]> git.ipfire.org Git - thirdparty/hostap.git/blame - tests/hwsim/test_ap_ft.py
projects / thirdparty / hostap.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
FT: Allow PMK-R0 and PMK-R1 for FT-PSK to be generated locally
[thirdparty/hostap.git] / tests / hwsim / test_ap_ft.py
CommitLineData
cd7f1b9a 1# Fast BSS Transition tests
34d3eaa8 2# Copyright (c) 2013-2015, Jouni Malinen <j@w1.fi>
cd7f1b9a
JM		 3#
4# This software may be distributed under the terms of the BSD license.
5# See README for more details.
6
9fd6804d 7from remotehost import remote_compatible
5b3c40a6
JM		 8import binascii
9import os
cd7f1b9a 10import time
cd7f1b9a 11import logging
c9aa4308 12logger = logging.getLogger()
cd7f1b9a
JM		 13
14import hwsim_utils
15import hostapd
38934ed1 16from utils import HwsimSkip, alloc_fail, fail_test, skip_with_fips
cd7f1b9a 17from wlantest import Wlantest
5b3c40a6 18from test_ap_psk import check_mib, find_wpas_process, read_process_memory, verify_not_present, get_key_locations
cd7f1b9a
JM		 19
20def ft_base_rsn():
21 params = { "wpa": "2",
22 "wpa_key_mgmt": "FT-PSK",
23 "rsn_pairwise": "CCMP" }
24 return params
25
26def ft_base_mixed():
27 params = { "wpa": "3",
28 "wpa_key_mgmt": "WPA-PSK FT-PSK",
29 "wpa_pairwise": "TKIP",
30 "rsn_pairwise": "CCMP" }
31 return params
32
33def ft_params(rsn=True, ssid=None, passphrase=None):
34 if rsn:
35 params = ft_base_rsn()
36 else:
37 params = ft_base_mixed()
38 if ssid:
39 params["ssid"] = ssid
40 if passphrase:
41 params["wpa_passphrase"] = passphrase
42
43 params["mobility_domain"] = "a1b2"
44 params["r0_key_lifetime"] = "10000"
45 params["pmk_r1_push"] = "1"
46 params["reassociation_deadline"] = "1000"
47 return params
48
49def ft_params1(rsn=True, ssid=None, passphrase=None):
50 params = ft_params(rsn, ssid, passphrase)
51 params['nas_identifier'] = "nas1.w1.fi"
52 params['r1_key_holder'] = "000102030405"
53 params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f",
54 "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f" ]
55 params['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f"
56 return params
57
58def ft_params2(rsn=True, ssid=None, passphrase=None):
59 params = ft_params(rsn, ssid, passphrase)
60 params['nas_identifier'] = "nas2.w1.fi"
61 params['r1_key_holder'] = "000102030406"
62 params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f",
63 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f" ]
64 params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f"
65 return params
66
3b808945
JM		 67def ft_params1_r0kh_mismatch(rsn=True, ssid=None, passphrase=None):
68 params = ft_params(rsn, ssid, passphrase)
69 params['nas_identifier'] = "nas1.w1.fi"
70 params['r1_key_holder'] = "000102030405"
71 params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f",
72 "12:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f" ]
73 params['r1kh'] = "12:00:00:00:04:00 10:01:02:03:04:06 200102030405060708090a0b0c0d0e0f"
74 return params
75
76def ft_params2_incorrect_rrb_key(rsn=True, ssid=None, passphrase=None):
77 params = ft_params(rsn, ssid, passphrase)
78 params['nas_identifier'] = "nas2.w1.fi"
79 params['r1_key_holder'] = "000102030406"
80 params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0ef1",
81 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0ef2" ]
82 params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0ef3"
83 return params
84
85def ft_params2_r0kh_mismatch(rsn=True, ssid=None, passphrase=None):
86 params = ft_params(rsn, ssid, passphrase)
87 params['nas_identifier'] = "nas2.w1.fi"
88 params['r1_key_holder'] = "000102030406"
89 params['r0kh'] = [ "12:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f",
90 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f" ]
91 params['r1kh'] = "12:00:00:00:03:00 10:01:02:03:04:05 300102030405060708090a0b0c0d0e0f"
92 return params
93
7b741a53
JM		 94def run_roams(dev, apdev, hapd0, hapd1, ssid, passphrase, over_ds=False,
95 sae=False, eap=False, fail_test=False, roams=1,
1025603b 96 pairwise_cipher="CCMP", group_cipher="TKIP CCMP", ptk_rekey="0"):
cd7f1b9a 97 logger.info("Connect to first AP")
6f62809b
JM		 98 if eap:
99 dev.connect(ssid, key_mgmt="FT-EAP", proto="WPA2", ieee80211w="1",
2f816c21
JM		 100 eap="GPSK", identity="gpsk user",
101 password="abcdefghijklmnop0123456789abcdef",
7b741a53 102 scan_freq="2412",
1025603b
JM		 103 pairwise=pairwise_cipher, group=group_cipher,
104 wpa_ptk_rekey=ptk_rekey)
6e658cc4 105 else:
6f62809b
JM		 106 if sae:
107 key_mgmt="FT-SAE"
108 else:
109 key_mgmt="FT-PSK"
110 dev.connect(ssid, psk=passphrase, key_mgmt=key_mgmt, proto="WPA2",
7b741a53 111 ieee80211w="1", scan_freq="2412",
1025603b
JM		 112 pairwise=pairwise_cipher, group=group_cipher,
113 wpa_ptk_rekey=ptk_rekey)
cd7f1b9a
JM		 114 if dev.get_status_field('bssid') == apdev[0]['bssid']:
115 ap1 = apdev[0]
116 ap2 = apdev[1]
a8375c94
JM		 117 hapd1ap = hapd0
118 hapd2ap = hapd1
cd7f1b9a
JM		 119 else:
120 ap1 = apdev[1]
121 ap2 = apdev[0]
a8375c94
JM		 122 hapd1ap = hapd1
123 hapd2ap = hapd0
124 hwsim_utils.test_connectivity(dev, hapd1ap)
cd7f1b9a 125
655bc8bf 126 dev.scan_for_bss(ap2['bssid'], freq="2412")
40602101
JM		 127
128 for i in range(0, roams):
129 logger.info("Roam to the second AP")
130 if over_ds:
131 dev.roam_over_ds(ap2['bssid'], fail_test=fail_test)
132 else:
133 dev.roam(ap2['bssid'], fail_test=fail_test)
134 if fail_test:
135 return
136 if dev.get_status_field('bssid') != ap2['bssid']:
137 raise Exception("Did not connect to correct AP")
138 if i == 0 or i == roams - 1:
a8375c94 139 hwsim_utils.test_connectivity(dev, hapd2ap)
40602101
JM		 140
141 logger.info("Roam back to the first AP")
142 if over_ds:
143 dev.roam_over_ds(ap1['bssid'])
144 else:
145 dev.roam(ap1['bssid'])
146 if dev.get_status_field('bssid') != ap1['bssid']:
147 raise Exception("Did not connect to correct AP")
148 if i == 0 or i == roams - 1:
a8375c94 149 hwsim_utils.test_connectivity(dev, hapd1ap)
cd7f1b9a
JM		 150
151def test_ap_ft(dev, apdev):
152 """WPA2-PSK-FT AP"""
153 ssid = "test-ft"
154 passphrase="12345678"
155
156 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 157 hapd0 = hostapd.add_ap(apdev[0], params)
cd7f1b9a 158 params = ft_params2(ssid=ssid, passphrase=passphrase)
8b8a1864 159 hapd1 = hostapd.add_ap(apdev[1], params)
cd7f1b9a 160
a8375c94 161 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
91bc6c36
JM		 162 if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"):
163 raise Exception("Scan results missing RSN element info")
cd7f1b9a 164
40602101
JM		 165def test_ap_ft_many(dev, apdev):
166 """WPA2-PSK-FT AP multiple times"""
167 ssid = "test-ft"
168 passphrase="12345678"
169
170 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 171 hapd0 = hostapd.add_ap(apdev[0], params)
40602101 172 params = ft_params2(ssid=ssid, passphrase=passphrase)
8b8a1864 173 hapd1 = hostapd.add_ap(apdev[1], params)
40602101 174
a8375c94 175 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, roams=50)
40602101 176
cd7f1b9a
JM		 177def test_ap_ft_mixed(dev, apdev):
178 """WPA2-PSK-FT mixed-mode AP"""
179 ssid = "test-ft-mixed"
180 passphrase="12345678"
181
182 params = ft_params1(rsn=False, ssid=ssid, passphrase=passphrase)
8b8a1864 183 hapd = hostapd.add_ap(apdev[0], params)
65038313
JM		 184 key_mgmt = hapd.get_config()['key_mgmt']
185 vals = key_mgmt.split(' ')
186 if vals[0] != "WPA-PSK" or vals[1] != "FT-PSK":
187 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
cd7f1b9a 188 params = ft_params2(rsn=False, ssid=ssid, passphrase=passphrase)
8b8a1864 189 hapd1 = hostapd.add_ap(apdev[1], params)
cd7f1b9a 190
a8375c94 191 run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase)
cd7f1b9a
JM		 192
193def test_ap_ft_pmf(dev, apdev):
194 """WPA2-PSK-FT AP with PMF"""
195 ssid = "test-ft"
196 passphrase="12345678"
197
198 params = ft_params1(ssid=ssid, passphrase=passphrase)
bc6e3288 199 params["ieee80211w"] = "2"
8b8a1864 200 hapd0 = hostapd.add_ap(apdev[0], params)
cd7f1b9a 201 params = ft_params2(ssid=ssid, passphrase=passphrase)
bc6e3288 202 params["ieee80211w"] = "2"
8b8a1864 203 hapd1 = hostapd.add_ap(apdev[1], params)
cd7f1b9a 204
a8375c94 205 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
b553eab1
JM		 206
207def test_ap_ft_over_ds(dev, apdev):
208 """WPA2-PSK-FT AP over DS"""
209 ssid = "test-ft"
210 passphrase="12345678"
211
212 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 213 hapd0 = hostapd.add_ap(apdev[0], params)
b553eab1 214 params = ft_params2(ssid=ssid, passphrase=passphrase)
8b8a1864 215 hapd1 = hostapd.add_ap(apdev[1], params)
b553eab1 216
a8375c94 217 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True)
eaf3f9b1
JM		 218 check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"),
219 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4") ])
b553eab1 220
40602101
JM		 221def test_ap_ft_over_ds_many(dev, apdev):
222 """WPA2-PSK-FT AP over DS multiple times"""
223 ssid = "test-ft"
224 passphrase="12345678"
225
226 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 227 hapd0 = hostapd.add_ap(apdev[0], params)
40602101 228 params = ft_params2(ssid=ssid, passphrase=passphrase)
8b8a1864 229 hapd1 = hostapd.add_ap(apdev[1], params)
40602101 230
a8375c94
JM		 231 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
232 roams=50)
40602101 233
9fd6804d 234@remote_compatible
c337d07a
JM		 235def test_ap_ft_over_ds_unknown_target(dev, apdev):
236 """WPA2-PSK-FT AP"""
237 ssid = "test-ft"
238 passphrase="12345678"
239
240 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 241 hapd0 = hostapd.add_ap(apdev[0], params)
c337d07a
JM		 242
243 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
244 scan_freq="2412")
245 dev[0].roam_over_ds("02:11:22:33:44:55", fail_test=True)
246
9fd6804d 247@remote_compatible
211bb7c5
JM		 248def test_ap_ft_over_ds_unexpected(dev, apdev):
249 """WPA2-PSK-FT AP over DS and unexpected response"""
250 ssid = "test-ft"
251 passphrase="12345678"
252
253 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 254 hapd0 = hostapd.add_ap(apdev[0], params)
211bb7c5 255 params = ft_params2(ssid=ssid, passphrase=passphrase)
8b8a1864 256 hapd1 = hostapd.add_ap(apdev[1], params)
211bb7c5
JM		 257
258 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
259 scan_freq="2412")
260 if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
261 ap1 = apdev[0]
262 ap2 = apdev[1]
263 hapd1ap = hapd0
264 hapd2ap = hapd1
265 else:
266 ap1 = apdev[1]
267 ap2 = apdev[0]
268 hapd1ap = hapd1
269 hapd2ap = hapd0
270
271 addr = dev[0].own_addr()
272 hapd1ap.set("ext_mgmt_frame_handling", "1")
273 logger.info("Foreign STA address")
274 msg = {}
275 msg['fc'] = 13 << 4
276 msg['da'] = addr
277 msg['sa'] = ap1['bssid']
278 msg['bssid'] = ap1['bssid']
279 msg['payload'] = binascii.unhexlify("06021122334455660102030405060000")
280 hapd1ap.mgmt_tx(msg)
281
282 logger.info("No over-the-DS in progress")
283 msg['payload'] = binascii.unhexlify("0602" + addr.replace(':', '') + "0102030405060000")
284 hapd1ap.mgmt_tx(msg)
285
286 logger.info("Non-zero status code")
287 msg['payload'] = binascii.unhexlify("0602" + addr.replace(':', '') + "0102030405060100")
288 hapd1ap.mgmt_tx(msg)
289
290 hapd1ap.dump_monitor()
291
292 dev[0].scan_for_bss(ap2['bssid'], freq="2412")
293 if "OK" not in dev[0].request("FT_DS " + ap2['bssid']):
294 raise Exception("FT_DS failed")
295
296 req = hapd1ap.mgmt_rx()
297
298 logger.info("Foreign Target AP")
299 msg['payload'] = binascii.unhexlify("0602" + addr.replace(':', '') + "0102030405060000")
300 hapd1ap.mgmt_tx(msg)
301
302 addrs = addr.replace(':', '') + ap2['bssid'].replace(':', '')
303
304 logger.info("No IEs")
305 msg['payload'] = binascii.unhexlify("0602" + addrs + "0000")
306 hapd1ap.mgmt_tx(msg)
307
308 logger.info("Invalid IEs (trigger parsing failure)")
309 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003700")
310 hapd1ap.mgmt_tx(msg)
311
312 logger.info("Too short MDIE")
313 msg['payload'] = binascii.unhexlify("0602" + addrs + "000036021122")
314 hapd1ap.mgmt_tx(msg)
315
316 logger.info("Mobility domain mismatch")
317 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603112201")
318 hapd1ap.mgmt_tx(msg)
319
320 logger.info("No FTIE")
321 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201")
322 hapd1ap.mgmt_tx(msg)
323
324 logger.info("FTIE SNonce mismatch")
325 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "1000000000000000000000000000000000000000000000000000000000000001" + "030a6e6173322e77312e6669")
326 hapd1ap.mgmt_tx(msg)
327
328 logger.info("No R0KH-ID subelem in FTIE")
329 snonce = binascii.hexlify(req['payload'][111:111+32])
330 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b20137520000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce)
331 hapd1ap.mgmt_tx(msg)
332
333 logger.info("No R0KH-ID subelem mismatch in FTIE")
334 snonce = binascii.hexlify(req['payload'][111:111+32])
335 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce + "030a11223344556677889900")
336 hapd1ap.mgmt_tx(msg)
337
338 logger.info("No R1KH-ID subelem in FTIE")
339 r0khid = binascii.hexlify(req['payload'][145:145+10])
340 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce + "030a" + r0khid)
341 hapd1ap.mgmt_tx(msg)
342
343 logger.info("No RSNE")
344 r0khid = binascii.hexlify(req['payload'][145:145+10])
345 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b20137660000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce + "030a" + r0khid + "0106000102030405")
346 hapd1ap.mgmt_tx(msg)
347
b553eab1
JM		 348def test_ap_ft_pmf_over_ds(dev, apdev):
349 """WPA2-PSK-FT AP over DS with PMF"""
350 ssid = "test-ft"
351 passphrase="12345678"
352
353 params = ft_params1(ssid=ssid, passphrase=passphrase)
bc6e3288 354 params["ieee80211w"] = "2"
8b8a1864 355 hapd0 = hostapd.add_ap(apdev[0], params)
b553eab1 356 params = ft_params2(ssid=ssid, passphrase=passphrase)
bc6e3288 357 params["ieee80211w"] = "2"
8b8a1864 358 hapd1 = hostapd.add_ap(apdev[1], params)
b553eab1 359
a8375c94 360 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True)
6e658cc4 361
aaba98d3
JM		 362def test_ap_ft_over_ds_pull(dev, apdev):
363 """WPA2-PSK-FT AP over DS (pull PMK)"""
364 ssid = "test-ft"
365 passphrase="12345678"
366
367 params = ft_params1(ssid=ssid, passphrase=passphrase)
368 params["pmk_r1_push"] = "0"
8b8a1864 369 hapd0 = hostapd.add_ap(apdev[0], params)
aaba98d3
JM		 370 params = ft_params2(ssid=ssid, passphrase=passphrase)
371 params["pmk_r1_push"] = "0"
8b8a1864 372 hapd1 = hostapd.add_ap(apdev[1], params)
aaba98d3 373
a8375c94 374 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True)
aaba98d3 375
6e658cc4
JM		 376def test_ap_ft_sae(dev, apdev):
377 """WPA2-PSK-FT-SAE AP"""
b9749b6a
JM		 378 if "SAE" not in dev[0].get_capability("auth_alg"):
379 raise HwsimSkip("SAE not supported")
6e658cc4
JM		 380 ssid = "test-ft"
381 passphrase="12345678"
382
383 params = ft_params1(ssid=ssid, passphrase=passphrase)
384 params['wpa_key_mgmt'] = "FT-SAE"
8b8a1864 385 hapd0 = hostapd.add_ap(apdev[0], params)
6e658cc4
JM		 386 params = ft_params2(ssid=ssid, passphrase=passphrase)
387 params['wpa_key_mgmt'] = "FT-SAE"
8b8a1864 388 hapd = hostapd.add_ap(apdev[1], params)
65038313
JM		 389 key_mgmt = hapd.get_config()['key_mgmt']
390 if key_mgmt.split(' ')[0] != "FT-SAE":
391 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
6e658cc4 392
17ffdf39 393 dev[0].request("SET sae_groups ")
a8375c94 394 run_roams(dev[0], apdev, hapd0, hapd, ssid, passphrase, sae=True)
6e658cc4
JM		 395
396def test_ap_ft_sae_over_ds(dev, apdev):
397 """WPA2-PSK-FT-SAE AP over DS"""
b9749b6a
JM		 398 if "SAE" not in dev[0].get_capability("auth_alg"):
399 raise HwsimSkip("SAE not supported")
6e658cc4
JM		 400 ssid = "test-ft"
401 passphrase="12345678"
402
403 params = ft_params1(ssid=ssid, passphrase=passphrase)
404 params['wpa_key_mgmt'] = "FT-SAE"
8b8a1864 405 hapd0 = hostapd.add_ap(apdev[0], params)
6e658cc4
JM		 406 params = ft_params2(ssid=ssid, passphrase=passphrase)
407 params['wpa_key_mgmt'] = "FT-SAE"
8b8a1864 408 hapd1 = hostapd.add_ap(apdev[1], params)
6e658cc4 409
17ffdf39 410 dev[0].request("SET sae_groups ")
a8375c94
JM		 411 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, sae=True,
412 over_ds=True)
6f62809b
JM		 413
414def test_ap_ft_eap(dev, apdev):
415 """WPA2-EAP-FT AP"""
416 ssid = "test-ft"
417 passphrase="12345678"
418
419 radius = hostapd.radius_params()
420 params = ft_params1(ssid=ssid, passphrase=passphrase)
421 params['wpa_key_mgmt'] = "FT-EAP"
422 params["ieee8021x"] = "1"
423 params = dict(radius.items() + params.items())
8b8a1864 424 hapd = hostapd.add_ap(apdev[0], params)
65038313
JM		 425 key_mgmt = hapd.get_config()['key_mgmt']
426 if key_mgmt.split(' ')[0] != "FT-EAP":
427 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
6f62809b
JM		 428 params = ft_params2(ssid=ssid, passphrase=passphrase)
429 params['wpa_key_mgmt'] = "FT-EAP"
430 params["ieee8021x"] = "1"
431 params = dict(radius.items() + params.items())
8b8a1864 432 hapd1 = hostapd.add_ap(apdev[1], params)
6f62809b 433
a8375c94 434 run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True)
91bc6c36
JM		 435 if "[WPA2-FT/EAP-CCMP]" not in dev[0].request("SCAN_RESULTS"):
436 raise Exception("Scan results missing RSN element info")
eaf3f9b1
JM		 437 check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-3"),
438 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-3") ])
aaba98d3 439
4013d688
JM		 440 # Verify EAPOL reauthentication after FT protocol
441 if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
442 ap = hapd
443 else:
444 ap = hapd1
445 ap.request("EAPOL_REAUTH " + dev[0].own_addr())
446 ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)
447 if ev is None:
448 raise Exception("EAP authentication did not start")
449 ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=5)
450 if ev is None:
451 raise Exception("EAP authentication did not succeed")
452 time.sleep(0.1)
453 hwsim_utils.test_connectivity(dev[0], ap)
454
aaba98d3
JM		 455def test_ap_ft_eap_pull(dev, apdev):
456 """WPA2-EAP-FT AP (pull PMK)"""
457 ssid = "test-ft"
458 passphrase="12345678"
459
460 radius = hostapd.radius_params()
461 params = ft_params1(ssid=ssid, passphrase=passphrase)
462 params['wpa_key_mgmt'] = "FT-EAP"
463 params["ieee8021x"] = "1"
464 params["pmk_r1_push"] = "0"
465 params = dict(radius.items() + params.items())
8b8a1864 466 hapd = hostapd.add_ap(apdev[0], params)
aaba98d3
JM		 467 key_mgmt = hapd.get_config()['key_mgmt']
468 if key_mgmt.split(' ')[0] != "FT-EAP":
469 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
470 params = ft_params2(ssid=ssid, passphrase=passphrase)
471 params['wpa_key_mgmt'] = "FT-EAP"
472 params["ieee8021x"] = "1"
473 params["pmk_r1_push"] = "0"
474 params = dict(radius.items() + params.items())
8b8a1864 475 hapd1 = hostapd.add_ap(apdev[1], params)
aaba98d3 476
a8375c94 477 run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True)
3b808945 478
9fd6804d 479@remote_compatible
3b808945
JM		 480def test_ap_ft_mismatching_rrb_key_push(dev, apdev):
481 """WPA2-PSK-FT AP over DS with mismatching RRB key (push)"""
482 ssid = "test-ft"
483 passphrase="12345678"
484
485 params = ft_params1(ssid=ssid, passphrase=passphrase)
bc6e3288 486 params["ieee80211w"] = "2"
8b8a1864 487 hapd0 = hostapd.add_ap(apdev[0], params)
3b808945 488 params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase)
bc6e3288 489 params["ieee80211w"] = "2"
8b8a1864 490 hapd1 = hostapd.add_ap(apdev[1], params)
3b808945 491
a8375c94
JM		 492 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
493 fail_test=True)
3b808945 494
9fd6804d 495@remote_compatible
3b808945
JM		 496def test_ap_ft_mismatching_rrb_key_pull(dev, apdev):
497 """WPA2-PSK-FT AP over DS with mismatching RRB key (pull)"""
498 ssid = "test-ft"
499 passphrase="12345678"
500
501 params = ft_params1(ssid=ssid, passphrase=passphrase)
502 params["pmk_r1_push"] = "0"
8b8a1864 503 hapd0 = hostapd.add_ap(apdev[0], params)
3b808945
JM		 504 params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase)
505 params["pmk_r1_push"] = "0"
8b8a1864 506 hapd1 = hostapd.add_ap(apdev[1], params)
3b808945 507
a8375c94
JM		 508 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
509 fail_test=True)
3b808945 510
9fd6804d 511@remote_compatible
ae14a2e2
JM		 512def test_ap_ft_mismatching_r0kh_id_pull(dev, apdev):
513 """WPA2-PSK-FT AP over DS with mismatching R0KH-ID (pull)"""
514 ssid = "test-ft"
515 passphrase="12345678"
516
517 params = ft_params1(ssid=ssid, passphrase=passphrase)
518 params["pmk_r1_push"] = "0"
519 params["nas_identifier"] = "nas0.w1.fi"
8b8a1864 520 hostapd.add_ap(apdev[0], params)
2f816c21
JM		 521 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
522 scan_freq="2412")
ae14a2e2
JM		 523
524 params = ft_params2(ssid=ssid, passphrase=passphrase)
525 params["pmk_r1_push"] = "0"
8b8a1864 526 hostapd.add_ap(apdev[1], params)
ae14a2e2
JM		 527
528 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
529 dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True)
530
9fd6804d 531@remote_compatible
3b808945
JM		 532def test_ap_ft_mismatching_rrb_r0kh_push(dev, apdev):
533 """WPA2-PSK-FT AP over DS with mismatching R0KH key (push)"""
534 ssid = "test-ft"
535 passphrase="12345678"
536
537 params = ft_params1(ssid=ssid, passphrase=passphrase)
bc6e3288 538 params["ieee80211w"] = "2"
8b8a1864 539 hapd0 = hostapd.add_ap(apdev[0], params)
3b808945 540 params = ft_params2_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
bc6e3288 541 params["ieee80211w"] = "2"
8b8a1864 542 hapd1 = hostapd.add_ap(apdev[1], params)
3b808945 543
a8375c94
JM		 544 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
545 fail_test=True)
3b808945 546
9fd6804d 547@remote_compatible
3b808945
JM		 548def test_ap_ft_mismatching_rrb_r0kh_pull(dev, apdev):
549 """WPA2-PSK-FT AP over DS with mismatching R0KH key (pull)"""
550 ssid = "test-ft"
551 passphrase="12345678"
552
553 params = ft_params1_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
554 params["pmk_r1_push"] = "0"
8b8a1864 555 hapd0 = hostapd.add_ap(apdev[0], params)
3b808945
JM		 556 params = ft_params2(ssid=ssid, passphrase=passphrase)
557 params["pmk_r1_push"] = "0"
8b8a1864 558 hapd1 = hostapd.add_ap(apdev[1], params)
3b808945 559
a8375c94
JM		 560 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
561 fail_test=True)
c6b6e105
JM		 562
563def test_ap_ft_gtk_rekey(dev, apdev):
564 """WPA2-PSK-FT AP and GTK rekey"""
565 ssid = "test-ft"
566 passphrase="12345678"
567
568 params = ft_params1(ssid=ssid, passphrase=passphrase)
569 params['wpa_group_rekey'] = '1'
8b8a1864 570 hapd = hostapd.add_ap(apdev[0], params)
c6b6e105
JM		 571
572 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2f816c21 573 ieee80211w="1", scan_freq="2412")
c6b6e105
JM		 574
575 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
576 if ev is None:
577 raise Exception("GTK rekey timed out after initial association")
a8375c94 578 hwsim_utils.test_connectivity(dev[0], hapd)
c6b6e105
JM		 579
580 params = ft_params2(ssid=ssid, passphrase=passphrase)
581 params['wpa_group_rekey'] = '1'
8b8a1864 582 hapd1 = hostapd.add_ap(apdev[1], params)
c6b6e105
JM		 583
584 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
585 dev[0].roam(apdev[1]['bssid'])
586 if dev[0].get_status_field('bssid') != apdev[1]['bssid']:
587 raise Exception("Did not connect to correct AP")
a8375c94 588 hwsim_utils.test_connectivity(dev[0], hapd1)
c6b6e105
JM		 589
590 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
591 if ev is None:
592 raise Exception("GTK rekey timed out after FT protocol")
a8375c94 593 hwsim_utils.test_connectivity(dev[0], hapd1)
5b3c40a6
JM		 594
595def test_ft_psk_key_lifetime_in_memory(dev, apdev, params):
596 """WPA2-PSK-FT and key lifetime in memory"""
597 ssid = "test-ft"
598 passphrase="04c2726b4b8d5f1b4db9c07aa4d9e9d8f765cb5d25ec817e6cc4fcdd5255db0"
599 psk = '93c90846ff67af9037ed83fb72b63dbeddaa81d47f926c20909b5886f1d9358d'
600 pmk = binascii.unhexlify(psk)
601 p = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 602 hapd0 = hostapd.add_ap(apdev[0], p)
5b3c40a6 603 p = ft_params2(ssid=ssid, passphrase=passphrase)
8b8a1864 604 hapd1 = hostapd.add_ap(apdev[1], p)
5b3c40a6
JM		 605
606 pid = find_wpas_process(dev[0])
607
608 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
609 scan_freq="2412")
8e416cec
JM		 610 # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
611 # event has been delivered, so verify that wpa_supplicant has returned to
612 # eloop before reading process memory.
54f2cae2 613 time.sleep(1)
8e416cec 614 dev[0].ping()
5b3c40a6
JM		 615
616 buf = read_process_memory(pid, pmk)
617
618 dev[0].request("DISCONNECT")
619 dev[0].wait_disconnected()
620
621 dev[0].relog()
622 pmkr0 = None
623 pmkr1 = None
624 ptk = None
625 gtk = None
626 with open(os.path.join(params['logdir'], 'log0'), 'r') as f:
627 for l in f.readlines():
628 if "FT: PMK-R0 - hexdump" in l:
629 val = l.strip().split(':')[3].replace(' ', '')
630 pmkr0 = binascii.unhexlify(val)
631 if "FT: PMK-R1 - hexdump" in l:
632 val = l.strip().split(':')[3].replace(' ', '')
633 pmkr1 = binascii.unhexlify(val)
f918b95b 634 if "FT: KCK - hexdump" in l:
5b3c40a6 635 val = l.strip().split(':')[3].replace(' ', '')
f918b95b
JM		 636 kck = binascii.unhexlify(val)
637 if "FT: KEK - hexdump" in l:
638 val = l.strip().split(':')[3].replace(' ', '')
639 kek = binascii.unhexlify(val)
640 if "FT: TK - hexdump" in l:
641 val = l.strip().split(':')[3].replace(' ', '')
642 tk = binascii.unhexlify(val)
5b3c40a6
JM		 643 if "WPA: Group Key - hexdump" in l:
644 val = l.strip().split(':')[3].replace(' ', '')
645 gtk = binascii.unhexlify(val)
f918b95b 646 if not pmkr0 or not pmkr1 or not kck or not kek or not tk or not gtk:
5b3c40a6
JM		 647 raise Exception("Could not find keys from debug log")
648 if len(gtk) != 16:
649 raise Exception("Unexpected GTK length")
650
5b3c40a6
JM		 651 logger.info("Checking keys in memory while associated")
652 get_key_locations(buf, pmk, "PMK")
653 get_key_locations(buf, pmkr0, "PMK-R0")
654 get_key_locations(buf, pmkr1, "PMK-R1")
655 if pmk not in buf:
81e787b7 656 raise HwsimSkip("PMK not found while associated")
5b3c40a6 657 if pmkr0 not in buf:
81e787b7 658 raise HwsimSkip("PMK-R0 not found while associated")
5b3c40a6 659 if pmkr1 not in buf:
81e787b7 660 raise HwsimSkip("PMK-R1 not found while associated")
5b3c40a6
JM		 661 if kck not in buf:
662 raise Exception("KCK not found while associated")
663 if kek not in buf:
664 raise Exception("KEK not found while associated")
665 if tk in buf:
666 raise Exception("TK found from memory")
667 if gtk in buf:
8eb45bde 668 get_key_locations(buf, gtk, "GTK")
5b3c40a6
JM		 669 raise Exception("GTK found from memory")
670
671 logger.info("Checking keys in memory after disassociation")
672 buf = read_process_memory(pid, pmk)
673 get_key_locations(buf, pmk, "PMK")
674 get_key_locations(buf, pmkr0, "PMK-R0")
675 get_key_locations(buf, pmkr1, "PMK-R1")
676
677 # Note: PMK/PSK is still present in network configuration
678
679 fname = os.path.join(params['logdir'],
680 'ft_psk_key_lifetime_in_memory.memctx-')
681 verify_not_present(buf, pmkr0, fname, "PMK-R0")
682 verify_not_present(buf, pmkr1, fname, "PMK-R1")
683 verify_not_present(buf, kck, fname, "KCK")
684 verify_not_present(buf, kek, fname, "KEK")
685 verify_not_present(buf, tk, fname, "TK")
686 verify_not_present(buf, gtk, fname, "GTK")
687
688 dev[0].request("REMOVE_NETWORK all")
689
690 logger.info("Checking keys in memory after network profile removal")
691 buf = read_process_memory(pid, pmk)
692 get_key_locations(buf, pmk, "PMK")
693 get_key_locations(buf, pmkr0, "PMK-R0")
694 get_key_locations(buf, pmkr1, "PMK-R1")
695
696 verify_not_present(buf, pmk, fname, "PMK")
697 verify_not_present(buf, pmkr0, fname, "PMK-R0")
698 verify_not_present(buf, pmkr1, fname, "PMK-R1")
699 verify_not_present(buf, kck, fname, "KCK")
700 verify_not_present(buf, kek, fname, "KEK")
701 verify_not_present(buf, tk, fname, "TK")
702 verify_not_present(buf, gtk, fname, "GTK")
664093b5 703
9fd6804d 704@remote_compatible
664093b5
JM		 705def test_ap_ft_invalid_resp(dev, apdev):
706 """WPA2-PSK-FT AP and invalid response IEs"""
707 ssid = "test-ft"
708 passphrase="12345678"
709
710 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 711 hapd0 = hostapd.add_ap(apdev[0], params)
664093b5
JM		 712 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
713 scan_freq="2412")
714
715 params = ft_params2(ssid=ssid, passphrase=passphrase)
8b8a1864 716 hapd1 = hostapd.add_ap(apdev[1], params)
664093b5
JM		 717
718 tests = [
719 # Various IEs for test coverage. The last one is FTIE with invalid
720 # R1KH-ID subelement.
721 "020002000000" + "3800" + "38051122334455" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010100",
722 # FTIE with invalid R0KH-ID subelement (len=0).
723 "020002000000" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010300",
724 # FTIE with invalid R0KH-ID subelement (len=49).
725 "020002000000" + "378500010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001033101020304050607080910111213141516171819202122232425262728293031323334353637383940414243444546474849",
726 # Invalid RSNE.
727 "020002000000" + "3000",
728 # Required IEs missing from protected IE count.
729 "020002000000" + "3603a1b201" + "375200010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
730 # RIC missing from protected IE count.
731 "020002000000" + "3603a1b201" + "375200020203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
732 # Protected IE missing.
733 "020002000000" + "3603a1b201" + "375200ff0203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900" + "0000" ]
734 for t in tests:
735 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
736 hapd1.set("ext_mgmt_frame_handling", "1")
737 hapd1.dump_monitor()
738 if "OK" not in dev[0].request("ROAM " + apdev[1]['bssid']):
739 raise Exception("ROAM failed")
740 auth = None
741 for i in range(20):
742 msg = hapd1.mgmt_rx()
743 if msg['subtype'] == 11:
744 auth = msg
745 break
746 if not auth:
747 raise Exception("Authentication frame not seen")
748
749 resp = {}
750 resp['fc'] = auth['fc']
751 resp['da'] = auth['sa']
752 resp['sa'] = auth['da']
753 resp['bssid'] = auth['bssid']
754 resp['payload'] = binascii.unhexlify(t)
755 hapd1.mgmt_tx(resp)
756 hapd1.set("ext_mgmt_frame_handling", "0")
757 dev[0].wait_disconnected()
758
759 dev[0].request("RECONNECT")
760 dev[0].wait_connected()
7b741a53
JM		 761
762def test_ap_ft_gcmp_256(dev, apdev):
763 """WPA2-PSK-FT AP with GCMP-256 cipher"""
764 if "GCMP-256" not in dev[0].get_capability("pairwise"):
765 raise HwsimSkip("Cipher GCMP-256 not supported")
766 ssid = "test-ft"
767 passphrase="12345678"
768
769 params = ft_params1(ssid=ssid, passphrase=passphrase)
770 params['rsn_pairwise'] = "GCMP-256"
8b8a1864 771 hapd0 = hostapd.add_ap(apdev[0], params)
7b741a53
JM		 772 params = ft_params2(ssid=ssid, passphrase=passphrase)
773 params['rsn_pairwise'] = "GCMP-256"
8b8a1864 774 hapd1 = hostapd.add_ap(apdev[1], params)
7b741a53
JM		 775
776 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase,
777 pairwise_cipher="GCMP-256", group_cipher="GCMP-256")
cf671d54
JM		 778
779def test_ap_ft_oom(dev, apdev):
780 """WPA2-PSK-FT and OOM"""
38934ed1 781 skip_with_fips(dev[0])
cf671d54
JM		 782 ssid = "test-ft"
783 passphrase="12345678"
784
785 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 786 hapd0 = hostapd.add_ap(apdev[0], params)
cf671d54 787 params = ft_params2(ssid=ssid, passphrase=passphrase)
8b8a1864 788 hapd1 = hostapd.add_ap(apdev[1], params)
cf671d54
JM		 789
790 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
791 scan_freq="2412")
792 if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
793 dst = apdev[1]['bssid']
794 else:
795 dst = apdev[0]['bssid']
796
797 dev[0].scan_for_bss(dst, freq="2412")
798 with alloc_fail(dev[0], 1, "wpa_ft_gen_req_ies"):
799 dev[0].roam(dst)
7cbc8e67 800 with fail_test(dev[0], 1, "wpa_ft_mic"):
cf671d54
JM		 801 dev[0].roam(dst, fail_test=True)
802 with fail_test(dev[0], 1, "os_get_random;wpa_ft_prepare_auth_request"):
803 dev[0].roam(dst, fail_test=True)
34d3eaa8 804
dcbb5d80
JM		 805 dev[0].request("REMOVE_NETWORK all")
806 with alloc_fail(dev[0], 1, "=sme_update_ft_ies"):
807 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
808 scan_freq="2412")
809
34d3eaa8
JM		 810def test_ap_ft_over_ds_proto(dev, apdev):
811 """WPA2-PSK-FT AP over DS protocol testing"""
812 ssid = "test-ft"
813 passphrase="12345678"
814
815 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 816 hapd0 = hostapd.add_ap(apdev[0], params)
34d3eaa8
JM		 817 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
818 scan_freq="2412")
819
820 # FT Action Response while no FT-over-DS in progress
821 msg = {}
822 msg['fc'] = 13 << 4
823 msg['da'] = dev[0].own_addr()
824 msg['sa'] = apdev[0]['bssid']
825 msg['bssid'] = apdev[0]['bssid']
826 msg['payload'] = binascii.unhexlify("06020200000000000200000004000000")
827 hapd0.mgmt_tx(msg)
828
829 params = ft_params2(ssid=ssid, passphrase=passphrase)
8b8a1864 830 hapd1 = hostapd.add_ap(apdev[1], params)
34d3eaa8
JM		 831 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
832 hapd0.set("ext_mgmt_frame_handling", "1")
833 hapd0.dump_monitor()
834 dev[0].request("FT_DS " + apdev[1]['bssid'])
835 for i in range(0, 10):
836 req = hapd0.mgmt_rx()
837 if req is None:
838 raise Exception("MGMT RX wait timed out")
839 if req['subtype'] == 13:
840 break
841 req = None
842 if not req:
843 raise Exception("FT Action frame not received")
844
845 # FT Action Response for unexpected Target AP
846 msg['payload'] = binascii.unhexlify("0602020000000000" + "f20000000400" + "0000")
847 hapd0.mgmt_tx(msg)
848
849 # FT Action Response without MDIE
850 msg['payload'] = binascii.unhexlify("0602020000000000" + "020000000400" + "0000")
851 hapd0.mgmt_tx(msg)
852
853 # FT Action Response without FTIE
854 msg['payload'] = binascii.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201")
855 hapd0.mgmt_tx(msg)
856
857 # FT Action Response with FTIE SNonce mismatch
858 msg['payload'] = binascii.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201" + "3766000000000000000000000000000000000000c4e67ac1999bebd00ff4ae4d5dcaf87896bb060b469f7c78d49623fb395c3455ffffff6b693fe6f8d8c5dfac0a22344750775bd09437f98b238c9f87b97f790c0106000102030406030a6e6173312e77312e6669")
859 hapd0.mgmt_tx(msg)
6f3815c0 860
9fd6804d 861@remote_compatible
6f3815c0
JM		 862def test_ap_ft_rrb(dev, apdev):
863 """WPA2-PSK-FT RRB protocol testing"""
864 ssid = "test-ft"
865 passphrase="12345678"
866
867 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 868 hapd0 = hostapd.add_ap(apdev[0], params)
6f3815c0
JM		 869
870 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
871 scan_freq="2412")
872
873 _dst_ll = binascii.unhexlify(apdev[0]['bssid'].replace(':',''))
874 _src_ll = binascii.unhexlify(dev[0].own_addr().replace(':',''))
875 proto = '\x89\x0d'
876 ehdr = _dst_ll + _src_ll + proto
877
878 # Too short RRB frame
879 pkt = ehdr + '\x01'
880 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
881 raise Exception("DATA_TEST_FRAME failed")
882
883 # RRB discarded frame wikth unrecognized type
884 pkt = ehdr + '\x02' + '\x02' + '\x01\x00' + _src_ll
885 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
886 raise Exception("DATA_TEST_FRAME failed")
887
888 # RRB frame too short for action frame
889 pkt = ehdr + '\x01' + '\x02' + '\x01\x00' + _src_ll
890 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
891 raise Exception("DATA_TEST_FRAME failed")
892
893 # Too short RRB frame (not enough room for Action Frame body)
894 pkt = ehdr + '\x01' + '\x02' + '\x00\x00' + _src_ll
895 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
896 raise Exception("DATA_TEST_FRAME failed")
897
898 # Unexpected Action frame category
899 pkt = ehdr + '\x01' + '\x02' + '\x0e\x00' + _src_ll + '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
900 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
901 raise Exception("DATA_TEST_FRAME failed")
902
903 # Unexpected Action in RRB Request
904 pkt = ehdr + '\x01' + '\x00' + '\x0e\x00' + _src_ll + '\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
905 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
906 raise Exception("DATA_TEST_FRAME failed")
907
908 # Target AP address in RRB Request does not match with own address
909 pkt = ehdr + '\x01' + '\x00' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
910 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
911 raise Exception("DATA_TEST_FRAME failed")
912
913 # Not enough room for status code in RRB Response
914 pkt = ehdr + '\x01' + '\x01' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
915 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
916 raise Exception("DATA_TEST_FRAME failed")
917
918 # RRB discarded frame with unknown packet_type
919 pkt = ehdr + '\x01' + '\x02' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
920 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
921 raise Exception("DATA_TEST_FRAME failed")
922
923 # RRB Response with non-zero status code; no STA match
924 pkt = ehdr + '\x01' + '\x01' + '\x10\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + '\xff\xff'
925 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
926 raise Exception("DATA_TEST_FRAME failed")
927
928 # RRB Response with zero status code and extra data; STA match
929 pkt = ehdr + '\x01' + '\x01' + '\x11\x00' + _src_ll + '\x06\x01' + _src_ll + '\x00\x00\x00\x00\x00\x00' + '\x00\x00' + '\x00'
930 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
931 raise Exception("DATA_TEST_FRAME failed")
932
933 # Too short PMK-R1 pull
934 pkt = ehdr + '\x01' + '\xc8' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
935 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
936 raise Exception("DATA_TEST_FRAME failed")
937
938 # Too short PMK-R1 resp
939 pkt = ehdr + '\x01' + '\xc9' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
940 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
941 raise Exception("DATA_TEST_FRAME failed")
942
943 # Too short PMK-R1 push
944 pkt = ehdr + '\x01' + '\xca' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
945 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
946 raise Exception("DATA_TEST_FRAME failed")
947
948 # No matching R0KH address found for PMK-R0 pull response
949 pkt = ehdr + '\x01' + '\xc9' + '\x5a\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + 76*'\00'
950 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
951 raise Exception("DATA_TEST_FRAME failed")
ecafa0cf 952
9fd6804d 953@remote_compatible
ecafa0cf
JM		 954def test_rsn_ie_proto_ft_psk_sta(dev, apdev):
955 """RSN element protocol testing for FT-PSK + PMF cases on STA side"""
956 bssid = apdev[0]['bssid']
957 ssid = "test-ft"
958 passphrase="12345678"
959
960 params = ft_params1(ssid=ssid, passphrase=passphrase)
bc6e3288 961 params["ieee80211w"] = "1"
ecafa0cf
JM		 962 # This is the RSN element used normally by hostapd
963 params['own_ie_override'] = '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'
8b8a1864 964 hapd = hostapd.add_ap(apdev[0], params)
ecafa0cf
JM		 965 id = dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
966 ieee80211w="1", scan_freq="2412",
967 pairwise="CCMP", group="CCMP")
968
969 tests = [ ('PMKIDCount field included',
970 '30160100000fac040100000fac040100000fac048c000000' + '3603a1b201'),
971 ('Extra IE before RSNE',
972 'dd0400000000' + '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'),
973 ('PMKIDCount and Group Management Cipher suite fields included',
974 '301a0100000fac040100000fac040100000fac048c000000000fac06' + '3603a1b201'),
975 ('Extra octet after defined fields (future extensibility)',
976 '301b0100000fac040100000fac040100000fac048c000000000fac0600' + '3603a1b201'),
977 ('No RSN Capabilities field (PMF disabled in practice)',
978 '30120100000fac040100000fac040100000fac04' + '3603a1b201') ]
979 for txt,ie in tests:
980 dev[0].request("DISCONNECT")
981 dev[0].wait_disconnected()
982 logger.info(txt)
983 hapd.disable()
984 hapd.set('own_ie_override', ie)
985 hapd.enable()
986 dev[0].request("BSS_FLUSH 0")
987 dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
988 dev[0].select_network(id, freq=2412)
989 dev[0].wait_connected()
990
991 dev[0].request("DISCONNECT")
992 dev[0].wait_disconnected()
993
994 logger.info('Invalid RSNE causing internal hostapd error')
995 hapd.disable()
996 hapd.set('own_ie_override', '30130100000fac040100000fac040100000fac048c' + '3603a1b201')
997 hapd.enable()
998 dev[0].request("BSS_FLUSH 0")
999 dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
1000 dev[0].select_network(id, freq=2412)
1001 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
1002 # complete.
1003 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
1004 if ev is not None:
1005 raise Exception("Unexpected connection")
1006 dev[0].request("DISCONNECT")
1007
1008 logger.info('Unexpected PMKID causing internal hostapd error')
1009 hapd.disable()
1010 hapd.set('own_ie_override', '30260100000fac040100000fac040100000fac048c000100ffffffffffffffffffffffffffffffff' + '3603a1b201')
1011 hapd.enable()
1012 dev[0].request("BSS_FLUSH 0")
1013 dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
1014 dev[0].select_network(id, freq=2412)
1015 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
1016 # complete.
1017 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
1018 if ev is not None:
1019 raise Exception("Unexpected connection")
1020 dev[0].request("DISCONNECT")
1025603b
JM		 1021
1022def test_ap_ft_ptk_rekey(dev, apdev):
1023 """WPA2-PSK-FT PTK rekeying triggered by station after roam"""
1024 ssid = "test-ft"
1025 passphrase="12345678"
1026
1027 params = ft_params1(ssid=ssid, passphrase=passphrase)
8b8a1864 1028 hapd0 = hostapd.add_ap(apdev[0], params)
1025603b 1029 params = ft_params2(ssid=ssid, passphrase=passphrase)
8b8a1864 1030 hapd1 = hostapd.add_ap(apdev[1], params)
1025603b
JM		 1031
1032 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, ptk_rekey="1")
1033
1034 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED",
1035 "WPA: Key negotiation completed"], timeout=5)
1036 if ev is None:
1037 raise Exception("No event received after roam")
1038 if "CTRL-EVENT-DISCONNECTED" in ev:
1039 raise Exception("Unexpected disconnection after roam")
1040
1041 if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
1042 hapd = hapd0
1043 else:
1044 hapd = hapd1
1045 hwsim_utils.test_connectivity(dev[0], hapd)
1046
1047def test_ap_ft_ptk_rekey_ap(dev, apdev):
1048 """WPA2-PSK-FT PTK rekeying triggered by AP after roam"""
1049 ssid = "test-ft"
1050 passphrase="12345678"
1051
1052 params = ft_params1(ssid=ssid, passphrase=passphrase)
1053 params['wpa_ptk_rekey'] = '2'
8b8a1864 1054 hapd0 = hostapd.add_ap(apdev[0], params)
1025603b
JM		 1055 params = ft_params2(ssid=ssid, passphrase=passphrase)
1056 params['wpa_ptk_rekey'] = '2'
8b8a1864 1057 hapd1 = hostapd.add_ap(apdev[1], params)
1025603b
JM		 1058
1059 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
1060
1061 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED",
1062 "WPA: Key negotiation completed"], timeout=5)
1063 if ev is None:
1064 raise Exception("No event received after roam")
1065 if "CTRL-EVENT-DISCONNECTED" in ev:
1066 raise Exception("Unexpected disconnection after roam")
1067
1068 if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
1069 hapd = hapd0
1070 else:
1071 hapd = hapd1
1072 hwsim_utils.test_connectivity(dev[0], hapd)
186ca473
MB		 1073
1074def test_ap_ft_internal_rrb_check(dev, apdev):
1075 """RRB internal delivery only to WPA enabled BSS"""
1076 ssid = "test-ft"
1077 passphrase="12345678"
1078
1079 radius = hostapd.radius_params()
1080 params = ft_params1(ssid=ssid, passphrase=passphrase)
1081 params['wpa_key_mgmt'] = "FT-EAP"
1082 params["ieee8021x"] = "1"
1083 params = dict(radius.items() + params.items())
8b8a1864 1084 hapd = hostapd.add_ap(apdev[0], params)
186ca473
MB		 1085 key_mgmt = hapd.get_config()['key_mgmt']
1086 if key_mgmt.split(' ')[0] != "FT-EAP":
1087 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
1088
8b8a1864 1089 hapd1 = hostapd.add_ap(apdev[1], { "ssid" : ssid })
186ca473
MB		 1090
1091 # Connect to WPA enabled AP
1092 dev[0].connect(ssid, key_mgmt="FT-EAP", proto="WPA2", ieee80211w="1",
1093 eap="GPSK", identity="gpsk user",
1094 password="abcdefghijklmnop0123456789abcdef",
1095 scan_freq="2412")
1096
1097 # Try over_ds roaming to non-WPA-enabled AP.
1098 # If hostapd does not check hapd->wpa_auth internally, it will crash now.
1099 dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True)
Unnamed repository; edit this file 'description' to name the repository.