]> git.ipfire.org Git - thirdparty/hostap.git/blame - tests/hwsim/test_ap_ft.py
projects / thirdparty / hostap.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
FT: Fix Reassociation Request IEs during FT protocol
[thirdparty/hostap.git] / tests / hwsim / test_ap_ft.py
CommitLineData
cd7f1b9a 1# Fast BSS Transition tests
c8942286 2# Copyright (c) 2013-2017, Jouni Malinen <j@w1.fi>
cd7f1b9a
JM		 3#
4# This software may be distributed under the terms of the BSD license.
5# See README for more details.
6
9fd6804d 7from remotehost import remote_compatible
5b3c40a6
JM		 8import binascii
9import os
cd7f1b9a 10import time
cd7f1b9a 11import logging
c9aa4308 12logger = logging.getLogger()
c8942286 13import struct
cd7f1b9a
JM		 14
15import hwsim_utils
16import hostapd
d7f0bef9 17from tshark import run_tshark
c8942286 18from utils import HwsimSkip, alloc_fail, fail_test, wait_fail_trigger, skip_with_fips, parse_ie
cd7f1b9a 19from wlantest import Wlantest
5b3c40a6 20from test_ap_psk import check_mib, find_wpas_process, read_process_memory, verify_not_present, get_key_locations
cd7f1b9a
JM		 21
22def ft_base_rsn():
23 params = { "wpa": "2",
24 "wpa_key_mgmt": "FT-PSK",
25 "rsn_pairwise": "CCMP" }
26 return params
27
28def ft_base_mixed():
29 params = { "wpa": "3",
30 "wpa_key_mgmt": "WPA-PSK FT-PSK",
31 "wpa_pairwise": "TKIP",
32 "rsn_pairwise": "CCMP" }
33 return params
34
35def ft_params(rsn=True, ssid=None, passphrase=None):
36 if rsn:
37 params = ft_base_rsn()
38 else:
39 params = ft_base_mixed()
40 if ssid:
41 params["ssid"] = ssid
42 if passphrase:
43 params["wpa_passphrase"] = passphrase
44
45 params["mobility_domain"] = "a1b2"
46 params["r0_key_lifetime"] = "10000"
47 params["pmk_r1_push"] = "1"
48 params["reassociation_deadline"] = "1000"
49 return params
50
d0175d6e 51def ft_params1a(rsn=True, ssid=None, passphrase=None):
cd7f1b9a
JM		 52 params = ft_params(rsn, ssid, passphrase)
53 params['nas_identifier'] = "nas1.w1.fi"
54 params['r1_key_holder'] = "000102030405"
d0175d6e
MB		 55 return params
56
942b52a8 57def ft_params1(rsn=True, ssid=None, passphrase=None, discovery=False):
d0175d6e 58 params = ft_params1a(rsn, ssid, passphrase)
942b52a8
MB		 59 if discovery:
60 params['r0kh'] = "ff:ff:ff:ff:ff:ff * 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
61 params['r1kh'] = "00:00:00:00:00:00 00:00:00:00:00:00 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
62 else:
63 params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f",
64 "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f" ]
65 params['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f"
cd7f1b9a
JM		 66 return params
67
c95dd8e4
JM		 68def ft_params1_old_key(rsn=True, ssid=None, passphrase=None):
69 params = ft_params1a(rsn, ssid, passphrase)
70 params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f",
71 "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f" ]
72 params['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f"
73 return params
74
d0175d6e 75def ft_params2a(rsn=True, ssid=None, passphrase=None):
cd7f1b9a
JM		 76 params = ft_params(rsn, ssid, passphrase)
77 params['nas_identifier'] = "nas2.w1.fi"
78 params['r1_key_holder'] = "000102030406"
d0175d6e
MB		 79 return params
80
942b52a8 81def ft_params2(rsn=True, ssid=None, passphrase=None, discovery=False):
d0175d6e 82 params = ft_params2a(rsn, ssid, passphrase)
942b52a8
MB		 83 if discovery:
84 params['r0kh'] = "ff:ff:ff:ff:ff:ff * 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
85 params['r1kh'] = "00:00:00:00:00:00 00:00:00:00:00:00 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
86 else:
87 params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f",
88 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f" ]
89 params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"
cd7f1b9a
JM		 90 return params
91
c95dd8e4
JM		 92def ft_params2_old_key(rsn=True, ssid=None, passphrase=None):
93 params = ft_params2a(rsn, ssid, passphrase)
94 params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f",
95 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f" ]
96 params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f"
97 return params
98
3b808945
JM		 99def ft_params1_r0kh_mismatch(rsn=True, ssid=None, passphrase=None):
100 params = ft_params(rsn, ssid, passphrase)
101 params['nas_identifier'] = "nas1.w1.fi"
102 params['r1_key_holder'] = "000102030405"
9441a227
MB		 103 params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f",
104 "12:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f" ]
105 params['r1kh'] = "12:00:00:00:04:00 10:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f"
3b808945
JM		 106 return params
107
108def ft_params2_incorrect_rrb_key(rsn=True, ssid=None, passphrase=None):
109 params = ft_params(rsn, ssid, passphrase)
110 params['nas_identifier'] = "nas2.w1.fi"
111 params['r1_key_holder'] = "000102030406"
9441a227
MB		 112 params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0ef1200102030405060708090a0b0c0d0ef1",
113 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0ef2000102030405060708090a0b0c0d0ef2" ]
114 params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0ef3300102030405060708090a0b0c0d0ef3"
3b808945
JM		 115 return params
116
117def ft_params2_r0kh_mismatch(rsn=True, ssid=None, passphrase=None):
118 params = ft_params(rsn, ssid, passphrase)
119 params['nas_identifier'] = "nas2.w1.fi"
120 params['r1_key_holder'] = "000102030406"
9441a227
MB		 121 params['r0kh'] = [ "12:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f",
122 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f" ]
123 params['r1kh'] = "12:00:00:00:03:00 10:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"
3b808945
JM		 124 return params
125
7b741a53
JM		 126def run_roams(dev, apdev, hapd0, hapd1, ssid, passphrase, over_ds=False,
127 sae=False, eap=False, fail_test=False, roams=1,
fd7205fa 128 pairwise_cipher="CCMP", group_cipher="TKIP CCMP", ptk_rekey="0",
473e5176 129 test_connectivity=True, eap_identity="gpsk user", conndev=False,
ffcaca68
JM		 130 force_initial_conn_to_first_ap=False, sha384=False,
131 group_mgmt=None):
cd7f1b9a 132 logger.info("Connect to first AP")
473e5176
MB		 133
134 copts = {}
135 copts["proto"] = "WPA2"
136 copts["ieee80211w"] = "1"
137 copts["scan_freq"] = "2412"
138 copts["pairwise"] = pairwise_cipher
139 copts["group"] = group_cipher
140 copts["wpa_ptk_rekey"] = ptk_rekey
ffcaca68
JM		 141 if group_mgmt:
142 copts["group_mgmt"] = group_mgmt
6f62809b 143 if eap:
55b3cda7 144 copts["key_mgmt"] = "FT-EAP-SHA384" if sha384 else "FT-EAP"
473e5176
MB		 145 copts["eap"] = "GPSK"
146 copts["identity"] = eap_identity
147 copts["password"] = "abcdefghijklmnop0123456789abcdef"
6e658cc4 148 else:
6f62809b 149 if sae:
473e5176 150 copts["key_mgmt"] = "FT-SAE"
6f62809b 151 else:
473e5176
MB		 152 copts["key_mgmt"] = "FT-PSK"
153 copts["psk"] = passphrase
154 if force_initial_conn_to_first_ap:
155 copts["bssid"] = apdev[0]['bssid']
156 dev.connect(ssid, **copts)
157
cd7f1b9a
JM		 158 if dev.get_status_field('bssid') == apdev[0]['bssid']:
159 ap1 = apdev[0]
160 ap2 = apdev[1]
a8375c94
JM		 161 hapd1ap = hapd0
162 hapd2ap = hapd1
cd7f1b9a
JM		 163 else:
164 ap1 = apdev[1]
165 ap2 = apdev[0]
a8375c94
JM		 166 hapd1ap = hapd1
167 hapd2ap = hapd0
fd7205fa 168 if test_connectivity:
9c50a6d3
MB		 169 if conndev:
170 hwsim_utils.test_connectivity_iface(dev, hapd1ap, conndev)
171 else:
172 hwsim_utils.test_connectivity(dev, hapd1ap)
cd7f1b9a 173
655bc8bf 174 dev.scan_for_bss(ap2['bssid'], freq="2412")
40602101
JM		 175
176 for i in range(0, roams):
e0382291
MB		 177 # Roaming artificially fast can make data test fail because the key is
178 # set later.
179 time.sleep(0.01)
40602101
JM		 180 logger.info("Roam to the second AP")
181 if over_ds:
182 dev.roam_over_ds(ap2['bssid'], fail_test=fail_test)
183 else:
184 dev.roam(ap2['bssid'], fail_test=fail_test)
185 if fail_test:
186 return
187 if dev.get_status_field('bssid') != ap2['bssid']:
188 raise Exception("Did not connect to correct AP")
fd7205fa 189 if (i == 0 or i == roams - 1) and test_connectivity:
9c50a6d3
MB		 190 if conndev:
191 hwsim_utils.test_connectivity_iface(dev, hapd2ap, conndev)
192 else:
193 hwsim_utils.test_connectivity(dev, hapd2ap)
40602101 194
e0382291
MB		 195 # Roaming artificially fast can make data test fail because the key is
196 # set later.
197 time.sleep(0.01)
40602101
JM		 198 logger.info("Roam back to the first AP")
199 if over_ds:
200 dev.roam_over_ds(ap1['bssid'])
201 else:
202 dev.roam(ap1['bssid'])
203 if dev.get_status_field('bssid') != ap1['bssid']:
204 raise Exception("Did not connect to correct AP")
fd7205fa 205 if (i == 0 or i == roams - 1) and test_connectivity:
9c50a6d3
MB		 206 if conndev:
207 hwsim_utils.test_connectivity_iface(dev, hapd1ap, conndev)
208 else:
209 hwsim_utils.test_connectivity(dev, hapd1ap)
cd7f1b9a
JM		 210
211def test_ap_ft(dev, apdev):
212 """WPA2-PSK-FT AP"""
213 ssid = "test-ft"
214 passphrase="12345678"
215
216 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 217 hapd0 = hostapd.add_ap(apdev[0], params)
cd7f1b9a 218 params = ft_params2(ssid=ssid, passphrase=passphrase)
8b8a1864 219 hapd1 = hostapd.add_ap(apdev[1], params)
cd7f1b9a 220
a8375c94 221 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
91bc6c36
JM		 222 if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"):
223 raise Exception("Scan results missing RSN element info")
cd7f1b9a 224
c95dd8e4
JM		 225def test_ap_ft_old_key(dev, apdev):
226 """WPA2-PSK-FT AP (old key)"""
227 ssid = "test-ft"
228 passphrase="12345678"
229
230 params = ft_params1_old_key(ssid=ssid, passphrase=passphrase)
231 hapd0 = hostapd.add_ap(apdev[0], params)
232 params = ft_params2_old_key(ssid=ssid, passphrase=passphrase)
233 hapd1 = hostapd.add_ap(apdev[1], params)
234
235 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
236
e4612f84
JM		 237def test_ap_ft_multi_akm(dev, apdev):
238 """WPA2-PSK-FT AP with non-FT AKMs enabled"""
239 ssid = "test-ft"
240 passphrase="12345678"
241
242 params = ft_params1(ssid=ssid, passphrase=passphrase)
243 params["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256"
244 hapd0 = hostapd.add_ap(apdev[0], params)
245 params = ft_params2(ssid=ssid, passphrase=passphrase)
246 params["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256"
247 hapd1 = hostapd.add_ap(apdev[1], params)
248
249 Wlantest.setup(hapd0)
250 wt = Wlantest()
251 wt.flush()
252 wt.add_passphrase(passphrase)
253
254 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
255 if "[WPA2-PSK+FT/PSK+PSK-SHA256-CCMP]" not in dev[0].request("SCAN_RESULTS"):
256 raise Exception("Scan results missing RSN element info")
257 dev[1].connect(ssid, psk=passphrase, scan_freq="2412")
258 dev[2].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK-SHA256",
259 scan_freq="2412")
260
d0175d6e
MB		 261def test_ap_ft_local_key_gen(dev, apdev):
262 """WPA2-PSK-FT AP with local key generation (without pull/push)"""
263 ssid = "test-ft"
264 passphrase="12345678"
265
266 params = ft_params1a(ssid=ssid, passphrase=passphrase)
267 params['ft_psk_generate_local'] = "1";
8344ba12 268 del params['pmk_r1_push']
b098542c 269 hapd0 = hostapd.add_ap(apdev[0], params)
d0175d6e
MB		 270 params = ft_params2a(ssid=ssid, passphrase=passphrase)
271 params['ft_psk_generate_local'] = "1";
8344ba12 272 del params['pmk_r1_push']
b098542c 273 hapd1 = hostapd.add_ap(apdev[1], params)
d0175d6e
MB		 274
275 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
276 if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"):
277 raise Exception("Scan results missing RSN element info")
278
473e5176
MB		 279def test_ap_ft_vlan(dev, apdev):
280 """WPA2-PSK-FT AP with VLAN"""
281 ssid = "test-ft"
282 passphrase="12345678"
283
284 params = ft_params1(ssid=ssid, passphrase=passphrase)
285 params['dynamic_vlan'] = "1";
286 params['accept_mac_file'] = "hostapd.accept";
287 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
288
289 params = ft_params2(ssid=ssid, passphrase=passphrase)
290 params['dynamic_vlan'] = "1";
291 params['accept_mac_file'] = "hostapd.accept";
292 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
293
294 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, conndev="brvlan1")
295 if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"):
296 raise Exception("Scan results missing RSN element info")
297
298def test_ap_ft_vlan_disconnected(dev, apdev):
299 """WPA2-PSK-FT AP with VLAN and local key generation"""
300 ssid = "test-ft"
301 passphrase="12345678"
302
303 params = ft_params1a(ssid=ssid, passphrase=passphrase)
304 params['dynamic_vlan'] = "1";
305 params['accept_mac_file'] = "hostapd.accept";
306 params['ft_psk_generate_local'] = "1";
307 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
308
309 params = ft_params2a(ssid=ssid, passphrase=passphrase)
310 params['dynamic_vlan'] = "1";
311 params['accept_mac_file'] = "hostapd.accept";
312 params['ft_psk_generate_local'] = "1";
313 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
314
315 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, conndev="brvlan1")
316 if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"):
317 raise Exception("Scan results missing RSN element info")
318
319def test_ap_ft_vlan_2(dev, apdev):
320 """WPA2-PSK-FT AP with VLAN and dest-AP does not have VLAN info locally"""
321 ssid = "test-ft"
322 passphrase="12345678"
323
324 params = ft_params1(ssid=ssid, passphrase=passphrase)
325 params['dynamic_vlan'] = "1";
326 params['accept_mac_file'] = "hostapd.accept";
327 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
328
329 params = ft_params2(ssid=ssid, passphrase=passphrase)
330 params['dynamic_vlan'] = "1";
331 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
332
333 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, conndev="brvlan1",
334 force_initial_conn_to_first_ap=True)
335 if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"):
336 raise Exception("Scan results missing RSN element info")
337
40602101
JM		 338def test_ap_ft_many(dev, apdev):
339 """WPA2-PSK-FT AP multiple times"""
340 ssid = "test-ft"
341 passphrase="12345678"
342
343 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 344 hapd0 = hostapd.add_ap(apdev[0], params)
40602101 345 params = ft_params2(ssid=ssid, passphrase=passphrase)
8b8a1864 346 hapd1 = hostapd.add_ap(apdev[1], params)
40602101 347
a8375c94 348 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, roams=50)
40602101 349
473e5176
MB		 350def test_ap_ft_many_vlan(dev, apdev):
351 """WPA2-PSK-FT AP with VLAN multiple times"""
352 ssid = "test-ft"
353 passphrase="12345678"
354
355 params = ft_params1(ssid=ssid, passphrase=passphrase)
356 params['dynamic_vlan'] = "1";
357 params['accept_mac_file'] = "hostapd.accept";
358 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
359
360 params = ft_params2(ssid=ssid, passphrase=passphrase)
361 params['dynamic_vlan'] = "1";
362 params['accept_mac_file'] = "hostapd.accept";
363 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
364
365 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, roams=50,
366 conndev="brvlan1")
367
cd7f1b9a
JM		 368def test_ap_ft_mixed(dev, apdev):
369 """WPA2-PSK-FT mixed-mode AP"""
370 ssid = "test-ft-mixed"
371 passphrase="12345678"
372
373 params = ft_params1(rsn=False, ssid=ssid, passphrase=passphrase)
8b8a1864 374 hapd = hostapd.add_ap(apdev[0], params)
65038313
JM		 375 key_mgmt = hapd.get_config()['key_mgmt']
376 vals = key_mgmt.split(' ')
377 if vals[0] != "WPA-PSK" or vals[1] != "FT-PSK":
378 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
cd7f1b9a 379 params = ft_params2(rsn=False, ssid=ssid, passphrase=passphrase)
8b8a1864 380 hapd1 = hostapd.add_ap(apdev[1], params)
cd7f1b9a 381
a8375c94 382 run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase)
cd7f1b9a
JM		 383
384def test_ap_ft_pmf(dev, apdev):
385 """WPA2-PSK-FT AP with PMF"""
386 ssid = "test-ft"
387 passphrase="12345678"
388
389 params = ft_params1(ssid=ssid, passphrase=passphrase)
bc6e3288 390 params["ieee80211w"] = "2"
8b8a1864 391 hapd0 = hostapd.add_ap(apdev[0], params)
cd7f1b9a 392 params = ft_params2(ssid=ssid, passphrase=passphrase)
bc6e3288 393 params["ieee80211w"] = "2"
8b8a1864 394 hapd1 = hostapd.add_ap(apdev[1], params)
cd7f1b9a 395
a8375c94 396 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
b553eab1 397
ffcaca68
JM		 398def test_ap_ft_pmf_bip_cmac_128(dev, apdev):
399 """WPA2-PSK-FT AP with PMF/BIP-CMAC-128"""
400 run_ap_ft_pmf_bip(dev, apdev, "AES-128-CMAC")
401
402def test_ap_ft_pmf_bip_gmac_128(dev, apdev):
403 """WPA2-PSK-FT AP with PMF/BIP-GMAC-128"""
404 run_ap_ft_pmf_bip(dev, apdev, "BIP-GMAC-128")
405
406def test_ap_ft_pmf_bip_gmac_256(dev, apdev):
407 """WPA2-PSK-FT AP with PMF/BIP-GMAC-256"""
408 run_ap_ft_pmf_bip(dev, apdev, "BIP-GMAC-256")
409
410def test_ap_ft_pmf_bip_cmac_256(dev, apdev):
411 """WPA2-PSK-FT AP with PMF/BIP-CMAC-256"""
412 run_ap_ft_pmf_bip(dev, apdev, "BIP-CMAC-256")
413
414def run_ap_ft_pmf_bip(dev, apdev, cipher):
415 if cipher not in dev[0].get_capability("group_mgmt"):
416 raise HwsimSkip("Cipher %s not supported" % cipher)
417
418 ssid = "test-ft"
419 passphrase="12345678"
420
421 params = ft_params1(ssid=ssid, passphrase=passphrase)
422 params["ieee80211w"] = "2"
423 params["group_mgmt_cipher"] = cipher
424 hapd0 = hostapd.add_ap(apdev[0], params)
425 params = ft_params2(ssid=ssid, passphrase=passphrase)
426 params["ieee80211w"] = "2"
427 params["group_mgmt_cipher"] = cipher
428 hapd1 = hostapd.add_ap(apdev[1], params)
429
430 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase,
431 group_mgmt=cipher)
432
b553eab1
JM		 433def test_ap_ft_over_ds(dev, apdev):
434 """WPA2-PSK-FT AP over DS"""
435 ssid = "test-ft"
436 passphrase="12345678"
437
438 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 439 hapd0 = hostapd.add_ap(apdev[0], params)
b553eab1 440 params = ft_params2(ssid=ssid, passphrase=passphrase)
8b8a1864 441 hapd1 = hostapd.add_ap(apdev[1], params)
b553eab1 442
a8375c94 443 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True)
eaf3f9b1
JM		 444 check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"),
445 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4") ])
b553eab1 446
55139acb
JM		 447def test_ap_ft_over_ds_disabled(dev, apdev):
448 """WPA2-PSK-FT AP over DS disabled"""
449 ssid = "test-ft"
450 passphrase="12345678"
451
452 params = ft_params1(ssid=ssid, passphrase=passphrase)
453 params['ft_over_ds'] = '0'
454 hapd0 = hostapd.add_ap(apdev[0], params)
455 params = ft_params2(ssid=ssid, passphrase=passphrase)
456 params['ft_over_ds'] = '0'
457 hapd1 = hostapd.add_ap(apdev[1], params)
458
459 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
460 fail_test=True)
461
473e5176
MB		 462def test_ap_ft_vlan_over_ds(dev, apdev):
463 """WPA2-PSK-FT AP over DS with VLAN"""
464 ssid = "test-ft"
465 passphrase="12345678"
466
467 params = ft_params1(ssid=ssid, passphrase=passphrase)
468 params['dynamic_vlan'] = "1";
469 params['accept_mac_file'] = "hostapd.accept";
470 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
471 params = ft_params2(ssid=ssid, passphrase=passphrase)
472 params['dynamic_vlan'] = "1";
473 params['accept_mac_file'] = "hostapd.accept";
474 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
475
476 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
477 conndev="brvlan1")
478 check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"),
479 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4") ])
480
40602101
JM		 481def test_ap_ft_over_ds_many(dev, apdev):
482 """WPA2-PSK-FT AP over DS multiple times"""
483 ssid = "test-ft"
484 passphrase="12345678"
485
486 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 487 hapd0 = hostapd.add_ap(apdev[0], params)
40602101 488 params = ft_params2(ssid=ssid, passphrase=passphrase)
8b8a1864 489 hapd1 = hostapd.add_ap(apdev[1], params)
40602101 490
a8375c94
JM		 491 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
492 roams=50)
40602101 493
473e5176
MB		 494def test_ap_ft_vlan_over_ds_many(dev, apdev):
495 """WPA2-PSK-FT AP over DS with VLAN multiple times"""
496 ssid = "test-ft"
497 passphrase="12345678"
498
499 params = ft_params1(ssid=ssid, passphrase=passphrase)
500 params['dynamic_vlan'] = "1";
501 params['accept_mac_file'] = "hostapd.accept";
502 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
503 params = ft_params2(ssid=ssid, passphrase=passphrase)
504 params['dynamic_vlan'] = "1";
505 params['accept_mac_file'] = "hostapd.accept";
506 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
507
508 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
509 roams=50, conndev="brvlan1")
510
9fd6804d 511@remote_compatible
c337d07a
JM		 512def test_ap_ft_over_ds_unknown_target(dev, apdev):
513 """WPA2-PSK-FT AP"""
514 ssid = "test-ft"
515 passphrase="12345678"
516
517 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 518 hapd0 = hostapd.add_ap(apdev[0], params)
c337d07a
JM		 519
520 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
521 scan_freq="2412")
522 dev[0].roam_over_ds("02:11:22:33:44:55", fail_test=True)
523
9fd6804d 524@remote_compatible
211bb7c5
JM		 525def test_ap_ft_over_ds_unexpected(dev, apdev):
526 """WPA2-PSK-FT AP over DS and unexpected response"""
527 ssid = "test-ft"
528 passphrase="12345678"
529
530 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 531 hapd0 = hostapd.add_ap(apdev[0], params)
211bb7c5 532 params = ft_params2(ssid=ssid, passphrase=passphrase)
8b8a1864 533 hapd1 = hostapd.add_ap(apdev[1], params)
211bb7c5
JM		 534
535 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
536 scan_freq="2412")
537 if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
538 ap1 = apdev[0]
539 ap2 = apdev[1]
540 hapd1ap = hapd0
541 hapd2ap = hapd1
542 else:
543 ap1 = apdev[1]
544 ap2 = apdev[0]
545 hapd1ap = hapd1
546 hapd2ap = hapd0
547
548 addr = dev[0].own_addr()
549 hapd1ap.set("ext_mgmt_frame_handling", "1")
550 logger.info("Foreign STA address")
551 msg = {}
552 msg['fc'] = 13 << 4
553 msg['da'] = addr
554 msg['sa'] = ap1['bssid']
555 msg['bssid'] = ap1['bssid']
556 msg['payload'] = binascii.unhexlify("06021122334455660102030405060000")
557 hapd1ap.mgmt_tx(msg)
558
559 logger.info("No over-the-DS in progress")
560 msg['payload'] = binascii.unhexlify("0602" + addr.replace(':', '') + "0102030405060000")
561 hapd1ap.mgmt_tx(msg)
562
563 logger.info("Non-zero status code")
564 msg['payload'] = binascii.unhexlify("0602" + addr.replace(':', '') + "0102030405060100")
565 hapd1ap.mgmt_tx(msg)
566
567 hapd1ap.dump_monitor()
568
569 dev[0].scan_for_bss(ap2['bssid'], freq="2412")
570 if "OK" not in dev[0].request("FT_DS " + ap2['bssid']):
571 raise Exception("FT_DS failed")
572
573 req = hapd1ap.mgmt_rx()
574
575 logger.info("Foreign Target AP")
576 msg['payload'] = binascii.unhexlify("0602" + addr.replace(':', '') + "0102030405060000")
577 hapd1ap.mgmt_tx(msg)
578
579 addrs = addr.replace(':', '') + ap2['bssid'].replace(':', '')
580
581 logger.info("No IEs")
582 msg['payload'] = binascii.unhexlify("0602" + addrs + "0000")
583 hapd1ap.mgmt_tx(msg)
584
585 logger.info("Invalid IEs (trigger parsing failure)")
586 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003700")
587 hapd1ap.mgmt_tx(msg)
588
589 logger.info("Too short MDIE")
590 msg['payload'] = binascii.unhexlify("0602" + addrs + "000036021122")
591 hapd1ap.mgmt_tx(msg)
592
593 logger.info("Mobility domain mismatch")
594 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603112201")
595 hapd1ap.mgmt_tx(msg)
596
597 logger.info("No FTIE")
598 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201")
599 hapd1ap.mgmt_tx(msg)
600
601 logger.info("FTIE SNonce mismatch")
602 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "1000000000000000000000000000000000000000000000000000000000000001" + "030a6e6173322e77312e6669")
603 hapd1ap.mgmt_tx(msg)
604
605 logger.info("No R0KH-ID subelem in FTIE")
606 snonce = binascii.hexlify(req['payload'][111:111+32])
607 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b20137520000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce)
608 hapd1ap.mgmt_tx(msg)
609
610 logger.info("No R0KH-ID subelem mismatch in FTIE")
611 snonce = binascii.hexlify(req['payload'][111:111+32])
612 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce + "030a11223344556677889900")
613 hapd1ap.mgmt_tx(msg)
614
615 logger.info("No R1KH-ID subelem in FTIE")
616 r0khid = binascii.hexlify(req['payload'][145:145+10])
617 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce + "030a" + r0khid)
618 hapd1ap.mgmt_tx(msg)
619
620 logger.info("No RSNE")
621 r0khid = binascii.hexlify(req['payload'][145:145+10])
622 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b20137660000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce + "030a" + r0khid + "0106000102030405")
623 hapd1ap.mgmt_tx(msg)
624
b553eab1
JM		 625def test_ap_ft_pmf_over_ds(dev, apdev):
626 """WPA2-PSK-FT AP over DS with PMF"""
627 ssid = "test-ft"
628 passphrase="12345678"
629
630 params = ft_params1(ssid=ssid, passphrase=passphrase)
bc6e3288 631 params["ieee80211w"] = "2"
8b8a1864 632 hapd0 = hostapd.add_ap(apdev[0], params)
b553eab1 633 params = ft_params2(ssid=ssid, passphrase=passphrase)
bc6e3288 634 params["ieee80211w"] = "2"
8b8a1864 635 hapd1 = hostapd.add_ap(apdev[1], params)
b553eab1 636
ffcaca68
JM		 637def test_ap_ft_pmf_bip_cmac_128_over_ds(dev, apdev):
638 """WPA2-PSK-FT AP over DS with PMF/BIP-CMAC-128"""
639 run_ap_ft_pmf_bip_over_ds(dev, apdev, "AES-128-CMAC")
640
641def test_ap_ft_pmf_bip_gmac_128_over_ds(dev, apdev):
642 """WPA2-PSK-FT AP over DS with PMF/BIP-GMAC-128"""
643 run_ap_ft_pmf_bip_over_ds(dev, apdev, "BIP-GMAC-128")
644
645def test_ap_ft_pmf_bip_gmac_256_over_ds(dev, apdev):
646 """WPA2-PSK-FT AP over DS with PMF/BIP-GMAC-256"""
647 run_ap_ft_pmf_bip_over_ds(dev, apdev, "BIP-GMAC-256")
648
649def test_ap_ft_pmf_bip_cmac_256_over_ds(dev, apdev):
650 """WPA2-PSK-FT AP over DS with PMF/BIP-CMAC-256"""
651 run_ap_ft_pmf_bip_over_ds(dev, apdev, "BIP-CMAC-256")
652
653def run_ap_ft_pmf_bip_over_ds(dev, apdev, cipher):
654 if cipher not in dev[0].get_capability("group_mgmt"):
655 raise HwsimSkip("Cipher %s not supported" % cipher)
656
657 ssid = "test-ft"
658 passphrase="12345678"
659
660 params = ft_params1(ssid=ssid, passphrase=passphrase)
661 params["ieee80211w"] = "2"
662 params["group_mgmt_cipher"] = cipher
663 hapd0 = hostapd.add_ap(apdev[0], params)
664 params = ft_params2(ssid=ssid, passphrase=passphrase)
665 params["ieee80211w"] = "2"
666 params["group_mgmt_cipher"] = cipher
667 hapd1 = hostapd.add_ap(apdev[1], params)
668
669 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
670 group_mgmt=cipher)
6e658cc4 671
aaba98d3
JM		 672def test_ap_ft_over_ds_pull(dev, apdev):
673 """WPA2-PSK-FT AP over DS (pull PMK)"""
674 ssid = "test-ft"
675 passphrase="12345678"
676
677 params = ft_params1(ssid=ssid, passphrase=passphrase)
678 params["pmk_r1_push"] = "0"
8b8a1864 679 hapd0 = hostapd.add_ap(apdev[0], params)
aaba98d3
JM		 680 params = ft_params2(ssid=ssid, passphrase=passphrase)
681 params["pmk_r1_push"] = "0"
8b8a1864 682 hapd1 = hostapd.add_ap(apdev[1], params)
aaba98d3 683
a8375c94 684 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True)
aaba98d3 685
c95dd8e4
JM		 686def test_ap_ft_over_ds_pull_old_key(dev, apdev):
687 """WPA2-PSK-FT AP over DS (pull PMK; old key)"""
688 ssid = "test-ft"
689 passphrase="12345678"
690
691 params = ft_params1_old_key(ssid=ssid, passphrase=passphrase)
692 params["pmk_r1_push"] = "0"
693 hapd0 = hostapd.add_ap(apdev[0], params)
694 params = ft_params2_old_key(ssid=ssid, passphrase=passphrase)
695 params["pmk_r1_push"] = "0"
696 hapd1 = hostapd.add_ap(apdev[1], params)
697
698 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True)
699
473e5176
MB		 700def test_ap_ft_over_ds_pull_vlan(dev, apdev):
701 """WPA2-PSK-FT AP over DS (pull PMK) with VLAN"""
702 ssid = "test-ft"
703 passphrase="12345678"
704
705 params = ft_params1(ssid=ssid, passphrase=passphrase)
706 params["pmk_r1_push"] = "0"
707 params['dynamic_vlan'] = "1";
708 params['accept_mac_file'] = "hostapd.accept";
709 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
710 params = ft_params2(ssid=ssid, passphrase=passphrase)
711 params["pmk_r1_push"] = "0"
712 params['dynamic_vlan'] = "1";
713 params['accept_mac_file'] = "hostapd.accept";
714 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
715
716 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
717 conndev="brvlan1")
718
6e658cc4
JM		 719def test_ap_ft_sae(dev, apdev):
720 """WPA2-PSK-FT-SAE AP"""
b9749b6a
JM		 721 if "SAE" not in dev[0].get_capability("auth_alg"):
722 raise HwsimSkip("SAE not supported")
6e658cc4
JM		 723 ssid = "test-ft"
724 passphrase="12345678"
725
726 params = ft_params1(ssid=ssid, passphrase=passphrase)
727 params['wpa_key_mgmt'] = "FT-SAE"
8b8a1864 728 hapd0 = hostapd.add_ap(apdev[0], params)
6e658cc4
JM		 729 params = ft_params2(ssid=ssid, passphrase=passphrase)
730 params['wpa_key_mgmt'] = "FT-SAE"
8b8a1864 731 hapd = hostapd.add_ap(apdev[1], params)
65038313
JM		 732 key_mgmt = hapd.get_config()['key_mgmt']
733 if key_mgmt.split(' ')[0] != "FT-SAE":
734 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
6e658cc4 735
17ffdf39 736 dev[0].request("SET sae_groups ")
a8375c94 737 run_roams(dev[0], apdev, hapd0, hapd, ssid, passphrase, sae=True)
6e658cc4
JM		 738
739def test_ap_ft_sae_over_ds(dev, apdev):
740 """WPA2-PSK-FT-SAE AP over DS"""
b9749b6a
JM		 741 if "SAE" not in dev[0].get_capability("auth_alg"):
742 raise HwsimSkip("SAE not supported")
6e658cc4
JM		 743 ssid = "test-ft"
744 passphrase="12345678"
745
746 params = ft_params1(ssid=ssid, passphrase=passphrase)
747 params['wpa_key_mgmt'] = "FT-SAE"
8b8a1864 748 hapd0 = hostapd.add_ap(apdev[0], params)
6e658cc4
JM		 749 params = ft_params2(ssid=ssid, passphrase=passphrase)
750 params['wpa_key_mgmt'] = "FT-SAE"
8b8a1864 751 hapd1 = hostapd.add_ap(apdev[1], params)
6e658cc4 752
17ffdf39 753 dev[0].request("SET sae_groups ")
a8375c94
JM		 754 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, sae=True,
755 over_ds=True)
6f62809b 756
d269740a
MB		 757def generic_ap_ft_eap(dev, apdev, vlan=False, cui=False, over_ds=False,
758 discovery=False, roams=1):
6f62809b
JM		 759 ssid = "test-ft"
760 passphrase="12345678"
9c50a6d3
MB		 761 if vlan:
762 identity="gpsk-vlan1"
763 conndev="brvlan1"
d269740a
MB		 764 elif cui:
765 identity="gpsk-cui"
766 conndev=False
9c50a6d3
MB		 767 else:
768 identity="gpsk user"
769 conndev=False
6f62809b
JM		 770
771 radius = hostapd.radius_params()
942b52a8 772 params = ft_params1(ssid=ssid, passphrase=passphrase, discovery=discovery)
6f62809b
JM		 773 params['wpa_key_mgmt'] = "FT-EAP"
774 params["ieee8021x"] = "1"
9c50a6d3
MB		 775 if vlan:
776 params["dynamic_vlan"] = "1"
6f62809b 777 params = dict(radius.items() + params.items())
8b8a1864 778 hapd = hostapd.add_ap(apdev[0], params)
65038313
JM		 779 key_mgmt = hapd.get_config()['key_mgmt']
780 if key_mgmt.split(' ')[0] != "FT-EAP":
781 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
942b52a8 782 params = ft_params2(ssid=ssid, passphrase=passphrase, discovery=discovery)
6f62809b
JM		 783 params['wpa_key_mgmt'] = "FT-EAP"
784 params["ieee8021x"] = "1"
9c50a6d3
MB		 785 if vlan:
786 params["dynamic_vlan"] = "1"
6f62809b 787 params = dict(radius.items() + params.items())
8b8a1864 788 hapd1 = hostapd.add_ap(apdev[1], params)
6f62809b 789
942b52a8 790 run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True,
9c50a6d3
MB		 791 over_ds=over_ds, roams=roams, eap_identity=identity,
792 conndev=conndev)
91bc6c36
JM		 793 if "[WPA2-FT/EAP-CCMP]" not in dev[0].request("SCAN_RESULTS"):
794 raise Exception("Scan results missing RSN element info")
eaf3f9b1
JM		 795 check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-3"),
796 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-3") ])
aaba98d3 797
4013d688
JM		 798 # Verify EAPOL reauthentication after FT protocol
799 if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
800 ap = hapd
801 else:
802 ap = hapd1
803 ap.request("EAPOL_REAUTH " + dev[0].own_addr())
804 ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)
805 if ev is None:
806 raise Exception("EAP authentication did not start")
807 ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=5)
808 if ev is None:
809 raise Exception("EAP authentication did not succeed")
810 time.sleep(0.1)
9c50a6d3
MB		 811 if conndev:
812 hwsim_utils.test_connectivity_iface(dev[0], ap, conndev)
813 else:
814 hwsim_utils.test_connectivity(dev[0], ap)
4013d688 815
942b52a8
MB		 816def test_ap_ft_eap(dev, apdev):
817 """WPA2-EAP-FT AP"""
818 generic_ap_ft_eap(dev, apdev)
819
d269740a
MB		 820def test_ap_ft_eap_cui(dev, apdev):
821 """WPA2-EAP-FT AP with CUI"""
822 generic_ap_ft_eap(dev, apdev, vlan=False, cui=True)
823
9c50a6d3
MB		 824def test_ap_ft_eap_vlan(dev, apdev):
825 """WPA2-EAP-FT AP with VLAN"""
826 generic_ap_ft_eap(dev, apdev, vlan=True)
827
828def test_ap_ft_eap_vlan_multi(dev, apdev):
829 """WPA2-EAP-FT AP with VLAN"""
830 generic_ap_ft_eap(dev, apdev, vlan=True, roams=50)
831
942b52a8
MB		 832def test_ap_ft_eap_over_ds(dev, apdev):
833 """WPA2-EAP-FT AP using over-the-DS"""
834 generic_ap_ft_eap(dev, apdev, over_ds=True)
835
836def test_ap_ft_eap_dis(dev, apdev):
837 """WPA2-EAP-FT AP with AP discovery"""
838 generic_ap_ft_eap(dev, apdev, discovery=True)
839
840def test_ap_ft_eap_dis_over_ds(dev, apdev):
841 """WPA2-EAP-FT AP with AP discovery and over-the-DS"""
842 generic_ap_ft_eap(dev, apdev, over_ds=True, discovery=True)
843
9c50a6d3
MB		 844def test_ap_ft_eap_vlan(dev, apdev):
845 """WPA2-EAP-FT AP with VLAN"""
846 generic_ap_ft_eap(dev, apdev, vlan=True)
847
848def test_ap_ft_eap_vlan_multi(dev, apdev):
849 """WPA2-EAP-FT AP with VLAN"""
850 generic_ap_ft_eap(dev, apdev, vlan=True, roams=50)
851
852def test_ap_ft_eap_vlan_over_ds(dev, apdev):
853 """WPA2-EAP-FT AP with VLAN + over_ds"""
854 generic_ap_ft_eap(dev, apdev, vlan=True, over_ds=True)
855
856def test_ap_ft_eap_vlan_over_ds_multi(dev, apdev):
857 """WPA2-EAP-FT AP with VLAN + over_ds"""
858 generic_ap_ft_eap(dev, apdev, vlan=True, over_ds=True, roams=50)
859
860def generic_ap_ft_eap_pull(dev, apdev, vlan=False):
aaba98d3
JM		 861 """WPA2-EAP-FT AP (pull PMK)"""
862 ssid = "test-ft"
863 passphrase="12345678"
9c50a6d3
MB		 864 if vlan:
865 identity="gpsk-vlan1"
866 conndev="brvlan1"
867 else:
868 identity="gpsk user"
869 conndev=False
aaba98d3
JM		 870
871 radius = hostapd.radius_params()
872 params = ft_params1(ssid=ssid, passphrase=passphrase)
873 params['wpa_key_mgmt'] = "FT-EAP"
874 params["ieee8021x"] = "1"
875 params["pmk_r1_push"] = "0"
9c50a6d3
MB		 876 if vlan:
877 params["dynamic_vlan"] = "1"
aaba98d3 878 params = dict(radius.items() + params.items())
8b8a1864 879 hapd = hostapd.add_ap(apdev[0], params)
aaba98d3
JM		 880 key_mgmt = hapd.get_config()['key_mgmt']
881 if key_mgmt.split(' ')[0] != "FT-EAP":
882 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
883 params = ft_params2(ssid=ssid, passphrase=passphrase)
884 params['wpa_key_mgmt'] = "FT-EAP"
885 params["ieee8021x"] = "1"
886 params["pmk_r1_push"] = "0"
9c50a6d3
MB		 887 if vlan:
888 params["dynamic_vlan"] = "1"
aaba98d3 889 params = dict(radius.items() + params.items())
8b8a1864 890 hapd1 = hostapd.add_ap(apdev[1], params)
aaba98d3 891
9c50a6d3
MB		 892 run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True,
893 eap_identity=identity, conndev=conndev)
894
895def test_ap_ft_eap_pull(dev, apdev):
896 """WPA2-EAP-FT AP (pull PMK)"""
897 generic_ap_ft_eap_pull(dev, apdev)
898
899def test_ap_ft_eap_pull_vlan(dev, apdev):
900 generic_ap_ft_eap_pull(dev, apdev, vlan=True)
3b808945 901
f81c1411
JM		 902def test_ap_ft_eap_pull_wildcard(dev, apdev):
903 """WPA2-EAP-FT AP (pull PMK) - wildcard R0KH/R1KH"""
904 ssid = "test-ft"
905 passphrase="12345678"
906
907 radius = hostapd.radius_params()
908 params = ft_params1(ssid=ssid, passphrase=passphrase, discovery=True)
909 params['wpa_key_mgmt'] = "WPA-EAP FT-EAP"
910 params["ieee8021x"] = "1"
911 params["pmk_r1_push"] = "0"
912 params["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
913 params["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
914 params["ft_psk_generate_local"] = "1"
915 params["eap_server"] = "0"
916 params = dict(radius.items() + params.items())
917 hapd = hostapd.add_ap(apdev[0], params)
918 params = ft_params2(ssid=ssid, passphrase=passphrase, discovery=True)
919 params['wpa_key_mgmt'] = "WPA-EAP FT-EAP"
920 params["ieee8021x"] = "1"
921 params["pmk_r1_push"] = "0"
922 params["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
923 params["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
924 params["ft_psk_generate_local"] = "1"
925 params["eap_server"] = "0"
926 params = dict(radius.items() + params.items())
927 hapd1 = hostapd.add_ap(apdev[1], params)
928
929 run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True)
930
9fd6804d 931@remote_compatible
3b808945
JM		 932def test_ap_ft_mismatching_rrb_key_push(dev, apdev):
933 """WPA2-PSK-FT AP over DS with mismatching RRB key (push)"""
934 ssid = "test-ft"
935 passphrase="12345678"
936
937 params = ft_params1(ssid=ssid, passphrase=passphrase)
bc6e3288 938 params["ieee80211w"] = "2"
8b8a1864 939 hapd0 = hostapd.add_ap(apdev[0], params)
3b808945 940 params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase)
bc6e3288 941 params["ieee80211w"] = "2"
8b8a1864 942 hapd1 = hostapd.add_ap(apdev[1], params)
3b808945 943
a8375c94
JM		 944 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
945 fail_test=True)
3b808945 946
9fd6804d 947@remote_compatible
3b808945
JM		 948def test_ap_ft_mismatching_rrb_key_pull(dev, apdev):
949 """WPA2-PSK-FT AP over DS with mismatching RRB key (pull)"""
950 ssid = "test-ft"
951 passphrase="12345678"
952
953 params = ft_params1(ssid=ssid, passphrase=passphrase)
954 params["pmk_r1_push"] = "0"
8b8a1864 955 hapd0 = hostapd.add_ap(apdev[0], params)
3b808945
JM		 956 params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase)
957 params["pmk_r1_push"] = "0"
8b8a1864 958 hapd1 = hostapd.add_ap(apdev[1], params)
3b808945 959
a8375c94
JM		 960 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
961 fail_test=True)
3b808945 962
9fd6804d 963@remote_compatible
ae14a2e2
JM		 964def test_ap_ft_mismatching_r0kh_id_pull(dev, apdev):
965 """WPA2-PSK-FT AP over DS with mismatching R0KH-ID (pull)"""
966 ssid = "test-ft"
967 passphrase="12345678"
968
969 params = ft_params1(ssid=ssid, passphrase=passphrase)
970 params["pmk_r1_push"] = "0"
971 params["nas_identifier"] = "nas0.w1.fi"
8b8a1864 972 hostapd.add_ap(apdev[0], params)
2f816c21
JM		 973 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
974 scan_freq="2412")
ae14a2e2
JM		 975
976 params = ft_params2(ssid=ssid, passphrase=passphrase)
977 params["pmk_r1_push"] = "0"
8b8a1864 978 hostapd.add_ap(apdev[1], params)
ae14a2e2
JM		 979
980 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
981 dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True)
982
9fd6804d 983@remote_compatible
3b808945
JM		 984def test_ap_ft_mismatching_rrb_r0kh_push(dev, apdev):
985 """WPA2-PSK-FT AP over DS with mismatching R0KH key (push)"""
986 ssid = "test-ft"
987 passphrase="12345678"
988
989 params = ft_params1(ssid=ssid, passphrase=passphrase)
bc6e3288 990 params["ieee80211w"] = "2"
8b8a1864 991 hapd0 = hostapd.add_ap(apdev[0], params)
3b808945 992 params = ft_params2_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
bc6e3288 993 params["ieee80211w"] = "2"
8b8a1864 994 hapd1 = hostapd.add_ap(apdev[1], params)
3b808945 995
a8375c94
JM		 996 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
997 fail_test=True)
3b808945 998
9fd6804d 999@remote_compatible
3b808945
JM		 1000def test_ap_ft_mismatching_rrb_r0kh_pull(dev, apdev):
1001 """WPA2-PSK-FT AP over DS with mismatching R0KH key (pull)"""
1002 ssid = "test-ft"
1003 passphrase="12345678"
1004
1005 params = ft_params1_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
1006 params["pmk_r1_push"] = "0"
8b8a1864 1007 hapd0 = hostapd.add_ap(apdev[0], params)
3b808945
JM		 1008 params = ft_params2(ssid=ssid, passphrase=passphrase)
1009 params["pmk_r1_push"] = "0"
8b8a1864 1010 hapd1 = hostapd.add_ap(apdev[1], params)
3b808945 1011
a8375c94
JM		 1012 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
1013 fail_test=True)
c6b6e105 1014
150948e6
MB		 1015def test_ap_ft_mismatching_rrb_key_push_eap(dev, apdev):
1016 """WPA2-EAP-FT AP over DS with mismatching RRB key (push)"""
1017 ssid = "test-ft"
1018 passphrase="12345678"
1019
1020 radius = hostapd.radius_params()
1021 params = ft_params1(ssid=ssid, passphrase=passphrase)
1022 params["ieee80211w"] = "2";
1023 params['wpa_key_mgmt'] = "FT-EAP"
1024 params["ieee8021x"] = "1"
1025 params = dict(radius.items() + params.items())
b098542c 1026 hapd0 = hostapd.add_ap(apdev[0], params)
150948e6
MB		 1027 params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase)
1028 params["ieee80211w"] = "2";
1029 params['wpa_key_mgmt'] = "FT-EAP"
1030 params["ieee8021x"] = "1"
1031 params = dict(radius.items() + params.items())
b098542c 1032 hapd1 = hostapd.add_ap(apdev[1], params)
150948e6
MB		 1033
1034 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
1035 fail_test=True, eap=True)
1036
1037def test_ap_ft_mismatching_rrb_key_pull_eap(dev, apdev):
1038 """WPA2-EAP-FT AP over DS with mismatching RRB key (pull)"""
1039 ssid = "test-ft"
1040 passphrase="12345678"
1041
1042 radius = hostapd.radius_params()
1043 params = ft_params1(ssid=ssid, passphrase=passphrase)
1044 params["pmk_r1_push"] = "0"
1045 params['wpa_key_mgmt'] = "FT-EAP"
1046 params["ieee8021x"] = "1"
1047 params = dict(radius.items() + params.items())
b098542c 1048 hapd0 = hostapd.add_ap(apdev[0], params)
150948e6
MB		 1049 params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase)
1050 params["pmk_r1_push"] = "0"
1051 params['wpa_key_mgmt'] = "FT-EAP"
1052 params["ieee8021x"] = "1"
1053 params = dict(radius.items() + params.items())
b098542c 1054 hapd1 = hostapd.add_ap(apdev[1], params)
150948e6
MB		 1055
1056 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
1057 fail_test=True, eap=True)
1058
1059def test_ap_ft_mismatching_r0kh_id_pull_eap(dev, apdev):
1060 """WPA2-EAP-FT AP over DS with mismatching R0KH-ID (pull)"""
1061 ssid = "test-ft"
1062 passphrase="12345678"
1063
1064 radius = hostapd.radius_params()
1065 params = ft_params1(ssid=ssid, passphrase=passphrase)
1066 params["pmk_r1_push"] = "0"
1067 params["nas_identifier"] = "nas0.w1.fi"
1068 params['wpa_key_mgmt'] = "FT-EAP"
1069 params["ieee8021x"] = "1"
1070 params = dict(radius.items() + params.items())
b098542c 1071 hostapd.add_ap(apdev[0], params)
150948e6
MB		 1072 dev[0].connect(ssid, key_mgmt="FT-EAP", proto="WPA2", ieee80211w="1",
1073 eap="GPSK", identity="gpsk user",
1074 password="abcdefghijklmnop0123456789abcdef",
1075 scan_freq="2412")
1076
1077 params = ft_params2(ssid=ssid, passphrase=passphrase)
1078 params["pmk_r1_push"] = "0"
1079 params['wpa_key_mgmt'] = "FT-EAP"
1080 params["ieee8021x"] = "1"
1081 params = dict(radius.items() + params.items())
b098542c 1082 hostapd.add_ap(apdev[1], params)
150948e6
MB		 1083
1084 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
1085 dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True)
1086
1087def test_ap_ft_mismatching_rrb_r0kh_push_eap(dev, apdev):
1088 """WPA2-EAP-FT AP over DS with mismatching R0KH key (push)"""
1089 ssid = "test-ft"
1090 passphrase="12345678"
1091
1092 radius = hostapd.radius_params()
1093 params = ft_params1(ssid=ssid, passphrase=passphrase)
1094 params["ieee80211w"] = "2";
1095 params['wpa_key_mgmt'] = "FT-EAP"
1096 params["ieee8021x"] = "1"
1097 params = dict(radius.items() + params.items())
b098542c 1098 hapd0 = hostapd.add_ap(apdev[0], params)
150948e6
MB		 1099 params = ft_params2_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
1100 params["ieee80211w"] = "2";
1101 params['wpa_key_mgmt'] = "FT-EAP"
1102 params["ieee8021x"] = "1"
1103 params = dict(radius.items() + params.items())
b098542c 1104 hapd1 = hostapd.add_ap(apdev[1], params)
150948e6
MB		 1105
1106 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
1107 fail_test=True, eap=True)
1108
1109def test_ap_ft_mismatching_rrb_r0kh_pull_eap(dev, apdev):
1110 """WPA2-EAP-FT AP over DS with mismatching R0KH key (pull)"""
1111 ssid = "test-ft"
1112 passphrase="12345678"
1113
1114 radius = hostapd.radius_params()
1115 params = ft_params1_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
1116 params["pmk_r1_push"] = "0"
1117 params['wpa_key_mgmt'] = "FT-EAP"
1118 params["ieee8021x"] = "1"
1119 params = dict(radius.items() + params.items())
b098542c 1120 hapd0 = hostapd.add_ap(apdev[0], params)
150948e6
MB		 1121 params = ft_params2(ssid=ssid, passphrase=passphrase)
1122 params["pmk_r1_push"] = "0"
1123 params['wpa_key_mgmt'] = "FT-EAP"
1124 params["ieee8021x"] = "1"
1125 params = dict(radius.items() + params.items())
b098542c 1126 hapd1 = hostapd.add_ap(apdev[1], params)
150948e6
MB		 1127
1128 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
1129 fail_test=True, eap=True)
1130
c6b6e105
JM		 1131def test_ap_ft_gtk_rekey(dev, apdev):
1132 """WPA2-PSK-FT AP and GTK rekey"""
1133 ssid = "test-ft"
1134 passphrase="12345678"
1135
1136 params = ft_params1(ssid=ssid, passphrase=passphrase)
1137 params['wpa_group_rekey'] = '1'
8b8a1864 1138 hapd = hostapd.add_ap(apdev[0], params)
c6b6e105
JM		 1139
1140 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2f816c21 1141 ieee80211w="1", scan_freq="2412")
c6b6e105
JM		 1142
1143 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
1144 if ev is None:
1145 raise Exception("GTK rekey timed out after initial association")
a8375c94 1146 hwsim_utils.test_connectivity(dev[0], hapd)
c6b6e105
JM		 1147
1148 params = ft_params2(ssid=ssid, passphrase=passphrase)
1149 params['wpa_group_rekey'] = '1'
8b8a1864 1150 hapd1 = hostapd.add_ap(apdev[1], params)
c6b6e105
JM		 1151
1152 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
1153 dev[0].roam(apdev[1]['bssid'])
1154 if dev[0].get_status_field('bssid') != apdev[1]['bssid']:
1155 raise Exception("Did not connect to correct AP")
a8375c94 1156 hwsim_utils.test_connectivity(dev[0], hapd1)
c6b6e105
JM		 1157
1158 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
1159 if ev is None:
1160 raise Exception("GTK rekey timed out after FT protocol")
a8375c94 1161 hwsim_utils.test_connectivity(dev[0], hapd1)
5b3c40a6
JM		 1162
1163def test_ft_psk_key_lifetime_in_memory(dev, apdev, params):
1164 """WPA2-PSK-FT and key lifetime in memory"""
1165 ssid = "test-ft"
1166 passphrase="04c2726b4b8d5f1b4db9c07aa4d9e9d8f765cb5d25ec817e6cc4fcdd5255db0"
1167 psk = '93c90846ff67af9037ed83fb72b63dbeddaa81d47f926c20909b5886f1d9358d'
1168 pmk = binascii.unhexlify(psk)
1169 p = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 1170 hapd0 = hostapd.add_ap(apdev[0], p)
5b3c40a6 1171 p = ft_params2(ssid=ssid, passphrase=passphrase)
8b8a1864 1172 hapd1 = hostapd.add_ap(apdev[1], p)
5b3c40a6
JM		 1173
1174 pid = find_wpas_process(dev[0])
1175
1176 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1177 scan_freq="2412")
8e416cec
JM		 1178 # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
1179 # event has been delivered, so verify that wpa_supplicant has returned to
1180 # eloop before reading process memory.
54f2cae2 1181 time.sleep(1)
8e416cec 1182 dev[0].ping()
5b3c40a6
JM		 1183
1184 buf = read_process_memory(pid, pmk)
1185
1186 dev[0].request("DISCONNECT")
1187 dev[0].wait_disconnected()
1188
1189 dev[0].relog()
1190 pmkr0 = None
1191 pmkr1 = None
1192 ptk = None
1193 gtk = None
1194 with open(os.path.join(params['logdir'], 'log0'), 'r') as f:
1195 for l in f.readlines():
1196 if "FT: PMK-R0 - hexdump" in l:
1197 val = l.strip().split(':')[3].replace(' ', '')
1198 pmkr0 = binascii.unhexlify(val)
1199 if "FT: PMK-R1 - hexdump" in l:
1200 val = l.strip().split(':')[3].replace(' ', '')
1201 pmkr1 = binascii.unhexlify(val)
f918b95b 1202 if "FT: KCK - hexdump" in l:
5b3c40a6 1203 val = l.strip().split(':')[3].replace(' ', '')
f918b95b
JM		 1204 kck = binascii.unhexlify(val)
1205 if "FT: KEK - hexdump" in l:
1206 val = l.strip().split(':')[3].replace(' ', '')
1207 kek = binascii.unhexlify(val)
1208 if "FT: TK - hexdump" in l:
1209 val = l.strip().split(':')[3].replace(' ', '')
1210 tk = binascii.unhexlify(val)
5b3c40a6
JM		 1211 if "WPA: Group Key - hexdump" in l:
1212 val = l.strip().split(':')[3].replace(' ', '')
1213 gtk = binascii.unhexlify(val)
f918b95b 1214 if not pmkr0 or not pmkr1 or not kck or not kek or not tk or not gtk:
5b3c40a6
JM		 1215 raise Exception("Could not find keys from debug log")
1216 if len(gtk) != 16:
1217 raise Exception("Unexpected GTK length")
1218
5b3c40a6
JM		 1219 logger.info("Checking keys in memory while associated")
1220 get_key_locations(buf, pmk, "PMK")
1221 get_key_locations(buf, pmkr0, "PMK-R0")
1222 get_key_locations(buf, pmkr1, "PMK-R1")
1223 if pmk not in buf:
81e787b7 1224 raise HwsimSkip("PMK not found while associated")
5b3c40a6 1225 if pmkr0 not in buf:
81e787b7 1226 raise HwsimSkip("PMK-R0 not found while associated")
5b3c40a6 1227 if pmkr1 not in buf:
81e787b7 1228 raise HwsimSkip("PMK-R1 not found while associated")
5b3c40a6
JM		 1229 if kck not in buf:
1230 raise Exception("KCK not found while associated")
1231 if kek not in buf:
1232 raise Exception("KEK not found while associated")
b74f82a4
JM		 1233 #if tk in buf:
1234 # raise Exception("TK found from memory")
5b3c40a6
JM		 1235
1236 logger.info("Checking keys in memory after disassociation")
1237 buf = read_process_memory(pid, pmk)
1238 get_key_locations(buf, pmk, "PMK")
1239 get_key_locations(buf, pmkr0, "PMK-R0")
1240 get_key_locations(buf, pmkr1, "PMK-R1")
1241
1242 # Note: PMK/PSK is still present in network configuration
1243
1244 fname = os.path.join(params['logdir'],
1245 'ft_psk_key_lifetime_in_memory.memctx-')
1246 verify_not_present(buf, pmkr0, fname, "PMK-R0")
1247 verify_not_present(buf, pmkr1, fname, "PMK-R1")
1248 verify_not_present(buf, kck, fname, "KCK")
1249 verify_not_present(buf, kek, fname, "KEK")
1250 verify_not_present(buf, tk, fname, "TK")
6db556b2
JM		 1251 if gtk in buf:
1252 get_key_locations(buf, gtk, "GTK")
5b3c40a6
JM		 1253 verify_not_present(buf, gtk, fname, "GTK")
1254
1255 dev[0].request("REMOVE_NETWORK all")
1256
1257 logger.info("Checking keys in memory after network profile removal")
1258 buf = read_process_memory(pid, pmk)
1259 get_key_locations(buf, pmk, "PMK")
1260 get_key_locations(buf, pmkr0, "PMK-R0")
1261 get_key_locations(buf, pmkr1, "PMK-R1")
1262
1263 verify_not_present(buf, pmk, fname, "PMK")
1264 verify_not_present(buf, pmkr0, fname, "PMK-R0")
1265 verify_not_present(buf, pmkr1, fname, "PMK-R1")
1266 verify_not_present(buf, kck, fname, "KCK")
1267 verify_not_present(buf, kek, fname, "KEK")
1268 verify_not_present(buf, tk, fname, "TK")
1269 verify_not_present(buf, gtk, fname, "GTK")
664093b5 1270
9fd6804d 1271@remote_compatible
664093b5
JM		 1272def test_ap_ft_invalid_resp(dev, apdev):
1273 """WPA2-PSK-FT AP and invalid response IEs"""
1274 ssid = "test-ft"
1275 passphrase="12345678"
1276
1277 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 1278 hapd0 = hostapd.add_ap(apdev[0], params)
664093b5
JM		 1279 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1280 scan_freq="2412")
1281
1282 params = ft_params2(ssid=ssid, passphrase=passphrase)
8b8a1864 1283 hapd1 = hostapd.add_ap(apdev[1], params)
664093b5
JM		 1284
1285 tests = [
1286 # Various IEs for test coverage. The last one is FTIE with invalid
1287 # R1KH-ID subelement.
1288 "020002000000" + "3800" + "38051122334455" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010100",
1289 # FTIE with invalid R0KH-ID subelement (len=0).
1290 "020002000000" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010300",
1291 # FTIE with invalid R0KH-ID subelement (len=49).
1292 "020002000000" + "378500010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001033101020304050607080910111213141516171819202122232425262728293031323334353637383940414243444546474849",
1293 # Invalid RSNE.
1294 "020002000000" + "3000",
1295 # Required IEs missing from protected IE count.
1296 "020002000000" + "3603a1b201" + "375200010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
1297 # RIC missing from protected IE count.
1298 "020002000000" + "3603a1b201" + "375200020203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
1299 # Protected IE missing.
1300 "020002000000" + "3603a1b201" + "375200ff0203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900" + "0000" ]
1301 for t in tests:
1302 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
1303 hapd1.set("ext_mgmt_frame_handling", "1")
1304 hapd1.dump_monitor()
1305 if "OK" not in dev[0].request("ROAM " + apdev[1]['bssid']):
1306 raise Exception("ROAM failed")
1307 auth = None
1308 for i in range(20):
1309 msg = hapd1.mgmt_rx()
1310 if msg['subtype'] == 11:
1311 auth = msg
1312 break
1313 if not auth:
1314 raise Exception("Authentication frame not seen")
1315
1316 resp = {}
1317 resp['fc'] = auth['fc']
1318 resp['da'] = auth['sa']
1319 resp['sa'] = auth['da']
1320 resp['bssid'] = auth['bssid']
1321 resp['payload'] = binascii.unhexlify(t)
1322 hapd1.mgmt_tx(resp)
1323 hapd1.set("ext_mgmt_frame_handling", "0")
1324 dev[0].wait_disconnected()
1325
1326 dev[0].request("RECONNECT")
1327 dev[0].wait_connected()
7b741a53
JM		 1328
1329def test_ap_ft_gcmp_256(dev, apdev):
1330 """WPA2-PSK-FT AP with GCMP-256 cipher"""
1331 if "GCMP-256" not in dev[0].get_capability("pairwise"):
1332 raise HwsimSkip("Cipher GCMP-256 not supported")
1333 ssid = "test-ft"
1334 passphrase="12345678"
1335
1336 params = ft_params1(ssid=ssid, passphrase=passphrase)
1337 params['rsn_pairwise'] = "GCMP-256"
8b8a1864 1338 hapd0 = hostapd.add_ap(apdev[0], params)
7b741a53
JM		 1339 params = ft_params2(ssid=ssid, passphrase=passphrase)
1340 params['rsn_pairwise'] = "GCMP-256"
8b8a1864 1341 hapd1 = hostapd.add_ap(apdev[1], params)
7b741a53
JM		 1342
1343 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase,
1344 pairwise_cipher="GCMP-256", group_cipher="GCMP-256")
cf671d54
JM		 1345
1346def test_ap_ft_oom(dev, apdev):
1347 """WPA2-PSK-FT and OOM"""
38934ed1 1348 skip_with_fips(dev[0])
cf671d54
JM		 1349 ssid = "test-ft"
1350 passphrase="12345678"
1351
1352 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 1353 hapd0 = hostapd.add_ap(apdev[0], params)
cf671d54 1354 params = ft_params2(ssid=ssid, passphrase=passphrase)
8b8a1864 1355 hapd1 = hostapd.add_ap(apdev[1], params)
cf671d54
JM		 1356
1357 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1358 scan_freq="2412")
1359 if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
1360 dst = apdev[1]['bssid']
1361 else:
1362 dst = apdev[0]['bssid']
1363
1364 dev[0].scan_for_bss(dst, freq="2412")
1365 with alloc_fail(dev[0], 1, "wpa_ft_gen_req_ies"):
1366 dev[0].roam(dst)
7cbc8e67 1367 with fail_test(dev[0], 1, "wpa_ft_mic"):
cf671d54
JM		 1368 dev[0].roam(dst, fail_test=True)
1369 with fail_test(dev[0], 1, "os_get_random;wpa_ft_prepare_auth_request"):
1370 dev[0].roam(dst, fail_test=True)
34d3eaa8 1371
dcbb5d80
JM		 1372 dev[0].request("REMOVE_NETWORK all")
1373 with alloc_fail(dev[0], 1, "=sme_update_ft_ies"):
1374 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1375 scan_freq="2412")
1376
682a79f0
JM		 1377def test_ap_ft_ap_oom(dev, apdev):
1378 """WPA2-PSK-FT and AP OOM"""
1379 ssid = "test-ft"
1380 passphrase="12345678"
1381
1382 params = ft_params1(ssid=ssid, passphrase=passphrase)
1383 hapd0 = hostapd.add_ap(apdev[0], params)
1384 bssid0 = hapd0.own_addr()
1385
1386 dev[0].scan_for_bss(bssid0, freq="2412")
1387 with alloc_fail(hapd0, 1, "wpa_ft_store_pmk_r0"):
1388 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1389 scan_freq="2412")
1390
1391 params = ft_params2(ssid=ssid, passphrase=passphrase)
1392 hapd1 = hostapd.add_ap(apdev[1], params)
1393 bssid1 = hapd1.own_addr()
1394 dev[0].scan_for_bss(bssid1, freq="2412")
1395 # This roam will fail due to missing PMK-R0 (OOM prevented storing it)
1396 dev[0].roam(bssid1)
1397
1398def test_ap_ft_ap_oom2(dev, apdev):
1399 """WPA2-PSK-FT and AP OOM 2"""
1400 ssid = "test-ft"
1401 passphrase="12345678"
1402
1403 params = ft_params1(ssid=ssid, passphrase=passphrase)
1404 hapd0 = hostapd.add_ap(apdev[0], params)
1405 bssid0 = hapd0.own_addr()
1406
1407 dev[0].scan_for_bss(bssid0, freq="2412")
1408 with alloc_fail(hapd0, 1, "wpa_ft_store_pmk_r1"):
1409 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1410 scan_freq="2412")
1411
1412 params = ft_params2(ssid=ssid, passphrase=passphrase)
1413 hapd1 = hostapd.add_ap(apdev[1], params)
1414 bssid1 = hapd1.own_addr()
1415 dev[0].scan_for_bss(bssid1, freq="2412")
1416 dev[0].roam(bssid1)
1417 if dev[0].get_status_field('bssid') != bssid1:
1418 raise Exception("Did not roam to AP1")
1419 # This roam will fail due to missing PMK-R1 (OOM prevented storing it)
1420 dev[0].roam(bssid0)
1421
1422def test_ap_ft_ap_oom3(dev, apdev):
1423 """WPA2-PSK-FT and AP OOM 3"""
1424 ssid = "test-ft"
1425 passphrase="12345678"
1426
1427 params = ft_params1(ssid=ssid, passphrase=passphrase)
1428 hapd0 = hostapd.add_ap(apdev[0], params)
1429 bssid0 = hapd0.own_addr()
1430
1431 dev[0].scan_for_bss(bssid0, freq="2412")
1432 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1433 scan_freq="2412")
1434
1435 params = ft_params2(ssid=ssid, passphrase=passphrase)
1436 hapd1 = hostapd.add_ap(apdev[1], params)
1437 bssid1 = hapd1.own_addr()
1438 dev[0].scan_for_bss(bssid1, freq="2412")
1439 with alloc_fail(hapd1, 1, "wpa_ft_pull_pmk_r1"):
1440 # This will fail due to not being able to send out PMK-R1 pull request
1441 dev[0].roam(bssid1)
1442
ba88dd65 1443 with fail_test(hapd1, 2, "os_get_random;wpa_ft_pull_pmk_r1"):
682a79f0
JM		 1444 # This will fail due to not being able to send out PMK-R1 pull request
1445 dev[0].roam(bssid1)
1446
ba88dd65
MB		 1447 with fail_test(hapd1, 2, "aes_siv_encrypt;wpa_ft_pull_pmk_r1"):
1448 # This will fail due to not being able to send out PMK-R1 pull request
1449 dev[0].roam(bssid1)
1450
1451def test_ap_ft_ap_oom3b(dev, apdev):
1452 """WPA2-PSK-FT and AP OOM 3b"""
1453 ssid = "test-ft"
1454 passphrase="12345678"
1455
1456 params = ft_params1(ssid=ssid, passphrase=passphrase)
1457 hapd0 = hostapd.add_ap(apdev[0], params)
1458 bssid0 = hapd0.own_addr()
1459
1460 dev[0].scan_for_bss(bssid0, freq="2412")
1461 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1462 scan_freq="2412")
1463
1464 params = ft_params2(ssid=ssid, passphrase=passphrase)
1465 hapd1 = hostapd.add_ap(apdev[1], params)
1466 bssid1 = hapd1.own_addr()
1467 dev[0].scan_for_bss(bssid1, freq="2412")
1468 with fail_test(hapd1, 1, "os_get_random;wpa_ft_pull_pmk_r1"):
682a79f0
JM		 1469 # This will fail due to not being able to send out PMK-R1 pull request
1470 dev[0].roam(bssid1)
1471
1472def test_ap_ft_ap_oom4(dev, apdev):
1473 """WPA2-PSK-FT and AP OOM 4"""
1474 ssid = "test-ft"
1475 passphrase="12345678"
1476
1477 params = ft_params1(ssid=ssid, passphrase=passphrase)
1478 hapd0 = hostapd.add_ap(apdev[0], params)
1479 bssid0 = hapd0.own_addr()
1480
1481 dev[0].scan_for_bss(bssid0, freq="2412")
1482 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1483 scan_freq="2412")
1484
1485 params = ft_params2(ssid=ssid, passphrase=passphrase)
1486 hapd1 = hostapd.add_ap(apdev[1], params)
1487 bssid1 = hapd1.own_addr()
1488 dev[0].scan_for_bss(bssid1, freq="2412")
1489 with alloc_fail(hapd1, 1, "wpa_ft_gtk_subelem"):
1490 dev[0].roam(bssid1)
1491 if dev[0].get_status_field('bssid') != bssid1:
1492 raise Exception("Did not roam to AP1")
1493
1494 with fail_test(hapd0, 1, "wpa_auth_get_seqnum;wpa_ft_gtk_subelem"):
1495 dev[0].roam(bssid0)
1496 if dev[0].get_status_field('bssid') != bssid0:
1497 raise Exception("Did not roam to AP0")
1498
1499 with fail_test(hapd0, 1, "aes_wrap;wpa_ft_gtk_subelem"):
1500 dev[0].roam(bssid1)
1501 if dev[0].get_status_field('bssid') != bssid1:
1502 raise Exception("Did not roam to AP1")
1503
1504def test_ap_ft_ap_oom5(dev, apdev):
1505 """WPA2-PSK-FT and AP OOM 5"""
1506 ssid = "test-ft"
1507 passphrase="12345678"
1508
1509 params = ft_params1(ssid=ssid, passphrase=passphrase)
1510 hapd0 = hostapd.add_ap(apdev[0], params)
1511 bssid0 = hapd0.own_addr()
1512
1513 dev[0].scan_for_bss(bssid0, freq="2412")
1514 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1515 scan_freq="2412")
1516
1517 params = ft_params2(ssid=ssid, passphrase=passphrase)
1518 hapd1 = hostapd.add_ap(apdev[1], params)
1519 bssid1 = hapd1.own_addr()
1520 dev[0].scan_for_bss(bssid1, freq="2412")
1521 with alloc_fail(hapd1, 1, "=wpa_ft_process_auth_req"):
1522 # This will fail to roam
1523 dev[0].roam(bssid1)
1524
1525 with fail_test(hapd1, 1, "os_get_random;wpa_ft_process_auth_req"):
1526 # This will fail to roam
1527 dev[0].roam(bssid1)
1528
1529 with fail_test(hapd1, 1, "sha256_prf_bits;wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
1530 # This will fail to roam
1531 dev[0].roam(bssid1)
1532
1533 with fail_test(hapd1, 3, "wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
1534 # This will fail to roam
1535 dev[0].roam(bssid1)
1536
1537 with fail_test(hapd1, 1, "wpa_derive_pmk_r1_name;wpa_ft_process_auth_req"):
1538 # This will fail to roam
1539 dev[0].roam(bssid1)
1540
1541def test_ap_ft_ap_oom6(dev, apdev):
1542 """WPA2-PSK-FT and AP OOM 6"""
1543 ssid = "test-ft"
1544 passphrase="12345678"
1545
1546 params = ft_params1(ssid=ssid, passphrase=passphrase)
1547 hapd0 = hostapd.add_ap(apdev[0], params)
1548 bssid0 = hapd0.own_addr()
1549
1550 dev[0].scan_for_bss(bssid0, freq="2412")
1551 with fail_test(hapd0, 1, "wpa_derive_pmk_r0;wpa_auth_derive_ptk_ft"):
1552 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1553 scan_freq="2412")
1554 dev[0].request("REMOVE_NETWORK all")
1555 dev[0].wait_disconnected()
1556 with fail_test(hapd0, 1, "wpa_derive_pmk_r1;wpa_auth_derive_ptk_ft"):
1557 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1558 scan_freq="2412")
1559 dev[0].request("REMOVE_NETWORK all")
1560 dev[0].wait_disconnected()
1561 with fail_test(hapd0, 1, "wpa_pmk_r1_to_ptk;wpa_auth_derive_ptk_ft"):
1562 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1563 scan_freq="2412")
1564
c5262648
JM		 1565def test_ap_ft_ap_oom7a(dev, apdev):
1566 """WPA2-PSK-FT and AP OOM 7a"""
682a79f0
JM		 1567 ssid = "test-ft"
1568 passphrase="12345678"
1569
1570 params = ft_params1(ssid=ssid, passphrase=passphrase)
1571 params["ieee80211w"] = "2"
1572 hapd0 = hostapd.add_ap(apdev[0], params)
1573 bssid0 = hapd0.own_addr()
1574
1575 dev[0].scan_for_bss(bssid0, freq="2412")
1576 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1577 ieee80211w="2", scan_freq="2412")
1578
1579 params = ft_params2(ssid=ssid, passphrase=passphrase)
1580 params["ieee80211w"] = "2"
1581 hapd1 = hostapd.add_ap(apdev[1], params)
1582 bssid1 = hapd1.own_addr()
1583 dev[0].scan_for_bss(bssid1, freq="2412")
1584 with alloc_fail(hapd1, 1, "wpa_ft_igtk_subelem"):
1585 # This will fail to roam
1586 dev[0].roam(bssid1)
c5262648
JM		 1587
1588def test_ap_ft_ap_oom7b(dev, apdev):
1589 """WPA2-PSK-FT and AP OOM 7b"""
1590 ssid = "test-ft"
1591 passphrase="12345678"
1592
1593 params = ft_params1(ssid=ssid, passphrase=passphrase)
1594 params["ieee80211w"] = "2"
1595 hapd0 = hostapd.add_ap(apdev[0], params)
1596 bssid0 = hapd0.own_addr()
1597
1598 dev[0].scan_for_bss(bssid0, freq="2412")
1599 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1600 ieee80211w="2", scan_freq="2412")
1601
1602 params = ft_params2(ssid=ssid, passphrase=passphrase)
1603 params["ieee80211w"] = "2"
1604 hapd1 = hostapd.add_ap(apdev[1], params)
1605 bssid1 = hapd1.own_addr()
1606 dev[0].scan_for_bss(bssid1, freq="2412")
682a79f0
JM		 1607 with fail_test(hapd1, 1, "aes_wrap;wpa_ft_igtk_subelem"):
1608 # This will fail to roam
1609 dev[0].roam(bssid1)
c5262648
JM		 1610
1611def test_ap_ft_ap_oom7c(dev, apdev):
1612 """WPA2-PSK-FT and AP OOM 7c"""
1613 ssid = "test-ft"
1614 passphrase="12345678"
1615
1616 params = ft_params1(ssid=ssid, passphrase=passphrase)
1617 params["ieee80211w"] = "2"
1618 hapd0 = hostapd.add_ap(apdev[0], params)
1619 bssid0 = hapd0.own_addr()
1620
1621 dev[0].scan_for_bss(bssid0, freq="2412")
1622 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1623 ieee80211w="2", scan_freq="2412")
1624
1625 params = ft_params2(ssid=ssid, passphrase=passphrase)
1626 params["ieee80211w"] = "2"
1627 hapd1 = hostapd.add_ap(apdev[1], params)
1628 bssid1 = hapd1.own_addr()
1629 dev[0].scan_for_bss(bssid1, freq="2412")
682a79f0
JM		 1630 with alloc_fail(hapd1, 1, "=wpa_sm_write_assoc_resp_ies"):
1631 # This will fail to roam
1632 dev[0].roam(bssid1)
c5262648
JM		 1633
1634def test_ap_ft_ap_oom7d(dev, apdev):
1635 """WPA2-PSK-FT and AP OOM 7d"""
1636 ssid = "test-ft"
1637 passphrase="12345678"
1638
1639 params = ft_params1(ssid=ssid, passphrase=passphrase)
1640 params["ieee80211w"] = "2"
1641 hapd0 = hostapd.add_ap(apdev[0], params)
1642 bssid0 = hapd0.own_addr()
1643
1644 dev[0].scan_for_bss(bssid0, freq="2412")
1645 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1646 ieee80211w="2", scan_freq="2412")
1647
1648 params = ft_params2(ssid=ssid, passphrase=passphrase)
1649 params["ieee80211w"] = "2"
1650 hapd1 = hostapd.add_ap(apdev[1], params)
1651 bssid1 = hapd1.own_addr()
1652 dev[0].scan_for_bss(bssid1, freq="2412")
682a79f0
JM		 1653 with fail_test(hapd1, 1, "wpa_ft_mic;wpa_sm_write_assoc_resp_ies"):
1654 # This will fail to roam
1655 dev[0].roam(bssid1)
1656
1657def test_ap_ft_ap_oom8(dev, apdev):
1658 """WPA2-PSK-FT and AP OOM 8"""
1659 ssid = "test-ft"
1660 passphrase="12345678"
1661
1662 params = ft_params1(ssid=ssid, passphrase=passphrase)
1663 params['ft_psk_generate_local'] = "1";
1664 hapd0 = hostapd.add_ap(apdev[0], params)
1665 bssid0 = hapd0.own_addr()
1666
1667 dev[0].scan_for_bss(bssid0, freq="2412")
1668 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1669 scan_freq="2412")
1670
1671 params = ft_params2(ssid=ssid, passphrase=passphrase)
1672 params['ft_psk_generate_local'] = "1";
1673 hapd1 = hostapd.add_ap(apdev[1], params)
1674 bssid1 = hapd1.own_addr()
1675 dev[0].scan_for_bss(bssid1, freq="2412")
1676 with fail_test(hapd1, 1, "wpa_derive_pmk_r0;wpa_ft_psk_pmk_r1"):
1677 # This will fail to roam
1678 dev[0].roam(bssid1)
1679 with fail_test(hapd1, 1, "wpa_derive_pmk_r1;wpa_ft_psk_pmk_r1"):
1680 # This will fail to roam
1681 dev[0].roam(bssid1)
1682
1683def test_ap_ft_ap_oom9(dev, apdev):
1684 """WPA2-PSK-FT and AP OOM 9"""
1685 ssid = "test-ft"
1686 passphrase="12345678"
1687
1688 params = ft_params1(ssid=ssid, passphrase=passphrase)
1689 hapd0 = hostapd.add_ap(apdev[0], params)
1690 bssid0 = hapd0.own_addr()
1691
1692 dev[0].scan_for_bss(bssid0, freq="2412")
1693 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1694 scan_freq="2412")
1695
1696 params = ft_params2(ssid=ssid, passphrase=passphrase)
1697 hapd1 = hostapd.add_ap(apdev[1], params)
1698 bssid1 = hapd1.own_addr()
1699 dev[0].scan_for_bss(bssid1, freq="2412")
1700
1701 with alloc_fail(hapd0, 1, "wpa_ft_action_rx"):
1702 # This will fail to roam
1703 if "OK" not in dev[0].request("FT_DS " + bssid1):
1704 raise Exception("FT_DS failed")
1705 wait_fail_trigger(hapd0, "GET_ALLOC_FAIL")
1706
1707 with alloc_fail(hapd1, 1, "wpa_ft_rrb_rx_request"):
1708 # This will fail to roam
1709 if "OK" not in dev[0].request("FT_DS " + bssid1):
1710 raise Exception("FT_DS failed")
1711 wait_fail_trigger(hapd1, "GET_ALLOC_FAIL")
1712
1713 with alloc_fail(hapd1, 1, "wpa_ft_send_rrb_auth_resp"):
1714 # This will fail to roam
1715 if "OK" not in dev[0].request("FT_DS " + bssid1):
1716 raise Exception("FT_DS failed")
1717 wait_fail_trigger(hapd1, "GET_ALLOC_FAIL")
1718
1719def test_ap_ft_ap_oom10(dev, apdev):
1720 """WPA2-PSK-FT and AP OOM 10"""
1721 ssid = "test-ft"
1722 passphrase="12345678"
1723
1724 params = ft_params1(ssid=ssid, passphrase=passphrase)
1725 hapd0 = hostapd.add_ap(apdev[0], params)
1726 bssid0 = hapd0.own_addr()
1727
1728 dev[0].scan_for_bss(bssid0, freq="2412")
1729 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1730 scan_freq="2412")
1731
1732 params = ft_params2(ssid=ssid, passphrase=passphrase)
1733 hapd1 = hostapd.add_ap(apdev[1], params)
1734 bssid1 = hapd1.own_addr()
1735 dev[0].scan_for_bss(bssid1, freq="2412")
1736
9441a227 1737 with fail_test(hapd0, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_pull"):
682a79f0
JM		 1738 # This will fail to roam
1739 if "OK" not in dev[0].request("FT_DS " + bssid1):
1740 raise Exception("FT_DS failed")
1741 wait_fail_trigger(hapd0, "GET_FAIL")
1742
1743 with fail_test(hapd0, 1, "wpa_derive_pmk_r1;wpa_ft_rrb_rx_pull"):
1744 # This will fail to roam
1745 if "OK" not in dev[0].request("FT_DS " + bssid1):
1746 raise Exception("FT_DS failed")
1747 wait_fail_trigger(hapd0, "GET_FAIL")
1748
9441a227 1749 with fail_test(hapd0, 1, "aes_siv_encrypt;wpa_ft_rrb_rx_pull"):
682a79f0
JM		 1750 # This will fail to roam
1751 if "OK" not in dev[0].request("FT_DS " + bssid1):
1752 raise Exception("FT_DS failed")
1753 wait_fail_trigger(hapd0, "GET_FAIL")
1754
9441a227 1755 with fail_test(hapd1, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_resp"):
682a79f0
JM		 1756 # This will fail to roam
1757 if "OK" not in dev[0].request("FT_DS " + bssid1):
1758 raise Exception("FT_DS failed")
1759 wait_fail_trigger(hapd1, "GET_FAIL")
1760
1761def test_ap_ft_ap_oom11(dev, apdev):
1762 """WPA2-PSK-FT and AP OOM 11"""
1763 ssid = "test-ft"
1764 passphrase="12345678"
1765
1766 params = ft_params1(ssid=ssid, passphrase=passphrase)
1767 hapd0 = hostapd.add_ap(apdev[0], params)
1768 bssid0 = hapd0.own_addr()
1769
1770 dev[0].scan_for_bss(bssid0, freq="2412")
1771 with fail_test(hapd0, 1, "wpa_derive_pmk_r1;wpa_ft_generate_pmk_r1"):
1772 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1773 scan_freq="2412")
1774 wait_fail_trigger(hapd0, "GET_FAIL")
1775
1776 dev[1].scan_for_bss(bssid0, freq="2412")
9441a227 1777 with fail_test(hapd0, 1, "aes_siv_encrypt;wpa_ft_generate_pmk_r1"):
682a79f0
JM		 1778 dev[1].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1779 scan_freq="2412")
1780 wait_fail_trigger(hapd0, "GET_FAIL")
1781
a04e6f3d
JM		 1782def test_ap_ft_over_ds_proto_ap(dev, apdev):
1783 """WPA2-PSK-FT AP over DS protocol testing for AP processing"""
1784 ssid = "test-ft"
1785 passphrase="12345678"
1786
1787 params = ft_params1(ssid=ssid, passphrase=passphrase)
1788 hapd0 = hostapd.add_ap(apdev[0], params)
1789 bssid0 = hapd0.own_addr()
1790 _bssid0 = bssid0.replace(':', '')
1791 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1792 scan_freq="2412")
1793 addr = dev[0].own_addr()
1794 _addr = addr.replace(':', '')
1795
1796 params = ft_params2(ssid=ssid, passphrase=passphrase)
1797 hapd1 = hostapd.add_ap(apdev[1], params)
1798 bssid1 = hapd1.own_addr()
1799 _bssid1 = bssid1.replace(':', '')
1800
1801 hapd0.set("ext_mgmt_frame_handling", "1")
1802 hdr = "d0003a01" + _bssid0 + _addr + _bssid0 + "1000"
1803 valid = "0601" + _addr + _bssid1
1804 tests = [ "0601",
1805 "0601" + _addr,
1806 "0601" + _addr + _bssid0,
1807 "0601" + _addr + "ffffffffffff",
1808 "0601" + _bssid0 + _bssid0,
1809 valid,
1810 valid + "01",
1811 valid + "3700",
1812 valid + "3600",
1813 valid + "3603ffffff",
1814 valid + "3603a1b2ff",
1815 valid + "3603a1b2ff" + "3700",
1816 valid + "3603a1b2ff" + "37520000" + 16*"00" + 32*"00" + 32*"00",
1817 valid + "3603a1b2ff" + "37520001" + 16*"00" + 32*"00" + 32*"00",
1818 valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa",
1819 valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "3000",
1820 valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000facff00000100a225368fe0983b5828a37a0acb37f253",
1821 valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac030100000fac0400000100a225368fe0983b5828a37a0acb37f253",
1822 valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000fac0400000100a225368fe0983b5828a37a0acb37f253",
1823 valid + "0001" ]
1824 for t in tests:
1825 hapd0.dump_monitor()
1826 if "OK" not in hapd0.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + t):
1827 raise Exception("MGMT_RX_PROCESS failed")
1828
1829 hapd0.set("ext_mgmt_frame_handling", "0")
1830
34d3eaa8
JM		 1831def test_ap_ft_over_ds_proto(dev, apdev):
1832 """WPA2-PSK-FT AP over DS protocol testing"""
1833 ssid = "test-ft"
1834 passphrase="12345678"
1835
1836 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 1837 hapd0 = hostapd.add_ap(apdev[0], params)
34d3eaa8
JM		 1838 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1839 scan_freq="2412")
1840
1841 # FT Action Response while no FT-over-DS in progress
1842 msg = {}
1843 msg['fc'] = 13 << 4
1844 msg['da'] = dev[0].own_addr()
1845 msg['sa'] = apdev[0]['bssid']
1846 msg['bssid'] = apdev[0]['bssid']
1847 msg['payload'] = binascii.unhexlify("06020200000000000200000004000000")
1848 hapd0.mgmt_tx(msg)
1849
1850 params = ft_params2(ssid=ssid, passphrase=passphrase)
8b8a1864 1851 hapd1 = hostapd.add_ap(apdev[1], params)
34d3eaa8
JM		 1852 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
1853 hapd0.set("ext_mgmt_frame_handling", "1")
1854 hapd0.dump_monitor()
1855 dev[0].request("FT_DS " + apdev[1]['bssid'])
1856 for i in range(0, 10):
1857 req = hapd0.mgmt_rx()
1858 if req is None:
1859 raise Exception("MGMT RX wait timed out")
1860 if req['subtype'] == 13:
1861 break
1862 req = None
1863 if not req:
1864 raise Exception("FT Action frame not received")
1865
1866 # FT Action Response for unexpected Target AP
1867 msg['payload'] = binascii.unhexlify("0602020000000000" + "f20000000400" + "0000")
1868 hapd0.mgmt_tx(msg)
1869
1870 # FT Action Response without MDIE
1871 msg['payload'] = binascii.unhexlify("0602020000000000" + "020000000400" + "0000")
1872 hapd0.mgmt_tx(msg)
1873
1874 # FT Action Response without FTIE
1875 msg['payload'] = binascii.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201")
1876 hapd0.mgmt_tx(msg)
1877
1878 # FT Action Response with FTIE SNonce mismatch
1879 msg['payload'] = binascii.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201" + "3766000000000000000000000000000000000000c4e67ac1999bebd00ff4ae4d5dcaf87896bb060b469f7c78d49623fb395c3455ffffff6b693fe6f8d8c5dfac0a22344750775bd09437f98b238c9f87b97f790c0106000102030406030a6e6173312e77312e6669")
1880 hapd0.mgmt_tx(msg)
6f3815c0 1881
9fd6804d 1882@remote_compatible
6f3815c0
JM		 1883def test_ap_ft_rrb(dev, apdev):
1884 """WPA2-PSK-FT RRB protocol testing"""
1885 ssid = "test-ft"
1886 passphrase="12345678"
1887
1888 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 1889 hapd0 = hostapd.add_ap(apdev[0], params)
6f3815c0
JM		 1890
1891 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1892 scan_freq="2412")
1893
1894 _dst_ll = binascii.unhexlify(apdev[0]['bssid'].replace(':',''))
1895 _src_ll = binascii.unhexlify(dev[0].own_addr().replace(':',''))
1896 proto = '\x89\x0d'
1897 ehdr = _dst_ll + _src_ll + proto
1898
1899 # Too short RRB frame
1900 pkt = ehdr + '\x01'
1901 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1902 raise Exception("DATA_TEST_FRAME failed")
1903
1904 # RRB discarded frame wikth unrecognized type
1905 pkt = ehdr + '\x02' + '\x02' + '\x01\x00' + _src_ll
1906 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1907 raise Exception("DATA_TEST_FRAME failed")
1908
1909 # RRB frame too short for action frame
1910 pkt = ehdr + '\x01' + '\x02' + '\x01\x00' + _src_ll
1911 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1912 raise Exception("DATA_TEST_FRAME failed")
1913
1914 # Too short RRB frame (not enough room for Action Frame body)
1915 pkt = ehdr + '\x01' + '\x02' + '\x00\x00' + _src_ll
1916 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1917 raise Exception("DATA_TEST_FRAME failed")
1918
1919 # Unexpected Action frame category
1920 pkt = ehdr + '\x01' + '\x02' + '\x0e\x00' + _src_ll + '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1921 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1922 raise Exception("DATA_TEST_FRAME failed")
1923
1924 # Unexpected Action in RRB Request
1925 pkt = ehdr + '\x01' + '\x00' + '\x0e\x00' + _src_ll + '\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1926 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1927 raise Exception("DATA_TEST_FRAME failed")
1928
1929 # Target AP address in RRB Request does not match with own address
1930 pkt = ehdr + '\x01' + '\x00' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1931 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1932 raise Exception("DATA_TEST_FRAME failed")
1933
1934 # Not enough room for status code in RRB Response
1935 pkt = ehdr + '\x01' + '\x01' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1936 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1937 raise Exception("DATA_TEST_FRAME failed")
1938
1939 # RRB discarded frame with unknown packet_type
1940 pkt = ehdr + '\x01' + '\x02' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1941 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1942 raise Exception("DATA_TEST_FRAME failed")
1943
1944 # RRB Response with non-zero status code; no STA match
1945 pkt = ehdr + '\x01' + '\x01' + '\x10\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + '\xff\xff'
1946 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1947 raise Exception("DATA_TEST_FRAME failed")
1948
1949 # RRB Response with zero status code and extra data; STA match
1950 pkt = ehdr + '\x01' + '\x01' + '\x11\x00' + _src_ll + '\x06\x01' + _src_ll + '\x00\x00\x00\x00\x00\x00' + '\x00\x00' + '\x00'
1951 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1952 raise Exception("DATA_TEST_FRAME failed")
1953
1954 # Too short PMK-R1 pull
1955 pkt = ehdr + '\x01' + '\xc8' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1956 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1957 raise Exception("DATA_TEST_FRAME failed")
1958
1959 # Too short PMK-R1 resp
1960 pkt = ehdr + '\x01' + '\xc9' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1961 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1962 raise Exception("DATA_TEST_FRAME failed")
1963
1964 # Too short PMK-R1 push
1965 pkt = ehdr + '\x01' + '\xca' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1966 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1967 raise Exception("DATA_TEST_FRAME failed")
1968
1969 # No matching R0KH address found for PMK-R0 pull response
1970 pkt = ehdr + '\x01' + '\xc9' + '\x5a\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + 76*'\00'
1971 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1972 raise Exception("DATA_TEST_FRAME failed")
ecafa0cf 1973
9fd6804d 1974@remote_compatible
ecafa0cf
JM		 1975def test_rsn_ie_proto_ft_psk_sta(dev, apdev):
1976 """RSN element protocol testing for FT-PSK + PMF cases on STA side"""
1977 bssid = apdev[0]['bssid']
1978 ssid = "test-ft"
1979 passphrase="12345678"
1980
1981 params = ft_params1(ssid=ssid, passphrase=passphrase)
bc6e3288 1982 params["ieee80211w"] = "1"
ecafa0cf
JM		 1983 # This is the RSN element used normally by hostapd
1984 params['own_ie_override'] = '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'
8b8a1864 1985 hapd = hostapd.add_ap(apdev[0], params)
ecafa0cf
JM		 1986 id = dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1987 ieee80211w="1", scan_freq="2412",
1988 pairwise="CCMP", group="CCMP")
1989
1990 tests = [ ('PMKIDCount field included',
1991 '30160100000fac040100000fac040100000fac048c000000' + '3603a1b201'),
1992 ('Extra IE before RSNE',
1993 'dd0400000000' + '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'),
1994 ('PMKIDCount and Group Management Cipher suite fields included',
1995 '301a0100000fac040100000fac040100000fac048c000000000fac06' + '3603a1b201'),
1996 ('Extra octet after defined fields (future extensibility)',
1997 '301b0100000fac040100000fac040100000fac048c000000000fac0600' + '3603a1b201'),
1998 ('No RSN Capabilities field (PMF disabled in practice)',
1999 '30120100000fac040100000fac040100000fac04' + '3603a1b201') ]
2000 for txt,ie in tests:
2001 dev[0].request("DISCONNECT")
2002 dev[0].wait_disconnected()
2003 logger.info(txt)
2004 hapd.disable()
2005 hapd.set('own_ie_override', ie)
2006 hapd.enable()
2007 dev[0].request("BSS_FLUSH 0")
2008 dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
2009 dev[0].select_network(id, freq=2412)
2010 dev[0].wait_connected()
2011
2012 dev[0].request("DISCONNECT")
2013 dev[0].wait_disconnected()
2014
2015 logger.info('Invalid RSNE causing internal hostapd error')
2016 hapd.disable()
2017 hapd.set('own_ie_override', '30130100000fac040100000fac040100000fac048c' + '3603a1b201')
2018 hapd.enable()
2019 dev[0].request("BSS_FLUSH 0")
2020 dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
2021 dev[0].select_network(id, freq=2412)
2022 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
2023 # complete.
2024 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
2025 if ev is not None:
2026 raise Exception("Unexpected connection")
2027 dev[0].request("DISCONNECT")
2028
2029 logger.info('Unexpected PMKID causing internal hostapd error')
2030 hapd.disable()
2031 hapd.set('own_ie_override', '30260100000fac040100000fac040100000fac048c000100ffffffffffffffffffffffffffffffff' + '3603a1b201')
2032 hapd.enable()
2033 dev[0].request("BSS_FLUSH 0")
2034 dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
2035 dev[0].select_network(id, freq=2412)
2036 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
2037 # complete.
2038 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
2039 if ev is not None:
2040 raise Exception("Unexpected connection")
2041 dev[0].request("DISCONNECT")
1025603b
JM		 2042
2043def test_ap_ft_ptk_rekey(dev, apdev):
2044 """WPA2-PSK-FT PTK rekeying triggered by station after roam"""
2045 ssid = "test-ft"
2046 passphrase="12345678"
2047
2048 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 2049 hapd0 = hostapd.add_ap(apdev[0], params)
1025603b 2050 params = ft_params2(ssid=ssid, passphrase=passphrase)
8b8a1864 2051 hapd1 = hostapd.add_ap(apdev[1], params)
1025603b
JM		 2052
2053 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, ptk_rekey="1")
2054
2055 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED",
2056 "WPA: Key negotiation completed"], timeout=5)
2057 if ev is None:
2058 raise Exception("No event received after roam")
2059 if "CTRL-EVENT-DISCONNECTED" in ev:
2060 raise Exception("Unexpected disconnection after roam")
2061
2062 if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
2063 hapd = hapd0
2064 else:
2065 hapd = hapd1
2066 hwsim_utils.test_connectivity(dev[0], hapd)
2067
2068def test_ap_ft_ptk_rekey_ap(dev, apdev):
2069 """WPA2-PSK-FT PTK rekeying triggered by AP after roam"""
2070 ssid = "test-ft"
2071 passphrase="12345678"
2072
2073 params = ft_params1(ssid=ssid, passphrase=passphrase)
2074 params['wpa_ptk_rekey'] = '2'
8b8a1864 2075 hapd0 = hostapd.add_ap(apdev[0], params)
1025603b
JM		 2076 params = ft_params2(ssid=ssid, passphrase=passphrase)
2077 params['wpa_ptk_rekey'] = '2'
8b8a1864 2078 hapd1 = hostapd.add_ap(apdev[1], params)
1025603b
JM		 2079
2080 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
2081
2082 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED",
2083 "WPA: Key negotiation completed"], timeout=5)
2084 if ev is None:
2085 raise Exception("No event received after roam")
2086 if "CTRL-EVENT-DISCONNECTED" in ev:
2087 raise Exception("Unexpected disconnection after roam")
2088
2089 if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
2090 hapd = hapd0
2091 else:
2092 hapd = hapd1
2093 hwsim_utils.test_connectivity(dev[0], hapd)
186ca473
MB		 2094
2095def test_ap_ft_internal_rrb_check(dev, apdev):
2096 """RRB internal delivery only to WPA enabled BSS"""
2097 ssid = "test-ft"
2098 passphrase="12345678"
2099
2100 radius = hostapd.radius_params()
2101 params = ft_params1(ssid=ssid, passphrase=passphrase)
2102 params['wpa_key_mgmt'] = "FT-EAP"
2103 params["ieee8021x"] = "1"
2104 params = dict(radius.items() + params.items())
8b8a1864 2105 hapd = hostapd.add_ap(apdev[0], params)
186ca473
MB		 2106 key_mgmt = hapd.get_config()['key_mgmt']
2107 if key_mgmt.split(' ')[0] != "FT-EAP":
2108 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
2109
8b8a1864 2110 hapd1 = hostapd.add_ap(apdev[1], { "ssid" : ssid })
186ca473
MB		 2111
2112 # Connect to WPA enabled AP
2113 dev[0].connect(ssid, key_mgmt="FT-EAP", proto="WPA2", ieee80211w="1",
2114 eap="GPSK", identity="gpsk user",
2115 password="abcdefghijklmnop0123456789abcdef",
2116 scan_freq="2412")
2117
2118 # Try over_ds roaming to non-WPA-enabled AP.
2119 # If hostapd does not check hapd->wpa_auth internally, it will crash now.
2120 dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True)
c85fcff2
JM		 2121
2122def test_ap_ft_extra_ie(dev, apdev):
2123 """WPA2-PSK-FT AP with WPA2-PSK enabled and unexpected MDE"""
2124 ssid = "test-ft"
2125 passphrase="12345678"
2126
2127 params = ft_params1(ssid=ssid, passphrase=passphrase)
2128 params["wpa_key_mgmt"] = "WPA-PSK FT-PSK"
2129 hapd0 = hostapd.add_ap(apdev[0], params)
2130 dev[1].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2131 scan_freq="2412")
2132 dev[2].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK", proto="WPA2",
2133 scan_freq="2412")
2134 try:
2135 # Add Mobility Domain element to test AP validation code.
2136 dev[0].request("VENDOR_ELEM_ADD 13 3603a1b201")
2137 dev[0].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK", proto="WPA2",
2138 scan_freq="2412", wait_connect=False)
2139 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
2140 "CTRL-EVENT-ASSOC-REJECT"], timeout=10)
2141 if ev is None:
2142 raise Exception("No connection result")
2143 if "CTRL-EVENT-CONNECTED" in ev:
2144 raise Exception("Non-FT association accepted with MDE")
2145 if "status_code=43" not in ev:
2146 raise Exception("Unexpected status code: " + ev)
2147 dev[0].request("DISCONNECT")
2148 finally:
2149 dev[0].request("VENDOR_ELEM_REMOVE 13 *")
fd7205fa
JM		 2150
2151def test_ap_ft_ric(dev, apdev):
2152 """WPA2-PSK-FT AP and RIC"""
2153 ssid = "test-ft"
2154 passphrase="12345678"
2155
2156 params = ft_params1(ssid=ssid, passphrase=passphrase)
2157 hapd0 = hostapd.add_ap(apdev[0], params)
2158 params = ft_params2(ssid=ssid, passphrase=passphrase)
2159 hapd1 = hostapd.add_ap(apdev[1], params)
2160
2161 dev[0].set("ric_ies", "")
2162 dev[0].set("ric_ies", '""')
2163 if "FAIL" not in dev[0].request("SET ric_ies q"):
2164 raise Exception("Invalid ric_ies value accepted")
2165
2166 tests = [ "3900",
2167 "3900ff04eeeeeeee",
2168 "390400000000",
2169 "390400000000" + "390400000000",
2170 "390400000000" + "dd050050f20202",
2171 "390400000000" + "dd3d0050f2020201" + 55*"00",
2172 "390400000000" + "dd3d0050f2020201aa300010270000000000000000000000000000000000000000000000000000ffffff7f00000000000000000000000040420f00ffff0000",
2173 "390401010000" + "dd3d0050f2020201aa3000dc050000000000000000000000000000000000000000000000000000dc050000000000000000000000000000808d5b0028230000" ]
2174 for t in tests:
2175 dev[0].set("ric_ies", t)
2176 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase,
2177 test_connectivity=False)
2178 dev[0].request("REMOVE_NETWORK all")
2179 dev[0].wait_disconnected()
2180 dev[0].dump_monitor()
c8942286
JM		 2181
2182def ie_hex(ies, id):
2183 return binascii.hexlify(struct.pack('BB', id, len(ies[id])) + ies[id])
2184
2185def test_ap_ft_reassoc_proto(dev, apdev):
2186 """WPA2-PSK-FT AP Reassociation Request frame parsing"""
2187 ssid = "test-ft"
2188 passphrase="12345678"
2189
2190 params = ft_params1(ssid=ssid, passphrase=passphrase)
2191 hapd0 = hostapd.add_ap(apdev[0], params)
2192 params = ft_params2(ssid=ssid, passphrase=passphrase)
2193 hapd1 = hostapd.add_ap(apdev[1], params)
2194
2195 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2196 ieee80211w="1", scan_freq="2412")
2197 if dev[0].get_status_field('bssid') == hapd0.own_addr():
2198 hapd1ap = hapd0
2199 hapd2ap = hapd1
2200 else:
2201 hapd1ap = hapd1
2202 hapd2ap = hapd0
2203
2204 dev[0].scan_for_bss(hapd2ap.own_addr(), freq="2412")
2205 hapd2ap.set("ext_mgmt_frame_handling", "1")
2206 dev[0].request("ROAM " + hapd2ap.own_addr())
2207
2208 while True:
2209 req = hapd2ap.mgmt_rx()
2210 hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']))
2211 if req['subtype'] == 11:
2212 break
2213
2214 while True:
2215 req = hapd2ap.mgmt_rx()
2216 if req['subtype'] == 2:
2217 break
2218 hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']))
2219
2220 # IEEE 802.11 header + fixed fields before IEs
2221 hdr = binascii.hexlify(req['frame'][0:34])
2222 ies = parse_ie(binascii.hexlify(req['frame'][34:]))
2223 # First elements: SSID, Supported Rates, Extended Supported Rates
2224 ies1 = ie_hex(ies, 0) + ie_hex(ies, 1) + ie_hex(ies, 50)
2225
2226 rsne = ie_hex(ies, 48)
2227 mde = ie_hex(ies, 54)
2228 fte = ie_hex(ies, 55)
2229 tests = [ ]
2230 # RSN: Trying to use FT, but MDIE not included
2231 tests += [ rsne ]
2232 # RSN: Attempted to use unknown MDIE
2233 tests += [ rsne + "3603000000" ]
2234 # Invalid RSN pairwise cipher
2235 tests += [ "30260100000fac040100000fac030100000fac040000010029208a42cd25c85aa571567dce10dae3" ]
2236 # FT: No PMKID in RSNIE
2237 tests += [ "30160100000fac040100000fac040100000fac0400000000" + ie_hex(ies, 54) ]
2238 # FT: Invalid FTIE
2239 tests += [ rsne + mde ]
2240 # FT: RIC IE(s) in the frame, but not included in protected IE count
2241 # FT: Failed to parse FT IEs
2242 tests += [ rsne + mde + fte + "3900" ]
2243 # FT: SNonce mismatch in FTIE
2244 tests += [ rsne + mde + "37520000" + 16*"00" + 32*"00" + 32*"00" ]
2245 # FT: ANonce mismatch in FTIE
2246 tests += [ rsne + mde + fte[0:40] + 32*"00" + fte[104:] ]
2247 # FT: No R0KH-ID subelem in FTIE
2248 tests += [ rsne + mde + "3752" + fte[4:168] ]
2249 # FT: R0KH-ID in FTIE did not match with the current R0KH-ID
2250 tests += [ rsne + mde + "3755" + fte[4:168] + "0301ff" ]
2251 # FT: No R1KH-ID subelem in FTIE
2252 tests += [ rsne + mde + "375e" + fte[4:168] + "030a" + "nas1.w1.fi".encode("hex") ]
2253 # FT: Unknown R1KH-ID used in ReassocReq
2254 tests += [ rsne + mde + "3766" + fte[4:168] + "030a" + "nas1.w1.fi".encode("hex") + "0106000000000000" ]
2255 # FT: PMKID in Reassoc Req did not match with the PMKR1Name derived from auth request
2256 tests += [ rsne[:-32] + 16*"00" + mde + fte ]
2257 # Invalid MIC in FTIE
2258 tests += [ rsne + mde + fte[0:8] + 16*"00" + fte[40:] ]
2259 for t in tests:
2260 hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + ies1 + t)
2261
2262def test_ap_ft_reassoc_local_fail(dev, apdev):
2263 """WPA2-PSK-FT AP Reassociation Request frame and local failure"""
2264 ssid = "test-ft"
2265 passphrase="12345678"
2266
2267 params = ft_params1(ssid=ssid, passphrase=passphrase)
2268 hapd0 = hostapd.add_ap(apdev[0], params)
2269 params = ft_params2(ssid=ssid, passphrase=passphrase)
2270 hapd1 = hostapd.add_ap(apdev[1], params)
2271
2272 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2273 ieee80211w="1", scan_freq="2412")
2274 if dev[0].get_status_field('bssid') == hapd0.own_addr():
2275 hapd1ap = hapd0
2276 hapd2ap = hapd1
2277 else:
2278 hapd1ap = hapd1
2279 hapd2ap = hapd0
2280
2281 dev[0].scan_for_bss(hapd2ap.own_addr(), freq="2412")
2282 # FT: Failed to calculate MIC
2283 with fail_test(hapd2ap, 1, "wpa_ft_validate_reassoc"):
2284 dev[0].request("ROAM " + hapd2ap.own_addr())
2285 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
2286 dev[0].request("DISCONNECT")
2287 if ev is None:
2288 raise Exception("Association reject not seen")
d7f0bef9
JM		 2289
2290def test_ap_ft_reassoc_replay(dev, apdev, params):
2291 """WPA2-PSK-FT AP and replayed Reassociation Request frame"""
2292 capfile = os.path.join(params['logdir'], "hwsim0.pcapng")
2293 ssid = "test-ft"
2294 passphrase="12345678"
2295
2296 params = ft_params1(ssid=ssid, passphrase=passphrase)
2297 hapd0 = hostapd.add_ap(apdev[0], params)
2298 params = ft_params2(ssid=ssid, passphrase=passphrase)
2299 hapd1 = hostapd.add_ap(apdev[1], params)
2300
2301 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2302 scan_freq="2412")
2303 if dev[0].get_status_field('bssid') == hapd0.own_addr():
2304 hapd1ap = hapd0
2305 hapd2ap = hapd1
2306 else:
2307 hapd1ap = hapd1
2308 hapd2ap = hapd0
2309
2310 dev[0].scan_for_bss(hapd2ap.own_addr(), freq="2412")
2311 hapd2ap.set("ext_mgmt_frame_handling", "1")
2312 dev[0].dump_monitor()
2313 if "OK" not in dev[0].request("ROAM " + hapd2ap.own_addr()):
2314 raise Exception("ROAM failed")
2315
2316 reassocreq = None
2317 count = 0
2318 while count < 100:
2319 req = hapd2ap.mgmt_rx()
2320 count += 1
2321 hapd2ap.dump_monitor()
2322 hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']))
2323 if req['subtype'] == 2:
2324 reassocreq = req
2325 ev = hapd2ap.wait_event(["MGMT-TX-STATUS"], timeout=5)
2326 if ev is None:
2327 raise Exception("No TX status seen")
2328 cmd = "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev.split(' ')[1:4]))
2329 if "OK" not in hapd2ap.request(cmd):
2330 raise Exception("MGMT_TX_STATUS_PROCESS failed")
2331 break
2332 hapd2ap.set("ext_mgmt_frame_handling", "0")
2333 if reassocreq is None:
2334 raise Exception("No Reassociation Request frame seen")
2335 dev[0].wait_connected()
2336 dev[0].dump_monitor()
2337 hapd2ap.dump_monitor()
2338
2339 hwsim_utils.test_connectivity(dev[0], hapd2ap)
2340
2341 logger.info("Replay the last Reassociation Request frame")
2342 hapd2ap.dump_monitor()
2343 hapd2ap.set("ext_mgmt_frame_handling", "1")
2344 hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']))
2345 ev = hapd2ap.wait_event(["MGMT-TX-STATUS"], timeout=5)
2346 if ev is None:
2347 raise Exception("No TX status seen")
2348 cmd = "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev.split(' ')[1:4]))
2349 if "OK" not in hapd2ap.request(cmd):
2350 raise Exception("MGMT_TX_STATUS_PROCESS failed")
2351 hapd2ap.set("ext_mgmt_frame_handling", "0")
2352
2353 try:
2354 hwsim_utils.test_connectivity(dev[0], hapd2ap)
2355 ok = True
2356 except:
2357 ok = False
2358
2359 ap = hapd2ap.own_addr()
2360 sta = dev[0].own_addr()
2361 filt = "wlan.fc.type == 2 && " + \
2362 "wlan.da == " + sta + " && " + \
2363 "wlan.sa == " + ap
2364 fields = [ "wlan.ccmp.extiv" ]
2365 res = run_tshark(capfile, filt, fields)
2366 vals = res.splitlines()
2367 logger.info("CCMP PN: " + str(vals))
2368 if len(vals) < 2:
2369 raise Exception("Could not find all CCMP protected frames from capture")
2370 if len(set(vals)) < len(vals):
2371 raise Exception("Duplicate CCMP PN used")
2372
2373 if not ok:
2374 raise Exception("The second hwsim connectivity test failed")
0dc3c5f2
JM		 2375
2376def test_ap_ft_psk_file(dev, apdev):
2377 """WPA2-PSK-FT AP with PSK from a file"""
2378 ssid = "test-ft"
2379 passphrase="12345678"
2380
2381 params = ft_params1a(ssid=ssid, passphrase=passphrase)
2382 params['wpa_psk_file'] = 'hostapd.wpa_psk'
2383 hapd = hostapd.add_ap(apdev[0], params)
2384
2385 dev[1].connect(ssid, psk="very secret",
2386 key_mgmt="FT-PSK", proto="WPA2", ieee80211w="1",
2387 scan_freq="2412", wait_connect=False)
2388 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2389 ieee80211w="1", scan_freq="2412")
2390 dev[0].request("REMOVE_NETWORK all")
2391 dev[0].wait_disconnected()
2392 dev[0].connect(ssid, psk="very secret", key_mgmt="FT-PSK", proto="WPA2",
2393 ieee80211w="1", scan_freq="2412")
2394 dev[0].request("REMOVE_NETWORK all")
2395 dev[0].wait_disconnected()
2396 dev[0].connect(ssid, psk="secret passphrase",
2397 key_mgmt="FT-PSK", proto="WPA2", ieee80211w="1",
2398 scan_freq="2412")
2399 dev[2].connect(ssid, psk="another passphrase for all STAs",
2400 key_mgmt="FT-PSK", proto="WPA2", ieee80211w="1",
2401 scan_freq="2412")
2402 ev = dev[1].wait_event(["WPA: 4-Way Handshake failed"], timeout=10)
2403 if ev is None:
2404 raise Exception("Timed out while waiting for failure report")
2405 dev[1].request("REMOVE_NETWORK all")
62566bc2
JM		 2406
2407def test_ap_ft_eap_ap_config_change(dev, apdev):
2408 """WPA2-EAP-FT AP changing from 802.1X-only to FT-only"""
2409 ssid = "test-ft"
2410 passphrase="12345678"
2411 bssid = apdev[0]['bssid']
2412
2413 radius = hostapd.radius_params()
2414 params = ft_params1(ssid=ssid, passphrase=passphrase, discovery=True)
2415 params['wpa_key_mgmt'] = "WPA-EAP"
2416 params["ieee8021x"] = "1"
2417 params["pmk_r1_push"] = "0"
2418 params["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
2419 params["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
2420 params["eap_server"] = "0"
2421 params = dict(radius.items() + params.items())
2422 hapd = hostapd.add_ap(apdev[0], params)
2423
2424 dev[0].connect(ssid, key_mgmt="FT-EAP WPA-EAP", proto="WPA2",
2425 eap="GPSK", identity="gpsk user",
2426 password="abcdefghijklmnop0123456789abcdef",
2427 scan_freq="2412")
2428 dev[0].request("DISCONNECT")
2429 dev[0].wait_disconnected()
2430 dev[0].dump_monitor()
2431
2432 hapd.disable()
2433 hapd.set('wpa_key_mgmt', "FT-EAP")
2434 hapd.enable()
2435
2436 dev[0].request("BSS_FLUSH 0")
2437 dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
2438
2439 dev[0].request("RECONNECT")
2440 dev[0].wait_connected()
55b3cda7
JM		 2441
2442def test_ap_ft_eap_sha384(dev, apdev):
2443 """WPA2-EAP-FT with SHA384"""
2444 ssid = "test-ft"
2445 passphrase="12345678"
2446
2447 radius = hostapd.radius_params()
2448 params = ft_params1(ssid=ssid, passphrase=passphrase)
2449 params["ieee80211w"] = "2";
2450 params['wpa_key_mgmt'] = "FT-EAP-SHA384"
2451 params["ieee8021x"] = "1"
2452 params = dict(radius.items() + params.items())
2453 hapd0 = hostapd.add_ap(apdev[0], params)
2454 params = ft_params2(ssid=ssid, passphrase=passphrase)
2455 params["ieee80211w"] = "2";
2456 params['wpa_key_mgmt'] = "FT-EAP-SHA384"
2457 params["ieee8021x"] = "1"
2458 params = dict(radius.items() + params.items())
2459 hapd1 = hostapd.add_ap(apdev[1], params)
2460
2461 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, eap=True,
2462 sha384=True)
2463
2464def test_ap_ft_eap_sha384_over_ds(dev, apdev):
2465 """WPA2-EAP-FT with SHA384 over DS"""
2466 ssid = "test-ft"
2467 passphrase="12345678"
2468
2469 radius = hostapd.radius_params()
2470 params = ft_params1(ssid=ssid, passphrase=passphrase)
2471 params["ieee80211w"] = "2";
2472 params['wpa_key_mgmt'] = "FT-EAP-SHA384"
2473 params["ieee8021x"] = "1"
2474 params = dict(radius.items() + params.items())
2475 hapd0 = hostapd.add_ap(apdev[0], params)
2476 params = ft_params2(ssid=ssid, passphrase=passphrase)
2477 params["ieee80211w"] = "2";
2478 params['wpa_key_mgmt'] = "FT-EAP-SHA384"
2479 params["ieee8021x"] = "1"
2480 params = dict(radius.items() + params.items())
2481 hapd1 = hostapd.add_ap(apdev[1], params)
2482
2483 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
2484 eap=True, sha384=True)
Unnamed repository; edit this file 'description' to name the repository.