]> git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_ap_pmf.py
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tests: Remove pmk_r1_push parameter from ap_ft_local_key_gen
[thirdparty/hostap.git] / tests / hwsim / test_ap_pmf.py
1 # Protected management frames tests
2 # Copyright (c) 2013, Jouni Malinen <j@w1.fi>
3 #
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
6
7 from remotehost import remote_compatible
8 import time
9 import logging
10 logger = logging.getLogger()
11
12 import hwsim_utils
13 import hostapd
14 from utils import alloc_fail, fail_test, wait_fail_trigger
15 from wlantest import Wlantest
16 from wpasupplicant import WpaSupplicant
17
18 @remote_compatible
19 def test_ap_pmf_required(dev, apdev):
20 """WPA2-PSK AP with PMF required"""
21 ssid = "test-pmf-required"
22 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
23 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
24 params["ieee80211w"] = "2"
25 hapd = hostapd.add_ap(apdev[0], params)
26 Wlantest.setup(hapd)
27 wt = Wlantest()
28 wt.flush()
29 wt.add_passphrase("12345678")
30 key_mgmt = hapd.get_config()['key_mgmt']
31 if key_mgmt.split(' ')[0] != "WPA-PSK-SHA256":
32 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
33 dev[0].connect(ssid, psk="12345678", ieee80211w="1",
34 key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
35 scan_freq="2412")
36 if "[WPA2-PSK-SHA256-CCMP]" not in dev[0].request("SCAN_RESULTS"):
37 raise Exception("Scan results missing RSN element info")
38 hwsim_utils.test_connectivity(dev[0], hapd)
39 dev[1].connect(ssid, psk="12345678", ieee80211w="2",
40 key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
41 scan_freq="2412")
42 hwsim_utils.test_connectivity(dev[1], hapd)
43 hapd.request("SA_QUERY " + dev[0].p2p_interface_addr())
44 hapd.request("SA_QUERY " + dev[1].p2p_interface_addr())
45 wt.require_ap_pmf_mandatory(apdev[0]['bssid'])
46 wt.require_sta_pmf(apdev[0]['bssid'], dev[0].p2p_interface_addr())
47 wt.require_sta_pmf_mandatory(apdev[0]['bssid'], dev[1].p2p_interface_addr())
48 time.sleep(0.1)
49 if wt.get_sta_counter("valid_saqueryresp_tx", apdev[0]['bssid'],
50 dev[0].p2p_interface_addr()) < 1:
51 raise Exception("STA did not reply to SA Query")
52 if wt.get_sta_counter("valid_saqueryresp_tx", apdev[0]['bssid'],
53 dev[1].p2p_interface_addr()) < 1:
54 raise Exception("STA did not reply to SA Query")
55
56 @remote_compatible
57 def test_ap_pmf_optional(dev, apdev):
58 """WPA2-PSK AP with PMF optional"""
59 ssid = "test-pmf-optional"
60 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
61 params["wpa_key_mgmt"] = "WPA-PSK"
62 params["ieee80211w"] = "1"
63 hapd = hostapd.add_ap(apdev[0], params)
64 Wlantest.setup(hapd)
65 wt = Wlantest()
66 wt.flush()
67 wt.add_passphrase("12345678")
68 dev[0].connect(ssid, psk="12345678", ieee80211w="1",
69 key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
70 scan_freq="2412")
71 hwsim_utils.test_connectivity(dev[0], hapd)
72 dev[1].connect(ssid, psk="12345678", ieee80211w="2",
73 key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
74 scan_freq="2412")
75 hwsim_utils.test_connectivity(dev[1], hapd)
76 wt.require_ap_pmf_optional(apdev[0]['bssid'])
77 wt.require_sta_pmf(apdev[0]['bssid'], dev[0].p2p_interface_addr())
78 wt.require_sta_pmf_mandatory(apdev[0]['bssid'], dev[1].p2p_interface_addr())
79
80 @remote_compatible
81 def test_ap_pmf_optional_2akm(dev, apdev):
82 """WPA2-PSK AP with PMF optional (2 AKMs)"""
83 ssid = "test-pmf-optional-2akm"
84 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
85 params["wpa_key_mgmt"] = "WPA-PSK WPA-PSK-SHA256"
86 params["ieee80211w"] = "1"
87 hapd = hostapd.add_ap(apdev[0], params)
88 Wlantest.setup(hapd)
89 wt = Wlantest()
90 wt.flush()
91 wt.add_passphrase("12345678")
92 dev[0].connect(ssid, psk="12345678", ieee80211w="1",
93 key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
94 scan_freq="2412")
95 hwsim_utils.test_connectivity(dev[0], hapd)
96 dev[1].connect(ssid, psk="12345678", ieee80211w="2",
97 key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
98 scan_freq="2412")
99 hwsim_utils.test_connectivity(dev[1], hapd)
100 wt.require_ap_pmf_optional(apdev[0]['bssid'])
101 wt.require_sta_pmf(apdev[0]['bssid'], dev[0].p2p_interface_addr())
102 wt.require_sta_key_mgmt(apdev[0]['bssid'], dev[0].p2p_interface_addr(),
103 "PSK-SHA256")
104 wt.require_sta_pmf_mandatory(apdev[0]['bssid'], dev[1].p2p_interface_addr())
105 wt.require_sta_key_mgmt(apdev[0]['bssid'], dev[1].p2p_interface_addr(),
106 "PSK-SHA256")
107
108 @remote_compatible
109 def test_ap_pmf_negative(dev, apdev):
110 """WPA2-PSK AP without PMF (negative test)"""
111 ssid = "test-pmf-negative"
112 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
113 hapd = hostapd.add_ap(apdev[0], params)
114 Wlantest.setup(hapd)
115 wt = Wlantest()
116 wt.flush()
117 wt.add_passphrase("12345678")
118 dev[0].connect(ssid, psk="12345678", ieee80211w="1",
119 key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
120 scan_freq="2412")
121 hwsim_utils.test_connectivity(dev[0], hapd)
122 try:
123 dev[1].connect(ssid, psk="12345678", ieee80211w="2",
124 key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
125 scan_freq="2412")
126 hwsim_utils.test_connectivity(dev[1], hapd)
127 raise Exception("PMF required STA connected to no PMF AP")
128 except Exception, e:
129 logger.debug("Ignore expected exception: " + str(e))
130 wt.require_ap_no_pmf(apdev[0]['bssid'])
131
132 @remote_compatible
133 def test_ap_pmf_assoc_comeback(dev, apdev):
134 """WPA2-PSK AP with PMF association comeback"""
135 ssid = "assoc-comeback"
136 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
137 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
138 params["ieee80211w"] = "2"
139 hapd = hostapd.add_ap(apdev[0], params)
140 Wlantest.setup(hapd)
141 wt = Wlantest()
142 wt.flush()
143 wt.add_passphrase("12345678")
144 dev[0].connect(ssid, psk="12345678", ieee80211w="1",
145 key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
146 scan_freq="2412")
147 hapd.set("ext_mgmt_frame_handling", "1")
148 dev[0].request("DISCONNECT")
149 dev[0].wait_disconnected(timeout=10)
150 hapd.set("ext_mgmt_frame_handling", "0")
151 dev[0].request("REASSOCIATE")
152 dev[0].wait_connected(timeout=10, error="Timeout on re-connection")
153 if wt.get_sta_counter("assocresp_comeback", apdev[0]['bssid'],
154 dev[0].p2p_interface_addr()) < 1:
155 raise Exception("AP did not use association comeback request")
156
157 @remote_compatible
158 def test_ap_pmf_assoc_comeback2(dev, apdev):
159 """WPA2-PSK AP with PMF association comeback (using DROP_SA)"""
160 ssid = "assoc-comeback"
161 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
162 params["wpa_key_mgmt"] = "WPA-PSK"
163 params["ieee80211w"] = "1"
164 hapd = hostapd.add_ap(apdev[0], params)
165 Wlantest.setup(hapd)
166 wt = Wlantest()
167 wt.flush()
168 wt.add_passphrase("12345678")
169 dev[0].connect(ssid, psk="12345678", ieee80211w="2",
170 key_mgmt="WPA-PSK", proto="WPA2", scan_freq="2412")
171 if "OK" not in dev[0].request("DROP_SA"):
172 raise Exception("DROP_SA failed")
173 dev[0].request("REASSOCIATE")
174 dev[0].wait_connected(timeout=10, error="Timeout on re-connection")
175 if wt.get_sta_counter("reassocresp_comeback", apdev[0]['bssid'],
176 dev[0].p2p_interface_addr()) < 1:
177 raise Exception("AP did not use reassociation comeback request")
178
179 def start_wpas_ap(ssid):
180 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
181 wpas.interface_add("wlan5", drv_params="use_monitor=1")
182 id = wpas.add_network()
183 wpas.set_network(id, "mode", "2")
184 wpas.set_network_quoted(id, "ssid", ssid)
185 wpas.set_network(id, "proto", "WPA2")
186 wpas.set_network(id, "key_mgmt", "WPA-PSK-SHA256")
187 wpas.set_network(id, "ieee80211w", "2")
188 wpas.set_network_quoted(id, "psk", "12345678")
189 wpas.set_network(id, "pairwise", "CCMP")
190 wpas.set_network(id, "group", "CCMP")
191 wpas.set_network(id, "frequency", "2412")
192 wpas.set_network(id, "scan_freq", "2412")
193 wpas.connect_network(id)
194 wpas.dump_monitor()
195 return wpas
196
197 def test_ap_pmf_sta_sa_query(dev, apdev):
198 """WPA2-PSK AP with station using SA Query"""
199 ssid = "assoc-comeback"
200 addr = dev[0].own_addr()
201
202 wpas = start_wpas_ap(ssid)
203 bssid = wpas.own_addr()
204
205 Wlantest.setup(wpas)
206 wt = Wlantest()
207 wt.flush()
208 wt.add_passphrase("12345678")
209
210 dev[0].connect(ssid, psk="12345678", ieee80211w="1",
211 key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
212 scan_freq="2412")
213 wpas.dump_monitor()
214 wpas.request("DEAUTHENTICATE " + addr + " test=0")
215 wpas.dump_monitor()
216 wpas.request("DISASSOCIATE " + addr + " test=0")
217 wpas.dump_monitor()
218 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
219 if ev is not None:
220 raise Exception("Unexpected disconnection")
221
222 wpas.request("DEAUTHENTICATE " + addr + " reason=6 test=0")
223 wpas.dump_monitor()
224 wpas.request("DISASSOCIATE " + addr + " reason=7 test=0")
225 wpas.dump_monitor()
226 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
227 if ev is not None:
228 raise Exception("Unexpected disconnection")
229 if wt.get_sta_counter("valid_saqueryreq_tx", bssid, addr) < 1:
230 raise Exception("STA did not send SA Query")
231 if wt.get_sta_counter("valid_saqueryresp_rx", bssid, addr) < 1:
232 raise Exception("AP did not reply to SA Query")
233 wpas.dump_monitor()
234
235 def test_ap_pmf_sta_sa_query_no_response(dev, apdev):
236 """WPA2-PSK AP with station using SA Query and getting no response"""
237 ssid = "assoc-comeback"
238 addr = dev[0].own_addr()
239
240 wpas = start_wpas_ap(ssid)
241 bssid = wpas.own_addr()
242
243 dev[0].connect(ssid, psk="12345678", ieee80211w="1",
244 key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
245 scan_freq="2412")
246 wpas.dump_monitor()
247 wpas.request("DEAUTHENTICATE " + addr + " test=0")
248 wpas.dump_monitor()
249 wpas.request("DISASSOCIATE " + addr + " test=0")
250 wpas.dump_monitor()
251 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
252 if ev is not None:
253 raise Exception("Unexpected disconnection")
254
255 wpas.request("SET ext_mgmt_frame_handling 1")
256 wpas.request("DEAUTHENTICATE " + addr + " reason=6 test=0")
257 wpas.dump_monitor()
258 wpas.request("DISASSOCIATE " + addr + " reason=7 test=0")
259 wpas.dump_monitor()
260 dev[0].wait_disconnected()
261 wpas.dump_monitor()
262 wpas.request("SET ext_mgmt_frame_handling 0")
263 dev[0].wait_connected()
264 wpas.dump_monitor()
265
266 def test_ap_pmf_sta_unprot_deauth_burst(dev, apdev):
267 """WPA2-PSK AP with station receiving burst of unprotected Deauthentication frames"""
268 ssid = "deauth-attack"
269 addr = dev[0].own_addr()
270
271 wpas = start_wpas_ap(ssid)
272 bssid = wpas.own_addr()
273
274 Wlantest.setup(wpas)
275 wt = Wlantest()
276 wt.flush()
277 wt.add_passphrase("12345678")
278
279 dev[0].connect(ssid, psk="12345678", ieee80211w="1",
280 key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
281 scan_freq="2412")
282
283 for i in range(0, 10):
284 wpas.request("DEAUTHENTICATE " + addr + " reason=6 test=0")
285 wpas.request("DISASSOCIATE " + addr + " reason=7 test=0")
286 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
287 if ev is not None:
288 raise Exception("Unexpected disconnection")
289 num_req = wt.get_sta_counter("valid_saqueryreq_tx", bssid, addr)
290 num_resp = wt.get_sta_counter("valid_saqueryresp_rx", bssid, addr)
291 if num_req < 1:
292 raise Exception("STA did not send SA Query")
293 if num_resp < 1:
294 raise Exception("AP did not reply to SA Query")
295 if num_req > 1:
296 raise Exception("STA initiated too many SA Query procedures (%d)" % num_req)
297
298 time.sleep(10)
299 for i in range(0, 5):
300 wpas.request("DEAUTHENTICATE " + addr + " reason=6 test=0")
301 wpas.request("DISASSOCIATE " + addr + " reason=7 test=0")
302 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
303 if ev is not None:
304 raise Exception("Unexpected disconnection")
305 num_req = wt.get_sta_counter("valid_saqueryreq_tx", bssid, addr)
306 num_resp = wt.get_sta_counter("valid_saqueryresp_rx", bssid, addr)
307 if num_req != 2 or num_resp != 2:
308 raise Exception("Unexpected number of SA Query procedures (req=%d resp=%d)" % (num_req, num_resp))
309
310 def test_ap_pmf_sta_sa_query_oom(dev, apdev):
311 """WPA2-PSK AP with station using SA Query (OOM)"""
312 ssid = "assoc-comeback"
313 addr = dev[0].own_addr()
314 wpas = start_wpas_ap(ssid)
315 dev[0].connect(ssid, psk="12345678", ieee80211w="1",
316 key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
317 scan_freq="2412")
318 with alloc_fail(dev[0], 1, "=sme_sa_query_timer"):
319 wpas.request("DEAUTHENTICATE " + addr + " reason=6 test=0")
320 wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
321 dev[0].request("DISCONNECT")
322 wpas.request("DISCONNECT")
323 dev[0].wait_disconnected()
324
325 def test_ap_pmf_sta_sa_query_local_failure(dev, apdev):
326 """WPA2-PSK AP with station using SA Query (local failure)"""
327 ssid = "assoc-comeback"
328 addr = dev[0].own_addr()
329 wpas = start_wpas_ap(ssid)
330 dev[0].connect(ssid, psk="12345678", ieee80211w="1",
331 key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
332 scan_freq="2412")
333 with fail_test(dev[0], 1, "os_get_random;sme_sa_query_timer"):
334 wpas.request("DEAUTHENTICATE " + addr + " reason=6 test=0")
335 wait_fail_trigger(dev[0], "GET_FAIL")
336 dev[0].request("DISCONNECT")
337 wpas.request("DISCONNECT")
338 dev[0].wait_disconnected()
339
340 def test_ap_pmf_required_eap(dev, apdev):
341 """WPA2-EAP AP with PMF required"""
342 ssid = "test-pmf-required-eap"
343 params = hostapd.wpa2_eap_params(ssid=ssid)
344 params["wpa_key_mgmt"] = "WPA-EAP-SHA256"
345 params["ieee80211w"] = "2"
346 hapd = hostapd.add_ap(apdev[0], params)
347 key_mgmt = hapd.get_config()['key_mgmt']
348 if key_mgmt.split(' ')[0] != "WPA-EAP-SHA256":
349 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
350 dev[0].connect("test-pmf-required-eap", key_mgmt="WPA-EAP-SHA256",
351 ieee80211w="2", eap="PSK", identity="psk.user@example.com",
352 password_hex="0123456789abcdef0123456789abcdef",
353 scan_freq="2412")
354 dev[1].connect("test-pmf-required-eap", key_mgmt="WPA-EAP WPA-EAP-SHA256",
355 ieee80211w="1", eap="PSK", identity="psk.user@example.com",
356 password_hex="0123456789abcdef0123456789abcdef",
357 scan_freq="2412")
358
359 def test_ap_pmf_optional_eap(dev, apdev):
360 """WPA2EAP AP with PMF optional"""
361 params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
362 params["ieee80211w"] = "1"
363 hapd = hostapd.add_ap(apdev[0], params)
364 dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
365 identity="pap user", anonymous_identity="ttls",
366 password="password",
367 ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
368 ieee80211w="1", scan_freq="2412")
369 dev[1].connect("test-wpa2-eap", key_mgmt="WPA-EAP WPA-EAP-SHA256",
370 eap="TTLS", identity="pap user", anonymous_identity="ttls",
371 password="password",
372 ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
373 ieee80211w="2", scan_freq="2412")
374
375 @remote_compatible
376 def test_ap_pmf_required_sha1(dev, apdev):
377 """WPA2-PSK AP with PMF required with SHA1 AKM"""
378 ssid = "test-pmf-required-sha1"
379 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
380 params["wpa_key_mgmt"] = "WPA-PSK"
381 params["ieee80211w"] = "2"
382 hapd = hostapd.add_ap(apdev[0], params)
383 Wlantest.setup(hapd)
384 wt = Wlantest()
385 wt.flush()
386 wt.add_passphrase("12345678")
387 key_mgmt = hapd.get_config()['key_mgmt']
388 if key_mgmt.split(' ')[0] != "WPA-PSK":
389 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
390 dev[0].connect(ssid, psk="12345678", ieee80211w="2",
391 key_mgmt="WPA-PSK", proto="WPA2", scan_freq="2412")
392 if "[WPA2-PSK-CCMP]" not in dev[0].request("SCAN_RESULTS"):
393 raise Exception("Scan results missing RSN element info")
394 hwsim_utils.test_connectivity(dev[0], hapd)
395
396 @remote_compatible
397 def test_ap_pmf_toggle(dev, apdev):
398 """WPA2-PSK AP with PMF optional and changing PMF on reassociation"""
399 try:
400 _test_ap_pmf_toggle(dev, apdev)
401 finally:
402 dev[0].request("SET reassoc_same_bss_optim 0")
403
404 def _test_ap_pmf_toggle(dev, apdev):
405 ssid = "test-pmf-optional"
406 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
407 params["wpa_key_mgmt"] = "WPA-PSK"
408 params["ieee80211w"] = "1"
409 params["assoc_sa_query_max_timeout"] = "1"
410 params["assoc_sa_query_retry_timeout"] = "1"
411 hapd = hostapd.add_ap(apdev[0], params)
412 Wlantest.setup(hapd)
413 wt = Wlantest()
414 wt.flush()
415 wt.add_passphrase("12345678")
416 bssid = apdev[0]['bssid']
417 addr = dev[0].own_addr()
418 dev[0].request("SET reassoc_same_bss_optim 1")
419 id = dev[0].connect(ssid, psk="12345678", ieee80211w="1",
420 key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
421 scan_freq="2412")
422 wt.require_ap_pmf_optional(bssid)
423 wt.require_sta_pmf(bssid, addr)
424 sta = hapd.get_sta(addr)
425 if '[MFP]' not in sta['flags']:
426 raise Exception("MFP flag not present for STA")
427
428 dev[0].set_network(id, "ieee80211w", "0")
429 dev[0].request("REASSOCIATE")
430 dev[0].wait_connected()
431 wt.require_sta_no_pmf(bssid, addr)
432 sta = hapd.get_sta(addr)
433 if '[MFP]' in sta['flags']:
434 raise Exception("MFP flag unexpectedly present for STA")
435 err, data = hapd.cmd_execute(['iw', 'dev', apdev[0]['ifname'], 'station',
436 'get', addr])
437 if "yes" in [l for l in data.splitlines() if "MFP" in l][0]:
438 raise Exception("Kernel STA entry had MFP enabled")
439
440 dev[0].set_network(id, "ieee80211w", "1")
441 dev[0].request("REASSOCIATE")
442 dev[0].wait_connected()
443 wt.require_sta_pmf(bssid, addr)
444 sta = hapd.get_sta(addr)
445 if '[MFP]' not in sta['flags']:
446 raise Exception("MFP flag not present for STA")
447 err, data = hapd.cmd_execute(['iw', 'dev', apdev[0]['ifname'], 'station',
448 'get', addr])
449 if "yes" not in [l for l in data.splitlines() if "MFP" in l][0]:
450 raise Exception("Kernel STA entry did not have MFP enabled")
451
452 @remote_compatible
453 def test_ap_pmf_required_sta_no_pmf(dev, apdev):
454 """WPA2-PSK AP with PMF required and PMF disabled on STA"""
455 ssid = "test-pmf-required"
456 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
457 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
458 params["ieee80211w"] = "2"
459 hapd = hostapd.add_ap(apdev[0], params)
460
461 # Disable PMF on the station and try to connect
462 dev[0].connect(ssid, psk="12345678", ieee80211w="0",
463 key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
464 scan_freq="2412", wait_connect=False)
465 ev = dev[0].wait_event(["CTRL-EVENT-NETWORK-NOT-FOUND",
466 "CTRL-EVENT-ASSOC-REJECT"], timeout=2)
467 if ev is None:
468 raise Exception("No connection result")
469 if "CTRL-EVENT-ASSOC-REJECT" in ev:
470 raise Exception("Tried to connect to PMF required AP without PMF enabled")
471 dev[0].request("REMOVE_NETWORK all")
472
473 def test_ap_pmf_inject_auth(dev, apdev):
474 """WPA2-PSK AP with PMF and Authentication frame injection"""
475 ssid = "test-pmf"
476 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
477 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
478 params["ieee80211w"] = "2"
479 hapd = hostapd.add_ap(apdev[0], params)
480 dev[0].connect(ssid, psk="12345678", ieee80211w="2",
481 key_mgmt="WPA-PSK-SHA256", proto="WPA2",
482 scan_freq="2412")
483 hwsim_utils.test_connectivity(dev[0], hapd)
484
485 bssid = hapd.own_addr().replace(':', '')
486 addr = dev[0].own_addr().replace(':', '')
487
488 # Inject an unprotected Authentication frame claiming to be from the
489 # associated STA.
490 auth = "b0003a01" + bssid + addr + bssid + '1000000001000000'
491 hapd.request("SET ext_mgmt_frame_handling 1")
492 res = hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=%s" % auth)
493 hapd.request("SET ext_mgmt_frame_handling 0")
494 if "OK" not in res:
495 raise Exception("MGMT_RX_PROCESS failed")
496
497 # Verify that original association is still functional.
498 hwsim_utils.test_connectivity(dev[0], hapd)
Unnamed repository; edit this file 'description' to name the repository.