]>
git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_ap_ft.py
1 # Fast BSS Transition tests
2 # Copyright (c) 2013-2015, Jouni Malinen <j@w1.fi>
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
7 from remotehost
import remote_compatible
12 logger
= logging
.getLogger()
16 from utils
import HwsimSkip
, alloc_fail
, fail_test
, wait_fail_trigger
, skip_with_fips
17 from wlantest
import Wlantest
18 from test_ap_psk
import check_mib
, find_wpas_process
, read_process_memory
, verify_not_present
, get_key_locations
21 params
= { "wpa": "2",
22 "wpa_key_mgmt": "FT-PSK",
23 "rsn_pairwise": "CCMP" }
27 params
= { "wpa": "3",
28 "wpa_key_mgmt": "WPA-PSK FT-PSK",
29 "wpa_pairwise": "TKIP",
30 "rsn_pairwise": "CCMP" }
33 def ft_params(rsn
=True, ssid
=None, passphrase
=None):
35 params
= ft_base_rsn()
37 params
= ft_base_mixed()
41 params
["wpa_passphrase"] = passphrase
43 params
["mobility_domain"] = "a1b2"
44 params
["r0_key_lifetime"] = "10000"
45 params
["pmk_r1_push"] = "1"
46 params
["reassociation_deadline"] = "1000"
49 def ft_params1a(rsn
=True, ssid
=None, passphrase
=None):
50 params
= ft_params(rsn
, ssid
, passphrase
)
51 params
['nas_identifier'] = "nas1.w1.fi"
52 params
['r1_key_holder'] = "000102030405"
55 def ft_params1(rsn
=True, ssid
=None, passphrase
=None):
56 params
= ft_params1a(rsn
, ssid
, passphrase
)
57 params
['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f",
58 "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f" ]
59 params
['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f"
62 def ft_params2a(rsn
=True, ssid
=None, passphrase
=None):
63 params
= ft_params(rsn
, ssid
, passphrase
)
64 params
['nas_identifier'] = "nas2.w1.fi"
65 params
['r1_key_holder'] = "000102030406"
68 def ft_params2(rsn
=True, ssid
=None, passphrase
=None):
69 params
= ft_params2a(rsn
, ssid
, passphrase
)
70 params
['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f",
71 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f" ]
72 params
['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f"
75 def ft_params1_r0kh_mismatch(rsn
=True, ssid
=None, passphrase
=None):
76 params
= ft_params(rsn
, ssid
, passphrase
)
77 params
['nas_identifier'] = "nas1.w1.fi"
78 params
['r1_key_holder'] = "000102030405"
79 params
['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f",
80 "12:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f" ]
81 params
['r1kh'] = "12:00:00:00:04:00 10:01:02:03:04:06 200102030405060708090a0b0c0d0e0f"
84 def ft_params2_incorrect_rrb_key(rsn
=True, ssid
=None, passphrase
=None):
85 params
= ft_params(rsn
, ssid
, passphrase
)
86 params
['nas_identifier'] = "nas2.w1.fi"
87 params
['r1_key_holder'] = "000102030406"
88 params
['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0ef1",
89 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0ef2" ]
90 params
['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0ef3"
93 def ft_params2_r0kh_mismatch(rsn
=True, ssid
=None, passphrase
=None):
94 params
= ft_params(rsn
, ssid
, passphrase
)
95 params
['nas_identifier'] = "nas2.w1.fi"
96 params
['r1_key_holder'] = "000102030406"
97 params
['r0kh'] = [ "12:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f",
98 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f" ]
99 params
['r1kh'] = "12:00:00:00:03:00 10:01:02:03:04:05 300102030405060708090a0b0c0d0e0f"
102 def run_roams(dev
, apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=False,
103 sae
=False, eap
=False, fail_test
=False, roams
=1,
104 pairwise_cipher
="CCMP", group_cipher
="TKIP CCMP", ptk_rekey
="0",
105 test_connectivity
=True):
106 logger
.info("Connect to first AP")
108 dev
.connect(ssid
, key_mgmt
="FT-EAP", proto
="WPA2", ieee80211w
="1",
109 eap
="GPSK", identity
="gpsk user",
110 password
="abcdefghijklmnop0123456789abcdef",
112 pairwise
=pairwise_cipher
, group
=group_cipher
,
113 wpa_ptk_rekey
=ptk_rekey
)
119 dev
.connect(ssid
, psk
=passphrase
, key_mgmt
=key_mgmt
, proto
="WPA2",
120 ieee80211w
="1", scan_freq
="2412",
121 pairwise
=pairwise_cipher
, group
=group_cipher
,
122 wpa_ptk_rekey
=ptk_rekey
)
123 if dev
.get_status_field('bssid') == apdev
[0]['bssid']:
133 if test_connectivity
:
134 hwsim_utils
.test_connectivity(dev
, hapd1ap
)
136 dev
.scan_for_bss(ap2
['bssid'], freq
="2412")
138 for i
in range(0, roams
):
139 logger
.info("Roam to the second AP")
141 dev
.roam_over_ds(ap2
['bssid'], fail_test
=fail_test
)
143 dev
.roam(ap2
['bssid'], fail_test
=fail_test
)
146 if dev
.get_status_field('bssid') != ap2
['bssid']:
147 raise Exception("Did not connect to correct AP")
148 if (i
== 0 or i
== roams
- 1) and test_connectivity
:
149 hwsim_utils
.test_connectivity(dev
, hapd2ap
)
151 logger
.info("Roam back to the first AP")
153 dev
.roam_over_ds(ap1
['bssid'])
155 dev
.roam(ap1
['bssid'])
156 if dev
.get_status_field('bssid') != ap1
['bssid']:
157 raise Exception("Did not connect to correct AP")
158 if (i
== 0 or i
== roams
- 1) and test_connectivity
:
159 hwsim_utils
.test_connectivity(dev
, hapd1ap
)
161 def test_ap_ft(dev
, apdev
):
164 passphrase
="12345678"
166 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
167 hapd0
= hostapd
.add_ap(apdev
[0], params
)
168 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
169 hapd1
= hostapd
.add_ap(apdev
[1], params
)
171 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
172 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
173 raise Exception("Scan results missing RSN element info")
175 def test_ap_ft_local_key_gen(dev
, apdev
):
176 """WPA2-PSK-FT AP with local key generation (without pull/push)"""
178 passphrase
="12345678"
180 params
= ft_params1a(ssid
=ssid
, passphrase
=passphrase
)
181 params
['ft_psk_generate_local'] = "1";
182 del params
['pmk_r1_push']
183 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
184 params
= ft_params2a(ssid
=ssid
, passphrase
=passphrase
)
185 params
['ft_psk_generate_local'] = "1";
186 del params
['pmk_r1_push']
187 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
189 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
190 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
191 raise Exception("Scan results missing RSN element info")
193 def test_ap_ft_many(dev
, apdev
):
194 """WPA2-PSK-FT AP multiple times"""
196 passphrase
="12345678"
198 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
199 hapd0
= hostapd
.add_ap(apdev
[0], params
)
200 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
201 hapd1
= hostapd
.add_ap(apdev
[1], params
)
203 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, roams
=50)
205 def test_ap_ft_mixed(dev
, apdev
):
206 """WPA2-PSK-FT mixed-mode AP"""
207 ssid
= "test-ft-mixed"
208 passphrase
="12345678"
210 params
= ft_params1(rsn
=False, ssid
=ssid
, passphrase
=passphrase
)
211 hapd
= hostapd
.add_ap(apdev
[0], params
)
212 key_mgmt
= hapd
.get_config()['key_mgmt']
213 vals
= key_mgmt
.split(' ')
214 if vals
[0] != "WPA-PSK" or vals
[1] != "FT-PSK":
215 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
216 params
= ft_params2(rsn
=False, ssid
=ssid
, passphrase
=passphrase
)
217 hapd1
= hostapd
.add_ap(apdev
[1], params
)
219 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
)
221 def test_ap_ft_pmf(dev
, apdev
):
222 """WPA2-PSK-FT AP with PMF"""
224 passphrase
="12345678"
226 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
227 params
["ieee80211w"] = "2"
228 hapd0
= hostapd
.add_ap(apdev
[0], params
)
229 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
230 params
["ieee80211w"] = "2"
231 hapd1
= hostapd
.add_ap(apdev
[1], params
)
233 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
235 def test_ap_ft_over_ds(dev
, apdev
):
236 """WPA2-PSK-FT AP over DS"""
238 passphrase
="12345678"
240 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
241 hapd0
= hostapd
.add_ap(apdev
[0], params
)
242 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
243 hapd1
= hostapd
.add_ap(apdev
[1], params
)
245 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
246 check_mib(dev
[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"),
247 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4") ])
249 def test_ap_ft_over_ds_disabled(dev
, apdev
):
250 """WPA2-PSK-FT AP over DS disabled"""
252 passphrase
="12345678"
254 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
255 params
['ft_over_ds'] = '0'
256 hapd0
= hostapd
.add_ap(apdev
[0], params
)
257 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
258 params
['ft_over_ds'] = '0'
259 hapd1
= hostapd
.add_ap(apdev
[1], params
)
261 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
264 def test_ap_ft_over_ds_many(dev
, apdev
):
265 """WPA2-PSK-FT AP over DS multiple times"""
267 passphrase
="12345678"
269 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
270 hapd0
= hostapd
.add_ap(apdev
[0], params
)
271 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
272 hapd1
= hostapd
.add_ap(apdev
[1], params
)
274 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
278 def test_ap_ft_over_ds_unknown_target(dev
, apdev
):
281 passphrase
="12345678"
283 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
284 hapd0
= hostapd
.add_ap(apdev
[0], params
)
286 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
288 dev
[0].roam_over_ds("02:11:22:33:44:55", fail_test
=True)
291 def test_ap_ft_over_ds_unexpected(dev
, apdev
):
292 """WPA2-PSK-FT AP over DS and unexpected response"""
294 passphrase
="12345678"
296 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
297 hapd0
= hostapd
.add_ap(apdev
[0], params
)
298 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
299 hapd1
= hostapd
.add_ap(apdev
[1], params
)
301 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
303 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
314 addr
= dev
[0].own_addr()
315 hapd1ap
.set("ext_mgmt_frame_handling", "1")
316 logger
.info("Foreign STA address")
320 msg
['sa'] = ap1
['bssid']
321 msg
['bssid'] = ap1
['bssid']
322 msg
['payload'] = binascii
.unhexlify("06021122334455660102030405060000")
325 logger
.info("No over-the-DS in progress")
326 msg
['payload'] = binascii
.unhexlify("0602" + addr
.replace(':', '') + "0102030405060000")
329 logger
.info("Non-zero status code")
330 msg
['payload'] = binascii
.unhexlify("0602" + addr
.replace(':', '') + "0102030405060100")
333 hapd1ap
.dump_monitor()
335 dev
[0].scan_for_bss(ap2
['bssid'], freq
="2412")
336 if "OK" not in dev
[0].request("FT_DS " + ap2
['bssid']):
337 raise Exception("FT_DS failed")
339 req
= hapd1ap
.mgmt_rx()
341 logger
.info("Foreign Target AP")
342 msg
['payload'] = binascii
.unhexlify("0602" + addr
.replace(':', '') + "0102030405060000")
345 addrs
= addr
.replace(':', '') + ap2
['bssid'].replace(':', '')
347 logger
.info("No IEs")
348 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "0000")
351 logger
.info("Invalid IEs (trigger parsing failure)")
352 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003700")
355 logger
.info("Too short MDIE")
356 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "000036021122")
359 logger
.info("Mobility domain mismatch")
360 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603112201")
363 logger
.info("No FTIE")
364 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201")
367 logger
.info("FTIE SNonce mismatch")
368 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "1000000000000000000000000000000000000000000000000000000000000001" + "030a6e6173322e77312e6669")
371 logger
.info("No R0KH-ID subelem in FTIE")
372 snonce
= binascii
.hexlify(req
['payload'][111:111+32])
373 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b20137520000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
)
376 logger
.info("No R0KH-ID subelem mismatch in FTIE")
377 snonce
= binascii
.hexlify(req
['payload'][111:111+32])
378 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
+ "030a11223344556677889900")
381 logger
.info("No R1KH-ID subelem in FTIE")
382 r0khid
= binascii
.hexlify(req
['payload'][145:145+10])
383 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
+ "030a" + r0khid
)
386 logger
.info("No RSNE")
387 r0khid
= binascii
.hexlify(req
['payload'][145:145+10])
388 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b20137660000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
+ "030a" + r0khid
+ "0106000102030405")
391 def test_ap_ft_pmf_over_ds(dev
, apdev
):
392 """WPA2-PSK-FT AP over DS with PMF"""
394 passphrase
="12345678"
396 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
397 params
["ieee80211w"] = "2"
398 hapd0
= hostapd
.add_ap(apdev
[0], params
)
399 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
400 params
["ieee80211w"] = "2"
401 hapd1
= hostapd
.add_ap(apdev
[1], params
)
403 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
405 def test_ap_ft_over_ds_pull(dev
, apdev
):
406 """WPA2-PSK-FT AP over DS (pull PMK)"""
408 passphrase
="12345678"
410 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
411 params
["pmk_r1_push"] = "0"
412 hapd0
= hostapd
.add_ap(apdev
[0], params
)
413 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
414 params
["pmk_r1_push"] = "0"
415 hapd1
= hostapd
.add_ap(apdev
[1], params
)
417 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
419 def test_ap_ft_sae(dev
, apdev
):
420 """WPA2-PSK-FT-SAE AP"""
421 if "SAE" not in dev
[0].get_capability("auth_alg"):
422 raise HwsimSkip("SAE not supported")
424 passphrase
="12345678"
426 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
427 params
['wpa_key_mgmt'] = "FT-SAE"
428 hapd0
= hostapd
.add_ap(apdev
[0], params
)
429 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
430 params
['wpa_key_mgmt'] = "FT-SAE"
431 hapd
= hostapd
.add_ap(apdev
[1], params
)
432 key_mgmt
= hapd
.get_config()['key_mgmt']
433 if key_mgmt
.split(' ')[0] != "FT-SAE":
434 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
436 dev
[0].request("SET sae_groups ")
437 run_roams(dev
[0], apdev
, hapd0
, hapd
, ssid
, passphrase
, sae
=True)
439 def test_ap_ft_sae_over_ds(dev
, apdev
):
440 """WPA2-PSK-FT-SAE AP over DS"""
441 if "SAE" not in dev
[0].get_capability("auth_alg"):
442 raise HwsimSkip("SAE not supported")
444 passphrase
="12345678"
446 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
447 params
['wpa_key_mgmt'] = "FT-SAE"
448 hapd0
= hostapd
.add_ap(apdev
[0], params
)
449 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
450 params
['wpa_key_mgmt'] = "FT-SAE"
451 hapd1
= hostapd
.add_ap(apdev
[1], params
)
453 dev
[0].request("SET sae_groups ")
454 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, sae
=True,
457 def test_ap_ft_eap(dev
, apdev
):
460 passphrase
="12345678"
462 radius
= hostapd
.radius_params()
463 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
464 params
['wpa_key_mgmt'] = "FT-EAP"
465 params
["ieee8021x"] = "1"
466 params
= dict(radius
.items() + params
.items())
467 hapd
= hostapd
.add_ap(apdev
[0], params
)
468 key_mgmt
= hapd
.get_config()['key_mgmt']
469 if key_mgmt
.split(' ')[0] != "FT-EAP":
470 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
471 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
472 params
['wpa_key_mgmt'] = "FT-EAP"
473 params
["ieee8021x"] = "1"
474 params
= dict(radius
.items() + params
.items())
475 hapd1
= hostapd
.add_ap(apdev
[1], params
)
477 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
, eap
=True)
478 if "[WPA2-FT/EAP-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
479 raise Exception("Scan results missing RSN element info")
480 check_mib(dev
[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-3"),
481 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-3") ])
483 # Verify EAPOL reauthentication after FT protocol
484 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
488 ap
.request("EAPOL_REAUTH " + dev
[0].own_addr())
489 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout
=5)
491 raise Exception("EAP authentication did not start")
492 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout
=5)
494 raise Exception("EAP authentication did not succeed")
496 hwsim_utils
.test_connectivity(dev
[0], ap
)
498 def test_ap_ft_eap_pull(dev
, apdev
):
499 """WPA2-EAP-FT AP (pull PMK)"""
501 passphrase
="12345678"
503 radius
= hostapd
.radius_params()
504 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
505 params
['wpa_key_mgmt'] = "FT-EAP"
506 params
["ieee8021x"] = "1"
507 params
["pmk_r1_push"] = "0"
508 params
= dict(radius
.items() + params
.items())
509 hapd
= hostapd
.add_ap(apdev
[0], params
)
510 key_mgmt
= hapd
.get_config()['key_mgmt']
511 if key_mgmt
.split(' ')[0] != "FT-EAP":
512 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
513 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
514 params
['wpa_key_mgmt'] = "FT-EAP"
515 params
["ieee8021x"] = "1"
516 params
["pmk_r1_push"] = "0"
517 params
= dict(radius
.items() + params
.items())
518 hapd1
= hostapd
.add_ap(apdev
[1], params
)
520 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
, eap
=True)
523 def test_ap_ft_mismatching_rrb_key_push(dev
, apdev
):
524 """WPA2-PSK-FT AP over DS with mismatching RRB key (push)"""
526 passphrase
="12345678"
528 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
529 params
["ieee80211w"] = "2"
530 hapd0
= hostapd
.add_ap(apdev
[0], params
)
531 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
532 params
["ieee80211w"] = "2"
533 hapd1
= hostapd
.add_ap(apdev
[1], params
)
535 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
539 def test_ap_ft_mismatching_rrb_key_pull(dev
, apdev
):
540 """WPA2-PSK-FT AP over DS with mismatching RRB key (pull)"""
542 passphrase
="12345678"
544 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
545 params
["pmk_r1_push"] = "0"
546 hapd0
= hostapd
.add_ap(apdev
[0], params
)
547 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
548 params
["pmk_r1_push"] = "0"
549 hapd1
= hostapd
.add_ap(apdev
[1], params
)
551 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
555 def test_ap_ft_mismatching_r0kh_id_pull(dev
, apdev
):
556 """WPA2-PSK-FT AP over DS with mismatching R0KH-ID (pull)"""
558 passphrase
="12345678"
560 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
561 params
["pmk_r1_push"] = "0"
562 params
["nas_identifier"] = "nas0.w1.fi"
563 hostapd
.add_ap(apdev
[0], params
)
564 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
567 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
568 params
["pmk_r1_push"] = "0"
569 hostapd
.add_ap(apdev
[1], params
)
571 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
572 dev
[0].roam_over_ds(apdev
[1]['bssid'], fail_test
=True)
575 def test_ap_ft_mismatching_rrb_r0kh_push(dev
, apdev
):
576 """WPA2-PSK-FT AP over DS with mismatching R0KH key (push)"""
578 passphrase
="12345678"
580 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
581 params
["ieee80211w"] = "2"
582 hapd0
= hostapd
.add_ap(apdev
[0], params
)
583 params
= ft_params2_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
584 params
["ieee80211w"] = "2"
585 hapd1
= hostapd
.add_ap(apdev
[1], params
)
587 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
591 def test_ap_ft_mismatching_rrb_r0kh_pull(dev
, apdev
):
592 """WPA2-PSK-FT AP over DS with mismatching R0KH key (pull)"""
594 passphrase
="12345678"
596 params
= ft_params1_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
597 params
["pmk_r1_push"] = "0"
598 hapd0
= hostapd
.add_ap(apdev
[0], params
)
599 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
600 params
["pmk_r1_push"] = "0"
601 hapd1
= hostapd
.add_ap(apdev
[1], params
)
603 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
606 def test_ap_ft_mismatching_rrb_key_push_eap(dev
, apdev
):
607 """WPA2-EAP-FT AP over DS with mismatching RRB key (push)"""
609 passphrase
="12345678"
611 radius
= hostapd
.radius_params()
612 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
613 params
["ieee80211w"] = "2";
614 params
['wpa_key_mgmt'] = "FT-EAP"
615 params
["ieee8021x"] = "1"
616 params
= dict(radius
.items() + params
.items())
617 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
618 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
619 params
["ieee80211w"] = "2";
620 params
['wpa_key_mgmt'] = "FT-EAP"
621 params
["ieee8021x"] = "1"
622 params
= dict(radius
.items() + params
.items())
623 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
625 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
626 fail_test
=True, eap
=True)
628 def test_ap_ft_mismatching_rrb_key_pull_eap(dev
, apdev
):
629 """WPA2-EAP-FT AP over DS with mismatching RRB key (pull)"""
631 passphrase
="12345678"
633 radius
= hostapd
.radius_params()
634 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
635 params
["pmk_r1_push"] = "0"
636 params
['wpa_key_mgmt'] = "FT-EAP"
637 params
["ieee8021x"] = "1"
638 params
= dict(radius
.items() + params
.items())
639 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
640 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
641 params
["pmk_r1_push"] = "0"
642 params
['wpa_key_mgmt'] = "FT-EAP"
643 params
["ieee8021x"] = "1"
644 params
= dict(radius
.items() + params
.items())
645 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
647 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
648 fail_test
=True, eap
=True)
650 def test_ap_ft_mismatching_r0kh_id_pull_eap(dev
, apdev
):
651 """WPA2-EAP-FT AP over DS with mismatching R0KH-ID (pull)"""
653 passphrase
="12345678"
655 radius
= hostapd
.radius_params()
656 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
657 params
["pmk_r1_push"] = "0"
658 params
["nas_identifier"] = "nas0.w1.fi"
659 params
['wpa_key_mgmt'] = "FT-EAP"
660 params
["ieee8021x"] = "1"
661 params
= dict(radius
.items() + params
.items())
662 hostapd
.add_ap(apdev
[0]['ifname'], params
)
663 dev
[0].connect(ssid
, key_mgmt
="FT-EAP", proto
="WPA2", ieee80211w
="1",
664 eap
="GPSK", identity
="gpsk user",
665 password
="abcdefghijklmnop0123456789abcdef",
668 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
669 params
["pmk_r1_push"] = "0"
670 params
['wpa_key_mgmt'] = "FT-EAP"
671 params
["ieee8021x"] = "1"
672 params
= dict(radius
.items() + params
.items())
673 hostapd
.add_ap(apdev
[1]['ifname'], params
)
675 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
676 dev
[0].roam_over_ds(apdev
[1]['bssid'], fail_test
=True)
678 def test_ap_ft_mismatching_rrb_r0kh_push_eap(dev
, apdev
):
679 """WPA2-EAP-FT AP over DS with mismatching R0KH key (push)"""
681 passphrase
="12345678"
683 radius
= hostapd
.radius_params()
684 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
685 params
["ieee80211w"] = "2";
686 params
['wpa_key_mgmt'] = "FT-EAP"
687 params
["ieee8021x"] = "1"
688 params
= dict(radius
.items() + params
.items())
689 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
690 params
= ft_params2_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
691 params
["ieee80211w"] = "2";
692 params
['wpa_key_mgmt'] = "FT-EAP"
693 params
["ieee8021x"] = "1"
694 params
= dict(radius
.items() + params
.items())
695 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
697 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
698 fail_test
=True, eap
=True)
700 def test_ap_ft_mismatching_rrb_r0kh_pull_eap(dev
, apdev
):
701 """WPA2-EAP-FT AP over DS with mismatching R0KH key (pull)"""
703 passphrase
="12345678"
705 radius
= hostapd
.radius_params()
706 params
= ft_params1_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
707 params
["pmk_r1_push"] = "0"
708 params
['wpa_key_mgmt'] = "FT-EAP"
709 params
["ieee8021x"] = "1"
710 params
= dict(radius
.items() + params
.items())
711 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
712 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
713 params
["pmk_r1_push"] = "0"
714 params
['wpa_key_mgmt'] = "FT-EAP"
715 params
["ieee8021x"] = "1"
716 params
= dict(radius
.items() + params
.items())
717 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
719 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
720 fail_test
=True, eap
=True)
722 def test_ap_ft_gtk_rekey(dev
, apdev
):
723 """WPA2-PSK-FT AP and GTK rekey"""
725 passphrase
="12345678"
727 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
728 params
['wpa_group_rekey'] = '1'
729 hapd
= hostapd
.add_ap(apdev
[0], params
)
731 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
732 ieee80211w
="1", scan_freq
="2412")
734 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
736 raise Exception("GTK rekey timed out after initial association")
737 hwsim_utils
.test_connectivity(dev
[0], hapd
)
739 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
740 params
['wpa_group_rekey'] = '1'
741 hapd1
= hostapd
.add_ap(apdev
[1], params
)
743 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
744 dev
[0].roam(apdev
[1]['bssid'])
745 if dev
[0].get_status_field('bssid') != apdev
[1]['bssid']:
746 raise Exception("Did not connect to correct AP")
747 hwsim_utils
.test_connectivity(dev
[0], hapd1
)
749 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
751 raise Exception("GTK rekey timed out after FT protocol")
752 hwsim_utils
.test_connectivity(dev
[0], hapd1
)
754 def test_ft_psk_key_lifetime_in_memory(dev
, apdev
, params
):
755 """WPA2-PSK-FT and key lifetime in memory"""
757 passphrase
="04c2726b4b8d5f1b4db9c07aa4d9e9d8f765cb5d25ec817e6cc4fcdd5255db0"
758 psk
= '93c90846ff67af9037ed83fb72b63dbeddaa81d47f926c20909b5886f1d9358d'
759 pmk
= binascii
.unhexlify(psk
)
760 p
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
761 hapd0
= hostapd
.add_ap(apdev
[0], p
)
762 p
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
763 hapd1
= hostapd
.add_ap(apdev
[1], p
)
765 pid
= find_wpas_process(dev
[0])
767 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
769 # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
770 # event has been delivered, so verify that wpa_supplicant has returned to
771 # eloop before reading process memory.
775 buf
= read_process_memory(pid
, pmk
)
777 dev
[0].request("DISCONNECT")
778 dev
[0].wait_disconnected()
785 with
open(os
.path
.join(params
['logdir'], 'log0'), 'r') as f
:
786 for l
in f
.readlines():
787 if "FT: PMK-R0 - hexdump" in l
:
788 val
= l
.strip().split(':')[3].replace(' ', '')
789 pmkr0
= binascii
.unhexlify(val
)
790 if "FT: PMK-R1 - hexdump" in l
:
791 val
= l
.strip().split(':')[3].replace(' ', '')
792 pmkr1
= binascii
.unhexlify(val
)
793 if "FT: KCK - hexdump" in l
:
794 val
= l
.strip().split(':')[3].replace(' ', '')
795 kck
= binascii
.unhexlify(val
)
796 if "FT: KEK - hexdump" in l
:
797 val
= l
.strip().split(':')[3].replace(' ', '')
798 kek
= binascii
.unhexlify(val
)
799 if "FT: TK - hexdump" in l
:
800 val
= l
.strip().split(':')[3].replace(' ', '')
801 tk
= binascii
.unhexlify(val
)
802 if "WPA: Group Key - hexdump" in l
:
803 val
= l
.strip().split(':')[3].replace(' ', '')
804 gtk
= binascii
.unhexlify(val
)
805 if not pmkr0
or not pmkr1
or not kck
or not kek
or not tk
or not gtk
:
806 raise Exception("Could not find keys from debug log")
808 raise Exception("Unexpected GTK length")
810 logger
.info("Checking keys in memory while associated")
811 get_key_locations(buf
, pmk
, "PMK")
812 get_key_locations(buf
, pmkr0
, "PMK-R0")
813 get_key_locations(buf
, pmkr1
, "PMK-R1")
815 raise HwsimSkip("PMK not found while associated")
817 raise HwsimSkip("PMK-R0 not found while associated")
819 raise HwsimSkip("PMK-R1 not found while associated")
821 raise Exception("KCK not found while associated")
823 raise Exception("KEK not found while associated")
825 raise Exception("TK found from memory")
827 get_key_locations(buf
, gtk
, "GTK")
828 raise Exception("GTK found from memory")
830 logger
.info("Checking keys in memory after disassociation")
831 buf
= read_process_memory(pid
, pmk
)
832 get_key_locations(buf
, pmk
, "PMK")
833 get_key_locations(buf
, pmkr0
, "PMK-R0")
834 get_key_locations(buf
, pmkr1
, "PMK-R1")
836 # Note: PMK/PSK is still present in network configuration
838 fname
= os
.path
.join(params
['logdir'],
839 'ft_psk_key_lifetime_in_memory.memctx-')
840 verify_not_present(buf
, pmkr0
, fname
, "PMK-R0")
841 verify_not_present(buf
, pmkr1
, fname
, "PMK-R1")
842 verify_not_present(buf
, kck
, fname
, "KCK")
843 verify_not_present(buf
, kek
, fname
, "KEK")
844 verify_not_present(buf
, tk
, fname
, "TK")
845 verify_not_present(buf
, gtk
, fname
, "GTK")
847 dev
[0].request("REMOVE_NETWORK all")
849 logger
.info("Checking keys in memory after network profile removal")
850 buf
= read_process_memory(pid
, pmk
)
851 get_key_locations(buf
, pmk
, "PMK")
852 get_key_locations(buf
, pmkr0
, "PMK-R0")
853 get_key_locations(buf
, pmkr1
, "PMK-R1")
855 verify_not_present(buf
, pmk
, fname
, "PMK")
856 verify_not_present(buf
, pmkr0
, fname
, "PMK-R0")
857 verify_not_present(buf
, pmkr1
, fname
, "PMK-R1")
858 verify_not_present(buf
, kck
, fname
, "KCK")
859 verify_not_present(buf
, kek
, fname
, "KEK")
860 verify_not_present(buf
, tk
, fname
, "TK")
861 verify_not_present(buf
, gtk
, fname
, "GTK")
864 def test_ap_ft_invalid_resp(dev
, apdev
):
865 """WPA2-PSK-FT AP and invalid response IEs"""
867 passphrase
="12345678"
869 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
870 hapd0
= hostapd
.add_ap(apdev
[0], params
)
871 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
874 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
875 hapd1
= hostapd
.add_ap(apdev
[1], params
)
878 # Various IEs for test coverage. The last one is FTIE with invalid
879 # R1KH-ID subelement.
880 "020002000000" + "3800" + "38051122334455" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010100",
881 # FTIE with invalid R0KH-ID subelement (len=0).
882 "020002000000" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010300",
883 # FTIE with invalid R0KH-ID subelement (len=49).
884 "020002000000" + "378500010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001033101020304050607080910111213141516171819202122232425262728293031323334353637383940414243444546474849",
886 "020002000000" + "3000",
887 # Required IEs missing from protected IE count.
888 "020002000000" + "3603a1b201" + "375200010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
889 # RIC missing from protected IE count.
890 "020002000000" + "3603a1b201" + "375200020203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
891 # Protected IE missing.
892 "020002000000" + "3603a1b201" + "375200ff0203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900" + "0000" ]
894 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
895 hapd1
.set("ext_mgmt_frame_handling", "1")
897 if "OK" not in dev
[0].request("ROAM " + apdev
[1]['bssid']):
898 raise Exception("ROAM failed")
901 msg
= hapd1
.mgmt_rx()
902 if msg
['subtype'] == 11:
906 raise Exception("Authentication frame not seen")
909 resp
['fc'] = auth
['fc']
910 resp
['da'] = auth
['sa']
911 resp
['sa'] = auth
['da']
912 resp
['bssid'] = auth
['bssid']
913 resp
['payload'] = binascii
.unhexlify(t
)
915 hapd1
.set("ext_mgmt_frame_handling", "0")
916 dev
[0].wait_disconnected()
918 dev
[0].request("RECONNECT")
919 dev
[0].wait_connected()
921 def test_ap_ft_gcmp_256(dev
, apdev
):
922 """WPA2-PSK-FT AP with GCMP-256 cipher"""
923 if "GCMP-256" not in dev
[0].get_capability("pairwise"):
924 raise HwsimSkip("Cipher GCMP-256 not supported")
926 passphrase
="12345678"
928 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
929 params
['rsn_pairwise'] = "GCMP-256"
930 hapd0
= hostapd
.add_ap(apdev
[0], params
)
931 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
932 params
['rsn_pairwise'] = "GCMP-256"
933 hapd1
= hostapd
.add_ap(apdev
[1], params
)
935 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
,
936 pairwise_cipher
="GCMP-256", group_cipher
="GCMP-256")
938 def test_ap_ft_oom(dev
, apdev
):
939 """WPA2-PSK-FT and OOM"""
940 skip_with_fips(dev
[0])
942 passphrase
="12345678"
944 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
945 hapd0
= hostapd
.add_ap(apdev
[0], params
)
946 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
947 hapd1
= hostapd
.add_ap(apdev
[1], params
)
949 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
951 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
952 dst
= apdev
[1]['bssid']
954 dst
= apdev
[0]['bssid']
956 dev
[0].scan_for_bss(dst
, freq
="2412")
957 with
alloc_fail(dev
[0], 1, "wpa_ft_gen_req_ies"):
959 with
fail_test(dev
[0], 1, "wpa_ft_mic"):
960 dev
[0].roam(dst
, fail_test
=True)
961 with
fail_test(dev
[0], 1, "os_get_random;wpa_ft_prepare_auth_request"):
962 dev
[0].roam(dst
, fail_test
=True)
964 dev
[0].request("REMOVE_NETWORK all")
965 with
alloc_fail(dev
[0], 1, "=sme_update_ft_ies"):
966 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
969 def test_ap_ft_ap_oom(dev
, apdev
):
970 """WPA2-PSK-FT and AP OOM"""
972 passphrase
="12345678"
974 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
975 hapd0
= hostapd
.add_ap(apdev
[0], params
)
976 bssid0
= hapd0
.own_addr()
978 dev
[0].scan_for_bss(bssid0
, freq
="2412")
979 with
alloc_fail(hapd0
, 1, "wpa_ft_store_pmk_r0"):
980 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
983 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
984 hapd1
= hostapd
.add_ap(apdev
[1], params
)
985 bssid1
= hapd1
.own_addr()
986 dev
[0].scan_for_bss(bssid1
, freq
="2412")
987 # This roam will fail due to missing PMK-R0 (OOM prevented storing it)
990 def test_ap_ft_ap_oom2(dev
, apdev
):
991 """WPA2-PSK-FT and AP OOM 2"""
993 passphrase
="12345678"
995 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
996 hapd0
= hostapd
.add_ap(apdev
[0], params
)
997 bssid0
= hapd0
.own_addr()
999 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1000 with
alloc_fail(hapd0
, 1, "wpa_ft_store_pmk_r1"):
1001 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1004 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1005 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1006 bssid1
= hapd1
.own_addr()
1007 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1009 if dev
[0].get_status_field('bssid') != bssid1
:
1010 raise Exception("Did not roam to AP1")
1011 # This roam will fail due to missing PMK-R1 (OOM prevented storing it)
1014 def test_ap_ft_ap_oom3(dev
, apdev
):
1015 """WPA2-PSK-FT and AP OOM 3"""
1017 passphrase
="12345678"
1019 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1020 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1021 bssid0
= hapd0
.own_addr()
1023 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1024 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1027 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1028 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1029 bssid1
= hapd1
.own_addr()
1030 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1031 with
alloc_fail(hapd1
, 1, "wpa_ft_pull_pmk_r1"):
1032 # This will fail due to not being able to send out PMK-R1 pull request
1035 with
fail_test(hapd1
, 1, "os_get_random;wpa_ft_pull_pmk_r1"):
1036 # This will fail due to not being able to send out PMK-R1 pull request
1039 with
fail_test(hapd1
, 1, "aes_wrap;wpa_ft_pull_pmk_r1"):
1040 # This will fail due to not being able to send out PMK-R1 pull request
1043 def test_ap_ft_ap_oom4(dev
, apdev
):
1044 """WPA2-PSK-FT and AP OOM 4"""
1046 passphrase
="12345678"
1048 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1049 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1050 bssid0
= hapd0
.own_addr()
1052 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1053 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1056 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1057 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1058 bssid1
= hapd1
.own_addr()
1059 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1060 with
alloc_fail(hapd1
, 1, "wpa_ft_gtk_subelem"):
1062 if dev
[0].get_status_field('bssid') != bssid1
:
1063 raise Exception("Did not roam to AP1")
1065 with
fail_test(hapd0
, 1, "wpa_auth_get_seqnum;wpa_ft_gtk_subelem"):
1067 if dev
[0].get_status_field('bssid') != bssid0
:
1068 raise Exception("Did not roam to AP0")
1070 with
fail_test(hapd0
, 1, "aes_wrap;wpa_ft_gtk_subelem"):
1072 if dev
[0].get_status_field('bssid') != bssid1
:
1073 raise Exception("Did not roam to AP1")
1075 def test_ap_ft_ap_oom5(dev
, apdev
):
1076 """WPA2-PSK-FT and AP OOM 5"""
1078 passphrase
="12345678"
1080 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1081 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1082 bssid0
= hapd0
.own_addr()
1084 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1085 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1088 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1089 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1090 bssid1
= hapd1
.own_addr()
1091 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1092 with
alloc_fail(hapd1
, 1, "=wpa_ft_process_auth_req"):
1093 # This will fail to roam
1096 with
fail_test(hapd1
, 1, "os_get_random;wpa_ft_process_auth_req"):
1097 # This will fail to roam
1100 with
fail_test(hapd1
, 1, "sha256_prf_bits;wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
1101 # This will fail to roam
1104 with
fail_test(hapd1
, 3, "wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
1105 # This will fail to roam
1108 with
fail_test(hapd1
, 1, "wpa_derive_pmk_r1_name;wpa_ft_process_auth_req"):
1109 # This will fail to roam
1112 def test_ap_ft_ap_oom6(dev
, apdev
):
1113 """WPA2-PSK-FT and AP OOM 6"""
1115 passphrase
="12345678"
1117 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1118 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1119 bssid0
= hapd0
.own_addr()
1121 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1122 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r0;wpa_auth_derive_ptk_ft"):
1123 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1125 dev
[0].request("REMOVE_NETWORK all")
1126 dev
[0].wait_disconnected()
1127 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r1;wpa_auth_derive_ptk_ft"):
1128 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1130 dev
[0].request("REMOVE_NETWORK all")
1131 dev
[0].wait_disconnected()
1132 with
fail_test(hapd0
, 1, "wpa_pmk_r1_to_ptk;wpa_auth_derive_ptk_ft"):
1133 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1136 def test_ap_ft_ap_oom7(dev
, apdev
):
1137 """WPA2-PSK-FT and AP OOM 7"""
1139 passphrase
="12345678"
1141 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1142 params
["ieee80211w"] = "2"
1143 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1144 bssid0
= hapd0
.own_addr()
1146 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1147 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1148 ieee80211w
="2", scan_freq
="2412")
1150 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1151 params
["ieee80211w"] = "2"
1152 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1153 bssid1
= hapd1
.own_addr()
1154 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1155 with
alloc_fail(hapd1
, 1, "wpa_ft_igtk_subelem"):
1156 # This will fail to roam
1158 with
fail_test(hapd1
, 1, "aes_wrap;wpa_ft_igtk_subelem"):
1159 # This will fail to roam
1161 with
alloc_fail(hapd1
, 1, "=wpa_sm_write_assoc_resp_ies"):
1162 # This will fail to roam
1164 with
fail_test(hapd1
, 1, "wpa_ft_mic;wpa_sm_write_assoc_resp_ies"):
1165 # This will fail to roam
1168 def test_ap_ft_ap_oom8(dev
, apdev
):
1169 """WPA2-PSK-FT and AP OOM 8"""
1171 passphrase
="12345678"
1173 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1174 params
['ft_psk_generate_local'] = "1";
1175 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1176 bssid0
= hapd0
.own_addr()
1178 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1179 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1182 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1183 params
['ft_psk_generate_local'] = "1";
1184 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1185 bssid1
= hapd1
.own_addr()
1186 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1187 with
fail_test(hapd1
, 1, "wpa_derive_pmk_r0;wpa_ft_psk_pmk_r1"):
1188 # This will fail to roam
1190 with
fail_test(hapd1
, 1, "wpa_derive_pmk_r1;wpa_ft_psk_pmk_r1"):
1191 # This will fail to roam
1194 def test_ap_ft_ap_oom9(dev
, apdev
):
1195 """WPA2-PSK-FT and AP OOM 9"""
1197 passphrase
="12345678"
1199 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1200 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1201 bssid0
= hapd0
.own_addr()
1203 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1204 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1207 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1208 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1209 bssid1
= hapd1
.own_addr()
1210 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1212 with
alloc_fail(hapd0
, 1, "wpa_ft_action_rx"):
1213 # This will fail to roam
1214 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1215 raise Exception("FT_DS failed")
1216 wait_fail_trigger(hapd0
, "GET_ALLOC_FAIL")
1218 with
alloc_fail(hapd1
, 1, "wpa_ft_rrb_rx_request"):
1219 # This will fail to roam
1220 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1221 raise Exception("FT_DS failed")
1222 wait_fail_trigger(hapd1
, "GET_ALLOC_FAIL")
1224 with
alloc_fail(hapd1
, 1, "wpa_ft_send_rrb_auth_resp"):
1225 # This will fail to roam
1226 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1227 raise Exception("FT_DS failed")
1228 wait_fail_trigger(hapd1
, "GET_ALLOC_FAIL")
1230 def test_ap_ft_ap_oom10(dev
, apdev
):
1231 """WPA2-PSK-FT and AP OOM 10"""
1233 passphrase
="12345678"
1235 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1236 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1237 bssid0
= hapd0
.own_addr()
1239 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1240 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1243 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1244 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1245 bssid1
= hapd1
.own_addr()
1246 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1248 with
fail_test(hapd0
, 1, "aes_unwrap;wpa_ft_rrb_rx_pull"):
1249 # This will fail to roam
1250 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1251 raise Exception("FT_DS failed")
1252 wait_fail_trigger(hapd0
, "GET_FAIL")
1254 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r1;wpa_ft_rrb_rx_pull"):
1255 # This will fail to roam
1256 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1257 raise Exception("FT_DS failed")
1258 wait_fail_trigger(hapd0
, "GET_FAIL")
1260 with
fail_test(hapd0
, 1, "aes_wrap;wpa_ft_rrb_rx_pull"):
1261 # This will fail to roam
1262 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1263 raise Exception("FT_DS failed")
1264 wait_fail_trigger(hapd0
, "GET_FAIL")
1266 with
fail_test(hapd1
, 1, "aes_unwrap;wpa_ft_rrb_rx_resp"):
1267 # This will fail to roam
1268 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1269 raise Exception("FT_DS failed")
1270 wait_fail_trigger(hapd1
, "GET_FAIL")
1272 def test_ap_ft_ap_oom11(dev
, apdev
):
1273 """WPA2-PSK-FT and AP OOM 11"""
1275 passphrase
="12345678"
1277 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1278 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1279 bssid0
= hapd0
.own_addr()
1281 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1282 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r1;wpa_ft_generate_pmk_r1"):
1283 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1285 wait_fail_trigger(hapd0
, "GET_FAIL")
1287 dev
[1].scan_for_bss(bssid0
, freq
="2412")
1288 with
fail_test(hapd0
, 1, "aes_wrap;wpa_ft_generate_pmk_r1"):
1289 dev
[1].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1291 wait_fail_trigger(hapd0
, "GET_FAIL")
1293 def test_ap_ft_over_ds_proto_ap(dev
, apdev
):
1294 """WPA2-PSK-FT AP over DS protocol testing for AP processing"""
1296 passphrase
="12345678"
1298 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1299 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1300 bssid0
= hapd0
.own_addr()
1301 _bssid0
= bssid0
.replace(':', '')
1302 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1304 addr
= dev
[0].own_addr()
1305 _addr
= addr
.replace(':', '')
1307 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1308 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1309 bssid1
= hapd1
.own_addr()
1310 _bssid1
= bssid1
.replace(':', '')
1312 hapd0
.set("ext_mgmt_frame_handling", "1")
1313 hdr
= "d0003a01" + _bssid0
+ _addr
+ _bssid0
+ "1000"
1314 valid
= "0601" + _addr
+ _bssid1
1317 "0601" + _addr
+ _bssid0
,
1318 "0601" + _addr
+ "ffffffffffff",
1319 "0601" + _bssid0
+ _bssid0
,
1324 valid
+ "3603ffffff",
1325 valid
+ "3603a1b2ff",
1326 valid
+ "3603a1b2ff" + "3700",
1327 valid
+ "3603a1b2ff" + "37520000" + 16*"00" + 32*"00" + 32*"00",
1328 valid
+ "3603a1b2ff" + "37520001" + 16*"00" + 32*"00" + 32*"00",
1329 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa",
1330 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "3000",
1331 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000facff00000100a225368fe0983b5828a37a0acb37f253",
1332 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac030100000fac0400000100a225368fe0983b5828a37a0acb37f253",
1333 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000fac0400000100a225368fe0983b5828a37a0acb37f253",
1336 hapd0
.dump_monitor()
1337 if "OK" not in hapd0
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr
+ t
):
1338 raise Exception("MGMT_RX_PROCESS failed")
1340 hapd0
.set("ext_mgmt_frame_handling", "0")
1342 def test_ap_ft_over_ds_proto(dev
, apdev
):
1343 """WPA2-PSK-FT AP over DS protocol testing"""
1345 passphrase
="12345678"
1347 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1348 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1349 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1352 # FT Action Response while no FT-over-DS in progress
1355 msg
['da'] = dev
[0].own_addr()
1356 msg
['sa'] = apdev
[0]['bssid']
1357 msg
['bssid'] = apdev
[0]['bssid']
1358 msg
['payload'] = binascii
.unhexlify("06020200000000000200000004000000")
1361 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1362 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1363 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
1364 hapd0
.set("ext_mgmt_frame_handling", "1")
1365 hapd0
.dump_monitor()
1366 dev
[0].request("FT_DS " + apdev
[1]['bssid'])
1367 for i
in range(0, 10):
1368 req
= hapd0
.mgmt_rx()
1370 raise Exception("MGMT RX wait timed out")
1371 if req
['subtype'] == 13:
1375 raise Exception("FT Action frame not received")
1377 # FT Action Response for unexpected Target AP
1378 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "f20000000400" + "0000")
1381 # FT Action Response without MDIE
1382 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "020000000400" + "0000")
1385 # FT Action Response without FTIE
1386 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201")
1389 # FT Action Response with FTIE SNonce mismatch
1390 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201" + "3766000000000000000000000000000000000000c4e67ac1999bebd00ff4ae4d5dcaf87896bb060b469f7c78d49623fb395c3455ffffff6b693fe6f8d8c5dfac0a22344750775bd09437f98b238c9f87b97f790c0106000102030406030a6e6173312e77312e6669")
1394 def test_ap_ft_rrb(dev
, apdev
):
1395 """WPA2-PSK-FT RRB protocol testing"""
1397 passphrase
="12345678"
1399 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1400 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1402 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1405 _dst_ll
= binascii
.unhexlify(apdev
[0]['bssid'].replace(':',''))
1406 _src_ll
= binascii
.unhexlify(dev
[0].own_addr().replace(':',''))
1408 ehdr
= _dst_ll
+ _src_ll
+ proto
1410 # Too short RRB frame
1412 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1413 raise Exception("DATA_TEST_FRAME failed")
1415 # RRB discarded frame wikth unrecognized type
1416 pkt
= ehdr
+ '\x02' + '\x02' + '\x01\x00' + _src_ll
1417 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1418 raise Exception("DATA_TEST_FRAME failed")
1420 # RRB frame too short for action frame
1421 pkt
= ehdr
+ '\x01' + '\x02' + '\x01\x00' + _src_ll
1422 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1423 raise Exception("DATA_TEST_FRAME failed")
1425 # Too short RRB frame (not enough room for Action Frame body)
1426 pkt
= ehdr
+ '\x01' + '\x02' + '\x00\x00' + _src_ll
1427 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1428 raise Exception("DATA_TEST_FRAME failed")
1430 # Unexpected Action frame category
1431 pkt
= ehdr
+ '\x01' + '\x02' + '\x0e\x00' + _src_ll
+ '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1432 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1433 raise Exception("DATA_TEST_FRAME failed")
1435 # Unexpected Action in RRB Request
1436 pkt
= ehdr
+ '\x01' + '\x00' + '\x0e\x00' + _src_ll
+ '\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1437 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1438 raise Exception("DATA_TEST_FRAME failed")
1440 # Target AP address in RRB Request does not match with own address
1441 pkt
= ehdr
+ '\x01' + '\x00' + '\x0e\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1442 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1443 raise Exception("DATA_TEST_FRAME failed")
1445 # Not enough room for status code in RRB Response
1446 pkt
= ehdr
+ '\x01' + '\x01' + '\x0e\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1447 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1448 raise Exception("DATA_TEST_FRAME failed")
1450 # RRB discarded frame with unknown packet_type
1451 pkt
= ehdr
+ '\x01' + '\x02' + '\x0e\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1452 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1453 raise Exception("DATA_TEST_FRAME failed")
1455 # RRB Response with non-zero status code; no STA match
1456 pkt
= ehdr
+ '\x01' + '\x01' + '\x10\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + '\xff\xff'
1457 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1458 raise Exception("DATA_TEST_FRAME failed")
1460 # RRB Response with zero status code and extra data; STA match
1461 pkt
= ehdr
+ '\x01' + '\x01' + '\x11\x00' + _src_ll
+ '\x06\x01' + _src_ll
+ '\x00\x00\x00\x00\x00\x00' + '\x00\x00' + '\x00'
1462 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1463 raise Exception("DATA_TEST_FRAME failed")
1465 # Too short PMK-R1 pull
1466 pkt
= ehdr
+ '\x01' + '\xc8' + '\x0e\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1467 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1468 raise Exception("DATA_TEST_FRAME failed")
1470 # Too short PMK-R1 resp
1471 pkt
= ehdr
+ '\x01' + '\xc9' + '\x0e\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1472 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1473 raise Exception("DATA_TEST_FRAME failed")
1475 # Too short PMK-R1 push
1476 pkt
= ehdr
+ '\x01' + '\xca' + '\x0e\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1477 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1478 raise Exception("DATA_TEST_FRAME failed")
1480 # No matching R0KH address found for PMK-R0 pull response
1481 pkt
= ehdr
+ '\x01' + '\xc9' + '\x5a\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + 76*'\00'
1482 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1483 raise Exception("DATA_TEST_FRAME failed")
1486 def test_rsn_ie_proto_ft_psk_sta(dev
, apdev
):
1487 """RSN element protocol testing for FT-PSK + PMF cases on STA side"""
1488 bssid
= apdev
[0]['bssid']
1490 passphrase
="12345678"
1492 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1493 params
["ieee80211w"] = "1"
1494 # This is the RSN element used normally by hostapd
1495 params
['own_ie_override'] = '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'
1496 hapd
= hostapd
.add_ap(apdev
[0], params
)
1497 id = dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1498 ieee80211w
="1", scan_freq
="2412",
1499 pairwise
="CCMP", group
="CCMP")
1501 tests
= [ ('PMKIDCount field included',
1502 '30160100000fac040100000fac040100000fac048c000000' + '3603a1b201'),
1503 ('Extra IE before RSNE',
1504 'dd0400000000' + '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'),
1505 ('PMKIDCount and Group Management Cipher suite fields included',
1506 '301a0100000fac040100000fac040100000fac048c000000000fac06' + '3603a1b201'),
1507 ('Extra octet after defined fields (future extensibility)',
1508 '301b0100000fac040100000fac040100000fac048c000000000fac0600' + '3603a1b201'),
1509 ('No RSN Capabilities field (PMF disabled in practice)',
1510 '30120100000fac040100000fac040100000fac04' + '3603a1b201') ]
1511 for txt
,ie
in tests
:
1512 dev
[0].request("DISCONNECT")
1513 dev
[0].wait_disconnected()
1516 hapd
.set('own_ie_override', ie
)
1518 dev
[0].request("BSS_FLUSH 0")
1519 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
1520 dev
[0].select_network(id, freq
=2412)
1521 dev
[0].wait_connected()
1523 dev
[0].request("DISCONNECT")
1524 dev
[0].wait_disconnected()
1526 logger
.info('Invalid RSNE causing internal hostapd error')
1528 hapd
.set('own_ie_override', '30130100000fac040100000fac040100000fac048c' + '3603a1b201')
1530 dev
[0].request("BSS_FLUSH 0")
1531 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
1532 dev
[0].select_network(id, freq
=2412)
1533 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
1535 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=1)
1537 raise Exception("Unexpected connection")
1538 dev
[0].request("DISCONNECT")
1540 logger
.info('Unexpected PMKID causing internal hostapd error')
1542 hapd
.set('own_ie_override', '30260100000fac040100000fac040100000fac048c000100ffffffffffffffffffffffffffffffff' + '3603a1b201')
1544 dev
[0].request("BSS_FLUSH 0")
1545 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
1546 dev
[0].select_network(id, freq
=2412)
1547 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
1549 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=1)
1551 raise Exception("Unexpected connection")
1552 dev
[0].request("DISCONNECT")
1554 def test_ap_ft_ptk_rekey(dev
, apdev
):
1555 """WPA2-PSK-FT PTK rekeying triggered by station after roam"""
1557 passphrase
="12345678"
1559 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1560 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1561 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1562 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1564 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, ptk_rekey
="1")
1566 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECTED",
1567 "WPA: Key negotiation completed"], timeout
=5)
1569 raise Exception("No event received after roam")
1570 if "CTRL-EVENT-DISCONNECTED" in ev
:
1571 raise Exception("Unexpected disconnection after roam")
1573 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
1577 hwsim_utils
.test_connectivity(dev
[0], hapd
)
1579 def test_ap_ft_ptk_rekey_ap(dev
, apdev
):
1580 """WPA2-PSK-FT PTK rekeying triggered by AP after roam"""
1582 passphrase
="12345678"
1584 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1585 params
['wpa_ptk_rekey'] = '2'
1586 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1587 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1588 params
['wpa_ptk_rekey'] = '2'
1589 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1591 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
1593 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECTED",
1594 "WPA: Key negotiation completed"], timeout
=5)
1596 raise Exception("No event received after roam")
1597 if "CTRL-EVENT-DISCONNECTED" in ev
:
1598 raise Exception("Unexpected disconnection after roam")
1600 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
1604 hwsim_utils
.test_connectivity(dev
[0], hapd
)
1606 def test_ap_ft_internal_rrb_check(dev
, apdev
):
1607 """RRB internal delivery only to WPA enabled BSS"""
1609 passphrase
="12345678"
1611 radius
= hostapd
.radius_params()
1612 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1613 params
['wpa_key_mgmt'] = "FT-EAP"
1614 params
["ieee8021x"] = "1"
1615 params
= dict(radius
.items() + params
.items())
1616 hapd
= hostapd
.add_ap(apdev
[0], params
)
1617 key_mgmt
= hapd
.get_config()['key_mgmt']
1618 if key_mgmt
.split(' ')[0] != "FT-EAP":
1619 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
1621 hapd1
= hostapd
.add_ap(apdev
[1], { "ssid" : ssid
})
1623 # Connect to WPA enabled AP
1624 dev
[0].connect(ssid
, key_mgmt
="FT-EAP", proto
="WPA2", ieee80211w
="1",
1625 eap
="GPSK", identity
="gpsk user",
1626 password
="abcdefghijklmnop0123456789abcdef",
1629 # Try over_ds roaming to non-WPA-enabled AP.
1630 # If hostapd does not check hapd->wpa_auth internally, it will crash now.
1631 dev
[0].roam_over_ds(apdev
[1]['bssid'], fail_test
=True)
1633 def test_ap_ft_extra_ie(dev
, apdev
):
1634 """WPA2-PSK-FT AP with WPA2-PSK enabled and unexpected MDE"""
1636 passphrase
="12345678"
1638 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1639 params
["wpa_key_mgmt"] = "WPA-PSK FT-PSK"
1640 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1641 dev
[1].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1643 dev
[2].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK", proto
="WPA2",
1646 # Add Mobility Domain element to test AP validation code.
1647 dev
[0].request("VENDOR_ELEM_ADD 13 3603a1b201")
1648 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK", proto
="WPA2",
1649 scan_freq
="2412", wait_connect
=False)
1650 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED",
1651 "CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
1653 raise Exception("No connection result")
1654 if "CTRL-EVENT-CONNECTED" in ev
:
1655 raise Exception("Non-FT association accepted with MDE")
1656 if "status_code=43" not in ev
:
1657 raise Exception("Unexpected status code: " + ev
)
1658 dev
[0].request("DISCONNECT")
1660 dev
[0].request("VENDOR_ELEM_REMOVE 13 *")
1662 def test_ap_ft_ric(dev
, apdev
):
1663 """WPA2-PSK-FT AP and RIC"""
1665 passphrase
="12345678"
1667 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1668 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1669 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1670 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1672 dev
[0].set("ric_ies", "")
1673 dev
[0].set("ric_ies", '""')
1674 if "FAIL" not in dev
[0].request("SET ric_ies q"):
1675 raise Exception("Invalid ric_ies value accepted")
1680 "390400000000" + "390400000000",
1681 "390400000000" + "dd050050f20202",
1682 "390400000000" + "dd3d0050f2020201" + 55*"00",
1683 "390400000000" + "dd3d0050f2020201aa300010270000000000000000000000000000000000000000000000000000ffffff7f00000000000000000000000040420f00ffff0000",
1684 "390401010000" + "dd3d0050f2020201aa3000dc050000000000000000000000000000000000000000000000000000dc050000000000000000000000000000808d5b0028230000" ]
1686 dev
[0].set("ric_ies", t
)
1687 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
,
1688 test_connectivity
=False)
1689 dev
[0].request("REMOVE_NETWORK all")
1690 dev
[0].wait_disconnected()
1691 dev
[0].dump_monitor()