]>
git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_ap_ft.py
1 # Fast BSS Transition tests
2 # Copyright (c) 2013-2014, Jouni Malinen <j@w1.fi>
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
12 logger
= logging
.getLogger()
16 from utils
import HwsimSkip
17 from wlantest
import Wlantest
18 from test_ap_psk
import check_mib
, find_wpas_process
, read_process_memory
, verify_not_present
, get_key_locations
21 params
= { "wpa": "2",
22 "wpa_key_mgmt": "FT-PSK",
23 "rsn_pairwise": "CCMP" }
27 params
= { "wpa": "3",
28 "wpa_key_mgmt": "WPA-PSK FT-PSK",
29 "wpa_pairwise": "TKIP",
30 "rsn_pairwise": "CCMP" }
33 def ft_params(rsn
=True, ssid
=None, passphrase
=None):
35 params
= ft_base_rsn()
37 params
= ft_base_mixed()
41 params
["wpa_passphrase"] = passphrase
43 params
["mobility_domain"] = "a1b2"
44 params
["r0_key_lifetime"] = "10000"
45 params
["pmk_r1_push"] = "1"
46 params
["reassociation_deadline"] = "1000"
49 def ft_params1(rsn
=True, ssid
=None, passphrase
=None):
50 params
= ft_params(rsn
, ssid
, passphrase
)
51 params
['nas_identifier'] = "nas1.w1.fi"
52 params
['r1_key_holder'] = "000102030405"
53 params
['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f",
54 "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f" ]
55 params
['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f"
58 def ft_params2(rsn
=True, ssid
=None, passphrase
=None):
59 params
= ft_params(rsn
, ssid
, passphrase
)
60 params
['nas_identifier'] = "nas2.w1.fi"
61 params
['r1_key_holder'] = "000102030406"
62 params
['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f",
63 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f" ]
64 params
['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f"
67 def ft_params1_r0kh_mismatch(rsn
=True, ssid
=None, passphrase
=None):
68 params
= ft_params(rsn
, ssid
, passphrase
)
69 params
['nas_identifier'] = "nas1.w1.fi"
70 params
['r1_key_holder'] = "000102030405"
71 params
['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f",
72 "12:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f" ]
73 params
['r1kh'] = "12:00:00:00:04:00 10:01:02:03:04:06 200102030405060708090a0b0c0d0e0f"
76 def ft_params2_incorrect_rrb_key(rsn
=True, ssid
=None, passphrase
=None):
77 params
= ft_params(rsn
, ssid
, passphrase
)
78 params
['nas_identifier'] = "nas2.w1.fi"
79 params
['r1_key_holder'] = "000102030406"
80 params
['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0ef1",
81 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0ef2" ]
82 params
['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0ef3"
85 def ft_params2_r0kh_mismatch(rsn
=True, ssid
=None, passphrase
=None):
86 params
= ft_params(rsn
, ssid
, passphrase
)
87 params
['nas_identifier'] = "nas2.w1.fi"
88 params
['r1_key_holder'] = "000102030406"
89 params
['r0kh'] = [ "12:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f",
90 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f" ]
91 params
['r1kh'] = "12:00:00:00:03:00 10:01:02:03:04:05 300102030405060708090a0b0c0d0e0f"
94 def run_roams(dev
, apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=False, sae
=False, eap
=False, fail_test
=False, roams
=1):
95 logger
.info("Connect to first AP")
97 dev
.connect(ssid
, key_mgmt
="FT-EAP", proto
="WPA2", ieee80211w
="1",
98 eap
="GPSK", identity
="gpsk user",
99 password
="abcdefghijklmnop0123456789abcdef",
106 dev
.connect(ssid
, psk
=passphrase
, key_mgmt
=key_mgmt
, proto
="WPA2",
107 ieee80211w
="1", scan_freq
="2412")
108 if dev
.get_status_field('bssid') == apdev
[0]['bssid']:
118 hwsim_utils
.test_connectivity(dev
, hapd1ap
)
120 dev
.scan_for_bss(ap2
['bssid'], freq
="2412")
122 for i
in range(0, roams
):
123 logger
.info("Roam to the second AP")
125 dev
.roam_over_ds(ap2
['bssid'], fail_test
=fail_test
)
127 dev
.roam(ap2
['bssid'], fail_test
=fail_test
)
130 if dev
.get_status_field('bssid') != ap2
['bssid']:
131 raise Exception("Did not connect to correct AP")
132 if i
== 0 or i
== roams
- 1:
133 hwsim_utils
.test_connectivity(dev
, hapd2ap
)
135 logger
.info("Roam back to the first AP")
137 dev
.roam_over_ds(ap1
['bssid'])
139 dev
.roam(ap1
['bssid'])
140 if dev
.get_status_field('bssid') != ap1
['bssid']:
141 raise Exception("Did not connect to correct AP")
142 if i
== 0 or i
== roams
- 1:
143 hwsim_utils
.test_connectivity(dev
, hapd1ap
)
145 def test_ap_ft(dev
, apdev
):
148 passphrase
="12345678"
150 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
151 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
152 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
153 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
155 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
156 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
157 raise Exception("Scan results missing RSN element info")
159 def test_ap_ft_many(dev
, apdev
):
160 """WPA2-PSK-FT AP multiple times"""
162 passphrase
="12345678"
164 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
165 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
166 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
167 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
169 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, roams
=50)
171 def test_ap_ft_mixed(dev
, apdev
):
172 """WPA2-PSK-FT mixed-mode AP"""
173 ssid
= "test-ft-mixed"
174 passphrase
="12345678"
176 params
= ft_params1(rsn
=False, ssid
=ssid
, passphrase
=passphrase
)
177 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
178 key_mgmt
= hapd
.get_config()['key_mgmt']
179 vals
= key_mgmt
.split(' ')
180 if vals
[0] != "WPA-PSK" or vals
[1] != "FT-PSK":
181 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
182 params
= ft_params2(rsn
=False, ssid
=ssid
, passphrase
=passphrase
)
183 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
185 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
)
187 def test_ap_ft_pmf(dev
, apdev
):
188 """WPA2-PSK-FT AP with PMF"""
190 passphrase
="12345678"
192 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
193 params
["ieee80211w"] = "2";
194 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
195 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
196 params
["ieee80211w"] = "2";
197 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
199 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
201 def test_ap_ft_over_ds(dev
, apdev
):
202 """WPA2-PSK-FT AP over DS"""
204 passphrase
="12345678"
206 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
207 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
208 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
209 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
211 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
212 check_mib(dev
[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"),
213 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4") ])
215 def test_ap_ft_over_ds_many(dev
, apdev
):
216 """WPA2-PSK-FT AP over DS multiple times"""
218 passphrase
="12345678"
220 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
221 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
222 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
223 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
225 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
228 def test_ap_ft_over_ds_unknown_target(dev
, apdev
):
231 passphrase
="12345678"
233 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
234 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
236 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
238 dev
[0].roam_over_ds("02:11:22:33:44:55", fail_test
=True)
240 def test_ap_ft_over_ds_unexpected(dev
, apdev
):
241 """WPA2-PSK-FT AP over DS and unexpected response"""
243 passphrase
="12345678"
245 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
246 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
247 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
248 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
250 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
252 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
263 addr
= dev
[0].own_addr()
264 hapd1ap
.set("ext_mgmt_frame_handling", "1")
265 logger
.info("Foreign STA address")
269 msg
['sa'] = ap1
['bssid']
270 msg
['bssid'] = ap1
['bssid']
271 msg
['payload'] = binascii
.unhexlify("06021122334455660102030405060000")
274 logger
.info("No over-the-DS in progress")
275 msg
['payload'] = binascii
.unhexlify("0602" + addr
.replace(':', '') + "0102030405060000")
278 logger
.info("Non-zero status code")
279 msg
['payload'] = binascii
.unhexlify("0602" + addr
.replace(':', '') + "0102030405060100")
282 hapd1ap
.dump_monitor()
284 dev
[0].scan_for_bss(ap2
['bssid'], freq
="2412")
285 if "OK" not in dev
[0].request("FT_DS " + ap2
['bssid']):
286 raise Exception("FT_DS failed")
288 req
= hapd1ap
.mgmt_rx()
290 logger
.info("Foreign Target AP")
291 msg
['payload'] = binascii
.unhexlify("0602" + addr
.replace(':', '') + "0102030405060000")
294 addrs
= addr
.replace(':', '') + ap2
['bssid'].replace(':', '')
296 logger
.info("No IEs")
297 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "0000")
300 logger
.info("Invalid IEs (trigger parsing failure)")
301 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003700")
304 logger
.info("Too short MDIE")
305 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "000036021122")
308 logger
.info("Mobility domain mismatch")
309 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603112201")
312 logger
.info("No FTIE")
313 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201")
316 logger
.info("FTIE SNonce mismatch")
317 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "1000000000000000000000000000000000000000000000000000000000000001" + "030a6e6173322e77312e6669")
320 logger
.info("No R0KH-ID subelem in FTIE")
321 snonce
= binascii
.hexlify(req
['payload'][111:111+32])
322 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b20137520000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
)
325 logger
.info("No R0KH-ID subelem mismatch in FTIE")
326 snonce
= binascii
.hexlify(req
['payload'][111:111+32])
327 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
+ "030a11223344556677889900")
330 logger
.info("No R1KH-ID subelem in FTIE")
331 r0khid
= binascii
.hexlify(req
['payload'][145:145+10])
332 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
+ "030a" + r0khid
)
335 logger
.info("No RSNE")
336 r0khid
= binascii
.hexlify(req
['payload'][145:145+10])
337 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b20137660000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
+ "030a" + r0khid
+ "0106000102030405")
340 def test_ap_ft_pmf_over_ds(dev
, apdev
):
341 """WPA2-PSK-FT AP over DS with PMF"""
343 passphrase
="12345678"
345 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
346 params
["ieee80211w"] = "2";
347 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
348 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
349 params
["ieee80211w"] = "2";
350 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
352 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
354 def test_ap_ft_over_ds_pull(dev
, apdev
):
355 """WPA2-PSK-FT AP over DS (pull PMK)"""
357 passphrase
="12345678"
359 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
360 params
["pmk_r1_push"] = "0"
361 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
362 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
363 params
["pmk_r1_push"] = "0"
364 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
366 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
368 def test_ap_ft_sae(dev
, apdev
):
369 """WPA2-PSK-FT-SAE AP"""
370 if "SAE" not in dev
[0].get_capability("auth_alg"):
371 raise HwsimSkip("SAE not supported")
373 passphrase
="12345678"
375 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
376 params
['wpa_key_mgmt'] = "FT-SAE"
377 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
378 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
379 params
['wpa_key_mgmt'] = "FT-SAE"
380 hapd
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
381 key_mgmt
= hapd
.get_config()['key_mgmt']
382 if key_mgmt
.split(' ')[0] != "FT-SAE":
383 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
385 dev
[0].request("SET sae_groups ")
386 run_roams(dev
[0], apdev
, hapd0
, hapd
, ssid
, passphrase
, sae
=True)
388 def test_ap_ft_sae_over_ds(dev
, apdev
):
389 """WPA2-PSK-FT-SAE AP over DS"""
390 if "SAE" not in dev
[0].get_capability("auth_alg"):
391 raise HwsimSkip("SAE not supported")
393 passphrase
="12345678"
395 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
396 params
['wpa_key_mgmt'] = "FT-SAE"
397 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
398 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
399 params
['wpa_key_mgmt'] = "FT-SAE"
400 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
402 dev
[0].request("SET sae_groups ")
403 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, sae
=True,
406 def test_ap_ft_eap(dev
, apdev
):
409 passphrase
="12345678"
411 radius
= hostapd
.radius_params()
412 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
413 params
['wpa_key_mgmt'] = "FT-EAP"
414 params
["ieee8021x"] = "1"
415 params
= dict(radius
.items() + params
.items())
416 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
417 key_mgmt
= hapd
.get_config()['key_mgmt']
418 if key_mgmt
.split(' ')[0] != "FT-EAP":
419 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
420 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
421 params
['wpa_key_mgmt'] = "FT-EAP"
422 params
["ieee8021x"] = "1"
423 params
= dict(radius
.items() + params
.items())
424 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
426 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
, eap
=True)
427 if "[WPA2-FT/EAP-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
428 raise Exception("Scan results missing RSN element info")
429 check_mib(dev
[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-3"),
430 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-3") ])
432 def test_ap_ft_eap_pull(dev
, apdev
):
433 """WPA2-EAP-FT AP (pull PMK)"""
435 passphrase
="12345678"
437 radius
= hostapd
.radius_params()
438 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
439 params
['wpa_key_mgmt'] = "FT-EAP"
440 params
["ieee8021x"] = "1"
441 params
["pmk_r1_push"] = "0"
442 params
= dict(radius
.items() + params
.items())
443 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
444 key_mgmt
= hapd
.get_config()['key_mgmt']
445 if key_mgmt
.split(' ')[0] != "FT-EAP":
446 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
447 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
448 params
['wpa_key_mgmt'] = "FT-EAP"
449 params
["ieee8021x"] = "1"
450 params
["pmk_r1_push"] = "0"
451 params
= dict(radius
.items() + params
.items())
452 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
454 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
, eap
=True)
456 def test_ap_ft_mismatching_rrb_key_push(dev
, apdev
):
457 """WPA2-PSK-FT AP over DS with mismatching RRB key (push)"""
459 passphrase
="12345678"
461 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
462 params
["ieee80211w"] = "2";
463 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
464 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
465 params
["ieee80211w"] = "2";
466 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
468 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
471 def test_ap_ft_mismatching_rrb_key_pull(dev
, apdev
):
472 """WPA2-PSK-FT AP over DS with mismatching RRB key (pull)"""
474 passphrase
="12345678"
476 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
477 params
["pmk_r1_push"] = "0"
478 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
479 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
480 params
["pmk_r1_push"] = "0"
481 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
483 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
486 def test_ap_ft_mismatching_r0kh_id_pull(dev
, apdev
):
487 """WPA2-PSK-FT AP over DS with mismatching R0KH-ID (pull)"""
489 passphrase
="12345678"
491 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
492 params
["pmk_r1_push"] = "0"
493 params
["nas_identifier"] = "nas0.w1.fi"
494 hostapd
.add_ap(apdev
[0]['ifname'], params
)
495 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
498 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
499 params
["pmk_r1_push"] = "0"
500 hostapd
.add_ap(apdev
[1]['ifname'], params
)
502 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
503 dev
[0].roam_over_ds(apdev
[1]['bssid'], fail_test
=True)
505 def test_ap_ft_mismatching_rrb_r0kh_push(dev
, apdev
):
506 """WPA2-PSK-FT AP over DS with mismatching R0KH key (push)"""
508 passphrase
="12345678"
510 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
511 params
["ieee80211w"] = "2";
512 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
513 params
= ft_params2_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
514 params
["ieee80211w"] = "2";
515 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
517 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
520 def test_ap_ft_mismatching_rrb_r0kh_pull(dev
, apdev
):
521 """WPA2-PSK-FT AP over DS with mismatching R0KH key (pull)"""
523 passphrase
="12345678"
525 params
= ft_params1_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
526 params
["pmk_r1_push"] = "0"
527 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
528 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
529 params
["pmk_r1_push"] = "0"
530 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
532 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
535 def test_ap_ft_gtk_rekey(dev
, apdev
):
536 """WPA2-PSK-FT AP and GTK rekey"""
538 passphrase
="12345678"
540 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
541 params
['wpa_group_rekey'] = '1'
542 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
544 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
545 ieee80211w
="1", scan_freq
="2412")
547 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
549 raise Exception("GTK rekey timed out after initial association")
550 hwsim_utils
.test_connectivity(dev
[0], hapd
)
552 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
553 params
['wpa_group_rekey'] = '1'
554 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
556 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
557 dev
[0].roam(apdev
[1]['bssid'])
558 if dev
[0].get_status_field('bssid') != apdev
[1]['bssid']:
559 raise Exception("Did not connect to correct AP")
560 hwsim_utils
.test_connectivity(dev
[0], hapd1
)
562 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
564 raise Exception("GTK rekey timed out after FT protocol")
565 hwsim_utils
.test_connectivity(dev
[0], hapd1
)
567 def test_ft_psk_key_lifetime_in_memory(dev
, apdev
, params
):
568 """WPA2-PSK-FT and key lifetime in memory"""
570 passphrase
="04c2726b4b8d5f1b4db9c07aa4d9e9d8f765cb5d25ec817e6cc4fcdd5255db0"
571 psk
= '93c90846ff67af9037ed83fb72b63dbeddaa81d47f926c20909b5886f1d9358d'
572 pmk
= binascii
.unhexlify(psk
)
573 p
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
574 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], p
)
575 p
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
576 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], p
)
578 pid
= find_wpas_process(dev
[0])
580 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
584 buf
= read_process_memory(pid
, pmk
)
586 dev
[0].request("DISCONNECT")
587 dev
[0].wait_disconnected()
594 with
open(os
.path
.join(params
['logdir'], 'log0'), 'r') as f
:
595 for l
in f
.readlines():
596 if "FT: PMK-R0 - hexdump" in l
:
597 val
= l
.strip().split(':')[3].replace(' ', '')
598 pmkr0
= binascii
.unhexlify(val
)
599 if "FT: PMK-R1 - hexdump" in l
:
600 val
= l
.strip().split(':')[3].replace(' ', '')
601 pmkr1
= binascii
.unhexlify(val
)
602 if "FT: KCK - hexdump" in l
:
603 val
= l
.strip().split(':')[3].replace(' ', '')
604 kck
= binascii
.unhexlify(val
)
605 if "FT: KEK - hexdump" in l
:
606 val
= l
.strip().split(':')[3].replace(' ', '')
607 kek
= binascii
.unhexlify(val
)
608 if "FT: TK - hexdump" in l
:
609 val
= l
.strip().split(':')[3].replace(' ', '')
610 tk
= binascii
.unhexlify(val
)
611 if "WPA: Group Key - hexdump" in l
:
612 val
= l
.strip().split(':')[3].replace(' ', '')
613 gtk
= binascii
.unhexlify(val
)
614 if not pmkr0
or not pmkr1
or not kck
or not kek
or not tk
or not gtk
:
615 raise Exception("Could not find keys from debug log")
617 raise Exception("Unexpected GTK length")
619 logger
.info("Checking keys in memory while associated")
620 get_key_locations(buf
, pmk
, "PMK")
621 get_key_locations(buf
, pmkr0
, "PMK-R0")
622 get_key_locations(buf
, pmkr1
, "PMK-R1")
624 raise HwsimSkip("PMK not found while associated")
626 raise HwsimSkip("PMK-R0 not found while associated")
628 raise HwsimSkip("PMK-R1 not found while associated")
630 raise Exception("KCK not found while associated")
632 raise Exception("KEK not found while associated")
634 raise Exception("TK found from memory")
636 raise Exception("GTK found from memory")
638 logger
.info("Checking keys in memory after disassociation")
639 buf
= read_process_memory(pid
, pmk
)
640 get_key_locations(buf
, pmk
, "PMK")
641 get_key_locations(buf
, pmkr0
, "PMK-R0")
642 get_key_locations(buf
, pmkr1
, "PMK-R1")
644 # Note: PMK/PSK is still present in network configuration
646 fname
= os
.path
.join(params
['logdir'],
647 'ft_psk_key_lifetime_in_memory.memctx-')
648 verify_not_present(buf
, pmkr0
, fname
, "PMK-R0")
649 verify_not_present(buf
, pmkr1
, fname
, "PMK-R1")
650 verify_not_present(buf
, kck
, fname
, "KCK")
651 verify_not_present(buf
, kek
, fname
, "KEK")
652 verify_not_present(buf
, tk
, fname
, "TK")
653 verify_not_present(buf
, gtk
, fname
, "GTK")
655 dev
[0].request("REMOVE_NETWORK all")
657 logger
.info("Checking keys in memory after network profile removal")
658 buf
= read_process_memory(pid
, pmk
)
659 get_key_locations(buf
, pmk
, "PMK")
660 get_key_locations(buf
, pmkr0
, "PMK-R0")
661 get_key_locations(buf
, pmkr1
, "PMK-R1")
663 verify_not_present(buf
, pmk
, fname
, "PMK")
664 verify_not_present(buf
, pmkr0
, fname
, "PMK-R0")
665 verify_not_present(buf
, pmkr1
, fname
, "PMK-R1")
666 verify_not_present(buf
, kck
, fname
, "KCK")
667 verify_not_present(buf
, kek
, fname
, "KEK")
668 verify_not_present(buf
, tk
, fname
, "TK")
669 verify_not_present(buf
, gtk
, fname
, "GTK")