]> git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_ap_ft.py
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tests: Wait after rekeying a bit before running connectivity test
[thirdparty/hostap.git] / tests / hwsim / test_ap_ft.py
1 # Fast BSS Transition tests
2 # Copyright (c) 2013-2019, Jouni Malinen <j@w1.fi>
3 #
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
6
7 from remotehost import remote_compatible
8 import binascii
9 import os
10 import time
11 import logging
12 logger = logging.getLogger()
13 import signal
14 import struct
15 import subprocess
16
17 import hwsim_utils
18 from hwsim import HWSimRadio
19 import hostapd
20 from tshark import run_tshark
21 from utils import HwsimSkip, alloc_fail, fail_test, wait_fail_trigger, skip_with_fips, parse_ie
22 from wlantest import Wlantest
23 from test_ap_psk import check_mib, find_wpas_process, read_process_memory, verify_not_present, get_key_locations
24 from test_rrm import check_beacon_req
25 from test_suite_b import check_suite_b_192_capa
26
27 def ft_base_rsn():
28 params = {"wpa": "2",
29 "wpa_key_mgmt": "FT-PSK",
30 "rsn_pairwise": "CCMP"}
31 return params
32
33 def ft_base_mixed():
34 params = {"wpa": "3",
35 "wpa_key_mgmt": "WPA-PSK FT-PSK",
36 "wpa_pairwise": "TKIP",
37 "rsn_pairwise": "CCMP"}
38 return params
39
40 def ft_params(rsn=True, ssid=None, passphrase=None):
41 if rsn:
42 params = ft_base_rsn()
43 else:
44 params = ft_base_mixed()
45 if ssid:
46 params["ssid"] = ssid
47 if passphrase:
48 params["wpa_passphrase"] = passphrase
49
50 params["mobility_domain"] = "a1b2"
51 params["r0_key_lifetime"] = "10000"
52 params["pmk_r1_push"] = "1"
53 params["reassociation_deadline"] = "1000"
54 return params
55
56 def ft_params1a(rsn=True, ssid=None, passphrase=None):
57 params = ft_params(rsn, ssid, passphrase)
58 params['nas_identifier'] = "nas1.w1.fi"
59 params['r1_key_holder'] = "000102030405"
60 return params
61
62 def ft_params1(rsn=True, ssid=None, passphrase=None, discovery=False):
63 params = ft_params1a(rsn, ssid, passphrase)
64 if discovery:
65 params['r0kh'] = "ff:ff:ff:ff:ff:ff * 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
66 params['r1kh'] = "00:00:00:00:00:00 00:00:00:00:00:00 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
67 else:
68 params['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f",
69 "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"]
70 params['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f"
71 return params
72
73 def ft_params1_old_key(rsn=True, ssid=None, passphrase=None):
74 params = ft_params1a(rsn, ssid, passphrase)
75 params['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f",
76 "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f"]
77 params['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f"
78 return params
79
80 def ft_params2a(rsn=True, ssid=None, passphrase=None):
81 params = ft_params(rsn, ssid, passphrase)
82 params['nas_identifier'] = "nas2.w1.fi"
83 params['r1_key_holder'] = "000102030406"
84 return params
85
86 def ft_params2(rsn=True, ssid=None, passphrase=None, discovery=False):
87 params = ft_params2a(rsn, ssid, passphrase)
88 if discovery:
89 params['r0kh'] = "ff:ff:ff:ff:ff:ff * 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
90 params['r1kh'] = "00:00:00:00:00:00 00:00:00:00:00:00 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
91 else:
92 params['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f",
93 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f"]
94 params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"
95 return params
96
97 def ft_params2_old_key(rsn=True, ssid=None, passphrase=None):
98 params = ft_params2a(rsn, ssid, passphrase)
99 params['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f",
100 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f"]
101 params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f"
102 return params
103
104 def ft_params1_r0kh_mismatch(rsn=True, ssid=None, passphrase=None):
105 params = ft_params(rsn, ssid, passphrase)
106 params['nas_identifier'] = "nas1.w1.fi"
107 params['r1_key_holder'] = "000102030405"
108 params['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f",
109 "12:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"]
110 params['r1kh'] = "12:00:00:00:04:00 10:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f"
111 return params
112
113 def ft_params2_incorrect_rrb_key(rsn=True, ssid=None, passphrase=None):
114 params = ft_params(rsn, ssid, passphrase)
115 params['nas_identifier'] = "nas2.w1.fi"
116 params['r1_key_holder'] = "000102030406"
117 params['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0ef1200102030405060708090a0b0c0d0ef1",
118 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0ef2000102030405060708090a0b0c0d0ef2"]
119 params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0ef3300102030405060708090a0b0c0d0ef3"
120 return params
121
122 def ft_params2_r0kh_mismatch(rsn=True, ssid=None, passphrase=None):
123 params = ft_params(rsn, ssid, passphrase)
124 params['nas_identifier'] = "nas2.w1.fi"
125 params['r1_key_holder'] = "000102030406"
126 params['r0kh'] = ["12:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f",
127 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f"]
128 params['r1kh'] = "12:00:00:00:03:00 10:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"
129 return params
130
131 def run_roams(dev, apdev, hapd0, hapd1, ssid, passphrase, over_ds=False,
132 sae=False, eap=False, fail_test=False, roams=1,
133 pairwise_cipher="CCMP", group_cipher="TKIP CCMP", ptk_rekey="0",
134 test_connectivity=True, eap_identity="gpsk user", conndev=False,
135 force_initial_conn_to_first_ap=False, sha384=False,
136 group_mgmt=None, ocv=None, sae_password=None,
137 sae_password_id=None, sae_and_psk=False, pmksa_caching=False,
138 roam_with_reassoc=False, also_non_ft=False, only_one_way=False):
139 logger.info("Connect to first AP")
140
141 copts = {}
142 copts["proto"] = "WPA2"
143 copts["ieee80211w"] = "1"
144 copts["scan_freq"] = "2412"
145 copts["pairwise"] = pairwise_cipher
146 copts["group"] = group_cipher
147 copts["wpa_ptk_rekey"] = ptk_rekey
148 if group_mgmt:
149 copts["group_mgmt"] = group_mgmt
150 if ocv:
151 copts["ocv"] = ocv
152 if eap:
153 if pmksa_caching:
154 copts["ft_eap_pmksa_caching"] = "1"
155 if also_non_ft:
156 copts["key_mgmt"] = "WPA-EAP-SUITE-B-192 FT-EAP-SHA384" if sha384 else "WPA-EAP FT-EAP"
157 else:
158 copts["key_mgmt"] = "FT-EAP-SHA384" if sha384 else "FT-EAP"
159 copts["eap"] = "GPSK"
160 copts["identity"] = eap_identity
161 copts["password"] = "abcdefghijklmnop0123456789abcdef"
162 else:
163 if sae:
164 copts["key_mgmt"] = "SAE FT-SAE" if sae_and_psk else "FT-SAE"
165 else:
166 copts["key_mgmt"] = "FT-PSK"
167 if passphrase:
168 copts["psk"] = passphrase
169 if sae_password:
170 copts["sae_password"] = sae_password
171 if sae_password_id:
172 copts["sae_password_id"] = sae_password_id
173 if force_initial_conn_to_first_ap:
174 copts["bssid"] = apdev[0]['bssid']
175 netw = dev.connect(ssid, **copts)
176 if pmksa_caching:
177 dev.request("DISCONNECT")
178 dev.wait_disconnected()
179 dev.request("RECONNECT")
180 ev = dev.wait_event(["CTRL-EVENT-CONNECTED",
181 "CTRL-EVENT-DISCONNECTED",
182 "CTRL-EVENT-EAP-STARTED"],
183 timeout=15)
184 if ev is None:
185 raise Exception("Reconnect timed out")
186 if "CTRL-EVENT-DISCONNECTED" in ev:
187 raise Exception("Unexpected disconnection after RECONNECT")
188 if "CTRL-EVENT-EAP-STARTED" in ev:
189 raise Exception("Unexpected EAP start after RECONNECT")
190
191 if dev.get_status_field('bssid') == apdev[0]['bssid']:
192 ap1 = apdev[0]
193 ap2 = apdev[1]
194 hapd1ap = hapd0
195 hapd2ap = hapd1
196 else:
197 ap1 = apdev[1]
198 ap2 = apdev[0]
199 hapd1ap = hapd1
200 hapd2ap = hapd0
201 if test_connectivity:
202 hapd1ap.wait_sta()
203 if conndev:
204 hwsim_utils.test_connectivity_iface(dev, hapd1ap, conndev)
205 else:
206 hwsim_utils.test_connectivity(dev, hapd1ap)
207
208 dev.scan_for_bss(ap2['bssid'], freq="2412")
209
210 for i in range(0, roams):
211 # Roaming artificially fast can make data test fail because the key is
212 # set later.
213 time.sleep(0.01)
214 logger.info("Roam to the second AP")
215 if roam_with_reassoc:
216 dev.set_network(netw, "bssid", ap2['bssid'])
217 dev.request("REASSOCIATE")
218 dev.wait_connected()
219 elif over_ds:
220 dev.roam_over_ds(ap2['bssid'], fail_test=fail_test)
221 else:
222 dev.roam(ap2['bssid'], fail_test=fail_test)
223 if fail_test:
224 return
225 if dev.get_status_field('bssid') != ap2['bssid']:
226 raise Exception("Did not connect to correct AP")
227 if (i == 0 or i == roams - 1) and test_connectivity:
228 hapd2ap.wait_sta()
229 if conndev:
230 hwsim_utils.test_connectivity_iface(dev, hapd2ap, conndev)
231 else:
232 hwsim_utils.test_connectivity(dev, hapd2ap)
233
234 if only_one_way:
235 return
236 # Roaming artificially fast can make data test fail because the key is
237 # set later.
238 time.sleep(0.01)
239 logger.info("Roam back to the first AP")
240 if roam_with_reassoc:
241 dev.set_network(netw, "bssid", ap1['bssid'])
242 dev.request("REASSOCIATE")
243 dev.wait_connected()
244 elif over_ds:
245 dev.roam_over_ds(ap1['bssid'])
246 else:
247 dev.roam(ap1['bssid'])
248 if dev.get_status_field('bssid') != ap1['bssid']:
249 raise Exception("Did not connect to correct AP")
250 if (i == 0 or i == roams - 1) and test_connectivity:
251 hapd1ap.wait_sta()
252 if conndev:
253 hwsim_utils.test_connectivity_iface(dev, hapd1ap, conndev)
254 else:
255 hwsim_utils.test_connectivity(dev, hapd1ap)
256
257 def test_ap_ft(dev, apdev):
258 """WPA2-PSK-FT AP"""
259 ssid = "test-ft"
260 passphrase = "12345678"
261
262 params = ft_params1(ssid=ssid, passphrase=passphrase)
263 hapd0 = hostapd.add_ap(apdev[0], params)
264 params = ft_params2(ssid=ssid, passphrase=passphrase)
265 hapd1 = hostapd.add_ap(apdev[1], params)
266
267 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
268 if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"):
269 raise Exception("Scan results missing RSN element info")
270
271 def test_ap_ft_old_key(dev, apdev):
272 """WPA2-PSK-FT AP (old key)"""
273 ssid = "test-ft"
274 passphrase = "12345678"
275
276 params = ft_params1_old_key(ssid=ssid, passphrase=passphrase)
277 hapd0 = hostapd.add_ap(apdev[0], params)
278 params = ft_params2_old_key(ssid=ssid, passphrase=passphrase)
279 hapd1 = hostapd.add_ap(apdev[1], params)
280
281 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
282
283 def test_ap_ft_multi_akm(dev, apdev):
284 """WPA2-PSK-FT AP with non-FT AKMs enabled"""
285 ssid = "test-ft"
286 passphrase = "12345678"
287
288 params = ft_params1(ssid=ssid, passphrase=passphrase)
289 params["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256"
290 hapd0 = hostapd.add_ap(apdev[0], params)
291 params = ft_params2(ssid=ssid, passphrase=passphrase)
292 params["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256"
293 hapd1 = hostapd.add_ap(apdev[1], params)
294
295 Wlantest.setup(hapd0)
296 wt = Wlantest()
297 wt.flush()
298 wt.add_passphrase(passphrase)
299
300 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
301 if "[WPA2-PSK+FT/PSK+PSK-SHA256-CCMP]" not in dev[0].request("SCAN_RESULTS"):
302 raise Exception("Scan results missing RSN element info")
303 dev[1].connect(ssid, psk=passphrase, scan_freq="2412")
304 dev[2].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK-SHA256",
305 scan_freq="2412")
306
307 def test_ap_ft_local_key_gen(dev, apdev):
308 """WPA2-PSK-FT AP with local key generation (without pull/push)"""
309 ssid = "test-ft"
310 passphrase = "12345678"
311
312 params = ft_params1a(ssid=ssid, passphrase=passphrase)
313 params['ft_psk_generate_local'] = "1"
314 del params['pmk_r1_push']
315 hapd0 = hostapd.add_ap(apdev[0], params)
316 params = ft_params2a(ssid=ssid, passphrase=passphrase)
317 params['ft_psk_generate_local'] = "1"
318 del params['pmk_r1_push']
319 hapd1 = hostapd.add_ap(apdev[1], params)
320
321 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
322 if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"):
323 raise Exception("Scan results missing RSN element info")
324
325 def test_ap_ft_vlan(dev, apdev):
326 """WPA2-PSK-FT AP with VLAN"""
327 ssid = "test-ft"
328 passphrase = "12345678"
329
330 params = ft_params1(ssid=ssid, passphrase=passphrase)
331 params['dynamic_vlan'] = "1"
332 params['accept_mac_file'] = "hostapd.accept"
333 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
334
335 params = ft_params2(ssid=ssid, passphrase=passphrase)
336 params['dynamic_vlan'] = "1"
337 params['accept_mac_file'] = "hostapd.accept"
338 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
339
340 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, conndev="brvlan1")
341 if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"):
342 raise Exception("Scan results missing RSN element info")
343
344 def test_ap_ft_vlan_disconnected(dev, apdev):
345 """WPA2-PSK-FT AP with VLAN and local key generation"""
346 ssid = "test-ft"
347 passphrase = "12345678"
348
349 params = ft_params1a(ssid=ssid, passphrase=passphrase)
350 params['dynamic_vlan'] = "1"
351 params['accept_mac_file'] = "hostapd.accept"
352 params['ft_psk_generate_local'] = "1"
353 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
354
355 params = ft_params2a(ssid=ssid, passphrase=passphrase)
356 params['dynamic_vlan'] = "1"
357 params['accept_mac_file'] = "hostapd.accept"
358 params['ft_psk_generate_local'] = "1"
359 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
360
361 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, conndev="brvlan1")
362 if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"):
363 raise Exception("Scan results missing RSN element info")
364
365 def test_ap_ft_vlan_2(dev, apdev):
366 """WPA2-PSK-FT AP with VLAN and dest-AP does not have VLAN info locally"""
367 ssid = "test-ft"
368 passphrase = "12345678"
369
370 params = ft_params1(ssid=ssid, passphrase=passphrase)
371 params['dynamic_vlan'] = "1"
372 params['accept_mac_file'] = "hostapd.accept"
373 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
374
375 params = ft_params2(ssid=ssid, passphrase=passphrase)
376 params['dynamic_vlan'] = "1"
377 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
378
379 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, conndev="brvlan1",
380 force_initial_conn_to_first_ap=True)
381 if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"):
382 raise Exception("Scan results missing RSN element info")
383
384 def test_ap_ft_many(dev, apdev):
385 """WPA2-PSK-FT AP multiple times"""
386 ssid = "test-ft"
387 passphrase = "12345678"
388
389 params = ft_params1(ssid=ssid, passphrase=passphrase)
390 hapd0 = hostapd.add_ap(apdev[0], params)
391 params = ft_params2(ssid=ssid, passphrase=passphrase)
392 hapd1 = hostapd.add_ap(apdev[1], params)
393
394 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, roams=50)
395
396 def test_ap_ft_many_vlan(dev, apdev):
397 """WPA2-PSK-FT AP with VLAN multiple times"""
398 ssid = "test-ft"
399 passphrase = "12345678"
400
401 params = ft_params1(ssid=ssid, passphrase=passphrase)
402 params['dynamic_vlan'] = "1"
403 params['accept_mac_file'] = "hostapd.accept"
404 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
405
406 params = ft_params2(ssid=ssid, passphrase=passphrase)
407 params['dynamic_vlan'] = "1"
408 params['accept_mac_file'] = "hostapd.accept"
409 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
410
411 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, roams=50,
412 conndev="brvlan1")
413
414 def test_ap_ft_mixed(dev, apdev):
415 """WPA2-PSK-FT mixed-mode AP"""
416 ssid = "test-ft-mixed"
417 passphrase = "12345678"
418
419 params = ft_params1(rsn=False, ssid=ssid, passphrase=passphrase)
420 hapd = hostapd.add_ap(apdev[0], params)
421 key_mgmt = hapd.get_config()['key_mgmt']
422 vals = key_mgmt.split(' ')
423 if vals[0] != "WPA-PSK" or vals[1] != "FT-PSK":
424 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
425 params = ft_params2(rsn=False, ssid=ssid, passphrase=passphrase)
426 hapd1 = hostapd.add_ap(apdev[1], params)
427
428 run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase)
429
430 def test_ap_ft_pmf(dev, apdev):
431 """WPA2-PSK-FT AP with PMF"""
432 ssid = "test-ft"
433 passphrase = "12345678"
434
435 params = ft_params1(ssid=ssid, passphrase=passphrase)
436 params["ieee80211w"] = "2"
437 hapd0 = hostapd.add_ap(apdev[0], params)
438 params = ft_params2(ssid=ssid, passphrase=passphrase)
439 params["ieee80211w"] = "2"
440 hapd1 = hostapd.add_ap(apdev[1], params)
441
442 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
443
444 def test_ap_ft_pmf_bip_cmac_128(dev, apdev):
445 """WPA2-PSK-FT AP with PMF/BIP-CMAC-128"""
446 run_ap_ft_pmf_bip(dev, apdev, "AES-128-CMAC")
447
448 def test_ap_ft_pmf_bip_gmac_128(dev, apdev):
449 """WPA2-PSK-FT AP with PMF/BIP-GMAC-128"""
450 run_ap_ft_pmf_bip(dev, apdev, "BIP-GMAC-128")
451
452 def test_ap_ft_pmf_bip_gmac_256(dev, apdev):
453 """WPA2-PSK-FT AP with PMF/BIP-GMAC-256"""
454 run_ap_ft_pmf_bip(dev, apdev, "BIP-GMAC-256")
455
456 def test_ap_ft_pmf_bip_cmac_256(dev, apdev):
457 """WPA2-PSK-FT AP with PMF/BIP-CMAC-256"""
458 run_ap_ft_pmf_bip(dev, apdev, "BIP-CMAC-256")
459
460 def run_ap_ft_pmf_bip(dev, apdev, cipher):
461 if cipher not in dev[0].get_capability("group_mgmt"):
462 raise HwsimSkip("Cipher %s not supported" % cipher)
463
464 ssid = "test-ft"
465 passphrase = "12345678"
466
467 params = ft_params1(ssid=ssid, passphrase=passphrase)
468 params["ieee80211w"] = "2"
469 params["group_mgmt_cipher"] = cipher
470 hapd0 = hostapd.add_ap(apdev[0], params)
471 params = ft_params2(ssid=ssid, passphrase=passphrase)
472 params["ieee80211w"] = "2"
473 params["group_mgmt_cipher"] = cipher
474 hapd1 = hostapd.add_ap(apdev[1], params)
475
476 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase,
477 group_mgmt=cipher)
478
479 def test_ap_ft_ocv(dev, apdev):
480 """WPA2-PSK-FT AP with OCV"""
481 ssid = "test-ft"
482 passphrase = "12345678"
483
484 params = ft_params1(ssid=ssid, passphrase=passphrase)
485 params["ieee80211w"] = "2"
486 params["ocv"] = "1"
487 try:
488 hapd0 = hostapd.add_ap(apdev[0], params)
489 except Exception as e:
490 if "Failed to set hostapd parameter ocv" in str(e):
491 raise HwsimSkip("OCV not supported")
492 raise
493 params = ft_params2(ssid=ssid, passphrase=passphrase)
494 params["ieee80211w"] = "2"
495 params["ocv"] = "1"
496 hapd1 = hostapd.add_ap(apdev[1], params)
497
498 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, ocv="1")
499
500 def test_ap_ft_over_ds(dev, apdev):
501 """WPA2-PSK-FT AP over DS"""
502 ssid = "test-ft"
503 passphrase = "12345678"
504
505 params = ft_params1(ssid=ssid, passphrase=passphrase)
506 hapd0 = hostapd.add_ap(apdev[0], params)
507 params = ft_params2(ssid=ssid, passphrase=passphrase)
508 hapd1 = hostapd.add_ap(apdev[1], params)
509
510 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True)
511 check_mib(dev[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"),
512 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4")])
513
514 def cleanup_ap_ft_separate_hostapd():
515 subprocess.call(["brctl", "delif", "br0ft", "veth0"],
516 stderr=open('/dev/null', 'w'))
517 subprocess.call(["brctl", "delif", "br1ft", "veth1"],
518 stderr=open('/dev/null', 'w'))
519 subprocess.call(["ip", "link", "del", "veth0"],
520 stderr=open('/dev/null', 'w'))
521 subprocess.call(["ip", "link", "del", "veth1"],
522 stderr=open('/dev/null', 'w'))
523 for ifname in ['br0ft', 'br1ft', 'br-ft']:
524 subprocess.call(['ip', 'link', 'set', 'dev', ifname, 'down'],
525 stderr=open('/dev/null', 'w'))
526 subprocess.call(['brctl', 'delbr', ifname],
527 stderr=open('/dev/null', 'w'))
528
529 def test_ap_ft_separate_hostapd(dev, apdev, params):
530 """WPA2-PSK-FT AP and separate hostapd process"""
531 try:
532 run_ap_ft_separate_hostapd(dev, apdev, params, False)
533 finally:
534 cleanup_ap_ft_separate_hostapd()
535
536 def test_ap_ft_over_ds_separate_hostapd(dev, apdev, params):
537 """WPA2-PSK-FT AP over DS and separate hostapd process"""
538 try:
539 run_ap_ft_separate_hostapd(dev, apdev, params, True)
540 finally:
541 cleanup_ap_ft_separate_hostapd()
542
543 def run_ap_ft_separate_hostapd(dev, apdev, params, over_ds):
544 ssid = "test-ft"
545 passphrase = "12345678"
546 logdir = params['logdir']
547 pidfile = os.path.join(logdir, 'ap_ft_over_ds_separate_hostapd.pid')
548 logfile = os.path.join(logdir, 'ap_ft_over_ds_separate_hostapd.hapd')
549 global_ctrl = '/var/run/hostapd-ft'
550 br_ifname = 'br-ft'
551
552 try:
553 subprocess.check_call(['brctl', 'addbr', br_ifname])
554 subprocess.check_call(['brctl', 'setfd', br_ifname, '0'])
555 subprocess.check_call(['ip', 'link', 'set', 'dev', br_ifname, 'up'])
556
557 subprocess.check_call(["ip", "link", "add", "veth0", "type", "veth",
558 "peer", "name", "veth0br"])
559 subprocess.check_call(["ip", "link", "add", "veth1", "type", "veth",
560 "peer", "name", "veth1br"])
561 subprocess.check_call(['ip', 'link', 'set', 'dev', 'veth0br', 'up'])
562 subprocess.check_call(['ip', 'link', 'set', 'dev', 'veth1br', 'up'])
563 subprocess.check_call(['brctl', 'addif', br_ifname, 'veth0br'])
564 subprocess.check_call(['brctl', 'addif', br_ifname, 'veth1br'])
565
566 subprocess.check_call(['brctl', 'addbr', 'br0ft'])
567 subprocess.check_call(['brctl', 'setfd', 'br0ft', '0'])
568 subprocess.check_call(['ip', 'link', 'set', 'dev', 'br0ft', 'up'])
569 subprocess.check_call(['ip', 'link', 'set', 'dev', 'veth0', 'up'])
570 subprocess.check_call(['brctl', 'addif', 'br0ft', 'veth0'])
571 subprocess.check_call(['brctl', 'addbr', 'br1ft'])
572 subprocess.check_call(['brctl', 'setfd', 'br1ft', '0'])
573 subprocess.check_call(['ip', 'link', 'set', 'dev', 'br1ft', 'up'])
574 subprocess.check_call(['ip', 'link', 'set', 'dev', 'veth1', 'up'])
575 subprocess.check_call(['brctl', 'addif', 'br1ft', 'veth1'])
576 except subprocess.CalledProcessError:
577 raise HwsimSkip("Bridge or veth not supported (kernel CONFIG_VETH)")
578
579 with HWSimRadio() as (radio, iface):
580 prg = os.path.join(logdir, 'alt-hostapd/hostapd/hostapd')
581 if not os.path.exists(prg):
582 prg = '../../hostapd/hostapd'
583 cmd = [prg, '-B', '-ddKt',
584 '-P', pidfile, '-f', logfile, '-g', global_ctrl]
585 subprocess.check_call(cmd)
586
587 hglobal = hostapd.HostapdGlobal(global_ctrl_override=global_ctrl)
588 apdev_ft = {'ifname': iface}
589 apdev2 = [apdev_ft, apdev[1]]
590
591 params = ft_params1(ssid=ssid, passphrase=passphrase)
592 params["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
593 params["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
594 params['bridge'] = 'br0ft'
595 hapd0 = hostapd.add_ap(apdev2[0], params,
596 global_ctrl_override=global_ctrl)
597 apdev2[0]['bssid'] = hapd0.own_addr()
598 params = ft_params2(ssid=ssid, passphrase=passphrase)
599 params["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
600 params["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
601 params['bridge'] = 'br1ft'
602 hapd1 = hostapd.add_ap(apdev2[1], params)
603
604 run_roams(dev[0], apdev2, hapd0, hapd1, ssid, passphrase,
605 over_ds=over_ds, test_connectivity=False)
606
607 hglobal.terminate()
608
609 if os.path.exists(pidfile):
610 with open(pidfile, 'r') as f:
611 pid = int(f.read())
612 f.close()
613 os.kill(pid, signal.SIGTERM)
614
615 def test_ap_ft_over_ds_ocv(dev, apdev):
616 """WPA2-PSK-FT AP over DS"""
617 ssid = "test-ft"
618 passphrase = "12345678"
619
620 params = ft_params1(ssid=ssid, passphrase=passphrase)
621 params["ieee80211w"] = "2"
622 params["ocv"] = "1"
623 try:
624 hapd0 = hostapd.add_ap(apdev[0], params)
625 except Exception as e:
626 if "Failed to set hostapd parameter ocv" in str(e):
627 raise HwsimSkip("OCV not supported")
628 raise
629 params = ft_params2(ssid=ssid, passphrase=passphrase)
630 params["ieee80211w"] = "2"
631 params["ocv"] = "1"
632 hapd1 = hostapd.add_ap(apdev[1], params)
633
634 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
635 ocv="1")
636
637 def test_ap_ft_over_ds_disabled(dev, apdev):
638 """WPA2-PSK-FT AP over DS disabled"""
639 ssid = "test-ft"
640 passphrase = "12345678"
641
642 params = ft_params1(ssid=ssid, passphrase=passphrase)
643 params['ft_over_ds'] = '0'
644 hapd0 = hostapd.add_ap(apdev[0], params)
645 params = ft_params2(ssid=ssid, passphrase=passphrase)
646 params['ft_over_ds'] = '0'
647 hapd1 = hostapd.add_ap(apdev[1], params)
648
649 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
650 fail_test=True)
651
652 def test_ap_ft_vlan_over_ds(dev, apdev):
653 """WPA2-PSK-FT AP over DS with VLAN"""
654 ssid = "test-ft"
655 passphrase = "12345678"
656
657 params = ft_params1(ssid=ssid, passphrase=passphrase)
658 params['dynamic_vlan'] = "1"
659 params['accept_mac_file'] = "hostapd.accept"
660 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
661 params = ft_params2(ssid=ssid, passphrase=passphrase)
662 params['dynamic_vlan'] = "1"
663 params['accept_mac_file'] = "hostapd.accept"
664 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
665
666 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
667 conndev="brvlan1")
668 check_mib(dev[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"),
669 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4")])
670
671 def test_ap_ft_over_ds_many(dev, apdev):
672 """WPA2-PSK-FT AP over DS multiple times"""
673 ssid = "test-ft"
674 passphrase = "12345678"
675
676 params = ft_params1(ssid=ssid, passphrase=passphrase)
677 hapd0 = hostapd.add_ap(apdev[0], params)
678 params = ft_params2(ssid=ssid, passphrase=passphrase)
679 hapd1 = hostapd.add_ap(apdev[1], params)
680
681 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
682 roams=50)
683
684 def test_ap_ft_vlan_over_ds_many(dev, apdev):
685 """WPA2-PSK-FT AP over DS with VLAN multiple times"""
686 ssid = "test-ft"
687 passphrase = "12345678"
688
689 params = ft_params1(ssid=ssid, passphrase=passphrase)
690 params['dynamic_vlan'] = "1"
691 params['accept_mac_file'] = "hostapd.accept"
692 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
693 params = ft_params2(ssid=ssid, passphrase=passphrase)
694 params['dynamic_vlan'] = "1"
695 params['accept_mac_file'] = "hostapd.accept"
696 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
697
698 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
699 roams=50, conndev="brvlan1")
700
701 @remote_compatible
702 def test_ap_ft_over_ds_unknown_target(dev, apdev):
703 """WPA2-PSK-FT AP"""
704 ssid = "test-ft"
705 passphrase = "12345678"
706
707 params = ft_params1(ssid=ssid, passphrase=passphrase)
708 hapd0 = hostapd.add_ap(apdev[0], params)
709
710 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
711 scan_freq="2412")
712 dev[0].roam_over_ds("02:11:22:33:44:55", fail_test=True)
713
714 @remote_compatible
715 def test_ap_ft_over_ds_unexpected(dev, apdev):
716 """WPA2-PSK-FT AP over DS and unexpected response"""
717 ssid = "test-ft"
718 passphrase = "12345678"
719
720 params = ft_params1(ssid=ssid, passphrase=passphrase)
721 hapd0 = hostapd.add_ap(apdev[0], params)
722 params = ft_params2(ssid=ssid, passphrase=passphrase)
723 hapd1 = hostapd.add_ap(apdev[1], params)
724
725 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
726 scan_freq="2412")
727 if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
728 ap1 = apdev[0]
729 ap2 = apdev[1]
730 hapd1ap = hapd0
731 hapd2ap = hapd1
732 else:
733 ap1 = apdev[1]
734 ap2 = apdev[0]
735 hapd1ap = hapd1
736 hapd2ap = hapd0
737
738 addr = dev[0].own_addr()
739 hapd1ap.set("ext_mgmt_frame_handling", "1")
740 logger.info("Foreign STA address")
741 msg = {}
742 msg['fc'] = 13 << 4
743 msg['da'] = addr
744 msg['sa'] = ap1['bssid']
745 msg['bssid'] = ap1['bssid']
746 msg['payload'] = binascii.unhexlify("06021122334455660102030405060000")
747 hapd1ap.mgmt_tx(msg)
748
749 logger.info("No over-the-DS in progress")
750 msg['payload'] = binascii.unhexlify("0602" + addr.replace(':', '') + "0102030405060000")
751 hapd1ap.mgmt_tx(msg)
752
753 logger.info("Non-zero status code")
754 msg['payload'] = binascii.unhexlify("0602" + addr.replace(':', '') + "0102030405060100")
755 hapd1ap.mgmt_tx(msg)
756
757 hapd1ap.dump_monitor()
758
759 dev[0].scan_for_bss(ap2['bssid'], freq="2412")
760 if "OK" not in dev[0].request("FT_DS " + ap2['bssid']):
761 raise Exception("FT_DS failed")
762
763 req = hapd1ap.mgmt_rx()
764
765 logger.info("Foreign Target AP")
766 msg['payload'] = binascii.unhexlify("0602" + addr.replace(':', '') + "0102030405060000")
767 hapd1ap.mgmt_tx(msg)
768
769 addrs = addr.replace(':', '') + ap2['bssid'].replace(':', '')
770
771 logger.info("No IEs")
772 msg['payload'] = binascii.unhexlify("0602" + addrs + "0000")
773 hapd1ap.mgmt_tx(msg)
774
775 logger.info("Invalid IEs (trigger parsing failure)")
776 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003700")
777 hapd1ap.mgmt_tx(msg)
778
779 logger.info("Too short MDIE")
780 msg['payload'] = binascii.unhexlify("0602" + addrs + "000036021122")
781 hapd1ap.mgmt_tx(msg)
782
783 logger.info("Mobility domain mismatch")
784 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603112201")
785 hapd1ap.mgmt_tx(msg)
786
787 logger.info("No FTIE")
788 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201")
789 hapd1ap.mgmt_tx(msg)
790
791 logger.info("FTIE SNonce mismatch")
792 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "1000000000000000000000000000000000000000000000000000000000000001" + "030a6e6173322e77312e6669")
793 hapd1ap.mgmt_tx(msg)
794
795 logger.info("No R0KH-ID subelem in FTIE")
796 snonce = binascii.hexlify(req['payload'][111:111+32]).decode()
797 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b20137520000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce)
798 hapd1ap.mgmt_tx(msg)
799
800 logger.info("No R0KH-ID subelem mismatch in FTIE")
801 snonce = binascii.hexlify(req['payload'][111:111+32]).decode()
802 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce + "030a11223344556677889900")
803 hapd1ap.mgmt_tx(msg)
804
805 logger.info("No R1KH-ID subelem in FTIE")
806 r0khid = binascii.hexlify(req['payload'][145:145+10]).decode()
807 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce + "030a" + r0khid)
808 hapd1ap.mgmt_tx(msg)
809
810 logger.info("No RSNE")
811 r0khid = binascii.hexlify(req['payload'][145:145+10]).decode()
812 msg['payload'] = binascii.unhexlify("0602" + addrs + "00003603a1b20137660000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce + "030a" + r0khid + "0106000102030405")
813 hapd1ap.mgmt_tx(msg)
814
815 def test_ap_ft_pmf_over_ds(dev, apdev):
816 """WPA2-PSK-FT AP over DS with PMF"""
817 run_ap_ft_pmf_bip_over_ds(dev, apdev, None)
818
819 def test_ap_ft_pmf_bip_cmac_128_over_ds(dev, apdev):
820 """WPA2-PSK-FT AP over DS with PMF/BIP-CMAC-128"""
821 run_ap_ft_pmf_bip_over_ds(dev, apdev, "AES-128-CMAC")
822
823 def test_ap_ft_pmf_bip_gmac_128_over_ds(dev, apdev):
824 """WPA2-PSK-FT AP over DS with PMF/BIP-GMAC-128"""
825 run_ap_ft_pmf_bip_over_ds(dev, apdev, "BIP-GMAC-128")
826
827 def test_ap_ft_pmf_bip_gmac_256_over_ds(dev, apdev):
828 """WPA2-PSK-FT AP over DS with PMF/BIP-GMAC-256"""
829 run_ap_ft_pmf_bip_over_ds(dev, apdev, "BIP-GMAC-256")
830
831 def test_ap_ft_pmf_bip_cmac_256_over_ds(dev, apdev):
832 """WPA2-PSK-FT AP over DS with PMF/BIP-CMAC-256"""
833 run_ap_ft_pmf_bip_over_ds(dev, apdev, "BIP-CMAC-256")
834
835 def run_ap_ft_pmf_bip_over_ds(dev, apdev, cipher):
836 if cipher and cipher not in dev[0].get_capability("group_mgmt"):
837 raise HwsimSkip("Cipher %s not supported" % cipher)
838
839 ssid = "test-ft"
840 passphrase = "12345678"
841
842 params = ft_params1(ssid=ssid, passphrase=passphrase)
843 params["ieee80211w"] = "2"
844 if cipher:
845 params["group_mgmt_cipher"] = cipher
846 hapd0 = hostapd.add_ap(apdev[0], params)
847 params = ft_params2(ssid=ssid, passphrase=passphrase)
848 params["ieee80211w"] = "2"
849 if cipher:
850 params["group_mgmt_cipher"] = cipher
851 hapd1 = hostapd.add_ap(apdev[1], params)
852
853 Wlantest.setup(hapd0)
854 wt = Wlantest()
855 wt.flush()
856 wt.add_passphrase(passphrase)
857
858 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
859 group_mgmt=cipher)
860
861 def test_ap_ft_over_ds_pull(dev, apdev):
862 """WPA2-PSK-FT AP over DS (pull PMK)"""
863 ssid = "test-ft"
864 passphrase = "12345678"
865
866 params = ft_params1(ssid=ssid, passphrase=passphrase)
867 params["pmk_r1_push"] = "0"
868 hapd0 = hostapd.add_ap(apdev[0], params)
869 params = ft_params2(ssid=ssid, passphrase=passphrase)
870 params["pmk_r1_push"] = "0"
871 hapd1 = hostapd.add_ap(apdev[1], params)
872
873 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True)
874
875 def test_ap_ft_over_ds_pull_old_key(dev, apdev):
876 """WPA2-PSK-FT AP over DS (pull PMK; old key)"""
877 ssid = "test-ft"
878 passphrase = "12345678"
879
880 params = ft_params1_old_key(ssid=ssid, passphrase=passphrase)
881 params["pmk_r1_push"] = "0"
882 hapd0 = hostapd.add_ap(apdev[0], params)
883 params = ft_params2_old_key(ssid=ssid, passphrase=passphrase)
884 params["pmk_r1_push"] = "0"
885 hapd1 = hostapd.add_ap(apdev[1], params)
886
887 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True)
888
889 def test_ap_ft_over_ds_pull_vlan(dev, apdev):
890 """WPA2-PSK-FT AP over DS (pull PMK) with VLAN"""
891 ssid = "test-ft"
892 passphrase = "12345678"
893
894 params = ft_params1(ssid=ssid, passphrase=passphrase)
895 params["pmk_r1_push"] = "0"
896 params['dynamic_vlan'] = "1"
897 params['accept_mac_file'] = "hostapd.accept"
898 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
899 params = ft_params2(ssid=ssid, passphrase=passphrase)
900 params["pmk_r1_push"] = "0"
901 params['dynamic_vlan'] = "1"
902 params['accept_mac_file'] = "hostapd.accept"
903 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
904
905 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
906 conndev="brvlan1")
907
908 def start_ft_sae(dev, apdev, wpa_ptk_rekey=None):
909 if "SAE" not in dev.get_capability("auth_alg"):
910 raise HwsimSkip("SAE not supported")
911 ssid = "test-ft"
912 passphrase = "12345678"
913
914 params = ft_params1(ssid=ssid, passphrase=passphrase)
915 params['wpa_key_mgmt'] = "FT-SAE"
916 if wpa_ptk_rekey:
917 params['wpa_ptk_rekey'] = str(wpa_ptk_rekey)
918 hapd0 = hostapd.add_ap(apdev[0], params)
919 params = ft_params2(ssid=ssid, passphrase=passphrase)
920 params['wpa_key_mgmt'] = "FT-SAE"
921 if wpa_ptk_rekey:
922 params['wpa_ptk_rekey'] = str(wpa_ptk_rekey)
923 hapd1 = hostapd.add_ap(apdev[1], params)
924 key_mgmt = hapd1.get_config()['key_mgmt']
925 if key_mgmt.split(' ')[0] != "FT-SAE":
926 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
927
928 dev.request("SET sae_groups ")
929 return hapd0, hapd1
930
931 def test_ap_ft_sae(dev, apdev):
932 """WPA2-PSK-FT-SAE AP"""
933 hapd0, hapd1 = start_ft_sae(dev[0], apdev)
934 run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True)
935
936 def test_ap_ft_sae_ptk_rekey0(dev, apdev):
937 """WPA2-PSK-FT-SAE AP and PTK rekey triggered by station"""
938 hapd0, hapd1 = start_ft_sae(dev[0], apdev)
939 run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True,
940 ptk_rekey="1", roams=0)
941 check_ptk_rekey(dev[0], hapd0, hapd1)
942
943 def test_ap_ft_sae_ptk_rekey1(dev, apdev):
944 """WPA2-PSK-FT-SAE AP and PTK rekey triggered by station"""
945 hapd0, hapd1 = start_ft_sae(dev[0], apdev)
946 run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True,
947 ptk_rekey="1", only_one_way=True)
948 check_ptk_rekey(dev[0], hapd0, hapd1)
949
950 def test_ap_ft_sae_ptk_rekey_ap(dev, apdev):
951 """WPA2-PSK-FT-SAE AP and PTK rekey triggered by AP"""
952 hapd0, hapd1 = start_ft_sae(dev[0], apdev, wpa_ptk_rekey=2)
953 run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True,
954 only_one_way=True)
955 check_ptk_rekey(dev[0], hapd0, hapd1)
956
957 def test_ap_ft_sae_over_ds(dev, apdev):
958 """WPA2-PSK-FT-SAE AP over DS"""
959 hapd0, hapd1 = start_ft_sae(dev[0], apdev)
960 run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True,
961 over_ds=True)
962
963 def test_ap_ft_sae_over_ds_ptk_rekey0(dev, apdev):
964 """WPA2-PSK-FT-SAE AP over DS and PTK rekey triggered by station"""
965 hapd0, hapd1 = start_ft_sae(dev[0], apdev)
966 run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True,
967 over_ds=True, ptk_rekey="1", roams=0)
968 check_ptk_rekey(dev[0], hapd0, hapd1)
969
970 def test_ap_ft_sae_over_ds_ptk_rekey1(dev, apdev):
971 """WPA2-PSK-FT-SAE AP over DS and PTK rekey triggered by station"""
972 hapd0, hapd1 = start_ft_sae(dev[0], apdev)
973 run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True,
974 over_ds=True, ptk_rekey="1", only_one_way=True)
975 check_ptk_rekey(dev[0], hapd0, hapd1)
976
977 def test_ap_ft_sae_over_ds_ptk_rekey_ap(dev, apdev):
978 """WPA2-PSK-FT-SAE AP over DS and PTK rekey triggered by AP"""
979 hapd0, hapd1 = start_ft_sae(dev[0], apdev, wpa_ptk_rekey=2)
980 run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", sae=True,
981 over_ds=True, only_one_way=True)
982 check_ptk_rekey(dev[0], hapd0, hapd1)
983
984 def test_ap_ft_sae_pw_id(dev, apdev):
985 """FT-SAE with Password Identifier"""
986 if "SAE" not in dev[0].get_capability("auth_alg"):
987 raise HwsimSkip("SAE not supported")
988 ssid = "test-ft"
989
990 params = ft_params1(ssid=ssid)
991 params["ieee80211w"] = "2"
992 params['wpa_key_mgmt'] = "FT-SAE"
993 params['sae_password'] = 'secret|id=pwid'
994 hapd0 = hostapd.add_ap(apdev[0], params)
995 params = ft_params2(ssid=ssid)
996 params["ieee80211w"] = "2"
997 params['wpa_key_mgmt'] = "FT-SAE"
998 params['sae_password'] = 'secret|id=pwid'
999 hapd = hostapd.add_ap(apdev[1], params)
1000
1001 dev[0].request("SET sae_groups ")
1002 run_roams(dev[0], apdev, hapd0, hapd, ssid, passphrase=None, sae=True,
1003 sae_password="secret", sae_password_id="pwid")
1004
1005 def test_ap_ft_sae_with_both_akms(dev, apdev):
1006 """SAE + FT-SAE configuration"""
1007 if "SAE" not in dev[0].get_capability("auth_alg"):
1008 raise HwsimSkip("SAE not supported")
1009 ssid = "test-ft"
1010 passphrase = "12345678"
1011
1012 params = ft_params1(ssid=ssid, passphrase=passphrase)
1013 params['wpa_key_mgmt'] = "FT-SAE SAE"
1014 hapd0 = hostapd.add_ap(apdev[0], params)
1015 params = ft_params2(ssid=ssid, passphrase=passphrase)
1016 params['wpa_key_mgmt'] = "FT-SAE SAE"
1017 hapd = hostapd.add_ap(apdev[1], params)
1018 key_mgmt = hapd.get_config()['key_mgmt']
1019 if key_mgmt.split(' ')[0] != "FT-SAE":
1020 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
1021
1022 dev[0].request("SET sae_groups ")
1023 run_roams(dev[0], apdev, hapd0, hapd, ssid, passphrase, sae=True,
1024 sae_and_psk=True)
1025
1026 def test_ap_ft_sae_pmksa_caching(dev, apdev):
1027 """WPA2-FT-SAE AP and PMKSA caching for initial mobility domain association"""
1028 if "SAE" not in dev[0].get_capability("auth_alg"):
1029 raise HwsimSkip("SAE not supported")
1030 ssid = "test-ft"
1031 passphrase = "12345678"
1032
1033 params = ft_params1(ssid=ssid, passphrase=passphrase)
1034 params['wpa_key_mgmt'] = "FT-SAE"
1035 hapd0 = hostapd.add_ap(apdev[0], params)
1036 params = ft_params2(ssid=ssid, passphrase=passphrase)
1037 params['wpa_key_mgmt'] = "FT-SAE"
1038 hapd = hostapd.add_ap(apdev[1], params)
1039 key_mgmt = hapd.get_config()['key_mgmt']
1040 if key_mgmt.split(' ')[0] != "FT-SAE":
1041 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
1042
1043 dev[0].request("SET sae_groups ")
1044 run_roams(dev[0], apdev, hapd0, hapd, ssid, passphrase, sae=True,
1045 pmksa_caching=True)
1046
1047 def generic_ap_ft_eap(dev, apdev, vlan=False, cui=False, over_ds=False,
1048 discovery=False, roams=1, wpa_ptk_rekey=0,
1049 only_one_way=False):
1050 ssid = "test-ft"
1051 passphrase = "12345678"
1052 if vlan:
1053 identity = "gpsk-vlan1"
1054 conndev = "brvlan1"
1055 elif cui:
1056 identity = "gpsk-cui"
1057 conndev = False
1058 else:
1059 identity = "gpsk user"
1060 conndev = False
1061
1062 radius = hostapd.radius_params()
1063 params = ft_params1(ssid=ssid, passphrase=passphrase, discovery=discovery)
1064 params['wpa_key_mgmt'] = "FT-EAP"
1065 params["ieee8021x"] = "1"
1066 if vlan:
1067 params["dynamic_vlan"] = "1"
1068 params = dict(list(radius.items()) + list(params.items()))
1069 hapd = hostapd.add_ap(apdev[0], params)
1070 key_mgmt = hapd.get_config()['key_mgmt']
1071 if key_mgmt.split(' ')[0] != "FT-EAP":
1072 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
1073 params = ft_params2(ssid=ssid, passphrase=passphrase, discovery=discovery)
1074 params['wpa_key_mgmt'] = "FT-EAP"
1075 params["ieee8021x"] = "1"
1076 if vlan:
1077 params["dynamic_vlan"] = "1"
1078 if wpa_ptk_rekey:
1079 params["wpa_ptk_rekey"] = str(wpa_ptk_rekey)
1080 params = dict(list(radius.items()) + list(params.items()))
1081 hapd1 = hostapd.add_ap(apdev[1], params)
1082
1083 run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True,
1084 over_ds=over_ds, roams=roams, eap_identity=identity,
1085 conndev=conndev, only_one_way=only_one_way)
1086 if "[WPA2-FT/EAP-CCMP]" not in dev[0].request("SCAN_RESULTS"):
1087 raise Exception("Scan results missing RSN element info")
1088 check_mib(dev[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-3"),
1089 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-3")])
1090 if only_one_way:
1091 return
1092
1093 # Verify EAPOL reauthentication after FT protocol
1094 if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
1095 ap = hapd
1096 else:
1097 ap = hapd1
1098 ap.request("EAPOL_REAUTH " + dev[0].own_addr())
1099 ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)
1100 if ev is None:
1101 raise Exception("EAP authentication did not start")
1102 ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=5)
1103 if ev is None:
1104 raise Exception("EAP authentication did not succeed")
1105 time.sleep(0.1)
1106 if conndev:
1107 hwsim_utils.test_connectivity_iface(dev[0], ap, conndev)
1108 else:
1109 hwsim_utils.test_connectivity(dev[0], ap)
1110
1111 def test_ap_ft_eap(dev, apdev):
1112 """WPA2-EAP-FT AP"""
1113 generic_ap_ft_eap(dev, apdev)
1114
1115 def test_ap_ft_eap_cui(dev, apdev):
1116 """WPA2-EAP-FT AP with CUI"""
1117 generic_ap_ft_eap(dev, apdev, vlan=False, cui=True)
1118
1119 def test_ap_ft_eap_vlan(dev, apdev):
1120 """WPA2-EAP-FT AP with VLAN"""
1121 generic_ap_ft_eap(dev, apdev, vlan=True)
1122
1123 def test_ap_ft_eap_vlan_multi(dev, apdev):
1124 """WPA2-EAP-FT AP with VLAN"""
1125 generic_ap_ft_eap(dev, apdev, vlan=True, roams=50)
1126
1127 def test_ap_ft_eap_over_ds(dev, apdev):
1128 """WPA2-EAP-FT AP using over-the-DS"""
1129 generic_ap_ft_eap(dev, apdev, over_ds=True)
1130
1131 def test_ap_ft_eap_dis(dev, apdev):
1132 """WPA2-EAP-FT AP with AP discovery"""
1133 generic_ap_ft_eap(dev, apdev, discovery=True)
1134
1135 def test_ap_ft_eap_dis_over_ds(dev, apdev):
1136 """WPA2-EAP-FT AP with AP discovery and over-the-DS"""
1137 generic_ap_ft_eap(dev, apdev, over_ds=True, discovery=True)
1138
1139 def test_ap_ft_eap_vlan(dev, apdev):
1140 """WPA2-EAP-FT AP with VLAN"""
1141 generic_ap_ft_eap(dev, apdev, vlan=True)
1142
1143 def test_ap_ft_eap_vlan_multi(dev, apdev):
1144 """WPA2-EAP-FT AP with VLAN"""
1145 generic_ap_ft_eap(dev, apdev, vlan=True, roams=50)
1146
1147 def test_ap_ft_eap_vlan_over_ds(dev, apdev):
1148 """WPA2-EAP-FT AP with VLAN + over_ds"""
1149 generic_ap_ft_eap(dev, apdev, vlan=True, over_ds=True)
1150
1151 def test_ap_ft_eap_vlan_over_ds_multi(dev, apdev):
1152 """WPA2-EAP-FT AP with VLAN + over_ds"""
1153 generic_ap_ft_eap(dev, apdev, vlan=True, over_ds=True, roams=50)
1154
1155 def generic_ap_ft_eap_pull(dev, apdev, vlan=False):
1156 """WPA2-EAP-FT AP (pull PMK)"""
1157 ssid = "test-ft"
1158 passphrase = "12345678"
1159 if vlan:
1160 identity = "gpsk-vlan1"
1161 conndev = "brvlan1"
1162 else:
1163 identity = "gpsk user"
1164 conndev = False
1165
1166 radius = hostapd.radius_params()
1167 params = ft_params1(ssid=ssid, passphrase=passphrase)
1168 params['wpa_key_mgmt'] = "FT-EAP"
1169 params["ieee8021x"] = "1"
1170 params["pmk_r1_push"] = "0"
1171 if vlan:
1172 params["dynamic_vlan"] = "1"
1173 params = dict(list(radius.items()) + list(params.items()))
1174 hapd = hostapd.add_ap(apdev[0], params)
1175 key_mgmt = hapd.get_config()['key_mgmt']
1176 if key_mgmt.split(' ')[0] != "FT-EAP":
1177 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
1178 params = ft_params2(ssid=ssid, passphrase=passphrase)
1179 params['wpa_key_mgmt'] = "FT-EAP"
1180 params["ieee8021x"] = "1"
1181 params["pmk_r1_push"] = "0"
1182 if vlan:
1183 params["dynamic_vlan"] = "1"
1184 params = dict(list(radius.items()) + list(params.items()))
1185 hapd1 = hostapd.add_ap(apdev[1], params)
1186
1187 run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True,
1188 eap_identity=identity, conndev=conndev)
1189
1190 def test_ap_ft_eap_pull(dev, apdev):
1191 """WPA2-EAP-FT AP (pull PMK)"""
1192 generic_ap_ft_eap_pull(dev, apdev)
1193
1194 def test_ap_ft_eap_pull_vlan(dev, apdev):
1195 generic_ap_ft_eap_pull(dev, apdev, vlan=True)
1196
1197 def test_ap_ft_eap_pull_wildcard(dev, apdev):
1198 """WPA2-EAP-FT AP (pull PMK) - wildcard R0KH/R1KH"""
1199 ssid = "test-ft"
1200 passphrase = "12345678"
1201
1202 radius = hostapd.radius_params()
1203 params = ft_params1(ssid=ssid, passphrase=passphrase, discovery=True)
1204 params['wpa_key_mgmt'] = "WPA-EAP FT-EAP"
1205 params["ieee8021x"] = "1"
1206 params["pmk_r1_push"] = "0"
1207 params["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
1208 params["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
1209 params["ft_psk_generate_local"] = "1"
1210 params["eap_server"] = "0"
1211 params = dict(list(radius.items()) + list(params.items()))
1212 hapd = hostapd.add_ap(apdev[0], params)
1213 params = ft_params2(ssid=ssid, passphrase=passphrase, discovery=True)
1214 params['wpa_key_mgmt'] = "WPA-EAP FT-EAP"
1215 params["ieee8021x"] = "1"
1216 params["pmk_r1_push"] = "0"
1217 params["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
1218 params["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
1219 params["ft_psk_generate_local"] = "1"
1220 params["eap_server"] = "0"
1221 params = dict(list(radius.items()) + list(params.items()))
1222 hapd1 = hostapd.add_ap(apdev[1], params)
1223
1224 run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True)
1225
1226 @remote_compatible
1227 def test_ap_ft_mismatching_rrb_key_push(dev, apdev):
1228 """WPA2-PSK-FT AP over DS with mismatching RRB key (push)"""
1229 ssid = "test-ft"
1230 passphrase = "12345678"
1231
1232 params = ft_params1(ssid=ssid, passphrase=passphrase)
1233 params["ieee80211w"] = "2"
1234 hapd0 = hostapd.add_ap(apdev[0], params)
1235 params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase)
1236 params["ieee80211w"] = "2"
1237 hapd1 = hostapd.add_ap(apdev[1], params)
1238
1239 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
1240 fail_test=True)
1241
1242 @remote_compatible
1243 def test_ap_ft_mismatching_rrb_key_pull(dev, apdev):
1244 """WPA2-PSK-FT AP over DS with mismatching RRB key (pull)"""
1245 ssid = "test-ft"
1246 passphrase = "12345678"
1247
1248 params = ft_params1(ssid=ssid, passphrase=passphrase)
1249 params["pmk_r1_push"] = "0"
1250 hapd0 = hostapd.add_ap(apdev[0], params)
1251 params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase)
1252 params["pmk_r1_push"] = "0"
1253 hapd1 = hostapd.add_ap(apdev[1], params)
1254
1255 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
1256 fail_test=True)
1257
1258 @remote_compatible
1259 def test_ap_ft_mismatching_r0kh_id_pull(dev, apdev):
1260 """WPA2-PSK-FT AP over DS with mismatching R0KH-ID (pull)"""
1261 ssid = "test-ft"
1262 passphrase = "12345678"
1263
1264 params = ft_params1(ssid=ssid, passphrase=passphrase)
1265 params["pmk_r1_push"] = "0"
1266 params["nas_identifier"] = "nas0.w1.fi"
1267 hostapd.add_ap(apdev[0], params)
1268 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1269 scan_freq="2412")
1270
1271 params = ft_params2(ssid=ssid, passphrase=passphrase)
1272 params["pmk_r1_push"] = "0"
1273 hostapd.add_ap(apdev[1], params)
1274
1275 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
1276 dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True)
1277
1278 @remote_compatible
1279 def test_ap_ft_mismatching_rrb_r0kh_push(dev, apdev):
1280 """WPA2-PSK-FT AP over DS with mismatching R0KH key (push)"""
1281 ssid = "test-ft"
1282 passphrase = "12345678"
1283
1284 params = ft_params1(ssid=ssid, passphrase=passphrase)
1285 params["ieee80211w"] = "2"
1286 hapd0 = hostapd.add_ap(apdev[0], params)
1287 params = ft_params2_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
1288 params["ieee80211w"] = "2"
1289 hapd1 = hostapd.add_ap(apdev[1], params)
1290
1291 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
1292 fail_test=True)
1293
1294 @remote_compatible
1295 def test_ap_ft_mismatching_rrb_r0kh_pull(dev, apdev):
1296 """WPA2-PSK-FT AP over DS with mismatching R0KH key (pull)"""
1297 ssid = "test-ft"
1298 passphrase = "12345678"
1299
1300 params = ft_params1_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
1301 params["pmk_r1_push"] = "0"
1302 hapd0 = hostapd.add_ap(apdev[0], params)
1303 params = ft_params2(ssid=ssid, passphrase=passphrase)
1304 params["pmk_r1_push"] = "0"
1305 hapd1 = hostapd.add_ap(apdev[1], params)
1306
1307 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
1308 fail_test=True)
1309
1310 def test_ap_ft_mismatching_rrb_key_push_eap(dev, apdev):
1311 """WPA2-EAP-FT AP over DS with mismatching RRB key (push)"""
1312 ssid = "test-ft"
1313 passphrase = "12345678"
1314
1315 radius = hostapd.radius_params()
1316 params = ft_params1(ssid=ssid, passphrase=passphrase)
1317 params["ieee80211w"] = "2"
1318 params['wpa_key_mgmt'] = "FT-EAP"
1319 params["ieee8021x"] = "1"
1320 params = dict(list(radius.items()) + list(params.items()))
1321 hapd0 = hostapd.add_ap(apdev[0], params)
1322 params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase)
1323 params["ieee80211w"] = "2"
1324 params['wpa_key_mgmt'] = "FT-EAP"
1325 params["ieee8021x"] = "1"
1326 params = dict(list(radius.items()) + list(params.items()))
1327 hapd1 = hostapd.add_ap(apdev[1], params)
1328
1329 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
1330 fail_test=True, eap=True)
1331
1332 def test_ap_ft_mismatching_rrb_key_pull_eap(dev, apdev):
1333 """WPA2-EAP-FT AP over DS with mismatching RRB key (pull)"""
1334 ssid = "test-ft"
1335 passphrase = "12345678"
1336
1337 radius = hostapd.radius_params()
1338 params = ft_params1(ssid=ssid, passphrase=passphrase)
1339 params["pmk_r1_push"] = "0"
1340 params['wpa_key_mgmt'] = "FT-EAP"
1341 params["ieee8021x"] = "1"
1342 params = dict(list(radius.items()) + list(params.items()))
1343 hapd0 = hostapd.add_ap(apdev[0], params)
1344 params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase)
1345 params["pmk_r1_push"] = "0"
1346 params['wpa_key_mgmt'] = "FT-EAP"
1347 params["ieee8021x"] = "1"
1348 params = dict(list(radius.items()) + list(params.items()))
1349 hapd1 = hostapd.add_ap(apdev[1], params)
1350
1351 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
1352 fail_test=True, eap=True)
1353
1354 def test_ap_ft_mismatching_r0kh_id_pull_eap(dev, apdev):
1355 """WPA2-EAP-FT AP over DS with mismatching R0KH-ID (pull)"""
1356 ssid = "test-ft"
1357 passphrase = "12345678"
1358
1359 radius = hostapd.radius_params()
1360 params = ft_params1(ssid=ssid, passphrase=passphrase)
1361 params["pmk_r1_push"] = "0"
1362 params["nas_identifier"] = "nas0.w1.fi"
1363 params['wpa_key_mgmt'] = "FT-EAP"
1364 params["ieee8021x"] = "1"
1365 params = dict(list(radius.items()) + list(params.items()))
1366 hostapd.add_ap(apdev[0], params)
1367 dev[0].connect(ssid, key_mgmt="FT-EAP", proto="WPA2", ieee80211w="1",
1368 eap="GPSK", identity="gpsk user",
1369 password="abcdefghijklmnop0123456789abcdef",
1370 scan_freq="2412")
1371
1372 params = ft_params2(ssid=ssid, passphrase=passphrase)
1373 params["pmk_r1_push"] = "0"
1374 params['wpa_key_mgmt'] = "FT-EAP"
1375 params["ieee8021x"] = "1"
1376 params = dict(list(radius.items()) + list(params.items()))
1377 hostapd.add_ap(apdev[1], params)
1378
1379 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
1380 dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True)
1381
1382 def test_ap_ft_mismatching_rrb_r0kh_push_eap(dev, apdev):
1383 """WPA2-EAP-FT AP over DS with mismatching R0KH key (push)"""
1384 ssid = "test-ft"
1385 passphrase = "12345678"
1386
1387 radius = hostapd.radius_params()
1388 params = ft_params1(ssid=ssid, passphrase=passphrase)
1389 params["ieee80211w"] = "2"
1390 params['wpa_key_mgmt'] = "FT-EAP"
1391 params["ieee8021x"] = "1"
1392 params = dict(list(radius.items()) + list(params.items()))
1393 hapd0 = hostapd.add_ap(apdev[0], params)
1394 params = ft_params2_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
1395 params["ieee80211w"] = "2"
1396 params['wpa_key_mgmt'] = "FT-EAP"
1397 params["ieee8021x"] = "1"
1398 params = dict(list(radius.items()) + list(params.items()))
1399 hapd1 = hostapd.add_ap(apdev[1], params)
1400
1401 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
1402 fail_test=True, eap=True)
1403
1404 def test_ap_ft_mismatching_rrb_r0kh_pull_eap(dev, apdev):
1405 """WPA2-EAP-FT AP over DS with mismatching R0KH key (pull)"""
1406 ssid = "test-ft"
1407 passphrase = "12345678"
1408
1409 radius = hostapd.radius_params()
1410 params = ft_params1_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
1411 params["pmk_r1_push"] = "0"
1412 params['wpa_key_mgmt'] = "FT-EAP"
1413 params["ieee8021x"] = "1"
1414 params = dict(list(radius.items()) + list(params.items()))
1415 hapd0 = hostapd.add_ap(apdev[0], params)
1416 params = ft_params2(ssid=ssid, passphrase=passphrase)
1417 params["pmk_r1_push"] = "0"
1418 params['wpa_key_mgmt'] = "FT-EAP"
1419 params["ieee8021x"] = "1"
1420 params = dict(list(radius.items()) + list(params.items()))
1421 hapd1 = hostapd.add_ap(apdev[1], params)
1422
1423 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
1424 fail_test=True, eap=True)
1425
1426 def test_ap_ft_gtk_rekey(dev, apdev):
1427 """WPA2-PSK-FT AP and GTK rekey"""
1428 ssid = "test-ft"
1429 passphrase = "12345678"
1430
1431 params = ft_params1(ssid=ssid, passphrase=passphrase)
1432 params['wpa_group_rekey'] = '1'
1433 hapd = hostapd.add_ap(apdev[0], params)
1434
1435 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1436 ieee80211w="1", scan_freq="2412")
1437
1438 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
1439 if ev is None:
1440 raise Exception("GTK rekey timed out after initial association")
1441 hwsim_utils.test_connectivity(dev[0], hapd)
1442
1443 params = ft_params2(ssid=ssid, passphrase=passphrase)
1444 params['wpa_group_rekey'] = '1'
1445 hapd1 = hostapd.add_ap(apdev[1], params)
1446
1447 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
1448 dev[0].roam(apdev[1]['bssid'])
1449 if dev[0].get_status_field('bssid') != apdev[1]['bssid']:
1450 raise Exception("Did not connect to correct AP")
1451 hwsim_utils.test_connectivity(dev[0], hapd1)
1452
1453 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
1454 if ev is None:
1455 raise Exception("GTK rekey timed out after FT protocol")
1456 hwsim_utils.test_connectivity(dev[0], hapd1)
1457
1458 def test_ft_psk_key_lifetime_in_memory(dev, apdev, params):
1459 """WPA2-PSK-FT and key lifetime in memory"""
1460 ssid = "test-ft"
1461 passphrase = "04c2726b4b8d5f1b4db9c07aa4d9e9d8f765cb5d25ec817e6cc4fcdd5255db0"
1462 psk = '93c90846ff67af9037ed83fb72b63dbeddaa81d47f926c20909b5886f1d9358d'
1463 pmk = binascii.unhexlify(psk)
1464 p = ft_params1(ssid=ssid, passphrase=passphrase)
1465 hapd0 = hostapd.add_ap(apdev[0], p)
1466 p = ft_params2(ssid=ssid, passphrase=passphrase)
1467 hapd1 = hostapd.add_ap(apdev[1], p)
1468
1469 pid = find_wpas_process(dev[0])
1470
1471 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1472 scan_freq="2412")
1473 # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
1474 # event has been delivered, so verify that wpa_supplicant has returned to
1475 # eloop before reading process memory.
1476 time.sleep(1)
1477 dev[0].ping()
1478
1479 buf = read_process_memory(pid, pmk)
1480
1481 dev[0].request("DISCONNECT")
1482 dev[0].wait_disconnected()
1483
1484 dev[0].relog()
1485 pmkr0 = None
1486 pmkr1 = None
1487 ptk = None
1488 gtk = None
1489 with open(os.path.join(params['logdir'], 'log0'), 'r') as f:
1490 for l in f.readlines():
1491 if "FT: PMK-R0 - hexdump" in l:
1492 val = l.strip().split(':')[3].replace(' ', '')
1493 pmkr0 = binascii.unhexlify(val)
1494 if "FT: PMK-R1 - hexdump" in l:
1495 val = l.strip().split(':')[3].replace(' ', '')
1496 pmkr1 = binascii.unhexlify(val)
1497 if "FT: KCK - hexdump" in l:
1498 val = l.strip().split(':')[3].replace(' ', '')
1499 kck = binascii.unhexlify(val)
1500 if "FT: KEK - hexdump" in l:
1501 val = l.strip().split(':')[3].replace(' ', '')
1502 kek = binascii.unhexlify(val)
1503 if "FT: TK - hexdump" in l:
1504 val = l.strip().split(':')[3].replace(' ', '')
1505 tk = binascii.unhexlify(val)
1506 if "WPA: Group Key - hexdump" in l:
1507 val = l.strip().split(':')[3].replace(' ', '')
1508 gtk = binascii.unhexlify(val)
1509 if not pmkr0 or not pmkr1 or not kck or not kek or not tk or not gtk:
1510 raise Exception("Could not find keys from debug log")
1511 if len(gtk) != 16:
1512 raise Exception("Unexpected GTK length")
1513
1514 logger.info("Checking keys in memory while associated")
1515 get_key_locations(buf, pmk, "PMK")
1516 get_key_locations(buf, pmkr0, "PMK-R0")
1517 get_key_locations(buf, pmkr1, "PMK-R1")
1518 if pmk not in buf:
1519 raise HwsimSkip("PMK not found while associated")
1520 if pmkr0 not in buf:
1521 raise HwsimSkip("PMK-R0 not found while associated")
1522 if pmkr1 not in buf:
1523 raise HwsimSkip("PMK-R1 not found while associated")
1524 if kck not in buf:
1525 raise Exception("KCK not found while associated")
1526 if kek not in buf:
1527 raise Exception("KEK not found while associated")
1528 #if tk in buf:
1529 # raise Exception("TK found from memory")
1530
1531 logger.info("Checking keys in memory after disassociation")
1532 buf = read_process_memory(pid, pmk)
1533 get_key_locations(buf, pmk, "PMK")
1534 get_key_locations(buf, pmkr0, "PMK-R0")
1535 get_key_locations(buf, pmkr1, "PMK-R1")
1536
1537 # Note: PMK/PSK is still present in network configuration
1538
1539 fname = os.path.join(params['logdir'],
1540 'ft_psk_key_lifetime_in_memory.memctx-')
1541 verify_not_present(buf, pmkr0, fname, "PMK-R0")
1542 verify_not_present(buf, pmkr1, fname, "PMK-R1")
1543 verify_not_present(buf, kck, fname, "KCK")
1544 verify_not_present(buf, kek, fname, "KEK")
1545 verify_not_present(buf, tk, fname, "TK")
1546 if gtk in buf:
1547 get_key_locations(buf, gtk, "GTK")
1548 verify_not_present(buf, gtk, fname, "GTK")
1549
1550 dev[0].request("REMOVE_NETWORK all")
1551
1552 logger.info("Checking keys in memory after network profile removal")
1553 buf = read_process_memory(pid, pmk)
1554 get_key_locations(buf, pmk, "PMK")
1555 get_key_locations(buf, pmkr0, "PMK-R0")
1556 get_key_locations(buf, pmkr1, "PMK-R1")
1557
1558 verify_not_present(buf, pmk, fname, "PMK")
1559 verify_not_present(buf, pmkr0, fname, "PMK-R0")
1560 verify_not_present(buf, pmkr1, fname, "PMK-R1")
1561 verify_not_present(buf, kck, fname, "KCK")
1562 verify_not_present(buf, kek, fname, "KEK")
1563 verify_not_present(buf, tk, fname, "TK")
1564 verify_not_present(buf, gtk, fname, "GTK")
1565
1566 @remote_compatible
1567 def test_ap_ft_invalid_resp(dev, apdev):
1568 """WPA2-PSK-FT AP and invalid response IEs"""
1569 ssid = "test-ft"
1570 passphrase = "12345678"
1571
1572 params = ft_params1(ssid=ssid, passphrase=passphrase)
1573 hapd0 = hostapd.add_ap(apdev[0], params)
1574 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1575 scan_freq="2412")
1576
1577 params = ft_params2(ssid=ssid, passphrase=passphrase)
1578 hapd1 = hostapd.add_ap(apdev[1], params)
1579
1580 tests = [
1581 # Various IEs for test coverage. The last one is FTIE with invalid
1582 # R1KH-ID subelement.
1583 "020002000000" + "3800" + "38051122334455" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010100",
1584 # FTIE with invalid R0KH-ID subelement (len=0).
1585 "020002000000" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010300",
1586 # FTIE with invalid R0KH-ID subelement (len=49).
1587 "020002000000" + "378500010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001033101020304050607080910111213141516171819202122232425262728293031323334353637383940414243444546474849",
1588 # Invalid RSNE.
1589 "020002000000" + "3000",
1590 # Required IEs missing from protected IE count.
1591 "020002000000" + "3603a1b201" + "375200010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
1592 # RIC missing from protected IE count.
1593 "020002000000" + "3603a1b201" + "375200020203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
1594 # Protected IE missing.
1595 "020002000000" + "3603a1b201" + "375200ff0203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900" + "0000"]
1596 for t in tests:
1597 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
1598 hapd1.set("ext_mgmt_frame_handling", "1")
1599 hapd1.dump_monitor()
1600 if "OK" not in dev[0].request("ROAM " + apdev[1]['bssid']):
1601 raise Exception("ROAM failed")
1602 auth = None
1603 for i in range(20):
1604 msg = hapd1.mgmt_rx()
1605 if msg['subtype'] == 11:
1606 auth = msg
1607 break
1608 if not auth:
1609 raise Exception("Authentication frame not seen")
1610
1611 resp = {}
1612 resp['fc'] = auth['fc']
1613 resp['da'] = auth['sa']
1614 resp['sa'] = auth['da']
1615 resp['bssid'] = auth['bssid']
1616 resp['payload'] = binascii.unhexlify(t)
1617 hapd1.mgmt_tx(resp)
1618 hapd1.set("ext_mgmt_frame_handling", "0")
1619 dev[0].wait_disconnected()
1620
1621 dev[0].request("RECONNECT")
1622 dev[0].wait_connected()
1623
1624 def test_ap_ft_gcmp_256(dev, apdev):
1625 """WPA2-PSK-FT AP with GCMP-256 cipher"""
1626 if "GCMP-256" not in dev[0].get_capability("pairwise"):
1627 raise HwsimSkip("Cipher GCMP-256 not supported")
1628 ssid = "test-ft"
1629 passphrase = "12345678"
1630
1631 params = ft_params1(ssid=ssid, passphrase=passphrase)
1632 params['rsn_pairwise'] = "GCMP-256"
1633 hapd0 = hostapd.add_ap(apdev[0], params)
1634 params = ft_params2(ssid=ssid, passphrase=passphrase)
1635 params['rsn_pairwise'] = "GCMP-256"
1636 hapd1 = hostapd.add_ap(apdev[1], params)
1637
1638 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase,
1639 pairwise_cipher="GCMP-256", group_cipher="GCMP-256")
1640
1641 def setup_ap_ft_oom(dev, apdev):
1642 skip_with_fips(dev[0])
1643 ssid = "test-ft"
1644 passphrase = "12345678"
1645
1646 params = ft_params1(ssid=ssid, passphrase=passphrase)
1647 hapd0 = hostapd.add_ap(apdev[0], params)
1648 params = ft_params2(ssid=ssid, passphrase=passphrase)
1649 hapd1 = hostapd.add_ap(apdev[1], params)
1650
1651 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1652 scan_freq="2412")
1653 if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
1654 dst = apdev[1]['bssid']
1655 else:
1656 dst = apdev[0]['bssid']
1657
1658 dev[0].scan_for_bss(dst, freq="2412")
1659
1660 return dst
1661
1662 def test_ap_ft_oom(dev, apdev):
1663 """WPA2-PSK-FT and OOM"""
1664 dst = setup_ap_ft_oom(dev, apdev)
1665 with alloc_fail(dev[0], 1, "wpa_ft_gen_req_ies"):
1666 dev[0].roam(dst)
1667
1668 def test_ap_ft_oom2(dev, apdev):
1669 """WPA2-PSK-FT and OOM (2)"""
1670 dst = setup_ap_ft_oom(dev, apdev)
1671 with fail_test(dev[0], 1, "wpa_ft_mic"):
1672 dev[0].roam(dst, fail_test=True, assoc_reject_ok=True)
1673
1674 def test_ap_ft_oom3(dev, apdev):
1675 """WPA2-PSK-FT and OOM (3)"""
1676 dst = setup_ap_ft_oom(dev, apdev)
1677 with fail_test(dev[0], 1, "os_get_random;wpa_ft_prepare_auth_request"):
1678 dev[0].roam(dst)
1679
1680 def test_ap_ft_oom4(dev, apdev):
1681 """WPA2-PSK-FT and OOM (4)"""
1682 ssid = "test-ft"
1683 passphrase = "12345678"
1684 dst = setup_ap_ft_oom(dev, apdev)
1685 dev[0].request("REMOVE_NETWORK all")
1686 with alloc_fail(dev[0], 1, "=sme_update_ft_ies"):
1687 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1688 scan_freq="2412")
1689
1690 def test_ap_ft_ap_oom(dev, apdev):
1691 """WPA2-PSK-FT and AP OOM"""
1692 ssid = "test-ft"
1693 passphrase = "12345678"
1694
1695 params = ft_params1(ssid=ssid, passphrase=passphrase)
1696 hapd0 = hostapd.add_ap(apdev[0], params)
1697 bssid0 = hapd0.own_addr()
1698
1699 dev[0].scan_for_bss(bssid0, freq="2412")
1700 with alloc_fail(hapd0, 1, "wpa_ft_store_pmk_r0"):
1701 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1702 scan_freq="2412")
1703
1704 params = ft_params2(ssid=ssid, passphrase=passphrase)
1705 hapd1 = hostapd.add_ap(apdev[1], params)
1706 bssid1 = hapd1.own_addr()
1707 dev[0].scan_for_bss(bssid1, freq="2412")
1708 # This roam will fail due to missing PMK-R0 (OOM prevented storing it)
1709 dev[0].roam(bssid1)
1710
1711 def test_ap_ft_ap_oom2(dev, apdev):
1712 """WPA2-PSK-FT and AP OOM 2"""
1713 ssid = "test-ft"
1714 passphrase = "12345678"
1715
1716 params = ft_params1(ssid=ssid, passphrase=passphrase)
1717 hapd0 = hostapd.add_ap(apdev[0], params)
1718 bssid0 = hapd0.own_addr()
1719
1720 dev[0].scan_for_bss(bssid0, freq="2412")
1721 with alloc_fail(hapd0, 1, "wpa_ft_store_pmk_r1"):
1722 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1723 scan_freq="2412")
1724
1725 params = ft_params2(ssid=ssid, passphrase=passphrase)
1726 hapd1 = hostapd.add_ap(apdev[1], params)
1727 bssid1 = hapd1.own_addr()
1728 dev[0].scan_for_bss(bssid1, freq="2412")
1729 dev[0].roam(bssid1)
1730 if dev[0].get_status_field('bssid') != bssid1:
1731 raise Exception("Did not roam to AP1")
1732 # This roam will fail due to missing PMK-R1 (OOM prevented storing it)
1733 dev[0].roam(bssid0)
1734
1735 def test_ap_ft_ap_oom3(dev, apdev):
1736 """WPA2-PSK-FT and AP OOM 3"""
1737 ssid = "test-ft"
1738 passphrase = "12345678"
1739
1740 params = ft_params1(ssid=ssid, passphrase=passphrase)
1741 hapd0 = hostapd.add_ap(apdev[0], params)
1742 bssid0 = hapd0.own_addr()
1743
1744 dev[0].scan_for_bss(bssid0, freq="2412")
1745 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1746 scan_freq="2412")
1747
1748 params = ft_params2(ssid=ssid, passphrase=passphrase)
1749 hapd1 = hostapd.add_ap(apdev[1], params)
1750 bssid1 = hapd1.own_addr()
1751 dev[0].scan_for_bss(bssid1, freq="2412")
1752 with alloc_fail(hapd1, 1, "wpa_ft_pull_pmk_r1"):
1753 # This will fail due to not being able to send out PMK-R1 pull request
1754 dev[0].roam(bssid1)
1755
1756 with fail_test(hapd1, 2, "os_get_random;wpa_ft_pull_pmk_r1"):
1757 # This will fail due to not being able to send out PMK-R1 pull request
1758 dev[0].roam(bssid1)
1759
1760 with fail_test(hapd1, 2, "aes_siv_encrypt;wpa_ft_pull_pmk_r1"):
1761 # This will fail due to not being able to send out PMK-R1 pull request
1762 dev[0].roam(bssid1)
1763
1764 def test_ap_ft_ap_oom3b(dev, apdev):
1765 """WPA2-PSK-FT and AP OOM 3b"""
1766 ssid = "test-ft"
1767 passphrase = "12345678"
1768
1769 params = ft_params1(ssid=ssid, passphrase=passphrase)
1770 hapd0 = hostapd.add_ap(apdev[0], params)
1771 bssid0 = hapd0.own_addr()
1772
1773 dev[0].scan_for_bss(bssid0, freq="2412")
1774 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1775 scan_freq="2412")
1776
1777 params = ft_params2(ssid=ssid, passphrase=passphrase)
1778 hapd1 = hostapd.add_ap(apdev[1], params)
1779 bssid1 = hapd1.own_addr()
1780 dev[0].scan_for_bss(bssid1, freq="2412")
1781 with fail_test(hapd1, 1, "os_get_random;wpa_ft_pull_pmk_r1"):
1782 # This will fail due to not being able to send out PMK-R1 pull request
1783 dev[0].roam(bssid1)
1784
1785 def test_ap_ft_ap_oom4(dev, apdev):
1786 """WPA2-PSK-FT and AP OOM 4"""
1787 ssid = "test-ft"
1788 passphrase = "12345678"
1789
1790 params = ft_params1(ssid=ssid, passphrase=passphrase)
1791 hapd0 = hostapd.add_ap(apdev[0], params)
1792 bssid0 = hapd0.own_addr()
1793
1794 dev[0].scan_for_bss(bssid0, freq="2412")
1795 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1796 scan_freq="2412")
1797
1798 params = ft_params2(ssid=ssid, passphrase=passphrase)
1799 hapd1 = hostapd.add_ap(apdev[1], params)
1800 bssid1 = hapd1.own_addr()
1801 dev[0].scan_for_bss(bssid1, freq="2412")
1802 with alloc_fail(hapd1, 1, "wpa_ft_gtk_subelem"):
1803 dev[0].roam(bssid1)
1804 if dev[0].get_status_field('bssid') != bssid1:
1805 raise Exception("Did not roam to AP1")
1806
1807 with fail_test(hapd0, 1, "wpa_auth_get_seqnum;wpa_ft_gtk_subelem"):
1808 dev[0].roam(bssid0)
1809 if dev[0].get_status_field('bssid') != bssid0:
1810 raise Exception("Did not roam to AP0")
1811
1812 with fail_test(hapd0, 1, "aes_wrap;wpa_ft_gtk_subelem"):
1813 dev[0].roam(bssid1)
1814 if dev[0].get_status_field('bssid') != bssid1:
1815 raise Exception("Did not roam to AP1")
1816
1817 def test_ap_ft_ap_oom5(dev, apdev):
1818 """WPA2-PSK-FT and AP OOM 5"""
1819 ssid = "test-ft"
1820 passphrase = "12345678"
1821
1822 params = ft_params1(ssid=ssid, passphrase=passphrase)
1823 hapd0 = hostapd.add_ap(apdev[0], params)
1824 bssid0 = hapd0.own_addr()
1825
1826 dev[0].scan_for_bss(bssid0, freq="2412")
1827 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1828 scan_freq="2412")
1829
1830 params = ft_params2(ssid=ssid, passphrase=passphrase)
1831 hapd1 = hostapd.add_ap(apdev[1], params)
1832 bssid1 = hapd1.own_addr()
1833 dev[0].scan_for_bss(bssid1, freq="2412")
1834 with alloc_fail(hapd1, 1, "=wpa_ft_process_auth_req"):
1835 # This will fail to roam
1836 dev[0].roam(bssid1)
1837
1838 with fail_test(hapd1, 1, "os_get_random;wpa_ft_process_auth_req"):
1839 # This will fail to roam
1840 dev[0].roam(bssid1)
1841
1842 with fail_test(hapd1, 1, "sha256_prf_bits;wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
1843 # This will fail to roam
1844 dev[0].roam(bssid1)
1845
1846 with fail_test(hapd1, 3, "wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
1847 # This will fail to roam
1848 dev[0].roam(bssid1)
1849
1850 with fail_test(hapd1, 1, "wpa_derive_pmk_r1_name;wpa_ft_process_auth_req"):
1851 # This will fail to roam
1852 dev[0].roam(bssid1)
1853
1854 def test_ap_ft_ap_oom6(dev, apdev):
1855 """WPA2-PSK-FT and AP OOM 6"""
1856 ssid = "test-ft"
1857 passphrase = "12345678"
1858
1859 params = ft_params1(ssid=ssid, passphrase=passphrase)
1860 hapd0 = hostapd.add_ap(apdev[0], params)
1861 bssid0 = hapd0.own_addr()
1862
1863 dev[0].scan_for_bss(bssid0, freq="2412")
1864 with fail_test(hapd0, 1, "wpa_derive_pmk_r0;wpa_auth_derive_ptk_ft"):
1865 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1866 scan_freq="2412")
1867 dev[0].request("REMOVE_NETWORK all")
1868 dev[0].wait_disconnected()
1869 with fail_test(hapd0, 1, "wpa_derive_pmk_r1;wpa_auth_derive_ptk_ft"):
1870 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1871 scan_freq="2412")
1872 dev[0].request("REMOVE_NETWORK all")
1873 dev[0].wait_disconnected()
1874 with fail_test(hapd0, 1, "wpa_pmk_r1_to_ptk;wpa_auth_derive_ptk_ft"):
1875 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1876 scan_freq="2412")
1877
1878 def test_ap_ft_ap_oom7a(dev, apdev):
1879 """WPA2-PSK-FT and AP OOM 7a"""
1880 ssid = "test-ft"
1881 passphrase = "12345678"
1882
1883 params = ft_params1(ssid=ssid, passphrase=passphrase)
1884 params["ieee80211w"] = "2"
1885 hapd0 = hostapd.add_ap(apdev[0], params)
1886 bssid0 = hapd0.own_addr()
1887
1888 dev[0].scan_for_bss(bssid0, freq="2412")
1889 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1890 ieee80211w="2", scan_freq="2412")
1891
1892 params = ft_params2(ssid=ssid, passphrase=passphrase)
1893 params["ieee80211w"] = "2"
1894 hapd1 = hostapd.add_ap(apdev[1], params)
1895 bssid1 = hapd1.own_addr()
1896 dev[0].scan_for_bss(bssid1, freq="2412")
1897 with alloc_fail(hapd1, 1, "wpa_ft_igtk_subelem"):
1898 # This will fail to roam
1899 dev[0].roam(bssid1)
1900
1901 def test_ap_ft_ap_oom7b(dev, apdev):
1902 """WPA2-PSK-FT and AP OOM 7b"""
1903 ssid = "test-ft"
1904 passphrase = "12345678"
1905
1906 params = ft_params1(ssid=ssid, passphrase=passphrase)
1907 params["ieee80211w"] = "2"
1908 hapd0 = hostapd.add_ap(apdev[0], params)
1909 bssid0 = hapd0.own_addr()
1910
1911 dev[0].scan_for_bss(bssid0, freq="2412")
1912 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1913 ieee80211w="2", scan_freq="2412")
1914
1915 params = ft_params2(ssid=ssid, passphrase=passphrase)
1916 params["ieee80211w"] = "2"
1917 hapd1 = hostapd.add_ap(apdev[1], params)
1918 bssid1 = hapd1.own_addr()
1919 dev[0].scan_for_bss(bssid1, freq="2412")
1920 with fail_test(hapd1, 1, "aes_wrap;wpa_ft_igtk_subelem"):
1921 # This will fail to roam
1922 dev[0].roam(bssid1)
1923
1924 def test_ap_ft_ap_oom7c(dev, apdev):
1925 """WPA2-PSK-FT and AP OOM 7c"""
1926 ssid = "test-ft"
1927 passphrase = "12345678"
1928
1929 params = ft_params1(ssid=ssid, passphrase=passphrase)
1930 params["ieee80211w"] = "2"
1931 hapd0 = hostapd.add_ap(apdev[0], params)
1932 bssid0 = hapd0.own_addr()
1933
1934 dev[0].scan_for_bss(bssid0, freq="2412")
1935 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1936 ieee80211w="2", scan_freq="2412")
1937
1938 params = ft_params2(ssid=ssid, passphrase=passphrase)
1939 params["ieee80211w"] = "2"
1940 hapd1 = hostapd.add_ap(apdev[1], params)
1941 bssid1 = hapd1.own_addr()
1942 dev[0].scan_for_bss(bssid1, freq="2412")
1943 with alloc_fail(hapd1, 1, "=wpa_sm_write_assoc_resp_ies"):
1944 # This will fail to roam
1945 dev[0].roam(bssid1)
1946
1947 def test_ap_ft_ap_oom7d(dev, apdev):
1948 """WPA2-PSK-FT and AP OOM 7d"""
1949 ssid = "test-ft"
1950 passphrase = "12345678"
1951
1952 params = ft_params1(ssid=ssid, passphrase=passphrase)
1953 params["ieee80211w"] = "2"
1954 hapd0 = hostapd.add_ap(apdev[0], params)
1955 bssid0 = hapd0.own_addr()
1956
1957 dev[0].scan_for_bss(bssid0, freq="2412")
1958 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1959 ieee80211w="2", scan_freq="2412")
1960
1961 params = ft_params2(ssid=ssid, passphrase=passphrase)
1962 params["ieee80211w"] = "2"
1963 hapd1 = hostapd.add_ap(apdev[1], params)
1964 bssid1 = hapd1.own_addr()
1965 dev[0].scan_for_bss(bssid1, freq="2412")
1966 with fail_test(hapd1, 1, "wpa_ft_mic;wpa_sm_write_assoc_resp_ies"):
1967 # This will fail to roam
1968 dev[0].roam(bssid1)
1969
1970 def test_ap_ft_ap_oom8(dev, apdev):
1971 """WPA2-PSK-FT and AP OOM 8"""
1972 ssid = "test-ft"
1973 passphrase = "12345678"
1974
1975 params = ft_params1(ssid=ssid, passphrase=passphrase)
1976 params['ft_psk_generate_local'] = "1"
1977 hapd0 = hostapd.add_ap(apdev[0], params)
1978 bssid0 = hapd0.own_addr()
1979
1980 dev[0].scan_for_bss(bssid0, freq="2412")
1981 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
1982 scan_freq="2412")
1983
1984 params = ft_params2(ssid=ssid, passphrase=passphrase)
1985 params['ft_psk_generate_local'] = "1"
1986 hapd1 = hostapd.add_ap(apdev[1], params)
1987 bssid1 = hapd1.own_addr()
1988 dev[0].scan_for_bss(bssid1, freq="2412")
1989 with fail_test(hapd1, 1, "wpa_derive_pmk_r0;wpa_ft_psk_pmk_r1"):
1990 # This will fail to roam
1991 dev[0].roam(bssid1)
1992 with fail_test(hapd1, 1, "wpa_derive_pmk_r1;wpa_ft_psk_pmk_r1"):
1993 # This will fail to roam
1994 dev[0].roam(bssid1)
1995
1996 def test_ap_ft_ap_oom9(dev, apdev):
1997 """WPA2-PSK-FT and AP OOM 9"""
1998 ssid = "test-ft"
1999 passphrase = "12345678"
2000
2001 params = ft_params1(ssid=ssid, passphrase=passphrase)
2002 hapd0 = hostapd.add_ap(apdev[0], params)
2003 bssid0 = hapd0.own_addr()
2004
2005 dev[0].scan_for_bss(bssid0, freq="2412")
2006 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2007 scan_freq="2412")
2008
2009 params = ft_params2(ssid=ssid, passphrase=passphrase)
2010 hapd1 = hostapd.add_ap(apdev[1], params)
2011 bssid1 = hapd1.own_addr()
2012 dev[0].scan_for_bss(bssid1, freq="2412")
2013
2014 with alloc_fail(hapd0, 1, "wpa_ft_action_rx"):
2015 # This will fail to roam
2016 if "OK" not in dev[0].request("FT_DS " + bssid1):
2017 raise Exception("FT_DS failed")
2018 wait_fail_trigger(hapd0, "GET_ALLOC_FAIL")
2019
2020 with alloc_fail(hapd1, 1, "wpa_ft_rrb_rx_request"):
2021 # This will fail to roam
2022 if "OK" not in dev[0].request("FT_DS " + bssid1):
2023 raise Exception("FT_DS failed")
2024 wait_fail_trigger(hapd1, "GET_ALLOC_FAIL")
2025
2026 with alloc_fail(hapd1, 1, "wpa_ft_send_rrb_auth_resp"):
2027 # This will fail to roam
2028 if "OK" not in dev[0].request("FT_DS " + bssid1):
2029 raise Exception("FT_DS failed")
2030 wait_fail_trigger(hapd1, "GET_ALLOC_FAIL")
2031
2032 def test_ap_ft_ap_oom10(dev, apdev):
2033 """WPA2-PSK-FT and AP OOM 10"""
2034 ssid = "test-ft"
2035 passphrase = "12345678"
2036
2037 params = ft_params1(ssid=ssid, passphrase=passphrase)
2038 hapd0 = hostapd.add_ap(apdev[0], params)
2039 bssid0 = hapd0.own_addr()
2040
2041 dev[0].scan_for_bss(bssid0, freq="2412")
2042 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2043 scan_freq="2412")
2044
2045 params = ft_params2(ssid=ssid, passphrase=passphrase)
2046 hapd1 = hostapd.add_ap(apdev[1], params)
2047 bssid1 = hapd1.own_addr()
2048 dev[0].scan_for_bss(bssid1, freq="2412")
2049
2050 with fail_test(hapd0, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_pull"):
2051 # This will fail to roam
2052 if "OK" not in dev[0].request("FT_DS " + bssid1):
2053 raise Exception("FT_DS failed")
2054 wait_fail_trigger(hapd0, "GET_FAIL")
2055
2056 with fail_test(hapd0, 1, "wpa_derive_pmk_r1;wpa_ft_rrb_rx_pull"):
2057 # This will fail to roam
2058 if "OK" not in dev[0].request("FT_DS " + bssid1):
2059 raise Exception("FT_DS failed")
2060 wait_fail_trigger(hapd0, "GET_FAIL")
2061
2062 with fail_test(hapd0, 1, "aes_siv_encrypt;wpa_ft_rrb_rx_pull"):
2063 # This will fail to roam
2064 if "OK" not in dev[0].request("FT_DS " + bssid1):
2065 raise Exception("FT_DS failed")
2066 wait_fail_trigger(hapd0, "GET_FAIL")
2067
2068 with fail_test(hapd1, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_resp"):
2069 # This will fail to roam
2070 if "OK" not in dev[0].request("FT_DS " + bssid1):
2071 raise Exception("FT_DS failed")
2072 wait_fail_trigger(hapd1, "GET_FAIL")
2073
2074 def test_ap_ft_ap_oom11(dev, apdev):
2075 """WPA2-PSK-FT and AP OOM 11"""
2076 ssid = "test-ft"
2077 passphrase = "12345678"
2078
2079 params = ft_params1(ssid=ssid, passphrase=passphrase)
2080 hapd0 = hostapd.add_ap(apdev[0], params)
2081 bssid0 = hapd0.own_addr()
2082
2083 dev[0].scan_for_bss(bssid0, freq="2412")
2084 with fail_test(hapd0, 1, "wpa_derive_pmk_r1;wpa_ft_generate_pmk_r1"):
2085 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2086 scan_freq="2412")
2087 wait_fail_trigger(hapd0, "GET_FAIL")
2088
2089 dev[1].scan_for_bss(bssid0, freq="2412")
2090 with fail_test(hapd0, 1, "aes_siv_encrypt;wpa_ft_generate_pmk_r1"):
2091 dev[1].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2092 scan_freq="2412")
2093 wait_fail_trigger(hapd0, "GET_FAIL")
2094
2095 def test_ap_ft_over_ds_proto_ap(dev, apdev):
2096 """WPA2-PSK-FT AP over DS protocol testing for AP processing"""
2097 ssid = "test-ft"
2098 passphrase = "12345678"
2099
2100 params = ft_params1(ssid=ssid, passphrase=passphrase)
2101 hapd0 = hostapd.add_ap(apdev[0], params)
2102 bssid0 = hapd0.own_addr()
2103 _bssid0 = bssid0.replace(':', '')
2104 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2105 scan_freq="2412")
2106 addr = dev[0].own_addr()
2107 _addr = addr.replace(':', '')
2108
2109 params = ft_params2(ssid=ssid, passphrase=passphrase)
2110 hapd1 = hostapd.add_ap(apdev[1], params)
2111 bssid1 = hapd1.own_addr()
2112 _bssid1 = bssid1.replace(':', '')
2113
2114 hapd0.set("ext_mgmt_frame_handling", "1")
2115 hdr = "d0003a01" + _bssid0 + _addr + _bssid0 + "1000"
2116 valid = "0601" + _addr + _bssid1
2117 tests = ["0601",
2118 "0601" + _addr,
2119 "0601" + _addr + _bssid0,
2120 "0601" + _addr + "ffffffffffff",
2121 "0601" + _bssid0 + _bssid0,
2122 valid,
2123 valid + "01",
2124 valid + "3700",
2125 valid + "3600",
2126 valid + "3603ffffff",
2127 valid + "3603a1b2ff",
2128 valid + "3603a1b2ff" + "3700",
2129 valid + "3603a1b2ff" + "37520000" + 16*"00" + 32*"00" + 32*"00",
2130 valid + "3603a1b2ff" + "37520001" + 16*"00" + 32*"00" + 32*"00",
2131 valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa",
2132 valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "3000",
2133 valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000facff00000100a225368fe0983b5828a37a0acb37f253",
2134 valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac030100000fac0400000100a225368fe0983b5828a37a0acb37f253",
2135 valid + "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000fac0400000100a225368fe0983b5828a37a0acb37f253",
2136 valid + "0001"]
2137 for t in tests:
2138 hapd0.dump_monitor()
2139 if "OK" not in hapd0.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + t):
2140 raise Exception("MGMT_RX_PROCESS failed")
2141
2142 hapd0.set("ext_mgmt_frame_handling", "0")
2143
2144 def test_ap_ft_over_ds_proto(dev, apdev):
2145 """WPA2-PSK-FT AP over DS protocol testing"""
2146 ssid = "test-ft"
2147 passphrase = "12345678"
2148
2149 params = ft_params1(ssid=ssid, passphrase=passphrase)
2150 hapd0 = hostapd.add_ap(apdev[0], params)
2151 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2152 scan_freq="2412")
2153
2154 # FT Action Response while no FT-over-DS in progress
2155 msg = {}
2156 msg['fc'] = 13 << 4
2157 msg['da'] = dev[0].own_addr()
2158 msg['sa'] = apdev[0]['bssid']
2159 msg['bssid'] = apdev[0]['bssid']
2160 msg['payload'] = binascii.unhexlify("06020200000000000200000004000000")
2161 hapd0.mgmt_tx(msg)
2162
2163 params = ft_params2(ssid=ssid, passphrase=passphrase)
2164 hapd1 = hostapd.add_ap(apdev[1], params)
2165 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
2166 hapd0.set("ext_mgmt_frame_handling", "1")
2167 hapd0.dump_monitor()
2168 dev[0].request("FT_DS " + apdev[1]['bssid'])
2169 for i in range(0, 10):
2170 req = hapd0.mgmt_rx()
2171 if req is None:
2172 raise Exception("MGMT RX wait timed out")
2173 if req['subtype'] == 13:
2174 break
2175 req = None
2176 if not req:
2177 raise Exception("FT Action frame not received")
2178
2179 # FT Action Response for unexpected Target AP
2180 msg['payload'] = binascii.unhexlify("0602020000000000" + "f20000000400" + "0000")
2181 hapd0.mgmt_tx(msg)
2182
2183 # FT Action Response without MDIE
2184 msg['payload'] = binascii.unhexlify("0602020000000000" + "020000000400" + "0000")
2185 hapd0.mgmt_tx(msg)
2186
2187 # FT Action Response without FTIE
2188 msg['payload'] = binascii.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201")
2189 hapd0.mgmt_tx(msg)
2190
2191 # FT Action Response with FTIE SNonce mismatch
2192 msg['payload'] = binascii.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201" + "3766000000000000000000000000000000000000c4e67ac1999bebd00ff4ae4d5dcaf87896bb060b469f7c78d49623fb395c3455ffffff6b693fe6f8d8c5dfac0a22344750775bd09437f98b238c9f87b97f790c0106000102030406030a6e6173312e77312e6669")
2193 hapd0.mgmt_tx(msg)
2194
2195 @remote_compatible
2196 def test_ap_ft_rrb(dev, apdev):
2197 """WPA2-PSK-FT RRB protocol testing"""
2198 ssid = "test-ft"
2199 passphrase = "12345678"
2200
2201 params = ft_params1(ssid=ssid, passphrase=passphrase)
2202 hapd0 = hostapd.add_ap(apdev[0], params)
2203
2204 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2205 scan_freq="2412")
2206
2207 _dst_ll = binascii.unhexlify(apdev[0]['bssid'].replace(':', ''))
2208 _src_ll = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
2209 proto = b'\x89\x0d'
2210 ehdr = _dst_ll + _src_ll + proto
2211
2212 # Too short RRB frame
2213 pkt = ehdr + b'\x01'
2214 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
2215 raise Exception("DATA_TEST_FRAME failed")
2216
2217 # RRB discarded frame wikth unrecognized type
2218 pkt = ehdr + b'\x02' + b'\x02' + b'\x01\x00' + _src_ll
2219 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
2220 raise Exception("DATA_TEST_FRAME failed")
2221
2222 # RRB frame too short for action frame
2223 pkt = ehdr + b'\x01' + b'\x02' + b'\x01\x00' + _src_ll
2224 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
2225 raise Exception("DATA_TEST_FRAME failed")
2226
2227 # Too short RRB frame (not enough room for Action Frame body)
2228 pkt = ehdr + b'\x01' + b'\x02' + b'\x00\x00' + _src_ll
2229 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
2230 raise Exception("DATA_TEST_FRAME failed")
2231
2232 # Unexpected Action frame category
2233 pkt = ehdr + b'\x01' + b'\x02' + b'\x0e\x00' + _src_ll + b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2234 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
2235 raise Exception("DATA_TEST_FRAME failed")
2236
2237 # Unexpected Action in RRB Request
2238 pkt = ehdr + b'\x01' + b'\x00' + b'\x0e\x00' + _src_ll + b'\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2239 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
2240 raise Exception("DATA_TEST_FRAME failed")
2241
2242 # Target AP address in RRB Request does not match with own address
2243 pkt = ehdr + b'\x01' + b'\x00' + b'\x0e\x00' + _src_ll + b'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2244 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
2245 raise Exception("DATA_TEST_FRAME failed")
2246
2247 # Not enough room for status code in RRB Response
2248 pkt = ehdr + b'\x01' + b'\x01' + b'\x0e\x00' + _src_ll + b'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2249 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
2250 raise Exception("DATA_TEST_FRAME failed")
2251
2252 # RRB discarded frame with unknown packet_type
2253 pkt = ehdr + b'\x01' + b'\x02' + b'\x0e\x00' + _src_ll + b'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2254 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
2255 raise Exception("DATA_TEST_FRAME failed")
2256
2257 # RRB Response with non-zero status code; no STA match
2258 pkt = ehdr + b'\x01' + b'\x01' + b'\x10\x00' + _src_ll + b'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + b'\xff\xff'
2259 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
2260 raise Exception("DATA_TEST_FRAME failed")
2261
2262 # RRB Response with zero status code and extra data; STA match
2263 pkt = ehdr + b'\x01' + b'\x01' + b'\x11\x00' + _src_ll + b'\x06\x01' + _src_ll + b'\x00\x00\x00\x00\x00\x00' + b'\x00\x00' + b'\x00'
2264 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
2265 raise Exception("DATA_TEST_FRAME failed")
2266
2267 # Too short PMK-R1 pull
2268 pkt = ehdr + b'\x01' + b'\xc8' + b'\x0e\x00' + _src_ll + b'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2269 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
2270 raise Exception("DATA_TEST_FRAME failed")
2271
2272 # Too short PMK-R1 resp
2273 pkt = ehdr + b'\x01' + b'\xc9' + b'\x0e\x00' + _src_ll + b'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2274 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
2275 raise Exception("DATA_TEST_FRAME failed")
2276
2277 # Too short PMK-R1 push
2278 pkt = ehdr + b'\x01' + b'\xca' + b'\x0e\x00' + _src_ll + b'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
2279 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
2280 raise Exception("DATA_TEST_FRAME failed")
2281
2282 # No matching R0KH address found for PMK-R0 pull response
2283 pkt = ehdr + b'\x01' + b'\xc9' + b'\x5a\x00' + _src_ll + b'\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + 76 * b'\00'
2284 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
2285 raise Exception("DATA_TEST_FRAME failed")
2286
2287 @remote_compatible
2288 def test_rsn_ie_proto_ft_psk_sta(dev, apdev):
2289 """RSN element protocol testing for FT-PSK + PMF cases on STA side"""
2290 bssid = apdev[0]['bssid']
2291 ssid = "test-ft"
2292 passphrase = "12345678"
2293
2294 params = ft_params1(ssid=ssid, passphrase=passphrase)
2295 params["ieee80211w"] = "1"
2296 # This is the RSN element used normally by hostapd
2297 params['own_ie_override'] = '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'
2298 hapd = hostapd.add_ap(apdev[0], params)
2299 id = dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2300 ieee80211w="1", scan_freq="2412",
2301 pairwise="CCMP", group="CCMP")
2302
2303 tests = [('PMKIDCount field included',
2304 '30160100000fac040100000fac040100000fac048c000000' + '3603a1b201'),
2305 ('Extra IE before RSNE',
2306 'dd0400000000' + '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'),
2307 ('PMKIDCount and Group Management Cipher suite fields included',
2308 '301a0100000fac040100000fac040100000fac048c000000000fac06' + '3603a1b201'),
2309 ('Extra octet after defined fields (future extensibility)',
2310 '301b0100000fac040100000fac040100000fac048c000000000fac0600' + '3603a1b201'),
2311 ('No RSN Capabilities field (PMF disabled in practice)',
2312 '30120100000fac040100000fac040100000fac04' + '3603a1b201')]
2313 for txt, ie in tests:
2314 dev[0].request("DISCONNECT")
2315 dev[0].wait_disconnected()
2316 logger.info(txt)
2317 hapd.disable()
2318 hapd.set('own_ie_override', ie)
2319 hapd.enable()
2320 dev[0].request("BSS_FLUSH 0")
2321 dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
2322 dev[0].select_network(id, freq=2412)
2323 dev[0].wait_connected()
2324
2325 dev[0].request("DISCONNECT")
2326 dev[0].wait_disconnected()
2327
2328 logger.info('Invalid RSNE causing internal hostapd error')
2329 hapd.disable()
2330 hapd.set('own_ie_override', '30130100000fac040100000fac040100000fac048c' + '3603a1b201')
2331 hapd.enable()
2332 dev[0].request("BSS_FLUSH 0")
2333 dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
2334 dev[0].select_network(id, freq=2412)
2335 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
2336 # complete.
2337 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
2338 if ev is not None:
2339 raise Exception("Unexpected connection")
2340 dev[0].request("DISCONNECT")
2341
2342 logger.info('Unexpected PMKID causing internal hostapd error')
2343 hapd.disable()
2344 hapd.set('own_ie_override', '30260100000fac040100000fac040100000fac048c000100ffffffffffffffffffffffffffffffff' + '3603a1b201')
2345 hapd.enable()
2346 dev[0].request("BSS_FLUSH 0")
2347 dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
2348 dev[0].select_network(id, freq=2412)
2349 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
2350 # complete.
2351 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
2352 if ev is not None:
2353 raise Exception("Unexpected connection")
2354 dev[0].request("DISCONNECT")
2355
2356 def start_ft(apdev, wpa_ptk_rekey=None):
2357 ssid = "test-ft"
2358 passphrase = "12345678"
2359
2360 params = ft_params1(ssid=ssid, passphrase=passphrase)
2361 if wpa_ptk_rekey:
2362 params['wpa_ptk_rekey'] = str(wpa_ptk_rekey)
2363 hapd0 = hostapd.add_ap(apdev[0], params)
2364 params = ft_params2(ssid=ssid, passphrase=passphrase)
2365 if wpa_ptk_rekey:
2366 params['wpa_ptk_rekey'] = str(wpa_ptk_rekey)
2367 hapd1 = hostapd.add_ap(apdev[1], params)
2368
2369 return hapd0, hapd1
2370
2371 def check_ptk_rekey(dev, hapd0=None, hapd1=None):
2372 ev = dev.wait_event(["CTRL-EVENT-DISCONNECTED",
2373 "WPA: Key negotiation completed"], timeout=5)
2374 if ev is None:
2375 raise Exception("No event received after roam")
2376 if "CTRL-EVENT-DISCONNECTED" in ev:
2377 raise Exception("Unexpected disconnection after roam")
2378
2379 if not hapd0 or not hapd1:
2380 return
2381 if dev.get_status_field('bssid') == hapd0.own_addr():
2382 hapd = hapd0
2383 else:
2384 hapd = hapd1
2385 time.sleep(0.1)
2386 hwsim_utils.test_connectivity(dev, hapd)
2387
2388 def test_ap_ft_ptk_rekey(dev, apdev):
2389 """WPA2-PSK-FT PTK rekeying triggered by station after roam"""
2390 hapd0, hapd1 = start_ft(apdev)
2391 run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", ptk_rekey="1")
2392 check_ptk_rekey(dev[0], hapd0, hapd1)
2393
2394 def test_ap_ft_ptk_rekey2(dev, apdev):
2395 """WPA2-PSK-FT PTK rekeying triggered by station after one roam"""
2396 hapd0, hapd1 = start_ft(apdev)
2397 run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678", ptk_rekey="1",
2398 only_one_way=True)
2399 check_ptk_rekey(dev[0], hapd0, hapd1)
2400
2401 def test_ap_ft_ptk_rekey_ap(dev, apdev):
2402 """WPA2-PSK-FT PTK rekeying triggered by AP after roam"""
2403 hapd0, hapd1 = start_ft(apdev, wpa_ptk_rekey=2)
2404 run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678")
2405 check_ptk_rekey(dev[0], hapd0, hapd1)
2406
2407 def test_ap_ft_ptk_rekey_ap2(dev, apdev):
2408 """WPA2-PSK-FT PTK rekeying triggered by AP after one roam"""
2409 hapd0, hapd1 = start_ft(apdev, wpa_ptk_rekey=2)
2410 run_roams(dev[0], apdev, hapd0, hapd1, "test-ft", "12345678",
2411 only_one_way=True)
2412 check_ptk_rekey(dev[0], hapd0, hapd1)
2413
2414 def test_ap_ft_eap_ptk_rekey_ap(dev, apdev):
2415 """WPA2-EAP-FT PTK rekeying triggered by AP"""
2416 generic_ap_ft_eap(dev, apdev, only_one_way=True, wpa_ptk_rekey=2)
2417 check_ptk_rekey(dev[0])
2418
2419 def test_ap_ft_internal_rrb_check(dev, apdev):
2420 """RRB internal delivery only to WPA enabled BSS"""
2421 ssid = "test-ft"
2422 passphrase = "12345678"
2423
2424 radius = hostapd.radius_params()
2425 params = ft_params1(ssid=ssid, passphrase=passphrase)
2426 params['wpa_key_mgmt'] = "FT-EAP"
2427 params["ieee8021x"] = "1"
2428 params = dict(list(radius.items()) + list(params.items()))
2429 hapd = hostapd.add_ap(apdev[0], params)
2430 key_mgmt = hapd.get_config()['key_mgmt']
2431 if key_mgmt.split(' ')[0] != "FT-EAP":
2432 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
2433
2434 hapd1 = hostapd.add_ap(apdev[1], {"ssid": ssid})
2435
2436 # Connect to WPA enabled AP
2437 dev[0].connect(ssid, key_mgmt="FT-EAP", proto="WPA2", ieee80211w="1",
2438 eap="GPSK", identity="gpsk user",
2439 password="abcdefghijklmnop0123456789abcdef",
2440 scan_freq="2412")
2441
2442 # Try over_ds roaming to non-WPA-enabled AP.
2443 # If hostapd does not check hapd->wpa_auth internally, it will crash now.
2444 dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True)
2445
2446 def test_ap_ft_extra_ie(dev, apdev):
2447 """WPA2-PSK-FT AP with WPA2-PSK enabled and unexpected MDE"""
2448 ssid = "test-ft"
2449 passphrase = "12345678"
2450
2451 params = ft_params1(ssid=ssid, passphrase=passphrase)
2452 params["wpa_key_mgmt"] = "WPA-PSK FT-PSK"
2453 hapd0 = hostapd.add_ap(apdev[0], params)
2454 dev[1].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2455 scan_freq="2412")
2456 dev[2].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK", proto="WPA2",
2457 scan_freq="2412")
2458 try:
2459 # Add Mobility Domain element to test AP validation code.
2460 dev[0].request("VENDOR_ELEM_ADD 13 3603a1b201")
2461 dev[0].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK", proto="WPA2",
2462 scan_freq="2412", wait_connect=False)
2463 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
2464 "CTRL-EVENT-ASSOC-REJECT"], timeout=10)
2465 if ev is None:
2466 raise Exception("No connection result")
2467 if "CTRL-EVENT-CONNECTED" in ev:
2468 raise Exception("Non-FT association accepted with MDE")
2469 if "status_code=43" not in ev:
2470 raise Exception("Unexpected status code: " + ev)
2471 dev[0].request("DISCONNECT")
2472 finally:
2473 dev[0].request("VENDOR_ELEM_REMOVE 13 *")
2474
2475 def test_ap_ft_ric(dev, apdev):
2476 """WPA2-PSK-FT AP and RIC"""
2477 ssid = "test-ft"
2478 passphrase = "12345678"
2479
2480 params = ft_params1(ssid=ssid, passphrase=passphrase)
2481 hapd0 = hostapd.add_ap(apdev[0], params)
2482 params = ft_params2(ssid=ssid, passphrase=passphrase)
2483 hapd1 = hostapd.add_ap(apdev[1], params)
2484
2485 dev[0].set("ric_ies", "")
2486 dev[0].set("ric_ies", '""')
2487 if "FAIL" not in dev[0].request("SET ric_ies q"):
2488 raise Exception("Invalid ric_ies value accepted")
2489
2490 tests = ["3900",
2491 "3900ff04eeeeeeee",
2492 "390400000000",
2493 "390400000000" + "390400000000",
2494 "390400000000" + "dd050050f20202",
2495 "390400000000" + "dd3d0050f2020201" + 55*"00",
2496 "390400000000" + "dd3d0050f2020201aa300010270000000000000000000000000000000000000000000000000000ffffff7f00000000000000000000000040420f00ffff0000",
2497 "390401010000" + "dd3d0050f2020201aa3000dc050000000000000000000000000000000000000000000000000000dc050000000000000000000000000000808d5b0028230000"]
2498 for t in tests:
2499 dev[0].set("ric_ies", t)
2500 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase,
2501 test_connectivity=False)
2502 dev[0].request("REMOVE_NETWORK all")
2503 dev[0].wait_disconnected()
2504 dev[0].dump_monitor()
2505
2506 def ie_hex(ies, id):
2507 return binascii.hexlify(struct.pack('BB', id, len(ies[id])) + ies[id]).decode()
2508
2509 def test_ap_ft_reassoc_proto(dev, apdev):
2510 """WPA2-PSK-FT AP Reassociation Request frame parsing"""
2511 ssid = "test-ft"
2512 passphrase = "12345678"
2513
2514 params = ft_params1(ssid=ssid, passphrase=passphrase)
2515 hapd0 = hostapd.add_ap(apdev[0], params)
2516 params = ft_params2(ssid=ssid, passphrase=passphrase)
2517 hapd1 = hostapd.add_ap(apdev[1], params)
2518
2519 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2520 ieee80211w="1", scan_freq="2412")
2521 if dev[0].get_status_field('bssid') == hapd0.own_addr():
2522 hapd1ap = hapd0
2523 hapd2ap = hapd1
2524 else:
2525 hapd1ap = hapd1
2526 hapd2ap = hapd0
2527
2528 dev[0].scan_for_bss(hapd2ap.own_addr(), freq="2412")
2529 hapd2ap.set("ext_mgmt_frame_handling", "1")
2530 dev[0].request("ROAM " + hapd2ap.own_addr())
2531
2532 while True:
2533 req = hapd2ap.mgmt_rx()
2534 hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())
2535 if req['subtype'] == 11:
2536 break
2537
2538 while True:
2539 req = hapd2ap.mgmt_rx()
2540 if req['subtype'] == 2:
2541 break
2542 hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())
2543
2544 # IEEE 802.11 header + fixed fields before IEs
2545 hdr = binascii.hexlify(req['frame'][0:34]).decode()
2546 ies = parse_ie(binascii.hexlify(req['frame'][34:]))
2547 # First elements: SSID, Supported Rates, Extended Supported Rates
2548 ies1 = ie_hex(ies, 0) + ie_hex(ies, 1) + ie_hex(ies, 50)
2549
2550 rsne = ie_hex(ies, 48)
2551 mde = ie_hex(ies, 54)
2552 fte = ie_hex(ies, 55)
2553 tests = []
2554 # RSN: Trying to use FT, but MDIE not included
2555 tests += [rsne]
2556 # RSN: Attempted to use unknown MDIE
2557 tests += [rsne + "3603000000"]
2558 # Invalid RSN pairwise cipher
2559 tests += ["30260100000fac040100000fac030100000fac040000010029208a42cd25c85aa571567dce10dae3"]
2560 # FT: No PMKID in RSNIE
2561 tests += ["30160100000fac040100000fac040100000fac0400000000" + ie_hex(ies, 54)]
2562 # FT: Invalid FTIE
2563 tests += [rsne + mde]
2564 # FT: RIC IE(s) in the frame, but not included in protected IE count
2565 # FT: Failed to parse FT IEs
2566 tests += [rsne + mde + fte + "3900"]
2567 # FT: SNonce mismatch in FTIE
2568 tests += [rsne + mde + "37520000" + 16*"00" + 32*"00" + 32*"00"]
2569 # FT: ANonce mismatch in FTIE
2570 tests += [rsne + mde + fte[0:40] + 32*"00" + fte[104:]]
2571 # FT: No R0KH-ID subelem in FTIE
2572 tests += [rsne + mde + "3752" + fte[4:168]]
2573 # FT: R0KH-ID in FTIE did not match with the current R0KH-ID
2574 tests += [rsne + mde + "3755" + fte[4:168] + "0301ff"]
2575 # FT: No R1KH-ID subelem in FTIE
2576 tests += [rsne + mde + "375e" + fte[4:168] + "030a" + binascii.hexlify(b"nas1.w1.fi").decode()]
2577 # FT: Unknown R1KH-ID used in ReassocReq
2578 tests += [rsne + mde + "3766" + fte[4:168] + "030a" + binascii.hexlify(b"nas1.w1.fi").decode() + "0106000000000000"]
2579 # FT: PMKID in Reassoc Req did not match with the PMKR1Name derived from auth request
2580 tests += [rsne[:-32] + 16*"00" + mde + fte]
2581 # Invalid MIC in FTIE
2582 tests += [rsne + mde + fte[0:8] + 16*"00" + fte[40:]]
2583 for t in tests:
2584 hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr + ies1 + t)
2585
2586 def test_ap_ft_reassoc_local_fail(dev, apdev):
2587 """WPA2-PSK-FT AP Reassociation Request frame and local failure"""
2588 ssid = "test-ft"
2589 passphrase = "12345678"
2590
2591 params = ft_params1(ssid=ssid, passphrase=passphrase)
2592 hapd0 = hostapd.add_ap(apdev[0], params)
2593 params = ft_params2(ssid=ssid, passphrase=passphrase)
2594 hapd1 = hostapd.add_ap(apdev[1], params)
2595
2596 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2597 ieee80211w="1", scan_freq="2412")
2598 if dev[0].get_status_field('bssid') == hapd0.own_addr():
2599 hapd1ap = hapd0
2600 hapd2ap = hapd1
2601 else:
2602 hapd1ap = hapd1
2603 hapd2ap = hapd0
2604
2605 dev[0].scan_for_bss(hapd2ap.own_addr(), freq="2412")
2606 # FT: Failed to calculate MIC
2607 with fail_test(hapd2ap, 1, "wpa_ft_validate_reassoc"):
2608 dev[0].request("ROAM " + hapd2ap.own_addr())
2609 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
2610 dev[0].request("DISCONNECT")
2611 if ev is None:
2612 raise Exception("Association reject not seen")
2613
2614 def test_ap_ft_reassoc_replay(dev, apdev, params):
2615 """WPA2-PSK-FT AP and replayed Reassociation Request frame"""
2616 capfile = os.path.join(params['logdir'], "hwsim0.pcapng")
2617 ssid = "test-ft"
2618 passphrase = "12345678"
2619
2620 params = ft_params1(ssid=ssid, passphrase=passphrase)
2621 hapd0 = hostapd.add_ap(apdev[0], params)
2622 params = ft_params2(ssid=ssid, passphrase=passphrase)
2623 hapd1 = hostapd.add_ap(apdev[1], params)
2624
2625 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2626 scan_freq="2412")
2627 if dev[0].get_status_field('bssid') == hapd0.own_addr():
2628 hapd1ap = hapd0
2629 hapd2ap = hapd1
2630 else:
2631 hapd1ap = hapd1
2632 hapd2ap = hapd0
2633
2634 dev[0].scan_for_bss(hapd2ap.own_addr(), freq="2412")
2635 hapd2ap.set("ext_mgmt_frame_handling", "1")
2636 dev[0].dump_monitor()
2637 if "OK" not in dev[0].request("ROAM " + hapd2ap.own_addr()):
2638 raise Exception("ROAM failed")
2639
2640 reassocreq = None
2641 count = 0
2642 while count < 100:
2643 req = hapd2ap.mgmt_rx()
2644 count += 1
2645 hapd2ap.dump_monitor()
2646 hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())
2647 if req['subtype'] == 2:
2648 reassocreq = req
2649 ev = hapd2ap.wait_event(["MGMT-TX-STATUS"], timeout=5)
2650 if ev is None:
2651 raise Exception("No TX status seen")
2652 cmd = "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev.split(' ')[1:4]))
2653 if "OK" not in hapd2ap.request(cmd):
2654 raise Exception("MGMT_TX_STATUS_PROCESS failed")
2655 break
2656 hapd2ap.set("ext_mgmt_frame_handling", "0")
2657 if reassocreq is None:
2658 raise Exception("No Reassociation Request frame seen")
2659 dev[0].wait_connected()
2660 dev[0].dump_monitor()
2661 hapd2ap.dump_monitor()
2662
2663 hwsim_utils.test_connectivity(dev[0], hapd2ap)
2664
2665 logger.info("Replay the last Reassociation Request frame")
2666 hapd2ap.dump_monitor()
2667 hapd2ap.set("ext_mgmt_frame_handling", "1")
2668 hapd2ap.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())
2669 ev = hapd2ap.wait_event(["MGMT-TX-STATUS"], timeout=5)
2670 if ev is None:
2671 raise Exception("No TX status seen")
2672 cmd = "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev.split(' ')[1:4]))
2673 if "OK" not in hapd2ap.request(cmd):
2674 raise Exception("MGMT_TX_STATUS_PROCESS failed")
2675 hapd2ap.set("ext_mgmt_frame_handling", "0")
2676
2677 try:
2678 hwsim_utils.test_connectivity(dev[0], hapd2ap)
2679 ok = True
2680 except:
2681 ok = False
2682
2683 ap = hapd2ap.own_addr()
2684 sta = dev[0].own_addr()
2685 filt = "wlan.fc.type == 2 && " + \
2686 "wlan.da == " + sta + " && " + \
2687 "wlan.sa == " + ap
2688 fields = ["wlan.ccmp.extiv"]
2689 res = run_tshark(capfile, filt, fields)
2690 vals = res.splitlines()
2691 logger.info("CCMP PN: " + str(vals))
2692 if len(vals) < 2:
2693 raise Exception("Could not find all CCMP protected frames from capture")
2694 if len(set(vals)) < len(vals):
2695 raise Exception("Duplicate CCMP PN used")
2696
2697 if not ok:
2698 raise Exception("The second hwsim connectivity test failed")
2699
2700 def test_ap_ft_psk_file(dev, apdev):
2701 """WPA2-PSK-FT AP with PSK from a file"""
2702 ssid = "test-ft"
2703 passphrase = "12345678"
2704
2705 params = ft_params1a(ssid=ssid, passphrase=passphrase)
2706 params['wpa_psk_file'] = 'hostapd.wpa_psk'
2707 hapd = hostapd.add_ap(apdev[0], params)
2708
2709 dev[1].connect(ssid, psk="very secret",
2710 key_mgmt="FT-PSK", proto="WPA2", ieee80211w="1",
2711 scan_freq="2412", wait_connect=False)
2712 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2713 ieee80211w="1", scan_freq="2412")
2714 dev[0].request("REMOVE_NETWORK all")
2715 dev[0].wait_disconnected()
2716 dev[0].connect(ssid, psk="very secret", key_mgmt="FT-PSK", proto="WPA2",
2717 ieee80211w="1", scan_freq="2412")
2718 dev[0].request("REMOVE_NETWORK all")
2719 dev[0].wait_disconnected()
2720 dev[0].connect(ssid, psk="secret passphrase",
2721 key_mgmt="FT-PSK", proto="WPA2", ieee80211w="1",
2722 scan_freq="2412")
2723 dev[2].connect(ssid, psk="another passphrase for all STAs",
2724 key_mgmt="FT-PSK", proto="WPA2", ieee80211w="1",
2725 scan_freq="2412")
2726 ev = dev[1].wait_event(["WPA: 4-Way Handshake failed"], timeout=10)
2727 if ev is None:
2728 raise Exception("Timed out while waiting for failure report")
2729 dev[1].request("REMOVE_NETWORK all")
2730
2731 def test_ap_ft_eap_ap_config_change(dev, apdev):
2732 """WPA2-EAP-FT AP changing from 802.1X-only to FT-only"""
2733 ssid = "test-ft"
2734 passphrase = "12345678"
2735 bssid = apdev[0]['bssid']
2736
2737 radius = hostapd.radius_params()
2738 params = ft_params1(ssid=ssid, passphrase=passphrase, discovery=True)
2739 params['wpa_key_mgmt'] = "WPA-EAP"
2740 params["ieee8021x"] = "1"
2741 params["pmk_r1_push"] = "0"
2742 params["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
2743 params["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
2744 params["eap_server"] = "0"
2745 params = dict(list(radius.items()) + list(params.items()))
2746 hapd = hostapd.add_ap(apdev[0], params)
2747
2748 dev[0].connect(ssid, key_mgmt="FT-EAP WPA-EAP", proto="WPA2",
2749 eap="GPSK", identity="gpsk user",
2750 password="abcdefghijklmnop0123456789abcdef",
2751 scan_freq="2412")
2752 dev[0].request("DISCONNECT")
2753 dev[0].wait_disconnected()
2754 dev[0].dump_monitor()
2755
2756 hapd.disable()
2757 hapd.set('wpa_key_mgmt', "FT-EAP")
2758 hapd.enable()
2759
2760 dev[0].request("BSS_FLUSH 0")
2761 dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
2762
2763 dev[0].request("RECONNECT")
2764 dev[0].wait_connected()
2765
2766 def test_ap_ft_eap_sha384(dev, apdev):
2767 """WPA2-EAP-FT with SHA384"""
2768 ssid = "test-ft"
2769 passphrase = "12345678"
2770
2771 radius = hostapd.radius_params()
2772 params = ft_params1(ssid=ssid, passphrase=passphrase)
2773 params["ieee80211w"] = "2"
2774 params['wpa_key_mgmt'] = "FT-EAP-SHA384"
2775 params["ieee8021x"] = "1"
2776 params = dict(list(radius.items()) + list(params.items()))
2777 hapd0 = hostapd.add_ap(apdev[0], params)
2778 params = ft_params2(ssid=ssid, passphrase=passphrase)
2779 params["ieee80211w"] = "2"
2780 params['wpa_key_mgmt'] = "FT-EAP-SHA384"
2781 params["ieee8021x"] = "1"
2782 params = dict(list(radius.items()) + list(params.items()))
2783 hapd1 = hostapd.add_ap(apdev[1], params)
2784
2785 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, eap=True,
2786 sha384=True)
2787
2788 def test_ap_ft_eap_sha384_reassoc(dev, apdev):
2789 """WPA2-EAP-FT with SHA384 using REASSOCIATE"""
2790 check_suite_b_192_capa(dev)
2791 ssid = "test-ft"
2792 passphrase = "12345678"
2793
2794 radius = hostapd.radius_params()
2795 params = ft_params1(ssid=ssid, passphrase=passphrase)
2796 params["ieee80211w"] = "2"
2797 params['wpa_key_mgmt'] = "WPA-EAP-SUITE-B-192 FT-EAP-SHA384"
2798 params["ieee8021x"] = "1"
2799 params = dict(list(radius.items()) + list(params.items()))
2800 hapd0 = hostapd.add_ap(apdev[0], params)
2801 params = ft_params2(ssid=ssid, passphrase=passphrase)
2802 params["ieee80211w"] = "2"
2803 params['wpa_key_mgmt'] = "WPA-EAP-SUITE-B-192 FT-EAP-SHA384"
2804 params["ieee8021x"] = "1"
2805 params = dict(list(radius.items()) + list(params.items()))
2806 hapd1 = hostapd.add_ap(apdev[1], params)
2807
2808 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, eap=True,
2809 sha384=True, also_non_ft=True, roam_with_reassoc=True)
2810
2811 def test_ap_ft_eap_sha384_over_ds(dev, apdev):
2812 """WPA2-EAP-FT with SHA384 over DS"""
2813 ssid = "test-ft"
2814 passphrase = "12345678"
2815
2816 radius = hostapd.radius_params()
2817 params = ft_params1(ssid=ssid, passphrase=passphrase)
2818 params["ieee80211w"] = "2"
2819 params['wpa_key_mgmt'] = "FT-EAP-SHA384"
2820 params["ieee8021x"] = "1"
2821 params = dict(list(radius.items()) + list(params.items()))
2822 hapd0 = hostapd.add_ap(apdev[0], params)
2823 params = ft_params2(ssid=ssid, passphrase=passphrase)
2824 params["ieee80211w"] = "2"
2825 params['wpa_key_mgmt'] = "FT-EAP-SHA384"
2826 params["ieee8021x"] = "1"
2827 params = dict(list(radius.items()) + list(params.items()))
2828 hapd1 = hostapd.add_ap(apdev[1], params)
2829
2830 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
2831 eap=True, sha384=True)
2832
2833 def test_ap_ft_roam_rrm(dev, apdev):
2834 """WPA2-PSK-FT AP and radio measurement request"""
2835 ssid = "test-ft"
2836 passphrase = "12345678"
2837
2838 params = ft_params1(ssid=ssid, passphrase=passphrase)
2839 params["rrm_beacon_report"] = "1"
2840 hapd0 = hostapd.add_ap(apdev[0], params)
2841 bssid0 = hapd0.own_addr()
2842
2843 addr = dev[0].own_addr()
2844 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
2845 scan_freq="2412")
2846 check_beacon_req(hapd0, addr, 1)
2847
2848 params = ft_params2(ssid=ssid, passphrase=passphrase)
2849 params["rrm_beacon_report"] = "1"
2850 hapd1 = hostapd.add_ap(apdev[1], params)
2851 bssid1 = hapd1.own_addr()
2852
2853 dev[0].scan_for_bss(bssid1, freq=2412)
2854 dev[0].roam(bssid1)
2855 check_beacon_req(hapd1, addr, 2)
2856
2857 dev[0].scan_for_bss(bssid0, freq=2412)
2858 dev[0].roam(bssid0)
2859 check_beacon_req(hapd0, addr, 3)
2860
2861 def test_ap_ft_pmksa_caching(dev, apdev):
2862 """FT-EAP and PMKSA caching for initial mobility domain association"""
2863 ssid = "test-ft"
2864 identity = "gpsk user"
2865
2866 radius = hostapd.radius_params()
2867 params = ft_params1(ssid=ssid)
2868 params['wpa_key_mgmt'] = "FT-EAP"
2869 params["ieee8021x"] = "1"
2870 params["mobility_domain"] = "c3d4"
2871 params = dict(list(radius.items()) + list(params.items()))
2872 hapd = hostapd.add_ap(apdev[0], params)
2873
2874 params = ft_params2(ssid=ssid)
2875 params['wpa_key_mgmt'] = "FT-EAP"
2876 params["ieee8021x"] = "1"
2877 params["mobility_domain"] = "c3d4"
2878 params = dict(list(radius.items()) + list(params.items()))
2879 hapd1 = hostapd.add_ap(apdev[1], params)
2880
2881 run_roams(dev[0], apdev, hapd, hapd1, ssid, None, eap=True,
2882 eap_identity=identity, pmksa_caching=True)
2883
2884 def test_ap_ft_pmksa_caching_sha384(dev, apdev):
2885 """FT-EAP-SHA384 and PMKSA caching for initial mobility domain association"""
2886 ssid = "test-ft"
2887 identity = "gpsk user"
2888
2889 radius = hostapd.radius_params()
2890 params = ft_params1(ssid=ssid)
2891 params['wpa_key_mgmt'] = "FT-EAP-SHA384"
2892 params["ieee8021x"] = "1"
2893 params["mobility_domain"] = "c3d4"
2894 params = dict(list(radius.items()) + list(params.items()))
2895 hapd = hostapd.add_ap(apdev[0], params)
2896
2897 params = ft_params2(ssid=ssid)
2898 params['wpa_key_mgmt'] = "FT-EAP-SHA384"
2899 params["ieee8021x"] = "1"
2900 params["mobility_domain"] = "c3d4"
2901 params = dict(list(radius.items()) + list(params.items()))
2902 hapd1 = hostapd.add_ap(apdev[1], params)
2903
2904 run_roams(dev[0], apdev, hapd, hapd1, ssid, None, eap=True,
2905 eap_identity=identity, pmksa_caching=True, sha384=True)
Unnamed repository; edit this file 'description' to name the repository.