]> git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_ap_ft.py
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tests: Allow wpa_supplicant to maintain GTK in memory during association
[thirdparty/hostap.git] / tests / hwsim / test_ap_ft.py
1 # Fast BSS Transition tests
2 # Copyright (c) 2013-2017, Jouni Malinen <j@w1.fi>
3 #
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
6
7 from remotehost import remote_compatible
8 import binascii
9 import os
10 import time
11 import logging
12 logger = logging.getLogger()
13 import struct
14
15 import hwsim_utils
16 import hostapd
17 from tshark import run_tshark
18 from utils import HwsimSkip, alloc_fail, fail_test, wait_fail_trigger, skip_with_fips, parse_ie
19 from wlantest import Wlantest
20 from test_ap_psk import check_mib, find_wpas_process, read_process_memory, verify_not_present, get_key_locations
21
22 def ft_base_rsn():
23 params = { "wpa": "2",
24 "wpa_key_mgmt": "FT-PSK",
25 "rsn_pairwise": "CCMP" }
26 return params
27
28 def ft_base_mixed():
29 params = { "wpa": "3",
30 "wpa_key_mgmt": "WPA-PSK FT-PSK",
31 "wpa_pairwise": "TKIP",
32 "rsn_pairwise": "CCMP" }
33 return params
34
35 def ft_params(rsn=True, ssid=None, passphrase=None):
36 if rsn:
37 params = ft_base_rsn()
38 else:
39 params = ft_base_mixed()
40 if ssid:
41 params["ssid"] = ssid
42 if passphrase:
43 params["wpa_passphrase"] = passphrase
44
45 params["mobility_domain"] = "a1b2"
46 params["r0_key_lifetime"] = "10000"
47 params["pmk_r1_push"] = "1"
48 params["reassociation_deadline"] = "1000"
49 return params
50
51 def ft_params1a(rsn=True, ssid=None, passphrase=None):
52 params = ft_params(rsn, ssid, passphrase)
53 params['nas_identifier'] = "nas1.w1.fi"
54 params['r1_key_holder'] = "000102030405"
55 return params
56
57 def ft_params1(rsn=True, ssid=None, passphrase=None, discovery=False):
58 params = ft_params1a(rsn, ssid, passphrase)
59 if discovery:
60 params['r0kh'] = "ff:ff:ff:ff:ff:ff * 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
61 params['r1kh'] = "00:00:00:00:00:00 00:00:00:00:00:00 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
62 else:
63 params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f",
64 "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f" ]
65 params['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f"
66 return params
67
68 def ft_params1_old_key(rsn=True, ssid=None, passphrase=None):
69 params = ft_params1a(rsn, ssid, passphrase)
70 params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f",
71 "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f" ]
72 params['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f"
73 return params
74
75 def ft_params2a(rsn=True, ssid=None, passphrase=None):
76 params = ft_params(rsn, ssid, passphrase)
77 params['nas_identifier'] = "nas2.w1.fi"
78 params['r1_key_holder'] = "000102030406"
79 return params
80
81 def ft_params2(rsn=True, ssid=None, passphrase=None, discovery=False):
82 params = ft_params2a(rsn, ssid, passphrase)
83 if discovery:
84 params['r0kh'] = "ff:ff:ff:ff:ff:ff * 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
85 params['r1kh'] = "00:00:00:00:00:00 00:00:00:00:00:00 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
86 else:
87 params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f",
88 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f" ]
89 params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"
90 return params
91
92 def ft_params2_old_key(rsn=True, ssid=None, passphrase=None):
93 params = ft_params2a(rsn, ssid, passphrase)
94 params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f",
95 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f" ]
96 params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f"
97 return params
98
99 def ft_params1_r0kh_mismatch(rsn=True, ssid=None, passphrase=None):
100 params = ft_params(rsn, ssid, passphrase)
101 params['nas_identifier'] = "nas1.w1.fi"
102 params['r1_key_holder'] = "000102030405"
103 params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f",
104 "12:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f" ]
105 params['r1kh'] = "12:00:00:00:04:00 10:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f"
106 return params
107
108 def ft_params2_incorrect_rrb_key(rsn=True, ssid=None, passphrase=None):
109 params = ft_params(rsn, ssid, passphrase)
110 params['nas_identifier'] = "nas2.w1.fi"
111 params['r1_key_holder'] = "000102030406"
112 params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0ef1200102030405060708090a0b0c0d0ef1",
113 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0ef2000102030405060708090a0b0c0d0ef2" ]
114 params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0ef3300102030405060708090a0b0c0d0ef3"
115 return params
116
117 def ft_params2_r0kh_mismatch(rsn=True, ssid=None, passphrase=None):
118 params = ft_params(rsn, ssid, passphrase)
119 params['nas_identifier'] = "nas2.w1.fi"
120 params['r1_key_holder'] = "000102030406"
121 params['r0kh'] = [ "12:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f",
122 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f" ]
123 params['r1kh'] = "12:00:00:00:03:00 10:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"
124 return params
125
126 def run_roams(dev, apdev, hapd0, hapd1, ssid, passphrase, over_ds=False,
127 sae=False, eap=False, fail_test=False, roams=1,
128 pairwise_cipher="CCMP", group_cipher="TKIP CCMP", ptk_rekey="0",
129 test_connectivity=True):
130 logger.info("Connect to first AP")
131 if eap:
132 dev.connect(ssid, key_mgmt="FT-EAP", proto="WPA2", ieee80211w="1",
133 eap="GPSK", identity="gpsk user",
134 password="abcdefghijklmnop0123456789abcdef",
135 scan_freq="2412",
136 pairwise=pairwise_cipher, group=group_cipher,
137 wpa_ptk_rekey=ptk_rekey)
138 else:
139 if sae:
140 key_mgmt="FT-SAE"
141 else:
142 key_mgmt="FT-PSK"
143 dev.connect(ssid, psk=passphrase, key_mgmt=key_mgmt, proto="WPA2",
144 ieee80211w="1", scan_freq="2412",
145 pairwise=pairwise_cipher, group=group_cipher,
146 wpa_ptk_rekey=ptk_rekey)
147 if dev.get_status_field('bssid') == apdev[0]['bssid']:
148 ap1 = apdev[0]
149 ap2 = apdev[1]
150 hapd1ap = hapd0
151 hapd2ap = hapd1
152 else:
153 ap1 = apdev[1]
154 ap2 = apdev[0]
155 hapd1ap = hapd1
156 hapd2ap = hapd0
157 if test_connectivity:
158 hwsim_utils.test_connectivity(dev, hapd1ap)
159
160 dev.scan_for_bss(ap2['bssid'], freq="2412")
161
162 for i in range(0, roams):
163 logger.info("Roam to the second AP")
164 if over_ds:
165 dev.roam_over_ds(ap2['bssid'], fail_test=fail_test)
166 else:
167 dev.roam(ap2['bssid'], fail_test=fail_test)
168 if fail_test:
169 return
170 if dev.get_status_field('bssid') != ap2['bssid']:
171 raise Exception("Did not connect to correct AP")
172 if (i == 0 or i == roams - 1) and test_connectivity:
173 hwsim_utils.test_connectivity(dev, hapd2ap)
174
175 logger.info("Roam back to the first AP")
176 if over_ds:
177 dev.roam_over_ds(ap1['bssid'])
178 else:
179 dev.roam(ap1['bssid'])
180 if dev.get_status_field('bssid') != ap1['bssid']:
181 raise Exception("Did not connect to correct AP")
182 if (i == 0 or i == roams - 1) and test_connectivity:
183 hwsim_utils.test_connectivity(dev, hapd1ap)
184
185 def test_ap_ft(dev, apdev):
186 """WPA2-PSK-FT AP"""
187 ssid = "test-ft"
188 passphrase="12345678"
189
190 params = ft_params1(ssid=ssid, passphrase=passphrase)
191 hapd0 = hostapd.add_ap(apdev[0], params)
192 params = ft_params2(ssid=ssid, passphrase=passphrase)
193 hapd1 = hostapd.add_ap(apdev[1], params)
194
195 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
196 if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"):
197 raise Exception("Scan results missing RSN element info")
198
199 def test_ap_ft_old_key(dev, apdev):
200 """WPA2-PSK-FT AP (old key)"""
201 ssid = "test-ft"
202 passphrase="12345678"
203
204 params = ft_params1_old_key(ssid=ssid, passphrase=passphrase)
205 hapd0 = hostapd.add_ap(apdev[0], params)
206 params = ft_params2_old_key(ssid=ssid, passphrase=passphrase)
207 hapd1 = hostapd.add_ap(apdev[1], params)
208
209 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
210
211 def test_ap_ft_multi_akm(dev, apdev):
212 """WPA2-PSK-FT AP with non-FT AKMs enabled"""
213 ssid = "test-ft"
214 passphrase="12345678"
215
216 params = ft_params1(ssid=ssid, passphrase=passphrase)
217 params["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256"
218 hapd0 = hostapd.add_ap(apdev[0], params)
219 params = ft_params2(ssid=ssid, passphrase=passphrase)
220 params["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256"
221 hapd1 = hostapd.add_ap(apdev[1], params)
222
223 Wlantest.setup(hapd0)
224 wt = Wlantest()
225 wt.flush()
226 wt.add_passphrase(passphrase)
227
228 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
229 if "[WPA2-PSK+FT/PSK+PSK-SHA256-CCMP]" not in dev[0].request("SCAN_RESULTS"):
230 raise Exception("Scan results missing RSN element info")
231 dev[1].connect(ssid, psk=passphrase, scan_freq="2412")
232 dev[2].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK-SHA256",
233 scan_freq="2412")
234
235 def test_ap_ft_local_key_gen(dev, apdev):
236 """WPA2-PSK-FT AP with local key generation (without pull/push)"""
237 ssid = "test-ft"
238 passphrase="12345678"
239
240 params = ft_params1a(ssid=ssid, passphrase=passphrase)
241 params['ft_psk_generate_local'] = "1";
242 del params['pmk_r1_push']
243 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
244 params = ft_params2a(ssid=ssid, passphrase=passphrase)
245 params['ft_psk_generate_local'] = "1";
246 del params['pmk_r1_push']
247 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
248
249 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
250 if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"):
251 raise Exception("Scan results missing RSN element info")
252
253 def test_ap_ft_many(dev, apdev):
254 """WPA2-PSK-FT AP multiple times"""
255 ssid = "test-ft"
256 passphrase="12345678"
257
258 params = ft_params1(ssid=ssid, passphrase=passphrase)
259 hapd0 = hostapd.add_ap(apdev[0], params)
260 params = ft_params2(ssid=ssid, passphrase=passphrase)
261 hapd1 = hostapd.add_ap(apdev[1], params)
262
263 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, roams=50)
264
265 def test_ap_ft_mixed(dev, apdev):
266 """WPA2-PSK-FT mixed-mode AP"""
267 ssid = "test-ft-mixed"
268 passphrase="12345678"
269
270 params = ft_params1(rsn=False, ssid=ssid, passphrase=passphrase)
271 hapd = hostapd.add_ap(apdev[0], params)
272 key_mgmt = hapd.get_config()['key_mgmt']
273 vals = key_mgmt.split(' ')
274 if vals[0] != "WPA-PSK" or vals[1] != "FT-PSK":
275 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
276 params = ft_params2(rsn=False, ssid=ssid, passphrase=passphrase)
277 hapd1 = hostapd.add_ap(apdev[1], params)
278
279 run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase)
280
281 def test_ap_ft_pmf(dev, apdev):
282 """WPA2-PSK-FT AP with PMF"""
283 ssid = "test-ft"
284 passphrase="12345678"
285
286 params = ft_params1(ssid=ssid, passphrase=passphrase)
287 params["ieee80211w"] = "2"
288 hapd0 = hostapd.add_ap(apdev[0], params)
289 params = ft_params2(ssid=ssid, passphrase=passphrase)
290 params["ieee80211w"] = "2"
291 hapd1 = hostapd.add_ap(apdev[1], params)
292
293 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
294
295 def test_ap_ft_over_ds(dev, apdev):
296 """WPA2-PSK-FT AP over DS"""
297 ssid = "test-ft"
298 passphrase="12345678"
299
300 params = ft_params1(ssid=ssid, passphrase=passphrase)
301 hapd0 = hostapd.add_ap(apdev[0], params)
302 params = ft_params2(ssid=ssid, passphrase=passphrase)
303 hapd1 = hostapd.add_ap(apdev[1], params)
304
305 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True)
306 check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"),
307 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4") ])
308
309 def test_ap_ft_over_ds_disabled(dev, apdev):
310 """WPA2-PSK-FT AP over DS disabled"""
311 ssid = "test-ft"
312 passphrase="12345678"
313
314 params = ft_params1(ssid=ssid, passphrase=passphrase)
315 params['ft_over_ds'] = '0'
316 hapd0 = hostapd.add_ap(apdev[0], params)
317 params = ft_params2(ssid=ssid, passphrase=passphrase)
318 params['ft_over_ds'] = '0'
319 hapd1 = hostapd.add_ap(apdev[1], params)
320
321 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
322 fail_test=True)
323
324 def test_ap_ft_over_ds_many(dev, apdev):
325 """WPA2-PSK-FT AP over DS multiple times"""
326 ssid = "test-ft"
327 passphrase="12345678"
328
329 params = ft_params1(ssid=ssid, passphrase=passphrase)
330 hapd0 = hostapd.add_ap(apdev[0], params)
331 params = ft_params2(ssid=ssid, passphrase=passphrase)
332 hapd1 = hostapd.add_ap(apdev[1], params)
333
334 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
335 roams=50)
336
337 @remote_compatible
338 def test_ap_ft_over_ds_unknown_target(dev, apdev):
339 """WPA2-PSK-FT AP"""
340 ssid = "test-ft"
341 passphrase="12345678"
342
343 params = ft_params1(ssid=ssid, passphrase=passphrase)
344 hapd0 = hostapd.add_ap(apdev[0], params)
345
346 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
347 scan_freq="2412")
348 dev[0].roam_over_ds("02:11:22:33:44:55", fail_test=True)
349
350 @remote_compatible
351 def test_ap_ft_over_ds_unexpected(dev, apdev):
352 """WPA2-PSK-FT AP over DS and unexpected response"""
353 ssid = "test-ft"
354 passphrase="12345678"
355
356 params = ft_params1(ssid=ssid, passphrase=passphrase)
357 hapd0 = hostapd.add_ap(apdev[0], params)
358 params = ft_params2(ssid=ssid, passphrase=passphrase)
359 hapd1 = hostapd.add_ap(apdev[1], params)
360
361 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
362 scan_freq="2412")
363 if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
364 ap1 = apdev[0]
365 ap2 = apdev[1]
366 hapd1ap = hapd0
367 hapd2ap = hapd1
368 else:
369 ap1 = apdev[1]
370 ap2 = apdev[0]
371 hapd1ap = hapd1
372 hapd2ap = hapd0
373
374 addr = dev[0].own_addr()
375 hapd1ap.set("ext_mgmt_frame_handling", "1")
376 logger.info("Foreign STA address")
377 msg = {}
378 msg['fc'] = 13 << 4
379 msg['da'] = addr
380 msg['sa'] = ap1['bssid']
381 msg['bssid'] = ap1['bssid']
382 msg['payload'] = binascii.unhexlify("06021122334455660102030405060000")
383 hapd1ap.mgmt_tx(msg)
384
385 logger.info("No over-the-DS in progress")
386 msg['payload'] = binascii.unhexlify("0602" + addr.replace(':', '') + "0102030405060000")
387 hapd1ap.mgmt_tx(msg)
388
389 logger.info("Non-zero status code")
390 msg['payload'] = binascii.unhexlify("0602" + addr.replace(':', '') + "0102030405060100")
391 hapd1ap.mgmt_tx(msg)
392
393 hapd1ap.dump_monitor()
394
395 dev[0].scan_for_bss(ap2['bssid'], freq="2412")
396 if "OK" not in dev[0].request("FT_DS " + ap2['bssid']):
397 raise Exception("FT_DS failed")
398
399 req = hapd1ap.mgmt_rx()
400
401 logger.info("Foreign Target AP")
402 msg['payload'] = binascii.unhexlify("0602" + addr.replace(':', '') + "0102030405060000")
403 hapd1ap.mgmt_tx(msg)
404
405 addrs = addr.replace(':', '') + ap2['bssid'].replace(':', '')
406
407 logger.info("No IEs")
408 msg['payload'] = binascii.unhexlify("0602" + addrs + "0000")
409 hapd1ap.mgmt_tx(msg)
410
411 logger.info("Invalid IEs (trigger parsing failure)")
412 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003700")
413 hapd1ap.mgmt_tx(msg)
414
415 logger.info("Too short MDIE")
416 msg['payload'] = binascii.unhexlify("0602" + addrs + "000036021122")
417 hapd1ap.mgmt_tx(msg)
418
419 logger.info("Mobility domain mismatch")
420 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603112201")
421 hapd1ap.mgmt_tx(msg)
422
423 logger.info("No FTIE")
424 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201")
425 hapd1ap.mgmt_tx(msg)
426
427 logger.info("FTIE SNonce mismatch")
428 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "1000000000000000000000000000000000000000000000000000000000000001" + "030a6e6173322e77312e6669")
429 hapd1ap.mgmt_tx(msg)
430
431 logger.info("No R0KH-ID subelem in FTIE")
432 snonce = binascii.hexlify(req['payload'][111:111+32])
433 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b20137520000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce)
434 hapd1ap.mgmt_tx(msg)
435
436 logger.info("No R0KH-ID subelem mismatch in FTIE")
437 snonce = binascii.hexlify(req['payload'][111:111+32])
438 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce + "030a11223344556677889900")
439 hapd1ap.mgmt_tx(msg)
440
441 logger.info("No R1KH-ID subelem in FTIE")
442 r0khid = binascii.hexlify(req['payload'][145:145+10])
443 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce + "030a" + r0khid)
444 hapd1ap.mgmt_tx(msg)
445
446 logger.info("No RSNE")
447 r0khid = binascii.hexlify(req['payload'][145:145+10])
448 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b20137660000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce + "030a" + r0khid + "0106000102030405")
449 hapd1ap.mgmt_tx(msg)
450
451 def test_ap_ft_pmf_over_ds(dev, apdev):
452 """WPA2-PSK-FT AP over DS with PMF"""
453 ssid = "test-ft"
454 passphrase="12345678"
455
456 params = ft_params1(ssid=ssid, passphrase=passphrase)
457 params["ieee80211w"] = "2"
458 hapd0 = hostapd.add_ap(apdev[0], params)
459 params = ft_params2(ssid=ssid, passphrase=passphrase)
460 params["ieee80211w"] = "2"
461 hapd1 = hostapd.add_ap(apdev[1], params)
462
463 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True)
464
465 def test_ap_ft_over_ds_pull(dev, apdev):
466 """WPA2-PSK-FT AP over DS (pull PMK)"""
467 ssid = "test-ft"
468 passphrase="12345678"
469
470 params = ft_params1(ssid=ssid, passphrase=passphrase)
471 params["pmk_r1_push"] = "0"
472 hapd0 = hostapd.add_ap(apdev[0], params)
473 params = ft_params2(ssid=ssid, passphrase=passphrase)
474 params["pmk_r1_push"] = "0"
475 hapd1 = hostapd.add_ap(apdev[1], params)
476
477 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True)
478
479 def test_ap_ft_over_ds_pull_old_key(dev, apdev):
480 """WPA2-PSK-FT AP over DS (pull PMK; old key)"""
481 ssid = "test-ft"
482 passphrase="12345678"
483
484 params = ft_params1_old_key(ssid=ssid, passphrase=passphrase)
485 params["pmk_r1_push"] = "0"
486 hapd0 = hostapd.add_ap(apdev[0], params)
487 params = ft_params2_old_key(ssid=ssid, passphrase=passphrase)
488 params["pmk_r1_push"] = "0"
489 hapd1 = hostapd.add_ap(apdev[1], params)
490
491 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True)
492
493 def test_ap_ft_sae(dev, apdev):
494 """WPA2-PSK-FT-SAE AP"""
495 if "SAE" not in dev[0].get_capability("auth_alg"):
496 raise HwsimSkip("SAE not supported")
497 ssid = "test-ft"
498 passphrase="12345678"
499
500 params = ft_params1(ssid=ssid, passphrase=passphrase)
501 params['wpa_key_mgmt'] = "FT-SAE"
502 hapd0 = hostapd.add_ap(apdev[0], params)
503 params = ft_params2(ssid=ssid, passphrase=passphrase)
504 params['wpa_key_mgmt'] = "FT-SAE"
505 hapd = hostapd.add_ap(apdev[1], params)
506 key_mgmt = hapd.get_config()['key_mgmt']
507 if key_mgmt.split(' ')[0] != "FT-SAE":
508 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
509
510 dev[0].request("SET sae_groups ")
511 run_roams(dev[0], apdev, hapd0, hapd, ssid, passphrase, sae=True)
512
513 def test_ap_ft_sae_over_ds(dev, apdev):
514 """WPA2-PSK-FT-SAE AP over DS"""
515 if "SAE" not in dev[0].get_capability("auth_alg"):
516 raise HwsimSkip("SAE not supported")
517 ssid = "test-ft"
518 passphrase="12345678"
519
520 params = ft_params1(ssid=ssid, passphrase=passphrase)
521 params['wpa_key_mgmt'] = "FT-SAE"
522 hapd0 = hostapd.add_ap(apdev[0], params)
523 params = ft_params2(ssid=ssid, passphrase=passphrase)
524 params['wpa_key_mgmt'] = "FT-SAE"
525 hapd1 = hostapd.add_ap(apdev[1], params)
526
527 dev[0].request("SET sae_groups ")
528 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, sae=True,
529 over_ds=True)
530
531 def generic_ap_ft_eap(dev, apdev, over_ds=False, discovery=False, roams=1):
532 ssid = "test-ft"
533 passphrase="12345678"
534
535 radius = hostapd.radius_params()
536 params = ft_params1(ssid=ssid, passphrase=passphrase, discovery=discovery)
537 params['wpa_key_mgmt'] = "FT-EAP"
538 params["ieee8021x"] = "1"
539 params = dict(radius.items() + params.items())
540 hapd = hostapd.add_ap(apdev[0], params)
541 key_mgmt = hapd.get_config()['key_mgmt']
542 if key_mgmt.split(' ')[0] != "FT-EAP":
543 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
544 params = ft_params2(ssid=ssid, passphrase=passphrase, discovery=discovery)
545 params['wpa_key_mgmt'] = "FT-EAP"
546 params["ieee8021x"] = "1"
547 params = dict(radius.items() + params.items())
548 hapd1 = hostapd.add_ap(apdev[1], params)
549
550 run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True,
551 over_ds=over_ds, roams=roams)
552 if "[WPA2-FT/EAP-CCMP]" not in dev[0].request("SCAN_RESULTS"):
553 raise Exception("Scan results missing RSN element info")
554 check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-3"),
555 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-3") ])
556
557 # Verify EAPOL reauthentication after FT protocol
558 if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
559 ap = hapd
560 else:
561 ap = hapd1
562 ap.request("EAPOL_REAUTH " + dev[0].own_addr())
563 ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)
564 if ev is None:
565 raise Exception("EAP authentication did not start")
566 ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=5)
567 if ev is None:
568 raise Exception("EAP authentication did not succeed")
569 time.sleep(0.1)
570 hwsim_utils.test_connectivity(dev[0], ap)
571
572 def test_ap_ft_eap(dev, apdev):
573 """WPA2-EAP-FT AP"""
574 generic_ap_ft_eap(dev, apdev)
575
576 def test_ap_ft_eap_over_ds(dev, apdev):
577 """WPA2-EAP-FT AP using over-the-DS"""
578 generic_ap_ft_eap(dev, apdev, over_ds=True)
579
580 def test_ap_ft_eap_dis(dev, apdev):
581 """WPA2-EAP-FT AP with AP discovery"""
582 generic_ap_ft_eap(dev, apdev, discovery=True)
583
584 def test_ap_ft_eap_dis_over_ds(dev, apdev):
585 """WPA2-EAP-FT AP with AP discovery and over-the-DS"""
586 generic_ap_ft_eap(dev, apdev, over_ds=True, discovery=True)
587
588 def test_ap_ft_eap_pull(dev, apdev):
589 """WPA2-EAP-FT AP (pull PMK)"""
590 ssid = "test-ft"
591 passphrase="12345678"
592
593 radius = hostapd.radius_params()
594 params = ft_params1(ssid=ssid, passphrase=passphrase)
595 params['wpa_key_mgmt'] = "FT-EAP"
596 params["ieee8021x"] = "1"
597 params["pmk_r1_push"] = "0"
598 params = dict(radius.items() + params.items())
599 hapd = hostapd.add_ap(apdev[0], params)
600 key_mgmt = hapd.get_config()['key_mgmt']
601 if key_mgmt.split(' ')[0] != "FT-EAP":
602 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
603 params = ft_params2(ssid=ssid, passphrase=passphrase)
604 params['wpa_key_mgmt'] = "FT-EAP"
605 params["ieee8021x"] = "1"
606 params["pmk_r1_push"] = "0"
607 params = dict(radius.items() + params.items())
608 hapd1 = hostapd.add_ap(apdev[1], params)
609
610 run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True)
611
612 @remote_compatible
613 def test_ap_ft_mismatching_rrb_key_push(dev, apdev):
614 """WPA2-PSK-FT AP over DS with mismatching RRB key (push)"""
615 ssid = "test-ft"
616 passphrase="12345678"
617
618 params = ft_params1(ssid=ssid, passphrase=passphrase)
619 params["ieee80211w"] = "2"
620 hapd0 = hostapd.add_ap(apdev[0], params)
621 params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase)
622 params["ieee80211w"] = "2"
623 hapd1 = hostapd.add_ap(apdev[1], params)
624
625 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
626 fail_test=True)
627
628 @remote_compatible
629 def test_ap_ft_mismatching_rrb_key_pull(dev, apdev):
630 """WPA2-PSK-FT AP over DS with mismatching RRB key (pull)"""
631 ssid = "test-ft"
632 passphrase="12345678"
633
634 params = ft_params1(ssid=ssid, passphrase=passphrase)
635 params["pmk_r1_push"] = "0"
636 hapd0 = hostapd.add_ap(apdev[0], params)
637 params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase)
638 params["pmk_r1_push"] = "0"
639 hapd1 = hostapd.add_ap(apdev[1], params)
640
641 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
642 fail_test=True)
643
644 @remote_compatible
645 def test_ap_ft_mismatching_r0kh_id_pull(dev, apdev):
646 """WPA2-PSK-FT AP over DS with mismatching R0KH-ID (pull)"""
647 ssid = "test-ft"
648 passphrase="12345678"
649
650 params = ft_params1(ssid=ssid, passphrase=passphrase)
651 params["pmk_r1_push"] = "0"
652 params["nas_identifier"] = "nas0.w1.fi"
653 hostapd.add_ap(apdev[0], params)
654 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
655 scan_freq="2412")
656
657 params = ft_params2(ssid=ssid, passphrase=passphrase)
658 params["pmk_r1_push"] = "0"
659 hostapd.add_ap(apdev[1], params)
660
661 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
662 dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True)
663
664 @remote_compatible
665 def test_ap_ft_mismatching_rrb_r0kh_push(dev, apdev):
666 """WPA2-PSK-FT AP over DS with mismatching R0KH key (push)"""
667 ssid = "test-ft"
668 passphrase="12345678"
669
670 params = ft_params1(ssid=ssid, passphrase=passphrase)
671 params["ieee80211w"] = "2"
672 hapd0 = hostapd.add_ap(apdev[0], params)
673 params = ft_params2_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
674 params["ieee80211w"] = "2"
675 hapd1 = hostapd.add_ap(apdev[1], params)
676
677 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
678 fail_test=True)
679
680 @remote_compatible
681 def test_ap_ft_mismatching_rrb_r0kh_pull(dev, apdev):
682 """WPA2-PSK-FT AP over DS with mismatching R0KH key (pull)"""
683 ssid = "test-ft"
684 passphrase="12345678"
685
686 params = ft_params1_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
687 params["pmk_r1_push"] = "0"
688 hapd0 = hostapd.add_ap(apdev[0], params)
689 params = ft_params2(ssid=ssid, passphrase=passphrase)
690 params["pmk_r1_push"] = "0"
691 hapd1 = hostapd.add_ap(apdev[1], params)
692
693 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
694 fail_test=True)
695
696 def test_ap_ft_mismatching_rrb_key_push_eap(dev, apdev):
697 """WPA2-EAP-FT AP over DS with mismatching RRB key (push)"""
698 ssid = "test-ft"
699 passphrase="12345678"
700
701 radius = hostapd.radius_params()
702 params = ft_params1(ssid=ssid, passphrase=passphrase)
703 params["ieee80211w"] = "2";
704 params['wpa_key_mgmt'] = "FT-EAP"
705 params["ieee8021x"] = "1"
706 params = dict(radius.items() + params.items())
707 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
708 params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase)
709 params["ieee80211w"] = "2";
710 params['wpa_key_mgmt'] = "FT-EAP"
711 params["ieee8021x"] = "1"
712 params = dict(radius.items() + params.items())
713 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
714
715 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
716 fail_test=True, eap=True)
717
718 def test_ap_ft_mismatching_rrb_key_pull_eap(dev, apdev):
719 """WPA2-EAP-FT AP over DS with mismatching RRB key (pull)"""
720 ssid = "test-ft"
721 passphrase="12345678"
722
723 radius = hostapd.radius_params()
724 params = ft_params1(ssid=ssid, passphrase=passphrase)
725 params["pmk_r1_push"] = "0"
726 params['wpa_key_mgmt'] = "FT-EAP"
727 params["ieee8021x"] = "1"
728 params = dict(radius.items() + params.items())
729 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
730 params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase)
731 params["pmk_r1_push"] = "0"
732 params['wpa_key_mgmt'] = "FT-EAP"
733 params["ieee8021x"] = "1"
734 params = dict(radius.items() + params.items())
735 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
736
737 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
738 fail_test=True, eap=True)
739
740 def test_ap_ft_mismatching_r0kh_id_pull_eap(dev, apdev):
741 """WPA2-EAP-FT AP over DS with mismatching R0KH-ID (pull)"""
742 ssid = "test-ft"
743 passphrase="12345678"
744
745 radius = hostapd.radius_params()
746 params = ft_params1(ssid=ssid, passphrase=passphrase)
747 params["pmk_r1_push"] = "0"
748 params["nas_identifier"] = "nas0.w1.fi"
749 params['wpa_key_mgmt'] = "FT-EAP"
750 params["ieee8021x"] = "1"
751 params = dict(radius.items() + params.items())
752 hostapd.add_ap(apdev[0]['ifname'], params)
753 dev[0].connect(ssid, key_mgmt="FT-EAP", proto="WPA2", ieee80211w="1",
754 eap="GPSK", identity="gpsk user",
755 password="abcdefghijklmnop0123456789abcdef",
756 scan_freq="2412")
757
758 params = ft_params2(ssid=ssid, passphrase=passphrase)
759 params["pmk_r1_push"] = "0"
760 params['wpa_key_mgmt'] = "FT-EAP"
761 params["ieee8021x"] = "1"
762 params = dict(radius.items() + params.items())
763 hostapd.add_ap(apdev[1]['ifname'], params)
764
765 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
766 dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True)
767
768 def test_ap_ft_mismatching_rrb_r0kh_push_eap(dev, apdev):
769 """WPA2-EAP-FT AP over DS with mismatching R0KH key (push)"""
770 ssid = "test-ft"
771 passphrase="12345678"
772
773 radius = hostapd.radius_params()
774 params = ft_params1(ssid=ssid, passphrase=passphrase)
775 params["ieee80211w"] = "2";
776 params['wpa_key_mgmt'] = "FT-EAP"
777 params["ieee8021x"] = "1"
778 params = dict(radius.items() + params.items())
779 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
780 params = ft_params2_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
781 params["ieee80211w"] = "2";
782 params['wpa_key_mgmt'] = "FT-EAP"
783 params["ieee8021x"] = "1"
784 params = dict(radius.items() + params.items())
785 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
786
787 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
788 fail_test=True, eap=True)
789
790 def test_ap_ft_mismatching_rrb_r0kh_pull_eap(dev, apdev):
791 """WPA2-EAP-FT AP over DS with mismatching R0KH key (pull)"""
792 ssid = "test-ft"
793 passphrase="12345678"
794
795 radius = hostapd.radius_params()
796 params = ft_params1_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
797 params["pmk_r1_push"] = "0"
798 params['wpa_key_mgmt'] = "FT-EAP"
799 params["ieee8021x"] = "1"
800 params = dict(radius.items() + params.items())
801 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
802 params = ft_params2(ssid=ssid, passphrase=passphrase)
803 params["pmk_r1_push"] = "0"
804 params['wpa_key_mgmt'] = "FT-EAP"
805 params["ieee8021x"] = "1"
806 params = dict(radius.items() + params.items())
807 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
808
809 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
810 fail_test=True, eap=True)
811
812 def test_ap_ft_gtk_rekey(dev, apdev):
813 """WPA2-PSK-FT AP and GTK rekey"""
814 ssid = "test-ft"
815 passphrase="12345678"
816
817 params = ft_params1(ssid=ssid, passphrase=passphrase)
818 params['wpa_group_rekey'] = '1'
819 hapd = hostapd.add_ap(apdev[0], params)
820
821 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
822 ieee80211w="1", scan_freq="2412")
823
824 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
825 if ev is None:
826 raise Exception("GTK rekey timed out after initial association")
827 hwsim_utils.test_connectivity(dev[0], hapd)
828
829 params = ft_params2(ssid=ssid, passphrase=passphrase)
830 params['wpa_group_rekey'] = '1'
831 hapd1 = hostapd.add_ap(apdev[1], params)
832
833 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
834 dev[0].roam(apdev[1]['bssid'])
835 if dev[0].get_status_field('bssid') != apdev[1]['bssid']:
836 raise Exception("Did not connect to correct AP")
837 hwsim_utils.test_connectivity(dev[0], hapd1)
838
839 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
840 if ev is None:
841 raise Exception("GTK rekey timed out after FT protocol")
842 hwsim_utils.test_connectivity(dev[0], hapd1)
843
844 def test_ft_psk_key_lifetime_in_memory(dev, apdev, params):
845 """WPA2-PSK-FT and key lifetime in memory"""
846 ssid = "test-ft"
847 passphrase="04c2726b4b8d5f1b4db9c07aa4d9e9d8f765cb5d25ec817e6cc4fcdd5255db0"
848 psk = '93c90846ff67af9037ed83fb72b63dbeddaa81d47f926c20909b5886f1d9358d'
849 pmk = binascii.unhexlify(psk)
850 p = ft_params1(ssid=ssid, passphrase=passphrase)
851 hapd0 = hostapd.add_ap(apdev[0], p)
852 p = ft_params2(ssid=ssid, passphrase=passphrase)
853 hapd1 = hostapd.add_ap(apdev[1], p)
854
855 pid = find_wpas_process(dev[0])
856
857 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
858 scan_freq="2412")
859 # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
860 # event has been delivered, so verify that wpa_supplicant has returned to
861 # eloop before reading process memory.
862 time.sleep(1)
863 dev[0].ping()
864
865 buf = read_process_memory(pid, pmk)
866
867 dev[0].request("DISCONNECT")
868 dev[0].wait_disconnected()
869
870 dev[0].relog()
871 pmkr0 = None
872 pmkr1 = None
873 ptk = None
874 gtk = None
875 with open(os.path.join(params['logdir'], 'log0'), 'r') as f:
876 for l in f.readlines():
877 if "FT: PMK-R0 - hexdump" in l:
878 val = l.strip().split(':')[3].replace(' ', '')
879 pmkr0 = binascii.unhexlify(val)
880 if "FT: PMK-R1 - hexdump" in l:
881 val = l.strip().split(':')[3].replace(' ', '')
882 pmkr1 = binascii.unhexlify(val)
883 if "FT: KCK - hexdump" in l:
884 val = l.strip().split(':')[3].replace(' ', '')
885 kck = binascii.unhexlify(val)
886 if "FT: KEK - hexdump" in l:
887 val = l.strip().split(':')[3].replace(' ', '')
888 kek = binascii.unhexlify(val)
889 if "FT: TK - hexdump" in l:
890 val = l.strip().split(':')[3].replace(' ', '')
891 tk = binascii.unhexlify(val)
892 if "WPA: Group Key - hexdump" in l:
893 val = l.strip().split(':')[3].replace(' ', '')
894 gtk = binascii.unhexlify(val)
895 if not pmkr0 or not pmkr1 or not kck or not kek or not tk or not gtk:
896 raise Exception("Could not find keys from debug log")
897 if len(gtk) != 16:
898 raise Exception("Unexpected GTK length")
899
900 logger.info("Checking keys in memory while associated")
901 get_key_locations(buf, pmk, "PMK")
902 get_key_locations(buf, pmkr0, "PMK-R0")
903 get_key_locations(buf, pmkr1, "PMK-R1")
904 if pmk not in buf:
905 raise HwsimSkip("PMK not found while associated")
906 if pmkr0 not in buf:
907 raise HwsimSkip("PMK-R0 not found while associated")
908 if pmkr1 not in buf:
909 raise HwsimSkip("PMK-R1 not found while associated")
910 if kck not in buf:
911 raise Exception("KCK not found while associated")
912 if kek not in buf:
913 raise Exception("KEK not found while associated")
914 if tk in buf:
915 raise Exception("TK found from memory")
916
917 logger.info("Checking keys in memory after disassociation")
918 buf = read_process_memory(pid, pmk)
919 get_key_locations(buf, pmk, "PMK")
920 get_key_locations(buf, pmkr0, "PMK-R0")
921 get_key_locations(buf, pmkr1, "PMK-R1")
922
923 # Note: PMK/PSK is still present in network configuration
924
925 fname = os.path.join(params['logdir'],
926 'ft_psk_key_lifetime_in_memory.memctx-')
927 verify_not_present(buf, pmkr0, fname, "PMK-R0")
928 verify_not_present(buf, pmkr1, fname, "PMK-R1")
929 verify_not_present(buf, kck, fname, "KCK")
930 verify_not_present(buf, kek, fname, "KEK")
931 verify_not_present(buf, tk, fname, "TK")
932 if gtk in buf:
933 get_key_locations(buf, gtk, "GTK")
934 verify_not_present(buf, gtk, fname, "GTK")
935
936 dev[0].request("REMOVE_NETWORK all")
937
938 logger.info("Checking keys in memory after network profile removal")
939 buf = read_process_memory(pid, pmk)
940 get_key_locations(buf, pmk, "PMK")
941 get_key_locations(buf, pmkr0, "PMK-R0")
942 get_key_locations(buf, pmkr1, "PMK-R1")
943
944 verify_not_present(buf, pmk, fname, "PMK")
945 verify_not_present(buf, pmkr0, fname, "PMK-R0")
946 verify_not_present(buf, pmkr1, fname, "PMK-R1")
947 verify_not_present(buf, kck, fname, "KCK")
948 verify_not_present(buf, kek, fname, "KEK")
949 verify_not_present(buf, tk, fname, "TK")
950 verify_not_present(buf, gtk, fname, "GTK")
951
952 @remote_compatible
953 def test_ap_ft_invalid_resp(dev, apdev):
954 """WPA2-PSK-FT AP and invalid response IEs"""
955 ssid = "test-ft"
956 passphrase="12345678"
957
958 params = ft_params1(ssid=ssid, passphrase=passphrase)
959 hapd0 = hostapd.add_ap(apdev[0], params)
960 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
961 scan_freq="2412")
962
963 params = ft_params2(ssid=ssid, passphrase=passphrase)
964 hapd1 = hostapd.add_ap(apdev[1], params)
965
966 tests = [
967 # Various IEs for test coverage. The last one is FTIE with invalid
968 # R1KH-ID subelement.
969 "020002000000" + "3800" + "38051122334455" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010100",
970 # FTIE with invalid R0KH-ID subelement (len=0).
971 "020002000000" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010300",
972 # FTIE with invalid R0KH-ID subelement (len=49).
973 "020002000000" + "378500010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001033101020304050607080910111213141516171819202122232425262728293031323334353637383940414243444546474849",
974 # Invalid RSNE.
975 "020002000000" + "3000",
976 # Required IEs missing from protected IE count.
977 "020002000000" + "3603a1b201" + "375200010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
978 # RIC missing from protected IE count.
979 "020002000000" + "3603a1b201" + "375200020203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
980 # Protected IE missing.
981 "020002000000" + "3603a1b201" + "375200ff0203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900" + "0000" ]
982 for t in tests:
983 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
984 hapd1.set("ext_mgmt_frame_handling", "1")
985 hapd1.dump_monitor()
986 if "OK" not in dev[0].request("ROAM " + apdev[1]['bssid']):
987 raise Exception("ROAM failed")
988 auth = None
989 for i in range(20):
990 msg = hapd1.mgmt_rx()
991 if msg['subtype'] == 11:
992 auth = msg
993 break
994 if not auth:
995 raise Exception("Authentication frame not seen")
996
997 resp = {}
998 resp['fc'] = auth['fc']
999 resp['da'] = auth['sa']
1000 resp['sa'] = auth['da']
1001 resp['bssid'] = auth['bssid']
1002 resp['payload'] = binascii.unhexlify(t)
1003 hapd1.mgmt_tx(resp)
1004 hapd1.set("ext_mgmt_frame_handling", "0")
1005 dev[0].wait_disconnected()
1006
1007 dev[0].request("RECONNECT")
1008 dev[0].wait_connected()
1009
1010 def test_ap_ft_gcmp_256(dev, apdev):
1011 """WPA2-PSK-FT AP with GCMP-256 cipher"""
1012 if "GCMP-256" not in dev[0].get_capability("pairwise"):
1013 raise HwsimSkip("Cipher GCMP-256 not supported")
1014 ssid = "test-ft"
1015 passphrase="12345678"
1016
1017 params = ft_params1(ssid=ssid, passphrase=passphrase)
1018 params['rsn_pairwise'] = "GCMP-256"
1019 hapd0 = hostapd.add_ap(apdev[0], params)
1020 params = ft_params2(ssid=ssid, passphrase=passphrase)
1021 params['rsn_pairwise'] = "GCMP-256"
1022 hapd1 = hostapd.add_ap(apdev[1], params)
1023
1024 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase,
1025 pairwise_cipher="GCMP-256", group_cipher="GCMP-256")
1026
1027 def test_ap_ft_oom(dev, apdev):
1028 """WPA2-PSK-FT and OOM"""
1029 skip_with_fips(dev[0])
1030 ssid = "test-ft"
1031 passphrase="12345678"
1032
1033 params = ft_params1(ssid=ssid, passphrase=passphrase)
1034 hapd0 = hostapd.add_ap(apdev[0], params)
1035 params = ft_params2(ssid=ssid, passphrase=passphrase)
1036 hapd1 = hostapd.add_ap(apdev[1], params)
1037
1038 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1039 scan_freq="2412")
1040 if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
1041 dst = apdev[1]['bssid']
1042 else:
1043 dst = apdev[0]['bssid']
1044
1045 dev[0].scan_for_bss(dst, freq="2412")
1046 with alloc_fail(dev[0], 1, "wpa_ft_gen_req_ies"):
1047 dev[0].roam(dst)
1048 with fail_test(dev[0], 1, "wpa_ft_mic"):
1049 dev[0].roam(dst, fail_test=True)
1050 with fail_test(dev[0], 1, "os_get_random;wpa_ft_prepare_auth_request"):
1051 dev[0].roam(dst, fail_test=True)
1052
1053 dev[0].request("REMOVE_NETWORK all")
1054 with alloc_fail(dev[0], 1, "=sme_update_ft_ies"):
1055 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1056 scan_freq="2412")
1057
1058 def test_ap_ft_ap_oom(dev, apdev):
1059 """WPA2-PSK-FT and AP OOM"""
1060 ssid = "test-ft"
1061 passphrase="12345678"
1062
1063 params = ft_params1(ssid=ssid, passphrase=passphrase)
1064 hapd0 = hostapd.add_ap(apdev[0], params)
1065 bssid0 = hapd0.own_addr()
1066
1067 dev[0].scan_for_bss(bssid0, freq="2412")
1068 with alloc_fail(hapd0, 1, "wpa_ft_store_pmk_r0"):
1069 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1070 scan_freq="2412")
1071
1072 params = ft_params2(ssid=ssid, passphrase=passphrase)
1073 hapd1 = hostapd.add_ap(apdev[1], params)
1074 bssid1 = hapd1.own_addr()
1075 dev[0].scan_for_bss(bssid1, freq="2412")
1076 # This roam will fail due to missing PMK-R0 (OOM prevented storing it)
1077 dev[0].roam(bssid1)
1078
1079 def test_ap_ft_ap_oom2(dev, apdev):
1080 """WPA2-PSK-FT and AP OOM 2"""
1081 ssid = "test-ft"
1082 passphrase="12345678"
1083
1084 params = ft_params1(ssid=ssid, passphrase=passphrase)
1085 hapd0 = hostapd.add_ap(apdev[0], params)
1086 bssid0 = hapd0.own_addr()
1087
1088 dev[0].scan_for_bss(bssid0, freq="2412")
1089 with alloc_fail(hapd0, 1, "wpa_ft_store_pmk_r1"):
1090 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1091 scan_freq="2412")
1092
1093 params = ft_params2(ssid=ssid, passphrase=passphrase)
1094 hapd1 = hostapd.add_ap(apdev[1], params)
1095 bssid1 = hapd1.own_addr()
1096 dev[0].scan_for_bss(bssid1, freq="2412")
1097 dev[0].roam(bssid1)
1098 if dev[0].get_status_field('bssid') != bssid1:
1099 raise Exception("Did not roam to AP1")
1100 # This roam will fail due to missing PMK-R1 (OOM prevented storing it)
1101 dev[0].roam(bssid0)
1102
1103 def test_ap_ft_ap_oom3(dev, apdev):
1104 """WPA2-PSK-FT and AP OOM 3"""
1105 ssid = "test-ft"
1106 passphrase="12345678"
1107
1108 params = ft_params1(ssid=ssid, passphrase=passphrase)
1109 hapd0 = hostapd.add_ap(apdev[0], params)
1110 bssid0 = hapd0.own_addr()
1111
1112 dev[0].scan_for_bss(bssid0, freq="2412")
1113 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1114 scan_freq="2412")
1115
1116 params = ft_params2(ssid=ssid, passphrase=passphrase)
1117 hapd1 = hostapd.add_ap(apdev[1], params)
1118 bssid1 = hapd1.own_addr()
1119 dev[0].scan_for_bss(bssid1, freq="2412")
1120 with alloc_fail(hapd1, 1, "wpa_ft_pull_pmk_r1"):
1121 # This will fail due to not being able to send out PMK-R1 pull request
1122 dev[0].roam(bssid1)
1123
1124 with fail_test(hapd1, 2, "os_get_random;wpa_ft_pull_pmk_r1"):
1125 # This will fail due to not being able to send out PMK-R1 pull request
1126 dev[0].roam(bssid1)
1127
1128 with fail_test(hapd1, 2, "aes_siv_encrypt;wpa_ft_pull_pmk_r1"):
1129 # This will fail due to not being able to send out PMK-R1 pull request
1130 dev[0].roam(bssid1)
1131
1132 def test_ap_ft_ap_oom3b(dev, apdev):
1133 """WPA2-PSK-FT and AP OOM 3b"""
1134 ssid = "test-ft"
1135 passphrase="12345678"
1136
1137 params = ft_params1(ssid=ssid, passphrase=passphrase)
1138 hapd0 = hostapd.add_ap(apdev[0], params)
1139 bssid0 = hapd0.own_addr()
1140
1141 dev[0].scan_for_bss(bssid0, freq="2412")
1142 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1143 scan_freq="2412")
1144
1145 params = ft_params2(ssid=ssid, passphrase=passphrase)
1146 hapd1 = hostapd.add_ap(apdev[1], params)
1147 bssid1 = hapd1.own_addr()
1148 dev[0].scan_for_bss(bssid1, freq="2412")
1149 with fail_test(hapd1, 1, "os_get_random;wpa_ft_pull_pmk_r1"):
1150 # This will fail due to not being able to send out PMK-R1 pull request
1151 dev[0].roam(bssid1)
1152
1153 def test_ap_ft_ap_oom4(dev, apdev):
1154 """WPA2-PSK-FT and AP OOM 4"""
1155 ssid = "test-ft"
1156 passphrase="12345678"
1157
1158 params = ft_params1(ssid=ssid, passphrase=passphrase)
1159 hapd0 = hostapd.add_ap(apdev[0], params)
1160 bssid0 = hapd0.own_addr()
1161
1162 dev[0].scan_for_bss(bssid0, freq="2412")
1163 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1164 scan_freq="2412")
1165
1166 params = ft_params2(ssid=ssid, passphrase=passphrase)
1167 hapd1 = hostapd.add_ap(apdev[1], params)
1168 bssid1 = hapd1.own_addr()
1169 dev[0].scan_for_bss(bssid1, freq="2412")
1170 with alloc_fail(hapd1, 1, "wpa_ft_gtk_subelem"):
1171 dev[0].roam(bssid1)
1172 if dev[0].get_status_field('bssid') != bssid1:
1173 raise Exception("Did not roam to AP1")
1174
1175 with fail_test(hapd0, 1, "wpa_auth_get_seqnum;wpa_ft_gtk_subelem"):
1176 dev[0].roam(bssid0)
1177 if dev[0].get_status_field('bssid') != bssid0:
1178 raise Exception("Did not roam to AP0")
1179
1180 with fail_test(hapd0, 1, "aes_wrap;wpa_ft_gtk_subelem"):
1181 dev[0].roam(bssid1)
1182 if dev[0].get_status_field('bssid') != bssid1:
1183 raise Exception("Did not roam to AP1")
1184
1185 def test_ap_ft_ap_oom5(dev, apdev):
1186 """WPA2-PSK-FT and AP OOM 5"""
1187 ssid = "test-ft"
1188 passphrase="12345678"
1189
1190 params = ft_params1(ssid=ssid, passphrase=passphrase)
1191 hapd0 = hostapd.add_ap(apdev[0], params)
1192 bssid0 = hapd0.own_addr()
1193
1194 dev[0].scan_for_bss(bssid0, freq="2412")
1195 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1196 scan_freq="2412")
1197
1198 params = ft_params2(ssid=ssid, passphrase=passphrase)
1199 hapd1 = hostapd.add_ap(apdev[1], params)
1200 bssid1 = hapd1.own_addr()
1201 dev[0].scan_for_bss(bssid1, freq="2412")
1202 with alloc_fail(hapd1, 1, "=wpa_ft_process_auth_req"):
1203 # This will fail to roam
1204 dev[0].roam(bssid1)
1205
1206 with fail_test(hapd1, 1, "os_get_random;wpa_ft_process_auth_req"):
1207 # This will fail to roam
1208 dev[0].roam(bssid1)
1209
1210 with fail_test(hapd1, 1, "sha256_prf_bits;wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
1211 # This will fail to roam
1212 dev[0].roam(bssid1)
1213
1214 with fail_test(hapd1, 3, "wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
1215 # This will fail to roam
1216 dev[0].roam(bssid1)
1217
1218 with fail_test(hapd1, 1, "wpa_derive_pmk_r1_name;wpa_ft_process_auth_req"):
1219 # This will fail to roam
1220 dev[0].roam(bssid1)
1221
1222 def test_ap_ft_ap_oom6(dev, apdev):
1223 """WPA2-PSK-FT and AP OOM 6"""
1224 ssid = "test-ft"
1225 passphrase="12345678"
1226
1227 params = ft_params1(ssid=ssid, passphrase=passphrase)
1228 hapd0 = hostapd.add_ap(apdev[0], params)
1229 bssid0 = hapd0.own_addr()
1230
1231 dev[0].scan_for_bss(bssid0, freq="2412")
1232 with fail_test(hapd0, 1, "wpa_derive_pmk_r0;wpa_auth_derive_ptk_ft"):
1233 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1234 scan_freq="2412")
1235 dev[0].request("REMOVE_NETWORK all")
1236 dev[0].wait_disconnected()
1237 with fail_test(hapd0, 1, "wpa_derive_pmk_r1;wpa_auth_derive_ptk_ft"):
1238 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1239 scan_freq="2412")
1240 dev[0].request("REMOVE_NETWORK all")
1241 dev[0].wait_disconnected()
1242 with fail_test(hapd0, 1, "wpa_pmk_r1_to_ptk;wpa_auth_derive_ptk_ft"):
1243 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1244 scan_freq="2412")
1245
1246 def test_ap_ft_ap_oom7(dev, apdev):
1247 """WPA2-PSK-FT and AP OOM 7"""
1248 ssid = "test-ft"
1249 passphrase="12345678"
1250
1251 params = ft_params1(ssid=ssid, passphrase=passphrase)
1252 params["ieee80211w"] = "2"
1253 hapd0 = hostapd.add_ap(apdev[0], params)
1254 bssid0 = hapd0.own_addr()
1255
1256 dev[0].scan_for_bss(bssid0, freq="2412")
1257 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1258 ieee80211w="2", scan_freq="2412")
1259
1260 params = ft_params2(ssid=ssid, passphrase=passphrase)
1261 params["ieee80211w"] = "2"
1262 hapd1 = hostapd.add_ap(apdev[1], params)
1263 bssid1 = hapd1.own_addr()
1264 dev[0].scan_for_bss(bssid1, freq="2412")
1265 with alloc_fail(hapd1, 1, "wpa_ft_igtk_subelem"):
1266 # This will fail to roam
1267 dev[0].roam(bssid1)
1268 with fail_test(hapd1, 1, "aes_wrap;wpa_ft_igtk_subelem"):
1269 # This will fail to roam
1270 dev[0].roam(bssid1)
1271 with alloc_fail(hapd1, 1, "=wpa_sm_write_assoc_resp_ies"):
1272 # This will fail to roam
1273 dev[0].roam(bssid1)
1274 with fail_test(hapd1, 1, "wpa_ft_mic;wpa_sm_write_assoc_resp_ies"):
1275 # This will fail to roam
1276 dev[0].roam(bssid1)
1277
1278 def test_ap_ft_ap_oom8(dev, apdev):
1279 """WPA2-PSK-FT and AP OOM 8"""
1280 ssid = "test-ft"
1281 passphrase="12345678"
1282
1283 params = ft_params1(ssid=ssid, passphrase=passphrase)
1284 params['ft_psk_generate_local'] = "1";
1285 hapd0 = hostapd.add_ap(apdev[0], params)
1286 bssid0 = hapd0.own_addr()
1287
1288 dev[0].scan_for_bss(bssid0, freq="2412")
1289 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1290 scan_freq="2412")
1291
1292 params = ft_params2(ssid=ssid, passphrase=passphrase)
1293 params['ft_psk_generate_local'] = "1";
1294 hapd1 = hostapd.add_ap(apdev[1], params)
1295 bssid1 = hapd1.own_addr()
1296 dev[0].scan_for_bss(bssid1, freq="2412")
1297 with fail_test(hapd1, 1, "wpa_derive_pmk_r0;wpa_ft_psk_pmk_r1"):
1298 # This will fail to roam
1299 dev[0].roam(bssid1)
1300 with fail_test(hapd1, 1, "wpa_derive_pmk_r1;wpa_ft_psk_pmk_r1"):
1301 # This will fail to roam
1302 dev[0].roam(bssid1)
1303
1304 def test_ap_ft_ap_oom9(dev, apdev):
1305 """WPA2-PSK-FT and AP OOM 9"""
1306 ssid = "test-ft"
1307 passphrase="12345678"
1308
1309 params = ft_params1(ssid=ssid, passphrase=passphrase)
1310 hapd0 = hostapd.add_ap(apdev[0], params)
1311 bssid0 = hapd0.own_addr()
1312
1313 dev[0].scan_for_bss(bssid0, freq="2412")
1314 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1315 scan_freq="2412")
1316
1317 params = ft_params2(ssid=ssid, passphrase=passphrase)
1318 hapd1 = hostapd.add_ap(apdev[1], params)
1319 bssid1 = hapd1.own_addr()
1320 dev[0].scan_for_bss(bssid1, freq="2412")
1321
1322 with alloc_fail(hapd0, 1, "wpa_ft_action_rx"):
1323 # This will fail to roam
1324 if "OK" not in dev[0].request("FT_DS " + bssid1):
1325 raise Exception("FT_DS failed")
1326 wait_fail_trigger(hapd0, "GET_ALLOC_FAIL")
1327
1328 with alloc_fail(hapd1, 1, "wpa_ft_rrb_rx_request"):
1329 # This will fail to roam
1330 if "OK" not in dev[0].request("FT_DS " + bssid1):
1331 raise Exception("FT_DS failed")
1332 wait_fail_trigger(hapd1, "GET_ALLOC_FAIL")
1333
1334 with alloc_fail(hapd1, 1, "wpa_ft_send_rrb_auth_resp"):
1335 # This will fail to roam
1336 if "OK" not in dev[0].request("FT_DS " + bssid1):
1337 raise Exception("FT_DS failed")
1338 wait_fail_trigger(hapd1, "GET_ALLOC_FAIL")
1339
1340 def test_ap_ft_ap_oom10(dev, apdev):
1341 """WPA2-PSK-FT and AP OOM 10"""
1342 ssid = "test-ft"
1343 passphrase="12345678"
1344
1345 params = ft_params1(ssid=ssid, passphrase=passphrase)
1346 hapd0 = hostapd.add_ap(apdev[0], params)
1347 bssid0 = hapd0.own_addr()
1348
1349 dev[0].scan_for_bss(bssid0, freq="2412")
1350 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1351 scan_freq="2412")
1352
1353 params = ft_params2(ssid=ssid, passphrase=passphrase)
1354 hapd1 = hostapd.add_ap(apdev[1], params)
1355 bssid1 = hapd1.own_addr()
1356 dev[0].scan_for_bss(bssid1, freq="2412")
1357
1358 with fail_test(hapd0, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_pull"):
1359 # This will fail to roam
1360 if "OK" not in dev[0].request("FT_DS " + bssid1):
1361 raise Exception("FT_DS failed")
1362 wait_fail_trigger(hapd0, "GET_FAIL")
1363
1364 with fail_test(hapd0, 1, "wpa_derive_pmk_r1;wpa_ft_rrb_rx_pull"):
1365 # This will fail to roam
1366 if "OK" not in dev[0].request("FT_DS " + bssid1):
1367 raise Exception("FT_DS failed")
1368 wait_fail_trigger(hapd0, "GET_FAIL")
1369
1370 with fail_test(hapd0, 1, "aes_siv_encrypt;wpa_ft_rrb_rx_pull"):
1371 # This will fail to roam
1372 if "OK" not in dev[0].request("FT_DS " + bssid1):
1373 raise Exception("FT_DS failed")
1374 wait_fail_trigger(hapd0, "GET_FAIL")
1375
1376 with fail_test(hapd1, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_resp"):
1377 # This will fail to roam
1378 if "OK" not in dev[0].request("FT_DS " + bssid1):
1379 raise Exception("FT_DS failed")
1380 wait_fail_trigger(hapd1, "GET_FAIL")
1381
1382 def test_ap_ft_ap_oom11(dev, apdev):
1383 """WPA2-PSK-FT and AP OOM 11"""
1384 ssid = "test-ft"
1385 passphrase="12345678"
1386
1387 params = ft_params1(ssid=ssid, passphrase=passphrase)
1388 hapd0 = hostapd.add_ap(apdev[0], params)
1389 bssid0 = hapd0.own_addr()
1390
1391 dev[0].scan_for_bss(bssid0, freq="2412")
1392 with fail_test(hapd0, 1, "wpa_derive_pmk_r1;wpa_ft_generate_pmk_r1"):
1393 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1394 scan_freq="2412")
1395 wait_fail_trigger(hapd0, "GET_FAIL")
1396
1397 dev[1].scan_for_bss(bssid0, freq="2412")
1398 with fail_test(hapd0, 1, "aes_siv_encrypt;wpa_ft_generate_pmk_r1"):
1399 dev[1].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1400 scan_freq="2412")
1401 wait_fail_trigger(hapd0, "GET_FAIL")
1402
1403 def test_ap_ft_over_ds_proto_ap(dev, apdev):
1404 """WPA2-PSK-FT AP over DS protocol testing for AP processing"""
1405 ssid = "test-ft"
1406 passphrase="12345678"
1407
1408 params = ft_params1(ssid=ssid, passphrase=passphrase)
1409 hapd0 = hostapd.add_ap(apdev[0], params)
1410 bssid0 = hapd0.own_addr()
1411 _bssid0 = bssid0.replace(':', '')
1412 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1413 scan_freq="2412")
1414 addr = dev[0].own_addr()
1415 _addr = addr.replace(':', '')
1416
1417 params = ft_params2(ssid=ssid, passphrase=passphrase)
1418 hapd1 = hostapd.add_ap(apdev[1], params)
1419 bssid1 = hapd1.own_addr()
1420 _bssid1 = bssid1.replace(':', '')
1421
1422 hapd0.set("ext_mgmt_frame_handling", "1")
1423 hdr = "d0003a01" + _bssid0 + _addr + _bssid0 + "1000"
1424 valid = "0601" + _addr + _bssid1
1425 tests = [ "0601",
1426 "0601" + _addr,
1427 "0601" + _addr + _bssid0,
1428 "0601" + _addr + "ffffffffffff",
1429 "0601" + _bssid0 + _bssid0,
1430 valid,
1431 valid + "01",
1432 valid + "3700",
1433 valid + "3600",
1434 valid + "3603ffffff",
1435 valid + "3603a1b2ff",
1436 valid + "3603a1b2ff" + "3700",
1437 valid + "3603a1b2ff" + "37520000" + 16*"00" + 32*"00" + 32*"00",
1438 valid + "3603a1b2ff" + "37520001" + 16*"00" + 32*"00" + 32*"00",
1439 valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa",
1440 valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "3000",
1441 valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000facff00000100a225368fe0983b5828a37a0acb37f253",
1442 valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac030100000fac0400000100a225368fe0983b5828a37a0acb37f253",
1443 valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000fac0400000100a225368fe0983b5828a37a0acb37f253",
1444 valid + "0001" ]
1445 for t in tests:
1446 hapd0.dump_monitor()
1447 if "OK" not in hapd0.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + t):
1448 raise Exception("MGMT_RX_PROCESS failed")
1449
1450 hapd0.set("ext_mgmt_frame_handling", "0")
1451
1452 def test_ap_ft_over_ds_proto(dev, apdev):
1453 """WPA2-PSK-FT AP over DS protocol testing"""
1454 ssid = "test-ft"
1455 passphrase="12345678"
1456
1457 params = ft_params1(ssid=ssid, passphrase=passphrase)
1458 hapd0 = hostapd.add_ap(apdev[0], params)
1459 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1460 scan_freq="2412")
1461
1462 # FT Action Response while no FT-over-DS in progress
1463 msg = {}
1464 msg['fc'] = 13 << 4
1465 msg['da'] = dev[0].own_addr()
1466 msg['sa'] = apdev[0]['bssid']
1467 msg['bssid'] = apdev[0]['bssid']
1468 msg['payload'] = binascii.unhexlify("06020200000000000200000004000000")
1469 hapd0.mgmt_tx(msg)
1470
1471 params = ft_params2(ssid=ssid, passphrase=passphrase)
1472 hapd1 = hostapd.add_ap(apdev[1], params)
1473 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
1474 hapd0.set("ext_mgmt_frame_handling", "1")
1475 hapd0.dump_monitor()
1476 dev[0].request("FT_DS " + apdev[1]['bssid'])
1477 for i in range(0, 10):
1478 req = hapd0.mgmt_rx()
1479 if req is None:
1480 raise Exception("MGMT RX wait timed out")
1481 if req['subtype'] == 13:
1482 break
1483 req = None
1484 if not req:
1485 raise Exception("FT Action frame not received")
1486
1487 # FT Action Response for unexpected Target AP
1488 msg['payload'] = binascii.unhexlify("0602020000000000" + "f20000000400" + "0000")
1489 hapd0.mgmt_tx(msg)
1490
1491 # FT Action Response without MDIE
1492 msg['payload'] = binascii.unhexlify("0602020000000000" + "020000000400" + "0000")
1493 hapd0.mgmt_tx(msg)
1494
1495 # FT Action Response without FTIE
1496 msg['payload'] = binascii.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201")
1497 hapd0.mgmt_tx(msg)
1498
1499 # FT Action Response with FTIE SNonce mismatch
1500 msg['payload'] = binascii.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201" + "3766000000000000000000000000000000000000c4e67ac1999bebd00ff4ae4d5dcaf87896bb060b469f7c78d49623fb395c3455ffffff6b693fe6f8d8c5dfac0a22344750775bd09437f98b238c9f87b97f790c0106000102030406030a6e6173312e77312e6669")
1501 hapd0.mgmt_tx(msg)
1502
1503 @remote_compatible
1504 def test_ap_ft_rrb(dev, apdev):
1505 """WPA2-PSK-FT RRB protocol testing"""
1506 ssid = "test-ft"
1507 passphrase="12345678"
1508
1509 params = ft_params1(ssid=ssid, passphrase=passphrase)
1510 hapd0 = hostapd.add_ap(apdev[0], params)
1511
1512 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1513 scan_freq="2412")
1514
1515 _dst_ll = binascii.unhexlify(apdev[0]['bssid'].replace(':',''))
1516 _src_ll = binascii.unhexlify(dev[0].own_addr().replace(':',''))
1517 proto = '\x89\x0d'
1518 ehdr = _dst_ll + _src_ll + proto
1519
1520 # Too short RRB frame
1521 pkt = ehdr + '\x01'
1522 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1523 raise Exception("DATA_TEST_FRAME failed")
1524
1525 # RRB discarded frame wikth unrecognized type
1526 pkt = ehdr + '\x02' + '\x02' + '\x01\x00' + _src_ll
1527 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1528 raise Exception("DATA_TEST_FRAME failed")
1529
1530 # RRB frame too short for action frame
1531 pkt = ehdr + '\x01' + '\x02' + '\x01\x00' + _src_ll
1532 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1533 raise Exception("DATA_TEST_FRAME failed")
1534
1535 # Too short RRB frame (not enough room for Action Frame body)
1536 pkt = ehdr + '\x01' + '\x02' + '\x00\x00' + _src_ll
1537 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1538 raise Exception("DATA_TEST_FRAME failed")
1539
1540 # Unexpected Action frame category
1541 pkt = ehdr + '\x01' + '\x02' + '\x0e\x00' + _src_ll + '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1542 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1543 raise Exception("DATA_TEST_FRAME failed")
1544
1545 # Unexpected Action in RRB Request
1546 pkt = ehdr + '\x01' + '\x00' + '\x0e\x00' + _src_ll + '\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1547 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1548 raise Exception("DATA_TEST_FRAME failed")
1549
1550 # Target AP address in RRB Request does not match with own address
1551 pkt = ehdr + '\x01' + '\x00' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1552 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1553 raise Exception("DATA_TEST_FRAME failed")
1554
1555 # Not enough room for status code in RRB Response
1556 pkt = ehdr + '\x01' + '\x01' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1557 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1558 raise Exception("DATA_TEST_FRAME failed")
1559
1560 # RRB discarded frame with unknown packet_type
1561 pkt = ehdr + '\x01' + '\x02' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1562 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1563 raise Exception("DATA_TEST_FRAME failed")
1564
1565 # RRB Response with non-zero status code; no STA match
1566 pkt = ehdr + '\x01' + '\x01' + '\x10\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + '\xff\xff'
1567 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1568 raise Exception("DATA_TEST_FRAME failed")
1569
1570 # RRB Response with zero status code and extra data; STA match
1571 pkt = ehdr + '\x01' + '\x01' + '\x11\x00' + _src_ll + '\x06\x01' + _src_ll + '\x00\x00\x00\x00\x00\x00' + '\x00\x00' + '\x00'
1572 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1573 raise Exception("DATA_TEST_FRAME failed")
1574
1575 # Too short PMK-R1 pull
1576 pkt = ehdr + '\x01' + '\xc8' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1577 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1578 raise Exception("DATA_TEST_FRAME failed")
1579
1580 # Too short PMK-R1 resp
1581 pkt = ehdr + '\x01' + '\xc9' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1582 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1583 raise Exception("DATA_TEST_FRAME failed")
1584
1585 # Too short PMK-R1 push
1586 pkt = ehdr + '\x01' + '\xca' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1587 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1588 raise Exception("DATA_TEST_FRAME failed")
1589
1590 # No matching R0KH address found for PMK-R0 pull response
1591 pkt = ehdr + '\x01' + '\xc9' + '\x5a\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + 76*'\00'
1592 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1593 raise Exception("DATA_TEST_FRAME failed")
1594
1595 @remote_compatible
1596 def test_rsn_ie_proto_ft_psk_sta(dev, apdev):
1597 """RSN element protocol testing for FT-PSK + PMF cases on STA side"""
1598 bssid = apdev[0]['bssid']
1599 ssid = "test-ft"
1600 passphrase="12345678"
1601
1602 params = ft_params1(ssid=ssid, passphrase=passphrase)
1603 params["ieee80211w"] = "1"
1604 # This is the RSN element used normally by hostapd
1605 params['own_ie_override'] = '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'
1606 hapd = hostapd.add_ap(apdev[0], params)
1607 id = dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1608 ieee80211w="1", scan_freq="2412",
1609 pairwise="CCMP", group="CCMP")
1610
1611 tests = [ ('PMKIDCount field included',
1612 '30160100000fac040100000fac040100000fac048c000000' + '3603a1b201'),
1613 ('Extra IE before RSNE',
1614 'dd0400000000' + '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'),
1615 ('PMKIDCount and Group Management Cipher suite fields included',
1616 '301a0100000fac040100000fac040100000fac048c000000000fac06' + '3603a1b201'),
1617 ('Extra octet after defined fields (future extensibility)',
1618 '301b0100000fac040100000fac040100000fac048c000000000fac0600' + '3603a1b201'),
1619 ('No RSN Capabilities field (PMF disabled in practice)',
1620 '30120100000fac040100000fac040100000fac04' + '3603a1b201') ]
1621 for txt,ie in tests:
1622 dev[0].request("DISCONNECT")
1623 dev[0].wait_disconnected()
1624 logger.info(txt)
1625 hapd.disable()
1626 hapd.set('own_ie_override', ie)
1627 hapd.enable()
1628 dev[0].request("BSS_FLUSH 0")
1629 dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
1630 dev[0].select_network(id, freq=2412)
1631 dev[0].wait_connected()
1632
1633 dev[0].request("DISCONNECT")
1634 dev[0].wait_disconnected()
1635
1636 logger.info('Invalid RSNE causing internal hostapd error')
1637 hapd.disable()
1638 hapd.set('own_ie_override', '30130100000fac040100000fac040100000fac048c' + '3603a1b201')
1639 hapd.enable()
1640 dev[0].request("BSS_FLUSH 0")
1641 dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
1642 dev[0].select_network(id, freq=2412)
1643 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
1644 # complete.
1645 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
1646 if ev is not None:
1647 raise Exception("Unexpected connection")
1648 dev[0].request("DISCONNECT")
1649
1650 logger.info('Unexpected PMKID causing internal hostapd error')
1651 hapd.disable()
1652 hapd.set('own_ie_override', '30260100000fac040100000fac040100000fac048c000100ffffffffffffffffffffffffffffffff' + '3603a1b201')
1653 hapd.enable()
1654 dev[0].request("BSS_FLUSH 0")
1655 dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
1656 dev[0].select_network(id, freq=2412)
1657 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
1658 # complete.
1659 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
1660 if ev is not None:
1661 raise Exception("Unexpected connection")
1662 dev[0].request("DISCONNECT")
1663
1664 def test_ap_ft_ptk_rekey(dev, apdev):
1665 """WPA2-PSK-FT PTK rekeying triggered by station after roam"""
1666 ssid = "test-ft"
1667 passphrase="12345678"
1668
1669 params = ft_params1(ssid=ssid, passphrase=passphrase)
1670 hapd0 = hostapd.add_ap(apdev[0], params)
1671 params = ft_params2(ssid=ssid, passphrase=passphrase)
1672 hapd1 = hostapd.add_ap(apdev[1], params)
1673
1674 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, ptk_rekey="1")
1675
1676 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED",
1677 "WPA: Key negotiation completed"], timeout=5)
1678 if ev is None:
1679 raise Exception("No event received after roam")
1680 if "CTRL-EVENT-DISCONNECTED" in ev:
1681 raise Exception("Unexpected disconnection after roam")
1682
1683 if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
1684 hapd = hapd0
1685 else:
1686 hapd = hapd1
1687 hwsim_utils.test_connectivity(dev[0], hapd)
1688
1689 def test_ap_ft_ptk_rekey_ap(dev, apdev):
1690 """WPA2-PSK-FT PTK rekeying triggered by AP after roam"""
1691 ssid = "test-ft"
1692 passphrase="12345678"
1693
1694 params = ft_params1(ssid=ssid, passphrase=passphrase)
1695 params['wpa_ptk_rekey'] = '2'
1696 hapd0 = hostapd.add_ap(apdev[0], params)
1697 params = ft_params2(ssid=ssid, passphrase=passphrase)
1698 params['wpa_ptk_rekey'] = '2'
1699 hapd1 = hostapd.add_ap(apdev[1], params)
1700
1701 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
1702
1703 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED",
1704 "WPA: Key negotiation completed"], timeout=5)
1705 if ev is None:
1706 raise Exception("No event received after roam")
1707 if "CTRL-EVENT-DISCONNECTED" in ev:
1708 raise Exception("Unexpected disconnection after roam")
1709
1710 if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
1711 hapd = hapd0
1712 else:
1713 hapd = hapd1
1714 hwsim_utils.test_connectivity(dev[0], hapd)
1715
1716 def test_ap_ft_internal_rrb_check(dev, apdev):
1717 """RRB internal delivery only to WPA enabled BSS"""
1718 ssid = "test-ft"
1719 passphrase="12345678"
1720
1721 radius = hostapd.radius_params()
1722 params = ft_params1(ssid=ssid, passphrase=passphrase)
1723 params['wpa_key_mgmt'] = "FT-EAP"
1724 params["ieee8021x"] = "1"
1725 params = dict(radius.items() + params.items())
1726 hapd = hostapd.add_ap(apdev[0], params)
1727 key_mgmt = hapd.get_config()['key_mgmt']
1728 if key_mgmt.split(' ')[0] != "FT-EAP":
1729 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
1730
1731 hapd1 = hostapd.add_ap(apdev[1], { "ssid" : ssid })
1732
1733 # Connect to WPA enabled AP
1734 dev[0].connect(ssid, key_mgmt="FT-EAP", proto="WPA2", ieee80211w="1",
1735 eap="GPSK", identity="gpsk user",
1736 password="abcdefghijklmnop0123456789abcdef",
1737 scan_freq="2412")
1738
1739 # Try over_ds roaming to non-WPA-enabled AP.
1740 # If hostapd does not check hapd->wpa_auth internally, it will crash now.
1741 dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True)
1742
1743 def test_ap_ft_extra_ie(dev, apdev):
1744 """WPA2-PSK-FT AP with WPA2-PSK enabled and unexpected MDE"""
1745 ssid = "test-ft"
1746 passphrase="12345678"
1747
1748 params = ft_params1(ssid=ssid, passphrase=passphrase)
1749 params["wpa_key_mgmt"] = "WPA-PSK FT-PSK"
1750 hapd0 = hostapd.add_ap(apdev[0], params)
1751 dev[1].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1752 scan_freq="2412")
1753 dev[2].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK", proto="WPA2",
1754 scan_freq="2412")
1755 try:
1756 # Add Mobility Domain element to test AP validation code.
1757 dev[0].request("VENDOR_ELEM_ADD 13 3603a1b201")
1758 dev[0].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK", proto="WPA2",
1759 scan_freq="2412", wait_connect=False)
1760 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
1761 "CTRL-EVENT-ASSOC-REJECT"], timeout=10)
1762 if ev is None:
1763 raise Exception("No connection result")
1764 if "CTRL-EVENT-CONNECTED" in ev:
1765 raise Exception("Non-FT association accepted with MDE")
1766 if "status_code=43" not in ev:
1767 raise Exception("Unexpected status code: " + ev)
1768 dev[0].request("DISCONNECT")
1769 finally:
1770 dev[0].request("VENDOR_ELEM_REMOVE 13 *")
1771
1772 def test_ap_ft_ric(dev, apdev):
1773 """WPA2-PSK-FT AP and RIC"""
1774 ssid = "test-ft"
1775 passphrase="12345678"
1776
1777 params = ft_params1(ssid=ssid, passphrase=passphrase)
1778 hapd0 = hostapd.add_ap(apdev[0], params)
1779 params = ft_params2(ssid=ssid, passphrase=passphrase)
1780 hapd1 = hostapd.add_ap(apdev[1], params)
1781
1782 dev[0].set("ric_ies", "")
1783 dev[0].set("ric_ies", '""')
1784 if "FAIL" not in dev[0].request("SET ric_ies q"):
1785 raise Exception("Invalid ric_ies value accepted")
1786
1787 tests = [ "3900",
1788 "3900ff04eeeeeeee",
1789 "390400000000",
1790 "390400000000" + "390400000000",
1791 "390400000000" + "dd050050f20202",
1792 "390400000000" + "dd3d0050f2020201" + 55*"00",
1793 "390400000000" + "dd3d0050f2020201aa300010270000000000000000000000000000000000000000000000000000ffffff7f00000000000000000000000040420f00ffff0000",
1794 "390401010000" + "dd3d0050f2020201aa3000dc050000000000000000000000000000000000000000000000000000dc050000000000000000000000000000808d5b0028230000" ]
1795 for t in tests:
1796 dev[0].set("ric_ies", t)
1797 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase,
1798 test_connectivity=False)
1799 dev[0].request("REMOVE_NETWORK all")
1800 dev[0].wait_disconnected()
1801 dev[0].dump_monitor()
1802
1803 def ie_hex(ies, id):
1804 return binascii.hexlify(struct.pack('BB', id, len(ies[id])) + ies[id])
1805
1806 def test_ap_ft_reassoc_proto(dev, apdev):
1807 """WPA2-PSK-FT AP Reassociation Request frame parsing"""
1808 ssid = "test-ft"
1809 passphrase="12345678"
1810
1811 params = ft_params1(ssid=ssid, passphrase=passphrase)
1812 hapd0 = hostapd.add_ap(apdev[0], params)
1813 params = ft_params2(ssid=ssid, passphrase=passphrase)
1814 hapd1 = hostapd.add_ap(apdev[1], params)
1815
1816 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1817 ieee80211w="1", scan_freq="2412")
1818 if dev[0].get_status_field('bssid') == hapd0.own_addr():
1819 hapd1ap = hapd0
1820 hapd2ap = hapd1
1821 else:
1822 hapd1ap = hapd1
1823 hapd2ap = hapd0
1824
1825 dev[0].scan_for_bss(hapd2ap.own_addr(), freq="2412")
1826 hapd2ap.set("ext_mgmt_frame_handling", "1")
1827 dev[0].request("ROAM " + hapd2ap.own_addr())
1828
1829 while True:
1830 req = hapd2ap.mgmt_rx()
1831 hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']))
1832 if req['subtype'] == 11:
1833 break
1834
1835 while True:
1836 req = hapd2ap.mgmt_rx()
1837 if req['subtype'] == 2:
1838 break
1839 hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']))
1840
1841 # IEEE 802.11 header + fixed fields before IEs
1842 hdr = binascii.hexlify(req['frame'][0:34])
1843 ies = parse_ie(binascii.hexlify(req['frame'][34:]))
1844 # First elements: SSID, Supported Rates, Extended Supported Rates
1845 ies1 = ie_hex(ies, 0) + ie_hex(ies, 1) + ie_hex(ies, 50)
1846
1847 rsne = ie_hex(ies, 48)
1848 mde = ie_hex(ies, 54)
1849 fte = ie_hex(ies, 55)
1850 tests = [ ]
1851 # RSN: Trying to use FT, but MDIE not included
1852 tests += [ rsne ]
1853 # RSN: Attempted to use unknown MDIE
1854 tests += [ rsne + "3603000000" ]
1855 # Invalid RSN pairwise cipher
1856 tests += [ "30260100000fac040100000fac030100000fac040000010029208a42cd25c85aa571567dce10dae3" ]
1857 # FT: No PMKID in RSNIE
1858 tests += [ "30160100000fac040100000fac040100000fac0400000000" + ie_hex(ies, 54) ]
1859 # FT: Invalid FTIE
1860 tests += [ rsne + mde ]
1861 # FT: RIC IE(s) in the frame, but not included in protected IE count
1862 # FT: Failed to parse FT IEs
1863 tests += [ rsne + mde + fte + "3900" ]
1864 # FT: SNonce mismatch in FTIE
1865 tests += [ rsne + mde + "37520000" + 16*"00" + 32*"00" + 32*"00" ]
1866 # FT: ANonce mismatch in FTIE
1867 tests += [ rsne + mde + fte[0:40] + 32*"00" + fte[104:] ]
1868 # FT: No R0KH-ID subelem in FTIE
1869 tests += [ rsne + mde + "3752" + fte[4:168] ]
1870 # FT: R0KH-ID in FTIE did not match with the current R0KH-ID
1871 tests += [ rsne + mde + "3755" + fte[4:168] + "0301ff" ]
1872 # FT: No R1KH-ID subelem in FTIE
1873 tests += [ rsne + mde + "375e" + fte[4:168] + "030a" + "nas1.w1.fi".encode("hex") ]
1874 # FT: Unknown R1KH-ID used in ReassocReq
1875 tests += [ rsne + mde + "3766" + fte[4:168] + "030a" + "nas1.w1.fi".encode("hex") + "0106000000000000" ]
1876 # FT: PMKID in Reassoc Req did not match with the PMKR1Name derived from auth request
1877 tests += [ rsne[:-32] + 16*"00" + mde + fte ]
1878 # Invalid MIC in FTIE
1879 tests += [ rsne + mde + fte[0:8] + 16*"00" + fte[40:] ]
1880 for t in tests:
1881 hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + ies1 + t)
1882
1883 def test_ap_ft_reassoc_local_fail(dev, apdev):
1884 """WPA2-PSK-FT AP Reassociation Request frame and local failure"""
1885 ssid = "test-ft"
1886 passphrase="12345678"
1887
1888 params = ft_params1(ssid=ssid, passphrase=passphrase)
1889 hapd0 = hostapd.add_ap(apdev[0], params)
1890 params = ft_params2(ssid=ssid, passphrase=passphrase)
1891 hapd1 = hostapd.add_ap(apdev[1], params)
1892
1893 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1894 ieee80211w="1", scan_freq="2412")
1895 if dev[0].get_status_field('bssid') == hapd0.own_addr():
1896 hapd1ap = hapd0
1897 hapd2ap = hapd1
1898 else:
1899 hapd1ap = hapd1
1900 hapd2ap = hapd0
1901
1902 dev[0].scan_for_bss(hapd2ap.own_addr(), freq="2412")
1903 # FT: Failed to calculate MIC
1904 with fail_test(hapd2ap, 1, "wpa_ft_validate_reassoc"):
1905 dev[0].request("ROAM " + hapd2ap.own_addr())
1906 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
1907 dev[0].request("DISCONNECT")
1908 if ev is None:
1909 raise Exception("Association reject not seen")
1910
1911 def test_ap_ft_reassoc_replay(dev, apdev, params):
1912 """WPA2-PSK-FT AP and replayed Reassociation Request frame"""
1913 capfile = os.path.join(params['logdir'], "hwsim0.pcapng")
1914 ssid = "test-ft"
1915 passphrase="12345678"
1916
1917 params = ft_params1(ssid=ssid, passphrase=passphrase)
1918 hapd0 = hostapd.add_ap(apdev[0], params)
1919 params = ft_params2(ssid=ssid, passphrase=passphrase)
1920 hapd1 = hostapd.add_ap(apdev[1], params)
1921
1922 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1923 scan_freq="2412")
1924 if dev[0].get_status_field('bssid') == hapd0.own_addr():
1925 hapd1ap = hapd0
1926 hapd2ap = hapd1
1927 else:
1928 hapd1ap = hapd1
1929 hapd2ap = hapd0
1930
1931 dev[0].scan_for_bss(hapd2ap.own_addr(), freq="2412")
1932 hapd2ap.set("ext_mgmt_frame_handling", "1")
1933 dev[0].dump_monitor()
1934 if "OK" not in dev[0].request("ROAM " + hapd2ap.own_addr()):
1935 raise Exception("ROAM failed")
1936
1937 reassocreq = None
1938 count = 0
1939 while count < 100:
1940 req = hapd2ap.mgmt_rx()
1941 count += 1
1942 hapd2ap.dump_monitor()
1943 hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']))
1944 if req['subtype'] == 2:
1945 reassocreq = req
1946 ev = hapd2ap.wait_event(["MGMT-TX-STATUS"], timeout=5)
1947 if ev is None:
1948 raise Exception("No TX status seen")
1949 cmd = "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev.split(' ')[1:4]))
1950 if "OK" not in hapd2ap.request(cmd):
1951 raise Exception("MGMT_TX_STATUS_PROCESS failed")
1952 break
1953 hapd2ap.set("ext_mgmt_frame_handling", "0")
1954 if reassocreq is None:
1955 raise Exception("No Reassociation Request frame seen")
1956 dev[0].wait_connected()
1957 dev[0].dump_monitor()
1958 hapd2ap.dump_monitor()
1959
1960 hwsim_utils.test_connectivity(dev[0], hapd2ap)
1961
1962 logger.info("Replay the last Reassociation Request frame")
1963 hapd2ap.dump_monitor()
1964 hapd2ap.set("ext_mgmt_frame_handling", "1")
1965 hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']))
1966 ev = hapd2ap.wait_event(["MGMT-TX-STATUS"], timeout=5)
1967 if ev is None:
1968 raise Exception("No TX status seen")
1969 cmd = "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev.split(' ')[1:4]))
1970 if "OK" not in hapd2ap.request(cmd):
1971 raise Exception("MGMT_TX_STATUS_PROCESS failed")
1972 hapd2ap.set("ext_mgmt_frame_handling", "0")
1973
1974 try:
1975 hwsim_utils.test_connectivity(dev[0], hapd2ap)
1976 ok = True
1977 except:
1978 ok = False
1979
1980 ap = hapd2ap.own_addr()
1981 sta = dev[0].own_addr()
1982 filt = "wlan.fc.type == 2 && " + \
1983 "wlan.da == " + sta + " && " + \
1984 "wlan.sa == " + ap
1985 fields = [ "wlan.ccmp.extiv" ]
1986 res = run_tshark(capfile, filt, fields)
1987 vals = res.splitlines()
1988 logger.info("CCMP PN: " + str(vals))
1989 if len(vals) < 2:
1990 raise Exception("Could not find all CCMP protected frames from capture")
1991 if len(set(vals)) < len(vals):
1992 raise Exception("Duplicate CCMP PN used")
1993
1994 if not ok:
1995 raise Exception("The second hwsim connectivity test failed")
Unnamed repository; edit this file 'description' to name the repository.