]>
git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_ap_ft.py
1 # Fast BSS Transition tests
2 # Copyright (c) 2013-2017, Jouni Malinen <j@w1.fi>
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
7 from remotehost
import remote_compatible
12 logger
= logging
.getLogger()
17 from tshark
import run_tshark
18 from utils
import HwsimSkip
, alloc_fail
, fail_test
, wait_fail_trigger
, skip_with_fips
, parse_ie
19 from wlantest
import Wlantest
20 from test_ap_psk
import check_mib
, find_wpas_process
, read_process_memory
, verify_not_present
, get_key_locations
23 params
= { "wpa": "2",
24 "wpa_key_mgmt": "FT-PSK",
25 "rsn_pairwise": "CCMP" }
29 params
= { "wpa": "3",
30 "wpa_key_mgmt": "WPA-PSK FT-PSK",
31 "wpa_pairwise": "TKIP",
32 "rsn_pairwise": "CCMP" }
35 def ft_params(rsn
=True, ssid
=None, passphrase
=None):
37 params
= ft_base_rsn()
39 params
= ft_base_mixed()
43 params
["wpa_passphrase"] = passphrase
45 params
["mobility_domain"] = "a1b2"
46 params
["r0_key_lifetime"] = "10000"
47 params
["pmk_r1_push"] = "1"
48 params
["reassociation_deadline"] = "1000"
51 def ft_params1a(rsn
=True, ssid
=None, passphrase
=None):
52 params
= ft_params(rsn
, ssid
, passphrase
)
53 params
['nas_identifier'] = "nas1.w1.fi"
54 params
['r1_key_holder'] = "000102030405"
57 def ft_params1(rsn
=True, ssid
=None, passphrase
=None, discovery
=False):
58 params
= ft_params1a(rsn
, ssid
, passphrase
)
60 params
['r0kh'] = "ff:ff:ff:ff:ff:ff * 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
61 params
['r1kh'] = "00:00:00:00:00:00 00:00:00:00:00:00 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
63 params
['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f",
64 "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f" ]
65 params
['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f"
68 def ft_params1_old_key(rsn
=True, ssid
=None, passphrase
=None):
69 params
= ft_params1a(rsn
, ssid
, passphrase
)
70 params
['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f",
71 "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f" ]
72 params
['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f"
75 def ft_params2a(rsn
=True, ssid
=None, passphrase
=None):
76 params
= ft_params(rsn
, ssid
, passphrase
)
77 params
['nas_identifier'] = "nas2.w1.fi"
78 params
['r1_key_holder'] = "000102030406"
81 def ft_params2(rsn
=True, ssid
=None, passphrase
=None, discovery
=False):
82 params
= ft_params2a(rsn
, ssid
, passphrase
)
84 params
['r0kh'] = "ff:ff:ff:ff:ff:ff * 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
85 params
['r1kh'] = "00:00:00:00:00:00 00:00:00:00:00:00 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
87 params
['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f",
88 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f" ]
89 params
['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"
92 def ft_params2_old_key(rsn
=True, ssid
=None, passphrase
=None):
93 params
= ft_params2a(rsn
, ssid
, passphrase
)
94 params
['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f",
95 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f" ]
96 params
['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f"
99 def ft_params1_r0kh_mismatch(rsn
=True, ssid
=None, passphrase
=None):
100 params
= ft_params(rsn
, ssid
, passphrase
)
101 params
['nas_identifier'] = "nas1.w1.fi"
102 params
['r1_key_holder'] = "000102030405"
103 params
['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f",
104 "12:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f" ]
105 params
['r1kh'] = "12:00:00:00:04:00 10:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f"
108 def ft_params2_incorrect_rrb_key(rsn
=True, ssid
=None, passphrase
=None):
109 params
= ft_params(rsn
, ssid
, passphrase
)
110 params
['nas_identifier'] = "nas2.w1.fi"
111 params
['r1_key_holder'] = "000102030406"
112 params
['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0ef1200102030405060708090a0b0c0d0ef1",
113 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0ef2000102030405060708090a0b0c0d0ef2" ]
114 params
['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0ef3300102030405060708090a0b0c0d0ef3"
117 def ft_params2_r0kh_mismatch(rsn
=True, ssid
=None, passphrase
=None):
118 params
= ft_params(rsn
, ssid
, passphrase
)
119 params
['nas_identifier'] = "nas2.w1.fi"
120 params
['r1_key_holder'] = "000102030406"
121 params
['r0kh'] = [ "12:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f",
122 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f" ]
123 params
['r1kh'] = "12:00:00:00:03:00 10:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"
126 def run_roams(dev
, apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=False,
127 sae
=False, eap
=False, fail_test
=False, roams
=1,
128 pairwise_cipher
="CCMP", group_cipher
="TKIP CCMP", ptk_rekey
="0",
129 test_connectivity
=True):
130 logger
.info("Connect to first AP")
132 dev
.connect(ssid
, key_mgmt
="FT-EAP", proto
="WPA2", ieee80211w
="1",
133 eap
="GPSK", identity
="gpsk user",
134 password
="abcdefghijklmnop0123456789abcdef",
136 pairwise
=pairwise_cipher
, group
=group_cipher
,
137 wpa_ptk_rekey
=ptk_rekey
)
143 dev
.connect(ssid
, psk
=passphrase
, key_mgmt
=key_mgmt
, proto
="WPA2",
144 ieee80211w
="1", scan_freq
="2412",
145 pairwise
=pairwise_cipher
, group
=group_cipher
,
146 wpa_ptk_rekey
=ptk_rekey
)
147 if dev
.get_status_field('bssid') == apdev
[0]['bssid']:
157 if test_connectivity
:
158 hwsim_utils
.test_connectivity(dev
, hapd1ap
)
160 dev
.scan_for_bss(ap2
['bssid'], freq
="2412")
162 for i
in range(0, roams
):
163 logger
.info("Roam to the second AP")
165 dev
.roam_over_ds(ap2
['bssid'], fail_test
=fail_test
)
167 dev
.roam(ap2
['bssid'], fail_test
=fail_test
)
170 if dev
.get_status_field('bssid') != ap2
['bssid']:
171 raise Exception("Did not connect to correct AP")
172 if (i
== 0 or i
== roams
- 1) and test_connectivity
:
173 hwsim_utils
.test_connectivity(dev
, hapd2ap
)
175 logger
.info("Roam back to the first AP")
177 dev
.roam_over_ds(ap1
['bssid'])
179 dev
.roam(ap1
['bssid'])
180 if dev
.get_status_field('bssid') != ap1
['bssid']:
181 raise Exception("Did not connect to correct AP")
182 if (i
== 0 or i
== roams
- 1) and test_connectivity
:
183 hwsim_utils
.test_connectivity(dev
, hapd1ap
)
185 def test_ap_ft(dev
, apdev
):
188 passphrase
="12345678"
190 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
191 hapd0
= hostapd
.add_ap(apdev
[0], params
)
192 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
193 hapd1
= hostapd
.add_ap(apdev
[1], params
)
195 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
196 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
197 raise Exception("Scan results missing RSN element info")
199 def test_ap_ft_old_key(dev
, apdev
):
200 """WPA2-PSK-FT AP (old key)"""
202 passphrase
="12345678"
204 params
= ft_params1_old_key(ssid
=ssid
, passphrase
=passphrase
)
205 hapd0
= hostapd
.add_ap(apdev
[0], params
)
206 params
= ft_params2_old_key(ssid
=ssid
, passphrase
=passphrase
)
207 hapd1
= hostapd
.add_ap(apdev
[1], params
)
209 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
211 def test_ap_ft_multi_akm(dev
, apdev
):
212 """WPA2-PSK-FT AP with non-FT AKMs enabled"""
214 passphrase
="12345678"
216 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
217 params
["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256"
218 hapd0
= hostapd
.add_ap(apdev
[0], params
)
219 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
220 params
["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256"
221 hapd1
= hostapd
.add_ap(apdev
[1], params
)
223 Wlantest
.setup(hapd0
)
226 wt
.add_passphrase(passphrase
)
228 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
229 if "[WPA2-PSK+FT/PSK+PSK-SHA256-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
230 raise Exception("Scan results missing RSN element info")
231 dev
[1].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
232 dev
[2].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK-SHA256",
235 def test_ap_ft_local_key_gen(dev
, apdev
):
236 """WPA2-PSK-FT AP with local key generation (without pull/push)"""
238 passphrase
="12345678"
240 params
= ft_params1a(ssid
=ssid
, passphrase
=passphrase
)
241 params
['ft_psk_generate_local'] = "1";
242 del params
['pmk_r1_push']
243 hapd0
= hostapd
.add_ap(apdev
[0], params
)
244 params
= ft_params2a(ssid
=ssid
, passphrase
=passphrase
)
245 params
['ft_psk_generate_local'] = "1";
246 del params
['pmk_r1_push']
247 hapd1
= hostapd
.add_ap(apdev
[1], params
)
249 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
250 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
251 raise Exception("Scan results missing RSN element info")
253 def test_ap_ft_many(dev
, apdev
):
254 """WPA2-PSK-FT AP multiple times"""
256 passphrase
="12345678"
258 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
259 hapd0
= hostapd
.add_ap(apdev
[0], params
)
260 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
261 hapd1
= hostapd
.add_ap(apdev
[1], params
)
263 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, roams
=50)
265 def test_ap_ft_mixed(dev
, apdev
):
266 """WPA2-PSK-FT mixed-mode AP"""
267 ssid
= "test-ft-mixed"
268 passphrase
="12345678"
270 params
= ft_params1(rsn
=False, ssid
=ssid
, passphrase
=passphrase
)
271 hapd
= hostapd
.add_ap(apdev
[0], params
)
272 key_mgmt
= hapd
.get_config()['key_mgmt']
273 vals
= key_mgmt
.split(' ')
274 if vals
[0] != "WPA-PSK" or vals
[1] != "FT-PSK":
275 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
276 params
= ft_params2(rsn
=False, ssid
=ssid
, passphrase
=passphrase
)
277 hapd1
= hostapd
.add_ap(apdev
[1], params
)
279 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
)
281 def test_ap_ft_pmf(dev
, apdev
):
282 """WPA2-PSK-FT AP with PMF"""
284 passphrase
="12345678"
286 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
287 params
["ieee80211w"] = "2"
288 hapd0
= hostapd
.add_ap(apdev
[0], params
)
289 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
290 params
["ieee80211w"] = "2"
291 hapd1
= hostapd
.add_ap(apdev
[1], params
)
293 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
295 def test_ap_ft_over_ds(dev
, apdev
):
296 """WPA2-PSK-FT AP over DS"""
298 passphrase
="12345678"
300 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
301 hapd0
= hostapd
.add_ap(apdev
[0], params
)
302 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
303 hapd1
= hostapd
.add_ap(apdev
[1], params
)
305 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
306 check_mib(dev
[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"),
307 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4") ])
309 def test_ap_ft_over_ds_disabled(dev
, apdev
):
310 """WPA2-PSK-FT AP over DS disabled"""
312 passphrase
="12345678"
314 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
315 params
['ft_over_ds'] = '0'
316 hapd0
= hostapd
.add_ap(apdev
[0], params
)
317 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
318 params
['ft_over_ds'] = '0'
319 hapd1
= hostapd
.add_ap(apdev
[1], params
)
321 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
324 def test_ap_ft_over_ds_many(dev
, apdev
):
325 """WPA2-PSK-FT AP over DS multiple times"""
327 passphrase
="12345678"
329 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
330 hapd0
= hostapd
.add_ap(apdev
[0], params
)
331 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
332 hapd1
= hostapd
.add_ap(apdev
[1], params
)
334 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
338 def test_ap_ft_over_ds_unknown_target(dev
, apdev
):
341 passphrase
="12345678"
343 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
344 hapd0
= hostapd
.add_ap(apdev
[0], params
)
346 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
348 dev
[0].roam_over_ds("02:11:22:33:44:55", fail_test
=True)
351 def test_ap_ft_over_ds_unexpected(dev
, apdev
):
352 """WPA2-PSK-FT AP over DS and unexpected response"""
354 passphrase
="12345678"
356 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
357 hapd0
= hostapd
.add_ap(apdev
[0], params
)
358 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
359 hapd1
= hostapd
.add_ap(apdev
[1], params
)
361 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
363 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
374 addr
= dev
[0].own_addr()
375 hapd1ap
.set("ext_mgmt_frame_handling", "1")
376 logger
.info("Foreign STA address")
380 msg
['sa'] = ap1
['bssid']
381 msg
['bssid'] = ap1
['bssid']
382 msg
['payload'] = binascii
.unhexlify("06021122334455660102030405060000")
385 logger
.info("No over-the-DS in progress")
386 msg
['payload'] = binascii
.unhexlify("0602" + addr
.replace(':', '') + "0102030405060000")
389 logger
.info("Non-zero status code")
390 msg
['payload'] = binascii
.unhexlify("0602" + addr
.replace(':', '') + "0102030405060100")
393 hapd1ap
.dump_monitor()
395 dev
[0].scan_for_bss(ap2
['bssid'], freq
="2412")
396 if "OK" not in dev
[0].request("FT_DS " + ap2
['bssid']):
397 raise Exception("FT_DS failed")
399 req
= hapd1ap
.mgmt_rx()
401 logger
.info("Foreign Target AP")
402 msg
['payload'] = binascii
.unhexlify("0602" + addr
.replace(':', '') + "0102030405060000")
405 addrs
= addr
.replace(':', '') + ap2
['bssid'].replace(':', '')
407 logger
.info("No IEs")
408 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "0000")
411 logger
.info("Invalid IEs (trigger parsing failure)")
412 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003700")
415 logger
.info("Too short MDIE")
416 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "000036021122")
419 logger
.info("Mobility domain mismatch")
420 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603112201")
423 logger
.info("No FTIE")
424 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201")
427 logger
.info("FTIE SNonce mismatch")
428 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "1000000000000000000000000000000000000000000000000000000000000001" + "030a6e6173322e77312e6669")
431 logger
.info("No R0KH-ID subelem in FTIE")
432 snonce
= binascii
.hexlify(req
['payload'][111:111+32])
433 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b20137520000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
)
436 logger
.info("No R0KH-ID subelem mismatch in FTIE")
437 snonce
= binascii
.hexlify(req
['payload'][111:111+32])
438 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
+ "030a11223344556677889900")
441 logger
.info("No R1KH-ID subelem in FTIE")
442 r0khid
= binascii
.hexlify(req
['payload'][145:145+10])
443 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
+ "030a" + r0khid
)
446 logger
.info("No RSNE")
447 r0khid
= binascii
.hexlify(req
['payload'][145:145+10])
448 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b20137660000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
+ "030a" + r0khid
+ "0106000102030405")
451 def test_ap_ft_pmf_over_ds(dev
, apdev
):
452 """WPA2-PSK-FT AP over DS with PMF"""
454 passphrase
="12345678"
456 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
457 params
["ieee80211w"] = "2"
458 hapd0
= hostapd
.add_ap(apdev
[0], params
)
459 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
460 params
["ieee80211w"] = "2"
461 hapd1
= hostapd
.add_ap(apdev
[1], params
)
463 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
465 def test_ap_ft_over_ds_pull(dev
, apdev
):
466 """WPA2-PSK-FT AP over DS (pull PMK)"""
468 passphrase
="12345678"
470 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
471 params
["pmk_r1_push"] = "0"
472 hapd0
= hostapd
.add_ap(apdev
[0], params
)
473 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
474 params
["pmk_r1_push"] = "0"
475 hapd1
= hostapd
.add_ap(apdev
[1], params
)
477 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
479 def test_ap_ft_over_ds_pull_old_key(dev
, apdev
):
480 """WPA2-PSK-FT AP over DS (pull PMK; old key)"""
482 passphrase
="12345678"
484 params
= ft_params1_old_key(ssid
=ssid
, passphrase
=passphrase
)
485 params
["pmk_r1_push"] = "0"
486 hapd0
= hostapd
.add_ap(apdev
[0], params
)
487 params
= ft_params2_old_key(ssid
=ssid
, passphrase
=passphrase
)
488 params
["pmk_r1_push"] = "0"
489 hapd1
= hostapd
.add_ap(apdev
[1], params
)
491 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
493 def test_ap_ft_sae(dev
, apdev
):
494 """WPA2-PSK-FT-SAE AP"""
495 if "SAE" not in dev
[0].get_capability("auth_alg"):
496 raise HwsimSkip("SAE not supported")
498 passphrase
="12345678"
500 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
501 params
['wpa_key_mgmt'] = "FT-SAE"
502 hapd0
= hostapd
.add_ap(apdev
[0], params
)
503 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
504 params
['wpa_key_mgmt'] = "FT-SAE"
505 hapd
= hostapd
.add_ap(apdev
[1], params
)
506 key_mgmt
= hapd
.get_config()['key_mgmt']
507 if key_mgmt
.split(' ')[0] != "FT-SAE":
508 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
510 dev
[0].request("SET sae_groups ")
511 run_roams(dev
[0], apdev
, hapd0
, hapd
, ssid
, passphrase
, sae
=True)
513 def test_ap_ft_sae_over_ds(dev
, apdev
):
514 """WPA2-PSK-FT-SAE AP over DS"""
515 if "SAE" not in dev
[0].get_capability("auth_alg"):
516 raise HwsimSkip("SAE not supported")
518 passphrase
="12345678"
520 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
521 params
['wpa_key_mgmt'] = "FT-SAE"
522 hapd0
= hostapd
.add_ap(apdev
[0], params
)
523 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
524 params
['wpa_key_mgmt'] = "FT-SAE"
525 hapd1
= hostapd
.add_ap(apdev
[1], params
)
527 dev
[0].request("SET sae_groups ")
528 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, sae
=True,
531 def generic_ap_ft_eap(dev
, apdev
, over_ds
=False, discovery
=False, roams
=1):
533 passphrase
="12345678"
535 radius
= hostapd
.radius_params()
536 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
, discovery
=discovery
)
537 params
['wpa_key_mgmt'] = "FT-EAP"
538 params
["ieee8021x"] = "1"
539 params
= dict(radius
.items() + params
.items())
540 hapd
= hostapd
.add_ap(apdev
[0], params
)
541 key_mgmt
= hapd
.get_config()['key_mgmt']
542 if key_mgmt
.split(' ')[0] != "FT-EAP":
543 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
544 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
, discovery
=discovery
)
545 params
['wpa_key_mgmt'] = "FT-EAP"
546 params
["ieee8021x"] = "1"
547 params
= dict(radius
.items() + params
.items())
548 hapd1
= hostapd
.add_ap(apdev
[1], params
)
550 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
, eap
=True,
551 over_ds
=over_ds
, roams
=roams
)
552 if "[WPA2-FT/EAP-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
553 raise Exception("Scan results missing RSN element info")
554 check_mib(dev
[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-3"),
555 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-3") ])
557 # Verify EAPOL reauthentication after FT protocol
558 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
562 ap
.request("EAPOL_REAUTH " + dev
[0].own_addr())
563 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout
=5)
565 raise Exception("EAP authentication did not start")
566 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout
=5)
568 raise Exception("EAP authentication did not succeed")
570 hwsim_utils
.test_connectivity(dev
[0], ap
)
572 def test_ap_ft_eap(dev
, apdev
):
574 generic_ap_ft_eap(dev
, apdev
)
576 def test_ap_ft_eap_over_ds(dev
, apdev
):
577 """WPA2-EAP-FT AP using over-the-DS"""
578 generic_ap_ft_eap(dev
, apdev
, over_ds
=True)
580 def test_ap_ft_eap_dis(dev
, apdev
):
581 """WPA2-EAP-FT AP with AP discovery"""
582 generic_ap_ft_eap(dev
, apdev
, discovery
=True)
584 def test_ap_ft_eap_dis_over_ds(dev
, apdev
):
585 """WPA2-EAP-FT AP with AP discovery and over-the-DS"""
586 generic_ap_ft_eap(dev
, apdev
, over_ds
=True, discovery
=True)
588 def test_ap_ft_eap_pull(dev
, apdev
):
589 """WPA2-EAP-FT AP (pull PMK)"""
591 passphrase
="12345678"
593 radius
= hostapd
.radius_params()
594 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
595 params
['wpa_key_mgmt'] = "FT-EAP"
596 params
["ieee8021x"] = "1"
597 params
["pmk_r1_push"] = "0"
598 params
= dict(radius
.items() + params
.items())
599 hapd
= hostapd
.add_ap(apdev
[0], params
)
600 key_mgmt
= hapd
.get_config()['key_mgmt']
601 if key_mgmt
.split(' ')[0] != "FT-EAP":
602 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
603 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
604 params
['wpa_key_mgmt'] = "FT-EAP"
605 params
["ieee8021x"] = "1"
606 params
["pmk_r1_push"] = "0"
607 params
= dict(radius
.items() + params
.items())
608 hapd1
= hostapd
.add_ap(apdev
[1], params
)
610 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
, eap
=True)
612 def test_ap_ft_eap_pull_wildcard(dev
, apdev
):
613 """WPA2-EAP-FT AP (pull PMK) - wildcard R0KH/R1KH"""
615 passphrase
="12345678"
617 radius
= hostapd
.radius_params()
618 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
, discovery
=True)
619 params
['wpa_key_mgmt'] = "WPA-EAP FT-EAP"
620 params
["ieee8021x"] = "1"
621 params
["pmk_r1_push"] = "0"
622 params
["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
623 params
["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
624 params
["ft_psk_generate_local"] = "1"
625 params
["eap_server"] = "0"
626 params
= dict(radius
.items() + params
.items())
627 hapd
= hostapd
.add_ap(apdev
[0], params
)
628 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
, discovery
=True)
629 params
['wpa_key_mgmt'] = "WPA-EAP FT-EAP"
630 params
["ieee8021x"] = "1"
631 params
["pmk_r1_push"] = "0"
632 params
["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
633 params
["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
634 params
["ft_psk_generate_local"] = "1"
635 params
["eap_server"] = "0"
636 params
= dict(radius
.items() + params
.items())
637 hapd1
= hostapd
.add_ap(apdev
[1], params
)
639 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
, eap
=True)
642 def test_ap_ft_mismatching_rrb_key_push(dev
, apdev
):
643 """WPA2-PSK-FT AP over DS with mismatching RRB key (push)"""
645 passphrase
="12345678"
647 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
648 params
["ieee80211w"] = "2"
649 hapd0
= hostapd
.add_ap(apdev
[0], params
)
650 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
651 params
["ieee80211w"] = "2"
652 hapd1
= hostapd
.add_ap(apdev
[1], params
)
654 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
658 def test_ap_ft_mismatching_rrb_key_pull(dev
, apdev
):
659 """WPA2-PSK-FT AP over DS with mismatching RRB key (pull)"""
661 passphrase
="12345678"
663 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
664 params
["pmk_r1_push"] = "0"
665 hapd0
= hostapd
.add_ap(apdev
[0], params
)
666 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
667 params
["pmk_r1_push"] = "0"
668 hapd1
= hostapd
.add_ap(apdev
[1], params
)
670 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
674 def test_ap_ft_mismatching_r0kh_id_pull(dev
, apdev
):
675 """WPA2-PSK-FT AP over DS with mismatching R0KH-ID (pull)"""
677 passphrase
="12345678"
679 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
680 params
["pmk_r1_push"] = "0"
681 params
["nas_identifier"] = "nas0.w1.fi"
682 hostapd
.add_ap(apdev
[0], params
)
683 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
686 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
687 params
["pmk_r1_push"] = "0"
688 hostapd
.add_ap(apdev
[1], params
)
690 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
691 dev
[0].roam_over_ds(apdev
[1]['bssid'], fail_test
=True)
694 def test_ap_ft_mismatching_rrb_r0kh_push(dev
, apdev
):
695 """WPA2-PSK-FT AP over DS with mismatching R0KH key (push)"""
697 passphrase
="12345678"
699 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
700 params
["ieee80211w"] = "2"
701 hapd0
= hostapd
.add_ap(apdev
[0], params
)
702 params
= ft_params2_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
703 params
["ieee80211w"] = "2"
704 hapd1
= hostapd
.add_ap(apdev
[1], params
)
706 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
710 def test_ap_ft_mismatching_rrb_r0kh_pull(dev
, apdev
):
711 """WPA2-PSK-FT AP over DS with mismatching R0KH key (pull)"""
713 passphrase
="12345678"
715 params
= ft_params1_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
716 params
["pmk_r1_push"] = "0"
717 hapd0
= hostapd
.add_ap(apdev
[0], params
)
718 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
719 params
["pmk_r1_push"] = "0"
720 hapd1
= hostapd
.add_ap(apdev
[1], params
)
722 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
725 def test_ap_ft_mismatching_rrb_key_push_eap(dev
, apdev
):
726 """WPA2-EAP-FT AP over DS with mismatching RRB key (push)"""
728 passphrase
="12345678"
730 radius
= hostapd
.radius_params()
731 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
732 params
["ieee80211w"] = "2";
733 params
['wpa_key_mgmt'] = "FT-EAP"
734 params
["ieee8021x"] = "1"
735 params
= dict(radius
.items() + params
.items())
736 hapd0
= hostapd
.add_ap(apdev
[0], params
)
737 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
738 params
["ieee80211w"] = "2";
739 params
['wpa_key_mgmt'] = "FT-EAP"
740 params
["ieee8021x"] = "1"
741 params
= dict(radius
.items() + params
.items())
742 hapd1
= hostapd
.add_ap(apdev
[1], params
)
744 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
745 fail_test
=True, eap
=True)
747 def test_ap_ft_mismatching_rrb_key_pull_eap(dev
, apdev
):
748 """WPA2-EAP-FT AP over DS with mismatching RRB key (pull)"""
750 passphrase
="12345678"
752 radius
= hostapd
.radius_params()
753 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
754 params
["pmk_r1_push"] = "0"
755 params
['wpa_key_mgmt'] = "FT-EAP"
756 params
["ieee8021x"] = "1"
757 params
= dict(radius
.items() + params
.items())
758 hapd0
= hostapd
.add_ap(apdev
[0], params
)
759 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
760 params
["pmk_r1_push"] = "0"
761 params
['wpa_key_mgmt'] = "FT-EAP"
762 params
["ieee8021x"] = "1"
763 params
= dict(radius
.items() + params
.items())
764 hapd1
= hostapd
.add_ap(apdev
[1], params
)
766 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
767 fail_test
=True, eap
=True)
769 def test_ap_ft_mismatching_r0kh_id_pull_eap(dev
, apdev
):
770 """WPA2-EAP-FT AP over DS with mismatching R0KH-ID (pull)"""
772 passphrase
="12345678"
774 radius
= hostapd
.radius_params()
775 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
776 params
["pmk_r1_push"] = "0"
777 params
["nas_identifier"] = "nas0.w1.fi"
778 params
['wpa_key_mgmt'] = "FT-EAP"
779 params
["ieee8021x"] = "1"
780 params
= dict(radius
.items() + params
.items())
781 hostapd
.add_ap(apdev
[0], params
)
782 dev
[0].connect(ssid
, key_mgmt
="FT-EAP", proto
="WPA2", ieee80211w
="1",
783 eap
="GPSK", identity
="gpsk user",
784 password
="abcdefghijklmnop0123456789abcdef",
787 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
788 params
["pmk_r1_push"] = "0"
789 params
['wpa_key_mgmt'] = "FT-EAP"
790 params
["ieee8021x"] = "1"
791 params
= dict(radius
.items() + params
.items())
792 hostapd
.add_ap(apdev
[1], params
)
794 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
795 dev
[0].roam_over_ds(apdev
[1]['bssid'], fail_test
=True)
797 def test_ap_ft_mismatching_rrb_r0kh_push_eap(dev
, apdev
):
798 """WPA2-EAP-FT AP over DS with mismatching R0KH key (push)"""
800 passphrase
="12345678"
802 radius
= hostapd
.radius_params()
803 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
804 params
["ieee80211w"] = "2";
805 params
['wpa_key_mgmt'] = "FT-EAP"
806 params
["ieee8021x"] = "1"
807 params
= dict(radius
.items() + params
.items())
808 hapd0
= hostapd
.add_ap(apdev
[0], params
)
809 params
= ft_params2_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
810 params
["ieee80211w"] = "2";
811 params
['wpa_key_mgmt'] = "FT-EAP"
812 params
["ieee8021x"] = "1"
813 params
= dict(radius
.items() + params
.items())
814 hapd1
= hostapd
.add_ap(apdev
[1], params
)
816 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
817 fail_test
=True, eap
=True)
819 def test_ap_ft_mismatching_rrb_r0kh_pull_eap(dev
, apdev
):
820 """WPA2-EAP-FT AP over DS with mismatching R0KH key (pull)"""
822 passphrase
="12345678"
824 radius
= hostapd
.radius_params()
825 params
= ft_params1_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
826 params
["pmk_r1_push"] = "0"
827 params
['wpa_key_mgmt'] = "FT-EAP"
828 params
["ieee8021x"] = "1"
829 params
= dict(radius
.items() + params
.items())
830 hapd0
= hostapd
.add_ap(apdev
[0], params
)
831 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
832 params
["pmk_r1_push"] = "0"
833 params
['wpa_key_mgmt'] = "FT-EAP"
834 params
["ieee8021x"] = "1"
835 params
= dict(radius
.items() + params
.items())
836 hapd1
= hostapd
.add_ap(apdev
[1], params
)
838 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
839 fail_test
=True, eap
=True)
841 def test_ap_ft_gtk_rekey(dev
, apdev
):
842 """WPA2-PSK-FT AP and GTK rekey"""
844 passphrase
="12345678"
846 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
847 params
['wpa_group_rekey'] = '1'
848 hapd
= hostapd
.add_ap(apdev
[0], params
)
850 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
851 ieee80211w
="1", scan_freq
="2412")
853 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
855 raise Exception("GTK rekey timed out after initial association")
856 hwsim_utils
.test_connectivity(dev
[0], hapd
)
858 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
859 params
['wpa_group_rekey'] = '1'
860 hapd1
= hostapd
.add_ap(apdev
[1], params
)
862 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
863 dev
[0].roam(apdev
[1]['bssid'])
864 if dev
[0].get_status_field('bssid') != apdev
[1]['bssid']:
865 raise Exception("Did not connect to correct AP")
866 hwsim_utils
.test_connectivity(dev
[0], hapd1
)
868 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
870 raise Exception("GTK rekey timed out after FT protocol")
871 hwsim_utils
.test_connectivity(dev
[0], hapd1
)
873 def test_ft_psk_key_lifetime_in_memory(dev
, apdev
, params
):
874 """WPA2-PSK-FT and key lifetime in memory"""
876 passphrase
="04c2726b4b8d5f1b4db9c07aa4d9e9d8f765cb5d25ec817e6cc4fcdd5255db0"
877 psk
= '93c90846ff67af9037ed83fb72b63dbeddaa81d47f926c20909b5886f1d9358d'
878 pmk
= binascii
.unhexlify(psk
)
879 p
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
880 hapd0
= hostapd
.add_ap(apdev
[0], p
)
881 p
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
882 hapd1
= hostapd
.add_ap(apdev
[1], p
)
884 pid
= find_wpas_process(dev
[0])
886 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
888 # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
889 # event has been delivered, so verify that wpa_supplicant has returned to
890 # eloop before reading process memory.
894 buf
= read_process_memory(pid
, pmk
)
896 dev
[0].request("DISCONNECT")
897 dev
[0].wait_disconnected()
904 with
open(os
.path
.join(params
['logdir'], 'log0'), 'r') as f
:
905 for l
in f
.readlines():
906 if "FT: PMK-R0 - hexdump" in l
:
907 val
= l
.strip().split(':')[3].replace(' ', '')
908 pmkr0
= binascii
.unhexlify(val
)
909 if "FT: PMK-R1 - hexdump" in l
:
910 val
= l
.strip().split(':')[3].replace(' ', '')
911 pmkr1
= binascii
.unhexlify(val
)
912 if "FT: KCK - hexdump" in l
:
913 val
= l
.strip().split(':')[3].replace(' ', '')
914 kck
= binascii
.unhexlify(val
)
915 if "FT: KEK - hexdump" in l
:
916 val
= l
.strip().split(':')[3].replace(' ', '')
917 kek
= binascii
.unhexlify(val
)
918 if "FT: TK - hexdump" in l
:
919 val
= l
.strip().split(':')[3].replace(' ', '')
920 tk
= binascii
.unhexlify(val
)
921 if "WPA: Group Key - hexdump" in l
:
922 val
= l
.strip().split(':')[3].replace(' ', '')
923 gtk
= binascii
.unhexlify(val
)
924 if not pmkr0
or not pmkr1
or not kck
or not kek
or not tk
or not gtk
:
925 raise Exception("Could not find keys from debug log")
927 raise Exception("Unexpected GTK length")
929 logger
.info("Checking keys in memory while associated")
930 get_key_locations(buf
, pmk
, "PMK")
931 get_key_locations(buf
, pmkr0
, "PMK-R0")
932 get_key_locations(buf
, pmkr1
, "PMK-R1")
934 raise HwsimSkip("PMK not found while associated")
936 raise HwsimSkip("PMK-R0 not found while associated")
938 raise HwsimSkip("PMK-R1 not found while associated")
940 raise Exception("KCK not found while associated")
942 raise Exception("KEK not found while associated")
944 # raise Exception("TK found from memory")
946 logger
.info("Checking keys in memory after disassociation")
947 buf
= read_process_memory(pid
, pmk
)
948 get_key_locations(buf
, pmk
, "PMK")
949 get_key_locations(buf
, pmkr0
, "PMK-R0")
950 get_key_locations(buf
, pmkr1
, "PMK-R1")
952 # Note: PMK/PSK is still present in network configuration
954 fname
= os
.path
.join(params
['logdir'],
955 'ft_psk_key_lifetime_in_memory.memctx-')
956 verify_not_present(buf
, pmkr0
, fname
, "PMK-R0")
957 verify_not_present(buf
, pmkr1
, fname
, "PMK-R1")
958 verify_not_present(buf
, kck
, fname
, "KCK")
959 verify_not_present(buf
, kek
, fname
, "KEK")
960 verify_not_present(buf
, tk
, fname
, "TK")
962 get_key_locations(buf
, gtk
, "GTK")
963 verify_not_present(buf
, gtk
, fname
, "GTK")
965 dev
[0].request("REMOVE_NETWORK all")
967 logger
.info("Checking keys in memory after network profile removal")
968 buf
= read_process_memory(pid
, pmk
)
969 get_key_locations(buf
, pmk
, "PMK")
970 get_key_locations(buf
, pmkr0
, "PMK-R0")
971 get_key_locations(buf
, pmkr1
, "PMK-R1")
973 verify_not_present(buf
, pmk
, fname
, "PMK")
974 verify_not_present(buf
, pmkr0
, fname
, "PMK-R0")
975 verify_not_present(buf
, pmkr1
, fname
, "PMK-R1")
976 verify_not_present(buf
, kck
, fname
, "KCK")
977 verify_not_present(buf
, kek
, fname
, "KEK")
978 verify_not_present(buf
, tk
, fname
, "TK")
979 verify_not_present(buf
, gtk
, fname
, "GTK")
982 def test_ap_ft_invalid_resp(dev
, apdev
):
983 """WPA2-PSK-FT AP and invalid response IEs"""
985 passphrase
="12345678"
987 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
988 hapd0
= hostapd
.add_ap(apdev
[0], params
)
989 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
992 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
993 hapd1
= hostapd
.add_ap(apdev
[1], params
)
996 # Various IEs for test coverage. The last one is FTIE with invalid
997 # R1KH-ID subelement.
998 "020002000000" + "3800" + "38051122334455" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010100",
999 # FTIE with invalid R0KH-ID subelement (len=0).
1000 "020002000000" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010300",
1001 # FTIE with invalid R0KH-ID subelement (len=49).
1002 "020002000000" + "378500010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001033101020304050607080910111213141516171819202122232425262728293031323334353637383940414243444546474849",
1004 "020002000000" + "3000",
1005 # Required IEs missing from protected IE count.
1006 "020002000000" + "3603a1b201" + "375200010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
1007 # RIC missing from protected IE count.
1008 "020002000000" + "3603a1b201" + "375200020203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
1009 # Protected IE missing.
1010 "020002000000" + "3603a1b201" + "375200ff0203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900" + "0000" ]
1012 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
1013 hapd1
.set("ext_mgmt_frame_handling", "1")
1014 hapd1
.dump_monitor()
1015 if "OK" not in dev
[0].request("ROAM " + apdev
[1]['bssid']):
1016 raise Exception("ROAM failed")
1019 msg
= hapd1
.mgmt_rx()
1020 if msg
['subtype'] == 11:
1024 raise Exception("Authentication frame not seen")
1027 resp
['fc'] = auth
['fc']
1028 resp
['da'] = auth
['sa']
1029 resp
['sa'] = auth
['da']
1030 resp
['bssid'] = auth
['bssid']
1031 resp
['payload'] = binascii
.unhexlify(t
)
1033 hapd1
.set("ext_mgmt_frame_handling", "0")
1034 dev
[0].wait_disconnected()
1036 dev
[0].request("RECONNECT")
1037 dev
[0].wait_connected()
1039 def test_ap_ft_gcmp_256(dev
, apdev
):
1040 """WPA2-PSK-FT AP with GCMP-256 cipher"""
1041 if "GCMP-256" not in dev
[0].get_capability("pairwise"):
1042 raise HwsimSkip("Cipher GCMP-256 not supported")
1044 passphrase
="12345678"
1046 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1047 params
['rsn_pairwise'] = "GCMP-256"
1048 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1049 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1050 params
['rsn_pairwise'] = "GCMP-256"
1051 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1053 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
,
1054 pairwise_cipher
="GCMP-256", group_cipher
="GCMP-256")
1056 def test_ap_ft_oom(dev
, apdev
):
1057 """WPA2-PSK-FT and OOM"""
1058 skip_with_fips(dev
[0])
1060 passphrase
="12345678"
1062 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1063 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1064 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1065 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1067 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1069 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
1070 dst
= apdev
[1]['bssid']
1072 dst
= apdev
[0]['bssid']
1074 dev
[0].scan_for_bss(dst
, freq
="2412")
1075 with
alloc_fail(dev
[0], 1, "wpa_ft_gen_req_ies"):
1077 with
fail_test(dev
[0], 1, "wpa_ft_mic"):
1078 dev
[0].roam(dst
, fail_test
=True)
1079 with
fail_test(dev
[0], 1, "os_get_random;wpa_ft_prepare_auth_request"):
1080 dev
[0].roam(dst
, fail_test
=True)
1082 dev
[0].request("REMOVE_NETWORK all")
1083 with
alloc_fail(dev
[0], 1, "=sme_update_ft_ies"):
1084 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1087 def test_ap_ft_ap_oom(dev
, apdev
):
1088 """WPA2-PSK-FT and AP OOM"""
1090 passphrase
="12345678"
1092 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1093 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1094 bssid0
= hapd0
.own_addr()
1096 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1097 with
alloc_fail(hapd0
, 1, "wpa_ft_store_pmk_r0"):
1098 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1101 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1102 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1103 bssid1
= hapd1
.own_addr()
1104 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1105 # This roam will fail due to missing PMK-R0 (OOM prevented storing it)
1108 def test_ap_ft_ap_oom2(dev
, apdev
):
1109 """WPA2-PSK-FT and AP OOM 2"""
1111 passphrase
="12345678"
1113 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1114 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1115 bssid0
= hapd0
.own_addr()
1117 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1118 with
alloc_fail(hapd0
, 1, "wpa_ft_store_pmk_r1"):
1119 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1122 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1123 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1124 bssid1
= hapd1
.own_addr()
1125 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1127 if dev
[0].get_status_field('bssid') != bssid1
:
1128 raise Exception("Did not roam to AP1")
1129 # This roam will fail due to missing PMK-R1 (OOM prevented storing it)
1132 def test_ap_ft_ap_oom3(dev
, apdev
):
1133 """WPA2-PSK-FT and AP OOM 3"""
1135 passphrase
="12345678"
1137 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1138 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1139 bssid0
= hapd0
.own_addr()
1141 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1142 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1145 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1146 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1147 bssid1
= hapd1
.own_addr()
1148 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1149 with
alloc_fail(hapd1
, 1, "wpa_ft_pull_pmk_r1"):
1150 # This will fail due to not being able to send out PMK-R1 pull request
1153 with
fail_test(hapd1
, 2, "os_get_random;wpa_ft_pull_pmk_r1"):
1154 # This will fail due to not being able to send out PMK-R1 pull request
1157 with
fail_test(hapd1
, 2, "aes_siv_encrypt;wpa_ft_pull_pmk_r1"):
1158 # This will fail due to not being able to send out PMK-R1 pull request
1161 def test_ap_ft_ap_oom3b(dev
, apdev
):
1162 """WPA2-PSK-FT and AP OOM 3b"""
1164 passphrase
="12345678"
1166 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1167 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1168 bssid0
= hapd0
.own_addr()
1170 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1171 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1174 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1175 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1176 bssid1
= hapd1
.own_addr()
1177 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1178 with
fail_test(hapd1
, 1, "os_get_random;wpa_ft_pull_pmk_r1"):
1179 # This will fail due to not being able to send out PMK-R1 pull request
1182 def test_ap_ft_ap_oom4(dev
, apdev
):
1183 """WPA2-PSK-FT and AP OOM 4"""
1185 passphrase
="12345678"
1187 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1188 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1189 bssid0
= hapd0
.own_addr()
1191 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1192 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1195 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1196 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1197 bssid1
= hapd1
.own_addr()
1198 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1199 with
alloc_fail(hapd1
, 1, "wpa_ft_gtk_subelem"):
1201 if dev
[0].get_status_field('bssid') != bssid1
:
1202 raise Exception("Did not roam to AP1")
1204 with
fail_test(hapd0
, 1, "wpa_auth_get_seqnum;wpa_ft_gtk_subelem"):
1206 if dev
[0].get_status_field('bssid') != bssid0
:
1207 raise Exception("Did not roam to AP0")
1209 with
fail_test(hapd0
, 1, "aes_wrap;wpa_ft_gtk_subelem"):
1211 if dev
[0].get_status_field('bssid') != bssid1
:
1212 raise Exception("Did not roam to AP1")
1214 def test_ap_ft_ap_oom5(dev
, apdev
):
1215 """WPA2-PSK-FT and AP OOM 5"""
1217 passphrase
="12345678"
1219 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1220 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1221 bssid0
= hapd0
.own_addr()
1223 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1224 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1227 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1228 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1229 bssid1
= hapd1
.own_addr()
1230 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1231 with
alloc_fail(hapd1
, 1, "=wpa_ft_process_auth_req"):
1232 # This will fail to roam
1235 with
fail_test(hapd1
, 1, "os_get_random;wpa_ft_process_auth_req"):
1236 # This will fail to roam
1239 with
fail_test(hapd1
, 1, "sha256_prf_bits;wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
1240 # This will fail to roam
1243 with
fail_test(hapd1
, 3, "wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
1244 # This will fail to roam
1247 with
fail_test(hapd1
, 1, "wpa_derive_pmk_r1_name;wpa_ft_process_auth_req"):
1248 # This will fail to roam
1251 def test_ap_ft_ap_oom6(dev
, apdev
):
1252 """WPA2-PSK-FT and AP OOM 6"""
1254 passphrase
="12345678"
1256 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1257 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1258 bssid0
= hapd0
.own_addr()
1260 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1261 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r0;wpa_auth_derive_ptk_ft"):
1262 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1264 dev
[0].request("REMOVE_NETWORK all")
1265 dev
[0].wait_disconnected()
1266 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r1;wpa_auth_derive_ptk_ft"):
1267 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1269 dev
[0].request("REMOVE_NETWORK all")
1270 dev
[0].wait_disconnected()
1271 with
fail_test(hapd0
, 1, "wpa_pmk_r1_to_ptk;wpa_auth_derive_ptk_ft"):
1272 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1275 def test_ap_ft_ap_oom7(dev
, apdev
):
1276 """WPA2-PSK-FT and AP OOM 7"""
1278 passphrase
="12345678"
1280 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1281 params
["ieee80211w"] = "2"
1282 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1283 bssid0
= hapd0
.own_addr()
1285 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1286 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1287 ieee80211w
="2", scan_freq
="2412")
1289 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1290 params
["ieee80211w"] = "2"
1291 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1292 bssid1
= hapd1
.own_addr()
1293 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1294 with
alloc_fail(hapd1
, 1, "wpa_ft_igtk_subelem"):
1295 # This will fail to roam
1297 with
fail_test(hapd1
, 1, "aes_wrap;wpa_ft_igtk_subelem"):
1298 # This will fail to roam
1300 with
alloc_fail(hapd1
, 1, "=wpa_sm_write_assoc_resp_ies"):
1301 # This will fail to roam
1303 with
fail_test(hapd1
, 1, "wpa_ft_mic;wpa_sm_write_assoc_resp_ies"):
1304 # This will fail to roam
1307 def test_ap_ft_ap_oom8(dev
, apdev
):
1308 """WPA2-PSK-FT and AP OOM 8"""
1310 passphrase
="12345678"
1312 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1313 params
['ft_psk_generate_local'] = "1";
1314 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1315 bssid0
= hapd0
.own_addr()
1317 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1318 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1321 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1322 params
['ft_psk_generate_local'] = "1";
1323 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1324 bssid1
= hapd1
.own_addr()
1325 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1326 with
fail_test(hapd1
, 1, "wpa_derive_pmk_r0;wpa_ft_psk_pmk_r1"):
1327 # This will fail to roam
1329 with
fail_test(hapd1
, 1, "wpa_derive_pmk_r1;wpa_ft_psk_pmk_r1"):
1330 # This will fail to roam
1333 def test_ap_ft_ap_oom9(dev
, apdev
):
1334 """WPA2-PSK-FT and AP OOM 9"""
1336 passphrase
="12345678"
1338 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1339 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1340 bssid0
= hapd0
.own_addr()
1342 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1343 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1346 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1347 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1348 bssid1
= hapd1
.own_addr()
1349 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1351 with
alloc_fail(hapd0
, 1, "wpa_ft_action_rx"):
1352 # This will fail to roam
1353 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1354 raise Exception("FT_DS failed")
1355 wait_fail_trigger(hapd0
, "GET_ALLOC_FAIL")
1357 with
alloc_fail(hapd1
, 1, "wpa_ft_rrb_rx_request"):
1358 # This will fail to roam
1359 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1360 raise Exception("FT_DS failed")
1361 wait_fail_trigger(hapd1
, "GET_ALLOC_FAIL")
1363 with
alloc_fail(hapd1
, 1, "wpa_ft_send_rrb_auth_resp"):
1364 # This will fail to roam
1365 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1366 raise Exception("FT_DS failed")
1367 wait_fail_trigger(hapd1
, "GET_ALLOC_FAIL")
1369 def test_ap_ft_ap_oom10(dev
, apdev
):
1370 """WPA2-PSK-FT and AP OOM 10"""
1372 passphrase
="12345678"
1374 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1375 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1376 bssid0
= hapd0
.own_addr()
1378 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1379 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1382 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1383 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1384 bssid1
= hapd1
.own_addr()
1385 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1387 with
fail_test(hapd0
, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_pull"):
1388 # This will fail to roam
1389 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1390 raise Exception("FT_DS failed")
1391 wait_fail_trigger(hapd0
, "GET_FAIL")
1393 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r1;wpa_ft_rrb_rx_pull"):
1394 # This will fail to roam
1395 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1396 raise Exception("FT_DS failed")
1397 wait_fail_trigger(hapd0
, "GET_FAIL")
1399 with
fail_test(hapd0
, 1, "aes_siv_encrypt;wpa_ft_rrb_rx_pull"):
1400 # This will fail to roam
1401 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1402 raise Exception("FT_DS failed")
1403 wait_fail_trigger(hapd0
, "GET_FAIL")
1405 with
fail_test(hapd1
, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_resp"):
1406 # This will fail to roam
1407 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1408 raise Exception("FT_DS failed")
1409 wait_fail_trigger(hapd1
, "GET_FAIL")
1411 def test_ap_ft_ap_oom11(dev
, apdev
):
1412 """WPA2-PSK-FT and AP OOM 11"""
1414 passphrase
="12345678"
1416 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1417 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1418 bssid0
= hapd0
.own_addr()
1420 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1421 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r1;wpa_ft_generate_pmk_r1"):
1422 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1424 wait_fail_trigger(hapd0
, "GET_FAIL")
1426 dev
[1].scan_for_bss(bssid0
, freq
="2412")
1427 with
fail_test(hapd0
, 1, "aes_siv_encrypt;wpa_ft_generate_pmk_r1"):
1428 dev
[1].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1430 wait_fail_trigger(hapd0
, "GET_FAIL")
1432 def test_ap_ft_over_ds_proto_ap(dev
, apdev
):
1433 """WPA2-PSK-FT AP over DS protocol testing for AP processing"""
1435 passphrase
="12345678"
1437 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1438 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1439 bssid0
= hapd0
.own_addr()
1440 _bssid0
= bssid0
.replace(':', '')
1441 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1443 addr
= dev
[0].own_addr()
1444 _addr
= addr
.replace(':', '')
1446 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1447 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1448 bssid1
= hapd1
.own_addr()
1449 _bssid1
= bssid1
.replace(':', '')
1451 hapd0
.set("ext_mgmt_frame_handling", "1")
1452 hdr
= "d0003a01" + _bssid0
+ _addr
+ _bssid0
+ "1000"
1453 valid
= "0601" + _addr
+ _bssid1
1456 "0601" + _addr
+ _bssid0
,
1457 "0601" + _addr
+ "ffffffffffff",
1458 "0601" + _bssid0
+ _bssid0
,
1463 valid
+ "3603ffffff",
1464 valid
+ "3603a1b2ff",
1465 valid
+ "3603a1b2ff" + "3700",
1466 valid
+ "3603a1b2ff" + "37520000" + 16*"00" + 32*"00" + 32*"00",
1467 valid
+ "3603a1b2ff" + "37520001" + 16*"00" + 32*"00" + 32*"00",
1468 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa",
1469 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "3000",
1470 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000facff00000100a225368fe0983b5828a37a0acb37f253",
1471 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac030100000fac0400000100a225368fe0983b5828a37a0acb37f253",
1472 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000fac0400000100a225368fe0983b5828a37a0acb37f253",
1475 hapd0
.dump_monitor()
1476 if "OK" not in hapd0
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr
+ t
):
1477 raise Exception("MGMT_RX_PROCESS failed")
1479 hapd0
.set("ext_mgmt_frame_handling", "0")
1481 def test_ap_ft_over_ds_proto(dev
, apdev
):
1482 """WPA2-PSK-FT AP over DS protocol testing"""
1484 passphrase
="12345678"
1486 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1487 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1488 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1491 # FT Action Response while no FT-over-DS in progress
1494 msg
['da'] = dev
[0].own_addr()
1495 msg
['sa'] = apdev
[0]['bssid']
1496 msg
['bssid'] = apdev
[0]['bssid']
1497 msg
['payload'] = binascii
.unhexlify("06020200000000000200000004000000")
1500 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1501 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1502 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
1503 hapd0
.set("ext_mgmt_frame_handling", "1")
1504 hapd0
.dump_monitor()
1505 dev
[0].request("FT_DS " + apdev
[1]['bssid'])
1506 for i
in range(0, 10):
1507 req
= hapd0
.mgmt_rx()
1509 raise Exception("MGMT RX wait timed out")
1510 if req
['subtype'] == 13:
1514 raise Exception("FT Action frame not received")
1516 # FT Action Response for unexpected Target AP
1517 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "f20000000400" + "0000")
1520 # FT Action Response without MDIE
1521 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "020000000400" + "0000")
1524 # FT Action Response without FTIE
1525 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201")
1528 # FT Action Response with FTIE SNonce mismatch
1529 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201" + "3766000000000000000000000000000000000000c4e67ac1999bebd00ff4ae4d5dcaf87896bb060b469f7c78d49623fb395c3455ffffff6b693fe6f8d8c5dfac0a22344750775bd09437f98b238c9f87b97f790c0106000102030406030a6e6173312e77312e6669")
1533 def test_ap_ft_rrb(dev
, apdev
):
1534 """WPA2-PSK-FT RRB protocol testing"""
1536 passphrase
="12345678"
1538 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1539 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1541 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1544 _dst_ll
= binascii
.unhexlify(apdev
[0]['bssid'].replace(':',''))
1545 _src_ll
= binascii
.unhexlify(dev
[0].own_addr().replace(':',''))
1547 ehdr
= _dst_ll
+ _src_ll
+ proto
1549 # Too short RRB frame
1551 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1552 raise Exception("DATA_TEST_FRAME failed")
1554 # RRB discarded frame wikth unrecognized type
1555 pkt
= ehdr
+ '\x02' + '\x02' + '\x01\x00' + _src_ll
1556 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1557 raise Exception("DATA_TEST_FRAME failed")
1559 # RRB frame too short for action frame
1560 pkt
= ehdr
+ '\x01' + '\x02' + '\x01\x00' + _src_ll
1561 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1562 raise Exception("DATA_TEST_FRAME failed")
1564 # Too short RRB frame (not enough room for Action Frame body)
1565 pkt
= ehdr
+ '\x01' + '\x02' + '\x00\x00' + _src_ll
1566 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1567 raise Exception("DATA_TEST_FRAME failed")
1569 # Unexpected Action frame category
1570 pkt
= ehdr
+ '\x01' + '\x02' + '\x0e\x00' + _src_ll
+ '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1571 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1572 raise Exception("DATA_TEST_FRAME failed")
1574 # Unexpected Action in RRB Request
1575 pkt
= ehdr
+ '\x01' + '\x00' + '\x0e\x00' + _src_ll
+ '\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1576 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1577 raise Exception("DATA_TEST_FRAME failed")
1579 # Target AP address in RRB Request does not match with own address
1580 pkt
= ehdr
+ '\x01' + '\x00' + '\x0e\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1581 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1582 raise Exception("DATA_TEST_FRAME failed")
1584 # Not enough room for status code in RRB Response
1585 pkt
= ehdr
+ '\x01' + '\x01' + '\x0e\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1586 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1587 raise Exception("DATA_TEST_FRAME failed")
1589 # RRB discarded frame with unknown packet_type
1590 pkt
= ehdr
+ '\x01' + '\x02' + '\x0e\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1591 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1592 raise Exception("DATA_TEST_FRAME failed")
1594 # RRB Response with non-zero status code; no STA match
1595 pkt
= ehdr
+ '\x01' + '\x01' + '\x10\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + '\xff\xff'
1596 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1597 raise Exception("DATA_TEST_FRAME failed")
1599 # RRB Response with zero status code and extra data; STA match
1600 pkt
= ehdr
+ '\x01' + '\x01' + '\x11\x00' + _src_ll
+ '\x06\x01' + _src_ll
+ '\x00\x00\x00\x00\x00\x00' + '\x00\x00' + '\x00'
1601 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1602 raise Exception("DATA_TEST_FRAME failed")
1604 # Too short PMK-R1 pull
1605 pkt
= ehdr
+ '\x01' + '\xc8' + '\x0e\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1606 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1607 raise Exception("DATA_TEST_FRAME failed")
1609 # Too short PMK-R1 resp
1610 pkt
= ehdr
+ '\x01' + '\xc9' + '\x0e\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1611 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1612 raise Exception("DATA_TEST_FRAME failed")
1614 # Too short PMK-R1 push
1615 pkt
= ehdr
+ '\x01' + '\xca' + '\x0e\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1616 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1617 raise Exception("DATA_TEST_FRAME failed")
1619 # No matching R0KH address found for PMK-R0 pull response
1620 pkt
= ehdr
+ '\x01' + '\xc9' + '\x5a\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + 76*'\00'
1621 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1622 raise Exception("DATA_TEST_FRAME failed")
1625 def test_rsn_ie_proto_ft_psk_sta(dev
, apdev
):
1626 """RSN element protocol testing for FT-PSK + PMF cases on STA side"""
1627 bssid
= apdev
[0]['bssid']
1629 passphrase
="12345678"
1631 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1632 params
["ieee80211w"] = "1"
1633 # This is the RSN element used normally by hostapd
1634 params
['own_ie_override'] = '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'
1635 hapd
= hostapd
.add_ap(apdev
[0], params
)
1636 id = dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1637 ieee80211w
="1", scan_freq
="2412",
1638 pairwise
="CCMP", group
="CCMP")
1640 tests
= [ ('PMKIDCount field included',
1641 '30160100000fac040100000fac040100000fac048c000000' + '3603a1b201'),
1642 ('Extra IE before RSNE',
1643 'dd0400000000' + '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'),
1644 ('PMKIDCount and Group Management Cipher suite fields included',
1645 '301a0100000fac040100000fac040100000fac048c000000000fac06' + '3603a1b201'),
1646 ('Extra octet after defined fields (future extensibility)',
1647 '301b0100000fac040100000fac040100000fac048c000000000fac0600' + '3603a1b201'),
1648 ('No RSN Capabilities field (PMF disabled in practice)',
1649 '30120100000fac040100000fac040100000fac04' + '3603a1b201') ]
1650 for txt
,ie
in tests
:
1651 dev
[0].request("DISCONNECT")
1652 dev
[0].wait_disconnected()
1655 hapd
.set('own_ie_override', ie
)
1657 dev
[0].request("BSS_FLUSH 0")
1658 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
1659 dev
[0].select_network(id, freq
=2412)
1660 dev
[0].wait_connected()
1662 dev
[0].request("DISCONNECT")
1663 dev
[0].wait_disconnected()
1665 logger
.info('Invalid RSNE causing internal hostapd error')
1667 hapd
.set('own_ie_override', '30130100000fac040100000fac040100000fac048c' + '3603a1b201')
1669 dev
[0].request("BSS_FLUSH 0")
1670 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
1671 dev
[0].select_network(id, freq
=2412)
1672 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
1674 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=1)
1676 raise Exception("Unexpected connection")
1677 dev
[0].request("DISCONNECT")
1679 logger
.info('Unexpected PMKID causing internal hostapd error')
1681 hapd
.set('own_ie_override', '30260100000fac040100000fac040100000fac048c000100ffffffffffffffffffffffffffffffff' + '3603a1b201')
1683 dev
[0].request("BSS_FLUSH 0")
1684 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
1685 dev
[0].select_network(id, freq
=2412)
1686 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
1688 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=1)
1690 raise Exception("Unexpected connection")
1691 dev
[0].request("DISCONNECT")
1693 def test_ap_ft_ptk_rekey(dev
, apdev
):
1694 """WPA2-PSK-FT PTK rekeying triggered by station after roam"""
1696 passphrase
="12345678"
1698 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1699 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1700 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1701 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1703 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, ptk_rekey
="1")
1705 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECTED",
1706 "WPA: Key negotiation completed"], timeout
=5)
1708 raise Exception("No event received after roam")
1709 if "CTRL-EVENT-DISCONNECTED" in ev
:
1710 raise Exception("Unexpected disconnection after roam")
1712 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
1716 hwsim_utils
.test_connectivity(dev
[0], hapd
)
1718 def test_ap_ft_ptk_rekey_ap(dev
, apdev
):
1719 """WPA2-PSK-FT PTK rekeying triggered by AP after roam"""
1721 passphrase
="12345678"
1723 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1724 params
['wpa_ptk_rekey'] = '2'
1725 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1726 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1727 params
['wpa_ptk_rekey'] = '2'
1728 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1730 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
1732 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECTED",
1733 "WPA: Key negotiation completed"], timeout
=5)
1735 raise Exception("No event received after roam")
1736 if "CTRL-EVENT-DISCONNECTED" in ev
:
1737 raise Exception("Unexpected disconnection after roam")
1739 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
1743 hwsim_utils
.test_connectivity(dev
[0], hapd
)
1745 def test_ap_ft_internal_rrb_check(dev
, apdev
):
1746 """RRB internal delivery only to WPA enabled BSS"""
1748 passphrase
="12345678"
1750 radius
= hostapd
.radius_params()
1751 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1752 params
['wpa_key_mgmt'] = "FT-EAP"
1753 params
["ieee8021x"] = "1"
1754 params
= dict(radius
.items() + params
.items())
1755 hapd
= hostapd
.add_ap(apdev
[0], params
)
1756 key_mgmt
= hapd
.get_config()['key_mgmt']
1757 if key_mgmt
.split(' ')[0] != "FT-EAP":
1758 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
1760 hapd1
= hostapd
.add_ap(apdev
[1], { "ssid" : ssid
})
1762 # Connect to WPA enabled AP
1763 dev
[0].connect(ssid
, key_mgmt
="FT-EAP", proto
="WPA2", ieee80211w
="1",
1764 eap
="GPSK", identity
="gpsk user",
1765 password
="abcdefghijklmnop0123456789abcdef",
1768 # Try over_ds roaming to non-WPA-enabled AP.
1769 # If hostapd does not check hapd->wpa_auth internally, it will crash now.
1770 dev
[0].roam_over_ds(apdev
[1]['bssid'], fail_test
=True)
1772 def test_ap_ft_extra_ie(dev
, apdev
):
1773 """WPA2-PSK-FT AP with WPA2-PSK enabled and unexpected MDE"""
1775 passphrase
="12345678"
1777 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1778 params
["wpa_key_mgmt"] = "WPA-PSK FT-PSK"
1779 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1780 dev
[1].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1782 dev
[2].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK", proto
="WPA2",
1785 # Add Mobility Domain element to test AP validation code.
1786 dev
[0].request("VENDOR_ELEM_ADD 13 3603a1b201")
1787 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK", proto
="WPA2",
1788 scan_freq
="2412", wait_connect
=False)
1789 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED",
1790 "CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
1792 raise Exception("No connection result")
1793 if "CTRL-EVENT-CONNECTED" in ev
:
1794 raise Exception("Non-FT association accepted with MDE")
1795 if "status_code=43" not in ev
:
1796 raise Exception("Unexpected status code: " + ev
)
1797 dev
[0].request("DISCONNECT")
1799 dev
[0].request("VENDOR_ELEM_REMOVE 13 *")
1801 def test_ap_ft_ric(dev
, apdev
):
1802 """WPA2-PSK-FT AP and RIC"""
1804 passphrase
="12345678"
1806 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1807 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1808 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1809 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1811 dev
[0].set("ric_ies", "")
1812 dev
[0].set("ric_ies", '""')
1813 if "FAIL" not in dev
[0].request("SET ric_ies q"):
1814 raise Exception("Invalid ric_ies value accepted")
1819 "390400000000" + "390400000000",
1820 "390400000000" + "dd050050f20202",
1821 "390400000000" + "dd3d0050f2020201" + 55*"00",
1822 "390400000000" + "dd3d0050f2020201aa300010270000000000000000000000000000000000000000000000000000ffffff7f00000000000000000000000040420f00ffff0000",
1823 "390401010000" + "dd3d0050f2020201aa3000dc050000000000000000000000000000000000000000000000000000dc050000000000000000000000000000808d5b0028230000" ]
1825 dev
[0].set("ric_ies", t
)
1826 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
,
1827 test_connectivity
=False)
1828 dev
[0].request("REMOVE_NETWORK all")
1829 dev
[0].wait_disconnected()
1830 dev
[0].dump_monitor()
1832 def ie_hex(ies
, id):
1833 return binascii
.hexlify(struct
.pack('BB', id, len(ies
[id])) + ies
[id])
1835 def test_ap_ft_reassoc_proto(dev
, apdev
):
1836 """WPA2-PSK-FT AP Reassociation Request frame parsing"""
1838 passphrase
="12345678"
1840 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1841 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1842 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1843 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1845 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1846 ieee80211w
="1", scan_freq
="2412")
1847 if dev
[0].get_status_field('bssid') == hapd0
.own_addr():
1854 dev
[0].scan_for_bss(hapd2ap
.own_addr(), freq
="2412")
1855 hapd2ap
.set("ext_mgmt_frame_handling", "1")
1856 dev
[0].request("ROAM " + hapd2ap
.own_addr())
1859 req
= hapd2ap
.mgmt_rx()
1860 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']))
1861 if req
['subtype'] == 11:
1865 req
= hapd2ap
.mgmt_rx()
1866 if req
['subtype'] == 2:
1868 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']))
1870 # IEEE 802.11 header + fixed fields before IEs
1871 hdr
= binascii
.hexlify(req
['frame'][0:34])
1872 ies
= parse_ie(binascii
.hexlify(req
['frame'][34:]))
1873 # First elements: SSID, Supported Rates, Extended Supported Rates
1874 ies1
= ie_hex(ies
, 0) + ie_hex(ies
, 1) + ie_hex(ies
, 50)
1876 rsne
= ie_hex(ies
, 48)
1877 mde
= ie_hex(ies
, 54)
1878 fte
= ie_hex(ies
, 55)
1880 # RSN: Trying to use FT, but MDIE not included
1882 # RSN: Attempted to use unknown MDIE
1883 tests
+= [ rsne
+ "3603000000" ]
1884 # Invalid RSN pairwise cipher
1885 tests
+= [ "30260100000fac040100000fac030100000fac040000010029208a42cd25c85aa571567dce10dae3" ]
1886 # FT: No PMKID in RSNIE
1887 tests
+= [ "30160100000fac040100000fac040100000fac0400000000" + ie_hex(ies
, 54) ]
1889 tests
+= [ rsne
+ mde
]
1890 # FT: RIC IE(s) in the frame, but not included in protected IE count
1891 # FT: Failed to parse FT IEs
1892 tests
+= [ rsne
+ mde
+ fte
+ "3900" ]
1893 # FT: SNonce mismatch in FTIE
1894 tests
+= [ rsne
+ mde
+ "37520000" + 16*"00" + 32*"00" + 32*"00" ]
1895 # FT: ANonce mismatch in FTIE
1896 tests
+= [ rsne
+ mde
+ fte
[0:40] + 32*"00" + fte
[104:] ]
1897 # FT: No R0KH-ID subelem in FTIE
1898 tests
+= [ rsne
+ mde
+ "3752" + fte
[4:168] ]
1899 # FT: R0KH-ID in FTIE did not match with the current R0KH-ID
1900 tests
+= [ rsne
+ mde
+ "3755" + fte
[4:168] + "0301ff" ]
1901 # FT: No R1KH-ID subelem in FTIE
1902 tests
+= [ rsne
+ mde
+ "375e" + fte
[4:168] + "030a" + "nas1.w1.fi".encode("hex") ]
1903 # FT: Unknown R1KH-ID used in ReassocReq
1904 tests
+= [ rsne
+ mde
+ "3766" + fte
[4:168] + "030a" + "nas1.w1.fi".encode("hex") + "0106000000000000" ]
1905 # FT: PMKID in Reassoc Req did not match with the PMKR1Name derived from auth request
1906 tests
+= [ rsne
[:-32] + 16*"00" + mde
+ fte
]
1907 # Invalid MIC in FTIE
1908 tests
+= [ rsne
+ mde
+ fte
[0:8] + 16*"00" + fte
[40:] ]
1910 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr
+ ies1
+ t
)
1912 def test_ap_ft_reassoc_local_fail(dev
, apdev
):
1913 """WPA2-PSK-FT AP Reassociation Request frame and local failure"""
1915 passphrase
="12345678"
1917 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1918 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1919 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1920 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1922 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1923 ieee80211w
="1", scan_freq
="2412")
1924 if dev
[0].get_status_field('bssid') == hapd0
.own_addr():
1931 dev
[0].scan_for_bss(hapd2ap
.own_addr(), freq
="2412")
1932 # FT: Failed to calculate MIC
1933 with
fail_test(hapd2ap
, 1, "wpa_ft_validate_reassoc"):
1934 dev
[0].request("ROAM " + hapd2ap
.own_addr())
1935 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
1936 dev
[0].request("DISCONNECT")
1938 raise Exception("Association reject not seen")
1940 def test_ap_ft_reassoc_replay(dev
, apdev
, params
):
1941 """WPA2-PSK-FT AP and replayed Reassociation Request frame"""
1942 capfile
= os
.path
.join(params
['logdir'], "hwsim0.pcapng")
1944 passphrase
="12345678"
1946 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1947 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1948 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1949 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1951 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1953 if dev
[0].get_status_field('bssid') == hapd0
.own_addr():
1960 dev
[0].scan_for_bss(hapd2ap
.own_addr(), freq
="2412")
1961 hapd2ap
.set("ext_mgmt_frame_handling", "1")
1962 dev
[0].dump_monitor()
1963 if "OK" not in dev
[0].request("ROAM " + hapd2ap
.own_addr()):
1964 raise Exception("ROAM failed")
1969 req
= hapd2ap
.mgmt_rx()
1971 hapd2ap
.dump_monitor()
1972 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']))
1973 if req
['subtype'] == 2:
1975 ev
= hapd2ap
.wait_event(["MGMT-TX-STATUS"], timeout
=5)
1977 raise Exception("No TX status seen")
1978 cmd
= "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev
.split(' ')[1:4]))
1979 if "OK" not in hapd2ap
.request(cmd
):
1980 raise Exception("MGMT_TX_STATUS_PROCESS failed")
1982 hapd2ap
.set("ext_mgmt_frame_handling", "0")
1983 if reassocreq
is None:
1984 raise Exception("No Reassociation Request frame seen")
1985 dev
[0].wait_connected()
1986 dev
[0].dump_monitor()
1987 hapd2ap
.dump_monitor()
1989 hwsim_utils
.test_connectivity(dev
[0], hapd2ap
)
1991 logger
.info("Replay the last Reassociation Request frame")
1992 hapd2ap
.dump_monitor()
1993 hapd2ap
.set("ext_mgmt_frame_handling", "1")
1994 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']))
1995 ev
= hapd2ap
.wait_event(["MGMT-TX-STATUS"], timeout
=5)
1997 raise Exception("No TX status seen")
1998 cmd
= "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev
.split(' ')[1:4]))
1999 if "OK" not in hapd2ap
.request(cmd
):
2000 raise Exception("MGMT_TX_STATUS_PROCESS failed")
2001 hapd2ap
.set("ext_mgmt_frame_handling", "0")
2004 hwsim_utils
.test_connectivity(dev
[0], hapd2ap
)
2009 ap
= hapd2ap
.own_addr()
2010 sta
= dev
[0].own_addr()
2011 filt
= "wlan.fc.type == 2 && " + \
2012 "wlan.da == " + sta
+ " && " + \
2014 fields
= [ "wlan.ccmp.extiv" ]
2015 res
= run_tshark(capfile
, filt
, fields
)
2016 vals
= res
.splitlines()
2017 logger
.info("CCMP PN: " + str(vals
))
2019 raise Exception("Could not find all CCMP protected frames from capture")
2020 if len(set(vals
)) < len(vals
):
2021 raise Exception("Duplicate CCMP PN used")
2024 raise Exception("The second hwsim connectivity test failed")