logger = logging.getLogger()
import os
import re
+import socket
import struct
import subprocess
import time
import hostapd
-from utils import HwsimSkip, fail_test, skip_with_fips
+from utils import HwsimSkip, fail_test, skip_with_fips, start_monitor, stop_monitor, radiotap_build
import hwsim_utils
from wpasupplicant import WpaSupplicant
if "OK" not in hapd.request("RELOAD_WPA_PSK"):
raise Exception("RELOAD_WPA_PSK failed")
- check_disconnect(dev, [ False, True, False ])
+ check_disconnect(dev, [False, True, False])
with open(psk_file, 'w') as f:
f.write('00:00:00:00:00:00 secret passphrase\n')
if "OK" not in hapd.request("RELOAD_WPA_PSK"):
raise Exception("RELOAD_WPA_PSK failed")
- check_disconnect(dev, [ True, True, False ])
+ check_disconnect(dev, [True, True, False])
@remote_compatible
def test_ap_wpa2_psk_mem(dev, apdev):
if ev is None:
raise Exception("PTK rekey timed out")
hwsim_utils.test_connectivity(dev[0], hapd)
- check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-6"),
- ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-6") ])
+ check_mib(dev[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-6"),
+ ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-6")])
@remote_compatible
def test_ap_wpa2_sha256_ptk_rekey_ap(dev, apdev):
if ev is None:
raise Exception("PTK rekey timed out")
hwsim_utils.test_connectivity(dev[0], hapd)
- check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-6"),
- ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-6") ])
+ check_mib(dev[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-6"),
+ ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-6")])
@remote_compatible
def test_ap_wpa_ptk_rekey(dev, apdev):
hapd = hostapd.add_ap(apdev[0], params)
dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
hwsim_utils.test_connectivity(dev[0], hapd)
- check_mib(dev[0], [ ("dot11RSNAConfigGroupCipherSize", "128"),
- ("dot11RSNAGroupCipherRequested", "00-50-f2-4"),
- ("dot11RSNAPairwiseCipherRequested", "00-50-f2-4"),
- ("dot11RSNAAuthenticationSuiteRequested", "00-50-f2-2"),
- ("dot11RSNAGroupCipherSelected", "00-50-f2-4"),
- ("dot11RSNAPairwiseCipherSelected", "00-50-f2-4"),
- ("dot11RSNAAuthenticationSuiteSelected", "00-50-f2-2"),
- ("dot1xSuppSuppControlledPortStatus", "Authorized") ])
+ check_mib(dev[0], [("dot11RSNAConfigGroupCipherSize", "128"),
+ ("dot11RSNAGroupCipherRequested", "00-50-f2-4"),
+ ("dot11RSNAPairwiseCipherRequested", "00-50-f2-4"),
+ ("dot11RSNAAuthenticationSuiteRequested", "00-50-f2-2"),
+ ("dot11RSNAGroupCipherSelected", "00-50-f2-4"),
+ ("dot11RSNAPairwiseCipherSelected", "00-50-f2-4"),
+ ("dot11RSNAAuthenticationSuiteSelected", "00-50-f2-2"),
+ ("dot1xSuppSuppControlledPortStatus", "Authorized")])
def test_ap_wpa2_psk_file_errors(dev, apdev):
"""WPA2-PSK AP with various PSK file error and success cases"""
except:
pass
- params = { "ssid": ssid, "wpa": "2", "wpa_key_mgmt": "WPA-PSK",
- "rsn_pairwise": "CCMP", "wpa_psk_file": pskfile }
+ params = {"ssid": ssid, "wpa": "2", "wpa_key_mgmt": "WPA-PSK",
+ "rsn_pairwise": "CCMP", "wpa_psk_file": pskfile}
try:
# missing PSK file
raise Exception("Unexpected ENABLE success")
hapd.request("DISABLE")
+ # empty token at the end of the line
+ with open(pskfile, "w") as f:
+ f.write("=\n")
+ if "FAIL" not in hapd.request("ENABLE"):
+ raise Exception("Unexpected ENABLE success")
+ hapd.request("DISABLE")
+
# valid PSK file
with open(pskfile, "w") as f:
f.write("00:11:22:33:44:55 12345678\n")
return data
def sha1_prf(key, label, data, outlen):
- res = ''
+ res = b''
counter = 0
while outlen > 0:
- m = hmac.new(key, label, hashlib.sha1)
+ m = hmac.new(key, label.encode(), hashlib.sha1)
m.update(struct.pack('B', 0))
m.update(data)
m.update(struct.pack('B', counter))
def pmk_to_ptk(pmk, addr1, addr2, nonce1, nonce2):
if addr1 < addr2:
- data = binascii.unhexlify(addr1.replace(':','')) + binascii.unhexlify(addr2.replace(':',''))
+ data = binascii.unhexlify(addr1.replace(':', '')) + binascii.unhexlify(addr2.replace(':', ''))
else:
- data = binascii.unhexlify(addr2.replace(':','')) + binascii.unhexlify(addr1.replace(':',''))
+ data = binascii.unhexlify(addr2.replace(':', '')) + binascii.unhexlify(addr1.replace(':', ''))
if nonce1 < nonce2:
data += nonce1 + nonce2
else:
msg['length'] = 95 + len(data)
else:
msg['rsn_key_data_len'] = 0
- msg['rsn_key_data'] = ''
+ msg['rsn_key_data'] = b''
msg['length'] = 95
def recv_eapol(hapd):
return parse_eapol(eapol)
def send_eapol(hapd, addr, data):
- res = hapd.request("EAPOL_RX " + addr + " " + binascii.hexlify(data))
+ res = hapd.request("EAPOL_RX " + addr + " " + binascii.hexlify(data).decode())
if "OK" not in res:
raise Exception("EAPOL_RX to hostapd failed")
if ev is None:
raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
-def eapol_test(apdev, dev, wpa2=True):
+def eapol_test(apdev, dev, wpa2=True, ieee80211w=0):
bssid = apdev['bssid']
if wpa2:
ssid = "test-wpa2-psk"
else:
params = hostapd.wpa_params(ssid=ssid)
params['wpa_psk'] = psk
+ params['ieee80211w'] = str(ieee80211w)
hapd = hostapd.add_ap(apdev, params)
hapd.request("SET ext_eapol_frame_io 1")
dev.request("SET ext_eapol_frame_io 1")
- dev.connect(ssid, raw_psk=psk, scan_freq="2412", wait_connect=False)
+ dev.connect(ssid, raw_psk=psk, scan_freq="2412", wait_connect=False,
+ ieee80211w=str(ieee80211w))
addr = dev.p2p_interface_addr()
if wpa2:
- rsne = binascii.unhexlify('30140100000fac040100000fac040100000fac020000')
+ if ieee80211w == 2:
+ rsne = binascii.unhexlify('30140100000fac040100000fac040100000fac02cc00')
+ else:
+ rsne = binascii.unhexlify('30140100000fac040100000fac040100000fac020000')
else:
rsne = binascii.unhexlify('dd160050f20101000050f20201000050f20201000050f202')
snonce = binascii.unhexlify('1111111111111111111111111111111111111111111111111111111111111111')
- return (bssid,ssid,hapd,snonce,pmk,addr,rsne)
+ return (bssid, ssid, hapd, snonce, pmk, addr, rsne)
@remote_compatible
def test_ap_wpa2_psk_ext_eapol(dev, apdev):
"""WPA2-PSK AP using external EAPOL supplicant"""
- (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
+ (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
msg = recv_eapol(hapd)
anonce = msg['rsn_key_nonce']
@remote_compatible
def test_ap_wpa2_psk_ext_eapol_retry1(dev, apdev):
"""WPA2 4-way handshake with EAPOL-Key 1/4 retransmitted"""
- (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
+ (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
msg1 = recv_eapol(hapd)
anonce = msg1['rsn_key_nonce']
@remote_compatible
def test_ap_wpa2_psk_ext_eapol_retry1b(dev, apdev):
"""WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted"""
- (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
+ (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
msg1 = recv_eapol(hapd)
anonce = msg1['rsn_key_nonce']
@remote_compatible
def test_ap_wpa2_psk_ext_eapol_retry1c(dev, apdev):
"""WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted and SNonce changing"""
- (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
+ (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
msg1 = recv_eapol(hapd)
anonce = msg1['rsn_key_nonce']
@remote_compatible
def test_ap_wpa2_psk_ext_eapol_retry1d(dev, apdev):
"""WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted and SNonce changing and older used"""
- (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
+ (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
msg1 = recv_eapol(hapd)
anonce = msg1['rsn_key_nonce']
@remote_compatible
def test_ap_wpa2_psk_ext_eapol_type_diff(dev, apdev):
"""WPA2 4-way handshake using external EAPOL supplicant"""
- (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
+ (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
msg = recv_eapol(hapd)
anonce = msg['rsn_key_nonce']
@remote_compatible
def test_ap_wpa_psk_ext_eapol(dev, apdev):
"""WPA2-PSK AP using external EAPOL supplicant"""
- (bssid,ssid,hapd,snonce,pmk,addr,wpae) = eapol_test(apdev[0], dev[0],
- wpa2=False)
+ (bssid, ssid, hapd, snonce, pmk, addr, wpae) = eapol_test(apdev[0], dev[0],
+ wpa2=False)
msg = recv_eapol(hapd)
anonce = msg['rsn_key_nonce']
@remote_compatible
def test_ap_wpa2_psk_ext_eapol_key_info(dev, apdev):
"""WPA2-PSK 4-way handshake with strange key info values"""
- (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
+ (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
msg = recv_eapol(hapd)
anonce = msg['rsn_key_nonce']
reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
hapd_connected(hapd)
-def build_eapol_key_1_4(anonce, replay_counter=1, key_data='', key_len=16):
+def build_eapol_key_1_4(anonce, replay_counter=1, key_data=b'', key_len=16):
msg = {}
msg['version'] = 2
msg['type'] = 3
return msg
def aes_wrap(kek, plain):
- n = len(plain) / 8
+ n = len(plain) // 8
a = 0xa6a6a6a6a6a6a6a6
enc = AES.new(kek).encrypt
r = [plain[i * 8:(i + 1) * 8] for i in range(0, n)]
for i in range(1, n + 1):
b = enc(struct.pack('>Q', a) + r[i - 1])
a = struct.unpack('>Q', b[:8])[0] ^ (n * j + i)
- r[i - 1] =b[8:]
- return struct.pack('>Q', a) + ''.join(r)
+ r[i - 1] = b[8:]
+ return struct.pack('>Q', a) + b''.join(r)
def pad_key_data(plain):
pad_len = len(plain) % 8
if pad_len:
pad_len = 8 - pad_len
- plain += '\xdd'
+ plain += b'\xdd'
pad_len -= 1
- plain += pad_len * '\0'
+ plain += pad_len * b'\x00'
return plain
def test_ap_wpa2_psk_supp_proto(dev, apdev):
"""WPA2-PSK 4-way handshake protocol testing for supplicant"""
- (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
+ (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
# Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
msg = recv_eapol(hapd)
logger.debug("Invalid AES wrap data length 0")
dev[0].dump_monitor()
- msg = build_eapol_key_3_4(anonce, kck, '', replay_counter=counter)
+ msg = build_eapol_key_3_4(anonce, kck, b'', replay_counter=counter)
counter += 1
send_eapol(dev[0], bssid, build_eapol(msg))
ev = dev[0].wait_event(["WPA: Unsupported AES-WRAP len 0"])
logger.debug("Invalid AES wrap data length 1")
dev[0].dump_monitor()
- msg = build_eapol_key_3_4(anonce, kck, '1', replay_counter=counter)
+ msg = build_eapol_key_3_4(anonce, kck, b'1', replay_counter=counter)
counter += 1
send_eapol(dev[0], bssid, build_eapol(msg))
ev = dev[0].wait_event(["WPA: Unsupported AES-WRAP len 1"])
logger.debug("Invalid AES wrap data length 9")
dev[0].dump_monitor()
- msg = build_eapol_key_3_4(anonce, kck, '123456789', replay_counter=counter)
+ msg = build_eapol_key_3_4(anonce, kck, b'123456789', replay_counter=counter)
counter += 1
send_eapol(dev[0], bssid, build_eapol(msg))
ev = dev[0].wait_event(["WPA: Unsupported AES-WRAP len 9"])
logger.debug("Invalid AES wrap data payload")
dev[0].dump_monitor()
- msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter)
+ msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter)
# do not increment counter to test replay protection
send_eapol(dev[0], bssid, build_eapol(msg))
ev = dev[0].wait_event(["WPA: AES unwrap failed"])
logger.debug("Replay Count not increasing")
dev[0].dump_monitor()
- msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter)
+ msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter)
counter += 1
send_eapol(dev[0], bssid, build_eapol(msg))
ev = dev[0].wait_event(["WPA: EAPOL-Key Replay Counter did not increase"])
logger.debug("Missing Ack bit in key info")
dev[0].dump_monitor()
- msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter,
+ msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter,
key_info=0x134a)
counter += 1
send_eapol(dev[0], bssid, build_eapol(msg))
logger.debug("Unexpected Request bit in key info")
dev[0].dump_monitor()
- msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter,
+ msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter,
key_info=0x1bca)
counter += 1
send_eapol(dev[0], bssid, build_eapol(msg))
logger.debug("Unsupported key descriptor version 0")
dev[0].dump_monitor()
- msg = build_eapol_key_3_4(anonce, kck, '0123456789abcdef',
+ msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef',
replay_counter=counter, key_info=0x13c8)
counter += 1
send_eapol(dev[0], bssid, build_eapol(msg))
logger.debug("Key descriptor version 1 not allowed with CCMP")
dev[0].dump_monitor()
- msg = build_eapol_key_3_4(anonce, kck, '0123456789abcdef',
+ msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef',
replay_counter=counter, key_info=0x13c9)
counter += 1
send_eapol(dev[0], bssid, build_eapol(msg))
logger.debug("Invalid AES wrap payload with key descriptor version 2")
dev[0].dump_monitor()
- msg = build_eapol_key_3_4(anonce, kck, '0123456789abcdef',
+ msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef',
replay_counter=counter, key_info=0x13ca)
counter += 1
send_eapol(dev[0], bssid, build_eapol(msg))
logger.debug("Key descriptor version 3 workaround")
dev[0].dump_monitor()
- msg = build_eapol_key_3_4(anonce, kck, '0123456789abcdef',
+ msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef',
replay_counter=counter, key_info=0x13cb)
counter += 1
send_eapol(dev[0], bssid, build_eapol(msg))
logger.debug("Unsupported key descriptor version 4")
dev[0].dump_monitor()
- msg = build_eapol_key_3_4(anonce, kck, '0123456789abcdef',
+ msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef',
replay_counter=counter, key_info=0x13cc)
counter += 1
send_eapol(dev[0], bssid, build_eapol(msg))
logger.debug("Unsupported key descriptor version 7")
dev[0].dump_monitor()
- msg = build_eapol_key_3_4(anonce, kck, '0123456789abcdef',
+ msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef',
replay_counter=counter, key_info=0x13cf)
counter += 1
send_eapol(dev[0], bssid, build_eapol(msg))
logger.debug("Too short EAPOL header length")
dev[0].dump_monitor()
- msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter,
+ msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter,
extra_len=-1)
counter += 1
send_eapol(dev[0], bssid, build_eapol(msg))
raise Exception("Key data overflow not reported")
logger.debug("Too long EAPOL header length")
- msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter,
+ msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter,
extra_len=1)
counter += 1
send_eapol(dev[0], bssid, build_eapol(msg))
logger.debug("Unsupported descriptor type 0")
- msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter,
+ msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter,
descr_type=0)
counter += 1
send_eapol(dev[0], bssid, build_eapol(msg))
logger.debug("WPA descriptor type 0")
- msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter,
+ msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter,
descr_type=254)
counter += 1
send_eapol(dev[0], bssid, build_eapol(msg))
logger.debug("Non-zero key index for pairwise key")
dev[0].dump_monitor()
- wrapped = aes_wrap(kek, 16*'z')
+ wrapped = aes_wrap(kek, 16*b'z')
msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
key_info=0x13ea)
counter += 1
logger.debug("Invalid Key Data plaintext payload --> disconnect")
dev[0].dump_monitor()
- wrapped = aes_wrap(kek, 16*'z')
+ wrapped = aes_wrap(kek, 16*b'z')
msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
counter += 1
send_eapol(dev[0], bssid, build_eapol(msg))
def test_ap_wpa2_psk_supp_proto_no_ie(dev, apdev):
"""WPA2-PSK supplicant protocol testing: IE not included"""
- (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
+ (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
# Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
msg = recv_eapol(hapd)
logger.debug("No IEs in msg 3/4 --> disconnect")
dev[0].dump_monitor()
- wrapped = aes_wrap(kek, 16*'\0')
+ wrapped = aes_wrap(kek, 16*b'\x00')
msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
counter += 1
send_eapol(dev[0], bssid, build_eapol(msg))
def test_ap_wpa2_psk_supp_proto_ie_mismatch(dev, apdev):
"""WPA2-PSK supplicant protocol testing: IE mismatch"""
- (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
+ (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
# Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
msg = recv_eapol(hapd)
def test_ap_wpa2_psk_supp_proto_ok(dev, apdev):
"""WPA2-PSK supplicant protocol testing: success"""
- (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
+ (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
# Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
msg = recv_eapol(hapd)
def test_ap_wpa2_psk_supp_proto_no_gtk(dev, apdev):
"""WPA2-PSK supplicant protocol testing: no GTK"""
- (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
+ (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
# Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
msg = recv_eapol(hapd)
def test_ap_wpa2_psk_supp_proto_anonce_change(dev, apdev):
"""WPA2-PSK supplicant protocol testing: ANonce change"""
- (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
+ (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
# Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
msg = recv_eapol(hapd)
def test_ap_wpa2_psk_supp_proto_unexpected_group_msg(dev, apdev):
"""WPA2-PSK supplicant protocol testing: unexpected group message"""
- (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
+ (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
# Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
msg = recv_eapol(hapd)
@remote_compatible
def test_ap_wpa2_psk_supp_proto_msg_1_invalid_kde(dev, apdev):
"""WPA2-PSK supplicant protocol testing: invalid KDE in msg 1/4"""
- (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
+ (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
# Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
msg = recv_eapol(hapd)
def test_ap_wpa2_psk_supp_proto_wrong_pairwise_key_len(dev, apdev):
"""WPA2-PSK supplicant protocol testing: wrong pairwise key length"""
- (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
+ (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
# Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
msg = recv_eapol(hapd)
def test_ap_wpa2_psk_supp_proto_wrong_group_key_len(dev, apdev):
"""WPA2-PSK supplicant protocol testing: wrong group key length"""
- (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
+ (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
# Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
msg = recv_eapol(hapd)
def test_ap_wpa2_psk_supp_proto_gtk_tx_bit_workaround(dev, apdev):
"""WPA2-PSK supplicant protocol testing: GTK TX bit workaround"""
- (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
+ (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
# Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
msg = recv_eapol(hapd)
def test_ap_wpa2_psk_supp_proto_gtk_keyidx_0_and_3(dev, apdev):
"""WPA2-PSK supplicant protocol testing: GTK key index 0 and 3"""
- (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
+ (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
# Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
msg = recv_eapol(hapd)
def test_ap_wpa2_psk_supp_proto_no_gtk_in_group_msg(dev, apdev):
"""WPA2-PSK supplicant protocol testing: GTK KDE missing from group msg"""
- (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
+ (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
# Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
msg = recv_eapol(hapd)
def test_ap_wpa2_psk_supp_proto_too_long_gtk_in_group_msg(dev, apdev):
"""WPA2-PSK supplicant protocol testing: too long GTK KDE in group msg"""
- (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
+ (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
# Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
msg = recv_eapol(hapd)
def test_ap_wpa2_psk_supp_proto_too_long_gtk_kde(dev, apdev):
"""WPA2-PSK supplicant protocol testing: too long GTK KDE"""
- (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
+ (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
# Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
msg = recv_eapol(hapd)
def test_ap_wpa2_psk_supp_proto_gtk_not_encrypted(dev, apdev):
"""WPA2-PSK supplicant protocol testing: GTK KDE not encrypted"""
- (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
+ (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
# Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
msg = recv_eapol(hapd)
raise Exception("Unencrypted GTK KDE not reported")
dev[0].wait_disconnected(timeout=1)
+def run_psk_supp_proto_pmf2(dev, apdev, igtk_kde=None, fail=False):
+ (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0],
+ ieee80211w=2)
+
+ # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
+ msg = recv_eapol(hapd)
+ dev[0].dump_monitor()
+
+ # Build own EAPOL-Key msg 1/4
+ anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
+ counter = 1
+ msg = build_eapol_key_1_4(anonce, replay_counter=counter)
+ counter += 1
+ send_eapol(dev[0], bssid, build_eapol(msg))
+ msg = recv_eapol(dev[0])
+ snonce = msg['rsn_key_nonce']
+
+ (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
+
+ logger.debug("EAPOL-Key msg 3/4")
+ dev[0].dump_monitor()
+ gtk_kde = binascii.unhexlify('dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
+ plain = rsne + gtk_kde
+ if igtk_kde:
+ plain += igtk_kde
+ wrapped = aes_wrap(kek, pad_key_data(plain))
+ msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
+ counter += 1
+ send_eapol(dev[0], bssid, build_eapol(msg))
+ if fail:
+ dev[0].wait_disconnected(timeout=1)
+ return
+
+ dev[0].wait_connected(timeout=1)
+
+ # Verify that an unprotected broadcast Deauthentication frame is ignored
+ bssid = binascii.unhexlify(hapd.own_addr().replace(':', ''))
+ sock = start_monitor(apdev[1]["ifname"])
+ radiotap = radiotap_build()
+ frame = binascii.unhexlify("c0003a01")
+ frame += 6*b'\xff' + bssid + bssid
+ frame += binascii.unhexlify("1000" + "0300")
+ sock.send(radiotap + frame)
+ # And same with incorrect BIP protection
+ for keyid in ["0400", "0500", "0600", "0004", "0005", "0006", "ffff"]:
+ frame2 = frame + binascii.unhexlify("4c10" + keyid + "010000000000c0e5ca5f2b3b4de9")
+ sock.send(radiotap + frame2)
+ ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=0.5)
+ if ev is not None:
+ raise Exception("Unexpected disconnection")
+
+def run_psk_supp_proto_pmf(dev, apdev, igtk_kde=None, fail=False):
+ try:
+ run_psk_supp_proto_pmf2(dev, apdev, igtk_kde=igtk_kde, fail=fail)
+ finally:
+ stop_monitor(apdev[1]["ifname"])
+
+def test_ap_wpa2_psk_supp_proto_no_igtk(dev, apdev):
+ """WPA2-PSK supplicant protocol testing: no IGTK KDE"""
+ run_psk_supp_proto_pmf(dev, apdev, igtk_kde=None)
+
+def test_ap_wpa2_psk_supp_proto_igtk_ok(dev, apdev):
+ """WPA2-PSK supplicant protocol testing: valid IGTK KDE"""
+ igtk_kde = binascii.unhexlify('dd1c' + '000fac09' + '0400' + 6*'00' + 16*'77')
+ run_psk_supp_proto_pmf(dev, apdev, igtk_kde=igtk_kde)
+
+def test_ap_wpa2_psk_supp_proto_igtk_keyid_swap(dev, apdev):
+ """WPA2-PSK supplicant protocol testing: swapped IGTK KeyID"""
+ igtk_kde = binascii.unhexlify('dd1c' + '000fac09' + '0004' + 6*'00' + 16*'77')
+ run_psk_supp_proto_pmf(dev, apdev, igtk_kde=igtk_kde)
+
+def test_ap_wpa2_psk_supp_proto_igtk_keyid_too_large(dev, apdev):
+ """WPA2-PSK supplicant protocol testing: too large IGTK KeyID"""
+ igtk_kde = binascii.unhexlify('dd1c' + '000fac09' + 'ffff' + 6*'00' + 16*'77')
+ run_psk_supp_proto_pmf(dev, apdev, igtk_kde=igtk_kde, fail=True)
+
+def test_ap_wpa2_psk_supp_proto_igtk_keyid_unexpected(dev, apdev):
+ """WPA2-PSK supplicant protocol testing: unexpected IGTK KeyID"""
+ igtk_kde = binascii.unhexlify('dd1c' + '000fac09' + '0006' + 6*'00' + 16*'77')
+ run_psk_supp_proto_pmf(dev, apdev, igtk_kde=igtk_kde, fail=True)
+
def find_wpas_process(dev):
ifname = dev.ifname
err, data = dev.cmd_execute(['ps', 'ax'])
buf = bytes()
logger.info("Reading process memory (pid=%d)" % pid)
with open('/proc/%d/maps' % pid, 'r') as maps, \
- open('/proc/%d/mem' % pid, 'r') as mem:
+ open('/proc/%d/mem' % pid, 'rb') as mem:
for l in maps.readlines():
m = re.match(r'([0-9a-f]+)-([0-9a-f]+) ([-r][-w][-x][-p])', l)
if not m:
continue
if not perm.startswith('rw'):
continue
- for name in [ "[heap]", "[stack]" ]:
+ for name in ["[heap]", "[stack]"]:
if name in l:
logger.info("%s 0x%x-0x%x is at %d-%d" % (name, start, end, len(buf), len(buf) + (end - start)))
mem.seek(start)
return
prefix = 2048 if pos > 2048 else pos
- with open(fname + keyname, 'w') as f:
+ with open(fname + keyname, 'wb') as f:
f.write(buf[pos - prefix:pos + 2048])
raise Exception(keyname + " found after disassociation")
def test_ap_wpa2_psk_wpas_in_bridge(dev, apdev):
"""WPA2-PSK AP and wpas interface in a bridge"""
- br_ifname='sta-br0'
- ifname='wlan5'
+ br_ifname = 'sta-br0'
+ ifname = 'wlan5'
try:
_test_ap_wpa2_psk_wpas_in_bridge(dev, apdev)
finally:
params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
hapd = hostapd.add_ap(apdev[0], params)
- br_ifname='sta-br0'
- ifname='wlan5'
+ br_ifname = 'sta-br0'
+ ifname = 'wlan5'
wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
subprocess.call(['brctl', 'addbr', br_ifname])
subprocess.call(['brctl', 'setfd', br_ifname, '0'])
id = dev[0].connect(ssid, psk=passphrase, scan_freq="2412",
only_add_network=True)
- tests = [ "dd040050f201",
- "dd050050f20101",
- "dd060050f2010100",
- "dd060050f2010001",
- "dd070050f201010000",
- "dd080050f20101000050",
- "dd090050f20101000050f2",
- "dd0a0050f20101000050f202",
- "dd0b0050f20101000050f20201",
- "dd0c0050f20101000050f2020100",
- "dd0c0050f20101000050f2020000",
- "dd0c0050f20101000050f202ffff",
- "dd0d0050f20101000050f202010000",
- "dd0e0050f20101000050f20201000050",
- "dd0f0050f20101000050f20201000050f2",
- "dd100050f20101000050f20201000050f202",
- "dd110050f20101000050f20201000050f20201",
- "dd120050f20101000050f20201000050f2020100",
- "dd120050f20101000050f20201000050f2020000",
- "dd120050f20101000050f20201000050f202ffff",
- "dd130050f20101000050f20201000050f202010000",
- "dd140050f20101000050f20201000050f20201000050",
- "dd150050f20101000050f20201000050f20201000050f2" ]
+ tests = ["dd040050f201",
+ "dd050050f20101",
+ "dd060050f2010100",
+ "dd060050f2010001",
+ "dd070050f201010000",
+ "dd080050f20101000050",
+ "dd090050f20101000050f2",
+ "dd0a0050f20101000050f202",
+ "dd0b0050f20101000050f20201",
+ "dd0c0050f20101000050f2020100",
+ "dd0c0050f20101000050f2020000",
+ "dd0c0050f20101000050f202ffff",
+ "dd0d0050f20101000050f202010000",
+ "dd0e0050f20101000050f20201000050",
+ "dd0f0050f20101000050f20201000050f2",
+ "dd100050f20101000050f20201000050f202",
+ "dd110050f20101000050f20201000050f20201",
+ "dd120050f20101000050f20201000050f2020100",
+ "dd120050f20101000050f20201000050f2020000",
+ "dd120050f20101000050f20201000050f202ffff",
+ "dd130050f20101000050f20201000050f202010000",
+ "dd140050f20101000050f20201000050f20201000050",
+ "dd150050f20101000050f20201000050f20201000050f2"]
for t in tests:
try:
if "OK" not in dev[0].request("VENDOR_ELEM_ADD 13 " + t):
finally:
dev[0].request("VENDOR_ELEM_REMOVE 13 *")
- tests = [ "dd170050f20101000050f20201000050f20201000050f202ff",
- "dd180050f20101000050f20201000050f20201000050f202ffff",
- "dd190050f20101000050f20201000050f20201000050f202ffffff" ]
+ tests = ["dd170050f20101000050f20201000050f20201000050f202ff",
+ "dd180050f20101000050f20201000050f20201000050f202ffff",
+ "dd190050f20101000050f20201000050f20201000050f202ffffff"]
for t in tests:
try:
if "OK" not in dev[0].request("VENDOR_ELEM_ADD 13 " + t):
raise Exception("VENDOR_ELEM_ADD failed")
dev[0].select_network(id)
- dev[0].wait_connected()
+ ev = dev[0].wait_event(['CTRL-EVENT-CONNECTED',
+ 'WPA: 4-Way Handshake failed'], timeout=10)
+ if ev is None:
+ raise Exception("Association failed unexpectedly")
dev[0].request("DISCONNECT")
dev[0].dump_monitor()
finally:
raise Exception("Invalid own_ie_override value accepted")
id = dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
- tests = [ ('No RSN Capabilities field',
- '30120100000fac040100000fac040100000fac02'),
- ('Reserved RSN Capabilities bits set',
- '30140100000fac040100000fac040100000fac023cff'),
- ('Truncated RSN Capabilities field',
- '30130100000fac040100000fac040100000fac023c'),
- ('Extra pairwise cipher suite (unsupported)',
- '30180100000fac040200ffffffff000fac040100000fac020c00'),
- ('Extra AKM suite (unsupported)',
- '30180100000fac040100000fac040200ffffffff000fac020c00'),
- ('PMKIDCount field included',
- '30160100000fac040100000fac040100000fac020c000000'),
- ('Truncated PMKIDCount field',
- '30150100000fac040100000fac040100000fac020c0000'),
- ('Unexpected Group Management Cipher Suite with PMF disabled',
- '301a0100000fac040100000fac040100000fac020c000000000fac06'),
- ('Extra octet after defined fields (future extensibility)',
- '301b0100000fac040100000fac040100000fac020c000000000fac0600') ]
- for txt,ie in tests:
+ tests = [('No RSN Capabilities field',
+ '30120100000fac040100000fac040100000fac02'),
+ ('Reserved RSN Capabilities bits set',
+ '30140100000fac040100000fac040100000fac023cff'),
+ ('Truncated RSN Capabilities field',
+ '30130100000fac040100000fac040100000fac023c'),
+ ('Extra pairwise cipher suite (unsupported)',
+ '30180100000fac040200ffffffff000fac040100000fac020c00'),
+ ('Extra AKM suite (unsupported)',
+ '30180100000fac040100000fac040200ffffffff000fac020c00'),
+ ('PMKIDCount field included',
+ '30160100000fac040100000fac040100000fac020c000000'),
+ ('Truncated PMKIDCount field',
+ '30150100000fac040100000fac040100000fac020c0000'),
+ ('Unexpected Group Management Cipher Suite with PMF disabled',
+ '301a0100000fac040100000fac040100000fac020c000000000fac06'),
+ ('Extra octet after defined fields (future extensibility)',
+ '301b0100000fac040100000fac040100000fac020c000000000fac0600')]
+ for txt, ie in tests:
dev[0].request("DISCONNECT")
dev[0].wait_disconnected()
dev[0].dump_monitor()
params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
hapd = hostapd.add_ap(apdev[0], params)
- tests = [ ("Normal wpa_supplicant assoc req RSN IE",
- "30140100000fac040100000fac040100000fac020000"),
- ("RSN IE without RSN Capabilities",
- "30120100000fac040100000fac040100000fac02") ]
+ tests = [("Normal wpa_supplicant assoc req RSN IE",
+ "30140100000fac040100000fac040100000fac020000"),
+ ("RSN IE without RSN Capabilities",
+ "30120100000fac040100000fac040100000fac02")]
for title, ie in tests:
logger.info(title)
set_test_assoc_ie(dev[0], ie)
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
- tests = [ ("WPA IE instead of RSN IE and only RSN enabled on AP",
- "dd160050f20101000050f20201000050f20201000050f202", 40),
- ("Empty RSN IE", "3000", 40),
- ("RSN IE with truncated Version", "300101", 40),
- ("RSN IE with only Version", "30020100", 43) ]
+ tests = [("WPA IE instead of RSN IE and only RSN enabled on AP",
+ "dd160050f20101000050f20201000050f20201000050f202", 40),
+ ("Empty RSN IE", "3000", 40),
+ ("RSN IE with truncated Version", "300101", 40),
+ ("RSN IE with only Version", "30020100", 43)]
for title, ie, status in tests:
logger.info(title)
set_test_assoc_ie(dev[0], ie)
ssid = "test-wpa2-psk-ft"
passphrase = 'qwertyuiop'
- params = { "wpa": "2",
- "wpa_key_mgmt": "FT-PSK WPA-PSK",
- "rsn_pairwise": "CCMP",
- "ssid": ssid,
- "wpa_passphrase": passphrase }
+ params = {"wpa": "2",
+ "wpa_key_mgmt": "FT-PSK WPA-PSK",
+ "rsn_pairwise": "CCMP",
+ "ssid": ssid,
+ "wpa_passphrase": passphrase}
params["mobility_domain"] = "a1b2"
params["r0_key_lifetime"] = "10000"
params["pmk_r1_push"] = "1"
def test_ap_wpa_psk_rsn_pairwise(dev, apdev):
"""WPA-PSK AP and only rsn_pairwise set"""
- params = { "ssid": "wpapsk", "wpa": "1", "wpa_key_mgmt": "WPA-PSK",
- "rsn_pairwise": "TKIP", "wpa_passphrase": "1234567890" }
+ params = {"ssid": "wpapsk", "wpa": "1", "wpa_key_mgmt": "WPA-PSK",
+ "rsn_pairwise": "TKIP", "wpa_passphrase": "1234567890"}
hapd = hostapd.add_ap(apdev[0], params)
dev[0].connect("wpapsk", psk="1234567890", proto="WPA", pairwise="TKIP",
scan_freq="2412")