]>
Commit | Line | Data |
---|---|---|
cd7f1b9a | 1 | # Fast BSS Transition tests |
c8942286 | 2 | # Copyright (c) 2013-2017, Jouni Malinen <j@w1.fi> |
cd7f1b9a JM |
3 | # |
4 | # This software may be distributed under the terms of the BSD license. | |
5 | # See README for more details. | |
6 | ||
9fd6804d | 7 | from remotehost import remote_compatible |
5b3c40a6 JM |
8 | import binascii |
9 | import os | |
cd7f1b9a | 10 | import time |
cd7f1b9a | 11 | import logging |
c9aa4308 | 12 | logger = logging.getLogger() |
c8942286 | 13 | import struct |
cd7f1b9a JM |
14 | |
15 | import hwsim_utils | |
16 | import hostapd | |
c8942286 | 17 | from utils import HwsimSkip, alloc_fail, fail_test, wait_fail_trigger, skip_with_fips, parse_ie |
cd7f1b9a | 18 | from wlantest import Wlantest |
5b3c40a6 | 19 | from test_ap_psk import check_mib, find_wpas_process, read_process_memory, verify_not_present, get_key_locations |
cd7f1b9a JM |
20 | |
21 | def ft_base_rsn(): | |
22 | params = { "wpa": "2", | |
23 | "wpa_key_mgmt": "FT-PSK", | |
24 | "rsn_pairwise": "CCMP" } | |
25 | return params | |
26 | ||
27 | def ft_base_mixed(): | |
28 | params = { "wpa": "3", | |
29 | "wpa_key_mgmt": "WPA-PSK FT-PSK", | |
30 | "wpa_pairwise": "TKIP", | |
31 | "rsn_pairwise": "CCMP" } | |
32 | return params | |
33 | ||
34 | def ft_params(rsn=True, ssid=None, passphrase=None): | |
35 | if rsn: | |
36 | params = ft_base_rsn() | |
37 | else: | |
38 | params = ft_base_mixed() | |
39 | if ssid: | |
40 | params["ssid"] = ssid | |
41 | if passphrase: | |
42 | params["wpa_passphrase"] = passphrase | |
43 | ||
44 | params["mobility_domain"] = "a1b2" | |
45 | params["r0_key_lifetime"] = "10000" | |
46 | params["pmk_r1_push"] = "1" | |
47 | params["reassociation_deadline"] = "1000" | |
48 | return params | |
49 | ||
d0175d6e | 50 | def ft_params1a(rsn=True, ssid=None, passphrase=None): |
cd7f1b9a JM |
51 | params = ft_params(rsn, ssid, passphrase) |
52 | params['nas_identifier'] = "nas1.w1.fi" | |
53 | params['r1_key_holder'] = "000102030405" | |
d0175d6e MB |
54 | return params |
55 | ||
56 | def ft_params1(rsn=True, ssid=None, passphrase=None): | |
57 | params = ft_params1a(rsn, ssid, passphrase) | |
9441a227 MB |
58 | params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f", |
59 | "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f" ] | |
60 | params['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f" | |
cd7f1b9a JM |
61 | return params |
62 | ||
c95dd8e4 JM |
63 | def ft_params1_old_key(rsn=True, ssid=None, passphrase=None): |
64 | params = ft_params1a(rsn, ssid, passphrase) | |
65 | params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f", | |
66 | "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f" ] | |
67 | params['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f" | |
68 | return params | |
69 | ||
d0175d6e | 70 | def ft_params2a(rsn=True, ssid=None, passphrase=None): |
cd7f1b9a JM |
71 | params = ft_params(rsn, ssid, passphrase) |
72 | params['nas_identifier'] = "nas2.w1.fi" | |
73 | params['r1_key_holder'] = "000102030406" | |
d0175d6e MB |
74 | return params |
75 | ||
76 | def ft_params2(rsn=True, ssid=None, passphrase=None): | |
77 | params = ft_params2a(rsn, ssid, passphrase) | |
9441a227 MB |
78 | params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f", |
79 | "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f" ] | |
80 | params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f" | |
cd7f1b9a JM |
81 | return params |
82 | ||
c95dd8e4 JM |
83 | def ft_params2_old_key(rsn=True, ssid=None, passphrase=None): |
84 | params = ft_params2a(rsn, ssid, passphrase) | |
85 | params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f", | |
86 | "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f" ] | |
87 | params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f" | |
88 | return params | |
89 | ||
3b808945 JM |
90 | def ft_params1_r0kh_mismatch(rsn=True, ssid=None, passphrase=None): |
91 | params = ft_params(rsn, ssid, passphrase) | |
92 | params['nas_identifier'] = "nas1.w1.fi" | |
93 | params['r1_key_holder'] = "000102030405" | |
9441a227 MB |
94 | params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f", |
95 | "12:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f" ] | |
96 | params['r1kh'] = "12:00:00:00:04:00 10:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f" | |
3b808945 JM |
97 | return params |
98 | ||
99 | def ft_params2_incorrect_rrb_key(rsn=True, ssid=None, passphrase=None): | |
100 | params = ft_params(rsn, ssid, passphrase) | |
101 | params['nas_identifier'] = "nas2.w1.fi" | |
102 | params['r1_key_holder'] = "000102030406" | |
9441a227 MB |
103 | params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0ef1200102030405060708090a0b0c0d0ef1", |
104 | "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0ef2000102030405060708090a0b0c0d0ef2" ] | |
105 | params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0ef3300102030405060708090a0b0c0d0ef3" | |
3b808945 JM |
106 | return params |
107 | ||
108 | def ft_params2_r0kh_mismatch(rsn=True, ssid=None, passphrase=None): | |
109 | params = ft_params(rsn, ssid, passphrase) | |
110 | params['nas_identifier'] = "nas2.w1.fi" | |
111 | params['r1_key_holder'] = "000102030406" | |
9441a227 MB |
112 | params['r0kh'] = [ "12:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f", |
113 | "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f" ] | |
114 | params['r1kh'] = "12:00:00:00:03:00 10:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f" | |
3b808945 JM |
115 | return params |
116 | ||
7b741a53 JM |
117 | def run_roams(dev, apdev, hapd0, hapd1, ssid, passphrase, over_ds=False, |
118 | sae=False, eap=False, fail_test=False, roams=1, | |
fd7205fa JM |
119 | pairwise_cipher="CCMP", group_cipher="TKIP CCMP", ptk_rekey="0", |
120 | test_connectivity=True): | |
cd7f1b9a | 121 | logger.info("Connect to first AP") |
6f62809b JM |
122 | if eap: |
123 | dev.connect(ssid, key_mgmt="FT-EAP", proto="WPA2", ieee80211w="1", | |
2f816c21 JM |
124 | eap="GPSK", identity="gpsk user", |
125 | password="abcdefghijklmnop0123456789abcdef", | |
7b741a53 | 126 | scan_freq="2412", |
1025603b JM |
127 | pairwise=pairwise_cipher, group=group_cipher, |
128 | wpa_ptk_rekey=ptk_rekey) | |
6e658cc4 | 129 | else: |
6f62809b JM |
130 | if sae: |
131 | key_mgmt="FT-SAE" | |
132 | else: | |
133 | key_mgmt="FT-PSK" | |
134 | dev.connect(ssid, psk=passphrase, key_mgmt=key_mgmt, proto="WPA2", | |
7b741a53 | 135 | ieee80211w="1", scan_freq="2412", |
1025603b JM |
136 | pairwise=pairwise_cipher, group=group_cipher, |
137 | wpa_ptk_rekey=ptk_rekey) | |
cd7f1b9a JM |
138 | if dev.get_status_field('bssid') == apdev[0]['bssid']: |
139 | ap1 = apdev[0] | |
140 | ap2 = apdev[1] | |
a8375c94 JM |
141 | hapd1ap = hapd0 |
142 | hapd2ap = hapd1 | |
cd7f1b9a JM |
143 | else: |
144 | ap1 = apdev[1] | |
145 | ap2 = apdev[0] | |
a8375c94 JM |
146 | hapd1ap = hapd1 |
147 | hapd2ap = hapd0 | |
fd7205fa JM |
148 | if test_connectivity: |
149 | hwsim_utils.test_connectivity(dev, hapd1ap) | |
cd7f1b9a | 150 | |
655bc8bf | 151 | dev.scan_for_bss(ap2['bssid'], freq="2412") |
40602101 JM |
152 | |
153 | for i in range(0, roams): | |
154 | logger.info("Roam to the second AP") | |
155 | if over_ds: | |
156 | dev.roam_over_ds(ap2['bssid'], fail_test=fail_test) | |
157 | else: | |
158 | dev.roam(ap2['bssid'], fail_test=fail_test) | |
159 | if fail_test: | |
160 | return | |
161 | if dev.get_status_field('bssid') != ap2['bssid']: | |
162 | raise Exception("Did not connect to correct AP") | |
fd7205fa | 163 | if (i == 0 or i == roams - 1) and test_connectivity: |
a8375c94 | 164 | hwsim_utils.test_connectivity(dev, hapd2ap) |
40602101 JM |
165 | |
166 | logger.info("Roam back to the first AP") | |
167 | if over_ds: | |
168 | dev.roam_over_ds(ap1['bssid']) | |
169 | else: | |
170 | dev.roam(ap1['bssid']) | |
171 | if dev.get_status_field('bssid') != ap1['bssid']: | |
172 | raise Exception("Did not connect to correct AP") | |
fd7205fa | 173 | if (i == 0 or i == roams - 1) and test_connectivity: |
a8375c94 | 174 | hwsim_utils.test_connectivity(dev, hapd1ap) |
cd7f1b9a JM |
175 | |
176 | def test_ap_ft(dev, apdev): | |
177 | """WPA2-PSK-FT AP""" | |
178 | ssid = "test-ft" | |
179 | passphrase="12345678" | |
180 | ||
181 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 182 | hapd0 = hostapd.add_ap(apdev[0], params) |
cd7f1b9a | 183 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
8b8a1864 | 184 | hapd1 = hostapd.add_ap(apdev[1], params) |
cd7f1b9a | 185 | |
a8375c94 | 186 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase) |
91bc6c36 JM |
187 | if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"): |
188 | raise Exception("Scan results missing RSN element info") | |
cd7f1b9a | 189 | |
c95dd8e4 JM |
190 | def test_ap_ft_old_key(dev, apdev): |
191 | """WPA2-PSK-FT AP (old key)""" | |
192 | ssid = "test-ft" | |
193 | passphrase="12345678" | |
194 | ||
195 | params = ft_params1_old_key(ssid=ssid, passphrase=passphrase) | |
196 | hapd0 = hostapd.add_ap(apdev[0], params) | |
197 | params = ft_params2_old_key(ssid=ssid, passphrase=passphrase) | |
198 | hapd1 = hostapd.add_ap(apdev[1], params) | |
199 | ||
200 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase) | |
201 | ||
e4612f84 JM |
202 | def test_ap_ft_multi_akm(dev, apdev): |
203 | """WPA2-PSK-FT AP with non-FT AKMs enabled""" | |
204 | ssid = "test-ft" | |
205 | passphrase="12345678" | |
206 | ||
207 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
208 | params["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256" | |
209 | hapd0 = hostapd.add_ap(apdev[0], params) | |
210 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
211 | params["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256" | |
212 | hapd1 = hostapd.add_ap(apdev[1], params) | |
213 | ||
214 | Wlantest.setup(hapd0) | |
215 | wt = Wlantest() | |
216 | wt.flush() | |
217 | wt.add_passphrase(passphrase) | |
218 | ||
219 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase) | |
220 | if "[WPA2-PSK+FT/PSK+PSK-SHA256-CCMP]" not in dev[0].request("SCAN_RESULTS"): | |
221 | raise Exception("Scan results missing RSN element info") | |
222 | dev[1].connect(ssid, psk=passphrase, scan_freq="2412") | |
223 | dev[2].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK-SHA256", | |
224 | scan_freq="2412") | |
225 | ||
d0175d6e MB |
226 | def test_ap_ft_local_key_gen(dev, apdev): |
227 | """WPA2-PSK-FT AP with local key generation (without pull/push)""" | |
228 | ssid = "test-ft" | |
229 | passphrase="12345678" | |
230 | ||
231 | params = ft_params1a(ssid=ssid, passphrase=passphrase) | |
232 | params['ft_psk_generate_local'] = "1"; | |
8344ba12 | 233 | del params['pmk_r1_push'] |
d0175d6e MB |
234 | hapd0 = hostapd.add_ap(apdev[0]['ifname'], params) |
235 | params = ft_params2a(ssid=ssid, passphrase=passphrase) | |
236 | params['ft_psk_generate_local'] = "1"; | |
8344ba12 | 237 | del params['pmk_r1_push'] |
d0175d6e MB |
238 | hapd1 = hostapd.add_ap(apdev[1]['ifname'], params) |
239 | ||
240 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase) | |
241 | if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"): | |
242 | raise Exception("Scan results missing RSN element info") | |
243 | ||
40602101 JM |
244 | def test_ap_ft_many(dev, apdev): |
245 | """WPA2-PSK-FT AP multiple times""" | |
246 | ssid = "test-ft" | |
247 | passphrase="12345678" | |
248 | ||
249 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 250 | hapd0 = hostapd.add_ap(apdev[0], params) |
40602101 | 251 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
8b8a1864 | 252 | hapd1 = hostapd.add_ap(apdev[1], params) |
40602101 | 253 | |
a8375c94 | 254 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, roams=50) |
40602101 | 255 | |
cd7f1b9a JM |
256 | def test_ap_ft_mixed(dev, apdev): |
257 | """WPA2-PSK-FT mixed-mode AP""" | |
258 | ssid = "test-ft-mixed" | |
259 | passphrase="12345678" | |
260 | ||
261 | params = ft_params1(rsn=False, ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 262 | hapd = hostapd.add_ap(apdev[0], params) |
65038313 JM |
263 | key_mgmt = hapd.get_config()['key_mgmt'] |
264 | vals = key_mgmt.split(' ') | |
265 | if vals[0] != "WPA-PSK" or vals[1] != "FT-PSK": | |
266 | raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt) | |
cd7f1b9a | 267 | params = ft_params2(rsn=False, ssid=ssid, passphrase=passphrase) |
8b8a1864 | 268 | hapd1 = hostapd.add_ap(apdev[1], params) |
cd7f1b9a | 269 | |
a8375c94 | 270 | run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase) |
cd7f1b9a JM |
271 | |
272 | def test_ap_ft_pmf(dev, apdev): | |
273 | """WPA2-PSK-FT AP with PMF""" | |
274 | ssid = "test-ft" | |
275 | passphrase="12345678" | |
276 | ||
277 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
bc6e3288 | 278 | params["ieee80211w"] = "2" |
8b8a1864 | 279 | hapd0 = hostapd.add_ap(apdev[0], params) |
cd7f1b9a | 280 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
bc6e3288 | 281 | params["ieee80211w"] = "2" |
8b8a1864 | 282 | hapd1 = hostapd.add_ap(apdev[1], params) |
cd7f1b9a | 283 | |
a8375c94 | 284 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase) |
b553eab1 JM |
285 | |
286 | def test_ap_ft_over_ds(dev, apdev): | |
287 | """WPA2-PSK-FT AP over DS""" | |
288 | ssid = "test-ft" | |
289 | passphrase="12345678" | |
290 | ||
291 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 292 | hapd0 = hostapd.add_ap(apdev[0], params) |
b553eab1 | 293 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
8b8a1864 | 294 | hapd1 = hostapd.add_ap(apdev[1], params) |
b553eab1 | 295 | |
a8375c94 | 296 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True) |
eaf3f9b1 JM |
297 | check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"), |
298 | ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4") ]) | |
b553eab1 | 299 | |
55139acb JM |
300 | def test_ap_ft_over_ds_disabled(dev, apdev): |
301 | """WPA2-PSK-FT AP over DS disabled""" | |
302 | ssid = "test-ft" | |
303 | passphrase="12345678" | |
304 | ||
305 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
306 | params['ft_over_ds'] = '0' | |
307 | hapd0 = hostapd.add_ap(apdev[0], params) | |
308 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
309 | params['ft_over_ds'] = '0' | |
310 | hapd1 = hostapd.add_ap(apdev[1], params) | |
311 | ||
312 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, | |
313 | fail_test=True) | |
314 | ||
40602101 JM |
315 | def test_ap_ft_over_ds_many(dev, apdev): |
316 | """WPA2-PSK-FT AP over DS multiple times""" | |
317 | ssid = "test-ft" | |
318 | passphrase="12345678" | |
319 | ||
320 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 321 | hapd0 = hostapd.add_ap(apdev[0], params) |
40602101 | 322 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
8b8a1864 | 323 | hapd1 = hostapd.add_ap(apdev[1], params) |
40602101 | 324 | |
a8375c94 JM |
325 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, |
326 | roams=50) | |
40602101 | 327 | |
9fd6804d | 328 | @remote_compatible |
c337d07a JM |
329 | def test_ap_ft_over_ds_unknown_target(dev, apdev): |
330 | """WPA2-PSK-FT AP""" | |
331 | ssid = "test-ft" | |
332 | passphrase="12345678" | |
333 | ||
334 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 335 | hapd0 = hostapd.add_ap(apdev[0], params) |
c337d07a JM |
336 | |
337 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
338 | scan_freq="2412") | |
339 | dev[0].roam_over_ds("02:11:22:33:44:55", fail_test=True) | |
340 | ||
9fd6804d | 341 | @remote_compatible |
211bb7c5 JM |
342 | def test_ap_ft_over_ds_unexpected(dev, apdev): |
343 | """WPA2-PSK-FT AP over DS and unexpected response""" | |
344 | ssid = "test-ft" | |
345 | passphrase="12345678" | |
346 | ||
347 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 348 | hapd0 = hostapd.add_ap(apdev[0], params) |
211bb7c5 | 349 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
8b8a1864 | 350 | hapd1 = hostapd.add_ap(apdev[1], params) |
211bb7c5 JM |
351 | |
352 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
353 | scan_freq="2412") | |
354 | if dev[0].get_status_field('bssid') == apdev[0]['bssid']: | |
355 | ap1 = apdev[0] | |
356 | ap2 = apdev[1] | |
357 | hapd1ap = hapd0 | |
358 | hapd2ap = hapd1 | |
359 | else: | |
360 | ap1 = apdev[1] | |
361 | ap2 = apdev[0] | |
362 | hapd1ap = hapd1 | |
363 | hapd2ap = hapd0 | |
364 | ||
365 | addr = dev[0].own_addr() | |
366 | hapd1ap.set("ext_mgmt_frame_handling", "1") | |
367 | logger.info("Foreign STA address") | |
368 | msg = {} | |
369 | msg['fc'] = 13 << 4 | |
370 | msg['da'] = addr | |
371 | msg['sa'] = ap1['bssid'] | |
372 | msg['bssid'] = ap1['bssid'] | |
373 | msg['payload'] = binascii.unhexlify("06021122334455660102030405060000") | |
374 | hapd1ap.mgmt_tx(msg) | |
375 | ||
376 | logger.info("No over-the-DS in progress") | |
377 | msg['payload'] = binascii.unhexlify("0602" + addr.replace(':', '') + "0102030405060000") | |
378 | hapd1ap.mgmt_tx(msg) | |
379 | ||
380 | logger.info("Non-zero status code") | |
381 | msg['payload'] = binascii.unhexlify("0602" + addr.replace(':', '') + "0102030405060100") | |
382 | hapd1ap.mgmt_tx(msg) | |
383 | ||
384 | hapd1ap.dump_monitor() | |
385 | ||
386 | dev[0].scan_for_bss(ap2['bssid'], freq="2412") | |
387 | if "OK" not in dev[0].request("FT_DS " + ap2['bssid']): | |
388 | raise Exception("FT_DS failed") | |
389 | ||
390 | req = hapd1ap.mgmt_rx() | |
391 | ||
392 | logger.info("Foreign Target AP") | |
393 | msg['payload'] = binascii.unhexlify("0602" + addr.replace(':', '') + "0102030405060000") | |
394 | hapd1ap.mgmt_tx(msg) | |
395 | ||
396 | addrs = addr.replace(':', '') + ap2['bssid'].replace(':', '') | |
397 | ||
398 | logger.info("No IEs") | |
399 | msg['payload'] = binascii.unhexlify("0602" + addrs + "0000") | |
400 | hapd1ap.mgmt_tx(msg) | |
401 | ||
402 | logger.info("Invalid IEs (trigger parsing failure)") | |
403 | msg['payload'] = binascii.unhexlify("0602" + addrs + "00003700") | |
404 | hapd1ap.mgmt_tx(msg) | |
405 | ||
406 | logger.info("Too short MDIE") | |
407 | msg['payload'] = binascii.unhexlify("0602" + addrs + "000036021122") | |
408 | hapd1ap.mgmt_tx(msg) | |
409 | ||
410 | logger.info("Mobility domain mismatch") | |
411 | msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603112201") | |
412 | hapd1ap.mgmt_tx(msg) | |
413 | ||
414 | logger.info("No FTIE") | |
415 | msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201") | |
416 | hapd1ap.mgmt_tx(msg) | |
417 | ||
418 | logger.info("FTIE SNonce mismatch") | |
419 | msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "1000000000000000000000000000000000000000000000000000000000000001" + "030a6e6173322e77312e6669") | |
420 | hapd1ap.mgmt_tx(msg) | |
421 | ||
422 | logger.info("No R0KH-ID subelem in FTIE") | |
423 | snonce = binascii.hexlify(req['payload'][111:111+32]) | |
424 | msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b20137520000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce) | |
425 | hapd1ap.mgmt_tx(msg) | |
426 | ||
427 | logger.info("No R0KH-ID subelem mismatch in FTIE") | |
428 | snonce = binascii.hexlify(req['payload'][111:111+32]) | |
429 | msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce + "030a11223344556677889900") | |
430 | hapd1ap.mgmt_tx(msg) | |
431 | ||
432 | logger.info("No R1KH-ID subelem in FTIE") | |
433 | r0khid = binascii.hexlify(req['payload'][145:145+10]) | |
434 | msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce + "030a" + r0khid) | |
435 | hapd1ap.mgmt_tx(msg) | |
436 | ||
437 | logger.info("No RSNE") | |
438 | r0khid = binascii.hexlify(req['payload'][145:145+10]) | |
439 | msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b20137660000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce + "030a" + r0khid + "0106000102030405") | |
440 | hapd1ap.mgmt_tx(msg) | |
441 | ||
b553eab1 JM |
442 | def test_ap_ft_pmf_over_ds(dev, apdev): |
443 | """WPA2-PSK-FT AP over DS with PMF""" | |
444 | ssid = "test-ft" | |
445 | passphrase="12345678" | |
446 | ||
447 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
bc6e3288 | 448 | params["ieee80211w"] = "2" |
8b8a1864 | 449 | hapd0 = hostapd.add_ap(apdev[0], params) |
b553eab1 | 450 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
bc6e3288 | 451 | params["ieee80211w"] = "2" |
8b8a1864 | 452 | hapd1 = hostapd.add_ap(apdev[1], params) |
b553eab1 | 453 | |
a8375c94 | 454 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True) |
6e658cc4 | 455 | |
aaba98d3 JM |
456 | def test_ap_ft_over_ds_pull(dev, apdev): |
457 | """WPA2-PSK-FT AP over DS (pull PMK)""" | |
458 | ssid = "test-ft" | |
459 | passphrase="12345678" | |
460 | ||
461 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
462 | params["pmk_r1_push"] = "0" | |
8b8a1864 | 463 | hapd0 = hostapd.add_ap(apdev[0], params) |
aaba98d3 JM |
464 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
465 | params["pmk_r1_push"] = "0" | |
8b8a1864 | 466 | hapd1 = hostapd.add_ap(apdev[1], params) |
aaba98d3 | 467 | |
a8375c94 | 468 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True) |
aaba98d3 | 469 | |
c95dd8e4 JM |
470 | def test_ap_ft_over_ds_pull_old_key(dev, apdev): |
471 | """WPA2-PSK-FT AP over DS (pull PMK; old key)""" | |
472 | ssid = "test-ft" | |
473 | passphrase="12345678" | |
474 | ||
475 | params = ft_params1_old_key(ssid=ssid, passphrase=passphrase) | |
476 | params["pmk_r1_push"] = "0" | |
477 | hapd0 = hostapd.add_ap(apdev[0], params) | |
478 | params = ft_params2_old_key(ssid=ssid, passphrase=passphrase) | |
479 | params["pmk_r1_push"] = "0" | |
480 | hapd1 = hostapd.add_ap(apdev[1], params) | |
481 | ||
482 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True) | |
483 | ||
6e658cc4 JM |
484 | def test_ap_ft_sae(dev, apdev): |
485 | """WPA2-PSK-FT-SAE AP""" | |
b9749b6a JM |
486 | if "SAE" not in dev[0].get_capability("auth_alg"): |
487 | raise HwsimSkip("SAE not supported") | |
6e658cc4 JM |
488 | ssid = "test-ft" |
489 | passphrase="12345678" | |
490 | ||
491 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
492 | params['wpa_key_mgmt'] = "FT-SAE" | |
8b8a1864 | 493 | hapd0 = hostapd.add_ap(apdev[0], params) |
6e658cc4 JM |
494 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
495 | params['wpa_key_mgmt'] = "FT-SAE" | |
8b8a1864 | 496 | hapd = hostapd.add_ap(apdev[1], params) |
65038313 JM |
497 | key_mgmt = hapd.get_config()['key_mgmt'] |
498 | if key_mgmt.split(' ')[0] != "FT-SAE": | |
499 | raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt) | |
6e658cc4 | 500 | |
17ffdf39 | 501 | dev[0].request("SET sae_groups ") |
a8375c94 | 502 | run_roams(dev[0], apdev, hapd0, hapd, ssid, passphrase, sae=True) |
6e658cc4 JM |
503 | |
504 | def test_ap_ft_sae_over_ds(dev, apdev): | |
505 | """WPA2-PSK-FT-SAE AP over DS""" | |
b9749b6a JM |
506 | if "SAE" not in dev[0].get_capability("auth_alg"): |
507 | raise HwsimSkip("SAE not supported") | |
6e658cc4 JM |
508 | ssid = "test-ft" |
509 | passphrase="12345678" | |
510 | ||
511 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
512 | params['wpa_key_mgmt'] = "FT-SAE" | |
8b8a1864 | 513 | hapd0 = hostapd.add_ap(apdev[0], params) |
6e658cc4 JM |
514 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
515 | params['wpa_key_mgmt'] = "FT-SAE" | |
8b8a1864 | 516 | hapd1 = hostapd.add_ap(apdev[1], params) |
6e658cc4 | 517 | |
17ffdf39 | 518 | dev[0].request("SET sae_groups ") |
a8375c94 JM |
519 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, sae=True, |
520 | over_ds=True) | |
6f62809b JM |
521 | |
522 | def test_ap_ft_eap(dev, apdev): | |
523 | """WPA2-EAP-FT AP""" | |
524 | ssid = "test-ft" | |
525 | passphrase="12345678" | |
526 | ||
527 | radius = hostapd.radius_params() | |
528 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
529 | params['wpa_key_mgmt'] = "FT-EAP" | |
530 | params["ieee8021x"] = "1" | |
531 | params = dict(radius.items() + params.items()) | |
8b8a1864 | 532 | hapd = hostapd.add_ap(apdev[0], params) |
65038313 JM |
533 | key_mgmt = hapd.get_config()['key_mgmt'] |
534 | if key_mgmt.split(' ')[0] != "FT-EAP": | |
535 | raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt) | |
6f62809b JM |
536 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
537 | params['wpa_key_mgmt'] = "FT-EAP" | |
538 | params["ieee8021x"] = "1" | |
539 | params = dict(radius.items() + params.items()) | |
8b8a1864 | 540 | hapd1 = hostapd.add_ap(apdev[1], params) |
6f62809b | 541 | |
a8375c94 | 542 | run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True) |
91bc6c36 JM |
543 | if "[WPA2-FT/EAP-CCMP]" not in dev[0].request("SCAN_RESULTS"): |
544 | raise Exception("Scan results missing RSN element info") | |
eaf3f9b1 JM |
545 | check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-3"), |
546 | ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-3") ]) | |
aaba98d3 | 547 | |
4013d688 JM |
548 | # Verify EAPOL reauthentication after FT protocol |
549 | if dev[0].get_status_field('bssid') == apdev[0]['bssid']: | |
550 | ap = hapd | |
551 | else: | |
552 | ap = hapd1 | |
553 | ap.request("EAPOL_REAUTH " + dev[0].own_addr()) | |
554 | ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5) | |
555 | if ev is None: | |
556 | raise Exception("EAP authentication did not start") | |
557 | ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=5) | |
558 | if ev is None: | |
559 | raise Exception("EAP authentication did not succeed") | |
560 | time.sleep(0.1) | |
561 | hwsim_utils.test_connectivity(dev[0], ap) | |
562 | ||
aaba98d3 JM |
563 | def test_ap_ft_eap_pull(dev, apdev): |
564 | """WPA2-EAP-FT AP (pull PMK)""" | |
565 | ssid = "test-ft" | |
566 | passphrase="12345678" | |
567 | ||
568 | radius = hostapd.radius_params() | |
569 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
570 | params['wpa_key_mgmt'] = "FT-EAP" | |
571 | params["ieee8021x"] = "1" | |
572 | params["pmk_r1_push"] = "0" | |
573 | params = dict(radius.items() + params.items()) | |
8b8a1864 | 574 | hapd = hostapd.add_ap(apdev[0], params) |
aaba98d3 JM |
575 | key_mgmt = hapd.get_config()['key_mgmt'] |
576 | if key_mgmt.split(' ')[0] != "FT-EAP": | |
577 | raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt) | |
578 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
579 | params['wpa_key_mgmt'] = "FT-EAP" | |
580 | params["ieee8021x"] = "1" | |
581 | params["pmk_r1_push"] = "0" | |
582 | params = dict(radius.items() + params.items()) | |
8b8a1864 | 583 | hapd1 = hostapd.add_ap(apdev[1], params) |
aaba98d3 | 584 | |
a8375c94 | 585 | run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True) |
3b808945 | 586 | |
9fd6804d | 587 | @remote_compatible |
3b808945 JM |
588 | def test_ap_ft_mismatching_rrb_key_push(dev, apdev): |
589 | """WPA2-PSK-FT AP over DS with mismatching RRB key (push)""" | |
590 | ssid = "test-ft" | |
591 | passphrase="12345678" | |
592 | ||
593 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
bc6e3288 | 594 | params["ieee80211w"] = "2" |
8b8a1864 | 595 | hapd0 = hostapd.add_ap(apdev[0], params) |
3b808945 | 596 | params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase) |
bc6e3288 | 597 | params["ieee80211w"] = "2" |
8b8a1864 | 598 | hapd1 = hostapd.add_ap(apdev[1], params) |
3b808945 | 599 | |
a8375c94 JM |
600 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, |
601 | fail_test=True) | |
3b808945 | 602 | |
9fd6804d | 603 | @remote_compatible |
3b808945 JM |
604 | def test_ap_ft_mismatching_rrb_key_pull(dev, apdev): |
605 | """WPA2-PSK-FT AP over DS with mismatching RRB key (pull)""" | |
606 | ssid = "test-ft" | |
607 | passphrase="12345678" | |
608 | ||
609 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
610 | params["pmk_r1_push"] = "0" | |
8b8a1864 | 611 | hapd0 = hostapd.add_ap(apdev[0], params) |
3b808945 JM |
612 | params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase) |
613 | params["pmk_r1_push"] = "0" | |
8b8a1864 | 614 | hapd1 = hostapd.add_ap(apdev[1], params) |
3b808945 | 615 | |
a8375c94 JM |
616 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, |
617 | fail_test=True) | |
3b808945 | 618 | |
9fd6804d | 619 | @remote_compatible |
ae14a2e2 JM |
620 | def test_ap_ft_mismatching_r0kh_id_pull(dev, apdev): |
621 | """WPA2-PSK-FT AP over DS with mismatching R0KH-ID (pull)""" | |
622 | ssid = "test-ft" | |
623 | passphrase="12345678" | |
624 | ||
625 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
626 | params["pmk_r1_push"] = "0" | |
627 | params["nas_identifier"] = "nas0.w1.fi" | |
8b8a1864 | 628 | hostapd.add_ap(apdev[0], params) |
2f816c21 JM |
629 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", |
630 | scan_freq="2412") | |
ae14a2e2 JM |
631 | |
632 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
633 | params["pmk_r1_push"] = "0" | |
8b8a1864 | 634 | hostapd.add_ap(apdev[1], params) |
ae14a2e2 JM |
635 | |
636 | dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412") | |
637 | dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True) | |
638 | ||
9fd6804d | 639 | @remote_compatible |
3b808945 JM |
640 | def test_ap_ft_mismatching_rrb_r0kh_push(dev, apdev): |
641 | """WPA2-PSK-FT AP over DS with mismatching R0KH key (push)""" | |
642 | ssid = "test-ft" | |
643 | passphrase="12345678" | |
644 | ||
645 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
bc6e3288 | 646 | params["ieee80211w"] = "2" |
8b8a1864 | 647 | hapd0 = hostapd.add_ap(apdev[0], params) |
3b808945 | 648 | params = ft_params2_r0kh_mismatch(ssid=ssid, passphrase=passphrase) |
bc6e3288 | 649 | params["ieee80211w"] = "2" |
8b8a1864 | 650 | hapd1 = hostapd.add_ap(apdev[1], params) |
3b808945 | 651 | |
a8375c94 JM |
652 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, |
653 | fail_test=True) | |
3b808945 | 654 | |
9fd6804d | 655 | @remote_compatible |
3b808945 JM |
656 | def test_ap_ft_mismatching_rrb_r0kh_pull(dev, apdev): |
657 | """WPA2-PSK-FT AP over DS with mismatching R0KH key (pull)""" | |
658 | ssid = "test-ft" | |
659 | passphrase="12345678" | |
660 | ||
661 | params = ft_params1_r0kh_mismatch(ssid=ssid, passphrase=passphrase) | |
662 | params["pmk_r1_push"] = "0" | |
8b8a1864 | 663 | hapd0 = hostapd.add_ap(apdev[0], params) |
3b808945 JM |
664 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
665 | params["pmk_r1_push"] = "0" | |
8b8a1864 | 666 | hapd1 = hostapd.add_ap(apdev[1], params) |
3b808945 | 667 | |
a8375c94 JM |
668 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, |
669 | fail_test=True) | |
c6b6e105 | 670 | |
150948e6 MB |
671 | def test_ap_ft_mismatching_rrb_key_push_eap(dev, apdev): |
672 | """WPA2-EAP-FT AP over DS with mismatching RRB key (push)""" | |
673 | ssid = "test-ft" | |
674 | passphrase="12345678" | |
675 | ||
676 | radius = hostapd.radius_params() | |
677 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
678 | params["ieee80211w"] = "2"; | |
679 | params['wpa_key_mgmt'] = "FT-EAP" | |
680 | params["ieee8021x"] = "1" | |
681 | params = dict(radius.items() + params.items()) | |
682 | hapd0 = hostapd.add_ap(apdev[0]['ifname'], params) | |
683 | params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase) | |
684 | params["ieee80211w"] = "2"; | |
685 | params['wpa_key_mgmt'] = "FT-EAP" | |
686 | params["ieee8021x"] = "1" | |
687 | params = dict(radius.items() + params.items()) | |
688 | hapd1 = hostapd.add_ap(apdev[1]['ifname'], params) | |
689 | ||
690 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, | |
691 | fail_test=True, eap=True) | |
692 | ||
693 | def test_ap_ft_mismatching_rrb_key_pull_eap(dev, apdev): | |
694 | """WPA2-EAP-FT AP over DS with mismatching RRB key (pull)""" | |
695 | ssid = "test-ft" | |
696 | passphrase="12345678" | |
697 | ||
698 | radius = hostapd.radius_params() | |
699 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
700 | params["pmk_r1_push"] = "0" | |
701 | params['wpa_key_mgmt'] = "FT-EAP" | |
702 | params["ieee8021x"] = "1" | |
703 | params = dict(radius.items() + params.items()) | |
704 | hapd0 = hostapd.add_ap(apdev[0]['ifname'], params) | |
705 | params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase) | |
706 | params["pmk_r1_push"] = "0" | |
707 | params['wpa_key_mgmt'] = "FT-EAP" | |
708 | params["ieee8021x"] = "1" | |
709 | params = dict(radius.items() + params.items()) | |
710 | hapd1 = hostapd.add_ap(apdev[1]['ifname'], params) | |
711 | ||
712 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, | |
713 | fail_test=True, eap=True) | |
714 | ||
715 | def test_ap_ft_mismatching_r0kh_id_pull_eap(dev, apdev): | |
716 | """WPA2-EAP-FT AP over DS with mismatching R0KH-ID (pull)""" | |
717 | ssid = "test-ft" | |
718 | passphrase="12345678" | |
719 | ||
720 | radius = hostapd.radius_params() | |
721 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
722 | params["pmk_r1_push"] = "0" | |
723 | params["nas_identifier"] = "nas0.w1.fi" | |
724 | params['wpa_key_mgmt'] = "FT-EAP" | |
725 | params["ieee8021x"] = "1" | |
726 | params = dict(radius.items() + params.items()) | |
727 | hostapd.add_ap(apdev[0]['ifname'], params) | |
728 | dev[0].connect(ssid, key_mgmt="FT-EAP", proto="WPA2", ieee80211w="1", | |
729 | eap="GPSK", identity="gpsk user", | |
730 | password="abcdefghijklmnop0123456789abcdef", | |
731 | scan_freq="2412") | |
732 | ||
733 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
734 | params["pmk_r1_push"] = "0" | |
735 | params['wpa_key_mgmt'] = "FT-EAP" | |
736 | params["ieee8021x"] = "1" | |
737 | params = dict(radius.items() + params.items()) | |
738 | hostapd.add_ap(apdev[1]['ifname'], params) | |
739 | ||
740 | dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412") | |
741 | dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True) | |
742 | ||
743 | def test_ap_ft_mismatching_rrb_r0kh_push_eap(dev, apdev): | |
744 | """WPA2-EAP-FT AP over DS with mismatching R0KH key (push)""" | |
745 | ssid = "test-ft" | |
746 | passphrase="12345678" | |
747 | ||
748 | radius = hostapd.radius_params() | |
749 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
750 | params["ieee80211w"] = "2"; | |
751 | params['wpa_key_mgmt'] = "FT-EAP" | |
752 | params["ieee8021x"] = "1" | |
753 | params = dict(radius.items() + params.items()) | |
754 | hapd0 = hostapd.add_ap(apdev[0]['ifname'], params) | |
755 | params = ft_params2_r0kh_mismatch(ssid=ssid, passphrase=passphrase) | |
756 | params["ieee80211w"] = "2"; | |
757 | params['wpa_key_mgmt'] = "FT-EAP" | |
758 | params["ieee8021x"] = "1" | |
759 | params = dict(radius.items() + params.items()) | |
760 | hapd1 = hostapd.add_ap(apdev[1]['ifname'], params) | |
761 | ||
762 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, | |
763 | fail_test=True, eap=True) | |
764 | ||
765 | def test_ap_ft_mismatching_rrb_r0kh_pull_eap(dev, apdev): | |
766 | """WPA2-EAP-FT AP over DS with mismatching R0KH key (pull)""" | |
767 | ssid = "test-ft" | |
768 | passphrase="12345678" | |
769 | ||
770 | radius = hostapd.radius_params() | |
771 | params = ft_params1_r0kh_mismatch(ssid=ssid, passphrase=passphrase) | |
772 | params["pmk_r1_push"] = "0" | |
773 | params['wpa_key_mgmt'] = "FT-EAP" | |
774 | params["ieee8021x"] = "1" | |
775 | params = dict(radius.items() + params.items()) | |
776 | hapd0 = hostapd.add_ap(apdev[0]['ifname'], params) | |
777 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
778 | params["pmk_r1_push"] = "0" | |
779 | params['wpa_key_mgmt'] = "FT-EAP" | |
780 | params["ieee8021x"] = "1" | |
781 | params = dict(radius.items() + params.items()) | |
782 | hapd1 = hostapd.add_ap(apdev[1]['ifname'], params) | |
783 | ||
784 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, | |
785 | fail_test=True, eap=True) | |
786 | ||
c6b6e105 JM |
787 | def test_ap_ft_gtk_rekey(dev, apdev): |
788 | """WPA2-PSK-FT AP and GTK rekey""" | |
789 | ssid = "test-ft" | |
790 | passphrase="12345678" | |
791 | ||
792 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
793 | params['wpa_group_rekey'] = '1' | |
8b8a1864 | 794 | hapd = hostapd.add_ap(apdev[0], params) |
c6b6e105 JM |
795 | |
796 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
2f816c21 | 797 | ieee80211w="1", scan_freq="2412") |
c6b6e105 JM |
798 | |
799 | ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2) | |
800 | if ev is None: | |
801 | raise Exception("GTK rekey timed out after initial association") | |
a8375c94 | 802 | hwsim_utils.test_connectivity(dev[0], hapd) |
c6b6e105 JM |
803 | |
804 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
805 | params['wpa_group_rekey'] = '1' | |
8b8a1864 | 806 | hapd1 = hostapd.add_ap(apdev[1], params) |
c6b6e105 JM |
807 | |
808 | dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412") | |
809 | dev[0].roam(apdev[1]['bssid']) | |
810 | if dev[0].get_status_field('bssid') != apdev[1]['bssid']: | |
811 | raise Exception("Did not connect to correct AP") | |
a8375c94 | 812 | hwsim_utils.test_connectivity(dev[0], hapd1) |
c6b6e105 JM |
813 | |
814 | ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2) | |
815 | if ev is None: | |
816 | raise Exception("GTK rekey timed out after FT protocol") | |
a8375c94 | 817 | hwsim_utils.test_connectivity(dev[0], hapd1) |
5b3c40a6 JM |
818 | |
819 | def test_ft_psk_key_lifetime_in_memory(dev, apdev, params): | |
820 | """WPA2-PSK-FT and key lifetime in memory""" | |
821 | ssid = "test-ft" | |
822 | passphrase="04c2726b4b8d5f1b4db9c07aa4d9e9d8f765cb5d25ec817e6cc4fcdd5255db0" | |
823 | psk = '93c90846ff67af9037ed83fb72b63dbeddaa81d47f926c20909b5886f1d9358d' | |
824 | pmk = binascii.unhexlify(psk) | |
825 | p = ft_params1(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 826 | hapd0 = hostapd.add_ap(apdev[0], p) |
5b3c40a6 | 827 | p = ft_params2(ssid=ssid, passphrase=passphrase) |
8b8a1864 | 828 | hapd1 = hostapd.add_ap(apdev[1], p) |
5b3c40a6 JM |
829 | |
830 | pid = find_wpas_process(dev[0]) | |
831 | ||
832 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
833 | scan_freq="2412") | |
8e416cec JM |
834 | # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED |
835 | # event has been delivered, so verify that wpa_supplicant has returned to | |
836 | # eloop before reading process memory. | |
54f2cae2 | 837 | time.sleep(1) |
8e416cec | 838 | dev[0].ping() |
5b3c40a6 JM |
839 | |
840 | buf = read_process_memory(pid, pmk) | |
841 | ||
842 | dev[0].request("DISCONNECT") | |
843 | dev[0].wait_disconnected() | |
844 | ||
845 | dev[0].relog() | |
846 | pmkr0 = None | |
847 | pmkr1 = None | |
848 | ptk = None | |
849 | gtk = None | |
850 | with open(os.path.join(params['logdir'], 'log0'), 'r') as f: | |
851 | for l in f.readlines(): | |
852 | if "FT: PMK-R0 - hexdump" in l: | |
853 | val = l.strip().split(':')[3].replace(' ', '') | |
854 | pmkr0 = binascii.unhexlify(val) | |
855 | if "FT: PMK-R1 - hexdump" in l: | |
856 | val = l.strip().split(':')[3].replace(' ', '') | |
857 | pmkr1 = binascii.unhexlify(val) | |
f918b95b | 858 | if "FT: KCK - hexdump" in l: |
5b3c40a6 | 859 | val = l.strip().split(':')[3].replace(' ', '') |
f918b95b JM |
860 | kck = binascii.unhexlify(val) |
861 | if "FT: KEK - hexdump" in l: | |
862 | val = l.strip().split(':')[3].replace(' ', '') | |
863 | kek = binascii.unhexlify(val) | |
864 | if "FT: TK - hexdump" in l: | |
865 | val = l.strip().split(':')[3].replace(' ', '') | |
866 | tk = binascii.unhexlify(val) | |
5b3c40a6 JM |
867 | if "WPA: Group Key - hexdump" in l: |
868 | val = l.strip().split(':')[3].replace(' ', '') | |
869 | gtk = binascii.unhexlify(val) | |
f918b95b | 870 | if not pmkr0 or not pmkr1 or not kck or not kek or not tk or not gtk: |
5b3c40a6 JM |
871 | raise Exception("Could not find keys from debug log") |
872 | if len(gtk) != 16: | |
873 | raise Exception("Unexpected GTK length") | |
874 | ||
5b3c40a6 JM |
875 | logger.info("Checking keys in memory while associated") |
876 | get_key_locations(buf, pmk, "PMK") | |
877 | get_key_locations(buf, pmkr0, "PMK-R0") | |
878 | get_key_locations(buf, pmkr1, "PMK-R1") | |
879 | if pmk not in buf: | |
81e787b7 | 880 | raise HwsimSkip("PMK not found while associated") |
5b3c40a6 | 881 | if pmkr0 not in buf: |
81e787b7 | 882 | raise HwsimSkip("PMK-R0 not found while associated") |
5b3c40a6 | 883 | if pmkr1 not in buf: |
81e787b7 | 884 | raise HwsimSkip("PMK-R1 not found while associated") |
5b3c40a6 JM |
885 | if kck not in buf: |
886 | raise Exception("KCK not found while associated") | |
887 | if kek not in buf: | |
888 | raise Exception("KEK not found while associated") | |
889 | if tk in buf: | |
890 | raise Exception("TK found from memory") | |
891 | if gtk in buf: | |
8eb45bde | 892 | get_key_locations(buf, gtk, "GTK") |
5b3c40a6 JM |
893 | raise Exception("GTK found from memory") |
894 | ||
895 | logger.info("Checking keys in memory after disassociation") | |
896 | buf = read_process_memory(pid, pmk) | |
897 | get_key_locations(buf, pmk, "PMK") | |
898 | get_key_locations(buf, pmkr0, "PMK-R0") | |
899 | get_key_locations(buf, pmkr1, "PMK-R1") | |
900 | ||
901 | # Note: PMK/PSK is still present in network configuration | |
902 | ||
903 | fname = os.path.join(params['logdir'], | |
904 | 'ft_psk_key_lifetime_in_memory.memctx-') | |
905 | verify_not_present(buf, pmkr0, fname, "PMK-R0") | |
906 | verify_not_present(buf, pmkr1, fname, "PMK-R1") | |
907 | verify_not_present(buf, kck, fname, "KCK") | |
908 | verify_not_present(buf, kek, fname, "KEK") | |
909 | verify_not_present(buf, tk, fname, "TK") | |
910 | verify_not_present(buf, gtk, fname, "GTK") | |
911 | ||
912 | dev[0].request("REMOVE_NETWORK all") | |
913 | ||
914 | logger.info("Checking keys in memory after network profile removal") | |
915 | buf = read_process_memory(pid, pmk) | |
916 | get_key_locations(buf, pmk, "PMK") | |
917 | get_key_locations(buf, pmkr0, "PMK-R0") | |
918 | get_key_locations(buf, pmkr1, "PMK-R1") | |
919 | ||
920 | verify_not_present(buf, pmk, fname, "PMK") | |
921 | verify_not_present(buf, pmkr0, fname, "PMK-R0") | |
922 | verify_not_present(buf, pmkr1, fname, "PMK-R1") | |
923 | verify_not_present(buf, kck, fname, "KCK") | |
924 | verify_not_present(buf, kek, fname, "KEK") | |
925 | verify_not_present(buf, tk, fname, "TK") | |
926 | verify_not_present(buf, gtk, fname, "GTK") | |
664093b5 | 927 | |
9fd6804d | 928 | @remote_compatible |
664093b5 JM |
929 | def test_ap_ft_invalid_resp(dev, apdev): |
930 | """WPA2-PSK-FT AP and invalid response IEs""" | |
931 | ssid = "test-ft" | |
932 | passphrase="12345678" | |
933 | ||
934 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 935 | hapd0 = hostapd.add_ap(apdev[0], params) |
664093b5 JM |
936 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", |
937 | scan_freq="2412") | |
938 | ||
939 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 940 | hapd1 = hostapd.add_ap(apdev[1], params) |
664093b5 JM |
941 | |
942 | tests = [ | |
943 | # Various IEs for test coverage. The last one is FTIE with invalid | |
944 | # R1KH-ID subelement. | |
945 | "020002000000" + "3800" + "38051122334455" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010100", | |
946 | # FTIE with invalid R0KH-ID subelement (len=0). | |
947 | "020002000000" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010300", | |
948 | # FTIE with invalid R0KH-ID subelement (len=49). | |
949 | "020002000000" + "378500010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001033101020304050607080910111213141516171819202122232425262728293031323334353637383940414243444546474849", | |
950 | # Invalid RSNE. | |
951 | "020002000000" + "3000", | |
952 | # Required IEs missing from protected IE count. | |
953 | "020002000000" + "3603a1b201" + "375200010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900", | |
954 | # RIC missing from protected IE count. | |
955 | "020002000000" + "3603a1b201" + "375200020203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900", | |
956 | # Protected IE missing. | |
957 | "020002000000" + "3603a1b201" + "375200ff0203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900" + "0000" ] | |
958 | for t in tests: | |
959 | dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412") | |
960 | hapd1.set("ext_mgmt_frame_handling", "1") | |
961 | hapd1.dump_monitor() | |
962 | if "OK" not in dev[0].request("ROAM " + apdev[1]['bssid']): | |
963 | raise Exception("ROAM failed") | |
964 | auth = None | |
965 | for i in range(20): | |
966 | msg = hapd1.mgmt_rx() | |
967 | if msg['subtype'] == 11: | |
968 | auth = msg | |
969 | break | |
970 | if not auth: | |
971 | raise Exception("Authentication frame not seen") | |
972 | ||
973 | resp = {} | |
974 | resp['fc'] = auth['fc'] | |
975 | resp['da'] = auth['sa'] | |
976 | resp['sa'] = auth['da'] | |
977 | resp['bssid'] = auth['bssid'] | |
978 | resp['payload'] = binascii.unhexlify(t) | |
979 | hapd1.mgmt_tx(resp) | |
980 | hapd1.set("ext_mgmt_frame_handling", "0") | |
981 | dev[0].wait_disconnected() | |
982 | ||
983 | dev[0].request("RECONNECT") | |
984 | dev[0].wait_connected() | |
7b741a53 JM |
985 | |
986 | def test_ap_ft_gcmp_256(dev, apdev): | |
987 | """WPA2-PSK-FT AP with GCMP-256 cipher""" | |
988 | if "GCMP-256" not in dev[0].get_capability("pairwise"): | |
989 | raise HwsimSkip("Cipher GCMP-256 not supported") | |
990 | ssid = "test-ft" | |
991 | passphrase="12345678" | |
992 | ||
993 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
994 | params['rsn_pairwise'] = "GCMP-256" | |
8b8a1864 | 995 | hapd0 = hostapd.add_ap(apdev[0], params) |
7b741a53 JM |
996 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
997 | params['rsn_pairwise'] = "GCMP-256" | |
8b8a1864 | 998 | hapd1 = hostapd.add_ap(apdev[1], params) |
7b741a53 JM |
999 | |
1000 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, | |
1001 | pairwise_cipher="GCMP-256", group_cipher="GCMP-256") | |
cf671d54 JM |
1002 | |
1003 | def test_ap_ft_oom(dev, apdev): | |
1004 | """WPA2-PSK-FT and OOM""" | |
38934ed1 | 1005 | skip_with_fips(dev[0]) |
cf671d54 JM |
1006 | ssid = "test-ft" |
1007 | passphrase="12345678" | |
1008 | ||
1009 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 1010 | hapd0 = hostapd.add_ap(apdev[0], params) |
cf671d54 | 1011 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
8b8a1864 | 1012 | hapd1 = hostapd.add_ap(apdev[1], params) |
cf671d54 JM |
1013 | |
1014 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1015 | scan_freq="2412") | |
1016 | if dev[0].get_status_field('bssid') == apdev[0]['bssid']: | |
1017 | dst = apdev[1]['bssid'] | |
1018 | else: | |
1019 | dst = apdev[0]['bssid'] | |
1020 | ||
1021 | dev[0].scan_for_bss(dst, freq="2412") | |
1022 | with alloc_fail(dev[0], 1, "wpa_ft_gen_req_ies"): | |
1023 | dev[0].roam(dst) | |
7cbc8e67 | 1024 | with fail_test(dev[0], 1, "wpa_ft_mic"): |
cf671d54 JM |
1025 | dev[0].roam(dst, fail_test=True) |
1026 | with fail_test(dev[0], 1, "os_get_random;wpa_ft_prepare_auth_request"): | |
1027 | dev[0].roam(dst, fail_test=True) | |
34d3eaa8 | 1028 | |
dcbb5d80 JM |
1029 | dev[0].request("REMOVE_NETWORK all") |
1030 | with alloc_fail(dev[0], 1, "=sme_update_ft_ies"): | |
1031 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1032 | scan_freq="2412") | |
1033 | ||
682a79f0 JM |
1034 | def test_ap_ft_ap_oom(dev, apdev): |
1035 | """WPA2-PSK-FT and AP OOM""" | |
1036 | ssid = "test-ft" | |
1037 | passphrase="12345678" | |
1038 | ||
1039 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1040 | hapd0 = hostapd.add_ap(apdev[0], params) | |
1041 | bssid0 = hapd0.own_addr() | |
1042 | ||
1043 | dev[0].scan_for_bss(bssid0, freq="2412") | |
1044 | with alloc_fail(hapd0, 1, "wpa_ft_store_pmk_r0"): | |
1045 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1046 | scan_freq="2412") | |
1047 | ||
1048 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1049 | hapd1 = hostapd.add_ap(apdev[1], params) | |
1050 | bssid1 = hapd1.own_addr() | |
1051 | dev[0].scan_for_bss(bssid1, freq="2412") | |
1052 | # This roam will fail due to missing PMK-R0 (OOM prevented storing it) | |
1053 | dev[0].roam(bssid1) | |
1054 | ||
1055 | def test_ap_ft_ap_oom2(dev, apdev): | |
1056 | """WPA2-PSK-FT and AP OOM 2""" | |
1057 | ssid = "test-ft" | |
1058 | passphrase="12345678" | |
1059 | ||
1060 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1061 | hapd0 = hostapd.add_ap(apdev[0], params) | |
1062 | bssid0 = hapd0.own_addr() | |
1063 | ||
1064 | dev[0].scan_for_bss(bssid0, freq="2412") | |
1065 | with alloc_fail(hapd0, 1, "wpa_ft_store_pmk_r1"): | |
1066 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1067 | scan_freq="2412") | |
1068 | ||
1069 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1070 | hapd1 = hostapd.add_ap(apdev[1], params) | |
1071 | bssid1 = hapd1.own_addr() | |
1072 | dev[0].scan_for_bss(bssid1, freq="2412") | |
1073 | dev[0].roam(bssid1) | |
1074 | if dev[0].get_status_field('bssid') != bssid1: | |
1075 | raise Exception("Did not roam to AP1") | |
1076 | # This roam will fail due to missing PMK-R1 (OOM prevented storing it) | |
1077 | dev[0].roam(bssid0) | |
1078 | ||
1079 | def test_ap_ft_ap_oom3(dev, apdev): | |
1080 | """WPA2-PSK-FT and AP OOM 3""" | |
1081 | ssid = "test-ft" | |
1082 | passphrase="12345678" | |
1083 | ||
1084 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1085 | hapd0 = hostapd.add_ap(apdev[0], params) | |
1086 | bssid0 = hapd0.own_addr() | |
1087 | ||
1088 | dev[0].scan_for_bss(bssid0, freq="2412") | |
1089 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1090 | scan_freq="2412") | |
1091 | ||
1092 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1093 | hapd1 = hostapd.add_ap(apdev[1], params) | |
1094 | bssid1 = hapd1.own_addr() | |
1095 | dev[0].scan_for_bss(bssid1, freq="2412") | |
1096 | with alloc_fail(hapd1, 1, "wpa_ft_pull_pmk_r1"): | |
1097 | # This will fail due to not being able to send out PMK-R1 pull request | |
1098 | dev[0].roam(bssid1) | |
1099 | ||
1100 | with fail_test(hapd1, 1, "os_get_random;wpa_ft_pull_pmk_r1"): | |
1101 | # This will fail due to not being able to send out PMK-R1 pull request | |
1102 | dev[0].roam(bssid1) | |
1103 | ||
9441a227 | 1104 | with fail_test(hapd1, 1, "aes_siv_encrypt;wpa_ft_pull_pmk_r1"): |
682a79f0 JM |
1105 | # This will fail due to not being able to send out PMK-R1 pull request |
1106 | dev[0].roam(bssid1) | |
1107 | ||
1108 | def test_ap_ft_ap_oom4(dev, apdev): | |
1109 | """WPA2-PSK-FT and AP OOM 4""" | |
1110 | ssid = "test-ft" | |
1111 | passphrase="12345678" | |
1112 | ||
1113 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1114 | hapd0 = hostapd.add_ap(apdev[0], params) | |
1115 | bssid0 = hapd0.own_addr() | |
1116 | ||
1117 | dev[0].scan_for_bss(bssid0, freq="2412") | |
1118 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1119 | scan_freq="2412") | |
1120 | ||
1121 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1122 | hapd1 = hostapd.add_ap(apdev[1], params) | |
1123 | bssid1 = hapd1.own_addr() | |
1124 | dev[0].scan_for_bss(bssid1, freq="2412") | |
1125 | with alloc_fail(hapd1, 1, "wpa_ft_gtk_subelem"): | |
1126 | dev[0].roam(bssid1) | |
1127 | if dev[0].get_status_field('bssid') != bssid1: | |
1128 | raise Exception("Did not roam to AP1") | |
1129 | ||
1130 | with fail_test(hapd0, 1, "wpa_auth_get_seqnum;wpa_ft_gtk_subelem"): | |
1131 | dev[0].roam(bssid0) | |
1132 | if dev[0].get_status_field('bssid') != bssid0: | |
1133 | raise Exception("Did not roam to AP0") | |
1134 | ||
1135 | with fail_test(hapd0, 1, "aes_wrap;wpa_ft_gtk_subelem"): | |
1136 | dev[0].roam(bssid1) | |
1137 | if dev[0].get_status_field('bssid') != bssid1: | |
1138 | raise Exception("Did not roam to AP1") | |
1139 | ||
1140 | def test_ap_ft_ap_oom5(dev, apdev): | |
1141 | """WPA2-PSK-FT and AP OOM 5""" | |
1142 | ssid = "test-ft" | |
1143 | passphrase="12345678" | |
1144 | ||
1145 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1146 | hapd0 = hostapd.add_ap(apdev[0], params) | |
1147 | bssid0 = hapd0.own_addr() | |
1148 | ||
1149 | dev[0].scan_for_bss(bssid0, freq="2412") | |
1150 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1151 | scan_freq="2412") | |
1152 | ||
1153 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1154 | hapd1 = hostapd.add_ap(apdev[1], params) | |
1155 | bssid1 = hapd1.own_addr() | |
1156 | dev[0].scan_for_bss(bssid1, freq="2412") | |
1157 | with alloc_fail(hapd1, 1, "=wpa_ft_process_auth_req"): | |
1158 | # This will fail to roam | |
1159 | dev[0].roam(bssid1) | |
1160 | ||
1161 | with fail_test(hapd1, 1, "os_get_random;wpa_ft_process_auth_req"): | |
1162 | # This will fail to roam | |
1163 | dev[0].roam(bssid1) | |
1164 | ||
1165 | with fail_test(hapd1, 1, "sha256_prf_bits;wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"): | |
1166 | # This will fail to roam | |
1167 | dev[0].roam(bssid1) | |
1168 | ||
1169 | with fail_test(hapd1, 3, "wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"): | |
1170 | # This will fail to roam | |
1171 | dev[0].roam(bssid1) | |
1172 | ||
1173 | with fail_test(hapd1, 1, "wpa_derive_pmk_r1_name;wpa_ft_process_auth_req"): | |
1174 | # This will fail to roam | |
1175 | dev[0].roam(bssid1) | |
1176 | ||
1177 | def test_ap_ft_ap_oom6(dev, apdev): | |
1178 | """WPA2-PSK-FT and AP OOM 6""" | |
1179 | ssid = "test-ft" | |
1180 | passphrase="12345678" | |
1181 | ||
1182 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1183 | hapd0 = hostapd.add_ap(apdev[0], params) | |
1184 | bssid0 = hapd0.own_addr() | |
1185 | ||
1186 | dev[0].scan_for_bss(bssid0, freq="2412") | |
1187 | with fail_test(hapd0, 1, "wpa_derive_pmk_r0;wpa_auth_derive_ptk_ft"): | |
1188 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1189 | scan_freq="2412") | |
1190 | dev[0].request("REMOVE_NETWORK all") | |
1191 | dev[0].wait_disconnected() | |
1192 | with fail_test(hapd0, 1, "wpa_derive_pmk_r1;wpa_auth_derive_ptk_ft"): | |
1193 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1194 | scan_freq="2412") | |
1195 | dev[0].request("REMOVE_NETWORK all") | |
1196 | dev[0].wait_disconnected() | |
1197 | with fail_test(hapd0, 1, "wpa_pmk_r1_to_ptk;wpa_auth_derive_ptk_ft"): | |
1198 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1199 | scan_freq="2412") | |
1200 | ||
1201 | def test_ap_ft_ap_oom7(dev, apdev): | |
1202 | """WPA2-PSK-FT and AP OOM 7""" | |
1203 | ssid = "test-ft" | |
1204 | passphrase="12345678" | |
1205 | ||
1206 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1207 | params["ieee80211w"] = "2" | |
1208 | hapd0 = hostapd.add_ap(apdev[0], params) | |
1209 | bssid0 = hapd0.own_addr() | |
1210 | ||
1211 | dev[0].scan_for_bss(bssid0, freq="2412") | |
1212 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1213 | ieee80211w="2", scan_freq="2412") | |
1214 | ||
1215 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1216 | params["ieee80211w"] = "2" | |
1217 | hapd1 = hostapd.add_ap(apdev[1], params) | |
1218 | bssid1 = hapd1.own_addr() | |
1219 | dev[0].scan_for_bss(bssid1, freq="2412") | |
1220 | with alloc_fail(hapd1, 1, "wpa_ft_igtk_subelem"): | |
1221 | # This will fail to roam | |
1222 | dev[0].roam(bssid1) | |
1223 | with fail_test(hapd1, 1, "aes_wrap;wpa_ft_igtk_subelem"): | |
1224 | # This will fail to roam | |
1225 | dev[0].roam(bssid1) | |
1226 | with alloc_fail(hapd1, 1, "=wpa_sm_write_assoc_resp_ies"): | |
1227 | # This will fail to roam | |
1228 | dev[0].roam(bssid1) | |
1229 | with fail_test(hapd1, 1, "wpa_ft_mic;wpa_sm_write_assoc_resp_ies"): | |
1230 | # This will fail to roam | |
1231 | dev[0].roam(bssid1) | |
1232 | ||
1233 | def test_ap_ft_ap_oom8(dev, apdev): | |
1234 | """WPA2-PSK-FT and AP OOM 8""" | |
1235 | ssid = "test-ft" | |
1236 | passphrase="12345678" | |
1237 | ||
1238 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1239 | params['ft_psk_generate_local'] = "1"; | |
1240 | hapd0 = hostapd.add_ap(apdev[0], params) | |
1241 | bssid0 = hapd0.own_addr() | |
1242 | ||
1243 | dev[0].scan_for_bss(bssid0, freq="2412") | |
1244 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1245 | scan_freq="2412") | |
1246 | ||
1247 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1248 | params['ft_psk_generate_local'] = "1"; | |
1249 | hapd1 = hostapd.add_ap(apdev[1], params) | |
1250 | bssid1 = hapd1.own_addr() | |
1251 | dev[0].scan_for_bss(bssid1, freq="2412") | |
1252 | with fail_test(hapd1, 1, "wpa_derive_pmk_r0;wpa_ft_psk_pmk_r1"): | |
1253 | # This will fail to roam | |
1254 | dev[0].roam(bssid1) | |
1255 | with fail_test(hapd1, 1, "wpa_derive_pmk_r1;wpa_ft_psk_pmk_r1"): | |
1256 | # This will fail to roam | |
1257 | dev[0].roam(bssid1) | |
1258 | ||
1259 | def test_ap_ft_ap_oom9(dev, apdev): | |
1260 | """WPA2-PSK-FT and AP OOM 9""" | |
1261 | ssid = "test-ft" | |
1262 | passphrase="12345678" | |
1263 | ||
1264 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1265 | hapd0 = hostapd.add_ap(apdev[0], params) | |
1266 | bssid0 = hapd0.own_addr() | |
1267 | ||
1268 | dev[0].scan_for_bss(bssid0, freq="2412") | |
1269 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1270 | scan_freq="2412") | |
1271 | ||
1272 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1273 | hapd1 = hostapd.add_ap(apdev[1], params) | |
1274 | bssid1 = hapd1.own_addr() | |
1275 | dev[0].scan_for_bss(bssid1, freq="2412") | |
1276 | ||
1277 | with alloc_fail(hapd0, 1, "wpa_ft_action_rx"): | |
1278 | # This will fail to roam | |
1279 | if "OK" not in dev[0].request("FT_DS " + bssid1): | |
1280 | raise Exception("FT_DS failed") | |
1281 | wait_fail_trigger(hapd0, "GET_ALLOC_FAIL") | |
1282 | ||
1283 | with alloc_fail(hapd1, 1, "wpa_ft_rrb_rx_request"): | |
1284 | # This will fail to roam | |
1285 | if "OK" not in dev[0].request("FT_DS " + bssid1): | |
1286 | raise Exception("FT_DS failed") | |
1287 | wait_fail_trigger(hapd1, "GET_ALLOC_FAIL") | |
1288 | ||
1289 | with alloc_fail(hapd1, 1, "wpa_ft_send_rrb_auth_resp"): | |
1290 | # This will fail to roam | |
1291 | if "OK" not in dev[0].request("FT_DS " + bssid1): | |
1292 | raise Exception("FT_DS failed") | |
1293 | wait_fail_trigger(hapd1, "GET_ALLOC_FAIL") | |
1294 | ||
1295 | def test_ap_ft_ap_oom10(dev, apdev): | |
1296 | """WPA2-PSK-FT and AP OOM 10""" | |
1297 | ssid = "test-ft" | |
1298 | passphrase="12345678" | |
1299 | ||
1300 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1301 | hapd0 = hostapd.add_ap(apdev[0], params) | |
1302 | bssid0 = hapd0.own_addr() | |
1303 | ||
1304 | dev[0].scan_for_bss(bssid0, freq="2412") | |
1305 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1306 | scan_freq="2412") | |
1307 | ||
1308 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1309 | hapd1 = hostapd.add_ap(apdev[1], params) | |
1310 | bssid1 = hapd1.own_addr() | |
1311 | dev[0].scan_for_bss(bssid1, freq="2412") | |
1312 | ||
9441a227 | 1313 | with fail_test(hapd0, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_pull"): |
682a79f0 JM |
1314 | # This will fail to roam |
1315 | if "OK" not in dev[0].request("FT_DS " + bssid1): | |
1316 | raise Exception("FT_DS failed") | |
1317 | wait_fail_trigger(hapd0, "GET_FAIL") | |
1318 | ||
1319 | with fail_test(hapd0, 1, "wpa_derive_pmk_r1;wpa_ft_rrb_rx_pull"): | |
1320 | # This will fail to roam | |
1321 | if "OK" not in dev[0].request("FT_DS " + bssid1): | |
1322 | raise Exception("FT_DS failed") | |
1323 | wait_fail_trigger(hapd0, "GET_FAIL") | |
1324 | ||
9441a227 | 1325 | with fail_test(hapd0, 1, "aes_siv_encrypt;wpa_ft_rrb_rx_pull"): |
682a79f0 JM |
1326 | # This will fail to roam |
1327 | if "OK" not in dev[0].request("FT_DS " + bssid1): | |
1328 | raise Exception("FT_DS failed") | |
1329 | wait_fail_trigger(hapd0, "GET_FAIL") | |
1330 | ||
9441a227 | 1331 | with fail_test(hapd1, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_resp"): |
682a79f0 JM |
1332 | # This will fail to roam |
1333 | if "OK" not in dev[0].request("FT_DS " + bssid1): | |
1334 | raise Exception("FT_DS failed") | |
1335 | wait_fail_trigger(hapd1, "GET_FAIL") | |
1336 | ||
1337 | def test_ap_ft_ap_oom11(dev, apdev): | |
1338 | """WPA2-PSK-FT and AP OOM 11""" | |
1339 | ssid = "test-ft" | |
1340 | passphrase="12345678" | |
1341 | ||
1342 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1343 | hapd0 = hostapd.add_ap(apdev[0], params) | |
1344 | bssid0 = hapd0.own_addr() | |
1345 | ||
1346 | dev[0].scan_for_bss(bssid0, freq="2412") | |
1347 | with fail_test(hapd0, 1, "wpa_derive_pmk_r1;wpa_ft_generate_pmk_r1"): | |
1348 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1349 | scan_freq="2412") | |
1350 | wait_fail_trigger(hapd0, "GET_FAIL") | |
1351 | ||
1352 | dev[1].scan_for_bss(bssid0, freq="2412") | |
9441a227 | 1353 | with fail_test(hapd0, 1, "aes_siv_encrypt;wpa_ft_generate_pmk_r1"): |
682a79f0 JM |
1354 | dev[1].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", |
1355 | scan_freq="2412") | |
1356 | wait_fail_trigger(hapd0, "GET_FAIL") | |
1357 | ||
a04e6f3d JM |
1358 | def test_ap_ft_over_ds_proto_ap(dev, apdev): |
1359 | """WPA2-PSK-FT AP over DS protocol testing for AP processing""" | |
1360 | ssid = "test-ft" | |
1361 | passphrase="12345678" | |
1362 | ||
1363 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1364 | hapd0 = hostapd.add_ap(apdev[0], params) | |
1365 | bssid0 = hapd0.own_addr() | |
1366 | _bssid0 = bssid0.replace(':', '') | |
1367 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1368 | scan_freq="2412") | |
1369 | addr = dev[0].own_addr() | |
1370 | _addr = addr.replace(':', '') | |
1371 | ||
1372 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1373 | hapd1 = hostapd.add_ap(apdev[1], params) | |
1374 | bssid1 = hapd1.own_addr() | |
1375 | _bssid1 = bssid1.replace(':', '') | |
1376 | ||
1377 | hapd0.set("ext_mgmt_frame_handling", "1") | |
1378 | hdr = "d0003a01" + _bssid0 + _addr + _bssid0 + "1000" | |
1379 | valid = "0601" + _addr + _bssid1 | |
1380 | tests = [ "0601", | |
1381 | "0601" + _addr, | |
1382 | "0601" + _addr + _bssid0, | |
1383 | "0601" + _addr + "ffffffffffff", | |
1384 | "0601" + _bssid0 + _bssid0, | |
1385 | valid, | |
1386 | valid + "01", | |
1387 | valid + "3700", | |
1388 | valid + "3600", | |
1389 | valid + "3603ffffff", | |
1390 | valid + "3603a1b2ff", | |
1391 | valid + "3603a1b2ff" + "3700", | |
1392 | valid + "3603a1b2ff" + "37520000" + 16*"00" + 32*"00" + 32*"00", | |
1393 | valid + "3603a1b2ff" + "37520001" + 16*"00" + 32*"00" + 32*"00", | |
1394 | valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa", | |
1395 | valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "3000", | |
1396 | valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000facff00000100a225368fe0983b5828a37a0acb37f253", | |
1397 | valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac030100000fac0400000100a225368fe0983b5828a37a0acb37f253", | |
1398 | valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000fac0400000100a225368fe0983b5828a37a0acb37f253", | |
1399 | valid + "0001" ] | |
1400 | for t in tests: | |
1401 | hapd0.dump_monitor() | |
1402 | if "OK" not in hapd0.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + t): | |
1403 | raise Exception("MGMT_RX_PROCESS failed") | |
1404 | ||
1405 | hapd0.set("ext_mgmt_frame_handling", "0") | |
1406 | ||
34d3eaa8 JM |
1407 | def test_ap_ft_over_ds_proto(dev, apdev): |
1408 | """WPA2-PSK-FT AP over DS protocol testing""" | |
1409 | ssid = "test-ft" | |
1410 | passphrase="12345678" | |
1411 | ||
1412 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 1413 | hapd0 = hostapd.add_ap(apdev[0], params) |
34d3eaa8 JM |
1414 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", |
1415 | scan_freq="2412") | |
1416 | ||
1417 | # FT Action Response while no FT-over-DS in progress | |
1418 | msg = {} | |
1419 | msg['fc'] = 13 << 4 | |
1420 | msg['da'] = dev[0].own_addr() | |
1421 | msg['sa'] = apdev[0]['bssid'] | |
1422 | msg['bssid'] = apdev[0]['bssid'] | |
1423 | msg['payload'] = binascii.unhexlify("06020200000000000200000004000000") | |
1424 | hapd0.mgmt_tx(msg) | |
1425 | ||
1426 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 1427 | hapd1 = hostapd.add_ap(apdev[1], params) |
34d3eaa8 JM |
1428 | dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412") |
1429 | hapd0.set("ext_mgmt_frame_handling", "1") | |
1430 | hapd0.dump_monitor() | |
1431 | dev[0].request("FT_DS " + apdev[1]['bssid']) | |
1432 | for i in range(0, 10): | |
1433 | req = hapd0.mgmt_rx() | |
1434 | if req is None: | |
1435 | raise Exception("MGMT RX wait timed out") | |
1436 | if req['subtype'] == 13: | |
1437 | break | |
1438 | req = None | |
1439 | if not req: | |
1440 | raise Exception("FT Action frame not received") | |
1441 | ||
1442 | # FT Action Response for unexpected Target AP | |
1443 | msg['payload'] = binascii.unhexlify("0602020000000000" + "f20000000400" + "0000") | |
1444 | hapd0.mgmt_tx(msg) | |
1445 | ||
1446 | # FT Action Response without MDIE | |
1447 | msg['payload'] = binascii.unhexlify("0602020000000000" + "020000000400" + "0000") | |
1448 | hapd0.mgmt_tx(msg) | |
1449 | ||
1450 | # FT Action Response without FTIE | |
1451 | msg['payload'] = binascii.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201") | |
1452 | hapd0.mgmt_tx(msg) | |
1453 | ||
1454 | # FT Action Response with FTIE SNonce mismatch | |
1455 | msg['payload'] = binascii.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201" + "3766000000000000000000000000000000000000c4e67ac1999bebd00ff4ae4d5dcaf87896bb060b469f7c78d49623fb395c3455ffffff6b693fe6f8d8c5dfac0a22344750775bd09437f98b238c9f87b97f790c0106000102030406030a6e6173312e77312e6669") | |
1456 | hapd0.mgmt_tx(msg) | |
6f3815c0 | 1457 | |
9fd6804d | 1458 | @remote_compatible |
6f3815c0 JM |
1459 | def test_ap_ft_rrb(dev, apdev): |
1460 | """WPA2-PSK-FT RRB protocol testing""" | |
1461 | ssid = "test-ft" | |
1462 | passphrase="12345678" | |
1463 | ||
1464 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 1465 | hapd0 = hostapd.add_ap(apdev[0], params) |
6f3815c0 JM |
1466 | |
1467 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1468 | scan_freq="2412") | |
1469 | ||
1470 | _dst_ll = binascii.unhexlify(apdev[0]['bssid'].replace(':','')) | |
1471 | _src_ll = binascii.unhexlify(dev[0].own_addr().replace(':','')) | |
1472 | proto = '\x89\x0d' | |
1473 | ehdr = _dst_ll + _src_ll + proto | |
1474 | ||
1475 | # Too short RRB frame | |
1476 | pkt = ehdr + '\x01' | |
1477 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)): | |
1478 | raise Exception("DATA_TEST_FRAME failed") | |
1479 | ||
1480 | # RRB discarded frame wikth unrecognized type | |
1481 | pkt = ehdr + '\x02' + '\x02' + '\x01\x00' + _src_ll | |
1482 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)): | |
1483 | raise Exception("DATA_TEST_FRAME failed") | |
1484 | ||
1485 | # RRB frame too short for action frame | |
1486 | pkt = ehdr + '\x01' + '\x02' + '\x01\x00' + _src_ll | |
1487 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)): | |
1488 | raise Exception("DATA_TEST_FRAME failed") | |
1489 | ||
1490 | # Too short RRB frame (not enough room for Action Frame body) | |
1491 | pkt = ehdr + '\x01' + '\x02' + '\x00\x00' + _src_ll | |
1492 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)): | |
1493 | raise Exception("DATA_TEST_FRAME failed") | |
1494 | ||
1495 | # Unexpected Action frame category | |
1496 | pkt = ehdr + '\x01' + '\x02' + '\x0e\x00' + _src_ll + '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' | |
1497 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)): | |
1498 | raise Exception("DATA_TEST_FRAME failed") | |
1499 | ||
1500 | # Unexpected Action in RRB Request | |
1501 | pkt = ehdr + '\x01' + '\x00' + '\x0e\x00' + _src_ll + '\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' | |
1502 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)): | |
1503 | raise Exception("DATA_TEST_FRAME failed") | |
1504 | ||
1505 | # Target AP address in RRB Request does not match with own address | |
1506 | pkt = ehdr + '\x01' + '\x00' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' | |
1507 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)): | |
1508 | raise Exception("DATA_TEST_FRAME failed") | |
1509 | ||
1510 | # Not enough room for status code in RRB Response | |
1511 | pkt = ehdr + '\x01' + '\x01' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' | |
1512 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)): | |
1513 | raise Exception("DATA_TEST_FRAME failed") | |
1514 | ||
1515 | # RRB discarded frame with unknown packet_type | |
1516 | pkt = ehdr + '\x01' + '\x02' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' | |
1517 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)): | |
1518 | raise Exception("DATA_TEST_FRAME failed") | |
1519 | ||
1520 | # RRB Response with non-zero status code; no STA match | |
1521 | pkt = ehdr + '\x01' + '\x01' + '\x10\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + '\xff\xff' | |
1522 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)): | |
1523 | raise Exception("DATA_TEST_FRAME failed") | |
1524 | ||
1525 | # RRB Response with zero status code and extra data; STA match | |
1526 | pkt = ehdr + '\x01' + '\x01' + '\x11\x00' + _src_ll + '\x06\x01' + _src_ll + '\x00\x00\x00\x00\x00\x00' + '\x00\x00' + '\x00' | |
1527 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)): | |
1528 | raise Exception("DATA_TEST_FRAME failed") | |
1529 | ||
1530 | # Too short PMK-R1 pull | |
1531 | pkt = ehdr + '\x01' + '\xc8' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' | |
1532 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)): | |
1533 | raise Exception("DATA_TEST_FRAME failed") | |
1534 | ||
1535 | # Too short PMK-R1 resp | |
1536 | pkt = ehdr + '\x01' + '\xc9' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' | |
1537 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)): | |
1538 | raise Exception("DATA_TEST_FRAME failed") | |
1539 | ||
1540 | # Too short PMK-R1 push | |
1541 | pkt = ehdr + '\x01' + '\xca' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' | |
1542 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)): | |
1543 | raise Exception("DATA_TEST_FRAME failed") | |
1544 | ||
1545 | # No matching R0KH address found for PMK-R0 pull response | |
1546 | pkt = ehdr + '\x01' + '\xc9' + '\x5a\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + 76*'\00' | |
1547 | if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)): | |
1548 | raise Exception("DATA_TEST_FRAME failed") | |
ecafa0cf | 1549 | |
9fd6804d | 1550 | @remote_compatible |
ecafa0cf JM |
1551 | def test_rsn_ie_proto_ft_psk_sta(dev, apdev): |
1552 | """RSN element protocol testing for FT-PSK + PMF cases on STA side""" | |
1553 | bssid = apdev[0]['bssid'] | |
1554 | ssid = "test-ft" | |
1555 | passphrase="12345678" | |
1556 | ||
1557 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
bc6e3288 | 1558 | params["ieee80211w"] = "1" |
ecafa0cf JM |
1559 | # This is the RSN element used normally by hostapd |
1560 | params['own_ie_override'] = '30140100000fac040100000fac040100000fac048c00' + '3603a1b201' | |
8b8a1864 | 1561 | hapd = hostapd.add_ap(apdev[0], params) |
ecafa0cf JM |
1562 | id = dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", |
1563 | ieee80211w="1", scan_freq="2412", | |
1564 | pairwise="CCMP", group="CCMP") | |
1565 | ||
1566 | tests = [ ('PMKIDCount field included', | |
1567 | '30160100000fac040100000fac040100000fac048c000000' + '3603a1b201'), | |
1568 | ('Extra IE before RSNE', | |
1569 | 'dd0400000000' + '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'), | |
1570 | ('PMKIDCount and Group Management Cipher suite fields included', | |
1571 | '301a0100000fac040100000fac040100000fac048c000000000fac06' + '3603a1b201'), | |
1572 | ('Extra octet after defined fields (future extensibility)', | |
1573 | '301b0100000fac040100000fac040100000fac048c000000000fac0600' + '3603a1b201'), | |
1574 | ('No RSN Capabilities field (PMF disabled in practice)', | |
1575 | '30120100000fac040100000fac040100000fac04' + '3603a1b201') ] | |
1576 | for txt,ie in tests: | |
1577 | dev[0].request("DISCONNECT") | |
1578 | dev[0].wait_disconnected() | |
1579 | logger.info(txt) | |
1580 | hapd.disable() | |
1581 | hapd.set('own_ie_override', ie) | |
1582 | hapd.enable() | |
1583 | dev[0].request("BSS_FLUSH 0") | |
1584 | dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True) | |
1585 | dev[0].select_network(id, freq=2412) | |
1586 | dev[0].wait_connected() | |
1587 | ||
1588 | dev[0].request("DISCONNECT") | |
1589 | dev[0].wait_disconnected() | |
1590 | ||
1591 | logger.info('Invalid RSNE causing internal hostapd error') | |
1592 | hapd.disable() | |
1593 | hapd.set('own_ie_override', '30130100000fac040100000fac040100000fac048c' + '3603a1b201') | |
1594 | hapd.enable() | |
1595 | dev[0].request("BSS_FLUSH 0") | |
1596 | dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True) | |
1597 | dev[0].select_network(id, freq=2412) | |
1598 | # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot | |
1599 | # complete. | |
1600 | ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1) | |
1601 | if ev is not None: | |
1602 | raise Exception("Unexpected connection") | |
1603 | dev[0].request("DISCONNECT") | |
1604 | ||
1605 | logger.info('Unexpected PMKID causing internal hostapd error') | |
1606 | hapd.disable() | |
1607 | hapd.set('own_ie_override', '30260100000fac040100000fac040100000fac048c000100ffffffffffffffffffffffffffffffff' + '3603a1b201') | |
1608 | hapd.enable() | |
1609 | dev[0].request("BSS_FLUSH 0") | |
1610 | dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True) | |
1611 | dev[0].select_network(id, freq=2412) | |
1612 | # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot | |
1613 | # complete. | |
1614 | ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1) | |
1615 | if ev is not None: | |
1616 | raise Exception("Unexpected connection") | |
1617 | dev[0].request("DISCONNECT") | |
1025603b JM |
1618 | |
1619 | def test_ap_ft_ptk_rekey(dev, apdev): | |
1620 | """WPA2-PSK-FT PTK rekeying triggered by station after roam""" | |
1621 | ssid = "test-ft" | |
1622 | passphrase="12345678" | |
1623 | ||
1624 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
8b8a1864 | 1625 | hapd0 = hostapd.add_ap(apdev[0], params) |
1025603b | 1626 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
8b8a1864 | 1627 | hapd1 = hostapd.add_ap(apdev[1], params) |
1025603b JM |
1628 | |
1629 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, ptk_rekey="1") | |
1630 | ||
1631 | ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED", | |
1632 | "WPA: Key negotiation completed"], timeout=5) | |
1633 | if ev is None: | |
1634 | raise Exception("No event received after roam") | |
1635 | if "CTRL-EVENT-DISCONNECTED" in ev: | |
1636 | raise Exception("Unexpected disconnection after roam") | |
1637 | ||
1638 | if dev[0].get_status_field('bssid') == apdev[0]['bssid']: | |
1639 | hapd = hapd0 | |
1640 | else: | |
1641 | hapd = hapd1 | |
1642 | hwsim_utils.test_connectivity(dev[0], hapd) | |
1643 | ||
1644 | def test_ap_ft_ptk_rekey_ap(dev, apdev): | |
1645 | """WPA2-PSK-FT PTK rekeying triggered by AP after roam""" | |
1646 | ssid = "test-ft" | |
1647 | passphrase="12345678" | |
1648 | ||
1649 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1650 | params['wpa_ptk_rekey'] = '2' | |
8b8a1864 | 1651 | hapd0 = hostapd.add_ap(apdev[0], params) |
1025603b JM |
1652 | params = ft_params2(ssid=ssid, passphrase=passphrase) |
1653 | params['wpa_ptk_rekey'] = '2' | |
8b8a1864 | 1654 | hapd1 = hostapd.add_ap(apdev[1], params) |
1025603b JM |
1655 | |
1656 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase) | |
1657 | ||
1658 | ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED", | |
1659 | "WPA: Key negotiation completed"], timeout=5) | |
1660 | if ev is None: | |
1661 | raise Exception("No event received after roam") | |
1662 | if "CTRL-EVENT-DISCONNECTED" in ev: | |
1663 | raise Exception("Unexpected disconnection after roam") | |
1664 | ||
1665 | if dev[0].get_status_field('bssid') == apdev[0]['bssid']: | |
1666 | hapd = hapd0 | |
1667 | else: | |
1668 | hapd = hapd1 | |
1669 | hwsim_utils.test_connectivity(dev[0], hapd) | |
186ca473 MB |
1670 | |
1671 | def test_ap_ft_internal_rrb_check(dev, apdev): | |
1672 | """RRB internal delivery only to WPA enabled BSS""" | |
1673 | ssid = "test-ft" | |
1674 | passphrase="12345678" | |
1675 | ||
1676 | radius = hostapd.radius_params() | |
1677 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1678 | params['wpa_key_mgmt'] = "FT-EAP" | |
1679 | params["ieee8021x"] = "1" | |
1680 | params = dict(radius.items() + params.items()) | |
8b8a1864 | 1681 | hapd = hostapd.add_ap(apdev[0], params) |
186ca473 MB |
1682 | key_mgmt = hapd.get_config()['key_mgmt'] |
1683 | if key_mgmt.split(' ')[0] != "FT-EAP": | |
1684 | raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt) | |
1685 | ||
8b8a1864 | 1686 | hapd1 = hostapd.add_ap(apdev[1], { "ssid" : ssid }) |
186ca473 MB |
1687 | |
1688 | # Connect to WPA enabled AP | |
1689 | dev[0].connect(ssid, key_mgmt="FT-EAP", proto="WPA2", ieee80211w="1", | |
1690 | eap="GPSK", identity="gpsk user", | |
1691 | password="abcdefghijklmnop0123456789abcdef", | |
1692 | scan_freq="2412") | |
1693 | ||
1694 | # Try over_ds roaming to non-WPA-enabled AP. | |
1695 | # If hostapd does not check hapd->wpa_auth internally, it will crash now. | |
1696 | dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True) | |
c85fcff2 JM |
1697 | |
1698 | def test_ap_ft_extra_ie(dev, apdev): | |
1699 | """WPA2-PSK-FT AP with WPA2-PSK enabled and unexpected MDE""" | |
1700 | ssid = "test-ft" | |
1701 | passphrase="12345678" | |
1702 | ||
1703 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1704 | params["wpa_key_mgmt"] = "WPA-PSK FT-PSK" | |
1705 | hapd0 = hostapd.add_ap(apdev[0], params) | |
1706 | dev[1].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1707 | scan_freq="2412") | |
1708 | dev[2].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK", proto="WPA2", | |
1709 | scan_freq="2412") | |
1710 | try: | |
1711 | # Add Mobility Domain element to test AP validation code. | |
1712 | dev[0].request("VENDOR_ELEM_ADD 13 3603a1b201") | |
1713 | dev[0].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK", proto="WPA2", | |
1714 | scan_freq="2412", wait_connect=False) | |
1715 | ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED", | |
1716 | "CTRL-EVENT-ASSOC-REJECT"], timeout=10) | |
1717 | if ev is None: | |
1718 | raise Exception("No connection result") | |
1719 | if "CTRL-EVENT-CONNECTED" in ev: | |
1720 | raise Exception("Non-FT association accepted with MDE") | |
1721 | if "status_code=43" not in ev: | |
1722 | raise Exception("Unexpected status code: " + ev) | |
1723 | dev[0].request("DISCONNECT") | |
1724 | finally: | |
1725 | dev[0].request("VENDOR_ELEM_REMOVE 13 *") | |
fd7205fa JM |
1726 | |
1727 | def test_ap_ft_ric(dev, apdev): | |
1728 | """WPA2-PSK-FT AP and RIC""" | |
1729 | ssid = "test-ft" | |
1730 | passphrase="12345678" | |
1731 | ||
1732 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1733 | hapd0 = hostapd.add_ap(apdev[0], params) | |
1734 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1735 | hapd1 = hostapd.add_ap(apdev[1], params) | |
1736 | ||
1737 | dev[0].set("ric_ies", "") | |
1738 | dev[0].set("ric_ies", '""') | |
1739 | if "FAIL" not in dev[0].request("SET ric_ies q"): | |
1740 | raise Exception("Invalid ric_ies value accepted") | |
1741 | ||
1742 | tests = [ "3900", | |
1743 | "3900ff04eeeeeeee", | |
1744 | "390400000000", | |
1745 | "390400000000" + "390400000000", | |
1746 | "390400000000" + "dd050050f20202", | |
1747 | "390400000000" + "dd3d0050f2020201" + 55*"00", | |
1748 | "390400000000" + "dd3d0050f2020201aa300010270000000000000000000000000000000000000000000000000000ffffff7f00000000000000000000000040420f00ffff0000", | |
1749 | "390401010000" + "dd3d0050f2020201aa3000dc050000000000000000000000000000000000000000000000000000dc050000000000000000000000000000808d5b0028230000" ] | |
1750 | for t in tests: | |
1751 | dev[0].set("ric_ies", t) | |
1752 | run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, | |
1753 | test_connectivity=False) | |
1754 | dev[0].request("REMOVE_NETWORK all") | |
1755 | dev[0].wait_disconnected() | |
1756 | dev[0].dump_monitor() | |
c8942286 JM |
1757 | |
1758 | def ie_hex(ies, id): | |
1759 | return binascii.hexlify(struct.pack('BB', id, len(ies[id])) + ies[id]) | |
1760 | ||
1761 | def test_ap_ft_reassoc_proto(dev, apdev): | |
1762 | """WPA2-PSK-FT AP Reassociation Request frame parsing""" | |
1763 | ssid = "test-ft" | |
1764 | passphrase="12345678" | |
1765 | ||
1766 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1767 | hapd0 = hostapd.add_ap(apdev[0], params) | |
1768 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1769 | hapd1 = hostapd.add_ap(apdev[1], params) | |
1770 | ||
1771 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1772 | ieee80211w="1", scan_freq="2412") | |
1773 | if dev[0].get_status_field('bssid') == hapd0.own_addr(): | |
1774 | hapd1ap = hapd0 | |
1775 | hapd2ap = hapd1 | |
1776 | else: | |
1777 | hapd1ap = hapd1 | |
1778 | hapd2ap = hapd0 | |
1779 | ||
1780 | dev[0].scan_for_bss(hapd2ap.own_addr(), freq="2412") | |
1781 | hapd2ap.set("ext_mgmt_frame_handling", "1") | |
1782 | dev[0].request("ROAM " + hapd2ap.own_addr()) | |
1783 | ||
1784 | while True: | |
1785 | req = hapd2ap.mgmt_rx() | |
1786 | hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame'])) | |
1787 | if req['subtype'] == 11: | |
1788 | break | |
1789 | ||
1790 | while True: | |
1791 | req = hapd2ap.mgmt_rx() | |
1792 | if req['subtype'] == 2: | |
1793 | break | |
1794 | hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame'])) | |
1795 | ||
1796 | # IEEE 802.11 header + fixed fields before IEs | |
1797 | hdr = binascii.hexlify(req['frame'][0:34]) | |
1798 | ies = parse_ie(binascii.hexlify(req['frame'][34:])) | |
1799 | # First elements: SSID, Supported Rates, Extended Supported Rates | |
1800 | ies1 = ie_hex(ies, 0) + ie_hex(ies, 1) + ie_hex(ies, 50) | |
1801 | ||
1802 | rsne = ie_hex(ies, 48) | |
1803 | mde = ie_hex(ies, 54) | |
1804 | fte = ie_hex(ies, 55) | |
1805 | tests = [ ] | |
1806 | # RSN: Trying to use FT, but MDIE not included | |
1807 | tests += [ rsne ] | |
1808 | # RSN: Attempted to use unknown MDIE | |
1809 | tests += [ rsne + "3603000000" ] | |
1810 | # Invalid RSN pairwise cipher | |
1811 | tests += [ "30260100000fac040100000fac030100000fac040000010029208a42cd25c85aa571567dce10dae3" ] | |
1812 | # FT: No PMKID in RSNIE | |
1813 | tests += [ "30160100000fac040100000fac040100000fac0400000000" + ie_hex(ies, 54) ] | |
1814 | # FT: Invalid FTIE | |
1815 | tests += [ rsne + mde ] | |
1816 | # FT: RIC IE(s) in the frame, but not included in protected IE count | |
1817 | # FT: Failed to parse FT IEs | |
1818 | tests += [ rsne + mde + fte + "3900" ] | |
1819 | # FT: SNonce mismatch in FTIE | |
1820 | tests += [ rsne + mde + "37520000" + 16*"00" + 32*"00" + 32*"00" ] | |
1821 | # FT: ANonce mismatch in FTIE | |
1822 | tests += [ rsne + mde + fte[0:40] + 32*"00" + fte[104:] ] | |
1823 | # FT: No R0KH-ID subelem in FTIE | |
1824 | tests += [ rsne + mde + "3752" + fte[4:168] ] | |
1825 | # FT: R0KH-ID in FTIE did not match with the current R0KH-ID | |
1826 | tests += [ rsne + mde + "3755" + fte[4:168] + "0301ff" ] | |
1827 | # FT: No R1KH-ID subelem in FTIE | |
1828 | tests += [ rsne + mde + "375e" + fte[4:168] + "030a" + "nas1.w1.fi".encode("hex") ] | |
1829 | # FT: Unknown R1KH-ID used in ReassocReq | |
1830 | tests += [ rsne + mde + "3766" + fte[4:168] + "030a" + "nas1.w1.fi".encode("hex") + "0106000000000000" ] | |
1831 | # FT: PMKID in Reassoc Req did not match with the PMKR1Name derived from auth request | |
1832 | tests += [ rsne[:-32] + 16*"00" + mde + fte ] | |
1833 | # Invalid MIC in FTIE | |
1834 | tests += [ rsne + mde + fte[0:8] + 16*"00" + fte[40:] ] | |
1835 | for t in tests: | |
1836 | hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + ies1 + t) | |
1837 | ||
1838 | def test_ap_ft_reassoc_local_fail(dev, apdev): | |
1839 | """WPA2-PSK-FT AP Reassociation Request frame and local failure""" | |
1840 | ssid = "test-ft" | |
1841 | passphrase="12345678" | |
1842 | ||
1843 | params = ft_params1(ssid=ssid, passphrase=passphrase) | |
1844 | hapd0 = hostapd.add_ap(apdev[0], params) | |
1845 | params = ft_params2(ssid=ssid, passphrase=passphrase) | |
1846 | hapd1 = hostapd.add_ap(apdev[1], params) | |
1847 | ||
1848 | dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", | |
1849 | ieee80211w="1", scan_freq="2412") | |
1850 | if dev[0].get_status_field('bssid') == hapd0.own_addr(): | |
1851 | hapd1ap = hapd0 | |
1852 | hapd2ap = hapd1 | |
1853 | else: | |
1854 | hapd1ap = hapd1 | |
1855 | hapd2ap = hapd0 | |
1856 | ||
1857 | dev[0].scan_for_bss(hapd2ap.own_addr(), freq="2412") | |
1858 | # FT: Failed to calculate MIC | |
1859 | with fail_test(hapd2ap, 1, "wpa_ft_validate_reassoc"): | |
1860 | dev[0].request("ROAM " + hapd2ap.own_addr()) | |
1861 | ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10) | |
1862 | dev[0].request("DISCONNECT") | |
1863 | if ev is None: | |
1864 | raise Exception("Association reject not seen") |