]> git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_ap_ft.py
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tests: WPA2-EAP-FT with SHA384 using REASSOCIATE
[thirdparty/hostap.git] / tests / hwsim / test_ap_ft.py
1 # Fast BSS Transition tests
2 # Copyright (c) 2013-2019, Jouni Malinen <j@w1.fi>
3 #
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
6
7 from remotehost import remote_compatible
8 import binascii
9 import os
10 import time
11 import logging
12 logger = logging.getLogger()
13 import signal
14 import struct
15 import subprocess
16
17 import hwsim_utils
18 from hwsim import HWSimRadio
19 import hostapd
20 from tshark import run_tshark
21 from utils import HwsimSkip, alloc_fail, fail_test, wait_fail_trigger, skip_with_fips, parse_ie
22 from wlantest import Wlantest
23 from test_ap_psk import check_mib, find_wpas_process, read_process_memory, verify_not_present, get_key_locations
24 from test_rrm import check_beacon_req
25
26 def ft_base_rsn():
27 params = {"wpa": "2",
28 "wpa_key_mgmt": "FT-PSK",
29 "rsn_pairwise": "CCMP"}
30 return params
31
32 def ft_base_mixed():
33 params = {"wpa": "3",
34 "wpa_key_mgmt": "WPA-PSK FT-PSK",
35 "wpa_pairwise": "TKIP",
36 "rsn_pairwise": "CCMP"}
37 return params
38
39 def ft_params(rsn=True, ssid=None, passphrase=None):
40 if rsn:
41 params = ft_base_rsn()
42 else:
43 params = ft_base_mixed()
44 if ssid:
45 params["ssid"] = ssid
46 if passphrase:
47 params["wpa_passphrase"] = passphrase
48
49 params["mobility_domain"] = "a1b2"
50 params["r0_key_lifetime"] = "10000"
51 params["pmk_r1_push"] = "1"
52 params["reassociation_deadline"] = "1000"
53 return params
54
55 def ft_params1a(rsn=True, ssid=None, passphrase=None):
56 params = ft_params(rsn, ssid, passphrase)
57 params['nas_identifier'] = "nas1.w1.fi"
58 params['r1_key_holder'] = "000102030405"
59 return params
60
61 def ft_params1(rsn=True, ssid=None, passphrase=None, discovery=False):
62 params = ft_params1a(rsn, ssid, passphrase)
63 if discovery:
64 params['r0kh'] = "ff:ff:ff:ff:ff:ff * 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
65 params['r1kh'] = "00:00:00:00:00:00 00:00:00:00:00:00 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
66 else:
67 params['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f",
68 "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"]
69 params['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f"
70 return params
71
72 def ft_params1_old_key(rsn=True, ssid=None, passphrase=None):
73 params = ft_params1a(rsn, ssid, passphrase)
74 params['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f",
75 "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f"]
76 params['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f"
77 return params
78
79 def ft_params2a(rsn=True, ssid=None, passphrase=None):
80 params = ft_params(rsn, ssid, passphrase)
81 params['nas_identifier'] = "nas2.w1.fi"
82 params['r1_key_holder'] = "000102030406"
83 return params
84
85 def ft_params2(rsn=True, ssid=None, passphrase=None, discovery=False):
86 params = ft_params2a(rsn, ssid, passphrase)
87 if discovery:
88 params['r0kh'] = "ff:ff:ff:ff:ff:ff * 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
89 params['r1kh'] = "00:00:00:00:00:00 00:00:00:00:00:00 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
90 else:
91 params['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f",
92 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f"]
93 params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"
94 return params
95
96 def ft_params2_old_key(rsn=True, ssid=None, passphrase=None):
97 params = ft_params2a(rsn, ssid, passphrase)
98 params['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f",
99 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f"]
100 params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f"
101 return params
102
103 def ft_params1_r0kh_mismatch(rsn=True, ssid=None, passphrase=None):
104 params = ft_params(rsn, ssid, passphrase)
105 params['nas_identifier'] = "nas1.w1.fi"
106 params['r1_key_holder'] = "000102030405"
107 params['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f",
108 "12:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"]
109 params['r1kh'] = "12:00:00:00:04:00 10:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f"
110 return params
111
112 def ft_params2_incorrect_rrb_key(rsn=True, ssid=None, passphrase=None):
113 params = ft_params(rsn, ssid, passphrase)
114 params['nas_identifier'] = "nas2.w1.fi"
115 params['r1_key_holder'] = "000102030406"
116 params['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0ef1200102030405060708090a0b0c0d0ef1",
117 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0ef2000102030405060708090a0b0c0d0ef2"]
118 params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0ef3300102030405060708090a0b0c0d0ef3"
119 return params
120
121 def ft_params2_r0kh_mismatch(rsn=True, ssid=None, passphrase=None):
122 params = ft_params(rsn, ssid, passphrase)
123 params['nas_identifier'] = "nas2.w1.fi"
124 params['r1_key_holder'] = "000102030406"
125 params['r0kh'] = ["12:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f",
126 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f"]
127 params['r1kh'] = "12:00:00:00:03:00 10:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"
128 return params
129
130 def run_roams(dev, apdev, hapd0, hapd1, ssid, passphrase, over_ds=False,
131 sae=False, eap=False, fail_test=False, roams=1,
132 pairwise_cipher="CCMP", group_cipher="TKIP CCMP", ptk_rekey="0",
133 test_connectivity=True, eap_identity="gpsk user", conndev=False,
134 force_initial_conn_to_first_ap=False, sha384=False,
135 group_mgmt=None, ocv=None, sae_password=None,
136 sae_password_id=None, sae_and_psk=False, pmksa_caching=False,
137 roam_with_reassoc=False, also_non_ft=False):
138 logger.info("Connect to first AP")
139
140 copts = {}
141 copts["proto"] = "WPA2"
142 copts["ieee80211w"] = "1"
143 copts["scan_freq"] = "2412"
144 copts["pairwise"] = pairwise_cipher
145 copts["group"] = group_cipher
146 copts["wpa_ptk_rekey"] = ptk_rekey
147 if group_mgmt:
148 copts["group_mgmt"] = group_mgmt
149 if ocv:
150 copts["ocv"] = ocv
151 if eap:
152 if also_non_ft:
153 copts["key_mgmt"] = "WPA-EAP-SUITE-B-192 FT-EAP-SHA384" if sha384 else "WPA-EAP FT-EAP"
154 else:
155 copts["key_mgmt"] = "FT-EAP-SHA384" if sha384 else "FT-EAP"
156 copts["eap"] = "GPSK"
157 copts["identity"] = eap_identity
158 copts["password"] = "abcdefghijklmnop0123456789abcdef"
159 else:
160 if sae:
161 copts["key_mgmt"] = "SAE FT-SAE" if sae_and_psk else "FT-SAE"
162 else:
163 copts["key_mgmt"] = "FT-PSK"
164 if passphrase:
165 copts["psk"] = passphrase
166 if sae_password:
167 copts["sae_password"] = sae_password
168 if sae_password_id:
169 copts["sae_password_id"] = sae_password_id
170 if force_initial_conn_to_first_ap:
171 copts["bssid"] = apdev[0]['bssid']
172 netw = dev.connect(ssid, **copts)
173 if pmksa_caching:
174 dev.request("DISCONNECT")
175 dev.wait_disconnected()
176 dev.request("RECONNECT")
177 ev = dev.wait_event(["CTRL-EVENT-CONNECTED", "CTRL-EVENT-DISCONNECTED"],
178 timeout=15)
179 if ev is None:
180 raise Exception("Reconnect timed out")
181 if "CTRL-EVENT-DISCONNECTED" in ev:
182 raise Exception("Unexpected disconnection after RECONNECT")
183
184 if dev.get_status_field('bssid') == apdev[0]['bssid']:
185 ap1 = apdev[0]
186 ap2 = apdev[1]
187 hapd1ap = hapd0
188 hapd2ap = hapd1
189 else:
190 ap1 = apdev[1]
191 ap2 = apdev[0]
192 hapd1ap = hapd1
193 hapd2ap = hapd0
194 if test_connectivity:
195 if conndev:
196 hwsim_utils.test_connectivity_iface(dev, hapd1ap, conndev)
197 else:
198 hwsim_utils.test_connectivity(dev, hapd1ap)
199
200 dev.scan_for_bss(ap2['bssid'], freq="2412")
201
202 for i in range(0, roams):
203 # Roaming artificially fast can make data test fail because the key is
204 # set later.
205 time.sleep(0.01)
206 logger.info("Roam to the second AP")
207 if roam_with_reassoc:
208 dev.set_network(netw, "bssid", ap2['bssid'])
209 dev.request("REASSOCIATE")
210 dev.wait_connected()
211 elif over_ds:
212 dev.roam_over_ds(ap2['bssid'], fail_test=fail_test)
213 else:
214 dev.roam(ap2['bssid'], fail_test=fail_test)
215 if fail_test:
216 return
217 if dev.get_status_field('bssid') != ap2['bssid']:
218 raise Exception("Did not connect to correct AP")
219 if (i == 0 or i == roams - 1) and test_connectivity:
220 if conndev:
221 hwsim_utils.test_connectivity_iface(dev, hapd2ap, conndev)
222 else:
223 hwsim_utils.test_connectivity(dev, hapd2ap)
224
225 # Roaming artificially fast can make data test fail because the key is
226 # set later.
227 time.sleep(0.01)
228 logger.info("Roam back to the first AP")
229 if roam_with_reassoc:
230 dev.set_network(netw, "bssid", ap1['bssid'])
231 dev.request("REASSOCIATE")
232 dev.wait_connected()
233 elif over_ds:
234 dev.roam_over_ds(ap1['bssid'])
235 else:
236 dev.roam(ap1['bssid'])
237 if dev.get_status_field('bssid') != ap1['bssid']:
238 raise Exception("Did not connect to correct AP")
239 if (i == 0 or i == roams - 1) and test_connectivity:
240 if conndev:
241 hwsim_utils.test_connectivity_iface(dev, hapd1ap, conndev)
242 else:
243 hwsim_utils.test_connectivity(dev, hapd1ap)
244
245 def test_ap_ft(dev, apdev):
246 """WPA2-PSK-FT AP"""
247 ssid = "test-ft"
248 passphrase = "12345678"
249
250 params = ft_params1(ssid=ssid, passphrase=passphrase)
251 hapd0 = hostapd.add_ap(apdev[0], params)
252 params = ft_params2(ssid=ssid, passphrase=passphrase)
253 hapd1 = hostapd.add_ap(apdev[1], params)
254
255 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
256 if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"):
257 raise Exception("Scan results missing RSN element info")
258
259 def test_ap_ft_old_key(dev, apdev):
260 """WPA2-PSK-FT AP (old key)"""
261 ssid = "test-ft"
262 passphrase = "12345678"
263
264 params = ft_params1_old_key(ssid=ssid, passphrase=passphrase)
265 hapd0 = hostapd.add_ap(apdev[0], params)
266 params = ft_params2_old_key(ssid=ssid, passphrase=passphrase)
267 hapd1 = hostapd.add_ap(apdev[1], params)
268
269 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
270
271 def test_ap_ft_multi_akm(dev, apdev):
272 """WPA2-PSK-FT AP with non-FT AKMs enabled"""
273 ssid = "test-ft"
274 passphrase = "12345678"
275
276 params = ft_params1(ssid=ssid, passphrase=passphrase)
277 params["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256"
278 hapd0 = hostapd.add_ap(apdev[0], params)
279 params = ft_params2(ssid=ssid, passphrase=passphrase)
280 params["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256"
281 hapd1 = hostapd.add_ap(apdev[1], params)
282
283 Wlantest.setup(hapd0)
284 wt = Wlantest()
285 wt.flush()
286 wt.add_passphrase(passphrase)
287
288 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
289 if "[WPA2-PSK+FT/PSK+PSK-SHA256-CCMP]" not in dev[0].request("SCAN_RESULTS"):
290 raise Exception("Scan results missing RSN element info")
291 dev[1].connect(ssid, psk=passphrase, scan_freq="2412")
292 dev[2].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK-SHA256",
293 scan_freq="2412")
294
295 def test_ap_ft_local_key_gen(dev, apdev):
296 """WPA2-PSK-FT AP with local key generation (without pull/push)"""
297 ssid = "test-ft"
298 passphrase = "12345678"
299
300 params = ft_params1a(ssid=ssid, passphrase=passphrase)
301 params['ft_psk_generate_local'] = "1"
302 del params['pmk_r1_push']
303 hapd0 = hostapd.add_ap(apdev[0], params)
304 params = ft_params2a(ssid=ssid, passphrase=passphrase)
305 params['ft_psk_generate_local'] = "1"
306 del params['pmk_r1_push']
307 hapd1 = hostapd.add_ap(apdev[1], params)
308
309 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
310 if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"):
311 raise Exception("Scan results missing RSN element info")
312
313 def test_ap_ft_vlan(dev, apdev):
314 """WPA2-PSK-FT AP with VLAN"""
315 ssid = "test-ft"
316 passphrase = "12345678"
317
318 params = ft_params1(ssid=ssid, passphrase=passphrase)
319 params['dynamic_vlan'] = "1"
320 params['accept_mac_file'] = "hostapd.accept"
321 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
322
323 params = ft_params2(ssid=ssid, passphrase=passphrase)
324 params['dynamic_vlan'] = "1"
325 params['accept_mac_file'] = "hostapd.accept"
326 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
327
328 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, conndev="brvlan1")
329 if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"):
330 raise Exception("Scan results missing RSN element info")
331
332 def test_ap_ft_vlan_disconnected(dev, apdev):
333 """WPA2-PSK-FT AP with VLAN and local key generation"""
334 ssid = "test-ft"
335 passphrase = "12345678"
336
337 params = ft_params1a(ssid=ssid, passphrase=passphrase)
338 params['dynamic_vlan'] = "1"
339 params['accept_mac_file'] = "hostapd.accept"
340 params['ft_psk_generate_local'] = "1"
341 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
342
343 params = ft_params2a(ssid=ssid, passphrase=passphrase)
344 params['dynamic_vlan'] = "1"
345 params['accept_mac_file'] = "hostapd.accept"
346 params['ft_psk_generate_local'] = "1"
347 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
348
349 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, conndev="brvlan1")
350 if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"):
351 raise Exception("Scan results missing RSN element info")
352
353 def test_ap_ft_vlan_2(dev, apdev):
354 """WPA2-PSK-FT AP with VLAN and dest-AP does not have VLAN info locally"""
355 ssid = "test-ft"
356 passphrase = "12345678"
357
358 params = ft_params1(ssid=ssid, passphrase=passphrase)
359 params['dynamic_vlan'] = "1"
360 params['accept_mac_file'] = "hostapd.accept"
361 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
362
363 params = ft_params2(ssid=ssid, passphrase=passphrase)
364 params['dynamic_vlan'] = "1"
365 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
366
367 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, conndev="brvlan1",
368 force_initial_conn_to_first_ap=True)
369 if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"):
370 raise Exception("Scan results missing RSN element info")
371
372 def test_ap_ft_many(dev, apdev):
373 """WPA2-PSK-FT AP multiple times"""
374 ssid = "test-ft"
375 passphrase = "12345678"
376
377 params = ft_params1(ssid=ssid, passphrase=passphrase)
378 hapd0 = hostapd.add_ap(apdev[0], params)
379 params = ft_params2(ssid=ssid, passphrase=passphrase)
380 hapd1 = hostapd.add_ap(apdev[1], params)
381
382 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, roams=50)
383
384 def test_ap_ft_many_vlan(dev, apdev):
385 """WPA2-PSK-FT AP with VLAN multiple times"""
386 ssid = "test-ft"
387 passphrase = "12345678"
388
389 params = ft_params1(ssid=ssid, passphrase=passphrase)
390 params['dynamic_vlan'] = "1"
391 params['accept_mac_file'] = "hostapd.accept"
392 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
393
394 params = ft_params2(ssid=ssid, passphrase=passphrase)
395 params['dynamic_vlan'] = "1"
396 params['accept_mac_file'] = "hostapd.accept"
397 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
398
399 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, roams=50,
400 conndev="brvlan1")
401
402 def test_ap_ft_mixed(dev, apdev):
403 """WPA2-PSK-FT mixed-mode AP"""
404 ssid = "test-ft-mixed"
405 passphrase = "12345678"
406
407 params = ft_params1(rsn=False, ssid=ssid, passphrase=passphrase)
408 hapd = hostapd.add_ap(apdev[0], params)
409 key_mgmt = hapd.get_config()['key_mgmt']
410 vals = key_mgmt.split(' ')
411 if vals[0] != "WPA-PSK" or vals[1] != "FT-PSK":
412 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
413 params = ft_params2(rsn=False, ssid=ssid, passphrase=passphrase)
414 hapd1 = hostapd.add_ap(apdev[1], params)
415
416 run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase)
417
418 def test_ap_ft_pmf(dev, apdev):
419 """WPA2-PSK-FT AP with PMF"""
420 ssid = "test-ft"
421 passphrase = "12345678"
422
423 params = ft_params1(ssid=ssid, passphrase=passphrase)
424 params["ieee80211w"] = "2"
425 hapd0 = hostapd.add_ap(apdev[0], params)
426 params = ft_params2(ssid=ssid, passphrase=passphrase)
427 params["ieee80211w"] = "2"
428 hapd1 = hostapd.add_ap(apdev[1], params)
429
430 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
431
432 def test_ap_ft_pmf_bip_cmac_128(dev, apdev):
433 """WPA2-PSK-FT AP with PMF/BIP-CMAC-128"""
434 run_ap_ft_pmf_bip(dev, apdev, "AES-128-CMAC")
435
436 def test_ap_ft_pmf_bip_gmac_128(dev, apdev):
437 """WPA2-PSK-FT AP with PMF/BIP-GMAC-128"""
438 run_ap_ft_pmf_bip(dev, apdev, "BIP-GMAC-128")
439
440 def test_ap_ft_pmf_bip_gmac_256(dev, apdev):
441 """WPA2-PSK-FT AP with PMF/BIP-GMAC-256"""
442 run_ap_ft_pmf_bip(dev, apdev, "BIP-GMAC-256")
443
444 def test_ap_ft_pmf_bip_cmac_256(dev, apdev):
445 """WPA2-PSK-FT AP with PMF/BIP-CMAC-256"""
446 run_ap_ft_pmf_bip(dev, apdev, "BIP-CMAC-256")
447
448 def run_ap_ft_pmf_bip(dev, apdev, cipher):
449 if cipher not in dev[0].get_capability("group_mgmt"):
450 raise HwsimSkip("Cipher %s not supported" % cipher)
451
452 ssid = "test-ft"
453 passphrase = "12345678"
454
455 params = ft_params1(ssid=ssid, passphrase=passphrase)
456 params["ieee80211w"] = "2"
457 params["group_mgmt_cipher"] = cipher
458 hapd0 = hostapd.add_ap(apdev[0], params)
459 params = ft_params2(ssid=ssid, passphrase=passphrase)
460 params["ieee80211w"] = "2"
461 params["group_mgmt_cipher"] = cipher
462 hapd1 = hostapd.add_ap(apdev[1], params)
463
464 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase,
465 group_mgmt=cipher)
466
467 def test_ap_ft_ocv(dev, apdev):
468 """WPA2-PSK-FT AP with OCV"""
469 ssid = "test-ft"
470 passphrase = "12345678"
471
472 params = ft_params1(ssid=ssid, passphrase=passphrase)
473 params["ieee80211w"] = "2"
474 params["ocv"] = "1"
475 try:
476 hapd0 = hostapd.add_ap(apdev[0], params)
477 except Exception as e:
478 if "Failed to set hostapd parameter ocv" in str(e):
479 raise HwsimSkip("OCV not supported")
480 raise
481 params = ft_params2(ssid=ssid, passphrase=passphrase)
482 params["ieee80211w"] = "2"
483 params["ocv"] = "1"
484 hapd1 = hostapd.add_ap(apdev[1], params)
485
486 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, ocv="1")
487
488 def test_ap_ft_over_ds(dev, apdev):
489 """WPA2-PSK-FT AP over DS"""
490 ssid = "test-ft"
491 passphrase = "12345678"
492
493 params = ft_params1(ssid=ssid, passphrase=passphrase)
494 hapd0 = hostapd.add_ap(apdev[0], params)
495 params = ft_params2(ssid=ssid, passphrase=passphrase)
496 hapd1 = hostapd.add_ap(apdev[1], params)
497
498 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True)
499 check_mib(dev[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"),
500 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4")])
501
502 def cleanup_ap_ft_separate_hostapd():
503 subprocess.call(["brctl", "delif", "br0ft", "veth0"],
504 stderr=open('/dev/null', 'w'))
505 subprocess.call(["brctl", "delif", "br1ft", "veth1"],
506 stderr=open('/dev/null', 'w'))
507 subprocess.call(["ip", "link", "del", "veth0"],
508 stderr=open('/dev/null', 'w'))
509 subprocess.call(["ip", "link", "del", "veth1"],
510 stderr=open('/dev/null', 'w'))
511 for ifname in ['br0ft', 'br1ft', 'br-ft']:
512 subprocess.call(['ip', 'link', 'set', 'dev', ifname, 'down'],
513 stderr=open('/dev/null', 'w'))
514 subprocess.call(['brctl', 'delbr', ifname],
515 stderr=open('/dev/null', 'w'))
516
517 def test_ap_ft_separate_hostapd(dev, apdev, params):
518 """WPA2-PSK-FT AP and separate hostapd process"""
519 try:
520 run_ap_ft_separate_hostapd(dev, apdev, params, False)
521 finally:
522 cleanup_ap_ft_separate_hostapd()
523
524 def test_ap_ft_over_ds_separate_hostapd(dev, apdev, params):
525 """WPA2-PSK-FT AP over DS and separate hostapd process"""
526 try:
527 run_ap_ft_separate_hostapd(dev, apdev, params, True)
528 finally:
529 cleanup_ap_ft_separate_hostapd()
530
531 def run_ap_ft_separate_hostapd(dev, apdev, params, over_ds):
532 ssid = "test-ft"
533 passphrase = "12345678"
534 logdir = params['logdir']
535 pidfile = os.path.join(logdir, 'ap_ft_over_ds_separate_hostapd.pid')
536 logfile = os.path.join(logdir, 'ap_ft_over_ds_separate_hostapd.hapd')
537 global_ctrl = '/var/run/hostapd-ft'
538 br_ifname = 'br-ft'
539
540 try:
541 subprocess.check_call(['brctl', 'addbr', br_ifname])
542 subprocess.check_call(['brctl', 'setfd', br_ifname, '0'])
543 subprocess.check_call(['ip', 'link', 'set', 'dev', br_ifname, 'up'])
544
545 subprocess.check_call(["ip", "link", "add", "veth0", "type", "veth",
546 "peer", "name", "veth0br"])
547 subprocess.check_call(["ip", "link", "add", "veth1", "type", "veth",
548 "peer", "name", "veth1br"])
549 subprocess.check_call(['ip', 'link', 'set', 'dev', 'veth0br', 'up'])
550 subprocess.check_call(['ip', 'link', 'set', 'dev', 'veth1br', 'up'])
551 subprocess.check_call(['brctl', 'addif', br_ifname, 'veth0br'])
552 subprocess.check_call(['brctl', 'addif', br_ifname, 'veth1br'])
553
554 subprocess.check_call(['brctl', 'addbr', 'br0ft'])
555 subprocess.check_call(['brctl', 'setfd', 'br0ft', '0'])
556 subprocess.check_call(['ip', 'link', 'set', 'dev', 'br0ft', 'up'])
557 subprocess.check_call(['ip', 'link', 'set', 'dev', 'veth0', 'up'])
558 subprocess.check_call(['brctl', 'addif', 'br0ft', 'veth0'])
559 subprocess.check_call(['brctl', 'addbr', 'br1ft'])
560 subprocess.check_call(['brctl', 'setfd', 'br1ft', '0'])
561 subprocess.check_call(['ip', 'link', 'set', 'dev', 'br1ft', 'up'])
562 subprocess.check_call(['ip', 'link', 'set', 'dev', 'veth1', 'up'])
563 subprocess.check_call(['brctl', 'addif', 'br1ft', 'veth1'])
564 except subprocess.CalledProcessError:
565 raise HwsimSkip("Bridge or veth not supported (kernel CONFIG_VETH)")
566
567 with HWSimRadio() as (radio, iface):
568 prg = os.path.join(logdir, 'alt-hostapd/hostapd/hostapd')
569 if not os.path.exists(prg):
570 prg = '../../hostapd/hostapd'
571 cmd = [prg, '-B', '-ddKt',
572 '-P', pidfile, '-f', logfile, '-g', global_ctrl]
573 subprocess.check_call(cmd)
574
575 hglobal = hostapd.HostapdGlobal(global_ctrl_override=global_ctrl)
576 apdev_ft = {'ifname': iface}
577 apdev2 = [apdev_ft, apdev[1]]
578
579 params = ft_params1(ssid=ssid, passphrase=passphrase)
580 params["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
581 params["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
582 params['bridge'] = 'br0ft'
583 hapd0 = hostapd.add_ap(apdev2[0], params,
584 global_ctrl_override=global_ctrl)
585 apdev2[0]['bssid'] = hapd0.own_addr()
586 params = ft_params2(ssid=ssid, passphrase=passphrase)
587 params["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
588 params["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
589 params['bridge'] = 'br1ft'
590 hapd1 = hostapd.add_ap(apdev2[1], params)
591
592 run_roams(dev[0], apdev2, hapd0, hapd1, ssid, passphrase,
593 over_ds=over_ds, test_connectivity=False)
594
595 hglobal.terminate()
596
597 if os.path.exists(pidfile):
598 with open(pidfile, 'r') as f:
599 pid = int(f.read())
600 f.close()
601 os.kill(pid, signal.SIGTERM)
602
603 def test_ap_ft_over_ds_ocv(dev, apdev):
604 """WPA2-PSK-FT AP over DS"""
605 ssid = "test-ft"
606 passphrase = "12345678"
607
608 params = ft_params1(ssid=ssid, passphrase=passphrase)
609 params["ieee80211w"] = "2"
610 params["ocv"] = "1"
611 try:
612 hapd0 = hostapd.add_ap(apdev[0], params)
613 except Exception as e:
614 if "Failed to set hostapd parameter ocv" in str(e):
615 raise HwsimSkip("OCV not supported")
616 raise
617 params = ft_params2(ssid=ssid, passphrase=passphrase)
618 params["ieee80211w"] = "2"
619 params["ocv"] = "1"
620 hapd1 = hostapd.add_ap(apdev[1], params)
621
622 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
623 ocv="1")
624
625 def test_ap_ft_over_ds_disabled(dev, apdev):
626 """WPA2-PSK-FT AP over DS disabled"""
627 ssid = "test-ft"
628 passphrase = "12345678"
629
630 params = ft_params1(ssid=ssid, passphrase=passphrase)
631 params['ft_over_ds'] = '0'
632 hapd0 = hostapd.add_ap(apdev[0], params)
633 params = ft_params2(ssid=ssid, passphrase=passphrase)
634 params['ft_over_ds'] = '0'
635 hapd1 = hostapd.add_ap(apdev[1], params)
636
637 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
638 fail_test=True)
639
640 def test_ap_ft_vlan_over_ds(dev, apdev):
641 """WPA2-PSK-FT AP over DS with VLAN"""
642 ssid = "test-ft"
643 passphrase = "12345678"
644
645 params = ft_params1(ssid=ssid, passphrase=passphrase)
646 params['dynamic_vlan'] = "1"
647 params['accept_mac_file'] = "hostapd.accept"
648 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
649 params = ft_params2(ssid=ssid, passphrase=passphrase)
650 params['dynamic_vlan'] = "1"
651 params['accept_mac_file'] = "hostapd.accept"
652 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
653
654 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
655 conndev="brvlan1")
656 check_mib(dev[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"),
657 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4")])
658
659 def test_ap_ft_over_ds_many(dev, apdev):
660 """WPA2-PSK-FT AP over DS multiple times"""
661 ssid = "test-ft"
662 passphrase = "12345678"
663
664 params = ft_params1(ssid=ssid, passphrase=passphrase)
665 hapd0 = hostapd.add_ap(apdev[0], params)
666 params = ft_params2(ssid=ssid, passphrase=passphrase)
667 hapd1 = hostapd.add_ap(apdev[1], params)
668
669 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
670 roams=50)
671
672 def test_ap_ft_vlan_over_ds_many(dev, apdev):
673 """WPA2-PSK-FT AP over DS with VLAN multiple times"""
674 ssid = "test-ft"
675 passphrase = "12345678"
676
677 params = ft_params1(ssid=ssid, passphrase=passphrase)
678 params['dynamic_vlan'] = "1"
679 params['accept_mac_file'] = "hostapd.accept"
680 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
681 params = ft_params2(ssid=ssid, passphrase=passphrase)
682 params['dynamic_vlan'] = "1"
683 params['accept_mac_file'] = "hostapd.accept"
684 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
685
686 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
687 roams=50, conndev="brvlan1")
688
689 @remote_compatible
690 def test_ap_ft_over_ds_unknown_target(dev, apdev):
691 """WPA2-PSK-FT AP"""
692 ssid = "test-ft"
693 passphrase = "12345678"
694
695 params = ft_params1(ssid=ssid, passphrase=passphrase)
696 hapd0 = hostapd.add_ap(apdev[0], params)
697
698 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
699 scan_freq="2412")
700 dev[0].roam_over_ds("02:11:22:33:44:55", fail_test=True)
701
702 @remote_compatible
703 def test_ap_ft_over_ds_unexpected(dev, apdev):
704 """WPA2-PSK-FT AP over DS and unexpected response"""
705 ssid = "test-ft"
706 passphrase = "12345678"
707
708 params = ft_params1(ssid=ssid, passphrase=passphrase)
709 hapd0 = hostapd.add_ap(apdev[0], params)
710 params = ft_params2(ssid=ssid, passphrase=passphrase)
711 hapd1 = hostapd.add_ap(apdev[1], params)
712
713 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
714 scan_freq="2412")
715 if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
716 ap1 = apdev[0]
717 ap2 = apdev[1]
718 hapd1ap = hapd0
719 hapd2ap = hapd1
720 else:
721 ap1 = apdev[1]
722 ap2 = apdev[0]
723 hapd1ap = hapd1
724 hapd2ap = hapd0
725
726 addr = dev[0].own_addr()
727 hapd1ap.set("ext_mgmt_frame_handling", "1")
728 logger.info("Foreign STA address")
729 msg = {}
730 msg['fc'] = 13 << 4
731 msg['da'] = addr
732 msg['sa'] = ap1['bssid']
733 msg['bssid'] = ap1['bssid']
734 msg['payload'] = binascii.unhexlify("06021122334455660102030405060000")
735 hapd1ap.mgmt_tx(msg)
736
737 logger.info("No over-the-DS in progress")
738 msg['payload'] = binascii.unhexlify("0602" + addr.replace(':', '') + "0102030405060000")
739 hapd1ap.mgmt_tx(msg)
740
741 logger.info("Non-zero status code")
742 msg['payload'] = binascii.unhexlify("0602" + addr.replace(':', '') + "0102030405060100")
743 hapd1ap.mgmt_tx(msg)
744
745 hapd1ap.dump_monitor()
746
747 dev[0].scan_for_bss(ap2['bssid'], freq="2412")
748 if "OK" not in dev[0].request("FT_DS " + ap2['bssid']):
749 raise Exception("FT_DS failed")
750
751 req = hapd1ap.mgmt_rx()
752
753 logger.info("Foreign Target AP")
754 msg['payload'] = binascii.unhexlify("0602" + addr.replace(':', '') + "0102030405060000")
755 hapd1ap.mgmt_tx(msg)
756
757 addrs = addr.replace(':', '') + ap2['bssid'].replace(':', '')
758
759 logger.info("No IEs")
760 msg['payload'] = binascii.unhexlify("0602" + addrs + "0000")
761 hapd1ap.mgmt_tx(msg)
762
763 logger.info("Invalid IEs (trigger parsing failure)")
764 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003700")
765 hapd1ap.mgmt_tx(msg)
766
767 logger.info("Too short MDIE")
768 msg['payload'] = binascii.unhexlify("0602" + addrs + "000036021122")
769 hapd1ap.mgmt_tx(msg)
770
771 logger.info("Mobility domain mismatch")
772 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603112201")
773 hapd1ap.mgmt_tx(msg)
774
775 logger.info("No FTIE")
776 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201")
777 hapd1ap.mgmt_tx(msg)
778
779 logger.info("FTIE SNonce mismatch")
780 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "1000000000000000000000000000000000000000000000000000000000000001" + "030a6e6173322e77312e6669")
781 hapd1ap.mgmt_tx(msg)
782
783 logger.info("No R0KH-ID subelem in FTIE")
784 snonce = binascii.hexlify(req['payload'][111:111+32]).decode()
785 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b20137520000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce)
786 hapd1ap.mgmt_tx(msg)
787
788 logger.info("No R0KH-ID subelem mismatch in FTIE")
789 snonce = binascii.hexlify(req['payload'][111:111+32]).decode()
790 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce + "030a11223344556677889900")
791 hapd1ap.mgmt_tx(msg)
792
793 logger.info("No R1KH-ID subelem in FTIE")
794 r0khid = binascii.hexlify(req['payload'][145:145+10]).decode()
795 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce + "030a" + r0khid)
796 hapd1ap.mgmt_tx(msg)
797
798 logger.info("No RSNE")
799 r0khid = binascii.hexlify(req['payload'][145:145+10]).decode()
800 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b20137660000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce + "030a" + r0khid + "0106000102030405")
801 hapd1ap.mgmt_tx(msg)
802
803 def test_ap_ft_pmf_over_ds(dev, apdev):
804 """WPA2-PSK-FT AP over DS with PMF"""
805 run_ap_ft_pmf_bip_over_ds(dev, apdev, None)
806
807 def test_ap_ft_pmf_bip_cmac_128_over_ds(dev, apdev):
808 """WPA2-PSK-FT AP over DS with PMF/BIP-CMAC-128"""
809 run_ap_ft_pmf_bip_over_ds(dev, apdev, "AES-128-CMAC")
810
811 def test_ap_ft_pmf_bip_gmac_128_over_ds(dev, apdev):
812 """WPA2-PSK-FT AP over DS with PMF/BIP-GMAC-128"""
813 run_ap_ft_pmf_bip_over_ds(dev, apdev, "BIP-GMAC-128")
814
815 def test_ap_ft_pmf_bip_gmac_256_over_ds(dev, apdev):
816 """WPA2-PSK-FT AP over DS with PMF/BIP-GMAC-256"""
817 run_ap_ft_pmf_bip_over_ds(dev, apdev, "BIP-GMAC-256")
818
819 def test_ap_ft_pmf_bip_cmac_256_over_ds(dev, apdev):
820 """WPA2-PSK-FT AP over DS with PMF/BIP-CMAC-256"""
821 run_ap_ft_pmf_bip_over_ds(dev, apdev, "BIP-CMAC-256")
822
823 def run_ap_ft_pmf_bip_over_ds(dev, apdev, cipher):
824 if cipher and cipher not in dev[0].get_capability("group_mgmt"):
825 raise HwsimSkip("Cipher %s not supported" % cipher)
826
827 ssid = "test-ft"
828 passphrase = "12345678"
829
830 params = ft_params1(ssid=ssid, passphrase=passphrase)
831 params["ieee80211w"] = "2"
832 if cipher:
833 params["group_mgmt_cipher"] = cipher
834 hapd0 = hostapd.add_ap(apdev[0], params)
835 params = ft_params2(ssid=ssid, passphrase=passphrase)
836 params["ieee80211w"] = "2"
837 if cipher:
838 params["group_mgmt_cipher"] = cipher
839 hapd1 = hostapd.add_ap(apdev[1], params)
840
841 Wlantest.setup(hapd0)
842 wt = Wlantest()
843 wt.flush()
844 wt.add_passphrase(passphrase)
845
846 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
847 group_mgmt=cipher)
848
849 def test_ap_ft_over_ds_pull(dev, apdev):
850 """WPA2-PSK-FT AP over DS (pull PMK)"""
851 ssid = "test-ft"
852 passphrase = "12345678"
853
854 params = ft_params1(ssid=ssid, passphrase=passphrase)
855 params["pmk_r1_push"] = "0"
856 hapd0 = hostapd.add_ap(apdev[0], params)
857 params = ft_params2(ssid=ssid, passphrase=passphrase)
858 params["pmk_r1_push"] = "0"
859 hapd1 = hostapd.add_ap(apdev[1], params)
860
861 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True)
862
863 def test_ap_ft_over_ds_pull_old_key(dev, apdev):
864 """WPA2-PSK-FT AP over DS (pull PMK; old key)"""
865 ssid = "test-ft"
866 passphrase = "12345678"
867
868 params = ft_params1_old_key(ssid=ssid, passphrase=passphrase)
869 params["pmk_r1_push"] = "0"
870 hapd0 = hostapd.add_ap(apdev[0], params)
871 params = ft_params2_old_key(ssid=ssid, passphrase=passphrase)
872 params["pmk_r1_push"] = "0"
873 hapd1 = hostapd.add_ap(apdev[1], params)
874
875 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True)
876
877 def test_ap_ft_over_ds_pull_vlan(dev, apdev):
878 """WPA2-PSK-FT AP over DS (pull PMK) with VLAN"""
879 ssid = "test-ft"
880 passphrase = "12345678"
881
882 params = ft_params1(ssid=ssid, passphrase=passphrase)
883 params["pmk_r1_push"] = "0"
884 params['dynamic_vlan'] = "1"
885 params['accept_mac_file'] = "hostapd.accept"
886 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
887 params = ft_params2(ssid=ssid, passphrase=passphrase)
888 params["pmk_r1_push"] = "0"
889 params['dynamic_vlan'] = "1"
890 params['accept_mac_file'] = "hostapd.accept"
891 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
892
893 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
894 conndev="brvlan1")
895
896 def test_ap_ft_sae(dev, apdev):
897 """WPA2-PSK-FT-SAE AP"""
898 if "SAE" not in dev[0].get_capability("auth_alg"):
899 raise HwsimSkip("SAE not supported")
900 ssid = "test-ft"
901 passphrase = "12345678"
902
903 params = ft_params1(ssid=ssid, passphrase=passphrase)
904 params['wpa_key_mgmt'] = "FT-SAE"
905 hapd0 = hostapd.add_ap(apdev[0], params)
906 params = ft_params2(ssid=ssid, passphrase=passphrase)
907 params['wpa_key_mgmt'] = "FT-SAE"
908 hapd = hostapd.add_ap(apdev[1], params)
909 key_mgmt = hapd.get_config()['key_mgmt']
910 if key_mgmt.split(' ')[0] != "FT-SAE":
911 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
912
913 dev[0].request("SET sae_groups ")
914 run_roams(dev[0], apdev, hapd0, hapd, ssid, passphrase, sae=True)
915
916 def test_ap_ft_sae_over_ds(dev, apdev):
917 """WPA2-PSK-FT-SAE AP over DS"""
918 if "SAE" not in dev[0].get_capability("auth_alg"):
919 raise HwsimSkip("SAE not supported")
920 ssid = "test-ft"
921 passphrase = "12345678"
922
923 params = ft_params1(ssid=ssid, passphrase=passphrase)
924 params['wpa_key_mgmt'] = "FT-SAE"
925 hapd0 = hostapd.add_ap(apdev[0], params)
926 params = ft_params2(ssid=ssid, passphrase=passphrase)
927 params['wpa_key_mgmt'] = "FT-SAE"
928 hapd1 = hostapd.add_ap(apdev[1], params)
929
930 dev[0].request("SET sae_groups ")
931 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, sae=True,
932 over_ds=True)
933
934 def test_ap_ft_sae_pw_id(dev, apdev):
935 """FT-SAE with Password Identifier"""
936 if "SAE" not in dev[0].get_capability("auth_alg"):
937 raise HwsimSkip("SAE not supported")
938 ssid = "test-ft"
939
940 params = ft_params1(ssid=ssid)
941 params["ieee80211w"] = "2"
942 params['wpa_key_mgmt'] = "FT-SAE"
943 params['sae_password'] = 'secret|id=pwid'
944 hapd0 = hostapd.add_ap(apdev[0], params)
945 params = ft_params2(ssid=ssid)
946 params["ieee80211w"] = "2"
947 params['wpa_key_mgmt'] = "FT-SAE"
948 params['sae_password'] = 'secret|id=pwid'
949 hapd = hostapd.add_ap(apdev[1], params)
950
951 dev[0].request("SET sae_groups ")
952 run_roams(dev[0], apdev, hapd0, hapd, ssid, passphrase=None, sae=True,
953 sae_password="secret", sae_password_id="pwid")
954
955 def test_ap_ft_sae_with_both_akms(dev, apdev):
956 """SAE + FT-SAE configuration"""
957 if "SAE" not in dev[0].get_capability("auth_alg"):
958 raise HwsimSkip("SAE not supported")
959 ssid = "test-ft"
960 passphrase = "12345678"
961
962 params = ft_params1(ssid=ssid, passphrase=passphrase)
963 params['wpa_key_mgmt'] = "FT-SAE SAE"
964 hapd0 = hostapd.add_ap(apdev[0], params)
965 params = ft_params2(ssid=ssid, passphrase=passphrase)
966 params['wpa_key_mgmt'] = "FT-SAE SAE"
967 hapd = hostapd.add_ap(apdev[1], params)
968 key_mgmt = hapd.get_config()['key_mgmt']
969 if key_mgmt.split(' ')[0] != "FT-SAE":
970 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
971
972 dev[0].request("SET sae_groups ")
973 run_roams(dev[0], apdev, hapd0, hapd, ssid, passphrase, sae=True,
974 sae_and_psk=True)
975
976 def test_ap_ft_sae_pmksa_caching(dev, apdev):
977 """WPA2-FT-SAE AP and PMKSA caching for initial mobility domain association"""
978 if "SAE" not in dev[0].get_capability("auth_alg"):
979 raise HwsimSkip("SAE not supported")
980 ssid = "test-ft"
981 passphrase = "12345678"
982
983 params = ft_params1(ssid=ssid, passphrase=passphrase)
984 params['wpa_key_mgmt'] = "FT-SAE"
985 hapd0 = hostapd.add_ap(apdev[0], params)
986 params = ft_params2(ssid=ssid, passphrase=passphrase)
987 params['wpa_key_mgmt'] = "FT-SAE"
988 hapd = hostapd.add_ap(apdev[1], params)
989 key_mgmt = hapd.get_config()['key_mgmt']
990 if key_mgmt.split(' ')[0] != "FT-SAE":
991 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
992
993 dev[0].request("SET sae_groups ")
994 run_roams(dev[0], apdev, hapd0, hapd, ssid, passphrase, sae=True,
995 pmksa_caching=True)
996
997 def generic_ap_ft_eap(dev, apdev, vlan=False, cui=False, over_ds=False,
998 discovery=False, roams=1):
999 ssid = "test-ft"
1000 passphrase = "12345678"
1001 if vlan:
1002 identity = "gpsk-vlan1"
1003 conndev = "brvlan1"
1004 elif cui:
1005 identity = "gpsk-cui"
1006 conndev = False
1007 else:
1008 identity = "gpsk user"
1009 conndev = False
1010
1011 radius = hostapd.radius_params()
1012 params = ft_params1(ssid=ssid, passphrase=passphrase, discovery=discovery)
1013 params['wpa_key_mgmt'] = "FT-EAP"
1014 params["ieee8021x"] = "1"
1015 if vlan:
1016 params["dynamic_vlan"] = "1"
1017 params = dict(list(radius.items()) + list(params.items()))
1018 hapd = hostapd.add_ap(apdev[0], params)
1019 key_mgmt = hapd.get_config()['key_mgmt']
1020 if key_mgmt.split(' ')[0] != "FT-EAP":
1021 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
1022 params = ft_params2(ssid=ssid, passphrase=passphrase, discovery=discovery)
1023 params['wpa_key_mgmt'] = "FT-EAP"
1024 params["ieee8021x"] = "1"
1025 if vlan:
1026 params["dynamic_vlan"] = "1"
1027 params = dict(list(radius.items()) + list(params.items()))
1028 hapd1 = hostapd.add_ap(apdev[1], params)
1029
1030 run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True,
1031 over_ds=over_ds, roams=roams, eap_identity=identity,
1032 conndev=conndev)
1033 if "[WPA2-FT/EAP-CCMP]" not in dev[0].request("SCAN_RESULTS"):
1034 raise Exception("Scan results missing RSN element info")
1035 check_mib(dev[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-3"),
1036 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-3")])
1037
1038 # Verify EAPOL reauthentication after FT protocol
1039 if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
1040 ap = hapd
1041 else:
1042 ap = hapd1
1043 ap.request("EAPOL_REAUTH " + dev[0].own_addr())
1044 ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)
1045 if ev is None:
1046 raise Exception("EAP authentication did not start")
1047 ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=5)
1048 if ev is None:
1049 raise Exception("EAP authentication did not succeed")
1050 time.sleep(0.1)
1051 if conndev:
1052 hwsim_utils.test_connectivity_iface(dev[0], ap, conndev)
1053 else:
1054 hwsim_utils.test_connectivity(dev[0], ap)
1055
1056 def test_ap_ft_eap(dev, apdev):
1057 """WPA2-EAP-FT AP"""
1058 generic_ap_ft_eap(dev, apdev)
1059
1060 def test_ap_ft_eap_cui(dev, apdev):
1061 """WPA2-EAP-FT AP with CUI"""
1062 generic_ap_ft_eap(dev, apdev, vlan=False, cui=True)
1063
1064 def test_ap_ft_eap_vlan(dev, apdev):
1065 """WPA2-EAP-FT AP with VLAN"""
1066 generic_ap_ft_eap(dev, apdev, vlan=True)
1067
1068 def test_ap_ft_eap_vlan_multi(dev, apdev):
1069 """WPA2-EAP-FT AP with VLAN"""
1070 generic_ap_ft_eap(dev, apdev, vlan=True, roams=50)
1071
1072 def test_ap_ft_eap_over_ds(dev, apdev):
1073 """WPA2-EAP-FT AP using over-the-DS"""
1074 generic_ap_ft_eap(dev, apdev, over_ds=True)
1075
1076 def test_ap_ft_eap_dis(dev, apdev):
1077 """WPA2-EAP-FT AP with AP discovery"""
1078 generic_ap_ft_eap(dev, apdev, discovery=True)
1079
1080 def test_ap_ft_eap_dis_over_ds(dev, apdev):
1081 """WPA2-EAP-FT AP with AP discovery and over-the-DS"""
1082 generic_ap_ft_eap(dev, apdev, over_ds=True, discovery=True)
1083
1084 def test_ap_ft_eap_vlan(dev, apdev):
1085 """WPA2-EAP-FT AP with VLAN"""
1086 generic_ap_ft_eap(dev, apdev, vlan=True)
1087
1088 def test_ap_ft_eap_vlan_multi(dev, apdev):
1089 """WPA2-EAP-FT AP with VLAN"""
1090 generic_ap_ft_eap(dev, apdev, vlan=True, roams=50)
1091
1092 def test_ap_ft_eap_vlan_over_ds(dev, apdev):
1093 """WPA2-EAP-FT AP with VLAN + over_ds"""
1094 generic_ap_ft_eap(dev, apdev, vlan=True, over_ds=True)
1095
1096 def test_ap_ft_eap_vlan_over_ds_multi(dev, apdev):
1097 """WPA2-EAP-FT AP with VLAN + over_ds"""
1098 generic_ap_ft_eap(dev, apdev, vlan=True, over_ds=True, roams=50)
1099
1100 def generic_ap_ft_eap_pull(dev, apdev, vlan=False):
1101 """WPA2-EAP-FT AP (pull PMK)"""
1102 ssid = "test-ft"
1103 passphrase = "12345678"
1104 if vlan:
1105 identity = "gpsk-vlan1"
1106 conndev = "brvlan1"
1107 else:
1108 identity = "gpsk user"
1109 conndev = False
1110
1111 radius = hostapd.radius_params()
1112 params = ft_params1(ssid=ssid, passphrase=passphrase)
1113 params['wpa_key_mgmt'] = "FT-EAP"
1114 params["ieee8021x"] = "1"
1115 params["pmk_r1_push"] = "0"
1116 if vlan:
1117 params["dynamic_vlan"] = "1"
1118 params = dict(list(radius.items()) + list(params.items()))
1119 hapd = hostapd.add_ap(apdev[0], params)
1120 key_mgmt = hapd.get_config()['key_mgmt']
1121 if key_mgmt.split(' ')[0] != "FT-EAP":
1122 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
1123 params = ft_params2(ssid=ssid, passphrase=passphrase)
1124 params['wpa_key_mgmt'] = "FT-EAP"
1125 params["ieee8021x"] = "1"
1126 params["pmk_r1_push"] = "0"
1127 if vlan:
1128 params["dynamic_vlan"] = "1"
1129 params = dict(list(radius.items()) + list(params.items()))
1130 hapd1 = hostapd.add_ap(apdev[1], params)
1131
1132 run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True,
1133 eap_identity=identity, conndev=conndev)
1134
1135 def test_ap_ft_eap_pull(dev, apdev):
1136 """WPA2-EAP-FT AP (pull PMK)"""
1137 generic_ap_ft_eap_pull(dev, apdev)
1138
1139 def test_ap_ft_eap_pull_vlan(dev, apdev):
1140 generic_ap_ft_eap_pull(dev, apdev, vlan=True)
1141
1142 def test_ap_ft_eap_pull_wildcard(dev, apdev):
1143 """WPA2-EAP-FT AP (pull PMK) - wildcard R0KH/R1KH"""
1144 ssid = "test-ft"
1145 passphrase = "12345678"
1146
1147 radius = hostapd.radius_params()
1148 params = ft_params1(ssid=ssid, passphrase=passphrase, discovery=True)
1149 params['wpa_key_mgmt'] = "WPA-EAP FT-EAP"
1150 params["ieee8021x"] = "1"
1151 params["pmk_r1_push"] = "0"
1152 params["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
1153 params["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
1154 params["ft_psk_generate_local"] = "1"
1155 params["eap_server"] = "0"
1156 params = dict(list(radius.items()) + list(params.items()))
1157 hapd = hostapd.add_ap(apdev[0], params)
1158 params = ft_params2(ssid=ssid, passphrase=passphrase, discovery=True)
1159 params['wpa_key_mgmt'] = "WPA-EAP FT-EAP"
1160 params["ieee8021x"] = "1"
1161 params["pmk_r1_push"] = "0"
1162 params["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
1163 params["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
1164 params["ft_psk_generate_local"] = "1"
1165 params["eap_server"] = "0"
1166 params = dict(list(radius.items()) + list(params.items()))
1167 hapd1 = hostapd.add_ap(apdev[1], params)
1168
1169 run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True)
1170
1171 @remote_compatible
1172 def test_ap_ft_mismatching_rrb_key_push(dev, apdev):
1173 """WPA2-PSK-FT AP over DS with mismatching RRB key (push)"""
1174 ssid = "test-ft"
1175 passphrase = "12345678"
1176
1177 params = ft_params1(ssid=ssid, passphrase=passphrase)
1178 params["ieee80211w"] = "2"
1179 hapd0 = hostapd.add_ap(apdev[0], params)
1180 params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase)
1181 params["ieee80211w"] = "2"
1182 hapd1 = hostapd.add_ap(apdev[1], params)
1183
1184 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
1185 fail_test=True)
1186
1187 @remote_compatible
1188 def test_ap_ft_mismatching_rrb_key_pull(dev, apdev):
1189 """WPA2-PSK-FT AP over DS with mismatching RRB key (pull)"""
1190 ssid = "test-ft"
1191 passphrase = "12345678"
1192
1193 params = ft_params1(ssid=ssid, passphrase=passphrase)
1194 params["pmk_r1_push"] = "0"
1195 hapd0 = hostapd.add_ap(apdev[0], params)
1196 params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase)
1197 params["pmk_r1_push"] = "0"
1198 hapd1 = hostapd.add_ap(apdev[1], params)
1199
1200 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
1201 fail_test=True)
1202
1203 @remote_compatible
1204 def test_ap_ft_mismatching_r0kh_id_pull(dev, apdev):
1205 """WPA2-PSK-FT AP over DS with mismatching R0KH-ID (pull)"""
1206 ssid = "test-ft"
1207 passphrase = "12345678"
1208
1209 params = ft_params1(ssid=ssid, passphrase=passphrase)
1210 params["pmk_r1_push"] = "0"
1211 params["nas_identifier"] = "nas0.w1.fi"
1212 hostapd.add_ap(apdev[0], params)
1213 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1214 scan_freq="2412")
1215
1216 params = ft_params2(ssid=ssid, passphrase=passphrase)
1217 params["pmk_r1_push"] = "0"
1218 hostapd.add_ap(apdev[1], params)
1219
1220 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
1221 dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True)
1222
1223 @remote_compatible
1224 def test_ap_ft_mismatching_rrb_r0kh_push(dev, apdev):
1225 """WPA2-PSK-FT AP over DS with mismatching R0KH key (push)"""
1226 ssid = "test-ft"
1227 passphrase = "12345678"
1228
1229 params = ft_params1(ssid=ssid, passphrase=passphrase)
1230 params["ieee80211w"] = "2"
1231 hapd0 = hostapd.add_ap(apdev[0], params)
1232 params = ft_params2_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
1233 params["ieee80211w"] = "2"
1234 hapd1 = hostapd.add_ap(apdev[1], params)
1235
1236 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
1237 fail_test=True)
1238
1239 @remote_compatible
1240 def test_ap_ft_mismatching_rrb_r0kh_pull(dev, apdev):
1241 """WPA2-PSK-FT AP over DS with mismatching R0KH key (pull)"""
1242 ssid = "test-ft"
1243 passphrase = "12345678"
1244
1245 params = ft_params1_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
1246 params["pmk_r1_push"] = "0"
1247 hapd0 = hostapd.add_ap(apdev[0], params)
1248 params = ft_params2(ssid=ssid, passphrase=passphrase)
1249 params["pmk_r1_push"] = "0"
1250 hapd1 = hostapd.add_ap(apdev[1], params)
1251
1252 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
1253 fail_test=True)
1254
1255 def test_ap_ft_mismatching_rrb_key_push_eap(dev, apdev):
1256 """WPA2-EAP-FT AP over DS with mismatching RRB key (push)"""
1257 ssid = "test-ft"
1258 passphrase = "12345678"
1259
1260 radius = hostapd.radius_params()
1261 params = ft_params1(ssid=ssid, passphrase=passphrase)
1262 params["ieee80211w"] = "2"
1263 params['wpa_key_mgmt'] = "FT-EAP"
1264 params["ieee8021x"] = "1"
1265 params = dict(list(radius.items()) + list(params.items()))
1266 hapd0 = hostapd.add_ap(apdev[0], params)
1267 params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase)
1268 params["ieee80211w"] = "2"
1269 params['wpa_key_mgmt'] = "FT-EAP"
1270 params["ieee8021x"] = "1"
1271 params = dict(list(radius.items()) + list(params.items()))
1272 hapd1 = hostapd.add_ap(apdev[1], params)
1273
1274 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
1275 fail_test=True, eap=True)
1276
1277 def test_ap_ft_mismatching_rrb_key_pull_eap(dev, apdev):
1278 """WPA2-EAP-FT AP over DS with mismatching RRB key (pull)"""
1279 ssid = "test-ft"
1280 passphrase = "12345678"
1281
1282 radius = hostapd.radius_params()
1283 params = ft_params1(ssid=ssid, passphrase=passphrase)
1284 params["pmk_r1_push"] = "0"
1285 params['wpa_key_mgmt'] = "FT-EAP"
1286 params["ieee8021x"] = "1"
1287 params = dict(list(radius.items()) + list(params.items()))
1288 hapd0 = hostapd.add_ap(apdev[0], params)
1289 params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase)
1290 params["pmk_r1_push"] = "0"
1291 params['wpa_key_mgmt'] = "FT-EAP"
1292 params["ieee8021x"] = "1"
1293 params = dict(list(radius.items()) + list(params.items()))
1294 hapd1 = hostapd.add_ap(apdev[1], params)
1295
1296 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
1297 fail_test=True, eap=True)
1298
1299 def test_ap_ft_mismatching_r0kh_id_pull_eap(dev, apdev):
1300 """WPA2-EAP-FT AP over DS with mismatching R0KH-ID (pull)"""
1301 ssid = "test-ft"
1302 passphrase = "12345678"
1303
1304 radius = hostapd.radius_params()
1305 params = ft_params1(ssid=ssid, passphrase=passphrase)
1306 params["pmk_r1_push"] = "0"
1307 params["nas_identifier"] = "nas0.w1.fi"
1308 params['wpa_key_mgmt'] = "FT-EAP"
1309 params["ieee8021x"] = "1"
1310 params = dict(list(radius.items()) + list(params.items()))
1311 hostapd.add_ap(apdev[0], params)
1312 dev[0].connect(ssid, key_mgmt="FT-EAP", proto="WPA2", ieee80211w="1",
1313 eap="GPSK", identity="gpsk user",
1314 password="abcdefghijklmnop0123456789abcdef",
1315 scan_freq="2412")
1316
1317 params = ft_params2(ssid=ssid, passphrase=passphrase)
1318 params["pmk_r1_push"] = "0"
1319 params['wpa_key_mgmt'] = "FT-EAP"
1320 params["ieee8021x"] = "1"
1321 params = dict(list(radius.items()) + list(params.items()))
1322 hostapd.add_ap(apdev[1], params)
1323
1324 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
1325 dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True)
1326
1327 def test_ap_ft_mismatching_rrb_r0kh_push_eap(dev, apdev):
1328 """WPA2-EAP-FT AP over DS with mismatching R0KH key (push)"""
1329 ssid = "test-ft"
1330 passphrase = "12345678"
1331
1332 radius = hostapd.radius_params()
1333 params = ft_params1(ssid=ssid, passphrase=passphrase)
1334 params["ieee80211w"] = "2"
1335 params['wpa_key_mgmt'] = "FT-EAP"
1336 params["ieee8021x"] = "1"
1337 params = dict(list(radius.items()) + list(params.items()))
1338 hapd0 = hostapd.add_ap(apdev[0], params)
1339 params = ft_params2_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
1340 params["ieee80211w"] = "2"
1341 params['wpa_key_mgmt'] = "FT-EAP"
1342 params["ieee8021x"] = "1"
1343 params = dict(list(radius.items()) + list(params.items()))
1344 hapd1 = hostapd.add_ap(apdev[1], params)
1345
1346 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
1347 fail_test=True, eap=True)
1348
1349 def test_ap_ft_mismatching_rrb_r0kh_pull_eap(dev, apdev):
1350 """WPA2-EAP-FT AP over DS with mismatching R0KH key (pull)"""
1351 ssid = "test-ft"
1352 passphrase = "12345678"
1353
1354 radius = hostapd.radius_params()
1355 params = ft_params1_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
1356 params["pmk_r1_push"] = "0"
1357 params['wpa_key_mgmt'] = "FT-EAP"
1358 params["ieee8021x"] = "1"
1359 params = dict(list(radius.items()) + list(params.items()))
1360 hapd0 = hostapd.add_ap(apdev[0], params)
1361 params = ft_params2(ssid=ssid, passphrase=passphrase)
1362 params["pmk_r1_push"] = "0"
1363 params['wpa_key_mgmt'] = "FT-EAP"
1364 params["ieee8021x"] = "1"
1365 params = dict(list(radius.items()) + list(params.items()))
1366 hapd1 = hostapd.add_ap(apdev[1], params)
1367
1368 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
1369 fail_test=True, eap=True)
1370
1371 def test_ap_ft_gtk_rekey(dev, apdev):
1372 """WPA2-PSK-FT AP and GTK rekey"""
1373 ssid = "test-ft"
1374 passphrase = "12345678"
1375
1376 params = ft_params1(ssid=ssid, passphrase=passphrase)
1377 params['wpa_group_rekey'] = '1'
1378 hapd = hostapd.add_ap(apdev[0], params)
1379
1380 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1381 ieee80211w="1", scan_freq="2412")
1382
1383 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
1384 if ev is None:
1385 raise Exception("GTK rekey timed out after initial association")
1386 hwsim_utils.test_connectivity(dev[0], hapd)
1387
1388 params = ft_params2(ssid=ssid, passphrase=passphrase)
1389 params['wpa_group_rekey'] = '1'
1390 hapd1 = hostapd.add_ap(apdev[1], params)
1391
1392 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
1393 dev[0].roam(apdev[1]['bssid'])
1394 if dev[0].get_status_field('bssid') != apdev[1]['bssid']:
1395 raise Exception("Did not connect to correct AP")
1396 hwsim_utils.test_connectivity(dev[0], hapd1)
1397
1398 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
1399 if ev is None:
1400 raise Exception("GTK rekey timed out after FT protocol")
1401 hwsim_utils.test_connectivity(dev[0], hapd1)
1402
1403 def test_ft_psk_key_lifetime_in_memory(dev, apdev, params):
1404 """WPA2-PSK-FT and key lifetime in memory"""
1405 ssid = "test-ft"
1406 passphrase = "04c2726b4b8d5f1b4db9c07aa4d9e9d8f765cb5d25ec817e6cc4fcdd5255db0"
1407 psk = '93c90846ff67af9037ed83fb72b63dbeddaa81d47f926c20909b5886f1d9358d'
1408 pmk = binascii.unhexlify(psk)
1409 p = ft_params1(ssid=ssid, passphrase=passphrase)
1410 hapd0 = hostapd.add_ap(apdev[0], p)
1411 p = ft_params2(ssid=ssid, passphrase=passphrase)
1412 hapd1 = hostapd.add_ap(apdev[1], p)
1413
1414 pid = find_wpas_process(dev[0])
1415
1416 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1417 scan_freq="2412")
1418 # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
1419 # event has been delivered, so verify that wpa_supplicant has returned to
1420 # eloop before reading process memory.
1421 time.sleep(1)
1422 dev[0].ping()
1423
1424 buf = read_process_memory(pid, pmk)
1425
1426 dev[0].request("DISCONNECT")
1427 dev[0].wait_disconnected()
1428
1429 dev[0].relog()
1430 pmkr0 = None
1431 pmkr1 = None
1432 ptk = None
1433 gtk = None
1434 with open(os.path.join(params['logdir'], 'log0'), 'r') as f:
1435 for l in f.readlines():
1436 if "FT: PMK-R0 - hexdump" in l:
1437 val = l.strip().split(':')[3].replace(' ', '')
1438 pmkr0 = binascii.unhexlify(val)
1439 if "FT: PMK-R1 - hexdump" in l:
1440 val = l.strip().split(':')[3].replace(' ', '')
1441 pmkr1 = binascii.unhexlify(val)
1442 if "FT: KCK - hexdump" in l:
1443 val = l.strip().split(':')[3].replace(' ', '')
1444 kck = binascii.unhexlify(val)
1445 if "FT: KEK - hexdump" in l:
1446 val = l.strip().split(':')[3].replace(' ', '')
1447 kek = binascii.unhexlify(val)
1448 if "FT: TK - hexdump" in l:
1449 val = l.strip().split(':')[3].replace(' ', '')
1450 tk = binascii.unhexlify(val)
1451 if "WPA: Group Key - hexdump" in l:
1452 val = l.strip().split(':')[3].replace(' ', '')
1453 gtk = binascii.unhexlify(val)
1454 if not pmkr0 or not pmkr1 or not kck or not kek or not tk or not gtk:
1455 raise Exception("Could not find keys from debug log")
1456 if len(gtk) != 16:
1457 raise Exception("Unexpected GTK length")
1458
1459 logger.info("Checking keys in memory while associated")
1460 get_key_locations(buf, pmk, "PMK")
1461 get_key_locations(buf, pmkr0, "PMK-R0")
1462 get_key_locations(buf, pmkr1, "PMK-R1")
1463 if pmk not in buf:
1464 raise HwsimSkip("PMK not found while associated")
1465 if pmkr0 not in buf:
1466 raise HwsimSkip("PMK-R0 not found while associated")
1467 if pmkr1 not in buf:
1468 raise HwsimSkip("PMK-R1 not found while associated")
1469 if kck not in buf:
1470 raise Exception("KCK not found while associated")
1471 if kek not in buf:
1472 raise Exception("KEK not found while associated")
1473 #if tk in buf:
1474 # raise Exception("TK found from memory")
1475
1476 logger.info("Checking keys in memory after disassociation")
1477 buf = read_process_memory(pid, pmk)
1478 get_key_locations(buf, pmk, "PMK")
1479 get_key_locations(buf, pmkr0, "PMK-R0")
1480 get_key_locations(buf, pmkr1, "PMK-R1")
1481
1482 # Note: PMK/PSK is still present in network configuration
1483
1484 fname = os.path.join(params['logdir'],
1485 'ft_psk_key_lifetime_in_memory.memctx-')
1486 verify_not_present(buf, pmkr0, fname, "PMK-R0")
1487 verify_not_present(buf, pmkr1, fname, "PMK-R1")
1488 verify_not_present(buf, kck, fname, "KCK")
1489 verify_not_present(buf, kek, fname, "KEK")
1490 verify_not_present(buf, tk, fname, "TK")
1491 if gtk in buf:
1492 get_key_locations(buf, gtk, "GTK")
1493 verify_not_present(buf, gtk, fname, "GTK")
1494
1495 dev[0].request("REMOVE_NETWORK all")
1496
1497 logger.info("Checking keys in memory after network profile removal")
1498 buf = read_process_memory(pid, pmk)
1499 get_key_locations(buf, pmk, "PMK")
1500 get_key_locations(buf, pmkr0, "PMK-R0")
1501 get_key_locations(buf, pmkr1, "PMK-R1")
1502
1503 verify_not_present(buf, pmk, fname, "PMK")
1504 verify_not_present(buf, pmkr0, fname, "PMK-R0")
1505 verify_not_present(buf, pmkr1, fname, "PMK-R1")
1506 verify_not_present(buf, kck, fname, "KCK")
1507 verify_not_present(buf, kek, fname, "KEK")
1508 verify_not_present(buf, tk, fname, "TK")
1509 verify_not_present(buf, gtk, fname, "GTK")
1510
1511 @remote_compatible
1512 def test_ap_ft_invalid_resp(dev, apdev):
1513 """WPA2-PSK-FT AP and invalid response IEs"""
1514 ssid = "test-ft"
1515 passphrase = "12345678"
1516
1517 params = ft_params1(ssid=ssid, passphrase=passphrase)
1518 hapd0 = hostapd.add_ap(apdev[0], params)
1519 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1520 scan_freq="2412")
1521
1522 params = ft_params2(ssid=ssid, passphrase=passphrase)
1523 hapd1 = hostapd.add_ap(apdev[1], params)
1524
1525 tests = [
1526 # Various IEs for test coverage. The last one is FTIE with invalid
1527 # R1KH-ID subelement.
1528 "020002000000" + "3800" + "38051122334455" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010100",
1529 # FTIE with invalid R0KH-ID subelement (len=0).
1530 "020002000000" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010300",
1531 # FTIE with invalid R0KH-ID subelement (len=49).
1532 "020002000000" + "378500010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001033101020304050607080910111213141516171819202122232425262728293031323334353637383940414243444546474849",
1533 # Invalid RSNE.
1534 "020002000000" + "3000",
1535 # Required IEs missing from protected IE count.
1536 "020002000000" + "3603a1b201" + "375200010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
1537 # RIC missing from protected IE count.
1538 "020002000000" + "3603a1b201" + "375200020203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
1539 # Protected IE missing.
1540 "020002000000" + "3603a1b201" + "375200ff0203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900" + "0000"]
1541 for t in tests:
1542 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
1543 hapd1.set("ext_mgmt_frame_handling", "1")
1544 hapd1.dump_monitor()
1545 if "OK" not in dev[0].request("ROAM " + apdev[1]['bssid']):
1546 raise Exception("ROAM failed")
1547 auth = None
1548 for i in range(20):
1549 msg = hapd1.mgmt_rx()
1550 if msg['subtype'] == 11:
1551 auth = msg
1552 break
1553 if not auth:
1554 raise Exception("Authentication frame not seen")
1555
1556 resp = {}
1557 resp['fc'] = auth['fc']
1558 resp['da'] = auth['sa']
1559 resp['sa'] = auth['da']
1560 resp['bssid'] = auth['bssid']
1561 resp['payload'] = binascii.unhexlify(t)
1562 hapd1.mgmt_tx(resp)
1563 hapd1.set("ext_mgmt_frame_handling", "0")
1564 dev[0].wait_disconnected()
1565
1566 dev[0].request("RECONNECT")
1567 dev[0].wait_connected()
1568
1569 def test_ap_ft_gcmp_256(dev, apdev):
1570 """WPA2-PSK-FT AP with GCMP-256 cipher"""
1571 if "GCMP-256" not in dev[0].get_capability("pairwise"):
1572 raise HwsimSkip("Cipher GCMP-256 not supported")
1573 ssid = "test-ft"
1574 passphrase = "12345678"
1575
1576 params = ft_params1(ssid=ssid, passphrase=passphrase)
1577 params['rsn_pairwise'] = "GCMP-256"
1578 hapd0 = hostapd.add_ap(apdev[0], params)
1579 params = ft_params2(ssid=ssid, passphrase=passphrase)
1580 params['rsn_pairwise'] = "GCMP-256"
1581 hapd1 = hostapd.add_ap(apdev[1], params)
1582
1583 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase,
1584 pairwise_cipher="GCMP-256", group_cipher="GCMP-256")
1585
1586 def setup_ap_ft_oom(dev, apdev):
1587 skip_with_fips(dev[0])
1588 ssid = "test-ft"
1589 passphrase = "12345678"
1590
1591 params = ft_params1(ssid=ssid, passphrase=passphrase)
1592 hapd0 = hostapd.add_ap(apdev[0], params)
1593 params = ft_params2(ssid=ssid, passphrase=passphrase)
1594 hapd1 = hostapd.add_ap(apdev[1], params)
1595
1596 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1597 scan_freq="2412")
1598 if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
1599 dst = apdev[1]['bssid']
1600 else:
1601 dst = apdev[0]['bssid']
1602
1603 dev[0].scan_for_bss(dst, freq="2412")
1604
1605 return dst
1606
1607 def test_ap_ft_oom(dev, apdev):
1608 """WPA2-PSK-FT and OOM"""
1609 dst = setup_ap_ft_oom(dev, apdev)
1610 with alloc_fail(dev[0], 1, "wpa_ft_gen_req_ies"):
1611 dev[0].roam(dst)
1612
1613 def test_ap_ft_oom2(dev, apdev):
1614 """WPA2-PSK-FT and OOM (2)"""
1615 dst = setup_ap_ft_oom(dev, apdev)
1616 with fail_test(dev[0], 1, "wpa_ft_mic"):
1617 dev[0].roam(dst, fail_test=True, assoc_reject_ok=True)
1618
1619 def test_ap_ft_oom3(dev, apdev):
1620 """WPA2-PSK-FT and OOM (3)"""
1621 dst = setup_ap_ft_oom(dev, apdev)
1622 with fail_test(dev[0], 1, "os_get_random;wpa_ft_prepare_auth_request"):
1623 dev[0].roam(dst)
1624
1625 def test_ap_ft_oom4(dev, apdev):
1626 """WPA2-PSK-FT and OOM (4)"""
1627 ssid = "test-ft"
1628 passphrase = "12345678"
1629 dst = setup_ap_ft_oom(dev, apdev)
1630 dev[0].request("REMOVE_NETWORK all")
1631 with alloc_fail(dev[0], 1, "=sme_update_ft_ies"):
1632 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1633 scan_freq="2412")
1634
1635 def test_ap_ft_ap_oom(dev, apdev):
1636 """WPA2-PSK-FT and AP OOM"""
1637 ssid = "test-ft"
1638 passphrase = "12345678"
1639
1640 params = ft_params1(ssid=ssid, passphrase=passphrase)
1641 hapd0 = hostapd.add_ap(apdev[0], params)
1642 bssid0 = hapd0.own_addr()
1643
1644 dev[0].scan_for_bss(bssid0, freq="2412")
1645 with alloc_fail(hapd0, 1, "wpa_ft_store_pmk_r0"):
1646 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1647 scan_freq="2412")
1648
1649 params = ft_params2(ssid=ssid, passphrase=passphrase)
1650 hapd1 = hostapd.add_ap(apdev[1], params)
1651 bssid1 = hapd1.own_addr()
1652 dev[0].scan_for_bss(bssid1, freq="2412")
1653 # This roam will fail due to missing PMK-R0 (OOM prevented storing it)
1654 dev[0].roam(bssid1)
1655
1656 def test_ap_ft_ap_oom2(dev, apdev):
1657 """WPA2-PSK-FT and AP OOM 2"""
1658 ssid = "test-ft"
1659 passphrase = "12345678"
1660
1661 params = ft_params1(ssid=ssid, passphrase=passphrase)
1662 hapd0 = hostapd.add_ap(apdev[0], params)
1663 bssid0 = hapd0.own_addr()
1664
1665 dev[0].scan_for_bss(bssid0, freq="2412")
1666 with alloc_fail(hapd0, 1, "wpa_ft_store_pmk_r1"):
1667 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1668 scan_freq="2412")
1669
1670 params = ft_params2(ssid=ssid, passphrase=passphrase)
1671 hapd1 = hostapd.add_ap(apdev[1], params)
1672 bssid1 = hapd1.own_addr()
1673 dev[0].scan_for_bss(bssid1, freq="2412")
1674 dev[0].roam(bssid1)
1675 if dev[0].get_status_field('bssid') != bssid1:
1676 raise Exception("Did not roam to AP1")
1677 # This roam will fail due to missing PMK-R1 (OOM prevented storing it)
1678 dev[0].roam(bssid0)
1679
1680 def test_ap_ft_ap_oom3(dev, apdev):
1681 """WPA2-PSK-FT and AP OOM 3"""
1682 ssid = "test-ft"
1683 passphrase = "12345678"
1684
1685 params = ft_params1(ssid=ssid, passphrase=passphrase)
1686 hapd0 = hostapd.add_ap(apdev[0], params)
1687 bssid0 = hapd0.own_addr()
1688
1689 dev[0].scan_for_bss(bssid0, freq="2412")
1690 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1691 scan_freq="2412")
1692
1693 params = ft_params2(ssid=ssid, passphrase=passphrase)
1694 hapd1 = hostapd.add_ap(apdev[1], params)
1695 bssid1 = hapd1.own_addr()
1696 dev[0].scan_for_bss(bssid1, freq="2412")
1697 with alloc_fail(hapd1, 1, "wpa_ft_pull_pmk_r1"):
1698 # This will fail due to not being able to send out PMK-R1 pull request
1699 dev[0].roam(bssid1)
1700
1701 with fail_test(hapd1, 2, "os_get_random;wpa_ft_pull_pmk_r1"):
1702 # This will fail due to not being able to send out PMK-R1 pull request
1703 dev[0].roam(bssid1)
1704
1705 with fail_test(hapd1, 2, "aes_siv_encrypt;wpa_ft_pull_pmk_r1"):
1706 # This will fail due to not being able to send out PMK-R1 pull request
1707 dev[0].roam(bssid1)
1708
1709 def test_ap_ft_ap_oom3b(dev, apdev):
1710 """WPA2-PSK-FT and AP OOM 3b"""
1711 ssid = "test-ft"
1712 passphrase = "12345678"
1713
1714 params = ft_params1(ssid=ssid, passphrase=passphrase)
1715 hapd0 = hostapd.add_ap(apdev[0], params)
1716 bssid0 = hapd0.own_addr()
1717
1718 dev[0].scan_for_bss(bssid0, freq="2412")
1719 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1720 scan_freq="2412")
1721
1722 params = ft_params2(ssid=ssid, passphrase=passphrase)
1723 hapd1 = hostapd.add_ap(apdev[1], params)
1724 bssid1 = hapd1.own_addr()
1725 dev[0].scan_for_bss(bssid1, freq="2412")
1726 with fail_test(hapd1, 1, "os_get_random;wpa_ft_pull_pmk_r1"):
1727 # This will fail due to not being able to send out PMK-R1 pull request
1728 dev[0].roam(bssid1)
1729
1730 def test_ap_ft_ap_oom4(dev, apdev):
1731 """WPA2-PSK-FT and AP OOM 4"""
1732 ssid = "test-ft"
1733 passphrase = "12345678"
1734
1735 params = ft_params1(ssid=ssid, passphrase=passphrase)
1736 hapd0 = hostapd.add_ap(apdev[0], params)
1737 bssid0 = hapd0.own_addr()
1738
1739 dev[0].scan_for_bss(bssid0, freq="2412")
1740 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1741 scan_freq="2412")
1742
1743 params = ft_params2(ssid=ssid, passphrase=passphrase)
1744 hapd1 = hostapd.add_ap(apdev[1], params)
1745 bssid1 = hapd1.own_addr()
1746 dev[0].scan_for_bss(bssid1, freq="2412")
1747 with alloc_fail(hapd1, 1, "wpa_ft_gtk_subelem"):
1748 dev[0].roam(bssid1)
1749 if dev[0].get_status_field('bssid') != bssid1:
1750 raise Exception("Did not roam to AP1")
1751
1752 with fail_test(hapd0, 1, "wpa_auth_get_seqnum;wpa_ft_gtk_subelem"):
1753 dev[0].roam(bssid0)
1754 if dev[0].get_status_field('bssid') != bssid0:
1755 raise Exception("Did not roam to AP0")
1756
1757 with fail_test(hapd0, 1, "aes_wrap;wpa_ft_gtk_subelem"):
1758 dev[0].roam(bssid1)
1759 if dev[0].get_status_field('bssid') != bssid1:
1760 raise Exception("Did not roam to AP1")
1761
1762 def test_ap_ft_ap_oom5(dev, apdev):
1763 """WPA2-PSK-FT and AP OOM 5"""
1764 ssid = "test-ft"
1765 passphrase = "12345678"
1766
1767 params = ft_params1(ssid=ssid, passphrase=passphrase)
1768 hapd0 = hostapd.add_ap(apdev[0], params)
1769 bssid0 = hapd0.own_addr()
1770
1771 dev[0].scan_for_bss(bssid0, freq="2412")
1772 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1773 scan_freq="2412")
1774
1775 params = ft_params2(ssid=ssid, passphrase=passphrase)
1776 hapd1 = hostapd.add_ap(apdev[1], params)
1777 bssid1 = hapd1.own_addr()
1778 dev[0].scan_for_bss(bssid1, freq="2412")
1779 with alloc_fail(hapd1, 1, "=wpa_ft_process_auth_req"):
1780 # This will fail to roam
1781 dev[0].roam(bssid1)
1782
1783 with fail_test(hapd1, 1, "os_get_random;wpa_ft_process_auth_req"):
1784 # This will fail to roam
1785 dev[0].roam(bssid1)
1786
1787 with fail_test(hapd1, 1, "sha256_prf_bits;wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
1788 # This will fail to roam
1789 dev[0].roam(bssid1)
1790
1791 with fail_test(hapd1, 3, "wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
1792 # This will fail to roam
1793 dev[0].roam(bssid1)
1794
1795 with fail_test(hapd1, 1, "wpa_derive_pmk_r1_name;wpa_ft_process_auth_req"):
1796 # This will fail to roam
1797 dev[0].roam(bssid1)
1798
1799 def test_ap_ft_ap_oom6(dev, apdev):
1800 """WPA2-PSK-FT and AP OOM 6"""
1801 ssid = "test-ft"
1802 passphrase = "12345678"
1803
1804 params = ft_params1(ssid=ssid, passphrase=passphrase)
1805 hapd0 = hostapd.add_ap(apdev[0], params)
1806 bssid0 = hapd0.own_addr()
1807
1808 dev[0].scan_for_bss(bssid0, freq="2412")
1809 with fail_test(hapd0, 1, "wpa_derive_pmk_r0;wpa_auth_derive_ptk_ft"):
1810 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1811 scan_freq="2412")
1812 dev[0].request("REMOVE_NETWORK all")
1813 dev[0].wait_disconnected()
1814 with fail_test(hapd0, 1, "wpa_derive_pmk_r1;wpa_auth_derive_ptk_ft"):
1815 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1816 scan_freq="2412")
1817 dev[0].request("REMOVE_NETWORK all")
1818 dev[0].wait_disconnected()
1819 with fail_test(hapd0, 1, "wpa_pmk_r1_to_ptk;wpa_auth_derive_ptk_ft"):
1820 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1821 scan_freq="2412")
1822
1823 def test_ap_ft_ap_oom7a(dev, apdev):
1824 """WPA2-PSK-FT and AP OOM 7a"""
1825 ssid = "test-ft"
1826 passphrase = "12345678"
1827
1828 params = ft_params1(ssid=ssid, passphrase=passphrase)
1829 params["ieee80211w"] = "2"
1830 hapd0 = hostapd.add_ap(apdev[0], params)
1831 bssid0 = hapd0.own_addr()
1832
1833 dev[0].scan_for_bss(bssid0, freq="2412")
1834 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1835 ieee80211w="2", scan_freq="2412")
1836
1837 params = ft_params2(ssid=ssid, passphrase=passphrase)
1838 params["ieee80211w"] = "2"
1839 hapd1 = hostapd.add_ap(apdev[1], params)
1840 bssid1 = hapd1.own_addr()
1841 dev[0].scan_for_bss(bssid1, freq="2412")
1842 with alloc_fail(hapd1, 1, "wpa_ft_igtk_subelem"):
1843 # This will fail to roam
1844 dev[0].roam(bssid1)
1845
1846 def test_ap_ft_ap_oom7b(dev, apdev):
1847 """WPA2-PSK-FT and AP OOM 7b"""
1848 ssid = "test-ft"
1849 passphrase = "12345678"
1850
1851 params = ft_params1(ssid=ssid, passphrase=passphrase)
1852 params["ieee80211w"] = "2"
1853 hapd0 = hostapd.add_ap(apdev[0], params)
1854 bssid0 = hapd0.own_addr()
1855
1856 dev[0].scan_for_bss(bssid0, freq="2412")
1857 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1858 ieee80211w="2", scan_freq="2412")
1859
1860 params = ft_params2(ssid=ssid, passphrase=passphrase)
1861 params["ieee80211w"] = "2"
1862 hapd1 = hostapd.add_ap(apdev[1], params)
1863 bssid1 = hapd1.own_addr()
1864 dev[0].scan_for_bss(bssid1, freq="2412")
1865 with fail_test(hapd1, 1, "aes_wrap;wpa_ft_igtk_subelem"):
1866 # This will fail to roam
1867 dev[0].roam(bssid1)
1868
1869 def test_ap_ft_ap_oom7c(dev, apdev):
1870 """WPA2-PSK-FT and AP OOM 7c"""
1871 ssid = "test-ft"
1872 passphrase = "12345678"
1873
1874 params = ft_params1(ssid=ssid, passphrase=passphrase)
1875 params["ieee80211w"] = "2"
1876 hapd0 = hostapd.add_ap(apdev[0], params)
1877 bssid0 = hapd0.own_addr()
1878
1879 dev[0].scan_for_bss(bssid0, freq="2412")
1880 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1881 ieee80211w="2", scan_freq="2412")
1882
1883 params = ft_params2(ssid=ssid, passphrase=passphrase)
1884 params["ieee80211w"] = "2"
1885 hapd1 = hostapd.add_ap(apdev[1], params)
1886 bssid1 = hapd1.own_addr()
1887 dev[0].scan_for_bss(bssid1, freq="2412")
1888 with alloc_fail(hapd1, 1, "=wpa_sm_write_assoc_resp_ies"):
1889 # This will fail to roam
1890 dev[0].roam(bssid1)
1891
1892 def test_ap_ft_ap_oom7d(dev, apdev):
1893 """WPA2-PSK-FT and AP OOM 7d"""
1894 ssid = "test-ft"
1895 passphrase = "12345678"
1896
1897 params = ft_params1(ssid=ssid, passphrase=passphrase)
1898 params["ieee80211w"] = "2"
1899 hapd0 = hostapd.add_ap(apdev[0], params)
1900 bssid0 = hapd0.own_addr()
1901
1902 dev[0].scan_for_bss(bssid0, freq="2412")
1903 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1904 ieee80211w="2", scan_freq="2412")
1905
1906 params = ft_params2(ssid=ssid, passphrase=passphrase)
1907 params["ieee80211w"] = "2"
1908 hapd1 = hostapd.add_ap(apdev[1], params)
1909 bssid1 = hapd1.own_addr()
1910 dev[0].scan_for_bss(bssid1, freq="2412")
1911 with fail_test(hapd1, 1, "wpa_ft_mic;wpa_sm_write_assoc_resp_ies"):
1912 # This will fail to roam
1913 dev[0].roam(bssid1)
1914
1915 def test_ap_ft_ap_oom8(dev, apdev):
1916 """WPA2-PSK-FT and AP OOM 8"""
1917 ssid = "test-ft"
1918 passphrase = "12345678"
1919
1920 params = ft_params1(ssid=ssid, passphrase=passphrase)
1921 params['ft_psk_generate_local'] = "1"
1922 hapd0 = hostapd.add_ap(apdev[0], params)
1923 bssid0 = hapd0.own_addr()
1924
1925 dev[0].scan_for_bss(bssid0, freq="2412")
1926 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1927 scan_freq="2412")
1928
1929 params = ft_params2(ssid=ssid, passphrase=passphrase)
1930 params['ft_psk_generate_local'] = "1"
1931 hapd1 = hostapd.add_ap(apdev[1], params)
1932 bssid1 = hapd1.own_addr()
1933 dev[0].scan_for_bss(bssid1, freq="2412")
1934 with fail_test(hapd1, 1, "wpa_derive_pmk_r0;wpa_ft_psk_pmk_r1"):
1935 # This will fail to roam
1936 dev[0].roam(bssid1)
1937 with fail_test(hapd1, 1, "wpa_derive_pmk_r1;wpa_ft_psk_pmk_r1"):
1938 # This will fail to roam
1939 dev[0].roam(bssid1)
1940
1941 def test_ap_ft_ap_oom9(dev, apdev):
1942 """WPA2-PSK-FT and AP OOM 9"""
1943 ssid = "test-ft"
1944 passphrase = "12345678"
1945
1946 params = ft_params1(ssid=ssid, passphrase=passphrase)
1947 hapd0 = hostapd.add_ap(apdev[0], params)
1948 bssid0 = hapd0.own_addr()
1949
1950 dev[0].scan_for_bss(bssid0, freq="2412")
1951 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1952 scan_freq="2412")
1953
1954 params = ft_params2(ssid=ssid, passphrase=passphrase)
1955 hapd1 = hostapd.add_ap(apdev[1], params)
1956 bssid1 = hapd1.own_addr()
1957 dev[0].scan_for_bss(bssid1, freq="2412")
1958
1959 with alloc_fail(hapd0, 1, "wpa_ft_action_rx"):
1960 # This will fail to roam
1961 if "OK" not in dev[0].request("FT_DS " + bssid1):
1962 raise Exception("FT_DS failed")
1963 wait_fail_trigger(hapd0, "GET_ALLOC_FAIL")
1964
1965 with alloc_fail(hapd1, 1, "wpa_ft_rrb_rx_request"):
1966 # This will fail to roam
1967 if "OK" not in dev[0].request("FT_DS " + bssid1):
1968 raise Exception("FT_DS failed")
1969 wait_fail_trigger(hapd1, "GET_ALLOC_FAIL")
1970
1971 with alloc_fail(hapd1, 1, "wpa_ft_send_rrb_auth_resp"):
1972 # This will fail to roam
1973 if "OK" not in dev[0].request("FT_DS " + bssid1):
1974 raise Exception("FT_DS failed")
1975 wait_fail_trigger(hapd1, "GET_ALLOC_FAIL")
1976
1977 def test_ap_ft_ap_oom10(dev, apdev):
1978 """WPA2-PSK-FT and AP OOM 10"""
1979 ssid = "test-ft"
1980 passphrase = "12345678"
1981
1982 params = ft_params1(ssid=ssid, passphrase=passphrase)
1983 hapd0 = hostapd.add_ap(apdev[0], params)
1984 bssid0 = hapd0.own_addr()
1985
1986 dev[0].scan_for_bss(bssid0, freq="2412")
1987 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1988 scan_freq="2412")
1989
1990 params = ft_params2(ssid=ssid, passphrase=passphrase)
1991 hapd1 = hostapd.add_ap(apdev[1], params)
1992 bssid1 = hapd1.own_addr()
1993 dev[0].scan_for_bss(bssid1, freq="2412")
1994
1995 with fail_test(hapd0, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_pull"):
1996 # This will fail to roam
1997 if "OK" not in dev[0].request("FT_DS " + bssid1):
1998 raise Exception("FT_DS failed")
1999 wait_fail_trigger(hapd0, "GET_FAIL")
2000
2001 with fail_test(hapd0, 1, "wpa_derive_pmk_r1;wpa_ft_rrb_rx_pull"):
2002 # This will fail to roam
2003 if "OK" not in dev[0].request("FT_DS " + bssid1):
2004 raise Exception("FT_DS failed")
2005 wait_fail_trigger(hapd0, "GET_FAIL")
2006
2007 with fail_test(hapd0, 1, "aes_siv_encrypt;wpa_ft_rrb_rx_pull"):
2008 # This will fail to roam
2009 if "OK" not in dev[0].request("FT_DS " + bssid1):
2010 raise Exception("FT_DS failed")
2011 wait_fail_trigger(hapd0, "GET_FAIL")
2012
2013 with fail_test(hapd1, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_resp"):
2014 # This will fail to roam
2015 if "OK" not in dev[0].request("FT_DS " + bssid1):
2016 raise Exception("FT_DS failed")
2017 wait_fail_trigger(hapd1, "GET_FAIL")
2018
2019 def test_ap_ft_ap_oom11(dev, apdev):
2020 """WPA2-PSK-FT and AP OOM 11"""
2021 ssid = "test-ft"
2022 passphrase = "12345678"
2023
2024 params = ft_params1(ssid=ssid, passphrase=passphrase)
2025 hapd0 = hostapd.add_ap(apdev[0], params)
2026 bssid0 = hapd0.own_addr()
2027
2028 dev[0].scan_for_bss(bssid0, freq="2412")
2029 with fail_test(hapd0, 1, "wpa_derive_pmk_r1;wpa_ft_generate_pmk_r1"):
2030 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2031 scan_freq="2412")
2032 wait_fail_trigger(hapd0, "GET_FAIL")
2033
2034 dev[1].scan_for_bss(bssid0, freq="2412")
2035 with fail_test(hapd0, 1, "aes_siv_encrypt;wpa_ft_generate_pmk_r1"):
2036 dev[1].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2037 scan_freq="2412")
2038 wait_fail_trigger(hapd0, "GET_FAIL")
2039
2040 def test_ap_ft_over_ds_proto_ap(dev, apdev):
2041 """WPA2-PSK-FT AP over DS protocol testing for AP processing"""
2042 ssid = "test-ft"
2043 passphrase = "12345678"
2044
2045 params = ft_params1(ssid=ssid, passphrase=passphrase)
2046 hapd0 = hostapd.add_ap(apdev[0], params)
2047 bssid0 = hapd0.own_addr()
2048 _bssid0 = bssid0.replace(':', '')
2049 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2050 scan_freq="2412")
2051 addr = dev[0].own_addr()
2052 _addr = addr.replace(':', '')
2053
2054 params = ft_params2(ssid=ssid, passphrase=passphrase)
2055 hapd1 = hostapd.add_ap(apdev[1], params)
2056 bssid1 = hapd1.own_addr()
2057 _bssid1 = bssid1.replace(':', '')
2058
2059 hapd0.set("ext_mgmt_frame_handling", "1")
2060 hdr = "d0003a01" + _bssid0 + _addr + _bssid0 + "1000"
2061 valid = "0601" + _addr + _bssid1
2062 tests = ["0601",
2063 "0601" + _addr,
2064 "0601" + _addr + _bssid0,
2065 "0601" + _addr + "ffffffffffff",
2066 "0601" + _bssid0 + _bssid0,
2067 valid,
2068 valid + "01",
2069 valid + "3700",
2070 valid + "3600",
2071 valid + "3603ffffff",
2072 valid + "3603a1b2ff",
2073 valid + "3603a1b2ff" + "3700",
2074 valid + "3603a1b2ff" + "37520000" + 16*"00" + 32*"00" + 32*"00",
2075 valid + "3603a1b2ff" + "37520001" + 16*"00" + 32*"00" + 32*"00",
2076 valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa",
2077 valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "3000",
2078 valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000facff00000100a225368fe0983b5828a37a0acb37f253",
2079 valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac030100000fac0400000100a225368fe0983b5828a37a0acb37f253",
2080 valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000fac0400000100a225368fe0983b5828a37a0acb37f253",
2081 valid + "0001"]
2082 for t in tests:
2083 hapd0.dump_monitor()
2084 if "OK" not in hapd0.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + t):
2085 raise Exception("MGMT_RX_PROCESS failed")
2086
2087 hapd0.set("ext_mgmt_frame_handling", "0")
2088
2089 def test_ap_ft_over_ds_proto(dev, apdev):
2090 """WPA2-PSK-FT AP over DS protocol testing"""
2091 ssid = "test-ft"
2092 passphrase = "12345678"
2093
2094 params = ft_params1(ssid=ssid, passphrase=passphrase)
2095 hapd0 = hostapd.add_ap(apdev[0], params)
2096 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2097 scan_freq="2412")
2098
2099 # FT Action Response while no FT-over-DS in progress
2100 msg = {}
2101 msg['fc'] = 13 << 4
2102 msg['da'] = dev[0].own_addr()
2103 msg['sa'] = apdev[0]['bssid']
2104 msg['bssid'] = apdev[0]['bssid']
2105 msg['payload'] = binascii.unhexlify("06020200000000000200000004000000")
2106 hapd0.mgmt_tx(msg)
2107
2108 params = ft_params2(ssid=ssid, passphrase=passphrase)
2109 hapd1 = hostapd.add_ap(apdev[1], params)
2110 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
2111 hapd0.set("ext_mgmt_frame_handling", "1")
2112 hapd0.dump_monitor()
2113 dev[0].request("FT_DS " + apdev[1]['bssid'])
2114 for i in range(0, 10):
2115 req = hapd0.mgmt_rx()
2116 if req is None:
2117 raise Exception("MGMT RX wait timed out")
2118 if req['subtype'] == 13:
2119 break
2120 req = None
2121 if not req:
2122 raise Exception("FT Action frame not received")
2123
2124 # FT Action Response for unexpected Target AP
2125 msg['payload'] = binascii.unhexlify("0602020000000000" + "f20000000400" + "0000")
2126 hapd0.mgmt_tx(msg)
2127
2128 # FT Action Response without MDIE
2129 msg['payload'] = binascii.unhexlify("0602020000000000" + "020000000400" + "0000")
2130 hapd0.mgmt_tx(msg)
2131
2132 # FT Action Response without FTIE
2133 msg['payload'] = binascii.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201")
2134 hapd0.mgmt_tx(msg)
2135
2136 # FT Action Response with FTIE SNonce mismatch
2137 msg['payload'] = binascii.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201" + "3766000000000000000000000000000000000000c4e67ac1999bebd00ff4ae4d5dcaf87896bb060b469f7c78d49623fb395c3455ffffff6b693fe6f8d8c5dfac0a22344750775bd09437f98b238c9f87b97f790c0106000102030406030a6e6173312e77312e6669")
2138 hapd0.mgmt_tx(msg)
2139
2140 @remote_compatible
2141 def test_ap_ft_rrb(dev, apdev):
2142 """WPA2-PSK-FT RRB protocol testing"""
2143 ssid = "test-ft"
2144 passphrase = "12345678"
2145
2146 params = ft_params1(ssid=ssid, passphrase=passphrase)
2147 hapd0 = hostapd.add_ap(apdev[0], params)
2148
2149 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2150 scan_freq="2412")
2151
2152 _dst_ll = binascii.unhexlify(apdev[0]['bssid'].replace(':', ''))
2153 _src_ll = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
2154 proto = b'\x89\x0d'
2155 ehdr = _dst_ll + _src_ll + proto
2156
2157 # Too short RRB frame
2158 pkt = ehdr + b'\x01'
2159 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
2160 raise Exception("DATA_TEST_FRAME failed")
2161
2162 # RRB discarded frame wikth unrecognized type
2163 pkt = ehdr + b'\x02' + b'\x02' + b'\x01\x00' + _src_ll
2164 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
2165 raise Exception("DATA_TEST_FRAME failed")
2166
2167 # RRB frame too short for action frame
2168 pkt = ehdr + b'\x01' + b'\x02' + b'\x01\x00' + _src_ll
2169 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
2170 raise Exception("DATA_TEST_FRAME failed")
2171
2172 # Too short RRB frame (not enough room for Action Frame body)
2173 pkt = ehdr + b'\x01' + b'\x02' + b'\x00\x00' + _src_ll
2174 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
2175 raise Exception("DATA_TEST_FRAME failed")
2176
2177 # Unexpected Action frame category
2178 pkt = ehdr + b'\x01' + b'\x02' + b'\x0e\x00' + _src_ll + b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2179 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
2180 raise Exception("DATA_TEST_FRAME failed")
2181
2182 # Unexpected Action in RRB Request
2183 pkt = ehdr + b'\x01' + b'\x00' + b'\x0e\x00' + _src_ll + b'\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2184 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
2185 raise Exception("DATA_TEST_FRAME failed")
2186
2187 # Target AP address in RRB Request does not match with own address
2188 pkt = ehdr + b'\x01' + b'\x00' + b'\x0e\x00' + _src_ll + b'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2189 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
2190 raise Exception("DATA_TEST_FRAME failed")
2191
2192 # Not enough room for status code in RRB Response
2193 pkt = ehdr + b'\x01' + b'\x01' + b'\x0e\x00' + _src_ll + b'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2194 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
2195 raise Exception("DATA_TEST_FRAME failed")
2196
2197 # RRB discarded frame with unknown packet_type
2198 pkt = ehdr + b'\x01' + b'\x02' + b'\x0e\x00' + _src_ll + b'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2199 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
2200 raise Exception("DATA_TEST_FRAME failed")
2201
2202 # RRB Response with non-zero status code; no STA match
2203 pkt = ehdr + b'\x01' + b'\x01' + b'\x10\x00' + _src_ll + b'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + b'\xff\xff'
2204 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
2205 raise Exception("DATA_TEST_FRAME failed")
2206
2207 # RRB Response with zero status code and extra data; STA match
2208 pkt = ehdr + b'\x01' + b'\x01' + b'\x11\x00' + _src_ll + b'\x06\x01' + _src_ll + b'\x00\x00\x00\x00\x00\x00' + b'\x00\x00' + b'\x00'
2209 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
2210 raise Exception("DATA_TEST_FRAME failed")
2211
2212 # Too short PMK-R1 pull
2213 pkt = ehdr + b'\x01' + b'\xc8' + b'\x0e\x00' + _src_ll + b'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2214 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
2215 raise Exception("DATA_TEST_FRAME failed")
2216
2217 # Too short PMK-R1 resp
2218 pkt = ehdr + b'\x01' + b'\xc9' + b'\x0e\x00' + _src_ll + b'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2219 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
2220 raise Exception("DATA_TEST_FRAME failed")
2221
2222 # Too short PMK-R1 push
2223 pkt = ehdr + b'\x01' + b'\xca' + b'\x0e\x00' + _src_ll + b'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2224 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
2225 raise Exception("DATA_TEST_FRAME failed")
2226
2227 # No matching R0KH address found for PMK-R0 pull response
2228 pkt = ehdr + b'\x01' + b'\xc9' + b'\x5a\x00' + _src_ll + b'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + 76 * b'\00'
2229 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
2230 raise Exception("DATA_TEST_FRAME failed")
2231
2232 @remote_compatible
2233 def test_rsn_ie_proto_ft_psk_sta(dev, apdev):
2234 """RSN element protocol testing for FT-PSK + PMF cases on STA side"""
2235 bssid = apdev[0]['bssid']
2236 ssid = "test-ft"
2237 passphrase = "12345678"
2238
2239 params = ft_params1(ssid=ssid, passphrase=passphrase)
2240 params["ieee80211w"] = "1"
2241 # This is the RSN element used normally by hostapd
2242 params['own_ie_override'] = '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'
2243 hapd = hostapd.add_ap(apdev[0], params)
2244 id = dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2245 ieee80211w="1", scan_freq="2412",
2246 pairwise="CCMP", group="CCMP")
2247
2248 tests = [('PMKIDCount field included',
2249 '30160100000fac040100000fac040100000fac048c000000' + '3603a1b201'),
2250 ('Extra IE before RSNE',
2251 'dd0400000000' + '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'),
2252 ('PMKIDCount and Group Management Cipher suite fields included',
2253 '301a0100000fac040100000fac040100000fac048c000000000fac06' + '3603a1b201'),
2254 ('Extra octet after defined fields (future extensibility)',
2255 '301b0100000fac040100000fac040100000fac048c000000000fac0600' + '3603a1b201'),
2256 ('No RSN Capabilities field (PMF disabled in practice)',
2257 '30120100000fac040100000fac040100000fac04' + '3603a1b201')]
2258 for txt, ie in tests:
2259 dev[0].request("DISCONNECT")
2260 dev[0].wait_disconnected()
2261 logger.info(txt)
2262 hapd.disable()
2263 hapd.set('own_ie_override', ie)
2264 hapd.enable()
2265 dev[0].request("BSS_FLUSH 0")
2266 dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
2267 dev[0].select_network(id, freq=2412)
2268 dev[0].wait_connected()
2269
2270 dev[0].request("DISCONNECT")
2271 dev[0].wait_disconnected()
2272
2273 logger.info('Invalid RSNE causing internal hostapd error')
2274 hapd.disable()
2275 hapd.set('own_ie_override', '30130100000fac040100000fac040100000fac048c' + '3603a1b201')
2276 hapd.enable()
2277 dev[0].request("BSS_FLUSH 0")
2278 dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
2279 dev[0].select_network(id, freq=2412)
2280 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
2281 # complete.
2282 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
2283 if ev is not None:
2284 raise Exception("Unexpected connection")
2285 dev[0].request("DISCONNECT")
2286
2287 logger.info('Unexpected PMKID causing internal hostapd error')
2288 hapd.disable()
2289 hapd.set('own_ie_override', '30260100000fac040100000fac040100000fac048c000100ffffffffffffffffffffffffffffffff' + '3603a1b201')
2290 hapd.enable()
2291 dev[0].request("BSS_FLUSH 0")
2292 dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
2293 dev[0].select_network(id, freq=2412)
2294 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
2295 # complete.
2296 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
2297 if ev is not None:
2298 raise Exception("Unexpected connection")
2299 dev[0].request("DISCONNECT")
2300
2301 def test_ap_ft_ptk_rekey(dev, apdev):
2302 """WPA2-PSK-FT PTK rekeying triggered by station after roam"""
2303 ssid = "test-ft"
2304 passphrase = "12345678"
2305
2306 params = ft_params1(ssid=ssid, passphrase=passphrase)
2307 hapd0 = hostapd.add_ap(apdev[0], params)
2308 params = ft_params2(ssid=ssid, passphrase=passphrase)
2309 hapd1 = hostapd.add_ap(apdev[1], params)
2310
2311 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, ptk_rekey="1")
2312
2313 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED",
2314 "WPA: Key negotiation completed"], timeout=5)
2315 if ev is None:
2316 raise Exception("No event received after roam")
2317 if "CTRL-EVENT-DISCONNECTED" in ev:
2318 raise Exception("Unexpected disconnection after roam")
2319
2320 if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
2321 hapd = hapd0
2322 else:
2323 hapd = hapd1
2324 hwsim_utils.test_connectivity(dev[0], hapd)
2325
2326 def test_ap_ft_ptk_rekey_ap(dev, apdev):
2327 """WPA2-PSK-FT PTK rekeying triggered by AP after roam"""
2328 ssid = "test-ft"
2329 passphrase = "12345678"
2330
2331 params = ft_params1(ssid=ssid, passphrase=passphrase)
2332 params['wpa_ptk_rekey'] = '2'
2333 hapd0 = hostapd.add_ap(apdev[0], params)
2334 params = ft_params2(ssid=ssid, passphrase=passphrase)
2335 params['wpa_ptk_rekey'] = '2'
2336 hapd1 = hostapd.add_ap(apdev[1], params)
2337
2338 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
2339
2340 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED",
2341 "WPA: Key negotiation completed"], timeout=5)
2342 if ev is None:
2343 raise Exception("No event received after roam")
2344 if "CTRL-EVENT-DISCONNECTED" in ev:
2345 raise Exception("Unexpected disconnection after roam")
2346
2347 if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
2348 hapd = hapd0
2349 else:
2350 hapd = hapd1
2351 hwsim_utils.test_connectivity(dev[0], hapd)
2352
2353 def test_ap_ft_internal_rrb_check(dev, apdev):
2354 """RRB internal delivery only to WPA enabled BSS"""
2355 ssid = "test-ft"
2356 passphrase = "12345678"
2357
2358 radius = hostapd.radius_params()
2359 params = ft_params1(ssid=ssid, passphrase=passphrase)
2360 params['wpa_key_mgmt'] = "FT-EAP"
2361 params["ieee8021x"] = "1"
2362 params = dict(list(radius.items()) + list(params.items()))
2363 hapd = hostapd.add_ap(apdev[0], params)
2364 key_mgmt = hapd.get_config()['key_mgmt']
2365 if key_mgmt.split(' ')[0] != "FT-EAP":
2366 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
2367
2368 hapd1 = hostapd.add_ap(apdev[1], {"ssid": ssid})
2369
2370 # Connect to WPA enabled AP
2371 dev[0].connect(ssid, key_mgmt="FT-EAP", proto="WPA2", ieee80211w="1",
2372 eap="GPSK", identity="gpsk user",
2373 password="abcdefghijklmnop0123456789abcdef",
2374 scan_freq="2412")
2375
2376 # Try over_ds roaming to non-WPA-enabled AP.
2377 # If hostapd does not check hapd->wpa_auth internally, it will crash now.
2378 dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True)
2379
2380 def test_ap_ft_extra_ie(dev, apdev):
2381 """WPA2-PSK-FT AP with WPA2-PSK enabled and unexpected MDE"""
2382 ssid = "test-ft"
2383 passphrase = "12345678"
2384
2385 params = ft_params1(ssid=ssid, passphrase=passphrase)
2386 params["wpa_key_mgmt"] = "WPA-PSK FT-PSK"
2387 hapd0 = hostapd.add_ap(apdev[0], params)
2388 dev[1].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2389 scan_freq="2412")
2390 dev[2].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK", proto="WPA2",
2391 scan_freq="2412")
2392 try:
2393 # Add Mobility Domain element to test AP validation code.
2394 dev[0].request("VENDOR_ELEM_ADD 13 3603a1b201")
2395 dev[0].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK", proto="WPA2",
2396 scan_freq="2412", wait_connect=False)
2397 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
2398 "CTRL-EVENT-ASSOC-REJECT"], timeout=10)
2399 if ev is None:
2400 raise Exception("No connection result")
2401 if "CTRL-EVENT-CONNECTED" in ev:
2402 raise Exception("Non-FT association accepted with MDE")
2403 if "status_code=43" not in ev:
2404 raise Exception("Unexpected status code: " + ev)
2405 dev[0].request("DISCONNECT")
2406 finally:
2407 dev[0].request("VENDOR_ELEM_REMOVE 13 *")
2408
2409 def test_ap_ft_ric(dev, apdev):
2410 """WPA2-PSK-FT AP and RIC"""
2411 ssid = "test-ft"
2412 passphrase = "12345678"
2413
2414 params = ft_params1(ssid=ssid, passphrase=passphrase)
2415 hapd0 = hostapd.add_ap(apdev[0], params)
2416 params = ft_params2(ssid=ssid, passphrase=passphrase)
2417 hapd1 = hostapd.add_ap(apdev[1], params)
2418
2419 dev[0].set("ric_ies", "")
2420 dev[0].set("ric_ies", '""')
2421 if "FAIL" not in dev[0].request("SET ric_ies q"):
2422 raise Exception("Invalid ric_ies value accepted")
2423
2424 tests = ["3900",
2425 "3900ff04eeeeeeee",
2426 "390400000000",
2427 "390400000000" + "390400000000",
2428 "390400000000" + "dd050050f20202",
2429 "390400000000" + "dd3d0050f2020201" + 55*"00",
2430 "390400000000" + "dd3d0050f2020201aa300010270000000000000000000000000000000000000000000000000000ffffff7f00000000000000000000000040420f00ffff0000",
2431 "390401010000" + "dd3d0050f2020201aa3000dc050000000000000000000000000000000000000000000000000000dc050000000000000000000000000000808d5b0028230000"]
2432 for t in tests:
2433 dev[0].set("ric_ies", t)
2434 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase,
2435 test_connectivity=False)
2436 dev[0].request("REMOVE_NETWORK all")
2437 dev[0].wait_disconnected()
2438 dev[0].dump_monitor()
2439
2440 def ie_hex(ies, id):
2441 return binascii.hexlify(struct.pack('BB', id, len(ies[id])) + ies[id]).decode()
2442
2443 def test_ap_ft_reassoc_proto(dev, apdev):
2444 """WPA2-PSK-FT AP Reassociation Request frame parsing"""
2445 ssid = "test-ft"
2446 passphrase = "12345678"
2447
2448 params = ft_params1(ssid=ssid, passphrase=passphrase)
2449 hapd0 = hostapd.add_ap(apdev[0], params)
2450 params = ft_params2(ssid=ssid, passphrase=passphrase)
2451 hapd1 = hostapd.add_ap(apdev[1], params)
2452
2453 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2454 ieee80211w="1", scan_freq="2412")
2455 if dev[0].get_status_field('bssid') == hapd0.own_addr():
2456 hapd1ap = hapd0
2457 hapd2ap = hapd1
2458 else:
2459 hapd1ap = hapd1
2460 hapd2ap = hapd0
2461
2462 dev[0].scan_for_bss(hapd2ap.own_addr(), freq="2412")
2463 hapd2ap.set("ext_mgmt_frame_handling", "1")
2464 dev[0].request("ROAM " + hapd2ap.own_addr())
2465
2466 while True:
2467 req = hapd2ap.mgmt_rx()
2468 hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())
2469 if req['subtype'] == 11:
2470 break
2471
2472 while True:
2473 req = hapd2ap.mgmt_rx()
2474 if req['subtype'] == 2:
2475 break
2476 hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())
2477
2478 # IEEE 802.11 header + fixed fields before IEs
2479 hdr = binascii.hexlify(req['frame'][0:34]).decode()
2480 ies = parse_ie(binascii.hexlify(req['frame'][34:]))
2481 # First elements: SSID, Supported Rates, Extended Supported Rates
2482 ies1 = ie_hex(ies, 0) + ie_hex(ies, 1) + ie_hex(ies, 50)
2483
2484 rsne = ie_hex(ies, 48)
2485 mde = ie_hex(ies, 54)
2486 fte = ie_hex(ies, 55)
2487 tests = []
2488 # RSN: Trying to use FT, but MDIE not included
2489 tests += [rsne]
2490 # RSN: Attempted to use unknown MDIE
2491 tests += [rsne + "3603000000"]
2492 # Invalid RSN pairwise cipher
2493 tests += ["30260100000fac040100000fac030100000fac040000010029208a42cd25c85aa571567dce10dae3"]
2494 # FT: No PMKID in RSNIE
2495 tests += ["30160100000fac040100000fac040100000fac0400000000" + ie_hex(ies, 54)]
2496 # FT: Invalid FTIE
2497 tests += [rsne + mde]
2498 # FT: RIC IE(s) in the frame, but not included in protected IE count
2499 # FT: Failed to parse FT IEs
2500 tests += [rsne + mde + fte + "3900"]
2501 # FT: SNonce mismatch in FTIE
2502 tests += [rsne + mde + "37520000" + 16*"00" + 32*"00" + 32*"00"]
2503 # FT: ANonce mismatch in FTIE
2504 tests += [rsne + mde + fte[0:40] + 32*"00" + fte[104:]]
2505 # FT: No R0KH-ID subelem in FTIE
2506 tests += [rsne + mde + "3752" + fte[4:168]]
2507 # FT: R0KH-ID in FTIE did not match with the current R0KH-ID
2508 tests += [rsne + mde + "3755" + fte[4:168] + "0301ff"]
2509 # FT: No R1KH-ID subelem in FTIE
2510 tests += [rsne + mde + "375e" + fte[4:168] + "030a" + binascii.hexlify(b"nas1.w1.fi").decode()]
2511 # FT: Unknown R1KH-ID used in ReassocReq
2512 tests += [rsne + mde + "3766" + fte[4:168] + "030a" + binascii.hexlify(b"nas1.w1.fi").decode() + "0106000000000000"]
2513 # FT: PMKID in Reassoc Req did not match with the PMKR1Name derived from auth request
2514 tests += [rsne[:-32] + 16*"00" + mde + fte]
2515 # Invalid MIC in FTIE
2516 tests += [rsne + mde + fte[0:8] + 16*"00" + fte[40:]]
2517 for t in tests:
2518 hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + ies1 + t)
2519
2520 def test_ap_ft_reassoc_local_fail(dev, apdev):
2521 """WPA2-PSK-FT AP Reassociation Request frame and local failure"""
2522 ssid = "test-ft"
2523 passphrase = "12345678"
2524
2525 params = ft_params1(ssid=ssid, passphrase=passphrase)
2526 hapd0 = hostapd.add_ap(apdev[0], params)
2527 params = ft_params2(ssid=ssid, passphrase=passphrase)
2528 hapd1 = hostapd.add_ap(apdev[1], params)
2529
2530 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2531 ieee80211w="1", scan_freq="2412")
2532 if dev[0].get_status_field('bssid') == hapd0.own_addr():
2533 hapd1ap = hapd0
2534 hapd2ap = hapd1
2535 else:
2536 hapd1ap = hapd1
2537 hapd2ap = hapd0
2538
2539 dev[0].scan_for_bss(hapd2ap.own_addr(), freq="2412")
2540 # FT: Failed to calculate MIC
2541 with fail_test(hapd2ap, 1, "wpa_ft_validate_reassoc"):
2542 dev[0].request("ROAM " + hapd2ap.own_addr())
2543 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
2544 dev[0].request("DISCONNECT")
2545 if ev is None:
2546 raise Exception("Association reject not seen")
2547
2548 def test_ap_ft_reassoc_replay(dev, apdev, params):
2549 """WPA2-PSK-FT AP and replayed Reassociation Request frame"""
2550 capfile = os.path.join(params['logdir'], "hwsim0.pcapng")
2551 ssid = "test-ft"
2552 passphrase = "12345678"
2553
2554 params = ft_params1(ssid=ssid, passphrase=passphrase)
2555 hapd0 = hostapd.add_ap(apdev[0], params)
2556 params = ft_params2(ssid=ssid, passphrase=passphrase)
2557 hapd1 = hostapd.add_ap(apdev[1], params)
2558
2559 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2560 scan_freq="2412")
2561 if dev[0].get_status_field('bssid') == hapd0.own_addr():
2562 hapd1ap = hapd0
2563 hapd2ap = hapd1
2564 else:
2565 hapd1ap = hapd1
2566 hapd2ap = hapd0
2567
2568 dev[0].scan_for_bss(hapd2ap.own_addr(), freq="2412")
2569 hapd2ap.set("ext_mgmt_frame_handling", "1")
2570 dev[0].dump_monitor()
2571 if "OK" not in dev[0].request("ROAM " + hapd2ap.own_addr()):
2572 raise Exception("ROAM failed")
2573
2574 reassocreq = None
2575 count = 0
2576 while count < 100:
2577 req = hapd2ap.mgmt_rx()
2578 count += 1
2579 hapd2ap.dump_monitor()
2580 hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())
2581 if req['subtype'] == 2:
2582 reassocreq = req
2583 ev = hapd2ap.wait_event(["MGMT-TX-STATUS"], timeout=5)
2584 if ev is None:
2585 raise Exception("No TX status seen")
2586 cmd = "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev.split(' ')[1:4]))
2587 if "OK" not in hapd2ap.request(cmd):
2588 raise Exception("MGMT_TX_STATUS_PROCESS failed")
2589 break
2590 hapd2ap.set("ext_mgmt_frame_handling", "0")
2591 if reassocreq is None:
2592 raise Exception("No Reassociation Request frame seen")
2593 dev[0].wait_connected()
2594 dev[0].dump_monitor()
2595 hapd2ap.dump_monitor()
2596
2597 hwsim_utils.test_connectivity(dev[0], hapd2ap)
2598
2599 logger.info("Replay the last Reassociation Request frame")
2600 hapd2ap.dump_monitor()
2601 hapd2ap.set("ext_mgmt_frame_handling", "1")
2602 hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())
2603 ev = hapd2ap.wait_event(["MGMT-TX-STATUS"], timeout=5)
2604 if ev is None:
2605 raise Exception("No TX status seen")
2606 cmd = "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev.split(' ')[1:4]))
2607 if "OK" not in hapd2ap.request(cmd):
2608 raise Exception("MGMT_TX_STATUS_PROCESS failed")
2609 hapd2ap.set("ext_mgmt_frame_handling", "0")
2610
2611 try:
2612 hwsim_utils.test_connectivity(dev[0], hapd2ap)
2613 ok = True
2614 except:
2615 ok = False
2616
2617 ap = hapd2ap.own_addr()
2618 sta = dev[0].own_addr()
2619 filt = "wlan.fc.type == 2 && " + \
2620 "wlan.da == " + sta + " && " + \
2621 "wlan.sa == " + ap
2622 fields = ["wlan.ccmp.extiv"]
2623 res = run_tshark(capfile, filt, fields)
2624 vals = res.splitlines()
2625 logger.info("CCMP PN: " + str(vals))
2626 if len(vals) < 2:
2627 raise Exception("Could not find all CCMP protected frames from capture")
2628 if len(set(vals)) < len(vals):
2629 raise Exception("Duplicate CCMP PN used")
2630
2631 if not ok:
2632 raise Exception("The second hwsim connectivity test failed")
2633
2634 def test_ap_ft_psk_file(dev, apdev):
2635 """WPA2-PSK-FT AP with PSK from a file"""
2636 ssid = "test-ft"
2637 passphrase = "12345678"
2638
2639 params = ft_params1a(ssid=ssid, passphrase=passphrase)
2640 params['wpa_psk_file'] = 'hostapd.wpa_psk'
2641 hapd = hostapd.add_ap(apdev[0], params)
2642
2643 dev[1].connect(ssid, psk="very secret",
2644 key_mgmt="FT-PSK", proto="WPA2", ieee80211w="1",
2645 scan_freq="2412", wait_connect=False)
2646 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2647 ieee80211w="1", scan_freq="2412")
2648 dev[0].request("REMOVE_NETWORK all")
2649 dev[0].wait_disconnected()
2650 dev[0].connect(ssid, psk="very secret", key_mgmt="FT-PSK", proto="WPA2",
2651 ieee80211w="1", scan_freq="2412")
2652 dev[0].request("REMOVE_NETWORK all")
2653 dev[0].wait_disconnected()
2654 dev[0].connect(ssid, psk="secret passphrase",
2655 key_mgmt="FT-PSK", proto="WPA2", ieee80211w="1",
2656 scan_freq="2412")
2657 dev[2].connect(ssid, psk="another passphrase for all STAs",
2658 key_mgmt="FT-PSK", proto="WPA2", ieee80211w="1",
2659 scan_freq="2412")
2660 ev = dev[1].wait_event(["WPA: 4-Way Handshake failed"], timeout=10)
2661 if ev is None:
2662 raise Exception("Timed out while waiting for failure report")
2663 dev[1].request("REMOVE_NETWORK all")
2664
2665 def test_ap_ft_eap_ap_config_change(dev, apdev):
2666 """WPA2-EAP-FT AP changing from 802.1X-only to FT-only"""
2667 ssid = "test-ft"
2668 passphrase = "12345678"
2669 bssid = apdev[0]['bssid']
2670
2671 radius = hostapd.radius_params()
2672 params = ft_params1(ssid=ssid, passphrase=passphrase, discovery=True)
2673 params['wpa_key_mgmt'] = "WPA-EAP"
2674 params["ieee8021x"] = "1"
2675 params["pmk_r1_push"] = "0"
2676 params["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
2677 params["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
2678 params["eap_server"] = "0"
2679 params = dict(list(radius.items()) + list(params.items()))
2680 hapd = hostapd.add_ap(apdev[0], params)
2681
2682 dev[0].connect(ssid, key_mgmt="FT-EAP WPA-EAP", proto="WPA2",
2683 eap="GPSK", identity="gpsk user",
2684 password="abcdefghijklmnop0123456789abcdef",
2685 scan_freq="2412")
2686 dev[0].request("DISCONNECT")
2687 dev[0].wait_disconnected()
2688 dev[0].dump_monitor()
2689
2690 hapd.disable()
2691 hapd.set('wpa_key_mgmt', "FT-EAP")
2692 hapd.enable()
2693
2694 dev[0].request("BSS_FLUSH 0")
2695 dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
2696
2697 dev[0].request("RECONNECT")
2698 dev[0].wait_connected()
2699
2700 def test_ap_ft_eap_sha384(dev, apdev):
2701 """WPA2-EAP-FT with SHA384"""
2702 ssid = "test-ft"
2703 passphrase = "12345678"
2704
2705 radius = hostapd.radius_params()
2706 params = ft_params1(ssid=ssid, passphrase=passphrase)
2707 params["ieee80211w"] = "2"
2708 params['wpa_key_mgmt'] = "FT-EAP-SHA384"
2709 params["ieee8021x"] = "1"
2710 params = dict(list(radius.items()) + list(params.items()))
2711 hapd0 = hostapd.add_ap(apdev[0], params)
2712 params = ft_params2(ssid=ssid, passphrase=passphrase)
2713 params["ieee80211w"] = "2"
2714 params['wpa_key_mgmt'] = "FT-EAP-SHA384"
2715 params["ieee8021x"] = "1"
2716 params = dict(list(radius.items()) + list(params.items()))
2717 hapd1 = hostapd.add_ap(apdev[1], params)
2718
2719 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, eap=True,
2720 sha384=True)
2721
2722 def test_ap_ft_eap_sha384_reassoc(dev, apdev):
2723 """WPA2-EAP-FT with SHA384 using REASSOCIATE"""
2724 ssid = "test-ft"
2725 passphrase = "12345678"
2726
2727 radius = hostapd.radius_params()
2728 params = ft_params1(ssid=ssid, passphrase=passphrase)
2729 params["ieee80211w"] = "2"
2730 params['wpa_key_mgmt'] = "WPA-EAP-SUITE-B-192 FT-EAP-SHA384"
2731 params["ieee8021x"] = "1"
2732 params = dict(list(radius.items()) + list(params.items()))
2733 hapd0 = hostapd.add_ap(apdev[0], params)
2734 params = ft_params2(ssid=ssid, passphrase=passphrase)
2735 params["ieee80211w"] = "2"
2736 params['wpa_key_mgmt'] = "WPA-EAP-SUITE-B-192 FT-EAP-SHA384"
2737 params["ieee8021x"] = "1"
2738 params = dict(list(radius.items()) + list(params.items()))
2739 hapd1 = hostapd.add_ap(apdev[1], params)
2740
2741 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, eap=True,
2742 sha384=True, also_non_ft=True, roam_with_reassoc=True)
2743
2744 def test_ap_ft_eap_sha384_over_ds(dev, apdev):
2745 """WPA2-EAP-FT with SHA384 over DS"""
2746 ssid = "test-ft"
2747 passphrase = "12345678"
2748
2749 radius = hostapd.radius_params()
2750 params = ft_params1(ssid=ssid, passphrase=passphrase)
2751 params["ieee80211w"] = "2"
2752 params['wpa_key_mgmt'] = "FT-EAP-SHA384"
2753 params["ieee8021x"] = "1"
2754 params = dict(list(radius.items()) + list(params.items()))
2755 hapd0 = hostapd.add_ap(apdev[0], params)
2756 params = ft_params2(ssid=ssid, passphrase=passphrase)
2757 params["ieee80211w"] = "2"
2758 params['wpa_key_mgmt'] = "FT-EAP-SHA384"
2759 params["ieee8021x"] = "1"
2760 params = dict(list(radius.items()) + list(params.items()))
2761 hapd1 = hostapd.add_ap(apdev[1], params)
2762
2763 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
2764 eap=True, sha384=True)
2765
2766 def test_ap_ft_roam_rrm(dev, apdev):
2767 """WPA2-PSK-FT AP and radio measurement request"""
2768 ssid = "test-ft"
2769 passphrase = "12345678"
2770
2771 params = ft_params1(ssid=ssid, passphrase=passphrase)
2772 params["rrm_beacon_report"] = "1"
2773 hapd0 = hostapd.add_ap(apdev[0], params)
2774 bssid0 = hapd0.own_addr()
2775
2776 addr = dev[0].own_addr()
2777 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2778 scan_freq="2412")
2779 check_beacon_req(hapd0, addr, 1)
2780
2781 params = ft_params2(ssid=ssid, passphrase=passphrase)
2782 params["rrm_beacon_report"] = "1"
2783 hapd1 = hostapd.add_ap(apdev[1], params)
2784 bssid1 = hapd1.own_addr()
2785
2786 dev[0].scan_for_bss(bssid1, freq=2412)
2787 dev[0].roam(bssid1)
2788 check_beacon_req(hapd1, addr, 2)
2789
2790 dev[0].scan_for_bss(bssid0, freq=2412)
2791 dev[0].roam(bssid0)
2792 check_beacon_req(hapd0, addr, 3)
Unnamed repository; edit this file 'description' to name the repository.