]> git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_ap_psk.py
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tests: Delayed PTK rekey exchange attack protection
[thirdparty/hostap.git] / tests / hwsim / test_ap_psk.py
1 # WPA2-Personal tests
2 # Copyright (c) 2014, Qualcomm Atheros, Inc.
3 #
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
6
7 from remotehost import remote_compatible
8 import binascii
9 from Crypto.Cipher import AES
10 import hashlib
11 import hmac
12 import logging
13 logger = logging.getLogger()
14 import os
15 import re
16 import struct
17 import subprocess
18 import time
19
20 import hostapd
21 from utils import HwsimSkip, fail_test, skip_with_fips
22 import hwsim_utils
23 from wpasupplicant import WpaSupplicant
24
25 def check_mib(dev, vals):
26 mib = dev.get_mib()
27 for v in vals:
28 if mib[v[0]] != v[1]:
29 raise Exception("Unexpected {} = {} (expected {})".format(v[0], mib[v[0]], v[1]))
30
31 @remote_compatible
32 def test_ap_wpa2_psk(dev, apdev):
33 """WPA2-PSK AP with PSK instead of passphrase"""
34 ssid = "test-wpa2-psk"
35 passphrase = 'qwertyuiop'
36 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
37 params = hostapd.wpa2_params(ssid=ssid)
38 params['wpa_psk'] = psk
39 hapd = hostapd.add_ap(apdev[0], params)
40 key_mgmt = hapd.get_config()['key_mgmt']
41 if key_mgmt.split(' ')[0] != "WPA-PSK":
42 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
43 dev[0].connect(ssid, raw_psk=psk, scan_freq="2412")
44 dev[1].connect(ssid, psk=passphrase, scan_freq="2412")
45
46 sig = dev[0].request("SIGNAL_POLL").splitlines()
47 pkt = dev[0].request("PKTCNT_POLL").splitlines()
48 if "FREQUENCY=2412" not in sig:
49 raise Exception("Unexpected SIGNAL_POLL value: " + str(sig))
50 if "TXBAD=0" not in pkt:
51 raise Exception("Unexpected TXBAD value: " + str(pkt))
52
53 def test_ap_wpa2_psk_file(dev, apdev):
54 """WPA2-PSK AP with PSK from a file"""
55 ssid = "test-wpa2-psk"
56 passphrase = 'qwertyuiop'
57 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
58 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
59 params['wpa_psk_file'] = 'hostapd.wpa_psk'
60 hostapd.add_ap(apdev[0], params)
61 dev[1].connect(ssid, psk="very secret", scan_freq="2412", wait_connect=False)
62 dev[2].connect(ssid, raw_psk=psk, scan_freq="2412")
63 dev[2].request("REMOVE_NETWORK all")
64 dev[0].connect(ssid, psk="very secret", scan_freq="2412")
65 dev[0].request("REMOVE_NETWORK all")
66 dev[2].connect(ssid, psk="another passphrase for all STAs", scan_freq="2412")
67 dev[0].connect(ssid, psk="another passphrase for all STAs", scan_freq="2412")
68 ev = dev[1].wait_event(["WPA: 4-Way Handshake failed"], timeout=10)
69 if ev is None:
70 raise Exception("Timed out while waiting for failure report")
71 dev[1].request("REMOVE_NETWORK all")
72
73 @remote_compatible
74 def test_ap_wpa2_psk_mem(dev, apdev):
75 """WPA2-PSK AP with passphrase only in memory"""
76 try:
77 _test_ap_wpa2_psk_mem(dev, apdev)
78 finally:
79 dev[0].request("SCAN_INTERVAL 5")
80 dev[1].request("SCAN_INTERVAL 5")
81
82 def _test_ap_wpa2_psk_mem(dev, apdev):
83 ssid = "test-wpa2-psk"
84 passphrase = 'qwertyuiop'
85 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
86 params = hostapd.wpa2_params(ssid=ssid)
87 params['wpa_psk'] = psk
88 hapd = hostapd.add_ap(apdev[0], params)
89
90 dev[0].connect(ssid, mem_only_psk="1", scan_freq="2412", wait_connect=False)
91 dev[0].request("SCAN_INTERVAL 1")
92 ev = dev[0].wait_event(["CTRL-REQ-PSK_PASSPHRASE"], timeout=10)
93 if ev is None:
94 raise Exception("Request for PSK/passphrase timed out")
95 id = ev.split(':')[0].split('-')[-1]
96 dev[0].request("CTRL-RSP-PSK_PASSPHRASE-" + id + ':"' + passphrase + '"')
97 dev[0].wait_connected(timeout=10)
98
99 dev[1].connect(ssid, mem_only_psk="1", scan_freq="2412", wait_connect=False)
100 dev[1].request("SCAN_INTERVAL 1")
101 ev = dev[1].wait_event(["CTRL-REQ-PSK_PASSPHRASE"], timeout=10)
102 if ev is None:
103 raise Exception("Request for PSK/passphrase timed out(2)")
104 id = ev.split(':')[0].split('-')[-1]
105 dev[1].request("CTRL-RSP-PSK_PASSPHRASE-" + id + ':' + psk)
106 dev[1].wait_connected(timeout=10)
107
108 @remote_compatible
109 def test_ap_wpa2_ptk_rekey(dev, apdev):
110 """WPA2-PSK AP and PTK rekey enforced by station"""
111 ssid = "test-wpa2-psk"
112 passphrase = 'qwertyuiop'
113 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
114 hapd = hostapd.add_ap(apdev[0], params)
115 dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412")
116 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
117 if ev is None:
118 raise Exception("PTK rekey timed out")
119 hwsim_utils.test_connectivity(dev[0], hapd)
120
121 def test_ap_wpa2_ptk_rekey_anonce(dev, apdev):
122 """WPA2-PSK AP and PTK rekey enforced by station and ANonce change"""
123 ssid = "test-wpa2-psk"
124 passphrase = 'qwertyuiop'
125 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
126 hapd = hostapd.add_ap(apdev[0], params)
127 dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412")
128 dev[0].dump_monitor()
129 anonce1 = dev[0].request("GET anonce")
130 if "OK" not in dev[0].request("KEY_REQUEST 0 1"):
131 raise Exception("KEY_REQUEST failed")
132 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
133 if ev is None:
134 raise Exception("PTK rekey timed out")
135 anonce2 = dev[0].request("GET anonce")
136 if anonce1 == anonce2:
137 raise Exception("AP did not update ANonce in requested PTK rekeying")
138 hwsim_utils.test_connectivity(dev[0], hapd)
139
140 @remote_compatible
141 def test_ap_wpa2_ptk_rekey_ap(dev, apdev):
142 """WPA2-PSK AP and PTK rekey enforced by AP"""
143 ssid = "test-wpa2-psk"
144 passphrase = 'qwertyuiop'
145 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
146 params['wpa_ptk_rekey'] = '2'
147 hapd = hostapd.add_ap(apdev[0], params)
148 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
149 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
150 if ev is None:
151 raise Exception("PTK rekey timed out")
152 hwsim_utils.test_connectivity(dev[0], hapd)
153
154 @remote_compatible
155 def test_ap_wpa2_sha256_ptk_rekey(dev, apdev):
156 """WPA2-PSK/SHA256 AKM AP and PTK rekey enforced by station"""
157 ssid = "test-wpa2-psk"
158 passphrase = 'qwertyuiop'
159 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
160 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
161 hapd = hostapd.add_ap(apdev[0], params)
162 dev[0].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK-SHA256",
163 wpa_ptk_rekey="1", scan_freq="2412")
164 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
165 if ev is None:
166 raise Exception("PTK rekey timed out")
167 hwsim_utils.test_connectivity(dev[0], hapd)
168 check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-6"),
169 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-6") ])
170
171 @remote_compatible
172 def test_ap_wpa2_sha256_ptk_rekey_ap(dev, apdev):
173 """WPA2-PSK/SHA256 AKM AP and PTK rekey enforced by AP"""
174 ssid = "test-wpa2-psk"
175 passphrase = 'qwertyuiop'
176 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
177 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
178 params['wpa_ptk_rekey'] = '2'
179 hapd = hostapd.add_ap(apdev[0], params)
180 dev[0].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK-SHA256",
181 scan_freq="2412")
182 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
183 if ev is None:
184 raise Exception("PTK rekey timed out")
185 hwsim_utils.test_connectivity(dev[0], hapd)
186 check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-6"),
187 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-6") ])
188
189 @remote_compatible
190 def test_ap_wpa_ptk_rekey(dev, apdev):
191 """WPA-PSK/TKIP AP and PTK rekey enforced by station"""
192 skip_with_fips(dev[0])
193 ssid = "test-wpa-psk"
194 passphrase = 'qwertyuiop'
195 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
196 hapd = hostapd.add_ap(apdev[0], params)
197 dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412")
198 if "[WPA-PSK-TKIP]" not in dev[0].request("SCAN_RESULTS"):
199 raise Exception("Scan results missing WPA element info")
200 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
201 if ev is None:
202 raise Exception("PTK rekey timed out")
203 hwsim_utils.test_connectivity(dev[0], hapd)
204
205 @remote_compatible
206 def test_ap_wpa_ptk_rekey_ap(dev, apdev):
207 """WPA-PSK/TKIP AP and PTK rekey enforced by AP"""
208 skip_with_fips(dev[0])
209 ssid = "test-wpa-psk"
210 passphrase = 'qwertyuiop'
211 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
212 params['wpa_ptk_rekey'] = '2'
213 hapd = hostapd.add_ap(apdev[0], params)
214 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
215 ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=10)
216 if ev is None:
217 raise Exception("PTK rekey timed out")
218 hwsim_utils.test_connectivity(dev[0], hapd)
219
220 @remote_compatible
221 def test_ap_wpa_ccmp(dev, apdev):
222 """WPA-PSK/CCMP"""
223 ssid = "test-wpa-psk"
224 passphrase = 'qwertyuiop'
225 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
226 params['wpa_pairwise'] = "CCMP"
227 hapd = hostapd.add_ap(apdev[0], params)
228 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
229 hwsim_utils.test_connectivity(dev[0], hapd)
230 check_mib(dev[0], [ ("dot11RSNAConfigGroupCipherSize", "128"),
231 ("dot11RSNAGroupCipherRequested", "00-50-f2-4"),
232 ("dot11RSNAPairwiseCipherRequested", "00-50-f2-4"),
233 ("dot11RSNAAuthenticationSuiteRequested", "00-50-f2-2"),
234 ("dot11RSNAGroupCipherSelected", "00-50-f2-4"),
235 ("dot11RSNAPairwiseCipherSelected", "00-50-f2-4"),
236 ("dot11RSNAAuthenticationSuiteSelected", "00-50-f2-2"),
237 ("dot1xSuppSuppControlledPortStatus", "Authorized") ])
238
239 def test_ap_wpa2_psk_file_errors(dev, apdev):
240 """WPA2-PSK AP with various PSK file error and success cases"""
241 addr0 = dev[0].own_addr()
242 addr1 = dev[1].own_addr()
243 addr2 = dev[2].own_addr()
244 ssid = "psk"
245 pskfile = "/tmp/ap_wpa2_psk_file_errors.psk_file"
246 try:
247 os.remove(pskfile)
248 except:
249 pass
250
251 params = { "ssid": ssid, "wpa": "2", "wpa_key_mgmt": "WPA-PSK",
252 "rsn_pairwise": "CCMP", "wpa_psk_file": pskfile }
253
254 try:
255 # missing PSK file
256 hapd = hostapd.add_ap(apdev[0], params, no_enable=True)
257 if "FAIL" not in hapd.request("ENABLE"):
258 raise Exception("Unexpected ENABLE success")
259 hapd.request("DISABLE")
260
261 # invalid MAC address
262 with open(pskfile, "w") as f:
263 f.write("\n")
264 f.write("foo\n")
265 if "FAIL" not in hapd.request("ENABLE"):
266 raise Exception("Unexpected ENABLE success")
267 hapd.request("DISABLE")
268
269 # no PSK on line
270 with open(pskfile, "w") as f:
271 f.write("00:11:22:33:44:55\n")
272 if "FAIL" not in hapd.request("ENABLE"):
273 raise Exception("Unexpected ENABLE success")
274 hapd.request("DISABLE")
275
276 # invalid PSK
277 with open(pskfile, "w") as f:
278 f.write("00:11:22:33:44:55 1234567\n")
279 if "FAIL" not in hapd.request("ENABLE"):
280 raise Exception("Unexpected ENABLE success")
281 hapd.request("DISABLE")
282
283 # valid PSK file
284 with open(pskfile, "w") as f:
285 f.write("00:11:22:33:44:55 12345678\n")
286 f.write(addr0 + " 123456789\n")
287 f.write(addr1 + " 123456789a\n")
288 f.write(addr2 + " 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\n")
289 if "FAIL" in hapd.request("ENABLE"):
290 raise Exception("Unexpected ENABLE failure")
291
292 dev[0].connect(ssid, psk="123456789", scan_freq="2412")
293 dev[1].connect(ssid, psk="123456789a", scan_freq="2412")
294 dev[2].connect(ssid, raw_psk="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef", scan_freq="2412")
295
296 finally:
297 try:
298 os.remove(pskfile)
299 except:
300 pass
301
302 @remote_compatible
303 def test_ap_wpa2_psk_wildcard_ssid(dev, apdev):
304 """WPA2-PSK AP and wildcard SSID configuration"""
305 ssid = "test-wpa2-psk"
306 passphrase = 'qwertyuiop'
307 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
308 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
309 hapd = hostapd.add_ap(apdev[0], params)
310 dev[0].connect("", bssid=apdev[0]['bssid'], psk=passphrase,
311 scan_freq="2412")
312 dev[1].connect("", bssid=apdev[0]['bssid'], raw_psk=psk, scan_freq="2412")
313
314 @remote_compatible
315 def test_ap_wpa2_gtk_rekey(dev, apdev):
316 """WPA2-PSK AP and GTK rekey enforced by AP"""
317 ssid = "test-wpa2-psk"
318 passphrase = 'qwertyuiop'
319 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
320 params['wpa_group_rekey'] = '1'
321 hapd = hostapd.add_ap(apdev[0], params)
322 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
323 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
324 if ev is None:
325 raise Exception("GTK rekey timed out")
326 hwsim_utils.test_connectivity(dev[0], hapd)
327
328 @remote_compatible
329 def test_ap_wpa_gtk_rekey(dev, apdev):
330 """WPA-PSK/TKIP AP and GTK rekey enforced by AP"""
331 skip_with_fips(dev[0])
332 ssid = "test-wpa-psk"
333 passphrase = 'qwertyuiop'
334 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
335 params['wpa_group_rekey'] = '1'
336 hapd = hostapd.add_ap(apdev[0], params)
337 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
338 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
339 if ev is None:
340 raise Exception("GTK rekey timed out")
341 hwsim_utils.test_connectivity(dev[0], hapd)
342
343 @remote_compatible
344 def test_ap_wpa2_gmk_rekey(dev, apdev):
345 """WPA2-PSK AP and GMK and GTK rekey enforced by AP"""
346 ssid = "test-wpa2-psk"
347 passphrase = 'qwertyuiop'
348 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
349 params['wpa_group_rekey'] = '1'
350 params['wpa_gmk_rekey'] = '2'
351 hapd = hostapd.add_ap(apdev[0], params)
352 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
353 for i in range(0, 3):
354 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
355 if ev is None:
356 raise Exception("GTK rekey timed out")
357 hwsim_utils.test_connectivity(dev[0], hapd)
358
359 @remote_compatible
360 def test_ap_wpa2_strict_rekey(dev, apdev):
361 """WPA2-PSK AP and strict GTK rekey enforced by AP"""
362 ssid = "test-wpa2-psk"
363 passphrase = 'qwertyuiop'
364 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
365 params['wpa_strict_rekey'] = '1'
366 hapd = hostapd.add_ap(apdev[0], params)
367 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
368 dev[1].connect(ssid, psk=passphrase, scan_freq="2412")
369 dev[1].request("DISCONNECT")
370 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
371 if ev is None:
372 raise Exception("GTK rekey timed out")
373 hwsim_utils.test_connectivity(dev[0], hapd)
374
375 @remote_compatible
376 def test_ap_wpa2_bridge_fdb(dev, apdev):
377 """Bridge FDB entry removal"""
378 hapd = None
379 try:
380 ssid = "test-wpa2-psk"
381 passphrase = "12345678"
382 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
383 params['bridge'] = 'ap-br0'
384 hapd = hostapd.add_ap(apdev[0], params)
385 hapd.cmd_execute(['brctl', 'setfd', 'ap-br0', '0'])
386 hapd.cmd_execute(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
387 dev[0].connect(ssid, psk=passphrase, scan_freq="2412",
388 bssid=apdev[0]['bssid'])
389 dev[1].connect(ssid, psk=passphrase, scan_freq="2412",
390 bssid=apdev[0]['bssid'])
391 addr0 = dev[0].p2p_interface_addr()
392 hwsim_utils.test_connectivity_sta(dev[0], dev[1])
393 err, macs1 = hapd.cmd_execute(['brctl', 'showmacs', 'ap-br0'])
394 hapd.cmd_execute(['brctl', 'setageing', 'ap-br0', '1'])
395 dev[0].request("DISCONNECT")
396 dev[1].request("DISCONNECT")
397 time.sleep(1)
398 err, macs2 = hapd.cmd_execute(['brctl', 'showmacs', 'ap-br0'])
399
400 addr1 = dev[1].p2p_interface_addr()
401 if addr0 not in macs1 or addr1 not in macs1:
402 raise Exception("Bridge FDB entry missing")
403 if addr0 in macs2 or addr1 in macs2:
404 raise Exception("Bridge FDB entry was not removed")
405 finally:
406 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', 'ap-br0',
407 'down'])
408 hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', 'ap-br0'])
409
410 @remote_compatible
411 def test_ap_wpa2_already_in_bridge(dev, apdev):
412 """hostapd behavior with interface already in bridge"""
413 ifname = apdev[0]['ifname']
414 br_ifname = 'ext-ap-br0'
415 try:
416 ssid = "test-wpa2-psk"
417 passphrase = "12345678"
418 hostapd.cmd_execute(apdev[0], ['brctl', 'addbr', br_ifname])
419 hostapd.cmd_execute(apdev[0], ['brctl', 'setfd', br_ifname, '0'])
420 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname,
421 'up'])
422 hostapd.cmd_execute(apdev[0], ['iw', ifname, 'set', 'type', '__ap'])
423 hostapd.cmd_execute(apdev[0], ['brctl', 'addif', br_ifname, ifname])
424 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
425 hapd = hostapd.add_ap(apdev[0], params)
426 if hapd.get_driver_status_field('brname') != br_ifname:
427 raise Exception("Bridge name not identified correctly")
428 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
429 finally:
430 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname,
431 'down'])
432 hostapd.cmd_execute(apdev[0], ['brctl', 'delif', br_ifname, ifname])
433 hostapd.cmd_execute(apdev[0], ['iw', ifname, 'set', 'type', 'station'])
434 hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', br_ifname])
435
436 @remote_compatible
437 def test_ap_wpa2_in_different_bridge(dev, apdev):
438 """hostapd behavior with interface in different bridge"""
439 ifname = apdev[0]['ifname']
440 br_ifname = 'ext-ap-br0'
441 try:
442 ssid = "test-wpa2-psk"
443 passphrase = "12345678"
444 hostapd.cmd_execute(apdev[0], ['brctl', 'addbr', br_ifname])
445 hostapd.cmd_execute(apdev[0], ['brctl', 'setfd', br_ifname, '0'])
446 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname,
447 'up'])
448 hostapd.cmd_execute(apdev[0], ['iw', ifname, 'set', 'type', '__ap'])
449 hostapd.cmd_execute(apdev[0], ['brctl', 'addif', br_ifname, ifname])
450 time.sleep(0.5)
451 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
452 params['bridge'] = 'ap-br0'
453 hapd = hostapd.add_ap(apdev[0], params)
454 hostapd.cmd_execute(apdev[0], ['brctl', 'setfd', 'ap-br0', '0'])
455 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', 'ap-br0',
456 'up'])
457 brname = hapd.get_driver_status_field('brname')
458 if brname != 'ap-br0':
459 raise Exception("Incorrect bridge: " + brname)
460 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
461 hwsim_utils.test_connectivity_iface(dev[0], hapd, "ap-br0")
462 if hapd.get_driver_status_field("added_bridge") != "1":
463 raise Exception("Unexpected added_bridge value")
464 if hapd.get_driver_status_field("added_if_into_bridge") != "1":
465 raise Exception("Unexpected added_if_into_bridge value")
466 dev[0].request("DISCONNECT")
467 hapd.disable()
468 finally:
469 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname,
470 'down'])
471 hostapd.cmd_execute(apdev[0], ['brctl', 'delif', br_ifname, ifname,
472 "2>", "/dev/null"], shell=True)
473 hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', br_ifname])
474
475 @remote_compatible
476 def test_ap_wpa2_ext_add_to_bridge(dev, apdev):
477 """hostapd behavior with interface added to bridge externally"""
478 ifname = apdev[0]['ifname']
479 br_ifname = 'ext-ap-br0'
480 try:
481 ssid = "test-wpa2-psk"
482 passphrase = "12345678"
483 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
484 hapd = hostapd.add_ap(apdev[0], params)
485
486 hostapd.cmd_execute(apdev[0], ['brctl', 'addbr', br_ifname])
487 hostapd.cmd_execute(apdev[0], ['brctl', 'setfd', br_ifname, '0'])
488 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname,
489 'up'])
490 hostapd.cmd_execute(apdev[0], ['brctl', 'addif', br_ifname, ifname])
491 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
492 if hapd.get_driver_status_field('brname') != br_ifname:
493 raise Exception("Bridge name not identified correctly")
494 finally:
495 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname,
496 'down'])
497 hostapd.cmd_execute(apdev[0], ['brctl', 'delif', br_ifname, ifname])
498 hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', br_ifname])
499
500 def test_ap_wpa2_psk_ext(dev, apdev):
501 """WPA2-PSK AP using external EAPOL I/O"""
502 bssid = apdev[0]['bssid']
503 ssid = "test-wpa2-psk"
504 passphrase = 'qwertyuiop'
505 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
506 params = hostapd.wpa2_params(ssid=ssid)
507 params['wpa_psk'] = psk
508 hapd = hostapd.add_ap(apdev[0], params)
509 hapd.request("SET ext_eapol_frame_io 1")
510 dev[0].request("SET ext_eapol_frame_io 1")
511 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
512 addr = dev[0].p2p_interface_addr()
513 while True:
514 ev = hapd.wait_event(["EAPOL-TX", "AP-STA-CONNECTED"], timeout=15)
515 if ev is None:
516 raise Exception("Timeout on EAPOL-TX from hostapd")
517 if "AP-STA-CONNECTED" in ev:
518 dev[0].wait_connected(timeout=15)
519 break
520 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
521 if "OK" not in res:
522 raise Exception("EAPOL_RX to wpa_supplicant failed")
523 ev = dev[0].wait_event(["EAPOL-TX", "CTRL-EVENT-CONNECTED"], timeout=15)
524 if ev is None:
525 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
526 if "CTRL-EVENT-CONNECTED" in ev:
527 break
528 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
529 if "OK" not in res:
530 raise Exception("EAPOL_RX to hostapd failed")
531
532 def test_ap_wpa2_psk_ext_retry_msg_3(dev, apdev):
533 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4"""
534 bssid = apdev[0]['bssid']
535 ssid = "test-wpa2-psk"
536 passphrase = 'qwertyuiop'
537 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
538 params = hostapd.wpa2_params(ssid=ssid)
539 params['wpa_psk'] = psk
540 hapd = hostapd.add_ap(apdev[0], params)
541 hapd.request("SET ext_eapol_frame_io 1")
542 dev[0].request("SET ext_eapol_frame_io 1")
543 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
544 addr = dev[0].p2p_interface_addr()
545
546 # EAPOL-Key msg 1/4
547 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
548 if ev is None:
549 raise Exception("Timeout on EAPOL-TX from hostapd")
550 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
551 if "OK" not in res:
552 raise Exception("EAPOL_RX to wpa_supplicant failed")
553
554 # EAPOL-Key msg 2/4
555 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
556 if ev is None:
557 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
558 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
559 if "OK" not in res:
560 raise Exception("EAPOL_RX to hostapd failed")
561
562 # EAPOL-Key msg 3/4
563 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
564 if ev is None:
565 raise Exception("Timeout on EAPOL-TX from hostapd")
566 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
567 if "OK" not in res:
568 raise Exception("EAPOL_RX to wpa_supplicant failed")
569
570 # EAPOL-Key msg 4/4
571 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
572 if ev is None:
573 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
574 # Do not send to the AP
575 dev[0].wait_connected(timeout=15)
576
577 # EAPOL-Key msg 3/4 (retry)
578 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
579 if ev is None:
580 raise Exception("Timeout on EAPOL-TX from hostapd")
581 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
582 if "OK" not in res:
583 raise Exception("EAPOL_RX to wpa_supplicant failed")
584
585 # EAPOL-Key msg 4/4
586 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
587 if ev is None:
588 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
589 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
590 if "OK" not in res:
591 raise Exception("EAPOL_RX to hostapd failed")
592
593 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
594 if ev is None:
595 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
596
597 hwsim_utils.test_connectivity(dev[0], hapd)
598
599 def test_ap_wpa2_psk_ext_retry_msg_3b(dev, apdev):
600 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (b)"""
601 bssid = apdev[0]['bssid']
602 ssid = "test-wpa2-psk"
603 passphrase = 'qwertyuiop'
604 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
605 params = hostapd.wpa2_params(ssid=ssid)
606 params['wpa_psk'] = psk
607 hapd = hostapd.add_ap(apdev[0], params)
608 hapd.request("SET ext_eapol_frame_io 1")
609 dev[0].request("SET ext_eapol_frame_io 1")
610 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
611 addr = dev[0].p2p_interface_addr()
612
613 # EAPOL-Key msg 1/4
614 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
615 if ev is None:
616 raise Exception("Timeout on EAPOL-TX from hostapd")
617 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
618 if "OK" not in res:
619 raise Exception("EAPOL_RX to wpa_supplicant failed")
620
621 # EAPOL-Key msg 2/4
622 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
623 if ev is None:
624 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
625 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
626 if "OK" not in res:
627 raise Exception("EAPOL_RX to hostapd failed")
628
629 # EAPOL-Key msg 3/4
630 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
631 if ev is None:
632 raise Exception("Timeout on EAPOL-TX from hostapd")
633 # Do not send the first msg 3/4 to the STA yet; wait for retransmission
634 # from AP.
635 msg3_1 = ev
636
637 # EAPOL-Key msg 3/4 (retry)
638 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
639 if ev is None:
640 raise Exception("Timeout on EAPOL-TX from hostapd")
641 msg3_2 = ev
642
643 # Send the first msg 3/4 to STA
644 res = dev[0].request("EAPOL_RX " + bssid + " " + msg3_1.split(' ')[2])
645 if "OK" not in res:
646 raise Exception("EAPOL_RX to wpa_supplicant failed")
647
648 # EAPOL-Key msg 4/4
649 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
650 if ev is None:
651 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
652 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
653 if "OK" not in res:
654 raise Exception("EAPOL_RX to hostapd failed")
655 dev[0].wait_connected(timeout=15)
656 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
657 if ev is None:
658 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
659
660 hwsim_utils.test_connectivity(dev[0], hapd)
661
662 # Send the second msg 3/4 to STA
663 res = dev[0].request("EAPOL_RX " + bssid + " " + msg3_2.split(' ')[2])
664 if "OK" not in res:
665 raise Exception("EAPOL_RX to wpa_supplicant failed")
666 # EAPOL-Key msg 4/4
667 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
668 if ev is None:
669 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
670 # Do not send the second msg 4/4 to the AP
671
672 hwsim_utils.test_connectivity(dev[0], hapd)
673
674 def test_ap_wpa2_psk_ext_retry_msg_3c(dev, apdev):
675 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (c)"""
676 bssid = apdev[0]['bssid']
677 ssid = "test-wpa2-psk"
678 passphrase = 'qwertyuiop'
679 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
680 params = hostapd.wpa2_params(ssid=ssid)
681 params['wpa_psk'] = psk
682 hapd = hostapd.add_ap(apdev[0], params)
683 hapd.request("SET ext_eapol_frame_io 1")
684 dev[0].request("SET ext_eapol_frame_io 1")
685 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
686 addr = dev[0].p2p_interface_addr()
687
688 # EAPOL-Key msg 1/4
689 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
690 if ev is None:
691 raise Exception("Timeout on EAPOL-TX from hostapd")
692 msg1 = ev.split(' ')[2]
693 res = dev[0].request("EAPOL_RX " + bssid + " " + msg1)
694 if "OK" not in res:
695 raise Exception("EAPOL_RX to wpa_supplicant failed")
696
697 # EAPOL-Key msg 2/4
698 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
699 if ev is None:
700 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
701 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
702 if "OK" not in res:
703 raise Exception("EAPOL_RX to hostapd failed")
704
705 # EAPOL-Key msg 3/4
706 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
707 if ev is None:
708 raise Exception("Timeout on EAPOL-TX from hostapd")
709 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
710 if "OK" not in res:
711 raise Exception("EAPOL_RX to wpa_supplicant failed")
712
713 # EAPOL-Key msg 4/4
714 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
715 if ev is None:
716 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
717 msg4 = ev.split(' ')[2]
718 # Do not send msg 4/4 to hostapd to trigger retry
719
720 # STA believes everything is ready
721 dev[0].wait_connected()
722
723 # EAPOL-Key msg 3/4 (retry)
724 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
725 if ev is None:
726 raise Exception("Timeout on EAPOL-TX from hostapd")
727 msg3 = ev.split(' ')[2]
728
729 # Send a forged msg 1/4 to STA (update replay counter)
730 msg1b = msg1[0:18] + msg3[18:34] + msg1[34:]
731 # and replace nonce (this results in "WPA: ANonce from message 1 of
732 # 4-Way Handshake differs from 3 of 4-Way Handshake - drop packet" when
733 # wpa_supplicant processed msg 3/4 afterwards)
734 #msg1b = msg1[0:18] + msg3[18:34] + 32*"ff" + msg1[98:]
735 res = dev[0].request("EAPOL_RX " + bssid + " " + msg1b)
736 if "OK" not in res:
737 raise Exception("EAPOL_RX to wpa_supplicant failed")
738 # EAPOL-Key msg 2/4
739 ev = dev[0].wait_event(["EAPOL-TX"], timeout=1)
740 if ev is None:
741 # wpa_supplicant seems to have ignored the forged message. This means
742 # the attack would fail.
743 logger.info("wpa_supplicant ignored forged EAPOL-Key msg 1/4")
744 return
745 # Do not send msg 2/4 to hostapd
746
747 # Send previously received msg 3/4 to STA
748 res = dev[0].request("EAPOL_RX " + bssid + " " + msg3)
749 if "OK" not in res:
750 raise Exception("EAPOL_RX to wpa_supplicant failed")
751
752 # EAPOL-Key msg 4/4
753 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
754 if ev is None:
755 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
756 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
757 if "OK" not in res:
758 raise Exception("EAPOL_RX to hostapd failed")
759
760 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
761 if ev is None:
762 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
763
764 hwsim_utils.test_connectivity(dev[0], hapd)
765
766 def test_ap_wpa2_psk_ext_retry_msg_3d(dev, apdev):
767 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (d)"""
768 bssid = apdev[0]['bssid']
769 ssid = "test-wpa2-psk"
770 passphrase = 'qwertyuiop'
771 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
772 params = hostapd.wpa2_params(ssid=ssid)
773 params['wpa_psk'] = psk
774 hapd = hostapd.add_ap(apdev[0], params)
775 hapd.request("SET ext_eapol_frame_io 1")
776 dev[0].request("SET ext_eapol_frame_io 1")
777 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
778 addr = dev[0].p2p_interface_addr()
779
780 # EAPOL-Key msg 1/4
781 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
782 if ev is None:
783 raise Exception("Timeout on EAPOL-TX from hostapd")
784 msg1 = ev.split(' ')[2]
785 res = dev[0].request("EAPOL_RX " + bssid + " " + msg1)
786 if "OK" not in res:
787 raise Exception("EAPOL_RX to wpa_supplicant failed")
788
789 # EAPOL-Key msg 2/4
790 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
791 if ev is None:
792 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
793 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
794 if "OK" not in res:
795 raise Exception("EAPOL_RX to hostapd failed")
796
797 # EAPOL-Key msg 3/4
798 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
799 if ev is None:
800 raise Exception("Timeout on EAPOL-TX from hostapd")
801 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
802 if "OK" not in res:
803 raise Exception("EAPOL_RX to wpa_supplicant failed")
804
805 # EAPOL-Key msg 4/4
806 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
807 if ev is None:
808 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
809 msg4 = ev.split(' ')[2]
810 # Do not send msg 4/4 to hostapd to trigger retry
811
812 # STA believes everything is ready
813 dev[0].wait_connected()
814
815 # EAPOL-Key msg 3/4 (retry)
816 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
817 if ev is None:
818 raise Exception("Timeout on EAPOL-TX from hostapd")
819 msg3 = ev.split(' ')[2]
820
821 # Send a forged msg 1/4 to STA (update replay counter)
822 msg1b = msg1[0:18] + msg3[18:34] + msg1[34:]
823 res = dev[0].request("EAPOL_RX " + bssid + " " + msg1b)
824 if "OK" not in res:
825 raise Exception("EAPOL_RX to wpa_supplicant failed")
826 # EAPOL-Key msg 2/4
827 ev = dev[0].wait_event(["EAPOL-TX"], timeout=1)
828 if ev is None:
829 # wpa_supplicant seems to have ignored the forged message. This means
830 # the attack would fail.
831 logger.info("wpa_supplicant ignored forged EAPOL-Key msg 1/4")
832 return
833 # Do not send msg 2/4 to hostapd
834
835 # EAPOL-Key msg 3/4 (retry 2)
836 # New one needed to get the correct Replay Counter value
837 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
838 if ev is None:
839 raise Exception("Timeout on EAPOL-TX from hostapd")
840 msg3 = ev.split(' ')[2]
841
842 # Send msg 3/4 to STA
843 res = dev[0].request("EAPOL_RX " + bssid + " " + msg3)
844 if "OK" not in res:
845 raise Exception("EAPOL_RX to wpa_supplicant failed")
846
847 # EAPOL-Key msg 4/4
848 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
849 if ev is None:
850 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
851 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
852 if "OK" not in res:
853 raise Exception("EAPOL_RX to hostapd failed")
854
855 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
856 if ev is None:
857 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
858
859 hwsim_utils.test_connectivity(dev[0], hapd)
860
861 def test_ap_wpa2_psk_ext_retry_msg_3e(dev, apdev):
862 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (e)"""
863 bssid = apdev[0]['bssid']
864 ssid = "test-wpa2-psk"
865 passphrase = 'qwertyuiop'
866 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
867 params = hostapd.wpa2_params(ssid=ssid)
868 params['wpa_psk'] = psk
869 hapd = hostapd.add_ap(apdev[0], params)
870 hapd.request("SET ext_eapol_frame_io 1")
871 dev[0].request("SET ext_eapol_frame_io 1")
872 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
873 addr = dev[0].p2p_interface_addr()
874
875 # EAPOL-Key msg 1/4
876 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
877 if ev is None:
878 raise Exception("Timeout on EAPOL-TX from hostapd")
879 msg1 = ev.split(' ')[2]
880 res = dev[0].request("EAPOL_RX " + bssid + " " + msg1)
881 if "OK" not in res:
882 raise Exception("EAPOL_RX to wpa_supplicant failed")
883
884 # EAPOL-Key msg 2/4
885 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
886 if ev is None:
887 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
888 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
889 if "OK" not in res:
890 raise Exception("EAPOL_RX to hostapd failed")
891
892 # EAPOL-Key msg 3/4
893 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
894 if ev is None:
895 raise Exception("Timeout on EAPOL-TX from hostapd")
896 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
897 if "OK" not in res:
898 raise Exception("EAPOL_RX to wpa_supplicant failed")
899
900 # EAPOL-Key msg 4/4
901 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
902 if ev is None:
903 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
904 msg4 = ev.split(' ')[2]
905 # Do not send msg 4/4 to hostapd to trigger retry
906
907 # STA believes everything is ready
908 dev[0].wait_connected()
909
910 # EAPOL-Key msg 3/4 (retry)
911 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
912 if ev is None:
913 raise Exception("Timeout on EAPOL-TX from hostapd")
914 msg3 = ev.split(' ')[2]
915
916 # Send a forged msg 1/4 to STA (update replay counter and replace ANonce)
917 msg1b = msg1[0:18] + msg3[18:34] + 32*"ff" + msg1[98:]
918 res = dev[0].request("EAPOL_RX " + bssid + " " + msg1b)
919 if "OK" not in res:
920 raise Exception("EAPOL_RX to wpa_supplicant failed")
921 # EAPOL-Key msg 2/4
922 ev = dev[0].wait_event(["EAPOL-TX"], timeout=1)
923 if ev is None:
924 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
925 # Do not send msg 2/4 to hostapd
926
927 # Send a forged msg 1/4 to STA (back to previously used ANonce)
928 msg1b = msg1[0:18] + msg3[18:34] + msg1[34:]
929 res = dev[0].request("EAPOL_RX " + bssid + " " + msg1b)
930 if "OK" not in res:
931 raise Exception("EAPOL_RX to wpa_supplicant failed")
932 # EAPOL-Key msg 2/4
933 ev = dev[0].wait_event(["EAPOL-TX"], timeout=1)
934 if ev is None:
935 # wpa_supplicant seems to have ignored the forged message. This means
936 # the attack would fail.
937 logger.info("wpa_supplicant ignored forged EAPOL-Key msg 1/4")
938 return
939 # Do not send msg 2/4 to hostapd
940
941 # EAPOL-Key msg 3/4 (retry 2)
942 # New one needed to get the correct Replay Counter value
943 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
944 if ev is None:
945 raise Exception("Timeout on EAPOL-TX from hostapd")
946 msg3 = ev.split(' ')[2]
947
948 # Send msg 3/4 to STA
949 res = dev[0].request("EAPOL_RX " + bssid + " " + msg3)
950 if "OK" not in res:
951 raise Exception("EAPOL_RX to wpa_supplicant failed")
952
953 # EAPOL-Key msg 4/4
954 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
955 if ev is None:
956 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
957 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
958 if "OK" not in res:
959 raise Exception("EAPOL_RX to hostapd failed")
960
961 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
962 if ev is None:
963 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
964
965 hwsim_utils.test_connectivity(dev[0], hapd)
966
967 def test_ap_wpa2_psk_ext_delayed_ptk_rekey(dev, apdev):
968 """WPA2-PSK AP using external EAPOL I/O and delayed PTK rekey exchange"""
969 bssid = apdev[0]['bssid']
970 ssid = "test-wpa2-psk"
971 passphrase = 'qwertyuiop'
972 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
973 params = hostapd.wpa2_params(ssid=ssid)
974 params['wpa_psk'] = psk
975 params['wpa_ptk_rekey'] = '3'
976 hapd = hostapd.add_ap(apdev[0], params)
977 hapd.request("SET ext_eapol_frame_io 1")
978 dev[0].request("SET ext_eapol_frame_io 1")
979 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
980 addr = dev[0].p2p_interface_addr()
981
982 # EAPOL-Key msg 1/4
983 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
984 if ev is None:
985 raise Exception("Timeout on EAPOL-TX from hostapd")
986 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
987 if "OK" not in res:
988 raise Exception("EAPOL_RX to wpa_supplicant failed")
989
990 # EAPOL-Key msg 2/4
991 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
992 if ev is None:
993 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
994 msg2 = ev.split(' ')[2]
995 # Do not send this to the AP
996
997 # EAPOL-Key msg 1/4 (retry)
998 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
999 if ev is None:
1000 raise Exception("Timeout on EAPOL-TX from hostapd")
1001 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
1002 if "OK" not in res:
1003 raise Exception("EAPOL_RX to wpa_supplicant failed")
1004
1005 # EAPOL-Key msg 2/4
1006 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
1007 if ev is None:
1008 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1009 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
1010 if "OK" not in res:
1011 raise Exception("EAPOL_RX to hostapd failed")
1012
1013 # EAPOL-Key msg 3/4
1014 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1015 if ev is None:
1016 raise Exception("Timeout on EAPOL-TX from hostapd")
1017 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
1018 if "OK" not in res:
1019 raise Exception("EAPOL_RX to wpa_supplicant failed")
1020
1021 # EAPOL-Key msg 4/4
1022 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
1023 if ev is None:
1024 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1025 msg4 = ev.split(' ')[2]
1026 # Do not send msg 4/4 to AP
1027
1028 # EAPOL-Key msg 3/4 (retry)
1029 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1030 if ev is None:
1031 raise Exception("Timeout on EAPOL-TX from hostapd")
1032 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
1033 if "OK" not in res:
1034 raise Exception("EAPOL_RX to wpa_supplicant failed")
1035
1036 # EAPOL-Key msg 4/4
1037 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
1038 if ev is None:
1039 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1040 msg4b = ev.split(' ')[2]
1041 # Do not send msg 4/4 to AP
1042
1043 # Send the previous EAPOL-Key msg 4/4 to AP
1044 res = hapd.request("EAPOL_RX " + addr + " " + msg4)
1045 if "OK" not in res:
1046 raise Exception("EAPOL_RX to hostapd failed")
1047
1048 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
1049 if ev is None:
1050 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
1051
1052 # Wait for PTK rekeying to be initialized
1053 # EAPOL-Key msg 1/4
1054 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1055 if ev is None:
1056 raise Exception("Timeout on EAPOL-TX from hostapd")
1057
1058 # EAPOL-Key msg 2/4 from the previous 4-way handshake
1059 # hostapd is expected to ignore this due to unexpected Replay Counter
1060 res = hapd.request("EAPOL_RX " + addr + " " + msg2)
1061 if "OK" not in res:
1062 raise Exception("EAPOL_RX to hostapd failed")
1063
1064 # EAPOL-Key msg 3/4 (actually, this ends up being retransmitted 1/4)
1065 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1066 if ev is None:
1067 raise Exception("Timeout on EAPOL-TX from hostapd")
1068 keyinfo = ev.split(' ')[2][10:14]
1069 if keyinfo != "008a":
1070 raise Exception("Unexpected key info when expected msg 1/4:" + keyinfo)
1071
1072 # EAPOL-Key msg 4/4 from the previous 4-way handshake
1073 # hostapd is expected to ignore this due to unexpected Replay Counter
1074 res = hapd.request("EAPOL_RX " + addr + " " + msg4b)
1075 if "OK" not in res:
1076 raise Exception("EAPOL_RX to hostapd failed")
1077
1078 # Check if any more EAPOL-Key frames are seen. If the second 4-way handshake
1079 # was accepted, there would be no more EAPOL-Key frames. If the Replay
1080 # Counters were rejected, there would be a retransmitted msg 1/4 here.
1081 ev = hapd.wait_event(["EAPOL-TX"], timeout=1)
1082 if ev is None:
1083 raise Exception("Did not see EAPOL-TX from hostapd in the end (expected msg 1/4)")
1084 keyinfo = ev.split(' ')[2][10:14]
1085 if keyinfo != "008a":
1086 raise Exception("Unexpected key info when expected msg 1/4:" + keyinfo)
1087
1088 def parse_eapol(data):
1089 (version, type, length) = struct.unpack('>BBH', data[0:4])
1090 payload = data[4:]
1091 if length > len(payload):
1092 raise Exception("Invalid EAPOL length")
1093 if length < len(payload):
1094 payload = payload[0:length]
1095 eapol = {}
1096 eapol['version'] = version
1097 eapol['type'] = type
1098 eapol['length'] = length
1099 eapol['payload'] = payload
1100 if type == 3:
1101 # EAPOL-Key
1102 (eapol['descr_type'],) = struct.unpack('B', payload[0:1])
1103 payload = payload[1:]
1104 if eapol['descr_type'] == 2 or eapol['descr_type'] == 254:
1105 # RSN EAPOL-Key
1106 (key_info, key_len) = struct.unpack('>HH', payload[0:4])
1107 eapol['rsn_key_info'] = key_info
1108 eapol['rsn_key_len'] = key_len
1109 eapol['rsn_replay_counter'] = payload[4:12]
1110 eapol['rsn_key_nonce'] = payload[12:44]
1111 eapol['rsn_key_iv'] = payload[44:60]
1112 eapol['rsn_key_rsc'] = payload[60:68]
1113 eapol['rsn_key_id'] = payload[68:76]
1114 eapol['rsn_key_mic'] = payload[76:92]
1115 payload = payload[92:]
1116 (eapol['rsn_key_data_len'],) = struct.unpack('>H', payload[0:2])
1117 payload = payload[2:]
1118 eapol['rsn_key_data'] = payload
1119 return eapol
1120
1121 def build_eapol(msg):
1122 data = struct.pack(">BBH", msg['version'], msg['type'], msg['length'])
1123 if msg['type'] == 3:
1124 data += struct.pack('>BHH', msg['descr_type'], msg['rsn_key_info'],
1125 msg['rsn_key_len'])
1126 data += msg['rsn_replay_counter']
1127 data += msg['rsn_key_nonce']
1128 data += msg['rsn_key_iv']
1129 data += msg['rsn_key_rsc']
1130 data += msg['rsn_key_id']
1131 data += msg['rsn_key_mic']
1132 data += struct.pack('>H', msg['rsn_key_data_len'])
1133 data += msg['rsn_key_data']
1134 else:
1135 data += msg['payload']
1136 return data
1137
1138 def sha1_prf(key, label, data, outlen):
1139 res = ''
1140 counter = 0
1141 while outlen > 0:
1142 m = hmac.new(key, label, hashlib.sha1)
1143 m.update(struct.pack('B', 0))
1144 m.update(data)
1145 m.update(struct.pack('B', counter))
1146 counter += 1
1147 hash = m.digest()
1148 if outlen > len(hash):
1149 res += hash
1150 outlen -= len(hash)
1151 else:
1152 res += hash[0:outlen]
1153 outlen = 0
1154 return res
1155
1156 def pmk_to_ptk(pmk, addr1, addr2, nonce1, nonce2):
1157 if addr1 < addr2:
1158 data = binascii.unhexlify(addr1.replace(':','')) + binascii.unhexlify(addr2.replace(':',''))
1159 else:
1160 data = binascii.unhexlify(addr2.replace(':','')) + binascii.unhexlify(addr1.replace(':',''))
1161 if nonce1 < nonce2:
1162 data += nonce1 + nonce2
1163 else:
1164 data += nonce2 + nonce1
1165 label = "Pairwise key expansion"
1166 ptk = sha1_prf(pmk, label, data, 48)
1167 kck = ptk[0:16]
1168 kek = ptk[16:32]
1169 return (ptk, kck, kek)
1170
1171 def eapol_key_mic(kck, msg):
1172 msg['rsn_key_mic'] = binascii.unhexlify('00000000000000000000000000000000')
1173 data = build_eapol(msg)
1174 m = hmac.new(kck, data, hashlib.sha1)
1175 msg['rsn_key_mic'] = m.digest()[0:16]
1176
1177 def rsn_eapol_key_set(msg, key_info, key_len, nonce, data):
1178 msg['rsn_key_info'] = key_info
1179 msg['rsn_key_len'] = key_len
1180 if nonce:
1181 msg['rsn_key_nonce'] = nonce
1182 else:
1183 msg['rsn_key_nonce'] = binascii.unhexlify('0000000000000000000000000000000000000000000000000000000000000000')
1184 if data:
1185 msg['rsn_key_data_len'] = len(data)
1186 msg['rsn_key_data'] = data
1187 msg['length'] = 95 + len(data)
1188 else:
1189 msg['rsn_key_data_len'] = 0
1190 msg['rsn_key_data'] = ''
1191 msg['length'] = 95
1192
1193 def recv_eapol(hapd):
1194 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1195 if ev is None:
1196 raise Exception("Timeout on EAPOL-TX from hostapd")
1197 eapol = binascii.unhexlify(ev.split(' ')[2])
1198 return parse_eapol(eapol)
1199
1200 def send_eapol(hapd, addr, data):
1201 res = hapd.request("EAPOL_RX " + addr + " " + binascii.hexlify(data))
1202 if "OK" not in res:
1203 raise Exception("EAPOL_RX to hostapd failed")
1204
1205 def reply_eapol(info, hapd, addr, msg, key_info, nonce, data, kck):
1206 logger.info("Send EAPOL-Key msg " + info)
1207 rsn_eapol_key_set(msg, key_info, 0, nonce, data)
1208 eapol_key_mic(kck, msg)
1209 send_eapol(hapd, addr, build_eapol(msg))
1210
1211 def hapd_connected(hapd):
1212 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
1213 if ev is None:
1214 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
1215
1216 def eapol_test(apdev, dev, wpa2=True):
1217 bssid = apdev['bssid']
1218 if wpa2:
1219 ssid = "test-wpa2-psk"
1220 else:
1221 ssid = "test-wpa-psk"
1222 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
1223 pmk = binascii.unhexlify(psk)
1224 if wpa2:
1225 params = hostapd.wpa2_params(ssid=ssid)
1226 else:
1227 params = hostapd.wpa_params(ssid=ssid)
1228 params['wpa_psk'] = psk
1229 hapd = hostapd.add_ap(apdev, params)
1230 hapd.request("SET ext_eapol_frame_io 1")
1231 dev.request("SET ext_eapol_frame_io 1")
1232 dev.connect(ssid, raw_psk=psk, scan_freq="2412", wait_connect=False)
1233 addr = dev.p2p_interface_addr()
1234 if wpa2:
1235 rsne = binascii.unhexlify('30140100000fac040100000fac040100000fac020000')
1236 else:
1237 rsne = binascii.unhexlify('dd160050f20101000050f20201000050f20201000050f202')
1238 snonce = binascii.unhexlify('1111111111111111111111111111111111111111111111111111111111111111')
1239 return (bssid,ssid,hapd,snonce,pmk,addr,rsne)
1240
1241 @remote_compatible
1242 def test_ap_wpa2_psk_ext_eapol(dev, apdev):
1243 """WPA2-PSK AP using external EAPOL supplicant"""
1244 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1245
1246 msg = recv_eapol(hapd)
1247 anonce = msg['rsn_key_nonce']
1248 logger.info("Replay same data back")
1249 send_eapol(hapd, addr, build_eapol(msg))
1250
1251 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1252
1253 logger.info("Truncated Key Data in EAPOL-Key msg 2/4")
1254 rsn_eapol_key_set(msg, 0x0101, 0, snonce, rsne)
1255 msg['length'] = 95 + 22 - 1
1256 send_eapol(hapd, addr, build_eapol(msg))
1257
1258 reply_eapol("2/4", hapd, addr, msg, 0x010a, snonce, rsne, kck)
1259
1260 msg = recv_eapol(hapd)
1261 if anonce != msg['rsn_key_nonce']:
1262 raise Exception("ANonce changed")
1263 logger.info("Replay same data back")
1264 send_eapol(hapd, addr, build_eapol(msg))
1265
1266 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
1267 hapd_connected(hapd)
1268
1269 @remote_compatible
1270 def test_ap_wpa2_psk_ext_eapol_retry1(dev, apdev):
1271 """WPA2 4-way handshake with EAPOL-Key 1/4 retransmitted"""
1272 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1273
1274 msg1 = recv_eapol(hapd)
1275 anonce = msg1['rsn_key_nonce']
1276
1277 msg2 = recv_eapol(hapd)
1278 if anonce != msg2['rsn_key_nonce']:
1279 raise Exception("ANonce changed")
1280
1281 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1282
1283 logger.info("Send EAPOL-Key msg 2/4")
1284 msg = msg2
1285 rsn_eapol_key_set(msg, 0x010a, 0, snonce, rsne)
1286 eapol_key_mic(kck, msg)
1287 send_eapol(hapd, addr, build_eapol(msg))
1288
1289 msg = recv_eapol(hapd)
1290 if anonce != msg['rsn_key_nonce']:
1291 raise Exception("ANonce changed")
1292
1293 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
1294 hapd_connected(hapd)
1295
1296 @remote_compatible
1297 def test_ap_wpa2_psk_ext_eapol_retry1b(dev, apdev):
1298 """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted"""
1299 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1300
1301 msg1 = recv_eapol(hapd)
1302 anonce = msg1['rsn_key_nonce']
1303 msg2 = recv_eapol(hapd)
1304 if anonce != msg2['rsn_key_nonce']:
1305 raise Exception("ANonce changed")
1306
1307 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1308 reply_eapol("2/4 (a)", hapd, addr, msg1, 0x010a, snonce, rsne, kck)
1309 reply_eapol("2/4 (b)", hapd, addr, msg2, 0x010a, snonce, rsne, kck)
1310
1311 msg = recv_eapol(hapd)
1312 if anonce != msg['rsn_key_nonce']:
1313 raise Exception("ANonce changed")
1314
1315 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
1316 hapd_connected(hapd)
1317
1318 @remote_compatible
1319 def test_ap_wpa2_psk_ext_eapol_retry1c(dev, apdev):
1320 """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted and SNonce changing"""
1321 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1322
1323 msg1 = recv_eapol(hapd)
1324 anonce = msg1['rsn_key_nonce']
1325
1326 msg2 = recv_eapol(hapd)
1327 if anonce != msg2['rsn_key_nonce']:
1328 raise Exception("ANonce changed")
1329 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1330 reply_eapol("2/4 (a)", hapd, addr, msg1, 0x010a, snonce, rsne, kck)
1331
1332 snonce2 = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1333 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce2, anonce)
1334 reply_eapol("2/4 (b)", hapd, addr, msg2, 0x010a, snonce2, rsne, kck)
1335
1336 msg = recv_eapol(hapd)
1337 if anonce != msg['rsn_key_nonce']:
1338 raise Exception("ANonce changed")
1339 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
1340 hapd_connected(hapd)
1341
1342 @remote_compatible
1343 def test_ap_wpa2_psk_ext_eapol_retry1d(dev, apdev):
1344 """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted and SNonce changing and older used"""
1345 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1346
1347 msg1 = recv_eapol(hapd)
1348 anonce = msg1['rsn_key_nonce']
1349 msg2 = recv_eapol(hapd)
1350 if anonce != msg2['rsn_key_nonce']:
1351 raise Exception("ANonce changed")
1352
1353 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1354 reply_eapol("2/4 (a)", hapd, addr, msg1, 0x010a, snonce, rsne, kck)
1355
1356 snonce2 = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1357 (ptk2, kck2, kek2) = pmk_to_ptk(pmk, addr, bssid, snonce2, anonce)
1358
1359 reply_eapol("2/4 (b)", hapd, addr, msg2, 0x010a, snonce2, rsne, kck2)
1360 msg = recv_eapol(hapd)
1361 if anonce != msg['rsn_key_nonce']:
1362 raise Exception("ANonce changed")
1363 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
1364 hapd_connected(hapd)
1365
1366 @remote_compatible
1367 def test_ap_wpa2_psk_ext_eapol_type_diff(dev, apdev):
1368 """WPA2 4-way handshake using external EAPOL supplicant"""
1369 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1370
1371 msg = recv_eapol(hapd)
1372 anonce = msg['rsn_key_nonce']
1373
1374 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1375
1376 # Incorrect descriptor type (frame dropped)
1377 msg['descr_type'] = 253
1378 rsn_eapol_key_set(msg, 0x010a, 0, snonce, rsne)
1379 eapol_key_mic(kck, msg)
1380 send_eapol(hapd, addr, build_eapol(msg))
1381
1382 # Incorrect descriptor type, but with a workaround (frame processed)
1383 msg['descr_type'] = 254
1384 rsn_eapol_key_set(msg, 0x010a, 0, snonce, rsne)
1385 eapol_key_mic(kck, msg)
1386 send_eapol(hapd, addr, build_eapol(msg))
1387
1388 msg = recv_eapol(hapd)
1389 if anonce != msg['rsn_key_nonce']:
1390 raise Exception("ANonce changed")
1391 logger.info("Replay same data back")
1392 send_eapol(hapd, addr, build_eapol(msg))
1393
1394 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
1395 hapd_connected(hapd)
1396
1397 @remote_compatible
1398 def test_ap_wpa_psk_ext_eapol(dev, apdev):
1399 """WPA2-PSK AP using external EAPOL supplicant"""
1400 (bssid,ssid,hapd,snonce,pmk,addr,wpae) = eapol_test(apdev[0], dev[0],
1401 wpa2=False)
1402
1403 msg = recv_eapol(hapd)
1404 anonce = msg['rsn_key_nonce']
1405 logger.info("Replay same data back")
1406 send_eapol(hapd, addr, build_eapol(msg))
1407 logger.info("Too short data")
1408 send_eapol(hapd, addr, build_eapol(msg)[0:98])
1409
1410 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1411 msg['descr_type'] = 2
1412 reply_eapol("2/4(invalid type)", hapd, addr, msg, 0x010a, snonce, wpae, kck)
1413 msg['descr_type'] = 254
1414 reply_eapol("2/4", hapd, addr, msg, 0x010a, snonce, wpae, kck)
1415
1416 msg = recv_eapol(hapd)
1417 if anonce != msg['rsn_key_nonce']:
1418 raise Exception("ANonce changed")
1419 logger.info("Replay same data back")
1420 send_eapol(hapd, addr, build_eapol(msg))
1421
1422 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
1423 hapd_connected(hapd)
1424
1425 @remote_compatible
1426 def test_ap_wpa2_psk_ext_eapol_key_info(dev, apdev):
1427 """WPA2-PSK 4-way handshake with strange key info values"""
1428 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1429
1430 msg = recv_eapol(hapd)
1431 anonce = msg['rsn_key_nonce']
1432
1433 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1434 rsn_eapol_key_set(msg, 0x0000, 0, snonce, rsne)
1435 send_eapol(hapd, addr, build_eapol(msg))
1436 rsn_eapol_key_set(msg, 0xffff, 0, snonce, rsne)
1437 send_eapol(hapd, addr, build_eapol(msg))
1438 # SMK M1
1439 rsn_eapol_key_set(msg, 0x2802, 0, snonce, rsne)
1440 send_eapol(hapd, addr, build_eapol(msg))
1441 # SMK M3
1442 rsn_eapol_key_set(msg, 0x2002, 0, snonce, rsne)
1443 send_eapol(hapd, addr, build_eapol(msg))
1444 # Request
1445 rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne)
1446 send_eapol(hapd, addr, build_eapol(msg))
1447 # Request
1448 rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne)
1449 tmp_kck = binascii.unhexlify('00000000000000000000000000000000')
1450 eapol_key_mic(tmp_kck, msg)
1451 send_eapol(hapd, addr, build_eapol(msg))
1452
1453 reply_eapol("2/4", hapd, addr, msg, 0x010a, snonce, rsne, kck)
1454
1455 msg = recv_eapol(hapd)
1456 if anonce != msg['rsn_key_nonce']:
1457 raise Exception("ANonce changed")
1458
1459 # Request (valic MIC)
1460 rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne)
1461 eapol_key_mic(kck, msg)
1462 send_eapol(hapd, addr, build_eapol(msg))
1463 # Request (valid MIC, replayed counter)
1464 rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne)
1465 eapol_key_mic(kck, msg)
1466 send_eapol(hapd, addr, build_eapol(msg))
1467
1468 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
1469 hapd_connected(hapd)
1470
1471 def build_eapol_key_1_4(anonce, replay_counter=1, key_data='', key_len=16):
1472 msg = {}
1473 msg['version'] = 2
1474 msg['type'] = 3
1475 msg['length'] = 95 + len(key_data)
1476
1477 msg['descr_type'] = 2
1478 msg['rsn_key_info'] = 0x8a
1479 msg['rsn_key_len'] = key_len
1480 msg['rsn_replay_counter'] = struct.pack('>Q', replay_counter)
1481 msg['rsn_key_nonce'] = anonce
1482 msg['rsn_key_iv'] = binascii.unhexlify('00000000000000000000000000000000')
1483 msg['rsn_key_rsc'] = binascii.unhexlify('0000000000000000')
1484 msg['rsn_key_id'] = binascii.unhexlify('0000000000000000')
1485 msg['rsn_key_mic'] = binascii.unhexlify('00000000000000000000000000000000')
1486 msg['rsn_key_data_len'] = len(key_data)
1487 msg['rsn_key_data'] = key_data
1488 return msg
1489
1490 def build_eapol_key_3_4(anonce, kck, key_data, replay_counter=2,
1491 key_info=0x13ca, extra_len=0, descr_type=2, key_len=16):
1492 msg = {}
1493 msg['version'] = 2
1494 msg['type'] = 3
1495 msg['length'] = 95 + len(key_data) + extra_len
1496
1497 msg['descr_type'] = descr_type
1498 msg['rsn_key_info'] = key_info
1499 msg['rsn_key_len'] = key_len
1500 msg['rsn_replay_counter'] = struct.pack('>Q', replay_counter)
1501 msg['rsn_key_nonce'] = anonce
1502 msg['rsn_key_iv'] = binascii.unhexlify('00000000000000000000000000000000')
1503 msg['rsn_key_rsc'] = binascii.unhexlify('0000000000000000')
1504 msg['rsn_key_id'] = binascii.unhexlify('0000000000000000')
1505 msg['rsn_key_data_len'] = len(key_data)
1506 msg['rsn_key_data'] = key_data
1507 eapol_key_mic(kck, msg)
1508 return msg
1509
1510 def aes_wrap(kek, plain):
1511 n = len(plain) / 8
1512 a = 0xa6a6a6a6a6a6a6a6
1513 enc = AES.new(kek).encrypt
1514 r = [plain[i * 8:(i + 1) * 8] for i in range(0, n)]
1515 for j in range(6):
1516 for i in range(1, n + 1):
1517 b = enc(struct.pack('>Q', a) + r[i - 1])
1518 a = struct.unpack('>Q', b[:8])[0] ^ (n * j + i)
1519 r[i - 1] =b[8:]
1520 return struct.pack('>Q', a) + ''.join(r)
1521
1522 def pad_key_data(plain):
1523 pad_len = len(plain) % 8
1524 if pad_len:
1525 pad_len = 8 - pad_len
1526 plain += '\xdd'
1527 pad_len -= 1
1528 plain += pad_len * '\0'
1529 return plain
1530
1531 def test_ap_wpa2_psk_supp_proto(dev, apdev):
1532 """WPA2-PSK 4-way handshake protocol testing for supplicant"""
1533 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1534
1535 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1536 msg = recv_eapol(hapd)
1537 dev[0].dump_monitor()
1538
1539 # Build own EAPOL-Key msg 1/4
1540 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1541 counter = 1
1542 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1543 counter += 1
1544 send_eapol(dev[0], bssid, build_eapol(msg))
1545 msg = recv_eapol(dev[0])
1546 snonce = msg['rsn_key_nonce']
1547
1548 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1549
1550 logger.debug("Invalid AES wrap data length 0")
1551 dev[0].dump_monitor()
1552 msg = build_eapol_key_3_4(anonce, kck, '', replay_counter=counter)
1553 counter += 1
1554 send_eapol(dev[0], bssid, build_eapol(msg))
1555 ev = dev[0].wait_event(["WPA: Unsupported AES-WRAP len 0"])
1556 if ev is None:
1557 raise Exception("Unsupported AES-WRAP len 0 not reported")
1558
1559 logger.debug("Invalid AES wrap data length 1")
1560 dev[0].dump_monitor()
1561 msg = build_eapol_key_3_4(anonce, kck, '1', replay_counter=counter)
1562 counter += 1
1563 send_eapol(dev[0], bssid, build_eapol(msg))
1564 ev = dev[0].wait_event(["WPA: Unsupported AES-WRAP len 1"])
1565 if ev is None:
1566 raise Exception("Unsupported AES-WRAP len 1 not reported")
1567
1568 logger.debug("Invalid AES wrap data length 9")
1569 dev[0].dump_monitor()
1570 msg = build_eapol_key_3_4(anonce, kck, '123456789', replay_counter=counter)
1571 counter += 1
1572 send_eapol(dev[0], bssid, build_eapol(msg))
1573 ev = dev[0].wait_event(["WPA: Unsupported AES-WRAP len 9"])
1574 if ev is None:
1575 raise Exception("Unsupported AES-WRAP len 9 not reported")
1576
1577 logger.debug("Invalid AES wrap data payload")
1578 dev[0].dump_monitor()
1579 msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter)
1580 # do not increment counter to test replay protection
1581 send_eapol(dev[0], bssid, build_eapol(msg))
1582 ev = dev[0].wait_event(["WPA: AES unwrap failed"])
1583 if ev is None:
1584 raise Exception("AES unwrap failure not reported")
1585
1586 logger.debug("Replay Count not increasing")
1587 dev[0].dump_monitor()
1588 msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter)
1589 counter += 1
1590 send_eapol(dev[0], bssid, build_eapol(msg))
1591 ev = dev[0].wait_event(["WPA: EAPOL-Key Replay Counter did not increase"])
1592 if ev is None:
1593 raise Exception("Replay Counter replay not reported")
1594
1595 logger.debug("Missing Ack bit in key info")
1596 dev[0].dump_monitor()
1597 msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter,
1598 key_info=0x134a)
1599 counter += 1
1600 send_eapol(dev[0], bssid, build_eapol(msg))
1601 ev = dev[0].wait_event(["WPA: No Ack bit in key_info"])
1602 if ev is None:
1603 raise Exception("Missing Ack bit not reported")
1604
1605 logger.debug("Unexpected Request bit in key info")
1606 dev[0].dump_monitor()
1607 msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter,
1608 key_info=0x1bca)
1609 counter += 1
1610 send_eapol(dev[0], bssid, build_eapol(msg))
1611 ev = dev[0].wait_event(["WPA: EAPOL-Key with Request bit"])
1612 if ev is None:
1613 raise Exception("Request bit not reported")
1614
1615 logger.debug("Unsupported key descriptor version 0")
1616 dev[0].dump_monitor()
1617 msg = build_eapol_key_3_4(anonce, kck, '0123456789abcdef',
1618 replay_counter=counter, key_info=0x13c8)
1619 counter += 1
1620 send_eapol(dev[0], bssid, build_eapol(msg))
1621 ev = dev[0].wait_event(["WPA: Unsupported EAPOL-Key descriptor version 0"])
1622 if ev is None:
1623 raise Exception("Unsupported EAPOL-Key descriptor version 0 not reported")
1624
1625 logger.debug("Key descriptor version 1 not allowed with CCMP")
1626 dev[0].dump_monitor()
1627 msg = build_eapol_key_3_4(anonce, kck, '0123456789abcdef',
1628 replay_counter=counter, key_info=0x13c9)
1629 counter += 1
1630 send_eapol(dev[0], bssid, build_eapol(msg))
1631 ev = dev[0].wait_event(["WPA: CCMP is used, but EAPOL-Key descriptor version (1) is not 2"])
1632 if ev is None:
1633 raise Exception("Not allowed EAPOL-Key descriptor version not reported")
1634
1635 logger.debug("Invalid AES wrap payload with key descriptor version 2")
1636 dev[0].dump_monitor()
1637 msg = build_eapol_key_3_4(anonce, kck, '0123456789abcdef',
1638 replay_counter=counter, key_info=0x13ca)
1639 counter += 1
1640 send_eapol(dev[0], bssid, build_eapol(msg))
1641 ev = dev[0].wait_event(["WPA: AES unwrap failed"])
1642 if ev is None:
1643 raise Exception("AES unwrap failure not reported")
1644
1645 logger.debug("Key descriptor version 3 workaround")
1646 dev[0].dump_monitor()
1647 msg = build_eapol_key_3_4(anonce, kck, '0123456789abcdef',
1648 replay_counter=counter, key_info=0x13cb)
1649 counter += 1
1650 send_eapol(dev[0], bssid, build_eapol(msg))
1651 ev = dev[0].wait_event(["WPA: CCMP is used, but EAPOL-Key descriptor version (3) is not 2"])
1652 if ev is None:
1653 raise Exception("CCMP key descriptor mismatch not reported")
1654 ev = dev[0].wait_event(["WPA: Interoperability workaround"])
1655 if ev is None:
1656 raise Exception("AES-128-CMAC workaround not reported")
1657 ev = dev[0].wait_event(["WPA: Invalid EAPOL-Key MIC - dropping packet"])
1658 if ev is None:
1659 raise Exception("MIC failure with AES-128-CMAC workaround not reported")
1660
1661 logger.debug("Unsupported key descriptor version 4")
1662 dev[0].dump_monitor()
1663 msg = build_eapol_key_3_4(anonce, kck, '0123456789abcdef',
1664 replay_counter=counter, key_info=0x13cc)
1665 counter += 1
1666 send_eapol(dev[0], bssid, build_eapol(msg))
1667 ev = dev[0].wait_event(["WPA: Unsupported EAPOL-Key descriptor version 4"])
1668 if ev is None:
1669 raise Exception("Unsupported EAPOL-Key descriptor version 4 not reported")
1670
1671 logger.debug("Unsupported key descriptor version 7")
1672 dev[0].dump_monitor()
1673 msg = build_eapol_key_3_4(anonce, kck, '0123456789abcdef',
1674 replay_counter=counter, key_info=0x13cf)
1675 counter += 1
1676 send_eapol(dev[0], bssid, build_eapol(msg))
1677 ev = dev[0].wait_event(["WPA: Unsupported EAPOL-Key descriptor version 7"])
1678 if ev is None:
1679 raise Exception("Unsupported EAPOL-Key descriptor version 7 not reported")
1680
1681 logger.debug("Too short EAPOL header length")
1682 dev[0].dump_monitor()
1683 msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter,
1684 extra_len=-1)
1685 counter += 1
1686 send_eapol(dev[0], bssid, build_eapol(msg))
1687 ev = dev[0].wait_event(["WPA: Invalid EAPOL-Key frame - key_data overflow (8 > 7)"])
1688 if ev is None:
1689 raise Exception("Key data overflow not reported")
1690
1691 logger.debug("Too long EAPOL header length")
1692 msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter,
1693 extra_len=1)
1694 counter += 1
1695 send_eapol(dev[0], bssid, build_eapol(msg))
1696
1697 logger.debug("Unsupported descriptor type 0")
1698 msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter,
1699 descr_type=0)
1700 counter += 1
1701 send_eapol(dev[0], bssid, build_eapol(msg))
1702
1703 logger.debug("WPA descriptor type 0")
1704 msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter,
1705 descr_type=254)
1706 counter += 1
1707 send_eapol(dev[0], bssid, build_eapol(msg))
1708
1709 logger.debug("Non-zero key index for pairwise key")
1710 dev[0].dump_monitor()
1711 wrapped = aes_wrap(kek, 16*'z')
1712 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
1713 key_info=0x13ea)
1714 counter += 1
1715 send_eapol(dev[0], bssid, build_eapol(msg))
1716 ev = dev[0].wait_event(["WPA: Ignored EAPOL-Key (Pairwise) with non-zero key index"])
1717 if ev is None:
1718 raise Exception("Non-zero key index not reported")
1719
1720 logger.debug("Invalid Key Data plaintext payload --> disconnect")
1721 dev[0].dump_monitor()
1722 wrapped = aes_wrap(kek, 16*'z')
1723 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1724 counter += 1
1725 send_eapol(dev[0], bssid, build_eapol(msg))
1726 dev[0].wait_disconnected(timeout=1)
1727
1728 def test_ap_wpa2_psk_supp_proto_no_ie(dev, apdev):
1729 """WPA2-PSK supplicant protocol testing: IE not included"""
1730 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1731
1732 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1733 msg = recv_eapol(hapd)
1734 dev[0].dump_monitor()
1735
1736 # Build own EAPOL-Key msg 1/4
1737 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1738 counter = 1
1739 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1740 counter += 1
1741 send_eapol(dev[0], bssid, build_eapol(msg))
1742 msg = recv_eapol(dev[0])
1743 snonce = msg['rsn_key_nonce']
1744
1745 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1746
1747 logger.debug("No IEs in msg 3/4 --> disconnect")
1748 dev[0].dump_monitor()
1749 wrapped = aes_wrap(kek, 16*'\0')
1750 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1751 counter += 1
1752 send_eapol(dev[0], bssid, build_eapol(msg))
1753 dev[0].wait_disconnected(timeout=1)
1754
1755 def test_ap_wpa2_psk_supp_proto_ie_mismatch(dev, apdev):
1756 """WPA2-PSK supplicant protocol testing: IE mismatch"""
1757 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1758
1759 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1760 msg = recv_eapol(hapd)
1761 dev[0].dump_monitor()
1762
1763 # Build own EAPOL-Key msg 1/4
1764 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1765 counter = 1
1766 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1767 counter += 1
1768 send_eapol(dev[0], bssid, build_eapol(msg))
1769 msg = recv_eapol(dev[0])
1770 snonce = msg['rsn_key_nonce']
1771
1772 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1773
1774 logger.debug("Msg 3/4 with mismatching IE")
1775 dev[0].dump_monitor()
1776 wrapped = aes_wrap(kek, pad_key_data(binascii.unhexlify('30060100000fac04dd16000fac010100dc11188831bf4aa4a8678d2b41498618')))
1777 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1778 counter += 1
1779 send_eapol(dev[0], bssid, build_eapol(msg))
1780 dev[0].wait_disconnected(timeout=1)
1781
1782 def test_ap_wpa2_psk_supp_proto_ok(dev, apdev):
1783 """WPA2-PSK supplicant protocol testing: success"""
1784 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1785
1786 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1787 msg = recv_eapol(hapd)
1788 dev[0].dump_monitor()
1789
1790 # Build own EAPOL-Key msg 1/4
1791 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1792 counter = 1
1793 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1794 counter += 1
1795 send_eapol(dev[0], bssid, build_eapol(msg))
1796 msg = recv_eapol(dev[0])
1797 snonce = msg['rsn_key_nonce']
1798
1799 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1800
1801 logger.debug("Valid EAPOL-Key msg 3/4")
1802 dev[0].dump_monitor()
1803 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
1804 wrapped = aes_wrap(kek, pad_key_data(plain))
1805 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1806 counter += 1
1807 send_eapol(dev[0], bssid, build_eapol(msg))
1808 dev[0].wait_connected(timeout=1)
1809
1810 def test_ap_wpa2_psk_supp_proto_no_gtk(dev, apdev):
1811 """WPA2-PSK supplicant protocol testing: no GTK"""
1812 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1813
1814 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1815 msg = recv_eapol(hapd)
1816 dev[0].dump_monitor()
1817
1818 # Build own EAPOL-Key msg 1/4
1819 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1820 counter = 1
1821 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1822 counter += 1
1823 send_eapol(dev[0], bssid, build_eapol(msg))
1824 msg = recv_eapol(dev[0])
1825 snonce = msg['rsn_key_nonce']
1826
1827 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1828
1829 logger.debug("EAPOL-Key msg 3/4 without GTK KDE")
1830 dev[0].dump_monitor()
1831 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00')
1832 wrapped = aes_wrap(kek, pad_key_data(plain))
1833 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1834 counter += 1
1835 send_eapol(dev[0], bssid, build_eapol(msg))
1836 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.1)
1837 if ev is not None:
1838 raise Exception("Unexpected connection completion reported")
1839
1840 def test_ap_wpa2_psk_supp_proto_anonce_change(dev, apdev):
1841 """WPA2-PSK supplicant protocol testing: ANonce change"""
1842 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1843
1844 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1845 msg = recv_eapol(hapd)
1846 dev[0].dump_monitor()
1847
1848 # Build own EAPOL-Key msg 1/4
1849 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1850 counter = 1
1851 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1852 counter += 1
1853 send_eapol(dev[0], bssid, build_eapol(msg))
1854 msg = recv_eapol(dev[0])
1855 snonce = msg['rsn_key_nonce']
1856
1857 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1858
1859 logger.debug("Valid EAPOL-Key msg 3/4")
1860 dev[0].dump_monitor()
1861 anonce2 = binascii.unhexlify('3333333333333333333333333333333333333333333333333333333333333333')
1862 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
1863 wrapped = aes_wrap(kek, pad_key_data(plain))
1864 msg = build_eapol_key_3_4(anonce2, kck, wrapped, replay_counter=counter)
1865 counter += 1
1866 send_eapol(dev[0], bssid, build_eapol(msg))
1867 ev = dev[0].wait_event(["WPA: ANonce from message 1 of 4-Way Handshake differs from 3 of 4-Way Handshake"])
1868 if ev is None:
1869 raise Exception("ANonce change not reported")
1870
1871 def test_ap_wpa2_psk_supp_proto_unexpected_group_msg(dev, apdev):
1872 """WPA2-PSK supplicant protocol testing: unexpected group message"""
1873 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1874
1875 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1876 msg = recv_eapol(hapd)
1877 dev[0].dump_monitor()
1878
1879 # Build own EAPOL-Key msg 1/4
1880 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1881 counter = 1
1882 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1883 counter += 1
1884 send_eapol(dev[0], bssid, build_eapol(msg))
1885 msg = recv_eapol(dev[0])
1886 snonce = msg['rsn_key_nonce']
1887
1888 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1889
1890 logger.debug("Group key 1/2 instead of msg 3/4")
1891 dev[0].dump_monitor()
1892 wrapped = aes_wrap(kek, binascii.unhexlify('dd16000fac010100dc11188831bf4aa4a8678d2b41498618'))
1893 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
1894 key_info=0x13c2)
1895 counter += 1
1896 send_eapol(dev[0], bssid, build_eapol(msg))
1897 ev = dev[0].wait_event(["WPA: Group Key Handshake started prior to completion of 4-way handshake"])
1898 if ev is None:
1899 raise Exception("Unexpected group key message not reported")
1900 dev[0].wait_disconnected(timeout=1)
1901
1902 @remote_compatible
1903 def test_ap_wpa2_psk_supp_proto_msg_1_invalid_kde(dev, apdev):
1904 """WPA2-PSK supplicant protocol testing: invalid KDE in msg 1/4"""
1905 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1906
1907 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1908 msg = recv_eapol(hapd)
1909 dev[0].dump_monitor()
1910
1911 # Build own EAPOL-Key msg 1/4 with invalid KDE
1912 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1913 counter = 1
1914 msg = build_eapol_key_1_4(anonce, replay_counter=counter,
1915 key_data=binascii.unhexlify('5555'))
1916 counter += 1
1917 send_eapol(dev[0], bssid, build_eapol(msg))
1918 dev[0].wait_disconnected(timeout=1)
1919
1920 def test_ap_wpa2_psk_supp_proto_wrong_pairwise_key_len(dev, apdev):
1921 """WPA2-PSK supplicant protocol testing: wrong pairwise key length"""
1922 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1923
1924 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1925 msg = recv_eapol(hapd)
1926 dev[0].dump_monitor()
1927
1928 # Build own EAPOL-Key msg 1/4
1929 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1930 counter = 1
1931 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1932 counter += 1
1933 send_eapol(dev[0], bssid, build_eapol(msg))
1934 msg = recv_eapol(dev[0])
1935 snonce = msg['rsn_key_nonce']
1936
1937 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1938
1939 logger.debug("Valid EAPOL-Key msg 3/4")
1940 dev[0].dump_monitor()
1941 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
1942 wrapped = aes_wrap(kek, pad_key_data(plain))
1943 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
1944 key_len=15)
1945 counter += 1
1946 send_eapol(dev[0], bssid, build_eapol(msg))
1947 ev = dev[0].wait_event(["WPA: Invalid CCMP key length 15"])
1948 if ev is None:
1949 raise Exception("Invalid CCMP key length not reported")
1950 dev[0].wait_disconnected(timeout=1)
1951
1952 def test_ap_wpa2_psk_supp_proto_wrong_group_key_len(dev, apdev):
1953 """WPA2-PSK supplicant protocol testing: wrong group key length"""
1954 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1955
1956 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1957 msg = recv_eapol(hapd)
1958 dev[0].dump_monitor()
1959
1960 # Build own EAPOL-Key msg 1/4
1961 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1962 counter = 1
1963 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1964 counter += 1
1965 send_eapol(dev[0], bssid, build_eapol(msg))
1966 msg = recv_eapol(dev[0])
1967 snonce = msg['rsn_key_nonce']
1968
1969 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1970
1971 logger.debug("Valid EAPOL-Key msg 3/4")
1972 dev[0].dump_monitor()
1973 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd15000fac010100dc11188831bf4aa4a8678d2b414986')
1974 wrapped = aes_wrap(kek, pad_key_data(plain))
1975 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1976 counter += 1
1977 send_eapol(dev[0], bssid, build_eapol(msg))
1978 ev = dev[0].wait_event(["WPA: Unsupported CCMP Group Cipher key length 15"])
1979 if ev is None:
1980 raise Exception("Invalid CCMP key length not reported")
1981 dev[0].wait_disconnected(timeout=1)
1982
1983 def test_ap_wpa2_psk_supp_proto_gtk_tx_bit_workaround(dev, apdev):
1984 """WPA2-PSK supplicant protocol testing: GTK TX bit workaround"""
1985 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1986
1987 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1988 msg = recv_eapol(hapd)
1989 dev[0].dump_monitor()
1990
1991 # Build own EAPOL-Key msg 1/4
1992 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1993 counter = 1
1994 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1995 counter += 1
1996 send_eapol(dev[0], bssid, build_eapol(msg))
1997 msg = recv_eapol(dev[0])
1998 snonce = msg['rsn_key_nonce']
1999
2000 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
2001
2002 logger.debug("Valid EAPOL-Key msg 3/4")
2003 dev[0].dump_monitor()
2004 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010500dc11188831bf4aa4a8678d2b41498618')
2005 wrapped = aes_wrap(kek, pad_key_data(plain))
2006 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
2007 counter += 1
2008 send_eapol(dev[0], bssid, build_eapol(msg))
2009 ev = dev[0].wait_event(["WPA: Tx bit set for GTK, but pairwise keys are used - ignore Tx bit"])
2010 if ev is None:
2011 raise Exception("GTK Tx bit workaround not reported")
2012 dev[0].wait_connected(timeout=1)
2013
2014 def test_ap_wpa2_psk_supp_proto_gtk_keyidx_0_and_3(dev, apdev):
2015 """WPA2-PSK supplicant protocol testing: GTK key index 0 and 3"""
2016 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
2017
2018 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2019 msg = recv_eapol(hapd)
2020 dev[0].dump_monitor()
2021
2022 # Build own EAPOL-Key msg 1/4
2023 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2024 counter = 1
2025 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
2026 counter += 1
2027 send_eapol(dev[0], bssid, build_eapol(msg))
2028 msg = recv_eapol(dev[0])
2029 snonce = msg['rsn_key_nonce']
2030
2031 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
2032
2033 logger.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)")
2034 dev[0].dump_monitor()
2035 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618')
2036 wrapped = aes_wrap(kek, pad_key_data(plain))
2037 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
2038 counter += 1
2039 send_eapol(dev[0], bssid, build_eapol(msg))
2040 dev[0].wait_connected(timeout=1)
2041
2042 logger.debug("Valid EAPOL-Key group msg 1/2 (GTK keyidx 3)")
2043 dev[0].dump_monitor()
2044 plain = binascii.unhexlify('dd16000fac010300dc11188831bf4aa4a8678d2b41498618')
2045 wrapped = aes_wrap(kek, pad_key_data(plain))
2046 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
2047 key_info=0x13c2)
2048 counter += 1
2049 send_eapol(dev[0], bssid, build_eapol(msg))
2050 msg = recv_eapol(dev[0])
2051 ev = dev[0].wait_event(["WPA: Group rekeying completed"])
2052 if ev is None:
2053 raise Exception("GTK rekeing not reported")
2054
2055 logger.debug("Unencrypted GTK KDE in group msg 1/2")
2056 dev[0].dump_monitor()
2057 plain = binascii.unhexlify('dd16000fac010300dc11188831bf4aa4a8678d2b41498618')
2058 msg = build_eapol_key_3_4(anonce, kck, plain, replay_counter=counter,
2059 key_info=0x03c2)
2060 counter += 1
2061 send_eapol(dev[0], bssid, build_eapol(msg))
2062 ev = dev[0].wait_event(["WPA: GTK IE in unencrypted key data"])
2063 if ev is None:
2064 raise Exception("Unencrypted GTK KDE not reported")
2065 dev[0].wait_disconnected(timeout=1)
2066
2067 def test_ap_wpa2_psk_supp_proto_no_gtk_in_group_msg(dev, apdev):
2068 """WPA2-PSK supplicant protocol testing: GTK KDE missing from group msg"""
2069 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
2070
2071 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2072 msg = recv_eapol(hapd)
2073 dev[0].dump_monitor()
2074
2075 # Build own EAPOL-Key msg 1/4
2076 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2077 counter = 1
2078 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
2079 counter += 1
2080 send_eapol(dev[0], bssid, build_eapol(msg))
2081 msg = recv_eapol(dev[0])
2082 snonce = msg['rsn_key_nonce']
2083
2084 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
2085
2086 logger.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)")
2087 dev[0].dump_monitor()
2088 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618')
2089 wrapped = aes_wrap(kek, pad_key_data(plain))
2090 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
2091 counter += 1
2092 send_eapol(dev[0], bssid, build_eapol(msg))
2093 dev[0].wait_connected(timeout=1)
2094
2095 logger.debug("No GTK KDE in EAPOL-Key group msg 1/2")
2096 dev[0].dump_monitor()
2097 plain = binascii.unhexlify('dd00dd00dd00dd00dd00dd00dd00dd00')
2098 wrapped = aes_wrap(kek, pad_key_data(plain))
2099 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
2100 key_info=0x13c2)
2101 counter += 1
2102 send_eapol(dev[0], bssid, build_eapol(msg))
2103 ev = dev[0].wait_event(["WPA: No GTK IE in Group Key msg 1/2"])
2104 if ev is None:
2105 raise Exception("Missing GTK KDE not reported")
2106 dev[0].wait_disconnected(timeout=1)
2107
2108 def test_ap_wpa2_psk_supp_proto_too_long_gtk_in_group_msg(dev, apdev):
2109 """WPA2-PSK supplicant protocol testing: too long GTK KDE in group msg"""
2110 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
2111
2112 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2113 msg = recv_eapol(hapd)
2114 dev[0].dump_monitor()
2115
2116 # Build own EAPOL-Key msg 1/4
2117 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2118 counter = 1
2119 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
2120 counter += 1
2121 send_eapol(dev[0], bssid, build_eapol(msg))
2122 msg = recv_eapol(dev[0])
2123 snonce = msg['rsn_key_nonce']
2124
2125 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
2126
2127 logger.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)")
2128 dev[0].dump_monitor()
2129 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618')
2130 wrapped = aes_wrap(kek, pad_key_data(plain))
2131 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
2132 counter += 1
2133 send_eapol(dev[0], bssid, build_eapol(msg))
2134 dev[0].wait_connected(timeout=1)
2135
2136 logger.debug("EAPOL-Key group msg 1/2 with too long GTK KDE")
2137 dev[0].dump_monitor()
2138 plain = binascii.unhexlify('dd27000fac010100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff')
2139 wrapped = aes_wrap(kek, pad_key_data(plain))
2140 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
2141 key_info=0x13c2)
2142 counter += 1
2143 send_eapol(dev[0], bssid, build_eapol(msg))
2144 ev = dev[0].wait_event(["WPA: Unsupported CCMP Group Cipher key length 33"])
2145 if ev is None:
2146 raise Exception("Too long GTK KDE not reported")
2147 dev[0].wait_disconnected(timeout=1)
2148
2149 def test_ap_wpa2_psk_supp_proto_too_long_gtk_kde(dev, apdev):
2150 """WPA2-PSK supplicant protocol testing: too long GTK KDE"""
2151 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
2152
2153 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2154 msg = recv_eapol(hapd)
2155 dev[0].dump_monitor()
2156
2157 # Build own EAPOL-Key msg 1/4
2158 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2159 counter = 1
2160 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
2161 counter += 1
2162 send_eapol(dev[0], bssid, build_eapol(msg))
2163 msg = recv_eapol(dev[0])
2164 snonce = msg['rsn_key_nonce']
2165
2166 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
2167
2168 logger.debug("EAPOL-Key msg 3/4 with too short GTK KDE")
2169 dev[0].dump_monitor()
2170 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd27000fac010100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff')
2171 wrapped = aes_wrap(kek, pad_key_data(plain))
2172 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
2173 counter += 1
2174 send_eapol(dev[0], bssid, build_eapol(msg))
2175 dev[0].wait_disconnected(timeout=1)
2176
2177 def test_ap_wpa2_psk_supp_proto_gtk_not_encrypted(dev, apdev):
2178 """WPA2-PSK supplicant protocol testing: GTK KDE not encrypted"""
2179 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
2180
2181 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2182 msg = recv_eapol(hapd)
2183 dev[0].dump_monitor()
2184
2185 # Build own EAPOL-Key msg 1/4
2186 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2187 counter = 1
2188 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
2189 counter += 1
2190 send_eapol(dev[0], bssid, build_eapol(msg))
2191 msg = recv_eapol(dev[0])
2192 snonce = msg['rsn_key_nonce']
2193
2194 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
2195
2196 logger.debug("Valid EAPOL-Key msg 3/4")
2197 dev[0].dump_monitor()
2198 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
2199 msg = build_eapol_key_3_4(anonce, kck, plain, replay_counter=counter,
2200 key_info=0x03ca)
2201 counter += 1
2202 send_eapol(dev[0], bssid, build_eapol(msg))
2203 ev = dev[0].wait_event(["WPA: GTK IE in unencrypted key data"])
2204 if ev is None:
2205 raise Exception("Unencrypted GTK KDE not reported")
2206 dev[0].wait_disconnected(timeout=1)
2207
2208 def find_wpas_process(dev):
2209 ifname = dev.ifname
2210 err, data = dev.cmd_execute(['ps', 'ax'])
2211 for l in data.splitlines():
2212 if "wpa_supplicant" not in l:
2213 continue
2214 if "-i" + ifname not in l:
2215 continue
2216 return int(l.strip().split(' ')[0])
2217 raise Exception("Could not find wpa_supplicant process")
2218
2219 def read_process_memory(pid, key=None):
2220 buf = bytes()
2221 logger.info("Reading process memory (pid=%d)" % pid)
2222 with open('/proc/%d/maps' % pid, 'r') as maps, \
2223 open('/proc/%d/mem' % pid, 'r') as mem:
2224 for l in maps.readlines():
2225 m = re.match(r'([0-9a-f]+)-([0-9a-f]+) ([-r][-w][-x][-p])', l)
2226 if not m:
2227 continue
2228 start = int(m.group(1), 16)
2229 end = int(m.group(2), 16)
2230 perm = m.group(3)
2231 if start > 0xffffffffffff:
2232 continue
2233 if end < start:
2234 continue
2235 if not perm.startswith('rw'):
2236 continue
2237 for name in [ "[heap]", "[stack]" ]:
2238 if name in l:
2239 logger.info("%s 0x%x-0x%x is at %d-%d" % (name, start, end, len(buf), len(buf) + (end - start)))
2240 mem.seek(start)
2241 data = mem.read(end - start)
2242 buf += data
2243 if key and key in data:
2244 logger.info("Key found in " + l)
2245 logger.info("Total process memory read: %d bytes" % len(buf))
2246 return buf
2247
2248 def verify_not_present(buf, key, fname, keyname):
2249 pos = buf.find(key)
2250 if pos < 0:
2251 return
2252
2253 prefix = 2048 if pos > 2048 else pos
2254 with open(fname + keyname, 'w') as f:
2255 f.write(buf[pos - prefix:pos + 2048])
2256 raise Exception(keyname + " found after disassociation")
2257
2258 def get_key_locations(buf, key, keyname):
2259 count = 0
2260 pos = 0
2261 while True:
2262 pos = buf.find(key, pos)
2263 if pos < 0:
2264 break
2265 logger.info("Found %s at %d" % (keyname, pos))
2266 context = 128
2267 start = pos - context if pos > context else 0
2268 before = binascii.hexlify(buf[start:pos])
2269 context += len(key)
2270 end = pos + context if pos < len(buf) - context else len(buf) - context
2271 after = binascii.hexlify(buf[pos + len(key):end])
2272 logger.debug("Memory context %d-%d: %s|%s|%s" % (start, end, before, binascii.hexlify(key), after))
2273 count += 1
2274 pos += len(key)
2275 return count
2276
2277 def test_wpa2_psk_key_lifetime_in_memory(dev, apdev, params):
2278 """WPA2-PSK and PSK/PTK lifetime in memory"""
2279 ssid = "test-wpa2-psk"
2280 passphrase = 'qwertyuiop'
2281 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
2282 pmk = binascii.unhexlify(psk)
2283 p = hostapd.wpa2_params(ssid=ssid)
2284 p['wpa_psk'] = psk
2285 hapd = hostapd.add_ap(apdev[0], p)
2286
2287 pid = find_wpas_process(dev[0])
2288
2289 id = dev[0].connect(ssid, raw_psk=psk, scan_freq="2412",
2290 only_add_network=True)
2291
2292 logger.info("Checking keys in memory after network profile configuration")
2293 buf = read_process_memory(pid, pmk)
2294 get_key_locations(buf, pmk, "PMK")
2295
2296 dev[0].request("REMOVE_NETWORK all")
2297 logger.info("Checking keys in memory after network profile removal")
2298 buf = read_process_memory(pid, pmk)
2299 get_key_locations(buf, pmk, "PMK")
2300
2301 id = dev[0].connect(ssid, psk=passphrase, scan_freq="2412",
2302 only_add_network=True)
2303
2304 logger.info("Checking keys in memory before connection")
2305 buf = read_process_memory(pid, pmk)
2306 get_key_locations(buf, pmk, "PMK")
2307
2308 dev[0].connect_network(id, timeout=20)
2309 # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
2310 # event has been delivered, so verify that wpa_supplicant has returned to
2311 # eloop before reading process memory.
2312 time.sleep(1)
2313 dev[0].ping()
2314
2315 buf = read_process_memory(pid, pmk)
2316
2317 dev[0].request("DISCONNECT")
2318 dev[0].wait_disconnected()
2319
2320 dev[0].relog()
2321 ptk = None
2322 gtk = None
2323 with open(os.path.join(params['logdir'], 'log0'), 'r') as f:
2324 for l in f.readlines():
2325 if "WPA: PTK - hexdump" in l:
2326 val = l.strip().split(':')[3].replace(' ', '')
2327 ptk = binascii.unhexlify(val)
2328 if "WPA: Group Key - hexdump" in l:
2329 val = l.strip().split(':')[3].replace(' ', '')
2330 gtk = binascii.unhexlify(val)
2331 if not pmk or not ptk or not gtk:
2332 raise Exception("Could not find keys from debug log")
2333 if len(gtk) != 16:
2334 raise Exception("Unexpected GTK length")
2335
2336 kck = ptk[0:16]
2337 kek = ptk[16:32]
2338 tk = ptk[32:48]
2339
2340 logger.info("Checking keys in memory while associated")
2341 get_key_locations(buf, pmk, "PMK")
2342 if pmk not in buf:
2343 raise HwsimSkip("PMK not found while associated")
2344 if kck not in buf:
2345 raise Exception("KCK not found while associated")
2346 if kek not in buf:
2347 raise Exception("KEK not found while associated")
2348 #if tk in buf:
2349 # raise Exception("TK found from memory")
2350
2351 logger.info("Checking keys in memory after disassociation")
2352 buf = read_process_memory(pid, pmk)
2353 get_key_locations(buf, pmk, "PMK")
2354
2355 # Note: PMK/PSK is still present in network configuration
2356
2357 fname = os.path.join(params['logdir'],
2358 'wpa2_psk_key_lifetime_in_memory.memctx-')
2359 verify_not_present(buf, kck, fname, "KCK")
2360 verify_not_present(buf, kek, fname, "KEK")
2361 verify_not_present(buf, tk, fname, "TK")
2362 if gtk in buf:
2363 get_key_locations(buf, gtk, "GTK")
2364 verify_not_present(buf, gtk, fname, "GTK")
2365
2366 dev[0].request("REMOVE_NETWORK all")
2367
2368 logger.info("Checking keys in memory after network profile removal")
2369 buf = read_process_memory(pid, pmk)
2370 get_key_locations(buf, pmk, "PMK")
2371
2372 verify_not_present(buf, pmk, fname, "PMK")
2373 verify_not_present(buf, kck, fname, "KCK")
2374 verify_not_present(buf, kek, fname, "KEK")
2375 verify_not_present(buf, tk, fname, "TK")
2376 verify_not_present(buf, gtk, fname, "GTK")
2377
2378 @remote_compatible
2379 def test_ap_wpa2_psk_wep(dev, apdev):
2380 """WPA2-PSK AP and WEP enabled"""
2381 ssid = "test-wpa2-psk"
2382 passphrase = 'qwertyuiop'
2383 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
2384 hapd = hostapd.add_ap(apdev[0], params)
2385 try:
2386 hapd.set('wep_key0', '"hello"')
2387 raise Exception("WEP key accepted to WPA2 network")
2388 except Exception:
2389 pass
2390
2391 def test_ap_wpa2_psk_wpas_in_bridge(dev, apdev):
2392 """WPA2-PSK AP and wpas interface in a bridge"""
2393 br_ifname='sta-br0'
2394 ifname='wlan5'
2395 try:
2396 _test_ap_wpa2_psk_wpas_in_bridge(dev, apdev)
2397 finally:
2398 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'down'])
2399 subprocess.call(['brctl', 'delif', br_ifname, ifname])
2400 subprocess.call(['brctl', 'delbr', br_ifname])
2401 subprocess.call(['iw', ifname, 'set', '4addr', 'off'])
2402
2403 def _test_ap_wpa2_psk_wpas_in_bridge(dev, apdev):
2404 ssid = "test-wpa2-psk"
2405 passphrase = 'qwertyuiop'
2406 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
2407 hapd = hostapd.add_ap(apdev[0], params)
2408
2409 br_ifname='sta-br0'
2410 ifname='wlan5'
2411 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
2412 subprocess.call(['brctl', 'addbr', br_ifname])
2413 subprocess.call(['brctl', 'setfd', br_ifname, '0'])
2414 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'up'])
2415 subprocess.call(['iw', ifname, 'set', '4addr', 'on'])
2416 subprocess.check_call(['brctl', 'addif', br_ifname, ifname])
2417 wpas.interface_add(ifname, br_ifname=br_ifname)
2418 wpas.dump_monitor()
2419
2420 wpas.connect(ssid, psk=passphrase, scan_freq="2412")
2421 wpas.dump_monitor()
2422
2423 @remote_compatible
2424 def test_ap_wpa2_psk_ifdown(dev, apdev):
2425 """AP with open mode and external ifconfig down"""
2426 ssid = "test-wpa2-psk"
2427 passphrase = 'qwertyuiop'
2428 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
2429 hapd = hostapd.add_ap(apdev[0], params)
2430 bssid = apdev[0]['bssid']
2431
2432 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
2433 hapd.cmd_execute(['ip', 'link', 'set', 'dev', apdev[0]['ifname'], 'down'])
2434 ev = hapd.wait_event(["INTERFACE-DISABLED"], timeout=10)
2435 if ev is None:
2436 raise Exception("No INTERFACE-DISABLED event")
2437 # this wait tests beacon loss detection in mac80211
2438 dev[0].wait_disconnected()
2439 hapd.cmd_execute(['ip', 'link', 'set', 'dev', apdev[0]['ifname'], 'up'])
2440 ev = hapd.wait_event(["INTERFACE-ENABLED"], timeout=10)
2441 if ev is None:
2442 raise Exception("No INTERFACE-ENABLED event")
2443 dev[0].wait_connected()
2444 hwsim_utils.test_connectivity(dev[0], hapd)
2445
2446 def test_ap_wpa2_psk_drop_first_msg_4(dev, apdev):
2447 """WPA2-PSK and first EAPOL-Key msg 4/4 dropped"""
2448 bssid = apdev[0]['bssid']
2449 ssid = "test-wpa2-psk"
2450 passphrase = 'qwertyuiop'
2451 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
2452 params = hostapd.wpa2_params(ssid=ssid)
2453 params['wpa_psk'] = psk
2454 hapd = hostapd.add_ap(apdev[0], params)
2455 hapd.request("SET ext_eapol_frame_io 1")
2456 dev[0].request("SET ext_eapol_frame_io 1")
2457 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
2458 addr = dev[0].own_addr()
2459
2460 # EAPOL-Key msg 1/4
2461 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
2462 if ev is None:
2463 raise Exception("Timeout on EAPOL-TX from hostapd")
2464 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
2465 if "OK" not in res:
2466 raise Exception("EAPOL_RX to wpa_supplicant failed")
2467
2468 # EAPOL-Key msg 2/4
2469 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
2470 if ev is None:
2471 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
2472 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
2473 if "OK" not in res:
2474 raise Exception("EAPOL_RX to hostapd failed")
2475
2476 # EAPOL-Key msg 3/4
2477 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
2478 if ev is None:
2479 raise Exception("Timeout on EAPOL-TX from hostapd")
2480 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
2481 if "OK" not in res:
2482 raise Exception("EAPOL_RX to wpa_supplicant failed")
2483
2484 # EAPOL-Key msg 4/4
2485 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
2486 if ev is None:
2487 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
2488 logger.info("Drop the first EAPOL-Key msg 4/4")
2489
2490 # wpa_supplicant believes now that 4-way handshake succeeded; hostapd
2491 # doesn't. Use normal EAPOL TX/RX to handle retries.
2492 hapd.request("SET ext_eapol_frame_io 0")
2493 dev[0].request("SET ext_eapol_frame_io 0")
2494 dev[0].wait_connected()
2495
2496 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
2497 if ev is None:
2498 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
2499
2500 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=0.1)
2501 if ev is not None:
2502 logger.info("Disconnection detected")
2503 # The EAPOL-Key retries are supposed to allow the connection to be
2504 # established without having to reassociate. However, this does not
2505 # currently work since mac80211 ends up encrypting EAPOL-Key msg 4/4
2506 # after the pairwise key has been configured and AP will drop those and
2507 # disconnect the station after reaching retransmission limit. Connection
2508 # is then established after reassociation. Once that behavior has been
2509 # optimized to prevent EAPOL-Key frame encryption for retransmission
2510 # case, this exception can be uncommented here.
2511 #raise Exception("Unexpected disconnection")
2512
2513 @remote_compatible
2514 def test_ap_wpa2_psk_disable_enable(dev, apdev):
2515 """WPA2-PSK AP getting disabled and re-enabled"""
2516 ssid = "test-wpa2-psk"
2517 passphrase = 'qwertyuiop'
2518 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
2519 params = hostapd.wpa2_params(ssid=ssid)
2520 params['wpa_psk'] = psk
2521 hapd = hostapd.add_ap(apdev[0], params)
2522 dev[0].connect(ssid, raw_psk=psk, scan_freq="2412")
2523
2524 for i in range(2):
2525 hapd.request("DISABLE")
2526 dev[0].wait_disconnected()
2527 hapd.request("ENABLE")
2528 dev[0].wait_connected()
2529 hwsim_utils.test_connectivity(dev[0], hapd)
2530
2531 @remote_compatible
2532 def test_ap_wpa2_psk_incorrect_passphrase(dev, apdev):
2533 """WPA2-PSK AP and station using incorrect passphrase"""
2534 ssid = "test-wpa2-psk"
2535 passphrase = 'qwertyuiop'
2536 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
2537 hapd = hostapd.add_ap(apdev[0], params)
2538 dev[0].connect(ssid, psk="incorrect passphrase", scan_freq="2412",
2539 wait_connect=False)
2540 ev = hapd.wait_event(["AP-STA-POSSIBLE-PSK-MISMATCH"], timeout=10)
2541 if ev is None:
2542 raise Exception("No AP-STA-POSSIBLE-PSK-MISMATCH reported")
2543 dev[0].dump_monitor()
2544
2545 hapd.disable()
2546 hapd.set("wpa_passphrase", "incorrect passphrase")
2547 hapd.enable()
2548
2549 dev[0].wait_connected(timeout=20)
2550
2551 @remote_compatible
2552 def test_ap_wpa_ie_parsing(dev, apdev):
2553 """WPA IE parsing"""
2554 skip_with_fips(dev[0])
2555 ssid = "test-wpa-psk"
2556 passphrase = 'qwertyuiop'
2557 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
2558 hapd = hostapd.add_ap(apdev[0], params)
2559 id = dev[0].connect(ssid, psk=passphrase, scan_freq="2412",
2560 only_add_network=True)
2561
2562 tests = [ "dd040050f201",
2563 "dd050050f20101",
2564 "dd060050f2010100",
2565 "dd060050f2010001",
2566 "dd070050f201010000",
2567 "dd080050f20101000050",
2568 "dd090050f20101000050f2",
2569 "dd0a0050f20101000050f202",
2570 "dd0b0050f20101000050f20201",
2571 "dd0c0050f20101000050f2020100",
2572 "dd0c0050f20101000050f2020000",
2573 "dd0c0050f20101000050f202ffff",
2574 "dd0d0050f20101000050f202010000",
2575 "dd0e0050f20101000050f20201000050",
2576 "dd0f0050f20101000050f20201000050f2",
2577 "dd100050f20101000050f20201000050f202",
2578 "dd110050f20101000050f20201000050f20201",
2579 "dd120050f20101000050f20201000050f2020100",
2580 "dd120050f20101000050f20201000050f2020000",
2581 "dd120050f20101000050f20201000050f202ffff",
2582 "dd130050f20101000050f20201000050f202010000",
2583 "dd140050f20101000050f20201000050f20201000050",
2584 "dd150050f20101000050f20201000050f20201000050f2" ]
2585 for t in tests:
2586 try:
2587 if "OK" not in dev[0].request("VENDOR_ELEM_ADD 13 " + t):
2588 raise Exception("VENDOR_ELEM_ADD failed")
2589 dev[0].select_network(id)
2590 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
2591 if ev is None:
2592 raise Exception("Association rejection not reported")
2593 dev[0].request("DISCONNECT")
2594 dev[0].dump_monitor()
2595 finally:
2596 dev[0].request("VENDOR_ELEM_REMOVE 13 *")
2597
2598 tests = [ "dd170050f20101000050f20201000050f20201000050f202ff",
2599 "dd180050f20101000050f20201000050f20201000050f202ffff",
2600 "dd190050f20101000050f20201000050f20201000050f202ffffff" ]
2601 for t in tests:
2602 try:
2603 if "OK" not in dev[0].request("VENDOR_ELEM_ADD 13 " + t):
2604 raise Exception("VENDOR_ELEM_ADD failed")
2605 dev[0].select_network(id)
2606 dev[0].wait_connected()
2607 dev[0].request("DISCONNECT")
2608 dev[0].dump_monitor()
2609 finally:
2610 dev[0].request("VENDOR_ELEM_REMOVE 13 *")
2611
2612 @remote_compatible
2613 def test_ap_wpa2_psk_no_random(dev, apdev):
2614 """WPA2-PSK AP and no random numbers available"""
2615 ssid = "test-wpa2-psk"
2616 passphrase = 'qwertyuiop'
2617 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
2618 params = hostapd.wpa2_params(ssid=ssid)
2619 params['wpa_psk'] = psk
2620 hapd = hostapd.add_ap(apdev[0], params)
2621 with fail_test(hapd, 1, "wpa_gmk_to_gtk"):
2622 id = dev[0].connect(ssid, raw_psk=psk, scan_freq="2412",
2623 wait_connect=False)
2624 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=15)
2625 if ev is None:
2626 raise Exception("Disconnection event not reported")
2627 dev[0].request("DISCONNECT")
2628 dev[0].select_network(id, freq=2412)
2629 dev[0].wait_connected()
2630
2631 @remote_compatible
2632 def test_rsn_ie_proto_psk_sta(dev, apdev):
2633 """RSN element protocol testing for PSK cases on STA side"""
2634 bssid = apdev[0]['bssid']
2635 ssid = "test-wpa2-psk"
2636 passphrase = 'qwertyuiop'
2637 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
2638 # This is the RSN element used normally by hostapd
2639 params['own_ie_override'] = '30140100000fac040100000fac040100000fac020c00'
2640 hapd = hostapd.add_ap(apdev[0], params)
2641 if "FAIL" not in hapd.request("SET own_ie_override qwerty"):
2642 raise Exception("Invalid own_ie_override value accepted")
2643 id = dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
2644
2645 tests = [ ('No RSN Capabilities field',
2646 '30120100000fac040100000fac040100000fac02'),
2647 ('Reserved RSN Capabilities bits set',
2648 '30140100000fac040100000fac040100000fac023cff'),
2649 ('Extra pairwise cipher suite (unsupported)',
2650 '30180100000fac040200ffffffff000fac040100000fac020c00'),
2651 ('Extra AKM suite (unsupported)',
2652 '30180100000fac040100000fac040200ffffffff000fac020c00'),
2653 ('PMKIDCount field included',
2654 '30160100000fac040100000fac040100000fac020c000000'),
2655 ('Unexpected Group Management Cipher Suite with PMF disabled',
2656 '301a0100000fac040100000fac040100000fac020c000000000fac06'),
2657 ('Extra octet after defined fields (future extensibility)',
2658 '301b0100000fac040100000fac040100000fac020c000000000fac0600') ]
2659 for txt,ie in tests:
2660 dev[0].request("DISCONNECT")
2661 dev[0].wait_disconnected()
2662 logger.info(txt)
2663 hapd.disable()
2664 hapd.set('own_ie_override', ie)
2665 hapd.enable()
2666 dev[0].request("BSS_FLUSH 0")
2667 dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
2668 dev[0].select_network(id, freq=2412)
2669 dev[0].wait_connected()
2670
2671 @remote_compatible
2672 def test_ap_cli_order(dev, apdev):
2673 ssid = "test-rsn-setup"
2674 passphrase = 'zzzzzzzz'
2675
2676 hapd = hostapd.add_ap(apdev[0], {}, no_enable=True)
2677 hapd.set('ssid', ssid)
2678 hapd.set('wpa_passphrase', passphrase)
2679 hapd.set('rsn_pairwise', 'CCMP')
2680 hapd.set('wpa_key_mgmt', 'WPA-PSK')
2681 hapd.set('wpa', '2')
2682 hapd.enable()
2683 cfg = hapd.get_config()
2684 if cfg['group_cipher'] != 'CCMP':
2685 raise Exception("Unexpected group_cipher: " + cfg['group_cipher'])
2686 if cfg['rsn_pairwise_cipher'] != 'CCMP':
2687 raise Exception("Unexpected rsn_pairwise_cipher: " + cfg['rsn_pairwise_cipher'])
2688
2689 ev = hapd.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=30)
2690 if ev is None:
2691 raise Exception("AP startup timed out")
2692 if "AP-ENABLED" not in ev:
2693 raise Exception("AP startup failed")
2694
2695 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
2696
2697 def set_test_assoc_ie(dev, ie):
2698 if "OK" not in dev.request("TEST_ASSOC_IE " + ie):
2699 raise Exception("Could not set TEST_ASSOC_IE")
2700
2701 @remote_compatible
2702 def test_ap_wpa2_psk_assoc_rsn(dev, apdev):
2703 """WPA2-PSK AP and association request RSN IE differences"""
2704 ssid = "test-wpa2-psk"
2705 passphrase = 'qwertyuiop'
2706 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
2707 hapd = hostapd.add_ap(apdev[0], params)
2708
2709 tests = [ ("Normal wpa_supplicant assoc req RSN IE",
2710 "30140100000fac040100000fac040100000fac020000"),
2711 ("RSN IE without RSN Capabilities",
2712 "30120100000fac040100000fac040100000fac02") ]
2713 for title, ie in tests:
2714 logger.info(title)
2715 set_test_assoc_ie(dev[0], ie)
2716 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
2717 dev[0].request("REMOVE_NETWORK all")
2718 dev[0].wait_disconnected()
2719
2720 tests = [ ("WPA IE instead of RSN IE and only RSN enabled on AP",
2721 "dd160050f20101000050f20201000050f20201000050f202", 40),
2722 ("Empty RSN IE", "3000", 40),
2723 ("RSN IE with truncated Version", "300101", 40),
2724 ("RSN IE with only Version", "30020100", 43) ]
2725 for title, ie, status in tests:
2726 logger.info(title)
2727 set_test_assoc_ie(dev[0], ie)
2728 dev[0].connect(ssid, psk=passphrase, scan_freq="2412",
2729 wait_connect=False)
2730 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"])
2731 if ev is None:
2732 raise Exception("Association rejection not reported")
2733 if "status_code=" + str(status) not in ev:
2734 raise Exception("Unexpected status code: " + ev)
2735 dev[0].request("REMOVE_NETWORK all")
2736 dev[0].dump_monitor()
2737
2738 def test_ap_wpa_psk_rsn_pairwise(dev, apdev):
2739 """WPA-PSK AP and only rsn_pairwise set"""
2740 params = { "ssid": "wpapsk", "wpa": "1", "wpa_key_mgmt": "WPA-PSK",
2741 "rsn_pairwise": "TKIP", "wpa_passphrase": "1234567890" }
2742 hapd = hostapd.add_ap(apdev[0], params)
2743 dev[0].connect("wpapsk", psk="1234567890", proto="WPA", pairwise="TKIP",
2744 scan_freq="2412")
2745
2746 def test_ap_wpa2_eapol_retry_limit(dev, apdev):
2747 """WPA2-PSK EAPOL-Key retry limit configuration"""
2748 ssid = "test-wpa2-psk"
2749 passphrase = 'qwertyuiop'
2750 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
2751 params['wpa_ptk_rekey'] = '2'
2752 params['wpa_group_update_count'] = '1'
2753 params['wpa_pairwise_update_count'] = '1'
2754 hapd = hostapd.add_ap(apdev[0], params)
2755 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
2756 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
2757 if ev is None:
2758 raise Exception("PTK rekey timed out")
2759
2760 if "FAIL" not in hapd.request("SET wpa_group_update_count 0"):
2761 raise Exception("Invalid wpa_group_update_count value accepted")
2762 if "FAIL" not in hapd.request("SET wpa_pairwise_update_count 0"):
2763 raise Exception("Invalid wpa_pairwise_update_count value accepted")
2764
2765 def test_ap_wpa2_disable_eapol_retry(dev, apdev):
2766 """WPA2-PSK disable EAPOL-Key retry"""
2767 ssid = "test-wpa2-psk"
2768 passphrase = 'qwertyuiop'
2769 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
2770 params['wpa_disable_eapol_key_retries'] = '1'
2771 hapd = hostapd.add_ap(apdev[0], params)
2772 bssid = apdev[0]['bssid']
2773
2774 logger.info("Verify working 4-way handshake without retries")
2775 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
2776 dev[0].request("REMOVE_NETWORK all")
2777 dev[0].wait_disconnected()
2778 dev[0].dump_monitor()
2779 addr = dev[0].own_addr()
2780
2781 logger.info("Verify no retransmission of message 3/4")
2782 hapd.request("SET ext_eapol_frame_io 1")
2783 dev[0].request("SET ext_eapol_frame_io 1")
2784 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
2785
2786 ev = hapd.wait_event(["EAPOL-TX"], timeout=5)
2787 if ev is None:
2788 raise Exception("Timeout on EAPOL-TX (M1) from hostapd")
2789 ev = hapd.wait_event(["EAPOL-TX"], timeout=5)
2790 if ev is None:
2791 raise Exception("Timeout on EAPOL-TX (M1 retry) from hostapd")
2792 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
2793 if "OK" not in res:
2794 raise Exception("EAPOL_RX (M1) to wpa_supplicant failed")
2795 ev = dev[0].wait_event(["EAPOL-TX"], timeout=5)
2796 if ev is None:
2797 raise Exception("Timeout on EAPOL-TX (M2) from wpa_supplicant")
2798 dev[0].dump_monitor()
2799 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
2800 if "OK" not in res:
2801 raise Exception("EAPOL_RX (M2) to hostapd failed")
2802
2803 ev = hapd.wait_event(["EAPOL-TX"], timeout=5)
2804 if ev is None:
2805 raise Exception("Timeout on EAPOL-TX (M3) from hostapd")
2806 ev = hapd.wait_event(["EAPOL-TX"], timeout=2)
2807 if ev is not None:
2808 raise Exception("Unexpected EAPOL-TX M3 retry from hostapd")
2809 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=3)
2810 if ev is None:
2811 raise Exception("Disconnection not reported")
2812 dev[0].request("REMOVE_NETWORK all")
2813 dev[0].dump_monitor()
2814
2815 def test_ap_wpa2_disable_eapol_retry_group(dev, apdev):
2816 """WPA2-PSK disable EAPOL-Key retry for group handshake"""
2817 ssid = "test-wpa2-psk"
2818 passphrase = 'qwertyuiop'
2819 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
2820 params['wpa_disable_eapol_key_retries'] = '1'
2821 params['wpa_strict_rekey'] = '1'
2822 hapd = hostapd.add_ap(apdev[0], params)
2823 bssid = apdev[0]['bssid']
2824
2825 id = dev[1].connect(ssid, psk=passphrase, scan_freq="2412")
2826 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
2827 dev[0].dump_monitor()
2828 addr = dev[0].own_addr()
2829
2830 dev[1].request("DISCONNECT")
2831 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
2832 if ev is None:
2833 raise Exception("GTK rekey timed out")
2834 dev[1].request("RECONNECT")
2835 dev[1].wait_connected()
2836 dev[0].dump_monitor()
2837
2838 hapd.request("SET ext_eapol_frame_io 1")
2839 dev[0].request("SET ext_eapol_frame_io 1")
2840 dev[1].request("DISCONNECT")
2841
2842 ev = hapd.wait_event(["EAPOL-TX"], timeout=5)
2843 if ev is None:
2844 raise Exception("Timeout on EAPOL-TX (group M1) from hostapd")
2845 ev = hapd.wait_event(["EAPOL-TX"], timeout=2)
2846 if ev is not None:
2847 raise Exception("Unexpected EAPOL-TX group M1 retry from hostapd")
2848 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=3)
2849 if ev is None:
2850 raise Exception("Disconnection not reported")
2851 dev[0].request("REMOVE_NETWORK all")
2852 dev[0].dump_monitor()
Unnamed repository; edit this file 'description' to name the repository.