2 # Copyright (c) 2014, Qualcomm Atheros, Inc.
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
8 from Crypto.Cipher import AES
12 logger = logging.getLogger()
20 from utils import HwsimSkip
22 from wpasupplicant import WpaSupplicant
24 def check_mib(dev, vals):
28 raise Exception("Unexpected {} = {} (expected {})".format(v[0], mib[v[0]], v[1]))
30 def test_ap_wpa2_psk(dev, apdev):
31 """WPA2-PSK AP with PSK instead of passphrase"""
32 ssid = "test-wpa2-psk"
33 passphrase = 'qwertyuiop'
34 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
35 params = hostapd.wpa2_params(ssid=ssid)
36 params['wpa_psk'] = psk
37 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
38 key_mgmt = hapd.get_config()['key_mgmt']
39 if key_mgmt.split(' ')[0] != "WPA-PSK":
40 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
41 dev[0].connect(ssid, raw_psk=psk, scan_freq="2412")
42 dev[1].connect(ssid, psk=passphrase, scan_freq="2412")
44 sig = dev[0].request("SIGNAL_POLL").splitlines()
45 pkt = dev[0].request("PKTCNT_POLL").splitlines()
46 if "FREQUENCY=2412" not in sig:
47 raise Exception("Unexpected SIGNAL_POLL value: " + str(sig))
48 if "TXBAD=0" not in pkt:
49 raise Exception("Unexpected TXBAD value: " + str(pkt))
51 def test_ap_wpa2_psk_file(dev, apdev):
52 """WPA2-PSK AP with PSK from a file"""
53 ssid = "test-wpa2-psk"
54 passphrase = 'qwertyuiop'
55 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
56 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
57 params['wpa_psk_file'] = 'hostapd.wpa_psk'
58 hostapd.add_ap(apdev[0]['ifname'], params)
59 dev[1].connect(ssid, psk="very secret", scan_freq="2412", wait_connect=False)
60 dev[2].connect(ssid, raw_psk=psk, scan_freq="2412")
61 dev[2].request("REMOVE_NETWORK all")
62 dev[0].connect(ssid, psk="very secret", scan_freq="2412")
63 dev[0].request("REMOVE_NETWORK all")
64 dev[2].connect(ssid, psk="another passphrase for all STAs", scan_freq="2412")
65 dev[0].connect(ssid, psk="another passphrase for all STAs", scan_freq="2412")
66 ev = dev[1].wait_event(["WPA: 4-Way Handshake failed"], timeout=10)
68 raise Exception("Timed out while waiting for failure report")
69 dev[1].request("REMOVE_NETWORK all")
71 def test_ap_wpa2_ptk_rekey(dev, apdev):
72 """WPA2-PSK AP and PTK rekey enforced by station"""
73 ssid = "test-wpa2-psk"
74 passphrase = 'qwertyuiop'
75 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
76 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
77 dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412")
78 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
80 raise Exception("PTK rekey timed out")
81 hwsim_utils.test_connectivity(dev[0], hapd)
83 def test_ap_wpa2_ptk_rekey_ap(dev, apdev):
84 """WPA2-PSK AP and PTK rekey enforced by AP"""
85 ssid = "test-wpa2-psk"
86 passphrase = 'qwertyuiop'
87 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
88 params['wpa_ptk_rekey'] = '2'
89 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
90 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
91 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
93 raise Exception("PTK rekey timed out")
94 hwsim_utils.test_connectivity(dev[0], hapd)
96 def test_ap_wpa2_sha256_ptk_rekey(dev, apdev):
97 """WPA2-PSK/SHA256 AKM AP and PTK rekey enforced by station"""
98 ssid = "test-wpa2-psk"
99 passphrase = 'qwertyuiop'
100 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
101 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
102 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
103 dev[0].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK-SHA256",
104 wpa_ptk_rekey="1", scan_freq="2412")
105 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
107 raise Exception("PTK rekey timed out")
108 hwsim_utils.test_connectivity(dev[0], hapd)
109 check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-6"),
110 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-6") ])
112 def test_ap_wpa2_sha256_ptk_rekey_ap(dev, apdev):
113 """WPA2-PSK/SHA256 AKM AP and PTK rekey enforced by AP"""
114 ssid = "test-wpa2-psk"
115 passphrase = 'qwertyuiop'
116 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
117 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
118 params['wpa_ptk_rekey'] = '2'
119 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
120 dev[0].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK-SHA256",
122 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
124 raise Exception("PTK rekey timed out")
125 hwsim_utils.test_connectivity(dev[0], hapd)
126 check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-6"),
127 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-6") ])
129 def test_ap_wpa_ptk_rekey(dev, apdev):
130 """WPA-PSK/TKIP AP and PTK rekey enforced by station"""
131 ssid = "test-wpa-psk"
132 passphrase = 'qwertyuiop'
133 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
134 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
135 dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412")
136 if "[WPA-PSK-TKIP]" not in dev[0].request("SCAN_RESULTS"):
137 raise Exception("Scan results missing WPA element info")
138 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
140 raise Exception("PTK rekey timed out")
141 hwsim_utils.test_connectivity(dev[0], hapd)
143 def test_ap_wpa_ptk_rekey_ap(dev, apdev):
144 """WPA-PSK/TKIP AP and PTK rekey enforced by AP"""
145 ssid = "test-wpa-psk"
146 passphrase = 'qwertyuiop'
147 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
148 params['wpa_ptk_rekey'] = '2'
149 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
150 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
151 ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=10)
153 raise Exception("PTK rekey timed out")
154 hwsim_utils.test_connectivity(dev[0], hapd)
156 def test_ap_wpa_ccmp(dev, apdev):
158 ssid = "test-wpa-psk"
159 passphrase = 'qwertyuiop'
160 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
161 params['wpa_pairwise'] = "CCMP"
162 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
163 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
164 hwsim_utils.test_connectivity(dev[0], hapd)
165 check_mib(dev[0], [ ("dot11RSNAConfigGroupCipherSize", "128"),
166 ("dot11RSNAGroupCipherRequested", "00-50-f2-4"),
167 ("dot11RSNAPairwiseCipherRequested", "00-50-f2-4"),
168 ("dot11RSNAAuthenticationSuiteRequested", "00-50-f2-2"),
169 ("dot11RSNAGroupCipherSelected", "00-50-f2-4"),
170 ("dot11RSNAPairwiseCipherSelected", "00-50-f2-4"),
171 ("dot11RSNAAuthenticationSuiteSelected", "00-50-f2-2"),
172 ("dot1xSuppSuppControlledPortStatus", "Authorized") ])
174 def test_ap_wpa2_psk_file(dev, apdev):
175 """WPA2-PSK AP with various PSK file error and success cases"""
176 addr0 = dev[0].own_addr()
177 addr1 = dev[1].own_addr()
178 addr2 = dev[2].own_addr()
180 pskfile = "/tmp/ap_wpa2_psk_file_errors.psk_file"
186 params = { "ssid": ssid, "wpa": "2", "wpa_key_mgmt": "WPA-PSK",
187 "rsn_pairwise": "CCMP", "wpa_psk_file": pskfile }
191 hapd = hostapd.add_ap(apdev[0]['ifname'], params, no_enable=True)
192 if "FAIL" not in hapd.request("ENABLE"):
193 raise Exception("Unexpected ENABLE success")
194 hapd.request("DISABLE")
196 # invalid MAC address
197 with open(pskfile, "w") as f:
200 if "FAIL" not in hapd.request("ENABLE"):
201 raise Exception("Unexpected ENABLE success")
202 hapd.request("DISABLE")
205 with open(pskfile, "w") as f:
206 f.write("00:11:22:33:44:55\n")
207 if "FAIL" not in hapd.request("ENABLE"):
208 raise Exception("Unexpected ENABLE success")
209 hapd.request("DISABLE")
212 with open(pskfile, "w") as f:
213 f.write("00:11:22:33:44:55 1234567\n")
214 if "FAIL" not in hapd.request("ENABLE"):
215 raise Exception("Unexpected ENABLE success")
216 hapd.request("DISABLE")
219 with open(pskfile, "w") as f:
220 f.write("00:11:22:33:44:55 12345678\n")
221 f.write(addr0 + " 123456789\n")
222 f.write(addr1 + " 123456789a\n")
223 f.write(addr2 + " 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\n")
224 if "FAIL" in hapd.request("ENABLE"):
225 raise Exception("Unexpected ENABLE failure")
227 dev[0].connect(ssid, psk="123456789", scan_freq="2412")
228 dev[1].connect(ssid, psk="123456789a", scan_freq="2412")
229 dev[2].connect(ssid, raw_psk="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef", scan_freq="2412")
237 def test_ap_wpa2_psk_wildcard_ssid(dev, apdev):
238 """WPA2-PSK AP and wildcard SSID configuration"""
239 ssid = "test-wpa2-psk"
240 passphrase = 'qwertyuiop'
241 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
242 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
243 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
244 dev[0].connect("", bssid=apdev[0]['bssid'], psk=passphrase,
246 dev[1].connect("", bssid=apdev[0]['bssid'], raw_psk=psk, scan_freq="2412")
248 def test_ap_wpa2_gtk_rekey(dev, apdev):
249 """WPA2-PSK AP and GTK rekey enforced by AP"""
250 ssid = "test-wpa2-psk"
251 passphrase = 'qwertyuiop'
252 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
253 params['wpa_group_rekey'] = '1'
254 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
255 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
256 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
258 raise Exception("GTK rekey timed out")
259 hwsim_utils.test_connectivity(dev[0], hapd)
261 def test_ap_wpa_gtk_rekey(dev, apdev):
262 """WPA-PSK/TKIP AP and GTK rekey enforced by AP"""
263 ssid = "test-wpa-psk"
264 passphrase = 'qwertyuiop'
265 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
266 params['wpa_group_rekey'] = '1'
267 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
268 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
269 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
271 raise Exception("GTK rekey timed out")
272 hwsim_utils.test_connectivity(dev[0], hapd)
274 def test_ap_wpa2_gmk_rekey(dev, apdev):
275 """WPA2-PSK AP and GMK and GTK rekey enforced by AP"""
276 ssid = "test-wpa2-psk"
277 passphrase = 'qwertyuiop'
278 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
279 params['wpa_group_rekey'] = '1'
280 params['wpa_gmk_rekey'] = '2'
281 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
282 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
283 for i in range(0, 3):
284 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
286 raise Exception("GTK rekey timed out")
287 hwsim_utils.test_connectivity(dev[0], hapd)
289 def test_ap_wpa2_strict_rekey(dev, apdev):
290 """WPA2-PSK AP and strict GTK rekey enforced by AP"""
291 ssid = "test-wpa2-psk"
292 passphrase = 'qwertyuiop'
293 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
294 params['wpa_strict_rekey'] = '1'
295 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
296 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
297 dev[1].connect(ssid, psk=passphrase, scan_freq="2412")
298 dev[1].request("DISCONNECT")
299 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
301 raise Exception("GTK rekey timed out")
302 hwsim_utils.test_connectivity(dev[0], hapd)
304 def test_ap_wpa2_bridge_fdb(dev, apdev):
305 """Bridge FDB entry removal"""
307 ssid = "test-wpa2-psk"
308 passphrase = "12345678"
309 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
310 params['bridge'] = 'ap-br0'
311 hostapd.add_ap(apdev[0]['ifname'], params)
312 subprocess.call(['brctl', 'setfd', 'ap-br0', '0'])
313 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
314 dev[0].connect(ssid, psk=passphrase, scan_freq="2412",
315 bssid=apdev[0]['bssid'])
316 dev[1].connect(ssid, psk=passphrase, scan_freq="2412",
317 bssid=apdev[0]['bssid'])
318 addr0 = dev[0].p2p_interface_addr()
319 hwsim_utils.test_connectivity_sta(dev[0], dev[1])
320 cmd = subprocess.Popen(['brctl', 'showmacs', 'ap-br0'],
321 stdout=subprocess.PIPE)
322 macs1 = cmd.stdout.read()
323 dev[0].request("DISCONNECT")
324 dev[1].request("DISCONNECT")
326 cmd = subprocess.Popen(['brctl', 'showmacs', 'ap-br0'],
327 stdout=subprocess.PIPE)
328 macs2 = cmd.stdout.read()
330 addr1 = dev[1].p2p_interface_addr()
331 if addr0 not in macs1 or addr1 not in macs1:
332 raise Exception("Bridge FDB entry missing")
333 if addr0 in macs2 or addr1 in macs2:
334 raise Exception("Bridge FDB entry was not removed")
336 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'])
337 subprocess.call(['brctl', 'delbr', 'ap-br0'])
339 def test_ap_wpa2_already_in_bridge(dev, apdev):
340 """hostapd behavior with interface already in bridge"""
341 ifname = apdev[0]['ifname']
342 br_ifname = 'ext-ap-br0'
344 ssid = "test-wpa2-psk"
345 passphrase = "12345678"
346 subprocess.call(['brctl', 'addbr', br_ifname])
347 subprocess.call(['brctl', 'setfd', br_ifname, '0'])
348 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'up'])
349 subprocess.call(['iw', ifname, 'set', 'type', '__ap'])
350 subprocess.call(['brctl', 'addif', br_ifname, ifname])
351 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
352 hapd = hostapd.add_ap(ifname, params)
353 if hapd.get_driver_status_field('brname') != br_ifname:
354 raise Exception("Bridge name not identified correctly")
355 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
357 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'down'])
358 subprocess.call(['brctl', 'delif', br_ifname, ifname])
359 subprocess.call(['iw', ifname, 'set', 'type', 'station'])
360 subprocess.call(['brctl', 'delbr', br_ifname])
362 def test_ap_wpa2_in_different_bridge(dev, apdev):
363 """hostapd behavior with interface in different bridge"""
364 ifname = apdev[0]['ifname']
365 br_ifname = 'ext-ap-br0'
367 ssid = "test-wpa2-psk"
368 passphrase = "12345678"
369 subprocess.call(['brctl', 'addbr', br_ifname])
370 subprocess.call(['brctl', 'setfd', br_ifname, '0'])
371 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'up'])
372 subprocess.call(['iw', ifname, 'set', 'type', '__ap'])
373 subprocess.call(['brctl', 'addif', br_ifname, ifname])
375 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
376 params['bridge'] = 'ap-br0'
377 hapd = hostapd.add_ap(ifname, params)
378 subprocess.call(['brctl', 'setfd', 'ap-br0', '0'])
379 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
380 brname = hapd.get_driver_status_field('brname')
381 if brname != 'ap-br0':
382 raise Exception("Incorrect bridge: " + brname)
383 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
384 hwsim_utils.test_connectivity_iface(dev[0], hapd, "ap-br0")
385 if hapd.get_driver_status_field("added_bridge") != "1":
386 raise Exception("Unexpected added_bridge value")
387 if hapd.get_driver_status_field("added_if_into_bridge") != "1":
388 raise Exception("Unexpected added_if_into_bridge value")
389 dev[0].request("DISCONNECT")
392 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'down'])
393 subprocess.call(['brctl', 'delif', br_ifname, ifname],
394 stderr=open('/dev/null', 'w'))
395 subprocess.call(['brctl', 'delbr', br_ifname])
397 def test_ap_wpa2_ext_add_to_bridge(dev, apdev):
398 """hostapd behavior with interface added to bridge externally"""
399 ifname = apdev[0]['ifname']
400 br_ifname = 'ext-ap-br0'
402 ssid = "test-wpa2-psk"
403 passphrase = "12345678"
404 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
405 hapd = hostapd.add_ap(ifname, params)
407 subprocess.call(['brctl', 'addbr', br_ifname])
408 subprocess.call(['brctl', 'setfd', br_ifname, '0'])
409 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'up'])
410 subprocess.call(['brctl', 'addif', br_ifname, ifname])
411 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
412 if hapd.get_driver_status_field('brname') != br_ifname:
413 raise Exception("Bridge name not identified correctly")
415 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'down'])
416 subprocess.call(['brctl', 'delif', br_ifname, ifname])
417 subprocess.call(['brctl', 'delbr', br_ifname])
419 def test_ap_wpa2_psk_ext(dev, apdev):
420 """WPA2-PSK AP using external EAPOL I/O"""
421 bssid = apdev[0]['bssid']
422 ssid = "test-wpa2-psk"
423 passphrase = 'qwertyuiop'
424 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
425 params = hostapd.wpa2_params(ssid=ssid)
426 params['wpa_psk'] = psk
427 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
428 hapd.request("SET ext_eapol_frame_io 1")
429 dev[0].request("SET ext_eapol_frame_io 1")
430 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
431 addr = dev[0].p2p_interface_addr()
433 ev = hapd.wait_event(["EAPOL-TX", "AP-STA-CONNECTED"], timeout=15)
435 raise Exception("Timeout on EAPOL-TX from hostapd")
436 if "AP-STA-CONNECTED" in ev:
437 dev[0].wait_connected(timeout=15)
439 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
441 raise Exception("EAPOL_RX to wpa_supplicant failed")
442 ev = dev[0].wait_event(["EAPOL-TX", "CTRL-EVENT-CONNECTED"], timeout=15)
444 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
445 if "CTRL-EVENT-CONNECTED" in ev:
447 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
449 raise Exception("EAPOL_RX to hostapd failed")
451 def parse_eapol(data):
452 (version, type, length) = struct.unpack('>BBH', data[0:4])
454 if length > len(payload):
455 raise Exception("Invalid EAPOL length")
456 if length < len(payload):
457 payload = payload[0:length]
459 eapol['version'] = version
461 eapol['length'] = length
462 eapol['payload'] = payload
465 (eapol['descr_type'],) = struct.unpack('B', payload[0:1])
466 payload = payload[1:]
467 if eapol['descr_type'] == 2 or eapol['descr_type'] == 254:
469 (key_info, key_len) = struct.unpack('>HH', payload[0:4])
470 eapol['rsn_key_info'] = key_info
471 eapol['rsn_key_len'] = key_len
472 eapol['rsn_replay_counter'] = payload[4:12]
473 eapol['rsn_key_nonce'] = payload[12:44]
474 eapol['rsn_key_iv'] = payload[44:60]
475 eapol['rsn_key_rsc'] = payload[60:68]
476 eapol['rsn_key_id'] = payload[68:76]
477 eapol['rsn_key_mic'] = payload[76:92]
478 payload = payload[92:]
479 (eapol['rsn_key_data_len'],) = struct.unpack('>H', payload[0:2])
480 payload = payload[2:]
481 eapol['rsn_key_data'] = payload
484 def build_eapol(msg):
485 data = struct.pack(">BBH", msg['version'], msg['type'], msg['length'])
487 data += struct.pack('>BHH', msg['descr_type'], msg['rsn_key_info'],
489 data += msg['rsn_replay_counter']
490 data += msg['rsn_key_nonce']
491 data += msg['rsn_key_iv']
492 data += msg['rsn_key_rsc']
493 data += msg['rsn_key_id']
494 data += msg['rsn_key_mic']
495 data += struct.pack('>H', msg['rsn_key_data_len'])
496 data += msg['rsn_key_data']
498 data += msg['payload']
501 def sha1_prf(key, label, data, outlen):
505 m = hmac.new(key, label, hashlib.sha1)
506 m.update(struct.pack('B', 0))
508 m.update(struct.pack('B', counter))
511 if outlen > len(hash):
515 res += hash[0:outlen]
519 def pmk_to_ptk(pmk, addr1, addr2, nonce1, nonce2):
521 data = binascii.unhexlify(addr1.replace(':','')) + binascii.unhexlify(addr2.replace(':',''))
523 data = binascii.unhexlify(addr2.replace(':','')) + binascii.unhexlify(addr1.replace(':',''))
525 data += nonce1 + nonce2
527 data += nonce2 + nonce1
528 label = "Pairwise key expansion"
529 ptk = sha1_prf(pmk, label, data, 48)
532 return (ptk, kck, kek)
534 def eapol_key_mic(kck, msg):
535 msg['rsn_key_mic'] = binascii.unhexlify('00000000000000000000000000000000')
536 data = build_eapol(msg)
537 m = hmac.new(kck, data, hashlib.sha1)
538 msg['rsn_key_mic'] = m.digest()[0:16]
540 def rsn_eapol_key_set(msg, key_info, key_len, nonce, data):
541 msg['rsn_key_info'] = key_info
542 msg['rsn_key_len'] = key_len
544 msg['rsn_key_nonce'] = nonce
546 msg['rsn_key_nonce'] = binascii.unhexlify('0000000000000000000000000000000000000000000000000000000000000000')
548 msg['rsn_key_data_len'] = len(data)
549 msg['rsn_key_data'] = data
550 msg['length'] = 95 + len(data)
552 msg['rsn_key_data_len'] = 0
553 msg['rsn_key_data'] = ''
556 def recv_eapol(hapd):
557 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
559 raise Exception("Timeout on EAPOL-TX from hostapd")
560 eapol = binascii.unhexlify(ev.split(' ')[2])
561 return parse_eapol(eapol)
563 def send_eapol(hapd, addr, data):
564 res = hapd.request("EAPOL_RX " + addr + " " + binascii.hexlify(data))
566 raise Exception("EAPOL_RX to hostapd failed")
568 def reply_eapol(info, hapd, addr, msg, key_info, nonce, data, kck):
569 logger.info("Send EAPOL-Key msg " + info)
570 rsn_eapol_key_set(msg, key_info, 0, nonce, data)
571 eapol_key_mic(kck, msg)
572 send_eapol(hapd, addr, build_eapol(msg))
574 def hapd_connected(hapd):
575 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
577 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
579 def eapol_test(apdev, dev, wpa2=True):
580 bssid = apdev['bssid']
582 ssid = "test-wpa2-psk"
584 ssid = "test-wpa-psk"
585 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
586 pmk = binascii.unhexlify(psk)
588 params = hostapd.wpa2_params(ssid=ssid)
590 params = hostapd.wpa_params(ssid=ssid)
591 params['wpa_psk'] = psk
592 hapd = hostapd.add_ap(apdev['ifname'], params)
593 hapd.request("SET ext_eapol_frame_io 1")
594 dev.request("SET ext_eapol_frame_io 1")
595 dev.connect(ssid, raw_psk=psk, scan_freq="2412", wait_connect=False)
596 addr = dev.p2p_interface_addr()
598 rsne = binascii.unhexlify('30140100000fac040100000fac040100000fac020000')
600 rsne = binascii.unhexlify('dd160050f20101000050f20201000050f20201000050f202')
601 snonce = binascii.unhexlify('1111111111111111111111111111111111111111111111111111111111111111')
602 return (bssid,ssid,hapd,snonce,pmk,addr,rsne)
604 def test_ap_wpa2_psk_ext_eapol(dev, apdev):
605 """WPA2-PSK AP using external EAPOL supplicant"""
606 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
608 msg = recv_eapol(hapd)
609 anonce = msg['rsn_key_nonce']
610 logger.info("Replay same data back")
611 send_eapol(hapd, addr, build_eapol(msg))
613 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
615 logger.info("Truncated Key Data in EAPOL-Key msg 2/4")
616 rsn_eapol_key_set(msg, 0x0101, 0, snonce, rsne)
617 msg['length'] = 95 + 22 - 1
618 send_eapol(hapd, addr, build_eapol(msg))
620 reply_eapol("2/4", hapd, addr, msg, 0x010a, snonce, rsne, kck)
622 msg = recv_eapol(hapd)
623 if anonce != msg['rsn_key_nonce']:
624 raise Exception("ANonce changed")
625 logger.info("Replay same data back")
626 send_eapol(hapd, addr, build_eapol(msg))
628 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
631 def test_ap_wpa2_psk_ext_eapol_retry1(dev, apdev):
632 """WPA2 4-way handshake with EAPOL-Key 1/4 retransmitted"""
633 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
635 msg1 = recv_eapol(hapd)
636 anonce = msg1['rsn_key_nonce']
638 msg2 = recv_eapol(hapd)
639 if anonce != msg2['rsn_key_nonce']:
640 raise Exception("ANonce changed")
642 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
644 logger.info("Send EAPOL-Key msg 2/4")
646 rsn_eapol_key_set(msg, 0x010a, 0, snonce, rsne)
647 eapol_key_mic(kck, msg)
648 send_eapol(hapd, addr, build_eapol(msg))
650 msg = recv_eapol(hapd)
651 if anonce != msg['rsn_key_nonce']:
652 raise Exception("ANonce changed")
654 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
657 def test_ap_wpa2_psk_ext_eapol_retry1b(dev, apdev):
658 """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted"""
659 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
661 msg1 = recv_eapol(hapd)
662 anonce = msg1['rsn_key_nonce']
663 msg2 = recv_eapol(hapd)
664 if anonce != msg2['rsn_key_nonce']:
665 raise Exception("ANonce changed")
667 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
668 reply_eapol("2/4 (a)", hapd, addr, msg1, 0x010a, snonce, rsne, kck)
669 reply_eapol("2/4 (b)", hapd, addr, msg2, 0x010a, snonce, rsne, kck)
671 msg = recv_eapol(hapd)
672 if anonce != msg['rsn_key_nonce']:
673 raise Exception("ANonce changed")
675 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
678 def test_ap_wpa2_psk_ext_eapol_retry1c(dev, apdev):
679 """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted and SNonce changing"""
680 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
682 msg1 = recv_eapol(hapd)
683 anonce = msg1['rsn_key_nonce']
685 msg2 = recv_eapol(hapd)
686 if anonce != msg2['rsn_key_nonce']:
687 raise Exception("ANonce changed")
688 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
689 reply_eapol("2/4 (a)", hapd, addr, msg1, 0x010a, snonce, rsne, kck)
691 snonce2 = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
692 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce2, anonce)
693 reply_eapol("2/4 (b)", hapd, addr, msg2, 0x010a, snonce2, rsne, kck)
695 msg = recv_eapol(hapd)
696 if anonce != msg['rsn_key_nonce']:
697 raise Exception("ANonce changed")
698 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
701 def test_ap_wpa2_psk_ext_eapol_retry1d(dev, apdev):
702 """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted and SNonce changing and older used"""
703 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
705 msg1 = recv_eapol(hapd)
706 anonce = msg1['rsn_key_nonce']
707 msg2 = recv_eapol(hapd)
708 if anonce != msg2['rsn_key_nonce']:
709 raise Exception("ANonce changed")
711 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
712 reply_eapol("2/4 (a)", hapd, addr, msg1, 0x010a, snonce, rsne, kck)
714 snonce2 = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
715 (ptk2, kck2, kek2) = pmk_to_ptk(pmk, addr, bssid, snonce2, anonce)
717 reply_eapol("2/4 (b)", hapd, addr, msg2, 0x010a, snonce2, rsne, kck2)
718 msg = recv_eapol(hapd)
719 if anonce != msg['rsn_key_nonce']:
720 raise Exception("ANonce changed")
721 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
724 def test_ap_wpa2_psk_ext_eapol_type_diff(dev, apdev):
725 """WPA2 4-way handshake using external EAPOL supplicant"""
726 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
728 msg = recv_eapol(hapd)
729 anonce = msg['rsn_key_nonce']
731 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
733 # Incorrect descriptor type (frame dropped)
734 msg['descr_type'] = 253
735 rsn_eapol_key_set(msg, 0x010a, 0, snonce, rsne)
736 eapol_key_mic(kck, msg)
737 send_eapol(hapd, addr, build_eapol(msg))
739 # Incorrect descriptor type, but with a workaround (frame processed)
740 msg['descr_type'] = 254
741 rsn_eapol_key_set(msg, 0x010a, 0, snonce, rsne)
742 eapol_key_mic(kck, msg)
743 send_eapol(hapd, addr, build_eapol(msg))
745 msg = recv_eapol(hapd)
746 if anonce != msg['rsn_key_nonce']:
747 raise Exception("ANonce changed")
748 logger.info("Replay same data back")
749 send_eapol(hapd, addr, build_eapol(msg))
751 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
754 def test_ap_wpa_psk_ext_eapol(dev, apdev):
755 """WPA2-PSK AP using external EAPOL supplicant"""
756 (bssid,ssid,hapd,snonce,pmk,addr,wpae) = eapol_test(apdev[0], dev[0],
759 msg = recv_eapol(hapd)
760 anonce = msg['rsn_key_nonce']
761 logger.info("Replay same data back")
762 send_eapol(hapd, addr, build_eapol(msg))
763 logger.info("Too short data")
764 send_eapol(hapd, addr, build_eapol(msg)[0:98])
766 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
767 msg['descr_type'] = 2
768 reply_eapol("2/4(invalid type)", hapd, addr, msg, 0x010a, snonce, wpae, kck)
769 msg['descr_type'] = 254
770 reply_eapol("2/4", hapd, addr, msg, 0x010a, snonce, wpae, kck)
772 msg = recv_eapol(hapd)
773 if anonce != msg['rsn_key_nonce']:
774 raise Exception("ANonce changed")
775 logger.info("Replay same data back")
776 send_eapol(hapd, addr, build_eapol(msg))
778 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
781 def test_ap_wpa2_psk_ext_eapol_key_info(dev, apdev):
782 """WPA2-PSK 4-way handshake with strange key info values"""
783 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
785 msg = recv_eapol(hapd)
786 anonce = msg['rsn_key_nonce']
788 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
789 rsn_eapol_key_set(msg, 0x0000, 0, snonce, rsne)
790 send_eapol(hapd, addr, build_eapol(msg))
791 rsn_eapol_key_set(msg, 0xffff, 0, snonce, rsne)
792 send_eapol(hapd, addr, build_eapol(msg))
794 rsn_eapol_key_set(msg, 0x2802, 0, snonce, rsne)
795 send_eapol(hapd, addr, build_eapol(msg))
797 rsn_eapol_key_set(msg, 0x2002, 0, snonce, rsne)
798 send_eapol(hapd, addr, build_eapol(msg))
800 rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne)
801 send_eapol(hapd, addr, build_eapol(msg))
803 rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne)
804 tmp_kck = binascii.unhexlify('00000000000000000000000000000000')
805 eapol_key_mic(tmp_kck, msg)
806 send_eapol(hapd, addr, build_eapol(msg))
808 reply_eapol("2/4", hapd, addr, msg, 0x010a, snonce, rsne, kck)
810 msg = recv_eapol(hapd)
811 if anonce != msg['rsn_key_nonce']:
812 raise Exception("ANonce changed")
814 # Request (valic MIC)
815 rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne)
816 eapol_key_mic(kck, msg)
817 send_eapol(hapd, addr, build_eapol(msg))
818 # Request (valid MIC, replayed counter)
819 rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne)
820 eapol_key_mic(kck, msg)
821 send_eapol(hapd, addr, build_eapol(msg))
823 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
826 def build_eapol_key_1_4(anonce, replay_counter=1, key_data='', key_len=16):
830 msg['length'] = 95 + len(key_data)
832 msg['descr_type'] = 2
833 msg['rsn_key_info'] = 0x8a
834 msg['rsn_key_len'] = key_len
835 msg['rsn_replay_counter'] = struct.pack('>Q', replay_counter)
836 msg['rsn_key_nonce'] = anonce
837 msg['rsn_key_iv'] = binascii.unhexlify('00000000000000000000000000000000')
838 msg['rsn_key_rsc'] = binascii.unhexlify('0000000000000000')
839 msg['rsn_key_id'] = binascii.unhexlify('0000000000000000')
840 msg['rsn_key_mic'] = binascii.unhexlify('00000000000000000000000000000000')
841 msg['rsn_key_data_len'] = len(key_data)
842 msg['rsn_key_data'] = key_data
845 def build_eapol_key_3_4(anonce, kck, key_data, replay_counter=2,
846 key_info=0x13ca, extra_len=0, descr_type=2, key_len=16):
850 msg['length'] = 95 + len(key_data) + extra_len
852 msg['descr_type'] = descr_type
853 msg['rsn_key_info'] = key_info
854 msg['rsn_key_len'] = key_len
855 msg['rsn_replay_counter'] = struct.pack('>Q', replay_counter)
856 msg['rsn_key_nonce'] = anonce
857 msg['rsn_key_iv'] = binascii.unhexlify('00000000000000000000000000000000')
858 msg['rsn_key_rsc'] = binascii.unhexlify('0000000000000000')
859 msg['rsn_key_id'] = binascii.unhexlify('0000000000000000')
860 msg['rsn_key_data_len'] = len(key_data)
861 msg['rsn_key_data'] = key_data
862 eapol_key_mic(kck, msg)
865 def aes_wrap(kek, plain):
867 a = 0xa6a6a6a6a6a6a6a6
868 enc = AES.new(kek).encrypt
869 r = [plain[i * 8:(i + 1) * 8] for i in range(0, n)]
871 for i in range(1, n + 1):
872 b = enc(struct.pack('>Q', a) + r[i - 1])
873 a = struct.unpack('>Q', b[:8])[0] ^ (n * j + i)
875 return struct.pack('>Q', a) + ''.join(r)
877 def pad_key_data(plain):
878 pad_len = len(plain) % 8
880 pad_len = 8 - pad_len
883 plain += pad_len * '\0'
886 def test_ap_wpa2_psk_supp_proto(dev, apdev):
887 """WPA2-PSK 4-way handshake protocol testing for supplicant"""
888 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
890 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
891 msg = recv_eapol(hapd)
892 dev[0].dump_monitor()
894 # Build own EAPOL-Key msg 1/4
895 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
897 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
899 send_eapol(dev[0], addr, build_eapol(msg))
900 msg = recv_eapol(dev[0])
901 snonce = msg['rsn_key_nonce']
903 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
905 logger.debug("Invalid AES wrap data length 0")
906 dev[0].dump_monitor()
907 msg = build_eapol_key_3_4(anonce, kck, '', replay_counter=counter)
909 send_eapol(dev[0], addr, build_eapol(msg))
910 ev = dev[0].wait_event(["WPA: Unsupported AES-WRAP len 0"])
912 raise Exception("Unsupported AES-WRAP len 0 not reported")
914 logger.debug("Invalid AES wrap data length 1")
915 dev[0].dump_monitor()
916 msg = build_eapol_key_3_4(anonce, kck, '1', replay_counter=counter)
918 send_eapol(dev[0], addr, build_eapol(msg))
919 ev = dev[0].wait_event(["WPA: Unsupported AES-WRAP len 1"])
921 raise Exception("Unsupported AES-WRAP len 1 not reported")
923 logger.debug("Invalid AES wrap data length 9")
924 dev[0].dump_monitor()
925 msg = build_eapol_key_3_4(anonce, kck, '123456789', replay_counter=counter)
927 send_eapol(dev[0], addr, build_eapol(msg))
928 ev = dev[0].wait_event(["WPA: Unsupported AES-WRAP len 9"])
930 raise Exception("Unsupported AES-WRAP len 9 not reported")
932 logger.debug("Invalid AES wrap data payload")
933 dev[0].dump_monitor()
934 msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter)
935 # do not increment counter to test replay protection
936 send_eapol(dev[0], addr, build_eapol(msg))
937 ev = dev[0].wait_event(["WPA: AES unwrap failed"])
939 raise Exception("AES unwrap failure not reported")
941 logger.debug("Replay Count not increasing")
942 dev[0].dump_monitor()
943 msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter)
945 send_eapol(dev[0], addr, build_eapol(msg))
946 ev = dev[0].wait_event(["WPA: EAPOL-Key Replay Counter did not increase"])
948 raise Exception("Replay Counter replay not reported")
950 logger.debug("Missing Ack bit in key info")
951 dev[0].dump_monitor()
952 msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter,
955 send_eapol(dev[0], addr, build_eapol(msg))
956 ev = dev[0].wait_event(["WPA: No Ack bit in key_info"])
958 raise Exception("Missing Ack bit not reported")
960 logger.debug("Unexpected Request bit in key info")
961 dev[0].dump_monitor()
962 msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter,
965 send_eapol(dev[0], addr, build_eapol(msg))
966 ev = dev[0].wait_event(["WPA: EAPOL-Key with Request bit"])
968 raise Exception("Request bit not reported")
970 logger.debug("Unsupported key descriptor version 0")
971 dev[0].dump_monitor()
972 msg = build_eapol_key_3_4(anonce, kck, '0123456789abcdef',
973 replay_counter=counter, key_info=0x13c8)
975 send_eapol(dev[0], addr, build_eapol(msg))
976 ev = dev[0].wait_event(["WPA: Unsupported EAPOL-Key descriptor version 0"])
978 raise Exception("Unsupported EAPOL-Key descriptor version 0 not reported")
980 logger.debug("Key descriptor version 1 not allowed with CCMP")
981 dev[0].dump_monitor()
982 msg = build_eapol_key_3_4(anonce, kck, '0123456789abcdef',
983 replay_counter=counter, key_info=0x13c9)
985 send_eapol(dev[0], addr, build_eapol(msg))
986 ev = dev[0].wait_event(["WPA: CCMP is used, but EAPOL-Key descriptor version (1) is not 2"])
988 raise Exception("Not allowed EAPOL-Key descriptor version not reported")
990 logger.debug("Invalid AES wrap payload with key descriptor version 2")
991 dev[0].dump_monitor()
992 msg = build_eapol_key_3_4(anonce, kck, '0123456789abcdef',
993 replay_counter=counter, key_info=0x13ca)
995 send_eapol(dev[0], addr, build_eapol(msg))
996 ev = dev[0].wait_event(["WPA: AES unwrap failed"])
998 raise Exception("AES unwrap failure not reported")
1000 logger.debug("Key descriptor version 3 workaround")
1001 dev[0].dump_monitor()
1002 msg = build_eapol_key_3_4(anonce, kck, '0123456789abcdef',
1003 replay_counter=counter, key_info=0x13cb)
1005 send_eapol(dev[0], addr, build_eapol(msg))
1006 ev = dev[0].wait_event(["WPA: CCMP is used, but EAPOL-Key descriptor version (3) is not 2"])
1008 raise Exception("CCMP key descriptor mismatch not reported")
1009 ev = dev[0].wait_event(["WPA: Interoperability workaround"])
1011 raise Exception("AES-128-CMAC workaround not reported")
1012 ev = dev[0].wait_event(["WPA: Invalid EAPOL-Key MIC - dropping packet"])
1014 raise Exception("MIC failure with AES-128-CMAC workaround not reported")
1016 logger.debug("Unsupported key descriptor version 4")
1017 dev[0].dump_monitor()
1018 msg = build_eapol_key_3_4(anonce, kck, '0123456789abcdef',
1019 replay_counter=counter, key_info=0x13cc)
1021 send_eapol(dev[0], addr, build_eapol(msg))
1022 ev = dev[0].wait_event(["WPA: Unsupported EAPOL-Key descriptor version 4"])
1024 raise Exception("Unsupported EAPOL-Key descriptor version 4 not reported")
1026 logger.debug("Unsupported key descriptor version 7")
1027 dev[0].dump_monitor()
1028 msg = build_eapol_key_3_4(anonce, kck, '0123456789abcdef',
1029 replay_counter=counter, key_info=0x13cf)
1031 send_eapol(dev[0], addr, build_eapol(msg))
1032 ev = dev[0].wait_event(["WPA: Unsupported EAPOL-Key descriptor version 7"])
1034 raise Exception("Unsupported EAPOL-Key descriptor version 7 not reported")
1036 logger.debug("Too short EAPOL header length")
1037 dev[0].dump_monitor()
1038 msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter,
1041 send_eapol(dev[0], addr, build_eapol(msg))
1042 ev = dev[0].wait_event(["WPA: Invalid EAPOL-Key frame - key_data overflow (8 > 7)"])
1044 raise Exception("Key data overflow not reported")
1046 logger.debug("Too long EAPOL header length")
1047 msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter,
1050 send_eapol(dev[0], addr, build_eapol(msg))
1052 logger.debug("Unsupported descriptor type 0")
1053 msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter,
1056 send_eapol(dev[0], addr, build_eapol(msg))
1058 logger.debug("WPA descriptor type 0")
1059 msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter,
1062 send_eapol(dev[0], addr, build_eapol(msg))
1064 logger.debug("Non-zero key index for pairwise key")
1065 dev[0].dump_monitor()
1066 wrapped = aes_wrap(kek, 16*'z')
1067 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
1070 send_eapol(dev[0], addr, build_eapol(msg))
1071 ev = dev[0].wait_event(["WPA: Ignored EAPOL-Key (Pairwise) with non-zero key index"])
1073 raise Exception("Non-zero key index not reported")
1075 logger.debug("Invalid Key Data plaintext payload --> disconnect")
1076 dev[0].dump_monitor()
1077 wrapped = aes_wrap(kek, 16*'z')
1078 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1080 send_eapol(dev[0], addr, build_eapol(msg))
1081 dev[0].wait_disconnected(timeout=1)
1083 def test_ap_wpa2_psk_supp_proto_no_ie(dev, apdev):
1084 """WPA2-PSK supplicant protocol testing: IE not included"""
1085 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1087 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1088 msg = recv_eapol(hapd)
1089 dev[0].dump_monitor()
1091 # Build own EAPOL-Key msg 1/4
1092 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1094 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1096 send_eapol(dev[0], addr, build_eapol(msg))
1097 msg = recv_eapol(dev[0])
1098 snonce = msg['rsn_key_nonce']
1100 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1102 logger.debug("No IEs in msg 3/4 --> disconnect")
1103 dev[0].dump_monitor()
1104 wrapped = aes_wrap(kek, 16*'\0')
1105 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1107 send_eapol(dev[0], addr, build_eapol(msg))
1108 dev[0].wait_disconnected(timeout=1)
1110 def test_ap_wpa2_psk_supp_proto_ie_mismatch(dev, apdev):
1111 """WPA2-PSK supplicant protocol testing: IE mismatch"""
1112 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1114 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1115 msg = recv_eapol(hapd)
1116 dev[0].dump_monitor()
1118 # Build own EAPOL-Key msg 1/4
1119 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1121 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1123 send_eapol(dev[0], addr, build_eapol(msg))
1124 msg = recv_eapol(dev[0])
1125 snonce = msg['rsn_key_nonce']
1127 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1129 logger.debug("Msg 3/4 with mismatching IE")
1130 dev[0].dump_monitor()
1131 wrapped = aes_wrap(kek, pad_key_data(binascii.unhexlify('30060100000fac04dd16000fac010100dc11188831bf4aa4a8678d2b41498618')))
1132 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1134 send_eapol(dev[0], addr, build_eapol(msg))
1135 dev[0].wait_disconnected(timeout=1)
1137 def test_ap_wpa2_psk_supp_proto_ok(dev, apdev):
1138 """WPA2-PSK supplicant protocol testing: success"""
1139 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1141 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1142 msg = recv_eapol(hapd)
1143 dev[0].dump_monitor()
1145 # Build own EAPOL-Key msg 1/4
1146 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1148 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1150 send_eapol(dev[0], addr, build_eapol(msg))
1151 msg = recv_eapol(dev[0])
1152 snonce = msg['rsn_key_nonce']
1154 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1156 logger.debug("Valid EAPOL-Key msg 3/4")
1157 dev[0].dump_monitor()
1158 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
1159 wrapped = aes_wrap(kek, pad_key_data(plain))
1160 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1162 send_eapol(dev[0], addr, build_eapol(msg))
1163 dev[0].wait_connected(timeout=1)
1165 def test_ap_wpa2_psk_supp_proto_no_gtk(dev, apdev):
1166 """WPA2-PSK supplicant protocol testing: no GTK"""
1167 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1169 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1170 msg = recv_eapol(hapd)
1171 dev[0].dump_monitor()
1173 # Build own EAPOL-Key msg 1/4
1174 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1176 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1178 send_eapol(dev[0], addr, build_eapol(msg))
1179 msg = recv_eapol(dev[0])
1180 snonce = msg['rsn_key_nonce']
1182 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1184 logger.debug("EAPOL-Key msg 3/4 without GTK KDE")
1185 dev[0].dump_monitor()
1186 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00')
1187 wrapped = aes_wrap(kek, pad_key_data(plain))
1188 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1190 send_eapol(dev[0], addr, build_eapol(msg))
1191 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.1)
1193 raise Exception("Unexpected connection completion reported")
1195 def test_ap_wpa2_psk_supp_proto_anonce_change(dev, apdev):
1196 """WPA2-PSK supplicant protocol testing: ANonce change"""
1197 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1199 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1200 msg = recv_eapol(hapd)
1201 dev[0].dump_monitor()
1203 # Build own EAPOL-Key msg 1/4
1204 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1206 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1208 send_eapol(dev[0], addr, build_eapol(msg))
1209 msg = recv_eapol(dev[0])
1210 snonce = msg['rsn_key_nonce']
1212 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1214 logger.debug("Valid EAPOL-Key msg 3/4")
1215 dev[0].dump_monitor()
1216 anonce2 = binascii.unhexlify('3333333333333333333333333333333333333333333333333333333333333333')
1217 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
1218 wrapped = aes_wrap(kek, pad_key_data(plain))
1219 msg = build_eapol_key_3_4(anonce2, kck, wrapped, replay_counter=counter)
1221 send_eapol(dev[0], addr, build_eapol(msg))
1222 ev = dev[0].wait_event(["WPA: ANonce from message 1 of 4-Way Handshake differs from 3 of 4-Way Handshake"])
1224 raise Exception("ANonce change not reported")
1226 def test_ap_wpa2_psk_supp_proto_unexpected_group_msg(dev, apdev):
1227 """WPA2-PSK supplicant protocol testing: unexpected group message"""
1228 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1230 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1231 msg = recv_eapol(hapd)
1232 dev[0].dump_monitor()
1234 # Build own EAPOL-Key msg 1/4
1235 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1237 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1239 send_eapol(dev[0], addr, build_eapol(msg))
1240 msg = recv_eapol(dev[0])
1241 snonce = msg['rsn_key_nonce']
1243 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1245 logger.debug("Group key 1/2 instead of msg 3/4")
1246 dev[0].dump_monitor()
1247 wrapped = aes_wrap(kek, binascii.unhexlify('dd16000fac010100dc11188831bf4aa4a8678d2b41498618'))
1248 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
1251 send_eapol(dev[0], addr, build_eapol(msg))
1252 ev = dev[0].wait_event(["WPA: Group Key Handshake started prior to completion of 4-way handshake"])
1254 raise Exception("Unexpected group key message not reported")
1255 dev[0].wait_disconnected(timeout=1)
1257 def test_ap_wpa2_psk_supp_proto_msg_1_invalid_kde(dev, apdev):
1258 """WPA2-PSK supplicant protocol testing: invalid KDE in msg 1/4"""
1259 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1261 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1262 msg = recv_eapol(hapd)
1263 dev[0].dump_monitor()
1265 # Build own EAPOL-Key msg 1/4 with invalid KDE
1266 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1268 msg = build_eapol_key_1_4(anonce, replay_counter=counter,
1269 key_data=binascii.unhexlify('5555'))
1271 send_eapol(dev[0], addr, build_eapol(msg))
1272 dev[0].wait_disconnected(timeout=1)
1274 def test_ap_wpa2_psk_supp_proto_wrong_pairwise_key_len(dev, apdev):
1275 """WPA2-PSK supplicant protocol testing: wrong pairwise key length"""
1276 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1278 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1279 msg = recv_eapol(hapd)
1280 dev[0].dump_monitor()
1282 # Build own EAPOL-Key msg 1/4
1283 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1285 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1287 send_eapol(dev[0], addr, build_eapol(msg))
1288 msg = recv_eapol(dev[0])
1289 snonce = msg['rsn_key_nonce']
1291 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1293 logger.debug("Valid EAPOL-Key msg 3/4")
1294 dev[0].dump_monitor()
1295 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
1296 wrapped = aes_wrap(kek, pad_key_data(plain))
1297 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
1300 send_eapol(dev[0], addr, build_eapol(msg))
1301 ev = dev[0].wait_event(["WPA: Invalid CCMP key length 15"])
1303 raise Exception("Invalid CCMP key length not reported")
1304 dev[0].wait_disconnected(timeout=1)
1306 def test_ap_wpa2_psk_supp_proto_wrong_group_key_len(dev, apdev):
1307 """WPA2-PSK supplicant protocol testing: wrong group key length"""
1308 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1310 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1311 msg = recv_eapol(hapd)
1312 dev[0].dump_monitor()
1314 # Build own EAPOL-Key msg 1/4
1315 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1317 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1319 send_eapol(dev[0], addr, build_eapol(msg))
1320 msg = recv_eapol(dev[0])
1321 snonce = msg['rsn_key_nonce']
1323 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1325 logger.debug("Valid EAPOL-Key msg 3/4")
1326 dev[0].dump_monitor()
1327 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd15000fac010100dc11188831bf4aa4a8678d2b414986')
1328 wrapped = aes_wrap(kek, pad_key_data(plain))
1329 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1331 send_eapol(dev[0], addr, build_eapol(msg))
1332 ev = dev[0].wait_event(["WPA: Unsupported CCMP Group Cipher key length 15"])
1334 raise Exception("Invalid CCMP key length not reported")
1335 dev[0].wait_disconnected(timeout=1)
1337 def test_ap_wpa2_psk_supp_proto_gtk_tx_bit_workaround(dev, apdev):
1338 """WPA2-PSK supplicant protocol testing: GTK TX bit workaround"""
1339 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1341 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1342 msg = recv_eapol(hapd)
1343 dev[0].dump_monitor()
1345 # Build own EAPOL-Key msg 1/4
1346 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1348 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1350 send_eapol(dev[0], addr, build_eapol(msg))
1351 msg = recv_eapol(dev[0])
1352 snonce = msg['rsn_key_nonce']
1354 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1356 logger.debug("Valid EAPOL-Key msg 3/4")
1357 dev[0].dump_monitor()
1358 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010500dc11188831bf4aa4a8678d2b41498618')
1359 wrapped = aes_wrap(kek, pad_key_data(plain))
1360 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1362 send_eapol(dev[0], addr, build_eapol(msg))
1363 ev = dev[0].wait_event(["WPA: Tx bit set for GTK, but pairwise keys are used - ignore Tx bit"])
1365 raise Exception("GTK Tx bit workaround not reported")
1366 dev[0].wait_connected(timeout=1)
1368 def test_ap_wpa2_psk_supp_proto_gtk_keyidx_0_and_3(dev, apdev):
1369 """WPA2-PSK supplicant protocol testing: GTK key index 0 and 3"""
1370 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1372 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1373 msg = recv_eapol(hapd)
1374 dev[0].dump_monitor()
1376 # Build own EAPOL-Key msg 1/4
1377 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1379 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1381 send_eapol(dev[0], addr, build_eapol(msg))
1382 msg = recv_eapol(dev[0])
1383 snonce = msg['rsn_key_nonce']
1385 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1387 logger.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)")
1388 dev[0].dump_monitor()
1389 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618')
1390 wrapped = aes_wrap(kek, pad_key_data(plain))
1391 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1393 send_eapol(dev[0], addr, build_eapol(msg))
1394 dev[0].wait_connected(timeout=1)
1396 logger.debug("Valid EAPOL-Key group msg 1/2 (GTK keyidx 3)")
1397 dev[0].dump_monitor()
1398 plain = binascii.unhexlify('dd16000fac010300dc11188831bf4aa4a8678d2b41498618')
1399 wrapped = aes_wrap(kek, pad_key_data(plain))
1400 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
1403 send_eapol(dev[0], addr, build_eapol(msg))
1404 msg = recv_eapol(dev[0])
1405 ev = dev[0].wait_event(["WPA: Group rekeying completed"])
1407 raise Exception("GTK rekeing not reported")
1409 logger.debug("Unencrypted GTK KDE in group msg 1/2")
1410 dev[0].dump_monitor()
1411 plain = binascii.unhexlify('dd16000fac010300dc11188831bf4aa4a8678d2b41498618')
1412 msg = build_eapol_key_3_4(anonce, kck, plain, replay_counter=counter,
1415 send_eapol(dev[0], addr, build_eapol(msg))
1416 ev = dev[0].wait_event(["WPA: GTK IE in unencrypted key data"])
1418 raise Exception("Unencrypted GTK KDE not reported")
1419 dev[0].wait_disconnected(timeout=1)
1421 def test_ap_wpa2_psk_supp_proto_no_gtk_in_group_msg(dev, apdev):
1422 """WPA2-PSK supplicant protocol testing: GTK KDE missing from group msg"""
1423 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1425 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1426 msg = recv_eapol(hapd)
1427 dev[0].dump_monitor()
1429 # Build own EAPOL-Key msg 1/4
1430 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1432 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1434 send_eapol(dev[0], addr, build_eapol(msg))
1435 msg = recv_eapol(dev[0])
1436 snonce = msg['rsn_key_nonce']
1438 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1440 logger.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)")
1441 dev[0].dump_monitor()
1442 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618')
1443 wrapped = aes_wrap(kek, pad_key_data(plain))
1444 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1446 send_eapol(dev[0], addr, build_eapol(msg))
1447 dev[0].wait_connected(timeout=1)
1449 logger.debug("No GTK KDE in EAPOL-Key group msg 1/2")
1450 dev[0].dump_monitor()
1451 plain = binascii.unhexlify('dd00dd00dd00dd00dd00dd00dd00dd00')
1452 wrapped = aes_wrap(kek, pad_key_data(plain))
1453 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
1456 send_eapol(dev[0], addr, build_eapol(msg))
1457 ev = dev[0].wait_event(["WPA: No GTK IE in Group Key msg 1/2"])
1459 raise Exception("Missing GTK KDE not reported")
1460 dev[0].wait_disconnected(timeout=1)
1462 def test_ap_wpa2_psk_supp_proto_too_long_gtk_in_group_msg(dev, apdev):
1463 """WPA2-PSK supplicant protocol testing: too long GTK KDE in group msg"""
1464 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1466 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1467 msg = recv_eapol(hapd)
1468 dev[0].dump_monitor()
1470 # Build own EAPOL-Key msg 1/4
1471 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1473 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1475 send_eapol(dev[0], addr, build_eapol(msg))
1476 msg = recv_eapol(dev[0])
1477 snonce = msg['rsn_key_nonce']
1479 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1481 logger.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)")
1482 dev[0].dump_monitor()
1483 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618')
1484 wrapped = aes_wrap(kek, pad_key_data(plain))
1485 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1487 send_eapol(dev[0], addr, build_eapol(msg))
1488 dev[0].wait_connected(timeout=1)
1490 logger.debug("EAPOL-Key group msg 1/2 with too long GTK KDE")
1491 dev[0].dump_monitor()
1492 plain = binascii.unhexlify('dd27000fac010100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff')
1493 wrapped = aes_wrap(kek, pad_key_data(plain))
1494 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
1497 send_eapol(dev[0], addr, build_eapol(msg))
1498 ev = dev[0].wait_event(["WPA: Unsupported CCMP Group Cipher key length 33"])
1500 raise Exception("Too long GTK KDE not reported")
1501 dev[0].wait_disconnected(timeout=1)
1503 def test_ap_wpa2_psk_supp_proto_too_long_gtk_kde(dev, apdev):
1504 """WPA2-PSK supplicant protocol testing: too long GTK KDE"""
1505 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1507 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1508 msg = recv_eapol(hapd)
1509 dev[0].dump_monitor()
1511 # Build own EAPOL-Key msg 1/4
1512 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1514 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1516 send_eapol(dev[0], addr, build_eapol(msg))
1517 msg = recv_eapol(dev[0])
1518 snonce = msg['rsn_key_nonce']
1520 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1522 logger.debug("EAPOL-Key msg 3/4 with too short GTK KDE")
1523 dev[0].dump_monitor()
1524 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd27000fac010100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff')
1525 wrapped = aes_wrap(kek, pad_key_data(plain))
1526 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1528 send_eapol(dev[0], addr, build_eapol(msg))
1529 dev[0].wait_disconnected(timeout=1)
1531 def test_ap_wpa2_psk_supp_proto_gtk_not_encrypted(dev, apdev):
1532 """WPA2-PSK supplicant protocol testing: GTK KDE not encrypted"""
1533 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1535 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1536 msg = recv_eapol(hapd)
1537 dev[0].dump_monitor()
1539 # Build own EAPOL-Key msg 1/4
1540 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1542 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1544 send_eapol(dev[0], addr, build_eapol(msg))
1545 msg = recv_eapol(dev[0])
1546 snonce = msg['rsn_key_nonce']
1548 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1550 logger.debug("Valid EAPOL-Key msg 3/4")
1551 dev[0].dump_monitor()
1552 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
1553 msg = build_eapol_key_3_4(anonce, kck, plain, replay_counter=counter,
1556 send_eapol(dev[0], addr, build_eapol(msg))
1557 ev = dev[0].wait_event(["WPA: GTK IE in unencrypted key data"])
1559 raise Exception("Unencrypted GTK KDE not reported")
1560 dev[0].wait_disconnected(timeout=1)
1562 def find_wpas_process(dev):
1564 cmd = subprocess.Popen(['ps', 'ax'], stdout=subprocess.PIPE)
1565 (data,err) = cmd.communicate()
1566 for l in data.splitlines():
1567 if "wpa_supplicant" not in l:
1569 if "-i" + ifname not in l:
1571 return int(l.strip().split(' ')[0])
1572 raise Exception("Could not find wpa_supplicant process")
1574 def read_process_memory(pid, key=None):
1576 with open('/proc/%d/maps' % pid, 'r') as maps, \
1577 open('/proc/%d/mem' % pid, 'r') as mem:
1578 for l in maps.readlines():
1579 m = re.match(r'([0-9a-f]+)-([0-9a-f]+) ([-r][-w][-x][-p])', l)
1582 start = int(m.group(1), 16)
1583 end = int(m.group(2), 16)
1585 if start > 0xffffffffffff:
1589 if not perm.startswith('rw'):
1592 data = mem.read(end - start)
1594 if key and key in data:
1595 logger.info("Key found in " + l)
1598 def verify_not_present(buf, key, fname, keyname):
1603 prefix = 2048 if pos > 2048 else pos
1604 with open(fname + keyname, 'w') as f:
1605 f.write(buf[pos - prefix:pos + 2048])
1606 raise Exception(keyname + " found after disassociation")
1608 def get_key_locations(buf, key, keyname):
1612 pos = buf.find(key, pos)
1615 logger.info("Found %s at %d" % (keyname, pos))
1620 def test_wpa2_psk_key_lifetime_in_memory(dev, apdev, params):
1621 """WPA2-PSK and PSK/PTK lifetime in memory"""
1622 ssid = "test-wpa2-psk"
1623 passphrase = 'qwertyuiop'
1624 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
1625 pmk = binascii.unhexlify(psk)
1626 p = hostapd.wpa2_params(ssid=ssid)
1628 hapd = hostapd.add_ap(apdev[0]['ifname'], p)
1630 pid = find_wpas_process(dev[0])
1632 id = dev[0].connect(ssid, raw_psk=psk, scan_freq="2412",
1633 only_add_network=True)
1635 logger.info("Checking keys in memory after network profile configuration")
1636 buf = read_process_memory(pid, pmk)
1637 get_key_locations(buf, pmk, "PMK")
1639 dev[0].request("REMOVE_NETWORK all")
1640 logger.info("Checking keys in memory after network profile removal")
1641 buf = read_process_memory(pid, pmk)
1642 get_key_locations(buf, pmk, "PMK")
1644 id = dev[0].connect(ssid, psk=passphrase, scan_freq="2412",
1645 only_add_network=True)
1647 logger.info("Checking keys in memory before connection")
1648 buf = read_process_memory(pid, pmk)
1649 get_key_locations(buf, pmk, "PMK")
1651 dev[0].connect_network(id, timeout=20)
1654 buf = read_process_memory(pid, pmk)
1656 dev[0].request("DISCONNECT")
1657 dev[0].wait_disconnected()
1662 with open(os.path.join(params['logdir'], 'log0'), 'r') as f:
1663 for l in f.readlines():
1664 if "WPA: PTK - hexdump" in l:
1665 val = l.strip().split(':')[3].replace(' ', '')
1666 ptk = binascii.unhexlify(val)
1667 if "WPA: Group Key - hexdump" in l:
1668 val = l.strip().split(':')[3].replace(' ', '')
1669 gtk = binascii.unhexlify(val)
1670 if not pmk or not ptk or not gtk:
1671 raise Exception("Could not find keys from debug log")
1673 raise Exception("Unexpected GTK length")
1679 logger.info("Checking keys in memory while associated")
1680 get_key_locations(buf, pmk, "PMK")
1682 raise HwsimSkip("PMK not found while associated")
1684 raise Exception("KCK not found while associated")
1686 raise Exception("KEK not found while associated")
1688 raise Exception("TK found from memory")
1690 raise Exception("GTK found from memory")
1692 logger.info("Checking keys in memory after disassociation")
1693 buf = read_process_memory(pid, pmk)
1694 get_key_locations(buf, pmk, "PMK")
1696 # Note: PMK/PSK is still present in network configuration
1698 fname = os.path.join(params['logdir'],
1699 'wpa2_psk_key_lifetime_in_memory.memctx-')
1700 verify_not_present(buf, kck, fname, "KCK")
1701 verify_not_present(buf, kek, fname, "KEK")
1702 verify_not_present(buf, tk, fname, "TK")
1703 verify_not_present(buf, gtk, fname, "GTK")
1705 dev[0].request("REMOVE_NETWORK all")
1707 logger.info("Checking keys in memory after network profile removal")
1708 buf = read_process_memory(pid, pmk)
1709 get_key_locations(buf, pmk, "PMK")
1711 verify_not_present(buf, pmk, fname, "PMK")
1712 verify_not_present(buf, kck, fname, "KCK")
1713 verify_not_present(buf, kek, fname, "KEK")
1714 verify_not_present(buf, tk, fname, "TK")
1715 verify_not_present(buf, gtk, fname, "GTK")
1717 def test_ap_wpa2_psk_wep(dev, apdev):
1718 """WPA2-PSK AP and WEP enabled"""
1719 ssid = "test-wpa2-psk"
1720 passphrase = 'qwertyuiop'
1721 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
1722 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
1724 hapd.set('wep_key0', '"hello"')
1725 raise Exception("WEP key accepted to WPA2 network")
1729 def test_ap_wpa2_psk_wpas_in_bridge(dev, apdev):
1730 """WPA2-PSK AP and wpas interface in a bridge"""
1734 _test_ap_wpa2_psk_wpas_in_bridge(dev, apdev)
1736 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'down'])
1737 subprocess.call(['brctl', 'delif', br_ifname, ifname])
1738 subprocess.call(['brctl', 'delbr', br_ifname])
1739 subprocess.call(['iw', ifname, 'set', '4addr', 'off'])
1741 def _test_ap_wpa2_psk_wpas_in_bridge(dev, apdev):
1742 ssid = "test-wpa2-psk"
1743 passphrase = 'qwertyuiop'
1744 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
1745 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
1749 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
1750 subprocess.call(['brctl', 'addbr', br_ifname])
1751 subprocess.call(['brctl', 'setfd', br_ifname, '0'])
1752 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'up'])
1753 subprocess.call(['iw', ifname, 'set', '4addr', 'on'])
1754 subprocess.check_call(['brctl', 'addif', br_ifname, ifname])
1755 wpas.interface_add(ifname, br_ifname=br_ifname)
1757 wpas.connect(ssid, psk=passphrase, scan_freq="2412")
1759 def test_ap_wpa2_psk_ifdown(dev, apdev):
1760 """AP with open mode and external ifconfig down"""
1761 ssid = "test-wpa2-psk"
1762 passphrase = 'qwertyuiop'
1763 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
1764 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
1765 bssid = apdev[0]['bssid']
1767 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
1768 subprocess.call(['ip', 'link', 'set', 'dev', apdev[0]['ifname'], 'down'])
1769 ev = hapd.wait_event(["INTERFACE-DISABLED"], timeout=10)
1771 raise Exception("No INTERFACE-DISABLED event")
1772 # this wait tests beacon loss detection in mac80211
1773 dev[0].wait_disconnected()
1774 subprocess.call(['ip', 'link', 'set', 'dev', apdev[0]['ifname'], 'up'])
1775 ev = hapd.wait_event(["INTERFACE-ENABLED"], timeout=10)
1777 raise Exception("No INTERFACE-ENABLED event")
1778 dev[0].wait_connected()
1779 hwsim_utils.test_connectivity(dev[0], hapd)
1781 def test_ap_wpa2_psk_drop_first_msg_4(dev, apdev):
1782 """WPA2-PSK and first EAPOL-Key msg 4/4 dropped"""
1783 bssid = apdev[0]['bssid']
1784 ssid = "test-wpa2-psk"
1785 passphrase = 'qwertyuiop'
1786 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
1787 params = hostapd.wpa2_params(ssid=ssid)
1788 params['wpa_psk'] = psk
1789 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
1790 hapd.request("SET ext_eapol_frame_io 1")
1791 dev[0].request("SET ext_eapol_frame_io 1")
1792 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
1793 addr = dev[0].own_addr()
1796 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1798 raise Exception("Timeout on EAPOL-TX from hostapd")
1799 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
1801 raise Exception("EAPOL_RX to wpa_supplicant failed")
1804 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
1806 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1807 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
1809 raise Exception("EAPOL_RX to hostapd failed")
1812 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1814 raise Exception("Timeout on EAPOL-TX from hostapd")
1815 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
1817 raise Exception("EAPOL_RX to wpa_supplicant failed")
1820 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
1822 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1823 logger.info("Drop the first EAPOL-Key msg 4/4")
1825 # wpa_supplicant believes now that 4-way handshake succeeded; hostapd
1826 # doesn't. Use normal EAPOL TX/RX to handle retries.
1827 hapd.request("SET ext_eapol_frame_io 0")
1828 dev[0].request("SET ext_eapol_frame_io 0")
1829 dev[0].wait_connected()
1831 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
1833 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
1835 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=0.1)
1837 logger.info("Disconnection detected")
1838 # The EAPOL-Key retries are supposed to allow the connection to be
1839 # established without having to reassociate. However, this does not
1840 # currently work since mac80211 ends up encrypting EAPOL-Key msg 4/4
1841 # after the pairwise key has been configured and AP will drop those and
1842 # disconnect the station after reaching retransmission limit. Connection
1843 # is then established after reassociation. Once that behavior has been
1844 # optimized to prevent EAPOL-Key frame encryption for retransmission
1845 # case, this exception can be uncommented here.
1846 #raise Exception("Unexpected disconnection")
1848 def test_ap_wpa2_psk_disable_enable(dev, apdev):
1849 """WPA2-PSK AP getting disabled and re-enabled"""
1850 ssid = "test-wpa2-psk"
1851 passphrase = 'qwertyuiop'
1852 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
1853 params = hostapd.wpa2_params(ssid=ssid)
1854 params['wpa_psk'] = psk
1855 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
1856 dev[0].connect(ssid, raw_psk=psk, scan_freq="2412")
1859 hapd.request("DISABLE")
1860 dev[0].wait_disconnected()
1861 hapd.request("ENABLE")
1862 dev[0].wait_connected()
1863 hwsim_utils.test_connectivity(dev[0], hapd)