1 # Fast BSS Transition tests
2 # Copyright (c) 2013-2019, Jouni Malinen <j@w1.fi>
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
7 from remotehost
import remote_compatible
12 logger
= logging
.getLogger()
18 from hwsim
import HWSimRadio
20 from tshark
import run_tshark
21 from utils
import HwsimSkip
, alloc_fail
, fail_test
, wait_fail_trigger
, skip_with_fips
, parse_ie
22 from wlantest
import Wlantest
23 from test_ap_psk
import check_mib
, find_wpas_process
, read_process_memory
, verify_not_present
, get_key_locations
24 from test_rrm
import check_beacon_req
25 from test_suite_b
import check_suite_b_192_capa
29 "wpa_key_mgmt": "FT-PSK",
30 "rsn_pairwise": "CCMP"}
35 "wpa_key_mgmt": "WPA-PSK FT-PSK",
36 "wpa_pairwise": "TKIP",
37 "rsn_pairwise": "CCMP"}
40 def ft_params(rsn
=True, ssid
=None, passphrase
=None):
42 params
= ft_base_rsn()
44 params
= ft_base_mixed()
48 params
["wpa_passphrase"] = passphrase
50 params
["mobility_domain"] = "a1b2"
51 params
["r0_key_lifetime"] = "10000"
52 params
["pmk_r1_push"] = "1"
53 params
["reassociation_deadline"] = "1000"
56 def ft_params1a(rsn
=True, ssid
=None, passphrase
=None):
57 params
= ft_params(rsn
, ssid
, passphrase
)
58 params
['nas_identifier'] = "nas1.w1.fi"
59 params
['r1_key_holder'] = "000102030405"
62 def ft_params1(rsn
=True, ssid
=None, passphrase
=None, discovery
=False):
63 params
= ft_params1a(rsn
, ssid
, passphrase
)
65 params
['r0kh'] = "ff:ff:ff:ff:ff:ff * 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
66 params
['r1kh'] = "00:00:00:00:00:00 00:00:00:00:00:00 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
68 params
['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f",
69 "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"]
70 params
['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f"
73 def ft_params1_old_key(rsn
=True, ssid
=None, passphrase
=None):
74 params
= ft_params1a(rsn
, ssid
, passphrase
)
75 params
['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f",
76 "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f"]
77 params
['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f"
80 def ft_params2a(rsn
=True, ssid
=None, passphrase
=None):
81 params
= ft_params(rsn
, ssid
, passphrase
)
82 params
['nas_identifier'] = "nas2.w1.fi"
83 params
['r1_key_holder'] = "000102030406"
86 def ft_params2(rsn
=True, ssid
=None, passphrase
=None, discovery
=False):
87 params
= ft_params2a(rsn
, ssid
, passphrase
)
89 params
['r0kh'] = "ff:ff:ff:ff:ff:ff * 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
90 params
['r1kh'] = "00:00:00:00:00:00 00:00:00:00:00:00 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
92 params
['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f",
93 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f"]
94 params
['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"
97 def ft_params2_old_key(rsn
=True, ssid
=None, passphrase
=None):
98 params
= ft_params2a(rsn
, ssid
, passphrase
)
99 params
['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f",
100 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f"]
101 params
['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f"
104 def ft_params1_r0kh_mismatch(rsn
=True, ssid
=None, passphrase
=None):
105 params
= ft_params(rsn
, ssid
, passphrase
)
106 params
['nas_identifier'] = "nas1.w1.fi"
107 params
['r1_key_holder'] = "000102030405"
108 params
['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f",
109 "12:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"]
110 params
['r1kh'] = "12:00:00:00:04:00 10:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f"
113 def ft_params2_incorrect_rrb_key(rsn
=True, ssid
=None, passphrase
=None):
114 params
= ft_params(rsn
, ssid
, passphrase
)
115 params
['nas_identifier'] = "nas2.w1.fi"
116 params
['r1_key_holder'] = "000102030406"
117 params
['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0ef1200102030405060708090a0b0c0d0ef1",
118 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0ef2000102030405060708090a0b0c0d0ef2"]
119 params
['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0ef3300102030405060708090a0b0c0d0ef3"
122 def ft_params2_r0kh_mismatch(rsn
=True, ssid
=None, passphrase
=None):
123 params
= ft_params(rsn
, ssid
, passphrase
)
124 params
['nas_identifier'] = "nas2.w1.fi"
125 params
['r1_key_holder'] = "000102030406"
126 params
['r0kh'] = ["12:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f",
127 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f"]
128 params
['r1kh'] = "12:00:00:00:03:00 10:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"
131 def run_roams(dev
, apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=False,
132 sae
=False, eap
=False, fail_test
=False, roams
=1,
133 pairwise_cipher
="CCMP", group_cipher
="TKIP CCMP", ptk_rekey
="0",
134 test_connectivity
=True, eap_identity
="gpsk user", conndev
=False,
135 force_initial_conn_to_first_ap
=False, sha384
=False,
136 group_mgmt
=None, ocv
=None, sae_password
=None,
137 sae_password_id
=None, sae_and_psk
=False, pmksa_caching
=False,
138 roam_with_reassoc
=False, also_non_ft
=False, only_one_way
=False,
139 wait_before_roam
=0, return_after_initial
=False, ieee80211w
="1"):
140 logger
.info("Connect to first AP")
143 copts
["proto"] = "WPA2"
144 copts
["ieee80211w"] = ieee80211w
145 copts
["scan_freq"] = "2412"
146 copts
["pairwise"] = pairwise_cipher
147 copts
["group"] = group_cipher
148 copts
["wpa_ptk_rekey"] = ptk_rekey
150 copts
["group_mgmt"] = group_mgmt
155 copts
["ft_eap_pmksa_caching"] = "1"
157 copts
["key_mgmt"] = "WPA-EAP-SUITE-B-192 FT-EAP-SHA384" if sha384
else "WPA-EAP FT-EAP"
159 copts
["key_mgmt"] = "FT-EAP-SHA384" if sha384
else "FT-EAP"
160 copts
["eap"] = "GPSK"
161 copts
["identity"] = eap_identity
162 copts
["password"] = "abcdefghijklmnop0123456789abcdef"
165 copts
["key_mgmt"] = "SAE FT-SAE" if sae_and_psk
else "FT-SAE"
167 copts
["key_mgmt"] = "FT-PSK"
169 copts
["psk"] = passphrase
171 copts
["sae_password"] = sae_password
173 copts
["sae_password_id"] = sae_password_id
174 if force_initial_conn_to_first_ap
:
175 copts
["bssid"] = apdev
[0]['bssid']
176 netw
= dev
.connect(ssid
, **copts
)
178 dev
.request("DISCONNECT")
179 dev
.wait_disconnected()
180 dev
.request("RECONNECT")
181 ev
= dev
.wait_event(["CTRL-EVENT-CONNECTED",
182 "CTRL-EVENT-DISCONNECTED",
183 "CTRL-EVENT-EAP-STARTED"],
186 raise Exception("Reconnect timed out")
187 if "CTRL-EVENT-DISCONNECTED" in ev
:
188 raise Exception("Unexpected disconnection after RECONNECT")
189 if "CTRL-EVENT-EAP-STARTED" in ev
:
190 raise Exception("Unexpected EAP start after RECONNECT")
192 if dev
.get_status_field('bssid') == apdev
[0]['bssid']:
202 if test_connectivity
:
205 hwsim_utils
.test_connectivity_iface(dev
, hapd1ap
, conndev
)
207 hwsim_utils
.test_connectivity(dev
, hapd1ap
)
209 if return_after_initial
:
213 time
.sleep(wait_before_roam
)
214 dev
.scan_for_bss(ap2
['bssid'], freq
="2412")
216 for i
in range(0, roams
):
217 # Roaming artificially fast can make data test fail because the key is
220 logger
.info("Roam to the second AP")
221 if roam_with_reassoc
:
222 dev
.set_network(netw
, "bssid", ap2
['bssid'])
223 dev
.request("REASSOCIATE")
226 dev
.roam_over_ds(ap2
['bssid'], fail_test
=fail_test
)
228 dev
.roam(ap2
['bssid'], fail_test
=fail_test
)
231 if dev
.get_status_field('bssid') != ap2
['bssid']:
232 raise Exception("Did not connect to correct AP")
233 if (i
== 0 or i
== roams
- 1) and test_connectivity
:
236 hwsim_utils
.test_connectivity_iface(dev
, hapd2ap
, conndev
)
238 hwsim_utils
.test_connectivity(dev
, hapd2ap
)
242 # Roaming artificially fast can make data test fail because the key is
245 logger
.info("Roam back to the first AP")
246 if roam_with_reassoc
:
247 dev
.set_network(netw
, "bssid", ap1
['bssid'])
248 dev
.request("REASSOCIATE")
251 dev
.roam_over_ds(ap1
['bssid'])
253 dev
.roam(ap1
['bssid'])
254 if dev
.get_status_field('bssid') != ap1
['bssid']:
255 raise Exception("Did not connect to correct AP")
256 if (i
== 0 or i
== roams
- 1) and test_connectivity
:
259 hwsim_utils
.test_connectivity_iface(dev
, hapd1ap
, conndev
)
261 hwsim_utils
.test_connectivity(dev
, hapd1ap
)
263 def test_ap_ft(dev
, apdev
):
266 passphrase
= "12345678"
268 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
269 hapd0
= hostapd
.add_ap(apdev
[0], params
)
270 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
271 hapd1
= hostapd
.add_ap(apdev
[1], params
)
273 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
274 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
275 raise Exception("Scan results missing RSN element info")
277 def test_ap_ft_old_key(dev
, apdev
):
278 """WPA2-PSK-FT AP (old key)"""
280 passphrase
= "12345678"
282 params
= ft_params1_old_key(ssid
=ssid
, passphrase
=passphrase
)
283 hapd0
= hostapd
.add_ap(apdev
[0], params
)
284 params
= ft_params2_old_key(ssid
=ssid
, passphrase
=passphrase
)
285 hapd1
= hostapd
.add_ap(apdev
[1], params
)
287 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
289 def test_ap_ft_multi_akm(dev
, apdev
):
290 """WPA2-PSK-FT AP with non-FT AKMs enabled"""
292 passphrase
= "12345678"
294 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
295 params
["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256"
296 hapd0
= hostapd
.add_ap(apdev
[0], params
)
297 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
298 params
["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256"
299 hapd1
= hostapd
.add_ap(apdev
[1], params
)
301 Wlantest
.setup(hapd0
)
304 wt
.add_passphrase(passphrase
)
306 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
307 if "[WPA2-PSK+FT/PSK+PSK-SHA256-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
308 raise Exception("Scan results missing RSN element info")
309 dev
[1].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
310 dev
[2].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK-SHA256",
313 def test_ap_ft_local_key_gen(dev
, apdev
):
314 """WPA2-PSK-FT AP with local key generation (without pull/push)"""
316 passphrase
= "12345678"
318 params
= ft_params1a(ssid
=ssid
, passphrase
=passphrase
)
319 params
['ft_psk_generate_local'] = "1"
320 del params
['pmk_r1_push']
321 hapd0
= hostapd
.add_ap(apdev
[0], params
)
322 params
= ft_params2a(ssid
=ssid
, passphrase
=passphrase
)
323 params
['ft_psk_generate_local'] = "1"
324 del params
['pmk_r1_push']
325 hapd1
= hostapd
.add_ap(apdev
[1], params
)
327 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
328 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
329 raise Exception("Scan results missing RSN element info")
331 def test_ap_ft_vlan(dev
, apdev
):
332 """WPA2-PSK-FT AP with VLAN"""
334 passphrase
= "12345678"
336 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
337 params
['dynamic_vlan'] = "1"
338 params
['accept_mac_file'] = "hostapd.accept"
339 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
341 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
342 params
['dynamic_vlan'] = "1"
343 params
['accept_mac_file'] = "hostapd.accept"
344 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
346 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, conndev
="brvlan1")
347 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
348 raise Exception("Scan results missing RSN element info")
350 def test_ap_ft_vlan_disconnected(dev
, apdev
):
351 """WPA2-PSK-FT AP with VLAN and local key generation"""
353 passphrase
= "12345678"
355 params
= ft_params1a(ssid
=ssid
, passphrase
=passphrase
)
356 params
['dynamic_vlan'] = "1"
357 params
['accept_mac_file'] = "hostapd.accept"
358 params
['ft_psk_generate_local'] = "1"
359 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
361 params
= ft_params2a(ssid
=ssid
, passphrase
=passphrase
)
362 params
['dynamic_vlan'] = "1"
363 params
['accept_mac_file'] = "hostapd.accept"
364 params
['ft_psk_generate_local'] = "1"
365 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
367 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, conndev
="brvlan1")
368 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
369 raise Exception("Scan results missing RSN element info")
371 def test_ap_ft_vlan_2(dev
, apdev
):
372 """WPA2-PSK-FT AP with VLAN and dest-AP does not have VLAN info locally"""
374 passphrase
= "12345678"
376 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
377 params
['dynamic_vlan'] = "1"
378 params
['accept_mac_file'] = "hostapd.accept"
379 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
381 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
382 params
['dynamic_vlan'] = "1"
383 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
385 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, conndev
="brvlan1",
386 force_initial_conn_to_first_ap
=True)
387 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
388 raise Exception("Scan results missing RSN element info")
390 def test_ap_ft_many(dev
, apdev
):
391 """WPA2-PSK-FT AP multiple times"""
393 passphrase
= "12345678"
395 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
396 hapd0
= hostapd
.add_ap(apdev
[0], params
)
397 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
398 hapd1
= hostapd
.add_ap(apdev
[1], params
)
400 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, roams
=50)
402 def test_ap_ft_many_vlan(dev
, apdev
):
403 """WPA2-PSK-FT AP with VLAN multiple times"""
405 passphrase
= "12345678"
407 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
408 params
['dynamic_vlan'] = "1"
409 params
['accept_mac_file'] = "hostapd.accept"
410 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
412 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
413 params
['dynamic_vlan'] = "1"
414 params
['accept_mac_file'] = "hostapd.accept"
415 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
417 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, roams
=50,
420 def test_ap_ft_mixed(dev
, apdev
):
421 """WPA2-PSK-FT mixed-mode AP"""
422 ssid
= "test-ft-mixed"
423 passphrase
= "12345678"
425 params
= ft_params1(rsn
=False, ssid
=ssid
, passphrase
=passphrase
)
426 hapd
= hostapd
.add_ap(apdev
[0], params
)
427 key_mgmt
= hapd
.get_config()['key_mgmt']
428 vals
= key_mgmt
.split(' ')
429 if vals
[0] != "WPA-PSK" or vals
[1] != "FT-PSK":
430 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
431 params
= ft_params2(rsn
=False, ssid
=ssid
, passphrase
=passphrase
)
432 hapd1
= hostapd
.add_ap(apdev
[1], params
)
434 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
)
436 def test_ap_ft_pmf(dev
, apdev
):
437 """WPA2-PSK-FT AP with PMF"""
438 run_ap_ft_pmf(dev
, apdev
, "1")
440 def test_ap_ft_pmf_over_ds(dev
, apdev
):
441 """WPA2-PSK-FT AP with PMF (over DS)"""
442 run_ap_ft_pmf(dev
, apdev
, "1", over_ds
=True)
444 def test_ap_ft_pmf_required(dev
, apdev
):
445 """WPA2-PSK-FT AP with PMF required on STA"""
446 run_ap_ft_pmf(dev
, apdev
, "2")
448 def test_ap_ft_pmf_required_over_ds(dev
, apdev
):
449 """WPA2-PSK-FT AP with PMF required on STA (over DS)"""
450 run_ap_ft_pmf(dev
, apdev
, "2", over_ds
=True)
452 def run_ap_ft_pmf(dev
, apdev
, ieee80211w
, over_ds
=False):
454 passphrase
= "12345678"
456 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
457 params
["ieee80211w"] = "2"
458 hapd0
= hostapd
.add_ap(apdev
[0], params
)
459 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
460 params
["ieee80211w"] = "2"
461 hapd1
= hostapd
.add_ap(apdev
[1], params
)
463 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
,
464 ieee80211w
=ieee80211w
, over_ds
=over_ds
)
466 def test_ap_ft_pmf_required_mismatch(dev
, apdev
):
467 """WPA2-PSK-FT AP with PMF required on STA but AP2 not enabling PMF"""
468 run_ap_ft_pmf_required_mismatch(dev
, apdev
)
470 def test_ap_ft_pmf_required_mismatch_over_ds(dev
, apdev
):
471 """WPA2-PSK-FT AP with PMF required on STA but AP2 not enabling PMF (over DS)"""
472 run_ap_ft_pmf_required_mismatch(dev
, apdev
, over_ds
=True)
474 def run_ap_ft_pmf_required_mismatch(dev
, apdev
, over_ds
=False):
476 passphrase
= "12345678"
478 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
479 params
["ieee80211w"] = "2"
480 hapd0
= hostapd
.add_ap(apdev
[0], params
)
481 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
482 params
["ieee80211w"] = "0"
483 hapd1
= hostapd
.add_ap(apdev
[1], params
)
485 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, ieee80211w
="2",
486 force_initial_conn_to_first_ap
=True, fail_test
=True,
489 def test_ap_ft_pmf_bip_cmac_128(dev
, apdev
):
490 """WPA2-PSK-FT AP with PMF/BIP-CMAC-128"""
491 run_ap_ft_pmf_bip(dev
, apdev
, "AES-128-CMAC")
493 def test_ap_ft_pmf_bip_gmac_128(dev
, apdev
):
494 """WPA2-PSK-FT AP with PMF/BIP-GMAC-128"""
495 run_ap_ft_pmf_bip(dev
, apdev
, "BIP-GMAC-128")
497 def test_ap_ft_pmf_bip_gmac_256(dev
, apdev
):
498 """WPA2-PSK-FT AP with PMF/BIP-GMAC-256"""
499 run_ap_ft_pmf_bip(dev
, apdev
, "BIP-GMAC-256")
501 def test_ap_ft_pmf_bip_cmac_256(dev
, apdev
):
502 """WPA2-PSK-FT AP with PMF/BIP-CMAC-256"""
503 run_ap_ft_pmf_bip(dev
, apdev
, "BIP-CMAC-256")
505 def run_ap_ft_pmf_bip(dev
, apdev
, cipher
):
506 if cipher
not in dev
[0].get_capability("group_mgmt"):
507 raise HwsimSkip("Cipher %s not supported" % cipher
)
510 passphrase
= "12345678"
512 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
513 params
["ieee80211w"] = "2"
514 params
["group_mgmt_cipher"] = cipher
515 hapd0
= hostapd
.add_ap(apdev
[0], params
)
516 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
517 params
["ieee80211w"] = "2"
518 params
["group_mgmt_cipher"] = cipher
519 hapd1
= hostapd
.add_ap(apdev
[1], params
)
521 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
,
524 def test_ap_ft_ocv(dev
, apdev
):
525 """WPA2-PSK-FT AP with OCV"""
527 passphrase
= "12345678"
529 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
530 params
["ieee80211w"] = "2"
533 hapd0
= hostapd
.add_ap(apdev
[0], params
)
534 except Exception as e
:
535 if "Failed to set hostapd parameter ocv" in str(e
):
536 raise HwsimSkip("OCV not supported")
538 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
539 params
["ieee80211w"] = "2"
541 hapd1
= hostapd
.add_ap(apdev
[1], params
)
543 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, ocv
="1")
545 def test_ap_ft_over_ds(dev
, apdev
):
546 """WPA2-PSK-FT AP over DS"""
548 passphrase
= "12345678"
550 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
551 hapd0
= hostapd
.add_ap(apdev
[0], params
)
552 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
553 hapd1
= hostapd
.add_ap(apdev
[1], params
)
555 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
556 check_mib(dev
[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"),
557 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4")])
559 def cleanup_ap_ft_separate_hostapd():
560 subprocess
.call(["brctl", "delif", "br0ft", "veth0"],
561 stderr
=open('/dev/null', 'w'))
562 subprocess
.call(["brctl", "delif", "br1ft", "veth1"],
563 stderr
=open('/dev/null', 'w'))
564 subprocess
.call(["ip", "link", "del", "veth0"],
565 stderr
=open('/dev/null', 'w'))
566 subprocess
.call(["ip", "link", "del", "veth1"],
567 stderr
=open('/dev/null', 'w'))
568 for ifname
in ['br0ft', 'br1ft', 'br-ft']:
569 subprocess
.call(['ip', 'link', 'set', 'dev', ifname
, 'down'],
570 stderr
=open('/dev/null', 'w'))
571 subprocess
.call(['brctl', 'delbr', ifname
],
572 stderr
=open('/dev/null', 'w'))
574 def test_ap_ft_separate_hostapd(dev
, apdev
, params
):
575 """WPA2-PSK-FT AP and separate hostapd process"""
577 run_ap_ft_separate_hostapd(dev
, apdev
, params
, False)
579 cleanup_ap_ft_separate_hostapd()
581 def test_ap_ft_over_ds_separate_hostapd(dev
, apdev
, params
):
582 """WPA2-PSK-FT AP over DS and separate hostapd process"""
584 run_ap_ft_separate_hostapd(dev
, apdev
, params
, True)
586 cleanup_ap_ft_separate_hostapd()
588 def run_ap_ft_separate_hostapd(dev
, apdev
, params
, over_ds
):
590 passphrase
= "12345678"
591 logdir
= params
['logdir']
592 pidfile
= os
.path
.join(logdir
, 'ap_ft_over_ds_separate_hostapd.pid')
593 logfile
= os
.path
.join(logdir
, 'ap_ft_over_ds_separate_hostapd.hapd')
594 global_ctrl
= '/var/run/hostapd-ft'
598 subprocess
.check_call(['brctl', 'addbr', br_ifname
])
599 subprocess
.check_call(['brctl', 'setfd', br_ifname
, '0'])
600 subprocess
.check_call(['ip', 'link', 'set', 'dev', br_ifname
, 'up'])
602 subprocess
.check_call(["ip", "link", "add", "veth0", "type", "veth",
603 "peer", "name", "veth0br"])
604 subprocess
.check_call(["ip", "link", "add", "veth1", "type", "veth",
605 "peer", "name", "veth1br"])
606 subprocess
.check_call(['ip', 'link', 'set', 'dev', 'veth0br', 'up'])
607 subprocess
.check_call(['ip', 'link', 'set', 'dev', 'veth1br', 'up'])
608 subprocess
.check_call(['brctl', 'addif', br_ifname
, 'veth0br'])
609 subprocess
.check_call(['brctl', 'addif', br_ifname
, 'veth1br'])
611 subprocess
.check_call(['brctl', 'addbr', 'br0ft'])
612 subprocess
.check_call(['brctl', 'setfd', 'br0ft', '0'])
613 subprocess
.check_call(['ip', 'link', 'set', 'dev', 'br0ft', 'up'])
614 subprocess
.check_call(['ip', 'link', 'set', 'dev', 'veth0', 'up'])
615 subprocess
.check_call(['brctl', 'addif', 'br0ft', 'veth0'])
616 subprocess
.check_call(['brctl', 'addbr', 'br1ft'])
617 subprocess
.check_call(['brctl', 'setfd', 'br1ft', '0'])
618 subprocess
.check_call(['ip', 'link', 'set', 'dev', 'br1ft', 'up'])
619 subprocess
.check_call(['ip', 'link', 'set', 'dev', 'veth1', 'up'])
620 subprocess
.check_call(['brctl', 'addif', 'br1ft', 'veth1'])
621 except subprocess
.CalledProcessError
:
622 raise HwsimSkip("Bridge or veth not supported (kernel CONFIG_VETH)")
624 with
HWSimRadio() as (radio
, iface
):
625 prg
= os
.path
.join(logdir
, 'alt-hostapd/hostapd/hostapd')
626 if not os
.path
.exists(prg
):
627 prg
= '../../hostapd/hostapd'
628 cmd
= [prg
, '-B', '-ddKt',
629 '-P', pidfile
, '-f', logfile
, '-g', global_ctrl
]
630 subprocess
.check_call(cmd
)
632 hglobal
= hostapd
.HostapdGlobal(global_ctrl_override
=global_ctrl
)
633 apdev_ft
= {'ifname': iface
}
634 apdev2
= [apdev_ft
, apdev
[1]]
636 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
637 params
["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
638 params
["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
639 params
['bridge'] = 'br0ft'
640 hapd0
= hostapd
.add_ap(apdev2
[0], params
,
641 global_ctrl_override
=global_ctrl
)
642 apdev2
[0]['bssid'] = hapd0
.own_addr()
643 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
644 params
["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
645 params
["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
646 params
['bridge'] = 'br1ft'
647 hapd1
= hostapd
.add_ap(apdev2
[1], params
)
649 run_roams(dev
[0], apdev2
, hapd0
, hapd1
, ssid
, passphrase
,
650 over_ds
=over_ds
, test_connectivity
=False)
654 if os
.path
.exists(pidfile
):
655 with
open(pidfile
, 'r') as f
:
658 os
.kill(pid
, signal
.SIGTERM
)
660 def test_ap_ft_over_ds_ocv(dev
, apdev
):
661 """WPA2-PSK-FT AP over DS"""
663 passphrase
= "12345678"
665 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
666 params
["ieee80211w"] = "2"
669 hapd0
= hostapd
.add_ap(apdev
[0], params
)
670 except Exception as e
:
671 if "Failed to set hostapd parameter ocv" in str(e
):
672 raise HwsimSkip("OCV not supported")
674 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
675 params
["ieee80211w"] = "2"
677 hapd1
= hostapd
.add_ap(apdev
[1], params
)
679 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
682 def test_ap_ft_over_ds_disabled(dev
, apdev
):
683 """WPA2-PSK-FT AP over DS disabled"""
685 passphrase
= "12345678"
687 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
688 params
['ft_over_ds'] = '0'
689 hapd0
= hostapd
.add_ap(apdev
[0], params
)
690 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
691 params
['ft_over_ds'] = '0'
692 hapd1
= hostapd
.add_ap(apdev
[1], params
)
694 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
697 def test_ap_ft_vlan_over_ds(dev
, apdev
):
698 """WPA2-PSK-FT AP over DS with VLAN"""
700 passphrase
= "12345678"
702 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
703 params
['dynamic_vlan'] = "1"
704 params
['accept_mac_file'] = "hostapd.accept"
705 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
706 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
707 params
['dynamic_vlan'] = "1"
708 params
['accept_mac_file'] = "hostapd.accept"
709 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
711 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
713 check_mib(dev
[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"),
714 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4")])
716 def test_ap_ft_over_ds_many(dev
, apdev
):
717 """WPA2-PSK-FT AP over DS multiple times"""
719 passphrase
= "12345678"
721 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
722 hapd0
= hostapd
.add_ap(apdev
[0], params
)
723 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
724 hapd1
= hostapd
.add_ap(apdev
[1], params
)
726 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
729 def test_ap_ft_vlan_over_ds_many(dev
, apdev
):
730 """WPA2-PSK-FT AP over DS with VLAN multiple times"""
732 passphrase
= "12345678"
734 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
735 params
['dynamic_vlan'] = "1"
736 params
['accept_mac_file'] = "hostapd.accept"
737 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
738 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
739 params
['dynamic_vlan'] = "1"
740 params
['accept_mac_file'] = "hostapd.accept"
741 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
743 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
744 roams
=50, conndev
="brvlan1")
747 def test_ap_ft_over_ds_unknown_target(dev
, apdev
):
750 passphrase
= "12345678"
752 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
753 hapd0
= hostapd
.add_ap(apdev
[0], params
)
755 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
757 dev
[0].roam_over_ds("02:11:22:33:44:55", fail_test
=True)
760 def test_ap_ft_over_ds_unexpected(dev
, apdev
):
761 """WPA2-PSK-FT AP over DS and unexpected response"""
763 passphrase
= "12345678"
765 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
766 hapd0
= hostapd
.add_ap(apdev
[0], params
)
767 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
768 hapd1
= hostapd
.add_ap(apdev
[1], params
)
770 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
772 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
783 addr
= dev
[0].own_addr()
784 hapd1ap
.set("ext_mgmt_frame_handling", "1")
785 logger
.info("Foreign STA address")
789 msg
['sa'] = ap1
['bssid']
790 msg
['bssid'] = ap1
['bssid']
791 msg
['payload'] = binascii
.unhexlify("06021122334455660102030405060000")
794 logger
.info("No over-the-DS in progress")
795 msg
['payload'] = binascii
.unhexlify("0602" + addr
.replace(':', '') + "0102030405060000")
798 logger
.info("Non-zero status code")
799 msg
['payload'] = binascii
.unhexlify("0602" + addr
.replace(':', '') + "0102030405060100")
802 hapd1ap
.dump_monitor()
804 dev
[0].scan_for_bss(ap2
['bssid'], freq
="2412")
805 if "OK" not in dev
[0].request("FT_DS " + ap2
['bssid']):
806 raise Exception("FT_DS failed")
808 req
= hapd1ap
.mgmt_rx()
810 logger
.info("Foreign Target AP")
811 msg
['payload'] = binascii
.unhexlify("0602" + addr
.replace(':', '') + "0102030405060000")
814 addrs
= addr
.replace(':', '') + ap2
['bssid'].replace(':', '')
816 logger
.info("No IEs")
817 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "0000")
820 logger
.info("Invalid IEs (trigger parsing failure)")
821 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003700")
824 logger
.info("Too short MDIE")
825 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "000036021122")
828 logger
.info("Mobility domain mismatch")
829 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603112201")
832 logger
.info("No FTIE")
833 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201")
836 logger
.info("FTIE SNonce mismatch")
837 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "1000000000000000000000000000000000000000000000000000000000000001" + "030a6e6173322e77312e6669")
840 logger
.info("No R0KH-ID subelem in FTIE")
841 snonce
= binascii
.hexlify(req
['payload'][111:111+32]).decode()
842 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b20137520000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
)
845 logger
.info("No R0KH-ID subelem mismatch in FTIE")
846 snonce
= binascii
.hexlify(req
['payload'][111:111+32]).decode()
847 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
+ "030a11223344556677889900")
850 logger
.info("No R1KH-ID subelem in FTIE")
851 r0khid
= binascii
.hexlify(req
['payload'][145:145+10]).decode()
852 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
+ "030a" + r0khid
)
855 logger
.info("No RSNE")
856 r0khid
= binascii
.hexlify(req
['payload'][145:145+10]).decode()
857 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b20137660000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
+ "030a" + r0khid
+ "0106000102030405")
860 def test_ap_ft_pmf_over_ds(dev
, apdev
):
861 """WPA2-PSK-FT AP over DS with PMF"""
862 run_ap_ft_pmf_bip_over_ds(dev
, apdev
, None)
864 def test_ap_ft_pmf_bip_cmac_128_over_ds(dev
, apdev
):
865 """WPA2-PSK-FT AP over DS with PMF/BIP-CMAC-128"""
866 run_ap_ft_pmf_bip_over_ds(dev
, apdev
, "AES-128-CMAC")
868 def test_ap_ft_pmf_bip_gmac_128_over_ds(dev
, apdev
):
869 """WPA2-PSK-FT AP over DS with PMF/BIP-GMAC-128"""
870 run_ap_ft_pmf_bip_over_ds(dev
, apdev
, "BIP-GMAC-128")
872 def test_ap_ft_pmf_bip_gmac_256_over_ds(dev
, apdev
):
873 """WPA2-PSK-FT AP over DS with PMF/BIP-GMAC-256"""
874 run_ap_ft_pmf_bip_over_ds(dev
, apdev
, "BIP-GMAC-256")
876 def test_ap_ft_pmf_bip_cmac_256_over_ds(dev
, apdev
):
877 """WPA2-PSK-FT AP over DS with PMF/BIP-CMAC-256"""
878 run_ap_ft_pmf_bip_over_ds(dev
, apdev
, "BIP-CMAC-256")
880 def run_ap_ft_pmf_bip_over_ds(dev
, apdev
, cipher
):
881 if cipher
and cipher
not in dev
[0].get_capability("group_mgmt"):
882 raise HwsimSkip("Cipher %s not supported" % cipher
)
885 passphrase
= "12345678"
887 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
888 params
["ieee80211w"] = "2"
890 params
["group_mgmt_cipher"] = cipher
891 hapd0
= hostapd
.add_ap(apdev
[0], params
)
892 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
893 params
["ieee80211w"] = "2"
895 params
["group_mgmt_cipher"] = cipher
896 hapd1
= hostapd
.add_ap(apdev
[1], params
)
898 Wlantest
.setup(hapd0
)
901 wt
.add_passphrase(passphrase
)
903 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
906 def test_ap_ft_over_ds_pull(dev
, apdev
):
907 """WPA2-PSK-FT AP over DS (pull PMK)"""
909 passphrase
= "12345678"
911 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
912 params
["pmk_r1_push"] = "0"
913 hapd0
= hostapd
.add_ap(apdev
[0], params
)
914 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
915 params
["pmk_r1_push"] = "0"
916 hapd1
= hostapd
.add_ap(apdev
[1], params
)
918 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
920 def test_ap_ft_over_ds_pull_old_key(dev
, apdev
):
921 """WPA2-PSK-FT AP over DS (pull PMK; old key)"""
923 passphrase
= "12345678"
925 params
= ft_params1_old_key(ssid
=ssid
, passphrase
=passphrase
)
926 params
["pmk_r1_push"] = "0"
927 hapd0
= hostapd
.add_ap(apdev
[0], params
)
928 params
= ft_params2_old_key(ssid
=ssid
, passphrase
=passphrase
)
929 params
["pmk_r1_push"] = "0"
930 hapd1
= hostapd
.add_ap(apdev
[1], params
)
932 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
934 def test_ap_ft_over_ds_pull_vlan(dev
, apdev
):
935 """WPA2-PSK-FT AP over DS (pull PMK) with VLAN"""
937 passphrase
= "12345678"
939 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
940 params
["pmk_r1_push"] = "0"
941 params
['dynamic_vlan'] = "1"
942 params
['accept_mac_file'] = "hostapd.accept"
943 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
944 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
945 params
["pmk_r1_push"] = "0"
946 params
['dynamic_vlan'] = "1"
947 params
['accept_mac_file'] = "hostapd.accept"
948 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
950 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
953 def start_ft_sae(dev
, apdev
, wpa_ptk_rekey
=None):
954 if "SAE" not in dev
.get_capability("auth_alg"):
955 raise HwsimSkip("SAE not supported")
957 passphrase
= "12345678"
959 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
960 params
['wpa_key_mgmt'] = "FT-SAE"
962 params
['wpa_ptk_rekey'] = str(wpa_ptk_rekey
)
963 hapd0
= hostapd
.add_ap(apdev
[0], params
)
964 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
965 params
['wpa_key_mgmt'] = "FT-SAE"
967 params
['wpa_ptk_rekey'] = str(wpa_ptk_rekey
)
968 hapd1
= hostapd
.add_ap(apdev
[1], params
)
969 key_mgmt
= hapd1
.get_config()['key_mgmt']
970 if key_mgmt
.split(' ')[0] != "FT-SAE":
971 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
973 dev
.request("SET sae_groups ")
976 def test_ap_ft_sae(dev
, apdev
):
977 """WPA2-PSK-FT-SAE AP"""
978 hapd0
, hapd1
= start_ft_sae(dev
[0], apdev
)
979 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", sae
=True)
981 def test_ap_ft_sae_ptk_rekey0(dev
, apdev
):
982 """WPA2-PSK-FT-SAE AP and PTK rekey triggered by station"""
983 hapd0
, hapd1
= start_ft_sae(dev
[0], apdev
)
984 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", sae
=True,
985 ptk_rekey
="1", roams
=0)
986 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
988 def test_ap_ft_sae_ptk_rekey1(dev
, apdev
):
989 """WPA2-PSK-FT-SAE AP and PTK rekey triggered by station"""
990 hapd0
, hapd1
= start_ft_sae(dev
[0], apdev
)
991 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", sae
=True,
992 ptk_rekey
="1", only_one_way
=True)
993 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
995 def test_ap_ft_sae_ptk_rekey_ap(dev
, apdev
):
996 """WPA2-PSK-FT-SAE AP and PTK rekey triggered by AP"""
997 hapd0
, hapd1
= start_ft_sae(dev
[0], apdev
, wpa_ptk_rekey
=2)
998 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", sae
=True,
1000 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
1002 def test_ap_ft_sae_over_ds(dev
, apdev
):
1003 """WPA2-PSK-FT-SAE AP over DS"""
1004 hapd0
, hapd1
= start_ft_sae(dev
[0], apdev
)
1005 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", sae
=True,
1008 def test_ap_ft_sae_over_ds_ptk_rekey0(dev
, apdev
):
1009 """WPA2-PSK-FT-SAE AP over DS and PTK rekey triggered by station"""
1010 hapd0
, hapd1
= start_ft_sae(dev
[0], apdev
)
1011 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", sae
=True,
1012 over_ds
=True, ptk_rekey
="1", roams
=0)
1013 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
1015 def test_ap_ft_sae_over_ds_ptk_rekey1(dev
, apdev
):
1016 """WPA2-PSK-FT-SAE AP over DS and PTK rekey triggered by station"""
1017 hapd0
, hapd1
= start_ft_sae(dev
[0], apdev
)
1018 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", sae
=True,
1019 over_ds
=True, ptk_rekey
="1", only_one_way
=True)
1020 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
1022 def test_ap_ft_sae_over_ds_ptk_rekey_ap(dev
, apdev
):
1023 """WPA2-PSK-FT-SAE AP over DS and PTK rekey triggered by AP"""
1024 hapd0
, hapd1
= start_ft_sae(dev
[0], apdev
, wpa_ptk_rekey
=2)
1025 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", sae
=True,
1026 over_ds
=True, only_one_way
=True)
1027 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
1029 def test_ap_ft_sae_pw_id(dev
, apdev
):
1030 """FT-SAE with Password Identifier"""
1031 if "SAE" not in dev
[0].get_capability("auth_alg"):
1032 raise HwsimSkip("SAE not supported")
1035 params
= ft_params1(ssid
=ssid
)
1036 params
["ieee80211w"] = "2"
1037 params
['wpa_key_mgmt'] = "FT-SAE"
1038 params
['sae_password'] = 'secret|id=pwid'
1039 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1040 params
= ft_params2(ssid
=ssid
)
1041 params
["ieee80211w"] = "2"
1042 params
['wpa_key_mgmt'] = "FT-SAE"
1043 params
['sae_password'] = 'secret|id=pwid'
1044 hapd
= hostapd
.add_ap(apdev
[1], params
)
1046 dev
[0].request("SET sae_groups ")
1047 run_roams(dev
[0], apdev
, hapd0
, hapd
, ssid
, passphrase
=None, sae
=True,
1048 sae_password
="secret", sae_password_id
="pwid")
1050 def test_ap_ft_sae_with_both_akms(dev
, apdev
):
1051 """SAE + FT-SAE configuration"""
1052 if "SAE" not in dev
[0].get_capability("auth_alg"):
1053 raise HwsimSkip("SAE not supported")
1055 passphrase
= "12345678"
1057 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1058 params
['wpa_key_mgmt'] = "FT-SAE SAE"
1059 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1060 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1061 params
['wpa_key_mgmt'] = "FT-SAE SAE"
1062 hapd
= hostapd
.add_ap(apdev
[1], params
)
1063 key_mgmt
= hapd
.get_config()['key_mgmt']
1064 if key_mgmt
.split(' ')[0] != "FT-SAE":
1065 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
1067 dev
[0].request("SET sae_groups ")
1068 run_roams(dev
[0], apdev
, hapd0
, hapd
, ssid
, passphrase
, sae
=True,
1071 def test_ap_ft_sae_pmksa_caching(dev
, apdev
):
1072 """WPA2-FT-SAE AP and PMKSA caching for initial mobility domain association"""
1073 if "SAE" not in dev
[0].get_capability("auth_alg"):
1074 raise HwsimSkip("SAE not supported")
1076 passphrase
= "12345678"
1078 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1079 params
['wpa_key_mgmt'] = "FT-SAE"
1080 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1081 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1082 params
['wpa_key_mgmt'] = "FT-SAE"
1083 hapd
= hostapd
.add_ap(apdev
[1], params
)
1084 key_mgmt
= hapd
.get_config()['key_mgmt']
1085 if key_mgmt
.split(' ')[0] != "FT-SAE":
1086 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
1088 dev
[0].request("SET sae_groups ")
1089 run_roams(dev
[0], apdev
, hapd0
, hapd
, ssid
, passphrase
, sae
=True,
1092 def generic_ap_ft_eap(dev
, apdev
, vlan
=False, cui
=False, over_ds
=False,
1093 discovery
=False, roams
=1, wpa_ptk_rekey
=0,
1094 only_one_way
=False):
1096 passphrase
= "12345678"
1098 identity
= "gpsk-vlan1"
1101 identity
= "gpsk-cui"
1104 identity
= "gpsk user"
1107 radius
= hostapd
.radius_params()
1108 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
, discovery
=discovery
)
1109 params
['wpa_key_mgmt'] = "FT-EAP"
1110 params
["ieee8021x"] = "1"
1112 params
["dynamic_vlan"] = "1"
1113 params
= dict(list(radius
.items()) + list(params
.items()))
1114 hapd
= hostapd
.add_ap(apdev
[0], params
)
1115 key_mgmt
= hapd
.get_config()['key_mgmt']
1116 if key_mgmt
.split(' ')[0] != "FT-EAP":
1117 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
1118 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
, discovery
=discovery
)
1119 params
['wpa_key_mgmt'] = "FT-EAP"
1120 params
["ieee8021x"] = "1"
1122 params
["dynamic_vlan"] = "1"
1124 params
["wpa_ptk_rekey"] = str(wpa_ptk_rekey
)
1125 params
= dict(list(radius
.items()) + list(params
.items()))
1126 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1128 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
, eap
=True,
1129 over_ds
=over_ds
, roams
=roams
, eap_identity
=identity
,
1130 conndev
=conndev
, only_one_way
=only_one_way
)
1131 if "[WPA2-FT/EAP-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
1132 raise Exception("Scan results missing RSN element info")
1133 check_mib(dev
[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-3"),
1134 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-3")])
1138 # Verify EAPOL reauthentication after FT protocol
1139 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
1143 ap
.request("EAPOL_REAUTH " + dev
[0].own_addr())
1144 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout
=5)
1146 raise Exception("EAP authentication did not start")
1147 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout
=5)
1149 raise Exception("EAP authentication did not succeed")
1152 hwsim_utils
.test_connectivity_iface(dev
[0], ap
, conndev
)
1154 hwsim_utils
.test_connectivity(dev
[0], ap
)
1156 def test_ap_ft_eap(dev
, apdev
):
1157 """WPA2-EAP-FT AP"""
1158 generic_ap_ft_eap(dev
, apdev
)
1160 def test_ap_ft_eap_cui(dev
, apdev
):
1161 """WPA2-EAP-FT AP with CUI"""
1162 generic_ap_ft_eap(dev
, apdev
, vlan
=False, cui
=True)
1164 def test_ap_ft_eap_vlan(dev
, apdev
):
1165 """WPA2-EAP-FT AP with VLAN"""
1166 generic_ap_ft_eap(dev
, apdev
, vlan
=True)
1168 def test_ap_ft_eap_vlan_multi(dev
, apdev
):
1169 """WPA2-EAP-FT AP with VLAN"""
1170 generic_ap_ft_eap(dev
, apdev
, vlan
=True, roams
=50)
1172 def test_ap_ft_eap_over_ds(dev
, apdev
):
1173 """WPA2-EAP-FT AP using over-the-DS"""
1174 generic_ap_ft_eap(dev
, apdev
, over_ds
=True)
1176 def test_ap_ft_eap_dis(dev
, apdev
):
1177 """WPA2-EAP-FT AP with AP discovery"""
1178 generic_ap_ft_eap(dev
, apdev
, discovery
=True)
1180 def test_ap_ft_eap_dis_over_ds(dev
, apdev
):
1181 """WPA2-EAP-FT AP with AP discovery and over-the-DS"""
1182 generic_ap_ft_eap(dev
, apdev
, over_ds
=True, discovery
=True)
1184 def test_ap_ft_eap_vlan(dev
, apdev
):
1185 """WPA2-EAP-FT AP with VLAN"""
1186 generic_ap_ft_eap(dev
, apdev
, vlan
=True)
1188 def test_ap_ft_eap_vlan_multi(dev
, apdev
):
1189 """WPA2-EAP-FT AP with VLAN"""
1190 generic_ap_ft_eap(dev
, apdev
, vlan
=True, roams
=50)
1192 def test_ap_ft_eap_vlan_over_ds(dev
, apdev
):
1193 """WPA2-EAP-FT AP with VLAN + over_ds"""
1194 generic_ap_ft_eap(dev
, apdev
, vlan
=True, over_ds
=True)
1196 def test_ap_ft_eap_vlan_over_ds_multi(dev
, apdev
):
1197 """WPA2-EAP-FT AP with VLAN + over_ds"""
1198 generic_ap_ft_eap(dev
, apdev
, vlan
=True, over_ds
=True, roams
=50)
1200 def generic_ap_ft_eap_pull(dev
, apdev
, vlan
=False):
1201 """WPA2-EAP-FT AP (pull PMK)"""
1203 passphrase
= "12345678"
1205 identity
= "gpsk-vlan1"
1208 identity
= "gpsk user"
1211 radius
= hostapd
.radius_params()
1212 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1213 params
['wpa_key_mgmt'] = "FT-EAP"
1214 params
["ieee8021x"] = "1"
1215 params
["pmk_r1_push"] = "0"
1217 params
["dynamic_vlan"] = "1"
1218 params
= dict(list(radius
.items()) + list(params
.items()))
1219 hapd
= hostapd
.add_ap(apdev
[0], params
)
1220 key_mgmt
= hapd
.get_config()['key_mgmt']
1221 if key_mgmt
.split(' ')[0] != "FT-EAP":
1222 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
1223 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1224 params
['wpa_key_mgmt'] = "FT-EAP"
1225 params
["ieee8021x"] = "1"
1226 params
["pmk_r1_push"] = "0"
1228 params
["dynamic_vlan"] = "1"
1229 params
= dict(list(radius
.items()) + list(params
.items()))
1230 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1232 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
, eap
=True,
1233 eap_identity
=identity
, conndev
=conndev
)
1235 def test_ap_ft_eap_pull(dev
, apdev
):
1236 """WPA2-EAP-FT AP (pull PMK)"""
1237 generic_ap_ft_eap_pull(dev
, apdev
)
1239 def test_ap_ft_eap_pull_vlan(dev
, apdev
):
1240 generic_ap_ft_eap_pull(dev
, apdev
, vlan
=True)
1242 def test_ap_ft_eap_pull_wildcard(dev
, apdev
):
1243 """WPA2-EAP-FT AP (pull PMK) - wildcard R0KH/R1KH"""
1245 passphrase
= "12345678"
1247 radius
= hostapd
.radius_params()
1248 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
, discovery
=True)
1249 params
['wpa_key_mgmt'] = "WPA-EAP FT-EAP"
1250 params
["ieee8021x"] = "1"
1251 params
["pmk_r1_push"] = "0"
1252 params
["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
1253 params
["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
1254 params
["ft_psk_generate_local"] = "1"
1255 params
["eap_server"] = "0"
1256 params
["rkh_pos_timeout"] = "100"
1257 params
["rkh_neg_timeout"] = "50"
1258 params
["rkh_pull_timeout"] = "1234"
1259 params
["rkh_pull_retries"] = "10"
1260 params
= dict(list(radius
.items()) + list(params
.items()))
1261 hapd
= hostapd
.add_ap(apdev
[0], params
)
1262 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
, discovery
=True)
1263 params
['wpa_key_mgmt'] = "WPA-EAP FT-EAP"
1264 params
["ieee8021x"] = "1"
1265 params
["pmk_r1_push"] = "0"
1266 params
["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
1267 params
["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
1268 params
["ft_psk_generate_local"] = "1"
1269 params
["eap_server"] = "0"
1270 params
= dict(list(radius
.items()) + list(params
.items()))
1271 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1273 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
, eap
=True)
1276 def test_ap_ft_mismatching_rrb_key_push(dev
, apdev
):
1277 """WPA2-PSK-FT AP over DS with mismatching RRB key (push)"""
1279 passphrase
= "12345678"
1281 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1282 params
["ieee80211w"] = "2"
1283 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1284 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
1285 params
["ieee80211w"] = "2"
1286 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1288 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1292 def test_ap_ft_mismatching_rrb_key_pull(dev
, apdev
):
1293 """WPA2-PSK-FT AP over DS with mismatching RRB key (pull)"""
1295 passphrase
= "12345678"
1297 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1298 params
["pmk_r1_push"] = "0"
1299 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1300 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
1301 params
["pmk_r1_push"] = "0"
1302 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1304 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1308 def test_ap_ft_mismatching_r0kh_id_pull(dev
, apdev
):
1309 """WPA2-PSK-FT AP over DS with mismatching R0KH-ID (pull)"""
1311 passphrase
= "12345678"
1313 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1314 params
["pmk_r1_push"] = "0"
1315 params
["nas_identifier"] = "nas0.w1.fi"
1316 hostapd
.add_ap(apdev
[0], params
)
1317 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1320 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1321 params
["pmk_r1_push"] = "0"
1322 hostapd
.add_ap(apdev
[1], params
)
1324 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
1325 dev
[0].roam_over_ds(apdev
[1]['bssid'], fail_test
=True)
1328 def test_ap_ft_mismatching_rrb_r0kh_push(dev
, apdev
):
1329 """WPA2-PSK-FT AP over DS with mismatching R0KH key (push)"""
1331 passphrase
= "12345678"
1333 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1334 params
["ieee80211w"] = "2"
1335 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1336 params
= ft_params2_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
1337 params
["ieee80211w"] = "2"
1338 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1340 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1344 def test_ap_ft_mismatching_rrb_r0kh_pull(dev
, apdev
):
1345 """WPA2-PSK-FT AP over DS with mismatching R0KH key (pull)"""
1347 passphrase
= "12345678"
1349 params
= ft_params1_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
1350 params
["pmk_r1_push"] = "0"
1351 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1352 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1353 params
["pmk_r1_push"] = "0"
1354 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1356 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1359 def test_ap_ft_mismatching_rrb_key_push_eap(dev
, apdev
):
1360 """WPA2-EAP-FT AP over DS with mismatching RRB key (push)"""
1362 passphrase
= "12345678"
1364 radius
= hostapd
.radius_params()
1365 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1366 params
["ieee80211w"] = "2"
1367 params
['wpa_key_mgmt'] = "FT-EAP"
1368 params
["ieee8021x"] = "1"
1369 params
= dict(list(radius
.items()) + list(params
.items()))
1370 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1371 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
1372 params
["ieee80211w"] = "2"
1373 params
['wpa_key_mgmt'] = "FT-EAP"
1374 params
["ieee8021x"] = "1"
1375 params
= dict(list(radius
.items()) + list(params
.items()))
1376 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1378 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1379 fail_test
=True, eap
=True)
1381 def test_ap_ft_mismatching_rrb_key_pull_eap(dev
, apdev
):
1382 """WPA2-EAP-FT AP over DS with mismatching RRB key (pull)"""
1384 passphrase
= "12345678"
1386 radius
= hostapd
.radius_params()
1387 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1388 params
["pmk_r1_push"] = "0"
1389 params
['wpa_key_mgmt'] = "FT-EAP"
1390 params
["ieee8021x"] = "1"
1391 params
= dict(list(radius
.items()) + list(params
.items()))
1392 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1393 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
1394 params
["pmk_r1_push"] = "0"
1395 params
['wpa_key_mgmt'] = "FT-EAP"
1396 params
["ieee8021x"] = "1"
1397 params
= dict(list(radius
.items()) + list(params
.items()))
1398 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1400 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1401 fail_test
=True, eap
=True)
1403 def test_ap_ft_mismatching_r0kh_id_pull_eap(dev
, apdev
):
1404 """WPA2-EAP-FT AP over DS with mismatching R0KH-ID (pull)"""
1406 passphrase
= "12345678"
1408 radius
= hostapd
.radius_params()
1409 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1410 params
["pmk_r1_push"] = "0"
1411 params
["nas_identifier"] = "nas0.w1.fi"
1412 params
['wpa_key_mgmt'] = "FT-EAP"
1413 params
["ieee8021x"] = "1"
1414 params
= dict(list(radius
.items()) + list(params
.items()))
1415 hostapd
.add_ap(apdev
[0], params
)
1416 dev
[0].connect(ssid
, key_mgmt
="FT-EAP", proto
="WPA2", ieee80211w
="1",
1417 eap
="GPSK", identity
="gpsk user",
1418 password
="abcdefghijklmnop0123456789abcdef",
1421 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1422 params
["pmk_r1_push"] = "0"
1423 params
['wpa_key_mgmt'] = "FT-EAP"
1424 params
["ieee8021x"] = "1"
1425 params
= dict(list(radius
.items()) + list(params
.items()))
1426 hostapd
.add_ap(apdev
[1], params
)
1428 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
1429 dev
[0].roam_over_ds(apdev
[1]['bssid'], fail_test
=True)
1431 def test_ap_ft_mismatching_rrb_r0kh_push_eap(dev
, apdev
):
1432 """WPA2-EAP-FT AP over DS with mismatching R0KH key (push)"""
1434 passphrase
= "12345678"
1436 radius
= hostapd
.radius_params()
1437 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1438 params
["ieee80211w"] = "2"
1439 params
['wpa_key_mgmt'] = "FT-EAP"
1440 params
["ieee8021x"] = "1"
1441 params
= dict(list(radius
.items()) + list(params
.items()))
1442 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1443 params
= ft_params2_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
1444 params
["ieee80211w"] = "2"
1445 params
['wpa_key_mgmt'] = "FT-EAP"
1446 params
["ieee8021x"] = "1"
1447 params
= dict(list(radius
.items()) + list(params
.items()))
1448 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1450 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1451 fail_test
=True, eap
=True)
1453 def test_ap_ft_mismatching_rrb_r0kh_pull_eap(dev
, apdev
):
1454 """WPA2-EAP-FT AP over DS with mismatching R0KH key (pull)"""
1456 passphrase
= "12345678"
1458 radius
= hostapd
.radius_params()
1459 params
= ft_params1_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
1460 params
["pmk_r1_push"] = "0"
1461 params
['wpa_key_mgmt'] = "FT-EAP"
1462 params
["ieee8021x"] = "1"
1463 params
= dict(list(radius
.items()) + list(params
.items()))
1464 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1465 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1466 params
["pmk_r1_push"] = "0"
1467 params
['wpa_key_mgmt'] = "FT-EAP"
1468 params
["ieee8021x"] = "1"
1469 params
= dict(list(radius
.items()) + list(params
.items()))
1470 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1472 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1473 fail_test
=True, eap
=True)
1475 def test_ap_ft_gtk_rekey(dev
, apdev
):
1476 """WPA2-PSK-FT AP and GTK rekey"""
1478 passphrase
= "12345678"
1480 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1481 params
['wpa_group_rekey'] = '1'
1482 hapd
= hostapd
.add_ap(apdev
[0], params
)
1484 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1485 ieee80211w
="1", scan_freq
="2412")
1487 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
1489 raise Exception("GTK rekey timed out after initial association")
1490 hwsim_utils
.test_connectivity(dev
[0], hapd
)
1492 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1493 params
['wpa_group_rekey'] = '1'
1494 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1496 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
1497 dev
[0].roam(apdev
[1]['bssid'])
1498 if dev
[0].get_status_field('bssid') != apdev
[1]['bssid']:
1499 raise Exception("Did not connect to correct AP")
1500 hwsim_utils
.test_connectivity(dev
[0], hapd1
)
1502 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
1504 raise Exception("GTK rekey timed out after FT protocol")
1505 hwsim_utils
.test_connectivity(dev
[0], hapd1
)
1507 def test_ft_psk_key_lifetime_in_memory(dev
, apdev
, params
):
1508 """WPA2-PSK-FT and key lifetime in memory"""
1510 passphrase
= "04c2726b4b8d5f1b4db9c07aa4d9e9d8f765cb5d25ec817e6cc4fcdd5255db0"
1511 psk
= '93c90846ff67af9037ed83fb72b63dbeddaa81d47f926c20909b5886f1d9358d'
1512 pmk
= binascii
.unhexlify(psk
)
1513 p
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1514 hapd0
= hostapd
.add_ap(apdev
[0], p
)
1515 p
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1516 hapd1
= hostapd
.add_ap(apdev
[1], p
)
1518 pid
= find_wpas_process(dev
[0])
1520 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1522 # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
1523 # event has been delivered, so verify that wpa_supplicant has returned to
1524 # eloop before reading process memory.
1528 buf
= read_process_memory(pid
, pmk
)
1530 dev
[0].request("DISCONNECT")
1531 dev
[0].wait_disconnected()
1538 with
open(os
.path
.join(params
['logdir'], 'log0'), 'r') as f
:
1539 for l
in f
.readlines():
1540 if "FT: PMK-R0 - hexdump" in l
:
1541 val
= l
.strip().split(':')[3].replace(' ', '')
1542 pmkr0
= binascii
.unhexlify(val
)
1543 if "FT: PMK-R1 - hexdump" in l
:
1544 val
= l
.strip().split(':')[3].replace(' ', '')
1545 pmkr1
= binascii
.unhexlify(val
)
1546 if "FT: KCK - hexdump" in l
:
1547 val
= l
.strip().split(':')[3].replace(' ', '')
1548 kck
= binascii
.unhexlify(val
)
1549 if "FT: KEK - hexdump" in l
:
1550 val
= l
.strip().split(':')[3].replace(' ', '')
1551 kek
= binascii
.unhexlify(val
)
1552 if "FT: TK - hexdump" in l
:
1553 val
= l
.strip().split(':')[3].replace(' ', '')
1554 tk
= binascii
.unhexlify(val
)
1555 if "WPA: Group Key - hexdump" in l
:
1556 val
= l
.strip().split(':')[3].replace(' ', '')
1557 gtk
= binascii
.unhexlify(val
)
1558 if not pmkr0
or not pmkr1
or not kck
or not kek
or not tk
or not gtk
:
1559 raise Exception("Could not find keys from debug log")
1561 raise Exception("Unexpected GTK length")
1563 logger
.info("Checking keys in memory while associated")
1564 get_key_locations(buf
, pmk
, "PMK")
1565 get_key_locations(buf
, pmkr0
, "PMK-R0")
1566 get_key_locations(buf
, pmkr1
, "PMK-R1")
1568 raise HwsimSkip("PMK not found while associated")
1569 if pmkr0
not in buf
:
1570 raise HwsimSkip("PMK-R0 not found while associated")
1571 if pmkr1
not in buf
:
1572 raise HwsimSkip("PMK-R1 not found while associated")
1574 raise Exception("KCK not found while associated")
1576 raise Exception("KEK not found while associated")
1578 # raise Exception("TK found from memory")
1580 logger
.info("Checking keys in memory after disassociation")
1581 buf
= read_process_memory(pid
, pmk
)
1582 get_key_locations(buf
, pmk
, "PMK")
1583 get_key_locations(buf
, pmkr0
, "PMK-R0")
1584 get_key_locations(buf
, pmkr1
, "PMK-R1")
1586 # Note: PMK/PSK is still present in network configuration
1588 fname
= os
.path
.join(params
['logdir'],
1589 'ft_psk_key_lifetime_in_memory.memctx-')
1590 verify_not_present(buf
, pmkr0
, fname
, "PMK-R0")
1591 verify_not_present(buf
, pmkr1
, fname
, "PMK-R1")
1592 verify_not_present(buf
, kck
, fname
, "KCK")
1593 verify_not_present(buf
, kek
, fname
, "KEK")
1594 verify_not_present(buf
, tk
, fname
, "TK")
1596 get_key_locations(buf
, gtk
, "GTK")
1597 verify_not_present(buf
, gtk
, fname
, "GTK")
1599 dev
[0].request("REMOVE_NETWORK all")
1601 logger
.info("Checking keys in memory after network profile removal")
1602 buf
= read_process_memory(pid
, pmk
)
1603 get_key_locations(buf
, pmk
, "PMK")
1604 get_key_locations(buf
, pmkr0
, "PMK-R0")
1605 get_key_locations(buf
, pmkr1
, "PMK-R1")
1607 verify_not_present(buf
, pmk
, fname
, "PMK")
1608 verify_not_present(buf
, pmkr0
, fname
, "PMK-R0")
1609 verify_not_present(buf
, pmkr1
, fname
, "PMK-R1")
1610 verify_not_present(buf
, kck
, fname
, "KCK")
1611 verify_not_present(buf
, kek
, fname
, "KEK")
1612 verify_not_present(buf
, tk
, fname
, "TK")
1613 verify_not_present(buf
, gtk
, fname
, "GTK")
1616 def test_ap_ft_invalid_resp(dev
, apdev
):
1617 """WPA2-PSK-FT AP and invalid response IEs"""
1619 passphrase
= "12345678"
1621 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1622 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1623 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1626 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1627 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1630 # Various IEs for test coverage. The last one is FTIE with invalid
1631 # R1KH-ID subelement.
1632 "020002000000" + "3800" + "38051122334455" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010100",
1633 # FTIE with invalid R0KH-ID subelement (len=0).
1634 "020002000000" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010300",
1635 # FTIE with invalid R0KH-ID subelement (len=49).
1636 "020002000000" + "378500010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001033101020304050607080910111213141516171819202122232425262728293031323334353637383940414243444546474849",
1638 "020002000000" + "3000",
1639 # Required IEs missing from protected IE count.
1640 "020002000000" + "3603a1b201" + "375200010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
1641 # RIC missing from protected IE count.
1642 "020002000000" + "3603a1b201" + "375200020203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
1643 # Protected IE missing.
1644 "020002000000" + "3603a1b201" + "375200ff0203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900" + "0000"]
1646 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
1647 hapd1
.set("ext_mgmt_frame_handling", "1")
1648 hapd1
.dump_monitor()
1649 if "OK" not in dev
[0].request("ROAM " + apdev
[1]['bssid']):
1650 raise Exception("ROAM failed")
1653 msg
= hapd1
.mgmt_rx()
1654 if msg
['subtype'] == 11:
1658 raise Exception("Authentication frame not seen")
1661 resp
['fc'] = auth
['fc']
1662 resp
['da'] = auth
['sa']
1663 resp
['sa'] = auth
['da']
1664 resp
['bssid'] = auth
['bssid']
1665 resp
['payload'] = binascii
.unhexlify(t
)
1667 hapd1
.set("ext_mgmt_frame_handling", "0")
1668 dev
[0].wait_disconnected()
1670 dev
[0].request("RECONNECT")
1671 dev
[0].wait_connected()
1673 def test_ap_ft_gcmp_256(dev
, apdev
):
1674 """WPA2-PSK-FT AP with GCMP-256 cipher"""
1675 if "GCMP-256" not in dev
[0].get_capability("pairwise"):
1676 raise HwsimSkip("Cipher GCMP-256 not supported")
1678 passphrase
= "12345678"
1680 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1681 params
['rsn_pairwise'] = "GCMP-256"
1682 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1683 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1684 params
['rsn_pairwise'] = "GCMP-256"
1685 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1687 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
,
1688 pairwise_cipher
="GCMP-256", group_cipher
="GCMP-256")
1690 def setup_ap_ft_oom(dev
, apdev
):
1691 skip_with_fips(dev
[0])
1693 passphrase
= "12345678"
1695 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1696 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1697 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1698 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1700 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1702 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
1703 dst
= apdev
[1]['bssid']
1705 dst
= apdev
[0]['bssid']
1707 dev
[0].scan_for_bss(dst
, freq
="2412")
1711 def test_ap_ft_oom(dev
, apdev
):
1712 """WPA2-PSK-FT and OOM"""
1713 dst
= setup_ap_ft_oom(dev
, apdev
)
1714 with
alloc_fail(dev
[0], 1, "wpa_ft_gen_req_ies"):
1717 def test_ap_ft_oom2(dev
, apdev
):
1718 """WPA2-PSK-FT and OOM (2)"""
1719 dst
= setup_ap_ft_oom(dev
, apdev
)
1720 with
fail_test(dev
[0], 1, "wpa_ft_mic"):
1721 dev
[0].roam(dst
, fail_test
=True, assoc_reject_ok
=True)
1723 def test_ap_ft_oom3(dev
, apdev
):
1724 """WPA2-PSK-FT and OOM (3)"""
1725 dst
= setup_ap_ft_oom(dev
, apdev
)
1726 with
fail_test(dev
[0], 1, "os_get_random;wpa_ft_prepare_auth_request"):
1729 def test_ap_ft_oom4(dev
, apdev
):
1730 """WPA2-PSK-FT and OOM (4)"""
1732 passphrase
= "12345678"
1733 dst
= setup_ap_ft_oom(dev
, apdev
)
1734 dev
[0].request("REMOVE_NETWORK all")
1735 with
alloc_fail(dev
[0], 1, "=sme_update_ft_ies"):
1736 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1739 def test_ap_ft_ap_oom(dev
, apdev
):
1740 """WPA2-PSK-FT and AP OOM"""
1742 passphrase
= "12345678"
1744 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1745 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1746 bssid0
= hapd0
.own_addr()
1748 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1749 with
alloc_fail(hapd0
, 1, "wpa_ft_store_pmk_r0"):
1750 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1753 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1754 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1755 bssid1
= hapd1
.own_addr()
1756 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1757 # This roam will fail due to missing PMK-R0 (OOM prevented storing it)
1760 def test_ap_ft_ap_oom2(dev
, apdev
):
1761 """WPA2-PSK-FT and AP OOM 2"""
1763 passphrase
= "12345678"
1765 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1766 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1767 bssid0
= hapd0
.own_addr()
1769 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1770 with
alloc_fail(hapd0
, 1, "wpa_ft_store_pmk_r1"):
1771 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1774 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1775 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1776 bssid1
= hapd1
.own_addr()
1777 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1779 if dev
[0].get_status_field('bssid') != bssid1
:
1780 raise Exception("Did not roam to AP1")
1781 # This roam will fail due to missing PMK-R1 (OOM prevented storing it)
1784 def test_ap_ft_ap_oom3(dev
, apdev
):
1785 """WPA2-PSK-FT and AP OOM 3"""
1787 passphrase
= "12345678"
1789 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1790 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1791 bssid0
= hapd0
.own_addr()
1793 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1794 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1797 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1798 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1799 bssid1
= hapd1
.own_addr()
1800 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1801 with
alloc_fail(hapd1
, 1, "wpa_ft_pull_pmk_r1"):
1802 # This will fail due to not being able to send out PMK-R1 pull request
1805 with
fail_test(hapd1
, 2, "os_get_random;wpa_ft_pull_pmk_r1"):
1806 # This will fail due to not being able to send out PMK-R1 pull request
1809 with
fail_test(hapd1
, 2, "aes_siv_encrypt;wpa_ft_pull_pmk_r1"):
1810 # This will fail due to not being able to send out PMK-R1 pull request
1813 def test_ap_ft_ap_oom3b(dev
, apdev
):
1814 """WPA2-PSK-FT and AP OOM 3b"""
1816 passphrase
= "12345678"
1818 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1819 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1820 bssid0
= hapd0
.own_addr()
1822 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1823 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1826 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1827 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1828 bssid1
= hapd1
.own_addr()
1829 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1830 with
fail_test(hapd1
, 1, "os_get_random;wpa_ft_pull_pmk_r1"):
1831 # This will fail due to not being able to send out PMK-R1 pull request
1834 def test_ap_ft_ap_oom4(dev
, apdev
):
1835 """WPA2-PSK-FT and AP OOM 4"""
1837 passphrase
= "12345678"
1839 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1840 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1841 bssid0
= hapd0
.own_addr()
1843 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1844 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1847 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1848 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1849 bssid1
= hapd1
.own_addr()
1850 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1851 with
alloc_fail(hapd1
, 1, "wpa_ft_gtk_subelem"):
1853 if dev
[0].get_status_field('bssid') != bssid1
:
1854 raise Exception("Did not roam to AP1")
1856 with
fail_test(hapd0
, 1, "wpa_auth_get_seqnum;wpa_ft_gtk_subelem"):
1858 if dev
[0].get_status_field('bssid') != bssid0
:
1859 raise Exception("Did not roam to AP0")
1861 with
fail_test(hapd0
, 1, "aes_wrap;wpa_ft_gtk_subelem"):
1863 if dev
[0].get_status_field('bssid') != bssid1
:
1864 raise Exception("Did not roam to AP1")
1866 def test_ap_ft_ap_oom5(dev
, apdev
):
1867 """WPA2-PSK-FT and AP OOM 5"""
1869 passphrase
= "12345678"
1871 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1872 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1873 bssid0
= hapd0
.own_addr()
1875 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1876 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1879 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1880 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1881 bssid1
= hapd1
.own_addr()
1882 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1883 with
alloc_fail(hapd1
, 1, "=wpa_ft_process_auth_req"):
1884 # This will fail to roam
1887 with
fail_test(hapd1
, 1, "os_get_random;wpa_ft_process_auth_req"):
1888 # This will fail to roam
1891 with
fail_test(hapd1
, 1, "sha256_prf_bits;wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
1892 # This will fail to roam
1895 with
fail_test(hapd1
, 3, "wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
1896 # This will fail to roam
1899 with
fail_test(hapd1
, 1, "wpa_derive_pmk_r1_name;wpa_ft_process_auth_req"):
1900 # This will fail to roam
1903 def test_ap_ft_ap_oom6(dev
, apdev
):
1904 """WPA2-PSK-FT and AP OOM 6"""
1906 passphrase
= "12345678"
1908 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1909 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1910 bssid0
= hapd0
.own_addr()
1912 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1913 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r0;wpa_auth_derive_ptk_ft"):
1914 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1916 dev
[0].request("REMOVE_NETWORK all")
1917 dev
[0].wait_disconnected()
1918 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r1;wpa_auth_derive_ptk_ft"):
1919 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1921 dev
[0].request("REMOVE_NETWORK all")
1922 dev
[0].wait_disconnected()
1923 with
fail_test(hapd0
, 1, "wpa_pmk_r1_to_ptk;wpa_auth_derive_ptk_ft"):
1924 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1927 def test_ap_ft_ap_oom7a(dev
, apdev
):
1928 """WPA2-PSK-FT and AP OOM 7a"""
1930 passphrase
= "12345678"
1932 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1933 params
["ieee80211w"] = "2"
1934 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1935 bssid0
= hapd0
.own_addr()
1937 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1938 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1939 ieee80211w
="2", scan_freq
="2412")
1941 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1942 params
["ieee80211w"] = "2"
1943 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1944 bssid1
= hapd1
.own_addr()
1945 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1946 with
alloc_fail(hapd1
, 1, "wpa_ft_igtk_subelem"):
1947 # This will fail to roam
1950 def test_ap_ft_ap_oom7b(dev
, apdev
):
1951 """WPA2-PSK-FT and AP OOM 7b"""
1953 passphrase
= "12345678"
1955 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1956 params
["ieee80211w"] = "2"
1957 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1958 bssid0
= hapd0
.own_addr()
1960 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1961 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1962 ieee80211w
="2", scan_freq
="2412")
1964 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1965 params
["ieee80211w"] = "2"
1966 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1967 bssid1
= hapd1
.own_addr()
1968 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1969 with
fail_test(hapd1
, 1, "aes_wrap;wpa_ft_igtk_subelem"):
1970 # This will fail to roam
1973 def test_ap_ft_ap_oom7c(dev
, apdev
):
1974 """WPA2-PSK-FT and AP OOM 7c"""
1976 passphrase
= "12345678"
1978 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1979 params
["ieee80211w"] = "2"
1980 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1981 bssid0
= hapd0
.own_addr()
1983 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1984 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1985 ieee80211w
="2", scan_freq
="2412")
1987 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1988 params
["ieee80211w"] = "2"
1989 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1990 bssid1
= hapd1
.own_addr()
1991 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1992 with
alloc_fail(hapd1
, 1, "=wpa_sm_write_assoc_resp_ies"):
1993 # This will fail to roam
1996 def test_ap_ft_ap_oom7d(dev
, apdev
):
1997 """WPA2-PSK-FT and AP OOM 7d"""
1999 passphrase
= "12345678"
2001 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2002 params
["ieee80211w"] = "2"
2003 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2004 bssid0
= hapd0
.own_addr()
2006 dev
[0].scan_for_bss(bssid0
, freq
="2412")
2007 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2008 ieee80211w
="2", scan_freq
="2412")
2010 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2011 params
["ieee80211w"] = "2"
2012 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2013 bssid1
= hapd1
.own_addr()
2014 dev
[0].scan_for_bss(bssid1
, freq
="2412")
2015 with
fail_test(hapd1
, 1, "wpa_ft_mic;wpa_sm_write_assoc_resp_ies"):
2016 # This will fail to roam
2019 def test_ap_ft_ap_oom8(dev
, apdev
):
2020 """WPA2-PSK-FT and AP OOM 8"""
2022 passphrase
= "12345678"
2024 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2025 params
['ft_psk_generate_local'] = "1"
2026 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2027 bssid0
= hapd0
.own_addr()
2029 dev
[0].scan_for_bss(bssid0
, freq
="2412")
2030 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2033 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2034 params
['ft_psk_generate_local'] = "1"
2035 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2036 bssid1
= hapd1
.own_addr()
2037 dev
[0].scan_for_bss(bssid1
, freq
="2412")
2038 with
fail_test(hapd1
, 1, "wpa_derive_pmk_r0;wpa_ft_psk_pmk_r1"):
2039 # This will fail to roam
2041 with
fail_test(hapd1
, 1, "wpa_derive_pmk_r1;wpa_ft_psk_pmk_r1"):
2042 # This will fail to roam
2045 def test_ap_ft_ap_oom9(dev
, apdev
):
2046 """WPA2-PSK-FT and AP OOM 9"""
2048 passphrase
= "12345678"
2050 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2051 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2052 bssid0
= hapd0
.own_addr()
2054 dev
[0].scan_for_bss(bssid0
, freq
="2412")
2055 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2058 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2059 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2060 bssid1
= hapd1
.own_addr()
2061 dev
[0].scan_for_bss(bssid1
, freq
="2412")
2063 with
alloc_fail(hapd0
, 1, "wpa_ft_action_rx"):
2064 # This will fail to roam
2065 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
2066 raise Exception("FT_DS failed")
2067 wait_fail_trigger(hapd0
, "GET_ALLOC_FAIL")
2069 with
alloc_fail(hapd1
, 1, "wpa_ft_rrb_rx_request"):
2070 # This will fail to roam
2071 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
2072 raise Exception("FT_DS failed")
2073 wait_fail_trigger(hapd1
, "GET_ALLOC_FAIL")
2075 with
alloc_fail(hapd1
, 1, "wpa_ft_send_rrb_auth_resp"):
2076 # This will fail to roam
2077 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
2078 raise Exception("FT_DS failed")
2079 wait_fail_trigger(hapd1
, "GET_ALLOC_FAIL")
2081 def test_ap_ft_ap_oom10(dev
, apdev
):
2082 """WPA2-PSK-FT and AP OOM 10"""
2084 passphrase
= "12345678"
2086 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2087 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2088 bssid0
= hapd0
.own_addr()
2090 dev
[0].scan_for_bss(bssid0
, freq
="2412")
2091 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2094 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2095 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2096 bssid1
= hapd1
.own_addr()
2097 dev
[0].scan_for_bss(bssid1
, freq
="2412")
2099 with
fail_test(hapd0
, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_pull"):
2100 # This will fail to roam
2101 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
2102 raise Exception("FT_DS failed")
2103 wait_fail_trigger(hapd0
, "GET_FAIL")
2105 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r1;wpa_ft_rrb_rx_pull"):
2106 # This will fail to roam
2107 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
2108 raise Exception("FT_DS failed")
2109 wait_fail_trigger(hapd0
, "GET_FAIL")
2111 with
fail_test(hapd0
, 1, "aes_siv_encrypt;wpa_ft_rrb_rx_pull"):
2112 # This will fail to roam
2113 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
2114 raise Exception("FT_DS failed")
2115 wait_fail_trigger(hapd0
, "GET_FAIL")
2117 with
fail_test(hapd1
, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_resp"):
2118 # This will fail to roam
2119 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
2120 raise Exception("FT_DS failed")
2121 wait_fail_trigger(hapd1
, "GET_FAIL")
2123 def test_ap_ft_ap_oom11(dev
, apdev
):
2124 """WPA2-PSK-FT and AP OOM 11"""
2126 passphrase
= "12345678"
2128 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2129 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2130 bssid0
= hapd0
.own_addr()
2132 dev
[0].scan_for_bss(bssid0
, freq
="2412")
2133 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r1;wpa_ft_generate_pmk_r1"):
2134 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2136 wait_fail_trigger(hapd0
, "GET_FAIL")
2138 dev
[1].scan_for_bss(bssid0
, freq
="2412")
2139 with
fail_test(hapd0
, 1, "aes_siv_encrypt;wpa_ft_generate_pmk_r1"):
2140 dev
[1].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2142 wait_fail_trigger(hapd0
, "GET_FAIL")
2144 def test_ap_ft_over_ds_proto_ap(dev
, apdev
):
2145 """WPA2-PSK-FT AP over DS protocol testing for AP processing"""
2147 passphrase
= "12345678"
2149 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2150 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2151 bssid0
= hapd0
.own_addr()
2152 _bssid0
= bssid0
.replace(':', '')
2153 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2155 addr
= dev
[0].own_addr()
2156 _addr
= addr
.replace(':', '')
2158 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2159 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2160 bssid1
= hapd1
.own_addr()
2161 _bssid1
= bssid1
.replace(':', '')
2163 hapd0
.set("ext_mgmt_frame_handling", "1")
2164 hdr
= "d0003a01" + _bssid0
+ _addr
+ _bssid0
+ "1000"
2165 valid
= "0601" + _addr
+ _bssid1
2168 "0601" + _addr
+ _bssid0
,
2169 "0601" + _addr
+ "ffffffffffff",
2170 "0601" + _bssid0
+ _bssid0
,
2175 valid
+ "3603ffffff",
2176 valid
+ "3603a1b2ff",
2177 valid
+ "3603a1b2ff" + "3700",
2178 valid
+ "3603a1b2ff" + "37520000" + 16*"00" + 32*"00" + 32*"00",
2179 valid
+ "3603a1b2ff" + "37520001" + 16*"00" + 32*"00" + 32*"00",
2180 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa",
2181 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "3000",
2182 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000facff00000100a225368fe0983b5828a37a0acb37f253",
2183 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac030100000fac0400000100a225368fe0983b5828a37a0acb37f253",
2184 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000fac0400000100a225368fe0983b5828a37a0acb37f253",
2187 hapd0
.dump_monitor()
2188 if "OK" not in hapd0
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr
+ t
):
2189 raise Exception("MGMT_RX_PROCESS failed")
2191 hapd0
.set("ext_mgmt_frame_handling", "0")
2193 def test_ap_ft_over_ds_proto(dev
, apdev
):
2194 """WPA2-PSK-FT AP over DS protocol testing"""
2196 passphrase
= "12345678"
2198 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2199 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2200 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2203 # FT Action Response while no FT-over-DS in progress
2206 msg
['da'] = dev
[0].own_addr()
2207 msg
['sa'] = apdev
[0]['bssid']
2208 msg
['bssid'] = apdev
[0]['bssid']
2209 msg
['payload'] = binascii
.unhexlify("06020200000000000200000004000000")
2212 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2213 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2214 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
2215 hapd0
.set("ext_mgmt_frame_handling", "1")
2216 hapd0
.dump_monitor()
2217 dev
[0].request("FT_DS " + apdev
[1]['bssid'])
2218 for i
in range(0, 10):
2219 req
= hapd0
.mgmt_rx()
2221 raise Exception("MGMT RX wait timed out")
2222 if req
['subtype'] == 13:
2226 raise Exception("FT Action frame not received")
2228 # FT Action Response for unexpected Target AP
2229 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "f20000000400" + "0000")
2232 # FT Action Response without MDIE
2233 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "020000000400" + "0000")
2236 # FT Action Response without FTIE
2237 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201")
2240 # FT Action Response with FTIE SNonce mismatch
2241 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201" + "3766000000000000000000000000000000000000c4e67ac1999bebd00ff4ae4d5dcaf87896bb060b469f7c78d49623fb395c3455ffffff6b693fe6f8d8c5dfac0a22344750775bd09437f98b238c9f87b97f790c0106000102030406030a6e6173312e77312e6669")
2245 def test_ap_ft_rrb(dev
, apdev
):
2246 """WPA2-PSK-FT RRB protocol testing"""
2248 passphrase
= "12345678"
2250 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2251 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2253 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2256 _dst_ll
= binascii
.unhexlify(apdev
[0]['bssid'].replace(':', ''))
2257 _src_ll
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
2259 ehdr
= _dst_ll
+ _src_ll
+ proto
2261 # Too short RRB frame
2262 pkt
= ehdr
+ b
'\x01'
2263 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2264 raise Exception("DATA_TEST_FRAME failed")
2266 # RRB discarded frame wikth unrecognized type
2267 pkt
= ehdr
+ b
'\x02' + b
'\x02' + b
'\x01\x00' + _src_ll
2268 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2269 raise Exception("DATA_TEST_FRAME failed")
2271 # RRB frame too short for action frame
2272 pkt
= ehdr
+ b
'\x01' + b
'\x02' + b
'\x01\x00' + _src_ll
2273 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2274 raise Exception("DATA_TEST_FRAME failed")
2276 # Too short RRB frame (not enough room for Action Frame body)
2277 pkt
= ehdr
+ b
'\x01' + b
'\x02' + b
'\x00\x00' + _src_ll
2278 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2279 raise Exception("DATA_TEST_FRAME failed")
2281 # Unexpected Action frame category
2282 pkt
= ehdr
+ b
'\x01' + b
'\x02' + b
'\x0e\x00' + _src_ll
+ b
'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2283 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2284 raise Exception("DATA_TEST_FRAME failed")
2286 # Unexpected Action in RRB Request
2287 pkt
= ehdr
+ b
'\x01' + b
'\x00' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2288 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2289 raise Exception("DATA_TEST_FRAME failed")
2291 # Target AP address in RRB Request does not match with own address
2292 pkt
= ehdr
+ b
'\x01' + b
'\x00' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2293 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2294 raise Exception("DATA_TEST_FRAME failed")
2296 # Not enough room for status code in RRB Response
2297 pkt
= ehdr
+ b
'\x01' + b
'\x01' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2298 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2299 raise Exception("DATA_TEST_FRAME failed")
2301 # RRB discarded frame with unknown packet_type
2302 pkt
= ehdr
+ b
'\x01' + b
'\x02' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2303 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2304 raise Exception("DATA_TEST_FRAME failed")
2306 # RRB Response with non-zero status code; no STA match
2307 pkt
= ehdr
+ b
'\x01' + b
'\x01' + b
'\x10\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + b
'\xff\xff'
2308 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2309 raise Exception("DATA_TEST_FRAME failed")
2311 # RRB Response with zero status code and extra data; STA match
2312 pkt
= ehdr
+ b
'\x01' + b
'\x01' + b
'\x11\x00' + _src_ll
+ b
'\x06\x01' + _src_ll
+ b
'\x00\x00\x00\x00\x00\x00' + b
'\x00\x00' + b
'\x00'
2313 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2314 raise Exception("DATA_TEST_FRAME failed")
2316 # Too short PMK-R1 pull
2317 pkt
= ehdr
+ b
'\x01' + b
'\xc8' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2318 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2319 raise Exception("DATA_TEST_FRAME failed")
2321 # Too short PMK-R1 resp
2322 pkt
= ehdr
+ b
'\x01' + b
'\xc9' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2323 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2324 raise Exception("DATA_TEST_FRAME failed")
2326 # Too short PMK-R1 push
2327 pkt
= ehdr
+ b
'\x01' + b
'\xca' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2328 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2329 raise Exception("DATA_TEST_FRAME failed")
2331 # No matching R0KH address found for PMK-R0 pull response
2332 pkt
= ehdr
+ b
'\x01' + b
'\xc9' + b
'\x5a\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + 76 * b
'\00'
2333 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2334 raise Exception("DATA_TEST_FRAME failed")
2337 def test_rsn_ie_proto_ft_psk_sta(dev
, apdev
):
2338 """RSN element protocol testing for FT-PSK + PMF cases on STA side"""
2339 bssid
= apdev
[0]['bssid']
2341 passphrase
= "12345678"
2343 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2344 params
["ieee80211w"] = "1"
2345 # This is the RSN element used normally by hostapd
2346 params
['own_ie_override'] = '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'
2347 hapd
= hostapd
.add_ap(apdev
[0], params
)
2348 id = dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2349 ieee80211w
="1", scan_freq
="2412",
2350 pairwise
="CCMP", group
="CCMP")
2352 tests
= [('PMKIDCount field included',
2353 '30160100000fac040100000fac040100000fac048c000000' + '3603a1b201'),
2354 ('Extra IE before RSNE',
2355 'dd0400000000' + '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'),
2356 ('PMKIDCount and Group Management Cipher suite fields included',
2357 '301a0100000fac040100000fac040100000fac048c000000000fac06' + '3603a1b201'),
2358 ('Extra octet after defined fields (future extensibility)',
2359 '301b0100000fac040100000fac040100000fac048c000000000fac0600' + '3603a1b201'),
2360 ('No RSN Capabilities field (PMF disabled in practice)',
2361 '30120100000fac040100000fac040100000fac04' + '3603a1b201')]
2362 for txt
, ie
in tests
:
2363 dev
[0].request("DISCONNECT")
2364 dev
[0].wait_disconnected()
2367 hapd
.set('own_ie_override', ie
)
2369 dev
[0].request("BSS_FLUSH 0")
2370 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
2371 dev
[0].select_network(id, freq
=2412)
2372 dev
[0].wait_connected()
2374 dev
[0].request("DISCONNECT")
2375 dev
[0].wait_disconnected()
2377 logger
.info('Invalid RSNE causing internal hostapd error')
2379 hapd
.set('own_ie_override', '30130100000fac040100000fac040100000fac048c' + '3603a1b201')
2381 dev
[0].request("BSS_FLUSH 0")
2382 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
2383 dev
[0].select_network(id, freq
=2412)
2384 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
2386 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=1)
2388 raise Exception("Unexpected connection")
2389 dev
[0].request("DISCONNECT")
2391 logger
.info('Unexpected PMKID causing internal hostapd error')
2393 hapd
.set('own_ie_override', '30260100000fac040100000fac040100000fac048c000100ffffffffffffffffffffffffffffffff' + '3603a1b201')
2395 dev
[0].request("BSS_FLUSH 0")
2396 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
2397 dev
[0].select_network(id, freq
=2412)
2398 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
2400 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=1)
2402 raise Exception("Unexpected connection")
2403 dev
[0].request("DISCONNECT")
2405 def start_ft(apdev
, wpa_ptk_rekey
=None):
2407 passphrase
= "12345678"
2409 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2411 params
['wpa_ptk_rekey'] = str(wpa_ptk_rekey
)
2412 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2413 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2415 params
['wpa_ptk_rekey'] = str(wpa_ptk_rekey
)
2416 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2420 def check_ptk_rekey(dev
, hapd0
=None, hapd1
=None):
2421 ev
= dev
.wait_event(["CTRL-EVENT-DISCONNECTED",
2422 "WPA: Key negotiation completed"], timeout
=5)
2424 raise Exception("No event received after roam")
2425 if "CTRL-EVENT-DISCONNECTED" in ev
:
2426 raise Exception("Unexpected disconnection after roam")
2428 if not hapd0
or not hapd1
:
2430 if dev
.get_status_field('bssid') == hapd0
.own_addr():
2435 hwsim_utils
.test_connectivity(dev
, hapd
)
2437 def test_ap_ft_ptk_rekey(dev
, apdev
):
2438 """WPA2-PSK-FT PTK rekeying triggered by station after roam"""
2439 hapd0
, hapd1
= start_ft(apdev
)
2440 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", ptk_rekey
="1")
2441 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
2443 def test_ap_ft_ptk_rekey2(dev
, apdev
):
2444 """WPA2-PSK-FT PTK rekeying triggered by station after one roam"""
2445 hapd0
, hapd1
= start_ft(apdev
)
2446 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", ptk_rekey
="1",
2448 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
2450 def test_ap_ft_ptk_rekey_ap(dev
, apdev
):
2451 """WPA2-PSK-FT PTK rekeying triggered by AP after roam"""
2452 hapd0
, hapd1
= start_ft(apdev
, wpa_ptk_rekey
=2)
2453 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678")
2454 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
2456 def test_ap_ft_ptk_rekey_ap2(dev
, apdev
):
2457 """WPA2-PSK-FT PTK rekeying triggered by AP after one roam"""
2458 hapd0
, hapd1
= start_ft(apdev
, wpa_ptk_rekey
=2)
2459 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678",
2461 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
2463 def test_ap_ft_eap_ptk_rekey_ap(dev
, apdev
):
2464 """WPA2-EAP-FT PTK rekeying triggered by AP"""
2465 generic_ap_ft_eap(dev
, apdev
, only_one_way
=True, wpa_ptk_rekey
=2)
2466 check_ptk_rekey(dev
[0])
2468 def test_ap_ft_internal_rrb_check(dev
, apdev
):
2469 """RRB internal delivery only to WPA enabled BSS"""
2471 passphrase
= "12345678"
2473 radius
= hostapd
.radius_params()
2474 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2475 params
['wpa_key_mgmt'] = "FT-EAP"
2476 params
["ieee8021x"] = "1"
2477 params
= dict(list(radius
.items()) + list(params
.items()))
2478 hapd
= hostapd
.add_ap(apdev
[0], params
)
2479 key_mgmt
= hapd
.get_config()['key_mgmt']
2480 if key_mgmt
.split(' ')[0] != "FT-EAP":
2481 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
2483 hapd1
= hostapd
.add_ap(apdev
[1], {"ssid": ssid
})
2485 # Connect to WPA enabled AP
2486 dev
[0].connect(ssid
, key_mgmt
="FT-EAP", proto
="WPA2", ieee80211w
="1",
2487 eap
="GPSK", identity
="gpsk user",
2488 password
="abcdefghijklmnop0123456789abcdef",
2491 # Try over_ds roaming to non-WPA-enabled AP.
2492 # If hostapd does not check hapd->wpa_auth internally, it will crash now.
2493 dev
[0].roam_over_ds(apdev
[1]['bssid'], fail_test
=True)
2495 def test_ap_ft_extra_ie(dev
, apdev
):
2496 """WPA2-PSK-FT AP with WPA2-PSK enabled and unexpected MDE"""
2498 passphrase
= "12345678"
2500 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2501 params
["wpa_key_mgmt"] = "WPA-PSK FT-PSK"
2502 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2503 dev
[1].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2505 dev
[2].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK", proto
="WPA2",
2508 # Add Mobility Domain element to test AP validation code.
2509 dev
[0].request("VENDOR_ELEM_ADD 13 3603a1b201")
2510 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK", proto
="WPA2",
2511 scan_freq
="2412", wait_connect
=False)
2512 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED",
2513 "CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
2515 raise Exception("No connection result")
2516 if "CTRL-EVENT-CONNECTED" in ev
:
2517 raise Exception("Non-FT association accepted with MDE")
2518 if "status_code=43" not in ev
:
2519 raise Exception("Unexpected status code: " + ev
)
2520 dev
[0].request("DISCONNECT")
2522 dev
[0].request("VENDOR_ELEM_REMOVE 13 *")
2524 def test_ap_ft_ric(dev
, apdev
):
2525 """WPA2-PSK-FT AP and RIC"""
2527 passphrase
= "12345678"
2529 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2530 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2531 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2532 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2534 dev
[0].set("ric_ies", "")
2535 dev
[0].set("ric_ies", '""')
2536 if "FAIL" not in dev
[0].request("SET ric_ies q"):
2537 raise Exception("Invalid ric_ies value accepted")
2542 "390400000000" + "390400000000",
2543 "390400000000" + "dd050050f20202",
2544 "390400000000" + "dd3d0050f2020201" + 55*"00",
2545 "390400000000" + "dd3d0050f2020201aa300010270000000000000000000000000000000000000000000000000000ffffff7f00000000000000000000000040420f00ffff0000",
2546 "390401010000" + "dd3d0050f2020201aa3000dc050000000000000000000000000000000000000000000000000000dc050000000000000000000000000000808d5b0028230000"]
2548 dev
[0].set("ric_ies", t
)
2549 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
,
2550 test_connectivity
=False)
2551 dev
[0].request("REMOVE_NETWORK all")
2552 dev
[0].wait_disconnected()
2553 dev
[0].dump_monitor()
2555 def ie_hex(ies
, id):
2556 return binascii
.hexlify(struct
.pack('BB', id, len(ies
[id])) + ies
[id]).decode()
2558 def test_ap_ft_reassoc_proto(dev
, apdev
):
2559 """WPA2-PSK-FT AP Reassociation Request frame parsing"""
2561 passphrase
= "12345678"
2563 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2564 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2565 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2566 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2568 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2569 ieee80211w
="1", scan_freq
="2412")
2570 if dev
[0].get_status_field('bssid') == hapd0
.own_addr():
2577 dev
[0].scan_for_bss(hapd2ap
.own_addr(), freq
="2412")
2578 hapd2ap
.set("ext_mgmt_frame_handling", "1")
2579 dev
[0].request("ROAM " + hapd2ap
.own_addr())
2582 req
= hapd2ap
.mgmt_rx()
2583 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']).decode())
2584 if req
['subtype'] == 11:
2588 req
= hapd2ap
.mgmt_rx()
2589 if req
['subtype'] == 2:
2591 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']).decode())
2593 # IEEE 802.11 header + fixed fields before IEs
2594 hdr
= binascii
.hexlify(req
['frame'][0:34]).decode()
2595 ies
= parse_ie(binascii
.hexlify(req
['frame'][34:]))
2596 # First elements: SSID, Supported Rates, Extended Supported Rates
2597 ies1
= ie_hex(ies
, 0) + ie_hex(ies
, 1) + ie_hex(ies
, 50)
2599 rsne
= ie_hex(ies
, 48)
2600 mde
= ie_hex(ies
, 54)
2601 fte
= ie_hex(ies
, 55)
2603 # RSN: Trying to use FT, but MDIE not included
2605 # RSN: Attempted to use unknown MDIE
2606 tests
+= [rsne
+ "3603000000"]
2607 # Invalid RSN pairwise cipher
2608 tests
+= ["30260100000fac040100000fac030100000fac040000010029208a42cd25c85aa571567dce10dae3"]
2609 # FT: No PMKID in RSNIE
2610 tests
+= ["30160100000fac040100000fac040100000fac0400000000" + ie_hex(ies
, 54)]
2612 tests
+= [rsne
+ mde
]
2613 # FT: RIC IE(s) in the frame, but not included in protected IE count
2614 # FT: Failed to parse FT IEs
2615 tests
+= [rsne
+ mde
+ fte
+ "3900"]
2616 # FT: SNonce mismatch in FTIE
2617 tests
+= [rsne
+ mde
+ "37520000" + 16*"00" + 32*"00" + 32*"00"]
2618 # FT: ANonce mismatch in FTIE
2619 tests
+= [rsne
+ mde
+ fte
[0:40] + 32*"00" + fte
[104:]]
2620 # FT: No R0KH-ID subelem in FTIE
2621 tests
+= [rsne
+ mde
+ "3752" + fte
[4:168]]
2622 # FT: R0KH-ID in FTIE did not match with the current R0KH-ID
2623 tests
+= [rsne
+ mde
+ "3755" + fte
[4:168] + "0301ff"]
2624 # FT: No R1KH-ID subelem in FTIE
2625 tests
+= [rsne
+ mde
+ "375e" + fte
[4:168] + "030a" + binascii
.hexlify(b
"nas1.w1.fi").decode()]
2626 # FT: Unknown R1KH-ID used in ReassocReq
2627 tests
+= [rsne
+ mde
+ "3766" + fte
[4:168] + "030a" + binascii
.hexlify(b
"nas1.w1.fi").decode() + "0106000000000000"]
2628 # FT: PMKID in Reassoc Req did not match with the PMKR1Name derived from auth request
2629 tests
+= [rsne
[:-32] + 16*"00" + mde
+ fte
]
2630 # Invalid MIC in FTIE
2631 tests
+= [rsne
+ mde
+ fte
[0:8] + 16*"00" + fte
[40:]]
2633 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr
+ ies1
+ t
)
2635 def test_ap_ft_reassoc_local_fail(dev
, apdev
):
2636 """WPA2-PSK-FT AP Reassociation Request frame and local failure"""
2638 passphrase
= "12345678"
2640 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2641 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2642 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2643 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2645 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2646 ieee80211w
="1", scan_freq
="2412")
2647 if dev
[0].get_status_field('bssid') == hapd0
.own_addr():
2654 dev
[0].scan_for_bss(hapd2ap
.own_addr(), freq
="2412")
2655 # FT: Failed to calculate MIC
2656 with
fail_test(hapd2ap
, 1, "wpa_ft_validate_reassoc"):
2657 dev
[0].request("ROAM " + hapd2ap
.own_addr())
2658 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
2659 dev
[0].request("DISCONNECT")
2661 raise Exception("Association reject not seen")
2663 def test_ap_ft_reassoc_replay(dev
, apdev
, params
):
2664 """WPA2-PSK-FT AP and replayed Reassociation Request frame"""
2665 capfile
= os
.path
.join(params
['logdir'], "hwsim0.pcapng")
2667 passphrase
= "12345678"
2669 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2670 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2671 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2672 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2674 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2676 if dev
[0].get_status_field('bssid') == hapd0
.own_addr():
2683 dev
[0].scan_for_bss(hapd2ap
.own_addr(), freq
="2412")
2684 hapd2ap
.set("ext_mgmt_frame_handling", "1")
2685 dev
[0].dump_monitor()
2686 if "OK" not in dev
[0].request("ROAM " + hapd2ap
.own_addr()):
2687 raise Exception("ROAM failed")
2692 req
= hapd2ap
.mgmt_rx()
2694 hapd2ap
.dump_monitor()
2695 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']).decode())
2696 if req
['subtype'] == 2:
2698 ev
= hapd2ap
.wait_event(["MGMT-TX-STATUS"], timeout
=5)
2700 raise Exception("No TX status seen")
2701 cmd
= "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev
.split(' ')[1:4]))
2702 if "OK" not in hapd2ap
.request(cmd
):
2703 raise Exception("MGMT_TX_STATUS_PROCESS failed")
2705 hapd2ap
.set("ext_mgmt_frame_handling", "0")
2706 if reassocreq
is None:
2707 raise Exception("No Reassociation Request frame seen")
2708 dev
[0].wait_connected()
2709 dev
[0].dump_monitor()
2710 hapd2ap
.dump_monitor()
2712 hwsim_utils
.test_connectivity(dev
[0], hapd2ap
)
2714 logger
.info("Replay the last Reassociation Request frame")
2715 hapd2ap
.dump_monitor()
2716 hapd2ap
.set("ext_mgmt_frame_handling", "1")
2717 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']).decode())
2718 ev
= hapd2ap
.wait_event(["MGMT-TX-STATUS"], timeout
=5)
2720 raise Exception("No TX status seen")
2721 cmd
= "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev
.split(' ')[1:4]))
2722 if "OK" not in hapd2ap
.request(cmd
):
2723 raise Exception("MGMT_TX_STATUS_PROCESS failed")
2724 hapd2ap
.set("ext_mgmt_frame_handling", "0")
2727 hwsim_utils
.test_connectivity(dev
[0], hapd2ap
)
2732 ap
= hapd2ap
.own_addr()
2733 sta
= dev
[0].own_addr()
2734 filt
= "wlan.fc.type == 2 && " + \
2735 "wlan.da == " + sta
+ " && " + \
2737 fields
= ["wlan.ccmp.extiv"]
2738 res
= run_tshark(capfile
, filt
, fields
)
2739 vals
= res
.splitlines()
2740 logger
.info("CCMP PN: " + str(vals
))
2742 raise Exception("Could not find all CCMP protected frames from capture")
2743 if len(set(vals
)) < len(vals
):
2744 raise Exception("Duplicate CCMP PN used")
2747 raise Exception("The second hwsim connectivity test failed")
2749 def test_ap_ft_psk_file(dev
, apdev
):
2750 """WPA2-PSK-FT AP with PSK from a file"""
2752 passphrase
= "12345678"
2754 params
= ft_params1a(ssid
=ssid
, passphrase
=passphrase
)
2755 params
['wpa_psk_file'] = 'hostapd.wpa_psk'
2756 hapd
= hostapd
.add_ap(apdev
[0], params
)
2758 dev
[1].connect(ssid
, psk
="very secret",
2759 key_mgmt
="FT-PSK", proto
="WPA2", ieee80211w
="1",
2760 scan_freq
="2412", wait_connect
=False)
2761 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2762 ieee80211w
="1", scan_freq
="2412")
2763 dev
[0].request("REMOVE_NETWORK all")
2764 dev
[0].wait_disconnected()
2765 dev
[0].connect(ssid
, psk
="very secret", key_mgmt
="FT-PSK", proto
="WPA2",
2766 ieee80211w
="1", scan_freq
="2412")
2767 dev
[0].request("REMOVE_NETWORK all")
2768 dev
[0].wait_disconnected()
2769 dev
[0].connect(ssid
, psk
="secret passphrase",
2770 key_mgmt
="FT-PSK", proto
="WPA2", ieee80211w
="1",
2772 dev
[2].connect(ssid
, psk
="another passphrase for all STAs",
2773 key_mgmt
="FT-PSK", proto
="WPA2", ieee80211w
="1",
2775 ev
= dev
[1].wait_event(["WPA: 4-Way Handshake failed"], timeout
=10)
2777 raise Exception("Timed out while waiting for failure report")
2778 dev
[1].request("REMOVE_NETWORK all")
2780 def test_ap_ft_eap_ap_config_change(dev
, apdev
):
2781 """WPA2-EAP-FT AP changing from 802.1X-only to FT-only"""
2783 passphrase
= "12345678"
2784 bssid
= apdev
[0]['bssid']
2786 radius
= hostapd
.radius_params()
2787 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
, discovery
=True)
2788 params
['wpa_key_mgmt'] = "WPA-EAP"
2789 params
["ieee8021x"] = "1"
2790 params
["pmk_r1_push"] = "0"
2791 params
["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
2792 params
["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
2793 params
["eap_server"] = "0"
2794 params
= dict(list(radius
.items()) + list(params
.items()))
2795 hapd
= hostapd
.add_ap(apdev
[0], params
)
2797 dev
[0].connect(ssid
, key_mgmt
="FT-EAP WPA-EAP", proto
="WPA2",
2798 eap
="GPSK", identity
="gpsk user",
2799 password
="abcdefghijklmnop0123456789abcdef",
2801 dev
[0].request("DISCONNECT")
2802 dev
[0].wait_disconnected()
2803 dev
[0].dump_monitor()
2806 hapd
.set('wpa_key_mgmt', "FT-EAP")
2809 dev
[0].request("BSS_FLUSH 0")
2810 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
2812 dev
[0].request("RECONNECT")
2813 dev
[0].wait_connected()
2815 def test_ap_ft_eap_sha384(dev
, apdev
):
2816 """WPA2-EAP-FT with SHA384"""
2818 passphrase
= "12345678"
2820 radius
= hostapd
.radius_params()
2821 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2822 params
["ieee80211w"] = "2"
2823 params
['wpa_key_mgmt'] = "FT-EAP-SHA384"
2824 params
["ieee8021x"] = "1"
2825 params
= dict(list(radius
.items()) + list(params
.items()))
2826 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2827 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2828 params
["ieee80211w"] = "2"
2829 params
['wpa_key_mgmt'] = "FT-EAP-SHA384"
2830 params
["ieee8021x"] = "1"
2831 params
= dict(list(radius
.items()) + list(params
.items()))
2832 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2834 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, eap
=True,
2837 def test_ap_ft_eap_sha384_reassoc(dev
, apdev
):
2838 """WPA2-EAP-FT with SHA384 using REASSOCIATE"""
2839 check_suite_b_192_capa(dev
)
2841 passphrase
= "12345678"
2843 radius
= hostapd
.radius_params()
2844 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2845 params
["ieee80211w"] = "2"
2846 params
['wpa_key_mgmt'] = "WPA-EAP-SUITE-B-192 FT-EAP-SHA384"
2847 params
["ieee8021x"] = "1"
2848 params
= dict(list(radius
.items()) + list(params
.items()))
2849 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2850 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2851 params
["ieee80211w"] = "2"
2852 params
['wpa_key_mgmt'] = "WPA-EAP-SUITE-B-192 FT-EAP-SHA384"
2853 params
["ieee8021x"] = "1"
2854 params
= dict(list(radius
.items()) + list(params
.items()))
2855 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2857 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, eap
=True,
2858 sha384
=True, also_non_ft
=True, roam_with_reassoc
=True)
2860 def test_ap_ft_eap_sha384_over_ds(dev
, apdev
):
2861 """WPA2-EAP-FT with SHA384 over DS"""
2863 passphrase
= "12345678"
2865 radius
= hostapd
.radius_params()
2866 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2867 params
["ieee80211w"] = "2"
2868 params
['wpa_key_mgmt'] = "FT-EAP-SHA384"
2869 params
["ieee8021x"] = "1"
2870 params
= dict(list(radius
.items()) + list(params
.items()))
2871 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2872 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2873 params
["ieee80211w"] = "2"
2874 params
['wpa_key_mgmt'] = "FT-EAP-SHA384"
2875 params
["ieee8021x"] = "1"
2876 params
= dict(list(radius
.items()) + list(params
.items()))
2877 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2879 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
2880 eap
=True, sha384
=True)
2882 def test_ap_ft_roam_rrm(dev
, apdev
):
2883 """WPA2-PSK-FT AP and radio measurement request"""
2885 passphrase
= "12345678"
2887 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2888 params
["rrm_beacon_report"] = "1"
2889 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2890 bssid0
= hapd0
.own_addr()
2892 addr
= dev
[0].own_addr()
2893 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2895 check_beacon_req(hapd0
, addr
, 1)
2897 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2898 params
["rrm_beacon_report"] = "1"
2899 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2900 bssid1
= hapd1
.own_addr()
2902 dev
[0].scan_for_bss(bssid1
, freq
=2412)
2904 check_beacon_req(hapd1
, addr
, 2)
2906 dev
[0].scan_for_bss(bssid0
, freq
=2412)
2908 check_beacon_req(hapd0
, addr
, 3)
2910 def test_ap_ft_pmksa_caching(dev
, apdev
):
2911 """FT-EAP and PMKSA caching for initial mobility domain association"""
2913 identity
= "gpsk user"
2915 radius
= hostapd
.radius_params()
2916 params
= ft_params1(ssid
=ssid
)
2917 params
['wpa_key_mgmt'] = "FT-EAP"
2918 params
["ieee8021x"] = "1"
2919 params
["mobility_domain"] = "c3d4"
2920 params
= dict(list(radius
.items()) + list(params
.items()))
2921 hapd
= hostapd
.add_ap(apdev
[0], params
)
2923 params
= ft_params2(ssid
=ssid
)
2924 params
['wpa_key_mgmt'] = "FT-EAP"
2925 params
["ieee8021x"] = "1"
2926 params
["mobility_domain"] = "c3d4"
2927 params
= dict(list(radius
.items()) + list(params
.items()))
2928 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2930 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, None, eap
=True,
2931 eap_identity
=identity
, pmksa_caching
=True)
2933 def test_ap_ft_pmksa_caching_sha384(dev
, apdev
):
2934 """FT-EAP-SHA384 and PMKSA caching for initial mobility domain association"""
2936 identity
= "gpsk user"
2938 radius
= hostapd
.radius_params()
2939 params
= ft_params1(ssid
=ssid
)
2940 params
['wpa_key_mgmt'] = "FT-EAP-SHA384"
2941 params
["ieee8021x"] = "1"
2942 params
["mobility_domain"] = "c3d4"
2943 params
= dict(list(radius
.items()) + list(params
.items()))
2944 hapd
= hostapd
.add_ap(apdev
[0], params
)
2946 params
= ft_params2(ssid
=ssid
)
2947 params
['wpa_key_mgmt'] = "FT-EAP-SHA384"
2948 params
["ieee8021x"] = "1"
2949 params
["mobility_domain"] = "c3d4"
2950 params
= dict(list(radius
.items()) + list(params
.items()))
2951 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2953 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, None, eap
=True,
2954 eap_identity
=identity
, pmksa_caching
=True, sha384
=True)
2956 def test_ap_ft_r1_key_expiration(dev
, apdev
):
2957 """WPA2-PSK-FT and PMK-R1 expiration"""
2959 passphrase
= "12345678"
2961 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2962 params
['r1_max_key_lifetime'] = "2"
2963 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2964 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2965 params
['r1_max_key_lifetime'] = "2"
2966 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2968 # This succeeds, but results in having to run another PMK-R1 pull before the
2969 # second AP can complete FT protocol.
2970 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, wait_before_roam
=4)
2972 def test_ap_ft_r0_key_expiration(dev
, apdev
):
2973 """WPA2-PSK-FT and PMK-R0 expiration"""
2975 passphrase
= "12345678"
2977 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2978 params
['ft_r0_key_lifetime'] = "2"
2979 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2980 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2981 params
['ft_r0_key_lifetime'] = "2"
2982 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2984 bssid2
= run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
,
2985 return_after_initial
=True)
2987 dev
[0].scan_for_bss(bssid2
, freq
="2412")
2988 if "OK" not in dev
[0].request("ROAM " + bssid2
):
2989 raise Exception("ROAM failed")
2990 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED",
2991 "CTRL-EVENT-AUTH-REJECT",
2992 "CTRL-EVENT-ASSOC-REJECT"], timeout
=5)
2993 dev
[0].request("DISCONNECT")
2994 if ev
is None or "CTRL-EVENT-AUTH-REJECT" not in ev
:
2995 raise Exception("FT protocol failure not reported")
2996 if "status_code=53" not in ev
:
2997 raise Exception("Unexpected status in FT protocol failure: " + ev
)
2999 # Generate a new PMK-R0
3000 dev
[0].dump_monitor()
3001 dev
[0].request("RECONNECT")
3002 dev
[0].wait_connected()