]>
git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_ap_psk.py
2 # Copyright (c) 2014, Qualcomm Atheros, Inc.
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
7 from remotehost
import remote_compatible
9 from Crypto
.Cipher
import AES
13 logger
= logging
.getLogger()
21 from utils
import HwsimSkip
, fail_test
, skip_with_fips
23 from wpasupplicant
import WpaSupplicant
25 def check_mib(dev
, vals
):
29 raise Exception("Unexpected {} = {} (expected {})".format(v
[0], mib
[v
[0]], v
[1]))
32 def test_ap_wpa2_psk(dev
, apdev
):
33 """WPA2-PSK AP with PSK instead of passphrase"""
34 ssid
= "test-wpa2-psk"
35 passphrase
= 'qwertyuiop'
36 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
37 params
= hostapd
.wpa2_params(ssid
=ssid
)
38 params
['wpa_psk'] = psk
39 hapd
= hostapd
.add_ap(apdev
[0], params
)
40 key_mgmt
= hapd
.get_config()['key_mgmt']
41 if key_mgmt
.split(' ')[0] != "WPA-PSK":
42 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
43 dev
[0].connect(ssid
, raw_psk
=psk
, scan_freq
="2412")
44 dev
[1].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
46 sig
= dev
[0].request("SIGNAL_POLL").splitlines()
47 pkt
= dev
[0].request("PKTCNT_POLL").splitlines()
48 if "FREQUENCY=2412" not in sig
:
49 raise Exception("Unexpected SIGNAL_POLL value: " + str(sig
))
50 if "TXBAD=0" not in pkt
:
51 raise Exception("Unexpected TXBAD value: " + str(pkt
))
53 def test_ap_wpa2_psk_file(dev
, apdev
):
54 """WPA2-PSK AP with PSK from a file"""
55 ssid
= "test-wpa2-psk"
56 passphrase
= 'qwertyuiop'
57 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
58 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
59 params
['wpa_psk_file'] = 'hostapd.wpa_psk'
60 hostapd
.add_ap(apdev
[0], params
)
61 dev
[1].connect(ssid
, psk
="very secret", scan_freq
="2412", wait_connect
=False)
62 dev
[2].connect(ssid
, raw_psk
=psk
, scan_freq
="2412")
63 dev
[2].request("REMOVE_NETWORK all")
64 dev
[0].connect(ssid
, psk
="very secret", scan_freq
="2412")
65 dev
[0].request("REMOVE_NETWORK all")
66 dev
[2].connect(ssid
, psk
="another passphrase for all STAs", scan_freq
="2412")
67 dev
[0].connect(ssid
, psk
="another passphrase for all STAs", scan_freq
="2412")
68 ev
= dev
[1].wait_event(["WPA: 4-Way Handshake failed"], timeout
=10)
70 raise Exception("Timed out while waiting for failure report")
71 dev
[1].request("REMOVE_NETWORK all")
74 def test_ap_wpa2_psk_mem(dev
, apdev
):
75 """WPA2-PSK AP with passphrase only in memory"""
77 _test_ap_wpa2_psk_mem(dev
, apdev
)
79 dev
[0].request("SCAN_INTERVAL 5")
80 dev
[1].request("SCAN_INTERVAL 5")
82 def _test_ap_wpa2_psk_mem(dev
, apdev
):
83 ssid
= "test-wpa2-psk"
84 passphrase
= 'qwertyuiop'
85 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
86 params
= hostapd
.wpa2_params(ssid
=ssid
)
87 params
['wpa_psk'] = psk
88 hapd
= hostapd
.add_ap(apdev
[0], params
)
90 dev
[0].connect(ssid
, mem_only_psk
="1", scan_freq
="2412", wait_connect
=False)
91 dev
[0].request("SCAN_INTERVAL 1")
92 ev
= dev
[0].wait_event(["CTRL-REQ-PSK_PASSPHRASE"], timeout
=10)
94 raise Exception("Request for PSK/passphrase timed out")
95 id = ev
.split(':')[0].split('-')[-1]
96 dev
[0].request("CTRL-RSP-PSK_PASSPHRASE-" + id + ':"' + passphrase
+ '"')
97 dev
[0].wait_connected(timeout
=10)
99 dev
[1].connect(ssid
, mem_only_psk
="1", scan_freq
="2412", wait_connect
=False)
100 dev
[1].request("SCAN_INTERVAL 1")
101 ev
= dev
[1].wait_event(["CTRL-REQ-PSK_PASSPHRASE"], timeout
=10)
103 raise Exception("Request for PSK/passphrase timed out(2)")
104 id = ev
.split(':')[0].split('-')[-1]
105 dev
[1].request("CTRL-RSP-PSK_PASSPHRASE-" + id + ':' + psk
)
106 dev
[1].wait_connected(timeout
=10)
109 def test_ap_wpa2_ptk_rekey(dev
, apdev
):
110 """WPA2-PSK AP and PTK rekey enforced by station"""
111 ssid
= "test-wpa2-psk"
112 passphrase
= 'qwertyuiop'
113 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
114 hapd
= hostapd
.add_ap(apdev
[0], params
)
115 dev
[0].connect(ssid
, psk
=passphrase
, wpa_ptk_rekey
="1", scan_freq
="2412")
116 ev
= dev
[0].wait_event(["WPA: Key negotiation completed"])
118 raise Exception("PTK rekey timed out")
119 hwsim_utils
.test_connectivity(dev
[0], hapd
)
121 def test_ap_wpa2_ptk_rekey_anonce(dev
, apdev
):
122 """WPA2-PSK AP and PTK rekey enforced by station and ANonce change"""
123 ssid
= "test-wpa2-psk"
124 passphrase
= 'qwertyuiop'
125 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
126 hapd
= hostapd
.add_ap(apdev
[0], params
)
127 dev
[0].connect(ssid
, psk
=passphrase
, wpa_ptk_rekey
="1", scan_freq
="2412")
128 dev
[0].dump_monitor()
129 anonce1
= dev
[0].request("GET anonce")
130 if "OK" not in dev
[0].request("KEY_REQUEST 0 1"):
131 raise Exception("KEY_REQUEST failed")
132 ev
= dev
[0].wait_event(["WPA: Key negotiation completed"])
134 raise Exception("PTK rekey timed out")
135 anonce2
= dev
[0].request("GET anonce")
136 if anonce1
== anonce2
:
137 raise Exception("AP did not update ANonce in requested PTK rekeying")
138 hwsim_utils
.test_connectivity(dev
[0], hapd
)
141 def test_ap_wpa2_ptk_rekey_ap(dev
, apdev
):
142 """WPA2-PSK AP and PTK rekey enforced by AP"""
143 ssid
= "test-wpa2-psk"
144 passphrase
= 'qwertyuiop'
145 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
146 params
['wpa_ptk_rekey'] = '2'
147 hapd
= hostapd
.add_ap(apdev
[0], params
)
148 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
149 ev
= dev
[0].wait_event(["WPA: Key negotiation completed"])
151 raise Exception("PTK rekey timed out")
152 hwsim_utils
.test_connectivity(dev
[0], hapd
)
155 def test_ap_wpa2_sha256_ptk_rekey(dev
, apdev
):
156 """WPA2-PSK/SHA256 AKM AP and PTK rekey enforced by station"""
157 ssid
= "test-wpa2-psk"
158 passphrase
= 'qwertyuiop'
159 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
160 params
["wpa_key_mgmt"] = "WPA-PSK-SHA256"
161 hapd
= hostapd
.add_ap(apdev
[0], params
)
162 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK-SHA256",
163 wpa_ptk_rekey
="1", scan_freq
="2412")
164 ev
= dev
[0].wait_event(["WPA: Key negotiation completed"])
166 raise Exception("PTK rekey timed out")
167 hwsim_utils
.test_connectivity(dev
[0], hapd
)
168 check_mib(dev
[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-6"),
169 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-6") ])
172 def test_ap_wpa2_sha256_ptk_rekey_ap(dev
, apdev
):
173 """WPA2-PSK/SHA256 AKM AP and PTK rekey enforced by AP"""
174 ssid
= "test-wpa2-psk"
175 passphrase
= 'qwertyuiop'
176 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
177 params
["wpa_key_mgmt"] = "WPA-PSK-SHA256"
178 params
['wpa_ptk_rekey'] = '2'
179 hapd
= hostapd
.add_ap(apdev
[0], params
)
180 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK-SHA256",
182 ev
= dev
[0].wait_event(["WPA: Key negotiation completed"])
184 raise Exception("PTK rekey timed out")
185 hwsim_utils
.test_connectivity(dev
[0], hapd
)
186 check_mib(dev
[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-6"),
187 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-6") ])
190 def test_ap_wpa_ptk_rekey(dev
, apdev
):
191 """WPA-PSK/TKIP AP and PTK rekey enforced by station"""
192 skip_with_fips(dev
[0])
193 ssid
= "test-wpa-psk"
194 passphrase
= 'qwertyuiop'
195 params
= hostapd
.wpa_params(ssid
=ssid
, passphrase
=passphrase
)
196 hapd
= hostapd
.add_ap(apdev
[0], params
)
197 dev
[0].connect(ssid
, psk
=passphrase
, wpa_ptk_rekey
="1", scan_freq
="2412")
198 if "[WPA-PSK-TKIP]" not in dev
[0].request("SCAN_RESULTS"):
199 raise Exception("Scan results missing WPA element info")
200 ev
= dev
[0].wait_event(["WPA: Key negotiation completed"])
202 raise Exception("PTK rekey timed out")
203 hwsim_utils
.test_connectivity(dev
[0], hapd
)
206 def test_ap_wpa_ptk_rekey_ap(dev
, apdev
):
207 """WPA-PSK/TKIP AP and PTK rekey enforced by AP"""
208 skip_with_fips(dev
[0])
209 ssid
= "test-wpa-psk"
210 passphrase
= 'qwertyuiop'
211 params
= hostapd
.wpa_params(ssid
=ssid
, passphrase
=passphrase
)
212 params
['wpa_ptk_rekey'] = '2'
213 hapd
= hostapd
.add_ap(apdev
[0], params
)
214 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
215 ev
= dev
[0].wait_event(["WPA: Key negotiation completed"], timeout
=10)
217 raise Exception("PTK rekey timed out")
218 hwsim_utils
.test_connectivity(dev
[0], hapd
)
221 def test_ap_wpa_ccmp(dev
, apdev
):
223 ssid
= "test-wpa-psk"
224 passphrase
= 'qwertyuiop'
225 params
= hostapd
.wpa_params(ssid
=ssid
, passphrase
=passphrase
)
226 params
['wpa_pairwise'] = "CCMP"
227 hapd
= hostapd
.add_ap(apdev
[0], params
)
228 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
229 hwsim_utils
.test_connectivity(dev
[0], hapd
)
230 check_mib(dev
[0], [ ("dot11RSNAConfigGroupCipherSize", "128"),
231 ("dot11RSNAGroupCipherRequested", "00-50-f2-4"),
232 ("dot11RSNAPairwiseCipherRequested", "00-50-f2-4"),
233 ("dot11RSNAAuthenticationSuiteRequested", "00-50-f2-2"),
234 ("dot11RSNAGroupCipherSelected", "00-50-f2-4"),
235 ("dot11RSNAPairwiseCipherSelected", "00-50-f2-4"),
236 ("dot11RSNAAuthenticationSuiteSelected", "00-50-f2-2"),
237 ("dot1xSuppSuppControlledPortStatus", "Authorized") ])
239 def test_ap_wpa2_psk_file_errors(dev
, apdev
):
240 """WPA2-PSK AP with various PSK file error and success cases"""
241 addr0
= dev
[0].own_addr()
242 addr1
= dev
[1].own_addr()
243 addr2
= dev
[2].own_addr()
245 pskfile
= "/tmp/ap_wpa2_psk_file_errors.psk_file"
251 params
= { "ssid": ssid
, "wpa": "2", "wpa_key_mgmt": "WPA-PSK",
252 "rsn_pairwise": "CCMP", "wpa_psk_file": pskfile
}
256 hapd
= hostapd
.add_ap(apdev
[0], params
, no_enable
=True)
257 if "FAIL" not in hapd
.request("ENABLE"):
258 raise Exception("Unexpected ENABLE success")
259 hapd
.request("DISABLE")
261 # invalid MAC address
262 with
open(pskfile
, "w") as f
:
265 if "FAIL" not in hapd
.request("ENABLE"):
266 raise Exception("Unexpected ENABLE success")
267 hapd
.request("DISABLE")
270 with
open(pskfile
, "w") as f
:
271 f
.write("00:11:22:33:44:55\n")
272 if "FAIL" not in hapd
.request("ENABLE"):
273 raise Exception("Unexpected ENABLE success")
274 hapd
.request("DISABLE")
277 with
open(pskfile
, "w") as f
:
278 f
.write("00:11:22:33:44:55 1234567\n")
279 if "FAIL" not in hapd
.request("ENABLE"):
280 raise Exception("Unexpected ENABLE success")
281 hapd
.request("DISABLE")
284 with
open(pskfile
, "w") as f
:
285 f
.write("00:11:22:33:44:55 12345678\n")
286 f
.write(addr0
+ " 123456789\n")
287 f
.write(addr1
+ " 123456789a\n")
288 f
.write(addr2
+ " 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\n")
289 if "FAIL" in hapd
.request("ENABLE"):
290 raise Exception("Unexpected ENABLE failure")
292 dev
[0].connect(ssid
, psk
="123456789", scan_freq
="2412")
293 dev
[1].connect(ssid
, psk
="123456789a", scan_freq
="2412")
294 dev
[2].connect(ssid
, raw_psk
="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef", scan_freq
="2412")
303 def test_ap_wpa2_psk_wildcard_ssid(dev
, apdev
):
304 """WPA2-PSK AP and wildcard SSID configuration"""
305 ssid
= "test-wpa2-psk"
306 passphrase
= 'qwertyuiop'
307 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
308 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
309 hapd
= hostapd
.add_ap(apdev
[0], params
)
310 dev
[0].connect("", bssid
=apdev
[0]['bssid'], psk
=passphrase
,
312 dev
[1].connect("", bssid
=apdev
[0]['bssid'], raw_psk
=psk
, scan_freq
="2412")
315 def test_ap_wpa2_gtk_rekey(dev
, apdev
):
316 """WPA2-PSK AP and GTK rekey enforced by AP"""
317 ssid
= "test-wpa2-psk"
318 passphrase
= 'qwertyuiop'
319 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
320 params
['wpa_group_rekey'] = '1'
321 hapd
= hostapd
.add_ap(apdev
[0], params
)
322 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
323 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
325 raise Exception("GTK rekey timed out")
326 hwsim_utils
.test_connectivity(dev
[0], hapd
)
329 def test_ap_wpa_gtk_rekey(dev
, apdev
):
330 """WPA-PSK/TKIP AP and GTK rekey enforced by AP"""
331 skip_with_fips(dev
[0])
332 ssid
= "test-wpa-psk"
333 passphrase
= 'qwertyuiop'
334 params
= hostapd
.wpa_params(ssid
=ssid
, passphrase
=passphrase
)
335 params
['wpa_group_rekey'] = '1'
336 hapd
= hostapd
.add_ap(apdev
[0], params
)
337 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
338 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
340 raise Exception("GTK rekey timed out")
341 hwsim_utils
.test_connectivity(dev
[0], hapd
)
344 def test_ap_wpa2_gmk_rekey(dev
, apdev
):
345 """WPA2-PSK AP and GMK and GTK rekey enforced by AP"""
346 ssid
= "test-wpa2-psk"
347 passphrase
= 'qwertyuiop'
348 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
349 params
['wpa_group_rekey'] = '1'
350 params
['wpa_gmk_rekey'] = '2'
351 hapd
= hostapd
.add_ap(apdev
[0], params
)
352 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
353 for i
in range(0, 3):
354 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
356 raise Exception("GTK rekey timed out")
357 hwsim_utils
.test_connectivity(dev
[0], hapd
)
360 def test_ap_wpa2_strict_rekey(dev
, apdev
):
361 """WPA2-PSK AP and strict GTK rekey enforced by AP"""
362 ssid
= "test-wpa2-psk"
363 passphrase
= 'qwertyuiop'
364 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
365 params
['wpa_strict_rekey'] = '1'
366 hapd
= hostapd
.add_ap(apdev
[0], params
)
367 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
368 dev
[1].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
369 dev
[1].request("DISCONNECT")
370 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
372 raise Exception("GTK rekey timed out")
373 hwsim_utils
.test_connectivity(dev
[0], hapd
)
376 def test_ap_wpa2_bridge_fdb(dev
, apdev
):
377 """Bridge FDB entry removal"""
380 ssid
= "test-wpa2-psk"
381 passphrase
= "12345678"
382 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
383 params
['bridge'] = 'ap-br0'
384 hapd
= hostapd
.add_ap(apdev
[0], params
)
385 hapd
.cmd_execute(['brctl', 'setfd', 'ap-br0', '0'])
386 hapd
.cmd_execute(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
387 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412",
388 bssid
=apdev
[0]['bssid'])
389 dev
[1].connect(ssid
, psk
=passphrase
, scan_freq
="2412",
390 bssid
=apdev
[0]['bssid'])
391 addr0
= dev
[0].p2p_interface_addr()
392 hwsim_utils
.test_connectivity_sta(dev
[0], dev
[1])
393 err
, macs1
= hapd
.cmd_execute(['brctl', 'showmacs', 'ap-br0'])
394 hapd
.cmd_execute(['brctl', 'setageing', 'ap-br0', '1'])
395 dev
[0].request("DISCONNECT")
396 dev
[1].request("DISCONNECT")
398 err
, macs2
= hapd
.cmd_execute(['brctl', 'showmacs', 'ap-br0'])
400 addr1
= dev
[1].p2p_interface_addr()
401 if addr0
not in macs1
or addr1
not in macs1
:
402 raise Exception("Bridge FDB entry missing")
403 if addr0
in macs2
or addr1
in macs2
:
404 raise Exception("Bridge FDB entry was not removed")
406 hostapd
.cmd_execute(apdev
[0], ['ip', 'link', 'set', 'dev', 'ap-br0',
408 hostapd
.cmd_execute(apdev
[0], ['brctl', 'delbr', 'ap-br0'])
411 def test_ap_wpa2_already_in_bridge(dev
, apdev
):
412 """hostapd behavior with interface already in bridge"""
413 ifname
= apdev
[0]['ifname']
414 br_ifname
= 'ext-ap-br0'
416 ssid
= "test-wpa2-psk"
417 passphrase
= "12345678"
418 hostapd
.cmd_execute(apdev
[0], ['brctl', 'addbr', br_ifname
])
419 hostapd
.cmd_execute(apdev
[0], ['brctl', 'setfd', br_ifname
, '0'])
420 hostapd
.cmd_execute(apdev
[0], ['ip', 'link', 'set', 'dev', br_ifname
,
422 hostapd
.cmd_execute(apdev
[0], ['iw', ifname
, 'set', 'type', '__ap'])
423 hostapd
.cmd_execute(apdev
[0], ['brctl', 'addif', br_ifname
, ifname
])
424 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
425 hapd
= hostapd
.add_ap(apdev
[0], params
)
426 if hapd
.get_driver_status_field('brname') != br_ifname
:
427 raise Exception("Bridge name not identified correctly")
428 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
430 hostapd
.cmd_execute(apdev
[0], ['ip', 'link', 'set', 'dev', br_ifname
,
432 hostapd
.cmd_execute(apdev
[0], ['brctl', 'delif', br_ifname
, ifname
])
433 hostapd
.cmd_execute(apdev
[0], ['iw', ifname
, 'set', 'type', 'station'])
434 hostapd
.cmd_execute(apdev
[0], ['brctl', 'delbr', br_ifname
])
437 def test_ap_wpa2_in_different_bridge(dev
, apdev
):
438 """hostapd behavior with interface in different bridge"""
439 ifname
= apdev
[0]['ifname']
440 br_ifname
= 'ext-ap-br0'
442 ssid
= "test-wpa2-psk"
443 passphrase
= "12345678"
444 hostapd
.cmd_execute(apdev
[0], ['brctl', 'addbr', br_ifname
])
445 hostapd
.cmd_execute(apdev
[0], ['brctl', 'setfd', br_ifname
, '0'])
446 hostapd
.cmd_execute(apdev
[0], ['ip', 'link', 'set', 'dev', br_ifname
,
448 hostapd
.cmd_execute(apdev
[0], ['iw', ifname
, 'set', 'type', '__ap'])
449 hostapd
.cmd_execute(apdev
[0], ['brctl', 'addif', br_ifname
, ifname
])
451 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
452 params
['bridge'] = 'ap-br0'
453 hapd
= hostapd
.add_ap(apdev
[0], params
)
454 hostapd
.cmd_execute(apdev
[0], ['brctl', 'setfd', 'ap-br0', '0'])
455 hostapd
.cmd_execute(apdev
[0], ['ip', 'link', 'set', 'dev', 'ap-br0',
457 brname
= hapd
.get_driver_status_field('brname')
458 if brname
!= 'ap-br0':
459 raise Exception("Incorrect bridge: " + brname
)
460 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
461 hwsim_utils
.test_connectivity_iface(dev
[0], hapd
, "ap-br0")
462 if hapd
.get_driver_status_field("added_bridge") != "1":
463 raise Exception("Unexpected added_bridge value")
464 if hapd
.get_driver_status_field("added_if_into_bridge") != "1":
465 raise Exception("Unexpected added_if_into_bridge value")
466 dev
[0].request("DISCONNECT")
469 hostapd
.cmd_execute(apdev
[0], ['ip', 'link', 'set', 'dev', br_ifname
,
471 hostapd
.cmd_execute(apdev
[0], ['brctl', 'delif', br_ifname
, ifname
,
472 "2>", "/dev/null"], shell
=True)
473 hostapd
.cmd_execute(apdev
[0], ['brctl', 'delbr', br_ifname
])
476 def test_ap_wpa2_ext_add_to_bridge(dev
, apdev
):
477 """hostapd behavior with interface added to bridge externally"""
478 ifname
= apdev
[0]['ifname']
479 br_ifname
= 'ext-ap-br0'
481 ssid
= "test-wpa2-psk"
482 passphrase
= "12345678"
483 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
484 hapd
= hostapd
.add_ap(apdev
[0], params
)
486 hostapd
.cmd_execute(apdev
[0], ['brctl', 'addbr', br_ifname
])
487 hostapd
.cmd_execute(apdev
[0], ['brctl', 'setfd', br_ifname
, '0'])
488 hostapd
.cmd_execute(apdev
[0], ['ip', 'link', 'set', 'dev', br_ifname
,
490 hostapd
.cmd_execute(apdev
[0], ['brctl', 'addif', br_ifname
, ifname
])
491 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
492 if hapd
.get_driver_status_field('brname') != br_ifname
:
493 raise Exception("Bridge name not identified correctly")
495 hostapd
.cmd_execute(apdev
[0], ['ip', 'link', 'set', 'dev', br_ifname
,
497 hostapd
.cmd_execute(apdev
[0], ['brctl', 'delif', br_ifname
, ifname
])
498 hostapd
.cmd_execute(apdev
[0], ['brctl', 'delbr', br_ifname
])
500 def test_ap_wpa2_psk_ext(dev
, apdev
):
501 """WPA2-PSK AP using external EAPOL I/O"""
502 bssid
= apdev
[0]['bssid']
503 ssid
= "test-wpa2-psk"
504 passphrase
= 'qwertyuiop'
505 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
506 params
= hostapd
.wpa2_params(ssid
=ssid
)
507 params
['wpa_psk'] = psk
508 hapd
= hostapd
.add_ap(apdev
[0], params
)
509 hapd
.request("SET ext_eapol_frame_io 1")
510 dev
[0].request("SET ext_eapol_frame_io 1")
511 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412", wait_connect
=False)
512 addr
= dev
[0].p2p_interface_addr()
514 ev
= hapd
.wait_event(["EAPOL-TX", "AP-STA-CONNECTED"], timeout
=15)
516 raise Exception("Timeout on EAPOL-TX from hostapd")
517 if "AP-STA-CONNECTED" in ev
:
518 dev
[0].wait_connected(timeout
=15)
520 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
522 raise Exception("EAPOL_RX to wpa_supplicant failed")
523 ev
= dev
[0].wait_event(["EAPOL-TX", "CTRL-EVENT-CONNECTED"], timeout
=15)
525 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
526 if "CTRL-EVENT-CONNECTED" in ev
:
528 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
530 raise Exception("EAPOL_RX to hostapd failed")
532 def test_ap_wpa2_psk_ext_retry_msg_3(dev
, apdev
):
533 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4"""
534 bssid
= apdev
[0]['bssid']
535 ssid
= "test-wpa2-psk"
536 passphrase
= 'qwertyuiop'
537 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
538 params
= hostapd
.wpa2_params(ssid
=ssid
)
539 params
['wpa_psk'] = psk
540 hapd
= hostapd
.add_ap(apdev
[0], params
)
541 hapd
.request("SET ext_eapol_frame_io 1")
542 dev
[0].request("SET ext_eapol_frame_io 1")
543 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412", wait_connect
=False)
544 addr
= dev
[0].p2p_interface_addr()
547 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
549 raise Exception("Timeout on EAPOL-TX from hostapd")
550 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
552 raise Exception("EAPOL_RX to wpa_supplicant failed")
555 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
557 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
558 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
560 raise Exception("EAPOL_RX to hostapd failed")
563 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
565 raise Exception("Timeout on EAPOL-TX from hostapd")
566 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
568 raise Exception("EAPOL_RX to wpa_supplicant failed")
571 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
573 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
574 # Do not send to the AP
575 dev
[0].wait_connected(timeout
=15)
577 # EAPOL-Key msg 3/4 (retry)
578 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
580 raise Exception("Timeout on EAPOL-TX from hostapd")
581 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
583 raise Exception("EAPOL_RX to wpa_supplicant failed")
586 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
588 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
589 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
591 raise Exception("EAPOL_RX to hostapd failed")
593 ev
= hapd
.wait_event(["AP-STA-CONNECTED"], timeout
=15)
595 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
597 hwsim_utils
.test_connectivity(dev
[0], hapd
)
599 def test_ap_wpa2_psk_ext_retry_msg_3b(dev
, apdev
):
600 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (b)"""
601 bssid
= apdev
[0]['bssid']
602 ssid
= "test-wpa2-psk"
603 passphrase
= 'qwertyuiop'
604 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
605 params
= hostapd
.wpa2_params(ssid
=ssid
)
606 params
['wpa_psk'] = psk
607 hapd
= hostapd
.add_ap(apdev
[0], params
)
608 hapd
.request("SET ext_eapol_frame_io 1")
609 dev
[0].request("SET ext_eapol_frame_io 1")
610 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412", wait_connect
=False)
611 addr
= dev
[0].p2p_interface_addr()
614 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
616 raise Exception("Timeout on EAPOL-TX from hostapd")
617 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
619 raise Exception("EAPOL_RX to wpa_supplicant failed")
622 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
624 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
625 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
627 raise Exception("EAPOL_RX to hostapd failed")
630 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
632 raise Exception("Timeout on EAPOL-TX from hostapd")
633 # Do not send the first msg 3/4 to the STA yet; wait for retransmission
637 # EAPOL-Key msg 3/4 (retry)
638 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
640 raise Exception("Timeout on EAPOL-TX from hostapd")
643 # Send the first msg 3/4 to STA
644 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg3_1
.split(' ')[2])
646 raise Exception("EAPOL_RX to wpa_supplicant failed")
649 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
651 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
652 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
654 raise Exception("EAPOL_RX to hostapd failed")
655 dev
[0].wait_connected(timeout
=15)
656 ev
= hapd
.wait_event(["AP-STA-CONNECTED"], timeout
=15)
658 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
660 hwsim_utils
.test_connectivity(dev
[0], hapd
)
662 # Send the second msg 3/4 to STA
663 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg3_2
.split(' ')[2])
665 raise Exception("EAPOL_RX to wpa_supplicant failed")
667 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
669 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
670 # Do not send the second msg 4/4 to the AP
672 hwsim_utils
.test_connectivity(dev
[0], hapd
)
674 def test_ap_wpa2_psk_ext_retry_msg_3c(dev
, apdev
):
675 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (c)"""
676 bssid
= apdev
[0]['bssid']
677 ssid
= "test-wpa2-psk"
678 passphrase
= 'qwertyuiop'
679 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
680 params
= hostapd
.wpa2_params(ssid
=ssid
)
681 params
['wpa_psk'] = psk
682 hapd
= hostapd
.add_ap(apdev
[0], params
)
683 hapd
.request("SET ext_eapol_frame_io 1")
684 dev
[0].request("SET ext_eapol_frame_io 1")
685 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412", wait_connect
=False)
686 addr
= dev
[0].p2p_interface_addr()
689 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
691 raise Exception("Timeout on EAPOL-TX from hostapd")
692 msg1
= ev
.split(' ')[2]
693 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg1
)
695 raise Exception("EAPOL_RX to wpa_supplicant failed")
698 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
700 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
701 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
703 raise Exception("EAPOL_RX to hostapd failed")
706 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
708 raise Exception("Timeout on EAPOL-TX from hostapd")
709 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
711 raise Exception("EAPOL_RX to wpa_supplicant failed")
714 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
716 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
717 msg4
= ev
.split(' ')[2]
718 # Do not send msg 4/4 to hostapd to trigger retry
720 # STA believes everything is ready
721 dev
[0].wait_connected()
723 # EAPOL-Key msg 3/4 (retry)
724 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
726 raise Exception("Timeout on EAPOL-TX from hostapd")
727 msg3
= ev
.split(' ')[2]
729 # Send a forged msg 1/4 to STA (update replay counter)
730 msg1b
= msg1
[0:18] + msg3
[18:34] + msg1
[34:]
731 # and replace nonce (this results in "WPA: ANonce from message 1 of
732 # 4-Way Handshake differs from 3 of 4-Way Handshake - drop packet" when
733 # wpa_supplicant processed msg 3/4 afterwards)
734 #msg1b = msg1[0:18] + msg3[18:34] + 32*"ff" + msg1[98:]
735 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg1b
)
737 raise Exception("EAPOL_RX to wpa_supplicant failed")
739 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=1)
741 # wpa_supplicant seems to have ignored the forged message. This means
742 # the attack would fail.
743 logger
.info("wpa_supplicant ignored forged EAPOL-Key msg 1/4")
745 # Do not send msg 2/4 to hostapd
747 # Send previously received msg 3/4 to STA
748 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg3
)
750 raise Exception("EAPOL_RX to wpa_supplicant failed")
753 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
755 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
756 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
758 raise Exception("EAPOL_RX to hostapd failed")
760 ev
= hapd
.wait_event(["AP-STA-CONNECTED"], timeout
=15)
762 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
764 hwsim_utils
.test_connectivity(dev
[0], hapd
)
766 def test_ap_wpa2_psk_ext_retry_msg_3d(dev
, apdev
):
767 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (d)"""
768 bssid
= apdev
[0]['bssid']
769 ssid
= "test-wpa2-psk"
770 passphrase
= 'qwertyuiop'
771 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
772 params
= hostapd
.wpa2_params(ssid
=ssid
)
773 params
['wpa_psk'] = psk
774 hapd
= hostapd
.add_ap(apdev
[0], params
)
775 hapd
.request("SET ext_eapol_frame_io 1")
776 dev
[0].request("SET ext_eapol_frame_io 1")
777 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412", wait_connect
=False)
778 addr
= dev
[0].p2p_interface_addr()
781 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
783 raise Exception("Timeout on EAPOL-TX from hostapd")
784 msg1
= ev
.split(' ')[2]
785 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg1
)
787 raise Exception("EAPOL_RX to wpa_supplicant failed")
790 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
792 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
793 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
795 raise Exception("EAPOL_RX to hostapd failed")
798 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
800 raise Exception("Timeout on EAPOL-TX from hostapd")
801 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
803 raise Exception("EAPOL_RX to wpa_supplicant failed")
806 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
808 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
809 msg4
= ev
.split(' ')[2]
810 # Do not send msg 4/4 to hostapd to trigger retry
812 # STA believes everything is ready
813 dev
[0].wait_connected()
815 # EAPOL-Key msg 3/4 (retry)
816 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
818 raise Exception("Timeout on EAPOL-TX from hostapd")
819 msg3
= ev
.split(' ')[2]
821 # Send a forged msg 1/4 to STA (update replay counter)
822 msg1b
= msg1
[0:18] + msg3
[18:34] + msg1
[34:]
823 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg1b
)
825 raise Exception("EAPOL_RX to wpa_supplicant failed")
827 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=1)
829 # wpa_supplicant seems to have ignored the forged message. This means
830 # the attack would fail.
831 logger
.info("wpa_supplicant ignored forged EAPOL-Key msg 1/4")
833 # Do not send msg 2/4 to hostapd
835 # EAPOL-Key msg 3/4 (retry 2)
836 # New one needed to get the correct Replay Counter value
837 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
839 raise Exception("Timeout on EAPOL-TX from hostapd")
840 msg3
= ev
.split(' ')[2]
842 # Send msg 3/4 to STA
843 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg3
)
845 raise Exception("EAPOL_RX to wpa_supplicant failed")
848 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
850 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
851 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
853 raise Exception("EAPOL_RX to hostapd failed")
855 ev
= hapd
.wait_event(["AP-STA-CONNECTED"], timeout
=15)
857 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
859 hwsim_utils
.test_connectivity(dev
[0], hapd
)
861 def test_ap_wpa2_psk_ext_retry_msg_3e(dev
, apdev
):
862 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (e)"""
863 bssid
= apdev
[0]['bssid']
864 ssid
= "test-wpa2-psk"
865 passphrase
= 'qwertyuiop'
866 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
867 params
= hostapd
.wpa2_params(ssid
=ssid
)
868 params
['wpa_psk'] = psk
869 hapd
= hostapd
.add_ap(apdev
[0], params
)
870 hapd
.request("SET ext_eapol_frame_io 1")
871 dev
[0].request("SET ext_eapol_frame_io 1")
872 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412", wait_connect
=False)
873 addr
= dev
[0].p2p_interface_addr()
876 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
878 raise Exception("Timeout on EAPOL-TX from hostapd")
879 msg1
= ev
.split(' ')[2]
880 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg1
)
882 raise Exception("EAPOL_RX to wpa_supplicant failed")
885 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
887 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
888 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
890 raise Exception("EAPOL_RX to hostapd failed")
893 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
895 raise Exception("Timeout on EAPOL-TX from hostapd")
896 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
898 raise Exception("EAPOL_RX to wpa_supplicant failed")
901 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
903 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
904 msg4
= ev
.split(' ')[2]
905 # Do not send msg 4/4 to hostapd to trigger retry
907 # STA believes everything is ready
908 dev
[0].wait_connected()
910 # EAPOL-Key msg 3/4 (retry)
911 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
913 raise Exception("Timeout on EAPOL-TX from hostapd")
914 msg3
= ev
.split(' ')[2]
916 # Send a forged msg 1/4 to STA (update replay counter and replace ANonce)
917 msg1b
= msg1
[0:18] + msg3
[18:34] + 32*"ff" + msg1
[98:]
918 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg1b
)
920 raise Exception("EAPOL_RX to wpa_supplicant failed")
922 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=1)
924 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
925 # Do not send msg 2/4 to hostapd
927 # Send a forged msg 1/4 to STA (back to previously used ANonce)
928 msg1b
= msg1
[0:18] + msg3
[18:34] + msg1
[34:]
929 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg1b
)
931 raise Exception("EAPOL_RX to wpa_supplicant failed")
933 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=1)
935 # wpa_supplicant seems to have ignored the forged message. This means
936 # the attack would fail.
937 logger
.info("wpa_supplicant ignored forged EAPOL-Key msg 1/4")
939 # Do not send msg 2/4 to hostapd
941 # EAPOL-Key msg 3/4 (retry 2)
942 # New one needed to get the correct Replay Counter value
943 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
945 raise Exception("Timeout on EAPOL-TX from hostapd")
946 msg3
= ev
.split(' ')[2]
948 # Send msg 3/4 to STA
949 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg3
)
951 raise Exception("EAPOL_RX to wpa_supplicant failed")
954 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
956 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
957 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
959 raise Exception("EAPOL_RX to hostapd failed")
961 ev
= hapd
.wait_event(["AP-STA-CONNECTED"], timeout
=15)
963 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
965 hwsim_utils
.test_connectivity(dev
[0], hapd
)
967 def test_ap_wpa2_psk_ext_delayed_ptk_rekey(dev
, apdev
):
968 """WPA2-PSK AP using external EAPOL I/O and delayed PTK rekey exchange"""
969 bssid
= apdev
[0]['bssid']
970 ssid
= "test-wpa2-psk"
971 passphrase
= 'qwertyuiop'
972 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
973 params
= hostapd
.wpa2_params(ssid
=ssid
)
974 params
['wpa_psk'] = psk
975 params
['wpa_ptk_rekey'] = '3'
976 hapd
= hostapd
.add_ap(apdev
[0], params
)
977 hapd
.request("SET ext_eapol_frame_io 1")
978 dev
[0].request("SET ext_eapol_frame_io 1")
979 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412", wait_connect
=False)
980 addr
= dev
[0].p2p_interface_addr()
983 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
985 raise Exception("Timeout on EAPOL-TX from hostapd")
986 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
988 raise Exception("EAPOL_RX to wpa_supplicant failed")
991 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
993 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
994 msg2
= ev
.split(' ')[2]
995 # Do not send this to the AP
997 # EAPOL-Key msg 1/4 (retry)
998 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
1000 raise Exception("Timeout on EAPOL-TX from hostapd")
1001 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
1003 raise Exception("EAPOL_RX to wpa_supplicant failed")
1006 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
1008 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1009 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
1011 raise Exception("EAPOL_RX to hostapd failed")
1014 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
1016 raise Exception("Timeout on EAPOL-TX from hostapd")
1017 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
1019 raise Exception("EAPOL_RX to wpa_supplicant failed")
1022 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
1024 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1025 msg4
= ev
.split(' ')[2]
1026 # Do not send msg 4/4 to AP
1028 # EAPOL-Key msg 3/4 (retry)
1029 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
1031 raise Exception("Timeout on EAPOL-TX from hostapd")
1032 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
1034 raise Exception("EAPOL_RX to wpa_supplicant failed")
1037 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
1039 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1040 msg4b
= ev
.split(' ')[2]
1041 # Do not send msg 4/4 to AP
1043 # Send the previous EAPOL-Key msg 4/4 to AP
1044 res
= hapd
.request("EAPOL_RX " + addr
+ " " + msg4
)
1046 raise Exception("EAPOL_RX to hostapd failed")
1048 ev
= hapd
.wait_event(["AP-STA-CONNECTED"], timeout
=15)
1050 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
1052 # Wait for PTK rekeying to be initialized
1054 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
1056 raise Exception("Timeout on EAPOL-TX from hostapd")
1058 # EAPOL-Key msg 2/4 from the previous 4-way handshake
1059 # hostapd is expected to ignore this due to unexpected Replay Counter
1060 res
= hapd
.request("EAPOL_RX " + addr
+ " " + msg2
)
1062 raise Exception("EAPOL_RX to hostapd failed")
1064 # EAPOL-Key msg 3/4 (actually, this ends up being retransmitted 1/4)
1065 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
1067 raise Exception("Timeout on EAPOL-TX from hostapd")
1068 keyinfo
= ev
.split(' ')[2][10:14]
1069 if keyinfo
!= "008a":
1070 raise Exception("Unexpected key info when expected msg 1/4:" + keyinfo
)
1072 # EAPOL-Key msg 4/4 from the previous 4-way handshake
1073 # hostapd is expected to ignore this due to unexpected Replay Counter
1074 res
= hapd
.request("EAPOL_RX " + addr
+ " " + msg4b
)
1076 raise Exception("EAPOL_RX to hostapd failed")
1078 # Check if any more EAPOL-Key frames are seen. If the second 4-way handshake
1079 # was accepted, there would be no more EAPOL-Key frames. If the Replay
1080 # Counters were rejected, there would be a retransmitted msg 1/4 here.
1081 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=1)
1083 raise Exception("Did not see EAPOL-TX from hostapd in the end (expected msg 1/4)")
1084 keyinfo
= ev
.split(' ')[2][10:14]
1085 if keyinfo
!= "008a":
1086 raise Exception("Unexpected key info when expected msg 1/4:" + keyinfo
)
1088 def parse_eapol(data
):
1089 (version
, type, length
) = struct
.unpack('>BBH', data
[0:4])
1091 if length
> len(payload
):
1092 raise Exception("Invalid EAPOL length")
1093 if length
< len(payload
):
1094 payload
= payload
[0:length
]
1096 eapol
['version'] = version
1097 eapol
['type'] = type
1098 eapol
['length'] = length
1099 eapol
['payload'] = payload
1102 (eapol
['descr_type'],) = struct
.unpack('B', payload
[0:1])
1103 payload
= payload
[1:]
1104 if eapol
['descr_type'] == 2 or eapol
['descr_type'] == 254:
1106 (key_info
, key_len
) = struct
.unpack('>HH', payload
[0:4])
1107 eapol
['rsn_key_info'] = key_info
1108 eapol
['rsn_key_len'] = key_len
1109 eapol
['rsn_replay_counter'] = payload
[4:12]
1110 eapol
['rsn_key_nonce'] = payload
[12:44]
1111 eapol
['rsn_key_iv'] = payload
[44:60]
1112 eapol
['rsn_key_rsc'] = payload
[60:68]
1113 eapol
['rsn_key_id'] = payload
[68:76]
1114 eapol
['rsn_key_mic'] = payload
[76:92]
1115 payload
= payload
[92:]
1116 (eapol
['rsn_key_data_len'],) = struct
.unpack('>H', payload
[0:2])
1117 payload
= payload
[2:]
1118 eapol
['rsn_key_data'] = payload
1121 def build_eapol(msg
):
1122 data
= struct
.pack(">BBH", msg
['version'], msg
['type'], msg
['length'])
1123 if msg
['type'] == 3:
1124 data
+= struct
.pack('>BHH', msg
['descr_type'], msg
['rsn_key_info'],
1126 data
+= msg
['rsn_replay_counter']
1127 data
+= msg
['rsn_key_nonce']
1128 data
+= msg
['rsn_key_iv']
1129 data
+= msg
['rsn_key_rsc']
1130 data
+= msg
['rsn_key_id']
1131 data
+= msg
['rsn_key_mic']
1132 data
+= struct
.pack('>H', msg
['rsn_key_data_len'])
1133 data
+= msg
['rsn_key_data']
1135 data
+= msg
['payload']
1138 def sha1_prf(key
, label
, data
, outlen
):
1142 m
= hmac
.new(key
, label
, hashlib
.sha1
)
1143 m
.update(struct
.pack('B', 0))
1145 m
.update(struct
.pack('B', counter
))
1148 if outlen
> len(hash):
1152 res
+= hash[0:outlen
]
1156 def pmk_to_ptk(pmk
, addr1
, addr2
, nonce1
, nonce2
):
1158 data
= binascii
.unhexlify(addr1
.replace(':','')) + binascii
.unhexlify(addr2
.replace(':',''))
1160 data
= binascii
.unhexlify(addr2
.replace(':','')) + binascii
.unhexlify(addr1
.replace(':',''))
1162 data
+= nonce1
+ nonce2
1164 data
+= nonce2
+ nonce1
1165 label
= "Pairwise key expansion"
1166 ptk
= sha1_prf(pmk
, label
, data
, 48)
1169 return (ptk
, kck
, kek
)
1171 def eapol_key_mic(kck
, msg
):
1172 msg
['rsn_key_mic'] = binascii
.unhexlify('00000000000000000000000000000000')
1173 data
= build_eapol(msg
)
1174 m
= hmac
.new(kck
, data
, hashlib
.sha1
)
1175 msg
['rsn_key_mic'] = m
.digest()[0:16]
1177 def rsn_eapol_key_set(msg
, key_info
, key_len
, nonce
, data
):
1178 msg
['rsn_key_info'] = key_info
1179 msg
['rsn_key_len'] = key_len
1181 msg
['rsn_key_nonce'] = nonce
1183 msg
['rsn_key_nonce'] = binascii
.unhexlify('0000000000000000000000000000000000000000000000000000000000000000')
1185 msg
['rsn_key_data_len'] = len(data
)
1186 msg
['rsn_key_data'] = data
1187 msg
['length'] = 95 + len(data
)
1189 msg
['rsn_key_data_len'] = 0
1190 msg
['rsn_key_data'] = ''
1193 def recv_eapol(hapd
):
1194 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
1196 raise Exception("Timeout on EAPOL-TX from hostapd")
1197 eapol
= binascii
.unhexlify(ev
.split(' ')[2])
1198 return parse_eapol(eapol
)
1200 def send_eapol(hapd
, addr
, data
):
1201 res
= hapd
.request("EAPOL_RX " + addr
+ " " + binascii
.hexlify(data
))
1203 raise Exception("EAPOL_RX to hostapd failed")
1205 def reply_eapol(info
, hapd
, addr
, msg
, key_info
, nonce
, data
, kck
):
1206 logger
.info("Send EAPOL-Key msg " + info
)
1207 rsn_eapol_key_set(msg
, key_info
, 0, nonce
, data
)
1208 eapol_key_mic(kck
, msg
)
1209 send_eapol(hapd
, addr
, build_eapol(msg
))
1211 def hapd_connected(hapd
):
1212 ev
= hapd
.wait_event(["AP-STA-CONNECTED"], timeout
=15)
1214 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
1216 def eapol_test(apdev
, dev
, wpa2
=True):
1217 bssid
= apdev
['bssid']
1219 ssid
= "test-wpa2-psk"
1221 ssid
= "test-wpa-psk"
1222 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
1223 pmk
= binascii
.unhexlify(psk
)
1225 params
= hostapd
.wpa2_params(ssid
=ssid
)
1227 params
= hostapd
.wpa_params(ssid
=ssid
)
1228 params
['wpa_psk'] = psk
1229 hapd
= hostapd
.add_ap(apdev
, params
)
1230 hapd
.request("SET ext_eapol_frame_io 1")
1231 dev
.request("SET ext_eapol_frame_io 1")
1232 dev
.connect(ssid
, raw_psk
=psk
, scan_freq
="2412", wait_connect
=False)
1233 addr
= dev
.p2p_interface_addr()
1235 rsne
= binascii
.unhexlify('30140100000fac040100000fac040100000fac020000')
1237 rsne
= binascii
.unhexlify('dd160050f20101000050f20201000050f20201000050f202')
1238 snonce
= binascii
.unhexlify('1111111111111111111111111111111111111111111111111111111111111111')
1239 return (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
)
1242 def test_ap_wpa2_psk_ext_eapol(dev
, apdev
):
1243 """WPA2-PSK AP using external EAPOL supplicant"""
1244 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
1246 msg
= recv_eapol(hapd
)
1247 anonce
= msg
['rsn_key_nonce']
1248 logger
.info("Replay same data back")
1249 send_eapol(hapd
, addr
, build_eapol(msg
))
1251 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1253 logger
.info("Truncated Key Data in EAPOL-Key msg 2/4")
1254 rsn_eapol_key_set(msg
, 0x0101, 0, snonce
, rsne
)
1255 msg
['length'] = 95 + 22 - 1
1256 send_eapol(hapd
, addr
, build_eapol(msg
))
1258 reply_eapol("2/4", hapd
, addr
, msg
, 0x010a, snonce
, rsne
, kck
)
1260 msg
= recv_eapol(hapd
)
1261 if anonce
!= msg
['rsn_key_nonce']:
1262 raise Exception("ANonce changed")
1263 logger
.info("Replay same data back")
1264 send_eapol(hapd
, addr
, build_eapol(msg
))
1266 reply_eapol("4/4", hapd
, addr
, msg
, 0x030a, None, None, kck
)
1267 hapd_connected(hapd
)
1270 def test_ap_wpa2_psk_ext_eapol_retry1(dev
, apdev
):
1271 """WPA2 4-way handshake with EAPOL-Key 1/4 retransmitted"""
1272 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
1274 msg1
= recv_eapol(hapd
)
1275 anonce
= msg1
['rsn_key_nonce']
1277 msg2
= recv_eapol(hapd
)
1278 if anonce
!= msg2
['rsn_key_nonce']:
1279 raise Exception("ANonce changed")
1281 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1283 logger
.info("Send EAPOL-Key msg 2/4")
1285 rsn_eapol_key_set(msg
, 0x010a, 0, snonce
, rsne
)
1286 eapol_key_mic(kck
, msg
)
1287 send_eapol(hapd
, addr
, build_eapol(msg
))
1289 msg
= recv_eapol(hapd
)
1290 if anonce
!= msg
['rsn_key_nonce']:
1291 raise Exception("ANonce changed")
1293 reply_eapol("4/4", hapd
, addr
, msg
, 0x030a, None, None, kck
)
1294 hapd_connected(hapd
)
1297 def test_ap_wpa2_psk_ext_eapol_retry1b(dev
, apdev
):
1298 """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted"""
1299 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
1301 msg1
= recv_eapol(hapd
)
1302 anonce
= msg1
['rsn_key_nonce']
1303 msg2
= recv_eapol(hapd
)
1304 if anonce
!= msg2
['rsn_key_nonce']:
1305 raise Exception("ANonce changed")
1307 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1308 reply_eapol("2/4 (a)", hapd
, addr
, msg1
, 0x010a, snonce
, rsne
, kck
)
1309 reply_eapol("2/4 (b)", hapd
, addr
, msg2
, 0x010a, snonce
, rsne
, kck
)
1311 msg
= recv_eapol(hapd
)
1312 if anonce
!= msg
['rsn_key_nonce']:
1313 raise Exception("ANonce changed")
1315 reply_eapol("4/4", hapd
, addr
, msg
, 0x030a, None, None, kck
)
1316 hapd_connected(hapd
)
1319 def test_ap_wpa2_psk_ext_eapol_retry1c(dev
, apdev
):
1320 """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted and SNonce changing"""
1321 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
1323 msg1
= recv_eapol(hapd
)
1324 anonce
= msg1
['rsn_key_nonce']
1326 msg2
= recv_eapol(hapd
)
1327 if anonce
!= msg2
['rsn_key_nonce']:
1328 raise Exception("ANonce changed")
1329 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1330 reply_eapol("2/4 (a)", hapd
, addr
, msg1
, 0x010a, snonce
, rsne
, kck
)
1332 snonce2
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1333 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce2
, anonce
)
1334 reply_eapol("2/4 (b)", hapd
, addr
, msg2
, 0x010a, snonce2
, rsne
, kck
)
1336 msg
= recv_eapol(hapd
)
1337 if anonce
!= msg
['rsn_key_nonce']:
1338 raise Exception("ANonce changed")
1339 reply_eapol("4/4", hapd
, addr
, msg
, 0x030a, None, None, kck
)
1340 hapd_connected(hapd
)
1343 def test_ap_wpa2_psk_ext_eapol_retry1d(dev
, apdev
):
1344 """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted and SNonce changing and older used"""
1345 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
1347 msg1
= recv_eapol(hapd
)
1348 anonce
= msg1
['rsn_key_nonce']
1349 msg2
= recv_eapol(hapd
)
1350 if anonce
!= msg2
['rsn_key_nonce']:
1351 raise Exception("ANonce changed")
1353 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1354 reply_eapol("2/4 (a)", hapd
, addr
, msg1
, 0x010a, snonce
, rsne
, kck
)
1356 snonce2
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1357 (ptk2
, kck2
, kek2
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce2
, anonce
)
1359 reply_eapol("2/4 (b)", hapd
, addr
, msg2
, 0x010a, snonce2
, rsne
, kck2
)
1360 msg
= recv_eapol(hapd
)
1361 if anonce
!= msg
['rsn_key_nonce']:
1362 raise Exception("ANonce changed")
1363 reply_eapol("4/4", hapd
, addr
, msg
, 0x030a, None, None, kck
)
1364 hapd_connected(hapd
)
1367 def test_ap_wpa2_psk_ext_eapol_type_diff(dev
, apdev
):
1368 """WPA2 4-way handshake using external EAPOL supplicant"""
1369 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
1371 msg
= recv_eapol(hapd
)
1372 anonce
= msg
['rsn_key_nonce']
1374 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1376 # Incorrect descriptor type (frame dropped)
1377 msg
['descr_type'] = 253
1378 rsn_eapol_key_set(msg
, 0x010a, 0, snonce
, rsne
)
1379 eapol_key_mic(kck
, msg
)
1380 send_eapol(hapd
, addr
, build_eapol(msg
))
1382 # Incorrect descriptor type, but with a workaround (frame processed)
1383 msg
['descr_type'] = 254
1384 rsn_eapol_key_set(msg
, 0x010a, 0, snonce
, rsne
)
1385 eapol_key_mic(kck
, msg
)
1386 send_eapol(hapd
, addr
, build_eapol(msg
))
1388 msg
= recv_eapol(hapd
)
1389 if anonce
!= msg
['rsn_key_nonce']:
1390 raise Exception("ANonce changed")
1391 logger
.info("Replay same data back")
1392 send_eapol(hapd
, addr
, build_eapol(msg
))
1394 reply_eapol("4/4", hapd
, addr
, msg
, 0x030a, None, None, kck
)
1395 hapd_connected(hapd
)
1398 def test_ap_wpa_psk_ext_eapol(dev
, apdev
):
1399 """WPA2-PSK AP using external EAPOL supplicant"""
1400 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,wpae
) = eapol_test(apdev
[0], dev
[0],
1403 msg
= recv_eapol(hapd
)
1404 anonce
= msg
['rsn_key_nonce']
1405 logger
.info("Replay same data back")
1406 send_eapol(hapd
, addr
, build_eapol(msg
))
1407 logger
.info("Too short data")
1408 send_eapol(hapd
, addr
, build_eapol(msg
)[0:98])
1410 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1411 msg
['descr_type'] = 2
1412 reply_eapol("2/4(invalid type)", hapd
, addr
, msg
, 0x010a, snonce
, wpae
, kck
)
1413 msg
['descr_type'] = 254
1414 reply_eapol("2/4", hapd
, addr
, msg
, 0x010a, snonce
, wpae
, kck
)
1416 msg
= recv_eapol(hapd
)
1417 if anonce
!= msg
['rsn_key_nonce']:
1418 raise Exception("ANonce changed")
1419 logger
.info("Replay same data back")
1420 send_eapol(hapd
, addr
, build_eapol(msg
))
1422 reply_eapol("4/4", hapd
, addr
, msg
, 0x030a, None, None, kck
)
1423 hapd_connected(hapd
)
1426 def test_ap_wpa2_psk_ext_eapol_key_info(dev
, apdev
):
1427 """WPA2-PSK 4-way handshake with strange key info values"""
1428 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
1430 msg
= recv_eapol(hapd
)
1431 anonce
= msg
['rsn_key_nonce']
1433 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1434 rsn_eapol_key_set(msg
, 0x0000, 0, snonce
, rsne
)
1435 send_eapol(hapd
, addr
, build_eapol(msg
))
1436 rsn_eapol_key_set(msg
, 0xffff, 0, snonce
, rsne
)
1437 send_eapol(hapd
, addr
, build_eapol(msg
))
1439 rsn_eapol_key_set(msg
, 0x2802, 0, snonce
, rsne
)
1440 send_eapol(hapd
, addr
, build_eapol(msg
))
1442 rsn_eapol_key_set(msg
, 0x2002, 0, snonce
, rsne
)
1443 send_eapol(hapd
, addr
, build_eapol(msg
))
1445 rsn_eapol_key_set(msg
, 0x0902, 0, snonce
, rsne
)
1446 send_eapol(hapd
, addr
, build_eapol(msg
))
1448 rsn_eapol_key_set(msg
, 0x0902, 0, snonce
, rsne
)
1449 tmp_kck
= binascii
.unhexlify('00000000000000000000000000000000')
1450 eapol_key_mic(tmp_kck
, msg
)
1451 send_eapol(hapd
, addr
, build_eapol(msg
))
1453 reply_eapol("2/4", hapd
, addr
, msg
, 0x010a, snonce
, rsne
, kck
)
1455 msg
= recv_eapol(hapd
)
1456 if anonce
!= msg
['rsn_key_nonce']:
1457 raise Exception("ANonce changed")
1459 # Request (valic MIC)
1460 rsn_eapol_key_set(msg
, 0x0902, 0, snonce
, rsne
)
1461 eapol_key_mic(kck
, msg
)
1462 send_eapol(hapd
, addr
, build_eapol(msg
))
1463 # Request (valid MIC, replayed counter)
1464 rsn_eapol_key_set(msg
, 0x0902, 0, snonce
, rsne
)
1465 eapol_key_mic(kck
, msg
)
1466 send_eapol(hapd
, addr
, build_eapol(msg
))
1468 reply_eapol("4/4", hapd
, addr
, msg
, 0x030a, None, None, kck
)
1469 hapd_connected(hapd
)
1471 def build_eapol_key_1_4(anonce
, replay_counter
=1, key_data
='', key_len
=16):
1475 msg
['length'] = 95 + len(key_data
)
1477 msg
['descr_type'] = 2
1478 msg
['rsn_key_info'] = 0x8a
1479 msg
['rsn_key_len'] = key_len
1480 msg
['rsn_replay_counter'] = struct
.pack('>Q', replay_counter
)
1481 msg
['rsn_key_nonce'] = anonce
1482 msg
['rsn_key_iv'] = binascii
.unhexlify('00000000000000000000000000000000')
1483 msg
['rsn_key_rsc'] = binascii
.unhexlify('0000000000000000')
1484 msg
['rsn_key_id'] = binascii
.unhexlify('0000000000000000')
1485 msg
['rsn_key_mic'] = binascii
.unhexlify('00000000000000000000000000000000')
1486 msg
['rsn_key_data_len'] = len(key_data
)
1487 msg
['rsn_key_data'] = key_data
1490 def build_eapol_key_3_4(anonce
, kck
, key_data
, replay_counter
=2,
1491 key_info
=0x13ca, extra_len
=0, descr_type
=2, key_len
=16):
1495 msg
['length'] = 95 + len(key_data
) + extra_len
1497 msg
['descr_type'] = descr_type
1498 msg
['rsn_key_info'] = key_info
1499 msg
['rsn_key_len'] = key_len
1500 msg
['rsn_replay_counter'] = struct
.pack('>Q', replay_counter
)
1501 msg
['rsn_key_nonce'] = anonce
1502 msg
['rsn_key_iv'] = binascii
.unhexlify('00000000000000000000000000000000')
1503 msg
['rsn_key_rsc'] = binascii
.unhexlify('0000000000000000')
1504 msg
['rsn_key_id'] = binascii
.unhexlify('0000000000000000')
1505 msg
['rsn_key_data_len'] = len(key_data
)
1506 msg
['rsn_key_data'] = key_data
1507 eapol_key_mic(kck
, msg
)
1510 def aes_wrap(kek
, plain
):
1512 a
= 0xa6a6a6a6a6a6a6a6
1513 enc
= AES
.new(kek
).encrypt
1514 r
= [plain
[i
* 8:(i
+ 1) * 8] for i
in range(0, n
)]
1516 for i
in range(1, n
+ 1):
1517 b
= enc(struct
.pack('>Q', a
) + r
[i
- 1])
1518 a
= struct
.unpack('>Q', b
[:8])[0] ^
(n
* j
+ i
)
1520 return struct
.pack('>Q', a
) + ''.join(r
)
1522 def pad_key_data(plain
):
1523 pad_len
= len(plain
) % 8
1525 pad_len
= 8 - pad_len
1528 plain
+= pad_len
* '\0'
1531 def test_ap_wpa2_psk_supp_proto(dev
, apdev
):
1532 """WPA2-PSK 4-way handshake protocol testing for supplicant"""
1533 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
1535 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1536 msg
= recv_eapol(hapd
)
1537 dev
[0].dump_monitor()
1539 # Build own EAPOL-Key msg 1/4
1540 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1542 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
1544 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1545 msg
= recv_eapol(dev
[0])
1546 snonce
= msg
['rsn_key_nonce']
1548 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1550 logger
.debug("Invalid AES wrap data length 0")
1551 dev
[0].dump_monitor()
1552 msg
= build_eapol_key_3_4(anonce
, kck
, '', replay_counter
=counter
)
1554 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1555 ev
= dev
[0].wait_event(["WPA: Unsupported AES-WRAP len 0"])
1557 raise Exception("Unsupported AES-WRAP len 0 not reported")
1559 logger
.debug("Invalid AES wrap data length 1")
1560 dev
[0].dump_monitor()
1561 msg
= build_eapol_key_3_4(anonce
, kck
, '1', replay_counter
=counter
)
1563 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1564 ev
= dev
[0].wait_event(["WPA: Unsupported AES-WRAP len 1"])
1566 raise Exception("Unsupported AES-WRAP len 1 not reported")
1568 logger
.debug("Invalid AES wrap data length 9")
1569 dev
[0].dump_monitor()
1570 msg
= build_eapol_key_3_4(anonce
, kck
, '123456789', replay_counter
=counter
)
1572 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1573 ev
= dev
[0].wait_event(["WPA: Unsupported AES-WRAP len 9"])
1575 raise Exception("Unsupported AES-WRAP len 9 not reported")
1577 logger
.debug("Invalid AES wrap data payload")
1578 dev
[0].dump_monitor()
1579 msg
= build_eapol_key_3_4(anonce
, kck
, '12345678', replay_counter
=counter
)
1580 # do not increment counter to test replay protection
1581 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1582 ev
= dev
[0].wait_event(["WPA: AES unwrap failed"])
1584 raise Exception("AES unwrap failure not reported")
1586 logger
.debug("Replay Count not increasing")
1587 dev
[0].dump_monitor()
1588 msg
= build_eapol_key_3_4(anonce
, kck
, '12345678', replay_counter
=counter
)
1590 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1591 ev
= dev
[0].wait_event(["WPA: EAPOL-Key Replay Counter did not increase"])
1593 raise Exception("Replay Counter replay not reported")
1595 logger
.debug("Missing Ack bit in key info")
1596 dev
[0].dump_monitor()
1597 msg
= build_eapol_key_3_4(anonce
, kck
, '12345678', replay_counter
=counter
,
1600 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1601 ev
= dev
[0].wait_event(["WPA: No Ack bit in key_info"])
1603 raise Exception("Missing Ack bit not reported")
1605 logger
.debug("Unexpected Request bit in key info")
1606 dev
[0].dump_monitor()
1607 msg
= build_eapol_key_3_4(anonce
, kck
, '12345678', replay_counter
=counter
,
1610 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1611 ev
= dev
[0].wait_event(["WPA: EAPOL-Key with Request bit"])
1613 raise Exception("Request bit not reported")
1615 logger
.debug("Unsupported key descriptor version 0")
1616 dev
[0].dump_monitor()
1617 msg
= build_eapol_key_3_4(anonce
, kck
, '0123456789abcdef',
1618 replay_counter
=counter
, key_info
=0x13c8)
1620 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1621 ev
= dev
[0].wait_event(["WPA: Unsupported EAPOL-Key descriptor version 0"])
1623 raise Exception("Unsupported EAPOL-Key descriptor version 0 not reported")
1625 logger
.debug("Key descriptor version 1 not allowed with CCMP")
1626 dev
[0].dump_monitor()
1627 msg
= build_eapol_key_3_4(anonce
, kck
, '0123456789abcdef',
1628 replay_counter
=counter
, key_info
=0x13c9)
1630 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1631 ev
= dev
[0].wait_event(["WPA: CCMP is used, but EAPOL-Key descriptor version (1) is not 2"])
1633 raise Exception("Not allowed EAPOL-Key descriptor version not reported")
1635 logger
.debug("Invalid AES wrap payload with key descriptor version 2")
1636 dev
[0].dump_monitor()
1637 msg
= build_eapol_key_3_4(anonce
, kck
, '0123456789abcdef',
1638 replay_counter
=counter
, key_info
=0x13ca)
1640 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1641 ev
= dev
[0].wait_event(["WPA: AES unwrap failed"])
1643 raise Exception("AES unwrap failure not reported")
1645 logger
.debug("Key descriptor version 3 workaround")
1646 dev
[0].dump_monitor()
1647 msg
= build_eapol_key_3_4(anonce
, kck
, '0123456789abcdef',
1648 replay_counter
=counter
, key_info
=0x13cb)
1650 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1651 ev
= dev
[0].wait_event(["WPA: CCMP is used, but EAPOL-Key descriptor version (3) is not 2"])
1653 raise Exception("CCMP key descriptor mismatch not reported")
1654 ev
= dev
[0].wait_event(["WPA: Interoperability workaround"])
1656 raise Exception("AES-128-CMAC workaround not reported")
1657 ev
= dev
[0].wait_event(["WPA: Invalid EAPOL-Key MIC - dropping packet"])
1659 raise Exception("MIC failure with AES-128-CMAC workaround not reported")
1661 logger
.debug("Unsupported key descriptor version 4")
1662 dev
[0].dump_monitor()
1663 msg
= build_eapol_key_3_4(anonce
, kck
, '0123456789abcdef',
1664 replay_counter
=counter
, key_info
=0x13cc)
1666 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1667 ev
= dev
[0].wait_event(["WPA: Unsupported EAPOL-Key descriptor version 4"])
1669 raise Exception("Unsupported EAPOL-Key descriptor version 4 not reported")
1671 logger
.debug("Unsupported key descriptor version 7")
1672 dev
[0].dump_monitor()
1673 msg
= build_eapol_key_3_4(anonce
, kck
, '0123456789abcdef',
1674 replay_counter
=counter
, key_info
=0x13cf)
1676 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1677 ev
= dev
[0].wait_event(["WPA: Unsupported EAPOL-Key descriptor version 7"])
1679 raise Exception("Unsupported EAPOL-Key descriptor version 7 not reported")
1681 logger
.debug("Too short EAPOL header length")
1682 dev
[0].dump_monitor()
1683 msg
= build_eapol_key_3_4(anonce
, kck
, '12345678', replay_counter
=counter
,
1686 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1687 ev
= dev
[0].wait_event(["WPA: Invalid EAPOL-Key frame - key_data overflow (8 > 7)"])
1689 raise Exception("Key data overflow not reported")
1691 logger
.debug("Too long EAPOL header length")
1692 msg
= build_eapol_key_3_4(anonce
, kck
, '12345678', replay_counter
=counter
,
1695 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1697 logger
.debug("Unsupported descriptor type 0")
1698 msg
= build_eapol_key_3_4(anonce
, kck
, '12345678', replay_counter
=counter
,
1701 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1703 logger
.debug("WPA descriptor type 0")
1704 msg
= build_eapol_key_3_4(anonce
, kck
, '12345678', replay_counter
=counter
,
1707 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1709 logger
.debug("Non-zero key index for pairwise key")
1710 dev
[0].dump_monitor()
1711 wrapped
= aes_wrap(kek
, 16*'z')
1712 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
,
1715 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1716 ev
= dev
[0].wait_event(["WPA: Ignored EAPOL-Key (Pairwise) with non-zero key index"])
1718 raise Exception("Non-zero key index not reported")
1720 logger
.debug("Invalid Key Data plaintext payload --> disconnect")
1721 dev
[0].dump_monitor()
1722 wrapped
= aes_wrap(kek
, 16*'z')
1723 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
)
1725 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1726 dev
[0].wait_disconnected(timeout
=1)
1728 def test_ap_wpa2_psk_supp_proto_no_ie(dev
, apdev
):
1729 """WPA2-PSK supplicant protocol testing: IE not included"""
1730 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
1732 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1733 msg
= recv_eapol(hapd
)
1734 dev
[0].dump_monitor()
1736 # Build own EAPOL-Key msg 1/4
1737 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1739 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
1741 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1742 msg
= recv_eapol(dev
[0])
1743 snonce
= msg
['rsn_key_nonce']
1745 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1747 logger
.debug("No IEs in msg 3/4 --> disconnect")
1748 dev
[0].dump_monitor()
1749 wrapped
= aes_wrap(kek
, 16*'\0')
1750 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
)
1752 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1753 dev
[0].wait_disconnected(timeout
=1)
1755 def test_ap_wpa2_psk_supp_proto_ie_mismatch(dev
, apdev
):
1756 """WPA2-PSK supplicant protocol testing: IE mismatch"""
1757 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
1759 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1760 msg
= recv_eapol(hapd
)
1761 dev
[0].dump_monitor()
1763 # Build own EAPOL-Key msg 1/4
1764 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1766 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
1768 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1769 msg
= recv_eapol(dev
[0])
1770 snonce
= msg
['rsn_key_nonce']
1772 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1774 logger
.debug("Msg 3/4 with mismatching IE")
1775 dev
[0].dump_monitor()
1776 wrapped
= aes_wrap(kek
, pad_key_data(binascii
.unhexlify('30060100000fac04dd16000fac010100dc11188831bf4aa4a8678d2b41498618')))
1777 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
)
1779 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1780 dev
[0].wait_disconnected(timeout
=1)
1782 def test_ap_wpa2_psk_supp_proto_ok(dev
, apdev
):
1783 """WPA2-PSK supplicant protocol testing: success"""
1784 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
1786 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1787 msg
= recv_eapol(hapd
)
1788 dev
[0].dump_monitor()
1790 # Build own EAPOL-Key msg 1/4
1791 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1793 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
1795 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1796 msg
= recv_eapol(dev
[0])
1797 snonce
= msg
['rsn_key_nonce']
1799 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1801 logger
.debug("Valid EAPOL-Key msg 3/4")
1802 dev
[0].dump_monitor()
1803 plain
= binascii
.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
1804 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
1805 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
)
1807 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1808 dev
[0].wait_connected(timeout
=1)
1810 def test_ap_wpa2_psk_supp_proto_no_gtk(dev
, apdev
):
1811 """WPA2-PSK supplicant protocol testing: no GTK"""
1812 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
1814 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1815 msg
= recv_eapol(hapd
)
1816 dev
[0].dump_monitor()
1818 # Build own EAPOL-Key msg 1/4
1819 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1821 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
1823 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1824 msg
= recv_eapol(dev
[0])
1825 snonce
= msg
['rsn_key_nonce']
1827 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1829 logger
.debug("EAPOL-Key msg 3/4 without GTK KDE")
1830 dev
[0].dump_monitor()
1831 plain
= binascii
.unhexlify('30140100000fac040100000fac040100000fac020c00')
1832 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
1833 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
)
1835 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1836 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=0.1)
1838 raise Exception("Unexpected connection completion reported")
1840 def test_ap_wpa2_psk_supp_proto_anonce_change(dev
, apdev
):
1841 """WPA2-PSK supplicant protocol testing: ANonce change"""
1842 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
1844 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1845 msg
= recv_eapol(hapd
)
1846 dev
[0].dump_monitor()
1848 # Build own EAPOL-Key msg 1/4
1849 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1851 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
1853 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1854 msg
= recv_eapol(dev
[0])
1855 snonce
= msg
['rsn_key_nonce']
1857 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1859 logger
.debug("Valid EAPOL-Key msg 3/4")
1860 dev
[0].dump_monitor()
1861 anonce2
= binascii
.unhexlify('3333333333333333333333333333333333333333333333333333333333333333')
1862 plain
= binascii
.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
1863 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
1864 msg
= build_eapol_key_3_4(anonce2
, kck
, wrapped
, replay_counter
=counter
)
1866 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1867 ev
= dev
[0].wait_event(["WPA: ANonce from message 1 of 4-Way Handshake differs from 3 of 4-Way Handshake"])
1869 raise Exception("ANonce change not reported")
1871 def test_ap_wpa2_psk_supp_proto_unexpected_group_msg(dev
, apdev
):
1872 """WPA2-PSK supplicant protocol testing: unexpected group message"""
1873 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
1875 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1876 msg
= recv_eapol(hapd
)
1877 dev
[0].dump_monitor()
1879 # Build own EAPOL-Key msg 1/4
1880 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1882 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
1884 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1885 msg
= recv_eapol(dev
[0])
1886 snonce
= msg
['rsn_key_nonce']
1888 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1890 logger
.debug("Group key 1/2 instead of msg 3/4")
1891 dev
[0].dump_monitor()
1892 wrapped
= aes_wrap(kek
, binascii
.unhexlify('dd16000fac010100dc11188831bf4aa4a8678d2b41498618'))
1893 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
,
1896 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1897 ev
= dev
[0].wait_event(["WPA: Group Key Handshake started prior to completion of 4-way handshake"])
1899 raise Exception("Unexpected group key message not reported")
1900 dev
[0].wait_disconnected(timeout
=1)
1903 def test_ap_wpa2_psk_supp_proto_msg_1_invalid_kde(dev
, apdev
):
1904 """WPA2-PSK supplicant protocol testing: invalid KDE in msg 1/4"""
1905 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
1907 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1908 msg
= recv_eapol(hapd
)
1909 dev
[0].dump_monitor()
1911 # Build own EAPOL-Key msg 1/4 with invalid KDE
1912 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1914 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
,
1915 key_data
=binascii
.unhexlify('5555'))
1917 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1918 dev
[0].wait_disconnected(timeout
=1)
1920 def test_ap_wpa2_psk_supp_proto_wrong_pairwise_key_len(dev
, apdev
):
1921 """WPA2-PSK supplicant protocol testing: wrong pairwise key length"""
1922 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
1924 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1925 msg
= recv_eapol(hapd
)
1926 dev
[0].dump_monitor()
1928 # Build own EAPOL-Key msg 1/4
1929 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1931 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
1933 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1934 msg
= recv_eapol(dev
[0])
1935 snonce
= msg
['rsn_key_nonce']
1937 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1939 logger
.debug("Valid EAPOL-Key msg 3/4")
1940 dev
[0].dump_monitor()
1941 plain
= binascii
.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
1942 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
1943 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
,
1946 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1947 ev
= dev
[0].wait_event(["WPA: Invalid CCMP key length 15"])
1949 raise Exception("Invalid CCMP key length not reported")
1950 dev
[0].wait_disconnected(timeout
=1)
1952 def test_ap_wpa2_psk_supp_proto_wrong_group_key_len(dev
, apdev
):
1953 """WPA2-PSK supplicant protocol testing: wrong group key length"""
1954 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
1956 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1957 msg
= recv_eapol(hapd
)
1958 dev
[0].dump_monitor()
1960 # Build own EAPOL-Key msg 1/4
1961 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1963 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
1965 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1966 msg
= recv_eapol(dev
[0])
1967 snonce
= msg
['rsn_key_nonce']
1969 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1971 logger
.debug("Valid EAPOL-Key msg 3/4")
1972 dev
[0].dump_monitor()
1973 plain
= binascii
.unhexlify('30140100000fac040100000fac040100000fac020c00dd15000fac010100dc11188831bf4aa4a8678d2b414986')
1974 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
1975 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
)
1977 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1978 ev
= dev
[0].wait_event(["WPA: Unsupported CCMP Group Cipher key length 15"])
1980 raise Exception("Invalid CCMP key length not reported")
1981 dev
[0].wait_disconnected(timeout
=1)
1983 def test_ap_wpa2_psk_supp_proto_gtk_tx_bit_workaround(dev
, apdev
):
1984 """WPA2-PSK supplicant protocol testing: GTK TX bit workaround"""
1985 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
1987 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1988 msg
= recv_eapol(hapd
)
1989 dev
[0].dump_monitor()
1991 # Build own EAPOL-Key msg 1/4
1992 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1994 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
1996 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1997 msg
= recv_eapol(dev
[0])
1998 snonce
= msg
['rsn_key_nonce']
2000 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
2002 logger
.debug("Valid EAPOL-Key msg 3/4")
2003 dev
[0].dump_monitor()
2004 plain
= binascii
.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010500dc11188831bf4aa4a8678d2b41498618')
2005 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
2006 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
)
2008 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2009 ev
= dev
[0].wait_event(["WPA: Tx bit set for GTK, but pairwise keys are used - ignore Tx bit"])
2011 raise Exception("GTK Tx bit workaround not reported")
2012 dev
[0].wait_connected(timeout
=1)
2014 def test_ap_wpa2_psk_supp_proto_gtk_keyidx_0_and_3(dev
, apdev
):
2015 """WPA2-PSK supplicant protocol testing: GTK key index 0 and 3"""
2016 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
2018 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2019 msg
= recv_eapol(hapd
)
2020 dev
[0].dump_monitor()
2022 # Build own EAPOL-Key msg 1/4
2023 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2025 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
2027 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2028 msg
= recv_eapol(dev
[0])
2029 snonce
= msg
['rsn_key_nonce']
2031 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
2033 logger
.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)")
2034 dev
[0].dump_monitor()
2035 plain
= binascii
.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618')
2036 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
2037 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
)
2039 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2040 dev
[0].wait_connected(timeout
=1)
2042 logger
.debug("Valid EAPOL-Key group msg 1/2 (GTK keyidx 3)")
2043 dev
[0].dump_monitor()
2044 plain
= binascii
.unhexlify('dd16000fac010300dc11188831bf4aa4a8678d2b41498618')
2045 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
2046 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
,
2049 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2050 msg
= recv_eapol(dev
[0])
2051 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"])
2053 raise Exception("GTK rekeing not reported")
2055 logger
.debug("Unencrypted GTK KDE in group msg 1/2")
2056 dev
[0].dump_monitor()
2057 plain
= binascii
.unhexlify('dd16000fac010300dc11188831bf4aa4a8678d2b41498618')
2058 msg
= build_eapol_key_3_4(anonce
, kck
, plain
, replay_counter
=counter
,
2061 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2062 ev
= dev
[0].wait_event(["WPA: GTK IE in unencrypted key data"])
2064 raise Exception("Unencrypted GTK KDE not reported")
2065 dev
[0].wait_disconnected(timeout
=1)
2067 def test_ap_wpa2_psk_supp_proto_no_gtk_in_group_msg(dev
, apdev
):
2068 """WPA2-PSK supplicant protocol testing: GTK KDE missing from group msg"""
2069 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
2071 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2072 msg
= recv_eapol(hapd
)
2073 dev
[0].dump_monitor()
2075 # Build own EAPOL-Key msg 1/4
2076 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2078 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
2080 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2081 msg
= recv_eapol(dev
[0])
2082 snonce
= msg
['rsn_key_nonce']
2084 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
2086 logger
.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)")
2087 dev
[0].dump_monitor()
2088 plain
= binascii
.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618')
2089 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
2090 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
)
2092 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2093 dev
[0].wait_connected(timeout
=1)
2095 logger
.debug("No GTK KDE in EAPOL-Key group msg 1/2")
2096 dev
[0].dump_monitor()
2097 plain
= binascii
.unhexlify('dd00dd00dd00dd00dd00dd00dd00dd00')
2098 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
2099 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
,
2102 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2103 ev
= dev
[0].wait_event(["WPA: No GTK IE in Group Key msg 1/2"])
2105 raise Exception("Missing GTK KDE not reported")
2106 dev
[0].wait_disconnected(timeout
=1)
2108 def test_ap_wpa2_psk_supp_proto_too_long_gtk_in_group_msg(dev
, apdev
):
2109 """WPA2-PSK supplicant protocol testing: too long GTK KDE in group msg"""
2110 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
2112 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2113 msg
= recv_eapol(hapd
)
2114 dev
[0].dump_monitor()
2116 # Build own EAPOL-Key msg 1/4
2117 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2119 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
2121 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2122 msg
= recv_eapol(dev
[0])
2123 snonce
= msg
['rsn_key_nonce']
2125 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
2127 logger
.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)")
2128 dev
[0].dump_monitor()
2129 plain
= binascii
.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618')
2130 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
2131 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
)
2133 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2134 dev
[0].wait_connected(timeout
=1)
2136 logger
.debug("EAPOL-Key group msg 1/2 with too long GTK KDE")
2137 dev
[0].dump_monitor()
2138 plain
= binascii
.unhexlify('dd27000fac010100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff')
2139 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
2140 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
,
2143 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2144 ev
= dev
[0].wait_event(["WPA: Unsupported CCMP Group Cipher key length 33"])
2146 raise Exception("Too long GTK KDE not reported")
2147 dev
[0].wait_disconnected(timeout
=1)
2149 def test_ap_wpa2_psk_supp_proto_too_long_gtk_kde(dev
, apdev
):
2150 """WPA2-PSK supplicant protocol testing: too long GTK KDE"""
2151 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
2153 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2154 msg
= recv_eapol(hapd
)
2155 dev
[0].dump_monitor()
2157 # Build own EAPOL-Key msg 1/4
2158 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2160 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
2162 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2163 msg
= recv_eapol(dev
[0])
2164 snonce
= msg
['rsn_key_nonce']
2166 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
2168 logger
.debug("EAPOL-Key msg 3/4 with too short GTK KDE")
2169 dev
[0].dump_monitor()
2170 plain
= binascii
.unhexlify('30140100000fac040100000fac040100000fac020c00dd27000fac010100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff')
2171 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
2172 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
)
2174 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2175 dev
[0].wait_disconnected(timeout
=1)
2177 def test_ap_wpa2_psk_supp_proto_gtk_not_encrypted(dev
, apdev
):
2178 """WPA2-PSK supplicant protocol testing: GTK KDE not encrypted"""
2179 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
2181 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2182 msg
= recv_eapol(hapd
)
2183 dev
[0].dump_monitor()
2185 # Build own EAPOL-Key msg 1/4
2186 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2188 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
2190 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2191 msg
= recv_eapol(dev
[0])
2192 snonce
= msg
['rsn_key_nonce']
2194 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
2196 logger
.debug("Valid EAPOL-Key msg 3/4")
2197 dev
[0].dump_monitor()
2198 plain
= binascii
.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
2199 msg
= build_eapol_key_3_4(anonce
, kck
, plain
, replay_counter
=counter
,
2202 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2203 ev
= dev
[0].wait_event(["WPA: GTK IE in unencrypted key data"])
2205 raise Exception("Unencrypted GTK KDE not reported")
2206 dev
[0].wait_disconnected(timeout
=1)
2208 def find_wpas_process(dev
):
2210 err
, data
= dev
.cmd_execute(['ps', 'ax'])
2211 for l
in data
.splitlines():
2212 if "wpa_supplicant" not in l
:
2214 if "-i" + ifname
not in l
:
2216 return int(l
.strip().split(' ')[0])
2217 raise Exception("Could not find wpa_supplicant process")
2219 def read_process_memory(pid
, key
=None):
2221 logger
.info("Reading process memory (pid=%d)" % pid
)
2222 with
open('/proc/%d/maps' % pid
, 'r') as maps
, \
2223 open('/proc/%d/mem' % pid
, 'r') as mem
:
2224 for l
in maps
.readlines():
2225 m
= re
.match(r
'([0-9a-f]+)-([0-9a-f]+) ([-r][-w][-x][-p])', l
)
2228 start
= int(m
.group(1), 16)
2229 end
= int(m
.group(2), 16)
2231 if start
> 0xffffffffffff:
2235 if not perm
.startswith('rw'):
2237 for name
in [ "[heap]", "[stack]" ]:
2239 logger
.info("%s 0x%x-0x%x is at %d-%d" % (name
, start
, end
, len(buf
), len(buf
) + (end
- start
)))
2241 data
= mem
.read(end
- start
)
2243 if key
and key
in data
:
2244 logger
.info("Key found in " + l
)
2245 logger
.info("Total process memory read: %d bytes" % len(buf
))
2248 def verify_not_present(buf
, key
, fname
, keyname
):
2253 prefix
= 2048 if pos
> 2048 else pos
2254 with
open(fname
+ keyname
, 'w') as f
:
2255 f
.write(buf
[pos
- prefix
:pos
+ 2048])
2256 raise Exception(keyname
+ " found after disassociation")
2258 def get_key_locations(buf
, key
, keyname
):
2262 pos
= buf
.find(key
, pos
)
2265 logger
.info("Found %s at %d" % (keyname
, pos
))
2267 start
= pos
- context
if pos
> context
else 0
2268 before
= binascii
.hexlify(buf
[start
:pos
])
2270 end
= pos
+ context
if pos
< len(buf
) - context
else len(buf
) - context
2271 after
= binascii
.hexlify(buf
[pos
+ len(key
):end
])
2272 logger
.debug("Memory context %d-%d: %s|%s|%s" % (start
, end
, before
, binascii
.hexlify(key
), after
))
2277 def test_wpa2_psk_key_lifetime_in_memory(dev
, apdev
, params
):
2278 """WPA2-PSK and PSK/PTK lifetime in memory"""
2279 ssid
= "test-wpa2-psk"
2280 passphrase
= 'qwertyuiop'
2281 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
2282 pmk
= binascii
.unhexlify(psk
)
2283 p
= hostapd
.wpa2_params(ssid
=ssid
)
2285 hapd
= hostapd
.add_ap(apdev
[0], p
)
2287 pid
= find_wpas_process(dev
[0])
2289 id = dev
[0].connect(ssid
, raw_psk
=psk
, scan_freq
="2412",
2290 only_add_network
=True)
2292 logger
.info("Checking keys in memory after network profile configuration")
2293 buf
= read_process_memory(pid
, pmk
)
2294 get_key_locations(buf
, pmk
, "PMK")
2296 dev
[0].request("REMOVE_NETWORK all")
2297 logger
.info("Checking keys in memory after network profile removal")
2298 buf
= read_process_memory(pid
, pmk
)
2299 get_key_locations(buf
, pmk
, "PMK")
2301 id = dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412",
2302 only_add_network
=True)
2304 logger
.info("Checking keys in memory before connection")
2305 buf
= read_process_memory(pid
, pmk
)
2306 get_key_locations(buf
, pmk
, "PMK")
2308 dev
[0].connect_network(id, timeout
=20)
2309 # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
2310 # event has been delivered, so verify that wpa_supplicant has returned to
2311 # eloop before reading process memory.
2315 buf
= read_process_memory(pid
, pmk
)
2317 dev
[0].request("DISCONNECT")
2318 dev
[0].wait_disconnected()
2323 with
open(os
.path
.join(params
['logdir'], 'log0'), 'r') as f
:
2324 for l
in f
.readlines():
2325 if "WPA: PTK - hexdump" in l
:
2326 val
= l
.strip().split(':')[3].replace(' ', '')
2327 ptk
= binascii
.unhexlify(val
)
2328 if "WPA: Group Key - hexdump" in l
:
2329 val
= l
.strip().split(':')[3].replace(' ', '')
2330 gtk
= binascii
.unhexlify(val
)
2331 if not pmk
or not ptk
or not gtk
:
2332 raise Exception("Could not find keys from debug log")
2334 raise Exception("Unexpected GTK length")
2340 logger
.info("Checking keys in memory while associated")
2341 get_key_locations(buf
, pmk
, "PMK")
2343 raise HwsimSkip("PMK not found while associated")
2345 raise Exception("KCK not found while associated")
2347 raise Exception("KEK not found while associated")
2349 # raise Exception("TK found from memory")
2351 logger
.info("Checking keys in memory after disassociation")
2352 buf
= read_process_memory(pid
, pmk
)
2353 get_key_locations(buf
, pmk
, "PMK")
2355 # Note: PMK/PSK is still present in network configuration
2357 fname
= os
.path
.join(params
['logdir'],
2358 'wpa2_psk_key_lifetime_in_memory.memctx-')
2359 verify_not_present(buf
, kck
, fname
, "KCK")
2360 verify_not_present(buf
, kek
, fname
, "KEK")
2361 verify_not_present(buf
, tk
, fname
, "TK")
2363 get_key_locations(buf
, gtk
, "GTK")
2364 verify_not_present(buf
, gtk
, fname
, "GTK")
2366 dev
[0].request("REMOVE_NETWORK all")
2368 logger
.info("Checking keys in memory after network profile removal")
2369 buf
= read_process_memory(pid
, pmk
)
2370 get_key_locations(buf
, pmk
, "PMK")
2372 verify_not_present(buf
, pmk
, fname
, "PMK")
2373 verify_not_present(buf
, kck
, fname
, "KCK")
2374 verify_not_present(buf
, kek
, fname
, "KEK")
2375 verify_not_present(buf
, tk
, fname
, "TK")
2376 verify_not_present(buf
, gtk
, fname
, "GTK")
2379 def test_ap_wpa2_psk_wep(dev
, apdev
):
2380 """WPA2-PSK AP and WEP enabled"""
2381 ssid
= "test-wpa2-psk"
2382 passphrase
= 'qwertyuiop'
2383 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
2384 hapd
= hostapd
.add_ap(apdev
[0], params
)
2386 hapd
.set('wep_key0', '"hello"')
2387 raise Exception("WEP key accepted to WPA2 network")
2391 def test_ap_wpa2_psk_wpas_in_bridge(dev
, apdev
):
2392 """WPA2-PSK AP and wpas interface in a bridge"""
2396 _test_ap_wpa2_psk_wpas_in_bridge(dev
, apdev
)
2398 subprocess
.call(['ip', 'link', 'set', 'dev', br_ifname
, 'down'])
2399 subprocess
.call(['brctl', 'delif', br_ifname
, ifname
])
2400 subprocess
.call(['brctl', 'delbr', br_ifname
])
2401 subprocess
.call(['iw', ifname
, 'set', '4addr', 'off'])
2403 def _test_ap_wpa2_psk_wpas_in_bridge(dev
, apdev
):
2404 ssid
= "test-wpa2-psk"
2405 passphrase
= 'qwertyuiop'
2406 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
2407 hapd
= hostapd
.add_ap(apdev
[0], params
)
2411 wpas
= WpaSupplicant(global_iface
='/tmp/wpas-wlan5')
2412 subprocess
.call(['brctl', 'addbr', br_ifname
])
2413 subprocess
.call(['brctl', 'setfd', br_ifname
, '0'])
2414 subprocess
.call(['ip', 'link', 'set', 'dev', br_ifname
, 'up'])
2415 subprocess
.call(['iw', ifname
, 'set', '4addr', 'on'])
2416 subprocess
.check_call(['brctl', 'addif', br_ifname
, ifname
])
2417 wpas
.interface_add(ifname
, br_ifname
=br_ifname
)
2420 wpas
.connect(ssid
, psk
=passphrase
, scan_freq
="2412")
2424 def test_ap_wpa2_psk_ifdown(dev
, apdev
):
2425 """AP with open mode and external ifconfig down"""
2426 ssid
= "test-wpa2-psk"
2427 passphrase
= 'qwertyuiop'
2428 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
2429 hapd
= hostapd
.add_ap(apdev
[0], params
)
2430 bssid
= apdev
[0]['bssid']
2432 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
2433 hapd
.cmd_execute(['ip', 'link', 'set', 'dev', apdev
[0]['ifname'], 'down'])
2434 ev
= hapd
.wait_event(["INTERFACE-DISABLED"], timeout
=10)
2436 raise Exception("No INTERFACE-DISABLED event")
2437 # this wait tests beacon loss detection in mac80211
2438 dev
[0].wait_disconnected()
2439 hapd
.cmd_execute(['ip', 'link', 'set', 'dev', apdev
[0]['ifname'], 'up'])
2440 ev
= hapd
.wait_event(["INTERFACE-ENABLED"], timeout
=10)
2442 raise Exception("No INTERFACE-ENABLED event")
2443 dev
[0].wait_connected()
2444 hwsim_utils
.test_connectivity(dev
[0], hapd
)
2446 def test_ap_wpa2_psk_drop_first_msg_4(dev
, apdev
):
2447 """WPA2-PSK and first EAPOL-Key msg 4/4 dropped"""
2448 bssid
= apdev
[0]['bssid']
2449 ssid
= "test-wpa2-psk"
2450 passphrase
= 'qwertyuiop'
2451 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
2452 params
= hostapd
.wpa2_params(ssid
=ssid
)
2453 params
['wpa_psk'] = psk
2454 hapd
= hostapd
.add_ap(apdev
[0], params
)
2455 hapd
.request("SET ext_eapol_frame_io 1")
2456 dev
[0].request("SET ext_eapol_frame_io 1")
2457 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412", wait_connect
=False)
2458 addr
= dev
[0].own_addr()
2461 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
2463 raise Exception("Timeout on EAPOL-TX from hostapd")
2464 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
2466 raise Exception("EAPOL_RX to wpa_supplicant failed")
2469 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
2471 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
2472 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
2474 raise Exception("EAPOL_RX to hostapd failed")
2477 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
2479 raise Exception("Timeout on EAPOL-TX from hostapd")
2480 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
2482 raise Exception("EAPOL_RX to wpa_supplicant failed")
2485 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
2487 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
2488 logger
.info("Drop the first EAPOL-Key msg 4/4")
2490 # wpa_supplicant believes now that 4-way handshake succeeded; hostapd
2491 # doesn't. Use normal EAPOL TX/RX to handle retries.
2492 hapd
.request("SET ext_eapol_frame_io 0")
2493 dev
[0].request("SET ext_eapol_frame_io 0")
2494 dev
[0].wait_connected()
2496 ev
= hapd
.wait_event(["AP-STA-CONNECTED"], timeout
=15)
2498 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
2500 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout
=0.1)
2502 logger
.info("Disconnection detected")
2503 # The EAPOL-Key retries are supposed to allow the connection to be
2504 # established without having to reassociate. However, this does not
2505 # currently work since mac80211 ends up encrypting EAPOL-Key msg 4/4
2506 # after the pairwise key has been configured and AP will drop those and
2507 # disconnect the station after reaching retransmission limit. Connection
2508 # is then established after reassociation. Once that behavior has been
2509 # optimized to prevent EAPOL-Key frame encryption for retransmission
2510 # case, this exception can be uncommented here.
2511 #raise Exception("Unexpected disconnection")
2514 def test_ap_wpa2_psk_disable_enable(dev
, apdev
):
2515 """WPA2-PSK AP getting disabled and re-enabled"""
2516 ssid
= "test-wpa2-psk"
2517 passphrase
= 'qwertyuiop'
2518 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
2519 params
= hostapd
.wpa2_params(ssid
=ssid
)
2520 params
['wpa_psk'] = psk
2521 hapd
= hostapd
.add_ap(apdev
[0], params
)
2522 dev
[0].connect(ssid
, raw_psk
=psk
, scan_freq
="2412")
2525 hapd
.request("DISABLE")
2526 dev
[0].wait_disconnected()
2527 hapd
.request("ENABLE")
2528 dev
[0].wait_connected()
2529 hwsim_utils
.test_connectivity(dev
[0], hapd
)
2532 def test_ap_wpa2_psk_incorrect_passphrase(dev
, apdev
):
2533 """WPA2-PSK AP and station using incorrect passphrase"""
2534 ssid
= "test-wpa2-psk"
2535 passphrase
= 'qwertyuiop'
2536 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
2537 hapd
= hostapd
.add_ap(apdev
[0], params
)
2538 dev
[0].connect(ssid
, psk
="incorrect passphrase", scan_freq
="2412",
2540 ev
= hapd
.wait_event(["AP-STA-POSSIBLE-PSK-MISMATCH"], timeout
=10)
2542 raise Exception("No AP-STA-POSSIBLE-PSK-MISMATCH reported")
2543 dev
[0].dump_monitor()
2546 hapd
.set("wpa_passphrase", "incorrect passphrase")
2549 dev
[0].wait_connected(timeout
=20)
2552 def test_ap_wpa_ie_parsing(dev
, apdev
):
2553 """WPA IE parsing"""
2554 skip_with_fips(dev
[0])
2555 ssid
= "test-wpa-psk"
2556 passphrase
= 'qwertyuiop'
2557 params
= hostapd
.wpa_params(ssid
=ssid
, passphrase
=passphrase
)
2558 hapd
= hostapd
.add_ap(apdev
[0], params
)
2559 id = dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412",
2560 only_add_network
=True)
2562 tests
= [ "dd040050f201",
2566 "dd070050f201010000",
2567 "dd080050f20101000050",
2568 "dd090050f20101000050f2",
2569 "dd0a0050f20101000050f202",
2570 "dd0b0050f20101000050f20201",
2571 "dd0c0050f20101000050f2020100",
2572 "dd0c0050f20101000050f2020000",
2573 "dd0c0050f20101000050f202ffff",
2574 "dd0d0050f20101000050f202010000",
2575 "dd0e0050f20101000050f20201000050",
2576 "dd0f0050f20101000050f20201000050f2",
2577 "dd100050f20101000050f20201000050f202",
2578 "dd110050f20101000050f20201000050f20201",
2579 "dd120050f20101000050f20201000050f2020100",
2580 "dd120050f20101000050f20201000050f2020000",
2581 "dd120050f20101000050f20201000050f202ffff",
2582 "dd130050f20101000050f20201000050f202010000",
2583 "dd140050f20101000050f20201000050f20201000050",
2584 "dd150050f20101000050f20201000050f20201000050f2" ]
2587 if "OK" not in dev
[0].request("VENDOR_ELEM_ADD 13 " + t
):
2588 raise Exception("VENDOR_ELEM_ADD failed")
2589 dev
[0].select_network(id)
2590 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
2592 raise Exception("Association rejection not reported")
2593 dev
[0].request("DISCONNECT")
2594 dev
[0].dump_monitor()
2596 dev
[0].request("VENDOR_ELEM_REMOVE 13 *")
2598 tests
= [ "dd170050f20101000050f20201000050f20201000050f202ff",
2599 "dd180050f20101000050f20201000050f20201000050f202ffff",
2600 "dd190050f20101000050f20201000050f20201000050f202ffffff" ]
2603 if "OK" not in dev
[0].request("VENDOR_ELEM_ADD 13 " + t
):
2604 raise Exception("VENDOR_ELEM_ADD failed")
2605 dev
[0].select_network(id)
2606 dev
[0].wait_connected()
2607 dev
[0].request("DISCONNECT")
2608 dev
[0].dump_monitor()
2610 dev
[0].request("VENDOR_ELEM_REMOVE 13 *")
2613 def test_ap_wpa2_psk_no_random(dev
, apdev
):
2614 """WPA2-PSK AP and no random numbers available"""
2615 ssid
= "test-wpa2-psk"
2616 passphrase
= 'qwertyuiop'
2617 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
2618 params
= hostapd
.wpa2_params(ssid
=ssid
)
2619 params
['wpa_psk'] = psk
2620 hapd
= hostapd
.add_ap(apdev
[0], params
)
2621 with
fail_test(hapd
, 1, "wpa_gmk_to_gtk"):
2622 id = dev
[0].connect(ssid
, raw_psk
=psk
, scan_freq
="2412",
2624 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout
=15)
2626 raise Exception("Disconnection event not reported")
2627 dev
[0].request("DISCONNECT")
2628 dev
[0].select_network(id, freq
=2412)
2629 dev
[0].wait_connected()
2632 def test_rsn_ie_proto_psk_sta(dev
, apdev
):
2633 """RSN element protocol testing for PSK cases on STA side"""
2634 bssid
= apdev
[0]['bssid']
2635 ssid
= "test-wpa2-psk"
2636 passphrase
= 'qwertyuiop'
2637 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
2638 # This is the RSN element used normally by hostapd
2639 params
['own_ie_override'] = '30140100000fac040100000fac040100000fac020c00'
2640 hapd
= hostapd
.add_ap(apdev
[0], params
)
2641 if "FAIL" not in hapd
.request("SET own_ie_override qwerty"):
2642 raise Exception("Invalid own_ie_override value accepted")
2643 id = dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
2645 tests
= [ ('No RSN Capabilities field',
2646 '30120100000fac040100000fac040100000fac02'),
2647 ('Reserved RSN Capabilities bits set',
2648 '30140100000fac040100000fac040100000fac023cff'),
2649 ('Extra pairwise cipher suite (unsupported)',
2650 '30180100000fac040200ffffffff000fac040100000fac020c00'),
2651 ('Extra AKM suite (unsupported)',
2652 '30180100000fac040100000fac040200ffffffff000fac020c00'),
2653 ('PMKIDCount field included',
2654 '30160100000fac040100000fac040100000fac020c000000'),
2655 ('Unexpected Group Management Cipher Suite with PMF disabled',
2656 '301a0100000fac040100000fac040100000fac020c000000000fac06'),
2657 ('Extra octet after defined fields (future extensibility)',
2658 '301b0100000fac040100000fac040100000fac020c000000000fac0600') ]
2659 for txt
,ie
in tests
:
2660 dev
[0].request("DISCONNECT")
2661 dev
[0].wait_disconnected()
2664 hapd
.set('own_ie_override', ie
)
2666 dev
[0].request("BSS_FLUSH 0")
2667 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
2668 dev
[0].select_network(id, freq
=2412)
2669 dev
[0].wait_connected()
2672 def test_ap_cli_order(dev
, apdev
):
2673 ssid
= "test-rsn-setup"
2674 passphrase
= 'zzzzzzzz'
2676 hapd
= hostapd
.add_ap(apdev
[0], {}, no_enable
=True)
2677 hapd
.set('ssid', ssid
)
2678 hapd
.set('wpa_passphrase', passphrase
)
2679 hapd
.set('rsn_pairwise', 'CCMP')
2680 hapd
.set('wpa_key_mgmt', 'WPA-PSK')
2681 hapd
.set('wpa', '2')
2683 cfg
= hapd
.get_config()
2684 if cfg
['group_cipher'] != 'CCMP':
2685 raise Exception("Unexpected group_cipher: " + cfg
['group_cipher'])
2686 if cfg
['rsn_pairwise_cipher'] != 'CCMP':
2687 raise Exception("Unexpected rsn_pairwise_cipher: " + cfg
['rsn_pairwise_cipher'])
2689 ev
= hapd
.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout
=30)
2691 raise Exception("AP startup timed out")
2692 if "AP-ENABLED" not in ev
:
2693 raise Exception("AP startup failed")
2695 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
2697 def set_test_assoc_ie(dev
, ie
):
2698 if "OK" not in dev
.request("TEST_ASSOC_IE " + ie
):
2699 raise Exception("Could not set TEST_ASSOC_IE")
2702 def test_ap_wpa2_psk_assoc_rsn(dev
, apdev
):
2703 """WPA2-PSK AP and association request RSN IE differences"""
2704 ssid
= "test-wpa2-psk"
2705 passphrase
= 'qwertyuiop'
2706 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
2707 hapd
= hostapd
.add_ap(apdev
[0], params
)
2709 tests
= [ ("Normal wpa_supplicant assoc req RSN IE",
2710 "30140100000fac040100000fac040100000fac020000"),
2711 ("RSN IE without RSN Capabilities",
2712 "30120100000fac040100000fac040100000fac02") ]
2713 for title
, ie
in tests
:
2715 set_test_assoc_ie(dev
[0], ie
)
2716 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
2717 dev
[0].request("REMOVE_NETWORK all")
2718 dev
[0].wait_disconnected()
2720 tests
= [ ("WPA IE instead of RSN IE and only RSN enabled on AP",
2721 "dd160050f20101000050f20201000050f20201000050f202", 40),
2722 ("Empty RSN IE", "3000", 40),
2723 ("RSN IE with truncated Version", "300101", 40),
2724 ("RSN IE with only Version", "30020100", 43) ]
2725 for title
, ie
, status
in tests
:
2727 set_test_assoc_ie(dev
[0], ie
)
2728 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412",
2730 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"])
2732 raise Exception("Association rejection not reported")
2733 if "status_code=" + str(status
) not in ev
:
2734 raise Exception("Unexpected status code: " + ev
)
2735 dev
[0].request("REMOVE_NETWORK all")
2736 dev
[0].dump_monitor()
2738 def test_ap_wpa_psk_rsn_pairwise(dev
, apdev
):
2739 """WPA-PSK AP and only rsn_pairwise set"""
2740 params
= { "ssid": "wpapsk", "wpa": "1", "wpa_key_mgmt": "WPA-PSK",
2741 "rsn_pairwise": "TKIP", "wpa_passphrase": "1234567890" }
2742 hapd
= hostapd
.add_ap(apdev
[0], params
)
2743 dev
[0].connect("wpapsk", psk
="1234567890", proto
="WPA", pairwise
="TKIP",
2746 def test_ap_wpa2_eapol_retry_limit(dev
, apdev
):
2747 """WPA2-PSK EAPOL-Key retry limit configuration"""
2748 ssid
= "test-wpa2-psk"
2749 passphrase
= 'qwertyuiop'
2750 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
2751 params
['wpa_ptk_rekey'] = '2'
2752 params
['wpa_group_update_count'] = '1'
2753 params
['wpa_pairwise_update_count'] = '1'
2754 hapd
= hostapd
.add_ap(apdev
[0], params
)
2755 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
2756 ev
= dev
[0].wait_event(["WPA: Key negotiation completed"])
2758 raise Exception("PTK rekey timed out")
2760 if "FAIL" not in hapd
.request("SET wpa_group_update_count 0"):
2761 raise Exception("Invalid wpa_group_update_count value accepted")
2762 if "FAIL" not in hapd
.request("SET wpa_pairwise_update_count 0"):
2763 raise Exception("Invalid wpa_pairwise_update_count value accepted")
2765 def test_ap_wpa2_disable_eapol_retry(dev
, apdev
):
2766 """WPA2-PSK disable EAPOL-Key retry"""
2767 ssid
= "test-wpa2-psk"
2768 passphrase
= 'qwertyuiop'
2769 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
2770 params
['wpa_disable_eapol_key_retries'] = '1'
2771 hapd
= hostapd
.add_ap(apdev
[0], params
)
2772 bssid
= apdev
[0]['bssid']
2774 logger
.info("Verify working 4-way handshake without retries")
2775 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
2776 dev
[0].request("REMOVE_NETWORK all")
2777 dev
[0].wait_disconnected()
2778 dev
[0].dump_monitor()
2779 addr
= dev
[0].own_addr()
2781 logger
.info("Verify no retransmission of message 3/4")
2782 hapd
.request("SET ext_eapol_frame_io 1")
2783 dev
[0].request("SET ext_eapol_frame_io 1")
2784 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412", wait_connect
=False)
2786 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=5)
2788 raise Exception("Timeout on EAPOL-TX (M1) from hostapd")
2789 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=5)
2791 raise Exception("Timeout on EAPOL-TX (M1 retry) from hostapd")
2792 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
2794 raise Exception("EAPOL_RX (M1) to wpa_supplicant failed")
2795 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=5)
2797 raise Exception("Timeout on EAPOL-TX (M2) from wpa_supplicant")
2798 dev
[0].dump_monitor()
2799 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
2801 raise Exception("EAPOL_RX (M2) to hostapd failed")
2803 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=5)
2805 raise Exception("Timeout on EAPOL-TX (M3) from hostapd")
2806 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=2)
2808 raise Exception("Unexpected EAPOL-TX M3 retry from hostapd")
2809 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout
=3)
2811 raise Exception("Disconnection not reported")
2812 dev
[0].request("REMOVE_NETWORK all")
2813 dev
[0].dump_monitor()
2815 def test_ap_wpa2_disable_eapol_retry_group(dev
, apdev
):
2816 """WPA2-PSK disable EAPOL-Key retry for group handshake"""
2817 ssid
= "test-wpa2-psk"
2818 passphrase
= 'qwertyuiop'
2819 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
2820 params
['wpa_disable_eapol_key_retries'] = '1'
2821 params
['wpa_strict_rekey'] = '1'
2822 hapd
= hostapd
.add_ap(apdev
[0], params
)
2823 bssid
= apdev
[0]['bssid']
2825 id = dev
[1].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
2826 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
2827 dev
[0].dump_monitor()
2828 addr
= dev
[0].own_addr()
2830 dev
[1].request("DISCONNECT")
2831 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
2833 raise Exception("GTK rekey timed out")
2834 dev
[1].request("RECONNECT")
2835 dev
[1].wait_connected()
2836 dev
[0].dump_monitor()
2838 hapd
.request("SET ext_eapol_frame_io 1")
2839 dev
[0].request("SET ext_eapol_frame_io 1")
2840 dev
[1].request("DISCONNECT")
2842 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=5)
2844 raise Exception("Timeout on EAPOL-TX (group M1) from hostapd")
2845 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=2)
2847 raise Exception("Unexpected EAPOL-TX group M1 retry from hostapd")
2848 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout
=3)
2850 raise Exception("Disconnection not reported")
2851 dev
[0].request("REMOVE_NETWORK all")
2852 dev
[0].dump_monitor()