]> git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_ap_ft.py
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tests: WPA2-PSK-FT and AP OOM
[thirdparty/hostap.git] / tests / hwsim / test_ap_ft.py
1 # Fast BSS Transition tests
2 # Copyright (c) 2013-2015, Jouni Malinen <j@w1.fi>
3 #
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
6
7 from remotehost import remote_compatible
8 import binascii
9 import os
10 import time
11 import logging
12 logger = logging.getLogger()
13
14 import hwsim_utils
15 import hostapd
16 from utils import HwsimSkip, alloc_fail, fail_test, wait_fail_trigger, skip_with_fips
17 from wlantest import Wlantest
18 from test_ap_psk import check_mib, find_wpas_process, read_process_memory, verify_not_present, get_key_locations
19
20 def ft_base_rsn():
21 params = { "wpa": "2",
22 "wpa_key_mgmt": "FT-PSK",
23 "rsn_pairwise": "CCMP" }
24 return params
25
26 def ft_base_mixed():
27 params = { "wpa": "3",
28 "wpa_key_mgmt": "WPA-PSK FT-PSK",
29 "wpa_pairwise": "TKIP",
30 "rsn_pairwise": "CCMP" }
31 return params
32
33 def ft_params(rsn=True, ssid=None, passphrase=None):
34 if rsn:
35 params = ft_base_rsn()
36 else:
37 params = ft_base_mixed()
38 if ssid:
39 params["ssid"] = ssid
40 if passphrase:
41 params["wpa_passphrase"] = passphrase
42
43 params["mobility_domain"] = "a1b2"
44 params["r0_key_lifetime"] = "10000"
45 params["pmk_r1_push"] = "1"
46 params["reassociation_deadline"] = "1000"
47 return params
48
49 def ft_params1a(rsn=True, ssid=None, passphrase=None):
50 params = ft_params(rsn, ssid, passphrase)
51 params['nas_identifier'] = "nas1.w1.fi"
52 params['r1_key_holder'] = "000102030405"
53 return params
54
55 def ft_params1(rsn=True, ssid=None, passphrase=None):
56 params = ft_params1a(rsn, ssid, passphrase)
57 params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f",
58 "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f" ]
59 params['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f"
60 return params
61
62 def ft_params2a(rsn=True, ssid=None, passphrase=None):
63 params = ft_params(rsn, ssid, passphrase)
64 params['nas_identifier'] = "nas2.w1.fi"
65 params['r1_key_holder'] = "000102030406"
66 return params
67
68 def ft_params2(rsn=True, ssid=None, passphrase=None):
69 params = ft_params2a(rsn, ssid, passphrase)
70 params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f",
71 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f" ]
72 params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f"
73 return params
74
75 def ft_params1_r0kh_mismatch(rsn=True, ssid=None, passphrase=None):
76 params = ft_params(rsn, ssid, passphrase)
77 params['nas_identifier'] = "nas1.w1.fi"
78 params['r1_key_holder'] = "000102030405"
79 params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f",
80 "12:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f" ]
81 params['r1kh'] = "12:00:00:00:04:00 10:01:02:03:04:06 200102030405060708090a0b0c0d0e0f"
82 return params
83
84 def ft_params2_incorrect_rrb_key(rsn=True, ssid=None, passphrase=None):
85 params = ft_params(rsn, ssid, passphrase)
86 params['nas_identifier'] = "nas2.w1.fi"
87 params['r1_key_holder'] = "000102030406"
88 params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0ef1",
89 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0ef2" ]
90 params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0ef3"
91 return params
92
93 def ft_params2_r0kh_mismatch(rsn=True, ssid=None, passphrase=None):
94 params = ft_params(rsn, ssid, passphrase)
95 params['nas_identifier'] = "nas2.w1.fi"
96 params['r1_key_holder'] = "000102030406"
97 params['r0kh'] = [ "12:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f",
98 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f" ]
99 params['r1kh'] = "12:00:00:00:03:00 10:01:02:03:04:05 300102030405060708090a0b0c0d0e0f"
100 return params
101
102 def run_roams(dev, apdev, hapd0, hapd1, ssid, passphrase, over_ds=False,
103 sae=False, eap=False, fail_test=False, roams=1,
104 pairwise_cipher="CCMP", group_cipher="TKIP CCMP", ptk_rekey="0"):
105 logger.info("Connect to first AP")
106 if eap:
107 dev.connect(ssid, key_mgmt="FT-EAP", proto="WPA2", ieee80211w="1",
108 eap="GPSK", identity="gpsk user",
109 password="abcdefghijklmnop0123456789abcdef",
110 scan_freq="2412",
111 pairwise=pairwise_cipher, group=group_cipher,
112 wpa_ptk_rekey=ptk_rekey)
113 else:
114 if sae:
115 key_mgmt="FT-SAE"
116 else:
117 key_mgmt="FT-PSK"
118 dev.connect(ssid, psk=passphrase, key_mgmt=key_mgmt, proto="WPA2",
119 ieee80211w="1", scan_freq="2412",
120 pairwise=pairwise_cipher, group=group_cipher,
121 wpa_ptk_rekey=ptk_rekey)
122 if dev.get_status_field('bssid') == apdev[0]['bssid']:
123 ap1 = apdev[0]
124 ap2 = apdev[1]
125 hapd1ap = hapd0
126 hapd2ap = hapd1
127 else:
128 ap1 = apdev[1]
129 ap2 = apdev[0]
130 hapd1ap = hapd1
131 hapd2ap = hapd0
132 hwsim_utils.test_connectivity(dev, hapd1ap)
133
134 dev.scan_for_bss(ap2['bssid'], freq="2412")
135
136 for i in range(0, roams):
137 logger.info("Roam to the second AP")
138 if over_ds:
139 dev.roam_over_ds(ap2['bssid'], fail_test=fail_test)
140 else:
141 dev.roam(ap2['bssid'], fail_test=fail_test)
142 if fail_test:
143 return
144 if dev.get_status_field('bssid') != ap2['bssid']:
145 raise Exception("Did not connect to correct AP")
146 if i == 0 or i == roams - 1:
147 hwsim_utils.test_connectivity(dev, hapd2ap)
148
149 logger.info("Roam back to the first AP")
150 if over_ds:
151 dev.roam_over_ds(ap1['bssid'])
152 else:
153 dev.roam(ap1['bssid'])
154 if dev.get_status_field('bssid') != ap1['bssid']:
155 raise Exception("Did not connect to correct AP")
156 if i == 0 or i == roams - 1:
157 hwsim_utils.test_connectivity(dev, hapd1ap)
158
159 def test_ap_ft(dev, apdev):
160 """WPA2-PSK-FT AP"""
161 ssid = "test-ft"
162 passphrase="12345678"
163
164 params = ft_params1(ssid=ssid, passphrase=passphrase)
165 hapd0 = hostapd.add_ap(apdev[0], params)
166 params = ft_params2(ssid=ssid, passphrase=passphrase)
167 hapd1 = hostapd.add_ap(apdev[1], params)
168
169 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
170 if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"):
171 raise Exception("Scan results missing RSN element info")
172
173 def test_ap_ft_local_key_gen(dev, apdev):
174 """WPA2-PSK-FT AP with local key generation (without pull/push)"""
175 ssid = "test-ft"
176 passphrase="12345678"
177
178 params = ft_params1a(ssid=ssid, passphrase=passphrase)
179 params['ft_psk_generate_local'] = "1";
180 del params['pmk_r1_push']
181 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
182 params = ft_params2a(ssid=ssid, passphrase=passphrase)
183 params['ft_psk_generate_local'] = "1";
184 del params['pmk_r1_push']
185 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
186
187 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
188 if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"):
189 raise Exception("Scan results missing RSN element info")
190
191 def test_ap_ft_many(dev, apdev):
192 """WPA2-PSK-FT AP multiple times"""
193 ssid = "test-ft"
194 passphrase="12345678"
195
196 params = ft_params1(ssid=ssid, passphrase=passphrase)
197 hapd0 = hostapd.add_ap(apdev[0], params)
198 params = ft_params2(ssid=ssid, passphrase=passphrase)
199 hapd1 = hostapd.add_ap(apdev[1], params)
200
201 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, roams=50)
202
203 def test_ap_ft_mixed(dev, apdev):
204 """WPA2-PSK-FT mixed-mode AP"""
205 ssid = "test-ft-mixed"
206 passphrase="12345678"
207
208 params = ft_params1(rsn=False, ssid=ssid, passphrase=passphrase)
209 hapd = hostapd.add_ap(apdev[0], params)
210 key_mgmt = hapd.get_config()['key_mgmt']
211 vals = key_mgmt.split(' ')
212 if vals[0] != "WPA-PSK" or vals[1] != "FT-PSK":
213 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
214 params = ft_params2(rsn=False, ssid=ssid, passphrase=passphrase)
215 hapd1 = hostapd.add_ap(apdev[1], params)
216
217 run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase)
218
219 def test_ap_ft_pmf(dev, apdev):
220 """WPA2-PSK-FT AP with PMF"""
221 ssid = "test-ft"
222 passphrase="12345678"
223
224 params = ft_params1(ssid=ssid, passphrase=passphrase)
225 params["ieee80211w"] = "2"
226 hapd0 = hostapd.add_ap(apdev[0], params)
227 params = ft_params2(ssid=ssid, passphrase=passphrase)
228 params["ieee80211w"] = "2"
229 hapd1 = hostapd.add_ap(apdev[1], params)
230
231 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
232
233 def test_ap_ft_over_ds(dev, apdev):
234 """WPA2-PSK-FT AP over DS"""
235 ssid = "test-ft"
236 passphrase="12345678"
237
238 params = ft_params1(ssid=ssid, passphrase=passphrase)
239 hapd0 = hostapd.add_ap(apdev[0], params)
240 params = ft_params2(ssid=ssid, passphrase=passphrase)
241 hapd1 = hostapd.add_ap(apdev[1], params)
242
243 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True)
244 check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"),
245 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4") ])
246
247 def test_ap_ft_over_ds_disabled(dev, apdev):
248 """WPA2-PSK-FT AP over DS disabled"""
249 ssid = "test-ft"
250 passphrase="12345678"
251
252 params = ft_params1(ssid=ssid, passphrase=passphrase)
253 params['ft_over_ds'] = '0'
254 hapd0 = hostapd.add_ap(apdev[0], params)
255 params = ft_params2(ssid=ssid, passphrase=passphrase)
256 params['ft_over_ds'] = '0'
257 hapd1 = hostapd.add_ap(apdev[1], params)
258
259 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
260 fail_test=True)
261
262 def test_ap_ft_over_ds_many(dev, apdev):
263 """WPA2-PSK-FT AP over DS multiple times"""
264 ssid = "test-ft"
265 passphrase="12345678"
266
267 params = ft_params1(ssid=ssid, passphrase=passphrase)
268 hapd0 = hostapd.add_ap(apdev[0], params)
269 params = ft_params2(ssid=ssid, passphrase=passphrase)
270 hapd1 = hostapd.add_ap(apdev[1], params)
271
272 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
273 roams=50)
274
275 @remote_compatible
276 def test_ap_ft_over_ds_unknown_target(dev, apdev):
277 """WPA2-PSK-FT AP"""
278 ssid = "test-ft"
279 passphrase="12345678"
280
281 params = ft_params1(ssid=ssid, passphrase=passphrase)
282 hapd0 = hostapd.add_ap(apdev[0], params)
283
284 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
285 scan_freq="2412")
286 dev[0].roam_over_ds("02:11:22:33:44:55", fail_test=True)
287
288 @remote_compatible
289 def test_ap_ft_over_ds_unexpected(dev, apdev):
290 """WPA2-PSK-FT AP over DS and unexpected response"""
291 ssid = "test-ft"
292 passphrase="12345678"
293
294 params = ft_params1(ssid=ssid, passphrase=passphrase)
295 hapd0 = hostapd.add_ap(apdev[0], params)
296 params = ft_params2(ssid=ssid, passphrase=passphrase)
297 hapd1 = hostapd.add_ap(apdev[1], params)
298
299 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
300 scan_freq="2412")
301 if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
302 ap1 = apdev[0]
303 ap2 = apdev[1]
304 hapd1ap = hapd0
305 hapd2ap = hapd1
306 else:
307 ap1 = apdev[1]
308 ap2 = apdev[0]
309 hapd1ap = hapd1
310 hapd2ap = hapd0
311
312 addr = dev[0].own_addr()
313 hapd1ap.set("ext_mgmt_frame_handling", "1")
314 logger.info("Foreign STA address")
315 msg = {}
316 msg['fc'] = 13 << 4
317 msg['da'] = addr
318 msg['sa'] = ap1['bssid']
319 msg['bssid'] = ap1['bssid']
320 msg['payload'] = binascii.unhexlify("06021122334455660102030405060000")
321 hapd1ap.mgmt_tx(msg)
322
323 logger.info("No over-the-DS in progress")
324 msg['payload'] = binascii.unhexlify("0602" + addr.replace(':', '') + "0102030405060000")
325 hapd1ap.mgmt_tx(msg)
326
327 logger.info("Non-zero status code")
328 msg['payload'] = binascii.unhexlify("0602" + addr.replace(':', '') + "0102030405060100")
329 hapd1ap.mgmt_tx(msg)
330
331 hapd1ap.dump_monitor()
332
333 dev[0].scan_for_bss(ap2['bssid'], freq="2412")
334 if "OK" not in dev[0].request("FT_DS " + ap2['bssid']):
335 raise Exception("FT_DS failed")
336
337 req = hapd1ap.mgmt_rx()
338
339 logger.info("Foreign Target AP")
340 msg['payload'] = binascii.unhexlify("0602" + addr.replace(':', '') + "0102030405060000")
341 hapd1ap.mgmt_tx(msg)
342
343 addrs = addr.replace(':', '') + ap2['bssid'].replace(':', '')
344
345 logger.info("No IEs")
346 msg['payload'] = binascii.unhexlify("0602" + addrs + "0000")
347 hapd1ap.mgmt_tx(msg)
348
349 logger.info("Invalid IEs (trigger parsing failure)")
350 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003700")
351 hapd1ap.mgmt_tx(msg)
352
353 logger.info("Too short MDIE")
354 msg['payload'] = binascii.unhexlify("0602" + addrs + "000036021122")
355 hapd1ap.mgmt_tx(msg)
356
357 logger.info("Mobility domain mismatch")
358 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603112201")
359 hapd1ap.mgmt_tx(msg)
360
361 logger.info("No FTIE")
362 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201")
363 hapd1ap.mgmt_tx(msg)
364
365 logger.info("FTIE SNonce mismatch")
366 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "1000000000000000000000000000000000000000000000000000000000000001" + "030a6e6173322e77312e6669")
367 hapd1ap.mgmt_tx(msg)
368
369 logger.info("No R0KH-ID subelem in FTIE")
370 snonce = binascii.hexlify(req['payload'][111:111+32])
371 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b20137520000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce)
372 hapd1ap.mgmt_tx(msg)
373
374 logger.info("No R0KH-ID subelem mismatch in FTIE")
375 snonce = binascii.hexlify(req['payload'][111:111+32])
376 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce + "030a11223344556677889900")
377 hapd1ap.mgmt_tx(msg)
378
379 logger.info("No R1KH-ID subelem in FTIE")
380 r0khid = binascii.hexlify(req['payload'][145:145+10])
381 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce + "030a" + r0khid)
382 hapd1ap.mgmt_tx(msg)
383
384 logger.info("No RSNE")
385 r0khid = binascii.hexlify(req['payload'][145:145+10])
386 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b20137660000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce + "030a" + r0khid + "0106000102030405")
387 hapd1ap.mgmt_tx(msg)
388
389 def test_ap_ft_pmf_over_ds(dev, apdev):
390 """WPA2-PSK-FT AP over DS with PMF"""
391 ssid = "test-ft"
392 passphrase="12345678"
393
394 params = ft_params1(ssid=ssid, passphrase=passphrase)
395 params["ieee80211w"] = "2"
396 hapd0 = hostapd.add_ap(apdev[0], params)
397 params = ft_params2(ssid=ssid, passphrase=passphrase)
398 params["ieee80211w"] = "2"
399 hapd1 = hostapd.add_ap(apdev[1], params)
400
401 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True)
402
403 def test_ap_ft_over_ds_pull(dev, apdev):
404 """WPA2-PSK-FT AP over DS (pull PMK)"""
405 ssid = "test-ft"
406 passphrase="12345678"
407
408 params = ft_params1(ssid=ssid, passphrase=passphrase)
409 params["pmk_r1_push"] = "0"
410 hapd0 = hostapd.add_ap(apdev[0], params)
411 params = ft_params2(ssid=ssid, passphrase=passphrase)
412 params["pmk_r1_push"] = "0"
413 hapd1 = hostapd.add_ap(apdev[1], params)
414
415 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True)
416
417 def test_ap_ft_sae(dev, apdev):
418 """WPA2-PSK-FT-SAE AP"""
419 if "SAE" not in dev[0].get_capability("auth_alg"):
420 raise HwsimSkip("SAE not supported")
421 ssid = "test-ft"
422 passphrase="12345678"
423
424 params = ft_params1(ssid=ssid, passphrase=passphrase)
425 params['wpa_key_mgmt'] = "FT-SAE"
426 hapd0 = hostapd.add_ap(apdev[0], params)
427 params = ft_params2(ssid=ssid, passphrase=passphrase)
428 params['wpa_key_mgmt'] = "FT-SAE"
429 hapd = hostapd.add_ap(apdev[1], params)
430 key_mgmt = hapd.get_config()['key_mgmt']
431 if key_mgmt.split(' ')[0] != "FT-SAE":
432 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
433
434 dev[0].request("SET sae_groups ")
435 run_roams(dev[0], apdev, hapd0, hapd, ssid, passphrase, sae=True)
436
437 def test_ap_ft_sae_over_ds(dev, apdev):
438 """WPA2-PSK-FT-SAE AP over DS"""
439 if "SAE" not in dev[0].get_capability("auth_alg"):
440 raise HwsimSkip("SAE not supported")
441 ssid = "test-ft"
442 passphrase="12345678"
443
444 params = ft_params1(ssid=ssid, passphrase=passphrase)
445 params['wpa_key_mgmt'] = "FT-SAE"
446 hapd0 = hostapd.add_ap(apdev[0], params)
447 params = ft_params2(ssid=ssid, passphrase=passphrase)
448 params['wpa_key_mgmt'] = "FT-SAE"
449 hapd1 = hostapd.add_ap(apdev[1], params)
450
451 dev[0].request("SET sae_groups ")
452 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, sae=True,
453 over_ds=True)
454
455 def test_ap_ft_eap(dev, apdev):
456 """WPA2-EAP-FT AP"""
457 ssid = "test-ft"
458 passphrase="12345678"
459
460 radius = hostapd.radius_params()
461 params = ft_params1(ssid=ssid, passphrase=passphrase)
462 params['wpa_key_mgmt'] = "FT-EAP"
463 params["ieee8021x"] = "1"
464 params = dict(radius.items() + params.items())
465 hapd = hostapd.add_ap(apdev[0], params)
466 key_mgmt = hapd.get_config()['key_mgmt']
467 if key_mgmt.split(' ')[0] != "FT-EAP":
468 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
469 params = ft_params2(ssid=ssid, passphrase=passphrase)
470 params['wpa_key_mgmt'] = "FT-EAP"
471 params["ieee8021x"] = "1"
472 params = dict(radius.items() + params.items())
473 hapd1 = hostapd.add_ap(apdev[1], params)
474
475 run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True)
476 if "[WPA2-FT/EAP-CCMP]" not in dev[0].request("SCAN_RESULTS"):
477 raise Exception("Scan results missing RSN element info")
478 check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-3"),
479 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-3") ])
480
481 # Verify EAPOL reauthentication after FT protocol
482 if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
483 ap = hapd
484 else:
485 ap = hapd1
486 ap.request("EAPOL_REAUTH " + dev[0].own_addr())
487 ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)
488 if ev is None:
489 raise Exception("EAP authentication did not start")
490 ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=5)
491 if ev is None:
492 raise Exception("EAP authentication did not succeed")
493 time.sleep(0.1)
494 hwsim_utils.test_connectivity(dev[0], ap)
495
496 def test_ap_ft_eap_pull(dev, apdev):
497 """WPA2-EAP-FT AP (pull PMK)"""
498 ssid = "test-ft"
499 passphrase="12345678"
500
501 radius = hostapd.radius_params()
502 params = ft_params1(ssid=ssid, passphrase=passphrase)
503 params['wpa_key_mgmt'] = "FT-EAP"
504 params["ieee8021x"] = "1"
505 params["pmk_r1_push"] = "0"
506 params = dict(radius.items() + params.items())
507 hapd = hostapd.add_ap(apdev[0], params)
508 key_mgmt = hapd.get_config()['key_mgmt']
509 if key_mgmt.split(' ')[0] != "FT-EAP":
510 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
511 params = ft_params2(ssid=ssid, passphrase=passphrase)
512 params['wpa_key_mgmt'] = "FT-EAP"
513 params["ieee8021x"] = "1"
514 params["pmk_r1_push"] = "0"
515 params = dict(radius.items() + params.items())
516 hapd1 = hostapd.add_ap(apdev[1], params)
517
518 run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True)
519
520 @remote_compatible
521 def test_ap_ft_mismatching_rrb_key_push(dev, apdev):
522 """WPA2-PSK-FT AP over DS with mismatching RRB key (push)"""
523 ssid = "test-ft"
524 passphrase="12345678"
525
526 params = ft_params1(ssid=ssid, passphrase=passphrase)
527 params["ieee80211w"] = "2"
528 hapd0 = hostapd.add_ap(apdev[0], params)
529 params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase)
530 params["ieee80211w"] = "2"
531 hapd1 = hostapd.add_ap(apdev[1], params)
532
533 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
534 fail_test=True)
535
536 @remote_compatible
537 def test_ap_ft_mismatching_rrb_key_pull(dev, apdev):
538 """WPA2-PSK-FT AP over DS with mismatching RRB key (pull)"""
539 ssid = "test-ft"
540 passphrase="12345678"
541
542 params = ft_params1(ssid=ssid, passphrase=passphrase)
543 params["pmk_r1_push"] = "0"
544 hapd0 = hostapd.add_ap(apdev[0], params)
545 params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase)
546 params["pmk_r1_push"] = "0"
547 hapd1 = hostapd.add_ap(apdev[1], params)
548
549 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
550 fail_test=True)
551
552 @remote_compatible
553 def test_ap_ft_mismatching_r0kh_id_pull(dev, apdev):
554 """WPA2-PSK-FT AP over DS with mismatching R0KH-ID (pull)"""
555 ssid = "test-ft"
556 passphrase="12345678"
557
558 params = ft_params1(ssid=ssid, passphrase=passphrase)
559 params["pmk_r1_push"] = "0"
560 params["nas_identifier"] = "nas0.w1.fi"
561 hostapd.add_ap(apdev[0], params)
562 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
563 scan_freq="2412")
564
565 params = ft_params2(ssid=ssid, passphrase=passphrase)
566 params["pmk_r1_push"] = "0"
567 hostapd.add_ap(apdev[1], params)
568
569 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
570 dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True)
571
572 @remote_compatible
573 def test_ap_ft_mismatching_rrb_r0kh_push(dev, apdev):
574 """WPA2-PSK-FT AP over DS with mismatching R0KH key (push)"""
575 ssid = "test-ft"
576 passphrase="12345678"
577
578 params = ft_params1(ssid=ssid, passphrase=passphrase)
579 params["ieee80211w"] = "2"
580 hapd0 = hostapd.add_ap(apdev[0], params)
581 params = ft_params2_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
582 params["ieee80211w"] = "2"
583 hapd1 = hostapd.add_ap(apdev[1], params)
584
585 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
586 fail_test=True)
587
588 @remote_compatible
589 def test_ap_ft_mismatching_rrb_r0kh_pull(dev, apdev):
590 """WPA2-PSK-FT AP over DS with mismatching R0KH key (pull)"""
591 ssid = "test-ft"
592 passphrase="12345678"
593
594 params = ft_params1_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
595 params["pmk_r1_push"] = "0"
596 hapd0 = hostapd.add_ap(apdev[0], params)
597 params = ft_params2(ssid=ssid, passphrase=passphrase)
598 params["pmk_r1_push"] = "0"
599 hapd1 = hostapd.add_ap(apdev[1], params)
600
601 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
602 fail_test=True)
603
604 def test_ap_ft_mismatching_rrb_key_push_eap(dev, apdev):
605 """WPA2-EAP-FT AP over DS with mismatching RRB key (push)"""
606 ssid = "test-ft"
607 passphrase="12345678"
608
609 radius = hostapd.radius_params()
610 params = ft_params1(ssid=ssid, passphrase=passphrase)
611 params["ieee80211w"] = "2";
612 params['wpa_key_mgmt'] = "FT-EAP"
613 params["ieee8021x"] = "1"
614 params = dict(radius.items() + params.items())
615 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
616 params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase)
617 params["ieee80211w"] = "2";
618 params['wpa_key_mgmt'] = "FT-EAP"
619 params["ieee8021x"] = "1"
620 params = dict(radius.items() + params.items())
621 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
622
623 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
624 fail_test=True, eap=True)
625
626 def test_ap_ft_mismatching_rrb_key_pull_eap(dev, apdev):
627 """WPA2-EAP-FT AP over DS with mismatching RRB key (pull)"""
628 ssid = "test-ft"
629 passphrase="12345678"
630
631 radius = hostapd.radius_params()
632 params = ft_params1(ssid=ssid, passphrase=passphrase)
633 params["pmk_r1_push"] = "0"
634 params['wpa_key_mgmt'] = "FT-EAP"
635 params["ieee8021x"] = "1"
636 params = dict(radius.items() + params.items())
637 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
638 params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase)
639 params["pmk_r1_push"] = "0"
640 params['wpa_key_mgmt'] = "FT-EAP"
641 params["ieee8021x"] = "1"
642 params = dict(radius.items() + params.items())
643 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
644
645 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
646 fail_test=True, eap=True)
647
648 def test_ap_ft_mismatching_r0kh_id_pull_eap(dev, apdev):
649 """WPA2-EAP-FT AP over DS with mismatching R0KH-ID (pull)"""
650 ssid = "test-ft"
651 passphrase="12345678"
652
653 radius = hostapd.radius_params()
654 params = ft_params1(ssid=ssid, passphrase=passphrase)
655 params["pmk_r1_push"] = "0"
656 params["nas_identifier"] = "nas0.w1.fi"
657 params['wpa_key_mgmt'] = "FT-EAP"
658 params["ieee8021x"] = "1"
659 params = dict(radius.items() + params.items())
660 hostapd.add_ap(apdev[0]['ifname'], params)
661 dev[0].connect(ssid, key_mgmt="FT-EAP", proto="WPA2", ieee80211w="1",
662 eap="GPSK", identity="gpsk user",
663 password="abcdefghijklmnop0123456789abcdef",
664 scan_freq="2412")
665
666 params = ft_params2(ssid=ssid, passphrase=passphrase)
667 params["pmk_r1_push"] = "0"
668 params['wpa_key_mgmt'] = "FT-EAP"
669 params["ieee8021x"] = "1"
670 params = dict(radius.items() + params.items())
671 hostapd.add_ap(apdev[1]['ifname'], params)
672
673 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
674 dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True)
675
676 def test_ap_ft_mismatching_rrb_r0kh_push_eap(dev, apdev):
677 """WPA2-EAP-FT AP over DS with mismatching R0KH key (push)"""
678 ssid = "test-ft"
679 passphrase="12345678"
680
681 radius = hostapd.radius_params()
682 params = ft_params1(ssid=ssid, passphrase=passphrase)
683 params["ieee80211w"] = "2";
684 params['wpa_key_mgmt'] = "FT-EAP"
685 params["ieee8021x"] = "1"
686 params = dict(radius.items() + params.items())
687 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
688 params = ft_params2_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
689 params["ieee80211w"] = "2";
690 params['wpa_key_mgmt'] = "FT-EAP"
691 params["ieee8021x"] = "1"
692 params = dict(radius.items() + params.items())
693 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
694
695 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
696 fail_test=True, eap=True)
697
698 def test_ap_ft_mismatching_rrb_r0kh_pull_eap(dev, apdev):
699 """WPA2-EAP-FT AP over DS with mismatching R0KH key (pull)"""
700 ssid = "test-ft"
701 passphrase="12345678"
702
703 radius = hostapd.radius_params()
704 params = ft_params1_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
705 params["pmk_r1_push"] = "0"
706 params['wpa_key_mgmt'] = "FT-EAP"
707 params["ieee8021x"] = "1"
708 params = dict(radius.items() + params.items())
709 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
710 params = ft_params2(ssid=ssid, passphrase=passphrase)
711 params["pmk_r1_push"] = "0"
712 params['wpa_key_mgmt'] = "FT-EAP"
713 params["ieee8021x"] = "1"
714 params = dict(radius.items() + params.items())
715 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
716
717 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
718 fail_test=True, eap=True)
719
720 def test_ap_ft_gtk_rekey(dev, apdev):
721 """WPA2-PSK-FT AP and GTK rekey"""
722 ssid = "test-ft"
723 passphrase="12345678"
724
725 params = ft_params1(ssid=ssid, passphrase=passphrase)
726 params['wpa_group_rekey'] = '1'
727 hapd = hostapd.add_ap(apdev[0], params)
728
729 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
730 ieee80211w="1", scan_freq="2412")
731
732 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
733 if ev is None:
734 raise Exception("GTK rekey timed out after initial association")
735 hwsim_utils.test_connectivity(dev[0], hapd)
736
737 params = ft_params2(ssid=ssid, passphrase=passphrase)
738 params['wpa_group_rekey'] = '1'
739 hapd1 = hostapd.add_ap(apdev[1], params)
740
741 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
742 dev[0].roam(apdev[1]['bssid'])
743 if dev[0].get_status_field('bssid') != apdev[1]['bssid']:
744 raise Exception("Did not connect to correct AP")
745 hwsim_utils.test_connectivity(dev[0], hapd1)
746
747 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
748 if ev is None:
749 raise Exception("GTK rekey timed out after FT protocol")
750 hwsim_utils.test_connectivity(dev[0], hapd1)
751
752 def test_ft_psk_key_lifetime_in_memory(dev, apdev, params):
753 """WPA2-PSK-FT and key lifetime in memory"""
754 ssid = "test-ft"
755 passphrase="04c2726b4b8d5f1b4db9c07aa4d9e9d8f765cb5d25ec817e6cc4fcdd5255db0"
756 psk = '93c90846ff67af9037ed83fb72b63dbeddaa81d47f926c20909b5886f1d9358d'
757 pmk = binascii.unhexlify(psk)
758 p = ft_params1(ssid=ssid, passphrase=passphrase)
759 hapd0 = hostapd.add_ap(apdev[0], p)
760 p = ft_params2(ssid=ssid, passphrase=passphrase)
761 hapd1 = hostapd.add_ap(apdev[1], p)
762
763 pid = find_wpas_process(dev[0])
764
765 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
766 scan_freq="2412")
767 # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
768 # event has been delivered, so verify that wpa_supplicant has returned to
769 # eloop before reading process memory.
770 time.sleep(1)
771 dev[0].ping()
772
773 buf = read_process_memory(pid, pmk)
774
775 dev[0].request("DISCONNECT")
776 dev[0].wait_disconnected()
777
778 dev[0].relog()
779 pmkr0 = None
780 pmkr1 = None
781 ptk = None
782 gtk = None
783 with open(os.path.join(params['logdir'], 'log0'), 'r') as f:
784 for l in f.readlines():
785 if "FT: PMK-R0 - hexdump" in l:
786 val = l.strip().split(':')[3].replace(' ', '')
787 pmkr0 = binascii.unhexlify(val)
788 if "FT: PMK-R1 - hexdump" in l:
789 val = l.strip().split(':')[3].replace(' ', '')
790 pmkr1 = binascii.unhexlify(val)
791 if "FT: KCK - hexdump" in l:
792 val = l.strip().split(':')[3].replace(' ', '')
793 kck = binascii.unhexlify(val)
794 if "FT: KEK - hexdump" in l:
795 val = l.strip().split(':')[3].replace(' ', '')
796 kek = binascii.unhexlify(val)
797 if "FT: TK - hexdump" in l:
798 val = l.strip().split(':')[3].replace(' ', '')
799 tk = binascii.unhexlify(val)
800 if "WPA: Group Key - hexdump" in l:
801 val = l.strip().split(':')[3].replace(' ', '')
802 gtk = binascii.unhexlify(val)
803 if not pmkr0 or not pmkr1 or not kck or not kek or not tk or not gtk:
804 raise Exception("Could not find keys from debug log")
805 if len(gtk) != 16:
806 raise Exception("Unexpected GTK length")
807
808 logger.info("Checking keys in memory while associated")
809 get_key_locations(buf, pmk, "PMK")
810 get_key_locations(buf, pmkr0, "PMK-R0")
811 get_key_locations(buf, pmkr1, "PMK-R1")
812 if pmk not in buf:
813 raise HwsimSkip("PMK not found while associated")
814 if pmkr0 not in buf:
815 raise HwsimSkip("PMK-R0 not found while associated")
816 if pmkr1 not in buf:
817 raise HwsimSkip("PMK-R1 not found while associated")
818 if kck not in buf:
819 raise Exception("KCK not found while associated")
820 if kek not in buf:
821 raise Exception("KEK not found while associated")
822 if tk in buf:
823 raise Exception("TK found from memory")
824 if gtk in buf:
825 get_key_locations(buf, gtk, "GTK")
826 raise Exception("GTK found from memory")
827
828 logger.info("Checking keys in memory after disassociation")
829 buf = read_process_memory(pid, pmk)
830 get_key_locations(buf, pmk, "PMK")
831 get_key_locations(buf, pmkr0, "PMK-R0")
832 get_key_locations(buf, pmkr1, "PMK-R1")
833
834 # Note: PMK/PSK is still present in network configuration
835
836 fname = os.path.join(params['logdir'],
837 'ft_psk_key_lifetime_in_memory.memctx-')
838 verify_not_present(buf, pmkr0, fname, "PMK-R0")
839 verify_not_present(buf, pmkr1, fname, "PMK-R1")
840 verify_not_present(buf, kck, fname, "KCK")
841 verify_not_present(buf, kek, fname, "KEK")
842 verify_not_present(buf, tk, fname, "TK")
843 verify_not_present(buf, gtk, fname, "GTK")
844
845 dev[0].request("REMOVE_NETWORK all")
846
847 logger.info("Checking keys in memory after network profile removal")
848 buf = read_process_memory(pid, pmk)
849 get_key_locations(buf, pmk, "PMK")
850 get_key_locations(buf, pmkr0, "PMK-R0")
851 get_key_locations(buf, pmkr1, "PMK-R1")
852
853 verify_not_present(buf, pmk, fname, "PMK")
854 verify_not_present(buf, pmkr0, fname, "PMK-R0")
855 verify_not_present(buf, pmkr1, fname, "PMK-R1")
856 verify_not_present(buf, kck, fname, "KCK")
857 verify_not_present(buf, kek, fname, "KEK")
858 verify_not_present(buf, tk, fname, "TK")
859 verify_not_present(buf, gtk, fname, "GTK")
860
861 @remote_compatible
862 def test_ap_ft_invalid_resp(dev, apdev):
863 """WPA2-PSK-FT AP and invalid response IEs"""
864 ssid = "test-ft"
865 passphrase="12345678"
866
867 params = ft_params1(ssid=ssid, passphrase=passphrase)
868 hapd0 = hostapd.add_ap(apdev[0], params)
869 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
870 scan_freq="2412")
871
872 params = ft_params2(ssid=ssid, passphrase=passphrase)
873 hapd1 = hostapd.add_ap(apdev[1], params)
874
875 tests = [
876 # Various IEs for test coverage. The last one is FTIE with invalid
877 # R1KH-ID subelement.
878 "020002000000" + "3800" + "38051122334455" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010100",
879 # FTIE with invalid R0KH-ID subelement (len=0).
880 "020002000000" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010300",
881 # FTIE with invalid R0KH-ID subelement (len=49).
882 "020002000000" + "378500010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001033101020304050607080910111213141516171819202122232425262728293031323334353637383940414243444546474849",
883 # Invalid RSNE.
884 "020002000000" + "3000",
885 # Required IEs missing from protected IE count.
886 "020002000000" + "3603a1b201" + "375200010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
887 # RIC missing from protected IE count.
888 "020002000000" + "3603a1b201" + "375200020203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
889 # Protected IE missing.
890 "020002000000" + "3603a1b201" + "375200ff0203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900" + "0000" ]
891 for t in tests:
892 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
893 hapd1.set("ext_mgmt_frame_handling", "1")
894 hapd1.dump_monitor()
895 if "OK" not in dev[0].request("ROAM " + apdev[1]['bssid']):
896 raise Exception("ROAM failed")
897 auth = None
898 for i in range(20):
899 msg = hapd1.mgmt_rx()
900 if msg['subtype'] == 11:
901 auth = msg
902 break
903 if not auth:
904 raise Exception("Authentication frame not seen")
905
906 resp = {}
907 resp['fc'] = auth['fc']
908 resp['da'] = auth['sa']
909 resp['sa'] = auth['da']
910 resp['bssid'] = auth['bssid']
911 resp['payload'] = binascii.unhexlify(t)
912 hapd1.mgmt_tx(resp)
913 hapd1.set("ext_mgmt_frame_handling", "0")
914 dev[0].wait_disconnected()
915
916 dev[0].request("RECONNECT")
917 dev[0].wait_connected()
918
919 def test_ap_ft_gcmp_256(dev, apdev):
920 """WPA2-PSK-FT AP with GCMP-256 cipher"""
921 if "GCMP-256" not in dev[0].get_capability("pairwise"):
922 raise HwsimSkip("Cipher GCMP-256 not supported")
923 ssid = "test-ft"
924 passphrase="12345678"
925
926 params = ft_params1(ssid=ssid, passphrase=passphrase)
927 params['rsn_pairwise'] = "GCMP-256"
928 hapd0 = hostapd.add_ap(apdev[0], params)
929 params = ft_params2(ssid=ssid, passphrase=passphrase)
930 params['rsn_pairwise'] = "GCMP-256"
931 hapd1 = hostapd.add_ap(apdev[1], params)
932
933 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase,
934 pairwise_cipher="GCMP-256", group_cipher="GCMP-256")
935
936 def test_ap_ft_oom(dev, apdev):
937 """WPA2-PSK-FT and OOM"""
938 skip_with_fips(dev[0])
939 ssid = "test-ft"
940 passphrase="12345678"
941
942 params = ft_params1(ssid=ssid, passphrase=passphrase)
943 hapd0 = hostapd.add_ap(apdev[0], params)
944 params = ft_params2(ssid=ssid, passphrase=passphrase)
945 hapd1 = hostapd.add_ap(apdev[1], params)
946
947 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
948 scan_freq="2412")
949 if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
950 dst = apdev[1]['bssid']
951 else:
952 dst = apdev[0]['bssid']
953
954 dev[0].scan_for_bss(dst, freq="2412")
955 with alloc_fail(dev[0], 1, "wpa_ft_gen_req_ies"):
956 dev[0].roam(dst)
957 with fail_test(dev[0], 1, "wpa_ft_mic"):
958 dev[0].roam(dst, fail_test=True)
959 with fail_test(dev[0], 1, "os_get_random;wpa_ft_prepare_auth_request"):
960 dev[0].roam(dst, fail_test=True)
961
962 dev[0].request("REMOVE_NETWORK all")
963 with alloc_fail(dev[0], 1, "=sme_update_ft_ies"):
964 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
965 scan_freq="2412")
966
967 def test_ap_ft_ap_oom(dev, apdev):
968 """WPA2-PSK-FT and AP OOM"""
969 ssid = "test-ft"
970 passphrase="12345678"
971
972 params = ft_params1(ssid=ssid, passphrase=passphrase)
973 hapd0 = hostapd.add_ap(apdev[0], params)
974 bssid0 = hapd0.own_addr()
975
976 dev[0].scan_for_bss(bssid0, freq="2412")
977 with alloc_fail(hapd0, 1, "wpa_ft_store_pmk_r0"):
978 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
979 scan_freq="2412")
980
981 params = ft_params2(ssid=ssid, passphrase=passphrase)
982 hapd1 = hostapd.add_ap(apdev[1], params)
983 bssid1 = hapd1.own_addr()
984 dev[0].scan_for_bss(bssid1, freq="2412")
985 # This roam will fail due to missing PMK-R0 (OOM prevented storing it)
986 dev[0].roam(bssid1)
987
988 def test_ap_ft_ap_oom2(dev, apdev):
989 """WPA2-PSK-FT and AP OOM 2"""
990 ssid = "test-ft"
991 passphrase="12345678"
992
993 params = ft_params1(ssid=ssid, passphrase=passphrase)
994 hapd0 = hostapd.add_ap(apdev[0], params)
995 bssid0 = hapd0.own_addr()
996
997 dev[0].scan_for_bss(bssid0, freq="2412")
998 with alloc_fail(hapd0, 1, "wpa_ft_store_pmk_r1"):
999 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1000 scan_freq="2412")
1001
1002 params = ft_params2(ssid=ssid, passphrase=passphrase)
1003 hapd1 = hostapd.add_ap(apdev[1], params)
1004 bssid1 = hapd1.own_addr()
1005 dev[0].scan_for_bss(bssid1, freq="2412")
1006 dev[0].roam(bssid1)
1007 if dev[0].get_status_field('bssid') != bssid1:
1008 raise Exception("Did not roam to AP1")
1009 # This roam will fail due to missing PMK-R1 (OOM prevented storing it)
1010 dev[0].roam(bssid0)
1011
1012 def test_ap_ft_ap_oom3(dev, apdev):
1013 """WPA2-PSK-FT and AP OOM 3"""
1014 ssid = "test-ft"
1015 passphrase="12345678"
1016
1017 params = ft_params1(ssid=ssid, passphrase=passphrase)
1018 hapd0 = hostapd.add_ap(apdev[0], params)
1019 bssid0 = hapd0.own_addr()
1020
1021 dev[0].scan_for_bss(bssid0, freq="2412")
1022 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1023 scan_freq="2412")
1024
1025 params = ft_params2(ssid=ssid, passphrase=passphrase)
1026 hapd1 = hostapd.add_ap(apdev[1], params)
1027 bssid1 = hapd1.own_addr()
1028 dev[0].scan_for_bss(bssid1, freq="2412")
1029 with alloc_fail(hapd1, 1, "wpa_ft_pull_pmk_r1"):
1030 # This will fail due to not being able to send out PMK-R1 pull request
1031 dev[0].roam(bssid1)
1032
1033 with fail_test(hapd1, 1, "os_get_random;wpa_ft_pull_pmk_r1"):
1034 # This will fail due to not being able to send out PMK-R1 pull request
1035 dev[0].roam(bssid1)
1036
1037 with fail_test(hapd1, 1, "aes_wrap;wpa_ft_pull_pmk_r1"):
1038 # This will fail due to not being able to send out PMK-R1 pull request
1039 dev[0].roam(bssid1)
1040
1041 def test_ap_ft_ap_oom4(dev, apdev):
1042 """WPA2-PSK-FT and AP OOM 4"""
1043 ssid = "test-ft"
1044 passphrase="12345678"
1045
1046 params = ft_params1(ssid=ssid, passphrase=passphrase)
1047 hapd0 = hostapd.add_ap(apdev[0], params)
1048 bssid0 = hapd0.own_addr()
1049
1050 dev[0].scan_for_bss(bssid0, freq="2412")
1051 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1052 scan_freq="2412")
1053
1054 params = ft_params2(ssid=ssid, passphrase=passphrase)
1055 hapd1 = hostapd.add_ap(apdev[1], params)
1056 bssid1 = hapd1.own_addr()
1057 dev[0].scan_for_bss(bssid1, freq="2412")
1058 with alloc_fail(hapd1, 1, "wpa_ft_gtk_subelem"):
1059 dev[0].roam(bssid1)
1060 if dev[0].get_status_field('bssid') != bssid1:
1061 raise Exception("Did not roam to AP1")
1062
1063 with fail_test(hapd0, 1, "wpa_auth_get_seqnum;wpa_ft_gtk_subelem"):
1064 dev[0].roam(bssid0)
1065 if dev[0].get_status_field('bssid') != bssid0:
1066 raise Exception("Did not roam to AP0")
1067
1068 with fail_test(hapd0, 1, "aes_wrap;wpa_ft_gtk_subelem"):
1069 dev[0].roam(bssid1)
1070 if dev[0].get_status_field('bssid') != bssid1:
1071 raise Exception("Did not roam to AP1")
1072
1073 def test_ap_ft_ap_oom5(dev, apdev):
1074 """WPA2-PSK-FT and AP OOM 5"""
1075 ssid = "test-ft"
1076 passphrase="12345678"
1077
1078 params = ft_params1(ssid=ssid, passphrase=passphrase)
1079 hapd0 = hostapd.add_ap(apdev[0], params)
1080 bssid0 = hapd0.own_addr()
1081
1082 dev[0].scan_for_bss(bssid0, freq="2412")
1083 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1084 scan_freq="2412")
1085
1086 params = ft_params2(ssid=ssid, passphrase=passphrase)
1087 hapd1 = hostapd.add_ap(apdev[1], params)
1088 bssid1 = hapd1.own_addr()
1089 dev[0].scan_for_bss(bssid1, freq="2412")
1090 with alloc_fail(hapd1, 1, "=wpa_ft_process_auth_req"):
1091 # This will fail to roam
1092 dev[0].roam(bssid1)
1093
1094 with fail_test(hapd1, 1, "os_get_random;wpa_ft_process_auth_req"):
1095 # This will fail to roam
1096 dev[0].roam(bssid1)
1097
1098 with fail_test(hapd1, 1, "sha256_prf_bits;wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
1099 # This will fail to roam
1100 dev[0].roam(bssid1)
1101
1102 with fail_test(hapd1, 3, "wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
1103 # This will fail to roam
1104 dev[0].roam(bssid1)
1105
1106 with fail_test(hapd1, 1, "wpa_derive_pmk_r1_name;wpa_ft_process_auth_req"):
1107 # This will fail to roam
1108 dev[0].roam(bssid1)
1109
1110 def test_ap_ft_ap_oom6(dev, apdev):
1111 """WPA2-PSK-FT and AP OOM 6"""
1112 ssid = "test-ft"
1113 passphrase="12345678"
1114
1115 params = ft_params1(ssid=ssid, passphrase=passphrase)
1116 hapd0 = hostapd.add_ap(apdev[0], params)
1117 bssid0 = hapd0.own_addr()
1118
1119 dev[0].scan_for_bss(bssid0, freq="2412")
1120 with fail_test(hapd0, 1, "wpa_derive_pmk_r0;wpa_auth_derive_ptk_ft"):
1121 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1122 scan_freq="2412")
1123 dev[0].request("REMOVE_NETWORK all")
1124 dev[0].wait_disconnected()
1125 with fail_test(hapd0, 1, "wpa_derive_pmk_r1;wpa_auth_derive_ptk_ft"):
1126 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1127 scan_freq="2412")
1128 dev[0].request("REMOVE_NETWORK all")
1129 dev[0].wait_disconnected()
1130 with fail_test(hapd0, 1, "wpa_pmk_r1_to_ptk;wpa_auth_derive_ptk_ft"):
1131 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1132 scan_freq="2412")
1133
1134 def test_ap_ft_ap_oom7(dev, apdev):
1135 """WPA2-PSK-FT and AP OOM 7"""
1136 ssid = "test-ft"
1137 passphrase="12345678"
1138
1139 params = ft_params1(ssid=ssid, passphrase=passphrase)
1140 params["ieee80211w"] = "2"
1141 hapd0 = hostapd.add_ap(apdev[0], params)
1142 bssid0 = hapd0.own_addr()
1143
1144 dev[0].scan_for_bss(bssid0, freq="2412")
1145 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1146 ieee80211w="2", scan_freq="2412")
1147
1148 params = ft_params2(ssid=ssid, passphrase=passphrase)
1149 params["ieee80211w"] = "2"
1150 hapd1 = hostapd.add_ap(apdev[1], params)
1151 bssid1 = hapd1.own_addr()
1152 dev[0].scan_for_bss(bssid1, freq="2412")
1153 with alloc_fail(hapd1, 1, "wpa_ft_igtk_subelem"):
1154 # This will fail to roam
1155 dev[0].roam(bssid1)
1156 with fail_test(hapd1, 1, "aes_wrap;wpa_ft_igtk_subelem"):
1157 # This will fail to roam
1158 dev[0].roam(bssid1)
1159 with alloc_fail(hapd1, 1, "=wpa_sm_write_assoc_resp_ies"):
1160 # This will fail to roam
1161 dev[0].roam(bssid1)
1162 with fail_test(hapd1, 1, "wpa_ft_mic;wpa_sm_write_assoc_resp_ies"):
1163 # This will fail to roam
1164 dev[0].roam(bssid1)
1165
1166 def test_ap_ft_ap_oom8(dev, apdev):
1167 """WPA2-PSK-FT and AP OOM 8"""
1168 ssid = "test-ft"
1169 passphrase="12345678"
1170
1171 params = ft_params1(ssid=ssid, passphrase=passphrase)
1172 params['ft_psk_generate_local'] = "1";
1173 hapd0 = hostapd.add_ap(apdev[0], params)
1174 bssid0 = hapd0.own_addr()
1175
1176 dev[0].scan_for_bss(bssid0, freq="2412")
1177 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1178 scan_freq="2412")
1179
1180 params = ft_params2(ssid=ssid, passphrase=passphrase)
1181 params['ft_psk_generate_local'] = "1";
1182 hapd1 = hostapd.add_ap(apdev[1], params)
1183 bssid1 = hapd1.own_addr()
1184 dev[0].scan_for_bss(bssid1, freq="2412")
1185 with fail_test(hapd1, 1, "wpa_derive_pmk_r0;wpa_ft_psk_pmk_r1"):
1186 # This will fail to roam
1187 dev[0].roam(bssid1)
1188 with fail_test(hapd1, 1, "wpa_derive_pmk_r1;wpa_ft_psk_pmk_r1"):
1189 # This will fail to roam
1190 dev[0].roam(bssid1)
1191
1192 def test_ap_ft_ap_oom9(dev, apdev):
1193 """WPA2-PSK-FT and AP OOM 9"""
1194 ssid = "test-ft"
1195 passphrase="12345678"
1196
1197 params = ft_params1(ssid=ssid, passphrase=passphrase)
1198 hapd0 = hostapd.add_ap(apdev[0], params)
1199 bssid0 = hapd0.own_addr()
1200
1201 dev[0].scan_for_bss(bssid0, freq="2412")
1202 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1203 scan_freq="2412")
1204
1205 params = ft_params2(ssid=ssid, passphrase=passphrase)
1206 hapd1 = hostapd.add_ap(apdev[1], params)
1207 bssid1 = hapd1.own_addr()
1208 dev[0].scan_for_bss(bssid1, freq="2412")
1209
1210 with alloc_fail(hapd0, 1, "wpa_ft_action_rx"):
1211 # This will fail to roam
1212 if "OK" not in dev[0].request("FT_DS " + bssid1):
1213 raise Exception("FT_DS failed")
1214 wait_fail_trigger(hapd0, "GET_ALLOC_FAIL")
1215
1216 with alloc_fail(hapd1, 1, "wpa_ft_rrb_rx_request"):
1217 # This will fail to roam
1218 if "OK" not in dev[0].request("FT_DS " + bssid1):
1219 raise Exception("FT_DS failed")
1220 wait_fail_trigger(hapd1, "GET_ALLOC_FAIL")
1221
1222 with alloc_fail(hapd1, 1, "wpa_ft_send_rrb_auth_resp"):
1223 # This will fail to roam
1224 if "OK" not in dev[0].request("FT_DS " + bssid1):
1225 raise Exception("FT_DS failed")
1226 wait_fail_trigger(hapd1, "GET_ALLOC_FAIL")
1227
1228 def test_ap_ft_ap_oom10(dev, apdev):
1229 """WPA2-PSK-FT and AP OOM 10"""
1230 ssid = "test-ft"
1231 passphrase="12345678"
1232
1233 params = ft_params1(ssid=ssid, passphrase=passphrase)
1234 hapd0 = hostapd.add_ap(apdev[0], params)
1235 bssid0 = hapd0.own_addr()
1236
1237 dev[0].scan_for_bss(bssid0, freq="2412")
1238 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1239 scan_freq="2412")
1240
1241 params = ft_params2(ssid=ssid, passphrase=passphrase)
1242 hapd1 = hostapd.add_ap(apdev[1], params)
1243 bssid1 = hapd1.own_addr()
1244 dev[0].scan_for_bss(bssid1, freq="2412")
1245
1246 with fail_test(hapd0, 1, "aes_unwrap;wpa_ft_rrb_rx_pull"):
1247 # This will fail to roam
1248 if "OK" not in dev[0].request("FT_DS " + bssid1):
1249 raise Exception("FT_DS failed")
1250 wait_fail_trigger(hapd0, "GET_FAIL")
1251
1252 with fail_test(hapd0, 1, "wpa_derive_pmk_r1;wpa_ft_rrb_rx_pull"):
1253 # This will fail to roam
1254 if "OK" not in dev[0].request("FT_DS " + bssid1):
1255 raise Exception("FT_DS failed")
1256 wait_fail_trigger(hapd0, "GET_FAIL")
1257
1258 with fail_test(hapd0, 1, "aes_wrap;wpa_ft_rrb_rx_pull"):
1259 # This will fail to roam
1260 if "OK" not in dev[0].request("FT_DS " + bssid1):
1261 raise Exception("FT_DS failed")
1262 wait_fail_trigger(hapd0, "GET_FAIL")
1263
1264 with fail_test(hapd1, 1, "aes_unwrap;wpa_ft_rrb_rx_resp"):
1265 # This will fail to roam
1266 if "OK" not in dev[0].request("FT_DS " + bssid1):
1267 raise Exception("FT_DS failed")
1268 wait_fail_trigger(hapd1, "GET_FAIL")
1269
1270 def test_ap_ft_ap_oom11(dev, apdev):
1271 """WPA2-PSK-FT and AP OOM 11"""
1272 ssid = "test-ft"
1273 passphrase="12345678"
1274
1275 params = ft_params1(ssid=ssid, passphrase=passphrase)
1276 hapd0 = hostapd.add_ap(apdev[0], params)
1277 bssid0 = hapd0.own_addr()
1278
1279 dev[0].scan_for_bss(bssid0, freq="2412")
1280 with fail_test(hapd0, 1, "wpa_derive_pmk_r1;wpa_ft_generate_pmk_r1"):
1281 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1282 scan_freq="2412")
1283 wait_fail_trigger(hapd0, "GET_FAIL")
1284
1285 dev[1].scan_for_bss(bssid0, freq="2412")
1286 with fail_test(hapd0, 1, "aes_wrap;wpa_ft_generate_pmk_r1"):
1287 dev[1].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1288 scan_freq="2412")
1289 wait_fail_trigger(hapd0, "GET_FAIL")
1290
1291 def test_ap_ft_over_ds_proto(dev, apdev):
1292 """WPA2-PSK-FT AP over DS protocol testing"""
1293 ssid = "test-ft"
1294 passphrase="12345678"
1295
1296 params = ft_params1(ssid=ssid, passphrase=passphrase)
1297 hapd0 = hostapd.add_ap(apdev[0], params)
1298 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1299 scan_freq="2412")
1300
1301 # FT Action Response while no FT-over-DS in progress
1302 msg = {}
1303 msg['fc'] = 13 << 4
1304 msg['da'] = dev[0].own_addr()
1305 msg['sa'] = apdev[0]['bssid']
1306 msg['bssid'] = apdev[0]['bssid']
1307 msg['payload'] = binascii.unhexlify("06020200000000000200000004000000")
1308 hapd0.mgmt_tx(msg)
1309
1310 params = ft_params2(ssid=ssid, passphrase=passphrase)
1311 hapd1 = hostapd.add_ap(apdev[1], params)
1312 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
1313 hapd0.set("ext_mgmt_frame_handling", "1")
1314 hapd0.dump_monitor()
1315 dev[0].request("FT_DS " + apdev[1]['bssid'])
1316 for i in range(0, 10):
1317 req = hapd0.mgmt_rx()
1318 if req is None:
1319 raise Exception("MGMT RX wait timed out")
1320 if req['subtype'] == 13:
1321 break
1322 req = None
1323 if not req:
1324 raise Exception("FT Action frame not received")
1325
1326 # FT Action Response for unexpected Target AP
1327 msg['payload'] = binascii.unhexlify("0602020000000000" + "f20000000400" + "0000")
1328 hapd0.mgmt_tx(msg)
1329
1330 # FT Action Response without MDIE
1331 msg['payload'] = binascii.unhexlify("0602020000000000" + "020000000400" + "0000")
1332 hapd0.mgmt_tx(msg)
1333
1334 # FT Action Response without FTIE
1335 msg['payload'] = binascii.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201")
1336 hapd0.mgmt_tx(msg)
1337
1338 # FT Action Response with FTIE SNonce mismatch
1339 msg['payload'] = binascii.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201" + "3766000000000000000000000000000000000000c4e67ac1999bebd00ff4ae4d5dcaf87896bb060b469f7c78d49623fb395c3455ffffff6b693fe6f8d8c5dfac0a22344750775bd09437f98b238c9f87b97f790c0106000102030406030a6e6173312e77312e6669")
1340 hapd0.mgmt_tx(msg)
1341
1342 @remote_compatible
1343 def test_ap_ft_rrb(dev, apdev):
1344 """WPA2-PSK-FT RRB protocol testing"""
1345 ssid = "test-ft"
1346 passphrase="12345678"
1347
1348 params = ft_params1(ssid=ssid, passphrase=passphrase)
1349 hapd0 = hostapd.add_ap(apdev[0], params)
1350
1351 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1352 scan_freq="2412")
1353
1354 _dst_ll = binascii.unhexlify(apdev[0]['bssid'].replace(':',''))
1355 _src_ll = binascii.unhexlify(dev[0].own_addr().replace(':',''))
1356 proto = '\x89\x0d'
1357 ehdr = _dst_ll + _src_ll + proto
1358
1359 # Too short RRB frame
1360 pkt = ehdr + '\x01'
1361 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1362 raise Exception("DATA_TEST_FRAME failed")
1363
1364 # RRB discarded frame wikth unrecognized type
1365 pkt = ehdr + '\x02' + '\x02' + '\x01\x00' + _src_ll
1366 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1367 raise Exception("DATA_TEST_FRAME failed")
1368
1369 # RRB frame too short for action frame
1370 pkt = ehdr + '\x01' + '\x02' + '\x01\x00' + _src_ll
1371 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1372 raise Exception("DATA_TEST_FRAME failed")
1373
1374 # Too short RRB frame (not enough room for Action Frame body)
1375 pkt = ehdr + '\x01' + '\x02' + '\x00\x00' + _src_ll
1376 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1377 raise Exception("DATA_TEST_FRAME failed")
1378
1379 # Unexpected Action frame category
1380 pkt = ehdr + '\x01' + '\x02' + '\x0e\x00' + _src_ll + '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1381 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1382 raise Exception("DATA_TEST_FRAME failed")
1383
1384 # Unexpected Action in RRB Request
1385 pkt = ehdr + '\x01' + '\x00' + '\x0e\x00' + _src_ll + '\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1386 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1387 raise Exception("DATA_TEST_FRAME failed")
1388
1389 # Target AP address in RRB Request does not match with own address
1390 pkt = ehdr + '\x01' + '\x00' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1391 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1392 raise Exception("DATA_TEST_FRAME failed")
1393
1394 # Not enough room for status code in RRB Response
1395 pkt = ehdr + '\x01' + '\x01' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1396 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1397 raise Exception("DATA_TEST_FRAME failed")
1398
1399 # RRB discarded frame with unknown packet_type
1400 pkt = ehdr + '\x01' + '\x02' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1401 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1402 raise Exception("DATA_TEST_FRAME failed")
1403
1404 # RRB Response with non-zero status code; no STA match
1405 pkt = ehdr + '\x01' + '\x01' + '\x10\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + '\xff\xff'
1406 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1407 raise Exception("DATA_TEST_FRAME failed")
1408
1409 # RRB Response with zero status code and extra data; STA match
1410 pkt = ehdr + '\x01' + '\x01' + '\x11\x00' + _src_ll + '\x06\x01' + _src_ll + '\x00\x00\x00\x00\x00\x00' + '\x00\x00' + '\x00'
1411 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1412 raise Exception("DATA_TEST_FRAME failed")
1413
1414 # Too short PMK-R1 pull
1415 pkt = ehdr + '\x01' + '\xc8' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1416 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1417 raise Exception("DATA_TEST_FRAME failed")
1418
1419 # Too short PMK-R1 resp
1420 pkt = ehdr + '\x01' + '\xc9' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1421 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1422 raise Exception("DATA_TEST_FRAME failed")
1423
1424 # Too short PMK-R1 push
1425 pkt = ehdr + '\x01' + '\xca' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1426 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1427 raise Exception("DATA_TEST_FRAME failed")
1428
1429 # No matching R0KH address found for PMK-R0 pull response
1430 pkt = ehdr + '\x01' + '\xc9' + '\x5a\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + 76*'\00'
1431 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1432 raise Exception("DATA_TEST_FRAME failed")
1433
1434 @remote_compatible
1435 def test_rsn_ie_proto_ft_psk_sta(dev, apdev):
1436 """RSN element protocol testing for FT-PSK + PMF cases on STA side"""
1437 bssid = apdev[0]['bssid']
1438 ssid = "test-ft"
1439 passphrase="12345678"
1440
1441 params = ft_params1(ssid=ssid, passphrase=passphrase)
1442 params["ieee80211w"] = "1"
1443 # This is the RSN element used normally by hostapd
1444 params['own_ie_override'] = '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'
1445 hapd = hostapd.add_ap(apdev[0], params)
1446 id = dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1447 ieee80211w="1", scan_freq="2412",
1448 pairwise="CCMP", group="CCMP")
1449
1450 tests = [ ('PMKIDCount field included',
1451 '30160100000fac040100000fac040100000fac048c000000' + '3603a1b201'),
1452 ('Extra IE before RSNE',
1453 'dd0400000000' + '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'),
1454 ('PMKIDCount and Group Management Cipher suite fields included',
1455 '301a0100000fac040100000fac040100000fac048c000000000fac06' + '3603a1b201'),
1456 ('Extra octet after defined fields (future extensibility)',
1457 '301b0100000fac040100000fac040100000fac048c000000000fac0600' + '3603a1b201'),
1458 ('No RSN Capabilities field (PMF disabled in practice)',
1459 '30120100000fac040100000fac040100000fac04' + '3603a1b201') ]
1460 for txt,ie in tests:
1461 dev[0].request("DISCONNECT")
1462 dev[0].wait_disconnected()
1463 logger.info(txt)
1464 hapd.disable()
1465 hapd.set('own_ie_override', ie)
1466 hapd.enable()
1467 dev[0].request("BSS_FLUSH 0")
1468 dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
1469 dev[0].select_network(id, freq=2412)
1470 dev[0].wait_connected()
1471
1472 dev[0].request("DISCONNECT")
1473 dev[0].wait_disconnected()
1474
1475 logger.info('Invalid RSNE causing internal hostapd error')
1476 hapd.disable()
1477 hapd.set('own_ie_override', '30130100000fac040100000fac040100000fac048c' + '3603a1b201')
1478 hapd.enable()
1479 dev[0].request("BSS_FLUSH 0")
1480 dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
1481 dev[0].select_network(id, freq=2412)
1482 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
1483 # complete.
1484 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
1485 if ev is not None:
1486 raise Exception("Unexpected connection")
1487 dev[0].request("DISCONNECT")
1488
1489 logger.info('Unexpected PMKID causing internal hostapd error')
1490 hapd.disable()
1491 hapd.set('own_ie_override', '30260100000fac040100000fac040100000fac048c000100ffffffffffffffffffffffffffffffff' + '3603a1b201')
1492 hapd.enable()
1493 dev[0].request("BSS_FLUSH 0")
1494 dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
1495 dev[0].select_network(id, freq=2412)
1496 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
1497 # complete.
1498 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
1499 if ev is not None:
1500 raise Exception("Unexpected connection")
1501 dev[0].request("DISCONNECT")
1502
1503 def test_ap_ft_ptk_rekey(dev, apdev):
1504 """WPA2-PSK-FT PTK rekeying triggered by station after roam"""
1505 ssid = "test-ft"
1506 passphrase="12345678"
1507
1508 params = ft_params1(ssid=ssid, passphrase=passphrase)
1509 hapd0 = hostapd.add_ap(apdev[0], params)
1510 params = ft_params2(ssid=ssid, passphrase=passphrase)
1511 hapd1 = hostapd.add_ap(apdev[1], params)
1512
1513 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, ptk_rekey="1")
1514
1515 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED",
1516 "WPA: Key negotiation completed"], timeout=5)
1517 if ev is None:
1518 raise Exception("No event received after roam")
1519 if "CTRL-EVENT-DISCONNECTED" in ev:
1520 raise Exception("Unexpected disconnection after roam")
1521
1522 if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
1523 hapd = hapd0
1524 else:
1525 hapd = hapd1
1526 hwsim_utils.test_connectivity(dev[0], hapd)
1527
1528 def test_ap_ft_ptk_rekey_ap(dev, apdev):
1529 """WPA2-PSK-FT PTK rekeying triggered by AP after roam"""
1530 ssid = "test-ft"
1531 passphrase="12345678"
1532
1533 params = ft_params1(ssid=ssid, passphrase=passphrase)
1534 params['wpa_ptk_rekey'] = '2'
1535 hapd0 = hostapd.add_ap(apdev[0], params)
1536 params = ft_params2(ssid=ssid, passphrase=passphrase)
1537 params['wpa_ptk_rekey'] = '2'
1538 hapd1 = hostapd.add_ap(apdev[1], params)
1539
1540 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
1541
1542 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED",
1543 "WPA: Key negotiation completed"], timeout=5)
1544 if ev is None:
1545 raise Exception("No event received after roam")
1546 if "CTRL-EVENT-DISCONNECTED" in ev:
1547 raise Exception("Unexpected disconnection after roam")
1548
1549 if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
1550 hapd = hapd0
1551 else:
1552 hapd = hapd1
1553 hwsim_utils.test_connectivity(dev[0], hapd)
1554
1555 def test_ap_ft_internal_rrb_check(dev, apdev):
1556 """RRB internal delivery only to WPA enabled BSS"""
1557 ssid = "test-ft"
1558 passphrase="12345678"
1559
1560 radius = hostapd.radius_params()
1561 params = ft_params1(ssid=ssid, passphrase=passphrase)
1562 params['wpa_key_mgmt'] = "FT-EAP"
1563 params["ieee8021x"] = "1"
1564 params = dict(radius.items() + params.items())
1565 hapd = hostapd.add_ap(apdev[0], params)
1566 key_mgmt = hapd.get_config()['key_mgmt']
1567 if key_mgmt.split(' ')[0] != "FT-EAP":
1568 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
1569
1570 hapd1 = hostapd.add_ap(apdev[1], { "ssid" : ssid })
1571
1572 # Connect to WPA enabled AP
1573 dev[0].connect(ssid, key_mgmt="FT-EAP", proto="WPA2", ieee80211w="1",
1574 eap="GPSK", identity="gpsk user",
1575 password="abcdefghijklmnop0123456789abcdef",
1576 scan_freq="2412")
1577
1578 # Try over_ds roaming to non-WPA-enabled AP.
1579 # If hostapd does not check hapd->wpa_auth internally, it will crash now.
1580 dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True)
1581
1582 def test_ap_ft_extra_ie(dev, apdev):
1583 """WPA2-PSK-FT AP with WPA2-PSK enabled and unexpected MDE"""
1584 ssid = "test-ft"
1585 passphrase="12345678"
1586
1587 params = ft_params1(ssid=ssid, passphrase=passphrase)
1588 params["wpa_key_mgmt"] = "WPA-PSK FT-PSK"
1589 hapd0 = hostapd.add_ap(apdev[0], params)
1590 dev[1].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1591 scan_freq="2412")
1592 dev[2].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK", proto="WPA2",
1593 scan_freq="2412")
1594 try:
1595 # Add Mobility Domain element to test AP validation code.
1596 dev[0].request("VENDOR_ELEM_ADD 13 3603a1b201")
1597 dev[0].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK", proto="WPA2",
1598 scan_freq="2412", wait_connect=False)
1599 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
1600 "CTRL-EVENT-ASSOC-REJECT"], timeout=10)
1601 if ev is None:
1602 raise Exception("No connection result")
1603 if "CTRL-EVENT-CONNECTED" in ev:
1604 raise Exception("Non-FT association accepted with MDE")
1605 if "status_code=43" not in ev:
1606 raise Exception("Unexpected status code: " + ev)
1607 dev[0].request("DISCONNECT")
1608 finally:
1609 dev[0].request("VENDOR_ELEM_REMOVE 13 *")
Unnamed repository; edit this file 'description' to name the repository.