]>
git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_ap_psk.py
2 # Copyright (c) 2014, Qualcomm Atheros, Inc.
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
7 from remotehost
import remote_compatible
9 from Crypto
.Cipher
import AES
13 logger
= logging
.getLogger()
21 from utils
import HwsimSkip
, fail_test
, skip_with_fips
23 from wpasupplicant
import WpaSupplicant
25 def check_mib(dev
, vals
):
29 raise Exception("Unexpected {} = {} (expected {})".format(v
[0], mib
[v
[0]], v
[1]))
32 def test_ap_wpa2_psk(dev
, apdev
):
33 """WPA2-PSK AP with PSK instead of passphrase"""
34 ssid
= "test-wpa2-psk"
35 passphrase
= 'qwertyuiop'
36 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
37 params
= hostapd
.wpa2_params(ssid
=ssid
)
38 params
['wpa_psk'] = psk
39 hapd
= hostapd
.add_ap(apdev
[0], params
)
40 key_mgmt
= hapd
.get_config()['key_mgmt']
41 if key_mgmt
.split(' ')[0] != "WPA-PSK":
42 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
43 dev
[0].connect(ssid
, raw_psk
=psk
, scan_freq
="2412")
44 dev
[1].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
46 sig
= dev
[0].request("SIGNAL_POLL").splitlines()
47 pkt
= dev
[0].request("PKTCNT_POLL").splitlines()
48 if "FREQUENCY=2412" not in sig
:
49 raise Exception("Unexpected SIGNAL_POLL value: " + str(sig
))
50 if "TXBAD=0" not in pkt
:
51 raise Exception("Unexpected TXBAD value: " + str(pkt
))
53 def test_ap_wpa2_psk_file(dev
, apdev
):
54 """WPA2-PSK AP with PSK from a file"""
55 ssid
= "test-wpa2-psk"
56 passphrase
= 'qwertyuiop'
57 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
58 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
59 params
['wpa_psk_file'] = 'hostapd.wpa_psk'
60 hostapd
.add_ap(apdev
[0], params
)
61 dev
[1].connect(ssid
, psk
="very secret", scan_freq
="2412", wait_connect
=False)
62 dev
[2].connect(ssid
, raw_psk
=psk
, scan_freq
="2412")
63 dev
[2].request("REMOVE_NETWORK all")
64 dev
[0].connect(ssid
, psk
="very secret", scan_freq
="2412")
65 dev
[0].request("REMOVE_NETWORK all")
66 dev
[2].connect(ssid
, psk
="another passphrase for all STAs", scan_freq
="2412")
67 dev
[0].connect(ssid
, psk
="another passphrase for all STAs", scan_freq
="2412")
68 ev
= dev
[1].wait_event(["WPA: 4-Way Handshake failed"], timeout
=10)
70 raise Exception("Timed out while waiting for failure report")
71 dev
[1].request("REMOVE_NETWORK all")
74 def test_ap_wpa2_psk_mem(dev
, apdev
):
75 """WPA2-PSK AP with passphrase only in memory"""
77 _test_ap_wpa2_psk_mem(dev
, apdev
)
79 dev
[0].request("SCAN_INTERVAL 5")
80 dev
[1].request("SCAN_INTERVAL 5")
82 def _test_ap_wpa2_psk_mem(dev
, apdev
):
83 ssid
= "test-wpa2-psk"
84 passphrase
= 'qwertyuiop'
85 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
86 params
= hostapd
.wpa2_params(ssid
=ssid
)
87 params
['wpa_psk'] = psk
88 hapd
= hostapd
.add_ap(apdev
[0], params
)
90 dev
[0].connect(ssid
, mem_only_psk
="1", scan_freq
="2412", wait_connect
=False)
91 dev
[0].request("SCAN_INTERVAL 1")
92 ev
= dev
[0].wait_event(["CTRL-REQ-PSK_PASSPHRASE"], timeout
=10)
94 raise Exception("Request for PSK/passphrase timed out")
95 id = ev
.split(':')[0].split('-')[-1]
96 dev
[0].request("CTRL-RSP-PSK_PASSPHRASE-" + id + ':"' + passphrase
+ '"')
97 dev
[0].wait_connected(timeout
=10)
99 dev
[1].connect(ssid
, mem_only_psk
="1", scan_freq
="2412", wait_connect
=False)
100 dev
[1].request("SCAN_INTERVAL 1")
101 ev
= dev
[1].wait_event(["CTRL-REQ-PSK_PASSPHRASE"], timeout
=10)
103 raise Exception("Request for PSK/passphrase timed out(2)")
104 id = ev
.split(':')[0].split('-')[-1]
105 dev
[1].request("CTRL-RSP-PSK_PASSPHRASE-" + id + ':' + psk
)
106 dev
[1].wait_connected(timeout
=10)
109 def test_ap_wpa2_ptk_rekey(dev
, apdev
):
110 """WPA2-PSK AP and PTK rekey enforced by station"""
111 ssid
= "test-wpa2-psk"
112 passphrase
= 'qwertyuiop'
113 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
114 hapd
= hostapd
.add_ap(apdev
[0], params
)
115 dev
[0].connect(ssid
, psk
=passphrase
, wpa_ptk_rekey
="1", scan_freq
="2412")
116 ev
= dev
[0].wait_event(["WPA: Key negotiation completed"])
118 raise Exception("PTK rekey timed out")
119 hwsim_utils
.test_connectivity(dev
[0], hapd
)
122 def test_ap_wpa2_ptk_rekey_ap(dev
, apdev
):
123 """WPA2-PSK AP and PTK rekey enforced by AP"""
124 ssid
= "test-wpa2-psk"
125 passphrase
= 'qwertyuiop'
126 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
127 params
['wpa_ptk_rekey'] = '2'
128 hapd
= hostapd
.add_ap(apdev
[0], params
)
129 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
130 ev
= dev
[0].wait_event(["WPA: Key negotiation completed"])
132 raise Exception("PTK rekey timed out")
133 hwsim_utils
.test_connectivity(dev
[0], hapd
)
136 def test_ap_wpa2_sha256_ptk_rekey(dev
, apdev
):
137 """WPA2-PSK/SHA256 AKM AP and PTK rekey enforced by station"""
138 ssid
= "test-wpa2-psk"
139 passphrase
= 'qwertyuiop'
140 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
141 params
["wpa_key_mgmt"] = "WPA-PSK-SHA256"
142 hapd
= hostapd
.add_ap(apdev
[0], params
)
143 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK-SHA256",
144 wpa_ptk_rekey
="1", scan_freq
="2412")
145 ev
= dev
[0].wait_event(["WPA: Key negotiation completed"])
147 raise Exception("PTK rekey timed out")
148 hwsim_utils
.test_connectivity(dev
[0], hapd
)
149 check_mib(dev
[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-6"),
150 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-6") ])
153 def test_ap_wpa2_sha256_ptk_rekey_ap(dev
, apdev
):
154 """WPA2-PSK/SHA256 AKM AP and PTK rekey enforced by AP"""
155 ssid
= "test-wpa2-psk"
156 passphrase
= 'qwertyuiop'
157 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
158 params
["wpa_key_mgmt"] = "WPA-PSK-SHA256"
159 params
['wpa_ptk_rekey'] = '2'
160 hapd
= hostapd
.add_ap(apdev
[0], params
)
161 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK-SHA256",
163 ev
= dev
[0].wait_event(["WPA: Key negotiation completed"])
165 raise Exception("PTK rekey timed out")
166 hwsim_utils
.test_connectivity(dev
[0], hapd
)
167 check_mib(dev
[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-6"),
168 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-6") ])
171 def test_ap_wpa_ptk_rekey(dev
, apdev
):
172 """WPA-PSK/TKIP AP and PTK rekey enforced by station"""
173 skip_with_fips(dev
[0])
174 ssid
= "test-wpa-psk"
175 passphrase
= 'qwertyuiop'
176 params
= hostapd
.wpa_params(ssid
=ssid
, passphrase
=passphrase
)
177 hapd
= hostapd
.add_ap(apdev
[0], params
)
178 dev
[0].connect(ssid
, psk
=passphrase
, wpa_ptk_rekey
="1", scan_freq
="2412")
179 if "[WPA-PSK-TKIP]" not in dev
[0].request("SCAN_RESULTS"):
180 raise Exception("Scan results missing WPA element info")
181 ev
= dev
[0].wait_event(["WPA: Key negotiation completed"])
183 raise Exception("PTK rekey timed out")
184 hwsim_utils
.test_connectivity(dev
[0], hapd
)
187 def test_ap_wpa_ptk_rekey_ap(dev
, apdev
):
188 """WPA-PSK/TKIP AP and PTK rekey enforced by AP"""
189 skip_with_fips(dev
[0])
190 ssid
= "test-wpa-psk"
191 passphrase
= 'qwertyuiop'
192 params
= hostapd
.wpa_params(ssid
=ssid
, passphrase
=passphrase
)
193 params
['wpa_ptk_rekey'] = '2'
194 hapd
= hostapd
.add_ap(apdev
[0], params
)
195 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
196 ev
= dev
[0].wait_event(["WPA: Key negotiation completed"], timeout
=10)
198 raise Exception("PTK rekey timed out")
199 hwsim_utils
.test_connectivity(dev
[0], hapd
)
202 def test_ap_wpa_ccmp(dev
, apdev
):
204 ssid
= "test-wpa-psk"
205 passphrase
= 'qwertyuiop'
206 params
= hostapd
.wpa_params(ssid
=ssid
, passphrase
=passphrase
)
207 params
['wpa_pairwise'] = "CCMP"
208 hapd
= hostapd
.add_ap(apdev
[0], params
)
209 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
210 hwsim_utils
.test_connectivity(dev
[0], hapd
)
211 check_mib(dev
[0], [ ("dot11RSNAConfigGroupCipherSize", "128"),
212 ("dot11RSNAGroupCipherRequested", "00-50-f2-4"),
213 ("dot11RSNAPairwiseCipherRequested", "00-50-f2-4"),
214 ("dot11RSNAAuthenticationSuiteRequested", "00-50-f2-2"),
215 ("dot11RSNAGroupCipherSelected", "00-50-f2-4"),
216 ("dot11RSNAPairwiseCipherSelected", "00-50-f2-4"),
217 ("dot11RSNAAuthenticationSuiteSelected", "00-50-f2-2"),
218 ("dot1xSuppSuppControlledPortStatus", "Authorized") ])
220 def test_ap_wpa2_psk_file_errors(dev
, apdev
):
221 """WPA2-PSK AP with various PSK file error and success cases"""
222 addr0
= dev
[0].own_addr()
223 addr1
= dev
[1].own_addr()
224 addr2
= dev
[2].own_addr()
226 pskfile
= "/tmp/ap_wpa2_psk_file_errors.psk_file"
232 params
= { "ssid": ssid
, "wpa": "2", "wpa_key_mgmt": "WPA-PSK",
233 "rsn_pairwise": "CCMP", "wpa_psk_file": pskfile
}
237 hapd
= hostapd
.add_ap(apdev
[0], params
, no_enable
=True)
238 if "FAIL" not in hapd
.request("ENABLE"):
239 raise Exception("Unexpected ENABLE success")
240 hapd
.request("DISABLE")
242 # invalid MAC address
243 with
open(pskfile
, "w") as f
:
246 if "FAIL" not in hapd
.request("ENABLE"):
247 raise Exception("Unexpected ENABLE success")
248 hapd
.request("DISABLE")
251 with
open(pskfile
, "w") as f
:
252 f
.write("00:11:22:33:44:55\n")
253 if "FAIL" not in hapd
.request("ENABLE"):
254 raise Exception("Unexpected ENABLE success")
255 hapd
.request("DISABLE")
258 with
open(pskfile
, "w") as f
:
259 f
.write("00:11:22:33:44:55 1234567\n")
260 if "FAIL" not in hapd
.request("ENABLE"):
261 raise Exception("Unexpected ENABLE success")
262 hapd
.request("DISABLE")
265 with
open(pskfile
, "w") as f
:
266 f
.write("00:11:22:33:44:55 12345678\n")
267 f
.write(addr0
+ " 123456789\n")
268 f
.write(addr1
+ " 123456789a\n")
269 f
.write(addr2
+ " 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\n")
270 if "FAIL" in hapd
.request("ENABLE"):
271 raise Exception("Unexpected ENABLE failure")
273 dev
[0].connect(ssid
, psk
="123456789", scan_freq
="2412")
274 dev
[1].connect(ssid
, psk
="123456789a", scan_freq
="2412")
275 dev
[2].connect(ssid
, raw_psk
="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef", scan_freq
="2412")
284 def test_ap_wpa2_psk_wildcard_ssid(dev
, apdev
):
285 """WPA2-PSK AP and wildcard SSID configuration"""
286 ssid
= "test-wpa2-psk"
287 passphrase
= 'qwertyuiop'
288 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
289 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
290 hapd
= hostapd
.add_ap(apdev
[0], params
)
291 dev
[0].connect("", bssid
=apdev
[0]['bssid'], psk
=passphrase
,
293 dev
[1].connect("", bssid
=apdev
[0]['bssid'], raw_psk
=psk
, scan_freq
="2412")
296 def test_ap_wpa2_gtk_rekey(dev
, apdev
):
297 """WPA2-PSK AP and GTK rekey enforced by AP"""
298 ssid
= "test-wpa2-psk"
299 passphrase
= 'qwertyuiop'
300 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
301 params
['wpa_group_rekey'] = '1'
302 hapd
= hostapd
.add_ap(apdev
[0], params
)
303 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
304 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
306 raise Exception("GTK rekey timed out")
307 hwsim_utils
.test_connectivity(dev
[0], hapd
)
310 def test_ap_wpa_gtk_rekey(dev
, apdev
):
311 """WPA-PSK/TKIP AP and GTK rekey enforced by AP"""
312 skip_with_fips(dev
[0])
313 ssid
= "test-wpa-psk"
314 passphrase
= 'qwertyuiop'
315 params
= hostapd
.wpa_params(ssid
=ssid
, passphrase
=passphrase
)
316 params
['wpa_group_rekey'] = '1'
317 hapd
= hostapd
.add_ap(apdev
[0], params
)
318 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
319 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
321 raise Exception("GTK rekey timed out")
322 hwsim_utils
.test_connectivity(dev
[0], hapd
)
325 def test_ap_wpa2_gmk_rekey(dev
, apdev
):
326 """WPA2-PSK AP and GMK and GTK rekey enforced by AP"""
327 ssid
= "test-wpa2-psk"
328 passphrase
= 'qwertyuiop'
329 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
330 params
['wpa_group_rekey'] = '1'
331 params
['wpa_gmk_rekey'] = '2'
332 hapd
= hostapd
.add_ap(apdev
[0], params
)
333 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
334 for i
in range(0, 3):
335 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
337 raise Exception("GTK rekey timed out")
338 hwsim_utils
.test_connectivity(dev
[0], hapd
)
341 def test_ap_wpa2_strict_rekey(dev
, apdev
):
342 """WPA2-PSK AP and strict GTK rekey enforced by AP"""
343 ssid
= "test-wpa2-psk"
344 passphrase
= 'qwertyuiop'
345 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
346 params
['wpa_strict_rekey'] = '1'
347 hapd
= hostapd
.add_ap(apdev
[0], params
)
348 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
349 dev
[1].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
350 dev
[1].request("DISCONNECT")
351 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
353 raise Exception("GTK rekey timed out")
354 hwsim_utils
.test_connectivity(dev
[0], hapd
)
357 def test_ap_wpa2_bridge_fdb(dev
, apdev
):
358 """Bridge FDB entry removal"""
361 ssid
= "test-wpa2-psk"
362 passphrase
= "12345678"
363 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
364 params
['bridge'] = 'ap-br0'
365 hapd
= hostapd
.add_ap(apdev
[0], params
)
366 hapd
.cmd_execute(['brctl', 'setfd', 'ap-br0', '0'])
367 hapd
.cmd_execute(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
368 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412",
369 bssid
=apdev
[0]['bssid'])
370 dev
[1].connect(ssid
, psk
=passphrase
, scan_freq
="2412",
371 bssid
=apdev
[0]['bssid'])
372 addr0
= dev
[0].p2p_interface_addr()
373 hwsim_utils
.test_connectivity_sta(dev
[0], dev
[1])
374 err
, macs1
= hapd
.cmd_execute(['brctl', 'showmacs', 'ap-br0'])
375 hapd
.cmd_execute(['brctl', 'setageing', 'ap-br0', '1'])
376 dev
[0].request("DISCONNECT")
377 dev
[1].request("DISCONNECT")
379 err
, macs2
= hapd
.cmd_execute(['brctl', 'showmacs', 'ap-br0'])
381 addr1
= dev
[1].p2p_interface_addr()
382 if addr0
not in macs1
or addr1
not in macs1
:
383 raise Exception("Bridge FDB entry missing")
384 if addr0
in macs2
or addr1
in macs2
:
385 raise Exception("Bridge FDB entry was not removed")
387 hostapd
.cmd_execute(apdev
[0], ['ip', 'link', 'set', 'dev', 'ap-br0',
389 hostapd
.cmd_execute(apdev
[0], ['brctl', 'delbr', 'ap-br0'])
392 def test_ap_wpa2_already_in_bridge(dev
, apdev
):
393 """hostapd behavior with interface already in bridge"""
394 ifname
= apdev
[0]['ifname']
395 br_ifname
= 'ext-ap-br0'
397 ssid
= "test-wpa2-psk"
398 passphrase
= "12345678"
399 hostapd
.cmd_execute(apdev
[0], ['brctl', 'addbr', br_ifname
])
400 hostapd
.cmd_execute(apdev
[0], ['brctl', 'setfd', br_ifname
, '0'])
401 hostapd
.cmd_execute(apdev
[0], ['ip', 'link', 'set', 'dev', br_ifname
,
403 hostapd
.cmd_execute(apdev
[0], ['iw', ifname
, 'set', 'type', '__ap'])
404 hostapd
.cmd_execute(apdev
[0], ['brctl', 'addif', br_ifname
, ifname
])
405 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
406 hapd
= hostapd
.add_ap(apdev
[0], params
)
407 if hapd
.get_driver_status_field('brname') != br_ifname
:
408 raise Exception("Bridge name not identified correctly")
409 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
411 hostapd
.cmd_execute(apdev
[0], ['ip', 'link', 'set', 'dev', br_ifname
,
413 hostapd
.cmd_execute(apdev
[0], ['brctl', 'delif', br_ifname
, ifname
])
414 hostapd
.cmd_execute(apdev
[0], ['iw', ifname
, 'set', 'type', 'station'])
415 hostapd
.cmd_execute(apdev
[0], ['brctl', 'delbr', br_ifname
])
418 def test_ap_wpa2_in_different_bridge(dev
, apdev
):
419 """hostapd behavior with interface in different bridge"""
420 ifname
= apdev
[0]['ifname']
421 br_ifname
= 'ext-ap-br0'
423 ssid
= "test-wpa2-psk"
424 passphrase
= "12345678"
425 hostapd
.cmd_execute(apdev
[0], ['brctl', 'addbr', br_ifname
])
426 hostapd
.cmd_execute(apdev
[0], ['brctl', 'setfd', br_ifname
, '0'])
427 hostapd
.cmd_execute(apdev
[0], ['ip', 'link', 'set', 'dev', br_ifname
,
429 hostapd
.cmd_execute(apdev
[0], ['iw', ifname
, 'set', 'type', '__ap'])
430 hostapd
.cmd_execute(apdev
[0], ['brctl', 'addif', br_ifname
, ifname
])
432 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
433 params
['bridge'] = 'ap-br0'
434 hapd
= hostapd
.add_ap(apdev
[0], params
)
435 hostapd
.cmd_execute(apdev
[0], ['brctl', 'setfd', 'ap-br0', '0'])
436 hostapd
.cmd_execute(apdev
[0], ['ip', 'link', 'set', 'dev', 'ap-br0',
438 brname
= hapd
.get_driver_status_field('brname')
439 if brname
!= 'ap-br0':
440 raise Exception("Incorrect bridge: " + brname
)
441 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
442 hwsim_utils
.test_connectivity_iface(dev
[0], hapd
, "ap-br0")
443 if hapd
.get_driver_status_field("added_bridge") != "1":
444 raise Exception("Unexpected added_bridge value")
445 if hapd
.get_driver_status_field("added_if_into_bridge") != "1":
446 raise Exception("Unexpected added_if_into_bridge value")
447 dev
[0].request("DISCONNECT")
450 hostapd
.cmd_execute(apdev
[0], ['ip', 'link', 'set', 'dev', br_ifname
,
452 hostapd
.cmd_execute(apdev
[0], ['brctl', 'delif', br_ifname
, ifname
,
453 "2>", "/dev/null"], shell
=True)
454 hostapd
.cmd_execute(apdev
[0], ['brctl', 'delbr', br_ifname
])
457 def test_ap_wpa2_ext_add_to_bridge(dev
, apdev
):
458 """hostapd behavior with interface added to bridge externally"""
459 ifname
= apdev
[0]['ifname']
460 br_ifname
= 'ext-ap-br0'
462 ssid
= "test-wpa2-psk"
463 passphrase
= "12345678"
464 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
465 hapd
= hostapd
.add_ap(apdev
[0], params
)
467 hostapd
.cmd_execute(apdev
[0], ['brctl', 'addbr', br_ifname
])
468 hostapd
.cmd_execute(apdev
[0], ['brctl', 'setfd', br_ifname
, '0'])
469 hostapd
.cmd_execute(apdev
[0], ['ip', 'link', 'set', 'dev', br_ifname
,
471 hostapd
.cmd_execute(apdev
[0], ['brctl', 'addif', br_ifname
, ifname
])
472 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
473 if hapd
.get_driver_status_field('brname') != br_ifname
:
474 raise Exception("Bridge name not identified correctly")
476 hostapd
.cmd_execute(apdev
[0], ['ip', 'link', 'set', 'dev', br_ifname
,
478 hostapd
.cmd_execute(apdev
[0], ['brctl', 'delif', br_ifname
, ifname
])
479 hostapd
.cmd_execute(apdev
[0], ['brctl', 'delbr', br_ifname
])
481 def test_ap_wpa2_psk_ext(dev
, apdev
):
482 """WPA2-PSK AP using external EAPOL I/O"""
483 bssid
= apdev
[0]['bssid']
484 ssid
= "test-wpa2-psk"
485 passphrase
= 'qwertyuiop'
486 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
487 params
= hostapd
.wpa2_params(ssid
=ssid
)
488 params
['wpa_psk'] = psk
489 hapd
= hostapd
.add_ap(apdev
[0], params
)
490 hapd
.request("SET ext_eapol_frame_io 1")
491 dev
[0].request("SET ext_eapol_frame_io 1")
492 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412", wait_connect
=False)
493 addr
= dev
[0].p2p_interface_addr()
495 ev
= hapd
.wait_event(["EAPOL-TX", "AP-STA-CONNECTED"], timeout
=15)
497 raise Exception("Timeout on EAPOL-TX from hostapd")
498 if "AP-STA-CONNECTED" in ev
:
499 dev
[0].wait_connected(timeout
=15)
501 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
503 raise Exception("EAPOL_RX to wpa_supplicant failed")
504 ev
= dev
[0].wait_event(["EAPOL-TX", "CTRL-EVENT-CONNECTED"], timeout
=15)
506 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
507 if "CTRL-EVENT-CONNECTED" in ev
:
509 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
511 raise Exception("EAPOL_RX to hostapd failed")
513 def test_ap_wpa2_psk_ext_retry_msg_3(dev
, apdev
):
514 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4"""
515 bssid
= apdev
[0]['bssid']
516 ssid
= "test-wpa2-psk"
517 passphrase
= 'qwertyuiop'
518 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
519 params
= hostapd
.wpa2_params(ssid
=ssid
)
520 params
['wpa_psk'] = psk
521 hapd
= hostapd
.add_ap(apdev
[0], params
)
522 hapd
.request("SET ext_eapol_frame_io 1")
523 dev
[0].request("SET ext_eapol_frame_io 1")
524 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412", wait_connect
=False)
525 addr
= dev
[0].p2p_interface_addr()
528 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
530 raise Exception("Timeout on EAPOL-TX from hostapd")
531 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
533 raise Exception("EAPOL_RX to wpa_supplicant failed")
536 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
538 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
539 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
541 raise Exception("EAPOL_RX to hostapd failed")
544 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
546 raise Exception("Timeout on EAPOL-TX from hostapd")
547 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
549 raise Exception("EAPOL_RX to wpa_supplicant failed")
552 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
554 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
555 # Do not send to the AP
556 dev
[0].wait_connected(timeout
=15)
558 # EAPOL-Key msg 3/4 (retry)
559 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
561 raise Exception("Timeout on EAPOL-TX from hostapd")
562 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
564 raise Exception("EAPOL_RX to wpa_supplicant failed")
567 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
569 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
570 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
572 raise Exception("EAPOL_RX to hostapd failed")
574 ev
= hapd
.wait_event(["AP-STA-CONNECTED"], timeout
=15)
576 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
578 hwsim_utils
.test_connectivity(dev
[0], hapd
)
580 def test_ap_wpa2_psk_ext_retry_msg_3b(dev
, apdev
):
581 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (b)"""
582 bssid
= apdev
[0]['bssid']
583 ssid
= "test-wpa2-psk"
584 passphrase
= 'qwertyuiop'
585 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
586 params
= hostapd
.wpa2_params(ssid
=ssid
)
587 params
['wpa_psk'] = psk
588 hapd
= hostapd
.add_ap(apdev
[0], params
)
589 hapd
.request("SET ext_eapol_frame_io 1")
590 dev
[0].request("SET ext_eapol_frame_io 1")
591 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412", wait_connect
=False)
592 addr
= dev
[0].p2p_interface_addr()
595 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
597 raise Exception("Timeout on EAPOL-TX from hostapd")
598 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
600 raise Exception("EAPOL_RX to wpa_supplicant failed")
603 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
605 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
606 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
608 raise Exception("EAPOL_RX to hostapd failed")
611 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
613 raise Exception("Timeout on EAPOL-TX from hostapd")
614 # Do not send the first msg 3/4 to the STA yet; wait for retransmission
618 # EAPOL-Key msg 3/4 (retry)
619 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
621 raise Exception("Timeout on EAPOL-TX from hostapd")
624 # Send the first msg 3/4 to STA
625 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg3_1
.split(' ')[2])
627 raise Exception("EAPOL_RX to wpa_supplicant failed")
630 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
632 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
633 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
635 raise Exception("EAPOL_RX to hostapd failed")
636 dev
[0].wait_connected(timeout
=15)
637 ev
= hapd
.wait_event(["AP-STA-CONNECTED"], timeout
=15)
639 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
641 hwsim_utils
.test_connectivity(dev
[0], hapd
)
643 # Send the second msg 3/4 to STA
644 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg3_2
.split(' ')[2])
646 raise Exception("EAPOL_RX to wpa_supplicant failed")
648 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
650 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
651 # Do not send the second msg 4/4 to the AP
653 hwsim_utils
.test_connectivity(dev
[0], hapd
)
655 def test_ap_wpa2_psk_ext_retry_msg_3c(dev
, apdev
):
656 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (c)"""
657 bssid
= apdev
[0]['bssid']
658 ssid
= "test-wpa2-psk"
659 passphrase
= 'qwertyuiop'
660 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
661 params
= hostapd
.wpa2_params(ssid
=ssid
)
662 params
['wpa_psk'] = psk
663 hapd
= hostapd
.add_ap(apdev
[0], params
)
664 hapd
.request("SET ext_eapol_frame_io 1")
665 dev
[0].request("SET ext_eapol_frame_io 1")
666 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412", wait_connect
=False)
667 addr
= dev
[0].p2p_interface_addr()
670 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
672 raise Exception("Timeout on EAPOL-TX from hostapd")
673 msg1
= ev
.split(' ')[2]
674 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg1
)
676 raise Exception("EAPOL_RX to wpa_supplicant failed")
679 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
681 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
682 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
684 raise Exception("EAPOL_RX to hostapd failed")
687 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
689 raise Exception("Timeout on EAPOL-TX from hostapd")
690 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
692 raise Exception("EAPOL_RX to wpa_supplicant failed")
695 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
697 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
698 msg4
= ev
.split(' ')[2]
699 # Do not send msg 4/4 to hostapd to trigger retry
701 # STA believes everything is ready
702 dev
[0].wait_connected()
704 # EAPOL-Key msg 3/4 (retry)
705 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
707 raise Exception("Timeout on EAPOL-TX from hostapd")
708 msg3
= ev
.split(' ')[2]
710 # Send a forged msg 1/4 to STA (update replay counter)
711 msg1b
= msg1
[0:18] + msg3
[18:34] + msg1
[34:]
712 # and replace nonce (this results in "WPA: ANonce from message 1 of
713 # 4-Way Handshake differs from 3 of 4-Way Handshake - drop packet" when
714 # wpa_supplicant processed msg 3/4 afterwards)
715 #msg1b = msg1[0:18] + msg3[18:34] + 32*"ff" + msg1[98:]
716 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg1b
)
718 raise Exception("EAPOL_RX to wpa_supplicant failed")
720 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=1)
722 # wpa_supplicant seems to have ignored the forged message. This means
723 # the attack would fail.
724 logger
.info("wpa_supplicant ignored forged EAPOL-Key msg 1/4")
726 # Do not send msg 2/4 to hostapd
728 # Send previously received msg 3/4 to STA
729 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg3
)
731 raise Exception("EAPOL_RX to wpa_supplicant failed")
734 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
736 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
737 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
739 raise Exception("EAPOL_RX to hostapd failed")
741 ev
= hapd
.wait_event(["AP-STA-CONNECTED"], timeout
=15)
743 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
745 hwsim_utils
.test_connectivity(dev
[0], hapd
)
747 def test_ap_wpa2_psk_ext_retry_msg_3d(dev
, apdev
):
748 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (d)"""
749 bssid
= apdev
[0]['bssid']
750 ssid
= "test-wpa2-psk"
751 passphrase
= 'qwertyuiop'
752 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
753 params
= hostapd
.wpa2_params(ssid
=ssid
)
754 params
['wpa_psk'] = psk
755 hapd
= hostapd
.add_ap(apdev
[0], params
)
756 hapd
.request("SET ext_eapol_frame_io 1")
757 dev
[0].request("SET ext_eapol_frame_io 1")
758 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412", wait_connect
=False)
759 addr
= dev
[0].p2p_interface_addr()
762 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
764 raise Exception("Timeout on EAPOL-TX from hostapd")
765 msg1
= ev
.split(' ')[2]
766 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg1
)
768 raise Exception("EAPOL_RX to wpa_supplicant failed")
771 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
773 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
774 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
776 raise Exception("EAPOL_RX to hostapd failed")
779 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
781 raise Exception("Timeout on EAPOL-TX from hostapd")
782 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
784 raise Exception("EAPOL_RX to wpa_supplicant failed")
787 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
789 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
790 msg4
= ev
.split(' ')[2]
791 # Do not send msg 4/4 to hostapd to trigger retry
793 # STA believes everything is ready
794 dev
[0].wait_connected()
796 # EAPOL-Key msg 3/4 (retry)
797 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
799 raise Exception("Timeout on EAPOL-TX from hostapd")
800 msg3
= ev
.split(' ')[2]
802 # Send a forged msg 1/4 to STA (update replay counter)
803 msg1b
= msg1
[0:18] + msg3
[18:34] + msg1
[34:]
804 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg1b
)
806 raise Exception("EAPOL_RX to wpa_supplicant failed")
808 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=1)
810 # wpa_supplicant seems to have ignored the forged message. This means
811 # the attack would fail.
812 logger
.info("wpa_supplicant ignored forged EAPOL-Key msg 1/4")
814 # Do not send msg 2/4 to hostapd
816 # EAPOL-Key msg 3/4 (retry 2)
817 # New one needed to get the correct Replay Counter value
818 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
820 raise Exception("Timeout on EAPOL-TX from hostapd")
821 msg3
= ev
.split(' ')[2]
823 # Send msg 3/4 to STA
824 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg3
)
826 raise Exception("EAPOL_RX to wpa_supplicant failed")
829 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
831 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
832 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
834 raise Exception("EAPOL_RX to hostapd failed")
836 ev
= hapd
.wait_event(["AP-STA-CONNECTED"], timeout
=15)
838 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
840 hwsim_utils
.test_connectivity(dev
[0], hapd
)
842 def test_ap_wpa2_psk_ext_retry_msg_3e(dev
, apdev
):
843 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (e)"""
844 bssid
= apdev
[0]['bssid']
845 ssid
= "test-wpa2-psk"
846 passphrase
= 'qwertyuiop'
847 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
848 params
= hostapd
.wpa2_params(ssid
=ssid
)
849 params
['wpa_psk'] = psk
850 hapd
= hostapd
.add_ap(apdev
[0], params
)
851 hapd
.request("SET ext_eapol_frame_io 1")
852 dev
[0].request("SET ext_eapol_frame_io 1")
853 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412", wait_connect
=False)
854 addr
= dev
[0].p2p_interface_addr()
857 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
859 raise Exception("Timeout on EAPOL-TX from hostapd")
860 msg1
= ev
.split(' ')[2]
861 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg1
)
863 raise Exception("EAPOL_RX to wpa_supplicant failed")
866 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
868 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
869 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
871 raise Exception("EAPOL_RX to hostapd failed")
874 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
876 raise Exception("Timeout on EAPOL-TX from hostapd")
877 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
879 raise Exception("EAPOL_RX to wpa_supplicant failed")
882 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
884 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
885 msg4
= ev
.split(' ')[2]
886 # Do not send msg 4/4 to hostapd to trigger retry
888 # STA believes everything is ready
889 dev
[0].wait_connected()
891 # EAPOL-Key msg 3/4 (retry)
892 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
894 raise Exception("Timeout on EAPOL-TX from hostapd")
895 msg3
= ev
.split(' ')[2]
897 # Send a forged msg 1/4 to STA (update replay counter and replace ANonce)
898 msg1b
= msg1
[0:18] + msg3
[18:34] + 32*"ff" + msg1
[98:]
899 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg1b
)
901 raise Exception("EAPOL_RX to wpa_supplicant failed")
903 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=1)
905 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
906 # Do not send msg 2/4 to hostapd
908 # Send a forged msg 1/4 to STA (back to previously used ANonce)
909 msg1b
= msg1
[0:18] + msg3
[18:34] + msg1
[34:]
910 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg1b
)
912 raise Exception("EAPOL_RX to wpa_supplicant failed")
914 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=1)
916 # wpa_supplicant seems to have ignored the forged message. This means
917 # the attack would fail.
918 logger
.info("wpa_supplicant ignored forged EAPOL-Key msg 1/4")
920 # Do not send msg 2/4 to hostapd
922 # EAPOL-Key msg 3/4 (retry 2)
923 # New one needed to get the correct Replay Counter value
924 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
926 raise Exception("Timeout on EAPOL-TX from hostapd")
927 msg3
= ev
.split(' ')[2]
929 # Send msg 3/4 to STA
930 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg3
)
932 raise Exception("EAPOL_RX to wpa_supplicant failed")
935 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
937 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
938 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
940 raise Exception("EAPOL_RX to hostapd failed")
942 ev
= hapd
.wait_event(["AP-STA-CONNECTED"], timeout
=15)
944 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
946 hwsim_utils
.test_connectivity(dev
[0], hapd
)
948 def parse_eapol(data
):
949 (version
, type, length
) = struct
.unpack('>BBH', data
[0:4])
951 if length
> len(payload
):
952 raise Exception("Invalid EAPOL length")
953 if length
< len(payload
):
954 payload
= payload
[0:length
]
956 eapol
['version'] = version
958 eapol
['length'] = length
959 eapol
['payload'] = payload
962 (eapol
['descr_type'],) = struct
.unpack('B', payload
[0:1])
963 payload
= payload
[1:]
964 if eapol
['descr_type'] == 2 or eapol
['descr_type'] == 254:
966 (key_info
, key_len
) = struct
.unpack('>HH', payload
[0:4])
967 eapol
['rsn_key_info'] = key_info
968 eapol
['rsn_key_len'] = key_len
969 eapol
['rsn_replay_counter'] = payload
[4:12]
970 eapol
['rsn_key_nonce'] = payload
[12:44]
971 eapol
['rsn_key_iv'] = payload
[44:60]
972 eapol
['rsn_key_rsc'] = payload
[60:68]
973 eapol
['rsn_key_id'] = payload
[68:76]
974 eapol
['rsn_key_mic'] = payload
[76:92]
975 payload
= payload
[92:]
976 (eapol
['rsn_key_data_len'],) = struct
.unpack('>H', payload
[0:2])
977 payload
= payload
[2:]
978 eapol
['rsn_key_data'] = payload
981 def build_eapol(msg
):
982 data
= struct
.pack(">BBH", msg
['version'], msg
['type'], msg
['length'])
984 data
+= struct
.pack('>BHH', msg
['descr_type'], msg
['rsn_key_info'],
986 data
+= msg
['rsn_replay_counter']
987 data
+= msg
['rsn_key_nonce']
988 data
+= msg
['rsn_key_iv']
989 data
+= msg
['rsn_key_rsc']
990 data
+= msg
['rsn_key_id']
991 data
+= msg
['rsn_key_mic']
992 data
+= struct
.pack('>H', msg
['rsn_key_data_len'])
993 data
+= msg
['rsn_key_data']
995 data
+= msg
['payload']
998 def sha1_prf(key
, label
, data
, outlen
):
1002 m
= hmac
.new(key
, label
, hashlib
.sha1
)
1003 m
.update(struct
.pack('B', 0))
1005 m
.update(struct
.pack('B', counter
))
1008 if outlen
> len(hash):
1012 res
+= hash[0:outlen
]
1016 def pmk_to_ptk(pmk
, addr1
, addr2
, nonce1
, nonce2
):
1018 data
= binascii
.unhexlify(addr1
.replace(':','')) + binascii
.unhexlify(addr2
.replace(':',''))
1020 data
= binascii
.unhexlify(addr2
.replace(':','')) + binascii
.unhexlify(addr1
.replace(':',''))
1022 data
+= nonce1
+ nonce2
1024 data
+= nonce2
+ nonce1
1025 label
= "Pairwise key expansion"
1026 ptk
= sha1_prf(pmk
, label
, data
, 48)
1029 return (ptk
, kck
, kek
)
1031 def eapol_key_mic(kck
, msg
):
1032 msg
['rsn_key_mic'] = binascii
.unhexlify('00000000000000000000000000000000')
1033 data
= build_eapol(msg
)
1034 m
= hmac
.new(kck
, data
, hashlib
.sha1
)
1035 msg
['rsn_key_mic'] = m
.digest()[0:16]
1037 def rsn_eapol_key_set(msg
, key_info
, key_len
, nonce
, data
):
1038 msg
['rsn_key_info'] = key_info
1039 msg
['rsn_key_len'] = key_len
1041 msg
['rsn_key_nonce'] = nonce
1043 msg
['rsn_key_nonce'] = binascii
.unhexlify('0000000000000000000000000000000000000000000000000000000000000000')
1045 msg
['rsn_key_data_len'] = len(data
)
1046 msg
['rsn_key_data'] = data
1047 msg
['length'] = 95 + len(data
)
1049 msg
['rsn_key_data_len'] = 0
1050 msg
['rsn_key_data'] = ''
1053 def recv_eapol(hapd
):
1054 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
1056 raise Exception("Timeout on EAPOL-TX from hostapd")
1057 eapol
= binascii
.unhexlify(ev
.split(' ')[2])
1058 return parse_eapol(eapol
)
1060 def send_eapol(hapd
, addr
, data
):
1061 res
= hapd
.request("EAPOL_RX " + addr
+ " " + binascii
.hexlify(data
))
1063 raise Exception("EAPOL_RX to hostapd failed")
1065 def reply_eapol(info
, hapd
, addr
, msg
, key_info
, nonce
, data
, kck
):
1066 logger
.info("Send EAPOL-Key msg " + info
)
1067 rsn_eapol_key_set(msg
, key_info
, 0, nonce
, data
)
1068 eapol_key_mic(kck
, msg
)
1069 send_eapol(hapd
, addr
, build_eapol(msg
))
1071 def hapd_connected(hapd
):
1072 ev
= hapd
.wait_event(["AP-STA-CONNECTED"], timeout
=15)
1074 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
1076 def eapol_test(apdev
, dev
, wpa2
=True):
1077 bssid
= apdev
['bssid']
1079 ssid
= "test-wpa2-psk"
1081 ssid
= "test-wpa-psk"
1082 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
1083 pmk
= binascii
.unhexlify(psk
)
1085 params
= hostapd
.wpa2_params(ssid
=ssid
)
1087 params
= hostapd
.wpa_params(ssid
=ssid
)
1088 params
['wpa_psk'] = psk
1089 hapd
= hostapd
.add_ap(apdev
, params
)
1090 hapd
.request("SET ext_eapol_frame_io 1")
1091 dev
.request("SET ext_eapol_frame_io 1")
1092 dev
.connect(ssid
, raw_psk
=psk
, scan_freq
="2412", wait_connect
=False)
1093 addr
= dev
.p2p_interface_addr()
1095 rsne
= binascii
.unhexlify('30140100000fac040100000fac040100000fac020000')
1097 rsne
= binascii
.unhexlify('dd160050f20101000050f20201000050f20201000050f202')
1098 snonce
= binascii
.unhexlify('1111111111111111111111111111111111111111111111111111111111111111')
1099 return (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
)
1102 def test_ap_wpa2_psk_ext_eapol(dev
, apdev
):
1103 """WPA2-PSK AP using external EAPOL supplicant"""
1104 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
1106 msg
= recv_eapol(hapd
)
1107 anonce
= msg
['rsn_key_nonce']
1108 logger
.info("Replay same data back")
1109 send_eapol(hapd
, addr
, build_eapol(msg
))
1111 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1113 logger
.info("Truncated Key Data in EAPOL-Key msg 2/4")
1114 rsn_eapol_key_set(msg
, 0x0101, 0, snonce
, rsne
)
1115 msg
['length'] = 95 + 22 - 1
1116 send_eapol(hapd
, addr
, build_eapol(msg
))
1118 reply_eapol("2/4", hapd
, addr
, msg
, 0x010a, snonce
, rsne
, kck
)
1120 msg
= recv_eapol(hapd
)
1121 if anonce
!= msg
['rsn_key_nonce']:
1122 raise Exception("ANonce changed")
1123 logger
.info("Replay same data back")
1124 send_eapol(hapd
, addr
, build_eapol(msg
))
1126 reply_eapol("4/4", hapd
, addr
, msg
, 0x030a, None, None, kck
)
1127 hapd_connected(hapd
)
1130 def test_ap_wpa2_psk_ext_eapol_retry1(dev
, apdev
):
1131 """WPA2 4-way handshake with EAPOL-Key 1/4 retransmitted"""
1132 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
1134 msg1
= recv_eapol(hapd
)
1135 anonce
= msg1
['rsn_key_nonce']
1137 msg2
= recv_eapol(hapd
)
1138 if anonce
!= msg2
['rsn_key_nonce']:
1139 raise Exception("ANonce changed")
1141 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1143 logger
.info("Send EAPOL-Key msg 2/4")
1145 rsn_eapol_key_set(msg
, 0x010a, 0, snonce
, rsne
)
1146 eapol_key_mic(kck
, msg
)
1147 send_eapol(hapd
, addr
, build_eapol(msg
))
1149 msg
= recv_eapol(hapd
)
1150 if anonce
!= msg
['rsn_key_nonce']:
1151 raise Exception("ANonce changed")
1153 reply_eapol("4/4", hapd
, addr
, msg
, 0x030a, None, None, kck
)
1154 hapd_connected(hapd
)
1157 def test_ap_wpa2_psk_ext_eapol_retry1b(dev
, apdev
):
1158 """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted"""
1159 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
1161 msg1
= recv_eapol(hapd
)
1162 anonce
= msg1
['rsn_key_nonce']
1163 msg2
= recv_eapol(hapd
)
1164 if anonce
!= msg2
['rsn_key_nonce']:
1165 raise Exception("ANonce changed")
1167 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1168 reply_eapol("2/4 (a)", hapd
, addr
, msg1
, 0x010a, snonce
, rsne
, kck
)
1169 reply_eapol("2/4 (b)", hapd
, addr
, msg2
, 0x010a, snonce
, rsne
, kck
)
1171 msg
= recv_eapol(hapd
)
1172 if anonce
!= msg
['rsn_key_nonce']:
1173 raise Exception("ANonce changed")
1175 reply_eapol("4/4", hapd
, addr
, msg
, 0x030a, None, None, kck
)
1176 hapd_connected(hapd
)
1179 def test_ap_wpa2_psk_ext_eapol_retry1c(dev
, apdev
):
1180 """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted and SNonce changing"""
1181 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
1183 msg1
= recv_eapol(hapd
)
1184 anonce
= msg1
['rsn_key_nonce']
1186 msg2
= recv_eapol(hapd
)
1187 if anonce
!= msg2
['rsn_key_nonce']:
1188 raise Exception("ANonce changed")
1189 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1190 reply_eapol("2/4 (a)", hapd
, addr
, msg1
, 0x010a, snonce
, rsne
, kck
)
1192 snonce2
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1193 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce2
, anonce
)
1194 reply_eapol("2/4 (b)", hapd
, addr
, msg2
, 0x010a, snonce2
, rsne
, kck
)
1196 msg
= recv_eapol(hapd
)
1197 if anonce
!= msg
['rsn_key_nonce']:
1198 raise Exception("ANonce changed")
1199 reply_eapol("4/4", hapd
, addr
, msg
, 0x030a, None, None, kck
)
1200 hapd_connected(hapd
)
1203 def test_ap_wpa2_psk_ext_eapol_retry1d(dev
, apdev
):
1204 """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted and SNonce changing and older used"""
1205 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
1207 msg1
= recv_eapol(hapd
)
1208 anonce
= msg1
['rsn_key_nonce']
1209 msg2
= recv_eapol(hapd
)
1210 if anonce
!= msg2
['rsn_key_nonce']:
1211 raise Exception("ANonce changed")
1213 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1214 reply_eapol("2/4 (a)", hapd
, addr
, msg1
, 0x010a, snonce
, rsne
, kck
)
1216 snonce2
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1217 (ptk2
, kck2
, kek2
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce2
, anonce
)
1219 reply_eapol("2/4 (b)", hapd
, addr
, msg2
, 0x010a, snonce2
, rsne
, kck2
)
1220 msg
= recv_eapol(hapd
)
1221 if anonce
!= msg
['rsn_key_nonce']:
1222 raise Exception("ANonce changed")
1223 reply_eapol("4/4", hapd
, addr
, msg
, 0x030a, None, None, kck
)
1224 hapd_connected(hapd
)
1227 def test_ap_wpa2_psk_ext_eapol_type_diff(dev
, apdev
):
1228 """WPA2 4-way handshake using external EAPOL supplicant"""
1229 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
1231 msg
= recv_eapol(hapd
)
1232 anonce
= msg
['rsn_key_nonce']
1234 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1236 # Incorrect descriptor type (frame dropped)
1237 msg
['descr_type'] = 253
1238 rsn_eapol_key_set(msg
, 0x010a, 0, snonce
, rsne
)
1239 eapol_key_mic(kck
, msg
)
1240 send_eapol(hapd
, addr
, build_eapol(msg
))
1242 # Incorrect descriptor type, but with a workaround (frame processed)
1243 msg
['descr_type'] = 254
1244 rsn_eapol_key_set(msg
, 0x010a, 0, snonce
, rsne
)
1245 eapol_key_mic(kck
, msg
)
1246 send_eapol(hapd
, addr
, build_eapol(msg
))
1248 msg
= recv_eapol(hapd
)
1249 if anonce
!= msg
['rsn_key_nonce']:
1250 raise Exception("ANonce changed")
1251 logger
.info("Replay same data back")
1252 send_eapol(hapd
, addr
, build_eapol(msg
))
1254 reply_eapol("4/4", hapd
, addr
, msg
, 0x030a, None, None, kck
)
1255 hapd_connected(hapd
)
1258 def test_ap_wpa_psk_ext_eapol(dev
, apdev
):
1259 """WPA2-PSK AP using external EAPOL supplicant"""
1260 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,wpae
) = eapol_test(apdev
[0], dev
[0],
1263 msg
= recv_eapol(hapd
)
1264 anonce
= msg
['rsn_key_nonce']
1265 logger
.info("Replay same data back")
1266 send_eapol(hapd
, addr
, build_eapol(msg
))
1267 logger
.info("Too short data")
1268 send_eapol(hapd
, addr
, build_eapol(msg
)[0:98])
1270 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1271 msg
['descr_type'] = 2
1272 reply_eapol("2/4(invalid type)", hapd
, addr
, msg
, 0x010a, snonce
, wpae
, kck
)
1273 msg
['descr_type'] = 254
1274 reply_eapol("2/4", hapd
, addr
, msg
, 0x010a, snonce
, wpae
, kck
)
1276 msg
= recv_eapol(hapd
)
1277 if anonce
!= msg
['rsn_key_nonce']:
1278 raise Exception("ANonce changed")
1279 logger
.info("Replay same data back")
1280 send_eapol(hapd
, addr
, build_eapol(msg
))
1282 reply_eapol("4/4", hapd
, addr
, msg
, 0x030a, None, None, kck
)
1283 hapd_connected(hapd
)
1286 def test_ap_wpa2_psk_ext_eapol_key_info(dev
, apdev
):
1287 """WPA2-PSK 4-way handshake with strange key info values"""
1288 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
1290 msg
= recv_eapol(hapd
)
1291 anonce
= msg
['rsn_key_nonce']
1293 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1294 rsn_eapol_key_set(msg
, 0x0000, 0, snonce
, rsne
)
1295 send_eapol(hapd
, addr
, build_eapol(msg
))
1296 rsn_eapol_key_set(msg
, 0xffff, 0, snonce
, rsne
)
1297 send_eapol(hapd
, addr
, build_eapol(msg
))
1299 rsn_eapol_key_set(msg
, 0x2802, 0, snonce
, rsne
)
1300 send_eapol(hapd
, addr
, build_eapol(msg
))
1302 rsn_eapol_key_set(msg
, 0x2002, 0, snonce
, rsne
)
1303 send_eapol(hapd
, addr
, build_eapol(msg
))
1305 rsn_eapol_key_set(msg
, 0x0902, 0, snonce
, rsne
)
1306 send_eapol(hapd
, addr
, build_eapol(msg
))
1308 rsn_eapol_key_set(msg
, 0x0902, 0, snonce
, rsne
)
1309 tmp_kck
= binascii
.unhexlify('00000000000000000000000000000000')
1310 eapol_key_mic(tmp_kck
, msg
)
1311 send_eapol(hapd
, addr
, build_eapol(msg
))
1313 reply_eapol("2/4", hapd
, addr
, msg
, 0x010a, snonce
, rsne
, kck
)
1315 msg
= recv_eapol(hapd
)
1316 if anonce
!= msg
['rsn_key_nonce']:
1317 raise Exception("ANonce changed")
1319 # Request (valic MIC)
1320 rsn_eapol_key_set(msg
, 0x0902, 0, snonce
, rsne
)
1321 eapol_key_mic(kck
, msg
)
1322 send_eapol(hapd
, addr
, build_eapol(msg
))
1323 # Request (valid MIC, replayed counter)
1324 rsn_eapol_key_set(msg
, 0x0902, 0, snonce
, rsne
)
1325 eapol_key_mic(kck
, msg
)
1326 send_eapol(hapd
, addr
, build_eapol(msg
))
1328 reply_eapol("4/4", hapd
, addr
, msg
, 0x030a, None, None, kck
)
1329 hapd_connected(hapd
)
1331 def build_eapol_key_1_4(anonce
, replay_counter
=1, key_data
='', key_len
=16):
1335 msg
['length'] = 95 + len(key_data
)
1337 msg
['descr_type'] = 2
1338 msg
['rsn_key_info'] = 0x8a
1339 msg
['rsn_key_len'] = key_len
1340 msg
['rsn_replay_counter'] = struct
.pack('>Q', replay_counter
)
1341 msg
['rsn_key_nonce'] = anonce
1342 msg
['rsn_key_iv'] = binascii
.unhexlify('00000000000000000000000000000000')
1343 msg
['rsn_key_rsc'] = binascii
.unhexlify('0000000000000000')
1344 msg
['rsn_key_id'] = binascii
.unhexlify('0000000000000000')
1345 msg
['rsn_key_mic'] = binascii
.unhexlify('00000000000000000000000000000000')
1346 msg
['rsn_key_data_len'] = len(key_data
)
1347 msg
['rsn_key_data'] = key_data
1350 def build_eapol_key_3_4(anonce
, kck
, key_data
, replay_counter
=2,
1351 key_info
=0x13ca, extra_len
=0, descr_type
=2, key_len
=16):
1355 msg
['length'] = 95 + len(key_data
) + extra_len
1357 msg
['descr_type'] = descr_type
1358 msg
['rsn_key_info'] = key_info
1359 msg
['rsn_key_len'] = key_len
1360 msg
['rsn_replay_counter'] = struct
.pack('>Q', replay_counter
)
1361 msg
['rsn_key_nonce'] = anonce
1362 msg
['rsn_key_iv'] = binascii
.unhexlify('00000000000000000000000000000000')
1363 msg
['rsn_key_rsc'] = binascii
.unhexlify('0000000000000000')
1364 msg
['rsn_key_id'] = binascii
.unhexlify('0000000000000000')
1365 msg
['rsn_key_data_len'] = len(key_data
)
1366 msg
['rsn_key_data'] = key_data
1367 eapol_key_mic(kck
, msg
)
1370 def aes_wrap(kek
, plain
):
1372 a
= 0xa6a6a6a6a6a6a6a6
1373 enc
= AES
.new(kek
).encrypt
1374 r
= [plain
[i
* 8:(i
+ 1) * 8] for i
in range(0, n
)]
1376 for i
in range(1, n
+ 1):
1377 b
= enc(struct
.pack('>Q', a
) + r
[i
- 1])
1378 a
= struct
.unpack('>Q', b
[:8])[0] ^
(n
* j
+ i
)
1380 return struct
.pack('>Q', a
) + ''.join(r
)
1382 def pad_key_data(plain
):
1383 pad_len
= len(plain
) % 8
1385 pad_len
= 8 - pad_len
1388 plain
+= pad_len
* '\0'
1391 def test_ap_wpa2_psk_supp_proto(dev
, apdev
):
1392 """WPA2-PSK 4-way handshake protocol testing for supplicant"""
1393 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
1395 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1396 msg
= recv_eapol(hapd
)
1397 dev
[0].dump_monitor()
1399 # Build own EAPOL-Key msg 1/4
1400 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1402 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
1404 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1405 msg
= recv_eapol(dev
[0])
1406 snonce
= msg
['rsn_key_nonce']
1408 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1410 logger
.debug("Invalid AES wrap data length 0")
1411 dev
[0].dump_monitor()
1412 msg
= build_eapol_key_3_4(anonce
, kck
, '', replay_counter
=counter
)
1414 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1415 ev
= dev
[0].wait_event(["WPA: Unsupported AES-WRAP len 0"])
1417 raise Exception("Unsupported AES-WRAP len 0 not reported")
1419 logger
.debug("Invalid AES wrap data length 1")
1420 dev
[0].dump_monitor()
1421 msg
= build_eapol_key_3_4(anonce
, kck
, '1', replay_counter
=counter
)
1423 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1424 ev
= dev
[0].wait_event(["WPA: Unsupported AES-WRAP len 1"])
1426 raise Exception("Unsupported AES-WRAP len 1 not reported")
1428 logger
.debug("Invalid AES wrap data length 9")
1429 dev
[0].dump_monitor()
1430 msg
= build_eapol_key_3_4(anonce
, kck
, '123456789', replay_counter
=counter
)
1432 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1433 ev
= dev
[0].wait_event(["WPA: Unsupported AES-WRAP len 9"])
1435 raise Exception("Unsupported AES-WRAP len 9 not reported")
1437 logger
.debug("Invalid AES wrap data payload")
1438 dev
[0].dump_monitor()
1439 msg
= build_eapol_key_3_4(anonce
, kck
, '12345678', replay_counter
=counter
)
1440 # do not increment counter to test replay protection
1441 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1442 ev
= dev
[0].wait_event(["WPA: AES unwrap failed"])
1444 raise Exception("AES unwrap failure not reported")
1446 logger
.debug("Replay Count not increasing")
1447 dev
[0].dump_monitor()
1448 msg
= build_eapol_key_3_4(anonce
, kck
, '12345678', replay_counter
=counter
)
1450 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1451 ev
= dev
[0].wait_event(["WPA: EAPOL-Key Replay Counter did not increase"])
1453 raise Exception("Replay Counter replay not reported")
1455 logger
.debug("Missing Ack bit in key info")
1456 dev
[0].dump_monitor()
1457 msg
= build_eapol_key_3_4(anonce
, kck
, '12345678', replay_counter
=counter
,
1460 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1461 ev
= dev
[0].wait_event(["WPA: No Ack bit in key_info"])
1463 raise Exception("Missing Ack bit not reported")
1465 logger
.debug("Unexpected Request bit in key info")
1466 dev
[0].dump_monitor()
1467 msg
= build_eapol_key_3_4(anonce
, kck
, '12345678', replay_counter
=counter
,
1470 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1471 ev
= dev
[0].wait_event(["WPA: EAPOL-Key with Request bit"])
1473 raise Exception("Request bit not reported")
1475 logger
.debug("Unsupported key descriptor version 0")
1476 dev
[0].dump_monitor()
1477 msg
= build_eapol_key_3_4(anonce
, kck
, '0123456789abcdef',
1478 replay_counter
=counter
, key_info
=0x13c8)
1480 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1481 ev
= dev
[0].wait_event(["WPA: Unsupported EAPOL-Key descriptor version 0"])
1483 raise Exception("Unsupported EAPOL-Key descriptor version 0 not reported")
1485 logger
.debug("Key descriptor version 1 not allowed with CCMP")
1486 dev
[0].dump_monitor()
1487 msg
= build_eapol_key_3_4(anonce
, kck
, '0123456789abcdef',
1488 replay_counter
=counter
, key_info
=0x13c9)
1490 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1491 ev
= dev
[0].wait_event(["WPA: CCMP is used, but EAPOL-Key descriptor version (1) is not 2"])
1493 raise Exception("Not allowed EAPOL-Key descriptor version not reported")
1495 logger
.debug("Invalid AES wrap payload with key descriptor version 2")
1496 dev
[0].dump_monitor()
1497 msg
= build_eapol_key_3_4(anonce
, kck
, '0123456789abcdef',
1498 replay_counter
=counter
, key_info
=0x13ca)
1500 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1501 ev
= dev
[0].wait_event(["WPA: AES unwrap failed"])
1503 raise Exception("AES unwrap failure not reported")
1505 logger
.debug("Key descriptor version 3 workaround")
1506 dev
[0].dump_monitor()
1507 msg
= build_eapol_key_3_4(anonce
, kck
, '0123456789abcdef',
1508 replay_counter
=counter
, key_info
=0x13cb)
1510 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1511 ev
= dev
[0].wait_event(["WPA: CCMP is used, but EAPOL-Key descriptor version (3) is not 2"])
1513 raise Exception("CCMP key descriptor mismatch not reported")
1514 ev
= dev
[0].wait_event(["WPA: Interoperability workaround"])
1516 raise Exception("AES-128-CMAC workaround not reported")
1517 ev
= dev
[0].wait_event(["WPA: Invalid EAPOL-Key MIC - dropping packet"])
1519 raise Exception("MIC failure with AES-128-CMAC workaround not reported")
1521 logger
.debug("Unsupported key descriptor version 4")
1522 dev
[0].dump_monitor()
1523 msg
= build_eapol_key_3_4(anonce
, kck
, '0123456789abcdef',
1524 replay_counter
=counter
, key_info
=0x13cc)
1526 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1527 ev
= dev
[0].wait_event(["WPA: Unsupported EAPOL-Key descriptor version 4"])
1529 raise Exception("Unsupported EAPOL-Key descriptor version 4 not reported")
1531 logger
.debug("Unsupported key descriptor version 7")
1532 dev
[0].dump_monitor()
1533 msg
= build_eapol_key_3_4(anonce
, kck
, '0123456789abcdef',
1534 replay_counter
=counter
, key_info
=0x13cf)
1536 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1537 ev
= dev
[0].wait_event(["WPA: Unsupported EAPOL-Key descriptor version 7"])
1539 raise Exception("Unsupported EAPOL-Key descriptor version 7 not reported")
1541 logger
.debug("Too short EAPOL header length")
1542 dev
[0].dump_monitor()
1543 msg
= build_eapol_key_3_4(anonce
, kck
, '12345678', replay_counter
=counter
,
1546 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1547 ev
= dev
[0].wait_event(["WPA: Invalid EAPOL-Key frame - key_data overflow (8 > 7)"])
1549 raise Exception("Key data overflow not reported")
1551 logger
.debug("Too long EAPOL header length")
1552 msg
= build_eapol_key_3_4(anonce
, kck
, '12345678', replay_counter
=counter
,
1555 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1557 logger
.debug("Unsupported descriptor type 0")
1558 msg
= build_eapol_key_3_4(anonce
, kck
, '12345678', replay_counter
=counter
,
1561 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1563 logger
.debug("WPA descriptor type 0")
1564 msg
= build_eapol_key_3_4(anonce
, kck
, '12345678', replay_counter
=counter
,
1567 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1569 logger
.debug("Non-zero key index for pairwise key")
1570 dev
[0].dump_monitor()
1571 wrapped
= aes_wrap(kek
, 16*'z')
1572 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
,
1575 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1576 ev
= dev
[0].wait_event(["WPA: Ignored EAPOL-Key (Pairwise) with non-zero key index"])
1578 raise Exception("Non-zero key index not reported")
1580 logger
.debug("Invalid Key Data plaintext payload --> disconnect")
1581 dev
[0].dump_monitor()
1582 wrapped
= aes_wrap(kek
, 16*'z')
1583 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
)
1585 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1586 dev
[0].wait_disconnected(timeout
=1)
1588 def test_ap_wpa2_psk_supp_proto_no_ie(dev
, apdev
):
1589 """WPA2-PSK supplicant protocol testing: IE not included"""
1590 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
1592 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1593 msg
= recv_eapol(hapd
)
1594 dev
[0].dump_monitor()
1596 # Build own EAPOL-Key msg 1/4
1597 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1599 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
1601 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1602 msg
= recv_eapol(dev
[0])
1603 snonce
= msg
['rsn_key_nonce']
1605 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1607 logger
.debug("No IEs in msg 3/4 --> disconnect")
1608 dev
[0].dump_monitor()
1609 wrapped
= aes_wrap(kek
, 16*'\0')
1610 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
)
1612 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1613 dev
[0].wait_disconnected(timeout
=1)
1615 def test_ap_wpa2_psk_supp_proto_ie_mismatch(dev
, apdev
):
1616 """WPA2-PSK supplicant protocol testing: IE mismatch"""
1617 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
1619 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1620 msg
= recv_eapol(hapd
)
1621 dev
[0].dump_monitor()
1623 # Build own EAPOL-Key msg 1/4
1624 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1626 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
1628 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1629 msg
= recv_eapol(dev
[0])
1630 snonce
= msg
['rsn_key_nonce']
1632 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1634 logger
.debug("Msg 3/4 with mismatching IE")
1635 dev
[0].dump_monitor()
1636 wrapped
= aes_wrap(kek
, pad_key_data(binascii
.unhexlify('30060100000fac04dd16000fac010100dc11188831bf4aa4a8678d2b41498618')))
1637 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
)
1639 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1640 dev
[0].wait_disconnected(timeout
=1)
1642 def test_ap_wpa2_psk_supp_proto_ok(dev
, apdev
):
1643 """WPA2-PSK supplicant protocol testing: success"""
1644 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
1646 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1647 msg
= recv_eapol(hapd
)
1648 dev
[0].dump_monitor()
1650 # Build own EAPOL-Key msg 1/4
1651 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1653 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
1655 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1656 msg
= recv_eapol(dev
[0])
1657 snonce
= msg
['rsn_key_nonce']
1659 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1661 logger
.debug("Valid EAPOL-Key msg 3/4")
1662 dev
[0].dump_monitor()
1663 plain
= binascii
.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
1664 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
1665 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
)
1667 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1668 dev
[0].wait_connected(timeout
=1)
1670 def test_ap_wpa2_psk_supp_proto_no_gtk(dev
, apdev
):
1671 """WPA2-PSK supplicant protocol testing: no GTK"""
1672 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
1674 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1675 msg
= recv_eapol(hapd
)
1676 dev
[0].dump_monitor()
1678 # Build own EAPOL-Key msg 1/4
1679 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1681 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
1683 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1684 msg
= recv_eapol(dev
[0])
1685 snonce
= msg
['rsn_key_nonce']
1687 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1689 logger
.debug("EAPOL-Key msg 3/4 without GTK KDE")
1690 dev
[0].dump_monitor()
1691 plain
= binascii
.unhexlify('30140100000fac040100000fac040100000fac020c00')
1692 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
1693 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
)
1695 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1696 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=0.1)
1698 raise Exception("Unexpected connection completion reported")
1700 def test_ap_wpa2_psk_supp_proto_anonce_change(dev
, apdev
):
1701 """WPA2-PSK supplicant protocol testing: ANonce change"""
1702 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
1704 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1705 msg
= recv_eapol(hapd
)
1706 dev
[0].dump_monitor()
1708 # Build own EAPOL-Key msg 1/4
1709 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1711 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
1713 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1714 msg
= recv_eapol(dev
[0])
1715 snonce
= msg
['rsn_key_nonce']
1717 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1719 logger
.debug("Valid EAPOL-Key msg 3/4")
1720 dev
[0].dump_monitor()
1721 anonce2
= binascii
.unhexlify('3333333333333333333333333333333333333333333333333333333333333333')
1722 plain
= binascii
.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
1723 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
1724 msg
= build_eapol_key_3_4(anonce2
, kck
, wrapped
, replay_counter
=counter
)
1726 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1727 ev
= dev
[0].wait_event(["WPA: ANonce from message 1 of 4-Way Handshake differs from 3 of 4-Way Handshake"])
1729 raise Exception("ANonce change not reported")
1731 def test_ap_wpa2_psk_supp_proto_unexpected_group_msg(dev
, apdev
):
1732 """WPA2-PSK supplicant protocol testing: unexpected group message"""
1733 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
1735 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1736 msg
= recv_eapol(hapd
)
1737 dev
[0].dump_monitor()
1739 # Build own EAPOL-Key msg 1/4
1740 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1742 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
1744 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1745 msg
= recv_eapol(dev
[0])
1746 snonce
= msg
['rsn_key_nonce']
1748 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1750 logger
.debug("Group key 1/2 instead of msg 3/4")
1751 dev
[0].dump_monitor()
1752 wrapped
= aes_wrap(kek
, binascii
.unhexlify('dd16000fac010100dc11188831bf4aa4a8678d2b41498618'))
1753 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
,
1756 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1757 ev
= dev
[0].wait_event(["WPA: Group Key Handshake started prior to completion of 4-way handshake"])
1759 raise Exception("Unexpected group key message not reported")
1760 dev
[0].wait_disconnected(timeout
=1)
1763 def test_ap_wpa2_psk_supp_proto_msg_1_invalid_kde(dev
, apdev
):
1764 """WPA2-PSK supplicant protocol testing: invalid KDE in msg 1/4"""
1765 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
1767 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1768 msg
= recv_eapol(hapd
)
1769 dev
[0].dump_monitor()
1771 # Build own EAPOL-Key msg 1/4 with invalid KDE
1772 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1774 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
,
1775 key_data
=binascii
.unhexlify('5555'))
1777 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1778 dev
[0].wait_disconnected(timeout
=1)
1780 def test_ap_wpa2_psk_supp_proto_wrong_pairwise_key_len(dev
, apdev
):
1781 """WPA2-PSK supplicant protocol testing: wrong pairwise key length"""
1782 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
1784 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1785 msg
= recv_eapol(hapd
)
1786 dev
[0].dump_monitor()
1788 # Build own EAPOL-Key msg 1/4
1789 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1791 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
1793 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1794 msg
= recv_eapol(dev
[0])
1795 snonce
= msg
['rsn_key_nonce']
1797 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1799 logger
.debug("Valid EAPOL-Key msg 3/4")
1800 dev
[0].dump_monitor()
1801 plain
= binascii
.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
1802 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
1803 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
,
1806 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1807 ev
= dev
[0].wait_event(["WPA: Invalid CCMP key length 15"])
1809 raise Exception("Invalid CCMP key length not reported")
1810 dev
[0].wait_disconnected(timeout
=1)
1812 def test_ap_wpa2_psk_supp_proto_wrong_group_key_len(dev
, apdev
):
1813 """WPA2-PSK supplicant protocol testing: wrong group key length"""
1814 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
1816 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1817 msg
= recv_eapol(hapd
)
1818 dev
[0].dump_monitor()
1820 # Build own EAPOL-Key msg 1/4
1821 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1823 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
1825 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1826 msg
= recv_eapol(dev
[0])
1827 snonce
= msg
['rsn_key_nonce']
1829 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1831 logger
.debug("Valid EAPOL-Key msg 3/4")
1832 dev
[0].dump_monitor()
1833 plain
= binascii
.unhexlify('30140100000fac040100000fac040100000fac020c00dd15000fac010100dc11188831bf4aa4a8678d2b414986')
1834 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
1835 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
)
1837 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1838 ev
= dev
[0].wait_event(["WPA: Unsupported CCMP Group Cipher key length 15"])
1840 raise Exception("Invalid CCMP key length not reported")
1841 dev
[0].wait_disconnected(timeout
=1)
1843 def test_ap_wpa2_psk_supp_proto_gtk_tx_bit_workaround(dev
, apdev
):
1844 """WPA2-PSK supplicant protocol testing: GTK TX bit workaround"""
1845 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
1847 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1848 msg
= recv_eapol(hapd
)
1849 dev
[0].dump_monitor()
1851 # Build own EAPOL-Key msg 1/4
1852 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1854 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
1856 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1857 msg
= recv_eapol(dev
[0])
1858 snonce
= msg
['rsn_key_nonce']
1860 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1862 logger
.debug("Valid EAPOL-Key msg 3/4")
1863 dev
[0].dump_monitor()
1864 plain
= binascii
.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010500dc11188831bf4aa4a8678d2b41498618')
1865 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
1866 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
)
1868 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1869 ev
= dev
[0].wait_event(["WPA: Tx bit set for GTK, but pairwise keys are used - ignore Tx bit"])
1871 raise Exception("GTK Tx bit workaround not reported")
1872 dev
[0].wait_connected(timeout
=1)
1874 def test_ap_wpa2_psk_supp_proto_gtk_keyidx_0_and_3(dev
, apdev
):
1875 """WPA2-PSK supplicant protocol testing: GTK key index 0 and 3"""
1876 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
1878 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1879 msg
= recv_eapol(hapd
)
1880 dev
[0].dump_monitor()
1882 # Build own EAPOL-Key msg 1/4
1883 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1885 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
1887 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1888 msg
= recv_eapol(dev
[0])
1889 snonce
= msg
['rsn_key_nonce']
1891 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1893 logger
.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)")
1894 dev
[0].dump_monitor()
1895 plain
= binascii
.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618')
1896 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
1897 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
)
1899 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1900 dev
[0].wait_connected(timeout
=1)
1902 logger
.debug("Valid EAPOL-Key group msg 1/2 (GTK keyidx 3)")
1903 dev
[0].dump_monitor()
1904 plain
= binascii
.unhexlify('dd16000fac010300dc11188831bf4aa4a8678d2b41498618')
1905 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
1906 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
,
1909 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1910 msg
= recv_eapol(dev
[0])
1911 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"])
1913 raise Exception("GTK rekeing not reported")
1915 logger
.debug("Unencrypted GTK KDE in group msg 1/2")
1916 dev
[0].dump_monitor()
1917 plain
= binascii
.unhexlify('dd16000fac010300dc11188831bf4aa4a8678d2b41498618')
1918 msg
= build_eapol_key_3_4(anonce
, kck
, plain
, replay_counter
=counter
,
1921 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1922 ev
= dev
[0].wait_event(["WPA: GTK IE in unencrypted key data"])
1924 raise Exception("Unencrypted GTK KDE not reported")
1925 dev
[0].wait_disconnected(timeout
=1)
1927 def test_ap_wpa2_psk_supp_proto_no_gtk_in_group_msg(dev
, apdev
):
1928 """WPA2-PSK supplicant protocol testing: GTK KDE missing from group msg"""
1929 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
1931 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1932 msg
= recv_eapol(hapd
)
1933 dev
[0].dump_monitor()
1935 # Build own EAPOL-Key msg 1/4
1936 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1938 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
1940 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1941 msg
= recv_eapol(dev
[0])
1942 snonce
= msg
['rsn_key_nonce']
1944 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1946 logger
.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)")
1947 dev
[0].dump_monitor()
1948 plain
= binascii
.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618')
1949 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
1950 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
)
1952 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1953 dev
[0].wait_connected(timeout
=1)
1955 logger
.debug("No GTK KDE in EAPOL-Key group msg 1/2")
1956 dev
[0].dump_monitor()
1957 plain
= binascii
.unhexlify('dd00dd00dd00dd00dd00dd00dd00dd00')
1958 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
1959 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
,
1962 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1963 ev
= dev
[0].wait_event(["WPA: No GTK IE in Group Key msg 1/2"])
1965 raise Exception("Missing GTK KDE not reported")
1966 dev
[0].wait_disconnected(timeout
=1)
1968 def test_ap_wpa2_psk_supp_proto_too_long_gtk_in_group_msg(dev
, apdev
):
1969 """WPA2-PSK supplicant protocol testing: too long GTK KDE in group msg"""
1970 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
1972 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1973 msg
= recv_eapol(hapd
)
1974 dev
[0].dump_monitor()
1976 # Build own EAPOL-Key msg 1/4
1977 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1979 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
1981 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1982 msg
= recv_eapol(dev
[0])
1983 snonce
= msg
['rsn_key_nonce']
1985 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1987 logger
.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)")
1988 dev
[0].dump_monitor()
1989 plain
= binascii
.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618')
1990 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
1991 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
)
1993 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1994 dev
[0].wait_connected(timeout
=1)
1996 logger
.debug("EAPOL-Key group msg 1/2 with too long GTK KDE")
1997 dev
[0].dump_monitor()
1998 plain
= binascii
.unhexlify('dd27000fac010100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff')
1999 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
2000 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
,
2003 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2004 ev
= dev
[0].wait_event(["WPA: Unsupported CCMP Group Cipher key length 33"])
2006 raise Exception("Too long GTK KDE not reported")
2007 dev
[0].wait_disconnected(timeout
=1)
2009 def test_ap_wpa2_psk_supp_proto_too_long_gtk_kde(dev
, apdev
):
2010 """WPA2-PSK supplicant protocol testing: too long GTK KDE"""
2011 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
2013 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2014 msg
= recv_eapol(hapd
)
2015 dev
[0].dump_monitor()
2017 # Build own EAPOL-Key msg 1/4
2018 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2020 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
2022 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2023 msg
= recv_eapol(dev
[0])
2024 snonce
= msg
['rsn_key_nonce']
2026 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
2028 logger
.debug("EAPOL-Key msg 3/4 with too short GTK KDE")
2029 dev
[0].dump_monitor()
2030 plain
= binascii
.unhexlify('30140100000fac040100000fac040100000fac020c00dd27000fac010100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff')
2031 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
2032 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
)
2034 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2035 dev
[0].wait_disconnected(timeout
=1)
2037 def test_ap_wpa2_psk_supp_proto_gtk_not_encrypted(dev
, apdev
):
2038 """WPA2-PSK supplicant protocol testing: GTK KDE not encrypted"""
2039 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
2041 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2042 msg
= recv_eapol(hapd
)
2043 dev
[0].dump_monitor()
2045 # Build own EAPOL-Key msg 1/4
2046 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2048 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
2050 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2051 msg
= recv_eapol(dev
[0])
2052 snonce
= msg
['rsn_key_nonce']
2054 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
2056 logger
.debug("Valid EAPOL-Key msg 3/4")
2057 dev
[0].dump_monitor()
2058 plain
= binascii
.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
2059 msg
= build_eapol_key_3_4(anonce
, kck
, plain
, replay_counter
=counter
,
2062 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2063 ev
= dev
[0].wait_event(["WPA: GTK IE in unencrypted key data"])
2065 raise Exception("Unencrypted GTK KDE not reported")
2066 dev
[0].wait_disconnected(timeout
=1)
2068 def find_wpas_process(dev
):
2070 err
, data
= dev
.cmd_execute(['ps', 'ax'])
2071 for l
in data
.splitlines():
2072 if "wpa_supplicant" not in l
:
2074 if "-i" + ifname
not in l
:
2076 return int(l
.strip().split(' ')[0])
2077 raise Exception("Could not find wpa_supplicant process")
2079 def read_process_memory(pid
, key
=None):
2081 logger
.info("Reading process memory (pid=%d)" % pid
)
2082 with
open('/proc/%d/maps' % pid
, 'r') as maps
, \
2083 open('/proc/%d/mem' % pid
, 'r') as mem
:
2084 for l
in maps
.readlines():
2085 m
= re
.match(r
'([0-9a-f]+)-([0-9a-f]+) ([-r][-w][-x][-p])', l
)
2088 start
= int(m
.group(1), 16)
2089 end
= int(m
.group(2), 16)
2091 if start
> 0xffffffffffff:
2095 if not perm
.startswith('rw'):
2097 for name
in [ "[heap]", "[stack]" ]:
2099 logger
.info("%s 0x%x-0x%x is at %d-%d" % (name
, start
, end
, len(buf
), len(buf
) + (end
- start
)))
2101 data
= mem
.read(end
- start
)
2103 if key
and key
in data
:
2104 logger
.info("Key found in " + l
)
2105 logger
.info("Total process memory read: %d bytes" % len(buf
))
2108 def verify_not_present(buf
, key
, fname
, keyname
):
2113 prefix
= 2048 if pos
> 2048 else pos
2114 with
open(fname
+ keyname
, 'w') as f
:
2115 f
.write(buf
[pos
- prefix
:pos
+ 2048])
2116 raise Exception(keyname
+ " found after disassociation")
2118 def get_key_locations(buf
, key
, keyname
):
2122 pos
= buf
.find(key
, pos
)
2125 logger
.info("Found %s at %d" % (keyname
, pos
))
2127 start
= pos
- context
if pos
> context
else 0
2128 before
= binascii
.hexlify(buf
[start
:pos
])
2130 end
= pos
+ context
if pos
< len(buf
) - context
else len(buf
) - context
2131 after
= binascii
.hexlify(buf
[pos
+ len(key
):end
])
2132 logger
.debug("Memory context %d-%d: %s|%s|%s" % (start
, end
, before
, binascii
.hexlify(key
), after
))
2137 def test_wpa2_psk_key_lifetime_in_memory(dev
, apdev
, params
):
2138 """WPA2-PSK and PSK/PTK lifetime in memory"""
2139 ssid
= "test-wpa2-psk"
2140 passphrase
= 'qwertyuiop'
2141 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
2142 pmk
= binascii
.unhexlify(psk
)
2143 p
= hostapd
.wpa2_params(ssid
=ssid
)
2145 hapd
= hostapd
.add_ap(apdev
[0], p
)
2147 pid
= find_wpas_process(dev
[0])
2149 id = dev
[0].connect(ssid
, raw_psk
=psk
, scan_freq
="2412",
2150 only_add_network
=True)
2152 logger
.info("Checking keys in memory after network profile configuration")
2153 buf
= read_process_memory(pid
, pmk
)
2154 get_key_locations(buf
, pmk
, "PMK")
2156 dev
[0].request("REMOVE_NETWORK all")
2157 logger
.info("Checking keys in memory after network profile removal")
2158 buf
= read_process_memory(pid
, pmk
)
2159 get_key_locations(buf
, pmk
, "PMK")
2161 id = dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412",
2162 only_add_network
=True)
2164 logger
.info("Checking keys in memory before connection")
2165 buf
= read_process_memory(pid
, pmk
)
2166 get_key_locations(buf
, pmk
, "PMK")
2168 dev
[0].connect_network(id, timeout
=20)
2169 # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
2170 # event has been delivered, so verify that wpa_supplicant has returned to
2171 # eloop before reading process memory.
2175 buf
= read_process_memory(pid
, pmk
)
2177 dev
[0].request("DISCONNECT")
2178 dev
[0].wait_disconnected()
2183 with
open(os
.path
.join(params
['logdir'], 'log0'), 'r') as f
:
2184 for l
in f
.readlines():
2185 if "WPA: PTK - hexdump" in l
:
2186 val
= l
.strip().split(':')[3].replace(' ', '')
2187 ptk
= binascii
.unhexlify(val
)
2188 if "WPA: Group Key - hexdump" in l
:
2189 val
= l
.strip().split(':')[3].replace(' ', '')
2190 gtk
= binascii
.unhexlify(val
)
2191 if not pmk
or not ptk
or not gtk
:
2192 raise Exception("Could not find keys from debug log")
2194 raise Exception("Unexpected GTK length")
2200 logger
.info("Checking keys in memory while associated")
2201 get_key_locations(buf
, pmk
, "PMK")
2203 raise HwsimSkip("PMK not found while associated")
2205 raise Exception("KCK not found while associated")
2207 raise Exception("KEK not found while associated")
2209 # raise Exception("TK found from memory")
2211 logger
.info("Checking keys in memory after disassociation")
2212 buf
= read_process_memory(pid
, pmk
)
2213 get_key_locations(buf
, pmk
, "PMK")
2215 # Note: PMK/PSK is still present in network configuration
2217 fname
= os
.path
.join(params
['logdir'],
2218 'wpa2_psk_key_lifetime_in_memory.memctx-')
2219 verify_not_present(buf
, kck
, fname
, "KCK")
2220 verify_not_present(buf
, kek
, fname
, "KEK")
2221 verify_not_present(buf
, tk
, fname
, "TK")
2223 get_key_locations(buf
, gtk
, "GTK")
2224 verify_not_present(buf
, gtk
, fname
, "GTK")
2226 dev
[0].request("REMOVE_NETWORK all")
2228 logger
.info("Checking keys in memory after network profile removal")
2229 buf
= read_process_memory(pid
, pmk
)
2230 get_key_locations(buf
, pmk
, "PMK")
2232 verify_not_present(buf
, pmk
, fname
, "PMK")
2233 verify_not_present(buf
, kck
, fname
, "KCK")
2234 verify_not_present(buf
, kek
, fname
, "KEK")
2235 verify_not_present(buf
, tk
, fname
, "TK")
2236 verify_not_present(buf
, gtk
, fname
, "GTK")
2239 def test_ap_wpa2_psk_wep(dev
, apdev
):
2240 """WPA2-PSK AP and WEP enabled"""
2241 ssid
= "test-wpa2-psk"
2242 passphrase
= 'qwertyuiop'
2243 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
2244 hapd
= hostapd
.add_ap(apdev
[0], params
)
2246 hapd
.set('wep_key0', '"hello"')
2247 raise Exception("WEP key accepted to WPA2 network")
2251 def test_ap_wpa2_psk_wpas_in_bridge(dev
, apdev
):
2252 """WPA2-PSK AP and wpas interface in a bridge"""
2256 _test_ap_wpa2_psk_wpas_in_bridge(dev
, apdev
)
2258 subprocess
.call(['ip', 'link', 'set', 'dev', br_ifname
, 'down'])
2259 subprocess
.call(['brctl', 'delif', br_ifname
, ifname
])
2260 subprocess
.call(['brctl', 'delbr', br_ifname
])
2261 subprocess
.call(['iw', ifname
, 'set', '4addr', 'off'])
2263 def _test_ap_wpa2_psk_wpas_in_bridge(dev
, apdev
):
2264 ssid
= "test-wpa2-psk"
2265 passphrase
= 'qwertyuiop'
2266 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
2267 hapd
= hostapd
.add_ap(apdev
[0], params
)
2271 wpas
= WpaSupplicant(global_iface
='/tmp/wpas-wlan5')
2272 subprocess
.call(['brctl', 'addbr', br_ifname
])
2273 subprocess
.call(['brctl', 'setfd', br_ifname
, '0'])
2274 subprocess
.call(['ip', 'link', 'set', 'dev', br_ifname
, 'up'])
2275 subprocess
.call(['iw', ifname
, 'set', '4addr', 'on'])
2276 subprocess
.check_call(['brctl', 'addif', br_ifname
, ifname
])
2277 wpas
.interface_add(ifname
, br_ifname
=br_ifname
)
2280 wpas
.connect(ssid
, psk
=passphrase
, scan_freq
="2412")
2284 def test_ap_wpa2_psk_ifdown(dev
, apdev
):
2285 """AP with open mode and external ifconfig down"""
2286 ssid
= "test-wpa2-psk"
2287 passphrase
= 'qwertyuiop'
2288 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
2289 hapd
= hostapd
.add_ap(apdev
[0], params
)
2290 bssid
= apdev
[0]['bssid']
2292 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
2293 hapd
.cmd_execute(['ip', 'link', 'set', 'dev', apdev
[0]['ifname'], 'down'])
2294 ev
= hapd
.wait_event(["INTERFACE-DISABLED"], timeout
=10)
2296 raise Exception("No INTERFACE-DISABLED event")
2297 # this wait tests beacon loss detection in mac80211
2298 dev
[0].wait_disconnected()
2299 hapd
.cmd_execute(['ip', 'link', 'set', 'dev', apdev
[0]['ifname'], 'up'])
2300 ev
= hapd
.wait_event(["INTERFACE-ENABLED"], timeout
=10)
2302 raise Exception("No INTERFACE-ENABLED event")
2303 dev
[0].wait_connected()
2304 hwsim_utils
.test_connectivity(dev
[0], hapd
)
2306 def test_ap_wpa2_psk_drop_first_msg_4(dev
, apdev
):
2307 """WPA2-PSK and first EAPOL-Key msg 4/4 dropped"""
2308 bssid
= apdev
[0]['bssid']
2309 ssid
= "test-wpa2-psk"
2310 passphrase
= 'qwertyuiop'
2311 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
2312 params
= hostapd
.wpa2_params(ssid
=ssid
)
2313 params
['wpa_psk'] = psk
2314 hapd
= hostapd
.add_ap(apdev
[0], params
)
2315 hapd
.request("SET ext_eapol_frame_io 1")
2316 dev
[0].request("SET ext_eapol_frame_io 1")
2317 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412", wait_connect
=False)
2318 addr
= dev
[0].own_addr()
2321 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
2323 raise Exception("Timeout on EAPOL-TX from hostapd")
2324 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
2326 raise Exception("EAPOL_RX to wpa_supplicant failed")
2329 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
2331 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
2332 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
2334 raise Exception("EAPOL_RX to hostapd failed")
2337 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
2339 raise Exception("Timeout on EAPOL-TX from hostapd")
2340 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
2342 raise Exception("EAPOL_RX to wpa_supplicant failed")
2345 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
2347 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
2348 logger
.info("Drop the first EAPOL-Key msg 4/4")
2350 # wpa_supplicant believes now that 4-way handshake succeeded; hostapd
2351 # doesn't. Use normal EAPOL TX/RX to handle retries.
2352 hapd
.request("SET ext_eapol_frame_io 0")
2353 dev
[0].request("SET ext_eapol_frame_io 0")
2354 dev
[0].wait_connected()
2356 ev
= hapd
.wait_event(["AP-STA-CONNECTED"], timeout
=15)
2358 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
2360 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout
=0.1)
2362 logger
.info("Disconnection detected")
2363 # The EAPOL-Key retries are supposed to allow the connection to be
2364 # established without having to reassociate. However, this does not
2365 # currently work since mac80211 ends up encrypting EAPOL-Key msg 4/4
2366 # after the pairwise key has been configured and AP will drop those and
2367 # disconnect the station after reaching retransmission limit. Connection
2368 # is then established after reassociation. Once that behavior has been
2369 # optimized to prevent EAPOL-Key frame encryption for retransmission
2370 # case, this exception can be uncommented here.
2371 #raise Exception("Unexpected disconnection")
2374 def test_ap_wpa2_psk_disable_enable(dev
, apdev
):
2375 """WPA2-PSK AP getting disabled and re-enabled"""
2376 ssid
= "test-wpa2-psk"
2377 passphrase
= 'qwertyuiop'
2378 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
2379 params
= hostapd
.wpa2_params(ssid
=ssid
)
2380 params
['wpa_psk'] = psk
2381 hapd
= hostapd
.add_ap(apdev
[0], params
)
2382 dev
[0].connect(ssid
, raw_psk
=psk
, scan_freq
="2412")
2385 hapd
.request("DISABLE")
2386 dev
[0].wait_disconnected()
2387 hapd
.request("ENABLE")
2388 dev
[0].wait_connected()
2389 hwsim_utils
.test_connectivity(dev
[0], hapd
)
2392 def test_ap_wpa2_psk_incorrect_passphrase(dev
, apdev
):
2393 """WPA2-PSK AP and station using incorrect passphrase"""
2394 ssid
= "test-wpa2-psk"
2395 passphrase
= 'qwertyuiop'
2396 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
2397 hapd
= hostapd
.add_ap(apdev
[0], params
)
2398 dev
[0].connect(ssid
, psk
="incorrect passphrase", scan_freq
="2412",
2400 ev
= hapd
.wait_event(["AP-STA-POSSIBLE-PSK-MISMATCH"], timeout
=10)
2402 raise Exception("No AP-STA-POSSIBLE-PSK-MISMATCH reported")
2403 dev
[0].dump_monitor()
2406 hapd
.set("wpa_passphrase", "incorrect passphrase")
2409 dev
[0].wait_connected(timeout
=20)
2412 def test_ap_wpa_ie_parsing(dev
, apdev
):
2413 """WPA IE parsing"""
2414 skip_with_fips(dev
[0])
2415 ssid
= "test-wpa-psk"
2416 passphrase
= 'qwertyuiop'
2417 params
= hostapd
.wpa_params(ssid
=ssid
, passphrase
=passphrase
)
2418 hapd
= hostapd
.add_ap(apdev
[0], params
)
2419 id = dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412",
2420 only_add_network
=True)
2422 tests
= [ "dd040050f201",
2426 "dd070050f201010000",
2427 "dd080050f20101000050",
2428 "dd090050f20101000050f2",
2429 "dd0a0050f20101000050f202",
2430 "dd0b0050f20101000050f20201",
2431 "dd0c0050f20101000050f2020100",
2432 "dd0c0050f20101000050f2020000",
2433 "dd0c0050f20101000050f202ffff",
2434 "dd0d0050f20101000050f202010000",
2435 "dd0e0050f20101000050f20201000050",
2436 "dd0f0050f20101000050f20201000050f2",
2437 "dd100050f20101000050f20201000050f202",
2438 "dd110050f20101000050f20201000050f20201",
2439 "dd120050f20101000050f20201000050f2020100",
2440 "dd120050f20101000050f20201000050f2020000",
2441 "dd120050f20101000050f20201000050f202ffff",
2442 "dd130050f20101000050f20201000050f202010000",
2443 "dd140050f20101000050f20201000050f20201000050",
2444 "dd150050f20101000050f20201000050f20201000050f2" ]
2447 if "OK" not in dev
[0].request("VENDOR_ELEM_ADD 13 " + t
):
2448 raise Exception("VENDOR_ELEM_ADD failed")
2449 dev
[0].select_network(id)
2450 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
2452 raise Exception("Association rejection not reported")
2453 dev
[0].request("DISCONNECT")
2454 dev
[0].dump_monitor()
2456 dev
[0].request("VENDOR_ELEM_REMOVE 13 *")
2458 tests
= [ "dd170050f20101000050f20201000050f20201000050f202ff",
2459 "dd180050f20101000050f20201000050f20201000050f202ffff",
2460 "dd190050f20101000050f20201000050f20201000050f202ffffff" ]
2463 if "OK" not in dev
[0].request("VENDOR_ELEM_ADD 13 " + t
):
2464 raise Exception("VENDOR_ELEM_ADD failed")
2465 dev
[0].select_network(id)
2466 dev
[0].wait_connected()
2467 dev
[0].request("DISCONNECT")
2468 dev
[0].dump_monitor()
2470 dev
[0].request("VENDOR_ELEM_REMOVE 13 *")
2473 def test_ap_wpa2_psk_no_random(dev
, apdev
):
2474 """WPA2-PSK AP and no random numbers available"""
2475 ssid
= "test-wpa2-psk"
2476 passphrase
= 'qwertyuiop'
2477 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
2478 params
= hostapd
.wpa2_params(ssid
=ssid
)
2479 params
['wpa_psk'] = psk
2480 hapd
= hostapd
.add_ap(apdev
[0], params
)
2481 with
fail_test(hapd
, 1, "wpa_gmk_to_gtk"):
2482 id = dev
[0].connect(ssid
, raw_psk
=psk
, scan_freq
="2412",
2484 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout
=15)
2486 raise Exception("Disconnection event not reported")
2487 dev
[0].request("DISCONNECT")
2488 dev
[0].select_network(id, freq
=2412)
2489 dev
[0].wait_connected()
2492 def test_rsn_ie_proto_psk_sta(dev
, apdev
):
2493 """RSN element protocol testing for PSK cases on STA side"""
2494 bssid
= apdev
[0]['bssid']
2495 ssid
= "test-wpa2-psk"
2496 passphrase
= 'qwertyuiop'
2497 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
2498 # This is the RSN element used normally by hostapd
2499 params
['own_ie_override'] = '30140100000fac040100000fac040100000fac020c00'
2500 hapd
= hostapd
.add_ap(apdev
[0], params
)
2501 if "FAIL" not in hapd
.request("SET own_ie_override qwerty"):
2502 raise Exception("Invalid own_ie_override value accepted")
2503 id = dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
2505 tests
= [ ('No RSN Capabilities field',
2506 '30120100000fac040100000fac040100000fac02'),
2507 ('Reserved RSN Capabilities bits set',
2508 '30140100000fac040100000fac040100000fac023cff'),
2509 ('Extra pairwise cipher suite (unsupported)',
2510 '30180100000fac040200ffffffff000fac040100000fac020c00'),
2511 ('Extra AKM suite (unsupported)',
2512 '30180100000fac040100000fac040200ffffffff000fac020c00'),
2513 ('PMKIDCount field included',
2514 '30160100000fac040100000fac040100000fac020c000000'),
2515 ('Unexpected Group Management Cipher Suite with PMF disabled',
2516 '301a0100000fac040100000fac040100000fac020c000000000fac06'),
2517 ('Extra octet after defined fields (future extensibility)',
2518 '301b0100000fac040100000fac040100000fac020c000000000fac0600') ]
2519 for txt
,ie
in tests
:
2520 dev
[0].request("DISCONNECT")
2521 dev
[0].wait_disconnected()
2524 hapd
.set('own_ie_override', ie
)
2526 dev
[0].request("BSS_FLUSH 0")
2527 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
2528 dev
[0].select_network(id, freq
=2412)
2529 dev
[0].wait_connected()
2532 def test_ap_cli_order(dev
, apdev
):
2533 ssid
= "test-rsn-setup"
2534 passphrase
= 'zzzzzzzz'
2536 hapd
= hostapd
.add_ap(apdev
[0], {}, no_enable
=True)
2537 hapd
.set('ssid', ssid
)
2538 hapd
.set('wpa_passphrase', passphrase
)
2539 hapd
.set('rsn_pairwise', 'CCMP')
2540 hapd
.set('wpa_key_mgmt', 'WPA-PSK')
2541 hapd
.set('wpa', '2')
2543 cfg
= hapd
.get_config()
2544 if cfg
['group_cipher'] != 'CCMP':
2545 raise Exception("Unexpected group_cipher: " + cfg
['group_cipher'])
2546 if cfg
['rsn_pairwise_cipher'] != 'CCMP':
2547 raise Exception("Unexpected rsn_pairwise_cipher: " + cfg
['rsn_pairwise_cipher'])
2549 ev
= hapd
.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout
=30)
2551 raise Exception("AP startup timed out")
2552 if "AP-ENABLED" not in ev
:
2553 raise Exception("AP startup failed")
2555 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
2557 def set_test_assoc_ie(dev
, ie
):
2558 if "OK" not in dev
.request("TEST_ASSOC_IE " + ie
):
2559 raise Exception("Could not set TEST_ASSOC_IE")
2562 def test_ap_wpa2_psk_assoc_rsn(dev
, apdev
):
2563 """WPA2-PSK AP and association request RSN IE differences"""
2564 ssid
= "test-wpa2-psk"
2565 passphrase
= 'qwertyuiop'
2566 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
2567 hapd
= hostapd
.add_ap(apdev
[0], params
)
2569 tests
= [ ("Normal wpa_supplicant assoc req RSN IE",
2570 "30140100000fac040100000fac040100000fac020000"),
2571 ("RSN IE without RSN Capabilities",
2572 "30120100000fac040100000fac040100000fac02") ]
2573 for title
, ie
in tests
:
2575 set_test_assoc_ie(dev
[0], ie
)
2576 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
2577 dev
[0].request("REMOVE_NETWORK all")
2578 dev
[0].wait_disconnected()
2580 tests
= [ ("WPA IE instead of RSN IE and only RSN enabled on AP",
2581 "dd160050f20101000050f20201000050f20201000050f202", 40),
2582 ("Empty RSN IE", "3000", 40),
2583 ("RSN IE with truncated Version", "300101", 40),
2584 ("RSN IE with only Version", "30020100", 43) ]
2585 for title
, ie
, status
in tests
:
2587 set_test_assoc_ie(dev
[0], ie
)
2588 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412",
2590 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"])
2592 raise Exception("Association rejection not reported")
2593 if "status_code=" + str(status
) not in ev
:
2594 raise Exception("Unexpected status code: " + ev
)
2595 dev
[0].request("REMOVE_NETWORK all")
2596 dev
[0].dump_monitor()
2598 def test_ap_wpa_psk_rsn_pairwise(dev
, apdev
):
2599 """WPA-PSK AP and only rsn_pairwise set"""
2600 params
= { "ssid": "wpapsk", "wpa": "1", "wpa_key_mgmt": "WPA-PSK",
2601 "rsn_pairwise": "TKIP", "wpa_passphrase": "1234567890" }
2602 hapd
= hostapd
.add_ap(apdev
[0], params
)
2603 dev
[0].connect("wpapsk", psk
="1234567890", proto
="WPA", pairwise
="TKIP",
2606 def test_ap_wpa2_eapol_retry_limit(dev
, apdev
):
2607 """WPA2-PSK EAPOL-Key retry limit configuration"""
2608 ssid
= "test-wpa2-psk"
2609 passphrase
= 'qwertyuiop'
2610 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
2611 params
['wpa_ptk_rekey'] = '2'
2612 params
['wpa_group_update_count'] = '1'
2613 params
['wpa_pairwise_update_count'] = '1'
2614 hapd
= hostapd
.add_ap(apdev
[0], params
)
2615 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
2616 ev
= dev
[0].wait_event(["WPA: Key negotiation completed"])
2618 raise Exception("PTK rekey timed out")
2620 if "FAIL" not in hapd
.request("SET wpa_group_update_count 0"):
2621 raise Exception("Invalid wpa_group_update_count value accepted")
2622 if "FAIL" not in hapd
.request("SET wpa_pairwise_update_count 0"):
2623 raise Exception("Invalid wpa_pairwise_update_count value accepted")