]> git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_ap_psk.py
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tests: Give more time in ap_wpa2_psk_ext_delayed_ptk_rekey for UML
[thirdparty/hostap.git] / tests / hwsim / test_ap_psk.py
1 # WPA2-Personal tests
2 # Copyright (c) 2014, Qualcomm Atheros, Inc.
3 #
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
6
7 from remotehost import remote_compatible
8 import binascii
9 from Crypto.Cipher import AES
10 import hashlib
11 import hmac
12 import logging
13 logger = logging.getLogger()
14 import os
15 import re
16 import socket
17 import struct
18 import subprocess
19 import time
20
21 import hostapd
22 from utils import HwsimSkip, fail_test, skip_with_fips, start_monitor, stop_monitor, radiotap_build
23 import hwsim_utils
24 from wpasupplicant import WpaSupplicant
25
26 def check_mib(dev, vals):
27 mib = dev.get_mib()
28 for v in vals:
29 if mib[v[0]] != v[1]:
30 raise Exception("Unexpected {} = {} (expected {})".format(v[0], mib[v[0]], v[1]))
31
32 @remote_compatible
33 def test_ap_wpa2_psk(dev, apdev):
34 """WPA2-PSK AP with PSK instead of passphrase"""
35 ssid = "test-wpa2-psk"
36 passphrase = 'qwertyuiop'
37 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
38 params = hostapd.wpa2_params(ssid=ssid)
39 params['wpa_psk'] = psk
40 hapd = hostapd.add_ap(apdev[0], params)
41 key_mgmt = hapd.get_config()['key_mgmt']
42 if key_mgmt.split(' ')[0] != "WPA-PSK":
43 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
44 dev[0].connect(ssid, raw_psk=psk, scan_freq="2412")
45 dev[1].connect(ssid, psk=passphrase, scan_freq="2412")
46
47 sig = dev[0].request("SIGNAL_POLL").splitlines()
48 pkt = dev[0].request("PKTCNT_POLL").splitlines()
49 if "FREQUENCY=2412" not in sig:
50 raise Exception("Unexpected SIGNAL_POLL value: " + str(sig))
51 if "TXBAD=0" not in pkt:
52 raise Exception("Unexpected TXBAD value: " + str(pkt))
53
54 def test_ap_wpa2_psk_file(dev, apdev):
55 """WPA2-PSK AP with PSK from a file"""
56 ssid = "test-wpa2-psk"
57 passphrase = 'qwertyuiop'
58 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
59 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
60 params['wpa_psk_file'] = 'hostapd.wpa_psk'
61 hostapd.add_ap(apdev[0], params)
62 dev[1].connect(ssid, psk="very secret", scan_freq="2412", wait_connect=False)
63 dev[2].connect(ssid, raw_psk=psk, scan_freq="2412")
64 dev[2].request("REMOVE_NETWORK all")
65 dev[0].connect(ssid, psk="very secret", scan_freq="2412")
66 dev[0].request("REMOVE_NETWORK all")
67 dev[2].connect(ssid, psk="another passphrase for all STAs", scan_freq="2412")
68 dev[0].connect(ssid, psk="another passphrase for all STAs", scan_freq="2412")
69 ev = dev[1].wait_event(["WPA: 4-Way Handshake failed"], timeout=10)
70 if ev is None:
71 raise Exception("Timed out while waiting for failure report")
72 dev[1].request("REMOVE_NETWORK all")
73
74 def check_no_keyid(hapd, dev):
75 addr = dev.own_addr()
76 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=1)
77 if ev is None:
78 raise Exception("No AP-STA-CONNECTED indicated")
79 if addr not in ev:
80 raise Exception("AP-STA-CONNECTED for unexpected STA")
81 if "keyid=" in ev:
82 raise Exception("Unexpected keyid indication")
83
84 def check_keyid(hapd, dev, keyid):
85 addr = dev.own_addr()
86 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=1)
87 if ev is None:
88 raise Exception("No AP-STA-CONNECTED indicated")
89 if addr not in ev:
90 raise Exception("AP-STA-CONNECTED for unexpected STA")
91 if "keyid=" + keyid not in ev:
92 raise Exception("Incorrect keyid indication")
93 sta = hapd.get_sta(addr)
94 if 'keyid' not in sta or sta['keyid'] != keyid:
95 raise Exception("Incorrect keyid in STA output")
96 dev.request("REMOVE_NETWORK all")
97
98 def check_disconnect(dev, expected):
99 for i in range(2):
100 if expected[i]:
101 dev[i].wait_disconnected()
102 dev[i].request("REMOVE_NETWORK all")
103 else:
104 ev = dev[i].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=0.1)
105 if ev is not None:
106 raise Exception("Unexpected disconnection")
107 dev[i].request("REMOVE_NETWORK all")
108 dev[i].wait_disconnected()
109
110 def test_ap_wpa2_psk_file_keyid(dev, apdev, params):
111 """WPA2-PSK AP with PSK from a file (keyid and reload)"""
112 psk_file = os.path.join(params['logdir'], 'ap_wpa2_psk_file_keyid.wpa_psk')
113 with open(psk_file, 'w') as f:
114 f.write('00:00:00:00:00:00 secret passphrase\n')
115 f.write('02:00:00:00:00:00 very secret\n')
116 f.write('00:00:00:00:00:00 another passphrase for all STAs\n')
117 ssid = "test-wpa2-psk"
118 params = hostapd.wpa2_params(ssid=ssid, passphrase='qwertyuiop')
119 params['wpa_psk_file'] = psk_file
120 hapd = hostapd.add_ap(apdev[0], params)
121
122 dev[0].connect(ssid, psk="very secret", scan_freq="2412")
123 check_no_keyid(hapd, dev[0])
124
125 dev[1].connect(ssid, psk="another passphrase for all STAs",
126 scan_freq="2412")
127 check_no_keyid(hapd, dev[1])
128
129 dev[2].connect(ssid, psk="qwertyuiop", scan_freq="2412")
130 check_no_keyid(hapd, dev[2])
131
132 with open(psk_file, 'w') as f:
133 f.write('00:00:00:00:00:00 secret passphrase\n')
134 f.write('02:00:00:00:00:00 very secret\n')
135 f.write('00:00:00:00:00:00 changed passphrase\n')
136 if "OK" not in hapd.request("RELOAD_WPA_PSK"):
137 raise Exception("RELOAD_WPA_PSK failed")
138
139 check_disconnect(dev, [False, True, False])
140
141 with open(psk_file, 'w') as f:
142 f.write('00:00:00:00:00:00 secret passphrase\n')
143 f.write('keyid=foo 02:00:00:00:00:00 very secret\n')
144 f.write('keyid=bar 00:00:00:00:00:00 another passphrase for all STAs\n')
145 if "OK" not in hapd.request("RELOAD_WPA_PSK"):
146 raise Exception("RELOAD_WPA_PSK failed")
147
148 dev[0].connect(ssid, psk="very secret", scan_freq="2412")
149 check_keyid(hapd, dev[0], "foo")
150
151 dev[1].connect(ssid, psk="another passphrase for all STAs",
152 scan_freq="2412")
153 check_keyid(hapd, dev[1], "bar")
154
155 dev[2].connect(ssid, psk="qwertyuiop", scan_freq="2412")
156 check_no_keyid(hapd, dev[2])
157
158 dev[0].wait_disconnected()
159 dev[0].connect(ssid, psk="secret passphrase", scan_freq="2412")
160 check_no_keyid(hapd, dev[0])
161
162 with open(psk_file, 'w') as f:
163 f.write('# empty\n')
164 if "OK" not in hapd.request("RELOAD_WPA_PSK"):
165 raise Exception("RELOAD_WPA_PSK failed")
166
167 check_disconnect(dev, [True, True, False])
168
169 @remote_compatible
170 def test_ap_wpa2_psk_mem(dev, apdev):
171 """WPA2-PSK AP with passphrase only in memory"""
172 try:
173 _test_ap_wpa2_psk_mem(dev, apdev)
174 finally:
175 dev[0].request("SCAN_INTERVAL 5")
176 dev[1].request("SCAN_INTERVAL 5")
177
178 def _test_ap_wpa2_psk_mem(dev, apdev):
179 ssid = "test-wpa2-psk"
180 passphrase = 'qwertyuiop'
181 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
182 params = hostapd.wpa2_params(ssid=ssid)
183 params['wpa_psk'] = psk
184 hapd = hostapd.add_ap(apdev[0], params)
185
186 dev[0].connect(ssid, mem_only_psk="1", scan_freq="2412", wait_connect=False)
187 dev[0].request("SCAN_INTERVAL 1")
188 ev = dev[0].wait_event(["CTRL-REQ-PSK_PASSPHRASE"], timeout=10)
189 if ev is None:
190 raise Exception("Request for PSK/passphrase timed out")
191 id = ev.split(':')[0].split('-')[-1]
192 dev[0].request("CTRL-RSP-PSK_PASSPHRASE-" + id + ':"' + passphrase + '"')
193 dev[0].wait_connected(timeout=10)
194
195 dev[1].connect(ssid, mem_only_psk="1", scan_freq="2412", wait_connect=False)
196 dev[1].request("SCAN_INTERVAL 1")
197 ev = dev[1].wait_event(["CTRL-REQ-PSK_PASSPHRASE"], timeout=10)
198 if ev is None:
199 raise Exception("Request for PSK/passphrase timed out(2)")
200 id = ev.split(':')[0].split('-')[-1]
201 dev[1].request("CTRL-RSP-PSK_PASSPHRASE-" + id + ':' + psk)
202 dev[1].wait_connected(timeout=10)
203
204 @remote_compatible
205 def test_ap_wpa2_ptk_rekey(dev, apdev):
206 """WPA2-PSK AP and PTK rekey enforced by station"""
207 ssid = "test-wpa2-psk"
208 passphrase = 'qwertyuiop'
209 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
210 hapd = hostapd.add_ap(apdev[0], params)
211 dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412")
212 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
213 if ev is None:
214 raise Exception("PTK rekey timed out")
215 hwsim_utils.test_connectivity(dev[0], hapd)
216
217 def test_ap_wpa2_ptk_rekey_anonce(dev, apdev):
218 """WPA2-PSK AP and PTK rekey enforced by station and ANonce change"""
219 ssid = "test-wpa2-psk"
220 passphrase = 'qwertyuiop'
221 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
222 hapd = hostapd.add_ap(apdev[0], params)
223 dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412")
224 dev[0].dump_monitor()
225 anonce1 = dev[0].request("GET anonce")
226 if "OK" not in dev[0].request("KEY_REQUEST 0 1"):
227 raise Exception("KEY_REQUEST failed")
228 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
229 if ev is None:
230 raise Exception("PTK rekey timed out")
231 anonce2 = dev[0].request("GET anonce")
232 if anonce1 == anonce2:
233 raise Exception("AP did not update ANonce in requested PTK rekeying")
234 hwsim_utils.test_connectivity(dev[0], hapd)
235
236 @remote_compatible
237 def test_ap_wpa2_ptk_rekey_ap(dev, apdev):
238 """WPA2-PSK AP and PTK rekey enforced by AP"""
239 ssid = "test-wpa2-psk"
240 passphrase = 'qwertyuiop'
241 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
242 params['wpa_ptk_rekey'] = '2'
243 hapd = hostapd.add_ap(apdev[0], params)
244 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
245 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
246 if ev is None:
247 raise Exception("PTK rekey timed out")
248 hwsim_utils.test_connectivity(dev[0], hapd)
249
250 @remote_compatible
251 def test_ap_wpa2_sha256_ptk_rekey(dev, apdev):
252 """WPA2-PSK/SHA256 AKM AP and PTK rekey enforced by station"""
253 ssid = "test-wpa2-psk"
254 passphrase = 'qwertyuiop'
255 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
256 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
257 hapd = hostapd.add_ap(apdev[0], params)
258 dev[0].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK-SHA256",
259 wpa_ptk_rekey="1", scan_freq="2412")
260 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
261 if ev is None:
262 raise Exception("PTK rekey timed out")
263 hwsim_utils.test_connectivity(dev[0], hapd)
264 check_mib(dev[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-6"),
265 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-6")])
266
267 @remote_compatible
268 def test_ap_wpa2_sha256_ptk_rekey_ap(dev, apdev):
269 """WPA2-PSK/SHA256 AKM AP and PTK rekey enforced by AP"""
270 ssid = "test-wpa2-psk"
271 passphrase = 'qwertyuiop'
272 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
273 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
274 params['wpa_ptk_rekey'] = '2'
275 hapd = hostapd.add_ap(apdev[0], params)
276 dev[0].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK-SHA256",
277 scan_freq="2412")
278 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
279 if ev is None:
280 raise Exception("PTK rekey timed out")
281 hwsim_utils.test_connectivity(dev[0], hapd)
282 check_mib(dev[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-6"),
283 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-6")])
284
285 @remote_compatible
286 def test_ap_wpa_ptk_rekey(dev, apdev):
287 """WPA-PSK/TKIP AP and PTK rekey enforced by station"""
288 skip_with_fips(dev[0])
289 ssid = "test-wpa-psk"
290 passphrase = 'qwertyuiop'
291 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
292 hapd = hostapd.add_ap(apdev[0], params)
293 dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412")
294 if "[WPA-PSK-TKIP]" not in dev[0].request("SCAN_RESULTS"):
295 raise Exception("Scan results missing WPA element info")
296 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
297 if ev is None:
298 raise Exception("PTK rekey timed out")
299 hwsim_utils.test_connectivity(dev[0], hapd)
300
301 @remote_compatible
302 def test_ap_wpa_ptk_rekey_ap(dev, apdev):
303 """WPA-PSK/TKIP AP and PTK rekey enforced by AP"""
304 skip_with_fips(dev[0])
305 ssid = "test-wpa-psk"
306 passphrase = 'qwertyuiop'
307 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
308 params['wpa_ptk_rekey'] = '2'
309 hapd = hostapd.add_ap(apdev[0], params)
310 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
311 ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=10)
312 if ev is None:
313 raise Exception("PTK rekey timed out")
314 hwsim_utils.test_connectivity(dev[0], hapd)
315
316 @remote_compatible
317 def test_ap_wpa_ccmp(dev, apdev):
318 """WPA-PSK/CCMP"""
319 ssid = "test-wpa-psk"
320 passphrase = 'qwertyuiop'
321 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
322 params['wpa_pairwise'] = "CCMP"
323 hapd = hostapd.add_ap(apdev[0], params)
324 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
325 hwsim_utils.test_connectivity(dev[0], hapd)
326 check_mib(dev[0], [("dot11RSNAConfigGroupCipherSize", "128"),
327 ("dot11RSNAGroupCipherRequested", "00-50-f2-4"),
328 ("dot11RSNAPairwiseCipherRequested", "00-50-f2-4"),
329 ("dot11RSNAAuthenticationSuiteRequested", "00-50-f2-2"),
330 ("dot11RSNAGroupCipherSelected", "00-50-f2-4"),
331 ("dot11RSNAPairwiseCipherSelected", "00-50-f2-4"),
332 ("dot11RSNAAuthenticationSuiteSelected", "00-50-f2-2"),
333 ("dot1xSuppSuppControlledPortStatus", "Authorized")])
334
335 def test_ap_wpa2_psk_file_errors(dev, apdev):
336 """WPA2-PSK AP with various PSK file error and success cases"""
337 addr0 = dev[0].own_addr()
338 addr1 = dev[1].own_addr()
339 addr2 = dev[2].own_addr()
340 ssid = "psk"
341 pskfile = "/tmp/ap_wpa2_psk_file_errors.psk_file"
342 try:
343 os.remove(pskfile)
344 except:
345 pass
346
347 params = {"ssid": ssid, "wpa": "2", "wpa_key_mgmt": "WPA-PSK",
348 "rsn_pairwise": "CCMP", "wpa_psk_file": pskfile}
349
350 try:
351 # missing PSK file
352 hapd = hostapd.add_ap(apdev[0], params, no_enable=True)
353 if "FAIL" not in hapd.request("ENABLE"):
354 raise Exception("Unexpected ENABLE success")
355 hapd.request("DISABLE")
356
357 # invalid MAC address
358 with open(pskfile, "w") as f:
359 f.write("\n")
360 f.write("foo\n")
361 if "FAIL" not in hapd.request("ENABLE"):
362 raise Exception("Unexpected ENABLE success")
363 hapd.request("DISABLE")
364
365 # no PSK on line
366 with open(pskfile, "w") as f:
367 f.write("00:11:22:33:44:55\n")
368 if "FAIL" not in hapd.request("ENABLE"):
369 raise Exception("Unexpected ENABLE success")
370 hapd.request("DISABLE")
371
372 # invalid PSK
373 with open(pskfile, "w") as f:
374 f.write("00:11:22:33:44:55 1234567\n")
375 if "FAIL" not in hapd.request("ENABLE"):
376 raise Exception("Unexpected ENABLE success")
377 hapd.request("DISABLE")
378
379 # empty token at the end of the line
380 with open(pskfile, "w") as f:
381 f.write("=\n")
382 if "FAIL" not in hapd.request("ENABLE"):
383 raise Exception("Unexpected ENABLE success")
384 hapd.request("DISABLE")
385
386 # valid PSK file
387 with open(pskfile, "w") as f:
388 f.write("00:11:22:33:44:55 12345678\n")
389 f.write(addr0 + " 123456789\n")
390 f.write(addr1 + " 123456789a\n")
391 f.write(addr2 + " 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\n")
392 if "FAIL" in hapd.request("ENABLE"):
393 raise Exception("Unexpected ENABLE failure")
394
395 dev[0].connect(ssid, psk="123456789", scan_freq="2412")
396 dev[1].connect(ssid, psk="123456789a", scan_freq="2412")
397 dev[2].connect(ssid, raw_psk="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef", scan_freq="2412")
398
399 finally:
400 try:
401 os.remove(pskfile)
402 except:
403 pass
404
405 @remote_compatible
406 def test_ap_wpa2_psk_wildcard_ssid(dev, apdev):
407 """WPA2-PSK AP and wildcard SSID configuration"""
408 ssid = "test-wpa2-psk"
409 passphrase = 'qwertyuiop'
410 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
411 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
412 hapd = hostapd.add_ap(apdev[0], params)
413 dev[0].connect("", bssid=apdev[0]['bssid'], psk=passphrase,
414 scan_freq="2412")
415 dev[1].connect("", bssid=apdev[0]['bssid'], raw_psk=psk, scan_freq="2412")
416
417 @remote_compatible
418 def test_ap_wpa2_gtk_rekey(dev, apdev):
419 """WPA2-PSK AP and GTK rekey enforced by AP"""
420 ssid = "test-wpa2-psk"
421 passphrase = 'qwertyuiop'
422 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
423 params['wpa_group_rekey'] = '1'
424 hapd = hostapd.add_ap(apdev[0], params)
425 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
426 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
427 if ev is None:
428 raise Exception("GTK rekey timed out")
429 hwsim_utils.test_connectivity(dev[0], hapd)
430
431 def test_ap_wpa2_gtk_rekey_request(dev, apdev):
432 """WPA2-PSK AP and GTK rekey by AP request"""
433 ssid = "test-wpa2-psk"
434 passphrase = 'qwertyuiop'
435 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
436 hapd = hostapd.add_ap(apdev[0], params)
437 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
438 if "OK" not in hapd.request("REKEY_GTK"):
439 raise Exception("REKEY_GTK failed")
440 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
441 if ev is None:
442 raise Exception("GTK rekey timed out")
443 hwsim_utils.test_connectivity(dev[0], hapd)
444
445 @remote_compatible
446 def test_ap_wpa_gtk_rekey(dev, apdev):
447 """WPA-PSK/TKIP AP and GTK rekey enforced by AP"""
448 skip_with_fips(dev[0])
449 ssid = "test-wpa-psk"
450 passphrase = 'qwertyuiop'
451 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
452 params['wpa_group_rekey'] = '1'
453 hapd = hostapd.add_ap(apdev[0], params)
454 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
455 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
456 if ev is None:
457 raise Exception("GTK rekey timed out")
458 hwsim_utils.test_connectivity(dev[0], hapd)
459
460 @remote_compatible
461 def test_ap_wpa2_gmk_rekey(dev, apdev):
462 """WPA2-PSK AP and GMK and GTK rekey enforced by AP"""
463 ssid = "test-wpa2-psk"
464 passphrase = 'qwertyuiop'
465 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
466 params['wpa_group_rekey'] = '1'
467 params['wpa_gmk_rekey'] = '2'
468 hapd = hostapd.add_ap(apdev[0], params)
469 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
470 for i in range(0, 3):
471 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
472 if ev is None:
473 raise Exception("GTK rekey timed out")
474 hwsim_utils.test_connectivity(dev[0], hapd)
475
476 @remote_compatible
477 def test_ap_wpa2_strict_rekey(dev, apdev):
478 """WPA2-PSK AP and strict GTK rekey enforced by AP"""
479 ssid = "test-wpa2-psk"
480 passphrase = 'qwertyuiop'
481 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
482 params['wpa_strict_rekey'] = '1'
483 hapd = hostapd.add_ap(apdev[0], params)
484 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
485 dev[1].connect(ssid, psk=passphrase, scan_freq="2412")
486 dev[1].request("DISCONNECT")
487 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
488 if ev is None:
489 raise Exception("GTK rekey timed out")
490 hwsim_utils.test_connectivity(dev[0], hapd)
491
492 @remote_compatible
493 def test_ap_wpa2_bridge_fdb(dev, apdev):
494 """Bridge FDB entry removal"""
495 hapd = None
496 try:
497 ssid = "test-wpa2-psk"
498 passphrase = "12345678"
499 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
500 params['bridge'] = 'ap-br0'
501 hapd = hostapd.add_ap(apdev[0], params)
502 hapd.cmd_execute(['brctl', 'setfd', 'ap-br0', '0'])
503 hapd.cmd_execute(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
504 dev[0].connect(ssid, psk=passphrase, scan_freq="2412",
505 bssid=apdev[0]['bssid'])
506 dev[1].connect(ssid, psk=passphrase, scan_freq="2412",
507 bssid=apdev[0]['bssid'])
508 addr0 = dev[0].p2p_interface_addr()
509 hwsim_utils.test_connectivity_sta(dev[0], dev[1])
510 err, macs1 = hapd.cmd_execute(['brctl', 'showmacs', 'ap-br0'])
511 hapd.cmd_execute(['brctl', 'setageing', 'ap-br0', '1'])
512 dev[0].request("DISCONNECT")
513 dev[1].request("DISCONNECT")
514 time.sleep(1)
515 err, macs2 = hapd.cmd_execute(['brctl', 'showmacs', 'ap-br0'])
516
517 addr1 = dev[1].p2p_interface_addr()
518 if addr0 not in macs1 or addr1 not in macs1:
519 raise Exception("Bridge FDB entry missing")
520 if addr0 in macs2 or addr1 in macs2:
521 raise Exception("Bridge FDB entry was not removed")
522 finally:
523 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', 'ap-br0',
524 'down'])
525 hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', 'ap-br0'])
526
527 @remote_compatible
528 def test_ap_wpa2_already_in_bridge(dev, apdev):
529 """hostapd behavior with interface already in bridge"""
530 ifname = apdev[0]['ifname']
531 br_ifname = 'ext-ap-br0'
532 try:
533 ssid = "test-wpa2-psk"
534 passphrase = "12345678"
535 hostapd.cmd_execute(apdev[0], ['brctl', 'addbr', br_ifname])
536 hostapd.cmd_execute(apdev[0], ['brctl', 'setfd', br_ifname, '0'])
537 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname,
538 'up'])
539 hostapd.cmd_execute(apdev[0], ['iw', ifname, 'set', 'type', '__ap'])
540 hostapd.cmd_execute(apdev[0], ['brctl', 'addif', br_ifname, ifname])
541 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
542 hapd = hostapd.add_ap(apdev[0], params)
543 if hapd.get_driver_status_field('brname') != br_ifname:
544 raise Exception("Bridge name not identified correctly")
545 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
546 finally:
547 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname,
548 'down'])
549 hostapd.cmd_execute(apdev[0], ['brctl', 'delif', br_ifname, ifname])
550 hostapd.cmd_execute(apdev[0], ['iw', ifname, 'set', 'type', 'station'])
551 hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', br_ifname])
552
553 @remote_compatible
554 def test_ap_wpa2_in_different_bridge(dev, apdev):
555 """hostapd behavior with interface in different bridge"""
556 ifname = apdev[0]['ifname']
557 br_ifname = 'ext-ap-br0'
558 try:
559 ssid = "test-wpa2-psk"
560 passphrase = "12345678"
561 hostapd.cmd_execute(apdev[0], ['brctl', 'addbr', br_ifname])
562 hostapd.cmd_execute(apdev[0], ['brctl', 'setfd', br_ifname, '0'])
563 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname,
564 'up'])
565 hostapd.cmd_execute(apdev[0], ['iw', ifname, 'set', 'type', '__ap'])
566 hostapd.cmd_execute(apdev[0], ['brctl', 'addif', br_ifname, ifname])
567 time.sleep(0.5)
568 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
569 params['bridge'] = 'ap-br0'
570 hapd = hostapd.add_ap(apdev[0], params)
571 hostapd.cmd_execute(apdev[0], ['brctl', 'setfd', 'ap-br0', '0'])
572 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', 'ap-br0',
573 'up'])
574 brname = hapd.get_driver_status_field('brname')
575 if brname != 'ap-br0':
576 raise Exception("Incorrect bridge: " + brname)
577 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
578 hwsim_utils.test_connectivity_iface(dev[0], hapd, "ap-br0")
579 if hapd.get_driver_status_field("added_bridge") != "1":
580 raise Exception("Unexpected added_bridge value")
581 if hapd.get_driver_status_field("added_if_into_bridge") != "1":
582 raise Exception("Unexpected added_if_into_bridge value")
583 dev[0].request("DISCONNECT")
584 hapd.disable()
585 finally:
586 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname,
587 'down'])
588 hostapd.cmd_execute(apdev[0], ['brctl', 'delif', br_ifname, ifname,
589 "2>", "/dev/null"], shell=True)
590 hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', br_ifname])
591
592 @remote_compatible
593 def test_ap_wpa2_ext_add_to_bridge(dev, apdev):
594 """hostapd behavior with interface added to bridge externally"""
595 ifname = apdev[0]['ifname']
596 br_ifname = 'ext-ap-br0'
597 try:
598 ssid = "test-wpa2-psk"
599 passphrase = "12345678"
600 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
601 hapd = hostapd.add_ap(apdev[0], params)
602
603 hostapd.cmd_execute(apdev[0], ['brctl', 'addbr', br_ifname])
604 hostapd.cmd_execute(apdev[0], ['brctl', 'setfd', br_ifname, '0'])
605 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname,
606 'up'])
607 hostapd.cmd_execute(apdev[0], ['brctl', 'addif', br_ifname, ifname])
608 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
609 if hapd.get_driver_status_field('brname') != br_ifname:
610 raise Exception("Bridge name not identified correctly")
611 finally:
612 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname,
613 'down'])
614 hostapd.cmd_execute(apdev[0], ['brctl', 'delif', br_ifname, ifname])
615 hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', br_ifname])
616
617 def test_ap_wpa2_psk_ext(dev, apdev):
618 """WPA2-PSK AP using external EAPOL I/O"""
619 bssid = apdev[0]['bssid']
620 ssid = "test-wpa2-psk"
621 passphrase = 'qwertyuiop'
622 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
623 params = hostapd.wpa2_params(ssid=ssid)
624 params['wpa_psk'] = psk
625 hapd = hostapd.add_ap(apdev[0], params)
626 hapd.request("SET ext_eapol_frame_io 1")
627 dev[0].request("SET ext_eapol_frame_io 1")
628 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
629 addr = dev[0].p2p_interface_addr()
630 while True:
631 ev = hapd.wait_event(["EAPOL-TX", "AP-STA-CONNECTED"], timeout=15)
632 if ev is None:
633 raise Exception("Timeout on EAPOL-TX from hostapd")
634 if "AP-STA-CONNECTED" in ev:
635 dev[0].wait_connected(timeout=15)
636 break
637 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
638 if "OK" not in res:
639 raise Exception("EAPOL_RX to wpa_supplicant failed")
640 ev = dev[0].wait_event(["EAPOL-TX", "CTRL-EVENT-CONNECTED"], timeout=15)
641 if ev is None:
642 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
643 if "CTRL-EVENT-CONNECTED" in ev:
644 break
645 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
646 if "OK" not in res:
647 raise Exception("EAPOL_RX to hostapd failed")
648
649 def test_ap_wpa2_psk_ext_retry_msg_3(dev, apdev):
650 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4"""
651 bssid = apdev[0]['bssid']
652 ssid = "test-wpa2-psk"
653 passphrase = 'qwertyuiop'
654 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
655 params = hostapd.wpa2_params(ssid=ssid)
656 params['wpa_psk'] = psk
657 hapd = hostapd.add_ap(apdev[0], params)
658 hapd.request("SET ext_eapol_frame_io 1")
659 dev[0].request("SET ext_eapol_frame_io 1")
660 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
661 addr = dev[0].p2p_interface_addr()
662
663 # EAPOL-Key msg 1/4
664 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
665 if ev is None:
666 raise Exception("Timeout on EAPOL-TX from hostapd")
667 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
668 if "OK" not in res:
669 raise Exception("EAPOL_RX to wpa_supplicant failed")
670
671 # EAPOL-Key msg 2/4
672 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
673 if ev is None:
674 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
675 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
676 if "OK" not in res:
677 raise Exception("EAPOL_RX to hostapd failed")
678
679 # EAPOL-Key msg 3/4
680 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
681 if ev is None:
682 raise Exception("Timeout on EAPOL-TX from hostapd")
683 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
684 if "OK" not in res:
685 raise Exception("EAPOL_RX to wpa_supplicant failed")
686
687 # EAPOL-Key msg 4/4
688 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
689 if ev is None:
690 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
691 # Do not send to the AP
692 dev[0].wait_connected(timeout=15)
693
694 # EAPOL-Key msg 3/4 (retry)
695 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
696 if ev is None:
697 raise Exception("Timeout on EAPOL-TX from hostapd")
698 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
699 if "OK" not in res:
700 raise Exception("EAPOL_RX to wpa_supplicant failed")
701
702 # EAPOL-Key msg 4/4
703 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
704 if ev is None:
705 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
706 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
707 if "OK" not in res:
708 raise Exception("EAPOL_RX to hostapd failed")
709
710 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
711 if ev is None:
712 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
713
714 hwsim_utils.test_connectivity(dev[0], hapd)
715
716 def test_ap_wpa2_psk_ext_retry_msg_3b(dev, apdev):
717 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (b)"""
718 bssid = apdev[0]['bssid']
719 ssid = "test-wpa2-psk"
720 passphrase = 'qwertyuiop'
721 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
722 params = hostapd.wpa2_params(ssid=ssid)
723 params['wpa_psk'] = psk
724 hapd = hostapd.add_ap(apdev[0], params)
725 hapd.request("SET ext_eapol_frame_io 1")
726 dev[0].request("SET ext_eapol_frame_io 1")
727 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
728 addr = dev[0].p2p_interface_addr()
729
730 # EAPOL-Key msg 1/4
731 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
732 if ev is None:
733 raise Exception("Timeout on EAPOL-TX from hostapd")
734 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
735 if "OK" not in res:
736 raise Exception("EAPOL_RX to wpa_supplicant failed")
737
738 # EAPOL-Key msg 2/4
739 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
740 if ev is None:
741 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
742 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
743 if "OK" not in res:
744 raise Exception("EAPOL_RX to hostapd failed")
745
746 # EAPOL-Key msg 3/4
747 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
748 if ev is None:
749 raise Exception("Timeout on EAPOL-TX from hostapd")
750 # Do not send the first msg 3/4 to the STA yet; wait for retransmission
751 # from AP.
752 msg3_1 = ev
753
754 # EAPOL-Key msg 3/4 (retry)
755 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
756 if ev is None:
757 raise Exception("Timeout on EAPOL-TX from hostapd")
758 msg3_2 = ev
759
760 # Send the first msg 3/4 to STA
761 res = dev[0].request("EAPOL_RX " + bssid + " " + msg3_1.split(' ')[2])
762 if "OK" not in res:
763 raise Exception("EAPOL_RX to wpa_supplicant failed")
764
765 # EAPOL-Key msg 4/4
766 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
767 if ev is None:
768 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
769 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
770 if "OK" not in res:
771 raise Exception("EAPOL_RX to hostapd failed")
772 dev[0].wait_connected(timeout=15)
773 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
774 if ev is None:
775 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
776
777 hwsim_utils.test_connectivity(dev[0], hapd)
778
779 # Send the second msg 3/4 to STA
780 res = dev[0].request("EAPOL_RX " + bssid + " " + msg3_2.split(' ')[2])
781 if "OK" not in res:
782 raise Exception("EAPOL_RX to wpa_supplicant failed")
783 # EAPOL-Key msg 4/4
784 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
785 if ev is None:
786 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
787 # Do not send the second msg 4/4 to the AP
788
789 hwsim_utils.test_connectivity(dev[0], hapd)
790
791 def test_ap_wpa2_psk_ext_retry_msg_3c(dev, apdev):
792 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (c)"""
793 bssid = apdev[0]['bssid']
794 ssid = "test-wpa2-psk"
795 passphrase = 'qwertyuiop'
796 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
797 params = hostapd.wpa2_params(ssid=ssid)
798 params['wpa_psk'] = psk
799 hapd = hostapd.add_ap(apdev[0], params)
800 hapd.request("SET ext_eapol_frame_io 1")
801 dev[0].request("SET ext_eapol_frame_io 1")
802 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
803 addr = dev[0].p2p_interface_addr()
804
805 # EAPOL-Key msg 1/4
806 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
807 if ev is None:
808 raise Exception("Timeout on EAPOL-TX from hostapd")
809 msg1 = ev.split(' ')[2]
810 res = dev[0].request("EAPOL_RX " + bssid + " " + msg1)
811 if "OK" not in res:
812 raise Exception("EAPOL_RX to wpa_supplicant failed")
813
814 # EAPOL-Key msg 2/4
815 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
816 if ev is None:
817 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
818 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
819 if "OK" not in res:
820 raise Exception("EAPOL_RX to hostapd failed")
821
822 # EAPOL-Key msg 3/4
823 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
824 if ev is None:
825 raise Exception("Timeout on EAPOL-TX from hostapd")
826 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
827 if "OK" not in res:
828 raise Exception("EAPOL_RX to wpa_supplicant failed")
829
830 # EAPOL-Key msg 4/4
831 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
832 if ev is None:
833 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
834 msg4 = ev.split(' ')[2]
835 # Do not send msg 4/4 to hostapd to trigger retry
836
837 # STA believes everything is ready
838 dev[0].wait_connected()
839
840 # EAPOL-Key msg 3/4 (retry)
841 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
842 if ev is None:
843 raise Exception("Timeout on EAPOL-TX from hostapd")
844 msg3 = ev.split(' ')[2]
845
846 # Send a forged msg 1/4 to STA (update replay counter)
847 msg1b = msg1[0:18] + msg3[18:34] + msg1[34:]
848 # and replace nonce (this results in "WPA: ANonce from message 1 of
849 # 4-Way Handshake differs from 3 of 4-Way Handshake - drop packet" when
850 # wpa_supplicant processed msg 3/4 afterwards)
851 #msg1b = msg1[0:18] + msg3[18:34] + 32*"ff" + msg1[98:]
852 res = dev[0].request("EAPOL_RX " + bssid + " " + msg1b)
853 if "OK" not in res:
854 raise Exception("EAPOL_RX to wpa_supplicant failed")
855 # EAPOL-Key msg 2/4
856 ev = dev[0].wait_event(["EAPOL-TX"], timeout=1)
857 if ev is None:
858 # wpa_supplicant seems to have ignored the forged message. This means
859 # the attack would fail.
860 logger.info("wpa_supplicant ignored forged EAPOL-Key msg 1/4")
861 return
862 # Do not send msg 2/4 to hostapd
863
864 # Send previously received msg 3/4 to STA
865 res = dev[0].request("EAPOL_RX " + bssid + " " + msg3)
866 if "OK" not in res:
867 raise Exception("EAPOL_RX to wpa_supplicant failed")
868
869 # EAPOL-Key msg 4/4
870 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
871 if ev is None:
872 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
873 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
874 if "OK" not in res:
875 raise Exception("EAPOL_RX to hostapd failed")
876
877 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
878 if ev is None:
879 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
880
881 hwsim_utils.test_connectivity(dev[0], hapd)
882
883 def test_ap_wpa2_psk_ext_retry_msg_3d(dev, apdev):
884 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (d)"""
885 bssid = apdev[0]['bssid']
886 ssid = "test-wpa2-psk"
887 passphrase = 'qwertyuiop'
888 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
889 params = hostapd.wpa2_params(ssid=ssid)
890 params['wpa_psk'] = psk
891 hapd = hostapd.add_ap(apdev[0], params)
892 hapd.request("SET ext_eapol_frame_io 1")
893 dev[0].request("SET ext_eapol_frame_io 1")
894 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
895 addr = dev[0].p2p_interface_addr()
896
897 # EAPOL-Key msg 1/4
898 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
899 if ev is None:
900 raise Exception("Timeout on EAPOL-TX from hostapd")
901 msg1 = ev.split(' ')[2]
902 res = dev[0].request("EAPOL_RX " + bssid + " " + msg1)
903 if "OK" not in res:
904 raise Exception("EAPOL_RX to wpa_supplicant failed")
905
906 # EAPOL-Key msg 2/4
907 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
908 if ev is None:
909 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
910 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
911 if "OK" not in res:
912 raise Exception("EAPOL_RX to hostapd failed")
913
914 # EAPOL-Key msg 3/4
915 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
916 if ev is None:
917 raise Exception("Timeout on EAPOL-TX from hostapd")
918 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
919 if "OK" not in res:
920 raise Exception("EAPOL_RX to wpa_supplicant failed")
921
922 # EAPOL-Key msg 4/4
923 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
924 if ev is None:
925 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
926 msg4 = ev.split(' ')[2]
927 # Do not send msg 4/4 to hostapd to trigger retry
928
929 # STA believes everything is ready
930 dev[0].wait_connected()
931
932 # EAPOL-Key msg 3/4 (retry)
933 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
934 if ev is None:
935 raise Exception("Timeout on EAPOL-TX from hostapd")
936 msg3 = ev.split(' ')[2]
937
938 # Send a forged msg 1/4 to STA (update replay counter)
939 msg1b = msg1[0:18] + msg3[18:34] + msg1[34:]
940 res = dev[0].request("EAPOL_RX " + bssid + " " + msg1b)
941 if "OK" not in res:
942 raise Exception("EAPOL_RX to wpa_supplicant failed")
943 # EAPOL-Key msg 2/4
944 ev = dev[0].wait_event(["EAPOL-TX"], timeout=1)
945 if ev is None:
946 # wpa_supplicant seems to have ignored the forged message. This means
947 # the attack would fail.
948 logger.info("wpa_supplicant ignored forged EAPOL-Key msg 1/4")
949 return
950 # Do not send msg 2/4 to hostapd
951
952 # EAPOL-Key msg 3/4 (retry 2)
953 # New one needed to get the correct Replay Counter value
954 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
955 if ev is None:
956 raise Exception("Timeout on EAPOL-TX from hostapd")
957 msg3 = ev.split(' ')[2]
958
959 # Send msg 3/4 to STA
960 res = dev[0].request("EAPOL_RX " + bssid + " " + msg3)
961 if "OK" not in res:
962 raise Exception("EAPOL_RX to wpa_supplicant failed")
963
964 # EAPOL-Key msg 4/4
965 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
966 if ev is None:
967 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
968 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
969 if "OK" not in res:
970 raise Exception("EAPOL_RX to hostapd failed")
971
972 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
973 if ev is None:
974 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
975
976 hwsim_utils.test_connectivity(dev[0], hapd)
977
978 def test_ap_wpa2_psk_ext_retry_msg_3e(dev, apdev):
979 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (e)"""
980 bssid = apdev[0]['bssid']
981 ssid = "test-wpa2-psk"
982 passphrase = 'qwertyuiop'
983 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
984 params = hostapd.wpa2_params(ssid=ssid)
985 params['wpa_psk'] = psk
986 hapd = hostapd.add_ap(apdev[0], params)
987 hapd.request("SET ext_eapol_frame_io 1")
988 dev[0].request("SET ext_eapol_frame_io 1")
989 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
990 addr = dev[0].p2p_interface_addr()
991
992 # EAPOL-Key msg 1/4
993 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
994 if ev is None:
995 raise Exception("Timeout on EAPOL-TX from hostapd")
996 msg1 = ev.split(' ')[2]
997 res = dev[0].request("EAPOL_RX " + bssid + " " + msg1)
998 if "OK" not in res:
999 raise Exception("EAPOL_RX to wpa_supplicant failed")
1000
1001 # EAPOL-Key msg 2/4
1002 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
1003 if ev is None:
1004 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1005 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
1006 if "OK" not in res:
1007 raise Exception("EAPOL_RX to hostapd failed")
1008
1009 # EAPOL-Key msg 3/4
1010 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1011 if ev is None:
1012 raise Exception("Timeout on EAPOL-TX from hostapd")
1013 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
1014 if "OK" not in res:
1015 raise Exception("EAPOL_RX to wpa_supplicant failed")
1016
1017 # EAPOL-Key msg 4/4
1018 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
1019 if ev is None:
1020 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1021 msg4 = ev.split(' ')[2]
1022 # Do not send msg 4/4 to hostapd to trigger retry
1023
1024 # STA believes everything is ready
1025 dev[0].wait_connected()
1026
1027 # EAPOL-Key msg 3/4 (retry)
1028 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1029 if ev is None:
1030 raise Exception("Timeout on EAPOL-TX from hostapd")
1031 msg3 = ev.split(' ')[2]
1032
1033 # Send a forged msg 1/4 to STA (update replay counter and replace ANonce)
1034 msg1b = msg1[0:18] + msg3[18:34] + 32*"ff" + msg1[98:]
1035 res = dev[0].request("EAPOL_RX " + bssid + " " + msg1b)
1036 if "OK" not in res:
1037 raise Exception("EAPOL_RX to wpa_supplicant failed")
1038 # EAPOL-Key msg 2/4
1039 ev = dev[0].wait_event(["EAPOL-TX"], timeout=1)
1040 if ev is None:
1041 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1042 # Do not send msg 2/4 to hostapd
1043
1044 # Send a forged msg 1/4 to STA (back to previously used ANonce)
1045 msg1b = msg1[0:18] + msg3[18:34] + msg1[34:]
1046 res = dev[0].request("EAPOL_RX " + bssid + " " + msg1b)
1047 if "OK" not in res:
1048 raise Exception("EAPOL_RX to wpa_supplicant failed")
1049 # EAPOL-Key msg 2/4
1050 ev = dev[0].wait_event(["EAPOL-TX"], timeout=1)
1051 if ev is None:
1052 # wpa_supplicant seems to have ignored the forged message. This means
1053 # the attack would fail.
1054 logger.info("wpa_supplicant ignored forged EAPOL-Key msg 1/4")
1055 return
1056 # Do not send msg 2/4 to hostapd
1057
1058 # EAPOL-Key msg 3/4 (retry 2)
1059 # New one needed to get the correct Replay Counter value
1060 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1061 if ev is None:
1062 raise Exception("Timeout on EAPOL-TX from hostapd")
1063 msg3 = ev.split(' ')[2]
1064
1065 # Send msg 3/4 to STA
1066 res = dev[0].request("EAPOL_RX " + bssid + " " + msg3)
1067 if "OK" not in res:
1068 raise Exception("EAPOL_RX to wpa_supplicant failed")
1069
1070 # EAPOL-Key msg 4/4
1071 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
1072 if ev is None:
1073 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1074 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
1075 if "OK" not in res:
1076 raise Exception("EAPOL_RX to hostapd failed")
1077
1078 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
1079 if ev is None:
1080 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
1081
1082 hwsim_utils.test_connectivity(dev[0], hapd)
1083
1084 def test_ap_wpa2_psk_ext_delayed_ptk_rekey(dev, apdev):
1085 """WPA2-PSK AP using external EAPOL I/O and delayed PTK rekey exchange"""
1086 bssid = apdev[0]['bssid']
1087 ssid = "test-wpa2-psk"
1088 passphrase = 'qwertyuiop'
1089 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
1090 params = hostapd.wpa2_params(ssid=ssid)
1091 params['wpa_psk'] = psk
1092 params['wpa_ptk_rekey'] = '3'
1093 hapd = hostapd.add_ap(apdev[0], params)
1094 hapd.request("SET ext_eapol_frame_io 1")
1095 dev[0].request("SET ext_eapol_frame_io 1")
1096 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
1097 addr = dev[0].p2p_interface_addr()
1098
1099 # EAPOL-Key msg 1/4
1100 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1101 if ev is None:
1102 raise Exception("Timeout on EAPOL-TX from hostapd")
1103 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
1104 if "OK" not in res:
1105 raise Exception("EAPOL_RX to wpa_supplicant failed")
1106
1107 # EAPOL-Key msg 2/4
1108 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
1109 if ev is None:
1110 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1111 msg2 = ev.split(' ')[2]
1112 # Do not send this to the AP
1113
1114 # EAPOL-Key msg 1/4 (retry)
1115 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1116 if ev is None:
1117 raise Exception("Timeout on EAPOL-TX from hostapd")
1118 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
1119 if "OK" not in res:
1120 raise Exception("EAPOL_RX to wpa_supplicant failed")
1121
1122 # EAPOL-Key msg 2/4
1123 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
1124 if ev is None:
1125 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1126 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
1127 if "OK" not in res:
1128 raise Exception("EAPOL_RX to hostapd failed")
1129
1130 # EAPOL-Key msg 3/4
1131 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1132 if ev is None:
1133 raise Exception("Timeout on EAPOL-TX from hostapd")
1134 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
1135 if "OK" not in res:
1136 raise Exception("EAPOL_RX to wpa_supplicant failed")
1137
1138 # EAPOL-Key msg 4/4
1139 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
1140 if ev is None:
1141 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1142 msg4 = ev.split(' ')[2]
1143 # Do not send msg 4/4 to AP
1144
1145 # EAPOL-Key msg 3/4 (retry)
1146 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1147 if ev is None:
1148 raise Exception("Timeout on EAPOL-TX from hostapd")
1149 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
1150 if "OK" not in res:
1151 raise Exception("EAPOL_RX to wpa_supplicant failed")
1152
1153 # EAPOL-Key msg 4/4
1154 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
1155 if ev is None:
1156 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1157 msg4b = ev.split(' ')[2]
1158 # Do not send msg 4/4 to AP
1159
1160 # Send the previous EAPOL-Key msg 4/4 to AP
1161 res = hapd.request("EAPOL_RX " + addr + " " + msg4)
1162 if "OK" not in res:
1163 raise Exception("EAPOL_RX to hostapd failed")
1164
1165 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
1166 if ev is None:
1167 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
1168
1169 # Wait for PTK rekeying to be initialized
1170 # EAPOL-Key msg 1/4
1171 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1172 if ev is None:
1173 raise Exception("Timeout on EAPOL-TX from hostapd")
1174
1175 # EAPOL-Key msg 2/4 from the previous 4-way handshake
1176 # hostapd is expected to ignore this due to unexpected Replay Counter
1177 res = hapd.request("EAPOL_RX " + addr + " " + msg2)
1178 if "OK" not in res:
1179 raise Exception("EAPOL_RX to hostapd failed")
1180
1181 # EAPOL-Key msg 3/4 (actually, this ends up being retransmitted 1/4)
1182 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1183 if ev is None:
1184 raise Exception("Timeout on EAPOL-TX from hostapd")
1185 keyinfo = ev.split(' ')[2][10:14]
1186 if keyinfo != "008a":
1187 raise Exception("Unexpected key info when expected msg 1/4:" + keyinfo)
1188
1189 # EAPOL-Key msg 4/4 from the previous 4-way handshake
1190 # hostapd is expected to ignore this due to unexpected Replay Counter
1191 res = hapd.request("EAPOL_RX " + addr + " " + msg4b)
1192 if "OK" not in res:
1193 raise Exception("EAPOL_RX to hostapd failed")
1194
1195 # Check if any more EAPOL-Key frames are seen. If the second 4-way handshake
1196 # was accepted, there would be no more EAPOL-Key frames. If the Replay
1197 # Counters were rejected, there would be a retransmitted msg 1/4 here.
1198 ev = hapd.wait_event(["EAPOL-TX"], timeout=1.1)
1199 if ev is None:
1200 raise Exception("Did not see EAPOL-TX from hostapd in the end (expected msg 1/4)")
1201 keyinfo = ev.split(' ')[2][10:14]
1202 if keyinfo != "008a":
1203 raise Exception("Unexpected key info when expected msg 1/4:" + keyinfo)
1204
1205 def parse_eapol(data):
1206 (version, type, length) = struct.unpack('>BBH', data[0:4])
1207 payload = data[4:]
1208 if length > len(payload):
1209 raise Exception("Invalid EAPOL length")
1210 if length < len(payload):
1211 payload = payload[0:length]
1212 eapol = {}
1213 eapol['version'] = version
1214 eapol['type'] = type
1215 eapol['length'] = length
1216 eapol['payload'] = payload
1217 if type == 3:
1218 # EAPOL-Key
1219 (eapol['descr_type'],) = struct.unpack('B', payload[0:1])
1220 payload = payload[1:]
1221 if eapol['descr_type'] == 2 or eapol['descr_type'] == 254:
1222 # RSN EAPOL-Key
1223 (key_info, key_len) = struct.unpack('>HH', payload[0:4])
1224 eapol['rsn_key_info'] = key_info
1225 eapol['rsn_key_len'] = key_len
1226 eapol['rsn_replay_counter'] = payload[4:12]
1227 eapol['rsn_key_nonce'] = payload[12:44]
1228 eapol['rsn_key_iv'] = payload[44:60]
1229 eapol['rsn_key_rsc'] = payload[60:68]
1230 eapol['rsn_key_id'] = payload[68:76]
1231 eapol['rsn_key_mic'] = payload[76:92]
1232 payload = payload[92:]
1233 (eapol['rsn_key_data_len'],) = struct.unpack('>H', payload[0:2])
1234 payload = payload[2:]
1235 eapol['rsn_key_data'] = payload
1236 return eapol
1237
1238 def build_eapol(msg):
1239 data = struct.pack(">BBH", msg['version'], msg['type'], msg['length'])
1240 if msg['type'] == 3:
1241 data += struct.pack('>BHH', msg['descr_type'], msg['rsn_key_info'],
1242 msg['rsn_key_len'])
1243 data += msg['rsn_replay_counter']
1244 data += msg['rsn_key_nonce']
1245 data += msg['rsn_key_iv']
1246 data += msg['rsn_key_rsc']
1247 data += msg['rsn_key_id']
1248 data += msg['rsn_key_mic']
1249 data += struct.pack('>H', msg['rsn_key_data_len'])
1250 data += msg['rsn_key_data']
1251 else:
1252 data += msg['payload']
1253 return data
1254
1255 def sha1_prf(key, label, data, outlen):
1256 res = b''
1257 counter = 0
1258 while outlen > 0:
1259 m = hmac.new(key, label.encode(), hashlib.sha1)
1260 m.update(struct.pack('B', 0))
1261 m.update(data)
1262 m.update(struct.pack('B', counter))
1263 counter += 1
1264 hash = m.digest()
1265 if outlen > len(hash):
1266 res += hash
1267 outlen -= len(hash)
1268 else:
1269 res += hash[0:outlen]
1270 outlen = 0
1271 return res
1272
1273 def pmk_to_ptk(pmk, addr1, addr2, nonce1, nonce2):
1274 if addr1 < addr2:
1275 data = binascii.unhexlify(addr1.replace(':', '')) + binascii.unhexlify(addr2.replace(':', ''))
1276 else:
1277 data = binascii.unhexlify(addr2.replace(':', '')) + binascii.unhexlify(addr1.replace(':', ''))
1278 if nonce1 < nonce2:
1279 data += nonce1 + nonce2
1280 else:
1281 data += nonce2 + nonce1
1282 label = "Pairwise key expansion"
1283 ptk = sha1_prf(pmk, label, data, 48)
1284 kck = ptk[0:16]
1285 kek = ptk[16:32]
1286 return (ptk, kck, kek)
1287
1288 def eapol_key_mic(kck, msg):
1289 msg['rsn_key_mic'] = binascii.unhexlify('00000000000000000000000000000000')
1290 data = build_eapol(msg)
1291 m = hmac.new(kck, data, hashlib.sha1)
1292 msg['rsn_key_mic'] = m.digest()[0:16]
1293
1294 def rsn_eapol_key_set(msg, key_info, key_len, nonce, data):
1295 msg['rsn_key_info'] = key_info
1296 msg['rsn_key_len'] = key_len
1297 if nonce:
1298 msg['rsn_key_nonce'] = nonce
1299 else:
1300 msg['rsn_key_nonce'] = binascii.unhexlify('0000000000000000000000000000000000000000000000000000000000000000')
1301 if data:
1302 msg['rsn_key_data_len'] = len(data)
1303 msg['rsn_key_data'] = data
1304 msg['length'] = 95 + len(data)
1305 else:
1306 msg['rsn_key_data_len'] = 0
1307 msg['rsn_key_data'] = b''
1308 msg['length'] = 95
1309
1310 def recv_eapol(hapd):
1311 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1312 if ev is None:
1313 raise Exception("Timeout on EAPOL-TX from hostapd")
1314 eapol = binascii.unhexlify(ev.split(' ')[2])
1315 return parse_eapol(eapol)
1316
1317 def send_eapol(hapd, addr, data):
1318 res = hapd.request("EAPOL_RX " + addr + " " + binascii.hexlify(data).decode())
1319 if "OK" not in res:
1320 raise Exception("EAPOL_RX to hostapd failed")
1321
1322 def reply_eapol(info, hapd, addr, msg, key_info, nonce, data, kck):
1323 logger.info("Send EAPOL-Key msg " + info)
1324 rsn_eapol_key_set(msg, key_info, 0, nonce, data)
1325 eapol_key_mic(kck, msg)
1326 send_eapol(hapd, addr, build_eapol(msg))
1327
1328 def hapd_connected(hapd):
1329 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
1330 if ev is None:
1331 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
1332
1333 def eapol_test(apdev, dev, wpa2=True, ieee80211w=0):
1334 bssid = apdev['bssid']
1335 if wpa2:
1336 ssid = "test-wpa2-psk"
1337 else:
1338 ssid = "test-wpa-psk"
1339 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
1340 pmk = binascii.unhexlify(psk)
1341 if wpa2:
1342 params = hostapd.wpa2_params(ssid=ssid)
1343 else:
1344 params = hostapd.wpa_params(ssid=ssid)
1345 params['wpa_psk'] = psk
1346 params['ieee80211w'] = str(ieee80211w)
1347 hapd = hostapd.add_ap(apdev, params)
1348 hapd.request("SET ext_eapol_frame_io 1")
1349 dev.request("SET ext_eapol_frame_io 1")
1350 dev.connect(ssid, raw_psk=psk, scan_freq="2412", wait_connect=False,
1351 ieee80211w=str(ieee80211w))
1352 addr = dev.p2p_interface_addr()
1353 if wpa2:
1354 if ieee80211w == 2:
1355 rsne = binascii.unhexlify('30140100000fac040100000fac040100000fac02cc00')
1356 else:
1357 rsne = binascii.unhexlify('30140100000fac040100000fac040100000fac020000')
1358 else:
1359 rsne = binascii.unhexlify('dd160050f20101000050f20201000050f20201000050f202')
1360 snonce = binascii.unhexlify('1111111111111111111111111111111111111111111111111111111111111111')
1361 return (bssid, ssid, hapd, snonce, pmk, addr, rsne)
1362
1363 @remote_compatible
1364 def test_ap_wpa2_psk_ext_eapol(dev, apdev):
1365 """WPA2-PSK AP using external EAPOL supplicant"""
1366 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
1367
1368 msg = recv_eapol(hapd)
1369 anonce = msg['rsn_key_nonce']
1370 logger.info("Replay same data back")
1371 send_eapol(hapd, addr, build_eapol(msg))
1372
1373 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1374
1375 logger.info("Truncated Key Data in EAPOL-Key msg 2/4")
1376 rsn_eapol_key_set(msg, 0x0101, 0, snonce, rsne)
1377 msg['length'] = 95 + 22 - 1
1378 send_eapol(hapd, addr, build_eapol(msg))
1379
1380 reply_eapol("2/4", hapd, addr, msg, 0x010a, snonce, rsne, kck)
1381
1382 msg = recv_eapol(hapd)
1383 if anonce != msg['rsn_key_nonce']:
1384 raise Exception("ANonce changed")
1385 logger.info("Replay same data back")
1386 send_eapol(hapd, addr, build_eapol(msg))
1387
1388 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
1389 hapd_connected(hapd)
1390
1391 @remote_compatible
1392 def test_ap_wpa2_psk_ext_eapol_retry1(dev, apdev):
1393 """WPA2 4-way handshake with EAPOL-Key 1/4 retransmitted"""
1394 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
1395
1396 msg1 = recv_eapol(hapd)
1397 anonce = msg1['rsn_key_nonce']
1398
1399 msg2 = recv_eapol(hapd)
1400 if anonce != msg2['rsn_key_nonce']:
1401 raise Exception("ANonce changed")
1402
1403 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1404
1405 logger.info("Send EAPOL-Key msg 2/4")
1406 msg = msg2
1407 rsn_eapol_key_set(msg, 0x010a, 0, snonce, rsne)
1408 eapol_key_mic(kck, msg)
1409 send_eapol(hapd, addr, build_eapol(msg))
1410
1411 msg = recv_eapol(hapd)
1412 if anonce != msg['rsn_key_nonce']:
1413 raise Exception("ANonce changed")
1414
1415 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
1416 hapd_connected(hapd)
1417
1418 @remote_compatible
1419 def test_ap_wpa2_psk_ext_eapol_retry1b(dev, apdev):
1420 """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted"""
1421 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
1422
1423 msg1 = recv_eapol(hapd)
1424 anonce = msg1['rsn_key_nonce']
1425 msg2 = recv_eapol(hapd)
1426 if anonce != msg2['rsn_key_nonce']:
1427 raise Exception("ANonce changed")
1428
1429 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1430 reply_eapol("2/4 (a)", hapd, addr, msg1, 0x010a, snonce, rsne, kck)
1431 reply_eapol("2/4 (b)", hapd, addr, msg2, 0x010a, snonce, rsne, kck)
1432
1433 msg = recv_eapol(hapd)
1434 if anonce != msg['rsn_key_nonce']:
1435 raise Exception("ANonce changed")
1436
1437 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
1438 hapd_connected(hapd)
1439
1440 @remote_compatible
1441 def test_ap_wpa2_psk_ext_eapol_retry1c(dev, apdev):
1442 """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted and SNonce changing"""
1443 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
1444
1445 msg1 = recv_eapol(hapd)
1446 anonce = msg1['rsn_key_nonce']
1447
1448 msg2 = recv_eapol(hapd)
1449 if anonce != msg2['rsn_key_nonce']:
1450 raise Exception("ANonce changed")
1451 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1452 reply_eapol("2/4 (a)", hapd, addr, msg1, 0x010a, snonce, rsne, kck)
1453
1454 snonce2 = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1455 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce2, anonce)
1456 reply_eapol("2/4 (b)", hapd, addr, msg2, 0x010a, snonce2, rsne, kck)
1457
1458 msg = recv_eapol(hapd)
1459 if anonce != msg['rsn_key_nonce']:
1460 raise Exception("ANonce changed")
1461 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
1462 hapd_connected(hapd)
1463
1464 @remote_compatible
1465 def test_ap_wpa2_psk_ext_eapol_retry1d(dev, apdev):
1466 """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted and SNonce changing and older used"""
1467 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
1468
1469 msg1 = recv_eapol(hapd)
1470 anonce = msg1['rsn_key_nonce']
1471 msg2 = recv_eapol(hapd)
1472 if anonce != msg2['rsn_key_nonce']:
1473 raise Exception("ANonce changed")
1474
1475 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1476 reply_eapol("2/4 (a)", hapd, addr, msg1, 0x010a, snonce, rsne, kck)
1477
1478 snonce2 = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1479 (ptk2, kck2, kek2) = pmk_to_ptk(pmk, addr, bssid, snonce2, anonce)
1480
1481 reply_eapol("2/4 (b)", hapd, addr, msg2, 0x010a, snonce2, rsne, kck2)
1482 msg = recv_eapol(hapd)
1483 if anonce != msg['rsn_key_nonce']:
1484 raise Exception("ANonce changed")
1485 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
1486 hapd_connected(hapd)
1487
1488 @remote_compatible
1489 def test_ap_wpa2_psk_ext_eapol_type_diff(dev, apdev):
1490 """WPA2 4-way handshake using external EAPOL supplicant"""
1491 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
1492
1493 msg = recv_eapol(hapd)
1494 anonce = msg['rsn_key_nonce']
1495
1496 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1497
1498 # Incorrect descriptor type (frame dropped)
1499 msg['descr_type'] = 253
1500 rsn_eapol_key_set(msg, 0x010a, 0, snonce, rsne)
1501 eapol_key_mic(kck, msg)
1502 send_eapol(hapd, addr, build_eapol(msg))
1503
1504 # Incorrect descriptor type, but with a workaround (frame processed)
1505 msg['descr_type'] = 254
1506 rsn_eapol_key_set(msg, 0x010a, 0, snonce, rsne)
1507 eapol_key_mic(kck, msg)
1508 send_eapol(hapd, addr, build_eapol(msg))
1509
1510 msg = recv_eapol(hapd)
1511 if anonce != msg['rsn_key_nonce']:
1512 raise Exception("ANonce changed")
1513 logger.info("Replay same data back")
1514 send_eapol(hapd, addr, build_eapol(msg))
1515
1516 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
1517 hapd_connected(hapd)
1518
1519 @remote_compatible
1520 def test_ap_wpa_psk_ext_eapol(dev, apdev):
1521 """WPA2-PSK AP using external EAPOL supplicant"""
1522 (bssid, ssid, hapd, snonce, pmk, addr, wpae) = eapol_test(apdev[0], dev[0],
1523 wpa2=False)
1524
1525 msg = recv_eapol(hapd)
1526 anonce = msg['rsn_key_nonce']
1527 logger.info("Replay same data back")
1528 send_eapol(hapd, addr, build_eapol(msg))
1529 logger.info("Too short data")
1530 send_eapol(hapd, addr, build_eapol(msg)[0:98])
1531
1532 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1533 msg['descr_type'] = 2
1534 reply_eapol("2/4(invalid type)", hapd, addr, msg, 0x010a, snonce, wpae, kck)
1535 msg['descr_type'] = 254
1536 reply_eapol("2/4", hapd, addr, msg, 0x010a, snonce, wpae, kck)
1537
1538 msg = recv_eapol(hapd)
1539 if anonce != msg['rsn_key_nonce']:
1540 raise Exception("ANonce changed")
1541 logger.info("Replay same data back")
1542 send_eapol(hapd, addr, build_eapol(msg))
1543
1544 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
1545 hapd_connected(hapd)
1546
1547 @remote_compatible
1548 def test_ap_wpa2_psk_ext_eapol_key_info(dev, apdev):
1549 """WPA2-PSK 4-way handshake with strange key info values"""
1550 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
1551
1552 msg = recv_eapol(hapd)
1553 anonce = msg['rsn_key_nonce']
1554
1555 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1556 rsn_eapol_key_set(msg, 0x0000, 0, snonce, rsne)
1557 send_eapol(hapd, addr, build_eapol(msg))
1558 rsn_eapol_key_set(msg, 0xffff, 0, snonce, rsne)
1559 send_eapol(hapd, addr, build_eapol(msg))
1560 # SMK M1
1561 rsn_eapol_key_set(msg, 0x2802, 0, snonce, rsne)
1562 send_eapol(hapd, addr, build_eapol(msg))
1563 # SMK M3
1564 rsn_eapol_key_set(msg, 0x2002, 0, snonce, rsne)
1565 send_eapol(hapd, addr, build_eapol(msg))
1566 # Request
1567 rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne)
1568 send_eapol(hapd, addr, build_eapol(msg))
1569 # Request
1570 rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne)
1571 tmp_kck = binascii.unhexlify('00000000000000000000000000000000')
1572 eapol_key_mic(tmp_kck, msg)
1573 send_eapol(hapd, addr, build_eapol(msg))
1574
1575 reply_eapol("2/4", hapd, addr, msg, 0x010a, snonce, rsne, kck)
1576
1577 msg = recv_eapol(hapd)
1578 if anonce != msg['rsn_key_nonce']:
1579 raise Exception("ANonce changed")
1580
1581 # Request (valic MIC)
1582 rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne)
1583 eapol_key_mic(kck, msg)
1584 send_eapol(hapd, addr, build_eapol(msg))
1585 # Request (valid MIC, replayed counter)
1586 rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne)
1587 eapol_key_mic(kck, msg)
1588 send_eapol(hapd, addr, build_eapol(msg))
1589
1590 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
1591 hapd_connected(hapd)
1592
1593 def build_eapol_key_1_4(anonce, replay_counter=1, key_data=b'', key_len=16):
1594 msg = {}
1595 msg['version'] = 2
1596 msg['type'] = 3
1597 msg['length'] = 95 + len(key_data)
1598
1599 msg['descr_type'] = 2
1600 msg['rsn_key_info'] = 0x8a
1601 msg['rsn_key_len'] = key_len
1602 msg['rsn_replay_counter'] = struct.pack('>Q', replay_counter)
1603 msg['rsn_key_nonce'] = anonce
1604 msg['rsn_key_iv'] = binascii.unhexlify('00000000000000000000000000000000')
1605 msg['rsn_key_rsc'] = binascii.unhexlify('0000000000000000')
1606 msg['rsn_key_id'] = binascii.unhexlify('0000000000000000')
1607 msg['rsn_key_mic'] = binascii.unhexlify('00000000000000000000000000000000')
1608 msg['rsn_key_data_len'] = len(key_data)
1609 msg['rsn_key_data'] = key_data
1610 return msg
1611
1612 def build_eapol_key_3_4(anonce, kck, key_data, replay_counter=2,
1613 key_info=0x13ca, extra_len=0, descr_type=2, key_len=16):
1614 msg = {}
1615 msg['version'] = 2
1616 msg['type'] = 3
1617 msg['length'] = 95 + len(key_data) + extra_len
1618
1619 msg['descr_type'] = descr_type
1620 msg['rsn_key_info'] = key_info
1621 msg['rsn_key_len'] = key_len
1622 msg['rsn_replay_counter'] = struct.pack('>Q', replay_counter)
1623 msg['rsn_key_nonce'] = anonce
1624 msg['rsn_key_iv'] = binascii.unhexlify('00000000000000000000000000000000')
1625 msg['rsn_key_rsc'] = binascii.unhexlify('0000000000000000')
1626 msg['rsn_key_id'] = binascii.unhexlify('0000000000000000')
1627 msg['rsn_key_data_len'] = len(key_data)
1628 msg['rsn_key_data'] = key_data
1629 eapol_key_mic(kck, msg)
1630 return msg
1631
1632 def aes_wrap(kek, plain):
1633 n = len(plain) // 8
1634 a = 0xa6a6a6a6a6a6a6a6
1635 enc = AES.new(kek).encrypt
1636 r = [plain[i * 8:(i + 1) * 8] for i in range(0, n)]
1637 for j in range(6):
1638 for i in range(1, n + 1):
1639 b = enc(struct.pack('>Q', a) + r[i - 1])
1640 a = struct.unpack('>Q', b[:8])[0] ^ (n * j + i)
1641 r[i - 1] = b[8:]
1642 return struct.pack('>Q', a) + b''.join(r)
1643
1644 def pad_key_data(plain):
1645 pad_len = len(plain) % 8
1646 if pad_len:
1647 pad_len = 8 - pad_len
1648 plain += b'\xdd'
1649 pad_len -= 1
1650 plain += pad_len * b'\x00'
1651 return plain
1652
1653 def test_ap_wpa2_psk_supp_proto(dev, apdev):
1654 """WPA2-PSK 4-way handshake protocol testing for supplicant"""
1655 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
1656
1657 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1658 msg = recv_eapol(hapd)
1659 dev[0].dump_monitor()
1660
1661 # Build own EAPOL-Key msg 1/4
1662 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1663 counter = 1
1664 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1665 counter += 1
1666 send_eapol(dev[0], bssid, build_eapol(msg))
1667 msg = recv_eapol(dev[0])
1668 snonce = msg['rsn_key_nonce']
1669
1670 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1671
1672 logger.debug("Invalid AES wrap data length 0")
1673 dev[0].dump_monitor()
1674 msg = build_eapol_key_3_4(anonce, kck, b'', replay_counter=counter)
1675 counter += 1
1676 send_eapol(dev[0], bssid, build_eapol(msg))
1677 ev = dev[0].wait_event(["WPA: Unsupported AES-WRAP len 0"])
1678 if ev is None:
1679 raise Exception("Unsupported AES-WRAP len 0 not reported")
1680
1681 logger.debug("Invalid AES wrap data length 1")
1682 dev[0].dump_monitor()
1683 msg = build_eapol_key_3_4(anonce, kck, b'1', replay_counter=counter)
1684 counter += 1
1685 send_eapol(dev[0], bssid, build_eapol(msg))
1686 ev = dev[0].wait_event(["WPA: Unsupported AES-WRAP len 1"])
1687 if ev is None:
1688 raise Exception("Unsupported AES-WRAP len 1 not reported")
1689
1690 logger.debug("Invalid AES wrap data length 9")
1691 dev[0].dump_monitor()
1692 msg = build_eapol_key_3_4(anonce, kck, b'123456789', replay_counter=counter)
1693 counter += 1
1694 send_eapol(dev[0], bssid, build_eapol(msg))
1695 ev = dev[0].wait_event(["WPA: Unsupported AES-WRAP len 9"])
1696 if ev is None:
1697 raise Exception("Unsupported AES-WRAP len 9 not reported")
1698
1699 logger.debug("Invalid AES wrap data payload")
1700 dev[0].dump_monitor()
1701 msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter)
1702 # do not increment counter to test replay protection
1703 send_eapol(dev[0], bssid, build_eapol(msg))
1704 ev = dev[0].wait_event(["WPA: AES unwrap failed"])
1705 if ev is None:
1706 raise Exception("AES unwrap failure not reported")
1707
1708 logger.debug("Replay Count not increasing")
1709 dev[0].dump_monitor()
1710 msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter)
1711 counter += 1
1712 send_eapol(dev[0], bssid, build_eapol(msg))
1713 ev = dev[0].wait_event(["WPA: EAPOL-Key Replay Counter did not increase"])
1714 if ev is None:
1715 raise Exception("Replay Counter replay not reported")
1716
1717 logger.debug("Missing Ack bit in key info")
1718 dev[0].dump_monitor()
1719 msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter,
1720 key_info=0x134a)
1721 counter += 1
1722 send_eapol(dev[0], bssid, build_eapol(msg))
1723 ev = dev[0].wait_event(["WPA: No Ack bit in key_info"])
1724 if ev is None:
1725 raise Exception("Missing Ack bit not reported")
1726
1727 logger.debug("Unexpected Request bit in key info")
1728 dev[0].dump_monitor()
1729 msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter,
1730 key_info=0x1bca)
1731 counter += 1
1732 send_eapol(dev[0], bssid, build_eapol(msg))
1733 ev = dev[0].wait_event(["WPA: EAPOL-Key with Request bit"])
1734 if ev is None:
1735 raise Exception("Request bit not reported")
1736
1737 logger.debug("Unsupported key descriptor version 0")
1738 dev[0].dump_monitor()
1739 msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef',
1740 replay_counter=counter, key_info=0x13c8)
1741 counter += 1
1742 send_eapol(dev[0], bssid, build_eapol(msg))
1743 ev = dev[0].wait_event(["WPA: Unsupported EAPOL-Key descriptor version 0"])
1744 if ev is None:
1745 raise Exception("Unsupported EAPOL-Key descriptor version 0 not reported")
1746
1747 logger.debug("Key descriptor version 1 not allowed with CCMP")
1748 dev[0].dump_monitor()
1749 msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef',
1750 replay_counter=counter, key_info=0x13c9)
1751 counter += 1
1752 send_eapol(dev[0], bssid, build_eapol(msg))
1753 ev = dev[0].wait_event(["WPA: CCMP is used, but EAPOL-Key descriptor version (1) is not 2"])
1754 if ev is None:
1755 raise Exception("Not allowed EAPOL-Key descriptor version not reported")
1756
1757 logger.debug("Invalid AES wrap payload with key descriptor version 2")
1758 dev[0].dump_monitor()
1759 msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef',
1760 replay_counter=counter, key_info=0x13ca)
1761 counter += 1
1762 send_eapol(dev[0], bssid, build_eapol(msg))
1763 ev = dev[0].wait_event(["WPA: AES unwrap failed"])
1764 if ev is None:
1765 raise Exception("AES unwrap failure not reported")
1766
1767 logger.debug("Key descriptor version 3 workaround")
1768 dev[0].dump_monitor()
1769 msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef',
1770 replay_counter=counter, key_info=0x13cb)
1771 counter += 1
1772 send_eapol(dev[0], bssid, build_eapol(msg))
1773 ev = dev[0].wait_event(["WPA: CCMP is used, but EAPOL-Key descriptor version (3) is not 2"])
1774 if ev is None:
1775 raise Exception("CCMP key descriptor mismatch not reported")
1776 ev = dev[0].wait_event(["WPA: Interoperability workaround"])
1777 if ev is None:
1778 raise Exception("AES-128-CMAC workaround not reported")
1779 ev = dev[0].wait_event(["WPA: Invalid EAPOL-Key MIC - dropping packet"])
1780 if ev is None:
1781 raise Exception("MIC failure with AES-128-CMAC workaround not reported")
1782
1783 logger.debug("Unsupported key descriptor version 4")
1784 dev[0].dump_monitor()
1785 msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef',
1786 replay_counter=counter, key_info=0x13cc)
1787 counter += 1
1788 send_eapol(dev[0], bssid, build_eapol(msg))
1789 ev = dev[0].wait_event(["WPA: Unsupported EAPOL-Key descriptor version 4"])
1790 if ev is None:
1791 raise Exception("Unsupported EAPOL-Key descriptor version 4 not reported")
1792
1793 logger.debug("Unsupported key descriptor version 7")
1794 dev[0].dump_monitor()
1795 msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef',
1796 replay_counter=counter, key_info=0x13cf)
1797 counter += 1
1798 send_eapol(dev[0], bssid, build_eapol(msg))
1799 ev = dev[0].wait_event(["WPA: Unsupported EAPOL-Key descriptor version 7"])
1800 if ev is None:
1801 raise Exception("Unsupported EAPOL-Key descriptor version 7 not reported")
1802
1803 logger.debug("Too short EAPOL header length")
1804 dev[0].dump_monitor()
1805 msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter,
1806 extra_len=-1)
1807 counter += 1
1808 send_eapol(dev[0], bssid, build_eapol(msg))
1809 ev = dev[0].wait_event(["WPA: Invalid EAPOL-Key frame - key_data overflow (8 > 7)"])
1810 if ev is None:
1811 raise Exception("Key data overflow not reported")
1812
1813 logger.debug("Too long EAPOL header length")
1814 msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter,
1815 extra_len=1)
1816 counter += 1
1817 send_eapol(dev[0], bssid, build_eapol(msg))
1818
1819 logger.debug("Unsupported descriptor type 0")
1820 msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter,
1821 descr_type=0)
1822 counter += 1
1823 send_eapol(dev[0], bssid, build_eapol(msg))
1824
1825 logger.debug("WPA descriptor type 0")
1826 msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter,
1827 descr_type=254)
1828 counter += 1
1829 send_eapol(dev[0], bssid, build_eapol(msg))
1830
1831 logger.debug("Non-zero key index for pairwise key")
1832 dev[0].dump_monitor()
1833 wrapped = aes_wrap(kek, 16*b'z')
1834 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
1835 key_info=0x13ea)
1836 counter += 1
1837 send_eapol(dev[0], bssid, build_eapol(msg))
1838 ev = dev[0].wait_event(["WPA: Ignored EAPOL-Key (Pairwise) with non-zero key index"])
1839 if ev is None:
1840 raise Exception("Non-zero key index not reported")
1841
1842 logger.debug("Invalid Key Data plaintext payload --> disconnect")
1843 dev[0].dump_monitor()
1844 wrapped = aes_wrap(kek, 16*b'z')
1845 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1846 counter += 1
1847 send_eapol(dev[0], bssid, build_eapol(msg))
1848 dev[0].wait_disconnected(timeout=1)
1849
1850 def test_ap_wpa2_psk_supp_proto_no_ie(dev, apdev):
1851 """WPA2-PSK supplicant protocol testing: IE not included"""
1852 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
1853
1854 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1855 msg = recv_eapol(hapd)
1856 dev[0].dump_monitor()
1857
1858 # Build own EAPOL-Key msg 1/4
1859 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1860 counter = 1
1861 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1862 counter += 1
1863 send_eapol(dev[0], bssid, build_eapol(msg))
1864 msg = recv_eapol(dev[0])
1865 snonce = msg['rsn_key_nonce']
1866
1867 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1868
1869 logger.debug("No IEs in msg 3/4 --> disconnect")
1870 dev[0].dump_monitor()
1871 wrapped = aes_wrap(kek, 16*b'\x00')
1872 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1873 counter += 1
1874 send_eapol(dev[0], bssid, build_eapol(msg))
1875 dev[0].wait_disconnected(timeout=1)
1876
1877 def test_ap_wpa2_psk_supp_proto_ie_mismatch(dev, apdev):
1878 """WPA2-PSK supplicant protocol testing: IE mismatch"""
1879 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
1880
1881 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1882 msg = recv_eapol(hapd)
1883 dev[0].dump_monitor()
1884
1885 # Build own EAPOL-Key msg 1/4
1886 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1887 counter = 1
1888 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1889 counter += 1
1890 send_eapol(dev[0], bssid, build_eapol(msg))
1891 msg = recv_eapol(dev[0])
1892 snonce = msg['rsn_key_nonce']
1893
1894 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1895
1896 logger.debug("Msg 3/4 with mismatching IE")
1897 dev[0].dump_monitor()
1898 wrapped = aes_wrap(kek, pad_key_data(binascii.unhexlify('30060100000fac04dd16000fac010100dc11188831bf4aa4a8678d2b41498618')))
1899 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1900 counter += 1
1901 send_eapol(dev[0], bssid, build_eapol(msg))
1902 dev[0].wait_disconnected(timeout=1)
1903
1904 def test_ap_wpa2_psk_supp_proto_ok(dev, apdev):
1905 """WPA2-PSK supplicant protocol testing: success"""
1906 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
1907
1908 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1909 msg = recv_eapol(hapd)
1910 dev[0].dump_monitor()
1911
1912 # Build own EAPOL-Key msg 1/4
1913 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1914 counter = 1
1915 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1916 counter += 1
1917 send_eapol(dev[0], bssid, build_eapol(msg))
1918 msg = recv_eapol(dev[0])
1919 snonce = msg['rsn_key_nonce']
1920
1921 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1922
1923 logger.debug("Valid EAPOL-Key msg 3/4")
1924 dev[0].dump_monitor()
1925 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
1926 wrapped = aes_wrap(kek, pad_key_data(plain))
1927 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1928 counter += 1
1929 send_eapol(dev[0], bssid, build_eapol(msg))
1930 dev[0].wait_connected(timeout=1)
1931
1932 def test_ap_wpa2_psk_supp_proto_no_gtk(dev, apdev):
1933 """WPA2-PSK supplicant protocol testing: no GTK"""
1934 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
1935
1936 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1937 msg = recv_eapol(hapd)
1938 dev[0].dump_monitor()
1939
1940 # Build own EAPOL-Key msg 1/4
1941 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1942 counter = 1
1943 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1944 counter += 1
1945 send_eapol(dev[0], bssid, build_eapol(msg))
1946 msg = recv_eapol(dev[0])
1947 snonce = msg['rsn_key_nonce']
1948
1949 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1950
1951 logger.debug("EAPOL-Key msg 3/4 without GTK KDE")
1952 dev[0].dump_monitor()
1953 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00')
1954 wrapped = aes_wrap(kek, pad_key_data(plain))
1955 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1956 counter += 1
1957 send_eapol(dev[0], bssid, build_eapol(msg))
1958 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.1)
1959 if ev is not None:
1960 raise Exception("Unexpected connection completion reported")
1961
1962 def test_ap_wpa2_psk_supp_proto_anonce_change(dev, apdev):
1963 """WPA2-PSK supplicant protocol testing: ANonce change"""
1964 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
1965
1966 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1967 msg = recv_eapol(hapd)
1968 dev[0].dump_monitor()
1969
1970 # Build own EAPOL-Key msg 1/4
1971 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1972 counter = 1
1973 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1974 counter += 1
1975 send_eapol(dev[0], bssid, build_eapol(msg))
1976 msg = recv_eapol(dev[0])
1977 snonce = msg['rsn_key_nonce']
1978
1979 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1980
1981 logger.debug("Valid EAPOL-Key msg 3/4")
1982 dev[0].dump_monitor()
1983 anonce2 = binascii.unhexlify('3333333333333333333333333333333333333333333333333333333333333333')
1984 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
1985 wrapped = aes_wrap(kek, pad_key_data(plain))
1986 msg = build_eapol_key_3_4(anonce2, kck, wrapped, replay_counter=counter)
1987 counter += 1
1988 send_eapol(dev[0], bssid, build_eapol(msg))
1989 ev = dev[0].wait_event(["WPA: ANonce from message 1 of 4-Way Handshake differs from 3 of 4-Way Handshake"])
1990 if ev is None:
1991 raise Exception("ANonce change not reported")
1992
1993 def test_ap_wpa2_psk_supp_proto_unexpected_group_msg(dev, apdev):
1994 """WPA2-PSK supplicant protocol testing: unexpected group message"""
1995 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
1996
1997 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1998 msg = recv_eapol(hapd)
1999 dev[0].dump_monitor()
2000
2001 # Build own EAPOL-Key msg 1/4
2002 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2003 counter = 1
2004 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
2005 counter += 1
2006 send_eapol(dev[0], bssid, build_eapol(msg))
2007 msg = recv_eapol(dev[0])
2008 snonce = msg['rsn_key_nonce']
2009
2010 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
2011
2012 logger.debug("Group key 1/2 instead of msg 3/4")
2013 dev[0].dump_monitor()
2014 wrapped = aes_wrap(kek, binascii.unhexlify('dd16000fac010100dc11188831bf4aa4a8678d2b41498618'))
2015 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
2016 key_info=0x13c2)
2017 counter += 1
2018 send_eapol(dev[0], bssid, build_eapol(msg))
2019 ev = dev[0].wait_event(["WPA: Group Key Handshake started prior to completion of 4-way handshake"])
2020 if ev is None:
2021 raise Exception("Unexpected group key message not reported")
2022 dev[0].wait_disconnected(timeout=1)
2023
2024 @remote_compatible
2025 def test_ap_wpa2_psk_supp_proto_msg_1_invalid_kde(dev, apdev):
2026 """WPA2-PSK supplicant protocol testing: invalid KDE in msg 1/4"""
2027 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
2028
2029 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2030 msg = recv_eapol(hapd)
2031 dev[0].dump_monitor()
2032
2033 # Build own EAPOL-Key msg 1/4 with invalid KDE
2034 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2035 counter = 1
2036 msg = build_eapol_key_1_4(anonce, replay_counter=counter,
2037 key_data=binascii.unhexlify('5555'))
2038 counter += 1
2039 send_eapol(dev[0], bssid, build_eapol(msg))
2040 dev[0].wait_disconnected(timeout=1)
2041
2042 def test_ap_wpa2_psk_supp_proto_wrong_pairwise_key_len(dev, apdev):
2043 """WPA2-PSK supplicant protocol testing: wrong pairwise key length"""
2044 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
2045
2046 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2047 msg = recv_eapol(hapd)
2048 dev[0].dump_monitor()
2049
2050 # Build own EAPOL-Key msg 1/4
2051 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2052 counter = 1
2053 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
2054 counter += 1
2055 send_eapol(dev[0], bssid, build_eapol(msg))
2056 msg = recv_eapol(dev[0])
2057 snonce = msg['rsn_key_nonce']
2058
2059 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
2060
2061 logger.debug("Valid EAPOL-Key msg 3/4")
2062 dev[0].dump_monitor()
2063 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
2064 wrapped = aes_wrap(kek, pad_key_data(plain))
2065 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
2066 key_len=15)
2067 counter += 1
2068 send_eapol(dev[0], bssid, build_eapol(msg))
2069 ev = dev[0].wait_event(["WPA: Invalid CCMP key length 15"])
2070 if ev is None:
2071 raise Exception("Invalid CCMP key length not reported")
2072 dev[0].wait_disconnected(timeout=1)
2073
2074 def test_ap_wpa2_psk_supp_proto_wrong_group_key_len(dev, apdev):
2075 """WPA2-PSK supplicant protocol testing: wrong group key length"""
2076 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
2077
2078 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2079 msg = recv_eapol(hapd)
2080 dev[0].dump_monitor()
2081
2082 # Build own EAPOL-Key msg 1/4
2083 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2084 counter = 1
2085 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
2086 counter += 1
2087 send_eapol(dev[0], bssid, build_eapol(msg))
2088 msg = recv_eapol(dev[0])
2089 snonce = msg['rsn_key_nonce']
2090
2091 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
2092
2093 logger.debug("Valid EAPOL-Key msg 3/4")
2094 dev[0].dump_monitor()
2095 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd15000fac010100dc11188831bf4aa4a8678d2b414986')
2096 wrapped = aes_wrap(kek, pad_key_data(plain))
2097 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
2098 counter += 1
2099 send_eapol(dev[0], bssid, build_eapol(msg))
2100 ev = dev[0].wait_event(["WPA: Unsupported CCMP Group Cipher key length 15"])
2101 if ev is None:
2102 raise Exception("Invalid CCMP key length not reported")
2103 dev[0].wait_disconnected(timeout=1)
2104
2105 def test_ap_wpa2_psk_supp_proto_gtk_tx_bit_workaround(dev, apdev):
2106 """WPA2-PSK supplicant protocol testing: GTK TX bit workaround"""
2107 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
2108
2109 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2110 msg = recv_eapol(hapd)
2111 dev[0].dump_monitor()
2112
2113 # Build own EAPOL-Key msg 1/4
2114 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2115 counter = 1
2116 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
2117 counter += 1
2118 send_eapol(dev[0], bssid, build_eapol(msg))
2119 msg = recv_eapol(dev[0])
2120 snonce = msg['rsn_key_nonce']
2121
2122 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
2123
2124 logger.debug("Valid EAPOL-Key msg 3/4")
2125 dev[0].dump_monitor()
2126 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010500dc11188831bf4aa4a8678d2b41498618')
2127 wrapped = aes_wrap(kek, pad_key_data(plain))
2128 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
2129 counter += 1
2130 send_eapol(dev[0], bssid, build_eapol(msg))
2131 ev = dev[0].wait_event(["WPA: Tx bit set for GTK, but pairwise keys are used - ignore Tx bit"])
2132 if ev is None:
2133 raise Exception("GTK Tx bit workaround not reported")
2134 dev[0].wait_connected(timeout=1)
2135
2136 def test_ap_wpa2_psk_supp_proto_gtk_keyidx_0_and_3(dev, apdev):
2137 """WPA2-PSK supplicant protocol testing: GTK key index 0 and 3"""
2138 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
2139
2140 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2141 msg = recv_eapol(hapd)
2142 dev[0].dump_monitor()
2143
2144 # Build own EAPOL-Key msg 1/4
2145 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2146 counter = 1
2147 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
2148 counter += 1
2149 send_eapol(dev[0], bssid, build_eapol(msg))
2150 msg = recv_eapol(dev[0])
2151 snonce = msg['rsn_key_nonce']
2152
2153 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
2154
2155 logger.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)")
2156 dev[0].dump_monitor()
2157 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618')
2158 wrapped = aes_wrap(kek, pad_key_data(plain))
2159 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
2160 counter += 1
2161 send_eapol(dev[0], bssid, build_eapol(msg))
2162 dev[0].wait_connected(timeout=1)
2163
2164 logger.debug("Valid EAPOL-Key group msg 1/2 (GTK keyidx 3)")
2165 dev[0].dump_monitor()
2166 plain = binascii.unhexlify('dd16000fac010300dc11188831bf4aa4a8678d2b41498618')
2167 wrapped = aes_wrap(kek, pad_key_data(plain))
2168 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
2169 key_info=0x13c2)
2170 counter += 1
2171 send_eapol(dev[0], bssid, build_eapol(msg))
2172 msg = recv_eapol(dev[0])
2173 ev = dev[0].wait_event(["WPA: Group rekeying completed"])
2174 if ev is None:
2175 raise Exception("GTK rekeing not reported")
2176
2177 logger.debug("Unencrypted GTK KDE in group msg 1/2")
2178 dev[0].dump_monitor()
2179 plain = binascii.unhexlify('dd16000fac010300dc11188831bf4aa4a8678d2b41498618')
2180 msg = build_eapol_key_3_4(anonce, kck, plain, replay_counter=counter,
2181 key_info=0x03c2)
2182 counter += 1
2183 send_eapol(dev[0], bssid, build_eapol(msg))
2184 ev = dev[0].wait_event(["WPA: GTK IE in unencrypted key data"])
2185 if ev is None:
2186 raise Exception("Unencrypted GTK KDE not reported")
2187 dev[0].wait_disconnected(timeout=1)
2188
2189 def test_ap_wpa2_psk_supp_proto_no_gtk_in_group_msg(dev, apdev):
2190 """WPA2-PSK supplicant protocol testing: GTK KDE missing from group msg"""
2191 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
2192
2193 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2194 msg = recv_eapol(hapd)
2195 dev[0].dump_monitor()
2196
2197 # Build own EAPOL-Key msg 1/4
2198 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2199 counter = 1
2200 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
2201 counter += 1
2202 send_eapol(dev[0], bssid, build_eapol(msg))
2203 msg = recv_eapol(dev[0])
2204 snonce = msg['rsn_key_nonce']
2205
2206 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
2207
2208 logger.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)")
2209 dev[0].dump_monitor()
2210 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618')
2211 wrapped = aes_wrap(kek, pad_key_data(plain))
2212 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
2213 counter += 1
2214 send_eapol(dev[0], bssid, build_eapol(msg))
2215 dev[0].wait_connected(timeout=1)
2216
2217 logger.debug("No GTK KDE in EAPOL-Key group msg 1/2")
2218 dev[0].dump_monitor()
2219 plain = binascii.unhexlify('dd00dd00dd00dd00dd00dd00dd00dd00')
2220 wrapped = aes_wrap(kek, pad_key_data(plain))
2221 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
2222 key_info=0x13c2)
2223 counter += 1
2224 send_eapol(dev[0], bssid, build_eapol(msg))
2225 ev = dev[0].wait_event(["WPA: No GTK IE in Group Key msg 1/2"])
2226 if ev is None:
2227 raise Exception("Missing GTK KDE not reported")
2228 dev[0].wait_disconnected(timeout=1)
2229
2230 def test_ap_wpa2_psk_supp_proto_too_long_gtk_in_group_msg(dev, apdev):
2231 """WPA2-PSK supplicant protocol testing: too long GTK KDE in group msg"""
2232 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
2233
2234 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2235 msg = recv_eapol(hapd)
2236 dev[0].dump_monitor()
2237
2238 # Build own EAPOL-Key msg 1/4
2239 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2240 counter = 1
2241 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
2242 counter += 1
2243 send_eapol(dev[0], bssid, build_eapol(msg))
2244 msg = recv_eapol(dev[0])
2245 snonce = msg['rsn_key_nonce']
2246
2247 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
2248
2249 logger.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)")
2250 dev[0].dump_monitor()
2251 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618')
2252 wrapped = aes_wrap(kek, pad_key_data(plain))
2253 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
2254 counter += 1
2255 send_eapol(dev[0], bssid, build_eapol(msg))
2256 dev[0].wait_connected(timeout=1)
2257
2258 logger.debug("EAPOL-Key group msg 1/2 with too long GTK KDE")
2259 dev[0].dump_monitor()
2260 plain = binascii.unhexlify('dd27000fac010100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff')
2261 wrapped = aes_wrap(kek, pad_key_data(plain))
2262 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
2263 key_info=0x13c2)
2264 counter += 1
2265 send_eapol(dev[0], bssid, build_eapol(msg))
2266 ev = dev[0].wait_event(["WPA: Unsupported CCMP Group Cipher key length 33"])
2267 if ev is None:
2268 raise Exception("Too long GTK KDE not reported")
2269 dev[0].wait_disconnected(timeout=1)
2270
2271 def test_ap_wpa2_psk_supp_proto_too_long_gtk_kde(dev, apdev):
2272 """WPA2-PSK supplicant protocol testing: too long GTK KDE"""
2273 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
2274
2275 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2276 msg = recv_eapol(hapd)
2277 dev[0].dump_monitor()
2278
2279 # Build own EAPOL-Key msg 1/4
2280 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2281 counter = 1
2282 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
2283 counter += 1
2284 send_eapol(dev[0], bssid, build_eapol(msg))
2285 msg = recv_eapol(dev[0])
2286 snonce = msg['rsn_key_nonce']
2287
2288 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
2289
2290 logger.debug("EAPOL-Key msg 3/4 with too short GTK KDE")
2291 dev[0].dump_monitor()
2292 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd27000fac010100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff')
2293 wrapped = aes_wrap(kek, pad_key_data(plain))
2294 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
2295 counter += 1
2296 send_eapol(dev[0], bssid, build_eapol(msg))
2297 dev[0].wait_disconnected(timeout=1)
2298
2299 def test_ap_wpa2_psk_supp_proto_gtk_not_encrypted(dev, apdev):
2300 """WPA2-PSK supplicant protocol testing: GTK KDE not encrypted"""
2301 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
2302
2303 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2304 msg = recv_eapol(hapd)
2305 dev[0].dump_monitor()
2306
2307 # Build own EAPOL-Key msg 1/4
2308 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2309 counter = 1
2310 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
2311 counter += 1
2312 send_eapol(dev[0], bssid, build_eapol(msg))
2313 msg = recv_eapol(dev[0])
2314 snonce = msg['rsn_key_nonce']
2315
2316 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
2317
2318 logger.debug("Valid EAPOL-Key msg 3/4")
2319 dev[0].dump_monitor()
2320 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
2321 msg = build_eapol_key_3_4(anonce, kck, plain, replay_counter=counter,
2322 key_info=0x03ca)
2323 counter += 1
2324 send_eapol(dev[0], bssid, build_eapol(msg))
2325 ev = dev[0].wait_event(["WPA: GTK IE in unencrypted key data"])
2326 if ev is None:
2327 raise Exception("Unencrypted GTK KDE not reported")
2328 dev[0].wait_disconnected(timeout=1)
2329
2330 def run_psk_supp_proto_pmf2(dev, apdev, igtk_kde=None, fail=False):
2331 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0],
2332 ieee80211w=2)
2333
2334 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2335 msg = recv_eapol(hapd)
2336 dev[0].dump_monitor()
2337
2338 # Build own EAPOL-Key msg 1/4
2339 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2340 counter = 1
2341 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
2342 counter += 1
2343 send_eapol(dev[0], bssid, build_eapol(msg))
2344 msg = recv_eapol(dev[0])
2345 snonce = msg['rsn_key_nonce']
2346
2347 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
2348
2349 logger.debug("EAPOL-Key msg 3/4")
2350 dev[0].dump_monitor()
2351 gtk_kde = binascii.unhexlify('dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
2352 plain = rsne + gtk_kde
2353 if igtk_kde:
2354 plain += igtk_kde
2355 wrapped = aes_wrap(kek, pad_key_data(plain))
2356 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
2357 counter += 1
2358 send_eapol(dev[0], bssid, build_eapol(msg))
2359 if fail:
2360 dev[0].wait_disconnected(timeout=1)
2361 return
2362
2363 dev[0].wait_connected(timeout=1)
2364
2365 # Verify that an unprotected broadcast Deauthentication frame is ignored
2366 bssid = binascii.unhexlify(hapd.own_addr().replace(':', ''))
2367 sock = start_monitor(apdev[1]["ifname"])
2368 radiotap = radiotap_build()
2369 frame = binascii.unhexlify("c0003a01")
2370 frame += 6*b'\xff' + bssid + bssid
2371 frame += binascii.unhexlify("1000" + "0300")
2372 sock.send(radiotap + frame)
2373 # And same with incorrect BIP protection
2374 for keyid in ["0400", "0500", "0600", "0004", "0005", "0006", "ffff"]:
2375 frame2 = frame + binascii.unhexlify("4c10" + keyid + "010000000000c0e5ca5f2b3b4de9")
2376 sock.send(radiotap + frame2)
2377 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=0.5)
2378 if ev is not None:
2379 raise Exception("Unexpected disconnection")
2380
2381 def run_psk_supp_proto_pmf(dev, apdev, igtk_kde=None, fail=False):
2382 try:
2383 run_psk_supp_proto_pmf2(dev, apdev, igtk_kde=igtk_kde, fail=fail)
2384 finally:
2385 stop_monitor(apdev[1]["ifname"])
2386
2387 def test_ap_wpa2_psk_supp_proto_no_igtk(dev, apdev):
2388 """WPA2-PSK supplicant protocol testing: no IGTK KDE"""
2389 run_psk_supp_proto_pmf(dev, apdev, igtk_kde=None)
2390
2391 def test_ap_wpa2_psk_supp_proto_igtk_ok(dev, apdev):
2392 """WPA2-PSK supplicant protocol testing: valid IGTK KDE"""
2393 igtk_kde = binascii.unhexlify('dd1c' + '000fac09' + '0400' + 6*'00' + 16*'77')
2394 run_psk_supp_proto_pmf(dev, apdev, igtk_kde=igtk_kde)
2395
2396 def test_ap_wpa2_psk_supp_proto_igtk_keyid_swap(dev, apdev):
2397 """WPA2-PSK supplicant protocol testing: swapped IGTK KeyID"""
2398 igtk_kde = binascii.unhexlify('dd1c' + '000fac09' + '0004' + 6*'00' + 16*'77')
2399 run_psk_supp_proto_pmf(dev, apdev, igtk_kde=igtk_kde)
2400
2401 def test_ap_wpa2_psk_supp_proto_igtk_keyid_too_large(dev, apdev):
2402 """WPA2-PSK supplicant protocol testing: too large IGTK KeyID"""
2403 igtk_kde = binascii.unhexlify('dd1c' + '000fac09' + 'ffff' + 6*'00' + 16*'77')
2404 run_psk_supp_proto_pmf(dev, apdev, igtk_kde=igtk_kde, fail=True)
2405
2406 def test_ap_wpa2_psk_supp_proto_igtk_keyid_unexpected(dev, apdev):
2407 """WPA2-PSK supplicant protocol testing: unexpected IGTK KeyID"""
2408 igtk_kde = binascii.unhexlify('dd1c' + '000fac09' + '0006' + 6*'00' + 16*'77')
2409 run_psk_supp_proto_pmf(dev, apdev, igtk_kde=igtk_kde, fail=True)
2410
2411 def find_wpas_process(dev):
2412 ifname = dev.ifname
2413 err, data = dev.cmd_execute(['ps', 'ax'])
2414 for l in data.splitlines():
2415 if "wpa_supplicant" not in l:
2416 continue
2417 if "-i" + ifname not in l:
2418 continue
2419 return int(l.strip().split(' ')[0])
2420 raise Exception("Could not find wpa_supplicant process")
2421
2422 def read_process_memory(pid, key=None):
2423 buf = bytes()
2424 logger.info("Reading process memory (pid=%d)" % pid)
2425 with open('/proc/%d/maps' % pid, 'r') as maps, \
2426 open('/proc/%d/mem' % pid, 'rb') as mem:
2427 for l in maps.readlines():
2428 m = re.match(r'([0-9a-f]+)-([0-9a-f]+) ([-r][-w][-x][-p])', l)
2429 if not m:
2430 continue
2431 start = int(m.group(1), 16)
2432 end = int(m.group(2), 16)
2433 perm = m.group(3)
2434 if start > 0xffffffffffff:
2435 continue
2436 if end < start:
2437 continue
2438 if not perm.startswith('rw'):
2439 continue
2440 for name in ["[heap]", "[stack]"]:
2441 if name in l:
2442 logger.info("%s 0x%x-0x%x is at %d-%d" % (name, start, end, len(buf), len(buf) + (end - start)))
2443 mem.seek(start)
2444 data = mem.read(end - start)
2445 buf += data
2446 if key and key in data:
2447 logger.info("Key found in " + l)
2448 logger.info("Total process memory read: %d bytes" % len(buf))
2449 return buf
2450
2451 def verify_not_present(buf, key, fname, keyname):
2452 pos = buf.find(key)
2453 if pos < 0:
2454 return
2455
2456 prefix = 2048 if pos > 2048 else pos
2457 with open(fname + keyname, 'wb') as f:
2458 f.write(buf[pos - prefix:pos + 2048])
2459 raise Exception(keyname + " found after disassociation")
2460
2461 def get_key_locations(buf, key, keyname):
2462 count = 0
2463 pos = 0
2464 while True:
2465 pos = buf.find(key, pos)
2466 if pos < 0:
2467 break
2468 logger.info("Found %s at %d" % (keyname, pos))
2469 context = 128
2470 start = pos - context if pos > context else 0
2471 before = binascii.hexlify(buf[start:pos])
2472 context += len(key)
2473 end = pos + context if pos < len(buf) - context else len(buf) - context
2474 after = binascii.hexlify(buf[pos + len(key):end])
2475 logger.debug("Memory context %d-%d: %s|%s|%s" % (start, end, before, binascii.hexlify(key), after))
2476 count += 1
2477 pos += len(key)
2478 return count
2479
2480 def test_wpa2_psk_key_lifetime_in_memory(dev, apdev, params):
2481 """WPA2-PSK and PSK/PTK lifetime in memory"""
2482 ssid = "test-wpa2-psk"
2483 passphrase = 'qwertyuiop'
2484 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
2485 pmk = binascii.unhexlify(psk)
2486 p = hostapd.wpa2_params(ssid=ssid)
2487 p['wpa_psk'] = psk
2488 hapd = hostapd.add_ap(apdev[0], p)
2489
2490 pid = find_wpas_process(dev[0])
2491
2492 id = dev[0].connect(ssid, raw_psk=psk, scan_freq="2412",
2493 only_add_network=True)
2494
2495 logger.info("Checking keys in memory after network profile configuration")
2496 buf = read_process_memory(pid, pmk)
2497 get_key_locations(buf, pmk, "PMK")
2498
2499 dev[0].request("REMOVE_NETWORK all")
2500 logger.info("Checking keys in memory after network profile removal")
2501 buf = read_process_memory(pid, pmk)
2502 get_key_locations(buf, pmk, "PMK")
2503
2504 id = dev[0].connect(ssid, psk=passphrase, scan_freq="2412",
2505 only_add_network=True)
2506
2507 logger.info("Checking keys in memory before connection")
2508 buf = read_process_memory(pid, pmk)
2509 get_key_locations(buf, pmk, "PMK")
2510
2511 dev[0].connect_network(id, timeout=20)
2512 # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
2513 # event has been delivered, so verify that wpa_supplicant has returned to
2514 # eloop before reading process memory.
2515 time.sleep(1)
2516 dev[0].ping()
2517
2518 buf = read_process_memory(pid, pmk)
2519
2520 dev[0].request("DISCONNECT")
2521 dev[0].wait_disconnected()
2522
2523 dev[0].relog()
2524 ptk = None
2525 gtk = None
2526 with open(os.path.join(params['logdir'], 'log0'), 'r') as f:
2527 for l in f.readlines():
2528 if "WPA: PTK - hexdump" in l:
2529 val = l.strip().split(':')[3].replace(' ', '')
2530 ptk = binascii.unhexlify(val)
2531 if "WPA: Group Key - hexdump" in l:
2532 val = l.strip().split(':')[3].replace(' ', '')
2533 gtk = binascii.unhexlify(val)
2534 if not pmk or not ptk or not gtk:
2535 raise Exception("Could not find keys from debug log")
2536 if len(gtk) != 16:
2537 raise Exception("Unexpected GTK length")
2538
2539 kck = ptk[0:16]
2540 kek = ptk[16:32]
2541 tk = ptk[32:48]
2542
2543 logger.info("Checking keys in memory while associated")
2544 get_key_locations(buf, pmk, "PMK")
2545 if pmk not in buf:
2546 raise HwsimSkip("PMK not found while associated")
2547 if kck not in buf:
2548 raise Exception("KCK not found while associated")
2549 if kek not in buf:
2550 raise Exception("KEK not found while associated")
2551 #if tk in buf:
2552 # raise Exception("TK found from memory")
2553
2554 logger.info("Checking keys in memory after disassociation")
2555 buf = read_process_memory(pid, pmk)
2556 get_key_locations(buf, pmk, "PMK")
2557
2558 # Note: PMK/PSK is still present in network configuration
2559
2560 fname = os.path.join(params['logdir'],
2561 'wpa2_psk_key_lifetime_in_memory.memctx-')
2562 verify_not_present(buf, kck, fname, "KCK")
2563 verify_not_present(buf, kek, fname, "KEK")
2564 verify_not_present(buf, tk, fname, "TK")
2565 if gtk in buf:
2566 get_key_locations(buf, gtk, "GTK")
2567 verify_not_present(buf, gtk, fname, "GTK")
2568
2569 dev[0].request("REMOVE_NETWORK all")
2570
2571 logger.info("Checking keys in memory after network profile removal")
2572 buf = read_process_memory(pid, pmk)
2573 get_key_locations(buf, pmk, "PMK")
2574
2575 verify_not_present(buf, pmk, fname, "PMK")
2576 verify_not_present(buf, kck, fname, "KCK")
2577 verify_not_present(buf, kek, fname, "KEK")
2578 verify_not_present(buf, tk, fname, "TK")
2579 verify_not_present(buf, gtk, fname, "GTK")
2580
2581 @remote_compatible
2582 def test_ap_wpa2_psk_wep(dev, apdev):
2583 """WPA2-PSK AP and WEP enabled"""
2584 ssid = "test-wpa2-psk"
2585 passphrase = 'qwertyuiop'
2586 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
2587 hapd = hostapd.add_ap(apdev[0], params)
2588 try:
2589 hapd.set('wep_key0', '"hello"')
2590 raise Exception("WEP key accepted to WPA2 network")
2591 except Exception:
2592 pass
2593
2594 def test_ap_wpa2_psk_wpas_in_bridge(dev, apdev):
2595 """WPA2-PSK AP and wpas interface in a bridge"""
2596 br_ifname = 'sta-br0'
2597 ifname = 'wlan5'
2598 try:
2599 _test_ap_wpa2_psk_wpas_in_bridge(dev, apdev)
2600 finally:
2601 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'down'])
2602 subprocess.call(['brctl', 'delif', br_ifname, ifname])
2603 subprocess.call(['brctl', 'delbr', br_ifname])
2604 subprocess.call(['iw', ifname, 'set', '4addr', 'off'])
2605
2606 def _test_ap_wpa2_psk_wpas_in_bridge(dev, apdev):
2607 ssid = "test-wpa2-psk"
2608 passphrase = 'qwertyuiop'
2609 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
2610 hapd = hostapd.add_ap(apdev[0], params)
2611
2612 br_ifname = 'sta-br0'
2613 ifname = 'wlan5'
2614 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
2615 subprocess.call(['brctl', 'addbr', br_ifname])
2616 subprocess.call(['brctl', 'setfd', br_ifname, '0'])
2617 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'up'])
2618 subprocess.call(['iw', ifname, 'set', '4addr', 'on'])
2619 subprocess.check_call(['brctl', 'addif', br_ifname, ifname])
2620 wpas.interface_add(ifname, br_ifname=br_ifname)
2621 wpas.dump_monitor()
2622
2623 wpas.connect(ssid, psk=passphrase, scan_freq="2412")
2624 wpas.dump_monitor()
2625
2626 @remote_compatible
2627 def test_ap_wpa2_psk_ifdown(dev, apdev):
2628 """AP with open mode and external ifconfig down"""
2629 ssid = "test-wpa2-psk"
2630 passphrase = 'qwertyuiop'
2631 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
2632 hapd = hostapd.add_ap(apdev[0], params)
2633 bssid = apdev[0]['bssid']
2634
2635 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
2636 hapd.cmd_execute(['ip', 'link', 'set', 'dev', apdev[0]['ifname'], 'down'])
2637 ev = hapd.wait_event(["INTERFACE-DISABLED"], timeout=10)
2638 if ev is None:
2639 raise Exception("No INTERFACE-DISABLED event")
2640 # this wait tests beacon loss detection in mac80211
2641 dev[0].wait_disconnected()
2642 hapd.cmd_execute(['ip', 'link', 'set', 'dev', apdev[0]['ifname'], 'up'])
2643 ev = hapd.wait_event(["INTERFACE-ENABLED"], timeout=10)
2644 if ev is None:
2645 raise Exception("No INTERFACE-ENABLED event")
2646 dev[0].wait_connected()
2647 hwsim_utils.test_connectivity(dev[0], hapd)
2648
2649 def test_ap_wpa2_psk_drop_first_msg_4(dev, apdev):
2650 """WPA2-PSK and first EAPOL-Key msg 4/4 dropped"""
2651 bssid = apdev[0]['bssid']
2652 ssid = "test-wpa2-psk"
2653 passphrase = 'qwertyuiop'
2654 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
2655 params = hostapd.wpa2_params(ssid=ssid)
2656 params['wpa_psk'] = psk
2657 hapd = hostapd.add_ap(apdev[0], params)
2658 hapd.request("SET ext_eapol_frame_io 1")
2659 dev[0].request("SET ext_eapol_frame_io 1")
2660 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
2661 addr = dev[0].own_addr()
2662
2663 # EAPOL-Key msg 1/4
2664 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
2665 if ev is None:
2666 raise Exception("Timeout on EAPOL-TX from hostapd")
2667 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
2668 if "OK" not in res:
2669 raise Exception("EAPOL_RX to wpa_supplicant failed")
2670
2671 # EAPOL-Key msg 2/4
2672 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
2673 if ev is None:
2674 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
2675 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
2676 if "OK" not in res:
2677 raise Exception("EAPOL_RX to hostapd failed")
2678
2679 # EAPOL-Key msg 3/4
2680 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
2681 if ev is None:
2682 raise Exception("Timeout on EAPOL-TX from hostapd")
2683 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
2684 if "OK" not in res:
2685 raise Exception("EAPOL_RX to wpa_supplicant failed")
2686
2687 # EAPOL-Key msg 4/4
2688 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
2689 if ev is None:
2690 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
2691 logger.info("Drop the first EAPOL-Key msg 4/4")
2692
2693 # wpa_supplicant believes now that 4-way handshake succeeded; hostapd
2694 # doesn't. Use normal EAPOL TX/RX to handle retries.
2695 hapd.request("SET ext_eapol_frame_io 0")
2696 dev[0].request("SET ext_eapol_frame_io 0")
2697 dev[0].wait_connected()
2698
2699 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
2700 if ev is None:
2701 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
2702
2703 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=0.1)
2704 if ev is not None:
2705 logger.info("Disconnection detected")
2706 # The EAPOL-Key retries are supposed to allow the connection to be
2707 # established without having to reassociate. However, this does not
2708 # currently work since mac80211 ends up encrypting EAPOL-Key msg 4/4
2709 # after the pairwise key has been configured and AP will drop those and
2710 # disconnect the station after reaching retransmission limit. Connection
2711 # is then established after reassociation. Once that behavior has been
2712 # optimized to prevent EAPOL-Key frame encryption for retransmission
2713 # case, this exception can be uncommented here.
2714 #raise Exception("Unexpected disconnection")
2715
2716 @remote_compatible
2717 def test_ap_wpa2_psk_disable_enable(dev, apdev):
2718 """WPA2-PSK AP getting disabled and re-enabled"""
2719 ssid = "test-wpa2-psk"
2720 passphrase = 'qwertyuiop'
2721 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
2722 params = hostapd.wpa2_params(ssid=ssid)
2723 params['wpa_psk'] = psk
2724 hapd = hostapd.add_ap(apdev[0], params)
2725 dev[0].connect(ssid, raw_psk=psk, scan_freq="2412")
2726
2727 for i in range(2):
2728 hapd.request("DISABLE")
2729 dev[0].wait_disconnected()
2730 hapd.request("ENABLE")
2731 dev[0].wait_connected()
2732 hwsim_utils.test_connectivity(dev[0], hapd)
2733
2734 @remote_compatible
2735 def test_ap_wpa2_psk_incorrect_passphrase(dev, apdev):
2736 """WPA2-PSK AP and station using incorrect passphrase"""
2737 ssid = "test-wpa2-psk"
2738 passphrase = 'qwertyuiop'
2739 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
2740 hapd = hostapd.add_ap(apdev[0], params)
2741 dev[0].connect(ssid, psk="incorrect passphrase", scan_freq="2412",
2742 wait_connect=False)
2743 ev = hapd.wait_event(["AP-STA-POSSIBLE-PSK-MISMATCH"], timeout=10)
2744 if ev is None:
2745 raise Exception("No AP-STA-POSSIBLE-PSK-MISMATCH reported")
2746 dev[0].dump_monitor()
2747
2748 hapd.disable()
2749 hapd.set("wpa_passphrase", "incorrect passphrase")
2750 hapd.enable()
2751
2752 dev[0].wait_connected(timeout=20)
2753
2754 @remote_compatible
2755 def test_ap_wpa_ie_parsing(dev, apdev):
2756 """WPA IE parsing"""
2757 skip_with_fips(dev[0])
2758 ssid = "test-wpa-psk"
2759 passphrase = 'qwertyuiop'
2760 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
2761 hapd = hostapd.add_ap(apdev[0], params)
2762 id = dev[0].connect(ssid, psk=passphrase, scan_freq="2412",
2763 only_add_network=True)
2764
2765 tests = ["dd040050f201",
2766 "dd050050f20101",
2767 "dd060050f2010100",
2768 "dd060050f2010001",
2769 "dd070050f201010000",
2770 "dd080050f20101000050",
2771 "dd090050f20101000050f2",
2772 "dd0a0050f20101000050f202",
2773 "dd0b0050f20101000050f20201",
2774 "dd0c0050f20101000050f2020100",
2775 "dd0c0050f20101000050f2020000",
2776 "dd0c0050f20101000050f202ffff",
2777 "dd0d0050f20101000050f202010000",
2778 "dd0e0050f20101000050f20201000050",
2779 "dd0f0050f20101000050f20201000050f2",
2780 "dd100050f20101000050f20201000050f202",
2781 "dd110050f20101000050f20201000050f20201",
2782 "dd120050f20101000050f20201000050f2020100",
2783 "dd120050f20101000050f20201000050f2020000",
2784 "dd120050f20101000050f20201000050f202ffff",
2785 "dd130050f20101000050f20201000050f202010000",
2786 "dd140050f20101000050f20201000050f20201000050",
2787 "dd150050f20101000050f20201000050f20201000050f2"]
2788 for t in tests:
2789 try:
2790 if "OK" not in dev[0].request("VENDOR_ELEM_ADD 13 " + t):
2791 raise Exception("VENDOR_ELEM_ADD failed")
2792 dev[0].select_network(id)
2793 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
2794 if ev is None:
2795 raise Exception("Association rejection not reported")
2796 dev[0].request("DISCONNECT")
2797 dev[0].dump_monitor()
2798 finally:
2799 dev[0].request("VENDOR_ELEM_REMOVE 13 *")
2800
2801 tests = ["dd170050f20101000050f20201000050f20201000050f202ff",
2802 "dd180050f20101000050f20201000050f20201000050f202ffff",
2803 "dd190050f20101000050f20201000050f20201000050f202ffffff"]
2804 for t in tests:
2805 try:
2806 if "OK" not in dev[0].request("VENDOR_ELEM_ADD 13 " + t):
2807 raise Exception("VENDOR_ELEM_ADD failed")
2808 dev[0].select_network(id)
2809 ev = dev[0].wait_event(['CTRL-EVENT-CONNECTED',
2810 'WPA: 4-Way Handshake failed'], timeout=10)
2811 if ev is None:
2812 raise Exception("Association failed unexpectedly")
2813 dev[0].request("DISCONNECT")
2814 dev[0].dump_monitor()
2815 finally:
2816 dev[0].request("VENDOR_ELEM_REMOVE 13 *")
2817
2818 @remote_compatible
2819 def test_ap_wpa2_psk_no_random(dev, apdev):
2820 """WPA2-PSK AP and no random numbers available"""
2821 ssid = "test-wpa2-psk"
2822 passphrase = 'qwertyuiop'
2823 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
2824 params = hostapd.wpa2_params(ssid=ssid)
2825 params['wpa_psk'] = psk
2826 hapd = hostapd.add_ap(apdev[0], params)
2827 with fail_test(hapd, 1, "wpa_gmk_to_gtk"):
2828 id = dev[0].connect(ssid, raw_psk=psk, scan_freq="2412",
2829 wait_connect=False)
2830 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=15)
2831 if ev is None:
2832 raise Exception("Disconnection event not reported")
2833 dev[0].request("DISCONNECT")
2834 dev[0].select_network(id, freq=2412)
2835 dev[0].wait_connected()
2836
2837 @remote_compatible
2838 def test_rsn_ie_proto_psk_sta(dev, apdev):
2839 """RSN element protocol testing for PSK cases on STA side"""
2840 bssid = apdev[0]['bssid']
2841 ssid = "test-wpa2-psk"
2842 passphrase = 'qwertyuiop'
2843 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
2844 # This is the RSN element used normally by hostapd
2845 params['own_ie_override'] = '30140100000fac040100000fac040100000fac020c00'
2846 hapd = hostapd.add_ap(apdev[0], params)
2847 if "FAIL" not in hapd.request("SET own_ie_override qwerty"):
2848 raise Exception("Invalid own_ie_override value accepted")
2849 id = dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
2850
2851 tests = [('No RSN Capabilities field',
2852 '30120100000fac040100000fac040100000fac02'),
2853 ('Reserved RSN Capabilities bits set',
2854 '30140100000fac040100000fac040100000fac023cff'),
2855 ('Truncated RSN Capabilities field',
2856 '30130100000fac040100000fac040100000fac023c'),
2857 ('Extra pairwise cipher suite (unsupported)',
2858 '30180100000fac040200ffffffff000fac040100000fac020c00'),
2859 ('Extra AKM suite (unsupported)',
2860 '30180100000fac040100000fac040200ffffffff000fac020c00'),
2861 ('PMKIDCount field included',
2862 '30160100000fac040100000fac040100000fac020c000000'),
2863 ('Truncated PMKIDCount field',
2864 '30150100000fac040100000fac040100000fac020c0000'),
2865 ('Unexpected Group Management Cipher Suite with PMF disabled',
2866 '301a0100000fac040100000fac040100000fac020c000000000fac06'),
2867 ('Extra octet after defined fields (future extensibility)',
2868 '301b0100000fac040100000fac040100000fac020c000000000fac0600')]
2869 for txt, ie in tests:
2870 dev[0].request("DISCONNECT")
2871 dev[0].wait_disconnected()
2872 dev[0].dump_monitor()
2873 dev[0].request("NOTE " + txt)
2874 logger.info(txt)
2875 hapd.disable()
2876 hapd.set('own_ie_override', ie)
2877 hapd.enable()
2878 dev[0].request("BSS_FLUSH 0")
2879 dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
2880 dev[0].select_network(id, freq=2412)
2881 dev[0].wait_connected()
2882
2883 @remote_compatible
2884 def test_ap_cli_order(dev, apdev):
2885 ssid = "test-rsn-setup"
2886 passphrase = 'zzzzzzzz'
2887
2888 hapd = hostapd.add_ap(apdev[0], {}, no_enable=True)
2889 hapd.set('ssid', ssid)
2890 hapd.set('wpa_passphrase', passphrase)
2891 hapd.set('rsn_pairwise', 'CCMP')
2892 hapd.set('wpa_key_mgmt', 'WPA-PSK')
2893 hapd.set('wpa', '2')
2894 hapd.enable()
2895 cfg = hapd.get_config()
2896 if cfg['group_cipher'] != 'CCMP':
2897 raise Exception("Unexpected group_cipher: " + cfg['group_cipher'])
2898 if cfg['rsn_pairwise_cipher'] != 'CCMP':
2899 raise Exception("Unexpected rsn_pairwise_cipher: " + cfg['rsn_pairwise_cipher'])
2900
2901 ev = hapd.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=30)
2902 if ev is None:
2903 raise Exception("AP startup timed out")
2904 if "AP-ENABLED" not in ev:
2905 raise Exception("AP startup failed")
2906
2907 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
2908
2909 def set_test_assoc_ie(dev, ie):
2910 if "OK" not in dev.request("TEST_ASSOC_IE " + ie):
2911 raise Exception("Could not set TEST_ASSOC_IE")
2912
2913 @remote_compatible
2914 def test_ap_wpa2_psk_assoc_rsn(dev, apdev):
2915 """WPA2-PSK AP and association request RSN IE differences"""
2916 ssid = "test-wpa2-psk"
2917 passphrase = 'qwertyuiop'
2918 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
2919 hapd = hostapd.add_ap(apdev[0], params)
2920
2921 tests = [("Normal wpa_supplicant assoc req RSN IE",
2922 "30140100000fac040100000fac040100000fac020000"),
2923 ("RSN IE without RSN Capabilities",
2924 "30120100000fac040100000fac040100000fac02")]
2925 for title, ie in tests:
2926 logger.info(title)
2927 set_test_assoc_ie(dev[0], ie)
2928 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
2929 dev[0].request("REMOVE_NETWORK all")
2930 dev[0].wait_disconnected()
2931
2932 tests = [("WPA IE instead of RSN IE and only RSN enabled on AP",
2933 "dd160050f20101000050f20201000050f20201000050f202", 40),
2934 ("Empty RSN IE", "3000", 40),
2935 ("RSN IE with truncated Version", "300101", 40),
2936 ("RSN IE with only Version", "30020100", 43)]
2937 for title, ie, status in tests:
2938 logger.info(title)
2939 set_test_assoc_ie(dev[0], ie)
2940 dev[0].connect(ssid, psk=passphrase, scan_freq="2412",
2941 wait_connect=False)
2942 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"])
2943 if ev is None:
2944 raise Exception("Association rejection not reported")
2945 if "status_code=" + str(status) not in ev:
2946 raise Exception("Unexpected status code: " + ev)
2947 dev[0].request("REMOVE_NETWORK all")
2948 dev[0].dump_monitor()
2949
2950 def test_ap_wpa2_psk_ft_workaround(dev, apdev):
2951 """WPA2-PSK+FT AP and workaround for incorrect STA behavior"""
2952 ssid = "test-wpa2-psk-ft"
2953 passphrase = 'qwertyuiop'
2954
2955 params = {"wpa": "2",
2956 "wpa_key_mgmt": "FT-PSK WPA-PSK",
2957 "rsn_pairwise": "CCMP",
2958 "ssid": ssid,
2959 "wpa_passphrase": passphrase}
2960 params["mobility_domain"] = "a1b2"
2961 params["r0_key_lifetime"] = "10000"
2962 params["pmk_r1_push"] = "1"
2963 params["reassociation_deadline"] = "1000"
2964 params['nas_identifier'] = "nas1.w1.fi"
2965 params['r1_key_holder'] = "000102030405"
2966 hapd = hostapd.add_ap(apdev[0], params)
2967
2968 # Include both WPA-PSK and FT-PSK AKMs in Association Request frame
2969 set_test_assoc_ie(dev[0],
2970 "30180100000fac040100000fac040200000fac02000fac040000")
2971 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
2972 dev[0].request("REMOVE_NETWORK all")
2973 dev[0].wait_disconnected()
2974
2975 def test_ap_wpa2_psk_assoc_rsn_pmkid(dev, apdev):
2976 """WPA2-PSK AP and association request RSN IE with PMKID"""
2977 ssid = "test-wpa2-psk"
2978 passphrase = 'qwertyuiop'
2979 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
2980 hapd = hostapd.add_ap(apdev[0], params)
2981
2982 set_test_assoc_ie(dev[0], "30260100000fac040100000fac040100000fac0200000100" + 16*'00')
2983 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
2984 dev[0].request("REMOVE_NETWORK all")
2985 dev[0].wait_disconnected()
2986
2987 def test_ap_wpa_psk_rsn_pairwise(dev, apdev):
2988 """WPA-PSK AP and only rsn_pairwise set"""
2989 params = {"ssid": "wpapsk", "wpa": "1", "wpa_key_mgmt": "WPA-PSK",
2990 "rsn_pairwise": "TKIP", "wpa_passphrase": "1234567890"}
2991 hapd = hostapd.add_ap(apdev[0], params)
2992 dev[0].connect("wpapsk", psk="1234567890", proto="WPA", pairwise="TKIP",
2993 scan_freq="2412")
2994
2995 def test_ap_wpa2_eapol_retry_limit(dev, apdev):
2996 """WPA2-PSK EAPOL-Key retry limit configuration"""
2997 ssid = "test-wpa2-psk"
2998 passphrase = 'qwertyuiop'
2999 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
3000 params['wpa_ptk_rekey'] = '2'
3001 params['wpa_group_update_count'] = '1'
3002 params['wpa_pairwise_update_count'] = '1'
3003 hapd = hostapd.add_ap(apdev[0], params)
3004 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
3005 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
3006 if ev is None:
3007 raise Exception("PTK rekey timed out")
3008
3009 if "FAIL" not in hapd.request("SET wpa_group_update_count 0"):
3010 raise Exception("Invalid wpa_group_update_count value accepted")
3011 if "FAIL" not in hapd.request("SET wpa_pairwise_update_count 0"):
3012 raise Exception("Invalid wpa_pairwise_update_count value accepted")
3013
3014 def test_ap_wpa2_disable_eapol_retry(dev, apdev):
3015 """WPA2-PSK disable EAPOL-Key retry"""
3016 ssid = "test-wpa2-psk"
3017 passphrase = 'qwertyuiop'
3018 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
3019 params['wpa_disable_eapol_key_retries'] = '1'
3020 hapd = hostapd.add_ap(apdev[0], params)
3021 bssid = apdev[0]['bssid']
3022
3023 logger.info("Verify working 4-way handshake without retries")
3024 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
3025 dev[0].request("REMOVE_NETWORK all")
3026 dev[0].wait_disconnected()
3027 dev[0].dump_monitor()
3028 addr = dev[0].own_addr()
3029
3030 logger.info("Verify no retransmission of message 3/4")
3031 hapd.request("SET ext_eapol_frame_io 1")
3032 dev[0].request("SET ext_eapol_frame_io 1")
3033 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
3034
3035 ev = hapd.wait_event(["EAPOL-TX"], timeout=5)
3036 if ev is None:
3037 raise Exception("Timeout on EAPOL-TX (M1) from hostapd")
3038 ev = hapd.wait_event(["EAPOL-TX"], timeout=5)
3039 if ev is None:
3040 raise Exception("Timeout on EAPOL-TX (M1 retry) from hostapd")
3041 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
3042 if "OK" not in res:
3043 raise Exception("EAPOL_RX (M1) to wpa_supplicant failed")
3044 ev = dev[0].wait_event(["EAPOL-TX"], timeout=5)
3045 if ev is None:
3046 raise Exception("Timeout on EAPOL-TX (M2) from wpa_supplicant")
3047 dev[0].dump_monitor()
3048 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
3049 if "OK" not in res:
3050 raise Exception("EAPOL_RX (M2) to hostapd failed")
3051
3052 ev = hapd.wait_event(["EAPOL-TX"], timeout=5)
3053 if ev is None:
3054 raise Exception("Timeout on EAPOL-TX (M3) from hostapd")
3055 ev = hapd.wait_event(["EAPOL-TX"], timeout=2)
3056 if ev is not None:
3057 raise Exception("Unexpected EAPOL-TX M3 retry from hostapd")
3058 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=3)
3059 if ev is None:
3060 raise Exception("Disconnection not reported")
3061 dev[0].request("REMOVE_NETWORK all")
3062 dev[0].dump_monitor()
3063
3064 def test_ap_wpa2_disable_eapol_retry_group(dev, apdev):
3065 """WPA2-PSK disable EAPOL-Key retry for group handshake"""
3066 ssid = "test-wpa2-psk"
3067 passphrase = 'qwertyuiop'
3068 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
3069 params['wpa_disable_eapol_key_retries'] = '1'
3070 params['wpa_strict_rekey'] = '1'
3071 hapd = hostapd.add_ap(apdev[0], params)
3072 bssid = apdev[0]['bssid']
3073
3074 id = dev[1].connect(ssid, psk=passphrase, scan_freq="2412")
3075 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
3076 dev[0].dump_monitor()
3077 addr = dev[0].own_addr()
3078
3079 dev[1].request("DISCONNECT")
3080 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
3081 if ev is None:
3082 raise Exception("GTK rekey timed out")
3083 dev[1].request("RECONNECT")
3084 dev[1].wait_connected()
3085 dev[0].dump_monitor()
3086
3087 hapd.request("SET ext_eapol_frame_io 1")
3088 dev[0].request("SET ext_eapol_frame_io 1")
3089 dev[1].request("DISCONNECT")
3090
3091 ev = hapd.wait_event(["EAPOL-TX"], timeout=5)
3092 if ev is None:
3093 raise Exception("Timeout on EAPOL-TX (group M1) from hostapd")
3094 ev = hapd.wait_event(["EAPOL-TX"], timeout=2)
3095 if ev is not None:
3096 raise Exception("Unexpected EAPOL-TX group M1 retry from hostapd")
3097 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=3)
3098 if ev is None:
3099 raise Exception("Disconnection not reported")
3100 dev[0].request("REMOVE_NETWORK all")
3101 dev[0].dump_monitor()
3102
3103 def test_ap_wpa2_psk_mic_0(dev, apdev):
3104 """WPA2-PSK/TKIP and MIC=0 in EAPOL-Key msg 3/4"""
3105 bssid = apdev[0]['bssid']
3106 ssid = "test-wpa2-psk"
3107 passphrase = 'qwertyuiop'
3108 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
3109 params['rsn_pairwise'] = "TKIP"
3110 hapd = hostapd.add_ap(apdev[0], params)
3111 hapd.request("SET ext_eapol_frame_io 1")
3112 dev[0].request("SET ext_eapol_frame_io 1")
3113 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
3114 addr = dev[0].own_addr()
3115
3116 # EAPOL-Key msg 1/4
3117 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
3118 if ev is None:
3119 raise Exception("Timeout on EAPOL-TX from hostapd")
3120 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
3121 if "OK" not in res:
3122 raise Exception("EAPOL_RX to wpa_supplicant failed")
3123
3124 # EAPOL-Key msg 2/4
3125 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
3126 if ev is None:
3127 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
3128 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
3129 if "OK" not in res:
3130 raise Exception("EAPOL_RX to hostapd failed")
3131 dev[0].dump_monitor()
3132
3133 # EAPOL-Key msg 3/4
3134 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
3135 if ev is None:
3136 raise Exception("Timeout on EAPOL-TX from hostapd")
3137 msg3 = ev.split(' ')[2]
3138 res = dev[0].request("EAPOL_RX " + bssid + " " + msg3)
3139 if "OK" not in res:
3140 raise Exception("EAPOL_RX to wpa_supplicant failed")
3141
3142 # EAPOL-Key msg 4/4
3143 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
3144 if ev is None:
3145 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
3146 # Do not send to the AP
3147
3148 # EAPOL-Key msg 3/4 with MIC=0 and modifications
3149 eapol_hdr = msg3[0:8]
3150 key_type = msg3[8:10]
3151 key_info = msg3[10:14]
3152 key_length = msg3[14:18]
3153 replay_counter = msg3[18:34]
3154 key_nonce = msg3[34:98]
3155 key_iv = msg3[98:130]
3156 key_rsc = msg3[130:146]
3157 key_id = msg3[146:162]
3158 key_mic = msg3[162:194]
3159 key_data_len = msg3[194:198]
3160 key_data = msg3[198:]
3161
3162 msg3b = eapol_hdr + key_type
3163 msg3b += "12c9" # Clear MIC bit from key_info (originally 13c9)
3164 msg3b += key_length
3165 msg3b += '0000000000000003'
3166 msg3b += key_nonce + key_iv + key_rsc + key_id
3167 msg3b += 32*'0' # Clear MIC value
3168 msg3b += key_data_len + key_data
3169 dev[0].dump_monitor()
3170 res = dev[0].request("EAPOL_RX " + bssid + " " + msg3b)
3171 if "OK" not in res:
3172 raise Exception("EAPOL_RX to wpa_supplicant failed")
3173 ev = dev[0].wait_event(["EAPOL-TX", "WPA: Ignore EAPOL-Key"], timeout=2)
3174 if ev is None:
3175 raise Exception("No event from wpa_supplicant")
3176 if "EAPOL-TX" in ev:
3177 raise Exception("Unexpected EAPOL-Key message from wpa_supplicant")
3178 dev[0].request("DISCONNECT")
3179
3180 def test_ap_wpa2_psk_local_error(dev, apdev):
3181 """WPA2-PSK and local error cases on supplicant"""
3182 ssid = "test-wpa2-psk"
3183 passphrase = 'qwertyuiop'
3184 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
3185 params["wpa_key_mgmt"] = "WPA-PSK WPA-PSK-SHA256"
3186 hapd = hostapd.add_ap(apdev[0], params)
3187
3188 with fail_test(dev[0], 1, "sha1_prf;wpa_pmk_to_ptk"):
3189 id = dev[0].connect(ssid, key_mgmt="WPA-PSK", psk=passphrase,
3190 scan_freq="2412", wait_connect=False)
3191 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=5)
3192 if ev is None:
3193 raise Exception("Disconnection event not reported")
3194 dev[0].request("REMOVE_NETWORK all")
3195 dev[0].dump_monitor()
3196
3197 with fail_test(dev[0], 1, "sha256_prf;wpa_pmk_to_ptk"):
3198 id = dev[0].connect(ssid, key_mgmt="WPA-PSK-SHA256", psk=passphrase,
3199 scan_freq="2412", wait_connect=False)
3200 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=5)
3201 if ev is None:
3202 raise Exception("Disconnection event not reported")
3203 dev[0].request("REMOVE_NETWORK all")
3204 dev[0].dump_monitor()
Unnamed repository; edit this file 'description' to name the repository.