1# WPA2-Personal tests 2# Copyright (c) 2014, Qualcomm Atheros, Inc. 3# 4# This software may be distributed under the terms of the BSD license. 5# See README for more details. 6 7from remotehost import remote_compatible 8import binascii 9try: 10 from Cryptodome.Cipher import AES 11except ImportError: 12 from Crypto.Cipher import AES 13import hashlib 14import hmac 15import logging 16logger = logging.getLogger() 17import os 18import re 19import socket 20import struct 21import subprocess 22import time 23 24import hostapd 25from utils import * 26import hwsim_utils 27from wpasupplicant import WpaSupplicant 28from tshark import run_tshark 29from wlantest import WlantestCapture, Wlantest 30 31def check_mib(dev, vals): 32 mib = dev.get_mib() 33 for v in vals: 34 if mib[v[0]] != v[1]: 35 raise Exception("Unexpected {} = {} (expected {})".format(v[0], mib[v[0]], v[1])) 36 37@remote_compatible 38def test_ap_wpa2_psk(dev, apdev): 39 """WPA2-PSK AP with PSK instead of passphrase""" 40 ssid = "test-wpa2-psk" 41 passphrase = 'qwertyuiop' 42 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6' 43 params = hostapd.wpa2_params(ssid=ssid) 44 params['wpa_psk'] = psk 45 hapd = hostapd.add_ap(apdev[0], params) 46 key_mgmt = hapd.get_config()['key_mgmt'] 47 if key_mgmt.split(' ')[0] != "WPA-PSK": 48 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt) 49 dev[0].connect(ssid, raw_psk=psk, scan_freq="2412") 50 dev[1].connect(ssid, psk=passphrase, scan_freq="2412") 51 52 sig = dev[0].request("SIGNAL_POLL").splitlines() 53 pkt = dev[0].request("PKTCNT_POLL").splitlines() 54 if "FREQUENCY=2412" not in sig: 55 raise Exception("Unexpected SIGNAL_POLL value: " + str(sig)) 56 if "TXBAD=0" not in pkt: 57 raise Exception("Unexpected TXBAD value: " + str(pkt)) 58 59def test_ap_wpa2_psk_file(dev, apdev): 60 """WPA2-PSK AP with PSK from a file""" 61 ssid = "test-wpa2-psk" 62 passphrase = 'qwertyuiop' 63 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6' 64 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 65 params['wpa_psk_file'] = 'hostapd.wpa_psk' 66 hostapd.add_ap(apdev[0], params) 67 dev[1].connect(ssid, psk="very secret", scan_freq="2412", wait_connect=False) 68 dev[2].connect(ssid, raw_psk=psk, scan_freq="2412") 69 dev[2].request("REMOVE_NETWORK all") 70 dev[0].connect(ssid, psk="very secret", scan_freq="2412") 71 dev[0].request("REMOVE_NETWORK all") 72 dev[2].connect(ssid, psk="another passphrase for all STAs", scan_freq="2412") 73 dev[0].connect(ssid, psk="another passphrase for all STAs", scan_freq="2412") 74 ev = dev[1].wait_event(["WPA: 4-Way Handshake failed"], timeout=10) 75 if ev is None: 76 raise Exception("Timed out while waiting for failure report") 77 dev[1].request("REMOVE_NETWORK all") 78 79def check_no_keyid(hapd, dev): 80 addr = dev.own_addr() 81 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=1) 82 if ev is None: 83 raise Exception("No AP-STA-CONNECTED indicated") 84 if addr not in ev: 85 raise Exception("AP-STA-CONNECTED for unexpected STA") 86 if "keyid=" in ev: 87 raise Exception("Unexpected keyid indication") 88 89def check_keyid(hapd, dev, keyid): 90 addr = dev.own_addr() 91 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=1) 92 if ev is None: 93 raise Exception("No AP-STA-CONNECTED indicated") 94 if addr not in ev: 95 raise Exception("AP-STA-CONNECTED for unexpected STA") 96 if "keyid=" + keyid not in ev: 97 raise Exception("Incorrect keyid indication") 98 sta = hapd.get_sta(addr) 99 if 'keyid' not in sta or sta['keyid'] != keyid: 100 raise Exception("Incorrect keyid in STA output") 101 dev.request("REMOVE_NETWORK all") 102 103def check_disconnect(dev, expected): 104 for i in range(2): 105 if expected[i]: 106 dev[i].wait_disconnected() 107 dev[i].request("REMOVE_NETWORK all") 108 else: 109 ev = dev[i].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=0.1) 110 if ev is not None: 111 raise Exception("Unexpected disconnection") 112 dev[i].request("REMOVE_NETWORK all") 113 dev[i].wait_disconnected() 114 115def test_ap_wpa2_psk_file_keyid(dev, apdev, params): 116 """WPA2-PSK AP with PSK from a file (keyid and reload)""" 117 psk_file = os.path.join(params['logdir'], 'ap_wpa2_psk_file_keyid.wpa_psk') 118 with open(psk_file, 'w') as f: 119 f.write('00:00:00:00:00:00 secret passphrase\n') 120 f.write('02:00:00:00:00:00 very secret\n') 121 f.write('00:00:00:00:00:00 another passphrase for all STAs\n') 122 ssid = "test-wpa2-psk" 123 params = hostapd.wpa2_params(ssid=ssid, passphrase='qwertyuiop') 124 params['wpa_psk_file'] = psk_file 125 hapd = hostapd.add_ap(apdev[0], params) 126 127 dev[0].connect(ssid, psk="very secret", scan_freq="2412") 128 check_no_keyid(hapd, dev[0]) 129 130 dev[1].connect(ssid, psk="another passphrase for all STAs", 131 scan_freq="2412") 132 check_no_keyid(hapd, dev[1]) 133 134 dev[2].connect(ssid, psk="qwertyuiop", scan_freq="2412") 135 check_no_keyid(hapd, dev[2]) 136 137 with open(psk_file, 'w') as f: 138 f.write('00:00:00:00:00:00 secret passphrase\n') 139 f.write('02:00:00:00:00:00 very secret\n') 140 f.write('00:00:00:00:00:00 changed passphrase\n') 141 if "OK" not in hapd.request("RELOAD_WPA_PSK"): 142 raise Exception("RELOAD_WPA_PSK failed") 143 144 check_disconnect(dev, [False, True, False]) 145 146 with open(psk_file, 'w') as f: 147 f.write('00:00:00:00:00:00 secret passphrase\n') 148 f.write('keyid=foo 02:00:00:00:00:00 very secret\n') 149 f.write('keyid=bar 00:00:00:00:00:00 another passphrase for all STAs\n') 150 if "OK" not in hapd.request("RELOAD_WPA_PSK"): 151 raise Exception("RELOAD_WPA_PSK failed") 152 153 dev[0].connect(ssid, psk="very secret", scan_freq="2412") 154 check_keyid(hapd, dev[0], "foo") 155 156 dev[1].connect(ssid, psk="another passphrase for all STAs", 157 scan_freq="2412") 158 check_keyid(hapd, dev[1], "bar") 159 160 dev[2].connect(ssid, psk="qwertyuiop", scan_freq="2412") 161 check_no_keyid(hapd, dev[2]) 162 163 dev[0].wait_disconnected() 164 dev[0].connect(ssid, psk="secret passphrase", scan_freq="2412") 165 check_no_keyid(hapd, dev[0]) 166 167 with open(psk_file, 'w') as f: 168 f.write('# empty\n') 169 if "OK" not in hapd.request("RELOAD_WPA_PSK"): 170 raise Exception("RELOAD_WPA_PSK failed") 171 172 check_disconnect(dev, [True, True, False]) 173 174 with open(psk_file, 'w') as f: 175 f.write('broken\n') 176 if "FAIL" not in hapd.request("RELOAD_WPA_PSK"): 177 raise Exception("RELOAD_WPA_PSK succeeded with invalid file") 178 179@remote_compatible 180def test_ap_wpa2_psk_mem(dev, apdev): 181 """WPA2-PSK AP with passphrase only in memory""" 182 try: 183 _test_ap_wpa2_psk_mem(dev, apdev) 184 finally: 185 dev[0].request("SCAN_INTERVAL 5") 186 dev[1].request("SCAN_INTERVAL 5") 187 188def _test_ap_wpa2_psk_mem(dev, apdev): 189 ssid = "test-wpa2-psk" 190 passphrase = 'qwertyuiop' 191 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6' 192 params = hostapd.wpa2_params(ssid=ssid) 193 params['wpa_psk'] = psk 194 hapd = hostapd.add_ap(apdev[0], params) 195 196 dev[0].connect(ssid, mem_only_psk="1", scan_freq="2412", wait_connect=False) 197 dev[0].request("SCAN_INTERVAL 1") 198 ev = dev[0].wait_event(["CTRL-REQ-PSK_PASSPHRASE"], timeout=10) 199 if ev is None: 200 raise Exception("Request for PSK/passphrase timed out") 201 id = ev.split(':')[0].split('-')[-1] 202 dev[0].request("CTRL-RSP-PSK_PASSPHRASE-" + id + ':"' + passphrase + '"') 203 dev[0].wait_connected(timeout=10) 204 205 dev[1].connect(ssid, mem_only_psk="1", scan_freq="2412", wait_connect=False) 206 dev[1].request("SCAN_INTERVAL 1") 207 ev = dev[1].wait_event(["CTRL-REQ-PSK_PASSPHRASE"], timeout=10) 208 if ev is None: 209 raise Exception("Request for PSK/passphrase timed out(2)") 210 id = ev.split(':')[0].split('-')[-1] 211 dev[1].request("CTRL-RSP-PSK_PASSPHRASE-" + id + ':' + psk) 212 dev[1].wait_connected(timeout=10) 213 214@remote_compatible 215def test_ap_wpa2_ptk_rekey(dev, apdev): 216 """WPA2-PSK AP and PTK rekey enforced by station""" 217 ssid = "test-wpa2-psk" 218 passphrase = 'qwertyuiop' 219 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 220 hapd = hostapd.add_ap(apdev[0], params) 221 222 Wlantest.setup(hapd) 223 wt = Wlantest() 224 wt.flush() 225 wt.add_passphrase(passphrase) 226 227 dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412") 228 ev = dev[0].wait_event(["WPA: Key negotiation completed", 229 "CTRL-EVENT-DISCONNECTED"]) 230 if ev is None: 231 raise Exception("PTK rekey timed out") 232 if "CTRL-EVENT-DISCONNECTED" in ev: 233 raise Exception("Disconnect instead of rekey") 234 hwsim_utils.test_connectivity(dev[0], hapd) 235 236def test_ap_wpa2_ptk_rekey_blocked_ap(dev, apdev): 237 """WPA2-PSK AP and PTK rekey enforced by station and AP blocking it""" 238 ssid = "test-wpa2-psk" 239 passphrase = 'qwertyuiop' 240 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 241 params['wpa_deny_ptk0_rekey'] = "2" 242 hapd = hostapd.add_ap(apdev[0], params) 243 conf = hapd.request("GET_CONFIG").splitlines() 244 if "wpa_deny_ptk0_rekey=2" not in conf: 245 raise Exception("wpa_deny_ptk0_rekey value not in GET_CONFIG") 246 dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412") 247 ev = dev[0].wait_event(["WPA: Key negotiation completed", 248 "CTRL-EVENT-DISCONNECTED"]) 249 if ev is None: 250 raise Exception("PTK rekey timed out") 251 if "WPA: Key negotiation completed" in ev: 252 raise Exception("No disconnect, PTK rekey succeeded") 253 ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=1.1) 254 if ev is None: 255 raise Exception("Reconnect too slow") 256 257def test_ap_wpa2_ptk_rekey_blocked_sta(dev, apdev): 258 """WPA2-PSK AP and PTK rekey enforced by station while also blocking it""" 259 ssid = "test-wpa2-psk" 260 passphrase = 'qwertyuiop' 261 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 262 hapd = hostapd.add_ap(apdev[0], params) 263 dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412", 264 wpa_deny_ptk0_rekey="2") 265 ev = dev[0].wait_event(["WPA: Key negotiation completed", 266 "CTRL-EVENT-DISCONNECTED"]) 267 if ev is None: 268 raise Exception("PTK rekey timed out") 269 if "WPA: Key negotiation completed" in ev: 270 raise Exception("No disconnect, PTK rekey succeeded") 271 ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=1.1) 272 if ev is None: 273 raise Exception("Reconnect too slow") 274 275def test_ap_wpa2_ptk_rekey_anonce(dev, apdev): 276 """WPA2-PSK AP and PTK rekey enforced by station and ANonce change""" 277 ssid = "test-wpa2-psk" 278 passphrase = 'qwertyuiop' 279 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 280 hapd = hostapd.add_ap(apdev[0], params) 281 dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412") 282 dev[0].dump_monitor() 283 anonce1 = dev[0].request("GET anonce") 284 if "OK" not in dev[0].request("KEY_REQUEST 0 1"): 285 raise Exception("KEY_REQUEST failed") 286 ev = dev[0].wait_event(["WPA: Key negotiation completed"]) 287 if ev is None: 288 raise Exception("PTK rekey timed out") 289 anonce2 = dev[0].request("GET anonce") 290 if anonce1 == anonce2: 291 raise Exception("AP did not update ANonce in requested PTK rekeying") 292 hwsim_utils.test_connectivity(dev[0], hapd) 293 294@remote_compatible 295def test_ap_wpa2_ptk_rekey_ap(dev, apdev): 296 """WPA2-PSK AP and PTK rekey enforced by AP""" 297 ssid = "test-wpa2-psk" 298 passphrase = 'qwertyuiop' 299 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 300 params['wpa_ptk_rekey'] = '2' 301 hapd = hostapd.add_ap(apdev[0], params) 302 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 303 ev = dev[0].wait_event(["WPA: Key negotiation completed"]) 304 if ev is None: 305 raise Exception("PTK rekey timed out") 306 hwsim_utils.test_connectivity(dev[0], hapd) 307 308@remote_compatible 309def test_ap_wpa2_sha256_ptk_rekey(dev, apdev): 310 """WPA2-PSK/SHA256 AKM AP and PTK rekey enforced by station""" 311 ssid = "test-wpa2-psk" 312 passphrase = 'qwertyuiop' 313 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 314 params["wpa_key_mgmt"] = "WPA-PSK-SHA256" 315 hapd = hostapd.add_ap(apdev[0], params) 316 dev[0].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK-SHA256", 317 wpa_ptk_rekey="1", scan_freq="2412") 318 ev = dev[0].wait_event(["WPA: Key negotiation completed"]) 319 if ev is None: 320 raise Exception("PTK rekey timed out") 321 hwsim_utils.test_connectivity(dev[0], hapd) 322 check_mib(dev[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-6"), 323 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-6")]) 324 325@remote_compatible 326def test_ap_wpa2_sha256_ptk_rekey_ap(dev, apdev): 327 """WPA2-PSK/SHA256 AKM AP and PTK rekey enforced by AP""" 328 ssid = "test-wpa2-psk" 329 passphrase = 'qwertyuiop' 330 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 331 params["wpa_key_mgmt"] = "WPA-PSK-SHA256" 332 params['wpa_ptk_rekey'] = '2' 333 hapd = hostapd.add_ap(apdev[0], params) 334 dev[0].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK-SHA256", 335 scan_freq="2412") 336 ev = dev[0].wait_event(["WPA: Key negotiation completed"]) 337 if ev is None: 338 raise Exception("PTK rekey timed out") 339 hwsim_utils.test_connectivity(dev[0], hapd) 340 check_mib(dev[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-6"), 341 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-6")]) 342 343@remote_compatible 344def test_ap_wpa_ptk_rekey(dev, apdev): 345 """WPA-PSK/TKIP AP and PTK rekey enforced by station""" 346 skip_with_fips(dev[0]) 347 skip_without_tkip(dev[0]) 348 ssid = "test-wpa-psk" 349 passphrase = 'qwertyuiop' 350 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase) 351 hapd = hostapd.add_ap(apdev[0], params) 352 dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412") 353 if "[WPA-PSK-TKIP]" not in dev[0].request("SCAN_RESULTS"): 354 raise Exception("Scan results missing WPA element info") 355 ev = dev[0].wait_event(["WPA: Key negotiation completed"]) 356 if ev is None: 357 raise Exception("PTK rekey timed out") 358 hwsim_utils.test_connectivity(dev[0], hapd) 359 360@remote_compatible 361def test_ap_wpa_ptk_rekey_ap(dev, apdev): 362 """WPA-PSK/TKIP AP and PTK rekey enforced by AP""" 363 skip_with_fips(dev[0]) 364 skip_without_tkip(dev[0]) 365 ssid = "test-wpa-psk" 366 passphrase = 'qwertyuiop' 367 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase) 368 params['wpa_ptk_rekey'] = '2' 369 hapd = hostapd.add_ap(apdev[0], params) 370 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 371 ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=10) 372 if ev is None: 373 raise Exception("PTK rekey timed out") 374 hwsim_utils.test_connectivity(dev[0], hapd) 375 376@remote_compatible 377def test_ap_wpa_ccmp(dev, apdev): 378 """WPA-PSK/CCMP""" 379 ssid = "test-wpa-psk" 380 passphrase = 'qwertyuiop' 381 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase) 382 params['wpa_pairwise'] = "CCMP" 383 hapd = hostapd.add_ap(apdev[0], params) 384 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 385 hapd.wait_sta() 386 hwsim_utils.test_connectivity(dev[0], hapd) 387 check_mib(dev[0], [("dot11RSNAConfigGroupCipherSize", "128"), 388 ("dot11RSNAGroupCipherRequested", "00-50-f2-4"), 389 ("dot11RSNAPairwiseCipherRequested", "00-50-f2-4"), 390 ("dot11RSNAAuthenticationSuiteRequested", "00-50-f2-2"), 391 ("dot11RSNAGroupCipherSelected", "00-50-f2-4"), 392 ("dot11RSNAPairwiseCipherSelected", "00-50-f2-4"), 393 ("dot11RSNAAuthenticationSuiteSelected", "00-50-f2-2"), 394 ("dot1xSuppSuppControlledPortStatus", "Authorized")]) 395 396def test_ap_wpa2_psk_file_errors(dev, apdev): 397 """WPA2-PSK AP with various PSK file error and success cases""" 398 addr0 = dev[0].own_addr() 399 addr1 = dev[1].own_addr() 400 addr2 = dev[2].own_addr() 401 ssid = "psk" 402 pskfile = "/tmp/ap_wpa2_psk_file_errors.psk_file" 403 try: 404 os.remove(pskfile) 405 except: 406 pass 407 408 params = {"ssid": ssid, "wpa": "2", "wpa_key_mgmt": "WPA-PSK", 409 "rsn_pairwise": "CCMP", "wpa_psk_file": pskfile} 410 411 try: 412 # missing PSK file 413 hapd = hostapd.add_ap(apdev[0], params, no_enable=True) 414 if "FAIL" not in hapd.request("ENABLE"): 415 raise Exception("Unexpected ENABLE success") 416 hapd.request("DISABLE") 417 418 # invalid MAC address 419 with open(pskfile, "w") as f: 420 f.write("\n") 421 f.write("foo\n") 422 if "FAIL" not in hapd.request("ENABLE"): 423 raise Exception("Unexpected ENABLE success") 424 hapd.request("DISABLE") 425 426 # no PSK on line 427 with open(pskfile, "w") as f: 428 f.write("00:11:22:33:44:55\n") 429 if "FAIL" not in hapd.request("ENABLE"): 430 raise Exception("Unexpected ENABLE success") 431 hapd.request("DISABLE") 432 433 # invalid PSK 434 with open(pskfile, "w") as f: 435 f.write("00:11:22:33:44:55 1234567\n") 436 if "FAIL" not in hapd.request("ENABLE"): 437 raise Exception("Unexpected ENABLE success") 438 hapd.request("DISABLE") 439 440 # empty token at the end of the line 441 with open(pskfile, "w") as f: 442 f.write("=\n") 443 if "FAIL" not in hapd.request("ENABLE"): 444 raise Exception("Unexpected ENABLE success") 445 hapd.request("DISABLE") 446 447 # valid PSK file 448 with open(pskfile, "w") as f: 449 f.write("00:11:22:33:44:55 12345678\n") 450 f.write(addr0 + " 123456789\n") 451 f.write(addr1 + " 123456789a\n") 452 f.write(addr2 + " 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\n") 453 if "FAIL" in hapd.request("ENABLE"): 454 raise Exception("Unexpected ENABLE failure") 455 456 dev[0].connect(ssid, psk="123456789", scan_freq="2412") 457 dev[1].connect(ssid, psk="123456789a", scan_freq="2412") 458 dev[2].connect(ssid, raw_psk="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef", scan_freq="2412") 459 460 finally: 461 try: 462 os.remove(pskfile) 463 except: 464 pass 465 466@remote_compatible 467def test_ap_wpa2_psk_wildcard_ssid(dev, apdev): 468 """WPA2-PSK AP and wildcard SSID configuration""" 469 ssid = "test-wpa2-psk" 470 passphrase = 'qwertyuiop' 471 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6' 472 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 473 hapd = hostapd.add_ap(apdev[0], params) 474 dev[0].connect("", bssid=apdev[0]['bssid'], psk=passphrase, 475 scan_freq="2412") 476 dev[1].connect("", bssid=apdev[0]['bssid'], raw_psk=psk, scan_freq="2412") 477 478@remote_compatible 479def test_ap_wpa2_gtk_rekey(dev, apdev): 480 """WPA2-PSK AP and GTK rekey enforced by AP""" 481 ssid = "test-wpa2-psk" 482 passphrase = 'qwertyuiop' 483 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 484 params['wpa_group_rekey'] = '1' 485 hapd = hostapd.add_ap(apdev[0], params) 486 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 487 ev = dev[0].wait_event(["RSN: Group rekeying completed"], timeout=2) 488 if ev is None: 489 raise Exception("GTK rekey timed out") 490 hwsim_utils.test_connectivity(dev[0], hapd) 491 492def test_ap_wpa2_gtk_rekey_request(dev, apdev): 493 """WPA2-PSK AP and GTK rekey by AP request""" 494 ssid = "test-wpa2-psk" 495 passphrase = 'qwertyuiop' 496 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 497 hapd = hostapd.add_ap(apdev[0], params) 498 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 499 if "OK" not in hapd.request("REKEY_GTK"): 500 raise Exception("REKEY_GTK failed") 501 ev = dev[0].wait_event(["RSN: Group rekeying completed"], timeout=2) 502 if ev is None: 503 raise Exception("GTK rekey timed out") 504 hwsim_utils.test_connectivity(dev[0], hapd) 505 506def test_ap_wpa2_gtk_rekey_failure(dev, apdev): 507 """WPA2-PSK AP and GTK rekey failure""" 508 ssid = "test-wpa2-psk" 509 passphrase = 'qwertyuiop' 510 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 511 hapd = hostapd.add_ap(apdev[0], params) 512 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 513 with fail_test(hapd, 1, "wpa_group_config_group_keys"): 514 if "OK" not in hapd.request("REKEY_GTK"): 515 raise Exception("REKEY_GTK failed") 516 wait_fail_trigger(hapd, "GET_FAIL") 517 ev = dev[0].wait_event(["RSN: Group rekeying completed"], timeout=2) 518 if ev is None: 519 raise Exception("GTK rekey timed out") 520 dev[0].wait_disconnected() 521 522def test_ap_wpa2_gtk_rekey_request(dev, apdev): 523 """WPA2-PSK AP and GTK rekey request from multiple stations""" 524 ssid = "test-wpa2-psk" 525 passphrase = 'qwertyuiop' 526 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 527 hapd = hostapd.add_ap(apdev[0], params) 528 for i in range(3): 529 dev[i].connect(ssid, psk=passphrase, scan_freq="2412") 530 hapd.wait_sta() 531 for i in range(3): 532 if "OK" not in dev[i].request("KEY_REQUEST 0 0"): 533 raise Exception("KEY_REQUEST failed") 534 for i in range(3): 535 ev = dev[i].wait_event(["RSN: Group rekeying completed"], timeout=2) 536 if ev is None: 537 raise Exception("GTK rekey timed out") 538 time.sleep(1) 539 for i in range(3): 540 hwsim_utils.test_connectivity(dev[i], hapd) 541 542def test_ap_wpa2_gtk_rekey_fail_1_sta(dev, apdev): 543 """WPA2-PSK AP and GTK rekey failing with one STA""" 544 ssid = "test-wpa2-psk" 545 passphrase = 'qwertyuiop' 546 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 547 params['wpa_group_rekey'] = '5' 548 hapd = hostapd.add_ap(apdev[0], params) 549 550 dev[1].set("disable_eapol_g2_tx", "1") 551 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 552 dev[1].connect(ssid, psk=passphrase, scan_freq="2412") 553 dev[2].connect(ssid, psk=passphrase, scan_freq="2412") 554 555 ev = dev[0].wait_event(["RSN: Group rekeying completed"], timeout=7) 556 if ev is None: 557 raise Exception("GTK rekey timed out [0]") 558 ev = dev[2].wait_event(["RSN: Group rekeying completed"], timeout=1) 559 if ev is None: 560 raise Exception("GTK rekey timed out [2]") 561 562 disconnected = False 563 for i in range(10): 564 ev = dev[1].wait_event(["RSN: Group rekeying completed", 565 "CTRL-EVENT-DISCONNECTED"], timeout=10) 566 if ev is None: 567 raise Exception("GTK rekey timed out [1]") 568 if "CTRL-EVENT-DISCONNECTED" in ev: 569 if "reason=16" not in ev: 570 raise Exception("Unexpected reason for disconnection: " + ev) 571 disconnected = True 572 break 573 if not disconnected: 574 raise Exception("STA that did not send group msg 2/2 was not disconnected") 575 576 for i in [0, 2]: 577 ev = dev[i].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=0.1) 578 if ev is not None: 579 raise Exception("Unexpected disconnection [%d]" % i) 580 hwsim_utils.test_connectivity(dev[i], hapd) 581 582 dev[1].set("disable_eapol_g2_tx", "0") 583 dev[1].wait_connected() 584 ev = dev[1].wait_event(["RSN: Group rekeying completed"], timeout=10) 585 if ev is None: 586 raise Exception("GTK rekey timed out [1b]") 587 hwsim_utils.test_connectivity(dev[1], hapd) 588 589@remote_compatible 590def test_ap_wpa_gtk_rekey(dev, apdev): 591 """WPA-PSK/TKIP AP and GTK rekey enforced by AP""" 592 skip_with_fips(dev[0]) 593 skip_without_tkip(dev[0]) 594 ssid = "test-wpa-psk" 595 passphrase = 'qwertyuiop' 596 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase) 597 params['wpa_group_rekey'] = '1' 598 hapd = hostapd.add_ap(apdev[0], params) 599 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 600 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2) 601 if ev is None: 602 raise Exception("GTK rekey timed out") 603 hwsim_utils.test_connectivity(dev[0], hapd) 604 605@remote_compatible 606def test_ap_wpa2_gmk_rekey(dev, apdev): 607 """WPA2-PSK AP and GMK and GTK rekey enforced by AP""" 608 ssid = "test-wpa2-psk" 609 passphrase = 'qwertyuiop' 610 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 611 params['wpa_group_rekey'] = '1' 612 params['wpa_gmk_rekey'] = '2' 613 hapd = hostapd.add_ap(apdev[0], params) 614 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 615 for i in range(0, 3): 616 ev = dev[0].wait_event(["RSN: Group rekeying completed"], timeout=2) 617 if ev is None: 618 raise Exception("GTK rekey timed out") 619 hwsim_utils.test_connectivity(dev[0], hapd) 620 621@remote_compatible 622def test_ap_wpa2_strict_rekey(dev, apdev): 623 """WPA2-PSK AP and strict GTK rekey enforced by AP""" 624 ssid = "test-wpa2-psk" 625 passphrase = 'qwertyuiop' 626 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 627 params['wpa_strict_rekey'] = '1' 628 hapd = hostapd.add_ap(apdev[0], params) 629 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 630 dev[1].connect(ssid, psk=passphrase, scan_freq="2412") 631 dev[1].request("DISCONNECT") 632 ev = dev[0].wait_event(["RSN: Group rekeying completed"], timeout=2) 633 if ev is None: 634 raise Exception("GTK rekey timed out") 635 hwsim_utils.test_connectivity(dev[0], hapd) 636 637@remote_compatible 638def test_ap_wpa2_bridge_fdb(dev, apdev): 639 """Bridge FDB entry removal""" 640 hapd = None 641 try: 642 ssid = "test-wpa2-psk" 643 passphrase = "12345678" 644 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 645 params['bridge'] = 'ap-br0' 646 hapd = hostapd.add_ap(apdev[0], params) 647 hapd.cmd_execute(['brctl', 'setfd', 'ap-br0', '0']) 648 hapd.cmd_execute(['ip', 'link', 'set', 'dev', 'ap-br0', 'up']) 649 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", 650 bssid=apdev[0]['bssid']) 651 dev[1].connect(ssid, psk=passphrase, scan_freq="2412", 652 bssid=apdev[0]['bssid']) 653 hapd.wait_sta(wait_4way_hs=True) 654 hapd.wait_sta(wait_4way_hs=True) 655 addr0 = dev[0].p2p_interface_addr() 656 hwsim_utils.test_connectivity_sta(dev[0], dev[1]) 657 err, macs1 = hapd.cmd_execute(['brctl', 'showmacs', 'ap-br0']) 658 hapd.cmd_execute(['brctl', 'setageing', 'ap-br0', '1']) 659 dev[0].request("DISCONNECT") 660 dev[1].request("DISCONNECT") 661 time.sleep(1) 662 err, macs2 = hapd.cmd_execute(['brctl', 'showmacs', 'ap-br0']) 663 664 addr1 = dev[1].p2p_interface_addr() 665 if addr0 not in macs1 or addr1 not in macs1: 666 raise Exception("Bridge FDB entry missing") 667 if addr0 in macs2 or addr1 in macs2: 668 raise Exception("Bridge FDB entry was not removed") 669 finally: 670 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', 'ap-br0', 671 'down']) 672 hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', 'ap-br0']) 673 674@remote_compatible 675def test_ap_wpa2_already_in_bridge(dev, apdev): 676 """hostapd behavior with interface already in bridge""" 677 ifname = apdev[0]['ifname'] 678 br_ifname = 'ext-ap-br0' 679 try: 680 ssid = "test-wpa2-psk" 681 passphrase = "12345678" 682 hostapd.cmd_execute(apdev[0], ['brctl', 'addbr', br_ifname]) 683 hostapd.cmd_execute(apdev[0], ['brctl', 'setfd', br_ifname, '0']) 684 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname, 685 'up']) 686 hostapd.cmd_execute(apdev[0], ['iw', ifname, 'set', 'type', '__ap']) 687 hostapd.cmd_execute(apdev[0], ['brctl', 'addif', br_ifname, ifname]) 688 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 689 hapd = hostapd.add_ap(apdev[0], params) 690 if hapd.get_driver_status_field('brname') != br_ifname: 691 raise Exception("Bridge name not identified correctly") 692 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 693 finally: 694 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname, 695 'down']) 696 hostapd.cmd_execute(apdev[0], ['brctl', 'delif', br_ifname, ifname]) 697 hostapd.cmd_execute(apdev[0], ['iw', ifname, 'set', 'type', 'station']) 698 hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', br_ifname]) 699 700@remote_compatible 701def test_ap_wpa2_in_different_bridge(dev, apdev): 702 """hostapd behavior with interface in different bridge""" 703 ifname = apdev[0]['ifname'] 704 br_ifname = 'ext-ap-br0' 705 try: 706 ssid = "test-wpa2-psk" 707 passphrase = "12345678" 708 hostapd.cmd_execute(apdev[0], ['brctl', 'addbr', br_ifname]) 709 hostapd.cmd_execute(apdev[0], ['brctl', 'setfd', br_ifname, '0']) 710 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname, 711 'up']) 712 hostapd.cmd_execute(apdev[0], ['iw', ifname, 'set', 'type', '__ap']) 713 hostapd.cmd_execute(apdev[0], ['brctl', 'addif', br_ifname, ifname]) 714 time.sleep(0.5) 715 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 716 params['bridge'] = 'ap-br0' 717 hapd = hostapd.add_ap(apdev[0], params) 718 hostapd.cmd_execute(apdev[0], ['brctl', 'setfd', 'ap-br0', '0']) 719 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', 'ap-br0', 720 'up']) 721 brname = hapd.get_driver_status_field('brname') 722 if brname != 'ap-br0': 723 raise Exception("Incorrect bridge: " + brname) 724 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 725 hapd.wait_sta() 726 hwsim_utils.test_connectivity_iface(dev[0], hapd, "ap-br0") 727 if hapd.get_driver_status_field("added_bridge") != "1": 728 raise Exception("Unexpected added_bridge value") 729 if hapd.get_driver_status_field("added_if_into_bridge") != "1": 730 raise Exception("Unexpected added_if_into_bridge value") 731 dev[0].request("DISCONNECT") 732 hapd.disable() 733 finally: 734 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname, 735 'down']) 736 hostapd.cmd_execute(apdev[0], ['brctl', 'delif', br_ifname, ifname, 737 "2>", "/dev/null"], shell=True) 738 hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', br_ifname]) 739 740@remote_compatible 741def test_ap_wpa2_ext_add_to_bridge(dev, apdev): 742 """hostapd behavior with interface added to bridge externally""" 743 ifname = apdev[0]['ifname'] 744 br_ifname = 'ext-ap-br0' 745 try: 746 ssid = "test-wpa2-psk" 747 passphrase = "12345678" 748 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 749 hapd = hostapd.add_ap(apdev[0], params) 750 751 hostapd.cmd_execute(apdev[0], ['brctl', 'addbr', br_ifname]) 752 hostapd.cmd_execute(apdev[0], ['brctl', 'setfd', br_ifname, '0']) 753 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname, 754 'up']) 755 hostapd.cmd_execute(apdev[0], ['brctl', 'addif', br_ifname, ifname]) 756 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 757 if hapd.get_driver_status_field('brname') != br_ifname: 758 raise Exception("Bridge name not identified correctly") 759 finally: 760 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname, 761 'down']) 762 hostapd.cmd_execute(apdev[0], ['brctl', 'delif', br_ifname, ifname]) 763 hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', br_ifname]) 764 765def test_ap_wpa2_second_bss_bridge_exists(dev, apdev): 766 """hostapd behavior with second BSS bridge interface already existing""" 767 ifname = apdev[0]['ifname'] 768 ifname2 = apdev[0]['ifname'] + "b" 769 br_ifname = 'ext-ap-br0' 770 fname = '/tmp/hwsim-bss.conf' 771 try: 772 ssid1 = "test-wpa2-psk-1" 773 ssid2 = "test-wpa2-psk-2" 774 passphrase = "12345678" 775 hostapd.cmd_execute(apdev[0], ['brctl', 'addbr', br_ifname]) 776 hostapd.cmd_execute(apdev[0], ['brctl', 'setfd', br_ifname, '0']) 777 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname, 778 'up']) 779 params = hostapd.wpa2_params(ssid=ssid1, passphrase=passphrase) 780 params['driver_params'] = "control_port=0" 781 hapd = hostapd.add_ap(apdev[0], params) 782 783 with open(fname, 'w') as f: 784 f.write("driver=nl80211\n") 785 f.write("hw_mode=g\n") 786 f.write("channel=1\n") 787 f.write("ieee80211n=1\n") 788 f.write("interface=%s\n" % ifname2) 789 f.write("bridge=%s\n" % br_ifname) 790 f.write("bssid=02:00:00:00:03:01\n") 791 f.write("ctrl_interface=/var/run/hostapd\n") 792 f.write("ssid=%s\n" % ssid2) 793 f.write("wpa=2\n") 794 f.write("wpa_passphrase=%s\n" % passphrase) 795 f.write("wpa_key_mgmt=WPA-PSK\n") 796 f.write("rsn_pairwise=CCMP\n") 797 hostapd.add_bss(apdev[0], ifname2, fname) 798 799 dev[0].connect(ssid1, psk=passphrase, scan_freq="2412") 800 dev[1].connect(ssid2, psk=passphrase, scan_freq="2412") 801 finally: 802 try: 803 os.remove(fname) 804 except: 805 pass 806 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname, 807 'down']) 808 hostapd.cmd_execute(apdev[0], ['brctl', 'delif', br_ifname, ifname2]) 809 hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', br_ifname]) 810 811def setup_psk_ext(dev, apdev, wpa_ptk_rekey=None): 812 ssid = "test-wpa2-psk" 813 passphrase = 'qwertyuiop' 814 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6' 815 params = hostapd.wpa2_params(ssid=ssid) 816 params['wpa_psk'] = psk 817 if wpa_ptk_rekey: 818 params['wpa_ptk_rekey'] = wpa_ptk_rekey 819 hapd = hostapd.add_ap(apdev, params) 820 hapd.request("SET ext_eapol_frame_io 1") 821 dev.request("SET ext_eapol_frame_io 1") 822 dev.connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False) 823 return hapd 824 825def ext_4way_hs(hapd, dev): 826 bssid = hapd.own_addr() 827 addr = dev.own_addr() 828 first = None 829 last = None 830 while True: 831 ev = hapd.wait_event(["EAPOL-TX", "AP-STA-CONNECTED"], timeout=15) 832 if ev is None: 833 raise Exception("Timeout on EAPOL-TX from hostapd") 834 if "AP-STA-CONNECTED" in ev: 835 dev.wait_connected(timeout=15) 836 break 837 if not first: 838 first = ev.split(' ')[2] 839 last = ev.split(' ')[2] 840 res = dev.request("EAPOL_RX " + bssid + " " + ev.split(' ')[2]) 841 if "OK" not in res: 842 raise Exception("EAPOL_RX to wpa_supplicant failed") 843 ev = dev.wait_event(["EAPOL-TX", "CTRL-EVENT-CONNECTED"], timeout=15) 844 if ev is None: 845 raise Exception("Timeout on EAPOL-TX from wpa_supplicant") 846 if "CTRL-EVENT-CONNECTED" in ev: 847 break 848 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2]) 849 if "OK" not in res: 850 raise Exception("EAPOL_RX to hostapd failed") 851 return first, last 852 853def test_ap_wpa2_psk_ext(dev, apdev): 854 """WPA2-PSK AP using external EAPOL I/O""" 855 hapd = setup_psk_ext(dev[0], apdev[0]) 856 ext_4way_hs(hapd, dev[0]) 857 858def test_ap_wpa2_psk_unexpected(dev, apdev): 859 """WPA2-PSK and supplicant receiving unexpected EAPOL-Key frames""" 860 hapd = setup_psk_ext(dev[0], apdev[0]) 861 first, last = ext_4way_hs(hapd, dev[0]) 862 863 # Not associated - Delay processing of received EAPOL frame (state=COMPLETED 864 # bssid=02:00:00:00:03:00) 865 other = "02:11:22:33:44:55" 866 res = dev[0].request("EAPOL_RX " + other + " " + first) 867 if "OK" not in res: 868 raise Exception("EAPOL_RX to wpa_supplicant failed") 869 870 # WPA: EAPOL-Key Replay Counter did not increase - dropping packet 871 bssid = hapd.own_addr() 872 res = dev[0].request("EAPOL_RX " + bssid + " " + last) 873 if "OK" not in res: 874 raise Exception("EAPOL_RX to wpa_supplicant failed") 875 876 # WPA: Invalid EAPOL-Key MIC - dropping packet 877 msg = last[0:18] + '01' + last[20:] 878 res = dev[0].request("EAPOL_RX " + bssid + " " + msg) 879 if "OK" not in res: 880 raise Exception("EAPOL_RX to wpa_supplicant failed") 881 882 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=12) 883 if ev is not None: 884 raise Exception("Unexpected disconnection") 885 886def test_ap_wpa2_psk_ext_retry_msg_3(dev, apdev): 887 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4""" 888 hapd = setup_psk_ext(dev[0], apdev[0]) 889 bssid = apdev[0]['bssid'] 890 addr = dev[0].p2p_interface_addr() 891 892 # EAPOL-Key msg 1/4 893 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 894 if ev is None: 895 raise Exception("Timeout on EAPOL-TX from hostapd") 896 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2]) 897 if "OK" not in res: 898 raise Exception("EAPOL_RX to wpa_supplicant failed") 899 900 # EAPOL-Key msg 2/4 901 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) 902 if ev is None: 903 raise Exception("Timeout on EAPOL-TX from wpa_supplicant") 904 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2]) 905 if "OK" not in res: 906 raise Exception("EAPOL_RX to hostapd failed") 907 908 # EAPOL-Key msg 3/4 909 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 910 if ev is None: 911 raise Exception("Timeout on EAPOL-TX from hostapd") 912 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2]) 913 if "OK" not in res: 914 raise Exception("EAPOL_RX to wpa_supplicant failed") 915 916 # EAPOL-Key msg 4/4 917 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) 918 if ev is None: 919 raise Exception("Timeout on EAPOL-TX from wpa_supplicant") 920 # Do not send to the AP 921 dev[0].wait_connected(timeout=15) 922 923 # EAPOL-Key msg 3/4 (retry) 924 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 925 if ev is None: 926 raise Exception("Timeout on EAPOL-TX from hostapd") 927 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2]) 928 if "OK" not in res: 929 raise Exception("EAPOL_RX to wpa_supplicant failed") 930 931 # EAPOL-Key msg 4/4 932 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) 933 if ev is None: 934 raise Exception("Timeout on EAPOL-TX from wpa_supplicant") 935 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2]) 936 if "OK" not in res: 937 raise Exception("EAPOL_RX to hostapd failed") 938 939 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15) 940 if ev is None: 941 raise Exception("Timeout on AP-STA-CONNECTED from hostapd") 942 943 hwsim_utils.test_connectivity(dev[0], hapd) 944 945def test_ap_wpa2_psk_ext_retry_msg_3b(dev, apdev): 946 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (b)""" 947 hapd = setup_psk_ext(dev[0], apdev[0]) 948 bssid = apdev[0]['bssid'] 949 addr = dev[0].p2p_interface_addr() 950 951 # EAPOL-Key msg 1/4 952 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 953 if ev is None: 954 raise Exception("Timeout on EAPOL-TX from hostapd") 955 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2]) 956 if "OK" not in res: 957 raise Exception("EAPOL_RX to wpa_supplicant failed") 958 959 # EAPOL-Key msg 2/4 960 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) 961 if ev is None: 962 raise Exception("Timeout on EAPOL-TX from wpa_supplicant") 963 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2]) 964 if "OK" not in res: 965 raise Exception("EAPOL_RX to hostapd failed") 966 967 # EAPOL-Key msg 3/4 968 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 969 if ev is None: 970 raise Exception("Timeout on EAPOL-TX from hostapd") 971 # Do not send the first msg 3/4 to the STA yet; wait for retransmission 972 # from AP. 973 msg3_1 = ev 974 975 # EAPOL-Key msg 3/4 (retry) 976 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 977 if ev is None: 978 raise Exception("Timeout on EAPOL-TX from hostapd") 979 msg3_2 = ev 980 981 # Send the first msg 3/4 to STA 982 res = dev[0].request("EAPOL_RX " + bssid + " " + msg3_1.split(' ')[2]) 983 if "OK" not in res: 984 raise Exception("EAPOL_RX to wpa_supplicant failed") 985 986 # EAPOL-Key msg 4/4 987 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) 988 if ev is None: 989 raise Exception("Timeout on EAPOL-TX from wpa_supplicant") 990 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2]) 991 if "OK" not in res: 992 raise Exception("EAPOL_RX to hostapd failed") 993 dev[0].wait_connected(timeout=15) 994 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15) 995 if ev is None: 996 raise Exception("Timeout on AP-STA-CONNECTED from hostapd") 997 998 hwsim_utils.test_connectivity(dev[0], hapd) 999 1000 # Send the second msg 3/4 to STA 1001 res = dev[0].request("EAPOL_RX " + bssid + " " + msg3_2.split(' ')[2]) 1002 if "OK" not in res: 1003 raise Exception("EAPOL_RX to wpa_supplicant failed") 1004 # EAPOL-Key msg 4/4 1005 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) 1006 if ev is None: 1007 raise Exception("Timeout on EAPOL-TX from wpa_supplicant") 1008 # Do not send the second msg 4/4 to the AP 1009 1010 hwsim_utils.test_connectivity(dev[0], hapd) 1011 1012def test_ap_wpa2_psk_ext_retry_msg_3c(dev, apdev): 1013 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (c)""" 1014 hapd = setup_psk_ext(dev[0], apdev[0]) 1015 bssid = apdev[0]['bssid'] 1016 addr = dev[0].p2p_interface_addr() 1017 1018 # EAPOL-Key msg 1/4 1019 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 1020 if ev is None: 1021 raise Exception("Timeout on EAPOL-TX from hostapd") 1022 msg1 = ev.split(' ')[2] 1023 res = dev[0].request("EAPOL_RX " + bssid + " " + msg1) 1024 if "OK" not in res: 1025 raise Exception("EAPOL_RX to wpa_supplicant failed") 1026 1027 # EAPOL-Key msg 2/4 1028 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) 1029 if ev is None: 1030 raise Exception("Timeout on EAPOL-TX from wpa_supplicant") 1031 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2]) 1032 if "OK" not in res: 1033 raise Exception("EAPOL_RX to hostapd failed") 1034 1035 # EAPOL-Key msg 3/4 1036 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 1037 if ev is None: 1038 raise Exception("Timeout on EAPOL-TX from hostapd") 1039 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2]) 1040 if "OK" not in res: 1041 raise Exception("EAPOL_RX to wpa_supplicant failed") 1042 1043 # EAPOL-Key msg 4/4 1044 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) 1045 if ev is None: 1046 raise Exception("Timeout on EAPOL-TX from wpa_supplicant") 1047 msg4 = ev.split(' ')[2] 1048 # Do not send msg 4/4 to hostapd to trigger retry 1049 1050 # STA believes everything is ready 1051 dev[0].wait_connected() 1052 1053 # EAPOL-Key msg 3/4 (retry) 1054 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 1055 if ev is None: 1056 raise Exception("Timeout on EAPOL-TX from hostapd") 1057 msg3 = ev.split(' ')[2] 1058 1059 # Send a forged msg 1/4 to STA (update replay counter) 1060 msg1b = msg1[0:18] + msg3[18:34] + msg1[34:] 1061 # and replace nonce (this results in "WPA: ANonce from message 1 of 1062 # 4-Way Handshake differs from 3 of 4-Way Handshake - drop packet" when 1063 # wpa_supplicant processed msg 3/4 afterwards) 1064 #msg1b = msg1[0:18] + msg3[18:34] + 32*"ff" + msg1[98:] 1065 res = dev[0].request("EAPOL_RX " + bssid + " " + msg1b) 1066 if "OK" not in res: 1067 raise Exception("EAPOL_RX to wpa_supplicant failed") 1068 # EAPOL-Key msg 2/4 1069 ev = dev[0].wait_event(["EAPOL-TX"], timeout=1) 1070 if ev is None: 1071 # wpa_supplicant seems to have ignored the forged message. This means 1072 # the attack would fail. 1073 logger.info("wpa_supplicant ignored forged EAPOL-Key msg 1/4") 1074 return 1075 # Do not send msg 2/4 to hostapd 1076 1077 # Send previously received msg 3/4 to STA 1078 res = dev[0].request("EAPOL_RX " + bssid + " " + msg3) 1079 if "OK" not in res: 1080 raise Exception("EAPOL_RX to wpa_supplicant failed") 1081 1082 # EAPOL-Key msg 4/4 1083 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) 1084 if ev is None: 1085 raise Exception("Timeout on EAPOL-TX from wpa_supplicant") 1086 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2]) 1087 if "OK" not in res: 1088 raise Exception("EAPOL_RX to hostapd failed") 1089 1090 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15) 1091 if ev is None: 1092 raise Exception("Timeout on AP-STA-CONNECTED from hostapd") 1093 1094 hwsim_utils.test_connectivity(dev[0], hapd) 1095 1096def test_ap_wpa2_psk_ext_retry_msg_3d(dev, apdev): 1097 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (d)""" 1098 hapd = setup_psk_ext(dev[0], apdev[0]) 1099 bssid = apdev[0]['bssid'] 1100 addr = dev[0].p2p_interface_addr() 1101 1102 # EAPOL-Key msg 1/4 1103 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 1104 if ev is None: 1105 raise Exception("Timeout on EAPOL-TX from hostapd") 1106 msg1 = ev.split(' ')[2] 1107 res = dev[0].request("EAPOL_RX " + bssid + " " + msg1) 1108 if "OK" not in res: 1109 raise Exception("EAPOL_RX to wpa_supplicant failed") 1110 1111 # EAPOL-Key msg 2/4 1112 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) 1113 if ev is None: 1114 raise Exception("Timeout on EAPOL-TX from wpa_supplicant") 1115 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2]) 1116 if "OK" not in res: 1117 raise Exception("EAPOL_RX to hostapd failed") 1118 1119 # EAPOL-Key msg 3/4 1120 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 1121 if ev is None: 1122 raise Exception("Timeout on EAPOL-TX from hostapd") 1123 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2]) 1124 if "OK" not in res: 1125 raise Exception("EAPOL_RX to wpa_supplicant failed") 1126 1127 # EAPOL-Key msg 4/4 1128 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) 1129 if ev is None: 1130 raise Exception("Timeout on EAPOL-TX from wpa_supplicant") 1131 msg4 = ev.split(' ')[2] 1132 # Do not send msg 4/4 to hostapd to trigger retry 1133 1134 # STA believes everything is ready 1135 dev[0].wait_connected() 1136 1137 # EAPOL-Key msg 3/4 (retry) 1138 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 1139 if ev is None: 1140 raise Exception("Timeout on EAPOL-TX from hostapd") 1141 msg3 = ev.split(' ')[2] 1142 1143 # Send a forged msg 1/4 to STA (update replay counter) 1144 msg1b = msg1[0:18] + msg3[18:34] + msg1[34:] 1145 res = dev[0].request("EAPOL_RX " + bssid + " " + msg1b) 1146 if "OK" not in res: 1147 raise Exception("EAPOL_RX to wpa_supplicant failed") 1148 # EAPOL-Key msg 2/4 1149 ev = dev[0].wait_event(["EAPOL-TX"], timeout=1) 1150 if ev is None: 1151 # wpa_supplicant seems to have ignored the forged message. This means 1152 # the attack would fail. 1153 logger.info("wpa_supplicant ignored forged EAPOL-Key msg 1/4") 1154 return 1155 # Do not send msg 2/4 to hostapd 1156 1157 # EAPOL-Key msg 3/4 (retry 2) 1158 # New one needed to get the correct Replay Counter value 1159 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 1160 if ev is None: 1161 raise Exception("Timeout on EAPOL-TX from hostapd") 1162 msg3 = ev.split(' ')[2] 1163 1164 # Send msg 3/4 to STA 1165 res = dev[0].request("EAPOL_RX " + bssid + " " + msg3) 1166 if "OK" not in res: 1167 raise Exception("EAPOL_RX to wpa_supplicant failed") 1168 1169 # EAPOL-Key msg 4/4 1170 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) 1171 if ev is None: 1172 raise Exception("Timeout on EAPOL-TX from wpa_supplicant") 1173 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2]) 1174 if "OK" not in res: 1175 raise Exception("EAPOL_RX to hostapd failed") 1176 1177 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15) 1178 if ev is None: 1179 raise Exception("Timeout on AP-STA-CONNECTED from hostapd") 1180 1181 hwsim_utils.test_connectivity(dev[0], hapd) 1182 1183def test_ap_wpa2_psk_ext_retry_msg_3e(dev, apdev): 1184 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (e)""" 1185 hapd = setup_psk_ext(dev[0], apdev[0]) 1186 bssid = apdev[0]['bssid'] 1187 addr = dev[0].p2p_interface_addr() 1188 1189 # EAPOL-Key msg 1/4 1190 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 1191 if ev is None: 1192 raise Exception("Timeout on EAPOL-TX from hostapd") 1193 msg1 = ev.split(' ')[2] 1194 res = dev[0].request("EAPOL_RX " + bssid + " " + msg1) 1195 if "OK" not in res: 1196 raise Exception("EAPOL_RX to wpa_supplicant failed") 1197 1198 # EAPOL-Key msg 2/4 1199 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) 1200 if ev is None: 1201 raise Exception("Timeout on EAPOL-TX from wpa_supplicant") 1202 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2]) 1203 if "OK" not in res: 1204 raise Exception("EAPOL_RX to hostapd failed") 1205 1206 # EAPOL-Key msg 3/4 1207 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 1208 if ev is None: 1209 raise Exception("Timeout on EAPOL-TX from hostapd") 1210 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2]) 1211 if "OK" not in res: 1212 raise Exception("EAPOL_RX to wpa_supplicant failed") 1213 1214 # EAPOL-Key msg 4/4 1215 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) 1216 if ev is None: 1217 raise Exception("Timeout on EAPOL-TX from wpa_supplicant") 1218 msg4 = ev.split(' ')[2] 1219 # Do not send msg 4/4 to hostapd to trigger retry 1220 1221 # STA believes everything is ready 1222 dev[0].wait_connected() 1223 1224 # EAPOL-Key msg 3/4 (retry) 1225 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 1226 if ev is None: 1227 raise Exception("Timeout on EAPOL-TX from hostapd") 1228 msg3 = ev.split(' ')[2] 1229 1230 # Send a forged msg 1/4 to STA (update replay counter and replace ANonce) 1231 msg1b = msg1[0:18] + msg3[18:34] + 32*"ff" + msg1[98:] 1232 res = dev[0].request("EAPOL_RX " + bssid + " " + msg1b) 1233 if "OK" not in res: 1234 raise Exception("EAPOL_RX to wpa_supplicant failed") 1235 # EAPOL-Key msg 2/4 1236 ev = dev[0].wait_event(["EAPOL-TX"], timeout=1) 1237 if ev is None: 1238 raise Exception("Timeout on EAPOL-TX from wpa_supplicant") 1239 # Do not send msg 2/4 to hostapd 1240 1241 # Send a forged msg 1/4 to STA (back to previously used ANonce) 1242 msg1b = msg1[0:18] + msg3[18:34] + msg1[34:] 1243 res = dev[0].request("EAPOL_RX " + bssid + " " + msg1b) 1244 if "OK" not in res: 1245 raise Exception("EAPOL_RX to wpa_supplicant failed") 1246 # EAPOL-Key msg 2/4 1247 ev = dev[0].wait_event(["EAPOL-TX"], timeout=1) 1248 if ev is None: 1249 # wpa_supplicant seems to have ignored the forged message. This means 1250 # the attack would fail. 1251 logger.info("wpa_supplicant ignored forged EAPOL-Key msg 1/4") 1252 return 1253 # Do not send msg 2/4 to hostapd 1254 1255 # EAPOL-Key msg 3/4 (retry 2) 1256 # New one needed to get the correct Replay Counter value 1257 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 1258 if ev is None: 1259 raise Exception("Timeout on EAPOL-TX from hostapd") 1260 msg3 = ev.split(' ')[2] 1261 1262 # Send msg 3/4 to STA 1263 res = dev[0].request("EAPOL_RX " + bssid + " " + msg3) 1264 if "OK" not in res: 1265 raise Exception("EAPOL_RX to wpa_supplicant failed") 1266 1267 # EAPOL-Key msg 4/4 1268 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) 1269 if ev is None: 1270 raise Exception("Timeout on EAPOL-TX from wpa_supplicant") 1271 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2]) 1272 if "OK" not in res: 1273 raise Exception("EAPOL_RX to hostapd failed") 1274 1275 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15) 1276 if ev is None: 1277 raise Exception("Timeout on AP-STA-CONNECTED from hostapd") 1278 1279 hwsim_utils.test_connectivity(dev[0], hapd) 1280 1281def test_ap_wpa2_psk_ext_delayed_ptk_rekey(dev, apdev): 1282 """WPA2-PSK AP using external EAPOL I/O and delayed PTK rekey exchange""" 1283 hapd = setup_psk_ext(dev[0], apdev[0], wpa_ptk_rekey="3") 1284 bssid = apdev[0]['bssid'] 1285 addr = dev[0].p2p_interface_addr() 1286 1287 # EAPOL-Key msg 1/4 1288 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 1289 if ev is None: 1290 raise Exception("Timeout on EAPOL-TX from hostapd") 1291 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2]) 1292 if "OK" not in res: 1293 raise Exception("EAPOL_RX to wpa_supplicant failed") 1294 1295 # EAPOL-Key msg 2/4 1296 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) 1297 if ev is None: 1298 raise Exception("Timeout on EAPOL-TX from wpa_supplicant") 1299 msg2 = ev.split(' ')[2] 1300 # Do not send this to the AP 1301 1302 # EAPOL-Key msg 1/4 (retry) 1303 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 1304 if ev is None: 1305 raise Exception("Timeout on EAPOL-TX from hostapd") 1306 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2]) 1307 if "OK" not in res: 1308 raise Exception("EAPOL_RX to wpa_supplicant failed") 1309 1310 # EAPOL-Key msg 2/4 1311 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) 1312 if ev is None: 1313 raise Exception("Timeout on EAPOL-TX from wpa_supplicant") 1314 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2]) 1315 if "OK" not in res: 1316 raise Exception("EAPOL_RX to hostapd failed") 1317 1318 # EAPOL-Key msg 3/4 1319 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 1320 if ev is None: 1321 raise Exception("Timeout on EAPOL-TX from hostapd") 1322 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2]) 1323 if "OK" not in res: 1324 raise Exception("EAPOL_RX to wpa_supplicant failed") 1325 1326 # EAPOL-Key msg 4/4 1327 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) 1328 if ev is None: 1329 raise Exception("Timeout on EAPOL-TX from wpa_supplicant") 1330 msg4 = ev.split(' ')[2] 1331 # Do not send msg 4/4 to AP 1332 1333 # EAPOL-Key msg 3/4 (retry) 1334 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 1335 if ev is None: 1336 raise Exception("Timeout on EAPOL-TX from hostapd") 1337 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2]) 1338 if "OK" not in res: 1339 raise Exception("EAPOL_RX to wpa_supplicant failed") 1340 1341 # EAPOL-Key msg 4/4 1342 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) 1343 if ev is None: 1344 raise Exception("Timeout on EAPOL-TX from wpa_supplicant") 1345 msg4b = ev.split(' ')[2] 1346 # Do not send msg 4/4 to AP 1347 1348 # Send the previous EAPOL-Key msg 4/4 to AP 1349 res = hapd.request("EAPOL_RX " + addr + " " + msg4) 1350 if "OK" not in res: 1351 raise Exception("EAPOL_RX to hostapd failed") 1352 1353 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15) 1354 if ev is None: 1355 raise Exception("Timeout on AP-STA-CONNECTED from hostapd") 1356 1357 # Wait for PTK rekeying to be initialized 1358 # EAPOL-Key msg 1/4 1359 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 1360 if ev is None: 1361 raise Exception("Timeout on EAPOL-TX from hostapd") 1362 1363 # EAPOL-Key msg 2/4 from the previous 4-way handshake 1364 # hostapd is expected to ignore this due to unexpected Replay Counter 1365 res = hapd.request("EAPOL_RX " + addr + " " + msg2) 1366 if "OK" not in res: 1367 raise Exception("EAPOL_RX to hostapd failed") 1368 1369 # EAPOL-Key msg 3/4 (actually, this ends up being retransmitted 1/4) 1370 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 1371 if ev is None: 1372 raise Exception("Timeout on EAPOL-TX from hostapd") 1373 keyinfo = ev.split(' ')[2][10:14] 1374 if keyinfo != "028a": 1375 raise Exception("Unexpected key info when expected msg 1/4:" + keyinfo) 1376 1377 # EAPOL-Key msg 4/4 from the previous 4-way handshake 1378 # hostapd is expected to ignore this due to unexpected Replay Counter 1379 res = hapd.request("EAPOL_RX " + addr + " " + msg4b) 1380 if "OK" not in res: 1381 raise Exception("EAPOL_RX to hostapd failed") 1382 1383 # Check if any more EAPOL-Key frames are seen. If the second 4-way handshake 1384 # was accepted, there would be no more EAPOL-Key frames. If the Replay 1385 # Counters were rejected, there would be a retransmitted msg 1/4 here. 1386 ev = hapd.wait_event(["EAPOL-TX"], timeout=1.1) 1387 if ev is None: 1388 raise Exception("Did not see EAPOL-TX from hostapd in the end (expected msg 1/4)") 1389 keyinfo = ev.split(' ')[2][10:14] 1390 if keyinfo != "028a": 1391 raise Exception("Unexpected key info when expected msg 1/4:" + keyinfo) 1392 1393def parse_eapol(data): 1394 (version, type, length) = struct.unpack('>BBH', data[0:4]) 1395 payload = data[4:] 1396 if length > len(payload): 1397 raise Exception("Invalid EAPOL length") 1398 if length < len(payload): 1399 payload = payload[0:length] 1400 eapol = {} 1401 eapol['version'] = version 1402 eapol['type'] = type 1403 eapol['length'] = length 1404 eapol['payload'] = payload 1405 if type == 3: 1406 # EAPOL-Key 1407 (eapol['descr_type'],) = struct.unpack('B', payload[0:1]) 1408 payload = payload[1:] 1409 if eapol['descr_type'] == 2 or eapol['descr_type'] == 254: 1410 # RSN EAPOL-Key 1411 (key_info, key_len) = struct.unpack('>HH', payload[0:4]) 1412 eapol['rsn_key_info'] = key_info 1413 eapol['rsn_key_len'] = key_len 1414 eapol['rsn_replay_counter'] = payload[4:12] 1415 eapol['rsn_key_nonce'] = payload[12:44] 1416 eapol['rsn_key_iv'] = payload[44:60] 1417 eapol['rsn_key_rsc'] = payload[60:68] 1418 eapol['rsn_key_id'] = payload[68:76] 1419 eapol['rsn_key_mic'] = payload[76:92] 1420 payload = payload[92:] 1421 (eapol['rsn_key_data_len'],) = struct.unpack('>H', payload[0:2]) 1422 payload = payload[2:] 1423 eapol['rsn_key_data'] = payload 1424 return eapol 1425 1426def build_eapol(msg): 1427 data = struct.pack(">BBH", msg['version'], msg['type'], msg['length']) 1428 if msg['type'] == 3: 1429 data += struct.pack('>BHH', msg['descr_type'], msg['rsn_key_info'], 1430 msg['rsn_key_len']) 1431 data += msg['rsn_replay_counter'] 1432 data += msg['rsn_key_nonce'] 1433 data += msg['rsn_key_iv'] 1434 data += msg['rsn_key_rsc'] 1435 data += msg['rsn_key_id'] 1436 data += msg['rsn_key_mic'] 1437 data += struct.pack('>H', msg['rsn_key_data_len']) 1438 data += msg['rsn_key_data'] 1439 else: 1440 data += msg['payload'] 1441 return data 1442 1443def sha1_prf(key, label, data, outlen): 1444 res = b'' 1445 counter = 0 1446 while outlen > 0: 1447 m = hmac.new(key, label.encode(), hashlib.sha1) 1448 m.update(struct.pack('B', 0)) 1449 m.update(data) 1450 m.update(struct.pack('B', counter)) 1451 counter += 1 1452 hash = m.digest() 1453 if outlen > len(hash): 1454 res += hash 1455 outlen -= len(hash) 1456 else: 1457 res += hash[0:outlen] 1458 outlen = 0 1459 return res 1460 1461def pmk_to_ptk(pmk, addr1, addr2, nonce1, nonce2): 1462 if addr1 < addr2: 1463 data = binascii.unhexlify(addr1.replace(':', '')) + binascii.unhexlify(addr2.replace(':', '')) 1464 else: 1465 data = binascii.unhexlify(addr2.replace(':', '')) + binascii.unhexlify(addr1.replace(':', '')) 1466 if nonce1 < nonce2: 1467 data += nonce1 + nonce2 1468 else: 1469 data += nonce2 + nonce1 1470 label = "Pairwise key expansion" 1471 ptk = sha1_prf(pmk, label, data, 48) 1472 kck = ptk[0:16] 1473 kek = ptk[16:32] 1474 return (ptk, kck, kek) 1475 1476def eapol_key_mic(kck, msg): 1477 msg['rsn_key_mic'] = binascii.unhexlify('00000000000000000000000000000000') 1478 data = build_eapol(msg) 1479 m = hmac.new(kck, data, hashlib.sha1) 1480 msg['rsn_key_mic'] = m.digest()[0:16] 1481 1482def rsn_eapol_key_set(msg, key_info, key_len, nonce, data): 1483 msg['rsn_key_info'] = key_info 1484 msg['rsn_key_len'] = key_len 1485 if nonce: 1486 msg['rsn_key_nonce'] = nonce 1487 else: 1488 msg['rsn_key_nonce'] = binascii.unhexlify('0000000000000000000000000000000000000000000000000000000000000000') 1489 if data: 1490 msg['rsn_key_data_len'] = len(data) 1491 msg['rsn_key_data'] = data 1492 msg['length'] = 95 + len(data) 1493 else: 1494 msg['rsn_key_data_len'] = 0 1495 msg['rsn_key_data'] = b'' 1496 msg['length'] = 95 1497 1498def recv_eapol(hapd): 1499 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 1500 if ev is None: 1501 raise Exception("Timeout on EAPOL-TX from hostapd") 1502 eapol = binascii.unhexlify(ev.split(' ')[2]) 1503 return parse_eapol(eapol) 1504 1505def send_eapol(hapd, addr, data): 1506 res = hapd.request("EAPOL_RX " + addr + " " + binascii.hexlify(data).decode()) 1507 if "OK" not in res: 1508 raise Exception("EAPOL_RX to hostapd failed") 1509 1510def reply_eapol(info, hapd, addr, msg, key_info, nonce, data, kck): 1511 logger.info("Send EAPOL-Key msg " + info) 1512 rsn_eapol_key_set(msg, key_info, 0, nonce, data) 1513 eapol_key_mic(kck, msg) 1514 send_eapol(hapd, addr, build_eapol(msg)) 1515 1516def eapol_test(apdev, dev, wpa2=True, ieee80211w=0): 1517 bssid = apdev['bssid'] 1518 if wpa2: 1519 ssid = "test-wpa2-psk" 1520 else: 1521 ssid = "test-wpa-psk" 1522 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6' 1523 pmk = binascii.unhexlify(psk) 1524 if wpa2: 1525 params = hostapd.wpa2_params(ssid=ssid) 1526 else: 1527 params = hostapd.wpa_params(ssid=ssid) 1528 params['wpa_psk'] = psk 1529 params['ieee80211w'] = str(ieee80211w) 1530 hapd = hostapd.add_ap(apdev, params) 1531 hapd.request("SET ext_eapol_frame_io 1") 1532 dev.request("SET ext_eapol_frame_io 1") 1533 dev.connect(ssid, raw_psk=psk, scan_freq="2412", wait_connect=False, 1534 ieee80211w=str(ieee80211w)) 1535 addr = dev.p2p_interface_addr() 1536 if wpa2: 1537 if ieee80211w == 2: 1538 rsne = binascii.unhexlify('30140100000fac040100000fac040100000fac02cc00') 1539 else: 1540 rsne = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00') 1541 else: 1542 rsne = binascii.unhexlify('dd160050f20101000050f20201000050f20201000050f202') 1543 snonce = binascii.unhexlify('1111111111111111111111111111111111111111111111111111111111111111') 1544 return (bssid, ssid, hapd, snonce, pmk, addr, rsne) 1545 1546@remote_compatible 1547def test_ap_wpa2_psk_ext_eapol(dev, apdev): 1548 """WPA2-PSK AP using external EAPOL supplicant""" 1549 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) 1550 1551 msg = recv_eapol(hapd) 1552 anonce = msg['rsn_key_nonce'] 1553 logger.info("Replay same data back") 1554 send_eapol(hapd, addr, build_eapol(msg)) 1555 1556 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) 1557 1558 logger.info("Truncated Key Data in EAPOL-Key msg 2/4") 1559 rsn_eapol_key_set(msg, 0x0101, 0, snonce, rsne) 1560 msg['length'] = 95 + 22 - 1 1561 send_eapol(hapd, addr, build_eapol(msg)) 1562 1563 reply_eapol("2/4", hapd, addr, msg, 0x010a, snonce, rsne, kck) 1564 1565 msg = recv_eapol(hapd) 1566 if anonce != msg['rsn_key_nonce']: 1567 raise Exception("ANonce changed") 1568 logger.info("Replay same data back") 1569 send_eapol(hapd, addr, build_eapol(msg)) 1570 1571 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck) 1572 hapd.wait_sta(timeout=15) 1573 dev[0].request("DISCONNECT") 1574 1575@remote_compatible 1576def test_ap_wpa2_psk_ext_eapol_retry1(dev, apdev): 1577 """WPA2 4-way handshake with EAPOL-Key 1/4 retransmitted""" 1578 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) 1579 1580 msg1 = recv_eapol(hapd) 1581 anonce = msg1['rsn_key_nonce'] 1582 1583 msg2 = recv_eapol(hapd) 1584 if anonce != msg2['rsn_key_nonce']: 1585 raise Exception("ANonce changed") 1586 1587 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) 1588 1589 logger.info("Send EAPOL-Key msg 2/4") 1590 msg = msg2 1591 rsn_eapol_key_set(msg, 0x010a, 0, snonce, rsne) 1592 eapol_key_mic(kck, msg) 1593 send_eapol(hapd, addr, build_eapol(msg)) 1594 1595 msg = recv_eapol(hapd) 1596 if anonce != msg['rsn_key_nonce']: 1597 raise Exception("ANonce changed") 1598 1599 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck) 1600 hapd.wait_sta(timeout=15) 1601 dev[0].request("DISCONNECT") 1602 1603@remote_compatible 1604def test_ap_wpa2_psk_ext_eapol_retry1b(dev, apdev): 1605 """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted""" 1606 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) 1607 1608 msg1 = recv_eapol(hapd) 1609 anonce = msg1['rsn_key_nonce'] 1610 msg2 = recv_eapol(hapd) 1611 if anonce != msg2['rsn_key_nonce']: 1612 raise Exception("ANonce changed") 1613 1614 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) 1615 reply_eapol("2/4 (a)", hapd, addr, msg1, 0x010a, snonce, rsne, kck) 1616 reply_eapol("2/4 (b)", hapd, addr, msg2, 0x010a, snonce, rsne, kck) 1617 1618 msg = recv_eapol(hapd) 1619 if anonce != msg['rsn_key_nonce']: 1620 raise Exception("ANonce changed") 1621 1622 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck) 1623 hapd.wait_sta(timeout=15) 1624 dev[0].request("DISCONNECT") 1625 1626@remote_compatible 1627def test_ap_wpa2_psk_ext_eapol_retry1c(dev, apdev): 1628 """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted and SNonce changing""" 1629 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) 1630 1631 msg1 = recv_eapol(hapd) 1632 anonce = msg1['rsn_key_nonce'] 1633 1634 msg2 = recv_eapol(hapd) 1635 if anonce != msg2['rsn_key_nonce']: 1636 raise Exception("ANonce changed") 1637 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) 1638 reply_eapol("2/4 (a)", hapd, addr, msg1, 0x010a, snonce, rsne, kck) 1639 1640 snonce2 = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') 1641 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce2, anonce) 1642 reply_eapol("2/4 (b)", hapd, addr, msg2, 0x010a, snonce2, rsne, kck) 1643 1644 msg = recv_eapol(hapd) 1645 if anonce != msg['rsn_key_nonce']: 1646 raise Exception("ANonce changed") 1647 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck) 1648 hapd.wait_sta(timeout=15) 1649 dev[0].request("DISCONNECT") 1650 1651@remote_compatible 1652def test_ap_wpa2_psk_ext_eapol_retry1d(dev, apdev): 1653 """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted and SNonce changing and older used""" 1654 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) 1655 1656 msg1 = recv_eapol(hapd) 1657 anonce = msg1['rsn_key_nonce'] 1658 msg2 = recv_eapol(hapd) 1659 if anonce != msg2['rsn_key_nonce']: 1660 raise Exception("ANonce changed") 1661 1662 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) 1663 reply_eapol("2/4 (a)", hapd, addr, msg1, 0x010a, snonce, rsne, kck) 1664 1665 snonce2 = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') 1666 (ptk2, kck2, kek2) = pmk_to_ptk(pmk, addr, bssid, snonce2, anonce) 1667 1668 reply_eapol("2/4 (b)", hapd, addr, msg2, 0x010a, snonce2, rsne, kck2) 1669 msg = recv_eapol(hapd) 1670 if anonce != msg['rsn_key_nonce']: 1671 raise Exception("ANonce changed") 1672 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck) 1673 hapd.wait_sta(timeout=15) 1674 dev[0].request("DISCONNECT") 1675 1676@remote_compatible 1677def test_ap_wpa2_psk_ext_eapol_type_diff(dev, apdev): 1678 """WPA2 4-way handshake using external EAPOL supplicant""" 1679 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) 1680 1681 msg = recv_eapol(hapd) 1682 anonce = msg['rsn_key_nonce'] 1683 1684 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) 1685 1686 # Incorrect descriptor type (frame dropped) 1687 msg['descr_type'] = 253 1688 rsn_eapol_key_set(msg, 0x010a, 0, snonce, rsne) 1689 eapol_key_mic(kck, msg) 1690 send_eapol(hapd, addr, build_eapol(msg)) 1691 1692 # Incorrect descriptor type, but with a workaround (frame processed) 1693 msg['descr_type'] = 254 1694 rsn_eapol_key_set(msg, 0x010a, 0, snonce, rsne) 1695 eapol_key_mic(kck, msg) 1696 send_eapol(hapd, addr, build_eapol(msg)) 1697 1698 msg = recv_eapol(hapd) 1699 if anonce != msg['rsn_key_nonce']: 1700 raise Exception("ANonce changed") 1701 logger.info("Replay same data back") 1702 send_eapol(hapd, addr, build_eapol(msg)) 1703 1704 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck) 1705 hapd.wait_sta(timeout=15) 1706 dev[0].request("DISCONNECT") 1707 1708@remote_compatible 1709def test_ap_wpa_psk_ext_eapol(dev, apdev): 1710 """WPA2-PSK AP using external EAPOL supplicant""" 1711 skip_without_tkip(dev[0]) 1712 (bssid, ssid, hapd, snonce, pmk, addr, wpae) = eapol_test(apdev[0], dev[0], 1713 wpa2=False) 1714 1715 msg = recv_eapol(hapd) 1716 anonce = msg['rsn_key_nonce'] 1717 logger.info("Replay same data back") 1718 send_eapol(hapd, addr, build_eapol(msg)) 1719 logger.info("Too short data") 1720 send_eapol(hapd, addr, build_eapol(msg)[0:98]) 1721 1722 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) 1723 msg['descr_type'] = 2 1724 reply_eapol("2/4(invalid type)", hapd, addr, msg, 0x010a, snonce, wpae, kck) 1725 msg['descr_type'] = 254 1726 reply_eapol("2/4", hapd, addr, msg, 0x010a, snonce, wpae, kck) 1727 1728 msg = recv_eapol(hapd) 1729 if anonce != msg['rsn_key_nonce']: 1730 raise Exception("ANonce changed") 1731 logger.info("Replay same data back") 1732 send_eapol(hapd, addr, build_eapol(msg)) 1733 1734 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck) 1735 hapd.wait_sta(timeout=15) 1736 dev[0].request("DISCONNECT") 1737 1738@remote_compatible 1739def test_ap_wpa2_psk_ext_eapol_key_info(dev, apdev): 1740 """WPA2-PSK 4-way handshake with strange key info values""" 1741 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) 1742 1743 msg = recv_eapol(hapd) 1744 anonce = msg['rsn_key_nonce'] 1745 1746 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) 1747 rsn_eapol_key_set(msg, 0x0000, 0, snonce, rsne) 1748 send_eapol(hapd, addr, build_eapol(msg)) 1749 rsn_eapol_key_set(msg, 0xffff, 0, snonce, rsne) 1750 send_eapol(hapd, addr, build_eapol(msg)) 1751 # SMK M1 1752 rsn_eapol_key_set(msg, 0x2802, 0, snonce, rsne) 1753 send_eapol(hapd, addr, build_eapol(msg)) 1754 # SMK M3 1755 rsn_eapol_key_set(msg, 0x2002, 0, snonce, rsne) 1756 send_eapol(hapd, addr, build_eapol(msg)) 1757 # Request 1758 rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne) 1759 send_eapol(hapd, addr, build_eapol(msg)) 1760 # Request 1761 rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne) 1762 tmp_kck = binascii.unhexlify('00000000000000000000000000000000') 1763 eapol_key_mic(tmp_kck, msg) 1764 send_eapol(hapd, addr, build_eapol(msg)) 1765 1766 reply_eapol("2/4", hapd, addr, msg, 0x010a, snonce, rsne, kck) 1767 1768 msg = recv_eapol(hapd) 1769 if anonce != msg['rsn_key_nonce']: 1770 raise Exception("ANonce changed") 1771 1772 # Request (valic MIC) 1773 rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne) 1774 eapol_key_mic(kck, msg) 1775 send_eapol(hapd, addr, build_eapol(msg)) 1776 # Request (valid MIC, replayed counter) 1777 rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne) 1778 eapol_key_mic(kck, msg) 1779 send_eapol(hapd, addr, build_eapol(msg)) 1780 # EAPOL-Key msg 4/4 with incorrectly encrypred Key Data field 1781 hapd.note("RSN: AES unwrap failed - could not decrypt EAPOL-Key key data") 1782 key_data = 24*b'1' 1783 rsn_eapol_key_set(msg, 0x130a, 0, snonce, key_data) 1784 send_eapol(hapd, addr, build_eapol(msg)) 1785 # EAPOL-Key msg 4/4 claimed to be encrypred with RC4 1786 hapd.note("WPA: did not use HMAC-SHA1-AES with CCMP/GCMP") 1787 rsn_eapol_key_set(msg, 0x1309, 0, snonce, key_data) 1788 send_eapol(hapd, addr, build_eapol(msg)) 1789 1790 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck) 1791 hapd.wait_sta(timeout=15) 1792 dev[0].request("DISCONNECT") 1793 1794def build_eapol_key_1_4(anonce, replay_counter=1, key_data=b'', key_len=16): 1795 msg = {} 1796 msg['version'] = 2 1797 msg['type'] = 3 1798 msg['length'] = 95 + len(key_data) 1799 1800 msg['descr_type'] = 2 1801 msg['rsn_key_info'] = 0x8a 1802 msg['rsn_key_len'] = key_len 1803 msg['rsn_replay_counter'] = struct.pack('>Q', replay_counter) 1804 msg['rsn_key_nonce'] = anonce 1805 msg['rsn_key_iv'] = binascii.unhexlify('00000000000000000000000000000000') 1806 msg['rsn_key_rsc'] = binascii.unhexlify('0000000000000000') 1807 msg['rsn_key_id'] = binascii.unhexlify('0000000000000000') 1808 msg['rsn_key_mic'] = binascii.unhexlify('00000000000000000000000000000000') 1809 msg['rsn_key_data_len'] = len(key_data) 1810 msg['rsn_key_data'] = key_data 1811 return msg 1812 1813def build_eapol_key_3_4(anonce, kck, key_data, replay_counter=2, 1814 key_info=0x13ca, extra_len=0, descr_type=2, key_len=16): 1815 msg = {} 1816 msg['version'] = 2 1817 msg['type'] = 3 1818 msg['length'] = 95 + len(key_data) + extra_len 1819 1820 msg['descr_type'] = descr_type 1821 msg['rsn_key_info'] = key_info 1822 msg['rsn_key_len'] = key_len 1823 msg['rsn_replay_counter'] = struct.pack('>Q', replay_counter) 1824 msg['rsn_key_nonce'] = anonce 1825 msg['rsn_key_iv'] = binascii.unhexlify('00000000000000000000000000000000') 1826 msg['rsn_key_rsc'] = binascii.unhexlify('0000000000000000') 1827 msg['rsn_key_id'] = binascii.unhexlify('0000000000000000') 1828 msg['rsn_key_data_len'] = len(key_data) 1829 msg['rsn_key_data'] = key_data 1830 eapol_key_mic(kck, msg) 1831 return msg 1832 1833def aes_wrap(kek, plain): 1834 n = len(plain) // 8 1835 a = 0xa6a6a6a6a6a6a6a6 1836 enc = AES.new(kek, AES.MODE_ECB).encrypt 1837 r = [plain[i * 8:(i + 1) * 8] for i in range(0, n)] 1838 for j in range(6): 1839 for i in range(1, n + 1): 1840 b = enc(struct.pack('>Q', a) + r[i - 1]) 1841 a = struct.unpack('>Q', b[:8])[0] ^ (n * j + i) 1842 r[i - 1] = b[8:] 1843 return struct.pack('>Q', a) + b''.join(r) 1844 1845def pad_key_data(plain): 1846 pad_len = len(plain) % 8 1847 if pad_len: 1848 pad_len = 8 - pad_len 1849 plain += b'\xdd' 1850 pad_len -= 1 1851 plain += pad_len * b'\x00' 1852 return plain 1853 1854def test_ap_wpa2_psk_supp_proto(dev, apdev): 1855 """WPA2-PSK 4-way handshake protocol testing for supplicant""" 1856 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) 1857 1858 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated 1859 msg = recv_eapol(hapd) 1860 dev[0].dump_monitor() 1861 1862 # Build own EAPOL-Key msg 1/4 1863 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') 1864 counter = 1 1865 msg = build_eapol_key_1_4(anonce, replay_counter=counter) 1866 counter += 1 1867 send_eapol(dev[0], bssid, build_eapol(msg)) 1868 msg = recv_eapol(dev[0]) 1869 snonce = msg['rsn_key_nonce'] 1870 1871 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) 1872 1873 logger.debug("Invalid AES wrap data length 0") 1874 dev[0].dump_monitor() 1875 msg = build_eapol_key_3_4(anonce, kck, b'', replay_counter=counter) 1876 counter += 1 1877 send_eapol(dev[0], bssid, build_eapol(msg)) 1878 ev = dev[0].wait_event(["WPA: Unsupported AES-WRAP len 0"]) 1879 if ev is None: 1880 raise Exception("Unsupported AES-WRAP len 0 not reported") 1881 1882 logger.debug("Invalid AES wrap data length 1") 1883 dev[0].dump_monitor() 1884 msg = build_eapol_key_3_4(anonce, kck, b'1', replay_counter=counter) 1885 counter += 1 1886 send_eapol(dev[0], bssid, build_eapol(msg)) 1887 ev = dev[0].wait_event(["WPA: Unsupported AES-WRAP len 1"]) 1888 if ev is None: 1889 raise Exception("Unsupported AES-WRAP len 1 not reported") 1890 1891 logger.debug("Invalid AES wrap data length 9") 1892 dev[0].dump_monitor() 1893 msg = build_eapol_key_3_4(anonce, kck, b'123456789', replay_counter=counter) 1894 counter += 1 1895 send_eapol(dev[0], bssid, build_eapol(msg)) 1896 ev = dev[0].wait_event(["WPA: Unsupported AES-WRAP len 9"]) 1897 if ev is None: 1898 raise Exception("Unsupported AES-WRAP len 9 not reported") 1899 1900 logger.debug("Invalid AES wrap data payload") 1901 dev[0].dump_monitor() 1902 msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter) 1903 # do not increment counter to test replay protection 1904 send_eapol(dev[0], bssid, build_eapol(msg)) 1905 ev = dev[0].wait_event(["WPA: AES unwrap failed"]) 1906 if ev is None: 1907 raise Exception("AES unwrap failure not reported") 1908 1909 logger.debug("Replay Count not increasing") 1910 dev[0].dump_monitor() 1911 msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter) 1912 counter += 1 1913 send_eapol(dev[0], bssid, build_eapol(msg)) 1914 ev = dev[0].wait_event(["WPA: EAPOL-Key Replay Counter did not increase"]) 1915 if ev is None: 1916 raise Exception("Replay Counter replay not reported") 1917 1918 logger.debug("Missing Ack bit in key info") 1919 dev[0].dump_monitor() 1920 msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter, 1921 key_info=0x134a) 1922 counter += 1 1923 send_eapol(dev[0], bssid, build_eapol(msg)) 1924 ev = dev[0].wait_event(["WPA: No Ack bit in key_info"]) 1925 if ev is None: 1926 raise Exception("Missing Ack bit not reported") 1927 1928 logger.debug("Unexpected Request bit in key info") 1929 dev[0].dump_monitor() 1930 msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter, 1931 key_info=0x1bca) 1932 counter += 1 1933 send_eapol(dev[0], bssid, build_eapol(msg)) 1934 ev = dev[0].wait_event(["WPA: EAPOL-Key with Request bit"]) 1935 if ev is None: 1936 raise Exception("Request bit not reported") 1937 1938 logger.debug("Unsupported key descriptor version 0") 1939 dev[0].dump_monitor() 1940 msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef', 1941 replay_counter=counter, key_info=0x13c8) 1942 counter += 1 1943 send_eapol(dev[0], bssid, build_eapol(msg)) 1944 ev = dev[0].wait_event(["RSN: Unsupported EAPOL-Key descriptor version 0"]) 1945 if ev is None: 1946 raise Exception("Unsupported EAPOL-Key descriptor version 0 not reported") 1947 1948 logger.debug("Key descriptor version 1 not allowed with CCMP") 1949 dev[0].dump_monitor() 1950 msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef', 1951 replay_counter=counter, key_info=0x13c9) 1952 counter += 1 1953 send_eapol(dev[0], bssid, build_eapol(msg)) 1954 ev = dev[0].wait_event(["RSN: EAPOL-Key descriptor version 1 not allowed without TKIP as the pairwise cipher"]) 1955 if ev is None: 1956 raise Exception("Not allowed EAPOL-Key descriptor version not reported") 1957 1958 logger.debug("Invalid AES wrap payload with key descriptor version 2") 1959 dev[0].dump_monitor() 1960 msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef', 1961 replay_counter=counter, key_info=0x13ca) 1962 counter += 1 1963 send_eapol(dev[0], bssid, build_eapol(msg)) 1964 ev = dev[0].wait_event(["WPA: AES unwrap failed"]) 1965 if ev is None: 1966 raise Exception("AES unwrap failure not reported") 1967 1968 logger.debug("Key descriptor version 3 workaround") 1969 dev[0].dump_monitor() 1970 msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef', 1971 replay_counter=counter, key_info=0x13cb) 1972 counter += 1 1973 send_eapol(dev[0], bssid, build_eapol(msg)) 1974 ev = dev[0].wait_event(["RSN: CCMP is used, but EAPOL-Key descriptor version (3) is not 2"]) 1975 if ev is None: 1976 raise Exception("CCMP key descriptor mismatch not reported") 1977 ev = dev[0].wait_event(["RSN: Interoperability workaround"]) 1978 if ev is None: 1979 raise Exception("AES-128-CMAC workaround not reported") 1980 ev = dev[0].wait_event(["WPA: Invalid EAPOL-Key MIC - dropping packet"]) 1981 if ev is None: 1982 raise Exception("MIC failure with AES-128-CMAC workaround not reported") 1983 1984 logger.debug("Unsupported key descriptor version 4") 1985 dev[0].dump_monitor() 1986 msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef', 1987 replay_counter=counter, key_info=0x13cc) 1988 counter += 1 1989 send_eapol(dev[0], bssid, build_eapol(msg)) 1990 ev = dev[0].wait_event(["RSN: Unsupported EAPOL-Key descriptor version 4"]) 1991 if ev is None: 1992 raise Exception("Unsupported EAPOL-Key descriptor version 4 not reported") 1993 1994 logger.debug("Unsupported key descriptor version 7") 1995 dev[0].dump_monitor() 1996 msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef', 1997 replay_counter=counter, key_info=0x13cf) 1998 counter += 1 1999 send_eapol(dev[0], bssid, build_eapol(msg)) 2000 ev = dev[0].wait_event(["RSN: Unsupported EAPOL-Key descriptor version 7"]) 2001 if ev is None: 2002 raise Exception("Unsupported EAPOL-Key descriptor version 7 not reported") 2003 2004 logger.debug("Too short EAPOL header length") 2005 dev[0].dump_monitor() 2006 msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter, 2007 extra_len=-1) 2008 counter += 1 2009 send_eapol(dev[0], bssid, build_eapol(msg)) 2010 ev = dev[0].wait_event(["WPA: Invalid EAPOL-Key frame - key_data overflow (8 > 7)"]) 2011 if ev is None: 2012 raise Exception("Key data overflow not reported") 2013 2014 logger.debug("Too long EAPOL header length") 2015 msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter, 2016 extra_len=1) 2017 counter += 1 2018 send_eapol(dev[0], bssid, build_eapol(msg)) 2019 2020 logger.debug("Unsupported descriptor type 0") 2021 msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter, 2022 descr_type=0) 2023 counter += 1 2024 send_eapol(dev[0], bssid, build_eapol(msg)) 2025 2026 logger.debug("WPA descriptor type 0") 2027 msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter, 2028 descr_type=254) 2029 counter += 1 2030 send_eapol(dev[0], bssid, build_eapol(msg)) 2031 2032 logger.debug("Non-zero key index for pairwise key") 2033 dev[0].dump_monitor() 2034 wrapped = aes_wrap(kek, 16*b'z') 2035 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter, 2036 key_info=0x13ea) 2037 counter += 1 2038 send_eapol(dev[0], bssid, build_eapol(msg)) 2039 ev = dev[0].wait_event(["RSN: Ignored EAPOL-Key (Pairwise) with non-zero key index"]) 2040 if ev is None: 2041 raise Exception("Non-zero key index not reported") 2042 2043 logger.debug("Invalid Key Data plaintext payload --> disconnect") 2044 dev[0].dump_monitor() 2045 wrapped = aes_wrap(kek, 16*b'z') 2046 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter) 2047 counter += 1 2048 send_eapol(dev[0], bssid, build_eapol(msg)) 2049 dev[0].wait_disconnected(timeout=1) 2050 dev[0].request("DISCONNECT") 2051 2052def test_ap_wpa2_psk_supp_proto_no_ie(dev, apdev): 2053 """WPA2-PSK supplicant protocol testing: IE not included""" 2054 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) 2055 2056 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated 2057 msg = recv_eapol(hapd) 2058 dev[0].dump_monitor() 2059 2060 # Build own EAPOL-Key msg 1/4 2061 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') 2062 counter = 1 2063 msg = build_eapol_key_1_4(anonce, replay_counter=counter) 2064 counter += 1 2065 send_eapol(dev[0], bssid, build_eapol(msg)) 2066 msg = recv_eapol(dev[0]) 2067 snonce = msg['rsn_key_nonce'] 2068 2069 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) 2070 2071 logger.debug("No IEs in msg 3/4 --> disconnect") 2072 dev[0].dump_monitor() 2073 wrapped = aes_wrap(kek, 16*b'\x00') 2074 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter) 2075 counter += 1 2076 send_eapol(dev[0], bssid, build_eapol(msg)) 2077 dev[0].wait_disconnected(timeout=1) 2078 dev[0].request("DISCONNECT") 2079 2080def test_ap_wpa2_psk_supp_proto_ie_mismatch(dev, apdev): 2081 """WPA2-PSK supplicant protocol testing: IE mismatch""" 2082 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) 2083 2084 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated 2085 msg = recv_eapol(hapd) 2086 dev[0].dump_monitor() 2087 2088 # Build own EAPOL-Key msg 1/4 2089 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') 2090 counter = 1 2091 msg = build_eapol_key_1_4(anonce, replay_counter=counter) 2092 counter += 1 2093 send_eapol(dev[0], bssid, build_eapol(msg)) 2094 msg = recv_eapol(dev[0]) 2095 snonce = msg['rsn_key_nonce'] 2096 2097 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) 2098 2099 logger.debug("Msg 3/4 with mismatching IE") 2100 dev[0].dump_monitor() 2101 wrapped = aes_wrap(kek, pad_key_data(binascii.unhexlify('30060100000fac04dd16000fac010100dc11188831bf4aa4a8678d2b41498618'))) 2102 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter) 2103 counter += 1 2104 send_eapol(dev[0], bssid, build_eapol(msg)) 2105 dev[0].wait_disconnected(timeout=1) 2106 2107def test_ap_wpa2_psk_supp_proto_ok(dev, apdev): 2108 """WPA2-PSK supplicant protocol testing: success""" 2109 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) 2110 2111 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated 2112 msg = recv_eapol(hapd) 2113 dev[0].dump_monitor() 2114 2115 # Build own EAPOL-Key msg 1/4 2116 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') 2117 counter = 1 2118 msg = build_eapol_key_1_4(anonce, replay_counter=counter) 2119 counter += 1 2120 send_eapol(dev[0], bssid, build_eapol(msg)) 2121 msg = recv_eapol(dev[0]) 2122 snonce = msg['rsn_key_nonce'] 2123 2124 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) 2125 2126 logger.debug("Valid EAPOL-Key msg 3/4") 2127 dev[0].dump_monitor() 2128 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618') 2129 wrapped = aes_wrap(kek, pad_key_data(plain)) 2130 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter) 2131 counter += 1 2132 send_eapol(dev[0], bssid, build_eapol(msg)) 2133 dev[0].wait_connected(timeout=1) 2134 dev[0].request("DISCONNECT") 2135 2136def test_ap_wpa2_psk_supp_proto_no_gtk(dev, apdev): 2137 """WPA2-PSK supplicant protocol testing: no GTK""" 2138 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) 2139 2140 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated 2141 msg = recv_eapol(hapd) 2142 dev[0].dump_monitor() 2143 2144 # Build own EAPOL-Key msg 1/4 2145 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') 2146 counter = 1 2147 msg = build_eapol_key_1_4(anonce, replay_counter=counter) 2148 counter += 1 2149 send_eapol(dev[0], bssid, build_eapol(msg)) 2150 msg = recv_eapol(dev[0]) 2151 snonce = msg['rsn_key_nonce'] 2152 2153 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) 2154 2155 logger.debug("EAPOL-Key msg 3/4 without GTK KDE") 2156 dev[0].dump_monitor() 2157 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00') 2158 wrapped = aes_wrap(kek, pad_key_data(plain)) 2159 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter) 2160 counter += 1 2161 send_eapol(dev[0], bssid, build_eapol(msg)) 2162 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.1) 2163 if ev is not None: 2164 raise Exception("Unexpected connection completion reported") 2165 dev[0].request("DISCONNECT") 2166 2167def test_ap_wpa2_psk_supp_proto_anonce_change(dev, apdev): 2168 """WPA2-PSK supplicant protocol testing: ANonce change""" 2169 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) 2170 2171 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated 2172 msg = recv_eapol(hapd) 2173 dev[0].dump_monitor() 2174 2175 # Build own EAPOL-Key msg 1/4 2176 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') 2177 counter = 1 2178 msg = build_eapol_key_1_4(anonce, replay_counter=counter) 2179 counter += 1 2180 send_eapol(dev[0], bssid, build_eapol(msg)) 2181 msg = recv_eapol(dev[0]) 2182 snonce = msg['rsn_key_nonce'] 2183 2184 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) 2185 2186 logger.debug("Valid EAPOL-Key msg 3/4") 2187 dev[0].dump_monitor() 2188 anonce2 = binascii.unhexlify('3333333333333333333333333333333333333333333333333333333333333333') 2189 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618') 2190 wrapped = aes_wrap(kek, pad_key_data(plain)) 2191 msg = build_eapol_key_3_4(anonce2, kck, wrapped, replay_counter=counter) 2192 counter += 1 2193 send_eapol(dev[0], bssid, build_eapol(msg)) 2194 ev = dev[0].wait_event(["WPA: ANonce from message 1 of 4-Way Handshake differs from 3 of 4-Way Handshake"]) 2195 if ev is None: 2196 raise Exception("ANonce change not reported") 2197 dev[0].request("DISCONNECT") 2198 2199def test_ap_wpa2_psk_supp_proto_unexpected_group_msg(dev, apdev): 2200 """WPA2-PSK supplicant protocol testing: unexpected group message""" 2201 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) 2202 2203 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated 2204 msg = recv_eapol(hapd) 2205 dev[0].dump_monitor() 2206 2207 # Build own EAPOL-Key msg 1/4 2208 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') 2209 counter = 1 2210 msg = build_eapol_key_1_4(anonce, replay_counter=counter) 2211 counter += 1 2212 send_eapol(dev[0], bssid, build_eapol(msg)) 2213 msg = recv_eapol(dev[0]) 2214 snonce = msg['rsn_key_nonce'] 2215 2216 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) 2217 2218 logger.debug("Group key 1/2 instead of msg 3/4") 2219 dev[0].dump_monitor() 2220 wrapped = aes_wrap(kek, binascii.unhexlify('dd16000fac010100dc11188831bf4aa4a8678d2b41498618')) 2221 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter, 2222 key_info=0x13c2) 2223 counter += 1 2224 send_eapol(dev[0], bssid, build_eapol(msg)) 2225 ev = dev[0].wait_event(["RSN: Group Key Handshake started prior to completion of 4-way handshake"]) 2226 if ev is None: 2227 raise Exception("Unexpected group key message not reported") 2228 dev[0].wait_disconnected(timeout=1) 2229 dev[0].request("DISCONNECT") 2230 2231@remote_compatible 2232def test_ap_wpa2_psk_supp_proto_msg_1_invalid_kde(dev, apdev): 2233 """WPA2-PSK supplicant protocol testing: invalid KDE in msg 1/4""" 2234 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) 2235 2236 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated 2237 msg = recv_eapol(hapd) 2238 dev[0].dump_monitor() 2239 2240 # Build own EAPOL-Key msg 1/4 with invalid KDE 2241 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') 2242 counter = 1 2243 msg = build_eapol_key_1_4(anonce, replay_counter=counter, 2244 key_data=binascii.unhexlify('5555')) 2245 counter += 1 2246 send_eapol(dev[0], bssid, build_eapol(msg)) 2247 time.sleep(0.1) 2248 dev[0].request("DISCONNECT") 2249 2250def test_ap_wpa2_psk_supp_proto_wrong_pairwise_key_len(dev, apdev): 2251 """WPA2-PSK supplicant protocol testing: wrong pairwise key length""" 2252 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) 2253 2254 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated 2255 msg = recv_eapol(hapd) 2256 dev[0].dump_monitor() 2257 2258 # Build own EAPOL-Key msg 1/4 2259 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') 2260 counter = 1 2261 msg = build_eapol_key_1_4(anonce, replay_counter=counter) 2262 counter += 1 2263 send_eapol(dev[0], bssid, build_eapol(msg)) 2264 msg = recv_eapol(dev[0]) 2265 snonce = msg['rsn_key_nonce'] 2266 2267 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) 2268 2269 logger.debug("Valid EAPOL-Key msg 3/4") 2270 dev[0].dump_monitor() 2271 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618') 2272 wrapped = aes_wrap(kek, pad_key_data(plain)) 2273 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter, 2274 key_len=15) 2275 counter += 1 2276 send_eapol(dev[0], bssid, build_eapol(msg)) 2277 ev = dev[0].wait_event(["WPA: Invalid CCMP key length 15"]) 2278 if ev is None: 2279 raise Exception("Invalid CCMP key length not reported") 2280 dev[0].wait_disconnected(timeout=1) 2281 dev[0].request("DISCONNECT") 2282 2283def test_ap_wpa2_psk_supp_proto_wrong_group_key_len(dev, apdev): 2284 """WPA2-PSK supplicant protocol testing: wrong group key length""" 2285 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) 2286 2287 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated 2288 msg = recv_eapol(hapd) 2289 dev[0].dump_monitor() 2290 2291 # Build own EAPOL-Key msg 1/4 2292 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') 2293 counter = 1 2294 msg = build_eapol_key_1_4(anonce, replay_counter=counter) 2295 counter += 1 2296 send_eapol(dev[0], bssid, build_eapol(msg)) 2297 msg = recv_eapol(dev[0]) 2298 snonce = msg['rsn_key_nonce'] 2299 2300 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) 2301 2302 logger.debug("Valid EAPOL-Key msg 3/4") 2303 dev[0].dump_monitor() 2304 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd15000fac010100dc11188831bf4aa4a8678d2b414986') 2305 wrapped = aes_wrap(kek, pad_key_data(plain)) 2306 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter) 2307 counter += 1 2308 send_eapol(dev[0], bssid, build_eapol(msg)) 2309 ev = dev[0].wait_event(["WPA: Unsupported CCMP Group Cipher key length 15"]) 2310 if ev is None: 2311 raise Exception("Invalid CCMP key length not reported") 2312 dev[0].wait_disconnected(timeout=1) 2313 dev[0].request("DISCONNECT") 2314 2315def test_ap_wpa2_psk_supp_proto_gtk_tx_bit_workaround(dev, apdev): 2316 """WPA2-PSK supplicant protocol testing: GTK TX bit workaround""" 2317 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) 2318 2319 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated 2320 msg = recv_eapol(hapd) 2321 dev[0].dump_monitor() 2322 2323 # Build own EAPOL-Key msg 1/4 2324 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') 2325 counter = 1 2326 msg = build_eapol_key_1_4(anonce, replay_counter=counter) 2327 counter += 1 2328 send_eapol(dev[0], bssid, build_eapol(msg)) 2329 msg = recv_eapol(dev[0]) 2330 snonce = msg['rsn_key_nonce'] 2331 2332 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) 2333 2334 logger.debug("Valid EAPOL-Key msg 3/4") 2335 dev[0].dump_monitor() 2336 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010500dc11188831bf4aa4a8678d2b41498618') 2337 wrapped = aes_wrap(kek, pad_key_data(plain)) 2338 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter) 2339 counter += 1 2340 send_eapol(dev[0], bssid, build_eapol(msg)) 2341 ev = dev[0].wait_event(["WPA: Tx bit set for GTK, but pairwise keys are used - ignore Tx bit"]) 2342 if ev is None: 2343 raise Exception("GTK Tx bit workaround not reported") 2344 dev[0].wait_connected(timeout=1) 2345 dev[0].request("DISCONNECT") 2346 2347def test_ap_wpa2_psk_supp_proto_gtk_keyidx_0_and_3(dev, apdev): 2348 """WPA2-PSK supplicant protocol testing: GTK key index 0 and 3""" 2349 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) 2350 2351 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated 2352 msg = recv_eapol(hapd) 2353 dev[0].dump_monitor() 2354 2355 # Build own EAPOL-Key msg 1/4 2356 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') 2357 counter = 1 2358 msg = build_eapol_key_1_4(anonce, replay_counter=counter) 2359 counter += 1 2360 send_eapol(dev[0], bssid, build_eapol(msg)) 2361 msg = recv_eapol(dev[0]) 2362 snonce = msg['rsn_key_nonce'] 2363 2364 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) 2365 2366 logger.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)") 2367 dev[0].dump_monitor() 2368 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618') 2369 wrapped = aes_wrap(kek, pad_key_data(plain)) 2370 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter) 2371 counter += 1 2372 send_eapol(dev[0], bssid, build_eapol(msg)) 2373 dev[0].wait_connected(timeout=1) 2374 2375 logger.debug("Valid EAPOL-Key group msg 1/2 (GTK keyidx 3)") 2376 dev[0].dump_monitor() 2377 plain = binascii.unhexlify('dd16000fac010300dc11188831bf4aa4a8678d2b41498618') 2378 wrapped = aes_wrap(kek, pad_key_data(plain)) 2379 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter, 2380 key_info=0x13c2) 2381 counter += 1 2382 send_eapol(dev[0], bssid, build_eapol(msg)) 2383 msg = recv_eapol(dev[0]) 2384 ev = dev[0].wait_event(["RSN: Group rekeying completed"]) 2385 if ev is None: 2386 raise Exception("GTK rekeing not reported") 2387 2388 logger.debug("Unencrypted GTK KDE in group msg 1/2") 2389 dev[0].dump_monitor() 2390 plain = binascii.unhexlify('dd16000fac010300dc11188831bf4aa4a8678d2b41498618') 2391 msg = build_eapol_key_3_4(anonce, kck, plain, replay_counter=counter, 2392 key_info=0x03c2) 2393 counter += 1 2394 send_eapol(dev[0], bssid, build_eapol(msg)) 2395 ev = dev[0].wait_event(["RSN: GTK KDE in unencrypted key data"]) 2396 if ev is None: 2397 raise Exception("Unencrypted GTK KDE not reported") 2398 dev[0].wait_disconnected(timeout=1) 2399 dev[0].request("DISCONNECT") 2400 2401def test_ap_wpa2_psk_supp_proto_no_gtk_in_group_msg(dev, apdev): 2402 """WPA2-PSK supplicant protocol testing: GTK KDE missing from group msg""" 2403 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) 2404 2405 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated 2406 msg = recv_eapol(hapd) 2407 dev[0].dump_monitor() 2408 2409 # Build own EAPOL-Key msg 1/4 2410 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') 2411 counter = 1 2412 msg = build_eapol_key_1_4(anonce, replay_counter=counter) 2413 counter += 1 2414 send_eapol(dev[0], bssid, build_eapol(msg)) 2415 msg = recv_eapol(dev[0]) 2416 snonce = msg['rsn_key_nonce'] 2417 2418 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) 2419 2420 logger.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)") 2421 dev[0].dump_monitor() 2422 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618') 2423 wrapped = aes_wrap(kek, pad_key_data(plain)) 2424 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter) 2425 counter += 1 2426 send_eapol(dev[0], bssid, build_eapol(msg)) 2427 dev[0].wait_connected(timeout=1) 2428 2429 logger.debug("No GTK KDE in EAPOL-Key group msg 1/2") 2430 dev[0].dump_monitor() 2431 plain = binascii.unhexlify('dd00dd00dd00dd00dd00dd00dd00dd00') 2432 wrapped = aes_wrap(kek, pad_key_data(plain)) 2433 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter, 2434 key_info=0x13c2) 2435 counter += 1 2436 send_eapol(dev[0], bssid, build_eapol(msg)) 2437 ev = dev[0].wait_event(["RSN: No GTK KDE in Group Key msg 1/2"]) 2438 if ev is None: 2439 raise Exception("Missing GTK KDE not reported") 2440 dev[0].wait_disconnected(timeout=1) 2441 dev[0].request("DISCONNECT") 2442 2443def test_ap_wpa2_psk_supp_proto_too_long_gtk_in_group_msg(dev, apdev): 2444 """WPA2-PSK supplicant protocol testing: too long GTK KDE in group msg""" 2445 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) 2446 2447 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated 2448 msg = recv_eapol(hapd) 2449 dev[0].dump_monitor() 2450 2451 # Build own EAPOL-Key msg 1/4 2452 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') 2453 counter = 1 2454 msg = build_eapol_key_1_4(anonce, replay_counter=counter) 2455 counter += 1 2456 send_eapol(dev[0], bssid, build_eapol(msg)) 2457 msg = recv_eapol(dev[0]) 2458 snonce = msg['rsn_key_nonce'] 2459 2460 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) 2461 2462 logger.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)") 2463 dev[0].dump_monitor() 2464 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618') 2465 wrapped = aes_wrap(kek, pad_key_data(plain)) 2466 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter) 2467 counter += 1 2468 send_eapol(dev[0], bssid, build_eapol(msg)) 2469 dev[0].wait_connected(timeout=1) 2470 2471 logger.debug("EAPOL-Key group msg 1/2 with too long GTK KDE") 2472 dev[0].dump_monitor() 2473 plain = binascii.unhexlify('dd27000fac010100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff') 2474 wrapped = aes_wrap(kek, pad_key_data(plain)) 2475 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter, 2476 key_info=0x13c2) 2477 counter += 1 2478 send_eapol(dev[0], bssid, build_eapol(msg)) 2479 ev = dev[0].wait_event(["WPA: Unsupported CCMP Group Cipher key length 33", 2480 "RSN: Too long GTK in GTK KDE (len=33)"]) 2481 if ev is None: 2482 raise Exception("Too long GTK KDE not reported") 2483 dev[0].wait_disconnected(timeout=1) 2484 dev[0].request("DISCONNECT") 2485 2486def test_ap_wpa2_psk_supp_proto_too_long_gtk_kde(dev, apdev): 2487 """WPA2-PSK supplicant protocol testing: too long GTK KDE""" 2488 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) 2489 2490 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated 2491 msg = recv_eapol(hapd) 2492 dev[0].dump_monitor() 2493 2494 # Build own EAPOL-Key msg 1/4 2495 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') 2496 counter = 1 2497 msg = build_eapol_key_1_4(anonce, replay_counter=counter) 2498 counter += 1 2499 send_eapol(dev[0], bssid, build_eapol(msg)) 2500 msg = recv_eapol(dev[0]) 2501 snonce = msg['rsn_key_nonce'] 2502 2503 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) 2504 2505 logger.debug("EAPOL-Key msg 3/4 with too short GTK KDE") 2506 dev[0].dump_monitor() 2507 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd27000fac010100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff') 2508 wrapped = aes_wrap(kek, pad_key_data(plain)) 2509 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter) 2510 counter += 1 2511 send_eapol(dev[0], bssid, build_eapol(msg)) 2512 dev[0].wait_disconnected(timeout=1) 2513 dev[0].request("DISCONNECT") 2514 2515def test_ap_wpa2_psk_supp_proto_gtk_not_encrypted(dev, apdev): 2516 """WPA2-PSK supplicant protocol testing: GTK KDE not encrypted""" 2517 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) 2518 2519 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated 2520 msg = recv_eapol(hapd) 2521 dev[0].dump_monitor() 2522 2523 # Build own EAPOL-Key msg 1/4 2524 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') 2525 counter = 1 2526 msg = build_eapol_key_1_4(anonce, replay_counter=counter) 2527 counter += 1 2528 send_eapol(dev[0], bssid, build_eapol(msg)) 2529 msg = recv_eapol(dev[0]) 2530 snonce = msg['rsn_key_nonce'] 2531 2532 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) 2533 2534 logger.debug("Valid EAPOL-Key msg 3/4") 2535 dev[0].dump_monitor() 2536 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618') 2537 msg = build_eapol_key_3_4(anonce, kck, plain, replay_counter=counter, 2538 key_info=0x03ca) 2539 counter += 1 2540 send_eapol(dev[0], bssid, build_eapol(msg)) 2541 ev = dev[0].wait_event(["WPA: GTK IE in unencrypted key data"]) 2542 if ev is None: 2543 raise Exception("Unencrypted GTK KDE not reported") 2544 dev[0].wait_disconnected(timeout=1) 2545 dev[0].request("DISCONNECT") 2546 2547def run_psk_supp_proto_pmf2(dev, apdev, igtk_kde=None, fail=False): 2548 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0], 2549 ieee80211w=2) 2550 2551 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated 2552 msg = recv_eapol(hapd) 2553 dev[0].dump_monitor() 2554 2555 # Build own EAPOL-Key msg 1/4 2556 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') 2557 counter = 1 2558 msg = build_eapol_key_1_4(anonce, replay_counter=counter) 2559 counter += 1 2560 send_eapol(dev[0], bssid, build_eapol(msg)) 2561 msg = recv_eapol(dev[0]) 2562 snonce = msg['rsn_key_nonce'] 2563 2564 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) 2565 2566 logger.debug("EAPOL-Key msg 3/4") 2567 dev[0].dump_monitor() 2568 gtk_kde = binascii.unhexlify('dd16000fac010100dc11188831bf4aa4a8678d2b41498618') 2569 plain = rsne + gtk_kde 2570 if igtk_kde: 2571 plain += igtk_kde 2572 wrapped = aes_wrap(kek, pad_key_data(plain)) 2573 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter) 2574 counter += 1 2575 send_eapol(dev[0], bssid, build_eapol(msg)) 2576 if fail: 2577 dev[0].wait_disconnected(timeout=1) 2578 return 2579 2580 dev[0].wait_connected(timeout=1) 2581 2582 # Verify that an unprotected broadcast Deauthentication frame is ignored 2583 bssid = binascii.unhexlify(hapd.own_addr().replace(':', '')) 2584 sock = start_monitor(apdev[1]["ifname"]) 2585 radiotap = radiotap_build() 2586 frame = binascii.unhexlify("c0003a01") 2587 frame += 6*b'\xff' + bssid + bssid 2588 frame += binascii.unhexlify("1000" + "0300") 2589 sock.send(radiotap + frame) 2590 # And same with incorrect BIP protection 2591 for keyid in ["0400", "0500", "0600", "0004", "0005", "0006", "ffff"]: 2592 frame2 = frame + binascii.unhexlify("4c10" + keyid + "010000000000c0e5ca5f2b3b4de9") 2593 sock.send(radiotap + frame2) 2594 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=0.5) 2595 if ev is not None: 2596 raise Exception("Unexpected disconnection") 2597 dev[0].request("DISCONNECT") 2598 2599def run_psk_supp_proto_pmf(dev, apdev, igtk_kde=None, fail=False): 2600 try: 2601 run_psk_supp_proto_pmf2(dev, apdev, igtk_kde=igtk_kde, fail=fail) 2602 finally: 2603 stop_monitor(apdev[1]["ifname"]) 2604 2605def test_ap_wpa2_psk_supp_proto_no_igtk(dev, apdev): 2606 """WPA2-PSK supplicant protocol testing: no IGTK KDE""" 2607 run_psk_supp_proto_pmf(dev, apdev, igtk_kde=None) 2608 2609def test_ap_wpa2_psk_supp_proto_igtk_ok(dev, apdev): 2610 """WPA2-PSK supplicant protocol testing: valid IGTK KDE""" 2611 igtk_kde = binascii.unhexlify('dd1c' + '000fac09' + '0400' + 6*'00' + 16*'77') 2612 run_psk_supp_proto_pmf(dev, apdev, igtk_kde=igtk_kde) 2613 2614def test_ap_wpa2_psk_supp_proto_igtk_keyid_swap(dev, apdev): 2615 """WPA2-PSK supplicant protocol testing: swapped IGTK KeyID""" 2616 igtk_kde = binascii.unhexlify('dd1c' + '000fac09' + '0004' + 6*'00' + 16*'77') 2617 run_psk_supp_proto_pmf(dev, apdev, igtk_kde=igtk_kde) 2618 2619def test_ap_wpa2_psk_supp_proto_igtk_keyid_too_large(dev, apdev): 2620 """WPA2-PSK supplicant protocol testing: too large IGTK KeyID""" 2621 igtk_kde = binascii.unhexlify('dd1c' + '000fac09' + 'ffff' + 6*'00' + 16*'77') 2622 run_psk_supp_proto_pmf(dev, apdev, igtk_kde=igtk_kde, fail=True) 2623 2624def test_ap_wpa2_psk_supp_proto_igtk_keyid_unexpected(dev, apdev): 2625 """WPA2-PSK supplicant protocol testing: unexpected IGTK KeyID""" 2626 igtk_kde = binascii.unhexlify('dd1c' + '000fac09' + '0006' + 6*'00' + 16*'77') 2627 run_psk_supp_proto_pmf(dev, apdev, igtk_kde=igtk_kde, fail=True) 2628 2629def find_wpas_process(dev): 2630 ifname = dev.ifname 2631 err, data = dev.cmd_execute(['ps', 'ax']) 2632 for l in data.splitlines(): 2633 if "wpa_supplicant" not in l: 2634 continue 2635 if "-i" + ifname not in l: 2636 continue 2637 return int(l.strip().split(' ')[0]) 2638 raise Exception("Could not find wpa_supplicant process") 2639 2640def read_process_memory(pid, key=None): 2641 buf = [] 2642 logger.info("Reading process memory (pid=%d)" % pid) 2643 with open('/proc/%d/maps' % pid, 'r') as maps, \ 2644 open('/proc/%d/mem' % pid, 'rb') as mem: 2645 for l in maps.readlines(): 2646 m = re.match(r'([0-9a-f]+)-([0-9a-f]+) ([-r][-w][-x][-p])', l) 2647 if not m: 2648 continue 2649 start = int(m.group(1), 16) 2650 end = int(m.group(2), 16) 2651 perm = m.group(3) 2652 if start > 0xffffffffffff: 2653 continue 2654 if end < start: 2655 continue 2656 if not perm.startswith('rw'): 2657 continue 2658 for name in ["[heap]", "[stack]"]: 2659 if name in l: 2660 logger.info("%s 0x%x-0x%x is at %d-%d" % (name, start, end, len(buf), len(buf) + (end - start))) 2661 2662 if end - start >= 256 * 1024 * 1024: 2663 logger.info("Large memory block of >= 256MiB, assuming ASAN shadow memory") 2664 continue 2665 2666 try: 2667 mem.seek(start) 2668 data = mem.read(end - start) 2669 except OSError as e: 2670 logger.info("Could not read mem: start=%d end=%d: %s" % (start, end, str(e))) 2671 continue 2672 buf.append(data) 2673 if key and key in data: 2674 logger.info("Key found in " + l) 2675 logger.info("Total process memory read: %d bytes" % len(buf)) 2676 return b''.join(buf) 2677 2678def verify_not_present(buf, key, fname, keyname): 2679 pos = buf.find(key) 2680 if pos < 0: 2681 return 2682 2683 prefix = 2048 if pos > 2048 else pos 2684 with open(fname + keyname, 'wb') as f: 2685 f.write(buf[pos - prefix:pos + 2048]) 2686 raise Exception(keyname + " found after disassociation") 2687 2688def get_key_locations(buf, key, keyname): 2689 count = 0 2690 pos = 0 2691 while True: 2692 pos = buf.find(key, pos) 2693 if pos < 0: 2694 break 2695 logger.info("Found %s at %d" % (keyname, pos)) 2696 context = 128 2697 start = pos - context if pos > context else 0 2698 before = binascii.hexlify(buf[start:pos]) 2699 context += len(key) 2700 end = pos + context if pos < len(buf) - context else len(buf) - context 2701 after = binascii.hexlify(buf[pos + len(key):end]) 2702 logger.debug("Memory context %d-%d: %s|%s|%s" % (start, end, before, binascii.hexlify(key), after)) 2703 count += 1 2704 pos += len(key) 2705 return count 2706 2707def test_wpa2_psk_key_lifetime_in_memory(dev, apdev, params): 2708 """WPA2-PSK and PSK/PTK lifetime in memory""" 2709 ssid = "test-wpa2-psk" 2710 passphrase = 'qwertyuiop' 2711 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6' 2712 pmk = binascii.unhexlify(psk) 2713 p = hostapd.wpa2_params(ssid=ssid) 2714 p['wpa_psk'] = psk 2715 hapd = hostapd.add_ap(apdev[0], p) 2716 2717 pid = find_wpas_process(dev[0]) 2718 2719 id = dev[0].connect(ssid, raw_psk=psk, scan_freq="2412", 2720 only_add_network=True) 2721 2722 logger.info("Checking keys in memory after network profile configuration") 2723 buf = read_process_memory(pid, pmk) 2724 get_key_locations(buf, pmk, "PMK") 2725 2726 dev[0].request("REMOVE_NETWORK all") 2727 logger.info("Checking keys in memory after network profile removal") 2728 buf = read_process_memory(pid, pmk) 2729 get_key_locations(buf, pmk, "PMK") 2730 2731 id = dev[0].connect(ssid, psk=passphrase, scan_freq="2412", 2732 only_add_network=True) 2733 2734 logger.info("Checking keys in memory before connection") 2735 buf = read_process_memory(pid, pmk) 2736 get_key_locations(buf, pmk, "PMK") 2737 2738 dev[0].connect_network(id, timeout=20) 2739 # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED 2740 # event has been delivered, so verify that wpa_supplicant has returned to 2741 # eloop before reading process memory. 2742 time.sleep(1) 2743 dev[0].ping() 2744 2745 buf = read_process_memory(pid, pmk) 2746 2747 dev[0].request("DISCONNECT") 2748 dev[0].wait_disconnected() 2749 2750 dev[0].relog() 2751 ptk = None 2752 gtk = None 2753 with open(os.path.join(params['logdir'], 'log0'), 'r') as f: 2754 for l in f.readlines(): 2755 if "WPA: PTK - hexdump" in l: 2756 val = l.strip().split(':')[3].replace(' ', '') 2757 ptk = binascii.unhexlify(val) 2758 if "WPA: Group Key - hexdump" in l: 2759 val = l.strip().split(':')[3].replace(' ', '') 2760 gtk = binascii.unhexlify(val) 2761 if not pmk or not ptk or not gtk: 2762 raise Exception("Could not find keys from debug log") 2763 if len(gtk) != 16: 2764 raise Exception("Unexpected GTK length") 2765 2766 kck = ptk[0:16] 2767 kek = ptk[16:32] 2768 tk = ptk[32:48] 2769 2770 logger.info("Checking keys in memory while associated") 2771 get_key_locations(buf, pmk, "PMK") 2772 if pmk not in buf: 2773 raise HwsimSkip("PMK not found while associated") 2774 if kck not in buf: 2775 raise Exception("KCK not found while associated") 2776 if kek not in buf: 2777 raise Exception("KEK not found while associated") 2778 #if tk in buf: 2779 # raise Exception("TK found from memory") 2780 2781 logger.info("Checking keys in memory after disassociation") 2782 buf = read_process_memory(pid, pmk) 2783 get_key_locations(buf, pmk, "PMK") 2784 2785 # Note: PMK/PSK is still present in network configuration 2786 2787 fname = os.path.join(params['logdir'], 2788 'wpa2_psk_key_lifetime_in_memory.memctx-') 2789 verify_not_present(buf, kck, fname, "KCK") 2790 verify_not_present(buf, kek, fname, "KEK") 2791 verify_not_present(buf, tk, fname, "TK") 2792 if gtk in buf: 2793 get_key_locations(buf, gtk, "GTK") 2794 verify_not_present(buf, gtk, fname, "GTK") 2795 2796 dev[0].request("REMOVE_NETWORK all") 2797 2798 logger.info("Checking keys in memory after network profile removal") 2799 buf = read_process_memory(pid, pmk) 2800 get_key_locations(buf, pmk, "PMK") 2801 2802 verify_not_present(buf, pmk, fname, "PMK") 2803 verify_not_present(buf, kck, fname, "KCK") 2804 verify_not_present(buf, kek, fname, "KEK") 2805 verify_not_present(buf, tk, fname, "TK") 2806 verify_not_present(buf, gtk, fname, "GTK") 2807 2808@remote_compatible 2809def test_ap_wpa2_psk_wep(dev, apdev): 2810 """WPA2-PSK AP and WEP enabled""" 2811 ssid = "test-wpa2-psk" 2812 passphrase = 'qwertyuiop' 2813 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 2814 hapd = hostapd.add_ap(apdev[0], params) 2815 try: 2816 hapd.set('wep_key0', '"hello"') 2817 raise Exception("WEP key accepted to WPA2 network") 2818 except Exception: 2819 pass 2820 2821def test_ap_wpa2_psk_wpas_in_bridge(dev, apdev): 2822 """WPA2-PSK AP and wpas interface in a bridge""" 2823 br_ifname = 'sta-br0' 2824 ifname = 'wlan5' 2825 try: 2826 _test_ap_wpa2_psk_wpas_in_bridge(dev, apdev) 2827 finally: 2828 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'down']) 2829 subprocess.call(['brctl', 'delif', br_ifname, ifname]) 2830 subprocess.call(['brctl', 'delbr', br_ifname]) 2831 subprocess.call(['iw', ifname, 'set', '4addr', 'off']) 2832 2833def _test_ap_wpa2_psk_wpas_in_bridge(dev, apdev): 2834 ssid = "test-wpa2-psk" 2835 passphrase = 'qwertyuiop' 2836 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 2837 hapd = hostapd.add_ap(apdev[0], params) 2838 2839 br_ifname = 'sta-br0' 2840 ifname = 'wlan5' 2841 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5') 2842 subprocess.call(['brctl', 'addbr', br_ifname]) 2843 subprocess.call(['brctl', 'setfd', br_ifname, '0']) 2844 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'up']) 2845 subprocess.call(['iw', ifname, 'set', '4addr', 'on']) 2846 subprocess.check_call(['brctl', 'addif', br_ifname, ifname]) 2847 wpas.interface_add(ifname, br_ifname=br_ifname) 2848 wpas.dump_monitor() 2849 2850 wpas.connect(ssid, psk=passphrase, scan_freq="2412") 2851 wpas.dump_monitor() 2852 2853@remote_compatible 2854def test_ap_wpa2_psk_ifdown(dev, apdev): 2855 """AP with open mode and external ifconfig down""" 2856 ssid = "test-wpa2-psk" 2857 passphrase = 'qwertyuiop' 2858 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 2859 hapd = hostapd.add_ap(apdev[0], params) 2860 bssid = apdev[0]['bssid'] 2861 2862 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 2863 hapd.cmd_execute(['ip', 'link', 'set', 'dev', apdev[0]['ifname'], 'down']) 2864 ev = hapd.wait_event(["INTERFACE-DISABLED"], timeout=10) 2865 if ev is None: 2866 raise Exception("No INTERFACE-DISABLED event") 2867 # this wait tests beacon loss detection in mac80211 2868 dev[0].wait_disconnected() 2869 hapd.cmd_execute(['ip', 'link', 'set', 'dev', apdev[0]['ifname'], 'up']) 2870 ev = hapd.wait_event(["INTERFACE-ENABLED"], timeout=10) 2871 if ev is None: 2872 raise Exception("No INTERFACE-ENABLED event") 2873 dev[0].wait_connected() 2874 hapd.wait_sta() 2875 hwsim_utils.test_connectivity(dev[0], hapd) 2876 2877def test_ap_wpa2_psk_drop_first_msg_4(dev, apdev): 2878 """WPA2-PSK and first EAPOL-Key msg 4/4 dropped""" 2879 hapd = setup_psk_ext(dev[0], apdev[0]) 2880 bssid = apdev[0]['bssid'] 2881 addr = dev[0].own_addr() 2882 2883 # EAPOL-Key msg 1/4 2884 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 2885 if ev is None: 2886 raise Exception("Timeout on EAPOL-TX from hostapd") 2887 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2]) 2888 if "OK" not in res: 2889 raise Exception("EAPOL_RX to wpa_supplicant failed") 2890 2891 # EAPOL-Key msg 2/4 2892 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) 2893 if ev is None: 2894 raise Exception("Timeout on EAPOL-TX from wpa_supplicant") 2895 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2]) 2896 if "OK" not in res: 2897 raise Exception("EAPOL_RX to hostapd failed") 2898 2899 # EAPOL-Key msg 3/4 2900 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 2901 if ev is None: 2902 raise Exception("Timeout on EAPOL-TX from hostapd") 2903 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2]) 2904 if "OK" not in res: 2905 raise Exception("EAPOL_RX to wpa_supplicant failed") 2906 2907 # EAPOL-Key msg 4/4 2908 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) 2909 if ev is None: 2910 raise Exception("Timeout on EAPOL-TX from wpa_supplicant") 2911 logger.info("Drop the first EAPOL-Key msg 4/4") 2912 2913 # wpa_supplicant believes now that 4-way handshake succeeded; hostapd 2914 # doesn't. Use normal EAPOL TX/RX to handle retries. 2915 hapd.request("SET ext_eapol_frame_io 0") 2916 dev[0].request("SET ext_eapol_frame_io 0") 2917 dev[0].wait_connected() 2918 2919 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15) 2920 if ev is None: 2921 raise Exception("Timeout on AP-STA-CONNECTED from hostapd") 2922 2923 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=0.1) 2924 if ev is not None: 2925 logger.info("Disconnection detected") 2926 # The EAPOL-Key retries are supposed to allow the connection to be 2927 # established without having to reassociate. However, this does not 2928 # currently work since mac80211 ends up encrypting EAPOL-Key msg 4/4 2929 # after the pairwise key has been configured and AP will drop those and 2930 # disconnect the station after reaching retransmission limit. Connection 2931 # is then established after reassociation. Once that behavior has been 2932 # optimized to prevent EAPOL-Key frame encryption for retransmission 2933 # case, this exception can be uncommented here. 2934 #raise Exception("Unexpected disconnection") 2935 2936@remote_compatible 2937def test_ap_wpa2_psk_disable_enable(dev, apdev): 2938 """WPA2-PSK AP getting disabled and re-enabled""" 2939 ssid = "test-wpa2-psk" 2940 passphrase = 'qwertyuiop' 2941 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6' 2942 params = hostapd.wpa2_params(ssid=ssid) 2943 params['wpa_psk'] = psk 2944 hapd = hostapd.add_ap(apdev[0], params) 2945 dev[0].connect(ssid, raw_psk=psk, scan_freq="2412") 2946 2947 for i in range(2): 2948 hapd.request("DISABLE") 2949 dev[0].wait_disconnected() 2950 hapd.request("ENABLE") 2951 dev[0].wait_connected() 2952 hapd.wait_sta() 2953 hwsim_utils.test_connectivity(dev[0], hapd) 2954 2955@remote_compatible 2956def test_ap_wpa2_psk_incorrect_passphrase(dev, apdev): 2957 """WPA2-PSK AP and station using incorrect passphrase""" 2958 ssid = "test-wpa2-psk" 2959 passphrase = 'qwertyuiop' 2960 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 2961 hapd = hostapd.add_ap(apdev[0], params) 2962 dev[0].connect(ssid, psk="incorrect passphrase", scan_freq="2412", 2963 wait_connect=False) 2964 ev = hapd.wait_event(["AP-STA-POSSIBLE-PSK-MISMATCH"], timeout=10) 2965 if ev is None: 2966 raise Exception("No AP-STA-POSSIBLE-PSK-MISMATCH reported") 2967 dev[0].dump_monitor() 2968 2969 hapd.disable() 2970 hapd.set("wpa_passphrase", "incorrect passphrase") 2971 hapd.enable() 2972 2973 dev[0].wait_connected(timeout=20) 2974 2975@remote_compatible 2976def test_ap_wpa_ie_parsing(dev, apdev): 2977 """WPA IE parsing""" 2978 skip_with_fips(dev[0]) 2979 skip_without_tkip(dev[0]) 2980 ssid = "test-wpa-psk" 2981 passphrase = 'qwertyuiop' 2982 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase) 2983 hapd = hostapd.add_ap(apdev[0], params) 2984 id = dev[0].connect(ssid, psk=passphrase, scan_freq="2412", 2985 only_add_network=True) 2986 2987 tests = ["dd040050f201", 2988 "dd050050f20101", 2989 "dd060050f2010100", 2990 "dd060050f2010001", 2991 "dd070050f201010000", 2992 "dd080050f20101000050", 2993 "dd090050f20101000050f2", 2994 "dd0a0050f20101000050f202", 2995 "dd0b0050f20101000050f20201", 2996 "dd0c0050f20101000050f2020100", 2997 "dd0c0050f20101000050f2020000", 2998 "dd0c0050f20101000050f202ffff", 2999 "dd0d0050f20101000050f202010000", 3000 "dd0e0050f20101000050f20201000050", 3001 "dd0f0050f20101000050f20201000050f2", 3002 "dd100050f20101000050f20201000050f202", 3003 "dd110050f20101000050f20201000050f20201", 3004 "dd120050f20101000050f20201000050f2020100", 3005 "dd120050f20101000050f20201000050f2020000", 3006 "dd120050f20101000050f20201000050f202ffff", 3007 "dd130050f20101000050f20201000050f202010000", 3008 "dd140050f20101000050f20201000050f20201000050", 3009 "dd150050f20101000050f20201000050f20201000050f2"] 3010 for t in tests: 3011 try: 3012 if "OK" not in dev[0].request("VENDOR_ELEM_ADD 13 " + t): 3013 raise Exception("VENDOR_ELEM_ADD failed") 3014 dev[0].select_network(id) 3015 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10) 3016 if ev is None: 3017 raise Exception("Association rejection not reported") 3018 dev[0].request("DISCONNECT") 3019 dev[0].dump_monitor() 3020 finally: 3021 dev[0].request("VENDOR_ELEM_REMOVE 13 *") 3022 3023 tests = ["dd170050f20101000050f20201000050f20201000050f202ff", 3024 "dd180050f20101000050f20201000050f20201000050f202ffff", 3025 "dd190050f20101000050f20201000050f20201000050f202ffffff"] 3026 for t in tests: 3027 try: 3028 if "OK" not in dev[0].request("VENDOR_ELEM_ADD 13 " + t): 3029 raise Exception("VENDOR_ELEM_ADD failed") 3030 dev[0].select_network(id) 3031 ev = dev[0].wait_event(['CTRL-EVENT-CONNECTED', 3032 'WPA: 4-Way Handshake failed'], timeout=10) 3033 if ev is None: 3034 raise Exception("Association failed unexpectedly") 3035 dev[0].request("DISCONNECT") 3036 dev[0].dump_monitor() 3037 finally: 3038 dev[0].request("VENDOR_ELEM_REMOVE 13 *") 3039 3040@remote_compatible 3041def test_ap_wpa2_psk_no_random(dev, apdev): 3042 """WPA2-PSK AP and no random numbers available""" 3043 ssid = "test-wpa2-psk" 3044 passphrase = 'qwertyuiop' 3045 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6' 3046 params = hostapd.wpa2_params(ssid=ssid) 3047 params['wpa_psk'] = psk 3048 hapd = hostapd.add_ap(apdev[0], params) 3049 with fail_test(hapd, 1, "wpa_gmk_to_gtk"): 3050 id = dev[0].connect(ssid, raw_psk=psk, scan_freq="2412", 3051 wait_connect=False) 3052 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=15) 3053 if ev is None: 3054 raise Exception("Disconnection event not reported") 3055 dev[0].request("DISCONNECT") 3056 dev[0].select_network(id, freq=2412) 3057 dev[0].wait_connected() 3058 3059@remote_compatible 3060def test_rsn_ie_proto_psk_sta(dev, apdev): 3061 """RSN element protocol testing for PSK cases on STA side""" 3062 bssid = apdev[0]['bssid'] 3063 ssid = "test-wpa2-psk" 3064 passphrase = 'qwertyuiop' 3065 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 3066 # This is the RSN element used normally by hostapd 3067 params['own_ie_override'] = '30140100000fac040100000fac040100000fac020c00' 3068 hapd = hostapd.add_ap(apdev[0], params) 3069 if "FAIL" not in hapd.request("SET own_ie_override qwerty"): 3070 raise Exception("Invalid own_ie_override value accepted") 3071 id = dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 3072 3073 tests = [('No RSN Capabilities field', 3074 '30120100000fac040100000fac040100000fac02'), 3075 ('Reserved RSN Capabilities bits set', 3076 '30140100000fac040100000fac040100000fac023cff'), 3077 ('Truncated RSN Capabilities field', 3078 '30130100000fac040100000fac040100000fac023c'), 3079 ('Extra pairwise cipher suite (unsupported)', 3080 '30180100000fac040200ffffffff000fac040100000fac020c00'), 3081 ('Extra AKM suite (unsupported)', 3082 '30180100000fac040100000fac040200ffffffff000fac020c00'), 3083 ('PMKIDCount field included', 3084 '30160100000fac040100000fac040100000fac020c000000'), 3085 ('Truncated PMKIDCount field', 3086 '30150100000fac040100000fac040100000fac020c0000'), 3087 ('Unexpected Group Management Cipher Suite with PMF disabled', 3088 '301a0100000fac040100000fac040100000fac020c000000000fac06'), 3089 ('Extra octet after defined fields (future extensibility)', 3090 '301b0100000fac040100000fac040100000fac020c000000000fac0600')] 3091 for txt, ie in tests: 3092 dev[0].request("DISCONNECT") 3093 dev[0].wait_disconnected() 3094 dev[0].dump_monitor() 3095 dev[0].request("NOTE " + txt) 3096 logger.info(txt) 3097 hapd.disable() 3098 hapd.set('own_ie_override', ie) 3099 hapd.enable() 3100 dev[0].request("BSS_FLUSH 0") 3101 dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True) 3102 dev[0].select_network(id, freq=2412) 3103 dev[0].wait_connected() 3104 3105@remote_compatible 3106def test_ap_cli_order(dev, apdev): 3107 """hostapd configuration parameter SET ordering""" 3108 ssid = "test-rsn-setup" 3109 passphrase = 'zzzzzzzz' 3110 3111 hapd = hostapd.add_ap(apdev[0], {}, no_enable=True) 3112 hapd.set('ssid', ssid) 3113 hapd.set('wpa_passphrase', passphrase) 3114 hapd.set('rsn_pairwise', 'CCMP') 3115 hapd.set('wpa_key_mgmt', 'WPA-PSK') 3116 hapd.set('wpa', '2') 3117 hapd.enable() 3118 cfg = hapd.get_config() 3119 if cfg['group_cipher'] != 'CCMP': 3120 raise Exception("Unexpected group_cipher: " + cfg['group_cipher']) 3121 if cfg['rsn_pairwise_cipher'] != 'CCMP': 3122 raise Exception("Unexpected rsn_pairwise_cipher: " + cfg['rsn_pairwise_cipher']) 3123 3124 ev = hapd.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=30) 3125 if ev is None: 3126 raise Exception("AP startup timed out") 3127 if "AP-ENABLED" not in ev: 3128 raise Exception("AP startup failed") 3129 3130 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 3131 3132def set_test_assoc_ie(dev, ie): 3133 if "OK" not in dev.request("TEST_ASSOC_IE " + ie): 3134 raise Exception("Could not set TEST_ASSOC_IE") 3135 3136@remote_compatible 3137def test_ap_wpa2_psk_assoc_rsn(dev, apdev): 3138 """WPA2-PSK AP and association request RSN IE differences""" 3139 ssid = "test-wpa2-psk" 3140 passphrase = 'qwertyuiop' 3141 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 3142 hapd = hostapd.add_ap(apdev[0], params) 3143 3144 tests = [("Normal wpa_supplicant assoc req RSN IE", 3145 "30140100000fac040100000fac040100000fac020000"), 3146 ("RSN IE without RSN Capabilities", 3147 "30120100000fac040100000fac040100000fac02")] 3148 for title, ie in tests: 3149 logger.info(title) 3150 set_test_assoc_ie(dev[0], ie) 3151 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 3152 dev[0].request("REMOVE_NETWORK all") 3153 dev[0].wait_disconnected() 3154 3155 tests = [("WPA IE instead of RSN IE and only RSN enabled on AP", 3156 "dd160050f20101000050f20201000050f20201000050f202", 40), 3157 ("Empty RSN IE", "3000", 40), 3158 ("RSN IE with truncated Version", "300101", 40), 3159 ("RSN IE with only Version", "30020100", 43)] 3160 for title, ie, status in tests: 3161 logger.info(title) 3162 set_test_assoc_ie(dev[0], ie) 3163 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", 3164 wait_connect=False) 3165 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"]) 3166 if ev is None: 3167 raise Exception("Association rejection not reported") 3168 if "status_code=" + str(status) not in ev: 3169 raise Exception("Unexpected status code: " + ev) 3170 dev[0].request("REMOVE_NETWORK all") 3171 dev[0].dump_monitor() 3172 3173def test_ap_wpa2_psk_ft_workaround(dev, apdev): 3174 """WPA2-PSK+FT AP and workaround for incorrect STA behavior""" 3175 ssid = "test-wpa2-psk-ft" 3176 passphrase = 'qwertyuiop' 3177 3178 params = {"wpa": "2", 3179 "wpa_key_mgmt": "FT-PSK WPA-PSK", 3180 "rsn_pairwise": "CCMP", 3181 "ssid": ssid, 3182 "wpa_passphrase": passphrase} 3183 params["mobility_domain"] = "a1b2" 3184 params["r0_key_lifetime"] = "10000" 3185 params["pmk_r1_push"] = "1" 3186 params["reassociation_deadline"] = "1000" 3187 params['nas_identifier'] = "nas1.w1.fi" 3188 params['r1_key_holder'] = "000102030405" 3189 hapd = hostapd.add_ap(apdev[0], params) 3190 3191 # Include both WPA-PSK and FT-PSK AKMs in Association Request frame 3192 set_test_assoc_ie(dev[0], 3193 "30180100000fac040100000fac040200000fac02000fac040000") 3194 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 3195 dev[0].request("REMOVE_NETWORK all") 3196 dev[0].wait_disconnected() 3197 3198def test_ap_wpa2_psk_assoc_rsn_pmkid(dev, apdev): 3199 """WPA2-PSK AP and association request RSN IE with PMKID""" 3200 ssid = "test-wpa2-psk" 3201 passphrase = 'qwertyuiop' 3202 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 3203 hapd = hostapd.add_ap(apdev[0], params) 3204 3205 set_test_assoc_ie(dev[0], "30260100000fac040100000fac040100000fac0200000100" + 16*'00') 3206 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 3207 dev[0].request("REMOVE_NETWORK all") 3208 dev[0].wait_disconnected() 3209 3210def test_ap_wpa_psk_rsn_pairwise(dev, apdev): 3211 """WPA-PSK AP and only rsn_pairwise set""" 3212 skip_without_tkip(dev[0]) 3213 params = {"ssid": "wpapsk", "wpa": "1", "wpa_key_mgmt": "WPA-PSK", 3214 "rsn_pairwise": "TKIP", "wpa_passphrase": "1234567890"} 3215 hapd = hostapd.add_ap(apdev[0], params) 3216 dev[0].connect("wpapsk", psk="1234567890", proto="WPA", pairwise="TKIP", 3217 scan_freq="2412") 3218 3219def test_ap_wpa2_eapol_retry_limit(dev, apdev): 3220 """WPA2-PSK EAPOL-Key retry limit configuration""" 3221 ssid = "test-wpa2-psk" 3222 passphrase = 'qwertyuiop' 3223 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 3224 params['wpa_ptk_rekey'] = '2' 3225 params['wpa_group_update_count'] = '1' 3226 params['wpa_pairwise_update_count'] = '1' 3227 hapd = hostapd.add_ap(apdev[0], params) 3228 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 3229 ev = dev[0].wait_event(["WPA: Key negotiation completed"]) 3230 if ev is None: 3231 raise Exception("PTK rekey timed out") 3232 3233 if "FAIL" not in hapd.request("SET wpa_group_update_count 0"): 3234 raise Exception("Invalid wpa_group_update_count value accepted") 3235 if "FAIL" not in hapd.request("SET wpa_pairwise_update_count 0"): 3236 raise Exception("Invalid wpa_pairwise_update_count value accepted") 3237 3238def test_ap_wpa2_disable_eapol_retry(dev, apdev): 3239 """WPA2-PSK disable EAPOL-Key retry""" 3240 ssid = "test-wpa2-psk" 3241 passphrase = 'qwertyuiop' 3242 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 3243 params['wpa_disable_eapol_key_retries'] = '1' 3244 hapd = hostapd.add_ap(apdev[0], params) 3245 bssid = apdev[0]['bssid'] 3246 3247 logger.info("Verify working 4-way handshake without retries") 3248 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 3249 dev[0].request("REMOVE_NETWORK all") 3250 dev[0].wait_disconnected() 3251 dev[0].dump_monitor() 3252 addr = dev[0].own_addr() 3253 3254 logger.info("Verify no retransmission of message 3/4") 3255 hapd.request("SET ext_eapol_frame_io 1") 3256 dev[0].request("SET ext_eapol_frame_io 1") 3257 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False) 3258 3259 ev = hapd.wait_event(["EAPOL-TX"], timeout=5) 3260 if ev is None: 3261 raise Exception("Timeout on EAPOL-TX (M1) from hostapd") 3262 ev = hapd.wait_event(["EAPOL-TX"], timeout=5) 3263 if ev is None: 3264 raise Exception("Timeout on EAPOL-TX (M1 retry) from hostapd") 3265 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2]) 3266 if "OK" not in res: 3267 raise Exception("EAPOL_RX (M1) to wpa_supplicant failed") 3268 ev = dev[0].wait_event(["EAPOL-TX"], timeout=5) 3269 if ev is None: 3270 raise Exception("Timeout on EAPOL-TX (M2) from wpa_supplicant") 3271 dev[0].dump_monitor() 3272 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2]) 3273 if "OK" not in res: 3274 raise Exception("EAPOL_RX (M2) to hostapd failed") 3275 3276 ev = hapd.wait_event(["EAPOL-TX"], timeout=5) 3277 if ev is None: 3278 raise Exception("Timeout on EAPOL-TX (M3) from hostapd") 3279 ev = hapd.wait_event(["EAPOL-TX"], timeout=2) 3280 if ev is not None: 3281 raise Exception("Unexpected EAPOL-TX M3 retry from hostapd") 3282 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=3) 3283 if ev is None: 3284 raise Exception("Disconnection not reported") 3285 dev[0].request("REMOVE_NETWORK all") 3286 dev[0].dump_monitor() 3287 3288def test_ap_wpa2_disable_eapol_retry_group(dev, apdev): 3289 """WPA2-PSK disable EAPOL-Key retry for group handshake""" 3290 ssid = "test-wpa2-psk" 3291 passphrase = 'qwertyuiop' 3292 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 3293 params['wpa_disable_eapol_key_retries'] = '1' 3294 params['wpa_strict_rekey'] = '1' 3295 hapd = hostapd.add_ap(apdev[0], params) 3296 bssid = apdev[0]['bssid'] 3297 3298 id = dev[1].connect(ssid, psk=passphrase, scan_freq="2412") 3299 hapd.wait_sta() 3300 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 3301 hapd.wait_sta() 3302 dev[0].dump_monitor() 3303 addr = dev[0].own_addr() 3304 3305 dev[1].request("DISCONNECT") 3306 dev[1].wait_disconnected() 3307 ev = dev[0].wait_event(["RSN: Group rekeying completed"], timeout=2) 3308 if ev is None: 3309 raise Exception("GTK rekey timed out") 3310 dev[1].request("RECONNECT") 3311 dev[1].wait_connected() 3312 hapd.wait_sta() 3313 dev[0].dump_monitor() 3314 3315 hapd.request("SET ext_eapol_frame_io 1") 3316 dev[0].request("SET ext_eapol_frame_io 1") 3317 dev[1].request("DISCONNECT") 3318 3319 ev = hapd.wait_event(["EAPOL-TX"], timeout=5) 3320 if ev is None: 3321 raise Exception("Timeout on EAPOL-TX (group M1) from hostapd") 3322 ev = hapd.wait_event(["EAPOL-TX"], timeout=2) 3323 if ev is not None: 3324 raise Exception("Unexpected EAPOL-TX group M1 retry from hostapd") 3325 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=3) 3326 if ev is None: 3327 raise Exception("Disconnection not reported") 3328 dev[0].request("REMOVE_NETWORK all") 3329 dev[0].dump_monitor() 3330 3331def test_ap_wpa2_psk_mic_0(dev, apdev): 3332 """WPA2-PSK/TKIP and MIC=0 in EAPOL-Key msg 3/4""" 3333 skip_without_tkip(dev[0]) 3334 bssid = apdev[0]['bssid'] 3335 ssid = "test-wpa2-psk" 3336 passphrase = 'qwertyuiop' 3337 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 3338 params['rsn_pairwise'] = "TKIP" 3339 hapd = hostapd.add_ap(apdev[0], params) 3340 hapd.request("SET ext_eapol_frame_io 1") 3341 dev[0].request("SET ext_eapol_frame_io 1") 3342 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False) 3343 addr = dev[0].own_addr() 3344 3345 # EAPOL-Key msg 1/4 3346 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 3347 if ev is None: 3348 raise Exception("Timeout on EAPOL-TX from hostapd") 3349 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2]) 3350 if "OK" not in res: 3351 raise Exception("EAPOL_RX to wpa_supplicant failed") 3352 3353 # EAPOL-Key msg 2/4 3354 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) 3355 if ev is None: 3356 raise Exception("Timeout on EAPOL-TX from wpa_supplicant") 3357 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2]) 3358 if "OK" not in res: 3359 raise Exception("EAPOL_RX to hostapd failed") 3360 dev[0].dump_monitor() 3361 3362 # EAPOL-Key msg 3/4 3363 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 3364 if ev is None: 3365 raise Exception("Timeout on EAPOL-TX from hostapd") 3366 msg3 = ev.split(' ')[2] 3367 res = dev[0].request("EAPOL_RX " + bssid + " " + msg3) 3368 if "OK" not in res: 3369 raise Exception("EAPOL_RX to wpa_supplicant failed") 3370 3371 # EAPOL-Key msg 4/4 3372 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) 3373 if ev is None: 3374 raise Exception("Timeout on EAPOL-TX from wpa_supplicant") 3375 # Do not send to the AP 3376 3377 # EAPOL-Key msg 3/4 with MIC=0 and modifications 3378 eapol_hdr = msg3[0:8] 3379 key_type = msg3[8:10] 3380 key_info = msg3[10:14] 3381 key_length = msg3[14:18] 3382 replay_counter = msg3[18:34] 3383 key_nonce = msg3[34:98] 3384 key_iv = msg3[98:130] 3385 key_rsc = msg3[130:146] 3386 key_id = msg3[146:162] 3387 key_mic = msg3[162:194] 3388 key_data_len = msg3[194:198] 3389 key_data = msg3[198:] 3390 3391 msg3b = eapol_hdr + key_type 3392 msg3b += "12c9" # Clear MIC bit from key_info (originally 13c9) 3393 msg3b += key_length 3394 msg3b += '0000000000000003' 3395 msg3b += key_nonce + key_iv + key_rsc + key_id 3396 msg3b += 32*'0' # Clear MIC value 3397 msg3b += key_data_len + key_data 3398 dev[0].dump_monitor() 3399 res = dev[0].request("EAPOL_RX " + bssid + " " + msg3b) 3400 if "OK" not in res: 3401 raise Exception("EAPOL_RX to wpa_supplicant failed") 3402 ev = dev[0].wait_event(["EAPOL-TX", "WPA: Ignore EAPOL-Key"], timeout=2) 3403 if ev is None: 3404 raise Exception("No event from wpa_supplicant") 3405 if "EAPOL-TX" in ev: 3406 raise Exception("Unexpected EAPOL-Key message from wpa_supplicant") 3407 dev[0].request("DISCONNECT") 3408 3409def test_ap_wpa2_psk_local_error(dev, apdev): 3410 """WPA2-PSK and local error cases on supplicant""" 3411 ssid = "test-wpa2-psk" 3412 passphrase = 'qwertyuiop' 3413 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 3414 params["wpa_key_mgmt"] = "WPA-PSK WPA-PSK-SHA256" 3415 hapd = hostapd.add_ap(apdev[0], params) 3416 3417 with fail_test(dev[0], 1, "sha1_prf;wpa_pmk_to_ptk"): 3418 id = dev[0].connect(ssid, key_mgmt="WPA-PSK", psk=passphrase, 3419 scan_freq="2412", wait_connect=False) 3420 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=5) 3421 if ev is None: 3422 raise Exception("Disconnection event not reported") 3423 dev[0].request("REMOVE_NETWORK all") 3424 dev[0].dump_monitor() 3425 3426 with fail_test(dev[0], 1, "sha256_prf_bits;wpa_pmk_to_ptk"): 3427 id = dev[0].connect(ssid, key_mgmt="WPA-PSK-SHA256", psk=passphrase, 3428 scan_freq="2412", wait_connect=False) 3429 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=5) 3430 if ev is None: 3431 raise Exception("Disconnection event not reported") 3432 dev[0].request("REMOVE_NETWORK all") 3433 dev[0].dump_monitor() 3434 3435def test_ap_wpa2_psk_inject_assoc(dev, apdev, params): 3436 """WPA2-PSK AP and Authentication and Association Request frame injection""" 3437 prefix = "ap_wpa2_psk_inject_assoc" 3438 ifname = apdev[0]["ifname"] 3439 cap = os.path.join(params['logdir'], prefix + "." + ifname + ".pcap") 3440 3441 ssid = "test" 3442 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678") 3443 params["wpa_key_mgmt"] = "WPA-PSK" 3444 hapd = hostapd.add_ap(apdev[0], params) 3445 with WlantestCapture(ifname, cap): 3446 bssid = hapd.own_addr().replace(':', '') 3447 3448 hapd.request("SET ext_mgmt_frame_handling 1") 3449 addr = "021122334455" 3450 auth = "b0003a01" + bssid + addr + bssid + '1000000001000000' 3451 res = hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=%s" % auth) 3452 if "OK" not in res: 3453 raise Exception("MGMT_RX_PROCESS failed") 3454 ev = hapd.wait_event(["MGMT-TX-STATUS"], timeout=5) 3455 if ev is None: 3456 raise Exception("No TX status seen") 3457 ev = ev.replace("ok=0", "ok=1") 3458 cmd = "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev.split(' ')[1:4])) 3459 if "OK" not in hapd.request(cmd): 3460 raise Exception("MGMT_TX_STATUS_PROCESS failed") 3461 3462 assoc = "00003a01" + bssid + addr + bssid + '2000' + '31040500' + '000474657374' + '010802040b160c121824' + '30140100000fac040100000fac040100000fac020000' 3463 res = hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=%s" % assoc) 3464 if "OK" not in res: 3465 raise Exception("MGMT_RX_PROCESS failed") 3466 ev = hapd.wait_event(["MGMT-TX-STATUS"], timeout=5) 3467 if ev is None: 3468 raise Exception("No TX status seen") 3469 ev = ev.replace("ok=0", "ok=1") 3470 cmd = "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev.split(' ')[1:4])) 3471 if "OK" not in hapd.request(cmd): 3472 raise Exception("MGMT_TX_STATUS_PROCESS failed") 3473 hapd.request("SET ext_mgmt_frame_handling 0") 3474 3475 dev[0].connect(ssid, psk="12345678", scan_freq="2412") 3476 hapd.wait_sta() 3477 hwsim_utils.test_connectivity(dev[0], hapd) 3478 time.sleep(1) 3479 hwsim_utils.test_connectivity(dev[0], hapd) 3480 time.sleep(0.5) 3481 3482 # Check for Layer 2 Update frame and unexpected frames from the station 3483 # that did not fully complete authentication. 3484 res = run_tshark(cap, "basicxid.llc.xid.format == 0x81", 3485 ["eth.src"], wait=False) 3486 real_sta_seen = False 3487 unexpected_sta_seen = False 3488 real_addr = dev[0].own_addr() 3489 for l in res.splitlines(): 3490 if l == real_addr: 3491 real_sta_seen = True 3492 else: 3493 unexpected_sta_seen = True 3494 if unexpected_sta_seen: 3495 raise Exception("Layer 2 Update frame from unexpected STA seen") 3496 if not real_sta_seen: 3497 raise Exception("Layer 2 Update frame from real STA not seen") 3498 3499 res = run_tshark(cap, "eth.src == 02:11:22:33:44:55", ["eth.src"], 3500 wait=False) 3501 if len(res) > 0: 3502 raise Exception("Unexpected frame from unauthorized STA seen") 3503 3504def test_ap_wpa2_psk_no_control_port(dev, apdev): 3505 """WPA2-PSK AP without nl80211 control port""" 3506 ssid = "test-wpa2-psk" 3507 passphrase = 'qwertyuiop' 3508 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 3509 params['driver_params'] = "control_port=0" 3510 hapd = hostapd.add_ap(apdev[0], params) 3511 3512 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5') 3513 wpas.interface_add("wlan5", drv_params="control_port=0") 3514 wpas.connect(ssid, psk=passphrase, scan_freq="2412") 3515 hapd.wait_sta() 3516 hwsim_utils.test_connectivity(wpas, hapd) 3517 if "OK" not in wpas.request("KEY_REQUEST 0 1"): 3518 raise Exception("KEY_REQUEST failed") 3519 ev = wpas.wait_event(["WPA: Key negotiation completed"]) 3520 if ev is None: 3521 raise Exception("PTK rekey timed out") 3522 hapd.wait_ptkinitdone(wpas.own_addr()) 3523 hwsim_utils.test_connectivity(wpas, hapd) 3524 wpas.request("DISCONNECT") 3525 wpas.wait_disconnected() 3526 wpas.dump_monitor() 3527 3528def test_ap_wpa2_psk_ap_control_port(dev, apdev): 3529 """WPA2-PSK AP with nl80211 control port in AP mode""" 3530 run_ap_wpa2_psk_ap_control_port(dev, apdev, ctrl_val=1) 3531 3532def test_ap_wpa2_psk_ap_control_port_disabled(dev, apdev): 3533 """WPA2-PSK AP with nl80211 control port in AP mode disabled""" 3534 run_ap_wpa2_psk_ap_control_port(dev, apdev, ctrl_val=0) 3535 3536def run_ap_wpa2_psk_ap_control_port(dev, apdev, ctrl_val): 3537 ssid = "test-wpa2-psk" 3538 passphrase = 'qwertyuiop' 3539 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 3540 params['driver_params'] = "control_port_ap=%d" % ctrl_val 3541 hapd = hostapd.add_ap(apdev[0], params) 3542 3543 flags = hapd.request("DRIVER_FLAGS").splitlines()[1:] 3544 flags2 = hapd.request("DRIVER_FLAGS2").splitlines()[1:] 3545 logger.info("AP driver flags: " + str(flags)) 3546 logger.info("AP driver flags2: " + str(flags2)) 3547 if 'CONTROL_PORT' not in flags or 'CONTROL_PORT_RX' not in flags2: 3548 raise HwsimSkip("No AP driver support for CONTROL_PORT") 3549 3550 flags = dev[0].request("DRIVER_FLAGS").splitlines()[1:] 3551 flags2 = dev[0].request("DRIVER_FLAGS2").splitlines()[1:] 3552 logger.info("STA driver flags: " + str(flags)) 3553 logger.info("STA driver flags2: " + str(flags2)) 3554 if 'CONTROL_PORT' not in flags or 'CONTROL_PORT_RX' not in flags2: 3555 raise HwsimSkip("No STA driver support for CONTROL_PORT") 3556 3557 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 3558 hapd.wait_sta() 3559 hwsim_utils.test_connectivity(dev[0], hapd) 3560 if "OK" not in dev[0].request("KEY_REQUEST 0 1"): 3561 raise Exception("KEY_REQUEST failed") 3562 ev = dev[0].wait_event(["WPA: Key negotiation completed"]) 3563 if ev is None: 3564 raise Exception("PTK rekey timed out") 3565 hapd.wait_ptkinitdone(dev[0].own_addr()) 3566 hwsim_utils.test_connectivity(dev[0], hapd) 3567 3568def test_ap_wpa2_psk_rsne_mismatch_ap(dev, apdev): 3569 """RSNE mismatch in EAPOL-Key msg 3/4""" 3570 ie = "30140100000fac040100000fac040100000fac020c80" 3571 run_ap_wpa2_psk_rsne_mismatch_ap(dev, apdev, ie) 3572 3573def test_ap_wpa2_psk_rsne_mismatch_ap2(dev, apdev): 3574 """RSNE mismatch in EAPOL-Key msg 3/4""" 3575 ie = "30150100000fac040100000fac040100000fac020c0000" 3576 run_ap_wpa2_psk_rsne_mismatch_ap(dev, apdev, ie) 3577 3578def test_ap_wpa2_psk_rsne_mismatch_ap3(dev, apdev): 3579 """RSNE mismatch in EAPOL-Key msg 3/4""" 3580 run_ap_wpa2_psk_rsne_mismatch_ap(dev, apdev, "") 3581 3582def run_ap_wpa2_psk_rsne_mismatch_ap(dev, apdev, rsne): 3583 params = hostapd.wpa2_params(ssid="psk", passphrase="12345678") 3584 params['rsne_override_eapol'] = rsne 3585 hapd = hostapd.add_ap(apdev[0], params) 3586 3587 dev[0].connect("psk", psk="12345678", scan_freq="2412", wait_connect=False) 3588 ev = dev[0].wait_event(["Associated with"], timeout=10) 3589 if ev is None: 3590 raise Exception("No indication of association seen") 3591 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED", 3592 "CTRL-EVENT-DISCONNECTED"], timeout=5) 3593 dev[0].request("REMOVE_NETWORK all") 3594 if ev is None: 3595 raise Exception("No disconnection seen") 3596 if "CTRL-EVENT-DISCONNECTED" not in ev: 3597 raise Exception("Unexpected connection") 3598 if "reason=17 locally_generated=1" not in ev: 3599 raise Exception("Unexpected disconnection reason: " + ev) 3600 3601def test_ap_wpa2_psk_rsnxe_mismatch_ap(dev, apdev): 3602 """RSNXE mismatch in EAPOL-Key msg 3/4""" 3603 params = hostapd.wpa2_params(ssid="psk", passphrase="12345678") 3604 params['rsnxe_override_eapol'] = "F40100" 3605 hapd = hostapd.add_ap(apdev[0], params) 3606 3607 dev[0].connect("psk", psk="12345678", scan_freq="2412", wait_connect=False) 3608 ev = dev[0].wait_event(["Associated with"], timeout=10) 3609 if ev is None: 3610 raise Exception("No indication of association seen") 3611 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED", 3612 "CTRL-EVENT-DISCONNECTED"], timeout=5) 3613 dev[0].request("REMOVE_NETWORK all") 3614 if ev is None: 3615 raise Exception("No disconnection seen") 3616 if "CTRL-EVENT-DISCONNECTED" not in ev: 3617 raise Exception("Unexpected connection") 3618 if "reason=17 locally_generated=1" not in ev: 3619 raise Exception("Unexpected disconnection reason: " + ev) 3620 3621def test_ap_wpa2_psk_ext_key_id_ptk_rekey_ap0(dev, apdev): 3622 """WPA2-PSK AP and PTK rekey by AP (disabled on STA)""" 3623 run_ap_wpa2_psk_ext_key_id_ptk_rekey_ap(dev, apdev, 1, 0) 3624 3625def test_ap_wpa2_psk_ext_key_id_ptk_rekey_ap1(dev, apdev): 3626 """WPA2-PSK AP and PTK rekey by AP (start with Key ID 0)""" 3627 run_ap_wpa2_psk_ext_key_id_ptk_rekey_ap(dev, apdev, 1, 1) 3628 3629def test_ap_wpa2_psk_ext_key_id_ptk_rekey_ap2(dev, apdev): 3630 """WPA2-PSK AP and PTK rekey by AP (start with Key ID 1)""" 3631 run_ap_wpa2_psk_ext_key_id_ptk_rekey_ap(dev, apdev, 2, 1) 3632 3633def run_ap_wpa2_psk_ext_key_id_ptk_rekey_ap(dev, apdev, ap_ext_key_id, 3634 sta_ext_key_id): 3635 check_ext_key_id_capa(dev[0]) 3636 ssid = "test-wpa2-psk" 3637 passphrase = 'qwertyuiop' 3638 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 3639 params['wpa_ptk_rekey'] = '2' 3640 params['extended_key_id'] = str(ap_ext_key_id) 3641 hapd = hostapd.add_ap(apdev[0], params) 3642 check_ext_key_id_capa(hapd) 3643 try: 3644 dev[0].set("extended_key_id", str(sta_ext_key_id)) 3645 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 3646 idx = int(dev[0].request("GET last_tk_key_idx")) 3647 expect_idx = 1 if ap_ext_key_id == 2 and sta_ext_key_id else 0 3648 if idx != expect_idx: 3649 raise Exception("Unexpected Key ID for the first TK: %d (expected %d)" % (idx, expect_idx)) 3650 ev = dev[0].wait_event(["WPA: Key negotiation completed"]) 3651 if ev is None: 3652 raise Exception("PTK rekey timed out") 3653 idx = int(dev[0].request("GET last_tk_key_idx")) 3654 expect_idx = 1 if ap_ext_key_id == 1 and sta_ext_key_id else 0 3655 if idx != expect_idx: 3656 raise Exception("Unexpected Key ID for the second TK: %d (expected %d)" % (idx, expect_idx)) 3657 hwsim_utils.test_connectivity(dev[0], hapd) 3658 finally: 3659 dev[0].set("extended_key_id", "0") 3660 3661def test_ap_wpa2_psk_ext_key_id_ptk_rekey_sta0(dev, apdev): 3662 """Extended Key ID and PTK rekey by station (Ext Key ID disabled on AP)""" 3663 run_ap_wpa2_psk_ext_key_id_ptk_rekey_sta(dev, apdev, 0) 3664 3665def test_ap_wpa2_psk_ext_key_id_ptk_rekey_sta1(dev, apdev): 3666 """Extended Key ID and PTK rekey by station (start with Key ID 0)""" 3667 run_ap_wpa2_psk_ext_key_id_ptk_rekey_sta(dev, apdev, 1) 3668 3669def test_ap_wpa2_psk_ext_key_id_ptk_rekey_sta2(dev, apdev): 3670 """Extended Key ID and PTK rekey by station (start with Key ID 1)""" 3671 run_ap_wpa2_psk_ext_key_id_ptk_rekey_sta(dev, apdev, 2) 3672 3673def run_ap_wpa2_psk_ext_key_id_ptk_rekey_sta(dev, apdev, ext_key_id): 3674 check_ext_key_id_capa(dev[0]) 3675 ssid = "test-wpa2-psk" 3676 passphrase = 'qwertyuiop' 3677 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 3678 params['extended_key_id'] = str(ext_key_id) 3679 hapd = hostapd.add_ap(apdev[0], params) 3680 check_ext_key_id_capa(hapd) 3681 3682 Wlantest.setup(hapd) 3683 wt = Wlantest() 3684 wt.flush() 3685 wt.add_passphrase(passphrase) 3686 3687 try: 3688 dev[0].set("extended_key_id", "1") 3689 dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", 3690 scan_freq="2412") 3691 idx = int(dev[0].request("GET last_tk_key_idx")) 3692 expect_idx = 1 if ext_key_id == 2 else 0 3693 if idx != expect_idx: 3694 raise Exception("Unexpected Key ID for the first TK: %d (expected %d)" % (idx, expect_idx)) 3695 ev = dev[0].wait_event(["WPA: Key negotiation completed", 3696 "CTRL-EVENT-DISCONNECTED"]) 3697 if ev is None: 3698 raise Exception("PTK rekey timed out") 3699 if "CTRL-EVENT-DISCONNECTED" in ev: 3700 raise Exception("Disconnect instead of rekey") 3701 idx = int(dev[0].request("GET last_tk_key_idx")) 3702 expect_idx = 1 if ext_key_id == 1 else 0 3703 if idx != expect_idx: 3704 raise Exception("Unexpected Key ID for the second TK: %d (expected %d)" % (idx, expect_idx)) 3705 hwsim_utils.test_connectivity(dev[0], hapd) 3706 finally: 3707 dev[0].set("extended_key_id", "0") 3708 3709def test_ap_wpa2_psk_4addr(dev, apdev): 3710 """WPA2-PSK and STA using 4addr mode""" 3711 br_ifname = 'sta-br0' 3712 ssid = "test-wpa2-psk" 3713 passphrase = 'qwertyuiop' 3714 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 3715 hapd = hostapd.add_ap(apdev[0], params) 3716 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", 3717 enable_4addr_mode="1") 3718 3719 # Verify that the station interface can be added into a bridge. 3720 ifname = dev[0].ifname 3721 try: 3722 subprocess.check_call(['brctl', 'addbr', br_ifname]) 3723 subprocess.check_call(['ip', 'link', 'set', 'dev', br_ifname, 'up']) 3724 subprocess.check_call(['brctl', 'addif', br_ifname, ifname]) 3725 cmd = subprocess.Popen(['brctl', 'show'], stdout=subprocess.PIPE) 3726 res = cmd.stdout.read().decode() 3727 finally: 3728 subprocess.call(['brctl', 'delif', br_ifname, ifname]) 3729 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'down']) 3730 subprocess.call(['brctl', 'delbr', br_ifname]) 3731 3732 found = False 3733 for s in res.splitlines(): 3734 vals = s.split() 3735 if br_ifname in vals and ifname in vals: 3736 found = True 3737 if not found: 3738 raise Exception("Station interface was not seen in the bridge") 3739 3740def test_rsn_eapol_m1_extra(dev, apdev): 3741 """Extra element and KDE in EAPOL-Key msg 1/4""" 3742 ssid = "test-rsn" 3743 passphrase = 'qwertyuiop' 3744 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 3745 # Add a reserved element and KDE into EAPOL-Key msg 1/4 3746 params['eapol_m1_elements'] = '02051122334455' + 'dd05000facff11' 3747 hapd = hostapd.add_ap(apdev[0], params) 3748 3749 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 3750 3751def test_rsn_eapol_m3_extra(dev, apdev): 3752 """Extra element and KDE in EAPOL-Key msg 3/4""" 3753 ssid = "test-rsn" 3754 passphrase = 'qwertyuiop' 3755 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 3756 # Add a reserved element and KDE into EAPOL-Key msg 3/4 3757 params['eapol_m3_elements'] = '02051122334455' + 'dd05000facff11' 3758 hapd = hostapd.add_ap(apdev[0], params) 3759 3760 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 3761 3762def test_rsn_eapol_m3_no_encrypt(dev, apdev): 3763 """EAPOL-Key msg 3/4 Key Data field not encrypted""" 3764 ssid = "test-rsn" 3765 passphrase = 'qwertyuiop' 3766 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 3767 # Add a reserved element and KDE into EAPOL-Key msg 3/4 3768 params['eapol_m3_no_encrypt'] = '1' 3769 hapd = hostapd.add_ap(apdev[0], params) 3770 3771 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False) 3772 ev = dev[0].wait_event(["WPA: GTK IE in unencrypted key data"], timeout=10) 3773 if ev is None: 3774 raise Exception("Unencrypted GTK KDE not rejected") 3775 dev[0].request("DISCONNECT") 3776 dev[0].wait_disconnected() 3777 3778def test_rsn_eapol_m2_extra(dev, apdev): 3779 """Extra element and KDE in EAPOL-Key msg 2/4""" 3780 ssid = "test-rsn" 3781 passphrase = 'qwertyuiop' 3782 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 3783 hapd = hostapd.add_ap(apdev[0], params) 3784 3785 # Add a reserved element and KDE into EAPOL-Key msg 2/4 3786 elems = '02051122334455' + 'dd05000facff11' 3787 if "OK" not in dev[0].request("TEST_EAPOL_M2_ELEMS " + elems): 3788 raise Exception("Failed to add test elements") 3789 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 3790 hapd.wait_sta() 3791 3792def test_rsn_eapol_m4_extra(dev, apdev): 3793 """Extra element and KDE in EAPOL-Key msg 4/4""" 3794 ssid = "test-rsn" 3795 passphrase = 'qwertyuiop' 3796 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 3797 hapd = hostapd.add_ap(apdev[0], params) 3798 3799 # Add a reserved element and KDE into EAPOL-Key msg 4/4 3800 elems = '02051122334455' + 'dd05000facff11' 3801 if "OK" not in dev[0].request("TEST_EAPOL_M4_ELEMS " + elems): 3802 raise Exception("Failed to add test elements") 3803 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 3804 hapd.wait_sta() 3805 3806def test_rsn_eapol_m2_encrypt(dev, apdev): 3807 """Encrypted Key Data field in EAPOL-Key msg 2/4""" 3808 ssid = "test-rsn" 3809 passphrase = 'qwertyuiop' 3810 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 3811 hapd = hostapd.add_ap(apdev[0], params) 3812 3813 # Add a reserved element and KDE into EAPOL-Key msg 2/4 and request the 3814 # Key Data field to be encrypted. 3815 elems = '02051122334455' + 'dd05000facff11' 3816 if "OK" not in dev[0].request("TEST_EAPOL_M2_ELEMS " + elems): 3817 raise Exception("Failed to add test elements") 3818 dev[0].set("encrypt_eapol_m2", "1") 3819 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 3820 hapd.wait_sta() 3821 3822def test_rsn_eapol_m4_encrypt(dev, apdev): 3823 """Encrypted Key Data field in EAPOL-Key msg 4/4""" 3824 ssid = "test-rsn" 3825 passphrase = 'qwertyuiop' 3826 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 3827 hapd = hostapd.add_ap(apdev[0], params) 3828 3829 # Add a reserved element and KDE into EAPOL-Key msg 4/4 and request the 3830 # Key Data field to be encrypted. 3831 elems = '02051122334455' + 'dd05000facff11' 3832 if "OK" not in dev[0].request("TEST_EAPOL_M4_ELEMS " + elems): 3833 raise Exception("Failed to add test elements") 3834 dev[0].set("encrypt_eapol_m4", "1") 3835 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 3836 hapd.wait_sta() 3837
