]>
git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_ap_psk.py
2 # Copyright (c) 2014, Qualcomm Atheros, Inc.
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
7 from remotehost
import remote_compatible
9 from Crypto
.Cipher
import AES
13 logger
= logging
.getLogger()
22 from utils
import HwsimSkip
, fail_test
, skip_with_fips
, start_monitor
, stop_monitor
, radiotap_build
24 from wpasupplicant
import WpaSupplicant
26 def check_mib(dev
, vals
):
30 raise Exception("Unexpected {} = {} (expected {})".format(v
[0], mib
[v
[0]], v
[1]))
33 def test_ap_wpa2_psk(dev
, apdev
):
34 """WPA2-PSK AP with PSK instead of passphrase"""
35 ssid
= "test-wpa2-psk"
36 passphrase
= 'qwertyuiop'
37 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
38 params
= hostapd
.wpa2_params(ssid
=ssid
)
39 params
['wpa_psk'] = psk
40 hapd
= hostapd
.add_ap(apdev
[0], params
)
41 key_mgmt
= hapd
.get_config()['key_mgmt']
42 if key_mgmt
.split(' ')[0] != "WPA-PSK":
43 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
44 dev
[0].connect(ssid
, raw_psk
=psk
, scan_freq
="2412")
45 dev
[1].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
47 sig
= dev
[0].request("SIGNAL_POLL").splitlines()
48 pkt
= dev
[0].request("PKTCNT_POLL").splitlines()
49 if "FREQUENCY=2412" not in sig
:
50 raise Exception("Unexpected SIGNAL_POLL value: " + str(sig
))
51 if "TXBAD=0" not in pkt
:
52 raise Exception("Unexpected TXBAD value: " + str(pkt
))
54 def test_ap_wpa2_psk_file(dev
, apdev
):
55 """WPA2-PSK AP with PSK from a file"""
56 ssid
= "test-wpa2-psk"
57 passphrase
= 'qwertyuiop'
58 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
59 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
60 params
['wpa_psk_file'] = 'hostapd.wpa_psk'
61 hostapd
.add_ap(apdev
[0], params
)
62 dev
[1].connect(ssid
, psk
="very secret", scan_freq
="2412", wait_connect
=False)
63 dev
[2].connect(ssid
, raw_psk
=psk
, scan_freq
="2412")
64 dev
[2].request("REMOVE_NETWORK all")
65 dev
[0].connect(ssid
, psk
="very secret", scan_freq
="2412")
66 dev
[0].request("REMOVE_NETWORK all")
67 dev
[2].connect(ssid
, psk
="another passphrase for all STAs", scan_freq
="2412")
68 dev
[0].connect(ssid
, psk
="another passphrase for all STAs", scan_freq
="2412")
69 ev
= dev
[1].wait_event(["WPA: 4-Way Handshake failed"], timeout
=10)
71 raise Exception("Timed out while waiting for failure report")
72 dev
[1].request("REMOVE_NETWORK all")
74 def check_no_keyid(hapd
, dev
):
76 ev
= hapd
.wait_event(["AP-STA-CONNECTED"], timeout
=1)
78 raise Exception("No AP-STA-CONNECTED indicated")
80 raise Exception("AP-STA-CONNECTED for unexpected STA")
82 raise Exception("Unexpected keyid indication")
84 def check_keyid(hapd
, dev
, keyid
):
86 ev
= hapd
.wait_event(["AP-STA-CONNECTED"], timeout
=1)
88 raise Exception("No AP-STA-CONNECTED indicated")
90 raise Exception("AP-STA-CONNECTED for unexpected STA")
91 if "keyid=" + keyid
not in ev
:
92 raise Exception("Incorrect keyid indication")
93 sta
= hapd
.get_sta(addr
)
94 if 'keyid' not in sta
or sta
['keyid'] != keyid
:
95 raise Exception("Incorrect keyid in STA output")
96 dev
.request("REMOVE_NETWORK all")
98 def check_disconnect(dev
, expected
):
101 dev
[i
].wait_disconnected()
102 dev
[i
].request("REMOVE_NETWORK all")
104 ev
= dev
[i
].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout
=0.1)
106 raise Exception("Unexpected disconnection")
107 dev
[i
].request("REMOVE_NETWORK all")
108 dev
[i
].wait_disconnected()
110 def test_ap_wpa2_psk_file_keyid(dev
, apdev
, params
):
111 """WPA2-PSK AP with PSK from a file (keyid and reload)"""
112 psk_file
= os
.path
.join(params
['logdir'], 'ap_wpa2_psk_file_keyid.wpa_psk')
113 with
open(psk_file
, 'w') as f
:
114 f
.write('00:00:00:00:00:00 secret passphrase\n')
115 f
.write('02:00:00:00:00:00 very secret\n')
116 f
.write('00:00:00:00:00:00 another passphrase for all STAs\n')
117 ssid
= "test-wpa2-psk"
118 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
='qwertyuiop')
119 params
['wpa_psk_file'] = psk_file
120 hapd
= hostapd
.add_ap(apdev
[0], params
)
122 dev
[0].connect(ssid
, psk
="very secret", scan_freq
="2412")
123 check_no_keyid(hapd
, dev
[0])
125 dev
[1].connect(ssid
, psk
="another passphrase for all STAs",
127 check_no_keyid(hapd
, dev
[1])
129 dev
[2].connect(ssid
, psk
="qwertyuiop", scan_freq
="2412")
130 check_no_keyid(hapd
, dev
[2])
132 with
open(psk_file
, 'w') as f
:
133 f
.write('00:00:00:00:00:00 secret passphrase\n')
134 f
.write('02:00:00:00:00:00 very secret\n')
135 f
.write('00:00:00:00:00:00 changed passphrase\n')
136 if "OK" not in hapd
.request("RELOAD_WPA_PSK"):
137 raise Exception("RELOAD_WPA_PSK failed")
139 check_disconnect(dev
, [False, True, False])
141 with
open(psk_file
, 'w') as f
:
142 f
.write('00:00:00:00:00:00 secret passphrase\n')
143 f
.write('keyid=foo 02:00:00:00:00:00 very secret\n')
144 f
.write('keyid=bar 00:00:00:00:00:00 another passphrase for all STAs\n')
145 if "OK" not in hapd
.request("RELOAD_WPA_PSK"):
146 raise Exception("RELOAD_WPA_PSK failed")
148 dev
[0].connect(ssid
, psk
="very secret", scan_freq
="2412")
149 check_keyid(hapd
, dev
[0], "foo")
151 dev
[1].connect(ssid
, psk
="another passphrase for all STAs",
153 check_keyid(hapd
, dev
[1], "bar")
155 dev
[2].connect(ssid
, psk
="qwertyuiop", scan_freq
="2412")
156 check_no_keyid(hapd
, dev
[2])
158 dev
[0].wait_disconnected()
159 dev
[0].connect(ssid
, psk
="secret passphrase", scan_freq
="2412")
160 check_no_keyid(hapd
, dev
[0])
162 with
open(psk_file
, 'w') as f
:
164 if "OK" not in hapd
.request("RELOAD_WPA_PSK"):
165 raise Exception("RELOAD_WPA_PSK failed")
167 check_disconnect(dev
, [True, True, False])
170 def test_ap_wpa2_psk_mem(dev
, apdev
):
171 """WPA2-PSK AP with passphrase only in memory"""
173 _test_ap_wpa2_psk_mem(dev
, apdev
)
175 dev
[0].request("SCAN_INTERVAL 5")
176 dev
[1].request("SCAN_INTERVAL 5")
178 def _test_ap_wpa2_psk_mem(dev
, apdev
):
179 ssid
= "test-wpa2-psk"
180 passphrase
= 'qwertyuiop'
181 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
182 params
= hostapd
.wpa2_params(ssid
=ssid
)
183 params
['wpa_psk'] = psk
184 hapd
= hostapd
.add_ap(apdev
[0], params
)
186 dev
[0].connect(ssid
, mem_only_psk
="1", scan_freq
="2412", wait_connect
=False)
187 dev
[0].request("SCAN_INTERVAL 1")
188 ev
= dev
[0].wait_event(["CTRL-REQ-PSK_PASSPHRASE"], timeout
=10)
190 raise Exception("Request for PSK/passphrase timed out")
191 id = ev
.split(':')[0].split('-')[-1]
192 dev
[0].request("CTRL-RSP-PSK_PASSPHRASE-" + id + ':"' + passphrase
+ '"')
193 dev
[0].wait_connected(timeout
=10)
195 dev
[1].connect(ssid
, mem_only_psk
="1", scan_freq
="2412", wait_connect
=False)
196 dev
[1].request("SCAN_INTERVAL 1")
197 ev
= dev
[1].wait_event(["CTRL-REQ-PSK_PASSPHRASE"], timeout
=10)
199 raise Exception("Request for PSK/passphrase timed out(2)")
200 id = ev
.split(':')[0].split('-')[-1]
201 dev
[1].request("CTRL-RSP-PSK_PASSPHRASE-" + id + ':' + psk
)
202 dev
[1].wait_connected(timeout
=10)
205 def test_ap_wpa2_ptk_rekey(dev
, apdev
):
206 """WPA2-PSK AP and PTK rekey enforced by station"""
207 ssid
= "test-wpa2-psk"
208 passphrase
= 'qwertyuiop'
209 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
210 hapd
= hostapd
.add_ap(apdev
[0], params
)
211 dev
[0].connect(ssid
, psk
=passphrase
, wpa_ptk_rekey
="1", scan_freq
="2412")
212 ev
= dev
[0].wait_event(["WPA: Key negotiation completed"])
214 raise Exception("PTK rekey timed out")
215 hwsim_utils
.test_connectivity(dev
[0], hapd
)
217 def test_ap_wpa2_ptk_rekey_anonce(dev
, apdev
):
218 """WPA2-PSK AP and PTK rekey enforced by station and ANonce change"""
219 ssid
= "test-wpa2-psk"
220 passphrase
= 'qwertyuiop'
221 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
222 hapd
= hostapd
.add_ap(apdev
[0], params
)
223 dev
[0].connect(ssid
, psk
=passphrase
, wpa_ptk_rekey
="1", scan_freq
="2412")
224 dev
[0].dump_monitor()
225 anonce1
= dev
[0].request("GET anonce")
226 if "OK" not in dev
[0].request("KEY_REQUEST 0 1"):
227 raise Exception("KEY_REQUEST failed")
228 ev
= dev
[0].wait_event(["WPA: Key negotiation completed"])
230 raise Exception("PTK rekey timed out")
231 anonce2
= dev
[0].request("GET anonce")
232 if anonce1
== anonce2
:
233 raise Exception("AP did not update ANonce in requested PTK rekeying")
234 hwsim_utils
.test_connectivity(dev
[0], hapd
)
237 def test_ap_wpa2_ptk_rekey_ap(dev
, apdev
):
238 """WPA2-PSK AP and PTK rekey enforced by AP"""
239 ssid
= "test-wpa2-psk"
240 passphrase
= 'qwertyuiop'
241 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
242 params
['wpa_ptk_rekey'] = '2'
243 hapd
= hostapd
.add_ap(apdev
[0], params
)
244 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
245 ev
= dev
[0].wait_event(["WPA: Key negotiation completed"])
247 raise Exception("PTK rekey timed out")
248 hwsim_utils
.test_connectivity(dev
[0], hapd
)
251 def test_ap_wpa2_sha256_ptk_rekey(dev
, apdev
):
252 """WPA2-PSK/SHA256 AKM AP and PTK rekey enforced by station"""
253 ssid
= "test-wpa2-psk"
254 passphrase
= 'qwertyuiop'
255 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
256 params
["wpa_key_mgmt"] = "WPA-PSK-SHA256"
257 hapd
= hostapd
.add_ap(apdev
[0], params
)
258 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK-SHA256",
259 wpa_ptk_rekey
="1", scan_freq
="2412")
260 ev
= dev
[0].wait_event(["WPA: Key negotiation completed"])
262 raise Exception("PTK rekey timed out")
263 hwsim_utils
.test_connectivity(dev
[0], hapd
)
264 check_mib(dev
[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-6"),
265 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-6")])
268 def test_ap_wpa2_sha256_ptk_rekey_ap(dev
, apdev
):
269 """WPA2-PSK/SHA256 AKM AP and PTK rekey enforced by AP"""
270 ssid
= "test-wpa2-psk"
271 passphrase
= 'qwertyuiop'
272 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
273 params
["wpa_key_mgmt"] = "WPA-PSK-SHA256"
274 params
['wpa_ptk_rekey'] = '2'
275 hapd
= hostapd
.add_ap(apdev
[0], params
)
276 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK-SHA256",
278 ev
= dev
[0].wait_event(["WPA: Key negotiation completed"])
280 raise Exception("PTK rekey timed out")
281 hwsim_utils
.test_connectivity(dev
[0], hapd
)
282 check_mib(dev
[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-6"),
283 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-6")])
286 def test_ap_wpa_ptk_rekey(dev
, apdev
):
287 """WPA-PSK/TKIP AP and PTK rekey enforced by station"""
288 skip_with_fips(dev
[0])
289 ssid
= "test-wpa-psk"
290 passphrase
= 'qwertyuiop'
291 params
= hostapd
.wpa_params(ssid
=ssid
, passphrase
=passphrase
)
292 hapd
= hostapd
.add_ap(apdev
[0], params
)
293 dev
[0].connect(ssid
, psk
=passphrase
, wpa_ptk_rekey
="1", scan_freq
="2412")
294 if "[WPA-PSK-TKIP]" not in dev
[0].request("SCAN_RESULTS"):
295 raise Exception("Scan results missing WPA element info")
296 ev
= dev
[0].wait_event(["WPA: Key negotiation completed"])
298 raise Exception("PTK rekey timed out")
299 hwsim_utils
.test_connectivity(dev
[0], hapd
)
302 def test_ap_wpa_ptk_rekey_ap(dev
, apdev
):
303 """WPA-PSK/TKIP AP and PTK rekey enforced by AP"""
304 skip_with_fips(dev
[0])
305 ssid
= "test-wpa-psk"
306 passphrase
= 'qwertyuiop'
307 params
= hostapd
.wpa_params(ssid
=ssid
, passphrase
=passphrase
)
308 params
['wpa_ptk_rekey'] = '2'
309 hapd
= hostapd
.add_ap(apdev
[0], params
)
310 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
311 ev
= dev
[0].wait_event(["WPA: Key negotiation completed"], timeout
=10)
313 raise Exception("PTK rekey timed out")
314 hwsim_utils
.test_connectivity(dev
[0], hapd
)
317 def test_ap_wpa_ccmp(dev
, apdev
):
319 ssid
= "test-wpa-psk"
320 passphrase
= 'qwertyuiop'
321 params
= hostapd
.wpa_params(ssid
=ssid
, passphrase
=passphrase
)
322 params
['wpa_pairwise'] = "CCMP"
323 hapd
= hostapd
.add_ap(apdev
[0], params
)
324 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
325 hwsim_utils
.test_connectivity(dev
[0], hapd
)
326 check_mib(dev
[0], [("dot11RSNAConfigGroupCipherSize", "128"),
327 ("dot11RSNAGroupCipherRequested", "00-50-f2-4"),
328 ("dot11RSNAPairwiseCipherRequested", "00-50-f2-4"),
329 ("dot11RSNAAuthenticationSuiteRequested", "00-50-f2-2"),
330 ("dot11RSNAGroupCipherSelected", "00-50-f2-4"),
331 ("dot11RSNAPairwiseCipherSelected", "00-50-f2-4"),
332 ("dot11RSNAAuthenticationSuiteSelected", "00-50-f2-2"),
333 ("dot1xSuppSuppControlledPortStatus", "Authorized")])
335 def test_ap_wpa2_psk_file_errors(dev
, apdev
):
336 """WPA2-PSK AP with various PSK file error and success cases"""
337 addr0
= dev
[0].own_addr()
338 addr1
= dev
[1].own_addr()
339 addr2
= dev
[2].own_addr()
341 pskfile
= "/tmp/ap_wpa2_psk_file_errors.psk_file"
347 params
= {"ssid": ssid
, "wpa": "2", "wpa_key_mgmt": "WPA-PSK",
348 "rsn_pairwise": "CCMP", "wpa_psk_file": pskfile
}
352 hapd
= hostapd
.add_ap(apdev
[0], params
, no_enable
=True)
353 if "FAIL" not in hapd
.request("ENABLE"):
354 raise Exception("Unexpected ENABLE success")
355 hapd
.request("DISABLE")
357 # invalid MAC address
358 with
open(pskfile
, "w") as f
:
361 if "FAIL" not in hapd
.request("ENABLE"):
362 raise Exception("Unexpected ENABLE success")
363 hapd
.request("DISABLE")
366 with
open(pskfile
, "w") as f
:
367 f
.write("00:11:22:33:44:55\n")
368 if "FAIL" not in hapd
.request("ENABLE"):
369 raise Exception("Unexpected ENABLE success")
370 hapd
.request("DISABLE")
373 with
open(pskfile
, "w") as f
:
374 f
.write("00:11:22:33:44:55 1234567\n")
375 if "FAIL" not in hapd
.request("ENABLE"):
376 raise Exception("Unexpected ENABLE success")
377 hapd
.request("DISABLE")
379 # empty token at the end of the line
380 with
open(pskfile
, "w") as f
:
382 if "FAIL" not in hapd
.request("ENABLE"):
383 raise Exception("Unexpected ENABLE success")
384 hapd
.request("DISABLE")
387 with
open(pskfile
, "w") as f
:
388 f
.write("00:11:22:33:44:55 12345678\n")
389 f
.write(addr0
+ " 123456789\n")
390 f
.write(addr1
+ " 123456789a\n")
391 f
.write(addr2
+ " 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\n")
392 if "FAIL" in hapd
.request("ENABLE"):
393 raise Exception("Unexpected ENABLE failure")
395 dev
[0].connect(ssid
, psk
="123456789", scan_freq
="2412")
396 dev
[1].connect(ssid
, psk
="123456789a", scan_freq
="2412")
397 dev
[2].connect(ssid
, raw_psk
="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef", scan_freq
="2412")
406 def test_ap_wpa2_psk_wildcard_ssid(dev
, apdev
):
407 """WPA2-PSK AP and wildcard SSID configuration"""
408 ssid
= "test-wpa2-psk"
409 passphrase
= 'qwertyuiop'
410 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
411 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
412 hapd
= hostapd
.add_ap(apdev
[0], params
)
413 dev
[0].connect("", bssid
=apdev
[0]['bssid'], psk
=passphrase
,
415 dev
[1].connect("", bssid
=apdev
[0]['bssid'], raw_psk
=psk
, scan_freq
="2412")
418 def test_ap_wpa2_gtk_rekey(dev
, apdev
):
419 """WPA2-PSK AP and GTK rekey enforced by AP"""
420 ssid
= "test-wpa2-psk"
421 passphrase
= 'qwertyuiop'
422 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
423 params
['wpa_group_rekey'] = '1'
424 hapd
= hostapd
.add_ap(apdev
[0], params
)
425 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
426 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
428 raise Exception("GTK rekey timed out")
429 hwsim_utils
.test_connectivity(dev
[0], hapd
)
431 def test_ap_wpa2_gtk_rekey_request(dev
, apdev
):
432 """WPA2-PSK AP and GTK rekey by AP request"""
433 ssid
= "test-wpa2-psk"
434 passphrase
= 'qwertyuiop'
435 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
436 hapd
= hostapd
.add_ap(apdev
[0], params
)
437 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
438 if "OK" not in hapd
.request("REKEY_GTK"):
439 raise Exception("REKEY_GTK failed")
440 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
442 raise Exception("GTK rekey timed out")
443 hwsim_utils
.test_connectivity(dev
[0], hapd
)
446 def test_ap_wpa_gtk_rekey(dev
, apdev
):
447 """WPA-PSK/TKIP AP and GTK rekey enforced by AP"""
448 skip_with_fips(dev
[0])
449 ssid
= "test-wpa-psk"
450 passphrase
= 'qwertyuiop'
451 params
= hostapd
.wpa_params(ssid
=ssid
, passphrase
=passphrase
)
452 params
['wpa_group_rekey'] = '1'
453 hapd
= hostapd
.add_ap(apdev
[0], params
)
454 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
455 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
457 raise Exception("GTK rekey timed out")
458 hwsim_utils
.test_connectivity(dev
[0], hapd
)
461 def test_ap_wpa2_gmk_rekey(dev
, apdev
):
462 """WPA2-PSK AP and GMK and GTK rekey enforced by AP"""
463 ssid
= "test-wpa2-psk"
464 passphrase
= 'qwertyuiop'
465 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
466 params
['wpa_group_rekey'] = '1'
467 params
['wpa_gmk_rekey'] = '2'
468 hapd
= hostapd
.add_ap(apdev
[0], params
)
469 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
470 for i
in range(0, 3):
471 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
473 raise Exception("GTK rekey timed out")
474 hwsim_utils
.test_connectivity(dev
[0], hapd
)
477 def test_ap_wpa2_strict_rekey(dev
, apdev
):
478 """WPA2-PSK AP and strict GTK rekey enforced by AP"""
479 ssid
= "test-wpa2-psk"
480 passphrase
= 'qwertyuiop'
481 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
482 params
['wpa_strict_rekey'] = '1'
483 hapd
= hostapd
.add_ap(apdev
[0], params
)
484 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
485 dev
[1].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
486 dev
[1].request("DISCONNECT")
487 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
489 raise Exception("GTK rekey timed out")
490 hwsim_utils
.test_connectivity(dev
[0], hapd
)
493 def test_ap_wpa2_bridge_fdb(dev
, apdev
):
494 """Bridge FDB entry removal"""
497 ssid
= "test-wpa2-psk"
498 passphrase
= "12345678"
499 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
500 params
['bridge'] = 'ap-br0'
501 hapd
= hostapd
.add_ap(apdev
[0], params
)
502 hapd
.cmd_execute(['brctl', 'setfd', 'ap-br0', '0'])
503 hapd
.cmd_execute(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
504 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412",
505 bssid
=apdev
[0]['bssid'])
506 dev
[1].connect(ssid
, psk
=passphrase
, scan_freq
="2412",
507 bssid
=apdev
[0]['bssid'])
508 addr0
= dev
[0].p2p_interface_addr()
509 hwsim_utils
.test_connectivity_sta(dev
[0], dev
[1])
510 err
, macs1
= hapd
.cmd_execute(['brctl', 'showmacs', 'ap-br0'])
511 hapd
.cmd_execute(['brctl', 'setageing', 'ap-br0', '1'])
512 dev
[0].request("DISCONNECT")
513 dev
[1].request("DISCONNECT")
515 err
, macs2
= hapd
.cmd_execute(['brctl', 'showmacs', 'ap-br0'])
517 addr1
= dev
[1].p2p_interface_addr()
518 if addr0
not in macs1
or addr1
not in macs1
:
519 raise Exception("Bridge FDB entry missing")
520 if addr0
in macs2
or addr1
in macs2
:
521 raise Exception("Bridge FDB entry was not removed")
523 hostapd
.cmd_execute(apdev
[0], ['ip', 'link', 'set', 'dev', 'ap-br0',
525 hostapd
.cmd_execute(apdev
[0], ['brctl', 'delbr', 'ap-br0'])
528 def test_ap_wpa2_already_in_bridge(dev
, apdev
):
529 """hostapd behavior with interface already in bridge"""
530 ifname
= apdev
[0]['ifname']
531 br_ifname
= 'ext-ap-br0'
533 ssid
= "test-wpa2-psk"
534 passphrase
= "12345678"
535 hostapd
.cmd_execute(apdev
[0], ['brctl', 'addbr', br_ifname
])
536 hostapd
.cmd_execute(apdev
[0], ['brctl', 'setfd', br_ifname
, '0'])
537 hostapd
.cmd_execute(apdev
[0], ['ip', 'link', 'set', 'dev', br_ifname
,
539 hostapd
.cmd_execute(apdev
[0], ['iw', ifname
, 'set', 'type', '__ap'])
540 hostapd
.cmd_execute(apdev
[0], ['brctl', 'addif', br_ifname
, ifname
])
541 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
542 hapd
= hostapd
.add_ap(apdev
[0], params
)
543 if hapd
.get_driver_status_field('brname') != br_ifname
:
544 raise Exception("Bridge name not identified correctly")
545 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
547 hostapd
.cmd_execute(apdev
[0], ['ip', 'link', 'set', 'dev', br_ifname
,
549 hostapd
.cmd_execute(apdev
[0], ['brctl', 'delif', br_ifname
, ifname
])
550 hostapd
.cmd_execute(apdev
[0], ['iw', ifname
, 'set', 'type', 'station'])
551 hostapd
.cmd_execute(apdev
[0], ['brctl', 'delbr', br_ifname
])
554 def test_ap_wpa2_in_different_bridge(dev
, apdev
):
555 """hostapd behavior with interface in different bridge"""
556 ifname
= apdev
[0]['ifname']
557 br_ifname
= 'ext-ap-br0'
559 ssid
= "test-wpa2-psk"
560 passphrase
= "12345678"
561 hostapd
.cmd_execute(apdev
[0], ['brctl', 'addbr', br_ifname
])
562 hostapd
.cmd_execute(apdev
[0], ['brctl', 'setfd', br_ifname
, '0'])
563 hostapd
.cmd_execute(apdev
[0], ['ip', 'link', 'set', 'dev', br_ifname
,
565 hostapd
.cmd_execute(apdev
[0], ['iw', ifname
, 'set', 'type', '__ap'])
566 hostapd
.cmd_execute(apdev
[0], ['brctl', 'addif', br_ifname
, ifname
])
568 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
569 params
['bridge'] = 'ap-br0'
570 hapd
= hostapd
.add_ap(apdev
[0], params
)
571 hostapd
.cmd_execute(apdev
[0], ['brctl', 'setfd', 'ap-br0', '0'])
572 hostapd
.cmd_execute(apdev
[0], ['ip', 'link', 'set', 'dev', 'ap-br0',
574 brname
= hapd
.get_driver_status_field('brname')
575 if brname
!= 'ap-br0':
576 raise Exception("Incorrect bridge: " + brname
)
577 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
578 hwsim_utils
.test_connectivity_iface(dev
[0], hapd
, "ap-br0")
579 if hapd
.get_driver_status_field("added_bridge") != "1":
580 raise Exception("Unexpected added_bridge value")
581 if hapd
.get_driver_status_field("added_if_into_bridge") != "1":
582 raise Exception("Unexpected added_if_into_bridge value")
583 dev
[0].request("DISCONNECT")
586 hostapd
.cmd_execute(apdev
[0], ['ip', 'link', 'set', 'dev', br_ifname
,
588 hostapd
.cmd_execute(apdev
[0], ['brctl', 'delif', br_ifname
, ifname
,
589 "2>", "/dev/null"], shell
=True)
590 hostapd
.cmd_execute(apdev
[0], ['brctl', 'delbr', br_ifname
])
593 def test_ap_wpa2_ext_add_to_bridge(dev
, apdev
):
594 """hostapd behavior with interface added to bridge externally"""
595 ifname
= apdev
[0]['ifname']
596 br_ifname
= 'ext-ap-br0'
598 ssid
= "test-wpa2-psk"
599 passphrase
= "12345678"
600 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
601 hapd
= hostapd
.add_ap(apdev
[0], params
)
603 hostapd
.cmd_execute(apdev
[0], ['brctl', 'addbr', br_ifname
])
604 hostapd
.cmd_execute(apdev
[0], ['brctl', 'setfd', br_ifname
, '0'])
605 hostapd
.cmd_execute(apdev
[0], ['ip', 'link', 'set', 'dev', br_ifname
,
607 hostapd
.cmd_execute(apdev
[0], ['brctl', 'addif', br_ifname
, ifname
])
608 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
609 if hapd
.get_driver_status_field('brname') != br_ifname
:
610 raise Exception("Bridge name not identified correctly")
612 hostapd
.cmd_execute(apdev
[0], ['ip', 'link', 'set', 'dev', br_ifname
,
614 hostapd
.cmd_execute(apdev
[0], ['brctl', 'delif', br_ifname
, ifname
])
615 hostapd
.cmd_execute(apdev
[0], ['brctl', 'delbr', br_ifname
])
617 def test_ap_wpa2_psk_ext(dev
, apdev
):
618 """WPA2-PSK AP using external EAPOL I/O"""
619 bssid
= apdev
[0]['bssid']
620 ssid
= "test-wpa2-psk"
621 passphrase
= 'qwertyuiop'
622 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
623 params
= hostapd
.wpa2_params(ssid
=ssid
)
624 params
['wpa_psk'] = psk
625 hapd
= hostapd
.add_ap(apdev
[0], params
)
626 hapd
.request("SET ext_eapol_frame_io 1")
627 dev
[0].request("SET ext_eapol_frame_io 1")
628 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412", wait_connect
=False)
629 addr
= dev
[0].p2p_interface_addr()
631 ev
= hapd
.wait_event(["EAPOL-TX", "AP-STA-CONNECTED"], timeout
=15)
633 raise Exception("Timeout on EAPOL-TX from hostapd")
634 if "AP-STA-CONNECTED" in ev
:
635 dev
[0].wait_connected(timeout
=15)
637 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
639 raise Exception("EAPOL_RX to wpa_supplicant failed")
640 ev
= dev
[0].wait_event(["EAPOL-TX", "CTRL-EVENT-CONNECTED"], timeout
=15)
642 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
643 if "CTRL-EVENT-CONNECTED" in ev
:
645 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
647 raise Exception("EAPOL_RX to hostapd failed")
649 def test_ap_wpa2_psk_ext_retry_msg_3(dev
, apdev
):
650 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4"""
651 bssid
= apdev
[0]['bssid']
652 ssid
= "test-wpa2-psk"
653 passphrase
= 'qwertyuiop'
654 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
655 params
= hostapd
.wpa2_params(ssid
=ssid
)
656 params
['wpa_psk'] = psk
657 hapd
= hostapd
.add_ap(apdev
[0], params
)
658 hapd
.request("SET ext_eapol_frame_io 1")
659 dev
[0].request("SET ext_eapol_frame_io 1")
660 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412", wait_connect
=False)
661 addr
= dev
[0].p2p_interface_addr()
664 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
666 raise Exception("Timeout on EAPOL-TX from hostapd")
667 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
669 raise Exception("EAPOL_RX to wpa_supplicant failed")
672 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
674 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
675 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
677 raise Exception("EAPOL_RX to hostapd failed")
680 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
682 raise Exception("Timeout on EAPOL-TX from hostapd")
683 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
685 raise Exception("EAPOL_RX to wpa_supplicant failed")
688 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
690 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
691 # Do not send to the AP
692 dev
[0].wait_connected(timeout
=15)
694 # EAPOL-Key msg 3/4 (retry)
695 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
697 raise Exception("Timeout on EAPOL-TX from hostapd")
698 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
700 raise Exception("EAPOL_RX to wpa_supplicant failed")
703 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
705 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
706 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
708 raise Exception("EAPOL_RX to hostapd failed")
710 ev
= hapd
.wait_event(["AP-STA-CONNECTED"], timeout
=15)
712 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
714 hwsim_utils
.test_connectivity(dev
[0], hapd
)
716 def test_ap_wpa2_psk_ext_retry_msg_3b(dev
, apdev
):
717 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (b)"""
718 bssid
= apdev
[0]['bssid']
719 ssid
= "test-wpa2-psk"
720 passphrase
= 'qwertyuiop'
721 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
722 params
= hostapd
.wpa2_params(ssid
=ssid
)
723 params
['wpa_psk'] = psk
724 hapd
= hostapd
.add_ap(apdev
[0], params
)
725 hapd
.request("SET ext_eapol_frame_io 1")
726 dev
[0].request("SET ext_eapol_frame_io 1")
727 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412", wait_connect
=False)
728 addr
= dev
[0].p2p_interface_addr()
731 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
733 raise Exception("Timeout on EAPOL-TX from hostapd")
734 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
736 raise Exception("EAPOL_RX to wpa_supplicant failed")
739 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
741 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
742 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
744 raise Exception("EAPOL_RX to hostapd failed")
747 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
749 raise Exception("Timeout on EAPOL-TX from hostapd")
750 # Do not send the first msg 3/4 to the STA yet; wait for retransmission
754 # EAPOL-Key msg 3/4 (retry)
755 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
757 raise Exception("Timeout on EAPOL-TX from hostapd")
760 # Send the first msg 3/4 to STA
761 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg3_1
.split(' ')[2])
763 raise Exception("EAPOL_RX to wpa_supplicant failed")
766 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
768 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
769 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
771 raise Exception("EAPOL_RX to hostapd failed")
772 dev
[0].wait_connected(timeout
=15)
773 ev
= hapd
.wait_event(["AP-STA-CONNECTED"], timeout
=15)
775 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
777 hwsim_utils
.test_connectivity(dev
[0], hapd
)
779 # Send the second msg 3/4 to STA
780 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg3_2
.split(' ')[2])
782 raise Exception("EAPOL_RX to wpa_supplicant failed")
784 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
786 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
787 # Do not send the second msg 4/4 to the AP
789 hwsim_utils
.test_connectivity(dev
[0], hapd
)
791 def test_ap_wpa2_psk_ext_retry_msg_3c(dev
, apdev
):
792 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (c)"""
793 bssid
= apdev
[0]['bssid']
794 ssid
= "test-wpa2-psk"
795 passphrase
= 'qwertyuiop'
796 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
797 params
= hostapd
.wpa2_params(ssid
=ssid
)
798 params
['wpa_psk'] = psk
799 hapd
= hostapd
.add_ap(apdev
[0], params
)
800 hapd
.request("SET ext_eapol_frame_io 1")
801 dev
[0].request("SET ext_eapol_frame_io 1")
802 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412", wait_connect
=False)
803 addr
= dev
[0].p2p_interface_addr()
806 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
808 raise Exception("Timeout on EAPOL-TX from hostapd")
809 msg1
= ev
.split(' ')[2]
810 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg1
)
812 raise Exception("EAPOL_RX to wpa_supplicant failed")
815 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
817 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
818 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
820 raise Exception("EAPOL_RX to hostapd failed")
823 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
825 raise Exception("Timeout on EAPOL-TX from hostapd")
826 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
828 raise Exception("EAPOL_RX to wpa_supplicant failed")
831 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
833 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
834 msg4
= ev
.split(' ')[2]
835 # Do not send msg 4/4 to hostapd to trigger retry
837 # STA believes everything is ready
838 dev
[0].wait_connected()
840 # EAPOL-Key msg 3/4 (retry)
841 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
843 raise Exception("Timeout on EAPOL-TX from hostapd")
844 msg3
= ev
.split(' ')[2]
846 # Send a forged msg 1/4 to STA (update replay counter)
847 msg1b
= msg1
[0:18] + msg3
[18:34] + msg1
[34:]
848 # and replace nonce (this results in "WPA: ANonce from message 1 of
849 # 4-Way Handshake differs from 3 of 4-Way Handshake - drop packet" when
850 # wpa_supplicant processed msg 3/4 afterwards)
851 #msg1b = msg1[0:18] + msg3[18:34] + 32*"ff" + msg1[98:]
852 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg1b
)
854 raise Exception("EAPOL_RX to wpa_supplicant failed")
856 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=1)
858 # wpa_supplicant seems to have ignored the forged message. This means
859 # the attack would fail.
860 logger
.info("wpa_supplicant ignored forged EAPOL-Key msg 1/4")
862 # Do not send msg 2/4 to hostapd
864 # Send previously received msg 3/4 to STA
865 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg3
)
867 raise Exception("EAPOL_RX to wpa_supplicant failed")
870 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
872 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
873 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
875 raise Exception("EAPOL_RX to hostapd failed")
877 ev
= hapd
.wait_event(["AP-STA-CONNECTED"], timeout
=15)
879 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
881 hwsim_utils
.test_connectivity(dev
[0], hapd
)
883 def test_ap_wpa2_psk_ext_retry_msg_3d(dev
, apdev
):
884 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (d)"""
885 bssid
= apdev
[0]['bssid']
886 ssid
= "test-wpa2-psk"
887 passphrase
= 'qwertyuiop'
888 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
889 params
= hostapd
.wpa2_params(ssid
=ssid
)
890 params
['wpa_psk'] = psk
891 hapd
= hostapd
.add_ap(apdev
[0], params
)
892 hapd
.request("SET ext_eapol_frame_io 1")
893 dev
[0].request("SET ext_eapol_frame_io 1")
894 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412", wait_connect
=False)
895 addr
= dev
[0].p2p_interface_addr()
898 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
900 raise Exception("Timeout on EAPOL-TX from hostapd")
901 msg1
= ev
.split(' ')[2]
902 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg1
)
904 raise Exception("EAPOL_RX to wpa_supplicant failed")
907 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
909 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
910 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
912 raise Exception("EAPOL_RX to hostapd failed")
915 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
917 raise Exception("Timeout on EAPOL-TX from hostapd")
918 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
920 raise Exception("EAPOL_RX to wpa_supplicant failed")
923 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
925 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
926 msg4
= ev
.split(' ')[2]
927 # Do not send msg 4/4 to hostapd to trigger retry
929 # STA believes everything is ready
930 dev
[0].wait_connected()
932 # EAPOL-Key msg 3/4 (retry)
933 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
935 raise Exception("Timeout on EAPOL-TX from hostapd")
936 msg3
= ev
.split(' ')[2]
938 # Send a forged msg 1/4 to STA (update replay counter)
939 msg1b
= msg1
[0:18] + msg3
[18:34] + msg1
[34:]
940 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg1b
)
942 raise Exception("EAPOL_RX to wpa_supplicant failed")
944 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=1)
946 # wpa_supplicant seems to have ignored the forged message. This means
947 # the attack would fail.
948 logger
.info("wpa_supplicant ignored forged EAPOL-Key msg 1/4")
950 # Do not send msg 2/4 to hostapd
952 # EAPOL-Key msg 3/4 (retry 2)
953 # New one needed to get the correct Replay Counter value
954 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
956 raise Exception("Timeout on EAPOL-TX from hostapd")
957 msg3
= ev
.split(' ')[2]
959 # Send msg 3/4 to STA
960 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg3
)
962 raise Exception("EAPOL_RX to wpa_supplicant failed")
965 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
967 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
968 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
970 raise Exception("EAPOL_RX to hostapd failed")
972 ev
= hapd
.wait_event(["AP-STA-CONNECTED"], timeout
=15)
974 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
976 hwsim_utils
.test_connectivity(dev
[0], hapd
)
978 def test_ap_wpa2_psk_ext_retry_msg_3e(dev
, apdev
):
979 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (e)"""
980 bssid
= apdev
[0]['bssid']
981 ssid
= "test-wpa2-psk"
982 passphrase
= 'qwertyuiop'
983 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
984 params
= hostapd
.wpa2_params(ssid
=ssid
)
985 params
['wpa_psk'] = psk
986 hapd
= hostapd
.add_ap(apdev
[0], params
)
987 hapd
.request("SET ext_eapol_frame_io 1")
988 dev
[0].request("SET ext_eapol_frame_io 1")
989 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412", wait_connect
=False)
990 addr
= dev
[0].p2p_interface_addr()
993 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
995 raise Exception("Timeout on EAPOL-TX from hostapd")
996 msg1
= ev
.split(' ')[2]
997 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg1
)
999 raise Exception("EAPOL_RX to wpa_supplicant failed")
1002 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
1004 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1005 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
1007 raise Exception("EAPOL_RX to hostapd failed")
1010 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
1012 raise Exception("Timeout on EAPOL-TX from hostapd")
1013 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
1015 raise Exception("EAPOL_RX to wpa_supplicant failed")
1018 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
1020 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1021 msg4
= ev
.split(' ')[2]
1022 # Do not send msg 4/4 to hostapd to trigger retry
1024 # STA believes everything is ready
1025 dev
[0].wait_connected()
1027 # EAPOL-Key msg 3/4 (retry)
1028 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
1030 raise Exception("Timeout on EAPOL-TX from hostapd")
1031 msg3
= ev
.split(' ')[2]
1033 # Send a forged msg 1/4 to STA (update replay counter and replace ANonce)
1034 msg1b
= msg1
[0:18] + msg3
[18:34] + 32*"ff" + msg1
[98:]
1035 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg1b
)
1037 raise Exception("EAPOL_RX to wpa_supplicant failed")
1039 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=1)
1041 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1042 # Do not send msg 2/4 to hostapd
1044 # Send a forged msg 1/4 to STA (back to previously used ANonce)
1045 msg1b
= msg1
[0:18] + msg3
[18:34] + msg1
[34:]
1046 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg1b
)
1048 raise Exception("EAPOL_RX to wpa_supplicant failed")
1050 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=1)
1052 # wpa_supplicant seems to have ignored the forged message. This means
1053 # the attack would fail.
1054 logger
.info("wpa_supplicant ignored forged EAPOL-Key msg 1/4")
1056 # Do not send msg 2/4 to hostapd
1058 # EAPOL-Key msg 3/4 (retry 2)
1059 # New one needed to get the correct Replay Counter value
1060 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
1062 raise Exception("Timeout on EAPOL-TX from hostapd")
1063 msg3
= ev
.split(' ')[2]
1065 # Send msg 3/4 to STA
1066 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg3
)
1068 raise Exception("EAPOL_RX to wpa_supplicant failed")
1071 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
1073 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1074 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
1076 raise Exception("EAPOL_RX to hostapd failed")
1078 ev
= hapd
.wait_event(["AP-STA-CONNECTED"], timeout
=15)
1080 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
1082 hwsim_utils
.test_connectivity(dev
[0], hapd
)
1084 def test_ap_wpa2_psk_ext_delayed_ptk_rekey(dev
, apdev
):
1085 """WPA2-PSK AP using external EAPOL I/O and delayed PTK rekey exchange"""
1086 bssid
= apdev
[0]['bssid']
1087 ssid
= "test-wpa2-psk"
1088 passphrase
= 'qwertyuiop'
1089 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
1090 params
= hostapd
.wpa2_params(ssid
=ssid
)
1091 params
['wpa_psk'] = psk
1092 params
['wpa_ptk_rekey'] = '3'
1093 hapd
= hostapd
.add_ap(apdev
[0], params
)
1094 hapd
.request("SET ext_eapol_frame_io 1")
1095 dev
[0].request("SET ext_eapol_frame_io 1")
1096 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412", wait_connect
=False)
1097 addr
= dev
[0].p2p_interface_addr()
1100 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
1102 raise Exception("Timeout on EAPOL-TX from hostapd")
1103 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
1105 raise Exception("EAPOL_RX to wpa_supplicant failed")
1108 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
1110 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1111 msg2
= ev
.split(' ')[2]
1112 # Do not send this to the AP
1114 # EAPOL-Key msg 1/4 (retry)
1115 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
1117 raise Exception("Timeout on EAPOL-TX from hostapd")
1118 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
1120 raise Exception("EAPOL_RX to wpa_supplicant failed")
1123 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
1125 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1126 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
1128 raise Exception("EAPOL_RX to hostapd failed")
1131 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
1133 raise Exception("Timeout on EAPOL-TX from hostapd")
1134 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
1136 raise Exception("EAPOL_RX to wpa_supplicant failed")
1139 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
1141 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1142 msg4
= ev
.split(' ')[2]
1143 # Do not send msg 4/4 to AP
1145 # EAPOL-Key msg 3/4 (retry)
1146 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
1148 raise Exception("Timeout on EAPOL-TX from hostapd")
1149 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
1151 raise Exception("EAPOL_RX to wpa_supplicant failed")
1154 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
1156 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1157 msg4b
= ev
.split(' ')[2]
1158 # Do not send msg 4/4 to AP
1160 # Send the previous EAPOL-Key msg 4/4 to AP
1161 res
= hapd
.request("EAPOL_RX " + addr
+ " " + msg4
)
1163 raise Exception("EAPOL_RX to hostapd failed")
1165 ev
= hapd
.wait_event(["AP-STA-CONNECTED"], timeout
=15)
1167 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
1169 # Wait for PTK rekeying to be initialized
1171 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
1173 raise Exception("Timeout on EAPOL-TX from hostapd")
1175 # EAPOL-Key msg 2/4 from the previous 4-way handshake
1176 # hostapd is expected to ignore this due to unexpected Replay Counter
1177 res
= hapd
.request("EAPOL_RX " + addr
+ " " + msg2
)
1179 raise Exception("EAPOL_RX to hostapd failed")
1181 # EAPOL-Key msg 3/4 (actually, this ends up being retransmitted 1/4)
1182 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
1184 raise Exception("Timeout on EAPOL-TX from hostapd")
1185 keyinfo
= ev
.split(' ')[2][10:14]
1186 if keyinfo
!= "008a":
1187 raise Exception("Unexpected key info when expected msg 1/4:" + keyinfo
)
1189 # EAPOL-Key msg 4/4 from the previous 4-way handshake
1190 # hostapd is expected to ignore this due to unexpected Replay Counter
1191 res
= hapd
.request("EAPOL_RX " + addr
+ " " + msg4b
)
1193 raise Exception("EAPOL_RX to hostapd failed")
1195 # Check if any more EAPOL-Key frames are seen. If the second 4-way handshake
1196 # was accepted, there would be no more EAPOL-Key frames. If the Replay
1197 # Counters were rejected, there would be a retransmitted msg 1/4 here.
1198 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=1.1)
1200 raise Exception("Did not see EAPOL-TX from hostapd in the end (expected msg 1/4)")
1201 keyinfo
= ev
.split(' ')[2][10:14]
1202 if keyinfo
!= "008a":
1203 raise Exception("Unexpected key info when expected msg 1/4:" + keyinfo
)
1205 def parse_eapol(data
):
1206 (version
, type, length
) = struct
.unpack('>BBH', data
[0:4])
1208 if length
> len(payload
):
1209 raise Exception("Invalid EAPOL length")
1210 if length
< len(payload
):
1211 payload
= payload
[0:length
]
1213 eapol
['version'] = version
1214 eapol
['type'] = type
1215 eapol
['length'] = length
1216 eapol
['payload'] = payload
1219 (eapol
['descr_type'],) = struct
.unpack('B', payload
[0:1])
1220 payload
= payload
[1:]
1221 if eapol
['descr_type'] == 2 or eapol
['descr_type'] == 254:
1223 (key_info
, key_len
) = struct
.unpack('>HH', payload
[0:4])
1224 eapol
['rsn_key_info'] = key_info
1225 eapol
['rsn_key_len'] = key_len
1226 eapol
['rsn_replay_counter'] = payload
[4:12]
1227 eapol
['rsn_key_nonce'] = payload
[12:44]
1228 eapol
['rsn_key_iv'] = payload
[44:60]
1229 eapol
['rsn_key_rsc'] = payload
[60:68]
1230 eapol
['rsn_key_id'] = payload
[68:76]
1231 eapol
['rsn_key_mic'] = payload
[76:92]
1232 payload
= payload
[92:]
1233 (eapol
['rsn_key_data_len'],) = struct
.unpack('>H', payload
[0:2])
1234 payload
= payload
[2:]
1235 eapol
['rsn_key_data'] = payload
1238 def build_eapol(msg
):
1239 data
= struct
.pack(">BBH", msg
['version'], msg
['type'], msg
['length'])
1240 if msg
['type'] == 3:
1241 data
+= struct
.pack('>BHH', msg
['descr_type'], msg
['rsn_key_info'],
1243 data
+= msg
['rsn_replay_counter']
1244 data
+= msg
['rsn_key_nonce']
1245 data
+= msg
['rsn_key_iv']
1246 data
+= msg
['rsn_key_rsc']
1247 data
+= msg
['rsn_key_id']
1248 data
+= msg
['rsn_key_mic']
1249 data
+= struct
.pack('>H', msg
['rsn_key_data_len'])
1250 data
+= msg
['rsn_key_data']
1252 data
+= msg
['payload']
1255 def sha1_prf(key
, label
, data
, outlen
):
1259 m
= hmac
.new(key
, label
.encode(), hashlib
.sha1
)
1260 m
.update(struct
.pack('B', 0))
1262 m
.update(struct
.pack('B', counter
))
1265 if outlen
> len(hash):
1269 res
+= hash[0:outlen
]
1273 def pmk_to_ptk(pmk
, addr1
, addr2
, nonce1
, nonce2
):
1275 data
= binascii
.unhexlify(addr1
.replace(':', '')) + binascii
.unhexlify(addr2
.replace(':', ''))
1277 data
= binascii
.unhexlify(addr2
.replace(':', '')) + binascii
.unhexlify(addr1
.replace(':', ''))
1279 data
+= nonce1
+ nonce2
1281 data
+= nonce2
+ nonce1
1282 label
= "Pairwise key expansion"
1283 ptk
= sha1_prf(pmk
, label
, data
, 48)
1286 return (ptk
, kck
, kek
)
1288 def eapol_key_mic(kck
, msg
):
1289 msg
['rsn_key_mic'] = binascii
.unhexlify('00000000000000000000000000000000')
1290 data
= build_eapol(msg
)
1291 m
= hmac
.new(kck
, data
, hashlib
.sha1
)
1292 msg
['rsn_key_mic'] = m
.digest()[0:16]
1294 def rsn_eapol_key_set(msg
, key_info
, key_len
, nonce
, data
):
1295 msg
['rsn_key_info'] = key_info
1296 msg
['rsn_key_len'] = key_len
1298 msg
['rsn_key_nonce'] = nonce
1300 msg
['rsn_key_nonce'] = binascii
.unhexlify('0000000000000000000000000000000000000000000000000000000000000000')
1302 msg
['rsn_key_data_len'] = len(data
)
1303 msg
['rsn_key_data'] = data
1304 msg
['length'] = 95 + len(data
)
1306 msg
['rsn_key_data_len'] = 0
1307 msg
['rsn_key_data'] = b
''
1310 def recv_eapol(hapd
):
1311 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
1313 raise Exception("Timeout on EAPOL-TX from hostapd")
1314 eapol
= binascii
.unhexlify(ev
.split(' ')[2])
1315 return parse_eapol(eapol
)
1317 def send_eapol(hapd
, addr
, data
):
1318 res
= hapd
.request("EAPOL_RX " + addr
+ " " + binascii
.hexlify(data
).decode())
1320 raise Exception("EAPOL_RX to hostapd failed")
1322 def reply_eapol(info
, hapd
, addr
, msg
, key_info
, nonce
, data
, kck
):
1323 logger
.info("Send EAPOL-Key msg " + info
)
1324 rsn_eapol_key_set(msg
, key_info
, 0, nonce
, data
)
1325 eapol_key_mic(kck
, msg
)
1326 send_eapol(hapd
, addr
, build_eapol(msg
))
1328 def hapd_connected(hapd
):
1329 ev
= hapd
.wait_event(["AP-STA-CONNECTED"], timeout
=15)
1331 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
1333 def eapol_test(apdev
, dev
, wpa2
=True, ieee80211w
=0):
1334 bssid
= apdev
['bssid']
1336 ssid
= "test-wpa2-psk"
1338 ssid
= "test-wpa-psk"
1339 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
1340 pmk
= binascii
.unhexlify(psk
)
1342 params
= hostapd
.wpa2_params(ssid
=ssid
)
1344 params
= hostapd
.wpa_params(ssid
=ssid
)
1345 params
['wpa_psk'] = psk
1346 params
['ieee80211w'] = str(ieee80211w
)
1347 hapd
= hostapd
.add_ap(apdev
, params
)
1348 hapd
.request("SET ext_eapol_frame_io 1")
1349 dev
.request("SET ext_eapol_frame_io 1")
1350 dev
.connect(ssid
, raw_psk
=psk
, scan_freq
="2412", wait_connect
=False,
1351 ieee80211w
=str(ieee80211w
))
1352 addr
= dev
.p2p_interface_addr()
1355 rsne
= binascii
.unhexlify('30140100000fac040100000fac040100000fac02cc00')
1357 rsne
= binascii
.unhexlify('30140100000fac040100000fac040100000fac020000')
1359 rsne
= binascii
.unhexlify('dd160050f20101000050f20201000050f20201000050f202')
1360 snonce
= binascii
.unhexlify('1111111111111111111111111111111111111111111111111111111111111111')
1361 return (bssid
, ssid
, hapd
, snonce
, pmk
, addr
, rsne
)
1364 def test_ap_wpa2_psk_ext_eapol(dev
, apdev
):
1365 """WPA2-PSK AP using external EAPOL supplicant"""
1366 (bssid
, ssid
, hapd
, snonce
, pmk
, addr
, rsne
) = eapol_test(apdev
[0], dev
[0])
1368 msg
= recv_eapol(hapd
)
1369 anonce
= msg
['rsn_key_nonce']
1370 logger
.info("Replay same data back")
1371 send_eapol(hapd
, addr
, build_eapol(msg
))
1373 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1375 logger
.info("Truncated Key Data in EAPOL-Key msg 2/4")
1376 rsn_eapol_key_set(msg
, 0x0101, 0, snonce
, rsne
)
1377 msg
['length'] = 95 + 22 - 1
1378 send_eapol(hapd
, addr
, build_eapol(msg
))
1380 reply_eapol("2/4", hapd
, addr
, msg
, 0x010a, snonce
, rsne
, kck
)
1382 msg
= recv_eapol(hapd
)
1383 if anonce
!= msg
['rsn_key_nonce']:
1384 raise Exception("ANonce changed")
1385 logger
.info("Replay same data back")
1386 send_eapol(hapd
, addr
, build_eapol(msg
))
1388 reply_eapol("4/4", hapd
, addr
, msg
, 0x030a, None, None, kck
)
1389 hapd_connected(hapd
)
1392 def test_ap_wpa2_psk_ext_eapol_retry1(dev
, apdev
):
1393 """WPA2 4-way handshake with EAPOL-Key 1/4 retransmitted"""
1394 (bssid
, ssid
, hapd
, snonce
, pmk
, addr
, rsne
) = eapol_test(apdev
[0], dev
[0])
1396 msg1
= recv_eapol(hapd
)
1397 anonce
= msg1
['rsn_key_nonce']
1399 msg2
= recv_eapol(hapd
)
1400 if anonce
!= msg2
['rsn_key_nonce']:
1401 raise Exception("ANonce changed")
1403 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1405 logger
.info("Send EAPOL-Key msg 2/4")
1407 rsn_eapol_key_set(msg
, 0x010a, 0, snonce
, rsne
)
1408 eapol_key_mic(kck
, msg
)
1409 send_eapol(hapd
, addr
, build_eapol(msg
))
1411 msg
= recv_eapol(hapd
)
1412 if anonce
!= msg
['rsn_key_nonce']:
1413 raise Exception("ANonce changed")
1415 reply_eapol("4/4", hapd
, addr
, msg
, 0x030a, None, None, kck
)
1416 hapd_connected(hapd
)
1419 def test_ap_wpa2_psk_ext_eapol_retry1b(dev
, apdev
):
1420 """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted"""
1421 (bssid
, ssid
, hapd
, snonce
, pmk
, addr
, rsne
) = eapol_test(apdev
[0], dev
[0])
1423 msg1
= recv_eapol(hapd
)
1424 anonce
= msg1
['rsn_key_nonce']
1425 msg2
= recv_eapol(hapd
)
1426 if anonce
!= msg2
['rsn_key_nonce']:
1427 raise Exception("ANonce changed")
1429 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1430 reply_eapol("2/4 (a)", hapd
, addr
, msg1
, 0x010a, snonce
, rsne
, kck
)
1431 reply_eapol("2/4 (b)", hapd
, addr
, msg2
, 0x010a, snonce
, rsne
, kck
)
1433 msg
= recv_eapol(hapd
)
1434 if anonce
!= msg
['rsn_key_nonce']:
1435 raise Exception("ANonce changed")
1437 reply_eapol("4/4", hapd
, addr
, msg
, 0x030a, None, None, kck
)
1438 hapd_connected(hapd
)
1441 def test_ap_wpa2_psk_ext_eapol_retry1c(dev
, apdev
):
1442 """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted and SNonce changing"""
1443 (bssid
, ssid
, hapd
, snonce
, pmk
, addr
, rsne
) = eapol_test(apdev
[0], dev
[0])
1445 msg1
= recv_eapol(hapd
)
1446 anonce
= msg1
['rsn_key_nonce']
1448 msg2
= recv_eapol(hapd
)
1449 if anonce
!= msg2
['rsn_key_nonce']:
1450 raise Exception("ANonce changed")
1451 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1452 reply_eapol("2/4 (a)", hapd
, addr
, msg1
, 0x010a, snonce
, rsne
, kck
)
1454 snonce2
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1455 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce2
, anonce
)
1456 reply_eapol("2/4 (b)", hapd
, addr
, msg2
, 0x010a, snonce2
, rsne
, kck
)
1458 msg
= recv_eapol(hapd
)
1459 if anonce
!= msg
['rsn_key_nonce']:
1460 raise Exception("ANonce changed")
1461 reply_eapol("4/4", hapd
, addr
, msg
, 0x030a, None, None, kck
)
1462 hapd_connected(hapd
)
1465 def test_ap_wpa2_psk_ext_eapol_retry1d(dev
, apdev
):
1466 """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted and SNonce changing and older used"""
1467 (bssid
, ssid
, hapd
, snonce
, pmk
, addr
, rsne
) = eapol_test(apdev
[0], dev
[0])
1469 msg1
= recv_eapol(hapd
)
1470 anonce
= msg1
['rsn_key_nonce']
1471 msg2
= recv_eapol(hapd
)
1472 if anonce
!= msg2
['rsn_key_nonce']:
1473 raise Exception("ANonce changed")
1475 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1476 reply_eapol("2/4 (a)", hapd
, addr
, msg1
, 0x010a, snonce
, rsne
, kck
)
1478 snonce2
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1479 (ptk2
, kck2
, kek2
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce2
, anonce
)
1481 reply_eapol("2/4 (b)", hapd
, addr
, msg2
, 0x010a, snonce2
, rsne
, kck2
)
1482 msg
= recv_eapol(hapd
)
1483 if anonce
!= msg
['rsn_key_nonce']:
1484 raise Exception("ANonce changed")
1485 reply_eapol("4/4", hapd
, addr
, msg
, 0x030a, None, None, kck
)
1486 hapd_connected(hapd
)
1489 def test_ap_wpa2_psk_ext_eapol_type_diff(dev
, apdev
):
1490 """WPA2 4-way handshake using external EAPOL supplicant"""
1491 (bssid
, ssid
, hapd
, snonce
, pmk
, addr
, rsne
) = eapol_test(apdev
[0], dev
[0])
1493 msg
= recv_eapol(hapd
)
1494 anonce
= msg
['rsn_key_nonce']
1496 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1498 # Incorrect descriptor type (frame dropped)
1499 msg
['descr_type'] = 253
1500 rsn_eapol_key_set(msg
, 0x010a, 0, snonce
, rsne
)
1501 eapol_key_mic(kck
, msg
)
1502 send_eapol(hapd
, addr
, build_eapol(msg
))
1504 # Incorrect descriptor type, but with a workaround (frame processed)
1505 msg
['descr_type'] = 254
1506 rsn_eapol_key_set(msg
, 0x010a, 0, snonce
, rsne
)
1507 eapol_key_mic(kck
, msg
)
1508 send_eapol(hapd
, addr
, build_eapol(msg
))
1510 msg
= recv_eapol(hapd
)
1511 if anonce
!= msg
['rsn_key_nonce']:
1512 raise Exception("ANonce changed")
1513 logger
.info("Replay same data back")
1514 send_eapol(hapd
, addr
, build_eapol(msg
))
1516 reply_eapol("4/4", hapd
, addr
, msg
, 0x030a, None, None, kck
)
1517 hapd_connected(hapd
)
1520 def test_ap_wpa_psk_ext_eapol(dev
, apdev
):
1521 """WPA2-PSK AP using external EAPOL supplicant"""
1522 (bssid
, ssid
, hapd
, snonce
, pmk
, addr
, wpae
) = eapol_test(apdev
[0], dev
[0],
1525 msg
= recv_eapol(hapd
)
1526 anonce
= msg
['rsn_key_nonce']
1527 logger
.info("Replay same data back")
1528 send_eapol(hapd
, addr
, build_eapol(msg
))
1529 logger
.info("Too short data")
1530 send_eapol(hapd
, addr
, build_eapol(msg
)[0:98])
1532 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1533 msg
['descr_type'] = 2
1534 reply_eapol("2/4(invalid type)", hapd
, addr
, msg
, 0x010a, snonce
, wpae
, kck
)
1535 msg
['descr_type'] = 254
1536 reply_eapol("2/4", hapd
, addr
, msg
, 0x010a, snonce
, wpae
, kck
)
1538 msg
= recv_eapol(hapd
)
1539 if anonce
!= msg
['rsn_key_nonce']:
1540 raise Exception("ANonce changed")
1541 logger
.info("Replay same data back")
1542 send_eapol(hapd
, addr
, build_eapol(msg
))
1544 reply_eapol("4/4", hapd
, addr
, msg
, 0x030a, None, None, kck
)
1545 hapd_connected(hapd
)
1548 def test_ap_wpa2_psk_ext_eapol_key_info(dev
, apdev
):
1549 """WPA2-PSK 4-way handshake with strange key info values"""
1550 (bssid
, ssid
, hapd
, snonce
, pmk
, addr
, rsne
) = eapol_test(apdev
[0], dev
[0])
1552 msg
= recv_eapol(hapd
)
1553 anonce
= msg
['rsn_key_nonce']
1555 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1556 rsn_eapol_key_set(msg
, 0x0000, 0, snonce
, rsne
)
1557 send_eapol(hapd
, addr
, build_eapol(msg
))
1558 rsn_eapol_key_set(msg
, 0xffff, 0, snonce
, rsne
)
1559 send_eapol(hapd
, addr
, build_eapol(msg
))
1561 rsn_eapol_key_set(msg
, 0x2802, 0, snonce
, rsne
)
1562 send_eapol(hapd
, addr
, build_eapol(msg
))
1564 rsn_eapol_key_set(msg
, 0x2002, 0, snonce
, rsne
)
1565 send_eapol(hapd
, addr
, build_eapol(msg
))
1567 rsn_eapol_key_set(msg
, 0x0902, 0, snonce
, rsne
)
1568 send_eapol(hapd
, addr
, build_eapol(msg
))
1570 rsn_eapol_key_set(msg
, 0x0902, 0, snonce
, rsne
)
1571 tmp_kck
= binascii
.unhexlify('00000000000000000000000000000000')
1572 eapol_key_mic(tmp_kck
, msg
)
1573 send_eapol(hapd
, addr
, build_eapol(msg
))
1575 reply_eapol("2/4", hapd
, addr
, msg
, 0x010a, snonce
, rsne
, kck
)
1577 msg
= recv_eapol(hapd
)
1578 if anonce
!= msg
['rsn_key_nonce']:
1579 raise Exception("ANonce changed")
1581 # Request (valic MIC)
1582 rsn_eapol_key_set(msg
, 0x0902, 0, snonce
, rsne
)
1583 eapol_key_mic(kck
, msg
)
1584 send_eapol(hapd
, addr
, build_eapol(msg
))
1585 # Request (valid MIC, replayed counter)
1586 rsn_eapol_key_set(msg
, 0x0902, 0, snonce
, rsne
)
1587 eapol_key_mic(kck
, msg
)
1588 send_eapol(hapd
, addr
, build_eapol(msg
))
1590 reply_eapol("4/4", hapd
, addr
, msg
, 0x030a, None, None, kck
)
1591 hapd_connected(hapd
)
1593 def build_eapol_key_1_4(anonce
, replay_counter
=1, key_data
=b
'', key_len
=16):
1597 msg
['length'] = 95 + len(key_data
)
1599 msg
['descr_type'] = 2
1600 msg
['rsn_key_info'] = 0x8a
1601 msg
['rsn_key_len'] = key_len
1602 msg
['rsn_replay_counter'] = struct
.pack('>Q', replay_counter
)
1603 msg
['rsn_key_nonce'] = anonce
1604 msg
['rsn_key_iv'] = binascii
.unhexlify('00000000000000000000000000000000')
1605 msg
['rsn_key_rsc'] = binascii
.unhexlify('0000000000000000')
1606 msg
['rsn_key_id'] = binascii
.unhexlify('0000000000000000')
1607 msg
['rsn_key_mic'] = binascii
.unhexlify('00000000000000000000000000000000')
1608 msg
['rsn_key_data_len'] = len(key_data
)
1609 msg
['rsn_key_data'] = key_data
1612 def build_eapol_key_3_4(anonce
, kck
, key_data
, replay_counter
=2,
1613 key_info
=0x13ca, extra_len
=0, descr_type
=2, key_len
=16):
1617 msg
['length'] = 95 + len(key_data
) + extra_len
1619 msg
['descr_type'] = descr_type
1620 msg
['rsn_key_info'] = key_info
1621 msg
['rsn_key_len'] = key_len
1622 msg
['rsn_replay_counter'] = struct
.pack('>Q', replay_counter
)
1623 msg
['rsn_key_nonce'] = anonce
1624 msg
['rsn_key_iv'] = binascii
.unhexlify('00000000000000000000000000000000')
1625 msg
['rsn_key_rsc'] = binascii
.unhexlify('0000000000000000')
1626 msg
['rsn_key_id'] = binascii
.unhexlify('0000000000000000')
1627 msg
['rsn_key_data_len'] = len(key_data
)
1628 msg
['rsn_key_data'] = key_data
1629 eapol_key_mic(kck
, msg
)
1632 def aes_wrap(kek
, plain
):
1634 a
= 0xa6a6a6a6a6a6a6a6
1635 enc
= AES
.new(kek
).encrypt
1636 r
= [plain
[i
* 8:(i
+ 1) * 8] for i
in range(0, n
)]
1638 for i
in range(1, n
+ 1):
1639 b
= enc(struct
.pack('>Q', a
) + r
[i
- 1])
1640 a
= struct
.unpack('>Q', b
[:8])[0] ^
(n
* j
+ i
)
1642 return struct
.pack('>Q', a
) + b
''.join(r
)
1644 def pad_key_data(plain
):
1645 pad_len
= len(plain
) % 8
1647 pad_len
= 8 - pad_len
1650 plain
+= pad_len
* b
'\x00'
1653 def test_ap_wpa2_psk_supp_proto(dev
, apdev
):
1654 """WPA2-PSK 4-way handshake protocol testing for supplicant"""
1655 (bssid
, ssid
, hapd
, snonce
, pmk
, addr
, rsne
) = eapol_test(apdev
[0], dev
[0])
1657 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1658 msg
= recv_eapol(hapd
)
1659 dev
[0].dump_monitor()
1661 # Build own EAPOL-Key msg 1/4
1662 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1664 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
1666 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1667 msg
= recv_eapol(dev
[0])
1668 snonce
= msg
['rsn_key_nonce']
1670 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1672 logger
.debug("Invalid AES wrap data length 0")
1673 dev
[0].dump_monitor()
1674 msg
= build_eapol_key_3_4(anonce
, kck
, b
'', replay_counter
=counter
)
1676 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1677 ev
= dev
[0].wait_event(["WPA: Unsupported AES-WRAP len 0"])
1679 raise Exception("Unsupported AES-WRAP len 0 not reported")
1681 logger
.debug("Invalid AES wrap data length 1")
1682 dev
[0].dump_monitor()
1683 msg
= build_eapol_key_3_4(anonce
, kck
, b
'1', replay_counter
=counter
)
1685 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1686 ev
= dev
[0].wait_event(["WPA: Unsupported AES-WRAP len 1"])
1688 raise Exception("Unsupported AES-WRAP len 1 not reported")
1690 logger
.debug("Invalid AES wrap data length 9")
1691 dev
[0].dump_monitor()
1692 msg
= build_eapol_key_3_4(anonce
, kck
, b
'123456789', replay_counter
=counter
)
1694 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1695 ev
= dev
[0].wait_event(["WPA: Unsupported AES-WRAP len 9"])
1697 raise Exception("Unsupported AES-WRAP len 9 not reported")
1699 logger
.debug("Invalid AES wrap data payload")
1700 dev
[0].dump_monitor()
1701 msg
= build_eapol_key_3_4(anonce
, kck
, b
'12345678', replay_counter
=counter
)
1702 # do not increment counter to test replay protection
1703 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1704 ev
= dev
[0].wait_event(["WPA: AES unwrap failed"])
1706 raise Exception("AES unwrap failure not reported")
1708 logger
.debug("Replay Count not increasing")
1709 dev
[0].dump_monitor()
1710 msg
= build_eapol_key_3_4(anonce
, kck
, b
'12345678', replay_counter
=counter
)
1712 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1713 ev
= dev
[0].wait_event(["WPA: EAPOL-Key Replay Counter did not increase"])
1715 raise Exception("Replay Counter replay not reported")
1717 logger
.debug("Missing Ack bit in key info")
1718 dev
[0].dump_monitor()
1719 msg
= build_eapol_key_3_4(anonce
, kck
, b
'12345678', replay_counter
=counter
,
1722 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1723 ev
= dev
[0].wait_event(["WPA: No Ack bit in key_info"])
1725 raise Exception("Missing Ack bit not reported")
1727 logger
.debug("Unexpected Request bit in key info")
1728 dev
[0].dump_monitor()
1729 msg
= build_eapol_key_3_4(anonce
, kck
, b
'12345678', replay_counter
=counter
,
1732 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1733 ev
= dev
[0].wait_event(["WPA: EAPOL-Key with Request bit"])
1735 raise Exception("Request bit not reported")
1737 logger
.debug("Unsupported key descriptor version 0")
1738 dev
[0].dump_monitor()
1739 msg
= build_eapol_key_3_4(anonce
, kck
, b
'0123456789abcdef',
1740 replay_counter
=counter
, key_info
=0x13c8)
1742 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1743 ev
= dev
[0].wait_event(["WPA: Unsupported EAPOL-Key descriptor version 0"])
1745 raise Exception("Unsupported EAPOL-Key descriptor version 0 not reported")
1747 logger
.debug("Key descriptor version 1 not allowed with CCMP")
1748 dev
[0].dump_monitor()
1749 msg
= build_eapol_key_3_4(anonce
, kck
, b
'0123456789abcdef',
1750 replay_counter
=counter
, key_info
=0x13c9)
1752 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1753 ev
= dev
[0].wait_event(["WPA: CCMP is used, but EAPOL-Key descriptor version (1) is not 2"])
1755 raise Exception("Not allowed EAPOL-Key descriptor version not reported")
1757 logger
.debug("Invalid AES wrap payload with key descriptor version 2")
1758 dev
[0].dump_monitor()
1759 msg
= build_eapol_key_3_4(anonce
, kck
, b
'0123456789abcdef',
1760 replay_counter
=counter
, key_info
=0x13ca)
1762 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1763 ev
= dev
[0].wait_event(["WPA: AES unwrap failed"])
1765 raise Exception("AES unwrap failure not reported")
1767 logger
.debug("Key descriptor version 3 workaround")
1768 dev
[0].dump_monitor()
1769 msg
= build_eapol_key_3_4(anonce
, kck
, b
'0123456789abcdef',
1770 replay_counter
=counter
, key_info
=0x13cb)
1772 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1773 ev
= dev
[0].wait_event(["WPA: CCMP is used, but EAPOL-Key descriptor version (3) is not 2"])
1775 raise Exception("CCMP key descriptor mismatch not reported")
1776 ev
= dev
[0].wait_event(["WPA: Interoperability workaround"])
1778 raise Exception("AES-128-CMAC workaround not reported")
1779 ev
= dev
[0].wait_event(["WPA: Invalid EAPOL-Key MIC - dropping packet"])
1781 raise Exception("MIC failure with AES-128-CMAC workaround not reported")
1783 logger
.debug("Unsupported key descriptor version 4")
1784 dev
[0].dump_monitor()
1785 msg
= build_eapol_key_3_4(anonce
, kck
, b
'0123456789abcdef',
1786 replay_counter
=counter
, key_info
=0x13cc)
1788 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1789 ev
= dev
[0].wait_event(["WPA: Unsupported EAPOL-Key descriptor version 4"])
1791 raise Exception("Unsupported EAPOL-Key descriptor version 4 not reported")
1793 logger
.debug("Unsupported key descriptor version 7")
1794 dev
[0].dump_monitor()
1795 msg
= build_eapol_key_3_4(anonce
, kck
, b
'0123456789abcdef',
1796 replay_counter
=counter
, key_info
=0x13cf)
1798 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1799 ev
= dev
[0].wait_event(["WPA: Unsupported EAPOL-Key descriptor version 7"])
1801 raise Exception("Unsupported EAPOL-Key descriptor version 7 not reported")
1803 logger
.debug("Too short EAPOL header length")
1804 dev
[0].dump_monitor()
1805 msg
= build_eapol_key_3_4(anonce
, kck
, b
'12345678', replay_counter
=counter
,
1808 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1809 ev
= dev
[0].wait_event(["WPA: Invalid EAPOL-Key frame - key_data overflow (8 > 7)"])
1811 raise Exception("Key data overflow not reported")
1813 logger
.debug("Too long EAPOL header length")
1814 msg
= build_eapol_key_3_4(anonce
, kck
, b
'12345678', replay_counter
=counter
,
1817 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1819 logger
.debug("Unsupported descriptor type 0")
1820 msg
= build_eapol_key_3_4(anonce
, kck
, b
'12345678', replay_counter
=counter
,
1823 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1825 logger
.debug("WPA descriptor type 0")
1826 msg
= build_eapol_key_3_4(anonce
, kck
, b
'12345678', replay_counter
=counter
,
1829 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1831 logger
.debug("Non-zero key index for pairwise key")
1832 dev
[0].dump_monitor()
1833 wrapped
= aes_wrap(kek
, 16*b
'z')
1834 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
,
1837 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1838 ev
= dev
[0].wait_event(["WPA: Ignored EAPOL-Key (Pairwise) with non-zero key index"])
1840 raise Exception("Non-zero key index not reported")
1842 logger
.debug("Invalid Key Data plaintext payload --> disconnect")
1843 dev
[0].dump_monitor()
1844 wrapped
= aes_wrap(kek
, 16*b
'z')
1845 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
)
1847 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1848 dev
[0].wait_disconnected(timeout
=1)
1850 def test_ap_wpa2_psk_supp_proto_no_ie(dev
, apdev
):
1851 """WPA2-PSK supplicant protocol testing: IE not included"""
1852 (bssid
, ssid
, hapd
, snonce
, pmk
, addr
, rsne
) = eapol_test(apdev
[0], dev
[0])
1854 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1855 msg
= recv_eapol(hapd
)
1856 dev
[0].dump_monitor()
1858 # Build own EAPOL-Key msg 1/4
1859 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1861 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
1863 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1864 msg
= recv_eapol(dev
[0])
1865 snonce
= msg
['rsn_key_nonce']
1867 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1869 logger
.debug("No IEs in msg 3/4 --> disconnect")
1870 dev
[0].dump_monitor()
1871 wrapped
= aes_wrap(kek
, 16*b
'\x00')
1872 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
)
1874 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1875 dev
[0].wait_disconnected(timeout
=1)
1877 def test_ap_wpa2_psk_supp_proto_ie_mismatch(dev
, apdev
):
1878 """WPA2-PSK supplicant protocol testing: IE mismatch"""
1879 (bssid
, ssid
, hapd
, snonce
, pmk
, addr
, rsne
) = eapol_test(apdev
[0], dev
[0])
1881 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1882 msg
= recv_eapol(hapd
)
1883 dev
[0].dump_monitor()
1885 # Build own EAPOL-Key msg 1/4
1886 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1888 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
1890 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1891 msg
= recv_eapol(dev
[0])
1892 snonce
= msg
['rsn_key_nonce']
1894 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1896 logger
.debug("Msg 3/4 with mismatching IE")
1897 dev
[0].dump_monitor()
1898 wrapped
= aes_wrap(kek
, pad_key_data(binascii
.unhexlify('30060100000fac04dd16000fac010100dc11188831bf4aa4a8678d2b41498618')))
1899 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
)
1901 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1902 dev
[0].wait_disconnected(timeout
=1)
1904 def test_ap_wpa2_psk_supp_proto_ok(dev
, apdev
):
1905 """WPA2-PSK supplicant protocol testing: success"""
1906 (bssid
, ssid
, hapd
, snonce
, pmk
, addr
, rsne
) = eapol_test(apdev
[0], dev
[0])
1908 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1909 msg
= recv_eapol(hapd
)
1910 dev
[0].dump_monitor()
1912 # Build own EAPOL-Key msg 1/4
1913 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1915 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
1917 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1918 msg
= recv_eapol(dev
[0])
1919 snonce
= msg
['rsn_key_nonce']
1921 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1923 logger
.debug("Valid EAPOL-Key msg 3/4")
1924 dev
[0].dump_monitor()
1925 plain
= binascii
.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
1926 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
1927 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
)
1929 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1930 dev
[0].wait_connected(timeout
=1)
1932 def test_ap_wpa2_psk_supp_proto_no_gtk(dev
, apdev
):
1933 """WPA2-PSK supplicant protocol testing: no GTK"""
1934 (bssid
, ssid
, hapd
, snonce
, pmk
, addr
, rsne
) = eapol_test(apdev
[0], dev
[0])
1936 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1937 msg
= recv_eapol(hapd
)
1938 dev
[0].dump_monitor()
1940 # Build own EAPOL-Key msg 1/4
1941 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1943 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
1945 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1946 msg
= recv_eapol(dev
[0])
1947 snonce
= msg
['rsn_key_nonce']
1949 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1951 logger
.debug("EAPOL-Key msg 3/4 without GTK KDE")
1952 dev
[0].dump_monitor()
1953 plain
= binascii
.unhexlify('30140100000fac040100000fac040100000fac020c00')
1954 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
1955 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
)
1957 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1958 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=0.1)
1960 raise Exception("Unexpected connection completion reported")
1962 def test_ap_wpa2_psk_supp_proto_anonce_change(dev
, apdev
):
1963 """WPA2-PSK supplicant protocol testing: ANonce change"""
1964 (bssid
, ssid
, hapd
, snonce
, pmk
, addr
, rsne
) = eapol_test(apdev
[0], dev
[0])
1966 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1967 msg
= recv_eapol(hapd
)
1968 dev
[0].dump_monitor()
1970 # Build own EAPOL-Key msg 1/4
1971 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1973 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
1975 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1976 msg
= recv_eapol(dev
[0])
1977 snonce
= msg
['rsn_key_nonce']
1979 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1981 logger
.debug("Valid EAPOL-Key msg 3/4")
1982 dev
[0].dump_monitor()
1983 anonce2
= binascii
.unhexlify('3333333333333333333333333333333333333333333333333333333333333333')
1984 plain
= binascii
.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
1985 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
1986 msg
= build_eapol_key_3_4(anonce2
, kck
, wrapped
, replay_counter
=counter
)
1988 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1989 ev
= dev
[0].wait_event(["WPA: ANonce from message 1 of 4-Way Handshake differs from 3 of 4-Way Handshake"])
1991 raise Exception("ANonce change not reported")
1993 def test_ap_wpa2_psk_supp_proto_unexpected_group_msg(dev
, apdev
):
1994 """WPA2-PSK supplicant protocol testing: unexpected group message"""
1995 (bssid
, ssid
, hapd
, snonce
, pmk
, addr
, rsne
) = eapol_test(apdev
[0], dev
[0])
1997 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1998 msg
= recv_eapol(hapd
)
1999 dev
[0].dump_monitor()
2001 # Build own EAPOL-Key msg 1/4
2002 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2004 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
2006 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2007 msg
= recv_eapol(dev
[0])
2008 snonce
= msg
['rsn_key_nonce']
2010 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
2012 logger
.debug("Group key 1/2 instead of msg 3/4")
2013 dev
[0].dump_monitor()
2014 wrapped
= aes_wrap(kek
, binascii
.unhexlify('dd16000fac010100dc11188831bf4aa4a8678d2b41498618'))
2015 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
,
2018 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2019 ev
= dev
[0].wait_event(["WPA: Group Key Handshake started prior to completion of 4-way handshake"])
2021 raise Exception("Unexpected group key message not reported")
2022 dev
[0].wait_disconnected(timeout
=1)
2025 def test_ap_wpa2_psk_supp_proto_msg_1_invalid_kde(dev
, apdev
):
2026 """WPA2-PSK supplicant protocol testing: invalid KDE in msg 1/4"""
2027 (bssid
, ssid
, hapd
, snonce
, pmk
, addr
, rsne
) = eapol_test(apdev
[0], dev
[0])
2029 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2030 msg
= recv_eapol(hapd
)
2031 dev
[0].dump_monitor()
2033 # Build own EAPOL-Key msg 1/4 with invalid KDE
2034 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2036 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
,
2037 key_data
=binascii
.unhexlify('5555'))
2039 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2040 dev
[0].wait_disconnected(timeout
=1)
2042 def test_ap_wpa2_psk_supp_proto_wrong_pairwise_key_len(dev
, apdev
):
2043 """WPA2-PSK supplicant protocol testing: wrong pairwise key length"""
2044 (bssid
, ssid
, hapd
, snonce
, pmk
, addr
, rsne
) = eapol_test(apdev
[0], dev
[0])
2046 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2047 msg
= recv_eapol(hapd
)
2048 dev
[0].dump_monitor()
2050 # Build own EAPOL-Key msg 1/4
2051 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2053 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
2055 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2056 msg
= recv_eapol(dev
[0])
2057 snonce
= msg
['rsn_key_nonce']
2059 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
2061 logger
.debug("Valid EAPOL-Key msg 3/4")
2062 dev
[0].dump_monitor()
2063 plain
= binascii
.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
2064 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
2065 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
,
2068 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2069 ev
= dev
[0].wait_event(["WPA: Invalid CCMP key length 15"])
2071 raise Exception("Invalid CCMP key length not reported")
2072 dev
[0].wait_disconnected(timeout
=1)
2074 def test_ap_wpa2_psk_supp_proto_wrong_group_key_len(dev
, apdev
):
2075 """WPA2-PSK supplicant protocol testing: wrong group key length"""
2076 (bssid
, ssid
, hapd
, snonce
, pmk
, addr
, rsne
) = eapol_test(apdev
[0], dev
[0])
2078 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2079 msg
= recv_eapol(hapd
)
2080 dev
[0].dump_monitor()
2082 # Build own EAPOL-Key msg 1/4
2083 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2085 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
2087 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2088 msg
= recv_eapol(dev
[0])
2089 snonce
= msg
['rsn_key_nonce']
2091 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
2093 logger
.debug("Valid EAPOL-Key msg 3/4")
2094 dev
[0].dump_monitor()
2095 plain
= binascii
.unhexlify('30140100000fac040100000fac040100000fac020c00dd15000fac010100dc11188831bf4aa4a8678d2b414986')
2096 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
2097 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
)
2099 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2100 ev
= dev
[0].wait_event(["WPA: Unsupported CCMP Group Cipher key length 15"])
2102 raise Exception("Invalid CCMP key length not reported")
2103 dev
[0].wait_disconnected(timeout
=1)
2105 def test_ap_wpa2_psk_supp_proto_gtk_tx_bit_workaround(dev
, apdev
):
2106 """WPA2-PSK supplicant protocol testing: GTK TX bit workaround"""
2107 (bssid
, ssid
, hapd
, snonce
, pmk
, addr
, rsne
) = eapol_test(apdev
[0], dev
[0])
2109 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2110 msg
= recv_eapol(hapd
)
2111 dev
[0].dump_monitor()
2113 # Build own EAPOL-Key msg 1/4
2114 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2116 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
2118 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2119 msg
= recv_eapol(dev
[0])
2120 snonce
= msg
['rsn_key_nonce']
2122 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
2124 logger
.debug("Valid EAPOL-Key msg 3/4")
2125 dev
[0].dump_monitor()
2126 plain
= binascii
.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010500dc11188831bf4aa4a8678d2b41498618')
2127 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
2128 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
)
2130 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2131 ev
= dev
[0].wait_event(["WPA: Tx bit set for GTK, but pairwise keys are used - ignore Tx bit"])
2133 raise Exception("GTK Tx bit workaround not reported")
2134 dev
[0].wait_connected(timeout
=1)
2136 def test_ap_wpa2_psk_supp_proto_gtk_keyidx_0_and_3(dev
, apdev
):
2137 """WPA2-PSK supplicant protocol testing: GTK key index 0 and 3"""
2138 (bssid
, ssid
, hapd
, snonce
, pmk
, addr
, rsne
) = eapol_test(apdev
[0], dev
[0])
2140 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2141 msg
= recv_eapol(hapd
)
2142 dev
[0].dump_monitor()
2144 # Build own EAPOL-Key msg 1/4
2145 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2147 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
2149 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2150 msg
= recv_eapol(dev
[0])
2151 snonce
= msg
['rsn_key_nonce']
2153 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
2155 logger
.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)")
2156 dev
[0].dump_monitor()
2157 plain
= binascii
.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618')
2158 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
2159 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
)
2161 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2162 dev
[0].wait_connected(timeout
=1)
2164 logger
.debug("Valid EAPOL-Key group msg 1/2 (GTK keyidx 3)")
2165 dev
[0].dump_monitor()
2166 plain
= binascii
.unhexlify('dd16000fac010300dc11188831bf4aa4a8678d2b41498618')
2167 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
2168 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
,
2171 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2172 msg
= recv_eapol(dev
[0])
2173 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"])
2175 raise Exception("GTK rekeing not reported")
2177 logger
.debug("Unencrypted GTK KDE in group msg 1/2")
2178 dev
[0].dump_monitor()
2179 plain
= binascii
.unhexlify('dd16000fac010300dc11188831bf4aa4a8678d2b41498618')
2180 msg
= build_eapol_key_3_4(anonce
, kck
, plain
, replay_counter
=counter
,
2183 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2184 ev
= dev
[0].wait_event(["WPA: GTK IE in unencrypted key data"])
2186 raise Exception("Unencrypted GTK KDE not reported")
2187 dev
[0].wait_disconnected(timeout
=1)
2189 def test_ap_wpa2_psk_supp_proto_no_gtk_in_group_msg(dev
, apdev
):
2190 """WPA2-PSK supplicant protocol testing: GTK KDE missing from group msg"""
2191 (bssid
, ssid
, hapd
, snonce
, pmk
, addr
, rsne
) = eapol_test(apdev
[0], dev
[0])
2193 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2194 msg
= recv_eapol(hapd
)
2195 dev
[0].dump_monitor()
2197 # Build own EAPOL-Key msg 1/4
2198 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2200 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
2202 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2203 msg
= recv_eapol(dev
[0])
2204 snonce
= msg
['rsn_key_nonce']
2206 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
2208 logger
.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)")
2209 dev
[0].dump_monitor()
2210 plain
= binascii
.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618')
2211 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
2212 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
)
2214 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2215 dev
[0].wait_connected(timeout
=1)
2217 logger
.debug("No GTK KDE in EAPOL-Key group msg 1/2")
2218 dev
[0].dump_monitor()
2219 plain
= binascii
.unhexlify('dd00dd00dd00dd00dd00dd00dd00dd00')
2220 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
2221 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
,
2224 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2225 ev
= dev
[0].wait_event(["WPA: No GTK IE in Group Key msg 1/2"])
2227 raise Exception("Missing GTK KDE not reported")
2228 dev
[0].wait_disconnected(timeout
=1)
2230 def test_ap_wpa2_psk_supp_proto_too_long_gtk_in_group_msg(dev
, apdev
):
2231 """WPA2-PSK supplicant protocol testing: too long GTK KDE in group msg"""
2232 (bssid
, ssid
, hapd
, snonce
, pmk
, addr
, rsne
) = eapol_test(apdev
[0], dev
[0])
2234 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2235 msg
= recv_eapol(hapd
)
2236 dev
[0].dump_monitor()
2238 # Build own EAPOL-Key msg 1/4
2239 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2241 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
2243 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2244 msg
= recv_eapol(dev
[0])
2245 snonce
= msg
['rsn_key_nonce']
2247 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
2249 logger
.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)")
2250 dev
[0].dump_monitor()
2251 plain
= binascii
.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618')
2252 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
2253 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
)
2255 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2256 dev
[0].wait_connected(timeout
=1)
2258 logger
.debug("EAPOL-Key group msg 1/2 with too long GTK KDE")
2259 dev
[0].dump_monitor()
2260 plain
= binascii
.unhexlify('dd27000fac010100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff')
2261 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
2262 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
,
2265 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2266 ev
= dev
[0].wait_event(["WPA: Unsupported CCMP Group Cipher key length 33"])
2268 raise Exception("Too long GTK KDE not reported")
2269 dev
[0].wait_disconnected(timeout
=1)
2271 def test_ap_wpa2_psk_supp_proto_too_long_gtk_kde(dev
, apdev
):
2272 """WPA2-PSK supplicant protocol testing: too long GTK KDE"""
2273 (bssid
, ssid
, hapd
, snonce
, pmk
, addr
, rsne
) = eapol_test(apdev
[0], dev
[0])
2275 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2276 msg
= recv_eapol(hapd
)
2277 dev
[0].dump_monitor()
2279 # Build own EAPOL-Key msg 1/4
2280 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2282 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
2284 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2285 msg
= recv_eapol(dev
[0])
2286 snonce
= msg
['rsn_key_nonce']
2288 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
2290 logger
.debug("EAPOL-Key msg 3/4 with too short GTK KDE")
2291 dev
[0].dump_monitor()
2292 plain
= binascii
.unhexlify('30140100000fac040100000fac040100000fac020c00dd27000fac010100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff')
2293 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
2294 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
)
2296 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2297 dev
[0].wait_disconnected(timeout
=1)
2299 def test_ap_wpa2_psk_supp_proto_gtk_not_encrypted(dev
, apdev
):
2300 """WPA2-PSK supplicant protocol testing: GTK KDE not encrypted"""
2301 (bssid
, ssid
, hapd
, snonce
, pmk
, addr
, rsne
) = eapol_test(apdev
[0], dev
[0])
2303 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2304 msg
= recv_eapol(hapd
)
2305 dev
[0].dump_monitor()
2307 # Build own EAPOL-Key msg 1/4
2308 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2310 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
2312 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2313 msg
= recv_eapol(dev
[0])
2314 snonce
= msg
['rsn_key_nonce']
2316 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
2318 logger
.debug("Valid EAPOL-Key msg 3/4")
2319 dev
[0].dump_monitor()
2320 plain
= binascii
.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
2321 msg
= build_eapol_key_3_4(anonce
, kck
, plain
, replay_counter
=counter
,
2324 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2325 ev
= dev
[0].wait_event(["WPA: GTK IE in unencrypted key data"])
2327 raise Exception("Unencrypted GTK KDE not reported")
2328 dev
[0].wait_disconnected(timeout
=1)
2330 def run_psk_supp_proto_pmf2(dev
, apdev
, igtk_kde
=None, fail
=False):
2331 (bssid
, ssid
, hapd
, snonce
, pmk
, addr
, rsne
) = eapol_test(apdev
[0], dev
[0],
2334 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2335 msg
= recv_eapol(hapd
)
2336 dev
[0].dump_monitor()
2338 # Build own EAPOL-Key msg 1/4
2339 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2341 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
2343 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2344 msg
= recv_eapol(dev
[0])
2345 snonce
= msg
['rsn_key_nonce']
2347 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
2349 logger
.debug("EAPOL-Key msg 3/4")
2350 dev
[0].dump_monitor()
2351 gtk_kde
= binascii
.unhexlify('dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
2352 plain
= rsne
+ gtk_kde
2355 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
2356 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
)
2358 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2360 dev
[0].wait_disconnected(timeout
=1)
2363 dev
[0].wait_connected(timeout
=1)
2365 # Verify that an unprotected broadcast Deauthentication frame is ignored
2366 bssid
= binascii
.unhexlify(hapd
.own_addr().replace(':', ''))
2367 sock
= start_monitor(apdev
[1]["ifname"])
2368 radiotap
= radiotap_build()
2369 frame
= binascii
.unhexlify("c0003a01")
2370 frame
+= 6*b
'\xff' + bssid
+ bssid
2371 frame
+= binascii
.unhexlify("1000" + "0300")
2372 sock
.send(radiotap
+ frame
)
2373 # And same with incorrect BIP protection
2374 for keyid
in ["0400", "0500", "0600", "0004", "0005", "0006", "ffff"]:
2375 frame2
= frame
+ binascii
.unhexlify("4c10" + keyid
+ "010000000000c0e5ca5f2b3b4de9")
2376 sock
.send(radiotap
+ frame2
)
2377 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout
=0.5)
2379 raise Exception("Unexpected disconnection")
2381 def run_psk_supp_proto_pmf(dev
, apdev
, igtk_kde
=None, fail
=False):
2383 run_psk_supp_proto_pmf2(dev
, apdev
, igtk_kde
=igtk_kde
, fail
=fail
)
2385 stop_monitor(apdev
[1]["ifname"])
2387 def test_ap_wpa2_psk_supp_proto_no_igtk(dev
, apdev
):
2388 """WPA2-PSK supplicant protocol testing: no IGTK KDE"""
2389 run_psk_supp_proto_pmf(dev
, apdev
, igtk_kde
=None)
2391 def test_ap_wpa2_psk_supp_proto_igtk_ok(dev
, apdev
):
2392 """WPA2-PSK supplicant protocol testing: valid IGTK KDE"""
2393 igtk_kde
= binascii
.unhexlify('dd1c' + '000fac09' + '0400' + 6*'00' + 16*'77')
2394 run_psk_supp_proto_pmf(dev
, apdev
, igtk_kde
=igtk_kde
)
2396 def test_ap_wpa2_psk_supp_proto_igtk_keyid_swap(dev
, apdev
):
2397 """WPA2-PSK supplicant protocol testing: swapped IGTK KeyID"""
2398 igtk_kde
= binascii
.unhexlify('dd1c' + '000fac09' + '0004' + 6*'00' + 16*'77')
2399 run_psk_supp_proto_pmf(dev
, apdev
, igtk_kde
=igtk_kde
)
2401 def test_ap_wpa2_psk_supp_proto_igtk_keyid_too_large(dev
, apdev
):
2402 """WPA2-PSK supplicant protocol testing: too large IGTK KeyID"""
2403 igtk_kde
= binascii
.unhexlify('dd1c' + '000fac09' + 'ffff' + 6*'00' + 16*'77')
2404 run_psk_supp_proto_pmf(dev
, apdev
, igtk_kde
=igtk_kde
, fail
=True)
2406 def test_ap_wpa2_psk_supp_proto_igtk_keyid_unexpected(dev
, apdev
):
2407 """WPA2-PSK supplicant protocol testing: unexpected IGTK KeyID"""
2408 igtk_kde
= binascii
.unhexlify('dd1c' + '000fac09' + '0006' + 6*'00' + 16*'77')
2409 run_psk_supp_proto_pmf(dev
, apdev
, igtk_kde
=igtk_kde
, fail
=True)
2411 def find_wpas_process(dev
):
2413 err
, data
= dev
.cmd_execute(['ps', 'ax'])
2414 for l
in data
.splitlines():
2415 if "wpa_supplicant" not in l
:
2417 if "-i" + ifname
not in l
:
2419 return int(l
.strip().split(' ')[0])
2420 raise Exception("Could not find wpa_supplicant process")
2422 def read_process_memory(pid
, key
=None):
2424 logger
.info("Reading process memory (pid=%d)" % pid
)
2425 with
open('/proc/%d/maps' % pid
, 'r') as maps
, \
2426 open('/proc/%d/mem' % pid
, 'rb') as mem
:
2427 for l
in maps
.readlines():
2428 m
= re
.match(r
'([0-9a-f]+)-([0-9a-f]+) ([-r][-w][-x][-p])', l
)
2431 start
= int(m
.group(1), 16)
2432 end
= int(m
.group(2), 16)
2434 if start
> 0xffffffffffff:
2438 if not perm
.startswith('rw'):
2440 for name
in ["[heap]", "[stack]"]:
2442 logger
.info("%s 0x%x-0x%x is at %d-%d" % (name
, start
, end
, len(buf
), len(buf
) + (end
- start
)))
2444 data
= mem
.read(end
- start
)
2446 if key
and key
in data
:
2447 logger
.info("Key found in " + l
)
2448 logger
.info("Total process memory read: %d bytes" % len(buf
))
2451 def verify_not_present(buf
, key
, fname
, keyname
):
2456 prefix
= 2048 if pos
> 2048 else pos
2457 with
open(fname
+ keyname
, 'wb') as f
:
2458 f
.write(buf
[pos
- prefix
:pos
+ 2048])
2459 raise Exception(keyname
+ " found after disassociation")
2461 def get_key_locations(buf
, key
, keyname
):
2465 pos
= buf
.find(key
, pos
)
2468 logger
.info("Found %s at %d" % (keyname
, pos
))
2470 start
= pos
- context
if pos
> context
else 0
2471 before
= binascii
.hexlify(buf
[start
:pos
])
2473 end
= pos
+ context
if pos
< len(buf
) - context
else len(buf
) - context
2474 after
= binascii
.hexlify(buf
[pos
+ len(key
):end
])
2475 logger
.debug("Memory context %d-%d: %s|%s|%s" % (start
, end
, before
, binascii
.hexlify(key
), after
))
2480 def test_wpa2_psk_key_lifetime_in_memory(dev
, apdev
, params
):
2481 """WPA2-PSK and PSK/PTK lifetime in memory"""
2482 ssid
= "test-wpa2-psk"
2483 passphrase
= 'qwertyuiop'
2484 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
2485 pmk
= binascii
.unhexlify(psk
)
2486 p
= hostapd
.wpa2_params(ssid
=ssid
)
2488 hapd
= hostapd
.add_ap(apdev
[0], p
)
2490 pid
= find_wpas_process(dev
[0])
2492 id = dev
[0].connect(ssid
, raw_psk
=psk
, scan_freq
="2412",
2493 only_add_network
=True)
2495 logger
.info("Checking keys in memory after network profile configuration")
2496 buf
= read_process_memory(pid
, pmk
)
2497 get_key_locations(buf
, pmk
, "PMK")
2499 dev
[0].request("REMOVE_NETWORK all")
2500 logger
.info("Checking keys in memory after network profile removal")
2501 buf
= read_process_memory(pid
, pmk
)
2502 get_key_locations(buf
, pmk
, "PMK")
2504 id = dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412",
2505 only_add_network
=True)
2507 logger
.info("Checking keys in memory before connection")
2508 buf
= read_process_memory(pid
, pmk
)
2509 get_key_locations(buf
, pmk
, "PMK")
2511 dev
[0].connect_network(id, timeout
=20)
2512 # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
2513 # event has been delivered, so verify that wpa_supplicant has returned to
2514 # eloop before reading process memory.
2518 buf
= read_process_memory(pid
, pmk
)
2520 dev
[0].request("DISCONNECT")
2521 dev
[0].wait_disconnected()
2526 with
open(os
.path
.join(params
['logdir'], 'log0'), 'r') as f
:
2527 for l
in f
.readlines():
2528 if "WPA: PTK - hexdump" in l
:
2529 val
= l
.strip().split(':')[3].replace(' ', '')
2530 ptk
= binascii
.unhexlify(val
)
2531 if "WPA: Group Key - hexdump" in l
:
2532 val
= l
.strip().split(':')[3].replace(' ', '')
2533 gtk
= binascii
.unhexlify(val
)
2534 if not pmk
or not ptk
or not gtk
:
2535 raise Exception("Could not find keys from debug log")
2537 raise Exception("Unexpected GTK length")
2543 logger
.info("Checking keys in memory while associated")
2544 get_key_locations(buf
, pmk
, "PMK")
2546 raise HwsimSkip("PMK not found while associated")
2548 raise Exception("KCK not found while associated")
2550 raise Exception("KEK not found while associated")
2552 # raise Exception("TK found from memory")
2554 logger
.info("Checking keys in memory after disassociation")
2555 buf
= read_process_memory(pid
, pmk
)
2556 get_key_locations(buf
, pmk
, "PMK")
2558 # Note: PMK/PSK is still present in network configuration
2560 fname
= os
.path
.join(params
['logdir'],
2561 'wpa2_psk_key_lifetime_in_memory.memctx-')
2562 verify_not_present(buf
, kck
, fname
, "KCK")
2563 verify_not_present(buf
, kek
, fname
, "KEK")
2564 verify_not_present(buf
, tk
, fname
, "TK")
2566 get_key_locations(buf
, gtk
, "GTK")
2567 verify_not_present(buf
, gtk
, fname
, "GTK")
2569 dev
[0].request("REMOVE_NETWORK all")
2571 logger
.info("Checking keys in memory after network profile removal")
2572 buf
= read_process_memory(pid
, pmk
)
2573 get_key_locations(buf
, pmk
, "PMK")
2575 verify_not_present(buf
, pmk
, fname
, "PMK")
2576 verify_not_present(buf
, kck
, fname
, "KCK")
2577 verify_not_present(buf
, kek
, fname
, "KEK")
2578 verify_not_present(buf
, tk
, fname
, "TK")
2579 verify_not_present(buf
, gtk
, fname
, "GTK")
2582 def test_ap_wpa2_psk_wep(dev
, apdev
):
2583 """WPA2-PSK AP and WEP enabled"""
2584 ssid
= "test-wpa2-psk"
2585 passphrase
= 'qwertyuiop'
2586 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
2587 hapd
= hostapd
.add_ap(apdev
[0], params
)
2589 hapd
.set('wep_key0', '"hello"')
2590 raise Exception("WEP key accepted to WPA2 network")
2594 def test_ap_wpa2_psk_wpas_in_bridge(dev
, apdev
):
2595 """WPA2-PSK AP and wpas interface in a bridge"""
2596 br_ifname
= 'sta-br0'
2599 _test_ap_wpa2_psk_wpas_in_bridge(dev
, apdev
)
2601 subprocess
.call(['ip', 'link', 'set', 'dev', br_ifname
, 'down'])
2602 subprocess
.call(['brctl', 'delif', br_ifname
, ifname
])
2603 subprocess
.call(['brctl', 'delbr', br_ifname
])
2604 subprocess
.call(['iw', ifname
, 'set', '4addr', 'off'])
2606 def _test_ap_wpa2_psk_wpas_in_bridge(dev
, apdev
):
2607 ssid
= "test-wpa2-psk"
2608 passphrase
= 'qwertyuiop'
2609 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
2610 hapd
= hostapd
.add_ap(apdev
[0], params
)
2612 br_ifname
= 'sta-br0'
2614 wpas
= WpaSupplicant(global_iface
='/tmp/wpas-wlan5')
2615 subprocess
.call(['brctl', 'addbr', br_ifname
])
2616 subprocess
.call(['brctl', 'setfd', br_ifname
, '0'])
2617 subprocess
.call(['ip', 'link', 'set', 'dev', br_ifname
, 'up'])
2618 subprocess
.call(['iw', ifname
, 'set', '4addr', 'on'])
2619 subprocess
.check_call(['brctl', 'addif', br_ifname
, ifname
])
2620 wpas
.interface_add(ifname
, br_ifname
=br_ifname
)
2623 wpas
.connect(ssid
, psk
=passphrase
, scan_freq
="2412")
2627 def test_ap_wpa2_psk_ifdown(dev
, apdev
):
2628 """AP with open mode and external ifconfig down"""
2629 ssid
= "test-wpa2-psk"
2630 passphrase
= 'qwertyuiop'
2631 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
2632 hapd
= hostapd
.add_ap(apdev
[0], params
)
2633 bssid
= apdev
[0]['bssid']
2635 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
2636 hapd
.cmd_execute(['ip', 'link', 'set', 'dev', apdev
[0]['ifname'], 'down'])
2637 ev
= hapd
.wait_event(["INTERFACE-DISABLED"], timeout
=10)
2639 raise Exception("No INTERFACE-DISABLED event")
2640 # this wait tests beacon loss detection in mac80211
2641 dev
[0].wait_disconnected()
2642 hapd
.cmd_execute(['ip', 'link', 'set', 'dev', apdev
[0]['ifname'], 'up'])
2643 ev
= hapd
.wait_event(["INTERFACE-ENABLED"], timeout
=10)
2645 raise Exception("No INTERFACE-ENABLED event")
2646 dev
[0].wait_connected()
2647 hwsim_utils
.test_connectivity(dev
[0], hapd
)
2649 def test_ap_wpa2_psk_drop_first_msg_4(dev
, apdev
):
2650 """WPA2-PSK and first EAPOL-Key msg 4/4 dropped"""
2651 bssid
= apdev
[0]['bssid']
2652 ssid
= "test-wpa2-psk"
2653 passphrase
= 'qwertyuiop'
2654 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
2655 params
= hostapd
.wpa2_params(ssid
=ssid
)
2656 params
['wpa_psk'] = psk
2657 hapd
= hostapd
.add_ap(apdev
[0], params
)
2658 hapd
.request("SET ext_eapol_frame_io 1")
2659 dev
[0].request("SET ext_eapol_frame_io 1")
2660 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412", wait_connect
=False)
2661 addr
= dev
[0].own_addr()
2664 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
2666 raise Exception("Timeout on EAPOL-TX from hostapd")
2667 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
2669 raise Exception("EAPOL_RX to wpa_supplicant failed")
2672 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
2674 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
2675 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
2677 raise Exception("EAPOL_RX to hostapd failed")
2680 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
2682 raise Exception("Timeout on EAPOL-TX from hostapd")
2683 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
2685 raise Exception("EAPOL_RX to wpa_supplicant failed")
2688 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
2690 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
2691 logger
.info("Drop the first EAPOL-Key msg 4/4")
2693 # wpa_supplicant believes now that 4-way handshake succeeded; hostapd
2694 # doesn't. Use normal EAPOL TX/RX to handle retries.
2695 hapd
.request("SET ext_eapol_frame_io 0")
2696 dev
[0].request("SET ext_eapol_frame_io 0")
2697 dev
[0].wait_connected()
2699 ev
= hapd
.wait_event(["AP-STA-CONNECTED"], timeout
=15)
2701 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
2703 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout
=0.1)
2705 logger
.info("Disconnection detected")
2706 # The EAPOL-Key retries are supposed to allow the connection to be
2707 # established without having to reassociate. However, this does not
2708 # currently work since mac80211 ends up encrypting EAPOL-Key msg 4/4
2709 # after the pairwise key has been configured and AP will drop those and
2710 # disconnect the station after reaching retransmission limit. Connection
2711 # is then established after reassociation. Once that behavior has been
2712 # optimized to prevent EAPOL-Key frame encryption for retransmission
2713 # case, this exception can be uncommented here.
2714 #raise Exception("Unexpected disconnection")
2717 def test_ap_wpa2_psk_disable_enable(dev
, apdev
):
2718 """WPA2-PSK AP getting disabled and re-enabled"""
2719 ssid
= "test-wpa2-psk"
2720 passphrase
= 'qwertyuiop'
2721 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
2722 params
= hostapd
.wpa2_params(ssid
=ssid
)
2723 params
['wpa_psk'] = psk
2724 hapd
= hostapd
.add_ap(apdev
[0], params
)
2725 dev
[0].connect(ssid
, raw_psk
=psk
, scan_freq
="2412")
2728 hapd
.request("DISABLE")
2729 dev
[0].wait_disconnected()
2730 hapd
.request("ENABLE")
2731 dev
[0].wait_connected()
2732 hwsim_utils
.test_connectivity(dev
[0], hapd
)
2735 def test_ap_wpa2_psk_incorrect_passphrase(dev
, apdev
):
2736 """WPA2-PSK AP and station using incorrect passphrase"""
2737 ssid
= "test-wpa2-psk"
2738 passphrase
= 'qwertyuiop'
2739 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
2740 hapd
= hostapd
.add_ap(apdev
[0], params
)
2741 dev
[0].connect(ssid
, psk
="incorrect passphrase", scan_freq
="2412",
2743 ev
= hapd
.wait_event(["AP-STA-POSSIBLE-PSK-MISMATCH"], timeout
=10)
2745 raise Exception("No AP-STA-POSSIBLE-PSK-MISMATCH reported")
2746 dev
[0].dump_monitor()
2749 hapd
.set("wpa_passphrase", "incorrect passphrase")
2752 dev
[0].wait_connected(timeout
=20)
2755 def test_ap_wpa_ie_parsing(dev
, apdev
):
2756 """WPA IE parsing"""
2757 skip_with_fips(dev
[0])
2758 ssid
= "test-wpa-psk"
2759 passphrase
= 'qwertyuiop'
2760 params
= hostapd
.wpa_params(ssid
=ssid
, passphrase
=passphrase
)
2761 hapd
= hostapd
.add_ap(apdev
[0], params
)
2762 id = dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412",
2763 only_add_network
=True)
2765 tests
= ["dd040050f201",
2769 "dd070050f201010000",
2770 "dd080050f20101000050",
2771 "dd090050f20101000050f2",
2772 "dd0a0050f20101000050f202",
2773 "dd0b0050f20101000050f20201",
2774 "dd0c0050f20101000050f2020100",
2775 "dd0c0050f20101000050f2020000",
2776 "dd0c0050f20101000050f202ffff",
2777 "dd0d0050f20101000050f202010000",
2778 "dd0e0050f20101000050f20201000050",
2779 "dd0f0050f20101000050f20201000050f2",
2780 "dd100050f20101000050f20201000050f202",
2781 "dd110050f20101000050f20201000050f20201",
2782 "dd120050f20101000050f20201000050f2020100",
2783 "dd120050f20101000050f20201000050f2020000",
2784 "dd120050f20101000050f20201000050f202ffff",
2785 "dd130050f20101000050f20201000050f202010000",
2786 "dd140050f20101000050f20201000050f20201000050",
2787 "dd150050f20101000050f20201000050f20201000050f2"]
2790 if "OK" not in dev
[0].request("VENDOR_ELEM_ADD 13 " + t
):
2791 raise Exception("VENDOR_ELEM_ADD failed")
2792 dev
[0].select_network(id)
2793 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
2795 raise Exception("Association rejection not reported")
2796 dev
[0].request("DISCONNECT")
2797 dev
[0].dump_monitor()
2799 dev
[0].request("VENDOR_ELEM_REMOVE 13 *")
2801 tests
= ["dd170050f20101000050f20201000050f20201000050f202ff",
2802 "dd180050f20101000050f20201000050f20201000050f202ffff",
2803 "dd190050f20101000050f20201000050f20201000050f202ffffff"]
2806 if "OK" not in dev
[0].request("VENDOR_ELEM_ADD 13 " + t
):
2807 raise Exception("VENDOR_ELEM_ADD failed")
2808 dev
[0].select_network(id)
2809 ev
= dev
[0].wait_event(['CTRL-EVENT-CONNECTED',
2810 'WPA: 4-Way Handshake failed'], timeout
=10)
2812 raise Exception("Association failed unexpectedly")
2813 dev
[0].request("DISCONNECT")
2814 dev
[0].dump_monitor()
2816 dev
[0].request("VENDOR_ELEM_REMOVE 13 *")
2819 def test_ap_wpa2_psk_no_random(dev
, apdev
):
2820 """WPA2-PSK AP and no random numbers available"""
2821 ssid
= "test-wpa2-psk"
2822 passphrase
= 'qwertyuiop'
2823 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
2824 params
= hostapd
.wpa2_params(ssid
=ssid
)
2825 params
['wpa_psk'] = psk
2826 hapd
= hostapd
.add_ap(apdev
[0], params
)
2827 with
fail_test(hapd
, 1, "wpa_gmk_to_gtk"):
2828 id = dev
[0].connect(ssid
, raw_psk
=psk
, scan_freq
="2412",
2830 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout
=15)
2832 raise Exception("Disconnection event not reported")
2833 dev
[0].request("DISCONNECT")
2834 dev
[0].select_network(id, freq
=2412)
2835 dev
[0].wait_connected()
2838 def test_rsn_ie_proto_psk_sta(dev
, apdev
):
2839 """RSN element protocol testing for PSK cases on STA side"""
2840 bssid
= apdev
[0]['bssid']
2841 ssid
= "test-wpa2-psk"
2842 passphrase
= 'qwertyuiop'
2843 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
2844 # This is the RSN element used normally by hostapd
2845 params
['own_ie_override'] = '30140100000fac040100000fac040100000fac020c00'
2846 hapd
= hostapd
.add_ap(apdev
[0], params
)
2847 if "FAIL" not in hapd
.request("SET own_ie_override qwerty"):
2848 raise Exception("Invalid own_ie_override value accepted")
2849 id = dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
2851 tests
= [('No RSN Capabilities field',
2852 '30120100000fac040100000fac040100000fac02'),
2853 ('Reserved RSN Capabilities bits set',
2854 '30140100000fac040100000fac040100000fac023cff'),
2855 ('Truncated RSN Capabilities field',
2856 '30130100000fac040100000fac040100000fac023c'),
2857 ('Extra pairwise cipher suite (unsupported)',
2858 '30180100000fac040200ffffffff000fac040100000fac020c00'),
2859 ('Extra AKM suite (unsupported)',
2860 '30180100000fac040100000fac040200ffffffff000fac020c00'),
2861 ('PMKIDCount field included',
2862 '30160100000fac040100000fac040100000fac020c000000'),
2863 ('Truncated PMKIDCount field',
2864 '30150100000fac040100000fac040100000fac020c0000'),
2865 ('Unexpected Group Management Cipher Suite with PMF disabled',
2866 '301a0100000fac040100000fac040100000fac020c000000000fac06'),
2867 ('Extra octet after defined fields (future extensibility)',
2868 '301b0100000fac040100000fac040100000fac020c000000000fac0600')]
2869 for txt
, ie
in tests
:
2870 dev
[0].request("DISCONNECT")
2871 dev
[0].wait_disconnected()
2872 dev
[0].dump_monitor()
2873 dev
[0].request("NOTE " + txt
)
2876 hapd
.set('own_ie_override', ie
)
2878 dev
[0].request("BSS_FLUSH 0")
2879 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
2880 dev
[0].select_network(id, freq
=2412)
2881 dev
[0].wait_connected()
2884 def test_ap_cli_order(dev
, apdev
):
2885 ssid
= "test-rsn-setup"
2886 passphrase
= 'zzzzzzzz'
2888 hapd
= hostapd
.add_ap(apdev
[0], {}, no_enable
=True)
2889 hapd
.set('ssid', ssid
)
2890 hapd
.set('wpa_passphrase', passphrase
)
2891 hapd
.set('rsn_pairwise', 'CCMP')
2892 hapd
.set('wpa_key_mgmt', 'WPA-PSK')
2893 hapd
.set('wpa', '2')
2895 cfg
= hapd
.get_config()
2896 if cfg
['group_cipher'] != 'CCMP':
2897 raise Exception("Unexpected group_cipher: " + cfg
['group_cipher'])
2898 if cfg
['rsn_pairwise_cipher'] != 'CCMP':
2899 raise Exception("Unexpected rsn_pairwise_cipher: " + cfg
['rsn_pairwise_cipher'])
2901 ev
= hapd
.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout
=30)
2903 raise Exception("AP startup timed out")
2904 if "AP-ENABLED" not in ev
:
2905 raise Exception("AP startup failed")
2907 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
2909 def set_test_assoc_ie(dev
, ie
):
2910 if "OK" not in dev
.request("TEST_ASSOC_IE " + ie
):
2911 raise Exception("Could not set TEST_ASSOC_IE")
2914 def test_ap_wpa2_psk_assoc_rsn(dev
, apdev
):
2915 """WPA2-PSK AP and association request RSN IE differences"""
2916 ssid
= "test-wpa2-psk"
2917 passphrase
= 'qwertyuiop'
2918 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
2919 hapd
= hostapd
.add_ap(apdev
[0], params
)
2921 tests
= [("Normal wpa_supplicant assoc req RSN IE",
2922 "30140100000fac040100000fac040100000fac020000"),
2923 ("RSN IE without RSN Capabilities",
2924 "30120100000fac040100000fac040100000fac02")]
2925 for title
, ie
in tests
:
2927 set_test_assoc_ie(dev
[0], ie
)
2928 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
2929 dev
[0].request("REMOVE_NETWORK all")
2930 dev
[0].wait_disconnected()
2932 tests
= [("WPA IE instead of RSN IE and only RSN enabled on AP",
2933 "dd160050f20101000050f20201000050f20201000050f202", 40),
2934 ("Empty RSN IE", "3000", 40),
2935 ("RSN IE with truncated Version", "300101", 40),
2936 ("RSN IE with only Version", "30020100", 43)]
2937 for title
, ie
, status
in tests
:
2939 set_test_assoc_ie(dev
[0], ie
)
2940 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412",
2942 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"])
2944 raise Exception("Association rejection not reported")
2945 if "status_code=" + str(status
) not in ev
:
2946 raise Exception("Unexpected status code: " + ev
)
2947 dev
[0].request("REMOVE_NETWORK all")
2948 dev
[0].dump_monitor()
2950 def test_ap_wpa2_psk_ft_workaround(dev
, apdev
):
2951 """WPA2-PSK+FT AP and workaround for incorrect STA behavior"""
2952 ssid
= "test-wpa2-psk-ft"
2953 passphrase
= 'qwertyuiop'
2955 params
= {"wpa": "2",
2956 "wpa_key_mgmt": "FT-PSK WPA-PSK",
2957 "rsn_pairwise": "CCMP",
2959 "wpa_passphrase": passphrase
}
2960 params
["mobility_domain"] = "a1b2"
2961 params
["r0_key_lifetime"] = "10000"
2962 params
["pmk_r1_push"] = "1"
2963 params
["reassociation_deadline"] = "1000"
2964 params
['nas_identifier'] = "nas1.w1.fi"
2965 params
['r1_key_holder'] = "000102030405"
2966 hapd
= hostapd
.add_ap(apdev
[0], params
)
2968 # Include both WPA-PSK and FT-PSK AKMs in Association Request frame
2969 set_test_assoc_ie(dev
[0],
2970 "30180100000fac040100000fac040200000fac02000fac040000")
2971 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
2972 dev
[0].request("REMOVE_NETWORK all")
2973 dev
[0].wait_disconnected()
2975 def test_ap_wpa2_psk_assoc_rsn_pmkid(dev
, apdev
):
2976 """WPA2-PSK AP and association request RSN IE with PMKID"""
2977 ssid
= "test-wpa2-psk"
2978 passphrase
= 'qwertyuiop'
2979 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
2980 hapd
= hostapd
.add_ap(apdev
[0], params
)
2982 set_test_assoc_ie(dev
[0], "30260100000fac040100000fac040100000fac0200000100" + 16*'00')
2983 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
2984 dev
[0].request("REMOVE_NETWORK all")
2985 dev
[0].wait_disconnected()
2987 def test_ap_wpa_psk_rsn_pairwise(dev
, apdev
):
2988 """WPA-PSK AP and only rsn_pairwise set"""
2989 params
= {"ssid": "wpapsk", "wpa": "1", "wpa_key_mgmt": "WPA-PSK",
2990 "rsn_pairwise": "TKIP", "wpa_passphrase": "1234567890"}
2991 hapd
= hostapd
.add_ap(apdev
[0], params
)
2992 dev
[0].connect("wpapsk", psk
="1234567890", proto
="WPA", pairwise
="TKIP",
2995 def test_ap_wpa2_eapol_retry_limit(dev
, apdev
):
2996 """WPA2-PSK EAPOL-Key retry limit configuration"""
2997 ssid
= "test-wpa2-psk"
2998 passphrase
= 'qwertyuiop'
2999 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
3000 params
['wpa_ptk_rekey'] = '2'
3001 params
['wpa_group_update_count'] = '1'
3002 params
['wpa_pairwise_update_count'] = '1'
3003 hapd
= hostapd
.add_ap(apdev
[0], params
)
3004 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
3005 ev
= dev
[0].wait_event(["WPA: Key negotiation completed"])
3007 raise Exception("PTK rekey timed out")
3009 if "FAIL" not in hapd
.request("SET wpa_group_update_count 0"):
3010 raise Exception("Invalid wpa_group_update_count value accepted")
3011 if "FAIL" not in hapd
.request("SET wpa_pairwise_update_count 0"):
3012 raise Exception("Invalid wpa_pairwise_update_count value accepted")
3014 def test_ap_wpa2_disable_eapol_retry(dev
, apdev
):
3015 """WPA2-PSK disable EAPOL-Key retry"""
3016 ssid
= "test-wpa2-psk"
3017 passphrase
= 'qwertyuiop'
3018 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
3019 params
['wpa_disable_eapol_key_retries'] = '1'
3020 hapd
= hostapd
.add_ap(apdev
[0], params
)
3021 bssid
= apdev
[0]['bssid']
3023 logger
.info("Verify working 4-way handshake without retries")
3024 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
3025 dev
[0].request("REMOVE_NETWORK all")
3026 dev
[0].wait_disconnected()
3027 dev
[0].dump_monitor()
3028 addr
= dev
[0].own_addr()
3030 logger
.info("Verify no retransmission of message 3/4")
3031 hapd
.request("SET ext_eapol_frame_io 1")
3032 dev
[0].request("SET ext_eapol_frame_io 1")
3033 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412", wait_connect
=False)
3035 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=5)
3037 raise Exception("Timeout on EAPOL-TX (M1) from hostapd")
3038 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=5)
3040 raise Exception("Timeout on EAPOL-TX (M1 retry) from hostapd")
3041 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
3043 raise Exception("EAPOL_RX (M1) to wpa_supplicant failed")
3044 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=5)
3046 raise Exception("Timeout on EAPOL-TX (M2) from wpa_supplicant")
3047 dev
[0].dump_monitor()
3048 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
3050 raise Exception("EAPOL_RX (M2) to hostapd failed")
3052 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=5)
3054 raise Exception("Timeout on EAPOL-TX (M3) from hostapd")
3055 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=2)
3057 raise Exception("Unexpected EAPOL-TX M3 retry from hostapd")
3058 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout
=3)
3060 raise Exception("Disconnection not reported")
3061 dev
[0].request("REMOVE_NETWORK all")
3062 dev
[0].dump_monitor()
3064 def test_ap_wpa2_disable_eapol_retry_group(dev
, apdev
):
3065 """WPA2-PSK disable EAPOL-Key retry for group handshake"""
3066 ssid
= "test-wpa2-psk"
3067 passphrase
= 'qwertyuiop'
3068 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
3069 params
['wpa_disable_eapol_key_retries'] = '1'
3070 params
['wpa_strict_rekey'] = '1'
3071 hapd
= hostapd
.add_ap(apdev
[0], params
)
3072 bssid
= apdev
[0]['bssid']
3074 id = dev
[1].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
3075 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
3076 dev
[0].dump_monitor()
3077 addr
= dev
[0].own_addr()
3079 dev
[1].request("DISCONNECT")
3080 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
3082 raise Exception("GTK rekey timed out")
3083 dev
[1].request("RECONNECT")
3084 dev
[1].wait_connected()
3085 dev
[0].dump_monitor()
3087 hapd
.request("SET ext_eapol_frame_io 1")
3088 dev
[0].request("SET ext_eapol_frame_io 1")
3089 dev
[1].request("DISCONNECT")
3091 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=5)
3093 raise Exception("Timeout on EAPOL-TX (group M1) from hostapd")
3094 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=2)
3096 raise Exception("Unexpected EAPOL-TX group M1 retry from hostapd")
3097 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout
=3)
3099 raise Exception("Disconnection not reported")
3100 dev
[0].request("REMOVE_NETWORK all")
3101 dev
[0].dump_monitor()
3103 def test_ap_wpa2_psk_mic_0(dev
, apdev
):
3104 """WPA2-PSK/TKIP and MIC=0 in EAPOL-Key msg 3/4"""
3105 bssid
= apdev
[0]['bssid']
3106 ssid
= "test-wpa2-psk"
3107 passphrase
= 'qwertyuiop'
3108 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
3109 params
['rsn_pairwise'] = "TKIP"
3110 hapd
= hostapd
.add_ap(apdev
[0], params
)
3111 hapd
.request("SET ext_eapol_frame_io 1")
3112 dev
[0].request("SET ext_eapol_frame_io 1")
3113 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412", wait_connect
=False)
3114 addr
= dev
[0].own_addr()
3117 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
3119 raise Exception("Timeout on EAPOL-TX from hostapd")
3120 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
3122 raise Exception("EAPOL_RX to wpa_supplicant failed")
3125 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
3127 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
3128 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
3130 raise Exception("EAPOL_RX to hostapd failed")
3131 dev
[0].dump_monitor()
3134 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
3136 raise Exception("Timeout on EAPOL-TX from hostapd")
3137 msg3
= ev
.split(' ')[2]
3138 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg3
)
3140 raise Exception("EAPOL_RX to wpa_supplicant failed")
3143 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
3145 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
3146 # Do not send to the AP
3148 # EAPOL-Key msg 3/4 with MIC=0 and modifications
3149 eapol_hdr
= msg3
[0:8]
3150 key_type
= msg3
[8:10]
3151 key_info
= msg3
[10:14]
3152 key_length
= msg3
[14:18]
3153 replay_counter
= msg3
[18:34]
3154 key_nonce
= msg3
[34:98]
3155 key_iv
= msg3
[98:130]
3156 key_rsc
= msg3
[130:146]
3157 key_id
= msg3
[146:162]
3158 key_mic
= msg3
[162:194]
3159 key_data_len
= msg3
[194:198]
3160 key_data
= msg3
[198:]
3162 msg3b
= eapol_hdr
+ key_type
3163 msg3b
+= "12c9" # Clear MIC bit from key_info (originally 13c9)
3165 msg3b
+= '0000000000000003'
3166 msg3b
+= key_nonce
+ key_iv
+ key_rsc
+ key_id
3167 msg3b
+= 32*'0' # Clear MIC value
3168 msg3b
+= key_data_len
+ key_data
3169 dev
[0].dump_monitor()
3170 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg3b
)
3172 raise Exception("EAPOL_RX to wpa_supplicant failed")
3173 ev
= dev
[0].wait_event(["EAPOL-TX", "WPA: Ignore EAPOL-Key"], timeout
=2)
3175 raise Exception("No event from wpa_supplicant")
3176 if "EAPOL-TX" in ev
:
3177 raise Exception("Unexpected EAPOL-Key message from wpa_supplicant")
3178 dev
[0].request("DISCONNECT")
3180 def test_ap_wpa2_psk_local_error(dev
, apdev
):
3181 """WPA2-PSK and local error cases on supplicant"""
3182 ssid
= "test-wpa2-psk"
3183 passphrase
= 'qwertyuiop'
3184 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
3185 params
["wpa_key_mgmt"] = "WPA-PSK WPA-PSK-SHA256"
3186 hapd
= hostapd
.add_ap(apdev
[0], params
)
3188 with
fail_test(dev
[0], 1, "sha1_prf;wpa_pmk_to_ptk"):
3189 id = dev
[0].connect(ssid
, key_mgmt
="WPA-PSK", psk
=passphrase
,
3190 scan_freq
="2412", wait_connect
=False)
3191 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout
=5)
3193 raise Exception("Disconnection event not reported")
3194 dev
[0].request("REMOVE_NETWORK all")
3195 dev
[0].dump_monitor()
3197 with
fail_test(dev
[0], 1, "sha256_prf;wpa_pmk_to_ptk"):
3198 id = dev
[0].connect(ssid
, key_mgmt
="WPA-PSK-SHA256", psk
=passphrase
,
3199 scan_freq
="2412", wait_connect
=False)
3200 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout
=5)
3202 raise Exception("Disconnection event not reported")
3203 dev
[0].request("REMOVE_NETWORK all")
3204 dev
[0].dump_monitor()