]> git.ipfire.org Git - thirdparty/hostap.git/blame - tests/hwsim/test_ap_psk.py
projects / thirdparty / hostap.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
tests: WPA-PSK AP and only rsn_pairwise set
[thirdparty/hostap.git] / tests / hwsim / test_ap_psk.py
CommitLineData
c89d9ebb
JM		 1# WPA2-Personal tests
2# Copyright (c) 2014, Qualcomm Atheros, Inc.
3#
4# This software may be distributed under the terms of the BSD license.
5# See README for more details.
6
9fd6804d 7from remotehost import remote_compatible
821490f5 8import binascii
e0c46c8e 9from Crypto.Cipher import AES
821490f5
JM		 10import hashlib
11import hmac
c89d9ebb
JM		 12import logging
13logger = logging.getLogger()
138ec97e 14import os
5b3c40a6 15import re
821490f5 16import struct
d1fc5736
JM		 17import subprocess
18import time
c89d9ebb
JM		 19
20import hostapd
a1eabc74 21from utils import HwsimSkip, fail_test, skip_with_fips
fb5c8cea 22import hwsim_utils
a1512a0c 23from wpasupplicant import WpaSupplicant
c89d9ebb 24
eaf3f9b1
JM		 25def check_mib(dev, vals):
26 mib = dev.get_mib()
27 for v in vals:
28 if mib[v[0]] != v[1]:
29 raise Exception("Unexpected {} = {} (expected {})".format(v[0], mib[v[0]], v[1]))
30
9fd6804d 31@remote_compatible
c89d9ebb
JM		 32def test_ap_wpa2_psk(dev, apdev):
33 """WPA2-PSK AP with PSK instead of passphrase"""
34 ssid = "test-wpa2-psk"
35 passphrase = 'qwertyuiop'
36 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
37 params = hostapd.wpa2_params(ssid=ssid)
38 params['wpa_psk'] = psk
8b8a1864 39 hapd = hostapd.add_ap(apdev[0], params)
65038313
JM		 40 key_mgmt = hapd.get_config()['key_mgmt']
41 if key_mgmt.split(' ')[0] != "WPA-PSK":
42 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
c89d9ebb
JM		 43 dev[0].connect(ssid, raw_psk=psk, scan_freq="2412")
44 dev[1].connect(ssid, psk=passphrase, scan_freq="2412")
45
de748924
JM		 46 sig = dev[0].request("SIGNAL_POLL").splitlines()
47 pkt = dev[0].request("PKTCNT_POLL").splitlines()
48 if "FREQUENCY=2412" not in sig:
49 raise Exception("Unexpected SIGNAL_POLL value: " + str(sig))
50 if "TXBAD=0" not in pkt:
51 raise Exception("Unexpected TXBAD value: " + str(pkt))
52
c89d9ebb
JM		 53def test_ap_wpa2_psk_file(dev, apdev):
54 """WPA2-PSK AP with PSK from a file"""
55 ssid = "test-wpa2-psk"
56 passphrase = 'qwertyuiop'
57 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
58 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
59 params['wpa_psk_file'] = 'hostapd.wpa_psk'
8b8a1864 60 hostapd.add_ap(apdev[0], params)
c89d9ebb
JM		 61 dev[1].connect(ssid, psk="very secret", scan_freq="2412", wait_connect=False)
62 dev[2].connect(ssid, raw_psk=psk, scan_freq="2412")
63 dev[2].request("REMOVE_NETWORK all")
64 dev[0].connect(ssid, psk="very secret", scan_freq="2412")
65 dev[0].request("REMOVE_NETWORK all")
66 dev[2].connect(ssid, psk="another passphrase for all STAs", scan_freq="2412")
67 dev[0].connect(ssid, psk="another passphrase for all STAs", scan_freq="2412")
68 ev = dev[1].wait_event(["WPA: 4-Way Handshake failed"], timeout=10)
69 if ev is None:
70 raise Exception("Timed out while waiting for failure report")
71 dev[1].request("REMOVE_NETWORK all")
fb5c8cea 72
9fd6804d 73@remote_compatible
53f4ed68
JM		 74def test_ap_wpa2_psk_mem(dev, apdev):
75 """WPA2-PSK AP with passphrase only in memory"""
76 try:
77 _test_ap_wpa2_psk_mem(dev, apdev)
78 finally:
79 dev[0].request("SCAN_INTERVAL 5")
80 dev[1].request("SCAN_INTERVAL 5")
81
82def _test_ap_wpa2_psk_mem(dev, apdev):
83 ssid = "test-wpa2-psk"
84 passphrase = 'qwertyuiop'
85 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
86 params = hostapd.wpa2_params(ssid=ssid)
87 params['wpa_psk'] = psk
8b8a1864 88 hapd = hostapd.add_ap(apdev[0], params)
53f4ed68
JM		 89
90 dev[0].connect(ssid, mem_only_psk="1", scan_freq="2412", wait_connect=False)
91 dev[0].request("SCAN_INTERVAL 1")
92 ev = dev[0].wait_event(["CTRL-REQ-PSK_PASSPHRASE"], timeout=10)
93 if ev is None:
94 raise Exception("Request for PSK/passphrase timed out")
95 id = ev.split(':')[0].split('-')[-1]
96 dev[0].request("CTRL-RSP-PSK_PASSPHRASE-" + id + ':"' + passphrase + '"')
97 dev[0].wait_connected(timeout=10)
98
99 dev[1].connect(ssid, mem_only_psk="1", scan_freq="2412", wait_connect=False)
100 dev[1].request("SCAN_INTERVAL 1")
101 ev = dev[1].wait_event(["CTRL-REQ-PSK_PASSPHRASE"], timeout=10)
102 if ev is None:
103 raise Exception("Request for PSK/passphrase timed out(2)")
104 id = ev.split(':')[0].split('-')[-1]
105 dev[1].request("CTRL-RSP-PSK_PASSPHRASE-" + id + ':' + psk)
106 dev[1].wait_connected(timeout=10)
107
9fd6804d 108@remote_compatible
d1635d97
JM		 109def test_ap_wpa2_ptk_rekey(dev, apdev):
110 """WPA2-PSK AP and PTK rekey enforced by station"""
111 ssid = "test-wpa2-psk"
112 passphrase = 'qwertyuiop'
113 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
8b8a1864 114 hapd = hostapd.add_ap(apdev[0], params)
d1635d97
JM		 115 dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412")
116 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
117 if ev is None:
118 raise Exception("PTK rekey timed out")
a8375c94 119 hwsim_utils.test_connectivity(dev[0], hapd)
d1635d97 120
9fd6804d 121@remote_compatible
6c87b4b8
JM		 122def test_ap_wpa2_ptk_rekey_ap(dev, apdev):
123 """WPA2-PSK AP and PTK rekey enforced by AP"""
124 ssid = "test-wpa2-psk"
125 passphrase = 'qwertyuiop'
126 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
127 params['wpa_ptk_rekey'] = '2'
8b8a1864 128 hapd = hostapd.add_ap(apdev[0], params)
6c87b4b8
JM		 129 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
130 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
131 if ev is None:
132 raise Exception("PTK rekey timed out")
a8375c94 133 hwsim_utils.test_connectivity(dev[0], hapd)
6c87b4b8 134
9fd6804d 135@remote_compatible
d1635d97
JM		 136def test_ap_wpa2_sha256_ptk_rekey(dev, apdev):
137 """WPA2-PSK/SHA256 AKM AP and PTK rekey enforced by station"""
138 ssid = "test-wpa2-psk"
139 passphrase = 'qwertyuiop'
140 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
141 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
8b8a1864 142 hapd = hostapd.add_ap(apdev[0], params)
d1635d97
JM		 143 dev[0].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK-SHA256",
144 wpa_ptk_rekey="1", scan_freq="2412")
145 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
146 if ev is None:
147 raise Exception("PTK rekey timed out")
a8375c94 148 hwsim_utils.test_connectivity(dev[0], hapd)
eaf3f9b1
JM		 149 check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-6"),
150 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-6") ])
d1635d97 151
9fd6804d 152@remote_compatible
6c87b4b8
JM		 153def test_ap_wpa2_sha256_ptk_rekey_ap(dev, apdev):
154 """WPA2-PSK/SHA256 AKM AP and PTK rekey enforced by AP"""
155 ssid = "test-wpa2-psk"
156 passphrase = 'qwertyuiop'
157 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
158 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
159 params['wpa_ptk_rekey'] = '2'
8b8a1864 160 hapd = hostapd.add_ap(apdev[0], params)
6c87b4b8
JM		 161 dev[0].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK-SHA256",
162 scan_freq="2412")
163 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
164 if ev is None:
165 raise Exception("PTK rekey timed out")
a8375c94 166 hwsim_utils.test_connectivity(dev[0], hapd)
6c87b4b8
JM		 167 check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-6"),
168 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-6") ])
169
9fd6804d 170@remote_compatible
fb5c8cea
JM		 171def test_ap_wpa_ptk_rekey(dev, apdev):
172 """WPA-PSK/TKIP AP and PTK rekey enforced by station"""
a1eabc74 173 skip_with_fips(dev[0])
fb5c8cea
JM		 174 ssid = "test-wpa-psk"
175 passphrase = 'qwertyuiop'
176 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
8b8a1864 177 hapd = hostapd.add_ap(apdev[0], params)
fb5c8cea 178 dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412")
91bc6c36
JM		 179 if "[WPA-PSK-TKIP]" not in dev[0].request("SCAN_RESULTS"):
180 raise Exception("Scan results missing WPA element info")
fb5c8cea
JM		 181 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
182 if ev is None:
183 raise Exception("PTK rekey timed out")
a8375c94 184 hwsim_utils.test_connectivity(dev[0], hapd)
138ec97e 185
9fd6804d 186@remote_compatible
6c87b4b8
JM		 187def test_ap_wpa_ptk_rekey_ap(dev, apdev):
188 """WPA-PSK/TKIP AP and PTK rekey enforced by AP"""
a1eabc74 189 skip_with_fips(dev[0])
6c87b4b8
JM		 190 ssid = "test-wpa-psk"
191 passphrase = 'qwertyuiop'
192 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
193 params['wpa_ptk_rekey'] = '2'
8b8a1864 194 hapd = hostapd.add_ap(apdev[0], params)
6c87b4b8
JM		 195 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
196 ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=10)
197 if ev is None:
198 raise Exception("PTK rekey timed out")
a8375c94 199 hwsim_utils.test_connectivity(dev[0], hapd)
6c87b4b8 200
9fd6804d 201@remote_compatible
12124240
JM		 202def test_ap_wpa_ccmp(dev, apdev):
203 """WPA-PSK/CCMP"""
204 ssid = "test-wpa-psk"
205 passphrase = 'qwertyuiop'
206 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
207 params['wpa_pairwise'] = "CCMP"
8b8a1864 208 hapd = hostapd.add_ap(apdev[0], params)
12124240 209 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
a8375c94 210 hwsim_utils.test_connectivity(dev[0], hapd)
eaf3f9b1
JM		 211 check_mib(dev[0], [ ("dot11RSNAConfigGroupCipherSize", "128"),
212 ("dot11RSNAGroupCipherRequested", "00-50-f2-4"),
213 ("dot11RSNAPairwiseCipherRequested", "00-50-f2-4"),
214 ("dot11RSNAAuthenticationSuiteRequested", "00-50-f2-2"),
215 ("dot11RSNAGroupCipherSelected", "00-50-f2-4"),
216 ("dot11RSNAPairwiseCipherSelected", "00-50-f2-4"),
217 ("dot11RSNAAuthenticationSuiteSelected", "00-50-f2-2"),
218 ("dot1xSuppSuppControlledPortStatus", "Authorized") ])
12124240 219
138ec97e
JM		 220def test_ap_wpa2_psk_file(dev, apdev):
221 """WPA2-PSK AP with various PSK file error and success cases"""
18945a8c
B		 222 addr0 = dev[0].own_addr()
223 addr1 = dev[1].own_addr()
224 addr2 = dev[2].own_addr()
138ec97e
JM		 225 ssid = "psk"
226 pskfile = "/tmp/ap_wpa2_psk_file_errors.psk_file"
227 try:
228 os.remove(pskfile)
229 except:
230 pass
231
232 params = { "ssid": ssid, "wpa": "2", "wpa_key_mgmt": "WPA-PSK",
233 "rsn_pairwise": "CCMP", "wpa_psk_file": pskfile }
234
235 try:
236 # missing PSK file
8b8a1864 237 hapd = hostapd.add_ap(apdev[0], params, no_enable=True)
138ec97e
JM		 238 if "FAIL" not in hapd.request("ENABLE"):
239 raise Exception("Unexpected ENABLE success")
240 hapd.request("DISABLE")
241
242 # invalid MAC address
243 with open(pskfile, "w") as f:
244 f.write("\n")
245 f.write("foo\n")
246 if "FAIL" not in hapd.request("ENABLE"):
247 raise Exception("Unexpected ENABLE success")
248 hapd.request("DISABLE")
249
250 # no PSK on line
251 with open(pskfile, "w") as f:
252 f.write("00:11:22:33:44:55\n")
253 if "FAIL" not in hapd.request("ENABLE"):
254 raise Exception("Unexpected ENABLE success")
255 hapd.request("DISABLE")
256
257 # invalid PSK
258 with open(pskfile, "w") as f:
259 f.write("00:11:22:33:44:55 1234567\n")
260 if "FAIL" not in hapd.request("ENABLE"):
261 raise Exception("Unexpected ENABLE success")
262 hapd.request("DISABLE")
263
264 # valid PSK file
265 with open(pskfile, "w") as f:
266 f.write("00:11:22:33:44:55 12345678\n")
267 f.write(addr0 + " 123456789\n")
268 f.write(addr1 + " 123456789a\n")
269 f.write(addr2 + " 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\n")
270 if "FAIL" in hapd.request("ENABLE"):
271 raise Exception("Unexpected ENABLE failure")
272
273 dev[0].connect(ssid, psk="123456789", scan_freq="2412")
274 dev[1].connect(ssid, psk="123456789a", scan_freq="2412")
275 dev[2].connect(ssid, raw_psk="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef", scan_freq="2412")
276
277 finally:
278 try:
279 os.remove(pskfile)
280 except:
281 pass
6796e502 282
9fd6804d 283@remote_compatible
6796e502
JM		 284def test_ap_wpa2_psk_wildcard_ssid(dev, apdev):
285 """WPA2-PSK AP and wildcard SSID configuration"""
286 ssid = "test-wpa2-psk"
287 passphrase = 'qwertyuiop'
288 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
289 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
8b8a1864 290 hapd = hostapd.add_ap(apdev[0], params)
6796e502
JM		 291 dev[0].connect("", bssid=apdev[0]['bssid'], psk=passphrase,
292 scan_freq="2412")
293 dev[1].connect("", bssid=apdev[0]['bssid'], raw_psk=psk, scan_freq="2412")
3b25ad4c 294
9fd6804d 295@remote_compatible
3b25ad4c
JM		 296def test_ap_wpa2_gtk_rekey(dev, apdev):
297 """WPA2-PSK AP and GTK rekey enforced by AP"""
298 ssid = "test-wpa2-psk"
299 passphrase = 'qwertyuiop'
300 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
301 params['wpa_group_rekey'] = '1'
8b8a1864 302 hapd = hostapd.add_ap(apdev[0], params)
3b25ad4c
JM		 303 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
304 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
305 if ev is None:
306 raise Exception("GTK rekey timed out")
a8375c94 307 hwsim_utils.test_connectivity(dev[0], hapd)
3b25ad4c 308
9fd6804d 309@remote_compatible
3b25ad4c
JM		 310def test_ap_wpa_gtk_rekey(dev, apdev):
311 """WPA-PSK/TKIP AP and GTK rekey enforced by AP"""
a1eabc74 312 skip_with_fips(dev[0])
3b25ad4c
JM		 313 ssid = "test-wpa-psk"
314 passphrase = 'qwertyuiop'
315 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
316 params['wpa_group_rekey'] = '1'
8b8a1864 317 hapd = hostapd.add_ap(apdev[0], params)
3b25ad4c
JM		 318 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
319 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
320 if ev is None:
321 raise Exception("GTK rekey timed out")
a8375c94 322 hwsim_utils.test_connectivity(dev[0], hapd)
3b25ad4c 323
9fd6804d 324@remote_compatible
3b25ad4c
JM		 325def test_ap_wpa2_gmk_rekey(dev, apdev):
326 """WPA2-PSK AP and GMK and GTK rekey enforced by AP"""
327 ssid = "test-wpa2-psk"
328 passphrase = 'qwertyuiop'
329 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
330 params['wpa_group_rekey'] = '1'
331 params['wpa_gmk_rekey'] = '2'
8b8a1864 332 hapd = hostapd.add_ap(apdev[0], params)
3b25ad4c
JM		 333 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
334 for i in range(0, 3):
335 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
336 if ev is None:
337 raise Exception("GTK rekey timed out")
a8375c94 338 hwsim_utils.test_connectivity(dev[0], hapd)
3b25ad4c 339
9fd6804d 340@remote_compatible
3b25ad4c
JM		 341def test_ap_wpa2_strict_rekey(dev, apdev):
342 """WPA2-PSK AP and strict GTK rekey enforced by AP"""
343 ssid = "test-wpa2-psk"
344 passphrase = 'qwertyuiop'
345 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
346 params['wpa_strict_rekey'] = '1'
8b8a1864 347 hapd = hostapd.add_ap(apdev[0], params)
3b25ad4c
JM		 348 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
349 dev[1].connect(ssid, psk=passphrase, scan_freq="2412")
350 dev[1].request("DISCONNECT")
351 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
352 if ev is None:
353 raise Exception("GTK rekey timed out")
a8375c94 354 hwsim_utils.test_connectivity(dev[0], hapd)
d1fc5736 355
9fd6804d 356@remote_compatible
d1fc5736
JM		 357def test_ap_wpa2_bridge_fdb(dev, apdev):
358 """Bridge FDB entry removal"""
bb04a9a9 359 hapd = None
d1fc5736
JM		 360 try:
361 ssid = "test-wpa2-psk"
362 passphrase = "12345678"
363 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
364 params['bridge'] = 'ap-br0'
bb04a9a9
JA		 365 hapd = hostapd.add_ap(apdev[0], params)
366 hapd.cmd_execute(['brctl', 'setfd', 'ap-br0', '0'])
367 hapd.cmd_execute(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
d1fc5736
JM		 368 dev[0].connect(ssid, psk=passphrase, scan_freq="2412",
369 bssid=apdev[0]['bssid'])
370 dev[1].connect(ssid, psk=passphrase, scan_freq="2412",
371 bssid=apdev[0]['bssid'])
372 addr0 = dev[0].p2p_interface_addr()
373 hwsim_utils.test_connectivity_sta(dev[0], dev[1])
bb04a9a9
JA		 374 err, macs1 = hapd.cmd_execute(['brctl', 'showmacs', 'ap-br0'])
375 hapd.cmd_execute(['brctl', 'setageing', 'ap-br0', '1'])
d1fc5736
JM		 376 dev[0].request("DISCONNECT")
377 dev[1].request("DISCONNECT")
378 time.sleep(1)
bb04a9a9 379 err, macs2 = hapd.cmd_execute(['brctl', 'showmacs', 'ap-br0'])
d1fc5736
JM		 380
381 addr1 = dev[1].p2p_interface_addr()
382 if addr0 not in macs1 or addr1 not in macs1:
383 raise Exception("Bridge FDB entry missing")
384 if addr0 in macs2 or addr1 in macs2:
385 raise Exception("Bridge FDB entry was not removed")
386 finally:
bb04a9a9
JA		 387 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', 'ap-br0',
388 'down'])
389 hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', 'ap-br0'])
cf0b9c86 390
9fd6804d 391@remote_compatible
8619c334
JM		 392def test_ap_wpa2_already_in_bridge(dev, apdev):
393 """hostapd behavior with interface already in bridge"""
394 ifname = apdev[0]['ifname']
395 br_ifname = 'ext-ap-br0'
396 try:
397 ssid = "test-wpa2-psk"
398 passphrase = "12345678"
bb04a9a9
JA		 399 hostapd.cmd_execute(apdev[0], ['brctl', 'addbr', br_ifname])
400 hostapd.cmd_execute(apdev[0], ['brctl', 'setfd', br_ifname, '0'])
401 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname,
402 'up'])
403 hostapd.cmd_execute(apdev[0], ['iw', ifname, 'set', 'type', '__ap'])
404 hostapd.cmd_execute(apdev[0], ['brctl', 'addif', br_ifname, ifname])
8619c334 405 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
41ba40e7 406 hapd = hostapd.add_ap(apdev[0], params)
8619c334
JM		 407 if hapd.get_driver_status_field('brname') != br_ifname:
408 raise Exception("Bridge name not identified correctly")
409 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
410 finally:
bb04a9a9
JA		 411 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname,
412 'down'])
413 hostapd.cmd_execute(apdev[0], ['brctl', 'delif', br_ifname, ifname])
414 hostapd.cmd_execute(apdev[0], ['iw', ifname, 'set', 'type', 'station'])
415 hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', br_ifname])
8619c334 416
9fd6804d 417@remote_compatible
542452a9
JM		 418def test_ap_wpa2_in_different_bridge(dev, apdev):
419 """hostapd behavior with interface in different bridge"""
420 ifname = apdev[0]['ifname']
421 br_ifname = 'ext-ap-br0'
422 try:
423 ssid = "test-wpa2-psk"
424 passphrase = "12345678"
bb04a9a9
JA		 425 hostapd.cmd_execute(apdev[0], ['brctl', 'addbr', br_ifname])
426 hostapd.cmd_execute(apdev[0], ['brctl', 'setfd', br_ifname, '0'])
427 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname,
428 'up'])
429 hostapd.cmd_execute(apdev[0], ['iw', ifname, 'set', 'type', '__ap'])
430 hostapd.cmd_execute(apdev[0], ['brctl', 'addif', br_ifname, ifname])
542452a9
JM		 431 time.sleep(0.5)
432 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
433 params['bridge'] = 'ap-br0'
41ba40e7 434 hapd = hostapd.add_ap(apdev[0], params)
bb04a9a9
JA		 435 hostapd.cmd_execute(apdev[0], ['brctl', 'setfd', 'ap-br0', '0'])
436 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', 'ap-br0',
437 'up'])
542452a9
JM		 438 brname = hapd.get_driver_status_field('brname')
439 if brname != 'ap-br0':
440 raise Exception("Incorrect bridge: " + brname)
441 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
442 hwsim_utils.test_connectivity_iface(dev[0], hapd, "ap-br0")
443 if hapd.get_driver_status_field("added_bridge") != "1":
444 raise Exception("Unexpected added_bridge value")
445 if hapd.get_driver_status_field("added_if_into_bridge") != "1":
446 raise Exception("Unexpected added_if_into_bridge value")
447 dev[0].request("DISCONNECT")
448 hapd.disable()
542452a9 449 finally:
bb04a9a9
JA		 450 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname,
451 'down'])
452 hostapd.cmd_execute(apdev[0], ['brctl', 'delif', br_ifname, ifname,
453 "2>", "/dev/null"], shell=True)
454 hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', br_ifname])
542452a9 455
9fd6804d 456@remote_compatible
8619c334
JM		 457def test_ap_wpa2_ext_add_to_bridge(dev, apdev):
458 """hostapd behavior with interface added to bridge externally"""
459 ifname = apdev[0]['ifname']
460 br_ifname = 'ext-ap-br0'
461 try:
462 ssid = "test-wpa2-psk"
463 passphrase = "12345678"
464 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
41ba40e7 465 hapd = hostapd.add_ap(apdev[0], params)
8619c334 466
bb04a9a9
JA		 467 hostapd.cmd_execute(apdev[0], ['brctl', 'addbr', br_ifname])
468 hostapd.cmd_execute(apdev[0], ['brctl', 'setfd', br_ifname, '0'])
469 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname,
470 'up'])
471 hostapd.cmd_execute(apdev[0], ['brctl', 'addif', br_ifname, ifname])
8619c334
JM		 472 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
473 if hapd.get_driver_status_field('brname') != br_ifname:
474 raise Exception("Bridge name not identified correctly")
475 finally:
bb04a9a9
JA		 476 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname,
477 'down'])
478 hostapd.cmd_execute(apdev[0], ['brctl', 'delif', br_ifname, ifname])
479 hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', br_ifname])
8619c334 480
cf0b9c86
JM		 481def test_ap_wpa2_psk_ext(dev, apdev):
482 """WPA2-PSK AP using external EAPOL I/O"""
483 bssid = apdev[0]['bssid']
484 ssid = "test-wpa2-psk"
485 passphrase = 'qwertyuiop'
486 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
487 params = hostapd.wpa2_params(ssid=ssid)
488 params['wpa_psk'] = psk
8b8a1864 489 hapd = hostapd.add_ap(apdev[0], params)
cf0b9c86
JM		 490 hapd.request("SET ext_eapol_frame_io 1")
491 dev[0].request("SET ext_eapol_frame_io 1")
492 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
493 addr = dev[0].p2p_interface_addr()
494 while True:
495 ev = hapd.wait_event(["EAPOL-TX", "AP-STA-CONNECTED"], timeout=15)
496 if ev is None:
497 raise Exception("Timeout on EAPOL-TX from hostapd")
498 if "AP-STA-CONNECTED" in ev:
5f35a5e2 499 dev[0].wait_connected(timeout=15)
cf0b9c86
JM		 500 break
501 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
502 if "OK" not in res:
503 raise Exception("EAPOL_RX to wpa_supplicant failed")
504 ev = dev[0].wait_event(["EAPOL-TX", "CTRL-EVENT-CONNECTED"], timeout=15)
505 if ev is None:
506 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
507 if "CTRL-EVENT-CONNECTED" in ev:
508 break
509 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
510 if "OK" not in res:
511 raise Exception("EAPOL_RX to hostapd failed")
821490f5 512
242339de
JM		 513def test_ap_wpa2_psk_ext_retry_msg_3(dev, apdev):
514 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4"""
515 bssid = apdev[0]['bssid']
516 ssid = "test-wpa2-psk"
517 passphrase = 'qwertyuiop'
518 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
519 params = hostapd.wpa2_params(ssid=ssid)
520 params['wpa_psk'] = psk
8b8a1864 521 hapd = hostapd.add_ap(apdev[0], params)
242339de
JM		 522 hapd.request("SET ext_eapol_frame_io 1")
523 dev[0].request("SET ext_eapol_frame_io 1")
524 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
525 addr = dev[0].p2p_interface_addr()
526
527 # EAPOL-Key msg 1/4
528 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
529 if ev is None:
530 raise Exception("Timeout on EAPOL-TX from hostapd")
531 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
532 if "OK" not in res:
533 raise Exception("EAPOL_RX to wpa_supplicant failed")
534
535 # EAPOL-Key msg 2/4
536 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
537 if ev is None:
538 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
539 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
540 if "OK" not in res:
541 raise Exception("EAPOL_RX to hostapd failed")
542
543 # EAPOL-Key msg 3/4
544 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
545 if ev is None:
546 raise Exception("Timeout on EAPOL-TX from hostapd")
547 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
548 if "OK" not in res:
549 raise Exception("EAPOL_RX to wpa_supplicant failed")
550
551 # EAPOL-Key msg 4/4
552 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
553 if ev is None:
554 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
555 # Do not send to the AP
556 dev[0].wait_connected(timeout=15)
557
558 # EAPOL-Key msg 3/4 (retry)
559 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
560 if ev is None:
561 raise Exception("Timeout on EAPOL-TX from hostapd")
562 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
563 if "OK" not in res:
564 raise Exception("EAPOL_RX to wpa_supplicant failed")
565
566 # EAPOL-Key msg 4/4
567 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
568 if ev is None:
569 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
570 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
571 if "OK" not in res:
572 raise Exception("EAPOL_RX to hostapd failed")
573
574 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
575 if ev is None:
576 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
577
578 hwsim_utils.test_connectivity(dev[0], hapd)
579
821490f5
JM		 580def parse_eapol(data):
581 (version, type, length) = struct.unpack('>BBH', data[0:4])
582 payload = data[4:]
583 if length > len(payload):
584 raise Exception("Invalid EAPOL length")
585 if length < len(payload):
586 payload = payload[0:length]
587 eapol = {}
588 eapol['version'] = version
589 eapol['type'] = type
590 eapol['length'] = length
591 eapol['payload'] = payload
592 if type == 3:
593 # EAPOL-Key
594 (eapol['descr_type'],) = struct.unpack('B', payload[0:1])
595 payload = payload[1:]
a52fd1c3 596 if eapol['descr_type'] == 2 or eapol['descr_type'] == 254:
821490f5
JM		 597 # RSN EAPOL-Key
598 (key_info, key_len) = struct.unpack('>HH', payload[0:4])
599 eapol['rsn_key_info'] = key_info
600 eapol['rsn_key_len'] = key_len
601 eapol['rsn_replay_counter'] = payload[4:12]
602 eapol['rsn_key_nonce'] = payload[12:44]
603 eapol['rsn_key_iv'] = payload[44:60]
604 eapol['rsn_key_rsc'] = payload[60:68]
605 eapol['rsn_key_id'] = payload[68:76]
606 eapol['rsn_key_mic'] = payload[76:92]
607 payload = payload[92:]
608 (eapol['rsn_key_data_len'],) = struct.unpack('>H', payload[0:2])
609 payload = payload[2:]
610 eapol['rsn_key_data'] = payload
611 return eapol
612
613def build_eapol(msg):
614 data = struct.pack(">BBH", msg['version'], msg['type'], msg['length'])
615 if msg['type'] == 3:
616 data += struct.pack('>BHH', msg['descr_type'], msg['rsn_key_info'],
617 msg['rsn_key_len'])
618 data += msg['rsn_replay_counter']
619 data += msg['rsn_key_nonce']
620 data += msg['rsn_key_iv']
621 data += msg['rsn_key_rsc']
622 data += msg['rsn_key_id']
623 data += msg['rsn_key_mic']
624 data += struct.pack('>H', msg['rsn_key_data_len'])
625 data += msg['rsn_key_data']
626 else:
627 data += msg['payload']
628 return data
629
630def sha1_prf(key, label, data, outlen):
631 res = ''
632 counter = 0
633 while outlen > 0:
634 m = hmac.new(key, label, hashlib.sha1)
635 m.update(struct.pack('B', 0))
636 m.update(data)
637 m.update(struct.pack('B', counter))
638 counter += 1
639 hash = m.digest()
640 if outlen > len(hash):
641 res += hash
642 outlen -= len(hash)
643 else:
644 res += hash[0:outlen]
645 outlen = 0
646 return res
647
648def pmk_to_ptk(pmk, addr1, addr2, nonce1, nonce2):
649 if addr1 < addr2:
650 data = binascii.unhexlify(addr1.replace(':','')) + binascii.unhexlify(addr2.replace(':',''))
651 else:
652 data = binascii.unhexlify(addr2.replace(':','')) + binascii.unhexlify(addr1.replace(':',''))
653 if nonce1 < nonce2:
654 data += nonce1 + nonce2
655 else:
656 data += nonce2 + nonce1
657 label = "Pairwise key expansion"
658 ptk = sha1_prf(pmk, label, data, 48)
659 kck = ptk[0:16]
660 kek = ptk[16:32]
661 return (ptk, kck, kek)
662
663def eapol_key_mic(kck, msg):
664 msg['rsn_key_mic'] = binascii.unhexlify('00000000000000000000000000000000')
665 data = build_eapol(msg)
666 m = hmac.new(kck, data, hashlib.sha1)
667 msg['rsn_key_mic'] = m.digest()[0:16]
668
669def rsn_eapol_key_set(msg, key_info, key_len, nonce, data):
670 msg['rsn_key_info'] = key_info
671 msg['rsn_key_len'] = key_len
672 if nonce:
673 msg['rsn_key_nonce'] = nonce
674 else:
675 msg['rsn_key_nonce'] = binascii.unhexlify('0000000000000000000000000000000000000000000000000000000000000000')
676 if data:
677 msg['rsn_key_data_len'] = len(data)
678 msg['rsn_key_data'] = data
679 msg['length'] = 95 + len(data)
680 else:
681 msg['rsn_key_data_len'] = 0
682 msg['rsn_key_data'] = ''
683 msg['length'] = 95
684
685def recv_eapol(hapd):
686 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
687 if ev is None:
688 raise Exception("Timeout on EAPOL-TX from hostapd")
689 eapol = binascii.unhexlify(ev.split(' ')[2])
690 return parse_eapol(eapol)
691
692def send_eapol(hapd, addr, data):
693 res = hapd.request("EAPOL_RX " + addr + " " + binascii.hexlify(data))
694 if "OK" not in res:
695 raise Exception("EAPOL_RX to hostapd failed")
696
697def reply_eapol(info, hapd, addr, msg, key_info, nonce, data, kck):
698 logger.info("Send EAPOL-Key msg " + info)
699 rsn_eapol_key_set(msg, key_info, 0, nonce, data)
700 eapol_key_mic(kck, msg)
701 send_eapol(hapd, addr, build_eapol(msg))
702
703def hapd_connected(hapd):
704 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
705 if ev is None:
706 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
707
a52fd1c3 708def eapol_test(apdev, dev, wpa2=True):
821490f5 709 bssid = apdev['bssid']
a52fd1c3
JM		 710 if wpa2:
711 ssid = "test-wpa2-psk"
712 else:
713 ssid = "test-wpa-psk"
821490f5
JM		 714 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
715 pmk = binascii.unhexlify(psk)
a52fd1c3
JM		 716 if wpa2:
717 params = hostapd.wpa2_params(ssid=ssid)
718 else:
719 params = hostapd.wpa_params(ssid=ssid)
821490f5 720 params['wpa_psk'] = psk
afc26df2 721 hapd = hostapd.add_ap(apdev, params)
821490f5
JM		 722 hapd.request("SET ext_eapol_frame_io 1")
723 dev.request("SET ext_eapol_frame_io 1")
e0c46c8e 724 dev.connect(ssid, raw_psk=psk, scan_freq="2412", wait_connect=False)
821490f5 725 addr = dev.p2p_interface_addr()
a52fd1c3
JM		 726 if wpa2:
727 rsne = binascii.unhexlify('30140100000fac040100000fac040100000fac020000')
728 else:
729 rsne = binascii.unhexlify('dd160050f20101000050f20201000050f20201000050f202')
821490f5
JM		 730 snonce = binascii.unhexlify('1111111111111111111111111111111111111111111111111111111111111111')
731 return (bssid,ssid,hapd,snonce,pmk,addr,rsne)
732
9fd6804d 733@remote_compatible
821490f5
JM		 734def test_ap_wpa2_psk_ext_eapol(dev, apdev):
735 """WPA2-PSK AP using external EAPOL supplicant"""
736 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
737
738 msg = recv_eapol(hapd)
739 anonce = msg['rsn_key_nonce']
740 logger.info("Replay same data back")
741 send_eapol(hapd, addr, build_eapol(msg))
742
743 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
744
745 logger.info("Truncated Key Data in EAPOL-Key msg 2/4")
746 rsn_eapol_key_set(msg, 0x0101, 0, snonce, rsne)
747 msg['length'] = 95 + 22 - 1
748 send_eapol(hapd, addr, build_eapol(msg))
749
750 reply_eapol("2/4", hapd, addr, msg, 0x010a, snonce, rsne, kck)
751
752 msg = recv_eapol(hapd)
753 if anonce != msg['rsn_key_nonce']:
754 raise Exception("ANonce changed")
755 logger.info("Replay same data back")
756 send_eapol(hapd, addr, build_eapol(msg))
757
758 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
759 hapd_connected(hapd)
760
9fd6804d 761@remote_compatible
821490f5
JM		 762def test_ap_wpa2_psk_ext_eapol_retry1(dev, apdev):
763 """WPA2 4-way handshake with EAPOL-Key 1/4 retransmitted"""
764 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
765
766 msg1 = recv_eapol(hapd)
767 anonce = msg1['rsn_key_nonce']
768
769 msg2 = recv_eapol(hapd)
770 if anonce != msg2['rsn_key_nonce']:
771 raise Exception("ANonce changed")
772
773 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
774
775 logger.info("Send EAPOL-Key msg 2/4")
776 msg = msg2
777 rsn_eapol_key_set(msg, 0x010a, 0, snonce, rsne)
778 eapol_key_mic(kck, msg)
779 send_eapol(hapd, addr, build_eapol(msg))
780
781 msg = recv_eapol(hapd)
782 if anonce != msg['rsn_key_nonce']:
783 raise Exception("ANonce changed")
784
785 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
786 hapd_connected(hapd)
787
9fd6804d 788@remote_compatible
821490f5
JM		 789def test_ap_wpa2_psk_ext_eapol_retry1b(dev, apdev):
790 """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted"""
791 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
792
793 msg1 = recv_eapol(hapd)
794 anonce = msg1['rsn_key_nonce']
795 msg2 = recv_eapol(hapd)
796 if anonce != msg2['rsn_key_nonce']:
797 raise Exception("ANonce changed")
798
799 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
800 reply_eapol("2/4 (a)", hapd, addr, msg1, 0x010a, snonce, rsne, kck)
801 reply_eapol("2/4 (b)", hapd, addr, msg2, 0x010a, snonce, rsne, kck)
802
803 msg = recv_eapol(hapd)
804 if anonce != msg['rsn_key_nonce']:
805 raise Exception("ANonce changed")
806
807 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
808 hapd_connected(hapd)
809
9fd6804d 810@remote_compatible
821490f5
JM		 811def test_ap_wpa2_psk_ext_eapol_retry1c(dev, apdev):
812 """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted and SNonce changing"""
813 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
814
815 msg1 = recv_eapol(hapd)
816 anonce = msg1['rsn_key_nonce']
817
818 msg2 = recv_eapol(hapd)
819 if anonce != msg2['rsn_key_nonce']:
820 raise Exception("ANonce changed")
821 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
822 reply_eapol("2/4 (a)", hapd, addr, msg1, 0x010a, snonce, rsne, kck)
823
824 snonce2 = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
825 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce2, anonce)
826 reply_eapol("2/4 (b)", hapd, addr, msg2, 0x010a, snonce2, rsne, kck)
827
828 msg = recv_eapol(hapd)
829 if anonce != msg['rsn_key_nonce']:
830 raise Exception("ANonce changed")
831 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
832 hapd_connected(hapd)
833
9fd6804d 834@remote_compatible
821490f5
JM		 835def test_ap_wpa2_psk_ext_eapol_retry1d(dev, apdev):
836 """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted and SNonce changing and older used"""
837 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
838
839 msg1 = recv_eapol(hapd)
840 anonce = msg1['rsn_key_nonce']
841 msg2 = recv_eapol(hapd)
842 if anonce != msg2['rsn_key_nonce']:
843 raise Exception("ANonce changed")
844
845 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
846 reply_eapol("2/4 (a)", hapd, addr, msg1, 0x010a, snonce, rsne, kck)
847
848 snonce2 = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
849 (ptk2, kck2, kek2) = pmk_to_ptk(pmk, addr, bssid, snonce2, anonce)
850
851 reply_eapol("2/4 (b)", hapd, addr, msg2, 0x010a, snonce2, rsne, kck2)
852 msg = recv_eapol(hapd)
853 if anonce != msg['rsn_key_nonce']:
854 raise Exception("ANonce changed")
855 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
856 hapd_connected(hapd)
53b9bedb 857
9fd6804d 858@remote_compatible
53b9bedb
JM		 859def test_ap_wpa2_psk_ext_eapol_type_diff(dev, apdev):
860 """WPA2 4-way handshake using external EAPOL supplicant"""
861 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
862
863 msg = recv_eapol(hapd)
864 anonce = msg['rsn_key_nonce']
865
866 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
867
868 # Incorrect descriptor type (frame dropped)
869 msg['descr_type'] = 253
870 rsn_eapol_key_set(msg, 0x010a, 0, snonce, rsne)
871 eapol_key_mic(kck, msg)
872 send_eapol(hapd, addr, build_eapol(msg))
873
874 # Incorrect descriptor type, but with a workaround (frame processed)
875 msg['descr_type'] = 254
876 rsn_eapol_key_set(msg, 0x010a, 0, snonce, rsne)
877 eapol_key_mic(kck, msg)
878 send_eapol(hapd, addr, build_eapol(msg))
879
880 msg = recv_eapol(hapd)
881 if anonce != msg['rsn_key_nonce']:
882 raise Exception("ANonce changed")
883 logger.info("Replay same data back")
884 send_eapol(hapd, addr, build_eapol(msg))
885
886 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
887 hapd_connected(hapd)
a52fd1c3 888
9fd6804d 889@remote_compatible
a52fd1c3
JM		 890def test_ap_wpa_psk_ext_eapol(dev, apdev):
891 """WPA2-PSK AP using external EAPOL supplicant"""
892 (bssid,ssid,hapd,snonce,pmk,addr,wpae) = eapol_test(apdev[0], dev[0],
893 wpa2=False)
894
895 msg = recv_eapol(hapd)
896 anonce = msg['rsn_key_nonce']
897 logger.info("Replay same data back")
898 send_eapol(hapd, addr, build_eapol(msg))
899 logger.info("Too short data")
900 send_eapol(hapd, addr, build_eapol(msg)[0:98])
901
902 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
903 msg['descr_type'] = 2
904 reply_eapol("2/4(invalid type)", hapd, addr, msg, 0x010a, snonce, wpae, kck)
905 msg['descr_type'] = 254
906 reply_eapol("2/4", hapd, addr, msg, 0x010a, snonce, wpae, kck)
907
908 msg = recv_eapol(hapd)
909 if anonce != msg['rsn_key_nonce']:
910 raise Exception("ANonce changed")
911 logger.info("Replay same data back")
912 send_eapol(hapd, addr, build_eapol(msg))
913
914 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
915 hapd_connected(hapd)
64d04af5 916
9fd6804d 917@remote_compatible
64d04af5
JM		 918def test_ap_wpa2_psk_ext_eapol_key_info(dev, apdev):
919 """WPA2-PSK 4-way handshake with strange key info values"""
920 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
921
922 msg = recv_eapol(hapd)
923 anonce = msg['rsn_key_nonce']
924
925 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
926 rsn_eapol_key_set(msg, 0x0000, 0, snonce, rsne)
927 send_eapol(hapd, addr, build_eapol(msg))
928 rsn_eapol_key_set(msg, 0xffff, 0, snonce, rsne)
929 send_eapol(hapd, addr, build_eapol(msg))
930 # SMK M1
931 rsn_eapol_key_set(msg, 0x2802, 0, snonce, rsne)
932 send_eapol(hapd, addr, build_eapol(msg))
933 # SMK M3
934 rsn_eapol_key_set(msg, 0x2002, 0, snonce, rsne)
935 send_eapol(hapd, addr, build_eapol(msg))
936 # Request
937 rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne)
938 send_eapol(hapd, addr, build_eapol(msg))
939 # Request
940 rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne)
941 tmp_kck = binascii.unhexlify('00000000000000000000000000000000')
942 eapol_key_mic(tmp_kck, msg)
943 send_eapol(hapd, addr, build_eapol(msg))
944
945 reply_eapol("2/4", hapd, addr, msg, 0x010a, snonce, rsne, kck)
946
947 msg = recv_eapol(hapd)
948 if anonce != msg['rsn_key_nonce']:
949 raise Exception("ANonce changed")
950
951 # Request (valic MIC)
952 rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne)
953 eapol_key_mic(kck, msg)
954 send_eapol(hapd, addr, build_eapol(msg))
955 # Request (valid MIC, replayed counter)
956 rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne)
957 eapol_key_mic(kck, msg)
958 send_eapol(hapd, addr, build_eapol(msg))
959
960 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
961 hapd_connected(hapd)
5b3c40a6 962
e0c46c8e
JM		 963def build_eapol_key_1_4(anonce, replay_counter=1, key_data='', key_len=16):
964 msg = {}
965 msg['version'] = 2
966 msg['type'] = 3
967 msg['length'] = 95 + len(key_data)
968
969 msg['descr_type'] = 2
970 msg['rsn_key_info'] = 0x8a
971 msg['rsn_key_len'] = key_len
972 msg['rsn_replay_counter'] = struct.pack('>Q', replay_counter)
973 msg['rsn_key_nonce'] = anonce
974 msg['rsn_key_iv'] = binascii.unhexlify('00000000000000000000000000000000')
975 msg['rsn_key_rsc'] = binascii.unhexlify('0000000000000000')
976 msg['rsn_key_id'] = binascii.unhexlify('0000000000000000')
977 msg['rsn_key_mic'] = binascii.unhexlify('00000000000000000000000000000000')
978 msg['rsn_key_data_len'] = len(key_data)
979 msg['rsn_key_data'] = key_data
980 return msg
981
982def build_eapol_key_3_4(anonce, kck, key_data, replay_counter=2,
983 key_info=0x13ca, extra_len=0, descr_type=2, key_len=16):
984 msg = {}
985 msg['version'] = 2
986 msg['type'] = 3
987 msg['length'] = 95 + len(key_data) + extra_len
988
989 msg['descr_type'] = descr_type
990 msg['rsn_key_info'] = key_info
991 msg['rsn_key_len'] = key_len
992 msg['rsn_replay_counter'] = struct.pack('>Q', replay_counter)
993 msg['rsn_key_nonce'] = anonce
994 msg['rsn_key_iv'] = binascii.unhexlify('00000000000000000000000000000000')
995 msg['rsn_key_rsc'] = binascii.unhexlify('0000000000000000')
996 msg['rsn_key_id'] = binascii.unhexlify('0000000000000000')
997 msg['rsn_key_data_len'] = len(key_data)
998 msg['rsn_key_data'] = key_data
999 eapol_key_mic(kck, msg)
1000 return msg
1001
1002def aes_wrap(kek, plain):
1003 n = len(plain) / 8
1004 a = 0xa6a6a6a6a6a6a6a6
1005 enc = AES.new(kek).encrypt
1006 r = [plain[i * 8:(i + 1) * 8] for i in range(0, n)]
1007 for j in range(6):
1008 for i in range(1, n + 1):
1009 b = enc(struct.pack('>Q', a) + r[i - 1])
1010 a = struct.unpack('>Q', b[:8])[0] ^ (n * j + i)
1011 r[i - 1] =b[8:]
1012 return struct.pack('>Q', a) + ''.join(r)
1013
1014def pad_key_data(plain):
1015 pad_len = len(plain) % 8
1016 if pad_len:
1017 pad_len = 8 - pad_len
1018 plain += '\xdd'
1019 pad_len -= 1
1020 plain += pad_len * '\0'
1021 return plain
1022
1023def test_ap_wpa2_psk_supp_proto(dev, apdev):
1024 """WPA2-PSK 4-way handshake protocol testing for supplicant"""
1025 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1026
1027 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1028 msg = recv_eapol(hapd)
1029 dev[0].dump_monitor()
1030
1031 # Build own EAPOL-Key msg 1/4
1032 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1033 counter = 1
1034 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1035 counter += 1
1036 send_eapol(dev[0], addr, build_eapol(msg))
1037 msg = recv_eapol(dev[0])
1038 snonce = msg['rsn_key_nonce']
1039
1040 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1041
1042 logger.debug("Invalid AES wrap data length 0")
1043 dev[0].dump_monitor()
1044 msg = build_eapol_key_3_4(anonce, kck, '', replay_counter=counter)
1045 counter += 1
1046 send_eapol(dev[0], addr, build_eapol(msg))
1047 ev = dev[0].wait_event(["WPA: Unsupported AES-WRAP len 0"])
1048 if ev is None:
1049 raise Exception("Unsupported AES-WRAP len 0 not reported")
1050
1051 logger.debug("Invalid AES wrap data length 1")
1052 dev[0].dump_monitor()
1053 msg = build_eapol_key_3_4(anonce, kck, '1', replay_counter=counter)
1054 counter += 1
1055 send_eapol(dev[0], addr, build_eapol(msg))
1056 ev = dev[0].wait_event(["WPA: Unsupported AES-WRAP len 1"])
1057 if ev is None:
1058 raise Exception("Unsupported AES-WRAP len 1 not reported")
1059
1060 logger.debug("Invalid AES wrap data length 9")
1061 dev[0].dump_monitor()
1062 msg = build_eapol_key_3_4(anonce, kck, '123456789', replay_counter=counter)
1063 counter += 1
1064 send_eapol(dev[0], addr, build_eapol(msg))
1065 ev = dev[0].wait_event(["WPA: Unsupported AES-WRAP len 9"])
1066 if ev is None:
1067 raise Exception("Unsupported AES-WRAP len 9 not reported")
1068
1069 logger.debug("Invalid AES wrap data payload")
1070 dev[0].dump_monitor()
1071 msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter)
1072 # do not increment counter to test replay protection
1073 send_eapol(dev[0], addr, build_eapol(msg))
1074 ev = dev[0].wait_event(["WPA: AES unwrap failed"])
1075 if ev is None:
1076 raise Exception("AES unwrap failure not reported")
1077
1078 logger.debug("Replay Count not increasing")
1079 dev[0].dump_monitor()
1080 msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter)
1081 counter += 1
1082 send_eapol(dev[0], addr, build_eapol(msg))
1083 ev = dev[0].wait_event(["WPA: EAPOL-Key Replay Counter did not increase"])
1084 if ev is None:
1085 raise Exception("Replay Counter replay not reported")
1086
1087 logger.debug("Missing Ack bit in key info")
1088 dev[0].dump_monitor()
1089 msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter,
1090 key_info=0x134a)
1091 counter += 1
1092 send_eapol(dev[0], addr, build_eapol(msg))
1093 ev = dev[0].wait_event(["WPA: No Ack bit in key_info"])
1094 if ev is None:
1095 raise Exception("Missing Ack bit not reported")
1096
1097 logger.debug("Unexpected Request bit in key info")
1098 dev[0].dump_monitor()
1099 msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter,
1100 key_info=0x1bca)
1101 counter += 1
1102 send_eapol(dev[0], addr, build_eapol(msg))
1103 ev = dev[0].wait_event(["WPA: EAPOL-Key with Request bit"])
1104 if ev is None:
1105 raise Exception("Request bit not reported")
1106
1107 logger.debug("Unsupported key descriptor version 0")
1108 dev[0].dump_monitor()
1109 msg = build_eapol_key_3_4(anonce, kck, '0123456789abcdef',
1110 replay_counter=counter, key_info=0x13c8)
1111 counter += 1
1112 send_eapol(dev[0], addr, build_eapol(msg))
1113 ev = dev[0].wait_event(["WPA: Unsupported EAPOL-Key descriptor version 0"])
1114 if ev is None:
1115 raise Exception("Unsupported EAPOL-Key descriptor version 0 not reported")
1116
1117 logger.debug("Key descriptor version 1 not allowed with CCMP")
1118 dev[0].dump_monitor()
1119 msg = build_eapol_key_3_4(anonce, kck, '0123456789abcdef',
1120 replay_counter=counter, key_info=0x13c9)
1121 counter += 1
1122 send_eapol(dev[0], addr, build_eapol(msg))
1123 ev = dev[0].wait_event(["WPA: CCMP is used, but EAPOL-Key descriptor version (1) is not 2"])
1124 if ev is None:
1125 raise Exception("Not allowed EAPOL-Key descriptor version not reported")
1126
1127 logger.debug("Invalid AES wrap payload with key descriptor version 2")
1128 dev[0].dump_monitor()
1129 msg = build_eapol_key_3_4(anonce, kck, '0123456789abcdef',
1130 replay_counter=counter, key_info=0x13ca)
1131 counter += 1
1132 send_eapol(dev[0], addr, build_eapol(msg))
1133 ev = dev[0].wait_event(["WPA: AES unwrap failed"])
1134 if ev is None:
1135 raise Exception("AES unwrap failure not reported")
1136
1137 logger.debug("Key descriptor version 3 workaround")
1138 dev[0].dump_monitor()
1139 msg = build_eapol_key_3_4(anonce, kck, '0123456789abcdef',
1140 replay_counter=counter, key_info=0x13cb)
1141 counter += 1
1142 send_eapol(dev[0], addr, build_eapol(msg))
1143 ev = dev[0].wait_event(["WPA: CCMP is used, but EAPOL-Key descriptor version (3) is not 2"])
1144 if ev is None:
1145 raise Exception("CCMP key descriptor mismatch not reported")
1146 ev = dev[0].wait_event(["WPA: Interoperability workaround"])
1147 if ev is None:
1148 raise Exception("AES-128-CMAC workaround not reported")
1149 ev = dev[0].wait_event(["WPA: Invalid EAPOL-Key MIC - dropping packet"])
1150 if ev is None:
1151 raise Exception("MIC failure with AES-128-CMAC workaround not reported")
1152
1153 logger.debug("Unsupported key descriptor version 4")
1154 dev[0].dump_monitor()
1155 msg = build_eapol_key_3_4(anonce, kck, '0123456789abcdef',
1156 replay_counter=counter, key_info=0x13cc)
1157 counter += 1
1158 send_eapol(dev[0], addr, build_eapol(msg))
1159 ev = dev[0].wait_event(["WPA: Unsupported EAPOL-Key descriptor version 4"])
1160 if ev is None:
1161 raise Exception("Unsupported EAPOL-Key descriptor version 4 not reported")
1162
1163 logger.debug("Unsupported key descriptor version 7")
1164 dev[0].dump_monitor()
1165 msg = build_eapol_key_3_4(anonce, kck, '0123456789abcdef',
1166 replay_counter=counter, key_info=0x13cf)
1167 counter += 1
1168 send_eapol(dev[0], addr, build_eapol(msg))
1169 ev = dev[0].wait_event(["WPA: Unsupported EAPOL-Key descriptor version 7"])
1170 if ev is None:
1171 raise Exception("Unsupported EAPOL-Key descriptor version 7 not reported")
1172
1173 logger.debug("Too short EAPOL header length")
1174 dev[0].dump_monitor()
1175 msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter,
1176 extra_len=-1)
1177 counter += 1
1178 send_eapol(dev[0], addr, build_eapol(msg))
1179 ev = dev[0].wait_event(["WPA: Invalid EAPOL-Key frame - key_data overflow (8 > 7)"])
1180 if ev is None:
1181 raise Exception("Key data overflow not reported")
1182
1183 logger.debug("Too long EAPOL header length")
1184 msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter,
1185 extra_len=1)
1186 counter += 1
1187 send_eapol(dev[0], addr, build_eapol(msg))
1188
1189 logger.debug("Unsupported descriptor type 0")
1190 msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter,
1191 descr_type=0)
1192 counter += 1
1193 send_eapol(dev[0], addr, build_eapol(msg))
1194
1195 logger.debug("WPA descriptor type 0")
1196 msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter,
1197 descr_type=254)
1198 counter += 1
1199 send_eapol(dev[0], addr, build_eapol(msg))
1200
1201 logger.debug("Non-zero key index for pairwise key")
1202 dev[0].dump_monitor()
1203 wrapped = aes_wrap(kek, 16*'z')
1204 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
1205 key_info=0x13ea)
1206 counter += 1
1207 send_eapol(dev[0], addr, build_eapol(msg))
1208 ev = dev[0].wait_event(["WPA: Ignored EAPOL-Key (Pairwise) with non-zero key index"])
1209 if ev is None:
1210 raise Exception("Non-zero key index not reported")
1211
1212 logger.debug("Invalid Key Data plaintext payload --> disconnect")
1213 dev[0].dump_monitor()
1214 wrapped = aes_wrap(kek, 16*'z')
1215 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1216 counter += 1
1217 send_eapol(dev[0], addr, build_eapol(msg))
1218 dev[0].wait_disconnected(timeout=1)
1219
1220def test_ap_wpa2_psk_supp_proto_no_ie(dev, apdev):
1221 """WPA2-PSK supplicant protocol testing: IE not included"""
1222 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1223
1224 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1225 msg = recv_eapol(hapd)
1226 dev[0].dump_monitor()
1227
1228 # Build own EAPOL-Key msg 1/4
1229 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1230 counter = 1
1231 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1232 counter += 1
1233 send_eapol(dev[0], addr, build_eapol(msg))
1234 msg = recv_eapol(dev[0])
1235 snonce = msg['rsn_key_nonce']
1236
1237 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1238
1239 logger.debug("No IEs in msg 3/4 --> disconnect")
1240 dev[0].dump_monitor()
1241 wrapped = aes_wrap(kek, 16*'\0')
1242 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1243 counter += 1
1244 send_eapol(dev[0], addr, build_eapol(msg))
1245 dev[0].wait_disconnected(timeout=1)
1246
1247def test_ap_wpa2_psk_supp_proto_ie_mismatch(dev, apdev):
1248 """WPA2-PSK supplicant protocol testing: IE mismatch"""
1249 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1250
1251 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1252 msg = recv_eapol(hapd)
1253 dev[0].dump_monitor()
1254
1255 # Build own EAPOL-Key msg 1/4
1256 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1257 counter = 1
1258 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1259 counter += 1
1260 send_eapol(dev[0], addr, build_eapol(msg))
1261 msg = recv_eapol(dev[0])
1262 snonce = msg['rsn_key_nonce']
1263
1264 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1265
1266 logger.debug("Msg 3/4 with mismatching IE")
1267 dev[0].dump_monitor()
1268 wrapped = aes_wrap(kek, pad_key_data(binascii.unhexlify('30060100000fac04dd16000fac010100dc11188831bf4aa4a8678d2b41498618')))
1269 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1270 counter += 1
1271 send_eapol(dev[0], addr, build_eapol(msg))
1272 dev[0].wait_disconnected(timeout=1)
1273
1274def test_ap_wpa2_psk_supp_proto_ok(dev, apdev):
1275 """WPA2-PSK supplicant protocol testing: success"""
1276 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1277
1278 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1279 msg = recv_eapol(hapd)
1280 dev[0].dump_monitor()
1281
1282 # Build own EAPOL-Key msg 1/4
1283 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1284 counter = 1
1285 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1286 counter += 1
1287 send_eapol(dev[0], addr, build_eapol(msg))
1288 msg = recv_eapol(dev[0])
1289 snonce = msg['rsn_key_nonce']
1290
1291 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1292
1293 logger.debug("Valid EAPOL-Key msg 3/4")
1294 dev[0].dump_monitor()
1295 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
1296 wrapped = aes_wrap(kek, pad_key_data(plain))
1297 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1298 counter += 1
1299 send_eapol(dev[0], addr, build_eapol(msg))
1300 dev[0].wait_connected(timeout=1)
1301
1302def test_ap_wpa2_psk_supp_proto_no_gtk(dev, apdev):
1303 """WPA2-PSK supplicant protocol testing: no GTK"""
1304 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1305
1306 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1307 msg = recv_eapol(hapd)
1308 dev[0].dump_monitor()
1309
1310 # Build own EAPOL-Key msg 1/4
1311 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1312 counter = 1
1313 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1314 counter += 1
1315 send_eapol(dev[0], addr, build_eapol(msg))
1316 msg = recv_eapol(dev[0])
1317 snonce = msg['rsn_key_nonce']
1318
1319 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1320
1321 logger.debug("EAPOL-Key msg 3/4 without GTK KDE")
1322 dev[0].dump_monitor()
1323 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00')
1324 wrapped = aes_wrap(kek, pad_key_data(plain))
1325 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1326 counter += 1
1327 send_eapol(dev[0], addr, build_eapol(msg))
1328 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.1)
1329 if ev is not None:
1330 raise Exception("Unexpected connection completion reported")
1331
1332def test_ap_wpa2_psk_supp_proto_anonce_change(dev, apdev):
1333 """WPA2-PSK supplicant protocol testing: ANonce change"""
1334 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1335
1336 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1337 msg = recv_eapol(hapd)
1338 dev[0].dump_monitor()
1339
1340 # Build own EAPOL-Key msg 1/4
1341 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1342 counter = 1
1343 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1344 counter += 1
1345 send_eapol(dev[0], addr, build_eapol(msg))
1346 msg = recv_eapol(dev[0])
1347 snonce = msg['rsn_key_nonce']
1348
1349 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1350
1351 logger.debug("Valid EAPOL-Key msg 3/4")
1352 dev[0].dump_monitor()
1353 anonce2 = binascii.unhexlify('3333333333333333333333333333333333333333333333333333333333333333')
1354 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
1355 wrapped = aes_wrap(kek, pad_key_data(plain))
1356 msg = build_eapol_key_3_4(anonce2, kck, wrapped, replay_counter=counter)
1357 counter += 1
1358 send_eapol(dev[0], addr, build_eapol(msg))
1359 ev = dev[0].wait_event(["WPA: ANonce from message 1 of 4-Way Handshake differs from 3 of 4-Way Handshake"])
1360 if ev is None:
1361 raise Exception("ANonce change not reported")
1362
1363def test_ap_wpa2_psk_supp_proto_unexpected_group_msg(dev, apdev):
1364 """WPA2-PSK supplicant protocol testing: unexpected group message"""
1365 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1366
1367 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1368 msg = recv_eapol(hapd)
1369 dev[0].dump_monitor()
1370
1371 # Build own EAPOL-Key msg 1/4
1372 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1373 counter = 1
1374 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1375 counter += 1
1376 send_eapol(dev[0], addr, build_eapol(msg))
1377 msg = recv_eapol(dev[0])
1378 snonce = msg['rsn_key_nonce']
1379
1380 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1381
1382 logger.debug("Group key 1/2 instead of msg 3/4")
1383 dev[0].dump_monitor()
1384 wrapped = aes_wrap(kek, binascii.unhexlify('dd16000fac010100dc11188831bf4aa4a8678d2b41498618'))
1385 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
1386 key_info=0x13c2)
1387 counter += 1
1388 send_eapol(dev[0], addr, build_eapol(msg))
1389 ev = dev[0].wait_event(["WPA: Group Key Handshake started prior to completion of 4-way handshake"])
1390 if ev is None:
1391 raise Exception("Unexpected group key message not reported")
1392 dev[0].wait_disconnected(timeout=1)
1393
9fd6804d 1394@remote_compatible
e0c46c8e
JM		 1395def test_ap_wpa2_psk_supp_proto_msg_1_invalid_kde(dev, apdev):
1396 """WPA2-PSK supplicant protocol testing: invalid KDE in msg 1/4"""
1397 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1398
1399 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1400 msg = recv_eapol(hapd)
1401 dev[0].dump_monitor()
1402
1403 # Build own EAPOL-Key msg 1/4 with invalid KDE
1404 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1405 counter = 1
1406 msg = build_eapol_key_1_4(anonce, replay_counter=counter,
1407 key_data=binascii.unhexlify('5555'))
1408 counter += 1
1409 send_eapol(dev[0], addr, build_eapol(msg))
1410 dev[0].wait_disconnected(timeout=1)
1411
1412def test_ap_wpa2_psk_supp_proto_wrong_pairwise_key_len(dev, apdev):
1413 """WPA2-PSK supplicant protocol testing: wrong pairwise key length"""
1414 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1415
1416 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1417 msg = recv_eapol(hapd)
1418 dev[0].dump_monitor()
1419
1420 # Build own EAPOL-Key msg 1/4
1421 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1422 counter = 1
1423 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1424 counter += 1
1425 send_eapol(dev[0], addr, build_eapol(msg))
1426 msg = recv_eapol(dev[0])
1427 snonce = msg['rsn_key_nonce']
1428
1429 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1430
1431 logger.debug("Valid EAPOL-Key msg 3/4")
1432 dev[0].dump_monitor()
1433 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
1434 wrapped = aes_wrap(kek, pad_key_data(plain))
1435 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
1436 key_len=15)
1437 counter += 1
1438 send_eapol(dev[0], addr, build_eapol(msg))
1439 ev = dev[0].wait_event(["WPA: Invalid CCMP key length 15"])
1440 if ev is None:
1441 raise Exception("Invalid CCMP key length not reported")
1442 dev[0].wait_disconnected(timeout=1)
1443
1444def test_ap_wpa2_psk_supp_proto_wrong_group_key_len(dev, apdev):
1445 """WPA2-PSK supplicant protocol testing: wrong group key length"""
1446 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1447
1448 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1449 msg = recv_eapol(hapd)
1450 dev[0].dump_monitor()
1451
1452 # Build own EAPOL-Key msg 1/4
1453 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1454 counter = 1
1455 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1456 counter += 1
1457 send_eapol(dev[0], addr, build_eapol(msg))
1458 msg = recv_eapol(dev[0])
1459 snonce = msg['rsn_key_nonce']
1460
1461 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1462
1463 logger.debug("Valid EAPOL-Key msg 3/4")
1464 dev[0].dump_monitor()
1465 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd15000fac010100dc11188831bf4aa4a8678d2b414986')
1466 wrapped = aes_wrap(kek, pad_key_data(plain))
1467 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1468 counter += 1
1469 send_eapol(dev[0], addr, build_eapol(msg))
1470 ev = dev[0].wait_event(["WPA: Unsupported CCMP Group Cipher key length 15"])
1471 if ev is None:
1472 raise Exception("Invalid CCMP key length not reported")
1473 dev[0].wait_disconnected(timeout=1)
1474
1475def test_ap_wpa2_psk_supp_proto_gtk_tx_bit_workaround(dev, apdev):
1476 """WPA2-PSK supplicant protocol testing: GTK TX bit workaround"""
1477 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1478
1479 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1480 msg = recv_eapol(hapd)
1481 dev[0].dump_monitor()
1482
1483 # Build own EAPOL-Key msg 1/4
1484 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1485 counter = 1
1486 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1487 counter += 1
1488 send_eapol(dev[0], addr, build_eapol(msg))
1489 msg = recv_eapol(dev[0])
1490 snonce = msg['rsn_key_nonce']
1491
1492 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1493
1494 logger.debug("Valid EAPOL-Key msg 3/4")
1495 dev[0].dump_monitor()
1496 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010500dc11188831bf4aa4a8678d2b41498618')
1497 wrapped = aes_wrap(kek, pad_key_data(plain))
1498 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1499 counter += 1
1500 send_eapol(dev[0], addr, build_eapol(msg))
1501 ev = dev[0].wait_event(["WPA: Tx bit set for GTK, but pairwise keys are used - ignore Tx bit"])
1502 if ev is None:
1503 raise Exception("GTK Tx bit workaround not reported")
1504 dev[0].wait_connected(timeout=1)
1505
1506def test_ap_wpa2_psk_supp_proto_gtk_keyidx_0_and_3(dev, apdev):
1507 """WPA2-PSK supplicant protocol testing: GTK key index 0 and 3"""
1508 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1509
1510 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1511 msg = recv_eapol(hapd)
1512 dev[0].dump_monitor()
1513
1514 # Build own EAPOL-Key msg 1/4
1515 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1516 counter = 1
1517 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1518 counter += 1
1519 send_eapol(dev[0], addr, build_eapol(msg))
1520 msg = recv_eapol(dev[0])
1521 snonce = msg['rsn_key_nonce']
1522
1523 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1524
1525 logger.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)")
1526 dev[0].dump_monitor()
1527 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618')
1528 wrapped = aes_wrap(kek, pad_key_data(plain))
1529 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1530 counter += 1
1531 send_eapol(dev[0], addr, build_eapol(msg))
1532 dev[0].wait_connected(timeout=1)
1533
1534 logger.debug("Valid EAPOL-Key group msg 1/2 (GTK keyidx 3)")
1535 dev[0].dump_monitor()
1536 plain = binascii.unhexlify('dd16000fac010300dc11188831bf4aa4a8678d2b41498618')
1537 wrapped = aes_wrap(kek, pad_key_data(plain))
1538 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
1539 key_info=0x13c2)
1540 counter += 1
1541 send_eapol(dev[0], addr, build_eapol(msg))
1542 msg = recv_eapol(dev[0])
1543 ev = dev[0].wait_event(["WPA: Group rekeying completed"])
1544 if ev is None:
1545 raise Exception("GTK rekeing not reported")
1546
1547 logger.debug("Unencrypted GTK KDE in group msg 1/2")
1548 dev[0].dump_monitor()
1549 plain = binascii.unhexlify('dd16000fac010300dc11188831bf4aa4a8678d2b41498618')
1550 msg = build_eapol_key_3_4(anonce, kck, plain, replay_counter=counter,
1551 key_info=0x03c2)
1552 counter += 1
1553 send_eapol(dev[0], addr, build_eapol(msg))
1554 ev = dev[0].wait_event(["WPA: GTK IE in unencrypted key data"])
1555 if ev is None:
1556 raise Exception("Unencrypted GTK KDE not reported")
1557 dev[0].wait_disconnected(timeout=1)
1558
1559def test_ap_wpa2_psk_supp_proto_no_gtk_in_group_msg(dev, apdev):
1560 """WPA2-PSK supplicant protocol testing: GTK KDE missing from group msg"""
1561 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1562
1563 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1564 msg = recv_eapol(hapd)
1565 dev[0].dump_monitor()
1566
1567 # Build own EAPOL-Key msg 1/4
1568 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1569 counter = 1
1570 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1571 counter += 1
1572 send_eapol(dev[0], addr, build_eapol(msg))
1573 msg = recv_eapol(dev[0])
1574 snonce = msg['rsn_key_nonce']
1575
1576 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1577
1578 logger.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)")
1579 dev[0].dump_monitor()
1580 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618')
1581 wrapped = aes_wrap(kek, pad_key_data(plain))
1582 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1583 counter += 1
1584 send_eapol(dev[0], addr, build_eapol(msg))
1585 dev[0].wait_connected(timeout=1)
1586
1587 logger.debug("No GTK KDE in EAPOL-Key group msg 1/2")
1588 dev[0].dump_monitor()
1589 plain = binascii.unhexlify('dd00dd00dd00dd00dd00dd00dd00dd00')
1590 wrapped = aes_wrap(kek, pad_key_data(plain))
1591 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
1592 key_info=0x13c2)
1593 counter += 1
1594 send_eapol(dev[0], addr, build_eapol(msg))
1595 ev = dev[0].wait_event(["WPA: No GTK IE in Group Key msg 1/2"])
1596 if ev is None:
1597 raise Exception("Missing GTK KDE not reported")
1598 dev[0].wait_disconnected(timeout=1)
1599
1600def test_ap_wpa2_psk_supp_proto_too_long_gtk_in_group_msg(dev, apdev):
1601 """WPA2-PSK supplicant protocol testing: too long GTK KDE in group msg"""
1602 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1603
1604 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1605 msg = recv_eapol(hapd)
1606 dev[0].dump_monitor()
1607
1608 # Build own EAPOL-Key msg 1/4
1609 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1610 counter = 1
1611 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1612 counter += 1
1613 send_eapol(dev[0], addr, build_eapol(msg))
1614 msg = recv_eapol(dev[0])
1615 snonce = msg['rsn_key_nonce']
1616
1617 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1618
1619 logger.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)")
1620 dev[0].dump_monitor()
1621 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618')
1622 wrapped = aes_wrap(kek, pad_key_data(plain))
1623 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1624 counter += 1
1625 send_eapol(dev[0], addr, build_eapol(msg))
1626 dev[0].wait_connected(timeout=1)
1627
1628 logger.debug("EAPOL-Key group msg 1/2 with too long GTK KDE")
1629 dev[0].dump_monitor()
1630 plain = binascii.unhexlify('dd27000fac010100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff')
1631 wrapped = aes_wrap(kek, pad_key_data(plain))
1632 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
1633 key_info=0x13c2)
1634 counter += 1
1635 send_eapol(dev[0], addr, build_eapol(msg))
1636 ev = dev[0].wait_event(["WPA: Unsupported CCMP Group Cipher key length 33"])
1637 if ev is None:
1638 raise Exception("Too long GTK KDE not reported")
1639 dev[0].wait_disconnected(timeout=1)
1640
1641def test_ap_wpa2_psk_supp_proto_too_long_gtk_kde(dev, apdev):
1642 """WPA2-PSK supplicant protocol testing: too long GTK KDE"""
1643 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1644
1645 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1646 msg = recv_eapol(hapd)
1647 dev[0].dump_monitor()
1648
1649 # Build own EAPOL-Key msg 1/4
1650 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1651 counter = 1
1652 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1653 counter += 1
1654 send_eapol(dev[0], addr, build_eapol(msg))
1655 msg = recv_eapol(dev[0])
1656 snonce = msg['rsn_key_nonce']
1657
1658 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1659
1660 logger.debug("EAPOL-Key msg 3/4 with too short GTK KDE")
1661 dev[0].dump_monitor()
1662 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd27000fac010100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff')
1663 wrapped = aes_wrap(kek, pad_key_data(plain))
1664 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1665 counter += 1
1666 send_eapol(dev[0], addr, build_eapol(msg))
1667 dev[0].wait_disconnected(timeout=1)
1668
1669def test_ap_wpa2_psk_supp_proto_gtk_not_encrypted(dev, apdev):
1670 """WPA2-PSK supplicant protocol testing: GTK KDE not encrypted"""
1671 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1672
1673 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1674 msg = recv_eapol(hapd)
1675 dev[0].dump_monitor()
1676
1677 # Build own EAPOL-Key msg 1/4
1678 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1679 counter = 1
1680 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1681 counter += 1
1682 send_eapol(dev[0], addr, build_eapol(msg))
1683 msg = recv_eapol(dev[0])
1684 snonce = msg['rsn_key_nonce']
1685
1686 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1687
1688 logger.debug("Valid EAPOL-Key msg 3/4")
1689 dev[0].dump_monitor()
1690 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
1691 msg = build_eapol_key_3_4(anonce, kck, plain, replay_counter=counter,
1692 key_info=0x03ca)
1693 counter += 1
1694 send_eapol(dev[0], addr, build_eapol(msg))
1695 ev = dev[0].wait_event(["WPA: GTK IE in unencrypted key data"])
1696 if ev is None:
1697 raise Exception("Unencrypted GTK KDE not reported")
1698 dev[0].wait_disconnected(timeout=1)
1699
5b3c40a6
JM		 1700def find_wpas_process(dev):
1701 ifname = dev.ifname
525f8293 1702 err, data = dev.cmd_execute(['ps', 'ax'])
5b3c40a6
JM		 1703 for l in data.splitlines():
1704 if "wpa_supplicant" not in l:
1705 continue
1706 if "-i" + ifname not in l:
1707 continue
1708 return int(l.strip().split(' ')[0])
1709 raise Exception("Could not find wpa_supplicant process")
1710
1711def read_process_memory(pid, key=None):
1712 buf = bytes()
f089cdf9 1713 logger.info("Reading process memory (pid=%d)" % pid)
5b3c40a6
JM		 1714 with open('/proc/%d/maps' % pid, 'r') as maps, \
1715 open('/proc/%d/mem' % pid, 'r') as mem:
1716 for l in maps.readlines():
1717 m = re.match(r'([0-9a-f]+)-([0-9a-f]+) ([-r][-w][-x][-p])', l)
1718 if not m:
1719 continue
1720 start = int(m.group(1), 16)
1721 end = int(m.group(2), 16)
1722 perm = m.group(3)
1723 if start > 0xffffffffffff:
1724 continue
1725 if end < start:
1726 continue
1727 if not perm.startswith('rw'):
1728 continue
f089cdf9
JM		 1729 for name in [ "[heap]", "[stack]" ]:
1730 if name in l:
1731 logger.info("%s 0x%x-0x%x is at %d-%d" % (name, start, end, len(buf), len(buf) + (end - start)))
5b3c40a6
JM		 1732 mem.seek(start)
1733 data = mem.read(end - start)
1734 buf += data
1735 if key and key in data:
1736 logger.info("Key found in " + l)
f089cdf9 1737 logger.info("Total process memory read: %d bytes" % len(buf))
5b3c40a6
JM		 1738 return buf
1739
1740def verify_not_present(buf, key, fname, keyname):
1741 pos = buf.find(key)
1742 if pos < 0:
1743 return
1744
1745 prefix = 2048 if pos > 2048 else pos
1746 with open(fname + keyname, 'w') as f:
1747 f.write(buf[pos - prefix:pos + 2048])
1748 raise Exception(keyname + " found after disassociation")
1749
1750def get_key_locations(buf, key, keyname):
1751 count = 0
1752 pos = 0
1753 while True:
1754 pos = buf.find(key, pos)
1755 if pos < 0:
1756 break
1757 logger.info("Found %s at %d" % (keyname, pos))
bc6e3288 1758 context = 128
f089cdf9
JM		 1759 start = pos - context if pos > context else 0
1760 before = binascii.hexlify(buf[start:pos])
1761 context += len(key)
1762 end = pos + context if pos < len(buf) - context else len(buf) - context
1763 after = binascii.hexlify(buf[pos + len(key):end])
1764 logger.debug("Memory context %d-%d: %s|%s|%s" % (start, end, before, binascii.hexlify(key), after))
5b3c40a6
JM		 1765 count += 1
1766 pos += len(key)
1767 return count
1768
1769def test_wpa2_psk_key_lifetime_in_memory(dev, apdev, params):
1770 """WPA2-PSK and PSK/PTK lifetime in memory"""
1771 ssid = "test-wpa2-psk"
1772 passphrase = 'qwertyuiop'
1773 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
1774 pmk = binascii.unhexlify(psk)
1775 p = hostapd.wpa2_params(ssid=ssid)
1776 p['wpa_psk'] = psk
8b8a1864 1777 hapd = hostapd.add_ap(apdev[0], p)
5b3c40a6
JM		 1778
1779 pid = find_wpas_process(dev[0])
1780
1781 id = dev[0].connect(ssid, raw_psk=psk, scan_freq="2412",
1782 only_add_network=True)
1783
1784 logger.info("Checking keys in memory after network profile configuration")
1785 buf = read_process_memory(pid, pmk)
1786 get_key_locations(buf, pmk, "PMK")
1787
1788 dev[0].request("REMOVE_NETWORK all")
1789 logger.info("Checking keys in memory after network profile removal")
1790 buf = read_process_memory(pid, pmk)
1791 get_key_locations(buf, pmk, "PMK")
1792
1793 id = dev[0].connect(ssid, psk=passphrase, scan_freq="2412",
1794 only_add_network=True)
1795
1796 logger.info("Checking keys in memory before connection")
1797 buf = read_process_memory(pid, pmk)
1798 get_key_locations(buf, pmk, "PMK")
1799
1800 dev[0].connect_network(id, timeout=20)
8e416cec
JM		 1801 # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
1802 # event has been delivered, so verify that wpa_supplicant has returned to
1803 # eloop before reading process memory.
54f2cae2 1804 time.sleep(1)
8e416cec 1805 dev[0].ping()
5b3c40a6
JM		 1806
1807 buf = read_process_memory(pid, pmk)
1808
1809 dev[0].request("DISCONNECT")
1810 dev[0].wait_disconnected()
1811
1812 dev[0].relog()
1813 ptk = None
1814 gtk = None
1815 with open(os.path.join(params['logdir'], 'log0'), 'r') as f:
1816 for l in f.readlines():
1817 if "WPA: PTK - hexdump" in l:
1818 val = l.strip().split(':')[3].replace(' ', '')
1819 ptk = binascii.unhexlify(val)
1820 if "WPA: Group Key - hexdump" in l:
1821 val = l.strip().split(':')[3].replace(' ', '')
1822 gtk = binascii.unhexlify(val)
1823 if not pmk or not ptk or not gtk:
1824 raise Exception("Could not find keys from debug log")
1825 if len(gtk) != 16:
1826 raise Exception("Unexpected GTK length")
1827
1828 kck = ptk[0:16]
1829 kek = ptk[16:32]
1830 tk = ptk[32:48]
1831
1832 logger.info("Checking keys in memory while associated")
1833 get_key_locations(buf, pmk, "PMK")
1834 if pmk not in buf:
81e787b7 1835 raise HwsimSkip("PMK not found while associated")
5b3c40a6
JM		 1836 if kck not in buf:
1837 raise Exception("KCK not found while associated")
1838 if kek not in buf:
1839 raise Exception("KEK not found while associated")
1840 if tk in buf:
1841 raise Exception("TK found from memory")
1842 if gtk in buf:
8eb45bde 1843 get_key_locations(buf, gtk, "GTK")
5b3c40a6
JM		 1844 raise Exception("GTK found from memory")
1845
1846 logger.info("Checking keys in memory after disassociation")
1847 buf = read_process_memory(pid, pmk)
1848 get_key_locations(buf, pmk, "PMK")
1849
1850 # Note: PMK/PSK is still present in network configuration
1851
1852 fname = os.path.join(params['logdir'],
1853 'wpa2_psk_key_lifetime_in_memory.memctx-')
1854 verify_not_present(buf, kck, fname, "KCK")
1855 verify_not_present(buf, kek, fname, "KEK")
1856 verify_not_present(buf, tk, fname, "TK")
1857 verify_not_present(buf, gtk, fname, "GTK")
1858
1859 dev[0].request("REMOVE_NETWORK all")
1860
1861 logger.info("Checking keys in memory after network profile removal")
1862 buf = read_process_memory(pid, pmk)
1863 get_key_locations(buf, pmk, "PMK")
1864
1865 verify_not_present(buf, pmk, fname, "PMK")
1866 verify_not_present(buf, kck, fname, "KCK")
1867 verify_not_present(buf, kek, fname, "KEK")
1868 verify_not_present(buf, tk, fname, "TK")
1869 verify_not_present(buf, gtk, fname, "GTK")
214457de 1870
9fd6804d 1871@remote_compatible
214457de
JM		 1872def test_ap_wpa2_psk_wep(dev, apdev):
1873 """WPA2-PSK AP and WEP enabled"""
1874 ssid = "test-wpa2-psk"
1875 passphrase = 'qwertyuiop'
1876 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
8b8a1864 1877 hapd = hostapd.add_ap(apdev[0], params)
214457de
JM		 1878 try:
1879 hapd.set('wep_key0', '"hello"')
1880 raise Exception("WEP key accepted to WPA2 network")
1881 except Exception:
1882 pass
a1512a0c
JM		 1883
1884def test_ap_wpa2_psk_wpas_in_bridge(dev, apdev):
1885 """WPA2-PSK AP and wpas interface in a bridge"""
1886 br_ifname='sta-br0'
1887 ifname='wlan5'
1888 try:
1889 _test_ap_wpa2_psk_wpas_in_bridge(dev, apdev)
1890 finally:
1891 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'down'])
1892 subprocess.call(['brctl', 'delif', br_ifname, ifname])
1893 subprocess.call(['brctl', 'delbr', br_ifname])
f245b450 1894 subprocess.call(['iw', ifname, 'set', '4addr', 'off'])
a1512a0c
JM		 1895
1896def _test_ap_wpa2_psk_wpas_in_bridge(dev, apdev):
1897 ssid = "test-wpa2-psk"
1898 passphrase = 'qwertyuiop'
1899 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
8b8a1864 1900 hapd = hostapd.add_ap(apdev[0], params)
a1512a0c
JM		 1901
1902 br_ifname='sta-br0'
1903 ifname='wlan5'
1904 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
1905 subprocess.call(['brctl', 'addbr', br_ifname])
1906 subprocess.call(['brctl', 'setfd', br_ifname, '0'])
1907 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'up'])
1908 subprocess.call(['iw', ifname, 'set', '4addr', 'on'])
1909 subprocess.check_call(['brctl', 'addif', br_ifname, ifname])
1910 wpas.interface_add(ifname, br_ifname=br_ifname)
4b9d79b6 1911 wpas.dump_monitor()
a1512a0c
JM		 1912
1913 wpas.connect(ssid, psk=passphrase, scan_freq="2412")
4b9d79b6 1914 wpas.dump_monitor()
eb88a5ba 1915
9fd6804d 1916@remote_compatible
eb88a5ba
JM		 1917def test_ap_wpa2_psk_ifdown(dev, apdev):
1918 """AP with open mode and external ifconfig down"""
1919 ssid = "test-wpa2-psk"
1920 passphrase = 'qwertyuiop'
1921 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
8b8a1864 1922 hapd = hostapd.add_ap(apdev[0], params)
eb88a5ba
JM		 1923 bssid = apdev[0]['bssid']
1924
1925 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
10e09d83 1926 hapd.cmd_execute(['ip', 'link', 'set', 'dev', apdev[0]['ifname'], 'down'])
eb88a5ba
JM		 1927 ev = hapd.wait_event(["INTERFACE-DISABLED"], timeout=10)
1928 if ev is None:
1929 raise Exception("No INTERFACE-DISABLED event")
1930 # this wait tests beacon loss detection in mac80211
1931 dev[0].wait_disconnected()
10e09d83 1932 hapd.cmd_execute(['ip', 'link', 'set', 'dev', apdev[0]['ifname'], 'up'])
eb88a5ba
JM		 1933 ev = hapd.wait_event(["INTERFACE-ENABLED"], timeout=10)
1934 if ev is None:
1935 raise Exception("No INTERFACE-ENABLED event")
1936 dev[0].wait_connected()
1937 hwsim_utils.test_connectivity(dev[0], hapd)
0f74bd41
JM		 1938
1939def test_ap_wpa2_psk_drop_first_msg_4(dev, apdev):
1940 """WPA2-PSK and first EAPOL-Key msg 4/4 dropped"""
1941 bssid = apdev[0]['bssid']
1942 ssid = "test-wpa2-psk"
1943 passphrase = 'qwertyuiop'
1944 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
1945 params = hostapd.wpa2_params(ssid=ssid)
1946 params['wpa_psk'] = psk
8b8a1864 1947 hapd = hostapd.add_ap(apdev[0], params)
0f74bd41
JM		 1948 hapd.request("SET ext_eapol_frame_io 1")
1949 dev[0].request("SET ext_eapol_frame_io 1")
1950 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
1951 addr = dev[0].own_addr()
1952
1953 # EAPOL-Key msg 1/4
1954 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1955 if ev is None:
1956 raise Exception("Timeout on EAPOL-TX from hostapd")
1957 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
1958 if "OK" not in res:
1959 raise Exception("EAPOL_RX to wpa_supplicant failed")
1960
1961 # EAPOL-Key msg 2/4
1962 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
1963 if ev is None:
1964 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1965 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
1966 if "OK" not in res:
1967 raise Exception("EAPOL_RX to hostapd failed")
1968
1969 # EAPOL-Key msg 3/4
1970 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1971 if ev is None:
1972 raise Exception("Timeout on EAPOL-TX from hostapd")
1973 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
1974 if "OK" not in res:
1975 raise Exception("EAPOL_RX to wpa_supplicant failed")
1976
1977 # EAPOL-Key msg 4/4
1978 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
1979 if ev is None:
1980 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1981 logger.info("Drop the first EAPOL-Key msg 4/4")
1982
1983 # wpa_supplicant believes now that 4-way handshake succeeded; hostapd
1984 # doesn't. Use normal EAPOL TX/RX to handle retries.
1985 hapd.request("SET ext_eapol_frame_io 0")
1986 dev[0].request("SET ext_eapol_frame_io 0")
1987 dev[0].wait_connected()
1988
1989 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
1990 if ev is None:
1991 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
1992
1993 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=0.1)
1994 if ev is not None:
1995 logger.info("Disconnection detected")
1996 # The EAPOL-Key retries are supposed to allow the connection to be
1997 # established without having to reassociate. However, this does not
1998 # currently work since mac80211 ends up encrypting EAPOL-Key msg 4/4
1999 # after the pairwise key has been configured and AP will drop those and
2000 # disconnect the station after reaching retransmission limit. Connection
2001 # is then established after reassociation. Once that behavior has been
2002 # optimized to prevent EAPOL-Key frame encryption for retransmission
2003 # case, this exception can be uncommented here.
2004 #raise Exception("Unexpected disconnection")
a14a5f24 2005
9fd6804d 2006@remote_compatible
a14a5f24
JM		 2007def test_ap_wpa2_psk_disable_enable(dev, apdev):
2008 """WPA2-PSK AP getting disabled and re-enabled"""
2009 ssid = "test-wpa2-psk"
2010 passphrase = 'qwertyuiop'
2011 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
2012 params = hostapd.wpa2_params(ssid=ssid)
2013 params['wpa_psk'] = psk
8b8a1864 2014 hapd = hostapd.add_ap(apdev[0], params)
a14a5f24
JM		 2015 dev[0].connect(ssid, raw_psk=psk, scan_freq="2412")
2016
2017 for i in range(2):
2018 hapd.request("DISABLE")
2019 dev[0].wait_disconnected()
2020 hapd.request("ENABLE")
2021 dev[0].wait_connected()
2022 hwsim_utils.test_connectivity(dev[0], hapd)
97c6d0d8 2023
9fd6804d 2024@remote_compatible
97c6d0d8
JM		 2025def test_ap_wpa2_psk_incorrect_passphrase(dev, apdev):
2026 """WPA2-PSK AP and station using incorrect passphrase"""
2027 ssid = "test-wpa2-psk"
2028 passphrase = 'qwertyuiop'
2029 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
8b8a1864 2030 hapd = hostapd.add_ap(apdev[0], params)
97c6d0d8
JM		 2031 dev[0].connect(ssid, psk="incorrect passphrase", scan_freq="2412",
2032 wait_connect=False)
2033 ev = hapd.wait_event(["AP-STA-POSSIBLE-PSK-MISMATCH"], timeout=10)
2034 if ev is None:
2035 raise Exception("No AP-STA-POSSIBLE-PSK-MISMATCH reported")
a539d3f7
JM		 2036 dev[0].dump_monitor()
2037
2038 hapd.disable()
2039 hapd.set("wpa_passphrase", "incorrect passphrase")
2040 hapd.enable()
2041
2042 dev[0].wait_connected(timeout=20)
4b0e0c53 2043
9fd6804d 2044@remote_compatible
4b0e0c53
JM		 2045def test_ap_wpa_ie_parsing(dev, apdev):
2046 """WPA IE parsing"""
a1eabc74 2047 skip_with_fips(dev[0])
4b0e0c53
JM		 2048 ssid = "test-wpa-psk"
2049 passphrase = 'qwertyuiop'
2050 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
8b8a1864 2051 hapd = hostapd.add_ap(apdev[0], params)
4b0e0c53
JM		 2052 id = dev[0].connect(ssid, psk=passphrase, scan_freq="2412",
2053 only_add_network=True)
2054
2055 tests = [ "dd040050f201",
2056 "dd050050f20101",
2057 "dd060050f2010100",
2058 "dd060050f2010001",
2059 "dd070050f201010000",
2060 "dd080050f20101000050",
2061 "dd090050f20101000050f2",
2062 "dd0a0050f20101000050f202",
2063 "dd0b0050f20101000050f20201",
2064 "dd0c0050f20101000050f2020100",
2065 "dd0c0050f20101000050f2020000",
2066 "dd0c0050f20101000050f202ffff",
2067 "dd0d0050f20101000050f202010000",
2068 "dd0e0050f20101000050f20201000050",
2069 "dd0f0050f20101000050f20201000050f2",
2070 "dd100050f20101000050f20201000050f202",
2071 "dd110050f20101000050f20201000050f20201",
2072 "dd120050f20101000050f20201000050f2020100",
2073 "dd120050f20101000050f20201000050f2020000",
2074 "dd120050f20101000050f20201000050f202ffff",
2075 "dd130050f20101000050f20201000050f202010000",
2076 "dd140050f20101000050f20201000050f20201000050",
2077 "dd150050f20101000050f20201000050f20201000050f2" ]
2078 for t in tests:
2079 try:
2080 if "OK" not in dev[0].request("VENDOR_ELEM_ADD 13 " + t):
2081 raise Exception("VENDOR_ELEM_ADD failed")
2082 dev[0].select_network(id)
2083 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
2084 if ev is None:
2085 raise Exception("Association rejection not reported")
2086 dev[0].request("DISCONNECT")
a359c7bb 2087 dev[0].dump_monitor()
4b0e0c53
JM		 2088 finally:
2089 dev[0].request("VENDOR_ELEM_REMOVE 13 *")
2090
2091 tests = [ "dd170050f20101000050f20201000050f20201000050f202ff",
2092 "dd180050f20101000050f20201000050f20201000050f202ffff",
2093 "dd190050f20101000050f20201000050f20201000050f202ffffff" ]
2094 for t in tests:
2095 try:
2096 if "OK" not in dev[0].request("VENDOR_ELEM_ADD 13 " + t):
2097 raise Exception("VENDOR_ELEM_ADD failed")
2098 dev[0].select_network(id)
2099 dev[0].wait_connected()
2100 dev[0].request("DISCONNECT")
a359c7bb 2101 dev[0].dump_monitor()
4b0e0c53
JM		 2102 finally:
2103 dev[0].request("VENDOR_ELEM_REMOVE 13 *")
bf7071bb 2104
9fd6804d 2105@remote_compatible
bf7071bb
JM		 2106def test_ap_wpa2_psk_no_random(dev, apdev):
2107 """WPA2-PSK AP and no random numbers available"""
2108 ssid = "test-wpa2-psk"
2109 passphrase = 'qwertyuiop'
2110 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
2111 params = hostapd.wpa2_params(ssid=ssid)
2112 params['wpa_psk'] = psk
8b8a1864 2113 hapd = hostapd.add_ap(apdev[0], params)
bf7071bb
JM		 2114 with fail_test(hapd, 1, "wpa_gmk_to_gtk"):
2115 id = dev[0].connect(ssid, raw_psk=psk, scan_freq="2412",
2116 wait_connect=False)
2117 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=15)
2118 if ev is None:
2119 raise Exception("Disconnection event not reported")
2120 dev[0].request("DISCONNECT")
2121 dev[0].select_network(id, freq=2412)
2122 dev[0].wait_connected()
ecafa0cf 2123
9fd6804d 2124@remote_compatible
ecafa0cf
JM		 2125def test_rsn_ie_proto_psk_sta(dev, apdev):
2126 """RSN element protocol testing for PSK cases on STA side"""
2127 bssid = apdev[0]['bssid']
2128 ssid = "test-wpa2-psk"
2129 passphrase = 'qwertyuiop'
2130 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
2131 # This is the RSN element used normally by hostapd
2132 params['own_ie_override'] = '30140100000fac040100000fac040100000fac020c00'
8b8a1864 2133 hapd = hostapd.add_ap(apdev[0], params)
ecafa0cf
JM		 2134 if "FAIL" not in hapd.request("SET own_ie_override qwerty"):
2135 raise Exception("Invalid own_ie_override value accepted")
2136 id = dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
2137
2138 tests = [ ('No RSN Capabilities field',
2139 '30120100000fac040100000fac040100000fac02'),
2140 ('Reserved RSN Capabilities bits set',
2141 '30140100000fac040100000fac040100000fac023cff'),
2142 ('Extra pairwise cipher suite (unsupported)',
2143 '30180100000fac040200ffffffff000fac040100000fac020c00'),
2144 ('Extra AKM suite (unsupported)',
2145 '30180100000fac040100000fac040200ffffffff000fac020c00'),
2146 ('PMKIDCount field included',
2147 '30160100000fac040100000fac040100000fac020c000000'),
2148 ('Unexpected Group Management Cipher Suite with PMF disabled',
2149 '301a0100000fac040100000fac040100000fac020c000000000fac06'),
2150 ('Extra octet after defined fields (future extensibility)',
2151 '301b0100000fac040100000fac040100000fac020c000000000fac0600') ]
2152 for txt,ie in tests:
2153 dev[0].request("DISCONNECT")
2154 dev[0].wait_disconnected()
2155 logger.info(txt)
2156 hapd.disable()
2157 hapd.set('own_ie_override', ie)
2158 hapd.enable()
2159 dev[0].request("BSS_FLUSH 0")
2160 dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
2161 dev[0].select_network(id, freq=2412)
2162 dev[0].wait_connected()
b1f69186 2163
9fd6804d 2164@remote_compatible
b1f69186
JB		 2165def test_ap_cli_order(dev, apdev):
2166 ssid = "test-rsn-setup"
2167 passphrase = 'zzzzzzzz'
b1f69186 2168
84f3f3a5 2169 hapd = hostapd.add_ap(apdev[0], {}, no_enable=True)
b1f69186
JB		 2170 hapd.set('ssid', ssid)
2171 hapd.set('wpa_passphrase', passphrase)
2172 hapd.set('rsn_pairwise', 'CCMP')
2173 hapd.set('wpa_key_mgmt', 'WPA-PSK')
2174 hapd.set('wpa', '2')
2175 hapd.enable()
2176 cfg = hapd.get_config()
2177 if cfg['group_cipher'] != 'CCMP':
2178 raise Exception("Unexpected group_cipher: " + cfg['group_cipher'])
2179 if cfg['rsn_pairwise_cipher'] != 'CCMP':
2180 raise Exception("Unexpected rsn_pairwise_cipher: " + cfg['rsn_pairwise_cipher'])
2181
2182 ev = hapd.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=30)
2183 if ev is None:
2184 raise Exception("AP startup timed out")
2185 if "AP-ENABLED" not in ev:
2186 raise Exception("AP startup failed")
2187
2188 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
0ceff76e
JM		 2189
2190def set_test_assoc_ie(dev, ie):
2191 if "OK" not in dev.request("TEST_ASSOC_IE " + ie):
2192 raise Exception("Could not set TEST_ASSOC_IE")
2193
9fd6804d 2194@remote_compatible
0ceff76e
JM		 2195def test_ap_wpa2_psk_assoc_rsn(dev, apdev):
2196 """WPA2-PSK AP and association request RSN IE differences"""
2197 ssid = "test-wpa2-psk"
2198 passphrase = 'qwertyuiop'
2199 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
8b8a1864 2200 hapd = hostapd.add_ap(apdev[0], params)
0ceff76e
JM		 2201
2202 tests = [ ("Normal wpa_supplicant assoc req RSN IE",
2203 "30140100000fac040100000fac040100000fac020000"),
2204 ("RSN IE without RSN Capabilities",
2205 "30120100000fac040100000fac040100000fac02") ]
2206 for title, ie in tests:
2207 logger.info(title)
2208 set_test_assoc_ie(dev[0], ie)
2209 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
2210 dev[0].request("REMOVE_NETWORK all")
2211 dev[0].wait_disconnected()
2212
2213 tests = [ ("WPA IE instead of RSN IE and only RSN enabled on AP",
2214 "dd160050f20101000050f20201000050f20201000050f202", 40),
2215 ("Empty RSN IE", "3000", 40),
2216 ("RSN IE with truncated Version", "300101", 40),
2217 ("RSN IE with only Version", "30020100", 43) ]
2218 for title, ie, status in tests:
2219 logger.info(title)
2220 set_test_assoc_ie(dev[0], ie)
2221 dev[0].connect(ssid, psk=passphrase, scan_freq="2412",
2222 wait_connect=False)
2223 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"])
2224 if ev is None:
2225 raise Exception("Association rejection not reported")
2226 if "status_code=" + str(status) not in ev:
2227 raise Exception("Unexpected status code: " + ev)
2228 dev[0].request("REMOVE_NETWORK all")
2229 dev[0].dump_monitor()
50bb5c86
JM		 2230
2231def test_ap_wpa_psk_rsn_pairwise(dev, apdev):
2232 """WPA-PSK AP and only rsn_pairwise set"""
2233 params = { "ssid": "wpapsk", "wpa": "1", "wpa_key_mgmt": "WPA-PSK",
2234 "rsn_pairwise": "TKIP", "wpa_passphrase": "1234567890" }
2235 hapd = hostapd.add_ap(apdev[0], params)
2236 dev[0].connect("wpapsk", psk="1234567890", proto="WPA", pairwise="TKIP",
2237 scan_freq="2412")
Unnamed repository; edit this file 'description' to name the repository.