]>
git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_ap_ft.py
bc03c3c7769537b9181257204639b10bfe7b0c3f
1 # Fast BSS Transition tests
2 # Copyright (c) 2013-2017, Jouni Malinen <j@w1.fi>
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
7 from remotehost
import remote_compatible
12 logger
= logging
.getLogger()
17 from tshark
import run_tshark
18 from utils
import HwsimSkip
, alloc_fail
, fail_test
, wait_fail_trigger
, skip_with_fips
, parse_ie
19 from wlantest
import Wlantest
20 from test_ap_psk
import check_mib
, find_wpas_process
, read_process_memory
, verify_not_present
, get_key_locations
23 params
= { "wpa": "2",
24 "wpa_key_mgmt": "FT-PSK",
25 "rsn_pairwise": "CCMP" }
29 params
= { "wpa": "3",
30 "wpa_key_mgmt": "WPA-PSK FT-PSK",
31 "wpa_pairwise": "TKIP",
32 "rsn_pairwise": "CCMP" }
35 def ft_params(rsn
=True, ssid
=None, passphrase
=None):
37 params
= ft_base_rsn()
39 params
= ft_base_mixed()
43 params
["wpa_passphrase"] = passphrase
45 params
["mobility_domain"] = "a1b2"
46 params
["r0_key_lifetime"] = "10000"
47 params
["pmk_r1_push"] = "1"
48 params
["reassociation_deadline"] = "1000"
51 def ft_params1a(rsn
=True, ssid
=None, passphrase
=None):
52 params
= ft_params(rsn
, ssid
, passphrase
)
53 params
['nas_identifier'] = "nas1.w1.fi"
54 params
['r1_key_holder'] = "000102030405"
57 def ft_params1(rsn
=True, ssid
=None, passphrase
=None, discovery
=False):
58 params
= ft_params1a(rsn
, ssid
, passphrase
)
60 params
['r0kh'] = "ff:ff:ff:ff:ff:ff * 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
61 params
['r1kh'] = "00:00:00:00:00:00 00:00:00:00:00:00 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
63 params
['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f",
64 "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f" ]
65 params
['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f"
68 def ft_params1_old_key(rsn
=True, ssid
=None, passphrase
=None):
69 params
= ft_params1a(rsn
, ssid
, passphrase
)
70 params
['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f",
71 "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f" ]
72 params
['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f"
75 def ft_params2a(rsn
=True, ssid
=None, passphrase
=None):
76 params
= ft_params(rsn
, ssid
, passphrase
)
77 params
['nas_identifier'] = "nas2.w1.fi"
78 params
['r1_key_holder'] = "000102030406"
81 def ft_params2(rsn
=True, ssid
=None, passphrase
=None, discovery
=False):
82 params
= ft_params2a(rsn
, ssid
, passphrase
)
84 params
['r0kh'] = "ff:ff:ff:ff:ff:ff * 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
85 params
['r1kh'] = "00:00:00:00:00:00 00:00:00:00:00:00 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
87 params
['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f",
88 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f" ]
89 params
['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"
92 def ft_params2_old_key(rsn
=True, ssid
=None, passphrase
=None):
93 params
= ft_params2a(rsn
, ssid
, passphrase
)
94 params
['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f",
95 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f" ]
96 params
['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f"
99 def ft_params1_r0kh_mismatch(rsn
=True, ssid
=None, passphrase
=None):
100 params
= ft_params(rsn
, ssid
, passphrase
)
101 params
['nas_identifier'] = "nas1.w1.fi"
102 params
['r1_key_holder'] = "000102030405"
103 params
['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f",
104 "12:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f" ]
105 params
['r1kh'] = "12:00:00:00:04:00 10:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f"
108 def ft_params2_incorrect_rrb_key(rsn
=True, ssid
=None, passphrase
=None):
109 params
= ft_params(rsn
, ssid
, passphrase
)
110 params
['nas_identifier'] = "nas2.w1.fi"
111 params
['r1_key_holder'] = "000102030406"
112 params
['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0ef1200102030405060708090a0b0c0d0ef1",
113 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0ef2000102030405060708090a0b0c0d0ef2" ]
114 params
['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0ef3300102030405060708090a0b0c0d0ef3"
117 def ft_params2_r0kh_mismatch(rsn
=True, ssid
=None, passphrase
=None):
118 params
= ft_params(rsn
, ssid
, passphrase
)
119 params
['nas_identifier'] = "nas2.w1.fi"
120 params
['r1_key_holder'] = "000102030406"
121 params
['r0kh'] = [ "12:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f",
122 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f" ]
123 params
['r1kh'] = "12:00:00:00:03:00 10:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"
126 def run_roams(dev
, apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=False,
127 sae
=False, eap
=False, fail_test
=False, roams
=1,
128 pairwise_cipher
="CCMP", group_cipher
="TKIP CCMP", ptk_rekey
="0",
129 test_connectivity
=True):
130 logger
.info("Connect to first AP")
132 dev
.connect(ssid
, key_mgmt
="FT-EAP", proto
="WPA2", ieee80211w
="1",
133 eap
="GPSK", identity
="gpsk user",
134 password
="abcdefghijklmnop0123456789abcdef",
136 pairwise
=pairwise_cipher
, group
=group_cipher
,
137 wpa_ptk_rekey
=ptk_rekey
)
143 dev
.connect(ssid
, psk
=passphrase
, key_mgmt
=key_mgmt
, proto
="WPA2",
144 ieee80211w
="1", scan_freq
="2412",
145 pairwise
=pairwise_cipher
, group
=group_cipher
,
146 wpa_ptk_rekey
=ptk_rekey
)
147 if dev
.get_status_field('bssid') == apdev
[0]['bssid']:
157 if test_connectivity
:
158 hwsim_utils
.test_connectivity(dev
, hapd1ap
)
160 dev
.scan_for_bss(ap2
['bssid'], freq
="2412")
162 for i
in range(0, roams
):
163 logger
.info("Roam to the second AP")
165 dev
.roam_over_ds(ap2
['bssid'], fail_test
=fail_test
)
167 dev
.roam(ap2
['bssid'], fail_test
=fail_test
)
170 if dev
.get_status_field('bssid') != ap2
['bssid']:
171 raise Exception("Did not connect to correct AP")
172 if (i
== 0 or i
== roams
- 1) and test_connectivity
:
173 hwsim_utils
.test_connectivity(dev
, hapd2ap
)
175 logger
.info("Roam back to the first AP")
177 dev
.roam_over_ds(ap1
['bssid'])
179 dev
.roam(ap1
['bssid'])
180 if dev
.get_status_field('bssid') != ap1
['bssid']:
181 raise Exception("Did not connect to correct AP")
182 if (i
== 0 or i
== roams
- 1) and test_connectivity
:
183 hwsim_utils
.test_connectivity(dev
, hapd1ap
)
185 def test_ap_ft(dev
, apdev
):
188 passphrase
="12345678"
190 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
191 hapd0
= hostapd
.add_ap(apdev
[0], params
)
192 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
193 hapd1
= hostapd
.add_ap(apdev
[1], params
)
195 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
196 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
197 raise Exception("Scan results missing RSN element info")
199 def test_ap_ft_old_key(dev
, apdev
):
200 """WPA2-PSK-FT AP (old key)"""
202 passphrase
="12345678"
204 params
= ft_params1_old_key(ssid
=ssid
, passphrase
=passphrase
)
205 hapd0
= hostapd
.add_ap(apdev
[0], params
)
206 params
= ft_params2_old_key(ssid
=ssid
, passphrase
=passphrase
)
207 hapd1
= hostapd
.add_ap(apdev
[1], params
)
209 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
211 def test_ap_ft_multi_akm(dev
, apdev
):
212 """WPA2-PSK-FT AP with non-FT AKMs enabled"""
214 passphrase
="12345678"
216 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
217 params
["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256"
218 hapd0
= hostapd
.add_ap(apdev
[0], params
)
219 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
220 params
["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256"
221 hapd1
= hostapd
.add_ap(apdev
[1], params
)
223 Wlantest
.setup(hapd0
)
226 wt
.add_passphrase(passphrase
)
228 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
229 if "[WPA2-PSK+FT/PSK+PSK-SHA256-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
230 raise Exception("Scan results missing RSN element info")
231 dev
[1].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
232 dev
[2].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK-SHA256",
235 def test_ap_ft_local_key_gen(dev
, apdev
):
236 """WPA2-PSK-FT AP with local key generation (without pull/push)"""
238 passphrase
="12345678"
240 params
= ft_params1a(ssid
=ssid
, passphrase
=passphrase
)
241 params
['ft_psk_generate_local'] = "1";
242 del params
['pmk_r1_push']
243 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
244 params
= ft_params2a(ssid
=ssid
, passphrase
=passphrase
)
245 params
['ft_psk_generate_local'] = "1";
246 del params
['pmk_r1_push']
247 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
249 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
250 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
251 raise Exception("Scan results missing RSN element info")
253 def test_ap_ft_many(dev
, apdev
):
254 """WPA2-PSK-FT AP multiple times"""
256 passphrase
="12345678"
258 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
259 hapd0
= hostapd
.add_ap(apdev
[0], params
)
260 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
261 hapd1
= hostapd
.add_ap(apdev
[1], params
)
263 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, roams
=50)
265 def test_ap_ft_mixed(dev
, apdev
):
266 """WPA2-PSK-FT mixed-mode AP"""
267 ssid
= "test-ft-mixed"
268 passphrase
="12345678"
270 params
= ft_params1(rsn
=False, ssid
=ssid
, passphrase
=passphrase
)
271 hapd
= hostapd
.add_ap(apdev
[0], params
)
272 key_mgmt
= hapd
.get_config()['key_mgmt']
273 vals
= key_mgmt
.split(' ')
274 if vals
[0] != "WPA-PSK" or vals
[1] != "FT-PSK":
275 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
276 params
= ft_params2(rsn
=False, ssid
=ssid
, passphrase
=passphrase
)
277 hapd1
= hostapd
.add_ap(apdev
[1], params
)
279 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
)
281 def test_ap_ft_pmf(dev
, apdev
):
282 """WPA2-PSK-FT AP with PMF"""
284 passphrase
="12345678"
286 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
287 params
["ieee80211w"] = "2"
288 hapd0
= hostapd
.add_ap(apdev
[0], params
)
289 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
290 params
["ieee80211w"] = "2"
291 hapd1
= hostapd
.add_ap(apdev
[1], params
)
293 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
295 def test_ap_ft_over_ds(dev
, apdev
):
296 """WPA2-PSK-FT AP over DS"""
298 passphrase
="12345678"
300 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
301 hapd0
= hostapd
.add_ap(apdev
[0], params
)
302 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
303 hapd1
= hostapd
.add_ap(apdev
[1], params
)
305 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
306 check_mib(dev
[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"),
307 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4") ])
309 def test_ap_ft_over_ds_disabled(dev
, apdev
):
310 """WPA2-PSK-FT AP over DS disabled"""
312 passphrase
="12345678"
314 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
315 params
['ft_over_ds'] = '0'
316 hapd0
= hostapd
.add_ap(apdev
[0], params
)
317 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
318 params
['ft_over_ds'] = '0'
319 hapd1
= hostapd
.add_ap(apdev
[1], params
)
321 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
324 def test_ap_ft_over_ds_many(dev
, apdev
):
325 """WPA2-PSK-FT AP over DS multiple times"""
327 passphrase
="12345678"
329 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
330 hapd0
= hostapd
.add_ap(apdev
[0], params
)
331 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
332 hapd1
= hostapd
.add_ap(apdev
[1], params
)
334 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
338 def test_ap_ft_over_ds_unknown_target(dev
, apdev
):
341 passphrase
="12345678"
343 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
344 hapd0
= hostapd
.add_ap(apdev
[0], params
)
346 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
348 dev
[0].roam_over_ds("02:11:22:33:44:55", fail_test
=True)
351 def test_ap_ft_over_ds_unexpected(dev
, apdev
):
352 """WPA2-PSK-FT AP over DS and unexpected response"""
354 passphrase
="12345678"
356 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
357 hapd0
= hostapd
.add_ap(apdev
[0], params
)
358 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
359 hapd1
= hostapd
.add_ap(apdev
[1], params
)
361 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
363 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
374 addr
= dev
[0].own_addr()
375 hapd1ap
.set("ext_mgmt_frame_handling", "1")
376 logger
.info("Foreign STA address")
380 msg
['sa'] = ap1
['bssid']
381 msg
['bssid'] = ap1
['bssid']
382 msg
['payload'] = binascii
.unhexlify("06021122334455660102030405060000")
385 logger
.info("No over-the-DS in progress")
386 msg
['payload'] = binascii
.unhexlify("0602" + addr
.replace(':', '') + "0102030405060000")
389 logger
.info("Non-zero status code")
390 msg
['payload'] = binascii
.unhexlify("0602" + addr
.replace(':', '') + "0102030405060100")
393 hapd1ap
.dump_monitor()
395 dev
[0].scan_for_bss(ap2
['bssid'], freq
="2412")
396 if "OK" not in dev
[0].request("FT_DS " + ap2
['bssid']):
397 raise Exception("FT_DS failed")
399 req
= hapd1ap
.mgmt_rx()
401 logger
.info("Foreign Target AP")
402 msg
['payload'] = binascii
.unhexlify("0602" + addr
.replace(':', '') + "0102030405060000")
405 addrs
= addr
.replace(':', '') + ap2
['bssid'].replace(':', '')
407 logger
.info("No IEs")
408 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "0000")
411 logger
.info("Invalid IEs (trigger parsing failure)")
412 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003700")
415 logger
.info("Too short MDIE")
416 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "000036021122")
419 logger
.info("Mobility domain mismatch")
420 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603112201")
423 logger
.info("No FTIE")
424 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201")
427 logger
.info("FTIE SNonce mismatch")
428 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "1000000000000000000000000000000000000000000000000000000000000001" + "030a6e6173322e77312e6669")
431 logger
.info("No R0KH-ID subelem in FTIE")
432 snonce
= binascii
.hexlify(req
['payload'][111:111+32])
433 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b20137520000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
)
436 logger
.info("No R0KH-ID subelem mismatch in FTIE")
437 snonce
= binascii
.hexlify(req
['payload'][111:111+32])
438 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
+ "030a11223344556677889900")
441 logger
.info("No R1KH-ID subelem in FTIE")
442 r0khid
= binascii
.hexlify(req
['payload'][145:145+10])
443 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
+ "030a" + r0khid
)
446 logger
.info("No RSNE")
447 r0khid
= binascii
.hexlify(req
['payload'][145:145+10])
448 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b20137660000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
+ "030a" + r0khid
+ "0106000102030405")
451 def test_ap_ft_pmf_over_ds(dev
, apdev
):
452 """WPA2-PSK-FT AP over DS with PMF"""
454 passphrase
="12345678"
456 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
457 params
["ieee80211w"] = "2"
458 hapd0
= hostapd
.add_ap(apdev
[0], params
)
459 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
460 params
["ieee80211w"] = "2"
461 hapd1
= hostapd
.add_ap(apdev
[1], params
)
463 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
465 def test_ap_ft_over_ds_pull(dev
, apdev
):
466 """WPA2-PSK-FT AP over DS (pull PMK)"""
468 passphrase
="12345678"
470 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
471 params
["pmk_r1_push"] = "0"
472 hapd0
= hostapd
.add_ap(apdev
[0], params
)
473 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
474 params
["pmk_r1_push"] = "0"
475 hapd1
= hostapd
.add_ap(apdev
[1], params
)
477 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
479 def test_ap_ft_over_ds_pull_old_key(dev
, apdev
):
480 """WPA2-PSK-FT AP over DS (pull PMK; old key)"""
482 passphrase
="12345678"
484 params
= ft_params1_old_key(ssid
=ssid
, passphrase
=passphrase
)
485 params
["pmk_r1_push"] = "0"
486 hapd0
= hostapd
.add_ap(apdev
[0], params
)
487 params
= ft_params2_old_key(ssid
=ssid
, passphrase
=passphrase
)
488 params
["pmk_r1_push"] = "0"
489 hapd1
= hostapd
.add_ap(apdev
[1], params
)
491 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
493 def test_ap_ft_sae(dev
, apdev
):
494 """WPA2-PSK-FT-SAE AP"""
495 if "SAE" not in dev
[0].get_capability("auth_alg"):
496 raise HwsimSkip("SAE not supported")
498 passphrase
="12345678"
500 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
501 params
['wpa_key_mgmt'] = "FT-SAE"
502 hapd0
= hostapd
.add_ap(apdev
[0], params
)
503 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
504 params
['wpa_key_mgmt'] = "FT-SAE"
505 hapd
= hostapd
.add_ap(apdev
[1], params
)
506 key_mgmt
= hapd
.get_config()['key_mgmt']
507 if key_mgmt
.split(' ')[0] != "FT-SAE":
508 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
510 dev
[0].request("SET sae_groups ")
511 run_roams(dev
[0], apdev
, hapd0
, hapd
, ssid
, passphrase
, sae
=True)
513 def test_ap_ft_sae_over_ds(dev
, apdev
):
514 """WPA2-PSK-FT-SAE AP over DS"""
515 if "SAE" not in dev
[0].get_capability("auth_alg"):
516 raise HwsimSkip("SAE not supported")
518 passphrase
="12345678"
520 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
521 params
['wpa_key_mgmt'] = "FT-SAE"
522 hapd0
= hostapd
.add_ap(apdev
[0], params
)
523 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
524 params
['wpa_key_mgmt'] = "FT-SAE"
525 hapd1
= hostapd
.add_ap(apdev
[1], params
)
527 dev
[0].request("SET sae_groups ")
528 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, sae
=True,
531 def generic_ap_ft_eap(dev
, apdev
, over_ds
=False, discovery
=False, roams
=1):
533 passphrase
="12345678"
535 radius
= hostapd
.radius_params()
536 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
, discovery
=discovery
)
537 params
['wpa_key_mgmt'] = "FT-EAP"
538 params
["ieee8021x"] = "1"
539 params
= dict(radius
.items() + params
.items())
540 hapd
= hostapd
.add_ap(apdev
[0], params
)
541 key_mgmt
= hapd
.get_config()['key_mgmt']
542 if key_mgmt
.split(' ')[0] != "FT-EAP":
543 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
544 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
, discovery
=discovery
)
545 params
['wpa_key_mgmt'] = "FT-EAP"
546 params
["ieee8021x"] = "1"
547 params
= dict(radius
.items() + params
.items())
548 hapd1
= hostapd
.add_ap(apdev
[1], params
)
550 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
, eap
=True,
551 over_ds
=over_ds
, roams
=roams
)
552 if "[WPA2-FT/EAP-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
553 raise Exception("Scan results missing RSN element info")
554 check_mib(dev
[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-3"),
555 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-3") ])
557 # Verify EAPOL reauthentication after FT protocol
558 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
562 ap
.request("EAPOL_REAUTH " + dev
[0].own_addr())
563 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout
=5)
565 raise Exception("EAP authentication did not start")
566 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout
=5)
568 raise Exception("EAP authentication did not succeed")
570 hwsim_utils
.test_connectivity(dev
[0], ap
)
572 def test_ap_ft_eap(dev
, apdev
):
574 generic_ap_ft_eap(dev
, apdev
)
576 def test_ap_ft_eap_over_ds(dev
, apdev
):
577 """WPA2-EAP-FT AP using over-the-DS"""
578 generic_ap_ft_eap(dev
, apdev
, over_ds
=True)
580 def test_ap_ft_eap_dis(dev
, apdev
):
581 """WPA2-EAP-FT AP with AP discovery"""
582 generic_ap_ft_eap(dev
, apdev
, discovery
=True)
584 def test_ap_ft_eap_dis_over_ds(dev
, apdev
):
585 """WPA2-EAP-FT AP with AP discovery and over-the-DS"""
586 generic_ap_ft_eap(dev
, apdev
, over_ds
=True, discovery
=True)
588 def test_ap_ft_eap_pull(dev
, apdev
):
589 """WPA2-EAP-FT AP (pull PMK)"""
591 passphrase
="12345678"
593 radius
= hostapd
.radius_params()
594 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
595 params
['wpa_key_mgmt'] = "FT-EAP"
596 params
["ieee8021x"] = "1"
597 params
["pmk_r1_push"] = "0"
598 params
= dict(radius
.items() + params
.items())
599 hapd
= hostapd
.add_ap(apdev
[0], params
)
600 key_mgmt
= hapd
.get_config()['key_mgmt']
601 if key_mgmt
.split(' ')[0] != "FT-EAP":
602 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
603 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
604 params
['wpa_key_mgmt'] = "FT-EAP"
605 params
["ieee8021x"] = "1"
606 params
["pmk_r1_push"] = "0"
607 params
= dict(radius
.items() + params
.items())
608 hapd1
= hostapd
.add_ap(apdev
[1], params
)
610 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
, eap
=True)
613 def test_ap_ft_mismatching_rrb_key_push(dev
, apdev
):
614 """WPA2-PSK-FT AP over DS with mismatching RRB key (push)"""
616 passphrase
="12345678"
618 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
619 params
["ieee80211w"] = "2"
620 hapd0
= hostapd
.add_ap(apdev
[0], params
)
621 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
622 params
["ieee80211w"] = "2"
623 hapd1
= hostapd
.add_ap(apdev
[1], params
)
625 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
629 def test_ap_ft_mismatching_rrb_key_pull(dev
, apdev
):
630 """WPA2-PSK-FT AP over DS with mismatching RRB key (pull)"""
632 passphrase
="12345678"
634 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
635 params
["pmk_r1_push"] = "0"
636 hapd0
= hostapd
.add_ap(apdev
[0], params
)
637 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
638 params
["pmk_r1_push"] = "0"
639 hapd1
= hostapd
.add_ap(apdev
[1], params
)
641 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
645 def test_ap_ft_mismatching_r0kh_id_pull(dev
, apdev
):
646 """WPA2-PSK-FT AP over DS with mismatching R0KH-ID (pull)"""
648 passphrase
="12345678"
650 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
651 params
["pmk_r1_push"] = "0"
652 params
["nas_identifier"] = "nas0.w1.fi"
653 hostapd
.add_ap(apdev
[0], params
)
654 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
657 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
658 params
["pmk_r1_push"] = "0"
659 hostapd
.add_ap(apdev
[1], params
)
661 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
662 dev
[0].roam_over_ds(apdev
[1]['bssid'], fail_test
=True)
665 def test_ap_ft_mismatching_rrb_r0kh_push(dev
, apdev
):
666 """WPA2-PSK-FT AP over DS with mismatching R0KH key (push)"""
668 passphrase
="12345678"
670 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
671 params
["ieee80211w"] = "2"
672 hapd0
= hostapd
.add_ap(apdev
[0], params
)
673 params
= ft_params2_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
674 params
["ieee80211w"] = "2"
675 hapd1
= hostapd
.add_ap(apdev
[1], params
)
677 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
681 def test_ap_ft_mismatching_rrb_r0kh_pull(dev
, apdev
):
682 """WPA2-PSK-FT AP over DS with mismatching R0KH key (pull)"""
684 passphrase
="12345678"
686 params
= ft_params1_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
687 params
["pmk_r1_push"] = "0"
688 hapd0
= hostapd
.add_ap(apdev
[0], params
)
689 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
690 params
["pmk_r1_push"] = "0"
691 hapd1
= hostapd
.add_ap(apdev
[1], params
)
693 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
696 def test_ap_ft_mismatching_rrb_key_push_eap(dev
, apdev
):
697 """WPA2-EAP-FT AP over DS with mismatching RRB key (push)"""
699 passphrase
="12345678"
701 radius
= hostapd
.radius_params()
702 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
703 params
["ieee80211w"] = "2";
704 params
['wpa_key_mgmt'] = "FT-EAP"
705 params
["ieee8021x"] = "1"
706 params
= dict(radius
.items() + params
.items())
707 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
708 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
709 params
["ieee80211w"] = "2";
710 params
['wpa_key_mgmt'] = "FT-EAP"
711 params
["ieee8021x"] = "1"
712 params
= dict(radius
.items() + params
.items())
713 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
715 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
716 fail_test
=True, eap
=True)
718 def test_ap_ft_mismatching_rrb_key_pull_eap(dev
, apdev
):
719 """WPA2-EAP-FT AP over DS with mismatching RRB key (pull)"""
721 passphrase
="12345678"
723 radius
= hostapd
.radius_params()
724 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
725 params
["pmk_r1_push"] = "0"
726 params
['wpa_key_mgmt'] = "FT-EAP"
727 params
["ieee8021x"] = "1"
728 params
= dict(radius
.items() + params
.items())
729 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
730 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
731 params
["pmk_r1_push"] = "0"
732 params
['wpa_key_mgmt'] = "FT-EAP"
733 params
["ieee8021x"] = "1"
734 params
= dict(radius
.items() + params
.items())
735 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
737 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
738 fail_test
=True, eap
=True)
740 def test_ap_ft_mismatching_r0kh_id_pull_eap(dev
, apdev
):
741 """WPA2-EAP-FT AP over DS with mismatching R0KH-ID (pull)"""
743 passphrase
="12345678"
745 radius
= hostapd
.radius_params()
746 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
747 params
["pmk_r1_push"] = "0"
748 params
["nas_identifier"] = "nas0.w1.fi"
749 params
['wpa_key_mgmt'] = "FT-EAP"
750 params
["ieee8021x"] = "1"
751 params
= dict(radius
.items() + params
.items())
752 hostapd
.add_ap(apdev
[0]['ifname'], params
)
753 dev
[0].connect(ssid
, key_mgmt
="FT-EAP", proto
="WPA2", ieee80211w
="1",
754 eap
="GPSK", identity
="gpsk user",
755 password
="abcdefghijklmnop0123456789abcdef",
758 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
759 params
["pmk_r1_push"] = "0"
760 params
['wpa_key_mgmt'] = "FT-EAP"
761 params
["ieee8021x"] = "1"
762 params
= dict(radius
.items() + params
.items())
763 hostapd
.add_ap(apdev
[1]['ifname'], params
)
765 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
766 dev
[0].roam_over_ds(apdev
[1]['bssid'], fail_test
=True)
768 def test_ap_ft_mismatching_rrb_r0kh_push_eap(dev
, apdev
):
769 """WPA2-EAP-FT AP over DS with mismatching R0KH key (push)"""
771 passphrase
="12345678"
773 radius
= hostapd
.radius_params()
774 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
775 params
["ieee80211w"] = "2";
776 params
['wpa_key_mgmt'] = "FT-EAP"
777 params
["ieee8021x"] = "1"
778 params
= dict(radius
.items() + params
.items())
779 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
780 params
= ft_params2_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
781 params
["ieee80211w"] = "2";
782 params
['wpa_key_mgmt'] = "FT-EAP"
783 params
["ieee8021x"] = "1"
784 params
= dict(radius
.items() + params
.items())
785 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
787 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
788 fail_test
=True, eap
=True)
790 def test_ap_ft_mismatching_rrb_r0kh_pull_eap(dev
, apdev
):
791 """WPA2-EAP-FT AP over DS with mismatching R0KH key (pull)"""
793 passphrase
="12345678"
795 radius
= hostapd
.radius_params()
796 params
= ft_params1_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
797 params
["pmk_r1_push"] = "0"
798 params
['wpa_key_mgmt'] = "FT-EAP"
799 params
["ieee8021x"] = "1"
800 params
= dict(radius
.items() + params
.items())
801 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
802 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
803 params
["pmk_r1_push"] = "0"
804 params
['wpa_key_mgmt'] = "FT-EAP"
805 params
["ieee8021x"] = "1"
806 params
= dict(radius
.items() + params
.items())
807 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
809 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
810 fail_test
=True, eap
=True)
812 def test_ap_ft_gtk_rekey(dev
, apdev
):
813 """WPA2-PSK-FT AP and GTK rekey"""
815 passphrase
="12345678"
817 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
818 params
['wpa_group_rekey'] = '1'
819 hapd
= hostapd
.add_ap(apdev
[0], params
)
821 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
822 ieee80211w
="1", scan_freq
="2412")
824 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
826 raise Exception("GTK rekey timed out after initial association")
827 hwsim_utils
.test_connectivity(dev
[0], hapd
)
829 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
830 params
['wpa_group_rekey'] = '1'
831 hapd1
= hostapd
.add_ap(apdev
[1], params
)
833 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
834 dev
[0].roam(apdev
[1]['bssid'])
835 if dev
[0].get_status_field('bssid') != apdev
[1]['bssid']:
836 raise Exception("Did not connect to correct AP")
837 hwsim_utils
.test_connectivity(dev
[0], hapd1
)
839 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
841 raise Exception("GTK rekey timed out after FT protocol")
842 hwsim_utils
.test_connectivity(dev
[0], hapd1
)
844 def test_ft_psk_key_lifetime_in_memory(dev
, apdev
, params
):
845 """WPA2-PSK-FT and key lifetime in memory"""
847 passphrase
="04c2726b4b8d5f1b4db9c07aa4d9e9d8f765cb5d25ec817e6cc4fcdd5255db0"
848 psk
= '93c90846ff67af9037ed83fb72b63dbeddaa81d47f926c20909b5886f1d9358d'
849 pmk
= binascii
.unhexlify(psk
)
850 p
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
851 hapd0
= hostapd
.add_ap(apdev
[0], p
)
852 p
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
853 hapd1
= hostapd
.add_ap(apdev
[1], p
)
855 pid
= find_wpas_process(dev
[0])
857 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
859 # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
860 # event has been delivered, so verify that wpa_supplicant has returned to
861 # eloop before reading process memory.
865 buf
= read_process_memory(pid
, pmk
)
867 dev
[0].request("DISCONNECT")
868 dev
[0].wait_disconnected()
875 with
open(os
.path
.join(params
['logdir'], 'log0'), 'r') as f
:
876 for l
in f
.readlines():
877 if "FT: PMK-R0 - hexdump" in l
:
878 val
= l
.strip().split(':')[3].replace(' ', '')
879 pmkr0
= binascii
.unhexlify(val
)
880 if "FT: PMK-R1 - hexdump" in l
:
881 val
= l
.strip().split(':')[3].replace(' ', '')
882 pmkr1
= binascii
.unhexlify(val
)
883 if "FT: KCK - hexdump" in l
:
884 val
= l
.strip().split(':')[3].replace(' ', '')
885 kck
= binascii
.unhexlify(val
)
886 if "FT: KEK - hexdump" in l
:
887 val
= l
.strip().split(':')[3].replace(' ', '')
888 kek
= binascii
.unhexlify(val
)
889 if "FT: TK - hexdump" in l
:
890 val
= l
.strip().split(':')[3].replace(' ', '')
891 tk
= binascii
.unhexlify(val
)
892 if "WPA: Group Key - hexdump" in l
:
893 val
= l
.strip().split(':')[3].replace(' ', '')
894 gtk
= binascii
.unhexlify(val
)
895 if not pmkr0
or not pmkr1
or not kck
or not kek
or not tk
or not gtk
:
896 raise Exception("Could not find keys from debug log")
898 raise Exception("Unexpected GTK length")
900 logger
.info("Checking keys in memory while associated")
901 get_key_locations(buf
, pmk
, "PMK")
902 get_key_locations(buf
, pmkr0
, "PMK-R0")
903 get_key_locations(buf
, pmkr1
, "PMK-R1")
905 raise HwsimSkip("PMK not found while associated")
907 raise HwsimSkip("PMK-R0 not found while associated")
909 raise HwsimSkip("PMK-R1 not found while associated")
911 raise Exception("KCK not found while associated")
913 raise Exception("KEK not found while associated")
915 raise Exception("TK found from memory")
917 logger
.info("Checking keys in memory after disassociation")
918 buf
= read_process_memory(pid
, pmk
)
919 get_key_locations(buf
, pmk
, "PMK")
920 get_key_locations(buf
, pmkr0
, "PMK-R0")
921 get_key_locations(buf
, pmkr1
, "PMK-R1")
923 # Note: PMK/PSK is still present in network configuration
925 fname
= os
.path
.join(params
['logdir'],
926 'ft_psk_key_lifetime_in_memory.memctx-')
927 verify_not_present(buf
, pmkr0
, fname
, "PMK-R0")
928 verify_not_present(buf
, pmkr1
, fname
, "PMK-R1")
929 verify_not_present(buf
, kck
, fname
, "KCK")
930 verify_not_present(buf
, kek
, fname
, "KEK")
931 verify_not_present(buf
, tk
, fname
, "TK")
933 get_key_locations(buf
, gtk
, "GTK")
934 verify_not_present(buf
, gtk
, fname
, "GTK")
936 dev
[0].request("REMOVE_NETWORK all")
938 logger
.info("Checking keys in memory after network profile removal")
939 buf
= read_process_memory(pid
, pmk
)
940 get_key_locations(buf
, pmk
, "PMK")
941 get_key_locations(buf
, pmkr0
, "PMK-R0")
942 get_key_locations(buf
, pmkr1
, "PMK-R1")
944 verify_not_present(buf
, pmk
, fname
, "PMK")
945 verify_not_present(buf
, pmkr0
, fname
, "PMK-R0")
946 verify_not_present(buf
, pmkr1
, fname
, "PMK-R1")
947 verify_not_present(buf
, kck
, fname
, "KCK")
948 verify_not_present(buf
, kek
, fname
, "KEK")
949 verify_not_present(buf
, tk
, fname
, "TK")
950 verify_not_present(buf
, gtk
, fname
, "GTK")
953 def test_ap_ft_invalid_resp(dev
, apdev
):
954 """WPA2-PSK-FT AP and invalid response IEs"""
956 passphrase
="12345678"
958 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
959 hapd0
= hostapd
.add_ap(apdev
[0], params
)
960 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
963 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
964 hapd1
= hostapd
.add_ap(apdev
[1], params
)
967 # Various IEs for test coverage. The last one is FTIE with invalid
968 # R1KH-ID subelement.
969 "020002000000" + "3800" + "38051122334455" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010100",
970 # FTIE with invalid R0KH-ID subelement (len=0).
971 "020002000000" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010300",
972 # FTIE with invalid R0KH-ID subelement (len=49).
973 "020002000000" + "378500010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001033101020304050607080910111213141516171819202122232425262728293031323334353637383940414243444546474849",
975 "020002000000" + "3000",
976 # Required IEs missing from protected IE count.
977 "020002000000" + "3603a1b201" + "375200010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
978 # RIC missing from protected IE count.
979 "020002000000" + "3603a1b201" + "375200020203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
980 # Protected IE missing.
981 "020002000000" + "3603a1b201" + "375200ff0203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900" + "0000" ]
983 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
984 hapd1
.set("ext_mgmt_frame_handling", "1")
986 if "OK" not in dev
[0].request("ROAM " + apdev
[1]['bssid']):
987 raise Exception("ROAM failed")
990 msg
= hapd1
.mgmt_rx()
991 if msg
['subtype'] == 11:
995 raise Exception("Authentication frame not seen")
998 resp
['fc'] = auth
['fc']
999 resp
['da'] = auth
['sa']
1000 resp
['sa'] = auth
['da']
1001 resp
['bssid'] = auth
['bssid']
1002 resp
['payload'] = binascii
.unhexlify(t
)
1004 hapd1
.set("ext_mgmt_frame_handling", "0")
1005 dev
[0].wait_disconnected()
1007 dev
[0].request("RECONNECT")
1008 dev
[0].wait_connected()
1010 def test_ap_ft_gcmp_256(dev
, apdev
):
1011 """WPA2-PSK-FT AP with GCMP-256 cipher"""
1012 if "GCMP-256" not in dev
[0].get_capability("pairwise"):
1013 raise HwsimSkip("Cipher GCMP-256 not supported")
1015 passphrase
="12345678"
1017 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1018 params
['rsn_pairwise'] = "GCMP-256"
1019 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1020 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1021 params
['rsn_pairwise'] = "GCMP-256"
1022 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1024 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
,
1025 pairwise_cipher
="GCMP-256", group_cipher
="GCMP-256")
1027 def test_ap_ft_oom(dev
, apdev
):
1028 """WPA2-PSK-FT and OOM"""
1029 skip_with_fips(dev
[0])
1031 passphrase
="12345678"
1033 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1034 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1035 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1036 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1038 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1040 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
1041 dst
= apdev
[1]['bssid']
1043 dst
= apdev
[0]['bssid']
1045 dev
[0].scan_for_bss(dst
, freq
="2412")
1046 with
alloc_fail(dev
[0], 1, "wpa_ft_gen_req_ies"):
1048 with
fail_test(dev
[0], 1, "wpa_ft_mic"):
1049 dev
[0].roam(dst
, fail_test
=True)
1050 with
fail_test(dev
[0], 1, "os_get_random;wpa_ft_prepare_auth_request"):
1051 dev
[0].roam(dst
, fail_test
=True)
1053 dev
[0].request("REMOVE_NETWORK all")
1054 with
alloc_fail(dev
[0], 1, "=sme_update_ft_ies"):
1055 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1058 def test_ap_ft_ap_oom(dev
, apdev
):
1059 """WPA2-PSK-FT and AP OOM"""
1061 passphrase
="12345678"
1063 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1064 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1065 bssid0
= hapd0
.own_addr()
1067 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1068 with
alloc_fail(hapd0
, 1, "wpa_ft_store_pmk_r0"):
1069 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1072 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1073 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1074 bssid1
= hapd1
.own_addr()
1075 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1076 # This roam will fail due to missing PMK-R0 (OOM prevented storing it)
1079 def test_ap_ft_ap_oom2(dev
, apdev
):
1080 """WPA2-PSK-FT and AP OOM 2"""
1082 passphrase
="12345678"
1084 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1085 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1086 bssid0
= hapd0
.own_addr()
1088 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1089 with
alloc_fail(hapd0
, 1, "wpa_ft_store_pmk_r1"):
1090 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1093 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1094 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1095 bssid1
= hapd1
.own_addr()
1096 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1098 if dev
[0].get_status_field('bssid') != bssid1
:
1099 raise Exception("Did not roam to AP1")
1100 # This roam will fail due to missing PMK-R1 (OOM prevented storing it)
1103 def test_ap_ft_ap_oom3(dev
, apdev
):
1104 """WPA2-PSK-FT and AP OOM 3"""
1106 passphrase
="12345678"
1108 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1109 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1110 bssid0
= hapd0
.own_addr()
1112 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1113 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1116 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1117 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1118 bssid1
= hapd1
.own_addr()
1119 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1120 with
alloc_fail(hapd1
, 1, "wpa_ft_pull_pmk_r1"):
1121 # This will fail due to not being able to send out PMK-R1 pull request
1124 with
fail_test(hapd1
, 2, "os_get_random;wpa_ft_pull_pmk_r1"):
1125 # This will fail due to not being able to send out PMK-R1 pull request
1128 with
fail_test(hapd1
, 2, "aes_siv_encrypt;wpa_ft_pull_pmk_r1"):
1129 # This will fail due to not being able to send out PMK-R1 pull request
1132 def test_ap_ft_ap_oom3b(dev
, apdev
):
1133 """WPA2-PSK-FT and AP OOM 3b"""
1135 passphrase
="12345678"
1137 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1138 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1139 bssid0
= hapd0
.own_addr()
1141 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1142 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1145 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1146 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1147 bssid1
= hapd1
.own_addr()
1148 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1149 with
fail_test(hapd1
, 1, "os_get_random;wpa_ft_pull_pmk_r1"):
1150 # This will fail due to not being able to send out PMK-R1 pull request
1153 def test_ap_ft_ap_oom4(dev
, apdev
):
1154 """WPA2-PSK-FT and AP OOM 4"""
1156 passphrase
="12345678"
1158 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1159 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1160 bssid0
= hapd0
.own_addr()
1162 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1163 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1166 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1167 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1168 bssid1
= hapd1
.own_addr()
1169 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1170 with
alloc_fail(hapd1
, 1, "wpa_ft_gtk_subelem"):
1172 if dev
[0].get_status_field('bssid') != bssid1
:
1173 raise Exception("Did not roam to AP1")
1175 with
fail_test(hapd0
, 1, "wpa_auth_get_seqnum;wpa_ft_gtk_subelem"):
1177 if dev
[0].get_status_field('bssid') != bssid0
:
1178 raise Exception("Did not roam to AP0")
1180 with
fail_test(hapd0
, 1, "aes_wrap;wpa_ft_gtk_subelem"):
1182 if dev
[0].get_status_field('bssid') != bssid1
:
1183 raise Exception("Did not roam to AP1")
1185 def test_ap_ft_ap_oom5(dev
, apdev
):
1186 """WPA2-PSK-FT and AP OOM 5"""
1188 passphrase
="12345678"
1190 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1191 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1192 bssid0
= hapd0
.own_addr()
1194 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1195 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1198 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1199 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1200 bssid1
= hapd1
.own_addr()
1201 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1202 with
alloc_fail(hapd1
, 1, "=wpa_ft_process_auth_req"):
1203 # This will fail to roam
1206 with
fail_test(hapd1
, 1, "os_get_random;wpa_ft_process_auth_req"):
1207 # This will fail to roam
1210 with
fail_test(hapd1
, 1, "sha256_prf_bits;wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
1211 # This will fail to roam
1214 with
fail_test(hapd1
, 3, "wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
1215 # This will fail to roam
1218 with
fail_test(hapd1
, 1, "wpa_derive_pmk_r1_name;wpa_ft_process_auth_req"):
1219 # This will fail to roam
1222 def test_ap_ft_ap_oom6(dev
, apdev
):
1223 """WPA2-PSK-FT and AP OOM 6"""
1225 passphrase
="12345678"
1227 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1228 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1229 bssid0
= hapd0
.own_addr()
1231 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1232 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r0;wpa_auth_derive_ptk_ft"):
1233 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1235 dev
[0].request("REMOVE_NETWORK all")
1236 dev
[0].wait_disconnected()
1237 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r1;wpa_auth_derive_ptk_ft"):
1238 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1240 dev
[0].request("REMOVE_NETWORK all")
1241 dev
[0].wait_disconnected()
1242 with
fail_test(hapd0
, 1, "wpa_pmk_r1_to_ptk;wpa_auth_derive_ptk_ft"):
1243 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1246 def test_ap_ft_ap_oom7(dev
, apdev
):
1247 """WPA2-PSK-FT and AP OOM 7"""
1249 passphrase
="12345678"
1251 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1252 params
["ieee80211w"] = "2"
1253 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1254 bssid0
= hapd0
.own_addr()
1256 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1257 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1258 ieee80211w
="2", scan_freq
="2412")
1260 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1261 params
["ieee80211w"] = "2"
1262 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1263 bssid1
= hapd1
.own_addr()
1264 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1265 with
alloc_fail(hapd1
, 1, "wpa_ft_igtk_subelem"):
1266 # This will fail to roam
1268 with
fail_test(hapd1
, 1, "aes_wrap;wpa_ft_igtk_subelem"):
1269 # This will fail to roam
1271 with
alloc_fail(hapd1
, 1, "=wpa_sm_write_assoc_resp_ies"):
1272 # This will fail to roam
1274 with
fail_test(hapd1
, 1, "wpa_ft_mic;wpa_sm_write_assoc_resp_ies"):
1275 # This will fail to roam
1278 def test_ap_ft_ap_oom8(dev
, apdev
):
1279 """WPA2-PSK-FT and AP OOM 8"""
1281 passphrase
="12345678"
1283 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1284 params
['ft_psk_generate_local'] = "1";
1285 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1286 bssid0
= hapd0
.own_addr()
1288 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1289 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1292 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1293 params
['ft_psk_generate_local'] = "1";
1294 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1295 bssid1
= hapd1
.own_addr()
1296 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1297 with
fail_test(hapd1
, 1, "wpa_derive_pmk_r0;wpa_ft_psk_pmk_r1"):
1298 # This will fail to roam
1300 with
fail_test(hapd1
, 1, "wpa_derive_pmk_r1;wpa_ft_psk_pmk_r1"):
1301 # This will fail to roam
1304 def test_ap_ft_ap_oom9(dev
, apdev
):
1305 """WPA2-PSK-FT and AP OOM 9"""
1307 passphrase
="12345678"
1309 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1310 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1311 bssid0
= hapd0
.own_addr()
1313 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1314 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1317 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1318 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1319 bssid1
= hapd1
.own_addr()
1320 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1322 with
alloc_fail(hapd0
, 1, "wpa_ft_action_rx"):
1323 # This will fail to roam
1324 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1325 raise Exception("FT_DS failed")
1326 wait_fail_trigger(hapd0
, "GET_ALLOC_FAIL")
1328 with
alloc_fail(hapd1
, 1, "wpa_ft_rrb_rx_request"):
1329 # This will fail to roam
1330 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1331 raise Exception("FT_DS failed")
1332 wait_fail_trigger(hapd1
, "GET_ALLOC_FAIL")
1334 with
alloc_fail(hapd1
, 1, "wpa_ft_send_rrb_auth_resp"):
1335 # This will fail to roam
1336 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1337 raise Exception("FT_DS failed")
1338 wait_fail_trigger(hapd1
, "GET_ALLOC_FAIL")
1340 def test_ap_ft_ap_oom10(dev
, apdev
):
1341 """WPA2-PSK-FT and AP OOM 10"""
1343 passphrase
="12345678"
1345 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1346 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1347 bssid0
= hapd0
.own_addr()
1349 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1350 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1353 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1354 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1355 bssid1
= hapd1
.own_addr()
1356 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1358 with
fail_test(hapd0
, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_pull"):
1359 # This will fail to roam
1360 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1361 raise Exception("FT_DS failed")
1362 wait_fail_trigger(hapd0
, "GET_FAIL")
1364 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r1;wpa_ft_rrb_rx_pull"):
1365 # This will fail to roam
1366 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1367 raise Exception("FT_DS failed")
1368 wait_fail_trigger(hapd0
, "GET_FAIL")
1370 with
fail_test(hapd0
, 1, "aes_siv_encrypt;wpa_ft_rrb_rx_pull"):
1371 # This will fail to roam
1372 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1373 raise Exception("FT_DS failed")
1374 wait_fail_trigger(hapd0
, "GET_FAIL")
1376 with
fail_test(hapd1
, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_resp"):
1377 # This will fail to roam
1378 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1379 raise Exception("FT_DS failed")
1380 wait_fail_trigger(hapd1
, "GET_FAIL")
1382 def test_ap_ft_ap_oom11(dev
, apdev
):
1383 """WPA2-PSK-FT and AP OOM 11"""
1385 passphrase
="12345678"
1387 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1388 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1389 bssid0
= hapd0
.own_addr()
1391 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1392 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r1;wpa_ft_generate_pmk_r1"):
1393 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1395 wait_fail_trigger(hapd0
, "GET_FAIL")
1397 dev
[1].scan_for_bss(bssid0
, freq
="2412")
1398 with
fail_test(hapd0
, 1, "aes_siv_encrypt;wpa_ft_generate_pmk_r1"):
1399 dev
[1].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1401 wait_fail_trigger(hapd0
, "GET_FAIL")
1403 def test_ap_ft_over_ds_proto_ap(dev
, apdev
):
1404 """WPA2-PSK-FT AP over DS protocol testing for AP processing"""
1406 passphrase
="12345678"
1408 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1409 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1410 bssid0
= hapd0
.own_addr()
1411 _bssid0
= bssid0
.replace(':', '')
1412 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1414 addr
= dev
[0].own_addr()
1415 _addr
= addr
.replace(':', '')
1417 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1418 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1419 bssid1
= hapd1
.own_addr()
1420 _bssid1
= bssid1
.replace(':', '')
1422 hapd0
.set("ext_mgmt_frame_handling", "1")
1423 hdr
= "d0003a01" + _bssid0
+ _addr
+ _bssid0
+ "1000"
1424 valid
= "0601" + _addr
+ _bssid1
1427 "0601" + _addr
+ _bssid0
,
1428 "0601" + _addr
+ "ffffffffffff",
1429 "0601" + _bssid0
+ _bssid0
,
1434 valid
+ "3603ffffff",
1435 valid
+ "3603a1b2ff",
1436 valid
+ "3603a1b2ff" + "3700",
1437 valid
+ "3603a1b2ff" + "37520000" + 16*"00" + 32*"00" + 32*"00",
1438 valid
+ "3603a1b2ff" + "37520001" + 16*"00" + 32*"00" + 32*"00",
1439 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa",
1440 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "3000",
1441 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000facff00000100a225368fe0983b5828a37a0acb37f253",
1442 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac030100000fac0400000100a225368fe0983b5828a37a0acb37f253",
1443 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000fac0400000100a225368fe0983b5828a37a0acb37f253",
1446 hapd0
.dump_monitor()
1447 if "OK" not in hapd0
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr
+ t
):
1448 raise Exception("MGMT_RX_PROCESS failed")
1450 hapd0
.set("ext_mgmt_frame_handling", "0")
1452 def test_ap_ft_over_ds_proto(dev
, apdev
):
1453 """WPA2-PSK-FT AP over DS protocol testing"""
1455 passphrase
="12345678"
1457 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1458 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1459 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1462 # FT Action Response while no FT-over-DS in progress
1465 msg
['da'] = dev
[0].own_addr()
1466 msg
['sa'] = apdev
[0]['bssid']
1467 msg
['bssid'] = apdev
[0]['bssid']
1468 msg
['payload'] = binascii
.unhexlify("06020200000000000200000004000000")
1471 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1472 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1473 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
1474 hapd0
.set("ext_mgmt_frame_handling", "1")
1475 hapd0
.dump_monitor()
1476 dev
[0].request("FT_DS " + apdev
[1]['bssid'])
1477 for i
in range(0, 10):
1478 req
= hapd0
.mgmt_rx()
1480 raise Exception("MGMT RX wait timed out")
1481 if req
['subtype'] == 13:
1485 raise Exception("FT Action frame not received")
1487 # FT Action Response for unexpected Target AP
1488 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "f20000000400" + "0000")
1491 # FT Action Response without MDIE
1492 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "020000000400" + "0000")
1495 # FT Action Response without FTIE
1496 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201")
1499 # FT Action Response with FTIE SNonce mismatch
1500 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201" + "3766000000000000000000000000000000000000c4e67ac1999bebd00ff4ae4d5dcaf87896bb060b469f7c78d49623fb395c3455ffffff6b693fe6f8d8c5dfac0a22344750775bd09437f98b238c9f87b97f790c0106000102030406030a6e6173312e77312e6669")
1504 def test_ap_ft_rrb(dev
, apdev
):
1505 """WPA2-PSK-FT RRB protocol testing"""
1507 passphrase
="12345678"
1509 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1510 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1512 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1515 _dst_ll
= binascii
.unhexlify(apdev
[0]['bssid'].replace(':',''))
1516 _src_ll
= binascii
.unhexlify(dev
[0].own_addr().replace(':',''))
1518 ehdr
= _dst_ll
+ _src_ll
+ proto
1520 # Too short RRB frame
1522 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1523 raise Exception("DATA_TEST_FRAME failed")
1525 # RRB discarded frame wikth unrecognized type
1526 pkt
= ehdr
+ '\x02' + '\x02' + '\x01\x00' + _src_ll
1527 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1528 raise Exception("DATA_TEST_FRAME failed")
1530 # RRB frame too short for action frame
1531 pkt
= ehdr
+ '\x01' + '\x02' + '\x01\x00' + _src_ll
1532 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1533 raise Exception("DATA_TEST_FRAME failed")
1535 # Too short RRB frame (not enough room for Action Frame body)
1536 pkt
= ehdr
+ '\x01' + '\x02' + '\x00\x00' + _src_ll
1537 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1538 raise Exception("DATA_TEST_FRAME failed")
1540 # Unexpected Action frame category
1541 pkt
= ehdr
+ '\x01' + '\x02' + '\x0e\x00' + _src_ll
+ '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1542 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1543 raise Exception("DATA_TEST_FRAME failed")
1545 # Unexpected Action in RRB Request
1546 pkt
= ehdr
+ '\x01' + '\x00' + '\x0e\x00' + _src_ll
+ '\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1547 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1548 raise Exception("DATA_TEST_FRAME failed")
1550 # Target AP address in RRB Request does not match with own address
1551 pkt
= ehdr
+ '\x01' + '\x00' + '\x0e\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1552 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1553 raise Exception("DATA_TEST_FRAME failed")
1555 # Not enough room for status code in RRB Response
1556 pkt
= ehdr
+ '\x01' + '\x01' + '\x0e\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1557 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1558 raise Exception("DATA_TEST_FRAME failed")
1560 # RRB discarded frame with unknown packet_type
1561 pkt
= ehdr
+ '\x01' + '\x02' + '\x0e\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1562 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1563 raise Exception("DATA_TEST_FRAME failed")
1565 # RRB Response with non-zero status code; no STA match
1566 pkt
= ehdr
+ '\x01' + '\x01' + '\x10\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + '\xff\xff'
1567 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1568 raise Exception("DATA_TEST_FRAME failed")
1570 # RRB Response with zero status code and extra data; STA match
1571 pkt
= ehdr
+ '\x01' + '\x01' + '\x11\x00' + _src_ll
+ '\x06\x01' + _src_ll
+ '\x00\x00\x00\x00\x00\x00' + '\x00\x00' + '\x00'
1572 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1573 raise Exception("DATA_TEST_FRAME failed")
1575 # Too short PMK-R1 pull
1576 pkt
= ehdr
+ '\x01' + '\xc8' + '\x0e\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1577 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1578 raise Exception("DATA_TEST_FRAME failed")
1580 # Too short PMK-R1 resp
1581 pkt
= ehdr
+ '\x01' + '\xc9' + '\x0e\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1582 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1583 raise Exception("DATA_TEST_FRAME failed")
1585 # Too short PMK-R1 push
1586 pkt
= ehdr
+ '\x01' + '\xca' + '\x0e\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1587 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1588 raise Exception("DATA_TEST_FRAME failed")
1590 # No matching R0KH address found for PMK-R0 pull response
1591 pkt
= ehdr
+ '\x01' + '\xc9' + '\x5a\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + 76*'\00'
1592 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1593 raise Exception("DATA_TEST_FRAME failed")
1596 def test_rsn_ie_proto_ft_psk_sta(dev
, apdev
):
1597 """RSN element protocol testing for FT-PSK + PMF cases on STA side"""
1598 bssid
= apdev
[0]['bssid']
1600 passphrase
="12345678"
1602 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1603 params
["ieee80211w"] = "1"
1604 # This is the RSN element used normally by hostapd
1605 params
['own_ie_override'] = '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'
1606 hapd
= hostapd
.add_ap(apdev
[0], params
)
1607 id = dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1608 ieee80211w
="1", scan_freq
="2412",
1609 pairwise
="CCMP", group
="CCMP")
1611 tests
= [ ('PMKIDCount field included',
1612 '30160100000fac040100000fac040100000fac048c000000' + '3603a1b201'),
1613 ('Extra IE before RSNE',
1614 'dd0400000000' + '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'),
1615 ('PMKIDCount and Group Management Cipher suite fields included',
1616 '301a0100000fac040100000fac040100000fac048c000000000fac06' + '3603a1b201'),
1617 ('Extra octet after defined fields (future extensibility)',
1618 '301b0100000fac040100000fac040100000fac048c000000000fac0600' + '3603a1b201'),
1619 ('No RSN Capabilities field (PMF disabled in practice)',
1620 '30120100000fac040100000fac040100000fac04' + '3603a1b201') ]
1621 for txt
,ie
in tests
:
1622 dev
[0].request("DISCONNECT")
1623 dev
[0].wait_disconnected()
1626 hapd
.set('own_ie_override', ie
)
1628 dev
[0].request("BSS_FLUSH 0")
1629 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
1630 dev
[0].select_network(id, freq
=2412)
1631 dev
[0].wait_connected()
1633 dev
[0].request("DISCONNECT")
1634 dev
[0].wait_disconnected()
1636 logger
.info('Invalid RSNE causing internal hostapd error')
1638 hapd
.set('own_ie_override', '30130100000fac040100000fac040100000fac048c' + '3603a1b201')
1640 dev
[0].request("BSS_FLUSH 0")
1641 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
1642 dev
[0].select_network(id, freq
=2412)
1643 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
1645 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=1)
1647 raise Exception("Unexpected connection")
1648 dev
[0].request("DISCONNECT")
1650 logger
.info('Unexpected PMKID causing internal hostapd error')
1652 hapd
.set('own_ie_override', '30260100000fac040100000fac040100000fac048c000100ffffffffffffffffffffffffffffffff' + '3603a1b201')
1654 dev
[0].request("BSS_FLUSH 0")
1655 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
1656 dev
[0].select_network(id, freq
=2412)
1657 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
1659 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=1)
1661 raise Exception("Unexpected connection")
1662 dev
[0].request("DISCONNECT")
1664 def test_ap_ft_ptk_rekey(dev
, apdev
):
1665 """WPA2-PSK-FT PTK rekeying triggered by station after roam"""
1667 passphrase
="12345678"
1669 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1670 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1671 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1672 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1674 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, ptk_rekey
="1")
1676 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECTED",
1677 "WPA: Key negotiation completed"], timeout
=5)
1679 raise Exception("No event received after roam")
1680 if "CTRL-EVENT-DISCONNECTED" in ev
:
1681 raise Exception("Unexpected disconnection after roam")
1683 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
1687 hwsim_utils
.test_connectivity(dev
[0], hapd
)
1689 def test_ap_ft_ptk_rekey_ap(dev
, apdev
):
1690 """WPA2-PSK-FT PTK rekeying triggered by AP after roam"""
1692 passphrase
="12345678"
1694 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1695 params
['wpa_ptk_rekey'] = '2'
1696 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1697 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1698 params
['wpa_ptk_rekey'] = '2'
1699 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1701 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
1703 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECTED",
1704 "WPA: Key negotiation completed"], timeout
=5)
1706 raise Exception("No event received after roam")
1707 if "CTRL-EVENT-DISCONNECTED" in ev
:
1708 raise Exception("Unexpected disconnection after roam")
1710 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
1714 hwsim_utils
.test_connectivity(dev
[0], hapd
)
1716 def test_ap_ft_internal_rrb_check(dev
, apdev
):
1717 """RRB internal delivery only to WPA enabled BSS"""
1719 passphrase
="12345678"
1721 radius
= hostapd
.radius_params()
1722 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1723 params
['wpa_key_mgmt'] = "FT-EAP"
1724 params
["ieee8021x"] = "1"
1725 params
= dict(radius
.items() + params
.items())
1726 hapd
= hostapd
.add_ap(apdev
[0], params
)
1727 key_mgmt
= hapd
.get_config()['key_mgmt']
1728 if key_mgmt
.split(' ')[0] != "FT-EAP":
1729 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
1731 hapd1
= hostapd
.add_ap(apdev
[1], { "ssid" : ssid
})
1733 # Connect to WPA enabled AP
1734 dev
[0].connect(ssid
, key_mgmt
="FT-EAP", proto
="WPA2", ieee80211w
="1",
1735 eap
="GPSK", identity
="gpsk user",
1736 password
="abcdefghijklmnop0123456789abcdef",
1739 # Try over_ds roaming to non-WPA-enabled AP.
1740 # If hostapd does not check hapd->wpa_auth internally, it will crash now.
1741 dev
[0].roam_over_ds(apdev
[1]['bssid'], fail_test
=True)
1743 def test_ap_ft_extra_ie(dev
, apdev
):
1744 """WPA2-PSK-FT AP with WPA2-PSK enabled and unexpected MDE"""
1746 passphrase
="12345678"
1748 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1749 params
["wpa_key_mgmt"] = "WPA-PSK FT-PSK"
1750 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1751 dev
[1].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1753 dev
[2].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK", proto
="WPA2",
1756 # Add Mobility Domain element to test AP validation code.
1757 dev
[0].request("VENDOR_ELEM_ADD 13 3603a1b201")
1758 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK", proto
="WPA2",
1759 scan_freq
="2412", wait_connect
=False)
1760 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED",
1761 "CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
1763 raise Exception("No connection result")
1764 if "CTRL-EVENT-CONNECTED" in ev
:
1765 raise Exception("Non-FT association accepted with MDE")
1766 if "status_code=43" not in ev
:
1767 raise Exception("Unexpected status code: " + ev
)
1768 dev
[0].request("DISCONNECT")
1770 dev
[0].request("VENDOR_ELEM_REMOVE 13 *")
1772 def test_ap_ft_ric(dev
, apdev
):
1773 """WPA2-PSK-FT AP and RIC"""
1775 passphrase
="12345678"
1777 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1778 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1779 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1780 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1782 dev
[0].set("ric_ies", "")
1783 dev
[0].set("ric_ies", '""')
1784 if "FAIL" not in dev
[0].request("SET ric_ies q"):
1785 raise Exception("Invalid ric_ies value accepted")
1790 "390400000000" + "390400000000",
1791 "390400000000" + "dd050050f20202",
1792 "390400000000" + "dd3d0050f2020201" + 55*"00",
1793 "390400000000" + "dd3d0050f2020201aa300010270000000000000000000000000000000000000000000000000000ffffff7f00000000000000000000000040420f00ffff0000",
1794 "390401010000" + "dd3d0050f2020201aa3000dc050000000000000000000000000000000000000000000000000000dc050000000000000000000000000000808d5b0028230000" ]
1796 dev
[0].set("ric_ies", t
)
1797 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
,
1798 test_connectivity
=False)
1799 dev
[0].request("REMOVE_NETWORK all")
1800 dev
[0].wait_disconnected()
1801 dev
[0].dump_monitor()
1803 def ie_hex(ies
, id):
1804 return binascii
.hexlify(struct
.pack('BB', id, len(ies
[id])) + ies
[id])
1806 def test_ap_ft_reassoc_proto(dev
, apdev
):
1807 """WPA2-PSK-FT AP Reassociation Request frame parsing"""
1809 passphrase
="12345678"
1811 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1812 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1813 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1814 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1816 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1817 ieee80211w
="1", scan_freq
="2412")
1818 if dev
[0].get_status_field('bssid') == hapd0
.own_addr():
1825 dev
[0].scan_for_bss(hapd2ap
.own_addr(), freq
="2412")
1826 hapd2ap
.set("ext_mgmt_frame_handling", "1")
1827 dev
[0].request("ROAM " + hapd2ap
.own_addr())
1830 req
= hapd2ap
.mgmt_rx()
1831 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']))
1832 if req
['subtype'] == 11:
1836 req
= hapd2ap
.mgmt_rx()
1837 if req
['subtype'] == 2:
1839 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']))
1841 # IEEE 802.11 header + fixed fields before IEs
1842 hdr
= binascii
.hexlify(req
['frame'][0:34])
1843 ies
= parse_ie(binascii
.hexlify(req
['frame'][34:]))
1844 # First elements: SSID, Supported Rates, Extended Supported Rates
1845 ies1
= ie_hex(ies
, 0) + ie_hex(ies
, 1) + ie_hex(ies
, 50)
1847 rsne
= ie_hex(ies
, 48)
1848 mde
= ie_hex(ies
, 54)
1849 fte
= ie_hex(ies
, 55)
1851 # RSN: Trying to use FT, but MDIE not included
1853 # RSN: Attempted to use unknown MDIE
1854 tests
+= [ rsne
+ "3603000000" ]
1855 # Invalid RSN pairwise cipher
1856 tests
+= [ "30260100000fac040100000fac030100000fac040000010029208a42cd25c85aa571567dce10dae3" ]
1857 # FT: No PMKID in RSNIE
1858 tests
+= [ "30160100000fac040100000fac040100000fac0400000000" + ie_hex(ies
, 54) ]
1860 tests
+= [ rsne
+ mde
]
1861 # FT: RIC IE(s) in the frame, but not included in protected IE count
1862 # FT: Failed to parse FT IEs
1863 tests
+= [ rsne
+ mde
+ fte
+ "3900" ]
1864 # FT: SNonce mismatch in FTIE
1865 tests
+= [ rsne
+ mde
+ "37520000" + 16*"00" + 32*"00" + 32*"00" ]
1866 # FT: ANonce mismatch in FTIE
1867 tests
+= [ rsne
+ mde
+ fte
[0:40] + 32*"00" + fte
[104:] ]
1868 # FT: No R0KH-ID subelem in FTIE
1869 tests
+= [ rsne
+ mde
+ "3752" + fte
[4:168] ]
1870 # FT: R0KH-ID in FTIE did not match with the current R0KH-ID
1871 tests
+= [ rsne
+ mde
+ "3755" + fte
[4:168] + "0301ff" ]
1872 # FT: No R1KH-ID subelem in FTIE
1873 tests
+= [ rsne
+ mde
+ "375e" + fte
[4:168] + "030a" + "nas1.w1.fi".encode("hex") ]
1874 # FT: Unknown R1KH-ID used in ReassocReq
1875 tests
+= [ rsne
+ mde
+ "3766" + fte
[4:168] + "030a" + "nas1.w1.fi".encode("hex") + "0106000000000000" ]
1876 # FT: PMKID in Reassoc Req did not match with the PMKR1Name derived from auth request
1877 tests
+= [ rsne
[:-32] + 16*"00" + mde
+ fte
]
1878 # Invalid MIC in FTIE
1879 tests
+= [ rsne
+ mde
+ fte
[0:8] + 16*"00" + fte
[40:] ]
1881 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr
+ ies1
+ t
)
1883 def test_ap_ft_reassoc_local_fail(dev
, apdev
):
1884 """WPA2-PSK-FT AP Reassociation Request frame and local failure"""
1886 passphrase
="12345678"
1888 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1889 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1890 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1891 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1893 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1894 ieee80211w
="1", scan_freq
="2412")
1895 if dev
[0].get_status_field('bssid') == hapd0
.own_addr():
1902 dev
[0].scan_for_bss(hapd2ap
.own_addr(), freq
="2412")
1903 # FT: Failed to calculate MIC
1904 with
fail_test(hapd2ap
, 1, "wpa_ft_validate_reassoc"):
1905 dev
[0].request("ROAM " + hapd2ap
.own_addr())
1906 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
1907 dev
[0].request("DISCONNECT")
1909 raise Exception("Association reject not seen")
1911 def test_ap_ft_reassoc_replay(dev
, apdev
, params
):
1912 """WPA2-PSK-FT AP and replayed Reassociation Request frame"""
1913 capfile
= os
.path
.join(params
['logdir'], "hwsim0.pcapng")
1915 passphrase
="12345678"
1917 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1918 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1919 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1920 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1922 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1924 if dev
[0].get_status_field('bssid') == hapd0
.own_addr():
1931 dev
[0].scan_for_bss(hapd2ap
.own_addr(), freq
="2412")
1932 hapd2ap
.set("ext_mgmt_frame_handling", "1")
1933 dev
[0].dump_monitor()
1934 if "OK" not in dev
[0].request("ROAM " + hapd2ap
.own_addr()):
1935 raise Exception("ROAM failed")
1940 req
= hapd2ap
.mgmt_rx()
1942 hapd2ap
.dump_monitor()
1943 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']))
1944 if req
['subtype'] == 2:
1946 ev
= hapd2ap
.wait_event(["MGMT-TX-STATUS"], timeout
=5)
1948 raise Exception("No TX status seen")
1949 cmd
= "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev
.split(' ')[1:4]))
1950 if "OK" not in hapd2ap
.request(cmd
):
1951 raise Exception("MGMT_TX_STATUS_PROCESS failed")
1953 hapd2ap
.set("ext_mgmt_frame_handling", "0")
1954 if reassocreq
is None:
1955 raise Exception("No Reassociation Request frame seen")
1956 dev
[0].wait_connected()
1957 dev
[0].dump_monitor()
1958 hapd2ap
.dump_monitor()
1960 hwsim_utils
.test_connectivity(dev
[0], hapd2ap
)
1962 logger
.info("Replay the last Reassociation Request frame")
1963 hapd2ap
.dump_monitor()
1964 hapd2ap
.set("ext_mgmt_frame_handling", "1")
1965 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']))
1966 ev
= hapd2ap
.wait_event(["MGMT-TX-STATUS"], timeout
=5)
1968 raise Exception("No TX status seen")
1969 cmd
= "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev
.split(' ')[1:4]))
1970 if "OK" not in hapd2ap
.request(cmd
):
1971 raise Exception("MGMT_TX_STATUS_PROCESS failed")
1972 hapd2ap
.set("ext_mgmt_frame_handling", "0")
1975 hwsim_utils
.test_connectivity(dev
[0], hapd2ap
)
1980 ap
= hapd2ap
.own_addr()
1981 sta
= dev
[0].own_addr()
1982 filt
= "wlan.fc.type == 2 && " + \
1983 "wlan.da == " + sta
+ " && " + \
1985 fields
= [ "wlan.ccmp.extiv" ]
1986 res
= run_tshark(capfile
, filt
, fields
)
1987 vals
= res
.splitlines()
1988 logger
.info("CCMP PN: " + str(vals
))
1990 raise Exception("Could not find all CCMP protected frames from capture")
1991 if len(set(vals
)) < len(vals
):
1992 raise Exception("Duplicate CCMP PN used")
1995 raise Exception("The second hwsim connectivity test failed")