]>
git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_ap_ft.py
1 # Fast BSS Transition tests
2 # Copyright (c) 2013-2017, Jouni Malinen <j@w1.fi>
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
7 from remotehost
import remote_compatible
12 logger
= logging
.getLogger()
17 from tshark
import run_tshark
18 from utils
import HwsimSkip
, alloc_fail
, fail_test
, wait_fail_trigger
, skip_with_fips
, parse_ie
19 from wlantest
import Wlantest
20 from test_ap_psk
import check_mib
, find_wpas_process
, read_process_memory
, verify_not_present
, get_key_locations
23 params
= { "wpa": "2",
24 "wpa_key_mgmt": "FT-PSK",
25 "rsn_pairwise": "CCMP" }
29 params
= { "wpa": "3",
30 "wpa_key_mgmt": "WPA-PSK FT-PSK",
31 "wpa_pairwise": "TKIP",
32 "rsn_pairwise": "CCMP" }
35 def ft_params(rsn
=True, ssid
=None, passphrase
=None):
37 params
= ft_base_rsn()
39 params
= ft_base_mixed()
43 params
["wpa_passphrase"] = passphrase
45 params
["mobility_domain"] = "a1b2"
46 params
["r0_key_lifetime"] = "10000"
47 params
["pmk_r1_push"] = "1"
48 params
["reassociation_deadline"] = "1000"
51 def ft_params1a(rsn
=True, ssid
=None, passphrase
=None):
52 params
= ft_params(rsn
, ssid
, passphrase
)
53 params
['nas_identifier'] = "nas1.w1.fi"
54 params
['r1_key_holder'] = "000102030405"
57 def ft_params1(rsn
=True, ssid
=None, passphrase
=None, discovery
=False):
58 params
= ft_params1a(rsn
, ssid
, passphrase
)
60 params
['r0kh'] = "ff:ff:ff:ff:ff:ff * 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
61 params
['r1kh'] = "00:00:00:00:00:00 00:00:00:00:00:00 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
63 params
['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f",
64 "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f" ]
65 params
['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f"
68 def ft_params1_old_key(rsn
=True, ssid
=None, passphrase
=None):
69 params
= ft_params1a(rsn
, ssid
, passphrase
)
70 params
['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f",
71 "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f" ]
72 params
['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f"
75 def ft_params2a(rsn
=True, ssid
=None, passphrase
=None):
76 params
= ft_params(rsn
, ssid
, passphrase
)
77 params
['nas_identifier'] = "nas2.w1.fi"
78 params
['r1_key_holder'] = "000102030406"
81 def ft_params2(rsn
=True, ssid
=None, passphrase
=None, discovery
=False):
82 params
= ft_params2a(rsn
, ssid
, passphrase
)
84 params
['r0kh'] = "ff:ff:ff:ff:ff:ff * 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
85 params
['r1kh'] = "00:00:00:00:00:00 00:00:00:00:00:00 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
87 params
['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f",
88 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f" ]
89 params
['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"
92 def ft_params2_old_key(rsn
=True, ssid
=None, passphrase
=None):
93 params
= ft_params2a(rsn
, ssid
, passphrase
)
94 params
['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f",
95 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f" ]
96 params
['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f"
99 def ft_params1_r0kh_mismatch(rsn
=True, ssid
=None, passphrase
=None):
100 params
= ft_params(rsn
, ssid
, passphrase
)
101 params
['nas_identifier'] = "nas1.w1.fi"
102 params
['r1_key_holder'] = "000102030405"
103 params
['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f",
104 "12:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f" ]
105 params
['r1kh'] = "12:00:00:00:04:00 10:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f"
108 def ft_params2_incorrect_rrb_key(rsn
=True, ssid
=None, passphrase
=None):
109 params
= ft_params(rsn
, ssid
, passphrase
)
110 params
['nas_identifier'] = "nas2.w1.fi"
111 params
['r1_key_holder'] = "000102030406"
112 params
['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0ef1200102030405060708090a0b0c0d0ef1",
113 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0ef2000102030405060708090a0b0c0d0ef2" ]
114 params
['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0ef3300102030405060708090a0b0c0d0ef3"
117 def ft_params2_r0kh_mismatch(rsn
=True, ssid
=None, passphrase
=None):
118 params
= ft_params(rsn
, ssid
, passphrase
)
119 params
['nas_identifier'] = "nas2.w1.fi"
120 params
['r1_key_holder'] = "000102030406"
121 params
['r0kh'] = [ "12:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f",
122 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f" ]
123 params
['r1kh'] = "12:00:00:00:03:00 10:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"
126 def run_roams(dev
, apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=False,
127 sae
=False, eap
=False, fail_test
=False, roams
=1,
128 pairwise_cipher
="CCMP", group_cipher
="TKIP CCMP", ptk_rekey
="0",
129 test_connectivity
=True):
130 logger
.info("Connect to first AP")
132 dev
.connect(ssid
, key_mgmt
="FT-EAP", proto
="WPA2", ieee80211w
="1",
133 eap
="GPSK", identity
="gpsk user",
134 password
="abcdefghijklmnop0123456789abcdef",
136 pairwise
=pairwise_cipher
, group
=group_cipher
,
137 wpa_ptk_rekey
=ptk_rekey
)
143 dev
.connect(ssid
, psk
=passphrase
, key_mgmt
=key_mgmt
, proto
="WPA2",
144 ieee80211w
="1", scan_freq
="2412",
145 pairwise
=pairwise_cipher
, group
=group_cipher
,
146 wpa_ptk_rekey
=ptk_rekey
)
147 if dev
.get_status_field('bssid') == apdev
[0]['bssid']:
157 if test_connectivity
:
158 hwsim_utils
.test_connectivity(dev
, hapd1ap
)
160 dev
.scan_for_bss(ap2
['bssid'], freq
="2412")
162 for i
in range(0, roams
):
163 logger
.info("Roam to the second AP")
165 dev
.roam_over_ds(ap2
['bssid'], fail_test
=fail_test
)
167 dev
.roam(ap2
['bssid'], fail_test
=fail_test
)
170 if dev
.get_status_field('bssid') != ap2
['bssid']:
171 raise Exception("Did not connect to correct AP")
172 if (i
== 0 or i
== roams
- 1) and test_connectivity
:
173 hwsim_utils
.test_connectivity(dev
, hapd2ap
)
175 logger
.info("Roam back to the first AP")
177 dev
.roam_over_ds(ap1
['bssid'])
179 dev
.roam(ap1
['bssid'])
180 if dev
.get_status_field('bssid') != ap1
['bssid']:
181 raise Exception("Did not connect to correct AP")
182 if (i
== 0 or i
== roams
- 1) and test_connectivity
:
183 hwsim_utils
.test_connectivity(dev
, hapd1ap
)
185 def test_ap_ft(dev
, apdev
):
188 passphrase
="12345678"
190 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
191 hapd0
= hostapd
.add_ap(apdev
[0], params
)
192 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
193 hapd1
= hostapd
.add_ap(apdev
[1], params
)
195 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
196 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
197 raise Exception("Scan results missing RSN element info")
199 def test_ap_ft_old_key(dev
, apdev
):
200 """WPA2-PSK-FT AP (old key)"""
202 passphrase
="12345678"
204 params
= ft_params1_old_key(ssid
=ssid
, passphrase
=passphrase
)
205 hapd0
= hostapd
.add_ap(apdev
[0], params
)
206 params
= ft_params2_old_key(ssid
=ssid
, passphrase
=passphrase
)
207 hapd1
= hostapd
.add_ap(apdev
[1], params
)
209 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
211 def test_ap_ft_multi_akm(dev
, apdev
):
212 """WPA2-PSK-FT AP with non-FT AKMs enabled"""
214 passphrase
="12345678"
216 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
217 params
["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256"
218 hapd0
= hostapd
.add_ap(apdev
[0], params
)
219 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
220 params
["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256"
221 hapd1
= hostapd
.add_ap(apdev
[1], params
)
223 Wlantest
.setup(hapd0
)
226 wt
.add_passphrase(passphrase
)
228 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
229 if "[WPA2-PSK+FT/PSK+PSK-SHA256-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
230 raise Exception("Scan results missing RSN element info")
231 dev
[1].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
232 dev
[2].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK-SHA256",
235 def test_ap_ft_local_key_gen(dev
, apdev
):
236 """WPA2-PSK-FT AP with local key generation (without pull/push)"""
238 passphrase
="12345678"
240 params
= ft_params1a(ssid
=ssid
, passphrase
=passphrase
)
241 params
['ft_psk_generate_local'] = "1";
242 del params
['pmk_r1_push']
243 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
244 params
= ft_params2a(ssid
=ssid
, passphrase
=passphrase
)
245 params
['ft_psk_generate_local'] = "1";
246 del params
['pmk_r1_push']
247 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
249 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
250 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
251 raise Exception("Scan results missing RSN element info")
253 def test_ap_ft_many(dev
, apdev
):
254 """WPA2-PSK-FT AP multiple times"""
256 passphrase
="12345678"
258 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
259 hapd0
= hostapd
.add_ap(apdev
[0], params
)
260 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
261 hapd1
= hostapd
.add_ap(apdev
[1], params
)
263 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, roams
=50)
265 def test_ap_ft_mixed(dev
, apdev
):
266 """WPA2-PSK-FT mixed-mode AP"""
267 ssid
= "test-ft-mixed"
268 passphrase
="12345678"
270 params
= ft_params1(rsn
=False, ssid
=ssid
, passphrase
=passphrase
)
271 hapd
= hostapd
.add_ap(apdev
[0], params
)
272 key_mgmt
= hapd
.get_config()['key_mgmt']
273 vals
= key_mgmt
.split(' ')
274 if vals
[0] != "WPA-PSK" or vals
[1] != "FT-PSK":
275 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
276 params
= ft_params2(rsn
=False, ssid
=ssid
, passphrase
=passphrase
)
277 hapd1
= hostapd
.add_ap(apdev
[1], params
)
279 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
)
281 def test_ap_ft_pmf(dev
, apdev
):
282 """WPA2-PSK-FT AP with PMF"""
284 passphrase
="12345678"
286 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
287 params
["ieee80211w"] = "2"
288 hapd0
= hostapd
.add_ap(apdev
[0], params
)
289 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
290 params
["ieee80211w"] = "2"
291 hapd1
= hostapd
.add_ap(apdev
[1], params
)
293 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
295 def test_ap_ft_over_ds(dev
, apdev
):
296 """WPA2-PSK-FT AP over DS"""
298 passphrase
="12345678"
300 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
301 hapd0
= hostapd
.add_ap(apdev
[0], params
)
302 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
303 hapd1
= hostapd
.add_ap(apdev
[1], params
)
305 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
306 check_mib(dev
[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"),
307 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4") ])
309 def test_ap_ft_over_ds_disabled(dev
, apdev
):
310 """WPA2-PSK-FT AP over DS disabled"""
312 passphrase
="12345678"
314 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
315 params
['ft_over_ds'] = '0'
316 hapd0
= hostapd
.add_ap(apdev
[0], params
)
317 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
318 params
['ft_over_ds'] = '0'
319 hapd1
= hostapd
.add_ap(apdev
[1], params
)
321 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
324 def test_ap_ft_over_ds_many(dev
, apdev
):
325 """WPA2-PSK-FT AP over DS multiple times"""
327 passphrase
="12345678"
329 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
330 hapd0
= hostapd
.add_ap(apdev
[0], params
)
331 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
332 hapd1
= hostapd
.add_ap(apdev
[1], params
)
334 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
338 def test_ap_ft_over_ds_unknown_target(dev
, apdev
):
341 passphrase
="12345678"
343 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
344 hapd0
= hostapd
.add_ap(apdev
[0], params
)
346 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
348 dev
[0].roam_over_ds("02:11:22:33:44:55", fail_test
=True)
351 def test_ap_ft_over_ds_unexpected(dev
, apdev
):
352 """WPA2-PSK-FT AP over DS and unexpected response"""
354 passphrase
="12345678"
356 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
357 hapd0
= hostapd
.add_ap(apdev
[0], params
)
358 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
359 hapd1
= hostapd
.add_ap(apdev
[1], params
)
361 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
363 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
374 addr
= dev
[0].own_addr()
375 hapd1ap
.set("ext_mgmt_frame_handling", "1")
376 logger
.info("Foreign STA address")
380 msg
['sa'] = ap1
['bssid']
381 msg
['bssid'] = ap1
['bssid']
382 msg
['payload'] = binascii
.unhexlify("06021122334455660102030405060000")
385 logger
.info("No over-the-DS in progress")
386 msg
['payload'] = binascii
.unhexlify("0602" + addr
.replace(':', '') + "0102030405060000")
389 logger
.info("Non-zero status code")
390 msg
['payload'] = binascii
.unhexlify("0602" + addr
.replace(':', '') + "0102030405060100")
393 hapd1ap
.dump_monitor()
395 dev
[0].scan_for_bss(ap2
['bssid'], freq
="2412")
396 if "OK" not in dev
[0].request("FT_DS " + ap2
['bssid']):
397 raise Exception("FT_DS failed")
399 req
= hapd1ap
.mgmt_rx()
401 logger
.info("Foreign Target AP")
402 msg
['payload'] = binascii
.unhexlify("0602" + addr
.replace(':', '') + "0102030405060000")
405 addrs
= addr
.replace(':', '') + ap2
['bssid'].replace(':', '')
407 logger
.info("No IEs")
408 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "0000")
411 logger
.info("Invalid IEs (trigger parsing failure)")
412 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003700")
415 logger
.info("Too short MDIE")
416 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "000036021122")
419 logger
.info("Mobility domain mismatch")
420 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603112201")
423 logger
.info("No FTIE")
424 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201")
427 logger
.info("FTIE SNonce mismatch")
428 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "1000000000000000000000000000000000000000000000000000000000000001" + "030a6e6173322e77312e6669")
431 logger
.info("No R0KH-ID subelem in FTIE")
432 snonce
= binascii
.hexlify(req
['payload'][111:111+32])
433 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b20137520000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
)
436 logger
.info("No R0KH-ID subelem mismatch in FTIE")
437 snonce
= binascii
.hexlify(req
['payload'][111:111+32])
438 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
+ "030a11223344556677889900")
441 logger
.info("No R1KH-ID subelem in FTIE")
442 r0khid
= binascii
.hexlify(req
['payload'][145:145+10])
443 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
+ "030a" + r0khid
)
446 logger
.info("No RSNE")
447 r0khid
= binascii
.hexlify(req
['payload'][145:145+10])
448 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b20137660000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
+ "030a" + r0khid
+ "0106000102030405")
451 def test_ap_ft_pmf_over_ds(dev
, apdev
):
452 """WPA2-PSK-FT AP over DS with PMF"""
454 passphrase
="12345678"
456 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
457 params
["ieee80211w"] = "2"
458 hapd0
= hostapd
.add_ap(apdev
[0], params
)
459 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
460 params
["ieee80211w"] = "2"
461 hapd1
= hostapd
.add_ap(apdev
[1], params
)
463 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
465 def test_ap_ft_over_ds_pull(dev
, apdev
):
466 """WPA2-PSK-FT AP over DS (pull PMK)"""
468 passphrase
="12345678"
470 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
471 params
["pmk_r1_push"] = "0"
472 hapd0
= hostapd
.add_ap(apdev
[0], params
)
473 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
474 params
["pmk_r1_push"] = "0"
475 hapd1
= hostapd
.add_ap(apdev
[1], params
)
477 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
479 def test_ap_ft_over_ds_pull_old_key(dev
, apdev
):
480 """WPA2-PSK-FT AP over DS (pull PMK; old key)"""
482 passphrase
="12345678"
484 params
= ft_params1_old_key(ssid
=ssid
, passphrase
=passphrase
)
485 params
["pmk_r1_push"] = "0"
486 hapd0
= hostapd
.add_ap(apdev
[0], params
)
487 params
= ft_params2_old_key(ssid
=ssid
, passphrase
=passphrase
)
488 params
["pmk_r1_push"] = "0"
489 hapd1
= hostapd
.add_ap(apdev
[1], params
)
491 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
493 def test_ap_ft_sae(dev
, apdev
):
494 """WPA2-PSK-FT-SAE AP"""
495 if "SAE" not in dev
[0].get_capability("auth_alg"):
496 raise HwsimSkip("SAE not supported")
498 passphrase
="12345678"
500 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
501 params
['wpa_key_mgmt'] = "FT-SAE"
502 hapd0
= hostapd
.add_ap(apdev
[0], params
)
503 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
504 params
['wpa_key_mgmt'] = "FT-SAE"
505 hapd
= hostapd
.add_ap(apdev
[1], params
)
506 key_mgmt
= hapd
.get_config()['key_mgmt']
507 if key_mgmt
.split(' ')[0] != "FT-SAE":
508 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
510 dev
[0].request("SET sae_groups ")
511 run_roams(dev
[0], apdev
, hapd0
, hapd
, ssid
, passphrase
, sae
=True)
513 def test_ap_ft_sae_over_ds(dev
, apdev
):
514 """WPA2-PSK-FT-SAE AP over DS"""
515 if "SAE" not in dev
[0].get_capability("auth_alg"):
516 raise HwsimSkip("SAE not supported")
518 passphrase
="12345678"
520 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
521 params
['wpa_key_mgmt'] = "FT-SAE"
522 hapd0
= hostapd
.add_ap(apdev
[0], params
)
523 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
524 params
['wpa_key_mgmt'] = "FT-SAE"
525 hapd1
= hostapd
.add_ap(apdev
[1], params
)
527 dev
[0].request("SET sae_groups ")
528 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, sae
=True,
531 def generic_ap_ft_eap(dev
, apdev
, over_ds
=False, discovery
=False, roams
=1):
533 passphrase
="12345678"
535 radius
= hostapd
.radius_params()
536 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
, discovery
=discovery
)
537 params
['wpa_key_mgmt'] = "FT-EAP"
538 params
["ieee8021x"] = "1"
539 params
= dict(radius
.items() + params
.items())
540 hapd
= hostapd
.add_ap(apdev
[0], params
)
541 key_mgmt
= hapd
.get_config()['key_mgmt']
542 if key_mgmt
.split(' ')[0] != "FT-EAP":
543 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
544 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
, discovery
=discovery
)
545 params
['wpa_key_mgmt'] = "FT-EAP"
546 params
["ieee8021x"] = "1"
547 params
= dict(radius
.items() + params
.items())
548 hapd1
= hostapd
.add_ap(apdev
[1], params
)
550 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
, eap
=True,
551 over_ds
=over_ds
, roams
=roams
)
552 if "[WPA2-FT/EAP-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
553 raise Exception("Scan results missing RSN element info")
554 check_mib(dev
[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-3"),
555 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-3") ])
557 # Verify EAPOL reauthentication after FT protocol
558 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
562 ap
.request("EAPOL_REAUTH " + dev
[0].own_addr())
563 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout
=5)
565 raise Exception("EAP authentication did not start")
566 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout
=5)
568 raise Exception("EAP authentication did not succeed")
570 hwsim_utils
.test_connectivity(dev
[0], ap
)
572 def test_ap_ft_eap(dev
, apdev
):
574 generic_ap_ft_eap(dev
, apdev
)
576 def test_ap_ft_eap_over_ds(dev
, apdev
):
577 """WPA2-EAP-FT AP using over-the-DS"""
578 generic_ap_ft_eap(dev
, apdev
, over_ds
=True)
580 def test_ap_ft_eap_dis(dev
, apdev
):
581 """WPA2-EAP-FT AP with AP discovery"""
582 generic_ap_ft_eap(dev
, apdev
, discovery
=True)
584 def test_ap_ft_eap_dis_over_ds(dev
, apdev
):
585 """WPA2-EAP-FT AP with AP discovery and over-the-DS"""
586 generic_ap_ft_eap(dev
, apdev
, over_ds
=True, discovery
=True)
588 def test_ap_ft_eap_pull(dev
, apdev
):
589 """WPA2-EAP-FT AP (pull PMK)"""
591 passphrase
="12345678"
593 radius
= hostapd
.radius_params()
594 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
595 params
['wpa_key_mgmt'] = "FT-EAP"
596 params
["ieee8021x"] = "1"
597 params
["pmk_r1_push"] = "0"
598 params
= dict(radius
.items() + params
.items())
599 hapd
= hostapd
.add_ap(apdev
[0], params
)
600 key_mgmt
= hapd
.get_config()['key_mgmt']
601 if key_mgmt
.split(' ')[0] != "FT-EAP":
602 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
603 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
604 params
['wpa_key_mgmt'] = "FT-EAP"
605 params
["ieee8021x"] = "1"
606 params
["pmk_r1_push"] = "0"
607 params
= dict(radius
.items() + params
.items())
608 hapd1
= hostapd
.add_ap(apdev
[1], params
)
610 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
, eap
=True)
613 def test_ap_ft_mismatching_rrb_key_push(dev
, apdev
):
614 """WPA2-PSK-FT AP over DS with mismatching RRB key (push)"""
616 passphrase
="12345678"
618 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
619 params
["ieee80211w"] = "2"
620 hapd0
= hostapd
.add_ap(apdev
[0], params
)
621 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
622 params
["ieee80211w"] = "2"
623 hapd1
= hostapd
.add_ap(apdev
[1], params
)
625 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
629 def test_ap_ft_mismatching_rrb_key_pull(dev
, apdev
):
630 """WPA2-PSK-FT AP over DS with mismatching RRB key (pull)"""
632 passphrase
="12345678"
634 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
635 params
["pmk_r1_push"] = "0"
636 hapd0
= hostapd
.add_ap(apdev
[0], params
)
637 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
638 params
["pmk_r1_push"] = "0"
639 hapd1
= hostapd
.add_ap(apdev
[1], params
)
641 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
645 def test_ap_ft_mismatching_r0kh_id_pull(dev
, apdev
):
646 """WPA2-PSK-FT AP over DS with mismatching R0KH-ID (pull)"""
648 passphrase
="12345678"
650 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
651 params
["pmk_r1_push"] = "0"
652 params
["nas_identifier"] = "nas0.w1.fi"
653 hostapd
.add_ap(apdev
[0], params
)
654 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
657 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
658 params
["pmk_r1_push"] = "0"
659 hostapd
.add_ap(apdev
[1], params
)
661 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
662 dev
[0].roam_over_ds(apdev
[1]['bssid'], fail_test
=True)
665 def test_ap_ft_mismatching_rrb_r0kh_push(dev
, apdev
):
666 """WPA2-PSK-FT AP over DS with mismatching R0KH key (push)"""
668 passphrase
="12345678"
670 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
671 params
["ieee80211w"] = "2"
672 hapd0
= hostapd
.add_ap(apdev
[0], params
)
673 params
= ft_params2_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
674 params
["ieee80211w"] = "2"
675 hapd1
= hostapd
.add_ap(apdev
[1], params
)
677 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
681 def test_ap_ft_mismatching_rrb_r0kh_pull(dev
, apdev
):
682 """WPA2-PSK-FT AP over DS with mismatching R0KH key (pull)"""
684 passphrase
="12345678"
686 params
= ft_params1_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
687 params
["pmk_r1_push"] = "0"
688 hapd0
= hostapd
.add_ap(apdev
[0], params
)
689 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
690 params
["pmk_r1_push"] = "0"
691 hapd1
= hostapd
.add_ap(apdev
[1], params
)
693 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
696 def test_ap_ft_mismatching_rrb_key_push_eap(dev
, apdev
):
697 """WPA2-EAP-FT AP over DS with mismatching RRB key (push)"""
699 passphrase
="12345678"
701 radius
= hostapd
.radius_params()
702 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
703 params
["ieee80211w"] = "2";
704 params
['wpa_key_mgmt'] = "FT-EAP"
705 params
["ieee8021x"] = "1"
706 params
= dict(radius
.items() + params
.items())
707 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
708 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
709 params
["ieee80211w"] = "2";
710 params
['wpa_key_mgmt'] = "FT-EAP"
711 params
["ieee8021x"] = "1"
712 params
= dict(radius
.items() + params
.items())
713 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
715 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
716 fail_test
=True, eap
=True)
718 def test_ap_ft_mismatching_rrb_key_pull_eap(dev
, apdev
):
719 """WPA2-EAP-FT AP over DS with mismatching RRB key (pull)"""
721 passphrase
="12345678"
723 radius
= hostapd
.radius_params()
724 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
725 params
["pmk_r1_push"] = "0"
726 params
['wpa_key_mgmt'] = "FT-EAP"
727 params
["ieee8021x"] = "1"
728 params
= dict(radius
.items() + params
.items())
729 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
730 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
731 params
["pmk_r1_push"] = "0"
732 params
['wpa_key_mgmt'] = "FT-EAP"
733 params
["ieee8021x"] = "1"
734 params
= dict(radius
.items() + params
.items())
735 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
737 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
738 fail_test
=True, eap
=True)
740 def test_ap_ft_mismatching_r0kh_id_pull_eap(dev
, apdev
):
741 """WPA2-EAP-FT AP over DS with mismatching R0KH-ID (pull)"""
743 passphrase
="12345678"
745 radius
= hostapd
.radius_params()
746 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
747 params
["pmk_r1_push"] = "0"
748 params
["nas_identifier"] = "nas0.w1.fi"
749 params
['wpa_key_mgmt'] = "FT-EAP"
750 params
["ieee8021x"] = "1"
751 params
= dict(radius
.items() + params
.items())
752 hostapd
.add_ap(apdev
[0]['ifname'], params
)
753 dev
[0].connect(ssid
, key_mgmt
="FT-EAP", proto
="WPA2", ieee80211w
="1",
754 eap
="GPSK", identity
="gpsk user",
755 password
="abcdefghijklmnop0123456789abcdef",
758 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
759 params
["pmk_r1_push"] = "0"
760 params
['wpa_key_mgmt'] = "FT-EAP"
761 params
["ieee8021x"] = "1"
762 params
= dict(radius
.items() + params
.items())
763 hostapd
.add_ap(apdev
[1]['ifname'], params
)
765 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
766 dev
[0].roam_over_ds(apdev
[1]['bssid'], fail_test
=True)
768 def test_ap_ft_mismatching_rrb_r0kh_push_eap(dev
, apdev
):
769 """WPA2-EAP-FT AP over DS with mismatching R0KH key (push)"""
771 passphrase
="12345678"
773 radius
= hostapd
.radius_params()
774 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
775 params
["ieee80211w"] = "2";
776 params
['wpa_key_mgmt'] = "FT-EAP"
777 params
["ieee8021x"] = "1"
778 params
= dict(radius
.items() + params
.items())
779 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
780 params
= ft_params2_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
781 params
["ieee80211w"] = "2";
782 params
['wpa_key_mgmt'] = "FT-EAP"
783 params
["ieee8021x"] = "1"
784 params
= dict(radius
.items() + params
.items())
785 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
787 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
788 fail_test
=True, eap
=True)
790 def test_ap_ft_mismatching_rrb_r0kh_pull_eap(dev
, apdev
):
791 """WPA2-EAP-FT AP over DS with mismatching R0KH key (pull)"""
793 passphrase
="12345678"
795 radius
= hostapd
.radius_params()
796 params
= ft_params1_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
797 params
["pmk_r1_push"] = "0"
798 params
['wpa_key_mgmt'] = "FT-EAP"
799 params
["ieee8021x"] = "1"
800 params
= dict(radius
.items() + params
.items())
801 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
802 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
803 params
["pmk_r1_push"] = "0"
804 params
['wpa_key_mgmt'] = "FT-EAP"
805 params
["ieee8021x"] = "1"
806 params
= dict(radius
.items() + params
.items())
807 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
809 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
810 fail_test
=True, eap
=True)
812 def test_ap_ft_gtk_rekey(dev
, apdev
):
813 """WPA2-PSK-FT AP and GTK rekey"""
815 passphrase
="12345678"
817 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
818 params
['wpa_group_rekey'] = '1'
819 hapd
= hostapd
.add_ap(apdev
[0], params
)
821 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
822 ieee80211w
="1", scan_freq
="2412")
824 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
826 raise Exception("GTK rekey timed out after initial association")
827 hwsim_utils
.test_connectivity(dev
[0], hapd
)
829 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
830 params
['wpa_group_rekey'] = '1'
831 hapd1
= hostapd
.add_ap(apdev
[1], params
)
833 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
834 dev
[0].roam(apdev
[1]['bssid'])
835 if dev
[0].get_status_field('bssid') != apdev
[1]['bssid']:
836 raise Exception("Did not connect to correct AP")
837 hwsim_utils
.test_connectivity(dev
[0], hapd1
)
839 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
841 raise Exception("GTK rekey timed out after FT protocol")
842 hwsim_utils
.test_connectivity(dev
[0], hapd1
)
844 def test_ft_psk_key_lifetime_in_memory(dev
, apdev
, params
):
845 """WPA2-PSK-FT and key lifetime in memory"""
847 passphrase
="04c2726b4b8d5f1b4db9c07aa4d9e9d8f765cb5d25ec817e6cc4fcdd5255db0"
848 psk
= '93c90846ff67af9037ed83fb72b63dbeddaa81d47f926c20909b5886f1d9358d'
849 pmk
= binascii
.unhexlify(psk
)
850 p
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
851 hapd0
= hostapd
.add_ap(apdev
[0], p
)
852 p
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
853 hapd1
= hostapd
.add_ap(apdev
[1], p
)
855 pid
= find_wpas_process(dev
[0])
857 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
859 # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
860 # event has been delivered, so verify that wpa_supplicant has returned to
861 # eloop before reading process memory.
865 buf
= read_process_memory(pid
, pmk
)
867 dev
[0].request("DISCONNECT")
868 dev
[0].wait_disconnected()
875 with
open(os
.path
.join(params
['logdir'], 'log0'), 'r') as f
:
876 for l
in f
.readlines():
877 if "FT: PMK-R0 - hexdump" in l
:
878 val
= l
.strip().split(':')[3].replace(' ', '')
879 pmkr0
= binascii
.unhexlify(val
)
880 if "FT: PMK-R1 - hexdump" in l
:
881 val
= l
.strip().split(':')[3].replace(' ', '')
882 pmkr1
= binascii
.unhexlify(val
)
883 if "FT: KCK - hexdump" in l
:
884 val
= l
.strip().split(':')[3].replace(' ', '')
885 kck
= binascii
.unhexlify(val
)
886 if "FT: KEK - hexdump" in l
:
887 val
= l
.strip().split(':')[3].replace(' ', '')
888 kek
= binascii
.unhexlify(val
)
889 if "FT: TK - hexdump" in l
:
890 val
= l
.strip().split(':')[3].replace(' ', '')
891 tk
= binascii
.unhexlify(val
)
892 if "WPA: Group Key - hexdump" in l
:
893 val
= l
.strip().split(':')[3].replace(' ', '')
894 gtk
= binascii
.unhexlify(val
)
895 if not pmkr0
or not pmkr1
or not kck
or not kek
or not tk
or not gtk
:
896 raise Exception("Could not find keys from debug log")
898 raise Exception("Unexpected GTK length")
900 logger
.info("Checking keys in memory while associated")
901 get_key_locations(buf
, pmk
, "PMK")
902 get_key_locations(buf
, pmkr0
, "PMK-R0")
903 get_key_locations(buf
, pmkr1
, "PMK-R1")
905 raise HwsimSkip("PMK not found while associated")
907 raise HwsimSkip("PMK-R0 not found while associated")
909 raise HwsimSkip("PMK-R1 not found while associated")
911 raise Exception("KCK not found while associated")
913 raise Exception("KEK not found while associated")
915 raise Exception("TK found from memory")
917 get_key_locations(buf
, gtk
, "GTK")
918 raise Exception("GTK found from memory")
920 logger
.info("Checking keys in memory after disassociation")
921 buf
= read_process_memory(pid
, pmk
)
922 get_key_locations(buf
, pmk
, "PMK")
923 get_key_locations(buf
, pmkr0
, "PMK-R0")
924 get_key_locations(buf
, pmkr1
, "PMK-R1")
926 # Note: PMK/PSK is still present in network configuration
928 fname
= os
.path
.join(params
['logdir'],
929 'ft_psk_key_lifetime_in_memory.memctx-')
930 verify_not_present(buf
, pmkr0
, fname
, "PMK-R0")
931 verify_not_present(buf
, pmkr1
, fname
, "PMK-R1")
932 verify_not_present(buf
, kck
, fname
, "KCK")
933 verify_not_present(buf
, kek
, fname
, "KEK")
934 verify_not_present(buf
, tk
, fname
, "TK")
935 verify_not_present(buf
, gtk
, fname
, "GTK")
937 dev
[0].request("REMOVE_NETWORK all")
939 logger
.info("Checking keys in memory after network profile removal")
940 buf
= read_process_memory(pid
, pmk
)
941 get_key_locations(buf
, pmk
, "PMK")
942 get_key_locations(buf
, pmkr0
, "PMK-R0")
943 get_key_locations(buf
, pmkr1
, "PMK-R1")
945 verify_not_present(buf
, pmk
, fname
, "PMK")
946 verify_not_present(buf
, pmkr0
, fname
, "PMK-R0")
947 verify_not_present(buf
, pmkr1
, fname
, "PMK-R1")
948 verify_not_present(buf
, kck
, fname
, "KCK")
949 verify_not_present(buf
, kek
, fname
, "KEK")
950 verify_not_present(buf
, tk
, fname
, "TK")
951 verify_not_present(buf
, gtk
, fname
, "GTK")
954 def test_ap_ft_invalid_resp(dev
, apdev
):
955 """WPA2-PSK-FT AP and invalid response IEs"""
957 passphrase
="12345678"
959 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
960 hapd0
= hostapd
.add_ap(apdev
[0], params
)
961 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
964 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
965 hapd1
= hostapd
.add_ap(apdev
[1], params
)
968 # Various IEs for test coverage. The last one is FTIE with invalid
969 # R1KH-ID subelement.
970 "020002000000" + "3800" + "38051122334455" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010100",
971 # FTIE with invalid R0KH-ID subelement (len=0).
972 "020002000000" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010300",
973 # FTIE with invalid R0KH-ID subelement (len=49).
974 "020002000000" + "378500010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001033101020304050607080910111213141516171819202122232425262728293031323334353637383940414243444546474849",
976 "020002000000" + "3000",
977 # Required IEs missing from protected IE count.
978 "020002000000" + "3603a1b201" + "375200010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
979 # RIC missing from protected IE count.
980 "020002000000" + "3603a1b201" + "375200020203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
981 # Protected IE missing.
982 "020002000000" + "3603a1b201" + "375200ff0203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900" + "0000" ]
984 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
985 hapd1
.set("ext_mgmt_frame_handling", "1")
987 if "OK" not in dev
[0].request("ROAM " + apdev
[1]['bssid']):
988 raise Exception("ROAM failed")
991 msg
= hapd1
.mgmt_rx()
992 if msg
['subtype'] == 11:
996 raise Exception("Authentication frame not seen")
999 resp
['fc'] = auth
['fc']
1000 resp
['da'] = auth
['sa']
1001 resp
['sa'] = auth
['da']
1002 resp
['bssid'] = auth
['bssid']
1003 resp
['payload'] = binascii
.unhexlify(t
)
1005 hapd1
.set("ext_mgmt_frame_handling", "0")
1006 dev
[0].wait_disconnected()
1008 dev
[0].request("RECONNECT")
1009 dev
[0].wait_connected()
1011 def test_ap_ft_gcmp_256(dev
, apdev
):
1012 """WPA2-PSK-FT AP with GCMP-256 cipher"""
1013 if "GCMP-256" not in dev
[0].get_capability("pairwise"):
1014 raise HwsimSkip("Cipher GCMP-256 not supported")
1016 passphrase
="12345678"
1018 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1019 params
['rsn_pairwise'] = "GCMP-256"
1020 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1021 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1022 params
['rsn_pairwise'] = "GCMP-256"
1023 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1025 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
,
1026 pairwise_cipher
="GCMP-256", group_cipher
="GCMP-256")
1028 def test_ap_ft_oom(dev
, apdev
):
1029 """WPA2-PSK-FT and OOM"""
1030 skip_with_fips(dev
[0])
1032 passphrase
="12345678"
1034 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1035 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1036 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1037 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1039 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1041 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
1042 dst
= apdev
[1]['bssid']
1044 dst
= apdev
[0]['bssid']
1046 dev
[0].scan_for_bss(dst
, freq
="2412")
1047 with
alloc_fail(dev
[0], 1, "wpa_ft_gen_req_ies"):
1049 with
fail_test(dev
[0], 1, "wpa_ft_mic"):
1050 dev
[0].roam(dst
, fail_test
=True)
1051 with
fail_test(dev
[0], 1, "os_get_random;wpa_ft_prepare_auth_request"):
1052 dev
[0].roam(dst
, fail_test
=True)
1054 dev
[0].request("REMOVE_NETWORK all")
1055 with
alloc_fail(dev
[0], 1, "=sme_update_ft_ies"):
1056 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1059 def test_ap_ft_ap_oom(dev
, apdev
):
1060 """WPA2-PSK-FT and AP OOM"""
1062 passphrase
="12345678"
1064 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1065 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1066 bssid0
= hapd0
.own_addr()
1068 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1069 with
alloc_fail(hapd0
, 1, "wpa_ft_store_pmk_r0"):
1070 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1073 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1074 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1075 bssid1
= hapd1
.own_addr()
1076 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1077 # This roam will fail due to missing PMK-R0 (OOM prevented storing it)
1080 def test_ap_ft_ap_oom2(dev
, apdev
):
1081 """WPA2-PSK-FT and AP OOM 2"""
1083 passphrase
="12345678"
1085 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1086 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1087 bssid0
= hapd0
.own_addr()
1089 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1090 with
alloc_fail(hapd0
, 1, "wpa_ft_store_pmk_r1"):
1091 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1094 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1095 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1096 bssid1
= hapd1
.own_addr()
1097 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1099 if dev
[0].get_status_field('bssid') != bssid1
:
1100 raise Exception("Did not roam to AP1")
1101 # This roam will fail due to missing PMK-R1 (OOM prevented storing it)
1104 def test_ap_ft_ap_oom3(dev
, apdev
):
1105 """WPA2-PSK-FT and AP OOM 3"""
1107 passphrase
="12345678"
1109 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1110 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1111 bssid0
= hapd0
.own_addr()
1113 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1114 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1117 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1118 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1119 bssid1
= hapd1
.own_addr()
1120 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1121 with
alloc_fail(hapd1
, 1, "wpa_ft_pull_pmk_r1"):
1122 # This will fail due to not being able to send out PMK-R1 pull request
1125 with
fail_test(hapd1
, 2, "os_get_random;wpa_ft_pull_pmk_r1"):
1126 # This will fail due to not being able to send out PMK-R1 pull request
1129 with
fail_test(hapd1
, 2, "aes_siv_encrypt;wpa_ft_pull_pmk_r1"):
1130 # This will fail due to not being able to send out PMK-R1 pull request
1133 def test_ap_ft_ap_oom3b(dev
, apdev
):
1134 """WPA2-PSK-FT and AP OOM 3b"""
1136 passphrase
="12345678"
1138 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1139 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1140 bssid0
= hapd0
.own_addr()
1142 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1143 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1146 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1147 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1148 bssid1
= hapd1
.own_addr()
1149 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1150 with
fail_test(hapd1
, 1, "os_get_random;wpa_ft_pull_pmk_r1"):
1151 # This will fail due to not being able to send out PMK-R1 pull request
1154 def test_ap_ft_ap_oom4(dev
, apdev
):
1155 """WPA2-PSK-FT and AP OOM 4"""
1157 passphrase
="12345678"
1159 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1160 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1161 bssid0
= hapd0
.own_addr()
1163 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1164 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1167 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1168 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1169 bssid1
= hapd1
.own_addr()
1170 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1171 with
alloc_fail(hapd1
, 1, "wpa_ft_gtk_subelem"):
1173 if dev
[0].get_status_field('bssid') != bssid1
:
1174 raise Exception("Did not roam to AP1")
1176 with
fail_test(hapd0
, 1, "wpa_auth_get_seqnum;wpa_ft_gtk_subelem"):
1178 if dev
[0].get_status_field('bssid') != bssid0
:
1179 raise Exception("Did not roam to AP0")
1181 with
fail_test(hapd0
, 1, "aes_wrap;wpa_ft_gtk_subelem"):
1183 if dev
[0].get_status_field('bssid') != bssid1
:
1184 raise Exception("Did not roam to AP1")
1186 def test_ap_ft_ap_oom5(dev
, apdev
):
1187 """WPA2-PSK-FT and AP OOM 5"""
1189 passphrase
="12345678"
1191 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1192 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1193 bssid0
= hapd0
.own_addr()
1195 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1196 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1199 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1200 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1201 bssid1
= hapd1
.own_addr()
1202 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1203 with
alloc_fail(hapd1
, 1, "=wpa_ft_process_auth_req"):
1204 # This will fail to roam
1207 with
fail_test(hapd1
, 1, "os_get_random;wpa_ft_process_auth_req"):
1208 # This will fail to roam
1211 with
fail_test(hapd1
, 1, "sha256_prf_bits;wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
1212 # This will fail to roam
1215 with
fail_test(hapd1
, 3, "wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
1216 # This will fail to roam
1219 with
fail_test(hapd1
, 1, "wpa_derive_pmk_r1_name;wpa_ft_process_auth_req"):
1220 # This will fail to roam
1223 def test_ap_ft_ap_oom6(dev
, apdev
):
1224 """WPA2-PSK-FT and AP OOM 6"""
1226 passphrase
="12345678"
1228 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1229 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1230 bssid0
= hapd0
.own_addr()
1232 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1233 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r0;wpa_auth_derive_ptk_ft"):
1234 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1236 dev
[0].request("REMOVE_NETWORK all")
1237 dev
[0].wait_disconnected()
1238 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r1;wpa_auth_derive_ptk_ft"):
1239 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1241 dev
[0].request("REMOVE_NETWORK all")
1242 dev
[0].wait_disconnected()
1243 with
fail_test(hapd0
, 1, "wpa_pmk_r1_to_ptk;wpa_auth_derive_ptk_ft"):
1244 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1247 def test_ap_ft_ap_oom7(dev
, apdev
):
1248 """WPA2-PSK-FT and AP OOM 7"""
1250 passphrase
="12345678"
1252 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1253 params
["ieee80211w"] = "2"
1254 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1255 bssid0
= hapd0
.own_addr()
1257 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1258 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1259 ieee80211w
="2", scan_freq
="2412")
1261 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1262 params
["ieee80211w"] = "2"
1263 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1264 bssid1
= hapd1
.own_addr()
1265 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1266 with
alloc_fail(hapd1
, 1, "wpa_ft_igtk_subelem"):
1267 # This will fail to roam
1269 with
fail_test(hapd1
, 1, "aes_wrap;wpa_ft_igtk_subelem"):
1270 # This will fail to roam
1272 with
alloc_fail(hapd1
, 1, "=wpa_sm_write_assoc_resp_ies"):
1273 # This will fail to roam
1275 with
fail_test(hapd1
, 1, "wpa_ft_mic;wpa_sm_write_assoc_resp_ies"):
1276 # This will fail to roam
1279 def test_ap_ft_ap_oom8(dev
, apdev
):
1280 """WPA2-PSK-FT and AP OOM 8"""
1282 passphrase
="12345678"
1284 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1285 params
['ft_psk_generate_local'] = "1";
1286 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1287 bssid0
= hapd0
.own_addr()
1289 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1290 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1293 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1294 params
['ft_psk_generate_local'] = "1";
1295 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1296 bssid1
= hapd1
.own_addr()
1297 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1298 with
fail_test(hapd1
, 1, "wpa_derive_pmk_r0;wpa_ft_psk_pmk_r1"):
1299 # This will fail to roam
1301 with
fail_test(hapd1
, 1, "wpa_derive_pmk_r1;wpa_ft_psk_pmk_r1"):
1302 # This will fail to roam
1305 def test_ap_ft_ap_oom9(dev
, apdev
):
1306 """WPA2-PSK-FT and AP OOM 9"""
1308 passphrase
="12345678"
1310 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1311 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1312 bssid0
= hapd0
.own_addr()
1314 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1315 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1318 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1319 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1320 bssid1
= hapd1
.own_addr()
1321 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1323 with
alloc_fail(hapd0
, 1, "wpa_ft_action_rx"):
1324 # This will fail to roam
1325 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1326 raise Exception("FT_DS failed")
1327 wait_fail_trigger(hapd0
, "GET_ALLOC_FAIL")
1329 with
alloc_fail(hapd1
, 1, "wpa_ft_rrb_rx_request"):
1330 # This will fail to roam
1331 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1332 raise Exception("FT_DS failed")
1333 wait_fail_trigger(hapd1
, "GET_ALLOC_FAIL")
1335 with
alloc_fail(hapd1
, 1, "wpa_ft_send_rrb_auth_resp"):
1336 # This will fail to roam
1337 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1338 raise Exception("FT_DS failed")
1339 wait_fail_trigger(hapd1
, "GET_ALLOC_FAIL")
1341 def test_ap_ft_ap_oom10(dev
, apdev
):
1342 """WPA2-PSK-FT and AP OOM 10"""
1344 passphrase
="12345678"
1346 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1347 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1348 bssid0
= hapd0
.own_addr()
1350 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1351 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1354 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1355 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1356 bssid1
= hapd1
.own_addr()
1357 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1359 with
fail_test(hapd0
, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_pull"):
1360 # This will fail to roam
1361 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1362 raise Exception("FT_DS failed")
1363 wait_fail_trigger(hapd0
, "GET_FAIL")
1365 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r1;wpa_ft_rrb_rx_pull"):
1366 # This will fail to roam
1367 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1368 raise Exception("FT_DS failed")
1369 wait_fail_trigger(hapd0
, "GET_FAIL")
1371 with
fail_test(hapd0
, 1, "aes_siv_encrypt;wpa_ft_rrb_rx_pull"):
1372 # This will fail to roam
1373 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1374 raise Exception("FT_DS failed")
1375 wait_fail_trigger(hapd0
, "GET_FAIL")
1377 with
fail_test(hapd1
, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_resp"):
1378 # This will fail to roam
1379 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1380 raise Exception("FT_DS failed")
1381 wait_fail_trigger(hapd1
, "GET_FAIL")
1383 def test_ap_ft_ap_oom11(dev
, apdev
):
1384 """WPA2-PSK-FT and AP OOM 11"""
1386 passphrase
="12345678"
1388 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1389 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1390 bssid0
= hapd0
.own_addr()
1392 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1393 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r1;wpa_ft_generate_pmk_r1"):
1394 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1396 wait_fail_trigger(hapd0
, "GET_FAIL")
1398 dev
[1].scan_for_bss(bssid0
, freq
="2412")
1399 with
fail_test(hapd0
, 1, "aes_siv_encrypt;wpa_ft_generate_pmk_r1"):
1400 dev
[1].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1402 wait_fail_trigger(hapd0
, "GET_FAIL")
1404 def test_ap_ft_over_ds_proto_ap(dev
, apdev
):
1405 """WPA2-PSK-FT AP over DS protocol testing for AP processing"""
1407 passphrase
="12345678"
1409 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1410 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1411 bssid0
= hapd0
.own_addr()
1412 _bssid0
= bssid0
.replace(':', '')
1413 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1415 addr
= dev
[0].own_addr()
1416 _addr
= addr
.replace(':', '')
1418 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1419 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1420 bssid1
= hapd1
.own_addr()
1421 _bssid1
= bssid1
.replace(':', '')
1423 hapd0
.set("ext_mgmt_frame_handling", "1")
1424 hdr
= "d0003a01" + _bssid0
+ _addr
+ _bssid0
+ "1000"
1425 valid
= "0601" + _addr
+ _bssid1
1428 "0601" + _addr
+ _bssid0
,
1429 "0601" + _addr
+ "ffffffffffff",
1430 "0601" + _bssid0
+ _bssid0
,
1435 valid
+ "3603ffffff",
1436 valid
+ "3603a1b2ff",
1437 valid
+ "3603a1b2ff" + "3700",
1438 valid
+ "3603a1b2ff" + "37520000" + 16*"00" + 32*"00" + 32*"00",
1439 valid
+ "3603a1b2ff" + "37520001" + 16*"00" + 32*"00" + 32*"00",
1440 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa",
1441 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "3000",
1442 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000facff00000100a225368fe0983b5828a37a0acb37f253",
1443 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac030100000fac0400000100a225368fe0983b5828a37a0acb37f253",
1444 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000fac0400000100a225368fe0983b5828a37a0acb37f253",
1447 hapd0
.dump_monitor()
1448 if "OK" not in hapd0
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr
+ t
):
1449 raise Exception("MGMT_RX_PROCESS failed")
1451 hapd0
.set("ext_mgmt_frame_handling", "0")
1453 def test_ap_ft_over_ds_proto(dev
, apdev
):
1454 """WPA2-PSK-FT AP over DS protocol testing"""
1456 passphrase
="12345678"
1458 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1459 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1460 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1463 # FT Action Response while no FT-over-DS in progress
1466 msg
['da'] = dev
[0].own_addr()
1467 msg
['sa'] = apdev
[0]['bssid']
1468 msg
['bssid'] = apdev
[0]['bssid']
1469 msg
['payload'] = binascii
.unhexlify("06020200000000000200000004000000")
1472 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1473 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1474 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
1475 hapd0
.set("ext_mgmt_frame_handling", "1")
1476 hapd0
.dump_monitor()
1477 dev
[0].request("FT_DS " + apdev
[1]['bssid'])
1478 for i
in range(0, 10):
1479 req
= hapd0
.mgmt_rx()
1481 raise Exception("MGMT RX wait timed out")
1482 if req
['subtype'] == 13:
1486 raise Exception("FT Action frame not received")
1488 # FT Action Response for unexpected Target AP
1489 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "f20000000400" + "0000")
1492 # FT Action Response without MDIE
1493 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "020000000400" + "0000")
1496 # FT Action Response without FTIE
1497 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201")
1500 # FT Action Response with FTIE SNonce mismatch
1501 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201" + "3766000000000000000000000000000000000000c4e67ac1999bebd00ff4ae4d5dcaf87896bb060b469f7c78d49623fb395c3455ffffff6b693fe6f8d8c5dfac0a22344750775bd09437f98b238c9f87b97f790c0106000102030406030a6e6173312e77312e6669")
1505 def test_ap_ft_rrb(dev
, apdev
):
1506 """WPA2-PSK-FT RRB protocol testing"""
1508 passphrase
="12345678"
1510 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1511 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1513 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1516 _dst_ll
= binascii
.unhexlify(apdev
[0]['bssid'].replace(':',''))
1517 _src_ll
= binascii
.unhexlify(dev
[0].own_addr().replace(':',''))
1519 ehdr
= _dst_ll
+ _src_ll
+ proto
1521 # Too short RRB frame
1523 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1524 raise Exception("DATA_TEST_FRAME failed")
1526 # RRB discarded frame wikth unrecognized type
1527 pkt
= ehdr
+ '\x02' + '\x02' + '\x01\x00' + _src_ll
1528 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1529 raise Exception("DATA_TEST_FRAME failed")
1531 # RRB frame too short for action frame
1532 pkt
= ehdr
+ '\x01' + '\x02' + '\x01\x00' + _src_ll
1533 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1534 raise Exception("DATA_TEST_FRAME failed")
1536 # Too short RRB frame (not enough room for Action Frame body)
1537 pkt
= ehdr
+ '\x01' + '\x02' + '\x00\x00' + _src_ll
1538 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1539 raise Exception("DATA_TEST_FRAME failed")
1541 # Unexpected Action frame category
1542 pkt
= ehdr
+ '\x01' + '\x02' + '\x0e\x00' + _src_ll
+ '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1543 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1544 raise Exception("DATA_TEST_FRAME failed")
1546 # Unexpected Action in RRB Request
1547 pkt
= ehdr
+ '\x01' + '\x00' + '\x0e\x00' + _src_ll
+ '\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1548 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1549 raise Exception("DATA_TEST_FRAME failed")
1551 # Target AP address in RRB Request does not match with own address
1552 pkt
= ehdr
+ '\x01' + '\x00' + '\x0e\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1553 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1554 raise Exception("DATA_TEST_FRAME failed")
1556 # Not enough room for status code in RRB Response
1557 pkt
= ehdr
+ '\x01' + '\x01' + '\x0e\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1558 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1559 raise Exception("DATA_TEST_FRAME failed")
1561 # RRB discarded frame with unknown packet_type
1562 pkt
= ehdr
+ '\x01' + '\x02' + '\x0e\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1563 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1564 raise Exception("DATA_TEST_FRAME failed")
1566 # RRB Response with non-zero status code; no STA match
1567 pkt
= ehdr
+ '\x01' + '\x01' + '\x10\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + '\xff\xff'
1568 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1569 raise Exception("DATA_TEST_FRAME failed")
1571 # RRB Response with zero status code and extra data; STA match
1572 pkt
= ehdr
+ '\x01' + '\x01' + '\x11\x00' + _src_ll
+ '\x06\x01' + _src_ll
+ '\x00\x00\x00\x00\x00\x00' + '\x00\x00' + '\x00'
1573 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1574 raise Exception("DATA_TEST_FRAME failed")
1576 # Too short PMK-R1 pull
1577 pkt
= ehdr
+ '\x01' + '\xc8' + '\x0e\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1578 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1579 raise Exception("DATA_TEST_FRAME failed")
1581 # Too short PMK-R1 resp
1582 pkt
= ehdr
+ '\x01' + '\xc9' + '\x0e\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1583 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1584 raise Exception("DATA_TEST_FRAME failed")
1586 # Too short PMK-R1 push
1587 pkt
= ehdr
+ '\x01' + '\xca' + '\x0e\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1588 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1589 raise Exception("DATA_TEST_FRAME failed")
1591 # No matching R0KH address found for PMK-R0 pull response
1592 pkt
= ehdr
+ '\x01' + '\xc9' + '\x5a\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + 76*'\00'
1593 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1594 raise Exception("DATA_TEST_FRAME failed")
1597 def test_rsn_ie_proto_ft_psk_sta(dev
, apdev
):
1598 """RSN element protocol testing for FT-PSK + PMF cases on STA side"""
1599 bssid
= apdev
[0]['bssid']
1601 passphrase
="12345678"
1603 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1604 params
["ieee80211w"] = "1"
1605 # This is the RSN element used normally by hostapd
1606 params
['own_ie_override'] = '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'
1607 hapd
= hostapd
.add_ap(apdev
[0], params
)
1608 id = dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1609 ieee80211w
="1", scan_freq
="2412",
1610 pairwise
="CCMP", group
="CCMP")
1612 tests
= [ ('PMKIDCount field included',
1613 '30160100000fac040100000fac040100000fac048c000000' + '3603a1b201'),
1614 ('Extra IE before RSNE',
1615 'dd0400000000' + '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'),
1616 ('PMKIDCount and Group Management Cipher suite fields included',
1617 '301a0100000fac040100000fac040100000fac048c000000000fac06' + '3603a1b201'),
1618 ('Extra octet after defined fields (future extensibility)',
1619 '301b0100000fac040100000fac040100000fac048c000000000fac0600' + '3603a1b201'),
1620 ('No RSN Capabilities field (PMF disabled in practice)',
1621 '30120100000fac040100000fac040100000fac04' + '3603a1b201') ]
1622 for txt
,ie
in tests
:
1623 dev
[0].request("DISCONNECT")
1624 dev
[0].wait_disconnected()
1627 hapd
.set('own_ie_override', ie
)
1629 dev
[0].request("BSS_FLUSH 0")
1630 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
1631 dev
[0].select_network(id, freq
=2412)
1632 dev
[0].wait_connected()
1634 dev
[0].request("DISCONNECT")
1635 dev
[0].wait_disconnected()
1637 logger
.info('Invalid RSNE causing internal hostapd error')
1639 hapd
.set('own_ie_override', '30130100000fac040100000fac040100000fac048c' + '3603a1b201')
1641 dev
[0].request("BSS_FLUSH 0")
1642 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
1643 dev
[0].select_network(id, freq
=2412)
1644 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
1646 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=1)
1648 raise Exception("Unexpected connection")
1649 dev
[0].request("DISCONNECT")
1651 logger
.info('Unexpected PMKID causing internal hostapd error')
1653 hapd
.set('own_ie_override', '30260100000fac040100000fac040100000fac048c000100ffffffffffffffffffffffffffffffff' + '3603a1b201')
1655 dev
[0].request("BSS_FLUSH 0")
1656 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
1657 dev
[0].select_network(id, freq
=2412)
1658 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
1660 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=1)
1662 raise Exception("Unexpected connection")
1663 dev
[0].request("DISCONNECT")
1665 def test_ap_ft_ptk_rekey(dev
, apdev
):
1666 """WPA2-PSK-FT PTK rekeying triggered by station after roam"""
1668 passphrase
="12345678"
1670 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1671 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1672 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1673 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1675 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, ptk_rekey
="1")
1677 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECTED",
1678 "WPA: Key negotiation completed"], timeout
=5)
1680 raise Exception("No event received after roam")
1681 if "CTRL-EVENT-DISCONNECTED" in ev
:
1682 raise Exception("Unexpected disconnection after roam")
1684 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
1688 hwsim_utils
.test_connectivity(dev
[0], hapd
)
1690 def test_ap_ft_ptk_rekey_ap(dev
, apdev
):
1691 """WPA2-PSK-FT PTK rekeying triggered by AP after roam"""
1693 passphrase
="12345678"
1695 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1696 params
['wpa_ptk_rekey'] = '2'
1697 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1698 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1699 params
['wpa_ptk_rekey'] = '2'
1700 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1702 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
1704 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECTED",
1705 "WPA: Key negotiation completed"], timeout
=5)
1707 raise Exception("No event received after roam")
1708 if "CTRL-EVENT-DISCONNECTED" in ev
:
1709 raise Exception("Unexpected disconnection after roam")
1711 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
1715 hwsim_utils
.test_connectivity(dev
[0], hapd
)
1717 def test_ap_ft_internal_rrb_check(dev
, apdev
):
1718 """RRB internal delivery only to WPA enabled BSS"""
1720 passphrase
="12345678"
1722 radius
= hostapd
.radius_params()
1723 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1724 params
['wpa_key_mgmt'] = "FT-EAP"
1725 params
["ieee8021x"] = "1"
1726 params
= dict(radius
.items() + params
.items())
1727 hapd
= hostapd
.add_ap(apdev
[0], params
)
1728 key_mgmt
= hapd
.get_config()['key_mgmt']
1729 if key_mgmt
.split(' ')[0] != "FT-EAP":
1730 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
1732 hapd1
= hostapd
.add_ap(apdev
[1], { "ssid" : ssid
})
1734 # Connect to WPA enabled AP
1735 dev
[0].connect(ssid
, key_mgmt
="FT-EAP", proto
="WPA2", ieee80211w
="1",
1736 eap
="GPSK", identity
="gpsk user",
1737 password
="abcdefghijklmnop0123456789abcdef",
1740 # Try over_ds roaming to non-WPA-enabled AP.
1741 # If hostapd does not check hapd->wpa_auth internally, it will crash now.
1742 dev
[0].roam_over_ds(apdev
[1]['bssid'], fail_test
=True)
1744 def test_ap_ft_extra_ie(dev
, apdev
):
1745 """WPA2-PSK-FT AP with WPA2-PSK enabled and unexpected MDE"""
1747 passphrase
="12345678"
1749 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1750 params
["wpa_key_mgmt"] = "WPA-PSK FT-PSK"
1751 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1752 dev
[1].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1754 dev
[2].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK", proto
="WPA2",
1757 # Add Mobility Domain element to test AP validation code.
1758 dev
[0].request("VENDOR_ELEM_ADD 13 3603a1b201")
1759 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK", proto
="WPA2",
1760 scan_freq
="2412", wait_connect
=False)
1761 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED",
1762 "CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
1764 raise Exception("No connection result")
1765 if "CTRL-EVENT-CONNECTED" in ev
:
1766 raise Exception("Non-FT association accepted with MDE")
1767 if "status_code=43" not in ev
:
1768 raise Exception("Unexpected status code: " + ev
)
1769 dev
[0].request("DISCONNECT")
1771 dev
[0].request("VENDOR_ELEM_REMOVE 13 *")
1773 def test_ap_ft_ric(dev
, apdev
):
1774 """WPA2-PSK-FT AP and RIC"""
1776 passphrase
="12345678"
1778 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1779 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1780 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1781 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1783 dev
[0].set("ric_ies", "")
1784 dev
[0].set("ric_ies", '""')
1785 if "FAIL" not in dev
[0].request("SET ric_ies q"):
1786 raise Exception("Invalid ric_ies value accepted")
1791 "390400000000" + "390400000000",
1792 "390400000000" + "dd050050f20202",
1793 "390400000000" + "dd3d0050f2020201" + 55*"00",
1794 "390400000000" + "dd3d0050f2020201aa300010270000000000000000000000000000000000000000000000000000ffffff7f00000000000000000000000040420f00ffff0000",
1795 "390401010000" + "dd3d0050f2020201aa3000dc050000000000000000000000000000000000000000000000000000dc050000000000000000000000000000808d5b0028230000" ]
1797 dev
[0].set("ric_ies", t
)
1798 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
,
1799 test_connectivity
=False)
1800 dev
[0].request("REMOVE_NETWORK all")
1801 dev
[0].wait_disconnected()
1802 dev
[0].dump_monitor()
1804 def ie_hex(ies
, id):
1805 return binascii
.hexlify(struct
.pack('BB', id, len(ies
[id])) + ies
[id])
1807 def test_ap_ft_reassoc_proto(dev
, apdev
):
1808 """WPA2-PSK-FT AP Reassociation Request frame parsing"""
1810 passphrase
="12345678"
1812 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1813 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1814 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1815 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1817 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1818 ieee80211w
="1", scan_freq
="2412")
1819 if dev
[0].get_status_field('bssid') == hapd0
.own_addr():
1826 dev
[0].scan_for_bss(hapd2ap
.own_addr(), freq
="2412")
1827 hapd2ap
.set("ext_mgmt_frame_handling", "1")
1828 dev
[0].request("ROAM " + hapd2ap
.own_addr())
1831 req
= hapd2ap
.mgmt_rx()
1832 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']))
1833 if req
['subtype'] == 11:
1837 req
= hapd2ap
.mgmt_rx()
1838 if req
['subtype'] == 2:
1840 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']))
1842 # IEEE 802.11 header + fixed fields before IEs
1843 hdr
= binascii
.hexlify(req
['frame'][0:34])
1844 ies
= parse_ie(binascii
.hexlify(req
['frame'][34:]))
1845 # First elements: SSID, Supported Rates, Extended Supported Rates
1846 ies1
= ie_hex(ies
, 0) + ie_hex(ies
, 1) + ie_hex(ies
, 50)
1848 rsne
= ie_hex(ies
, 48)
1849 mde
= ie_hex(ies
, 54)
1850 fte
= ie_hex(ies
, 55)
1852 # RSN: Trying to use FT, but MDIE not included
1854 # RSN: Attempted to use unknown MDIE
1855 tests
+= [ rsne
+ "3603000000" ]
1856 # Invalid RSN pairwise cipher
1857 tests
+= [ "30260100000fac040100000fac030100000fac040000010029208a42cd25c85aa571567dce10dae3" ]
1858 # FT: No PMKID in RSNIE
1859 tests
+= [ "30160100000fac040100000fac040100000fac0400000000" + ie_hex(ies
, 54) ]
1861 tests
+= [ rsne
+ mde
]
1862 # FT: RIC IE(s) in the frame, but not included in protected IE count
1863 # FT: Failed to parse FT IEs
1864 tests
+= [ rsne
+ mde
+ fte
+ "3900" ]
1865 # FT: SNonce mismatch in FTIE
1866 tests
+= [ rsne
+ mde
+ "37520000" + 16*"00" + 32*"00" + 32*"00" ]
1867 # FT: ANonce mismatch in FTIE
1868 tests
+= [ rsne
+ mde
+ fte
[0:40] + 32*"00" + fte
[104:] ]
1869 # FT: No R0KH-ID subelem in FTIE
1870 tests
+= [ rsne
+ mde
+ "3752" + fte
[4:168] ]
1871 # FT: R0KH-ID in FTIE did not match with the current R0KH-ID
1872 tests
+= [ rsne
+ mde
+ "3755" + fte
[4:168] + "0301ff" ]
1873 # FT: No R1KH-ID subelem in FTIE
1874 tests
+= [ rsne
+ mde
+ "375e" + fte
[4:168] + "030a" + "nas1.w1.fi".encode("hex") ]
1875 # FT: Unknown R1KH-ID used in ReassocReq
1876 tests
+= [ rsne
+ mde
+ "3766" + fte
[4:168] + "030a" + "nas1.w1.fi".encode("hex") + "0106000000000000" ]
1877 # FT: PMKID in Reassoc Req did not match with the PMKR1Name derived from auth request
1878 tests
+= [ rsne
[:-32] + 16*"00" + mde
+ fte
]
1879 # Invalid MIC in FTIE
1880 tests
+= [ rsne
+ mde
+ fte
[0:8] + 16*"00" + fte
[40:] ]
1882 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr
+ ies1
+ t
)
1884 def test_ap_ft_reassoc_local_fail(dev
, apdev
):
1885 """WPA2-PSK-FT AP Reassociation Request frame and local failure"""
1887 passphrase
="12345678"
1889 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1890 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1891 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1892 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1894 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1895 ieee80211w
="1", scan_freq
="2412")
1896 if dev
[0].get_status_field('bssid') == hapd0
.own_addr():
1903 dev
[0].scan_for_bss(hapd2ap
.own_addr(), freq
="2412")
1904 # FT: Failed to calculate MIC
1905 with
fail_test(hapd2ap
, 1, "wpa_ft_validate_reassoc"):
1906 dev
[0].request("ROAM " + hapd2ap
.own_addr())
1907 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
1908 dev
[0].request("DISCONNECT")
1910 raise Exception("Association reject not seen")
1912 def test_ap_ft_reassoc_replay(dev
, apdev
, params
):
1913 """WPA2-PSK-FT AP and replayed Reassociation Request frame"""
1914 capfile
= os
.path
.join(params
['logdir'], "hwsim0.pcapng")
1916 passphrase
="12345678"
1918 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1919 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1920 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1921 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1923 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1925 if dev
[0].get_status_field('bssid') == hapd0
.own_addr():
1932 dev
[0].scan_for_bss(hapd2ap
.own_addr(), freq
="2412")
1933 hapd2ap
.set("ext_mgmt_frame_handling", "1")
1934 dev
[0].dump_monitor()
1935 if "OK" not in dev
[0].request("ROAM " + hapd2ap
.own_addr()):
1936 raise Exception("ROAM failed")
1941 req
= hapd2ap
.mgmt_rx()
1943 hapd2ap
.dump_monitor()
1944 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']))
1945 if req
['subtype'] == 2:
1947 ev
= hapd2ap
.wait_event(["MGMT-TX-STATUS"], timeout
=5)
1949 raise Exception("No TX status seen")
1950 cmd
= "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev
.split(' ')[1:4]))
1951 if "OK" not in hapd2ap
.request(cmd
):
1952 raise Exception("MGMT_TX_STATUS_PROCESS failed")
1954 hapd2ap
.set("ext_mgmt_frame_handling", "0")
1955 if reassocreq
is None:
1956 raise Exception("No Reassociation Request frame seen")
1957 dev
[0].wait_connected()
1958 dev
[0].dump_monitor()
1959 hapd2ap
.dump_monitor()
1961 hwsim_utils
.test_connectivity(dev
[0], hapd2ap
)
1963 logger
.info("Replay the last Reassociation Request frame")
1964 hapd2ap
.dump_monitor()
1965 hapd2ap
.set("ext_mgmt_frame_handling", "1")
1966 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']))
1967 ev
= hapd2ap
.wait_event(["MGMT-TX-STATUS"], timeout
=5)
1969 raise Exception("No TX status seen")
1970 cmd
= "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev
.split(' ')[1:4]))
1971 if "OK" not in hapd2ap
.request(cmd
):
1972 raise Exception("MGMT_TX_STATUS_PROCESS failed")
1973 hapd2ap
.set("ext_mgmt_frame_handling", "0")
1976 hwsim_utils
.test_connectivity(dev
[0], hapd2ap
)
1981 ap
= hapd2ap
.own_addr()
1982 sta
= dev
[0].own_addr()
1983 filt
= "wlan.fc.type == 2 && " + \
1984 "wlan.da == " + sta
+ " && " + \
1986 fields
= [ "wlan.ccmp.extiv" ]
1987 res
= run_tshark(capfile
, filt
, fields
)
1988 vals
= res
.splitlines()
1989 logger
.info("CCMP PN: " + str(vals
))
1991 raise Exception("Could not find all CCMP protected frames from capture")
1992 if len(set(vals
)) < len(vals
):
1993 raise Exception("Duplicate CCMP PN used")
1996 raise Exception("The second hwsim connectivity test failed")