1# WPA2-Personal tests 2# Copyright (c) 2014, Qualcomm Atheros, Inc. 3# 4# This software may be distributed under the terms of the BSD license. 5# See README for more details. 6 7from remotehost import remote_compatible 8import binascii 9try: 10 from Cryptodome.Cipher import AES 11except ImportError: 12 from Crypto.Cipher import AES 13import hashlib 14import hmac 15import logging 16logger = logging.getLogger() 17import os 18import re 19import socket 20import struct 21import subprocess 22import time 23 24import hostapd 25from utils import * 26import hwsim_utils 27from wpasupplicant import WpaSupplicant 28from tshark import run_tshark 29from wlantest import WlantestCapture, Wlantest 30 31def check_mib(dev, vals): 32 mib = dev.get_mib() 33 for v in vals: 34 if mib[v[0]] != v[1]: 35 raise Exception("Unexpected {} = {} (expected {})".format(v[0], mib[v[0]], v[1])) 36 37@remote_compatible 38def test_ap_wpa2_psk(dev, apdev): 39 """WPA2-PSK AP with PSK instead of passphrase""" 40 ssid = "test-wpa2-psk" 41 passphrase = 'qwertyuiop' 42 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6' 43 params = hostapd.wpa2_params(ssid=ssid) 44 params['wpa_psk'] = psk 45 hapd = hostapd.add_ap(apdev[0], params) 46 key_mgmt = hapd.get_config()['key_mgmt'] 47 if key_mgmt.split(' ')[0] != "WPA-PSK": 48 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt) 49 dev[0].connect(ssid, raw_psk=psk, scan_freq="2412") 50 dev[1].connect(ssid, psk=passphrase, scan_freq="2412") 51 52 sig = dev[0].request("SIGNAL_POLL").splitlines() 53 pkt = dev[0].request("PKTCNT_POLL").splitlines() 54 if "FREQUENCY=2412" not in sig: 55 raise Exception("Unexpected SIGNAL_POLL value: " + str(sig)) 56 if "TXBAD=0" not in pkt: 57 raise Exception("Unexpected TXBAD value: " + str(pkt)) 58 59def test_ap_wpa2_psk_file(dev, apdev): 60 """WPA2-PSK AP with PSK from a file""" 61 ssid = "test-wpa2-psk" 62 passphrase = 'qwertyuiop' 63 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6' 64 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 65 params['wpa_psk_file'] = 'hostapd.wpa_psk' 66 hostapd.add_ap(apdev[0], params) 67 dev[1].connect(ssid, psk="very secret", scan_freq="2412", wait_connect=False) 68 dev[2].connect(ssid, raw_psk=psk, scan_freq="2412") 69 dev[2].request("REMOVE_NETWORK all") 70 dev[0].connect(ssid, psk="very secret", scan_freq="2412") 71 dev[0].request("REMOVE_NETWORK all") 72 dev[2].connect(ssid, psk="another passphrase for all STAs", scan_freq="2412") 73 dev[0].connect(ssid, psk="another passphrase for all STAs", scan_freq="2412") 74 ev = dev[1].wait_event(["WPA: 4-Way Handshake failed"], timeout=10) 75 if ev is None: 76 raise Exception("Timed out while waiting for failure report") 77 dev[1].request("REMOVE_NETWORK all") 78 79def check_no_keyid(hapd, dev): 80 addr = dev.own_addr() 81 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=1) 82 if ev is None: 83 raise Exception("No AP-STA-CONNECTED indicated") 84 if addr not in ev: 85 raise Exception("AP-STA-CONNECTED for unexpected STA") 86 if "keyid=" in ev: 87 raise Exception("Unexpected keyid indication") 88 89def check_keyid(hapd, dev, keyid): 90 addr = dev.own_addr() 91 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=1) 92 if ev is None: 93 raise Exception("No AP-STA-CONNECTED indicated") 94 if addr not in ev: 95 raise Exception("AP-STA-CONNECTED for unexpected STA") 96 if "keyid=" + keyid not in ev: 97 raise Exception("Incorrect keyid indication") 98 sta = hapd.get_sta(addr) 99 if 'keyid' not in sta or sta['keyid'] != keyid: 100 raise Exception("Incorrect keyid in STA output") 101 dev.request("REMOVE_NETWORK all") 102 103def check_disconnect(dev, expected): 104 for i in range(2): 105 if expected[i]: 106 dev[i].wait_disconnected() 107 dev[i].request("REMOVE_NETWORK all") 108 else: 109 ev = dev[i].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=0.1) 110 if ev is not None: 111 raise Exception("Unexpected disconnection") 112 dev[i].request("REMOVE_NETWORK all") 113 dev[i].wait_disconnected() 114 115def test_ap_wpa2_psk_file_keyid(dev, apdev, params): 116 """WPA2-PSK AP with PSK from a file (keyid and reload)""" 117 psk_file = os.path.join(params['logdir'], 'ap_wpa2_psk_file_keyid.wpa_psk') 118 with open(psk_file, 'w') as f: 119 f.write('00:00:00:00:00:00 secret passphrase\n') 120 f.write('02:00:00:00:00:00 very secret\n') 121 f.write('00:00:00:00:00:00 another passphrase for all STAs\n') 122 ssid = "test-wpa2-psk" 123 params = hostapd.wpa2_params(ssid=ssid, passphrase='qwertyuiop') 124 params['wpa_psk_file'] = psk_file 125 hapd = hostapd.add_ap(apdev[0], params) 126 127 dev[0].connect(ssid, psk="very secret", scan_freq="2412") 128 check_no_keyid(hapd, dev[0]) 129 130 dev[1].connect(ssid, psk="another passphrase for all STAs", 131 scan_freq="2412") 132 check_no_keyid(hapd, dev[1]) 133 134 dev[2].connect(ssid, psk="qwertyuiop", scan_freq="2412") 135 check_no_keyid(hapd, dev[2]) 136 137 with open(psk_file, 'w') as f: 138 f.write('00:00:00:00:00:00 secret passphrase\n') 139 f.write('02:00:00:00:00:00 very secret\n') 140 f.write('00:00:00:00:00:00 changed passphrase\n') 141 if "OK" not in hapd.request("RELOAD_WPA_PSK"): 142 raise Exception("RELOAD_WPA_PSK failed") 143 144 check_disconnect(dev, [False, True, False]) 145 146 with open(psk_file, 'w') as f: 147 f.write('00:00:00:00:00:00 secret passphrase\n') 148 f.write('keyid=foo 02:00:00:00:00:00 very secret\n') 149 f.write('keyid=bar 00:00:00:00:00:00 another passphrase for all STAs\n') 150 if "OK" not in hapd.request("RELOAD_WPA_PSK"): 151 raise Exception("RELOAD_WPA_PSK failed") 152 153 dev[0].connect(ssid, psk="very secret", scan_freq="2412") 154 check_keyid(hapd, dev[0], "foo") 155 156 dev[1].connect(ssid, psk="another passphrase for all STAs", 157 scan_freq="2412") 158 check_keyid(hapd, dev[1], "bar") 159 160 dev[2].connect(ssid, psk="qwertyuiop", scan_freq="2412") 161 check_no_keyid(hapd, dev[2]) 162 163 dev[0].wait_disconnected() 164 dev[0].connect(ssid, psk="secret passphrase", scan_freq="2412") 165 check_no_keyid(hapd, dev[0]) 166 167 with open(psk_file, 'w') as f: 168 f.write('# empty\n') 169 if "OK" not in hapd.request("RELOAD_WPA_PSK"): 170 raise Exception("RELOAD_WPA_PSK failed") 171 172 check_disconnect(dev, [True, True, False]) 173 174 with open(psk_file, 'w') as f: 175 f.write('broken\n') 176 if "FAIL" not in hapd.request("RELOAD_WPA_PSK"): 177 raise Exception("RELOAD_WPA_PSK succeeded with invalid file") 178 179@remote_compatible 180def test_ap_wpa2_psk_mem(dev, apdev): 181 """WPA2-PSK AP with passphrase only in memory""" 182 try: 183 _test_ap_wpa2_psk_mem(dev, apdev) 184 finally: 185 dev[0].request("SCAN_INTERVAL 5") 186 dev[1].request("SCAN_INTERVAL 5") 187 188def _test_ap_wpa2_psk_mem(dev, apdev): 189 ssid = "test-wpa2-psk" 190 passphrase = 'qwertyuiop' 191 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6' 192 params = hostapd.wpa2_params(ssid=ssid) 193 params['wpa_psk'] = psk 194 hapd = hostapd.add_ap(apdev[0], params) 195 196 dev[0].connect(ssid, mem_only_psk="1", scan_freq="2412", wait_connect=False) 197 dev[0].request("SCAN_INTERVAL 1") 198 ev = dev[0].wait_event(["CTRL-REQ-PSK_PASSPHRASE"], timeout=10) 199 if ev is None: 200 raise Exception("Request for PSK/passphrase timed out") 201 id = ev.split(':')[0].split('-')[-1] 202 dev[0].request("CTRL-RSP-PSK_PASSPHRASE-" + id + ':"' + passphrase + '"') 203 dev[0].wait_connected(timeout=10) 204 205 dev[1].connect(ssid, mem_only_psk="1", scan_freq="2412", wait_connect=False) 206 dev[1].request("SCAN_INTERVAL 1") 207 ev = dev[1].wait_event(["CTRL-REQ-PSK_PASSPHRASE"], timeout=10) 208 if ev is None: 209 raise Exception("Request for PSK/passphrase timed out(2)") 210 id = ev.split(':')[0].split('-')[-1] 211 dev[1].request("CTRL-RSP-PSK_PASSPHRASE-" + id + ':' + psk) 212 dev[1].wait_connected(timeout=10) 213 214@remote_compatible 215def test_ap_wpa2_ptk_rekey(dev, apdev): 216 """WPA2-PSK AP and PTK rekey enforced by station""" 217 ssid = "test-wpa2-psk" 218 passphrase = 'qwertyuiop' 219 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 220 hapd = hostapd.add_ap(apdev[0], params) 221 222 Wlantest.setup(hapd) 223 wt = Wlantest() 224 wt.flush() 225 wt.add_passphrase(passphrase) 226 227 dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412") 228 ev = dev[0].wait_event(["WPA: Key negotiation completed", 229 "CTRL-EVENT-DISCONNECTED"]) 230 if ev is None: 231 raise Exception("PTK rekey timed out") 232 if "CTRL-EVENT-DISCONNECTED" in ev: 233 raise Exception("Disconnect instead of rekey") 234 hwsim_utils.test_connectivity(dev[0], hapd) 235 236def test_ap_wpa2_ptk_rekey_blocked_ap(dev, apdev): 237 """WPA2-PSK AP and PTK rekey enforced by station and AP blocking it""" 238 ssid = "test-wpa2-psk" 239 passphrase = 'qwertyuiop' 240 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 241 params['wpa_deny_ptk0_rekey'] = "2" 242 hapd = hostapd.add_ap(apdev[0], params) 243 conf = hapd.request("GET_CONFIG").splitlines() 244 if "wpa_deny_ptk0_rekey=2" not in conf: 245 raise Exception("wpa_deny_ptk0_rekey value not in GET_CONFIG") 246 dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412") 247 ev = dev[0].wait_event(["WPA: Key negotiation completed", 248 "CTRL-EVENT-DISCONNECTED"]) 249 if ev is None: 250 raise Exception("PTK rekey timed out") 251 if "WPA: Key negotiation completed" in ev: 252 raise Exception("No disconnect, PTK rekey succeeded") 253 ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=1.1) 254 if ev is None: 255 raise Exception("Reconnect too slow") 256 257def test_ap_wpa2_ptk_rekey_blocked_sta(dev, apdev): 258 """WPA2-PSK AP and PTK rekey enforced by station while also blocking it""" 259 ssid = "test-wpa2-psk" 260 passphrase = 'qwertyuiop' 261 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 262 hapd = hostapd.add_ap(apdev[0], params) 263 dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412", 264 wpa_deny_ptk0_rekey="2") 265 ev = dev[0].wait_event(["WPA: Key negotiation completed", 266 "CTRL-EVENT-DISCONNECTED"]) 267 if ev is None: 268 raise Exception("PTK rekey timed out") 269 if "WPA: Key negotiation completed" in ev: 270 raise Exception("No disconnect, PTK rekey succeeded") 271 ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=1.1) 272 if ev is None: 273 raise Exception("Reconnect too slow") 274 275def test_ap_wpa2_ptk_rekey_anonce(dev, apdev): 276 """WPA2-PSK AP and PTK rekey enforced by station and ANonce change""" 277 ssid = "test-wpa2-psk" 278 passphrase = 'qwertyuiop' 279 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 280 hapd = hostapd.add_ap(apdev[0], params) 281 dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412") 282 dev[0].dump_monitor() 283 anonce1 = dev[0].request("GET anonce") 284 if "OK" not in dev[0].request("KEY_REQUEST 0 1"): 285 raise Exception("KEY_REQUEST failed") 286 ev = dev[0].wait_event(["WPA: Key negotiation completed"]) 287 if ev is None: 288 raise Exception("PTK rekey timed out") 289 anonce2 = dev[0].request("GET anonce") 290 if anonce1 == anonce2: 291 raise Exception("AP did not update ANonce in requested PTK rekeying") 292 hwsim_utils.test_connectivity(dev[0], hapd) 293 294@remote_compatible 295def test_ap_wpa2_ptk_rekey_ap(dev, apdev): 296 """WPA2-PSK AP and PTK rekey enforced by AP""" 297 ssid = "test-wpa2-psk" 298 passphrase = 'qwertyuiop' 299 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 300 params['wpa_ptk_rekey'] = '2' 301 hapd = hostapd.add_ap(apdev[0], params) 302 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 303 ev = dev[0].wait_event(["WPA: Key negotiation completed"]) 304 if ev is None: 305 raise Exception("PTK rekey timed out") 306 hwsim_utils.test_connectivity(dev[0], hapd) 307 308@remote_compatible 309def test_ap_wpa2_sha256_ptk_rekey(dev, apdev): 310 """WPA2-PSK/SHA256 AKM AP and PTK rekey enforced by station""" 311 ssid = "test-wpa2-psk" 312 passphrase = 'qwertyuiop' 313 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 314 params["wpa_key_mgmt"] = "WPA-PSK-SHA256" 315 hapd = hostapd.add_ap(apdev[0], params) 316 dev[0].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK-SHA256", 317 wpa_ptk_rekey="1", scan_freq="2412") 318 ev = dev[0].wait_event(["WPA: Key negotiation completed"]) 319 if ev is None: 320 raise Exception("PTK rekey timed out") 321 hwsim_utils.test_connectivity(dev[0], hapd) 322 check_mib(dev[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-6"), 323 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-6")]) 324 325@remote_compatible 326def test_ap_wpa2_sha256_ptk_rekey_ap(dev, apdev): 327 """WPA2-PSK/SHA256 AKM AP and PTK rekey enforced by AP""" 328 ssid = "test-wpa2-psk" 329 passphrase = 'qwertyuiop' 330 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 331 params["wpa_key_mgmt"] = "WPA-PSK-SHA256" 332 params['wpa_ptk_rekey'] = '2' 333 hapd = hostapd.add_ap(apdev[0], params) 334 dev[0].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK-SHA256", 335 scan_freq="2412") 336 ev = dev[0].wait_event(["WPA: Key negotiation completed"]) 337 if ev is None: 338 raise Exception("PTK rekey timed out") 339 hwsim_utils.test_connectivity(dev[0], hapd) 340 check_mib(dev[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-6"), 341 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-6")]) 342 343@remote_compatible 344def test_ap_wpa_ptk_rekey(dev, apdev): 345 """WPA-PSK/TKIP AP and PTK rekey enforced by station""" 346 skip_with_fips(dev[0]) 347 skip_without_tkip(dev[0]) 348 ssid = "test-wpa-psk" 349 passphrase = 'qwertyuiop' 350 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase) 351 hapd = hostapd.add_ap(apdev[0], params) 352 dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412") 353 if "[WPA-PSK-TKIP]" not in dev[0].request("SCAN_RESULTS"): 354 raise Exception("Scan results missing WPA element info") 355 ev = dev[0].wait_event(["WPA: Key negotiation completed"]) 356 if ev is None: 357 raise Exception("PTK rekey timed out") 358 hwsim_utils.test_connectivity(dev[0], hapd) 359 360@remote_compatible 361def test_ap_wpa_ptk_rekey_ap(dev, apdev): 362 """WPA-PSK/TKIP AP and PTK rekey enforced by AP""" 363 skip_with_fips(dev[0]) 364 skip_without_tkip(dev[0]) 365 ssid = "test-wpa-psk" 366 passphrase = 'qwertyuiop' 367 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase) 368 params['wpa_ptk_rekey'] = '2' 369 hapd = hostapd.add_ap(apdev[0], params) 370 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 371 ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=10) 372 if ev is None: 373 raise Exception("PTK rekey timed out") 374 hwsim_utils.test_connectivity(dev[0], hapd) 375 376@remote_compatible 377def test_ap_wpa_ccmp(dev, apdev): 378 """WPA-PSK/CCMP""" 379 ssid = "test-wpa-psk" 380 passphrase = 'qwertyuiop' 381 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase) 382 params['wpa_pairwise'] = "CCMP" 383 hapd = hostapd.add_ap(apdev[0], params) 384 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 385 hapd.wait_sta() 386 hwsim_utils.test_connectivity(dev[0], hapd) 387 check_mib(dev[0], [("dot11RSNAConfigGroupCipherSize", "128"), 388 ("dot11RSNAGroupCipherRequested", "00-50-f2-4"), 389 ("dot11RSNAPairwiseCipherRequested", "00-50-f2-4"), 390 ("dot11RSNAAuthenticationSuiteRequested", "00-50-f2-2"), 391 ("dot11RSNAGroupCipherSelected", "00-50-f2-4"), 392 ("dot11RSNAPairwiseCipherSelected", "00-50-f2-4"), 393 ("dot11RSNAAuthenticationSuiteSelected", "00-50-f2-2"), 394 ("dot1xSuppSuppControlledPortStatus", "Authorized")]) 395 396def test_ap_wpa2_psk_file_errors(dev, apdev): 397 """WPA2-PSK AP with various PSK file error and success cases""" 398 addr0 = dev[0].own_addr() 399 addr1 = dev[1].own_addr() 400 addr2 = dev[2].own_addr() 401 ssid = "psk" 402 pskfile = "/tmp/ap_wpa2_psk_file_errors.psk_file" 403 try: 404 os.remove(pskfile) 405 except: 406 pass 407 408 params = {"ssid": ssid, "wpa": "2", "wpa_key_mgmt": "WPA-PSK", 409 "rsn_pairwise": "CCMP", "wpa_psk_file": pskfile} 410 411 try: 412 # missing PSK file 413 hapd = hostapd.add_ap(apdev[0], params, no_enable=True) 414 if "FAIL" not in hapd.request("ENABLE"): 415 raise Exception("Unexpected ENABLE success") 416 hapd.request("DISABLE") 417 418 # invalid MAC address 419 with open(pskfile, "w") as f: 420 f.write("\n") 421 f.write("foo\n") 422 if "FAIL" not in hapd.request("ENABLE"): 423 raise Exception("Unexpected ENABLE success") 424 hapd.request("DISABLE") 425 426 # no PSK on line 427 with open(pskfile, "w") as f: 428 f.write("00:11:22:33:44:55\n") 429 if "FAIL" not in hapd.request("ENABLE"): 430 raise Exception("Unexpected ENABLE success") 431 hapd.request("DISABLE") 432 433 # invalid PSK 434 with open(pskfile, "w") as f: 435 f.write("00:11:22:33:44:55 1234567\n") 436 if "FAIL" not in hapd.request("ENABLE"): 437 raise Exception("Unexpected ENABLE success") 438 hapd.request("DISABLE") 439 440 # empty token at the end of the line 441 with open(pskfile, "w") as f: 442 f.write("=\n") 443 if "FAIL" not in hapd.request("ENABLE"): 444 raise Exception("Unexpected ENABLE success") 445 hapd.request("DISABLE") 446 447 # valid PSK file 448 with open(pskfile, "w") as f: 449 f.write("00:11:22:33:44:55 12345678\n") 450 f.write(addr0 + " 123456789\n") 451 f.write(addr1 + " 123456789a\n") 452 f.write(addr2 + " 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\n") 453 if "FAIL" in hapd.request("ENABLE"): 454 raise Exception("Unexpected ENABLE failure") 455 456 dev[0].connect(ssid, psk="123456789", scan_freq="2412") 457 dev[1].connect(ssid, psk="123456789a", scan_freq="2412") 458 dev[2].connect(ssid, raw_psk="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef", scan_freq="2412") 459 460 finally: 461 try: 462 os.remove(pskfile) 463 except: 464 pass 465 466@remote_compatible 467def test_ap_wpa2_psk_wildcard_ssid(dev, apdev): 468 """WPA2-PSK AP and wildcard SSID configuration""" 469 ssid = "test-wpa2-psk" 470 passphrase = 'qwertyuiop' 471 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6' 472 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 473 hapd = hostapd.add_ap(apdev[0], params) 474 dev[0].connect("", bssid=apdev[0]['bssid'], psk=passphrase, 475 scan_freq="2412") 476 dev[1].connect("", bssid=apdev[0]['bssid'], raw_psk=psk, scan_freq="2412") 477 478@remote_compatible 479def test_ap_wpa2_gtk_rekey(dev, apdev): 480 """WPA2-PSK AP and GTK rekey enforced by AP""" 481 ssid = "test-wpa2-psk" 482 passphrase = 'qwertyuiop' 483 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 484 params['wpa_group_rekey'] = '1' 485 hapd = hostapd.add_ap(apdev[0], params) 486 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 487 ev = dev[0].wait_event(["RSN: Group rekeying completed"], timeout=2) 488 if ev is None: 489 raise Exception("GTK rekey timed out") 490 hwsim_utils.test_connectivity(dev[0], hapd) 491 492def test_ap_wpa2_gtk_rekey_request(dev, apdev): 493 """WPA2-PSK AP and GTK rekey by AP request""" 494 ssid = "test-wpa2-psk" 495 passphrase = 'qwertyuiop' 496 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 497 hapd = hostapd.add_ap(apdev[0], params) 498 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 499 if "OK" not in hapd.request("REKEY_GTK"): 500 raise Exception("REKEY_GTK failed") 501 ev = dev[0].wait_event(["RSN: Group rekeying completed"], timeout=2) 502 if ev is None: 503 raise Exception("GTK rekey timed out") 504 hwsim_utils.test_connectivity(dev[0], hapd) 505 506def test_ap_wpa2_gtk_rekey_failure(dev, apdev): 507 """WPA2-PSK AP and GTK rekey failure""" 508 ssid = "test-wpa2-psk" 509 passphrase = 'qwertyuiop' 510 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 511 hapd = hostapd.add_ap(apdev[0], params) 512 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 513 with fail_test(hapd, 1, "wpa_group_config_group_keys"): 514 if "OK" not in hapd.request("REKEY_GTK"): 515 raise Exception("REKEY_GTK failed") 516 wait_fail_trigger(hapd, "GET_FAIL") 517 ev = dev[0].wait_event(["RSN: Group rekeying completed"], timeout=2) 518 if ev is None: 519 raise Exception("GTK rekey timed out") 520 dev[0].wait_disconnected() 521 522def test_ap_wpa2_gtk_rekey_request(dev, apdev): 523 """WPA2-PSK AP and GTK rekey request from multiple stations""" 524 ssid = "test-wpa2-psk" 525 passphrase = 'qwertyuiop' 526 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 527 hapd = hostapd.add_ap(apdev[0], params) 528 for i in range(3): 529 dev[i].connect(ssid, psk=passphrase, scan_freq="2412") 530 hapd.wait_sta() 531 for i in range(3): 532 if "OK" not in dev[i].request("KEY_REQUEST 0 0"): 533 raise Exception("KEY_REQUEST failed") 534 for i in range(3): 535 ev = dev[i].wait_event(["RSN: Group rekeying completed"], timeout=2) 536 if ev is None: 537 raise Exception("GTK rekey timed out") 538 time.sleep(1) 539 for i in range(3): 540 hwsim_utils.test_connectivity(dev[i], hapd) 541 542def test_ap_wpa2_gtk_rekey_fail_1_sta(dev, apdev): 543 """WPA2-PSK AP and GTK rekey failing with one STA""" 544 ssid = "test-wpa2-psk" 545 passphrase = 'qwertyuiop' 546 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 547 params['wpa_group_rekey'] = '5' 548 hapd = hostapd.add_ap(apdev[0], params) 549 550 dev[1].set("disable_eapol_g2_tx", "1") 551 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 552 dev[1].connect(ssid, psk=passphrase, scan_freq="2412") 553 dev[2].connect(ssid, psk=passphrase, scan_freq="2412") 554 555 ev = dev[0].wait_event(["RSN: Group rekeying completed"], timeout=7) 556 if ev is None: 557 raise Exception("GTK rekey timed out [0]") 558 ev = dev[2].wait_event(["RSN: Group rekeying completed"], timeout=1) 559 if ev is None: 560 raise Exception("GTK rekey timed out [2]") 561 562 disconnected = False 563 for i in range(10): 564 ev = dev[1].wait_event(["RSN: Group rekeying completed", 565 "CTRL-EVENT-DISCONNECTED"], timeout=10) 566 if ev is None: 567 raise Exception("GTK rekey timed out [1]") 568 if "CTRL-EVENT-DISCONNECTED" in ev: 569 if "reason=16" not in ev: 570 raise Exception("Unexpected reason for disconnection: " + ev) 571 disconnected = True 572 break 573 if not disconnected: 574 raise Exception("STA that did not send group msg 2/2 was not disconnected") 575 576 for i in [0, 2]: 577 ev = dev[i].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=0.1) 578 if ev is not None: 579 raise Exception("Unexpected disconnection [%d]" % i) 580 hwsim_utils.test_connectivity(dev[i], hapd) 581 582 dev[1].set("disable_eapol_g2_tx", "0") 583 dev[1].wait_connected() 584 ev = dev[1].wait_event(["RSN: Group rekeying completed"], timeout=10) 585 if ev is None: 586 raise Exception("GTK rekey timed out [1b]") 587 hwsim_utils.test_connectivity(dev[1], hapd) 588 589@remote_compatible 590def test_ap_wpa_gtk_rekey(dev, apdev): 591 """WPA-PSK/TKIP AP and GTK rekey enforced by AP""" 592 skip_with_fips(dev[0]) 593 skip_without_tkip(dev[0]) 594 ssid = "test-wpa-psk" 595 passphrase = 'qwertyuiop' 596 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase) 597 params['wpa_group_rekey'] = '1' 598 hapd = hostapd.add_ap(apdev[0], params) 599 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 600 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2) 601 if ev is None: 602 raise Exception("GTK rekey timed out") 603 hwsim_utils.test_connectivity(dev[0], hapd) 604 605@remote_compatible 606def test_ap_wpa2_gmk_rekey(dev, apdev): 607 """WPA2-PSK AP and GMK and GTK rekey enforced by AP""" 608 ssid = "test-wpa2-psk" 609 passphrase = 'qwertyuiop' 610 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 611 params['wpa_group_rekey'] = '1' 612 params['wpa_gmk_rekey'] = '2' 613 hapd = hostapd.add_ap(apdev[0], params) 614 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 615 for i in range(0, 3): 616 ev = dev[0].wait_event(["RSN: Group rekeying completed"], timeout=2) 617 if ev is None: 618 raise Exception("GTK rekey timed out") 619 hwsim_utils.test_connectivity(dev[0], hapd) 620 621@remote_compatible 622def test_ap_wpa2_strict_rekey(dev, apdev): 623 """WPA2-PSK AP and strict GTK rekey enforced by AP""" 624 ssid = "test-wpa2-psk" 625 passphrase = 'qwertyuiop' 626 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 627 params['wpa_strict_rekey'] = '1' 628 hapd = hostapd.add_ap(apdev[0], params) 629 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 630 dev[1].connect(ssid, psk=passphrase, scan_freq="2412") 631 dev[1].request("DISCONNECT") 632 ev = dev[0].wait_event(["RSN: Group rekeying completed"], timeout=2) 633 if ev is None: 634 raise Exception("GTK rekey timed out") 635 hwsim_utils.test_connectivity(dev[0], hapd) 636 637@remote_compatible 638def test_ap_wpa2_bridge_fdb(dev, apdev): 639 """Bridge FDB entry removal""" 640 hapd = None 641 try: 642 ssid = "test-wpa2-psk" 643 passphrase = "12345678" 644 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 645 params['bridge'] = 'ap-br0' 646 hapd = hostapd.add_ap(apdev[0], params) 647 hapd.cmd_execute(['brctl', 'setfd', 'ap-br0', '0']) 648 hapd.cmd_execute(['ip', 'link', 'set', 'dev', 'ap-br0', 'up']) 649 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", 650 bssid=apdev[0]['bssid']) 651 dev[1].connect(ssid, psk=passphrase, scan_freq="2412", 652 bssid=apdev[0]['bssid']) 653 hapd.wait_sta(wait_4way_hs=True) 654 hapd.wait_sta(wait_4way_hs=True) 655 addr0 = dev[0].p2p_interface_addr() 656 hwsim_utils.test_connectivity_sta(dev[0], dev[1]) 657 err, macs1 = hapd.cmd_execute(['brctl', 'showmacs', 'ap-br0']) 658 hapd.cmd_execute(['brctl', 'setageing', 'ap-br0', '1']) 659 dev[0].request("DISCONNECT") 660 dev[1].request("DISCONNECT") 661 time.sleep(1) 662 err, macs2 = hapd.cmd_execute(['brctl', 'showmacs', 'ap-br0']) 663 664 addr1 = dev[1].p2p_interface_addr() 665 if addr0 not in macs1 or addr1 not in macs1: 666 raise Exception("Bridge FDB entry missing") 667 if addr0 in macs2 or addr1 in macs2: 668 raise Exception("Bridge FDB entry was not removed") 669 finally: 670 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', 'ap-br0', 671 'down']) 672 hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', 'ap-br0']) 673 674@remote_compatible 675def test_ap_wpa2_already_in_bridge(dev, apdev): 676 """hostapd behavior with interface already in bridge""" 677 ifname = apdev[0]['ifname'] 678 br_ifname = 'ext-ap-br0' 679 try: 680 ssid = "test-wpa2-psk" 681 passphrase = "12345678" 682 hostapd.cmd_execute(apdev[0], ['brctl', 'addbr', br_ifname]) 683 hostapd.cmd_execute(apdev[0], ['brctl', 'setfd', br_ifname, '0']) 684 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname, 685 'up']) 686 hostapd.cmd_execute(apdev[0], ['iw', ifname, 'set', 'type', '__ap']) 687 hostapd.cmd_execute(apdev[0], ['brctl', 'addif', br_ifname, ifname]) 688 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 689 hapd = hostapd.add_ap(apdev[0], params) 690 if hapd.get_driver_status_field('brname') != br_ifname: 691 raise Exception("Bridge name not identified correctly") 692 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 693 finally: 694 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname, 695 'down']) 696 hostapd.cmd_execute(apdev[0], ['brctl', 'delif', br_ifname, ifname]) 697 hostapd.cmd_execute(apdev[0], ['iw', ifname, 'set', 'type', 'station']) 698 hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', br_ifname]) 699 700@remote_compatible 701def test_ap_wpa2_in_different_bridge(dev, apdev): 702 """hostapd behavior with interface in different bridge""" 703 ifname = apdev[0]['ifname'] 704 br_ifname = 'ext-ap-br0' 705 try: 706 ssid = "test-wpa2-psk" 707 passphrase = "12345678" 708 hostapd.cmd_execute(apdev[0], ['brctl', 'addbr', br_ifname]) 709 hostapd.cmd_execute(apdev[0], ['brctl', 'setfd', br_ifname, '0']) 710 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname, 711 'up']) 712 hostapd.cmd_execute(apdev[0], ['iw', ifname, 'set', 'type', '__ap']) 713 hostapd.cmd_execute(apdev[0], ['brctl', 'addif', br_ifname, ifname]) 714 time.sleep(0.5) 715 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 716 params['bridge'] = 'ap-br0' 717 hapd = hostapd.add_ap(apdev[0], params) 718 hostapd.cmd_execute(apdev[0], ['brctl', 'setfd', 'ap-br0', '0']) 719 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', 'ap-br0', 720 'up']) 721 brname = hapd.get_driver_status_field('brname') 722 if brname != 'ap-br0': 723 raise Exception("Incorrect bridge: " + brname) 724 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 725 hapd.wait_sta() 726 hwsim_utils.test_connectivity_iface(dev[0], hapd, "ap-br0") 727 if hapd.get_driver_status_field("added_bridge") != "1": 728 raise Exception("Unexpected added_bridge value") 729 if hapd.get_driver_status_field("added_if_into_bridge") != "1": 730 raise Exception("Unexpected added_if_into_bridge value") 731 dev[0].request("DISCONNECT") 732 hapd.disable() 733 finally: 734 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname, 735 'down']) 736 hostapd.cmd_execute(apdev[0], ['brctl', 'delif', br_ifname, ifname, 737 "2>", "/dev/null"], shell=True) 738 hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', br_ifname]) 739 740@remote_compatible 741def test_ap_wpa2_ext_add_to_bridge(dev, apdev): 742 """hostapd behavior with interface added to bridge externally""" 743 ifname = apdev[0]['ifname'] 744 br_ifname = 'ext-ap-br0' 745 try: 746 ssid = "test-wpa2-psk" 747 passphrase = "12345678" 748 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 749 hapd = hostapd.add_ap(apdev[0], params) 750 751 hostapd.cmd_execute(apdev[0], ['brctl', 'addbr', br_ifname]) 752 hostapd.cmd_execute(apdev[0], ['brctl', 'setfd', br_ifname, '0']) 753 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname, 754 'up']) 755 hostapd.cmd_execute(apdev[0], ['brctl', 'addif', br_ifname, ifname]) 756 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 757 if hapd.get_driver_status_field('brname') != br_ifname: 758 raise Exception("Bridge name not identified correctly") 759 finally: 760 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname, 761 'down']) 762 hostapd.cmd_execute(apdev[0], ['brctl', 'delif', br_ifname, ifname]) 763 hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', br_ifname]) 764 765def test_ap_wpa2_second_bss_bridge_exists(dev, apdev): 766 """hostapd behavior with second BSS bridge interface already existing""" 767 ifname = apdev[0]['ifname'] 768 ifname2 = apdev[0]['ifname'] + "b" 769 br_ifname = 'ext-ap-br0' 770 fname = '/tmp/hwsim-bss.conf' 771 try: 772 ssid1 = "test-wpa2-psk-1" 773 ssid2 = "test-wpa2-psk-2" 774 passphrase = "12345678" 775 hostapd.cmd_execute(apdev[0], ['brctl', 'addbr', br_ifname]) 776 hostapd.cmd_execute(apdev[0], ['brctl', 'setfd', br_ifname, '0']) 777 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname, 778 'up']) 779 params = hostapd.wpa2_params(ssid=ssid1, passphrase=passphrase) 780 params['driver_params'] = "control_port=0" 781 hapd = hostapd.add_ap(apdev[0], params) 782 783 with open(fname, 'w') as f: 784 f.write("driver=nl80211\n") 785 f.write("hw_mode=g\n") 786 f.write("channel=1\n") 787 f.write("ieee80211n=1\n") 788 f.write("interface=%s\n" % ifname2) 789 f.write("bridge=%s\n" % br_ifname) 790 f.write("bssid=02:00:00:00:03:01\n") 791 f.write("ctrl_interface=/var/run/hostapd\n") 792 f.write("ssid=%s\n" % ssid2) 793 f.write("wpa=2\n") 794 f.write("wpa_passphrase=%s\n" % passphrase) 795 f.write("wpa_key_mgmt=WPA-PSK\n") 796 f.write("rsn_pairwise=CCMP\n") 797 hostapd.add_bss(apdev[0], ifname2, fname) 798 799 dev[0].connect(ssid1, psk=passphrase, scan_freq="2412") 800 dev[1].connect(ssid2, psk=passphrase, scan_freq="2412") 801 finally: 802 try: 803 os.remove(fname) 804 except: 805 pass 806 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname, 807 'down']) 808 hostapd.cmd_execute(apdev[0], ['brctl', 'delif', br_ifname, ifname2]) 809 hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', br_ifname]) 810 811def setup_psk_ext(dev, apdev, wpa_ptk_rekey=None): 812 ssid = "test-wpa2-psk" 813 passphrase = 'qwertyuiop' 814 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6' 815 params = hostapd.wpa2_params(ssid=ssid) 816 params['wpa_psk'] = psk 817 if wpa_ptk_rekey: 818 params['wpa_ptk_rekey'] = wpa_ptk_rekey 819 hapd = hostapd.add_ap(apdev, params) 820 hapd.request("SET ext_eapol_frame_io 1") 821 dev.request("SET ext_eapol_frame_io 1") 822 dev.connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False) 823 return hapd 824 825def ext_4way_hs(hapd, dev): 826 bssid = hapd.own_addr() 827 addr = dev.own_addr() 828 first = None 829 last = None 830 while True: 831 ev = hapd.wait_event(["EAPOL-TX", "AP-STA-CONNECTED"], timeout=15) 832 if ev is None: 833 raise Exception("Timeout on EAPOL-TX from hostapd") 834 if "AP-STA-CONNECTED" in ev: 835 dev.wait_connected(timeout=15) 836 break 837 if not first: 838 first = ev.split(' ')[2] 839 last = ev.split(' ')[2] 840 res = dev.request("EAPOL_RX " + bssid + " " + ev.split(' ')[2]) 841 if "OK" not in res: 842 raise Exception("EAPOL_RX to wpa_supplicant failed") 843 ev = dev.wait_event(["EAPOL-TX", "CTRL-EVENT-CONNECTED"], timeout=15) 844 if ev is None: 845 raise Exception("Timeout on EAPOL-TX from wpa_supplicant") 846 if "CTRL-EVENT-CONNECTED" in ev: 847 break 848 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2]) 849 if "OK" not in res: 850 raise Exception("EAPOL_RX to hostapd failed") 851 return first, last 852 853def test_ap_wpa2_psk_ext(dev, apdev): 854 """WPA2-PSK AP using external EAPOL I/O""" 855 hapd = setup_psk_ext(dev[0], apdev[0]) 856 ext_4way_hs(hapd, dev[0]) 857 858def test_ap_wpa2_psk_unexpected(dev, apdev): 859 """WPA2-PSK and supplicant receiving unexpected EAPOL-Key frames""" 860 hapd = setup_psk_ext(dev[0], apdev[0]) 861 first, last = ext_4way_hs(hapd, dev[0]) 862 863 # Not associated - Delay processing of received EAPOL frame (state=COMPLETED 864 # bssid=02:00:00:00:03:00) 865 other = "02:11:22:33:44:55" 866 res = dev[0].request("EAPOL_RX " + other + " " + first) 867 if "OK" not in res: 868 raise Exception("EAPOL_RX to wpa_supplicant failed") 869 870 # WPA: EAPOL-Key Replay Counter did not increase - dropping packet 871 bssid = hapd.own_addr() 872 res = dev[0].request("EAPOL_RX " + bssid + " " + last) 873 if "OK" not in res: 874 raise Exception("EAPOL_RX to wpa_supplicant failed") 875 876 # WPA: Invalid EAPOL-Key MIC - dropping packet 877 msg = last[0:18] + '01' + last[20:] 878 res = dev[0].request("EAPOL_RX " + bssid + " " + msg) 879 if "OK" not in res: 880 raise Exception("EAPOL_RX to wpa_supplicant failed") 881 882 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=12) 883 if ev is not None: 884 raise Exception("Unexpected disconnection") 885 886def test_ap_wpa2_psk_ext_retry_msg_3(dev, apdev): 887 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4""" 888 hapd = setup_psk_ext(dev[0], apdev[0]) 889 bssid = apdev[0]['bssid'] 890 addr = dev[0].p2p_interface_addr() 891 892 # EAPOL-Key msg 1/4 893 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 894 if ev is None: 895 raise Exception("Timeout on EAPOL-TX from hostapd") 896 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2]) 897 if "OK" not in res: 898 raise Exception("EAPOL_RX to wpa_supplicant failed") 899 900 # EAPOL-Key msg 2/4 901 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) 902 if ev is None: 903 raise Exception("Timeout on EAPOL-TX from wpa_supplicant") 904 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2]) 905 if "OK" not in res: 906 raise Exception("EAPOL_RX to hostapd failed") 907 908 # EAPOL-Key msg 3/4 909 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 910 if ev is None: 911 raise Exception("Timeout on EAPOL-TX from hostapd") 912 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2]) 913 if "OK" not in res: 914 raise Exception("EAPOL_RX to wpa_supplicant failed") 915 916 # EAPOL-Key msg 4/4 917 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) 918 if ev is None: 919 raise Exception("Timeout on EAPOL-TX from wpa_supplicant") 920 # Do not send to the AP 921 dev[0].wait_connected(timeout=15) 922 923 # EAPOL-Key msg 3/4 (retry) 924 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 925 if ev is None: 926 raise Exception("Timeout on EAPOL-TX from hostapd") 927 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2]) 928 if "OK" not in res: 929 raise Exception("EAPOL_RX to wpa_supplicant failed") 930 931 # EAPOL-Key msg 4/4 932 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) 933 if ev is None: 934 raise Exception("Timeout on EAPOL-TX from wpa_supplicant") 935 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2]) 936 if "OK" not in res: 937 raise Exception("EAPOL_RX to hostapd failed") 938 939 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15) 940 if ev is None: 941 raise Exception("Timeout on AP-STA-CONNECTED from hostapd") 942 943 hwsim_utils.test_connectivity(dev[0], hapd) 944 945def test_ap_wpa2_psk_ext_retry_msg_3b(dev, apdev): 946 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (b)""" 947 hapd = setup_psk_ext(dev[0], apdev[0]) 948 bssid = apdev[0]['bssid'] 949 addr = dev[0].p2p_interface_addr() 950 951 # EAPOL-Key msg 1/4 952 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 953 if ev is None: 954 raise Exception("Timeout on EAPOL-TX from hostapd") 955 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2]) 956 if "OK" not in res: 957 raise Exception("EAPOL_RX to wpa_supplicant failed") 958 959 # EAPOL-Key msg 2/4 960 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) 961 if ev is None: 962 raise Exception("Timeout on EAPOL-TX from wpa_supplicant") 963 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2]) 964 if "OK" not in res: 965 raise Exception("EAPOL_RX to hostapd failed") 966 967 # EAPOL-Key msg 3/4 968 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 969 if ev is None: 970 raise Exception("Timeout on EAPOL-TX from hostapd") 971 # Do not send the first msg 3/4 to the STA yet; wait for retransmission 972 # from AP. 973 msg3_1 = ev 974 975 # EAPOL-Key msg 3/4 (retry) 976 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 977 if ev is None: 978 raise Exception("Timeout on EAPOL-TX from hostapd") 979 msg3_2 = ev 980 981 # Send the first msg 3/4 to STA 982 res = dev[0].request("EAPOL_RX " + bssid + " " + msg3_1.split(' ')[2]) 983 if "OK" not in res: 984 raise Exception("EAPOL_RX to wpa_supplicant failed") 985 986 # EAPOL-Key msg 4/4 987 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) 988 if ev is None: 989 raise Exception("Timeout on EAPOL-TX from wpa_supplicant") 990 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2]) 991 if "OK" not in res: 992 raise Exception("EAPOL_RX to hostapd failed") 993 dev[0].wait_connected(timeout=15) 994 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15) 995 if ev is None: 996 raise Exception("Timeout on AP-STA-CONNECTED from hostapd") 997 998 hwsim_utils.test_connectivity(dev[0], hapd) 999 1000 # Send the second msg 3/4 to STA 1001 res = dev[0].request("EAPOL_RX " + bssid + " " + msg3_2.split(' ')[2]) 1002 if "OK" not in res: 1003 raise Exception("EAPOL_RX to wpa_supplicant failed") 1004 # EAPOL-Key msg 4/4 1005 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) 1006 if ev is None: 1007 raise Exception("Timeout on EAPOL-TX from wpa_supplicant") 1008 # Do not send the second msg 4/4 to the AP 1009 1010 hwsim_utils.test_connectivity(dev[0], hapd) 1011 1012def test_ap_wpa2_psk_ext_retry_msg_3c(dev, apdev): 1013 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (c)""" 1014 hapd = setup_psk_ext(dev[0], apdev[0]) 1015 bssid = apdev[0]['bssid'] 1016 addr = dev[0].p2p_interface_addr() 1017 1018 # EAPOL-Key msg 1/4 1019 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 1020 if ev is None: 1021 raise Exception("Timeout on EAPOL-TX from hostapd") 1022 msg1 = ev.split(' ')[2] 1023 res = dev[0].request("EAPOL_RX " + bssid + " " + msg1) 1024 if "OK" not in res: 1025 raise Exception("EAPOL_RX to wpa_supplicant failed") 1026 1027 # EAPOL-Key msg 2/4 1028 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) 1029 if ev is None: 1030 raise Exception("Timeout on EAPOL-TX from wpa_supplicant") 1031 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2]) 1032 if "OK" not in res: 1033 raise Exception("EAPOL_RX to hostapd failed") 1034 1035 # EAPOL-Key msg 3/4 1036 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 1037 if ev is None: 1038 raise Exception("Timeout on EAPOL-TX from hostapd") 1039 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2]) 1040 if "OK" not in res: 1041 raise Exception("EAPOL_RX to wpa_supplicant failed") 1042 1043 # EAPOL-Key msg 4/4 1044 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) 1045 if ev is None: 1046 raise Exception("Timeout on EAPOL-TX from wpa_supplicant") 1047 msg4 = ev.split(' ')[2] 1048 # Do not send msg 4/4 to hostapd to trigger retry 1049 1050 # STA believes everything is ready 1051 dev[0].wait_connected() 1052 1053 # EAPOL-Key msg 3/4 (retry) 1054 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 1055 if ev is None: 1056 raise Exception("Timeout on EAPOL-TX from hostapd") 1057 msg3 = ev.split(' ')[2] 1058 1059 # Send a forged msg 1/4 to STA (update replay counter) 1060 msg1b = msg1[0:18] + msg3[18:34] + msg1[34:] 1061 # and replace nonce (this results in "WPA: ANonce from message 1 of 1062 # 4-Way Handshake differs from 3 of 4-Way Handshake - drop packet" when 1063 # wpa_supplicant processed msg 3/4 afterwards) 1064 #msg1b = msg1[0:18] + msg3[18:34] + 32*"ff" + msg1[98:] 1065 res = dev[0].request("EAPOL_RX " + bssid + " " + msg1b) 1066 if "OK" not in res: 1067 raise Exception("EAPOL_RX to wpa_supplicant failed") 1068 # EAPOL-Key msg 2/4 1069 ev = dev[0].wait_event(["EAPOL-TX"], timeout=1) 1070 if ev is None: 1071 # wpa_supplicant seems to have ignored the forged message. This means 1072 # the attack would fail. 1073 logger.info("wpa_supplicant ignored forged EAPOL-Key msg 1/4") 1074 return 1075 # Do not send msg 2/4 to hostapd 1076 1077 # Send previously received msg 3/4 to STA 1078 res = dev[0].request("EAPOL_RX " + bssid + " " + msg3) 1079 if "OK" not in res: 1080 raise Exception("EAPOL_RX to wpa_supplicant failed") 1081 1082 # EAPOL-Key msg 4/4 1083 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) 1084 if ev is None: 1085 raise Exception("Timeout on EAPOL-TX from wpa_supplicant") 1086 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2]) 1087 if "OK" not in res: 1088 raise Exception("EAPOL_RX to hostapd failed") 1089 1090 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15) 1091 if ev is None: 1092 raise Exception("Timeout on AP-STA-CONNECTED from hostapd") 1093 1094 hwsim_utils.test_connectivity(dev[0], hapd) 1095 1096def test_ap_wpa2_psk_ext_retry_msg_3d(dev, apdev): 1097 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (d)""" 1098 hapd = setup_psk_ext(dev[0], apdev[0]) 1099 bssid = apdev[0]['bssid'] 1100 addr = dev[0].p2p_interface_addr() 1101 1102 # EAPOL-Key msg 1/4 1103 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 1104 if ev is None: 1105 raise Exception("Timeout on EAPOL-TX from hostapd") 1106 msg1 = ev.split(' ')[2] 1107 res = dev[0].request("EAPOL_RX " + bssid + " " + msg1) 1108 if "OK" not in res: 1109 raise Exception("EAPOL_RX to wpa_supplicant failed") 1110 1111 # EAPOL-Key msg 2/4 1112 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) 1113 if ev is None: 1114 raise Exception("Timeout on EAPOL-TX from wpa_supplicant") 1115 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2]) 1116 if "OK" not in res: 1117 raise Exception("EAPOL_RX to hostapd failed") 1118 1119 # EAPOL-Key msg 3/4 1120 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 1121 if ev is None: 1122 raise Exception("Timeout on EAPOL-TX from hostapd") 1123 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2]) 1124 if "OK" not in res: 1125 raise Exception("EAPOL_RX to wpa_supplicant failed") 1126 1127 # EAPOL-Key msg 4/4 1128 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) 1129 if ev is None: 1130 raise Exception("Timeout on EAPOL-TX from wpa_supplicant") 1131 msg4 = ev.split(' ')[2] 1132 # Do not send msg 4/4 to hostapd to trigger retry 1133 1134 # STA believes everything is ready 1135 dev[0].wait_connected() 1136 1137 # EAPOL-Key msg 3/4 (retry) 1138 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 1139 if ev is None: 1140 raise Exception("Timeout on EAPOL-TX from hostapd") 1141 msg3 = ev.split(' ')[2] 1142 1143 # Send a forged msg 1/4 to STA (update replay counter) 1144 msg1b = msg1[0:18] + msg3[18:34] + msg1[34:] 1145 res = dev[0].request("EAPOL_RX " + bssid + " " + msg1b) 1146 if "OK" not in res: 1147 raise Exception("EAPOL_RX to wpa_supplicant failed") 1148 # EAPOL-Key msg 2/4 1149 ev = dev[0].wait_event(["EAPOL-TX"], timeout=1) 1150 if ev is None: 1151 # wpa_supplicant seems to have ignored the forged message. This means 1152 # the attack would fail. 1153 logger.info("wpa_supplicant ignored forged EAPOL-Key msg 1/4") 1154 return 1155 # Do not send msg 2/4 to hostapd 1156 1157 # EAPOL-Key msg 3/4 (retry 2) 1158 # New one needed to get the correct Replay Counter value 1159 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 1160 if ev is None: 1161 raise Exception("Timeout on EAPOL-TX from hostapd") 1162 msg3 = ev.split(' ')[2] 1163 1164 # Send msg 3/4 to STA 1165 res = dev[0].request("EAPOL_RX " + bssid + " " + msg3) 1166 if "OK" not in res: 1167 raise Exception("EAPOL_RX to wpa_supplicant failed") 1168 1169 # EAPOL-Key msg 4/4 1170 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) 1171 if ev is None: 1172 raise Exception("Timeout on EAPOL-TX from wpa_supplicant") 1173 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2]) 1174 if "OK" not in res: 1175 raise Exception("EAPOL_RX to hostapd failed") 1176 1177 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15) 1178 if ev is None: 1179 raise Exception("Timeout on AP-STA-CONNECTED from hostapd") 1180 1181 hwsim_utils.test_connectivity(dev[0], hapd) 1182 1183def test_ap_wpa2_psk_ext_retry_msg_3e(dev, apdev): 1184 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (e)""" 1185 hapd = setup_psk_ext(dev[0], apdev[0]) 1186 bssid = apdev[0]['bssid'] 1187 addr = dev[0].p2p_interface_addr() 1188 1189 # EAPOL-Key msg 1/4 1190 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 1191 if ev is None: 1192 raise Exception("Timeout on EAPOL-TX from hostapd") 1193 msg1 = ev.split(' ')[2] 1194 res = dev[0].request("EAPOL_RX " + bssid + " " + msg1) 1195 if "OK" not in res: 1196 raise Exception("EAPOL_RX to wpa_supplicant failed") 1197 1198 # EAPOL-Key msg 2/4 1199 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) 1200 if ev is None: 1201 raise Exception("Timeout on EAPOL-TX from wpa_supplicant") 1202 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2]) 1203 if "OK" not in res: 1204 raise Exception("EAPOL_RX to hostapd failed") 1205 1206 # EAPOL-Key msg 3/4 1207 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 1208 if ev is None: 1209 raise Exception("Timeout on EAPOL-TX from hostapd") 1210 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2]) 1211 if "OK" not in res: 1212 raise Exception("EAPOL_RX to wpa_supplicant failed") 1213 1214 # EAPOL-Key msg 4/4 1215 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) 1216 if ev is None: 1217 raise Exception("Timeout on EAPOL-TX from wpa_supplicant") 1218 msg4 = ev.split(' ')[2] 1219 # Do not send msg 4/4 to hostapd to trigger retry 1220 1221 # STA believes everything is ready 1222 dev[0].wait_connected() 1223 1224 # EAPOL-Key msg 3/4 (retry) 1225 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 1226 if ev is None: 1227 raise Exception("Timeout on EAPOL-TX from hostapd") 1228 msg3 = ev.split(' ')[2] 1229 1230 # Send a forged msg 1/4 to STA (update replay counter and replace ANonce) 1231 msg1b = msg1[0:18] + msg3[18:34] + 32*"ff" + msg1[98:] 1232 res = dev[0].request("EAPOL_RX " + bssid + " " + msg1b) 1233 if "OK" not in res: 1234 raise Exception("EAPOL_RX to wpa_supplicant failed") 1235 # EAPOL-Key msg 2/4 1236 ev = dev[0].wait_event(["EAPOL-TX"], timeout=1) 1237 if ev is None: 1238 raise Exception("Timeout on EAPOL-TX from wpa_supplicant") 1239 # Do not send msg 2/4 to hostapd 1240 1241 # Send a forged msg 1/4 to STA (back to previously used ANonce) 1242 msg1b = msg1[0:18] + msg3[18:34] + msg1[34:] 1243 res = dev[0].request("EAPOL_RX " + bssid + " " + msg1b) 1244 if "OK" not in res: 1245 raise Exception("EAPOL_RX to wpa_supplicant failed") 1246 # EAPOL-Key msg 2/4 1247 ev = dev[0].wait_event(["EAPOL-TX"], timeout=1) 1248 if ev is None: 1249 # wpa_supplicant seems to have ignored the forged message. This means 1250 # the attack would fail. 1251 logger.info("wpa_supplicant ignored forged EAPOL-Key msg 1/4") 1252 return 1253 # Do not send msg 2/4 to hostapd 1254 1255 # EAPOL-Key msg 3/4 (retry 2) 1256 # New one needed to get the correct Replay Counter value 1257 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 1258 if ev is None: 1259 raise Exception("Timeout on EAPOL-TX from hostapd") 1260 msg3 = ev.split(' ')[2] 1261 1262 # Send msg 3/4 to STA 1263 res = dev[0].request("EAPOL_RX " + bssid + " " + msg3) 1264 if "OK" not in res: 1265 raise Exception("EAPOL_RX to wpa_supplicant failed") 1266 1267 # EAPOL-Key msg 4/4 1268 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) 1269 if ev is None: 1270 raise Exception("Timeout on EAPOL-TX from wpa_supplicant") 1271 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2]) 1272 if "OK" not in res: 1273 raise Exception("EAPOL_RX to hostapd failed") 1274 1275 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15) 1276 if ev is None: 1277 raise Exception("Timeout on AP-STA-CONNECTED from hostapd") 1278 1279 hwsim_utils.test_connectivity(dev[0], hapd) 1280 1281def test_ap_wpa2_psk_ext_delayed_ptk_rekey(dev, apdev): 1282 """WPA2-PSK AP using external EAPOL I/O and delayed PTK rekey exchange""" 1283 hapd = setup_psk_ext(dev[0], apdev[0], wpa_ptk_rekey="3") 1284 bssid = apdev[0]['bssid'] 1285 addr = dev[0].p2p_interface_addr() 1286 1287 # EAPOL-Key msg 1/4 1288 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 1289 if ev is None: 1290 raise Exception("Timeout on EAPOL-TX from hostapd") 1291 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2]) 1292 if "OK" not in res: 1293 raise Exception("EAPOL_RX to wpa_supplicant failed") 1294 1295 # EAPOL-Key msg 2/4 1296 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) 1297 if ev is None: 1298 raise Exception("Timeout on EAPOL-TX from wpa_supplicant") 1299 msg2 = ev.split(' ')[2] 1300 # Do not send this to the AP 1301 1302 # EAPOL-Key msg 1/4 (retry) 1303 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 1304 if ev is None: 1305 raise Exception("Timeout on EAPOL-TX from hostapd") 1306 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2]) 1307 if "OK" not in res: 1308 raise Exception("EAPOL_RX to wpa_supplicant failed") 1309 1310 # EAPOL-Key msg 2/4 1311 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) 1312 if ev is None: 1313 raise Exception("Timeout on EAPOL-TX from wpa_supplicant") 1314 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2]) 1315 if "OK" not in res: 1316 raise Exception("EAPOL_RX to hostapd failed") 1317 1318 # EAPOL-Key msg 3/4 1319 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 1320 if ev is None: 1321 raise Exception("Timeout on EAPOL-TX from hostapd") 1322 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2]) 1323 if "OK" not in res: 1324 raise Exception("EAPOL_RX to wpa_supplicant failed") 1325 1326 # EAPOL-Key msg 4/4 1327 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) 1328 if ev is None: 1329 raise Exception("Timeout on EAPOL-TX from wpa_supplicant") 1330 msg4 = ev.split(' ')[2] 1331 # Do not send msg 4/4 to AP 1332 1333 # EAPOL-Key msg 3/4 (retry) 1334 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 1335 if ev is None: 1336 raise Exception("Timeout on EAPOL-TX from hostapd") 1337 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2]) 1338 if "OK" not in res: 1339 raise Exception("EAPOL_RX to wpa_supplicant failed") 1340 1341 # EAPOL-Key msg 4/4 1342 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) 1343 if ev is None: 1344 raise Exception("Timeout on EAPOL-TX from wpa_supplicant") 1345 msg4b = ev.split(' ')[2] 1346 # Do not send msg 4/4 to AP 1347 1348 # Send the previous EAPOL-Key msg 4/4 to AP 1349 res = hapd.request("EAPOL_RX " + addr + " " + msg4) 1350 if "OK" not in res: 1351 raise Exception("EAPOL_RX to hostapd failed") 1352 1353 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15) 1354 if ev is None: 1355 raise Exception("Timeout on AP-STA-CONNECTED from hostapd") 1356 1357 # Wait for PTK rekeying to be initialized 1358 # EAPOL-Key msg 1/4 1359 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 1360 if ev is None: 1361 raise Exception("Timeout on EAPOL-TX from hostapd") 1362 1363 # EAPOL-Key msg 2/4 from the previous 4-way handshake 1364 # hostapd is expected to ignore this due to unexpected Replay Counter 1365 res = hapd.request("EAPOL_RX " + addr + " " + msg2) 1366 if "OK" not in res: 1367 raise Exception("EAPOL_RX to hostapd failed") 1368 1369 # EAPOL-Key msg 3/4 (actually, this ends up being retransmitted 1/4) 1370 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 1371 if ev is None: 1372 raise Exception("Timeout on EAPOL-TX from hostapd") 1373 keyinfo = ev.split(' ')[2][10:14] 1374 if keyinfo != "028a": 1375 raise Exception("Unexpected key info when expected msg 1/4:" + keyinfo) 1376 1377 # EAPOL-Key msg 4/4 from the previous 4-way handshake 1378 # hostapd is expected to ignore this due to unexpected Replay Counter 1379 res = hapd.request("EAPOL_RX " + addr + " " + msg4b) 1380 if "OK" not in res: 1381 raise Exception("EAPOL_RX to hostapd failed") 1382 1383 # Check if any more EAPOL-Key frames are seen. If the second 4-way handshake 1384 # was accepted, there would be no more EAPOL-Key frames. If the Replay 1385 # Counters were rejected, there would be a retransmitted msg 1/4 here. 1386 ev = hapd.wait_event(["EAPOL-TX"], timeout=1.1) 1387 if ev is None: 1388 raise Exception("Did not see EAPOL-TX from hostapd in the end (expected msg 1/4)") 1389 keyinfo = ev.split(' ')[2][10:14] 1390 if keyinfo != "028a": 1391 raise Exception("Unexpected key info when expected msg 1/4:" + keyinfo) 1392 1393def parse_eapol(data): 1394 (version, type, length) = struct.unpack('>BBH', data[0:4]) 1395 payload = data[4:] 1396 if length > len(payload): 1397 raise Exception("Invalid EAPOL length") 1398 if length < len(payload): 1399 payload = payload[0:length] 1400 eapol = {} 1401 eapol['version'] = version 1402 eapol['type'] = type 1403 eapol['length'] = length 1404 eapol['payload'] = payload 1405 if type == 3: 1406 # EAPOL-Key 1407 (eapol['descr_type'],) = struct.unpack('B', payload[0:1]) 1408 payload = payload[1:] 1409 if eapol['descr_type'] == 2 or eapol['descr_type'] == 254: 1410 # RSN EAPOL-Key 1411 (key_info, key_len) = struct.unpack('>HH', payload[0:4]) 1412 eapol['rsn_key_info'] = key_info 1413 eapol['rsn_key_len'] = key_len 1414 eapol['rsn_replay_counter'] = payload[4:12] 1415 eapol['rsn_key_nonce'] = payload[12:44] 1416 eapol['rsn_key_iv'] = payload[44:60] 1417 eapol['rsn_key_rsc'] = payload[60:68] 1418 eapol['rsn_key_id'] = payload[68:76] 1419 eapol['rsn_key_mic'] = payload[76:92] 1420 payload = payload[92:] 1421 (eapol['rsn_key_data_len'],) = struct.unpack('>H', payload[0:2]) 1422 payload = payload[2:] 1423 eapol['rsn_key_data'] = payload 1424 return eapol 1425 1426def build_eapol(msg): 1427 data = struct.pack(">BBH", msg['version'], msg['type'], msg['length']) 1428 if msg['type'] == 3: 1429 data += struct.pack('>BHH', msg['descr_type'], msg['rsn_key_info'], 1430 msg['rsn_key_len']) 1431 data += msg['rsn_replay_counter'] 1432 data += msg['rsn_key_nonce'] 1433 data += msg['rsn_key_iv'] 1434 data += msg['rsn_key_rsc'] 1435 data += msg['rsn_key_id'] 1436 data += msg['rsn_key_mic'] 1437 data += struct.pack('>H', msg['rsn_key_data_len']) 1438 data += msg['rsn_key_data'] 1439 else: 1440 data += msg['payload'] 1441 return data 1442 1443def sha1_prf(key, label, data, outlen): 1444 res = b'' 1445 counter = 0 1446 while outlen > 0: 1447 m = hmac.new(key, label.encode(), hashlib.sha1) 1448 m.update(struct.pack('B', 0)) 1449 m.update(data) 1450 m.update(struct.pack('B', counter)) 1451 counter += 1 1452 hash = m.digest() 1453 if outlen > len(hash): 1454 res += hash 1455 outlen -= len(hash) 1456 else: 1457 res += hash[0:outlen] 1458 outlen = 0 1459 return res 1460 1461def pmk_to_ptk(pmk, addr1, addr2, nonce1, nonce2): 1462 if addr1 < addr2: 1463 data = binascii.unhexlify(addr1.replace(':', '')) + binascii.unhexlify(addr2.replace(':', '')) 1464 else: 1465 data = binascii.unhexlify(addr2.replace(':', '')) + binascii.unhexlify(addr1.replace(':', '')) 1466 if nonce1 < nonce2: 1467 data += nonce1 + nonce2 1468 else: 1469 data += nonce2 + nonce1 1470 label = "Pairwise key expansion" 1471 ptk = sha1_prf(pmk, label, data, 48) 1472 kck = ptk[0:16] 1473 kek = ptk[16:32] 1474 return (ptk, kck, kek) 1475 1476def eapol_key_mic(kck, msg): 1477 msg['rsn_key_mic'] = binascii.unhexlify('00000000000000000000000000000000') 1478 data = build_eapol(msg) 1479 m = hmac.new(kck, data, hashlib.sha1) 1480 msg['rsn_key_mic'] = m.digest()[0:16] 1481 1482def rsn_eapol_key_set(msg, key_info, key_len, nonce, data): 1483 msg['rsn_key_info'] = key_info 1484 msg['rsn_key_len'] = key_len 1485 if nonce: 1486 msg['rsn_key_nonce'] = nonce 1487 else: 1488 msg['rsn_key_nonce'] = binascii.unhexlify('0000000000000000000000000000000000000000000000000000000000000000') 1489 if data: 1490 msg['rsn_key_data_len'] = len(data) 1491 msg['rsn_key_data'] = data 1492 msg['length'] = 95 + len(data) 1493 else: 1494 msg['rsn_key_data_len'] = 0 1495 msg['rsn_key_data'] = b'' 1496 msg['length'] = 95 1497 1498def recv_eapol(hapd): 1499 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 1500 if ev is None: 1501 raise Exception("Timeout on EAPOL-TX from hostapd") 1502 eapol = binascii.unhexlify(ev.split(' ')[2]) 1503 return parse_eapol(eapol) 1504 1505def send_eapol(hapd, addr, data): 1506 res = hapd.request("EAPOL_RX " + addr + " " + binascii.hexlify(data).decode()) 1507 if "OK" not in res: 1508 raise Exception("EAPOL_RX to hostapd failed") 1509 1510def reply_eapol(info, hapd, addr, msg, key_info, nonce, data, kck): 1511 logger.info("Send EAPOL-Key msg " + info) 1512 rsn_eapol_key_set(msg, key_info, 0, nonce, data) 1513 eapol_key_mic(kck, msg) 1514 send_eapol(hapd, addr, build_eapol(msg)) 1515 1516def eapol_test(apdev, dev, wpa2=True, ieee80211w=0): 1517 bssid = apdev['bssid'] 1518 if wpa2: 1519 ssid = "test-wpa2-psk" 1520 else: 1521 ssid = "test-wpa-psk" 1522 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6' 1523 pmk = binascii.unhexlify(psk) 1524 if wpa2: 1525 params = hostapd.wpa2_params(ssid=ssid) 1526 else: 1527 params = hostapd.wpa_params(ssid=ssid) 1528 params['wpa_psk'] = psk 1529 params['ieee80211w'] = str(ieee80211w) 1530 hapd = hostapd.add_ap(apdev, params) 1531 hapd.request("SET ext_eapol_frame_io 1") 1532 dev.request("SET ext_eapol_frame_io 1") 1533 dev.connect(ssid, raw_psk=psk, scan_freq="2412", wait_connect=False, 1534 ieee80211w=str(ieee80211w)) 1535 addr = dev.p2p_interface_addr() 1536 if wpa2: 1537 if ieee80211w == 2: 1538 rsne = binascii.unhexlify('30140100000fac040100000fac040100000fac02cc00') 1539 else: 1540 rsne = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00') 1541 else: 1542 rsne = binascii.unhexlify('dd160050f20101000050f20201000050f20201000050f202') 1543 snonce = binascii.unhexlify('1111111111111111111111111111111111111111111111111111111111111111') 1544 return (bssid, ssid, hapd, snonce, pmk, addr, rsne) 1545 1546@remote_compatible 1547def test_ap_wpa2_psk_ext_eapol(dev, apdev): 1548 """WPA2-PSK AP using external EAPOL supplicant""" 1549 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) 1550 1551 msg = recv_eapol(hapd) 1552 anonce = msg['rsn_key_nonce'] 1553 logger.info("Replay same data back") 1554 send_eapol(hapd, addr, build_eapol(msg)) 1555 1556 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) 1557 1558 logger.info("Truncated Key Data in EAPOL-Key msg 2/4") 1559 rsn_eapol_key_set(msg, 0x0101, 0, snonce, rsne) 1560 msg['length'] = 95 + 22 - 1 1561 send_eapol(hapd, addr, build_eapol(msg)) 1562 1563 reply_eapol("2/4", hapd, addr, msg, 0x010a, snonce, rsne, kck) 1564 1565 msg = recv_eapol(hapd) 1566 if anonce != msg['rsn_key_nonce']: 1567 raise Exception("ANonce changed") 1568 logger.info("Replay same data back") 1569 send_eapol(hapd, addr, build_eapol(msg)) 1570 1571 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck) 1572 hapd.wait_sta(timeout=15) 1573 dev[0].request("DISCONNECT") 1574 1575@remote_compatible 1576def test_ap_wpa2_psk_ext_eapol_retry1(dev, apdev): 1577 """WPA2 4-way handshake with EAPOL-Key 1/4 retransmitted""" 1578 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) 1579 1580 msg1 = recv_eapol(hapd) 1581 anonce = msg1['rsn_key_nonce'] 1582 1583 msg2 = recv_eapol(hapd) 1584 if anonce != msg2['rsn_key_nonce']: 1585 raise Exception("ANonce changed") 1586 1587 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) 1588 1589 logger.info("Send EAPOL-Key msg 2/4") 1590 msg = msg2 1591 rsn_eapol_key_set(msg, 0x010a, 0, snonce, rsne) 1592 eapol_key_mic(kck, msg) 1593 send_eapol(hapd, addr, build_eapol(msg)) 1594 1595 msg = recv_eapol(hapd) 1596 if anonce != msg['rsn_key_nonce']: 1597 raise Exception("ANonce changed") 1598 1599 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck) 1600 hapd.wait_sta(timeout=15) 1601 dev[0].request("DISCONNECT") 1602 1603@remote_compatible 1604def test_ap_wpa2_psk_ext_eapol_retry1b(dev, apdev): 1605 """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted""" 1606 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) 1607 1608 msg1 = recv_eapol(hapd) 1609 anonce = msg1['rsn_key_nonce'] 1610 msg2 = recv_eapol(hapd) 1611 if anonce != msg2['rsn_key_nonce']: 1612 raise Exception("ANonce changed") 1613 1614 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) 1615 reply_eapol("2/4 (a)", hapd, addr, msg1, 0x010a, snonce, rsne, kck) 1616 reply_eapol("2/4 (b)", hapd, addr, msg2, 0x010a, snonce, rsne, kck) 1617 1618 msg = recv_eapol(hapd) 1619 if anonce != msg['rsn_key_nonce']: 1620 raise Exception("ANonce changed") 1621 1622 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck) 1623 hapd.wait_sta(timeout=15) 1624 dev[0].request("DISCONNECT") 1625 1626@remote_compatible 1627def test_ap_wpa2_psk_ext_eapol_retry1c(dev, apdev): 1628 """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted and SNonce changing""" 1629 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) 1630 1631 msg1 = recv_eapol(hapd) 1632 anonce = msg1['rsn_key_nonce'] 1633 1634 msg2 = recv_eapol(hapd) 1635 if anonce != msg2['rsn_key_nonce']: 1636 raise Exception("ANonce changed") 1637 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) 1638 reply_eapol("2/4 (a)", hapd, addr, msg1, 0x010a, snonce, rsne, kck) 1639 1640 snonce2 = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') 1641 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce2, anonce) 1642 reply_eapol("2/4 (b)", hapd, addr, msg2, 0x010a, snonce2, rsne, kck) 1643 1644 msg = recv_eapol(hapd) 1645 if anonce != msg['rsn_key_nonce']: 1646 raise Exception("ANonce changed") 1647 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck) 1648 hapd.wait_sta(timeout=15) 1649 dev[0].request("DISCONNECT") 1650 1651@remote_compatible 1652def test_ap_wpa2_psk_ext_eapol_retry1d(dev, apdev): 1653 """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted and SNonce changing and older used""" 1654 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) 1655 1656 msg1 = recv_eapol(hapd) 1657 anonce = msg1['rsn_key_nonce'] 1658 msg2 = recv_eapol(hapd) 1659 if anonce != msg2['rsn_key_nonce']: 1660 raise Exception("ANonce changed") 1661 1662 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) 1663 reply_eapol("2/4 (a)", hapd, addr, msg1, 0x010a, snonce, rsne, kck) 1664 1665 snonce2 = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') 1666 (ptk2, kck2, kek2) = pmk_to_ptk(pmk, addr, bssid, snonce2, anonce) 1667 1668 reply_eapol("2/4 (b)", hapd, addr, msg2, 0x010a, snonce2, rsne, kck2) 1669 msg = recv_eapol(hapd) 1670 if anonce != msg['rsn_key_nonce']: 1671 raise Exception("ANonce changed") 1672 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck) 1673 hapd.wait_sta(timeout=15) 1674 dev[0].request("DISCONNECT") 1675 1676@remote_compatible 1677def test_ap_wpa2_psk_ext_eapol_type_diff(dev, apdev): 1678 """WPA2 4-way handshake using external EAPOL supplicant""" 1679 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) 1680 1681 msg = recv_eapol(hapd) 1682 anonce = msg['rsn_key_nonce'] 1683 1684 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) 1685 1686 # Incorrect descriptor type (frame dropped) 1687 msg['descr_type'] = 253 1688 rsn_eapol_key_set(msg, 0x010a, 0, snonce, rsne) 1689 eapol_key_mic(kck, msg) 1690 send_eapol(hapd, addr, build_eapol(msg)) 1691 1692 # Incorrect descriptor type, but with a workaround (frame processed) 1693 msg['descr_type'] = 254 1694 rsn_eapol_key_set(msg, 0x010a, 0, snonce, rsne) 1695 eapol_key_mic(kck, msg) 1696 send_eapol(hapd, addr, build_eapol(msg)) 1697 1698 msg = recv_eapol(hapd) 1699 if anonce != msg['rsn_key_nonce']: 1700 raise Exception("ANonce changed") 1701 logger.info("Replay same data back") 1702 send_eapol(hapd, addr, build_eapol(msg)) 1703 1704 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck) 1705 hapd.wait_sta(timeout=15) 1706 dev[0].request("DISCONNECT") 1707 1708@remote_compatible 1709def test_ap_wpa_psk_ext_eapol(dev, apdev): 1710 """WPA2-PSK AP using external EAPOL supplicant""" 1711 skip_without_tkip(dev[0]) 1712 (bssid, ssid, hapd, snonce, pmk, addr, wpae) = eapol_test(apdev[0], dev[0], 1713 wpa2=False) 1714 1715 msg = recv_eapol(hapd) 1716 anonce = msg['rsn_key_nonce'] 1717 logger.info("Replay same data back") 1718 send_eapol(hapd, addr, build_eapol(msg)) 1719 logger.info("Too short data") 1720 send_eapol(hapd, addr, build_eapol(msg)[0:98]) 1721 1722 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) 1723 msg['descr_type'] = 2 1724 reply_eapol("2/4(invalid type)", hapd, addr, msg, 0x010a, snonce, wpae, kck) 1725 msg['descr_type'] = 254 1726 reply_eapol("2/4", hapd, addr, msg, 0x010a, snonce, wpae, kck) 1727 1728 msg = recv_eapol(hapd) 1729 if anonce != msg['rsn_key_nonce']: 1730 raise Exception("ANonce changed") 1731 logger.info("Replay same data back") 1732 send_eapol(hapd, addr, build_eapol(msg)) 1733 1734 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck) 1735 hapd.wait_sta(timeout=15) 1736 dev[0].request("DISCONNECT") 1737 1738@remote_compatible 1739def test_ap_wpa2_psk_ext_eapol_key_info(dev, apdev): 1740 """WPA2-PSK 4-way handshake with strange key info values""" 1741 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) 1742 1743 msg = recv_eapol(hapd) 1744 anonce = msg['rsn_key_nonce'] 1745 1746 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) 1747 rsn_eapol_key_set(msg, 0x0000, 0, snonce, rsne) 1748 send_eapol(hapd, addr, build_eapol(msg)) 1749 rsn_eapol_key_set(msg, 0xffff, 0, snonce, rsne) 1750 send_eapol(hapd, addr, build_eapol(msg)) 1751 # SMK M1 1752 rsn_eapol_key_set(msg, 0x2802, 0, snonce, rsne) 1753 send_eapol(hapd, addr, build_eapol(msg)) 1754 # SMK M3 1755 rsn_eapol_key_set(msg, 0x2002, 0, snonce, rsne) 1756 send_eapol(hapd, addr, build_eapol(msg)) 1757 # Request 1758 rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne) 1759 send_eapol(hapd, addr, build_eapol(msg)) 1760 # Request 1761 rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne) 1762 tmp_kck = binascii.unhexlify('00000000000000000000000000000000') 1763 eapol_key_mic(tmp_kck, msg) 1764 send_eapol(hapd, addr, build_eapol(msg)) 1765 1766 reply_eapol("2/4", hapd, addr, msg, 0x010a, snonce, rsne, kck) 1767 1768 msg = recv_eapol(hapd) 1769 if anonce != msg['rsn_key_nonce']: 1770 raise Exception("ANonce changed") 1771 1772 # Request (valic MIC) 1773 rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne) 1774 eapol_key_mic(kck, msg) 1775 send_eapol(hapd, addr, build_eapol(msg)) 1776 # Request (valid MIC, replayed counter) 1777 rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne) 1778 eapol_key_mic(kck, msg) 1779 send_eapol(hapd, addr, build_eapol(msg)) 1780 # EAPOL-Key msg 4/4 with incorrectly encrypred Key Data field 1781 hapd.note("RSN: AES unwrap failed - could not decrypt EAPOL-Key key data") 1782 key_data = 24*b'1' 1783 rsn_eapol_key_set(msg, 0x130a, 0, snonce, key_data) 1784 send_eapol(hapd, addr, build_eapol(msg)) 1785 # EAPOL-Key msg 4/4 claimed to be encrypred with RC4 1786 hapd.note("WPA: did not use HMAC-SHA1-AES with CCMP/GCMP") 1787 rsn_eapol_key_set(msg, 0x1309, 0, snonce, key_data) 1788 send_eapol(hapd, addr, build_eapol(msg)) 1789 1790 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck) 1791 hapd.wait_sta(timeout=15) 1792 dev[0].request("DISCONNECT") 1793 1794def build_eapol_key_1_4(anonce, replay_counter=1, key_data=b'', key_len=16): 1795 msg = {} 1796 msg['version'] = 2 1797 msg['type'] = 3 1798 msg['length'] = 95 + len(key_data) 1799 1800 msg['descr_type'] = 2 1801 msg['rsn_key_info'] = 0x8a 1802 msg['rsn_key_len'] = key_len 1803 msg['rsn_replay_counter'] = struct.pack('>Q', replay_counter) 1804 msg['rsn_key_nonce'] = anonce 1805 msg['rsn_key_iv'] = binascii.unhexlify('00000000000000000000000000000000') 1806 msg['rsn_key_rsc'] = binascii.unhexlify('0000000000000000') 1807 msg['rsn_key_id'] = binascii.unhexlify('0000000000000000') 1808 msg['rsn_key_mic'] = binascii.unhexlify('00000000000000000000000000000000') 1809 msg['rsn_key_data_len'] = len(key_data) 1810 msg['rsn_key_data'] = key_data 1811 return msg 1812 1813def build_eapol_key_3_4(anonce, kck, key_data, replay_counter=2, 1814 key_info=0x13ca, extra_len=0, descr_type=2, key_len=16): 1815 msg = {} 1816 msg['version'] = 2 1817 msg['type'] = 3 1818 msg['length'] = 95 + len(key_data) + extra_len 1819 1820 msg['descr_type'] = descr_type 1821 msg['rsn_key_info'] = key_info 1822 msg['rsn_key_len'] = key_len 1823 msg['rsn_replay_counter'] = struct.pack('>Q', replay_counter) 1824 msg['rsn_key_nonce'] = anonce 1825 msg['rsn_key_iv'] = binascii.unhexlify('00000000000000000000000000000000') 1826 msg['rsn_key_rsc'] = binascii.unhexlify('0000000000000000') 1827 msg['rsn_key_id'] = binascii.unhexlify('0000000000000000') 1828 msg['rsn_key_data_len'] = len(key_data) 1829 msg['rsn_key_data'] = key_data 1830 eapol_key_mic(kck, msg) 1831 return msg 1832 1833def aes_wrap(kek, plain): 1834 n = len(plain) // 8 1835 a = 0xa6a6a6a6a6a6a6a6 1836 enc = AES.new(kek, AES.MODE_ECB).encrypt 1837 r = [plain[i * 8:(i + 1) * 8] for i in range(0, n)] 1838 for j in range(6): 1839 for i in range(1, n + 1): 1840 b = enc(struct.pack('>Q', a) + r[i - 1]) 1841 a = struct.unpack('>Q', b[:8])[0] ^ (n * j + i) 1842 r[i - 1] = b[8:] 1843 return struct.pack('>Q', a) + b''.join(r) 1844 1845def pad_key_data(plain): 1846 pad_len = len(plain) % 8 1847 if pad_len: 1848 pad_len = 8 - pad_len 1849 plain += b'\xdd' 1850 pad_len -= 1 1851 plain += pad_len * b'\x00' 1852 return plain 1853 1854def test_ap_wpa2_psk_supp_proto(dev, apdev): 1855 """WPA2-PSK 4-way handshake protocol testing for supplicant""" 1856 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) 1857 1858 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated 1859 msg = recv_eapol(hapd) 1860 dev[0].dump_monitor() 1861 1862 # Build own EAPOL-Key msg 1/4 1863 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') 1864 counter = 1 1865 msg = build_eapol_key_1_4(anonce, replay_counter=counter) 1866 counter += 1 1867 send_eapol(dev[0], bssid, build_eapol(msg)) 1868 msg = recv_eapol(dev[0]) 1869 snonce = msg['rsn_key_nonce'] 1870 1871 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) 1872 1873 logger.debug("Invalid AES wrap data length 0") 1874 dev[0].dump_monitor() 1875 msg = build_eapol_key_3_4(anonce, kck, b'', replay_counter=counter) 1876 counter += 1 1877 send_eapol(dev[0], bssid, build_eapol(msg)) 1878 ev = dev[0].wait_event(["WPA: Unsupported AES-WRAP len 0"]) 1879 if ev is None: 1880 raise Exception("Unsupported AES-WRAP len 0 not reported") 1881 1882 logger.debug("Invalid AES wrap data length 1") 1883 dev[0].dump_monitor() 1884 msg = build_eapol_key_3_4(anonce, kck, b'1', replay_counter=counter) 1885 counter += 1 1886 send_eapol(dev[0], bssid, build_eapol(msg)) 1887 ev = dev[0].wait_event(["WPA: Unsupported AES-WRAP len 1"]) 1888 if ev is None: 1889 raise Exception("Unsupported AES-WRAP len 1 not reported") 1890 1891 logger.debug("Invalid AES wrap data length 9") 1892 dev[0].dump_monitor() 1893 msg = build_eapol_key_3_4(anonce, kck, b'123456789', replay_counter=counter) 1894 counter += 1 1895 send_eapol(dev[0], bssid, build_eapol(msg)) 1896 ev = dev[0].wait_event(["WPA: Unsupported AES-WRAP len 9"]) 1897 if ev is None: 1898 raise Exception("Unsupported AES-WRAP len 9 not reported") 1899 1900 logger.debug("Invalid AES wrap data payload") 1901 dev[0].dump_monitor() 1902 msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter) 1903 # do not increment counter to test replay protection 1904 send_eapol(dev[0], bssid, build_eapol(msg)) 1905 ev = dev[0].wait_event(["WPA: AES unwrap failed"]) 1906 if ev is None: 1907 raise Exception("AES unwrap failure not reported") 1908 1909 logger.debug("Replay Count not increasing") 1910 dev[0].dump_monitor() 1911 msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter) 1912 counter += 1 1913 send_eapol(dev[0], bssid, build_eapol(msg)) 1914 ev = dev[0].wait_event(["WPA: EAPOL-Key Replay Counter did not increase"]) 1915 if ev is None: 1916 raise Exception("Replay Counter replay not reported") 1917 1918 logger.debug("Missing Ack bit in key info") 1919 dev[0].dump_monitor() 1920 msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter, 1921 key_info=0x134a) 1922 counter += 1 1923 send_eapol(dev[0], bssid, build_eapol(msg)) 1924 ev = dev[0].wait_event(["WPA: No Ack bit in key_info"]) 1925 if ev is None: 1926 raise Exception("Missing Ack bit not reported") 1927 1928 logger.debug("Unexpected Request bit in key info") 1929 dev[0].dump_monitor() 1930 msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter, 1931 key_info=0x1bca) 1932 counter += 1 1933 send_eapol(dev[0], bssid, build_eapol(msg)) 1934 ev = dev[0].wait_event(["WPA: EAPOL-Key with Request bit"]) 1935 if ev is None: 1936 raise Exception("Request bit not reported") 1937 1938 logger.debug("Unsupported key descriptor version 0") 1939 dev[0].dump_monitor() 1940 msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef', 1941 replay_counter=counter, key_info=0x13c8) 1942 counter += 1 1943 send_eapol(dev[0], bssid, build_eapol(msg)) 1944 ev = dev[0].wait_event(["RSN: Unsupported EAPOL-Key descriptor version 0"]) 1945 if ev is None: 1946 raise Exception("Unsupported EAPOL-Key descriptor version 0 not reported") 1947 1948 logger.debug("Key descriptor version 1 not allowed with CCMP") 1949 dev[0].dump_monitor() 1950 msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef', 1951 replay_counter=counter, key_info=0x13c9) 1952 counter += 1 1953 send_eapol(dev[0], bssid, build_eapol(msg)) 1954 ev = dev[0].wait_event(["RSN: EAPOL-Key descriptor version 1 not allowed without TKIP as the pairwise cipher"]) 1955 if ev is None: 1956 raise Exception("Not allowed EAPOL-Key descriptor version not reported") 1957 1958 logger.debug("Invalid AES wrap payload with key descriptor version 2") 1959 dev[0].dump_monitor() 1960 msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef', 1961 replay_counter=counter, key_info=0x13ca) 1962 counter += 1 1963 send_eapol(dev[0], bssid, build_eapol(msg)) 1964 ev = dev[0].wait_event(["WPA: AES unwrap failed"]) 1965 if ev is None: 1966 raise Exception("AES unwrap failure not reported") 1967 1968 logger.debug("Key descriptor version 3 workaround") 1969 dev[0].dump_monitor() 1970 msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef', 1971 replay_counter=counter, key_info=0x13cb) 1972 counter += 1 1973 send_eapol(dev[0], bssid, build_eapol(msg)) 1974 ev = dev[0].wait_event(["RSN: CCMP is used, but EAPOL-Key descriptor version (3) is not 2"]) 1975 if ev is None: 1976 raise Exception("CCMP key descriptor mismatch not reported") 1977 ev = dev[0].wait_event(["RSN: Interoperability workaround"]) 1978 if ev is None: 1979 raise Exception("AES-128-CMAC workaround not reported") 1980 ev = dev[0].wait_event(["WPA: Invalid EAPOL-Key MIC - dropping packet"]) 1981 if ev is None: 1982 raise Exception("MIC failure with AES-128-CMAC workaround not reported") 1983 1984 logger.debug("Unsupported key descriptor version 4") 1985 dev[0].dump_monitor() 1986 msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef', 1987 replay_counter=counter, key_info=0x13cc) 1988 counter += 1 1989 send_eapol(dev[0], bssid, build_eapol(msg)) 1990 ev = dev[0].wait_event(["RSN: Unsupported EAPOL-Key descriptor version 4"]) 1991 if ev is None: 1992 raise Exception("Unsupported EAPOL-Key descriptor version 4 not reported") 1993 1994 logger.debug("Unsupported key descriptor version 7") 1995 dev[0].dump_monitor() 1996 msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef', 1997 replay_counter=counter, key_info=0x13cf) 1998 counter += 1 1999 send_eapol(dev[0], bssid, build_eapol(msg)) 2000 ev = dev[0].wait_event(["RSN: Unsupported EAPOL-Key descriptor version 7"]) 2001 if ev is None: 2002 raise Exception("Unsupported EAPOL-Key descriptor version 7 not reported") 2003 2004 logger.debug("Too short EAPOL header length") 2005 dev[0].dump_monitor() 2006 msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter, 2007 extra_len=-1) 2008 counter += 1 2009 send_eapol(dev[0], bssid, build_eapol(msg)) 2010 ev = dev[0].wait_event(["WPA: Invalid EAPOL-Key frame - key_data overflow (8 > 7)"]) 2011 if ev is None: 2012 raise Exception("Key data overflow not reported") 2013 2014 logger.debug("Too long EAPOL header length") 2015 msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter, 2016 extra_len=1) 2017 counter += 1 2018 send_eapol(dev[0], bssid, build_eapol(msg)) 2019 2020 logger.debug("Unsupported descriptor type 0") 2021 msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter, 2022 descr_type=0) 2023 counter += 1 2024 send_eapol(dev[0], bssid, build_eapol(msg)) 2025 2026 logger.debug("WPA descriptor type 0") 2027 msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter, 2028 descr_type=254) 2029 counter += 1 2030 send_eapol(dev[0], bssid, build_eapol(msg)) 2031 2032 logger.debug("Non-zero key index for pairwise key") 2033 dev[0].dump_monitor() 2034 wrapped = aes_wrap(kek, 16*b'z') 2035 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter, 2036 key_info=0x13ea) 2037 counter += 1 2038 send_eapol(dev[0], bssid, build_eapol(msg)) 2039 ev = dev[0].wait_event(["RSN: Ignored EAPOL-Key (Pairwise) with non-zero key index"]) 2040 if ev is None: 2041 raise Exception("Non-zero key index not reported") 2042 2043 logger.debug("Invalid Key Data plaintext payload --> disconnect") 2044 dev[0].dump_monitor() 2045 wrapped = aes_wrap(kek, 16*b'z') 2046 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter) 2047 counter += 1 2048 send_eapol(dev[0], bssid, build_eapol(msg)) 2049 dev[0].wait_disconnected(timeout=1) 2050 dev[0].request("DISCONNECT") 2051 2052def test_ap_wpa2_psk_supp_proto_no_ie(dev, apdev): 2053 """WPA2-PSK supplicant protocol testing: IE not included""" 2054 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) 2055 2056 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated 2057 msg = recv_eapol(hapd) 2058 dev[0].dump_monitor() 2059 2060 # Build own EAPOL-Key msg 1/4 2061 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') 2062 counter = 1 2063 msg = build_eapol_key_1_4(anonce, replay_counter=counter) 2064 counter += 1 2065 send_eapol(dev[0], bssid, build_eapol(msg)) 2066 msg = recv_eapol(dev[0]) 2067 snonce = msg['rsn_key_nonce'] 2068 2069 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) 2070 2071 logger.debug("No IEs in msg 3/4 --> disconnect") 2072 dev[0].dump_monitor() 2073 wrapped = aes_wrap(kek, 16*b'\x00') 2074 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter) 2075 counter += 1 2076 send_eapol(dev[0], bssid, build_eapol(msg)) 2077 dev[0].wait_disconnected(timeout=1) 2078 dev[0].request("DISCONNECT") 2079 2080def test_ap_wpa2_psk_supp_proto_ie_mismatch(dev, apdev): 2081 """WPA2-PSK supplicant protocol testing: IE mismatch""" 2082 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) 2083 2084 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated 2085 msg = recv_eapol(hapd) 2086 dev[0].dump_monitor() 2087 2088 # Build own EAPOL-Key msg 1/4 2089 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') 2090 counter = 1 2091 msg = build_eapol_key_1_4(anonce, replay_counter=counter) 2092 counter += 1 2093 send_eapol(dev[0], bssid, build_eapol(msg)) 2094 msg = recv_eapol(dev[0]) 2095 snonce = msg['rsn_key_nonce'] 2096 2097 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) 2098 2099 logger.debug("Msg 3/4 with mismatching IE") 2100 dev[0].dump_monitor() 2101 wrapped = aes_wrap(kek, pad_key_data(binascii.unhexlify('30060100000fac04dd16000fac010100dc11188831bf4aa4a8678d2b41498618'))) 2102 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter) 2103 counter += 1 2104 send_eapol(dev[0], bssid, build_eapol(msg)) 2105 dev[0].wait_disconnected(timeout=1) 2106 2107def test_ap_wpa2_psk_supp_proto_ok(dev, apdev): 2108 """WPA2-PSK supplicant protocol testing: success""" 2109 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) 2110 2111 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated 2112 msg = recv_eapol(hapd) 2113 dev[0].dump_monitor() 2114 2115 # Build own EAPOL-Key msg 1/4 2116 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') 2117 counter = 1 2118 msg = build_eapol_key_1_4(anonce, replay_counter=counter) 2119 counter += 1 2120 send_eapol(dev[0], bssid, build_eapol(msg)) 2121 msg = recv_eapol(dev[0]) 2122 snonce = msg['rsn_key_nonce'] 2123 2124 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) 2125 2126 logger.debug("Valid EAPOL-Key msg 3/4") 2127 dev[0].dump_monitor() 2128 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618') 2129 wrapped = aes_wrap(kek, pad_key_data(plain)) 2130 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter) 2131 counter += 1 2132 send_eapol(dev[0], bssid, build_eapol(msg)) 2133 dev[0].wait_connected(timeout=1) 2134 dev[0].request("DISCONNECT") 2135 2136def test_ap_wpa2_psk_supp_proto_no_gtk(dev, apdev): 2137 """WPA2-PSK supplicant protocol testing: no GTK""" 2138 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) 2139 2140 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated 2141 msg = recv_eapol(hapd) 2142 dev[0].dump_monitor() 2143 2144 # Build own EAPOL-Key msg 1/4 2145 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') 2146 counter = 1 2147 msg = build_eapol_key_1_4(anonce, replay_counter=counter) 2148 counter += 1 2149 send_eapol(dev[0], bssid, build_eapol(msg)) 2150 msg = recv_eapol(dev[0]) 2151 snonce = msg['rsn_key_nonce'] 2152 2153 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) 2154 2155 logger.debug("EAPOL-Key msg 3/4 without GTK KDE") 2156 dev[0].dump_monitor() 2157 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00') 2158 wrapped = aes_wrap(kek, pad_key_data(plain)) 2159 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter) 2160 counter += 1 2161 send_eapol(dev[0], bssid, build_eapol(msg)) 2162 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.1) 2163 if ev is not None: 2164 raise Exception("Unexpected connection completion reported") 2165 dev[0].request("DISCONNECT") 2166 2167def test_ap_wpa2_psk_supp_proto_anonce_change(dev, apdev): 2168 """WPA2-PSK supplicant protocol testing: ANonce change""" 2169 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) 2170 2171 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated 2172 msg = recv_eapol(hapd) 2173 dev[0].dump_monitor() 2174 2175 # Build own EAPOL-Key msg 1/4 2176 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') 2177 counter = 1 2178 msg = build_eapol_key_1_4(anonce, replay_counter=counter) 2179 counter += 1 2180 send_eapol(dev[0], bssid, build_eapol(msg)) 2181 msg = recv_eapol(dev[0]) 2182 snonce = msg['rsn_key_nonce'] 2183 2184 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) 2185 2186 logger.debug("Valid EAPOL-Key msg 3/4") 2187 dev[0].dump_monitor() 2188 anonce2 = binascii.unhexlify('3333333333333333333333333333333333333333333333333333333333333333') 2189 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618') 2190 wrapped = aes_wrap(kek, pad_key_data(plain)) 2191 msg = build_eapol_key_3_4(anonce2, kck, wrapped, replay_counter=counter) 2192 counter += 1 2193 send_eapol(dev[0], bssid, build_eapol(msg)) 2194 ev = dev[0].wait_event(["WPA: ANonce from message 1 of 4-Way Handshake differs from 3 of 4-Way Handshake"]) 2195 if ev is None: 2196 raise Exception("ANonce change not reported") 2197 dev[0].request("DISCONNECT") 2198 2199def test_ap_wpa2_psk_supp_proto_unexpected_group_msg(dev, apdev): 2200 """WPA2-PSK supplicant protocol testing: unexpected group message""" 2201 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) 2202 2203 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated 2204 msg = recv_eapol(hapd) 2205 dev[0].dump_monitor() 2206 2207 # Build own EAPOL-Key msg 1/4 2208 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') 2209 counter = 1 2210 msg = build_eapol_key_1_4(anonce, replay_counter=counter) 2211 counter += 1 2212 send_eapol(dev[0], bssid, build_eapol(msg)) 2213 msg = recv_eapol(dev[0]) 2214 snonce = msg['rsn_key_nonce'] 2215 2216 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) 2217 2218 logger.debug("Group key 1/2 instead of msg 3/4") 2219 dev[0].dump_monitor() 2220 wrapped = aes_wrap(kek, binascii.unhexlify('dd16000fac010100dc11188831bf4aa4a8678d2b41498618')) 2221 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter, 2222 key_info=0x13c2) 2223 counter += 1 2224 send_eapol(dev[0], bssid, build_eapol(msg)) 2225 ev = dev[0].wait_event(["RSN: Group Key Handshake started prior to completion of 4-way handshake"]) 2226 if ev is None: 2227 raise Exception("Unexpected group key message not reported") 2228 dev[0].wait_disconnected(timeout=1) 2229 dev[0].request("DISCONNECT") 2230 2231@remote_compatible 2232def test_ap_wpa2_psk_supp_proto_msg_1_invalid_kde(dev, apdev): 2233 """WPA2-PSK supplicant protocol testing: invalid KDE in msg 1/4""" 2234 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) 2235 2236 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated 2237 msg = recv_eapol(hapd) 2238 dev[0].dump_monitor() 2239 2240 # Build own EAPOL-Key msg 1/4 with invalid KDE 2241 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') 2242 counter = 1 2243 msg = build_eapol_key_1_4(anonce, replay_counter=counter, 2244 key_data=binascii.unhexlify('5555')) 2245 counter += 1 2246 send_eapol(dev[0], bssid, build_eapol(msg)) 2247 time.sleep(0.1) 2248 dev[0].request("DISCONNECT") 2249 2250def test_ap_wpa2_psk_supp_proto_wrong_pairwise_key_len(dev, apdev): 2251 """WPA2-PSK supplicant protocol testing: wrong pairwise key length""" 2252 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) 2253 2254 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated 2255 msg = recv_eapol(hapd) 2256 dev[0].dump_monitor() 2257 2258 # Build own EAPOL-Key msg 1/4 2259 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') 2260 counter = 1 2261 msg = build_eapol_key_1_4(anonce, replay_counter=counter) 2262 counter += 1 2263 send_eapol(dev[0], bssid, build_eapol(msg)) 2264 msg = recv_eapol(dev[0]) 2265 snonce = msg['rsn_key_nonce'] 2266 2267 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) 2268 2269 logger.debug("Valid EAPOL-Key msg 3/4") 2270 dev[0].dump_monitor() 2271 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618') 2272 wrapped = aes_wrap(kek, pad_key_data(plain)) 2273 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter, 2274 key_len=15) 2275 counter += 1 2276 send_eapol(dev[0], bssid, build_eapol(msg)) 2277 ev = dev[0].wait_event(["WPA: Invalid CCMP key length 15"]) 2278 if ev is None: 2279 raise Exception("Invalid CCMP key length not reported") 2280 dev[0].wait_disconnected(timeout=1) 2281 dev[0].request("DISCONNECT") 2282 2283def test_ap_wpa2_psk_supp_proto_wrong_group_key_len(dev, apdev): 2284 """WPA2-PSK supplicant protocol testing: wrong group key length""" 2285 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) 2286 2287 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated 2288 msg = recv_eapol(hapd) 2289 dev[0].dump_monitor() 2290 2291 # Build own EAPOL-Key msg 1/4 2292 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') 2293 counter = 1 2294 msg = build_eapol_key_1_4(anonce, replay_counter=counter) 2295 counter += 1 2296 send_eapol(dev[0], bssid, build_eapol(msg)) 2297 msg = recv_eapol(dev[0]) 2298 snonce = msg['rsn_key_nonce'] 2299 2300 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) 2301 2302 logger.debug("Valid EAPOL-Key msg 3/4") 2303 dev[0].dump_monitor() 2304 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd15000fac010100dc11188831bf4aa4a8678d2b414986') 2305 wrapped = aes_wrap(kek, pad_key_data(plain)) 2306 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter) 2307 counter += 1 2308 send_eapol(dev[0], bssid, build_eapol(msg)) 2309 ev = dev[0].wait_event(["WPA: Unsupported CCMP Group Cipher key length 15"]) 2310 if ev is None: 2311 raise Exception("Invalid CCMP key length not reported") 2312 dev[0].wait_disconnected(timeout=1) 2313 dev[0].request("DISCONNECT") 2314 2315def test_ap_wpa2_psk_supp_proto_gtk_tx_bit_workaround(dev, apdev): 2316 """WPA2-PSK supplicant protocol testing: GTK TX bit workaround""" 2317 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) 2318 2319 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated 2320 msg = recv_eapol(hapd) 2321 dev[0].dump_monitor() 2322 2323 # Build own EAPOL-Key msg 1/4 2324 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') 2325 counter = 1 2326 msg = build_eapol_key_1_4(anonce, replay_counter=counter) 2327 counter += 1 2328 send_eapol(dev[0], bssid, build_eapol(msg)) 2329 msg = recv_eapol(dev[0]) 2330 snonce = msg['rsn_key_nonce'] 2331 2332 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) 2333 2334 logger.debug("Valid EAPOL-Key msg 3/4") 2335 dev[0].dump_monitor() 2336 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010500dc11188831bf4aa4a8678d2b41498618') 2337 wrapped = aes_wrap(kek, pad_key_data(plain)) 2338 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter) 2339 counter += 1 2340 send_eapol(dev[0], bssid, build_eapol(msg)) 2341 ev = dev[0].wait_event(["WPA: Tx bit set for GTK, but pairwise keys are used - ignore Tx bit"]) 2342 if ev is None: 2343 raise Exception("GTK Tx bit workaround not reported") 2344 dev[0].wait_connected(timeout=1) 2345 dev[0].request("DISCONNECT") 2346 2347def test_ap_wpa2_psk_supp_proto_gtk_keyidx_0_and_3(dev, apdev): 2348 """WPA2-PSK supplicant protocol testing: GTK key index 0 and 3""" 2349 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) 2350 2351 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated 2352 msg = recv_eapol(hapd) 2353 dev[0].dump_monitor() 2354 2355 # Build own EAPOL-Key msg 1/4 2356 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') 2357 counter = 1 2358 msg = build_eapol_key_1_4(anonce, replay_counter=counter) 2359 counter += 1 2360 send_eapol(dev[0], bssid, build_eapol(msg)) 2361 msg = recv_eapol(dev[0]) 2362 snonce = msg['rsn_key_nonce'] 2363 2364 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) 2365 2366 logger.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)") 2367 dev[0].dump_monitor() 2368 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618') 2369 wrapped = aes_wrap(kek, pad_key_data(plain)) 2370 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter) 2371 counter += 1 2372 send_eapol(dev[0], bssid, build_eapol(msg)) 2373 dev[0].wait_connected(timeout=1) 2374 2375 logger.debug("Valid EAPOL-Key group msg 1/2 (GTK keyidx 3)") 2376 dev[0].dump_monitor() 2377 plain = binascii.unhexlify('dd16000fac010300dc11188831bf4aa4a8678d2b41498618') 2378 wrapped = aes_wrap(kek, pad_key_data(plain)) 2379 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter, 2380 key_info=0x13c2) 2381 counter += 1 2382 send_eapol(dev[0], bssid, build_eapol(msg)) 2383 msg = recv_eapol(dev[0]) 2384 ev = dev[0].wait_event(["RSN: Group rekeying completed"]) 2385 if ev is None: 2386 raise Exception("GTK rekeing not reported") 2387 2388 logger.debug("Unencrypted GTK KDE in group msg 1/2") 2389 dev[0].dump_monitor() 2390 plain = binascii.unhexlify('dd16000fac010300dc11188831bf4aa4a8678d2b41498618') 2391 msg = build_eapol_key_3_4(anonce, kck, plain, replay_counter=counter, 2392 key_info=0x03c2) 2393 counter += 1 2394 send_eapol(dev[0], bssid, build_eapol(msg)) 2395 ev = dev[0].wait_event(["RSN: GTK KDE in unencrypted key data"]) 2396 if ev is None: 2397 raise Exception("Unencrypted GTK KDE not reported") 2398 dev[0].wait_disconnected(timeout=1) 2399 dev[0].request("DISCONNECT") 2400 2401def test_ap_wpa2_psk_supp_proto_no_gtk_in_group_msg(dev, apdev): 2402 """WPA2-PSK supplicant protocol testing: GTK KDE missing from group msg""" 2403 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) 2404 2405 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated 2406 msg = recv_eapol(hapd) 2407 dev[0].dump_monitor() 2408 2409 # Build own EAPOL-Key msg 1/4 2410 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') 2411 counter = 1 2412 msg = build_eapol_key_1_4(anonce, replay_counter=counter) 2413 counter += 1 2414 send_eapol(dev[0], bssid, build_eapol(msg)) 2415 msg = recv_eapol(dev[0]) 2416 snonce = msg['rsn_key_nonce'] 2417 2418 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) 2419 2420 logger.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)") 2421 dev[0].dump_monitor() 2422 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618') 2423 wrapped = aes_wrap(kek, pad_key_data(plain)) 2424 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter) 2425 counter += 1 2426 send_eapol(dev[0], bssid, build_eapol(msg)) 2427 dev[0].wait_connected(timeout=1) 2428 2429 logger.debug("No GTK KDE in EAPOL-Key group msg 1/2") 2430 dev[0].dump_monitor() 2431 plain = binascii.unhexlify('dd00dd00dd00dd00dd00dd00dd00dd00') 2432 wrapped = aes_wrap(kek, pad_key_data(plain)) 2433 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter, 2434 key_info=0x13c2) 2435 counter += 1 2436 send_eapol(dev[0], bssid, build_eapol(msg)) 2437 ev = dev[0].wait_event(["RSN: No GTK KDE in Group Key msg 1/2"]) 2438 if ev is None: 2439 raise Exception("Missing GTK KDE not reported") 2440 dev[0].wait_disconnected(timeout=1) 2441 dev[0].request("DISCONNECT") 2442 2443def test_ap_wpa2_psk_supp_proto_too_long_gtk_in_group_msg(dev, apdev): 2444 """WPA2-PSK supplicant protocol testing: too long GTK KDE in group msg""" 2445 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) 2446 2447 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated 2448 msg = recv_eapol(hapd) 2449 dev[0].dump_monitor() 2450 2451 # Build own EAPOL-Key msg 1/4 2452 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') 2453 counter = 1 2454 msg = build_eapol_key_1_4(anonce, replay_counter=counter) 2455 counter += 1 2456 send_eapol(dev[0], bssid, build_eapol(msg)) 2457 msg = recv_eapol(dev[0]) 2458 snonce = msg['rsn_key_nonce'] 2459 2460 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) 2461 2462 logger.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)") 2463 dev[0].dump_monitor() 2464 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618') 2465 wrapped = aes_wrap(kek, pad_key_data(plain)) 2466 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter) 2467 counter += 1 2468 send_eapol(dev[0], bssid, build_eapol(msg)) 2469 dev[0].wait_connected(timeout=1) 2470 2471 logger.debug("EAPOL-Key group msg 1/2 with too long GTK KDE") 2472 dev[0].dump_monitor() 2473 plain = binascii.unhexlify('dd27000fac010100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff') 2474 wrapped = aes_wrap(kek, pad_key_data(plain)) 2475 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter, 2476 key_info=0x13c2) 2477 counter += 1 2478 send_eapol(dev[0], bssid, build_eapol(msg)) 2479 ev = dev[0].wait_event(["WPA: Unsupported CCMP Group Cipher key length 33", 2480 "RSN: Too long GTK in GTK KDE (len=33)"]) 2481 if ev is None: 2482 raise Exception("Too long GTK KDE not reported") 2483 dev[0].wait_disconnected(timeout=1) 2484 dev[0].request("DISCONNECT") 2485 2486def test_ap_wpa2_psk_supp_proto_too_long_gtk_kde(dev, apdev): 2487 """WPA2-PSK supplicant protocol testing: too long GTK KDE""" 2488 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) 2489 2490 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated 2491 msg = recv_eapol(hapd) 2492 dev[0].dump_monitor() 2493 2494 # Build own EAPOL-Key msg 1/4 2495 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') 2496 counter = 1 2497 msg = build_eapol_key_1_4(anonce, replay_counter=counter) 2498 counter += 1 2499 send_eapol(dev[0], bssid, build_eapol(msg)) 2500 msg = recv_eapol(dev[0]) 2501 snonce = msg['rsn_key_nonce'] 2502 2503 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) 2504 2505 logger.debug("EAPOL-Key msg 3/4 with too short GTK KDE") 2506 dev[0].dump_monitor() 2507 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd27000fac010100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff') 2508 wrapped = aes_wrap(kek, pad_key_data(plain)) 2509 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter) 2510 counter += 1 2511 send_eapol(dev[0], bssid, build_eapol(msg)) 2512 dev[0].wait_disconnected(timeout=1) 2513 dev[0].request("DISCONNECT") 2514 2515def test_ap_wpa2_psk_supp_proto_gtk_not_encrypted(dev, apdev): 2516 """WPA2-PSK supplicant protocol testing: GTK KDE not encrypted""" 2517 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0]) 2518 2519 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated 2520 msg = recv_eapol(hapd) 2521 dev[0].dump_monitor() 2522 2523 # Build own EAPOL-Key msg 1/4 2524 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') 2525 counter = 1 2526 msg = build_eapol_key_1_4(anonce, replay_counter=counter) 2527 counter += 1 2528 send_eapol(dev[0], bssid, build_eapol(msg)) 2529 msg = recv_eapol(dev[0]) 2530 snonce = msg['rsn_key_nonce'] 2531 2532 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) 2533 2534 logger.debug("Valid EAPOL-Key msg 3/4") 2535 dev[0].dump_monitor() 2536 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618') 2537 msg = build_eapol_key_3_4(anonce, kck, plain, replay_counter=counter, 2538 key_info=0x03ca) 2539 counter += 1 2540 send_eapol(dev[0], bssid, build_eapol(msg)) 2541 ev = dev[0].wait_event(["WPA: GTK IE in unencrypted key data"]) 2542 if ev is None: 2543 raise Exception("Unencrypted GTK KDE not reported") 2544 dev[0].wait_disconnected(timeout=1) 2545 dev[0].request("DISCONNECT") 2546 2547def run_psk_supp_proto_pmf2(dev, apdev, igtk_kde=None, fail=False): 2548 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0], 2549 ieee80211w=2) 2550 2551 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated 2552 msg = recv_eapol(hapd) 2553 dev[0].dump_monitor() 2554 2555 # Build own EAPOL-Key msg 1/4 2556 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222') 2557 counter = 1 2558 msg = build_eapol_key_1_4(anonce, replay_counter=counter) 2559 counter += 1 2560 send_eapol(dev[0], bssid, build_eapol(msg)) 2561 msg = recv_eapol(dev[0]) 2562 snonce = msg['rsn_key_nonce'] 2563 2564 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce) 2565 2566 logger.debug("EAPOL-Key msg 3/4") 2567 dev[0].dump_monitor() 2568 gtk_kde = binascii.unhexlify('dd16000fac010100dc11188831bf4aa4a8678d2b41498618') 2569 plain = rsne + gtk_kde 2570 if igtk_kde: 2571 plain += igtk_kde 2572 wrapped = aes_wrap(kek, pad_key_data(plain)) 2573 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter) 2574 counter += 1 2575 send_eapol(dev[0], bssid, build_eapol(msg)) 2576 if fail: 2577 dev[0].wait_disconnected(timeout=1) 2578 return 2579 2580 dev[0].wait_connected(timeout=1) 2581 2582 # Verify that an unprotected broadcast Deauthentication frame is ignored 2583 bssid = binascii.unhexlify(hapd.own_addr().replace(':', '')) 2584 sock = start_monitor(apdev[1]["ifname"]) 2585 radiotap = radiotap_build() 2586 frame = binascii.unhexlify("c0003a01") 2587 frame += 6*b'\xff' + bssid + bssid 2588 frame += binascii.unhexlify("1000" + "0300") 2589 sock.send(radiotap + frame) 2590 # And same with incorrect BIP protection 2591 for keyid in ["0400", "0500", "0600", "0004", "0005", "0006", "ffff"]: 2592 frame2 = frame + binascii.unhexlify("4c10" + keyid + "010000000000c0e5ca5f2b3b4de9") 2593 sock.send(radiotap + frame2) 2594 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=0.5) 2595 if ev is not None: 2596 raise Exception("Unexpected disconnection") 2597 dev[0].request("DISCONNECT") 2598 2599def run_psk_supp_proto_pmf(dev, apdev, igtk_kde=None, fail=False): 2600 try: 2601 run_psk_supp_proto_pmf2(dev, apdev, igtk_kde=igtk_kde, fail=fail) 2602 finally: 2603 stop_monitor(apdev[1]["ifname"]) 2604 2605def test_ap_wpa2_psk_supp_proto_no_igtk(dev, apdev): 2606 """WPA2-PSK supplicant protocol testing: no IGTK KDE""" 2607 run_psk_supp_proto_pmf(dev, apdev, igtk_kde=None) 2608 2609def test_ap_wpa2_psk_supp_proto_igtk_ok(dev, apdev): 2610 """WPA2-PSK supplicant protocol testing: valid IGTK KDE""" 2611 igtk_kde = binascii.unhexlify('dd1c' + '000fac09' + '0400' + 6*'00' + 16*'77') 2612 run_psk_supp_proto_pmf(dev, apdev, igtk_kde=igtk_kde) 2613 2614def test_ap_wpa2_psk_supp_proto_igtk_keyid_swap(dev, apdev): 2615 """WPA2-PSK supplicant protocol testing: swapped IGTK KeyID""" 2616 igtk_kde = binascii.unhexlify('dd1c' + '000fac09' + '0004' + 6*'00' + 16*'77') 2617 run_psk_supp_proto_pmf(dev, apdev, igtk_kde=igtk_kde) 2618 2619def test_ap_wpa2_psk_supp_proto_igtk_keyid_too_large(dev, apdev): 2620 """WPA2-PSK supplicant protocol testing: too large IGTK KeyID""" 2621 igtk_kde = binascii.unhexlify('dd1c' + '000fac09' + 'ffff' + 6*'00' + 16*'77') 2622 run_psk_supp_proto_pmf(dev, apdev, igtk_kde=igtk_kde, fail=True) 2623 2624def test_ap_wpa2_psk_supp_proto_igtk_keyid_unexpected(dev, apdev): 2625 """WPA2-PSK supplicant protocol testing: unexpected IGTK KeyID""" 2626 igtk_kde = binascii.unhexlify('dd1c' + '000fac09' + '0006' + 6*'00' + 16*'77') 2627 run_psk_supp_proto_pmf(dev, apdev, igtk_kde=igtk_kde, fail=True) 2628 2629def find_wpas_process(dev): 2630 ifname = dev.ifname 2631 err, data = dev.cmd_execute(['ps', 'ax']) 2632 for l in data.splitlines(): 2633 if "wpa_supplicant" not in l: 2634 continue 2635 if "-i" + ifname not in l: 2636 continue 2637 return int(l.strip().split(' ')[0]) 2638 raise Exception("Could not find wpa_supplicant process") 2639 2640def read_process_memory(pid, key=None): 2641 buf = [] 2642 buflen = 0 2643 logger.info("Reading process memory (pid=%d)" % pid) 2644 with open('/proc/%d/maps' % pid, 'r') as maps, \ 2645 open('/proc/%d/mem' % pid, 'rb') as mem: 2646 for l in maps.readlines(): 2647 m = re.match(r'([0-9a-f]+)-([0-9a-f]+) ([-r][-w][-x][-p])', l) 2648 if not m: 2649 continue 2650 start = int(m.group(1), 16) 2651 end = int(m.group(2), 16) 2652 perm = m.group(3) 2653 if start > 0xffffffffffff: 2654 continue 2655 if end < start: 2656 continue 2657 if not perm.startswith('rw'): 2658 continue 2659 for name in ["[heap]", "[stack]"]: 2660 if name in l: 2661 logger.info("%s 0x%x-0x%x is at %d-%d" % (name, start, end, buflen, buflen + (end - start))) 2662 2663 if end - start >= 256 * 1024 * 1024: 2664 logger.info("Large memory block of >= 256MiB, assuming ASAN shadow memory") 2665 continue 2666 2667 try: 2668 mem.seek(start) 2669 data = mem.read(end - start) 2670 except OSError as e: 2671 logger.info("Could not read mem: start=%d end=%d: %s" % (start, end, str(e))) 2672 continue 2673 buf.append(data) 2674 buflen += len(data) 2675 if key and key in data: 2676 logger.info("Key found in " + l) 2677 logger.info("Total process memory read: %d bytes" % buflen) 2678 return b''.join(buf) 2679 2680def verify_not_present(buf, key, fname, keyname): 2681 pos = buf.find(key) 2682 if pos < 0: 2683 return 2684 2685 prefix = 2048 if pos > 2048 else pos 2686 with open(fname + keyname, 'wb') as f: 2687 f.write(buf[pos - prefix:pos + 2048]) 2688 raise Exception(keyname + " found after disassociation") 2689 2690def get_key_locations(buf, key, keyname): 2691 count = 0 2692 pos = 0 2693 while True: 2694 pos = buf.find(key, pos) 2695 if pos < 0: 2696 break 2697 logger.info("Found %s at %d" % (keyname, pos)) 2698 context = 128 2699 start = pos - context if pos > context else 0 2700 before = binascii.hexlify(buf[start:pos]) 2701 context += len(key) 2702 end = pos + context if pos < len(buf) - context else len(buf) - context 2703 after = binascii.hexlify(buf[pos + len(key):end]) 2704 logger.debug("Memory context %d-%d: %s|%s|%s" % (start, end, before, binascii.hexlify(key), after)) 2705 count += 1 2706 pos += len(key) 2707 return count 2708 2709def test_wpa2_psk_key_lifetime_in_memory(dev, apdev, params): 2710 """WPA2-PSK and PSK/PTK lifetime in memory""" 2711 ssid = "test-wpa2-psk" 2712 passphrase = 'qwertyuiop' 2713 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6' 2714 pmk = binascii.unhexlify(psk) 2715 p = hostapd.wpa2_params(ssid=ssid) 2716 p['wpa_psk'] = psk 2717 hapd = hostapd.add_ap(apdev[0], p) 2718 2719 pid = find_wpas_process(dev[0]) 2720 2721 id = dev[0].connect(ssid, raw_psk=psk, scan_freq="2412", 2722 only_add_network=True) 2723 2724 logger.info("Checking keys in memory after network profile configuration") 2725 buf = read_process_memory(pid, pmk) 2726 get_key_locations(buf, pmk, "PMK") 2727 2728 dev[0].request("REMOVE_NETWORK all") 2729 logger.info("Checking keys in memory after network profile removal") 2730 buf = read_process_memory(pid, pmk) 2731 get_key_locations(buf, pmk, "PMK") 2732 2733 id = dev[0].connect(ssid, psk=passphrase, scan_freq="2412", 2734 only_add_network=True) 2735 2736 logger.info("Checking keys in memory before connection") 2737 buf = read_process_memory(pid, pmk) 2738 get_key_locations(buf, pmk, "PMK") 2739 2740 dev[0].connect_network(id, timeout=20) 2741 # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED 2742 # event has been delivered, so verify that wpa_supplicant has returned to 2743 # eloop before reading process memory. 2744 time.sleep(1) 2745 dev[0].ping() 2746 2747 buf = read_process_memory(pid, pmk) 2748 2749 dev[0].request("DISCONNECT") 2750 dev[0].wait_disconnected() 2751 2752 dev[0].relog() 2753 ptk = None 2754 gtk = None 2755 with open(os.path.join(params['logdir'], 'log0'), 'r') as f: 2756 for l in f.readlines(): 2757 if "WPA: PTK - hexdump" in l: 2758 val = l.strip().split(':')[3].replace(' ', '') 2759 ptk = binascii.unhexlify(val) 2760 if "WPA: Group Key - hexdump" in l: 2761 val = l.strip().split(':')[3].replace(' ', '') 2762 gtk = binascii.unhexlify(val) 2763 if not pmk or not ptk or not gtk: 2764 raise Exception("Could not find keys from debug log") 2765 if len(gtk) != 16: 2766 raise Exception("Unexpected GTK length") 2767 2768 kck = ptk[0:16] 2769 kek = ptk[16:32] 2770 tk = ptk[32:48] 2771 2772 logger.info("Checking keys in memory while associated") 2773 get_key_locations(buf, pmk, "PMK") 2774 if pmk not in buf: 2775 raise HwsimSkip("PMK not found while associated") 2776 if kck not in buf: 2777 raise Exception("KCK not found while associated") 2778 if kek not in buf: 2779 raise Exception("KEK not found while associated") 2780 #if tk in buf: 2781 # raise Exception("TK found from memory") 2782 2783 logger.info("Checking keys in memory after disassociation") 2784 buf = read_process_memory(pid, pmk) 2785 get_key_locations(buf, pmk, "PMK") 2786 2787 # Note: PMK/PSK is still present in network configuration 2788 2789 fname = os.path.join(params['logdir'], 2790 'wpa2_psk_key_lifetime_in_memory.memctx-') 2791 verify_not_present(buf, kck, fname, "KCK") 2792 verify_not_present(buf, kek, fname, "KEK") 2793 verify_not_present(buf, tk, fname, "TK") 2794 if gtk in buf: 2795 get_key_locations(buf, gtk, "GTK") 2796 verify_not_present(buf, gtk, fname, "GTK") 2797 2798 dev[0].request("REMOVE_NETWORK all") 2799 2800 logger.info("Checking keys in memory after network profile removal") 2801 buf = read_process_memory(pid, pmk) 2802 get_key_locations(buf, pmk, "PMK") 2803 2804 verify_not_present(buf, pmk, fname, "PMK") 2805 verify_not_present(buf, kck, fname, "KCK") 2806 verify_not_present(buf, kek, fname, "KEK") 2807 verify_not_present(buf, tk, fname, "TK") 2808 verify_not_present(buf, gtk, fname, "GTK") 2809 2810@remote_compatible 2811def test_ap_wpa2_psk_wep(dev, apdev): 2812 """WPA2-PSK AP and WEP enabled""" 2813 ssid = "test-wpa2-psk" 2814 passphrase = 'qwertyuiop' 2815 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 2816 hapd = hostapd.add_ap(apdev[0], params) 2817 try: 2818 hapd.set('wep_key0', '"hello"') 2819 raise Exception("WEP key accepted to WPA2 network") 2820 except Exception: 2821 pass 2822 2823def test_ap_wpa2_psk_wpas_in_bridge(dev, apdev): 2824 """WPA2-PSK AP and wpas interface in a bridge""" 2825 br_ifname = 'sta-br0' 2826 ifname = 'wlan5' 2827 try: 2828 _test_ap_wpa2_psk_wpas_in_bridge(dev, apdev) 2829 finally: 2830 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'down']) 2831 subprocess.call(['brctl', 'delif', br_ifname, ifname]) 2832 subprocess.call(['brctl', 'delbr', br_ifname]) 2833 subprocess.call(['iw', ifname, 'set', '4addr', 'off']) 2834 2835def _test_ap_wpa2_psk_wpas_in_bridge(dev, apdev): 2836 ssid = "test-wpa2-psk" 2837 passphrase = 'qwertyuiop' 2838 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 2839 hapd = hostapd.add_ap(apdev[0], params) 2840 2841 br_ifname = 'sta-br0' 2842 ifname = 'wlan5' 2843 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5') 2844 subprocess.call(['brctl', 'addbr', br_ifname]) 2845 subprocess.call(['brctl', 'setfd', br_ifname, '0']) 2846 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'up']) 2847 subprocess.call(['iw', ifname, 'set', '4addr', 'on']) 2848 subprocess.check_call(['brctl', 'addif', br_ifname, ifname]) 2849 wpas.interface_add(ifname, br_ifname=br_ifname) 2850 wpas.dump_monitor() 2851 2852 wpas.connect(ssid, psk=passphrase, scan_freq="2412") 2853 wpas.dump_monitor() 2854 2855@remote_compatible 2856def test_ap_wpa2_psk_ifdown(dev, apdev): 2857 """AP with open mode and external ifconfig down""" 2858 ssid = "test-wpa2-psk" 2859 passphrase = 'qwertyuiop' 2860 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 2861 hapd = hostapd.add_ap(apdev[0], params) 2862 bssid = apdev[0]['bssid'] 2863 2864 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 2865 hapd.cmd_execute(['ip', 'link', 'set', 'dev', apdev[0]['ifname'], 'down']) 2866 ev = hapd.wait_event(["INTERFACE-DISABLED"], timeout=10) 2867 if ev is None: 2868 raise Exception("No INTERFACE-DISABLED event") 2869 # this wait tests beacon loss detection in mac80211 2870 dev[0].wait_disconnected() 2871 hapd.cmd_execute(['ip', 'link', 'set', 'dev', apdev[0]['ifname'], 'up']) 2872 ev = hapd.wait_event(["INTERFACE-ENABLED"], timeout=10) 2873 if ev is None: 2874 raise Exception("No INTERFACE-ENABLED event") 2875 dev[0].wait_connected() 2876 hapd.wait_sta() 2877 hwsim_utils.test_connectivity(dev[0], hapd) 2878 2879def test_ap_wpa2_psk_drop_first_msg_4(dev, apdev): 2880 """WPA2-PSK and first EAPOL-Key msg 4/4 dropped""" 2881 hapd = setup_psk_ext(dev[0], apdev[0]) 2882 bssid = apdev[0]['bssid'] 2883 addr = dev[0].own_addr() 2884 2885 # EAPOL-Key msg 1/4 2886 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 2887 if ev is None: 2888 raise Exception("Timeout on EAPOL-TX from hostapd") 2889 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2]) 2890 if "OK" not in res: 2891 raise Exception("EAPOL_RX to wpa_supplicant failed") 2892 2893 # EAPOL-Key msg 2/4 2894 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) 2895 if ev is None: 2896 raise Exception("Timeout on EAPOL-TX from wpa_supplicant") 2897 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2]) 2898 if "OK" not in res: 2899 raise Exception("EAPOL_RX to hostapd failed") 2900 2901 # EAPOL-Key msg 3/4 2902 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 2903 if ev is None: 2904 raise Exception("Timeout on EAPOL-TX from hostapd") 2905 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2]) 2906 if "OK" not in res: 2907 raise Exception("EAPOL_RX to wpa_supplicant failed") 2908 2909 # EAPOL-Key msg 4/4 2910 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) 2911 if ev is None: 2912 raise Exception("Timeout on EAPOL-TX from wpa_supplicant") 2913 logger.info("Drop the first EAPOL-Key msg 4/4") 2914 2915 # wpa_supplicant believes now that 4-way handshake succeeded; hostapd 2916 # doesn't. Use normal EAPOL TX/RX to handle retries. 2917 hapd.request("SET ext_eapol_frame_io 0") 2918 dev[0].request("SET ext_eapol_frame_io 0") 2919 dev[0].wait_connected() 2920 2921 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15) 2922 if ev is None: 2923 raise Exception("Timeout on AP-STA-CONNECTED from hostapd") 2924 2925 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=0.1) 2926 if ev is not None: 2927 logger.info("Disconnection detected") 2928 # The EAPOL-Key retries are supposed to allow the connection to be 2929 # established without having to reassociate. However, this does not 2930 # currently work since mac80211 ends up encrypting EAPOL-Key msg 4/4 2931 # after the pairwise key has been configured and AP will drop those and 2932 # disconnect the station after reaching retransmission limit. Connection 2933 # is then established after reassociation. Once that behavior has been 2934 # optimized to prevent EAPOL-Key frame encryption for retransmission 2935 # case, this exception can be uncommented here. 2936 #raise Exception("Unexpected disconnection") 2937 2938@remote_compatible 2939def test_ap_wpa2_psk_disable_enable(dev, apdev): 2940 """WPA2-PSK AP getting disabled and re-enabled""" 2941 ssid = "test-wpa2-psk" 2942 passphrase = 'qwertyuiop' 2943 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6' 2944 params = hostapd.wpa2_params(ssid=ssid) 2945 params['wpa_psk'] = psk 2946 hapd = hostapd.add_ap(apdev[0], params) 2947 dev[0].connect(ssid, raw_psk=psk, scan_freq="2412") 2948 2949 for i in range(2): 2950 hapd.request("DISABLE") 2951 dev[0].wait_disconnected() 2952 hapd.request("ENABLE") 2953 dev[0].wait_connected() 2954 hapd.wait_sta() 2955 hwsim_utils.test_connectivity(dev[0], hapd) 2956 2957@remote_compatible 2958def test_ap_wpa2_psk_incorrect_passphrase(dev, apdev): 2959 """WPA2-PSK AP and station using incorrect passphrase""" 2960 ssid = "test-wpa2-psk" 2961 passphrase = 'qwertyuiop' 2962 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 2963 hapd = hostapd.add_ap(apdev[0], params) 2964 dev[0].connect(ssid, psk="incorrect passphrase", scan_freq="2412", 2965 wait_connect=False) 2966 ev = hapd.wait_event(["AP-STA-POSSIBLE-PSK-MISMATCH"], timeout=10) 2967 if ev is None: 2968 raise Exception("No AP-STA-POSSIBLE-PSK-MISMATCH reported") 2969 dev[0].dump_monitor() 2970 2971 hapd.disable() 2972 hapd.set("wpa_passphrase", "incorrect passphrase") 2973 hapd.enable() 2974 2975 dev[0].wait_connected(timeout=20) 2976 2977@remote_compatible 2978def test_ap_wpa_ie_parsing(dev, apdev): 2979 """WPA IE parsing""" 2980 skip_with_fips(dev[0]) 2981 skip_without_tkip(dev[0]) 2982 ssid = "test-wpa-psk" 2983 passphrase = 'qwertyuiop' 2984 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase) 2985 hapd = hostapd.add_ap(apdev[0], params) 2986 id = dev[0].connect(ssid, psk=passphrase, scan_freq="2412", 2987 only_add_network=True) 2988 2989 tests = ["dd040050f201", 2990 "dd050050f20101", 2991 "dd060050f2010100", 2992 "dd060050f2010001", 2993 "dd070050f201010000", 2994 "dd080050f20101000050", 2995 "dd090050f20101000050f2", 2996 "dd0a0050f20101000050f202", 2997 "dd0b0050f20101000050f20201", 2998 "dd0c0050f20101000050f2020100", 2999 "dd0c0050f20101000050f2020000", 3000 "dd0c0050f20101000050f202ffff", 3001 "dd0d0050f20101000050f202010000", 3002 "dd0e0050f20101000050f20201000050", 3003 "dd0f0050f20101000050f20201000050f2", 3004 "dd100050f20101000050f20201000050f202", 3005 "dd110050f20101000050f20201000050f20201", 3006 "dd120050f20101000050f20201000050f2020100", 3007 "dd120050f20101000050f20201000050f2020000", 3008 "dd120050f20101000050f20201000050f202ffff", 3009 "dd130050f20101000050f20201000050f202010000", 3010 "dd140050f20101000050f20201000050f20201000050", 3011 "dd150050f20101000050f20201000050f20201000050f2"] 3012 for t in tests: 3013 try: 3014 if "OK" not in dev[0].request("VENDOR_ELEM_ADD 13 " + t): 3015 raise Exception("VENDOR_ELEM_ADD failed") 3016 dev[0].select_network(id) 3017 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10) 3018 if ev is None: 3019 raise Exception("Association rejection not reported") 3020 dev[0].request("DISCONNECT") 3021 dev[0].dump_monitor() 3022 finally: 3023 dev[0].request("VENDOR_ELEM_REMOVE 13 *") 3024 3025 tests = ["dd170050f20101000050f20201000050f20201000050f202ff", 3026 "dd180050f20101000050f20201000050f20201000050f202ffff", 3027 "dd190050f20101000050f20201000050f20201000050f202ffffff"] 3028 for t in tests: 3029 try: 3030 if "OK" not in dev[0].request("VENDOR_ELEM_ADD 13 " + t): 3031 raise Exception("VENDOR_ELEM_ADD failed") 3032 dev[0].select_network(id) 3033 ev = dev[0].wait_event(['CTRL-EVENT-CONNECTED', 3034 'WPA: 4-Way Handshake failed'], timeout=10) 3035 if ev is None: 3036 raise Exception("Association failed unexpectedly") 3037 dev[0].request("DISCONNECT") 3038 dev[0].dump_monitor() 3039 finally: 3040 dev[0].request("VENDOR_ELEM_REMOVE 13 *") 3041 3042@remote_compatible 3043def test_ap_wpa2_psk_no_random(dev, apdev): 3044 """WPA2-PSK AP and no random numbers available""" 3045 ssid = "test-wpa2-psk" 3046 passphrase = 'qwertyuiop' 3047 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6' 3048 params = hostapd.wpa2_params(ssid=ssid) 3049 params['wpa_psk'] = psk 3050 hapd = hostapd.add_ap(apdev[0], params) 3051 with fail_test(hapd, 1, "wpa_gmk_to_gtk"): 3052 id = dev[0].connect(ssid, raw_psk=psk, scan_freq="2412", 3053 wait_connect=False) 3054 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=15) 3055 if ev is None: 3056 raise Exception("Disconnection event not reported") 3057 dev[0].request("DISCONNECT") 3058 dev[0].select_network(id, freq=2412) 3059 dev[0].wait_connected() 3060 3061@remote_compatible 3062def test_rsn_ie_proto_psk_sta(dev, apdev): 3063 """RSN element protocol testing for PSK cases on STA side""" 3064 bssid = apdev[0]['bssid'] 3065 ssid = "test-wpa2-psk" 3066 passphrase = 'qwertyuiop' 3067 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 3068 # This is the RSN element used normally by hostapd 3069 params['own_ie_override'] = '30140100000fac040100000fac040100000fac020c00' 3070 hapd = hostapd.add_ap(apdev[0], params) 3071 if "FAIL" not in hapd.request("SET own_ie_override qwerty"): 3072 raise Exception("Invalid own_ie_override value accepted") 3073 id = dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 3074 3075 tests = [('No RSN Capabilities field', 3076 '30120100000fac040100000fac040100000fac02'), 3077 ('Reserved RSN Capabilities bits set', 3078 '30140100000fac040100000fac040100000fac023cff'), 3079 ('Truncated RSN Capabilities field', 3080 '30130100000fac040100000fac040100000fac023c'), 3081 ('Extra pairwise cipher suite (unsupported)', 3082 '30180100000fac040200ffffffff000fac040100000fac020c00'), 3083 ('Extra AKM suite (unsupported)', 3084 '30180100000fac040100000fac040200ffffffff000fac020c00'), 3085 ('PMKIDCount field included', 3086 '30160100000fac040100000fac040100000fac020c000000'), 3087 ('Truncated PMKIDCount field', 3088 '30150100000fac040100000fac040100000fac020c0000'), 3089 ('Unexpected Group Management Cipher Suite with PMF disabled', 3090 '301a0100000fac040100000fac040100000fac020c000000000fac06'), 3091 ('Extra octet after defined fields (future extensibility)', 3092 '301b0100000fac040100000fac040100000fac020c000000000fac0600')] 3093 for txt, ie in tests: 3094 dev[0].request("DISCONNECT") 3095 dev[0].wait_disconnected() 3096 dev[0].dump_monitor() 3097 dev[0].request("NOTE " + txt) 3098 logger.info(txt) 3099 hapd.disable() 3100 hapd.set('own_ie_override', ie) 3101 hapd.enable() 3102 dev[0].request("BSS_FLUSH 0") 3103 dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True) 3104 dev[0].select_network(id, freq=2412) 3105 dev[0].wait_connected() 3106 3107@remote_compatible 3108def test_ap_cli_order(dev, apdev): 3109 """hostapd configuration parameter SET ordering""" 3110 ssid = "test-rsn-setup" 3111 passphrase = 'zzzzzzzz' 3112 3113 hapd = hostapd.add_ap(apdev[0], {}, no_enable=True) 3114 hapd.set('ssid', ssid) 3115 hapd.set('wpa_passphrase', passphrase) 3116 hapd.set('rsn_pairwise', 'CCMP') 3117 hapd.set('wpa_key_mgmt', 'WPA-PSK') 3118 hapd.set('wpa', '2') 3119 hapd.enable() 3120 cfg = hapd.get_config() 3121 if cfg['group_cipher'] != 'CCMP': 3122 raise Exception("Unexpected group_cipher: " + cfg['group_cipher']) 3123 if cfg['rsn_pairwise_cipher'] != 'CCMP': 3124 raise Exception("Unexpected rsn_pairwise_cipher: " + cfg['rsn_pairwise_cipher']) 3125 3126 ev = hapd.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=30) 3127 if ev is None: 3128 raise Exception("AP startup timed out") 3129 if "AP-ENABLED" not in ev: 3130 raise Exception("AP startup failed") 3131 3132 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 3133 3134def set_test_assoc_ie(dev, ie): 3135 if "OK" not in dev.request("TEST_ASSOC_IE " + ie): 3136 raise Exception("Could not set TEST_ASSOC_IE") 3137 3138@remote_compatible 3139def test_ap_wpa2_psk_assoc_rsn(dev, apdev): 3140 """WPA2-PSK AP and association request RSN IE differences""" 3141 ssid = "test-wpa2-psk" 3142 passphrase = 'qwertyuiop' 3143 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 3144 hapd = hostapd.add_ap(apdev[0], params) 3145 3146 tests = [("Normal wpa_supplicant assoc req RSN IE", 3147 "30140100000fac040100000fac040100000fac020000"), 3148 ("RSN IE without RSN Capabilities", 3149 "30120100000fac040100000fac040100000fac02")] 3150 for title, ie in tests: 3151 logger.info(title) 3152 set_test_assoc_ie(dev[0], ie) 3153 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 3154 dev[0].request("REMOVE_NETWORK all") 3155 dev[0].wait_disconnected() 3156 3157 tests = [("WPA IE instead of RSN IE and only RSN enabled on AP", 3158 "dd160050f20101000050f20201000050f20201000050f202", 40), 3159 ("Empty RSN IE", "3000", 40), 3160 ("RSN IE with truncated Version", "300101", 40), 3161 ("RSN IE with only Version", "30020100", 43)] 3162 for title, ie, status in tests: 3163 logger.info(title) 3164 set_test_assoc_ie(dev[0], ie) 3165 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", 3166 wait_connect=False) 3167 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"]) 3168 if ev is None: 3169 raise Exception("Association rejection not reported") 3170 if "status_code=" + str(status) not in ev: 3171 raise Exception("Unexpected status code: " + ev) 3172 dev[0].request("REMOVE_NETWORK all") 3173 dev[0].dump_monitor() 3174 3175def test_ap_wpa2_psk_ft_workaround(dev, apdev): 3176 """WPA2-PSK+FT AP and workaround for incorrect STA behavior""" 3177 ssid = "test-wpa2-psk-ft" 3178 passphrase = 'qwertyuiop' 3179 3180 params = {"wpa": "2", 3181 "wpa_key_mgmt": "FT-PSK WPA-PSK", 3182 "rsn_pairwise": "CCMP", 3183 "ssid": ssid, 3184 "wpa_passphrase": passphrase} 3185 params["mobility_domain"] = "a1b2" 3186 params["r0_key_lifetime"] = "10000" 3187 params["pmk_r1_push"] = "1" 3188 params["reassociation_deadline"] = "1000" 3189 params['nas_identifier'] = "nas1.w1.fi" 3190 params['r1_key_holder'] = "000102030405" 3191 hapd = hostapd.add_ap(apdev[0], params) 3192 3193 # Include both WPA-PSK and FT-PSK AKMs in Association Request frame 3194 set_test_assoc_ie(dev[0], 3195 "30180100000fac040100000fac040200000fac02000fac040000") 3196 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 3197 dev[0].request("REMOVE_NETWORK all") 3198 dev[0].wait_disconnected() 3199 3200def test_ap_wpa2_psk_assoc_rsn_pmkid(dev, apdev): 3201 """WPA2-PSK AP and association request RSN IE with PMKID""" 3202 ssid = "test-wpa2-psk" 3203 passphrase = 'qwertyuiop' 3204 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 3205 hapd = hostapd.add_ap(apdev[0], params) 3206 3207 set_test_assoc_ie(dev[0], "30260100000fac040100000fac040100000fac0200000100" + 16*'00') 3208 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 3209 dev[0].request("REMOVE_NETWORK all") 3210 dev[0].wait_disconnected() 3211 3212def test_ap_wpa_psk_rsn_pairwise(dev, apdev): 3213 """WPA-PSK AP and only rsn_pairwise set""" 3214 skip_without_tkip(dev[0]) 3215 params = {"ssid": "wpapsk", "wpa": "1", "wpa_key_mgmt": "WPA-PSK", 3216 "rsn_pairwise": "TKIP", "wpa_passphrase": "1234567890"} 3217 hapd = hostapd.add_ap(apdev[0], params) 3218 dev[0].connect("wpapsk", psk="1234567890", proto="WPA", pairwise="TKIP", 3219 scan_freq="2412") 3220 3221def test_ap_wpa2_eapol_retry_limit(dev, apdev): 3222 """WPA2-PSK EAPOL-Key retry limit configuration""" 3223 ssid = "test-wpa2-psk" 3224 passphrase = 'qwertyuiop' 3225 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 3226 params['wpa_ptk_rekey'] = '2' 3227 params['wpa_group_update_count'] = '1' 3228 params['wpa_pairwise_update_count'] = '1' 3229 hapd = hostapd.add_ap(apdev[0], params) 3230 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 3231 ev = dev[0].wait_event(["WPA: Key negotiation completed"]) 3232 if ev is None: 3233 raise Exception("PTK rekey timed out") 3234 3235 if "FAIL" not in hapd.request("SET wpa_group_update_count 0"): 3236 raise Exception("Invalid wpa_group_update_count value accepted") 3237 if "FAIL" not in hapd.request("SET wpa_pairwise_update_count 0"): 3238 raise Exception("Invalid wpa_pairwise_update_count value accepted") 3239 3240def test_ap_wpa2_disable_eapol_retry(dev, apdev): 3241 """WPA2-PSK disable EAPOL-Key retry""" 3242 ssid = "test-wpa2-psk" 3243 passphrase = 'qwertyuiop' 3244 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 3245 params['wpa_disable_eapol_key_retries'] = '1' 3246 hapd = hostapd.add_ap(apdev[0], params) 3247 bssid = apdev[0]['bssid'] 3248 3249 logger.info("Verify working 4-way handshake without retries") 3250 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 3251 dev[0].request("REMOVE_NETWORK all") 3252 dev[0].wait_disconnected() 3253 dev[0].dump_monitor() 3254 addr = dev[0].own_addr() 3255 3256 logger.info("Verify no retransmission of message 3/4") 3257 hapd.request("SET ext_eapol_frame_io 1") 3258 dev[0].request("SET ext_eapol_frame_io 1") 3259 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False) 3260 3261 ev = hapd.wait_event(["EAPOL-TX"], timeout=5) 3262 if ev is None: 3263 raise Exception("Timeout on EAPOL-TX (M1) from hostapd") 3264 ev = hapd.wait_event(["EAPOL-TX"], timeout=5) 3265 if ev is None: 3266 raise Exception("Timeout on EAPOL-TX (M1 retry) from hostapd") 3267 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2]) 3268 if "OK" not in res: 3269 raise Exception("EAPOL_RX (M1) to wpa_supplicant failed") 3270 ev = dev[0].wait_event(["EAPOL-TX"], timeout=5) 3271 if ev is None: 3272 raise Exception("Timeout on EAPOL-TX (M2) from wpa_supplicant") 3273 dev[0].dump_monitor() 3274 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2]) 3275 if "OK" not in res: 3276 raise Exception("EAPOL_RX (M2) to hostapd failed") 3277 3278 ev = hapd.wait_event(["EAPOL-TX"], timeout=5) 3279 if ev is None: 3280 raise Exception("Timeout on EAPOL-TX (M3) from hostapd") 3281 ev = hapd.wait_event(["EAPOL-TX"], timeout=2) 3282 if ev is not None: 3283 raise Exception("Unexpected EAPOL-TX M3 retry from hostapd") 3284 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=3) 3285 if ev is None: 3286 raise Exception("Disconnection not reported") 3287 dev[0].request("REMOVE_NETWORK all") 3288 dev[0].dump_monitor() 3289 3290def test_ap_wpa2_disable_eapol_retry_group(dev, apdev): 3291 """WPA2-PSK disable EAPOL-Key retry for group handshake""" 3292 ssid = "test-wpa2-psk" 3293 passphrase = 'qwertyuiop' 3294 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 3295 params['wpa_disable_eapol_key_retries'] = '1' 3296 params['wpa_strict_rekey'] = '1' 3297 hapd = hostapd.add_ap(apdev[0], params) 3298 bssid = apdev[0]['bssid'] 3299 3300 id = dev[1].connect(ssid, psk=passphrase, scan_freq="2412") 3301 hapd.wait_sta() 3302 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 3303 hapd.wait_sta() 3304 dev[0].dump_monitor() 3305 addr = dev[0].own_addr() 3306 3307 dev[1].request("DISCONNECT") 3308 dev[1].wait_disconnected() 3309 ev = dev[0].wait_event(["RSN: Group rekeying completed"], timeout=2) 3310 if ev is None: 3311 raise Exception("GTK rekey timed out") 3312 dev[1].request("RECONNECT") 3313 dev[1].wait_connected() 3314 hapd.wait_sta() 3315 dev[0].dump_monitor() 3316 3317 hapd.request("SET ext_eapol_frame_io 1") 3318 dev[0].request("SET ext_eapol_frame_io 1") 3319 dev[1].request("DISCONNECT") 3320 3321 ev = hapd.wait_event(["EAPOL-TX"], timeout=5) 3322 if ev is None: 3323 raise Exception("Timeout on EAPOL-TX (group M1) from hostapd") 3324 ev = hapd.wait_event(["EAPOL-TX"], timeout=2) 3325 if ev is not None: 3326 raise Exception("Unexpected EAPOL-TX group M1 retry from hostapd") 3327 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=3) 3328 if ev is None: 3329 raise Exception("Disconnection not reported") 3330 dev[0].request("REMOVE_NETWORK all") 3331 dev[0].dump_monitor() 3332 3333def test_ap_wpa2_psk_mic_0(dev, apdev): 3334 """WPA2-PSK/TKIP and MIC=0 in EAPOL-Key msg 3/4""" 3335 skip_without_tkip(dev[0]) 3336 bssid = apdev[0]['bssid'] 3337 ssid = "test-wpa2-psk" 3338 passphrase = 'qwertyuiop' 3339 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 3340 params['rsn_pairwise'] = "TKIP" 3341 hapd = hostapd.add_ap(apdev[0], params) 3342 hapd.request("SET ext_eapol_frame_io 1") 3343 dev[0].request("SET ext_eapol_frame_io 1") 3344 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False) 3345 addr = dev[0].own_addr() 3346 3347 # EAPOL-Key msg 1/4 3348 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 3349 if ev is None: 3350 raise Exception("Timeout on EAPOL-TX from hostapd") 3351 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2]) 3352 if "OK" not in res: 3353 raise Exception("EAPOL_RX to wpa_supplicant failed") 3354 3355 # EAPOL-Key msg 2/4 3356 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) 3357 if ev is None: 3358 raise Exception("Timeout on EAPOL-TX from wpa_supplicant") 3359 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2]) 3360 if "OK" not in res: 3361 raise Exception("EAPOL_RX to hostapd failed") 3362 dev[0].dump_monitor() 3363 3364 # EAPOL-Key msg 3/4 3365 ev = hapd.wait_event(["EAPOL-TX"], timeout=15) 3366 if ev is None: 3367 raise Exception("Timeout on EAPOL-TX from hostapd") 3368 msg3 = ev.split(' ')[2] 3369 res = dev[0].request("EAPOL_RX " + bssid + " " + msg3) 3370 if "OK" not in res: 3371 raise Exception("EAPOL_RX to wpa_supplicant failed") 3372 3373 # EAPOL-Key msg 4/4 3374 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) 3375 if ev is None: 3376 raise Exception("Timeout on EAPOL-TX from wpa_supplicant") 3377 # Do not send to the AP 3378 3379 # EAPOL-Key msg 3/4 with MIC=0 and modifications 3380 eapol_hdr = msg3[0:8] 3381 key_type = msg3[8:10] 3382 key_info = msg3[10:14] 3383 key_length = msg3[14:18] 3384 replay_counter = msg3[18:34] 3385 key_nonce = msg3[34:98] 3386 key_iv = msg3[98:130] 3387 key_rsc = msg3[130:146] 3388 key_id = msg3[146:162] 3389 key_mic = msg3[162:194] 3390 key_data_len = msg3[194:198] 3391 key_data = msg3[198:] 3392 3393 msg3b = eapol_hdr + key_type 3394 msg3b += "12c9" # Clear MIC bit from key_info (originally 13c9) 3395 msg3b += key_length 3396 msg3b += '0000000000000003' 3397 msg3b += key_nonce + key_iv + key_rsc + key_id 3398 msg3b += 32*'0' # Clear MIC value 3399 msg3b += key_data_len + key_data 3400 dev[0].dump_monitor() 3401 res = dev[0].request("EAPOL_RX " + bssid + " " + msg3b) 3402 if "OK" not in res: 3403 raise Exception("EAPOL_RX to wpa_supplicant failed") 3404 ev = dev[0].wait_event(["EAPOL-TX", "WPA: Ignore EAPOL-Key"], timeout=2) 3405 if ev is None: 3406 raise Exception("No event from wpa_supplicant") 3407 if "EAPOL-TX" in ev: 3408 raise Exception("Unexpected EAPOL-Key message from wpa_supplicant") 3409 dev[0].request("DISCONNECT") 3410 3411def test_ap_wpa2_psk_local_error(dev, apdev): 3412 """WPA2-PSK and local error cases on supplicant""" 3413 ssid = "test-wpa2-psk" 3414 passphrase = 'qwertyuiop' 3415 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 3416 params["wpa_key_mgmt"] = "WPA-PSK WPA-PSK-SHA256" 3417 hapd = hostapd.add_ap(apdev[0], params) 3418 3419 with fail_test(dev[0], 1, "sha1_prf;wpa_pmk_to_ptk"): 3420 id = dev[0].connect(ssid, key_mgmt="WPA-PSK", psk=passphrase, 3421 scan_freq="2412", wait_connect=False) 3422 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=5) 3423 if ev is None: 3424 raise Exception("Disconnection event not reported") 3425 dev[0].request("REMOVE_NETWORK all") 3426 dev[0].dump_monitor() 3427 3428 with fail_test(dev[0], 1, "sha256_prf_bits;wpa_pmk_to_ptk"): 3429 id = dev[0].connect(ssid, key_mgmt="WPA-PSK-SHA256", psk=passphrase, 3430 scan_freq="2412", wait_connect=False) 3431 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=5) 3432 if ev is None: 3433 raise Exception("Disconnection event not reported") 3434 dev[0].request("REMOVE_NETWORK all") 3435 dev[0].dump_monitor() 3436 3437def test_ap_wpa2_psk_inject_assoc(dev, apdev, params): 3438 """WPA2-PSK AP and Authentication and Association Request frame injection""" 3439 prefix = "ap_wpa2_psk_inject_assoc" 3440 ifname = apdev[0]["ifname"] 3441 cap = os.path.join(params['logdir'], prefix + "." + ifname + ".pcap") 3442 3443 ssid = "test" 3444 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678") 3445 params["wpa_key_mgmt"] = "WPA-PSK" 3446 hapd = hostapd.add_ap(apdev[0], params) 3447 with WlantestCapture(ifname, cap): 3448 bssid = hapd.own_addr().replace(':', '') 3449 3450 hapd.request("SET ext_mgmt_frame_handling 1") 3451 addr = "021122334455" 3452 auth = "b0003a01" + bssid + addr + bssid + '1000000001000000' 3453 res = hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=%s" % auth) 3454 if "OK" not in res: 3455 raise Exception("MGMT_RX_PROCESS failed") 3456 ev = hapd.wait_event(["MGMT-TX-STATUS"], timeout=5) 3457 if ev is None: 3458 raise Exception("No TX status seen") 3459 ev = ev.replace("ok=0", "ok=1") 3460 cmd = "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev.split(' ')[1:4])) 3461 if "OK" not in hapd.request(cmd): 3462 raise Exception("MGMT_TX_STATUS_PROCESS failed") 3463 3464 assoc = "00003a01" + bssid + addr + bssid + '2000' + '31040500' + '000474657374' + '010802040b160c121824' + '30140100000fac040100000fac040100000fac020000' 3465 res = hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=%s" % assoc) 3466 if "OK" not in res: 3467 raise Exception("MGMT_RX_PROCESS failed") 3468 ev = hapd.wait_event(["MGMT-TX-STATUS"], timeout=5) 3469 if ev is None: 3470 raise Exception("No TX status seen") 3471 ev = ev.replace("ok=0", "ok=1") 3472 cmd = "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev.split(' ')[1:4])) 3473 if "OK" not in hapd.request(cmd): 3474 raise Exception("MGMT_TX_STATUS_PROCESS failed") 3475 hapd.request("SET ext_mgmt_frame_handling 0") 3476 3477 dev[0].connect(ssid, psk="12345678", scan_freq="2412") 3478 hapd.wait_sta() 3479 hwsim_utils.test_connectivity(dev[0], hapd) 3480 time.sleep(1) 3481 hwsim_utils.test_connectivity(dev[0], hapd) 3482 time.sleep(0.5) 3483 3484 # Check for Layer 2 Update frame and unexpected frames from the station 3485 # that did not fully complete authentication. 3486 res = run_tshark(cap, "basicxid.llc.xid.format == 0x81", 3487 ["eth.src"], wait=False) 3488 real_sta_seen = False 3489 unexpected_sta_seen = False 3490 real_addr = dev[0].own_addr() 3491 for l in res.splitlines(): 3492 if l == real_addr: 3493 real_sta_seen = True 3494 else: 3495 unexpected_sta_seen = True 3496 if unexpected_sta_seen: 3497 raise Exception("Layer 2 Update frame from unexpected STA seen") 3498 if not real_sta_seen: 3499 raise Exception("Layer 2 Update frame from real STA not seen") 3500 3501 res = run_tshark(cap, "eth.src == 02:11:22:33:44:55", ["eth.src"], 3502 wait=False) 3503 if len(res) > 0: 3504 raise Exception("Unexpected frame from unauthorized STA seen") 3505 3506def test_ap_wpa2_psk_no_control_port(dev, apdev): 3507 """WPA2-PSK AP without nl80211 control port""" 3508 ssid = "test-wpa2-psk" 3509 passphrase = 'qwertyuiop' 3510 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 3511 params['driver_params'] = "control_port=0" 3512 hapd = hostapd.add_ap(apdev[0], params) 3513 3514 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5') 3515 wpas.interface_add("wlan5", drv_params="control_port=0") 3516 wpas.connect(ssid, psk=passphrase, scan_freq="2412") 3517 hapd.wait_sta() 3518 hwsim_utils.test_connectivity(wpas, hapd) 3519 if "OK" not in wpas.request("KEY_REQUEST 0 1"): 3520 raise Exception("KEY_REQUEST failed") 3521 ev = wpas.wait_event(["WPA: Key negotiation completed"]) 3522 if ev is None: 3523 raise Exception("PTK rekey timed out") 3524 hapd.wait_ptkinitdone(wpas.own_addr()) 3525 hwsim_utils.test_connectivity(wpas, hapd) 3526 wpas.request("DISCONNECT") 3527 wpas.wait_disconnected() 3528 wpas.dump_monitor() 3529 3530def test_ap_wpa2_psk_ap_control_port(dev, apdev): 3531 """WPA2-PSK AP with nl80211 control port in AP mode""" 3532 run_ap_wpa2_psk_ap_control_port(dev, apdev, ctrl_val=1) 3533 3534def test_ap_wpa2_psk_ap_control_port_disabled(dev, apdev): 3535 """WPA2-PSK AP with nl80211 control port in AP mode disabled""" 3536 run_ap_wpa2_psk_ap_control_port(dev, apdev, ctrl_val=0) 3537 3538def run_ap_wpa2_psk_ap_control_port(dev, apdev, ctrl_val): 3539 ssid = "test-wpa2-psk" 3540 passphrase = 'qwertyuiop' 3541 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 3542 params['driver_params'] = "control_port_ap=%d" % ctrl_val 3543 hapd = hostapd.add_ap(apdev[0], params) 3544 3545 flags = hapd.request("DRIVER_FLAGS").splitlines()[1:] 3546 flags2 = hapd.request("DRIVER_FLAGS2").splitlines()[1:] 3547 logger.info("AP driver flags: " + str(flags)) 3548 logger.info("AP driver flags2: " + str(flags2)) 3549 if 'CONTROL_PORT' not in flags or 'CONTROL_PORT_RX' not in flags2: 3550 raise HwsimSkip("No AP driver support for CONTROL_PORT") 3551 3552 flags = dev[0].request("DRIVER_FLAGS").splitlines()[1:] 3553 flags2 = dev[0].request("DRIVER_FLAGS2").splitlines()[1:] 3554 logger.info("STA driver flags: " + str(flags)) 3555 logger.info("STA driver flags2: " + str(flags2)) 3556 if 'CONTROL_PORT' not in flags or 'CONTROL_PORT_RX' not in flags2: 3557 raise HwsimSkip("No STA driver support for CONTROL_PORT") 3558 3559 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 3560 hapd.wait_sta() 3561 hwsim_utils.test_connectivity(dev[0], hapd) 3562 if "OK" not in dev[0].request("KEY_REQUEST 0 1"): 3563 raise Exception("KEY_REQUEST failed") 3564 ev = dev[0].wait_event(["WPA: Key negotiation completed"]) 3565 if ev is None: 3566 raise Exception("PTK rekey timed out") 3567 hapd.wait_ptkinitdone(dev[0].own_addr()) 3568 hwsim_utils.test_connectivity(dev[0], hapd) 3569 3570def test_ap_wpa2_psk_rsne_mismatch_ap(dev, apdev): 3571 """RSNE mismatch in EAPOL-Key msg 3/4""" 3572 ie = "30140100000fac040100000fac040100000fac020c80" 3573 run_ap_wpa2_psk_rsne_mismatch_ap(dev, apdev, ie) 3574 3575def test_ap_wpa2_psk_rsne_mismatch_ap2(dev, apdev): 3576 """RSNE mismatch in EAPOL-Key msg 3/4""" 3577 ie = "30150100000fac040100000fac040100000fac020c0000" 3578 run_ap_wpa2_psk_rsne_mismatch_ap(dev, apdev, ie) 3579 3580def test_ap_wpa2_psk_rsne_mismatch_ap3(dev, apdev): 3581 """RSNE mismatch in EAPOL-Key msg 3/4""" 3582 run_ap_wpa2_psk_rsne_mismatch_ap(dev, apdev, "") 3583 3584def run_ap_wpa2_psk_rsne_mismatch_ap(dev, apdev, rsne): 3585 params = hostapd.wpa2_params(ssid="psk", passphrase="12345678") 3586 params['rsne_override_eapol'] = rsne 3587 hapd = hostapd.add_ap(apdev[0], params) 3588 3589 dev[0].connect("psk", psk="12345678", scan_freq="2412", wait_connect=False) 3590 ev = dev[0].wait_event(["Associated with"], timeout=10) 3591 if ev is None: 3592 raise Exception("No indication of association seen") 3593 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED", 3594 "CTRL-EVENT-DISCONNECTED"], timeout=5) 3595 dev[0].request("REMOVE_NETWORK all") 3596 if ev is None: 3597 raise Exception("No disconnection seen") 3598 if "CTRL-EVENT-DISCONNECTED" not in ev: 3599 raise Exception("Unexpected connection") 3600 if "reason=17 locally_generated=1" not in ev: 3601 raise Exception("Unexpected disconnection reason: " + ev) 3602 3603def test_ap_wpa2_psk_rsnxe_mismatch_ap(dev, apdev): 3604 """RSNXE mismatch in EAPOL-Key msg 3/4""" 3605 params = hostapd.wpa2_params(ssid="psk", passphrase="12345678") 3606 params['rsnxe_override_eapol'] = "F40100" 3607 hapd = hostapd.add_ap(apdev[0], params) 3608 3609 dev[0].connect("psk", psk="12345678", scan_freq="2412", wait_connect=False) 3610 ev = dev[0].wait_event(["Associated with"], timeout=10) 3611 if ev is None: 3612 raise Exception("No indication of association seen") 3613 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED", 3614 "CTRL-EVENT-DISCONNECTED"], timeout=5) 3615 dev[0].request("REMOVE_NETWORK all") 3616 if ev is None: 3617 raise Exception("No disconnection seen") 3618 if "CTRL-EVENT-DISCONNECTED" not in ev: 3619 raise Exception("Unexpected connection") 3620 if "reason=17 locally_generated=1" not in ev: 3621 raise Exception("Unexpected disconnection reason: " + ev) 3622 3623def test_ap_wpa2_psk_ext_key_id_ptk_rekey_ap0(dev, apdev): 3624 """WPA2-PSK AP and PTK rekey by AP (disabled on STA)""" 3625 run_ap_wpa2_psk_ext_key_id_ptk_rekey_ap(dev, apdev, 1, 0) 3626 3627def test_ap_wpa2_psk_ext_key_id_ptk_rekey_ap1(dev, apdev): 3628 """WPA2-PSK AP and PTK rekey by AP (start with Key ID 0)""" 3629 run_ap_wpa2_psk_ext_key_id_ptk_rekey_ap(dev, apdev, 1, 1) 3630 3631def test_ap_wpa2_psk_ext_key_id_ptk_rekey_ap2(dev, apdev): 3632 """WPA2-PSK AP and PTK rekey by AP (start with Key ID 1)""" 3633 run_ap_wpa2_psk_ext_key_id_ptk_rekey_ap(dev, apdev, 2, 1) 3634 3635def run_ap_wpa2_psk_ext_key_id_ptk_rekey_ap(dev, apdev, ap_ext_key_id, 3636 sta_ext_key_id): 3637 check_ext_key_id_capa(dev[0]) 3638 ssid = "test-wpa2-psk" 3639 passphrase = 'qwertyuiop' 3640 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 3641 params['wpa_ptk_rekey'] = '2' 3642 params['extended_key_id'] = str(ap_ext_key_id) 3643 hapd = hostapd.add_ap(apdev[0], params) 3644 check_ext_key_id_capa(hapd) 3645 try: 3646 dev[0].set("extended_key_id", str(sta_ext_key_id)) 3647 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 3648 idx = int(dev[0].request("GET last_tk_key_idx")) 3649 expect_idx = 1 if ap_ext_key_id == 2 and sta_ext_key_id else 0 3650 if idx != expect_idx: 3651 raise Exception("Unexpected Key ID for the first TK: %d (expected %d)" % (idx, expect_idx)) 3652 ev = dev[0].wait_event(["WPA: Key negotiation completed"]) 3653 if ev is None: 3654 raise Exception("PTK rekey timed out") 3655 idx = int(dev[0].request("GET last_tk_key_idx")) 3656 expect_idx = 1 if ap_ext_key_id == 1 and sta_ext_key_id else 0 3657 if idx != expect_idx: 3658 raise Exception("Unexpected Key ID for the second TK: %d (expected %d)" % (idx, expect_idx)) 3659 hwsim_utils.test_connectivity(dev[0], hapd) 3660 finally: 3661 dev[0].set("extended_key_id", "0") 3662 3663def test_ap_wpa2_psk_ext_key_id_ptk_rekey_sta0(dev, apdev): 3664 """Extended Key ID and PTK rekey by station (Ext Key ID disabled on AP)""" 3665 run_ap_wpa2_psk_ext_key_id_ptk_rekey_sta(dev, apdev, 0) 3666 3667def test_ap_wpa2_psk_ext_key_id_ptk_rekey_sta1(dev, apdev): 3668 """Extended Key ID and PTK rekey by station (start with Key ID 0)""" 3669 run_ap_wpa2_psk_ext_key_id_ptk_rekey_sta(dev, apdev, 1) 3670 3671def test_ap_wpa2_psk_ext_key_id_ptk_rekey_sta2(dev, apdev): 3672 """Extended Key ID and PTK rekey by station (start with Key ID 1)""" 3673 run_ap_wpa2_psk_ext_key_id_ptk_rekey_sta(dev, apdev, 2) 3674 3675def run_ap_wpa2_psk_ext_key_id_ptk_rekey_sta(dev, apdev, ext_key_id): 3676 check_ext_key_id_capa(dev[0]) 3677 ssid = "test-wpa2-psk" 3678 passphrase = 'qwertyuiop' 3679 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 3680 params['extended_key_id'] = str(ext_key_id) 3681 hapd = hostapd.add_ap(apdev[0], params) 3682 check_ext_key_id_capa(hapd) 3683 3684 Wlantest.setup(hapd) 3685 wt = Wlantest() 3686 wt.flush() 3687 wt.add_passphrase(passphrase) 3688 3689 try: 3690 dev[0].set("extended_key_id", "1") 3691 dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", 3692 scan_freq="2412") 3693 idx = int(dev[0].request("GET last_tk_key_idx")) 3694 expect_idx = 1 if ext_key_id == 2 else 0 3695 if idx != expect_idx: 3696 raise Exception("Unexpected Key ID for the first TK: %d (expected %d)" % (idx, expect_idx)) 3697 ev = dev[0].wait_event(["WPA: Key negotiation completed", 3698 "CTRL-EVENT-DISCONNECTED"]) 3699 if ev is None: 3700 raise Exception("PTK rekey timed out") 3701 if "CTRL-EVENT-DISCONNECTED" in ev: 3702 raise Exception("Disconnect instead of rekey") 3703 idx = int(dev[0].request("GET last_tk_key_idx")) 3704 expect_idx = 1 if ext_key_id == 1 else 0 3705 if idx != expect_idx: 3706 raise Exception("Unexpected Key ID for the second TK: %d (expected %d)" % (idx, expect_idx)) 3707 hwsim_utils.test_connectivity(dev[0], hapd) 3708 finally: 3709 dev[0].set("extended_key_id", "0") 3710 3711def test_ap_wpa2_psk_4addr(dev, apdev): 3712 """WPA2-PSK and STA using 4addr mode""" 3713 br_ifname = 'sta-br0' 3714 ssid = "test-wpa2-psk" 3715 passphrase = 'qwertyuiop' 3716 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 3717 hapd = hostapd.add_ap(apdev[0], params) 3718 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", 3719 enable_4addr_mode="1") 3720 3721 # Verify that the station interface can be added into a bridge. 3722 ifname = dev[0].ifname 3723 try: 3724 subprocess.check_call(['brctl', 'addbr', br_ifname]) 3725 subprocess.check_call(['ip', 'link', 'set', 'dev', br_ifname, 'up']) 3726 subprocess.check_call(['brctl', 'addif', br_ifname, ifname]) 3727 cmd = subprocess.Popen(['brctl', 'show'], stdout=subprocess.PIPE) 3728 out, err = cmd.communicate() 3729 res = out.decode() 3730 finally: 3731 subprocess.call(['brctl', 'delif', br_ifname, ifname]) 3732 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'down']) 3733 subprocess.call(['brctl', 'delbr', br_ifname]) 3734 3735 found = False 3736 for s in res.splitlines(): 3737 vals = s.split() 3738 if br_ifname in vals and ifname in vals: 3739 found = True 3740 if not found: 3741 raise Exception("Station interface was not seen in the bridge") 3742 3743def test_rsn_eapol_m1_extra(dev, apdev): 3744 """Extra element and KDE in EAPOL-Key msg 1/4""" 3745 ssid = "test-rsn" 3746 passphrase = 'qwertyuiop' 3747 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 3748 # Add a reserved element and KDE into EAPOL-Key msg 1/4 3749 params['eapol_m1_elements'] = '02051122334455' + 'dd05000facff11' 3750 hapd = hostapd.add_ap(apdev[0], params) 3751 3752 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 3753 3754def test_rsn_eapol_m3_extra(dev, apdev): 3755 """Extra element and KDE in EAPOL-Key msg 3/4""" 3756 ssid = "test-rsn" 3757 passphrase = 'qwertyuiop' 3758 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 3759 # Add a reserved element and KDE into EAPOL-Key msg 3/4 3760 params['eapol_m3_elements'] = '02051122334455' + 'dd05000facff11' 3761 hapd = hostapd.add_ap(apdev[0], params) 3762 3763 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 3764 3765def test_rsn_eapol_m3_extra_long(dev, apdev): 3766 """Long extra KDE in EAPOL-Key msg 3/4""" 3767 ssid = "test-rsn" 3768 passphrase = 'qwertyuiop' 3769 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 3770 # Add a reserved KDEs into EAPOL-Key msg 3/4 3771 val = 'dd0507c0d19311' 3772 val += 'ddff69b847070102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafb' 3773 val += 'dd085ba59d7911223344' 3774 val += 'dd0a000face4112233445566' 3775 params['eapol_m3_elements'] = val 3776 hapd = hostapd.add_ap(apdev[0], params) 3777 3778 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 3779 3780def test_rsn_eapol_m3_no_encrypt(dev, apdev): 3781 """EAPOL-Key msg 3/4 Key Data field not encrypted""" 3782 ssid = "test-rsn" 3783 passphrase = 'qwertyuiop' 3784 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 3785 # Add a reserved element and KDE into EAPOL-Key msg 3/4 3786 params['eapol_m3_no_encrypt'] = '1' 3787 hapd = hostapd.add_ap(apdev[0], params) 3788 3789 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False) 3790 ev = dev[0].wait_event(["WPA: GTK IE in unencrypted key data"], timeout=10) 3791 if ev is None: 3792 raise Exception("Unencrypted GTK KDE not rejected") 3793 dev[0].request("DISCONNECT") 3794 dev[0].wait_disconnected() 3795 3796def test_rsn_eapol_m2_extra(dev, apdev): 3797 """Extra element and KDE in EAPOL-Key msg 2/4""" 3798 ssid = "test-rsn" 3799 passphrase = 'qwertyuiop' 3800 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 3801 hapd = hostapd.add_ap(apdev[0], params) 3802 3803 # Add a reserved element and KDE into EAPOL-Key msg 2/4 3804 elems = '02051122334455' + 'dd05000facff11' 3805 if "OK" not in dev[0].request("TEST_EAPOL_M2_ELEMS " + elems): 3806 raise Exception("Failed to add test elements") 3807 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 3808 hapd.wait_sta() 3809 3810def test_rsn_eapol_m4_extra(dev, apdev): 3811 """Extra element and KDE in EAPOL-Key msg 4/4""" 3812 ssid = "test-rsn" 3813 passphrase = 'qwertyuiop' 3814 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 3815 hapd = hostapd.add_ap(apdev[0], params) 3816 3817 # Add a reserved element and KDE into EAPOL-Key msg 4/4 3818 elems = '02051122334455' + 'dd05000facff11' 3819 if "OK" not in dev[0].request("TEST_EAPOL_M4_ELEMS " + elems): 3820 raise Exception("Failed to add test elements") 3821 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 3822 hapd.wait_sta() 3823 3824def test_rsn_eapol_m2_encrypt(dev, apdev): 3825 """Encrypted Key Data field in EAPOL-Key msg 2/4""" 3826 ssid = "test-rsn" 3827 passphrase = 'qwertyuiop' 3828 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 3829 hapd = hostapd.add_ap(apdev[0], params) 3830 3831 # Add a reserved element and KDE into EAPOL-Key msg 2/4 and request the 3832 # Key Data field to be encrypted. 3833 elems = '02051122334455' + 'dd05000facff11' 3834 if "OK" not in dev[0].request("TEST_EAPOL_M2_ELEMS " + elems): 3835 raise Exception("Failed to add test elements") 3836 dev[0].set("encrypt_eapol_m2", "1") 3837 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 3838 hapd.wait_sta() 3839 3840def test_rsn_eapol_m4_encrypt(dev, apdev): 3841 """Encrypted Key Data field in EAPOL-Key msg 4/4""" 3842 ssid = "test-rsn" 3843 passphrase = 'qwertyuiop' 3844 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 3845 hapd = hostapd.add_ap(apdev[0], params) 3846 3847 # Add a reserved element and KDE into EAPOL-Key msg 4/4 and request the 3848 # Key Data field to be encrypted. 3849 elems = '02051122334455' + 'dd05000facff11' 3850 if "OK" not in dev[0].request("TEST_EAPOL_M4_ELEMS " + elems): 3851 raise Exception("Failed to add test elements") 3852 dev[0].set("encrypt_eapol_m4", "1") 3853 dev[0].connect(ssid, psk=passphrase, scan_freq="2412") 3854 hapd.wait_sta() 3855 3856def test_ap_wpa2_psk_tkip_only_as_group(dev, apdev): 3857 """WPA2-PSK AP and TKIP as a group cipher, but not pairwise""" 3858 skip_without_tkip(dev[0]) 3859 params = {"ssid": "wpapsk", "wpa": "2", "wpa_key_mgmt": "WPA-PSK", 3860 "rsn_pairwise": "CCMP", "group_cipher": "TKIP", 3861 "wpa_passphrase": "1234567890"} 3862 hapd = hostapd.add_ap(apdev[0], params) 3863 dev[0].connect("wpapsk", psk="1234567890", scan_freq="2412") 3864 hapd.wait_sta() 3865 hwsim_utils.test_connectivity(dev[0], hapd) 3866