]> git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_ap_ft.py
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tests: Allow ap_ft for remote tests
[thirdparty/hostap.git] / tests / hwsim / test_ap_ft.py
1 # Fast BSS Transition tests
2 # Copyright (c) 2013-2017, Jouni Malinen <j@w1.fi>
3 #
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
6
7 from remotehost import remote_compatible
8 import binascii
9 import os
10 import time
11 import logging
12 logger = logging.getLogger()
13 import struct
14
15 import hwsim_utils
16 import hostapd
17 from tshark import run_tshark
18 from utils import HwsimSkip, alloc_fail, fail_test, wait_fail_trigger, skip_with_fips, parse_ie
19 from wlantest import Wlantest
20 from test_ap_psk import check_mib, find_wpas_process, read_process_memory, verify_not_present, get_key_locations
21
22 def ft_base_rsn():
23 params = { "wpa": "2",
24 "wpa_key_mgmt": "FT-PSK",
25 "rsn_pairwise": "CCMP" }
26 return params
27
28 def ft_base_mixed():
29 params = { "wpa": "3",
30 "wpa_key_mgmt": "WPA-PSK FT-PSK",
31 "wpa_pairwise": "TKIP",
32 "rsn_pairwise": "CCMP" }
33 return params
34
35 def ft_params(rsn=True, ssid=None, passphrase=None):
36 if rsn:
37 params = ft_base_rsn()
38 else:
39 params = ft_base_mixed()
40 if ssid:
41 params["ssid"] = ssid
42 if passphrase:
43 params["wpa_passphrase"] = passphrase
44
45 params["mobility_domain"] = "a1b2"
46 params["r0_key_lifetime"] = "10000"
47 params["pmk_r1_push"] = "1"
48 params["reassociation_deadline"] = "1000"
49 return params
50
51 def ft_params1a(rsn=True, ssid=None, passphrase=None):
52 params = ft_params(rsn, ssid, passphrase)
53 params['nas_identifier'] = "nas1.w1.fi"
54 params['r1_key_holder'] = "000102030405"
55 return params
56
57 def ft_params1(rsn=True, ssid=None, passphrase=None, discovery=False):
58 params = ft_params1a(rsn, ssid, passphrase)
59 if discovery:
60 params['r0kh'] = "ff:ff:ff:ff:ff:ff * 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
61 params['r1kh'] = "00:00:00:00:00:00 00:00:00:00:00:00 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
62 else:
63 params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f",
64 "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f" ]
65 params['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f"
66 return params
67
68 def ft_params1_old_key(rsn=True, ssid=None, passphrase=None):
69 params = ft_params1a(rsn, ssid, passphrase)
70 params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f",
71 "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f" ]
72 params['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f"
73 return params
74
75 def ft_params2a(rsn=True, ssid=None, passphrase=None):
76 params = ft_params(rsn, ssid, passphrase)
77 params['nas_identifier'] = "nas2.w1.fi"
78 params['r1_key_holder'] = "000102030406"
79 return params
80
81 def ft_params2(rsn=True, ssid=None, passphrase=None, discovery=False):
82 params = ft_params2a(rsn, ssid, passphrase)
83 if discovery:
84 params['r0kh'] = "ff:ff:ff:ff:ff:ff * 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
85 params['r1kh'] = "00:00:00:00:00:00 00:00:00:00:00:00 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
86 else:
87 params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f",
88 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f" ]
89 params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"
90 return params
91
92 def ft_params2_old_key(rsn=True, ssid=None, passphrase=None):
93 params = ft_params2a(rsn, ssid, passphrase)
94 params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f",
95 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f" ]
96 params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f"
97 return params
98
99 def ft_params1_r0kh_mismatch(rsn=True, ssid=None, passphrase=None):
100 params = ft_params(rsn, ssid, passphrase)
101 params['nas_identifier'] = "nas1.w1.fi"
102 params['r1_key_holder'] = "000102030405"
103 params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f",
104 "12:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f" ]
105 params['r1kh'] = "12:00:00:00:04:00 10:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f"
106 return params
107
108 def ft_params2_incorrect_rrb_key(rsn=True, ssid=None, passphrase=None):
109 params = ft_params(rsn, ssid, passphrase)
110 params['nas_identifier'] = "nas2.w1.fi"
111 params['r1_key_holder'] = "000102030406"
112 params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0ef1200102030405060708090a0b0c0d0ef1",
113 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0ef2000102030405060708090a0b0c0d0ef2" ]
114 params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0ef3300102030405060708090a0b0c0d0ef3"
115 return params
116
117 def ft_params2_r0kh_mismatch(rsn=True, ssid=None, passphrase=None):
118 params = ft_params(rsn, ssid, passphrase)
119 params['nas_identifier'] = "nas2.w1.fi"
120 params['r1_key_holder'] = "000102030406"
121 params['r0kh'] = [ "12:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f",
122 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f" ]
123 params['r1kh'] = "12:00:00:00:03:00 10:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"
124 return params
125
126 def run_roams(dev, apdev, hapd0, hapd1, ssid, passphrase, over_ds=False,
127 sae=False, eap=False, fail_test=False, roams=1,
128 pairwise_cipher="CCMP", group_cipher="TKIP CCMP", ptk_rekey="0",
129 test_connectivity=True):
130 logger.info("Connect to first AP")
131 if eap:
132 dev.connect(ssid, key_mgmt="FT-EAP", proto="WPA2", ieee80211w="1",
133 eap="GPSK", identity="gpsk user",
134 password="abcdefghijklmnop0123456789abcdef",
135 scan_freq="2412",
136 pairwise=pairwise_cipher, group=group_cipher,
137 wpa_ptk_rekey=ptk_rekey)
138 else:
139 if sae:
140 key_mgmt="FT-SAE"
141 else:
142 key_mgmt="FT-PSK"
143 dev.connect(ssid, psk=passphrase, key_mgmt=key_mgmt, proto="WPA2",
144 ieee80211w="1", scan_freq="2412",
145 pairwise=pairwise_cipher, group=group_cipher,
146 wpa_ptk_rekey=ptk_rekey)
147 if dev.get_status_field('bssid') == apdev[0]['bssid']:
148 ap1 = apdev[0]
149 ap2 = apdev[1]
150 hapd1ap = hapd0
151 hapd2ap = hapd1
152 else:
153 ap1 = apdev[1]
154 ap2 = apdev[0]
155 hapd1ap = hapd1
156 hapd2ap = hapd0
157 if test_connectivity:
158 hwsim_utils.test_connectivity(dev, hapd1ap)
159
160 dev.scan_for_bss(ap2['bssid'], freq="2412")
161
162 for i in range(0, roams):
163 logger.info("Roam to the second AP")
164 if over_ds:
165 dev.roam_over_ds(ap2['bssid'], fail_test=fail_test)
166 else:
167 dev.roam(ap2['bssid'], fail_test=fail_test)
168 if fail_test:
169 return
170 if dev.get_status_field('bssid') != ap2['bssid']:
171 raise Exception("Did not connect to correct AP")
172 if (i == 0 or i == roams - 1) and test_connectivity:
173 hwsim_utils.test_connectivity(dev, hapd2ap)
174
175 logger.info("Roam back to the first AP")
176 if over_ds:
177 dev.roam_over_ds(ap1['bssid'])
178 else:
179 dev.roam(ap1['bssid'])
180 if dev.get_status_field('bssid') != ap1['bssid']:
181 raise Exception("Did not connect to correct AP")
182 if (i == 0 or i == roams - 1) and test_connectivity:
183 hwsim_utils.test_connectivity(dev, hapd1ap)
184
185 def test_ap_ft(dev, apdev):
186 """WPA2-PSK-FT AP"""
187 ssid = "test-ft"
188 passphrase="12345678"
189
190 params = ft_params1(ssid=ssid, passphrase=passphrase)
191 hapd0 = hostapd.add_ap(apdev[0], params)
192 params = ft_params2(ssid=ssid, passphrase=passphrase)
193 hapd1 = hostapd.add_ap(apdev[1], params)
194
195 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
196 if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"):
197 raise Exception("Scan results missing RSN element info")
198
199 def test_ap_ft_old_key(dev, apdev):
200 """WPA2-PSK-FT AP (old key)"""
201 ssid = "test-ft"
202 passphrase="12345678"
203
204 params = ft_params1_old_key(ssid=ssid, passphrase=passphrase)
205 hapd0 = hostapd.add_ap(apdev[0], params)
206 params = ft_params2_old_key(ssid=ssid, passphrase=passphrase)
207 hapd1 = hostapd.add_ap(apdev[1], params)
208
209 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
210
211 def test_ap_ft_multi_akm(dev, apdev):
212 """WPA2-PSK-FT AP with non-FT AKMs enabled"""
213 ssid = "test-ft"
214 passphrase="12345678"
215
216 params = ft_params1(ssid=ssid, passphrase=passphrase)
217 params["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256"
218 hapd0 = hostapd.add_ap(apdev[0], params)
219 params = ft_params2(ssid=ssid, passphrase=passphrase)
220 params["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256"
221 hapd1 = hostapd.add_ap(apdev[1], params)
222
223 Wlantest.setup(hapd0)
224 wt = Wlantest()
225 wt.flush()
226 wt.add_passphrase(passphrase)
227
228 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
229 if "[WPA2-PSK+FT/PSK+PSK-SHA256-CCMP]" not in dev[0].request("SCAN_RESULTS"):
230 raise Exception("Scan results missing RSN element info")
231 dev[1].connect(ssid, psk=passphrase, scan_freq="2412")
232 dev[2].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK-SHA256",
233 scan_freq="2412")
234
235 def test_ap_ft_local_key_gen(dev, apdev):
236 """WPA2-PSK-FT AP with local key generation (without pull/push)"""
237 ssid = "test-ft"
238 passphrase="12345678"
239
240 params = ft_params1a(ssid=ssid, passphrase=passphrase)
241 params['ft_psk_generate_local'] = "1";
242 del params['pmk_r1_push']
243 hapd0 = hostapd.add_ap(apdev[0], params)
244 params = ft_params2a(ssid=ssid, passphrase=passphrase)
245 params['ft_psk_generate_local'] = "1";
246 del params['pmk_r1_push']
247 hapd1 = hostapd.add_ap(apdev[1], params)
248
249 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
250 if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"):
251 raise Exception("Scan results missing RSN element info")
252
253 def test_ap_ft_many(dev, apdev):
254 """WPA2-PSK-FT AP multiple times"""
255 ssid = "test-ft"
256 passphrase="12345678"
257
258 params = ft_params1(ssid=ssid, passphrase=passphrase)
259 hapd0 = hostapd.add_ap(apdev[0], params)
260 params = ft_params2(ssid=ssid, passphrase=passphrase)
261 hapd1 = hostapd.add_ap(apdev[1], params)
262
263 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, roams=50)
264
265 def test_ap_ft_mixed(dev, apdev):
266 """WPA2-PSK-FT mixed-mode AP"""
267 ssid = "test-ft-mixed"
268 passphrase="12345678"
269
270 params = ft_params1(rsn=False, ssid=ssid, passphrase=passphrase)
271 hapd = hostapd.add_ap(apdev[0], params)
272 key_mgmt = hapd.get_config()['key_mgmt']
273 vals = key_mgmt.split(' ')
274 if vals[0] != "WPA-PSK" or vals[1] != "FT-PSK":
275 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
276 params = ft_params2(rsn=False, ssid=ssid, passphrase=passphrase)
277 hapd1 = hostapd.add_ap(apdev[1], params)
278
279 run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase)
280
281 def test_ap_ft_pmf(dev, apdev):
282 """WPA2-PSK-FT AP with PMF"""
283 ssid = "test-ft"
284 passphrase="12345678"
285
286 params = ft_params1(ssid=ssid, passphrase=passphrase)
287 params["ieee80211w"] = "2"
288 hapd0 = hostapd.add_ap(apdev[0], params)
289 params = ft_params2(ssid=ssid, passphrase=passphrase)
290 params["ieee80211w"] = "2"
291 hapd1 = hostapd.add_ap(apdev[1], params)
292
293 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
294
295 def test_ap_ft_over_ds(dev, apdev):
296 """WPA2-PSK-FT AP over DS"""
297 ssid = "test-ft"
298 passphrase="12345678"
299
300 params = ft_params1(ssid=ssid, passphrase=passphrase)
301 hapd0 = hostapd.add_ap(apdev[0], params)
302 params = ft_params2(ssid=ssid, passphrase=passphrase)
303 hapd1 = hostapd.add_ap(apdev[1], params)
304
305 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True)
306 check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"),
307 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4") ])
308
309 def test_ap_ft_over_ds_disabled(dev, apdev):
310 """WPA2-PSK-FT AP over DS disabled"""
311 ssid = "test-ft"
312 passphrase="12345678"
313
314 params = ft_params1(ssid=ssid, passphrase=passphrase)
315 params['ft_over_ds'] = '0'
316 hapd0 = hostapd.add_ap(apdev[0], params)
317 params = ft_params2(ssid=ssid, passphrase=passphrase)
318 params['ft_over_ds'] = '0'
319 hapd1 = hostapd.add_ap(apdev[1], params)
320
321 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
322 fail_test=True)
323
324 def test_ap_ft_over_ds_many(dev, apdev):
325 """WPA2-PSK-FT AP over DS multiple times"""
326 ssid = "test-ft"
327 passphrase="12345678"
328
329 params = ft_params1(ssid=ssid, passphrase=passphrase)
330 hapd0 = hostapd.add_ap(apdev[0], params)
331 params = ft_params2(ssid=ssid, passphrase=passphrase)
332 hapd1 = hostapd.add_ap(apdev[1], params)
333
334 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
335 roams=50)
336
337 @remote_compatible
338 def test_ap_ft_over_ds_unknown_target(dev, apdev):
339 """WPA2-PSK-FT AP"""
340 ssid = "test-ft"
341 passphrase="12345678"
342
343 params = ft_params1(ssid=ssid, passphrase=passphrase)
344 hapd0 = hostapd.add_ap(apdev[0], params)
345
346 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
347 scan_freq="2412")
348 dev[0].roam_over_ds("02:11:22:33:44:55", fail_test=True)
349
350 @remote_compatible
351 def test_ap_ft_over_ds_unexpected(dev, apdev):
352 """WPA2-PSK-FT AP over DS and unexpected response"""
353 ssid = "test-ft"
354 passphrase="12345678"
355
356 params = ft_params1(ssid=ssid, passphrase=passphrase)
357 hapd0 = hostapd.add_ap(apdev[0], params)
358 params = ft_params2(ssid=ssid, passphrase=passphrase)
359 hapd1 = hostapd.add_ap(apdev[1], params)
360
361 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
362 scan_freq="2412")
363 if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
364 ap1 = apdev[0]
365 ap2 = apdev[1]
366 hapd1ap = hapd0
367 hapd2ap = hapd1
368 else:
369 ap1 = apdev[1]
370 ap2 = apdev[0]
371 hapd1ap = hapd1
372 hapd2ap = hapd0
373
374 addr = dev[0].own_addr()
375 hapd1ap.set("ext_mgmt_frame_handling", "1")
376 logger.info("Foreign STA address")
377 msg = {}
378 msg['fc'] = 13 << 4
379 msg['da'] = addr
380 msg['sa'] = ap1['bssid']
381 msg['bssid'] = ap1['bssid']
382 msg['payload'] = binascii.unhexlify("06021122334455660102030405060000")
383 hapd1ap.mgmt_tx(msg)
384
385 logger.info("No over-the-DS in progress")
386 msg['payload'] = binascii.unhexlify("0602" + addr.replace(':', '') + "0102030405060000")
387 hapd1ap.mgmt_tx(msg)
388
389 logger.info("Non-zero status code")
390 msg['payload'] = binascii.unhexlify("0602" + addr.replace(':', '') + "0102030405060100")
391 hapd1ap.mgmt_tx(msg)
392
393 hapd1ap.dump_monitor()
394
395 dev[0].scan_for_bss(ap2['bssid'], freq="2412")
396 if "OK" not in dev[0].request("FT_DS " + ap2['bssid']):
397 raise Exception("FT_DS failed")
398
399 req = hapd1ap.mgmt_rx()
400
401 logger.info("Foreign Target AP")
402 msg['payload'] = binascii.unhexlify("0602" + addr.replace(':', '') + "0102030405060000")
403 hapd1ap.mgmt_tx(msg)
404
405 addrs = addr.replace(':', '') + ap2['bssid'].replace(':', '')
406
407 logger.info("No IEs")
408 msg['payload'] = binascii.unhexlify("0602" + addrs + "0000")
409 hapd1ap.mgmt_tx(msg)
410
411 logger.info("Invalid IEs (trigger parsing failure)")
412 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003700")
413 hapd1ap.mgmt_tx(msg)
414
415 logger.info("Too short MDIE")
416 msg['payload'] = binascii.unhexlify("0602" + addrs + "000036021122")
417 hapd1ap.mgmt_tx(msg)
418
419 logger.info("Mobility domain mismatch")
420 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603112201")
421 hapd1ap.mgmt_tx(msg)
422
423 logger.info("No FTIE")
424 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201")
425 hapd1ap.mgmt_tx(msg)
426
427 logger.info("FTIE SNonce mismatch")
428 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "1000000000000000000000000000000000000000000000000000000000000001" + "030a6e6173322e77312e6669")
429 hapd1ap.mgmt_tx(msg)
430
431 logger.info("No R0KH-ID subelem in FTIE")
432 snonce = binascii.hexlify(req['payload'][111:111+32])
433 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b20137520000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce)
434 hapd1ap.mgmt_tx(msg)
435
436 logger.info("No R0KH-ID subelem mismatch in FTIE")
437 snonce = binascii.hexlify(req['payload'][111:111+32])
438 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce + "030a11223344556677889900")
439 hapd1ap.mgmt_tx(msg)
440
441 logger.info("No R1KH-ID subelem in FTIE")
442 r0khid = binascii.hexlify(req['payload'][145:145+10])
443 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce + "030a" + r0khid)
444 hapd1ap.mgmt_tx(msg)
445
446 logger.info("No RSNE")
447 r0khid = binascii.hexlify(req['payload'][145:145+10])
448 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b20137660000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce + "030a" + r0khid + "0106000102030405")
449 hapd1ap.mgmt_tx(msg)
450
451 def test_ap_ft_pmf_over_ds(dev, apdev):
452 """WPA2-PSK-FT AP over DS with PMF"""
453 ssid = "test-ft"
454 passphrase="12345678"
455
456 params = ft_params1(ssid=ssid, passphrase=passphrase)
457 params["ieee80211w"] = "2"
458 hapd0 = hostapd.add_ap(apdev[0], params)
459 params = ft_params2(ssid=ssid, passphrase=passphrase)
460 params["ieee80211w"] = "2"
461 hapd1 = hostapd.add_ap(apdev[1], params)
462
463 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True)
464
465 def test_ap_ft_over_ds_pull(dev, apdev):
466 """WPA2-PSK-FT AP over DS (pull PMK)"""
467 ssid = "test-ft"
468 passphrase="12345678"
469
470 params = ft_params1(ssid=ssid, passphrase=passphrase)
471 params["pmk_r1_push"] = "0"
472 hapd0 = hostapd.add_ap(apdev[0], params)
473 params = ft_params2(ssid=ssid, passphrase=passphrase)
474 params["pmk_r1_push"] = "0"
475 hapd1 = hostapd.add_ap(apdev[1], params)
476
477 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True)
478
479 def test_ap_ft_over_ds_pull_old_key(dev, apdev):
480 """WPA2-PSK-FT AP over DS (pull PMK; old key)"""
481 ssid = "test-ft"
482 passphrase="12345678"
483
484 params = ft_params1_old_key(ssid=ssid, passphrase=passphrase)
485 params["pmk_r1_push"] = "0"
486 hapd0 = hostapd.add_ap(apdev[0], params)
487 params = ft_params2_old_key(ssid=ssid, passphrase=passphrase)
488 params["pmk_r1_push"] = "0"
489 hapd1 = hostapd.add_ap(apdev[1], params)
490
491 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True)
492
493 def test_ap_ft_sae(dev, apdev):
494 """WPA2-PSK-FT-SAE AP"""
495 if "SAE" not in dev[0].get_capability("auth_alg"):
496 raise HwsimSkip("SAE not supported")
497 ssid = "test-ft"
498 passphrase="12345678"
499
500 params = ft_params1(ssid=ssid, passphrase=passphrase)
501 params['wpa_key_mgmt'] = "FT-SAE"
502 hapd0 = hostapd.add_ap(apdev[0], params)
503 params = ft_params2(ssid=ssid, passphrase=passphrase)
504 params['wpa_key_mgmt'] = "FT-SAE"
505 hapd = hostapd.add_ap(apdev[1], params)
506 key_mgmt = hapd.get_config()['key_mgmt']
507 if key_mgmt.split(' ')[0] != "FT-SAE":
508 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
509
510 dev[0].request("SET sae_groups ")
511 run_roams(dev[0], apdev, hapd0, hapd, ssid, passphrase, sae=True)
512
513 def test_ap_ft_sae_over_ds(dev, apdev):
514 """WPA2-PSK-FT-SAE AP over DS"""
515 if "SAE" not in dev[0].get_capability("auth_alg"):
516 raise HwsimSkip("SAE not supported")
517 ssid = "test-ft"
518 passphrase="12345678"
519
520 params = ft_params1(ssid=ssid, passphrase=passphrase)
521 params['wpa_key_mgmt'] = "FT-SAE"
522 hapd0 = hostapd.add_ap(apdev[0], params)
523 params = ft_params2(ssid=ssid, passphrase=passphrase)
524 params['wpa_key_mgmt'] = "FT-SAE"
525 hapd1 = hostapd.add_ap(apdev[1], params)
526
527 dev[0].request("SET sae_groups ")
528 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, sae=True,
529 over_ds=True)
530
531 def generic_ap_ft_eap(dev, apdev, over_ds=False, discovery=False, roams=1):
532 ssid = "test-ft"
533 passphrase="12345678"
534
535 radius = hostapd.radius_params()
536 params = ft_params1(ssid=ssid, passphrase=passphrase, discovery=discovery)
537 params['wpa_key_mgmt'] = "FT-EAP"
538 params["ieee8021x"] = "1"
539 params = dict(radius.items() + params.items())
540 hapd = hostapd.add_ap(apdev[0], params)
541 key_mgmt = hapd.get_config()['key_mgmt']
542 if key_mgmt.split(' ')[0] != "FT-EAP":
543 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
544 params = ft_params2(ssid=ssid, passphrase=passphrase, discovery=discovery)
545 params['wpa_key_mgmt'] = "FT-EAP"
546 params["ieee8021x"] = "1"
547 params = dict(radius.items() + params.items())
548 hapd1 = hostapd.add_ap(apdev[1], params)
549
550 run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True,
551 over_ds=over_ds, roams=roams)
552 if "[WPA2-FT/EAP-CCMP]" not in dev[0].request("SCAN_RESULTS"):
553 raise Exception("Scan results missing RSN element info")
554 check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-3"),
555 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-3") ])
556
557 # Verify EAPOL reauthentication after FT protocol
558 if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
559 ap = hapd
560 else:
561 ap = hapd1
562 ap.request("EAPOL_REAUTH " + dev[0].own_addr())
563 ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)
564 if ev is None:
565 raise Exception("EAP authentication did not start")
566 ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=5)
567 if ev is None:
568 raise Exception("EAP authentication did not succeed")
569 time.sleep(0.1)
570 hwsim_utils.test_connectivity(dev[0], ap)
571
572 def test_ap_ft_eap(dev, apdev):
573 """WPA2-EAP-FT AP"""
574 generic_ap_ft_eap(dev, apdev)
575
576 def test_ap_ft_eap_over_ds(dev, apdev):
577 """WPA2-EAP-FT AP using over-the-DS"""
578 generic_ap_ft_eap(dev, apdev, over_ds=True)
579
580 def test_ap_ft_eap_dis(dev, apdev):
581 """WPA2-EAP-FT AP with AP discovery"""
582 generic_ap_ft_eap(dev, apdev, discovery=True)
583
584 def test_ap_ft_eap_dis_over_ds(dev, apdev):
585 """WPA2-EAP-FT AP with AP discovery and over-the-DS"""
586 generic_ap_ft_eap(dev, apdev, over_ds=True, discovery=True)
587
588 def test_ap_ft_eap_pull(dev, apdev):
589 """WPA2-EAP-FT AP (pull PMK)"""
590 ssid = "test-ft"
591 passphrase="12345678"
592
593 radius = hostapd.radius_params()
594 params = ft_params1(ssid=ssid, passphrase=passphrase)
595 params['wpa_key_mgmt'] = "FT-EAP"
596 params["ieee8021x"] = "1"
597 params["pmk_r1_push"] = "0"
598 params = dict(radius.items() + params.items())
599 hapd = hostapd.add_ap(apdev[0], params)
600 key_mgmt = hapd.get_config()['key_mgmt']
601 if key_mgmt.split(' ')[0] != "FT-EAP":
602 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
603 params = ft_params2(ssid=ssid, passphrase=passphrase)
604 params['wpa_key_mgmt'] = "FT-EAP"
605 params["ieee8021x"] = "1"
606 params["pmk_r1_push"] = "0"
607 params = dict(radius.items() + params.items())
608 hapd1 = hostapd.add_ap(apdev[1], params)
609
610 run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True)
611
612 def test_ap_ft_eap_pull_wildcard(dev, apdev):
613 """WPA2-EAP-FT AP (pull PMK) - wildcard R0KH/R1KH"""
614 ssid = "test-ft"
615 passphrase="12345678"
616
617 radius = hostapd.radius_params()
618 params = ft_params1(ssid=ssid, passphrase=passphrase, discovery=True)
619 params['wpa_key_mgmt'] = "WPA-EAP FT-EAP"
620 params["ieee8021x"] = "1"
621 params["pmk_r1_push"] = "0"
622 params["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
623 params["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
624 params["ft_psk_generate_local"] = "1"
625 params["eap_server"] = "0"
626 params = dict(radius.items() + params.items())
627 hapd = hostapd.add_ap(apdev[0], params)
628 params = ft_params2(ssid=ssid, passphrase=passphrase, discovery=True)
629 params['wpa_key_mgmt'] = "WPA-EAP FT-EAP"
630 params["ieee8021x"] = "1"
631 params["pmk_r1_push"] = "0"
632 params["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
633 params["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
634 params["ft_psk_generate_local"] = "1"
635 params["eap_server"] = "0"
636 params = dict(radius.items() + params.items())
637 hapd1 = hostapd.add_ap(apdev[1], params)
638
639 run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True)
640
641 @remote_compatible
642 def test_ap_ft_mismatching_rrb_key_push(dev, apdev):
643 """WPA2-PSK-FT AP over DS with mismatching RRB key (push)"""
644 ssid = "test-ft"
645 passphrase="12345678"
646
647 params = ft_params1(ssid=ssid, passphrase=passphrase)
648 params["ieee80211w"] = "2"
649 hapd0 = hostapd.add_ap(apdev[0], params)
650 params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase)
651 params["ieee80211w"] = "2"
652 hapd1 = hostapd.add_ap(apdev[1], params)
653
654 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
655 fail_test=True)
656
657 @remote_compatible
658 def test_ap_ft_mismatching_rrb_key_pull(dev, apdev):
659 """WPA2-PSK-FT AP over DS with mismatching RRB key (pull)"""
660 ssid = "test-ft"
661 passphrase="12345678"
662
663 params = ft_params1(ssid=ssid, passphrase=passphrase)
664 params["pmk_r1_push"] = "0"
665 hapd0 = hostapd.add_ap(apdev[0], params)
666 params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase)
667 params["pmk_r1_push"] = "0"
668 hapd1 = hostapd.add_ap(apdev[1], params)
669
670 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
671 fail_test=True)
672
673 @remote_compatible
674 def test_ap_ft_mismatching_r0kh_id_pull(dev, apdev):
675 """WPA2-PSK-FT AP over DS with mismatching R0KH-ID (pull)"""
676 ssid = "test-ft"
677 passphrase="12345678"
678
679 params = ft_params1(ssid=ssid, passphrase=passphrase)
680 params["pmk_r1_push"] = "0"
681 params["nas_identifier"] = "nas0.w1.fi"
682 hostapd.add_ap(apdev[0], params)
683 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
684 scan_freq="2412")
685
686 params = ft_params2(ssid=ssid, passphrase=passphrase)
687 params["pmk_r1_push"] = "0"
688 hostapd.add_ap(apdev[1], params)
689
690 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
691 dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True)
692
693 @remote_compatible
694 def test_ap_ft_mismatching_rrb_r0kh_push(dev, apdev):
695 """WPA2-PSK-FT AP over DS with mismatching R0KH key (push)"""
696 ssid = "test-ft"
697 passphrase="12345678"
698
699 params = ft_params1(ssid=ssid, passphrase=passphrase)
700 params["ieee80211w"] = "2"
701 hapd0 = hostapd.add_ap(apdev[0], params)
702 params = ft_params2_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
703 params["ieee80211w"] = "2"
704 hapd1 = hostapd.add_ap(apdev[1], params)
705
706 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
707 fail_test=True)
708
709 @remote_compatible
710 def test_ap_ft_mismatching_rrb_r0kh_pull(dev, apdev):
711 """WPA2-PSK-FT AP over DS with mismatching R0KH key (pull)"""
712 ssid = "test-ft"
713 passphrase="12345678"
714
715 params = ft_params1_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
716 params["pmk_r1_push"] = "0"
717 hapd0 = hostapd.add_ap(apdev[0], params)
718 params = ft_params2(ssid=ssid, passphrase=passphrase)
719 params["pmk_r1_push"] = "0"
720 hapd1 = hostapd.add_ap(apdev[1], params)
721
722 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
723 fail_test=True)
724
725 def test_ap_ft_mismatching_rrb_key_push_eap(dev, apdev):
726 """WPA2-EAP-FT AP over DS with mismatching RRB key (push)"""
727 ssid = "test-ft"
728 passphrase="12345678"
729
730 radius = hostapd.radius_params()
731 params = ft_params1(ssid=ssid, passphrase=passphrase)
732 params["ieee80211w"] = "2";
733 params['wpa_key_mgmt'] = "FT-EAP"
734 params["ieee8021x"] = "1"
735 params = dict(radius.items() + params.items())
736 hapd0 = hostapd.add_ap(apdev[0], params)
737 params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase)
738 params["ieee80211w"] = "2";
739 params['wpa_key_mgmt'] = "FT-EAP"
740 params["ieee8021x"] = "1"
741 params = dict(radius.items() + params.items())
742 hapd1 = hostapd.add_ap(apdev[1], params)
743
744 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
745 fail_test=True, eap=True)
746
747 def test_ap_ft_mismatching_rrb_key_pull_eap(dev, apdev):
748 """WPA2-EAP-FT AP over DS with mismatching RRB key (pull)"""
749 ssid = "test-ft"
750 passphrase="12345678"
751
752 radius = hostapd.radius_params()
753 params = ft_params1(ssid=ssid, passphrase=passphrase)
754 params["pmk_r1_push"] = "0"
755 params['wpa_key_mgmt'] = "FT-EAP"
756 params["ieee8021x"] = "1"
757 params = dict(radius.items() + params.items())
758 hapd0 = hostapd.add_ap(apdev[0], params)
759 params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase)
760 params["pmk_r1_push"] = "0"
761 params['wpa_key_mgmt'] = "FT-EAP"
762 params["ieee8021x"] = "1"
763 params = dict(radius.items() + params.items())
764 hapd1 = hostapd.add_ap(apdev[1], params)
765
766 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
767 fail_test=True, eap=True)
768
769 def test_ap_ft_mismatching_r0kh_id_pull_eap(dev, apdev):
770 """WPA2-EAP-FT AP over DS with mismatching R0KH-ID (pull)"""
771 ssid = "test-ft"
772 passphrase="12345678"
773
774 radius = hostapd.radius_params()
775 params = ft_params1(ssid=ssid, passphrase=passphrase)
776 params["pmk_r1_push"] = "0"
777 params["nas_identifier"] = "nas0.w1.fi"
778 params['wpa_key_mgmt'] = "FT-EAP"
779 params["ieee8021x"] = "1"
780 params = dict(radius.items() + params.items())
781 hostapd.add_ap(apdev[0], params)
782 dev[0].connect(ssid, key_mgmt="FT-EAP", proto="WPA2", ieee80211w="1",
783 eap="GPSK", identity="gpsk user",
784 password="abcdefghijklmnop0123456789abcdef",
785 scan_freq="2412")
786
787 params = ft_params2(ssid=ssid, passphrase=passphrase)
788 params["pmk_r1_push"] = "0"
789 params['wpa_key_mgmt'] = "FT-EAP"
790 params["ieee8021x"] = "1"
791 params = dict(radius.items() + params.items())
792 hostapd.add_ap(apdev[1], params)
793
794 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
795 dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True)
796
797 def test_ap_ft_mismatching_rrb_r0kh_push_eap(dev, apdev):
798 """WPA2-EAP-FT AP over DS with mismatching R0KH key (push)"""
799 ssid = "test-ft"
800 passphrase="12345678"
801
802 radius = hostapd.radius_params()
803 params = ft_params1(ssid=ssid, passphrase=passphrase)
804 params["ieee80211w"] = "2";
805 params['wpa_key_mgmt'] = "FT-EAP"
806 params["ieee8021x"] = "1"
807 params = dict(radius.items() + params.items())
808 hapd0 = hostapd.add_ap(apdev[0], params)
809 params = ft_params2_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
810 params["ieee80211w"] = "2";
811 params['wpa_key_mgmt'] = "FT-EAP"
812 params["ieee8021x"] = "1"
813 params = dict(radius.items() + params.items())
814 hapd1 = hostapd.add_ap(apdev[1], params)
815
816 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
817 fail_test=True, eap=True)
818
819 def test_ap_ft_mismatching_rrb_r0kh_pull_eap(dev, apdev):
820 """WPA2-EAP-FT AP over DS with mismatching R0KH key (pull)"""
821 ssid = "test-ft"
822 passphrase="12345678"
823
824 radius = hostapd.radius_params()
825 params = ft_params1_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
826 params["pmk_r1_push"] = "0"
827 params['wpa_key_mgmt'] = "FT-EAP"
828 params["ieee8021x"] = "1"
829 params = dict(radius.items() + params.items())
830 hapd0 = hostapd.add_ap(apdev[0], params)
831 params = ft_params2(ssid=ssid, passphrase=passphrase)
832 params["pmk_r1_push"] = "0"
833 params['wpa_key_mgmt'] = "FT-EAP"
834 params["ieee8021x"] = "1"
835 params = dict(radius.items() + params.items())
836 hapd1 = hostapd.add_ap(apdev[1], params)
837
838 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
839 fail_test=True, eap=True)
840
841 def test_ap_ft_gtk_rekey(dev, apdev):
842 """WPA2-PSK-FT AP and GTK rekey"""
843 ssid = "test-ft"
844 passphrase="12345678"
845
846 params = ft_params1(ssid=ssid, passphrase=passphrase)
847 params['wpa_group_rekey'] = '1'
848 hapd = hostapd.add_ap(apdev[0], params)
849
850 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
851 ieee80211w="1", scan_freq="2412")
852
853 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
854 if ev is None:
855 raise Exception("GTK rekey timed out after initial association")
856 hwsim_utils.test_connectivity(dev[0], hapd)
857
858 params = ft_params2(ssid=ssid, passphrase=passphrase)
859 params['wpa_group_rekey'] = '1'
860 hapd1 = hostapd.add_ap(apdev[1], params)
861
862 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
863 dev[0].roam(apdev[1]['bssid'])
864 if dev[0].get_status_field('bssid') != apdev[1]['bssid']:
865 raise Exception("Did not connect to correct AP")
866 hwsim_utils.test_connectivity(dev[0], hapd1)
867
868 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
869 if ev is None:
870 raise Exception("GTK rekey timed out after FT protocol")
871 hwsim_utils.test_connectivity(dev[0], hapd1)
872
873 def test_ft_psk_key_lifetime_in_memory(dev, apdev, params):
874 """WPA2-PSK-FT and key lifetime in memory"""
875 ssid = "test-ft"
876 passphrase="04c2726b4b8d5f1b4db9c07aa4d9e9d8f765cb5d25ec817e6cc4fcdd5255db0"
877 psk = '93c90846ff67af9037ed83fb72b63dbeddaa81d47f926c20909b5886f1d9358d'
878 pmk = binascii.unhexlify(psk)
879 p = ft_params1(ssid=ssid, passphrase=passphrase)
880 hapd0 = hostapd.add_ap(apdev[0], p)
881 p = ft_params2(ssid=ssid, passphrase=passphrase)
882 hapd1 = hostapd.add_ap(apdev[1], p)
883
884 pid = find_wpas_process(dev[0])
885
886 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
887 scan_freq="2412")
888 # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
889 # event has been delivered, so verify that wpa_supplicant has returned to
890 # eloop before reading process memory.
891 time.sleep(1)
892 dev[0].ping()
893
894 buf = read_process_memory(pid, pmk)
895
896 dev[0].request("DISCONNECT")
897 dev[0].wait_disconnected()
898
899 dev[0].relog()
900 pmkr0 = None
901 pmkr1 = None
902 ptk = None
903 gtk = None
904 with open(os.path.join(params['logdir'], 'log0'), 'r') as f:
905 for l in f.readlines():
906 if "FT: PMK-R0 - hexdump" in l:
907 val = l.strip().split(':')[3].replace(' ', '')
908 pmkr0 = binascii.unhexlify(val)
909 if "FT: PMK-R1 - hexdump" in l:
910 val = l.strip().split(':')[3].replace(' ', '')
911 pmkr1 = binascii.unhexlify(val)
912 if "FT: KCK - hexdump" in l:
913 val = l.strip().split(':')[3].replace(' ', '')
914 kck = binascii.unhexlify(val)
915 if "FT: KEK - hexdump" in l:
916 val = l.strip().split(':')[3].replace(' ', '')
917 kek = binascii.unhexlify(val)
918 if "FT: TK - hexdump" in l:
919 val = l.strip().split(':')[3].replace(' ', '')
920 tk = binascii.unhexlify(val)
921 if "WPA: Group Key - hexdump" in l:
922 val = l.strip().split(':')[3].replace(' ', '')
923 gtk = binascii.unhexlify(val)
924 if not pmkr0 or not pmkr1 or not kck or not kek or not tk or not gtk:
925 raise Exception("Could not find keys from debug log")
926 if len(gtk) != 16:
927 raise Exception("Unexpected GTK length")
928
929 logger.info("Checking keys in memory while associated")
930 get_key_locations(buf, pmk, "PMK")
931 get_key_locations(buf, pmkr0, "PMK-R0")
932 get_key_locations(buf, pmkr1, "PMK-R1")
933 if pmk not in buf:
934 raise HwsimSkip("PMK not found while associated")
935 if pmkr0 not in buf:
936 raise HwsimSkip("PMK-R0 not found while associated")
937 if pmkr1 not in buf:
938 raise HwsimSkip("PMK-R1 not found while associated")
939 if kck not in buf:
940 raise Exception("KCK not found while associated")
941 if kek not in buf:
942 raise Exception("KEK not found while associated")
943 #if tk in buf:
944 # raise Exception("TK found from memory")
945
946 logger.info("Checking keys in memory after disassociation")
947 buf = read_process_memory(pid, pmk)
948 get_key_locations(buf, pmk, "PMK")
949 get_key_locations(buf, pmkr0, "PMK-R0")
950 get_key_locations(buf, pmkr1, "PMK-R1")
951
952 # Note: PMK/PSK is still present in network configuration
953
954 fname = os.path.join(params['logdir'],
955 'ft_psk_key_lifetime_in_memory.memctx-')
956 verify_not_present(buf, pmkr0, fname, "PMK-R0")
957 verify_not_present(buf, pmkr1, fname, "PMK-R1")
958 verify_not_present(buf, kck, fname, "KCK")
959 verify_not_present(buf, kek, fname, "KEK")
960 verify_not_present(buf, tk, fname, "TK")
961 if gtk in buf:
962 get_key_locations(buf, gtk, "GTK")
963 verify_not_present(buf, gtk, fname, "GTK")
964
965 dev[0].request("REMOVE_NETWORK all")
966
967 logger.info("Checking keys in memory after network profile removal")
968 buf = read_process_memory(pid, pmk)
969 get_key_locations(buf, pmk, "PMK")
970 get_key_locations(buf, pmkr0, "PMK-R0")
971 get_key_locations(buf, pmkr1, "PMK-R1")
972
973 verify_not_present(buf, pmk, fname, "PMK")
974 verify_not_present(buf, pmkr0, fname, "PMK-R0")
975 verify_not_present(buf, pmkr1, fname, "PMK-R1")
976 verify_not_present(buf, kck, fname, "KCK")
977 verify_not_present(buf, kek, fname, "KEK")
978 verify_not_present(buf, tk, fname, "TK")
979 verify_not_present(buf, gtk, fname, "GTK")
980
981 @remote_compatible
982 def test_ap_ft_invalid_resp(dev, apdev):
983 """WPA2-PSK-FT AP and invalid response IEs"""
984 ssid = "test-ft"
985 passphrase="12345678"
986
987 params = ft_params1(ssid=ssid, passphrase=passphrase)
988 hapd0 = hostapd.add_ap(apdev[0], params)
989 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
990 scan_freq="2412")
991
992 params = ft_params2(ssid=ssid, passphrase=passphrase)
993 hapd1 = hostapd.add_ap(apdev[1], params)
994
995 tests = [
996 # Various IEs for test coverage. The last one is FTIE with invalid
997 # R1KH-ID subelement.
998 "020002000000" + "3800" + "38051122334455" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010100",
999 # FTIE with invalid R0KH-ID subelement (len=0).
1000 "020002000000" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010300",
1001 # FTIE with invalid R0KH-ID subelement (len=49).
1002 "020002000000" + "378500010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001033101020304050607080910111213141516171819202122232425262728293031323334353637383940414243444546474849",
1003 # Invalid RSNE.
1004 "020002000000" + "3000",
1005 # Required IEs missing from protected IE count.
1006 "020002000000" + "3603a1b201" + "375200010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
1007 # RIC missing from protected IE count.
1008 "020002000000" + "3603a1b201" + "375200020203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
1009 # Protected IE missing.
1010 "020002000000" + "3603a1b201" + "375200ff0203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900" + "0000" ]
1011 for t in tests:
1012 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
1013 hapd1.set("ext_mgmt_frame_handling", "1")
1014 hapd1.dump_monitor()
1015 if "OK" not in dev[0].request("ROAM " + apdev[1]['bssid']):
1016 raise Exception("ROAM failed")
1017 auth = None
1018 for i in range(20):
1019 msg = hapd1.mgmt_rx()
1020 if msg['subtype'] == 11:
1021 auth = msg
1022 break
1023 if not auth:
1024 raise Exception("Authentication frame not seen")
1025
1026 resp = {}
1027 resp['fc'] = auth['fc']
1028 resp['da'] = auth['sa']
1029 resp['sa'] = auth['da']
1030 resp['bssid'] = auth['bssid']
1031 resp['payload'] = binascii.unhexlify(t)
1032 hapd1.mgmt_tx(resp)
1033 hapd1.set("ext_mgmt_frame_handling", "0")
1034 dev[0].wait_disconnected()
1035
1036 dev[0].request("RECONNECT")
1037 dev[0].wait_connected()
1038
1039 def test_ap_ft_gcmp_256(dev, apdev):
1040 """WPA2-PSK-FT AP with GCMP-256 cipher"""
1041 if "GCMP-256" not in dev[0].get_capability("pairwise"):
1042 raise HwsimSkip("Cipher GCMP-256 not supported")
1043 ssid = "test-ft"
1044 passphrase="12345678"
1045
1046 params = ft_params1(ssid=ssid, passphrase=passphrase)
1047 params['rsn_pairwise'] = "GCMP-256"
1048 hapd0 = hostapd.add_ap(apdev[0], params)
1049 params = ft_params2(ssid=ssid, passphrase=passphrase)
1050 params['rsn_pairwise'] = "GCMP-256"
1051 hapd1 = hostapd.add_ap(apdev[1], params)
1052
1053 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase,
1054 pairwise_cipher="GCMP-256", group_cipher="GCMP-256")
1055
1056 def test_ap_ft_oom(dev, apdev):
1057 """WPA2-PSK-FT and OOM"""
1058 skip_with_fips(dev[0])
1059 ssid = "test-ft"
1060 passphrase="12345678"
1061
1062 params = ft_params1(ssid=ssid, passphrase=passphrase)
1063 hapd0 = hostapd.add_ap(apdev[0], params)
1064 params = ft_params2(ssid=ssid, passphrase=passphrase)
1065 hapd1 = hostapd.add_ap(apdev[1], params)
1066
1067 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1068 scan_freq="2412")
1069 if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
1070 dst = apdev[1]['bssid']
1071 else:
1072 dst = apdev[0]['bssid']
1073
1074 dev[0].scan_for_bss(dst, freq="2412")
1075 with alloc_fail(dev[0], 1, "wpa_ft_gen_req_ies"):
1076 dev[0].roam(dst)
1077 with fail_test(dev[0], 1, "wpa_ft_mic"):
1078 dev[0].roam(dst, fail_test=True)
1079 with fail_test(dev[0], 1, "os_get_random;wpa_ft_prepare_auth_request"):
1080 dev[0].roam(dst, fail_test=True)
1081
1082 dev[0].request("REMOVE_NETWORK all")
1083 with alloc_fail(dev[0], 1, "=sme_update_ft_ies"):
1084 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1085 scan_freq="2412")
1086
1087 def test_ap_ft_ap_oom(dev, apdev):
1088 """WPA2-PSK-FT and AP OOM"""
1089 ssid = "test-ft"
1090 passphrase="12345678"
1091
1092 params = ft_params1(ssid=ssid, passphrase=passphrase)
1093 hapd0 = hostapd.add_ap(apdev[0], params)
1094 bssid0 = hapd0.own_addr()
1095
1096 dev[0].scan_for_bss(bssid0, freq="2412")
1097 with alloc_fail(hapd0, 1, "wpa_ft_store_pmk_r0"):
1098 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1099 scan_freq="2412")
1100
1101 params = ft_params2(ssid=ssid, passphrase=passphrase)
1102 hapd1 = hostapd.add_ap(apdev[1], params)
1103 bssid1 = hapd1.own_addr()
1104 dev[0].scan_for_bss(bssid1, freq="2412")
1105 # This roam will fail due to missing PMK-R0 (OOM prevented storing it)
1106 dev[0].roam(bssid1)
1107
1108 def test_ap_ft_ap_oom2(dev, apdev):
1109 """WPA2-PSK-FT and AP OOM 2"""
1110 ssid = "test-ft"
1111 passphrase="12345678"
1112
1113 params = ft_params1(ssid=ssid, passphrase=passphrase)
1114 hapd0 = hostapd.add_ap(apdev[0], params)
1115 bssid0 = hapd0.own_addr()
1116
1117 dev[0].scan_for_bss(bssid0, freq="2412")
1118 with alloc_fail(hapd0, 1, "wpa_ft_store_pmk_r1"):
1119 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1120 scan_freq="2412")
1121
1122 params = ft_params2(ssid=ssid, passphrase=passphrase)
1123 hapd1 = hostapd.add_ap(apdev[1], params)
1124 bssid1 = hapd1.own_addr()
1125 dev[0].scan_for_bss(bssid1, freq="2412")
1126 dev[0].roam(bssid1)
1127 if dev[0].get_status_field('bssid') != bssid1:
1128 raise Exception("Did not roam to AP1")
1129 # This roam will fail due to missing PMK-R1 (OOM prevented storing it)
1130 dev[0].roam(bssid0)
1131
1132 def test_ap_ft_ap_oom3(dev, apdev):
1133 """WPA2-PSK-FT and AP OOM 3"""
1134 ssid = "test-ft"
1135 passphrase="12345678"
1136
1137 params = ft_params1(ssid=ssid, passphrase=passphrase)
1138 hapd0 = hostapd.add_ap(apdev[0], params)
1139 bssid0 = hapd0.own_addr()
1140
1141 dev[0].scan_for_bss(bssid0, freq="2412")
1142 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1143 scan_freq="2412")
1144
1145 params = ft_params2(ssid=ssid, passphrase=passphrase)
1146 hapd1 = hostapd.add_ap(apdev[1], params)
1147 bssid1 = hapd1.own_addr()
1148 dev[0].scan_for_bss(bssid1, freq="2412")
1149 with alloc_fail(hapd1, 1, "wpa_ft_pull_pmk_r1"):
1150 # This will fail due to not being able to send out PMK-R1 pull request
1151 dev[0].roam(bssid1)
1152
1153 with fail_test(hapd1, 2, "os_get_random;wpa_ft_pull_pmk_r1"):
1154 # This will fail due to not being able to send out PMK-R1 pull request
1155 dev[0].roam(bssid1)
1156
1157 with fail_test(hapd1, 2, "aes_siv_encrypt;wpa_ft_pull_pmk_r1"):
1158 # This will fail due to not being able to send out PMK-R1 pull request
1159 dev[0].roam(bssid1)
1160
1161 def test_ap_ft_ap_oom3b(dev, apdev):
1162 """WPA2-PSK-FT and AP OOM 3b"""
1163 ssid = "test-ft"
1164 passphrase="12345678"
1165
1166 params = ft_params1(ssid=ssid, passphrase=passphrase)
1167 hapd0 = hostapd.add_ap(apdev[0], params)
1168 bssid0 = hapd0.own_addr()
1169
1170 dev[0].scan_for_bss(bssid0, freq="2412")
1171 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1172 scan_freq="2412")
1173
1174 params = ft_params2(ssid=ssid, passphrase=passphrase)
1175 hapd1 = hostapd.add_ap(apdev[1], params)
1176 bssid1 = hapd1.own_addr()
1177 dev[0].scan_for_bss(bssid1, freq="2412")
1178 with fail_test(hapd1, 1, "os_get_random;wpa_ft_pull_pmk_r1"):
1179 # This will fail due to not being able to send out PMK-R1 pull request
1180 dev[0].roam(bssid1)
1181
1182 def test_ap_ft_ap_oom4(dev, apdev):
1183 """WPA2-PSK-FT and AP OOM 4"""
1184 ssid = "test-ft"
1185 passphrase="12345678"
1186
1187 params = ft_params1(ssid=ssid, passphrase=passphrase)
1188 hapd0 = hostapd.add_ap(apdev[0], params)
1189 bssid0 = hapd0.own_addr()
1190
1191 dev[0].scan_for_bss(bssid0, freq="2412")
1192 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1193 scan_freq="2412")
1194
1195 params = ft_params2(ssid=ssid, passphrase=passphrase)
1196 hapd1 = hostapd.add_ap(apdev[1], params)
1197 bssid1 = hapd1.own_addr()
1198 dev[0].scan_for_bss(bssid1, freq="2412")
1199 with alloc_fail(hapd1, 1, "wpa_ft_gtk_subelem"):
1200 dev[0].roam(bssid1)
1201 if dev[0].get_status_field('bssid') != bssid1:
1202 raise Exception("Did not roam to AP1")
1203
1204 with fail_test(hapd0, 1, "wpa_auth_get_seqnum;wpa_ft_gtk_subelem"):
1205 dev[0].roam(bssid0)
1206 if dev[0].get_status_field('bssid') != bssid0:
1207 raise Exception("Did not roam to AP0")
1208
1209 with fail_test(hapd0, 1, "aes_wrap;wpa_ft_gtk_subelem"):
1210 dev[0].roam(bssid1)
1211 if dev[0].get_status_field('bssid') != bssid1:
1212 raise Exception("Did not roam to AP1")
1213
1214 def test_ap_ft_ap_oom5(dev, apdev):
1215 """WPA2-PSK-FT and AP OOM 5"""
1216 ssid = "test-ft"
1217 passphrase="12345678"
1218
1219 params = ft_params1(ssid=ssid, passphrase=passphrase)
1220 hapd0 = hostapd.add_ap(apdev[0], params)
1221 bssid0 = hapd0.own_addr()
1222
1223 dev[0].scan_for_bss(bssid0, freq="2412")
1224 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1225 scan_freq="2412")
1226
1227 params = ft_params2(ssid=ssid, passphrase=passphrase)
1228 hapd1 = hostapd.add_ap(apdev[1], params)
1229 bssid1 = hapd1.own_addr()
1230 dev[0].scan_for_bss(bssid1, freq="2412")
1231 with alloc_fail(hapd1, 1, "=wpa_ft_process_auth_req"):
1232 # This will fail to roam
1233 dev[0].roam(bssid1)
1234
1235 with fail_test(hapd1, 1, "os_get_random;wpa_ft_process_auth_req"):
1236 # This will fail to roam
1237 dev[0].roam(bssid1)
1238
1239 with fail_test(hapd1, 1, "sha256_prf_bits;wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
1240 # This will fail to roam
1241 dev[0].roam(bssid1)
1242
1243 with fail_test(hapd1, 3, "wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
1244 # This will fail to roam
1245 dev[0].roam(bssid1)
1246
1247 with fail_test(hapd1, 1, "wpa_derive_pmk_r1_name;wpa_ft_process_auth_req"):
1248 # This will fail to roam
1249 dev[0].roam(bssid1)
1250
1251 def test_ap_ft_ap_oom6(dev, apdev):
1252 """WPA2-PSK-FT and AP OOM 6"""
1253 ssid = "test-ft"
1254 passphrase="12345678"
1255
1256 params = ft_params1(ssid=ssid, passphrase=passphrase)
1257 hapd0 = hostapd.add_ap(apdev[0], params)
1258 bssid0 = hapd0.own_addr()
1259
1260 dev[0].scan_for_bss(bssid0, freq="2412")
1261 with fail_test(hapd0, 1, "wpa_derive_pmk_r0;wpa_auth_derive_ptk_ft"):
1262 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1263 scan_freq="2412")
1264 dev[0].request("REMOVE_NETWORK all")
1265 dev[0].wait_disconnected()
1266 with fail_test(hapd0, 1, "wpa_derive_pmk_r1;wpa_auth_derive_ptk_ft"):
1267 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1268 scan_freq="2412")
1269 dev[0].request("REMOVE_NETWORK all")
1270 dev[0].wait_disconnected()
1271 with fail_test(hapd0, 1, "wpa_pmk_r1_to_ptk;wpa_auth_derive_ptk_ft"):
1272 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1273 scan_freq="2412")
1274
1275 def test_ap_ft_ap_oom7(dev, apdev):
1276 """WPA2-PSK-FT and AP OOM 7"""
1277 ssid = "test-ft"
1278 passphrase="12345678"
1279
1280 params = ft_params1(ssid=ssid, passphrase=passphrase)
1281 params["ieee80211w"] = "2"
1282 hapd0 = hostapd.add_ap(apdev[0], params)
1283 bssid0 = hapd0.own_addr()
1284
1285 dev[0].scan_for_bss(bssid0, freq="2412")
1286 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1287 ieee80211w="2", scan_freq="2412")
1288
1289 params = ft_params2(ssid=ssid, passphrase=passphrase)
1290 params["ieee80211w"] = "2"
1291 hapd1 = hostapd.add_ap(apdev[1], params)
1292 bssid1 = hapd1.own_addr()
1293 dev[0].scan_for_bss(bssid1, freq="2412")
1294 with alloc_fail(hapd1, 1, "wpa_ft_igtk_subelem"):
1295 # This will fail to roam
1296 dev[0].roam(bssid1)
1297 with fail_test(hapd1, 1, "aes_wrap;wpa_ft_igtk_subelem"):
1298 # This will fail to roam
1299 dev[0].roam(bssid1)
1300 with alloc_fail(hapd1, 1, "=wpa_sm_write_assoc_resp_ies"):
1301 # This will fail to roam
1302 dev[0].roam(bssid1)
1303 with fail_test(hapd1, 1, "wpa_ft_mic;wpa_sm_write_assoc_resp_ies"):
1304 # This will fail to roam
1305 dev[0].roam(bssid1)
1306
1307 def test_ap_ft_ap_oom8(dev, apdev):
1308 """WPA2-PSK-FT and AP OOM 8"""
1309 ssid = "test-ft"
1310 passphrase="12345678"
1311
1312 params = ft_params1(ssid=ssid, passphrase=passphrase)
1313 params['ft_psk_generate_local'] = "1";
1314 hapd0 = hostapd.add_ap(apdev[0], params)
1315 bssid0 = hapd0.own_addr()
1316
1317 dev[0].scan_for_bss(bssid0, freq="2412")
1318 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1319 scan_freq="2412")
1320
1321 params = ft_params2(ssid=ssid, passphrase=passphrase)
1322 params['ft_psk_generate_local'] = "1";
1323 hapd1 = hostapd.add_ap(apdev[1], params)
1324 bssid1 = hapd1.own_addr()
1325 dev[0].scan_for_bss(bssid1, freq="2412")
1326 with fail_test(hapd1, 1, "wpa_derive_pmk_r0;wpa_ft_psk_pmk_r1"):
1327 # This will fail to roam
1328 dev[0].roam(bssid1)
1329 with fail_test(hapd1, 1, "wpa_derive_pmk_r1;wpa_ft_psk_pmk_r1"):
1330 # This will fail to roam
1331 dev[0].roam(bssid1)
1332
1333 def test_ap_ft_ap_oom9(dev, apdev):
1334 """WPA2-PSK-FT and AP OOM 9"""
1335 ssid = "test-ft"
1336 passphrase="12345678"
1337
1338 params = ft_params1(ssid=ssid, passphrase=passphrase)
1339 hapd0 = hostapd.add_ap(apdev[0], params)
1340 bssid0 = hapd0.own_addr()
1341
1342 dev[0].scan_for_bss(bssid0, freq="2412")
1343 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1344 scan_freq="2412")
1345
1346 params = ft_params2(ssid=ssid, passphrase=passphrase)
1347 hapd1 = hostapd.add_ap(apdev[1], params)
1348 bssid1 = hapd1.own_addr()
1349 dev[0].scan_for_bss(bssid1, freq="2412")
1350
1351 with alloc_fail(hapd0, 1, "wpa_ft_action_rx"):
1352 # This will fail to roam
1353 if "OK" not in dev[0].request("FT_DS " + bssid1):
1354 raise Exception("FT_DS failed")
1355 wait_fail_trigger(hapd0, "GET_ALLOC_FAIL")
1356
1357 with alloc_fail(hapd1, 1, "wpa_ft_rrb_rx_request"):
1358 # This will fail to roam
1359 if "OK" not in dev[0].request("FT_DS " + bssid1):
1360 raise Exception("FT_DS failed")
1361 wait_fail_trigger(hapd1, "GET_ALLOC_FAIL")
1362
1363 with alloc_fail(hapd1, 1, "wpa_ft_send_rrb_auth_resp"):
1364 # This will fail to roam
1365 if "OK" not in dev[0].request("FT_DS " + bssid1):
1366 raise Exception("FT_DS failed")
1367 wait_fail_trigger(hapd1, "GET_ALLOC_FAIL")
1368
1369 def test_ap_ft_ap_oom10(dev, apdev):
1370 """WPA2-PSK-FT and AP OOM 10"""
1371 ssid = "test-ft"
1372 passphrase="12345678"
1373
1374 params = ft_params1(ssid=ssid, passphrase=passphrase)
1375 hapd0 = hostapd.add_ap(apdev[0], params)
1376 bssid0 = hapd0.own_addr()
1377
1378 dev[0].scan_for_bss(bssid0, freq="2412")
1379 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1380 scan_freq="2412")
1381
1382 params = ft_params2(ssid=ssid, passphrase=passphrase)
1383 hapd1 = hostapd.add_ap(apdev[1], params)
1384 bssid1 = hapd1.own_addr()
1385 dev[0].scan_for_bss(bssid1, freq="2412")
1386
1387 with fail_test(hapd0, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_pull"):
1388 # This will fail to roam
1389 if "OK" not in dev[0].request("FT_DS " + bssid1):
1390 raise Exception("FT_DS failed")
1391 wait_fail_trigger(hapd0, "GET_FAIL")
1392
1393 with fail_test(hapd0, 1, "wpa_derive_pmk_r1;wpa_ft_rrb_rx_pull"):
1394 # This will fail to roam
1395 if "OK" not in dev[0].request("FT_DS " + bssid1):
1396 raise Exception("FT_DS failed")
1397 wait_fail_trigger(hapd0, "GET_FAIL")
1398
1399 with fail_test(hapd0, 1, "aes_siv_encrypt;wpa_ft_rrb_rx_pull"):
1400 # This will fail to roam
1401 if "OK" not in dev[0].request("FT_DS " + bssid1):
1402 raise Exception("FT_DS failed")
1403 wait_fail_trigger(hapd0, "GET_FAIL")
1404
1405 with fail_test(hapd1, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_resp"):
1406 # This will fail to roam
1407 if "OK" not in dev[0].request("FT_DS " + bssid1):
1408 raise Exception("FT_DS failed")
1409 wait_fail_trigger(hapd1, "GET_FAIL")
1410
1411 def test_ap_ft_ap_oom11(dev, apdev):
1412 """WPA2-PSK-FT and AP OOM 11"""
1413 ssid = "test-ft"
1414 passphrase="12345678"
1415
1416 params = ft_params1(ssid=ssid, passphrase=passphrase)
1417 hapd0 = hostapd.add_ap(apdev[0], params)
1418 bssid0 = hapd0.own_addr()
1419
1420 dev[0].scan_for_bss(bssid0, freq="2412")
1421 with fail_test(hapd0, 1, "wpa_derive_pmk_r1;wpa_ft_generate_pmk_r1"):
1422 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1423 scan_freq="2412")
1424 wait_fail_trigger(hapd0, "GET_FAIL")
1425
1426 dev[1].scan_for_bss(bssid0, freq="2412")
1427 with fail_test(hapd0, 1, "aes_siv_encrypt;wpa_ft_generate_pmk_r1"):
1428 dev[1].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1429 scan_freq="2412")
1430 wait_fail_trigger(hapd0, "GET_FAIL")
1431
1432 def test_ap_ft_over_ds_proto_ap(dev, apdev):
1433 """WPA2-PSK-FT AP over DS protocol testing for AP processing"""
1434 ssid = "test-ft"
1435 passphrase="12345678"
1436
1437 params = ft_params1(ssid=ssid, passphrase=passphrase)
1438 hapd0 = hostapd.add_ap(apdev[0], params)
1439 bssid0 = hapd0.own_addr()
1440 _bssid0 = bssid0.replace(':', '')
1441 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1442 scan_freq="2412")
1443 addr = dev[0].own_addr()
1444 _addr = addr.replace(':', '')
1445
1446 params = ft_params2(ssid=ssid, passphrase=passphrase)
1447 hapd1 = hostapd.add_ap(apdev[1], params)
1448 bssid1 = hapd1.own_addr()
1449 _bssid1 = bssid1.replace(':', '')
1450
1451 hapd0.set("ext_mgmt_frame_handling", "1")
1452 hdr = "d0003a01" + _bssid0 + _addr + _bssid0 + "1000"
1453 valid = "0601" + _addr + _bssid1
1454 tests = [ "0601",
1455 "0601" + _addr,
1456 "0601" + _addr + _bssid0,
1457 "0601" + _addr + "ffffffffffff",
1458 "0601" + _bssid0 + _bssid0,
1459 valid,
1460 valid + "01",
1461 valid + "3700",
1462 valid + "3600",
1463 valid + "3603ffffff",
1464 valid + "3603a1b2ff",
1465 valid + "3603a1b2ff" + "3700",
1466 valid + "3603a1b2ff" + "37520000" + 16*"00" + 32*"00" + 32*"00",
1467 valid + "3603a1b2ff" + "37520001" + 16*"00" + 32*"00" + 32*"00",
1468 valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa",
1469 valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "3000",
1470 valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000facff00000100a225368fe0983b5828a37a0acb37f253",
1471 valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac030100000fac0400000100a225368fe0983b5828a37a0acb37f253",
1472 valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000fac0400000100a225368fe0983b5828a37a0acb37f253",
1473 valid + "0001" ]
1474 for t in tests:
1475 hapd0.dump_monitor()
1476 if "OK" not in hapd0.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + t):
1477 raise Exception("MGMT_RX_PROCESS failed")
1478
1479 hapd0.set("ext_mgmt_frame_handling", "0")
1480
1481 def test_ap_ft_over_ds_proto(dev, apdev):
1482 """WPA2-PSK-FT AP over DS protocol testing"""
1483 ssid = "test-ft"
1484 passphrase="12345678"
1485
1486 params = ft_params1(ssid=ssid, passphrase=passphrase)
1487 hapd0 = hostapd.add_ap(apdev[0], params)
1488 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1489 scan_freq="2412")
1490
1491 # FT Action Response while no FT-over-DS in progress
1492 msg = {}
1493 msg['fc'] = 13 << 4
1494 msg['da'] = dev[0].own_addr()
1495 msg['sa'] = apdev[0]['bssid']
1496 msg['bssid'] = apdev[0]['bssid']
1497 msg['payload'] = binascii.unhexlify("06020200000000000200000004000000")
1498 hapd0.mgmt_tx(msg)
1499
1500 params = ft_params2(ssid=ssid, passphrase=passphrase)
1501 hapd1 = hostapd.add_ap(apdev[1], params)
1502 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
1503 hapd0.set("ext_mgmt_frame_handling", "1")
1504 hapd0.dump_monitor()
1505 dev[0].request("FT_DS " + apdev[1]['bssid'])
1506 for i in range(0, 10):
1507 req = hapd0.mgmt_rx()
1508 if req is None:
1509 raise Exception("MGMT RX wait timed out")
1510 if req['subtype'] == 13:
1511 break
1512 req = None
1513 if not req:
1514 raise Exception("FT Action frame not received")
1515
1516 # FT Action Response for unexpected Target AP
1517 msg['payload'] = binascii.unhexlify("0602020000000000" + "f20000000400" + "0000")
1518 hapd0.mgmt_tx(msg)
1519
1520 # FT Action Response without MDIE
1521 msg['payload'] = binascii.unhexlify("0602020000000000" + "020000000400" + "0000")
1522 hapd0.mgmt_tx(msg)
1523
1524 # FT Action Response without FTIE
1525 msg['payload'] = binascii.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201")
1526 hapd0.mgmt_tx(msg)
1527
1528 # FT Action Response with FTIE SNonce mismatch
1529 msg['payload'] = binascii.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201" + "3766000000000000000000000000000000000000c4e67ac1999bebd00ff4ae4d5dcaf87896bb060b469f7c78d49623fb395c3455ffffff6b693fe6f8d8c5dfac0a22344750775bd09437f98b238c9f87b97f790c0106000102030406030a6e6173312e77312e6669")
1530 hapd0.mgmt_tx(msg)
1531
1532 @remote_compatible
1533 def test_ap_ft_rrb(dev, apdev):
1534 """WPA2-PSK-FT RRB protocol testing"""
1535 ssid = "test-ft"
1536 passphrase="12345678"
1537
1538 params = ft_params1(ssid=ssid, passphrase=passphrase)
1539 hapd0 = hostapd.add_ap(apdev[0], params)
1540
1541 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1542 scan_freq="2412")
1543
1544 _dst_ll = binascii.unhexlify(apdev[0]['bssid'].replace(':',''))
1545 _src_ll = binascii.unhexlify(dev[0].own_addr().replace(':',''))
1546 proto = '\x89\x0d'
1547 ehdr = _dst_ll + _src_ll + proto
1548
1549 # Too short RRB frame
1550 pkt = ehdr + '\x01'
1551 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1552 raise Exception("DATA_TEST_FRAME failed")
1553
1554 # RRB discarded frame wikth unrecognized type
1555 pkt = ehdr + '\x02' + '\x02' + '\x01\x00' + _src_ll
1556 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1557 raise Exception("DATA_TEST_FRAME failed")
1558
1559 # RRB frame too short for action frame
1560 pkt = ehdr + '\x01' + '\x02' + '\x01\x00' + _src_ll
1561 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1562 raise Exception("DATA_TEST_FRAME failed")
1563
1564 # Too short RRB frame (not enough room for Action Frame body)
1565 pkt = ehdr + '\x01' + '\x02' + '\x00\x00' + _src_ll
1566 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1567 raise Exception("DATA_TEST_FRAME failed")
1568
1569 # Unexpected Action frame category
1570 pkt = ehdr + '\x01' + '\x02' + '\x0e\x00' + _src_ll + '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1571 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1572 raise Exception("DATA_TEST_FRAME failed")
1573
1574 # Unexpected Action in RRB Request
1575 pkt = ehdr + '\x01' + '\x00' + '\x0e\x00' + _src_ll + '\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1576 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1577 raise Exception("DATA_TEST_FRAME failed")
1578
1579 # Target AP address in RRB Request does not match with own address
1580 pkt = ehdr + '\x01' + '\x00' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1581 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1582 raise Exception("DATA_TEST_FRAME failed")
1583
1584 # Not enough room for status code in RRB Response
1585 pkt = ehdr + '\x01' + '\x01' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1586 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1587 raise Exception("DATA_TEST_FRAME failed")
1588
1589 # RRB discarded frame with unknown packet_type
1590 pkt = ehdr + '\x01' + '\x02' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1591 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1592 raise Exception("DATA_TEST_FRAME failed")
1593
1594 # RRB Response with non-zero status code; no STA match
1595 pkt = ehdr + '\x01' + '\x01' + '\x10\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + '\xff\xff'
1596 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1597 raise Exception("DATA_TEST_FRAME failed")
1598
1599 # RRB Response with zero status code and extra data; STA match
1600 pkt = ehdr + '\x01' + '\x01' + '\x11\x00' + _src_ll + '\x06\x01' + _src_ll + '\x00\x00\x00\x00\x00\x00' + '\x00\x00' + '\x00'
1601 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1602 raise Exception("DATA_TEST_FRAME failed")
1603
1604 # Too short PMK-R1 pull
1605 pkt = ehdr + '\x01' + '\xc8' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1606 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1607 raise Exception("DATA_TEST_FRAME failed")
1608
1609 # Too short PMK-R1 resp
1610 pkt = ehdr + '\x01' + '\xc9' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1611 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1612 raise Exception("DATA_TEST_FRAME failed")
1613
1614 # Too short PMK-R1 push
1615 pkt = ehdr + '\x01' + '\xca' + '\x0e\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1616 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1617 raise Exception("DATA_TEST_FRAME failed")
1618
1619 # No matching R0KH address found for PMK-R0 pull response
1620 pkt = ehdr + '\x01' + '\xc9' + '\x5a\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + 76*'\00'
1621 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
1622 raise Exception("DATA_TEST_FRAME failed")
1623
1624 @remote_compatible
1625 def test_rsn_ie_proto_ft_psk_sta(dev, apdev):
1626 """RSN element protocol testing for FT-PSK + PMF cases on STA side"""
1627 bssid = apdev[0]['bssid']
1628 ssid = "test-ft"
1629 passphrase="12345678"
1630
1631 params = ft_params1(ssid=ssid, passphrase=passphrase)
1632 params["ieee80211w"] = "1"
1633 # This is the RSN element used normally by hostapd
1634 params['own_ie_override'] = '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'
1635 hapd = hostapd.add_ap(apdev[0], params)
1636 id = dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1637 ieee80211w="1", scan_freq="2412",
1638 pairwise="CCMP", group="CCMP")
1639
1640 tests = [ ('PMKIDCount field included',
1641 '30160100000fac040100000fac040100000fac048c000000' + '3603a1b201'),
1642 ('Extra IE before RSNE',
1643 'dd0400000000' + '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'),
1644 ('PMKIDCount and Group Management Cipher suite fields included',
1645 '301a0100000fac040100000fac040100000fac048c000000000fac06' + '3603a1b201'),
1646 ('Extra octet after defined fields (future extensibility)',
1647 '301b0100000fac040100000fac040100000fac048c000000000fac0600' + '3603a1b201'),
1648 ('No RSN Capabilities field (PMF disabled in practice)',
1649 '30120100000fac040100000fac040100000fac04' + '3603a1b201') ]
1650 for txt,ie in tests:
1651 dev[0].request("DISCONNECT")
1652 dev[0].wait_disconnected()
1653 logger.info(txt)
1654 hapd.disable()
1655 hapd.set('own_ie_override', ie)
1656 hapd.enable()
1657 dev[0].request("BSS_FLUSH 0")
1658 dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
1659 dev[0].select_network(id, freq=2412)
1660 dev[0].wait_connected()
1661
1662 dev[0].request("DISCONNECT")
1663 dev[0].wait_disconnected()
1664
1665 logger.info('Invalid RSNE causing internal hostapd error')
1666 hapd.disable()
1667 hapd.set('own_ie_override', '30130100000fac040100000fac040100000fac048c' + '3603a1b201')
1668 hapd.enable()
1669 dev[0].request("BSS_FLUSH 0")
1670 dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
1671 dev[0].select_network(id, freq=2412)
1672 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
1673 # complete.
1674 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
1675 if ev is not None:
1676 raise Exception("Unexpected connection")
1677 dev[0].request("DISCONNECT")
1678
1679 logger.info('Unexpected PMKID causing internal hostapd error')
1680 hapd.disable()
1681 hapd.set('own_ie_override', '30260100000fac040100000fac040100000fac048c000100ffffffffffffffffffffffffffffffff' + '3603a1b201')
1682 hapd.enable()
1683 dev[0].request("BSS_FLUSH 0")
1684 dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
1685 dev[0].select_network(id, freq=2412)
1686 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
1687 # complete.
1688 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
1689 if ev is not None:
1690 raise Exception("Unexpected connection")
1691 dev[0].request("DISCONNECT")
1692
1693 def test_ap_ft_ptk_rekey(dev, apdev):
1694 """WPA2-PSK-FT PTK rekeying triggered by station after roam"""
1695 ssid = "test-ft"
1696 passphrase="12345678"
1697
1698 params = ft_params1(ssid=ssid, passphrase=passphrase)
1699 hapd0 = hostapd.add_ap(apdev[0], params)
1700 params = ft_params2(ssid=ssid, passphrase=passphrase)
1701 hapd1 = hostapd.add_ap(apdev[1], params)
1702
1703 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, ptk_rekey="1")
1704
1705 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED",
1706 "WPA: Key negotiation completed"], timeout=5)
1707 if ev is None:
1708 raise Exception("No event received after roam")
1709 if "CTRL-EVENT-DISCONNECTED" in ev:
1710 raise Exception("Unexpected disconnection after roam")
1711
1712 if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
1713 hapd = hapd0
1714 else:
1715 hapd = hapd1
1716 hwsim_utils.test_connectivity(dev[0], hapd)
1717
1718 def test_ap_ft_ptk_rekey_ap(dev, apdev):
1719 """WPA2-PSK-FT PTK rekeying triggered by AP after roam"""
1720 ssid = "test-ft"
1721 passphrase="12345678"
1722
1723 params = ft_params1(ssid=ssid, passphrase=passphrase)
1724 params['wpa_ptk_rekey'] = '2'
1725 hapd0 = hostapd.add_ap(apdev[0], params)
1726 params = ft_params2(ssid=ssid, passphrase=passphrase)
1727 params['wpa_ptk_rekey'] = '2'
1728 hapd1 = hostapd.add_ap(apdev[1], params)
1729
1730 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
1731
1732 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED",
1733 "WPA: Key negotiation completed"], timeout=5)
1734 if ev is None:
1735 raise Exception("No event received after roam")
1736 if "CTRL-EVENT-DISCONNECTED" in ev:
1737 raise Exception("Unexpected disconnection after roam")
1738
1739 if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
1740 hapd = hapd0
1741 else:
1742 hapd = hapd1
1743 hwsim_utils.test_connectivity(dev[0], hapd)
1744
1745 def test_ap_ft_internal_rrb_check(dev, apdev):
1746 """RRB internal delivery only to WPA enabled BSS"""
1747 ssid = "test-ft"
1748 passphrase="12345678"
1749
1750 radius = hostapd.radius_params()
1751 params = ft_params1(ssid=ssid, passphrase=passphrase)
1752 params['wpa_key_mgmt'] = "FT-EAP"
1753 params["ieee8021x"] = "1"
1754 params = dict(radius.items() + params.items())
1755 hapd = hostapd.add_ap(apdev[0], params)
1756 key_mgmt = hapd.get_config()['key_mgmt']
1757 if key_mgmt.split(' ')[0] != "FT-EAP":
1758 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
1759
1760 hapd1 = hostapd.add_ap(apdev[1], { "ssid" : ssid })
1761
1762 # Connect to WPA enabled AP
1763 dev[0].connect(ssid, key_mgmt="FT-EAP", proto="WPA2", ieee80211w="1",
1764 eap="GPSK", identity="gpsk user",
1765 password="abcdefghijklmnop0123456789abcdef",
1766 scan_freq="2412")
1767
1768 # Try over_ds roaming to non-WPA-enabled AP.
1769 # If hostapd does not check hapd->wpa_auth internally, it will crash now.
1770 dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True)
1771
1772 def test_ap_ft_extra_ie(dev, apdev):
1773 """WPA2-PSK-FT AP with WPA2-PSK enabled and unexpected MDE"""
1774 ssid = "test-ft"
1775 passphrase="12345678"
1776
1777 params = ft_params1(ssid=ssid, passphrase=passphrase)
1778 params["wpa_key_mgmt"] = "WPA-PSK FT-PSK"
1779 hapd0 = hostapd.add_ap(apdev[0], params)
1780 dev[1].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1781 scan_freq="2412")
1782 dev[2].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK", proto="WPA2",
1783 scan_freq="2412")
1784 try:
1785 # Add Mobility Domain element to test AP validation code.
1786 dev[0].request("VENDOR_ELEM_ADD 13 3603a1b201")
1787 dev[0].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK", proto="WPA2",
1788 scan_freq="2412", wait_connect=False)
1789 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
1790 "CTRL-EVENT-ASSOC-REJECT"], timeout=10)
1791 if ev is None:
1792 raise Exception("No connection result")
1793 if "CTRL-EVENT-CONNECTED" in ev:
1794 raise Exception("Non-FT association accepted with MDE")
1795 if "status_code=43" not in ev:
1796 raise Exception("Unexpected status code: " + ev)
1797 dev[0].request("DISCONNECT")
1798 finally:
1799 dev[0].request("VENDOR_ELEM_REMOVE 13 *")
1800
1801 def test_ap_ft_ric(dev, apdev):
1802 """WPA2-PSK-FT AP and RIC"""
1803 ssid = "test-ft"
1804 passphrase="12345678"
1805
1806 params = ft_params1(ssid=ssid, passphrase=passphrase)
1807 hapd0 = hostapd.add_ap(apdev[0], params)
1808 params = ft_params2(ssid=ssid, passphrase=passphrase)
1809 hapd1 = hostapd.add_ap(apdev[1], params)
1810
1811 dev[0].set("ric_ies", "")
1812 dev[0].set("ric_ies", '""')
1813 if "FAIL" not in dev[0].request("SET ric_ies q"):
1814 raise Exception("Invalid ric_ies value accepted")
1815
1816 tests = [ "3900",
1817 "3900ff04eeeeeeee",
1818 "390400000000",
1819 "390400000000" + "390400000000",
1820 "390400000000" + "dd050050f20202",
1821 "390400000000" + "dd3d0050f2020201" + 55*"00",
1822 "390400000000" + "dd3d0050f2020201aa300010270000000000000000000000000000000000000000000000000000ffffff7f00000000000000000000000040420f00ffff0000",
1823 "390401010000" + "dd3d0050f2020201aa3000dc050000000000000000000000000000000000000000000000000000dc050000000000000000000000000000808d5b0028230000" ]
1824 for t in tests:
1825 dev[0].set("ric_ies", t)
1826 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase,
1827 test_connectivity=False)
1828 dev[0].request("REMOVE_NETWORK all")
1829 dev[0].wait_disconnected()
1830 dev[0].dump_monitor()
1831
1832 def ie_hex(ies, id):
1833 return binascii.hexlify(struct.pack('BB', id, len(ies[id])) + ies[id])
1834
1835 def test_ap_ft_reassoc_proto(dev, apdev):
1836 """WPA2-PSK-FT AP Reassociation Request frame parsing"""
1837 ssid = "test-ft"
1838 passphrase="12345678"
1839
1840 params = ft_params1(ssid=ssid, passphrase=passphrase)
1841 hapd0 = hostapd.add_ap(apdev[0], params)
1842 params = ft_params2(ssid=ssid, passphrase=passphrase)
1843 hapd1 = hostapd.add_ap(apdev[1], params)
1844
1845 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1846 ieee80211w="1", scan_freq="2412")
1847 if dev[0].get_status_field('bssid') == hapd0.own_addr():
1848 hapd1ap = hapd0
1849 hapd2ap = hapd1
1850 else:
1851 hapd1ap = hapd1
1852 hapd2ap = hapd0
1853
1854 dev[0].scan_for_bss(hapd2ap.own_addr(), freq="2412")
1855 hapd2ap.set("ext_mgmt_frame_handling", "1")
1856 dev[0].request("ROAM " + hapd2ap.own_addr())
1857
1858 while True:
1859 req = hapd2ap.mgmt_rx()
1860 hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']))
1861 if req['subtype'] == 11:
1862 break
1863
1864 while True:
1865 req = hapd2ap.mgmt_rx()
1866 if req['subtype'] == 2:
1867 break
1868 hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']))
1869
1870 # IEEE 802.11 header + fixed fields before IEs
1871 hdr = binascii.hexlify(req['frame'][0:34])
1872 ies = parse_ie(binascii.hexlify(req['frame'][34:]))
1873 # First elements: SSID, Supported Rates, Extended Supported Rates
1874 ies1 = ie_hex(ies, 0) + ie_hex(ies, 1) + ie_hex(ies, 50)
1875
1876 rsne = ie_hex(ies, 48)
1877 mde = ie_hex(ies, 54)
1878 fte = ie_hex(ies, 55)
1879 tests = [ ]
1880 # RSN: Trying to use FT, but MDIE not included
1881 tests += [ rsne ]
1882 # RSN: Attempted to use unknown MDIE
1883 tests += [ rsne + "3603000000" ]
1884 # Invalid RSN pairwise cipher
1885 tests += [ "30260100000fac040100000fac030100000fac040000010029208a42cd25c85aa571567dce10dae3" ]
1886 # FT: No PMKID in RSNIE
1887 tests += [ "30160100000fac040100000fac040100000fac0400000000" + ie_hex(ies, 54) ]
1888 # FT: Invalid FTIE
1889 tests += [ rsne + mde ]
1890 # FT: RIC IE(s) in the frame, but not included in protected IE count
1891 # FT: Failed to parse FT IEs
1892 tests += [ rsne + mde + fte + "3900" ]
1893 # FT: SNonce mismatch in FTIE
1894 tests += [ rsne + mde + "37520000" + 16*"00" + 32*"00" + 32*"00" ]
1895 # FT: ANonce mismatch in FTIE
1896 tests += [ rsne + mde + fte[0:40] + 32*"00" + fte[104:] ]
1897 # FT: No R0KH-ID subelem in FTIE
1898 tests += [ rsne + mde + "3752" + fte[4:168] ]
1899 # FT: R0KH-ID in FTIE did not match with the current R0KH-ID
1900 tests += [ rsne + mde + "3755" + fte[4:168] + "0301ff" ]
1901 # FT: No R1KH-ID subelem in FTIE
1902 tests += [ rsne + mde + "375e" + fte[4:168] + "030a" + "nas1.w1.fi".encode("hex") ]
1903 # FT: Unknown R1KH-ID used in ReassocReq
1904 tests += [ rsne + mde + "3766" + fte[4:168] + "030a" + "nas1.w1.fi".encode("hex") + "0106000000000000" ]
1905 # FT: PMKID in Reassoc Req did not match with the PMKR1Name derived from auth request
1906 tests += [ rsne[:-32] + 16*"00" + mde + fte ]
1907 # Invalid MIC in FTIE
1908 tests += [ rsne + mde + fte[0:8] + 16*"00" + fte[40:] ]
1909 for t in tests:
1910 hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + ies1 + t)
1911
1912 def test_ap_ft_reassoc_local_fail(dev, apdev):
1913 """WPA2-PSK-FT AP Reassociation Request frame and local failure"""
1914 ssid = "test-ft"
1915 passphrase="12345678"
1916
1917 params = ft_params1(ssid=ssid, passphrase=passphrase)
1918 hapd0 = hostapd.add_ap(apdev[0], params)
1919 params = ft_params2(ssid=ssid, passphrase=passphrase)
1920 hapd1 = hostapd.add_ap(apdev[1], params)
1921
1922 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1923 ieee80211w="1", scan_freq="2412")
1924 if dev[0].get_status_field('bssid') == hapd0.own_addr():
1925 hapd1ap = hapd0
1926 hapd2ap = hapd1
1927 else:
1928 hapd1ap = hapd1
1929 hapd2ap = hapd0
1930
1931 dev[0].scan_for_bss(hapd2ap.own_addr(), freq="2412")
1932 # FT: Failed to calculate MIC
1933 with fail_test(hapd2ap, 1, "wpa_ft_validate_reassoc"):
1934 dev[0].request("ROAM " + hapd2ap.own_addr())
1935 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
1936 dev[0].request("DISCONNECT")
1937 if ev is None:
1938 raise Exception("Association reject not seen")
1939
1940 def test_ap_ft_reassoc_replay(dev, apdev, params):
1941 """WPA2-PSK-FT AP and replayed Reassociation Request frame"""
1942 capfile = os.path.join(params['logdir'], "hwsim0.pcapng")
1943 ssid = "test-ft"
1944 passphrase="12345678"
1945
1946 params = ft_params1(ssid=ssid, passphrase=passphrase)
1947 hapd0 = hostapd.add_ap(apdev[0], params)
1948 params = ft_params2(ssid=ssid, passphrase=passphrase)
1949 hapd1 = hostapd.add_ap(apdev[1], params)
1950
1951 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1952 scan_freq="2412")
1953 if dev[0].get_status_field('bssid') == hapd0.own_addr():
1954 hapd1ap = hapd0
1955 hapd2ap = hapd1
1956 else:
1957 hapd1ap = hapd1
1958 hapd2ap = hapd0
1959
1960 dev[0].scan_for_bss(hapd2ap.own_addr(), freq="2412")
1961 hapd2ap.set("ext_mgmt_frame_handling", "1")
1962 dev[0].dump_monitor()
1963 if "OK" not in dev[0].request("ROAM " + hapd2ap.own_addr()):
1964 raise Exception("ROAM failed")
1965
1966 reassocreq = None
1967 count = 0
1968 while count < 100:
1969 req = hapd2ap.mgmt_rx()
1970 count += 1
1971 hapd2ap.dump_monitor()
1972 hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']))
1973 if req['subtype'] == 2:
1974 reassocreq = req
1975 ev = hapd2ap.wait_event(["MGMT-TX-STATUS"], timeout=5)
1976 if ev is None:
1977 raise Exception("No TX status seen")
1978 cmd = "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev.split(' ')[1:4]))
1979 if "OK" not in hapd2ap.request(cmd):
1980 raise Exception("MGMT_TX_STATUS_PROCESS failed")
1981 break
1982 hapd2ap.set("ext_mgmt_frame_handling", "0")
1983 if reassocreq is None:
1984 raise Exception("No Reassociation Request frame seen")
1985 dev[0].wait_connected()
1986 dev[0].dump_monitor()
1987 hapd2ap.dump_monitor()
1988
1989 hwsim_utils.test_connectivity(dev[0], hapd2ap)
1990
1991 logger.info("Replay the last Reassociation Request frame")
1992 hapd2ap.dump_monitor()
1993 hapd2ap.set("ext_mgmt_frame_handling", "1")
1994 hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']))
1995 ev = hapd2ap.wait_event(["MGMT-TX-STATUS"], timeout=5)
1996 if ev is None:
1997 raise Exception("No TX status seen")
1998 cmd = "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev.split(' ')[1:4]))
1999 if "OK" not in hapd2ap.request(cmd):
2000 raise Exception("MGMT_TX_STATUS_PROCESS failed")
2001 hapd2ap.set("ext_mgmt_frame_handling", "0")
2002
2003 try:
2004 hwsim_utils.test_connectivity(dev[0], hapd2ap)
2005 ok = True
2006 except:
2007 ok = False
2008
2009 ap = hapd2ap.own_addr()
2010 sta = dev[0].own_addr()
2011 filt = "wlan.fc.type == 2 && " + \
2012 "wlan.da == " + sta + " && " + \
2013 "wlan.sa == " + ap
2014 fields = [ "wlan.ccmp.extiv" ]
2015 res = run_tshark(capfile, filt, fields)
2016 vals = res.splitlines()
2017 logger.info("CCMP PN: " + str(vals))
2018 if len(vals) < 2:
2019 raise Exception("Could not find all CCMP protected frames from capture")
2020 if len(set(vals)) < len(vals):
2021 raise Exception("Duplicate CCMP PN used")
2022
2023 if not ok:
2024 raise Exception("The second hwsim connectivity test failed")
Unnamed repository; edit this file 'description' to name the repository.