]>
git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_ap_ft.py
1 # Fast BSS Transition tests
2 # Copyright (c) 2013-2017, Jouni Malinen <j@w1.fi>
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
7 from remotehost
import remote_compatible
12 logger
= logging
.getLogger()
17 from utils
import HwsimSkip
, alloc_fail
, fail_test
, wait_fail_trigger
, skip_with_fips
, parse_ie
18 from wlantest
import Wlantest
19 from test_ap_psk
import check_mib
, find_wpas_process
, read_process_memory
, verify_not_present
, get_key_locations
22 params
= { "wpa": "2",
23 "wpa_key_mgmt": "FT-PSK",
24 "rsn_pairwise": "CCMP" }
28 params
= { "wpa": "3",
29 "wpa_key_mgmt": "WPA-PSK FT-PSK",
30 "wpa_pairwise": "TKIP",
31 "rsn_pairwise": "CCMP" }
34 def ft_params(rsn
=True, ssid
=None, passphrase
=None):
36 params
= ft_base_rsn()
38 params
= ft_base_mixed()
42 params
["wpa_passphrase"] = passphrase
44 params
["mobility_domain"] = "a1b2"
45 params
["r0_key_lifetime"] = "10000"
46 params
["pmk_r1_push"] = "1"
47 params
["reassociation_deadline"] = "1000"
50 def ft_params1a(rsn
=True, ssid
=None, passphrase
=None):
51 params
= ft_params(rsn
, ssid
, passphrase
)
52 params
['nas_identifier'] = "nas1.w1.fi"
53 params
['r1_key_holder'] = "000102030405"
56 def ft_params1(rsn
=True, ssid
=None, passphrase
=None, discovery
=False):
57 params
= ft_params1a(rsn
, ssid
, passphrase
)
59 params
['r0kh'] = "ff:ff:ff:ff:ff:ff * 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
60 params
['r1kh'] = "00:00:00:00:00:00 00:00:00:00:00:00 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
62 params
['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f",
63 "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f" ]
64 params
['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f"
67 def ft_params1_old_key(rsn
=True, ssid
=None, passphrase
=None):
68 params
= ft_params1a(rsn
, ssid
, passphrase
)
69 params
['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f",
70 "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f" ]
71 params
['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f"
74 def ft_params2a(rsn
=True, ssid
=None, passphrase
=None):
75 params
= ft_params(rsn
, ssid
, passphrase
)
76 params
['nas_identifier'] = "nas2.w1.fi"
77 params
['r1_key_holder'] = "000102030406"
80 def ft_params2(rsn
=True, ssid
=None, passphrase
=None, discovery
=False):
81 params
= ft_params2a(rsn
, ssid
, passphrase
)
83 params
['r0kh'] = "ff:ff:ff:ff:ff:ff * 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
84 params
['r1kh'] = "00:00:00:00:00:00 00:00:00:00:00:00 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
86 params
['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f",
87 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f" ]
88 params
['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"
91 def ft_params2_old_key(rsn
=True, ssid
=None, passphrase
=None):
92 params
= ft_params2a(rsn
, ssid
, passphrase
)
93 params
['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f",
94 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f" ]
95 params
['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f"
98 def ft_params1_r0kh_mismatch(rsn
=True, ssid
=None, passphrase
=None):
99 params
= ft_params(rsn
, ssid
, passphrase
)
100 params
['nas_identifier'] = "nas1.w1.fi"
101 params
['r1_key_holder'] = "000102030405"
102 params
['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f",
103 "12:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f" ]
104 params
['r1kh'] = "12:00:00:00:04:00 10:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f"
107 def ft_params2_incorrect_rrb_key(rsn
=True, ssid
=None, passphrase
=None):
108 params
= ft_params(rsn
, ssid
, passphrase
)
109 params
['nas_identifier'] = "nas2.w1.fi"
110 params
['r1_key_holder'] = "000102030406"
111 params
['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0ef1200102030405060708090a0b0c0d0ef1",
112 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0ef2000102030405060708090a0b0c0d0ef2" ]
113 params
['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0ef3300102030405060708090a0b0c0d0ef3"
116 def ft_params2_r0kh_mismatch(rsn
=True, ssid
=None, passphrase
=None):
117 params
= ft_params(rsn
, ssid
, passphrase
)
118 params
['nas_identifier'] = "nas2.w1.fi"
119 params
['r1_key_holder'] = "000102030406"
120 params
['r0kh'] = [ "12:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f",
121 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f" ]
122 params
['r1kh'] = "12:00:00:00:03:00 10:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"
125 def run_roams(dev
, apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=False,
126 sae
=False, eap
=False, fail_test
=False, roams
=1,
127 pairwise_cipher
="CCMP", group_cipher
="TKIP CCMP", ptk_rekey
="0",
128 test_connectivity
=True):
129 logger
.info("Connect to first AP")
131 dev
.connect(ssid
, key_mgmt
="FT-EAP", proto
="WPA2", ieee80211w
="1",
132 eap
="GPSK", identity
="gpsk user",
133 password
="abcdefghijklmnop0123456789abcdef",
135 pairwise
=pairwise_cipher
, group
=group_cipher
,
136 wpa_ptk_rekey
=ptk_rekey
)
142 dev
.connect(ssid
, psk
=passphrase
, key_mgmt
=key_mgmt
, proto
="WPA2",
143 ieee80211w
="1", scan_freq
="2412",
144 pairwise
=pairwise_cipher
, group
=group_cipher
,
145 wpa_ptk_rekey
=ptk_rekey
)
146 if dev
.get_status_field('bssid') == apdev
[0]['bssid']:
156 if test_connectivity
:
157 hwsim_utils
.test_connectivity(dev
, hapd1ap
)
159 dev
.scan_for_bss(ap2
['bssid'], freq
="2412")
161 for i
in range(0, roams
):
162 logger
.info("Roam to the second AP")
164 dev
.roam_over_ds(ap2
['bssid'], fail_test
=fail_test
)
166 dev
.roam(ap2
['bssid'], fail_test
=fail_test
)
169 if dev
.get_status_field('bssid') != ap2
['bssid']:
170 raise Exception("Did not connect to correct AP")
171 if (i
== 0 or i
== roams
- 1) and test_connectivity
:
172 hwsim_utils
.test_connectivity(dev
, hapd2ap
)
174 logger
.info("Roam back to the first AP")
176 dev
.roam_over_ds(ap1
['bssid'])
178 dev
.roam(ap1
['bssid'])
179 if dev
.get_status_field('bssid') != ap1
['bssid']:
180 raise Exception("Did not connect to correct AP")
181 if (i
== 0 or i
== roams
- 1) and test_connectivity
:
182 hwsim_utils
.test_connectivity(dev
, hapd1ap
)
184 def test_ap_ft(dev
, apdev
):
187 passphrase
="12345678"
189 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
190 hapd0
= hostapd
.add_ap(apdev
[0], params
)
191 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
192 hapd1
= hostapd
.add_ap(apdev
[1], params
)
194 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
195 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
196 raise Exception("Scan results missing RSN element info")
198 def test_ap_ft_old_key(dev
, apdev
):
199 """WPA2-PSK-FT AP (old key)"""
201 passphrase
="12345678"
203 params
= ft_params1_old_key(ssid
=ssid
, passphrase
=passphrase
)
204 hapd0
= hostapd
.add_ap(apdev
[0], params
)
205 params
= ft_params2_old_key(ssid
=ssid
, passphrase
=passphrase
)
206 hapd1
= hostapd
.add_ap(apdev
[1], params
)
208 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
210 def test_ap_ft_multi_akm(dev
, apdev
):
211 """WPA2-PSK-FT AP with non-FT AKMs enabled"""
213 passphrase
="12345678"
215 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
216 params
["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256"
217 hapd0
= hostapd
.add_ap(apdev
[0], params
)
218 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
219 params
["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256"
220 hapd1
= hostapd
.add_ap(apdev
[1], params
)
222 Wlantest
.setup(hapd0
)
225 wt
.add_passphrase(passphrase
)
227 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
228 if "[WPA2-PSK+FT/PSK+PSK-SHA256-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
229 raise Exception("Scan results missing RSN element info")
230 dev
[1].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
231 dev
[2].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK-SHA256",
234 def test_ap_ft_local_key_gen(dev
, apdev
):
235 """WPA2-PSK-FT AP with local key generation (without pull/push)"""
237 passphrase
="12345678"
239 params
= ft_params1a(ssid
=ssid
, passphrase
=passphrase
)
240 params
['ft_psk_generate_local'] = "1";
241 del params
['pmk_r1_push']
242 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
243 params
= ft_params2a(ssid
=ssid
, passphrase
=passphrase
)
244 params
['ft_psk_generate_local'] = "1";
245 del params
['pmk_r1_push']
246 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
248 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
249 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
250 raise Exception("Scan results missing RSN element info")
252 def test_ap_ft_many(dev
, apdev
):
253 """WPA2-PSK-FT AP multiple times"""
255 passphrase
="12345678"
257 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
258 hapd0
= hostapd
.add_ap(apdev
[0], params
)
259 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
260 hapd1
= hostapd
.add_ap(apdev
[1], params
)
262 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, roams
=50)
264 def test_ap_ft_mixed(dev
, apdev
):
265 """WPA2-PSK-FT mixed-mode AP"""
266 ssid
= "test-ft-mixed"
267 passphrase
="12345678"
269 params
= ft_params1(rsn
=False, ssid
=ssid
, passphrase
=passphrase
)
270 hapd
= hostapd
.add_ap(apdev
[0], params
)
271 key_mgmt
= hapd
.get_config()['key_mgmt']
272 vals
= key_mgmt
.split(' ')
273 if vals
[0] != "WPA-PSK" or vals
[1] != "FT-PSK":
274 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
275 params
= ft_params2(rsn
=False, ssid
=ssid
, passphrase
=passphrase
)
276 hapd1
= hostapd
.add_ap(apdev
[1], params
)
278 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
)
280 def test_ap_ft_pmf(dev
, apdev
):
281 """WPA2-PSK-FT AP with PMF"""
283 passphrase
="12345678"
285 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
286 params
["ieee80211w"] = "2"
287 hapd0
= hostapd
.add_ap(apdev
[0], params
)
288 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
289 params
["ieee80211w"] = "2"
290 hapd1
= hostapd
.add_ap(apdev
[1], params
)
292 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
294 def test_ap_ft_over_ds(dev
, apdev
):
295 """WPA2-PSK-FT AP over DS"""
297 passphrase
="12345678"
299 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
300 hapd0
= hostapd
.add_ap(apdev
[0], params
)
301 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
302 hapd1
= hostapd
.add_ap(apdev
[1], params
)
304 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
305 check_mib(dev
[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"),
306 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4") ])
308 def test_ap_ft_over_ds_disabled(dev
, apdev
):
309 """WPA2-PSK-FT AP over DS disabled"""
311 passphrase
="12345678"
313 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
314 params
['ft_over_ds'] = '0'
315 hapd0
= hostapd
.add_ap(apdev
[0], params
)
316 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
317 params
['ft_over_ds'] = '0'
318 hapd1
= hostapd
.add_ap(apdev
[1], params
)
320 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
323 def test_ap_ft_over_ds_many(dev
, apdev
):
324 """WPA2-PSK-FT AP over DS multiple times"""
326 passphrase
="12345678"
328 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
329 hapd0
= hostapd
.add_ap(apdev
[0], params
)
330 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
331 hapd1
= hostapd
.add_ap(apdev
[1], params
)
333 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
337 def test_ap_ft_over_ds_unknown_target(dev
, apdev
):
340 passphrase
="12345678"
342 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
343 hapd0
= hostapd
.add_ap(apdev
[0], params
)
345 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
347 dev
[0].roam_over_ds("02:11:22:33:44:55", fail_test
=True)
350 def test_ap_ft_over_ds_unexpected(dev
, apdev
):
351 """WPA2-PSK-FT AP over DS and unexpected response"""
353 passphrase
="12345678"
355 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
356 hapd0
= hostapd
.add_ap(apdev
[0], params
)
357 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
358 hapd1
= hostapd
.add_ap(apdev
[1], params
)
360 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
362 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
373 addr
= dev
[0].own_addr()
374 hapd1ap
.set("ext_mgmt_frame_handling", "1")
375 logger
.info("Foreign STA address")
379 msg
['sa'] = ap1
['bssid']
380 msg
['bssid'] = ap1
['bssid']
381 msg
['payload'] = binascii
.unhexlify("06021122334455660102030405060000")
384 logger
.info("No over-the-DS in progress")
385 msg
['payload'] = binascii
.unhexlify("0602" + addr
.replace(':', '') + "0102030405060000")
388 logger
.info("Non-zero status code")
389 msg
['payload'] = binascii
.unhexlify("0602" + addr
.replace(':', '') + "0102030405060100")
392 hapd1ap
.dump_monitor()
394 dev
[0].scan_for_bss(ap2
['bssid'], freq
="2412")
395 if "OK" not in dev
[0].request("FT_DS " + ap2
['bssid']):
396 raise Exception("FT_DS failed")
398 req
= hapd1ap
.mgmt_rx()
400 logger
.info("Foreign Target AP")
401 msg
['payload'] = binascii
.unhexlify("0602" + addr
.replace(':', '') + "0102030405060000")
404 addrs
= addr
.replace(':', '') + ap2
['bssid'].replace(':', '')
406 logger
.info("No IEs")
407 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "0000")
410 logger
.info("Invalid IEs (trigger parsing failure)")
411 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003700")
414 logger
.info("Too short MDIE")
415 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "000036021122")
418 logger
.info("Mobility domain mismatch")
419 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603112201")
422 logger
.info("No FTIE")
423 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201")
426 logger
.info("FTIE SNonce mismatch")
427 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "1000000000000000000000000000000000000000000000000000000000000001" + "030a6e6173322e77312e6669")
430 logger
.info("No R0KH-ID subelem in FTIE")
431 snonce
= binascii
.hexlify(req
['payload'][111:111+32])
432 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b20137520000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
)
435 logger
.info("No R0KH-ID subelem mismatch in FTIE")
436 snonce
= binascii
.hexlify(req
['payload'][111:111+32])
437 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
+ "030a11223344556677889900")
440 logger
.info("No R1KH-ID subelem in FTIE")
441 r0khid
= binascii
.hexlify(req
['payload'][145:145+10])
442 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
+ "030a" + r0khid
)
445 logger
.info("No RSNE")
446 r0khid
= binascii
.hexlify(req
['payload'][145:145+10])
447 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b20137660000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
+ "030a" + r0khid
+ "0106000102030405")
450 def test_ap_ft_pmf_over_ds(dev
, apdev
):
451 """WPA2-PSK-FT AP over DS with PMF"""
453 passphrase
="12345678"
455 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
456 params
["ieee80211w"] = "2"
457 hapd0
= hostapd
.add_ap(apdev
[0], params
)
458 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
459 params
["ieee80211w"] = "2"
460 hapd1
= hostapd
.add_ap(apdev
[1], params
)
462 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
464 def test_ap_ft_over_ds_pull(dev
, apdev
):
465 """WPA2-PSK-FT AP over DS (pull PMK)"""
467 passphrase
="12345678"
469 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
470 params
["pmk_r1_push"] = "0"
471 hapd0
= hostapd
.add_ap(apdev
[0], params
)
472 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
473 params
["pmk_r1_push"] = "0"
474 hapd1
= hostapd
.add_ap(apdev
[1], params
)
476 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
478 def test_ap_ft_over_ds_pull_old_key(dev
, apdev
):
479 """WPA2-PSK-FT AP over DS (pull PMK; old key)"""
481 passphrase
="12345678"
483 params
= ft_params1_old_key(ssid
=ssid
, passphrase
=passphrase
)
484 params
["pmk_r1_push"] = "0"
485 hapd0
= hostapd
.add_ap(apdev
[0], params
)
486 params
= ft_params2_old_key(ssid
=ssid
, passphrase
=passphrase
)
487 params
["pmk_r1_push"] = "0"
488 hapd1
= hostapd
.add_ap(apdev
[1], params
)
490 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
492 def test_ap_ft_sae(dev
, apdev
):
493 """WPA2-PSK-FT-SAE AP"""
494 if "SAE" not in dev
[0].get_capability("auth_alg"):
495 raise HwsimSkip("SAE not supported")
497 passphrase
="12345678"
499 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
500 params
['wpa_key_mgmt'] = "FT-SAE"
501 hapd0
= hostapd
.add_ap(apdev
[0], params
)
502 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
503 params
['wpa_key_mgmt'] = "FT-SAE"
504 hapd
= hostapd
.add_ap(apdev
[1], params
)
505 key_mgmt
= hapd
.get_config()['key_mgmt']
506 if key_mgmt
.split(' ')[0] != "FT-SAE":
507 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
509 dev
[0].request("SET sae_groups ")
510 run_roams(dev
[0], apdev
, hapd0
, hapd
, ssid
, passphrase
, sae
=True)
512 def test_ap_ft_sae_over_ds(dev
, apdev
):
513 """WPA2-PSK-FT-SAE AP over DS"""
514 if "SAE" not in dev
[0].get_capability("auth_alg"):
515 raise HwsimSkip("SAE not supported")
517 passphrase
="12345678"
519 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
520 params
['wpa_key_mgmt'] = "FT-SAE"
521 hapd0
= hostapd
.add_ap(apdev
[0], params
)
522 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
523 params
['wpa_key_mgmt'] = "FT-SAE"
524 hapd1
= hostapd
.add_ap(apdev
[1], params
)
526 dev
[0].request("SET sae_groups ")
527 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, sae
=True,
530 def generic_ap_ft_eap(dev
, apdev
, over_ds
=False, discovery
=False, roams
=1):
532 passphrase
="12345678"
534 radius
= hostapd
.radius_params()
535 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
, discovery
=discovery
)
536 params
['wpa_key_mgmt'] = "FT-EAP"
537 params
["ieee8021x"] = "1"
538 params
= dict(radius
.items() + params
.items())
539 hapd
= hostapd
.add_ap(apdev
[0], params
)
540 key_mgmt
= hapd
.get_config()['key_mgmt']
541 if key_mgmt
.split(' ')[0] != "FT-EAP":
542 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
543 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
, discovery
=discovery
)
544 params
['wpa_key_mgmt'] = "FT-EAP"
545 params
["ieee8021x"] = "1"
546 params
= dict(radius
.items() + params
.items())
547 hapd1
= hostapd
.add_ap(apdev
[1], params
)
549 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
, eap
=True,
550 over_ds
=over_ds
, roams
=roams
)
551 if "[WPA2-FT/EAP-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
552 raise Exception("Scan results missing RSN element info")
553 check_mib(dev
[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-3"),
554 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-3") ])
556 # Verify EAPOL reauthentication after FT protocol
557 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
561 ap
.request("EAPOL_REAUTH " + dev
[0].own_addr())
562 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout
=5)
564 raise Exception("EAP authentication did not start")
565 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout
=5)
567 raise Exception("EAP authentication did not succeed")
569 hwsim_utils
.test_connectivity(dev
[0], ap
)
571 def test_ap_ft_eap(dev
, apdev
):
573 generic_ap_ft_eap(dev
, apdev
)
575 def test_ap_ft_eap_over_ds(dev
, apdev
):
576 """WPA2-EAP-FT AP using over-the-DS"""
577 generic_ap_ft_eap(dev
, apdev
, over_ds
=True)
579 def test_ap_ft_eap_dis(dev
, apdev
):
580 """WPA2-EAP-FT AP with AP discovery"""
581 generic_ap_ft_eap(dev
, apdev
, discovery
=True)
583 def test_ap_ft_eap_dis_over_ds(dev
, apdev
):
584 """WPA2-EAP-FT AP with AP discovery and over-the-DS"""
585 generic_ap_ft_eap(dev
, apdev
, over_ds
=True, discovery
=True)
587 def test_ap_ft_eap_pull(dev
, apdev
):
588 """WPA2-EAP-FT AP (pull PMK)"""
590 passphrase
="12345678"
592 radius
= hostapd
.radius_params()
593 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
594 params
['wpa_key_mgmt'] = "FT-EAP"
595 params
["ieee8021x"] = "1"
596 params
["pmk_r1_push"] = "0"
597 params
= dict(radius
.items() + params
.items())
598 hapd
= hostapd
.add_ap(apdev
[0], params
)
599 key_mgmt
= hapd
.get_config()['key_mgmt']
600 if key_mgmt
.split(' ')[0] != "FT-EAP":
601 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
602 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
603 params
['wpa_key_mgmt'] = "FT-EAP"
604 params
["ieee8021x"] = "1"
605 params
["pmk_r1_push"] = "0"
606 params
= dict(radius
.items() + params
.items())
607 hapd1
= hostapd
.add_ap(apdev
[1], params
)
609 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
, eap
=True)
612 def test_ap_ft_mismatching_rrb_key_push(dev
, apdev
):
613 """WPA2-PSK-FT AP over DS with mismatching RRB key (push)"""
615 passphrase
="12345678"
617 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
618 params
["ieee80211w"] = "2"
619 hapd0
= hostapd
.add_ap(apdev
[0], params
)
620 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
621 params
["ieee80211w"] = "2"
622 hapd1
= hostapd
.add_ap(apdev
[1], params
)
624 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
628 def test_ap_ft_mismatching_rrb_key_pull(dev
, apdev
):
629 """WPA2-PSK-FT AP over DS with mismatching RRB key (pull)"""
631 passphrase
="12345678"
633 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
634 params
["pmk_r1_push"] = "0"
635 hapd0
= hostapd
.add_ap(apdev
[0], params
)
636 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
637 params
["pmk_r1_push"] = "0"
638 hapd1
= hostapd
.add_ap(apdev
[1], params
)
640 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
644 def test_ap_ft_mismatching_r0kh_id_pull(dev
, apdev
):
645 """WPA2-PSK-FT AP over DS with mismatching R0KH-ID (pull)"""
647 passphrase
="12345678"
649 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
650 params
["pmk_r1_push"] = "0"
651 params
["nas_identifier"] = "nas0.w1.fi"
652 hostapd
.add_ap(apdev
[0], params
)
653 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
656 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
657 params
["pmk_r1_push"] = "0"
658 hostapd
.add_ap(apdev
[1], params
)
660 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
661 dev
[0].roam_over_ds(apdev
[1]['bssid'], fail_test
=True)
664 def test_ap_ft_mismatching_rrb_r0kh_push(dev
, apdev
):
665 """WPA2-PSK-FT AP over DS with mismatching R0KH key (push)"""
667 passphrase
="12345678"
669 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
670 params
["ieee80211w"] = "2"
671 hapd0
= hostapd
.add_ap(apdev
[0], params
)
672 params
= ft_params2_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
673 params
["ieee80211w"] = "2"
674 hapd1
= hostapd
.add_ap(apdev
[1], params
)
676 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
680 def test_ap_ft_mismatching_rrb_r0kh_pull(dev
, apdev
):
681 """WPA2-PSK-FT AP over DS with mismatching R0KH key (pull)"""
683 passphrase
="12345678"
685 params
= ft_params1_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
686 params
["pmk_r1_push"] = "0"
687 hapd0
= hostapd
.add_ap(apdev
[0], params
)
688 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
689 params
["pmk_r1_push"] = "0"
690 hapd1
= hostapd
.add_ap(apdev
[1], params
)
692 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
695 def test_ap_ft_mismatching_rrb_key_push_eap(dev
, apdev
):
696 """WPA2-EAP-FT AP over DS with mismatching RRB key (push)"""
698 passphrase
="12345678"
700 radius
= hostapd
.radius_params()
701 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
702 params
["ieee80211w"] = "2";
703 params
['wpa_key_mgmt'] = "FT-EAP"
704 params
["ieee8021x"] = "1"
705 params
= dict(radius
.items() + params
.items())
706 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
707 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
708 params
["ieee80211w"] = "2";
709 params
['wpa_key_mgmt'] = "FT-EAP"
710 params
["ieee8021x"] = "1"
711 params
= dict(radius
.items() + params
.items())
712 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
714 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
715 fail_test
=True, eap
=True)
717 def test_ap_ft_mismatching_rrb_key_pull_eap(dev
, apdev
):
718 """WPA2-EAP-FT AP over DS with mismatching RRB key (pull)"""
720 passphrase
="12345678"
722 radius
= hostapd
.radius_params()
723 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
724 params
["pmk_r1_push"] = "0"
725 params
['wpa_key_mgmt'] = "FT-EAP"
726 params
["ieee8021x"] = "1"
727 params
= dict(radius
.items() + params
.items())
728 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
729 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
730 params
["pmk_r1_push"] = "0"
731 params
['wpa_key_mgmt'] = "FT-EAP"
732 params
["ieee8021x"] = "1"
733 params
= dict(radius
.items() + params
.items())
734 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
736 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
737 fail_test
=True, eap
=True)
739 def test_ap_ft_mismatching_r0kh_id_pull_eap(dev
, apdev
):
740 """WPA2-EAP-FT AP over DS with mismatching R0KH-ID (pull)"""
742 passphrase
="12345678"
744 radius
= hostapd
.radius_params()
745 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
746 params
["pmk_r1_push"] = "0"
747 params
["nas_identifier"] = "nas0.w1.fi"
748 params
['wpa_key_mgmt'] = "FT-EAP"
749 params
["ieee8021x"] = "1"
750 params
= dict(radius
.items() + params
.items())
751 hostapd
.add_ap(apdev
[0]['ifname'], params
)
752 dev
[0].connect(ssid
, key_mgmt
="FT-EAP", proto
="WPA2", ieee80211w
="1",
753 eap
="GPSK", identity
="gpsk user",
754 password
="abcdefghijklmnop0123456789abcdef",
757 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
758 params
["pmk_r1_push"] = "0"
759 params
['wpa_key_mgmt'] = "FT-EAP"
760 params
["ieee8021x"] = "1"
761 params
= dict(radius
.items() + params
.items())
762 hostapd
.add_ap(apdev
[1]['ifname'], params
)
764 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
765 dev
[0].roam_over_ds(apdev
[1]['bssid'], fail_test
=True)
767 def test_ap_ft_mismatching_rrb_r0kh_push_eap(dev
, apdev
):
768 """WPA2-EAP-FT AP over DS with mismatching R0KH key (push)"""
770 passphrase
="12345678"
772 radius
= hostapd
.radius_params()
773 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
774 params
["ieee80211w"] = "2";
775 params
['wpa_key_mgmt'] = "FT-EAP"
776 params
["ieee8021x"] = "1"
777 params
= dict(radius
.items() + params
.items())
778 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
779 params
= ft_params2_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
780 params
["ieee80211w"] = "2";
781 params
['wpa_key_mgmt'] = "FT-EAP"
782 params
["ieee8021x"] = "1"
783 params
= dict(radius
.items() + params
.items())
784 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
786 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
787 fail_test
=True, eap
=True)
789 def test_ap_ft_mismatching_rrb_r0kh_pull_eap(dev
, apdev
):
790 """WPA2-EAP-FT AP over DS with mismatching R0KH key (pull)"""
792 passphrase
="12345678"
794 radius
= hostapd
.radius_params()
795 params
= ft_params1_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
796 params
["pmk_r1_push"] = "0"
797 params
['wpa_key_mgmt'] = "FT-EAP"
798 params
["ieee8021x"] = "1"
799 params
= dict(radius
.items() + params
.items())
800 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
801 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
802 params
["pmk_r1_push"] = "0"
803 params
['wpa_key_mgmt'] = "FT-EAP"
804 params
["ieee8021x"] = "1"
805 params
= dict(radius
.items() + params
.items())
806 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
808 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
809 fail_test
=True, eap
=True)
811 def test_ap_ft_gtk_rekey(dev
, apdev
):
812 """WPA2-PSK-FT AP and GTK rekey"""
814 passphrase
="12345678"
816 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
817 params
['wpa_group_rekey'] = '1'
818 hapd
= hostapd
.add_ap(apdev
[0], params
)
820 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
821 ieee80211w
="1", scan_freq
="2412")
823 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
825 raise Exception("GTK rekey timed out after initial association")
826 hwsim_utils
.test_connectivity(dev
[0], hapd
)
828 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
829 params
['wpa_group_rekey'] = '1'
830 hapd1
= hostapd
.add_ap(apdev
[1], params
)
832 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
833 dev
[0].roam(apdev
[1]['bssid'])
834 if dev
[0].get_status_field('bssid') != apdev
[1]['bssid']:
835 raise Exception("Did not connect to correct AP")
836 hwsim_utils
.test_connectivity(dev
[0], hapd1
)
838 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
840 raise Exception("GTK rekey timed out after FT protocol")
841 hwsim_utils
.test_connectivity(dev
[0], hapd1
)
843 def test_ft_psk_key_lifetime_in_memory(dev
, apdev
, params
):
844 """WPA2-PSK-FT and key lifetime in memory"""
846 passphrase
="04c2726b4b8d5f1b4db9c07aa4d9e9d8f765cb5d25ec817e6cc4fcdd5255db0"
847 psk
= '93c90846ff67af9037ed83fb72b63dbeddaa81d47f926c20909b5886f1d9358d'
848 pmk
= binascii
.unhexlify(psk
)
849 p
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
850 hapd0
= hostapd
.add_ap(apdev
[0], p
)
851 p
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
852 hapd1
= hostapd
.add_ap(apdev
[1], p
)
854 pid
= find_wpas_process(dev
[0])
856 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
858 # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
859 # event has been delivered, so verify that wpa_supplicant has returned to
860 # eloop before reading process memory.
864 buf
= read_process_memory(pid
, pmk
)
866 dev
[0].request("DISCONNECT")
867 dev
[0].wait_disconnected()
874 with
open(os
.path
.join(params
['logdir'], 'log0'), 'r') as f
:
875 for l
in f
.readlines():
876 if "FT: PMK-R0 - hexdump" in l
:
877 val
= l
.strip().split(':')[3].replace(' ', '')
878 pmkr0
= binascii
.unhexlify(val
)
879 if "FT: PMK-R1 - hexdump" in l
:
880 val
= l
.strip().split(':')[3].replace(' ', '')
881 pmkr1
= binascii
.unhexlify(val
)
882 if "FT: KCK - hexdump" in l
:
883 val
= l
.strip().split(':')[3].replace(' ', '')
884 kck
= binascii
.unhexlify(val
)
885 if "FT: KEK - hexdump" in l
:
886 val
= l
.strip().split(':')[3].replace(' ', '')
887 kek
= binascii
.unhexlify(val
)
888 if "FT: TK - hexdump" in l
:
889 val
= l
.strip().split(':')[3].replace(' ', '')
890 tk
= binascii
.unhexlify(val
)
891 if "WPA: Group Key - hexdump" in l
:
892 val
= l
.strip().split(':')[3].replace(' ', '')
893 gtk
= binascii
.unhexlify(val
)
894 if not pmkr0
or not pmkr1
or not kck
or not kek
or not tk
or not gtk
:
895 raise Exception("Could not find keys from debug log")
897 raise Exception("Unexpected GTK length")
899 logger
.info("Checking keys in memory while associated")
900 get_key_locations(buf
, pmk
, "PMK")
901 get_key_locations(buf
, pmkr0
, "PMK-R0")
902 get_key_locations(buf
, pmkr1
, "PMK-R1")
904 raise HwsimSkip("PMK not found while associated")
906 raise HwsimSkip("PMK-R0 not found while associated")
908 raise HwsimSkip("PMK-R1 not found while associated")
910 raise Exception("KCK not found while associated")
912 raise Exception("KEK not found while associated")
914 raise Exception("TK found from memory")
916 get_key_locations(buf
, gtk
, "GTK")
917 raise Exception("GTK found from memory")
919 logger
.info("Checking keys in memory after disassociation")
920 buf
= read_process_memory(pid
, pmk
)
921 get_key_locations(buf
, pmk
, "PMK")
922 get_key_locations(buf
, pmkr0
, "PMK-R0")
923 get_key_locations(buf
, pmkr1
, "PMK-R1")
925 # Note: PMK/PSK is still present in network configuration
927 fname
= os
.path
.join(params
['logdir'],
928 'ft_psk_key_lifetime_in_memory.memctx-')
929 verify_not_present(buf
, pmkr0
, fname
, "PMK-R0")
930 verify_not_present(buf
, pmkr1
, fname
, "PMK-R1")
931 verify_not_present(buf
, kck
, fname
, "KCK")
932 verify_not_present(buf
, kek
, fname
, "KEK")
933 verify_not_present(buf
, tk
, fname
, "TK")
934 verify_not_present(buf
, gtk
, fname
, "GTK")
936 dev
[0].request("REMOVE_NETWORK all")
938 logger
.info("Checking keys in memory after network profile removal")
939 buf
= read_process_memory(pid
, pmk
)
940 get_key_locations(buf
, pmk
, "PMK")
941 get_key_locations(buf
, pmkr0
, "PMK-R0")
942 get_key_locations(buf
, pmkr1
, "PMK-R1")
944 verify_not_present(buf
, pmk
, fname
, "PMK")
945 verify_not_present(buf
, pmkr0
, fname
, "PMK-R0")
946 verify_not_present(buf
, pmkr1
, fname
, "PMK-R1")
947 verify_not_present(buf
, kck
, fname
, "KCK")
948 verify_not_present(buf
, kek
, fname
, "KEK")
949 verify_not_present(buf
, tk
, fname
, "TK")
950 verify_not_present(buf
, gtk
, fname
, "GTK")
953 def test_ap_ft_invalid_resp(dev
, apdev
):
954 """WPA2-PSK-FT AP and invalid response IEs"""
956 passphrase
="12345678"
958 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
959 hapd0
= hostapd
.add_ap(apdev
[0], params
)
960 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
963 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
964 hapd1
= hostapd
.add_ap(apdev
[1], params
)
967 # Various IEs for test coverage. The last one is FTIE with invalid
968 # R1KH-ID subelement.
969 "020002000000" + "3800" + "38051122334455" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010100",
970 # FTIE with invalid R0KH-ID subelement (len=0).
971 "020002000000" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010300",
972 # FTIE with invalid R0KH-ID subelement (len=49).
973 "020002000000" + "378500010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001033101020304050607080910111213141516171819202122232425262728293031323334353637383940414243444546474849",
975 "020002000000" + "3000",
976 # Required IEs missing from protected IE count.
977 "020002000000" + "3603a1b201" + "375200010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
978 # RIC missing from protected IE count.
979 "020002000000" + "3603a1b201" + "375200020203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
980 # Protected IE missing.
981 "020002000000" + "3603a1b201" + "375200ff0203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900" + "0000" ]
983 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
984 hapd1
.set("ext_mgmt_frame_handling", "1")
986 if "OK" not in dev
[0].request("ROAM " + apdev
[1]['bssid']):
987 raise Exception("ROAM failed")
990 msg
= hapd1
.mgmt_rx()
991 if msg
['subtype'] == 11:
995 raise Exception("Authentication frame not seen")
998 resp
['fc'] = auth
['fc']
999 resp
['da'] = auth
['sa']
1000 resp
['sa'] = auth
['da']
1001 resp
['bssid'] = auth
['bssid']
1002 resp
['payload'] = binascii
.unhexlify(t
)
1004 hapd1
.set("ext_mgmt_frame_handling", "0")
1005 dev
[0].wait_disconnected()
1007 dev
[0].request("RECONNECT")
1008 dev
[0].wait_connected()
1010 def test_ap_ft_gcmp_256(dev
, apdev
):
1011 """WPA2-PSK-FT AP with GCMP-256 cipher"""
1012 if "GCMP-256" not in dev
[0].get_capability("pairwise"):
1013 raise HwsimSkip("Cipher GCMP-256 not supported")
1015 passphrase
="12345678"
1017 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1018 params
['rsn_pairwise'] = "GCMP-256"
1019 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1020 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1021 params
['rsn_pairwise'] = "GCMP-256"
1022 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1024 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
,
1025 pairwise_cipher
="GCMP-256", group_cipher
="GCMP-256")
1027 def test_ap_ft_oom(dev
, apdev
):
1028 """WPA2-PSK-FT and OOM"""
1029 skip_with_fips(dev
[0])
1031 passphrase
="12345678"
1033 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1034 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1035 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1036 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1038 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1040 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
1041 dst
= apdev
[1]['bssid']
1043 dst
= apdev
[0]['bssid']
1045 dev
[0].scan_for_bss(dst
, freq
="2412")
1046 with
alloc_fail(dev
[0], 1, "wpa_ft_gen_req_ies"):
1048 with
fail_test(dev
[0], 1, "wpa_ft_mic"):
1049 dev
[0].roam(dst
, fail_test
=True)
1050 with
fail_test(dev
[0], 1, "os_get_random;wpa_ft_prepare_auth_request"):
1051 dev
[0].roam(dst
, fail_test
=True)
1053 dev
[0].request("REMOVE_NETWORK all")
1054 with
alloc_fail(dev
[0], 1, "=sme_update_ft_ies"):
1055 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1058 def test_ap_ft_ap_oom(dev
, apdev
):
1059 """WPA2-PSK-FT and AP OOM"""
1061 passphrase
="12345678"
1063 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1064 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1065 bssid0
= hapd0
.own_addr()
1067 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1068 with
alloc_fail(hapd0
, 1, "wpa_ft_store_pmk_r0"):
1069 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1072 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1073 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1074 bssid1
= hapd1
.own_addr()
1075 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1076 # This roam will fail due to missing PMK-R0 (OOM prevented storing it)
1079 def test_ap_ft_ap_oom2(dev
, apdev
):
1080 """WPA2-PSK-FT and AP OOM 2"""
1082 passphrase
="12345678"
1084 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1085 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1086 bssid0
= hapd0
.own_addr()
1088 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1089 with
alloc_fail(hapd0
, 1, "wpa_ft_store_pmk_r1"):
1090 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1093 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1094 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1095 bssid1
= hapd1
.own_addr()
1096 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1098 if dev
[0].get_status_field('bssid') != bssid1
:
1099 raise Exception("Did not roam to AP1")
1100 # This roam will fail due to missing PMK-R1 (OOM prevented storing it)
1103 def test_ap_ft_ap_oom3(dev
, apdev
):
1104 """WPA2-PSK-FT and AP OOM 3"""
1106 passphrase
="12345678"
1108 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1109 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1110 bssid0
= hapd0
.own_addr()
1112 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1113 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1116 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1117 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1118 bssid1
= hapd1
.own_addr()
1119 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1120 with
alloc_fail(hapd1
, 1, "wpa_ft_pull_pmk_r1"):
1121 # This will fail due to not being able to send out PMK-R1 pull request
1124 with
fail_test(hapd1
, 2, "os_get_random;wpa_ft_pull_pmk_r1"):
1125 # This will fail due to not being able to send out PMK-R1 pull request
1128 with
fail_test(hapd1
, 2, "aes_siv_encrypt;wpa_ft_pull_pmk_r1"):
1129 # This will fail due to not being able to send out PMK-R1 pull request
1132 def test_ap_ft_ap_oom3b(dev
, apdev
):
1133 """WPA2-PSK-FT and AP OOM 3b"""
1135 passphrase
="12345678"
1137 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1138 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1139 bssid0
= hapd0
.own_addr()
1141 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1142 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1145 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1146 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1147 bssid1
= hapd1
.own_addr()
1148 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1149 with
fail_test(hapd1
, 1, "os_get_random;wpa_ft_pull_pmk_r1"):
1150 # This will fail due to not being able to send out PMK-R1 pull request
1153 def test_ap_ft_ap_oom4(dev
, apdev
):
1154 """WPA2-PSK-FT and AP OOM 4"""
1156 passphrase
="12345678"
1158 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1159 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1160 bssid0
= hapd0
.own_addr()
1162 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1163 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1166 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1167 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1168 bssid1
= hapd1
.own_addr()
1169 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1170 with
alloc_fail(hapd1
, 1, "wpa_ft_gtk_subelem"):
1172 if dev
[0].get_status_field('bssid') != bssid1
:
1173 raise Exception("Did not roam to AP1")
1175 with
fail_test(hapd0
, 1, "wpa_auth_get_seqnum;wpa_ft_gtk_subelem"):
1177 if dev
[0].get_status_field('bssid') != bssid0
:
1178 raise Exception("Did not roam to AP0")
1180 with
fail_test(hapd0
, 1, "aes_wrap;wpa_ft_gtk_subelem"):
1182 if dev
[0].get_status_field('bssid') != bssid1
:
1183 raise Exception("Did not roam to AP1")
1185 def test_ap_ft_ap_oom5(dev
, apdev
):
1186 """WPA2-PSK-FT and AP OOM 5"""
1188 passphrase
="12345678"
1190 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1191 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1192 bssid0
= hapd0
.own_addr()
1194 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1195 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1198 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1199 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1200 bssid1
= hapd1
.own_addr()
1201 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1202 with
alloc_fail(hapd1
, 1, "=wpa_ft_process_auth_req"):
1203 # This will fail to roam
1206 with
fail_test(hapd1
, 1, "os_get_random;wpa_ft_process_auth_req"):
1207 # This will fail to roam
1210 with
fail_test(hapd1
, 1, "sha256_prf_bits;wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
1211 # This will fail to roam
1214 with
fail_test(hapd1
, 3, "wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
1215 # This will fail to roam
1218 with
fail_test(hapd1
, 1, "wpa_derive_pmk_r1_name;wpa_ft_process_auth_req"):
1219 # This will fail to roam
1222 def test_ap_ft_ap_oom6(dev
, apdev
):
1223 """WPA2-PSK-FT and AP OOM 6"""
1225 passphrase
="12345678"
1227 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1228 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1229 bssid0
= hapd0
.own_addr()
1231 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1232 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r0;wpa_auth_derive_ptk_ft"):
1233 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1235 dev
[0].request("REMOVE_NETWORK all")
1236 dev
[0].wait_disconnected()
1237 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r1;wpa_auth_derive_ptk_ft"):
1238 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1240 dev
[0].request("REMOVE_NETWORK all")
1241 dev
[0].wait_disconnected()
1242 with
fail_test(hapd0
, 1, "wpa_pmk_r1_to_ptk;wpa_auth_derive_ptk_ft"):
1243 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1246 def test_ap_ft_ap_oom7(dev
, apdev
):
1247 """WPA2-PSK-FT and AP OOM 7"""
1249 passphrase
="12345678"
1251 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1252 params
["ieee80211w"] = "2"
1253 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1254 bssid0
= hapd0
.own_addr()
1256 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1257 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1258 ieee80211w
="2", scan_freq
="2412")
1260 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1261 params
["ieee80211w"] = "2"
1262 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1263 bssid1
= hapd1
.own_addr()
1264 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1265 with
alloc_fail(hapd1
, 1, "wpa_ft_igtk_subelem"):
1266 # This will fail to roam
1268 with
fail_test(hapd1
, 1, "aes_wrap;wpa_ft_igtk_subelem"):
1269 # This will fail to roam
1271 with
alloc_fail(hapd1
, 1, "=wpa_sm_write_assoc_resp_ies"):
1272 # This will fail to roam
1274 with
fail_test(hapd1
, 1, "wpa_ft_mic;wpa_sm_write_assoc_resp_ies"):
1275 # This will fail to roam
1278 def test_ap_ft_ap_oom8(dev
, apdev
):
1279 """WPA2-PSK-FT and AP OOM 8"""
1281 passphrase
="12345678"
1283 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1284 params
['ft_psk_generate_local'] = "1";
1285 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1286 bssid0
= hapd0
.own_addr()
1288 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1289 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1292 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1293 params
['ft_psk_generate_local'] = "1";
1294 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1295 bssid1
= hapd1
.own_addr()
1296 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1297 with
fail_test(hapd1
, 1, "wpa_derive_pmk_r0;wpa_ft_psk_pmk_r1"):
1298 # This will fail to roam
1300 with
fail_test(hapd1
, 1, "wpa_derive_pmk_r1;wpa_ft_psk_pmk_r1"):
1301 # This will fail to roam
1304 def test_ap_ft_ap_oom9(dev
, apdev
):
1305 """WPA2-PSK-FT and AP OOM 9"""
1307 passphrase
="12345678"
1309 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1310 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1311 bssid0
= hapd0
.own_addr()
1313 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1314 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1317 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1318 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1319 bssid1
= hapd1
.own_addr()
1320 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1322 with
alloc_fail(hapd0
, 1, "wpa_ft_action_rx"):
1323 # This will fail to roam
1324 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1325 raise Exception("FT_DS failed")
1326 wait_fail_trigger(hapd0
, "GET_ALLOC_FAIL")
1328 with
alloc_fail(hapd1
, 1, "wpa_ft_rrb_rx_request"):
1329 # This will fail to roam
1330 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1331 raise Exception("FT_DS failed")
1332 wait_fail_trigger(hapd1
, "GET_ALLOC_FAIL")
1334 with
alloc_fail(hapd1
, 1, "wpa_ft_send_rrb_auth_resp"):
1335 # This will fail to roam
1336 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1337 raise Exception("FT_DS failed")
1338 wait_fail_trigger(hapd1
, "GET_ALLOC_FAIL")
1340 def test_ap_ft_ap_oom10(dev
, apdev
):
1341 """WPA2-PSK-FT and AP OOM 10"""
1343 passphrase
="12345678"
1345 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1346 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1347 bssid0
= hapd0
.own_addr()
1349 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1350 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1353 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1354 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1355 bssid1
= hapd1
.own_addr()
1356 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1358 with
fail_test(hapd0
, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_pull"):
1359 # This will fail to roam
1360 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1361 raise Exception("FT_DS failed")
1362 wait_fail_trigger(hapd0
, "GET_FAIL")
1364 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r1;wpa_ft_rrb_rx_pull"):
1365 # This will fail to roam
1366 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1367 raise Exception("FT_DS failed")
1368 wait_fail_trigger(hapd0
, "GET_FAIL")
1370 with
fail_test(hapd0
, 1, "aes_siv_encrypt;wpa_ft_rrb_rx_pull"):
1371 # This will fail to roam
1372 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1373 raise Exception("FT_DS failed")
1374 wait_fail_trigger(hapd0
, "GET_FAIL")
1376 with
fail_test(hapd1
, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_resp"):
1377 # This will fail to roam
1378 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1379 raise Exception("FT_DS failed")
1380 wait_fail_trigger(hapd1
, "GET_FAIL")
1382 def test_ap_ft_ap_oom11(dev
, apdev
):
1383 """WPA2-PSK-FT and AP OOM 11"""
1385 passphrase
="12345678"
1387 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1388 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1389 bssid0
= hapd0
.own_addr()
1391 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1392 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r1;wpa_ft_generate_pmk_r1"):
1393 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1395 wait_fail_trigger(hapd0
, "GET_FAIL")
1397 dev
[1].scan_for_bss(bssid0
, freq
="2412")
1398 with
fail_test(hapd0
, 1, "aes_siv_encrypt;wpa_ft_generate_pmk_r1"):
1399 dev
[1].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1401 wait_fail_trigger(hapd0
, "GET_FAIL")
1403 def test_ap_ft_over_ds_proto_ap(dev
, apdev
):
1404 """WPA2-PSK-FT AP over DS protocol testing for AP processing"""
1406 passphrase
="12345678"
1408 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1409 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1410 bssid0
= hapd0
.own_addr()
1411 _bssid0
= bssid0
.replace(':', '')
1412 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1414 addr
= dev
[0].own_addr()
1415 _addr
= addr
.replace(':', '')
1417 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1418 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1419 bssid1
= hapd1
.own_addr()
1420 _bssid1
= bssid1
.replace(':', '')
1422 hapd0
.set("ext_mgmt_frame_handling", "1")
1423 hdr
= "d0003a01" + _bssid0
+ _addr
+ _bssid0
+ "1000"
1424 valid
= "0601" + _addr
+ _bssid1
1427 "0601" + _addr
+ _bssid0
,
1428 "0601" + _addr
+ "ffffffffffff",
1429 "0601" + _bssid0
+ _bssid0
,
1434 valid
+ "3603ffffff",
1435 valid
+ "3603a1b2ff",
1436 valid
+ "3603a1b2ff" + "3700",
1437 valid
+ "3603a1b2ff" + "37520000" + 16*"00" + 32*"00" + 32*"00",
1438 valid
+ "3603a1b2ff" + "37520001" + 16*"00" + 32*"00" + 32*"00",
1439 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa",
1440 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "3000",
1441 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000facff00000100a225368fe0983b5828a37a0acb37f253",
1442 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac030100000fac0400000100a225368fe0983b5828a37a0acb37f253",
1443 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000fac0400000100a225368fe0983b5828a37a0acb37f253",
1446 hapd0
.dump_monitor()
1447 if "OK" not in hapd0
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr
+ t
):
1448 raise Exception("MGMT_RX_PROCESS failed")
1450 hapd0
.set("ext_mgmt_frame_handling", "0")
1452 def test_ap_ft_over_ds_proto(dev
, apdev
):
1453 """WPA2-PSK-FT AP over DS protocol testing"""
1455 passphrase
="12345678"
1457 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1458 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1459 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1462 # FT Action Response while no FT-over-DS in progress
1465 msg
['da'] = dev
[0].own_addr()
1466 msg
['sa'] = apdev
[0]['bssid']
1467 msg
['bssid'] = apdev
[0]['bssid']
1468 msg
['payload'] = binascii
.unhexlify("06020200000000000200000004000000")
1471 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1472 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1473 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
1474 hapd0
.set("ext_mgmt_frame_handling", "1")
1475 hapd0
.dump_monitor()
1476 dev
[0].request("FT_DS " + apdev
[1]['bssid'])
1477 for i
in range(0, 10):
1478 req
= hapd0
.mgmt_rx()
1480 raise Exception("MGMT RX wait timed out")
1481 if req
['subtype'] == 13:
1485 raise Exception("FT Action frame not received")
1487 # FT Action Response for unexpected Target AP
1488 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "f20000000400" + "0000")
1491 # FT Action Response without MDIE
1492 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "020000000400" + "0000")
1495 # FT Action Response without FTIE
1496 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201")
1499 # FT Action Response with FTIE SNonce mismatch
1500 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201" + "3766000000000000000000000000000000000000c4e67ac1999bebd00ff4ae4d5dcaf87896bb060b469f7c78d49623fb395c3455ffffff6b693fe6f8d8c5dfac0a22344750775bd09437f98b238c9f87b97f790c0106000102030406030a6e6173312e77312e6669")
1504 def test_ap_ft_rrb(dev
, apdev
):
1505 """WPA2-PSK-FT RRB protocol testing"""
1507 passphrase
="12345678"
1509 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1510 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1512 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1515 _dst_ll
= binascii
.unhexlify(apdev
[0]['bssid'].replace(':',''))
1516 _src_ll
= binascii
.unhexlify(dev
[0].own_addr().replace(':',''))
1518 ehdr
= _dst_ll
+ _src_ll
+ proto
1520 # Too short RRB frame
1522 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1523 raise Exception("DATA_TEST_FRAME failed")
1525 # RRB discarded frame wikth unrecognized type
1526 pkt
= ehdr
+ '\x02' + '\x02' + '\x01\x00' + _src_ll
1527 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1528 raise Exception("DATA_TEST_FRAME failed")
1530 # RRB frame too short for action frame
1531 pkt
= ehdr
+ '\x01' + '\x02' + '\x01\x00' + _src_ll
1532 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1533 raise Exception("DATA_TEST_FRAME failed")
1535 # Too short RRB frame (not enough room for Action Frame body)
1536 pkt
= ehdr
+ '\x01' + '\x02' + '\x00\x00' + _src_ll
1537 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1538 raise Exception("DATA_TEST_FRAME failed")
1540 # Unexpected Action frame category
1541 pkt
= ehdr
+ '\x01' + '\x02' + '\x0e\x00' + _src_ll
+ '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1542 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1543 raise Exception("DATA_TEST_FRAME failed")
1545 # Unexpected Action in RRB Request
1546 pkt
= ehdr
+ '\x01' + '\x00' + '\x0e\x00' + _src_ll
+ '\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1547 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1548 raise Exception("DATA_TEST_FRAME failed")
1550 # Target AP address in RRB Request does not match with own address
1551 pkt
= ehdr
+ '\x01' + '\x00' + '\x0e\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1552 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1553 raise Exception("DATA_TEST_FRAME failed")
1555 # Not enough room for status code in RRB Response
1556 pkt
= ehdr
+ '\x01' + '\x01' + '\x0e\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1557 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1558 raise Exception("DATA_TEST_FRAME failed")
1560 # RRB discarded frame with unknown packet_type
1561 pkt
= ehdr
+ '\x01' + '\x02' + '\x0e\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1562 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1563 raise Exception("DATA_TEST_FRAME failed")
1565 # RRB Response with non-zero status code; no STA match
1566 pkt
= ehdr
+ '\x01' + '\x01' + '\x10\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + '\xff\xff'
1567 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1568 raise Exception("DATA_TEST_FRAME failed")
1570 # RRB Response with zero status code and extra data; STA match
1571 pkt
= ehdr
+ '\x01' + '\x01' + '\x11\x00' + _src_ll
+ '\x06\x01' + _src_ll
+ '\x00\x00\x00\x00\x00\x00' + '\x00\x00' + '\x00'
1572 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1573 raise Exception("DATA_TEST_FRAME failed")
1575 # Too short PMK-R1 pull
1576 pkt
= ehdr
+ '\x01' + '\xc8' + '\x0e\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1577 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1578 raise Exception("DATA_TEST_FRAME failed")
1580 # Too short PMK-R1 resp
1581 pkt
= ehdr
+ '\x01' + '\xc9' + '\x0e\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1582 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1583 raise Exception("DATA_TEST_FRAME failed")
1585 # Too short PMK-R1 push
1586 pkt
= ehdr
+ '\x01' + '\xca' + '\x0e\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1587 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1588 raise Exception("DATA_TEST_FRAME failed")
1590 # No matching R0KH address found for PMK-R0 pull response
1591 pkt
= ehdr
+ '\x01' + '\xc9' + '\x5a\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + 76*'\00'
1592 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1593 raise Exception("DATA_TEST_FRAME failed")
1596 def test_rsn_ie_proto_ft_psk_sta(dev
, apdev
):
1597 """RSN element protocol testing for FT-PSK + PMF cases on STA side"""
1598 bssid
= apdev
[0]['bssid']
1600 passphrase
="12345678"
1602 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1603 params
["ieee80211w"] = "1"
1604 # This is the RSN element used normally by hostapd
1605 params
['own_ie_override'] = '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'
1606 hapd
= hostapd
.add_ap(apdev
[0], params
)
1607 id = dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1608 ieee80211w
="1", scan_freq
="2412",
1609 pairwise
="CCMP", group
="CCMP")
1611 tests
= [ ('PMKIDCount field included',
1612 '30160100000fac040100000fac040100000fac048c000000' + '3603a1b201'),
1613 ('Extra IE before RSNE',
1614 'dd0400000000' + '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'),
1615 ('PMKIDCount and Group Management Cipher suite fields included',
1616 '301a0100000fac040100000fac040100000fac048c000000000fac06' + '3603a1b201'),
1617 ('Extra octet after defined fields (future extensibility)',
1618 '301b0100000fac040100000fac040100000fac048c000000000fac0600' + '3603a1b201'),
1619 ('No RSN Capabilities field (PMF disabled in practice)',
1620 '30120100000fac040100000fac040100000fac04' + '3603a1b201') ]
1621 for txt
,ie
in tests
:
1622 dev
[0].request("DISCONNECT")
1623 dev
[0].wait_disconnected()
1626 hapd
.set('own_ie_override', ie
)
1628 dev
[0].request("BSS_FLUSH 0")
1629 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
1630 dev
[0].select_network(id, freq
=2412)
1631 dev
[0].wait_connected()
1633 dev
[0].request("DISCONNECT")
1634 dev
[0].wait_disconnected()
1636 logger
.info('Invalid RSNE causing internal hostapd error')
1638 hapd
.set('own_ie_override', '30130100000fac040100000fac040100000fac048c' + '3603a1b201')
1640 dev
[0].request("BSS_FLUSH 0")
1641 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
1642 dev
[0].select_network(id, freq
=2412)
1643 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
1645 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=1)
1647 raise Exception("Unexpected connection")
1648 dev
[0].request("DISCONNECT")
1650 logger
.info('Unexpected PMKID causing internal hostapd error')
1652 hapd
.set('own_ie_override', '30260100000fac040100000fac040100000fac048c000100ffffffffffffffffffffffffffffffff' + '3603a1b201')
1654 dev
[0].request("BSS_FLUSH 0")
1655 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
1656 dev
[0].select_network(id, freq
=2412)
1657 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
1659 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=1)
1661 raise Exception("Unexpected connection")
1662 dev
[0].request("DISCONNECT")
1664 def test_ap_ft_ptk_rekey(dev
, apdev
):
1665 """WPA2-PSK-FT PTK rekeying triggered by station after roam"""
1667 passphrase
="12345678"
1669 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1670 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1671 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1672 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1674 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, ptk_rekey
="1")
1676 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECTED",
1677 "WPA: Key negotiation completed"], timeout
=5)
1679 raise Exception("No event received after roam")
1680 if "CTRL-EVENT-DISCONNECTED" in ev
:
1681 raise Exception("Unexpected disconnection after roam")
1683 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
1687 hwsim_utils
.test_connectivity(dev
[0], hapd
)
1689 def test_ap_ft_ptk_rekey_ap(dev
, apdev
):
1690 """WPA2-PSK-FT PTK rekeying triggered by AP after roam"""
1692 passphrase
="12345678"
1694 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1695 params
['wpa_ptk_rekey'] = '2'
1696 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1697 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1698 params
['wpa_ptk_rekey'] = '2'
1699 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1701 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
1703 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECTED",
1704 "WPA: Key negotiation completed"], timeout
=5)
1706 raise Exception("No event received after roam")
1707 if "CTRL-EVENT-DISCONNECTED" in ev
:
1708 raise Exception("Unexpected disconnection after roam")
1710 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
1714 hwsim_utils
.test_connectivity(dev
[0], hapd
)
1716 def test_ap_ft_internal_rrb_check(dev
, apdev
):
1717 """RRB internal delivery only to WPA enabled BSS"""
1719 passphrase
="12345678"
1721 radius
= hostapd
.radius_params()
1722 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1723 params
['wpa_key_mgmt'] = "FT-EAP"
1724 params
["ieee8021x"] = "1"
1725 params
= dict(radius
.items() + params
.items())
1726 hapd
= hostapd
.add_ap(apdev
[0], params
)
1727 key_mgmt
= hapd
.get_config()['key_mgmt']
1728 if key_mgmt
.split(' ')[0] != "FT-EAP":
1729 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
1731 hapd1
= hostapd
.add_ap(apdev
[1], { "ssid" : ssid
})
1733 # Connect to WPA enabled AP
1734 dev
[0].connect(ssid
, key_mgmt
="FT-EAP", proto
="WPA2", ieee80211w
="1",
1735 eap
="GPSK", identity
="gpsk user",
1736 password
="abcdefghijklmnop0123456789abcdef",
1739 # Try over_ds roaming to non-WPA-enabled AP.
1740 # If hostapd does not check hapd->wpa_auth internally, it will crash now.
1741 dev
[0].roam_over_ds(apdev
[1]['bssid'], fail_test
=True)
1743 def test_ap_ft_extra_ie(dev
, apdev
):
1744 """WPA2-PSK-FT AP with WPA2-PSK enabled and unexpected MDE"""
1746 passphrase
="12345678"
1748 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1749 params
["wpa_key_mgmt"] = "WPA-PSK FT-PSK"
1750 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1751 dev
[1].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1753 dev
[2].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK", proto
="WPA2",
1756 # Add Mobility Domain element to test AP validation code.
1757 dev
[0].request("VENDOR_ELEM_ADD 13 3603a1b201")
1758 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK", proto
="WPA2",
1759 scan_freq
="2412", wait_connect
=False)
1760 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED",
1761 "CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
1763 raise Exception("No connection result")
1764 if "CTRL-EVENT-CONNECTED" in ev
:
1765 raise Exception("Non-FT association accepted with MDE")
1766 if "status_code=43" not in ev
:
1767 raise Exception("Unexpected status code: " + ev
)
1768 dev
[0].request("DISCONNECT")
1770 dev
[0].request("VENDOR_ELEM_REMOVE 13 *")
1772 def test_ap_ft_ric(dev
, apdev
):
1773 """WPA2-PSK-FT AP and RIC"""
1775 passphrase
="12345678"
1777 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1778 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1779 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1780 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1782 dev
[0].set("ric_ies", "")
1783 dev
[0].set("ric_ies", '""')
1784 if "FAIL" not in dev
[0].request("SET ric_ies q"):
1785 raise Exception("Invalid ric_ies value accepted")
1790 "390400000000" + "390400000000",
1791 "390400000000" + "dd050050f20202",
1792 "390400000000" + "dd3d0050f2020201" + 55*"00",
1793 "390400000000" + "dd3d0050f2020201aa300010270000000000000000000000000000000000000000000000000000ffffff7f00000000000000000000000040420f00ffff0000",
1794 "390401010000" + "dd3d0050f2020201aa3000dc050000000000000000000000000000000000000000000000000000dc050000000000000000000000000000808d5b0028230000" ]
1796 dev
[0].set("ric_ies", t
)
1797 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
,
1798 test_connectivity
=False)
1799 dev
[0].request("REMOVE_NETWORK all")
1800 dev
[0].wait_disconnected()
1801 dev
[0].dump_monitor()
1803 def ie_hex(ies
, id):
1804 return binascii
.hexlify(struct
.pack('BB', id, len(ies
[id])) + ies
[id])
1806 def test_ap_ft_reassoc_proto(dev
, apdev
):
1807 """WPA2-PSK-FT AP Reassociation Request frame parsing"""
1809 passphrase
="12345678"
1811 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1812 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1813 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1814 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1816 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1817 ieee80211w
="1", scan_freq
="2412")
1818 if dev
[0].get_status_field('bssid') == hapd0
.own_addr():
1825 dev
[0].scan_for_bss(hapd2ap
.own_addr(), freq
="2412")
1826 hapd2ap
.set("ext_mgmt_frame_handling", "1")
1827 dev
[0].request("ROAM " + hapd2ap
.own_addr())
1830 req
= hapd2ap
.mgmt_rx()
1831 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']))
1832 if req
['subtype'] == 11:
1836 req
= hapd2ap
.mgmt_rx()
1837 if req
['subtype'] == 2:
1839 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']))
1841 # IEEE 802.11 header + fixed fields before IEs
1842 hdr
= binascii
.hexlify(req
['frame'][0:34])
1843 ies
= parse_ie(binascii
.hexlify(req
['frame'][34:]))
1844 # First elements: SSID, Supported Rates, Extended Supported Rates
1845 ies1
= ie_hex(ies
, 0) + ie_hex(ies
, 1) + ie_hex(ies
, 50)
1847 rsne
= ie_hex(ies
, 48)
1848 mde
= ie_hex(ies
, 54)
1849 fte
= ie_hex(ies
, 55)
1851 # RSN: Trying to use FT, but MDIE not included
1853 # RSN: Attempted to use unknown MDIE
1854 tests
+= [ rsne
+ "3603000000" ]
1855 # Invalid RSN pairwise cipher
1856 tests
+= [ "30260100000fac040100000fac030100000fac040000010029208a42cd25c85aa571567dce10dae3" ]
1857 # FT: No PMKID in RSNIE
1858 tests
+= [ "30160100000fac040100000fac040100000fac0400000000" + ie_hex(ies
, 54) ]
1860 tests
+= [ rsne
+ mde
]
1861 # FT: RIC IE(s) in the frame, but not included in protected IE count
1862 # FT: Failed to parse FT IEs
1863 tests
+= [ rsne
+ mde
+ fte
+ "3900" ]
1864 # FT: SNonce mismatch in FTIE
1865 tests
+= [ rsne
+ mde
+ "37520000" + 16*"00" + 32*"00" + 32*"00" ]
1866 # FT: ANonce mismatch in FTIE
1867 tests
+= [ rsne
+ mde
+ fte
[0:40] + 32*"00" + fte
[104:] ]
1868 # FT: No R0KH-ID subelem in FTIE
1869 tests
+= [ rsne
+ mde
+ "3752" + fte
[4:168] ]
1870 # FT: R0KH-ID in FTIE did not match with the current R0KH-ID
1871 tests
+= [ rsne
+ mde
+ "3755" + fte
[4:168] + "0301ff" ]
1872 # FT: No R1KH-ID subelem in FTIE
1873 tests
+= [ rsne
+ mde
+ "375e" + fte
[4:168] + "030a" + "nas1.w1.fi".encode("hex") ]
1874 # FT: Unknown R1KH-ID used in ReassocReq
1875 tests
+= [ rsne
+ mde
+ "3766" + fte
[4:168] + "030a" + "nas1.w1.fi".encode("hex") + "0106000000000000" ]
1876 # FT: PMKID in Reassoc Req did not match with the PMKR1Name derived from auth request
1877 tests
+= [ rsne
[:-32] + 16*"00" + mde
+ fte
]
1878 # Invalid MIC in FTIE
1879 tests
+= [ rsne
+ mde
+ fte
[0:8] + 16*"00" + fte
[40:] ]
1881 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr
+ ies1
+ t
)
1883 def test_ap_ft_reassoc_local_fail(dev
, apdev
):
1884 """WPA2-PSK-FT AP Reassociation Request frame and local failure"""
1886 passphrase
="12345678"
1888 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1889 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1890 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1891 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1893 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1894 ieee80211w
="1", scan_freq
="2412")
1895 if dev
[0].get_status_field('bssid') == hapd0
.own_addr():
1902 dev
[0].scan_for_bss(hapd2ap
.own_addr(), freq
="2412")
1903 # FT: Failed to calculate MIC
1904 with
fail_test(hapd2ap
, 1, "wpa_ft_validate_reassoc"):
1905 dev
[0].request("ROAM " + hapd2ap
.own_addr())
1906 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
1907 dev
[0].request("DISCONNECT")
1909 raise Exception("Association reject not seen")