]> git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_ap_ft.py
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tests: FT with AP-to-AP broadcast messages
[thirdparty/hostap.git] / tests / hwsim / test_ap_ft.py
1 # Fast BSS Transition tests
2 # Copyright (c) 2013-2017, Jouni Malinen <j@w1.fi>
3 #
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
6
7 from remotehost import remote_compatible
8 import binascii
9 import os
10 import time
11 import logging
12 logger = logging.getLogger()
13 import struct
14
15 import hwsim_utils
16 import hostapd
17 from utils import HwsimSkip, alloc_fail, fail_test, wait_fail_trigger, skip_with_fips, parse_ie
18 from wlantest import Wlantest
19 from test_ap_psk import check_mib, find_wpas_process, read_process_memory, verify_not_present, get_key_locations
20
21 def ft_base_rsn():
22 params = { "wpa": "2",
23 "wpa_key_mgmt": "FT-PSK",
24 "rsn_pairwise": "CCMP" }
25 return params
26
27 def ft_base_mixed():
28 params = { "wpa": "3",
29 "wpa_key_mgmt": "WPA-PSK FT-PSK",
30 "wpa_pairwise": "TKIP",
31 "rsn_pairwise": "CCMP" }
32 return params
33
34 def ft_params(rsn=True, ssid=None, passphrase=None):
35 if rsn:
36 params = ft_base_rsn()
37 else:
38 params = ft_base_mixed()
39 if ssid:
40 params["ssid"] = ssid
41 if passphrase:
42 params["wpa_passphrase"] = passphrase
43
44 params["mobility_domain"] = "a1b2"
45 params["r0_key_lifetime"] = "10000"
46 params["pmk_r1_push"] = "1"
47 params["reassociation_deadline"] = "1000"
48 return params
49
50 def ft_params1a(rsn=True, ssid=None, passphrase=None):
51 params = ft_params(rsn, ssid, passphrase)
52 params['nas_identifier'] = "nas1.w1.fi"
53 params['r1_key_holder'] = "000102030405"
54 return params
55
56 def ft_params1(rsn=True, ssid=None, passphrase=None, discovery=False):
57 params = ft_params1a(rsn, ssid, passphrase)
58 if discovery:
59 params['r0kh'] = "ff:ff:ff:ff:ff:ff * 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
60 params['r1kh'] = "00:00:00:00:00:00 00:00:00:00:00:00 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
61 else:
62 params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f",
63 "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f" ]
64 params['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f"
65 return params
66
67 def ft_params1_old_key(rsn=True, ssid=None, passphrase=None):
68 params = ft_params1a(rsn, ssid, passphrase)
69 params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f",
70 "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f" ]
71 params['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f"
72 return params
73
74 def ft_params2a(rsn=True, ssid=None, passphrase=None):
75 params = ft_params(rsn, ssid, passphrase)
76 params['nas_identifier'] = "nas2.w1.fi"
77 params['r1_key_holder'] = "000102030406"
78 return params
79
80 def ft_params2(rsn=True, ssid=None, passphrase=None, discovery=False):
81 params = ft_params2a(rsn, ssid, passphrase)
82 if discovery:
83 params['r0kh'] = "ff:ff:ff:ff:ff:ff * 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
84 params['r1kh'] = "00:00:00:00:00:00 00:00:00:00:00:00 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
85 else:
86 params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f",
87 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f" ]
88 params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"
89 return params
90
91 def ft_params2_old_key(rsn=True, ssid=None, passphrase=None):
92 params = ft_params2a(rsn, ssid, passphrase)
93 params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f",
94 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f" ]
95 params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f"
96 return params
97
98 def ft_params1_r0kh_mismatch(rsn=True, ssid=None, passphrase=None):
99 params = ft_params(rsn, ssid, passphrase)
100 params['nas_identifier'] = "nas1.w1.fi"
101 params['r1_key_holder'] = "000102030405"
102 params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f",
103 "12:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f" ]
104 params['r1kh'] = "12:00:00:00:04:00 10:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f"
105 return params
106
107 def ft_params2_incorrect_rrb_key(rsn=True, ssid=None, passphrase=None):
108 params = ft_params(rsn, ssid, passphrase)
109 params['nas_identifier'] = "nas2.w1.fi"
110 params['r1_key_holder'] = "000102030406"
111 params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0ef1200102030405060708090a0b0c0d0ef1",
112 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0ef2000102030405060708090a0b0c0d0ef2" ]
113 params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0ef3300102030405060708090a0b0c0d0ef3"
114 return params
115
116 def ft_params2_r0kh_mismatch(rsn=True, ssid=None, passphrase=None):
117 params = ft_params(rsn, ssid, passphrase)
118 params['nas_identifier'] = "nas2.w1.fi"
119 params['r1_key_holder'] = "000102030406"
120 params['r0kh'] = [ "12:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f",
121 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f" ]
122 params['r1kh'] = "12:00:00:00:03:00 10:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"
123 return params
124
125 def run_roams(dev, apdev, hapd0, hapd1, ssid, passphrase, over_ds=False,
126 sae=False, eap=False, fail_test=False, roams=1,
127 pairwise_cipher="CCMP", group_cipher="TKIP CCMP", ptk_rekey="0",
128 test_connectivity=True):
129 logger.info("Connect to first AP")
130 if eap:
131 dev.connect(ssid, key_mgmt="FT-EAP", proto="WPA2", ieee80211w="1",
132 eap="GPSK", identity="gpsk user",
133 password="abcdefghijklmnop0123456789abcdef",
134 scan_freq="2412",
135 pairwise=pairwise_cipher, group=group_cipher,
136 wpa_ptk_rekey=ptk_rekey)
137 else:
138 if sae:
139 key_mgmt="FT-SAE"
140 else:
141 key_mgmt="FT-PSK"
142 dev.connect(ssid, psk=passphrase, key_mgmt=key_mgmt, proto="WPA2",
143 ieee80211w="1", scan_freq="2412",
144 pairwise=pairwise_cipher, group=group_cipher,
145 wpa_ptk_rekey=ptk_rekey)
146 if dev.get_status_field('bssid') == apdev[0]['bssid']:
147 ap1 = apdev[0]
148 ap2 = apdev[1]
149 hapd1ap = hapd0
150 hapd2ap = hapd1
151 else:
152 ap1 = apdev[1]
153 ap2 = apdev[0]
154 hapd1ap = hapd1
155 hapd2ap = hapd0
156 if test_connectivity:
157 hwsim_utils.test_connectivity(dev, hapd1ap)
158
159 dev.scan_for_bss(ap2['bssid'], freq="2412")
160
161 for i in range(0, roams):
162 logger.info("Roam to the second AP")
163 if over_ds:
164 dev.roam_over_ds(ap2['bssid'], fail_test=fail_test)
165 else:
166 dev.roam(ap2['bssid'], fail_test=fail_test)
167 if fail_test:
168 return
169 if dev.get_status_field('bssid') != ap2['bssid']:
170 raise Exception("Did not connect to correct AP")
171 if (i == 0 or i == roams - 1) and test_connectivity:
172 hwsim_utils.test_connectivity(dev, hapd2ap)
173
174 logger.info("Roam back to the first AP")
175 if over_ds:
176 dev.roam_over_ds(ap1['bssid'])
177 else:
178 dev.roam(ap1['bssid'])
179 if dev.get_status_field('bssid') != ap1['bssid']:
180 raise Exception("Did not connect to correct AP")
181 if (i == 0 or i == roams - 1) and test_connectivity:
182 hwsim_utils.test_connectivity(dev, hapd1ap)
183
184 def test_ap_ft(dev, apdev):
185 """WPA2-PSK-FT AP"""
186 ssid = "test-ft"
187 passphrase="12345678"
188
189 params = ft_params1(ssid=ssid, passphrase=passphrase)
190 hapd0 = hostapd.add_ap(apdev[0], params)
191 params = ft_params2(ssid=ssid, passphrase=passphrase)
192 hapd1 = hostapd.add_ap(apdev[1], params)
193
194 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
195 if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"):
196 raise Exception("Scan results missing RSN element info")
197
198 def test_ap_ft_old_key(dev, apdev):
199 """WPA2-PSK-FT AP (old key)"""
200 ssid = "test-ft"
201 passphrase="12345678"
202
203 params = ft_params1_old_key(ssid=ssid, passphrase=passphrase)
204 hapd0 = hostapd.add_ap(apdev[0], params)
205 params = ft_params2_old_key(ssid=ssid, passphrase=passphrase)
206 hapd1 = hostapd.add_ap(apdev[1], params)
207
208 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
209
210 def test_ap_ft_multi_akm(dev, apdev):
211 """WPA2-PSK-FT AP with non-FT AKMs enabled"""
212 ssid = "test-ft"
213 passphrase="12345678"
214
215 params = ft_params1(ssid=ssid, passphrase=passphrase)
216 params["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256"
217 hapd0 = hostapd.add_ap(apdev[0], params)
218 params = ft_params2(ssid=ssid, passphrase=passphrase)
219 params["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256"
220 hapd1 = hostapd.add_ap(apdev[1], params)
221
222 Wlantest.setup(hapd0)
223 wt = Wlantest()
224 wt.flush()
225 wt.add_passphrase(passphrase)
226
227 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
228 if "[WPA2-PSK+FT/PSK+PSK-SHA256-CCMP]" not in dev[0].request("SCAN_RESULTS"):
229 raise Exception("Scan results missing RSN element info")
230 dev[1].connect(ssid, psk=passphrase, scan_freq="2412")
231 dev[2].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK-SHA256",
232 scan_freq="2412")
233
234 def test_ap_ft_local_key_gen(dev, apdev):
235 """WPA2-PSK-FT AP with local key generation (without pull/push)"""
236 ssid = "test-ft"
237 passphrase="12345678"
238
239 params = ft_params1a(ssid=ssid, passphrase=passphrase)
240 params['ft_psk_generate_local'] = "1";
241 del params['pmk_r1_push']
242 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
243 params = ft_params2a(ssid=ssid, passphrase=passphrase)
244 params['ft_psk_generate_local'] = "1";
245 del params['pmk_r1_push']
246 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
247
248 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
249 if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"):
250 raise Exception("Scan results missing RSN element info")
251
252 def test_ap_ft_many(dev, apdev):
253 """WPA2-PSK-FT AP multiple times"""
254 ssid = "test-ft"
255 passphrase="12345678"
256
257 params = ft_params1(ssid=ssid, passphrase=passphrase)
258 hapd0 = hostapd.add_ap(apdev[0], params)
259 params = ft_params2(ssid=ssid, passphrase=passphrase)
260 hapd1 = hostapd.add_ap(apdev[1], params)
261
262 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, roams=50)
263
264 def test_ap_ft_mixed(dev, apdev):
265 """WPA2-PSK-FT mixed-mode AP"""
266 ssid = "test-ft-mixed"
267 passphrase="12345678"
268
269 params = ft_params1(rsn=False, ssid=ssid, passphrase=passphrase)
270 hapd = hostapd.add_ap(apdev[0], params)
271 key_mgmt = hapd.get_config()['key_mgmt']
272 vals = key_mgmt.split(' ')
273 if vals[0] != "WPA-PSK" or vals[1] != "FT-PSK":
274 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
275 params = ft_params2(rsn=False, ssid=ssid, passphrase=passphrase)
276 hapd1 = hostapd.add_ap(apdev[1], params)
277
278 run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase)
279
280 def test_ap_ft_pmf(dev, apdev):
281 """WPA2-PSK-FT AP with PMF"""
282 ssid = "test-ft"
283 passphrase="12345678"
284
285 params = ft_params1(ssid=ssid, passphrase=passphrase)
286 params["ieee80211w"] = "2"
287 hapd0 = hostapd.add_ap(apdev[0], params)
288 params = ft_params2(ssid=ssid, passphrase=passphrase)
289 params["ieee80211w"] = "2"
290 hapd1 = hostapd.add_ap(apdev[1], params)
291
292 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
293
294 def test_ap_ft_over_ds(dev, apdev):
295 """WPA2-PSK-FT AP over DS"""
296 ssid = "test-ft"
297 passphrase="12345678"
298
299 params = ft_params1(ssid=ssid, passphrase=passphrase)
300 hapd0 = hostapd.add_ap(apdev[0], params)
301 params = ft_params2(ssid=ssid, passphrase=passphrase)
302 hapd1 = hostapd.add_ap(apdev[1], params)
303
304 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True)
305 check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"),
306 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4") ])
307
308 def test_ap_ft_over_ds_disabled(dev, apdev):
309 """WPA2-PSK-FT AP over DS disabled"""
310 ssid = "test-ft"
311 passphrase="12345678"
312
313 params = ft_params1(ssid=ssid, passphrase=passphrase)
314 params['ft_over_ds'] = '0'
315 hapd0 = hostapd.add_ap(apdev[0], params)
316 params = ft_params2(ssid=ssid, passphrase=passphrase)
317 params['ft_over_ds'] = '0'
318 hapd1 = hostapd.add_ap(apdev[1], params)
319
320 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
321 fail_test=True)
322
323 def test_ap_ft_over_ds_many(dev, apdev):
324 """WPA2-PSK-FT AP over DS multiple times"""
325 ssid = "test-ft"
326 passphrase="12345678"
327
328 params = ft_params1(ssid=ssid, passphrase=passphrase)
329 hapd0 = hostapd.add_ap(apdev[0], params)
330 params = ft_params2(ssid=ssid, passphrase=passphrase)
331 hapd1 = hostapd.add_ap(apdev[1], params)
332
333 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
334 roams=50)
335
336 @remote_compatible
337 def test_ap_ft_over_ds_unknown_target(dev, apdev):
338 """WPA2-PSK-FT AP"""
339 ssid = "test-ft"
340 passphrase="12345678"
341
342 params = ft_params1(ssid=ssid, passphrase=passphrase)
343 hapd0 = hostapd.add_ap(apdev[0], params)
344
345 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
346 scan_freq="2412")
347 dev[0].roam_over_ds("02:11:22:33:44:55", fail_test=True)
348
349 @remote_compatible
350 def test_ap_ft_over_ds_unexpected(dev, apdev):
351 """WPA2-PSK-FT AP over DS and unexpected response"""
352 ssid = "test-ft"
353 passphrase="12345678"
354
355 params = ft_params1(ssid=ssid, passphrase=passphrase)
356 hapd0 = hostapd.add_ap(apdev[0], params)
357 params = ft_params2(ssid=ssid, passphrase=passphrase)
358 hapd1 = hostapd.add_ap(apdev[1], params)
359
360 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
361 scan_freq="2412")
362 if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
363 ap1 = apdev[0]
364 ap2 = apdev[1]
365 hapd1ap = hapd0
366 hapd2ap = hapd1
367 else:
368 ap1 = apdev[1]
369 ap2 = apdev[0]
370 hapd1ap = hapd1
371 hapd2ap = hapd0
372
373 addr = dev[0].own_addr()
374 hapd1ap.set("ext_mgmt_frame_handling", "1")
375 logger.info("Foreign STA address")
376 msg = {}
377 msg['fc'] = 13 << 4
378 msg['da'] = addr
379 msg['sa'] = ap1['bssid']
380 msg['bssid'] = ap1['bssid']
381 msg['payload'] = binascii.unhexlify("06021122334455660102030405060000")
382 hapd1ap.mgmt_tx(msg)
383
384 logger.info("No over-the-DS in progress")
385 msg['payload'] = binascii.unhexlify("0602" + addr.replace(':', '') + "0102030405060000")
386 hapd1ap.mgmt_tx(msg)
387
388 logger.info("Non-zero status code")
389 msg['payload'] = binascii.unhexlify("0602" + addr.replace(':', '') + "0102030405060100")
390 hapd1ap.mgmt_tx(msg)
391
392 hapd1ap.dump_monitor()
393
394 dev[0].scan_for_bss(ap2['bssid'], freq="2412")
395 if "OK" not in dev[0].request("FT_DS " + ap2['bssid']):
396 raise Exception("FT_DS failed")
397
398 req = hapd1ap.mgmt_rx()
399
400 logger.info("Foreign Target AP")
401 msg['payload'] = binascii.unhexlify("0602" + addr.replace(':', '') + "0102030405060000")
402 hapd1ap.mgmt_tx(msg)
403
404 addrs = addr.replace(':', '') + ap2['bssid'].replace(':', '')
405
406 logger.info("No IEs")
407 msg['payload'] = binascii.unhexlify("0602" + addrs + "0000")
408 hapd1ap.mgmt_tx(msg)
409
410 logger.info("Invalid IEs (trigger parsing failure)")
411 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003700")
412 hapd1ap.mgmt_tx(msg)
413
414 logger.info("Too short MDIE")
415 msg['payload'] = binascii.unhexlify("0602" + addrs + "000036021122")
416 hapd1ap.mgmt_tx(msg)
417
418 logger.info("Mobility domain mismatch")
419 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603112201")
420 hapd1ap.mgmt_tx(msg)
421
422 logger.info("No FTIE")
423 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201")
424 hapd1ap.mgmt_tx(msg)
425
426 logger.info("FTIE SNonce mismatch")
427 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "1000000000000000000000000000000000000000000000000000000000000001" + "030a6e6173322e77312e6669")
428 hapd1ap.mgmt_tx(msg)
429
430 logger.info("No R0KH-ID subelem in FTIE")
431 snonce = binascii.hexlify(req['payload'][111:111+32])
432 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b20137520000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce)
433 hapd1ap.mgmt_tx(msg)
434
435 logger.info("No R0KH-ID subelem mismatch in FTIE")
436 snonce = binascii.hexlify(req['payload'][111:111+32])
437 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce + "030a11223344556677889900")
438 hapd1ap.mgmt_tx(msg)
439
440 logger.info("No R1KH-ID subelem in FTIE")
441 r0khid = binascii.hexlify(req['payload'][145:145+10])
442 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce + "030a" + r0khid)
443 hapd1ap.mgmt_tx(msg)
444
445 logger.info("No RSNE")
446 r0khid = binascii.hexlify(req['payload'][145:145+10])
447 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b20137660000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce + "030a" + r0khid + "0106000102030405")
448 hapd1ap.mgmt_tx(msg)
449
450 def test_ap_ft_pmf_over_ds(dev, apdev):
451 """WPA2-PSK-FT AP over DS with PMF"""
452 ssid = "test-ft"
453 passphrase="12345678"
454
455 params = ft_params1(ssid=ssid, passphrase=passphrase)
456 params["ieee80211w"] = "2"
457 hapd0 = hostapd.add_ap(apdev[0], params)
458 params = ft_params2(ssid=ssid, passphrase=passphrase)
459 params["ieee80211w"] = "2"
460 hapd1 = hostapd.add_ap(apdev[1], params)
461
462 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True)
463
464 def test_ap_ft_over_ds_pull(dev, apdev):
465 """WPA2-PSK-FT AP over DS (pull PMK)"""
466 ssid = "test-ft"
467 passphrase="12345678"
468
469 params = ft_params1(ssid=ssid, passphrase=passphrase)
470 params["pmk_r1_push"] = "0"
471 hapd0 = hostapd.add_ap(apdev[0], params)
472 params = ft_params2(ssid=ssid, passphrase=passphrase)
473 params["pmk_r1_push"] = "0"
474 hapd1 = hostapd.add_ap(apdev[1], params)
475
476 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True)
477
478 def test_ap_ft_over_ds_pull_old_key(dev, apdev):
479 """WPA2-PSK-FT AP over DS (pull PMK; old key)"""
480 ssid = "test-ft"
481 passphrase="12345678"
482
483 params = ft_params1_old_key(ssid=ssid, passphrase=passphrase)
484 params["pmk_r1_push"] = "0"
485 hapd0 = hostapd.add_ap(apdev[0], params)
486 params = ft_params2_old_key(ssid=ssid, passphrase=passphrase)
487 params["pmk_r1_push"] = "0"
488 hapd1 = hostapd.add_ap(apdev[1], params)
489
490 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True)
491
492 def test_ap_ft_sae(dev, apdev):
493 """WPA2-PSK-FT-SAE AP"""
494 if "SAE" not in dev[0].get_capability("auth_alg"):
495 raise HwsimSkip("SAE not supported")
496 ssid = "test-ft"
497 passphrase="12345678"
498
499 params = ft_params1(ssid=ssid, passphrase=passphrase)
500 params['wpa_key_mgmt'] = "FT-SAE"
501 hapd0 = hostapd.add_ap(apdev[0], params)
502 params = ft_params2(ssid=ssid, passphrase=passphrase)
503 params['wpa_key_mgmt'] = "FT-SAE"
504 hapd = hostapd.add_ap(apdev[1], params)
505 key_mgmt = hapd.get_config()['key_mgmt']
506 if key_mgmt.split(' ')[0] != "FT-SAE":
507 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
508
509 dev[0].request("SET sae_groups ")
510 run_roams(dev[0], apdev, hapd0, hapd, ssid, passphrase, sae=True)
511
512 def test_ap_ft_sae_over_ds(dev, apdev):
513 """WPA2-PSK-FT-SAE AP over DS"""
514 if "SAE" not in dev[0].get_capability("auth_alg"):
515 raise HwsimSkip("SAE not supported")
516 ssid = "test-ft"
517 passphrase="12345678"
518
519 params = ft_params1(ssid=ssid, passphrase=passphrase)
520 params['wpa_key_mgmt'] = "FT-SAE"
521 hapd0 = hostapd.add_ap(apdev[0], params)
522 params = ft_params2(ssid=ssid, passphrase=passphrase)
523 params['wpa_key_mgmt'] = "FT-SAE"
524 hapd1 = hostapd.add_ap(apdev[1], params)
525
526 dev[0].request("SET sae_groups ")
527 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, sae=True,
528 over_ds=True)
529
530 def generic_ap_ft_eap(dev, apdev, over_ds=False, discovery=False, roams=1):
531 ssid = "test-ft"
532 passphrase="12345678"
533
534 radius = hostapd.radius_params()
535 params = ft_params1(ssid=ssid, passphrase=passphrase, discovery=discovery)
536 params['wpa_key_mgmt'] = "FT-EAP"
537 params["ieee8021x"] = "1"
538 params = dict(radius.items() + params.items())
539 hapd = hostapd.add_ap(apdev[0], params)
540 key_mgmt = hapd.get_config()['key_mgmt']
541 if key_mgmt.split(' ')[0] != "FT-EAP":
542 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
543 params = ft_params2(ssid=ssid, passphrase=passphrase, discovery=discovery)
544 params['wpa_key_mgmt'] = "FT-EAP"
545 params["ieee8021x"] = "1"
546 params = dict(radius.items() + params.items())
547 hapd1 = hostapd.add_ap(apdev[1], params)
548
549 run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True,
550 over_ds=over_ds, roams=roams)
551 if "[WPA2-FT/EAP-CCMP]" not in dev[0].request("SCAN_RESULTS"):
552 raise Exception("Scan results missing RSN element info")
553 check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-3"),
554 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-3") ])
555
556 # Verify EAPOL reauthentication after FT protocol
557 if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
558 ap = hapd
559 else:
560 ap = hapd1
561 ap.request("EAPOL_REAUTH " + dev[0].own_addr())
562 ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)
563 if ev is None:
564 raise Exception("EAP authentication did not start")
565 ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=5)
566 if ev is None:
567 raise Exception("EAP authentication did not succeed")
568 time.sleep(0.1)
569 hwsim_utils.test_connectivity(dev[0], ap)
570
571 def test_ap_ft_eap(dev, apdev):
572 """WPA2-EAP-FT AP"""
573 generic_ap_ft_eap(dev, apdev)
574
575 def test_ap_ft_eap_over_ds(dev, apdev):
576 """WPA2-EAP-FT AP using over-the-DS"""
577 generic_ap_ft_eap(dev, apdev, over_ds=True)
578
579 def test_ap_ft_eap_dis(dev, apdev):
580 """WPA2-EAP-FT AP with AP discovery"""
581 generic_ap_ft_eap(dev, apdev, discovery=True)
582
583 def test_ap_ft_eap_dis_over_ds(dev, apdev):
584 """WPA2-EAP-FT AP with AP discovery and over-the-DS"""
585 generic_ap_ft_eap(dev, apdev, over_ds=True, discovery=True)
586
587 def test_ap_ft_eap_pull(dev, apdev):
588 """WPA2-EAP-FT AP (pull PMK)"""
589 ssid = "test-ft"
590 passphrase="12345678"
591
592 radius = hostapd.radius_params()
593 params = ft_params1(ssid=ssid, passphrase=passphrase)
594 params['wpa_key_mgmt'] = "FT-EAP"
595 params["ieee8021x"] = "1"
596 params["pmk_r1_push"] = "0"
597 params = dict(radius.items() + params.items())
598 hapd = hostapd.add_ap(apdev[0], params)
599 key_mgmt = hapd.get_config()['key_mgmt']
600 if key_mgmt.split(' ')[0] != "FT-EAP":
601 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
602 params = ft_params2(ssid=ssid, passphrase=passphrase)
603 params['wpa_key_mgmt'] = "FT-EAP"
604 params["ieee8021x"] = "1"
605 params["pmk_r1_push"] = "0"
606 params = dict(radius.items() + params.items())
607 hapd1 = hostapd.add_ap(apdev[1], params)
608
609 run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True)
610
611 @remote_compatible
612 def test_ap_ft_mismatching_rrb_key_push(dev, apdev):
613 """WPA2-PSK-FT AP over DS with mismatching RRB key (push)"""
614 ssid = "test-ft"
615 passphrase="12345678"
616
617 params = ft_params1(ssid=ssid, passphrase=passphrase)
618 params["ieee80211w"] = "2"
619 hapd0 = hostapd.add_ap(apdev[0], params)
620 params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase)
621 params["ieee80211w"] = "2"
622 hapd1 = hostapd.add_ap(apdev[1], params)
623
624 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
625 fail_test=True)
626
627 @remote_compatible
628 def test_ap_ft_mismatching_rrb_key_pull(dev, apdev):
629 """WPA2-PSK-FT AP over DS with mismatching RRB key (pull)"""
630 ssid = "test-ft"
631 passphrase="12345678"
632
633 params = ft_params1(ssid=ssid, passphrase=passphrase)
634 params["pmk_r1_push"] = "0"
635 hapd0 = hostapd.add_ap(apdev[0], params)
636 params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase)
637 params["pmk_r1_push"] = "0"
638 hapd1 = hostapd.add_ap(apdev[1], params)
639
640 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
641 fail_test=True)
642
643 @remote_compatible
644 def test_ap_ft_mismatching_r0kh_id_pull(dev, apdev):
645 """WPA2-PSK-FT AP over DS with mismatching R0KH-ID (pull)"""
646 ssid = "test-ft"
647 passphrase="12345678"
648
649 params = ft_params1(ssid=ssid, passphrase=passphrase)
650 params["pmk_r1_push"] = "0"
651 params["nas_identifier"] = "nas0.w1.fi"
652 hostapd.add_ap(apdev[0], params)
653 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
654 scan_freq="2412")
655
656 params = ft_params2(ssid=ssid, passphrase=passphrase)
657 params["pmk_r1_push"] = "0"
658 hostapd.add_ap(apdev[1], params)
659
660 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
661 dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True)
662
663 @remote_compatible
664 def test_ap_ft_mismatching_rrb_r0kh_push(dev, apdev):
665 """WPA2-PSK-FT AP over DS with mismatching R0KH key (push)"""
666 ssid = "test-ft"
667 passphrase="12345678"
668
669 params = ft_params1(ssid=ssid, passphrase=passphrase)
670 params["ieee80211w"] = "2"
671 hapd0 = hostapd.add_ap(apdev[0], params)
672 params = ft_params2_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
673 params["ieee80211w"] = "2"
674 hapd1 = hostapd.add_ap(apdev[1], params)
675
676 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
677 fail_test=True)
678
679 @remote_compatible
680 def test_ap_ft_mismatching_rrb_r0kh_pull(dev, apdev):
681 """WPA2-PSK-FT AP over DS with mismatching R0KH key (pull)"""
682 ssid = "test-ft"
683 passphrase="12345678"
684
685 params = ft_params1_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
686 params["pmk_r1_push"] = "0"
687 hapd0 = hostapd.add_ap(apdev[0], params)
688 params = ft_params2(ssid=ssid, passphrase=passphrase)
689 params["pmk_r1_push"] = "0"
690 hapd1 = hostapd.add_ap(apdev[1], params)
691
692 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
693 fail_test=True)
694
695 def test_ap_ft_mismatching_rrb_key_push_eap(dev, apdev):
696 """WPA2-EAP-FT AP over DS with mismatching RRB key (push)"""
697 ssid = "test-ft"
698 passphrase="12345678"
699
700 radius = hostapd.radius_params()
701 params = ft_params1(ssid=ssid, passphrase=passphrase)
702 params["ieee80211w"] = "2";
703 params['wpa_key_mgmt'] = "FT-EAP"
704 params["ieee8021x"] = "1"
705 params = dict(radius.items() + params.items())
706 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
707 params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase)
708 params["ieee80211w"] = "2";
709 params['wpa_key_mgmt'] = "FT-EAP"
710 params["ieee8021x"] = "1"
711 params = dict(radius.items() + params.items())
712 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
713
714 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
715 fail_test=True, eap=True)
716
717 def test_ap_ft_mismatching_rrb_key_pull_eap(dev, apdev):
718 """WPA2-EAP-FT AP over DS with mismatching RRB key (pull)"""
719 ssid = "test-ft"
720 passphrase="12345678"
721
722 radius = hostapd.radius_params()
723 params = ft_params1(ssid=ssid, passphrase=passphrase)
724 params["pmk_r1_push"] = "0"
725 params['wpa_key_mgmt'] = "FT-EAP"
726 params["ieee8021x"] = "1"
727 params = dict(radius.items() + params.items())
728 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
729 params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase)
730 params["pmk_r1_push"] = "0"
731 params['wpa_key_mgmt'] = "FT-EAP"
732 params["ieee8021x"] = "1"
733 params = dict(radius.items() + params.items())
734 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
735
736 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
737 fail_test=True, eap=True)
738
739 def test_ap_ft_mismatching_r0kh_id_pull_eap(dev, apdev):
740 """WPA2-EAP-FT AP over DS with mismatching R0KH-ID (pull)"""
741 ssid = "test-ft"
742 passphrase="12345678"
743
744 radius = hostapd.radius_params()
745 params = ft_params1(ssid=ssid, passphrase=passphrase)
746 params["pmk_r1_push"] = "0"
747 params["nas_identifier"] = "nas0.w1.fi"
748 params['wpa_key_mgmt'] = "FT-EAP"
749 params["ieee8021x"] = "1"
750 params = dict(radius.items() + params.items())
751 hostapd.add_ap(apdev[0]['ifname'], params)
752 dev[0].connect(ssid, key_mgmt="FT-EAP", proto="WPA2", ieee80211w="1",
753 eap="GPSK", identity="gpsk user",
754 password="abcdefghijklmnop0123456789abcdef",
755 scan_freq="2412")
756
757 params = ft_params2(ssid=ssid, passphrase=passphrase)
758 params["pmk_r1_push"] = "0"
759 params['wpa_key_mgmt'] = "FT-EAP"
760 params["ieee8021x"] = "1"
761 params = dict(radius.items() + params.items())
762 hostapd.add_ap(apdev[1]['ifname'], params)
763
764 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
765 dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True)
766
767 def test_ap_ft_mismatching_rrb_r0kh_push_eap(dev, apdev):
768 """WPA2-EAP-FT AP over DS with mismatching R0KH key (push)"""
769 ssid = "test-ft"
770 passphrase="12345678"
771
772 radius = hostapd.radius_params()
773 params = ft_params1(ssid=ssid, passphrase=passphrase)
774 params["ieee80211w"] = "2";
775 params['wpa_key_mgmt'] = "FT-EAP"
776 params["ieee8021x"] = "1"
777 params = dict(radius.items() + params.items())
778 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
779 params = ft_params2_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
780 params["ieee80211w"] = "2";
781 params['wpa_key_mgmt'] = "FT-EAP"
782 params["ieee8021x"] = "1"
783 params = dict(radius.items() + params.items())
784 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
785
786 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
787 fail_test=True, eap=True)
788
789 def test_ap_ft_mismatching_rrb_r0kh_pull_eap(dev, apdev):
790 """WPA2-EAP-FT AP over DS with mismatching R0KH key (pull)"""
791 ssid = "test-ft"
792 passphrase="12345678"
793
794 radius = hostapd.radius_params()
795 params = ft_params1_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
796 params["pmk_r1_push"] = "0"
797 params['wpa_key_mgmt'] = "FT-EAP"
798 params["ieee8021x"] = "1"
799 params = dict(radius.items() + params.items())
800 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
801 params = ft_params2(ssid=ssid, passphrase=passphrase)
802 params["pmk_r1_push"] = "0"
803 params['wpa_key_mgmt'] = "FT-EAP"
804 params["ieee8021x"] = "1"
805 params = dict(radius.items() + params.items())
806 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
807
808 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
809 fail_test=True, eap=True)
810
811 def test_ap_ft_gtk_rekey(dev, apdev):
812 """WPA2-PSK-FT AP and GTK rekey"""
813 ssid = "test-ft"
814 passphrase="12345678"
815
816 params = ft_params1(ssid=ssid, passphrase=passphrase)
817 params['wpa_group_rekey'] = '1'
818 hapd = hostapd.add_ap(apdev[0], params)
819
820 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
821 ieee80211w="1", scan_freq="2412")
822
823 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
824 if ev is None:
825 raise Exception("GTK rekey timed out after initial association")
826 hwsim_utils.test_connectivity(dev[0], hapd)
827
828 params = ft_params2(ssid=ssid, passphrase=passphrase)
829 params['wpa_group_rekey'] = '1'
830 hapd1 = hostapd.add_ap(apdev[1], params)
831
832 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
833 dev[0].roam(apdev[1]['bssid'])
834 if dev[0].get_status_field('bssid') != apdev[1]['bssid']:
835 raise Exception("Did not connect to correct AP")
836 hwsim_utils.test_connectivity(dev[0], hapd1)
837
838 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
839 if ev is None:
840 raise Exception("GTK rekey timed out after FT protocol")
841 hwsim_utils.test_connectivity(dev[0], hapd1)
842
843 def test_ft_psk_key_lifetime_in_memory(dev, apdev, params):
844 """WPA2-PSK-FT and key lifetime in memory"""
845 ssid = "test-ft"
846 passphrase="04c2726b4b8d5f1b4db9c07aa4d9e9d8f765cb5d25ec817e6cc4fcdd5255db0"
847 psk = '93c90846ff67af9037ed83fb72b63dbeddaa81d47f926c20909b5886f1d9358d'
848 pmk = binascii.unhexlify(psk)
849 p = ft_params1(ssid=ssid, passphrase=passphrase)
850 hapd0 = hostapd.add_ap(apdev[0], p)
851 p = ft_params2(ssid=ssid, passphrase=passphrase)
852 hapd1 = hostapd.add_ap(apdev[1], p)
853
854 pid = find_wpas_process(dev[0])
855
856 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
857 scan_freq="2412")
858 # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
859 # event has been delivered, so verify that wpa_supplicant has returned to
860 # eloop before reading process memory.
861 time.sleep(1)
862 dev[0].ping()
863
864 buf = read_process_memory(pid, pmk)
865
866 dev[0].request("DISCONNECT")
867 dev[0].wait_disconnected()
868
869 dev[0].relog()
870 pmkr0 = None
871 pmkr1 = None
872 ptk = None
873 gtk = None
874 with open(os.path.join(params['logdir'], 'log0'), 'r') as f:
875 for l in f.readlines():
876 if "FT: PMK-R0 - hexdump" in l:
877 val = l.strip().split(':')[3].replace(' ', '')
878 pmkr0 = binascii.unhexlify(val)
879 if "FT: PMK-R1 - hexdump" in l:
880 val = l.strip().split(':')[3].replace(' ', '')
881 pmkr1 = binascii.unhexlify(val)
882 if "FT: KCK - hexdump" in l:
883 val = l.strip().split(':')[3].replace(' ', '')
884 kck = binascii.unhexlify(val)
885 if "FT: KEK - hexdump" in l:
886 val = l.strip().split(':')[3].replace(' ', '')
887 kek = binascii.unhexlify(val)
888 if "FT: TK - hexdump" in l:
889 val = l.strip().split(':')[3].replace(' ', '')
890 tk = binascii.unhexlify(val)
891 if "WPA: Group Key - hexdump" in l:
892 val = l.strip().split(':')[3].replace(' ', '')
893 gtk = binascii.unhexlify(val)
894 if not pmkr0 or not pmkr1 or not kck or not kek or not tk or not gtk:
895 raise Exception("Could not find keys from debug log")
896 if len(gtk) != 16:
897 raise Exception("Unexpected GTK length")
898
899 logger.info("Checking keys in memory while associated")
900 get_key_locations(buf, pmk, "PMK")
901 get_key_locations(buf, pmkr0, "PMK-R0")
902 get_key_locations(buf, pmkr1, "PMK-R1")
903 if pmk not in buf:
904 raise HwsimSkip("PMK not found while associated")
905 if pmkr0 not in buf:
906 raise HwsimSkip("PMK-R0 not found while associated")
907 if pmkr1 not in buf:
908 raise HwsimSkip("PMK-R1 not found while associated")
909 if kck not in buf:
910 raise Exception("KCK not found while associated")
911 if kek not in buf:
912 raise Exception("KEK not found while associated")
913 if tk in buf:
914 raise Exception("TK found from memory")
915 if gtk in buf:
916 get_key_locations(buf, gtk, "GTK")
917 raise Exception("GTK found from memory")
918
919 logger.info("Checking keys in memory after disassociation")
920 buf = read_process_memory(pid, pmk)
921 get_key_locations(buf, pmk, "PMK")
922 get_key_locations(buf, pmkr0, "PMK-R0")
923 get_key_locations(buf, pmkr1, "PMK-R1")
924
925 # Note: PMK/PSK is still present in network configuration
926
927 fname = os.path.join(params['logdir'],
928 'ft_psk_key_lifetime_in_memory.memctx-')
929 verify_not_present(buf, pmkr0, fname, "PMK-R0")
930 verify_not_present(buf, pmkr1, fname, "PMK-R1")
931 verify_not_present(buf, kck, fname, "KCK")
932 verify_not_present(buf, kek, fname, "KEK")
933 verify_not_present(buf, tk, fname, "TK")
934 verify_not_present(buf, gtk, fname, "GTK")
935
936 dev[0].request("REMOVE_NETWORK all")
937
938 logger.info("Checking keys in memory after network profile removal")
939 buf = read_process_memory(pid, pmk)
940 get_key_locations(buf, pmk, "PMK")
941 get_key_locations(buf, pmkr0, "PMK-R0")
942 get_key_locations(buf, pmkr1, "PMK-R1")
943
944 verify_not_present(buf, pmk, fname, "PMK")
945 verify_not_present(buf, pmkr0, fname, "PMK-R0")
946 verify_not_present(buf, pmkr1, fname, "PMK-R1")
947 verify_not_present(buf, kck, fname, "KCK")
948 verify_not_present(buf, kek, fname, "KEK")
949 verify_not_present(buf, tk, fname, "TK")
950 verify_not_present(buf, gtk, fname, "GTK")
951
952 @remote_compatible
953 def test_ap_ft_invalid_resp(dev, apdev):
954 """WPA2-PSK-FT AP and invalid response IEs"""
955 ssid = "test-ft"
956 passphrase="12345678"
957
958 params = ft_params1(ssid=ssid, passphrase=passphrase)
959 hapd0 = hostapd.add_ap(apdev[0], params)
960 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
961 scan_freq="2412")
962
963 params = ft_params2(ssid=ssid, passphrase=passphrase)
964 hapd1 = hostapd.add_ap(apdev[1], params)
965
966 tests = [
967 # Various IEs for test coverage. The last one is FTIE with invalid
968 # R1KH-ID subelement.
969 "020002000000" + "3800" + "38051122334455" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010100",
970 # FTIE with invalid R0KH-ID subelement (len=0).
971 "020002000000" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010300",
972 # FTIE with invalid R0KH-ID subelement (len=49).
973 "020002000000" + "378500010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001033101020304050607080910111213141516171819202122232425262728293031323334353637383940414243444546474849",
974 # Invalid RSNE.
975 "020002000000" + "3000",
976 # Required IEs missing from protected IE count.
977 "020002000000" + "3603a1b201" + "375200010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
978 # RIC missing from protected IE count.
979 "020002000000" + "3603a1b201" + "375200020203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
980 # Protected IE missing.
981 "020002000000" + "3603a1b201" + "375200ff0203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900" + "0000" ]
982 for t in tests:
983 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
984 hapd1.set("ext_mgmt_frame_handling", "1")
985 hapd1.dump_monitor()
986 if "OK" not in dev[0].request("ROAM " + apdev[1]['bssid']):
987 raise Exception("ROAM failed")
988 auth = None
989 for i in range(20):
990 msg = hapd1.mgmt_rx()
991 if msg['subtype'] == 11:
992 auth = msg
993 break
994 if not auth:
995 raise Exception("Authentication frame not seen")
996
997 resp = {}
998 resp['fc'] = auth['fc']
999 resp['da'] = auth['sa']
1000 resp['sa'] = auth['da']
1001 resp['bssid'] = auth['bssid']
1002 resp['payload'] = binascii.unhexlify(t)
1003 hapd1.mgmt_tx(resp)
1004 hapd1.set("ext_mgmt_frame_handling", "0")
1005 dev[0].wait_disconnected()
1006
1007 dev[0].request("RECONNECT")
1008 dev[0].wait_connected()
1009
1010 def test_ap_ft_gcmp_256(dev, apdev):
1011 """WPA2-PSK-FT AP with GCMP-256 cipher"""
1012 if "GCMP-256" not in dev[0].get_capability("pairwise"):
1013 raise HwsimSkip("Cipher GCMP-256 not supported")
1014 ssid = "test-ft"
1015 passphrase="12345678"
1016
1017 params = ft_params1(ssid=ssid, passphrase=passphrase)
1018 params['rsn_pairwise'] = "GCMP-256"
1019 hapd0 = hostapd.add_ap(apdev[0], params)
1020 params = ft_params2(ssid=ssid, passphrase=passphrase)
1021 params['rsn_pairwise'] = "GCMP-256"
1022 hapd1 = hostapd.add_ap(apdev[1], params)
1023
1024 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase,
1025 pairwise_cipher="GCMP-256", group_cipher="GCMP-256")
1026
1027 def test_ap_ft_oom(dev, apdev):
1028 """WPA2-PSK-FT and OOM"""
1029 skip_with_fips(dev[0])
1030 ssid = "test-ft"
1031 passphrase="12345678"
1032
1033 params = ft_params1(ssid=ssid, passphrase=passphrase)
1034 hapd0 = hostapd.add_ap(apdev[0], params)
1035 params = ft_params2(ssid=ssid, passphrase=passphrase)
1036 hapd1 = hostapd.add_ap(apdev[1], params)
1037
1038 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1039 scan_freq="2412")
1040 if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
1041 dst = apdev[1]['bssid']
1042 else:
1043 dst = apdev[0]['bssid']
1044
1045 dev[0].scan_for_bss(dst, freq="2412")
1046 with alloc_fail(dev[0], 1, "wpa_ft_gen_req_ies"):
1047 dev[0].roam(dst)
1048 with fail_test(dev[0], 1, "wpa_ft_mic"):
1049 dev[0].roam(dst, fail_test=True)
1050 with fail_test(dev[0], 1, "os_get_random;wpa_ft_prepare_auth_request"):
1051 dev[0].roam(dst, fail_test=True)
1052
1053 dev[0].request("REMOVE_NETWORK all")
1054 with alloc_fail(dev[0], 1, "=sme_update_ft_ies"):
1055 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1056 scan_freq="2412")
1057
1058 def test_ap_ft_ap_oom(dev, apdev):
1059 """WPA2-PSK-FT and AP OOM"""
1060 ssid = "test-ft"
1061 passphrase="12345678"
1062
1063 params = ft_params1(ssid=ssid, passphrase=passphrase)
1064 hapd0 = hostapd.add_ap(apdev[0], params)
1065 bssid0 = hapd0.own_addr()
1066
1067 dev[0].scan_for_bss(bssid0, freq="2412")
1068 with alloc_fail(hapd0, 1, "wpa_ft_store_pmk_r0"):
1069 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1070 scan_freq="2412")
1071
1072 params = ft_params2(ssid=ssid, passphrase=passphrase)
1073 hapd1 = hostapd.add_ap(apdev[1], params)
1074 bssid1 = hapd1.own_addr()
1075 dev[0].scan_for_bss(bssid1, freq="2412")
1076 # This roam will fail due to missing PMK-R0 (OOM prevented storing it)
1077 dev[0].roam(bssid1)
1078
1079 def test_ap_ft_ap_oom2(dev, apdev):
1080 """WPA2-PSK-FT and AP OOM 2"""
1081 ssid = "test-ft"
1082 passphrase="12345678"
1083
1084 params = ft_params1(ssid=ssid, passphrase=passphrase)
1085 hapd0 = hostapd.add_ap(apdev[0], params)
1086 bssid0 = hapd0.own_addr()
1087
1088 dev[0].scan_for_bss(bssid0, freq="2412")
1089 with alloc_fail(hapd0, 1, "wpa_ft_store_pmk_r1"):
1090 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1091 scan_freq="2412")
1092
1093 params = ft_params2(ssid=ssid, passphrase=passphrase)
1094 hapd1 = hostapd.add_ap(apdev[1], params)
1095 bssid1 = hapd1.own_addr()
1096 dev[0].scan_for_bss(bssid1, freq="2412")
1097 dev[0].roam(bssid1)
1098 if dev[0].get_status_field('bssid') != bssid1:
1099 raise Exception("Did not roam to AP1")
1100 # This roam will fail due to missing PMK-R1 (OOM prevented storing it)
1101 dev[0].roam(bssid0)
1102
1103 def test_ap_ft_ap_oom3(dev, apdev):
1104 """WPA2-PSK-FT and AP OOM 3"""
1105 ssid = "test-ft"
1106 passphrase="12345678"
1107
1108 params = ft_params1(ssid=ssid, passphrase=passphrase)
1109 hapd0 = hostapd.add_ap(apdev[0], params)
1110 bssid0 = hapd0.own_addr()
1111
1112 dev[0].scan_for_bss(bssid0, freq="2412")
1113 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1114 scan_freq="2412")
1115
1116 params = ft_params2(ssid=ssid, passphrase=passphrase)
1117 hapd1 = hostapd.add_ap(apdev[1], params)
1118 bssid1 = hapd1.own_addr()
1119 dev[0].scan_for_bss(bssid1, freq="2412")
1120 with alloc_fail(hapd1, 1, "wpa_ft_pull_pmk_r1"):
1121 # This will fail due to not being able to send out PMK-R1 pull request
1122 dev[0].roam(bssid1)
1123
1124 with fail_test(hapd1, 2, "os_get_random;wpa_ft_pull_pmk_r1"):
1125 # This will fail due to not being able to send out PMK-R1 pull request
1126 dev[0].roam(bssid1)
1127
1128 with fail_test(hapd1, 2, "aes_siv_encrypt;wpa_ft_pull_pmk_r1"):
1129 # This will fail due to not being able to send out PMK-R1 pull request
1130 dev[0].roam(bssid1)
1131
1132 def test_ap_ft_ap_oom3b(dev, apdev):
1133 """WPA2-PSK-FT and AP OOM 3b"""
1134 ssid = "test-ft"
1135 passphrase="12345678"
1136
1137 params = ft_params1(ssid=ssid, passphrase=passphrase)
1138 hapd0 = hostapd.add_ap(apdev[0], params)
1139 bssid0 = hapd0.own_addr()
1140
1141 dev[0].scan_for_bss(bssid0, freq="2412")
1142 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1143 scan_freq="2412")
1144
1145 params = ft_params2(ssid=ssid, passphrase=passphrase)
1146 hapd1 = hostapd.add_ap(apdev[1], params)
1147 bssid1 = hapd1.own_addr()
1148 dev[0].scan_for_bss(bssid1, freq="2412")
1149 with fail_test(hapd1, 1, "os_get_random;wpa_ft_pull_pmk_r1"):
1150 # This will fail due to not being able to send out PMK-R1 pull request
1151 dev[0].roam(bssid1)
1152
1153 def test_ap_ft_ap_oom4(dev, apdev):
1154 """WPA2-PSK-FT and AP OOM 4"""
1155 ssid = "test-ft"
1156 passphrase="12345678"
1157
1158 params = ft_params1(ssid=ssid, passphrase=passphrase)
1159 hapd0 = hostapd.add_ap(apdev[0], params)
1160 bssid0 = hapd0.own_addr()
1161
1162 dev[0].scan_for_bss(bssid0, freq="2412")
1163 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1164 scan_freq="2412")
1165
1166 params = ft_params2(ssid=ssid, passphrase=passphrase)
1167 hapd1 = hostapd.add_ap(apdev[1], params)
1168 bssid1 = hapd1.own_addr()
1169 dev[0].scan_for_bss(bssid1, freq="2412")
1170 with alloc_fail(hapd1, 1, "wpa_ft_gtk_subelem"):
1171 dev[0].roam(bssid1)
1172 if dev[0].get_status_field('bssid') != bssid1:
1173 raise Exception("Did not roam to AP1")
1174
1175 with fail_test(hapd0, 1, "wpa_auth_get_seqnum;wpa_ft_gtk_subelem"):
1176 dev[0].roam(bssid0)
1177 if dev[0].get_status_field('bssid') != bssid0:
1178 raise Exception("Did not roam to AP0")
1179
1180 with fail_test(hapd0, 1, "aes_wrap;wpa_ft_gtk_subelem"):
1181 dev[0].roam(bssid1)
1182 if dev[0].get_status_field('bssid') != bssid1:
1183 raise Exception("Did not roam to AP1")
1184
1185 def test_ap_ft_ap_oom5(dev, apdev):
1186 """WPA2-PSK-FT and AP OOM 5"""
1187 ssid = "test-ft"
1188 passphrase="12345678"
1189
1190 params = ft_params1(ssid=ssid, passphrase=passphrase)
1191 hapd0 = hostapd.add_ap(apdev[0], params)
1192 bssid0 = hapd0.own_addr()
1193
1194 dev[0].scan_for_bss(bssid0, freq="2412")
1195 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1196 scan_freq="2412")
1197
1198 params = ft_params2(ssid=ssid, passphrase=passphrase)
1199 hapd1 = hostapd.add_ap(apdev[1], params)
1200 bssid1 = hapd1.own_addr()
1201 dev[0].scan_for_bss(bssid1, freq="2412")
1202 with alloc_fail(hapd1, 1, "=wpa_ft_process_auth_req"):
1203 # This will fail to roam
1204 dev[0].roam(bssid1)
1205
1206 with fail_test(hapd1, 1, "os_get_random;wpa_ft_process_auth_req"):
1207 # This will fail to roam
1208 dev[0].roam(bssid1)
1209
1210 with fail_test(hapd1, 1, "sha256_prf_bits;wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
1211 # This will fail to roam
1212 dev[0].roam(bssid1)
1213
1214 with fail_test(hapd1, 3, "wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
1215 # This will fail to roam
1216 dev[0].roam(bssid1)
1217
1218 with fail_test(hapd1, 1, "wpa_derive_pmk_r1_name;wpa_ft_process_auth_req"):
1219 # This will fail to roam
1220 dev[0].roam(bssid1)
1221
1222 def test_ap_ft_ap_oom6(dev, apdev):
1223 """WPA2-PSK-FT and AP OOM 6"""
1224 ssid = "test-ft"
1225 passphrase="12345678"
1226
1227 params = ft_params1(ssid=ssid, passphrase=passphrase)
1228 hapd0 = hostapd.add_ap(apdev[0], params)
1229 bssid0 = hapd0.own_addr()
1230
1231 dev[0].scan_for_bss(bssid0, freq="2412")
1232 with fail_test(hapd0, 1, "wpa_derive_pmk_r0;wpa_auth_derive_ptk_ft"):
1233 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1234 scan_freq="2412")
1235 dev[0].request("REMOVE_NETWORK all")
1236 dev[0].wait_disconnected()
1237 with fail_test(hapd0, 1, "wpa_derive_pmk_r1;wpa_auth_derive_ptk_ft"):
1238 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1239 scan_freq="2412")
1240 dev[0].request("REMOVE_NETWORK all")
1241 dev[0].wait_disconnected()
1242 with fail_test(hapd0, 1, "wpa_pmk_r1_to_ptk;wpa_auth_derive_ptk_ft"):
1243 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1244 scan_freq="2412")
1245
1246 def test_ap_ft_ap_oom7(dev, apdev):
1247 """WPA2-PSK-FT and AP OOM 7"""
1248 ssid = "test-ft"
1249 passphrase="12345678"
1250
1251 params = ft_params1(ssid=ssid, passphrase=passphrase)
1252 params["ieee80211w"] = "2"
1253 hapd0 = hostapd.add_ap(apdev[0], params)
1254 bssid0 = hapd0.own_addr()
1255
1256 dev[0].scan_for_bss(bssid0, freq="2412")
1257 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1258 ieee80211w="2", scan_freq="2412")
1259
1260 params = ft_params2(ssid=ssid, passphrase=passphrase)
1261 params["ieee80211w"] = "2"
1262 hapd1 = hostapd.add_ap(apdev[1], params)
1263 bssid1 = hapd1.own_addr()
1264 dev[0].scan_for_bss(bssid1, freq="2412")
1265 with alloc_fail(hapd1, 1, "wpa_ft_igtk_subelem"):
1266 # This will fail to roam
1267 dev[0].roam(bssid1)
1268 with fail_test(hapd1, 1, "aes_wrap;wpa_ft_igtk_subelem"):
1269 # This will fail to roam
1270 dev[0].roam(bssid1)
1271 with alloc_fail(hapd1, 1, "=wpa_sm_write_assoc_resp_ies"):
1272 # This will fail to roam
1273 dev[0].roam(bssid1)
1274 with fail_test(hapd1, 1, "wpa_ft_mic;wpa_sm_write_assoc_resp_ies"):
1275 # This will fail to roam
1276 dev[0].roam(bssid1)
1277
1278 def test_ap_ft_ap_oom8(dev, apdev):
1279 """WPA2-PSK-FT and AP OOM 8"""
1280 ssid = "test-ft"
1281 passphrase="12345678"
1282
1283 params = ft_params1(ssid=ssid, passphrase=passphrase)
1284 params['ft_psk_generate_local'] = "1";
1285 hapd0 = hostapd.add_ap(apdev[0], params)
1286 bssid0 = hapd0.own_addr()
1287
1288 dev[0].scan_for_bss(bssid0, freq="2412")
1289 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1290 scan_freq="2412")
1291
1292 params = ft_params2(ssid=ssid, passphrase=passphrase)
1293 params['ft_psk_generate_local'] = "1";
1294 hapd1 = hostapd.add_ap(apdev[1], params)
1295 bssid1 = hapd1.own_addr()
1296 dev[0].scan_for_bss(bssid1, freq="2412")
1297 with fail_test(hapd1, 1, "wpa_derive_pmk_r0;wpa_ft_psk_pmk_r1"):
1298 # This will fail to roam
1299 dev[0].roam(bssid1)
1300 with fail_test(hapd1, 1, "wpa_derive_pmk_r1;wpa_ft_psk_pmk_r1"):
1301 # This will fail to roam
1302 dev[0].roam(bssid1)
1303
1304 def test_ap_ft_ap_oom9(dev, apdev):
1305 """WPA2-PSK-FT and AP OOM 9"""
1306 ssid = "test-ft"
1307 passphrase="12345678"
1308
1309 params = ft_params1(ssid=ssid, passphrase=passphrase)
1310 hapd0 = hostapd.add_ap(apdev[0], params)
1311 bssid0 = hapd0.own_addr()
1312
1313 dev[0].scan_for_bss(bssid0, freq="2412")
1314 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1315 scan_freq="2412")
1316
1317 params = ft_params2(ssid=ssid, passphrase=passphrase)
1318 hapd1 = hostapd.add_ap(apdev[1], params)
1319 bssid1 = hapd1.own_addr()
1320 dev[0].scan_for_bss(bssid1, freq="2412")
1321
1322 with alloc_fail(hapd0, 1, "wpa_ft_action_rx"):
1323 # This will fail to roam
1324 if "OK" not in dev[0].request("FT_DS " + bssid1):
1325 raise Exception("FT_DS failed")
1326 wait_fail_trigger(hapd0, "GET_ALLOC_FAIL")
1327
1328 with alloc_fail(hapd1, 1, "wpa_ft_rrb_rx_request"):
1329 # This will fail to roam
1330 if "OK" not in dev[0].request("FT_DS " + bssid1):
1331 raise Exception("FT_DS failed")
1332 wait_fail_trigger(hapd1, "GET_ALLOC_FAIL")
1333
1334 with alloc_fail(hapd1, 1, "wpa_ft_send_rrb_auth_resp"):
1335 # This will fail to roam
1336 if "OK" not in dev[0].request("FT_DS " + bssid1):
1337 raise Exception("FT_DS failed")
1338 wait_fail_trigger(hapd1, "GET_ALLOC_FAIL")
1339
1340 def test_ap_ft_ap_oom10(dev, apdev):
1341 """WPA2-PSK-FT and AP OOM 10"""
1342 ssid = "test-ft"
1343 passphrase="12345678"
1344
1345 params = ft_params1(ssid=ssid, passphrase=passphrase)
1346 hapd0 = hostapd.add_ap(apdev[0], params)
1347 bssid0 = hapd0.own_addr()
1348
1349 dev[0].scan_for_bss(bssid0, freq="2412")
1350 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1351 scan_freq="2412")
1352
1353 params = ft_params2(ssid=ssid, passphrase=passphrase)
1354 hapd1 = hostapd.add_ap(apdev[1], params)
1355 bssid1 = hapd1.own_addr()
1356 dev[0].scan_for_bss(bssid1, freq="2412")
1357
1358 with fail_test(hapd0, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_pull"):
1359 # This will fail to roam
1360 if "OK" not in dev[0].request("FT_DS " + bssid1):
1361 raise Exception("FT_DS failed")
1362 wait_fail_trigger(hapd0, "GET_FAIL")
1363
1364 with fail_test(hapd0, 1, "wpa_derive_pmk_r1;wpa_ft_rrb_rx_pull"):
1365 # This will fail to roam
1366 if "OK" not in dev[0].request("FT_DS " + bssid1):
1367 raise Exception("FT_DS failed")
1368 wait_fail_trigger(hapd0, "GET_FAIL")
1369
1370 with fail_test(hapd0, 1, "aes_siv_encrypt;wpa_ft_rrb_rx_pull"):
1371 # This will fail to roam
1372 if "OK" not in dev[0].request("FT_DS " + bssid1):
1373 raise Exception("FT_DS failed")
1374 wait_fail_trigger(hapd0, "GET_FAIL")
1375
1376 with fail_test(hapd1, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_resp"):
1377 # This will fail to roam
1378 if "OK" not in dev[0].request("FT_DS " + bssid1):
1379 raise Exception("FT_DS failed")
1380 wait_fail_trigger(hapd1, "GET_FAIL")
1381
1382 def test_ap_ft_ap_oom11(dev, apdev):
1383 """WPA2-PSK-FT and AP OOM 11"""
1384 ssid = "test-ft"
1385 passphrase="12345678"
1386
1387 params = ft_params1(ssid=ssid, passphrase=passphrase)
1388 hapd0 = hostapd.add_ap(apdev[0], params)
1389 bssid0 = hapd0.own_addr()
1390
1391 dev[0].scan_for_bss(bssid0, freq="2412")
1392 with fail_test(hapd0, 1, "wpa_derive_pmk_r1;wpa_ft_generate_pmk_r1"):
1393 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1394 scan_freq="2412")
1395 wait_fail_trigger(hapd0, "GET_FAIL")
1396
1397 dev[1].scan_for_bss(bssid0, freq="2412")
1398 with fail_test(hapd0, 1, "aes_siv_encrypt;wpa_ft_generate_pmk_r1"):
1399 dev[1].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1400 scan_freq="2412")
1401 wait_fail_trigger(hapd0, "GET_FAIL")
1402
1403 def test_ap_ft_over_ds_proto_ap(dev, apdev):
1404 """WPA2-PSK-FT AP over DS protocol testing for AP processing"""
1405 ssid = "test-ft"
1406 passphrase="12345678"
1407
1408 params = ft_params1(ssid=ssid, passphrase=passphrase)
1409 hapd0 = hostapd.add_ap(apdev[0], params)
1410 bssid0 = hapd0.own_addr()
1411 _bssid0 = bssid0.replace(':', '')
1412 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1413 scan_freq="2412")
1414 addr = dev[0].own_addr()
1415 _addr = addr.replace(':', '')
1416
1417 params = ft_params2(ssid=ssid, passphrase=passphrase)
1418 hapd1 = hostapd.add_ap(apdev[1], params)
1419 bssid1 = hapd1.own_addr()
1420 _bssid1 = bssid1.replace(':', '')
1421
1422 hapd0.set("ext_mgmt_frame_handling", "1")
1423 hdr = "d0003a01" + _bssid0 + _addr + _bssid0 + "1000"
1424 valid = "0601" + _addr + _bssid1
1425 tests = [ "0601",
1426 "0601" + _addr,
1427 "0601" + _addr + _bssid0,
1428 "0601" + _addr + "ffffffffffff",
1429 "0601" + _bssid0 + _bssid0,
1430 valid,
1431 valid + "01",
1432 valid + "3700",
1433 valid + "3600",
1434 valid + "3603ffffff",
1435 valid + "3603a1b2ff",
1436 valid + "3603a1b2ff" + "3700",
1437 valid + "3603a1b2ff" + "37520000" + 16*"00" + 32*"00" + 32*"00",
1438 valid + "3603a1b2ff" + "37520001" + 16*"00" + 32*"00" + 32*"00",
1439 valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa",
1440 valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "3000",
1441 valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000facff00000100a225368fe0983b5828a37a0acb37f253",
1442 valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac030100000fac0400000100a225368fe0983b5828a37a0acb37f253",
1443 valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000fac0400000100a225368fe0983b5828a37a0acb37f253",
1444 valid + "0001" ]
1445 for t in tests:
1446 hapd0.dump_monitor()
1447 if "OK" not in hapd0.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + t):
1448 raise Exception("MGMT_RX_PROCESS failed")
1449
1450 hapd0.set("ext_mgmt_frame_handling", "0")
1451
1452 def test_ap_ft_over_ds_proto(dev, apdev):
1453 """WPA2-PSK-FT AP over DS protocol testing"""
1454 ssid = "test-ft"
1455 passphrase="12345678"
1456
1457 params = ft_params1(ssid=ssid, passphrase=passphrase)
1458 hapd0 = hostapd.add_ap(apdev[0], params)
1459 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1460 scan_freq="2412")
1461
1462 # FT Action Response while no FT-over-DS in progress
1463 msg = {}
1464 msg['fc'] = 13 << 4
1465 msg['da'] = dev[0].own_addr()
1466 msg['sa'] = apdev[0]['bssid']
1467 msg['bssid'] = apdev[0]['bssid']
1468 msg['payload'] = binascii.unhexlify("06020200000000000200000004000000")
1469 hapd0.mgmt_tx(msg)
1470
1471 params = ft_params2(ssid=ssid, passphrase=passphrase)
1472 hapd1 = hostapd.add_ap(apdev[1], params)
1473 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
1474 hapd0.set("ext_mgmt_frame_handling", "1")
1475 hapd0.dump_monitor()
1476 dev[0].request("FT_DS " + apdev[1]['bssid'])
1477 for i in range(0, 10):
1478 req = hapd0.mgmt_rx()
1479 if req is None:
1480 raise Exception("MGMT RX wait timed out")
1481 if req['subtype'] == 13:
1482 break
1483 req = None
1484 if not req:
1485 raise Exception("FT Action frame not received")
1486
1487 # FT Action Response for unexpected Target AP
1488 msg['payload'] = binascii.unhexlify("0602020000000000" + "f20000000400" + "0000")
1489 hapd0.mgmt_tx(msg)
1490
1491 # FT Action Response without MDIE
1492 msg['payload'] = binascii.unhexlify("0602020000000000" + "020000000400" + "0000")
1493 hapd0.mgmt_tx(msg)
1494
1495 # FT Action Response without FTIE
1496 msg['payload'] = binascii.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201")
1497 hapd0.mgmt_tx(msg)
1498
1499 # FT Action Response with FTIE SNonce mismatch
1500 msg['payload'] = binascii.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201" + "3766000000000000000000000000000000000000c4e67ac1999bebd00ff4ae4d5dcaf87896bb060b469f7c78d49623fb395c3455ffffff6b693fe6f8d8c5dfac0a22344750775bd09437f98b238c9f87b97f790c0106000102030406030a6e6173312e77312e6669")
1501 hapd0.mgmt_tx(msg)
1502
1503 @remote_compatible
1504 def test_ap_ft_rrb(dev, apdev):
1505 """WPA2-PSK-FT RRB protocol testing"""
1506 ssid = "test-ft"
1507 passphrase="12345678"
1508
1509 params = ft_params1(ssid=ssid, passphrase=passphrase)
1510 hapd0 = hostapd.add_ap(apdev[0], params)
1511
1512 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1513 scan_freq="2412")
1514
1515 _dst_ll = binascii.unhexlify(apdev[0]['bssid'].replace(':',''))
1516 _src_ll = binascii.unhexlify(dev[0].own_addr().replace(':',''))
1517 proto = '\x89\x0d'
1518 ehdr = _dst_ll + _src_ll + proto
1519
1520 # Too short RRB frame
1521 pkt = ehdr + '\x01'
1522 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1523 raise Exception("DATA_TEST_FRAME failed")
1524
1525 # RRB discarded frame wikth unrecognized type
1526 pkt = ehdr + '\x02' + '\x02' + '\x01\x00' + _src_ll
1527 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1528 raise Exception("DATA_TEST_FRAME failed")
1529
1530 # RRB frame too short for action frame
1531 pkt = ehdr + '\x01' + '\x02' + '\x01\x00' + _src_ll
1532 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1533 raise Exception("DATA_TEST_FRAME failed")
1534
1535 # Too short RRB frame (not enough room for Action Frame body)
1536 pkt = ehdr + '\x01' + '\x02' + '\x00\x00' + _src_ll
1537 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1538 raise Exception("DATA_TEST_FRAME failed")
1539
1540 # Unexpected Action frame category
1541 pkt = ehdr + '\x01' + '\x02' + '\x0e\x00' + _src_ll + '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1542 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1543 raise Exception("DATA_TEST_FRAME failed")
1544
1545 # Unexpected Action in RRB Request
1546 pkt = ehdr + '\x01' + '\x00' + '\x0e\x00' + _src_ll + '\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1547 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1548 raise Exception("DATA_TEST_FRAME failed")
1549
1550 # Target AP address in RRB Request does not match with own address
1551 pkt = ehdr + '\x01' + '\x00' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1552 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1553 raise Exception("DATA_TEST_FRAME failed")
1554
1555 # Not enough room for status code in RRB Response
1556 pkt = ehdr + '\x01' + '\x01' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1557 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1558 raise Exception("DATA_TEST_FRAME failed")
1559
1560 # RRB discarded frame with unknown packet_type
1561 pkt = ehdr + '\x01' + '\x02' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1562 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1563 raise Exception("DATA_TEST_FRAME failed")
1564
1565 # RRB Response with non-zero status code; no STA match
1566 pkt = ehdr + '\x01' + '\x01' + '\x10\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + '\xff\xff'
1567 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1568 raise Exception("DATA_TEST_FRAME failed")
1569
1570 # RRB Response with zero status code and extra data; STA match
1571 pkt = ehdr + '\x01' + '\x01' + '\x11\x00' + _src_ll + '\x06\x01' + _src_ll + '\x00\x00\x00\x00\x00\x00' + '\x00\x00' + '\x00'
1572 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1573 raise Exception("DATA_TEST_FRAME failed")
1574
1575 # Too short PMK-R1 pull
1576 pkt = ehdr + '\x01' + '\xc8' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1577 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1578 raise Exception("DATA_TEST_FRAME failed")
1579
1580 # Too short PMK-R1 resp
1581 pkt = ehdr + '\x01' + '\xc9' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1582 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1583 raise Exception("DATA_TEST_FRAME failed")
1584
1585 # Too short PMK-R1 push
1586 pkt = ehdr + '\x01' + '\xca' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1587 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1588 raise Exception("DATA_TEST_FRAME failed")
1589
1590 # No matching R0KH address found for PMK-R0 pull response
1591 pkt = ehdr + '\x01' + '\xc9' + '\x5a\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + 76*'\00'
1592 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1593 raise Exception("DATA_TEST_FRAME failed")
1594
1595 @remote_compatible
1596 def test_rsn_ie_proto_ft_psk_sta(dev, apdev):
1597 """RSN element protocol testing for FT-PSK + PMF cases on STA side"""
1598 bssid = apdev[0]['bssid']
1599 ssid = "test-ft"
1600 passphrase="12345678"
1601
1602 params = ft_params1(ssid=ssid, passphrase=passphrase)
1603 params["ieee80211w"] = "1"
1604 # This is the RSN element used normally by hostapd
1605 params['own_ie_override'] = '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'
1606 hapd = hostapd.add_ap(apdev[0], params)
1607 id = dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1608 ieee80211w="1", scan_freq="2412",
1609 pairwise="CCMP", group="CCMP")
1610
1611 tests = [ ('PMKIDCount field included',
1612 '30160100000fac040100000fac040100000fac048c000000' + '3603a1b201'),
1613 ('Extra IE before RSNE',
1614 'dd0400000000' + '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'),
1615 ('PMKIDCount and Group Management Cipher suite fields included',
1616 '301a0100000fac040100000fac040100000fac048c000000000fac06' + '3603a1b201'),
1617 ('Extra octet after defined fields (future extensibility)',
1618 '301b0100000fac040100000fac040100000fac048c000000000fac0600' + '3603a1b201'),
1619 ('No RSN Capabilities field (PMF disabled in practice)',
1620 '30120100000fac040100000fac040100000fac04' + '3603a1b201') ]
1621 for txt,ie in tests:
1622 dev[0].request("DISCONNECT")
1623 dev[0].wait_disconnected()
1624 logger.info(txt)
1625 hapd.disable()
1626 hapd.set('own_ie_override', ie)
1627 hapd.enable()
1628 dev[0].request("BSS_FLUSH 0")
1629 dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
1630 dev[0].select_network(id, freq=2412)
1631 dev[0].wait_connected()
1632
1633 dev[0].request("DISCONNECT")
1634 dev[0].wait_disconnected()
1635
1636 logger.info('Invalid RSNE causing internal hostapd error')
1637 hapd.disable()
1638 hapd.set('own_ie_override', '30130100000fac040100000fac040100000fac048c' + '3603a1b201')
1639 hapd.enable()
1640 dev[0].request("BSS_FLUSH 0")
1641 dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
1642 dev[0].select_network(id, freq=2412)
1643 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
1644 # complete.
1645 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
1646 if ev is not None:
1647 raise Exception("Unexpected connection")
1648 dev[0].request("DISCONNECT")
1649
1650 logger.info('Unexpected PMKID causing internal hostapd error')
1651 hapd.disable()
1652 hapd.set('own_ie_override', '30260100000fac040100000fac040100000fac048c000100ffffffffffffffffffffffffffffffff' + '3603a1b201')
1653 hapd.enable()
1654 dev[0].request("BSS_FLUSH 0")
1655 dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
1656 dev[0].select_network(id, freq=2412)
1657 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
1658 # complete.
1659 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
1660 if ev is not None:
1661 raise Exception("Unexpected connection")
1662 dev[0].request("DISCONNECT")
1663
1664 def test_ap_ft_ptk_rekey(dev, apdev):
1665 """WPA2-PSK-FT PTK rekeying triggered by station after roam"""
1666 ssid = "test-ft"
1667 passphrase="12345678"
1668
1669 params = ft_params1(ssid=ssid, passphrase=passphrase)
1670 hapd0 = hostapd.add_ap(apdev[0], params)
1671 params = ft_params2(ssid=ssid, passphrase=passphrase)
1672 hapd1 = hostapd.add_ap(apdev[1], params)
1673
1674 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, ptk_rekey="1")
1675
1676 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED",
1677 "WPA: Key negotiation completed"], timeout=5)
1678 if ev is None:
1679 raise Exception("No event received after roam")
1680 if "CTRL-EVENT-DISCONNECTED" in ev:
1681 raise Exception("Unexpected disconnection after roam")
1682
1683 if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
1684 hapd = hapd0
1685 else:
1686 hapd = hapd1
1687 hwsim_utils.test_connectivity(dev[0], hapd)
1688
1689 def test_ap_ft_ptk_rekey_ap(dev, apdev):
1690 """WPA2-PSK-FT PTK rekeying triggered by AP after roam"""
1691 ssid = "test-ft"
1692 passphrase="12345678"
1693
1694 params = ft_params1(ssid=ssid, passphrase=passphrase)
1695 params['wpa_ptk_rekey'] = '2'
1696 hapd0 = hostapd.add_ap(apdev[0], params)
1697 params = ft_params2(ssid=ssid, passphrase=passphrase)
1698 params['wpa_ptk_rekey'] = '2'
1699 hapd1 = hostapd.add_ap(apdev[1], params)
1700
1701 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
1702
1703 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED",
1704 "WPA: Key negotiation completed"], timeout=5)
1705 if ev is None:
1706 raise Exception("No event received after roam")
1707 if "CTRL-EVENT-DISCONNECTED" in ev:
1708 raise Exception("Unexpected disconnection after roam")
1709
1710 if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
1711 hapd = hapd0
1712 else:
1713 hapd = hapd1
1714 hwsim_utils.test_connectivity(dev[0], hapd)
1715
1716 def test_ap_ft_internal_rrb_check(dev, apdev):
1717 """RRB internal delivery only to WPA enabled BSS"""
1718 ssid = "test-ft"
1719 passphrase="12345678"
1720
1721 radius = hostapd.radius_params()
1722 params = ft_params1(ssid=ssid, passphrase=passphrase)
1723 params['wpa_key_mgmt'] = "FT-EAP"
1724 params["ieee8021x"] = "1"
1725 params = dict(radius.items() + params.items())
1726 hapd = hostapd.add_ap(apdev[0], params)
1727 key_mgmt = hapd.get_config()['key_mgmt']
1728 if key_mgmt.split(' ')[0] != "FT-EAP":
1729 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
1730
1731 hapd1 = hostapd.add_ap(apdev[1], { "ssid" : ssid })
1732
1733 # Connect to WPA enabled AP
1734 dev[0].connect(ssid, key_mgmt="FT-EAP", proto="WPA2", ieee80211w="1",
1735 eap="GPSK", identity="gpsk user",
1736 password="abcdefghijklmnop0123456789abcdef",
1737 scan_freq="2412")
1738
1739 # Try over_ds roaming to non-WPA-enabled AP.
1740 # If hostapd does not check hapd->wpa_auth internally, it will crash now.
1741 dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True)
1742
1743 def test_ap_ft_extra_ie(dev, apdev):
1744 """WPA2-PSK-FT AP with WPA2-PSK enabled and unexpected MDE"""
1745 ssid = "test-ft"
1746 passphrase="12345678"
1747
1748 params = ft_params1(ssid=ssid, passphrase=passphrase)
1749 params["wpa_key_mgmt"] = "WPA-PSK FT-PSK"
1750 hapd0 = hostapd.add_ap(apdev[0], params)
1751 dev[1].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1752 scan_freq="2412")
1753 dev[2].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK", proto="WPA2",
1754 scan_freq="2412")
1755 try:
1756 # Add Mobility Domain element to test AP validation code.
1757 dev[0].request("VENDOR_ELEM_ADD 13 3603a1b201")
1758 dev[0].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK", proto="WPA2",
1759 scan_freq="2412", wait_connect=False)
1760 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
1761 "CTRL-EVENT-ASSOC-REJECT"], timeout=10)
1762 if ev is None:
1763 raise Exception("No connection result")
1764 if "CTRL-EVENT-CONNECTED" in ev:
1765 raise Exception("Non-FT association accepted with MDE")
1766 if "status_code=43" not in ev:
1767 raise Exception("Unexpected status code: " + ev)
1768 dev[0].request("DISCONNECT")
1769 finally:
1770 dev[0].request("VENDOR_ELEM_REMOVE 13 *")
1771
1772 def test_ap_ft_ric(dev, apdev):
1773 """WPA2-PSK-FT AP and RIC"""
1774 ssid = "test-ft"
1775 passphrase="12345678"
1776
1777 params = ft_params1(ssid=ssid, passphrase=passphrase)
1778 hapd0 = hostapd.add_ap(apdev[0], params)
1779 params = ft_params2(ssid=ssid, passphrase=passphrase)
1780 hapd1 = hostapd.add_ap(apdev[1], params)
1781
1782 dev[0].set("ric_ies", "")
1783 dev[0].set("ric_ies", '""')
1784 if "FAIL" not in dev[0].request("SET ric_ies q"):
1785 raise Exception("Invalid ric_ies value accepted")
1786
1787 tests = [ "3900",
1788 "3900ff04eeeeeeee",
1789 "390400000000",
1790 "390400000000" + "390400000000",
1791 "390400000000" + "dd050050f20202",
1792 "390400000000" + "dd3d0050f2020201" + 55*"00",
1793 "390400000000" + "dd3d0050f2020201aa300010270000000000000000000000000000000000000000000000000000ffffff7f00000000000000000000000040420f00ffff0000",
1794 "390401010000" + "dd3d0050f2020201aa3000dc050000000000000000000000000000000000000000000000000000dc050000000000000000000000000000808d5b0028230000" ]
1795 for t in tests:
1796 dev[0].set("ric_ies", t)
1797 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase,
1798 test_connectivity=False)
1799 dev[0].request("REMOVE_NETWORK all")
1800 dev[0].wait_disconnected()
1801 dev[0].dump_monitor()
1802
1803 def ie_hex(ies, id):
1804 return binascii.hexlify(struct.pack('BB', id, len(ies[id])) + ies[id])
1805
1806 def test_ap_ft_reassoc_proto(dev, apdev):
1807 """WPA2-PSK-FT AP Reassociation Request frame parsing"""
1808 ssid = "test-ft"
1809 passphrase="12345678"
1810
1811 params = ft_params1(ssid=ssid, passphrase=passphrase)
1812 hapd0 = hostapd.add_ap(apdev[0], params)
1813 params = ft_params2(ssid=ssid, passphrase=passphrase)
1814 hapd1 = hostapd.add_ap(apdev[1], params)
1815
1816 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1817 ieee80211w="1", scan_freq="2412")
1818 if dev[0].get_status_field('bssid') == hapd0.own_addr():
1819 hapd1ap = hapd0
1820 hapd2ap = hapd1
1821 else:
1822 hapd1ap = hapd1
1823 hapd2ap = hapd0
1824
1825 dev[0].scan_for_bss(hapd2ap.own_addr(), freq="2412")
1826 hapd2ap.set("ext_mgmt_frame_handling", "1")
1827 dev[0].request("ROAM " + hapd2ap.own_addr())
1828
1829 while True:
1830 req = hapd2ap.mgmt_rx()
1831 hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']))
1832 if req['subtype'] == 11:
1833 break
1834
1835 while True:
1836 req = hapd2ap.mgmt_rx()
1837 if req['subtype'] == 2:
1838 break
1839 hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']))
1840
1841 # IEEE 802.11 header + fixed fields before IEs
1842 hdr = binascii.hexlify(req['frame'][0:34])
1843 ies = parse_ie(binascii.hexlify(req['frame'][34:]))
1844 # First elements: SSID, Supported Rates, Extended Supported Rates
1845 ies1 = ie_hex(ies, 0) + ie_hex(ies, 1) + ie_hex(ies, 50)
1846
1847 rsne = ie_hex(ies, 48)
1848 mde = ie_hex(ies, 54)
1849 fte = ie_hex(ies, 55)
1850 tests = [ ]
1851 # RSN: Trying to use FT, but MDIE not included
1852 tests += [ rsne ]
1853 # RSN: Attempted to use unknown MDIE
1854 tests += [ rsne + "3603000000" ]
1855 # Invalid RSN pairwise cipher
1856 tests += [ "30260100000fac040100000fac030100000fac040000010029208a42cd25c85aa571567dce10dae3" ]
1857 # FT: No PMKID in RSNIE
1858 tests += [ "30160100000fac040100000fac040100000fac0400000000" + ie_hex(ies, 54) ]
1859 # FT: Invalid FTIE
1860 tests += [ rsne + mde ]
1861 # FT: RIC IE(s) in the frame, but not included in protected IE count
1862 # FT: Failed to parse FT IEs
1863 tests += [ rsne + mde + fte + "3900" ]
1864 # FT: SNonce mismatch in FTIE
1865 tests += [ rsne + mde + "37520000" + 16*"00" + 32*"00" + 32*"00" ]
1866 # FT: ANonce mismatch in FTIE
1867 tests += [ rsne + mde + fte[0:40] + 32*"00" + fte[104:] ]
1868 # FT: No R0KH-ID subelem in FTIE
1869 tests += [ rsne + mde + "3752" + fte[4:168] ]
1870 # FT: R0KH-ID in FTIE did not match with the current R0KH-ID
1871 tests += [ rsne + mde + "3755" + fte[4:168] + "0301ff" ]
1872 # FT: No R1KH-ID subelem in FTIE
1873 tests += [ rsne + mde + "375e" + fte[4:168] + "030a" + "nas1.w1.fi".encode("hex") ]
1874 # FT: Unknown R1KH-ID used in ReassocReq
1875 tests += [ rsne + mde + "3766" + fte[4:168] + "030a" + "nas1.w1.fi".encode("hex") + "0106000000000000" ]
1876 # FT: PMKID in Reassoc Req did not match with the PMKR1Name derived from auth request
1877 tests += [ rsne[:-32] + 16*"00" + mde + fte ]
1878 # Invalid MIC in FTIE
1879 tests += [ rsne + mde + fte[0:8] + 16*"00" + fte[40:] ]
1880 for t in tests:
1881 hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + ies1 + t)
1882
1883 def test_ap_ft_reassoc_local_fail(dev, apdev):
1884 """WPA2-PSK-FT AP Reassociation Request frame and local failure"""
1885 ssid = "test-ft"
1886 passphrase="12345678"
1887
1888 params = ft_params1(ssid=ssid, passphrase=passphrase)
1889 hapd0 = hostapd.add_ap(apdev[0], params)
1890 params = ft_params2(ssid=ssid, passphrase=passphrase)
1891 hapd1 = hostapd.add_ap(apdev[1], params)
1892
1893 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1894 ieee80211w="1", scan_freq="2412")
1895 if dev[0].get_status_field('bssid') == hapd0.own_addr():
1896 hapd1ap = hapd0
1897 hapd2ap = hapd1
1898 else:
1899 hapd1ap = hapd1
1900 hapd2ap = hapd0
1901
1902 dev[0].scan_for_bss(hapd2ap.own_addr(), freq="2412")
1903 # FT: Failed to calculate MIC
1904 with fail_test(hapd2ap, 1, "wpa_ft_validate_reassoc"):
1905 dev[0].request("ROAM " + hapd2ap.own_addr())
1906 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
1907 dev[0].request("DISCONNECT")
1908 if ev is None:
1909 raise Exception("Association reject not seen")
Unnamed repository; edit this file 'description' to name the repository.