = ehdr + '\x01' + '\x01' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' | |
1936 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)): | |
1937 | raise Exception("DATA_TEST_FRAME failed") | |
1938 | ||
1939 | # RRB discarded frame with unknown packet_type | |
1940 | pkt = ehdr + '\x01' + '\x02' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' | |
1941 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)): | |
1942 | raise Exception("DATA_TEST_FRAME failed") | |
1943 | ||
1944 | # RRB Response with non-zero status code; no STA match | |
1945 | pkt = ehdr + '\x01' + '\x01' + '\x10\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + '\xff\xff' | |
1946 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)): | |
1947 | raise Exception("DATA_TEST_FRAME failed") | |
1948 | ||
1949 | # RRB Response with zero status code and extra data; STA match | |
1950 | pkt = ehdr + '\x01' + '\x01' + '\x11\x00' + _src_ll + '\x06\x01' + _src_ll + '\x00\x00\x00\x00\x00\x00' + '\x00\x00' + '\x00' | |
1951 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)): | |
1952 | raise Exception("DATA_TEST_FRAME failed") | |
1953 | ||
1954 | # Too short PMK-R1 pull | |
1955 | pkt = ehdr + '\x01' + '\xc8' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' | |
1956 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)): | |
1957 | raise Exception("DATA_TEST_FRAME failed") | |
1958 | ||
1959 | # Too short PMK-R1 resp | |
1960 | pkt = ehdr + '\x01' + '\xc9' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' | |
1961 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)): | |
1962 | raise Exception("DATA_TEST_FRAME failed") | |
1963 | ||
1964 | # Too short PMK-R1 push | |
1965 | pkt = ehdr + '\x01' + '\xca' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' | |
1966 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)): | |
1967 | raise Exception("DATA_TEST_FRAME failed") | |
1968 | ||
1969 | # No matching R0KH address found for PMK-R0 pull response | |
1970 | pkt = ehdr + '\x01' + '\xc9' + '\x5a\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + 76*'\00' | |
1971 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)): | |
1972 | raise Exception("DATA_TEST_FRAME failed") | |
ecafa0cf | 1973 | |
9fd6804d | 1974 | @remote_compatible |
ecafa0cf JM |
1975 | def test_rsn_ie_proto_ft_psk_sta(dev, apdev): |
1976 | """RSN element protocol testing for FT-PSK + PMF cases on STA side""" | |
1977 | bssid = apdev[0]['bssid'] | |
1978 | ssid = "test-ft" | |
1979 | passphrase="12345678" | |
1980 | ||
1981 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
bc6e3288 | 1982 | params["ieee80211w"] = "1" |
ecafa0cf JM |
1983 | # This is the RSN element used normally by hostapd |
1984 | params['own_ie_override'] = '30140100000fac040100000fac040100000fac048c00' + '3603a1b201' | |
8b8a1864 | 1985 | hapd = hostapd.add_ap(apdev[0], params) |
ecafa0cf JM |
1986 | id = dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", |
1987 | ieee80211w="1", scan_freq="2412", | |
1988 | pairwise="CCMP", group="CCMP") | |
1989 | ||
1990 | tests = [ ('PMKIDCount field included', | |
1991 | '30160100000fac040100000fac040100000fac048c000000' + '3603a1b201'), | |
1992 | ('Extra IE before RSNE', | |
1993 | 'dd0400000000' + '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'), | |
1994 | ('PMKIDCount and Group Management Cipher suite fields included', | |
1995 | '301a0100000fac040100000fac040100000fac048c000000000fac06' + '3603a1b201'), | |
1996 | ('Extra octet after defined fields (future extensibility)', | |
1997 | '301b0100000fac040100000fac040100000fac048c000000000fac0600' + '3603a1b201'), | |
1998 | ('No RSN Capabilities field (PMF disabled in practice)', | |
1999 | '30120100000fac040100000fac040100000fac04' + '3603a1b201') ] | |
2000 | for txt,ie in tests: | |
2001 | dev[0].request("DISCONNECT") | |
2002 | dev[0].wait_disconnected() | |
2003 | logger.info(txt) | |
2004 | hapd.disable() | |
2005 | hapd.set('own_ie_override', ie) | |
2006 | hapd.enable() | |
2007 | dev[0].request("BSS_FLUSH 0") | |
2008 | dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True) | |
2009 | dev[0].select_network(id, freq=2412) | |
2010 | dev[0].wait_connected() | |
2011 | ||
2012 | dev[0].request("DISCONNECT") | |
2013 | dev[0].wait_disconnected() | |
2014 | ||
2015 | logger.info('Invalid RSNE causing internal hostapd error') | |
2016 | hapd.disable() | |
2017 | hapd.set('own_ie_override', '30130100000fac040100000fac040100000fac048c' + '3603a1b201') | |
2018 | hapd.enable() | |
2019 | dev[0].request("BSS_FLUSH 0") | |
2020 | dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True) | |
2021 | dev[0].select_network(id, freq=2412) | |
2022 | # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot | |
2023 | # complete. | |
2024 | ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1) | |
2025 | if ev is not None: | |
2026 | raise Exception("Unexpected connection") | |
2027 | dev[0].request("DISCONNECT") | |
2028 | ||
2029 | logger.info('Unexpected PMKID causing internal hostapd error') | |
2030 | hapd.disable() | |
2031 | hapd.set('own_ie_override', '30260100000fac040100000fac040100000fac048c000100ffffffffffffffffffffffffffffffff' + '3603a1b201') | |
2032 | hapd.enable() | |
2033 | dev[0].request("BSS_FLUSH 0") | |
2034 | dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True) | |
2035 | dev[0].select_network(id, freq=2412) | |
2036 | # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot | |
2037 | # complete. | |
2038 | ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1) | |
2039 | if ev is not None: | |
2040 | raise Exception("Unexpected connection") | |
2041 | dev[0].request("DISCONNECT") | |
1025603b JM |
2042 | |
2043 | def test_ap_ft_ptk_rekey(dev, apdev): | |
2044 | """WPA2-PSK-FT PTK rekeying triggered by station after roam""" | |
2045 | ssid = "test-ft" | |
2046 | passphrase="12345678" | |
2047 | ||
2048 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 2049 | hapd0 = hostapd.add_ap(apdev[0], params) |
1025603b | 2050 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
8b8a1864 | 2051 | hapd1 = hostapd.add_ap(apdev[1], params) |
1025603b JM |
2052 | |
2053 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, ptk_rekey="1") | |
2054 | ||
2055 | ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED", | |
2056 | "WPA: Key negotiation completed"], timeout=5) | |
2057 | if ev is None: | |
2058 | raise Exception("No event received after roam") | |
2059 | if "CTRL-EVENT-DISCONNECTED" in ev: | |
2060 | raise Exception("Unexpected disconnection after roam") | |
2061 | ||
2062 | if dev[0].get_status_field('bssid') == apdev[0]['bssid']: | |
2063 | hapd = hapd0 | |
2064 | else: | |
2065 | hapd = hapd1 | |
2066 | hwsim_utils.test_connectivity(dev[0], hapd) | |
2067 | ||
2068 | def test_ap_ft_ptk_rekey_ap(dev, apdev): | |
2069 | """WPA2-PSK-FT PTK rekeying triggered by AP after roam""" | |
2070 | ssid = "test-ft" | |
2071 | passphrase="12345678" | |
2072 | ||
2073 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
2074 | params['wpa_ptk_rekey'] = '2' | |
8b8a1864 | 2075 | hapd0 = hostapd.add_ap(apdev[0], params) |
1025603b JM |
2076 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
2077 | params['wpa_ptk_rekey'] = '2' | |
8b8a1864 | 2078 | hapd1 = hostapd.add_ap(apdev[1], params) |
1025603b JM |
2079 | |
2080 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase) | |
2081 | ||
2082 | ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED", | |
2083 | "WPA: Key negotiation completed"], timeout=5) | |
2084 | if ev is None: | |
2085 | raise Exception("No event received after roam") | |
2086 | if "CTRL-EVENT-DISCONNECTED" in ev: | |
2087 | raise Exception("Unexpected disconnection after roam") | |
2088 | ||
2089 | if dev[0].get_status_field('bssid') == apdev[0]['bssid']: | |
2090 | hapd = hapd0 | |
2091 | else: | |
2092 | hapd = hapd1 | |
2093 | hwsim_utils.test_connectivity(dev[0], hapd) | |
186ca473 MB |
2094 | |
2095 | def test_ap_ft_internal_rrb_check(dev, apdev): | |
2096 | """RRB internal delivery only to WPA enabled BSS""" | |
2097 | ssid = "test-ft" | |
2098 | passphrase="12345678" | |
2099 | ||
2100 | radius = hostapd.radius_params() | |
2101 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
2102 | params['wpa_key_mgmt'] = "FT-EAP" | |
2103 | params["ieee8021x"] = "1" | |
2104 | params = dict(radius.items() + params.items()) | |
8b8a1864 | 2105 | hapd = hostapd.add_ap(apdev[0], params) |
186ca473 MB |
2106 | key_mgmt = hapd.get_config()['key_mgmt'] |
2107 | if key_mgmt.split(' ')[0] != "FT-EAP": | |
2108 | raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt) | |
2109 | ||
8b8a1864 | 2110 | hapd1 = hostapd.add_ap(apdev[1], { "ssid" : ssid }) |
186ca473 MB |
2111 | |
2112 | # Connect to WPA enabled AP | |
2113 | dev[0].connect(ssid, key_mgmt="FT-EAP", proto="WPA2", ieee80211w="1", | |
2114 | eap="GPSK", identity="gpsk user", | |
2115 | password="abcdefghijklmnop0123456789abcdef", | |
2116 | scan_freq="2412") | |
2117 | ||
2118 | # Try over_ds roaming to non-WPA-enabled AP. | |
2119 | # If hostapd does not check hapd->wpa_auth internally, it will crash now. | |
2120 | dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True) | |
c85fcff2 JM |
2121 | |
2122 | def test_ap_ft_extra_ie(dev, apdev): | |
2123 | """WPA2-PSK-FT AP with WPA2-PSK enabled and unexpected MDE""" | |
2124 | ssid = "test-ft" | |
2125 | passphrase="12345678" | |
2126 | ||
2127 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
2128 | params["wpa_key_mgmt"] = "WPA-PSK FT-PSK" | |
2129 | hapd0 = hostapd.add_ap(apdev[0], params) | |
2130 | dev[1].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
2131 | scan_freq="2412") | |
2132 | dev[2].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK", proto="WPA2", | |
2133 | scan_freq="2412") | |
2134 | try: | |
2135 | # Add Mobility Domain element to test AP validation code. | |
2136 | dev[0].request("VENDOR_ELEM_ADD 13 3603a1b201") | |
2137 | dev[0].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK", proto="WPA2", | |
2138 | scan_freq="2412", wait_connect=False) | |
2139 | ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED", | |
2140 | "CTRL-EVENT-ASSOC-REJECT"], timeout=10) | |
2141 | if ev is None: | |
2142 | raise Exception("No connection result") | |
2143 | if "CTRL-EVENT-CONNECTED" in ev: | |
2144 | raise Exception("Non-FT association accepted with MDE") | |
2145 | if "status_code=43" not in ev: | |
2146 | raise Exception("Unexpected status code: " + ev) | |
2147 | dev[0].request("DISCONNECT") | |
2148 | finally: | |
2149 | dev[0].request("VENDOR_ELEM_REMOVE 13 *") | |
fd7205fa JM |
2150 | |
2151 | def test_ap_ft_ric(dev, apdev): | |
2152 | """WPA2-PSK-FT AP and RIC""" | |
2153 | ssid = "test-ft" | |
2154 | passphrase="12345678" | |
2155 | ||
2156 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
2157 | hapd0 = hostapd.add_ap(apdev[0], params) | |
2158 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
2159 | hapd1 = hostapd.add_ap(apdev[1], params) | |
2160 | ||
2161 | dev[0].set("ric_ies", "") | |
2162 | dev[0].set("ric_ies", '""') | |
2163 | if "FAIL" not in dev[0].request("SET ric_ies q"): | |
2164 | raise Exception("Invalid ric_ies value accepted") | |
2165 | ||
2166 | tests = [ "3900", | |
2167 | "3900ff04eeeeeeee", | |
2168 | "390400000000", | |
2169 | "390400000000" + "390400000000", | |
2170 | "390400000000" + "dd050050f20202", | |
2171 | "390400000000" + "dd3d0050f2020201" + 55*"00", | |
2172 | "390400000000" + "dd3d0050f2020201aa300010270000000000000000000000000000000000000000000000000000ffffff7f00000000000000000000000040420f00ffff0000", | |
2173 | "390401010000" + "dd3d0050f2020201aa3000dc050000000000000000000000000000000000000000000000000000dc050000000000000000000000000000808d5b0028230000" ] | |
2174 | for t in tests: | |
2175 | dev[0].set("ric_ies", t) | |
2176 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, | |
2177 | test_connectivity=False) | |
2178 | dev[0].request("REMOVE_NETWORK all") | |
2179 | dev[0].wait_disconnected() | |
2180 | dev[0].dump_monitor() | |
c8942286 JM |
2181 | |
2182 | def ie_hex(ies, id): | |
2183 | return binascii.hexlify(struct.pack('BB', id, len(ies[id])) + ies[id]) | |
2184 | ||
2185 | def test_ap_ft_reassoc_proto(dev, apdev): | |
2186 | """WPA2-PSK-FT AP Reassociation Request frame parsing""" | |
2187 | ssid = "test-ft" | |
2188 | passphrase="12345678" | |
2189 | ||
2190 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
2191 | hapd0 = hostapd.add_ap(apdev[0], params) | |
2192 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
2193 | hapd1 = hostapd.add_ap(apdev[1], params) | |
2194 | ||
2195 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
2196 | ieee80211w="1", scan_freq="2412") | |
2197 | if dev[0].get_status_field('bssid') == hapd0.own_addr(): | |
2198 | hapd1ap = hapd0 | |
2199 | hapd2ap = hapd1 | |
2200 | else: | |
2201 | hapd1ap = hapd1 | |
2202 | hapd2ap = hapd0 | |
2203 | ||
2204 | dev[0].scan_for_bss(hapd2ap.own_addr(), freq="2412") | |
2205 | hapd2ap.set("ext_mgmt_frame_handling", "1") | |
2206 | dev[0].request("ROAM " + hapd2ap.own_addr()) | |
2207 | ||
2208 | while True: | |
2209 | req = hapd2ap.mgmt_rx() | |
2210 | hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame'])) | |
2211 | if req['subtype'] == 11: | |
2212 | break | |
2213 | ||
2214 | while True: | |
2215 | req = hapd2ap.mgmt_rx() | |
2216 | if req['subtype'] == 2: | |
2217 | break | |
2218 | hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame'])) | |
2219 | ||
2220 | # IEEE 802.11 header + fixed fields before IEs | |
2221 | hdr = binascii.hexlify(req['frame'][0:34]) | |
2222 | ies = parse_ie(binascii.hexlify(req['frame'][34:])) | |
2223 | # First elements: SSID, Supported Rates, Extended Supported Rates | |
2224 | ies1 = ie_hex(ies, 0) + ie_hex(ies, 1) + ie_hex(ies, 50) | |
2225 | ||
2226 | rsne = ie_hex(ies, 48) | |
2227 | mde = ie_hex(ies, 54) | |
2228 | fte = ie_hex(ies, 55) | |
2229 | tests = [ ] | |
2230 | # RSN: Trying to use FT, but MDIE not included | |
2231 | tests += [ rsne ] | |
2232 | # RSN: Attempted to use unknown MDIE | |
2233 | tests += [ rsne + "3603000000" ] | |
2234 | # Invalid RSN pairwise cipher | |
2235 | tests += [ "30260100000fac040100000fac030100000fac040000010029208a42cd25c85aa571567dce10dae3" ] | |
2236 | # FT: No PMKID in RSNIE | |
2237 | tests += [ "30160100000fac040100000fac040100000fac0400000000" + ie_hex(ies, 54) ] | |
2238 | # FT: Invalid FTIE | |
2239 | tests += [ rsne + mde ] | |
2240 | # FT: RIC IE(s) in the frame, but not included in protected IE count | |
2241 | # FT: Failed to parse FT IEs | |
2242 | tests += [ rsne + mde + fte + "3900" ] | |
2243 | # FT: SNonce mismatch in FTIE | |
2244 | tests += [ rsne + mde + "37520000" + 16*"00" + 32*"00" + 32*"00" ] | |
2245 | # FT: ANonce mismatch in FTIE | |
2246 | tests += [ rsne + mde + fte[0:40] + 32*"00" + fte[104:] ] | |
2247 | # FT: No R0KH-ID subelem in FTIE | |
2248 | tests += [ rsne + mde + "3752" + fte[4:168] ] | |
2249 | # FT: R0KH-ID in FTIE did not match with the current R0KH-ID | |
2250 | tests += [ rsne + mde + "3755" + fte[4:168] + "0301ff" ] | |
2251 | # FT: No R1KH-ID subelem in FTIE | |
2252 | tests += [ rsne + mde + "375e" + fte[4:168] + "030a" + "nas1.w1.fi".encode("hex") ] | |
2253 | # FT: Unknown R1KH-ID used in ReassocReq | |
2254 | tests += [ rsne + mde + "3766" + fte[4:168] + "030a" + "nas1.w1.fi".encode("hex") + "0106000000000000" ] | |
2255 | # FT: PMKID in Reassoc Req did not match with the PMKR1Name derived from auth request | |
2256 | tests += [ rsne[:-32] + 16*"00" + mde + fte ] | |
2257 | # Invalid MIC in FTIE | |
2258 | tests += [ rsne + mde + fte[0:8] + 16*"00" + fte[40:] ] | |
2259 | for t in tests: | |
2260 | hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + ies1 + t) | |
2261 | ||
2262 | def test_ap_ft_reassoc_local_fail(dev, apdev): | |
2263 | """WPA2-PSK-FT AP Reassociation Request frame and local failure""" | |
2264 | ssid = "test-ft" | |
2265 | passphrase="12345678" | |
2266 | ||
2267 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
2268 | hapd0 = hostapd.add_ap(apdev[0], params) | |
2269 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
2270 | hapd1 = hostapd.add_ap(apdev[1], params) | |
2271 | ||
2272 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
2273 | ieee80211w="1", scan_freq="2412") | |
2274 | if dev[0].get_status_field('bssid') == hapd0.own_addr(): | |
2275 | hapd1ap = hapd0 | |
2276 | hapd2ap = hapd1 | |
2277 | else: | |
2278 | hapd1ap = hapd1 | |
2279 | hapd2ap = hapd0 | |
2280 | ||
2281 | dev[0].scan_for_bss(hapd2ap.own_addr(), freq="2412") | |
2282 | # FT: Failed to calculate MIC | |
2283 | with fail_test(hapd2ap, 1, "wpa_ft_validate_reassoc"): | |
2284 | dev[0].request("ROAM " + hapd2ap.own_addr()) | |
2285 | ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10) | |
2286 | dev[0].request("DISCONNECT") | |
2287 | if ev is None: | |
2288 | raise Exception("Association reject not seen") | |
d7f0bef9 JM |
2289 | |
2290 | def test_ap_ft_reassoc_replay(dev, apdev, params): | |
2291 | """WPA2-PSK-FT AP and replayed Reassociation Request frame""" | |
2292 | capfile = os.path.join(params['logdir'], "hwsim0.pcapng") | |
2293 | ssid = "test-ft" | |
2294 | passphrase="12345678" | |
2295 | ||
2296 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
2297 | hapd0 = hostapd.add_ap(apdev[0], params) | |
2298 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
2299 | hapd1 = hostapd.add_ap(apdev[1], params) | |
2300 | ||
2301 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
2302 | scan_freq="2412") | |
2303 | if dev[0].get_status_field('bssid') == hapd0.own_addr(): | |
2304 | hapd1ap = hapd0 | |
2305 | hapd2ap = hapd1 | |
2306 | else: | |
2307 | hapd1ap = hapd1 | |
2308 | hapd2ap = hapd0 | |
2309 | ||
2310 | dev[0].scan_for_bss(hapd2ap.own_addr(), freq="2412") | |
2311 | hapd2ap.set("ext_mgmt_frame_handling", "1") | |
2312 | dev[0].dump_monitor() | |
2313 | if "OK" not in dev[0].request("ROAM " + hapd2ap.own_addr()): | |
2314 | raise Exception("ROAM failed") | |
2315 | ||
2316 | reassocreq = None | |
2317 | count = 0 | |
2318 | while count < 100: | |
2319 | req = hapd2ap.mgmt_rx() | |
2320 | count += 1 | |
2321 | hapd2ap.dump_monitor() | |
2322 | hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame'])) | |
2323 | if req['subtype'] == 2: | |
2324 | reassocreq = req | |
2325 | ev = hapd2ap.wait_event(["MGMT-TX-STATUS"], timeout=5) | |
2326 | if ev is None: | |
2327 | raise Exception("No TX status seen") | |
2328 | cmd = "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev.split(' ')[1:4])) | |
2329 | if "OK" not in hapd2ap.request(cmd): | |
2330 | raise Exception("MGMT_TX_STATUS_PROCESS failed") | |
2331 | break | |
2332 | hapd2ap.set("ext_mgmt_frame_handling", "0") | |
2333 | if reassocreq is None: | |
2334 | raise Exception("No Reassociation Request frame seen") | |
2335 | dev[0].wait_connected() | |
2336 | dev[0].dump_monitor() | |
2337 | hapd2ap.dump_monitor() | |
2338 | ||
2339 | hwsim_utils.test_connectivity(dev[0], hapd2ap) | |
2340 | ||
2341 | logger.info("Replay the last Reassociation Request frame") | |
2342 | hapd2ap.dump_monitor() | |
2343 | hapd2ap.set("ext_mgmt_frame_handling", "1") | |
2344 | hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame'])) | |
2345 | ev = hapd2ap.wait_event(["MGMT-TX-STATUS"], timeout=5) | |
2346 | if ev is None: | |
2347 | raise Exception("No TX status seen") | |
2348 | cmd = "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev.split(' ')[1:4])) | |
2349 | if "OK" not in hapd2ap.request(cmd): | |
2350 | raise Exception("MGMT_TX_STATUS_PROCESS failed") | |
2351 | hapd2ap.set("ext_mgmt_frame_handling", "0") | |
2352 | ||
2353 | try: | |
2354 | hwsim_utils.test_connectivity(dev[0], hapd2ap) | |
2355 | ok = True | |
2356 | except: | |
2357 | ok = False | |
2358 | ||
2359 | ap = hapd2ap.own_addr() | |
2360 | sta = dev[0].own_addr() | |
2361 | filt = "wlan.fc.type == 2 && " + \ | |
2362 | "wlan.da == " + sta + " && " + \ | |
2363 | "wlan.sa == " + ap | |
2364 | fields = [ "wlan.ccmp.extiv" ] | |
2365 | res = run_tshark(capfile, filt, fields) | |
2366 | vals = res.splitlines() | |
2367 | logger.info("CCMP PN: " + str(vals)) | |
2368 | if len(vals) < 2: | |
2369 | raise Exception("Could not find all CCMP protected frames from capture") | |
2370 | if len(set(vals)) < len(vals): | |
2371 | raise Exception("Duplicate CCMP PN used") | |
2372 | ||
2373 | if not ok: | |
2374 | raise Exception("The second hwsim connectivity test failed") | |
0dc3c5f2 JM |
2375 | |
2376 | def test_ap_ft_psk_file(dev, apdev): | |
2377 | """WPA2-PSK-FT AP with PSK from a file""" | |
2378 | ssid = "test-ft" | |
2379 | passphrase="12345678" | |
2380 | ||
2381 | params = ft_params1a(ssid=ssid, passphrase=passphrase) | |
2382 | params['wpa_psk_file'] = 'hostapd.wpa_psk' | |
2383 | hapd = hostapd.add_ap(apdev[0], params) | |
2384 | ||
2385 | dev[1].connect(ssid, psk="very secret", | |
2386 | key_mgmt="FT-PSK", proto="WPA2", ieee80211w="1", | |
2387 | scan_freq="2412", wait_connect=False) | |
2388 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
2389 | ieee80211w="1", scan_freq="2412") | |
2390 | dev[0].request("REMOVE_NETWORK all") | |
2391 | dev[0].wait_disconnected() | |
2392 | dev[0].connect(ssid, psk="very secret", key_mgmt="FT-PSK", proto="WPA2", | |
2393 | ieee80211w="1", scan_freq="2412") | |
2394 | dev[0].request("REMOVE_NETWORK all") | |
2395 | dev[0].wait_disconnected() | |
2396 | dev[0].connect(ssid, psk="secret passphrase", | |
2397 | key_mgmt="FT-PSK", proto="WPA2", ieee80211w="1", | |
2398 | scan_freq="2412") | |
2399 | dev[2].connect(ssid, psk="another passphrase for all STAs", | |
2400 | key_mgmt="FT-PSK", proto="WPA2", ieee80211w="1", | |
2401 | scan_freq="2412") | |
2402 | ev = dev[1].wait_event(["WPA: 4-Way Handshake failed"], timeout=10) | |
2403 | if ev is None: | |
2404 | raise Exception("Timed out while waiting for failure report") | |
2405 | dev[1].request("REMOVE_NETWORK all") | |
62566bc2 JM |
2406 | |
2407 | def test_ap_ft_eap_ap_config_change(dev, apdev): | |
2408 | """WPA2-EAP-FT AP changing from 802.1X-only to FT-only""" | |
2409 | ssid = "test-ft" | |
2410 | passphrase="12345678" | |
2411 | bssid = apdev[0]['bssid'] | |
2412 | ||
2413 | radius = hostapd.radius_params() | |
2414 | params = ft_params1(ssid=ssid, passphrase=passphrase, discovery=True) | |
2415 | params['wpa_key_mgmt'] = "WPA-EAP" | |
2416 | params["ieee8021x"] = "1" | |
2417 | params["pmk_r1_push"] = "0" | |
2418 | params["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff" | |
2419 | params["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff" | |
2420 | params["eap_server"] = "0" | |
2421 | params = dict(radius.items() + params.items()) | |
2422 | hapd = hostapd.add_ap(apdev[0], params) | |
2423 | ||
2424 | dev[0].connect(ssid, key_mgmt="FT-EAP WPA-EAP", proto="WPA2", | |
2425 | eap="GPSK", identity="gpsk user", | |
2426 | password="abcdefghijklmnop0123456789abcdef", | |
2427 | scan_freq="2412") | |
2428 | dev[0].request("DISCONNECT") | |
2429 | dev[0].wait_disconnected() | |
2430 | dev[0].dump_monitor() | |
2431 | ||
2432 | hapd.disable() | |
2433 | hapd.set('wpa_key_mgmt', "FT-EAP") | |
2434 | hapd.enable() | |
2435 | ||
2436 | dev[0].request("BSS_FLUSH 0") | |
2437 | dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True) | |
2438 | ||
2439 | dev[0].request("RECONNECT") | |
2440 | dev[0].wait_connected() | |
55b3cda7 JM |
2441 | |
2442 | def test_ap_ft_eap_sha384(dev, apdev): | |
2443 | """WPA2-EAP-FT with SHA384""" | |
2444 | ssid = "test-ft" | |
2445 | passphrase="12345678" | |
2446 | ||
2447 | radius = hostapd.radius_params() | |
2448 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
2449 | params["ieee80211w"] = "2"; | |
2450 | params['wpa_key_mgmt'] = "FT-EAP-SHA384" | |
2451 | params["ieee8021x"] = "1" | |
2452 | params = dict(radius.items() + params.items()) | |
2453 | hapd0 = hostapd.add_ap(apdev[0], params) | |
2454 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
2455 | params["ieee80211w"] = "2"; | |
2456 | params['wpa_key_mgmt'] = "FT-EAP-SHA384" | |
2457 | params["ieee8021x"] = "1" | |
2458 | params = dict(radius.items() + params.items()) | |
2459 | hapd1 = hostapd.add_ap(apdev[1], params) | |
2460 | ||
2461 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, eap=True, | |
2462 | sha384=True) | |
2463 | ||
2464 | def test_ap_ft_eap_sha384_over_ds(dev, apdev): | |
2465 | """WPA2-EAP-FT with SHA384 over DS""" | |
2466 | ssid = "test-ft" | |
2467 | passphrase="12345678" | |
2468 | ||
2469 | radius = hostapd.radius_params() | |
2470 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
2471 | params["ieee80211w"] = "2"; | |
2472 | params['wpa_key_mgmt'] = "FT-EAP-SHA384" | |
2473 | params["ieee8021x"] = "1" | |
2474 | params = dict(radius.items() + params.items()) | |
2475 | hapd0 = hostapd.add_ap(apdev[0], params) | |
2476 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
2477 | params["ieee80211w"] = "2"; | |
2478 | params['wpa_key_mgmt'] = "FT-EAP-SHA384" | |
2479 | params["ieee8021x"] = "1" | |
2480 | params = dict(radius.items() + params.items()) | |
2481 | hapd1 = hostapd.add_ap(apdev[1], params) | |
2482 | ||
2483 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, | |
2484 | eap=True, sha384=True) |