]>
git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_ap_ft.py
1 # Fast BSS Transition tests
2 # Copyright (c) 2013-2015, Jouni Malinen <j@w1.fi>
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
7 from remotehost
import remote_compatible
12 logger
= logging
.getLogger()
16 from utils
import HwsimSkip
, alloc_fail
, fail_test
, skip_with_fips
17 from wlantest
import Wlantest
18 from test_ap_psk
import check_mib
, find_wpas_process
, read_process_memory
, verify_not_present
, get_key_locations
21 params
= { "wpa": "2",
22 "wpa_key_mgmt": "FT-PSK",
23 "rsn_pairwise": "CCMP" }
27 params
= { "wpa": "3",
28 "wpa_key_mgmt": "WPA-PSK FT-PSK",
29 "wpa_pairwise": "TKIP",
30 "rsn_pairwise": "CCMP" }
33 def ft_params(rsn
=True, ssid
=None, passphrase
=None):
35 params
= ft_base_rsn()
37 params
= ft_base_mixed()
41 params
["wpa_passphrase"] = passphrase
43 params
["mobility_domain"] = "a1b2"
44 params
["r0_key_lifetime"] = "10000"
45 params
["pmk_r1_push"] = "1"
46 params
["reassociation_deadline"] = "1000"
49 def ft_params1a(rsn
=True, ssid
=None, passphrase
=None):
50 params
= ft_params(rsn
, ssid
, passphrase
)
51 params
['nas_identifier'] = "nas1.w1.fi"
52 params
['r1_key_holder'] = "000102030405"
55 def ft_params1(rsn
=True, ssid
=None, passphrase
=None):
56 params
= ft_params1a(rsn
, ssid
, passphrase
)
57 params
['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f",
58 "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f" ]
59 params
['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f"
62 def ft_params2a(rsn
=True, ssid
=None, passphrase
=None):
63 params
= ft_params(rsn
, ssid
, passphrase
)
64 params
['nas_identifier'] = "nas2.w1.fi"
65 params
['r1_key_holder'] = "000102030406"
68 def ft_params2(rsn
=True, ssid
=None, passphrase
=None):
69 params
= ft_params2a(rsn
, ssid
, passphrase
)
70 params
['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f",
71 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f" ]
72 params
['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f"
75 def ft_params1_r0kh_mismatch(rsn
=True, ssid
=None, passphrase
=None):
76 params
= ft_params(rsn
, ssid
, passphrase
)
77 params
['nas_identifier'] = "nas1.w1.fi"
78 params
['r1_key_holder'] = "000102030405"
79 params
['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f",
80 "12:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f" ]
81 params
['r1kh'] = "12:00:00:00:04:00 10:01:02:03:04:06 200102030405060708090a0b0c0d0e0f"
84 def ft_params2_incorrect_rrb_key(rsn
=True, ssid
=None, passphrase
=None):
85 params
= ft_params(rsn
, ssid
, passphrase
)
86 params
['nas_identifier'] = "nas2.w1.fi"
87 params
['r1_key_holder'] = "000102030406"
88 params
['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0ef1",
89 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0ef2" ]
90 params
['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0ef3"
93 def ft_params2_r0kh_mismatch(rsn
=True, ssid
=None, passphrase
=None):
94 params
= ft_params(rsn
, ssid
, passphrase
)
95 params
['nas_identifier'] = "nas2.w1.fi"
96 params
['r1_key_holder'] = "000102030406"
97 params
['r0kh'] = [ "12:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f",
98 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f" ]
99 params
['r1kh'] = "12:00:00:00:03:00 10:01:02:03:04:05 300102030405060708090a0b0c0d0e0f"
102 def run_roams(dev
, apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=False,
103 sae
=False, eap
=False, fail_test
=False, roams
=1,
104 pairwise_cipher
="CCMP", group_cipher
="TKIP CCMP", ptk_rekey
="0"):
105 logger
.info("Connect to first AP")
107 dev
.connect(ssid
, key_mgmt
="FT-EAP", proto
="WPA2", ieee80211w
="1",
108 eap
="GPSK", identity
="gpsk user",
109 password
="abcdefghijklmnop0123456789abcdef",
111 pairwise
=pairwise_cipher
, group
=group_cipher
,
112 wpa_ptk_rekey
=ptk_rekey
)
118 dev
.connect(ssid
, psk
=passphrase
, key_mgmt
=key_mgmt
, proto
="WPA2",
119 ieee80211w
="1", scan_freq
="2412",
120 pairwise
=pairwise_cipher
, group
=group_cipher
,
121 wpa_ptk_rekey
=ptk_rekey
)
122 if dev
.get_status_field('bssid') == apdev
[0]['bssid']:
132 hwsim_utils
.test_connectivity(dev
, hapd1ap
)
134 dev
.scan_for_bss(ap2
['bssid'], freq
="2412")
136 for i
in range(0, roams
):
137 logger
.info("Roam to the second AP")
139 dev
.roam_over_ds(ap2
['bssid'], fail_test
=fail_test
)
141 dev
.roam(ap2
['bssid'], fail_test
=fail_test
)
144 if dev
.get_status_field('bssid') != ap2
['bssid']:
145 raise Exception("Did not connect to correct AP")
146 if i
== 0 or i
== roams
- 1:
147 hwsim_utils
.test_connectivity(dev
, hapd2ap
)
149 logger
.info("Roam back to the first AP")
151 dev
.roam_over_ds(ap1
['bssid'])
153 dev
.roam(ap1
['bssid'])
154 if dev
.get_status_field('bssid') != ap1
['bssid']:
155 raise Exception("Did not connect to correct AP")
156 if i
== 0 or i
== roams
- 1:
157 hwsim_utils
.test_connectivity(dev
, hapd1ap
)
159 def test_ap_ft(dev
, apdev
):
162 passphrase
="12345678"
164 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
165 hapd0
= hostapd
.add_ap(apdev
[0], params
)
166 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
167 hapd1
= hostapd
.add_ap(apdev
[1], params
)
169 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
170 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
171 raise Exception("Scan results missing RSN element info")
173 def test_ap_ft_local_key_gen(dev
, apdev
):
174 """WPA2-PSK-FT AP with local key generation (without pull/push)"""
176 passphrase
="12345678"
178 params
= ft_params1a(ssid
=ssid
, passphrase
=passphrase
)
179 params
['ft_psk_generate_local'] = "1";
180 del params
['pmk_r1_push']
181 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
182 params
= ft_params2a(ssid
=ssid
, passphrase
=passphrase
)
183 params
['ft_psk_generate_local'] = "1";
184 del params
['pmk_r1_push']
185 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
187 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
188 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
189 raise Exception("Scan results missing RSN element info")
191 def test_ap_ft_many(dev
, apdev
):
192 """WPA2-PSK-FT AP multiple times"""
194 passphrase
="12345678"
196 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
197 hapd0
= hostapd
.add_ap(apdev
[0], params
)
198 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
199 hapd1
= hostapd
.add_ap(apdev
[1], params
)
201 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, roams
=50)
203 def test_ap_ft_mixed(dev
, apdev
):
204 """WPA2-PSK-FT mixed-mode AP"""
205 ssid
= "test-ft-mixed"
206 passphrase
="12345678"
208 params
= ft_params1(rsn
=False, ssid
=ssid
, passphrase
=passphrase
)
209 hapd
= hostapd
.add_ap(apdev
[0], params
)
210 key_mgmt
= hapd
.get_config()['key_mgmt']
211 vals
= key_mgmt
.split(' ')
212 if vals
[0] != "WPA-PSK" or vals
[1] != "FT-PSK":
213 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
214 params
= ft_params2(rsn
=False, ssid
=ssid
, passphrase
=passphrase
)
215 hapd1
= hostapd
.add_ap(apdev
[1], params
)
217 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
)
219 def test_ap_ft_pmf(dev
, apdev
):
220 """WPA2-PSK-FT AP with PMF"""
222 passphrase
="12345678"
224 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
225 params
["ieee80211w"] = "2"
226 hapd0
= hostapd
.add_ap(apdev
[0], params
)
227 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
228 params
["ieee80211w"] = "2"
229 hapd1
= hostapd
.add_ap(apdev
[1], params
)
231 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
233 def test_ap_ft_over_ds(dev
, apdev
):
234 """WPA2-PSK-FT AP over DS"""
236 passphrase
="12345678"
238 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
239 hapd0
= hostapd
.add_ap(apdev
[0], params
)
240 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
241 hapd1
= hostapd
.add_ap(apdev
[1], params
)
243 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
244 check_mib(dev
[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"),
245 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4") ])
247 def test_ap_ft_over_ds_many(dev
, apdev
):
248 """WPA2-PSK-FT AP over DS multiple times"""
250 passphrase
="12345678"
252 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
253 hapd0
= hostapd
.add_ap(apdev
[0], params
)
254 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
255 hapd1
= hostapd
.add_ap(apdev
[1], params
)
257 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
261 def test_ap_ft_over_ds_unknown_target(dev
, apdev
):
264 passphrase
="12345678"
266 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
267 hapd0
= hostapd
.add_ap(apdev
[0], params
)
269 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
271 dev
[0].roam_over_ds("02:11:22:33:44:55", fail_test
=True)
274 def test_ap_ft_over_ds_unexpected(dev
, apdev
):
275 """WPA2-PSK-FT AP over DS and unexpected response"""
277 passphrase
="12345678"
279 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
280 hapd0
= hostapd
.add_ap(apdev
[0], params
)
281 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
282 hapd1
= hostapd
.add_ap(apdev
[1], params
)
284 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
286 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
297 addr
= dev
[0].own_addr()
298 hapd1ap
.set("ext_mgmt_frame_handling", "1")
299 logger
.info("Foreign STA address")
303 msg
['sa'] = ap1
['bssid']
304 msg
['bssid'] = ap1
['bssid']
305 msg
['payload'] = binascii
.unhexlify("06021122334455660102030405060000")
308 logger
.info("No over-the-DS in progress")
309 msg
['payload'] = binascii
.unhexlify("0602" + addr
.replace(':', '') + "0102030405060000")
312 logger
.info("Non-zero status code")
313 msg
['payload'] = binascii
.unhexlify("0602" + addr
.replace(':', '') + "0102030405060100")
316 hapd1ap
.dump_monitor()
318 dev
[0].scan_for_bss(ap2
['bssid'], freq
="2412")
319 if "OK" not in dev
[0].request("FT_DS " + ap2
['bssid']):
320 raise Exception("FT_DS failed")
322 req
= hapd1ap
.mgmt_rx()
324 logger
.info("Foreign Target AP")
325 msg
['payload'] = binascii
.unhexlify("0602" + addr
.replace(':', '') + "0102030405060000")
328 addrs
= addr
.replace(':', '') + ap2
['bssid'].replace(':', '')
330 logger
.info("No IEs")
331 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "0000")
334 logger
.info("Invalid IEs (trigger parsing failure)")
335 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003700")
338 logger
.info("Too short MDIE")
339 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "000036021122")
342 logger
.info("Mobility domain mismatch")
343 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603112201")
346 logger
.info("No FTIE")
347 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201")
350 logger
.info("FTIE SNonce mismatch")
351 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "1000000000000000000000000000000000000000000000000000000000000001" + "030a6e6173322e77312e6669")
354 logger
.info("No R0KH-ID subelem in FTIE")
355 snonce
= binascii
.hexlify(req
['payload'][111:111+32])
356 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b20137520000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
)
359 logger
.info("No R0KH-ID subelem mismatch in FTIE")
360 snonce
= binascii
.hexlify(req
['payload'][111:111+32])
361 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
+ "030a11223344556677889900")
364 logger
.info("No R1KH-ID subelem in FTIE")
365 r0khid
= binascii
.hexlify(req
['payload'][145:145+10])
366 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
+ "030a" + r0khid
)
369 logger
.info("No RSNE")
370 r0khid
= binascii
.hexlify(req
['payload'][145:145+10])
371 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b20137660000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
+ "030a" + r0khid
+ "0106000102030405")
374 def test_ap_ft_pmf_over_ds(dev
, apdev
):
375 """WPA2-PSK-FT AP over DS with PMF"""
377 passphrase
="12345678"
379 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
380 params
["ieee80211w"] = "2"
381 hapd0
= hostapd
.add_ap(apdev
[0], params
)
382 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
383 params
["ieee80211w"] = "2"
384 hapd1
= hostapd
.add_ap(apdev
[1], params
)
386 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
388 def test_ap_ft_over_ds_pull(dev
, apdev
):
389 """WPA2-PSK-FT AP over DS (pull PMK)"""
391 passphrase
="12345678"
393 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
394 params
["pmk_r1_push"] = "0"
395 hapd0
= hostapd
.add_ap(apdev
[0], params
)
396 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
397 params
["pmk_r1_push"] = "0"
398 hapd1
= hostapd
.add_ap(apdev
[1], params
)
400 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
402 def test_ap_ft_sae(dev
, apdev
):
403 """WPA2-PSK-FT-SAE AP"""
404 if "SAE" not in dev
[0].get_capability("auth_alg"):
405 raise HwsimSkip("SAE not supported")
407 passphrase
="12345678"
409 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
410 params
['wpa_key_mgmt'] = "FT-SAE"
411 hapd0
= hostapd
.add_ap(apdev
[0], params
)
412 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
413 params
['wpa_key_mgmt'] = "FT-SAE"
414 hapd
= hostapd
.add_ap(apdev
[1], params
)
415 key_mgmt
= hapd
.get_config()['key_mgmt']
416 if key_mgmt
.split(' ')[0] != "FT-SAE":
417 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
419 dev
[0].request("SET sae_groups ")
420 run_roams(dev
[0], apdev
, hapd0
, hapd
, ssid
, passphrase
, sae
=True)
422 def test_ap_ft_sae_over_ds(dev
, apdev
):
423 """WPA2-PSK-FT-SAE AP over DS"""
424 if "SAE" not in dev
[0].get_capability("auth_alg"):
425 raise HwsimSkip("SAE not supported")
427 passphrase
="12345678"
429 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
430 params
['wpa_key_mgmt'] = "FT-SAE"
431 hapd0
= hostapd
.add_ap(apdev
[0], params
)
432 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
433 params
['wpa_key_mgmt'] = "FT-SAE"
434 hapd1
= hostapd
.add_ap(apdev
[1], params
)
436 dev
[0].request("SET sae_groups ")
437 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, sae
=True,
440 def test_ap_ft_eap(dev
, apdev
):
443 passphrase
="12345678"
445 radius
= hostapd
.radius_params()
446 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
447 params
['wpa_key_mgmt'] = "FT-EAP"
448 params
["ieee8021x"] = "1"
449 params
= dict(radius
.items() + params
.items())
450 hapd
= hostapd
.add_ap(apdev
[0], params
)
451 key_mgmt
= hapd
.get_config()['key_mgmt']
452 if key_mgmt
.split(' ')[0] != "FT-EAP":
453 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
454 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
455 params
['wpa_key_mgmt'] = "FT-EAP"
456 params
["ieee8021x"] = "1"
457 params
= dict(radius
.items() + params
.items())
458 hapd1
= hostapd
.add_ap(apdev
[1], params
)
460 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
, eap
=True)
461 if "[WPA2-FT/EAP-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
462 raise Exception("Scan results missing RSN element info")
463 check_mib(dev
[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-3"),
464 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-3") ])
466 # Verify EAPOL reauthentication after FT protocol
467 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
471 ap
.request("EAPOL_REAUTH " + dev
[0].own_addr())
472 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout
=5)
474 raise Exception("EAP authentication did not start")
475 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout
=5)
477 raise Exception("EAP authentication did not succeed")
479 hwsim_utils
.test_connectivity(dev
[0], ap
)
481 def test_ap_ft_eap_pull(dev
, apdev
):
482 """WPA2-EAP-FT AP (pull PMK)"""
484 passphrase
="12345678"
486 radius
= hostapd
.radius_params()
487 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
488 params
['wpa_key_mgmt'] = "FT-EAP"
489 params
["ieee8021x"] = "1"
490 params
["pmk_r1_push"] = "0"
491 params
= dict(radius
.items() + params
.items())
492 hapd
= hostapd
.add_ap(apdev
[0], params
)
493 key_mgmt
= hapd
.get_config()['key_mgmt']
494 if key_mgmt
.split(' ')[0] != "FT-EAP":
495 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
496 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
497 params
['wpa_key_mgmt'] = "FT-EAP"
498 params
["ieee8021x"] = "1"
499 params
["pmk_r1_push"] = "0"
500 params
= dict(radius
.items() + params
.items())
501 hapd1
= hostapd
.add_ap(apdev
[1], params
)
503 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
, eap
=True)
506 def test_ap_ft_mismatching_rrb_key_push(dev
, apdev
):
507 """WPA2-PSK-FT AP over DS with mismatching RRB key (push)"""
509 passphrase
="12345678"
511 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
512 params
["ieee80211w"] = "2"
513 hapd0
= hostapd
.add_ap(apdev
[0], params
)
514 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
515 params
["ieee80211w"] = "2"
516 hapd1
= hostapd
.add_ap(apdev
[1], params
)
518 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
522 def test_ap_ft_mismatching_rrb_key_pull(dev
, apdev
):
523 """WPA2-PSK-FT AP over DS with mismatching RRB key (pull)"""
525 passphrase
="12345678"
527 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
528 params
["pmk_r1_push"] = "0"
529 hapd0
= hostapd
.add_ap(apdev
[0], params
)
530 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
531 params
["pmk_r1_push"] = "0"
532 hapd1
= hostapd
.add_ap(apdev
[1], params
)
534 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
538 def test_ap_ft_mismatching_r0kh_id_pull(dev
, apdev
):
539 """WPA2-PSK-FT AP over DS with mismatching R0KH-ID (pull)"""
541 passphrase
="12345678"
543 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
544 params
["pmk_r1_push"] = "0"
545 params
["nas_identifier"] = "nas0.w1.fi"
546 hostapd
.add_ap(apdev
[0], params
)
547 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
550 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
551 params
["pmk_r1_push"] = "0"
552 hostapd
.add_ap(apdev
[1], params
)
554 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
555 dev
[0].roam_over_ds(apdev
[1]['bssid'], fail_test
=True)
558 def test_ap_ft_mismatching_rrb_r0kh_push(dev
, apdev
):
559 """WPA2-PSK-FT AP over DS with mismatching R0KH key (push)"""
561 passphrase
="12345678"
563 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
564 params
["ieee80211w"] = "2"
565 hapd0
= hostapd
.add_ap(apdev
[0], params
)
566 params
= ft_params2_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
567 params
["ieee80211w"] = "2"
568 hapd1
= hostapd
.add_ap(apdev
[1], params
)
570 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
574 def test_ap_ft_mismatching_rrb_r0kh_pull(dev
, apdev
):
575 """WPA2-PSK-FT AP over DS with mismatching R0KH key (pull)"""
577 passphrase
="12345678"
579 params
= ft_params1_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
580 params
["pmk_r1_push"] = "0"
581 hapd0
= hostapd
.add_ap(apdev
[0], params
)
582 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
583 params
["pmk_r1_push"] = "0"
584 hapd1
= hostapd
.add_ap(apdev
[1], params
)
586 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
589 def test_ap_ft_mismatching_rrb_key_push_eap(dev
, apdev
):
590 """WPA2-EAP-FT AP over DS with mismatching RRB key (push)"""
592 passphrase
="12345678"
594 radius
= hostapd
.radius_params()
595 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
596 params
["ieee80211w"] = "2";
597 params
['wpa_key_mgmt'] = "FT-EAP"
598 params
["ieee8021x"] = "1"
599 params
= dict(radius
.items() + params
.items())
600 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
601 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
602 params
["ieee80211w"] = "2";
603 params
['wpa_key_mgmt'] = "FT-EAP"
604 params
["ieee8021x"] = "1"
605 params
= dict(radius
.items() + params
.items())
606 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
608 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
609 fail_test
=True, eap
=True)
611 def test_ap_ft_mismatching_rrb_key_pull_eap(dev
, apdev
):
612 """WPA2-EAP-FT AP over DS with mismatching RRB key (pull)"""
614 passphrase
="12345678"
616 radius
= hostapd
.radius_params()
617 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
618 params
["pmk_r1_push"] = "0"
619 params
['wpa_key_mgmt'] = "FT-EAP"
620 params
["ieee8021x"] = "1"
621 params
= dict(radius
.items() + params
.items())
622 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
623 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
624 params
["pmk_r1_push"] = "0"
625 params
['wpa_key_mgmt'] = "FT-EAP"
626 params
["ieee8021x"] = "1"
627 params
= dict(radius
.items() + params
.items())
628 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
630 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
631 fail_test
=True, eap
=True)
633 def test_ap_ft_mismatching_r0kh_id_pull_eap(dev
, apdev
):
634 """WPA2-EAP-FT AP over DS with mismatching R0KH-ID (pull)"""
636 passphrase
="12345678"
638 radius
= hostapd
.radius_params()
639 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
640 params
["pmk_r1_push"] = "0"
641 params
["nas_identifier"] = "nas0.w1.fi"
642 params
['wpa_key_mgmt'] = "FT-EAP"
643 params
["ieee8021x"] = "1"
644 params
= dict(radius
.items() + params
.items())
645 hostapd
.add_ap(apdev
[0]['ifname'], params
)
646 dev
[0].connect(ssid
, key_mgmt
="FT-EAP", proto
="WPA2", ieee80211w
="1",
647 eap
="GPSK", identity
="gpsk user",
648 password
="abcdefghijklmnop0123456789abcdef",
651 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
652 params
["pmk_r1_push"] = "0"
653 params
['wpa_key_mgmt'] = "FT-EAP"
654 params
["ieee8021x"] = "1"
655 params
= dict(radius
.items() + params
.items())
656 hostapd
.add_ap(apdev
[1]['ifname'], params
)
658 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
659 dev
[0].roam_over_ds(apdev
[1]['bssid'], fail_test
=True)
661 def test_ap_ft_mismatching_rrb_r0kh_push_eap(dev
, apdev
):
662 """WPA2-EAP-FT AP over DS with mismatching R0KH key (push)"""
664 passphrase
="12345678"
666 radius
= hostapd
.radius_params()
667 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
668 params
["ieee80211w"] = "2";
669 params
['wpa_key_mgmt'] = "FT-EAP"
670 params
["ieee8021x"] = "1"
671 params
= dict(radius
.items() + params
.items())
672 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
673 params
= ft_params2_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
674 params
["ieee80211w"] = "2";
675 params
['wpa_key_mgmt'] = "FT-EAP"
676 params
["ieee8021x"] = "1"
677 params
= dict(radius
.items() + params
.items())
678 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
680 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
681 fail_test
=True, eap
=True)
683 def test_ap_ft_mismatching_rrb_r0kh_pull_eap(dev
, apdev
):
684 """WPA2-EAP-FT AP over DS with mismatching R0KH key (pull)"""
686 passphrase
="12345678"
688 radius
= hostapd
.radius_params()
689 params
= ft_params1_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
690 params
["pmk_r1_push"] = "0"
691 params
['wpa_key_mgmt'] = "FT-EAP"
692 params
["ieee8021x"] = "1"
693 params
= dict(radius
.items() + params
.items())
694 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
695 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
696 params
["pmk_r1_push"] = "0"
697 params
['wpa_key_mgmt'] = "FT-EAP"
698 params
["ieee8021x"] = "1"
699 params
= dict(radius
.items() + params
.items())
700 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
702 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
703 fail_test
=True, eap
=True)
705 def test_ap_ft_gtk_rekey(dev
, apdev
):
706 """WPA2-PSK-FT AP and GTK rekey"""
708 passphrase
="12345678"
710 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
711 params
['wpa_group_rekey'] = '1'
712 hapd
= hostapd
.add_ap(apdev
[0], params
)
714 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
715 ieee80211w
="1", scan_freq
="2412")
717 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
719 raise Exception("GTK rekey timed out after initial association")
720 hwsim_utils
.test_connectivity(dev
[0], hapd
)
722 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
723 params
['wpa_group_rekey'] = '1'
724 hapd1
= hostapd
.add_ap(apdev
[1], params
)
726 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
727 dev
[0].roam(apdev
[1]['bssid'])
728 if dev
[0].get_status_field('bssid') != apdev
[1]['bssid']:
729 raise Exception("Did not connect to correct AP")
730 hwsim_utils
.test_connectivity(dev
[0], hapd1
)
732 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
734 raise Exception("GTK rekey timed out after FT protocol")
735 hwsim_utils
.test_connectivity(dev
[0], hapd1
)
737 def test_ft_psk_key_lifetime_in_memory(dev
, apdev
, params
):
738 """WPA2-PSK-FT and key lifetime in memory"""
740 passphrase
="04c2726b4b8d5f1b4db9c07aa4d9e9d8f765cb5d25ec817e6cc4fcdd5255db0"
741 psk
= '93c90846ff67af9037ed83fb72b63dbeddaa81d47f926c20909b5886f1d9358d'
742 pmk
= binascii
.unhexlify(psk
)
743 p
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
744 hapd0
= hostapd
.add_ap(apdev
[0], p
)
745 p
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
746 hapd1
= hostapd
.add_ap(apdev
[1], p
)
748 pid
= find_wpas_process(dev
[0])
750 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
752 # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
753 # event has been delivered, so verify that wpa_supplicant has returned to
754 # eloop before reading process memory.
758 buf
= read_process_memory(pid
, pmk
)
760 dev
[0].request("DISCONNECT")
761 dev
[0].wait_disconnected()
768 with
open(os
.path
.join(params
['logdir'], 'log0'), 'r') as f
:
769 for l
in f
.readlines():
770 if "FT: PMK-R0 - hexdump" in l
:
771 val
= l
.strip().split(':')[3].replace(' ', '')
772 pmkr0
= binascii
.unhexlify(val
)
773 if "FT: PMK-R1 - hexdump" in l
:
774 val
= l
.strip().split(':')[3].replace(' ', '')
775 pmkr1
= binascii
.unhexlify(val
)
776 if "FT: KCK - hexdump" in l
:
777 val
= l
.strip().split(':')[3].replace(' ', '')
778 kck
= binascii
.unhexlify(val
)
779 if "FT: KEK - hexdump" in l
:
780 val
= l
.strip().split(':')[3].replace(' ', '')
781 kek
= binascii
.unhexlify(val
)
782 if "FT: TK - hexdump" in l
:
783 val
= l
.strip().split(':')[3].replace(' ', '')
784 tk
= binascii
.unhexlify(val
)
785 if "WPA: Group Key - hexdump" in l
:
786 val
= l
.strip().split(':')[3].replace(' ', '')
787 gtk
= binascii
.unhexlify(val
)
788 if not pmkr0
or not pmkr1
or not kck
or not kek
or not tk
or not gtk
:
789 raise Exception("Could not find keys from debug log")
791 raise Exception("Unexpected GTK length")
793 logger
.info("Checking keys in memory while associated")
794 get_key_locations(buf
, pmk
, "PMK")
795 get_key_locations(buf
, pmkr0
, "PMK-R0")
796 get_key_locations(buf
, pmkr1
, "PMK-R1")
798 raise HwsimSkip("PMK not found while associated")
800 raise HwsimSkip("PMK-R0 not found while associated")
802 raise HwsimSkip("PMK-R1 not found while associated")
804 raise Exception("KCK not found while associated")
806 raise Exception("KEK not found while associated")
808 raise Exception("TK found from memory")
810 get_key_locations(buf
, gtk
, "GTK")
811 raise Exception("GTK found from memory")
813 logger
.info("Checking keys in memory after disassociation")
814 buf
= read_process_memory(pid
, pmk
)
815 get_key_locations(buf
, pmk
, "PMK")
816 get_key_locations(buf
, pmkr0
, "PMK-R0")
817 get_key_locations(buf
, pmkr1
, "PMK-R1")
819 # Note: PMK/PSK is still present in network configuration
821 fname
= os
.path
.join(params
['logdir'],
822 'ft_psk_key_lifetime_in_memory.memctx-')
823 verify_not_present(buf
, pmkr0
, fname
, "PMK-R0")
824 verify_not_present(buf
, pmkr1
, fname
, "PMK-R1")
825 verify_not_present(buf
, kck
, fname
, "KCK")
826 verify_not_present(buf
, kek
, fname
, "KEK")
827 verify_not_present(buf
, tk
, fname
, "TK")
828 verify_not_present(buf
, gtk
, fname
, "GTK")
830 dev
[0].request("REMOVE_NETWORK all")
832 logger
.info("Checking keys in memory after network profile removal")
833 buf
= read_process_memory(pid
, pmk
)
834 get_key_locations(buf
, pmk
, "PMK")
835 get_key_locations(buf
, pmkr0
, "PMK-R0")
836 get_key_locations(buf
, pmkr1
, "PMK-R1")
838 verify_not_present(buf
, pmk
, fname
, "PMK")
839 verify_not_present(buf
, pmkr0
, fname
, "PMK-R0")
840 verify_not_present(buf
, pmkr1
, fname
, "PMK-R1")
841 verify_not_present(buf
, kck
, fname
, "KCK")
842 verify_not_present(buf
, kek
, fname
, "KEK")
843 verify_not_present(buf
, tk
, fname
, "TK")
844 verify_not_present(buf
, gtk
, fname
, "GTK")
847 def test_ap_ft_invalid_resp(dev
, apdev
):
848 """WPA2-PSK-FT AP and invalid response IEs"""
850 passphrase
="12345678"
852 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
853 hapd0
= hostapd
.add_ap(apdev
[0], params
)
854 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
857 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
858 hapd1
= hostapd
.add_ap(apdev
[1], params
)
861 # Various IEs for test coverage. The last one is FTIE with invalid
862 # R1KH-ID subelement.
863 "020002000000" + "3800" + "38051122334455" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010100",
864 # FTIE with invalid R0KH-ID subelement (len=0).
865 "020002000000" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010300",
866 # FTIE with invalid R0KH-ID subelement (len=49).
867 "020002000000" + "378500010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001033101020304050607080910111213141516171819202122232425262728293031323334353637383940414243444546474849",
869 "020002000000" + "3000",
870 # Required IEs missing from protected IE count.
871 "020002000000" + "3603a1b201" + "375200010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
872 # RIC missing from protected IE count.
873 "020002000000" + "3603a1b201" + "375200020203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
874 # Protected IE missing.
875 "020002000000" + "3603a1b201" + "375200ff0203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900" + "0000" ]
877 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
878 hapd1
.set("ext_mgmt_frame_handling", "1")
880 if "OK" not in dev
[0].request("ROAM " + apdev
[1]['bssid']):
881 raise Exception("ROAM failed")
884 msg
= hapd1
.mgmt_rx()
885 if msg
['subtype'] == 11:
889 raise Exception("Authentication frame not seen")
892 resp
['fc'] = auth
['fc']
893 resp
['da'] = auth
['sa']
894 resp
['sa'] = auth
['da']
895 resp
['bssid'] = auth
['bssid']
896 resp
['payload'] = binascii
.unhexlify(t
)
898 hapd1
.set("ext_mgmt_frame_handling", "0")
899 dev
[0].wait_disconnected()
901 dev
[0].request("RECONNECT")
902 dev
[0].wait_connected()
904 def test_ap_ft_gcmp_256(dev
, apdev
):
905 """WPA2-PSK-FT AP with GCMP-256 cipher"""
906 if "GCMP-256" not in dev
[0].get_capability("pairwise"):
907 raise HwsimSkip("Cipher GCMP-256 not supported")
909 passphrase
="12345678"
911 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
912 params
['rsn_pairwise'] = "GCMP-256"
913 hapd0
= hostapd
.add_ap(apdev
[0], params
)
914 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
915 params
['rsn_pairwise'] = "GCMP-256"
916 hapd1
= hostapd
.add_ap(apdev
[1], params
)
918 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
,
919 pairwise_cipher
="GCMP-256", group_cipher
="GCMP-256")
921 def test_ap_ft_oom(dev
, apdev
):
922 """WPA2-PSK-FT and OOM"""
923 skip_with_fips(dev
[0])
925 passphrase
="12345678"
927 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
928 hapd0
= hostapd
.add_ap(apdev
[0], params
)
929 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
930 hapd1
= hostapd
.add_ap(apdev
[1], params
)
932 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
934 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
935 dst
= apdev
[1]['bssid']
937 dst
= apdev
[0]['bssid']
939 dev
[0].scan_for_bss(dst
, freq
="2412")
940 with
alloc_fail(dev
[0], 1, "wpa_ft_gen_req_ies"):
942 with
fail_test(dev
[0], 1, "wpa_ft_mic"):
943 dev
[0].roam(dst
, fail_test
=True)
944 with
fail_test(dev
[0], 1, "os_get_random;wpa_ft_prepare_auth_request"):
945 dev
[0].roam(dst
, fail_test
=True)
947 dev
[0].request("REMOVE_NETWORK all")
948 with
alloc_fail(dev
[0], 1, "=sme_update_ft_ies"):
949 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
952 def test_ap_ft_over_ds_proto(dev
, apdev
):
953 """WPA2-PSK-FT AP over DS protocol testing"""
955 passphrase
="12345678"
957 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
958 hapd0
= hostapd
.add_ap(apdev
[0], params
)
959 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
962 # FT Action Response while no FT-over-DS in progress
965 msg
['da'] = dev
[0].own_addr()
966 msg
['sa'] = apdev
[0]['bssid']
967 msg
['bssid'] = apdev
[0]['bssid']
968 msg
['payload'] = binascii
.unhexlify("06020200000000000200000004000000")
971 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
972 hapd1
= hostapd
.add_ap(apdev
[1], params
)
973 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
974 hapd0
.set("ext_mgmt_frame_handling", "1")
976 dev
[0].request("FT_DS " + apdev
[1]['bssid'])
977 for i
in range(0, 10):
978 req
= hapd0
.mgmt_rx()
980 raise Exception("MGMT RX wait timed out")
981 if req
['subtype'] == 13:
985 raise Exception("FT Action frame not received")
987 # FT Action Response for unexpected Target AP
988 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "f20000000400" + "0000")
991 # FT Action Response without MDIE
992 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "020000000400" + "0000")
995 # FT Action Response without FTIE
996 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201")
999 # FT Action Response with FTIE SNonce mismatch
1000 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201" + "3766000000000000000000000000000000000000c4e67ac1999bebd00ff4ae4d5dcaf87896bb060b469f7c78d49623fb395c3455ffffff6b693fe6f8d8c5dfac0a22344750775bd09437f98b238c9f87b97f790c0106000102030406030a6e6173312e77312e6669")
1004 def test_ap_ft_rrb(dev
, apdev
):
1005 """WPA2-PSK-FT RRB protocol testing"""
1007 passphrase
="12345678"
1009 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1010 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1012 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1015 _dst_ll
= binascii
.unhexlify(apdev
[0]['bssid'].replace(':',''))
1016 _src_ll
= binascii
.unhexlify(dev
[0].own_addr().replace(':',''))
1018 ehdr
= _dst_ll
+ _src_ll
+ proto
1020 # Too short RRB frame
1022 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1023 raise Exception("DATA_TEST_FRAME failed")
1025 # RRB discarded frame wikth unrecognized type
1026 pkt
= ehdr
+ '\x02' + '\x02' + '\x01\x00' + _src_ll
1027 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1028 raise Exception("DATA_TEST_FRAME failed")
1030 # RRB frame too short for action frame
1031 pkt
= ehdr
+ '\x01' + '\x02' + '\x01\x00' + _src_ll
1032 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1033 raise Exception("DATA_TEST_FRAME failed")
1035 # Too short RRB frame (not enough room for Action Frame body)
1036 pkt
= ehdr
+ '\x01' + '\x02' + '\x00\x00' + _src_ll
1037 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1038 raise Exception("DATA_TEST_FRAME failed")
1040 # Unexpected Action frame category
1041 pkt
= ehdr
+ '\x01' + '\x02' + '\x0e\x00' + _src_ll
+ '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1042 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1043 raise Exception("DATA_TEST_FRAME failed")
1045 # Unexpected Action in RRB Request
1046 pkt
= ehdr
+ '\x01' + '\x00' + '\x0e\x00' + _src_ll
+ '\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1047 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1048 raise Exception("DATA_TEST_FRAME failed")
1050 # Target AP address in RRB Request does not match with own address
1051 pkt
= ehdr
+ '\x01' + '\x00' + '\x0e\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1052 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1053 raise Exception("DATA_TEST_FRAME failed")
1055 # Not enough room for status code in RRB Response
1056 pkt
= ehdr
+ '\x01' + '\x01' + '\x0e\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1057 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1058 raise Exception("DATA_TEST_FRAME failed")
1060 # RRB discarded frame with unknown packet_type
1061 pkt
= ehdr
+ '\x01' + '\x02' + '\x0e\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1062 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1063 raise Exception("DATA_TEST_FRAME failed")
1065 # RRB Response with non-zero status code; no STA match
1066 pkt
= ehdr
+ '\x01' + '\x01' + '\x10\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + '\xff\xff'
1067 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1068 raise Exception("DATA_TEST_FRAME failed")
1070 # RRB Response with zero status code and extra data; STA match
1071 pkt
= ehdr
+ '\x01' + '\x01' + '\x11\x00' + _src_ll
+ '\x06\x01' + _src_ll
+ '\x00\x00\x00\x00\x00\x00' + '\x00\x00' + '\x00'
1072 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1073 raise Exception("DATA_TEST_FRAME failed")
1075 # Too short PMK-R1 pull
1076 pkt
= ehdr
+ '\x01' + '\xc8' + '\x0e\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1077 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1078 raise Exception("DATA_TEST_FRAME failed")
1080 # Too short PMK-R1 resp
1081 pkt
= ehdr
+ '\x01' + '\xc9' + '\x0e\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1082 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1083 raise Exception("DATA_TEST_FRAME failed")
1085 # Too short PMK-R1 push
1086 pkt
= ehdr
+ '\x01' + '\xca' + '\x0e\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1087 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1088 raise Exception("DATA_TEST_FRAME failed")
1090 # No matching R0KH address found for PMK-R0 pull response
1091 pkt
= ehdr
+ '\x01' + '\xc9' + '\x5a\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + 76*'\00'
1092 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1093 raise Exception("DATA_TEST_FRAME failed")
1096 def test_rsn_ie_proto_ft_psk_sta(dev
, apdev
):
1097 """RSN element protocol testing for FT-PSK + PMF cases on STA side"""
1098 bssid
= apdev
[0]['bssid']
1100 passphrase
="12345678"
1102 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1103 params
["ieee80211w"] = "1"
1104 # This is the RSN element used normally by hostapd
1105 params
['own_ie_override'] = '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'
1106 hapd
= hostapd
.add_ap(apdev
[0], params
)
1107 id = dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1108 ieee80211w
="1", scan_freq
="2412",
1109 pairwise
="CCMP", group
="CCMP")
1111 tests
= [ ('PMKIDCount field included',
1112 '30160100000fac040100000fac040100000fac048c000000' + '3603a1b201'),
1113 ('Extra IE before RSNE',
1114 'dd0400000000' + '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'),
1115 ('PMKIDCount and Group Management Cipher suite fields included',
1116 '301a0100000fac040100000fac040100000fac048c000000000fac06' + '3603a1b201'),
1117 ('Extra octet after defined fields (future extensibility)',
1118 '301b0100000fac040100000fac040100000fac048c000000000fac0600' + '3603a1b201'),
1119 ('No RSN Capabilities field (PMF disabled in practice)',
1120 '30120100000fac040100000fac040100000fac04' + '3603a1b201') ]
1121 for txt
,ie
in tests
:
1122 dev
[0].request("DISCONNECT")
1123 dev
[0].wait_disconnected()
1126 hapd
.set('own_ie_override', ie
)
1128 dev
[0].request("BSS_FLUSH 0")
1129 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
1130 dev
[0].select_network(id, freq
=2412)
1131 dev
[0].wait_connected()
1133 dev
[0].request("DISCONNECT")
1134 dev
[0].wait_disconnected()
1136 logger
.info('Invalid RSNE causing internal hostapd error')
1138 hapd
.set('own_ie_override', '30130100000fac040100000fac040100000fac048c' + '3603a1b201')
1140 dev
[0].request("BSS_FLUSH 0")
1141 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
1142 dev
[0].select_network(id, freq
=2412)
1143 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
1145 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=1)
1147 raise Exception("Unexpected connection")
1148 dev
[0].request("DISCONNECT")
1150 logger
.info('Unexpected PMKID causing internal hostapd error')
1152 hapd
.set('own_ie_override', '30260100000fac040100000fac040100000fac048c000100ffffffffffffffffffffffffffffffff' + '3603a1b201')
1154 dev
[0].request("BSS_FLUSH 0")
1155 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
1156 dev
[0].select_network(id, freq
=2412)
1157 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
1159 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=1)
1161 raise Exception("Unexpected connection")
1162 dev
[0].request("DISCONNECT")
1164 def test_ap_ft_ptk_rekey(dev
, apdev
):
1165 """WPA2-PSK-FT PTK rekeying triggered by station after roam"""
1167 passphrase
="12345678"
1169 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1170 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1171 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1172 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1174 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, ptk_rekey
="1")
1176 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECTED",
1177 "WPA: Key negotiation completed"], timeout
=5)
1179 raise Exception("No event received after roam")
1180 if "CTRL-EVENT-DISCONNECTED" in ev
:
1181 raise Exception("Unexpected disconnection after roam")
1183 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
1187 hwsim_utils
.test_connectivity(dev
[0], hapd
)
1189 def test_ap_ft_ptk_rekey_ap(dev
, apdev
):
1190 """WPA2-PSK-FT PTK rekeying triggered by AP after roam"""
1192 passphrase
="12345678"
1194 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1195 params
['wpa_ptk_rekey'] = '2'
1196 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1197 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1198 params
['wpa_ptk_rekey'] = '2'
1199 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1201 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
1203 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECTED",
1204 "WPA: Key negotiation completed"], timeout
=5)
1206 raise Exception("No event received after roam")
1207 if "CTRL-EVENT-DISCONNECTED" in ev
:
1208 raise Exception("Unexpected disconnection after roam")
1210 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
1214 hwsim_utils
.test_connectivity(dev
[0], hapd
)
1216 def test_ap_ft_internal_rrb_check(dev
, apdev
):
1217 """RRB internal delivery only to WPA enabled BSS"""
1219 passphrase
="12345678"
1221 radius
= hostapd
.radius_params()
1222 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1223 params
['wpa_key_mgmt'] = "FT-EAP"
1224 params
["ieee8021x"] = "1"
1225 params
= dict(radius
.items() + params
.items())
1226 hapd
= hostapd
.add_ap(apdev
[0], params
)
1227 key_mgmt
= hapd
.get_config()['key_mgmt']
1228 if key_mgmt
.split(' ')[0] != "FT-EAP":
1229 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
1231 hapd1
= hostapd
.add_ap(apdev
[1], { "ssid" : ssid
})
1233 # Connect to WPA enabled AP
1234 dev
[0].connect(ssid
, key_mgmt
="FT-EAP", proto
="WPA2", ieee80211w
="1",
1235 eap
="GPSK", identity
="gpsk user",
1236 password
="abcdefghijklmnop0123456789abcdef",
1239 # Try over_ds roaming to non-WPA-enabled AP.
1240 # If hostapd does not check hapd->wpa_auth internally, it will crash now.
1241 dev
[0].roam_over_ds(apdev
[1]['bssid'], fail_test
=True)
1243 def test_ap_ft_extra_ie(dev
, apdev
):
1244 """WPA2-PSK-FT AP with WPA2-PSK enabled and unexpected MDE"""
1246 passphrase
="12345678"
1248 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1249 params
["wpa_key_mgmt"] = "WPA-PSK FT-PSK"
1250 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1251 dev
[1].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1253 dev
[2].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK", proto
="WPA2",
1256 # Add Mobility Domain element to test AP validation code.
1257 dev
[0].request("VENDOR_ELEM_ADD 13 3603a1b201")
1258 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK", proto
="WPA2",
1259 scan_freq
="2412", wait_connect
=False)
1260 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED",
1261 "CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
1263 raise Exception("No connection result")
1264 if "CTRL-EVENT-CONNECTED" in ev
:
1265 raise Exception("Non-FT association accepted with MDE")
1266 if "status_code=43" not in ev
:
1267 raise Exception("Unexpected status code: " + ev
)
1268 dev
[0].request("DISCONNECT")
1270 dev
[0].request("VENDOR_ELEM_REMOVE 13 *")