]>
git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_ap_ft.py
1 # Fast BSS Transition tests
2 # Copyright (c) 2013-2017, Jouni Malinen <j@w1.fi>
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
7 from remotehost
import remote_compatible
12 logger
= logging
.getLogger()
17 from utils
import HwsimSkip
, alloc_fail
, fail_test
, wait_fail_trigger
, skip_with_fips
, parse_ie
18 from wlantest
import Wlantest
19 from test_ap_psk
import check_mib
, find_wpas_process
, read_process_memory
, verify_not_present
, get_key_locations
22 params
= { "wpa": "2",
23 "wpa_key_mgmt": "FT-PSK",
24 "rsn_pairwise": "CCMP" }
28 params
= { "wpa": "3",
29 "wpa_key_mgmt": "WPA-PSK FT-PSK",
30 "wpa_pairwise": "TKIP",
31 "rsn_pairwise": "CCMP" }
34 def ft_params(rsn
=True, ssid
=None, passphrase
=None):
36 params
= ft_base_rsn()
38 params
= ft_base_mixed()
42 params
["wpa_passphrase"] = passphrase
44 params
["mobility_domain"] = "a1b2"
45 params
["r0_key_lifetime"] = "10000"
46 params
["pmk_r1_push"] = "1"
47 params
["reassociation_deadline"] = "1000"
50 def ft_params1a(rsn
=True, ssid
=None, passphrase
=None):
51 params
= ft_params(rsn
, ssid
, passphrase
)
52 params
['nas_identifier'] = "nas1.w1.fi"
53 params
['r1_key_holder'] = "000102030405"
56 def ft_params1(rsn
=True, ssid
=None, passphrase
=None):
57 params
= ft_params1a(rsn
, ssid
, passphrase
)
58 params
['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f",
59 "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f" ]
60 params
['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f"
63 def ft_params2a(rsn
=True, ssid
=None, passphrase
=None):
64 params
= ft_params(rsn
, ssid
, passphrase
)
65 params
['nas_identifier'] = "nas2.w1.fi"
66 params
['r1_key_holder'] = "000102030406"
69 def ft_params2(rsn
=True, ssid
=None, passphrase
=None):
70 params
= ft_params2a(rsn
, ssid
, passphrase
)
71 params
['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f",
72 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f" ]
73 params
['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"
76 def ft_params1_r0kh_mismatch(rsn
=True, ssid
=None, passphrase
=None):
77 params
= ft_params(rsn
, ssid
, passphrase
)
78 params
['nas_identifier'] = "nas1.w1.fi"
79 params
['r1_key_holder'] = "000102030405"
80 params
['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f",
81 "12:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f" ]
82 params
['r1kh'] = "12:00:00:00:04:00 10:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f"
85 def ft_params2_incorrect_rrb_key(rsn
=True, ssid
=None, passphrase
=None):
86 params
= ft_params(rsn
, ssid
, passphrase
)
87 params
['nas_identifier'] = "nas2.w1.fi"
88 params
['r1_key_holder'] = "000102030406"
89 params
['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0ef1200102030405060708090a0b0c0d0ef1",
90 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0ef2000102030405060708090a0b0c0d0ef2" ]
91 params
['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0ef3300102030405060708090a0b0c0d0ef3"
94 def ft_params2_r0kh_mismatch(rsn
=True, ssid
=None, passphrase
=None):
95 params
= ft_params(rsn
, ssid
, passphrase
)
96 params
['nas_identifier'] = "nas2.w1.fi"
97 params
['r1_key_holder'] = "000102030406"
98 params
['r0kh'] = [ "12:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f",
99 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f" ]
100 params
['r1kh'] = "12:00:00:00:03:00 10:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"
103 def run_roams(dev
, apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=False,
104 sae
=False, eap
=False, fail_test
=False, roams
=1,
105 pairwise_cipher
="CCMP", group_cipher
="TKIP CCMP", ptk_rekey
="0",
106 test_connectivity
=True):
107 logger
.info("Connect to first AP")
109 dev
.connect(ssid
, key_mgmt
="FT-EAP", proto
="WPA2", ieee80211w
="1",
110 eap
="GPSK", identity
="gpsk user",
111 password
="abcdefghijklmnop0123456789abcdef",
113 pairwise
=pairwise_cipher
, group
=group_cipher
,
114 wpa_ptk_rekey
=ptk_rekey
)
120 dev
.connect(ssid
, psk
=passphrase
, key_mgmt
=key_mgmt
, proto
="WPA2",
121 ieee80211w
="1", scan_freq
="2412",
122 pairwise
=pairwise_cipher
, group
=group_cipher
,
123 wpa_ptk_rekey
=ptk_rekey
)
124 if dev
.get_status_field('bssid') == apdev
[0]['bssid']:
134 if test_connectivity
:
135 hwsim_utils
.test_connectivity(dev
, hapd1ap
)
137 dev
.scan_for_bss(ap2
['bssid'], freq
="2412")
139 for i
in range(0, roams
):
140 logger
.info("Roam to the second AP")
142 dev
.roam_over_ds(ap2
['bssid'], fail_test
=fail_test
)
144 dev
.roam(ap2
['bssid'], fail_test
=fail_test
)
147 if dev
.get_status_field('bssid') != ap2
['bssid']:
148 raise Exception("Did not connect to correct AP")
149 if (i
== 0 or i
== roams
- 1) and test_connectivity
:
150 hwsim_utils
.test_connectivity(dev
, hapd2ap
)
152 logger
.info("Roam back to the first AP")
154 dev
.roam_over_ds(ap1
['bssid'])
156 dev
.roam(ap1
['bssid'])
157 if dev
.get_status_field('bssid') != ap1
['bssid']:
158 raise Exception("Did not connect to correct AP")
159 if (i
== 0 or i
== roams
- 1) and test_connectivity
:
160 hwsim_utils
.test_connectivity(dev
, hapd1ap
)
162 def test_ap_ft(dev
, apdev
):
165 passphrase
="12345678"
167 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
168 hapd0
= hostapd
.add_ap(apdev
[0], params
)
169 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
170 hapd1
= hostapd
.add_ap(apdev
[1], params
)
172 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
173 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
174 raise Exception("Scan results missing RSN element info")
176 def test_ap_ft_multi_akm(dev
, apdev
):
177 """WPA2-PSK-FT AP with non-FT AKMs enabled"""
179 passphrase
="12345678"
181 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
182 params
["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256"
183 hapd0
= hostapd
.add_ap(apdev
[0], params
)
184 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
185 params
["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256"
186 hapd1
= hostapd
.add_ap(apdev
[1], params
)
188 Wlantest
.setup(hapd0
)
191 wt
.add_passphrase(passphrase
)
193 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
194 if "[WPA2-PSK+FT/PSK+PSK-SHA256-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
195 raise Exception("Scan results missing RSN element info")
196 dev
[1].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
197 dev
[2].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK-SHA256",
200 def test_ap_ft_local_key_gen(dev
, apdev
):
201 """WPA2-PSK-FT AP with local key generation (without pull/push)"""
203 passphrase
="12345678"
205 params
= ft_params1a(ssid
=ssid
, passphrase
=passphrase
)
206 params
['ft_psk_generate_local'] = "1";
207 del params
['pmk_r1_push']
208 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
209 params
= ft_params2a(ssid
=ssid
, passphrase
=passphrase
)
210 params
['ft_psk_generate_local'] = "1";
211 del params
['pmk_r1_push']
212 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
214 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
215 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
216 raise Exception("Scan results missing RSN element info")
218 def test_ap_ft_many(dev
, apdev
):
219 """WPA2-PSK-FT AP multiple times"""
221 passphrase
="12345678"
223 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
224 hapd0
= hostapd
.add_ap(apdev
[0], params
)
225 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
226 hapd1
= hostapd
.add_ap(apdev
[1], params
)
228 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, roams
=50)
230 def test_ap_ft_mixed(dev
, apdev
):
231 """WPA2-PSK-FT mixed-mode AP"""
232 ssid
= "test-ft-mixed"
233 passphrase
="12345678"
235 params
= ft_params1(rsn
=False, ssid
=ssid
, passphrase
=passphrase
)
236 hapd
= hostapd
.add_ap(apdev
[0], params
)
237 key_mgmt
= hapd
.get_config()['key_mgmt']
238 vals
= key_mgmt
.split(' ')
239 if vals
[0] != "WPA-PSK" or vals
[1] != "FT-PSK":
240 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
241 params
= ft_params2(rsn
=False, ssid
=ssid
, passphrase
=passphrase
)
242 hapd1
= hostapd
.add_ap(apdev
[1], params
)
244 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
)
246 def test_ap_ft_pmf(dev
, apdev
):
247 """WPA2-PSK-FT AP with PMF"""
249 passphrase
="12345678"
251 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
252 params
["ieee80211w"] = "2"
253 hapd0
= hostapd
.add_ap(apdev
[0], params
)
254 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
255 params
["ieee80211w"] = "2"
256 hapd1
= hostapd
.add_ap(apdev
[1], params
)
258 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
260 def test_ap_ft_over_ds(dev
, apdev
):
261 """WPA2-PSK-FT AP over DS"""
263 passphrase
="12345678"
265 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
266 hapd0
= hostapd
.add_ap(apdev
[0], params
)
267 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
268 hapd1
= hostapd
.add_ap(apdev
[1], params
)
270 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
271 check_mib(dev
[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"),
272 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4") ])
274 def test_ap_ft_over_ds_disabled(dev
, apdev
):
275 """WPA2-PSK-FT AP over DS disabled"""
277 passphrase
="12345678"
279 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
280 params
['ft_over_ds'] = '0'
281 hapd0
= hostapd
.add_ap(apdev
[0], params
)
282 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
283 params
['ft_over_ds'] = '0'
284 hapd1
= hostapd
.add_ap(apdev
[1], params
)
286 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
289 def test_ap_ft_over_ds_many(dev
, apdev
):
290 """WPA2-PSK-FT AP over DS multiple times"""
292 passphrase
="12345678"
294 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
295 hapd0
= hostapd
.add_ap(apdev
[0], params
)
296 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
297 hapd1
= hostapd
.add_ap(apdev
[1], params
)
299 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
303 def test_ap_ft_over_ds_unknown_target(dev
, apdev
):
306 passphrase
="12345678"
308 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
309 hapd0
= hostapd
.add_ap(apdev
[0], params
)
311 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
313 dev
[0].roam_over_ds("02:11:22:33:44:55", fail_test
=True)
316 def test_ap_ft_over_ds_unexpected(dev
, apdev
):
317 """WPA2-PSK-FT AP over DS and unexpected response"""
319 passphrase
="12345678"
321 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
322 hapd0
= hostapd
.add_ap(apdev
[0], params
)
323 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
324 hapd1
= hostapd
.add_ap(apdev
[1], params
)
326 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
328 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
339 addr
= dev
[0].own_addr()
340 hapd1ap
.set("ext_mgmt_frame_handling", "1")
341 logger
.info("Foreign STA address")
345 msg
['sa'] = ap1
['bssid']
346 msg
['bssid'] = ap1
['bssid']
347 msg
['payload'] = binascii
.unhexlify("06021122334455660102030405060000")
350 logger
.info("No over-the-DS in progress")
351 msg
['payload'] = binascii
.unhexlify("0602" + addr
.replace(':', '') + "0102030405060000")
354 logger
.info("Non-zero status code")
355 msg
['payload'] = binascii
.unhexlify("0602" + addr
.replace(':', '') + "0102030405060100")
358 hapd1ap
.dump_monitor()
360 dev
[0].scan_for_bss(ap2
['bssid'], freq
="2412")
361 if "OK" not in dev
[0].request("FT_DS " + ap2
['bssid']):
362 raise Exception("FT_DS failed")
364 req
= hapd1ap
.mgmt_rx()
366 logger
.info("Foreign Target AP")
367 msg
['payload'] = binascii
.unhexlify("0602" + addr
.replace(':', '') + "0102030405060000")
370 addrs
= addr
.replace(':', '') + ap2
['bssid'].replace(':', '')
372 logger
.info("No IEs")
373 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "0000")
376 logger
.info("Invalid IEs (trigger parsing failure)")
377 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003700")
380 logger
.info("Too short MDIE")
381 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "000036021122")
384 logger
.info("Mobility domain mismatch")
385 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603112201")
388 logger
.info("No FTIE")
389 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201")
392 logger
.info("FTIE SNonce mismatch")
393 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "1000000000000000000000000000000000000000000000000000000000000001" + "030a6e6173322e77312e6669")
396 logger
.info("No R0KH-ID subelem in FTIE")
397 snonce
= binascii
.hexlify(req
['payload'][111:111+32])
398 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b20137520000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
)
401 logger
.info("No R0KH-ID subelem mismatch in FTIE")
402 snonce
= binascii
.hexlify(req
['payload'][111:111+32])
403 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
+ "030a11223344556677889900")
406 logger
.info("No R1KH-ID subelem in FTIE")
407 r0khid
= binascii
.hexlify(req
['payload'][145:145+10])
408 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
+ "030a" + r0khid
)
411 logger
.info("No RSNE")
412 r0khid
= binascii
.hexlify(req
['payload'][145:145+10])
413 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b20137660000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
+ "030a" + r0khid
+ "0106000102030405")
416 def test_ap_ft_pmf_over_ds(dev
, apdev
):
417 """WPA2-PSK-FT AP over DS with PMF"""
419 passphrase
="12345678"
421 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
422 params
["ieee80211w"] = "2"
423 hapd0
= hostapd
.add_ap(apdev
[0], params
)
424 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
425 params
["ieee80211w"] = "2"
426 hapd1
= hostapd
.add_ap(apdev
[1], params
)
428 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
430 def test_ap_ft_over_ds_pull(dev
, apdev
):
431 """WPA2-PSK-FT AP over DS (pull PMK)"""
433 passphrase
="12345678"
435 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
436 params
["pmk_r1_push"] = "0"
437 hapd0
= hostapd
.add_ap(apdev
[0], params
)
438 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
439 params
["pmk_r1_push"] = "0"
440 hapd1
= hostapd
.add_ap(apdev
[1], params
)
442 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
444 def test_ap_ft_sae(dev
, apdev
):
445 """WPA2-PSK-FT-SAE AP"""
446 if "SAE" not in dev
[0].get_capability("auth_alg"):
447 raise HwsimSkip("SAE not supported")
449 passphrase
="12345678"
451 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
452 params
['wpa_key_mgmt'] = "FT-SAE"
453 hapd0
= hostapd
.add_ap(apdev
[0], params
)
454 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
455 params
['wpa_key_mgmt'] = "FT-SAE"
456 hapd
= hostapd
.add_ap(apdev
[1], params
)
457 key_mgmt
= hapd
.get_config()['key_mgmt']
458 if key_mgmt
.split(' ')[0] != "FT-SAE":
459 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
461 dev
[0].request("SET sae_groups ")
462 run_roams(dev
[0], apdev
, hapd0
, hapd
, ssid
, passphrase
, sae
=True)
464 def test_ap_ft_sae_over_ds(dev
, apdev
):
465 """WPA2-PSK-FT-SAE AP over DS"""
466 if "SAE" not in dev
[0].get_capability("auth_alg"):
467 raise HwsimSkip("SAE not supported")
469 passphrase
="12345678"
471 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
472 params
['wpa_key_mgmt'] = "FT-SAE"
473 hapd0
= hostapd
.add_ap(apdev
[0], params
)
474 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
475 params
['wpa_key_mgmt'] = "FT-SAE"
476 hapd1
= hostapd
.add_ap(apdev
[1], params
)
478 dev
[0].request("SET sae_groups ")
479 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, sae
=True,
482 def test_ap_ft_eap(dev
, apdev
):
485 passphrase
="12345678"
487 radius
= hostapd
.radius_params()
488 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
489 params
['wpa_key_mgmt'] = "FT-EAP"
490 params
["ieee8021x"] = "1"
491 params
= dict(radius
.items() + params
.items())
492 hapd
= hostapd
.add_ap(apdev
[0], params
)
493 key_mgmt
= hapd
.get_config()['key_mgmt']
494 if key_mgmt
.split(' ')[0] != "FT-EAP":
495 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
496 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
497 params
['wpa_key_mgmt'] = "FT-EAP"
498 params
["ieee8021x"] = "1"
499 params
= dict(radius
.items() + params
.items())
500 hapd1
= hostapd
.add_ap(apdev
[1], params
)
502 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
, eap
=True)
503 if "[WPA2-FT/EAP-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
504 raise Exception("Scan results missing RSN element info")
505 check_mib(dev
[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-3"),
506 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-3") ])
508 # Verify EAPOL reauthentication after FT protocol
509 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
513 ap
.request("EAPOL_REAUTH " + dev
[0].own_addr())
514 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout
=5)
516 raise Exception("EAP authentication did not start")
517 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout
=5)
519 raise Exception("EAP authentication did not succeed")
521 hwsim_utils
.test_connectivity(dev
[0], ap
)
523 def test_ap_ft_eap_pull(dev
, apdev
):
524 """WPA2-EAP-FT AP (pull PMK)"""
526 passphrase
="12345678"
528 radius
= hostapd
.radius_params()
529 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
530 params
['wpa_key_mgmt'] = "FT-EAP"
531 params
["ieee8021x"] = "1"
532 params
["pmk_r1_push"] = "0"
533 params
= dict(radius
.items() + params
.items())
534 hapd
= hostapd
.add_ap(apdev
[0], params
)
535 key_mgmt
= hapd
.get_config()['key_mgmt']
536 if key_mgmt
.split(' ')[0] != "FT-EAP":
537 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
538 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
539 params
['wpa_key_mgmt'] = "FT-EAP"
540 params
["ieee8021x"] = "1"
541 params
["pmk_r1_push"] = "0"
542 params
= dict(radius
.items() + params
.items())
543 hapd1
= hostapd
.add_ap(apdev
[1], params
)
545 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
, eap
=True)
548 def test_ap_ft_mismatching_rrb_key_push(dev
, apdev
):
549 """WPA2-PSK-FT AP over DS with mismatching RRB key (push)"""
551 passphrase
="12345678"
553 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
554 params
["ieee80211w"] = "2"
555 hapd0
= hostapd
.add_ap(apdev
[0], params
)
556 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
557 params
["ieee80211w"] = "2"
558 hapd1
= hostapd
.add_ap(apdev
[1], params
)
560 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
564 def test_ap_ft_mismatching_rrb_key_pull(dev
, apdev
):
565 """WPA2-PSK-FT AP over DS with mismatching RRB key (pull)"""
567 passphrase
="12345678"
569 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
570 params
["pmk_r1_push"] = "0"
571 hapd0
= hostapd
.add_ap(apdev
[0], params
)
572 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
573 params
["pmk_r1_push"] = "0"
574 hapd1
= hostapd
.add_ap(apdev
[1], params
)
576 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
580 def test_ap_ft_mismatching_r0kh_id_pull(dev
, apdev
):
581 """WPA2-PSK-FT AP over DS with mismatching R0KH-ID (pull)"""
583 passphrase
="12345678"
585 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
586 params
["pmk_r1_push"] = "0"
587 params
["nas_identifier"] = "nas0.w1.fi"
588 hostapd
.add_ap(apdev
[0], params
)
589 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
592 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
593 params
["pmk_r1_push"] = "0"
594 hostapd
.add_ap(apdev
[1], params
)
596 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
597 dev
[0].roam_over_ds(apdev
[1]['bssid'], fail_test
=True)
600 def test_ap_ft_mismatching_rrb_r0kh_push(dev
, apdev
):
601 """WPA2-PSK-FT AP over DS with mismatching R0KH key (push)"""
603 passphrase
="12345678"
605 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
606 params
["ieee80211w"] = "2"
607 hapd0
= hostapd
.add_ap(apdev
[0], params
)
608 params
= ft_params2_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
609 params
["ieee80211w"] = "2"
610 hapd1
= hostapd
.add_ap(apdev
[1], params
)
612 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
616 def test_ap_ft_mismatching_rrb_r0kh_pull(dev
, apdev
):
617 """WPA2-PSK-FT AP over DS with mismatching R0KH key (pull)"""
619 passphrase
="12345678"
621 params
= ft_params1_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
622 params
["pmk_r1_push"] = "0"
623 hapd0
= hostapd
.add_ap(apdev
[0], params
)
624 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
625 params
["pmk_r1_push"] = "0"
626 hapd1
= hostapd
.add_ap(apdev
[1], params
)
628 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
631 def test_ap_ft_mismatching_rrb_key_push_eap(dev
, apdev
):
632 """WPA2-EAP-FT AP over DS with mismatching RRB key (push)"""
634 passphrase
="12345678"
636 radius
= hostapd
.radius_params()
637 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
638 params
["ieee80211w"] = "2";
639 params
['wpa_key_mgmt'] = "FT-EAP"
640 params
["ieee8021x"] = "1"
641 params
= dict(radius
.items() + params
.items())
642 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
643 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
644 params
["ieee80211w"] = "2";
645 params
['wpa_key_mgmt'] = "FT-EAP"
646 params
["ieee8021x"] = "1"
647 params
= dict(radius
.items() + params
.items())
648 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
650 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
651 fail_test
=True, eap
=True)
653 def test_ap_ft_mismatching_rrb_key_pull_eap(dev
, apdev
):
654 """WPA2-EAP-FT AP over DS with mismatching RRB key (pull)"""
656 passphrase
="12345678"
658 radius
= hostapd
.radius_params()
659 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
660 params
["pmk_r1_push"] = "0"
661 params
['wpa_key_mgmt'] = "FT-EAP"
662 params
["ieee8021x"] = "1"
663 params
= dict(radius
.items() + params
.items())
664 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
665 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
666 params
["pmk_r1_push"] = "0"
667 params
['wpa_key_mgmt'] = "FT-EAP"
668 params
["ieee8021x"] = "1"
669 params
= dict(radius
.items() + params
.items())
670 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
672 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
673 fail_test
=True, eap
=True)
675 def test_ap_ft_mismatching_r0kh_id_pull_eap(dev
, apdev
):
676 """WPA2-EAP-FT AP over DS with mismatching R0KH-ID (pull)"""
678 passphrase
="12345678"
680 radius
= hostapd
.radius_params()
681 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
682 params
["pmk_r1_push"] = "0"
683 params
["nas_identifier"] = "nas0.w1.fi"
684 params
['wpa_key_mgmt'] = "FT-EAP"
685 params
["ieee8021x"] = "1"
686 params
= dict(radius
.items() + params
.items())
687 hostapd
.add_ap(apdev
[0]['ifname'], params
)
688 dev
[0].connect(ssid
, key_mgmt
="FT-EAP", proto
="WPA2", ieee80211w
="1",
689 eap
="GPSK", identity
="gpsk user",
690 password
="abcdefghijklmnop0123456789abcdef",
693 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
694 params
["pmk_r1_push"] = "0"
695 params
['wpa_key_mgmt'] = "FT-EAP"
696 params
["ieee8021x"] = "1"
697 params
= dict(radius
.items() + params
.items())
698 hostapd
.add_ap(apdev
[1]['ifname'], params
)
700 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
701 dev
[0].roam_over_ds(apdev
[1]['bssid'], fail_test
=True)
703 def test_ap_ft_mismatching_rrb_r0kh_push_eap(dev
, apdev
):
704 """WPA2-EAP-FT AP over DS with mismatching R0KH key (push)"""
706 passphrase
="12345678"
708 radius
= hostapd
.radius_params()
709 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
710 params
["ieee80211w"] = "2";
711 params
['wpa_key_mgmt'] = "FT-EAP"
712 params
["ieee8021x"] = "1"
713 params
= dict(radius
.items() + params
.items())
714 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
715 params
= ft_params2_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
716 params
["ieee80211w"] = "2";
717 params
['wpa_key_mgmt'] = "FT-EAP"
718 params
["ieee8021x"] = "1"
719 params
= dict(radius
.items() + params
.items())
720 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
722 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
723 fail_test
=True, eap
=True)
725 def test_ap_ft_mismatching_rrb_r0kh_pull_eap(dev
, apdev
):
726 """WPA2-EAP-FT AP over DS with mismatching R0KH key (pull)"""
728 passphrase
="12345678"
730 radius
= hostapd
.radius_params()
731 params
= ft_params1_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
732 params
["pmk_r1_push"] = "0"
733 params
['wpa_key_mgmt'] = "FT-EAP"
734 params
["ieee8021x"] = "1"
735 params
= dict(radius
.items() + params
.items())
736 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
737 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
738 params
["pmk_r1_push"] = "0"
739 params
['wpa_key_mgmt'] = "FT-EAP"
740 params
["ieee8021x"] = "1"
741 params
= dict(radius
.items() + params
.items())
742 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
744 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
745 fail_test
=True, eap
=True)
747 def test_ap_ft_gtk_rekey(dev
, apdev
):
748 """WPA2-PSK-FT AP and GTK rekey"""
750 passphrase
="12345678"
752 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
753 params
['wpa_group_rekey'] = '1'
754 hapd
= hostapd
.add_ap(apdev
[0], params
)
756 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
757 ieee80211w
="1", scan_freq
="2412")
759 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
761 raise Exception("GTK rekey timed out after initial association")
762 hwsim_utils
.test_connectivity(dev
[0], hapd
)
764 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
765 params
['wpa_group_rekey'] = '1'
766 hapd1
= hostapd
.add_ap(apdev
[1], params
)
768 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
769 dev
[0].roam(apdev
[1]['bssid'])
770 if dev
[0].get_status_field('bssid') != apdev
[1]['bssid']:
771 raise Exception("Did not connect to correct AP")
772 hwsim_utils
.test_connectivity(dev
[0], hapd1
)
774 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
776 raise Exception("GTK rekey timed out after FT protocol")
777 hwsim_utils
.test_connectivity(dev
[0], hapd1
)
779 def test_ft_psk_key_lifetime_in_memory(dev
, apdev
, params
):
780 """WPA2-PSK-FT and key lifetime in memory"""
782 passphrase
="04c2726b4b8d5f1b4db9c07aa4d9e9d8f765cb5d25ec817e6cc4fcdd5255db0"
783 psk
= '93c90846ff67af9037ed83fb72b63dbeddaa81d47f926c20909b5886f1d9358d'
784 pmk
= binascii
.unhexlify(psk
)
785 p
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
786 hapd0
= hostapd
.add_ap(apdev
[0], p
)
787 p
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
788 hapd1
= hostapd
.add_ap(apdev
[1], p
)
790 pid
= find_wpas_process(dev
[0])
792 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
794 # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
795 # event has been delivered, so verify that wpa_supplicant has returned to
796 # eloop before reading process memory.
800 buf
= read_process_memory(pid
, pmk
)
802 dev
[0].request("DISCONNECT")
803 dev
[0].wait_disconnected()
810 with
open(os
.path
.join(params
['logdir'], 'log0'), 'r') as f
:
811 for l
in f
.readlines():
812 if "FT: PMK-R0 - hexdump" in l
:
813 val
= l
.strip().split(':')[3].replace(' ', '')
814 pmkr0
= binascii
.unhexlify(val
)
815 if "FT: PMK-R1 - hexdump" in l
:
816 val
= l
.strip().split(':')[3].replace(' ', '')
817 pmkr1
= binascii
.unhexlify(val
)
818 if "FT: KCK - hexdump" in l
:
819 val
= l
.strip().split(':')[3].replace(' ', '')
820 kck
= binascii
.unhexlify(val
)
821 if "FT: KEK - hexdump" in l
:
822 val
= l
.strip().split(':')[3].replace(' ', '')
823 kek
= binascii
.unhexlify(val
)
824 if "FT: TK - hexdump" in l
:
825 val
= l
.strip().split(':')[3].replace(' ', '')
826 tk
= binascii
.unhexlify(val
)
827 if "WPA: Group Key - hexdump" in l
:
828 val
= l
.strip().split(':')[3].replace(' ', '')
829 gtk
= binascii
.unhexlify(val
)
830 if not pmkr0
or not pmkr1
or not kck
or not kek
or not tk
or not gtk
:
831 raise Exception("Could not find keys from debug log")
833 raise Exception("Unexpected GTK length")
835 logger
.info("Checking keys in memory while associated")
836 get_key_locations(buf
, pmk
, "PMK")
837 get_key_locations(buf
, pmkr0
, "PMK-R0")
838 get_key_locations(buf
, pmkr1
, "PMK-R1")
840 raise HwsimSkip("PMK not found while associated")
842 raise HwsimSkip("PMK-R0 not found while associated")
844 raise HwsimSkip("PMK-R1 not found while associated")
846 raise Exception("KCK not found while associated")
848 raise Exception("KEK not found while associated")
850 raise Exception("TK found from memory")
852 get_key_locations(buf
, gtk
, "GTK")
853 raise Exception("GTK found from memory")
855 logger
.info("Checking keys in memory after disassociation")
856 buf
= read_process_memory(pid
, pmk
)
857 get_key_locations(buf
, pmk
, "PMK")
858 get_key_locations(buf
, pmkr0
, "PMK-R0")
859 get_key_locations(buf
, pmkr1
, "PMK-R1")
861 # Note: PMK/PSK is still present in network configuration
863 fname
= os
.path
.join(params
['logdir'],
864 'ft_psk_key_lifetime_in_memory.memctx-')
865 verify_not_present(buf
, pmkr0
, fname
, "PMK-R0")
866 verify_not_present(buf
, pmkr1
, fname
, "PMK-R1")
867 verify_not_present(buf
, kck
, fname
, "KCK")
868 verify_not_present(buf
, kek
, fname
, "KEK")
869 verify_not_present(buf
, tk
, fname
, "TK")
870 verify_not_present(buf
, gtk
, fname
, "GTK")
872 dev
[0].request("REMOVE_NETWORK all")
874 logger
.info("Checking keys in memory after network profile removal")
875 buf
= read_process_memory(pid
, pmk
)
876 get_key_locations(buf
, pmk
, "PMK")
877 get_key_locations(buf
, pmkr0
, "PMK-R0")
878 get_key_locations(buf
, pmkr1
, "PMK-R1")
880 verify_not_present(buf
, pmk
, fname
, "PMK")
881 verify_not_present(buf
, pmkr0
, fname
, "PMK-R0")
882 verify_not_present(buf
, pmkr1
, fname
, "PMK-R1")
883 verify_not_present(buf
, kck
, fname
, "KCK")
884 verify_not_present(buf
, kek
, fname
, "KEK")
885 verify_not_present(buf
, tk
, fname
, "TK")
886 verify_not_present(buf
, gtk
, fname
, "GTK")
889 def test_ap_ft_invalid_resp(dev
, apdev
):
890 """WPA2-PSK-FT AP and invalid response IEs"""
892 passphrase
="12345678"
894 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
895 hapd0
= hostapd
.add_ap(apdev
[0], params
)
896 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
899 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
900 hapd1
= hostapd
.add_ap(apdev
[1], params
)
903 # Various IEs for test coverage. The last one is FTIE with invalid
904 # R1KH-ID subelement.
905 "020002000000" + "3800" + "38051122334455" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010100",
906 # FTIE with invalid R0KH-ID subelement (len=0).
907 "020002000000" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010300",
908 # FTIE with invalid R0KH-ID subelement (len=49).
909 "020002000000" + "378500010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001033101020304050607080910111213141516171819202122232425262728293031323334353637383940414243444546474849",
911 "020002000000" + "3000",
912 # Required IEs missing from protected IE count.
913 "020002000000" + "3603a1b201" + "375200010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
914 # RIC missing from protected IE count.
915 "020002000000" + "3603a1b201" + "375200020203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
916 # Protected IE missing.
917 "020002000000" + "3603a1b201" + "375200ff0203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900" + "0000" ]
919 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
920 hapd1
.set("ext_mgmt_frame_handling", "1")
922 if "OK" not in dev
[0].request("ROAM " + apdev
[1]['bssid']):
923 raise Exception("ROAM failed")
926 msg
= hapd1
.mgmt_rx()
927 if msg
['subtype'] == 11:
931 raise Exception("Authentication frame not seen")
934 resp
['fc'] = auth
['fc']
935 resp
['da'] = auth
['sa']
936 resp
['sa'] = auth
['da']
937 resp
['bssid'] = auth
['bssid']
938 resp
['payload'] = binascii
.unhexlify(t
)
940 hapd1
.set("ext_mgmt_frame_handling", "0")
941 dev
[0].wait_disconnected()
943 dev
[0].request("RECONNECT")
944 dev
[0].wait_connected()
946 def test_ap_ft_gcmp_256(dev
, apdev
):
947 """WPA2-PSK-FT AP with GCMP-256 cipher"""
948 if "GCMP-256" not in dev
[0].get_capability("pairwise"):
949 raise HwsimSkip("Cipher GCMP-256 not supported")
951 passphrase
="12345678"
953 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
954 params
['rsn_pairwise'] = "GCMP-256"
955 hapd0
= hostapd
.add_ap(apdev
[0], params
)
956 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
957 params
['rsn_pairwise'] = "GCMP-256"
958 hapd1
= hostapd
.add_ap(apdev
[1], params
)
960 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
,
961 pairwise_cipher
="GCMP-256", group_cipher
="GCMP-256")
963 def test_ap_ft_oom(dev
, apdev
):
964 """WPA2-PSK-FT and OOM"""
965 skip_with_fips(dev
[0])
967 passphrase
="12345678"
969 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
970 hapd0
= hostapd
.add_ap(apdev
[0], params
)
971 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
972 hapd1
= hostapd
.add_ap(apdev
[1], params
)
974 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
976 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
977 dst
= apdev
[1]['bssid']
979 dst
= apdev
[0]['bssid']
981 dev
[0].scan_for_bss(dst
, freq
="2412")
982 with
alloc_fail(dev
[0], 1, "wpa_ft_gen_req_ies"):
984 with
fail_test(dev
[0], 1, "wpa_ft_mic"):
985 dev
[0].roam(dst
, fail_test
=True)
986 with
fail_test(dev
[0], 1, "os_get_random;wpa_ft_prepare_auth_request"):
987 dev
[0].roam(dst
, fail_test
=True)
989 dev
[0].request("REMOVE_NETWORK all")
990 with
alloc_fail(dev
[0], 1, "=sme_update_ft_ies"):
991 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
994 def test_ap_ft_ap_oom(dev
, apdev
):
995 """WPA2-PSK-FT and AP OOM"""
997 passphrase
="12345678"
999 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1000 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1001 bssid0
= hapd0
.own_addr()
1003 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1004 with
alloc_fail(hapd0
, 1, "wpa_ft_store_pmk_r0"):
1005 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1008 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1009 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1010 bssid1
= hapd1
.own_addr()
1011 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1012 # This roam will fail due to missing PMK-R0 (OOM prevented storing it)
1015 def test_ap_ft_ap_oom2(dev
, apdev
):
1016 """WPA2-PSK-FT and AP OOM 2"""
1018 passphrase
="12345678"
1020 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1021 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1022 bssid0
= hapd0
.own_addr()
1024 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1025 with
alloc_fail(hapd0
, 1, "wpa_ft_store_pmk_r1"):
1026 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1029 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1030 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1031 bssid1
= hapd1
.own_addr()
1032 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1034 if dev
[0].get_status_field('bssid') != bssid1
:
1035 raise Exception("Did not roam to AP1")
1036 # This roam will fail due to missing PMK-R1 (OOM prevented storing it)
1039 def test_ap_ft_ap_oom3(dev
, apdev
):
1040 """WPA2-PSK-FT and AP OOM 3"""
1042 passphrase
="12345678"
1044 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1045 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1046 bssid0
= hapd0
.own_addr()
1048 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1049 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1052 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1053 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1054 bssid1
= hapd1
.own_addr()
1055 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1056 with
alloc_fail(hapd1
, 1, "wpa_ft_pull_pmk_r1"):
1057 # This will fail due to not being able to send out PMK-R1 pull request
1060 with
fail_test(hapd1
, 1, "os_get_random;wpa_ft_pull_pmk_r1"):
1061 # This will fail due to not being able to send out PMK-R1 pull request
1064 with
fail_test(hapd1
, 1, "aes_siv_encrypt;wpa_ft_pull_pmk_r1"):
1065 # This will fail due to not being able to send out PMK-R1 pull request
1068 def test_ap_ft_ap_oom4(dev
, apdev
):
1069 """WPA2-PSK-FT and AP OOM 4"""
1071 passphrase
="12345678"
1073 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1074 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1075 bssid0
= hapd0
.own_addr()
1077 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1078 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1081 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1082 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1083 bssid1
= hapd1
.own_addr()
1084 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1085 with
alloc_fail(hapd1
, 1, "wpa_ft_gtk_subelem"):
1087 if dev
[0].get_status_field('bssid') != bssid1
:
1088 raise Exception("Did not roam to AP1")
1090 with
fail_test(hapd0
, 1, "wpa_auth_get_seqnum;wpa_ft_gtk_subelem"):
1092 if dev
[0].get_status_field('bssid') != bssid0
:
1093 raise Exception("Did not roam to AP0")
1095 with
fail_test(hapd0
, 1, "aes_wrap;wpa_ft_gtk_subelem"):
1097 if dev
[0].get_status_field('bssid') != bssid1
:
1098 raise Exception("Did not roam to AP1")
1100 def test_ap_ft_ap_oom5(dev
, apdev
):
1101 """WPA2-PSK-FT and AP OOM 5"""
1103 passphrase
="12345678"
1105 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1106 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1107 bssid0
= hapd0
.own_addr()
1109 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1110 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1113 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1114 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1115 bssid1
= hapd1
.own_addr()
1116 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1117 with
alloc_fail(hapd1
, 1, "=wpa_ft_process_auth_req"):
1118 # This will fail to roam
1121 with
fail_test(hapd1
, 1, "os_get_random;wpa_ft_process_auth_req"):
1122 # This will fail to roam
1125 with
fail_test(hapd1
, 1, "sha256_prf_bits;wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
1126 # This will fail to roam
1129 with
fail_test(hapd1
, 3, "wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
1130 # This will fail to roam
1133 with
fail_test(hapd1
, 1, "wpa_derive_pmk_r1_name;wpa_ft_process_auth_req"):
1134 # This will fail to roam
1137 def test_ap_ft_ap_oom6(dev
, apdev
):
1138 """WPA2-PSK-FT and AP OOM 6"""
1140 passphrase
="12345678"
1142 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1143 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1144 bssid0
= hapd0
.own_addr()
1146 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1147 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r0;wpa_auth_derive_ptk_ft"):
1148 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1150 dev
[0].request("REMOVE_NETWORK all")
1151 dev
[0].wait_disconnected()
1152 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r1;wpa_auth_derive_ptk_ft"):
1153 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1155 dev
[0].request("REMOVE_NETWORK all")
1156 dev
[0].wait_disconnected()
1157 with
fail_test(hapd0
, 1, "wpa_pmk_r1_to_ptk;wpa_auth_derive_ptk_ft"):
1158 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1161 def test_ap_ft_ap_oom7(dev
, apdev
):
1162 """WPA2-PSK-FT and AP OOM 7"""
1164 passphrase
="12345678"
1166 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1167 params
["ieee80211w"] = "2"
1168 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1169 bssid0
= hapd0
.own_addr()
1171 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1172 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1173 ieee80211w
="2", scan_freq
="2412")
1175 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1176 params
["ieee80211w"] = "2"
1177 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1178 bssid1
= hapd1
.own_addr()
1179 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1180 with
alloc_fail(hapd1
, 1, "wpa_ft_igtk_subelem"):
1181 # This will fail to roam
1183 with
fail_test(hapd1
, 1, "aes_wrap;wpa_ft_igtk_subelem"):
1184 # This will fail to roam
1186 with
alloc_fail(hapd1
, 1, "=wpa_sm_write_assoc_resp_ies"):
1187 # This will fail to roam
1189 with
fail_test(hapd1
, 1, "wpa_ft_mic;wpa_sm_write_assoc_resp_ies"):
1190 # This will fail to roam
1193 def test_ap_ft_ap_oom8(dev
, apdev
):
1194 """WPA2-PSK-FT and AP OOM 8"""
1196 passphrase
="12345678"
1198 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1199 params
['ft_psk_generate_local'] = "1";
1200 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1201 bssid0
= hapd0
.own_addr()
1203 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1204 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1207 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1208 params
['ft_psk_generate_local'] = "1";
1209 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1210 bssid1
= hapd1
.own_addr()
1211 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1212 with
fail_test(hapd1
, 1, "wpa_derive_pmk_r0;wpa_ft_psk_pmk_r1"):
1213 # This will fail to roam
1215 with
fail_test(hapd1
, 1, "wpa_derive_pmk_r1;wpa_ft_psk_pmk_r1"):
1216 # This will fail to roam
1219 def test_ap_ft_ap_oom9(dev
, apdev
):
1220 """WPA2-PSK-FT and AP OOM 9"""
1222 passphrase
="12345678"
1224 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1225 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1226 bssid0
= hapd0
.own_addr()
1228 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1229 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1232 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1233 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1234 bssid1
= hapd1
.own_addr()
1235 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1237 with
alloc_fail(hapd0
, 1, "wpa_ft_action_rx"):
1238 # This will fail to roam
1239 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1240 raise Exception("FT_DS failed")
1241 wait_fail_trigger(hapd0
, "GET_ALLOC_FAIL")
1243 with
alloc_fail(hapd1
, 1, "wpa_ft_rrb_rx_request"):
1244 # This will fail to roam
1245 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1246 raise Exception("FT_DS failed")
1247 wait_fail_trigger(hapd1
, "GET_ALLOC_FAIL")
1249 with
alloc_fail(hapd1
, 1, "wpa_ft_send_rrb_auth_resp"):
1250 # This will fail to roam
1251 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1252 raise Exception("FT_DS failed")
1253 wait_fail_trigger(hapd1
, "GET_ALLOC_FAIL")
1255 def test_ap_ft_ap_oom10(dev
, apdev
):
1256 """WPA2-PSK-FT and AP OOM 10"""
1258 passphrase
="12345678"
1260 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1261 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1262 bssid0
= hapd0
.own_addr()
1264 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1265 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1268 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1269 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1270 bssid1
= hapd1
.own_addr()
1271 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1273 with
fail_test(hapd0
, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_pull"):
1274 # This will fail to roam
1275 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1276 raise Exception("FT_DS failed")
1277 wait_fail_trigger(hapd0
, "GET_FAIL")
1279 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r1;wpa_ft_rrb_rx_pull"):
1280 # This will fail to roam
1281 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1282 raise Exception("FT_DS failed")
1283 wait_fail_trigger(hapd0
, "GET_FAIL")
1285 with
fail_test(hapd0
, 1, "aes_siv_encrypt;wpa_ft_rrb_rx_pull"):
1286 # This will fail to roam
1287 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1288 raise Exception("FT_DS failed")
1289 wait_fail_trigger(hapd0
, "GET_FAIL")
1291 with
fail_test(hapd1
, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_resp"):
1292 # This will fail to roam
1293 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1294 raise Exception("FT_DS failed")
1295 wait_fail_trigger(hapd1
, "GET_FAIL")
1297 def test_ap_ft_ap_oom11(dev
, apdev
):
1298 """WPA2-PSK-FT and AP OOM 11"""
1300 passphrase
="12345678"
1302 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1303 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1304 bssid0
= hapd0
.own_addr()
1306 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1307 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r1;wpa_ft_generate_pmk_r1"):
1308 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1310 wait_fail_trigger(hapd0
, "GET_FAIL")
1312 dev
[1].scan_for_bss(bssid0
, freq
="2412")
1313 with
fail_test(hapd0
, 1, "aes_siv_encrypt;wpa_ft_generate_pmk_r1"):
1314 dev
[1].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1316 wait_fail_trigger(hapd0
, "GET_FAIL")
1318 def test_ap_ft_over_ds_proto_ap(dev
, apdev
):
1319 """WPA2-PSK-FT AP over DS protocol testing for AP processing"""
1321 passphrase
="12345678"
1323 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1324 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1325 bssid0
= hapd0
.own_addr()
1326 _bssid0
= bssid0
.replace(':', '')
1327 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1329 addr
= dev
[0].own_addr()
1330 _addr
= addr
.replace(':', '')
1332 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1333 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1334 bssid1
= hapd1
.own_addr()
1335 _bssid1
= bssid1
.replace(':', '')
1337 hapd0
.set("ext_mgmt_frame_handling", "1")
1338 hdr
= "d0003a01" + _bssid0
+ _addr
+ _bssid0
+ "1000"
1339 valid
= "0601" + _addr
+ _bssid1
1342 "0601" + _addr
+ _bssid0
,
1343 "0601" + _addr
+ "ffffffffffff",
1344 "0601" + _bssid0
+ _bssid0
,
1349 valid
+ "3603ffffff",
1350 valid
+ "3603a1b2ff",
1351 valid
+ "3603a1b2ff" + "3700",
1352 valid
+ "3603a1b2ff" + "37520000" + 16*"00" + 32*"00" + 32*"00",
1353 valid
+ "3603a1b2ff" + "37520001" + 16*"00" + 32*"00" + 32*"00",
1354 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa",
1355 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "3000",
1356 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000facff00000100a225368fe0983b5828a37a0acb37f253",
1357 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac030100000fac0400000100a225368fe0983b5828a37a0acb37f253",
1358 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000fac0400000100a225368fe0983b5828a37a0acb37f253",
1361 hapd0
.dump_monitor()
1362 if "OK" not in hapd0
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr
+ t
):
1363 raise Exception("MGMT_RX_PROCESS failed")
1365 hapd0
.set("ext_mgmt_frame_handling", "0")
1367 def test_ap_ft_over_ds_proto(dev
, apdev
):
1368 """WPA2-PSK-FT AP over DS protocol testing"""
1370 passphrase
="12345678"
1372 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1373 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1374 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1377 # FT Action Response while no FT-over-DS in progress
1380 msg
['da'] = dev
[0].own_addr()
1381 msg
['sa'] = apdev
[0]['bssid']
1382 msg
['bssid'] = apdev
[0]['bssid']
1383 msg
['payload'] = binascii
.unhexlify("06020200000000000200000004000000")
1386 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1387 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1388 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
1389 hapd0
.set("ext_mgmt_frame_handling", "1")
1390 hapd0
.dump_monitor()
1391 dev
[0].request("FT_DS " + apdev
[1]['bssid'])
1392 for i
in range(0, 10):
1393 req
= hapd0
.mgmt_rx()
1395 raise Exception("MGMT RX wait timed out")
1396 if req
['subtype'] == 13:
1400 raise Exception("FT Action frame not received")
1402 # FT Action Response for unexpected Target AP
1403 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "f20000000400" + "0000")
1406 # FT Action Response without MDIE
1407 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "020000000400" + "0000")
1410 # FT Action Response without FTIE
1411 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201")
1414 # FT Action Response with FTIE SNonce mismatch
1415 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201" + "3766000000000000000000000000000000000000c4e67ac1999bebd00ff4ae4d5dcaf87896bb060b469f7c78d49623fb395c3455ffffff6b693fe6f8d8c5dfac0a22344750775bd09437f98b238c9f87b97f790c0106000102030406030a6e6173312e77312e6669")
1419 def test_ap_ft_rrb(dev
, apdev
):
1420 """WPA2-PSK-FT RRB protocol testing"""
1422 passphrase
="12345678"
1424 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1425 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1427 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1430 _dst_ll
= binascii
.unhexlify(apdev
[0]['bssid'].replace(':',''))
1431 _src_ll
= binascii
.unhexlify(dev
[0].own_addr().replace(':',''))
1433 ehdr
= _dst_ll
+ _src_ll
+ proto
1435 # Too short RRB frame
1437 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1438 raise Exception("DATA_TEST_FRAME failed")
1440 # RRB discarded frame wikth unrecognized type
1441 pkt
= ehdr
+ '\x02' + '\x02' + '\x01\x00' + _src_ll
1442 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1443 raise Exception("DATA_TEST_FRAME failed")
1445 # RRB frame too short for action frame
1446 pkt
= ehdr
+ '\x01' + '\x02' + '\x01\x00' + _src_ll
1447 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1448 raise Exception("DATA_TEST_FRAME failed")
1450 # Too short RRB frame (not enough room for Action Frame body)
1451 pkt
= ehdr
+ '\x01' + '\x02' + '\x00\x00' + _src_ll
1452 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1453 raise Exception("DATA_TEST_FRAME failed")
1455 # Unexpected Action frame category
1456 pkt
= ehdr
+ '\x01' + '\x02' + '\x0e\x00' + _src_ll
+ '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1457 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1458 raise Exception("DATA_TEST_FRAME failed")
1460 # Unexpected Action in RRB Request
1461 pkt
= ehdr
+ '\x01' + '\x00' + '\x0e\x00' + _src_ll
+ '\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1462 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1463 raise Exception("DATA_TEST_FRAME failed")
1465 # Target AP address in RRB Request does not match with own address
1466 pkt
= ehdr
+ '\x01' + '\x00' + '\x0e\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1467 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1468 raise Exception("DATA_TEST_FRAME failed")
1470 # Not enough room for status code in RRB Response
1471 pkt
= ehdr
+ '\x01' + '\x01' + '\x0e\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1472 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1473 raise Exception("DATA_TEST_FRAME failed")
1475 # RRB discarded frame with unknown packet_type
1476 pkt
= ehdr
+ '\x01' + '\x02' + '\x0e\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1477 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1478 raise Exception("DATA_TEST_FRAME failed")
1480 # RRB Response with non-zero status code; no STA match
1481 pkt
= ehdr
+ '\x01' + '\x01' + '\x10\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + '\xff\xff'
1482 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1483 raise Exception("DATA_TEST_FRAME failed")
1485 # RRB Response with zero status code and extra data; STA match
1486 pkt
= ehdr
+ '\x01' + '\x01' + '\x11\x00' + _src_ll
+ '\x06\x01' + _src_ll
+ '\x00\x00\x00\x00\x00\x00' + '\x00\x00' + '\x00'
1487 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1488 raise Exception("DATA_TEST_FRAME failed")
1490 # Too short PMK-R1 pull
1491 pkt
= ehdr
+ '\x01' + '\xc8' + '\x0e\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1492 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1493 raise Exception("DATA_TEST_FRAME failed")
1495 # Too short PMK-R1 resp
1496 pkt
= ehdr
+ '\x01' + '\xc9' + '\x0e\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1497 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1498 raise Exception("DATA_TEST_FRAME failed")
1500 # Too short PMK-R1 push
1501 pkt
= ehdr
+ '\x01' + '\xca' + '\x0e\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1502 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1503 raise Exception("DATA_TEST_FRAME failed")
1505 # No matching R0KH address found for PMK-R0 pull response
1506 pkt
= ehdr
+ '\x01' + '\xc9' + '\x5a\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + 76*'\00'
1507 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1508 raise Exception("DATA_TEST_FRAME failed")
1511 def test_rsn_ie_proto_ft_psk_sta(dev
, apdev
):
1512 """RSN element protocol testing for FT-PSK + PMF cases on STA side"""
1513 bssid
= apdev
[0]['bssid']
1515 passphrase
="12345678"
1517 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1518 params
["ieee80211w"] = "1"
1519 # This is the RSN element used normally by hostapd
1520 params
['own_ie_override'] = '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'
1521 hapd
= hostapd
.add_ap(apdev
[0], params
)
1522 id = dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1523 ieee80211w
="1", scan_freq
="2412",
1524 pairwise
="CCMP", group
="CCMP")
1526 tests
= [ ('PMKIDCount field included',
1527 '30160100000fac040100000fac040100000fac048c000000' + '3603a1b201'),
1528 ('Extra IE before RSNE',
1529 'dd0400000000' + '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'),
1530 ('PMKIDCount and Group Management Cipher suite fields included',
1531 '301a0100000fac040100000fac040100000fac048c000000000fac06' + '3603a1b201'),
1532 ('Extra octet after defined fields (future extensibility)',
1533 '301b0100000fac040100000fac040100000fac048c000000000fac0600' + '3603a1b201'),
1534 ('No RSN Capabilities field (PMF disabled in practice)',
1535 '30120100000fac040100000fac040100000fac04' + '3603a1b201') ]
1536 for txt
,ie
in tests
:
1537 dev
[0].request("DISCONNECT")
1538 dev
[0].wait_disconnected()
1541 hapd
.set('own_ie_override', ie
)
1543 dev
[0].request("BSS_FLUSH 0")
1544 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
1545 dev
[0].select_network(id, freq
=2412)
1546 dev
[0].wait_connected()
1548 dev
[0].request("DISCONNECT")
1549 dev
[0].wait_disconnected()
1551 logger
.info('Invalid RSNE causing internal hostapd error')
1553 hapd
.set('own_ie_override', '30130100000fac040100000fac040100000fac048c' + '3603a1b201')
1555 dev
[0].request("BSS_FLUSH 0")
1556 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
1557 dev
[0].select_network(id, freq
=2412)
1558 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
1560 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=1)
1562 raise Exception("Unexpected connection")
1563 dev
[0].request("DISCONNECT")
1565 logger
.info('Unexpected PMKID causing internal hostapd error')
1567 hapd
.set('own_ie_override', '30260100000fac040100000fac040100000fac048c000100ffffffffffffffffffffffffffffffff' + '3603a1b201')
1569 dev
[0].request("BSS_FLUSH 0")
1570 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
1571 dev
[0].select_network(id, freq
=2412)
1572 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
1574 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=1)
1576 raise Exception("Unexpected connection")
1577 dev
[0].request("DISCONNECT")
1579 def test_ap_ft_ptk_rekey(dev
, apdev
):
1580 """WPA2-PSK-FT PTK rekeying triggered by station after roam"""
1582 passphrase
="12345678"
1584 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1585 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1586 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1587 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1589 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, ptk_rekey
="1")
1591 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECTED",
1592 "WPA: Key negotiation completed"], timeout
=5)
1594 raise Exception("No event received after roam")
1595 if "CTRL-EVENT-DISCONNECTED" in ev
:
1596 raise Exception("Unexpected disconnection after roam")
1598 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
1602 hwsim_utils
.test_connectivity(dev
[0], hapd
)
1604 def test_ap_ft_ptk_rekey_ap(dev
, apdev
):
1605 """WPA2-PSK-FT PTK rekeying triggered by AP after roam"""
1607 passphrase
="12345678"
1609 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1610 params
['wpa_ptk_rekey'] = '2'
1611 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1612 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1613 params
['wpa_ptk_rekey'] = '2'
1614 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1616 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
1618 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECTED",
1619 "WPA: Key negotiation completed"], timeout
=5)
1621 raise Exception("No event received after roam")
1622 if "CTRL-EVENT-DISCONNECTED" in ev
:
1623 raise Exception("Unexpected disconnection after roam")
1625 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
1629 hwsim_utils
.test_connectivity(dev
[0], hapd
)
1631 def test_ap_ft_internal_rrb_check(dev
, apdev
):
1632 """RRB internal delivery only to WPA enabled BSS"""
1634 passphrase
="12345678"
1636 radius
= hostapd
.radius_params()
1637 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1638 params
['wpa_key_mgmt'] = "FT-EAP"
1639 params
["ieee8021x"] = "1"
1640 params
= dict(radius
.items() + params
.items())
1641 hapd
= hostapd
.add_ap(apdev
[0], params
)
1642 key_mgmt
= hapd
.get_config()['key_mgmt']
1643 if key_mgmt
.split(' ')[0] != "FT-EAP":
1644 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
1646 hapd1
= hostapd
.add_ap(apdev
[1], { "ssid" : ssid
})
1648 # Connect to WPA enabled AP
1649 dev
[0].connect(ssid
, key_mgmt
="FT-EAP", proto
="WPA2", ieee80211w
="1",
1650 eap
="GPSK", identity
="gpsk user",
1651 password
="abcdefghijklmnop0123456789abcdef",
1654 # Try over_ds roaming to non-WPA-enabled AP.
1655 # If hostapd does not check hapd->wpa_auth internally, it will crash now.
1656 dev
[0].roam_over_ds(apdev
[1]['bssid'], fail_test
=True)
1658 def test_ap_ft_extra_ie(dev
, apdev
):
1659 """WPA2-PSK-FT AP with WPA2-PSK enabled and unexpected MDE"""
1661 passphrase
="12345678"
1663 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1664 params
["wpa_key_mgmt"] = "WPA-PSK FT-PSK"
1665 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1666 dev
[1].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1668 dev
[2].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK", proto
="WPA2",
1671 # Add Mobility Domain element to test AP validation code.
1672 dev
[0].request("VENDOR_ELEM_ADD 13 3603a1b201")
1673 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK", proto
="WPA2",
1674 scan_freq
="2412", wait_connect
=False)
1675 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED",
1676 "CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
1678 raise Exception("No connection result")
1679 if "CTRL-EVENT-CONNECTED" in ev
:
1680 raise Exception("Non-FT association accepted with MDE")
1681 if "status_code=43" not in ev
:
1682 raise Exception("Unexpected status code: " + ev
)
1683 dev
[0].request("DISCONNECT")
1685 dev
[0].request("VENDOR_ELEM_REMOVE 13 *")
1687 def test_ap_ft_ric(dev
, apdev
):
1688 """WPA2-PSK-FT AP and RIC"""
1690 passphrase
="12345678"
1692 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1693 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1694 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1695 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1697 dev
[0].set("ric_ies", "")
1698 dev
[0].set("ric_ies", '""')
1699 if "FAIL" not in dev
[0].request("SET ric_ies q"):
1700 raise Exception("Invalid ric_ies value accepted")
1705 "390400000000" + "390400000000",
1706 "390400000000" + "dd050050f20202",
1707 "390400000000" + "dd3d0050f2020201" + 55*"00",
1708 "390400000000" + "dd3d0050f2020201aa300010270000000000000000000000000000000000000000000000000000ffffff7f00000000000000000000000040420f00ffff0000",
1709 "390401010000" + "dd3d0050f2020201aa3000dc050000000000000000000000000000000000000000000000000000dc050000000000000000000000000000808d5b0028230000" ]
1711 dev
[0].set("ric_ies", t
)
1712 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
,
1713 test_connectivity
=False)
1714 dev
[0].request("REMOVE_NETWORK all")
1715 dev
[0].wait_disconnected()
1716 dev
[0].dump_monitor()
1718 def ie_hex(ies
, id):
1719 return binascii
.hexlify(struct
.pack('BB', id, len(ies
[id])) + ies
[id])
1721 def test_ap_ft_reassoc_proto(dev
, apdev
):
1722 """WPA2-PSK-FT AP Reassociation Request frame parsing"""
1724 passphrase
="12345678"
1726 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1727 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1728 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1729 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1731 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1732 ieee80211w
="1", scan_freq
="2412")
1733 if dev
[0].get_status_field('bssid') == hapd0
.own_addr():
1740 dev
[0].scan_for_bss(hapd2ap
.own_addr(), freq
="2412")
1741 hapd2ap
.set("ext_mgmt_frame_handling", "1")
1742 dev
[0].request("ROAM " + hapd2ap
.own_addr())
1745 req
= hapd2ap
.mgmt_rx()
1746 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']))
1747 if req
['subtype'] == 11:
1751 req
= hapd2ap
.mgmt_rx()
1752 if req
['subtype'] == 2:
1754 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']))
1756 # IEEE 802.11 header + fixed fields before IEs
1757 hdr
= binascii
.hexlify(req
['frame'][0:34])
1758 ies
= parse_ie(binascii
.hexlify(req
['frame'][34:]))
1759 # First elements: SSID, Supported Rates, Extended Supported Rates
1760 ies1
= ie_hex(ies
, 0) + ie_hex(ies
, 1) + ie_hex(ies
, 50)
1762 rsne
= ie_hex(ies
, 48)
1763 mde
= ie_hex(ies
, 54)
1764 fte
= ie_hex(ies
, 55)
1766 # RSN: Trying to use FT, but MDIE not included
1768 # RSN: Attempted to use unknown MDIE
1769 tests
+= [ rsne
+ "3603000000" ]
1770 # Invalid RSN pairwise cipher
1771 tests
+= [ "30260100000fac040100000fac030100000fac040000010029208a42cd25c85aa571567dce10dae3" ]
1772 # FT: No PMKID in RSNIE
1773 tests
+= [ "30160100000fac040100000fac040100000fac0400000000" + ie_hex(ies
, 54) ]
1775 tests
+= [ rsne
+ mde
]
1776 # FT: RIC IE(s) in the frame, but not included in protected IE count
1777 # FT: Failed to parse FT IEs
1778 tests
+= [ rsne
+ mde
+ fte
+ "3900" ]
1779 # FT: SNonce mismatch in FTIE
1780 tests
+= [ rsne
+ mde
+ "37520000" + 16*"00" + 32*"00" + 32*"00" ]
1781 # FT: ANonce mismatch in FTIE
1782 tests
+= [ rsne
+ mde
+ fte
[0:40] + 32*"00" + fte
[104:] ]
1783 # FT: No R0KH-ID subelem in FTIE
1784 tests
+= [ rsne
+ mde
+ "3752" + fte
[4:168] ]
1785 # FT: R0KH-ID in FTIE did not match with the current R0KH-ID
1786 tests
+= [ rsne
+ mde
+ "3755" + fte
[4:168] + "0301ff" ]
1787 # FT: No R1KH-ID subelem in FTIE
1788 tests
+= [ rsne
+ mde
+ "375e" + fte
[4:168] + "030a" + "nas1.w1.fi".encode("hex") ]
1789 # FT: Unknown R1KH-ID used in ReassocReq
1790 tests
+= [ rsne
+ mde
+ "3766" + fte
[4:168] + "030a" + "nas1.w1.fi".encode("hex") + "0106000000000000" ]
1791 # FT: PMKID in Reassoc Req did not match with the PMKR1Name derived from auth request
1792 tests
+= [ rsne
[:-32] + 16*"00" + mde
+ fte
]
1793 # Invalid MIC in FTIE
1794 tests
+= [ rsne
+ mde
+ fte
[0:8] + 16*"00" + fte
[40:] ]
1796 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr
+ ies1
+ t
)
1798 def test_ap_ft_reassoc_local_fail(dev
, apdev
):
1799 """WPA2-PSK-FT AP Reassociation Request frame and local failure"""
1801 passphrase
="12345678"
1803 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1804 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1805 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1806 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1808 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1809 ieee80211w
="1", scan_freq
="2412")
1810 if dev
[0].get_status_field('bssid') == hapd0
.own_addr():
1817 dev
[0].scan_for_bss(hapd2ap
.own_addr(), freq
="2412")
1818 # FT: Failed to calculate MIC
1819 with
fail_test(hapd2ap
, 1, "wpa_ft_validate_reassoc"):
1820 dev
[0].request("ROAM " + hapd2ap
.own_addr())
1821 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
1822 dev
[0].request("DISCONNECT")
1824 raise Exception("Association reject not seen")