1 # Fast BSS Transition tests
2 # Copyright (c) 2013-2019, Jouni Malinen <j@w1.fi>
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
7 from remotehost
import remote_compatible
12 logger
= logging
.getLogger()
18 from hwsim
import HWSimRadio
20 from tshark
import run_tshark
21 from utils
import HwsimSkip
, alloc_fail
, fail_test
, wait_fail_trigger
, skip_with_fips
, parse_ie
22 from wlantest
import Wlantest
23 from test_ap_psk
import check_mib
, find_wpas_process
, read_process_memory
, verify_not_present
, get_key_locations
24 from test_rrm
import check_beacon_req
25 from test_suite_b
import check_suite_b_192_capa
29 "wpa_key_mgmt": "FT-PSK",
30 "rsn_pairwise": "CCMP"}
35 "wpa_key_mgmt": "WPA-PSK FT-PSK",
36 "wpa_pairwise": "TKIP",
37 "rsn_pairwise": "CCMP"}
40 def ft_params(rsn
=True, ssid
=None, passphrase
=None):
42 params
= ft_base_rsn()
44 params
= ft_base_mixed()
48 params
["wpa_passphrase"] = passphrase
50 params
["mobility_domain"] = "a1b2"
51 params
["r0_key_lifetime"] = "10000"
52 params
["pmk_r1_push"] = "1"
53 params
["reassociation_deadline"] = "1000"
56 def ft_params1a(rsn
=True, ssid
=None, passphrase
=None):
57 params
= ft_params(rsn
, ssid
, passphrase
)
58 params
['nas_identifier'] = "nas1.w1.fi"
59 params
['r1_key_holder'] = "000102030405"
62 def ft_params1(rsn
=True, ssid
=None, passphrase
=None, discovery
=False):
63 params
= ft_params1a(rsn
, ssid
, passphrase
)
65 params
['r0kh'] = "ff:ff:ff:ff:ff:ff * 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
66 params
['r1kh'] = "00:00:00:00:00:00 00:00:00:00:00:00 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
68 params
['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f",
69 "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"]
70 params
['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f"
73 def ft_params1_old_key(rsn
=True, ssid
=None, passphrase
=None):
74 params
= ft_params1a(rsn
, ssid
, passphrase
)
75 params
['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f",
76 "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f"]
77 params
['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f"
80 def ft_params2a(rsn
=True, ssid
=None, passphrase
=None):
81 params
= ft_params(rsn
, ssid
, passphrase
)
82 params
['nas_identifier'] = "nas2.w1.fi"
83 params
['r1_key_holder'] = "000102030406"
86 def ft_params2(rsn
=True, ssid
=None, passphrase
=None, discovery
=False):
87 params
= ft_params2a(rsn
, ssid
, passphrase
)
89 params
['r0kh'] = "ff:ff:ff:ff:ff:ff * 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
90 params
['r1kh'] = "00:00:00:00:00:00 00:00:00:00:00:00 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
92 params
['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f",
93 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f"]
94 params
['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"
97 def ft_params2_old_key(rsn
=True, ssid
=None, passphrase
=None):
98 params
= ft_params2a(rsn
, ssid
, passphrase
)
99 params
['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f",
100 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f"]
101 params
['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f"
104 def ft_params1_r0kh_mismatch(rsn
=True, ssid
=None, passphrase
=None):
105 params
= ft_params(rsn
, ssid
, passphrase
)
106 params
['nas_identifier'] = "nas1.w1.fi"
107 params
['r1_key_holder'] = "000102030405"
108 params
['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f",
109 "12:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"]
110 params
['r1kh'] = "12:00:00:00:04:00 10:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f"
113 def ft_params2_incorrect_rrb_key(rsn
=True, ssid
=None, passphrase
=None):
114 params
= ft_params(rsn
, ssid
, passphrase
)
115 params
['nas_identifier'] = "nas2.w1.fi"
116 params
['r1_key_holder'] = "000102030406"
117 params
['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0ef1200102030405060708090a0b0c0d0ef1",
118 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0ef2000102030405060708090a0b0c0d0ef2"]
119 params
['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0ef3300102030405060708090a0b0c0d0ef3"
122 def ft_params2_r0kh_mismatch(rsn
=True, ssid
=None, passphrase
=None):
123 params
= ft_params(rsn
, ssid
, passphrase
)
124 params
['nas_identifier'] = "nas2.w1.fi"
125 params
['r1_key_holder'] = "000102030406"
126 params
['r0kh'] = ["12:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f",
127 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f"]
128 params
['r1kh'] = "12:00:00:00:03:00 10:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"
131 def run_roams(dev
, apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=False,
132 sae
=False, eap
=False, fail_test
=False, roams
=1,
133 pairwise_cipher
="CCMP", group_cipher
="TKIP CCMP", ptk_rekey
="0",
134 test_connectivity
=True, eap_identity
="gpsk user", conndev
=False,
135 force_initial_conn_to_first_ap
=False, sha384
=False,
136 group_mgmt
=None, ocv
=None, sae_password
=None,
137 sae_password_id
=None, sae_and_psk
=False, pmksa_caching
=False,
138 roam_with_reassoc
=False, also_non_ft
=False, only_one_way
=False,
139 wait_before_roam
=0, return_after_initial
=False):
140 logger
.info("Connect to first AP")
143 copts
["proto"] = "WPA2"
144 copts
["ieee80211w"] = "1"
145 copts
["scan_freq"] = "2412"
146 copts
["pairwise"] = pairwise_cipher
147 copts
["group"] = group_cipher
148 copts
["wpa_ptk_rekey"] = ptk_rekey
150 copts
["group_mgmt"] = group_mgmt
155 copts
["ft_eap_pmksa_caching"] = "1"
157 copts
["key_mgmt"] = "WPA-EAP-SUITE-B-192 FT-EAP-SHA384" if sha384
else "WPA-EAP FT-EAP"
159 copts
["key_mgmt"] = "FT-EAP-SHA384" if sha384
else "FT-EAP"
160 copts
["eap"] = "GPSK"
161 copts
["identity"] = eap_identity
162 copts
["password"] = "abcdefghijklmnop0123456789abcdef"
165 copts
["key_mgmt"] = "SAE FT-SAE" if sae_and_psk
else "FT-SAE"
167 copts
["key_mgmt"] = "FT-PSK"
169 copts
["psk"] = passphrase
171 copts
["sae_password"] = sae_password
173 copts
["sae_password_id"] = sae_password_id
174 if force_initial_conn_to_first_ap
:
175 copts
["bssid"] = apdev
[0]['bssid']
176 netw
= dev
.connect(ssid
, **copts
)
178 dev
.request("DISCONNECT")
179 dev
.wait_disconnected()
180 dev
.request("RECONNECT")
181 ev
= dev
.wait_event(["CTRL-EVENT-CONNECTED",
182 "CTRL-EVENT-DISCONNECTED",
183 "CTRL-EVENT-EAP-STARTED"],
186 raise Exception("Reconnect timed out")
187 if "CTRL-EVENT-DISCONNECTED" in ev
:
188 raise Exception("Unexpected disconnection after RECONNECT")
189 if "CTRL-EVENT-EAP-STARTED" in ev
:
190 raise Exception("Unexpected EAP start after RECONNECT")
192 if dev
.get_status_field('bssid') == apdev
[0]['bssid']:
202 if test_connectivity
:
205 hwsim_utils
.test_connectivity_iface(dev
, hapd1ap
, conndev
)
207 hwsim_utils
.test_connectivity(dev
, hapd1ap
)
209 if return_after_initial
:
213 time
.sleep(wait_before_roam
)
214 dev
.scan_for_bss(ap2
['bssid'], freq
="2412")
216 for i
in range(0, roams
):
217 # Roaming artificially fast can make data test fail because the key is
220 logger
.info("Roam to the second AP")
221 if roam_with_reassoc
:
222 dev
.set_network(netw
, "bssid", ap2
['bssid'])
223 dev
.request("REASSOCIATE")
226 dev
.roam_over_ds(ap2
['bssid'], fail_test
=fail_test
)
228 dev
.roam(ap2
['bssid'], fail_test
=fail_test
)
231 if dev
.get_status_field('bssid') != ap2
['bssid']:
232 raise Exception("Did not connect to correct AP")
233 if (i
== 0 or i
== roams
- 1) and test_connectivity
:
236 hwsim_utils
.test_connectivity_iface(dev
, hapd2ap
, conndev
)
238 hwsim_utils
.test_connectivity(dev
, hapd2ap
)
242 # Roaming artificially fast can make data test fail because the key is
245 logger
.info("Roam back to the first AP")
246 if roam_with_reassoc
:
247 dev
.set_network(netw
, "bssid", ap1
['bssid'])
248 dev
.request("REASSOCIATE")
251 dev
.roam_over_ds(ap1
['bssid'])
253 dev
.roam(ap1
['bssid'])
254 if dev
.get_status_field('bssid') != ap1
['bssid']:
255 raise Exception("Did not connect to correct AP")
256 if (i
== 0 or i
== roams
- 1) and test_connectivity
:
259 hwsim_utils
.test_connectivity_iface(dev
, hapd1ap
, conndev
)
261 hwsim_utils
.test_connectivity(dev
, hapd1ap
)
263 def test_ap_ft(dev
, apdev
):
266 passphrase
= "12345678"
268 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
269 hapd0
= hostapd
.add_ap(apdev
[0], params
)
270 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
271 hapd1
= hostapd
.add_ap(apdev
[1], params
)
273 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
274 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
275 raise Exception("Scan results missing RSN element info")
277 def test_ap_ft_old_key(dev
, apdev
):
278 """WPA2-PSK-FT AP (old key)"""
280 passphrase
= "12345678"
282 params
= ft_params1_old_key(ssid
=ssid
, passphrase
=passphrase
)
283 hapd0
= hostapd
.add_ap(apdev
[0], params
)
284 params
= ft_params2_old_key(ssid
=ssid
, passphrase
=passphrase
)
285 hapd1
= hostapd
.add_ap(apdev
[1], params
)
287 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
289 def test_ap_ft_multi_akm(dev
, apdev
):
290 """WPA2-PSK-FT AP with non-FT AKMs enabled"""
292 passphrase
= "12345678"
294 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
295 params
["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256"
296 hapd0
= hostapd
.add_ap(apdev
[0], params
)
297 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
298 params
["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256"
299 hapd1
= hostapd
.add_ap(apdev
[1], params
)
301 Wlantest
.setup(hapd0
)
304 wt
.add_passphrase(passphrase
)
306 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
307 if "[WPA2-PSK+FT/PSK+PSK-SHA256-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
308 raise Exception("Scan results missing RSN element info")
309 dev
[1].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
310 dev
[2].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK-SHA256",
313 def test_ap_ft_local_key_gen(dev
, apdev
):
314 """WPA2-PSK-FT AP with local key generation (without pull/push)"""
316 passphrase
= "12345678"
318 params
= ft_params1a(ssid
=ssid
, passphrase
=passphrase
)
319 params
['ft_psk_generate_local'] = "1"
320 del params
['pmk_r1_push']
321 hapd0
= hostapd
.add_ap(apdev
[0], params
)
322 params
= ft_params2a(ssid
=ssid
, passphrase
=passphrase
)
323 params
['ft_psk_generate_local'] = "1"
324 del params
['pmk_r1_push']
325 hapd1
= hostapd
.add_ap(apdev
[1], params
)
327 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
328 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
329 raise Exception("Scan results missing RSN element info")
331 def test_ap_ft_vlan(dev
, apdev
):
332 """WPA2-PSK-FT AP with VLAN"""
334 passphrase
= "12345678"
336 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
337 params
['dynamic_vlan'] = "1"
338 params
['accept_mac_file'] = "hostapd.accept"
339 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
341 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
342 params
['dynamic_vlan'] = "1"
343 params
['accept_mac_file'] = "hostapd.accept"
344 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
346 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, conndev
="brvlan1")
347 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
348 raise Exception("Scan results missing RSN element info")
350 def test_ap_ft_vlan_disconnected(dev
, apdev
):
351 """WPA2-PSK-FT AP with VLAN and local key generation"""
353 passphrase
= "12345678"
355 params
= ft_params1a(ssid
=ssid
, passphrase
=passphrase
)
356 params
['dynamic_vlan'] = "1"
357 params
['accept_mac_file'] = "hostapd.accept"
358 params
['ft_psk_generate_local'] = "1"
359 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
361 params
= ft_params2a(ssid
=ssid
, passphrase
=passphrase
)
362 params
['dynamic_vlan'] = "1"
363 params
['accept_mac_file'] = "hostapd.accept"
364 params
['ft_psk_generate_local'] = "1"
365 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
367 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, conndev
="brvlan1")
368 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
369 raise Exception("Scan results missing RSN element info")
371 def test_ap_ft_vlan_2(dev
, apdev
):
372 """WPA2-PSK-FT AP with VLAN and dest-AP does not have VLAN info locally"""
374 passphrase
= "12345678"
376 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
377 params
['dynamic_vlan'] = "1"
378 params
['accept_mac_file'] = "hostapd.accept"
379 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
381 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
382 params
['dynamic_vlan'] = "1"
383 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
385 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, conndev
="brvlan1",
386 force_initial_conn_to_first_ap
=True)
387 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
388 raise Exception("Scan results missing RSN element info")
390 def test_ap_ft_many(dev
, apdev
):
391 """WPA2-PSK-FT AP multiple times"""
393 passphrase
= "12345678"
395 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
396 hapd0
= hostapd
.add_ap(apdev
[0], params
)
397 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
398 hapd1
= hostapd
.add_ap(apdev
[1], params
)
400 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, roams
=50)
402 def test_ap_ft_many_vlan(dev
, apdev
):
403 """WPA2-PSK-FT AP with VLAN multiple times"""
405 passphrase
= "12345678"
407 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
408 params
['dynamic_vlan'] = "1"
409 params
['accept_mac_file'] = "hostapd.accept"
410 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
412 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
413 params
['dynamic_vlan'] = "1"
414 params
['accept_mac_file'] = "hostapd.accept"
415 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
417 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, roams
=50,
420 def test_ap_ft_mixed(dev
, apdev
):
421 """WPA2-PSK-FT mixed-mode AP"""
422 ssid
= "test-ft-mixed"
423 passphrase
= "12345678"
425 params
= ft_params1(rsn
=False, ssid
=ssid
, passphrase
=passphrase
)
426 hapd
= hostapd
.add_ap(apdev
[0], params
)
427 key_mgmt
= hapd
.get_config()['key_mgmt']
428 vals
= key_mgmt
.split(' ')
429 if vals
[0] != "WPA-PSK" or vals
[1] != "FT-PSK":
430 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
431 params
= ft_params2(rsn
=False, ssid
=ssid
, passphrase
=passphrase
)
432 hapd1
= hostapd
.add_ap(apdev
[1], params
)
434 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
)
436 def test_ap_ft_pmf(dev
, apdev
):
437 """WPA2-PSK-FT AP with PMF"""
439 passphrase
= "12345678"
441 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
442 params
["ieee80211w"] = "2"
443 hapd0
= hostapd
.add_ap(apdev
[0], params
)
444 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
445 params
["ieee80211w"] = "2"
446 hapd1
= hostapd
.add_ap(apdev
[1], params
)
448 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
450 def test_ap_ft_pmf_bip_cmac_128(dev
, apdev
):
451 """WPA2-PSK-FT AP with PMF/BIP-CMAC-128"""
452 run_ap_ft_pmf_bip(dev
, apdev
, "AES-128-CMAC")
454 def test_ap_ft_pmf_bip_gmac_128(dev
, apdev
):
455 """WPA2-PSK-FT AP with PMF/BIP-GMAC-128"""
456 run_ap_ft_pmf_bip(dev
, apdev
, "BIP-GMAC-128")
458 def test_ap_ft_pmf_bip_gmac_256(dev
, apdev
):
459 """WPA2-PSK-FT AP with PMF/BIP-GMAC-256"""
460 run_ap_ft_pmf_bip(dev
, apdev
, "BIP-GMAC-256")
462 def test_ap_ft_pmf_bip_cmac_256(dev
, apdev
):
463 """WPA2-PSK-FT AP with PMF/BIP-CMAC-256"""
464 run_ap_ft_pmf_bip(dev
, apdev
, "BIP-CMAC-256")
466 def run_ap_ft_pmf_bip(dev
, apdev
, cipher
):
467 if cipher
not in dev
[0].get_capability("group_mgmt"):
468 raise HwsimSkip("Cipher %s not supported" % cipher
)
471 passphrase
= "12345678"
473 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
474 params
["ieee80211w"] = "2"
475 params
["group_mgmt_cipher"] = cipher
476 hapd0
= hostapd
.add_ap(apdev
[0], params
)
477 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
478 params
["ieee80211w"] = "2"
479 params
["group_mgmt_cipher"] = cipher
480 hapd1
= hostapd
.add_ap(apdev
[1], params
)
482 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
,
485 def test_ap_ft_ocv(dev
, apdev
):
486 """WPA2-PSK-FT AP with OCV"""
488 passphrase
= "12345678"
490 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
491 params
["ieee80211w"] = "2"
494 hapd0
= hostapd
.add_ap(apdev
[0], params
)
495 except Exception as e
:
496 if "Failed to set hostapd parameter ocv" in str(e
):
497 raise HwsimSkip("OCV not supported")
499 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
500 params
["ieee80211w"] = "2"
502 hapd1
= hostapd
.add_ap(apdev
[1], params
)
504 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, ocv
="1")
506 def test_ap_ft_over_ds(dev
, apdev
):
507 """WPA2-PSK-FT AP over DS"""
509 passphrase
= "12345678"
511 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
512 hapd0
= hostapd
.add_ap(apdev
[0], params
)
513 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
514 hapd1
= hostapd
.add_ap(apdev
[1], params
)
516 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
517 check_mib(dev
[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"),
518 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4")])
520 def cleanup_ap_ft_separate_hostapd():
521 subprocess
.call(["brctl", "delif", "br0ft", "veth0"],
522 stderr
=open('/dev/null', 'w'))
523 subprocess
.call(["brctl", "delif", "br1ft", "veth1"],
524 stderr
=open('/dev/null', 'w'))
525 subprocess
.call(["ip", "link", "del", "veth0"],
526 stderr
=open('/dev/null', 'w'))
527 subprocess
.call(["ip", "link", "del", "veth1"],
528 stderr
=open('/dev/null', 'w'))
529 for ifname
in ['br0ft', 'br1ft', 'br-ft']:
530 subprocess
.call(['ip', 'link', 'set', 'dev', ifname
, 'down'],
531 stderr
=open('/dev/null', 'w'))
532 subprocess
.call(['brctl', 'delbr', ifname
],
533 stderr
=open('/dev/null', 'w'))
535 def test_ap_ft_separate_hostapd(dev
, apdev
, params
):
536 """WPA2-PSK-FT AP and separate hostapd process"""
538 run_ap_ft_separate_hostapd(dev
, apdev
, params
, False)
540 cleanup_ap_ft_separate_hostapd()
542 def test_ap_ft_over_ds_separate_hostapd(dev
, apdev
, params
):
543 """WPA2-PSK-FT AP over DS and separate hostapd process"""
545 run_ap_ft_separate_hostapd(dev
, apdev
, params
, True)
547 cleanup_ap_ft_separate_hostapd()
549 def run_ap_ft_separate_hostapd(dev
, apdev
, params
, over_ds
):
551 passphrase
= "12345678"
552 logdir
= params
['logdir']
553 pidfile
= os
.path
.join(logdir
, 'ap_ft_over_ds_separate_hostapd.pid')
554 logfile
= os
.path
.join(logdir
, 'ap_ft_over_ds_separate_hostapd.hapd')
555 global_ctrl
= '/var/run/hostapd-ft'
559 subprocess
.check_call(['brctl', 'addbr', br_ifname
])
560 subprocess
.check_call(['brctl', 'setfd', br_ifname
, '0'])
561 subprocess
.check_call(['ip', 'link', 'set', 'dev', br_ifname
, 'up'])
563 subprocess
.check_call(["ip", "link", "add", "veth0", "type", "veth",
564 "peer", "name", "veth0br"])
565 subprocess
.check_call(["ip", "link", "add", "veth1", "type", "veth",
566 "peer", "name", "veth1br"])
567 subprocess
.check_call(['ip', 'link', 'set', 'dev', 'veth0br', 'up'])
568 subprocess
.check_call(['ip', 'link', 'set', 'dev', 'veth1br', 'up'])
569 subprocess
.check_call(['brctl', 'addif', br_ifname
, 'veth0br'])
570 subprocess
.check_call(['brctl', 'addif', br_ifname
, 'veth1br'])
572 subprocess
.check_call(['brctl', 'addbr', 'br0ft'])
573 subprocess
.check_call(['brctl', 'setfd', 'br0ft', '0'])
574 subprocess
.check_call(['ip', 'link', 'set', 'dev', 'br0ft', 'up'])
575 subprocess
.check_call(['ip', 'link', 'set', 'dev', 'veth0', 'up'])
576 subprocess
.check_call(['brctl', 'addif', 'br0ft', 'veth0'])
577 subprocess
.check_call(['brctl', 'addbr', 'br1ft'])
578 subprocess
.check_call(['brctl', 'setfd', 'br1ft', '0'])
579 subprocess
.check_call(['ip', 'link', 'set', 'dev', 'br1ft', 'up'])
580 subprocess
.check_call(['ip', 'link', 'set', 'dev', 'veth1', 'up'])
581 subprocess
.check_call(['brctl', 'addif', 'br1ft', 'veth1'])
582 except subprocess
.CalledProcessError
:
583 raise HwsimSkip("Bridge or veth not supported (kernel CONFIG_VETH)")
585 with
HWSimRadio() as (radio
, iface
):
586 prg
= os
.path
.join(logdir
, 'alt-hostapd/hostapd/hostapd')
587 if not os
.path
.exists(prg
):
588 prg
= '../../hostapd/hostapd'
589 cmd
= [prg
, '-B', '-ddKt',
590 '-P', pidfile
, '-f', logfile
, '-g', global_ctrl
]
591 subprocess
.check_call(cmd
)
593 hglobal
= hostapd
.HostapdGlobal(global_ctrl_override
=global_ctrl
)
594 apdev_ft
= {'ifname': iface
}
595 apdev2
= [apdev_ft
, apdev
[1]]
597 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
598 params
["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
599 params
["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
600 params
['bridge'] = 'br0ft'
601 hapd0
= hostapd
.add_ap(apdev2
[0], params
,
602 global_ctrl_override
=global_ctrl
)
603 apdev2
[0]['bssid'] = hapd0
.own_addr()
604 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
605 params
["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
606 params
["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
607 params
['bridge'] = 'br1ft'
608 hapd1
= hostapd
.add_ap(apdev2
[1], params
)
610 run_roams(dev
[0], apdev2
, hapd0
, hapd1
, ssid
, passphrase
,
611 over_ds
=over_ds
, test_connectivity
=False)
615 if os
.path
.exists(pidfile
):
616 with
open(pidfile
, 'r') as f
:
619 os
.kill(pid
, signal
.SIGTERM
)
621 def test_ap_ft_over_ds_ocv(dev
, apdev
):
622 """WPA2-PSK-FT AP over DS"""
624 passphrase
= "12345678"
626 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
627 params
["ieee80211w"] = "2"
630 hapd0
= hostapd
.add_ap(apdev
[0], params
)
631 except Exception as e
:
632 if "Failed to set hostapd parameter ocv" in str(e
):
633 raise HwsimSkip("OCV not supported")
635 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
636 params
["ieee80211w"] = "2"
638 hapd1
= hostapd
.add_ap(apdev
[1], params
)
640 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
643 def test_ap_ft_over_ds_disabled(dev
, apdev
):
644 """WPA2-PSK-FT AP over DS disabled"""
646 passphrase
= "12345678"
648 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
649 params
['ft_over_ds'] = '0'
650 hapd0
= hostapd
.add_ap(apdev
[0], params
)
651 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
652 params
['ft_over_ds'] = '0'
653 hapd1
= hostapd
.add_ap(apdev
[1], params
)
655 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
658 def test_ap_ft_vlan_over_ds(dev
, apdev
):
659 """WPA2-PSK-FT AP over DS with VLAN"""
661 passphrase
= "12345678"
663 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
664 params
['dynamic_vlan'] = "1"
665 params
['accept_mac_file'] = "hostapd.accept"
666 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
667 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
668 params
['dynamic_vlan'] = "1"
669 params
['accept_mac_file'] = "hostapd.accept"
670 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
672 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
674 check_mib(dev
[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"),
675 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4")])
677 def test_ap_ft_over_ds_many(dev
, apdev
):
678 """WPA2-PSK-FT AP over DS multiple times"""
680 passphrase
= "12345678"
682 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
683 hapd0
= hostapd
.add_ap(apdev
[0], params
)
684 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
685 hapd1
= hostapd
.add_ap(apdev
[1], params
)
687 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
690 def test_ap_ft_vlan_over_ds_many(dev
, apdev
):
691 """WPA2-PSK-FT AP over DS with VLAN multiple times"""
693 passphrase
= "12345678"
695 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
696 params
['dynamic_vlan'] = "1"
697 params
['accept_mac_file'] = "hostapd.accept"
698 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
699 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
700 params
['dynamic_vlan'] = "1"
701 params
['accept_mac_file'] = "hostapd.accept"
702 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
704 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
705 roams
=50, conndev
="brvlan1")
708 def test_ap_ft_over_ds_unknown_target(dev
, apdev
):
711 passphrase
= "12345678"
713 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
714 hapd0
= hostapd
.add_ap(apdev
[0], params
)
716 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
718 dev
[0].roam_over_ds("02:11:22:33:44:55", fail_test
=True)
721 def test_ap_ft_over_ds_unexpected(dev
, apdev
):
722 """WPA2-PSK-FT AP over DS and unexpected response"""
724 passphrase
= "12345678"
726 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
727 hapd0
= hostapd
.add_ap(apdev
[0], params
)
728 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
729 hapd1
= hostapd
.add_ap(apdev
[1], params
)
731 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
733 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
744 addr
= dev
[0].own_addr()
745 hapd1ap
.set("ext_mgmt_frame_handling", "1")
746 logger
.info("Foreign STA address")
750 msg
['sa'] = ap1
['bssid']
751 msg
['bssid'] = ap1
['bssid']
752 msg
['payload'] = binascii
.unhexlify("06021122334455660102030405060000")
755 logger
.info("No over-the-DS in progress")
756 msg
['payload'] = binascii
.unhexlify("0602" + addr
.replace(':', '') + "0102030405060000")
759 logger
.info("Non-zero status code")
760 msg
['payload'] = binascii
.unhexlify("0602" + addr
.replace(':', '') + "0102030405060100")
763 hapd1ap
.dump_monitor()
765 dev
[0].scan_for_bss(ap2
['bssid'], freq
="2412")
766 if "OK" not in dev
[0].request("FT_DS " + ap2
['bssid']):
767 raise Exception("FT_DS failed")
769 req
= hapd1ap
.mgmt_rx()
771 logger
.info("Foreign Target AP")
772 msg
['payload'] = binascii
.unhexlify("0602" + addr
.replace(':', '') + "0102030405060000")
775 addrs
= addr
.replace(':', '') + ap2
['bssid'].replace(':', '')
777 logger
.info("No IEs")
778 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "0000")
781 logger
.info("Invalid IEs (trigger parsing failure)")
782 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003700")
785 logger
.info("Too short MDIE")
786 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "000036021122")
789 logger
.info("Mobility domain mismatch")
790 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603112201")
793 logger
.info("No FTIE")
794 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201")
797 logger
.info("FTIE SNonce mismatch")
798 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "1000000000000000000000000000000000000000000000000000000000000001" + "030a6e6173322e77312e6669")
801 logger
.info("No R0KH-ID subelem in FTIE")
802 snonce
= binascii
.hexlify(req
['payload'][111:111+32]).decode()
803 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b20137520000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
)
806 logger
.info("No R0KH-ID subelem mismatch in FTIE")
807 snonce
= binascii
.hexlify(req
['payload'][111:111+32]).decode()
808 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
+ "030a11223344556677889900")
811 logger
.info("No R1KH-ID subelem in FTIE")
812 r0khid
= binascii
.hexlify(req
['payload'][145:145+10]).decode()
813 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
+ "030a" + r0khid
)
816 logger
.info("No RSNE")
817 r0khid
= binascii
.hexlify(req
['payload'][145:145+10]).decode()
818 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b20137660000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
+ "030a" + r0khid
+ "0106000102030405")
821 def test_ap_ft_pmf_over_ds(dev
, apdev
):
822 """WPA2-PSK-FT AP over DS with PMF"""
823 run_ap_ft_pmf_bip_over_ds(dev
, apdev
, None)
825 def test_ap_ft_pmf_bip_cmac_128_over_ds(dev
, apdev
):
826 """WPA2-PSK-FT AP over DS with PMF/BIP-CMAC-128"""
827 run_ap_ft_pmf_bip_over_ds(dev
, apdev
, "AES-128-CMAC")
829 def test_ap_ft_pmf_bip_gmac_128_over_ds(dev
, apdev
):
830 """WPA2-PSK-FT AP over DS with PMF/BIP-GMAC-128"""
831 run_ap_ft_pmf_bip_over_ds(dev
, apdev
, "BIP-GMAC-128")
833 def test_ap_ft_pmf_bip_gmac_256_over_ds(dev
, apdev
):
834 """WPA2-PSK-FT AP over DS with PMF/BIP-GMAC-256"""
835 run_ap_ft_pmf_bip_over_ds(dev
, apdev
, "BIP-GMAC-256")
837 def test_ap_ft_pmf_bip_cmac_256_over_ds(dev
, apdev
):
838 """WPA2-PSK-FT AP over DS with PMF/BIP-CMAC-256"""
839 run_ap_ft_pmf_bip_over_ds(dev
, apdev
, "BIP-CMAC-256")
841 def run_ap_ft_pmf_bip_over_ds(dev
, apdev
, cipher
):
842 if cipher
and cipher
not in dev
[0].get_capability("group_mgmt"):
843 raise HwsimSkip("Cipher %s not supported" % cipher
)
846 passphrase
= "12345678"
848 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
849 params
["ieee80211w"] = "2"
851 params
["group_mgmt_cipher"] = cipher
852 hapd0
= hostapd
.add_ap(apdev
[0], params
)
853 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
854 params
["ieee80211w"] = "2"
856 params
["group_mgmt_cipher"] = cipher
857 hapd1
= hostapd
.add_ap(apdev
[1], params
)
859 Wlantest
.setup(hapd0
)
862 wt
.add_passphrase(passphrase
)
864 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
867 def test_ap_ft_over_ds_pull(dev
, apdev
):
868 """WPA2-PSK-FT AP over DS (pull PMK)"""
870 passphrase
= "12345678"
872 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
873 params
["pmk_r1_push"] = "0"
874 hapd0
= hostapd
.add_ap(apdev
[0], params
)
875 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
876 params
["pmk_r1_push"] = "0"
877 hapd1
= hostapd
.add_ap(apdev
[1], params
)
879 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
881 def test_ap_ft_over_ds_pull_old_key(dev
, apdev
):
882 """WPA2-PSK-FT AP over DS (pull PMK; old key)"""
884 passphrase
= "12345678"
886 params
= ft_params1_old_key(ssid
=ssid
, passphrase
=passphrase
)
887 params
["pmk_r1_push"] = "0"
888 hapd0
= hostapd
.add_ap(apdev
[0], params
)
889 params
= ft_params2_old_key(ssid
=ssid
, passphrase
=passphrase
)
890 params
["pmk_r1_push"] = "0"
891 hapd1
= hostapd
.add_ap(apdev
[1], params
)
893 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
895 def test_ap_ft_over_ds_pull_vlan(dev
, apdev
):
896 """WPA2-PSK-FT AP over DS (pull PMK) with VLAN"""
898 passphrase
= "12345678"
900 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
901 params
["pmk_r1_push"] = "0"
902 params
['dynamic_vlan'] = "1"
903 params
['accept_mac_file'] = "hostapd.accept"
904 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
905 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
906 params
["pmk_r1_push"] = "0"
907 params
['dynamic_vlan'] = "1"
908 params
['accept_mac_file'] = "hostapd.accept"
909 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
911 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
914 def start_ft_sae(dev
, apdev
, wpa_ptk_rekey
=None):
915 if "SAE" not in dev
.get_capability("auth_alg"):
916 raise HwsimSkip("SAE not supported")
918 passphrase
= "12345678"
920 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
921 params
['wpa_key_mgmt'] = "FT-SAE"
923 params
['wpa_ptk_rekey'] = str(wpa_ptk_rekey
)
924 hapd0
= hostapd
.add_ap(apdev
[0], params
)
925 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
926 params
['wpa_key_mgmt'] = "FT-SAE"
928 params
['wpa_ptk_rekey'] = str(wpa_ptk_rekey
)
929 hapd1
= hostapd
.add_ap(apdev
[1], params
)
930 key_mgmt
= hapd1
.get_config()['key_mgmt']
931 if key_mgmt
.split(' ')[0] != "FT-SAE":
932 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
934 dev
.request("SET sae_groups ")
937 def test_ap_ft_sae(dev
, apdev
):
938 """WPA2-PSK-FT-SAE AP"""
939 hapd0
, hapd1
= start_ft_sae(dev
[0], apdev
)
940 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", sae
=True)
942 def test_ap_ft_sae_ptk_rekey0(dev
, apdev
):
943 """WPA2-PSK-FT-SAE AP and PTK rekey triggered by station"""
944 hapd0
, hapd1
= start_ft_sae(dev
[0], apdev
)
945 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", sae
=True,
946 ptk_rekey
="1", roams
=0)
947 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
949 def test_ap_ft_sae_ptk_rekey1(dev
, apdev
):
950 """WPA2-PSK-FT-SAE AP and PTK rekey triggered by station"""
951 hapd0
, hapd1
= start_ft_sae(dev
[0], apdev
)
952 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", sae
=True,
953 ptk_rekey
="1", only_one_way
=True)
954 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
956 def test_ap_ft_sae_ptk_rekey_ap(dev
, apdev
):
957 """WPA2-PSK-FT-SAE AP and PTK rekey triggered by AP"""
958 hapd0
, hapd1
= start_ft_sae(dev
[0], apdev
, wpa_ptk_rekey
=2)
959 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", sae
=True,
961 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
963 def test_ap_ft_sae_over_ds(dev
, apdev
):
964 """WPA2-PSK-FT-SAE AP over DS"""
965 hapd0
, hapd1
= start_ft_sae(dev
[0], apdev
)
966 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", sae
=True,
969 def test_ap_ft_sae_over_ds_ptk_rekey0(dev
, apdev
):
970 """WPA2-PSK-FT-SAE AP over DS and PTK rekey triggered by station"""
971 hapd0
, hapd1
= start_ft_sae(dev
[0], apdev
)
972 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", sae
=True,
973 over_ds
=True, ptk_rekey
="1", roams
=0)
974 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
976 def test_ap_ft_sae_over_ds_ptk_rekey1(dev
, apdev
):
977 """WPA2-PSK-FT-SAE AP over DS and PTK rekey triggered by station"""
978 hapd0
, hapd1
= start_ft_sae(dev
[0], apdev
)
979 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", sae
=True,
980 over_ds
=True, ptk_rekey
="1", only_one_way
=True)
981 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
983 def test_ap_ft_sae_over_ds_ptk_rekey_ap(dev
, apdev
):
984 """WPA2-PSK-FT-SAE AP over DS and PTK rekey triggered by AP"""
985 hapd0
, hapd1
= start_ft_sae(dev
[0], apdev
, wpa_ptk_rekey
=2)
986 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", sae
=True,
987 over_ds
=True, only_one_way
=True)
988 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
990 def test_ap_ft_sae_pw_id(dev
, apdev
):
991 """FT-SAE with Password Identifier"""
992 if "SAE" not in dev
[0].get_capability("auth_alg"):
993 raise HwsimSkip("SAE not supported")
996 params
= ft_params1(ssid
=ssid
)
997 params
["ieee80211w"] = "2"
998 params
['wpa_key_mgmt'] = "FT-SAE"
999 params
['sae_password'] = 'secret|id=pwid'
1000 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1001 params
= ft_params2(ssid
=ssid
)
1002 params
["ieee80211w"] = "2"
1003 params
['wpa_key_mgmt'] = "FT-SAE"
1004 params
['sae_password'] = 'secret|id=pwid'
1005 hapd
= hostapd
.add_ap(apdev
[1], params
)
1007 dev
[0].request("SET sae_groups ")
1008 run_roams(dev
[0], apdev
, hapd0
, hapd
, ssid
, passphrase
=None, sae
=True,
1009 sae_password
="secret", sae_password_id
="pwid")
1011 def test_ap_ft_sae_with_both_akms(dev
, apdev
):
1012 """SAE + FT-SAE configuration"""
1013 if "SAE" not in dev
[0].get_capability("auth_alg"):
1014 raise HwsimSkip("SAE not supported")
1016 passphrase
= "12345678"
1018 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1019 params
['wpa_key_mgmt'] = "FT-SAE SAE"
1020 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1021 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1022 params
['wpa_key_mgmt'] = "FT-SAE SAE"
1023 hapd
= hostapd
.add_ap(apdev
[1], params
)
1024 key_mgmt
= hapd
.get_config()['key_mgmt']
1025 if key_mgmt
.split(' ')[0] != "FT-SAE":
1026 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
1028 dev
[0].request("SET sae_groups ")
1029 run_roams(dev
[0], apdev
, hapd0
, hapd
, ssid
, passphrase
, sae
=True,
1032 def test_ap_ft_sae_pmksa_caching(dev
, apdev
):
1033 """WPA2-FT-SAE AP and PMKSA caching for initial mobility domain association"""
1034 if "SAE" not in dev
[0].get_capability("auth_alg"):
1035 raise HwsimSkip("SAE not supported")
1037 passphrase
= "12345678"
1039 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1040 params
['wpa_key_mgmt'] = "FT-SAE"
1041 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1042 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1043 params
['wpa_key_mgmt'] = "FT-SAE"
1044 hapd
= hostapd
.add_ap(apdev
[1], params
)
1045 key_mgmt
= hapd
.get_config()['key_mgmt']
1046 if key_mgmt
.split(' ')[0] != "FT-SAE":
1047 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
1049 dev
[0].request("SET sae_groups ")
1050 run_roams(dev
[0], apdev
, hapd0
, hapd
, ssid
, passphrase
, sae
=True,
1053 def generic_ap_ft_eap(dev
, apdev
, vlan
=False, cui
=False, over_ds
=False,
1054 discovery
=False, roams
=1, wpa_ptk_rekey
=0,
1055 only_one_way
=False):
1057 passphrase
= "12345678"
1059 identity
= "gpsk-vlan1"
1062 identity
= "gpsk-cui"
1065 identity
= "gpsk user"
1068 radius
= hostapd
.radius_params()
1069 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
, discovery
=discovery
)
1070 params
['wpa_key_mgmt'] = "FT-EAP"
1071 params
["ieee8021x"] = "1"
1073 params
["dynamic_vlan"] = "1"
1074 params
= dict(list(radius
.items()) + list(params
.items()))
1075 hapd
= hostapd
.add_ap(apdev
[0], params
)
1076 key_mgmt
= hapd
.get_config()['key_mgmt']
1077 if key_mgmt
.split(' ')[0] != "FT-EAP":
1078 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
1079 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
, discovery
=discovery
)
1080 params
['wpa_key_mgmt'] = "FT-EAP"
1081 params
["ieee8021x"] = "1"
1083 params
["dynamic_vlan"] = "1"
1085 params
["wpa_ptk_rekey"] = str(wpa_ptk_rekey
)
1086 params
= dict(list(radius
.items()) + list(params
.items()))
1087 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1089 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
, eap
=True,
1090 over_ds
=over_ds
, roams
=roams
, eap_identity
=identity
,
1091 conndev
=conndev
, only_one_way
=only_one_way
)
1092 if "[WPA2-FT/EAP-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
1093 raise Exception("Scan results missing RSN element info")
1094 check_mib(dev
[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-3"),
1095 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-3")])
1099 # Verify EAPOL reauthentication after FT protocol
1100 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
1104 ap
.request("EAPOL_REAUTH " + dev
[0].own_addr())
1105 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout
=5)
1107 raise Exception("EAP authentication did not start")
1108 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout
=5)
1110 raise Exception("EAP authentication did not succeed")
1113 hwsim_utils
.test_connectivity_iface(dev
[0], ap
, conndev
)
1115 hwsim_utils
.test_connectivity(dev
[0], ap
)
1117 def test_ap_ft_eap(dev
, apdev
):
1118 """WPA2-EAP-FT AP"""
1119 generic_ap_ft_eap(dev
, apdev
)
1121 def test_ap_ft_eap_cui(dev
, apdev
):
1122 """WPA2-EAP-FT AP with CUI"""
1123 generic_ap_ft_eap(dev
, apdev
, vlan
=False, cui
=True)
1125 def test_ap_ft_eap_vlan(dev
, apdev
):
1126 """WPA2-EAP-FT AP with VLAN"""
1127 generic_ap_ft_eap(dev
, apdev
, vlan
=True)
1129 def test_ap_ft_eap_vlan_multi(dev
, apdev
):
1130 """WPA2-EAP-FT AP with VLAN"""
1131 generic_ap_ft_eap(dev
, apdev
, vlan
=True, roams
=50)
1133 def test_ap_ft_eap_over_ds(dev
, apdev
):
1134 """WPA2-EAP-FT AP using over-the-DS"""
1135 generic_ap_ft_eap(dev
, apdev
, over_ds
=True)
1137 def test_ap_ft_eap_dis(dev
, apdev
):
1138 """WPA2-EAP-FT AP with AP discovery"""
1139 generic_ap_ft_eap(dev
, apdev
, discovery
=True)
1141 def test_ap_ft_eap_dis_over_ds(dev
, apdev
):
1142 """WPA2-EAP-FT AP with AP discovery and over-the-DS"""
1143 generic_ap_ft_eap(dev
, apdev
, over_ds
=True, discovery
=True)
1145 def test_ap_ft_eap_vlan(dev
, apdev
):
1146 """WPA2-EAP-FT AP with VLAN"""
1147 generic_ap_ft_eap(dev
, apdev
, vlan
=True)
1149 def test_ap_ft_eap_vlan_multi(dev
, apdev
):
1150 """WPA2-EAP-FT AP with VLAN"""
1151 generic_ap_ft_eap(dev
, apdev
, vlan
=True, roams
=50)
1153 def test_ap_ft_eap_vlan_over_ds(dev
, apdev
):
1154 """WPA2-EAP-FT AP with VLAN + over_ds"""
1155 generic_ap_ft_eap(dev
, apdev
, vlan
=True, over_ds
=True)
1157 def test_ap_ft_eap_vlan_over_ds_multi(dev
, apdev
):
1158 """WPA2-EAP-FT AP with VLAN + over_ds"""
1159 generic_ap_ft_eap(dev
, apdev
, vlan
=True, over_ds
=True, roams
=50)
1161 def generic_ap_ft_eap_pull(dev
, apdev
, vlan
=False):
1162 """WPA2-EAP-FT AP (pull PMK)"""
1164 passphrase
= "12345678"
1166 identity
= "gpsk-vlan1"
1169 identity
= "gpsk user"
1172 radius
= hostapd
.radius_params()
1173 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1174 params
['wpa_key_mgmt'] = "FT-EAP"
1175 params
["ieee8021x"] = "1"
1176 params
["pmk_r1_push"] = "0"
1178 params
["dynamic_vlan"] = "1"
1179 params
= dict(list(radius
.items()) + list(params
.items()))
1180 hapd
= hostapd
.add_ap(apdev
[0], params
)
1181 key_mgmt
= hapd
.get_config()['key_mgmt']
1182 if key_mgmt
.split(' ')[0] != "FT-EAP":
1183 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
1184 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1185 params
['wpa_key_mgmt'] = "FT-EAP"
1186 params
["ieee8021x"] = "1"
1187 params
["pmk_r1_push"] = "0"
1189 params
["dynamic_vlan"] = "1"
1190 params
= dict(list(radius
.items()) + list(params
.items()))
1191 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1193 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
, eap
=True,
1194 eap_identity
=identity
, conndev
=conndev
)
1196 def test_ap_ft_eap_pull(dev
, apdev
):
1197 """WPA2-EAP-FT AP (pull PMK)"""
1198 generic_ap_ft_eap_pull(dev
, apdev
)
1200 def test_ap_ft_eap_pull_vlan(dev
, apdev
):
1201 generic_ap_ft_eap_pull(dev
, apdev
, vlan
=True)
1203 def test_ap_ft_eap_pull_wildcard(dev
, apdev
):
1204 """WPA2-EAP-FT AP (pull PMK) - wildcard R0KH/R1KH"""
1206 passphrase
= "12345678"
1208 radius
= hostapd
.radius_params()
1209 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
, discovery
=True)
1210 params
['wpa_key_mgmt'] = "WPA-EAP FT-EAP"
1211 params
["ieee8021x"] = "1"
1212 params
["pmk_r1_push"] = "0"
1213 params
["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
1214 params
["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
1215 params
["ft_psk_generate_local"] = "1"
1216 params
["eap_server"] = "0"
1217 params
["rkh_pos_timeout"] = "100"
1218 params
["rkh_neg_timeout"] = "50"
1219 params
["rkh_pull_timeout"] = "1234"
1220 params
["rkh_pull_retries"] = "10"
1221 params
= dict(list(radius
.items()) + list(params
.items()))
1222 hapd
= hostapd
.add_ap(apdev
[0], params
)
1223 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
, discovery
=True)
1224 params
['wpa_key_mgmt'] = "WPA-EAP FT-EAP"
1225 params
["ieee8021x"] = "1"
1226 params
["pmk_r1_push"] = "0"
1227 params
["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
1228 params
["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
1229 params
["ft_psk_generate_local"] = "1"
1230 params
["eap_server"] = "0"
1231 params
= dict(list(radius
.items()) + list(params
.items()))
1232 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1234 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
, eap
=True)
1237 def test_ap_ft_mismatching_rrb_key_push(dev
, apdev
):
1238 """WPA2-PSK-FT AP over DS with mismatching RRB key (push)"""
1240 passphrase
= "12345678"
1242 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1243 params
["ieee80211w"] = "2"
1244 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1245 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
1246 params
["ieee80211w"] = "2"
1247 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1249 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1253 def test_ap_ft_mismatching_rrb_key_pull(dev
, apdev
):
1254 """WPA2-PSK-FT AP over DS with mismatching RRB key (pull)"""
1256 passphrase
= "12345678"
1258 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1259 params
["pmk_r1_push"] = "0"
1260 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1261 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
1262 params
["pmk_r1_push"] = "0"
1263 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1265 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1269 def test_ap_ft_mismatching_r0kh_id_pull(dev
, apdev
):
1270 """WPA2-PSK-FT AP over DS with mismatching R0KH-ID (pull)"""
1272 passphrase
= "12345678"
1274 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1275 params
["pmk_r1_push"] = "0"
1276 params
["nas_identifier"] = "nas0.w1.fi"
1277 hostapd
.add_ap(apdev
[0], params
)
1278 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1281 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1282 params
["pmk_r1_push"] = "0"
1283 hostapd
.add_ap(apdev
[1], params
)
1285 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
1286 dev
[0].roam_over_ds(apdev
[1]['bssid'], fail_test
=True)
1289 def test_ap_ft_mismatching_rrb_r0kh_push(dev
, apdev
):
1290 """WPA2-PSK-FT AP over DS with mismatching R0KH key (push)"""
1292 passphrase
= "12345678"
1294 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1295 params
["ieee80211w"] = "2"
1296 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1297 params
= ft_params2_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
1298 params
["ieee80211w"] = "2"
1299 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1301 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1305 def test_ap_ft_mismatching_rrb_r0kh_pull(dev
, apdev
):
1306 """WPA2-PSK-FT AP over DS with mismatching R0KH key (pull)"""
1308 passphrase
= "12345678"
1310 params
= ft_params1_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
1311 params
["pmk_r1_push"] = "0"
1312 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1313 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1314 params
["pmk_r1_push"] = "0"
1315 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1317 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1320 def test_ap_ft_mismatching_rrb_key_push_eap(dev
, apdev
):
1321 """WPA2-EAP-FT AP over DS with mismatching RRB key (push)"""
1323 passphrase
= "12345678"
1325 radius
= hostapd
.radius_params()
1326 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1327 params
["ieee80211w"] = "2"
1328 params
['wpa_key_mgmt'] = "FT-EAP"
1329 params
["ieee8021x"] = "1"
1330 params
= dict(list(radius
.items()) + list(params
.items()))
1331 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1332 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
1333 params
["ieee80211w"] = "2"
1334 params
['wpa_key_mgmt'] = "FT-EAP"
1335 params
["ieee8021x"] = "1"
1336 params
= dict(list(radius
.items()) + list(params
.items()))
1337 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1339 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1340 fail_test
=True, eap
=True)
1342 def test_ap_ft_mismatching_rrb_key_pull_eap(dev
, apdev
):
1343 """WPA2-EAP-FT AP over DS with mismatching RRB key (pull)"""
1345 passphrase
= "12345678"
1347 radius
= hostapd
.radius_params()
1348 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1349 params
["pmk_r1_push"] = "0"
1350 params
['wpa_key_mgmt'] = "FT-EAP"
1351 params
["ieee8021x"] = "1"
1352 params
= dict(list(radius
.items()) + list(params
.items()))
1353 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1354 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
1355 params
["pmk_r1_push"] = "0"
1356 params
['wpa_key_mgmt'] = "FT-EAP"
1357 params
["ieee8021x"] = "1"
1358 params
= dict(list(radius
.items()) + list(params
.items()))
1359 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1361 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1362 fail_test
=True, eap
=True)
1364 def test_ap_ft_mismatching_r0kh_id_pull_eap(dev
, apdev
):
1365 """WPA2-EAP-FT AP over DS with mismatching R0KH-ID (pull)"""
1367 passphrase
= "12345678"
1369 radius
= hostapd
.radius_params()
1370 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1371 params
["pmk_r1_push"] = "0"
1372 params
["nas_identifier"] = "nas0.w1.fi"
1373 params
['wpa_key_mgmt'] = "FT-EAP"
1374 params
["ieee8021x"] = "1"
1375 params
= dict(list(radius
.items()) + list(params
.items()))
1376 hostapd
.add_ap(apdev
[0], params
)
1377 dev
[0].connect(ssid
, key_mgmt
="FT-EAP", proto
="WPA2", ieee80211w
="1",
1378 eap
="GPSK", identity
="gpsk user",
1379 password
="abcdefghijklmnop0123456789abcdef",
1382 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1383 params
["pmk_r1_push"] = "0"
1384 params
['wpa_key_mgmt'] = "FT-EAP"
1385 params
["ieee8021x"] = "1"
1386 params
= dict(list(radius
.items()) + list(params
.items()))
1387 hostapd
.add_ap(apdev
[1], params
)
1389 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
1390 dev
[0].roam_over_ds(apdev
[1]['bssid'], fail_test
=True)
1392 def test_ap_ft_mismatching_rrb_r0kh_push_eap(dev
, apdev
):
1393 """WPA2-EAP-FT AP over DS with mismatching R0KH key (push)"""
1395 passphrase
= "12345678"
1397 radius
= hostapd
.radius_params()
1398 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1399 params
["ieee80211w"] = "2"
1400 params
['wpa_key_mgmt'] = "FT-EAP"
1401 params
["ieee8021x"] = "1"
1402 params
= dict(list(radius
.items()) + list(params
.items()))
1403 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1404 params
= ft_params2_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
1405 params
["ieee80211w"] = "2"
1406 params
['wpa_key_mgmt'] = "FT-EAP"
1407 params
["ieee8021x"] = "1"
1408 params
= dict(list(radius
.items()) + list(params
.items()))
1409 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1411 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1412 fail_test
=True, eap
=True)
1414 def test_ap_ft_mismatching_rrb_r0kh_pull_eap(dev
, apdev
):
1415 """WPA2-EAP-FT AP over DS with mismatching R0KH key (pull)"""
1417 passphrase
= "12345678"
1419 radius
= hostapd
.radius_params()
1420 params
= ft_params1_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
1421 params
["pmk_r1_push"] = "0"
1422 params
['wpa_key_mgmt'] = "FT-EAP"
1423 params
["ieee8021x"] = "1"
1424 params
= dict(list(radius
.items()) + list(params
.items()))
1425 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1426 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1427 params
["pmk_r1_push"] = "0"
1428 params
['wpa_key_mgmt'] = "FT-EAP"
1429 params
["ieee8021x"] = "1"
1430 params
= dict(list(radius
.items()) + list(params
.items()))
1431 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1433 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1434 fail_test
=True, eap
=True)
1436 def test_ap_ft_gtk_rekey(dev
, apdev
):
1437 """WPA2-PSK-FT AP and GTK rekey"""
1439 passphrase
= "12345678"
1441 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1442 params
['wpa_group_rekey'] = '1'
1443 hapd
= hostapd
.add_ap(apdev
[0], params
)
1445 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1446 ieee80211w
="1", scan_freq
="2412")
1448 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
1450 raise Exception("GTK rekey timed out after initial association")
1451 hwsim_utils
.test_connectivity(dev
[0], hapd
)
1453 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1454 params
['wpa_group_rekey'] = '1'
1455 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1457 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
1458 dev
[0].roam(apdev
[1]['bssid'])
1459 if dev
[0].get_status_field('bssid') != apdev
[1]['bssid']:
1460 raise Exception("Did not connect to correct AP")
1461 hwsim_utils
.test_connectivity(dev
[0], hapd1
)
1463 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
1465 raise Exception("GTK rekey timed out after FT protocol")
1466 hwsim_utils
.test_connectivity(dev
[0], hapd1
)
1468 def test_ft_psk_key_lifetime_in_memory(dev
, apdev
, params
):
1469 """WPA2-PSK-FT and key lifetime in memory"""
1471 passphrase
= "04c2726b4b8d5f1b4db9c07aa4d9e9d8f765cb5d25ec817e6cc4fcdd5255db0"
1472 psk
= '93c90846ff67af9037ed83fb72b63dbeddaa81d47f926c20909b5886f1d9358d'
1473 pmk
= binascii
.unhexlify(psk
)
1474 p
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1475 hapd0
= hostapd
.add_ap(apdev
[0], p
)
1476 p
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1477 hapd1
= hostapd
.add_ap(apdev
[1], p
)
1479 pid
= find_wpas_process(dev
[0])
1481 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1483 # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
1484 # event has been delivered, so verify that wpa_supplicant has returned to
1485 # eloop before reading process memory.
1489 buf
= read_process_memory(pid
, pmk
)
1491 dev
[0].request("DISCONNECT")
1492 dev
[0].wait_disconnected()
1499 with
open(os
.path
.join(params
['logdir'], 'log0'), 'r') as f
:
1500 for l
in f
.readlines():
1501 if "FT: PMK-R0 - hexdump" in l
:
1502 val
= l
.strip().split(':')[3].replace(' ', '')
1503 pmkr0
= binascii
.unhexlify(val
)
1504 if "FT: PMK-R1 - hexdump" in l
:
1505 val
= l
.strip().split(':')[3].replace(' ', '')
1506 pmkr1
= binascii
.unhexlify(val
)
1507 if "FT: KCK - hexdump" in l
:
1508 val
= l
.strip().split(':')[3].replace(' ', '')
1509 kck
= binascii
.unhexlify(val
)
1510 if "FT: KEK - hexdump" in l
:
1511 val
= l
.strip().split(':')[3].replace(' ', '')
1512 kek
= binascii
.unhexlify(val
)
1513 if "FT: TK - hexdump" in l
:
1514 val
= l
.strip().split(':')[3].replace(' ', '')
1515 tk
= binascii
.unhexlify(val
)
1516 if "WPA: Group Key - hexdump" in l
:
1517 val
= l
.strip().split(':')[3].replace(' ', '')
1518 gtk
= binascii
.unhexlify(val
)
1519 if not pmkr0
or not pmkr1
or not kck
or not kek
or not tk
or not gtk
:
1520 raise Exception("Could not find keys from debug log")
1522 raise Exception("Unexpected GTK length")
1524 logger
.info("Checking keys in memory while associated")
1525 get_key_locations(buf
, pmk
, "PMK")
1526 get_key_locations(buf
, pmkr0
, "PMK-R0")
1527 get_key_locations(buf
, pmkr1
, "PMK-R1")
1529 raise HwsimSkip("PMK not found while associated")
1530 if pmkr0
not in buf
:
1531 raise HwsimSkip("PMK-R0 not found while associated")
1532 if pmkr1
not in buf
:
1533 raise HwsimSkip("PMK-R1 not found while associated")
1535 raise Exception("KCK not found while associated")
1537 raise Exception("KEK not found while associated")
1539 # raise Exception("TK found from memory")
1541 logger
.info("Checking keys in memory after disassociation")
1542 buf
= read_process_memory(pid
, pmk
)
1543 get_key_locations(buf
, pmk
, "PMK")
1544 get_key_locations(buf
, pmkr0
, "PMK-R0")
1545 get_key_locations(buf
, pmkr1
, "PMK-R1")
1547 # Note: PMK/PSK is still present in network configuration
1549 fname
= os
.path
.join(params
['logdir'],
1550 'ft_psk_key_lifetime_in_memory.memctx-')
1551 verify_not_present(buf
, pmkr0
, fname
, "PMK-R0")
1552 verify_not_present(buf
, pmkr1
, fname
, "PMK-R1")
1553 verify_not_present(buf
, kck
, fname
, "KCK")
1554 verify_not_present(buf
, kek
, fname
, "KEK")
1555 verify_not_present(buf
, tk
, fname
, "TK")
1557 get_key_locations(buf
, gtk
, "GTK")
1558 verify_not_present(buf
, gtk
, fname
, "GTK")
1560 dev
[0].request("REMOVE_NETWORK all")
1562 logger
.info("Checking keys in memory after network profile removal")
1563 buf
= read_process_memory(pid
, pmk
)
1564 get_key_locations(buf
, pmk
, "PMK")
1565 get_key_locations(buf
, pmkr0
, "PMK-R0")
1566 get_key_locations(buf
, pmkr1
, "PMK-R1")
1568 verify_not_present(buf
, pmk
, fname
, "PMK")
1569 verify_not_present(buf
, pmkr0
, fname
, "PMK-R0")
1570 verify_not_present(buf
, pmkr1
, fname
, "PMK-R1")
1571 verify_not_present(buf
, kck
, fname
, "KCK")
1572 verify_not_present(buf
, kek
, fname
, "KEK")
1573 verify_not_present(buf
, tk
, fname
, "TK")
1574 verify_not_present(buf
, gtk
, fname
, "GTK")
1577 def test_ap_ft_invalid_resp(dev
, apdev
):
1578 """WPA2-PSK-FT AP and invalid response IEs"""
1580 passphrase
= "12345678"
1582 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1583 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1584 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1587 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1588 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1591 # Various IEs for test coverage. The last one is FTIE with invalid
1592 # R1KH-ID subelement.
1593 "020002000000" + "3800" + "38051122334455" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010100",
1594 # FTIE with invalid R0KH-ID subelement (len=0).
1595 "020002000000" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010300",
1596 # FTIE with invalid R0KH-ID subelement (len=49).
1597 "020002000000" + "378500010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001033101020304050607080910111213141516171819202122232425262728293031323334353637383940414243444546474849",
1599 "020002000000" + "3000",
1600 # Required IEs missing from protected IE count.
1601 "020002000000" + "3603a1b201" + "375200010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
1602 # RIC missing from protected IE count.
1603 "020002000000" + "3603a1b201" + "375200020203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
1604 # Protected IE missing.
1605 "020002000000" + "3603a1b201" + "375200ff0203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900" + "0000"]
1607 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
1608 hapd1
.set("ext_mgmt_frame_handling", "1")
1609 hapd1
.dump_monitor()
1610 if "OK" not in dev
[0].request("ROAM " + apdev
[1]['bssid']):
1611 raise Exception("ROAM failed")
1614 msg
= hapd1
.mgmt_rx()
1615 if msg
['subtype'] == 11:
1619 raise Exception("Authentication frame not seen")
1622 resp
['fc'] = auth
['fc']
1623 resp
['da'] = auth
['sa']
1624 resp
['sa'] = auth
['da']
1625 resp
['bssid'] = auth
['bssid']
1626 resp
['payload'] = binascii
.unhexlify(t
)
1628 hapd1
.set("ext_mgmt_frame_handling", "0")
1629 dev
[0].wait_disconnected()
1631 dev
[0].request("RECONNECT")
1632 dev
[0].wait_connected()
1634 def test_ap_ft_gcmp_256(dev
, apdev
):
1635 """WPA2-PSK-FT AP with GCMP-256 cipher"""
1636 if "GCMP-256" not in dev
[0].get_capability("pairwise"):
1637 raise HwsimSkip("Cipher GCMP-256 not supported")
1639 passphrase
= "12345678"
1641 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1642 params
['rsn_pairwise'] = "GCMP-256"
1643 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1644 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1645 params
['rsn_pairwise'] = "GCMP-256"
1646 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1648 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
,
1649 pairwise_cipher
="GCMP-256", group_cipher
="GCMP-256")
1651 def setup_ap_ft_oom(dev
, apdev
):
1652 skip_with_fips(dev
[0])
1654 passphrase
= "12345678"
1656 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1657 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1658 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1659 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1661 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1663 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
1664 dst
= apdev
[1]['bssid']
1666 dst
= apdev
[0]['bssid']
1668 dev
[0].scan_for_bss(dst
, freq
="2412")
1672 def test_ap_ft_oom(dev
, apdev
):
1673 """WPA2-PSK-FT and OOM"""
1674 dst
= setup_ap_ft_oom(dev
, apdev
)
1675 with
alloc_fail(dev
[0], 1, "wpa_ft_gen_req_ies"):
1678 def test_ap_ft_oom2(dev
, apdev
):
1679 """WPA2-PSK-FT and OOM (2)"""
1680 dst
= setup_ap_ft_oom(dev
, apdev
)
1681 with
fail_test(dev
[0], 1, "wpa_ft_mic"):
1682 dev
[0].roam(dst
, fail_test
=True, assoc_reject_ok
=True)
1684 def test_ap_ft_oom3(dev
, apdev
):
1685 """WPA2-PSK-FT and OOM (3)"""
1686 dst
= setup_ap_ft_oom(dev
, apdev
)
1687 with
fail_test(dev
[0], 1, "os_get_random;wpa_ft_prepare_auth_request"):
1690 def test_ap_ft_oom4(dev
, apdev
):
1691 """WPA2-PSK-FT and OOM (4)"""
1693 passphrase
= "12345678"
1694 dst
= setup_ap_ft_oom(dev
, apdev
)
1695 dev
[0].request("REMOVE_NETWORK all")
1696 with
alloc_fail(dev
[0], 1, "=sme_update_ft_ies"):
1697 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1700 def test_ap_ft_ap_oom(dev
, apdev
):
1701 """WPA2-PSK-FT and AP OOM"""
1703 passphrase
= "12345678"
1705 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1706 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1707 bssid0
= hapd0
.own_addr()
1709 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1710 with
alloc_fail(hapd0
, 1, "wpa_ft_store_pmk_r0"):
1711 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1714 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1715 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1716 bssid1
= hapd1
.own_addr()
1717 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1718 # This roam will fail due to missing PMK-R0 (OOM prevented storing it)
1721 def test_ap_ft_ap_oom2(dev
, apdev
):
1722 """WPA2-PSK-FT and AP OOM 2"""
1724 passphrase
= "12345678"
1726 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1727 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1728 bssid0
= hapd0
.own_addr()
1730 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1731 with
alloc_fail(hapd0
, 1, "wpa_ft_store_pmk_r1"):
1732 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1735 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1736 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1737 bssid1
= hapd1
.own_addr()
1738 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1740 if dev
[0].get_status_field('bssid') != bssid1
:
1741 raise Exception("Did not roam to AP1")
1742 # This roam will fail due to missing PMK-R1 (OOM prevented storing it)
1745 def test_ap_ft_ap_oom3(dev
, apdev
):
1746 """WPA2-PSK-FT and AP OOM 3"""
1748 passphrase
= "12345678"
1750 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1751 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1752 bssid0
= hapd0
.own_addr()
1754 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1755 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1758 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1759 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1760 bssid1
= hapd1
.own_addr()
1761 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1762 with
alloc_fail(hapd1
, 1, "wpa_ft_pull_pmk_r1"):
1763 # This will fail due to not being able to send out PMK-R1 pull request
1766 with
fail_test(hapd1
, 2, "os_get_random;wpa_ft_pull_pmk_r1"):
1767 # This will fail due to not being able to send out PMK-R1 pull request
1770 with
fail_test(hapd1
, 2, "aes_siv_encrypt;wpa_ft_pull_pmk_r1"):
1771 # This will fail due to not being able to send out PMK-R1 pull request
1774 def test_ap_ft_ap_oom3b(dev
, apdev
):
1775 """WPA2-PSK-FT and AP OOM 3b"""
1777 passphrase
= "12345678"
1779 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1780 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1781 bssid0
= hapd0
.own_addr()
1783 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1784 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1787 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1788 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1789 bssid1
= hapd1
.own_addr()
1790 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1791 with
fail_test(hapd1
, 1, "os_get_random;wpa_ft_pull_pmk_r1"):
1792 # This will fail due to not being able to send out PMK-R1 pull request
1795 def test_ap_ft_ap_oom4(dev
, apdev
):
1796 """WPA2-PSK-FT and AP OOM 4"""
1798 passphrase
= "12345678"
1800 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1801 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1802 bssid0
= hapd0
.own_addr()
1804 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1805 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1808 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1809 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1810 bssid1
= hapd1
.own_addr()
1811 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1812 with
alloc_fail(hapd1
, 1, "wpa_ft_gtk_subelem"):
1814 if dev
[0].get_status_field('bssid') != bssid1
:
1815 raise Exception("Did not roam to AP1")
1817 with
fail_test(hapd0
, 1, "wpa_auth_get_seqnum;wpa_ft_gtk_subelem"):
1819 if dev
[0].get_status_field('bssid') != bssid0
:
1820 raise Exception("Did not roam to AP0")
1822 with
fail_test(hapd0
, 1, "aes_wrap;wpa_ft_gtk_subelem"):
1824 if dev
[0].get_status_field('bssid') != bssid1
:
1825 raise Exception("Did not roam to AP1")
1827 def test_ap_ft_ap_oom5(dev
, apdev
):
1828 """WPA2-PSK-FT and AP OOM 5"""
1830 passphrase
= "12345678"
1832 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1833 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1834 bssid0
= hapd0
.own_addr()
1836 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1837 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1840 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1841 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1842 bssid1
= hapd1
.own_addr()
1843 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1844 with
alloc_fail(hapd1
, 1, "=wpa_ft_process_auth_req"):
1845 # This will fail to roam
1848 with
fail_test(hapd1
, 1, "os_get_random;wpa_ft_process_auth_req"):
1849 # This will fail to roam
1852 with
fail_test(hapd1
, 1, "sha256_prf_bits;wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
1853 # This will fail to roam
1856 with
fail_test(hapd1
, 3, "wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
1857 # This will fail to roam
1860 with
fail_test(hapd1
, 1, "wpa_derive_pmk_r1_name;wpa_ft_process_auth_req"):
1861 # This will fail to roam
1864 def test_ap_ft_ap_oom6(dev
, apdev
):
1865 """WPA2-PSK-FT and AP OOM 6"""
1867 passphrase
= "12345678"
1869 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1870 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1871 bssid0
= hapd0
.own_addr()
1873 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1874 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r0;wpa_auth_derive_ptk_ft"):
1875 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1877 dev
[0].request("REMOVE_NETWORK all")
1878 dev
[0].wait_disconnected()
1879 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r1;wpa_auth_derive_ptk_ft"):
1880 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1882 dev
[0].request("REMOVE_NETWORK all")
1883 dev
[0].wait_disconnected()
1884 with
fail_test(hapd0
, 1, "wpa_pmk_r1_to_ptk;wpa_auth_derive_ptk_ft"):
1885 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1888 def test_ap_ft_ap_oom7a(dev
, apdev
):
1889 """WPA2-PSK-FT and AP OOM 7a"""
1891 passphrase
= "12345678"
1893 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1894 params
["ieee80211w"] = "2"
1895 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1896 bssid0
= hapd0
.own_addr()
1898 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1899 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1900 ieee80211w
="2", scan_freq
="2412")
1902 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1903 params
["ieee80211w"] = "2"
1904 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1905 bssid1
= hapd1
.own_addr()
1906 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1907 with
alloc_fail(hapd1
, 1, "wpa_ft_igtk_subelem"):
1908 # This will fail to roam
1911 def test_ap_ft_ap_oom7b(dev
, apdev
):
1912 """WPA2-PSK-FT and AP OOM 7b"""
1914 passphrase
= "12345678"
1916 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1917 params
["ieee80211w"] = "2"
1918 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1919 bssid0
= hapd0
.own_addr()
1921 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1922 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1923 ieee80211w
="2", scan_freq
="2412")
1925 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1926 params
["ieee80211w"] = "2"
1927 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1928 bssid1
= hapd1
.own_addr()
1929 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1930 with
fail_test(hapd1
, 1, "aes_wrap;wpa_ft_igtk_subelem"):
1931 # This will fail to roam
1934 def test_ap_ft_ap_oom7c(dev
, apdev
):
1935 """WPA2-PSK-FT and AP OOM 7c"""
1937 passphrase
= "12345678"
1939 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1940 params
["ieee80211w"] = "2"
1941 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1942 bssid0
= hapd0
.own_addr()
1944 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1945 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1946 ieee80211w
="2", scan_freq
="2412")
1948 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1949 params
["ieee80211w"] = "2"
1950 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1951 bssid1
= hapd1
.own_addr()
1952 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1953 with
alloc_fail(hapd1
, 1, "=wpa_sm_write_assoc_resp_ies"):
1954 # This will fail to roam
1957 def test_ap_ft_ap_oom7d(dev
, apdev
):
1958 """WPA2-PSK-FT and AP OOM 7d"""
1960 passphrase
= "12345678"
1962 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1963 params
["ieee80211w"] = "2"
1964 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1965 bssid0
= hapd0
.own_addr()
1967 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1968 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1969 ieee80211w
="2", scan_freq
="2412")
1971 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1972 params
["ieee80211w"] = "2"
1973 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1974 bssid1
= hapd1
.own_addr()
1975 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1976 with
fail_test(hapd1
, 1, "wpa_ft_mic;wpa_sm_write_assoc_resp_ies"):
1977 # This will fail to roam
1980 def test_ap_ft_ap_oom8(dev
, apdev
):
1981 """WPA2-PSK-FT and AP OOM 8"""
1983 passphrase
= "12345678"
1985 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1986 params
['ft_psk_generate_local'] = "1"
1987 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1988 bssid0
= hapd0
.own_addr()
1990 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1991 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1994 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1995 params
['ft_psk_generate_local'] = "1"
1996 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1997 bssid1
= hapd1
.own_addr()
1998 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1999 with
fail_test(hapd1
, 1, "wpa_derive_pmk_r0;wpa_ft_psk_pmk_r1"):
2000 # This will fail to roam
2002 with
fail_test(hapd1
, 1, "wpa_derive_pmk_r1;wpa_ft_psk_pmk_r1"):
2003 # This will fail to roam
2006 def test_ap_ft_ap_oom9(dev
, apdev
):
2007 """WPA2-PSK-FT and AP OOM 9"""
2009 passphrase
= "12345678"
2011 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2012 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2013 bssid0
= hapd0
.own_addr()
2015 dev
[0].scan_for_bss(bssid0
, freq
="2412")
2016 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2019 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2020 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2021 bssid1
= hapd1
.own_addr()
2022 dev
[0].scan_for_bss(bssid1
, freq
="2412")
2024 with
alloc_fail(hapd0
, 1, "wpa_ft_action_rx"):
2025 # This will fail to roam
2026 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
2027 raise Exception("FT_DS failed")
2028 wait_fail_trigger(hapd0
, "GET_ALLOC_FAIL")
2030 with
alloc_fail(hapd1
, 1, "wpa_ft_rrb_rx_request"):
2031 # This will fail to roam
2032 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
2033 raise Exception("FT_DS failed")
2034 wait_fail_trigger(hapd1
, "GET_ALLOC_FAIL")
2036 with
alloc_fail(hapd1
, 1, "wpa_ft_send_rrb_auth_resp"):
2037 # This will fail to roam
2038 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
2039 raise Exception("FT_DS failed")
2040 wait_fail_trigger(hapd1
, "GET_ALLOC_FAIL")
2042 def test_ap_ft_ap_oom10(dev
, apdev
):
2043 """WPA2-PSK-FT and AP OOM 10"""
2045 passphrase
= "12345678"
2047 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2048 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2049 bssid0
= hapd0
.own_addr()
2051 dev
[0].scan_for_bss(bssid0
, freq
="2412")
2052 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2055 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2056 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2057 bssid1
= hapd1
.own_addr()
2058 dev
[0].scan_for_bss(bssid1
, freq
="2412")
2060 with
fail_test(hapd0
, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_pull"):
2061 # This will fail to roam
2062 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
2063 raise Exception("FT_DS failed")
2064 wait_fail_trigger(hapd0
, "GET_FAIL")
2066 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r1;wpa_ft_rrb_rx_pull"):
2067 # This will fail to roam
2068 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
2069 raise Exception("FT_DS failed")
2070 wait_fail_trigger(hapd0
, "GET_FAIL")
2072 with
fail_test(hapd0
, 1, "aes_siv_encrypt;wpa_ft_rrb_rx_pull"):
2073 # This will fail to roam
2074 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
2075 raise Exception("FT_DS failed")
2076 wait_fail_trigger(hapd0
, "GET_FAIL")
2078 with
fail_test(hapd1
, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_resp"):
2079 # This will fail to roam
2080 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
2081 raise Exception("FT_DS failed")
2082 wait_fail_trigger(hapd1
, "GET_FAIL")
2084 def test_ap_ft_ap_oom11(dev
, apdev
):
2085 """WPA2-PSK-FT and AP OOM 11"""
2087 passphrase
= "12345678"
2089 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2090 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2091 bssid0
= hapd0
.own_addr()
2093 dev
[0].scan_for_bss(bssid0
, freq
="2412")
2094 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r1;wpa_ft_generate_pmk_r1"):
2095 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2097 wait_fail_trigger(hapd0
, "GET_FAIL")
2099 dev
[1].scan_for_bss(bssid0
, freq
="2412")
2100 with
fail_test(hapd0
, 1, "aes_siv_encrypt;wpa_ft_generate_pmk_r1"):
2101 dev
[1].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2103 wait_fail_trigger(hapd0
, "GET_FAIL")
2105 def test_ap_ft_over_ds_proto_ap(dev
, apdev
):
2106 """WPA2-PSK-FT AP over DS protocol testing for AP processing"""
2108 passphrase
= "12345678"
2110 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2111 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2112 bssid0
= hapd0
.own_addr()
2113 _bssid0
= bssid0
.replace(':', '')
2114 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2116 addr
= dev
[0].own_addr()
2117 _addr
= addr
.replace(':', '')
2119 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2120 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2121 bssid1
= hapd1
.own_addr()
2122 _bssid1
= bssid1
.replace(':', '')
2124 hapd0
.set("ext_mgmt_frame_handling", "1")
2125 hdr
= "d0003a01" + _bssid0
+ _addr
+ _bssid0
+ "1000"
2126 valid
= "0601" + _addr
+ _bssid1
2129 "0601" + _addr
+ _bssid0
,
2130 "0601" + _addr
+ "ffffffffffff",
2131 "0601" + _bssid0
+ _bssid0
,
2136 valid
+ "3603ffffff",
2137 valid
+ "3603a1b2ff",
2138 valid
+ "3603a1b2ff" + "3700",
2139 valid
+ "3603a1b2ff" + "37520000" + 16*"00" + 32*"00" + 32*"00",
2140 valid
+ "3603a1b2ff" + "37520001" + 16*"00" + 32*"00" + 32*"00",
2141 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa",
2142 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "3000",
2143 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000facff00000100a225368fe0983b5828a37a0acb37f253",
2144 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac030100000fac0400000100a225368fe0983b5828a37a0acb37f253",
2145 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000fac0400000100a225368fe0983b5828a37a0acb37f253",
2148 hapd0
.dump_monitor()
2149 if "OK" not in hapd0
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr
+ t
):
2150 raise Exception("MGMT_RX_PROCESS failed")
2152 hapd0
.set("ext_mgmt_frame_handling", "0")
2154 def test_ap_ft_over_ds_proto(dev
, apdev
):
2155 """WPA2-PSK-FT AP over DS protocol testing"""
2157 passphrase
= "12345678"
2159 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2160 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2161 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2164 # FT Action Response while no FT-over-DS in progress
2167 msg
['da'] = dev
[0].own_addr()
2168 msg
['sa'] = apdev
[0]['bssid']
2169 msg
['bssid'] = apdev
[0]['bssid']
2170 msg
['payload'] = binascii
.unhexlify("06020200000000000200000004000000")
2173 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2174 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2175 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
2176 hapd0
.set("ext_mgmt_frame_handling", "1")
2177 hapd0
.dump_monitor()
2178 dev
[0].request("FT_DS " + apdev
[1]['bssid'])
2179 for i
in range(0, 10):
2180 req
= hapd0
.mgmt_rx()
2182 raise Exception("MGMT RX wait timed out")
2183 if req
['subtype'] == 13:
2187 raise Exception("FT Action frame not received")
2189 # FT Action Response for unexpected Target AP
2190 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "f20000000400" + "0000")
2193 # FT Action Response without MDIE
2194 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "020000000400" + "0000")
2197 # FT Action Response without FTIE
2198 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201")
2201 # FT Action Response with FTIE SNonce mismatch
2202 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201" + "3766000000000000000000000000000000000000c4e67ac1999bebd00ff4ae4d5dcaf87896bb060b469f7c78d49623fb395c3455ffffff6b693fe6f8d8c5dfac0a22344750775bd09437f98b238c9f87b97f790c0106000102030406030a6e6173312e77312e6669")
2206 def test_ap_ft_rrb(dev
, apdev
):
2207 """WPA2-PSK-FT RRB protocol testing"""
2209 passphrase
= "12345678"
2211 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2212 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2214 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2217 _dst_ll
= binascii
.unhexlify(apdev
[0]['bssid'].replace(':', ''))
2218 _src_ll
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
2220 ehdr
= _dst_ll
+ _src_ll
+ proto
2222 # Too short RRB frame
2223 pkt
= ehdr
+ b
'\x01'
2224 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2225 raise Exception("DATA_TEST_FRAME failed")
2227 # RRB discarded frame wikth unrecognized type
2228 pkt
= ehdr
+ b
'\x02' + b
'\x02' + b
'\x01\x00' + _src_ll
2229 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2230 raise Exception("DATA_TEST_FRAME failed")
2232 # RRB frame too short for action frame
2233 pkt
= ehdr
+ b
'\x01' + b
'\x02' + b
'\x01\x00' + _src_ll
2234 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2235 raise Exception("DATA_TEST_FRAME failed")
2237 # Too short RRB frame (not enough room for Action Frame body)
2238 pkt
= ehdr
+ b
'\x01' + b
'\x02' + b
'\x00\x00' + _src_ll
2239 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2240 raise Exception("DATA_TEST_FRAME failed")
2242 # Unexpected Action frame category
2243 pkt
= ehdr
+ b
'\x01' + b
'\x02' + b
'\x0e\x00' + _src_ll
+ b
'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2244 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2245 raise Exception("DATA_TEST_FRAME failed")
2247 # Unexpected Action in RRB Request
2248 pkt
= ehdr
+ b
'\x01' + b
'\x00' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2249 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2250 raise Exception("DATA_TEST_FRAME failed")
2252 # Target AP address in RRB Request does not match with own address
2253 pkt
= ehdr
+ b
'\x01' + b
'\x00' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2254 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2255 raise Exception("DATA_TEST_FRAME failed")
2257 # Not enough room for status code in RRB Response
2258 pkt
= ehdr
+ b
'\x01' + b
'\x01' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2259 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2260 raise Exception("DATA_TEST_FRAME failed")
2262 # RRB discarded frame with unknown packet_type
2263 pkt
= ehdr
+ b
'\x01' + b
'\x02' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2264 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2265 raise Exception("DATA_TEST_FRAME failed")
2267 # RRB Response with non-zero status code; no STA match
2268 pkt
= ehdr
+ b
'\x01' + b
'\x01' + b
'\x10\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + b
'\xff\xff'
2269 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2270 raise Exception("DATA_TEST_FRAME failed")
2272 # RRB Response with zero status code and extra data; STA match
2273 pkt
= ehdr
+ b
'\x01' + b
'\x01' + b
'\x11\x00' + _src_ll
+ b
'\x06\x01' + _src_ll
+ b
'\x00\x00\x00\x00\x00\x00' + b
'\x00\x00' + b
'\x00'
2274 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2275 raise Exception("DATA_TEST_FRAME failed")
2277 # Too short PMK-R1 pull
2278 pkt
= ehdr
+ b
'\x01' + b
'\xc8' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2279 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2280 raise Exception("DATA_TEST_FRAME failed")
2282 # Too short PMK-R1 resp
2283 pkt
= ehdr
+ b
'\x01' + b
'\xc9' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2284 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2285 raise Exception("DATA_TEST_FRAME failed")
2287 # Too short PMK-R1 push
2288 pkt
= ehdr
+ b
'\x01' + b
'\xca' + b
'\x0e\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2289 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2290 raise Exception("DATA_TEST_FRAME failed")
2292 # No matching R0KH address found for PMK-R0 pull response
2293 pkt
= ehdr
+ b
'\x01' + b
'\xc9' + b
'\x5a\x00' + _src_ll
+ b
'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + 76 * b
'\00'
2294 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
).decode()):
2295 raise Exception("DATA_TEST_FRAME failed")
2298 def test_rsn_ie_proto_ft_psk_sta(dev
, apdev
):
2299 """RSN element protocol testing for FT-PSK + PMF cases on STA side"""
2300 bssid
= apdev
[0]['bssid']
2302 passphrase
= "12345678"
2304 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2305 params
["ieee80211w"] = "1"
2306 # This is the RSN element used normally by hostapd
2307 params
['own_ie_override'] = '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'
2308 hapd
= hostapd
.add_ap(apdev
[0], params
)
2309 id = dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2310 ieee80211w
="1", scan_freq
="2412",
2311 pairwise
="CCMP", group
="CCMP")
2313 tests
= [('PMKIDCount field included',
2314 '30160100000fac040100000fac040100000fac048c000000' + '3603a1b201'),
2315 ('Extra IE before RSNE',
2316 'dd0400000000' + '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'),
2317 ('PMKIDCount and Group Management Cipher suite fields included',
2318 '301a0100000fac040100000fac040100000fac048c000000000fac06' + '3603a1b201'),
2319 ('Extra octet after defined fields (future extensibility)',
2320 '301b0100000fac040100000fac040100000fac048c000000000fac0600' + '3603a1b201'),
2321 ('No RSN Capabilities field (PMF disabled in practice)',
2322 '30120100000fac040100000fac040100000fac04' + '3603a1b201')]
2323 for txt
, ie
in tests
:
2324 dev
[0].request("DISCONNECT")
2325 dev
[0].wait_disconnected()
2328 hapd
.set('own_ie_override', ie
)
2330 dev
[0].request("BSS_FLUSH 0")
2331 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
2332 dev
[0].select_network(id, freq
=2412)
2333 dev
[0].wait_connected()
2335 dev
[0].request("DISCONNECT")
2336 dev
[0].wait_disconnected()
2338 logger
.info('Invalid RSNE causing internal hostapd error')
2340 hapd
.set('own_ie_override', '30130100000fac040100000fac040100000fac048c' + '3603a1b201')
2342 dev
[0].request("BSS_FLUSH 0")
2343 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
2344 dev
[0].select_network(id, freq
=2412)
2345 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
2347 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=1)
2349 raise Exception("Unexpected connection")
2350 dev
[0].request("DISCONNECT")
2352 logger
.info('Unexpected PMKID causing internal hostapd error')
2354 hapd
.set('own_ie_override', '30260100000fac040100000fac040100000fac048c000100ffffffffffffffffffffffffffffffff' + '3603a1b201')
2356 dev
[0].request("BSS_FLUSH 0")
2357 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
2358 dev
[0].select_network(id, freq
=2412)
2359 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
2361 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=1)
2363 raise Exception("Unexpected connection")
2364 dev
[0].request("DISCONNECT")
2366 def start_ft(apdev
, wpa_ptk_rekey
=None):
2368 passphrase
= "12345678"
2370 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2372 params
['wpa_ptk_rekey'] = str(wpa_ptk_rekey
)
2373 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2374 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2376 params
['wpa_ptk_rekey'] = str(wpa_ptk_rekey
)
2377 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2381 def check_ptk_rekey(dev
, hapd0
=None, hapd1
=None):
2382 ev
= dev
.wait_event(["CTRL-EVENT-DISCONNECTED",
2383 "WPA: Key negotiation completed"], timeout
=5)
2385 raise Exception("No event received after roam")
2386 if "CTRL-EVENT-DISCONNECTED" in ev
:
2387 raise Exception("Unexpected disconnection after roam")
2389 if not hapd0
or not hapd1
:
2391 if dev
.get_status_field('bssid') == hapd0
.own_addr():
2396 hwsim_utils
.test_connectivity(dev
, hapd
)
2398 def test_ap_ft_ptk_rekey(dev
, apdev
):
2399 """WPA2-PSK-FT PTK rekeying triggered by station after roam"""
2400 hapd0
, hapd1
= start_ft(apdev
)
2401 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", ptk_rekey
="1")
2402 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
2404 def test_ap_ft_ptk_rekey2(dev
, apdev
):
2405 """WPA2-PSK-FT PTK rekeying triggered by station after one roam"""
2406 hapd0
, hapd1
= start_ft(apdev
)
2407 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678", ptk_rekey
="1",
2409 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
2411 def test_ap_ft_ptk_rekey_ap(dev
, apdev
):
2412 """WPA2-PSK-FT PTK rekeying triggered by AP after roam"""
2413 hapd0
, hapd1
= start_ft(apdev
, wpa_ptk_rekey
=2)
2414 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678")
2415 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
2417 def test_ap_ft_ptk_rekey_ap2(dev
, apdev
):
2418 """WPA2-PSK-FT PTK rekeying triggered by AP after one roam"""
2419 hapd0
, hapd1
= start_ft(apdev
, wpa_ptk_rekey
=2)
2420 run_roams(dev
[0], apdev
, hapd0
, hapd1
, "test-ft", "12345678",
2422 check_ptk_rekey(dev
[0], hapd0
, hapd1
)
2424 def test_ap_ft_eap_ptk_rekey_ap(dev
, apdev
):
2425 """WPA2-EAP-FT PTK rekeying triggered by AP"""
2426 generic_ap_ft_eap(dev
, apdev
, only_one_way
=True, wpa_ptk_rekey
=2)
2427 check_ptk_rekey(dev
[0])
2429 def test_ap_ft_internal_rrb_check(dev
, apdev
):
2430 """RRB internal delivery only to WPA enabled BSS"""
2432 passphrase
= "12345678"
2434 radius
= hostapd
.radius_params()
2435 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2436 params
['wpa_key_mgmt'] = "FT-EAP"
2437 params
["ieee8021x"] = "1"
2438 params
= dict(list(radius
.items()) + list(params
.items()))
2439 hapd
= hostapd
.add_ap(apdev
[0], params
)
2440 key_mgmt
= hapd
.get_config()['key_mgmt']
2441 if key_mgmt
.split(' ')[0] != "FT-EAP":
2442 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
2444 hapd1
= hostapd
.add_ap(apdev
[1], {"ssid": ssid
})
2446 # Connect to WPA enabled AP
2447 dev
[0].connect(ssid
, key_mgmt
="FT-EAP", proto
="WPA2", ieee80211w
="1",
2448 eap
="GPSK", identity
="gpsk user",
2449 password
="abcdefghijklmnop0123456789abcdef",
2452 # Try over_ds roaming to non-WPA-enabled AP.
2453 # If hostapd does not check hapd->wpa_auth internally, it will crash now.
2454 dev
[0].roam_over_ds(apdev
[1]['bssid'], fail_test
=True)
2456 def test_ap_ft_extra_ie(dev
, apdev
):
2457 """WPA2-PSK-FT AP with WPA2-PSK enabled and unexpected MDE"""
2459 passphrase
= "12345678"
2461 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2462 params
["wpa_key_mgmt"] = "WPA-PSK FT-PSK"
2463 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2464 dev
[1].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2466 dev
[2].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK", proto
="WPA2",
2469 # Add Mobility Domain element to test AP validation code.
2470 dev
[0].request("VENDOR_ELEM_ADD 13 3603a1b201")
2471 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK", proto
="WPA2",
2472 scan_freq
="2412", wait_connect
=False)
2473 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED",
2474 "CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
2476 raise Exception("No connection result")
2477 if "CTRL-EVENT-CONNECTED" in ev
:
2478 raise Exception("Non-FT association accepted with MDE")
2479 if "status_code=43" not in ev
:
2480 raise Exception("Unexpected status code: " + ev
)
2481 dev
[0].request("DISCONNECT")
2483 dev
[0].request("VENDOR_ELEM_REMOVE 13 *")
2485 def test_ap_ft_ric(dev
, apdev
):
2486 """WPA2-PSK-FT AP and RIC"""
2488 passphrase
= "12345678"
2490 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2491 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2492 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2493 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2495 dev
[0].set("ric_ies", "")
2496 dev
[0].set("ric_ies", '""')
2497 if "FAIL" not in dev
[0].request("SET ric_ies q"):
2498 raise Exception("Invalid ric_ies value accepted")
2503 "390400000000" + "390400000000",
2504 "390400000000" + "dd050050f20202",
2505 "390400000000" + "dd3d0050f2020201" + 55*"00",
2506 "390400000000" + "dd3d0050f2020201aa300010270000000000000000000000000000000000000000000000000000ffffff7f00000000000000000000000040420f00ffff0000",
2507 "390401010000" + "dd3d0050f2020201aa3000dc050000000000000000000000000000000000000000000000000000dc050000000000000000000000000000808d5b0028230000"]
2509 dev
[0].set("ric_ies", t
)
2510 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
,
2511 test_connectivity
=False)
2512 dev
[0].request("REMOVE_NETWORK all")
2513 dev
[0].wait_disconnected()
2514 dev
[0].dump_monitor()
2516 def ie_hex(ies
, id):
2517 return binascii
.hexlify(struct
.pack('BB', id, len(ies
[id])) + ies
[id]).decode()
2519 def test_ap_ft_reassoc_proto(dev
, apdev
):
2520 """WPA2-PSK-FT AP Reassociation Request frame parsing"""
2522 passphrase
= "12345678"
2524 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2525 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2526 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2527 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2529 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2530 ieee80211w
="1", scan_freq
="2412")
2531 if dev
[0].get_status_field('bssid') == hapd0
.own_addr():
2538 dev
[0].scan_for_bss(hapd2ap
.own_addr(), freq
="2412")
2539 hapd2ap
.set("ext_mgmt_frame_handling", "1")
2540 dev
[0].request("ROAM " + hapd2ap
.own_addr())
2543 req
= hapd2ap
.mgmt_rx()
2544 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']).decode())
2545 if req
['subtype'] == 11:
2549 req
= hapd2ap
.mgmt_rx()
2550 if req
['subtype'] == 2:
2552 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']).decode())
2554 # IEEE 802.11 header + fixed fields before IEs
2555 hdr
= binascii
.hexlify(req
['frame'][0:34]).decode()
2556 ies
= parse_ie(binascii
.hexlify(req
['frame'][34:]))
2557 # First elements: SSID, Supported Rates, Extended Supported Rates
2558 ies1
= ie_hex(ies
, 0) + ie_hex(ies
, 1) + ie_hex(ies
, 50)
2560 rsne
= ie_hex(ies
, 48)
2561 mde
= ie_hex(ies
, 54)
2562 fte
= ie_hex(ies
, 55)
2564 # RSN: Trying to use FT, but MDIE not included
2566 # RSN: Attempted to use unknown MDIE
2567 tests
+= [rsne
+ "3603000000"]
2568 # Invalid RSN pairwise cipher
2569 tests
+= ["30260100000fac040100000fac030100000fac040000010029208a42cd25c85aa571567dce10dae3"]
2570 # FT: No PMKID in RSNIE
2571 tests
+= ["30160100000fac040100000fac040100000fac0400000000" + ie_hex(ies
, 54)]
2573 tests
+= [rsne
+ mde
]
2574 # FT: RIC IE(s) in the frame, but not included in protected IE count
2575 # FT: Failed to parse FT IEs
2576 tests
+= [rsne
+ mde
+ fte
+ "3900"]
2577 # FT: SNonce mismatch in FTIE
2578 tests
+= [rsne
+ mde
+ "37520000" + 16*"00" + 32*"00" + 32*"00"]
2579 # FT: ANonce mismatch in FTIE
2580 tests
+= [rsne
+ mde
+ fte
[0:40] + 32*"00" + fte
[104:]]
2581 # FT: No R0KH-ID subelem in FTIE
2582 tests
+= [rsne
+ mde
+ "3752" + fte
[4:168]]
2583 # FT: R0KH-ID in FTIE did not match with the current R0KH-ID
2584 tests
+= [rsne
+ mde
+ "3755" + fte
[4:168] + "0301ff"]
2585 # FT: No R1KH-ID subelem in FTIE
2586 tests
+= [rsne
+ mde
+ "375e" + fte
[4:168] + "030a" + binascii
.hexlify(b
"nas1.w1.fi").decode()]
2587 # FT: Unknown R1KH-ID used in ReassocReq
2588 tests
+= [rsne
+ mde
+ "3766" + fte
[4:168] + "030a" + binascii
.hexlify(b
"nas1.w1.fi").decode() + "0106000000000000"]
2589 # FT: PMKID in Reassoc Req did not match with the PMKR1Name derived from auth request
2590 tests
+= [rsne
[:-32] + 16*"00" + mde
+ fte
]
2591 # Invalid MIC in FTIE
2592 tests
+= [rsne
+ mde
+ fte
[0:8] + 16*"00" + fte
[40:]]
2594 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr
+ ies1
+ t
)
2596 def test_ap_ft_reassoc_local_fail(dev
, apdev
):
2597 """WPA2-PSK-FT AP Reassociation Request frame and local failure"""
2599 passphrase
= "12345678"
2601 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2602 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2603 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2604 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2606 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2607 ieee80211w
="1", scan_freq
="2412")
2608 if dev
[0].get_status_field('bssid') == hapd0
.own_addr():
2615 dev
[0].scan_for_bss(hapd2ap
.own_addr(), freq
="2412")
2616 # FT: Failed to calculate MIC
2617 with
fail_test(hapd2ap
, 1, "wpa_ft_validate_reassoc"):
2618 dev
[0].request("ROAM " + hapd2ap
.own_addr())
2619 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
2620 dev
[0].request("DISCONNECT")
2622 raise Exception("Association reject not seen")
2624 def test_ap_ft_reassoc_replay(dev
, apdev
, params
):
2625 """WPA2-PSK-FT AP and replayed Reassociation Request frame"""
2626 capfile
= os
.path
.join(params
['logdir'], "hwsim0.pcapng")
2628 passphrase
= "12345678"
2630 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2631 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2632 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2633 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2635 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2637 if dev
[0].get_status_field('bssid') == hapd0
.own_addr():
2644 dev
[0].scan_for_bss(hapd2ap
.own_addr(), freq
="2412")
2645 hapd2ap
.set("ext_mgmt_frame_handling", "1")
2646 dev
[0].dump_monitor()
2647 if "OK" not in dev
[0].request("ROAM " + hapd2ap
.own_addr()):
2648 raise Exception("ROAM failed")
2653 req
= hapd2ap
.mgmt_rx()
2655 hapd2ap
.dump_monitor()
2656 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']).decode())
2657 if req
['subtype'] == 2:
2659 ev
= hapd2ap
.wait_event(["MGMT-TX-STATUS"], timeout
=5)
2661 raise Exception("No TX status seen")
2662 cmd
= "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev
.split(' ')[1:4]))
2663 if "OK" not in hapd2ap
.request(cmd
):
2664 raise Exception("MGMT_TX_STATUS_PROCESS failed")
2666 hapd2ap
.set("ext_mgmt_frame_handling", "0")
2667 if reassocreq
is None:
2668 raise Exception("No Reassociation Request frame seen")
2669 dev
[0].wait_connected()
2670 dev
[0].dump_monitor()
2671 hapd2ap
.dump_monitor()
2673 hwsim_utils
.test_connectivity(dev
[0], hapd2ap
)
2675 logger
.info("Replay the last Reassociation Request frame")
2676 hapd2ap
.dump_monitor()
2677 hapd2ap
.set("ext_mgmt_frame_handling", "1")
2678 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']).decode())
2679 ev
= hapd2ap
.wait_event(["MGMT-TX-STATUS"], timeout
=5)
2681 raise Exception("No TX status seen")
2682 cmd
= "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev
.split(' ')[1:4]))
2683 if "OK" not in hapd2ap
.request(cmd
):
2684 raise Exception("MGMT_TX_STATUS_PROCESS failed")
2685 hapd2ap
.set("ext_mgmt_frame_handling", "0")
2688 hwsim_utils
.test_connectivity(dev
[0], hapd2ap
)
2693 ap
= hapd2ap
.own_addr()
2694 sta
= dev
[0].own_addr()
2695 filt
= "wlan.fc.type == 2 && " + \
2696 "wlan.da == " + sta
+ " && " + \
2698 fields
= ["wlan.ccmp.extiv"]
2699 res
= run_tshark(capfile
, filt
, fields
)
2700 vals
= res
.splitlines()
2701 logger
.info("CCMP PN: " + str(vals
))
2703 raise Exception("Could not find all CCMP protected frames from capture")
2704 if len(set(vals
)) < len(vals
):
2705 raise Exception("Duplicate CCMP PN used")
2708 raise Exception("The second hwsim connectivity test failed")
2710 def test_ap_ft_psk_file(dev
, apdev
):
2711 """WPA2-PSK-FT AP with PSK from a file"""
2713 passphrase
= "12345678"
2715 params
= ft_params1a(ssid
=ssid
, passphrase
=passphrase
)
2716 params
['wpa_psk_file'] = 'hostapd.wpa_psk'
2717 hapd
= hostapd
.add_ap(apdev
[0], params
)
2719 dev
[1].connect(ssid
, psk
="very secret",
2720 key_mgmt
="FT-PSK", proto
="WPA2", ieee80211w
="1",
2721 scan_freq
="2412", wait_connect
=False)
2722 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2723 ieee80211w
="1", scan_freq
="2412")
2724 dev
[0].request("REMOVE_NETWORK all")
2725 dev
[0].wait_disconnected()
2726 dev
[0].connect(ssid
, psk
="very secret", key_mgmt
="FT-PSK", proto
="WPA2",
2727 ieee80211w
="1", scan_freq
="2412")
2728 dev
[0].request("REMOVE_NETWORK all")
2729 dev
[0].wait_disconnected()
2730 dev
[0].connect(ssid
, psk
="secret passphrase",
2731 key_mgmt
="FT-PSK", proto
="WPA2", ieee80211w
="1",
2733 dev
[2].connect(ssid
, psk
="another passphrase for all STAs",
2734 key_mgmt
="FT-PSK", proto
="WPA2", ieee80211w
="1",
2736 ev
= dev
[1].wait_event(["WPA: 4-Way Handshake failed"], timeout
=10)
2738 raise Exception("Timed out while waiting for failure report")
2739 dev
[1].request("REMOVE_NETWORK all")
2741 def test_ap_ft_eap_ap_config_change(dev
, apdev
):
2742 """WPA2-EAP-FT AP changing from 802.1X-only to FT-only"""
2744 passphrase
= "12345678"
2745 bssid
= apdev
[0]['bssid']
2747 radius
= hostapd
.radius_params()
2748 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
, discovery
=True)
2749 params
['wpa_key_mgmt'] = "WPA-EAP"
2750 params
["ieee8021x"] = "1"
2751 params
["pmk_r1_push"] = "0"
2752 params
["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
2753 params
["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
2754 params
["eap_server"] = "0"
2755 params
= dict(list(radius
.items()) + list(params
.items()))
2756 hapd
= hostapd
.add_ap(apdev
[0], params
)
2758 dev
[0].connect(ssid
, key_mgmt
="FT-EAP WPA-EAP", proto
="WPA2",
2759 eap
="GPSK", identity
="gpsk user",
2760 password
="abcdefghijklmnop0123456789abcdef",
2762 dev
[0].request("DISCONNECT")
2763 dev
[0].wait_disconnected()
2764 dev
[0].dump_monitor()
2767 hapd
.set('wpa_key_mgmt', "FT-EAP")
2770 dev
[0].request("BSS_FLUSH 0")
2771 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
2773 dev
[0].request("RECONNECT")
2774 dev
[0].wait_connected()
2776 def test_ap_ft_eap_sha384(dev
, apdev
):
2777 """WPA2-EAP-FT with SHA384"""
2779 passphrase
= "12345678"
2781 radius
= hostapd
.radius_params()
2782 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2783 params
["ieee80211w"] = "2"
2784 params
['wpa_key_mgmt'] = "FT-EAP-SHA384"
2785 params
["ieee8021x"] = "1"
2786 params
= dict(list(radius
.items()) + list(params
.items()))
2787 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2788 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2789 params
["ieee80211w"] = "2"
2790 params
['wpa_key_mgmt'] = "FT-EAP-SHA384"
2791 params
["ieee8021x"] = "1"
2792 params
= dict(list(radius
.items()) + list(params
.items()))
2793 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2795 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, eap
=True,
2798 def test_ap_ft_eap_sha384_reassoc(dev
, apdev
):
2799 """WPA2-EAP-FT with SHA384 using REASSOCIATE"""
2800 check_suite_b_192_capa(dev
)
2802 passphrase
= "12345678"
2804 radius
= hostapd
.radius_params()
2805 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2806 params
["ieee80211w"] = "2"
2807 params
['wpa_key_mgmt'] = "WPA-EAP-SUITE-B-192 FT-EAP-SHA384"
2808 params
["ieee8021x"] = "1"
2809 params
= dict(list(radius
.items()) + list(params
.items()))
2810 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2811 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2812 params
["ieee80211w"] = "2"
2813 params
['wpa_key_mgmt'] = "WPA-EAP-SUITE-B-192 FT-EAP-SHA384"
2814 params
["ieee8021x"] = "1"
2815 params
= dict(list(radius
.items()) + list(params
.items()))
2816 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2818 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, eap
=True,
2819 sha384
=True, also_non_ft
=True, roam_with_reassoc
=True)
2821 def test_ap_ft_eap_sha384_over_ds(dev
, apdev
):
2822 """WPA2-EAP-FT with SHA384 over DS"""
2824 passphrase
= "12345678"
2826 radius
= hostapd
.radius_params()
2827 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2828 params
["ieee80211w"] = "2"
2829 params
['wpa_key_mgmt'] = "FT-EAP-SHA384"
2830 params
["ieee8021x"] = "1"
2831 params
= dict(list(radius
.items()) + list(params
.items()))
2832 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2833 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2834 params
["ieee80211w"] = "2"
2835 params
['wpa_key_mgmt'] = "FT-EAP-SHA384"
2836 params
["ieee8021x"] = "1"
2837 params
= dict(list(radius
.items()) + list(params
.items()))
2838 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2840 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
2841 eap
=True, sha384
=True)
2843 def test_ap_ft_roam_rrm(dev
, apdev
):
2844 """WPA2-PSK-FT AP and radio measurement request"""
2846 passphrase
= "12345678"
2848 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2849 params
["rrm_beacon_report"] = "1"
2850 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2851 bssid0
= hapd0
.own_addr()
2853 addr
= dev
[0].own_addr()
2854 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2856 check_beacon_req(hapd0
, addr
, 1)
2858 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2859 params
["rrm_beacon_report"] = "1"
2860 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2861 bssid1
= hapd1
.own_addr()
2863 dev
[0].scan_for_bss(bssid1
, freq
=2412)
2865 check_beacon_req(hapd1
, addr
, 2)
2867 dev
[0].scan_for_bss(bssid0
, freq
=2412)
2869 check_beacon_req(hapd0
, addr
, 3)
2871 def test_ap_ft_pmksa_caching(dev
, apdev
):
2872 """FT-EAP and PMKSA caching for initial mobility domain association"""
2874 identity
= "gpsk user"
2876 radius
= hostapd
.radius_params()
2877 params
= ft_params1(ssid
=ssid
)
2878 params
['wpa_key_mgmt'] = "FT-EAP"
2879 params
["ieee8021x"] = "1"
2880 params
["mobility_domain"] = "c3d4"
2881 params
= dict(list(radius
.items()) + list(params
.items()))
2882 hapd
= hostapd
.add_ap(apdev
[0], params
)
2884 params
= ft_params2(ssid
=ssid
)
2885 params
['wpa_key_mgmt'] = "FT-EAP"
2886 params
["ieee8021x"] = "1"
2887 params
["mobility_domain"] = "c3d4"
2888 params
= dict(list(radius
.items()) + list(params
.items()))
2889 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2891 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, None, eap
=True,
2892 eap_identity
=identity
, pmksa_caching
=True)
2894 def test_ap_ft_pmksa_caching_sha384(dev
, apdev
):
2895 """FT-EAP-SHA384 and PMKSA caching for initial mobility domain association"""
2897 identity
= "gpsk user"
2899 radius
= hostapd
.radius_params()
2900 params
= ft_params1(ssid
=ssid
)
2901 params
['wpa_key_mgmt'] = "FT-EAP-SHA384"
2902 params
["ieee8021x"] = "1"
2903 params
["mobility_domain"] = "c3d4"
2904 params
= dict(list(radius
.items()) + list(params
.items()))
2905 hapd
= hostapd
.add_ap(apdev
[0], params
)
2907 params
= ft_params2(ssid
=ssid
)
2908 params
['wpa_key_mgmt'] = "FT-EAP-SHA384"
2909 params
["ieee8021x"] = "1"
2910 params
["mobility_domain"] = "c3d4"
2911 params
= dict(list(radius
.items()) + list(params
.items()))
2912 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2914 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, None, eap
=True,
2915 eap_identity
=identity
, pmksa_caching
=True, sha384
=True)
2917 def test_ap_ft_r1_key_expiration(dev
, apdev
):
2918 """WPA2-PSK-FT and PMK-R1 expiration"""
2920 passphrase
= "12345678"
2922 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2923 params
['r1_max_key_lifetime'] = "2"
2924 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2925 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2926 params
['r1_max_key_lifetime'] = "2"
2927 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2929 # This succeeds, but results in having to run another PMK-R1 pull before the
2930 # second AP can complete FT protocol.
2931 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, wait_before_roam
=4)
2933 def test_ap_ft_r0_key_expiration(dev
, apdev
):
2934 """WPA2-PSK-FT and PMK-R0 expiration"""
2936 passphrase
= "12345678"
2938 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2939 params
['ft_r0_key_lifetime'] = "2"
2940 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2941 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2942 params
['ft_r0_key_lifetime'] = "2"
2943 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2945 bssid2
= run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
,
2946 return_after_initial
=True)
2948 dev
[0].scan_for_bss(bssid2
, freq
="2412")
2949 if "OK" not in dev
[0].request("ROAM " + bssid2
):
2950 raise Exception("ROAM failed")
2951 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED",
2952 "CTRL-EVENT-AUTH-REJECT",
2953 "CTRL-EVENT-ASSOC-REJECT"], timeout
=5)
2954 dev
[0].request("DISCONNECT")
2955 if ev
is None or "CTRL-EVENT-AUTH-REJECT" not in ev
:
2956 raise Exception("FT protocol failure not reported")
2957 if "status_code=53" not in ev
:
2958 raise Exception("Unexpected status in FT protocol failure: " + ev
)
2960 # Generate a new PMK-R0
2961 dev
[0].dump_monitor()
2962 dev
[0].request("RECONNECT")
2963 dev
[0].wait_connected()