]> git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_ap_ft.py
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tests: Fix ft_psk_key_lifetime_in_memory with new PTK derivation debug
[thirdparty/hostap.git] / tests / hwsim / test_ap_ft.py
1 # Fast BSS Transition tests
2 # Copyright (c) 2013-2014, Jouni Malinen <j@w1.fi>
3 #
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
6
7 import binascii
8 import os
9 import time
10 import subprocess
11 import logging
12 logger = logging.getLogger()
13
14 import hwsim_utils
15 import hostapd
16 from utils import HwsimSkip
17 from wlantest import Wlantest
18 from test_ap_psk import check_mib, find_wpas_process, read_process_memory, verify_not_present, get_key_locations
19
20 def ft_base_rsn():
21 params = { "wpa": "2",
22 "wpa_key_mgmt": "FT-PSK",
23 "rsn_pairwise": "CCMP" }
24 return params
25
26 def ft_base_mixed():
27 params = { "wpa": "3",
28 "wpa_key_mgmt": "WPA-PSK FT-PSK",
29 "wpa_pairwise": "TKIP",
30 "rsn_pairwise": "CCMP" }
31 return params
32
33 def ft_params(rsn=True, ssid=None, passphrase=None):
34 if rsn:
35 params = ft_base_rsn()
36 else:
37 params = ft_base_mixed()
38 if ssid:
39 params["ssid"] = ssid
40 if passphrase:
41 params["wpa_passphrase"] = passphrase
42
43 params["mobility_domain"] = "a1b2"
44 params["r0_key_lifetime"] = "10000"
45 params["pmk_r1_push"] = "1"
46 params["reassociation_deadline"] = "1000"
47 return params
48
49 def ft_params1(rsn=True, ssid=None, passphrase=None):
50 params = ft_params(rsn, ssid, passphrase)
51 params['nas_identifier'] = "nas1.w1.fi"
52 params['r1_key_holder'] = "000102030405"
53 params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f",
54 "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f" ]
55 params['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f"
56 return params
57
58 def ft_params2(rsn=True, ssid=None, passphrase=None):
59 params = ft_params(rsn, ssid, passphrase)
60 params['nas_identifier'] = "nas2.w1.fi"
61 params['r1_key_holder'] = "000102030406"
62 params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f",
63 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f" ]
64 params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f"
65 return params
66
67 def ft_params1_r0kh_mismatch(rsn=True, ssid=None, passphrase=None):
68 params = ft_params(rsn, ssid, passphrase)
69 params['nas_identifier'] = "nas1.w1.fi"
70 params['r1_key_holder'] = "000102030405"
71 params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f",
72 "12:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f" ]
73 params['r1kh'] = "12:00:00:00:04:00 10:01:02:03:04:06 200102030405060708090a0b0c0d0e0f"
74 return params
75
76 def ft_params2_incorrect_rrb_key(rsn=True, ssid=None, passphrase=None):
77 params = ft_params(rsn, ssid, passphrase)
78 params['nas_identifier'] = "nas2.w1.fi"
79 params['r1_key_holder'] = "000102030406"
80 params['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0ef1",
81 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0ef2" ]
82 params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0ef3"
83 return params
84
85 def ft_params2_r0kh_mismatch(rsn=True, ssid=None, passphrase=None):
86 params = ft_params(rsn, ssid, passphrase)
87 params['nas_identifier'] = "nas2.w1.fi"
88 params['r1_key_holder'] = "000102030406"
89 params['r0kh'] = [ "12:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f",
90 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f" ]
91 params['r1kh'] = "12:00:00:00:03:00 10:01:02:03:04:05 300102030405060708090a0b0c0d0e0f"
92 return params
93
94 def run_roams(dev, apdev, hapd0, hapd1, ssid, passphrase, over_ds=False, sae=False, eap=False, fail_test=False, roams=1):
95 logger.info("Connect to first AP")
96 if eap:
97 dev.connect(ssid, key_mgmt="FT-EAP", proto="WPA2", ieee80211w="1",
98 eap="GPSK", identity="gpsk user",
99 password="abcdefghijklmnop0123456789abcdef",
100 scan_freq="2412")
101 else:
102 if sae:
103 key_mgmt="FT-SAE"
104 else:
105 key_mgmt="FT-PSK"
106 dev.connect(ssid, psk=passphrase, key_mgmt=key_mgmt, proto="WPA2",
107 ieee80211w="1", scan_freq="2412")
108 if dev.get_status_field('bssid') == apdev[0]['bssid']:
109 ap1 = apdev[0]
110 ap2 = apdev[1]
111 hapd1ap = hapd0
112 hapd2ap = hapd1
113 else:
114 ap1 = apdev[1]
115 ap2 = apdev[0]
116 hapd1ap = hapd1
117 hapd2ap = hapd0
118 hwsim_utils.test_connectivity(dev, hapd1ap)
119
120 dev.scan_for_bss(ap2['bssid'], freq="2412")
121
122 for i in range(0, roams):
123 logger.info("Roam to the second AP")
124 if over_ds:
125 dev.roam_over_ds(ap2['bssid'], fail_test=fail_test)
126 else:
127 dev.roam(ap2['bssid'], fail_test=fail_test)
128 if fail_test:
129 return
130 if dev.get_status_field('bssid') != ap2['bssid']:
131 raise Exception("Did not connect to correct AP")
132 if i == 0 or i == roams - 1:
133 hwsim_utils.test_connectivity(dev, hapd2ap)
134
135 logger.info("Roam back to the first AP")
136 if over_ds:
137 dev.roam_over_ds(ap1['bssid'])
138 else:
139 dev.roam(ap1['bssid'])
140 if dev.get_status_field('bssid') != ap1['bssid']:
141 raise Exception("Did not connect to correct AP")
142 if i == 0 or i == roams - 1:
143 hwsim_utils.test_connectivity(dev, hapd1ap)
144
145 def test_ap_ft(dev, apdev):
146 """WPA2-PSK-FT AP"""
147 ssid = "test-ft"
148 passphrase="12345678"
149
150 params = ft_params1(ssid=ssid, passphrase=passphrase)
151 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
152 params = ft_params2(ssid=ssid, passphrase=passphrase)
153 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
154
155 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
156 if "[WPA2-FT/PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"):
157 raise Exception("Scan results missing RSN element info")
158
159 def test_ap_ft_many(dev, apdev):
160 """WPA2-PSK-FT AP multiple times"""
161 ssid = "test-ft"
162 passphrase="12345678"
163
164 params = ft_params1(ssid=ssid, passphrase=passphrase)
165 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
166 params = ft_params2(ssid=ssid, passphrase=passphrase)
167 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
168
169 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, roams=50)
170
171 def test_ap_ft_mixed(dev, apdev):
172 """WPA2-PSK-FT mixed-mode AP"""
173 ssid = "test-ft-mixed"
174 passphrase="12345678"
175
176 params = ft_params1(rsn=False, ssid=ssid, passphrase=passphrase)
177 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
178 key_mgmt = hapd.get_config()['key_mgmt']
179 vals = key_mgmt.split(' ')
180 if vals[0] != "WPA-PSK" or vals[1] != "FT-PSK":
181 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
182 params = ft_params2(rsn=False, ssid=ssid, passphrase=passphrase)
183 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
184
185 run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase)
186
187 def test_ap_ft_pmf(dev, apdev):
188 """WPA2-PSK-FT AP with PMF"""
189 ssid = "test-ft"
190 passphrase="12345678"
191
192 params = ft_params1(ssid=ssid, passphrase=passphrase)
193 params["ieee80211w"] = "2";
194 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
195 params = ft_params2(ssid=ssid, passphrase=passphrase)
196 params["ieee80211w"] = "2";
197 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
198
199 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase)
200
201 def test_ap_ft_over_ds(dev, apdev):
202 """WPA2-PSK-FT AP over DS"""
203 ssid = "test-ft"
204 passphrase="12345678"
205
206 params = ft_params1(ssid=ssid, passphrase=passphrase)
207 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
208 params = ft_params2(ssid=ssid, passphrase=passphrase)
209 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
210
211 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True)
212 check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"),
213 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4") ])
214
215 def test_ap_ft_over_ds_many(dev, apdev):
216 """WPA2-PSK-FT AP over DS multiple times"""
217 ssid = "test-ft"
218 passphrase="12345678"
219
220 params = ft_params1(ssid=ssid, passphrase=passphrase)
221 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
222 params = ft_params2(ssid=ssid, passphrase=passphrase)
223 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
224
225 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
226 roams=50)
227
228 def test_ap_ft_over_ds_unknown_target(dev, apdev):
229 """WPA2-PSK-FT AP"""
230 ssid = "test-ft"
231 passphrase="12345678"
232
233 params = ft_params1(ssid=ssid, passphrase=passphrase)
234 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
235
236 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
237 scan_freq="2412")
238 dev[0].roam_over_ds("02:11:22:33:44:55", fail_test=True)
239
240 def test_ap_ft_pmf_over_ds(dev, apdev):
241 """WPA2-PSK-FT AP over DS with PMF"""
242 ssid = "test-ft"
243 passphrase="12345678"
244
245 params = ft_params1(ssid=ssid, passphrase=passphrase)
246 params["ieee80211w"] = "2";
247 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
248 params = ft_params2(ssid=ssid, passphrase=passphrase)
249 params["ieee80211w"] = "2";
250 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
251
252 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True)
253
254 def test_ap_ft_over_ds_pull(dev, apdev):
255 """WPA2-PSK-FT AP over DS (pull PMK)"""
256 ssid = "test-ft"
257 passphrase="12345678"
258
259 params = ft_params1(ssid=ssid, passphrase=passphrase)
260 params["pmk_r1_push"] = "0"
261 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
262 params = ft_params2(ssid=ssid, passphrase=passphrase)
263 params["pmk_r1_push"] = "0"
264 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
265
266 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True)
267
268 def test_ap_ft_sae(dev, apdev):
269 """WPA2-PSK-FT-SAE AP"""
270 if "SAE" not in dev[0].get_capability("auth_alg"):
271 raise HwsimSkip("SAE not supported")
272 ssid = "test-ft"
273 passphrase="12345678"
274
275 params = ft_params1(ssid=ssid, passphrase=passphrase)
276 params['wpa_key_mgmt'] = "FT-SAE"
277 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
278 params = ft_params2(ssid=ssid, passphrase=passphrase)
279 params['wpa_key_mgmt'] = "FT-SAE"
280 hapd = hostapd.add_ap(apdev[1]['ifname'], params)
281 key_mgmt = hapd.get_config()['key_mgmt']
282 if key_mgmt.split(' ')[0] != "FT-SAE":
283 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
284
285 dev[0].request("SET sae_groups ")
286 run_roams(dev[0], apdev, hapd0, hapd, ssid, passphrase, sae=True)
287
288 def test_ap_ft_sae_over_ds(dev, apdev):
289 """WPA2-PSK-FT-SAE AP over DS"""
290 if "SAE" not in dev[0].get_capability("auth_alg"):
291 raise HwsimSkip("SAE not supported")
292 ssid = "test-ft"
293 passphrase="12345678"
294
295 params = ft_params1(ssid=ssid, passphrase=passphrase)
296 params['wpa_key_mgmt'] = "FT-SAE"
297 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
298 params = ft_params2(ssid=ssid, passphrase=passphrase)
299 params['wpa_key_mgmt'] = "FT-SAE"
300 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
301
302 dev[0].request("SET sae_groups ")
303 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, sae=True,
304 over_ds=True)
305
306 def test_ap_ft_eap(dev, apdev):
307 """WPA2-EAP-FT AP"""
308 ssid = "test-ft"
309 passphrase="12345678"
310
311 radius = hostapd.radius_params()
312 params = ft_params1(ssid=ssid, passphrase=passphrase)
313 params['wpa_key_mgmt'] = "FT-EAP"
314 params["ieee8021x"] = "1"
315 params = dict(radius.items() + params.items())
316 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
317 key_mgmt = hapd.get_config()['key_mgmt']
318 if key_mgmt.split(' ')[0] != "FT-EAP":
319 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
320 params = ft_params2(ssid=ssid, passphrase=passphrase)
321 params['wpa_key_mgmt'] = "FT-EAP"
322 params["ieee8021x"] = "1"
323 params = dict(radius.items() + params.items())
324 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
325
326 run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True)
327 if "[WPA2-FT/EAP-CCMP]" not in dev[0].request("SCAN_RESULTS"):
328 raise Exception("Scan results missing RSN element info")
329 check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-3"),
330 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-3") ])
331
332 def test_ap_ft_eap_pull(dev, apdev):
333 """WPA2-EAP-FT AP (pull PMK)"""
334 ssid = "test-ft"
335 passphrase="12345678"
336
337 radius = hostapd.radius_params()
338 params = ft_params1(ssid=ssid, passphrase=passphrase)
339 params['wpa_key_mgmt'] = "FT-EAP"
340 params["ieee8021x"] = "1"
341 params["pmk_r1_push"] = "0"
342 params = dict(radius.items() + params.items())
343 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
344 key_mgmt = hapd.get_config()['key_mgmt']
345 if key_mgmt.split(' ')[0] != "FT-EAP":
346 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
347 params = ft_params2(ssid=ssid, passphrase=passphrase)
348 params['wpa_key_mgmt'] = "FT-EAP"
349 params["ieee8021x"] = "1"
350 params["pmk_r1_push"] = "0"
351 params = dict(radius.items() + params.items())
352 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
353
354 run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True)
355
356 def test_ap_ft_mismatching_rrb_key_push(dev, apdev):
357 """WPA2-PSK-FT AP over DS with mismatching RRB key (push)"""
358 ssid = "test-ft"
359 passphrase="12345678"
360
361 params = ft_params1(ssid=ssid, passphrase=passphrase)
362 params["ieee80211w"] = "2";
363 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
364 params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase)
365 params["ieee80211w"] = "2";
366 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
367
368 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
369 fail_test=True)
370
371 def test_ap_ft_mismatching_rrb_key_pull(dev, apdev):
372 """WPA2-PSK-FT AP over DS with mismatching RRB key (pull)"""
373 ssid = "test-ft"
374 passphrase="12345678"
375
376 params = ft_params1(ssid=ssid, passphrase=passphrase)
377 params["pmk_r1_push"] = "0"
378 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
379 params = ft_params2_incorrect_rrb_key(ssid=ssid, passphrase=passphrase)
380 params["pmk_r1_push"] = "0"
381 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
382
383 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
384 fail_test=True)
385
386 def test_ap_ft_mismatching_r0kh_id_pull(dev, apdev):
387 """WPA2-PSK-FT AP over DS with mismatching R0KH-ID (pull)"""
388 ssid = "test-ft"
389 passphrase="12345678"
390
391 params = ft_params1(ssid=ssid, passphrase=passphrase)
392 params["pmk_r1_push"] = "0"
393 params["nas_identifier"] = "nas0.w1.fi"
394 hostapd.add_ap(apdev[0]['ifname'], params)
395 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
396 scan_freq="2412")
397
398 params = ft_params2(ssid=ssid, passphrase=passphrase)
399 params["pmk_r1_push"] = "0"
400 hostapd.add_ap(apdev[1]['ifname'], params)
401
402 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
403 dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True)
404
405 def test_ap_ft_mismatching_rrb_r0kh_push(dev, apdev):
406 """WPA2-PSK-FT AP over DS with mismatching R0KH key (push)"""
407 ssid = "test-ft"
408 passphrase="12345678"
409
410 params = ft_params1(ssid=ssid, passphrase=passphrase)
411 params["ieee80211w"] = "2";
412 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
413 params = ft_params2_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
414 params["ieee80211w"] = "2";
415 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
416
417 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
418 fail_test=True)
419
420 def test_ap_ft_mismatching_rrb_r0kh_pull(dev, apdev):
421 """WPA2-PSK-FT AP over DS with mismatching R0KH key (pull)"""
422 ssid = "test-ft"
423 passphrase="12345678"
424
425 params = ft_params1_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
426 params["pmk_r1_push"] = "0"
427 hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
428 params = ft_params2(ssid=ssid, passphrase=passphrase)
429 params["pmk_r1_push"] = "0"
430 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
431
432 run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
433 fail_test=True)
434
435 def test_ap_ft_gtk_rekey(dev, apdev):
436 """WPA2-PSK-FT AP and GTK rekey"""
437 ssid = "test-ft"
438 passphrase="12345678"
439
440 params = ft_params1(ssid=ssid, passphrase=passphrase)
441 params['wpa_group_rekey'] = '1'
442 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
443
444 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
445 ieee80211w="1", scan_freq="2412")
446
447 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
448 if ev is None:
449 raise Exception("GTK rekey timed out after initial association")
450 hwsim_utils.test_connectivity(dev[0], hapd)
451
452 params = ft_params2(ssid=ssid, passphrase=passphrase)
453 params['wpa_group_rekey'] = '1'
454 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
455
456 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
457 dev[0].roam(apdev[1]['bssid'])
458 if dev[0].get_status_field('bssid') != apdev[1]['bssid']:
459 raise Exception("Did not connect to correct AP")
460 hwsim_utils.test_connectivity(dev[0], hapd1)
461
462 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
463 if ev is None:
464 raise Exception("GTK rekey timed out after FT protocol")
465 hwsim_utils.test_connectivity(dev[0], hapd1)
466
467 def test_ft_psk_key_lifetime_in_memory(dev, apdev, params):
468 """WPA2-PSK-FT and key lifetime in memory"""
469 ssid = "test-ft"
470 passphrase="04c2726b4b8d5f1b4db9c07aa4d9e9d8f765cb5d25ec817e6cc4fcdd5255db0"
471 psk = '93c90846ff67af9037ed83fb72b63dbeddaa81d47f926c20909b5886f1d9358d'
472 pmk = binascii.unhexlify(psk)
473 p = ft_params1(ssid=ssid, passphrase=passphrase)
474 hapd0 = hostapd.add_ap(apdev[0]['ifname'], p)
475 p = ft_params2(ssid=ssid, passphrase=passphrase)
476 hapd1 = hostapd.add_ap(apdev[1]['ifname'], p)
477
478 pid = find_wpas_process(dev[0])
479
480 dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
481 scan_freq="2412")
482 time.sleep(0.1)
483
484 buf = read_process_memory(pid, pmk)
485
486 dev[0].request("DISCONNECT")
487 dev[0].wait_disconnected()
488
489 dev[0].relog()
490 pmkr0 = None
491 pmkr1 = None
492 ptk = None
493 gtk = None
494 with open(os.path.join(params['logdir'], 'log0'), 'r') as f:
495 for l in f.readlines():
496 if "FT: PMK-R0 - hexdump" in l:
497 val = l.strip().split(':')[3].replace(' ', '')
498 pmkr0 = binascii.unhexlify(val)
499 if "FT: PMK-R1 - hexdump" in l:
500 val = l.strip().split(':')[3].replace(' ', '')
501 pmkr1 = binascii.unhexlify(val)
502 if "FT: KCK - hexdump" in l:
503 val = l.strip().split(':')[3].replace(' ', '')
504 kck = binascii.unhexlify(val)
505 if "FT: KEK - hexdump" in l:
506 val = l.strip().split(':')[3].replace(' ', '')
507 kek = binascii.unhexlify(val)
508 if "FT: TK - hexdump" in l:
509 val = l.strip().split(':')[3].replace(' ', '')
510 tk = binascii.unhexlify(val)
511 if "WPA: Group Key - hexdump" in l:
512 val = l.strip().split(':')[3].replace(' ', '')
513 gtk = binascii.unhexlify(val)
514 if not pmkr0 or not pmkr1 or not kck or not kek or not tk or not gtk:
515 raise Exception("Could not find keys from debug log")
516 if len(gtk) != 16:
517 raise Exception("Unexpected GTK length")
518
519 logger.info("Checking keys in memory while associated")
520 get_key_locations(buf, pmk, "PMK")
521 get_key_locations(buf, pmkr0, "PMK-R0")
522 get_key_locations(buf, pmkr1, "PMK-R1")
523 if pmk not in buf:
524 raise HwsimSkip("PMK not found while associated")
525 if pmkr0 not in buf:
526 raise HwsimSkip("PMK-R0 not found while associated")
527 if pmkr1 not in buf:
528 raise HwsimSkip("PMK-R1 not found while associated")
529 if kck not in buf:
530 raise Exception("KCK not found while associated")
531 if kek not in buf:
532 raise Exception("KEK not found while associated")
533 if tk in buf:
534 raise Exception("TK found from memory")
535 if gtk in buf:
536 raise Exception("GTK found from memory")
537
538 logger.info("Checking keys in memory after disassociation")
539 buf = read_process_memory(pid, pmk)
540 get_key_locations(buf, pmk, "PMK")
541 get_key_locations(buf, pmkr0, "PMK-R0")
542 get_key_locations(buf, pmkr1, "PMK-R1")
543
544 # Note: PMK/PSK is still present in network configuration
545
546 fname = os.path.join(params['logdir'],
547 'ft_psk_key_lifetime_in_memory.memctx-')
548 verify_not_present(buf, pmkr0, fname, "PMK-R0")
549 verify_not_present(buf, pmkr1, fname, "PMK-R1")
550 verify_not_present(buf, kck, fname, "KCK")
551 verify_not_present(buf, kek, fname, "KEK")
552 verify_not_present(buf, tk, fname, "TK")
553 verify_not_present(buf, gtk, fname, "GTK")
554
555 dev[0].request("REMOVE_NETWORK all")
556
557 logger.info("Checking keys in memory after network profile removal")
558 buf = read_process_memory(pid, pmk)
559 get_key_locations(buf, pmk, "PMK")
560 get_key_locations(buf, pmkr0, "PMK-R0")
561 get_key_locations(buf, pmkr1, "PMK-R1")
562
563 verify_not_present(buf, pmk, fname, "PMK")
564 verify_not_present(buf, pmkr0, fname, "PMK-R0")
565 verify_not_present(buf, pmkr1, fname, "PMK-R1")
566 verify_not_present(buf, kck, fname, "KCK")
567 verify_not_present(buf, kek, fname, "KEK")
568 verify_not_present(buf, tk, fname, "TK")
569 verify_not_present(buf, gtk, fname, "GTK")
Unnamed repository; edit this file 'description' to name the repository.