1 # Fast BSS Transition tests
2 # Copyright (c) 2013-2019, Jouni Malinen <j@w1.fi>
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
7 from remotehost
import remote_compatible
12 logger
= logging
.getLogger()
18 from hwsim
import HWSimRadio
20 from tshark
import run_tshark
21 from utils
import HwsimSkip
, alloc_fail
, fail_test
, wait_fail_trigger
, skip_with_fips
, parse_ie
22 from wlantest
import Wlantest
23 from test_ap_psk
import check_mib
, find_wpas_process
, read_process_memory
, verify_not_present
, get_key_locations
24 from test_rrm
import check_beacon_req
28 "wpa_key_mgmt": "FT-PSK",
29 "rsn_pairwise": "CCMP"}
34 "wpa_key_mgmt": "WPA-PSK FT-PSK",
35 "wpa_pairwise": "TKIP",
36 "rsn_pairwise": "CCMP"}
39 def ft_params(rsn
=True, ssid
=None, passphrase
=None):
41 params
= ft_base_rsn()
43 params
= ft_base_mixed()
47 params
["wpa_passphrase"] = passphrase
49 params
["mobility_domain"] = "a1b2"
50 params
["r0_key_lifetime"] = "10000"
51 params
["pmk_r1_push"] = "1"
52 params
["reassociation_deadline"] = "1000"
55 def ft_params1a(rsn
=True, ssid
=None, passphrase
=None):
56 params
= ft_params(rsn
, ssid
, passphrase
)
57 params
['nas_identifier'] = "nas1.w1.fi"
58 params
['r1_key_holder'] = "000102030405"
61 def ft_params1(rsn
=True, ssid
=None, passphrase
=None, discovery
=False):
62 params
= ft_params1a(rsn
, ssid
, passphrase
)
64 params
['r0kh'] = "ff:ff:ff:ff:ff:ff * 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
65 params
['r1kh'] = "00:00:00:00:00:00 00:00:00:00:00:00 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
67 params
['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f",
68 "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"]
69 params
['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f"
72 def ft_params1_old_key(rsn
=True, ssid
=None, passphrase
=None):
73 params
= ft_params1a(rsn
, ssid
, passphrase
)
74 params
['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f",
75 "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f"]
76 params
['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f"
79 def ft_params2a(rsn
=True, ssid
=None, passphrase
=None):
80 params
= ft_params(rsn
, ssid
, passphrase
)
81 params
['nas_identifier'] = "nas2.w1.fi"
82 params
['r1_key_holder'] = "000102030406"
85 def ft_params2(rsn
=True, ssid
=None, passphrase
=None, discovery
=False):
86 params
= ft_params2a(rsn
, ssid
, passphrase
)
88 params
['r0kh'] = "ff:ff:ff:ff:ff:ff * 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
89 params
['r1kh'] = "00:00:00:00:00:00 00:00:00:00:00:00 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
91 params
['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f",
92 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f"]
93 params
['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"
96 def ft_params2_old_key(rsn
=True, ssid
=None, passphrase
=None):
97 params
= ft_params2a(rsn
, ssid
, passphrase
)
98 params
['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f",
99 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f"]
100 params
['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f"
103 def ft_params1_r0kh_mismatch(rsn
=True, ssid
=None, passphrase
=None):
104 params
= ft_params(rsn
, ssid
, passphrase
)
105 params
['nas_identifier'] = "nas1.w1.fi"
106 params
['r1_key_holder'] = "000102030405"
107 params
['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f",
108 "12:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"]
109 params
['r1kh'] = "12:00:00:00:04:00 10:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f"
112 def ft_params2_incorrect_rrb_key(rsn
=True, ssid
=None, passphrase
=None):
113 params
= ft_params(rsn
, ssid
, passphrase
)
114 params
['nas_identifier'] = "nas2.w1.fi"
115 params
['r1_key_holder'] = "000102030406"
116 params
['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0ef1200102030405060708090a0b0c0d0ef1",
117 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0ef2000102030405060708090a0b0c0d0ef2"]
118 params
['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0ef3300102030405060708090a0b0c0d0ef3"
121 def ft_params2_r0kh_mismatch(rsn
=True, ssid
=None, passphrase
=None):
122 params
= ft_params(rsn
, ssid
, passphrase
)
123 params
['nas_identifier'] = "nas2.w1.fi"
124 params
['r1_key_holder'] = "000102030406"
125 params
['r0kh'] = ["12:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f",
126 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f"]
127 params
['r1kh'] = "12:00:00:00:03:00 10:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"
130 def run_roams(dev
, apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=False,
131 sae
=False, eap
=False, fail_test
=False, roams
=1,
132 pairwise_cipher
="CCMP", group_cipher
="TKIP CCMP", ptk_rekey
="0",
133 test_connectivity
=True, eap_identity
="gpsk user", conndev
=False,
134 force_initial_conn_to_first_ap
=False, sha384
=False,
135 group_mgmt
=None, ocv
=None, sae_password
=None,
136 sae_password_id
=None, sae_and_psk
=False, pmksa_caching
=False,
137 roam_with_reassoc
=False, also_non_ft
=False, only_one_way
=False):
138 logger
.info("Connect to first AP")
141 copts
["proto"] = "WPA2"
142 copts
["ieee80211w"] = "1"
143 copts
["scan_freq"] = "2412"
144 copts
["pairwise"] = pairwise_cipher
145 copts
["group"] = group_cipher
146 copts
["wpa_ptk_rekey"] = ptk_rekey
148 copts
["group_mgmt"] = group_mgmt
153 copts
["key_mgmt"] = "WPA-EAP-SUITE-B-192 FT-EAP-SHA384" if sha384
else "WPA-EAP FT-EAP"
155 copts
["key_mgmt"] = "FT-EAP-SHA384" if sha384
else "FT-EAP"
156 copts
["eap"] = "GPSK"
157 copts
["identity"] = eap_identity
158 copts
["password"] = "abcdefghijklmnop0123456789abcdef"
161 copts
["key_mgmt"] = "SAE FT-SAE" if sae_and_psk
else "FT-SAE"
163 copts
["key_mgmt"] = "FT-PSK"
165 copts
["psk"] = passphrase
167 copts
["sae_password"] = sae_password
169 copts
["sae_password_id"] = sae_password_id
170 if force_initial_conn_to_first_ap
:
171 copts
["bssid"] = apdev
[0]['bssid']
172 netw
= dev
.connect(ssid
, **copts
)
174 dev
.request("DISCONNECT")
175 dev
.wait_disconnected()
176 dev
.request("RECONNECT")
177 ev
= dev
.wait_event(["CTRL-EVENT-CONNECTED", "CTRL-EVENT-DISCONNECTED"],
180 raise Exception("Reconnect timed out")
181 if "CTRL-EVENT-DISCONNECTED" in ev
:
182 raise Exception("Unexpected disconnection after RECONNECT")
184 if dev
.get_status_field('bssid') == apdev
[0]['bssid']:
194 if test_connectivity
:
196 hwsim_utils
.test_connectivity_iface(dev
, hapd1ap
, conndev
)
198 hwsim_utils
.test_connectivity(dev
, hapd1ap
)
200 dev
.scan_for_bss(ap2
['bssid'], freq
="2412")
202 for i
in range(0, roams
):
203 # Roaming artificially fast can make data test fail because the key is
206 logger
.info("Roam to the second AP")
207 if roam_with_reassoc
:
208 dev
.set_network(netw
, "bssid", ap2
['bssid'])
209 dev
.request("REASSOCIATE")
212 dev
.roam_over_ds(ap2
['bssid'], fail_test
=fail_test
)
214 dev
.roam(ap2
['bssid'], fail_test
=fail_test
)
217 if dev
.get_status_field('bssid') != ap2
['bssid']:
218 raise Exception("Did not connect to correct AP")
219 if (i
== 0 or i
== roams
- 1) and test_connectivity
:
221 hwsim_utils
.test_connectivity_iface(dev
, hapd2ap
, conndev
)
223 hwsim_utils
.test_connectivity(dev
, hapd2ap
)
227 # Roaming artificially fast can make data test fail because the key is
230 logger
.info("Roam back to the first AP")
231 if roam_with_reassoc
:
232 dev
.set_network(netw
, "bssid", ap1
['bssid'])
233 dev
.request("REASSOCIATE")
236 dev
.roam_over_ds(ap1
['bssid'])
238 dev
.roam(ap1
['bssid'])
239 if dev
.get_status_field('bssid') != ap1
['bssid']:
240 raise Exception("Did not connect to correct AP")
241 if (i
== 0 or i
== roams
- 1) and test_connectivity
:
243 hwsim_utils
.test_connectivity_iface(dev
, hapd1ap
, conndev
)
245 hwsim_utils
.test_connectivity(dev
, hapd1ap
)
247 def test_ap_ft(dev
, apdev
):
250 passphrase
= "12345678"
252 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
253 hapd0
= hostapd
.add_ap(apdev
[0], params
)
254 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
255 hapd1
= hostapd
.add_ap(apdev
[1], params
)
257 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
258 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
259 raise Exception("Scan results missing RSN element info")
261 def test_ap_ft_old_key(dev
, apdev
):
262 """WPA2-PSK-FT AP (old key)"""
264 passphrase
= "12345678"
266 params
= ft_params1_old_key(ssid
=ssid
, passphrase
=passphrase
)
267 hapd0
= hostapd
.add_ap(apdev
[0], params
)
268 params
= ft_params2_old_key(ssid
=ssid
, passphrase
=passphrase
)
269 hapd1
= hostapd
.add_ap(apdev
[1], params
)
271 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
273 def test_ap_ft_multi_akm(dev
, apdev
):
274 """WPA2-PSK-FT AP with non-FT AKMs enabled"""
276 passphrase
= "12345678"
278 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
279 params
["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256"
280 hapd0
= hostapd
.add_ap(apdev
[0], params
)
281 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
282 params
["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256"
283 hapd1
= hostapd
.add_ap(apdev
[1], params
)
285 Wlantest
.setup(hapd0
)
288 wt
.add_passphrase(passphrase
)
290 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
291 if "[WPA2-PSK+FT/PSK+PSK-SHA256-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
292 raise Exception("Scan results missing RSN element info")
293 dev
[1].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
294 dev
[2].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK-SHA256",
297 def test_ap_ft_local_key_gen(dev
, apdev
):
298 """WPA2-PSK-FT AP with local key generation (without pull/push)"""
300 passphrase
= "12345678"
302 params
= ft_params1a(ssid
=ssid
, passphrase
=passphrase
)
303 params
['ft_psk_generate_local'] = "1"
304 del params
['pmk_r1_push']
305 hapd0
= hostapd
.add_ap(apdev
[0], params
)
306 params
= ft_params2a(ssid
=ssid
, passphrase
=passphrase
)
307 params
['ft_psk_generate_local'] = "1"
308 del params
['pmk_r1_push']
309 hapd1
= hostapd
.add_ap(apdev
[1], params
)
311 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
312 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
313 raise Exception("Scan results missing RSN element info")
315 def test_ap_ft_vlan(dev
, apdev
):
316 """WPA2-PSK-FT AP with VLAN"""
318 passphrase
= "12345678"
320 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
321 params
['dynamic_vlan'] = "1"
322 params
['accept_mac_file'] = "hostapd.accept"
323 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
325 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
326 params
['dynamic_vlan'] = "1"
327 params
['accept_mac_file'] = "hostapd.accept"
328 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
330 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, conndev
="brvlan1")
331 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
332 raise Exception("Scan results missing RSN element info")
334 def test_ap_ft_vlan_disconnected(dev
, apdev
):
335 """WPA2-PSK-FT AP with VLAN and local key generation"""
337 passphrase
= "12345678"
339 params
= ft_params1a(ssid
=ssid
, passphrase
=passphrase
)
340 params
['dynamic_vlan'] = "1"
341 params
['accept_mac_file'] = "hostapd.accept"
342 params
['ft_psk_generate_local'] = "1"
343 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
345 params
= ft_params2a(ssid
=ssid
, passphrase
=passphrase
)
346 params
['dynamic_vlan'] = "1"
347 params
['accept_mac_file'] = "hostapd.accept"
348 params
['ft_psk_generate_local'] = "1"
349 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
351 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, conndev
="brvlan1")
352 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
353 raise Exception("Scan results missing RSN element info")
355 def test_ap_ft_vlan_2(dev
, apdev
):
356 """WPA2-PSK-FT AP with VLAN and dest-AP does not have VLAN info locally"""
358 passphrase
= "12345678"
360 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
361 params
['dynamic_vlan'] = "1"
362 params
['accept_mac_file'] = "hostapd.accept"
363 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
365 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
366 params
['dynamic_vlan'] = "1"
367 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
369 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, conndev
="brvlan1",
370 force_initial_conn_to_first_ap
=True)
371 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
372 raise Exception("Scan results missing RSN element info")
374 def test_ap_ft_many(dev
, apdev
):
375 """WPA2-PSK-FT AP multiple times"""
377 passphrase
= "12345678"
379 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
380 hapd0
= hostapd
.add_ap(apdev
[0], params
)
381 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
382 hapd1
= hostapd
.add_ap(apdev
[1], params
)
384 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, roams
=50)
386 def test_ap_ft_many_vlan(dev
, apdev
):
387 """WPA2-PSK-FT AP with VLAN multiple times"""
389 passphrase
= "12345678"
391 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
392 params
['dynamic_vlan'] = "1"
393 params
['accept_mac_file'] = "hostapd.accept"
394 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
396 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
397 params
['dynamic_vlan'] = "1"
398 params
['accept_mac_file'] = "hostapd.accept"
399 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
401 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, roams
=50,
404 def test_ap_ft_mixed(dev
, apdev
):
405 """WPA2-PSK-FT mixed-mode AP"""
406 ssid
= "test-ft-mixed"
407 passphrase
= "12345678"
409 params
= ft_params1(rsn
=False, ssid
=ssid
, passphrase
=passphrase
)
410 hapd
= hostapd
.add_ap(apdev
[0], params
)
411 key_mgmt
= hapd
.get_config()['key_mgmt']
412 vals
= key_mgmt
.split(' ')
413 if vals
[0] != "WPA-PSK" or vals
[1] != "FT-PSK":
414 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
415 params
= ft_params2(rsn
=False, ssid
=ssid
, passphrase
=passphrase
)
416 hapd1
= hostapd
.add_ap(apdev
[1], params
)
418 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
)
420 def test_ap_ft_pmf(dev
, apdev
):
421 """WPA2-PSK-FT AP with PMF"""
423 passphrase
= "12345678"
425 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
426 params
["ieee80211w"] = "2"
427 hapd0
= hostapd
.add_ap(apdev
[0], params
)
428 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
429 params
["ieee80211w"] = "2"
430 hapd1
= hostapd
.add_ap(apdev
[1], params
)
432 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
434 def test_ap_ft_pmf_bip_cmac_128(dev
, apdev
):
435 """WPA2-PSK-FT AP with PMF/BIP-CMAC-128"""
436 run_ap_ft_pmf_bip(dev
, apdev
, "AES-128-CMAC")
438 def test_ap_ft_pmf_bip_gmac_128(dev
, apdev
):
439 """WPA2-PSK-FT AP with PMF/BIP-GMAC-128"""
440 run_ap_ft_pmf_bip(dev
, apdev
, "BIP-GMAC-128")
442 def test_ap_ft_pmf_bip_gmac_256(dev
, apdev
):
443 """WPA2-PSK-FT AP with PMF/BIP-GMAC-256"""
444 run_ap_ft_pmf_bip(dev
, apdev
, "BIP-GMAC-256")
446 def test_ap_ft_pmf_bip_cmac_256(dev
, apdev
):
447 """WPA2-PSK-FT AP with PMF/BIP-CMAC-256"""
448 run_ap_ft_pmf_bip(dev
, apdev
, "BIP-CMAC-256")
450 def run_ap_ft_pmf_bip(dev
, apdev
, cipher
):
451 if cipher
not in dev
[0].get_capability("group_mgmt"):
452 raise HwsimSkip("Cipher %s not supported" % cipher
)
455 passphrase
= "12345678"
457 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
458 params
["ieee80211w"] = "2"
459 params
["group_mgmt_cipher"] = cipher
460 hapd0
= hostapd
.add_ap(apdev
[0], params
)
461 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
462 params
["ieee80211w"] = "2"
463 params
["group_mgmt_cipher"] = cipher
464 hapd1
= hostapd
.add_ap(apdev
[1], params
)
466 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
,
469 def test_ap_ft_ocv(dev
, apdev
):
470 """WPA2-PSK-FT AP with OCV"""
472 passphrase
= "12345678"
474 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
475 params
["ieee80211w"] = "2"
478 hapd0
= hostapd
.add_ap(apdev
[0], params
)
479 except Exception as e
:
480 if "Failed to set hostapd parameter ocv" in str(e
):
481 raise HwsimSkip("OCV not supported")
483 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
484 params
["ieee80211w"] = "2"
486 hapd1
= hostapd
.add_ap(apdev
[1], params
)
488 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, ocv
="1")
490 def test_ap_ft_over_ds(dev
, apdev
):
491 """WPA2-PSK-FT AP over DS"""
493 passphrase
= "12345678"
495 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
496 hapd0
= hostapd
.add_ap(apdev
[0], params
)
497 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
498 hapd1
= hostapd
.add_ap(apdev
[1], params
)
500 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
501 check_mib(dev
[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"),
502 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4")])
504 def cleanup_ap_ft_separate_hostapd():
505 subprocess
.call(["brctl", "delif", "br0ft", "veth0"],
506 stderr
=open('/dev/null', 'w'))
507 subprocess
.call(["brctl", "delif", "br1ft", "veth1"],
508 stderr
=open('/dev/null', 'w'))
509 subprocess
.call(["ip", "link", "del", "veth0"],
510 stderr
=open('/dev/null', 'w'))
511 subprocess
.call(["ip", "link", "del", "veth1"],
512 stderr
=open('/dev/null', 'w'))
513 for ifname
in ['br0ft', 'br1ft', 'br-ft']:
514 subprocess
.call(['ip', 'link', 'set', 'dev', ifname
, 'down'],
515 stderr
=open('/dev/null', 'w'))
516 subprocess
.call(['brctl', 'delbr', ifname
],
517 stderr
=open('/dev/null', 'w'))
519 def test_ap_ft_separate_hostapd(dev
, apdev
, params
):
520 """WPA2-PSK-FT AP and separate hostapd process"""
522 run_ap_ft_separate_hostapd(dev
, apdev
, params
, False)
524 cleanup_ap_ft_separate_hostapd()
526 def test_ap_ft_over_ds_separate_hostapd(dev
, apdev
, params
):
527 """WPA2-PSK-FT AP over DS and separate hostapd process"""
529 run_ap_ft_separate_hostapd(dev
, apdev
, params
, True)
531 cleanup_ap_ft_separate_hostapd()
533 def run_ap_ft_separate_hostapd(dev
, apdev
, params
, over_ds
):
535 passphrase
= "12345678"
536 logdir
= params
['logdir']
537 pidfile
= os
.path
.join(logdir
, 'ap_ft_over_ds_separate_hostapd.pid')
538 logfile
= os
.path
.join(logdir
, 'ap_ft_over_ds_separate_hostapd.hapd')
539 global_ctrl
= '/var/run/hostapd-ft'
543 subprocess
.check_call(['brctl', 'addbr', br_ifname
])
544 subprocess
.check_call(['brctl', 'setfd', br_ifname
, '0'])
545 subprocess
.check_call(['ip', 'link', 'set', 'dev', br_ifname
, 'up'])
547 subprocess
.check_call(["ip", "link", "add", "veth0", "type", "veth",
548 "peer", "name", "veth0br"])
549 subprocess
.check_call(["ip", "link", "add", "veth1", "type", "veth",
550 "peer", "name", "veth1br"])
551 subprocess
.check_call(['ip', 'link', 'set', 'dev', 'veth0br', 'up'])
552 subprocess
.check_call(['ip', 'link', 'set', 'dev', 'veth1br', 'up'])
553 subprocess
.check_call(['brctl', 'addif', br_ifname
, 'veth0br'])
554 subprocess
.check_call(['brctl', 'addif', br_ifname
, 'veth1br'])
556 subprocess
.check_call(['brctl', 'addbr', 'br0ft'])
557 subprocess
.check_call(['brctl', 'setfd', 'br0ft', '0'])
558 subprocess
.check_call(['ip', 'link', 'set', 'dev', 'br0ft', 'up'])
559 subprocess
.check_call(['ip', 'link', 'set', 'dev', 'veth0', 'up'])
560 subprocess
.check_call(['brctl', 'addif', 'br0ft', 'veth0'])
561 subprocess
.check_call(['brctl', 'addbr', 'br1ft'])
562 subprocess
.check_call(['brctl', 'setfd', 'br1ft', '0'])
563 subprocess
.check_call(['ip', 'link', 'set', 'dev', 'br1ft', 'up'])
564 subprocess
.check_call(['ip', 'link', 'set', 'dev', 'veth1', 'up'])
565 subprocess
.check_call(['brctl', 'addif', 'br1ft', 'veth1'])
566 except subprocess
.CalledProcessError
:
567 raise HwsimSkip("Bridge or veth not supported (kernel CONFIG_VETH)")
569 with
HWSimRadio() as (radio
, iface
):
570 prg
= os
.path
.join(logdir
, 'alt-hostapd/hostapd/hostapd')
571 if not os
.path
.exists(prg
):
572 prg
= '../../hostapd/hostapd'
573 cmd
= [prg
, '-B', '-ddKt',
574 '-P', pidfile
, '-f', logfile
, '-g', global_ctrl
]
575 subprocess
.check_call(cmd
)
577 hglobal
= hostapd
.HostapdGlobal(global_ctrl_override
=global_ctrl
)
578 apdev_ft
= {'ifname': iface
}
579 apdev2
= [apdev_ft
, apdev
[1]]
581 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
582 params
["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
583 params
["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
584 params
['bridge'] = 'br0ft'
585 hapd0
= hostapd
.add_ap(apdev2
[0], params
,
586 global_ctrl_override
=global_ctrl
)
587 apdev2
[0]['bssid'] = hapd0
.own_addr()
588 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
589 params
["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
590 params
["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
591 params
['bridge'] = 'br1ft'
592 hapd1
= hostapd
.add_ap(apdev2
[1], params
)
594 run_roams(dev
[0], apdev2
, hapd0
, hapd1
, ssid
, passphrase
,
595 over_ds
=over_ds
, test_connectivity
=False)
599 if os
.path
.exists(pidfile
):
600 with
open(pidfile
, 'r') as f
:
603 os
.kill(pid
, signal
.SIGTERM
)
605 def test_ap_ft_over_ds_ocv(dev
, apdev
):
606 """WPA2-PSK-FT AP over DS"""
608 passphrase
= "12345678"
610 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
611 params
["ieee80211w"] = "2"
614 hapd0
= hostapd
.add_ap(apdev
[0], params
)
615 except Exception as e
:
616 if "Failed to set hostapd parameter ocv" in str(e
):
617 raise HwsimSkip("OCV not supported")
619 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
620 params
["ieee80211w"] = "2"
622 hapd1
= hostapd
.add_ap(apdev
[1], params
)
624 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
627 def test_ap_ft_over_ds_disabled(dev
, apdev
):
628 """WPA2-PSK-FT AP over DS disabled"""
630 passphrase
= "12345678"
632 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
633 params
['ft_over_ds'] = '0'
634 hapd0
= hostapd
.add_ap(apdev
[0], params
)
635 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
636 params
['ft_over_ds'] = '0'
637 hapd1
= hostapd
.add_ap(apdev
[1], params
)
639 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
642 def test_ap_ft_vlan_over_ds(dev
, apdev
):
643 """WPA2-PSK-FT AP over DS with VLAN"""
645 passphrase
= "12345678"
647 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
648 params
['dynamic_vlan'] = "1"
649 params
['accept_mac_file'] = "hostapd.accept"
650 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
651 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
652 params
['dynamic_vlan'] = "1"
653 params
['accept_mac_file'] = "hostapd.accept"
654 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
656 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
658 check_mib(dev
[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"),
659 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4")])
661 def test_ap_ft_over_ds_many(dev
, apdev
):
662 """WPA2-PSK-FT AP over DS multiple times"""
664 passphrase
= "12345678"
666 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
667 hapd0
= hostapd
.add_ap(apdev
[0], params
)
668 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
669 hapd1
= hostapd
.add_ap(apdev
[1], params
)
671 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
674 def test_ap_ft_vlan_over_ds_many(dev
, apdev
):
675 """WPA2-PSK-FT AP over DS with VLAN multiple times"""
677 passphrase
= "12345678"
679 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
680 params
['dynamic_vlan'] = "1"
681 params
['accept_mac_file'] = "hostapd.accept"
682 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
683 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
684 params
['dynamic_vlan'] = "1"
685 params
['accept_mac_file'] = "hostapd.accept"
686 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
688 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
689 roams
=50, conndev
="brvlan1")
692 def test_ap_ft_over_ds_unknown_target(dev
, apdev
):
695 passphrase
= "12345678"
697 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
698 hapd0
= hostapd
.add_ap(apdev
[0], params
)
700 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
702 dev
[0].roam_over_ds("02:11:22:33:44:55", fail_test
=True)
705 def test_ap_ft_over_ds_unexpected(dev
, apdev
):
706 """WPA2-PSK-FT AP over DS and unexpected response"""
708 passphrase
= "12345678"
710 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
711 hapd0
= hostapd
.add_ap(apdev
[0], params
)
712 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
713 hapd1
= hostapd
.add_ap(apdev
[1], params
)
715 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
717 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
728 addr
= dev
[0].own_addr()
729 hapd1ap
.set("ext_mgmt_frame_handling", "1")
730 logger
.info("Foreign STA address")
734 msg
['sa'] = ap1
['bssid']
735 msg
['bssid'] = ap1
['bssid']
736 msg
['payload'] = binascii
.unhexlify("06021122334455660102030405060000")
739 logger
.info("No over-the-DS in progress")
740 msg
['payload'] = binascii
.unhexlify("0602" + addr
.replace(':', '') + "0102030405060000")
743 logger
.info("Non-zero status code")
744 msg
['payload'] = binascii
.unhexlify("0602" + addr
.replace(':', '') + "0102030405060100")
747 hapd1ap
.dump_monitor()
749 dev
[0].scan_for_bss(ap2
['bssid'], freq
="2412")
750 if "OK" not in dev
[0].request("FT_DS " + ap2
['bssid']):
751 raise Exception("FT_DS failed")
753 req
= hapd1ap
.mgmt_rx()
755 logger
.info("Foreign Target AP")
756 msg
['payload'] = binascii
.unhexlify("0602" + addr
.replace(':', '') + "0102030405060000")
759 addrs
= addr
.replace(':', '') + ap2
['bssid'].replace(':', '')
761 logger
.info("No IEs")
762 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "0000")
765 logger
.info("Invalid IEs (trigger parsing failure)")
766 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003700")
769 logger
.info("Too short MDIE")
770 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "000036021122")
773 logger
.info("Mobility domain mismatch")
774 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603112201")
777 logger
.info("No FTIE")
778 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201")
781 logger
.info("FTIE SNonce mismatch")
782 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "1000000000000000000000000000000000000000000000000000000000000001" + "030a6e6173322e77312e6669")
785 logger
.info("No R0KH-ID subelem in FTIE")
786 snonce
= binascii
.hexlify(req
['payload'][111:111+32]).decode()
787 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b20137520000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
)
790 logger
.info("No R0KH-ID subelem mismatch in FTIE")
791 snonce
= binascii
.hexlify(req
['payload'][111:111+32]).decode()
792 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
+ "030a11223344556677889900")
795 logger
.info("No R1KH-ID subelem in FTIE")
796 r0khid
= binascii
.hexlify(req
['payload'][145:145+10]).decode()
797 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
+ "030a" + r0khid
)
800 logger
.info("No RSNE")
801 r0khid
= binascii
.hexlify(req
['payload'][145:145+10]).decode()
802 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b20137660000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
+ "030a" + r0khid
+ "0106000102030405")
805 def test_ap_ft_pmf_over_ds(dev
, apdev
):
806 """WPA2-PSK-FT AP over DS with PMF"""
807 run_ap_ft_pmf_bip_over_ds(dev
, apdev
, None)
809 def test_ap_ft_pmf_bip_cmac_128_over_ds(dev
, apdev
):
810 """WPA2-PSK-FT AP over DS with PMF/BIP-CMAC-128"""
811 run_ap_ft_pmf_bip_over_ds(dev
, apdev
, "AES-128-CMAC")
813 def test_ap_ft_pmf_bip_gmac_128_over_ds(dev
, apdev
):
814 """WPA2-PSK-FT AP over DS with PMF/BIP-GMAC-128"""
815 run_ap_ft_pmf_bip_over_ds(dev
, apdev
, "BIP-GMAC-128")
817 def test_ap_ft_pmf_bip_gmac_256_over_ds(dev
, apdev
):
818 """WPA2-PSK-FT AP over DS with PMF/BIP-GMAC-256"""
819 run_ap_ft_pmf_bip_over_ds(dev
, apdev
, "BIP-GMAC-256")
821 def test_ap_ft_pmf_bip_cmac_256_over_ds(dev
, apdev
):
822 """WPA2-PSK-FT AP over DS with PMF/BIP-CMAC-256"""
823 run_ap_ft_pmf_bip_over_ds(dev
, apdev
, "BIP-CMAC-256")
825 def run_ap_ft_pmf_bip_over_ds(dev
, apdev
, cipher
):
826 if cipher
and cipher
not in dev
[0].get_capability("group_mgmt"):
827 raise HwsimSkip("Cipher %s not supported" % cipher
)
830 passphrase
= "12345678"
832 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
833 params
["ieee80211w"] = "2"
835 params
["group_mgmt_cipher"] = cipher
836 hapd0
= hostapd
.add_ap(apdev
[0], params
)
837 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
838 params
["ieee80211w"] = "2"
840 params
["group_mgmt_cipher"] = cipher
841 hapd1
= hostapd
.add_ap(apdev
[1], params
)
843 Wlantest
.setup(hapd0
)
846 wt
.add_passphrase(passphrase
)
848 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
851 def test_ap_ft_over_ds_pull(dev
, apdev
):
852 """WPA2-PSK-FT AP over DS (pull PMK)"""
854 passphrase
= "12345678"
856 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
857 params
["pmk_r1_push"] = "0"
858 hapd0
= hostapd
.add_ap(apdev
[0], params
)
859 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
860 params
["pmk_r1_push"] = "0"
861 hapd1
= hostapd
.add_ap(apdev
[1], params
)
863 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
865 def test_ap_ft_over_ds_pull_old_key(dev
, apdev
):
866 """WPA2-PSK-FT AP over DS (pull PMK; old key)"""
868 passphrase
= "12345678"
870 params
= ft_params1_old_key(ssid
=ssid
, passphrase
=passphrase
)
871 params
["pmk_r1_push"] = "0"
872 hapd0
= hostapd
.add_ap(apdev
[0], params
)
873 params
= ft_params2_old_key(ssid
=ssid
, passphrase
=passphrase
)
874 params
["pmk_r1_push"] = "0"
875 hapd1
= hostapd
.add_ap(apdev
[1], params
)
877 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
879 def test_ap_ft_over_ds_pull_vlan(dev
, apdev
):
880 """WPA2-PSK-FT AP over DS (pull PMK) with VLAN"""
882 passphrase
= "12345678"
884 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
885 params
["pmk_r1_push"] = "0"
886 params
['dynamic_vlan'] = "1"
887 params
['accept_mac_file'] = "hostapd.accept"
888 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
889 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
890 params
["pmk_r1_push"] = "0"
891 params
['dynamic_vlan'] = "1"
892 params
['accept_mac_file'] = "hostapd.accept"
893 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
895 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
898 def start_ft_sae(dev
, apdev
, wpa_ptk_rekey
=None):
899 if "SAE" not in dev
.get_capability("auth_alg"):
900 raise HwsimSkip("SAE not supported")
902 passphrase
= "12345678"
904 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
905 params
['wpa_key_mgmt'] = "FT-SAE"
907 params
['wpa_ptk_rekey'] = str(wpa_ptk_rekey
)
908 hapd0
= hostapd
.add_ap(apdev
[0], params
)
909 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
910 params
['wpa_key_mgmt'] = "FT-SAE"
912 params
['wpa_ptk_rekey'] = str(wpa_ptk_rekey
)
913 hapd1
= hostapd
.add_ap(apdev
[1], params
)
914 key_mgmt
= hapd1
.get_config()['key_mgmt']
915 if key_mgmt
.split(' ')[0] != "FT-SAE":
916 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
918 dev
.request("SET sae_groups ")
921 def test_ap_ft_sae(dev
, apdev
):
922 """WPA2-PSK-FT-SAE AP"""
923 hapd0
, hapd1
= start_ft_sae(dev
[0], apdev
)
924 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", sae
=True)
926 def test_ap_ft_sae_ptk_rekey0(dev
, apdev
):
927 """WPA2-PSK-FT-SAE AP and PTK rekey triggered by station"""
928 hapd0
, hapd1
= start_ft_sae(dev
[0], apdev
)
929 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", sae
=True,
930 ptk_rekey
="1", roams
=0)
931 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
933 def test_ap_ft_sae_ptk_rekey1(dev
, apdev
):
934 """WPA2-PSK-FT-SAE AP and PTK rekey triggered by station"""
935 hapd0
, hapd1
= start_ft_sae(dev
[0], apdev
)
936 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", sae
=True,
937 ptk_rekey
="1", only_one_way
=True)
938 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
940 def test_ap_ft_sae_ptk_rekey_ap(dev
, apdev
):
941 """WPA2-PSK-FT-SAE AP and PTK rekey triggered by AP"""
942 hapd0
, hapd1
= start_ft_sae(dev
[0], apdev
, wpa_ptk_rekey
=2)
943 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", sae
=True,
945 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
947 def test_ap_ft_sae_over_ds(dev
, apdev
):
948 """WPA2-PSK-FT-SAE AP over DS"""
949 hapd0
, hapd1
= start_ft_sae(dev
[0], apdev
)
950 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", sae
=True,
953 def test_ap_ft_sae_over_ds_ptk_rekey0(dev
, apdev
):
954 """WPA2-PSK-FT-SAE AP over DS and PTK rekey triggered by station"""
955 hapd0
, hapd1
= start_ft_sae(dev
[0], apdev
)
956 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", sae
=True,
957 over_ds
=True, ptk_rekey
="1", roams
=0)
958 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
960 def test_ap_ft_sae_over_ds_ptk_rekey1(dev
, apdev
):
961 """WPA2-PSK-FT-SAE AP over DS and PTK rekey triggered by station"""
962 hapd0
, hapd1
= start_ft_sae(dev
[0], apdev
)
963 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", sae
=True,
964 over_ds
=True, ptk_rekey
="1", only_one_way
=True)
965 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
967 def test_ap_ft_sae_over_ds_ptk_rekey_ap(dev
, apdev
):
968 """WPA2-PSK-FT-SAE AP over DS and PTK rekey triggered by AP"""
969 hapd0
, hapd1
= start_ft_sae(dev
[0], apdev
, wpa_ptk_rekey
=2)
970 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", sae
=True,
971 over_ds
=True, only_one_way
=True)
972 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
974 def test_ap_ft_sae_pw_id(dev
, apdev
):
975 """FT-SAE with Password Identifier"""
976 if "SAE" not in dev
[0].get_capability("auth_alg"):
977 raise HwsimSkip("SAE not supported")
980 params
= ft_params1(ssid
=ssid
)
981 params
["ieee80211w"] = "2"
982 params
['wpa_key_mgmt'] = "FT-SAE"
983 params
['sae_password'] = 'secret|id=pwid'
984 hapd0
= hostapd
.add_ap(apdev
[0], params
)
985 params
= ft_params2(ssid
=ssid
)
986 params
["ieee80211w"] = "2"
987 params
['wpa_key_mgmt'] = "FT-SAE"
988 params
['sae_password'] = 'secret|id=pwid'
989 hapd
= hostapd
.add_ap(apdev
[1], params
)
991 dev
[0].request("SET sae_groups ")
992 run_roams(dev
[0], apdev
, hapd0
, hapd
, ssid
, passphrase
=None, sae
=True,
993 sae_password
="secret", sae_password_id
="pwid")
995 def test_ap_ft_sae_with_both_akms(dev
, apdev
):
996 """SAE + FT-SAE configuration"""
997 if "SAE" not in dev
[0].get_capability("auth_alg"):
998 raise HwsimSkip("SAE not supported")
1000 passphrase
= "12345678"
1002 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1003 params
['wpa_key_mgmt'] = "FT-SAE SAE"
1004 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1005 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1006 params
['wpa_key_mgmt'] = "FT-SAE SAE"
1007 hapd
= hostapd
.add_ap(apdev
[1], params
)
1008 key_mgmt
= hapd
.get_config()['key_mgmt']
1009 if key_mgmt
.split(' ')[0] != "FT-SAE":
1010 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
1012 dev
[0].request("SET sae_groups ")
1013 run_roams(dev
[0], apdev
, hapd0
, hapd
, ssid
, passphrase
, sae
=True,
1016 def test_ap_ft_sae_pmksa_caching(dev
, apdev
):
1017 """WPA2-FT-SAE AP and PMKSA caching for initial mobility domain association"""
1018 if "SAE" not in dev
[0].get_capability("auth_alg"):
1019 raise HwsimSkip("SAE not supported")
1021 passphrase
= "12345678"
1023 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1024 params
['wpa_key_mgmt'] = "FT-SAE"
1025 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1026 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1027 params
['wpa_key_mgmt'] = "FT-SAE"
1028 hapd
= hostapd
.add_ap(apdev
[1], params
)
1029 key_mgmt
= hapd
.get_config()['key_mgmt']
1030 if key_mgmt
.split(' ')[0] != "FT-SAE":
1031 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
1033 dev
[0].request("SET sae_groups ")
1034 run_roams(dev
[0], apdev
, hapd0
, hapd
, ssid
, passphrase
, sae
=True,
1037 def generic_ap_ft_eap(dev
, apdev
, vlan
=False, cui
=False, over_ds
=False,
1038 discovery
=False, roams
=1, wpa_ptk_rekey
=0,
1039 only_one_way
=False):
1041 passphrase
= "12345678"
1043 identity
= "gpsk-vlan1"
1046 identity
= "gpsk-cui"
1049 identity
= "gpsk user"
1052 radius
= hostapd
.radius_params()
1053 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
, discovery
=discovery
)
1054 params
['wpa_key_mgmt'] = "FT-EAP"
1055 params
["ieee8021x"] = "1"
1057 params
["dynamic_vlan"] = "1"
1058 params
= dict(list(radius
.items()) + list(params
.items()))
1059 hapd
= hostapd
.add_ap(apdev
[0], params
)
1060 key_mgmt
= hapd
.get_config()['key_mgmt']
1061 if key_mgmt
.split(' ')[0] != "FT-EAP":
1062 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
1063 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
, discovery
=discovery
)
1064 params
['wpa_key_mgmt'] = "FT-EAP"
1065 params
["ieee8021x"] = "1"
1067 params
["dynamic_vlan"] = "1"
1069 params
["wpa_ptk_rekey"] = str(wpa_ptk_rekey
)
1070 params
= dict(list(radius
.items()) + list(params
.items()))
1071 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1073 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
, eap
=True,
1074 over_ds
=over_ds
, roams
=roams
, eap_identity
=identity
,
1075 conndev
=conndev
, only_one_way
=only_one_way
)
1076 if "[WPA2-FT/EAP-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
1077 raise Exception("Scan results missing RSN element info")
1078 check_mib(dev
[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-3"),
1079 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-3")])
1083 # Verify EAPOL reauthentication after FT protocol
1084 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
1088 ap
.request("EAPOL_REAUTH " + dev
[0].own_addr())
1089 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout
=5)
1091 raise Exception("EAP authentication did not start")
1092 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout
=5)
1094 raise Exception("EAP authentication did not succeed")
1097 hwsim_utils
.test_connectivity_iface(dev
[0], ap
, conndev
)
1099 hwsim_utils
.test_connectivity(dev
[0], ap
)
1101 def test_ap_ft_eap(dev
, apdev
):
1102 """WPA2-EAP-FT AP"""
1103 generic_ap_ft_eap(dev
, apdev
)
1105 def test_ap_ft_eap_cui(dev
, apdev
):
1106 """WPA2-EAP-FT AP with CUI"""
1107 generic_ap_ft_eap(dev
, apdev
, vlan
=False, cui
=True)
1109 def test_ap_ft_eap_vlan(dev
, apdev
):
1110 """WPA2-EAP-FT AP with VLAN"""
1111 generic_ap_ft_eap(dev
, apdev
, vlan
=True)
1113 def test_ap_ft_eap_vlan_multi(dev
, apdev
):
1114 """WPA2-EAP-FT AP with VLAN"""
1115 generic_ap_ft_eap(dev
, apdev
, vlan
=True, roams
=50)
1117 def test_ap_ft_eap_over_ds(dev
, apdev
):
1118 """WPA2-EAP-FT AP using over-the-DS"""
1119 generic_ap_ft_eap(dev
, apdev
, over_ds
=True)
1121 def test_ap_ft_eap_dis(dev
, apdev
):
1122 """WPA2-EAP-FT AP with AP discovery"""
1123 generic_ap_ft_eap(dev
, apdev
, discovery
=True)
1125 def test_ap_ft_eap_dis_over_ds(dev
, apdev
):
1126 """WPA2-EAP-FT AP with AP discovery and over-the-DS"""
1127 generic_ap_ft_eap(dev
, apdev
, over_ds
=True, discovery
=True)
1129 def test_ap_ft_eap_vlan(dev
, apdev
):
1130 """WPA2-EAP-FT AP with VLAN"""
1131 generic_ap_ft_eap(dev
, apdev
, vlan
=True)
1133 def test_ap_ft_eap_vlan_multi(dev
, apdev
):
1134 """WPA2-EAP-FT AP with VLAN"""
1135 generic_ap_ft_eap(dev
, apdev
, vlan
=True, roams
=50)
1137 def test_ap_ft_eap_vlan_over_ds(dev
, apdev
):
1138 """WPA2-EAP-FT AP with VLAN + over_ds"""
1139 generic_ap_ft_eap(dev
, apdev
, vlan
=True, over_ds
=True)
1141 def test_ap_ft_eap_vlan_over_ds_multi(dev
, apdev
):
1142 """WPA2-EAP-FT AP with VLAN + over_ds"""
1143 generic_ap_ft_eap(dev
, apdev
, vlan
=True, over_ds
=True, roams
=50)
1145 def generic_ap_ft_eap_pull(dev
, apdev
, vlan
=False):
1146 """WPA2-EAP-FT AP (pull PMK)"""
1148 passphrase
= "12345678"
1150 identity
= "gpsk-vlan1"
1153 identity
= "gpsk user"
1156 radius
= hostapd
.radius_params()
1157 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1158 params
['wpa_key_mgmt'] = "FT-EAP"
1159 params
["ieee8021x"] = "1"
1160 params
["pmk_r1_push"] = "0"
1162 params
["dynamic_vlan"] = "1"
1163 params
= dict(list(radius
.items()) + list(params
.items()))
1164 hapd
= hostapd
.add_ap(apdev
[0], params
)
1165 key_mgmt
= hapd
.get_config()['key_mgmt']
1166 if key_mgmt
.split(' ')[0] != "FT-EAP":
1167 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
1168 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1169 params
['wpa_key_mgmt'] = "FT-EAP"
1170 params
["ieee8021x"] = "1"
1171 params
["pmk_r1_push"] = "0"
1173 params
["dynamic_vlan"] = "1"
1174 params
= dict(list(radius
.items()) + list(params
.items()))
1175 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1177 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
, eap
=True,
1178 eap_identity
=identity
, conndev
=conndev
)
1180 def test_ap_ft_eap_pull(dev
, apdev
):
1181 """WPA2-EAP-FT AP (pull PMK)"""
1182 generic_ap_ft_eap_pull(dev
, apdev
)
1184 def test_ap_ft_eap_pull_vlan(dev
, apdev
):
1185 generic_ap_ft_eap_pull(dev
, apdev
, vlan
=True)
1187 def test_ap_ft_eap_pull_wildcard(dev
, apdev
):
1188 """WPA2-EAP-FT AP (pull PMK) - wildcard R0KH/R1KH"""
1190 passphrase
= "12345678"
1192 radius
= hostapd
.radius_params()
1193 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
, discovery
=True)
1194 params
['wpa_key_mgmt'] = "WPA-EAP FT-EAP"
1195 params
["ieee8021x"] = "1"
1196 params
["pmk_r1_push"] = "0"
1197 params
["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
1198 params
["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
1199 params
["ft_psk_generate_local"] = "1"
1200 params
["eap_server"] = "0"
1201 params
= dict(list(radius
.items()) + list(params
.items()))
1202 hapd
= hostapd
.add_ap(apdev
[0], params
)
1203 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
, discovery
=True)
1204 params
['wpa_key_mgmt'] = "WPA-EAP FT-EAP"
1205 params
["ieee8021x"] = "1"
1206 params
["pmk_r1_push"] = "0"
1207 params
["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
1208 params
["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
1209 params
["ft_psk_generate_local"] = "1"
1210 params
["eap_server"] = "0"
1211 params
= dict(list(radius
.items()) + list(params
.items()))
1212 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1214 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
, eap
=True)
1217 def test_ap_ft_mismatching_rrb_key_push(dev
, apdev
):
1218 """WPA2-PSK-FT AP over DS with mismatching RRB key (push)"""
1220 passphrase
= "12345678"
1222 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1223 params
["ieee80211w"] = "2"
1224 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1225 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
1226 params
["ieee80211w"] = "2"
1227 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1229 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1233 def test_ap_ft_mismatching_rrb_key_pull(dev
, apdev
):
1234 """WPA2-PSK-FT AP over DS with mismatching RRB key (pull)"""
1236 passphrase
= "12345678"
1238 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1239 params
["pmk_r1_push"] = "0"
1240 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1241 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
1242 params
["pmk_r1_push"] = "0"
1243 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1245 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1249 def test_ap_ft_mismatching_r0kh_id_pull(dev
, apdev
):
1250 """WPA2-PSK-FT AP over DS with mismatching R0KH-ID (pull)"""
1252 passphrase
= "12345678"
1254 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1255 params
["pmk_r1_push"] = "0"
1256 params
["nas_identifier"] = "nas0.w1.fi"
1257 hostapd
.add_ap(apdev
[0], params
)
1258 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1261 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1262 params
["pmk_r1_push"] = "0"
1263 hostapd
.add_ap(apdev
[1], params
)
1265 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
1266 dev
[0].roam_over_ds(apdev
[1]['bssid'], fail_test
=True)
1269 def test_ap_ft_mismatching_rrb_r0kh_push(dev
, apdev
):
1270 """WPA2-PSK-FT AP over DS with mismatching R0KH key (push)"""
1272 passphrase
= "12345678"
1274 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1275 params
["ieee80211w"] = "2"
1276 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1277 params
= ft_params2_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
1278 params
["ieee80211w"] = "2"
1279 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1281 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1285 def test_ap_ft_mismatching_rrb_r0kh_pull(dev
, apdev
):
1286 """WPA2-PSK-FT AP over DS with mismatching R0KH key (pull)"""
1288 passphrase
= "12345678"
1290 params
= ft_params1_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
1291 params
["pmk_r1_push"] = "0"
1292 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1293 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1294 params
["pmk_r1_push"] = "0"
1295 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1297 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1300 def test_ap_ft_mismatching_rrb_key_push_eap(dev
, apdev
):
1301 """WPA2-EAP-FT AP over DS with mismatching RRB key (push)"""
1303 passphrase
= "12345678"
1305 radius
= hostapd
.radius_params()
1306 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1307 params
["ieee80211w"] = "2"
1308 params
['wpa_key_mgmt'] = "FT-EAP"
1309 params
["ieee8021x"] = "1"
1310 params
= dict(list(radius
.items()) + list(params
.items()))
1311 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1312 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
1313 params
["ieee80211w"] = "2"
1314 params
['wpa_key_mgmt'] = "FT-EAP"
1315 params
["ieee8021x"] = "1"
1316 params
= dict(list(radius
.items()) + list(params
.items()))
1317 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1319 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1320 fail_test
=True, eap
=True)
1322 def test_ap_ft_mismatching_rrb_key_pull_eap(dev
, apdev
):
1323 """WPA2-EAP-FT AP over DS with mismatching RRB key (pull)"""
1325 passphrase
= "12345678"
1327 radius
= hostapd
.radius_params()
1328 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1329 params
["pmk_r1_push"] = "0"
1330 params
['wpa_key_mgmt'] = "FT-EAP"
1331 params
["ieee8021x"] = "1"
1332 params
= dict(list(radius
.items()) + list(params
.items()))
1333 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1334 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
1335 params
["pmk_r1_push"] = "0"
1336 params
['wpa_key_mgmt'] = "FT-EAP"
1337 params
["ieee8021x"] = "1"
1338 params
= dict(list(radius
.items()) + list(params
.items()))
1339 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1341 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1342 fail_test
=True, eap
=True)
1344 def test_ap_ft_mismatching_r0kh_id_pull_eap(dev
, apdev
):
1345 """WPA2-EAP-FT AP over DS with mismatching R0KH-ID (pull)"""
1347 passphrase
= "12345678"
1349 radius
= hostapd
.radius_params()
1350 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1351 params
["pmk_r1_push"] = "0"
1352 params
["nas_identifier"] = "nas0.w1.fi"
1353 params
['wpa_key_mgmt'] = "FT-EAP"
1354 params
["ieee8021x"] = "1"
1355 params
= dict(list(radius
.items()) + list(params
.items()))
1356 hostapd
.add_ap(apdev
[0], params
)
1357 dev
[0].connect(ssid
, key_mgmt
="FT-EAP", proto
="WPA2", ieee80211w
="1",
1358 eap
="GPSK", identity
="gpsk user",
1359 password
="abcdefghijklmnop0123456789abcdef",
1362 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1363 params
["pmk_r1_push"] = "0"
1364 params
['wpa_key_mgmt'] = "FT-EAP"
1365 params
["ieee8021x"] = "1"
1366 params
= dict(list(radius
.items()) + list(params
.items()))
1367 hostapd
.add_ap(apdev
[1], params
)
1369 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
1370 dev
[0].roam_over_ds(apdev
[1]['bssid'], fail_test
=True)
1372 def test_ap_ft_mismatching_rrb_r0kh_push_eap(dev
, apdev
):
1373 """WPA2-EAP-FT AP over DS with mismatching R0KH key (push)"""
1375 passphrase
= "12345678"
1377 radius
= hostapd
.radius_params()
1378 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1379 params
["ieee80211w"] = "2"
1380 params
['wpa_key_mgmt'] = "FT-EAP"
1381 params
["ieee8021x"] = "1"
1382 params
= dict(list(radius
.items()) + list(params
.items()))
1383 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1384 params
= ft_params2_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
1385 params
["ieee80211w"] = "2"
1386 params
['wpa_key_mgmt'] = "FT-EAP"
1387 params
["ieee8021x"] = "1"
1388 params
= dict(list(radius
.items()) + list(params
.items()))
1389 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1391 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1392 fail_test
=True, eap
=True)
1394 def test_ap_ft_mismatching_rrb_r0kh_pull_eap(dev
, apdev
):
1395 """WPA2-EAP-FT AP over DS with mismatching R0KH key (pull)"""
1397 passphrase
= "12345678"
1399 radius
= hostapd
.radius_params()
1400 params
= ft_params1_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
1401 params
["pmk_r1_push"] = "0"
1402 params
['wpa_key_mgmt'] = "FT-EAP"
1403 params
["ieee8021x"] = "1"
1404 params
= dict(list(radius
.items()) + list(params
.items()))
1405 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1406 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1407 params
["pmk_r1_push"] = "0"
1408 params
['wpa_key_mgmt'] = "FT-EAP"
1409 params
["ieee8021x"] = "1"
1410 params
= dict(list(radius
.items()) + list(params
.items()))
1411 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1413 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1414 fail_test
=True, eap
=True)
1416 def test_ap_ft_gtk_rekey(dev
, apdev
):
1417 """WPA2-PSK-FT AP and GTK rekey"""
1419 passphrase
= "12345678"
1421 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1422 params
['wpa_group_rekey'] = '1'
1423 hapd
= hostapd
.add_ap(apdev
[0], params
)
1425 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1426 ieee80211w
="1", scan_freq
="2412")
1428 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
1430 raise Exception("GTK rekey timed out after initial association")
1431 hwsim_utils
.test_connectivity(dev
[0], hapd
)
1433 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1434 params
['wpa_group_rekey'] = '1'
1435 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1437 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
1438 dev
[0].roam(apdev
[1]['bssid'])
1439 if dev
[0].get_status_field('bssid') != apdev
[1]['bssid']:
1440 raise Exception("Did not connect to correct AP")
1441 hwsim_utils
.test_connectivity(dev
[0], hapd1
)
1443 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
1445 raise Exception("GTK rekey timed out after FT protocol")
1446 hwsim_utils
.test_connectivity(dev
[0], hapd1
)
1448 def test_ft_psk_key_lifetime_in_memory(dev
, apdev
, params
):
1449 """WPA2-PSK-FT and key lifetime in memory"""
1451 passphrase
= "04c2726b4b8d5f1b4db9c07aa4d9e9d8f765cb5d25ec817e6cc4fcdd5255db0"
1452 psk
= '93c90846ff67af9037ed83fb72b63dbeddaa81d47f926c20909b5886f1d9358d'
1453 pmk
= binascii
.unhexlify(psk
)
1454 p
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1455 hapd0
= hostapd
.add_ap(apdev
[0], p
)
1456 p
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1457 hapd1
= hostapd
.add_ap(apdev
[1], p
)
1459 pid
= find_wpas_process(dev
[0])
1461 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1463 # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
1464 # event has been delivered, so verify that wpa_supplicant has returned to
1465 # eloop before reading process memory.
1469 buf
= read_process_memory(pid
, pmk
)
1471 dev
[0].request("DISCONNECT")
1472 dev
[0].wait_disconnected()
1479 with
open(os
.path
.join(params
['logdir'], 'log0'), 'r') as f
:
1480 for l
in f
.readlines():
1481 if "FT: PMK-R0 - hexdump" in l
:
1482 val
= l
.strip().split(':')[3].replace(' ', '')
1483 pmkr0
= binascii
.unhexlify(val
)
1484 if "FT: PMK-R1 - hexdump" in l
:
1485 val
= l
.strip().split(':')[3].replace(' ', '')
1486 pmkr1
= binascii
.unhexlify(val
)
1487 if "FT: KCK - hexdump" in l
:
1488 val
= l
.strip().split(':')[3].replace(' ', '')
1489 kck
= binascii
.unhexlify(val
)
1490 if "FT: KEK - hexdump" in l
:
1491 val
= l
.strip().split(':')[3].replace(' ', '')
1492 kek
= binascii
.unhexlify(val
)
1493 if "FT: TK - hexdump" in l
:
1494 val
= l
.strip().split(':')[3].replace(' ', '')
1495 tk
= binascii
.unhexlify(val
)
1496 if "WPA: Group Key - hexdump" in l
:
1497 val
= l
.strip().split(':')[3].replace(' ', '')
1498 gtk
= binascii
.unhexlify(val
)
1499 if not pmkr0
or not pmkr1
or not kck
or not kek
or not tk
or not gtk
:
1500 raise Exception("Could not find keys from debug log")
1502 raise Exception("Unexpected GTK length")
1504 logger
.info("Checking keys in memory while associated")
1505 get_key_locations(buf
, pmk
, "PMK")
1506 get_key_locations(buf
, pmkr0
, "PMK-R0")
1507 get_key_locations(buf
, pmkr1
, "PMK-R1")
1509 raise HwsimSkip("PMK not found while associated")
1510 if pmkr0
not in buf
:
1511 raise HwsimSkip("PMK-R0 not found while associated")
1512 if pmkr1
not in buf
:
1513 raise HwsimSkip("PMK-R1 not found while associated")
1515 raise Exception("KCK not found while associated")
1517 raise Exception("KEK not found while associated")
1519 # raise Exception("TK found from memory")
1521 logger
.info("Checking keys in memory after disassociation")
1522 buf
= read_process_memory(pid
, pmk
)
1523 get_key_locations(buf
, pmk
, "PMK")
1524 get_key_locations(buf
, pmkr0
, "PMK-R0")
1525 get_key_locations(buf
, pmkr1
, "PMK-R1")
1527 # Note: PMK/PSK is still present in network configuration
1529 fname
= os
.path
.join(params
['logdir'],
1530 'ft_psk_key_lifetime_in_memory.memctx-')
1531 verify_not_present(buf
, pmkr0
, fname
, "PMK-R0")
1532 verify_not_present(buf
, pmkr1
, fname
, "PMK-R1")
1533 verify_not_present(buf
, kck
, fname
, "KCK")
1534 verify_not_present(buf
, kek
, fname
, "KEK")
1535 verify_not_present(buf
, tk
, fname
, "TK")
1537 get_key_locations(buf
, gtk
, "GTK")
1538 verify_not_present(buf
, gtk
, fname
, "GTK")
1540 dev
[0].request("REMOVE_NETWORK all")
1542 logger
.info("Checking keys in memory after network profile removal")
1543 buf
= read_process_memory(pid
, pmk
)
1544 get_key_locations(buf
, pmk
, "PMK")
1545 get_key_locations(buf
, pmkr0
, "PMK-R0")
1546 get_key_locations(buf
, pmkr1
, "PMK-R1")
1548 verify_not_present(buf
, pmk
, fname
, "PMK")
1549 verify_not_present(buf
, pmkr0
, fname
, "PMK-R0")
1550 verify_not_present(buf
, pmkr1
, fname
, "PMK-R1")
1551 verify_not_present(buf
, kck
, fname
, "KCK")
1552 verify_not_present(buf
, kek
, fname
, "KEK")
1553 verify_not_present(buf
, tk
, fname
, "TK")
1554 verify_not_present(buf
, gtk
, fname
, "GTK")
1557 def test_ap_ft_invalid_resp(dev
, apdev
):
1558 """WPA2-PSK-FT AP and invalid response IEs"""
1560 passphrase
= "12345678"
1562 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1563 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1564 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1567 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1568 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1571 # Various IEs for test coverage. The last one is FTIE with invalid
1572 # R1KH-ID subelement.
1573 "020002000000" + "3800" + "38051122334455" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010100",
1574 # FTIE with invalid R0KH-ID subelement (len=0).
1575 "020002000000" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010300",
1576 # FTIE with invalid R0KH-ID subelement (len=49).
1577 "020002000000" + "378500010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001033101020304050607080910111213141516171819202122232425262728293031323334353637383940414243444546474849",
1579 "020002000000" + "3000",
1580 # Required IEs missing from protected IE count.
1581 "020002000000" + "3603a1b201" + "375200010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
1582 # RIC missing from protected IE count.
1583 "020002000000" + "3603a1b201" + "375200020203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
1584 # Protected IE missing.
1585 "020002000000" + "3603a1b201" + "375200ff0203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900" + "0000"]
1587 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
1588 hapd1
.set("ext_mgmt_frame_handling", "1")
1589 hapd1
.dump_monitor()
1590 if "OK" not in dev
[0].request("ROAM " + apdev
[1]['bssid']):
1591 raise Exception("ROAM failed")
1594 msg
= hapd1
.mgmt_rx()
1595 if msg
['subtype'] == 11:
1599 raise Exception("Authentication frame not seen")
1602 resp
['fc'] = auth
['fc']
1603 resp
['da'] = auth
['sa']
1604 resp
['sa'] = auth
['da']
1605 resp
['bssid'] = auth
['bssid']
1606 resp
['payload'] = binascii
.unhexlify(t
)
1608 hapd1
.set("ext_mgmt_frame_handling", "0")
1609 dev
[0].wait_disconnected()
1611 dev
[0].request("RECONNECT")
1612 dev
[0].wait_connected()
1614 def test_ap_ft_gcmp_256(dev
, apdev
):
1615 """WPA2-PSK-FT AP with GCMP-256 cipher"""
1616 if "GCMP-256" not in dev
[0].get_capability("pairwise"):
1617 raise HwsimSkip("Cipher GCMP-256 not supported")
1619 passphrase
= "12345678"
1621 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1622 params
['rsn_pairwise'] = "GCMP-256"
1623 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1624 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1625 params
['rsn_pairwise'] = "GCMP-256"
1626 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1628 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
,
1629 pairwise_cipher
="GCMP-256", group_cipher
="GCMP-256")
1631 def setup_ap_ft_oom(dev
, apdev
):
1632 skip_with_fips(dev
[0])
1634 passphrase
= "12345678"
1636 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1637 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1638 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1639 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1641 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1643 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
1644 dst
= apdev
[1]['bssid']
1646 dst
= apdev
[0]['bssid']
1648 dev
[0].scan_for_bss(dst
, freq
="2412")
1652 def test_ap_ft_oom(dev
, apdev
):
1653 """WPA2-PSK-FT and OOM"""
1654 dst
= setup_ap_ft_oom(dev
, apdev
)
1655 with
alloc_fail(dev
[0], 1, "wpa_ft_gen_req_ies"):
1658 def test_ap_ft_oom2(dev
, apdev
):
1659 """WPA2-PSK-FT and OOM (2)"""
1660 dst
= setup_ap_ft_oom(dev
, apdev
)
1661 with
fail_test(dev
[0], 1, "wpa_ft_mic"):
1662 dev
[0].roam(dst
, fail_test
=True, assoc_reject_ok
=True)
1664 def test_ap_ft_oom3(dev
, apdev
):
1665 """WPA2-PSK-FT and OOM (3)"""
1666 dst
= setup_ap_ft_oom(dev
, apdev
)
1667 with
fail_test(dev
[0], 1, "os_get_random;wpa_ft_prepare_auth_request"):
1670 def test_ap_ft_oom4(dev
, apdev
):
1671 """WPA2-PSK-FT and OOM (4)"""
1673 passphrase
= "12345678"
1674 dst
= setup_ap_ft_oom(dev
, apdev
)
1675 dev
[0].request("REMOVE_NETWORK all")
1676 with
alloc_fail(dev
[0], 1, "=sme_update_ft_ies"):
1677 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1680 def test_ap_ft_ap_oom(dev
, apdev
):
1681 """WPA2-PSK-FT and AP OOM"""
1683 passphrase
= "12345678"
1685 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1686 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1687 bssid0
= hapd0
.own_addr()
1689 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1690 with
alloc_fail(hapd0
, 1, "wpa_ft_store_pmk_r0"):
1691 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1694 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1695 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1696 bssid1
= hapd1
.own_addr()
1697 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1698 # This roam will fail due to missing PMK-R0 (OOM prevented storing it)
1701 def test_ap_ft_ap_oom2(dev
, apdev
):
1702 """WPA2-PSK-FT and AP OOM 2"""
1704 passphrase
= "12345678"
1706 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1707 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1708 bssid0
= hapd0
.own_addr()
1710 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1711 with
alloc_fail(hapd0
, 1, "wpa_ft_store_pmk_r1"):
1712 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1715 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1716 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1717 bssid1
= hapd1
.own_addr()
1718 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1720 if dev
[0].get_status_field('bssid') != bssid1
:
1721 raise Exception("Did not roam to AP1")
1722 # This roam will fail due to missing PMK-R1 (OOM prevented storing it)
1725 def test_ap_ft_ap_oom3(dev
, apdev
):
1726 """WPA2-PSK-FT and AP OOM 3"""
1728 passphrase
= "12345678"
1730 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1731 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1732 bssid0
= hapd0
.own_addr()
1734 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1735 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1738 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1739 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1740 bssid1
= hapd1
.own_addr()
1741 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1742 with
alloc_fail(hapd1
, 1, "wpa_ft_pull_pmk_r1"):
1743 # This will fail due to not being able to send out PMK-R1 pull request
1746 with
fail_test(hapd1
, 2, "os_get_random;wpa_ft_pull_pmk_r1"):
1747 # This will fail due to not being able to send out PMK-R1 pull request
1750 with
fail_test(hapd1
, 2, "aes_siv_encrypt;wpa_ft_pull_pmk_r1"):
1751 # This will fail due to not being able to send out PMK-R1 pull request
1754 def test_ap_ft_ap_oom3b(dev
, apdev
):
1755 """WPA2-PSK-FT and AP OOM 3b"""
1757 passphrase
= "12345678"
1759 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1760 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1761 bssid0
= hapd0
.own_addr()
1763 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1764 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1767 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1768 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1769 bssid1
= hapd1
.own_addr()
1770 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1771 with
fail_test(hapd1
, 1, "os_get_random;wpa_ft_pull_pmk_r1"):
1772 # This will fail due to not being able to send out PMK-R1 pull request
1775 def test_ap_ft_ap_oom4(dev
, apdev
):
1776 """WPA2-PSK-FT and AP OOM 4"""
1778 passphrase
= "12345678"
1780 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1781 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1782 bssid0
= hapd0
.own_addr()
1784 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1785 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1788 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1789 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1790 bssid1
= hapd1
.own_addr()
1791 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1792 with
alloc_fail(hapd1
, 1, "wpa_ft_gtk_subelem"):
1794 if dev
[0].get_status_field('bssid') != bssid1
:
1795 raise Exception("Did not roam to AP1")
1797 with
fail_test(hapd0
, 1, "wpa_auth_get_seqnum;wpa_ft_gtk_subelem"):
1799 if dev
[0].get_status_field('bssid') != bssid0
:
1800 raise Exception("Did not roam to AP0")
1802 with
fail_test(hapd0
, 1, "aes_wrap;wpa_ft_gtk_subelem"):
1804 if dev
[0].get_status_field('bssid') != bssid1
:
1805 raise Exception("Did not roam to AP1")
1807 def test_ap_ft_ap_oom5(dev
, apdev
):
1808 """WPA2-PSK-FT and AP OOM 5"""
1810 passphrase
= "12345678"
1812 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1813 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1814 bssid0
= hapd0
.own_addr()
1816 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1817 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1820 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1821 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1822 bssid1
= hapd1
.own_addr()
1823 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1824 with
alloc_fail(hapd1
, 1, "=wpa_ft_process_auth_req"):
1825 # This will fail to roam
1828 with
fail_test(hapd1
, 1, "os_get_random;wpa_ft_process_auth_req"):
1829 # This will fail to roam
1832 with
fail_test(hapd1
, 1, "sha256_prf_bits;wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
1833 # This will fail to roam
1836 with
fail_test(hapd1
, 3, "wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
1837 # This will fail to roam
1840 with
fail_test(hapd1
, 1, "wpa_derive_pmk_r1_name;wpa_ft_process_auth_req"):
1841 # This will fail to roam
1844 def test_ap_ft_ap_oom6(dev
, apdev
):
1845 """WPA2-PSK-FT and AP OOM 6"""
1847 passphrase
= "12345678"
1849 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1850 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1851 bssid0
= hapd0
.own_addr()
1853 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1854 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r0;wpa_auth_derive_ptk_ft"):
1855 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1857 dev
[0].request("REMOVE_NETWORK all")
1858 dev
[0].wait_disconnected()
1859 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r1;wpa_auth_derive_ptk_ft"):
1860 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1862 dev
[0].request("REMOVE_NETWORK all")
1863 dev
[0].wait_disconnected()
1864 with
fail_test(hapd0
, 1, "wpa_pmk_r1_to_ptk;wpa_auth_derive_ptk_ft"):
1865 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1868 def test_ap_ft_ap_oom7a(dev
, apdev
):
1869 """WPA2-PSK-FT and AP OOM 7a"""
1871 passphrase
= "12345678"
1873 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1874 params
["ieee80211w"] = "2"
1875 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1876 bssid0
= hapd0
.own_addr()
1878 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1879 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1880 ieee80211w
="2", scan_freq
="2412")
1882 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1883 params
["ieee80211w"] = "2"
1884 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1885 bssid1
= hapd1
.own_addr()
1886 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1887 with
alloc_fail(hapd1
, 1, "wpa_ft_igtk_subelem"):
1888 # This will fail to roam
1891 def test_ap_ft_ap_oom7b(dev
, apdev
):
1892 """WPA2-PSK-FT and AP OOM 7b"""
1894 passphrase
= "12345678"
1896 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1897 params
["ieee80211w"] = "2"
1898 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1899 bssid0
= hapd0
.own_addr()
1901 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1902 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1903 ieee80211w
="2", scan_freq
="2412")
1905 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1906 params
["ieee80211w"] = "2"
1907 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1908 bssid1
= hapd1
.own_addr()
1909 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1910 with
fail_test(hapd1
, 1, "aes_wrap;wpa_ft_igtk_subelem"):
1911 # This will fail to roam
1914 def test_ap_ft_ap_oom7c(dev
, apdev
):
1915 """WPA2-PSK-FT and AP OOM 7c"""
1917 passphrase
= "12345678"
1919 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1920 params
["ieee80211w"] = "2"
1921 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1922 bssid0
= hapd0
.own_addr()
1924 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1925 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1926 ieee80211w
="2", scan_freq
="2412")
1928 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1929 params
["ieee80211w"] = "2"
1930 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1931 bssid1
= hapd1
.own_addr()
1932 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1933 with
alloc_fail(hapd1
, 1, "=wpa_sm_write_assoc_resp_ies"):
1934 # This will fail to roam
1937 def test_ap_ft_ap_oom7d(dev
, apdev
):
1938 """WPA2-PSK-FT and AP OOM 7d"""
1940 passphrase
= "12345678"
1942 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1943 params
["ieee80211w"] = "2"
1944 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1945 bssid0
= hapd0
.own_addr()
1947 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1948 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1949 ieee80211w
="2", scan_freq
="2412")
1951 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1952 params
["ieee80211w"] = "2"
1953 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1954 bssid1
= hapd1
.own_addr()
1955 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1956 with
fail_test(hapd1
, 1, "wpa_ft_mic;wpa_sm_write_assoc_resp_ies"):
1957 # This will fail to roam
1960 def test_ap_ft_ap_oom8(dev
, apdev
):
1961 """WPA2-PSK-FT and AP OOM 8"""
1963 passphrase
= "12345678"
1965 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1966 params
['ft_psk_generate_local'] = "1"
1967 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1968 bssid0
= hapd0
.own_addr()
1970 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1971 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1974 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1975 params
['ft_psk_generate_local'] = "1"
1976 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1977 bssid1
= hapd1
.own_addr()
1978 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1979 with
fail_test(hapd1
, 1, "wpa_derive_pmk_r0;wpa_ft_psk_pmk_r1"):
1980 # This will fail to roam
1982 with
fail_test(hapd1
, 1, "wpa_derive_pmk_r1;wpa_ft_psk_pmk_r1"):
1983 # This will fail to roam
1986 def test_ap_ft_ap_oom9(dev
, apdev
):
1987 """WPA2-PSK-FT and AP OOM 9"""
1989 passphrase
= "12345678"
1991 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1992 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1993 bssid0
= hapd0
.own_addr()
1995 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1996 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1999 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2000 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2001 bssid1
= hapd1
.own_addr()
2002 dev
[0].scan_for_bss(bssid1
, freq
="2412")
2004 with
alloc_fail(hapd0
, 1, "wpa_ft_action_rx"):
2005 # This will fail to roam
2006 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
2007 raise Exception("FT_DS failed")
2008 wait_fail_trigger(hapd0
, "GET_ALLOC_FAIL")
2010 with
alloc_fail(hapd1
, 1, "wpa_ft_rrb_rx_request"):
2011 # This will fail to roam
2012 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
2013 raise Exception("FT_DS failed")
2014 wait_fail_trigger(hapd1
, "GET_ALLOC_FAIL")
2016 with
alloc_fail(hapd1
, 1, "wpa_ft_send_rrb_auth_resp"):
2017 # This will fail to roam
2018 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
2019 raise Exception("FT_DS failed")
2020 wait_fail_trigger(hapd1
, "GET_ALLOC_FAIL")
2022 def test_ap_ft_ap_oom10(dev
, apdev
):
2023 """WPA2-PSK-FT and AP OOM 10"""
2025 passphrase
= "12345678"
2027 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2028 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2029 bssid0
= hapd0
.own_addr()
2031 dev
[0].scan_for_bss(bssid0
, freq
="2412")
2032 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2035 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2036 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2037 bssid1
= hapd1
.own_addr()
2038 dev
[0].scan_for_bss(bssid1
, freq
="2412")
2040 with
fail_test(hapd0
, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_pull"):
2041 # This will fail to roam
2042 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
2043 raise Exception("FT_DS failed")
2044 wait_fail_trigger(hapd0
, "GET_FAIL")
2046 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r1;wpa_ft_rrb_rx_pull"):
2047 # This will fail to roam
2048 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
2049 raise Exception("FT_DS failed")
2050 wait_fail_trigger(hapd0
, "GET_FAIL")
2052 with
fail_test(hapd0
, 1, "aes_siv_encrypt;wpa_ft_rrb_rx_pull"):
2053 # This will fail to roam
2054 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
2055 raise Exception("FT_DS failed")
2056 wait_fail_trigger(hapd0
, "GET_FAIL")
2058 with
fail_test(hapd1
, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_resp"):
2059 # This will fail to roam
2060 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
2061 raise Exception("FT_DS failed")
2062 wait_fail_trigger(hapd1
, "GET_FAIL")
2064 def test_ap_ft_ap_oom11(dev
, apdev
):
2065 """WPA2-PSK-FT and AP OOM 11"""
2067 passphrase
= "12345678"
2069 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2070 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2071 bssid0
= hapd0
.own_addr()
2073 dev
[0].scan_for_bss(bssid0
, freq
="2412")
2074 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r1;wpa_ft_generate_pmk_r1"):
2075 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2077 wait_fail_trigger(hapd0
, "GET_FAIL")
2079 dev
[1].scan_for_bss(bssid0
, freq
="2412")
2080 with
fail_test(hapd0
, 1, "aes_siv_encrypt;wpa_ft_generate_pmk_r1"):
2081 dev
[1].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2083 wait_fail_trigger(hapd0
, "GET_FAIL")
2085 def test_ap_ft_over_ds_proto_ap(dev
, apdev
):
2086 """WPA2-PSK-FT AP over DS protocol testing for AP processing"""
2088 passphrase
= "12345678"
2090 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2091 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2092 bssid0
= hapd0
.own_addr()
2093 _bssid0
= bssid0
.replace(':', '')
2094 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2096 addr
= dev
[0].own_addr()
2097 _addr
= addr
.replace(':', '')
2099 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2100 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2101 bssid1
= hapd1
.own_addr()
2102 _bssid1
= bssid1
.replace(':', '')
2104 hapd0
.set("ext_mgmt_frame_handling", "1")
2105 hdr
= "d0003a01" + _bssid0
+ _addr
+ _bssid0
+ "1000"
2106 valid
= "0601" + _addr
+ _bssid1
2109 "0601" + _addr
+ _bssid0
,
2110 "0601" + _addr
+ "ffffffffffff",
2111 "0601" + _bssid0
+ _bssid0
,
2116 valid
+ "3603ffffff",
2117 valid
+ "3603a1b2ff",
2118 valid
+ "3603a1b2ff" + "3700",
2119 valid
+ "3603a1b2ff" + "37520000" + 16*"00" + 32*"00" + 32*"00",
2120 valid
+ "3603a1b2ff" + "37520001" + 16*"00" + 32*"00" + 32*"00",
2121 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa",
2122 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "3000",
2123 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000facff00000100a225368fe0983b5828a37a0acb37f253",
2124 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac030100000fac0400000100a225368fe0983b5828a37a0acb37f253",
2125 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000fac0400000100a225368fe0983b5828a37a0acb37f253",
2128 hapd0
.dump_monitor()
2129 if "OK" not in hapd0
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr
+ t
):
2130 raise Exception("MGMT_RX_PROCESS failed")
2132 hapd0
.set("ext_mgmt_frame_handling", "0")
2134 def test_ap_ft_over_ds_proto(dev
, apdev
):
2135 """WPA2-PSK-FT AP over DS protocol testing"""
2137 passphrase
= "12345678"
2139 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2140 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2141 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2144 # FT Action Response while no FT-over-DS in progress
2147 msg
['da'] = dev
[0].own_addr()
2148 msg
['sa'] = apdev
[0]['bssid']
2149 msg
['bssid'] = apdev
[0]['bssid']
2150 msg
['payload'] = binascii
.unhexlify("06020200000000000200000004000000")
2153 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2154 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2155 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
2156 hapd0
.set("ext_mgmt_frame_handling", "1")
2157 hapd0
.dump_monitor()
2158 dev
[0].request("FT_DS " + apdev
[1]['bssid'])
2159 for i
in range(0, 10):
2160 req
= hapd0
.mgmt_rx()
2162 raise Exception("MGMT RX wait timed out")
2163 if req
['subtype'] == 13:
2167 raise Exception("FT Action frame not received")
2169 # FT Action Response for unexpected Target AP
2170 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "f20000000400" + "0000")
2173 # FT Action Response without MDIE
2174 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "020000000400" + "0000")
2177 # FT Action Response without FTIE
2178 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201")
2181 # FT Action Response with FTIE SNonce mismatch
2182 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201" + "3766000000000000000000000000000000000000c4e67ac1999bebd00ff4ae4d5dcaf87896bb060b469f7c78d49623fb395c3455ffffff6b693fe6f8d8c5dfac0a22344750775bd09437f98b238c9f87b97f790c0106000102030406030a6e6173312e77312e6669")
2186 def test_ap_ft_rrb(dev
, apdev
):
2187 """WPA2-PSK-FT RRB protocol testing"""
2189 passphrase
= "12345678"
2191 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2192 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2194 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2197 _dst_ll
= binascii
.unhexlify(apdev
[0]['bssid'].replace(':', ''))
2198 _src_ll
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
2200 ehdr
= _dst_ll
+ _src_ll
+ proto
2202 # Too short RRB frame
2203 pkt
= ehdr
+ b
'\x01'
2204 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2205 raise Exception("DATA_TEST_FRAME failed")
2207 # RRB discarded frame wikth unrecognized type
2208 pkt
= ehdr
+ b
'\x02' + b
'\x02' + b
'\x01\x00' + _src_ll
2209 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2210 raise Exception("DATA_TEST_FRAME failed")
2212 # RRB frame too short for action frame
2213 pkt
= ehdr
+ b
'\x01' + b
'\x02' + b
'\x01\x00' + _src_ll
2214 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2215 raise Exception("DATA_TEST_FRAME failed")
2217 # Too short RRB frame (not enough room for Action Frame body)
2218 pkt
= ehdr
+ b
'\x01' + b
'\x02' + b
'\x00\x00' + _src_ll
2219 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2220 raise Exception("DATA_TEST_FRAME failed")
2222 # Unexpected Action frame category
2223 pkt
= ehdr
+ b
'\x01' + b
'\x02' + b
'\x0e\x00' + _src_ll
+ b
'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2224 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2225 raise Exception("DATA_TEST_FRAME failed")
2227 # Unexpected Action in RRB Request
2228 pkt
= ehdr
+ b
'\x01' + b
'\x00' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2229 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2230 raise Exception("DATA_TEST_FRAME failed")
2232 # Target AP address in RRB Request does not match with own address
2233 pkt
= ehdr
+ b
'\x01' + b
'\x00' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2234 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2235 raise Exception("DATA_TEST_FRAME failed")
2237 # Not enough room for status code in RRB Response
2238 pkt
= ehdr
+ b
'\x01' + b
'\x01' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2239 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2240 raise Exception("DATA_TEST_FRAME failed")
2242 # RRB discarded frame with unknown packet_type
2243 pkt
= ehdr
+ b
'\x01' + b
'\x02' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2244 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2245 raise Exception("DATA_TEST_FRAME failed")
2247 # RRB Response with non-zero status code; no STA match
2248 pkt
= ehdr
+ b
'\x01' + b
'\x01' + b
'\x10\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + b
'\xff\xff'
2249 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2250 raise Exception("DATA_TEST_FRAME failed")
2252 # RRB Response with zero status code and extra data; STA match
2253 pkt
= ehdr
+ b
'\x01' + b
'\x01' + b
'\x11\x00' + _src_ll
+ b
'\x06\x01' + _src_ll
+ b
'\x00\x00\x00\x00\x00\x00' + b
'\x00\x00' + b
'\x00'
2254 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2255 raise Exception("DATA_TEST_FRAME failed")
2257 # Too short PMK-R1 pull
2258 pkt
= ehdr
+ b
'\x01' + b
'\xc8' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2259 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2260 raise Exception("DATA_TEST_FRAME failed")
2262 # Too short PMK-R1 resp
2263 pkt
= ehdr
+ b
'\x01' + b
'\xc9' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2264 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2265 raise Exception("DATA_TEST_FRAME failed")
2267 # Too short PMK-R1 push
2268 pkt
= ehdr
+ b
'\x01' + b
'\xca' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2269 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2270 raise Exception("DATA_TEST_FRAME failed")
2272 # No matching R0KH address found for PMK-R0 pull response
2273 pkt
= ehdr
+ b
'\x01' + b
'\xc9' + b
'\x5a\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + 76 * b
'\00'
2274 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2275 raise Exception("DATA_TEST_FRAME failed")
2278 def test_rsn_ie_proto_ft_psk_sta(dev
, apdev
):
2279 """RSN element protocol testing for FT-PSK + PMF cases on STA side"""
2280 bssid
= apdev
[0]['bssid']
2282 passphrase
= "12345678"
2284 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2285 params
["ieee80211w"] = "1"
2286 # This is the RSN element used normally by hostapd
2287 params
['own_ie_override'] = '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'
2288 hapd
= hostapd
.add_ap(apdev
[0], params
)
2289 id = dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2290 ieee80211w
="1", scan_freq
="2412",
2291 pairwise
="CCMP", group
="CCMP")
2293 tests
= [('PMKIDCount field included',
2294 '30160100000fac040100000fac040100000fac048c000000' + '3603a1b201'),
2295 ('Extra IE before RSNE',
2296 'dd0400000000' + '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'),
2297 ('PMKIDCount and Group Management Cipher suite fields included',
2298 '301a0100000fac040100000fac040100000fac048c000000000fac06' + '3603a1b201'),
2299 ('Extra octet after defined fields (future extensibility)',
2300 '301b0100000fac040100000fac040100000fac048c000000000fac0600' + '3603a1b201'),
2301 ('No RSN Capabilities field (PMF disabled in practice)',
2302 '30120100000fac040100000fac040100000fac04' + '3603a1b201')]
2303 for txt
, ie
in tests
:
2304 dev
[0].request("DISCONNECT")
2305 dev
[0].wait_disconnected()
2308 hapd
.set('own_ie_override', ie
)
2310 dev
[0].request("BSS_FLUSH 0")
2311 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
2312 dev
[0].select_network(id, freq
=2412)
2313 dev
[0].wait_connected()
2315 dev
[0].request("DISCONNECT")
2316 dev
[0].wait_disconnected()
2318 logger
.info('Invalid RSNE causing internal hostapd error')
2320 hapd
.set('own_ie_override', '30130100000fac040100000fac040100000fac048c' + '3603a1b201')
2322 dev
[0].request("BSS_FLUSH 0")
2323 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
2324 dev
[0].select_network(id, freq
=2412)
2325 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
2327 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=1)
2329 raise Exception("Unexpected connection")
2330 dev
[0].request("DISCONNECT")
2332 logger
.info('Unexpected PMKID causing internal hostapd error')
2334 hapd
.set('own_ie_override', '30260100000fac040100000fac040100000fac048c000100ffffffffffffffffffffffffffffffff' + '3603a1b201')
2336 dev
[0].request("BSS_FLUSH 0")
2337 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
2338 dev
[0].select_network(id, freq
=2412)
2339 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
2341 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=1)
2343 raise Exception("Unexpected connection")
2344 dev
[0].request("DISCONNECT")
2346 def start_ft(apdev
, wpa_ptk_rekey
=None):
2348 passphrase
= "12345678"
2350 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2352 params
['wpa_ptk_rekey'] = str(wpa_ptk_rekey
)
2353 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2354 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2356 params
['wpa_ptk_rekey'] = str(wpa_ptk_rekey
)
2357 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2361 def check_ptk_rekey(dev
, hapd0
=None, hapd1
=None):
2362 ev
= dev
.wait_event(["CTRL-EVENT-DISCONNECTED",
2363 "WPA: Key negotiation completed"], timeout
=5)
2365 raise Exception("No event received after roam")
2366 if "CTRL-EVENT-DISCONNECTED" in ev
:
2367 raise Exception("Unexpected disconnection after roam")
2369 if not hapd0
or not hapd1
:
2371 if dev
.get_status_field('bssid') == hapd0
.own_addr():
2375 hwsim_utils
.test_connectivity(dev
, hapd
)
2377 def test_ap_ft_ptk_rekey(dev
, apdev
):
2378 """WPA2-PSK-FT PTK rekeying triggered by station after roam"""
2379 hapd0
, hapd1
= start_ft(apdev
)
2380 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", ptk_rekey
="1")
2381 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
2383 def test_ap_ft_ptk_rekey2(dev
, apdev
):
2384 """WPA2-PSK-FT PTK rekeying triggered by station after one roam"""
2385 hapd0
, hapd1
= start_ft(apdev
)
2386 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", ptk_rekey
="1",
2388 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
2390 def test_ap_ft_ptk_rekey_ap(dev
, apdev
):
2391 """WPA2-PSK-FT PTK rekeying triggered by AP after roam"""
2392 hapd0
, hapd1
= start_ft(apdev
, wpa_ptk_rekey
=2)
2393 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678")
2394 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
2396 def test_ap_ft_ptk_rekey_ap2(dev
, apdev
):
2397 """WPA2-PSK-FT PTK rekeying triggered by AP after one roam"""
2398 hapd0
, hapd1
= start_ft(apdev
, wpa_ptk_rekey
=2)
2399 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678",
2401 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
2403 def test_ap_ft_eap_ptk_rekey_ap(dev
, apdev
):
2404 """WPA2-EAP-FT PTK rekeying triggered by AP"""
2405 generic_ap_ft_eap(dev
, apdev
, only_one_way
=True, wpa_ptk_rekey
=2)
2406 check_ptk_rekey(dev
[0])
2408 def test_ap_ft_internal_rrb_check(dev
, apdev
):
2409 """RRB internal delivery only to WPA enabled BSS"""
2411 passphrase
= "12345678"
2413 radius
= hostapd
.radius_params()
2414 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2415 params
['wpa_key_mgmt'] = "FT-EAP"
2416 params
["ieee8021x"] = "1"
2417 params
= dict(list(radius
.items()) + list(params
.items()))
2418 hapd
= hostapd
.add_ap(apdev
[0], params
)
2419 key_mgmt
= hapd
.get_config()['key_mgmt']
2420 if key_mgmt
.split(' ')[0] != "FT-EAP":
2421 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
2423 hapd1
= hostapd
.add_ap(apdev
[1], {"ssid": ssid
})
2425 # Connect to WPA enabled AP
2426 dev
[0].connect(ssid
, key_mgmt
="FT-EAP", proto
="WPA2", ieee80211w
="1",
2427 eap
="GPSK", identity
="gpsk user",
2428 password
="abcdefghijklmnop0123456789abcdef",
2431 # Try over_ds roaming to non-WPA-enabled AP.
2432 # If hostapd does not check hapd->wpa_auth internally, it will crash now.
2433 dev
[0].roam_over_ds(apdev
[1]['bssid'], fail_test
=True)
2435 def test_ap_ft_extra_ie(dev
, apdev
):
2436 """WPA2-PSK-FT AP with WPA2-PSK enabled and unexpected MDE"""
2438 passphrase
= "12345678"
2440 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2441 params
["wpa_key_mgmt"] = "WPA-PSK FT-PSK"
2442 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2443 dev
[1].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2445 dev
[2].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK", proto
="WPA2",
2448 # Add Mobility Domain element to test AP validation code.
2449 dev
[0].request("VENDOR_ELEM_ADD 13 3603a1b201")
2450 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK", proto
="WPA2",
2451 scan_freq
="2412", wait_connect
=False)
2452 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED",
2453 "CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
2455 raise Exception("No connection result")
2456 if "CTRL-EVENT-CONNECTED" in ev
:
2457 raise Exception("Non-FT association accepted with MDE")
2458 if "status_code=43" not in ev
:
2459 raise Exception("Unexpected status code: " + ev
)
2460 dev
[0].request("DISCONNECT")
2462 dev
[0].request("VENDOR_ELEM_REMOVE 13 *")
2464 def test_ap_ft_ric(dev
, apdev
):
2465 """WPA2-PSK-FT AP and RIC"""
2467 passphrase
= "12345678"
2469 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2470 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2471 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2472 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2474 dev
[0].set("ric_ies", "")
2475 dev
[0].set("ric_ies", '""')
2476 if "FAIL" not in dev
[0].request("SET ric_ies q"):
2477 raise Exception("Invalid ric_ies value accepted")
2482 "390400000000" + "390400000000",
2483 "390400000000" + "dd050050f20202",
2484 "390400000000" + "dd3d0050f2020201" + 55*"00",
2485 "390400000000" + "dd3d0050f2020201aa300010270000000000000000000000000000000000000000000000000000ffffff7f00000000000000000000000040420f00ffff0000",
2486 "390401010000" + "dd3d0050f2020201aa3000dc050000000000000000000000000000000000000000000000000000dc050000000000000000000000000000808d5b0028230000"]
2488 dev
[0].set("ric_ies", t
)
2489 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
,
2490 test_connectivity
=False)
2491 dev
[0].request("REMOVE_NETWORK all")
2492 dev
[0].wait_disconnected()
2493 dev
[0].dump_monitor()
2495 def ie_hex(ies
, id):
2496 return binascii
.hexlify(struct
.pack('BB', id, len(ies
[id])) + ies
[id]).decode()
2498 def test_ap_ft_reassoc_proto(dev
, apdev
):
2499 """WPA2-PSK-FT AP Reassociation Request frame parsing"""
2501 passphrase
= "12345678"
2503 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2504 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2505 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2506 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2508 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2509 ieee80211w
="1", scan_freq
="2412")
2510 if dev
[0].get_status_field('bssid') == hapd0
.own_addr():
2517 dev
[0].scan_for_bss(hapd2ap
.own_addr(), freq
="2412")
2518 hapd2ap
.set("ext_mgmt_frame_handling", "1")
2519 dev
[0].request("ROAM " + hapd2ap
.own_addr())
2522 req
= hapd2ap
.mgmt_rx()
2523 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']).decode())
2524 if req
['subtype'] == 11:
2528 req
= hapd2ap
.mgmt_rx()
2529 if req
['subtype'] == 2:
2531 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']).decode())
2533 # IEEE 802.11 header + fixed fields before IEs
2534 hdr
= binascii
.hexlify(req
['frame'][0:34]).decode()
2535 ies
= parse_ie(binascii
.hexlify(req
['frame'][34:]))
2536 # First elements: SSID, Supported Rates, Extended Supported Rates
2537 ies1
= ie_hex(ies
, 0) + ie_hex(ies
, 1) + ie_hex(ies
, 50)
2539 rsne
= ie_hex(ies
, 48)
2540 mde
= ie_hex(ies
, 54)
2541 fte
= ie_hex(ies
, 55)
2543 # RSN: Trying to use FT, but MDIE not included
2545 # RSN: Attempted to use unknown MDIE
2546 tests
+= [rsne
+ "3603000000"]
2547 # Invalid RSN pairwise cipher
2548 tests
+= ["30260100000fac040100000fac030100000fac040000010029208a42cd25c85aa571567dce10dae3"]
2549 # FT: No PMKID in RSNIE
2550 tests
+= ["30160100000fac040100000fac040100000fac0400000000" + ie_hex(ies
, 54)]
2552 tests
+= [rsne
+ mde
]
2553 # FT: RIC IE(s) in the frame, but not included in protected IE count
2554 # FT: Failed to parse FT IEs
2555 tests
+= [rsne
+ mde
+ fte
+ "3900"]
2556 # FT: SNonce mismatch in FTIE
2557 tests
+= [rsne
+ mde
+ "37520000" + 16*"00" + 32*"00" + 32*"00"]
2558 # FT: ANonce mismatch in FTIE
2559 tests
+= [rsne
+ mde
+ fte
[0:40] + 32*"00" + fte
[104:]]
2560 # FT: No R0KH-ID subelem in FTIE
2561 tests
+= [rsne
+ mde
+ "3752" + fte
[4:168]]
2562 # FT: R0KH-ID in FTIE did not match with the current R0KH-ID
2563 tests
+= [rsne
+ mde
+ "3755" + fte
[4:168] + "0301ff"]
2564 # FT: No R1KH-ID subelem in FTIE
2565 tests
+= [rsne
+ mde
+ "375e" + fte
[4:168] + "030a" + binascii
.hexlify(b
"nas1.w1.fi").decode()]
2566 # FT: Unknown R1KH-ID used in ReassocReq
2567 tests
+= [rsne
+ mde
+ "3766" + fte
[4:168] + "030a" + binascii
.hexlify(b
"nas1.w1.fi").decode() + "0106000000000000"]
2568 # FT: PMKID in Reassoc Req did not match with the PMKR1Name derived from auth request
2569 tests
+= [rsne
[:-32] + 16*"00" + mde
+ fte
]
2570 # Invalid MIC in FTIE
2571 tests
+= [rsne
+ mde
+ fte
[0:8] + 16*"00" + fte
[40:]]
2573 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr
+ ies1
+ t
)
2575 def test_ap_ft_reassoc_local_fail(dev
, apdev
):
2576 """WPA2-PSK-FT AP Reassociation Request frame and local failure"""
2578 passphrase
= "12345678"
2580 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2581 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2582 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2583 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2585 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2586 ieee80211w
="1", scan_freq
="2412")
2587 if dev
[0].get_status_field('bssid') == hapd0
.own_addr():
2594 dev
[0].scan_for_bss(hapd2ap
.own_addr(), freq
="2412")
2595 # FT: Failed to calculate MIC
2596 with
fail_test(hapd2ap
, 1, "wpa_ft_validate_reassoc"):
2597 dev
[0].request("ROAM " + hapd2ap
.own_addr())
2598 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
2599 dev
[0].request("DISCONNECT")
2601 raise Exception("Association reject not seen")
2603 def test_ap_ft_reassoc_replay(dev
, apdev
, params
):
2604 """WPA2-PSK-FT AP and replayed Reassociation Request frame"""
2605 capfile
= os
.path
.join(params
['logdir'], "hwsim0.pcapng")
2607 passphrase
= "12345678"
2609 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2610 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2611 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2612 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2614 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2616 if dev
[0].get_status_field('bssid') == hapd0
.own_addr():
2623 dev
[0].scan_for_bss(hapd2ap
.own_addr(), freq
="2412")
2624 hapd2ap
.set("ext_mgmt_frame_handling", "1")
2625 dev
[0].dump_monitor()
2626 if "OK" not in dev
[0].request("ROAM " + hapd2ap
.own_addr()):
2627 raise Exception("ROAM failed")
2632 req
= hapd2ap
.mgmt_rx()
2634 hapd2ap
.dump_monitor()
2635 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']).decode())
2636 if req
['subtype'] == 2:
2638 ev
= hapd2ap
.wait_event(["MGMT-TX-STATUS"], timeout
=5)
2640 raise Exception("No TX status seen")
2641 cmd
= "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev
.split(' ')[1:4]))
2642 if "OK" not in hapd2ap
.request(cmd
):
2643 raise Exception("MGMT_TX_STATUS_PROCESS failed")
2645 hapd2ap
.set("ext_mgmt_frame_handling", "0")
2646 if reassocreq
is None:
2647 raise Exception("No Reassociation Request frame seen")
2648 dev
[0].wait_connected()
2649 dev
[0].dump_monitor()
2650 hapd2ap
.dump_monitor()
2652 hwsim_utils
.test_connectivity(dev
[0], hapd2ap
)
2654 logger
.info("Replay the last Reassociation Request frame")
2655 hapd2ap
.dump_monitor()
2656 hapd2ap
.set("ext_mgmt_frame_handling", "1")
2657 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']).decode())
2658 ev
= hapd2ap
.wait_event(["MGMT-TX-STATUS"], timeout
=5)
2660 raise Exception("No TX status seen")
2661 cmd
= "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev
.split(' ')[1:4]))
2662 if "OK" not in hapd2ap
.request(cmd
):
2663 raise Exception("MGMT_TX_STATUS_PROCESS failed")
2664 hapd2ap
.set("ext_mgmt_frame_handling", "0")
2667 hwsim_utils
.test_connectivity(dev
[0], hapd2ap
)
2672 ap
= hapd2ap
.own_addr()
2673 sta
= dev
[0].own_addr()
2674 filt
= "wlan.fc.type == 2 && " + \
2675 "wlan.da == " + sta
+ " && " + \
2677 fields
= ["wlan.ccmp.extiv"]
2678 res
= run_tshark(capfile
, filt
, fields
)
2679 vals
= res
.splitlines()
2680 logger
.info("CCMP PN: " + str(vals
))
2682 raise Exception("Could not find all CCMP protected frames from capture")
2683 if len(set(vals
)) < len(vals
):
2684 raise Exception("Duplicate CCMP PN used")
2687 raise Exception("The second hwsim connectivity test failed")
2689 def test_ap_ft_psk_file(dev
, apdev
):
2690 """WPA2-PSK-FT AP with PSK from a file"""
2692 passphrase
= "12345678"
2694 params
= ft_params1a(ssid
=ssid
, passphrase
=passphrase
)
2695 params
['wpa_psk_file'] = 'hostapd.wpa_psk'
2696 hapd
= hostapd
.add_ap(apdev
[0], params
)
2698 dev
[1].connect(ssid
, psk
="very secret",
2699 key_mgmt
="FT-PSK", proto
="WPA2", ieee80211w
="1",
2700 scan_freq
="2412", wait_connect
=False)
2701 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2702 ieee80211w
="1", scan_freq
="2412")
2703 dev
[0].request("REMOVE_NETWORK all")
2704 dev
[0].wait_disconnected()
2705 dev
[0].connect(ssid
, psk
="very secret", key_mgmt
="FT-PSK", proto
="WPA2",
2706 ieee80211w
="1", scan_freq
="2412")
2707 dev
[0].request("REMOVE_NETWORK all")
2708 dev
[0].wait_disconnected()
2709 dev
[0].connect(ssid
, psk
="secret passphrase",
2710 key_mgmt
="FT-PSK", proto
="WPA2", ieee80211w
="1",
2712 dev
[2].connect(ssid
, psk
="another passphrase for all STAs",
2713 key_mgmt
="FT-PSK", proto
="WPA2", ieee80211w
="1",
2715 ev
= dev
[1].wait_event(["WPA: 4-Way Handshake failed"], timeout
=10)
2717 raise Exception("Timed out while waiting for failure report")
2718 dev
[1].request("REMOVE_NETWORK all")
2720 def test_ap_ft_eap_ap_config_change(dev
, apdev
):
2721 """WPA2-EAP-FT AP changing from 802.1X-only to FT-only"""
2723 passphrase
= "12345678"
2724 bssid
= apdev
[0]['bssid']
2726 radius
= hostapd
.radius_params()
2727 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
, discovery
=True)
2728 params
['wpa_key_mgmt'] = "WPA-EAP"
2729 params
["ieee8021x"] = "1"
2730 params
["pmk_r1_push"] = "0"
2731 params
["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
2732 params
["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
2733 params
["eap_server"] = "0"
2734 params
= dict(list(radius
.items()) + list(params
.items()))
2735 hapd
= hostapd
.add_ap(apdev
[0], params
)
2737 dev
[0].connect(ssid
, key_mgmt
="FT-EAP WPA-EAP", proto
="WPA2",
2738 eap
="GPSK", identity
="gpsk user",
2739 password
="abcdefghijklmnop0123456789abcdef",
2741 dev
[0].request("DISCONNECT")
2742 dev
[0].wait_disconnected()
2743 dev
[0].dump_monitor()
2746 hapd
.set('wpa_key_mgmt', "FT-EAP")
2749 dev
[0].request("BSS_FLUSH 0")
2750 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
2752 dev
[0].request("RECONNECT")
2753 dev
[0].wait_connected()
2755 def test_ap_ft_eap_sha384(dev
, apdev
):
2756 """WPA2-EAP-FT with SHA384"""
2758 passphrase
= "12345678"
2760 radius
= hostapd
.radius_params()
2761 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2762 params
["ieee80211w"] = "2"
2763 params
['wpa_key_mgmt'] = "FT-EAP-SHA384"
2764 params
["ieee8021x"] = "1"
2765 params
= dict(list(radius
.items()) + list(params
.items()))
2766 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2767 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2768 params
["ieee80211w"] = "2"
2769 params
['wpa_key_mgmt'] = "FT-EAP-SHA384"
2770 params
["ieee8021x"] = "1"
2771 params
= dict(list(radius
.items()) + list(params
.items()))
2772 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2774 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, eap
=True,
2777 def test_ap_ft_eap_sha384_reassoc(dev
, apdev
):
2778 """WPA2-EAP-FT with SHA384 using REASSOCIATE"""
2780 passphrase
= "12345678"
2782 radius
= hostapd
.radius_params()
2783 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2784 params
["ieee80211w"] = "2"
2785 params
['wpa_key_mgmt'] = "WPA-EAP-SUITE-B-192 FT-EAP-SHA384"
2786 params
["ieee8021x"] = "1"
2787 params
= dict(list(radius
.items()) + list(params
.items()))
2788 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2789 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2790 params
["ieee80211w"] = "2"
2791 params
['wpa_key_mgmt'] = "WPA-EAP-SUITE-B-192 FT-EAP-SHA384"
2792 params
["ieee8021x"] = "1"
2793 params
= dict(list(radius
.items()) + list(params
.items()))
2794 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2796 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, eap
=True,
2797 sha384
=True, also_non_ft
=True, roam_with_reassoc
=True)
2799 def test_ap_ft_eap_sha384_over_ds(dev
, apdev
):
2800 """WPA2-EAP-FT with SHA384 over DS"""
2802 passphrase
= "12345678"
2804 radius
= hostapd
.radius_params()
2805 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2806 params
["ieee80211w"] = "2"
2807 params
['wpa_key_mgmt'] = "FT-EAP-SHA384"
2808 params
["ieee8021x"] = "1"
2809 params
= dict(list(radius
.items()) + list(params
.items()))
2810 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2811 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2812 params
["ieee80211w"] = "2"
2813 params
['wpa_key_mgmt'] = "FT-EAP-SHA384"
2814 params
["ieee8021x"] = "1"
2815 params
= dict(list(radius
.items()) + list(params
.items()))
2816 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2818 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
2819 eap
=True, sha384
=True)
2821 def test_ap_ft_roam_rrm(dev
, apdev
):
2822 """WPA2-PSK-FT AP and radio measurement request"""
2824 passphrase
= "12345678"
2826 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2827 params
["rrm_beacon_report"] = "1"
2828 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2829 bssid0
= hapd0
.own_addr()
2831 addr
= dev
[0].own_addr()
2832 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2834 check_beacon_req(hapd0
, addr
, 1)
2836 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2837 params
["rrm_beacon_report"] = "1"
2838 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2839 bssid1
= hapd1
.own_addr()
2841 dev
[0].scan_for_bss(bssid1
, freq
=2412)
2843 check_beacon_req(hapd1
, addr
, 2)
2845 dev
[0].scan_for_bss(bssid0
, freq
=2412)
2847 check_beacon_req(hapd0
, addr
, 3)