]>
git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_fils.py
2 # Copyright (c) 2015-2017, Qualcomm Atheros, Inc.
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
10 logger
= logging
.getLogger()
17 from tshark
import run_tshark
18 from wpasupplicant
import WpaSupplicant
20 from utils
import HwsimSkip
, alloc_fail
21 from test_erp
import check_erp_capa
, start_erp_as
22 from test_ap_hs20
import ip_checksum
24 def check_fils_capa(dev
):
25 capa
= dev
.get_capability("fils")
26 if capa
is None or "FILS" not in capa
:
27 raise HwsimSkip("FILS not supported")
29 def check_fils_sk_pfs_capa(dev
):
30 capa
= dev
.get_capability("fils")
31 if capa
is None or "FILS-SK-PFS" not in capa
:
32 raise HwsimSkip("FILS-SK-PFS not supported")
34 def test_fils_sk_full_auth(dev
, apdev
, params
):
35 """FILS SK full authentication"""
36 check_fils_capa(dev
[0])
37 check_erp_capa(dev
[0])
39 start_erp_as(apdev
[1], msk_dump
=os
.path
.join(params
['logdir'], "msk.lst"))
41 bssid
= apdev
[0]['bssid']
42 params
= hostapd
.wpa2_eap_params(ssid
="fils")
43 params
['wpa_key_mgmt'] = "FILS-SHA256"
44 params
['auth_server_port'] = "18128"
45 params
['erp_send_reauth_start'] = '1'
46 params
['erp_domain'] = 'example.com'
47 params
['fils_realm'] = 'example.com'
48 params
['wpa_group_rekey'] = '1'
49 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
51 dev
[0].scan_for_bss(bssid
, freq
=2412)
52 bss
= dev
[0].get_bss(bssid
)
53 logger
.debug("BSS: " + str(bss
))
54 if "[FILS]" not in bss
['flags']:
55 raise Exception("[FILS] flag not indicated")
56 if "[WPA2-FILS-SHA256-CCMP]" not in bss
['flags']:
57 raise Exception("[WPA2-FILS-SHA256-CCMP] flag not indicated")
59 res
= dev
[0].request("SCAN_RESULTS")
60 logger
.debug("SCAN_RESULTS: " + res
)
61 if "[FILS]" not in res
:
62 raise Exception("[FILS] flag not indicated")
63 if "[WPA2-FILS-SHA256-CCMP]" not in res
:
64 raise Exception("[WPA2-FILS-SHA256-CCMP] flag not indicated")
66 dev
[0].request("ERP_FLUSH")
67 dev
[0].connect("fils", key_mgmt
="FILS-SHA256",
68 eap
="PSK", identity
="psk.user@example.com",
69 password_hex
="0123456789abcdef0123456789abcdef",
70 erp
="1", scan_freq
="2412")
71 hwsim_utils
.test_connectivity(dev
[0], hapd
)
73 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
75 raise Exception("GTK rekey timed out")
76 hwsim_utils
.test_connectivity(dev
[0], hapd
)
78 conf
= hapd
.get_config()
79 if conf
['key_mgmt'] != 'FILS-SHA256':
80 raise Exception("Unexpected config key_mgmt: " + conf
['key_mgmt'])
82 def test_fils_sk_sha384_full_auth(dev
, apdev
, params
):
83 """FILS SK full authentication (SHA384)"""
84 check_fils_capa(dev
[0])
85 check_erp_capa(dev
[0])
87 start_erp_as(apdev
[1], msk_dump
=os
.path
.join(params
['logdir'], "msk.lst"))
89 bssid
= apdev
[0]['bssid']
90 params
= hostapd
.wpa2_eap_params(ssid
="fils")
91 params
['wpa_key_mgmt'] = "FILS-SHA384"
92 params
['auth_server_port'] = "18128"
93 params
['erp_send_reauth_start'] = '1'
94 params
['erp_domain'] = 'example.com'
95 params
['fils_realm'] = 'example.com'
96 params
['wpa_group_rekey'] = '1'
97 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
99 dev
[0].scan_for_bss(bssid
, freq
=2412)
100 bss
= dev
[0].get_bss(bssid
)
101 logger
.debug("BSS: " + str(bss
))
102 if "[FILS]" not in bss
['flags']:
103 raise Exception("[FILS] flag not indicated")
104 if "[WPA2-FILS-SHA384-CCMP]" not in bss
['flags']:
105 raise Exception("[WPA2-FILS-SHA384-CCMP] flag not indicated")
107 res
= dev
[0].request("SCAN_RESULTS")
108 logger
.debug("SCAN_RESULTS: " + res
)
109 if "[FILS]" not in res
:
110 raise Exception("[FILS] flag not indicated")
111 if "[WPA2-FILS-SHA384-CCMP]" not in res
:
112 raise Exception("[WPA2-FILS-SHA384-CCMP] flag not indicated")
114 dev
[0].request("ERP_FLUSH")
115 dev
[0].connect("fils", key_mgmt
="FILS-SHA384",
116 eap
="PSK", identity
="psk.user@example.com",
117 password_hex
="0123456789abcdef0123456789abcdef",
118 erp
="1", scan_freq
="2412")
119 hwsim_utils
.test_connectivity(dev
[0], hapd
)
121 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
123 raise Exception("GTK rekey timed out")
124 hwsim_utils
.test_connectivity(dev
[0], hapd
)
126 conf
= hapd
.get_config()
127 if conf
['key_mgmt'] != 'FILS-SHA384':
128 raise Exception("Unexpected config key_mgmt: " + conf
['key_mgmt'])
130 def test_fils_sk_pmksa_caching(dev
, apdev
, params
):
131 """FILS SK and PMKSA caching"""
132 check_fils_capa(dev
[0])
133 check_erp_capa(dev
[0])
135 start_erp_as(apdev
[1], msk_dump
=os
.path
.join(params
['logdir'], "msk.lst"))
137 bssid
= apdev
[0]['bssid']
138 params
= hostapd
.wpa2_eap_params(ssid
="fils")
139 params
['wpa_key_mgmt'] = "FILS-SHA256"
140 params
['auth_server_port'] = "18128"
141 params
['erp_domain'] = 'example.com'
142 params
['fils_realm'] = 'example.com'
143 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
145 dev
[0].scan_for_bss(bssid
, freq
=2412)
146 dev
[0].request("ERP_FLUSH")
147 id = dev
[0].connect("fils", key_mgmt
="FILS-SHA256",
148 eap
="PSK", identity
="psk.user@example.com",
149 password_hex
="0123456789abcdef0123456789abcdef",
150 erp
="1", scan_freq
="2412")
151 pmksa
= dev
[0].get_pmksa(bssid
)
153 raise Exception("No PMKSA cache entry created")
155 dev
[0].request("DISCONNECT")
156 dev
[0].wait_disconnected()
158 dev
[0].dump_monitor()
159 dev
[0].select_network(id, freq
=2412)
160 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED",
161 "CTRL-EVENT-CONNECTED"], timeout
=10)
163 raise Exception("Connection using PMKSA caching timed out")
164 if "CTRL-EVENT-EAP-STARTED" in ev
:
165 raise Exception("Unexpected EAP exchange")
166 hwsim_utils
.test_connectivity(dev
[0], hapd
)
167 pmksa2
= dev
[0].get_pmksa(bssid
)
169 raise Exception("No PMKSA cache entry found")
170 if pmksa
['pmkid'] != pmksa2
['pmkid']:
171 raise Exception("Unexpected PMKID change")
173 # Verify EAPOL reauthentication after FILS authentication
174 hapd
.request("EAPOL_REAUTH " + dev
[0].own_addr())
175 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout
=5)
177 raise Exception("EAP authentication did not start")
178 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout
=5)
180 raise Exception("EAP authentication did not succeed")
182 hwsim_utils
.test_connectivity(dev
[0], hapd
)
184 def test_fils_sk_pmksa_caching_ocv(dev
, apdev
, params
):
185 """FILS SK and PMKSA caching with OCV"""
186 check_fils_capa(dev
[0])
187 check_erp_capa(dev
[0])
189 start_erp_as(apdev
[1], msk_dump
=os
.path
.join(params
['logdir'], "msk.lst"))
191 bssid
= apdev
[0]['bssid']
192 params
= hostapd
.wpa2_eap_params(ssid
="fils")
193 params
['wpa_key_mgmt'] = "FILS-SHA256"
194 params
['auth_server_port'] = "18128"
195 params
['erp_domain'] = 'example.com'
196 params
['fils_realm'] = 'example.com'
197 params
['ieee80211w'] = '1'
200 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
201 except Exception as e
:
202 if "Failed to set hostapd parameter ocv" in str(e
):
203 raise HwsimSkip("OCV not supported")
206 dev
[0].scan_for_bss(bssid
, freq
=2412)
207 dev
[0].request("ERP_FLUSH")
208 id = dev
[0].connect("fils", key_mgmt
="FILS-SHA256",
209 eap
="PSK", identity
="psk.user@example.com",
210 password_hex
="0123456789abcdef0123456789abcdef",
211 erp
="1", scan_freq
="2412", ieee80211w
="1", ocv
="1")
212 pmksa
= dev
[0].get_pmksa(bssid
)
214 raise Exception("No PMKSA cache entry created")
216 dev
[0].request("DISCONNECT")
217 dev
[0].wait_disconnected()
219 dev
[0].dump_monitor()
220 dev
[0].select_network(id, freq
=2412)
221 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED",
222 "CTRL-EVENT-CONNECTED"], timeout
=10)
224 raise Exception("Connection using PMKSA caching timed out")
225 if "CTRL-EVENT-EAP-STARTED" in ev
:
226 raise Exception("Unexpected EAP exchange")
227 hwsim_utils
.test_connectivity(dev
[0], hapd
)
228 pmksa2
= dev
[0].get_pmksa(bssid
)
230 raise Exception("No PMKSA cache entry found")
231 if pmksa
['pmkid'] != pmksa2
['pmkid']:
232 raise Exception("Unexpected PMKID change")
234 # Verify EAPOL reauthentication after FILS authentication
235 hapd
.request("EAPOL_REAUTH " + dev
[0].own_addr())
236 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout
=5)
238 raise Exception("EAP authentication did not start")
239 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout
=5)
241 raise Exception("EAP authentication did not succeed")
243 hwsim_utils
.test_connectivity(dev
[0], hapd
)
245 def test_fils_sk_pmksa_caching_and_cache_id(dev
, apdev
):
246 """FILS SK and PMKSA caching with Cache Identifier"""
247 check_fils_capa(dev
[0])
248 check_erp_capa(dev
[0])
250 bssid
= apdev
[0]['bssid']
251 params
= hostapd
.wpa2_eap_params(ssid
="fils")
252 params
['wpa_key_mgmt'] = "FILS-SHA256"
253 params
['auth_server_port'] = "18128"
254 params
['erp_domain'] = 'example.com'
255 params
['fils_realm'] = 'example.com'
256 params
['fils_cache_id'] = "abcd"
257 params
["radius_server_clients"] = "auth_serv/radius_clients.conf"
258 params
["radius_server_auth_port"] = '18128'
259 params
["eap_server"] = "1"
260 params
["eap_user_file"] = "auth_serv/eap_user.conf"
261 params
["ca_cert"] = "auth_serv/ca.pem"
262 params
["server_cert"] = "auth_serv/server.pem"
263 params
["private_key"] = "auth_serv/server.key"
264 params
["eap_sim_db"] = "unix:/tmp/hlr_auc_gw.sock"
265 params
["dh_file"] = "auth_serv/dh.conf"
266 params
["pac_opaque_encr_key"] = "000102030405060708090a0b0c0d0e0f"
267 params
["eap_fast_a_id"] = "101112131415161718191a1b1c1d1e1f"
268 params
["eap_fast_a_id_info"] = "test server"
269 params
["eap_server_erp"] = "1"
270 params
["erp_domain"] = "example.com"
271 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
273 dev
[0].scan_for_bss(bssid
, freq
=2412)
274 dev
[0].request("ERP_FLUSH")
275 id = dev
[0].connect("fils", key_mgmt
="FILS-SHA256",
276 eap
="PSK", identity
="psk.user@example.com",
277 password_hex
="0123456789abcdef0123456789abcdef",
278 erp
="1", scan_freq
="2412")
279 res
= dev
[0].request("PMKSA")
280 if "FILS Cache Identifier" not in res
:
281 raise Exception("PMKSA list does not include FILS Cache Identifier")
282 pmksa
= dev
[0].get_pmksa(bssid
)
284 raise Exception("No PMKSA cache entry created")
285 if "cache_id" not in pmksa
:
286 raise Exception("No FILS Cache Identifier listed")
287 if pmksa
["cache_id"] != "abcd":
288 raise Exception("The configured FILS Cache Identifier not seen in PMKSA")
290 bssid2
= apdev
[1]['bssid']
291 params
= hostapd
.wpa2_eap_params(ssid
="fils")
292 params
['wpa_key_mgmt'] = "FILS-SHA256"
293 params
['auth_server_port'] = "18128"
294 params
['erp_domain'] = 'example.com'
295 params
['fils_realm'] = 'example.com'
296 params
['fils_cache_id'] = "abcd"
297 hapd2
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
299 dev
[0].scan_for_bss(bssid2
, freq
=2412)
301 dev
[0].dump_monitor()
302 if "OK" not in dev
[0].request("ROAM " + bssid2
):
303 raise Exception("ROAM failed")
305 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED",
306 "CTRL-EVENT-CONNECTED"], timeout
=10)
308 raise Exception("Connection using PMKSA caching timed out")
309 if "CTRL-EVENT-EAP-STARTED" in ev
:
310 raise Exception("Unexpected EAP exchange")
312 raise Exception("Failed to connect to the second AP")
314 hwsim_utils
.test_connectivity(dev
[0], hapd2
)
315 pmksa2
= dev
[0].get_pmksa(bssid2
)
317 raise Exception("Unexpected extra PMKSA cache added")
318 pmksa2
= dev
[0].get_pmksa(bssid
)
320 raise Exception("Original PMKSA cache entry removed")
321 if pmksa
['pmkid'] != pmksa2
['pmkid']:
322 raise Exception("Unexpected PMKID change")
324 def test_fils_sk_pmksa_caching_ctrl_ext(dev
, apdev
, params
):
325 """FILS SK and PMKSA caching with Cache Identifier and external management"""
326 check_fils_capa(dev
[0])
327 check_erp_capa(dev
[0])
329 hapd_as
= start_erp_as(apdev
[1],
330 msk_dump
=os
.path
.join(params
['logdir'], "msk.lst"))
332 bssid
= apdev
[0]['bssid']
333 params
= hostapd
.wpa2_eap_params(ssid
="fils")
334 params
['wpa_key_mgmt'] = "FILS-SHA384"
335 params
['auth_server_port'] = "18128"
336 params
['erp_send_reauth_start'] = '1'
337 params
['erp_domain'] = 'example.com'
338 params
['fils_realm'] = 'example.com'
339 params
['fils_cache_id'] = "ffee"
340 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
342 dev
[0].scan_for_bss(bssid
, freq
=2412)
343 dev
[0].request("ERP_FLUSH")
344 id = dev
[0].connect("fils", key_mgmt
="FILS-SHA384",
345 eap
="PSK", identity
="psk.user@example.com",
346 password_hex
="0123456789abcdef0123456789abcdef",
347 erp
="1", scan_freq
="2412")
349 res1
= dev
[0].request("PMKSA_GET %d" % id)
350 logger
.info("PMKSA_GET: " + res1
)
351 if "UNKNOWN COMMAND" in res1
:
352 raise HwsimSkip("PMKSA_GET not supported in the build")
353 if bssid
not in res1
:
354 raise Exception("PMKSA cache entry missing")
355 if "ffee" not in res1
:
356 raise Exception("FILS Cache Identifier not seen in PMKSA cache entry")
358 dev
[0].request("DISCONNECT")
359 dev
[0].wait_disconnected()
362 dev
[0].scan_for_bss(bssid
, freq
=2412)
363 dev
[0].request("PMKSA_FLUSH")
364 dev
[0].request("ERP_FLUSH")
365 for entry
in res1
.splitlines():
366 if "OK" not in dev
[0].request("PMKSA_ADD %d %s" % (id, entry
)):
367 raise Exception("Failed to add PMKSA entry")
369 bssid2
= apdev
[1]['bssid']
370 params
= hostapd
.wpa2_eap_params(ssid
="fils")
371 params
['wpa_key_mgmt'] = "FILS-SHA384"
372 params
['auth_server_port'] = "18128"
373 params
['erp_send_reauth_start'] = '1'
374 params
['erp_domain'] = 'example.com'
375 params
['fils_realm'] = 'example.com'
376 params
['fils_cache_id'] = "ffee"
377 hapd2
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
379 dev
[0].scan_for_bss(bssid2
, freq
=2412)
380 dev
[0].set_network(id, "bssid", bssid2
)
381 dev
[0].select_network(id, freq
=2412)
382 ev
= dev
[0].wait_connected()
384 raise Exception("Unexpected BSS selected")
386 def test_fils_sk_erp(dev
, apdev
, params
):
387 """FILS SK using ERP"""
388 run_fils_sk_erp(dev
, apdev
, "FILS-SHA256", params
)
390 def test_fils_sk_erp_sha384(dev
, apdev
, params
):
391 """FILS SK using ERP and SHA384"""
392 run_fils_sk_erp(dev
, apdev
, "FILS-SHA384", params
)
394 def run_fils_sk_erp(dev
, apdev
, key_mgmt
, params
):
395 check_fils_capa(dev
[0])
396 check_erp_capa(dev
[0])
398 start_erp_as(apdev
[1],
399 msk_dump
=os
.path
.join(params
['logdir'], "msk.lst"))
401 bssid
= apdev
[0]['bssid']
402 params
= hostapd
.wpa2_eap_params(ssid
="fils")
403 params
['wpa_key_mgmt'] = key_mgmt
404 params
['auth_server_port'] = "18128"
405 params
['erp_domain'] = 'example.com'
406 params
['fils_realm'] = 'example.com'
407 params
['disable_pmksa_caching'] = '1'
408 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
410 dev
[0].scan_for_bss(bssid
, freq
=2412)
411 dev
[0].request("ERP_FLUSH")
412 id = dev
[0].connect("fils", key_mgmt
=key_mgmt
,
413 eap
="PSK", identity
="psk.user@example.com",
414 password_hex
="0123456789abcdef0123456789abcdef",
415 erp
="1", scan_freq
="2412")
417 dev
[0].request("DISCONNECT")
418 dev
[0].wait_disconnected()
420 dev
[0].dump_monitor()
421 dev
[0].select_network(id, freq
=2412)
422 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED",
423 "EVENT-ASSOC-REJECT",
424 "CTRL-EVENT-CONNECTED"], timeout
=10)
426 raise Exception("Connection using FILS/ERP timed out")
427 if "CTRL-EVENT-EAP-STARTED" in ev
:
428 raise Exception("Unexpected EAP exchange")
429 if "EVENT-ASSOC-REJECT" in ev
:
430 raise Exception("Association failed")
431 hwsim_utils
.test_connectivity(dev
[0], hapd
)
433 def test_fils_sk_erp_followed_by_pmksa_caching(dev
, apdev
, params
):
434 """FILS SK ERP following by PMKSA caching"""
435 check_fils_capa(dev
[0])
436 check_erp_capa(dev
[0])
438 start_erp_as(apdev
[1], msk_dump
=os
.path
.join(params
['logdir'], "msk.lst"))
440 bssid
= apdev
[0]['bssid']
441 params
= hostapd
.wpa2_eap_params(ssid
="fils")
442 params
['wpa_key_mgmt'] = "FILS-SHA256"
443 params
['auth_server_port'] = "18128"
444 params
['erp_domain'] = 'example.com'
445 params
['fils_realm'] = 'example.com'
446 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
448 dev
[0].scan_for_bss(bssid
, freq
=2412)
449 dev
[0].request("ERP_FLUSH")
450 id = dev
[0].connect("fils", key_mgmt
="FILS-SHA256",
451 eap
="PSK", identity
="psk.user@example.com",
452 password_hex
="0123456789abcdef0123456789abcdef",
453 erp
="1", scan_freq
="2412")
455 dev
[0].request("DISCONNECT")
456 dev
[0].wait_disconnected()
458 # Force the second connection to use ERP by deleting the PMKSA entry.
459 dev
[0].request("PMKSA_FLUSH")
461 dev
[0].dump_monitor()
462 dev
[0].select_network(id, freq
=2412)
463 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED",
464 "EVENT-ASSOC-REJECT",
465 "CTRL-EVENT-CONNECTED"], timeout
=10)
467 raise Exception("Connection using FILS/ERP timed out")
468 if "CTRL-EVENT-EAP-STARTED" in ev
:
469 raise Exception("Unexpected EAP exchange")
470 if "EVENT-ASSOC-REJECT" in ev
:
471 raise Exception("Association failed")
472 hwsim_utils
.test_connectivity(dev
[0], hapd
)
474 pmksa
= dev
[0].get_pmksa(bssid
)
476 raise Exception("No PMKSA cache entry created")
478 dev
[0].request("DISCONNECT")
479 dev
[0].wait_disconnected()
481 # The third connection is expected to use PMKSA caching for FILS
483 dev
[0].dump_monitor()
484 dev
[0].select_network(id, freq
=2412)
485 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED",
486 "EVENT-ASSOC-REJECT",
487 "CTRL-EVENT-CONNECTED"], timeout
=10)
489 raise Exception("Connection using PMKSA caching timed out")
490 if "CTRL-EVENT-EAP-STARTED" in ev
:
491 raise Exception("Unexpected EAP exchange")
492 if "EVENT-ASSOC-REJECT" in ev
:
493 raise Exception("Association failed")
494 hwsim_utils
.test_connectivity(dev
[0], hapd
)
496 pmksa2
= dev
[0].get_pmksa(bssid
)
498 raise Exception("No PMKSA cache entry found")
499 if pmksa
['pmkid'] != pmksa2
['pmkid']:
500 raise Exception("Unexpected PMKID change")
502 def test_fils_sk_erp_another_ssid(dev
, apdev
, params
):
503 """FILS SK using ERP and roam to another SSID"""
504 check_fils_capa(dev
[0])
505 check_erp_capa(dev
[0])
507 start_erp_as(apdev
[1], msk_dump
=os
.path
.join(params
['logdir'], "msk.lst"))
509 bssid
= apdev
[0]['bssid']
510 params
= hostapd
.wpa2_eap_params(ssid
="fils")
511 params
['wpa_key_mgmt'] = "FILS-SHA256"
512 params
['auth_server_port'] = "18128"
513 params
['erp_domain'] = 'example.com'
514 params
['fils_realm'] = 'example.com'
515 params
['disable_pmksa_caching'] = '1'
516 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
518 dev
[0].scan_for_bss(bssid
, freq
=2412)
519 dev
[0].request("ERP_FLUSH")
520 id = dev
[0].connect("fils", key_mgmt
="FILS-SHA256",
521 eap
="PSK", identity
="psk.user@example.com",
522 password_hex
="0123456789abcdef0123456789abcdef",
523 erp
="1", scan_freq
="2412")
525 dev
[0].request("DISCONNECT")
526 dev
[0].wait_disconnected()
528 dev
[0].flush_scan_cache()
529 if "FAIL" in dev
[0].request("PMKSA_FLUSH"):
530 raise Exception("PMKSA_FLUSH failed")
532 params
= hostapd
.wpa2_eap_params(ssid
="fils2")
533 params
['wpa_key_mgmt'] = "FILS-SHA256"
534 params
['auth_server_port'] = "18128"
535 params
['erp_domain'] = 'example.com'
536 params
['fils_realm'] = 'example.com'
537 params
['disable_pmksa_caching'] = '1'
538 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
540 dev
[0].scan_for_bss(bssid
, freq
=2412)
541 dev
[0].dump_monitor()
542 id = dev
[0].connect("fils2", key_mgmt
="FILS-SHA256",
543 eap
="PSK", identity
="psk.user@example.com",
544 password_hex
="0123456789abcdef0123456789abcdef",
545 erp
="1", scan_freq
="2412", wait_connect
=False)
547 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED",
548 "EVENT-ASSOC-REJECT",
549 "CTRL-EVENT-CONNECTED"], timeout
=10)
551 raise Exception("Connection using FILS/ERP timed out")
552 if "CTRL-EVENT-EAP-STARTED" in ev
:
553 raise Exception("Unexpected EAP exchange")
554 if "EVENT-ASSOC-REJECT" in ev
:
555 raise Exception("Association failed")
556 hwsim_utils
.test_connectivity(dev
[0], hapd
)
558 def test_fils_sk_multiple_realms(dev
, apdev
, params
):
559 """FILS SK and multiple realms"""
560 check_fils_capa(dev
[0])
561 check_erp_capa(dev
[0])
563 start_erp_as(apdev
[1], msk_dump
=os
.path
.join(params
['logdir'], "msk.lst"))
565 bssid
= apdev
[0]['bssid']
566 params
= hostapd
.wpa2_eap_params(ssid
="fils")
567 params
['wpa_key_mgmt'] = "FILS-SHA256"
568 params
['auth_server_port'] = "18128"
569 params
['erp_domain'] = 'example.com'
570 fils_realms
= [ 'r1.example.org', 'r2.EXAMPLE.org', 'r3.example.org',
571 'r4.example.org', 'r5.example.org', 'r6.example.org',
572 'r7.example.org', 'r8.example.org',
574 'r9.example.org', 'r10.example.org', 'r11.example.org',
575 'r12.example.org', 'r13.example.org', 'r14.example.org',
576 'r15.example.org', 'r16.example.org' ]
577 params
['fils_realm'] = fils_realms
578 params
['fils_cache_id'] = "1234"
579 params
['hessid'] = bssid
580 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
582 dev
[0].scan_for_bss(bssid
, freq
=2412)
584 if "OK" not in dev
[0].request("ANQP_GET " + bssid
+ " 275"):
585 raise Exception("ANQP_GET command failed")
586 ev
= dev
[0].wait_event(["GAS-QUERY-DONE"], timeout
=10)
588 raise Exception("GAS query timed out")
589 bss
= dev
[0].get_bss(bssid
)
591 if 'fils_info' not in bss
:
592 raise Exception("FILS Indication element information missing")
593 if bss
['fils_info'] != '02b8':
594 raise Exception("Unexpected FILS Information: " + bss
['fils_info'])
596 if 'fils_cache_id' not in bss
:
597 raise Exception("FILS Cache Identifier missing")
598 if bss
['fils_cache_id'] != '1234':
599 raise Exception("Unexpected FILS Cache Identifier: " + bss
['fils_cache_id'])
601 if 'fils_realms' not in bss
:
602 raise Exception("FILS Realm Identifiers missing")
605 for realm
in fils_realms
:
606 hash = hashlib
.sha256(realm
.lower()).digest()
607 expected
+= binascii
.hexlify(hash[0:2])
611 if bss
['fils_realms'] != expected
:
612 raise Exception("Unexpected FILS Realm Identifiers: " + bss
['fils_realms'])
614 if 'anqp_fils_realm_info' not in bss
:
615 raise Exception("FILS Realm Information ANQP-element not seen")
616 info
= bss
['anqp_fils_realm_info'];
618 for realm
in fils_realms
:
619 hash = hashlib
.sha256(realm
.lower()).digest()
620 expected
+= binascii
.hexlify(hash[0:2])
622 raise Exception("Unexpected FILS Realm Info ANQP-element: " + info
)
624 dev
[0].request("ERP_FLUSH")
625 id = dev
[0].connect("fils", key_mgmt
="FILS-SHA256",
626 eap
="PSK", identity
="psk.user@example.com",
627 password_hex
="0123456789abcdef0123456789abcdef",
628 erp
="1", scan_freq
="2412")
630 dev
[0].request("DISCONNECT")
631 dev
[0].wait_disconnected()
633 dev
[0].dump_monitor()
634 dev
[0].select_network(id, freq
=2412)
635 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED",
636 "EVENT-ASSOC-REJECT",
637 "CTRL-EVENT-CONNECTED"], timeout
=10)
639 raise Exception("Connection using FILS/ERP timed out")
640 if "CTRL-EVENT-EAP-STARTED" in ev
:
641 raise Exception("Unexpected EAP exchange")
642 if "EVENT-ASSOC-REJECT" in ev
:
643 raise Exception("Association failed")
644 hwsim_utils
.test_connectivity(dev
[0], hapd
)
646 # DHCP message op codes
651 OPT_DHCP_MESSAGE_TYPE
=53
664 def build_dhcp(req
, dhcp_msg
, chaddr
, giaddr
="0.0.0.0",
665 ip_src
="0.0.0.0", ip_dst
="255.255.255.255",
666 rapid_commit
=True, override_op
=None, magic_override
=None,
667 opt_end
=True, extra_op
=None):
668 proto
= '\x08\x00' # IPv4
669 _ip_src
= socket
.inet_pton(socket
.AF_INET
, ip_src
)
670 _ip_dst
= socket
.inet_pton(socket
.AF_INET
, ip_dst
)
672 _ciaddr
= '\x00\x00\x00\x00'
673 _yiaddr
= '\x00\x00\x00\x00'
674 _siaddr
= '\x00\x00\x00\x00'
675 _giaddr
= socket
.inet_pton(socket
.AF_INET
, giaddr
)
676 _chaddr
= binascii
.unhexlify(chaddr
.replace(':','')) + 10*'\x00'
677 htype
= 1 # Hardware address type; 1 = Ethernet
678 hlen
= 6 # Hardware address length
691 if override_op
is not None:
693 payload
= struct
.pack('>BBBBLHH', op
, htype
, hlen
, hops
, xid
, secs
, flags
)
696 payload
+= _ciaddr
+ _yiaddr
+ _siaddr
+ _giaddr
+ _chaddr
+ sname
+ file
698 if magic_override
is not None:
699 payload
+= magic_override
701 payload
+= '\x63\x82\x53\x63'
702 # Option: DHCP Message Type
703 if dhcp_msg
is not None:
704 payload
+= struct
.pack('BBB', OPT_DHCP_MESSAGE_TYPE
, 1, dhcp_msg
)
706 # Option: Rapid Commit
707 payload
+= struct
.pack('BB', OPT_RAPID_COMMIT
, 0)
712 payload
+= struct
.pack('B', OPT_END
)
714 udp
= struct
.pack('>HHHH', src_port
, dst_port
,
715 8 + len(payload
), 0) + payload
717 tot_len
= 20 + len(udp
)
718 start
= struct
.pack('>BBHHBBBB', 0x45, 0, tot_len
, 0, 0, 0, 128, 17)
719 ipv4
= start
+ '\x00\x00' + _ip_src
+ _ip_dst
720 csum
= ip_checksum(ipv4
)
721 ipv4
= start
+ csum
+ _ip_src
+ _ip_dst
723 return proto
+ ipv4
+ udp
725 def fils_hlp_config(fils_hlp_wait_time
=10000):
726 params
= hostapd
.wpa2_eap_params(ssid
="fils")
727 params
['wpa_key_mgmt'] = "FILS-SHA256"
728 params
['auth_server_port'] = "18128"
729 params
['erp_domain'] = 'example.com'
730 params
['fils_realm'] = 'example.com'
731 params
['disable_pmksa_caching'] = '1'
732 params
['own_ip_addr'] = '127.0.0.3'
733 params
['dhcp_server'] = '127.0.0.2'
734 params
['fils_hlp_wait_time'] = str(fils_hlp_wait_time
)
737 def test_fils_sk_hlp(dev
, apdev
, params
):
738 """FILS SK HLP (rapid commit server)"""
739 run_fils_sk_hlp(dev
, apdev
, True, params
)
741 def test_fils_sk_hlp_no_rapid_commit(dev
, apdev
, params
):
742 """FILS SK HLP (no rapid commit server)"""
743 run_fils_sk_hlp(dev
, apdev
, False, params
)
745 def run_fils_sk_hlp(dev
, apdev
, rapid_commit_server
, params
):
746 check_fils_capa(dev
[0])
747 check_erp_capa(dev
[0])
749 start_erp_as(apdev
[1], msk_dump
=os
.path
.join(params
['logdir'], "msk.lst"))
751 sock
= socket
.socket(socket
.AF_INET
, socket
.SOCK_DGRAM
, socket
.IPPROTO_UDP
)
752 sock
.setsockopt(socket
.SOL_SOCKET
, socket
.SO_REUSEADDR
, 1)
754 sock
.bind(("127.0.0.2", 67))
756 bssid
= apdev
[0]['bssid']
757 params
= fils_hlp_config()
758 params
['fils_hlp_wait_time'] = '10000'
759 if not rapid_commit_server
:
760 params
['dhcp_rapid_commit_proxy'] = '1'
761 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
763 dev
[0].scan_for_bss(bssid
, freq
=2412)
764 dev
[0].request("ERP_FLUSH")
765 if "OK" not in dev
[0].request("FILS_HLP_REQ_FLUSH"):
766 raise Exception("Failed to flush pending FILS HLP requests")
770 "ff:ff:ff:ff:ff:ff q" ]
772 if "FAIL" not in dev
[0].request("FILS_HLP_REQ_ADD " + t
):
773 raise Exception("Invalid FILS_HLP_REQ_ADD accepted: " + t
)
774 dhcpdisc
= build_dhcp(req
=True, dhcp_msg
=DHCPDISCOVER
,
775 chaddr
=dev
[0].own_addr())
776 tests
= [ "ff:ff:ff:ff:ff:ff aabb",
777 "ff:ff:ff:ff:ff:ff " + 255*'cc',
778 hapd
.own_addr() + " ddee010203040506070809",
779 "ff:ff:ff:ff:ff:ff " + binascii
.hexlify(dhcpdisc
) ]
781 if "OK" not in dev
[0].request("FILS_HLP_REQ_ADD " + t
):
782 raise Exception("FILS_HLP_REQ_ADD failed: " + t
)
783 id = dev
[0].connect("fils", key_mgmt
="FILS-SHA256",
784 eap
="PSK", identity
="psk.user@example.com",
785 password_hex
="0123456789abcdef0123456789abcdef",
786 erp
="1", scan_freq
="2412")
788 dev
[0].request("DISCONNECT")
789 dev
[0].wait_disconnected()
791 dev
[0].dump_monitor()
792 dev
[0].select_network(id, freq
=2412)
794 (msg
,addr
) = sock
.recvfrom(1000)
795 logger
.debug("Received DHCP message from %s" % str(addr
))
796 if rapid_commit_server
:
797 # TODO: Proper rapid commit response
798 dhcpdisc
= build_dhcp(req
=False, dhcp_msg
=DHCPACK
,
799 chaddr
=dev
[0].own_addr(), giaddr
="127.0.0.3")
800 sock
.sendto(dhcpdisc
[2+20+8:], addr
)
802 dhcpdisc
= build_dhcp(req
=False, dhcp_msg
=DHCPOFFER
, rapid_commit
=False,
803 chaddr
=dev
[0].own_addr(), giaddr
="127.0.0.3")
804 sock
.sendto(dhcpdisc
[2+20+8:], addr
)
805 (msg
,addr
) = sock
.recvfrom(1000)
806 logger
.debug("Received DHCP message from %s" % str(addr
))
807 dhcpdisc
= build_dhcp(req
=False, dhcp_msg
=DHCPACK
, rapid_commit
=False,
808 chaddr
=dev
[0].own_addr(), giaddr
="127.0.0.3")
809 sock
.sendto(dhcpdisc
[2+20+8:], addr
)
810 ev
= dev
[0].wait_event(["FILS-HLP-RX"], timeout
=10)
812 raise Exception("FILS HLP response not reported")
814 frame
= binascii
.unhexlify(vals
[3].split('=')[1])
815 proto
, = struct
.unpack('>H', frame
[0:2])
817 raise Exception("Unexpected ethertype in HLP response: %d" % proto
)
820 if ip_checksum(ip
) != '\x00\x00':
821 raise Exception("IP header checksum mismatch in HLP response")
825 sport
, dport
, ulen
, ucheck
= struct
.unpack('>HHHH', udp
)
826 if sport
!= 67 or dport
!= 68:
827 raise Exception("Unexpected UDP port in HLP response")
830 op
,htype
,hlen
,hops
,xid
,secs
,flags
,ciaddr
,yiaddr
,siaddr
,giaddr
= struct
.unpack('>4BL2H4L', dhcp
)
838 if options
[0:4] != '\x63\x82\x53\x63':
839 raise Exception("No DHCP magic seen in HLP response")
840 options
= options
[4:]
841 # TODO: fully parse and validate DHCPACK options
842 if struct
.pack('BBB', OPT_DHCP_MESSAGE_TYPE
, 1, DHCPACK
) not in options
:
843 raise Exception("DHCPACK not in HLP response")
845 dev
[0].wait_connected()
847 dev
[0].request("FILS_HLP_REQ_FLUSH")
849 def test_fils_sk_hlp_timeout(dev
, apdev
, params
):
850 """FILS SK HLP (rapid commit server timeout)"""
851 check_fils_capa(dev
[0])
852 check_erp_capa(dev
[0])
854 start_erp_as(apdev
[1], msk_dump
=os
.path
.join(params
['logdir'], "msk.lst"))
856 sock
= socket
.socket(socket
.AF_INET
, socket
.SOCK_DGRAM
, socket
.IPPROTO_UDP
)
857 sock
.setsockopt(socket
.SOL_SOCKET
, socket
.SO_REUSEADDR
, 1)
859 sock
.bind(("127.0.0.2", 67))
861 bssid
= apdev
[0]['bssid']
862 params
= fils_hlp_config(fils_hlp_wait_time
=30)
863 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
865 dev
[0].scan_for_bss(bssid
, freq
=2412)
866 dev
[0].request("ERP_FLUSH")
867 if "OK" not in dev
[0].request("FILS_HLP_REQ_FLUSH"):
868 raise Exception("Failed to flush pending FILS HLP requests")
869 dhcpdisc
= build_dhcp(req
=True, dhcp_msg
=DHCPDISCOVER
,
870 chaddr
=dev
[0].own_addr())
871 if "OK" not in dev
[0].request("FILS_HLP_REQ_ADD " + "ff:ff:ff:ff:ff:ff " + binascii
.hexlify(dhcpdisc
)):
872 raise Exception("FILS_HLP_REQ_ADD failed")
873 id = dev
[0].connect("fils", key_mgmt
="FILS-SHA256",
874 eap
="PSK", identity
="psk.user@example.com",
875 password_hex
="0123456789abcdef0123456789abcdef",
876 erp
="1", scan_freq
="2412")
878 dev
[0].request("DISCONNECT")
879 dev
[0].wait_disconnected()
881 dev
[0].dump_monitor()
882 dev
[0].select_network(id, freq
=2412)
884 (msg
,addr
) = sock
.recvfrom(1000)
885 logger
.debug("Received DHCP message from %s" % str(addr
))
886 # Wait for HLP wait timeout to hit
887 # FILS: HLP response timeout - continue with association response
888 dev
[0].wait_connected()
890 dev
[0].request("FILS_HLP_REQ_FLUSH")
892 def test_fils_sk_hlp_oom(dev
, apdev
, params
):
893 """FILS SK HLP and hostapd OOM"""
894 check_fils_capa(dev
[0])
895 check_erp_capa(dev
[0])
897 start_erp_as(apdev
[1], msk_dump
=os
.path
.join(params
['logdir'], "msk.lst"))
899 sock
= socket
.socket(socket
.AF_INET
, socket
.SOCK_DGRAM
, socket
.IPPROTO_UDP
)
900 sock
.setsockopt(socket
.SOL_SOCKET
, socket
.SO_REUSEADDR
, 1)
902 sock
.bind(("127.0.0.2", 67))
904 bssid
= apdev
[0]['bssid']
905 params
= fils_hlp_config(fils_hlp_wait_time
=500)
906 params
['dhcp_rapid_commit_proxy'] = '1'
907 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
909 dev
[0].scan_for_bss(bssid
, freq
=2412)
910 dev
[0].request("ERP_FLUSH")
911 if "OK" not in dev
[0].request("FILS_HLP_REQ_FLUSH"):
912 raise Exception("Failed to flush pending FILS HLP requests")
913 dhcpdisc
= build_dhcp(req
=True, dhcp_msg
=DHCPDISCOVER
,
914 chaddr
=dev
[0].own_addr())
915 if "OK" not in dev
[0].request("FILS_HLP_REQ_ADD " + "ff:ff:ff:ff:ff:ff " + binascii
.hexlify(dhcpdisc
)):
916 raise Exception("FILS_HLP_REQ_ADD failed")
917 id = dev
[0].connect("fils", key_mgmt
="FILS-SHA256",
918 eap
="PSK", identity
="psk.user@example.com",
919 password_hex
="0123456789abcdef0123456789abcdef",
920 erp
="1", scan_freq
="2412")
922 dev
[0].request("DISCONNECT")
923 dev
[0].wait_disconnected()
925 dev
[0].dump_monitor()
926 with
alloc_fail(hapd
, 1, "fils_process_hlp"):
927 dev
[0].select_network(id, freq
=2412)
928 dev
[0].wait_connected()
929 dev
[0].request("DISCONNECT")
930 dev
[0].wait_disconnected()
932 dev
[0].dump_monitor()
933 with
alloc_fail(hapd
, 1, "fils_process_hlp_dhcp"):
934 dev
[0].select_network(id, freq
=2412)
935 dev
[0].wait_connected()
936 dev
[0].request("DISCONNECT")
937 dev
[0].wait_disconnected()
939 dev
[0].dump_monitor()
940 with
alloc_fail(hapd
, 1, "wpabuf_alloc;fils_process_hlp_dhcp"):
941 dev
[0].select_network(id, freq
=2412)
942 dev
[0].wait_connected()
943 dev
[0].request("DISCONNECT")
944 dev
[0].wait_disconnected()
946 dev
[0].dump_monitor()
947 with
alloc_fail(hapd
, 1, "wpabuf_alloc;fils_dhcp_handler"):
948 dev
[0].select_network(id, freq
=2412)
949 (msg
,addr
) = sock
.recvfrom(1000)
950 logger
.debug("Received DHCP message from %s" % str(addr
))
951 dhcpdisc
= build_dhcp(req
=False, dhcp_msg
=DHCPACK
,
952 chaddr
=dev
[0].own_addr(), giaddr
="127.0.0.3")
953 sock
.sendto(dhcpdisc
[2+20+8:], addr
)
954 dev
[0].wait_connected()
955 dev
[0].request("DISCONNECT")
956 dev
[0].wait_disconnected()
958 dev
[0].dump_monitor()
959 with
alloc_fail(hapd
, 1, "wpabuf_resize;fils_dhcp_handler"):
960 dev
[0].select_network(id, freq
=2412)
961 (msg
,addr
) = sock
.recvfrom(1000)
962 logger
.debug("Received DHCP message from %s" % str(addr
))
963 dhcpdisc
= build_dhcp(req
=False, dhcp_msg
=DHCPACK
,
964 chaddr
=dev
[0].own_addr(), giaddr
="127.0.0.3")
965 sock
.sendto(dhcpdisc
[2+20+8:], addr
)
966 dev
[0].wait_connected()
967 dev
[0].request("DISCONNECT")
968 dev
[0].wait_disconnected()
970 dev
[0].dump_monitor()
971 dev
[0].select_network(id, freq
=2412)
972 (msg
,addr
) = sock
.recvfrom(1000)
973 logger
.debug("Received DHCP message from %s" % str(addr
))
974 dhcpoffer
= build_dhcp(req
=False, dhcp_msg
=DHCPOFFER
, rapid_commit
=False,
975 chaddr
=dev
[0].own_addr(), giaddr
="127.0.0.3")
976 with
alloc_fail(hapd
, 1, "wpabuf_resize;fils_dhcp_request"):
977 sock
.sendto(dhcpoffer
[2+20+8:], addr
)
978 dev
[0].wait_connected()
979 dev
[0].request("DISCONNECT")
980 dev
[0].wait_disconnected()
982 dev
[0].request("FILS_HLP_REQ_FLUSH")
984 def test_fils_sk_hlp_req_parsing(dev
, apdev
, params
):
985 """FILS SK HLP request parsing"""
986 check_fils_capa(dev
[0])
987 check_erp_capa(dev
[0])
989 start_erp_as(apdev
[1], msk_dump
=os
.path
.join(params
['logdir'], "msk.lst"))
991 bssid
= apdev
[0]['bssid']
992 params
= fils_hlp_config(fils_hlp_wait_time
=30)
993 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
995 dev
[0].scan_for_bss(bssid
, freq
=2412)
996 dev
[0].request("ERP_FLUSH")
997 if "OK" not in dev
[0].request("FILS_HLP_REQ_FLUSH"):
998 raise Exception("Failed to flush pending FILS HLP requests")
1001 start
= struct
.pack('>BBHHBBBB', 0x45, 0, tot_len
, 0, 0, 0, 128, 17)
1002 _ip_src
= '\x00\x00\x00\x00'
1003 _ip_dst
= '\x00\x00\x00\x00'
1004 ipv4
= start
+ '\x00\x00' + _ip_src
+ _ip_dst
1005 csum
= ip_checksum(ipv4
)
1006 ipv4_overflow
= start
+ csum
+ _ip_src
+ _ip_dst
1009 start
= struct
.pack('>BBHHBBBB', 0x45, 0, tot_len
, 0, 0, 0, 128, 123)
1010 ipv4
= start
+ '\x00\x00' + _ip_src
+ _ip_dst
1011 csum
= ip_checksum(ipv4
)
1012 ipv4_unknown_proto
= start
+ csum
+ _ip_src
+ _ip_dst
1015 start
= struct
.pack('>BBHHBBBB', 0x45, 0, tot_len
, 0, 0, 0, 128, 17)
1016 ipv4
= start
+ '\x00\x00' + _ip_src
+ _ip_dst
1017 csum
= ip_checksum(ipv4
)
1018 ipv4_missing_udp_hdr
= start
+ csum
+ _ip_src
+ _ip_dst
1022 udp
= struct
.pack('>HHHH', src_port
, dst_port
, 8 + 1, 0)
1023 tot_len
= 20 + len(udp
)
1024 start
= struct
.pack('>BBHHBBBB', 0x45, 0, tot_len
, 0, 0, 0, 128, 17)
1025 ipv4
= start
+ '\x00\x00' + _ip_src
+ _ip_dst
1026 csum
= ip_checksum(ipv4
)
1027 udp_overflow
= start
+ csum
+ _ip_src
+ _ip_dst
+ udp
1029 udp
= struct
.pack('>HHHH', src_port
, dst_port
, 7, 0)
1030 tot_len
= 20 + len(udp
)
1031 start
= struct
.pack('>BBHHBBBB', 0x45, 0, tot_len
, 0, 0, 0, 128, 17)
1032 ipv4
= start
+ '\x00\x00' + _ip_src
+ _ip_dst
1033 csum
= ip_checksum(ipv4
)
1034 udp_underflow
= start
+ csum
+ _ip_src
+ _ip_dst
+ udp
1038 udp
= struct
.pack('>HHHH', src_port
, dst_port
, 8, 0)
1039 tot_len
= 20 + len(udp
)
1040 start
= struct
.pack('>BBHHBBBB', 0x45, 0, tot_len
, 0, 0, 0, 128, 17)
1041 ipv4
= start
+ '\x00\x00' + _ip_src
+ _ip_dst
1042 csum
= ip_checksum(ipv4
)
1043 udp_unknown_port
= start
+ csum
+ _ip_src
+ _ip_dst
+ udp
1047 udp
= struct
.pack('>HHHH', src_port
, dst_port
, 8, 0)
1048 tot_len
= 20 + len(udp
)
1049 start
= struct
.pack('>BBHHBBBB', 0x45, 0, tot_len
, 0, 0, 0, 128, 17)
1050 ipv4
= start
+ '\x00\x00' + _ip_src
+ _ip_dst
1051 csum
= ip_checksum(ipv4
)
1052 dhcp_missing_data
= start
+ csum
+ _ip_src
+ _ip_dst
+ udp
1054 dhcp_not_req
= build_dhcp(req
=True, dhcp_msg
=DHCPDISCOVER
,
1055 chaddr
=dev
[0].own_addr(), override_op
=BOOTREPLY
)
1056 dhcp_no_magic
= build_dhcp(req
=True, dhcp_msg
=None,
1057 chaddr
=dev
[0].own_addr(), magic_override
='',
1058 rapid_commit
=False, opt_end
=False)
1059 dhcp_unknown_magic
= build_dhcp(req
=True, dhcp_msg
=DHCPDISCOVER
,
1060 chaddr
=dev
[0].own_addr(),
1061 magic_override
='\x00\x00\x00\x00')
1062 dhcp_opts
= build_dhcp(req
=True, dhcp_msg
=DHCPNAK
,
1063 chaddr
=dev
[0].own_addr(),
1064 extra_op
='\x00\x11', opt_end
=False)
1065 dhcp_opts2
= build_dhcp(req
=True, dhcp_msg
=DHCPNAK
,
1066 chaddr
=dev
[0].own_addr(),
1067 extra_op
='\x11\x01', opt_end
=False)
1068 dhcp_valid
= build_dhcp(req
=True, dhcp_msg
=DHCPDISCOVER
,
1069 chaddr
=dev
[0].own_addr())
1074 "0800" + binascii
.hexlify(ipv4_overflow
),
1075 "0800" + binascii
.hexlify(ipv4_unknown_proto
),
1076 "0800" + binascii
.hexlify(ipv4_missing_udp_hdr
),
1077 "0800" + binascii
.hexlify(udp_overflow
),
1078 "0800" + binascii
.hexlify(udp_underflow
),
1079 "0800" + binascii
.hexlify(udp_unknown_port
),
1080 "0800" + binascii
.hexlify(dhcp_missing_data
),
1081 binascii
.hexlify(dhcp_not_req
),
1082 binascii
.hexlify(dhcp_no_magic
),
1083 binascii
.hexlify(dhcp_unknown_magic
) ]
1085 if "OK" not in dev
[0].request("FILS_HLP_REQ_ADD ff:ff:ff:ff:ff:ff " + t
):
1086 raise Exception("FILS_HLP_REQ_ADD failed: " + t
)
1087 id = dev
[0].connect("fils", key_mgmt
="FILS-SHA256",
1088 eap
="PSK", identity
="psk.user@example.com",
1089 password_hex
="0123456789abcdef0123456789abcdef",
1090 erp
="1", scan_freq
="2412")
1092 dev
[0].request("DISCONNECT")
1093 dev
[0].wait_disconnected()
1095 dev
[0].dump_monitor()
1096 dev
[0].select_network(id, freq
=2412)
1097 dev
[0].wait_connected()
1098 dev
[0].request("DISCONNECT")
1099 dev
[0].wait_disconnected()
1101 dev
[0].request("FILS_HLP_REQ_FLUSH")
1102 tests
= [ binascii
.hexlify(dhcp_opts
),
1103 binascii
.hexlify(dhcp_opts2
) ]
1105 if "OK" not in dev
[0].request("FILS_HLP_REQ_ADD ff:ff:ff:ff:ff:ff " + t
):
1106 raise Exception("FILS_HLP_REQ_ADD failed: " + t
)
1108 dev
[0].dump_monitor()
1109 dev
[0].select_network(id, freq
=2412)
1110 dev
[0].wait_connected()
1111 dev
[0].request("DISCONNECT")
1112 dev
[0].wait_disconnected()
1114 dev
[0].request("FILS_HLP_REQ_FLUSH")
1115 if "OK" not in dev
[0].request("FILS_HLP_REQ_ADD ff:ff:ff:ff:ff:ff " + binascii
.hexlify(dhcp_valid
)):
1116 raise Exception("FILS_HLP_REQ_ADD failed")
1117 hapd
.set("own_ip_addr", "0.0.0.0")
1118 dev
[0].select_network(id, freq
=2412)
1119 dev
[0].wait_connected()
1120 dev
[0].request("DISCONNECT")
1121 dev
[0].wait_disconnected()
1123 hapd
.set("dhcp_server", "0.0.0.0")
1124 dev
[0].select_network(id, freq
=2412)
1125 dev
[0].wait_connected()
1126 dev
[0].request("DISCONNECT")
1127 dev
[0].wait_disconnected()
1129 # FILS: Failed to bind DHCP socket: Address already in use
1130 sock
= socket
.socket(socket
.AF_INET
, socket
.SOCK_DGRAM
, socket
.IPPROTO_UDP
)
1131 sock
.setsockopt(socket
.SOL_SOCKET
, socket
.SO_REUSEADDR
, 1)
1133 sock
.bind(("127.0.0.2", 67))
1134 hapd
.set("own_ip_addr", "127.0.0.2")
1135 hapd
.set("dhcp_server", "127.0.0.2")
1136 dev
[0].select_network(id, freq
=2412)
1137 dev
[0].wait_connected()
1138 dev
[0].request("DISCONNECT")
1139 dev
[0].wait_disconnected()
1141 # FILS: DHCP sendto failed: Invalid argument
1142 hapd
.set("own_ip_addr", "127.0.0.3")
1143 hapd
.set("dhcp_server", "127.0.0.2")
1144 hapd
.set("dhcp_relay_port", "0")
1145 hapd
.set("dhcp_server_port", "0")
1146 dev
[0].select_network(id, freq
=2412)
1147 dev
[0].wait_connected()
1148 dev
[0].request("DISCONNECT")
1149 dev
[0].wait_disconnected()
1151 dev
[0].request("FILS_HLP_REQ_FLUSH")
1153 def test_fils_sk_hlp_dhcp_parsing(dev
, apdev
, params
):
1154 """FILS SK HLP and DHCP response parsing"""
1155 check_fils_capa(dev
[0])
1156 check_erp_capa(dev
[0])
1158 start_erp_as(apdev
[1], msk_dump
=os
.path
.join(params
['logdir'], "msk.lst"))
1160 sock
= socket
.socket(socket
.AF_INET
, socket
.SOCK_DGRAM
, socket
.IPPROTO_UDP
)
1161 sock
.setsockopt(socket
.SOL_SOCKET
, socket
.SO_REUSEADDR
, 1)
1163 sock
.bind(("127.0.0.2", 67))
1165 bssid
= apdev
[0]['bssid']
1166 params
= fils_hlp_config(fils_hlp_wait_time
=30)
1167 params
['dhcp_rapid_commit_proxy'] = '1'
1168 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
1170 dev
[0].scan_for_bss(bssid
, freq
=2412)
1171 dev
[0].request("ERP_FLUSH")
1172 if "OK" not in dev
[0].request("FILS_HLP_REQ_FLUSH"):
1173 raise Exception("Failed to flush pending FILS HLP requests")
1174 dhcpdisc
= build_dhcp(req
=True, dhcp_msg
=DHCPDISCOVER
,
1175 chaddr
=dev
[0].own_addr())
1176 if "OK" not in dev
[0].request("FILS_HLP_REQ_ADD " + "ff:ff:ff:ff:ff:ff " + binascii
.hexlify(dhcpdisc
)):
1177 raise Exception("FILS_HLP_REQ_ADD failed")
1178 id = dev
[0].connect("fils", key_mgmt
="FILS-SHA256",
1179 eap
="PSK", identity
="psk.user@example.com",
1180 password_hex
="0123456789abcdef0123456789abcdef",
1181 erp
="1", scan_freq
="2412")
1183 dev
[0].request("DISCONNECT")
1184 dev
[0].wait_disconnected()
1186 dev
[0].dump_monitor()
1187 with
alloc_fail(hapd
, 1, "fils_process_hlp"):
1188 dev
[0].select_network(id, freq
=2412)
1189 dev
[0].wait_connected()
1190 dev
[0].request("DISCONNECT")
1191 dev
[0].wait_disconnected()
1193 dev
[0].dump_monitor()
1194 dev
[0].select_network(id, freq
=2412)
1195 (msg
,addr
) = sock
.recvfrom(1000)
1196 logger
.debug("Received DHCP message from %s" % str(addr
))
1197 dhcpdisc
= build_dhcp(req
=False, dhcp_msg
=DHCPACK
,
1198 chaddr
=dev
[0].own_addr(), giaddr
="127.0.0.3")
1199 #sock.sendto(dhcpdisc[2+20+8:], addr)
1200 chaddr
= binascii
.unhexlify(dev
[0].own_addr().replace(':','')) + 10*'\x00'
1202 "\x02" + 500 * "\x00",
1203 "\x02\x00\x00\x00" + 20*"\x00" + "\x7f\x00\x00\x03" + 500 * "\x00",
1204 "\x02\x00\x00\x00" + 20*"\x00" + "\x7f\x00\x00\x03" + 16*"\x00" + 64*"\x00" + 128*"\x00" + "\x63\x82\x53\x63",
1205 "\x02\x00\x00\x00" + 20*"\x00" + "\x7f\x00\x00\x03" + 16*"\x00" + 64*"\x00" + 128*"\x00" + "\x63\x82\x53\x63" + "\x00\x11",
1206 "\x02\x00\x00\x00" + 20*"\x00" + "\x7f\x00\x00\x03" + 16*"\x00" + 64*"\x00" + 128*"\x00" + "\x63\x82\x53\x63" + "\x11\x01",
1207 "\x02\x00\x00\x00" + 20*"\x00" + "\x7f\x00\x00\x03" + chaddr
+ 64*"\x00" + 128*"\x00" + "\x63\x82\x53\x63" + "\x35\x00\xff",
1208 "\x02\x00\x00\x00" + 20*"\x00" + "\x7f\x00\x00\x03" + chaddr
+ 64*"\x00" + 128*"\x00" + "\x63\x82\x53\x63" + "\x35\x01\x00\xff",
1211 sock
.sendto(t
, addr
)
1212 dev
[0].wait_connected()
1213 dev
[0].request("DISCONNECT")
1214 dev
[0].wait_disconnected()
1216 # FILS: DHCP sendto failed: Invalid argument for second DHCP TX in proxy
1217 dev
[0].dump_monitor()
1218 dev
[0].select_network(id, freq
=2412)
1219 (msg
,addr
) = sock
.recvfrom(1000)
1220 logger
.debug("Received DHCP message from %s" % str(addr
))
1221 hapd
.set("dhcp_server_port", "0")
1222 dhcpoffer
= build_dhcp(req
=False, dhcp_msg
=DHCPOFFER
, rapid_commit
=False,
1223 chaddr
=dev
[0].own_addr(), giaddr
="127.0.0.3")
1224 sock
.sendto(dhcpoffer
[2+20+8:], addr
)
1225 dev
[0].wait_connected()
1226 dev
[0].request("DISCONNECT")
1227 dev
[0].wait_disconnected()
1228 hapd
.set("dhcp_server_port", "67")
1230 # Options in DHCPOFFER
1231 dev
[0].dump_monitor()
1232 dev
[0].select_network(id, freq
=2412)
1233 (msg
,addr
) = sock
.recvfrom(1000)
1234 logger
.debug("Received DHCP message from %s" % str(addr
))
1235 dhcpoffer
= build_dhcp(req
=False, dhcp_msg
=DHCPOFFER
, rapid_commit
=False,
1236 chaddr
=dev
[0].own_addr(), giaddr
="127.0.0.3",
1237 extra_op
="\x00\x11", opt_end
=False)
1238 sock
.sendto(dhcpoffer
[2+20+8:], addr
)
1239 (msg
,addr
) = sock
.recvfrom(1000)
1240 logger
.debug("Received DHCP message from %s" % str(addr
))
1241 dev
[0].wait_connected()
1242 dev
[0].request("DISCONNECT")
1243 dev
[0].wait_disconnected()
1245 # Options in DHCPOFFER (2)
1246 dev
[0].dump_monitor()
1247 dev
[0].select_network(id, freq
=2412)
1248 (msg
,addr
) = sock
.recvfrom(1000)
1249 logger
.debug("Received DHCP message from %s" % str(addr
))
1250 dhcpoffer
= build_dhcp(req
=False, dhcp_msg
=DHCPOFFER
, rapid_commit
=False,
1251 chaddr
=dev
[0].own_addr(), giaddr
="127.0.0.3",
1252 extra_op
="\x11\x01", opt_end
=False)
1253 sock
.sendto(dhcpoffer
[2+20+8:], addr
)
1254 (msg
,addr
) = sock
.recvfrom(1000)
1255 logger
.debug("Received DHCP message from %s" % str(addr
))
1256 dev
[0].wait_connected()
1257 dev
[0].request("DISCONNECT")
1258 dev
[0].wait_disconnected()
1260 # Server ID in DHCPOFFER
1261 dev
[0].dump_monitor()
1262 dev
[0].select_network(id, freq
=2412)
1263 (msg
,addr
) = sock
.recvfrom(1000)
1264 logger
.debug("Received DHCP message from %s" % str(addr
))
1265 dhcpoffer
= build_dhcp(req
=False, dhcp_msg
=DHCPOFFER
, rapid_commit
=False,
1266 chaddr
=dev
[0].own_addr(), giaddr
="127.0.0.3",
1267 extra_op
="\x36\x01\x30")
1268 sock
.sendto(dhcpoffer
[2+20+8:], addr
)
1269 (msg
,addr
) = sock
.recvfrom(1000)
1270 logger
.debug("Received DHCP message from %s" % str(addr
))
1271 dev
[0].wait_connected()
1272 dev
[0].request("DISCONNECT")
1273 dev
[0].wait_disconnected()
1275 # FILS: Could not update DHCPDISCOVER
1276 dev
[0].request("FILS_HLP_REQ_FLUSH")
1277 dhcpdisc
= build_dhcp(req
=True, dhcp_msg
=DHCPDISCOVER
,
1278 chaddr
=dev
[0].own_addr(),
1279 extra_op
="\x00\x11", opt_end
=False)
1280 if "OK" not in dev
[0].request("FILS_HLP_REQ_ADD " + "ff:ff:ff:ff:ff:ff " + binascii
.hexlify(dhcpdisc
)):
1281 raise Exception("FILS_HLP_REQ_ADD failed")
1282 dev
[0].dump_monitor()
1283 dev
[0].select_network(id, freq
=2412)
1284 (msg
,addr
) = sock
.recvfrom(1000)
1285 logger
.debug("Received DHCP message from %s" % str(addr
))
1286 dhcpoffer
= build_dhcp(req
=False, dhcp_msg
=DHCPOFFER
, rapid_commit
=False,
1287 chaddr
=dev
[0].own_addr(), giaddr
="127.0.0.3",
1288 extra_op
="\x36\x01\x30")
1289 sock
.sendto(dhcpoffer
[2+20+8:], addr
)
1290 dev
[0].wait_connected()
1291 dev
[0].request("DISCONNECT")
1292 dev
[0].wait_disconnected()
1294 # FILS: Could not update DHCPDISCOVER (2)
1295 dev
[0].request("FILS_HLP_REQ_FLUSH")
1296 dhcpdisc
= build_dhcp(req
=True, dhcp_msg
=DHCPDISCOVER
,
1297 chaddr
=dev
[0].own_addr(),
1298 extra_op
="\x11\x01", opt_end
=False)
1299 if "OK" not in dev
[0].request("FILS_HLP_REQ_ADD " + "ff:ff:ff:ff:ff:ff " + binascii
.hexlify(dhcpdisc
)):
1300 raise Exception("FILS_HLP_REQ_ADD failed")
1301 dev
[0].dump_monitor()
1302 dev
[0].select_network(id, freq
=2412)
1303 (msg
,addr
) = sock
.recvfrom(1000)
1304 logger
.debug("Received DHCP message from %s" % str(addr
))
1305 dhcpoffer
= build_dhcp(req
=False, dhcp_msg
=DHCPOFFER
, rapid_commit
=False,
1306 chaddr
=dev
[0].own_addr(), giaddr
="127.0.0.3",
1307 extra_op
="\x36\x01\x30")
1308 sock
.sendto(dhcpoffer
[2+20+8:], addr
)
1309 dev
[0].wait_connected()
1310 dev
[0].request("DISCONNECT")
1311 dev
[0].wait_disconnected()
1313 dev
[0].request("FILS_HLP_REQ_FLUSH")
1315 def test_fils_sk_erp_and_reauth(dev
, apdev
, params
):
1316 """FILS SK using ERP and AP going away"""
1317 check_fils_capa(dev
[0])
1318 check_erp_capa(dev
[0])
1320 start_erp_as(apdev
[1], msk_dump
=os
.path
.join(params
['logdir'], "msk.lst"))
1322 bssid
= apdev
[0]['bssid']
1323 params
= hostapd
.wpa2_eap_params(ssid
="fils")
1324 params
['wpa_key_mgmt'] = "FILS-SHA256"
1325 params
['auth_server_port'] = "18128"
1326 params
['erp_domain'] = 'example.com'
1327 params
['fils_realm'] = 'example.com'
1328 params
['disable_pmksa_caching'] = '1'
1329 params
['broadcast_deauth'] = '0'
1330 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
1332 dev
[0].scan_for_bss(bssid
, freq
=2412)
1333 dev
[0].request("ERP_FLUSH")
1334 id = dev
[0].connect("fils", key_mgmt
="FILS-SHA256",
1335 eap
="PSK", identity
="psk.user@example.com",
1336 password_hex
="0123456789abcdef0123456789abcdef",
1337 erp
="1", scan_freq
="2412")
1340 dev
[0].wait_disconnected()
1341 dev
[0].dump_monitor()
1344 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED",
1345 "EVENT-ASSOC-REJECT",
1346 "CTRL-EVENT-CONNECTED"], timeout
=10)
1348 raise Exception("Reconnection using FILS/ERP timed out")
1349 if "CTRL-EVENT-EAP-STARTED" in ev
:
1350 raise Exception("Unexpected EAP exchange")
1351 if "EVENT-ASSOC-REJECT" in ev
:
1352 raise Exception("Association failed")
1354 def test_fils_sk_erp_sim(dev
, apdev
, params
):
1355 """FILS SK using ERP with SIM"""
1356 check_fils_capa(dev
[0])
1357 check_erp_capa(dev
[0])
1359 realm
='wlan.mnc001.mcc232.3gppnetwork.org'
1360 start_erp_as(apdev
[1], erp_domain
=realm
,
1361 msk_dump
=os
.path
.join(params
['logdir'], "msk.lst"))
1363 bssid
= apdev
[0]['bssid']
1364 params
= hostapd
.wpa2_eap_params(ssid
="fils")
1365 params
['wpa_key_mgmt'] = "FILS-SHA256"
1366 params
['auth_server_port'] = "18128"
1367 params
['fils_realm'] = realm
1368 params
['disable_pmksa_caching'] = '1'
1369 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
1371 dev
[0].scan_for_bss(bssid
, freq
=2412)
1372 dev
[0].request("ERP_FLUSH")
1373 id = dev
[0].connect("fils", key_mgmt
="FILS-SHA256",
1374 eap
="SIM", identity
="1232010000000000@" + realm
,
1375 password
="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
1376 erp
="1", scan_freq
="2412")
1379 dev
[0].wait_disconnected()
1380 dev
[0].dump_monitor()
1383 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED",
1384 "EVENT-ASSOC-REJECT",
1385 "CTRL-EVENT-CONNECTED"], timeout
=10)
1387 raise Exception("Reconnection using FILS/ERP timed out")
1388 if "CTRL-EVENT-EAP-STARTED" in ev
:
1389 raise Exception("Unexpected EAP exchange")
1390 if "EVENT-ASSOC-REJECT" in ev
:
1391 raise Exception("Association failed")
1393 def test_fils_sk_pfs_19(dev
, apdev
, params
):
1394 """FILS SK with PFS (DH group 19)"""
1395 run_fils_sk_pfs(dev
, apdev
, "19", params
)
1397 def test_fils_sk_pfs_20(dev
, apdev
, params
):
1398 """FILS SK with PFS (DH group 20)"""
1399 run_fils_sk_pfs(dev
, apdev
, "20", params
)
1401 def test_fils_sk_pfs_21(dev
, apdev
, params
):
1402 """FILS SK with PFS (DH group 21)"""
1403 run_fils_sk_pfs(dev
, apdev
, "21", params
)
1405 def test_fils_sk_pfs_25(dev
, apdev
, params
):
1406 """FILS SK with PFS (DH group 25)"""
1407 run_fils_sk_pfs(dev
, apdev
, "25", params
)
1409 def test_fils_sk_pfs_26(dev
, apdev
, params
):
1410 """FILS SK with PFS (DH group 26)"""
1411 run_fils_sk_pfs(dev
, apdev
, "26", params
)
1413 def test_fils_sk_pfs_27(dev
, apdev
, params
):
1414 """FILS SK with PFS (DH group 27)"""
1415 run_fils_sk_pfs(dev
, apdev
, "27", params
)
1417 def test_fils_sk_pfs_28(dev
, apdev
, params
):
1418 """FILS SK with PFS (DH group 28)"""
1419 run_fils_sk_pfs(dev
, apdev
, "28", params
)
1421 def test_fils_sk_pfs_29(dev
, apdev
, params
):
1422 """FILS SK with PFS (DH group 29)"""
1423 run_fils_sk_pfs(dev
, apdev
, "29", params
)
1425 def test_fils_sk_pfs_30(dev
, apdev
, params
):
1426 """FILS SK with PFS (DH group 30)"""
1427 run_fils_sk_pfs(dev
, apdev
, "30", params
)
1429 def run_fils_sk_pfs(dev
, apdev
, group
, params
):
1430 check_fils_sk_pfs_capa(dev
[0])
1431 check_erp_capa(dev
[0])
1433 tls
= dev
[0].request("GET tls_library")
1434 if int(group
) in [ 25 ]:
1435 if not (tls
.startswith("OpenSSL") and ("build=OpenSSL 1.0.2" in tls
or "build=OpenSSL 1.1" in tls
) and ("run=OpenSSL 1.0.2" in tls
or "run=OpenSSL 1.1" in tls
)):
1436 raise HwsimSkip("EC group not supported")
1437 if int(group
) in [ 27, 28, 29, 30 ]:
1438 if not (tls
.startswith("OpenSSL") and ("build=OpenSSL 1.0.2" in tls
or "build=OpenSSL 1.1" in tls
) and ("run=OpenSSL 1.0.2" in tls
or "run=OpenSSL 1.1" in tls
)):
1439 raise HwsimSkip("Brainpool EC group not supported")
1441 start_erp_as(apdev
[1], msk_dump
=os
.path
.join(params
['logdir'], "msk.lst"))
1443 bssid
= apdev
[0]['bssid']
1444 params
= hostapd
.wpa2_eap_params(ssid
="fils")
1445 params
['wpa_key_mgmt'] = "FILS-SHA256"
1446 params
['auth_server_port'] = "18128"
1447 params
['erp_domain'] = 'example.com'
1448 params
['fils_realm'] = 'example.com'
1449 params
['disable_pmksa_caching'] = '1'
1450 params
['fils_dh_group'] = group
1451 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
1453 dev
[0].scan_for_bss(bssid
, freq
=2412)
1454 dev
[0].request("ERP_FLUSH")
1455 id = dev
[0].connect("fils", key_mgmt
="FILS-SHA256",
1456 eap
="PSK", identity
="psk.user@example.com",
1457 password_hex
="0123456789abcdef0123456789abcdef",
1458 erp
="1", fils_dh_group
=group
, scan_freq
="2412")
1460 dev
[0].request("DISCONNECT")
1461 dev
[0].wait_disconnected()
1463 dev
[0].dump_monitor()
1464 dev
[0].select_network(id, freq
=2412)
1465 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED",
1466 "EVENT-ASSOC-REJECT",
1467 "CTRL-EVENT-CONNECTED"], timeout
=10)
1469 raise Exception("Connection using FILS/ERP timed out")
1470 if "CTRL-EVENT-EAP-STARTED" in ev
:
1471 raise Exception("Unexpected EAP exchange")
1472 if "EVENT-ASSOC-REJECT" in ev
:
1473 raise Exception("Association failed")
1474 hwsim_utils
.test_connectivity(dev
[0], hapd
)
1476 def test_fils_sk_pfs_group_mismatch(dev
, apdev
, params
):
1477 """FILS SK PFS DH group mismatch"""
1478 check_fils_sk_pfs_capa(dev
[0])
1479 check_erp_capa(dev
[0])
1481 start_erp_as(apdev
[1], msk_dump
=os
.path
.join(params
['logdir'], "msk.lst"))
1483 bssid
= apdev
[0]['bssid']
1484 params
= hostapd
.wpa2_eap_params(ssid
="fils")
1485 params
['wpa_key_mgmt'] = "FILS-SHA256"
1486 params
['auth_server_port'] = "18128"
1487 params
['erp_domain'] = 'example.com'
1488 params
['fils_realm'] = 'example.com'
1489 params
['disable_pmksa_caching'] = '1'
1490 params
['fils_dh_group'] = "20"
1491 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
1493 dev
[0].scan_for_bss(bssid
, freq
=2412)
1494 dev
[0].request("ERP_FLUSH")
1495 id = dev
[0].connect("fils", key_mgmt
="FILS-SHA256",
1496 eap
="PSK", identity
="psk.user@example.com",
1497 password_hex
="0123456789abcdef0123456789abcdef",
1498 erp
="1", fils_dh_group
="19", scan_freq
="2412")
1500 dev
[0].request("DISCONNECT")
1501 dev
[0].wait_disconnected()
1503 dev
[0].dump_monitor()
1504 dev
[0].select_network(id, freq
=2412)
1505 ev
= dev
[0].wait_event(["CTRL-EVENT-AUTH-REJECT"], timeout
=10)
1506 dev
[0].request("DISCONNECT")
1508 raise Exception("Authentication rejection not seen")
1509 if "auth_type=5 auth_transaction=2 status_code=77" not in ev
:
1510 raise Exception("Unexpected auth reject value: " + ev
)
1512 def test_fils_sk_pfs_pmksa_caching(dev
, apdev
, params
):
1513 """FILS SK with PFS and PMKSA caching"""
1514 check_fils_sk_pfs_capa(dev
[0])
1515 check_erp_capa(dev
[0])
1517 start_erp_as(apdev
[1], msk_dump
=os
.path
.join(params
['logdir'], "msk.lst"))
1519 bssid
= apdev
[0]['bssid']
1520 params
= hostapd
.wpa2_eap_params(ssid
="fils")
1521 params
['wpa_key_mgmt'] = "FILS-SHA256"
1522 params
['auth_server_port'] = "18128"
1523 params
['erp_domain'] = 'example.com'
1524 params
['fils_realm'] = 'example.com'
1525 params
['fils_dh_group'] = "19"
1526 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
1528 dev
[0].scan_for_bss(bssid
, freq
=2412)
1529 dev
[0].request("ERP_FLUSH")
1530 id = dev
[0].connect("fils", key_mgmt
="FILS-SHA256",
1531 eap
="PSK", identity
="psk.user@example.com",
1532 password_hex
="0123456789abcdef0123456789abcdef",
1533 erp
="1", fils_dh_group
="19", scan_freq
="2412")
1534 pmksa
= dev
[0].get_pmksa(bssid
)
1536 raise Exception("No PMKSA cache entry created")
1538 dev
[0].request("DISCONNECT")
1539 dev
[0].wait_disconnected()
1541 # FILS authentication with PMKSA caching and PFS
1542 dev
[0].dump_monitor()
1543 dev
[0].select_network(id, freq
=2412)
1544 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED",
1545 "CTRL-EVENT-CONNECTED"], timeout
=10)
1547 raise Exception("Connection using PMKSA caching timed out")
1548 if "CTRL-EVENT-EAP-STARTED" in ev
:
1549 raise Exception("Unexpected EAP exchange")
1550 hwsim_utils
.test_connectivity(dev
[0], hapd
)
1551 pmksa2
= dev
[0].get_pmksa(bssid
)
1553 raise Exception("No PMKSA cache entry found")
1554 if pmksa
['pmkid'] != pmksa2
['pmkid']:
1555 raise Exception("Unexpected PMKID change")
1557 # Verify EAPOL reauthentication after FILS authentication
1558 hapd
.request("EAPOL_REAUTH " + dev
[0].own_addr())
1559 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout
=5)
1561 raise Exception("EAP authentication did not start")
1562 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout
=5)
1564 raise Exception("EAP authentication did not succeed")
1566 hwsim_utils
.test_connectivity(dev
[0], hapd
)
1568 dev
[0].request("DISCONNECT")
1569 dev
[0].wait_disconnected()
1571 # FILS authentication with ERP and PFS
1572 dev
[0].request("PMKSA_FLUSH")
1573 dev
[0].dump_monitor()
1574 dev
[0].select_network(id, freq
=2412)
1575 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED",
1576 "CTRL-EVENT-EAP-SUCCESS",
1577 "CTRL-EVENT-CONNECTED"], timeout
=10)
1579 raise Exception("Connection using ERP and PFS timed out")
1580 if "CTRL-EVENT-EAP-STARTED" in ev
:
1581 raise Exception("Unexpected EAP exchange")
1582 if "CTRL-EVENT-EAP-SUCCESS" not in ev
:
1583 raise Exception("ERP success not reported")
1584 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED",
1585 "SME: Trying to authenticate",
1586 "CTRL-EVENT-CONNECTED"], timeout
=10)
1588 raise Exception("Connection using ERP and PFS timed out")
1589 if "CTRL-EVENT-EAP-STARTED" in ev
:
1590 raise Exception("Unexpected EAP exchange")
1591 if "SME: Trying to authenticate" in ev
:
1592 raise Exception("Unexpected extra authentication round with ERP and PFS")
1593 hwsim_utils
.test_connectivity(dev
[0], hapd
)
1594 pmksa3
= dev
[0].get_pmksa(bssid
)
1596 raise Exception("No PMKSA cache entry found")
1597 if pmksa2
['pmkid'] == pmksa3
['pmkid']:
1598 raise Exception("PMKID did not change")
1600 dev
[0].request("DISCONNECT")
1601 dev
[0].wait_disconnected()
1603 # FILS authentication with PMKSA caching and PFS
1604 dev
[0].dump_monitor()
1605 dev
[0].select_network(id, freq
=2412)
1606 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED",
1607 "CTRL-EVENT-CONNECTED"], timeout
=10)
1609 raise Exception("Connection using PMKSA caching timed out")
1610 if "CTRL-EVENT-EAP-STARTED" in ev
:
1611 raise Exception("Unexpected EAP exchange")
1612 hwsim_utils
.test_connectivity(dev
[0], hapd
)
1613 pmksa4
= dev
[0].get_pmksa(bssid
)
1615 raise Exception("No PMKSA cache entry found")
1616 if pmksa3
['pmkid'] != pmksa4
['pmkid']:
1617 raise Exception("Unexpected PMKID change (2)")
1619 def test_fils_sk_auth_mismatch(dev
, apdev
, params
):
1620 """FILS SK authentication type mismatch (PFS not supported)"""
1621 check_fils_sk_pfs_capa(dev
[0])
1622 check_erp_capa(dev
[0])
1624 start_erp_as(apdev
[1], msk_dump
=os
.path
.join(params
['logdir'], "msk.lst"))
1626 bssid
= apdev
[0]['bssid']
1627 params
= hostapd
.wpa2_eap_params(ssid
="fils")
1628 params
['wpa_key_mgmt'] = "FILS-SHA256"
1629 params
['auth_server_port'] = "18128"
1630 params
['erp_domain'] = 'example.com'
1631 params
['fils_realm'] = 'example.com'
1632 params
['disable_pmksa_caching'] = '1'
1633 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
1635 dev
[0].scan_for_bss(bssid
, freq
=2412)
1636 dev
[0].request("ERP_FLUSH")
1637 id = dev
[0].connect("fils", key_mgmt
="FILS-SHA256",
1638 eap
="PSK", identity
="psk.user@example.com",
1639 password_hex
="0123456789abcdef0123456789abcdef",
1640 erp
="1", fils_dh_group
="19", scan_freq
="2412")
1642 dev
[0].request("DISCONNECT")
1643 dev
[0].wait_disconnected()
1645 dev
[0].dump_monitor()
1646 dev
[0].select_network(id, freq
=2412)
1647 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED",
1648 "EVENT-ASSOC-REJECT",
1649 "CTRL-EVENT-CONNECTED"], timeout
=10)
1651 raise Exception("Connection using FILS/ERP timed out")
1652 if "CTRL-EVENT-EAP-STARTED" not in ev
:
1653 raise Exception("No EAP exchange seen")
1654 dev
[0].wait_connected()
1655 hwsim_utils
.test_connectivity(dev
[0], hapd
)
1657 def test_fils_auth_gtk_rekey(dev
, apdev
, params
):
1658 """GTK rekeying after FILS authentication"""
1659 check_fils_capa(dev
[0])
1660 check_erp_capa(dev
[0])
1662 start_erp_as(apdev
[1], msk_dump
=os
.path
.join(params
['logdir'], "msk.lst"))
1664 bssid
= apdev
[0]['bssid']
1665 params
= hostapd
.wpa2_eap_params(ssid
="fils")
1666 params
['wpa_key_mgmt'] = "FILS-SHA256"
1667 params
['auth_server_port'] = "18128"
1668 params
['erp_domain'] = 'example.com'
1669 params
['fils_realm'] = 'example.com'
1670 params
['wpa_group_rekey'] = '1'
1671 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
1673 dev
[0].scan_for_bss(bssid
, freq
=2412)
1674 dev
[0].request("ERP_FLUSH")
1675 id = dev
[0].connect("fils", key_mgmt
="FILS-SHA256",
1676 eap
="PSK", identity
="psk.user@example.com",
1677 password_hex
="0123456789abcdef0123456789abcdef",
1678 erp
="1", scan_freq
="2412")
1680 dev
[0].request("DISCONNECT")
1681 dev
[0].wait_disconnected()
1683 dev
[0].dump_monitor()
1684 dev
[0].select_network(id, freq
=2412)
1685 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED",
1686 "CTRL-EVENT-CONNECTED"], timeout
=10)
1688 raise Exception("Connection using PMKSA caching timed out")
1689 if "CTRL-EVENT-EAP-STARTED" in ev
:
1690 raise Exception("Unexpected EAP exchange")
1691 dev
[0].dump_monitor()
1693 hwsim_utils
.test_connectivity(dev
[0], hapd
)
1694 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
1696 raise Exception("GTK rekey timed out")
1697 hwsim_utils
.test_connectivity(dev
[0], hapd
)
1699 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout
=5)
1701 raise Exception("Rekeying failed - disconnected")
1702 hwsim_utils
.test_connectivity(dev
[0], hapd
)
1704 def test_fils_and_ft(dev
, apdev
, params
):
1705 """FILS SK using ERP and FT initial mobility domain association"""
1706 check_fils_capa(dev
[0])
1707 check_erp_capa(dev
[0])
1709 er
= start_erp_as(apdev
[1],
1710 msk_dump
=os
.path
.join(params
['logdir'], "msk.lst"))
1712 bssid
= apdev
[0]['bssid']
1713 params
= hostapd
.wpa2_eap_params(ssid
="fils")
1714 params
['wpa_key_mgmt'] = "FILS-SHA256"
1715 params
['auth_server_port'] = "18128"
1716 params
['erp_domain'] = 'example.com'
1717 params
['fils_realm'] = 'example.com'
1718 params
['disable_pmksa_caching'] = '1'
1719 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
1721 dev
[0].scan_for_bss(bssid
, freq
=2412)
1722 dev
[0].request("ERP_FLUSH")
1723 id = dev
[0].connect("fils", key_mgmt
="FILS-SHA256",
1724 eap
="PSK", identity
="psk.user@example.com",
1725 password_hex
="0123456789abcdef0123456789abcdef",
1726 erp
="1", scan_freq
="2412")
1728 dev
[0].request("DISCONNECT")
1729 dev
[0].wait_disconnected()
1731 dev
[0].flush_scan_cache()
1732 if "FAIL" in dev
[0].request("PMKSA_FLUSH"):
1733 raise Exception("PMKSA_FLUSH failed")
1735 params
= hostapd
.wpa2_eap_params(ssid
="fils-ft")
1736 params
['wpa_key_mgmt'] = "FILS-SHA256 FT-FILS-SHA256 FT-EAP"
1737 params
['auth_server_port'] = "18128"
1738 params
['erp_domain'] = 'example.com'
1739 params
['fils_realm'] = 'example.com'
1740 params
['disable_pmksa_caching'] = '1'
1741 params
["mobility_domain"] = "a1b2"
1742 params
["r0_key_lifetime"] = "10000"
1743 params
["pmk_r1_push"] = "1"
1744 params
["reassociation_deadline"] = "1000"
1745 params
['nas_identifier'] = "nas1.w1.fi"
1746 params
['r1_key_holder'] = "000102030405"
1747 params
['r0kh'] = [ "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f" ]
1748 params
['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f"
1749 params
['ieee80211w'] = "1"
1750 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
1752 dev
[0].scan_for_bss(bssid
, freq
=2412)
1753 dev
[0].dump_monitor()
1754 id = dev
[0].connect("fils-ft", key_mgmt
="FILS-SHA256 FT-FILS-SHA256 FT-EAP",
1756 eap
="PSK", identity
="psk.user@example.com",
1757 password_hex
="0123456789abcdef0123456789abcdef",
1758 erp
="1", scan_freq
="2412", wait_connect
=False)
1760 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED",
1761 "CTRL-EVENT-AUTH-REJECT",
1762 "EVENT-ASSOC-REJECT",
1763 "CTRL-EVENT-CONNECTED"], timeout
=10)
1765 raise Exception("Connection using FILS/ERP timed out")
1766 if "CTRL-EVENT-EAP-STARTED" in ev
:
1767 raise Exception("Unexpected EAP exchange")
1768 if "CTRL-EVENT-AUTH-REJECT" in ev
:
1769 raise Exception("Authentication failed")
1770 if "EVENT-ASSOC-REJECT" in ev
:
1771 raise Exception("Association failed")
1772 hwsim_utils
.test_connectivity(dev
[0], hapd
)
1776 # FIX: FT-FILS-SHA256 does not currently work for FT protocol due to not
1777 # fully defined FT Reassociation Request/Response frame MIC use in FTE.
1778 # FT-EAP can be used to work around that in this test case to confirm the
1779 # FT key hierarchy was properly formed in the previous step.
1780 #params['wpa_key_mgmt'] = "FILS-SHA256 FT-FILS-SHA256"
1781 params
['wpa_key_mgmt'] = "FT-EAP"
1782 params
['nas_identifier'] = "nas2.w1.fi"
1783 params
['r1_key_holder'] = "000102030406"
1784 params
['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f" ]
1785 params
['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f"
1786 hapd2
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
1788 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412", force_scan
=True)
1789 # FIX: Cannot use FT-over-DS without the FTE MIC issue addressed
1790 #dev[0].roam_over_ds(apdev[1]['bssid'])
1791 dev
[0].roam(apdev
[1]['bssid'])
1793 def test_fils_and_ft_over_air(dev
, apdev
, params
):
1794 """FILS SK using ERP and FT-over-air (SHA256)"""
1795 run_fils_and_ft_over_air(dev
, apdev
, params
, "FT-FILS-SHA256")
1797 def test_fils_and_ft_over_air_sha384(dev
, apdev
, params
):
1798 """FILS SK using ERP and FT-over-air (SHA384)"""
1799 run_fils_and_ft_over_air(dev
, apdev
, params
, "FT-FILS-SHA384")
1801 def run_fils_and_ft_over_air(dev
, apdev
, params
, key_mgmt
):
1802 hapd
, hapd2
= run_fils_and_ft_setup(dev
, apdev
, params
, key_mgmt
)
1804 logger
.info("FT protocol using FT key hierarchy established during FILS authentication")
1805 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412", force_scan
=True)
1806 hapd
.request("NOTE FT protocol to AP2 using FT keys established during FILS FILS authentication")
1807 dev
[0].roam(apdev
[1]['bssid'])
1808 hwsim_utils
.test_connectivity(dev
[0], hapd2
)
1810 logger
.info("FT protocol using the previously established FT key hierarchy from FILS authentication")
1811 hapd
.request("NOTE FT protocol back to AP1 using FT keys established during FILS FILS authentication")
1812 dev
[0].roam(apdev
[0]['bssid'])
1813 hwsim_utils
.test_connectivity(dev
[0], hapd
)
1815 hapd
.request("NOTE FT protocol back to AP2 using FT keys established during FILS FILS authentication")
1816 dev
[0].roam(apdev
[1]['bssid'])
1817 hwsim_utils
.test_connectivity(dev
[0], hapd2
)
1819 hapd
.request("NOTE FT protocol back to AP1 using FT keys established during FILS FILS authentication (2)")
1820 dev
[0].roam(apdev
[0]['bssid'])
1821 hwsim_utils
.test_connectivity(dev
[0], hapd
)
1823 def test_fils_and_ft_over_ds(dev
, apdev
, params
):
1824 """FILS SK using ERP and FT-over-DS (SHA256)"""
1825 run_fils_and_ft_over_ds(dev
, apdev
, params
, "FT-FILS-SHA256")
1827 def test_fils_and_ft_over_ds_sha384(dev
, apdev
, params
):
1828 """FILS SK using ERP and FT-over-DS (SHA384)"""
1829 run_fils_and_ft_over_ds(dev
, apdev
, params
, "FT-FILS-SHA384")
1831 def run_fils_and_ft_over_ds(dev
, apdev
, params
, key_mgmt
):
1832 hapd
, hapd2
= run_fils_and_ft_setup(dev
, apdev
, params
, key_mgmt
)
1834 logger
.info("FT protocol using FT key hierarchy established during FILS authentication")
1835 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412", force_scan
=True)
1836 hapd
.request("NOTE FT protocol to AP2 using FT keys established during FILS FILS authentication")
1837 dev
[0].roam_over_ds(apdev
[1]['bssid'])
1839 logger
.info("FT protocol using the previously established FT key hierarchy from FILS authentication")
1840 hapd
.request("NOTE FT protocol back to AP1 using FT keys established during FILS FILS authentication")
1841 dev
[0].roam_over_ds(apdev
[0]['bssid'])
1843 hapd
.request("NOTE FT protocol back to AP2 using FT keys established during FILS FILS authentication")
1844 dev
[0].roam_over_ds(apdev
[1]['bssid'])
1846 hapd
.request("NOTE FT protocol back to AP1 using FT keys established during FILS FILS authentication (2)")
1847 dev
[0].roam_over_ds(apdev
[0]['bssid'])
1849 def run_fils_and_ft_setup(dev
, apdev
, params
, key_mgmt
):
1850 check_fils_capa(dev
[0])
1851 check_erp_capa(dev
[0])
1853 er
= start_erp_as(apdev
[1],
1854 msk_dump
=os
.path
.join(params
['logdir'], "msk.lst"))
1856 logger
.info("Set up ERP key hierarchy without FILS/FT authentication")
1857 bssid
= apdev
[0]['bssid']
1858 params
= hostapd
.wpa2_eap_params(ssid
="fils")
1859 params
['wpa_key_mgmt'] = key_mgmt
1860 params
['auth_server_port'] = "18128"
1861 params
['erp_domain'] = 'example.com'
1862 params
['fils_realm'] = 'example.com'
1863 params
['disable_pmksa_caching'] = '1'
1864 params
['ieee80211w'] = "2"
1865 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
1867 dev
[0].scan_for_bss(bssid
, freq
=2412)
1868 dev
[0].request("ERP_FLUSH")
1869 hapd
.request("NOTE Initial association to establish ERP keys")
1870 id = dev
[0].connect("fils", key_mgmt
=key_mgmt
, ieee80211w
="2",
1871 eap
="PSK", identity
="psk.user@example.com",
1872 password_hex
="0123456789abcdef0123456789abcdef",
1873 erp
="1", scan_freq
="2412")
1874 hwsim_utils
.test_connectivity(dev
[0], hapd
)
1876 dev
[0].request("DISCONNECT")
1877 dev
[0].wait_disconnected()
1879 dev
[0].flush_scan_cache()
1880 if "FAIL" in dev
[0].request("PMKSA_FLUSH"):
1881 raise Exception("PMKSA_FLUSH failed")
1883 logger
.info("Initial mobility domain association using FILS authentication")
1884 params
= hostapd
.wpa2_eap_params(ssid
="fils-ft")
1885 params
['wpa_key_mgmt'] = key_mgmt
1886 params
['auth_server_port'] = "18128"
1887 params
['erp_domain'] = 'example.com'
1888 params
['fils_realm'] = 'example.com'
1889 params
['disable_pmksa_caching'] = '1'
1890 params
["mobility_domain"] = "a1b2"
1891 params
["r0_key_lifetime"] = "10000"
1892 params
["pmk_r1_push"] = "1"
1893 params
["reassociation_deadline"] = "1000"
1894 params
['nas_identifier'] = "nas1.w1.fi"
1895 params
['r1_key_holder'] = "000102030405"
1896 params
['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f",
1897 "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f" ]
1898 params
['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f"
1899 params
['ieee80211w'] = "2"
1900 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
1902 dev
[0].scan_for_bss(bssid
, freq
=2412)
1903 dev
[0].dump_monitor()
1904 hapd
.request("NOTE Initial FT mobility domain association using FILS authentication")
1905 dev
[0].set_network_quoted(id, "ssid", "fils-ft")
1906 dev
[0].select_network(id, freq
=2412)
1908 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED",
1909 "CTRL-EVENT-AUTH-REJECT",
1910 "EVENT-ASSOC-REJECT",
1911 "CTRL-EVENT-CONNECTED"], timeout
=10)
1913 raise Exception("Connection using FILS/ERP timed out")
1914 if "CTRL-EVENT-EAP-STARTED" in ev
:
1915 raise Exception("Unexpected EAP exchange")
1916 if "CTRL-EVENT-AUTH-REJECT" in ev
:
1917 raise Exception("Authentication failed")
1918 if "EVENT-ASSOC-REJECT" in ev
:
1919 raise Exception("Association failed")
1920 hwsim_utils
.test_connectivity(dev
[0], hapd
)
1924 params
['wpa_key_mgmt'] = key_mgmt
1925 params
['nas_identifier'] = "nas2.w1.fi"
1926 params
['r1_key_holder'] = "000102030406"
1927 params
['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f",
1928 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f" ]
1929 params
['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f"
1930 hapd2
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
1934 def test_fils_assoc_replay(dev
, apdev
, params
):
1935 """FILS AP and replayed Association Request frame"""
1936 capfile
= os
.path
.join(params
['logdir'], "hwsim0.pcapng")
1937 check_fils_capa(dev
[0])
1938 check_erp_capa(dev
[0])
1940 start_erp_as(apdev
[1])
1942 bssid
= apdev
[0]['bssid']
1943 params
= hostapd
.wpa2_eap_params(ssid
="fils")
1944 params
['wpa_key_mgmt'] = "FILS-SHA256"
1945 params
['auth_server_port'] = "18128"
1946 params
['erp_domain'] = 'example.com'
1947 params
['fils_realm'] = 'example.com'
1948 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
1950 dev
[0].scan_for_bss(bssid
, freq
=2412)
1951 dev
[0].request("ERP_FLUSH")
1952 id = dev
[0].connect("fils", key_mgmt
="FILS-SHA256",
1953 eap
="PSK", identity
="psk.user@example.com",
1954 password_hex
="0123456789abcdef0123456789abcdef",
1955 erp
="1", scan_freq
="2412")
1957 dev
[0].request("DISCONNECT")
1958 dev
[0].wait_disconnected()
1960 hapd
.set("ext_mgmt_frame_handling", "1")
1961 dev
[0].dump_monitor()
1962 dev
[0].select_network(id, freq
=2412)
1967 req
= hapd
.mgmt_rx()
1970 hapd
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']))
1971 if req
['subtype'] == 0:
1973 ev
= hapd
.wait_event(["MGMT-TX-STATUS"], timeout
=5)
1975 raise Exception("No TX status seen")
1976 cmd
= "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev
.split(' ')[1:4]))
1977 if "OK" not in hapd
.request(cmd
):
1978 raise Exception("MGMT_TX_STATUS_PROCESS failed")
1980 hapd
.set("ext_mgmt_frame_handling", "0")
1981 if assocreq
is None:
1982 raise Exception("No Association Request frame seen")
1983 dev
[0].wait_connected()
1984 dev
[0].dump_monitor()
1987 hwsim_utils
.test_connectivity(dev
[0], hapd
)
1989 logger
.info("Replay the last Association Request frame")
1991 hapd
.set("ext_mgmt_frame_handling", "1")
1992 hapd
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']))
1993 ev
= hapd
.wait_event(["MGMT-TX-STATUS"], timeout
=5)
1995 raise Exception("No TX status seen")
1996 cmd
= "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev
.split(' ')[1:4]))
1997 if "OK" not in hapd
.request(cmd
):
1998 raise Exception("MGMT_TX_STATUS_PROCESS failed")
1999 hapd
.set("ext_mgmt_frame_handling", "0")
2002 hwsim_utils
.test_connectivity(dev
[0], hapd
)
2007 ap
= hapd
.own_addr()
2008 sta
= dev
[0].own_addr()
2009 filt
= "wlan.fc.type == 2 && " + \
2010 "wlan.da == " + sta
+ " && " + \
2011 "wlan.sa == " + ap
+ " && wlan.ccmp.extiv"
2012 fields
= [ "wlan.ccmp.extiv" ]
2013 res
= run_tshark(capfile
, filt
, fields
)
2014 vals
= res
.splitlines()
2015 logger
.info("CCMP PN: " + str(vals
))
2017 raise Exception("Could not find all CCMP protected frames from capture")
2018 if len(set(vals
)) < len(vals
):
2019 raise Exception("Duplicate CCMP PN used")
2022 raise Exception("The second hwsim connectivity test failed")
2024 def test_fils_sk_erp_server_flush(dev
, apdev
, params
):
2025 """FILS SK ERP and ERP flush on server, but not on peer"""
2026 check_fils_capa(dev
[0])
2027 check_erp_capa(dev
[0])
2029 hapd_as
= start_erp_as(apdev
[1], msk_dump
=os
.path
.join(params
['logdir'],
2032 bssid
= apdev
[0]['bssid']
2033 params
= hostapd
.wpa2_eap_params(ssid
="fils")
2034 params
['wpa_key_mgmt'] = "FILS-SHA256"
2035 params
['auth_server_port'] = "18128"
2036 params
['erp_domain'] = 'example.com'
2037 params
['fils_realm'] = 'example.com'
2038 params
['disable_pmksa_caching'] = '1'
2039 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
2041 dev
[0].scan_for_bss(bssid
, freq
=2412)
2042 dev
[0].request("ERP_FLUSH")
2043 id = dev
[0].connect("fils", key_mgmt
="FILS-SHA256",
2044 eap
="PSK", identity
="psk.user@example.com",
2045 password_hex
="0123456789abcdef0123456789abcdef",
2046 erp
="1", scan_freq
="2412")
2048 dev
[0].request("DISCONNECT")
2049 dev
[0].wait_disconnected()
2051 dev
[0].dump_monitor()
2052 dev
[0].select_network(id, freq
=2412)
2053 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED",
2054 "EVENT-ASSOC-REJECT",
2055 "CTRL-EVENT-CONNECTED"], timeout
=10)
2057 raise Exception("Connection using FILS/ERP timed out")
2058 if "CTRL-EVENT-EAP-STARTED" in ev
:
2059 raise Exception("Unexpected EAP exchange")
2060 if "EVENT-ASSOC-REJECT" in ev
:
2061 raise Exception("Association failed")
2063 dev
[0].request("DISCONNECT")
2064 dev
[0].wait_disconnected()
2066 hapd_as
.request("ERP_FLUSH")
2067 dev
[0].dump_monitor()
2068 dev
[0].select_network(id, freq
=2412)
2069 ev
= dev
[0].wait_event(["CTRL-EVENT-AUTH-REJECT"], timeout
=10)
2071 raise Exception("No authentication rejection seen after ERP flush on server")
2073 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED",
2074 "CTRL-EVENT-AUTH-REJECT",
2075 "EVENT-ASSOC-REJECT",
2076 "CTRL-EVENT-CONNECTED"], timeout
=10)
2078 raise Exception("Connection attempt using FILS/ERP timed out")
2079 if "CTRL-EVENT-AUTH-REJECT" in ev
:
2080 raise Exception("Failed to recover from ERP flush on server")
2081 if "EVENT-ASSOC-REJECT" in ev
:
2082 raise Exception("Association failed")
2083 if "CTRL-EVENT-EAP-STARTED" not in ev
:
2084 raise Exception("New EAP exchange not seen")
2085 dev
[0].wait_connected(error
="Connection timeout after ERP flush")
2087 dev
[0].request("DISCONNECT")
2088 dev
[0].wait_disconnected()
2089 dev
[0].dump_monitor()
2090 dev
[0].select_network(id, freq
=2412)
2091 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED",
2092 "CTRL-EVENT-AUTH-REJECT",
2093 "EVENT-ASSOC-REJECT",
2094 "CTRL-EVENT-CONNECTED"], timeout
=10)
2096 raise Exception("Connection attempt using FILS with new ERP keys timed out")
2097 if "CTRL-EVENT-AUTH-REJECT" in ev
:
2098 raise Exception("Authentication failed with new ERP keys")
2099 if "EVENT-ASSOC-REJECT" in ev
:
2100 raise Exception("Association failed with new ERP keys")
2101 if "CTRL-EVENT-EAP-STARTED" in ev
:
2102 raise Exception("Unexpected EAP exchange")