1 # Fast BSS Transition tests
2 # Copyright (c) 2013-2019, Jouni Malinen <j@w1.fi>
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
7 from remotehost
import remote_compatible
12 logger
= logging
.getLogger()
18 from hwsim
import HWSimRadio
20 from tshark
import run_tshark
21 from utils
import HwsimSkip
, alloc_fail
, fail_test
, wait_fail_trigger
, skip_with_fips
, parse_ie
22 from wlantest
import Wlantest
23 from test_ap_psk
import check_mib
, find_wpas_process
, read_process_memory
, verify_not_present
, get_key_locations
24 from test_rrm
import check_beacon_req
25 from test_suite_b
import check_suite_b_192_capa
29 "wpa_key_mgmt": "FT-PSK",
30 "rsn_pairwise": "CCMP"}
35 "wpa_key_mgmt": "WPA-PSK FT-PSK",
36 "wpa_pairwise": "TKIP",
37 "rsn_pairwise": "CCMP"}
40 def ft_params(rsn
=True, ssid
=None, passphrase
=None):
42 params
= ft_base_rsn()
44 params
= ft_base_mixed()
48 params
["wpa_passphrase"] = passphrase
50 params
["mobility_domain"] = "a1b2"
51 params
["r0_key_lifetime"] = "10000"
52 params
["pmk_r1_push"] = "1"
53 params
["reassociation_deadline"] = "1000"
56 def ft_params1a(rsn
=True, ssid
=None, passphrase
=None):
57 params
= ft_params(rsn
, ssid
, passphrase
)
58 params
['nas_identifier'] = "nas1.w1.fi"
59 params
['r1_key_holder'] = "000102030405"
62 def ft_params1(rsn
=True, ssid
=None, passphrase
=None, discovery
=False):
63 params
= ft_params1a(rsn
, ssid
, passphrase
)
65 params
['r0kh'] = "ff:ff:ff:ff:ff:ff * 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
66 params
['r1kh'] = "00:00:00:00:00:00 00:00:00:00:00:00 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
68 params
['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f",
69 "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"]
70 params
['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f"
73 def ft_params1_old_key(rsn
=True, ssid
=None, passphrase
=None):
74 params
= ft_params1a(rsn
, ssid
, passphrase
)
75 params
['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f",
76 "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f"]
77 params
['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f"
80 def ft_params2a(rsn
=True, ssid
=None, passphrase
=None):
81 params
= ft_params(rsn
, ssid
, passphrase
)
82 params
['nas_identifier'] = "nas2.w1.fi"
83 params
['r1_key_holder'] = "000102030406"
86 def ft_params2(rsn
=True, ssid
=None, passphrase
=None, discovery
=False):
87 params
= ft_params2a(rsn
, ssid
, passphrase
)
89 params
['r0kh'] = "ff:ff:ff:ff:ff:ff * 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
90 params
['r1kh'] = "00:00:00:00:00:00 00:00:00:00:00:00 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
92 params
['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f",
93 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f"]
94 params
['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"
97 def ft_params2_old_key(rsn
=True, ssid
=None, passphrase
=None):
98 params
= ft_params2a(rsn
, ssid
, passphrase
)
99 params
['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f",
100 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f"]
101 params
['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f"
104 def ft_params1_r0kh_mismatch(rsn
=True, ssid
=None, passphrase
=None):
105 params
= ft_params(rsn
, ssid
, passphrase
)
106 params
['nas_identifier'] = "nas1.w1.fi"
107 params
['r1_key_holder'] = "000102030405"
108 params
['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f",
109 "12:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"]
110 params
['r1kh'] = "12:00:00:00:04:00 10:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f"
113 def ft_params2_incorrect_rrb_key(rsn
=True, ssid
=None, passphrase
=None):
114 params
= ft_params(rsn
, ssid
, passphrase
)
115 params
['nas_identifier'] = "nas2.w1.fi"
116 params
['r1_key_holder'] = "000102030406"
117 params
['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0ef1200102030405060708090a0b0c0d0ef1",
118 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0ef2000102030405060708090a0b0c0d0ef2"]
119 params
['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0ef3300102030405060708090a0b0c0d0ef3"
122 def ft_params2_r0kh_mismatch(rsn
=True, ssid
=None, passphrase
=None):
123 params
= ft_params(rsn
, ssid
, passphrase
)
124 params
['nas_identifier'] = "nas2.w1.fi"
125 params
['r1_key_holder'] = "000102030406"
126 params
['r0kh'] = ["12:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f",
127 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f"]
128 params
['r1kh'] = "12:00:00:00:03:00 10:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"
131 def run_roams(dev
, apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=False,
132 sae
=False, eap
=False, fail_test
=False, roams
=1,
133 pairwise_cipher
="CCMP", group_cipher
="TKIP CCMP", ptk_rekey
="0",
134 test_connectivity
=True, eap_identity
="gpsk user", conndev
=False,
135 force_initial_conn_to_first_ap
=False, sha384
=False,
136 group_mgmt
=None, ocv
=None, sae_password
=None,
137 sae_password_id
=None, sae_and_psk
=False, pmksa_caching
=False,
138 roam_with_reassoc
=False, also_non_ft
=False, only_one_way
=False):
139 logger
.info("Connect to first AP")
142 copts
["proto"] = "WPA2"
143 copts
["ieee80211w"] = "1"
144 copts
["scan_freq"] = "2412"
145 copts
["pairwise"] = pairwise_cipher
146 copts
["group"] = group_cipher
147 copts
["wpa_ptk_rekey"] = ptk_rekey
149 copts
["group_mgmt"] = group_mgmt
154 copts
["ft_eap_pmksa_caching"] = "1"
156 copts
["key_mgmt"] = "WPA-EAP-SUITE-B-192 FT-EAP-SHA384" if sha384
else "WPA-EAP FT-EAP"
158 copts
["key_mgmt"] = "FT-EAP-SHA384" if sha384
else "FT-EAP"
159 copts
["eap"] = "GPSK"
160 copts
["identity"] = eap_identity
161 copts
["password"] = "abcdefghijklmnop0123456789abcdef"
164 copts
["key_mgmt"] = "SAE FT-SAE" if sae_and_psk
else "FT-SAE"
166 copts
["key_mgmt"] = "FT-PSK"
168 copts
["psk"] = passphrase
170 copts
["sae_password"] = sae_password
172 copts
["sae_password_id"] = sae_password_id
173 if force_initial_conn_to_first_ap
:
174 copts
["bssid"] = apdev
[0]['bssid']
175 netw
= dev
.connect(ssid
, **copts
)
177 dev
.request("DISCONNECT")
178 dev
.wait_disconnected()
179 dev
.request("RECONNECT")
180 ev
= dev
.wait_event(["CTRL-EVENT-CONNECTED",
181 "CTRL-EVENT-DISCONNECTED",
182 "CTRL-EVENT-EAP-STARTED"],
185 raise Exception("Reconnect timed out")
186 if "CTRL-EVENT-DISCONNECTED" in ev
:
187 raise Exception("Unexpected disconnection after RECONNECT")
188 if "CTRL-EVENT-EAP-STARTED" in ev
:
189 raise Exception("Unexpected EAP start after RECONNECT")
191 if dev
.get_status_field('bssid') == apdev
[0]['bssid']:
201 if test_connectivity
:
204 hwsim_utils
.test_connectivity_iface(dev
, hapd1ap
, conndev
)
206 hwsim_utils
.test_connectivity(dev
, hapd1ap
)
208 dev
.scan_for_bss(ap2
['bssid'], freq
="2412")
210 for i
in range(0, roams
):
211 # Roaming artificially fast can make data test fail because the key is
214 logger
.info("Roam to the second AP")
215 if roam_with_reassoc
:
216 dev
.set_network(netw
, "bssid", ap2
['bssid'])
217 dev
.request("REASSOCIATE")
220 dev
.roam_over_ds(ap2
['bssid'], fail_test
=fail_test
)
222 dev
.roam(ap2
['bssid'], fail_test
=fail_test
)
225 if dev
.get_status_field('bssid') != ap2
['bssid']:
226 raise Exception("Did not connect to correct AP")
227 if (i
== 0 or i
== roams
- 1) and test_connectivity
:
230 hwsim_utils
.test_connectivity_iface(dev
, hapd2ap
, conndev
)
232 hwsim_utils
.test_connectivity(dev
, hapd2ap
)
236 # Roaming artificially fast can make data test fail because the key is
239 logger
.info("Roam back to the first AP")
240 if roam_with_reassoc
:
241 dev
.set_network(netw
, "bssid", ap1
['bssid'])
242 dev
.request("REASSOCIATE")
245 dev
.roam_over_ds(ap1
['bssid'])
247 dev
.roam(ap1
['bssid'])
248 if dev
.get_status_field('bssid') != ap1
['bssid']:
249 raise Exception("Did not connect to correct AP")
250 if (i
== 0 or i
== roams
- 1) and test_connectivity
:
253 hwsim_utils
.test_connectivity_iface(dev
, hapd1ap
, conndev
)
255 hwsim_utils
.test_connectivity(dev
, hapd1ap
)
257 def test_ap_ft(dev
, apdev
):
260 passphrase
= "12345678"
262 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
263 hapd0
= hostapd
.add_ap(apdev
[0], params
)
264 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
265 hapd1
= hostapd
.add_ap(apdev
[1], params
)
267 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
268 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
269 raise Exception("Scan results missing RSN element info")
271 def test_ap_ft_old_key(dev
, apdev
):
272 """WPA2-PSK-FT AP (old key)"""
274 passphrase
= "12345678"
276 params
= ft_params1_old_key(ssid
=ssid
, passphrase
=passphrase
)
277 hapd0
= hostapd
.add_ap(apdev
[0], params
)
278 params
= ft_params2_old_key(ssid
=ssid
, passphrase
=passphrase
)
279 hapd1
= hostapd
.add_ap(apdev
[1], params
)
281 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
283 def test_ap_ft_multi_akm(dev
, apdev
):
284 """WPA2-PSK-FT AP with non-FT AKMs enabled"""
286 passphrase
= "12345678"
288 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
289 params
["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256"
290 hapd0
= hostapd
.add_ap(apdev
[0], params
)
291 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
292 params
["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256"
293 hapd1
= hostapd
.add_ap(apdev
[1], params
)
295 Wlantest
.setup(hapd0
)
298 wt
.add_passphrase(passphrase
)
300 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
301 if "[WPA2-PSK+FT/PSK+PSK-SHA256-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
302 raise Exception("Scan results missing RSN element info")
303 dev
[1].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
304 dev
[2].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK-SHA256",
307 def test_ap_ft_local_key_gen(dev
, apdev
):
308 """WPA2-PSK-FT AP with local key generation (without pull/push)"""
310 passphrase
= "12345678"
312 params
= ft_params1a(ssid
=ssid
, passphrase
=passphrase
)
313 params
['ft_psk_generate_local'] = "1"
314 del params
['pmk_r1_push']
315 hapd0
= hostapd
.add_ap(apdev
[0], params
)
316 params
= ft_params2a(ssid
=ssid
, passphrase
=passphrase
)
317 params
['ft_psk_generate_local'] = "1"
318 del params
['pmk_r1_push']
319 hapd1
= hostapd
.add_ap(apdev
[1], params
)
321 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
322 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
323 raise Exception("Scan results missing RSN element info")
325 def test_ap_ft_vlan(dev
, apdev
):
326 """WPA2-PSK-FT AP with VLAN"""
328 passphrase
= "12345678"
330 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
331 params
['dynamic_vlan'] = "1"
332 params
['accept_mac_file'] = "hostapd.accept"
333 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
335 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
336 params
['dynamic_vlan'] = "1"
337 params
['accept_mac_file'] = "hostapd.accept"
338 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
340 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, conndev
="brvlan1")
341 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
342 raise Exception("Scan results missing RSN element info")
344 def test_ap_ft_vlan_disconnected(dev
, apdev
):
345 """WPA2-PSK-FT AP with VLAN and local key generation"""
347 passphrase
= "12345678"
349 params
= ft_params1a(ssid
=ssid
, passphrase
=passphrase
)
350 params
['dynamic_vlan'] = "1"
351 params
['accept_mac_file'] = "hostapd.accept"
352 params
['ft_psk_generate_local'] = "1"
353 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
355 params
= ft_params2a(ssid
=ssid
, passphrase
=passphrase
)
356 params
['dynamic_vlan'] = "1"
357 params
['accept_mac_file'] = "hostapd.accept"
358 params
['ft_psk_generate_local'] = "1"
359 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
361 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, conndev
="brvlan1")
362 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
363 raise Exception("Scan results missing RSN element info")
365 def test_ap_ft_vlan_2(dev
, apdev
):
366 """WPA2-PSK-FT AP with VLAN and dest-AP does not have VLAN info locally"""
368 passphrase
= "12345678"
370 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
371 params
['dynamic_vlan'] = "1"
372 params
['accept_mac_file'] = "hostapd.accept"
373 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
375 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
376 params
['dynamic_vlan'] = "1"
377 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
379 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, conndev
="brvlan1",
380 force_initial_conn_to_first_ap
=True)
381 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
382 raise Exception("Scan results missing RSN element info")
384 def test_ap_ft_many(dev
, apdev
):
385 """WPA2-PSK-FT AP multiple times"""
387 passphrase
= "12345678"
389 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
390 hapd0
= hostapd
.add_ap(apdev
[0], params
)
391 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
392 hapd1
= hostapd
.add_ap(apdev
[1], params
)
394 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, roams
=50)
396 def test_ap_ft_many_vlan(dev
, apdev
):
397 """WPA2-PSK-FT AP with VLAN multiple times"""
399 passphrase
= "12345678"
401 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
402 params
['dynamic_vlan'] = "1"
403 params
['accept_mac_file'] = "hostapd.accept"
404 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
406 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
407 params
['dynamic_vlan'] = "1"
408 params
['accept_mac_file'] = "hostapd.accept"
409 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
411 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, roams
=50,
414 def test_ap_ft_mixed(dev
, apdev
):
415 """WPA2-PSK-FT mixed-mode AP"""
416 ssid
= "test-ft-mixed"
417 passphrase
= "12345678"
419 params
= ft_params1(rsn
=False, ssid
=ssid
, passphrase
=passphrase
)
420 hapd
= hostapd
.add_ap(apdev
[0], params
)
421 key_mgmt
= hapd
.get_config()['key_mgmt']
422 vals
= key_mgmt
.split(' ')
423 if vals
[0] != "WPA-PSK" or vals
[1] != "FT-PSK":
424 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
425 params
= ft_params2(rsn
=False, ssid
=ssid
, passphrase
=passphrase
)
426 hapd1
= hostapd
.add_ap(apdev
[1], params
)
428 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
)
430 def test_ap_ft_pmf(dev
, apdev
):
431 """WPA2-PSK-FT AP with PMF"""
433 passphrase
= "12345678"
435 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
436 params
["ieee80211w"] = "2"
437 hapd0
= hostapd
.add_ap(apdev
[0], params
)
438 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
439 params
["ieee80211w"] = "2"
440 hapd1
= hostapd
.add_ap(apdev
[1], params
)
442 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
444 def test_ap_ft_pmf_bip_cmac_128(dev
, apdev
):
445 """WPA2-PSK-FT AP with PMF/BIP-CMAC-128"""
446 run_ap_ft_pmf_bip(dev
, apdev
, "AES-128-CMAC")
448 def test_ap_ft_pmf_bip_gmac_128(dev
, apdev
):
449 """WPA2-PSK-FT AP with PMF/BIP-GMAC-128"""
450 run_ap_ft_pmf_bip(dev
, apdev
, "BIP-GMAC-128")
452 def test_ap_ft_pmf_bip_gmac_256(dev
, apdev
):
453 """WPA2-PSK-FT AP with PMF/BIP-GMAC-256"""
454 run_ap_ft_pmf_bip(dev
, apdev
, "BIP-GMAC-256")
456 def test_ap_ft_pmf_bip_cmac_256(dev
, apdev
):
457 """WPA2-PSK-FT AP with PMF/BIP-CMAC-256"""
458 run_ap_ft_pmf_bip(dev
, apdev
, "BIP-CMAC-256")
460 def run_ap_ft_pmf_bip(dev
, apdev
, cipher
):
461 if cipher
not in dev
[0].get_capability("group_mgmt"):
462 raise HwsimSkip("Cipher %s not supported" % cipher
)
465 passphrase
= "12345678"
467 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
468 params
["ieee80211w"] = "2"
469 params
["group_mgmt_cipher"] = cipher
470 hapd0
= hostapd
.add_ap(apdev
[0], params
)
471 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
472 params
["ieee80211w"] = "2"
473 params
["group_mgmt_cipher"] = cipher
474 hapd1
= hostapd
.add_ap(apdev
[1], params
)
476 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
,
479 def test_ap_ft_ocv(dev
, apdev
):
480 """WPA2-PSK-FT AP with OCV"""
482 passphrase
= "12345678"
484 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
485 params
["ieee80211w"] = "2"
488 hapd0
= hostapd
.add_ap(apdev
[0], params
)
489 except Exception as e
:
490 if "Failed to set hostapd parameter ocv" in str(e
):
491 raise HwsimSkip("OCV not supported")
493 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
494 params
["ieee80211w"] = "2"
496 hapd1
= hostapd
.add_ap(apdev
[1], params
)
498 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, ocv
="1")
500 def test_ap_ft_over_ds(dev
, apdev
):
501 """WPA2-PSK-FT AP over DS"""
503 passphrase
= "12345678"
505 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
506 hapd0
= hostapd
.add_ap(apdev
[0], params
)
507 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
508 hapd1
= hostapd
.add_ap(apdev
[1], params
)
510 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
511 check_mib(dev
[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"),
512 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4")])
514 def cleanup_ap_ft_separate_hostapd():
515 subprocess
.call(["brctl", "delif", "br0ft", "veth0"],
516 stderr
=open('/dev/null', 'w'))
517 subprocess
.call(["brctl", "delif", "br1ft", "veth1"],
518 stderr
=open('/dev/null', 'w'))
519 subprocess
.call(["ip", "link", "del", "veth0"],
520 stderr
=open('/dev/null', 'w'))
521 subprocess
.call(["ip", "link", "del", "veth1"],
522 stderr
=open('/dev/null', 'w'))
523 for ifname
in ['br0ft', 'br1ft', 'br-ft']:
524 subprocess
.call(['ip', 'link', 'set', 'dev', ifname
, 'down'],
525 stderr
=open('/dev/null', 'w'))
526 subprocess
.call(['brctl', 'delbr', ifname
],
527 stderr
=open('/dev/null', 'w'))
529 def test_ap_ft_separate_hostapd(dev
, apdev
, params
):
530 """WPA2-PSK-FT AP and separate hostapd process"""
532 run_ap_ft_separate_hostapd(dev
, apdev
, params
, False)
534 cleanup_ap_ft_separate_hostapd()
536 def test_ap_ft_over_ds_separate_hostapd(dev
, apdev
, params
):
537 """WPA2-PSK-FT AP over DS and separate hostapd process"""
539 run_ap_ft_separate_hostapd(dev
, apdev
, params
, True)
541 cleanup_ap_ft_separate_hostapd()
543 def run_ap_ft_separate_hostapd(dev
, apdev
, params
, over_ds
):
545 passphrase
= "12345678"
546 logdir
= params
['logdir']
547 pidfile
= os
.path
.join(logdir
, 'ap_ft_over_ds_separate_hostapd.pid')
548 logfile
= os
.path
.join(logdir
, 'ap_ft_over_ds_separate_hostapd.hapd')
549 global_ctrl
= '/var/run/hostapd-ft'
553 subprocess
.check_call(['brctl', 'addbr', br_ifname
])
554 subprocess
.check_call(['brctl', 'setfd', br_ifname
, '0'])
555 subprocess
.check_call(['ip', 'link', 'set', 'dev', br_ifname
, 'up'])
557 subprocess
.check_call(["ip", "link", "add", "veth0", "type", "veth",
558 "peer", "name", "veth0br"])
559 subprocess
.check_call(["ip", "link", "add", "veth1", "type", "veth",
560 "peer", "name", "veth1br"])
561 subprocess
.check_call(['ip', 'link', 'set', 'dev', 'veth0br', 'up'])
562 subprocess
.check_call(['ip', 'link', 'set', 'dev', 'veth1br', 'up'])
563 subprocess
.check_call(['brctl', 'addif', br_ifname
, 'veth0br'])
564 subprocess
.check_call(['brctl', 'addif', br_ifname
, 'veth1br'])
566 subprocess
.check_call(['brctl', 'addbr', 'br0ft'])
567 subprocess
.check_call(['brctl', 'setfd', 'br0ft', '0'])
568 subprocess
.check_call(['ip', 'link', 'set', 'dev', 'br0ft', 'up'])
569 subprocess
.check_call(['ip', 'link', 'set', 'dev', 'veth0', 'up'])
570 subprocess
.check_call(['brctl', 'addif', 'br0ft', 'veth0'])
571 subprocess
.check_call(['brctl', 'addbr', 'br1ft'])
572 subprocess
.check_call(['brctl', 'setfd', 'br1ft', '0'])
573 subprocess
.check_call(['ip', 'link', 'set', 'dev', 'br1ft', 'up'])
574 subprocess
.check_call(['ip', 'link', 'set', 'dev', 'veth1', 'up'])
575 subprocess
.check_call(['brctl', 'addif', 'br1ft', 'veth1'])
576 except subprocess
.CalledProcessError
:
577 raise HwsimSkip("Bridge or veth not supported (kernel CONFIG_VETH)")
579 with
HWSimRadio() as (radio
, iface
):
580 prg
= os
.path
.join(logdir
, 'alt-hostapd/hostapd/hostapd')
581 if not os
.path
.exists(prg
):
582 prg
= '../../hostapd/hostapd'
583 cmd
= [prg
, '-B', '-ddKt',
584 '-P', pidfile
, '-f', logfile
, '-g', global_ctrl
]
585 subprocess
.check_call(cmd
)
587 hglobal
= hostapd
.HostapdGlobal(global_ctrl_override
=global_ctrl
)
588 apdev_ft
= {'ifname': iface
}
589 apdev2
= [apdev_ft
, apdev
[1]]
591 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
592 params
["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
593 params
["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
594 params
['bridge'] = 'br0ft'
595 hapd0
= hostapd
.add_ap(apdev2
[0], params
,
596 global_ctrl_override
=global_ctrl
)
597 apdev2
[0]['bssid'] = hapd0
.own_addr()
598 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
599 params
["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
600 params
["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
601 params
['bridge'] = 'br1ft'
602 hapd1
= hostapd
.add_ap(apdev2
[1], params
)
604 run_roams(dev
[0], apdev2
, hapd0
, hapd1
, ssid
, passphrase
,
605 over_ds
=over_ds
, test_connectivity
=False)
609 if os
.path
.exists(pidfile
):
610 with
open(pidfile
, 'r') as f
:
613 os
.kill(pid
, signal
.SIGTERM
)
615 def test_ap_ft_over_ds_ocv(dev
, apdev
):
616 """WPA2-PSK-FT AP over DS"""
618 passphrase
= "12345678"
620 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
621 params
["ieee80211w"] = "2"
624 hapd0
= hostapd
.add_ap(apdev
[0], params
)
625 except Exception as e
:
626 if "Failed to set hostapd parameter ocv" in str(e
):
627 raise HwsimSkip("OCV not supported")
629 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
630 params
["ieee80211w"] = "2"
632 hapd1
= hostapd
.add_ap(apdev
[1], params
)
634 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
637 def test_ap_ft_over_ds_disabled(dev
, apdev
):
638 """WPA2-PSK-FT AP over DS disabled"""
640 passphrase
= "12345678"
642 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
643 params
['ft_over_ds'] = '0'
644 hapd0
= hostapd
.add_ap(apdev
[0], params
)
645 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
646 params
['ft_over_ds'] = '0'
647 hapd1
= hostapd
.add_ap(apdev
[1], params
)
649 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
652 def test_ap_ft_vlan_over_ds(dev
, apdev
):
653 """WPA2-PSK-FT AP over DS with VLAN"""
655 passphrase
= "12345678"
657 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
658 params
['dynamic_vlan'] = "1"
659 params
['accept_mac_file'] = "hostapd.accept"
660 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
661 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
662 params
['dynamic_vlan'] = "1"
663 params
['accept_mac_file'] = "hostapd.accept"
664 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
666 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
668 check_mib(dev
[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"),
669 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4")])
671 def test_ap_ft_over_ds_many(dev
, apdev
):
672 """WPA2-PSK-FT AP over DS multiple times"""
674 passphrase
= "12345678"
676 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
677 hapd0
= hostapd
.add_ap(apdev
[0], params
)
678 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
679 hapd1
= hostapd
.add_ap(apdev
[1], params
)
681 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
684 def test_ap_ft_vlan_over_ds_many(dev
, apdev
):
685 """WPA2-PSK-FT AP over DS with VLAN multiple times"""
687 passphrase
= "12345678"
689 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
690 params
['dynamic_vlan'] = "1"
691 params
['accept_mac_file'] = "hostapd.accept"
692 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
693 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
694 params
['dynamic_vlan'] = "1"
695 params
['accept_mac_file'] = "hostapd.accept"
696 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
698 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
699 roams
=50, conndev
="brvlan1")
702 def test_ap_ft_over_ds_unknown_target(dev
, apdev
):
705 passphrase
= "12345678"
707 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
708 hapd0
= hostapd
.add_ap(apdev
[0], params
)
710 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
712 dev
[0].roam_over_ds("02:11:22:33:44:55", fail_test
=True)
715 def test_ap_ft_over_ds_unexpected(dev
, apdev
):
716 """WPA2-PSK-FT AP over DS and unexpected response"""
718 passphrase
= "12345678"
720 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
721 hapd0
= hostapd
.add_ap(apdev
[0], params
)
722 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
723 hapd1
= hostapd
.add_ap(apdev
[1], params
)
725 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
727 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
738 addr
= dev
[0].own_addr()
739 hapd1ap
.set("ext_mgmt_frame_handling", "1")
740 logger
.info("Foreign STA address")
744 msg
['sa'] = ap1
['bssid']
745 msg
['bssid'] = ap1
['bssid']
746 msg
['payload'] = binascii
.unhexlify("06021122334455660102030405060000")
749 logger
.info("No over-the-DS in progress")
750 msg
['payload'] = binascii
.unhexlify("0602" + addr
.replace(':', '') + "0102030405060000")
753 logger
.info("Non-zero status code")
754 msg
['payload'] = binascii
.unhexlify("0602" + addr
.replace(':', '') + "0102030405060100")
757 hapd1ap
.dump_monitor()
759 dev
[0].scan_for_bss(ap2
['bssid'], freq
="2412")
760 if "OK" not in dev
[0].request("FT_DS " + ap2
['bssid']):
761 raise Exception("FT_DS failed")
763 req
= hapd1ap
.mgmt_rx()
765 logger
.info("Foreign Target AP")
766 msg
['payload'] = binascii
.unhexlify("0602" + addr
.replace(':', '') + "0102030405060000")
769 addrs
= addr
.replace(':', '') + ap2
['bssid'].replace(':', '')
771 logger
.info("No IEs")
772 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "0000")
775 logger
.info("Invalid IEs (trigger parsing failure)")
776 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003700")
779 logger
.info("Too short MDIE")
780 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "000036021122")
783 logger
.info("Mobility domain mismatch")
784 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603112201")
787 logger
.info("No FTIE")
788 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201")
791 logger
.info("FTIE SNonce mismatch")
792 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "1000000000000000000000000000000000000000000000000000000000000001" + "030a6e6173322e77312e6669")
795 logger
.info("No R0KH-ID subelem in FTIE")
796 snonce
= binascii
.hexlify(req
['payload'][111:111+32]).decode()
797 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b20137520000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
)
800 logger
.info("No R0KH-ID subelem mismatch in FTIE")
801 snonce
= binascii
.hexlify(req
['payload'][111:111+32]).decode()
802 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
+ "030a11223344556677889900")
805 logger
.info("No R1KH-ID subelem in FTIE")
806 r0khid
= binascii
.hexlify(req
['payload'][145:145+10]).decode()
807 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
+ "030a" + r0khid
)
810 logger
.info("No RSNE")
811 r0khid
= binascii
.hexlify(req
['payload'][145:145+10]).decode()
812 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b20137660000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
+ "030a" + r0khid
+ "0106000102030405")
815 def test_ap_ft_pmf_over_ds(dev
, apdev
):
816 """WPA2-PSK-FT AP over DS with PMF"""
817 run_ap_ft_pmf_bip_over_ds(dev
, apdev
, None)
819 def test_ap_ft_pmf_bip_cmac_128_over_ds(dev
, apdev
):
820 """WPA2-PSK-FT AP over DS with PMF/BIP-CMAC-128"""
821 run_ap_ft_pmf_bip_over_ds(dev
, apdev
, "AES-128-CMAC")
823 def test_ap_ft_pmf_bip_gmac_128_over_ds(dev
, apdev
):
824 """WPA2-PSK-FT AP over DS with PMF/BIP-GMAC-128"""
825 run_ap_ft_pmf_bip_over_ds(dev
, apdev
, "BIP-GMAC-128")
827 def test_ap_ft_pmf_bip_gmac_256_over_ds(dev
, apdev
):
828 """WPA2-PSK-FT AP over DS with PMF/BIP-GMAC-256"""
829 run_ap_ft_pmf_bip_over_ds(dev
, apdev
, "BIP-GMAC-256")
831 def test_ap_ft_pmf_bip_cmac_256_over_ds(dev
, apdev
):
832 """WPA2-PSK-FT AP over DS with PMF/BIP-CMAC-256"""
833 run_ap_ft_pmf_bip_over_ds(dev
, apdev
, "BIP-CMAC-256")
835 def run_ap_ft_pmf_bip_over_ds(dev
, apdev
, cipher
):
836 if cipher
and cipher
not in dev
[0].get_capability("group_mgmt"):
837 raise HwsimSkip("Cipher %s not supported" % cipher
)
840 passphrase
= "12345678"
842 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
843 params
["ieee80211w"] = "2"
845 params
["group_mgmt_cipher"] = cipher
846 hapd0
= hostapd
.add_ap(apdev
[0], params
)
847 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
848 params
["ieee80211w"] = "2"
850 params
["group_mgmt_cipher"] = cipher
851 hapd1
= hostapd
.add_ap(apdev
[1], params
)
853 Wlantest
.setup(hapd0
)
856 wt
.add_passphrase(passphrase
)
858 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
861 def test_ap_ft_over_ds_pull(dev
, apdev
):
862 """WPA2-PSK-FT AP over DS (pull PMK)"""
864 passphrase
= "12345678"
866 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
867 params
["pmk_r1_push"] = "0"
868 hapd0
= hostapd
.add_ap(apdev
[0], params
)
869 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
870 params
["pmk_r1_push"] = "0"
871 hapd1
= hostapd
.add_ap(apdev
[1], params
)
873 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
875 def test_ap_ft_over_ds_pull_old_key(dev
, apdev
):
876 """WPA2-PSK-FT AP over DS (pull PMK; old key)"""
878 passphrase
= "12345678"
880 params
= ft_params1_old_key(ssid
=ssid
, passphrase
=passphrase
)
881 params
["pmk_r1_push"] = "0"
882 hapd0
= hostapd
.add_ap(apdev
[0], params
)
883 params
= ft_params2_old_key(ssid
=ssid
, passphrase
=passphrase
)
884 params
["pmk_r1_push"] = "0"
885 hapd1
= hostapd
.add_ap(apdev
[1], params
)
887 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
889 def test_ap_ft_over_ds_pull_vlan(dev
, apdev
):
890 """WPA2-PSK-FT AP over DS (pull PMK) with VLAN"""
892 passphrase
= "12345678"
894 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
895 params
["pmk_r1_push"] = "0"
896 params
['dynamic_vlan'] = "1"
897 params
['accept_mac_file'] = "hostapd.accept"
898 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
899 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
900 params
["pmk_r1_push"] = "0"
901 params
['dynamic_vlan'] = "1"
902 params
['accept_mac_file'] = "hostapd.accept"
903 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
905 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
908 def start_ft_sae(dev
, apdev
, wpa_ptk_rekey
=None):
909 if "SAE" not in dev
.get_capability("auth_alg"):
910 raise HwsimSkip("SAE not supported")
912 passphrase
= "12345678"
914 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
915 params
['wpa_key_mgmt'] = "FT-SAE"
917 params
['wpa_ptk_rekey'] = str(wpa_ptk_rekey
)
918 hapd0
= hostapd
.add_ap(apdev
[0], params
)
919 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
920 params
['wpa_key_mgmt'] = "FT-SAE"
922 params
['wpa_ptk_rekey'] = str(wpa_ptk_rekey
)
923 hapd1
= hostapd
.add_ap(apdev
[1], params
)
924 key_mgmt
= hapd1
.get_config()['key_mgmt']
925 if key_mgmt
.split(' ')[0] != "FT-SAE":
926 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
928 dev
.request("SET sae_groups ")
931 def test_ap_ft_sae(dev
, apdev
):
932 """WPA2-PSK-FT-SAE AP"""
933 hapd0
, hapd1
= start_ft_sae(dev
[0], apdev
)
934 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", sae
=True)
936 def test_ap_ft_sae_ptk_rekey0(dev
, apdev
):
937 """WPA2-PSK-FT-SAE AP and PTK rekey triggered by station"""
938 hapd0
, hapd1
= start_ft_sae(dev
[0], apdev
)
939 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", sae
=True,
940 ptk_rekey
="1", roams
=0)
941 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
943 def test_ap_ft_sae_ptk_rekey1(dev
, apdev
):
944 """WPA2-PSK-FT-SAE AP and PTK rekey triggered by station"""
945 hapd0
, hapd1
= start_ft_sae(dev
[0], apdev
)
946 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", sae
=True,
947 ptk_rekey
="1", only_one_way
=True)
948 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
950 def test_ap_ft_sae_ptk_rekey_ap(dev
, apdev
):
951 """WPA2-PSK-FT-SAE AP and PTK rekey triggered by AP"""
952 hapd0
, hapd1
= start_ft_sae(dev
[0], apdev
, wpa_ptk_rekey
=2)
953 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", sae
=True,
955 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
957 def test_ap_ft_sae_over_ds(dev
, apdev
):
958 """WPA2-PSK-FT-SAE AP over DS"""
959 hapd0
, hapd1
= start_ft_sae(dev
[0], apdev
)
960 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", sae
=True,
963 def test_ap_ft_sae_over_ds_ptk_rekey0(dev
, apdev
):
964 """WPA2-PSK-FT-SAE AP over DS and PTK rekey triggered by station"""
965 hapd0
, hapd1
= start_ft_sae(dev
[0], apdev
)
966 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", sae
=True,
967 over_ds
=True, ptk_rekey
="1", roams
=0)
968 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
970 def test_ap_ft_sae_over_ds_ptk_rekey1(dev
, apdev
):
971 """WPA2-PSK-FT-SAE AP over DS and PTK rekey triggered by station"""
972 hapd0
, hapd1
= start_ft_sae(dev
[0], apdev
)
973 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", sae
=True,
974 over_ds
=True, ptk_rekey
="1", only_one_way
=True)
975 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
977 def test_ap_ft_sae_over_ds_ptk_rekey_ap(dev
, apdev
):
978 """WPA2-PSK-FT-SAE AP over DS and PTK rekey triggered by AP"""
979 hapd0
, hapd1
= start_ft_sae(dev
[0], apdev
, wpa_ptk_rekey
=2)
980 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", sae
=True,
981 over_ds
=True, only_one_way
=True)
982 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
984 def test_ap_ft_sae_pw_id(dev
, apdev
):
985 """FT-SAE with Password Identifier"""
986 if "SAE" not in dev
[0].get_capability("auth_alg"):
987 raise HwsimSkip("SAE not supported")
990 params
= ft_params1(ssid
=ssid
)
991 params
["ieee80211w"] = "2"
992 params
['wpa_key_mgmt'] = "FT-SAE"
993 params
['sae_password'] = 'secret|id=pwid'
994 hapd0
= hostapd
.add_ap(apdev
[0], params
)
995 params
= ft_params2(ssid
=ssid
)
996 params
["ieee80211w"] = "2"
997 params
['wpa_key_mgmt'] = "FT-SAE"
998 params
['sae_password'] = 'secret|id=pwid'
999 hapd
= hostapd
.add_ap(apdev
[1], params
)
1001 dev
[0].request("SET sae_groups ")
1002 run_roams(dev
[0], apdev
, hapd0
, hapd
, ssid
, passphrase
=None, sae
=True,
1003 sae_password
="secret", sae_password_id
="pwid")
1005 def test_ap_ft_sae_with_both_akms(dev
, apdev
):
1006 """SAE + FT-SAE configuration"""
1007 if "SAE" not in dev
[0].get_capability("auth_alg"):
1008 raise HwsimSkip("SAE not supported")
1010 passphrase
= "12345678"
1012 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1013 params
['wpa_key_mgmt'] = "FT-SAE SAE"
1014 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1015 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1016 params
['wpa_key_mgmt'] = "FT-SAE SAE"
1017 hapd
= hostapd
.add_ap(apdev
[1], params
)
1018 key_mgmt
= hapd
.get_config()['key_mgmt']
1019 if key_mgmt
.split(' ')[0] != "FT-SAE":
1020 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
1022 dev
[0].request("SET sae_groups ")
1023 run_roams(dev
[0], apdev
, hapd0
, hapd
, ssid
, passphrase
, sae
=True,
1026 def test_ap_ft_sae_pmksa_caching(dev
, apdev
):
1027 """WPA2-FT-SAE AP and PMKSA caching for initial mobility domain association"""
1028 if "SAE" not in dev
[0].get_capability("auth_alg"):
1029 raise HwsimSkip("SAE not supported")
1031 passphrase
= "12345678"
1033 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1034 params
['wpa_key_mgmt'] = "FT-SAE"
1035 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1036 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1037 params
['wpa_key_mgmt'] = "FT-SAE"
1038 hapd
= hostapd
.add_ap(apdev
[1], params
)
1039 key_mgmt
= hapd
.get_config()['key_mgmt']
1040 if key_mgmt
.split(' ')[0] != "FT-SAE":
1041 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
1043 dev
[0].request("SET sae_groups ")
1044 run_roams(dev
[0], apdev
, hapd0
, hapd
, ssid
, passphrase
, sae
=True,
1047 def generic_ap_ft_eap(dev
, apdev
, vlan
=False, cui
=False, over_ds
=False,
1048 discovery
=False, roams
=1, wpa_ptk_rekey
=0,
1049 only_one_way
=False):
1051 passphrase
= "12345678"
1053 identity
= "gpsk-vlan1"
1056 identity
= "gpsk-cui"
1059 identity
= "gpsk user"
1062 radius
= hostapd
.radius_params()
1063 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
, discovery
=discovery
)
1064 params
['wpa_key_mgmt'] = "FT-EAP"
1065 params
["ieee8021x"] = "1"
1067 params
["dynamic_vlan"] = "1"
1068 params
= dict(list(radius
.items()) + list(params
.items()))
1069 hapd
= hostapd
.add_ap(apdev
[0], params
)
1070 key_mgmt
= hapd
.get_config()['key_mgmt']
1071 if key_mgmt
.split(' ')[0] != "FT-EAP":
1072 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
1073 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
, discovery
=discovery
)
1074 params
['wpa_key_mgmt'] = "FT-EAP"
1075 params
["ieee8021x"] = "1"
1077 params
["dynamic_vlan"] = "1"
1079 params
["wpa_ptk_rekey"] = str(wpa_ptk_rekey
)
1080 params
= dict(list(radius
.items()) + list(params
.items()))
1081 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1083 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
, eap
=True,
1084 over_ds
=over_ds
, roams
=roams
, eap_identity
=identity
,
1085 conndev
=conndev
, only_one_way
=only_one_way
)
1086 if "[WPA2-FT/EAP-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
1087 raise Exception("Scan results missing RSN element info")
1088 check_mib(dev
[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-3"),
1089 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-3")])
1093 # Verify EAPOL reauthentication after FT protocol
1094 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
1098 ap
.request("EAPOL_REAUTH " + dev
[0].own_addr())
1099 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout
=5)
1101 raise Exception("EAP authentication did not start")
1102 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout
=5)
1104 raise Exception("EAP authentication did not succeed")
1107 hwsim_utils
.test_connectivity_iface(dev
[0], ap
, conndev
)
1109 hwsim_utils
.test_connectivity(dev
[0], ap
)
1111 def test_ap_ft_eap(dev
, apdev
):
1112 """WPA2-EAP-FT AP"""
1113 generic_ap_ft_eap(dev
, apdev
)
1115 def test_ap_ft_eap_cui(dev
, apdev
):
1116 """WPA2-EAP-FT AP with CUI"""
1117 generic_ap_ft_eap(dev
, apdev
, vlan
=False, cui
=True)
1119 def test_ap_ft_eap_vlan(dev
, apdev
):
1120 """WPA2-EAP-FT AP with VLAN"""
1121 generic_ap_ft_eap(dev
, apdev
, vlan
=True)
1123 def test_ap_ft_eap_vlan_multi(dev
, apdev
):
1124 """WPA2-EAP-FT AP with VLAN"""
1125 generic_ap_ft_eap(dev
, apdev
, vlan
=True, roams
=50)
1127 def test_ap_ft_eap_over_ds(dev
, apdev
):
1128 """WPA2-EAP-FT AP using over-the-DS"""
1129 generic_ap_ft_eap(dev
, apdev
, over_ds
=True)
1131 def test_ap_ft_eap_dis(dev
, apdev
):
1132 """WPA2-EAP-FT AP with AP discovery"""
1133 generic_ap_ft_eap(dev
, apdev
, discovery
=True)
1135 def test_ap_ft_eap_dis_over_ds(dev
, apdev
):
1136 """WPA2-EAP-FT AP with AP discovery and over-the-DS"""
1137 generic_ap_ft_eap(dev
, apdev
, over_ds
=True, discovery
=True)
1139 def test_ap_ft_eap_vlan(dev
, apdev
):
1140 """WPA2-EAP-FT AP with VLAN"""
1141 generic_ap_ft_eap(dev
, apdev
, vlan
=True)
1143 def test_ap_ft_eap_vlan_multi(dev
, apdev
):
1144 """WPA2-EAP-FT AP with VLAN"""
1145 generic_ap_ft_eap(dev
, apdev
, vlan
=True, roams
=50)
1147 def test_ap_ft_eap_vlan_over_ds(dev
, apdev
):
1148 """WPA2-EAP-FT AP with VLAN + over_ds"""
1149 generic_ap_ft_eap(dev
, apdev
, vlan
=True, over_ds
=True)
1151 def test_ap_ft_eap_vlan_over_ds_multi(dev
, apdev
):
1152 """WPA2-EAP-FT AP with VLAN + over_ds"""
1153 generic_ap_ft_eap(dev
, apdev
, vlan
=True, over_ds
=True, roams
=50)
1155 def generic_ap_ft_eap_pull(dev
, apdev
, vlan
=False):
1156 """WPA2-EAP-FT AP (pull PMK)"""
1158 passphrase
= "12345678"
1160 identity
= "gpsk-vlan1"
1163 identity
= "gpsk user"
1166 radius
= hostapd
.radius_params()
1167 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1168 params
['wpa_key_mgmt'] = "FT-EAP"
1169 params
["ieee8021x"] = "1"
1170 params
["pmk_r1_push"] = "0"
1172 params
["dynamic_vlan"] = "1"
1173 params
= dict(list(radius
.items()) + list(params
.items()))
1174 hapd
= hostapd
.add_ap(apdev
[0], params
)
1175 key_mgmt
= hapd
.get_config()['key_mgmt']
1176 if key_mgmt
.split(' ')[0] != "FT-EAP":
1177 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
1178 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1179 params
['wpa_key_mgmt'] = "FT-EAP"
1180 params
["ieee8021x"] = "1"
1181 params
["pmk_r1_push"] = "0"
1183 params
["dynamic_vlan"] = "1"
1184 params
= dict(list(radius
.items()) + list(params
.items()))
1185 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1187 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
, eap
=True,
1188 eap_identity
=identity
, conndev
=conndev
)
1190 def test_ap_ft_eap_pull(dev
, apdev
):
1191 """WPA2-EAP-FT AP (pull PMK)"""
1192 generic_ap_ft_eap_pull(dev
, apdev
)
1194 def test_ap_ft_eap_pull_vlan(dev
, apdev
):
1195 generic_ap_ft_eap_pull(dev
, apdev
, vlan
=True)
1197 def test_ap_ft_eap_pull_wildcard(dev
, apdev
):
1198 """WPA2-EAP-FT AP (pull PMK) - wildcard R0KH/R1KH"""
1200 passphrase
= "12345678"
1202 radius
= hostapd
.radius_params()
1203 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
, discovery
=True)
1204 params
['wpa_key_mgmt'] = "WPA-EAP FT-EAP"
1205 params
["ieee8021x"] = "1"
1206 params
["pmk_r1_push"] = "0"
1207 params
["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
1208 params
["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
1209 params
["ft_psk_generate_local"] = "1"
1210 params
["eap_server"] = "0"
1211 params
= dict(list(radius
.items()) + list(params
.items()))
1212 hapd
= hostapd
.add_ap(apdev
[0], params
)
1213 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
, discovery
=True)
1214 params
['wpa_key_mgmt'] = "WPA-EAP FT-EAP"
1215 params
["ieee8021x"] = "1"
1216 params
["pmk_r1_push"] = "0"
1217 params
["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
1218 params
["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
1219 params
["ft_psk_generate_local"] = "1"
1220 params
["eap_server"] = "0"
1221 params
= dict(list(radius
.items()) + list(params
.items()))
1222 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1224 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
, eap
=True)
1227 def test_ap_ft_mismatching_rrb_key_push(dev
, apdev
):
1228 """WPA2-PSK-FT AP over DS with mismatching RRB key (push)"""
1230 passphrase
= "12345678"
1232 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1233 params
["ieee80211w"] = "2"
1234 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1235 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
1236 params
["ieee80211w"] = "2"
1237 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1239 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1243 def test_ap_ft_mismatching_rrb_key_pull(dev
, apdev
):
1244 """WPA2-PSK-FT AP over DS with mismatching RRB key (pull)"""
1246 passphrase
= "12345678"
1248 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1249 params
["pmk_r1_push"] = "0"
1250 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1251 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
1252 params
["pmk_r1_push"] = "0"
1253 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1255 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1259 def test_ap_ft_mismatching_r0kh_id_pull(dev
, apdev
):
1260 """WPA2-PSK-FT AP over DS with mismatching R0KH-ID (pull)"""
1262 passphrase
= "12345678"
1264 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1265 params
["pmk_r1_push"] = "0"
1266 params
["nas_identifier"] = "nas0.w1.fi"
1267 hostapd
.add_ap(apdev
[0], params
)
1268 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1271 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1272 params
["pmk_r1_push"] = "0"
1273 hostapd
.add_ap(apdev
[1], params
)
1275 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
1276 dev
[0].roam_over_ds(apdev
[1]['bssid'], fail_test
=True)
1279 def test_ap_ft_mismatching_rrb_r0kh_push(dev
, apdev
):
1280 """WPA2-PSK-FT AP over DS with mismatching R0KH key (push)"""
1282 passphrase
= "12345678"
1284 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1285 params
["ieee80211w"] = "2"
1286 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1287 params
= ft_params2_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
1288 params
["ieee80211w"] = "2"
1289 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1291 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1295 def test_ap_ft_mismatching_rrb_r0kh_pull(dev
, apdev
):
1296 """WPA2-PSK-FT AP over DS with mismatching R0KH key (pull)"""
1298 passphrase
= "12345678"
1300 params
= ft_params1_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
1301 params
["pmk_r1_push"] = "0"
1302 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1303 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1304 params
["pmk_r1_push"] = "0"
1305 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1307 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1310 def test_ap_ft_mismatching_rrb_key_push_eap(dev
, apdev
):
1311 """WPA2-EAP-FT AP over DS with mismatching RRB key (push)"""
1313 passphrase
= "12345678"
1315 radius
= hostapd
.radius_params()
1316 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1317 params
["ieee80211w"] = "2"
1318 params
['wpa_key_mgmt'] = "FT-EAP"
1319 params
["ieee8021x"] = "1"
1320 params
= dict(list(radius
.items()) + list(params
.items()))
1321 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1322 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
1323 params
["ieee80211w"] = "2"
1324 params
['wpa_key_mgmt'] = "FT-EAP"
1325 params
["ieee8021x"] = "1"
1326 params
= dict(list(radius
.items()) + list(params
.items()))
1327 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1329 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1330 fail_test
=True, eap
=True)
1332 def test_ap_ft_mismatching_rrb_key_pull_eap(dev
, apdev
):
1333 """WPA2-EAP-FT AP over DS with mismatching RRB key (pull)"""
1335 passphrase
= "12345678"
1337 radius
= hostapd
.radius_params()
1338 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1339 params
["pmk_r1_push"] = "0"
1340 params
['wpa_key_mgmt'] = "FT-EAP"
1341 params
["ieee8021x"] = "1"
1342 params
= dict(list(radius
.items()) + list(params
.items()))
1343 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1344 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
1345 params
["pmk_r1_push"] = "0"
1346 params
['wpa_key_mgmt'] = "FT-EAP"
1347 params
["ieee8021x"] = "1"
1348 params
= dict(list(radius
.items()) + list(params
.items()))
1349 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1351 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1352 fail_test
=True, eap
=True)
1354 def test_ap_ft_mismatching_r0kh_id_pull_eap(dev
, apdev
):
1355 """WPA2-EAP-FT AP over DS with mismatching R0KH-ID (pull)"""
1357 passphrase
= "12345678"
1359 radius
= hostapd
.radius_params()
1360 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1361 params
["pmk_r1_push"] = "0"
1362 params
["nas_identifier"] = "nas0.w1.fi"
1363 params
['wpa_key_mgmt'] = "FT-EAP"
1364 params
["ieee8021x"] = "1"
1365 params
= dict(list(radius
.items()) + list(params
.items()))
1366 hostapd
.add_ap(apdev
[0], params
)
1367 dev
[0].connect(ssid
, key_mgmt
="FT-EAP", proto
="WPA2", ieee80211w
="1",
1368 eap
="GPSK", identity
="gpsk user",
1369 password
="abcdefghijklmnop0123456789abcdef",
1372 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1373 params
["pmk_r1_push"] = "0"
1374 params
['wpa_key_mgmt'] = "FT-EAP"
1375 params
["ieee8021x"] = "1"
1376 params
= dict(list(radius
.items()) + list(params
.items()))
1377 hostapd
.add_ap(apdev
[1], params
)
1379 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
1380 dev
[0].roam_over_ds(apdev
[1]['bssid'], fail_test
=True)
1382 def test_ap_ft_mismatching_rrb_r0kh_push_eap(dev
, apdev
):
1383 """WPA2-EAP-FT AP over DS with mismatching R0KH key (push)"""
1385 passphrase
= "12345678"
1387 radius
= hostapd
.radius_params()
1388 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1389 params
["ieee80211w"] = "2"
1390 params
['wpa_key_mgmt'] = "FT-EAP"
1391 params
["ieee8021x"] = "1"
1392 params
= dict(list(radius
.items()) + list(params
.items()))
1393 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1394 params
= ft_params2_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
1395 params
["ieee80211w"] = "2"
1396 params
['wpa_key_mgmt'] = "FT-EAP"
1397 params
["ieee8021x"] = "1"
1398 params
= dict(list(radius
.items()) + list(params
.items()))
1399 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1401 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1402 fail_test
=True, eap
=True)
1404 def test_ap_ft_mismatching_rrb_r0kh_pull_eap(dev
, apdev
):
1405 """WPA2-EAP-FT AP over DS with mismatching R0KH key (pull)"""
1407 passphrase
= "12345678"
1409 radius
= hostapd
.radius_params()
1410 params
= ft_params1_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
1411 params
["pmk_r1_push"] = "0"
1412 params
['wpa_key_mgmt'] = "FT-EAP"
1413 params
["ieee8021x"] = "1"
1414 params
= dict(list(radius
.items()) + list(params
.items()))
1415 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1416 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1417 params
["pmk_r1_push"] = "0"
1418 params
['wpa_key_mgmt'] = "FT-EAP"
1419 params
["ieee8021x"] = "1"
1420 params
= dict(list(radius
.items()) + list(params
.items()))
1421 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1423 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1424 fail_test
=True, eap
=True)
1426 def test_ap_ft_gtk_rekey(dev
, apdev
):
1427 """WPA2-PSK-FT AP and GTK rekey"""
1429 passphrase
= "12345678"
1431 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1432 params
['wpa_group_rekey'] = '1'
1433 hapd
= hostapd
.add_ap(apdev
[0], params
)
1435 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1436 ieee80211w
="1", scan_freq
="2412")
1438 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
1440 raise Exception("GTK rekey timed out after initial association")
1441 hwsim_utils
.test_connectivity(dev
[0], hapd
)
1443 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1444 params
['wpa_group_rekey'] = '1'
1445 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1447 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
1448 dev
[0].roam(apdev
[1]['bssid'])
1449 if dev
[0].get_status_field('bssid') != apdev
[1]['bssid']:
1450 raise Exception("Did not connect to correct AP")
1451 hwsim_utils
.test_connectivity(dev
[0], hapd1
)
1453 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
1455 raise Exception("GTK rekey timed out after FT protocol")
1456 hwsim_utils
.test_connectivity(dev
[0], hapd1
)
1458 def test_ft_psk_key_lifetime_in_memory(dev
, apdev
, params
):
1459 """WPA2-PSK-FT and key lifetime in memory"""
1461 passphrase
= "04c2726b4b8d5f1b4db9c07aa4d9e9d8f765cb5d25ec817e6cc4fcdd5255db0"
1462 psk
= '93c90846ff67af9037ed83fb72b63dbeddaa81d47f926c20909b5886f1d9358d'
1463 pmk
= binascii
.unhexlify(psk
)
1464 p
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1465 hapd0
= hostapd
.add_ap(apdev
[0], p
)
1466 p
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1467 hapd1
= hostapd
.add_ap(apdev
[1], p
)
1469 pid
= find_wpas_process(dev
[0])
1471 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1473 # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
1474 # event has been delivered, so verify that wpa_supplicant has returned to
1475 # eloop before reading process memory.
1479 buf
= read_process_memory(pid
, pmk
)
1481 dev
[0].request("DISCONNECT")
1482 dev
[0].wait_disconnected()
1489 with
open(os
.path
.join(params
['logdir'], 'log0'), 'r') as f
:
1490 for l
in f
.readlines():
1491 if "FT: PMK-R0 - hexdump" in l
:
1492 val
= l
.strip().split(':')[3].replace(' ', '')
1493 pmkr0
= binascii
.unhexlify(val
)
1494 if "FT: PMK-R1 - hexdump" in l
:
1495 val
= l
.strip().split(':')[3].replace(' ', '')
1496 pmkr1
= binascii
.unhexlify(val
)
1497 if "FT: KCK - hexdump" in l
:
1498 val
= l
.strip().split(':')[3].replace(' ', '')
1499 kck
= binascii
.unhexlify(val
)
1500 if "FT: KEK - hexdump" in l
:
1501 val
= l
.strip().split(':')[3].replace(' ', '')
1502 kek
= binascii
.unhexlify(val
)
1503 if "FT: TK - hexdump" in l
:
1504 val
= l
.strip().split(':')[3].replace(' ', '')
1505 tk
= binascii
.unhexlify(val
)
1506 if "WPA: Group Key - hexdump" in l
:
1507 val
= l
.strip().split(':')[3].replace(' ', '')
1508 gtk
= binascii
.unhexlify(val
)
1509 if not pmkr0
or not pmkr1
or not kck
or not kek
or not tk
or not gtk
:
1510 raise Exception("Could not find keys from debug log")
1512 raise Exception("Unexpected GTK length")
1514 logger
.info("Checking keys in memory while associated")
1515 get_key_locations(buf
, pmk
, "PMK")
1516 get_key_locations(buf
, pmkr0
, "PMK-R0")
1517 get_key_locations(buf
, pmkr1
, "PMK-R1")
1519 raise HwsimSkip("PMK not found while associated")
1520 if pmkr0
not in buf
:
1521 raise HwsimSkip("PMK-R0 not found while associated")
1522 if pmkr1
not in buf
:
1523 raise HwsimSkip("PMK-R1 not found while associated")
1525 raise Exception("KCK not found while associated")
1527 raise Exception("KEK not found while associated")
1529 # raise Exception("TK found from memory")
1531 logger
.info("Checking keys in memory after disassociation")
1532 buf
= read_process_memory(pid
, pmk
)
1533 get_key_locations(buf
, pmk
, "PMK")
1534 get_key_locations(buf
, pmkr0
, "PMK-R0")
1535 get_key_locations(buf
, pmkr1
, "PMK-R1")
1537 # Note: PMK/PSK is still present in network configuration
1539 fname
= os
.path
.join(params
['logdir'],
1540 'ft_psk_key_lifetime_in_memory.memctx-')
1541 verify_not_present(buf
, pmkr0
, fname
, "PMK-R0")
1542 verify_not_present(buf
, pmkr1
, fname
, "PMK-R1")
1543 verify_not_present(buf
, kck
, fname
, "KCK")
1544 verify_not_present(buf
, kek
, fname
, "KEK")
1545 verify_not_present(buf
, tk
, fname
, "TK")
1547 get_key_locations(buf
, gtk
, "GTK")
1548 verify_not_present(buf
, gtk
, fname
, "GTK")
1550 dev
[0].request("REMOVE_NETWORK all")
1552 logger
.info("Checking keys in memory after network profile removal")
1553 buf
= read_process_memory(pid
, pmk
)
1554 get_key_locations(buf
, pmk
, "PMK")
1555 get_key_locations(buf
, pmkr0
, "PMK-R0")
1556 get_key_locations(buf
, pmkr1
, "PMK-R1")
1558 verify_not_present(buf
, pmk
, fname
, "PMK")
1559 verify_not_present(buf
, pmkr0
, fname
, "PMK-R0")
1560 verify_not_present(buf
, pmkr1
, fname
, "PMK-R1")
1561 verify_not_present(buf
, kck
, fname
, "KCK")
1562 verify_not_present(buf
, kek
, fname
, "KEK")
1563 verify_not_present(buf
, tk
, fname
, "TK")
1564 verify_not_present(buf
, gtk
, fname
, "GTK")
1567 def test_ap_ft_invalid_resp(dev
, apdev
):
1568 """WPA2-PSK-FT AP and invalid response IEs"""
1570 passphrase
= "12345678"
1572 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1573 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1574 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1577 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1578 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1581 # Various IEs for test coverage. The last one is FTIE with invalid
1582 # R1KH-ID subelement.
1583 "020002000000" + "3800" + "38051122334455" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010100",
1584 # FTIE with invalid R0KH-ID subelement (len=0).
1585 "020002000000" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010300",
1586 # FTIE with invalid R0KH-ID subelement (len=49).
1587 "020002000000" + "378500010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001033101020304050607080910111213141516171819202122232425262728293031323334353637383940414243444546474849",
1589 "020002000000" + "3000",
1590 # Required IEs missing from protected IE count.
1591 "020002000000" + "3603a1b201" + "375200010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
1592 # RIC missing from protected IE count.
1593 "020002000000" + "3603a1b201" + "375200020203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
1594 # Protected IE missing.
1595 "020002000000" + "3603a1b201" + "375200ff0203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900" + "0000"]
1597 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
1598 hapd1
.set("ext_mgmt_frame_handling", "1")
1599 hapd1
.dump_monitor()
1600 if "OK" not in dev
[0].request("ROAM " + apdev
[1]['bssid']):
1601 raise Exception("ROAM failed")
1604 msg
= hapd1
.mgmt_rx()
1605 if msg
['subtype'] == 11:
1609 raise Exception("Authentication frame not seen")
1612 resp
['fc'] = auth
['fc']
1613 resp
['da'] = auth
['sa']
1614 resp
['sa'] = auth
['da']
1615 resp
['bssid'] = auth
['bssid']
1616 resp
['payload'] = binascii
.unhexlify(t
)
1618 hapd1
.set("ext_mgmt_frame_handling", "0")
1619 dev
[0].wait_disconnected()
1621 dev
[0].request("RECONNECT")
1622 dev
[0].wait_connected()
1624 def test_ap_ft_gcmp_256(dev
, apdev
):
1625 """WPA2-PSK-FT AP with GCMP-256 cipher"""
1626 if "GCMP-256" not in dev
[0].get_capability("pairwise"):
1627 raise HwsimSkip("Cipher GCMP-256 not supported")
1629 passphrase
= "12345678"
1631 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1632 params
['rsn_pairwise'] = "GCMP-256"
1633 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1634 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1635 params
['rsn_pairwise'] = "GCMP-256"
1636 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1638 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
,
1639 pairwise_cipher
="GCMP-256", group_cipher
="GCMP-256")
1641 def setup_ap_ft_oom(dev
, apdev
):
1642 skip_with_fips(dev
[0])
1644 passphrase
= "12345678"
1646 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1647 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1648 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1649 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1651 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1653 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
1654 dst
= apdev
[1]['bssid']
1656 dst
= apdev
[0]['bssid']
1658 dev
[0].scan_for_bss(dst
, freq
="2412")
1662 def test_ap_ft_oom(dev
, apdev
):
1663 """WPA2-PSK-FT and OOM"""
1664 dst
= setup_ap_ft_oom(dev
, apdev
)
1665 with
alloc_fail(dev
[0], 1, "wpa_ft_gen_req_ies"):
1668 def test_ap_ft_oom2(dev
, apdev
):
1669 """WPA2-PSK-FT and OOM (2)"""
1670 dst
= setup_ap_ft_oom(dev
, apdev
)
1671 with
fail_test(dev
[0], 1, "wpa_ft_mic"):
1672 dev
[0].roam(dst
, fail_test
=True, assoc_reject_ok
=True)
1674 def test_ap_ft_oom3(dev
, apdev
):
1675 """WPA2-PSK-FT and OOM (3)"""
1676 dst
= setup_ap_ft_oom(dev
, apdev
)
1677 with
fail_test(dev
[0], 1, "os_get_random;wpa_ft_prepare_auth_request"):
1680 def test_ap_ft_oom4(dev
, apdev
):
1681 """WPA2-PSK-FT and OOM (4)"""
1683 passphrase
= "12345678"
1684 dst
= setup_ap_ft_oom(dev
, apdev
)
1685 dev
[0].request("REMOVE_NETWORK all")
1686 with
alloc_fail(dev
[0], 1, "=sme_update_ft_ies"):
1687 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1690 def test_ap_ft_ap_oom(dev
, apdev
):
1691 """WPA2-PSK-FT and AP OOM"""
1693 passphrase
= "12345678"
1695 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1696 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1697 bssid0
= hapd0
.own_addr()
1699 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1700 with
alloc_fail(hapd0
, 1, "wpa_ft_store_pmk_r0"):
1701 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1704 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1705 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1706 bssid1
= hapd1
.own_addr()
1707 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1708 # This roam will fail due to missing PMK-R0 (OOM prevented storing it)
1711 def test_ap_ft_ap_oom2(dev
, apdev
):
1712 """WPA2-PSK-FT and AP OOM 2"""
1714 passphrase
= "12345678"
1716 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1717 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1718 bssid0
= hapd0
.own_addr()
1720 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1721 with
alloc_fail(hapd0
, 1, "wpa_ft_store_pmk_r1"):
1722 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1725 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1726 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1727 bssid1
= hapd1
.own_addr()
1728 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1730 if dev
[0].get_status_field('bssid') != bssid1
:
1731 raise Exception("Did not roam to AP1")
1732 # This roam will fail due to missing PMK-R1 (OOM prevented storing it)
1735 def test_ap_ft_ap_oom3(dev
, apdev
):
1736 """WPA2-PSK-FT and AP OOM 3"""
1738 passphrase
= "12345678"
1740 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1741 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1742 bssid0
= hapd0
.own_addr()
1744 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1745 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1748 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1749 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1750 bssid1
= hapd1
.own_addr()
1751 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1752 with
alloc_fail(hapd1
, 1, "wpa_ft_pull_pmk_r1"):
1753 # This will fail due to not being able to send out PMK-R1 pull request
1756 with
fail_test(hapd1
, 2, "os_get_random;wpa_ft_pull_pmk_r1"):
1757 # This will fail due to not being able to send out PMK-R1 pull request
1760 with
fail_test(hapd1
, 2, "aes_siv_encrypt;wpa_ft_pull_pmk_r1"):
1761 # This will fail due to not being able to send out PMK-R1 pull request
1764 def test_ap_ft_ap_oom3b(dev
, apdev
):
1765 """WPA2-PSK-FT and AP OOM 3b"""
1767 passphrase
= "12345678"
1769 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1770 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1771 bssid0
= hapd0
.own_addr()
1773 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1774 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1777 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1778 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1779 bssid1
= hapd1
.own_addr()
1780 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1781 with
fail_test(hapd1
, 1, "os_get_random;wpa_ft_pull_pmk_r1"):
1782 # This will fail due to not being able to send out PMK-R1 pull request
1785 def test_ap_ft_ap_oom4(dev
, apdev
):
1786 """WPA2-PSK-FT and AP OOM 4"""
1788 passphrase
= "12345678"
1790 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1791 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1792 bssid0
= hapd0
.own_addr()
1794 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1795 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1798 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1799 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1800 bssid1
= hapd1
.own_addr()
1801 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1802 with
alloc_fail(hapd1
, 1, "wpa_ft_gtk_subelem"):
1804 if dev
[0].get_status_field('bssid') != bssid1
:
1805 raise Exception("Did not roam to AP1")
1807 with
fail_test(hapd0
, 1, "wpa_auth_get_seqnum;wpa_ft_gtk_subelem"):
1809 if dev
[0].get_status_field('bssid') != bssid0
:
1810 raise Exception("Did not roam to AP0")
1812 with
fail_test(hapd0
, 1, "aes_wrap;wpa_ft_gtk_subelem"):
1814 if dev
[0].get_status_field('bssid') != bssid1
:
1815 raise Exception("Did not roam to AP1")
1817 def test_ap_ft_ap_oom5(dev
, apdev
):
1818 """WPA2-PSK-FT and AP OOM 5"""
1820 passphrase
= "12345678"
1822 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1823 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1824 bssid0
= hapd0
.own_addr()
1826 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1827 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1830 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1831 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1832 bssid1
= hapd1
.own_addr()
1833 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1834 with
alloc_fail(hapd1
, 1, "=wpa_ft_process_auth_req"):
1835 # This will fail to roam
1838 with
fail_test(hapd1
, 1, "os_get_random;wpa_ft_process_auth_req"):
1839 # This will fail to roam
1842 with
fail_test(hapd1
, 1, "sha256_prf_bits;wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
1843 # This will fail to roam
1846 with
fail_test(hapd1
, 3, "wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
1847 # This will fail to roam
1850 with
fail_test(hapd1
, 1, "wpa_derive_pmk_r1_name;wpa_ft_process_auth_req"):
1851 # This will fail to roam
1854 def test_ap_ft_ap_oom6(dev
, apdev
):
1855 """WPA2-PSK-FT and AP OOM 6"""
1857 passphrase
= "12345678"
1859 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1860 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1861 bssid0
= hapd0
.own_addr()
1863 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1864 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r0;wpa_auth_derive_ptk_ft"):
1865 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1867 dev
[0].request("REMOVE_NETWORK all")
1868 dev
[0].wait_disconnected()
1869 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r1;wpa_auth_derive_ptk_ft"):
1870 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1872 dev
[0].request("REMOVE_NETWORK all")
1873 dev
[0].wait_disconnected()
1874 with
fail_test(hapd0
, 1, "wpa_pmk_r1_to_ptk;wpa_auth_derive_ptk_ft"):
1875 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1878 def test_ap_ft_ap_oom7a(dev
, apdev
):
1879 """WPA2-PSK-FT and AP OOM 7a"""
1881 passphrase
= "12345678"
1883 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1884 params
["ieee80211w"] = "2"
1885 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1886 bssid0
= hapd0
.own_addr()
1888 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1889 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1890 ieee80211w
="2", scan_freq
="2412")
1892 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1893 params
["ieee80211w"] = "2"
1894 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1895 bssid1
= hapd1
.own_addr()
1896 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1897 with
alloc_fail(hapd1
, 1, "wpa_ft_igtk_subelem"):
1898 # This will fail to roam
1901 def test_ap_ft_ap_oom7b(dev
, apdev
):
1902 """WPA2-PSK-FT and AP OOM 7b"""
1904 passphrase
= "12345678"
1906 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1907 params
["ieee80211w"] = "2"
1908 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1909 bssid0
= hapd0
.own_addr()
1911 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1912 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1913 ieee80211w
="2", scan_freq
="2412")
1915 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1916 params
["ieee80211w"] = "2"
1917 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1918 bssid1
= hapd1
.own_addr()
1919 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1920 with
fail_test(hapd1
, 1, "aes_wrap;wpa_ft_igtk_subelem"):
1921 # This will fail to roam
1924 def test_ap_ft_ap_oom7c(dev
, apdev
):
1925 """WPA2-PSK-FT and AP OOM 7c"""
1927 passphrase
= "12345678"
1929 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1930 params
["ieee80211w"] = "2"
1931 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1932 bssid0
= hapd0
.own_addr()
1934 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1935 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1936 ieee80211w
="2", scan_freq
="2412")
1938 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1939 params
["ieee80211w"] = "2"
1940 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1941 bssid1
= hapd1
.own_addr()
1942 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1943 with
alloc_fail(hapd1
, 1, "=wpa_sm_write_assoc_resp_ies"):
1944 # This will fail to roam
1947 def test_ap_ft_ap_oom7d(dev
, apdev
):
1948 """WPA2-PSK-FT and AP OOM 7d"""
1950 passphrase
= "12345678"
1952 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1953 params
["ieee80211w"] = "2"
1954 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1955 bssid0
= hapd0
.own_addr()
1957 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1958 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1959 ieee80211w
="2", scan_freq
="2412")
1961 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1962 params
["ieee80211w"] = "2"
1963 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1964 bssid1
= hapd1
.own_addr()
1965 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1966 with
fail_test(hapd1
, 1, "wpa_ft_mic;wpa_sm_write_assoc_resp_ies"):
1967 # This will fail to roam
1970 def test_ap_ft_ap_oom8(dev
, apdev
):
1971 """WPA2-PSK-FT and AP OOM 8"""
1973 passphrase
= "12345678"
1975 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1976 params
['ft_psk_generate_local'] = "1"
1977 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1978 bssid0
= hapd0
.own_addr()
1980 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1981 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1984 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1985 params
['ft_psk_generate_local'] = "1"
1986 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1987 bssid1
= hapd1
.own_addr()
1988 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1989 with
fail_test(hapd1
, 1, "wpa_derive_pmk_r0;wpa_ft_psk_pmk_r1"):
1990 # This will fail to roam
1992 with
fail_test(hapd1
, 1, "wpa_derive_pmk_r1;wpa_ft_psk_pmk_r1"):
1993 # This will fail to roam
1996 def test_ap_ft_ap_oom9(dev
, apdev
):
1997 """WPA2-PSK-FT and AP OOM 9"""
1999 passphrase
= "12345678"
2001 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2002 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2003 bssid0
= hapd0
.own_addr()
2005 dev
[0].scan_for_bss(bssid0
, freq
="2412")
2006 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2009 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2010 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2011 bssid1
= hapd1
.own_addr()
2012 dev
[0].scan_for_bss(bssid1
, freq
="2412")
2014 with
alloc_fail(hapd0
, 1, "wpa_ft_action_rx"):
2015 # This will fail to roam
2016 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
2017 raise Exception("FT_DS failed")
2018 wait_fail_trigger(hapd0
, "GET_ALLOC_FAIL")
2020 with
alloc_fail(hapd1
, 1, "wpa_ft_rrb_rx_request"):
2021 # This will fail to roam
2022 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
2023 raise Exception("FT_DS failed")
2024 wait_fail_trigger(hapd1
, "GET_ALLOC_FAIL")
2026 with
alloc_fail(hapd1
, 1, "wpa_ft_send_rrb_auth_resp"):
2027 # This will fail to roam
2028 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
2029 raise Exception("FT_DS failed")
2030 wait_fail_trigger(hapd1
, "GET_ALLOC_FAIL")
2032 def test_ap_ft_ap_oom10(dev
, apdev
):
2033 """WPA2-PSK-FT and AP OOM 10"""
2035 passphrase
= "12345678"
2037 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2038 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2039 bssid0
= hapd0
.own_addr()
2041 dev
[0].scan_for_bss(bssid0
, freq
="2412")
2042 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2045 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2046 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2047 bssid1
= hapd1
.own_addr()
2048 dev
[0].scan_for_bss(bssid1
, freq
="2412")
2050 with
fail_test(hapd0
, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_pull"):
2051 # This will fail to roam
2052 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
2053 raise Exception("FT_DS failed")
2054 wait_fail_trigger(hapd0
, "GET_FAIL")
2056 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r1;wpa_ft_rrb_rx_pull"):
2057 # This will fail to roam
2058 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
2059 raise Exception("FT_DS failed")
2060 wait_fail_trigger(hapd0
, "GET_FAIL")
2062 with
fail_test(hapd0
, 1, "aes_siv_encrypt;wpa_ft_rrb_rx_pull"):
2063 # This will fail to roam
2064 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
2065 raise Exception("FT_DS failed")
2066 wait_fail_trigger(hapd0
, "GET_FAIL")
2068 with
fail_test(hapd1
, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_resp"):
2069 # This will fail to roam
2070 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
2071 raise Exception("FT_DS failed")
2072 wait_fail_trigger(hapd1
, "GET_FAIL")
2074 def test_ap_ft_ap_oom11(dev
, apdev
):
2075 """WPA2-PSK-FT and AP OOM 11"""
2077 passphrase
= "12345678"
2079 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2080 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2081 bssid0
= hapd0
.own_addr()
2083 dev
[0].scan_for_bss(bssid0
, freq
="2412")
2084 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r1;wpa_ft_generate_pmk_r1"):
2085 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2087 wait_fail_trigger(hapd0
, "GET_FAIL")
2089 dev
[1].scan_for_bss(bssid0
, freq
="2412")
2090 with
fail_test(hapd0
, 1, "aes_siv_encrypt;wpa_ft_generate_pmk_r1"):
2091 dev
[1].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2093 wait_fail_trigger(hapd0
, "GET_FAIL")
2095 def test_ap_ft_over_ds_proto_ap(dev
, apdev
):
2096 """WPA2-PSK-FT AP over DS protocol testing for AP processing"""
2098 passphrase
= "12345678"
2100 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2101 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2102 bssid0
= hapd0
.own_addr()
2103 _bssid0
= bssid0
.replace(':', '')
2104 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2106 addr
= dev
[0].own_addr()
2107 _addr
= addr
.replace(':', '')
2109 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2110 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2111 bssid1
= hapd1
.own_addr()
2112 _bssid1
= bssid1
.replace(':', '')
2114 hapd0
.set("ext_mgmt_frame_handling", "1")
2115 hdr
= "d0003a01" + _bssid0
+ _addr
+ _bssid0
+ "1000"
2116 valid
= "0601" + _addr
+ _bssid1
2119 "0601" + _addr
+ _bssid0
,
2120 "0601" + _addr
+ "ffffffffffff",
2121 "0601" + _bssid0
+ _bssid0
,
2126 valid
+ "3603ffffff",
2127 valid
+ "3603a1b2ff",
2128 valid
+ "3603a1b2ff" + "3700",
2129 valid
+ "3603a1b2ff" + "37520000" + 16*"00" + 32*"00" + 32*"00",
2130 valid
+ "3603a1b2ff" + "37520001" + 16*"00" + 32*"00" + 32*"00",
2131 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa",
2132 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "3000",
2133 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000facff00000100a225368fe0983b5828a37a0acb37f253",
2134 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac030100000fac0400000100a225368fe0983b5828a37a0acb37f253",
2135 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000fac0400000100a225368fe0983b5828a37a0acb37f253",
2138 hapd0
.dump_monitor()
2139 if "OK" not in hapd0
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr
+ t
):
2140 raise Exception("MGMT_RX_PROCESS failed")
2142 hapd0
.set("ext_mgmt_frame_handling", "0")
2144 def test_ap_ft_over_ds_proto(dev
, apdev
):
2145 """WPA2-PSK-FT AP over DS protocol testing"""
2147 passphrase
= "12345678"
2149 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2150 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2151 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2154 # FT Action Response while no FT-over-DS in progress
2157 msg
['da'] = dev
[0].own_addr()
2158 msg
['sa'] = apdev
[0]['bssid']
2159 msg
['bssid'] = apdev
[0]['bssid']
2160 msg
['payload'] = binascii
.unhexlify("06020200000000000200000004000000")
2163 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2164 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2165 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
2166 hapd0
.set("ext_mgmt_frame_handling", "1")
2167 hapd0
.dump_monitor()
2168 dev
[0].request("FT_DS " + apdev
[1]['bssid'])
2169 for i
in range(0, 10):
2170 req
= hapd0
.mgmt_rx()
2172 raise Exception("MGMT RX wait timed out")
2173 if req
['subtype'] == 13:
2177 raise Exception("FT Action frame not received")
2179 # FT Action Response for unexpected Target AP
2180 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "f20000000400" + "0000")
2183 # FT Action Response without MDIE
2184 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "020000000400" + "0000")
2187 # FT Action Response without FTIE
2188 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201")
2191 # FT Action Response with FTIE SNonce mismatch
2192 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201" + "3766000000000000000000000000000000000000c4e67ac1999bebd00ff4ae4d5dcaf87896bb060b469f7c78d49623fb395c3455ffffff6b693fe6f8d8c5dfac0a22344750775bd09437f98b238c9f87b97f790c0106000102030406030a6e6173312e77312e6669")
2196 def test_ap_ft_rrb(dev
, apdev
):
2197 """WPA2-PSK-FT RRB protocol testing"""
2199 passphrase
= "12345678"
2201 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2202 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2204 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2207 _dst_ll
= binascii
.unhexlify(apdev
[0]['bssid'].replace(':', ''))
2208 _src_ll
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
2210 ehdr
= _dst_ll
+ _src_ll
+ proto
2212 # Too short RRB frame
2213 pkt
= ehdr
+ b
'\x01'
2214 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2215 raise Exception("DATA_TEST_FRAME failed")
2217 # RRB discarded frame wikth unrecognized type
2218 pkt
= ehdr
+ b
'\x02' + b
'\x02' + b
'\x01\x00' + _src_ll
2219 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2220 raise Exception("DATA_TEST_FRAME failed")
2222 # RRB frame too short for action frame
2223 pkt
= ehdr
+ b
'\x01' + b
'\x02' + b
'\x01\x00' + _src_ll
2224 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2225 raise Exception("DATA_TEST_FRAME failed")
2227 # Too short RRB frame (not enough room for Action Frame body)
2228 pkt
= ehdr
+ b
'\x01' + b
'\x02' + b
'\x00\x00' + _src_ll
2229 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2230 raise Exception("DATA_TEST_FRAME failed")
2232 # Unexpected Action frame category
2233 pkt
= ehdr
+ b
'\x01' + b
'\x02' + b
'\x0e\x00' + _src_ll
+ b
'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2234 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2235 raise Exception("DATA_TEST_FRAME failed")
2237 # Unexpected Action in RRB Request
2238 pkt
= ehdr
+ b
'\x01' + b
'\x00' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2239 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2240 raise Exception("DATA_TEST_FRAME failed")
2242 # Target AP address in RRB Request does not match with own address
2243 pkt
= ehdr
+ b
'\x01' + b
'\x00' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2244 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2245 raise Exception("DATA_TEST_FRAME failed")
2247 # Not enough room for status code in RRB Response
2248 pkt
= ehdr
+ b
'\x01' + b
'\x01' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2249 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2250 raise Exception("DATA_TEST_FRAME failed")
2252 # RRB discarded frame with unknown packet_type
2253 pkt
= ehdr
+ b
'\x01' + b
'\x02' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2254 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2255 raise Exception("DATA_TEST_FRAME failed")
2257 # RRB Response with non-zero status code; no STA match
2258 pkt
= ehdr
+ b
'\x01' + b
'\x01' + b
'\x10\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + b
'\xff\xff'
2259 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2260 raise Exception("DATA_TEST_FRAME failed")
2262 # RRB Response with zero status code and extra data; STA match
2263 pkt
= ehdr
+ b
'\x01' + b
'\x01' + b
'\x11\x00' + _src_ll
+ b
'\x06\x01' + _src_ll
+ b
'\x00\x00\x00\x00\x00\x00' + b
'\x00\x00' + b
'\x00'
2264 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2265 raise Exception("DATA_TEST_FRAME failed")
2267 # Too short PMK-R1 pull
2268 pkt
= ehdr
+ b
'\x01' + b
'\xc8' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2269 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2270 raise Exception("DATA_TEST_FRAME failed")
2272 # Too short PMK-R1 resp
2273 pkt
= ehdr
+ b
'\x01' + b
'\xc9' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2274 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2275 raise Exception("DATA_TEST_FRAME failed")
2277 # Too short PMK-R1 push
2278 pkt
= ehdr
+ b
'\x01' + b
'\xca' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2279 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2280 raise Exception("DATA_TEST_FRAME failed")
2282 # No matching R0KH address found for PMK-R0 pull response
2283 pkt
= ehdr
+ b
'\x01' + b
'\xc9' + b
'\x5a\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + 76 * b
'\00'
2284 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2285 raise Exception("DATA_TEST_FRAME failed")
2288 def test_rsn_ie_proto_ft_psk_sta(dev
, apdev
):
2289 """RSN element protocol testing for FT-PSK + PMF cases on STA side"""
2290 bssid
= apdev
[0]['bssid']
2292 passphrase
= "12345678"
2294 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2295 params
["ieee80211w"] = "1"
2296 # This is the RSN element used normally by hostapd
2297 params
['own_ie_override'] = '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'
2298 hapd
= hostapd
.add_ap(apdev
[0], params
)
2299 id = dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2300 ieee80211w
="1", scan_freq
="2412",
2301 pairwise
="CCMP", group
="CCMP")
2303 tests
= [('PMKIDCount field included',
2304 '30160100000fac040100000fac040100000fac048c000000' + '3603a1b201'),
2305 ('Extra IE before RSNE',
2306 'dd0400000000' + '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'),
2307 ('PMKIDCount and Group Management Cipher suite fields included',
2308 '301a0100000fac040100000fac040100000fac048c000000000fac06' + '3603a1b201'),
2309 ('Extra octet after defined fields (future extensibility)',
2310 '301b0100000fac040100000fac040100000fac048c000000000fac0600' + '3603a1b201'),
2311 ('No RSN Capabilities field (PMF disabled in practice)',
2312 '30120100000fac040100000fac040100000fac04' + '3603a1b201')]
2313 for txt
, ie
in tests
:
2314 dev
[0].request("DISCONNECT")
2315 dev
[0].wait_disconnected()
2318 hapd
.set('own_ie_override', ie
)
2320 dev
[0].request("BSS_FLUSH 0")
2321 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
2322 dev
[0].select_network(id, freq
=2412)
2323 dev
[0].wait_connected()
2325 dev
[0].request("DISCONNECT")
2326 dev
[0].wait_disconnected()
2328 logger
.info('Invalid RSNE causing internal hostapd error')
2330 hapd
.set('own_ie_override', '30130100000fac040100000fac040100000fac048c' + '3603a1b201')
2332 dev
[0].request("BSS_FLUSH 0")
2333 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
2334 dev
[0].select_network(id, freq
=2412)
2335 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
2337 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=1)
2339 raise Exception("Unexpected connection")
2340 dev
[0].request("DISCONNECT")
2342 logger
.info('Unexpected PMKID causing internal hostapd error')
2344 hapd
.set('own_ie_override', '30260100000fac040100000fac040100000fac048c000100ffffffffffffffffffffffffffffffff' + '3603a1b201')
2346 dev
[0].request("BSS_FLUSH 0")
2347 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
2348 dev
[0].select_network(id, freq
=2412)
2349 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
2351 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=1)
2353 raise Exception("Unexpected connection")
2354 dev
[0].request("DISCONNECT")
2356 def start_ft(apdev
, wpa_ptk_rekey
=None):
2358 passphrase
= "12345678"
2360 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2362 params
['wpa_ptk_rekey'] = str(wpa_ptk_rekey
)
2363 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2364 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2366 params
['wpa_ptk_rekey'] = str(wpa_ptk_rekey
)
2367 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2371 def check_ptk_rekey(dev
, hapd0
=None, hapd1
=None):
2372 ev
= dev
.wait_event(["CTRL-EVENT-DISCONNECTED",
2373 "WPA: Key negotiation completed"], timeout
=5)
2375 raise Exception("No event received after roam")
2376 if "CTRL-EVENT-DISCONNECTED" in ev
:
2377 raise Exception("Unexpected disconnection after roam")
2379 if not hapd0
or not hapd1
:
2381 if dev
.get_status_field('bssid') == hapd0
.own_addr():
2386 hwsim_utils
.test_connectivity(dev
, hapd
)
2388 def test_ap_ft_ptk_rekey(dev
, apdev
):
2389 """WPA2-PSK-FT PTK rekeying triggered by station after roam"""
2390 hapd0
, hapd1
= start_ft(apdev
)
2391 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", ptk_rekey
="1")
2392 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
2394 def test_ap_ft_ptk_rekey2(dev
, apdev
):
2395 """WPA2-PSK-FT PTK rekeying triggered by station after one roam"""
2396 hapd0
, hapd1
= start_ft(apdev
)
2397 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", ptk_rekey
="1",
2399 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
2401 def test_ap_ft_ptk_rekey_ap(dev
, apdev
):
2402 """WPA2-PSK-FT PTK rekeying triggered by AP after roam"""
2403 hapd0
, hapd1
= start_ft(apdev
, wpa_ptk_rekey
=2)
2404 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678")
2405 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
2407 def test_ap_ft_ptk_rekey_ap2(dev
, apdev
):
2408 """WPA2-PSK-FT PTK rekeying triggered by AP after one roam"""
2409 hapd0
, hapd1
= start_ft(apdev
, wpa_ptk_rekey
=2)
2410 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678",
2412 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
2414 def test_ap_ft_eap_ptk_rekey_ap(dev
, apdev
):
2415 """WPA2-EAP-FT PTK rekeying triggered by AP"""
2416 generic_ap_ft_eap(dev
, apdev
, only_one_way
=True, wpa_ptk_rekey
=2)
2417 check_ptk_rekey(dev
[0])
2419 def test_ap_ft_internal_rrb_check(dev
, apdev
):
2420 """RRB internal delivery only to WPA enabled BSS"""
2422 passphrase
= "12345678"
2424 radius
= hostapd
.radius_params()
2425 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2426 params
['wpa_key_mgmt'] = "FT-EAP"
2427 params
["ieee8021x"] = "1"
2428 params
= dict(list(radius
.items()) + list(params
.items()))
2429 hapd
= hostapd
.add_ap(apdev
[0], params
)
2430 key_mgmt
= hapd
.get_config()['key_mgmt']
2431 if key_mgmt
.split(' ')[0] != "FT-EAP":
2432 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
2434 hapd1
= hostapd
.add_ap(apdev
[1], {"ssid": ssid
})
2436 # Connect to WPA enabled AP
2437 dev
[0].connect(ssid
, key_mgmt
="FT-EAP", proto
="WPA2", ieee80211w
="1",
2438 eap
="GPSK", identity
="gpsk user",
2439 password
="abcdefghijklmnop0123456789abcdef",
2442 # Try over_ds roaming to non-WPA-enabled AP.
2443 # If hostapd does not check hapd->wpa_auth internally, it will crash now.
2444 dev
[0].roam_over_ds(apdev
[1]['bssid'], fail_test
=True)
2446 def test_ap_ft_extra_ie(dev
, apdev
):
2447 """WPA2-PSK-FT AP with WPA2-PSK enabled and unexpected MDE"""
2449 passphrase
= "12345678"
2451 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2452 params
["wpa_key_mgmt"] = "WPA-PSK FT-PSK"
2453 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2454 dev
[1].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2456 dev
[2].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK", proto
="WPA2",
2459 # Add Mobility Domain element to test AP validation code.
2460 dev
[0].request("VENDOR_ELEM_ADD 13 3603a1b201")
2461 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK", proto
="WPA2",
2462 scan_freq
="2412", wait_connect
=False)
2463 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED",
2464 "CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
2466 raise Exception("No connection result")
2467 if "CTRL-EVENT-CONNECTED" in ev
:
2468 raise Exception("Non-FT association accepted with MDE")
2469 if "status_code=43" not in ev
:
2470 raise Exception("Unexpected status code: " + ev
)
2471 dev
[0].request("DISCONNECT")
2473 dev
[0].request("VENDOR_ELEM_REMOVE 13 *")
2475 def test_ap_ft_ric(dev
, apdev
):
2476 """WPA2-PSK-FT AP and RIC"""
2478 passphrase
= "12345678"
2480 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2481 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2482 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2483 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2485 dev
[0].set("ric_ies", "")
2486 dev
[0].set("ric_ies", '""')
2487 if "FAIL" not in dev
[0].request("SET ric_ies q"):
2488 raise Exception("Invalid ric_ies value accepted")
2493 "390400000000" + "390400000000",
2494 "390400000000" + "dd050050f20202",
2495 "390400000000" + "dd3d0050f2020201" + 55*"00",
2496 "390400000000" + "dd3d0050f2020201aa300010270000000000000000000000000000000000000000000000000000ffffff7f00000000000000000000000040420f00ffff0000",
2497 "390401010000" + "dd3d0050f2020201aa3000dc050000000000000000000000000000000000000000000000000000dc050000000000000000000000000000808d5b0028230000"]
2499 dev
[0].set("ric_ies", t
)
2500 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
,
2501 test_connectivity
=False)
2502 dev
[0].request("REMOVE_NETWORK all")
2503 dev
[0].wait_disconnected()
2504 dev
[0].dump_monitor()
2506 def ie_hex(ies
, id):
2507 return binascii
.hexlify(struct
.pack('BB', id, len(ies
[id])) + ies
[id]).decode()
2509 def test_ap_ft_reassoc_proto(dev
, apdev
):
2510 """WPA2-PSK-FT AP Reassociation Request frame parsing"""
2512 passphrase
= "12345678"
2514 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2515 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2516 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2517 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2519 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2520 ieee80211w
="1", scan_freq
="2412")
2521 if dev
[0].get_status_field('bssid') == hapd0
.own_addr():
2528 dev
[0].scan_for_bss(hapd2ap
.own_addr(), freq
="2412")
2529 hapd2ap
.set("ext_mgmt_frame_handling", "1")
2530 dev
[0].request("ROAM " + hapd2ap
.own_addr())
2533 req
= hapd2ap
.mgmt_rx()
2534 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']).decode())
2535 if req
['subtype'] == 11:
2539 req
= hapd2ap
.mgmt_rx()
2540 if req
['subtype'] == 2:
2542 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']).decode())
2544 # IEEE 802.11 header + fixed fields before IEs
2545 hdr
= binascii
.hexlify(req
['frame'][0:34]).decode()
2546 ies
= parse_ie(binascii
.hexlify(req
['frame'][34:]))
2547 # First elements: SSID, Supported Rates, Extended Supported Rates
2548 ies1
= ie_hex(ies
, 0) + ie_hex(ies
, 1) + ie_hex(ies
, 50)
2550 rsne
= ie_hex(ies
, 48)
2551 mde
= ie_hex(ies
, 54)
2552 fte
= ie_hex(ies
, 55)
2554 # RSN: Trying to use FT, but MDIE not included
2556 # RSN: Attempted to use unknown MDIE
2557 tests
+= [rsne
+ "3603000000"]
2558 # Invalid RSN pairwise cipher
2559 tests
+= ["30260100000fac040100000fac030100000fac040000010029208a42cd25c85aa571567dce10dae3"]
2560 # FT: No PMKID in RSNIE
2561 tests
+= ["30160100000fac040100000fac040100000fac0400000000" + ie_hex(ies
, 54)]
2563 tests
+= [rsne
+ mde
]
2564 # FT: RIC IE(s) in the frame, but not included in protected IE count
2565 # FT: Failed to parse FT IEs
2566 tests
+= [rsne
+ mde
+ fte
+ "3900"]
2567 # FT: SNonce mismatch in FTIE
2568 tests
+= [rsne
+ mde
+ "37520000" + 16*"00" + 32*"00" + 32*"00"]
2569 # FT: ANonce mismatch in FTIE
2570 tests
+= [rsne
+ mde
+ fte
[0:40] + 32*"00" + fte
[104:]]
2571 # FT: No R0KH-ID subelem in FTIE
2572 tests
+= [rsne
+ mde
+ "3752" + fte
[4:168]]
2573 # FT: R0KH-ID in FTIE did not match with the current R0KH-ID
2574 tests
+= [rsne
+ mde
+ "3755" + fte
[4:168] + "0301ff"]
2575 # FT: No R1KH-ID subelem in FTIE
2576 tests
+= [rsne
+ mde
+ "375e" + fte
[4:168] + "030a" + binascii
.hexlify(b
"nas1.w1.fi").decode()]
2577 # FT: Unknown R1KH-ID used in ReassocReq
2578 tests
+= [rsne
+ mde
+ "3766" + fte
[4:168] + "030a" + binascii
.hexlify(b
"nas1.w1.fi").decode() + "0106000000000000"]
2579 # FT: PMKID in Reassoc Req did not match with the PMKR1Name derived from auth request
2580 tests
+= [rsne
[:-32] + 16*"00" + mde
+ fte
]
2581 # Invalid MIC in FTIE
2582 tests
+= [rsne
+ mde
+ fte
[0:8] + 16*"00" + fte
[40:]]
2584 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr
+ ies1
+ t
)
2586 def test_ap_ft_reassoc_local_fail(dev
, apdev
):
2587 """WPA2-PSK-FT AP Reassociation Request frame and local failure"""
2589 passphrase
= "12345678"
2591 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2592 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2593 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2594 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2596 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2597 ieee80211w
="1", scan_freq
="2412")
2598 if dev
[0].get_status_field('bssid') == hapd0
.own_addr():
2605 dev
[0].scan_for_bss(hapd2ap
.own_addr(), freq
="2412")
2606 # FT: Failed to calculate MIC
2607 with
fail_test(hapd2ap
, 1, "wpa_ft_validate_reassoc"):
2608 dev
[0].request("ROAM " + hapd2ap
.own_addr())
2609 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
2610 dev
[0].request("DISCONNECT")
2612 raise Exception("Association reject not seen")
2614 def test_ap_ft_reassoc_replay(dev
, apdev
, params
):
2615 """WPA2-PSK-FT AP and replayed Reassociation Request frame"""
2616 capfile
= os
.path
.join(params
['logdir'], "hwsim0.pcapng")
2618 passphrase
= "12345678"
2620 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2621 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2622 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2623 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2625 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2627 if dev
[0].get_status_field('bssid') == hapd0
.own_addr():
2634 dev
[0].scan_for_bss(hapd2ap
.own_addr(), freq
="2412")
2635 hapd2ap
.set("ext_mgmt_frame_handling", "1")
2636 dev
[0].dump_monitor()
2637 if "OK" not in dev
[0].request("ROAM " + hapd2ap
.own_addr()):
2638 raise Exception("ROAM failed")
2643 req
= hapd2ap
.mgmt_rx()
2645 hapd2ap
.dump_monitor()
2646 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']).decode())
2647 if req
['subtype'] == 2:
2649 ev
= hapd2ap
.wait_event(["MGMT-TX-STATUS"], timeout
=5)
2651 raise Exception("No TX status seen")
2652 cmd
= "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev
.split(' ')[1:4]))
2653 if "OK" not in hapd2ap
.request(cmd
):
2654 raise Exception("MGMT_TX_STATUS_PROCESS failed")
2656 hapd2ap
.set("ext_mgmt_frame_handling", "0")
2657 if reassocreq
is None:
2658 raise Exception("No Reassociation Request frame seen")
2659 dev
[0].wait_connected()
2660 dev
[0].dump_monitor()
2661 hapd2ap
.dump_monitor()
2663 hwsim_utils
.test_connectivity(dev
[0], hapd2ap
)
2665 logger
.info("Replay the last Reassociation Request frame")
2666 hapd2ap
.dump_monitor()
2667 hapd2ap
.set("ext_mgmt_frame_handling", "1")
2668 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']).decode())
2669 ev
= hapd2ap
.wait_event(["MGMT-TX-STATUS"], timeout
=5)
2671 raise Exception("No TX status seen")
2672 cmd
= "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev
.split(' ')[1:4]))
2673 if "OK" not in hapd2ap
.request(cmd
):
2674 raise Exception("MGMT_TX_STATUS_PROCESS failed")
2675 hapd2ap
.set("ext_mgmt_frame_handling", "0")
2678 hwsim_utils
.test_connectivity(dev
[0], hapd2ap
)
2683 ap
= hapd2ap
.own_addr()
2684 sta
= dev
[0].own_addr()
2685 filt
= "wlan.fc.type == 2 && " + \
2686 "wlan.da == " + sta
+ " && " + \
2688 fields
= ["wlan.ccmp.extiv"]
2689 res
= run_tshark(capfile
, filt
, fields
)
2690 vals
= res
.splitlines()
2691 logger
.info("CCMP PN: " + str(vals
))
2693 raise Exception("Could not find all CCMP protected frames from capture")
2694 if len(set(vals
)) < len(vals
):
2695 raise Exception("Duplicate CCMP PN used")
2698 raise Exception("The second hwsim connectivity test failed")
2700 def test_ap_ft_psk_file(dev
, apdev
):
2701 """WPA2-PSK-FT AP with PSK from a file"""
2703 passphrase
= "12345678"
2705 params
= ft_params1a(ssid
=ssid
, passphrase
=passphrase
)
2706 params
['wpa_psk_file'] = 'hostapd.wpa_psk'
2707 hapd
= hostapd
.add_ap(apdev
[0], params
)
2709 dev
[1].connect(ssid
, psk
="very secret",
2710 key_mgmt
="FT-PSK", proto
="WPA2", ieee80211w
="1",
2711 scan_freq
="2412", wait_connect
=False)
2712 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2713 ieee80211w
="1", scan_freq
="2412")
2714 dev
[0].request("REMOVE_NETWORK all")
2715 dev
[0].wait_disconnected()
2716 dev
[0].connect(ssid
, psk
="very secret", key_mgmt
="FT-PSK", proto
="WPA2",
2717 ieee80211w
="1", scan_freq
="2412")
2718 dev
[0].request("REMOVE_NETWORK all")
2719 dev
[0].wait_disconnected()
2720 dev
[0].connect(ssid
, psk
="secret passphrase",
2721 key_mgmt
="FT-PSK", proto
="WPA2", ieee80211w
="1",
2723 dev
[2].connect(ssid
, psk
="another passphrase for all STAs",
2724 key_mgmt
="FT-PSK", proto
="WPA2", ieee80211w
="1",
2726 ev
= dev
[1].wait_event(["WPA: 4-Way Handshake failed"], timeout
=10)
2728 raise Exception("Timed out while waiting for failure report")
2729 dev
[1].request("REMOVE_NETWORK all")
2731 def test_ap_ft_eap_ap_config_change(dev
, apdev
):
2732 """WPA2-EAP-FT AP changing from 802.1X-only to FT-only"""
2734 passphrase
= "12345678"
2735 bssid
= apdev
[0]['bssid']
2737 radius
= hostapd
.radius_params()
2738 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
, discovery
=True)
2739 params
['wpa_key_mgmt'] = "WPA-EAP"
2740 params
["ieee8021x"] = "1"
2741 params
["pmk_r1_push"] = "0"
2742 params
["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
2743 params
["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
2744 params
["eap_server"] = "0"
2745 params
= dict(list(radius
.items()) + list(params
.items()))
2746 hapd
= hostapd
.add_ap(apdev
[0], params
)
2748 dev
[0].connect(ssid
, key_mgmt
="FT-EAP WPA-EAP", proto
="WPA2",
2749 eap
="GPSK", identity
="gpsk user",
2750 password
="abcdefghijklmnop0123456789abcdef",
2752 dev
[0].request("DISCONNECT")
2753 dev
[0].wait_disconnected()
2754 dev
[0].dump_monitor()
2757 hapd
.set('wpa_key_mgmt', "FT-EAP")
2760 dev
[0].request("BSS_FLUSH 0")
2761 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
2763 dev
[0].request("RECONNECT")
2764 dev
[0].wait_connected()
2766 def test_ap_ft_eap_sha384(dev
, apdev
):
2767 """WPA2-EAP-FT with SHA384"""
2769 passphrase
= "12345678"
2771 radius
= hostapd
.radius_params()
2772 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2773 params
["ieee80211w"] = "2"
2774 params
['wpa_key_mgmt'] = "FT-EAP-SHA384"
2775 params
["ieee8021x"] = "1"
2776 params
= dict(list(radius
.items()) + list(params
.items()))
2777 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2778 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2779 params
["ieee80211w"] = "2"
2780 params
['wpa_key_mgmt'] = "FT-EAP-SHA384"
2781 params
["ieee8021x"] = "1"
2782 params
= dict(list(radius
.items()) + list(params
.items()))
2783 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2785 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, eap
=True,
2788 def test_ap_ft_eap_sha384_reassoc(dev
, apdev
):
2789 """WPA2-EAP-FT with SHA384 using REASSOCIATE"""
2790 check_suite_b_192_capa(dev
)
2792 passphrase
= "12345678"
2794 radius
= hostapd
.radius_params()
2795 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2796 params
["ieee80211w"] = "2"
2797 params
['wpa_key_mgmt'] = "WPA-EAP-SUITE-B-192 FT-EAP-SHA384"
2798 params
["ieee8021x"] = "1"
2799 params
= dict(list(radius
.items()) + list(params
.items()))
2800 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2801 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2802 params
["ieee80211w"] = "2"
2803 params
['wpa_key_mgmt'] = "WPA-EAP-SUITE-B-192 FT-EAP-SHA384"
2804 params
["ieee8021x"] = "1"
2805 params
= dict(list(radius
.items()) + list(params
.items()))
2806 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2808 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, eap
=True,
2809 sha384
=True, also_non_ft
=True, roam_with_reassoc
=True)
2811 def test_ap_ft_eap_sha384_over_ds(dev
, apdev
):
2812 """WPA2-EAP-FT with SHA384 over DS"""
2814 passphrase
= "12345678"
2816 radius
= hostapd
.radius_params()
2817 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2818 params
["ieee80211w"] = "2"
2819 params
['wpa_key_mgmt'] = "FT-EAP-SHA384"
2820 params
["ieee8021x"] = "1"
2821 params
= dict(list(radius
.items()) + list(params
.items()))
2822 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2823 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2824 params
["ieee80211w"] = "2"
2825 params
['wpa_key_mgmt'] = "FT-EAP-SHA384"
2826 params
["ieee8021x"] = "1"
2827 params
= dict(list(radius
.items()) + list(params
.items()))
2828 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2830 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
2831 eap
=True, sha384
=True)
2833 def test_ap_ft_roam_rrm(dev
, apdev
):
2834 """WPA2-PSK-FT AP and radio measurement request"""
2836 passphrase
= "12345678"
2838 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2839 params
["rrm_beacon_report"] = "1"
2840 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2841 bssid0
= hapd0
.own_addr()
2843 addr
= dev
[0].own_addr()
2844 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2846 check_beacon_req(hapd0
, addr
, 1)
2848 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2849 params
["rrm_beacon_report"] = "1"
2850 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2851 bssid1
= hapd1
.own_addr()
2853 dev
[0].scan_for_bss(bssid1
, freq
=2412)
2855 check_beacon_req(hapd1
, addr
, 2)
2857 dev
[0].scan_for_bss(bssid0
, freq
=2412)
2859 check_beacon_req(hapd0
, addr
, 3)
2861 def test_ap_ft_pmksa_caching(dev
, apdev
):
2862 """FT-EAP and PMKSA caching for initial mobility domain association"""
2864 identity
= "gpsk user"
2866 radius
= hostapd
.radius_params()
2867 params
= ft_params1(ssid
=ssid
)
2868 params
['wpa_key_mgmt'] = "FT-EAP"
2869 params
["ieee8021x"] = "1"
2870 params
["mobility_domain"] = "c3d4"
2871 params
= dict(list(radius
.items()) + list(params
.items()))
2872 hapd
= hostapd
.add_ap(apdev
[0], params
)
2874 params
= ft_params2(ssid
=ssid
)
2875 params
['wpa_key_mgmt'] = "FT-EAP"
2876 params
["ieee8021x"] = "1"
2877 params
["mobility_domain"] = "c3d4"
2878 params
= dict(list(radius
.items()) + list(params
.items()))
2879 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2881 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, None, eap
=True,
2882 eap_identity
=identity
, pmksa_caching
=True)
2884 def test_ap_ft_pmksa_caching_sha384(dev
, apdev
):
2885 """FT-EAP-SHA384 and PMKSA caching for initial mobility domain association"""
2887 identity
= "gpsk user"
2889 radius
= hostapd
.radius_params()
2890 params
= ft_params1(ssid
=ssid
)
2891 params
['wpa_key_mgmt'] = "FT-EAP-SHA384"
2892 params
["ieee8021x"] = "1"
2893 params
["mobility_domain"] = "c3d4"
2894 params
= dict(list(radius
.items()) + list(params
.items()))
2895 hapd
= hostapd
.add_ap(apdev
[0], params
)
2897 params
= ft_params2(ssid
=ssid
)
2898 params
['wpa_key_mgmt'] = "FT-EAP-SHA384"
2899 params
["ieee8021x"] = "1"
2900 params
["mobility_domain"] = "c3d4"
2901 params
= dict(list(radius
.items()) + list(params
.items()))
2902 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2904 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, None, eap
=True,
2905 eap_identity
=identity
, pmksa_caching
=True, sha384
=True)