1 # Fast BSS Transition tests
2 # Copyright (c) 2013-2019, Jouni Malinen <j@w1.fi>
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
7 from remotehost
import remote_compatible
12 logger
= logging
.getLogger()
18 from hwsim
import HWSimRadio
20 from tshark
import run_tshark
21 from utils
import HwsimSkip
, alloc_fail
, fail_test
, wait_fail_trigger
, skip_with_fips
, parse_ie
22 from wlantest
import Wlantest
23 from test_ap_psk
import check_mib
, find_wpas_process
, read_process_memory
, verify_not_present
, get_key_locations
24 from test_rrm
import check_beacon_req
25 from test_suite_b
import check_suite_b_192_capa
29 "wpa_key_mgmt": "FT-PSK",
30 "rsn_pairwise": "CCMP"}
35 "wpa_key_mgmt": "WPA-PSK FT-PSK",
36 "wpa_pairwise": "TKIP",
37 "rsn_pairwise": "CCMP"}
40 def ft_params(rsn
=True, ssid
=None, passphrase
=None):
42 params
= ft_base_rsn()
44 params
= ft_base_mixed()
48 params
["wpa_passphrase"] = passphrase
50 params
["mobility_domain"] = "a1b2"
51 params
["r0_key_lifetime"] = "10000"
52 params
["pmk_r1_push"] = "1"
53 params
["reassociation_deadline"] = "1000"
56 def ft_params1a(rsn
=True, ssid
=None, passphrase
=None):
57 params
= ft_params(rsn
, ssid
, passphrase
)
58 params
['nas_identifier'] = "nas1.w1.fi"
59 params
['r1_key_holder'] = "000102030405"
62 def ft_params1(rsn
=True, ssid
=None, passphrase
=None, discovery
=False):
63 params
= ft_params1a(rsn
, ssid
, passphrase
)
65 params
['r0kh'] = "ff:ff:ff:ff:ff:ff * 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
66 params
['r1kh'] = "00:00:00:00:00:00 00:00:00:00:00:00 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
68 params
['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f",
69 "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"]
70 params
['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f"
73 def ft_params1_old_key(rsn
=True, ssid
=None, passphrase
=None):
74 params
= ft_params1a(rsn
, ssid
, passphrase
)
75 params
['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f",
76 "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f"]
77 params
['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f"
80 def ft_params2a(rsn
=True, ssid
=None, passphrase
=None):
81 params
= ft_params(rsn
, ssid
, passphrase
)
82 params
['nas_identifier'] = "nas2.w1.fi"
83 params
['r1_key_holder'] = "000102030406"
86 def ft_params2(rsn
=True, ssid
=None, passphrase
=None, discovery
=False):
87 params
= ft_params2a(rsn
, ssid
, passphrase
)
89 params
['r0kh'] = "ff:ff:ff:ff:ff:ff * 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
90 params
['r1kh'] = "00:00:00:00:00:00 00:00:00:00:00:00 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
92 params
['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f",
93 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f"]
94 params
['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"
97 def ft_params2_old_key(rsn
=True, ssid
=None, passphrase
=None):
98 params
= ft_params2a(rsn
, ssid
, passphrase
)
99 params
['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f",
100 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f"]
101 params
['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f"
104 def ft_params1_r0kh_mismatch(rsn
=True, ssid
=None, passphrase
=None):
105 params
= ft_params(rsn
, ssid
, passphrase
)
106 params
['nas_identifier'] = "nas1.w1.fi"
107 params
['r1_key_holder'] = "000102030405"
108 params
['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f",
109 "12:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"]
110 params
['r1kh'] = "12:00:00:00:04:00 10:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f"
113 def ft_params2_incorrect_rrb_key(rsn
=True, ssid
=None, passphrase
=None):
114 params
= ft_params(rsn
, ssid
, passphrase
)
115 params
['nas_identifier'] = "nas2.w1.fi"
116 params
['r1_key_holder'] = "000102030406"
117 params
['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0ef1200102030405060708090a0b0c0d0ef1",
118 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0ef2000102030405060708090a0b0c0d0ef2"]
119 params
['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0ef3300102030405060708090a0b0c0d0ef3"
122 def ft_params2_r0kh_mismatch(rsn
=True, ssid
=None, passphrase
=None):
123 params
= ft_params(rsn
, ssid
, passphrase
)
124 params
['nas_identifier'] = "nas2.w1.fi"
125 params
['r1_key_holder'] = "000102030406"
126 params
['r0kh'] = ["12:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f",
127 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f"]
128 params
['r1kh'] = "12:00:00:00:03:00 10:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"
131 def run_roams(dev
, apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=False,
132 sae
=False, eap
=False, fail_test
=False, roams
=1,
133 pairwise_cipher
="CCMP", group_cipher
="TKIP CCMP", ptk_rekey
="0",
134 test_connectivity
=True, eap_identity
="gpsk user", conndev
=False,
135 force_initial_conn_to_first_ap
=False, sha384
=False,
136 group_mgmt
=None, ocv
=None, sae_password
=None,
137 sae_password_id
=None, sae_and_psk
=False, pmksa_caching
=False,
138 roam_with_reassoc
=False, also_non_ft
=False, only_one_way
=False,
139 wait_before_roam
=0, return_after_initial
=False, ieee80211w
="1"):
140 logger
.info("Connect to first AP")
143 copts
["proto"] = "WPA2"
144 copts
["ieee80211w"] = ieee80211w
145 copts
["scan_freq"] = "2412"
146 copts
["pairwise"] = pairwise_cipher
147 copts
["group"] = group_cipher
148 copts
["wpa_ptk_rekey"] = ptk_rekey
150 copts
["group_mgmt"] = group_mgmt
155 copts
["ft_eap_pmksa_caching"] = "1"
157 copts
["key_mgmt"] = "WPA-EAP-SUITE-B-192 FT-EAP-SHA384" if sha384
else "WPA-EAP FT-EAP"
159 copts
["key_mgmt"] = "FT-EAP-SHA384" if sha384
else "FT-EAP"
160 copts
["eap"] = "GPSK"
161 copts
["identity"] = eap_identity
162 copts
["password"] = "abcdefghijklmnop0123456789abcdef"
165 copts
["key_mgmt"] = "SAE FT-SAE" if sae_and_psk
else "FT-SAE"
167 copts
["key_mgmt"] = "FT-PSK"
169 copts
["psk"] = passphrase
171 copts
["sae_password"] = sae_password
173 copts
["sae_password_id"] = sae_password_id
174 if force_initial_conn_to_first_ap
:
175 copts
["bssid"] = apdev
[0]['bssid']
176 netw
= dev
.connect(ssid
, **copts
)
178 dev
.request("DISCONNECT")
179 dev
.wait_disconnected()
180 dev
.request("RECONNECT")
181 ev
= dev
.wait_event(["CTRL-EVENT-CONNECTED",
182 "CTRL-EVENT-DISCONNECTED",
183 "CTRL-EVENT-EAP-STARTED"],
186 raise Exception("Reconnect timed out")
187 if "CTRL-EVENT-DISCONNECTED" in ev
:
188 raise Exception("Unexpected disconnection after RECONNECT")
189 if "CTRL-EVENT-EAP-STARTED" in ev
:
190 raise Exception("Unexpected EAP start after RECONNECT")
192 if dev
.get_status_field('bssid') == apdev
[0]['bssid']:
202 if test_connectivity
:
205 hwsim_utils
.test_connectivity_iface(dev
, hapd1ap
, conndev
)
207 hwsim_utils
.test_connectivity(dev
, hapd1ap
)
209 if return_after_initial
:
213 time
.sleep(wait_before_roam
)
214 dev
.scan_for_bss(ap2
['bssid'], freq
="2412")
216 for i
in range(0, roams
):
217 # Roaming artificially fast can make data test fail because the key is
220 logger
.info("Roam to the second AP")
221 if roam_with_reassoc
:
222 dev
.set_network(netw
, "bssid", ap2
['bssid'])
223 dev
.request("REASSOCIATE")
226 dev
.roam_over_ds(ap2
['bssid'], fail_test
=fail_test
)
228 dev
.roam(ap2
['bssid'], fail_test
=fail_test
)
231 if dev
.get_status_field('bssid') != ap2
['bssid']:
232 raise Exception("Did not connect to correct AP")
233 if (i
== 0 or i
== roams
- 1) and test_connectivity
:
236 hwsim_utils
.test_connectivity_iface(dev
, hapd2ap
, conndev
)
238 hwsim_utils
.test_connectivity(dev
, hapd2ap
)
242 # Roaming artificially fast can make data test fail because the key is
245 logger
.info("Roam back to the first AP")
246 if roam_with_reassoc
:
247 dev
.set_network(netw
, "bssid", ap1
['bssid'])
248 dev
.request("REASSOCIATE")
251 dev
.roam_over_ds(ap1
['bssid'])
253 dev
.roam(ap1
['bssid'])
254 if dev
.get_status_field('bssid') != ap1
['bssid']:
255 raise Exception("Did not connect to correct AP")
256 if (i
== 0 or i
== roams
- 1) and test_connectivity
:
259 hwsim_utils
.test_connectivity_iface(dev
, hapd1ap
, conndev
)
261 hwsim_utils
.test_connectivity(dev
, hapd1ap
)
263 def test_ap_ft(dev
, apdev
):
266 passphrase
= "12345678"
268 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
269 hapd0
= hostapd
.add_ap(apdev
[0], params
)
270 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
271 hapd1
= hostapd
.add_ap(apdev
[1], params
)
273 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
274 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
275 raise Exception("Scan results missing RSN element info")
277 def test_ap_ft_old_key(dev
, apdev
):
278 """WPA2-PSK-FT AP (old key)"""
280 passphrase
= "12345678"
282 params
= ft_params1_old_key(ssid
=ssid
, passphrase
=passphrase
)
283 hapd0
= hostapd
.add_ap(apdev
[0], params
)
284 params
= ft_params2_old_key(ssid
=ssid
, passphrase
=passphrase
)
285 hapd1
= hostapd
.add_ap(apdev
[1], params
)
287 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
289 def test_ap_ft_multi_akm(dev
, apdev
):
290 """WPA2-PSK-FT AP with non-FT AKMs enabled"""
292 passphrase
= "12345678"
294 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
295 params
["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256"
296 hapd0
= hostapd
.add_ap(apdev
[0], params
)
297 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
298 params
["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256"
299 hapd1
= hostapd
.add_ap(apdev
[1], params
)
301 Wlantest
.setup(hapd0
)
304 wt
.add_passphrase(passphrase
)
306 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
307 if "[WPA2-PSK+FT/PSK+PSK-SHA256-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
308 raise Exception("Scan results missing RSN element info")
309 dev
[1].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
310 dev
[2].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK-SHA256",
313 def test_ap_ft_local_key_gen(dev
, apdev
):
314 """WPA2-PSK-FT AP with local key generation (without pull/push)"""
316 passphrase
= "12345678"
318 params
= ft_params1a(ssid
=ssid
, passphrase
=passphrase
)
319 params
['ft_psk_generate_local'] = "1"
320 del params
['pmk_r1_push']
321 hapd0
= hostapd
.add_ap(apdev
[0], params
)
322 params
= ft_params2a(ssid
=ssid
, passphrase
=passphrase
)
323 params
['ft_psk_generate_local'] = "1"
324 del params
['pmk_r1_push']
325 hapd1
= hostapd
.add_ap(apdev
[1], params
)
327 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
328 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
329 raise Exception("Scan results missing RSN element info")
331 def test_ap_ft_vlan(dev
, apdev
):
332 """WPA2-PSK-FT AP with VLAN"""
334 passphrase
= "12345678"
336 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
337 params
['dynamic_vlan'] = "1"
338 params
['accept_mac_file'] = "hostapd.accept"
339 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
341 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
342 params
['dynamic_vlan'] = "1"
343 params
['accept_mac_file'] = "hostapd.accept"
344 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
346 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, conndev
="brvlan1")
347 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
348 raise Exception("Scan results missing RSN element info")
350 def test_ap_ft_vlan_disconnected(dev
, apdev
):
351 """WPA2-PSK-FT AP with VLAN and local key generation"""
353 passphrase
= "12345678"
355 params
= ft_params1a(ssid
=ssid
, passphrase
=passphrase
)
356 params
['dynamic_vlan'] = "1"
357 params
['accept_mac_file'] = "hostapd.accept"
358 params
['ft_psk_generate_local'] = "1"
359 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
361 params
= ft_params2a(ssid
=ssid
, passphrase
=passphrase
)
362 params
['dynamic_vlan'] = "1"
363 params
['accept_mac_file'] = "hostapd.accept"
364 params
['ft_psk_generate_local'] = "1"
365 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
367 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, conndev
="brvlan1")
368 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
369 raise Exception("Scan results missing RSN element info")
371 def test_ap_ft_vlan_2(dev
, apdev
):
372 """WPA2-PSK-FT AP with VLAN and dest-AP does not have VLAN info locally"""
374 passphrase
= "12345678"
376 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
377 params
['dynamic_vlan'] = "1"
378 params
['accept_mac_file'] = "hostapd.accept"
379 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
381 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
382 params
['dynamic_vlan'] = "1"
383 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
385 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, conndev
="brvlan1",
386 force_initial_conn_to_first_ap
=True)
387 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
388 raise Exception("Scan results missing RSN element info")
390 def test_ap_ft_many(dev
, apdev
):
391 """WPA2-PSK-FT AP multiple times"""
393 passphrase
= "12345678"
395 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
396 hapd0
= hostapd
.add_ap(apdev
[0], params
)
397 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
398 hapd1
= hostapd
.add_ap(apdev
[1], params
)
400 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, roams
=50)
402 def test_ap_ft_many_vlan(dev
, apdev
):
403 """WPA2-PSK-FT AP with VLAN multiple times"""
405 passphrase
= "12345678"
407 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
408 params
['dynamic_vlan'] = "1"
409 params
['accept_mac_file'] = "hostapd.accept"
410 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
412 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
413 params
['dynamic_vlan'] = "1"
414 params
['accept_mac_file'] = "hostapd.accept"
415 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
417 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, roams
=50,
420 def test_ap_ft_mixed(dev
, apdev
):
421 """WPA2-PSK-FT mixed-mode AP"""
422 ssid
= "test-ft-mixed"
423 passphrase
= "12345678"
425 params
= ft_params1(rsn
=False, ssid
=ssid
, passphrase
=passphrase
)
426 hapd
= hostapd
.add_ap(apdev
[0], params
)
427 key_mgmt
= hapd
.get_config()['key_mgmt']
428 vals
= key_mgmt
.split(' ')
429 if vals
[0] != "WPA-PSK" or vals
[1] != "FT-PSK":
430 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
431 params
= ft_params2(rsn
=False, ssid
=ssid
, passphrase
=passphrase
)
432 hapd1
= hostapd
.add_ap(apdev
[1], params
)
434 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
)
436 def test_ap_ft_pmf(dev
, apdev
):
437 """WPA2-PSK-FT AP with PMF"""
438 run_ap_ft_pmf(dev
, apdev
, "1")
440 def test_ap_ft_pmf_over_ds(dev
, apdev
):
441 """WPA2-PSK-FT AP with PMF (over DS)"""
442 run_ap_ft_pmf(dev
, apdev
, "1", over_ds
=True)
444 def test_ap_ft_pmf_required(dev
, apdev
):
445 """WPA2-PSK-FT AP with PMF required on STA"""
446 run_ap_ft_pmf(dev
, apdev
, "2")
448 def test_ap_ft_pmf_required_over_ds(dev
, apdev
):
449 """WPA2-PSK-FT AP with PMF required on STA (over DS)"""
450 run_ap_ft_pmf(dev
, apdev
, "2", over_ds
=True)
452 def run_ap_ft_pmf(dev
, apdev
, ieee80211w
, over_ds
=False):
454 passphrase
= "12345678"
456 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
457 params
["ieee80211w"] = "2"
458 hapd0
= hostapd
.add_ap(apdev
[0], params
)
459 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
460 params
["ieee80211w"] = "2"
461 hapd1
= hostapd
.add_ap(apdev
[1], params
)
463 Wlantest
.setup(hapd0
)
466 wt
.add_passphrase(passphrase
)
468 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
,
469 ieee80211w
=ieee80211w
, over_ds
=over_ds
)
471 def test_ap_ft_pmf_required_mismatch(dev
, apdev
):
472 """WPA2-PSK-FT AP with PMF required on STA but AP2 not enabling PMF"""
473 run_ap_ft_pmf_required_mismatch(dev
, apdev
)
475 def test_ap_ft_pmf_required_mismatch_over_ds(dev
, apdev
):
476 """WPA2-PSK-FT AP with PMF required on STA but AP2 not enabling PMF (over DS)"""
477 run_ap_ft_pmf_required_mismatch(dev
, apdev
, over_ds
=True)
479 def run_ap_ft_pmf_required_mismatch(dev
, apdev
, over_ds
=False):
481 passphrase
= "12345678"
483 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
484 params
["ieee80211w"] = "2"
485 hapd0
= hostapd
.add_ap(apdev
[0], params
)
486 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
487 params
["ieee80211w"] = "0"
488 hapd1
= hostapd
.add_ap(apdev
[1], params
)
490 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, ieee80211w
="2",
491 force_initial_conn_to_first_ap
=True, fail_test
=True,
494 def test_ap_ft_pmf_bip_cmac_128(dev
, apdev
):
495 """WPA2-PSK-FT AP with PMF/BIP-CMAC-128"""
496 run_ap_ft_pmf_bip(dev
, apdev
, "AES-128-CMAC")
498 def test_ap_ft_pmf_bip_gmac_128(dev
, apdev
):
499 """WPA2-PSK-FT AP with PMF/BIP-GMAC-128"""
500 run_ap_ft_pmf_bip(dev
, apdev
, "BIP-GMAC-128")
502 def test_ap_ft_pmf_bip_gmac_256(dev
, apdev
):
503 """WPA2-PSK-FT AP with PMF/BIP-GMAC-256"""
504 run_ap_ft_pmf_bip(dev
, apdev
, "BIP-GMAC-256")
506 def test_ap_ft_pmf_bip_cmac_256(dev
, apdev
):
507 """WPA2-PSK-FT AP with PMF/BIP-CMAC-256"""
508 run_ap_ft_pmf_bip(dev
, apdev
, "BIP-CMAC-256")
510 def run_ap_ft_pmf_bip(dev
, apdev
, cipher
):
511 if cipher
not in dev
[0].get_capability("group_mgmt"):
512 raise HwsimSkip("Cipher %s not supported" % cipher
)
515 passphrase
= "12345678"
517 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
518 params
["ieee80211w"] = "2"
519 params
["group_mgmt_cipher"] = cipher
520 hapd0
= hostapd
.add_ap(apdev
[0], params
)
521 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
522 params
["ieee80211w"] = "2"
523 params
["group_mgmt_cipher"] = cipher
524 hapd1
= hostapd
.add_ap(apdev
[1], params
)
526 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
,
529 def test_ap_ft_ocv(dev
, apdev
):
530 """WPA2-PSK-FT AP with OCV"""
532 passphrase
= "12345678"
534 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
535 params
["ieee80211w"] = "2"
538 hapd0
= hostapd
.add_ap(apdev
[0], params
)
539 except Exception as e
:
540 if "Failed to set hostapd parameter ocv" in str(e
):
541 raise HwsimSkip("OCV not supported")
543 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
544 params
["ieee80211w"] = "2"
546 hapd1
= hostapd
.add_ap(apdev
[1], params
)
548 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, ocv
="1")
550 def test_ap_ft_over_ds(dev
, apdev
):
551 """WPA2-PSK-FT AP over DS"""
553 passphrase
= "12345678"
555 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
556 hapd0
= hostapd
.add_ap(apdev
[0], params
)
557 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
558 hapd1
= hostapd
.add_ap(apdev
[1], params
)
560 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
561 check_mib(dev
[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"),
562 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4")])
564 def cleanup_ap_ft_separate_hostapd():
565 subprocess
.call(["brctl", "delif", "br0ft", "veth0"],
566 stderr
=open('/dev/null', 'w'))
567 subprocess
.call(["brctl", "delif", "br1ft", "veth1"],
568 stderr
=open('/dev/null', 'w'))
569 subprocess
.call(["ip", "link", "del", "veth0"],
570 stderr
=open('/dev/null', 'w'))
571 subprocess
.call(["ip", "link", "del", "veth1"],
572 stderr
=open('/dev/null', 'w'))
573 for ifname
in ['br0ft', 'br1ft', 'br-ft']:
574 subprocess
.call(['ip', 'link', 'set', 'dev', ifname
, 'down'],
575 stderr
=open('/dev/null', 'w'))
576 subprocess
.call(['brctl', 'delbr', ifname
],
577 stderr
=open('/dev/null', 'w'))
579 def test_ap_ft_separate_hostapd(dev
, apdev
, params
):
580 """WPA2-PSK-FT AP and separate hostapd process"""
582 run_ap_ft_separate_hostapd(dev
, apdev
, params
, False)
584 cleanup_ap_ft_separate_hostapd()
586 def test_ap_ft_over_ds_separate_hostapd(dev
, apdev
, params
):
587 """WPA2-PSK-FT AP over DS and separate hostapd process"""
589 run_ap_ft_separate_hostapd(dev
, apdev
, params
, True)
591 cleanup_ap_ft_separate_hostapd()
593 def run_ap_ft_separate_hostapd(dev
, apdev
, params
, over_ds
):
595 passphrase
= "12345678"
596 logdir
= params
['logdir']
597 pidfile
= os
.path
.join(logdir
, 'ap_ft_over_ds_separate_hostapd.pid')
598 logfile
= os
.path
.join(logdir
, 'ap_ft_over_ds_separate_hostapd.hapd')
599 global_ctrl
= '/var/run/hostapd-ft'
603 subprocess
.check_call(['brctl', 'addbr', br_ifname
])
604 subprocess
.check_call(['brctl', 'setfd', br_ifname
, '0'])
605 subprocess
.check_call(['ip', 'link', 'set', 'dev', br_ifname
, 'up'])
607 subprocess
.check_call(["ip", "link", "add", "veth0", "type", "veth",
608 "peer", "name", "veth0br"])
609 subprocess
.check_call(["ip", "link", "add", "veth1", "type", "veth",
610 "peer", "name", "veth1br"])
611 subprocess
.check_call(['ip', 'link', 'set', 'dev', 'veth0br', 'up'])
612 subprocess
.check_call(['ip', 'link', 'set', 'dev', 'veth1br', 'up'])
613 subprocess
.check_call(['brctl', 'addif', br_ifname
, 'veth0br'])
614 subprocess
.check_call(['brctl', 'addif', br_ifname
, 'veth1br'])
616 subprocess
.check_call(['brctl', 'addbr', 'br0ft'])
617 subprocess
.check_call(['brctl', 'setfd', 'br0ft', '0'])
618 subprocess
.check_call(['ip', 'link', 'set', 'dev', 'br0ft', 'up'])
619 subprocess
.check_call(['ip', 'link', 'set', 'dev', 'veth0', 'up'])
620 subprocess
.check_call(['brctl', 'addif', 'br0ft', 'veth0'])
621 subprocess
.check_call(['brctl', 'addbr', 'br1ft'])
622 subprocess
.check_call(['brctl', 'setfd', 'br1ft', '0'])
623 subprocess
.check_call(['ip', 'link', 'set', 'dev', 'br1ft', 'up'])
624 subprocess
.check_call(['ip', 'link', 'set', 'dev', 'veth1', 'up'])
625 subprocess
.check_call(['brctl', 'addif', 'br1ft', 'veth1'])
626 except subprocess
.CalledProcessError
:
627 raise HwsimSkip("Bridge or veth not supported (kernel CONFIG_VETH)")
629 with
HWSimRadio() as (radio
, iface
):
630 prg
= os
.path
.join(logdir
, 'alt-hostapd/hostapd/hostapd')
631 if not os
.path
.exists(prg
):
632 prg
= '../../hostapd/hostapd'
633 cmd
= [prg
, '-B', '-ddKt',
634 '-P', pidfile
, '-f', logfile
, '-g', global_ctrl
]
635 subprocess
.check_call(cmd
)
637 hglobal
= hostapd
.HostapdGlobal(global_ctrl_override
=global_ctrl
)
638 apdev_ft
= {'ifname': iface
}
639 apdev2
= [apdev_ft
, apdev
[1]]
641 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
642 params
["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
643 params
["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
644 params
['bridge'] = 'br0ft'
645 hapd0
= hostapd
.add_ap(apdev2
[0], params
,
646 global_ctrl_override
=global_ctrl
)
647 apdev2
[0]['bssid'] = hapd0
.own_addr()
648 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
649 params
["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
650 params
["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
651 params
['bridge'] = 'br1ft'
652 hapd1
= hostapd
.add_ap(apdev2
[1], params
)
654 run_roams(dev
[0], apdev2
, hapd0
, hapd1
, ssid
, passphrase
,
655 over_ds
=over_ds
, test_connectivity
=False)
659 if os
.path
.exists(pidfile
):
660 with
open(pidfile
, 'r') as f
:
663 os
.kill(pid
, signal
.SIGTERM
)
665 def test_ap_ft_over_ds_ocv(dev
, apdev
):
666 """WPA2-PSK-FT AP over DS"""
668 passphrase
= "12345678"
670 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
671 params
["ieee80211w"] = "2"
674 hapd0
= hostapd
.add_ap(apdev
[0], params
)
675 except Exception as e
:
676 if "Failed to set hostapd parameter ocv" in str(e
):
677 raise HwsimSkip("OCV not supported")
679 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
680 params
["ieee80211w"] = "2"
682 hapd1
= hostapd
.add_ap(apdev
[1], params
)
684 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
687 def test_ap_ft_over_ds_disabled(dev
, apdev
):
688 """WPA2-PSK-FT AP over DS disabled"""
690 passphrase
= "12345678"
692 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
693 params
['ft_over_ds'] = '0'
694 hapd0
= hostapd
.add_ap(apdev
[0], params
)
695 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
696 params
['ft_over_ds'] = '0'
697 hapd1
= hostapd
.add_ap(apdev
[1], params
)
699 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
702 def test_ap_ft_vlan_over_ds(dev
, apdev
):
703 """WPA2-PSK-FT AP over DS with VLAN"""
705 passphrase
= "12345678"
707 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
708 params
['dynamic_vlan'] = "1"
709 params
['accept_mac_file'] = "hostapd.accept"
710 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
711 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
712 params
['dynamic_vlan'] = "1"
713 params
['accept_mac_file'] = "hostapd.accept"
714 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
716 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
718 check_mib(dev
[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"),
719 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4")])
721 def test_ap_ft_over_ds_many(dev
, apdev
):
722 """WPA2-PSK-FT AP over DS multiple times"""
724 passphrase
= "12345678"
726 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
727 hapd0
= hostapd
.add_ap(apdev
[0], params
)
728 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
729 hapd1
= hostapd
.add_ap(apdev
[1], params
)
731 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
734 def test_ap_ft_vlan_over_ds_many(dev
, apdev
):
735 """WPA2-PSK-FT AP over DS with VLAN multiple times"""
737 passphrase
= "12345678"
739 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
740 params
['dynamic_vlan'] = "1"
741 params
['accept_mac_file'] = "hostapd.accept"
742 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
743 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
744 params
['dynamic_vlan'] = "1"
745 params
['accept_mac_file'] = "hostapd.accept"
746 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
748 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
749 roams
=50, conndev
="brvlan1")
752 def test_ap_ft_over_ds_unknown_target(dev
, apdev
):
755 passphrase
= "12345678"
757 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
758 hapd0
= hostapd
.add_ap(apdev
[0], params
)
760 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
762 dev
[0].roam_over_ds("02:11:22:33:44:55", fail_test
=True)
765 def test_ap_ft_over_ds_unexpected(dev
, apdev
):
766 """WPA2-PSK-FT AP over DS and unexpected response"""
768 passphrase
= "12345678"
770 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
771 hapd0
= hostapd
.add_ap(apdev
[0], params
)
772 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
773 hapd1
= hostapd
.add_ap(apdev
[1], params
)
775 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
777 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
788 addr
= dev
[0].own_addr()
789 hapd1ap
.set("ext_mgmt_frame_handling", "1")
790 logger
.info("Foreign STA address")
794 msg
['sa'] = ap1
['bssid']
795 msg
['bssid'] = ap1
['bssid']
796 msg
['payload'] = binascii
.unhexlify("06021122334455660102030405060000")
799 logger
.info("No over-the-DS in progress")
800 msg
['payload'] = binascii
.unhexlify("0602" + addr
.replace(':', '') + "0102030405060000")
803 logger
.info("Non-zero status code")
804 msg
['payload'] = binascii
.unhexlify("0602" + addr
.replace(':', '') + "0102030405060100")
807 hapd1ap
.dump_monitor()
809 dev
[0].scan_for_bss(ap2
['bssid'], freq
="2412")
810 if "OK" not in dev
[0].request("FT_DS " + ap2
['bssid']):
811 raise Exception("FT_DS failed")
813 req
= hapd1ap
.mgmt_rx()
815 logger
.info("Foreign Target AP")
816 msg
['payload'] = binascii
.unhexlify("0602" + addr
.replace(':', '') + "0102030405060000")
819 addrs
= addr
.replace(':', '') + ap2
['bssid'].replace(':', '')
821 logger
.info("No IEs")
822 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "0000")
825 logger
.info("Invalid IEs (trigger parsing failure)")
826 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003700")
829 logger
.info("Too short MDIE")
830 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "000036021122")
833 logger
.info("Mobility domain mismatch")
834 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603112201")
837 logger
.info("No FTIE")
838 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201")
841 logger
.info("FTIE SNonce mismatch")
842 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "1000000000000000000000000000000000000000000000000000000000000001" + "030a6e6173322e77312e6669")
845 logger
.info("No R0KH-ID subelem in FTIE")
846 snonce
= binascii
.hexlify(req
['payload'][111:111+32]).decode()
847 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b20137520000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
)
850 logger
.info("No R0KH-ID subelem mismatch in FTIE")
851 snonce
= binascii
.hexlify(req
['payload'][111:111+32]).decode()
852 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
+ "030a11223344556677889900")
855 logger
.info("No R1KH-ID subelem in FTIE")
856 r0khid
= binascii
.hexlify(req
['payload'][145:145+10]).decode()
857 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
+ "030a" + r0khid
)
860 logger
.info("No RSNE")
861 r0khid
= binascii
.hexlify(req
['payload'][145:145+10]).decode()
862 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b20137660000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
+ "030a" + r0khid
+ "0106000102030405")
865 def test_ap_ft_pmf_over_ds(dev
, apdev
):
866 """WPA2-PSK-FT AP over DS with PMF"""
867 run_ap_ft_pmf_bip_over_ds(dev
, apdev
, None)
869 def test_ap_ft_pmf_bip_cmac_128_over_ds(dev
, apdev
):
870 """WPA2-PSK-FT AP over DS with PMF/BIP-CMAC-128"""
871 run_ap_ft_pmf_bip_over_ds(dev
, apdev
, "AES-128-CMAC")
873 def test_ap_ft_pmf_bip_gmac_128_over_ds(dev
, apdev
):
874 """WPA2-PSK-FT AP over DS with PMF/BIP-GMAC-128"""
875 run_ap_ft_pmf_bip_over_ds(dev
, apdev
, "BIP-GMAC-128")
877 def test_ap_ft_pmf_bip_gmac_256_over_ds(dev
, apdev
):
878 """WPA2-PSK-FT AP over DS with PMF/BIP-GMAC-256"""
879 run_ap_ft_pmf_bip_over_ds(dev
, apdev
, "BIP-GMAC-256")
881 def test_ap_ft_pmf_bip_cmac_256_over_ds(dev
, apdev
):
882 """WPA2-PSK-FT AP over DS with PMF/BIP-CMAC-256"""
883 run_ap_ft_pmf_bip_over_ds(dev
, apdev
, "BIP-CMAC-256")
885 def run_ap_ft_pmf_bip_over_ds(dev
, apdev
, cipher
):
886 if cipher
and cipher
not in dev
[0].get_capability("group_mgmt"):
887 raise HwsimSkip("Cipher %s not supported" % cipher
)
890 passphrase
= "12345678"
892 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
893 params
["ieee80211w"] = "2"
895 params
["group_mgmt_cipher"] = cipher
896 hapd0
= hostapd
.add_ap(apdev
[0], params
)
897 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
898 params
["ieee80211w"] = "2"
900 params
["group_mgmt_cipher"] = cipher
901 hapd1
= hostapd
.add_ap(apdev
[1], params
)
903 Wlantest
.setup(hapd0
)
906 wt
.add_passphrase(passphrase
)
908 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
911 def test_ap_ft_over_ds_pull(dev
, apdev
):
912 """WPA2-PSK-FT AP over DS (pull PMK)"""
914 passphrase
= "12345678"
916 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
917 params
["pmk_r1_push"] = "0"
918 hapd0
= hostapd
.add_ap(apdev
[0], params
)
919 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
920 params
["pmk_r1_push"] = "0"
921 hapd1
= hostapd
.add_ap(apdev
[1], params
)
923 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
925 def test_ap_ft_over_ds_pull_old_key(dev
, apdev
):
926 """WPA2-PSK-FT AP over DS (pull PMK; old key)"""
928 passphrase
= "12345678"
930 params
= ft_params1_old_key(ssid
=ssid
, passphrase
=passphrase
)
931 params
["pmk_r1_push"] = "0"
932 hapd0
= hostapd
.add_ap(apdev
[0], params
)
933 params
= ft_params2_old_key(ssid
=ssid
, passphrase
=passphrase
)
934 params
["pmk_r1_push"] = "0"
935 hapd1
= hostapd
.add_ap(apdev
[1], params
)
937 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
939 def test_ap_ft_over_ds_pull_vlan(dev
, apdev
):
940 """WPA2-PSK-FT AP over DS (pull PMK) with VLAN"""
942 passphrase
= "12345678"
944 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
945 params
["pmk_r1_push"] = "0"
946 params
['dynamic_vlan'] = "1"
947 params
['accept_mac_file'] = "hostapd.accept"
948 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
949 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
950 params
["pmk_r1_push"] = "0"
951 params
['dynamic_vlan'] = "1"
952 params
['accept_mac_file'] = "hostapd.accept"
953 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
955 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
958 def start_ft_sae(dev
, apdev
, wpa_ptk_rekey
=None):
959 if "SAE" not in dev
.get_capability("auth_alg"):
960 raise HwsimSkip("SAE not supported")
962 passphrase
= "12345678"
964 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
965 params
['wpa_key_mgmt'] = "FT-SAE"
967 params
['wpa_ptk_rekey'] = str(wpa_ptk_rekey
)
968 hapd0
= hostapd
.add_ap(apdev
[0], params
)
969 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
970 params
['wpa_key_mgmt'] = "FT-SAE"
972 params
['wpa_ptk_rekey'] = str(wpa_ptk_rekey
)
973 hapd1
= hostapd
.add_ap(apdev
[1], params
)
974 key_mgmt
= hapd1
.get_config()['key_mgmt']
975 if key_mgmt
.split(' ')[0] != "FT-SAE":
976 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
978 dev
.request("SET sae_groups ")
981 def test_ap_ft_sae(dev
, apdev
):
982 """WPA2-PSK-FT-SAE AP"""
983 hapd0
, hapd1
= start_ft_sae(dev
[0], apdev
)
984 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", sae
=True)
986 def test_ap_ft_sae_ptk_rekey0(dev
, apdev
):
987 """WPA2-PSK-FT-SAE AP and PTK rekey triggered by station"""
988 hapd0
, hapd1
= start_ft_sae(dev
[0], apdev
)
989 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", sae
=True,
990 ptk_rekey
="1", roams
=0)
991 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
993 def test_ap_ft_sae_ptk_rekey1(dev
, apdev
):
994 """WPA2-PSK-FT-SAE AP and PTK rekey triggered by station"""
995 hapd0
, hapd1
= start_ft_sae(dev
[0], apdev
)
996 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", sae
=True,
997 ptk_rekey
="1", only_one_way
=True)
998 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
1000 def test_ap_ft_sae_ptk_rekey_ap(dev
, apdev
):
1001 """WPA2-PSK-FT-SAE AP and PTK rekey triggered by AP"""
1002 hapd0
, hapd1
= start_ft_sae(dev
[0], apdev
, wpa_ptk_rekey
=2)
1003 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", sae
=True,
1005 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
1007 def test_ap_ft_sae_over_ds(dev
, apdev
):
1008 """WPA2-PSK-FT-SAE AP over DS"""
1009 hapd0
, hapd1
= start_ft_sae(dev
[0], apdev
)
1010 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", sae
=True,
1013 def test_ap_ft_sae_over_ds_ptk_rekey0(dev
, apdev
):
1014 """WPA2-PSK-FT-SAE AP over DS and PTK rekey triggered by station"""
1015 hapd0
, hapd1
= start_ft_sae(dev
[0], apdev
)
1016 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", sae
=True,
1017 over_ds
=True, ptk_rekey
="1", roams
=0)
1018 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
1020 def test_ap_ft_sae_over_ds_ptk_rekey1(dev
, apdev
):
1021 """WPA2-PSK-FT-SAE AP over DS and PTK rekey triggered by station"""
1022 hapd0
, hapd1
= start_ft_sae(dev
[0], apdev
)
1023 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", sae
=True,
1024 over_ds
=True, ptk_rekey
="1", only_one_way
=True)
1025 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
1027 def test_ap_ft_sae_over_ds_ptk_rekey_ap(dev
, apdev
):
1028 """WPA2-PSK-FT-SAE AP over DS and PTK rekey triggered by AP"""
1029 hapd0
, hapd1
= start_ft_sae(dev
[0], apdev
, wpa_ptk_rekey
=2)
1030 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", sae
=True,
1031 over_ds
=True, only_one_way
=True)
1032 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
1034 def test_ap_ft_sae_pw_id(dev
, apdev
):
1035 """FT-SAE with Password Identifier"""
1036 if "SAE" not in dev
[0].get_capability("auth_alg"):
1037 raise HwsimSkip("SAE not supported")
1040 params
= ft_params1(ssid
=ssid
)
1041 params
["ieee80211w"] = "2"
1042 params
['wpa_key_mgmt'] = "FT-SAE"
1043 params
['sae_password'] = 'secret|id=pwid'
1044 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1045 params
= ft_params2(ssid
=ssid
)
1046 params
["ieee80211w"] = "2"
1047 params
['wpa_key_mgmt'] = "FT-SAE"
1048 params
['sae_password'] = 'secret|id=pwid'
1049 hapd
= hostapd
.add_ap(apdev
[1], params
)
1051 dev
[0].request("SET sae_groups ")
1052 run_roams(dev
[0], apdev
, hapd0
, hapd
, ssid
, passphrase
=None, sae
=True,
1053 sae_password
="secret", sae_password_id
="pwid")
1055 def test_ap_ft_sae_with_both_akms(dev
, apdev
):
1056 """SAE + FT-SAE configuration"""
1057 if "SAE" not in dev
[0].get_capability("auth_alg"):
1058 raise HwsimSkip("SAE not supported")
1060 passphrase
= "12345678"
1062 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1063 params
['wpa_key_mgmt'] = "FT-SAE SAE"
1064 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1065 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1066 params
['wpa_key_mgmt'] = "FT-SAE SAE"
1067 hapd
= hostapd
.add_ap(apdev
[1], params
)
1068 key_mgmt
= hapd
.get_config()['key_mgmt']
1069 if key_mgmt
.split(' ')[0] != "FT-SAE":
1070 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
1072 dev
[0].request("SET sae_groups ")
1073 run_roams(dev
[0], apdev
, hapd0
, hapd
, ssid
, passphrase
, sae
=True,
1076 def test_ap_ft_sae_pmksa_caching(dev
, apdev
):
1077 """WPA2-FT-SAE AP and PMKSA caching for initial mobility domain association"""
1078 if "SAE" not in dev
[0].get_capability("auth_alg"):
1079 raise HwsimSkip("SAE not supported")
1081 passphrase
= "12345678"
1083 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1084 params
['wpa_key_mgmt'] = "FT-SAE"
1085 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1086 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1087 params
['wpa_key_mgmt'] = "FT-SAE"
1088 hapd
= hostapd
.add_ap(apdev
[1], params
)
1089 key_mgmt
= hapd
.get_config()['key_mgmt']
1090 if key_mgmt
.split(' ')[0] != "FT-SAE":
1091 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
1093 dev
[0].request("SET sae_groups ")
1094 run_roams(dev
[0], apdev
, hapd0
, hapd
, ssid
, passphrase
, sae
=True,
1097 def generic_ap_ft_eap(dev
, apdev
, vlan
=False, cui
=False, over_ds
=False,
1098 discovery
=False, roams
=1, wpa_ptk_rekey
=0,
1099 only_one_way
=False):
1101 passphrase
= "12345678"
1103 identity
= "gpsk-vlan1"
1106 identity
= "gpsk-cui"
1109 identity
= "gpsk user"
1112 radius
= hostapd
.radius_params()
1113 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
, discovery
=discovery
)
1114 params
['wpa_key_mgmt'] = "FT-EAP"
1115 params
["ieee8021x"] = "1"
1117 params
["dynamic_vlan"] = "1"
1118 params
= dict(list(radius
.items()) + list(params
.items()))
1119 hapd
= hostapd
.add_ap(apdev
[0], params
)
1120 key_mgmt
= hapd
.get_config()['key_mgmt']
1121 if key_mgmt
.split(' ')[0] != "FT-EAP":
1122 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
1123 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
, discovery
=discovery
)
1124 params
['wpa_key_mgmt'] = "FT-EAP"
1125 params
["ieee8021x"] = "1"
1127 params
["dynamic_vlan"] = "1"
1129 params
["wpa_ptk_rekey"] = str(wpa_ptk_rekey
)
1130 params
= dict(list(radius
.items()) + list(params
.items()))
1131 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1133 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
, eap
=True,
1134 over_ds
=over_ds
, roams
=roams
, eap_identity
=identity
,
1135 conndev
=conndev
, only_one_way
=only_one_way
)
1136 if "[WPA2-FT/EAP-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
1137 raise Exception("Scan results missing RSN element info")
1138 check_mib(dev
[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-3"),
1139 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-3")])
1143 # Verify EAPOL reauthentication after FT protocol
1144 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
1148 ap
.request("EAPOL_REAUTH " + dev
[0].own_addr())
1149 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout
=5)
1151 raise Exception("EAP authentication did not start")
1152 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout
=5)
1154 raise Exception("EAP authentication did not succeed")
1157 hwsim_utils
.test_connectivity_iface(dev
[0], ap
, conndev
)
1159 hwsim_utils
.test_connectivity(dev
[0], ap
)
1161 def test_ap_ft_eap(dev
, apdev
):
1162 """WPA2-EAP-FT AP"""
1163 generic_ap_ft_eap(dev
, apdev
)
1165 def test_ap_ft_eap_cui(dev
, apdev
):
1166 """WPA2-EAP-FT AP with CUI"""
1167 generic_ap_ft_eap(dev
, apdev
, vlan
=False, cui
=True)
1169 def test_ap_ft_eap_vlan(dev
, apdev
):
1170 """WPA2-EAP-FT AP with VLAN"""
1171 generic_ap_ft_eap(dev
, apdev
, vlan
=True)
1173 def test_ap_ft_eap_vlan_multi(dev
, apdev
):
1174 """WPA2-EAP-FT AP with VLAN"""
1175 generic_ap_ft_eap(dev
, apdev
, vlan
=True, roams
=50)
1177 def test_ap_ft_eap_over_ds(dev
, apdev
):
1178 """WPA2-EAP-FT AP using over-the-DS"""
1179 generic_ap_ft_eap(dev
, apdev
, over_ds
=True)
1181 def test_ap_ft_eap_dis(dev
, apdev
):
1182 """WPA2-EAP-FT AP with AP discovery"""
1183 generic_ap_ft_eap(dev
, apdev
, discovery
=True)
1185 def test_ap_ft_eap_dis_over_ds(dev
, apdev
):
1186 """WPA2-EAP-FT AP with AP discovery and over-the-DS"""
1187 generic_ap_ft_eap(dev
, apdev
, over_ds
=True, discovery
=True)
1189 def test_ap_ft_eap_vlan(dev
, apdev
):
1190 """WPA2-EAP-FT AP with VLAN"""
1191 generic_ap_ft_eap(dev
, apdev
, vlan
=True)
1193 def test_ap_ft_eap_vlan_multi(dev
, apdev
):
1194 """WPA2-EAP-FT AP with VLAN"""
1195 generic_ap_ft_eap(dev
, apdev
, vlan
=True, roams
=50)
1197 def test_ap_ft_eap_vlan_over_ds(dev
, apdev
):
1198 """WPA2-EAP-FT AP with VLAN + over_ds"""
1199 generic_ap_ft_eap(dev
, apdev
, vlan
=True, over_ds
=True)
1201 def test_ap_ft_eap_vlan_over_ds_multi(dev
, apdev
):
1202 """WPA2-EAP-FT AP with VLAN + over_ds"""
1203 generic_ap_ft_eap(dev
, apdev
, vlan
=True, over_ds
=True, roams
=50)
1205 def generic_ap_ft_eap_pull(dev
, apdev
, vlan
=False):
1206 """WPA2-EAP-FT AP (pull PMK)"""
1208 passphrase
= "12345678"
1210 identity
= "gpsk-vlan1"
1213 identity
= "gpsk user"
1216 radius
= hostapd
.radius_params()
1217 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1218 params
['wpa_key_mgmt'] = "FT-EAP"
1219 params
["ieee8021x"] = "1"
1220 params
["pmk_r1_push"] = "0"
1222 params
["dynamic_vlan"] = "1"
1223 params
= dict(list(radius
.items()) + list(params
.items()))
1224 hapd
= hostapd
.add_ap(apdev
[0], params
)
1225 key_mgmt
= hapd
.get_config()['key_mgmt']
1226 if key_mgmt
.split(' ')[0] != "FT-EAP":
1227 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
1228 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1229 params
['wpa_key_mgmt'] = "FT-EAP"
1230 params
["ieee8021x"] = "1"
1231 params
["pmk_r1_push"] = "0"
1233 params
["dynamic_vlan"] = "1"
1234 params
= dict(list(radius
.items()) + list(params
.items()))
1235 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1237 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
, eap
=True,
1238 eap_identity
=identity
, conndev
=conndev
)
1240 def test_ap_ft_eap_pull(dev
, apdev
):
1241 """WPA2-EAP-FT AP (pull PMK)"""
1242 generic_ap_ft_eap_pull(dev
, apdev
)
1244 def test_ap_ft_eap_pull_vlan(dev
, apdev
):
1245 generic_ap_ft_eap_pull(dev
, apdev
, vlan
=True)
1247 def test_ap_ft_eap_pull_wildcard(dev
, apdev
):
1248 """WPA2-EAP-FT AP (pull PMK) - wildcard R0KH/R1KH"""
1250 passphrase
= "12345678"
1252 radius
= hostapd
.radius_params()
1253 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
, discovery
=True)
1254 params
['wpa_key_mgmt'] = "WPA-EAP FT-EAP"
1255 params
["ieee8021x"] = "1"
1256 params
["pmk_r1_push"] = "0"
1257 params
["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
1258 params
["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
1259 params
["ft_psk_generate_local"] = "1"
1260 params
["eap_server"] = "0"
1261 params
["rkh_pos_timeout"] = "100"
1262 params
["rkh_neg_timeout"] = "50"
1263 params
["rkh_pull_timeout"] = "1234"
1264 params
["rkh_pull_retries"] = "10"
1265 params
= dict(list(radius
.items()) + list(params
.items()))
1266 hapd
= hostapd
.add_ap(apdev
[0], params
)
1267 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
, discovery
=True)
1268 params
['wpa_key_mgmt'] = "WPA-EAP FT-EAP"
1269 params
["ieee8021x"] = "1"
1270 params
["pmk_r1_push"] = "0"
1271 params
["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
1272 params
["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
1273 params
["ft_psk_generate_local"] = "1"
1274 params
["eap_server"] = "0"
1275 params
= dict(list(radius
.items()) + list(params
.items()))
1276 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1278 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
, eap
=True)
1281 def test_ap_ft_mismatching_rrb_key_push(dev
, apdev
):
1282 """WPA2-PSK-FT AP over DS with mismatching RRB key (push)"""
1284 passphrase
= "12345678"
1286 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1287 params
["ieee80211w"] = "2"
1288 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1289 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
1290 params
["ieee80211w"] = "2"
1291 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1293 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1297 def test_ap_ft_mismatching_rrb_key_pull(dev
, apdev
):
1298 """WPA2-PSK-FT AP over DS with mismatching RRB key (pull)"""
1300 passphrase
= "12345678"
1302 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1303 params
["pmk_r1_push"] = "0"
1304 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1305 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
1306 params
["pmk_r1_push"] = "0"
1307 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1309 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1313 def test_ap_ft_mismatching_r0kh_id_pull(dev
, apdev
):
1314 """WPA2-PSK-FT AP over DS with mismatching R0KH-ID (pull)"""
1316 passphrase
= "12345678"
1318 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1319 params
["pmk_r1_push"] = "0"
1320 params
["nas_identifier"] = "nas0.w1.fi"
1321 hostapd
.add_ap(apdev
[0], params
)
1322 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1325 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1326 params
["pmk_r1_push"] = "0"
1327 hostapd
.add_ap(apdev
[1], params
)
1329 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
1330 dev
[0].roam_over_ds(apdev
[1]['bssid'], fail_test
=True)
1333 def test_ap_ft_mismatching_rrb_r0kh_push(dev
, apdev
):
1334 """WPA2-PSK-FT AP over DS with mismatching R0KH key (push)"""
1336 passphrase
= "12345678"
1338 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1339 params
["ieee80211w"] = "2"
1340 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1341 params
= ft_params2_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
1342 params
["ieee80211w"] = "2"
1343 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1345 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1349 def test_ap_ft_mismatching_rrb_r0kh_pull(dev
, apdev
):
1350 """WPA2-PSK-FT AP over DS with mismatching R0KH key (pull)"""
1352 passphrase
= "12345678"
1354 params
= ft_params1_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
1355 params
["pmk_r1_push"] = "0"
1356 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1357 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1358 params
["pmk_r1_push"] = "0"
1359 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1361 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1364 def test_ap_ft_mismatching_rrb_key_push_eap(dev
, apdev
):
1365 """WPA2-EAP-FT AP over DS with mismatching RRB key (push)"""
1367 passphrase
= "12345678"
1369 radius
= hostapd
.radius_params()
1370 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1371 params
["ieee80211w"] = "2"
1372 params
['wpa_key_mgmt'] = "FT-EAP"
1373 params
["ieee8021x"] = "1"
1374 params
= dict(list(radius
.items()) + list(params
.items()))
1375 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1376 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
1377 params
["ieee80211w"] = "2"
1378 params
['wpa_key_mgmt'] = "FT-EAP"
1379 params
["ieee8021x"] = "1"
1380 params
= dict(list(radius
.items()) + list(params
.items()))
1381 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1383 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1384 fail_test
=True, eap
=True)
1386 def test_ap_ft_mismatching_rrb_key_pull_eap(dev
, apdev
):
1387 """WPA2-EAP-FT AP over DS with mismatching RRB key (pull)"""
1389 passphrase
= "12345678"
1391 radius
= hostapd
.radius_params()
1392 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1393 params
["pmk_r1_push"] = "0"
1394 params
['wpa_key_mgmt'] = "FT-EAP"
1395 params
["ieee8021x"] = "1"
1396 params
= dict(list(radius
.items()) + list(params
.items()))
1397 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1398 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
1399 params
["pmk_r1_push"] = "0"
1400 params
['wpa_key_mgmt'] = "FT-EAP"
1401 params
["ieee8021x"] = "1"
1402 params
= dict(list(radius
.items()) + list(params
.items()))
1403 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1405 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1406 fail_test
=True, eap
=True)
1408 def test_ap_ft_mismatching_r0kh_id_pull_eap(dev
, apdev
):
1409 """WPA2-EAP-FT AP over DS with mismatching R0KH-ID (pull)"""
1411 passphrase
= "12345678"
1413 radius
= hostapd
.radius_params()
1414 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1415 params
["pmk_r1_push"] = "0"
1416 params
["nas_identifier"] = "nas0.w1.fi"
1417 params
['wpa_key_mgmt'] = "FT-EAP"
1418 params
["ieee8021x"] = "1"
1419 params
= dict(list(radius
.items()) + list(params
.items()))
1420 hostapd
.add_ap(apdev
[0], params
)
1421 dev
[0].connect(ssid
, key_mgmt
="FT-EAP", proto
="WPA2", ieee80211w
="1",
1422 eap
="GPSK", identity
="gpsk user",
1423 password
="abcdefghijklmnop0123456789abcdef",
1426 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1427 params
["pmk_r1_push"] = "0"
1428 params
['wpa_key_mgmt'] = "FT-EAP"
1429 params
["ieee8021x"] = "1"
1430 params
= dict(list(radius
.items()) + list(params
.items()))
1431 hostapd
.add_ap(apdev
[1], params
)
1433 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
1434 dev
[0].roam_over_ds(apdev
[1]['bssid'], fail_test
=True)
1436 def test_ap_ft_mismatching_rrb_r0kh_push_eap(dev
, apdev
):
1437 """WPA2-EAP-FT AP over DS with mismatching R0KH key (push)"""
1439 passphrase
= "12345678"
1441 radius
= hostapd
.radius_params()
1442 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1443 params
["ieee80211w"] = "2"
1444 params
['wpa_key_mgmt'] = "FT-EAP"
1445 params
["ieee8021x"] = "1"
1446 params
= dict(list(radius
.items()) + list(params
.items()))
1447 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1448 params
= ft_params2_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
1449 params
["ieee80211w"] = "2"
1450 params
['wpa_key_mgmt'] = "FT-EAP"
1451 params
["ieee8021x"] = "1"
1452 params
= dict(list(radius
.items()) + list(params
.items()))
1453 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1455 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1456 fail_test
=True, eap
=True)
1458 def test_ap_ft_mismatching_rrb_r0kh_pull_eap(dev
, apdev
):
1459 """WPA2-EAP-FT AP over DS with mismatching R0KH key (pull)"""
1461 passphrase
= "12345678"
1463 radius
= hostapd
.radius_params()
1464 params
= ft_params1_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
1465 params
["pmk_r1_push"] = "0"
1466 params
['wpa_key_mgmt'] = "FT-EAP"
1467 params
["ieee8021x"] = "1"
1468 params
= dict(list(radius
.items()) + list(params
.items()))
1469 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1470 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1471 params
["pmk_r1_push"] = "0"
1472 params
['wpa_key_mgmt'] = "FT-EAP"
1473 params
["ieee8021x"] = "1"
1474 params
= dict(list(radius
.items()) + list(params
.items()))
1475 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1477 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1478 fail_test
=True, eap
=True)
1480 def test_ap_ft_gtk_rekey(dev
, apdev
):
1481 """WPA2-PSK-FT AP and GTK rekey"""
1483 passphrase
= "12345678"
1485 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1486 params
['wpa_group_rekey'] = '1'
1487 hapd
= hostapd
.add_ap(apdev
[0], params
)
1489 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1490 ieee80211w
="1", scan_freq
="2412")
1492 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
1494 raise Exception("GTK rekey timed out after initial association")
1495 hwsim_utils
.test_connectivity(dev
[0], hapd
)
1497 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1498 params
['wpa_group_rekey'] = '1'
1499 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1501 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
1502 dev
[0].roam(apdev
[1]['bssid'])
1503 if dev
[0].get_status_field('bssid') != apdev
[1]['bssid']:
1504 raise Exception("Did not connect to correct AP")
1505 hwsim_utils
.test_connectivity(dev
[0], hapd1
)
1507 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
1509 raise Exception("GTK rekey timed out after FT protocol")
1510 hwsim_utils
.test_connectivity(dev
[0], hapd1
)
1512 def test_ft_psk_key_lifetime_in_memory(dev
, apdev
, params
):
1513 """WPA2-PSK-FT and key lifetime in memory"""
1515 passphrase
= "04c2726b4b8d5f1b4db9c07aa4d9e9d8f765cb5d25ec817e6cc4fcdd5255db0"
1516 psk
= '93c90846ff67af9037ed83fb72b63dbeddaa81d47f926c20909b5886f1d9358d'
1517 pmk
= binascii
.unhexlify(psk
)
1518 p
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1519 hapd0
= hostapd
.add_ap(apdev
[0], p
)
1520 p
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1521 hapd1
= hostapd
.add_ap(apdev
[1], p
)
1523 pid
= find_wpas_process(dev
[0])
1525 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1527 # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
1528 # event has been delivered, so verify that wpa_supplicant has returned to
1529 # eloop before reading process memory.
1533 buf
= read_process_memory(pid
, pmk
)
1535 dev
[0].request("DISCONNECT")
1536 dev
[0].wait_disconnected()
1543 with
open(os
.path
.join(params
['logdir'], 'log0'), 'r') as f
:
1544 for l
in f
.readlines():
1545 if "FT: PMK-R0 - hexdump" in l
:
1546 val
= l
.strip().split(':')[3].replace(' ', '')
1547 pmkr0
= binascii
.unhexlify(val
)
1548 if "FT: PMK-R1 - hexdump" in l
:
1549 val
= l
.strip().split(':')[3].replace(' ', '')
1550 pmkr1
= binascii
.unhexlify(val
)
1551 if "FT: KCK - hexdump" in l
:
1552 val
= l
.strip().split(':')[3].replace(' ', '')
1553 kck
= binascii
.unhexlify(val
)
1554 if "FT: KEK - hexdump" in l
:
1555 val
= l
.strip().split(':')[3].replace(' ', '')
1556 kek
= binascii
.unhexlify(val
)
1557 if "FT: TK - hexdump" in l
:
1558 val
= l
.strip().split(':')[3].replace(' ', '')
1559 tk
= binascii
.unhexlify(val
)
1560 if "WPA: Group Key - hexdump" in l
:
1561 val
= l
.strip().split(':')[3].replace(' ', '')
1562 gtk
= binascii
.unhexlify(val
)
1563 if not pmkr0
or not pmkr1
or not kck
or not kek
or not tk
or not gtk
:
1564 raise Exception("Could not find keys from debug log")
1566 raise Exception("Unexpected GTK length")
1568 logger
.info("Checking keys in memory while associated")
1569 get_key_locations(buf
, pmk
, "PMK")
1570 get_key_locations(buf
, pmkr0
, "PMK-R0")
1571 get_key_locations(buf
, pmkr1
, "PMK-R1")
1573 raise HwsimSkip("PMK not found while associated")
1574 if pmkr0
not in buf
:
1575 raise HwsimSkip("PMK-R0 not found while associated")
1576 if pmkr1
not in buf
:
1577 raise HwsimSkip("PMK-R1 not found while associated")
1579 raise Exception("KCK not found while associated")
1581 raise Exception("KEK not found while associated")
1583 # raise Exception("TK found from memory")
1585 logger
.info("Checking keys in memory after disassociation")
1586 buf
= read_process_memory(pid
, pmk
)
1587 get_key_locations(buf
, pmk
, "PMK")
1588 get_key_locations(buf
, pmkr0
, "PMK-R0")
1589 get_key_locations(buf
, pmkr1
, "PMK-R1")
1591 # Note: PMK/PSK is still present in network configuration
1593 fname
= os
.path
.join(params
['logdir'],
1594 'ft_psk_key_lifetime_in_memory.memctx-')
1595 verify_not_present(buf
, pmkr0
, fname
, "PMK-R0")
1596 verify_not_present(buf
, pmkr1
, fname
, "PMK-R1")
1597 verify_not_present(buf
, kck
, fname
, "KCK")
1598 verify_not_present(buf
, kek
, fname
, "KEK")
1599 verify_not_present(buf
, tk
, fname
, "TK")
1601 get_key_locations(buf
, gtk
, "GTK")
1602 verify_not_present(buf
, gtk
, fname
, "GTK")
1604 dev
[0].request("REMOVE_NETWORK all")
1606 logger
.info("Checking keys in memory after network profile removal")
1607 buf
= read_process_memory(pid
, pmk
)
1608 get_key_locations(buf
, pmk
, "PMK")
1609 get_key_locations(buf
, pmkr0
, "PMK-R0")
1610 get_key_locations(buf
, pmkr1
, "PMK-R1")
1612 verify_not_present(buf
, pmk
, fname
, "PMK")
1613 verify_not_present(buf
, pmkr0
, fname
, "PMK-R0")
1614 verify_not_present(buf
, pmkr1
, fname
, "PMK-R1")
1615 verify_not_present(buf
, kck
, fname
, "KCK")
1616 verify_not_present(buf
, kek
, fname
, "KEK")
1617 verify_not_present(buf
, tk
, fname
, "TK")
1618 verify_not_present(buf
, gtk
, fname
, "GTK")
1621 def test_ap_ft_invalid_resp(dev
, apdev
):
1622 """WPA2-PSK-FT AP and invalid response IEs"""
1624 passphrase
= "12345678"
1626 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1627 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1628 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1631 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1632 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1635 # Various IEs for test coverage. The last one is FTIE with invalid
1636 # R1KH-ID subelement.
1637 "020002000000" + "3800" + "38051122334455" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010100",
1638 # FTIE with invalid R0KH-ID subelement (len=0).
1639 "020002000000" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010300",
1640 # FTIE with invalid R0KH-ID subelement (len=49).
1641 "020002000000" + "378500010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001033101020304050607080910111213141516171819202122232425262728293031323334353637383940414243444546474849",
1643 "020002000000" + "3000",
1644 # Required IEs missing from protected IE count.
1645 "020002000000" + "3603a1b201" + "375200010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
1646 # RIC missing from protected IE count.
1647 "020002000000" + "3603a1b201" + "375200020203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
1648 # Protected IE missing.
1649 "020002000000" + "3603a1b201" + "375200ff0203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900" + "0000"]
1651 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
1652 hapd1
.set("ext_mgmt_frame_handling", "1")
1653 hapd1
.dump_monitor()
1654 if "OK" not in dev
[0].request("ROAM " + apdev
[1]['bssid']):
1655 raise Exception("ROAM failed")
1658 msg
= hapd1
.mgmt_rx()
1659 if msg
['subtype'] == 11:
1663 raise Exception("Authentication frame not seen")
1666 resp
['fc'] = auth
['fc']
1667 resp
['da'] = auth
['sa']
1668 resp
['sa'] = auth
['da']
1669 resp
['bssid'] = auth
['bssid']
1670 resp
['payload'] = binascii
.unhexlify(t
)
1672 hapd1
.set("ext_mgmt_frame_handling", "0")
1673 dev
[0].wait_disconnected()
1675 dev
[0].request("RECONNECT")
1676 dev
[0].wait_connected()
1678 def test_ap_ft_gcmp_256(dev
, apdev
):
1679 """WPA2-PSK-FT AP with GCMP-256 cipher"""
1680 if "GCMP-256" not in dev
[0].get_capability("pairwise"):
1681 raise HwsimSkip("Cipher GCMP-256 not supported")
1683 passphrase
= "12345678"
1685 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1686 params
['rsn_pairwise'] = "GCMP-256"
1687 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1688 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1689 params
['rsn_pairwise'] = "GCMP-256"
1690 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1692 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
,
1693 pairwise_cipher
="GCMP-256", group_cipher
="GCMP-256")
1695 def setup_ap_ft_oom(dev
, apdev
):
1696 skip_with_fips(dev
[0])
1698 passphrase
= "12345678"
1700 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1701 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1702 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1703 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1705 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1707 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
1708 dst
= apdev
[1]['bssid']
1710 dst
= apdev
[0]['bssid']
1712 dev
[0].scan_for_bss(dst
, freq
="2412")
1716 def test_ap_ft_oom(dev
, apdev
):
1717 """WPA2-PSK-FT and OOM"""
1718 dst
= setup_ap_ft_oom(dev
, apdev
)
1719 with
alloc_fail(dev
[0], 1, "wpa_ft_gen_req_ies"):
1722 def test_ap_ft_oom2(dev
, apdev
):
1723 """WPA2-PSK-FT and OOM (2)"""
1724 dst
= setup_ap_ft_oom(dev
, apdev
)
1725 with
fail_test(dev
[0], 1, "wpa_ft_mic"):
1726 dev
[0].roam(dst
, fail_test
=True, assoc_reject_ok
=True)
1728 def test_ap_ft_oom3(dev
, apdev
):
1729 """WPA2-PSK-FT and OOM (3)"""
1730 dst
= setup_ap_ft_oom(dev
, apdev
)
1731 with
fail_test(dev
[0], 1, "os_get_random;wpa_ft_prepare_auth_request"):
1734 def test_ap_ft_oom4(dev
, apdev
):
1735 """WPA2-PSK-FT and OOM (4)"""
1737 passphrase
= "12345678"
1738 dst
= setup_ap_ft_oom(dev
, apdev
)
1739 dev
[0].request("REMOVE_NETWORK all")
1740 with
alloc_fail(dev
[0], 1, "=sme_update_ft_ies"):
1741 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1744 def test_ap_ft_ap_oom(dev
, apdev
):
1745 """WPA2-PSK-FT and AP OOM"""
1747 passphrase
= "12345678"
1749 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1750 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1751 bssid0
= hapd0
.own_addr()
1753 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1754 with
alloc_fail(hapd0
, 1, "wpa_ft_store_pmk_r0"):
1755 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1758 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1759 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1760 bssid1
= hapd1
.own_addr()
1761 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1762 # This roam will fail due to missing PMK-R0 (OOM prevented storing it)
1765 def test_ap_ft_ap_oom2(dev
, apdev
):
1766 """WPA2-PSK-FT and AP OOM 2"""
1768 passphrase
= "12345678"
1770 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1771 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1772 bssid0
= hapd0
.own_addr()
1774 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1775 with
alloc_fail(hapd0
, 1, "wpa_ft_store_pmk_r1"):
1776 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1779 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1780 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1781 bssid1
= hapd1
.own_addr()
1782 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1784 if dev
[0].get_status_field('bssid') != bssid1
:
1785 raise Exception("Did not roam to AP1")
1786 # This roam will fail due to missing PMK-R1 (OOM prevented storing it)
1789 def test_ap_ft_ap_oom3(dev
, apdev
):
1790 """WPA2-PSK-FT and AP OOM 3"""
1792 passphrase
= "12345678"
1794 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1795 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1796 bssid0
= hapd0
.own_addr()
1798 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1799 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1802 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1803 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1804 bssid1
= hapd1
.own_addr()
1805 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1806 with
alloc_fail(hapd1
, 1, "wpa_ft_pull_pmk_r1"):
1807 # This will fail due to not being able to send out PMK-R1 pull request
1810 with
fail_test(hapd1
, 2, "os_get_random;wpa_ft_pull_pmk_r1"):
1811 # This will fail due to not being able to send out PMK-R1 pull request
1814 with
fail_test(hapd1
, 2, "aes_siv_encrypt;wpa_ft_pull_pmk_r1"):
1815 # This will fail due to not being able to send out PMK-R1 pull request
1818 def test_ap_ft_ap_oom3b(dev
, apdev
):
1819 """WPA2-PSK-FT and AP OOM 3b"""
1821 passphrase
= "12345678"
1823 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1824 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1825 bssid0
= hapd0
.own_addr()
1827 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1828 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1831 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1832 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1833 bssid1
= hapd1
.own_addr()
1834 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1835 with
fail_test(hapd1
, 1, "os_get_random;wpa_ft_pull_pmk_r1"):
1836 # This will fail due to not being able to send out PMK-R1 pull request
1839 def test_ap_ft_ap_oom4(dev
, apdev
):
1840 """WPA2-PSK-FT and AP OOM 4"""
1842 passphrase
= "12345678"
1844 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1845 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1846 bssid0
= hapd0
.own_addr()
1848 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1849 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1852 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1853 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1854 bssid1
= hapd1
.own_addr()
1855 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1856 with
alloc_fail(hapd1
, 1, "wpa_ft_gtk_subelem"):
1858 if dev
[0].get_status_field('bssid') != bssid1
:
1859 raise Exception("Did not roam to AP1")
1861 with
fail_test(hapd0
, 1, "wpa_auth_get_seqnum;wpa_ft_gtk_subelem"):
1863 if dev
[0].get_status_field('bssid') != bssid0
:
1864 raise Exception("Did not roam to AP0")
1866 with
fail_test(hapd0
, 1, "aes_wrap;wpa_ft_gtk_subelem"):
1868 if dev
[0].get_status_field('bssid') != bssid1
:
1869 raise Exception("Did not roam to AP1")
1871 def test_ap_ft_ap_oom5(dev
, apdev
):
1872 """WPA2-PSK-FT and AP OOM 5"""
1874 passphrase
= "12345678"
1876 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1877 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1878 bssid0
= hapd0
.own_addr()
1880 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1881 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1884 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1885 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1886 bssid1
= hapd1
.own_addr()
1887 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1888 with
alloc_fail(hapd1
, 1, "=wpa_ft_process_auth_req"):
1889 # This will fail to roam
1892 with
fail_test(hapd1
, 1, "os_get_random;wpa_ft_process_auth_req"):
1893 # This will fail to roam
1896 with
fail_test(hapd1
, 1, "sha256_prf_bits;wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
1897 # This will fail to roam
1900 with
fail_test(hapd1
, 3, "wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
1901 # This will fail to roam
1904 with
fail_test(hapd1
, 1, "wpa_derive_pmk_r1_name;wpa_ft_process_auth_req"):
1905 # This will fail to roam
1908 def test_ap_ft_ap_oom6(dev
, apdev
):
1909 """WPA2-PSK-FT and AP OOM 6"""
1911 passphrase
= "12345678"
1913 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1914 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1915 bssid0
= hapd0
.own_addr()
1917 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1918 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r0;wpa_auth_derive_ptk_ft"):
1919 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1921 dev
[0].request("REMOVE_NETWORK all")
1922 dev
[0].wait_disconnected()
1923 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r1;wpa_auth_derive_ptk_ft"):
1924 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1926 dev
[0].request("REMOVE_NETWORK all")
1927 dev
[0].wait_disconnected()
1928 with
fail_test(hapd0
, 1, "wpa_pmk_r1_to_ptk;wpa_auth_derive_ptk_ft"):
1929 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1932 def test_ap_ft_ap_oom7a(dev
, apdev
):
1933 """WPA2-PSK-FT and AP OOM 7a"""
1935 passphrase
= "12345678"
1937 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1938 params
["ieee80211w"] = "2"
1939 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1940 bssid0
= hapd0
.own_addr()
1942 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1943 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1944 ieee80211w
="2", scan_freq
="2412")
1946 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1947 params
["ieee80211w"] = "2"
1948 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1949 bssid1
= hapd1
.own_addr()
1950 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1951 with
alloc_fail(hapd1
, 1, "wpa_ft_igtk_subelem"):
1952 # This will fail to roam
1955 def test_ap_ft_ap_oom7b(dev
, apdev
):
1956 """WPA2-PSK-FT and AP OOM 7b"""
1958 passphrase
= "12345678"
1960 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1961 params
["ieee80211w"] = "2"
1962 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1963 bssid0
= hapd0
.own_addr()
1965 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1966 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1967 ieee80211w
="2", scan_freq
="2412")
1969 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1970 params
["ieee80211w"] = "2"
1971 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1972 bssid1
= hapd1
.own_addr()
1973 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1974 with
fail_test(hapd1
, 1, "aes_wrap;wpa_ft_igtk_subelem"):
1975 # This will fail to roam
1978 def test_ap_ft_ap_oom7c(dev
, apdev
):
1979 """WPA2-PSK-FT and AP OOM 7c"""
1981 passphrase
= "12345678"
1983 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1984 params
["ieee80211w"] = "2"
1985 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1986 bssid0
= hapd0
.own_addr()
1988 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1989 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1990 ieee80211w
="2", scan_freq
="2412")
1992 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1993 params
["ieee80211w"] = "2"
1994 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1995 bssid1
= hapd1
.own_addr()
1996 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1997 with
alloc_fail(hapd1
, 1, "=wpa_sm_write_assoc_resp_ies"):
1998 # This will fail to roam
2001 def test_ap_ft_ap_oom7d(dev
, apdev
):
2002 """WPA2-PSK-FT and AP OOM 7d"""
2004 passphrase
= "12345678"
2006 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2007 params
["ieee80211w"] = "2"
2008 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2009 bssid0
= hapd0
.own_addr()
2011 dev
[0].scan_for_bss(bssid0
, freq
="2412")
2012 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2013 ieee80211w
="2", scan_freq
="2412")
2015 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2016 params
["ieee80211w"] = "2"
2017 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2018 bssid1
= hapd1
.own_addr()
2019 dev
[0].scan_for_bss(bssid1
, freq
="2412")
2020 with
fail_test(hapd1
, 1, "wpa_ft_mic;wpa_sm_write_assoc_resp_ies"):
2021 # This will fail to roam
2024 def test_ap_ft_ap_oom8(dev
, apdev
):
2025 """WPA2-PSK-FT and AP OOM 8"""
2027 passphrase
= "12345678"
2029 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2030 params
['ft_psk_generate_local'] = "1"
2031 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2032 bssid0
= hapd0
.own_addr()
2034 dev
[0].scan_for_bss(bssid0
, freq
="2412")
2035 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2038 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2039 params
['ft_psk_generate_local'] = "1"
2040 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2041 bssid1
= hapd1
.own_addr()
2042 dev
[0].scan_for_bss(bssid1
, freq
="2412")
2043 with
fail_test(hapd1
, 1, "wpa_derive_pmk_r0;wpa_ft_psk_pmk_r1"):
2044 # This will fail to roam
2046 with
fail_test(hapd1
, 1, "wpa_derive_pmk_r1;wpa_ft_psk_pmk_r1"):
2047 # This will fail to roam
2050 def test_ap_ft_ap_oom9(dev
, apdev
):
2051 """WPA2-PSK-FT and AP OOM 9"""
2053 passphrase
= "12345678"
2055 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2056 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2057 bssid0
= hapd0
.own_addr()
2059 dev
[0].scan_for_bss(bssid0
, freq
="2412")
2060 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2063 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2064 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2065 bssid1
= hapd1
.own_addr()
2066 dev
[0].scan_for_bss(bssid1
, freq
="2412")
2068 with
alloc_fail(hapd0
, 1, "wpa_ft_action_rx"):
2069 # This will fail to roam
2070 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
2071 raise Exception("FT_DS failed")
2072 wait_fail_trigger(hapd0
, "GET_ALLOC_FAIL")
2074 with
alloc_fail(hapd1
, 1, "wpa_ft_rrb_rx_request"):
2075 # This will fail to roam
2076 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
2077 raise Exception("FT_DS failed")
2078 wait_fail_trigger(hapd1
, "GET_ALLOC_FAIL")
2080 with
alloc_fail(hapd1
, 1, "wpa_ft_send_rrb_auth_resp"):
2081 # This will fail to roam
2082 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
2083 raise Exception("FT_DS failed")
2084 wait_fail_trigger(hapd1
, "GET_ALLOC_FAIL")
2086 def test_ap_ft_ap_oom10(dev
, apdev
):
2087 """WPA2-PSK-FT and AP OOM 10"""
2089 passphrase
= "12345678"
2091 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2092 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2093 bssid0
= hapd0
.own_addr()
2095 dev
[0].scan_for_bss(bssid0
, freq
="2412")
2096 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2099 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2100 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2101 bssid1
= hapd1
.own_addr()
2102 dev
[0].scan_for_bss(bssid1
, freq
="2412")
2104 with
fail_test(hapd0
, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_pull"):
2105 # This will fail to roam
2106 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
2107 raise Exception("FT_DS failed")
2108 wait_fail_trigger(hapd0
, "GET_FAIL")
2110 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r1;wpa_ft_rrb_rx_pull"):
2111 # This will fail to roam
2112 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
2113 raise Exception("FT_DS failed")
2114 wait_fail_trigger(hapd0
, "GET_FAIL")
2116 with
fail_test(hapd0
, 1, "aes_siv_encrypt;wpa_ft_rrb_rx_pull"):
2117 # This will fail to roam
2118 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
2119 raise Exception("FT_DS failed")
2120 wait_fail_trigger(hapd0
, "GET_FAIL")
2122 with
fail_test(hapd1
, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_resp"):
2123 # This will fail to roam
2124 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
2125 raise Exception("FT_DS failed")
2126 wait_fail_trigger(hapd1
, "GET_FAIL")
2128 def test_ap_ft_ap_oom11(dev
, apdev
):
2129 """WPA2-PSK-FT and AP OOM 11"""
2131 passphrase
= "12345678"
2133 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2134 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2135 bssid0
= hapd0
.own_addr()
2137 dev
[0].scan_for_bss(bssid0
, freq
="2412")
2138 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r1;wpa_ft_generate_pmk_r1"):
2139 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2141 wait_fail_trigger(hapd0
, "GET_FAIL")
2143 dev
[1].scan_for_bss(bssid0
, freq
="2412")
2144 with
fail_test(hapd0
, 1, "aes_siv_encrypt;wpa_ft_generate_pmk_r1"):
2145 dev
[1].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2147 wait_fail_trigger(hapd0
, "GET_FAIL")
2149 def test_ap_ft_over_ds_proto_ap(dev
, apdev
):
2150 """WPA2-PSK-FT AP over DS protocol testing for AP processing"""
2152 passphrase
= "12345678"
2154 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2155 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2156 bssid0
= hapd0
.own_addr()
2157 _bssid0
= bssid0
.replace(':', '')
2158 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2160 addr
= dev
[0].own_addr()
2161 _addr
= addr
.replace(':', '')
2163 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2164 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2165 bssid1
= hapd1
.own_addr()
2166 _bssid1
= bssid1
.replace(':', '')
2168 hapd0
.set("ext_mgmt_frame_handling", "1")
2169 hdr
= "d0003a01" + _bssid0
+ _addr
+ _bssid0
+ "1000"
2170 valid
= "0601" + _addr
+ _bssid1
2173 "0601" + _addr
+ _bssid0
,
2174 "0601" + _addr
+ "ffffffffffff",
2175 "0601" + _bssid0
+ _bssid0
,
2180 valid
+ "3603ffffff",
2181 valid
+ "3603a1b2ff",
2182 valid
+ "3603a1b2ff" + "3700",
2183 valid
+ "3603a1b2ff" + "37520000" + 16*"00" + 32*"00" + 32*"00",
2184 valid
+ "3603a1b2ff" + "37520001" + 16*"00" + 32*"00" + 32*"00",
2185 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa",
2186 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "3000",
2187 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000facff00000100a225368fe0983b5828a37a0acb37f253",
2188 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac030100000fac0400000100a225368fe0983b5828a37a0acb37f253",
2189 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000fac0400000100a225368fe0983b5828a37a0acb37f253",
2192 hapd0
.dump_monitor()
2193 if "OK" not in hapd0
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr
+ t
):
2194 raise Exception("MGMT_RX_PROCESS failed")
2196 hapd0
.set("ext_mgmt_frame_handling", "0")
2198 def test_ap_ft_over_ds_proto(dev
, apdev
):
2199 """WPA2-PSK-FT AP over DS protocol testing"""
2201 passphrase
= "12345678"
2203 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2204 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2205 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2208 # FT Action Response while no FT-over-DS in progress
2211 msg
['da'] = dev
[0].own_addr()
2212 msg
['sa'] = apdev
[0]['bssid']
2213 msg
['bssid'] = apdev
[0]['bssid']
2214 msg
['payload'] = binascii
.unhexlify("06020200000000000200000004000000")
2217 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2218 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2219 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
2220 hapd0
.set("ext_mgmt_frame_handling", "1")
2221 hapd0
.dump_monitor()
2222 dev
[0].request("FT_DS " + apdev
[1]['bssid'])
2223 for i
in range(0, 10):
2224 req
= hapd0
.mgmt_rx()
2226 raise Exception("MGMT RX wait timed out")
2227 if req
['subtype'] == 13:
2231 raise Exception("FT Action frame not received")
2233 # FT Action Response for unexpected Target AP
2234 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "f20000000400" + "0000")
2237 # FT Action Response without MDIE
2238 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "020000000400" + "0000")
2241 # FT Action Response without FTIE
2242 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201")
2245 # FT Action Response with FTIE SNonce mismatch
2246 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201" + "3766000000000000000000000000000000000000c4e67ac1999bebd00ff4ae4d5dcaf87896bb060b469f7c78d49623fb395c3455ffffff6b693fe6f8d8c5dfac0a22344750775bd09437f98b238c9f87b97f790c0106000102030406030a6e6173312e77312e6669")
2250 def test_ap_ft_rrb(dev
, apdev
):
2251 """WPA2-PSK-FT RRB protocol testing"""
2253 passphrase
= "12345678"
2255 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2256 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2258 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2261 _dst_ll
= binascii
.unhexlify(apdev
[0]['bssid'].replace(':', ''))
2262 _src_ll
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
2264 ehdr
= _dst_ll
+ _src_ll
+ proto
2266 # Too short RRB frame
2267 pkt
= ehdr
+ b
'\x01'
2268 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2269 raise Exception("DATA_TEST_FRAME failed")
2271 # RRB discarded frame wikth unrecognized type
2272 pkt
= ehdr
+ b
'\x02' + b
'\x02' + b
'\x01\x00' + _src_ll
2273 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2274 raise Exception("DATA_TEST_FRAME failed")
2276 # RRB frame too short for action frame
2277 pkt
= ehdr
+ b
'\x01' + b
'\x02' + b
'\x01\x00' + _src_ll
2278 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2279 raise Exception("DATA_TEST_FRAME failed")
2281 # Too short RRB frame (not enough room for Action Frame body)
2282 pkt
= ehdr
+ b
'\x01' + b
'\x02' + b
'\x00\x00' + _src_ll
2283 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2284 raise Exception("DATA_TEST_FRAME failed")
2286 # Unexpected Action frame category
2287 pkt
= ehdr
+ b
'\x01' + b
'\x02' + b
'\x0e\x00' + _src_ll
+ b
'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2288 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2289 raise Exception("DATA_TEST_FRAME failed")
2291 # Unexpected Action in RRB Request
2292 pkt
= ehdr
+ b
'\x01' + b
'\x00' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2293 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2294 raise Exception("DATA_TEST_FRAME failed")
2296 # Target AP address in RRB Request does not match with own address
2297 pkt
= ehdr
+ b
'\x01' + b
'\x00' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2298 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2299 raise Exception("DATA_TEST_FRAME failed")
2301 # Not enough room for status code in RRB Response
2302 pkt
= ehdr
+ b
'\x01' + b
'\x01' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2303 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2304 raise Exception("DATA_TEST_FRAME failed")
2306 # RRB discarded frame with unknown packet_type
2307 pkt
= ehdr
+ b
'\x01' + b
'\x02' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2308 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2309 raise Exception("DATA_TEST_FRAME failed")
2311 # RRB Response with non-zero status code; no STA match
2312 pkt
= ehdr
+ b
'\x01' + b
'\x01' + b
'\x10\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + b
'\xff\xff'
2313 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2314 raise Exception("DATA_TEST_FRAME failed")
2316 # RRB Response with zero status code and extra data; STA match
2317 pkt
= ehdr
+ b
'\x01' + b
'\x01' + b
'\x11\x00' + _src_ll
+ b
'\x06\x01' + _src_ll
+ b
'\x00\x00\x00\x00\x00\x00' + b
'\x00\x00' + b
'\x00'
2318 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2319 raise Exception("DATA_TEST_FRAME failed")
2321 # Too short PMK-R1 pull
2322 pkt
= ehdr
+ b
'\x01' + b
'\xc8' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2323 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2324 raise Exception("DATA_TEST_FRAME failed")
2326 # Too short PMK-R1 resp
2327 pkt
= ehdr
+ b
'\x01' + b
'\xc9' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2328 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2329 raise Exception("DATA_TEST_FRAME failed")
2331 # Too short PMK-R1 push
2332 pkt
= ehdr
+ b
'\x01' + b
'\xca' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2333 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2334 raise Exception("DATA_TEST_FRAME failed")
2336 # No matching R0KH address found for PMK-R0 pull response
2337 pkt
= ehdr
+ b
'\x01' + b
'\xc9' + b
'\x5a\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + 76 * b
'\00'
2338 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2339 raise Exception("DATA_TEST_FRAME failed")
2342 def test_rsn_ie_proto_ft_psk_sta(dev
, apdev
):
2343 """RSN element protocol testing for FT-PSK + PMF cases on STA side"""
2344 bssid
= apdev
[0]['bssid']
2346 passphrase
= "12345678"
2348 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2349 params
["ieee80211w"] = "1"
2350 # This is the RSN element used normally by hostapd
2351 params
['own_ie_override'] = '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'
2352 hapd
= hostapd
.add_ap(apdev
[0], params
)
2353 id = dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2354 ieee80211w
="1", scan_freq
="2412",
2355 pairwise
="CCMP", group
="CCMP")
2357 tests
= [('PMKIDCount field included',
2358 '30160100000fac040100000fac040100000fac048c000000' + '3603a1b201'),
2359 ('Extra IE before RSNE',
2360 'dd0400000000' + '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'),
2361 ('PMKIDCount and Group Management Cipher suite fields included',
2362 '301a0100000fac040100000fac040100000fac048c000000000fac06' + '3603a1b201'),
2363 ('Extra octet after defined fields (future extensibility)',
2364 '301b0100000fac040100000fac040100000fac048c000000000fac0600' + '3603a1b201'),
2365 ('No RSN Capabilities field (PMF disabled in practice)',
2366 '30120100000fac040100000fac040100000fac04' + '3603a1b201')]
2367 for txt
, ie
in tests
:
2368 dev
[0].request("DISCONNECT")
2369 dev
[0].wait_disconnected()
2372 hapd
.set('own_ie_override', ie
)
2374 dev
[0].request("BSS_FLUSH 0")
2375 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
2376 dev
[0].select_network(id, freq
=2412)
2377 dev
[0].wait_connected()
2379 dev
[0].request("DISCONNECT")
2380 dev
[0].wait_disconnected()
2382 logger
.info('Invalid RSNE causing internal hostapd error')
2384 hapd
.set('own_ie_override', '30130100000fac040100000fac040100000fac048c' + '3603a1b201')
2386 dev
[0].request("BSS_FLUSH 0")
2387 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
2388 dev
[0].select_network(id, freq
=2412)
2389 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
2391 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=1)
2393 raise Exception("Unexpected connection")
2394 dev
[0].request("DISCONNECT")
2396 logger
.info('Unexpected PMKID causing internal hostapd error')
2398 hapd
.set('own_ie_override', '30260100000fac040100000fac040100000fac048c000100ffffffffffffffffffffffffffffffff' + '3603a1b201')
2400 dev
[0].request("BSS_FLUSH 0")
2401 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
2402 dev
[0].select_network(id, freq
=2412)
2403 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
2405 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=1)
2407 raise Exception("Unexpected connection")
2408 dev
[0].request("DISCONNECT")
2410 def start_ft(apdev
, wpa_ptk_rekey
=None):
2412 passphrase
= "12345678"
2414 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2416 params
['wpa_ptk_rekey'] = str(wpa_ptk_rekey
)
2417 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2418 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2420 params
['wpa_ptk_rekey'] = str(wpa_ptk_rekey
)
2421 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2425 def check_ptk_rekey(dev
, hapd0
=None, hapd1
=None):
2426 ev
= dev
.wait_event(["CTRL-EVENT-DISCONNECTED",
2427 "WPA: Key negotiation completed"], timeout
=5)
2429 raise Exception("No event received after roam")
2430 if "CTRL-EVENT-DISCONNECTED" in ev
:
2431 raise Exception("Unexpected disconnection after roam")
2433 if not hapd0
or not hapd1
:
2435 if dev
.get_status_field('bssid') == hapd0
.own_addr():
2440 hwsim_utils
.test_connectivity(dev
, hapd
)
2442 def test_ap_ft_ptk_rekey(dev
, apdev
):
2443 """WPA2-PSK-FT PTK rekeying triggered by station after roam"""
2444 hapd0
, hapd1
= start_ft(apdev
)
2445 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", ptk_rekey
="1")
2446 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
2448 def test_ap_ft_ptk_rekey2(dev
, apdev
):
2449 """WPA2-PSK-FT PTK rekeying triggered by station after one roam"""
2450 hapd0
, hapd1
= start_ft(apdev
)
2451 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", ptk_rekey
="1",
2453 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
2455 def test_ap_ft_ptk_rekey_ap(dev
, apdev
):
2456 """WPA2-PSK-FT PTK rekeying triggered by AP after roam"""
2457 hapd0
, hapd1
= start_ft(apdev
, wpa_ptk_rekey
=2)
2458 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678")
2459 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
2461 def test_ap_ft_ptk_rekey_ap2(dev
, apdev
):
2462 """WPA2-PSK-FT PTK rekeying triggered by AP after one roam"""
2463 hapd0
, hapd1
= start_ft(apdev
, wpa_ptk_rekey
=2)
2464 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678",
2466 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
2468 def test_ap_ft_eap_ptk_rekey_ap(dev
, apdev
):
2469 """WPA2-EAP-FT PTK rekeying triggered by AP"""
2470 generic_ap_ft_eap(dev
, apdev
, only_one_way
=True, wpa_ptk_rekey
=2)
2471 check_ptk_rekey(dev
[0])
2473 def test_ap_ft_internal_rrb_check(dev
, apdev
):
2474 """RRB internal delivery only to WPA enabled BSS"""
2476 passphrase
= "12345678"
2478 radius
= hostapd
.radius_params()
2479 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2480 params
['wpa_key_mgmt'] = "FT-EAP"
2481 params
["ieee8021x"] = "1"
2482 params
= dict(list(radius
.items()) + list(params
.items()))
2483 hapd
= hostapd
.add_ap(apdev
[0], params
)
2484 key_mgmt
= hapd
.get_config()['key_mgmt']
2485 if key_mgmt
.split(' ')[0] != "FT-EAP":
2486 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
2488 hapd1
= hostapd
.add_ap(apdev
[1], {"ssid": ssid
})
2490 # Connect to WPA enabled AP
2491 dev
[0].connect(ssid
, key_mgmt
="FT-EAP", proto
="WPA2", ieee80211w
="1",
2492 eap
="GPSK", identity
="gpsk user",
2493 password
="abcdefghijklmnop0123456789abcdef",
2496 # Try over_ds roaming to non-WPA-enabled AP.
2497 # If hostapd does not check hapd->wpa_auth internally, it will crash now.
2498 dev
[0].roam_over_ds(apdev
[1]['bssid'], fail_test
=True)
2500 def test_ap_ft_extra_ie(dev
, apdev
):
2501 """WPA2-PSK-FT AP with WPA2-PSK enabled and unexpected MDE"""
2503 passphrase
= "12345678"
2505 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2506 params
["wpa_key_mgmt"] = "WPA-PSK FT-PSK"
2507 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2508 dev
[1].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2510 dev
[2].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK", proto
="WPA2",
2513 # Add Mobility Domain element to test AP validation code.
2514 dev
[0].request("VENDOR_ELEM_ADD 13 3603a1b201")
2515 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK", proto
="WPA2",
2516 scan_freq
="2412", wait_connect
=False)
2517 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED",
2518 "CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
2520 raise Exception("No connection result")
2521 if "CTRL-EVENT-CONNECTED" in ev
:
2522 raise Exception("Non-FT association accepted with MDE")
2523 if "status_code=43" not in ev
:
2524 raise Exception("Unexpected status code: " + ev
)
2525 dev
[0].request("DISCONNECT")
2527 dev
[0].request("VENDOR_ELEM_REMOVE 13 *")
2529 def test_ap_ft_ric(dev
, apdev
):
2530 """WPA2-PSK-FT AP and RIC"""
2532 passphrase
= "12345678"
2534 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2535 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2536 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2537 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2539 dev
[0].set("ric_ies", "")
2540 dev
[0].set("ric_ies", '""')
2541 if "FAIL" not in dev
[0].request("SET ric_ies q"):
2542 raise Exception("Invalid ric_ies value accepted")
2547 "390400000000" + "390400000000",
2548 "390400000000" + "dd050050f20202",
2549 "390400000000" + "dd3d0050f2020201" + 55*"00",
2550 "390400000000" + "dd3d0050f2020201aa300010270000000000000000000000000000000000000000000000000000ffffff7f00000000000000000000000040420f00ffff0000",
2551 "390401010000" + "dd3d0050f2020201aa3000dc050000000000000000000000000000000000000000000000000000dc050000000000000000000000000000808d5b0028230000"]
2553 dev
[0].set("ric_ies", t
)
2554 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
,
2555 test_connectivity
=False)
2556 dev
[0].request("REMOVE_NETWORK all")
2557 dev
[0].wait_disconnected()
2558 dev
[0].dump_monitor()
2560 def ie_hex(ies
, id):
2561 return binascii
.hexlify(struct
.pack('BB', id, len(ies
[id])) + ies
[id]).decode()
2563 def test_ap_ft_reassoc_proto(dev
, apdev
):
2564 """WPA2-PSK-FT AP Reassociation Request frame parsing"""
2566 passphrase
= "12345678"
2568 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2569 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2570 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2571 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2573 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2574 ieee80211w
="1", scan_freq
="2412")
2575 if dev
[0].get_status_field('bssid') == hapd0
.own_addr():
2582 dev
[0].scan_for_bss(hapd2ap
.own_addr(), freq
="2412")
2583 hapd2ap
.set("ext_mgmt_frame_handling", "1")
2584 dev
[0].request("ROAM " + hapd2ap
.own_addr())
2587 req
= hapd2ap
.mgmt_rx()
2588 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']).decode())
2589 if req
['subtype'] == 11:
2593 req
= hapd2ap
.mgmt_rx()
2594 if req
['subtype'] == 2:
2596 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']).decode())
2598 # IEEE 802.11 header + fixed fields before IEs
2599 hdr
= binascii
.hexlify(req
['frame'][0:34]).decode()
2600 ies
= parse_ie(binascii
.hexlify(req
['frame'][34:]))
2601 # First elements: SSID, Supported Rates, Extended Supported Rates
2602 ies1
= ie_hex(ies
, 0) + ie_hex(ies
, 1) + ie_hex(ies
, 50)
2604 rsne
= ie_hex(ies
, 48)
2605 mde
= ie_hex(ies
, 54)
2606 fte
= ie_hex(ies
, 55)
2608 # RSN: Trying to use FT, but MDIE not included
2610 # RSN: Attempted to use unknown MDIE
2611 tests
+= [rsne
+ "3603000000"]
2612 # Invalid RSN pairwise cipher
2613 tests
+= ["30260100000fac040100000fac030100000fac040000010029208a42cd25c85aa571567dce10dae3"]
2614 # FT: No PMKID in RSNIE
2615 tests
+= ["30160100000fac040100000fac040100000fac0400000000" + ie_hex(ies
, 54)]
2617 tests
+= [rsne
+ mde
]
2618 # FT: RIC IE(s) in the frame, but not included in protected IE count
2619 # FT: Failed to parse FT IEs
2620 tests
+= [rsne
+ mde
+ fte
+ "3900"]
2621 # FT: SNonce mismatch in FTIE
2622 tests
+= [rsne
+ mde
+ "37520000" + 16*"00" + 32*"00" + 32*"00"]
2623 # FT: ANonce mismatch in FTIE
2624 tests
+= [rsne
+ mde
+ fte
[0:40] + 32*"00" + fte
[104:]]
2625 # FT: No R0KH-ID subelem in FTIE
2626 tests
+= [rsne
+ mde
+ "3752" + fte
[4:168]]
2627 # FT: R0KH-ID in FTIE did not match with the current R0KH-ID
2628 tests
+= [rsne
+ mde
+ "3755" + fte
[4:168] + "0301ff"]
2629 # FT: No R1KH-ID subelem in FTIE
2630 tests
+= [rsne
+ mde
+ "375e" + fte
[4:168] + "030a" + binascii
.hexlify(b
"nas1.w1.fi").decode()]
2631 # FT: Unknown R1KH-ID used in ReassocReq
2632 tests
+= [rsne
+ mde
+ "3766" + fte
[4:168] + "030a" + binascii
.hexlify(b
"nas1.w1.fi").decode() + "0106000000000000"]
2633 # FT: PMKID in Reassoc Req did not match with the PMKR1Name derived from auth request
2634 tests
+= [rsne
[:-32] + 16*"00" + mde
+ fte
]
2635 # Invalid MIC in FTIE
2636 tests
+= [rsne
+ mde
+ fte
[0:8] + 16*"00" + fte
[40:]]
2638 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr
+ ies1
+ t
)
2640 def test_ap_ft_reassoc_local_fail(dev
, apdev
):
2641 """WPA2-PSK-FT AP Reassociation Request frame and local failure"""
2643 passphrase
= "12345678"
2645 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2646 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2647 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2648 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2650 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2651 ieee80211w
="1", scan_freq
="2412")
2652 if dev
[0].get_status_field('bssid') == hapd0
.own_addr():
2659 dev
[0].scan_for_bss(hapd2ap
.own_addr(), freq
="2412")
2660 # FT: Failed to calculate MIC
2661 with
fail_test(hapd2ap
, 1, "wpa_ft_validate_reassoc"):
2662 dev
[0].request("ROAM " + hapd2ap
.own_addr())
2663 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
2664 dev
[0].request("DISCONNECT")
2666 raise Exception("Association reject not seen")
2668 def test_ap_ft_reassoc_replay(dev
, apdev
, params
):
2669 """WPA2-PSK-FT AP and replayed Reassociation Request frame"""
2670 capfile
= os
.path
.join(params
['logdir'], "hwsim0.pcapng")
2672 passphrase
= "12345678"
2674 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2675 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2676 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2677 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2679 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2681 if dev
[0].get_status_field('bssid') == hapd0
.own_addr():
2688 dev
[0].scan_for_bss(hapd2ap
.own_addr(), freq
="2412")
2689 hapd2ap
.set("ext_mgmt_frame_handling", "1")
2690 dev
[0].dump_monitor()
2691 if "OK" not in dev
[0].request("ROAM " + hapd2ap
.own_addr()):
2692 raise Exception("ROAM failed")
2697 req
= hapd2ap
.mgmt_rx()
2699 hapd2ap
.dump_monitor()
2700 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']).decode())
2701 if req
['subtype'] == 2:
2703 ev
= hapd2ap
.wait_event(["MGMT-TX-STATUS"], timeout
=5)
2705 raise Exception("No TX status seen")
2706 cmd
= "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev
.split(' ')[1:4]))
2707 if "OK" not in hapd2ap
.request(cmd
):
2708 raise Exception("MGMT_TX_STATUS_PROCESS failed")
2710 hapd2ap
.set("ext_mgmt_frame_handling", "0")
2711 if reassocreq
is None:
2712 raise Exception("No Reassociation Request frame seen")
2713 dev
[0].wait_connected()
2714 dev
[0].dump_monitor()
2715 hapd2ap
.dump_monitor()
2717 hwsim_utils
.test_connectivity(dev
[0], hapd2ap
)
2719 logger
.info("Replay the last Reassociation Request frame")
2720 hapd2ap
.dump_monitor()
2721 hapd2ap
.set("ext_mgmt_frame_handling", "1")
2722 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']).decode())
2723 ev
= hapd2ap
.wait_event(["MGMT-TX-STATUS"], timeout
=5)
2725 raise Exception("No TX status seen")
2726 cmd
= "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev
.split(' ')[1:4]))
2727 if "OK" not in hapd2ap
.request(cmd
):
2728 raise Exception("MGMT_TX_STATUS_PROCESS failed")
2729 hapd2ap
.set("ext_mgmt_frame_handling", "0")
2732 hwsim_utils
.test_connectivity(dev
[0], hapd2ap
)
2737 ap
= hapd2ap
.own_addr()
2738 sta
= dev
[0].own_addr()
2739 filt
= "wlan.fc.type == 2 && " + \
2740 "wlan.da == " + sta
+ " && " + \
2741 "wlan.sa == " + ap
+ " && " + \
2742 "wlan.fc.protected == 1"
2743 fields
= ["wlan.ccmp.extiv"]
2744 res
= run_tshark(capfile
, filt
, fields
)
2745 vals
= res
.splitlines()
2746 logger
.info("CCMP PN: " + str(vals
))
2748 raise Exception("Could not find all CCMP protected frames from capture")
2749 if len(set(vals
)) < len(vals
):
2750 raise Exception("Duplicate CCMP PN used")
2753 raise Exception("The second hwsim connectivity test failed")
2755 def test_ap_ft_psk_file(dev
, apdev
):
2756 """WPA2-PSK-FT AP with PSK from a file"""
2758 passphrase
= "12345678"
2760 params
= ft_params1a(ssid
=ssid
, passphrase
=passphrase
)
2761 params
['wpa_psk_file'] = 'hostapd.wpa_psk'
2762 hapd
= hostapd
.add_ap(apdev
[0], params
)
2764 dev
[1].connect(ssid
, psk
="very secret",
2765 key_mgmt
="FT-PSK", proto
="WPA2", ieee80211w
="1",
2766 scan_freq
="2412", wait_connect
=False)
2767 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2768 ieee80211w
="1", scan_freq
="2412")
2769 dev
[0].request("REMOVE_NETWORK all")
2770 dev
[0].wait_disconnected()
2771 dev
[0].connect(ssid
, psk
="very secret", key_mgmt
="FT-PSK", proto
="WPA2",
2772 ieee80211w
="1", scan_freq
="2412")
2773 dev
[0].request("REMOVE_NETWORK all")
2774 dev
[0].wait_disconnected()
2775 dev
[0].connect(ssid
, psk
="secret passphrase",
2776 key_mgmt
="FT-PSK", proto
="WPA2", ieee80211w
="1",
2778 dev
[2].connect(ssid
, psk
="another passphrase for all STAs",
2779 key_mgmt
="FT-PSK", proto
="WPA2", ieee80211w
="1",
2781 ev
= dev
[1].wait_event(["WPA: 4-Way Handshake failed"], timeout
=10)
2783 raise Exception("Timed out while waiting for failure report")
2784 dev
[1].request("REMOVE_NETWORK all")
2786 def test_ap_ft_eap_ap_config_change(dev
, apdev
):
2787 """WPA2-EAP-FT AP changing from 802.1X-only to FT-only"""
2789 passphrase
= "12345678"
2790 bssid
= apdev
[0]['bssid']
2792 radius
= hostapd
.radius_params()
2793 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
, discovery
=True)
2794 params
['wpa_key_mgmt'] = "WPA-EAP"
2795 params
["ieee8021x"] = "1"
2796 params
["pmk_r1_push"] = "0"
2797 params
["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
2798 params
["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
2799 params
["eap_server"] = "0"
2800 params
= dict(list(radius
.items()) + list(params
.items()))
2801 hapd
= hostapd
.add_ap(apdev
[0], params
)
2803 dev
[0].connect(ssid
, key_mgmt
="FT-EAP WPA-EAP", proto
="WPA2",
2804 eap
="GPSK", identity
="gpsk user",
2805 password
="abcdefghijklmnop0123456789abcdef",
2807 dev
[0].request("DISCONNECT")
2808 dev
[0].wait_disconnected()
2809 dev
[0].dump_monitor()
2812 hapd
.set('wpa_key_mgmt', "FT-EAP")
2815 dev
[0].request("BSS_FLUSH 0")
2816 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
2818 dev
[0].request("RECONNECT")
2819 dev
[0].wait_connected()
2821 def test_ap_ft_eap_sha384(dev
, apdev
):
2822 """WPA2-EAP-FT with SHA384"""
2824 passphrase
= "12345678"
2826 radius
= hostapd
.radius_params()
2827 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2828 params
["ieee80211w"] = "2"
2829 params
['wpa_key_mgmt'] = "FT-EAP-SHA384"
2830 params
["ieee8021x"] = "1"
2831 params
= dict(list(radius
.items()) + list(params
.items()))
2832 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2833 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2834 params
["ieee80211w"] = "2"
2835 params
['wpa_key_mgmt'] = "FT-EAP-SHA384"
2836 params
["ieee8021x"] = "1"
2837 params
= dict(list(radius
.items()) + list(params
.items()))
2838 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2840 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, eap
=True,
2843 def test_ap_ft_eap_sha384_reassoc(dev
, apdev
):
2844 """WPA2-EAP-FT with SHA384 using REASSOCIATE"""
2845 check_suite_b_192_capa(dev
)
2847 passphrase
= "12345678"
2849 radius
= hostapd
.radius_params()
2850 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2851 params
["ieee80211w"] = "2"
2852 params
['wpa_key_mgmt'] = "WPA-EAP-SUITE-B-192 FT-EAP-SHA384"
2853 params
["ieee8021x"] = "1"
2854 params
= dict(list(radius
.items()) + list(params
.items()))
2855 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2856 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2857 params
["ieee80211w"] = "2"
2858 params
['wpa_key_mgmt'] = "WPA-EAP-SUITE-B-192 FT-EAP-SHA384"
2859 params
["ieee8021x"] = "1"
2860 params
= dict(list(radius
.items()) + list(params
.items()))
2861 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2863 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, eap
=True,
2864 sha384
=True, also_non_ft
=True, roam_with_reassoc
=True)
2866 def test_ap_ft_eap_sha384_over_ds(dev
, apdev
):
2867 """WPA2-EAP-FT with SHA384 over DS"""
2869 passphrase
= "12345678"
2871 radius
= hostapd
.radius_params()
2872 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2873 params
["ieee80211w"] = "2"
2874 params
['wpa_key_mgmt'] = "FT-EAP-SHA384"
2875 params
["ieee8021x"] = "1"
2876 params
= dict(list(radius
.items()) + list(params
.items()))
2877 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2878 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2879 params
["ieee80211w"] = "2"
2880 params
['wpa_key_mgmt'] = "FT-EAP-SHA384"
2881 params
["ieee8021x"] = "1"
2882 params
= dict(list(radius
.items()) + list(params
.items()))
2883 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2885 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
2886 eap
=True, sha384
=True)
2888 def test_ap_ft_roam_rrm(dev
, apdev
):
2889 """WPA2-PSK-FT AP and radio measurement request"""
2891 passphrase
= "12345678"
2893 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2894 params
["rrm_beacon_report"] = "1"
2895 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2896 bssid0
= hapd0
.own_addr()
2898 addr
= dev
[0].own_addr()
2899 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2901 check_beacon_req(hapd0
, addr
, 1)
2903 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2904 params
["rrm_beacon_report"] = "1"
2905 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2906 bssid1
= hapd1
.own_addr()
2908 dev
[0].scan_for_bss(bssid1
, freq
=2412)
2910 check_beacon_req(hapd1
, addr
, 2)
2912 dev
[0].scan_for_bss(bssid0
, freq
=2412)
2914 check_beacon_req(hapd0
, addr
, 3)
2916 def test_ap_ft_pmksa_caching(dev
, apdev
):
2917 """FT-EAP and PMKSA caching for initial mobility domain association"""
2919 identity
= "gpsk user"
2921 radius
= hostapd
.radius_params()
2922 params
= ft_params1(ssid
=ssid
)
2923 params
['wpa_key_mgmt'] = "FT-EAP"
2924 params
["ieee8021x"] = "1"
2925 params
["mobility_domain"] = "c3d4"
2926 params
= dict(list(radius
.items()) + list(params
.items()))
2927 hapd
= hostapd
.add_ap(apdev
[0], params
)
2929 params
= ft_params2(ssid
=ssid
)
2930 params
['wpa_key_mgmt'] = "FT-EAP"
2931 params
["ieee8021x"] = "1"
2932 params
["mobility_domain"] = "c3d4"
2933 params
= dict(list(radius
.items()) + list(params
.items()))
2934 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2936 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, None, eap
=True,
2937 eap_identity
=identity
, pmksa_caching
=True)
2939 def test_ap_ft_pmksa_caching_sha384(dev
, apdev
):
2940 """FT-EAP-SHA384 and PMKSA caching for initial mobility domain association"""
2942 identity
= "gpsk user"
2944 radius
= hostapd
.radius_params()
2945 params
= ft_params1(ssid
=ssid
)
2946 params
['wpa_key_mgmt'] = "FT-EAP-SHA384"
2947 params
["ieee8021x"] = "1"
2948 params
["mobility_domain"] = "c3d4"
2949 params
= dict(list(radius
.items()) + list(params
.items()))
2950 hapd
= hostapd
.add_ap(apdev
[0], params
)
2952 params
= ft_params2(ssid
=ssid
)
2953 params
['wpa_key_mgmt'] = "FT-EAP-SHA384"
2954 params
["ieee8021x"] = "1"
2955 params
["mobility_domain"] = "c3d4"
2956 params
= dict(list(radius
.items()) + list(params
.items()))
2957 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2959 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, None, eap
=True,
2960 eap_identity
=identity
, pmksa_caching
=True, sha384
=True)
2962 def test_ap_ft_r1_key_expiration(dev
, apdev
):
2963 """WPA2-PSK-FT and PMK-R1 expiration"""
2965 passphrase
= "12345678"
2967 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2968 params
['r1_max_key_lifetime'] = "2"
2969 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2970 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2971 params
['r1_max_key_lifetime'] = "2"
2972 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2974 # This succeeds, but results in having to run another PMK-R1 pull before the
2975 # second AP can complete FT protocol.
2976 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, wait_before_roam
=4)
2978 def test_ap_ft_r0_key_expiration(dev
, apdev
):
2979 """WPA2-PSK-FT and PMK-R0 expiration"""
2981 passphrase
= "12345678"
2983 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2984 params
['ft_r0_key_lifetime'] = "2"
2985 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2986 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2987 params
['ft_r0_key_lifetime'] = "2"
2988 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2990 bssid2
= run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
,
2991 return_after_initial
=True)
2993 dev
[0].scan_for_bss(bssid2
, freq
="2412")
2994 if "OK" not in dev
[0].request("ROAM " + bssid2
):
2995 raise Exception("ROAM failed")
2996 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED",
2997 "CTRL-EVENT-AUTH-REJECT",
2998 "CTRL-EVENT-ASSOC-REJECT"], timeout
=5)
2999 dev
[0].request("DISCONNECT")
3000 if ev
is None or "CTRL-EVENT-AUTH-REJECT" not in ev
:
3001 raise Exception("FT protocol failure not reported")
3002 if "status_code=53" not in ev
:
3003 raise Exception("Unexpected status in FT protocol failure: " + ev
)
3005 # Generate a new PMK-R0
3006 dev
[0].dump_monitor()
3007 dev
[0].request("RECONNECT")
3008 dev
[0].wait_connected()