]>
Commit | Line | Data |
---|---|---|
cd7f1b9a | 1 | # Fast BSS Transition tests |
02a4ac0f | 2 | # Copyright (c) 2013-2019, Jouni Malinen <j@w1.fi> |
cd7f1b9a JM |
3 | # |
4 | # This software may be distributed under the terms of the BSD license. | |
5 | # See README for more details. | |
6 | ||
9fd6804d | 7 | from remotehost import remote_compatible |
5b3c40a6 JM |
8 | import binascii |
9 | import os | |
cd7f1b9a | 10 | import time |
cd7f1b9a | 11 | import logging |
c9aa4308 | 12 | logger = logging.getLogger() |
02a4ac0f | 13 | import signal |
c8942286 | 14 | import struct |
02a4ac0f | 15 | import subprocess |
cd7f1b9a JM |
16 | |
17 | import hwsim_utils | |
02a4ac0f | 18 | from hwsim import HWSimRadio |
cd7f1b9a | 19 | import hostapd |
d7f0bef9 | 20 | from tshark import run_tshark |
c8942286 | 21 | from utils import HwsimSkip, alloc_fail, fail_test, wait_fail_trigger, skip_with_fips, parse_ie |
cd7f1b9a | 22 | from wlantest import Wlantest |
5b3c40a6 | 23 | from test_ap_psk import check_mib, find_wpas_process, read_process_memory, verify_not_present, get_key_locations |
392aba4e | 24 | from test_rrm import check_beacon_req |
cd7f1b9a JM |
25 | |
26 | def ft_base_rsn(): | |
fab49f61 JM |
27 | params = {"wpa": "2", |
28 | "wpa_key_mgmt": "FT-PSK", | |
29 | "rsn_pairwise": "CCMP"} | |
cd7f1b9a JM |
30 | return params |
31 | ||
32 | def ft_base_mixed(): | |
fab49f61 JM |
33 | params = {"wpa": "3", |
34 | "wpa_key_mgmt": "WPA-PSK FT-PSK", | |
35 | "wpa_pairwise": "TKIP", | |
36 | "rsn_pairwise": "CCMP"} | |
cd7f1b9a JM |
37 | return params |
38 | ||
39 | def ft_params(rsn=True, ssid=None, passphrase=None): | |
40 | if rsn: | |
41 | params = ft_base_rsn() | |
42 | else: | |
43 | params = ft_base_mixed() | |
44 | if ssid: | |
45 | params["ssid"] = ssid | |
46 | if passphrase: | |
47 | params["wpa_passphrase"] = passphrase | |
48 | ||
49 | params["mobility_domain"] = "a1b2" | |
50 | params["r0_key_lifetime"] = "10000" | |
51 | params["pmk_r1_push"] = "1" | |
52 | params["reassociation_deadline"] = "1000" | |
53 | return params | |
54 | ||
d0175d6e | 55 | def ft_params1a(rsn=True, ssid=None, passphrase=None): |
cd7f1b9a JM |
56 | params = ft_params(rsn, ssid, passphrase) |
57 | params['nas_identifier'] = "nas1.w1.fi" | |
58 | params['r1_key_holder'] = "000102030405" | |
d0175d6e MB |
59 | return params |
60 | ||
942b52a8 | 61 | def ft_params1(rsn=True, ssid=None, passphrase=None, discovery=False): |
d0175d6e | 62 | params = ft_params1a(rsn, ssid, passphrase) |
942b52a8 MB |
63 | if discovery: |
64 | params['r0kh'] = "ff:ff:ff:ff:ff:ff * 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f" | |
65 | params['r1kh'] = "00:00:00:00:00:00 00:00:00:00:00:00 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f" | |
66 | else: | |
fab49f61 JM |
67 | params['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f", |
68 | "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"] | |
942b52a8 | 69 | params['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f" |
cd7f1b9a JM |
70 | return params |
71 | ||
c95dd8e4 JM |
72 | def ft_params1_old_key(rsn=True, ssid=None, passphrase=None): |
73 | params = ft_params1a(rsn, ssid, passphrase) | |
fab49f61 JM |
74 | params['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f", |
75 | "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f"] | |
c95dd8e4 JM |
76 | params['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f" |
77 | return params | |
78 | ||
d0175d6e | 79 | def ft_params2a(rsn=True, ssid=None, passphrase=None): |
cd7f1b9a JM |
80 | params = ft_params(rsn, ssid, passphrase) |
81 | params['nas_identifier'] = "nas2.w1.fi" | |
82 | params['r1_key_holder'] = "000102030406" | |
d0175d6e MB |
83 | return params |
84 | ||
942b52a8 | 85 | def ft_params2(rsn=True, ssid=None, passphrase=None, discovery=False): |
d0175d6e | 86 | params = ft_params2a(rsn, ssid, passphrase) |
942b52a8 MB |
87 | if discovery: |
88 | params['r0kh'] = "ff:ff:ff:ff:ff:ff * 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f" | |
89 | params['r1kh'] = "00:00:00:00:00:00 00:00:00:00:00:00 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f" | |
90 | else: | |
fab49f61 JM |
91 | params['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f", |
92 | "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f"] | |
942b52a8 | 93 | params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f" |
cd7f1b9a JM |
94 | return params |
95 | ||
c95dd8e4 JM |
96 | def ft_params2_old_key(rsn=True, ssid=None, passphrase=None): |
97 | params = ft_params2a(rsn, ssid, passphrase) | |
fab49f61 JM |
98 | params['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f", |
99 | "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f"] | |
c95dd8e4 JM |
100 | params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f" |
101 | return params | |
102 | ||
3b808945 JM |
103 | def ft_params1_r0kh_mismatch(rsn=True, ssid=None, passphrase=None): |
104 | params = ft_params(rsn, ssid, passphrase) | |
105 | params['nas_identifier'] = "nas1.w1.fi" | |
106 | params['r1_key_holder'] = "000102030405" | |
fab49f61 JM |
107 | params['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f", |
108 | "12:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"] | |
9441a227 | 109 | params['r1kh'] = "12:00:00:00:04:00 10:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f" |
3b808945 JM |
110 | return params |
111 | ||
112 | def ft_params2_incorrect_rrb_key(rsn=True, ssid=None, passphrase=None): | |
113 | params = ft_params(rsn, ssid, passphrase) | |
114 | params['nas_identifier'] = "nas2.w1.fi" | |
115 | params['r1_key_holder'] = "000102030406" | |
fab49f61 JM |
116 | params['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0ef1200102030405060708090a0b0c0d0ef1", |
117 | "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0ef2000102030405060708090a0b0c0d0ef2"] | |
9441a227 | 118 | params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0ef3300102030405060708090a0b0c0d0ef3" |
3b808945 JM |
119 | return params |
120 | ||
121 | def ft_params2_r0kh_mismatch(rsn=True, ssid=None, passphrase=None): | |
122 | params = ft_params(rsn, ssid, passphrase) | |
123 | params['nas_identifier'] = "nas2.w1.fi" | |
124 | params['r1_key_holder'] = "000102030406" | |
fab49f61 JM |
125 | params['r0kh'] = ["12:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f", |
126 | "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f"] | |
9441a227 | 127 | params['r1kh'] = "12:00:00:00:03:00 10:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f" |
3b808945 JM |
128 | return params |
129 | ||
7b741a53 JM |
130 | def run_roams(dev, apdev, hapd0, hapd1, ssid, passphrase, over_ds=False, |
131 | sae=False, eap=False, fail_test=False, roams=1, | |
fd7205fa | 132 | pairwise_cipher="CCMP", group_cipher="TKIP CCMP", ptk_rekey="0", |
473e5176 | 133 | test_connectivity=True, eap_identity="gpsk user", conndev=False, |
ffcaca68 | 134 | force_initial_conn_to_first_ap=False, sha384=False, |
3d5b88b5 | 135 | group_mgmt=None, ocv=None, sae_password=None, |
659f7954 | 136 | sae_password_id=None, sae_and_psk=False, pmksa_caching=False, |
425e5f97 | 137 | roam_with_reassoc=False, also_non_ft=False, only_one_way=False): |
cd7f1b9a | 138 | logger.info("Connect to first AP") |
473e5176 MB |
139 | |
140 | copts = {} | |
141 | copts["proto"] = "WPA2" | |
142 | copts["ieee80211w"] = "1" | |
143 | copts["scan_freq"] = "2412" | |
144 | copts["pairwise"] = pairwise_cipher | |
fab49f61 | 145 | copts["group"] = group_cipher |
473e5176 | 146 | copts["wpa_ptk_rekey"] = ptk_rekey |
ffcaca68 JM |
147 | if group_mgmt: |
148 | copts["group_mgmt"] = group_mgmt | |
e63d8837 MV |
149 | if ocv: |
150 | copts["ocv"] = ocv | |
6f62809b | 151 | if eap: |
659f7954 JM |
152 | if also_non_ft: |
153 | copts["key_mgmt"] = "WPA-EAP-SUITE-B-192 FT-EAP-SHA384" if sha384 else "WPA-EAP FT-EAP" | |
154 | else: | |
155 | copts["key_mgmt"] = "FT-EAP-SHA384" if sha384 else "FT-EAP" | |
473e5176 MB |
156 | copts["eap"] = "GPSK" |
157 | copts["identity"] = eap_identity | |
158 | copts["password"] = "abcdefghijklmnop0123456789abcdef" | |
6e658cc4 | 159 | else: |
6f62809b | 160 | if sae: |
cdf53910 | 161 | copts["key_mgmt"] = "SAE FT-SAE" if sae_and_psk else "FT-SAE" |
6f62809b | 162 | else: |
473e5176 | 163 | copts["key_mgmt"] = "FT-PSK" |
3d5b88b5 JM |
164 | if passphrase: |
165 | copts["psk"] = passphrase | |
166 | if sae_password: | |
167 | copts["sae_password"] = sae_password | |
168 | if sae_password_id: | |
169 | copts["sae_password_id"] = sae_password_id | |
473e5176 MB |
170 | if force_initial_conn_to_first_ap: |
171 | copts["bssid"] = apdev[0]['bssid'] | |
659f7954 | 172 | netw = dev.connect(ssid, **copts) |
1211031a JM |
173 | if pmksa_caching: |
174 | dev.request("DISCONNECT") | |
175 | dev.wait_disconnected() | |
176 | dev.request("RECONNECT") | |
177 | ev = dev.wait_event(["CTRL-EVENT-CONNECTED", "CTRL-EVENT-DISCONNECTED"], | |
178 | timeout=15) | |
179 | if ev is None: | |
180 | raise Exception("Reconnect timed out") | |
181 | if "CTRL-EVENT-DISCONNECTED" in ev: | |
182 | raise Exception("Unexpected disconnection after RECONNECT") | |
473e5176 | 183 | |
cd7f1b9a JM |
184 | if dev.get_status_field('bssid') == apdev[0]['bssid']: |
185 | ap1 = apdev[0] | |
186 | ap2 = apdev[1] | |
a8375c94 JM |
187 | hapd1ap = hapd0 |
188 | hapd2ap = hapd1 | |
cd7f1b9a JM |
189 | else: |
190 | ap1 = apdev[1] | |
191 | ap2 = apdev[0] | |
a8375c94 JM |
192 | hapd1ap = hapd1 |
193 | hapd2ap = hapd0 | |
fd7205fa | 194 | if test_connectivity: |
9c50a6d3 MB |
195 | if conndev: |
196 | hwsim_utils.test_connectivity_iface(dev, hapd1ap, conndev) | |
197 | else: | |
198 | hwsim_utils.test_connectivity(dev, hapd1ap) | |
cd7f1b9a | 199 | |
655bc8bf | 200 | dev.scan_for_bss(ap2['bssid'], freq="2412") |
40602101 JM |
201 | |
202 | for i in range(0, roams): | |
e0382291 MB |
203 | # Roaming artificially fast can make data test fail because the key is |
204 | # set later. | |
205 | time.sleep(0.01) | |
40602101 | 206 | logger.info("Roam to the second AP") |
659f7954 JM |
207 | if roam_with_reassoc: |
208 | dev.set_network(netw, "bssid", ap2['bssid']) | |
209 | dev.request("REASSOCIATE") | |
210 | dev.wait_connected() | |
211 | elif over_ds: | |
40602101 JM |
212 | dev.roam_over_ds(ap2['bssid'], fail_test=fail_test) |
213 | else: | |
214 | dev.roam(ap2['bssid'], fail_test=fail_test) | |
215 | if fail_test: | |
216 | return | |
217 | if dev.get_status_field('bssid') != ap2['bssid']: | |
218 | raise Exception("Did not connect to correct AP") | |
fd7205fa | 219 | if (i == 0 or i == roams - 1) and test_connectivity: |
9c50a6d3 MB |
220 | if conndev: |
221 | hwsim_utils.test_connectivity_iface(dev, hapd2ap, conndev) | |
222 | else: | |
223 | hwsim_utils.test_connectivity(dev, hapd2ap) | |
40602101 | 224 | |
425e5f97 JM |
225 | if only_one_way: |
226 | return | |
e0382291 MB |
227 | # Roaming artificially fast can make data test fail because the key is |
228 | # set later. | |
229 | time.sleep(0.01) | |
40602101 | 230 | logger.info("Roam back to the first AP") |
659f7954 JM |
231 | if roam_with_reassoc: |
232 | dev.set_network(netw, "bssid", ap1['bssid']) | |
233 | dev.request("REASSOCIATE") | |
234 | dev.wait_connected() | |
235 | elif over_ds: | |
40602101 JM |
236 | dev.roam_over_ds(ap1['bssid']) |
237 | else: | |
238 | dev.roam(ap1['bssid']) | |
239 | if dev.get_status_field('bssid') != ap1['bssid']: | |
240 | raise Exception("Did not connect to correct AP") | |
fd7205fa | 241 | if (i == 0 or i == roams - 1) and test_connectivity: |
9c50a6d3 MB |
242 | if conndev: |
243 | hwsim_utils.test_connectivity_iface(dev, hapd1ap, conndev) | |
244 | else: | |
245 | hwsim_utils.test_connectivity(dev, hapd1ap) | |
cd7f1b9a JM |
246 | |
247 | def test_ap_ft(dev, apdev): | |
248 | """WPA2-PSK-FT AP""" | |
249 | ssid = "test-ft" | |
fab49f61 | 250 | passphrase = "12345678" |
cd7f1b9a JM |
251 | |
252 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 253 | hapd0 = hostapd.add_ap(apdev[0], params) |
cd7f1b9a | 254 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
8b8a1864 | 255 | hapd1 = hostapd.add_ap(apdev[1], params) |
cd7f1b9a | 256 | |
a8375c94 | 257 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase) |
91bc6c36 JM |
258 | if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"): |
259 | raise Exception("Scan results missing RSN element info") | |
cd7f1b9a | 260 | |
c95dd8e4 JM |
261 | def test_ap_ft_old_key(dev, apdev): |
262 | """WPA2-PSK-FT AP (old key)""" | |
263 | ssid = "test-ft" | |
fab49f61 | 264 | passphrase = "12345678" |
c95dd8e4 JM |
265 | |
266 | params = ft_params1_old_key(ssid=ssid, passphrase=passphrase) | |
267 | hapd0 = hostapd.add_ap(apdev[0], params) | |
268 | params = ft_params2_old_key(ssid=ssid, passphrase=passphrase) | |
269 | hapd1 = hostapd.add_ap(apdev[1], params) | |
270 | ||
271 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase) | |
272 | ||
e4612f84 JM |
273 | def test_ap_ft_multi_akm(dev, apdev): |
274 | """WPA2-PSK-FT AP with non-FT AKMs enabled""" | |
275 | ssid = "test-ft" | |
fab49f61 | 276 | passphrase = "12345678" |
e4612f84 JM |
277 | |
278 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
279 | params["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256" | |
280 | hapd0 = hostapd.add_ap(apdev[0], params) | |
281 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
282 | params["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256" | |
283 | hapd1 = hostapd.add_ap(apdev[1], params) | |
284 | ||
285 | Wlantest.setup(hapd0) | |
286 | wt = Wlantest() | |
287 | wt.flush() | |
288 | wt.add_passphrase(passphrase) | |
289 | ||
290 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase) | |
291 | if "[WPA2-PSK+FT/PSK+PSK-SHA256-CCMP]" not in dev[0].request("SCAN_RESULTS"): | |
292 | raise Exception("Scan results missing RSN element info") | |
293 | dev[1].connect(ssid, psk=passphrase, scan_freq="2412") | |
294 | dev[2].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK-SHA256", | |
295 | scan_freq="2412") | |
296 | ||
d0175d6e MB |
297 | def test_ap_ft_local_key_gen(dev, apdev): |
298 | """WPA2-PSK-FT AP with local key generation (without pull/push)""" | |
299 | ssid = "test-ft" | |
fab49f61 | 300 | passphrase = "12345678" |
d0175d6e MB |
301 | |
302 | params = ft_params1a(ssid=ssid, passphrase=passphrase) | |
58be42b2 | 303 | params['ft_psk_generate_local'] = "1" |
8344ba12 | 304 | del params['pmk_r1_push'] |
b098542c | 305 | hapd0 = hostapd.add_ap(apdev[0], params) |
d0175d6e | 306 | params = ft_params2a(ssid=ssid, passphrase=passphrase) |
58be42b2 | 307 | params['ft_psk_generate_local'] = "1" |
8344ba12 | 308 | del params['pmk_r1_push'] |
b098542c | 309 | hapd1 = hostapd.add_ap(apdev[1], params) |
d0175d6e MB |
310 | |
311 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase) | |
312 | if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"): | |
313 | raise Exception("Scan results missing RSN element info") | |
314 | ||
473e5176 MB |
315 | def test_ap_ft_vlan(dev, apdev): |
316 | """WPA2-PSK-FT AP with VLAN""" | |
317 | ssid = "test-ft" | |
fab49f61 | 318 | passphrase = "12345678" |
473e5176 MB |
319 | |
320 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
58be42b2 JM |
321 | params['dynamic_vlan'] = "1" |
322 | params['accept_mac_file'] = "hostapd.accept" | |
473e5176 MB |
323 | hapd0 = hostapd.add_ap(apdev[0]['ifname'], params) |
324 | ||
325 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
58be42b2 JM |
326 | params['dynamic_vlan'] = "1" |
327 | params['accept_mac_file'] = "hostapd.accept" | |
473e5176 MB |
328 | hapd1 = hostapd.add_ap(apdev[1]['ifname'], params) |
329 | ||
330 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, conndev="brvlan1") | |
331 | if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"): | |
332 | raise Exception("Scan results missing RSN element info") | |
333 | ||
334 | def test_ap_ft_vlan_disconnected(dev, apdev): | |
335 | """WPA2-PSK-FT AP with VLAN and local key generation""" | |
336 | ssid = "test-ft" | |
fab49f61 | 337 | passphrase = "12345678" |
473e5176 MB |
338 | |
339 | params = ft_params1a(ssid=ssid, passphrase=passphrase) | |
58be42b2 JM |
340 | params['dynamic_vlan'] = "1" |
341 | params['accept_mac_file'] = "hostapd.accept" | |
342 | params['ft_psk_generate_local'] = "1" | |
473e5176 MB |
343 | hapd0 = hostapd.add_ap(apdev[0]['ifname'], params) |
344 | ||
345 | params = ft_params2a(ssid=ssid, passphrase=passphrase) | |
58be42b2 JM |
346 | params['dynamic_vlan'] = "1" |
347 | params['accept_mac_file'] = "hostapd.accept" | |
348 | params['ft_psk_generate_local'] = "1" | |
473e5176 MB |
349 | hapd1 = hostapd.add_ap(apdev[1]['ifname'], params) |
350 | ||
351 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, conndev="brvlan1") | |
352 | if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"): | |
353 | raise Exception("Scan results missing RSN element info") | |
354 | ||
355 | def test_ap_ft_vlan_2(dev, apdev): | |
356 | """WPA2-PSK-FT AP with VLAN and dest-AP does not have VLAN info locally""" | |
357 | ssid = "test-ft" | |
fab49f61 | 358 | passphrase = "12345678" |
473e5176 MB |
359 | |
360 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
58be42b2 JM |
361 | params['dynamic_vlan'] = "1" |
362 | params['accept_mac_file'] = "hostapd.accept" | |
473e5176 MB |
363 | hapd0 = hostapd.add_ap(apdev[0]['ifname'], params) |
364 | ||
365 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
58be42b2 | 366 | params['dynamic_vlan'] = "1" |
473e5176 MB |
367 | hapd1 = hostapd.add_ap(apdev[1]['ifname'], params) |
368 | ||
369 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, conndev="brvlan1", | |
370 | force_initial_conn_to_first_ap=True) | |
371 | if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"): | |
372 | raise Exception("Scan results missing RSN element info") | |
373 | ||
40602101 JM |
374 | def test_ap_ft_many(dev, apdev): |
375 | """WPA2-PSK-FT AP multiple times""" | |
376 | ssid = "test-ft" | |
fab49f61 | 377 | passphrase = "12345678" |
40602101 JM |
378 | |
379 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 380 | hapd0 = hostapd.add_ap(apdev[0], params) |
40602101 | 381 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
8b8a1864 | 382 | hapd1 = hostapd.add_ap(apdev[1], params) |
40602101 | 383 | |
a8375c94 | 384 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, roams=50) |
40602101 | 385 | |
473e5176 MB |
386 | def test_ap_ft_many_vlan(dev, apdev): |
387 | """WPA2-PSK-FT AP with VLAN multiple times""" | |
388 | ssid = "test-ft" | |
fab49f61 | 389 | passphrase = "12345678" |
473e5176 MB |
390 | |
391 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
58be42b2 JM |
392 | params['dynamic_vlan'] = "1" |
393 | params['accept_mac_file'] = "hostapd.accept" | |
473e5176 MB |
394 | hapd0 = hostapd.add_ap(apdev[0]['ifname'], params) |
395 | ||
396 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
58be42b2 JM |
397 | params['dynamic_vlan'] = "1" |
398 | params['accept_mac_file'] = "hostapd.accept" | |
473e5176 MB |
399 | hapd1 = hostapd.add_ap(apdev[1]['ifname'], params) |
400 | ||
401 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, roams=50, | |
402 | conndev="brvlan1") | |
403 | ||
cd7f1b9a JM |
404 | def test_ap_ft_mixed(dev, apdev): |
405 | """WPA2-PSK-FT mixed-mode AP""" | |
406 | ssid = "test-ft-mixed" | |
fab49f61 | 407 | passphrase = "12345678" |
cd7f1b9a JM |
408 | |
409 | params = ft_params1(rsn=False, ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 410 | hapd = hostapd.add_ap(apdev[0], params) |
65038313 JM |
411 | key_mgmt = hapd.get_config()['key_mgmt'] |
412 | vals = key_mgmt.split(' ') | |
413 | if vals[0] != "WPA-PSK" or vals[1] != "FT-PSK": | |
414 | raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt) | |
cd7f1b9a | 415 | params = ft_params2(rsn=False, ssid=ssid, passphrase=passphrase) |
8b8a1864 | 416 | hapd1 = hostapd.add_ap(apdev[1], params) |
cd7f1b9a | 417 | |
a8375c94 | 418 | run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase) |
cd7f1b9a JM |
419 | |
420 | def test_ap_ft_pmf(dev, apdev): | |
421 | """WPA2-PSK-FT AP with PMF""" | |
422 | ssid = "test-ft" | |
fab49f61 | 423 | passphrase = "12345678" |
cd7f1b9a JM |
424 | |
425 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
bc6e3288 | 426 | params["ieee80211w"] = "2" |
8b8a1864 | 427 | hapd0 = hostapd.add_ap(apdev[0], params) |
cd7f1b9a | 428 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
bc6e3288 | 429 | params["ieee80211w"] = "2" |
8b8a1864 | 430 | hapd1 = hostapd.add_ap(apdev[1], params) |
cd7f1b9a | 431 | |
a8375c94 | 432 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase) |
b553eab1 | 433 | |
ffcaca68 JM |
434 | def test_ap_ft_pmf_bip_cmac_128(dev, apdev): |
435 | """WPA2-PSK-FT AP with PMF/BIP-CMAC-128""" | |
436 | run_ap_ft_pmf_bip(dev, apdev, "AES-128-CMAC") | |
437 | ||
438 | def test_ap_ft_pmf_bip_gmac_128(dev, apdev): | |
439 | """WPA2-PSK-FT AP with PMF/BIP-GMAC-128""" | |
440 | run_ap_ft_pmf_bip(dev, apdev, "BIP-GMAC-128") | |
441 | ||
442 | def test_ap_ft_pmf_bip_gmac_256(dev, apdev): | |
443 | """WPA2-PSK-FT AP with PMF/BIP-GMAC-256""" | |
444 | run_ap_ft_pmf_bip(dev, apdev, "BIP-GMAC-256") | |
445 | ||
446 | def test_ap_ft_pmf_bip_cmac_256(dev, apdev): | |
447 | """WPA2-PSK-FT AP with PMF/BIP-CMAC-256""" | |
448 | run_ap_ft_pmf_bip(dev, apdev, "BIP-CMAC-256") | |
449 | ||
450 | def run_ap_ft_pmf_bip(dev, apdev, cipher): | |
451 | if cipher not in dev[0].get_capability("group_mgmt"): | |
452 | raise HwsimSkip("Cipher %s not supported" % cipher) | |
453 | ||
454 | ssid = "test-ft" | |
fab49f61 | 455 | passphrase = "12345678" |
ffcaca68 JM |
456 | |
457 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
458 | params["ieee80211w"] = "2" | |
459 | params["group_mgmt_cipher"] = cipher | |
460 | hapd0 = hostapd.add_ap(apdev[0], params) | |
461 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
462 | params["ieee80211w"] = "2" | |
463 | params["group_mgmt_cipher"] = cipher | |
464 | hapd1 = hostapd.add_ap(apdev[1], params) | |
465 | ||
466 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, | |
467 | group_mgmt=cipher) | |
468 | ||
e63d8837 MV |
469 | def test_ap_ft_ocv(dev, apdev): |
470 | """WPA2-PSK-FT AP with OCV""" | |
471 | ssid = "test-ft" | |
fab49f61 | 472 | passphrase = "12345678" |
e63d8837 MV |
473 | |
474 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
475 | params["ieee80211w"] = "2" | |
476 | params["ocv"] = "1" | |
477 | try: | |
478 | hapd0 = hostapd.add_ap(apdev[0], params) | |
bab493b9 | 479 | except Exception as e: |
e63d8837 MV |
480 | if "Failed to set hostapd parameter ocv" in str(e): |
481 | raise HwsimSkip("OCV not supported") | |
482 | raise | |
483 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
484 | params["ieee80211w"] = "2" | |
485 | params["ocv"] = "1" | |
486 | hapd1 = hostapd.add_ap(apdev[1], params) | |
487 | ||
488 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, ocv="1") | |
489 | ||
b553eab1 JM |
490 | def test_ap_ft_over_ds(dev, apdev): |
491 | """WPA2-PSK-FT AP over DS""" | |
492 | ssid = "test-ft" | |
fab49f61 | 493 | passphrase = "12345678" |
b553eab1 JM |
494 | |
495 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 496 | hapd0 = hostapd.add_ap(apdev[0], params) |
b553eab1 | 497 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
8b8a1864 | 498 | hapd1 = hostapd.add_ap(apdev[1], params) |
b553eab1 | 499 | |
a8375c94 | 500 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True) |
fab49f61 JM |
501 | check_mib(dev[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"), |
502 | ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4")]) | |
b553eab1 | 503 | |
02a4ac0f JM |
504 | def cleanup_ap_ft_separate_hostapd(): |
505 | subprocess.call(["brctl", "delif", "br0ft", "veth0"], | |
506 | stderr=open('/dev/null', 'w')) | |
507 | subprocess.call(["brctl", "delif", "br1ft", "veth1"], | |
508 | stderr=open('/dev/null', 'w')) | |
509 | subprocess.call(["ip", "link", "del", "veth0"], | |
510 | stderr=open('/dev/null', 'w')) | |
511 | subprocess.call(["ip", "link", "del", "veth1"], | |
512 | stderr=open('/dev/null', 'w')) | |
fab49f61 | 513 | for ifname in ['br0ft', 'br1ft', 'br-ft']: |
02a4ac0f JM |
514 | subprocess.call(['ip', 'link', 'set', 'dev', ifname, 'down'], |
515 | stderr=open('/dev/null', 'w')) | |
516 | subprocess.call(['brctl', 'delbr', ifname], | |
517 | stderr=open('/dev/null', 'w')) | |
518 | ||
519 | def test_ap_ft_separate_hostapd(dev, apdev, params): | |
520 | """WPA2-PSK-FT AP and separate hostapd process""" | |
521 | try: | |
522 | run_ap_ft_separate_hostapd(dev, apdev, params, False) | |
523 | finally: | |
524 | cleanup_ap_ft_separate_hostapd() | |
525 | ||
526 | def test_ap_ft_over_ds_separate_hostapd(dev, apdev, params): | |
527 | """WPA2-PSK-FT AP over DS and separate hostapd process""" | |
528 | try: | |
529 | run_ap_ft_separate_hostapd(dev, apdev, params, True) | |
530 | finally: | |
531 | cleanup_ap_ft_separate_hostapd() | |
532 | ||
533 | def run_ap_ft_separate_hostapd(dev, apdev, params, over_ds): | |
534 | ssid = "test-ft" | |
fab49f61 | 535 | passphrase = "12345678" |
02a4ac0f JM |
536 | logdir = params['logdir'] |
537 | pidfile = os.path.join(logdir, 'ap_ft_over_ds_separate_hostapd.pid') | |
538 | logfile = os.path.join(logdir, 'ap_ft_over_ds_separate_hostapd.hapd') | |
539 | global_ctrl = '/var/run/hostapd-ft' | |
540 | br_ifname = 'br-ft' | |
541 | ||
542 | try: | |
543 | subprocess.check_call(['brctl', 'addbr', br_ifname]) | |
544 | subprocess.check_call(['brctl', 'setfd', br_ifname, '0']) | |
545 | subprocess.check_call(['ip', 'link', 'set', 'dev', br_ifname, 'up']) | |
546 | ||
fab49f61 JM |
547 | subprocess.check_call(["ip", "link", "add", "veth0", "type", "veth", |
548 | "peer", "name", "veth0br"]) | |
549 | subprocess.check_call(["ip", "link", "add", "veth1", "type", "veth", | |
550 | "peer", "name", "veth1br"]) | |
02a4ac0f JM |
551 | subprocess.check_call(['ip', 'link', 'set', 'dev', 'veth0br', 'up']) |
552 | subprocess.check_call(['ip', 'link', 'set', 'dev', 'veth1br', 'up']) | |
553 | subprocess.check_call(['brctl', 'addif', br_ifname, 'veth0br']) | |
554 | subprocess.check_call(['brctl', 'addif', br_ifname, 'veth1br']) | |
555 | ||
556 | subprocess.check_call(['brctl', 'addbr', 'br0ft']) | |
557 | subprocess.check_call(['brctl', 'setfd', 'br0ft', '0']) | |
558 | subprocess.check_call(['ip', 'link', 'set', 'dev', 'br0ft', 'up']) | |
559 | subprocess.check_call(['ip', 'link', 'set', 'dev', 'veth0', 'up']) | |
560 | subprocess.check_call(['brctl', 'addif', 'br0ft', 'veth0']) | |
561 | subprocess.check_call(['brctl', 'addbr', 'br1ft']) | |
562 | subprocess.check_call(['brctl', 'setfd', 'br1ft', '0']) | |
563 | subprocess.check_call(['ip', 'link', 'set', 'dev', 'br1ft', 'up']) | |
564 | subprocess.check_call(['ip', 'link', 'set', 'dev', 'veth1', 'up']) | |
565 | subprocess.check_call(['brctl', 'addif', 'br1ft', 'veth1']) | |
566 | except subprocess.CalledProcessError: | |
567 | raise HwsimSkip("Bridge or veth not supported (kernel CONFIG_VETH)") | |
568 | ||
569 | with HWSimRadio() as (radio, iface): | |
570 | prg = os.path.join(logdir, 'alt-hostapd/hostapd/hostapd') | |
571 | if not os.path.exists(prg): | |
572 | prg = '../../hostapd/hostapd' | |
fab49f61 JM |
573 | cmd = [prg, '-B', '-ddKt', |
574 | '-P', pidfile, '-f', logfile, '-g', global_ctrl] | |
02a4ac0f JM |
575 | subprocess.check_call(cmd) |
576 | ||
577 | hglobal = hostapd.HostapdGlobal(global_ctrl_override=global_ctrl) | |
fab49f61 JM |
578 | apdev_ft = {'ifname': iface} |
579 | apdev2 = [apdev_ft, apdev[1]] | |
02a4ac0f JM |
580 | |
581 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
582 | params["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff" | |
583 | params["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff" | |
584 | params['bridge'] = 'br0ft' | |
585 | hapd0 = hostapd.add_ap(apdev2[0], params, | |
586 | global_ctrl_override=global_ctrl) | |
587 | apdev2[0]['bssid'] = hapd0.own_addr() | |
588 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
589 | params["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff" | |
590 | params["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff" | |
591 | params['bridge'] = 'br1ft' | |
592 | hapd1 = hostapd.add_ap(apdev2[1], params) | |
593 | ||
594 | run_roams(dev[0], apdev2, hapd0, hapd1, ssid, passphrase, | |
595 | over_ds=over_ds, test_connectivity=False) | |
596 | ||
597 | hglobal.terminate() | |
598 | ||
599 | if os.path.exists(pidfile): | |
600 | with open(pidfile, 'r') as f: | |
601 | pid = int(f.read()) | |
602 | f.close() | |
603 | os.kill(pid, signal.SIGTERM) | |
604 | ||
e63d8837 MV |
605 | def test_ap_ft_over_ds_ocv(dev, apdev): |
606 | """WPA2-PSK-FT AP over DS""" | |
607 | ssid = "test-ft" | |
fab49f61 | 608 | passphrase = "12345678" |
e63d8837 MV |
609 | |
610 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
611 | params["ieee80211w"] = "2" | |
612 | params["ocv"] = "1" | |
613 | try: | |
614 | hapd0 = hostapd.add_ap(apdev[0], params) | |
bab493b9 | 615 | except Exception as e: |
e63d8837 MV |
616 | if "Failed to set hostapd parameter ocv" in str(e): |
617 | raise HwsimSkip("OCV not supported") | |
618 | raise | |
619 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
620 | params["ieee80211w"] = "2" | |
621 | params["ocv"] = "1" | |
622 | hapd1 = hostapd.add_ap(apdev[1], params) | |
623 | ||
624 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, | |
625 | ocv="1") | |
626 | ||
55139acb JM |
627 | def test_ap_ft_over_ds_disabled(dev, apdev): |
628 | """WPA2-PSK-FT AP over DS disabled""" | |
629 | ssid = "test-ft" | |
fab49f61 | 630 | passphrase = "12345678" |
55139acb JM |
631 | |
632 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
633 | params['ft_over_ds'] = '0' | |
634 | hapd0 = hostapd.add_ap(apdev[0], params) | |
635 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
636 | params['ft_over_ds'] = '0' | |
637 | hapd1 = hostapd.add_ap(apdev[1], params) | |
638 | ||
639 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, | |
640 | fail_test=True) | |
641 | ||
473e5176 MB |
642 | def test_ap_ft_vlan_over_ds(dev, apdev): |
643 | """WPA2-PSK-FT AP over DS with VLAN""" | |
644 | ssid = "test-ft" | |
fab49f61 | 645 | passphrase = "12345678" |
473e5176 MB |
646 | |
647 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
58be42b2 JM |
648 | params['dynamic_vlan'] = "1" |
649 | params['accept_mac_file'] = "hostapd.accept" | |
473e5176 MB |
650 | hapd0 = hostapd.add_ap(apdev[0]['ifname'], params) |
651 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
58be42b2 JM |
652 | params['dynamic_vlan'] = "1" |
653 | params['accept_mac_file'] = "hostapd.accept" | |
473e5176 MB |
654 | hapd1 = hostapd.add_ap(apdev[1]['ifname'], params) |
655 | ||
656 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, | |
657 | conndev="brvlan1") | |
fab49f61 JM |
658 | check_mib(dev[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"), |
659 | ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4")]) | |
473e5176 | 660 | |
40602101 JM |
661 | def test_ap_ft_over_ds_many(dev, apdev): |
662 | """WPA2-PSK-FT AP over DS multiple times""" | |
663 | ssid = "test-ft" | |
fab49f61 | 664 | passphrase = "12345678" |
40602101 JM |
665 | |
666 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 667 | hapd0 = hostapd.add_ap(apdev[0], params) |
40602101 | 668 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
8b8a1864 | 669 | hapd1 = hostapd.add_ap(apdev[1], params) |
40602101 | 670 | |
a8375c94 JM |
671 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, |
672 | roams=50) | |
40602101 | 673 | |
473e5176 MB |
674 | def test_ap_ft_vlan_over_ds_many(dev, apdev): |
675 | """WPA2-PSK-FT AP over DS with VLAN multiple times""" | |
676 | ssid = "test-ft" | |
fab49f61 | 677 | passphrase = "12345678" |
473e5176 MB |
678 | |
679 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
58be42b2 JM |
680 | params['dynamic_vlan'] = "1" |
681 | params['accept_mac_file'] = "hostapd.accept" | |
473e5176 MB |
682 | hapd0 = hostapd.add_ap(apdev[0]['ifname'], params) |
683 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
58be42b2 JM |
684 | params['dynamic_vlan'] = "1" |
685 | params['accept_mac_file'] = "hostapd.accept" | |
473e5176 MB |
686 | hapd1 = hostapd.add_ap(apdev[1]['ifname'], params) |
687 | ||
688 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, | |
689 | roams=50, conndev="brvlan1") | |
690 | ||
9fd6804d | 691 | @remote_compatible |
c337d07a JM |
692 | def test_ap_ft_over_ds_unknown_target(dev, apdev): |
693 | """WPA2-PSK-FT AP""" | |
694 | ssid = "test-ft" | |
fab49f61 | 695 | passphrase = "12345678" |
c337d07a JM |
696 | |
697 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 698 | hapd0 = hostapd.add_ap(apdev[0], params) |
c337d07a JM |
699 | |
700 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
701 | scan_freq="2412") | |
702 | dev[0].roam_over_ds("02:11:22:33:44:55", fail_test=True) | |
703 | ||
9fd6804d | 704 | @remote_compatible |
211bb7c5 JM |
705 | def test_ap_ft_over_ds_unexpected(dev, apdev): |
706 | """WPA2-PSK-FT AP over DS and unexpected response""" | |
707 | ssid = "test-ft" | |
fab49f61 | 708 | passphrase = "12345678" |
211bb7c5 JM |
709 | |
710 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 711 | hapd0 = hostapd.add_ap(apdev[0], params) |
211bb7c5 | 712 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
8b8a1864 | 713 | hapd1 = hostapd.add_ap(apdev[1], params) |
211bb7c5 JM |
714 | |
715 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
716 | scan_freq="2412") | |
717 | if dev[0].get_status_field('bssid') == apdev[0]['bssid']: | |
718 | ap1 = apdev[0] | |
719 | ap2 = apdev[1] | |
720 | hapd1ap = hapd0 | |
721 | hapd2ap = hapd1 | |
722 | else: | |
723 | ap1 = apdev[1] | |
724 | ap2 = apdev[0] | |
725 | hapd1ap = hapd1 | |
726 | hapd2ap = hapd0 | |
727 | ||
728 | addr = dev[0].own_addr() | |
729 | hapd1ap.set("ext_mgmt_frame_handling", "1") | |
730 | logger.info("Foreign STA address") | |
731 | msg = {} | |
732 | msg['fc'] = 13 << 4 | |
733 | msg['da'] = addr | |
734 | msg['sa'] = ap1['bssid'] | |
735 | msg['bssid'] = ap1['bssid'] | |
736 | msg['payload'] = binascii.unhexlify("06021122334455660102030405060000") | |
737 | hapd1ap.mgmt_tx(msg) | |
738 | ||
739 | logger.info("No over-the-DS in progress") | |
740 | msg['payload'] = binascii.unhexlify("0602" + addr.replace(':', '') + "0102030405060000") | |
741 | hapd1ap.mgmt_tx(msg) | |
742 | ||
743 | logger.info("Non-zero status code") | |
744 | msg['payload'] = binascii.unhexlify("0602" + addr.replace(':', '') + "0102030405060100") | |
745 | hapd1ap.mgmt_tx(msg) | |
746 | ||
747 | hapd1ap.dump_monitor() | |
748 | ||
749 | dev[0].scan_for_bss(ap2['bssid'], freq="2412") | |
750 | if "OK" not in dev[0].request("FT_DS " + ap2['bssid']): | |
751 | raise Exception("FT_DS failed") | |
752 | ||
753 | req = hapd1ap.mgmt_rx() | |
754 | ||
755 | logger.info("Foreign Target AP") | |
756 | msg['payload'] = binascii.unhexlify("0602" + addr.replace(':', '') + "0102030405060000") | |
757 | hapd1ap.mgmt_tx(msg) | |
758 | ||
759 | addrs = addr.replace(':', '') + ap2['bssid'].replace(':', '') | |
760 | ||
761 | logger.info("No IEs") | |
762 | msg['payload'] = binascii.unhexlify("0602" + addrs + "0000") | |
763 | hapd1ap.mgmt_tx(msg) | |
764 | ||
765 | logger.info("Invalid IEs (trigger parsing failure)") | |
766 | msg['payload'] = binascii.unhexlify("0602" + addrs + "00003700") | |
767 | hapd1ap.mgmt_tx(msg) | |
768 | ||
769 | logger.info("Too short MDIE") | |
770 | msg['payload'] = binascii.unhexlify("0602" + addrs + "000036021122") | |
771 | hapd1ap.mgmt_tx(msg) | |
772 | ||
773 | logger.info("Mobility domain mismatch") | |
774 | msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603112201") | |
775 | hapd1ap.mgmt_tx(msg) | |
776 | ||
777 | logger.info("No FTIE") | |
778 | msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201") | |
779 | hapd1ap.mgmt_tx(msg) | |
780 | ||
781 | logger.info("FTIE SNonce mismatch") | |
782 | msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "1000000000000000000000000000000000000000000000000000000000000001" + "030a6e6173322e77312e6669") | |
783 | hapd1ap.mgmt_tx(msg) | |
784 | ||
785 | logger.info("No R0KH-ID subelem in FTIE") | |
7ab74770 | 786 | snonce = binascii.hexlify(req['payload'][111:111+32]).decode() |
211bb7c5 JM |
787 | msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b20137520000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce) |
788 | hapd1ap.mgmt_tx(msg) | |
789 | ||
790 | logger.info("No R0KH-ID subelem mismatch in FTIE") | |
7ab74770 | 791 | snonce = binascii.hexlify(req['payload'][111:111+32]).decode() |
211bb7c5 JM |
792 | msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce + "030a11223344556677889900") |
793 | hapd1ap.mgmt_tx(msg) | |
794 | ||
795 | logger.info("No R1KH-ID subelem in FTIE") | |
7ab74770 | 796 | r0khid = binascii.hexlify(req['payload'][145:145+10]).decode() |
211bb7c5 JM |
797 | msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce + "030a" + r0khid) |
798 | hapd1ap.mgmt_tx(msg) | |
799 | ||
800 | logger.info("No RSNE") | |
7ab74770 | 801 | r0khid = binascii.hexlify(req['payload'][145:145+10]).decode() |
211bb7c5 JM |
802 | msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b20137660000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce + "030a" + r0khid + "0106000102030405") |
803 | hapd1ap.mgmt_tx(msg) | |
804 | ||
b553eab1 JM |
805 | def test_ap_ft_pmf_over_ds(dev, apdev): |
806 | """WPA2-PSK-FT AP over DS with PMF""" | |
0c481b78 | 807 | run_ap_ft_pmf_bip_over_ds(dev, apdev, None) |
46b8ea21 | 808 | |
ffcaca68 JM |
809 | def test_ap_ft_pmf_bip_cmac_128_over_ds(dev, apdev): |
810 | """WPA2-PSK-FT AP over DS with PMF/BIP-CMAC-128""" | |
811 | run_ap_ft_pmf_bip_over_ds(dev, apdev, "AES-128-CMAC") | |
812 | ||
813 | def test_ap_ft_pmf_bip_gmac_128_over_ds(dev, apdev): | |
814 | """WPA2-PSK-FT AP over DS with PMF/BIP-GMAC-128""" | |
815 | run_ap_ft_pmf_bip_over_ds(dev, apdev, "BIP-GMAC-128") | |
816 | ||
817 | def test_ap_ft_pmf_bip_gmac_256_over_ds(dev, apdev): | |
818 | """WPA2-PSK-FT AP over DS with PMF/BIP-GMAC-256""" | |
819 | run_ap_ft_pmf_bip_over_ds(dev, apdev, "BIP-GMAC-256") | |
820 | ||
821 | def test_ap_ft_pmf_bip_cmac_256_over_ds(dev, apdev): | |
822 | """WPA2-PSK-FT AP over DS with PMF/BIP-CMAC-256""" | |
823 | run_ap_ft_pmf_bip_over_ds(dev, apdev, "BIP-CMAC-256") | |
824 | ||
825 | def run_ap_ft_pmf_bip_over_ds(dev, apdev, cipher): | |
0c481b78 | 826 | if cipher and cipher not in dev[0].get_capability("group_mgmt"): |
ffcaca68 JM |
827 | raise HwsimSkip("Cipher %s not supported" % cipher) |
828 | ||
829 | ssid = "test-ft" | |
fab49f61 | 830 | passphrase = "12345678" |
ffcaca68 JM |
831 | |
832 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
833 | params["ieee80211w"] = "2" | |
0c481b78 JM |
834 | if cipher: |
835 | params["group_mgmt_cipher"] = cipher | |
ffcaca68 JM |
836 | hapd0 = hostapd.add_ap(apdev[0], params) |
837 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
838 | params["ieee80211w"] = "2" | |
0c481b78 JM |
839 | if cipher: |
840 | params["group_mgmt_cipher"] = cipher | |
ffcaca68 JM |
841 | hapd1 = hostapd.add_ap(apdev[1], params) |
842 | ||
0defc42a JM |
843 | Wlantest.setup(hapd0) |
844 | wt = Wlantest() | |
845 | wt.flush() | |
846 | wt.add_passphrase(passphrase) | |
847 | ||
ffcaca68 JM |
848 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, |
849 | group_mgmt=cipher) | |
6e658cc4 | 850 | |
aaba98d3 JM |
851 | def test_ap_ft_over_ds_pull(dev, apdev): |
852 | """WPA2-PSK-FT AP over DS (pull PMK)""" | |
853 | ssid = "test-ft" | |
fab49f61 | 854 | passphrase = "12345678" |
aaba98d3 JM |
855 | |
856 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
857 | params["pmk_r1_push"] = "0" | |
8b8a1864 | 858 | hapd0 = hostapd.add_ap(apdev[0], params) |
aaba98d3 JM |
859 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
860 | params["pmk_r1_push"] = "0" | |
8b8a1864 | 861 | hapd1 = hostapd.add_ap(apdev[1], params) |
aaba98d3 | 862 | |
a8375c94 | 863 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True) |
aaba98d3 | 864 | |
c95dd8e4 JM |
865 | def test_ap_ft_over_ds_pull_old_key(dev, apdev): |
866 | """WPA2-PSK-FT AP over DS (pull PMK; old key)""" | |
867 | ssid = "test-ft" | |
fab49f61 | 868 | passphrase = "12345678" |
c95dd8e4 JM |
869 | |
870 | params = ft_params1_old_key(ssid=ssid, passphrase=passphrase) | |
871 | params["pmk_r1_push"] = "0" | |
872 | hapd0 = hostapd.add_ap(apdev[0], params) | |
873 | params = ft_params2_old_key(ssid=ssid, passphrase=passphrase) | |
874 | params["pmk_r1_push"] = "0" | |
875 | hapd1 = hostapd.add_ap(apdev[1], params) | |
876 | ||
877 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True) | |
878 | ||
473e5176 MB |
879 | def test_ap_ft_over_ds_pull_vlan(dev, apdev): |
880 | """WPA2-PSK-FT AP over DS (pull PMK) with VLAN""" | |
881 | ssid = "test-ft" | |
fab49f61 | 882 | passphrase = "12345678" |
473e5176 MB |
883 | |
884 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
885 | params["pmk_r1_push"] = "0" | |
58be42b2 JM |
886 | params['dynamic_vlan'] = "1" |
887 | params['accept_mac_file'] = "hostapd.accept" | |
473e5176 MB |
888 | hapd0 = hostapd.add_ap(apdev[0]['ifname'], params) |
889 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
890 | params["pmk_r1_push"] = "0" | |
58be42b2 JM |
891 | params['dynamic_vlan'] = "1" |
892 | params['accept_mac_file'] = "hostapd.accept" | |
473e5176 MB |
893 | hapd1 = hostapd.add_ap(apdev[1]['ifname'], params) |
894 | ||
895 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, | |
896 | conndev="brvlan1") | |
897 | ||
425e5f97 JM |
898 | def start_ft_sae(dev, apdev, wpa_ptk_rekey=None): |
899 | if "SAE" not in dev.get_capability("auth_alg"): | |
b9749b6a | 900 | raise HwsimSkip("SAE not supported") |
6e658cc4 | 901 | ssid = "test-ft" |
fab49f61 | 902 | passphrase = "12345678" |
6e658cc4 JM |
903 | |
904 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
905 | params['wpa_key_mgmt'] = "FT-SAE" | |
425e5f97 JM |
906 | if wpa_ptk_rekey: |
907 | params['wpa_ptk_rekey'] = str(wpa_ptk_rekey) | |
8b8a1864 | 908 | hapd0 = hostapd.add_ap(apdev[0], params) |
6e658cc4 JM |
909 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
910 | params['wpa_key_mgmt'] = "FT-SAE" | |
425e5f97 JM |
911 | if wpa_ptk_rekey: |
912 | params['wpa_ptk_rekey'] = str(wpa_ptk_rekey) | |
913 | hapd1 = hostapd.add_ap(apdev[1], params) | |
914 | key_mgmt = hapd1.get_config()['key_mgmt'] | |
65038313 JM |
915 | if key_mgmt.split(' ')[0] != "FT-SAE": |
916 | raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt) | |
6e658cc4 | 917 | |
425e5f97 JM |
918 | dev.request("SET sae_groups ") |
919 | return hapd0, hapd1 | |
920 | ||
921 | def test_ap_ft_sae(dev, apdev): | |
922 | """WPA2-PSK-FT-SAE AP""" | |
923 | hapd0, hapd1 = start_ft_sae(dev[0], apdev) | |
924 | run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True) | |
925 | ||
926 | def test_ap_ft_sae_ptk_rekey0(dev, apdev): | |
927 | """WPA2-PSK-FT-SAE AP and PTK rekey triggered by station""" | |
928 | hapd0, hapd1 = start_ft_sae(dev[0], apdev) | |
929 | run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True, | |
930 | ptk_rekey="1", roams=0) | |
931 | check_ptk_rekey(dev[0], hapd0, hapd1) | |
932 | ||
933 | def test_ap_ft_sae_ptk_rekey1(dev, apdev): | |
934 | """WPA2-PSK-FT-SAE AP and PTK rekey triggered by station""" | |
935 | hapd0, hapd1 = start_ft_sae(dev[0], apdev) | |
936 | run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True, | |
937 | ptk_rekey="1", only_one_way=True) | |
938 | check_ptk_rekey(dev[0], hapd0, hapd1) | |
939 | ||
940 | def test_ap_ft_sae_ptk_rekey_ap(dev, apdev): | |
941 | """WPA2-PSK-FT-SAE AP and PTK rekey triggered by AP""" | |
942 | hapd0, hapd1 = start_ft_sae(dev[0], apdev, wpa_ptk_rekey=2) | |
943 | run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True, | |
944 | only_one_way=True) | |
945 | check_ptk_rekey(dev[0], hapd0, hapd1) | |
6e658cc4 JM |
946 | |
947 | def test_ap_ft_sae_over_ds(dev, apdev): | |
948 | """WPA2-PSK-FT-SAE AP over DS""" | |
425e5f97 JM |
949 | hapd0, hapd1 = start_ft_sae(dev[0], apdev) |
950 | run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True, | |
a8375c94 | 951 | over_ds=True) |
6f62809b | 952 | |
425e5f97 JM |
953 | def test_ap_ft_sae_over_ds_ptk_rekey0(dev, apdev): |
954 | """WPA2-PSK-FT-SAE AP over DS and PTK rekey triggered by station""" | |
955 | hapd0, hapd1 = start_ft_sae(dev[0], apdev) | |
956 | run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True, | |
957 | over_ds=True, ptk_rekey="1", roams=0) | |
958 | check_ptk_rekey(dev[0], hapd0, hapd1) | |
959 | ||
960 | def test_ap_ft_sae_over_ds_ptk_rekey1(dev, apdev): | |
961 | """WPA2-PSK-FT-SAE AP over DS and PTK rekey triggered by station""" | |
962 | hapd0, hapd1 = start_ft_sae(dev[0], apdev) | |
963 | run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True, | |
964 | over_ds=True, ptk_rekey="1", only_one_way=True) | |
965 | check_ptk_rekey(dev[0], hapd0, hapd1) | |
966 | ||
967 | def test_ap_ft_sae_over_ds_ptk_rekey_ap(dev, apdev): | |
968 | """WPA2-PSK-FT-SAE AP over DS and PTK rekey triggered by AP""" | |
969 | hapd0, hapd1 = start_ft_sae(dev[0], apdev, wpa_ptk_rekey=2) | |
970 | run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True, | |
971 | over_ds=True, only_one_way=True) | |
972 | check_ptk_rekey(dev[0], hapd0, hapd1) | |
973 | ||
3d5b88b5 JM |
974 | def test_ap_ft_sae_pw_id(dev, apdev): |
975 | """FT-SAE with Password Identifier""" | |
976 | if "SAE" not in dev[0].get_capability("auth_alg"): | |
977 | raise HwsimSkip("SAE not supported") | |
978 | ssid = "test-ft" | |
979 | ||
980 | params = ft_params1(ssid=ssid) | |
981 | params["ieee80211w"] = "2" | |
982 | params['wpa_key_mgmt'] = "FT-SAE" | |
983 | params['sae_password'] = 'secret|id=pwid' | |
984 | hapd0 = hostapd.add_ap(apdev[0], params) | |
985 | params = ft_params2(ssid=ssid) | |
986 | params["ieee80211w"] = "2" | |
987 | params['wpa_key_mgmt'] = "FT-SAE" | |
988 | params['sae_password'] = 'secret|id=pwid' | |
989 | hapd = hostapd.add_ap(apdev[1], params) | |
990 | ||
991 | dev[0].request("SET sae_groups ") | |
992 | run_roams(dev[0], apdev, hapd0, hapd, ssid, passphrase=None, sae=True, | |
993 | sae_password="secret", sae_password_id="pwid") | |
994 | ||
cdf53910 JM |
995 | def test_ap_ft_sae_with_both_akms(dev, apdev): |
996 | """SAE + FT-SAE configuration""" | |
997 | if "SAE" not in dev[0].get_capability("auth_alg"): | |
998 | raise HwsimSkip("SAE not supported") | |
999 | ssid = "test-ft" | |
1000 | passphrase = "12345678" | |
1001 | ||
1002 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1003 | params['wpa_key_mgmt'] = "FT-SAE SAE" | |
1004 | hapd0 = hostapd.add_ap(apdev[0], params) | |
1005 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1006 | params['wpa_key_mgmt'] = "FT-SAE SAE" | |
1007 | hapd = hostapd.add_ap(apdev[1], params) | |
1008 | key_mgmt = hapd.get_config()['key_mgmt'] | |
1009 | if key_mgmt.split(' ')[0] != "FT-SAE": | |
1010 | raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt) | |
1011 | ||
1012 | dev[0].request("SET sae_groups ") | |
1013 | run_roams(dev[0], apdev, hapd0, hapd, ssid, passphrase, sae=True, | |
1014 | sae_and_psk=True) | |
1015 | ||
1211031a JM |
1016 | def test_ap_ft_sae_pmksa_caching(dev, apdev): |
1017 | """WPA2-FT-SAE AP and PMKSA caching for initial mobility domain association""" | |
1018 | if "SAE" not in dev[0].get_capability("auth_alg"): | |
1019 | raise HwsimSkip("SAE not supported") | |
1020 | ssid = "test-ft" | |
1021 | passphrase = "12345678" | |
1022 | ||
1023 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1024 | params['wpa_key_mgmt'] = "FT-SAE" | |
1025 | hapd0 = hostapd.add_ap(apdev[0], params) | |
1026 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1027 | params['wpa_key_mgmt'] = "FT-SAE" | |
1028 | hapd = hostapd.add_ap(apdev[1], params) | |
1029 | key_mgmt = hapd.get_config()['key_mgmt'] | |
1030 | if key_mgmt.split(' ')[0] != "FT-SAE": | |
1031 | raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt) | |
1032 | ||
1033 | dev[0].request("SET sae_groups ") | |
1034 | run_roams(dev[0], apdev, hapd0, hapd, ssid, passphrase, sae=True, | |
1035 | pmksa_caching=True) | |
1036 | ||
d269740a | 1037 | def generic_ap_ft_eap(dev, apdev, vlan=False, cui=False, over_ds=False, |
425e5f97 JM |
1038 | discovery=False, roams=1, wpa_ptk_rekey=0, |
1039 | only_one_way=False): | |
6f62809b | 1040 | ssid = "test-ft" |
fab49f61 | 1041 | passphrase = "12345678" |
9c50a6d3 | 1042 | if vlan: |
fab49f61 JM |
1043 | identity = "gpsk-vlan1" |
1044 | conndev = "brvlan1" | |
d269740a | 1045 | elif cui: |
fab49f61 JM |
1046 | identity = "gpsk-cui" |
1047 | conndev = False | |
9c50a6d3 | 1048 | else: |
fab49f61 JM |
1049 | identity = "gpsk user" |
1050 | conndev = False | |
6f62809b JM |
1051 | |
1052 | radius = hostapd.radius_params() | |
942b52a8 | 1053 | params = ft_params1(ssid=ssid, passphrase=passphrase, discovery=discovery) |
6f62809b JM |
1054 | params['wpa_key_mgmt'] = "FT-EAP" |
1055 | params["ieee8021x"] = "1" | |
9c50a6d3 MB |
1056 | if vlan: |
1057 | params["dynamic_vlan"] = "1" | |
35d8c254 | 1058 | params = dict(list(radius.items()) + list(params.items())) |
8b8a1864 | 1059 | hapd = hostapd.add_ap(apdev[0], params) |
65038313 JM |
1060 | key_mgmt = hapd.get_config()['key_mgmt'] |
1061 | if key_mgmt.split(' ')[0] != "FT-EAP": | |
1062 | raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt) | |
942b52a8 | 1063 | params = ft_params2(ssid=ssid, passphrase=passphrase, discovery=discovery) |
6f62809b JM |
1064 | params['wpa_key_mgmt'] = "FT-EAP" |
1065 | params["ieee8021x"] = "1" | |
9c50a6d3 MB |
1066 | if vlan: |
1067 | params["dynamic_vlan"] = "1" | |
425e5f97 JM |
1068 | if wpa_ptk_rekey: |
1069 | params["wpa_ptk_rekey"] = str(wpa_ptk_rekey) | |
35d8c254 | 1070 | params = dict(list(radius.items()) + list(params.items())) |
8b8a1864 | 1071 | hapd1 = hostapd.add_ap(apdev[1], params) |
6f62809b | 1072 | |
942b52a8 | 1073 | run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True, |
9c50a6d3 | 1074 | over_ds=over_ds, roams=roams, eap_identity=identity, |
425e5f97 | 1075 | conndev=conndev, only_one_way=only_one_way) |
91bc6c36 JM |
1076 | if "[WPA2-FT/EAP-CCMP]" not in dev[0].request("SCAN_RESULTS"): |
1077 | raise Exception("Scan results missing RSN element info") | |
fab49f61 JM |
1078 | check_mib(dev[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-3"), |
1079 | ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-3")]) | |
425e5f97 JM |
1080 | if only_one_way: |
1081 | return | |
aaba98d3 | 1082 | |
4013d688 JM |
1083 | # Verify EAPOL reauthentication after FT protocol |
1084 | if dev[0].get_status_field('bssid') == apdev[0]['bssid']: | |
1085 | ap = hapd | |
1086 | else: | |
1087 | ap = hapd1 | |
1088 | ap.request("EAPOL_REAUTH " + dev[0].own_addr()) | |
1089 | ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5) | |
1090 | if ev is None: | |
1091 | raise Exception("EAP authentication did not start") | |
1092 | ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=5) | |
1093 | if ev is None: | |
1094 | raise Exception("EAP authentication did not succeed") | |
1095 | time.sleep(0.1) | |
9c50a6d3 MB |
1096 | if conndev: |
1097 | hwsim_utils.test_connectivity_iface(dev[0], ap, conndev) | |
1098 | else: | |
1099 | hwsim_utils.test_connectivity(dev[0], ap) | |
4013d688 | 1100 | |
942b52a8 MB |
1101 | def test_ap_ft_eap(dev, apdev): |
1102 | """WPA2-EAP-FT AP""" | |
1103 | generic_ap_ft_eap(dev, apdev) | |
1104 | ||
d269740a MB |
1105 | def test_ap_ft_eap_cui(dev, apdev): |
1106 | """WPA2-EAP-FT AP with CUI""" | |
1107 | generic_ap_ft_eap(dev, apdev, vlan=False, cui=True) | |
1108 | ||
9c50a6d3 MB |
1109 | def test_ap_ft_eap_vlan(dev, apdev): |
1110 | """WPA2-EAP-FT AP with VLAN""" | |
1111 | generic_ap_ft_eap(dev, apdev, vlan=True) | |
1112 | ||
1113 | def test_ap_ft_eap_vlan_multi(dev, apdev): | |
1114 | """WPA2-EAP-FT AP with VLAN""" | |
1115 | generic_ap_ft_eap(dev, apdev, vlan=True, roams=50) | |
1116 | ||
942b52a8 MB |
1117 | def test_ap_ft_eap_over_ds(dev, apdev): |
1118 | """WPA2-EAP-FT AP using over-the-DS""" | |
1119 | generic_ap_ft_eap(dev, apdev, over_ds=True) | |
1120 | ||
1121 | def test_ap_ft_eap_dis(dev, apdev): | |
1122 | """WPA2-EAP-FT AP with AP discovery""" | |
1123 | generic_ap_ft_eap(dev, apdev, discovery=True) | |
1124 | ||
1125 | def test_ap_ft_eap_dis_over_ds(dev, apdev): | |
1126 | """WPA2-EAP-FT AP with AP discovery and over-the-DS""" | |
1127 | generic_ap_ft_eap(dev, apdev, over_ds=True, discovery=True) | |
1128 | ||
9c50a6d3 MB |
1129 | def test_ap_ft_eap_vlan(dev, apdev): |
1130 | """WPA2-EAP-FT AP with VLAN""" | |
1131 | generic_ap_ft_eap(dev, apdev, vlan=True) | |
1132 | ||
1133 | def test_ap_ft_eap_vlan_multi(dev, apdev): | |
1134 | """WPA2-EAP-FT AP with VLAN""" | |
1135 | generic_ap_ft_eap(dev, apdev, vlan=True, roams=50) | |
1136 | ||
1137 | def test_ap_ft_eap_vlan_over_ds(dev, apdev): | |
1138 | """WPA2-EAP-FT AP with VLAN + over_ds""" | |
1139 | generic_ap_ft_eap(dev, apdev, vlan=True, over_ds=True) | |
1140 | ||
1141 | def test_ap_ft_eap_vlan_over_ds_multi(dev, apdev): | |
1142 | """WPA2-EAP-FT AP with VLAN + over_ds""" | |
1143 | generic_ap_ft_eap(dev, apdev, vlan=True, over_ds=True, roams=50) | |
1144 | ||
1145 | def generic_ap_ft_eap_pull(dev, apdev, vlan=False): | |
aaba98d3 JM |
1146 | """WPA2-EAP-FT AP (pull PMK)""" |
1147 | ssid = "test-ft" | |
fab49f61 | 1148 | passphrase = "12345678" |
9c50a6d3 | 1149 | if vlan: |
fab49f61 JM |
1150 | identity = "gpsk-vlan1" |
1151 | conndev = "brvlan1" | |
9c50a6d3 | 1152 | else: |
fab49f61 JM |
1153 | identity = "gpsk user" |
1154 | conndev = False | |
aaba98d3 JM |
1155 | |
1156 | radius = hostapd.radius_params() | |
1157 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1158 | params['wpa_key_mgmt'] = "FT-EAP" | |
1159 | params["ieee8021x"] = "1" | |
1160 | params["pmk_r1_push"] = "0" | |
9c50a6d3 MB |
1161 | if vlan: |
1162 | params["dynamic_vlan"] = "1" | |
35d8c254 | 1163 | params = dict(list(radius.items()) + list(params.items())) |
8b8a1864 | 1164 | hapd = hostapd.add_ap(apdev[0], params) |
aaba98d3 JM |
1165 | key_mgmt = hapd.get_config()['key_mgmt'] |
1166 | if key_mgmt.split(' ')[0] != "FT-EAP": | |
1167 | raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt) | |
1168 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1169 | params['wpa_key_mgmt'] = "FT-EAP" | |
1170 | params["ieee8021x"] = "1" | |
1171 | params["pmk_r1_push"] = "0" | |
9c50a6d3 MB |
1172 | if vlan: |
1173 | params["dynamic_vlan"] = "1" | |
35d8c254 | 1174 | params = dict(list(radius.items()) + list(params.items())) |
8b8a1864 | 1175 | hapd1 = hostapd.add_ap(apdev[1], params) |
aaba98d3 | 1176 | |
9c50a6d3 MB |
1177 | run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True, |
1178 | eap_identity=identity, conndev=conndev) | |
1179 | ||
1180 | def test_ap_ft_eap_pull(dev, apdev): | |
1181 | """WPA2-EAP-FT AP (pull PMK)""" | |
1182 | generic_ap_ft_eap_pull(dev, apdev) | |
1183 | ||
1184 | def test_ap_ft_eap_pull_vlan(dev, apdev): | |
1185 | generic_ap_ft_eap_pull(dev, apdev, vlan=True) | |
3b808945 | 1186 | |
f81c1411 JM |
1187 | def test_ap_ft_eap_pull_wildcard(dev, apdev): |
1188 | """WPA2-EAP-FT AP (pull PMK) - wildcard R0KH/R1KH""" | |
1189 | ssid = "test-ft" | |
fab49f61 | 1190 | passphrase = "12345678" |
f81c1411 JM |
1191 | |
1192 | radius = hostapd.radius_params() | |
1193 | params = ft_params1(ssid=ssid, passphrase=passphrase, discovery=True) | |
1194 | params['wpa_key_mgmt'] = "WPA-EAP FT-EAP" | |
1195 | params["ieee8021x"] = "1" | |
1196 | params["pmk_r1_push"] = "0" | |
1197 | params["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff" | |
1198 | params["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff" | |
1199 | params["ft_psk_generate_local"] = "1" | |
1200 | params["eap_server"] = "0" | |
35d8c254 | 1201 | params = dict(list(radius.items()) + list(params.items())) |
f81c1411 JM |
1202 | hapd = hostapd.add_ap(apdev[0], params) |
1203 | params = ft_params2(ssid=ssid, passphrase=passphrase, discovery=True) | |
1204 | params['wpa_key_mgmt'] = "WPA-EAP FT-EAP" | |
1205 | params["ieee8021x"] = "1" | |
1206 | params["pmk_r1_push"] = "0" | |
1207 | params["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff" | |
1208 | params["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff" | |
1209 | params["ft_psk_generate_local"] = "1" | |
1210 | params["eap_server"] = "0" | |
35d8c254 | 1211 | params = dict(list(radius.items()) + list(params.items())) |
f81c1411 JM |
1212 | hapd1 = hostapd.add_ap(apdev[1], params) |
1213 | ||
1214 | run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True) | |
1215 | ||
9fd6804d | 1216 | @remote_compatible |
3b808945 JM |
1217 | def test_ap_ft_mismatching_rrb_key_push(dev, apdev): |
1218 | """WPA2-PSK-FT AP over DS with mismatching RRB key (push)""" | |
1219 | ssid = "test-ft" | |
fab49f61 | 1220 | passphrase = "12345678" |
3b808945 JM |
1221 | |
1222 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
bc6e3288 | 1223 | params["ieee80211w"] = "2" |
8b8a1864 | 1224 | hapd0 = hostapd.add_ap(apdev[0], params) |
3b808945 | 1225 | params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase) |
bc6e3288 | 1226 | params["ieee80211w"] = "2" |
8b8a1864 | 1227 | hapd1 = hostapd.add_ap(apdev[1], params) |
3b808945 | 1228 | |
a8375c94 JM |
1229 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, |
1230 | fail_test=True) | |
3b808945 | 1231 | |
9fd6804d | 1232 | @remote_compatible |
3b808945 JM |
1233 | def test_ap_ft_mismatching_rrb_key_pull(dev, apdev): |
1234 | """WPA2-PSK-FT AP over DS with mismatching RRB key (pull)""" | |
1235 | ssid = "test-ft" | |
fab49f61 | 1236 | passphrase = "12345678" |
3b808945 JM |
1237 | |
1238 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1239 | params["pmk_r1_push"] = "0" | |
8b8a1864 | 1240 | hapd0 = hostapd.add_ap(apdev[0], params) |
3b808945 JM |
1241 | params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase) |
1242 | params["pmk_r1_push"] = "0" | |
8b8a1864 | 1243 | hapd1 = hostapd.add_ap(apdev[1], params) |
3b808945 | 1244 | |
a8375c94 JM |
1245 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, |
1246 | fail_test=True) | |
3b808945 | 1247 | |
9fd6804d | 1248 | @remote_compatible |
ae14a2e2 JM |
1249 | def test_ap_ft_mismatching_r0kh_id_pull(dev, apdev): |
1250 | """WPA2-PSK-FT AP over DS with mismatching R0KH-ID (pull)""" | |
1251 | ssid = "test-ft" | |
fab49f61 | 1252 | passphrase = "12345678" |
ae14a2e2 JM |
1253 | |
1254 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1255 | params["pmk_r1_push"] = "0" | |
1256 | params["nas_identifier"] = "nas0.w1.fi" | |
8b8a1864 | 1257 | hostapd.add_ap(apdev[0], params) |
2f816c21 JM |
1258 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", |
1259 | scan_freq="2412") | |
ae14a2e2 JM |
1260 | |
1261 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1262 | params["pmk_r1_push"] = "0" | |
8b8a1864 | 1263 | hostapd.add_ap(apdev[1], params) |
ae14a2e2 JM |
1264 | |
1265 | dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412") | |
1266 | dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True) | |
1267 | ||
9fd6804d | 1268 | @remote_compatible |
3b808945 JM |
1269 | def test_ap_ft_mismatching_rrb_r0kh_push(dev, apdev): |
1270 | """WPA2-PSK-FT AP over DS with mismatching R0KH key (push)""" | |
1271 | ssid = "test-ft" | |
fab49f61 | 1272 | passphrase = "12345678" |
3b808945 JM |
1273 | |
1274 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
bc6e3288 | 1275 | params["ieee80211w"] = "2" |
8b8a1864 | 1276 | hapd0 = hostapd.add_ap(apdev[0], params) |
3b808945 | 1277 | params = ft_params2_r0kh_mismatch(ssid=ssid, passphrase=passphrase) |
bc6e3288 | 1278 | params["ieee80211w"] = "2" |
8b8a1864 | 1279 | hapd1 = hostapd.add_ap(apdev[1], params) |
3b808945 | 1280 | |
a8375c94 JM |
1281 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, |
1282 | fail_test=True) | |
3b808945 | 1283 | |
9fd6804d | 1284 | @remote_compatible |
3b808945 JM |
1285 | def test_ap_ft_mismatching_rrb_r0kh_pull(dev, apdev): |
1286 | """WPA2-PSK-FT AP over DS with mismatching R0KH key (pull)""" | |
1287 | ssid = "test-ft" | |
fab49f61 | 1288 | passphrase = "12345678" |
3b808945 JM |
1289 | |
1290 | params = ft_params1_r0kh_mismatch(ssid=ssid, passphrase=passphrase) | |
1291 | params["pmk_r1_push"] = "0" | |
8b8a1864 | 1292 | hapd0 = hostapd.add_ap(apdev[0], params) |
3b808945 JM |
1293 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
1294 | params["pmk_r1_push"] = "0" | |
8b8a1864 | 1295 | hapd1 = hostapd.add_ap(apdev[1], params) |
3b808945 | 1296 | |
a8375c94 JM |
1297 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, |
1298 | fail_test=True) | |
c6b6e105 | 1299 | |
150948e6 MB |
1300 | def test_ap_ft_mismatching_rrb_key_push_eap(dev, apdev): |
1301 | """WPA2-EAP-FT AP over DS with mismatching RRB key (push)""" | |
1302 | ssid = "test-ft" | |
fab49f61 | 1303 | passphrase = "12345678" |
150948e6 MB |
1304 | |
1305 | radius = hostapd.radius_params() | |
1306 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
58be42b2 | 1307 | params["ieee80211w"] = "2" |
150948e6 MB |
1308 | params['wpa_key_mgmt'] = "FT-EAP" |
1309 | params["ieee8021x"] = "1" | |
35d8c254 | 1310 | params = dict(list(radius.items()) + list(params.items())) |
b098542c | 1311 | hapd0 = hostapd.add_ap(apdev[0], params) |
150948e6 | 1312 | params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase) |
58be42b2 | 1313 | params["ieee80211w"] = "2" |
150948e6 MB |
1314 | params['wpa_key_mgmt'] = "FT-EAP" |
1315 | params["ieee8021x"] = "1" | |
35d8c254 | 1316 | params = dict(list(radius.items()) + list(params.items())) |
b098542c | 1317 | hapd1 = hostapd.add_ap(apdev[1], params) |
150948e6 MB |
1318 | |
1319 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, | |
1320 | fail_test=True, eap=True) | |
1321 | ||
1322 | def test_ap_ft_mismatching_rrb_key_pull_eap(dev, apdev): | |
1323 | """WPA2-EAP-FT AP over DS with mismatching RRB key (pull)""" | |
1324 | ssid = "test-ft" | |
fab49f61 | 1325 | passphrase = "12345678" |
150948e6 MB |
1326 | |
1327 | radius = hostapd.radius_params() | |
1328 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1329 | params["pmk_r1_push"] = "0" | |
1330 | params['wpa_key_mgmt'] = "FT-EAP" | |
1331 | params["ieee8021x"] = "1" | |
35d8c254 | 1332 | params = dict(list(radius.items()) + list(params.items())) |
b098542c | 1333 | hapd0 = hostapd.add_ap(apdev[0], params) |
150948e6 MB |
1334 | params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase) |
1335 | params["pmk_r1_push"] = "0" | |
1336 | params['wpa_key_mgmt'] = "FT-EAP" | |
1337 | params["ieee8021x"] = "1" | |
35d8c254 | 1338 | params = dict(list(radius.items()) + list(params.items())) |
b098542c | 1339 | hapd1 = hostapd.add_ap(apdev[1], params) |
150948e6 MB |
1340 | |
1341 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, | |
1342 | fail_test=True, eap=True) | |
1343 | ||
1344 | def test_ap_ft_mismatching_r0kh_id_pull_eap(dev, apdev): | |
1345 | """WPA2-EAP-FT AP over DS with mismatching R0KH-ID (pull)""" | |
1346 | ssid = "test-ft" | |
fab49f61 | 1347 | passphrase = "12345678" |
150948e6 MB |
1348 | |
1349 | radius = hostapd.radius_params() | |
1350 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1351 | params["pmk_r1_push"] = "0" | |
1352 | params["nas_identifier"] = "nas0.w1.fi" | |
1353 | params['wpa_key_mgmt'] = "FT-EAP" | |
1354 | params["ieee8021x"] = "1" | |
35d8c254 | 1355 | params = dict(list(radius.items()) + list(params.items())) |
b098542c | 1356 | hostapd.add_ap(apdev[0], params) |
150948e6 MB |
1357 | dev[0].connect(ssid, key_mgmt="FT-EAP", proto="WPA2", ieee80211w="1", |
1358 | eap="GPSK", identity="gpsk user", | |
1359 | password="abcdefghijklmnop0123456789abcdef", | |
1360 | scan_freq="2412") | |
1361 | ||
1362 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1363 | params["pmk_r1_push"] = "0" | |
1364 | params['wpa_key_mgmt'] = "FT-EAP" | |
1365 | params["ieee8021x"] = "1" | |
35d8c254 | 1366 | params = dict(list(radius.items()) + list(params.items())) |
b098542c | 1367 | hostapd.add_ap(apdev[1], params) |
150948e6 MB |
1368 | |
1369 | dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412") | |
1370 | dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True) | |
1371 | ||
1372 | def test_ap_ft_mismatching_rrb_r0kh_push_eap(dev, apdev): | |
1373 | """WPA2-EAP-FT AP over DS with mismatching R0KH key (push)""" | |
1374 | ssid = "test-ft" | |
fab49f61 | 1375 | passphrase = "12345678" |
150948e6 MB |
1376 | |
1377 | radius = hostapd.radius_params() | |
1378 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
58be42b2 | 1379 | params["ieee80211w"] = "2" |
150948e6 MB |
1380 | params['wpa_key_mgmt'] = "FT-EAP" |
1381 | params["ieee8021x"] = "1" | |
35d8c254 | 1382 | params = dict(list(radius.items()) + list(params.items())) |
b098542c | 1383 | hapd0 = hostapd.add_ap(apdev[0], params) |
150948e6 | 1384 | params = ft_params2_r0kh_mismatch(ssid=ssid, passphrase=passphrase) |
58be42b2 | 1385 | params["ieee80211w"] = "2" |
150948e6 MB |
1386 | params['wpa_key_mgmt'] = "FT-EAP" |
1387 | params["ieee8021x"] = "1" | |
35d8c254 | 1388 | params = dict(list(radius.items()) + list(params.items())) |
b098542c | 1389 | hapd1 = hostapd.add_ap(apdev[1], params) |
150948e6 MB |
1390 | |
1391 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, | |
1392 | fail_test=True, eap=True) | |
1393 | ||
1394 | def test_ap_ft_mismatching_rrb_r0kh_pull_eap(dev, apdev): | |
1395 | """WPA2-EAP-FT AP over DS with mismatching R0KH key (pull)""" | |
1396 | ssid = "test-ft" | |
fab49f61 | 1397 | passphrase = "12345678" |
150948e6 MB |
1398 | |
1399 | radius = hostapd.radius_params() | |
1400 | params = ft_params1_r0kh_mismatch(ssid=ssid, passphrase=passphrase) | |
1401 | params["pmk_r1_push"] = "0" | |
1402 | params['wpa_key_mgmt'] = "FT-EAP" | |
1403 | params["ieee8021x"] = "1" | |
35d8c254 | 1404 | params = dict(list(radius.items()) + list(params.items())) |
b098542c | 1405 | hapd0 = hostapd.add_ap(apdev[0], params) |
150948e6 MB |
1406 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
1407 | params["pmk_r1_push"] = "0" | |
1408 | params['wpa_key_mgmt'] = "FT-EAP" | |
1409 | params["ieee8021x"] = "1" | |
35d8c254 | 1410 | params = dict(list(radius.items()) + list(params.items())) |
b098542c | 1411 | hapd1 = hostapd.add_ap(apdev[1], params) |
150948e6 MB |
1412 | |
1413 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, | |
1414 | fail_test=True, eap=True) | |
1415 | ||
c6b6e105 JM |
1416 | def test_ap_ft_gtk_rekey(dev, apdev): |
1417 | """WPA2-PSK-FT AP and GTK rekey""" | |
1418 | ssid = "test-ft" | |
fab49f61 | 1419 | passphrase = "12345678" |
c6b6e105 JM |
1420 | |
1421 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1422 | params['wpa_group_rekey'] = '1' | |
8b8a1864 | 1423 | hapd = hostapd.add_ap(apdev[0], params) |
c6b6e105 JM |
1424 | |
1425 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
2f816c21 | 1426 | ieee80211w="1", scan_freq="2412") |
c6b6e105 JM |
1427 | |
1428 | ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2) | |
1429 | if ev is None: | |
1430 | raise Exception("GTK rekey timed out after initial association") | |
a8375c94 | 1431 | hwsim_utils.test_connectivity(dev[0], hapd) |
c6b6e105 JM |
1432 | |
1433 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1434 | params['wpa_group_rekey'] = '1' | |
8b8a1864 | 1435 | hapd1 = hostapd.add_ap(apdev[1], params) |
c6b6e105 JM |
1436 | |
1437 | dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412") | |
1438 | dev[0].roam(apdev[1]['bssid']) | |
1439 | if dev[0].get_status_field('bssid') != apdev[1]['bssid']: | |
1440 | raise Exception("Did not connect to correct AP") | |
a8375c94 | 1441 | hwsim_utils.test_connectivity(dev[0], hapd1) |
c6b6e105 JM |
1442 | |
1443 | ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2) | |
1444 | if ev is None: | |
1445 | raise Exception("GTK rekey timed out after FT protocol") | |
a8375c94 | 1446 | hwsim_utils.test_connectivity(dev[0], hapd1) |
5b3c40a6 JM |
1447 | |
1448 | def test_ft_psk_key_lifetime_in_memory(dev, apdev, params): | |
1449 | """WPA2-PSK-FT and key lifetime in memory""" | |
1450 | ssid = "test-ft" | |
fab49f61 | 1451 | passphrase = "04c2726b4b8d5f1b4db9c07aa4d9e9d8f765cb5d25ec817e6cc4fcdd5255db0" |
5b3c40a6 JM |
1452 | psk = '93c90846ff67af9037ed83fb72b63dbeddaa81d47f926c20909b5886f1d9358d' |
1453 | pmk = binascii.unhexlify(psk) | |
1454 | p = ft_params1(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 1455 | hapd0 = hostapd.add_ap(apdev[0], p) |
5b3c40a6 | 1456 | p = ft_params2(ssid=ssid, passphrase=passphrase) |
8b8a1864 | 1457 | hapd1 = hostapd.add_ap(apdev[1], p) |
5b3c40a6 JM |
1458 | |
1459 | pid = find_wpas_process(dev[0]) | |
1460 | ||
1461 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1462 | scan_freq="2412") | |
8e416cec JM |
1463 | # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED |
1464 | # event has been delivered, so verify that wpa_supplicant has returned to | |
1465 | # eloop before reading process memory. | |
54f2cae2 | 1466 | time.sleep(1) |
8e416cec | 1467 | dev[0].ping() |
5b3c40a6 JM |
1468 | |
1469 | buf = read_process_memory(pid, pmk) | |
1470 | ||
1471 | dev[0].request("DISCONNECT") | |
1472 | dev[0].wait_disconnected() | |
1473 | ||
1474 | dev[0].relog() | |
1475 | pmkr0 = None | |
1476 | pmkr1 = None | |
1477 | ptk = None | |
1478 | gtk = None | |
1479 | with open(os.path.join(params['logdir'], 'log0'), 'r') as f: | |
1480 | for l in f.readlines(): | |
1481 | if "FT: PMK-R0 - hexdump" in l: | |
1482 | val = l.strip().split(':')[3].replace(' ', '') | |
1483 | pmkr0 = binascii.unhexlify(val) | |
1484 | if "FT: PMK-R1 - hexdump" in l: | |
1485 | val = l.strip().split(':')[3].replace(' ', '') | |
1486 | pmkr1 = binascii.unhexlify(val) | |
f918b95b | 1487 | if "FT: KCK - hexdump" in l: |
5b3c40a6 | 1488 | val = l.strip().split(':')[3].replace(' ', '') |
f918b95b JM |
1489 | kck = binascii.unhexlify(val) |
1490 | if "FT: KEK - hexdump" in l: | |
1491 | val = l.strip().split(':')[3].replace(' ', '') | |
1492 | kek = binascii.unhexlify(val) | |
1493 | if "FT: TK - hexdump" in l: | |
1494 | val = l.strip().split(':')[3].replace(' ', '') | |
1495 | tk = binascii.unhexlify(val) | |
5b3c40a6 JM |
1496 | if "WPA: Group Key - hexdump" in l: |
1497 | val = l.strip().split(':')[3].replace(' ', '') | |
1498 | gtk = binascii.unhexlify(val) | |
f918b95b | 1499 | if not pmkr0 or not pmkr1 or not kck or not kek or not tk or not gtk: |
5b3c40a6 JM |
1500 | raise Exception("Could not find keys from debug log") |
1501 | if len(gtk) != 16: | |
1502 | raise Exception("Unexpected GTK length") | |
1503 | ||
5b3c40a6 JM |
1504 | logger.info("Checking keys in memory while associated") |
1505 | get_key_locations(buf, pmk, "PMK") | |
1506 | get_key_locations(buf, pmkr0, "PMK-R0") | |
1507 | get_key_locations(buf, pmkr1, "PMK-R1") | |
1508 | if pmk not in buf: | |
81e787b7 | 1509 | raise HwsimSkip("PMK not found while associated") |
5b3c40a6 | 1510 | if pmkr0 not in buf: |
81e787b7 | 1511 | raise HwsimSkip("PMK-R0 not found while associated") |
5b3c40a6 | 1512 | if pmkr1 not in buf: |
81e787b7 | 1513 | raise HwsimSkip("PMK-R1 not found while associated") |
5b3c40a6 JM |
1514 | if kck not in buf: |
1515 | raise Exception("KCK not found while associated") | |
1516 | if kek not in buf: | |
1517 | raise Exception("KEK not found while associated") | |
b74f82a4 JM |
1518 | #if tk in buf: |
1519 | # raise Exception("TK found from memory") | |
5b3c40a6 JM |
1520 | |
1521 | logger.info("Checking keys in memory after disassociation") | |
1522 | buf = read_process_memory(pid, pmk) | |
1523 | get_key_locations(buf, pmk, "PMK") | |
1524 | get_key_locations(buf, pmkr0, "PMK-R0") | |
1525 | get_key_locations(buf, pmkr1, "PMK-R1") | |
1526 | ||
1527 | # Note: PMK/PSK is still present in network configuration | |
1528 | ||
1529 | fname = os.path.join(params['logdir'], | |
1530 | 'ft_psk_key_lifetime_in_memory.memctx-') | |
1531 | verify_not_present(buf, pmkr0, fname, "PMK-R0") | |
1532 | verify_not_present(buf, pmkr1, fname, "PMK-R1") | |
1533 | verify_not_present(buf, kck, fname, "KCK") | |
1534 | verify_not_present(buf, kek, fname, "KEK") | |
1535 | verify_not_present(buf, tk, fname, "TK") | |
6db556b2 JM |
1536 | if gtk in buf: |
1537 | get_key_locations(buf, gtk, "GTK") | |
5b3c40a6 JM |
1538 | verify_not_present(buf, gtk, fname, "GTK") |
1539 | ||
1540 | dev[0].request("REMOVE_NETWORK all") | |
1541 | ||
1542 | logger.info("Checking keys in memory after network profile removal") | |
1543 | buf = read_process_memory(pid, pmk) | |
1544 | get_key_locations(buf, pmk, "PMK") | |
1545 | get_key_locations(buf, pmkr0, "PMK-R0") | |
1546 | get_key_locations(buf, pmkr1, "PMK-R1") | |
1547 | ||
1548 | verify_not_present(buf, pmk, fname, "PMK") | |
1549 | verify_not_present(buf, pmkr0, fname, "PMK-R0") | |
1550 | verify_not_present(buf, pmkr1, fname, "PMK-R1") | |
1551 | verify_not_present(buf, kck, fname, "KCK") | |
1552 | verify_not_present(buf, kek, fname, "KEK") | |
1553 | verify_not_present(buf, tk, fname, "TK") | |
1554 | verify_not_present(buf, gtk, fname, "GTK") | |
664093b5 | 1555 | |
9fd6804d | 1556 | @remote_compatible |
664093b5 JM |
1557 | def test_ap_ft_invalid_resp(dev, apdev): |
1558 | """WPA2-PSK-FT AP and invalid response IEs""" | |
1559 | ssid = "test-ft" | |
fab49f61 | 1560 | passphrase = "12345678" |
664093b5 JM |
1561 | |
1562 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 1563 | hapd0 = hostapd.add_ap(apdev[0], params) |
664093b5 JM |
1564 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", |
1565 | scan_freq="2412") | |
1566 | ||
1567 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 1568 | hapd1 = hostapd.add_ap(apdev[1], params) |
664093b5 JM |
1569 | |
1570 | tests = [ | |
1571 | # Various IEs for test coverage. The last one is FTIE with invalid | |
1572 | # R1KH-ID subelement. | |
1573 | "020002000000" + "3800" + "38051122334455" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010100", | |
1574 | # FTIE with invalid R0KH-ID subelement (len=0). | |
1575 | "020002000000" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010300", | |
1576 | # FTIE with invalid R0KH-ID subelement (len=49). | |
1577 | "020002000000" + "378500010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001033101020304050607080910111213141516171819202122232425262728293031323334353637383940414243444546474849", | |
1578 | # Invalid RSNE. | |
1579 | "020002000000" + "3000", | |
1580 | # Required IEs missing from protected IE count. | |
1581 | "020002000000" + "3603a1b201" + "375200010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900", | |
1582 | # RIC missing from protected IE count. | |
1583 | "020002000000" + "3603a1b201" + "375200020203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900", | |
1584 | # Protected IE missing. | |
fab49f61 | 1585 | "020002000000" + "3603a1b201" + "375200ff0203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900" + "0000"] |
664093b5 JM |
1586 | for t in tests: |
1587 | dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412") | |
1588 | hapd1.set("ext_mgmt_frame_handling", "1") | |
1589 | hapd1.dump_monitor() | |
1590 | if "OK" not in dev[0].request("ROAM " + apdev[1]['bssid']): | |
1591 | raise Exception("ROAM failed") | |
1592 | auth = None | |
1593 | for i in range(20): | |
1594 | msg = hapd1.mgmt_rx() | |
1595 | if msg['subtype'] == 11: | |
1596 | auth = msg | |
1597 | break | |
1598 | if not auth: | |
1599 | raise Exception("Authentication frame not seen") | |
1600 | ||
1601 | resp = {} | |
1602 | resp['fc'] = auth['fc'] | |
1603 | resp['da'] = auth['sa'] | |
1604 | resp['sa'] = auth['da'] | |
1605 | resp['bssid'] = auth['bssid'] | |
1606 | resp['payload'] = binascii.unhexlify(t) | |
1607 | hapd1.mgmt_tx(resp) | |
1608 | hapd1.set("ext_mgmt_frame_handling", "0") | |
1609 | dev[0].wait_disconnected() | |
1610 | ||
1611 | dev[0].request("RECONNECT") | |
1612 | dev[0].wait_connected() | |
7b741a53 JM |
1613 | |
1614 | def test_ap_ft_gcmp_256(dev, apdev): | |
1615 | """WPA2-PSK-FT AP with GCMP-256 cipher""" | |
1616 | if "GCMP-256" not in dev[0].get_capability("pairwise"): | |
1617 | raise HwsimSkip("Cipher GCMP-256 not supported") | |
1618 | ssid = "test-ft" | |
fab49f61 | 1619 | passphrase = "12345678" |
7b741a53 JM |
1620 | |
1621 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1622 | params['rsn_pairwise'] = "GCMP-256" | |
8b8a1864 | 1623 | hapd0 = hostapd.add_ap(apdev[0], params) |
7b741a53 JM |
1624 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
1625 | params['rsn_pairwise'] = "GCMP-256" | |
8b8a1864 | 1626 | hapd1 = hostapd.add_ap(apdev[1], params) |
7b741a53 JM |
1627 | |
1628 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, | |
1629 | pairwise_cipher="GCMP-256", group_cipher="GCMP-256") | |
cf671d54 | 1630 | |
63a7683b | 1631 | def setup_ap_ft_oom(dev, apdev): |
38934ed1 | 1632 | skip_with_fips(dev[0]) |
cf671d54 | 1633 | ssid = "test-ft" |
fab49f61 | 1634 | passphrase = "12345678" |
cf671d54 JM |
1635 | |
1636 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 1637 | hapd0 = hostapd.add_ap(apdev[0], params) |
cf671d54 | 1638 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
8b8a1864 | 1639 | hapd1 = hostapd.add_ap(apdev[1], params) |
cf671d54 JM |
1640 | |
1641 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1642 | scan_freq="2412") | |
1643 | if dev[0].get_status_field('bssid') == apdev[0]['bssid']: | |
1644 | dst = apdev[1]['bssid'] | |
1645 | else: | |
1646 | dst = apdev[0]['bssid'] | |
1647 | ||
1648 | dev[0].scan_for_bss(dst, freq="2412") | |
63a7683b JM |
1649 | |
1650 | return dst | |
1651 | ||
1652 | def test_ap_ft_oom(dev, apdev): | |
1653 | """WPA2-PSK-FT and OOM""" | |
1654 | dst = setup_ap_ft_oom(dev, apdev) | |
cf671d54 JM |
1655 | with alloc_fail(dev[0], 1, "wpa_ft_gen_req_ies"): |
1656 | dev[0].roam(dst) | |
63a7683b JM |
1657 | |
1658 | def test_ap_ft_oom2(dev, apdev): | |
1659 | """WPA2-PSK-FT and OOM (2)""" | |
1660 | dst = setup_ap_ft_oom(dev, apdev) | |
7cbc8e67 | 1661 | with fail_test(dev[0], 1, "wpa_ft_mic"): |
63a7683b JM |
1662 | dev[0].roam(dst, fail_test=True, assoc_reject_ok=True) |
1663 | ||
1664 | def test_ap_ft_oom3(dev, apdev): | |
1665 | """WPA2-PSK-FT and OOM (3)""" | |
1666 | dst = setup_ap_ft_oom(dev, apdev) | |
cf671d54 | 1667 | with fail_test(dev[0], 1, "os_get_random;wpa_ft_prepare_auth_request"): |
63a7683b | 1668 | dev[0].roam(dst) |
34d3eaa8 | 1669 | |
63a7683b JM |
1670 | def test_ap_ft_oom4(dev, apdev): |
1671 | """WPA2-PSK-FT and OOM (4)""" | |
1672 | ssid = "test-ft" | |
fab49f61 | 1673 | passphrase = "12345678" |
63a7683b | 1674 | dst = setup_ap_ft_oom(dev, apdev) |
dcbb5d80 JM |
1675 | dev[0].request("REMOVE_NETWORK all") |
1676 | with alloc_fail(dev[0], 1, "=sme_update_ft_ies"): | |
1677 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1678 | scan_freq="2412") | |
1679 | ||
682a79f0 JM |
1680 | def test_ap_ft_ap_oom(dev, apdev): |
1681 | """WPA2-PSK-FT and AP OOM""" | |
1682 | ssid = "test-ft" | |
fab49f61 | 1683 | passphrase = "12345678" |
682a79f0 JM |
1684 | |
1685 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1686 | hapd0 = hostapd.add_ap(apdev[0], params) | |
1687 | bssid0 = hapd0.own_addr() | |
1688 | ||
1689 | dev[0].scan_for_bss(bssid0, freq="2412") | |
1690 | with alloc_fail(hapd0, 1, "wpa_ft_store_pmk_r0"): | |
1691 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1692 | scan_freq="2412") | |
1693 | ||
1694 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1695 | hapd1 = hostapd.add_ap(apdev[1], params) | |
1696 | bssid1 = hapd1.own_addr() | |
1697 | dev[0].scan_for_bss(bssid1, freq="2412") | |
1698 | # This roam will fail due to missing PMK-R0 (OOM prevented storing it) | |
1699 | dev[0].roam(bssid1) | |
1700 | ||
1701 | def test_ap_ft_ap_oom2(dev, apdev): | |
1702 | """WPA2-PSK-FT and AP OOM 2""" | |
1703 | ssid = "test-ft" | |
fab49f61 | 1704 | passphrase = "12345678" |
682a79f0 JM |
1705 | |
1706 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1707 | hapd0 = hostapd.add_ap(apdev[0], params) | |
1708 | bssid0 = hapd0.own_addr() | |
1709 | ||
1710 | dev[0].scan_for_bss(bssid0, freq="2412") | |
1711 | with alloc_fail(hapd0, 1, "wpa_ft_store_pmk_r1"): | |
1712 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1713 | scan_freq="2412") | |
1714 | ||
1715 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1716 | hapd1 = hostapd.add_ap(apdev[1], params) | |
1717 | bssid1 = hapd1.own_addr() | |
1718 | dev[0].scan_for_bss(bssid1, freq="2412") | |
1719 | dev[0].roam(bssid1) | |
1720 | if dev[0].get_status_field('bssid') != bssid1: | |
1721 | raise Exception("Did not roam to AP1") | |
1722 | # This roam will fail due to missing PMK-R1 (OOM prevented storing it) | |
1723 | dev[0].roam(bssid0) | |
1724 | ||
1725 | def test_ap_ft_ap_oom3(dev, apdev): | |
1726 | """WPA2-PSK-FT and AP OOM 3""" | |
1727 | ssid = "test-ft" | |
fab49f61 | 1728 | passphrase = "12345678" |
682a79f0 JM |
1729 | |
1730 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1731 | hapd0 = hostapd.add_ap(apdev[0], params) | |
1732 | bssid0 = hapd0.own_addr() | |
1733 | ||
1734 | dev[0].scan_for_bss(bssid0, freq="2412") | |
1735 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1736 | scan_freq="2412") | |
1737 | ||
1738 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1739 | hapd1 = hostapd.add_ap(apdev[1], params) | |
1740 | bssid1 = hapd1.own_addr() | |
1741 | dev[0].scan_for_bss(bssid1, freq="2412") | |
1742 | with alloc_fail(hapd1, 1, "wpa_ft_pull_pmk_r1"): | |
1743 | # This will fail due to not being able to send out PMK-R1 pull request | |
1744 | dev[0].roam(bssid1) | |
1745 | ||
ba88dd65 | 1746 | with fail_test(hapd1, 2, "os_get_random;wpa_ft_pull_pmk_r1"): |
682a79f0 JM |
1747 | # This will fail due to not being able to send out PMK-R1 pull request |
1748 | dev[0].roam(bssid1) | |
1749 | ||
ba88dd65 MB |
1750 | with fail_test(hapd1, 2, "aes_siv_encrypt;wpa_ft_pull_pmk_r1"): |
1751 | # This will fail due to not being able to send out PMK-R1 pull request | |
1752 | dev[0].roam(bssid1) | |
1753 | ||
1754 | def test_ap_ft_ap_oom3b(dev, apdev): | |
1755 | """WPA2-PSK-FT and AP OOM 3b""" | |
1756 | ssid = "test-ft" | |
fab49f61 | 1757 | passphrase = "12345678" |
ba88dd65 MB |
1758 | |
1759 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1760 | hapd0 = hostapd.add_ap(apdev[0], params) | |
1761 | bssid0 = hapd0.own_addr() | |
1762 | ||
1763 | dev[0].scan_for_bss(bssid0, freq="2412") | |
1764 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1765 | scan_freq="2412") | |
1766 | ||
1767 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1768 | hapd1 = hostapd.add_ap(apdev[1], params) | |
1769 | bssid1 = hapd1.own_addr() | |
1770 | dev[0].scan_for_bss(bssid1, freq="2412") | |
1771 | with fail_test(hapd1, 1, "os_get_random;wpa_ft_pull_pmk_r1"): | |
682a79f0 JM |
1772 | # This will fail due to not being able to send out PMK-R1 pull request |
1773 | dev[0].roam(bssid1) | |
1774 | ||
1775 | def test_ap_ft_ap_oom4(dev, apdev): | |
1776 | """WPA2-PSK-FT and AP OOM 4""" | |
1777 | ssid = "test-ft" | |
fab49f61 | 1778 | passphrase = "12345678" |
682a79f0 JM |
1779 | |
1780 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1781 | hapd0 = hostapd.add_ap(apdev[0], params) | |
1782 | bssid0 = hapd0.own_addr() | |
1783 | ||
1784 | dev[0].scan_for_bss(bssid0, freq="2412") | |
1785 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1786 | scan_freq="2412") | |
1787 | ||
1788 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1789 | hapd1 = hostapd.add_ap(apdev[1], params) | |
1790 | bssid1 = hapd1.own_addr() | |
1791 | dev[0].scan_for_bss(bssid1, freq="2412") | |
1792 | with alloc_fail(hapd1, 1, "wpa_ft_gtk_subelem"): | |
1793 | dev[0].roam(bssid1) | |
1794 | if dev[0].get_status_field('bssid') != bssid1: | |
1795 | raise Exception("Did not roam to AP1") | |
1796 | ||
1797 | with fail_test(hapd0, 1, "wpa_auth_get_seqnum;wpa_ft_gtk_subelem"): | |
1798 | dev[0].roam(bssid0) | |
1799 | if dev[0].get_status_field('bssid') != bssid0: | |
1800 | raise Exception("Did not roam to AP0") | |
1801 | ||
1802 | with fail_test(hapd0, 1, "aes_wrap;wpa_ft_gtk_subelem"): | |
1803 | dev[0].roam(bssid1) | |
1804 | if dev[0].get_status_field('bssid') != bssid1: | |
1805 | raise Exception("Did not roam to AP1") | |
1806 | ||
1807 | def test_ap_ft_ap_oom5(dev, apdev): | |
1808 | """WPA2-PSK-FT and AP OOM 5""" | |
1809 | ssid = "test-ft" | |
fab49f61 | 1810 | passphrase = "12345678" |
682a79f0 JM |
1811 | |
1812 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1813 | hapd0 = hostapd.add_ap(apdev[0], params) | |
1814 | bssid0 = hapd0.own_addr() | |
1815 | ||
1816 | dev[0].scan_for_bss(bssid0, freq="2412") | |
1817 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1818 | scan_freq="2412") | |
1819 | ||
1820 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1821 | hapd1 = hostapd.add_ap(apdev[1], params) | |
1822 | bssid1 = hapd1.own_addr() | |
1823 | dev[0].scan_for_bss(bssid1, freq="2412") | |
1824 | with alloc_fail(hapd1, 1, "=wpa_ft_process_auth_req"): | |
1825 | # This will fail to roam | |
1826 | dev[0].roam(bssid1) | |
1827 | ||
1828 | with fail_test(hapd1, 1, "os_get_random;wpa_ft_process_auth_req"): | |
1829 | # This will fail to roam | |
1830 | dev[0].roam(bssid1) | |
1831 | ||
1832 | with fail_test(hapd1, 1, "sha256_prf_bits;wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"): | |
1833 | # This will fail to roam | |
1834 | dev[0].roam(bssid1) | |
1835 | ||
1836 | with fail_test(hapd1, 3, "wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"): | |
1837 | # This will fail to roam | |
1838 | dev[0].roam(bssid1) | |
1839 | ||
1840 | with fail_test(hapd1, 1, "wpa_derive_pmk_r1_name;wpa_ft_process_auth_req"): | |
1841 | # This will fail to roam | |
1842 | dev[0].roam(bssid1) | |
1843 | ||
1844 | def test_ap_ft_ap_oom6(dev, apdev): | |
1845 | """WPA2-PSK-FT and AP OOM 6""" | |
1846 | ssid = "test-ft" | |
fab49f61 | 1847 | passphrase = "12345678" |
682a79f0 JM |
1848 | |
1849 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1850 | hapd0 = hostapd.add_ap(apdev[0], params) | |
1851 | bssid0 = hapd0.own_addr() | |
1852 | ||
1853 | dev[0].scan_for_bss(bssid0, freq="2412") | |
1854 | with fail_test(hapd0, 1, "wpa_derive_pmk_r0;wpa_auth_derive_ptk_ft"): | |
1855 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1856 | scan_freq="2412") | |
1857 | dev[0].request("REMOVE_NETWORK all") | |
1858 | dev[0].wait_disconnected() | |
1859 | with fail_test(hapd0, 1, "wpa_derive_pmk_r1;wpa_auth_derive_ptk_ft"): | |
1860 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1861 | scan_freq="2412") | |
1862 | dev[0].request("REMOVE_NETWORK all") | |
1863 | dev[0].wait_disconnected() | |
1864 | with fail_test(hapd0, 1, "wpa_pmk_r1_to_ptk;wpa_auth_derive_ptk_ft"): | |
1865 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1866 | scan_freq="2412") | |
1867 | ||
c5262648 JM |
1868 | def test_ap_ft_ap_oom7a(dev, apdev): |
1869 | """WPA2-PSK-FT and AP OOM 7a""" | |
682a79f0 | 1870 | ssid = "test-ft" |
fab49f61 | 1871 | passphrase = "12345678" |
682a79f0 JM |
1872 | |
1873 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1874 | params["ieee80211w"] = "2" | |
1875 | hapd0 = hostapd.add_ap(apdev[0], params) | |
1876 | bssid0 = hapd0.own_addr() | |
1877 | ||
1878 | dev[0].scan_for_bss(bssid0, freq="2412") | |
1879 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1880 | ieee80211w="2", scan_freq="2412") | |
1881 | ||
1882 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1883 | params["ieee80211w"] = "2" | |
1884 | hapd1 = hostapd.add_ap(apdev[1], params) | |
1885 | bssid1 = hapd1.own_addr() | |
1886 | dev[0].scan_for_bss(bssid1, freq="2412") | |
1887 | with alloc_fail(hapd1, 1, "wpa_ft_igtk_subelem"): | |
1888 | # This will fail to roam | |
1889 | dev[0].roam(bssid1) | |
c5262648 JM |
1890 | |
1891 | def test_ap_ft_ap_oom7b(dev, apdev): | |
1892 | """WPA2-PSK-FT and AP OOM 7b""" | |
1893 | ssid = "test-ft" | |
fab49f61 | 1894 | passphrase = "12345678" |
c5262648 JM |
1895 | |
1896 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1897 | params["ieee80211w"] = "2" | |
1898 | hapd0 = hostapd.add_ap(apdev[0], params) | |
1899 | bssid0 = hapd0.own_addr() | |
1900 | ||
1901 | dev[0].scan_for_bss(bssid0, freq="2412") | |
1902 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1903 | ieee80211w="2", scan_freq="2412") | |
1904 | ||
1905 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1906 | params["ieee80211w"] = "2" | |
1907 | hapd1 = hostapd.add_ap(apdev[1], params) | |
1908 | bssid1 = hapd1.own_addr() | |
1909 | dev[0].scan_for_bss(bssid1, freq="2412") | |
682a79f0 JM |
1910 | with fail_test(hapd1, 1, "aes_wrap;wpa_ft_igtk_subelem"): |
1911 | # This will fail to roam | |
1912 | dev[0].roam(bssid1) | |
c5262648 JM |
1913 | |
1914 | def test_ap_ft_ap_oom7c(dev, apdev): | |
1915 | """WPA2-PSK-FT and AP OOM 7c""" | |
1916 | ssid = "test-ft" | |
fab49f61 | 1917 | passphrase = "12345678" |
c5262648 JM |
1918 | |
1919 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1920 | params["ieee80211w"] = "2" | |
1921 | hapd0 = hostapd.add_ap(apdev[0], params) | |
1922 | bssid0 = hapd0.own_addr() | |
1923 | ||
1924 | dev[0].scan_for_bss(bssid0, freq="2412") | |
1925 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1926 | ieee80211w="2", scan_freq="2412") | |
1927 | ||
1928 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1929 | params["ieee80211w"] = "2" | |
1930 | hapd1 = hostapd.add_ap(apdev[1], params) | |
1931 | bssid1 = hapd1.own_addr() | |
1932 | dev[0].scan_for_bss(bssid1, freq="2412") | |
682a79f0 JM |
1933 | with alloc_fail(hapd1, 1, "=wpa_sm_write_assoc_resp_ies"): |
1934 | # This will fail to roam | |
1935 | dev[0].roam(bssid1) | |
c5262648 JM |
1936 | |
1937 | def test_ap_ft_ap_oom7d(dev, apdev): | |
1938 | """WPA2-PSK-FT and AP OOM 7d""" | |
1939 | ssid = "test-ft" | |
fab49f61 | 1940 | passphrase = "12345678" |
c5262648 JM |
1941 | |
1942 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1943 | params["ieee80211w"] = "2" | |
1944 | hapd0 = hostapd.add_ap(apdev[0], params) | |
1945 | bssid0 = hapd0.own_addr() | |
1946 | ||
1947 | dev[0].scan_for_bss(bssid0, freq="2412") | |
1948 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1949 | ieee80211w="2", scan_freq="2412") | |
1950 | ||
1951 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1952 | params["ieee80211w"] = "2" | |
1953 | hapd1 = hostapd.add_ap(apdev[1], params) | |
1954 | bssid1 = hapd1.own_addr() | |
1955 | dev[0].scan_for_bss(bssid1, freq="2412") | |
682a79f0 JM |
1956 | with fail_test(hapd1, 1, "wpa_ft_mic;wpa_sm_write_assoc_resp_ies"): |
1957 | # This will fail to roam | |
1958 | dev[0].roam(bssid1) | |
1959 | ||
1960 | def test_ap_ft_ap_oom8(dev, apdev): | |
1961 | """WPA2-PSK-FT and AP OOM 8""" | |
1962 | ssid = "test-ft" | |
fab49f61 | 1963 | passphrase = "12345678" |
682a79f0 JM |
1964 | |
1965 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
58be42b2 | 1966 | params['ft_psk_generate_local'] = "1" |
682a79f0 JM |
1967 | hapd0 = hostapd.add_ap(apdev[0], params) |
1968 | bssid0 = hapd0.own_addr() | |
1969 | ||
1970 | dev[0].scan_for_bss(bssid0, freq="2412") | |
1971 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1972 | scan_freq="2412") | |
1973 | ||
1974 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
58be42b2 | 1975 | params['ft_psk_generate_local'] = "1" |
682a79f0 JM |
1976 | hapd1 = hostapd.add_ap(apdev[1], params) |
1977 | bssid1 = hapd1.own_addr() | |
1978 | dev[0].scan_for_bss(bssid1, freq="2412") | |
1979 | with fail_test(hapd1, 1, "wpa_derive_pmk_r0;wpa_ft_psk_pmk_r1"): | |
1980 | # This will fail to roam | |
1981 | dev[0].roam(bssid1) | |
1982 | with fail_test(hapd1, 1, "wpa_derive_pmk_r1;wpa_ft_psk_pmk_r1"): | |
1983 | # This will fail to roam | |
1984 | dev[0].roam(bssid1) | |
1985 | ||
1986 | def test_ap_ft_ap_oom9(dev, apdev): | |
1987 | """WPA2-PSK-FT and AP OOM 9""" | |
1988 | ssid = "test-ft" | |
fab49f61 | 1989 | passphrase = "12345678" |
682a79f0 JM |
1990 | |
1991 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1992 | hapd0 = hostapd.add_ap(apdev[0], params) | |
1993 | bssid0 = hapd0.own_addr() | |
1994 | ||
1995 | dev[0].scan_for_bss(bssid0, freq="2412") | |
1996 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1997 | scan_freq="2412") | |
1998 | ||
1999 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
2000 | hapd1 = hostapd.add_ap(apdev[1], params) | |
2001 | bssid1 = hapd1.own_addr() | |
2002 | dev[0].scan_for_bss(bssid1, freq="2412") | |
2003 | ||
2004 | with alloc_fail(hapd0, 1, "wpa_ft_action_rx"): | |
2005 | # This will fail to roam | |
2006 | if "OK" not in dev[0].request("FT_DS " + bssid1): | |
2007 | raise Exception("FT_DS failed") | |
2008 | wait_fail_trigger(hapd0, "GET_ALLOC_FAIL") | |
2009 | ||
2010 | with alloc_fail(hapd1, 1, "wpa_ft_rrb_rx_request"): | |
2011 | # This will fail to roam | |
2012 | if "OK" not in dev[0].request("FT_DS " + bssid1): | |
2013 | raise Exception("FT_DS failed") | |
2014 | wait_fail_trigger(hapd1, "GET_ALLOC_FAIL") | |
2015 | ||
2016 | with alloc_fail(hapd1, 1, "wpa_ft_send_rrb_auth_resp"): | |
2017 | # This will fail to roam | |
2018 | if "OK" not in dev[0].request("FT_DS " + bssid1): | |
2019 | raise Exception("FT_DS failed") | |
2020 | wait_fail_trigger(hapd1, "GET_ALLOC_FAIL") | |
2021 | ||
2022 | def test_ap_ft_ap_oom10(dev, apdev): | |
2023 | """WPA2-PSK-FT and AP OOM 10""" | |
2024 | ssid = "test-ft" | |
fab49f61 | 2025 | passphrase = "12345678" |
682a79f0 JM |
2026 | |
2027 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
2028 | hapd0 = hostapd.add_ap(apdev[0], params) | |
2029 | bssid0 = hapd0.own_addr() | |
2030 | ||
2031 | dev[0].scan_for_bss(bssid0, freq="2412") | |
2032 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
2033 | scan_freq="2412") | |
2034 | ||
2035 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
2036 | hapd1 = hostapd.add_ap(apdev[1], params) | |
2037 | bssid1 = hapd1.own_addr() | |
2038 | dev[0].scan_for_bss(bssid1, freq="2412") | |
2039 | ||
9441a227 | 2040 | with fail_test(hapd0, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_pull"): |
682a79f0 JM |
2041 | # This will fail to roam |
2042 | if "OK" not in dev[0].request("FT_DS " + bssid1): | |
2043 | raise Exception("FT_DS failed") | |
2044 | wait_fail_trigger(hapd0, "GET_FAIL") | |
2045 | ||
2046 | with fail_test(hapd0, 1, "wpa_derive_pmk_r1;wpa_ft_rrb_rx_pull"): | |
2047 | # This will fail to roam | |
2048 | if "OK" not in dev[0].request("FT_DS " + bssid1): | |
2049 | raise Exception("FT_DS failed") | |
2050 | wait_fail_trigger(hapd0, "GET_FAIL") | |
2051 | ||
9441a227 | 2052 | with fail_test(hapd0, 1, "aes_siv_encrypt;wpa_ft_rrb_rx_pull"): |
682a79f0 JM |
2053 | # This will fail to roam |
2054 | if "OK" not in dev[0].request("FT_DS " + bssid1): | |
2055 | raise Exception("FT_DS failed") | |
2056 | wait_fail_trigger(hapd0, "GET_FAIL") | |
2057 | ||
9441a227 | 2058 | with fail_test(hapd1, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_resp"): |
682a79f0 JM |
2059 | # This will fail to roam |
2060 | if "OK" not in dev[0].request("FT_DS " + bssid1): | |
2061 | raise Exception("FT_DS failed") | |
2062 | wait_fail_trigger(hapd1, "GET_FAIL") | |
2063 | ||
2064 | def test_ap_ft_ap_oom11(dev, apdev): | |
2065 | """WPA2-PSK-FT and AP OOM 11""" | |
2066 | ssid = "test-ft" | |
fab49f61 | 2067 | passphrase = "12345678" |
682a79f0 JM |
2068 | |
2069 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
2070 | hapd0 = hostapd.add_ap(apdev[0], params) | |
2071 | bssid0 = hapd0.own_addr() | |
2072 | ||
2073 | dev[0].scan_for_bss(bssid0, freq="2412") | |
2074 | with fail_test(hapd0, 1, "wpa_derive_pmk_r1;wpa_ft_generate_pmk_r1"): | |
2075 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
2076 | scan_freq="2412") | |
2077 | wait_fail_trigger(hapd0, "GET_FAIL") | |
2078 | ||
2079 | dev[1].scan_for_bss(bssid0, freq="2412") | |
9441a227 | 2080 | with fail_test(hapd0, 1, "aes_siv_encrypt;wpa_ft_generate_pmk_r1"): |
682a79f0 JM |
2081 | dev[1].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", |
2082 | scan_freq="2412") | |
2083 | wait_fail_trigger(hapd0, "GET_FAIL") | |
2084 | ||
a04e6f3d JM |
2085 | def test_ap_ft_over_ds_proto_ap(dev, apdev): |
2086 | """WPA2-PSK-FT AP over DS protocol testing for AP processing""" | |
2087 | ssid = "test-ft" | |
fab49f61 | 2088 | passphrase = "12345678" |
a04e6f3d JM |
2089 | |
2090 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
2091 | hapd0 = hostapd.add_ap(apdev[0], params) | |
2092 | bssid0 = hapd0.own_addr() | |
2093 | _bssid0 = bssid0.replace(':', '') | |
2094 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
2095 | scan_freq="2412") | |
2096 | addr = dev[0].own_addr() | |
2097 | _addr = addr.replace(':', '') | |
2098 | ||
2099 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
2100 | hapd1 = hostapd.add_ap(apdev[1], params) | |
2101 | bssid1 = hapd1.own_addr() | |
2102 | _bssid1 = bssid1.replace(':', '') | |
2103 | ||
2104 | hapd0.set("ext_mgmt_frame_handling", "1") | |
2105 | hdr = "d0003a01" + _bssid0 + _addr + _bssid0 + "1000" | |
2106 | valid = "0601" + _addr + _bssid1 | |
fab49f61 JM |
2107 | tests = ["0601", |
2108 | "0601" + _addr, | |
2109 | "0601" + _addr + _bssid0, | |
2110 | "0601" + _addr + "ffffffffffff", | |
2111 | "0601" + _bssid0 + _bssid0, | |
2112 | valid, | |
2113 | valid + "01", | |
2114 | valid + "3700", | |
2115 | valid + "3600", | |
2116 | valid + "3603ffffff", | |
2117 | valid + "3603a1b2ff", | |
2118 | valid + "3603a1b2ff" + "3700", | |
2119 | valid + "3603a1b2ff" + "37520000" + 16*"00" + 32*"00" + 32*"00", | |
2120 | valid + "3603a1b2ff" + "37520001" + 16*"00" + 32*"00" + 32*"00", | |
2121 | valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa", | |
2122 | valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "3000", | |
2123 | valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000facff00000100a225368fe0983b5828a37a0acb37f253", | |
2124 | valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac030100000fac0400000100a225368fe0983b5828a37a0acb37f253", | |
2125 | valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000fac0400000100a225368fe0983b5828a37a0acb37f253", | |
2126 | valid + "0001"] | |
a04e6f3d JM |
2127 | for t in tests: |
2128 | hapd0.dump_monitor() | |
2129 | if "OK" not in hapd0.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + t): | |
2130 | raise Exception("MGMT_RX_PROCESS failed") | |
2131 | ||
2132 | hapd0.set("ext_mgmt_frame_handling", "0") | |
2133 | ||
34d3eaa8 JM |
2134 | def test_ap_ft_over_ds_proto(dev, apdev): |
2135 | """WPA2-PSK-FT AP over DS protocol testing""" | |
2136 | ssid = "test-ft" | |
fab49f61 | 2137 | passphrase = "12345678" |
34d3eaa8 JM |
2138 | |
2139 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 2140 | hapd0 = hostapd.add_ap(apdev[0], params) |
34d3eaa8 JM |
2141 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", |
2142 | scan_freq="2412") | |
2143 | ||
2144 | # FT Action Response while no FT-over-DS in progress | |
2145 | msg = {} | |
2146 | msg['fc'] = 13 << 4 | |
2147 | msg['da'] = dev[0].own_addr() | |
2148 | msg['sa'] = apdev[0]['bssid'] | |
2149 | msg['bssid'] = apdev[0]['bssid'] | |
2150 | msg['payload'] = binascii.unhexlify("06020200000000000200000004000000") | |
2151 | hapd0.mgmt_tx(msg) | |
2152 | ||
2153 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 2154 | hapd1 = hostapd.add_ap(apdev[1], params) |
34d3eaa8 JM |
2155 | dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412") |
2156 | hapd0.set("ext_mgmt_frame_handling", "1") | |
2157 | hapd0.dump_monitor() | |
2158 | dev[0].request("FT_DS " + apdev[1]['bssid']) | |
2159 | for i in range(0, 10): | |
2160 | req = hapd0.mgmt_rx() | |
2161 | if req is None: | |
2162 | raise Exception("MGMT RX wait timed out") | |
2163 | if req['subtype'] == 13: | |
2164 | break | |
2165 | req = None | |
2166 | if not req: | |
2167 | raise Exception("FT Action frame not received") | |
2168 | ||
2169 | # FT Action Response for unexpected Target AP | |
2170 | msg['payload'] = binascii.unhexlify("0602020000000000" + "f20000000400" + "0000") | |
2171 | hapd0.mgmt_tx(msg) | |
2172 | ||
2173 | # FT Action Response without MDIE | |
2174 | msg['payload'] = binascii.unhexlify("0602020000000000" + "020000000400" + "0000") | |
2175 | hapd0.mgmt_tx(msg) | |
2176 | ||
2177 | # FT Action Response without FTIE | |
2178 | msg['payload'] = binascii.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201") | |
2179 | hapd0.mgmt_tx(msg) | |
2180 | ||
2181 | # FT Action Response with FTIE SNonce mismatch | |
2182 | msg['payload'] = binascii.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201" + "3766000000000000000000000000000000000000c4e67ac1999bebd00ff4ae4d5dcaf87896bb060b469f7c78d49623fb395c3455ffffff6b693fe6f8d8c5dfac0a22344750775bd09437f98b238c9f87b97f790c0106000102030406030a6e6173312e77312e6669") | |
2183 | hapd0.mgmt_tx(msg) | |
6f3815c0 | 2184 | |
9fd6804d | 2185 | @remote_compatible |
6f3815c0 JM |
2186 | def test_ap_ft_rrb(dev, apdev): |
2187 | """WPA2-PSK-FT RRB protocol testing""" | |
2188 | ssid = "test-ft" | |
fab49f61 | 2189 | passphrase = "12345678" |
6f3815c0 JM |
2190 | |
2191 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 2192 | hapd0 = hostapd.add_ap(apdev[0], params) |
6f3815c0 JM |
2193 | |
2194 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
2195 | scan_freq="2412") | |
2196 | ||
fab49f61 JM |
2197 | _dst_ll = binascii.unhexlify(apdev[0]['bssid'].replace(':', '')) |
2198 | _src_ll = binascii.unhexlify(dev[0].own_addr().replace(':', '')) | |
15dfcb69 | 2199 | proto = b'\x89\x0d' |
6f3815c0 JM |
2200 | ehdr = _dst_ll + _src_ll + proto |
2201 | ||
2202 | # Too short RRB frame | |
15dfcb69 | 2203 | pkt = ehdr + b'\x01' |
7ab74770 | 2204 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()): |
6f3815c0 JM |
2205 | raise Exception("DATA_TEST_FRAME failed") |
2206 | ||
2207 | # RRB discarded frame wikth unrecognized type | |
15dfcb69 | 2208 | pkt = ehdr + b'\x02' + b'\x02' + b'\x01\x00' + _src_ll |
7ab74770 | 2209 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()): |
6f3815c0 JM |
2210 | raise Exception("DATA_TEST_FRAME failed") |
2211 | ||
2212 | # RRB frame too short for action frame | |
15dfcb69 | 2213 | pkt = ehdr + b'\x01' + b'\x02' + b'\x01\x00' + _src_ll |
7ab74770 | 2214 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()): |
6f3815c0 JM |
2215 | raise Exception("DATA_TEST_FRAME failed") |
2216 | ||
2217 | # Too short RRB frame (not enough room for Action Frame body) | |
15dfcb69 | 2218 | pkt = ehdr + b'\x01' + b'\x02' + b'\x00\x00' + _src_ll |
7ab74770 | 2219 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()): |
6f3815c0 JM |
2220 | raise Exception("DATA_TEST_FRAME failed") |
2221 | ||
2222 | # Unexpected Action frame category | |
15dfcb69 | 2223 | pkt = ehdr + b'\x01' + b'\x02' + b'\x0e\x00' + _src_ll + b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' |
7ab74770 | 2224 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()): |
6f3815c0 JM |
2225 | raise Exception("DATA_TEST_FRAME failed") |
2226 | ||
2227 | # Unexpected Action in RRB Request | |
15dfcb69 | 2228 | pkt = ehdr + b'\x01' + b'\x00' + b'\x0e\x00' + _src_ll + b'\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' |
7ab74770 | 2229 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()): |
6f3815c0 JM |
2230 | raise Exception("DATA_TEST_FRAME failed") |
2231 | ||
2232 | # Target AP address in RRB Request does not match with own address | |
15dfcb69 | 2233 | pkt = ehdr + b'\x01' + b'\x00' + b'\x0e\x00' + _src_ll + b'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' |
7ab74770 | 2234 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()): |
6f3815c0 JM |
2235 | raise Exception("DATA_TEST_FRAME failed") |
2236 | ||
2237 | # Not enough room for status code in RRB Response | |
15dfcb69 | 2238 | pkt = ehdr + b'\x01' + b'\x01' + b'\x0e\x00' + _src_ll + b'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' |
7ab74770 | 2239 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()): |
6f3815c0 JM |
2240 | raise Exception("DATA_TEST_FRAME failed") |
2241 | ||
2242 | # RRB discarded frame with unknown packet_type | |
15dfcb69 | 2243 | pkt = ehdr + b'\x01' + b'\x02' + b'\x0e\x00' + _src_ll + b'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' |
7ab74770 | 2244 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()): |
6f3815c0 JM |
2245 | raise Exception("DATA_TEST_FRAME failed") |
2246 | ||
2247 | # RRB Response with non-zero status code; no STA match | |
15dfcb69 | 2248 | pkt = ehdr + b'\x01' + b'\x01' + b'\x10\x00' + _src_ll + b'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + b'\xff\xff' |
7ab74770 | 2249 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()): |
6f3815c0 JM |
2250 | raise Exception("DATA_TEST_FRAME failed") |
2251 | ||
2252 | # RRB Response with zero status code and extra data; STA match | |
15dfcb69 | 2253 | pkt = ehdr + b'\x01' + b'\x01' + b'\x11\x00' + _src_ll + b'\x06\x01' + _src_ll + b'\x00\x00\x00\x00\x00\x00' + b'\x00\x00' + b'\x00' |
7ab74770 | 2254 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()): |
6f3815c0 JM |
2255 | raise Exception("DATA_TEST_FRAME failed") |
2256 | ||
2257 | # Too short PMK-R1 pull | |
15dfcb69 | 2258 | pkt = ehdr + b'\x01' + b'\xc8' + b'\x0e\x00' + _src_ll + b'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' |
7ab74770 | 2259 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()): |
6f3815c0 JM |
2260 | raise Exception("DATA_TEST_FRAME failed") |
2261 | ||
2262 | # Too short PMK-R1 resp | |
15dfcb69 | 2263 | pkt = ehdr + b'\x01' + b'\xc9' + b'\x0e\x00' + _src_ll + b'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' |
7ab74770 | 2264 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()): |
6f3815c0 JM |
2265 | raise Exception("DATA_TEST_FRAME failed") |
2266 | ||
2267 | # Too short PMK-R1 push | |
15dfcb69 | 2268 | pkt = ehdr + b'\x01' + b'\xca' + b'\x0e\x00' + _src_ll + b'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' |
7ab74770 | 2269 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()): |
6f3815c0 JM |
2270 | raise Exception("DATA_TEST_FRAME failed") |
2271 | ||
2272 | # No matching R0KH address found for PMK-R0 pull response | |
15dfcb69 | 2273 | pkt = ehdr + b'\x01' + b'\xc9' + b'\x5a\x00' + _src_ll + b'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + 76 * b'\00' |
7ab74770 | 2274 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()): |
6f3815c0 | 2275 | raise Exception("DATA_TEST_FRAME failed") |
ecafa0cf | 2276 | |
9fd6804d | 2277 | @remote_compatible |
ecafa0cf JM |
2278 | def test_rsn_ie_proto_ft_psk_sta(dev, apdev): |
2279 | """RSN element protocol testing for FT-PSK + PMF cases on STA side""" | |
2280 | bssid = apdev[0]['bssid'] | |
2281 | ssid = "test-ft" | |
fab49f61 | 2282 | passphrase = "12345678" |
ecafa0cf JM |
2283 | |
2284 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
bc6e3288 | 2285 | params["ieee80211w"] = "1" |
ecafa0cf JM |
2286 | # This is the RSN element used normally by hostapd |
2287 | params['own_ie_override'] = '30140100000fac040100000fac040100000fac048c00' + '3603a1b201' | |
8b8a1864 | 2288 | hapd = hostapd.add_ap(apdev[0], params) |
ecafa0cf JM |
2289 | id = dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", |
2290 | ieee80211w="1", scan_freq="2412", | |
2291 | pairwise="CCMP", group="CCMP") | |
2292 | ||
fab49f61 JM |
2293 | tests = [('PMKIDCount field included', |
2294 | '30160100000fac040100000fac040100000fac048c000000' + '3603a1b201'), | |
2295 | ('Extra IE before RSNE', | |
2296 | 'dd0400000000' + '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'), | |
2297 | ('PMKIDCount and Group Management Cipher suite fields included', | |
2298 | '301a0100000fac040100000fac040100000fac048c000000000fac06' + '3603a1b201'), | |
2299 | ('Extra octet after defined fields (future extensibility)', | |
2300 | '301b0100000fac040100000fac040100000fac048c000000000fac0600' + '3603a1b201'), | |
2301 | ('No RSN Capabilities field (PMF disabled in practice)', | |
2302 | '30120100000fac040100000fac040100000fac04' + '3603a1b201')] | |
2303 | for txt, ie in tests: | |
ecafa0cf JM |
2304 | dev[0].request("DISCONNECT") |
2305 | dev[0].wait_disconnected() | |
2306 | logger.info(txt) | |
2307 | hapd.disable() | |
2308 | hapd.set('own_ie_override', ie) | |
2309 | hapd.enable() | |
2310 | dev[0].request("BSS_FLUSH 0") | |
2311 | dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True) | |
2312 | dev[0].select_network(id, freq=2412) | |
2313 | dev[0].wait_connected() | |
2314 | ||
2315 | dev[0].request("DISCONNECT") | |
2316 | dev[0].wait_disconnected() | |
2317 | ||
2318 | logger.info('Invalid RSNE causing internal hostapd error') | |
2319 | hapd.disable() | |
2320 | hapd.set('own_ie_override', '30130100000fac040100000fac040100000fac048c' + '3603a1b201') | |
2321 | hapd.enable() | |
2322 | dev[0].request("BSS_FLUSH 0") | |
2323 | dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True) | |
2324 | dev[0].select_network(id, freq=2412) | |
2325 | # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot | |
2326 | # complete. | |
2327 | ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1) | |
2328 | if ev is not None: | |
2329 | raise Exception("Unexpected connection") | |
2330 | dev[0].request("DISCONNECT") | |
2331 | ||
2332 | logger.info('Unexpected PMKID causing internal hostapd error') | |
2333 | hapd.disable() | |
2334 | hapd.set('own_ie_override', '30260100000fac040100000fac040100000fac048c000100ffffffffffffffffffffffffffffffff' + '3603a1b201') | |
2335 | hapd.enable() | |
2336 | dev[0].request("BSS_FLUSH 0") | |
2337 | dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True) | |
2338 | dev[0].select_network(id, freq=2412) | |
2339 | # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot | |
2340 | # complete. | |
2341 | ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1) | |
2342 | if ev is not None: | |
2343 | raise Exception("Unexpected connection") | |
2344 | dev[0].request("DISCONNECT") | |
1025603b | 2345 | |
425e5f97 | 2346 | def start_ft(apdev, wpa_ptk_rekey=None): |
1025603b | 2347 | ssid = "test-ft" |
fab49f61 | 2348 | passphrase = "12345678" |
1025603b JM |
2349 | |
2350 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
425e5f97 JM |
2351 | if wpa_ptk_rekey: |
2352 | params['wpa_ptk_rekey'] = str(wpa_ptk_rekey) | |
8b8a1864 | 2353 | hapd0 = hostapd.add_ap(apdev[0], params) |
1025603b | 2354 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
425e5f97 JM |
2355 | if wpa_ptk_rekey: |
2356 | params['wpa_ptk_rekey'] = str(wpa_ptk_rekey) | |
8b8a1864 | 2357 | hapd1 = hostapd.add_ap(apdev[1], params) |
1025603b | 2358 | |
425e5f97 | 2359 | return hapd0, hapd1 |
1025603b | 2360 | |
425e5f97 JM |
2361 | def check_ptk_rekey(dev, hapd0=None, hapd1=None): |
2362 | ev = dev.wait_event(["CTRL-EVENT-DISCONNECTED", | |
2363 | "WPA: Key negotiation completed"], timeout=5) | |
1025603b JM |
2364 | if ev is None: |
2365 | raise Exception("No event received after roam") | |
2366 | if "CTRL-EVENT-DISCONNECTED" in ev: | |
2367 | raise Exception("Unexpected disconnection after roam") | |
2368 | ||
425e5f97 JM |
2369 | if not hapd0 or not hapd1: |
2370 | return | |
2371 | if dev.get_status_field('bssid') == hapd0.own_addr(): | |
1025603b JM |
2372 | hapd = hapd0 |
2373 | else: | |
2374 | hapd = hapd1 | |
425e5f97 | 2375 | hwsim_utils.test_connectivity(dev, hapd) |
1025603b | 2376 | |
425e5f97 JM |
2377 | def test_ap_ft_ptk_rekey(dev, apdev): |
2378 | """WPA2-PSK-FT PTK rekeying triggered by station after roam""" | |
2379 | hapd0, hapd1 = start_ft(apdev) | |
2380 | run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", ptk_rekey="1") | |
2381 | check_ptk_rekey(dev[0], hapd0, hapd1) | |
1025603b | 2382 | |
425e5f97 JM |
2383 | def test_ap_ft_ptk_rekey2(dev, apdev): |
2384 | """WPA2-PSK-FT PTK rekeying triggered by station after one roam""" | |
2385 | hapd0, hapd1 = start_ft(apdev) | |
2386 | run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", ptk_rekey="1", | |
2387 | only_one_way=True) | |
2388 | check_ptk_rekey(dev[0], hapd0, hapd1) | |
1025603b | 2389 | |
425e5f97 JM |
2390 | def test_ap_ft_ptk_rekey_ap(dev, apdev): |
2391 | """WPA2-PSK-FT PTK rekeying triggered by AP after roam""" | |
2392 | hapd0, hapd1 = start_ft(apdev, wpa_ptk_rekey=2) | |
2393 | run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678") | |
2394 | check_ptk_rekey(dev[0], hapd0, hapd1) | |
2395 | ||
2396 | def test_ap_ft_ptk_rekey_ap2(dev, apdev): | |
2397 | """WPA2-PSK-FT PTK rekeying triggered by AP after one roam""" | |
2398 | hapd0, hapd1 = start_ft(apdev, wpa_ptk_rekey=2) | |
2399 | run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", | |
2400 | only_one_way=True) | |
2401 | check_ptk_rekey(dev[0], hapd0, hapd1) | |
2402 | ||
2403 | def test_ap_ft_eap_ptk_rekey_ap(dev, apdev): | |
2404 | """WPA2-EAP-FT PTK rekeying triggered by AP""" | |
2405 | generic_ap_ft_eap(dev, apdev, only_one_way=True, wpa_ptk_rekey=2) | |
2406 | check_ptk_rekey(dev[0]) | |
186ca473 MB |
2407 | |
2408 | def test_ap_ft_internal_rrb_check(dev, apdev): | |
2409 | """RRB internal delivery only to WPA enabled BSS""" | |
2410 | ssid = "test-ft" | |
fab49f61 | 2411 | passphrase = "12345678" |
186ca473 MB |
2412 | |
2413 | radius = hostapd.radius_params() | |
2414 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
2415 | params['wpa_key_mgmt'] = "FT-EAP" | |
2416 | params["ieee8021x"] = "1" | |
35d8c254 | 2417 | params = dict(list(radius.items()) + list(params.items())) |
8b8a1864 | 2418 | hapd = hostapd.add_ap(apdev[0], params) |
186ca473 MB |
2419 | key_mgmt = hapd.get_config()['key_mgmt'] |
2420 | if key_mgmt.split(' ')[0] != "FT-EAP": | |
2421 | raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt) | |
2422 | ||
fab49f61 | 2423 | hapd1 = hostapd.add_ap(apdev[1], {"ssid": ssid}) |
186ca473 MB |
2424 | |
2425 | # Connect to WPA enabled AP | |
2426 | dev[0].connect(ssid, key_mgmt="FT-EAP", proto="WPA2", ieee80211w="1", | |
2427 | eap="GPSK", identity="gpsk user", | |
2428 | password="abcdefghijklmnop0123456789abcdef", | |
2429 | scan_freq="2412") | |
2430 | ||
2431 | # Try over_ds roaming to non-WPA-enabled AP. | |
2432 | # If hostapd does not check hapd->wpa_auth internally, it will crash now. | |
2433 | dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True) | |
c85fcff2 JM |
2434 | |
2435 | def test_ap_ft_extra_ie(dev, apdev): | |
2436 | """WPA2-PSK-FT AP with WPA2-PSK enabled and unexpected MDE""" | |
2437 | ssid = "test-ft" | |
fab49f61 | 2438 | passphrase = "12345678" |
c85fcff2 JM |
2439 | |
2440 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
2441 | params["wpa_key_mgmt"] = "WPA-PSK FT-PSK" | |
2442 | hapd0 = hostapd.add_ap(apdev[0], params) | |
2443 | dev[1].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
2444 | scan_freq="2412") | |
2445 | dev[2].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK", proto="WPA2", | |
2446 | scan_freq="2412") | |
2447 | try: | |
2448 | # Add Mobility Domain element to test AP validation code. | |
2449 | dev[0].request("VENDOR_ELEM_ADD 13 3603a1b201") | |
2450 | dev[0].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK", proto="WPA2", | |
2451 | scan_freq="2412", wait_connect=False) | |
2452 | ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED", | |
2453 | "CTRL-EVENT-ASSOC-REJECT"], timeout=10) | |
2454 | if ev is None: | |
2455 | raise Exception("No connection result") | |
2456 | if "CTRL-EVENT-CONNECTED" in ev: | |
2457 | raise Exception("Non-FT association accepted with MDE") | |
2458 | if "status_code=43" not in ev: | |
2459 | raise Exception("Unexpected status code: " + ev) | |
2460 | dev[0].request("DISCONNECT") | |
2461 | finally: | |
2462 | dev[0].request("VENDOR_ELEM_REMOVE 13 *") | |
fd7205fa JM |
2463 | |
2464 | def test_ap_ft_ric(dev, apdev): | |
2465 | """WPA2-PSK-FT AP and RIC""" | |
2466 | ssid = "test-ft" | |
fab49f61 | 2467 | passphrase = "12345678" |
fd7205fa JM |
2468 | |
2469 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
2470 | hapd0 = hostapd.add_ap(apdev[0], params) | |
2471 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
2472 | hapd1 = hostapd.add_ap(apdev[1], params) | |
2473 | ||
2474 | dev[0].set("ric_ies", "") | |
2475 | dev[0].set("ric_ies", '""') | |
2476 | if "FAIL" not in dev[0].request("SET ric_ies q"): | |
2477 | raise Exception("Invalid ric_ies value accepted") | |
2478 | ||
fab49f61 JM |
2479 | tests = ["3900", |
2480 | "3900ff04eeeeeeee", | |
2481 | "390400000000", | |
2482 | "390400000000" + "390400000000", | |
2483 | "390400000000" + "dd050050f20202", | |
2484 | "390400000000" + "dd3d0050f2020201" + 55*"00", | |
2485 | "390400000000" + "dd3d0050f2020201aa300010270000000000000000000000000000000000000000000000000000ffffff7f00000000000000000000000040420f00ffff0000", | |
2486 | "390401010000" + "dd3d0050f2020201aa3000dc050000000000000000000000000000000000000000000000000000dc050000000000000000000000000000808d5b0028230000"] | |
fd7205fa JM |
2487 | for t in tests: |
2488 | dev[0].set("ric_ies", t) | |
2489 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, | |
2490 | test_connectivity=False) | |
2491 | dev[0].request("REMOVE_NETWORK all") | |
2492 | dev[0].wait_disconnected() | |
2493 | dev[0].dump_monitor() | |
c8942286 JM |
2494 | |
2495 | def ie_hex(ies, id): | |
7ab74770 | 2496 | return binascii.hexlify(struct.pack('BB', id, len(ies[id])) + ies[id]).decode() |
c8942286 JM |
2497 | |
2498 | def test_ap_ft_reassoc_proto(dev, apdev): | |
2499 | """WPA2-PSK-FT AP Reassociation Request frame parsing""" | |
2500 | ssid = "test-ft" | |
fab49f61 | 2501 | passphrase = "12345678" |
c8942286 JM |
2502 | |
2503 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
2504 | hapd0 = hostapd.add_ap(apdev[0], params) | |
2505 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
2506 | hapd1 = hostapd.add_ap(apdev[1], params) | |
2507 | ||
2508 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
2509 | ieee80211w="1", scan_freq="2412") | |
2510 | if dev[0].get_status_field('bssid') == hapd0.own_addr(): | |
2511 | hapd1ap = hapd0 | |
2512 | hapd2ap = hapd1 | |
2513 | else: | |
2514 | hapd1ap = hapd1 | |
2515 | hapd2ap = hapd0 | |
2516 | ||
2517 | dev[0].scan_for_bss(hapd2ap.own_addr(), freq="2412") | |
2518 | hapd2ap.set("ext_mgmt_frame_handling", "1") | |
2519 | dev[0].request("ROAM " + hapd2ap.own_addr()) | |
2520 | ||
2521 | while True: | |
2522 | req = hapd2ap.mgmt_rx() | |
7ab74770 | 2523 | hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode()) |
c8942286 JM |
2524 | if req['subtype'] == 11: |
2525 | break | |
2526 | ||
2527 | while True: | |
2528 | req = hapd2ap.mgmt_rx() | |
2529 | if req['subtype'] == 2: | |
2530 | break | |
7ab74770 | 2531 | hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode()) |
c8942286 JM |
2532 | |
2533 | # IEEE 802.11 header + fixed fields before IEs | |
7ab74770 | 2534 | hdr = binascii.hexlify(req['frame'][0:34]).decode() |
c8942286 JM |
2535 | ies = parse_ie(binascii.hexlify(req['frame'][34:])) |
2536 | # First elements: SSID, Supported Rates, Extended Supported Rates | |
2537 | ies1 = ie_hex(ies, 0) + ie_hex(ies, 1) + ie_hex(ies, 50) | |
2538 | ||
2539 | rsne = ie_hex(ies, 48) | |
2540 | mde = ie_hex(ies, 54) | |
2541 | fte = ie_hex(ies, 55) | |
fab49f61 | 2542 | tests = [] |
c8942286 | 2543 | # RSN: Trying to use FT, but MDIE not included |
fab49f61 | 2544 | tests += [rsne] |
c8942286 | 2545 | # RSN: Attempted to use unknown MDIE |
fab49f61 | 2546 | tests += [rsne + "3603000000"] |
c8942286 | 2547 | # Invalid RSN pairwise cipher |
fab49f61 | 2548 | tests += ["30260100000fac040100000fac030100000fac040000010029208a42cd25c85aa571567dce10dae3"] |
c8942286 | 2549 | # FT: No PMKID in RSNIE |
fab49f61 | 2550 | tests += ["30160100000fac040100000fac040100000fac0400000000" + ie_hex(ies, 54)] |
c8942286 | 2551 | # FT: Invalid FTIE |
fab49f61 | 2552 | tests += [rsne + mde] |
c8942286 JM |
2553 | # FT: RIC IE(s) in the frame, but not included in protected IE count |
2554 | # FT: Failed to parse FT IEs | |
fab49f61 | 2555 | tests += [rsne + mde + fte + "3900"] |
c8942286 | 2556 | # FT: SNonce mismatch in FTIE |
fab49f61 | 2557 | tests += [rsne + mde + "37520000" + 16*"00" + 32*"00" + 32*"00"] |
c8942286 | 2558 | # FT: ANonce mismatch in FTIE |
fab49f61 | 2559 | tests += [rsne + mde + fte[0:40] + 32*"00" + fte[104:]] |
c8942286 | 2560 | # FT: No R0KH-ID subelem in FTIE |
fab49f61 | 2561 | tests += [rsne + mde + "3752" + fte[4:168]] |
c8942286 | 2562 | # FT: R0KH-ID in FTIE did not match with the current R0KH-ID |
fab49f61 | 2563 | tests += [rsne + mde + "3755" + fte[4:168] + "0301ff"] |
c8942286 | 2564 | # FT: No R1KH-ID subelem in FTIE |
fab49f61 | 2565 | tests += [rsne + mde + "375e" + fte[4:168] + "030a" + binascii.hexlify(b"nas1.w1.fi").decode()] |
c8942286 | 2566 | # FT: Unknown R1KH-ID used in ReassocReq |
fab49f61 | 2567 | tests += [rsne + mde + "3766" + fte[4:168] + "030a" + binascii.hexlify(b"nas1.w1.fi").decode() + "0106000000000000"] |
c8942286 | 2568 | # FT: PMKID in Reassoc Req did not match with the PMKR1Name derived from auth request |
fab49f61 | 2569 | tests += [rsne[:-32] + 16*"00" + mde + fte] |
c8942286 | 2570 | # Invalid MIC in FTIE |
fab49f61 | 2571 | tests += [rsne + mde + fte[0:8] + 16*"00" + fte[40:]] |
c8942286 JM |
2572 | for t in tests: |
2573 | hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + ies1 + t) | |
2574 | ||
2575 | def test_ap_ft_reassoc_local_fail(dev, apdev): | |
2576 | """WPA2-PSK-FT AP Reassociation Request frame and local failure""" | |
2577 | ssid = "test-ft" | |
fab49f61 | 2578 | passphrase = "12345678" |
c8942286 JM |
2579 | |
2580 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
2581 | hapd0 = hostapd.add_ap(apdev[0], params) | |
2582 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
2583 | hapd1 = hostapd.add_ap(apdev[1], params) | |
2584 | ||
2585 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
2586 | ieee80211w="1", scan_freq="2412") | |
2587 | if dev[0].get_status_field('bssid') == hapd0.own_addr(): | |
2588 | hapd1ap = hapd0 | |
2589 | hapd2ap = hapd1 | |
2590 | else: | |
2591 | hapd1ap = hapd1 | |
2592 | hapd2ap = hapd0 | |
2593 | ||
2594 | dev[0].scan_for_bss(hapd2ap.own_addr(), freq="2412") | |
2595 | # FT: Failed to calculate MIC | |
2596 | with fail_test(hapd2ap, 1, "wpa_ft_validate_reassoc"): | |
2597 | dev[0].request("ROAM " + hapd2ap.own_addr()) | |
2598 | ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10) | |
2599 | dev[0].request("DISCONNECT") | |
2600 | if ev is None: | |
2601 | raise Exception("Association reject not seen") | |
d7f0bef9 JM |
2602 | |
2603 | def test_ap_ft_reassoc_replay(dev, apdev, params): | |
2604 | """WPA2-PSK-FT AP and replayed Reassociation Request frame""" | |
2605 | capfile = os.path.join(params['logdir'], "hwsim0.pcapng") | |
2606 | ssid = "test-ft" | |
fab49f61 | 2607 | passphrase = "12345678" |
d7f0bef9 JM |
2608 | |
2609 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
2610 | hapd0 = hostapd.add_ap(apdev[0], params) | |
2611 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
2612 | hapd1 = hostapd.add_ap(apdev[1], params) | |
2613 | ||
2614 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
2615 | scan_freq="2412") | |
2616 | if dev[0].get_status_field('bssid') == hapd0.own_addr(): | |
2617 | hapd1ap = hapd0 | |
2618 | hapd2ap = hapd1 | |
2619 | else: | |
2620 | hapd1ap = hapd1 | |
2621 | hapd2ap = hapd0 | |
2622 | ||
2623 | dev[0].scan_for_bss(hapd2ap.own_addr(), freq="2412") | |
2624 | hapd2ap.set("ext_mgmt_frame_handling", "1") | |
2625 | dev[0].dump_monitor() | |
2626 | if "OK" not in dev[0].request("ROAM " + hapd2ap.own_addr()): | |
2627 | raise Exception("ROAM failed") | |
2628 | ||
2629 | reassocreq = None | |
2630 | count = 0 | |
2631 | while count < 100: | |
2632 | req = hapd2ap.mgmt_rx() | |
2633 | count += 1 | |
2634 | hapd2ap.dump_monitor() | |
7ab74770 | 2635 | hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode()) |
d7f0bef9 JM |
2636 | if req['subtype'] == 2: |
2637 | reassocreq = req | |
2638 | ev = hapd2ap.wait_event(["MGMT-TX-STATUS"], timeout=5) | |
2639 | if ev is None: | |
2640 | raise Exception("No TX status seen") | |
2641 | cmd = "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev.split(' ')[1:4])) | |
2642 | if "OK" not in hapd2ap.request(cmd): | |
2643 | raise Exception("MGMT_TX_STATUS_PROCESS failed") | |
2644 | break | |
2645 | hapd2ap.set("ext_mgmt_frame_handling", "0") | |
2646 | if reassocreq is None: | |
2647 | raise Exception("No Reassociation Request frame seen") | |
2648 | dev[0].wait_connected() | |
2649 | dev[0].dump_monitor() | |
2650 | hapd2ap.dump_monitor() | |
2651 | ||
2652 | hwsim_utils.test_connectivity(dev[0], hapd2ap) | |
2653 | ||
2654 | logger.info("Replay the last Reassociation Request frame") | |
2655 | hapd2ap.dump_monitor() | |
2656 | hapd2ap.set("ext_mgmt_frame_handling", "1") | |
7ab74770 | 2657 | hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode()) |
d7f0bef9 JM |
2658 | ev = hapd2ap.wait_event(["MGMT-TX-STATUS"], timeout=5) |
2659 | if ev is None: | |
2660 | raise Exception("No TX status seen") | |
2661 | cmd = "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev.split(' ')[1:4])) | |
2662 | if "OK" not in hapd2ap.request(cmd): | |
2663 | raise Exception("MGMT_TX_STATUS_PROCESS failed") | |
2664 | hapd2ap.set("ext_mgmt_frame_handling", "0") | |
2665 | ||
2666 | try: | |
2667 | hwsim_utils.test_connectivity(dev[0], hapd2ap) | |
2668 | ok = True | |
2669 | except: | |
2670 | ok = False | |
2671 | ||
2672 | ap = hapd2ap.own_addr() | |
2673 | sta = dev[0].own_addr() | |
2674 | filt = "wlan.fc.type == 2 && " + \ | |
2675 | "wlan.da == " + sta + " && " + \ | |
2676 | "wlan.sa == " + ap | |
fab49f61 | 2677 | fields = ["wlan.ccmp.extiv"] |
d7f0bef9 JM |
2678 | res = run_tshark(capfile, filt, fields) |
2679 | vals = res.splitlines() | |
2680 | logger.info("CCMP PN: " + str(vals)) | |
2681 | if len(vals) < 2: | |
2682 | raise Exception("Could not find all CCMP protected frames from capture") | |
2683 | if len(set(vals)) < len(vals): | |
2684 | raise Exception("Duplicate CCMP PN used") | |
2685 | ||
2686 | if not ok: | |
2687 | raise Exception("The second hwsim connectivity test failed") | |
0dc3c5f2 JM |
2688 | |
2689 | def test_ap_ft_psk_file(dev, apdev): | |
2690 | """WPA2-PSK-FT AP with PSK from a file""" | |
2691 | ssid = "test-ft" | |
fab49f61 | 2692 | passphrase = "12345678" |
0dc3c5f2 JM |
2693 | |
2694 | params = ft_params1a(ssid=ssid, passphrase=passphrase) | |
2695 | params['wpa_psk_file'] = 'hostapd.wpa_psk' | |
2696 | hapd = hostapd.add_ap(apdev[0], params) | |
2697 | ||
2698 | dev[1].connect(ssid, psk="very secret", | |
2699 | key_mgmt="FT-PSK", proto="WPA2", ieee80211w="1", | |
2700 | scan_freq="2412", wait_connect=False) | |
2701 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
2702 | ieee80211w="1", scan_freq="2412") | |
2703 | dev[0].request("REMOVE_NETWORK all") | |
2704 | dev[0].wait_disconnected() | |
2705 | dev[0].connect(ssid, psk="very secret", key_mgmt="FT-PSK", proto="WPA2", | |
2706 | ieee80211w="1", scan_freq="2412") | |
2707 | dev[0].request("REMOVE_NETWORK all") | |
2708 | dev[0].wait_disconnected() | |
2709 | dev[0].connect(ssid, psk="secret passphrase", | |
2710 | key_mgmt="FT-PSK", proto="WPA2", ieee80211w="1", | |
2711 | scan_freq="2412") | |
2712 | dev[2].connect(ssid, psk="another passphrase for all STAs", | |
2713 | key_mgmt="FT-PSK", proto="WPA2", ieee80211w="1", | |
2714 | scan_freq="2412") | |
2715 | ev = dev[1].wait_event(["WPA: 4-Way Handshake failed"], timeout=10) | |
2716 | if ev is None: | |
2717 | raise Exception("Timed out while waiting for failure report") | |
2718 | dev[1].request("REMOVE_NETWORK all") | |
62566bc2 JM |
2719 | |
2720 | def test_ap_ft_eap_ap_config_change(dev, apdev): | |
2721 | """WPA2-EAP-FT AP changing from 802.1X-only to FT-only""" | |
2722 | ssid = "test-ft" | |
fab49f61 | 2723 | passphrase = "12345678" |
62566bc2 JM |
2724 | bssid = apdev[0]['bssid'] |
2725 | ||
2726 | radius = hostapd.radius_params() | |
2727 | params = ft_params1(ssid=ssid, passphrase=passphrase, discovery=True) | |
2728 | params['wpa_key_mgmt'] = "WPA-EAP" | |
2729 | params["ieee8021x"] = "1" | |
2730 | params["pmk_r1_push"] = "0" | |
2731 | params["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff" | |
2732 | params["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff" | |
2733 | params["eap_server"] = "0" | |
35d8c254 | 2734 | params = dict(list(radius.items()) + list(params.items())) |
62566bc2 JM |
2735 | hapd = hostapd.add_ap(apdev[0], params) |
2736 | ||
2737 | dev[0].connect(ssid, key_mgmt="FT-EAP WPA-EAP", proto="WPA2", | |
2738 | eap="GPSK", identity="gpsk user", | |
2739 | password="abcdefghijklmnop0123456789abcdef", | |
2740 | scan_freq="2412") | |
2741 | dev[0].request("DISCONNECT") | |
2742 | dev[0].wait_disconnected() | |
2743 | dev[0].dump_monitor() | |
2744 | ||
2745 | hapd.disable() | |
2746 | hapd.set('wpa_key_mgmt', "FT-EAP") | |
2747 | hapd.enable() | |
2748 | ||
2749 | dev[0].request("BSS_FLUSH 0") | |
2750 | dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True) | |
2751 | ||
2752 | dev[0].request("RECONNECT") | |
2753 | dev[0].wait_connected() | |
55b3cda7 JM |
2754 | |
2755 | def test_ap_ft_eap_sha384(dev, apdev): | |
2756 | """WPA2-EAP-FT with SHA384""" | |
2757 | ssid = "test-ft" | |
fab49f61 | 2758 | passphrase = "12345678" |
55b3cda7 JM |
2759 | |
2760 | radius = hostapd.radius_params() | |
2761 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
58be42b2 | 2762 | params["ieee80211w"] = "2" |
55b3cda7 JM |
2763 | params['wpa_key_mgmt'] = "FT-EAP-SHA384" |
2764 | params["ieee8021x"] = "1" | |
35d8c254 | 2765 | params = dict(list(radius.items()) + list(params.items())) |
55b3cda7 JM |
2766 | hapd0 = hostapd.add_ap(apdev[0], params) |
2767 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
58be42b2 | 2768 | params["ieee80211w"] = "2" |
55b3cda7 JM |
2769 | params['wpa_key_mgmt'] = "FT-EAP-SHA384" |
2770 | params["ieee8021x"] = "1" | |
35d8c254 | 2771 | params = dict(list(radius.items()) + list(params.items())) |
55b3cda7 JM |
2772 | hapd1 = hostapd.add_ap(apdev[1], params) |
2773 | ||
2774 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, eap=True, | |
2775 | sha384=True) | |
2776 | ||
659f7954 JM |
2777 | def test_ap_ft_eap_sha384_reassoc(dev, apdev): |
2778 | """WPA2-EAP-FT with SHA384 using REASSOCIATE""" | |
2779 | ssid = "test-ft" | |
2780 | passphrase = "12345678" | |
2781 | ||
2782 | radius = hostapd.radius_params() | |
2783 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
2784 | params["ieee80211w"] = "2" | |
2785 | params['wpa_key_mgmt'] = "WPA-EAP-SUITE-B-192 FT-EAP-SHA384" | |
2786 | params["ieee8021x"] = "1" | |
2787 | params = dict(list(radius.items()) + list(params.items())) | |
2788 | hapd0 = hostapd.add_ap(apdev[0], params) | |
2789 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
2790 | params["ieee80211w"] = "2" | |
2791 | params['wpa_key_mgmt'] = "WPA-EAP-SUITE-B-192 FT-EAP-SHA384" | |
2792 | params["ieee8021x"] = "1" | |
2793 | params = dict(list(radius.items()) + list(params.items())) | |
2794 | hapd1 = hostapd.add_ap(apdev[1], params) | |
2795 | ||
2796 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, eap=True, | |
2797 | sha384=True, also_non_ft=True, roam_with_reassoc=True) | |
2798 | ||
55b3cda7 JM |
2799 | def test_ap_ft_eap_sha384_over_ds(dev, apdev): |
2800 | """WPA2-EAP-FT with SHA384 over DS""" | |
2801 | ssid = "test-ft" | |
fab49f61 | 2802 | passphrase = "12345678" |
55b3cda7 JM |
2803 | |
2804 | radius = hostapd.radius_params() | |
2805 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
58be42b2 | 2806 | params["ieee80211w"] = "2" |
55b3cda7 JM |
2807 | params['wpa_key_mgmt'] = "FT-EAP-SHA384" |
2808 | params["ieee8021x"] = "1" | |
35d8c254 | 2809 | params = dict(list(radius.items()) + list(params.items())) |
55b3cda7 JM |
2810 | hapd0 = hostapd.add_ap(apdev[0], params) |
2811 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
58be42b2 | 2812 | params["ieee80211w"] = "2" |
55b3cda7 JM |
2813 | params['wpa_key_mgmt'] = "FT-EAP-SHA384" |
2814 | params["ieee8021x"] = "1" | |
35d8c254 | 2815 | params = dict(list(radius.items()) + list(params.items())) |
55b3cda7 JM |
2816 | hapd1 = hostapd.add_ap(apdev[1], params) |
2817 | ||
2818 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, | |
2819 | eap=True, sha384=True) | |
392aba4e JM |
2820 | |
2821 | def test_ap_ft_roam_rrm(dev, apdev): | |
2822 | """WPA2-PSK-FT AP and radio measurement request""" | |
2823 | ssid = "test-ft" | |
fab49f61 | 2824 | passphrase = "12345678" |
392aba4e JM |
2825 | |
2826 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
2827 | params["rrm_beacon_report"] = "1" | |
2828 | hapd0 = hostapd.add_ap(apdev[0], params) | |
2829 | bssid0 = hapd0.own_addr() | |
2830 | ||
2831 | addr = dev[0].own_addr() | |
2832 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
2833 | scan_freq="2412") | |
2834 | check_beacon_req(hapd0, addr, 1) | |
2835 | ||
2836 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
2837 | params["rrm_beacon_report"] = "1" | |
2838 | hapd1 = hostapd.add_ap(apdev[1], params) | |
2839 | bssid1 = hapd1.own_addr() | |
2840 | ||
2841 | dev[0].scan_for_bss(bssid1, freq=2412) | |
2842 | dev[0].roam(bssid1) | |
2843 | check_beacon_req(hapd1, addr, 2) | |
2844 | ||
2845 | dev[0].scan_for_bss(bssid0, freq=2412) | |
2846 | dev[0].roam(bssid0) | |
2847 | check_beacon_req(hapd0, addr, 3) |