1 # Fast BSS Transition tests
2 # Copyright (c) 2013-2019, Jouni Malinen <j@w1.fi>
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
7 from remotehost
import remote_compatible
12 logger
= logging
.getLogger()
18 from hwsim
import HWSimRadio
20 from tshark
import run_tshark
21 from utils
import HwsimSkip
, alloc_fail
, fail_test
, wait_fail_trigger
, skip_with_fips
, parse_ie
22 from wlantest
import Wlantest
23 from test_ap_psk
import check_mib
, find_wpas_process
, read_process_memory
, verify_not_present
, get_key_locations
24 from test_rrm
import check_beacon_req
28 "wpa_key_mgmt": "FT-PSK",
29 "rsn_pairwise": "CCMP"}
34 "wpa_key_mgmt": "WPA-PSK FT-PSK",
35 "wpa_pairwise": "TKIP",
36 "rsn_pairwise": "CCMP"}
39 def ft_params(rsn
=True, ssid
=None, passphrase
=None):
41 params
= ft_base_rsn()
43 params
= ft_base_mixed()
47 params
["wpa_passphrase"] = passphrase
49 params
["mobility_domain"] = "a1b2"
50 params
["r0_key_lifetime"] = "10000"
51 params
["pmk_r1_push"] = "1"
52 params
["reassociation_deadline"] = "1000"
55 def ft_params1a(rsn
=True, ssid
=None, passphrase
=None):
56 params
= ft_params(rsn
, ssid
, passphrase
)
57 params
['nas_identifier'] = "nas1.w1.fi"
58 params
['r1_key_holder'] = "000102030405"
61 def ft_params1(rsn
=True, ssid
=None, passphrase
=None, discovery
=False):
62 params
= ft_params1a(rsn
, ssid
, passphrase
)
64 params
['r0kh'] = "ff:ff:ff:ff:ff:ff * 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
65 params
['r1kh'] = "00:00:00:00:00:00 00:00:00:00:00:00 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
67 params
['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f",
68 "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"]
69 params
['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f"
72 def ft_params1_old_key(rsn
=True, ssid
=None, passphrase
=None):
73 params
= ft_params1a(rsn
, ssid
, passphrase
)
74 params
['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f",
75 "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f"]
76 params
['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f"
79 def ft_params2a(rsn
=True, ssid
=None, passphrase
=None):
80 params
= ft_params(rsn
, ssid
, passphrase
)
81 params
['nas_identifier'] = "nas2.w1.fi"
82 params
['r1_key_holder'] = "000102030406"
85 def ft_params2(rsn
=True, ssid
=None, passphrase
=None, discovery
=False):
86 params
= ft_params2a(rsn
, ssid
, passphrase
)
88 params
['r0kh'] = "ff:ff:ff:ff:ff:ff * 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
89 params
['r1kh'] = "00:00:00:00:00:00 00:00:00:00:00:00 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
91 params
['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f",
92 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f"]
93 params
['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"
96 def ft_params2_old_key(rsn
=True, ssid
=None, passphrase
=None):
97 params
= ft_params2a(rsn
, ssid
, passphrase
)
98 params
['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f",
99 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f"]
100 params
['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f"
103 def ft_params1_r0kh_mismatch(rsn
=True, ssid
=None, passphrase
=None):
104 params
= ft_params(rsn
, ssid
, passphrase
)
105 params
['nas_identifier'] = "nas1.w1.fi"
106 params
['r1_key_holder'] = "000102030405"
107 params
['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f",
108 "12:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"]
109 params
['r1kh'] = "12:00:00:00:04:00 10:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f"
112 def ft_params2_incorrect_rrb_key(rsn
=True, ssid
=None, passphrase
=None):
113 params
= ft_params(rsn
, ssid
, passphrase
)
114 params
['nas_identifier'] = "nas2.w1.fi"
115 params
['r1_key_holder'] = "000102030406"
116 params
['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0ef1200102030405060708090a0b0c0d0ef1",
117 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0ef2000102030405060708090a0b0c0d0ef2"]
118 params
['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0ef3300102030405060708090a0b0c0d0ef3"
121 def ft_params2_r0kh_mismatch(rsn
=True, ssid
=None, passphrase
=None):
122 params
= ft_params(rsn
, ssid
, passphrase
)
123 params
['nas_identifier'] = "nas2.w1.fi"
124 params
['r1_key_holder'] = "000102030406"
125 params
['r0kh'] = ["12:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f",
126 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f"]
127 params
['r1kh'] = "12:00:00:00:03:00 10:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"
130 def run_roams(dev
, apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=False,
131 sae
=False, eap
=False, fail_test
=False, roams
=1,
132 pairwise_cipher
="CCMP", group_cipher
="TKIP CCMP", ptk_rekey
="0",
133 test_connectivity
=True, eap_identity
="gpsk user", conndev
=False,
134 force_initial_conn_to_first_ap
=False, sha384
=False,
135 group_mgmt
=None, ocv
=None, sae_password
=None,
136 sae_password_id
=None, sae_and_psk
=False, pmksa_caching
=False):
137 logger
.info("Connect to first AP")
140 copts
["proto"] = "WPA2"
141 copts
["ieee80211w"] = "1"
142 copts
["scan_freq"] = "2412"
143 copts
["pairwise"] = pairwise_cipher
144 copts
["group"] = group_cipher
145 copts
["wpa_ptk_rekey"] = ptk_rekey
147 copts
["group_mgmt"] = group_mgmt
151 copts
["key_mgmt"] = "FT-EAP-SHA384" if sha384
else "FT-EAP"
152 copts
["eap"] = "GPSK"
153 copts
["identity"] = eap_identity
154 copts
["password"] = "abcdefghijklmnop0123456789abcdef"
157 copts
["key_mgmt"] = "SAE FT-SAE" if sae_and_psk
else "FT-SAE"
159 copts
["key_mgmt"] = "FT-PSK"
161 copts
["psk"] = passphrase
163 copts
["sae_password"] = sae_password
165 copts
["sae_password_id"] = sae_password_id
166 if force_initial_conn_to_first_ap
:
167 copts
["bssid"] = apdev
[0]['bssid']
168 dev
.connect(ssid
, **copts
)
170 dev
.request("DISCONNECT")
171 dev
.wait_disconnected()
172 dev
.request("RECONNECT")
173 ev
= dev
.wait_event(["CTRL-EVENT-CONNECTED", "CTRL-EVENT-DISCONNECTED"],
176 raise Exception("Reconnect timed out")
177 if "CTRL-EVENT-DISCONNECTED" in ev
:
178 raise Exception("Unexpected disconnection after RECONNECT")
180 if dev
.get_status_field('bssid') == apdev
[0]['bssid']:
190 if test_connectivity
:
192 hwsim_utils
.test_connectivity_iface(dev
, hapd1ap
, conndev
)
194 hwsim_utils
.test_connectivity(dev
, hapd1ap
)
196 dev
.scan_for_bss(ap2
['bssid'], freq
="2412")
198 for i
in range(0, roams
):
199 # Roaming artificially fast can make data test fail because the key is
202 logger
.info("Roam to the second AP")
204 dev
.roam_over_ds(ap2
['bssid'], fail_test
=fail_test
)
206 dev
.roam(ap2
['bssid'], fail_test
=fail_test
)
209 if dev
.get_status_field('bssid') != ap2
['bssid']:
210 raise Exception("Did not connect to correct AP")
211 if (i
== 0 or i
== roams
- 1) and test_connectivity
:
213 hwsim_utils
.test_connectivity_iface(dev
, hapd2ap
, conndev
)
215 hwsim_utils
.test_connectivity(dev
, hapd2ap
)
217 # Roaming artificially fast can make data test fail because the key is
220 logger
.info("Roam back to the first AP")
222 dev
.roam_over_ds(ap1
['bssid'])
224 dev
.roam(ap1
['bssid'])
225 if dev
.get_status_field('bssid') != ap1
['bssid']:
226 raise Exception("Did not connect to correct AP")
227 if (i
== 0 or i
== roams
- 1) and test_connectivity
:
229 hwsim_utils
.test_connectivity_iface(dev
, hapd1ap
, conndev
)
231 hwsim_utils
.test_connectivity(dev
, hapd1ap
)
233 def test_ap_ft(dev
, apdev
):
236 passphrase
= "12345678"
238 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
239 hapd0
= hostapd
.add_ap(apdev
[0], params
)
240 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
241 hapd1
= hostapd
.add_ap(apdev
[1], params
)
243 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
244 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
245 raise Exception("Scan results missing RSN element info")
247 def test_ap_ft_old_key(dev
, apdev
):
248 """WPA2-PSK-FT AP (old key)"""
250 passphrase
= "12345678"
252 params
= ft_params1_old_key(ssid
=ssid
, passphrase
=passphrase
)
253 hapd0
= hostapd
.add_ap(apdev
[0], params
)
254 params
= ft_params2_old_key(ssid
=ssid
, passphrase
=passphrase
)
255 hapd1
= hostapd
.add_ap(apdev
[1], params
)
257 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
259 def test_ap_ft_multi_akm(dev
, apdev
):
260 """WPA2-PSK-FT AP with non-FT AKMs enabled"""
262 passphrase
= "12345678"
264 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
265 params
["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256"
266 hapd0
= hostapd
.add_ap(apdev
[0], params
)
267 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
268 params
["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256"
269 hapd1
= hostapd
.add_ap(apdev
[1], params
)
271 Wlantest
.setup(hapd0
)
274 wt
.add_passphrase(passphrase
)
276 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
277 if "[WPA2-PSK+FT/PSK+PSK-SHA256-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
278 raise Exception("Scan results missing RSN element info")
279 dev
[1].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
280 dev
[2].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK-SHA256",
283 def test_ap_ft_local_key_gen(dev
, apdev
):
284 """WPA2-PSK-FT AP with local key generation (without pull/push)"""
286 passphrase
= "12345678"
288 params
= ft_params1a(ssid
=ssid
, passphrase
=passphrase
)
289 params
['ft_psk_generate_local'] = "1"
290 del params
['pmk_r1_push']
291 hapd0
= hostapd
.add_ap(apdev
[0], params
)
292 params
= ft_params2a(ssid
=ssid
, passphrase
=passphrase
)
293 params
['ft_psk_generate_local'] = "1"
294 del params
['pmk_r1_push']
295 hapd1
= hostapd
.add_ap(apdev
[1], params
)
297 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
298 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
299 raise Exception("Scan results missing RSN element info")
301 def test_ap_ft_vlan(dev
, apdev
):
302 """WPA2-PSK-FT AP with VLAN"""
304 passphrase
= "12345678"
306 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
307 params
['dynamic_vlan'] = "1"
308 params
['accept_mac_file'] = "hostapd.accept"
309 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
311 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
312 params
['dynamic_vlan'] = "1"
313 params
['accept_mac_file'] = "hostapd.accept"
314 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
316 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, conndev
="brvlan1")
317 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
318 raise Exception("Scan results missing RSN element info")
320 def test_ap_ft_vlan_disconnected(dev
, apdev
):
321 """WPA2-PSK-FT AP with VLAN and local key generation"""
323 passphrase
= "12345678"
325 params
= ft_params1a(ssid
=ssid
, passphrase
=passphrase
)
326 params
['dynamic_vlan'] = "1"
327 params
['accept_mac_file'] = "hostapd.accept"
328 params
['ft_psk_generate_local'] = "1"
329 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
331 params
= ft_params2a(ssid
=ssid
, passphrase
=passphrase
)
332 params
['dynamic_vlan'] = "1"
333 params
['accept_mac_file'] = "hostapd.accept"
334 params
['ft_psk_generate_local'] = "1"
335 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
337 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, conndev
="brvlan1")
338 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
339 raise Exception("Scan results missing RSN element info")
341 def test_ap_ft_vlan_2(dev
, apdev
):
342 """WPA2-PSK-FT AP with VLAN and dest-AP does not have VLAN info locally"""
344 passphrase
= "12345678"
346 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
347 params
['dynamic_vlan'] = "1"
348 params
['accept_mac_file'] = "hostapd.accept"
349 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
351 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
352 params
['dynamic_vlan'] = "1"
353 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
355 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, conndev
="brvlan1",
356 force_initial_conn_to_first_ap
=True)
357 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
358 raise Exception("Scan results missing RSN element info")
360 def test_ap_ft_many(dev
, apdev
):
361 """WPA2-PSK-FT AP multiple times"""
363 passphrase
= "12345678"
365 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
366 hapd0
= hostapd
.add_ap(apdev
[0], params
)
367 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
368 hapd1
= hostapd
.add_ap(apdev
[1], params
)
370 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, roams
=50)
372 def test_ap_ft_many_vlan(dev
, apdev
):
373 """WPA2-PSK-FT AP with VLAN multiple times"""
375 passphrase
= "12345678"
377 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
378 params
['dynamic_vlan'] = "1"
379 params
['accept_mac_file'] = "hostapd.accept"
380 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
382 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
383 params
['dynamic_vlan'] = "1"
384 params
['accept_mac_file'] = "hostapd.accept"
385 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
387 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, roams
=50,
390 def test_ap_ft_mixed(dev
, apdev
):
391 """WPA2-PSK-FT mixed-mode AP"""
392 ssid
= "test-ft-mixed"
393 passphrase
= "12345678"
395 params
= ft_params1(rsn
=False, ssid
=ssid
, passphrase
=passphrase
)
396 hapd
= hostapd
.add_ap(apdev
[0], params
)
397 key_mgmt
= hapd
.get_config()['key_mgmt']
398 vals
= key_mgmt
.split(' ')
399 if vals
[0] != "WPA-PSK" or vals
[1] != "FT-PSK":
400 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
401 params
= ft_params2(rsn
=False, ssid
=ssid
, passphrase
=passphrase
)
402 hapd1
= hostapd
.add_ap(apdev
[1], params
)
404 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
)
406 def test_ap_ft_pmf(dev
, apdev
):
407 """WPA2-PSK-FT AP with PMF"""
409 passphrase
= "12345678"
411 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
412 params
["ieee80211w"] = "2"
413 hapd0
= hostapd
.add_ap(apdev
[0], params
)
414 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
415 params
["ieee80211w"] = "2"
416 hapd1
= hostapd
.add_ap(apdev
[1], params
)
418 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
420 def test_ap_ft_pmf_bip_cmac_128(dev
, apdev
):
421 """WPA2-PSK-FT AP with PMF/BIP-CMAC-128"""
422 run_ap_ft_pmf_bip(dev
, apdev
, "AES-128-CMAC")
424 def test_ap_ft_pmf_bip_gmac_128(dev
, apdev
):
425 """WPA2-PSK-FT AP with PMF/BIP-GMAC-128"""
426 run_ap_ft_pmf_bip(dev
, apdev
, "BIP-GMAC-128")
428 def test_ap_ft_pmf_bip_gmac_256(dev
, apdev
):
429 """WPA2-PSK-FT AP with PMF/BIP-GMAC-256"""
430 run_ap_ft_pmf_bip(dev
, apdev
, "BIP-GMAC-256")
432 def test_ap_ft_pmf_bip_cmac_256(dev
, apdev
):
433 """WPA2-PSK-FT AP with PMF/BIP-CMAC-256"""
434 run_ap_ft_pmf_bip(dev
, apdev
, "BIP-CMAC-256")
436 def run_ap_ft_pmf_bip(dev
, apdev
, cipher
):
437 if cipher
not in dev
[0].get_capability("group_mgmt"):
438 raise HwsimSkip("Cipher %s not supported" % cipher
)
441 passphrase
= "12345678"
443 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
444 params
["ieee80211w"] = "2"
445 params
["group_mgmt_cipher"] = cipher
446 hapd0
= hostapd
.add_ap(apdev
[0], params
)
447 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
448 params
["ieee80211w"] = "2"
449 params
["group_mgmt_cipher"] = cipher
450 hapd1
= hostapd
.add_ap(apdev
[1], params
)
452 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
,
455 def test_ap_ft_ocv(dev
, apdev
):
456 """WPA2-PSK-FT AP with OCV"""
458 passphrase
= "12345678"
460 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
461 params
["ieee80211w"] = "2"
464 hapd0
= hostapd
.add_ap(apdev
[0], params
)
465 except Exception as e
:
466 if "Failed to set hostapd parameter ocv" in str(e
):
467 raise HwsimSkip("OCV not supported")
469 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
470 params
["ieee80211w"] = "2"
472 hapd1
= hostapd
.add_ap(apdev
[1], params
)
474 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, ocv
="1")
476 def test_ap_ft_over_ds(dev
, apdev
):
477 """WPA2-PSK-FT AP over DS"""
479 passphrase
= "12345678"
481 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
482 hapd0
= hostapd
.add_ap(apdev
[0], params
)
483 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
484 hapd1
= hostapd
.add_ap(apdev
[1], params
)
486 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
487 check_mib(dev
[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"),
488 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4")])
490 def cleanup_ap_ft_separate_hostapd():
491 subprocess
.call(["brctl", "delif", "br0ft", "veth0"],
492 stderr
=open('/dev/null', 'w'))
493 subprocess
.call(["brctl", "delif", "br1ft", "veth1"],
494 stderr
=open('/dev/null', 'w'))
495 subprocess
.call(["ip", "link", "del", "veth0"],
496 stderr
=open('/dev/null', 'w'))
497 subprocess
.call(["ip", "link", "del", "veth1"],
498 stderr
=open('/dev/null', 'w'))
499 for ifname
in ['br0ft', 'br1ft', 'br-ft']:
500 subprocess
.call(['ip', 'link', 'set', 'dev', ifname
, 'down'],
501 stderr
=open('/dev/null', 'w'))
502 subprocess
.call(['brctl', 'delbr', ifname
],
503 stderr
=open('/dev/null', 'w'))
505 def test_ap_ft_separate_hostapd(dev
, apdev
, params
):
506 """WPA2-PSK-FT AP and separate hostapd process"""
508 run_ap_ft_separate_hostapd(dev
, apdev
, params
, False)
510 cleanup_ap_ft_separate_hostapd()
512 def test_ap_ft_over_ds_separate_hostapd(dev
, apdev
, params
):
513 """WPA2-PSK-FT AP over DS and separate hostapd process"""
515 run_ap_ft_separate_hostapd(dev
, apdev
, params
, True)
517 cleanup_ap_ft_separate_hostapd()
519 def run_ap_ft_separate_hostapd(dev
, apdev
, params
, over_ds
):
521 passphrase
= "12345678"
522 logdir
= params
['logdir']
523 pidfile
= os
.path
.join(logdir
, 'ap_ft_over_ds_separate_hostapd.pid')
524 logfile
= os
.path
.join(logdir
, 'ap_ft_over_ds_separate_hostapd.hapd')
525 global_ctrl
= '/var/run/hostapd-ft'
529 subprocess
.check_call(['brctl', 'addbr', br_ifname
])
530 subprocess
.check_call(['brctl', 'setfd', br_ifname
, '0'])
531 subprocess
.check_call(['ip', 'link', 'set', 'dev', br_ifname
, 'up'])
533 subprocess
.check_call(["ip", "link", "add", "veth0", "type", "veth",
534 "peer", "name", "veth0br"])
535 subprocess
.check_call(["ip", "link", "add", "veth1", "type", "veth",
536 "peer", "name", "veth1br"])
537 subprocess
.check_call(['ip', 'link', 'set', 'dev', 'veth0br', 'up'])
538 subprocess
.check_call(['ip', 'link', 'set', 'dev', 'veth1br', 'up'])
539 subprocess
.check_call(['brctl', 'addif', br_ifname
, 'veth0br'])
540 subprocess
.check_call(['brctl', 'addif', br_ifname
, 'veth1br'])
542 subprocess
.check_call(['brctl', 'addbr', 'br0ft'])
543 subprocess
.check_call(['brctl', 'setfd', 'br0ft', '0'])
544 subprocess
.check_call(['ip', 'link', 'set', 'dev', 'br0ft', 'up'])
545 subprocess
.check_call(['ip', 'link', 'set', 'dev', 'veth0', 'up'])
546 subprocess
.check_call(['brctl', 'addif', 'br0ft', 'veth0'])
547 subprocess
.check_call(['brctl', 'addbr', 'br1ft'])
548 subprocess
.check_call(['brctl', 'setfd', 'br1ft', '0'])
549 subprocess
.check_call(['ip', 'link', 'set', 'dev', 'br1ft', 'up'])
550 subprocess
.check_call(['ip', 'link', 'set', 'dev', 'veth1', 'up'])
551 subprocess
.check_call(['brctl', 'addif', 'br1ft', 'veth1'])
552 except subprocess
.CalledProcessError
:
553 raise HwsimSkip("Bridge or veth not supported (kernel CONFIG_VETH)")
555 with
HWSimRadio() as (radio
, iface
):
556 prg
= os
.path
.join(logdir
, 'alt-hostapd/hostapd/hostapd')
557 if not os
.path
.exists(prg
):
558 prg
= '../../hostapd/hostapd'
559 cmd
= [prg
, '-B', '-ddKt',
560 '-P', pidfile
, '-f', logfile
, '-g', global_ctrl
]
561 subprocess
.check_call(cmd
)
563 hglobal
= hostapd
.HostapdGlobal(global_ctrl_override
=global_ctrl
)
564 apdev_ft
= {'ifname': iface
}
565 apdev2
= [apdev_ft
, apdev
[1]]
567 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
568 params
["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
569 params
["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
570 params
['bridge'] = 'br0ft'
571 hapd0
= hostapd
.add_ap(apdev2
[0], params
,
572 global_ctrl_override
=global_ctrl
)
573 apdev2
[0]['bssid'] = hapd0
.own_addr()
574 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
575 params
["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
576 params
["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
577 params
['bridge'] = 'br1ft'
578 hapd1
= hostapd
.add_ap(apdev2
[1], params
)
580 run_roams(dev
[0], apdev2
, hapd0
, hapd1
, ssid
, passphrase
,
581 over_ds
=over_ds
, test_connectivity
=False)
585 if os
.path
.exists(pidfile
):
586 with
open(pidfile
, 'r') as f
:
589 os
.kill(pid
, signal
.SIGTERM
)
591 def test_ap_ft_over_ds_ocv(dev
, apdev
):
592 """WPA2-PSK-FT AP over DS"""
594 passphrase
= "12345678"
596 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
597 params
["ieee80211w"] = "2"
600 hapd0
= hostapd
.add_ap(apdev
[0], params
)
601 except Exception as e
:
602 if "Failed to set hostapd parameter ocv" in str(e
):
603 raise HwsimSkip("OCV not supported")
605 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
606 params
["ieee80211w"] = "2"
608 hapd1
= hostapd
.add_ap(apdev
[1], params
)
610 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
613 def test_ap_ft_over_ds_disabled(dev
, apdev
):
614 """WPA2-PSK-FT AP over DS disabled"""
616 passphrase
= "12345678"
618 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
619 params
['ft_over_ds'] = '0'
620 hapd0
= hostapd
.add_ap(apdev
[0], params
)
621 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
622 params
['ft_over_ds'] = '0'
623 hapd1
= hostapd
.add_ap(apdev
[1], params
)
625 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
628 def test_ap_ft_vlan_over_ds(dev
, apdev
):
629 """WPA2-PSK-FT AP over DS with VLAN"""
631 passphrase
= "12345678"
633 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
634 params
['dynamic_vlan'] = "1"
635 params
['accept_mac_file'] = "hostapd.accept"
636 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
637 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
638 params
['dynamic_vlan'] = "1"
639 params
['accept_mac_file'] = "hostapd.accept"
640 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
642 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
644 check_mib(dev
[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"),
645 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4")])
647 def test_ap_ft_over_ds_many(dev
, apdev
):
648 """WPA2-PSK-FT AP over DS multiple times"""
650 passphrase
= "12345678"
652 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
653 hapd0
= hostapd
.add_ap(apdev
[0], params
)
654 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
655 hapd1
= hostapd
.add_ap(apdev
[1], params
)
657 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
660 def test_ap_ft_vlan_over_ds_many(dev
, apdev
):
661 """WPA2-PSK-FT AP over DS with VLAN multiple times"""
663 passphrase
= "12345678"
665 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
666 params
['dynamic_vlan'] = "1"
667 params
['accept_mac_file'] = "hostapd.accept"
668 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
669 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
670 params
['dynamic_vlan'] = "1"
671 params
['accept_mac_file'] = "hostapd.accept"
672 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
674 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
675 roams
=50, conndev
="brvlan1")
678 def test_ap_ft_over_ds_unknown_target(dev
, apdev
):
681 passphrase
= "12345678"
683 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
684 hapd0
= hostapd
.add_ap(apdev
[0], params
)
686 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
688 dev
[0].roam_over_ds("02:11:22:33:44:55", fail_test
=True)
691 def test_ap_ft_over_ds_unexpected(dev
, apdev
):
692 """WPA2-PSK-FT AP over DS and unexpected response"""
694 passphrase
= "12345678"
696 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
697 hapd0
= hostapd
.add_ap(apdev
[0], params
)
698 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
699 hapd1
= hostapd
.add_ap(apdev
[1], params
)
701 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
703 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
714 addr
= dev
[0].own_addr()
715 hapd1ap
.set("ext_mgmt_frame_handling", "1")
716 logger
.info("Foreign STA address")
720 msg
['sa'] = ap1
['bssid']
721 msg
['bssid'] = ap1
['bssid']
722 msg
['payload'] = binascii
.unhexlify("06021122334455660102030405060000")
725 logger
.info("No over-the-DS in progress")
726 msg
['payload'] = binascii
.unhexlify("0602" + addr
.replace(':', '') + "0102030405060000")
729 logger
.info("Non-zero status code")
730 msg
['payload'] = binascii
.unhexlify("0602" + addr
.replace(':', '') + "0102030405060100")
733 hapd1ap
.dump_monitor()
735 dev
[0].scan_for_bss(ap2
['bssid'], freq
="2412")
736 if "OK" not in dev
[0].request("FT_DS " + ap2
['bssid']):
737 raise Exception("FT_DS failed")
739 req
= hapd1ap
.mgmt_rx()
741 logger
.info("Foreign Target AP")
742 msg
['payload'] = binascii
.unhexlify("0602" + addr
.replace(':', '') + "0102030405060000")
745 addrs
= addr
.replace(':', '') + ap2
['bssid'].replace(':', '')
747 logger
.info("No IEs")
748 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "0000")
751 logger
.info("Invalid IEs (trigger parsing failure)")
752 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003700")
755 logger
.info("Too short MDIE")
756 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "000036021122")
759 logger
.info("Mobility domain mismatch")
760 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603112201")
763 logger
.info("No FTIE")
764 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201")
767 logger
.info("FTIE SNonce mismatch")
768 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "1000000000000000000000000000000000000000000000000000000000000001" + "030a6e6173322e77312e6669")
771 logger
.info("No R0KH-ID subelem in FTIE")
772 snonce
= binascii
.hexlify(req
['payload'][111:111+32]).decode()
773 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b20137520000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
)
776 logger
.info("No R0KH-ID subelem mismatch in FTIE")
777 snonce
= binascii
.hexlify(req
['payload'][111:111+32]).decode()
778 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
+ "030a11223344556677889900")
781 logger
.info("No R1KH-ID subelem in FTIE")
782 r0khid
= binascii
.hexlify(req
['payload'][145:145+10]).decode()
783 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
+ "030a" + r0khid
)
786 logger
.info("No RSNE")
787 r0khid
= binascii
.hexlify(req
['payload'][145:145+10]).decode()
788 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b20137660000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
+ "030a" + r0khid
+ "0106000102030405")
791 def test_ap_ft_pmf_over_ds(dev
, apdev
):
792 """WPA2-PSK-FT AP over DS with PMF"""
793 run_ap_ft_pmf_bip_over_ds(dev
, apdev
, None)
795 def test_ap_ft_pmf_bip_cmac_128_over_ds(dev
, apdev
):
796 """WPA2-PSK-FT AP over DS with PMF/BIP-CMAC-128"""
797 run_ap_ft_pmf_bip_over_ds(dev
, apdev
, "AES-128-CMAC")
799 def test_ap_ft_pmf_bip_gmac_128_over_ds(dev
, apdev
):
800 """WPA2-PSK-FT AP over DS with PMF/BIP-GMAC-128"""
801 run_ap_ft_pmf_bip_over_ds(dev
, apdev
, "BIP-GMAC-128")
803 def test_ap_ft_pmf_bip_gmac_256_over_ds(dev
, apdev
):
804 """WPA2-PSK-FT AP over DS with PMF/BIP-GMAC-256"""
805 run_ap_ft_pmf_bip_over_ds(dev
, apdev
, "BIP-GMAC-256")
807 def test_ap_ft_pmf_bip_cmac_256_over_ds(dev
, apdev
):
808 """WPA2-PSK-FT AP over DS with PMF/BIP-CMAC-256"""
809 run_ap_ft_pmf_bip_over_ds(dev
, apdev
, "BIP-CMAC-256")
811 def run_ap_ft_pmf_bip_over_ds(dev
, apdev
, cipher
):
812 if cipher
and cipher
not in dev
[0].get_capability("group_mgmt"):
813 raise HwsimSkip("Cipher %s not supported" % cipher
)
816 passphrase
= "12345678"
818 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
819 params
["ieee80211w"] = "2"
821 params
["group_mgmt_cipher"] = cipher
822 hapd0
= hostapd
.add_ap(apdev
[0], params
)
823 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
824 params
["ieee80211w"] = "2"
826 params
["group_mgmt_cipher"] = cipher
827 hapd1
= hostapd
.add_ap(apdev
[1], params
)
829 Wlantest
.setup(hapd0
)
832 wt
.add_passphrase(passphrase
)
834 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
837 def test_ap_ft_over_ds_pull(dev
, apdev
):
838 """WPA2-PSK-FT AP over DS (pull PMK)"""
840 passphrase
= "12345678"
842 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
843 params
["pmk_r1_push"] = "0"
844 hapd0
= hostapd
.add_ap(apdev
[0], params
)
845 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
846 params
["pmk_r1_push"] = "0"
847 hapd1
= hostapd
.add_ap(apdev
[1], params
)
849 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
851 def test_ap_ft_over_ds_pull_old_key(dev
, apdev
):
852 """WPA2-PSK-FT AP over DS (pull PMK; old key)"""
854 passphrase
= "12345678"
856 params
= ft_params1_old_key(ssid
=ssid
, passphrase
=passphrase
)
857 params
["pmk_r1_push"] = "0"
858 hapd0
= hostapd
.add_ap(apdev
[0], params
)
859 params
= ft_params2_old_key(ssid
=ssid
, passphrase
=passphrase
)
860 params
["pmk_r1_push"] = "0"
861 hapd1
= hostapd
.add_ap(apdev
[1], params
)
863 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
865 def test_ap_ft_over_ds_pull_vlan(dev
, apdev
):
866 """WPA2-PSK-FT AP over DS (pull PMK) with VLAN"""
868 passphrase
= "12345678"
870 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
871 params
["pmk_r1_push"] = "0"
872 params
['dynamic_vlan'] = "1"
873 params
['accept_mac_file'] = "hostapd.accept"
874 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
875 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
876 params
["pmk_r1_push"] = "0"
877 params
['dynamic_vlan'] = "1"
878 params
['accept_mac_file'] = "hostapd.accept"
879 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
881 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
884 def test_ap_ft_sae(dev
, apdev
):
885 """WPA2-PSK-FT-SAE AP"""
886 if "SAE" not in dev
[0].get_capability("auth_alg"):
887 raise HwsimSkip("SAE not supported")
889 passphrase
= "12345678"
891 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
892 params
['wpa_key_mgmt'] = "FT-SAE"
893 hapd0
= hostapd
.add_ap(apdev
[0], params
)
894 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
895 params
['wpa_key_mgmt'] = "FT-SAE"
896 hapd
= hostapd
.add_ap(apdev
[1], params
)
897 key_mgmt
= hapd
.get_config()['key_mgmt']
898 if key_mgmt
.split(' ')[0] != "FT-SAE":
899 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
901 dev
[0].request("SET sae_groups ")
902 run_roams(dev
[0], apdev
, hapd0
, hapd
, ssid
, passphrase
, sae
=True)
904 def test_ap_ft_sae_over_ds(dev
, apdev
):
905 """WPA2-PSK-FT-SAE AP over DS"""
906 if "SAE" not in dev
[0].get_capability("auth_alg"):
907 raise HwsimSkip("SAE not supported")
909 passphrase
= "12345678"
911 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
912 params
['wpa_key_mgmt'] = "FT-SAE"
913 hapd0
= hostapd
.add_ap(apdev
[0], params
)
914 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
915 params
['wpa_key_mgmt'] = "FT-SAE"
916 hapd1
= hostapd
.add_ap(apdev
[1], params
)
918 dev
[0].request("SET sae_groups ")
919 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, sae
=True,
922 def test_ap_ft_sae_pw_id(dev
, apdev
):
923 """FT-SAE with Password Identifier"""
924 if "SAE" not in dev
[0].get_capability("auth_alg"):
925 raise HwsimSkip("SAE not supported")
928 params
= ft_params1(ssid
=ssid
)
929 params
["ieee80211w"] = "2"
930 params
['wpa_key_mgmt'] = "FT-SAE"
931 params
['sae_password'] = 'secret|id=pwid'
932 hapd0
= hostapd
.add_ap(apdev
[0], params
)
933 params
= ft_params2(ssid
=ssid
)
934 params
["ieee80211w"] = "2"
935 params
['wpa_key_mgmt'] = "FT-SAE"
936 params
['sae_password'] = 'secret|id=pwid'
937 hapd
= hostapd
.add_ap(apdev
[1], params
)
939 dev
[0].request("SET sae_groups ")
940 run_roams(dev
[0], apdev
, hapd0
, hapd
, ssid
, passphrase
=None, sae
=True,
941 sae_password
="secret", sae_password_id
="pwid")
943 def test_ap_ft_sae_with_both_akms(dev
, apdev
):
944 """SAE + FT-SAE configuration"""
945 if "SAE" not in dev
[0].get_capability("auth_alg"):
946 raise HwsimSkip("SAE not supported")
948 passphrase
= "12345678"
950 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
951 params
['wpa_key_mgmt'] = "FT-SAE SAE"
952 hapd0
= hostapd
.add_ap(apdev
[0], params
)
953 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
954 params
['wpa_key_mgmt'] = "FT-SAE SAE"
955 hapd
= hostapd
.add_ap(apdev
[1], params
)
956 key_mgmt
= hapd
.get_config()['key_mgmt']
957 if key_mgmt
.split(' ')[0] != "FT-SAE":
958 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
960 dev
[0].request("SET sae_groups ")
961 run_roams(dev
[0], apdev
, hapd0
, hapd
, ssid
, passphrase
, sae
=True,
964 def test_ap_ft_sae_pmksa_caching(dev
, apdev
):
965 """WPA2-FT-SAE AP and PMKSA caching for initial mobility domain association"""
966 if "SAE" not in dev
[0].get_capability("auth_alg"):
967 raise HwsimSkip("SAE not supported")
969 passphrase
= "12345678"
971 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
972 params
['wpa_key_mgmt'] = "FT-SAE"
973 hapd0
= hostapd
.add_ap(apdev
[0], params
)
974 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
975 params
['wpa_key_mgmt'] = "FT-SAE"
976 hapd
= hostapd
.add_ap(apdev
[1], params
)
977 key_mgmt
= hapd
.get_config()['key_mgmt']
978 if key_mgmt
.split(' ')[0] != "FT-SAE":
979 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
981 dev
[0].request("SET sae_groups ")
982 run_roams(dev
[0], apdev
, hapd0
, hapd
, ssid
, passphrase
, sae
=True,
985 def generic_ap_ft_eap(dev
, apdev
, vlan
=False, cui
=False, over_ds
=False,
986 discovery
=False, roams
=1):
988 passphrase
= "12345678"
990 identity
= "gpsk-vlan1"
993 identity
= "gpsk-cui"
996 identity
= "gpsk user"
999 radius
= hostapd
.radius_params()
1000 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
, discovery
=discovery
)
1001 params
['wpa_key_mgmt'] = "FT-EAP"
1002 params
["ieee8021x"] = "1"
1004 params
["dynamic_vlan"] = "1"
1005 params
= dict(list(radius
.items()) + list(params
.items()))
1006 hapd
= hostapd
.add_ap(apdev
[0], params
)
1007 key_mgmt
= hapd
.get_config()['key_mgmt']
1008 if key_mgmt
.split(' ')[0] != "FT-EAP":
1009 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
1010 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
, discovery
=discovery
)
1011 params
['wpa_key_mgmt'] = "FT-EAP"
1012 params
["ieee8021x"] = "1"
1014 params
["dynamic_vlan"] = "1"
1015 params
= dict(list(radius
.items()) + list(params
.items()))
1016 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1018 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
, eap
=True,
1019 over_ds
=over_ds
, roams
=roams
, eap_identity
=identity
,
1021 if "[WPA2-FT/EAP-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
1022 raise Exception("Scan results missing RSN element info")
1023 check_mib(dev
[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-3"),
1024 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-3")])
1026 # Verify EAPOL reauthentication after FT protocol
1027 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
1031 ap
.request("EAPOL_REAUTH " + dev
[0].own_addr())
1032 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout
=5)
1034 raise Exception("EAP authentication did not start")
1035 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout
=5)
1037 raise Exception("EAP authentication did not succeed")
1040 hwsim_utils
.test_connectivity_iface(dev
[0], ap
, conndev
)
1042 hwsim_utils
.test_connectivity(dev
[0], ap
)
1044 def test_ap_ft_eap(dev
, apdev
):
1045 """WPA2-EAP-FT AP"""
1046 generic_ap_ft_eap(dev
, apdev
)
1048 def test_ap_ft_eap_cui(dev
, apdev
):
1049 """WPA2-EAP-FT AP with CUI"""
1050 generic_ap_ft_eap(dev
, apdev
, vlan
=False, cui
=True)
1052 def test_ap_ft_eap_vlan(dev
, apdev
):
1053 """WPA2-EAP-FT AP with VLAN"""
1054 generic_ap_ft_eap(dev
, apdev
, vlan
=True)
1056 def test_ap_ft_eap_vlan_multi(dev
, apdev
):
1057 """WPA2-EAP-FT AP with VLAN"""
1058 generic_ap_ft_eap(dev
, apdev
, vlan
=True, roams
=50)
1060 def test_ap_ft_eap_over_ds(dev
, apdev
):
1061 """WPA2-EAP-FT AP using over-the-DS"""
1062 generic_ap_ft_eap(dev
, apdev
, over_ds
=True)
1064 def test_ap_ft_eap_dis(dev
, apdev
):
1065 """WPA2-EAP-FT AP with AP discovery"""
1066 generic_ap_ft_eap(dev
, apdev
, discovery
=True)
1068 def test_ap_ft_eap_dis_over_ds(dev
, apdev
):
1069 """WPA2-EAP-FT AP with AP discovery and over-the-DS"""
1070 generic_ap_ft_eap(dev
, apdev
, over_ds
=True, discovery
=True)
1072 def test_ap_ft_eap_vlan(dev
, apdev
):
1073 """WPA2-EAP-FT AP with VLAN"""
1074 generic_ap_ft_eap(dev
, apdev
, vlan
=True)
1076 def test_ap_ft_eap_vlan_multi(dev
, apdev
):
1077 """WPA2-EAP-FT AP with VLAN"""
1078 generic_ap_ft_eap(dev
, apdev
, vlan
=True, roams
=50)
1080 def test_ap_ft_eap_vlan_over_ds(dev
, apdev
):
1081 """WPA2-EAP-FT AP with VLAN + over_ds"""
1082 generic_ap_ft_eap(dev
, apdev
, vlan
=True, over_ds
=True)
1084 def test_ap_ft_eap_vlan_over_ds_multi(dev
, apdev
):
1085 """WPA2-EAP-FT AP with VLAN + over_ds"""
1086 generic_ap_ft_eap(dev
, apdev
, vlan
=True, over_ds
=True, roams
=50)
1088 def generic_ap_ft_eap_pull(dev
, apdev
, vlan
=False):
1089 """WPA2-EAP-FT AP (pull PMK)"""
1091 passphrase
= "12345678"
1093 identity
= "gpsk-vlan1"
1096 identity
= "gpsk user"
1099 radius
= hostapd
.radius_params()
1100 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1101 params
['wpa_key_mgmt'] = "FT-EAP"
1102 params
["ieee8021x"] = "1"
1103 params
["pmk_r1_push"] = "0"
1105 params
["dynamic_vlan"] = "1"
1106 params
= dict(list(radius
.items()) + list(params
.items()))
1107 hapd
= hostapd
.add_ap(apdev
[0], params
)
1108 key_mgmt
= hapd
.get_config()['key_mgmt']
1109 if key_mgmt
.split(' ')[0] != "FT-EAP":
1110 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
1111 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1112 params
['wpa_key_mgmt'] = "FT-EAP"
1113 params
["ieee8021x"] = "1"
1114 params
["pmk_r1_push"] = "0"
1116 params
["dynamic_vlan"] = "1"
1117 params
= dict(list(radius
.items()) + list(params
.items()))
1118 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1120 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
, eap
=True,
1121 eap_identity
=identity
, conndev
=conndev
)
1123 def test_ap_ft_eap_pull(dev
, apdev
):
1124 """WPA2-EAP-FT AP (pull PMK)"""
1125 generic_ap_ft_eap_pull(dev
, apdev
)
1127 def test_ap_ft_eap_pull_vlan(dev
, apdev
):
1128 generic_ap_ft_eap_pull(dev
, apdev
, vlan
=True)
1130 def test_ap_ft_eap_pull_wildcard(dev
, apdev
):
1131 """WPA2-EAP-FT AP (pull PMK) - wildcard R0KH/R1KH"""
1133 passphrase
= "12345678"
1135 radius
= hostapd
.radius_params()
1136 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
, discovery
=True)
1137 params
['wpa_key_mgmt'] = "WPA-EAP FT-EAP"
1138 params
["ieee8021x"] = "1"
1139 params
["pmk_r1_push"] = "0"
1140 params
["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
1141 params
["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
1142 params
["ft_psk_generate_local"] = "1"
1143 params
["eap_server"] = "0"
1144 params
= dict(list(radius
.items()) + list(params
.items()))
1145 hapd
= hostapd
.add_ap(apdev
[0], params
)
1146 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
, discovery
=True)
1147 params
['wpa_key_mgmt'] = "WPA-EAP FT-EAP"
1148 params
["ieee8021x"] = "1"
1149 params
["pmk_r1_push"] = "0"
1150 params
["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
1151 params
["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
1152 params
["ft_psk_generate_local"] = "1"
1153 params
["eap_server"] = "0"
1154 params
= dict(list(radius
.items()) + list(params
.items()))
1155 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1157 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
, eap
=True)
1160 def test_ap_ft_mismatching_rrb_key_push(dev
, apdev
):
1161 """WPA2-PSK-FT AP over DS with mismatching RRB key (push)"""
1163 passphrase
= "12345678"
1165 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1166 params
["ieee80211w"] = "2"
1167 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1168 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
1169 params
["ieee80211w"] = "2"
1170 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1172 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1176 def test_ap_ft_mismatching_rrb_key_pull(dev
, apdev
):
1177 """WPA2-PSK-FT AP over DS with mismatching RRB key (pull)"""
1179 passphrase
= "12345678"
1181 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1182 params
["pmk_r1_push"] = "0"
1183 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1184 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
1185 params
["pmk_r1_push"] = "0"
1186 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1188 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1192 def test_ap_ft_mismatching_r0kh_id_pull(dev
, apdev
):
1193 """WPA2-PSK-FT AP over DS with mismatching R0KH-ID (pull)"""
1195 passphrase
= "12345678"
1197 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1198 params
["pmk_r1_push"] = "0"
1199 params
["nas_identifier"] = "nas0.w1.fi"
1200 hostapd
.add_ap(apdev
[0], params
)
1201 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1204 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1205 params
["pmk_r1_push"] = "0"
1206 hostapd
.add_ap(apdev
[1], params
)
1208 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
1209 dev
[0].roam_over_ds(apdev
[1]['bssid'], fail_test
=True)
1212 def test_ap_ft_mismatching_rrb_r0kh_push(dev
, apdev
):
1213 """WPA2-PSK-FT AP over DS with mismatching R0KH key (push)"""
1215 passphrase
= "12345678"
1217 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1218 params
["ieee80211w"] = "2"
1219 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1220 params
= ft_params2_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
1221 params
["ieee80211w"] = "2"
1222 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1224 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1228 def test_ap_ft_mismatching_rrb_r0kh_pull(dev
, apdev
):
1229 """WPA2-PSK-FT AP over DS with mismatching R0KH key (pull)"""
1231 passphrase
= "12345678"
1233 params
= ft_params1_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
1234 params
["pmk_r1_push"] = "0"
1235 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1236 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1237 params
["pmk_r1_push"] = "0"
1238 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1240 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1243 def test_ap_ft_mismatching_rrb_key_push_eap(dev
, apdev
):
1244 """WPA2-EAP-FT AP over DS with mismatching RRB key (push)"""
1246 passphrase
= "12345678"
1248 radius
= hostapd
.radius_params()
1249 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1250 params
["ieee80211w"] = "2"
1251 params
['wpa_key_mgmt'] = "FT-EAP"
1252 params
["ieee8021x"] = "1"
1253 params
= dict(list(radius
.items()) + list(params
.items()))
1254 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1255 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
1256 params
["ieee80211w"] = "2"
1257 params
['wpa_key_mgmt'] = "FT-EAP"
1258 params
["ieee8021x"] = "1"
1259 params
= dict(list(radius
.items()) + list(params
.items()))
1260 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1262 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1263 fail_test
=True, eap
=True)
1265 def test_ap_ft_mismatching_rrb_key_pull_eap(dev
, apdev
):
1266 """WPA2-EAP-FT AP over DS with mismatching RRB key (pull)"""
1268 passphrase
= "12345678"
1270 radius
= hostapd
.radius_params()
1271 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1272 params
["pmk_r1_push"] = "0"
1273 params
['wpa_key_mgmt'] = "FT-EAP"
1274 params
["ieee8021x"] = "1"
1275 params
= dict(list(radius
.items()) + list(params
.items()))
1276 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1277 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
1278 params
["pmk_r1_push"] = "0"
1279 params
['wpa_key_mgmt'] = "FT-EAP"
1280 params
["ieee8021x"] = "1"
1281 params
= dict(list(radius
.items()) + list(params
.items()))
1282 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1284 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1285 fail_test
=True, eap
=True)
1287 def test_ap_ft_mismatching_r0kh_id_pull_eap(dev
, apdev
):
1288 """WPA2-EAP-FT AP over DS with mismatching R0KH-ID (pull)"""
1290 passphrase
= "12345678"
1292 radius
= hostapd
.radius_params()
1293 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1294 params
["pmk_r1_push"] = "0"
1295 params
["nas_identifier"] = "nas0.w1.fi"
1296 params
['wpa_key_mgmt'] = "FT-EAP"
1297 params
["ieee8021x"] = "1"
1298 params
= dict(list(radius
.items()) + list(params
.items()))
1299 hostapd
.add_ap(apdev
[0], params
)
1300 dev
[0].connect(ssid
, key_mgmt
="FT-EAP", proto
="WPA2", ieee80211w
="1",
1301 eap
="GPSK", identity
="gpsk user",
1302 password
="abcdefghijklmnop0123456789abcdef",
1305 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1306 params
["pmk_r1_push"] = "0"
1307 params
['wpa_key_mgmt'] = "FT-EAP"
1308 params
["ieee8021x"] = "1"
1309 params
= dict(list(radius
.items()) + list(params
.items()))
1310 hostapd
.add_ap(apdev
[1], params
)
1312 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
1313 dev
[0].roam_over_ds(apdev
[1]['bssid'], fail_test
=True)
1315 def test_ap_ft_mismatching_rrb_r0kh_push_eap(dev
, apdev
):
1316 """WPA2-EAP-FT AP over DS with mismatching R0KH key (push)"""
1318 passphrase
= "12345678"
1320 radius
= hostapd
.radius_params()
1321 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1322 params
["ieee80211w"] = "2"
1323 params
['wpa_key_mgmt'] = "FT-EAP"
1324 params
["ieee8021x"] = "1"
1325 params
= dict(list(radius
.items()) + list(params
.items()))
1326 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1327 params
= ft_params2_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
1328 params
["ieee80211w"] = "2"
1329 params
['wpa_key_mgmt'] = "FT-EAP"
1330 params
["ieee8021x"] = "1"
1331 params
= dict(list(radius
.items()) + list(params
.items()))
1332 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1334 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1335 fail_test
=True, eap
=True)
1337 def test_ap_ft_mismatching_rrb_r0kh_pull_eap(dev
, apdev
):
1338 """WPA2-EAP-FT AP over DS with mismatching R0KH key (pull)"""
1340 passphrase
= "12345678"
1342 radius
= hostapd
.radius_params()
1343 params
= ft_params1_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
1344 params
["pmk_r1_push"] = "0"
1345 params
['wpa_key_mgmt'] = "FT-EAP"
1346 params
["ieee8021x"] = "1"
1347 params
= dict(list(radius
.items()) + list(params
.items()))
1348 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1349 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1350 params
["pmk_r1_push"] = "0"
1351 params
['wpa_key_mgmt'] = "FT-EAP"
1352 params
["ieee8021x"] = "1"
1353 params
= dict(list(radius
.items()) + list(params
.items()))
1354 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1356 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1357 fail_test
=True, eap
=True)
1359 def test_ap_ft_gtk_rekey(dev
, apdev
):
1360 """WPA2-PSK-FT AP and GTK rekey"""
1362 passphrase
= "12345678"
1364 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1365 params
['wpa_group_rekey'] = '1'
1366 hapd
= hostapd
.add_ap(apdev
[0], params
)
1368 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1369 ieee80211w
="1", scan_freq
="2412")
1371 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
1373 raise Exception("GTK rekey timed out after initial association")
1374 hwsim_utils
.test_connectivity(dev
[0], hapd
)
1376 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1377 params
['wpa_group_rekey'] = '1'
1378 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1380 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
1381 dev
[0].roam(apdev
[1]['bssid'])
1382 if dev
[0].get_status_field('bssid') != apdev
[1]['bssid']:
1383 raise Exception("Did not connect to correct AP")
1384 hwsim_utils
.test_connectivity(dev
[0], hapd1
)
1386 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
1388 raise Exception("GTK rekey timed out after FT protocol")
1389 hwsim_utils
.test_connectivity(dev
[0], hapd1
)
1391 def test_ft_psk_key_lifetime_in_memory(dev
, apdev
, params
):
1392 """WPA2-PSK-FT and key lifetime in memory"""
1394 passphrase
= "04c2726b4b8d5f1b4db9c07aa4d9e9d8f765cb5d25ec817e6cc4fcdd5255db0"
1395 psk
= '93c90846ff67af9037ed83fb72b63dbeddaa81d47f926c20909b5886f1d9358d'
1396 pmk
= binascii
.unhexlify(psk
)
1397 p
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1398 hapd0
= hostapd
.add_ap(apdev
[0], p
)
1399 p
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1400 hapd1
= hostapd
.add_ap(apdev
[1], p
)
1402 pid
= find_wpas_process(dev
[0])
1404 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1406 # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
1407 # event has been delivered, so verify that wpa_supplicant has returned to
1408 # eloop before reading process memory.
1412 buf
= read_process_memory(pid
, pmk
)
1414 dev
[0].request("DISCONNECT")
1415 dev
[0].wait_disconnected()
1422 with
open(os
.path
.join(params
['logdir'], 'log0'), 'r') as f
:
1423 for l
in f
.readlines():
1424 if "FT: PMK-R0 - hexdump" in l
:
1425 val
= l
.strip().split(':')[3].replace(' ', '')
1426 pmkr0
= binascii
.unhexlify(val
)
1427 if "FT: PMK-R1 - hexdump" in l
:
1428 val
= l
.strip().split(':')[3].replace(' ', '')
1429 pmkr1
= binascii
.unhexlify(val
)
1430 if "FT: KCK - hexdump" in l
:
1431 val
= l
.strip().split(':')[3].replace(' ', '')
1432 kck
= binascii
.unhexlify(val
)
1433 if "FT: KEK - hexdump" in l
:
1434 val
= l
.strip().split(':')[3].replace(' ', '')
1435 kek
= binascii
.unhexlify(val
)
1436 if "FT: TK - hexdump" in l
:
1437 val
= l
.strip().split(':')[3].replace(' ', '')
1438 tk
= binascii
.unhexlify(val
)
1439 if "WPA: Group Key - hexdump" in l
:
1440 val
= l
.strip().split(':')[3].replace(' ', '')
1441 gtk
= binascii
.unhexlify(val
)
1442 if not pmkr0
or not pmkr1
or not kck
or not kek
or not tk
or not gtk
:
1443 raise Exception("Could not find keys from debug log")
1445 raise Exception("Unexpected GTK length")
1447 logger
.info("Checking keys in memory while associated")
1448 get_key_locations(buf
, pmk
, "PMK")
1449 get_key_locations(buf
, pmkr0
, "PMK-R0")
1450 get_key_locations(buf
, pmkr1
, "PMK-R1")
1452 raise HwsimSkip("PMK not found while associated")
1453 if pmkr0
not in buf
:
1454 raise HwsimSkip("PMK-R0 not found while associated")
1455 if pmkr1
not in buf
:
1456 raise HwsimSkip("PMK-R1 not found while associated")
1458 raise Exception("KCK not found while associated")
1460 raise Exception("KEK not found while associated")
1462 # raise Exception("TK found from memory")
1464 logger
.info("Checking keys in memory after disassociation")
1465 buf
= read_process_memory(pid
, pmk
)
1466 get_key_locations(buf
, pmk
, "PMK")
1467 get_key_locations(buf
, pmkr0
, "PMK-R0")
1468 get_key_locations(buf
, pmkr1
, "PMK-R1")
1470 # Note: PMK/PSK is still present in network configuration
1472 fname
= os
.path
.join(params
['logdir'],
1473 'ft_psk_key_lifetime_in_memory.memctx-')
1474 verify_not_present(buf
, pmkr0
, fname
, "PMK-R0")
1475 verify_not_present(buf
, pmkr1
, fname
, "PMK-R1")
1476 verify_not_present(buf
, kck
, fname
, "KCK")
1477 verify_not_present(buf
, kek
, fname
, "KEK")
1478 verify_not_present(buf
, tk
, fname
, "TK")
1480 get_key_locations(buf
, gtk
, "GTK")
1481 verify_not_present(buf
, gtk
, fname
, "GTK")
1483 dev
[0].request("REMOVE_NETWORK all")
1485 logger
.info("Checking keys in memory after network profile removal")
1486 buf
= read_process_memory(pid
, pmk
)
1487 get_key_locations(buf
, pmk
, "PMK")
1488 get_key_locations(buf
, pmkr0
, "PMK-R0")
1489 get_key_locations(buf
, pmkr1
, "PMK-R1")
1491 verify_not_present(buf
, pmk
, fname
, "PMK")
1492 verify_not_present(buf
, pmkr0
, fname
, "PMK-R0")
1493 verify_not_present(buf
, pmkr1
, fname
, "PMK-R1")
1494 verify_not_present(buf
, kck
, fname
, "KCK")
1495 verify_not_present(buf
, kek
, fname
, "KEK")
1496 verify_not_present(buf
, tk
, fname
, "TK")
1497 verify_not_present(buf
, gtk
, fname
, "GTK")
1500 def test_ap_ft_invalid_resp(dev
, apdev
):
1501 """WPA2-PSK-FT AP and invalid response IEs"""
1503 passphrase
= "12345678"
1505 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1506 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1507 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1510 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1511 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1514 # Various IEs for test coverage. The last one is FTIE with invalid
1515 # R1KH-ID subelement.
1516 "020002000000" + "3800" + "38051122334455" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010100",
1517 # FTIE with invalid R0KH-ID subelement (len=0).
1518 "020002000000" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010300",
1519 # FTIE with invalid R0KH-ID subelement (len=49).
1520 "020002000000" + "378500010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001033101020304050607080910111213141516171819202122232425262728293031323334353637383940414243444546474849",
1522 "020002000000" + "3000",
1523 # Required IEs missing from protected IE count.
1524 "020002000000" + "3603a1b201" + "375200010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
1525 # RIC missing from protected IE count.
1526 "020002000000" + "3603a1b201" + "375200020203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
1527 # Protected IE missing.
1528 "020002000000" + "3603a1b201" + "375200ff0203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900" + "0000"]
1530 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
1531 hapd1
.set("ext_mgmt_frame_handling", "1")
1532 hapd1
.dump_monitor()
1533 if "OK" not in dev
[0].request("ROAM " + apdev
[1]['bssid']):
1534 raise Exception("ROAM failed")
1537 msg
= hapd1
.mgmt_rx()
1538 if msg
['subtype'] == 11:
1542 raise Exception("Authentication frame not seen")
1545 resp
['fc'] = auth
['fc']
1546 resp
['da'] = auth
['sa']
1547 resp
['sa'] = auth
['da']
1548 resp
['bssid'] = auth
['bssid']
1549 resp
['payload'] = binascii
.unhexlify(t
)
1551 hapd1
.set("ext_mgmt_frame_handling", "0")
1552 dev
[0].wait_disconnected()
1554 dev
[0].request("RECONNECT")
1555 dev
[0].wait_connected()
1557 def test_ap_ft_gcmp_256(dev
, apdev
):
1558 """WPA2-PSK-FT AP with GCMP-256 cipher"""
1559 if "GCMP-256" not in dev
[0].get_capability("pairwise"):
1560 raise HwsimSkip("Cipher GCMP-256 not supported")
1562 passphrase
= "12345678"
1564 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1565 params
['rsn_pairwise'] = "GCMP-256"
1566 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1567 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1568 params
['rsn_pairwise'] = "GCMP-256"
1569 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1571 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
,
1572 pairwise_cipher
="GCMP-256", group_cipher
="GCMP-256")
1574 def setup_ap_ft_oom(dev
, apdev
):
1575 skip_with_fips(dev
[0])
1577 passphrase
= "12345678"
1579 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1580 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1581 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1582 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1584 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1586 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
1587 dst
= apdev
[1]['bssid']
1589 dst
= apdev
[0]['bssid']
1591 dev
[0].scan_for_bss(dst
, freq
="2412")
1595 def test_ap_ft_oom(dev
, apdev
):
1596 """WPA2-PSK-FT and OOM"""
1597 dst
= setup_ap_ft_oom(dev
, apdev
)
1598 with
alloc_fail(dev
[0], 1, "wpa_ft_gen_req_ies"):
1601 def test_ap_ft_oom2(dev
, apdev
):
1602 """WPA2-PSK-FT and OOM (2)"""
1603 dst
= setup_ap_ft_oom(dev
, apdev
)
1604 with
fail_test(dev
[0], 1, "wpa_ft_mic"):
1605 dev
[0].roam(dst
, fail_test
=True, assoc_reject_ok
=True)
1607 def test_ap_ft_oom3(dev
, apdev
):
1608 """WPA2-PSK-FT and OOM (3)"""
1609 dst
= setup_ap_ft_oom(dev
, apdev
)
1610 with
fail_test(dev
[0], 1, "os_get_random;wpa_ft_prepare_auth_request"):
1613 def test_ap_ft_oom4(dev
, apdev
):
1614 """WPA2-PSK-FT and OOM (4)"""
1616 passphrase
= "12345678"
1617 dst
= setup_ap_ft_oom(dev
, apdev
)
1618 dev
[0].request("REMOVE_NETWORK all")
1619 with
alloc_fail(dev
[0], 1, "=sme_update_ft_ies"):
1620 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1623 def test_ap_ft_ap_oom(dev
, apdev
):
1624 """WPA2-PSK-FT and AP OOM"""
1626 passphrase
= "12345678"
1628 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1629 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1630 bssid0
= hapd0
.own_addr()
1632 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1633 with
alloc_fail(hapd0
, 1, "wpa_ft_store_pmk_r0"):
1634 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1637 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1638 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1639 bssid1
= hapd1
.own_addr()
1640 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1641 # This roam will fail due to missing PMK-R0 (OOM prevented storing it)
1644 def test_ap_ft_ap_oom2(dev
, apdev
):
1645 """WPA2-PSK-FT and AP OOM 2"""
1647 passphrase
= "12345678"
1649 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1650 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1651 bssid0
= hapd0
.own_addr()
1653 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1654 with
alloc_fail(hapd0
, 1, "wpa_ft_store_pmk_r1"):
1655 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1658 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1659 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1660 bssid1
= hapd1
.own_addr()
1661 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1663 if dev
[0].get_status_field('bssid') != bssid1
:
1664 raise Exception("Did not roam to AP1")
1665 # This roam will fail due to missing PMK-R1 (OOM prevented storing it)
1668 def test_ap_ft_ap_oom3(dev
, apdev
):
1669 """WPA2-PSK-FT and AP OOM 3"""
1671 passphrase
= "12345678"
1673 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1674 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1675 bssid0
= hapd0
.own_addr()
1677 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1678 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1681 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1682 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1683 bssid1
= hapd1
.own_addr()
1684 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1685 with
alloc_fail(hapd1
, 1, "wpa_ft_pull_pmk_r1"):
1686 # This will fail due to not being able to send out PMK-R1 pull request
1689 with
fail_test(hapd1
, 2, "os_get_random;wpa_ft_pull_pmk_r1"):
1690 # This will fail due to not being able to send out PMK-R1 pull request
1693 with
fail_test(hapd1
, 2, "aes_siv_encrypt;wpa_ft_pull_pmk_r1"):
1694 # This will fail due to not being able to send out PMK-R1 pull request
1697 def test_ap_ft_ap_oom3b(dev
, apdev
):
1698 """WPA2-PSK-FT and AP OOM 3b"""
1700 passphrase
= "12345678"
1702 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1703 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1704 bssid0
= hapd0
.own_addr()
1706 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1707 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1710 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1711 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1712 bssid1
= hapd1
.own_addr()
1713 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1714 with
fail_test(hapd1
, 1, "os_get_random;wpa_ft_pull_pmk_r1"):
1715 # This will fail due to not being able to send out PMK-R1 pull request
1718 def test_ap_ft_ap_oom4(dev
, apdev
):
1719 """WPA2-PSK-FT and AP OOM 4"""
1721 passphrase
= "12345678"
1723 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1724 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1725 bssid0
= hapd0
.own_addr()
1727 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1728 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1731 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1732 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1733 bssid1
= hapd1
.own_addr()
1734 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1735 with
alloc_fail(hapd1
, 1, "wpa_ft_gtk_subelem"):
1737 if dev
[0].get_status_field('bssid') != bssid1
:
1738 raise Exception("Did not roam to AP1")
1740 with
fail_test(hapd0
, 1, "wpa_auth_get_seqnum;wpa_ft_gtk_subelem"):
1742 if dev
[0].get_status_field('bssid') != bssid0
:
1743 raise Exception("Did not roam to AP0")
1745 with
fail_test(hapd0
, 1, "aes_wrap;wpa_ft_gtk_subelem"):
1747 if dev
[0].get_status_field('bssid') != bssid1
:
1748 raise Exception("Did not roam to AP1")
1750 def test_ap_ft_ap_oom5(dev
, apdev
):
1751 """WPA2-PSK-FT and AP OOM 5"""
1753 passphrase
= "12345678"
1755 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1756 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1757 bssid0
= hapd0
.own_addr()
1759 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1760 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1763 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1764 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1765 bssid1
= hapd1
.own_addr()
1766 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1767 with
alloc_fail(hapd1
, 1, "=wpa_ft_process_auth_req"):
1768 # This will fail to roam
1771 with
fail_test(hapd1
, 1, "os_get_random;wpa_ft_process_auth_req"):
1772 # This will fail to roam
1775 with
fail_test(hapd1
, 1, "sha256_prf_bits;wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
1776 # This will fail to roam
1779 with
fail_test(hapd1
, 3, "wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
1780 # This will fail to roam
1783 with
fail_test(hapd1
, 1, "wpa_derive_pmk_r1_name;wpa_ft_process_auth_req"):
1784 # This will fail to roam
1787 def test_ap_ft_ap_oom6(dev
, apdev
):
1788 """WPA2-PSK-FT and AP OOM 6"""
1790 passphrase
= "12345678"
1792 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1793 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1794 bssid0
= hapd0
.own_addr()
1796 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1797 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r0;wpa_auth_derive_ptk_ft"):
1798 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1800 dev
[0].request("REMOVE_NETWORK all")
1801 dev
[0].wait_disconnected()
1802 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r1;wpa_auth_derive_ptk_ft"):
1803 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1805 dev
[0].request("REMOVE_NETWORK all")
1806 dev
[0].wait_disconnected()
1807 with
fail_test(hapd0
, 1, "wpa_pmk_r1_to_ptk;wpa_auth_derive_ptk_ft"):
1808 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1811 def test_ap_ft_ap_oom7a(dev
, apdev
):
1812 """WPA2-PSK-FT and AP OOM 7a"""
1814 passphrase
= "12345678"
1816 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1817 params
["ieee80211w"] = "2"
1818 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1819 bssid0
= hapd0
.own_addr()
1821 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1822 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1823 ieee80211w
="2", scan_freq
="2412")
1825 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1826 params
["ieee80211w"] = "2"
1827 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1828 bssid1
= hapd1
.own_addr()
1829 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1830 with
alloc_fail(hapd1
, 1, "wpa_ft_igtk_subelem"):
1831 # This will fail to roam
1834 def test_ap_ft_ap_oom7b(dev
, apdev
):
1835 """WPA2-PSK-FT and AP OOM 7b"""
1837 passphrase
= "12345678"
1839 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1840 params
["ieee80211w"] = "2"
1841 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1842 bssid0
= hapd0
.own_addr()
1844 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1845 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1846 ieee80211w
="2", scan_freq
="2412")
1848 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1849 params
["ieee80211w"] = "2"
1850 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1851 bssid1
= hapd1
.own_addr()
1852 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1853 with
fail_test(hapd1
, 1, "aes_wrap;wpa_ft_igtk_subelem"):
1854 # This will fail to roam
1857 def test_ap_ft_ap_oom7c(dev
, apdev
):
1858 """WPA2-PSK-FT and AP OOM 7c"""
1860 passphrase
= "12345678"
1862 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1863 params
["ieee80211w"] = "2"
1864 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1865 bssid0
= hapd0
.own_addr()
1867 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1868 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1869 ieee80211w
="2", scan_freq
="2412")
1871 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1872 params
["ieee80211w"] = "2"
1873 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1874 bssid1
= hapd1
.own_addr()
1875 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1876 with
alloc_fail(hapd1
, 1, "=wpa_sm_write_assoc_resp_ies"):
1877 # This will fail to roam
1880 def test_ap_ft_ap_oom7d(dev
, apdev
):
1881 """WPA2-PSK-FT and AP OOM 7d"""
1883 passphrase
= "12345678"
1885 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1886 params
["ieee80211w"] = "2"
1887 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1888 bssid0
= hapd0
.own_addr()
1890 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1891 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1892 ieee80211w
="2", scan_freq
="2412")
1894 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1895 params
["ieee80211w"] = "2"
1896 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1897 bssid1
= hapd1
.own_addr()
1898 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1899 with
fail_test(hapd1
, 1, "wpa_ft_mic;wpa_sm_write_assoc_resp_ies"):
1900 # This will fail to roam
1903 def test_ap_ft_ap_oom8(dev
, apdev
):
1904 """WPA2-PSK-FT and AP OOM 8"""
1906 passphrase
= "12345678"
1908 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1909 params
['ft_psk_generate_local'] = "1"
1910 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1911 bssid0
= hapd0
.own_addr()
1913 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1914 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1917 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1918 params
['ft_psk_generate_local'] = "1"
1919 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1920 bssid1
= hapd1
.own_addr()
1921 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1922 with
fail_test(hapd1
, 1, "wpa_derive_pmk_r0;wpa_ft_psk_pmk_r1"):
1923 # This will fail to roam
1925 with
fail_test(hapd1
, 1, "wpa_derive_pmk_r1;wpa_ft_psk_pmk_r1"):
1926 # This will fail to roam
1929 def test_ap_ft_ap_oom9(dev
, apdev
):
1930 """WPA2-PSK-FT and AP OOM 9"""
1932 passphrase
= "12345678"
1934 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1935 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1936 bssid0
= hapd0
.own_addr()
1938 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1939 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1942 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1943 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1944 bssid1
= hapd1
.own_addr()
1945 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1947 with
alloc_fail(hapd0
, 1, "wpa_ft_action_rx"):
1948 # This will fail to roam
1949 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1950 raise Exception("FT_DS failed")
1951 wait_fail_trigger(hapd0
, "GET_ALLOC_FAIL")
1953 with
alloc_fail(hapd1
, 1, "wpa_ft_rrb_rx_request"):
1954 # This will fail to roam
1955 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1956 raise Exception("FT_DS failed")
1957 wait_fail_trigger(hapd1
, "GET_ALLOC_FAIL")
1959 with
alloc_fail(hapd1
, 1, "wpa_ft_send_rrb_auth_resp"):
1960 # This will fail to roam
1961 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1962 raise Exception("FT_DS failed")
1963 wait_fail_trigger(hapd1
, "GET_ALLOC_FAIL")
1965 def test_ap_ft_ap_oom10(dev
, apdev
):
1966 """WPA2-PSK-FT and AP OOM 10"""
1968 passphrase
= "12345678"
1970 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1971 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1972 bssid0
= hapd0
.own_addr()
1974 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1975 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1978 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1979 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1980 bssid1
= hapd1
.own_addr()
1981 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1983 with
fail_test(hapd0
, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_pull"):
1984 # This will fail to roam
1985 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1986 raise Exception("FT_DS failed")
1987 wait_fail_trigger(hapd0
, "GET_FAIL")
1989 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r1;wpa_ft_rrb_rx_pull"):
1990 # This will fail to roam
1991 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1992 raise Exception("FT_DS failed")
1993 wait_fail_trigger(hapd0
, "GET_FAIL")
1995 with
fail_test(hapd0
, 1, "aes_siv_encrypt;wpa_ft_rrb_rx_pull"):
1996 # This will fail to roam
1997 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1998 raise Exception("FT_DS failed")
1999 wait_fail_trigger(hapd0
, "GET_FAIL")
2001 with
fail_test(hapd1
, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_resp"):
2002 # This will fail to roam
2003 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
2004 raise Exception("FT_DS failed")
2005 wait_fail_trigger(hapd1
, "GET_FAIL")
2007 def test_ap_ft_ap_oom11(dev
, apdev
):
2008 """WPA2-PSK-FT and AP OOM 11"""
2010 passphrase
= "12345678"
2012 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2013 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2014 bssid0
= hapd0
.own_addr()
2016 dev
[0].scan_for_bss(bssid0
, freq
="2412")
2017 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r1;wpa_ft_generate_pmk_r1"):
2018 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2020 wait_fail_trigger(hapd0
, "GET_FAIL")
2022 dev
[1].scan_for_bss(bssid0
, freq
="2412")
2023 with
fail_test(hapd0
, 1, "aes_siv_encrypt;wpa_ft_generate_pmk_r1"):
2024 dev
[1].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2026 wait_fail_trigger(hapd0
, "GET_FAIL")
2028 def test_ap_ft_over_ds_proto_ap(dev
, apdev
):
2029 """WPA2-PSK-FT AP over DS protocol testing for AP processing"""
2031 passphrase
= "12345678"
2033 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2034 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2035 bssid0
= hapd0
.own_addr()
2036 _bssid0
= bssid0
.replace(':', '')
2037 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2039 addr
= dev
[0].own_addr()
2040 _addr
= addr
.replace(':', '')
2042 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2043 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2044 bssid1
= hapd1
.own_addr()
2045 _bssid1
= bssid1
.replace(':', '')
2047 hapd0
.set("ext_mgmt_frame_handling", "1")
2048 hdr
= "d0003a01" + _bssid0
+ _addr
+ _bssid0
+ "1000"
2049 valid
= "0601" + _addr
+ _bssid1
2052 "0601" + _addr
+ _bssid0
,
2053 "0601" + _addr
+ "ffffffffffff",
2054 "0601" + _bssid0
+ _bssid0
,
2059 valid
+ "3603ffffff",
2060 valid
+ "3603a1b2ff",
2061 valid
+ "3603a1b2ff" + "3700",
2062 valid
+ "3603a1b2ff" + "37520000" + 16*"00" + 32*"00" + 32*"00",
2063 valid
+ "3603a1b2ff" + "37520001" + 16*"00" + 32*"00" + 32*"00",
2064 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa",
2065 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "3000",
2066 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000facff00000100a225368fe0983b5828a37a0acb37f253",
2067 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac030100000fac0400000100a225368fe0983b5828a37a0acb37f253",
2068 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000fac0400000100a225368fe0983b5828a37a0acb37f253",
2071 hapd0
.dump_monitor()
2072 if "OK" not in hapd0
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr
+ t
):
2073 raise Exception("MGMT_RX_PROCESS failed")
2075 hapd0
.set("ext_mgmt_frame_handling", "0")
2077 def test_ap_ft_over_ds_proto(dev
, apdev
):
2078 """WPA2-PSK-FT AP over DS protocol testing"""
2080 passphrase
= "12345678"
2082 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2083 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2084 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2087 # FT Action Response while no FT-over-DS in progress
2090 msg
['da'] = dev
[0].own_addr()
2091 msg
['sa'] = apdev
[0]['bssid']
2092 msg
['bssid'] = apdev
[0]['bssid']
2093 msg
['payload'] = binascii
.unhexlify("06020200000000000200000004000000")
2096 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2097 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2098 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
2099 hapd0
.set("ext_mgmt_frame_handling", "1")
2100 hapd0
.dump_monitor()
2101 dev
[0].request("FT_DS " + apdev
[1]['bssid'])
2102 for i
in range(0, 10):
2103 req
= hapd0
.mgmt_rx()
2105 raise Exception("MGMT RX wait timed out")
2106 if req
['subtype'] == 13:
2110 raise Exception("FT Action frame not received")
2112 # FT Action Response for unexpected Target AP
2113 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "f20000000400" + "0000")
2116 # FT Action Response without MDIE
2117 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "020000000400" + "0000")
2120 # FT Action Response without FTIE
2121 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201")
2124 # FT Action Response with FTIE SNonce mismatch
2125 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201" + "3766000000000000000000000000000000000000c4e67ac1999bebd00ff4ae4d5dcaf87896bb060b469f7c78d49623fb395c3455ffffff6b693fe6f8d8c5dfac0a22344750775bd09437f98b238c9f87b97f790c0106000102030406030a6e6173312e77312e6669")
2129 def test_ap_ft_rrb(dev
, apdev
):
2130 """WPA2-PSK-FT RRB protocol testing"""
2132 passphrase
= "12345678"
2134 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2135 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2137 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2140 _dst_ll
= binascii
.unhexlify(apdev
[0]['bssid'].replace(':', ''))
2141 _src_ll
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
2143 ehdr
= _dst_ll
+ _src_ll
+ proto
2145 # Too short RRB frame
2146 pkt
= ehdr
+ b
'\x01'
2147 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2148 raise Exception("DATA_TEST_FRAME failed")
2150 # RRB discarded frame wikth unrecognized type
2151 pkt
= ehdr
+ b
'\x02' + b
'\x02' + b
'\x01\x00' + _src_ll
2152 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2153 raise Exception("DATA_TEST_FRAME failed")
2155 # RRB frame too short for action frame
2156 pkt
= ehdr
+ b
'\x01' + b
'\x02' + b
'\x01\x00' + _src_ll
2157 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2158 raise Exception("DATA_TEST_FRAME failed")
2160 # Too short RRB frame (not enough room for Action Frame body)
2161 pkt
= ehdr
+ b
'\x01' + b
'\x02' + b
'\x00\x00' + _src_ll
2162 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2163 raise Exception("DATA_TEST_FRAME failed")
2165 # Unexpected Action frame category
2166 pkt
= ehdr
+ b
'\x01' + b
'\x02' + b
'\x0e\x00' + _src_ll
+ b
'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2167 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2168 raise Exception("DATA_TEST_FRAME failed")
2170 # Unexpected Action in RRB Request
2171 pkt
= ehdr
+ b
'\x01' + b
'\x00' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2172 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2173 raise Exception("DATA_TEST_FRAME failed")
2175 # Target AP address in RRB Request does not match with own address
2176 pkt
= ehdr
+ b
'\x01' + b
'\x00' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2177 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2178 raise Exception("DATA_TEST_FRAME failed")
2180 # Not enough room for status code in RRB Response
2181 pkt
= ehdr
+ b
'\x01' + b
'\x01' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2182 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2183 raise Exception("DATA_TEST_FRAME failed")
2185 # RRB discarded frame with unknown packet_type
2186 pkt
= ehdr
+ b
'\x01' + b
'\x02' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2187 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2188 raise Exception("DATA_TEST_FRAME failed")
2190 # RRB Response with non-zero status code; no STA match
2191 pkt
= ehdr
+ b
'\x01' + b
'\x01' + b
'\x10\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + b
'\xff\xff'
2192 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2193 raise Exception("DATA_TEST_FRAME failed")
2195 # RRB Response with zero status code and extra data; STA match
2196 pkt
= ehdr
+ b
'\x01' + b
'\x01' + b
'\x11\x00' + _src_ll
+ b
'\x06\x01' + _src_ll
+ b
'\x00\x00\x00\x00\x00\x00' + b
'\x00\x00' + b
'\x00'
2197 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2198 raise Exception("DATA_TEST_FRAME failed")
2200 # Too short PMK-R1 pull
2201 pkt
= ehdr
+ b
'\x01' + b
'\xc8' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2202 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2203 raise Exception("DATA_TEST_FRAME failed")
2205 # Too short PMK-R1 resp
2206 pkt
= ehdr
+ b
'\x01' + b
'\xc9' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2207 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2208 raise Exception("DATA_TEST_FRAME failed")
2210 # Too short PMK-R1 push
2211 pkt
= ehdr
+ b
'\x01' + b
'\xca' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2212 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2213 raise Exception("DATA_TEST_FRAME failed")
2215 # No matching R0KH address found for PMK-R0 pull response
2216 pkt
= ehdr
+ b
'\x01' + b
'\xc9' + b
'\x5a\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + 76 * b
'\00'
2217 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2218 raise Exception("DATA_TEST_FRAME failed")
2221 def test_rsn_ie_proto_ft_psk_sta(dev
, apdev
):
2222 """RSN element protocol testing for FT-PSK + PMF cases on STA side"""
2223 bssid
= apdev
[0]['bssid']
2225 passphrase
= "12345678"
2227 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2228 params
["ieee80211w"] = "1"
2229 # This is the RSN element used normally by hostapd
2230 params
['own_ie_override'] = '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'
2231 hapd
= hostapd
.add_ap(apdev
[0], params
)
2232 id = dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2233 ieee80211w
="1", scan_freq
="2412",
2234 pairwise
="CCMP", group
="CCMP")
2236 tests
= [('PMKIDCount field included',
2237 '30160100000fac040100000fac040100000fac048c000000' + '3603a1b201'),
2238 ('Extra IE before RSNE',
2239 'dd0400000000' + '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'),
2240 ('PMKIDCount and Group Management Cipher suite fields included',
2241 '301a0100000fac040100000fac040100000fac048c000000000fac06' + '3603a1b201'),
2242 ('Extra octet after defined fields (future extensibility)',
2243 '301b0100000fac040100000fac040100000fac048c000000000fac0600' + '3603a1b201'),
2244 ('No RSN Capabilities field (PMF disabled in practice)',
2245 '30120100000fac040100000fac040100000fac04' + '3603a1b201')]
2246 for txt
, ie
in tests
:
2247 dev
[0].request("DISCONNECT")
2248 dev
[0].wait_disconnected()
2251 hapd
.set('own_ie_override', ie
)
2253 dev
[0].request("BSS_FLUSH 0")
2254 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
2255 dev
[0].select_network(id, freq
=2412)
2256 dev
[0].wait_connected()
2258 dev
[0].request("DISCONNECT")
2259 dev
[0].wait_disconnected()
2261 logger
.info('Invalid RSNE causing internal hostapd error')
2263 hapd
.set('own_ie_override', '30130100000fac040100000fac040100000fac048c' + '3603a1b201')
2265 dev
[0].request("BSS_FLUSH 0")
2266 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
2267 dev
[0].select_network(id, freq
=2412)
2268 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
2270 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=1)
2272 raise Exception("Unexpected connection")
2273 dev
[0].request("DISCONNECT")
2275 logger
.info('Unexpected PMKID causing internal hostapd error')
2277 hapd
.set('own_ie_override', '30260100000fac040100000fac040100000fac048c000100ffffffffffffffffffffffffffffffff' + '3603a1b201')
2279 dev
[0].request("BSS_FLUSH 0")
2280 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
2281 dev
[0].select_network(id, freq
=2412)
2282 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
2284 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=1)
2286 raise Exception("Unexpected connection")
2287 dev
[0].request("DISCONNECT")
2289 def test_ap_ft_ptk_rekey(dev
, apdev
):
2290 """WPA2-PSK-FT PTK rekeying triggered by station after roam"""
2292 passphrase
= "12345678"
2294 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2295 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2296 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2297 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2299 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, ptk_rekey
="1")
2301 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECTED",
2302 "WPA: Key negotiation completed"], timeout
=5)
2304 raise Exception("No event received after roam")
2305 if "CTRL-EVENT-DISCONNECTED" in ev
:
2306 raise Exception("Unexpected disconnection after roam")
2308 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
2312 hwsim_utils
.test_connectivity(dev
[0], hapd
)
2314 def test_ap_ft_ptk_rekey_ap(dev
, apdev
):
2315 """WPA2-PSK-FT PTK rekeying triggered by AP after roam"""
2317 passphrase
= "12345678"
2319 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2320 params
['wpa_ptk_rekey'] = '2'
2321 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2322 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2323 params
['wpa_ptk_rekey'] = '2'
2324 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2326 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
2328 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECTED",
2329 "WPA: Key negotiation completed"], timeout
=5)
2331 raise Exception("No event received after roam")
2332 if "CTRL-EVENT-DISCONNECTED" in ev
:
2333 raise Exception("Unexpected disconnection after roam")
2335 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
2339 hwsim_utils
.test_connectivity(dev
[0], hapd
)
2341 def test_ap_ft_internal_rrb_check(dev
, apdev
):
2342 """RRB internal delivery only to WPA enabled BSS"""
2344 passphrase
= "12345678"
2346 radius
= hostapd
.radius_params()
2347 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2348 params
['wpa_key_mgmt'] = "FT-EAP"
2349 params
["ieee8021x"] = "1"
2350 params
= dict(list(radius
.items()) + list(params
.items()))
2351 hapd
= hostapd
.add_ap(apdev
[0], params
)
2352 key_mgmt
= hapd
.get_config()['key_mgmt']
2353 if key_mgmt
.split(' ')[0] != "FT-EAP":
2354 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
2356 hapd1
= hostapd
.add_ap(apdev
[1], {"ssid": ssid
})
2358 # Connect to WPA enabled AP
2359 dev
[0].connect(ssid
, key_mgmt
="FT-EAP", proto
="WPA2", ieee80211w
="1",
2360 eap
="GPSK", identity
="gpsk user",
2361 password
="abcdefghijklmnop0123456789abcdef",
2364 # Try over_ds roaming to non-WPA-enabled AP.
2365 # If hostapd does not check hapd->wpa_auth internally, it will crash now.
2366 dev
[0].roam_over_ds(apdev
[1]['bssid'], fail_test
=True)
2368 def test_ap_ft_extra_ie(dev
, apdev
):
2369 """WPA2-PSK-FT AP with WPA2-PSK enabled and unexpected MDE"""
2371 passphrase
= "12345678"
2373 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2374 params
["wpa_key_mgmt"] = "WPA-PSK FT-PSK"
2375 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2376 dev
[1].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2378 dev
[2].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK", proto
="WPA2",
2381 # Add Mobility Domain element to test AP validation code.
2382 dev
[0].request("VENDOR_ELEM_ADD 13 3603a1b201")
2383 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK", proto
="WPA2",
2384 scan_freq
="2412", wait_connect
=False)
2385 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED",
2386 "CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
2388 raise Exception("No connection result")
2389 if "CTRL-EVENT-CONNECTED" in ev
:
2390 raise Exception("Non-FT association accepted with MDE")
2391 if "status_code=43" not in ev
:
2392 raise Exception("Unexpected status code: " + ev
)
2393 dev
[0].request("DISCONNECT")
2395 dev
[0].request("VENDOR_ELEM_REMOVE 13 *")
2397 def test_ap_ft_ric(dev
, apdev
):
2398 """WPA2-PSK-FT AP and RIC"""
2400 passphrase
= "12345678"
2402 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2403 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2404 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2405 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2407 dev
[0].set("ric_ies", "")
2408 dev
[0].set("ric_ies", '""')
2409 if "FAIL" not in dev
[0].request("SET ric_ies q"):
2410 raise Exception("Invalid ric_ies value accepted")
2415 "390400000000" + "390400000000",
2416 "390400000000" + "dd050050f20202",
2417 "390400000000" + "dd3d0050f2020201" + 55*"00",
2418 "390400000000" + "dd3d0050f2020201aa300010270000000000000000000000000000000000000000000000000000ffffff7f00000000000000000000000040420f00ffff0000",
2419 "390401010000" + "dd3d0050f2020201aa3000dc050000000000000000000000000000000000000000000000000000dc050000000000000000000000000000808d5b0028230000"]
2421 dev
[0].set("ric_ies", t
)
2422 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
,
2423 test_connectivity
=False)
2424 dev
[0].request("REMOVE_NETWORK all")
2425 dev
[0].wait_disconnected()
2426 dev
[0].dump_monitor()
2428 def ie_hex(ies
, id):
2429 return binascii
.hexlify(struct
.pack('BB', id, len(ies
[id])) + ies
[id]).decode()
2431 def test_ap_ft_reassoc_proto(dev
, apdev
):
2432 """WPA2-PSK-FT AP Reassociation Request frame parsing"""
2434 passphrase
= "12345678"
2436 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2437 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2438 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2439 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2441 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2442 ieee80211w
="1", scan_freq
="2412")
2443 if dev
[0].get_status_field('bssid') == hapd0
.own_addr():
2450 dev
[0].scan_for_bss(hapd2ap
.own_addr(), freq
="2412")
2451 hapd2ap
.set("ext_mgmt_frame_handling", "1")
2452 dev
[0].request("ROAM " + hapd2ap
.own_addr())
2455 req
= hapd2ap
.mgmt_rx()
2456 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']).decode())
2457 if req
['subtype'] == 11:
2461 req
= hapd2ap
.mgmt_rx()
2462 if req
['subtype'] == 2:
2464 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']).decode())
2466 # IEEE 802.11 header + fixed fields before IEs
2467 hdr
= binascii
.hexlify(req
['frame'][0:34]).decode()
2468 ies
= parse_ie(binascii
.hexlify(req
['frame'][34:]))
2469 # First elements: SSID, Supported Rates, Extended Supported Rates
2470 ies1
= ie_hex(ies
, 0) + ie_hex(ies
, 1) + ie_hex(ies
, 50)
2472 rsne
= ie_hex(ies
, 48)
2473 mde
= ie_hex(ies
, 54)
2474 fte
= ie_hex(ies
, 55)
2476 # RSN: Trying to use FT, but MDIE not included
2478 # RSN: Attempted to use unknown MDIE
2479 tests
+= [rsne
+ "3603000000"]
2480 # Invalid RSN pairwise cipher
2481 tests
+= ["30260100000fac040100000fac030100000fac040000010029208a42cd25c85aa571567dce10dae3"]
2482 # FT: No PMKID in RSNIE
2483 tests
+= ["30160100000fac040100000fac040100000fac0400000000" + ie_hex(ies
, 54)]
2485 tests
+= [rsne
+ mde
]
2486 # FT: RIC IE(s) in the frame, but not included in protected IE count
2487 # FT: Failed to parse FT IEs
2488 tests
+= [rsne
+ mde
+ fte
+ "3900"]
2489 # FT: SNonce mismatch in FTIE
2490 tests
+= [rsne
+ mde
+ "37520000" + 16*"00" + 32*"00" + 32*"00"]
2491 # FT: ANonce mismatch in FTIE
2492 tests
+= [rsne
+ mde
+ fte
[0:40] + 32*"00" + fte
[104:]]
2493 # FT: No R0KH-ID subelem in FTIE
2494 tests
+= [rsne
+ mde
+ "3752" + fte
[4:168]]
2495 # FT: R0KH-ID in FTIE did not match with the current R0KH-ID
2496 tests
+= [rsne
+ mde
+ "3755" + fte
[4:168] + "0301ff"]
2497 # FT: No R1KH-ID subelem in FTIE
2498 tests
+= [rsne
+ mde
+ "375e" + fte
[4:168] + "030a" + binascii
.hexlify(b
"nas1.w1.fi").decode()]
2499 # FT: Unknown R1KH-ID used in ReassocReq
2500 tests
+= [rsne
+ mde
+ "3766" + fte
[4:168] + "030a" + binascii
.hexlify(b
"nas1.w1.fi").decode() + "0106000000000000"]
2501 # FT: PMKID in Reassoc Req did not match with the PMKR1Name derived from auth request
2502 tests
+= [rsne
[:-32] + 16*"00" + mde
+ fte
]
2503 # Invalid MIC in FTIE
2504 tests
+= [rsne
+ mde
+ fte
[0:8] + 16*"00" + fte
[40:]]
2506 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr
+ ies1
+ t
)
2508 def test_ap_ft_reassoc_local_fail(dev
, apdev
):
2509 """WPA2-PSK-FT AP Reassociation Request frame and local failure"""
2511 passphrase
= "12345678"
2513 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2514 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2515 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2516 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2518 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2519 ieee80211w
="1", scan_freq
="2412")
2520 if dev
[0].get_status_field('bssid') == hapd0
.own_addr():
2527 dev
[0].scan_for_bss(hapd2ap
.own_addr(), freq
="2412")
2528 # FT: Failed to calculate MIC
2529 with
fail_test(hapd2ap
, 1, "wpa_ft_validate_reassoc"):
2530 dev
[0].request("ROAM " + hapd2ap
.own_addr())
2531 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
2532 dev
[0].request("DISCONNECT")
2534 raise Exception("Association reject not seen")
2536 def test_ap_ft_reassoc_replay(dev
, apdev
, params
):
2537 """WPA2-PSK-FT AP and replayed Reassociation Request frame"""
2538 capfile
= os
.path
.join(params
['logdir'], "hwsim0.pcapng")
2540 passphrase
= "12345678"
2542 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2543 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2544 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2545 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2547 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2549 if dev
[0].get_status_field('bssid') == hapd0
.own_addr():
2556 dev
[0].scan_for_bss(hapd2ap
.own_addr(), freq
="2412")
2557 hapd2ap
.set("ext_mgmt_frame_handling", "1")
2558 dev
[0].dump_monitor()
2559 if "OK" not in dev
[0].request("ROAM " + hapd2ap
.own_addr()):
2560 raise Exception("ROAM failed")
2565 req
= hapd2ap
.mgmt_rx()
2567 hapd2ap
.dump_monitor()
2568 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']).decode())
2569 if req
['subtype'] == 2:
2571 ev
= hapd2ap
.wait_event(["MGMT-TX-STATUS"], timeout
=5)
2573 raise Exception("No TX status seen")
2574 cmd
= "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev
.split(' ')[1:4]))
2575 if "OK" not in hapd2ap
.request(cmd
):
2576 raise Exception("MGMT_TX_STATUS_PROCESS failed")
2578 hapd2ap
.set("ext_mgmt_frame_handling", "0")
2579 if reassocreq
is None:
2580 raise Exception("No Reassociation Request frame seen")
2581 dev
[0].wait_connected()
2582 dev
[0].dump_monitor()
2583 hapd2ap
.dump_monitor()
2585 hwsim_utils
.test_connectivity(dev
[0], hapd2ap
)
2587 logger
.info("Replay the last Reassociation Request frame")
2588 hapd2ap
.dump_monitor()
2589 hapd2ap
.set("ext_mgmt_frame_handling", "1")
2590 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']).decode())
2591 ev
= hapd2ap
.wait_event(["MGMT-TX-STATUS"], timeout
=5)
2593 raise Exception("No TX status seen")
2594 cmd
= "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev
.split(' ')[1:4]))
2595 if "OK" not in hapd2ap
.request(cmd
):
2596 raise Exception("MGMT_TX_STATUS_PROCESS failed")
2597 hapd2ap
.set("ext_mgmt_frame_handling", "0")
2600 hwsim_utils
.test_connectivity(dev
[0], hapd2ap
)
2605 ap
= hapd2ap
.own_addr()
2606 sta
= dev
[0].own_addr()
2607 filt
= "wlan.fc.type == 2 && " + \
2608 "wlan.da == " + sta
+ " && " + \
2610 fields
= ["wlan.ccmp.extiv"]
2611 res
= run_tshark(capfile
, filt
, fields
)
2612 vals
= res
.splitlines()
2613 logger
.info("CCMP PN: " + str(vals
))
2615 raise Exception("Could not find all CCMP protected frames from capture")
2616 if len(set(vals
)) < len(vals
):
2617 raise Exception("Duplicate CCMP PN used")
2620 raise Exception("The second hwsim connectivity test failed")
2622 def test_ap_ft_psk_file(dev
, apdev
):
2623 """WPA2-PSK-FT AP with PSK from a file"""
2625 passphrase
= "12345678"
2627 params
= ft_params1a(ssid
=ssid
, passphrase
=passphrase
)
2628 params
['wpa_psk_file'] = 'hostapd.wpa_psk'
2629 hapd
= hostapd
.add_ap(apdev
[0], params
)
2631 dev
[1].connect(ssid
, psk
="very secret",
2632 key_mgmt
="FT-PSK", proto
="WPA2", ieee80211w
="1",
2633 scan_freq
="2412", wait_connect
=False)
2634 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2635 ieee80211w
="1", scan_freq
="2412")
2636 dev
[0].request("REMOVE_NETWORK all")
2637 dev
[0].wait_disconnected()
2638 dev
[0].connect(ssid
, psk
="very secret", key_mgmt
="FT-PSK", proto
="WPA2",
2639 ieee80211w
="1", scan_freq
="2412")
2640 dev
[0].request("REMOVE_NETWORK all")
2641 dev
[0].wait_disconnected()
2642 dev
[0].connect(ssid
, psk
="secret passphrase",
2643 key_mgmt
="FT-PSK", proto
="WPA2", ieee80211w
="1",
2645 dev
[2].connect(ssid
, psk
="another passphrase for all STAs",
2646 key_mgmt
="FT-PSK", proto
="WPA2", ieee80211w
="1",
2648 ev
= dev
[1].wait_event(["WPA: 4-Way Handshake failed"], timeout
=10)
2650 raise Exception("Timed out while waiting for failure report")
2651 dev
[1].request("REMOVE_NETWORK all")
2653 def test_ap_ft_eap_ap_config_change(dev
, apdev
):
2654 """WPA2-EAP-FT AP changing from 802.1X-only to FT-only"""
2656 passphrase
= "12345678"
2657 bssid
= apdev
[0]['bssid']
2659 radius
= hostapd
.radius_params()
2660 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
, discovery
=True)
2661 params
['wpa_key_mgmt'] = "WPA-EAP"
2662 params
["ieee8021x"] = "1"
2663 params
["pmk_r1_push"] = "0"
2664 params
["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
2665 params
["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
2666 params
["eap_server"] = "0"
2667 params
= dict(list(radius
.items()) + list(params
.items()))
2668 hapd
= hostapd
.add_ap(apdev
[0], params
)
2670 dev
[0].connect(ssid
, key_mgmt
="FT-EAP WPA-EAP", proto
="WPA2",
2671 eap
="GPSK", identity
="gpsk user",
2672 password
="abcdefghijklmnop0123456789abcdef",
2674 dev
[0].request("DISCONNECT")
2675 dev
[0].wait_disconnected()
2676 dev
[0].dump_monitor()
2679 hapd
.set('wpa_key_mgmt', "FT-EAP")
2682 dev
[0].request("BSS_FLUSH 0")
2683 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
2685 dev
[0].request("RECONNECT")
2686 dev
[0].wait_connected()
2688 def test_ap_ft_eap_sha384(dev
, apdev
):
2689 """WPA2-EAP-FT with SHA384"""
2691 passphrase
= "12345678"
2693 radius
= hostapd
.radius_params()
2694 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2695 params
["ieee80211w"] = "2"
2696 params
['wpa_key_mgmt'] = "FT-EAP-SHA384"
2697 params
["ieee8021x"] = "1"
2698 params
= dict(list(radius
.items()) + list(params
.items()))
2699 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2700 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2701 params
["ieee80211w"] = "2"
2702 params
['wpa_key_mgmt'] = "FT-EAP-SHA384"
2703 params
["ieee8021x"] = "1"
2704 params
= dict(list(radius
.items()) + list(params
.items()))
2705 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2707 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, eap
=True,
2710 def test_ap_ft_eap_sha384_over_ds(dev
, apdev
):
2711 """WPA2-EAP-FT with SHA384 over DS"""
2713 passphrase
= "12345678"
2715 radius
= hostapd
.radius_params()
2716 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2717 params
["ieee80211w"] = "2"
2718 params
['wpa_key_mgmt'] = "FT-EAP-SHA384"
2719 params
["ieee8021x"] = "1"
2720 params
= dict(list(radius
.items()) + list(params
.items()))
2721 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2722 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2723 params
["ieee80211w"] = "2"
2724 params
['wpa_key_mgmt'] = "FT-EAP-SHA384"
2725 params
["ieee8021x"] = "1"
2726 params
= dict(list(radius
.items()) + list(params
.items()))
2727 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2729 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
2730 eap
=True, sha384
=True)
2732 def test_ap_ft_roam_rrm(dev
, apdev
):
2733 """WPA2-PSK-FT AP and radio measurement request"""
2735 passphrase
= "12345678"
2737 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2738 params
["rrm_beacon_report"] = "1"
2739 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2740 bssid0
= hapd0
.own_addr()
2742 addr
= dev
[0].own_addr()
2743 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2745 check_beacon_req(hapd0
, addr
, 1)
2747 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2748 params
["rrm_beacon_report"] = "1"
2749 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2750 bssid1
= hapd1
.own_addr()
2752 dev
[0].scan_for_bss(bssid1
, freq
=2412)
2754 check_beacon_req(hapd1
, addr
, 2)
2756 dev
[0].scan_for_bss(bssid0
, freq
=2412)
2758 check_beacon_req(hapd0
, addr
, 3)