1 # Fast BSS Transition tests
2 # Copyright (c) 2013-2019, Jouni Malinen <j@w1.fi>
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
7 from remotehost
import remote_compatible
12 logger
= logging
.getLogger()
18 from hwsim
import HWSimRadio
20 from tshark
import run_tshark
21 from utils
import HwsimSkip
, alloc_fail
, fail_test
, wait_fail_trigger
, skip_with_fips
, parse_ie
22 from wlantest
import Wlantest
23 from test_ap_psk
import check_mib
, find_wpas_process
, read_process_memory
, verify_not_present
, get_key_locations
24 from test_rrm
import check_beacon_req
28 "wpa_key_mgmt": "FT-PSK",
29 "rsn_pairwise": "CCMP"}
34 "wpa_key_mgmt": "WPA-PSK FT-PSK",
35 "wpa_pairwise": "TKIP",
36 "rsn_pairwise": "CCMP"}
39 def ft_params(rsn
=True, ssid
=None, passphrase
=None):
41 params
= ft_base_rsn()
43 params
= ft_base_mixed()
47 params
["wpa_passphrase"] = passphrase
49 params
["mobility_domain"] = "a1b2"
50 params
["r0_key_lifetime"] = "10000"
51 params
["pmk_r1_push"] = "1"
52 params
["reassociation_deadline"] = "1000"
55 def ft_params1a(rsn
=True, ssid
=None, passphrase
=None):
56 params
= ft_params(rsn
, ssid
, passphrase
)
57 params
['nas_identifier'] = "nas1.w1.fi"
58 params
['r1_key_holder'] = "000102030405"
61 def ft_params1(rsn
=True, ssid
=None, passphrase
=None, discovery
=False):
62 params
= ft_params1a(rsn
, ssid
, passphrase
)
64 params
['r0kh'] = "ff:ff:ff:ff:ff:ff * 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
65 params
['r1kh'] = "00:00:00:00:00:00 00:00:00:00:00:00 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
67 params
['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f",
68 "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"]
69 params
['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f"
72 def ft_params1_old_key(rsn
=True, ssid
=None, passphrase
=None):
73 params
= ft_params1a(rsn
, ssid
, passphrase
)
74 params
['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f",
75 "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f"]
76 params
['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f"
79 def ft_params2a(rsn
=True, ssid
=None, passphrase
=None):
80 params
= ft_params(rsn
, ssid
, passphrase
)
81 params
['nas_identifier'] = "nas2.w1.fi"
82 params
['r1_key_holder'] = "000102030406"
85 def ft_params2(rsn
=True, ssid
=None, passphrase
=None, discovery
=False):
86 params
= ft_params2a(rsn
, ssid
, passphrase
)
88 params
['r0kh'] = "ff:ff:ff:ff:ff:ff * 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
89 params
['r1kh'] = "00:00:00:00:00:00 00:00:00:00:00:00 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
91 params
['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f",
92 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f"]
93 params
['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"
96 def ft_params2_old_key(rsn
=True, ssid
=None, passphrase
=None):
97 params
= ft_params2a(rsn
, ssid
, passphrase
)
98 params
['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f",
99 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f"]
100 params
['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f"
103 def ft_params1_r0kh_mismatch(rsn
=True, ssid
=None, passphrase
=None):
104 params
= ft_params(rsn
, ssid
, passphrase
)
105 params
['nas_identifier'] = "nas1.w1.fi"
106 params
['r1_key_holder'] = "000102030405"
107 params
['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f",
108 "12:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"]
109 params
['r1kh'] = "12:00:00:00:04:00 10:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f"
112 def ft_params2_incorrect_rrb_key(rsn
=True, ssid
=None, passphrase
=None):
113 params
= ft_params(rsn
, ssid
, passphrase
)
114 params
['nas_identifier'] = "nas2.w1.fi"
115 params
['r1_key_holder'] = "000102030406"
116 params
['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0ef1200102030405060708090a0b0c0d0ef1",
117 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0ef2000102030405060708090a0b0c0d0ef2"]
118 params
['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0ef3300102030405060708090a0b0c0d0ef3"
121 def ft_params2_r0kh_mismatch(rsn
=True, ssid
=None, passphrase
=None):
122 params
= ft_params(rsn
, ssid
, passphrase
)
123 params
['nas_identifier'] = "nas2.w1.fi"
124 params
['r1_key_holder'] = "000102030406"
125 params
['r0kh'] = ["12:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f",
126 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f"]
127 params
['r1kh'] = "12:00:00:00:03:00 10:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"
130 def run_roams(dev
, apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=False,
131 sae
=False, eap
=False, fail_test
=False, roams
=1,
132 pairwise_cipher
="CCMP", group_cipher
="TKIP CCMP", ptk_rekey
="0",
133 test_connectivity
=True, eap_identity
="gpsk user", conndev
=False,
134 force_initial_conn_to_first_ap
=False, sha384
=False,
135 group_mgmt
=None, ocv
=None, sae_password
=None,
136 sae_password_id
=None, sae_and_psk
=False, pmksa_caching
=False,
137 roam_with_reassoc
=False, also_non_ft
=False):
138 logger
.info("Connect to first AP")
141 copts
["proto"] = "WPA2"
142 copts
["ieee80211w"] = "1"
143 copts
["scan_freq"] = "2412"
144 copts
["pairwise"] = pairwise_cipher
145 copts
["group"] = group_cipher
146 copts
["wpa_ptk_rekey"] = ptk_rekey
148 copts
["group_mgmt"] = group_mgmt
153 copts
["key_mgmt"] = "WPA-EAP-SUITE-B-192 FT-EAP-SHA384" if sha384
else "WPA-EAP FT-EAP"
155 copts
["key_mgmt"] = "FT-EAP-SHA384" if sha384
else "FT-EAP"
156 copts
["eap"] = "GPSK"
157 copts
["identity"] = eap_identity
158 copts
["password"] = "abcdefghijklmnop0123456789abcdef"
161 copts
["key_mgmt"] = "SAE FT-SAE" if sae_and_psk
else "FT-SAE"
163 copts
["key_mgmt"] = "FT-PSK"
165 copts
["psk"] = passphrase
167 copts
["sae_password"] = sae_password
169 copts
["sae_password_id"] = sae_password_id
170 if force_initial_conn_to_first_ap
:
171 copts
["bssid"] = apdev
[0]['bssid']
172 netw
= dev
.connect(ssid
, **copts
)
174 dev
.request("DISCONNECT")
175 dev
.wait_disconnected()
176 dev
.request("RECONNECT")
177 ev
= dev
.wait_event(["CTRL-EVENT-CONNECTED", "CTRL-EVENT-DISCONNECTED"],
180 raise Exception("Reconnect timed out")
181 if "CTRL-EVENT-DISCONNECTED" in ev
:
182 raise Exception("Unexpected disconnection after RECONNECT")
184 if dev
.get_status_field('bssid') == apdev
[0]['bssid']:
194 if test_connectivity
:
196 hwsim_utils
.test_connectivity_iface(dev
, hapd1ap
, conndev
)
198 hwsim_utils
.test_connectivity(dev
, hapd1ap
)
200 dev
.scan_for_bss(ap2
['bssid'], freq
="2412")
202 for i
in range(0, roams
):
203 # Roaming artificially fast can make data test fail because the key is
206 logger
.info("Roam to the second AP")
207 if roam_with_reassoc
:
208 dev
.set_network(netw
, "bssid", ap2
['bssid'])
209 dev
.request("REASSOCIATE")
212 dev
.roam_over_ds(ap2
['bssid'], fail_test
=fail_test
)
214 dev
.roam(ap2
['bssid'], fail_test
=fail_test
)
217 if dev
.get_status_field('bssid') != ap2
['bssid']:
218 raise Exception("Did not connect to correct AP")
219 if (i
== 0 or i
== roams
- 1) and test_connectivity
:
221 hwsim_utils
.test_connectivity_iface(dev
, hapd2ap
, conndev
)
223 hwsim_utils
.test_connectivity(dev
, hapd2ap
)
225 # Roaming artificially fast can make data test fail because the key is
228 logger
.info("Roam back to the first AP")
229 if roam_with_reassoc
:
230 dev
.set_network(netw
, "bssid", ap1
['bssid'])
231 dev
.request("REASSOCIATE")
234 dev
.roam_over_ds(ap1
['bssid'])
236 dev
.roam(ap1
['bssid'])
237 if dev
.get_status_field('bssid') != ap1
['bssid']:
238 raise Exception("Did not connect to correct AP")
239 if (i
== 0 or i
== roams
- 1) and test_connectivity
:
241 hwsim_utils
.test_connectivity_iface(dev
, hapd1ap
, conndev
)
243 hwsim_utils
.test_connectivity(dev
, hapd1ap
)
245 def test_ap_ft(dev
, apdev
):
248 passphrase
= "12345678"
250 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
251 hapd0
= hostapd
.add_ap(apdev
[0], params
)
252 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
253 hapd1
= hostapd
.add_ap(apdev
[1], params
)
255 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
256 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
257 raise Exception("Scan results missing RSN element info")
259 def test_ap_ft_old_key(dev
, apdev
):
260 """WPA2-PSK-FT AP (old key)"""
262 passphrase
= "12345678"
264 params
= ft_params1_old_key(ssid
=ssid
, passphrase
=passphrase
)
265 hapd0
= hostapd
.add_ap(apdev
[0], params
)
266 params
= ft_params2_old_key(ssid
=ssid
, passphrase
=passphrase
)
267 hapd1
= hostapd
.add_ap(apdev
[1], params
)
269 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
271 def test_ap_ft_multi_akm(dev
, apdev
):
272 """WPA2-PSK-FT AP with non-FT AKMs enabled"""
274 passphrase
= "12345678"
276 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
277 params
["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256"
278 hapd0
= hostapd
.add_ap(apdev
[0], params
)
279 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
280 params
["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256"
281 hapd1
= hostapd
.add_ap(apdev
[1], params
)
283 Wlantest
.setup(hapd0
)
286 wt
.add_passphrase(passphrase
)
288 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
289 if "[WPA2-PSK+FT/PSK+PSK-SHA256-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
290 raise Exception("Scan results missing RSN element info")
291 dev
[1].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
292 dev
[2].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK-SHA256",
295 def test_ap_ft_local_key_gen(dev
, apdev
):
296 """WPA2-PSK-FT AP with local key generation (without pull/push)"""
298 passphrase
= "12345678"
300 params
= ft_params1a(ssid
=ssid
, passphrase
=passphrase
)
301 params
['ft_psk_generate_local'] = "1"
302 del params
['pmk_r1_push']
303 hapd0
= hostapd
.add_ap(apdev
[0], params
)
304 params
= ft_params2a(ssid
=ssid
, passphrase
=passphrase
)
305 params
['ft_psk_generate_local'] = "1"
306 del params
['pmk_r1_push']
307 hapd1
= hostapd
.add_ap(apdev
[1], params
)
309 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
310 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
311 raise Exception("Scan results missing RSN element info")
313 def test_ap_ft_vlan(dev
, apdev
):
314 """WPA2-PSK-FT AP with VLAN"""
316 passphrase
= "12345678"
318 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
319 params
['dynamic_vlan'] = "1"
320 params
['accept_mac_file'] = "hostapd.accept"
321 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
323 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
324 params
['dynamic_vlan'] = "1"
325 params
['accept_mac_file'] = "hostapd.accept"
326 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
328 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, conndev
="brvlan1")
329 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
330 raise Exception("Scan results missing RSN element info")
332 def test_ap_ft_vlan_disconnected(dev
, apdev
):
333 """WPA2-PSK-FT AP with VLAN and local key generation"""
335 passphrase
= "12345678"
337 params
= ft_params1a(ssid
=ssid
, passphrase
=passphrase
)
338 params
['dynamic_vlan'] = "1"
339 params
['accept_mac_file'] = "hostapd.accept"
340 params
['ft_psk_generate_local'] = "1"
341 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
343 params
= ft_params2a(ssid
=ssid
, passphrase
=passphrase
)
344 params
['dynamic_vlan'] = "1"
345 params
['accept_mac_file'] = "hostapd.accept"
346 params
['ft_psk_generate_local'] = "1"
347 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
349 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, conndev
="brvlan1")
350 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
351 raise Exception("Scan results missing RSN element info")
353 def test_ap_ft_vlan_2(dev
, apdev
):
354 """WPA2-PSK-FT AP with VLAN and dest-AP does not have VLAN info locally"""
356 passphrase
= "12345678"
358 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
359 params
['dynamic_vlan'] = "1"
360 params
['accept_mac_file'] = "hostapd.accept"
361 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
363 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
364 params
['dynamic_vlan'] = "1"
365 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
367 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, conndev
="brvlan1",
368 force_initial_conn_to_first_ap
=True)
369 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
370 raise Exception("Scan results missing RSN element info")
372 def test_ap_ft_many(dev
, apdev
):
373 """WPA2-PSK-FT AP multiple times"""
375 passphrase
= "12345678"
377 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
378 hapd0
= hostapd
.add_ap(apdev
[0], params
)
379 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
380 hapd1
= hostapd
.add_ap(apdev
[1], params
)
382 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, roams
=50)
384 def test_ap_ft_many_vlan(dev
, apdev
):
385 """WPA2-PSK-FT AP with VLAN multiple times"""
387 passphrase
= "12345678"
389 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
390 params
['dynamic_vlan'] = "1"
391 params
['accept_mac_file'] = "hostapd.accept"
392 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
394 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
395 params
['dynamic_vlan'] = "1"
396 params
['accept_mac_file'] = "hostapd.accept"
397 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
399 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, roams
=50,
402 def test_ap_ft_mixed(dev
, apdev
):
403 """WPA2-PSK-FT mixed-mode AP"""
404 ssid
= "test-ft-mixed"
405 passphrase
= "12345678"
407 params
= ft_params1(rsn
=False, ssid
=ssid
, passphrase
=passphrase
)
408 hapd
= hostapd
.add_ap(apdev
[0], params
)
409 key_mgmt
= hapd
.get_config()['key_mgmt']
410 vals
= key_mgmt
.split(' ')
411 if vals
[0] != "WPA-PSK" or vals
[1] != "FT-PSK":
412 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
413 params
= ft_params2(rsn
=False, ssid
=ssid
, passphrase
=passphrase
)
414 hapd1
= hostapd
.add_ap(apdev
[1], params
)
416 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
)
418 def test_ap_ft_pmf(dev
, apdev
):
419 """WPA2-PSK-FT AP with PMF"""
421 passphrase
= "12345678"
423 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
424 params
["ieee80211w"] = "2"
425 hapd0
= hostapd
.add_ap(apdev
[0], params
)
426 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
427 params
["ieee80211w"] = "2"
428 hapd1
= hostapd
.add_ap(apdev
[1], params
)
430 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
432 def test_ap_ft_pmf_bip_cmac_128(dev
, apdev
):
433 """WPA2-PSK-FT AP with PMF/BIP-CMAC-128"""
434 run_ap_ft_pmf_bip(dev
, apdev
, "AES-128-CMAC")
436 def test_ap_ft_pmf_bip_gmac_128(dev
, apdev
):
437 """WPA2-PSK-FT AP with PMF/BIP-GMAC-128"""
438 run_ap_ft_pmf_bip(dev
, apdev
, "BIP-GMAC-128")
440 def test_ap_ft_pmf_bip_gmac_256(dev
, apdev
):
441 """WPA2-PSK-FT AP with PMF/BIP-GMAC-256"""
442 run_ap_ft_pmf_bip(dev
, apdev
, "BIP-GMAC-256")
444 def test_ap_ft_pmf_bip_cmac_256(dev
, apdev
):
445 """WPA2-PSK-FT AP with PMF/BIP-CMAC-256"""
446 run_ap_ft_pmf_bip(dev
, apdev
, "BIP-CMAC-256")
448 def run_ap_ft_pmf_bip(dev
, apdev
, cipher
):
449 if cipher
not in dev
[0].get_capability("group_mgmt"):
450 raise HwsimSkip("Cipher %s not supported" % cipher
)
453 passphrase
= "12345678"
455 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
456 params
["ieee80211w"] = "2"
457 params
["group_mgmt_cipher"] = cipher
458 hapd0
= hostapd
.add_ap(apdev
[0], params
)
459 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
460 params
["ieee80211w"] = "2"
461 params
["group_mgmt_cipher"] = cipher
462 hapd1
= hostapd
.add_ap(apdev
[1], params
)
464 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
,
467 def test_ap_ft_ocv(dev
, apdev
):
468 """WPA2-PSK-FT AP with OCV"""
470 passphrase
= "12345678"
472 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
473 params
["ieee80211w"] = "2"
476 hapd0
= hostapd
.add_ap(apdev
[0], params
)
477 except Exception as e
:
478 if "Failed to set hostapd parameter ocv" in str(e
):
479 raise HwsimSkip("OCV not supported")
481 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
482 params
["ieee80211w"] = "2"
484 hapd1
= hostapd
.add_ap(apdev
[1], params
)
486 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, ocv
="1")
488 def test_ap_ft_over_ds(dev
, apdev
):
489 """WPA2-PSK-FT AP over DS"""
491 passphrase
= "12345678"
493 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
494 hapd0
= hostapd
.add_ap(apdev
[0], params
)
495 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
496 hapd1
= hostapd
.add_ap(apdev
[1], params
)
498 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
499 check_mib(dev
[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"),
500 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4")])
502 def cleanup_ap_ft_separate_hostapd():
503 subprocess
.call(["brctl", "delif", "br0ft", "veth0"],
504 stderr
=open('/dev/null', 'w'))
505 subprocess
.call(["brctl", "delif", "br1ft", "veth1"],
506 stderr
=open('/dev/null', 'w'))
507 subprocess
.call(["ip", "link", "del", "veth0"],
508 stderr
=open('/dev/null', 'w'))
509 subprocess
.call(["ip", "link", "del", "veth1"],
510 stderr
=open('/dev/null', 'w'))
511 for ifname
in ['br0ft', 'br1ft', 'br-ft']:
512 subprocess
.call(['ip', 'link', 'set', 'dev', ifname
, 'down'],
513 stderr
=open('/dev/null', 'w'))
514 subprocess
.call(['brctl', 'delbr', ifname
],
515 stderr
=open('/dev/null', 'w'))
517 def test_ap_ft_separate_hostapd(dev
, apdev
, params
):
518 """WPA2-PSK-FT AP and separate hostapd process"""
520 run_ap_ft_separate_hostapd(dev
, apdev
, params
, False)
522 cleanup_ap_ft_separate_hostapd()
524 def test_ap_ft_over_ds_separate_hostapd(dev
, apdev
, params
):
525 """WPA2-PSK-FT AP over DS and separate hostapd process"""
527 run_ap_ft_separate_hostapd(dev
, apdev
, params
, True)
529 cleanup_ap_ft_separate_hostapd()
531 def run_ap_ft_separate_hostapd(dev
, apdev
, params
, over_ds
):
533 passphrase
= "12345678"
534 logdir
= params
['logdir']
535 pidfile
= os
.path
.join(logdir
, 'ap_ft_over_ds_separate_hostapd.pid')
536 logfile
= os
.path
.join(logdir
, 'ap_ft_over_ds_separate_hostapd.hapd')
537 global_ctrl
= '/var/run/hostapd-ft'
541 subprocess
.check_call(['brctl', 'addbr', br_ifname
])
542 subprocess
.check_call(['brctl', 'setfd', br_ifname
, '0'])
543 subprocess
.check_call(['ip', 'link', 'set', 'dev', br_ifname
, 'up'])
545 subprocess
.check_call(["ip", "link", "add", "veth0", "type", "veth",
546 "peer", "name", "veth0br"])
547 subprocess
.check_call(["ip", "link", "add", "veth1", "type", "veth",
548 "peer", "name", "veth1br"])
549 subprocess
.check_call(['ip', 'link', 'set', 'dev', 'veth0br', 'up'])
550 subprocess
.check_call(['ip', 'link', 'set', 'dev', 'veth1br', 'up'])
551 subprocess
.check_call(['brctl', 'addif', br_ifname
, 'veth0br'])
552 subprocess
.check_call(['brctl', 'addif', br_ifname
, 'veth1br'])
554 subprocess
.check_call(['brctl', 'addbr', 'br0ft'])
555 subprocess
.check_call(['brctl', 'setfd', 'br0ft', '0'])
556 subprocess
.check_call(['ip', 'link', 'set', 'dev', 'br0ft', 'up'])
557 subprocess
.check_call(['ip', 'link', 'set', 'dev', 'veth0', 'up'])
558 subprocess
.check_call(['brctl', 'addif', 'br0ft', 'veth0'])
559 subprocess
.check_call(['brctl', 'addbr', 'br1ft'])
560 subprocess
.check_call(['brctl', 'setfd', 'br1ft', '0'])
561 subprocess
.check_call(['ip', 'link', 'set', 'dev', 'br1ft', 'up'])
562 subprocess
.check_call(['ip', 'link', 'set', 'dev', 'veth1', 'up'])
563 subprocess
.check_call(['brctl', 'addif', 'br1ft', 'veth1'])
564 except subprocess
.CalledProcessError
:
565 raise HwsimSkip("Bridge or veth not supported (kernel CONFIG_VETH)")
567 with
HWSimRadio() as (radio
, iface
):
568 prg
= os
.path
.join(logdir
, 'alt-hostapd/hostapd/hostapd')
569 if not os
.path
.exists(prg
):
570 prg
= '../../hostapd/hostapd'
571 cmd
= [prg
, '-B', '-ddKt',
572 '-P', pidfile
, '-f', logfile
, '-g', global_ctrl
]
573 subprocess
.check_call(cmd
)
575 hglobal
= hostapd
.HostapdGlobal(global_ctrl_override
=global_ctrl
)
576 apdev_ft
= {'ifname': iface
}
577 apdev2
= [apdev_ft
, apdev
[1]]
579 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
580 params
["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
581 params
["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
582 params
['bridge'] = 'br0ft'
583 hapd0
= hostapd
.add_ap(apdev2
[0], params
,
584 global_ctrl_override
=global_ctrl
)
585 apdev2
[0]['bssid'] = hapd0
.own_addr()
586 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
587 params
["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
588 params
["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
589 params
['bridge'] = 'br1ft'
590 hapd1
= hostapd
.add_ap(apdev2
[1], params
)
592 run_roams(dev
[0], apdev2
, hapd0
, hapd1
, ssid
, passphrase
,
593 over_ds
=over_ds
, test_connectivity
=False)
597 if os
.path
.exists(pidfile
):
598 with
open(pidfile
, 'r') as f
:
601 os
.kill(pid
, signal
.SIGTERM
)
603 def test_ap_ft_over_ds_ocv(dev
, apdev
):
604 """WPA2-PSK-FT AP over DS"""
606 passphrase
= "12345678"
608 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
609 params
["ieee80211w"] = "2"
612 hapd0
= hostapd
.add_ap(apdev
[0], params
)
613 except Exception as e
:
614 if "Failed to set hostapd parameter ocv" in str(e
):
615 raise HwsimSkip("OCV not supported")
617 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
618 params
["ieee80211w"] = "2"
620 hapd1
= hostapd
.add_ap(apdev
[1], params
)
622 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
625 def test_ap_ft_over_ds_disabled(dev
, apdev
):
626 """WPA2-PSK-FT AP over DS disabled"""
628 passphrase
= "12345678"
630 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
631 params
['ft_over_ds'] = '0'
632 hapd0
= hostapd
.add_ap(apdev
[0], params
)
633 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
634 params
['ft_over_ds'] = '0'
635 hapd1
= hostapd
.add_ap(apdev
[1], params
)
637 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
640 def test_ap_ft_vlan_over_ds(dev
, apdev
):
641 """WPA2-PSK-FT AP over DS with VLAN"""
643 passphrase
= "12345678"
645 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
646 params
['dynamic_vlan'] = "1"
647 params
['accept_mac_file'] = "hostapd.accept"
648 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
649 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
650 params
['dynamic_vlan'] = "1"
651 params
['accept_mac_file'] = "hostapd.accept"
652 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
654 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
656 check_mib(dev
[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"),
657 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4")])
659 def test_ap_ft_over_ds_many(dev
, apdev
):
660 """WPA2-PSK-FT AP over DS multiple times"""
662 passphrase
= "12345678"
664 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
665 hapd0
= hostapd
.add_ap(apdev
[0], params
)
666 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
667 hapd1
= hostapd
.add_ap(apdev
[1], params
)
669 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
672 def test_ap_ft_vlan_over_ds_many(dev
, apdev
):
673 """WPA2-PSK-FT AP over DS with VLAN multiple times"""
675 passphrase
= "12345678"
677 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
678 params
['dynamic_vlan'] = "1"
679 params
['accept_mac_file'] = "hostapd.accept"
680 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
681 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
682 params
['dynamic_vlan'] = "1"
683 params
['accept_mac_file'] = "hostapd.accept"
684 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
686 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
687 roams
=50, conndev
="brvlan1")
690 def test_ap_ft_over_ds_unknown_target(dev
, apdev
):
693 passphrase
= "12345678"
695 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
696 hapd0
= hostapd
.add_ap(apdev
[0], params
)
698 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
700 dev
[0].roam_over_ds("02:11:22:33:44:55", fail_test
=True)
703 def test_ap_ft_over_ds_unexpected(dev
, apdev
):
704 """WPA2-PSK-FT AP over DS and unexpected response"""
706 passphrase
= "12345678"
708 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
709 hapd0
= hostapd
.add_ap(apdev
[0], params
)
710 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
711 hapd1
= hostapd
.add_ap(apdev
[1], params
)
713 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
715 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
726 addr
= dev
[0].own_addr()
727 hapd1ap
.set("ext_mgmt_frame_handling", "1")
728 logger
.info("Foreign STA address")
732 msg
['sa'] = ap1
['bssid']
733 msg
['bssid'] = ap1
['bssid']
734 msg
['payload'] = binascii
.unhexlify("06021122334455660102030405060000")
737 logger
.info("No over-the-DS in progress")
738 msg
['payload'] = binascii
.unhexlify("0602" + addr
.replace(':', '') + "0102030405060000")
741 logger
.info("Non-zero status code")
742 msg
['payload'] = binascii
.unhexlify("0602" + addr
.replace(':', '') + "0102030405060100")
745 hapd1ap
.dump_monitor()
747 dev
[0].scan_for_bss(ap2
['bssid'], freq
="2412")
748 if "OK" not in dev
[0].request("FT_DS " + ap2
['bssid']):
749 raise Exception("FT_DS failed")
751 req
= hapd1ap
.mgmt_rx()
753 logger
.info("Foreign Target AP")
754 msg
['payload'] = binascii
.unhexlify("0602" + addr
.replace(':', '') + "0102030405060000")
757 addrs
= addr
.replace(':', '') + ap2
['bssid'].replace(':', '')
759 logger
.info("No IEs")
760 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "0000")
763 logger
.info("Invalid IEs (trigger parsing failure)")
764 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003700")
767 logger
.info("Too short MDIE")
768 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "000036021122")
771 logger
.info("Mobility domain mismatch")
772 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603112201")
775 logger
.info("No FTIE")
776 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201")
779 logger
.info("FTIE SNonce mismatch")
780 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "1000000000000000000000000000000000000000000000000000000000000001" + "030a6e6173322e77312e6669")
783 logger
.info("No R0KH-ID subelem in FTIE")
784 snonce
= binascii
.hexlify(req
['payload'][111:111+32]).decode()
785 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b20137520000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
)
788 logger
.info("No R0KH-ID subelem mismatch in FTIE")
789 snonce
= binascii
.hexlify(req
['payload'][111:111+32]).decode()
790 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
+ "030a11223344556677889900")
793 logger
.info("No R1KH-ID subelem in FTIE")
794 r0khid
= binascii
.hexlify(req
['payload'][145:145+10]).decode()
795 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
+ "030a" + r0khid
)
798 logger
.info("No RSNE")
799 r0khid
= binascii
.hexlify(req
['payload'][145:145+10]).decode()
800 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b20137660000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
+ "030a" + r0khid
+ "0106000102030405")
803 def test_ap_ft_pmf_over_ds(dev
, apdev
):
804 """WPA2-PSK-FT AP over DS with PMF"""
805 run_ap_ft_pmf_bip_over_ds(dev
, apdev
, None)
807 def test_ap_ft_pmf_bip_cmac_128_over_ds(dev
, apdev
):
808 """WPA2-PSK-FT AP over DS with PMF/BIP-CMAC-128"""
809 run_ap_ft_pmf_bip_over_ds(dev
, apdev
, "AES-128-CMAC")
811 def test_ap_ft_pmf_bip_gmac_128_over_ds(dev
, apdev
):
812 """WPA2-PSK-FT AP over DS with PMF/BIP-GMAC-128"""
813 run_ap_ft_pmf_bip_over_ds(dev
, apdev
, "BIP-GMAC-128")
815 def test_ap_ft_pmf_bip_gmac_256_over_ds(dev
, apdev
):
816 """WPA2-PSK-FT AP over DS with PMF/BIP-GMAC-256"""
817 run_ap_ft_pmf_bip_over_ds(dev
, apdev
, "BIP-GMAC-256")
819 def test_ap_ft_pmf_bip_cmac_256_over_ds(dev
, apdev
):
820 """WPA2-PSK-FT AP over DS with PMF/BIP-CMAC-256"""
821 run_ap_ft_pmf_bip_over_ds(dev
, apdev
, "BIP-CMAC-256")
823 def run_ap_ft_pmf_bip_over_ds(dev
, apdev
, cipher
):
824 if cipher
and cipher
not in dev
[0].get_capability("group_mgmt"):
825 raise HwsimSkip("Cipher %s not supported" % cipher
)
828 passphrase
= "12345678"
830 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
831 params
["ieee80211w"] = "2"
833 params
["group_mgmt_cipher"] = cipher
834 hapd0
= hostapd
.add_ap(apdev
[0], params
)
835 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
836 params
["ieee80211w"] = "2"
838 params
["group_mgmt_cipher"] = cipher
839 hapd1
= hostapd
.add_ap(apdev
[1], params
)
841 Wlantest
.setup(hapd0
)
844 wt
.add_passphrase(passphrase
)
846 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
849 def test_ap_ft_over_ds_pull(dev
, apdev
):
850 """WPA2-PSK-FT AP over DS (pull PMK)"""
852 passphrase
= "12345678"
854 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
855 params
["pmk_r1_push"] = "0"
856 hapd0
= hostapd
.add_ap(apdev
[0], params
)
857 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
858 params
["pmk_r1_push"] = "0"
859 hapd1
= hostapd
.add_ap(apdev
[1], params
)
861 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
863 def test_ap_ft_over_ds_pull_old_key(dev
, apdev
):
864 """WPA2-PSK-FT AP over DS (pull PMK; old key)"""
866 passphrase
= "12345678"
868 params
= ft_params1_old_key(ssid
=ssid
, passphrase
=passphrase
)
869 params
["pmk_r1_push"] = "0"
870 hapd0
= hostapd
.add_ap(apdev
[0], params
)
871 params
= ft_params2_old_key(ssid
=ssid
, passphrase
=passphrase
)
872 params
["pmk_r1_push"] = "0"
873 hapd1
= hostapd
.add_ap(apdev
[1], params
)
875 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
877 def test_ap_ft_over_ds_pull_vlan(dev
, apdev
):
878 """WPA2-PSK-FT AP over DS (pull PMK) with VLAN"""
880 passphrase
= "12345678"
882 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
883 params
["pmk_r1_push"] = "0"
884 params
['dynamic_vlan'] = "1"
885 params
['accept_mac_file'] = "hostapd.accept"
886 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
887 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
888 params
["pmk_r1_push"] = "0"
889 params
['dynamic_vlan'] = "1"
890 params
['accept_mac_file'] = "hostapd.accept"
891 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
893 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
896 def test_ap_ft_sae(dev
, apdev
):
897 """WPA2-PSK-FT-SAE AP"""
898 if "SAE" not in dev
[0].get_capability("auth_alg"):
899 raise HwsimSkip("SAE not supported")
901 passphrase
= "12345678"
903 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
904 params
['wpa_key_mgmt'] = "FT-SAE"
905 hapd0
= hostapd
.add_ap(apdev
[0], params
)
906 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
907 params
['wpa_key_mgmt'] = "FT-SAE"
908 hapd
= hostapd
.add_ap(apdev
[1], params
)
909 key_mgmt
= hapd
.get_config()['key_mgmt']
910 if key_mgmt
.split(' ')[0] != "FT-SAE":
911 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
913 dev
[0].request("SET sae_groups ")
914 run_roams(dev
[0], apdev
, hapd0
, hapd
, ssid
, passphrase
, sae
=True)
916 def test_ap_ft_sae_over_ds(dev
, apdev
):
917 """WPA2-PSK-FT-SAE AP over DS"""
918 if "SAE" not in dev
[0].get_capability("auth_alg"):
919 raise HwsimSkip("SAE not supported")
921 passphrase
= "12345678"
923 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
924 params
['wpa_key_mgmt'] = "FT-SAE"
925 hapd0
= hostapd
.add_ap(apdev
[0], params
)
926 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
927 params
['wpa_key_mgmt'] = "FT-SAE"
928 hapd1
= hostapd
.add_ap(apdev
[1], params
)
930 dev
[0].request("SET sae_groups ")
931 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, sae
=True,
934 def test_ap_ft_sae_pw_id(dev
, apdev
):
935 """FT-SAE with Password Identifier"""
936 if "SAE" not in dev
[0].get_capability("auth_alg"):
937 raise HwsimSkip("SAE not supported")
940 params
= ft_params1(ssid
=ssid
)
941 params
["ieee80211w"] = "2"
942 params
['wpa_key_mgmt'] = "FT-SAE"
943 params
['sae_password'] = 'secret|id=pwid'
944 hapd0
= hostapd
.add_ap(apdev
[0], params
)
945 params
= ft_params2(ssid
=ssid
)
946 params
["ieee80211w"] = "2"
947 params
['wpa_key_mgmt'] = "FT-SAE"
948 params
['sae_password'] = 'secret|id=pwid'
949 hapd
= hostapd
.add_ap(apdev
[1], params
)
951 dev
[0].request("SET sae_groups ")
952 run_roams(dev
[0], apdev
, hapd0
, hapd
, ssid
, passphrase
=None, sae
=True,
953 sae_password
="secret", sae_password_id
="pwid")
955 def test_ap_ft_sae_with_both_akms(dev
, apdev
):
956 """SAE + FT-SAE configuration"""
957 if "SAE" not in dev
[0].get_capability("auth_alg"):
958 raise HwsimSkip("SAE not supported")
960 passphrase
= "12345678"
962 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
963 params
['wpa_key_mgmt'] = "FT-SAE SAE"
964 hapd0
= hostapd
.add_ap(apdev
[0], params
)
965 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
966 params
['wpa_key_mgmt'] = "FT-SAE SAE"
967 hapd
= hostapd
.add_ap(apdev
[1], params
)
968 key_mgmt
= hapd
.get_config()['key_mgmt']
969 if key_mgmt
.split(' ')[0] != "FT-SAE":
970 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
972 dev
[0].request("SET sae_groups ")
973 run_roams(dev
[0], apdev
, hapd0
, hapd
, ssid
, passphrase
, sae
=True,
976 def test_ap_ft_sae_pmksa_caching(dev
, apdev
):
977 """WPA2-FT-SAE AP and PMKSA caching for initial mobility domain association"""
978 if "SAE" not in dev
[0].get_capability("auth_alg"):
979 raise HwsimSkip("SAE not supported")
981 passphrase
= "12345678"
983 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
984 params
['wpa_key_mgmt'] = "FT-SAE"
985 hapd0
= hostapd
.add_ap(apdev
[0], params
)
986 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
987 params
['wpa_key_mgmt'] = "FT-SAE"
988 hapd
= hostapd
.add_ap(apdev
[1], params
)
989 key_mgmt
= hapd
.get_config()['key_mgmt']
990 if key_mgmt
.split(' ')[0] != "FT-SAE":
991 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
993 dev
[0].request("SET sae_groups ")
994 run_roams(dev
[0], apdev
, hapd0
, hapd
, ssid
, passphrase
, sae
=True,
997 def generic_ap_ft_eap(dev
, apdev
, vlan
=False, cui
=False, over_ds
=False,
998 discovery
=False, roams
=1):
1000 passphrase
= "12345678"
1002 identity
= "gpsk-vlan1"
1005 identity
= "gpsk-cui"
1008 identity
= "gpsk user"
1011 radius
= hostapd
.radius_params()
1012 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
, discovery
=discovery
)
1013 params
['wpa_key_mgmt'] = "FT-EAP"
1014 params
["ieee8021x"] = "1"
1016 params
["dynamic_vlan"] = "1"
1017 params
= dict(list(radius
.items()) + list(params
.items()))
1018 hapd
= hostapd
.add_ap(apdev
[0], params
)
1019 key_mgmt
= hapd
.get_config()['key_mgmt']
1020 if key_mgmt
.split(' ')[0] != "FT-EAP":
1021 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
1022 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
, discovery
=discovery
)
1023 params
['wpa_key_mgmt'] = "FT-EAP"
1024 params
["ieee8021x"] = "1"
1026 params
["dynamic_vlan"] = "1"
1027 params
= dict(list(radius
.items()) + list(params
.items()))
1028 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1030 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
, eap
=True,
1031 over_ds
=over_ds
, roams
=roams
, eap_identity
=identity
,
1033 if "[WPA2-FT/EAP-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
1034 raise Exception("Scan results missing RSN element info")
1035 check_mib(dev
[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-3"),
1036 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-3")])
1038 # Verify EAPOL reauthentication after FT protocol
1039 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
1043 ap
.request("EAPOL_REAUTH " + dev
[0].own_addr())
1044 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout
=5)
1046 raise Exception("EAP authentication did not start")
1047 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout
=5)
1049 raise Exception("EAP authentication did not succeed")
1052 hwsim_utils
.test_connectivity_iface(dev
[0], ap
, conndev
)
1054 hwsim_utils
.test_connectivity(dev
[0], ap
)
1056 def test_ap_ft_eap(dev
, apdev
):
1057 """WPA2-EAP-FT AP"""
1058 generic_ap_ft_eap(dev
, apdev
)
1060 def test_ap_ft_eap_cui(dev
, apdev
):
1061 """WPA2-EAP-FT AP with CUI"""
1062 generic_ap_ft_eap(dev
, apdev
, vlan
=False, cui
=True)
1064 def test_ap_ft_eap_vlan(dev
, apdev
):
1065 """WPA2-EAP-FT AP with VLAN"""
1066 generic_ap_ft_eap(dev
, apdev
, vlan
=True)
1068 def test_ap_ft_eap_vlan_multi(dev
, apdev
):
1069 """WPA2-EAP-FT AP with VLAN"""
1070 generic_ap_ft_eap(dev
, apdev
, vlan
=True, roams
=50)
1072 def test_ap_ft_eap_over_ds(dev
, apdev
):
1073 """WPA2-EAP-FT AP using over-the-DS"""
1074 generic_ap_ft_eap(dev
, apdev
, over_ds
=True)
1076 def test_ap_ft_eap_dis(dev
, apdev
):
1077 """WPA2-EAP-FT AP with AP discovery"""
1078 generic_ap_ft_eap(dev
, apdev
, discovery
=True)
1080 def test_ap_ft_eap_dis_over_ds(dev
, apdev
):
1081 """WPA2-EAP-FT AP with AP discovery and over-the-DS"""
1082 generic_ap_ft_eap(dev
, apdev
, over_ds
=True, discovery
=True)
1084 def test_ap_ft_eap_vlan(dev
, apdev
):
1085 """WPA2-EAP-FT AP with VLAN"""
1086 generic_ap_ft_eap(dev
, apdev
, vlan
=True)
1088 def test_ap_ft_eap_vlan_multi(dev
, apdev
):
1089 """WPA2-EAP-FT AP with VLAN"""
1090 generic_ap_ft_eap(dev
, apdev
, vlan
=True, roams
=50)
1092 def test_ap_ft_eap_vlan_over_ds(dev
, apdev
):
1093 """WPA2-EAP-FT AP with VLAN + over_ds"""
1094 generic_ap_ft_eap(dev
, apdev
, vlan
=True, over_ds
=True)
1096 def test_ap_ft_eap_vlan_over_ds_multi(dev
, apdev
):
1097 """WPA2-EAP-FT AP with VLAN + over_ds"""
1098 generic_ap_ft_eap(dev
, apdev
, vlan
=True, over_ds
=True, roams
=50)
1100 def generic_ap_ft_eap_pull(dev
, apdev
, vlan
=False):
1101 """WPA2-EAP-FT AP (pull PMK)"""
1103 passphrase
= "12345678"
1105 identity
= "gpsk-vlan1"
1108 identity
= "gpsk user"
1111 radius
= hostapd
.radius_params()
1112 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1113 params
['wpa_key_mgmt'] = "FT-EAP"
1114 params
["ieee8021x"] = "1"
1115 params
["pmk_r1_push"] = "0"
1117 params
["dynamic_vlan"] = "1"
1118 params
= dict(list(radius
.items()) + list(params
.items()))
1119 hapd
= hostapd
.add_ap(apdev
[0], params
)
1120 key_mgmt
= hapd
.get_config()['key_mgmt']
1121 if key_mgmt
.split(' ')[0] != "FT-EAP":
1122 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
1123 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1124 params
['wpa_key_mgmt'] = "FT-EAP"
1125 params
["ieee8021x"] = "1"
1126 params
["pmk_r1_push"] = "0"
1128 params
["dynamic_vlan"] = "1"
1129 params
= dict(list(radius
.items()) + list(params
.items()))
1130 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1132 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
, eap
=True,
1133 eap_identity
=identity
, conndev
=conndev
)
1135 def test_ap_ft_eap_pull(dev
, apdev
):
1136 """WPA2-EAP-FT AP (pull PMK)"""
1137 generic_ap_ft_eap_pull(dev
, apdev
)
1139 def test_ap_ft_eap_pull_vlan(dev
, apdev
):
1140 generic_ap_ft_eap_pull(dev
, apdev
, vlan
=True)
1142 def test_ap_ft_eap_pull_wildcard(dev
, apdev
):
1143 """WPA2-EAP-FT AP (pull PMK) - wildcard R0KH/R1KH"""
1145 passphrase
= "12345678"
1147 radius
= hostapd
.radius_params()
1148 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
, discovery
=True)
1149 params
['wpa_key_mgmt'] = "WPA-EAP FT-EAP"
1150 params
["ieee8021x"] = "1"
1151 params
["pmk_r1_push"] = "0"
1152 params
["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
1153 params
["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
1154 params
["ft_psk_generate_local"] = "1"
1155 params
["eap_server"] = "0"
1156 params
= dict(list(radius
.items()) + list(params
.items()))
1157 hapd
= hostapd
.add_ap(apdev
[0], params
)
1158 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
, discovery
=True)
1159 params
['wpa_key_mgmt'] = "WPA-EAP FT-EAP"
1160 params
["ieee8021x"] = "1"
1161 params
["pmk_r1_push"] = "0"
1162 params
["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
1163 params
["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
1164 params
["ft_psk_generate_local"] = "1"
1165 params
["eap_server"] = "0"
1166 params
= dict(list(radius
.items()) + list(params
.items()))
1167 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1169 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
, eap
=True)
1172 def test_ap_ft_mismatching_rrb_key_push(dev
, apdev
):
1173 """WPA2-PSK-FT AP over DS with mismatching RRB key (push)"""
1175 passphrase
= "12345678"
1177 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1178 params
["ieee80211w"] = "2"
1179 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1180 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
1181 params
["ieee80211w"] = "2"
1182 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1184 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1188 def test_ap_ft_mismatching_rrb_key_pull(dev
, apdev
):
1189 """WPA2-PSK-FT AP over DS with mismatching RRB key (pull)"""
1191 passphrase
= "12345678"
1193 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1194 params
["pmk_r1_push"] = "0"
1195 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1196 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
1197 params
["pmk_r1_push"] = "0"
1198 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1200 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1204 def test_ap_ft_mismatching_r0kh_id_pull(dev
, apdev
):
1205 """WPA2-PSK-FT AP over DS with mismatching R0KH-ID (pull)"""
1207 passphrase
= "12345678"
1209 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1210 params
["pmk_r1_push"] = "0"
1211 params
["nas_identifier"] = "nas0.w1.fi"
1212 hostapd
.add_ap(apdev
[0], params
)
1213 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1216 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1217 params
["pmk_r1_push"] = "0"
1218 hostapd
.add_ap(apdev
[1], params
)
1220 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
1221 dev
[0].roam_over_ds(apdev
[1]['bssid'], fail_test
=True)
1224 def test_ap_ft_mismatching_rrb_r0kh_push(dev
, apdev
):
1225 """WPA2-PSK-FT AP over DS with mismatching R0KH key (push)"""
1227 passphrase
= "12345678"
1229 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1230 params
["ieee80211w"] = "2"
1231 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1232 params
= ft_params2_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
1233 params
["ieee80211w"] = "2"
1234 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1236 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1240 def test_ap_ft_mismatching_rrb_r0kh_pull(dev
, apdev
):
1241 """WPA2-PSK-FT AP over DS with mismatching R0KH key (pull)"""
1243 passphrase
= "12345678"
1245 params
= ft_params1_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
1246 params
["pmk_r1_push"] = "0"
1247 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1248 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1249 params
["pmk_r1_push"] = "0"
1250 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1252 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1255 def test_ap_ft_mismatching_rrb_key_push_eap(dev
, apdev
):
1256 """WPA2-EAP-FT AP over DS with mismatching RRB key (push)"""
1258 passphrase
= "12345678"
1260 radius
= hostapd
.radius_params()
1261 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1262 params
["ieee80211w"] = "2"
1263 params
['wpa_key_mgmt'] = "FT-EAP"
1264 params
["ieee8021x"] = "1"
1265 params
= dict(list(radius
.items()) + list(params
.items()))
1266 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1267 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
1268 params
["ieee80211w"] = "2"
1269 params
['wpa_key_mgmt'] = "FT-EAP"
1270 params
["ieee8021x"] = "1"
1271 params
= dict(list(radius
.items()) + list(params
.items()))
1272 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1274 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1275 fail_test
=True, eap
=True)
1277 def test_ap_ft_mismatching_rrb_key_pull_eap(dev
, apdev
):
1278 """WPA2-EAP-FT AP over DS with mismatching RRB key (pull)"""
1280 passphrase
= "12345678"
1282 radius
= hostapd
.radius_params()
1283 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1284 params
["pmk_r1_push"] = "0"
1285 params
['wpa_key_mgmt'] = "FT-EAP"
1286 params
["ieee8021x"] = "1"
1287 params
= dict(list(radius
.items()) + list(params
.items()))
1288 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1289 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
1290 params
["pmk_r1_push"] = "0"
1291 params
['wpa_key_mgmt'] = "FT-EAP"
1292 params
["ieee8021x"] = "1"
1293 params
= dict(list(radius
.items()) + list(params
.items()))
1294 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1296 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1297 fail_test
=True, eap
=True)
1299 def test_ap_ft_mismatching_r0kh_id_pull_eap(dev
, apdev
):
1300 """WPA2-EAP-FT AP over DS with mismatching R0KH-ID (pull)"""
1302 passphrase
= "12345678"
1304 radius
= hostapd
.radius_params()
1305 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1306 params
["pmk_r1_push"] = "0"
1307 params
["nas_identifier"] = "nas0.w1.fi"
1308 params
['wpa_key_mgmt'] = "FT-EAP"
1309 params
["ieee8021x"] = "1"
1310 params
= dict(list(radius
.items()) + list(params
.items()))
1311 hostapd
.add_ap(apdev
[0], params
)
1312 dev
[0].connect(ssid
, key_mgmt
="FT-EAP", proto
="WPA2", ieee80211w
="1",
1313 eap
="GPSK", identity
="gpsk user",
1314 password
="abcdefghijklmnop0123456789abcdef",
1317 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1318 params
["pmk_r1_push"] = "0"
1319 params
['wpa_key_mgmt'] = "FT-EAP"
1320 params
["ieee8021x"] = "1"
1321 params
= dict(list(radius
.items()) + list(params
.items()))
1322 hostapd
.add_ap(apdev
[1], params
)
1324 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
1325 dev
[0].roam_over_ds(apdev
[1]['bssid'], fail_test
=True)
1327 def test_ap_ft_mismatching_rrb_r0kh_push_eap(dev
, apdev
):
1328 """WPA2-EAP-FT AP over DS with mismatching R0KH key (push)"""
1330 passphrase
= "12345678"
1332 radius
= hostapd
.radius_params()
1333 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1334 params
["ieee80211w"] = "2"
1335 params
['wpa_key_mgmt'] = "FT-EAP"
1336 params
["ieee8021x"] = "1"
1337 params
= dict(list(radius
.items()) + list(params
.items()))
1338 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1339 params
= ft_params2_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
1340 params
["ieee80211w"] = "2"
1341 params
['wpa_key_mgmt'] = "FT-EAP"
1342 params
["ieee8021x"] = "1"
1343 params
= dict(list(radius
.items()) + list(params
.items()))
1344 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1346 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1347 fail_test
=True, eap
=True)
1349 def test_ap_ft_mismatching_rrb_r0kh_pull_eap(dev
, apdev
):
1350 """WPA2-EAP-FT AP over DS with mismatching R0KH key (pull)"""
1352 passphrase
= "12345678"
1354 radius
= hostapd
.radius_params()
1355 params
= ft_params1_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
1356 params
["pmk_r1_push"] = "0"
1357 params
['wpa_key_mgmt'] = "FT-EAP"
1358 params
["ieee8021x"] = "1"
1359 params
= dict(list(radius
.items()) + list(params
.items()))
1360 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1361 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1362 params
["pmk_r1_push"] = "0"
1363 params
['wpa_key_mgmt'] = "FT-EAP"
1364 params
["ieee8021x"] = "1"
1365 params
= dict(list(radius
.items()) + list(params
.items()))
1366 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1368 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1369 fail_test
=True, eap
=True)
1371 def test_ap_ft_gtk_rekey(dev
, apdev
):
1372 """WPA2-PSK-FT AP and GTK rekey"""
1374 passphrase
= "12345678"
1376 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1377 params
['wpa_group_rekey'] = '1'
1378 hapd
= hostapd
.add_ap(apdev
[0], params
)
1380 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1381 ieee80211w
="1", scan_freq
="2412")
1383 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
1385 raise Exception("GTK rekey timed out after initial association")
1386 hwsim_utils
.test_connectivity(dev
[0], hapd
)
1388 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1389 params
['wpa_group_rekey'] = '1'
1390 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1392 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
1393 dev
[0].roam(apdev
[1]['bssid'])
1394 if dev
[0].get_status_field('bssid') != apdev
[1]['bssid']:
1395 raise Exception("Did not connect to correct AP")
1396 hwsim_utils
.test_connectivity(dev
[0], hapd1
)
1398 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
1400 raise Exception("GTK rekey timed out after FT protocol")
1401 hwsim_utils
.test_connectivity(dev
[0], hapd1
)
1403 def test_ft_psk_key_lifetime_in_memory(dev
, apdev
, params
):
1404 """WPA2-PSK-FT and key lifetime in memory"""
1406 passphrase
= "04c2726b4b8d5f1b4db9c07aa4d9e9d8f765cb5d25ec817e6cc4fcdd5255db0"
1407 psk
= '93c90846ff67af9037ed83fb72b63dbeddaa81d47f926c20909b5886f1d9358d'
1408 pmk
= binascii
.unhexlify(psk
)
1409 p
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1410 hapd0
= hostapd
.add_ap(apdev
[0], p
)
1411 p
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1412 hapd1
= hostapd
.add_ap(apdev
[1], p
)
1414 pid
= find_wpas_process(dev
[0])
1416 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1418 # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
1419 # event has been delivered, so verify that wpa_supplicant has returned to
1420 # eloop before reading process memory.
1424 buf
= read_process_memory(pid
, pmk
)
1426 dev
[0].request("DISCONNECT")
1427 dev
[0].wait_disconnected()
1434 with
open(os
.path
.join(params
['logdir'], 'log0'), 'r') as f
:
1435 for l
in f
.readlines():
1436 if "FT: PMK-R0 - hexdump" in l
:
1437 val
= l
.strip().split(':')[3].replace(' ', '')
1438 pmkr0
= binascii
.unhexlify(val
)
1439 if "FT: PMK-R1 - hexdump" in l
:
1440 val
= l
.strip().split(':')[3].replace(' ', '')
1441 pmkr1
= binascii
.unhexlify(val
)
1442 if "FT: KCK - hexdump" in l
:
1443 val
= l
.strip().split(':')[3].replace(' ', '')
1444 kck
= binascii
.unhexlify(val
)
1445 if "FT: KEK - hexdump" in l
:
1446 val
= l
.strip().split(':')[3].replace(' ', '')
1447 kek
= binascii
.unhexlify(val
)
1448 if "FT: TK - hexdump" in l
:
1449 val
= l
.strip().split(':')[3].replace(' ', '')
1450 tk
= binascii
.unhexlify(val
)
1451 if "WPA: Group Key - hexdump" in l
:
1452 val
= l
.strip().split(':')[3].replace(' ', '')
1453 gtk
= binascii
.unhexlify(val
)
1454 if not pmkr0
or not pmkr1
or not kck
or not kek
or not tk
or not gtk
:
1455 raise Exception("Could not find keys from debug log")
1457 raise Exception("Unexpected GTK length")
1459 logger
.info("Checking keys in memory while associated")
1460 get_key_locations(buf
, pmk
, "PMK")
1461 get_key_locations(buf
, pmkr0
, "PMK-R0")
1462 get_key_locations(buf
, pmkr1
, "PMK-R1")
1464 raise HwsimSkip("PMK not found while associated")
1465 if pmkr0
not in buf
:
1466 raise HwsimSkip("PMK-R0 not found while associated")
1467 if pmkr1
not in buf
:
1468 raise HwsimSkip("PMK-R1 not found while associated")
1470 raise Exception("KCK not found while associated")
1472 raise Exception("KEK not found while associated")
1474 # raise Exception("TK found from memory")
1476 logger
.info("Checking keys in memory after disassociation")
1477 buf
= read_process_memory(pid
, pmk
)
1478 get_key_locations(buf
, pmk
, "PMK")
1479 get_key_locations(buf
, pmkr0
, "PMK-R0")
1480 get_key_locations(buf
, pmkr1
, "PMK-R1")
1482 # Note: PMK/PSK is still present in network configuration
1484 fname
= os
.path
.join(params
['logdir'],
1485 'ft_psk_key_lifetime_in_memory.memctx-')
1486 verify_not_present(buf
, pmkr0
, fname
, "PMK-R0")
1487 verify_not_present(buf
, pmkr1
, fname
, "PMK-R1")
1488 verify_not_present(buf
, kck
, fname
, "KCK")
1489 verify_not_present(buf
, kek
, fname
, "KEK")
1490 verify_not_present(buf
, tk
, fname
, "TK")
1492 get_key_locations(buf
, gtk
, "GTK")
1493 verify_not_present(buf
, gtk
, fname
, "GTK")
1495 dev
[0].request("REMOVE_NETWORK all")
1497 logger
.info("Checking keys in memory after network profile removal")
1498 buf
= read_process_memory(pid
, pmk
)
1499 get_key_locations(buf
, pmk
, "PMK")
1500 get_key_locations(buf
, pmkr0
, "PMK-R0")
1501 get_key_locations(buf
, pmkr1
, "PMK-R1")
1503 verify_not_present(buf
, pmk
, fname
, "PMK")
1504 verify_not_present(buf
, pmkr0
, fname
, "PMK-R0")
1505 verify_not_present(buf
, pmkr1
, fname
, "PMK-R1")
1506 verify_not_present(buf
, kck
, fname
, "KCK")
1507 verify_not_present(buf
, kek
, fname
, "KEK")
1508 verify_not_present(buf
, tk
, fname
, "TK")
1509 verify_not_present(buf
, gtk
, fname
, "GTK")
1512 def test_ap_ft_invalid_resp(dev
, apdev
):
1513 """WPA2-PSK-FT AP and invalid response IEs"""
1515 passphrase
= "12345678"
1517 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1518 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1519 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1522 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1523 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1526 # Various IEs for test coverage. The last one is FTIE with invalid
1527 # R1KH-ID subelement.
1528 "020002000000" + "3800" + "38051122334455" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010100",
1529 # FTIE with invalid R0KH-ID subelement (len=0).
1530 "020002000000" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010300",
1531 # FTIE with invalid R0KH-ID subelement (len=49).
1532 "020002000000" + "378500010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001033101020304050607080910111213141516171819202122232425262728293031323334353637383940414243444546474849",
1534 "020002000000" + "3000",
1535 # Required IEs missing from protected IE count.
1536 "020002000000" + "3603a1b201" + "375200010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
1537 # RIC missing from protected IE count.
1538 "020002000000" + "3603a1b201" + "375200020203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
1539 # Protected IE missing.
1540 "020002000000" + "3603a1b201" + "375200ff0203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900" + "0000"]
1542 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
1543 hapd1
.set("ext_mgmt_frame_handling", "1")
1544 hapd1
.dump_monitor()
1545 if "OK" not in dev
[0].request("ROAM " + apdev
[1]['bssid']):
1546 raise Exception("ROAM failed")
1549 msg
= hapd1
.mgmt_rx()
1550 if msg
['subtype'] == 11:
1554 raise Exception("Authentication frame not seen")
1557 resp
['fc'] = auth
['fc']
1558 resp
['da'] = auth
['sa']
1559 resp
['sa'] = auth
['da']
1560 resp
['bssid'] = auth
['bssid']
1561 resp
['payload'] = binascii
.unhexlify(t
)
1563 hapd1
.set("ext_mgmt_frame_handling", "0")
1564 dev
[0].wait_disconnected()
1566 dev
[0].request("RECONNECT")
1567 dev
[0].wait_connected()
1569 def test_ap_ft_gcmp_256(dev
, apdev
):
1570 """WPA2-PSK-FT AP with GCMP-256 cipher"""
1571 if "GCMP-256" not in dev
[0].get_capability("pairwise"):
1572 raise HwsimSkip("Cipher GCMP-256 not supported")
1574 passphrase
= "12345678"
1576 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1577 params
['rsn_pairwise'] = "GCMP-256"
1578 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1579 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1580 params
['rsn_pairwise'] = "GCMP-256"
1581 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1583 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
,
1584 pairwise_cipher
="GCMP-256", group_cipher
="GCMP-256")
1586 def setup_ap_ft_oom(dev
, apdev
):
1587 skip_with_fips(dev
[0])
1589 passphrase
= "12345678"
1591 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1592 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1593 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1594 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1596 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1598 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
1599 dst
= apdev
[1]['bssid']
1601 dst
= apdev
[0]['bssid']
1603 dev
[0].scan_for_bss(dst
, freq
="2412")
1607 def test_ap_ft_oom(dev
, apdev
):
1608 """WPA2-PSK-FT and OOM"""
1609 dst
= setup_ap_ft_oom(dev
, apdev
)
1610 with
alloc_fail(dev
[0], 1, "wpa_ft_gen_req_ies"):
1613 def test_ap_ft_oom2(dev
, apdev
):
1614 """WPA2-PSK-FT and OOM (2)"""
1615 dst
= setup_ap_ft_oom(dev
, apdev
)
1616 with
fail_test(dev
[0], 1, "wpa_ft_mic"):
1617 dev
[0].roam(dst
, fail_test
=True, assoc_reject_ok
=True)
1619 def test_ap_ft_oom3(dev
, apdev
):
1620 """WPA2-PSK-FT and OOM (3)"""
1621 dst
= setup_ap_ft_oom(dev
, apdev
)
1622 with
fail_test(dev
[0], 1, "os_get_random;wpa_ft_prepare_auth_request"):
1625 def test_ap_ft_oom4(dev
, apdev
):
1626 """WPA2-PSK-FT and OOM (4)"""
1628 passphrase
= "12345678"
1629 dst
= setup_ap_ft_oom(dev
, apdev
)
1630 dev
[0].request("REMOVE_NETWORK all")
1631 with
alloc_fail(dev
[0], 1, "=sme_update_ft_ies"):
1632 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1635 def test_ap_ft_ap_oom(dev
, apdev
):
1636 """WPA2-PSK-FT and AP OOM"""
1638 passphrase
= "12345678"
1640 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1641 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1642 bssid0
= hapd0
.own_addr()
1644 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1645 with
alloc_fail(hapd0
, 1, "wpa_ft_store_pmk_r0"):
1646 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1649 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1650 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1651 bssid1
= hapd1
.own_addr()
1652 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1653 # This roam will fail due to missing PMK-R0 (OOM prevented storing it)
1656 def test_ap_ft_ap_oom2(dev
, apdev
):
1657 """WPA2-PSK-FT and AP OOM 2"""
1659 passphrase
= "12345678"
1661 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1662 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1663 bssid0
= hapd0
.own_addr()
1665 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1666 with
alloc_fail(hapd0
, 1, "wpa_ft_store_pmk_r1"):
1667 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1670 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1671 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1672 bssid1
= hapd1
.own_addr()
1673 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1675 if dev
[0].get_status_field('bssid') != bssid1
:
1676 raise Exception("Did not roam to AP1")
1677 # This roam will fail due to missing PMK-R1 (OOM prevented storing it)
1680 def test_ap_ft_ap_oom3(dev
, apdev
):
1681 """WPA2-PSK-FT and AP OOM 3"""
1683 passphrase
= "12345678"
1685 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1686 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1687 bssid0
= hapd0
.own_addr()
1689 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1690 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1693 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1694 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1695 bssid1
= hapd1
.own_addr()
1696 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1697 with
alloc_fail(hapd1
, 1, "wpa_ft_pull_pmk_r1"):
1698 # This will fail due to not being able to send out PMK-R1 pull request
1701 with
fail_test(hapd1
, 2, "os_get_random;wpa_ft_pull_pmk_r1"):
1702 # This will fail due to not being able to send out PMK-R1 pull request
1705 with
fail_test(hapd1
, 2, "aes_siv_encrypt;wpa_ft_pull_pmk_r1"):
1706 # This will fail due to not being able to send out PMK-R1 pull request
1709 def test_ap_ft_ap_oom3b(dev
, apdev
):
1710 """WPA2-PSK-FT and AP OOM 3b"""
1712 passphrase
= "12345678"
1714 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1715 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1716 bssid0
= hapd0
.own_addr()
1718 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1719 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1722 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1723 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1724 bssid1
= hapd1
.own_addr()
1725 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1726 with
fail_test(hapd1
, 1, "os_get_random;wpa_ft_pull_pmk_r1"):
1727 # This will fail due to not being able to send out PMK-R1 pull request
1730 def test_ap_ft_ap_oom4(dev
, apdev
):
1731 """WPA2-PSK-FT and AP OOM 4"""
1733 passphrase
= "12345678"
1735 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1736 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1737 bssid0
= hapd0
.own_addr()
1739 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1740 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1743 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1744 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1745 bssid1
= hapd1
.own_addr()
1746 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1747 with
alloc_fail(hapd1
, 1, "wpa_ft_gtk_subelem"):
1749 if dev
[0].get_status_field('bssid') != bssid1
:
1750 raise Exception("Did not roam to AP1")
1752 with
fail_test(hapd0
, 1, "wpa_auth_get_seqnum;wpa_ft_gtk_subelem"):
1754 if dev
[0].get_status_field('bssid') != bssid0
:
1755 raise Exception("Did not roam to AP0")
1757 with
fail_test(hapd0
, 1, "aes_wrap;wpa_ft_gtk_subelem"):
1759 if dev
[0].get_status_field('bssid') != bssid1
:
1760 raise Exception("Did not roam to AP1")
1762 def test_ap_ft_ap_oom5(dev
, apdev
):
1763 """WPA2-PSK-FT and AP OOM 5"""
1765 passphrase
= "12345678"
1767 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1768 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1769 bssid0
= hapd0
.own_addr()
1771 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1772 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1775 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1776 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1777 bssid1
= hapd1
.own_addr()
1778 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1779 with
alloc_fail(hapd1
, 1, "=wpa_ft_process_auth_req"):
1780 # This will fail to roam
1783 with
fail_test(hapd1
, 1, "os_get_random;wpa_ft_process_auth_req"):
1784 # This will fail to roam
1787 with
fail_test(hapd1
, 1, "sha256_prf_bits;wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
1788 # This will fail to roam
1791 with
fail_test(hapd1
, 3, "wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
1792 # This will fail to roam
1795 with
fail_test(hapd1
, 1, "wpa_derive_pmk_r1_name;wpa_ft_process_auth_req"):
1796 # This will fail to roam
1799 def test_ap_ft_ap_oom6(dev
, apdev
):
1800 """WPA2-PSK-FT and AP OOM 6"""
1802 passphrase
= "12345678"
1804 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1805 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1806 bssid0
= hapd0
.own_addr()
1808 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1809 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r0;wpa_auth_derive_ptk_ft"):
1810 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1812 dev
[0].request("REMOVE_NETWORK all")
1813 dev
[0].wait_disconnected()
1814 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r1;wpa_auth_derive_ptk_ft"):
1815 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1817 dev
[0].request("REMOVE_NETWORK all")
1818 dev
[0].wait_disconnected()
1819 with
fail_test(hapd0
, 1, "wpa_pmk_r1_to_ptk;wpa_auth_derive_ptk_ft"):
1820 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1823 def test_ap_ft_ap_oom7a(dev
, apdev
):
1824 """WPA2-PSK-FT and AP OOM 7a"""
1826 passphrase
= "12345678"
1828 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1829 params
["ieee80211w"] = "2"
1830 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1831 bssid0
= hapd0
.own_addr()
1833 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1834 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1835 ieee80211w
="2", scan_freq
="2412")
1837 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1838 params
["ieee80211w"] = "2"
1839 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1840 bssid1
= hapd1
.own_addr()
1841 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1842 with
alloc_fail(hapd1
, 1, "wpa_ft_igtk_subelem"):
1843 # This will fail to roam
1846 def test_ap_ft_ap_oom7b(dev
, apdev
):
1847 """WPA2-PSK-FT and AP OOM 7b"""
1849 passphrase
= "12345678"
1851 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1852 params
["ieee80211w"] = "2"
1853 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1854 bssid0
= hapd0
.own_addr()
1856 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1857 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1858 ieee80211w
="2", scan_freq
="2412")
1860 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1861 params
["ieee80211w"] = "2"
1862 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1863 bssid1
= hapd1
.own_addr()
1864 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1865 with
fail_test(hapd1
, 1, "aes_wrap;wpa_ft_igtk_subelem"):
1866 # This will fail to roam
1869 def test_ap_ft_ap_oom7c(dev
, apdev
):
1870 """WPA2-PSK-FT and AP OOM 7c"""
1872 passphrase
= "12345678"
1874 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1875 params
["ieee80211w"] = "2"
1876 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1877 bssid0
= hapd0
.own_addr()
1879 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1880 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1881 ieee80211w
="2", scan_freq
="2412")
1883 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1884 params
["ieee80211w"] = "2"
1885 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1886 bssid1
= hapd1
.own_addr()
1887 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1888 with
alloc_fail(hapd1
, 1, "=wpa_sm_write_assoc_resp_ies"):
1889 # This will fail to roam
1892 def test_ap_ft_ap_oom7d(dev
, apdev
):
1893 """WPA2-PSK-FT and AP OOM 7d"""
1895 passphrase
= "12345678"
1897 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1898 params
["ieee80211w"] = "2"
1899 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1900 bssid0
= hapd0
.own_addr()
1902 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1903 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1904 ieee80211w
="2", scan_freq
="2412")
1906 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1907 params
["ieee80211w"] = "2"
1908 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1909 bssid1
= hapd1
.own_addr()
1910 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1911 with
fail_test(hapd1
, 1, "wpa_ft_mic;wpa_sm_write_assoc_resp_ies"):
1912 # This will fail to roam
1915 def test_ap_ft_ap_oom8(dev
, apdev
):
1916 """WPA2-PSK-FT and AP OOM 8"""
1918 passphrase
= "12345678"
1920 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1921 params
['ft_psk_generate_local'] = "1"
1922 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1923 bssid0
= hapd0
.own_addr()
1925 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1926 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1929 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1930 params
['ft_psk_generate_local'] = "1"
1931 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1932 bssid1
= hapd1
.own_addr()
1933 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1934 with
fail_test(hapd1
, 1, "wpa_derive_pmk_r0;wpa_ft_psk_pmk_r1"):
1935 # This will fail to roam
1937 with
fail_test(hapd1
, 1, "wpa_derive_pmk_r1;wpa_ft_psk_pmk_r1"):
1938 # This will fail to roam
1941 def test_ap_ft_ap_oom9(dev
, apdev
):
1942 """WPA2-PSK-FT and AP OOM 9"""
1944 passphrase
= "12345678"
1946 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1947 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1948 bssid0
= hapd0
.own_addr()
1950 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1951 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1954 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1955 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1956 bssid1
= hapd1
.own_addr()
1957 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1959 with
alloc_fail(hapd0
, 1, "wpa_ft_action_rx"):
1960 # This will fail to roam
1961 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1962 raise Exception("FT_DS failed")
1963 wait_fail_trigger(hapd0
, "GET_ALLOC_FAIL")
1965 with
alloc_fail(hapd1
, 1, "wpa_ft_rrb_rx_request"):
1966 # This will fail to roam
1967 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1968 raise Exception("FT_DS failed")
1969 wait_fail_trigger(hapd1
, "GET_ALLOC_FAIL")
1971 with
alloc_fail(hapd1
, 1, "wpa_ft_send_rrb_auth_resp"):
1972 # This will fail to roam
1973 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1974 raise Exception("FT_DS failed")
1975 wait_fail_trigger(hapd1
, "GET_ALLOC_FAIL")
1977 def test_ap_ft_ap_oom10(dev
, apdev
):
1978 """WPA2-PSK-FT and AP OOM 10"""
1980 passphrase
= "12345678"
1982 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1983 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1984 bssid0
= hapd0
.own_addr()
1986 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1987 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1990 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1991 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1992 bssid1
= hapd1
.own_addr()
1993 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1995 with
fail_test(hapd0
, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_pull"):
1996 # This will fail to roam
1997 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1998 raise Exception("FT_DS failed")
1999 wait_fail_trigger(hapd0
, "GET_FAIL")
2001 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r1;wpa_ft_rrb_rx_pull"):
2002 # This will fail to roam
2003 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
2004 raise Exception("FT_DS failed")
2005 wait_fail_trigger(hapd0
, "GET_FAIL")
2007 with
fail_test(hapd0
, 1, "aes_siv_encrypt;wpa_ft_rrb_rx_pull"):
2008 # This will fail to roam
2009 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
2010 raise Exception("FT_DS failed")
2011 wait_fail_trigger(hapd0
, "GET_FAIL")
2013 with
fail_test(hapd1
, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_resp"):
2014 # This will fail to roam
2015 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
2016 raise Exception("FT_DS failed")
2017 wait_fail_trigger(hapd1
, "GET_FAIL")
2019 def test_ap_ft_ap_oom11(dev
, apdev
):
2020 """WPA2-PSK-FT and AP OOM 11"""
2022 passphrase
= "12345678"
2024 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2025 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2026 bssid0
= hapd0
.own_addr()
2028 dev
[0].scan_for_bss(bssid0
, freq
="2412")
2029 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r1;wpa_ft_generate_pmk_r1"):
2030 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2032 wait_fail_trigger(hapd0
, "GET_FAIL")
2034 dev
[1].scan_for_bss(bssid0
, freq
="2412")
2035 with
fail_test(hapd0
, 1, "aes_siv_encrypt;wpa_ft_generate_pmk_r1"):
2036 dev
[1].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2038 wait_fail_trigger(hapd0
, "GET_FAIL")
2040 def test_ap_ft_over_ds_proto_ap(dev
, apdev
):
2041 """WPA2-PSK-FT AP over DS protocol testing for AP processing"""
2043 passphrase
= "12345678"
2045 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2046 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2047 bssid0
= hapd0
.own_addr()
2048 _bssid0
= bssid0
.replace(':', '')
2049 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2051 addr
= dev
[0].own_addr()
2052 _addr
= addr
.replace(':', '')
2054 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2055 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2056 bssid1
= hapd1
.own_addr()
2057 _bssid1
= bssid1
.replace(':', '')
2059 hapd0
.set("ext_mgmt_frame_handling", "1")
2060 hdr
= "d0003a01" + _bssid0
+ _addr
+ _bssid0
+ "1000"
2061 valid
= "0601" + _addr
+ _bssid1
2064 "0601" + _addr
+ _bssid0
,
2065 "0601" + _addr
+ "ffffffffffff",
2066 "0601" + _bssid0
+ _bssid0
,
2071 valid
+ "3603ffffff",
2072 valid
+ "3603a1b2ff",
2073 valid
+ "3603a1b2ff" + "3700",
2074 valid
+ "3603a1b2ff" + "37520000" + 16*"00" + 32*"00" + 32*"00",
2075 valid
+ "3603a1b2ff" + "37520001" + 16*"00" + 32*"00" + 32*"00",
2076 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa",
2077 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "3000",
2078 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000facff00000100a225368fe0983b5828a37a0acb37f253",
2079 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac030100000fac0400000100a225368fe0983b5828a37a0acb37f253",
2080 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000fac0400000100a225368fe0983b5828a37a0acb37f253",
2083 hapd0
.dump_monitor()
2084 if "OK" not in hapd0
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr
+ t
):
2085 raise Exception("MGMT_RX_PROCESS failed")
2087 hapd0
.set("ext_mgmt_frame_handling", "0")
2089 def test_ap_ft_over_ds_proto(dev
, apdev
):
2090 """WPA2-PSK-FT AP over DS protocol testing"""
2092 passphrase
= "12345678"
2094 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2095 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2096 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2099 # FT Action Response while no FT-over-DS in progress
2102 msg
['da'] = dev
[0].own_addr()
2103 msg
['sa'] = apdev
[0]['bssid']
2104 msg
['bssid'] = apdev
[0]['bssid']
2105 msg
['payload'] = binascii
.unhexlify("06020200000000000200000004000000")
2108 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2109 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2110 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
2111 hapd0
.set("ext_mgmt_frame_handling", "1")
2112 hapd0
.dump_monitor()
2113 dev
[0].request("FT_DS " + apdev
[1]['bssid'])
2114 for i
in range(0, 10):
2115 req
= hapd0
.mgmt_rx()
2117 raise Exception("MGMT RX wait timed out")
2118 if req
['subtype'] == 13:
2122 raise Exception("FT Action frame not received")
2124 # FT Action Response for unexpected Target AP
2125 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "f20000000400" + "0000")
2128 # FT Action Response without MDIE
2129 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "020000000400" + "0000")
2132 # FT Action Response without FTIE
2133 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201")
2136 # FT Action Response with FTIE SNonce mismatch
2137 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201" + "3766000000000000000000000000000000000000c4e67ac1999bebd00ff4ae4d5dcaf87896bb060b469f7c78d49623fb395c3455ffffff6b693fe6f8d8c5dfac0a22344750775bd09437f98b238c9f87b97f790c0106000102030406030a6e6173312e77312e6669")
2141 def test_ap_ft_rrb(dev
, apdev
):
2142 """WPA2-PSK-FT RRB protocol testing"""
2144 passphrase
= "12345678"
2146 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2147 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2149 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2152 _dst_ll
= binascii
.unhexlify(apdev
[0]['bssid'].replace(':', ''))
2153 _src_ll
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
2155 ehdr
= _dst_ll
+ _src_ll
+ proto
2157 # Too short RRB frame
2158 pkt
= ehdr
+ b
'\x01'
2159 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2160 raise Exception("DATA_TEST_FRAME failed")
2162 # RRB discarded frame wikth unrecognized type
2163 pkt
= ehdr
+ b
'\x02' + b
'\x02' + b
'\x01\x00' + _src_ll
2164 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2165 raise Exception("DATA_TEST_FRAME failed")
2167 # RRB frame too short for action frame
2168 pkt
= ehdr
+ b
'\x01' + b
'\x02' + b
'\x01\x00' + _src_ll
2169 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2170 raise Exception("DATA_TEST_FRAME failed")
2172 # Too short RRB frame (not enough room for Action Frame body)
2173 pkt
= ehdr
+ b
'\x01' + b
'\x02' + b
'\x00\x00' + _src_ll
2174 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2175 raise Exception("DATA_TEST_FRAME failed")
2177 # Unexpected Action frame category
2178 pkt
= ehdr
+ b
'\x01' + b
'\x02' + b
'\x0e\x00' + _src_ll
+ b
'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2179 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2180 raise Exception("DATA_TEST_FRAME failed")
2182 # Unexpected Action in RRB Request
2183 pkt
= ehdr
+ b
'\x01' + b
'\x00' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2184 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2185 raise Exception("DATA_TEST_FRAME failed")
2187 # Target AP address in RRB Request does not match with own address
2188 pkt
= ehdr
+ b
'\x01' + b
'\x00' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2189 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2190 raise Exception("DATA_TEST_FRAME failed")
2192 # Not enough room for status code in RRB Response
2193 pkt
= ehdr
+ b
'\x01' + b
'\x01' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2194 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2195 raise Exception("DATA_TEST_FRAME failed")
2197 # RRB discarded frame with unknown packet_type
2198 pkt
= ehdr
+ b
'\x01' + b
'\x02' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2199 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2200 raise Exception("DATA_TEST_FRAME failed")
2202 # RRB Response with non-zero status code; no STA match
2203 pkt
= ehdr
+ b
'\x01' + b
'\x01' + b
'\x10\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + b
'\xff\xff'
2204 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2205 raise Exception("DATA_TEST_FRAME failed")
2207 # RRB Response with zero status code and extra data; STA match
2208 pkt
= ehdr
+ b
'\x01' + b
'\x01' + b
'\x11\x00' + _src_ll
+ b
'\x06\x01' + _src_ll
+ b
'\x00\x00\x00\x00\x00\x00' + b
'\x00\x00' + b
'\x00'
2209 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2210 raise Exception("DATA_TEST_FRAME failed")
2212 # Too short PMK-R1 pull
2213 pkt
= ehdr
+ b
'\x01' + b
'\xc8' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2214 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2215 raise Exception("DATA_TEST_FRAME failed")
2217 # Too short PMK-R1 resp
2218 pkt
= ehdr
+ b
'\x01' + b
'\xc9' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2219 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2220 raise Exception("DATA_TEST_FRAME failed")
2222 # Too short PMK-R1 push
2223 pkt
= ehdr
+ b
'\x01' + b
'\xca' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2224 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2225 raise Exception("DATA_TEST_FRAME failed")
2227 # No matching R0KH address found for PMK-R0 pull response
2228 pkt
= ehdr
+ b
'\x01' + b
'\xc9' + b
'\x5a\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + 76 * b
'\00'
2229 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2230 raise Exception("DATA_TEST_FRAME failed")
2233 def test_rsn_ie_proto_ft_psk_sta(dev
, apdev
):
2234 """RSN element protocol testing for FT-PSK + PMF cases on STA side"""
2235 bssid
= apdev
[0]['bssid']
2237 passphrase
= "12345678"
2239 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2240 params
["ieee80211w"] = "1"
2241 # This is the RSN element used normally by hostapd
2242 params
['own_ie_override'] = '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'
2243 hapd
= hostapd
.add_ap(apdev
[0], params
)
2244 id = dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2245 ieee80211w
="1", scan_freq
="2412",
2246 pairwise
="CCMP", group
="CCMP")
2248 tests
= [('PMKIDCount field included',
2249 '30160100000fac040100000fac040100000fac048c000000' + '3603a1b201'),
2250 ('Extra IE before RSNE',
2251 'dd0400000000' + '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'),
2252 ('PMKIDCount and Group Management Cipher suite fields included',
2253 '301a0100000fac040100000fac040100000fac048c000000000fac06' + '3603a1b201'),
2254 ('Extra octet after defined fields (future extensibility)',
2255 '301b0100000fac040100000fac040100000fac048c000000000fac0600' + '3603a1b201'),
2256 ('No RSN Capabilities field (PMF disabled in practice)',
2257 '30120100000fac040100000fac040100000fac04' + '3603a1b201')]
2258 for txt
, ie
in tests
:
2259 dev
[0].request("DISCONNECT")
2260 dev
[0].wait_disconnected()
2263 hapd
.set('own_ie_override', ie
)
2265 dev
[0].request("BSS_FLUSH 0")
2266 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
2267 dev
[0].select_network(id, freq
=2412)
2268 dev
[0].wait_connected()
2270 dev
[0].request("DISCONNECT")
2271 dev
[0].wait_disconnected()
2273 logger
.info('Invalid RSNE causing internal hostapd error')
2275 hapd
.set('own_ie_override', '30130100000fac040100000fac040100000fac048c' + '3603a1b201')
2277 dev
[0].request("BSS_FLUSH 0")
2278 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
2279 dev
[0].select_network(id, freq
=2412)
2280 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
2282 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=1)
2284 raise Exception("Unexpected connection")
2285 dev
[0].request("DISCONNECT")
2287 logger
.info('Unexpected PMKID causing internal hostapd error')
2289 hapd
.set('own_ie_override', '30260100000fac040100000fac040100000fac048c000100ffffffffffffffffffffffffffffffff' + '3603a1b201')
2291 dev
[0].request("BSS_FLUSH 0")
2292 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
2293 dev
[0].select_network(id, freq
=2412)
2294 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
2296 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=1)
2298 raise Exception("Unexpected connection")
2299 dev
[0].request("DISCONNECT")
2301 def test_ap_ft_ptk_rekey(dev
, apdev
):
2302 """WPA2-PSK-FT PTK rekeying triggered by station after roam"""
2304 passphrase
= "12345678"
2306 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2307 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2308 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2309 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2311 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, ptk_rekey
="1")
2313 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECTED",
2314 "WPA: Key negotiation completed"], timeout
=5)
2316 raise Exception("No event received after roam")
2317 if "CTRL-EVENT-DISCONNECTED" in ev
:
2318 raise Exception("Unexpected disconnection after roam")
2320 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
2324 hwsim_utils
.test_connectivity(dev
[0], hapd
)
2326 def test_ap_ft_ptk_rekey_ap(dev
, apdev
):
2327 """WPA2-PSK-FT PTK rekeying triggered by AP after roam"""
2329 passphrase
= "12345678"
2331 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2332 params
['wpa_ptk_rekey'] = '2'
2333 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2334 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2335 params
['wpa_ptk_rekey'] = '2'
2336 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2338 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
2340 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECTED",
2341 "WPA: Key negotiation completed"], timeout
=5)
2343 raise Exception("No event received after roam")
2344 if "CTRL-EVENT-DISCONNECTED" in ev
:
2345 raise Exception("Unexpected disconnection after roam")
2347 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
2351 hwsim_utils
.test_connectivity(dev
[0], hapd
)
2353 def test_ap_ft_internal_rrb_check(dev
, apdev
):
2354 """RRB internal delivery only to WPA enabled BSS"""
2356 passphrase
= "12345678"
2358 radius
= hostapd
.radius_params()
2359 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2360 params
['wpa_key_mgmt'] = "FT-EAP"
2361 params
["ieee8021x"] = "1"
2362 params
= dict(list(radius
.items()) + list(params
.items()))
2363 hapd
= hostapd
.add_ap(apdev
[0], params
)
2364 key_mgmt
= hapd
.get_config()['key_mgmt']
2365 if key_mgmt
.split(' ')[0] != "FT-EAP":
2366 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
2368 hapd1
= hostapd
.add_ap(apdev
[1], {"ssid": ssid
})
2370 # Connect to WPA enabled AP
2371 dev
[0].connect(ssid
, key_mgmt
="FT-EAP", proto
="WPA2", ieee80211w
="1",
2372 eap
="GPSK", identity
="gpsk user",
2373 password
="abcdefghijklmnop0123456789abcdef",
2376 # Try over_ds roaming to non-WPA-enabled AP.
2377 # If hostapd does not check hapd->wpa_auth internally, it will crash now.
2378 dev
[0].roam_over_ds(apdev
[1]['bssid'], fail_test
=True)
2380 def test_ap_ft_extra_ie(dev
, apdev
):
2381 """WPA2-PSK-FT AP with WPA2-PSK enabled and unexpected MDE"""
2383 passphrase
= "12345678"
2385 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2386 params
["wpa_key_mgmt"] = "WPA-PSK FT-PSK"
2387 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2388 dev
[1].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2390 dev
[2].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK", proto
="WPA2",
2393 # Add Mobility Domain element to test AP validation code.
2394 dev
[0].request("VENDOR_ELEM_ADD 13 3603a1b201")
2395 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK", proto
="WPA2",
2396 scan_freq
="2412", wait_connect
=False)
2397 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED",
2398 "CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
2400 raise Exception("No connection result")
2401 if "CTRL-EVENT-CONNECTED" in ev
:
2402 raise Exception("Non-FT association accepted with MDE")
2403 if "status_code=43" not in ev
:
2404 raise Exception("Unexpected status code: " + ev
)
2405 dev
[0].request("DISCONNECT")
2407 dev
[0].request("VENDOR_ELEM_REMOVE 13 *")
2409 def test_ap_ft_ric(dev
, apdev
):
2410 """WPA2-PSK-FT AP and RIC"""
2412 passphrase
= "12345678"
2414 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2415 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2416 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2417 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2419 dev
[0].set("ric_ies", "")
2420 dev
[0].set("ric_ies", '""')
2421 if "FAIL" not in dev
[0].request("SET ric_ies q"):
2422 raise Exception("Invalid ric_ies value accepted")
2427 "390400000000" + "390400000000",
2428 "390400000000" + "dd050050f20202",
2429 "390400000000" + "dd3d0050f2020201" + 55*"00",
2430 "390400000000" + "dd3d0050f2020201aa300010270000000000000000000000000000000000000000000000000000ffffff7f00000000000000000000000040420f00ffff0000",
2431 "390401010000" + "dd3d0050f2020201aa3000dc050000000000000000000000000000000000000000000000000000dc050000000000000000000000000000808d5b0028230000"]
2433 dev
[0].set("ric_ies", t
)
2434 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
,
2435 test_connectivity
=False)
2436 dev
[0].request("REMOVE_NETWORK all")
2437 dev
[0].wait_disconnected()
2438 dev
[0].dump_monitor()
2440 def ie_hex(ies
, id):
2441 return binascii
.hexlify(struct
.pack('BB', id, len(ies
[id])) + ies
[id]).decode()
2443 def test_ap_ft_reassoc_proto(dev
, apdev
):
2444 """WPA2-PSK-FT AP Reassociation Request frame parsing"""
2446 passphrase
= "12345678"
2448 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2449 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2450 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2451 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2453 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2454 ieee80211w
="1", scan_freq
="2412")
2455 if dev
[0].get_status_field('bssid') == hapd0
.own_addr():
2462 dev
[0].scan_for_bss(hapd2ap
.own_addr(), freq
="2412")
2463 hapd2ap
.set("ext_mgmt_frame_handling", "1")
2464 dev
[0].request("ROAM " + hapd2ap
.own_addr())
2467 req
= hapd2ap
.mgmt_rx()
2468 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']).decode())
2469 if req
['subtype'] == 11:
2473 req
= hapd2ap
.mgmt_rx()
2474 if req
['subtype'] == 2:
2476 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']).decode())
2478 # IEEE 802.11 header + fixed fields before IEs
2479 hdr
= binascii
.hexlify(req
['frame'][0:34]).decode()
2480 ies
= parse_ie(binascii
.hexlify(req
['frame'][34:]))
2481 # First elements: SSID, Supported Rates, Extended Supported Rates
2482 ies1
= ie_hex(ies
, 0) + ie_hex(ies
, 1) + ie_hex(ies
, 50)
2484 rsne
= ie_hex(ies
, 48)
2485 mde
= ie_hex(ies
, 54)
2486 fte
= ie_hex(ies
, 55)
2488 # RSN: Trying to use FT, but MDIE not included
2490 # RSN: Attempted to use unknown MDIE
2491 tests
+= [rsne
+ "3603000000"]
2492 # Invalid RSN pairwise cipher
2493 tests
+= ["30260100000fac040100000fac030100000fac040000010029208a42cd25c85aa571567dce10dae3"]
2494 # FT: No PMKID in RSNIE
2495 tests
+= ["30160100000fac040100000fac040100000fac0400000000" + ie_hex(ies
, 54)]
2497 tests
+= [rsne
+ mde
]
2498 # FT: RIC IE(s) in the frame, but not included in protected IE count
2499 # FT: Failed to parse FT IEs
2500 tests
+= [rsne
+ mde
+ fte
+ "3900"]
2501 # FT: SNonce mismatch in FTIE
2502 tests
+= [rsne
+ mde
+ "37520000" + 16*"00" + 32*"00" + 32*"00"]
2503 # FT: ANonce mismatch in FTIE
2504 tests
+= [rsne
+ mde
+ fte
[0:40] + 32*"00" + fte
[104:]]
2505 # FT: No R0KH-ID subelem in FTIE
2506 tests
+= [rsne
+ mde
+ "3752" + fte
[4:168]]
2507 # FT: R0KH-ID in FTIE did not match with the current R0KH-ID
2508 tests
+= [rsne
+ mde
+ "3755" + fte
[4:168] + "0301ff"]
2509 # FT: No R1KH-ID subelem in FTIE
2510 tests
+= [rsne
+ mde
+ "375e" + fte
[4:168] + "030a" + binascii
.hexlify(b
"nas1.w1.fi").decode()]
2511 # FT: Unknown R1KH-ID used in ReassocReq
2512 tests
+= [rsne
+ mde
+ "3766" + fte
[4:168] + "030a" + binascii
.hexlify(b
"nas1.w1.fi").decode() + "0106000000000000"]
2513 # FT: PMKID in Reassoc Req did not match with the PMKR1Name derived from auth request
2514 tests
+= [rsne
[:-32] + 16*"00" + mde
+ fte
]
2515 # Invalid MIC in FTIE
2516 tests
+= [rsne
+ mde
+ fte
[0:8] + 16*"00" + fte
[40:]]
2518 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr
+ ies1
+ t
)
2520 def test_ap_ft_reassoc_local_fail(dev
, apdev
):
2521 """WPA2-PSK-FT AP Reassociation Request frame and local failure"""
2523 passphrase
= "12345678"
2525 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2526 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2527 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2528 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2530 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2531 ieee80211w
="1", scan_freq
="2412")
2532 if dev
[0].get_status_field('bssid') == hapd0
.own_addr():
2539 dev
[0].scan_for_bss(hapd2ap
.own_addr(), freq
="2412")
2540 # FT: Failed to calculate MIC
2541 with
fail_test(hapd2ap
, 1, "wpa_ft_validate_reassoc"):
2542 dev
[0].request("ROAM " + hapd2ap
.own_addr())
2543 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
2544 dev
[0].request("DISCONNECT")
2546 raise Exception("Association reject not seen")
2548 def test_ap_ft_reassoc_replay(dev
, apdev
, params
):
2549 """WPA2-PSK-FT AP and replayed Reassociation Request frame"""
2550 capfile
= os
.path
.join(params
['logdir'], "hwsim0.pcapng")
2552 passphrase
= "12345678"
2554 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2555 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2556 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2557 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2559 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2561 if dev
[0].get_status_field('bssid') == hapd0
.own_addr():
2568 dev
[0].scan_for_bss(hapd2ap
.own_addr(), freq
="2412")
2569 hapd2ap
.set("ext_mgmt_frame_handling", "1")
2570 dev
[0].dump_monitor()
2571 if "OK" not in dev
[0].request("ROAM " + hapd2ap
.own_addr()):
2572 raise Exception("ROAM failed")
2577 req
= hapd2ap
.mgmt_rx()
2579 hapd2ap
.dump_monitor()
2580 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']).decode())
2581 if req
['subtype'] == 2:
2583 ev
= hapd2ap
.wait_event(["MGMT-TX-STATUS"], timeout
=5)
2585 raise Exception("No TX status seen")
2586 cmd
= "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev
.split(' ')[1:4]))
2587 if "OK" not in hapd2ap
.request(cmd
):
2588 raise Exception("MGMT_TX_STATUS_PROCESS failed")
2590 hapd2ap
.set("ext_mgmt_frame_handling", "0")
2591 if reassocreq
is None:
2592 raise Exception("No Reassociation Request frame seen")
2593 dev
[0].wait_connected()
2594 dev
[0].dump_monitor()
2595 hapd2ap
.dump_monitor()
2597 hwsim_utils
.test_connectivity(dev
[0], hapd2ap
)
2599 logger
.info("Replay the last Reassociation Request frame")
2600 hapd2ap
.dump_monitor()
2601 hapd2ap
.set("ext_mgmt_frame_handling", "1")
2602 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']).decode())
2603 ev
= hapd2ap
.wait_event(["MGMT-TX-STATUS"], timeout
=5)
2605 raise Exception("No TX status seen")
2606 cmd
= "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev
.split(' ')[1:4]))
2607 if "OK" not in hapd2ap
.request(cmd
):
2608 raise Exception("MGMT_TX_STATUS_PROCESS failed")
2609 hapd2ap
.set("ext_mgmt_frame_handling", "0")
2612 hwsim_utils
.test_connectivity(dev
[0], hapd2ap
)
2617 ap
= hapd2ap
.own_addr()
2618 sta
= dev
[0].own_addr()
2619 filt
= "wlan.fc.type == 2 && " + \
2620 "wlan.da == " + sta
+ " && " + \
2622 fields
= ["wlan.ccmp.extiv"]
2623 res
= run_tshark(capfile
, filt
, fields
)
2624 vals
= res
.splitlines()
2625 logger
.info("CCMP PN: " + str(vals
))
2627 raise Exception("Could not find all CCMP protected frames from capture")
2628 if len(set(vals
)) < len(vals
):
2629 raise Exception("Duplicate CCMP PN used")
2632 raise Exception("The second hwsim connectivity test failed")
2634 def test_ap_ft_psk_file(dev
, apdev
):
2635 """WPA2-PSK-FT AP with PSK from a file"""
2637 passphrase
= "12345678"
2639 params
= ft_params1a(ssid
=ssid
, passphrase
=passphrase
)
2640 params
['wpa_psk_file'] = 'hostapd.wpa_psk'
2641 hapd
= hostapd
.add_ap(apdev
[0], params
)
2643 dev
[1].connect(ssid
, psk
="very secret",
2644 key_mgmt
="FT-PSK", proto
="WPA2", ieee80211w
="1",
2645 scan_freq
="2412", wait_connect
=False)
2646 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2647 ieee80211w
="1", scan_freq
="2412")
2648 dev
[0].request("REMOVE_NETWORK all")
2649 dev
[0].wait_disconnected()
2650 dev
[0].connect(ssid
, psk
="very secret", key_mgmt
="FT-PSK", proto
="WPA2",
2651 ieee80211w
="1", scan_freq
="2412")
2652 dev
[0].request("REMOVE_NETWORK all")
2653 dev
[0].wait_disconnected()
2654 dev
[0].connect(ssid
, psk
="secret passphrase",
2655 key_mgmt
="FT-PSK", proto
="WPA2", ieee80211w
="1",
2657 dev
[2].connect(ssid
, psk
="another passphrase for all STAs",
2658 key_mgmt
="FT-PSK", proto
="WPA2", ieee80211w
="1",
2660 ev
= dev
[1].wait_event(["WPA: 4-Way Handshake failed"], timeout
=10)
2662 raise Exception("Timed out while waiting for failure report")
2663 dev
[1].request("REMOVE_NETWORK all")
2665 def test_ap_ft_eap_ap_config_change(dev
, apdev
):
2666 """WPA2-EAP-FT AP changing from 802.1X-only to FT-only"""
2668 passphrase
= "12345678"
2669 bssid
= apdev
[0]['bssid']
2671 radius
= hostapd
.radius_params()
2672 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
, discovery
=True)
2673 params
['wpa_key_mgmt'] = "WPA-EAP"
2674 params
["ieee8021x"] = "1"
2675 params
["pmk_r1_push"] = "0"
2676 params
["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
2677 params
["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
2678 params
["eap_server"] = "0"
2679 params
= dict(list(radius
.items()) + list(params
.items()))
2680 hapd
= hostapd
.add_ap(apdev
[0], params
)
2682 dev
[0].connect(ssid
, key_mgmt
="FT-EAP WPA-EAP", proto
="WPA2",
2683 eap
="GPSK", identity
="gpsk user",
2684 password
="abcdefghijklmnop0123456789abcdef",
2686 dev
[0].request("DISCONNECT")
2687 dev
[0].wait_disconnected()
2688 dev
[0].dump_monitor()
2691 hapd
.set('wpa_key_mgmt', "FT-EAP")
2694 dev
[0].request("BSS_FLUSH 0")
2695 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
2697 dev
[0].request("RECONNECT")
2698 dev
[0].wait_connected()
2700 def test_ap_ft_eap_sha384(dev
, apdev
):
2701 """WPA2-EAP-FT with SHA384"""
2703 passphrase
= "12345678"
2705 radius
= hostapd
.radius_params()
2706 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2707 params
["ieee80211w"] = "2"
2708 params
['wpa_key_mgmt'] = "FT-EAP-SHA384"
2709 params
["ieee8021x"] = "1"
2710 params
= dict(list(radius
.items()) + list(params
.items()))
2711 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2712 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2713 params
["ieee80211w"] = "2"
2714 params
['wpa_key_mgmt'] = "FT-EAP-SHA384"
2715 params
["ieee8021x"] = "1"
2716 params
= dict(list(radius
.items()) + list(params
.items()))
2717 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2719 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, eap
=True,
2722 def test_ap_ft_eap_sha384_reassoc(dev
, apdev
):
2723 """WPA2-EAP-FT with SHA384 using REASSOCIATE"""
2725 passphrase
= "12345678"
2727 radius
= hostapd
.radius_params()
2728 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2729 params
["ieee80211w"] = "2"
2730 params
['wpa_key_mgmt'] = "WPA-EAP-SUITE-B-192 FT-EAP-SHA384"
2731 params
["ieee8021x"] = "1"
2732 params
= dict(list(radius
.items()) + list(params
.items()))
2733 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2734 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2735 params
["ieee80211w"] = "2"
2736 params
['wpa_key_mgmt'] = "WPA-EAP-SUITE-B-192 FT-EAP-SHA384"
2737 params
["ieee8021x"] = "1"
2738 params
= dict(list(radius
.items()) + list(params
.items()))
2739 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2741 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, eap
=True,
2742 sha384
=True, also_non_ft
=True, roam_with_reassoc
=True)
2744 def test_ap_ft_eap_sha384_over_ds(dev
, apdev
):
2745 """WPA2-EAP-FT with SHA384 over DS"""
2747 passphrase
= "12345678"
2749 radius
= hostapd
.radius_params()
2750 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2751 params
["ieee80211w"] = "2"
2752 params
['wpa_key_mgmt'] = "FT-EAP-SHA384"
2753 params
["ieee8021x"] = "1"
2754 params
= dict(list(radius
.items()) + list(params
.items()))
2755 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2756 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2757 params
["ieee80211w"] = "2"
2758 params
['wpa_key_mgmt'] = "FT-EAP-SHA384"
2759 params
["ieee8021x"] = "1"
2760 params
= dict(list(radius
.items()) + list(params
.items()))
2761 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2763 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
2764 eap
=True, sha384
=True)
2766 def test_ap_ft_roam_rrm(dev
, apdev
):
2767 """WPA2-PSK-FT AP and radio measurement request"""
2769 passphrase
= "12345678"
2771 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2772 params
["rrm_beacon_report"] = "1"
2773 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2774 bssid0
= hapd0
.own_addr()
2776 addr
= dev
[0].own_addr()
2777 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2779 check_beacon_req(hapd0
, addr
, 1)
2781 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2782 params
["rrm_beacon_report"] = "1"
2783 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2784 bssid1
= hapd1
.own_addr()
2786 dev
[0].scan_for_bss(bssid1
, freq
=2412)
2788 check_beacon_req(hapd1
, addr
, 2)
2790 dev
[0].scan_for_bss(bssid0
, freq
=2412)
2792 check_beacon_req(hapd0
, addr
, 3)