2 # Copyright (c) 2014, Qualcomm Atheros, Inc.
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
8 from Crypto.Cipher import AES
12 logger = logging.getLogger()
20 from utils import HwsimSkip, fail_test, skip_with_fips
22 from wpasupplicant import WpaSupplicant
24 def check_mib(dev, vals):
28 raise Exception("Unexpected {} = {} (expected {})".format(v[0], mib[v[0]], v[1]))
30 def test_ap_wpa2_psk(dev, apdev):
31 """WPA2-PSK AP with PSK instead of passphrase"""
32 ssid = "test-wpa2-psk"
33 passphrase = 'qwertyuiop'
34 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
35 params = hostapd.wpa2_params(ssid=ssid)
36 params['wpa_psk'] = psk
37 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
38 key_mgmt = hapd.get_config()['key_mgmt']
39 if key_mgmt.split(' ')[0] != "WPA-PSK":
40 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
41 dev[0].connect(ssid, raw_psk=psk, scan_freq="2412")
42 dev[1].connect(ssid, psk=passphrase, scan_freq="2412")
44 sig = dev[0].request("SIGNAL_POLL").splitlines()
45 pkt = dev[0].request("PKTCNT_POLL").splitlines()
46 if "FREQUENCY=2412" not in sig:
47 raise Exception("Unexpected SIGNAL_POLL value: " + str(sig))
48 if "TXBAD=0" not in pkt:
49 raise Exception("Unexpected TXBAD value: " + str(pkt))
51 def test_ap_wpa2_psk_file(dev, apdev):
52 """WPA2-PSK AP with PSK from a file"""
53 ssid = "test-wpa2-psk"
54 passphrase = 'qwertyuiop'
55 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
56 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
57 params['wpa_psk_file'] = 'hostapd.wpa_psk'
58 hostapd.add_ap(apdev[0]['ifname'], params)
59 dev[1].connect(ssid, psk="very secret", scan_freq="2412", wait_connect=False)
60 dev[2].connect(ssid, raw_psk=psk, scan_freq="2412")
61 dev[2].request("REMOVE_NETWORK all")
62 dev[0].connect(ssid, psk="very secret", scan_freq="2412")
63 dev[0].request("REMOVE_NETWORK all")
64 dev[2].connect(ssid, psk="another passphrase for all STAs", scan_freq="2412")
65 dev[0].connect(ssid, psk="another passphrase for all STAs", scan_freq="2412")
66 ev = dev[1].wait_event(["WPA: 4-Way Handshake failed"], timeout=10)
68 raise Exception("Timed out while waiting for failure report")
69 dev[1].request("REMOVE_NETWORK all")
71 def test_ap_wpa2_psk_mem(dev, apdev):
72 """WPA2-PSK AP with passphrase only in memory"""
74 _test_ap_wpa2_psk_mem(dev, apdev)
76 dev[0].request("SCAN_INTERVAL 5")
77 dev[1].request("SCAN_INTERVAL 5")
79 def _test_ap_wpa2_psk_mem(dev, apdev):
80 ssid = "test-wpa2-psk"
81 passphrase = 'qwertyuiop'
82 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
83 params = hostapd.wpa2_params(ssid=ssid)
84 params['wpa_psk'] = psk
85 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
87 dev[0].connect(ssid, mem_only_psk="1", scan_freq="2412", wait_connect=False)
88 dev[0].request("SCAN_INTERVAL 1")
89 ev = dev[0].wait_event(["CTRL-REQ-PSK_PASSPHRASE"], timeout=10)
91 raise Exception("Request for PSK/passphrase timed out")
92 id = ev.split(':')[0].split('-')[-1]
93 dev[0].request("CTRL-RSP-PSK_PASSPHRASE-" + id + ':"' + passphrase + '"')
94 dev[0].wait_connected(timeout=10)
96 dev[1].connect(ssid, mem_only_psk="1", scan_freq="2412", wait_connect=False)
97 dev[1].request("SCAN_INTERVAL 1")
98 ev = dev[1].wait_event(["CTRL-REQ-PSK_PASSPHRASE"], timeout=10)
100 raise Exception("Request for PSK/passphrase timed out(2)")
101 id = ev.split(':')[0].split('-')[-1]
102 dev[1].request("CTRL-RSP-PSK_PASSPHRASE-" + id + ':' + psk)
103 dev[1].wait_connected(timeout=10)
105 def test_ap_wpa2_ptk_rekey(dev, apdev):
106 """WPA2-PSK AP and PTK rekey enforced by station"""
107 ssid = "test-wpa2-psk"
108 passphrase = 'qwertyuiop'
109 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
110 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
111 dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412")
112 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
114 raise Exception("PTK rekey timed out")
115 hwsim_utils.test_connectivity(dev[0], hapd)
117 def test_ap_wpa2_ptk_rekey_ap(dev, apdev):
118 """WPA2-PSK AP and PTK rekey enforced by AP"""
119 ssid = "test-wpa2-psk"
120 passphrase = 'qwertyuiop'
121 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
122 params['wpa_ptk_rekey'] = '2'
123 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
124 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
125 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
127 raise Exception("PTK rekey timed out")
128 hwsim_utils.test_connectivity(dev[0], hapd)
130 def test_ap_wpa2_sha256_ptk_rekey(dev, apdev):
131 """WPA2-PSK/SHA256 AKM AP and PTK rekey enforced by station"""
132 ssid = "test-wpa2-psk"
133 passphrase = 'qwertyuiop'
134 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
135 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
136 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
137 dev[0].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK-SHA256",
138 wpa_ptk_rekey="1", scan_freq="2412")
139 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
141 raise Exception("PTK rekey timed out")
142 hwsim_utils.test_connectivity(dev[0], hapd)
143 check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-6"),
144 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-6") ])
146 def test_ap_wpa2_sha256_ptk_rekey_ap(dev, apdev):
147 """WPA2-PSK/SHA256 AKM AP and PTK rekey enforced by AP"""
148 ssid = "test-wpa2-psk"
149 passphrase = 'qwertyuiop'
150 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
151 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
152 params['wpa_ptk_rekey'] = '2'
153 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
154 dev[0].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK-SHA256",
156 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
158 raise Exception("PTK rekey timed out")
159 hwsim_utils.test_connectivity(dev[0], hapd)
160 check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-6"),
161 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-6") ])
163 def test_ap_wpa_ptk_rekey(dev, apdev):
164 """WPA-PSK/TKIP AP and PTK rekey enforced by station"""
165 skip_with_fips(dev[0])
166 ssid = "test-wpa-psk"
167 passphrase = 'qwertyuiop'
168 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
169 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
170 dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412")
171 if "[WPA-PSK-TKIP]" not in dev[0].request("SCAN_RESULTS"):
172 raise Exception("Scan results missing WPA element info")
173 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
175 raise Exception("PTK rekey timed out")
176 hwsim_utils.test_connectivity(dev[0], hapd)
178 def test_ap_wpa_ptk_rekey_ap(dev, apdev):
179 """WPA-PSK/TKIP AP and PTK rekey enforced by AP"""
180 skip_with_fips(dev[0])
181 ssid = "test-wpa-psk"
182 passphrase = 'qwertyuiop'
183 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
184 params['wpa_ptk_rekey'] = '2'
185 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
186 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
187 ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=10)
189 raise Exception("PTK rekey timed out")
190 hwsim_utils.test_connectivity(dev[0], hapd)
192 def test_ap_wpa_ccmp(dev, apdev):
194 ssid = "test-wpa-psk"
195 passphrase = 'qwertyuiop'
196 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
197 params['wpa_pairwise'] = "CCMP"
198 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
199 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
200 hwsim_utils.test_connectivity(dev[0], hapd)
201 check_mib(dev[0], [ ("dot11RSNAConfigGroupCipherSize", "128"),
202 ("dot11RSNAGroupCipherRequested", "00-50-f2-4"),
203 ("dot11RSNAPairwiseCipherRequested", "00-50-f2-4"),
204 ("dot11RSNAAuthenticationSuiteRequested", "00-50-f2-2"),
205 ("dot11RSNAGroupCipherSelected", "00-50-f2-4"),
206 ("dot11RSNAPairwiseCipherSelected", "00-50-f2-4"),
207 ("dot11RSNAAuthenticationSuiteSelected", "00-50-f2-2"),
208 ("dot1xSuppSuppControlledPortStatus", "Authorized") ])
210 def test_ap_wpa2_psk_file(dev, apdev):
211 """WPA2-PSK AP with various PSK file error and success cases"""
212 addr0 = dev[0].own_addr()
213 addr1 = dev[1].own_addr()
214 addr2 = dev[2].own_addr()
216 pskfile = "/tmp/ap_wpa2_psk_file_errors.psk_file"
222 params = { "ssid": ssid, "wpa": "2", "wpa_key_mgmt": "WPA-PSK",
223 "rsn_pairwise": "CCMP", "wpa_psk_file": pskfile }
227 hapd = hostapd.add_ap(apdev[0]['ifname'], params, no_enable=True)
228 if "FAIL" not in hapd.request("ENABLE"):
229 raise Exception("Unexpected ENABLE success")
230 hapd.request("DISABLE")
232 # invalid MAC address
233 with open(pskfile, "w") as f:
236 if "FAIL" not in hapd.request("ENABLE"):
237 raise Exception("Unexpected ENABLE success")
238 hapd.request("DISABLE")
241 with open(pskfile, "w") as f:
242 f.write("00:11:22:33:44:55\n")
243 if "FAIL" not in hapd.request("ENABLE"):
244 raise Exception("Unexpected ENABLE success")
245 hapd.request("DISABLE")
248 with open(pskfile, "w") as f:
249 f.write("00:11:22:33:44:55 1234567\n")
250 if "FAIL" not in hapd.request("ENABLE"):
251 raise Exception("Unexpected ENABLE success")
252 hapd.request("DISABLE")
255 with open(pskfile, "w") as f:
256 f.write("00:11:22:33:44:55 12345678\n")
257 f.write(addr0 + " 123456789\n")
258 f.write(addr1 + " 123456789a\n")
259 f.write(addr2 + " 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\n")
260 if "FAIL" in hapd.request("ENABLE"):
261 raise Exception("Unexpected ENABLE failure")
263 dev[0].connect(ssid, psk="123456789", scan_freq="2412")
264 dev[1].connect(ssid, psk="123456789a", scan_freq="2412")
265 dev[2].connect(ssid, raw_psk="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef", scan_freq="2412")
273 def test_ap_wpa2_psk_wildcard_ssid(dev, apdev):
274 """WPA2-PSK AP and wildcard SSID configuration"""
275 ssid = "test-wpa2-psk"
276 passphrase = 'qwertyuiop'
277 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
278 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
279 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
280 dev[0].connect("", bssid=apdev[0]['bssid'], psk=passphrase,
282 dev[1].connect("", bssid=apdev[0]['bssid'], raw_psk=psk, scan_freq="2412")
284 def test_ap_wpa2_gtk_rekey(dev, apdev):
285 """WPA2-PSK AP and GTK rekey enforced by AP"""
286 ssid = "test-wpa2-psk"
287 passphrase = 'qwertyuiop'
288 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
289 params['wpa_group_rekey'] = '1'
290 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
291 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
292 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
294 raise Exception("GTK rekey timed out")
295 hwsim_utils.test_connectivity(dev[0], hapd)
297 def test_ap_wpa_gtk_rekey(dev, apdev):
298 """WPA-PSK/TKIP AP and GTK rekey enforced by AP"""
299 skip_with_fips(dev[0])
300 ssid = "test-wpa-psk"
301 passphrase = 'qwertyuiop'
302 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
303 params['wpa_group_rekey'] = '1'
304 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
305 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
306 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
308 raise Exception("GTK rekey timed out")
309 hwsim_utils.test_connectivity(dev[0], hapd)
311 def test_ap_wpa2_gmk_rekey(dev, apdev):
312 """WPA2-PSK AP and GMK and GTK rekey enforced by AP"""
313 ssid = "test-wpa2-psk"
314 passphrase = 'qwertyuiop'
315 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
316 params['wpa_group_rekey'] = '1'
317 params['wpa_gmk_rekey'] = '2'
318 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
319 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
320 for i in range(0, 3):
321 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
323 raise Exception("GTK rekey timed out")
324 hwsim_utils.test_connectivity(dev[0], hapd)
326 def test_ap_wpa2_strict_rekey(dev, apdev):
327 """WPA2-PSK AP and strict GTK rekey enforced by AP"""
328 ssid = "test-wpa2-psk"
329 passphrase = 'qwertyuiop'
330 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
331 params['wpa_strict_rekey'] = '1'
332 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
333 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
334 dev[1].connect(ssid, psk=passphrase, scan_freq="2412")
335 dev[1].request("DISCONNECT")
336 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
338 raise Exception("GTK rekey timed out")
339 hwsim_utils.test_connectivity(dev[0], hapd)
341 def test_ap_wpa2_bridge_fdb(dev, apdev):
342 """Bridge FDB entry removal"""
344 ssid = "test-wpa2-psk"
345 passphrase = "12345678"
346 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
347 params['bridge'] = 'ap-br0'
348 hostapd.add_ap(apdev[0]['ifname'], params)
349 subprocess.call(['brctl', 'setfd', 'ap-br0', '0'])
350 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
351 dev[0].connect(ssid, psk=passphrase, scan_freq="2412",
352 bssid=apdev[0]['bssid'])
353 dev[1].connect(ssid, psk=passphrase, scan_freq="2412",
354 bssid=apdev[0]['bssid'])
355 addr0 = dev[0].p2p_interface_addr()
356 hwsim_utils.test_connectivity_sta(dev[0], dev[1])
357 cmd = subprocess.Popen(['brctl', 'showmacs', 'ap-br0'],
358 stdout=subprocess.PIPE)
359 macs1 = cmd.stdout.read()
360 dev[0].request("DISCONNECT")
361 dev[1].request("DISCONNECT")
363 cmd = subprocess.Popen(['brctl', 'showmacs', 'ap-br0'],
364 stdout=subprocess.PIPE)
365 macs2 = cmd.stdout.read()
367 addr1 = dev[1].p2p_interface_addr()
368 if addr0 not in macs1 or addr1 not in macs1:
369 raise Exception("Bridge FDB entry missing")
370 if addr0 in macs2 or addr1 in macs2:
371 raise Exception("Bridge FDB entry was not removed")
373 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'])
374 subprocess.call(['brctl', 'delbr', 'ap-br0'])
376 def test_ap_wpa2_already_in_bridge(dev, apdev):
377 """hostapd behavior with interface already in bridge"""
378 ifname = apdev[0]['ifname']
379 br_ifname = 'ext-ap-br0'
381 ssid = "test-wpa2-psk"
382 passphrase = "12345678"
383 subprocess.call(['brctl', 'addbr', br_ifname])
384 subprocess.call(['brctl', 'setfd', br_ifname, '0'])
385 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'up'])
386 subprocess.call(['iw', ifname, 'set', 'type', '__ap'])
387 subprocess.call(['brctl', 'addif', br_ifname, ifname])
388 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
389 hapd = hostapd.add_ap(ifname, params)
390 if hapd.get_driver_status_field('brname') != br_ifname:
391 raise Exception("Bridge name not identified correctly")
392 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
394 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'down'])
395 subprocess.call(['brctl', 'delif', br_ifname, ifname])
396 subprocess.call(['iw', ifname, 'set', 'type', 'station'])
397 subprocess.call(['brctl', 'delbr', br_ifname])
399 def test_ap_wpa2_in_different_bridge(dev, apdev):
400 """hostapd behavior with interface in different bridge"""
401 ifname = apdev[0]['ifname']
402 br_ifname = 'ext-ap-br0'
404 ssid = "test-wpa2-psk"
405 passphrase = "12345678"
406 subprocess.call(['brctl', 'addbr', br_ifname])
407 subprocess.call(['brctl', 'setfd', br_ifname, '0'])
408 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'up'])
409 subprocess.call(['iw', ifname, 'set', 'type', '__ap'])
410 subprocess.call(['brctl', 'addif', br_ifname, ifname])
412 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
413 params['bridge'] = 'ap-br0'
414 hapd = hostapd.add_ap(ifname, params)
415 subprocess.call(['brctl', 'setfd', 'ap-br0', '0'])
416 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
417 brname = hapd.get_driver_status_field('brname')
418 if brname != 'ap-br0':
419 raise Exception("Incorrect bridge: " + brname)
420 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
421 hwsim_utils.test_connectivity_iface(dev[0], hapd, "ap-br0")
422 if hapd.get_driver_status_field("added_bridge") != "1":
423 raise Exception("Unexpected added_bridge value")
424 if hapd.get_driver_status_field("added_if_into_bridge") != "1":
425 raise Exception("Unexpected added_if_into_bridge value")
426 dev[0].request("DISCONNECT")
429 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'down'])
430 subprocess.call(['brctl', 'delif', br_ifname, ifname],
431 stderr=open('/dev/null', 'w'))
432 subprocess.call(['brctl', 'delbr', br_ifname])
434 def test_ap_wpa2_ext_add_to_bridge(dev, apdev):
435 """hostapd behavior with interface added to bridge externally"""
436 ifname = apdev[0]['ifname']
437 br_ifname = 'ext-ap-br0'
439 ssid = "test-wpa2-psk"
440 passphrase = "12345678"
441 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
442 hapd = hostapd.add_ap(ifname, params)
444 subprocess.call(['brctl', 'addbr', br_ifname])
445 subprocess.call(['brctl', 'setfd', br_ifname, '0'])
446 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'up'])
447 subprocess.call(['brctl', 'addif', br_ifname, ifname])
448 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
449 if hapd.get_driver_status_field('brname') != br_ifname:
450 raise Exception("Bridge name not identified correctly")
452 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'down'])
453 subprocess.call(['brctl', 'delif', br_ifname, ifname])
454 subprocess.call(['brctl', 'delbr', br_ifname])
456 def test_ap_wpa2_psk_ext(dev, apdev):
457 """WPA2-PSK AP using external EAPOL I/O"""
458 bssid = apdev[0]['bssid']
459 ssid = "test-wpa2-psk"
460 passphrase = 'qwertyuiop'
461 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
462 params = hostapd.wpa2_params(ssid=ssid)
463 params['wpa_psk'] = psk
464 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
465 hapd.request("SET ext_eapol_frame_io 1")
466 dev[0].request("SET ext_eapol_frame_io 1")
467 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
468 addr = dev[0].p2p_interface_addr()
470 ev = hapd.wait_event(["EAPOL-TX", "AP-STA-CONNECTED"], timeout=15)
472 raise Exception("Timeout on EAPOL-TX from hostapd")
473 if "AP-STA-CONNECTED" in ev:
474 dev[0].wait_connected(timeout=15)
476 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
478 raise Exception("EAPOL_RX to wpa_supplicant failed")
479 ev = dev[0].wait_event(["EAPOL-TX", "CTRL-EVENT-CONNECTED"], timeout=15)
481 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
482 if "CTRL-EVENT-CONNECTED" in ev:
484 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
486 raise Exception("EAPOL_RX to hostapd failed")
488 def test_ap_wpa2_psk_ext_retry_msg_3(dev, apdev):
489 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4"""
490 bssid = apdev[0]['bssid']
491 ssid = "test-wpa2-psk"
492 passphrase = 'qwertyuiop'
493 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
494 params = hostapd.wpa2_params(ssid=ssid)
495 params['wpa_psk'] = psk
496 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
497 hapd.request("SET ext_eapol_frame_io 1")
498 dev[0].request("SET ext_eapol_frame_io 1")
499 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
500 addr = dev[0].p2p_interface_addr()
503 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
505 raise Exception("Timeout on EAPOL-TX from hostapd")
506 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
508 raise Exception("EAPOL_RX to wpa_supplicant failed")
511 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
513 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
514 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
516 raise Exception("EAPOL_RX to hostapd failed")
519 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
521 raise Exception("Timeout on EAPOL-TX from hostapd")
522 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
524 raise Exception("EAPOL_RX to wpa_supplicant failed")
527 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
529 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
530 # Do not send to the AP
531 dev[0].wait_connected(timeout=15)
533 # EAPOL-Key msg 3/4 (retry)
534 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
536 raise Exception("Timeout on EAPOL-TX from hostapd")
537 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
539 raise Exception("EAPOL_RX to wpa_supplicant failed")
542 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
544 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
545 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
547 raise Exception("EAPOL_RX to hostapd failed")
549 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
551 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
553 hwsim_utils.test_connectivity(dev[0], hapd)
555 def parse_eapol(data):
556 (version, type, length) = struct.unpack('>BBH', data[0:4])
558 if length > len(payload):
559 raise Exception("Invalid EAPOL length")
560 if length < len(payload):
561 payload = payload[0:length]
563 eapol['version'] = version
565 eapol['length'] = length
566 eapol['payload'] = payload
569 (eapol['descr_type'],) = struct.unpack('B', payload[0:1])
570 payload = payload[1:]
571 if eapol['descr_type'] == 2 or eapol['descr_type'] == 254:
573 (key_info, key_len) = struct.unpack('>HH', payload[0:4])
574 eapol['rsn_key_info'] = key_info
575 eapol['rsn_key_len'] = key_len
576 eapol['rsn_replay_counter'] = payload[4:12]
577 eapol['rsn_key_nonce'] = payload[12:44]
578 eapol['rsn_key_iv'] = payload[44:60]
579 eapol['rsn_key_rsc'] = payload[60:68]
580 eapol['rsn_key_id'] = payload[68:76]
581 eapol['rsn_key_mic'] = payload[76:92]
582 payload = payload[92:]
583 (eapol['rsn_key_data_len'],) = struct.unpack('>H', payload[0:2])
584 payload = payload[2:]
585 eapol['rsn_key_data'] = payload
588 def build_eapol(msg):
589 data = struct.pack(">BBH", msg['version'], msg['type'], msg['length'])
591 data += struct.pack('>BHH', msg['descr_type'], msg['rsn_key_info'],
593 data += msg['rsn_replay_counter']
594 data += msg['rsn_key_nonce']
595 data += msg['rsn_key_iv']
596 data += msg['rsn_key_rsc']
597 data += msg['rsn_key_id']
598 data += msg['rsn_key_mic']
599 data += struct.pack('>H', msg['rsn_key_data_len'])
600 data += msg['rsn_key_data']
602 data += msg['payload']
605 def sha1_prf(key, label, data, outlen):
609 m = hmac.new(key, label, hashlib.sha1)
610 m.update(struct.pack('B', 0))
612 m.update(struct.pack('B', counter))
615 if outlen > len(hash):
619 res += hash[0:outlen]
623 def pmk_to_ptk(pmk, addr1, addr2, nonce1, nonce2):
625 data = binascii.unhexlify(addr1.replace(':','')) + binascii.unhexlify(addr2.replace(':',''))
627 data = binascii.unhexlify(addr2.replace(':','')) + binascii.unhexlify(addr1.replace(':',''))
629 data += nonce1 + nonce2
631 data += nonce2 + nonce1
632 label = "Pairwise key expansion"
633 ptk = sha1_prf(pmk, label, data, 48)
636 return (ptk, kck, kek)
638 def eapol_key_mic(kck, msg):
639 msg['rsn_key_mic'] = binascii.unhexlify('00000000000000000000000000000000')
640 data = build_eapol(msg)
641 m = hmac.new(kck, data, hashlib.sha1)
642 msg['rsn_key_mic'] = m.digest()[0:16]
644 def rsn_eapol_key_set(msg, key_info, key_len, nonce, data):
645 msg['rsn_key_info'] = key_info
646 msg['rsn_key_len'] = key_len
648 msg['rsn_key_nonce'] = nonce
650 msg['rsn_key_nonce'] = binascii.unhexlify('0000000000000000000000000000000000000000000000000000000000000000')
652 msg['rsn_key_data_len'] = len(data)
653 msg['rsn_key_data'] = data
654 msg['length'] = 95 + len(data)
656 msg['rsn_key_data_len'] = 0
657 msg['rsn_key_data'] = ''
660 def recv_eapol(hapd):
661 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
663 raise Exception("Timeout on EAPOL-TX from hostapd")
664 eapol = binascii.unhexlify(ev.split(' ')[2])
665 return parse_eapol(eapol)
667 def send_eapol(hapd, addr, data):
668 res = hapd.request("EAPOL_RX " + addr + " " + binascii.hexlify(data))
670 raise Exception("EAPOL_RX to hostapd failed")
672 def reply_eapol(info, hapd, addr, msg, key_info, nonce, data, kck):
673 logger.info("Send EAPOL-Key msg " + info)
674 rsn_eapol_key_set(msg, key_info, 0, nonce, data)
675 eapol_key_mic(kck, msg)
676 send_eapol(hapd, addr, build_eapol(msg))
678 def hapd_connected(hapd):
679 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
681 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
683 def eapol_test(apdev, dev, wpa2=True):
684 bssid = apdev['bssid']
686 ssid = "test-wpa2-psk"
688 ssid = "test-wpa-psk"
689 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
690 pmk = binascii.unhexlify(psk)
692 params = hostapd.wpa2_params(ssid=ssid)
694 params = hostapd.wpa_params(ssid=ssid)
695 params['wpa_psk'] = psk
696 hapd = hostapd.add_ap(apdev['ifname'], params)
697 hapd.request("SET ext_eapol_frame_io 1")
698 dev.request("SET ext_eapol_frame_io 1")
699 dev.connect(ssid, raw_psk=psk, scan_freq="2412", wait_connect=False)
700 addr = dev.p2p_interface_addr()
702 rsne = binascii.unhexlify('30140100000fac040100000fac040100000fac020000')
704 rsne = binascii.unhexlify('dd160050f20101000050f20201000050f20201000050f202')
705 snonce = binascii.unhexlify('1111111111111111111111111111111111111111111111111111111111111111')
706 return (bssid,ssid,hapd,snonce,pmk,addr,rsne)
708 def test_ap_wpa2_psk_ext_eapol(dev, apdev):
709 """WPA2-PSK AP using external EAPOL supplicant"""
710 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
712 msg = recv_eapol(hapd)
713 anonce = msg['rsn_key_nonce']
714 logger.info("Replay same data back")
715 send_eapol(hapd, addr, build_eapol(msg))
717 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
719 logger.info("Truncated Key Data in EAPOL-Key msg 2/4")
720 rsn_eapol_key_set(msg, 0x0101, 0, snonce, rsne)
721 msg['length'] = 95 + 22 - 1
722 send_eapol(hapd, addr, build_eapol(msg))
724 reply_eapol("2/4", hapd, addr, msg, 0x010a, snonce, rsne, kck)
726 msg = recv_eapol(hapd)
727 if anonce != msg['rsn_key_nonce']:
728 raise Exception("ANonce changed")
729 logger.info("Replay same data back")
730 send_eapol(hapd, addr, build_eapol(msg))
732 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
735 def test_ap_wpa2_psk_ext_eapol_retry1(dev, apdev):
736 """WPA2 4-way handshake with EAPOL-Key 1/4 retransmitted"""
737 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
739 msg1 = recv_eapol(hapd)
740 anonce = msg1['rsn_key_nonce']
742 msg2 = recv_eapol(hapd)
743 if anonce != msg2['rsn_key_nonce']:
744 raise Exception("ANonce changed")
746 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
748 logger.info("Send EAPOL-Key msg 2/4")
750 rsn_eapol_key_set(msg, 0x010a, 0, snonce, rsne)
751 eapol_key_mic(kck, msg)
752 send_eapol(hapd, addr, build_eapol(msg))
754 msg = recv_eapol(hapd)
755 if anonce != msg['rsn_key_nonce']:
756 raise Exception("ANonce changed")
758 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
761 def test_ap_wpa2_psk_ext_eapol_retry1b(dev, apdev):
762 """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted"""
763 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
765 msg1 = recv_eapol(hapd)
766 anonce = msg1['rsn_key_nonce']
767 msg2 = recv_eapol(hapd)
768 if anonce != msg2['rsn_key_nonce']:
769 raise Exception("ANonce changed")
771 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
772 reply_eapol("2/4 (a)", hapd, addr, msg1, 0x010a, snonce, rsne, kck)
773 reply_eapol("2/4 (b)", hapd, addr, msg2, 0x010a, snonce, rsne, kck)
775 msg = recv_eapol(hapd)
776 if anonce != msg['rsn_key_nonce']:
777 raise Exception("ANonce changed")
779 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
782 def test_ap_wpa2_psk_ext_eapol_retry1c(dev, apdev):
783 """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted and SNonce changing"""
784 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
786 msg1 = recv_eapol(hapd)
787 anonce = msg1['rsn_key_nonce']
789 msg2 = recv_eapol(hapd)
790 if anonce != msg2['rsn_key_nonce']:
791 raise Exception("ANonce changed")
792 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
793 reply_eapol("2/4 (a)", hapd, addr, msg1, 0x010a, snonce, rsne, kck)
795 snonce2 = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
796 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce2, anonce)
797 reply_eapol("2/4 (b)", hapd, addr, msg2, 0x010a, snonce2, rsne, kck)
799 msg = recv_eapol(hapd)
800 if anonce != msg['rsn_key_nonce']:
801 raise Exception("ANonce changed")
802 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
805 def test_ap_wpa2_psk_ext_eapol_retry1d(dev, apdev):
806 """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted and SNonce changing and older used"""
807 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
809 msg1 = recv_eapol(hapd)
810 anonce = msg1['rsn_key_nonce']
811 msg2 = recv_eapol(hapd)
812 if anonce != msg2['rsn_key_nonce']:
813 raise Exception("ANonce changed")
815 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
816 reply_eapol("2/4 (a)", hapd, addr, msg1, 0x010a, snonce, rsne, kck)
818 snonce2 = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
819 (ptk2, kck2, kek2) = pmk_to_ptk(pmk, addr, bssid, snonce2, anonce)
821 reply_eapol("2/4 (b)", hapd, addr, msg2, 0x010a, snonce2, rsne, kck2)
822 msg = recv_eapol(hapd)
823 if anonce != msg['rsn_key_nonce']:
824 raise Exception("ANonce changed")
825 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
828 def test_ap_wpa2_psk_ext_eapol_type_diff(dev, apdev):
829 """WPA2 4-way handshake using external EAPOL supplicant"""
830 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
832 msg = recv_eapol(hapd)
833 anonce = msg['rsn_key_nonce']
835 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
837 # Incorrect descriptor type (frame dropped)
838 msg['descr_type'] = 253
839 rsn_eapol_key_set(msg, 0x010a, 0, snonce, rsne)
840 eapol_key_mic(kck, msg)
841 send_eapol(hapd, addr, build_eapol(msg))
843 # Incorrect descriptor type, but with a workaround (frame processed)
844 msg['descr_type'] = 254
845 rsn_eapol_key_set(msg, 0x010a, 0, snonce, rsne)
846 eapol_key_mic(kck, msg)
847 send_eapol(hapd, addr, build_eapol(msg))
849 msg = recv_eapol(hapd)
850 if anonce != msg['rsn_key_nonce']:
851 raise Exception("ANonce changed")
852 logger.info("Replay same data back")
853 send_eapol(hapd, addr, build_eapol(msg))
855 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
858 def test_ap_wpa_psk_ext_eapol(dev, apdev):
859 """WPA2-PSK AP using external EAPOL supplicant"""
860 (bssid,ssid,hapd,snonce,pmk,addr,wpae) = eapol_test(apdev[0], dev[0],
863 msg = recv_eapol(hapd)
864 anonce = msg['rsn_key_nonce']
865 logger.info("Replay same data back")
866 send_eapol(hapd, addr, build_eapol(msg))
867 logger.info("Too short data")
868 send_eapol(hapd, addr, build_eapol(msg)[0:98])
870 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
871 msg['descr_type'] = 2
872 reply_eapol("2/4(invalid type)", hapd, addr, msg, 0x010a, snonce, wpae, kck)
873 msg['descr_type'] = 254
874 reply_eapol("2/4", hapd, addr, msg, 0x010a, snonce, wpae, kck)
876 msg = recv_eapol(hapd)
877 if anonce != msg['rsn_key_nonce']:
878 raise Exception("ANonce changed")
879 logger.info("Replay same data back")
880 send_eapol(hapd, addr, build_eapol(msg))
882 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
885 def test_ap_wpa2_psk_ext_eapol_key_info(dev, apdev):
886 """WPA2-PSK 4-way handshake with strange key info values"""
887 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
889 msg = recv_eapol(hapd)
890 anonce = msg['rsn_key_nonce']
892 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
893 rsn_eapol_key_set(msg, 0x0000, 0, snonce, rsne)
894 send_eapol(hapd, addr, build_eapol(msg))
895 rsn_eapol_key_set(msg, 0xffff, 0, snonce, rsne)
896 send_eapol(hapd, addr, build_eapol(msg))
898 rsn_eapol_key_set(msg, 0x2802, 0, snonce, rsne)
899 send_eapol(hapd, addr, build_eapol(msg))
901 rsn_eapol_key_set(msg, 0x2002, 0, snonce, rsne)
902 send_eapol(hapd, addr, build_eapol(msg))
904 rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne)
905 send_eapol(hapd, addr, build_eapol(msg))
907 rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne)
908 tmp_kck = binascii.unhexlify('00000000000000000000000000000000')
909 eapol_key_mic(tmp_kck, msg)
910 send_eapol(hapd, addr, build_eapol(msg))
912 reply_eapol("2/4", hapd, addr, msg, 0x010a, snonce, rsne, kck)
914 msg = recv_eapol(hapd)
915 if anonce != msg['rsn_key_nonce']:
916 raise Exception("ANonce changed")
918 # Request (valic MIC)
919 rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne)
920 eapol_key_mic(kck, msg)
921 send_eapol(hapd, addr, build_eapol(msg))
922 # Request (valid MIC, replayed counter)
923 rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne)
924 eapol_key_mic(kck, msg)
925 send_eapol(hapd, addr, build_eapol(msg))
927 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
930 def build_eapol_key_1_4(anonce, replay_counter=1, key_data='', key_len=16):
934 msg['length'] = 95 + len(key_data)
936 msg['descr_type'] = 2
937 msg['rsn_key_info'] = 0x8a
938 msg['rsn_key_len'] = key_len
939 msg['rsn_replay_counter'] = struct.pack('>Q', replay_counter)
940 msg['rsn_key_nonce'] = anonce
941 msg['rsn_key_iv'] = binascii.unhexlify('00000000000000000000000000000000')
942 msg['rsn_key_rsc'] = binascii.unhexlify('0000000000000000')
943 msg['rsn_key_id'] = binascii.unhexlify('0000000000000000')
944 msg['rsn_key_mic'] = binascii.unhexlify('00000000000000000000000000000000')
945 msg['rsn_key_data_len'] = len(key_data)
946 msg['rsn_key_data'] = key_data
949 def build_eapol_key_3_4(anonce, kck, key_data, replay_counter=2,
950 key_info=0x13ca, extra_len=0, descr_type=2, key_len=16):
954 msg['length'] = 95 + len(key_data) + extra_len
956 msg['descr_type'] = descr_type
957 msg['rsn_key_info'] = key_info
958 msg['rsn_key_len'] = key_len
959 msg['rsn_replay_counter'] = struct.pack('>Q', replay_counter)
960 msg['rsn_key_nonce'] = anonce
961 msg['rsn_key_iv'] = binascii.unhexlify('00000000000000000000000000000000')
962 msg['rsn_key_rsc'] = binascii.unhexlify('0000000000000000')
963 msg['rsn_key_id'] = binascii.unhexlify('0000000000000000')
964 msg['rsn_key_data_len'] = len(key_data)
965 msg['rsn_key_data'] = key_data
966 eapol_key_mic(kck, msg)
969 def aes_wrap(kek, plain):
971 a = 0xa6a6a6a6a6a6a6a6
972 enc = AES.new(kek).encrypt
973 r = [plain[i * 8:(i + 1) * 8] for i in range(0, n)]
975 for i in range(1, n + 1):
976 b = enc(struct.pack('>Q', a) + r[i - 1])
977 a = struct.unpack('>Q', b[:8])[0] ^ (n * j + i)
979 return struct.pack('>Q', a) + ''.join(r)
981 def pad_key_data(plain):
982 pad_len = len(plain) % 8
984 pad_len = 8 - pad_len
987 plain += pad_len * '\0'
990 def test_ap_wpa2_psk_supp_proto(dev, apdev):
991 """WPA2-PSK 4-way handshake protocol testing for supplicant"""
992 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
994 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
995 msg = recv_eapol(hapd)
996 dev[0].dump_monitor()
998 # Build own EAPOL-Key msg 1/4
999 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1001 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1003 send_eapol(dev[0], addr, build_eapol(msg))
1004 msg = recv_eapol(dev[0])
1005 snonce = msg['rsn_key_nonce']
1007 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1009 logger.debug("Invalid AES wrap data length 0")
1010 dev[0].dump_monitor()
1011 msg = build_eapol_key_3_4(anonce, kck, '', replay_counter=counter)
1013 send_eapol(dev[0], addr, build_eapol(msg))
1014 ev = dev[0].wait_event(["WPA: Unsupported AES-WRAP len 0"])
1016 raise Exception("Unsupported AES-WRAP len 0 not reported")
1018 logger.debug("Invalid AES wrap data length 1")
1019 dev[0].dump_monitor()
1020 msg = build_eapol_key_3_4(anonce, kck, '1', replay_counter=counter)
1022 send_eapol(dev[0], addr, build_eapol(msg))
1023 ev = dev[0].wait_event(["WPA: Unsupported AES-WRAP len 1"])
1025 raise Exception("Unsupported AES-WRAP len 1 not reported")
1027 logger.debug("Invalid AES wrap data length 9")
1028 dev[0].dump_monitor()
1029 msg = build_eapol_key_3_4(anonce, kck, '123456789', replay_counter=counter)
1031 send_eapol(dev[0], addr, build_eapol(msg))
1032 ev = dev[0].wait_event(["WPA: Unsupported AES-WRAP len 9"])
1034 raise Exception("Unsupported AES-WRAP len 9 not reported")
1036 logger.debug("Invalid AES wrap data payload")
1037 dev[0].dump_monitor()
1038 msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter)
1039 # do not increment counter to test replay protection
1040 send_eapol(dev[0], addr, build_eapol(msg))
1041 ev = dev[0].wait_event(["WPA: AES unwrap failed"])
1043 raise Exception("AES unwrap failure not reported")
1045 logger.debug("Replay Count not increasing")
1046 dev[0].dump_monitor()
1047 msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter)
1049 send_eapol(dev[0], addr, build_eapol(msg))
1050 ev = dev[0].wait_event(["WPA: EAPOL-Key Replay Counter did not increase"])
1052 raise Exception("Replay Counter replay not reported")
1054 logger.debug("Missing Ack bit in key info")
1055 dev[0].dump_monitor()
1056 msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter,
1059 send_eapol(dev[0], addr, build_eapol(msg))
1060 ev = dev[0].wait_event(["WPA: No Ack bit in key_info"])
1062 raise Exception("Missing Ack bit not reported")
1064 logger.debug("Unexpected Request bit in key info")
1065 dev[0].dump_monitor()
1066 msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter,
1069 send_eapol(dev[0], addr, build_eapol(msg))
1070 ev = dev[0].wait_event(["WPA: EAPOL-Key with Request bit"])
1072 raise Exception("Request bit not reported")
1074 logger.debug("Unsupported key descriptor version 0")
1075 dev[0].dump_monitor()
1076 msg = build_eapol_key_3_4(anonce, kck, '0123456789abcdef',
1077 replay_counter=counter, key_info=0x13c8)
1079 send_eapol(dev[0], addr, build_eapol(msg))
1080 ev = dev[0].wait_event(["WPA: Unsupported EAPOL-Key descriptor version 0"])
1082 raise Exception("Unsupported EAPOL-Key descriptor version 0 not reported")
1084 logger.debug("Key descriptor version 1 not allowed with CCMP")
1085 dev[0].dump_monitor()
1086 msg = build_eapol_key_3_4(anonce, kck, '0123456789abcdef',
1087 replay_counter=counter, key_info=0x13c9)
1089 send_eapol(dev[0], addr, build_eapol(msg))
1090 ev = dev[0].wait_event(["WPA: CCMP is used, but EAPOL-Key descriptor version (1) is not 2"])
1092 raise Exception("Not allowed EAPOL-Key descriptor version not reported")
1094 logger.debug("Invalid AES wrap payload with key descriptor version 2")
1095 dev[0].dump_monitor()
1096 msg = build_eapol_key_3_4(anonce, kck, '0123456789abcdef',
1097 replay_counter=counter, key_info=0x13ca)
1099 send_eapol(dev[0], addr, build_eapol(msg))
1100 ev = dev[0].wait_event(["WPA: AES unwrap failed"])
1102 raise Exception("AES unwrap failure not reported")
1104 logger.debug("Key descriptor version 3 workaround")
1105 dev[0].dump_monitor()
1106 msg = build_eapol_key_3_4(anonce, kck, '0123456789abcdef',
1107 replay_counter=counter, key_info=0x13cb)
1109 send_eapol(dev[0], addr, build_eapol(msg))
1110 ev = dev[0].wait_event(["WPA: CCMP is used, but EAPOL-Key descriptor version (3) is not 2"])
1112 raise Exception("CCMP key descriptor mismatch not reported")
1113 ev = dev[0].wait_event(["WPA: Interoperability workaround"])
1115 raise Exception("AES-128-CMAC workaround not reported")
1116 ev = dev[0].wait_event(["WPA: Invalid EAPOL-Key MIC - dropping packet"])
1118 raise Exception("MIC failure with AES-128-CMAC workaround not reported")
1120 logger.debug("Unsupported key descriptor version 4")
1121 dev[0].dump_monitor()
1122 msg = build_eapol_key_3_4(anonce, kck, '0123456789abcdef',
1123 replay_counter=counter, key_info=0x13cc)
1125 send_eapol(dev[0], addr, build_eapol(msg))
1126 ev = dev[0].wait_event(["WPA: Unsupported EAPOL-Key descriptor version 4"])
1128 raise Exception("Unsupported EAPOL-Key descriptor version 4 not reported")
1130 logger.debug("Unsupported key descriptor version 7")
1131 dev[0].dump_monitor()
1132 msg = build_eapol_key_3_4(anonce, kck, '0123456789abcdef',
1133 replay_counter=counter, key_info=0x13cf)
1135 send_eapol(dev[0], addr, build_eapol(msg))
1136 ev = dev[0].wait_event(["WPA: Unsupported EAPOL-Key descriptor version 7"])
1138 raise Exception("Unsupported EAPOL-Key descriptor version 7 not reported")
1140 logger.debug("Too short EAPOL header length")
1141 dev[0].dump_monitor()
1142 msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter,
1145 send_eapol(dev[0], addr, build_eapol(msg))
1146 ev = dev[0].wait_event(["WPA: Invalid EAPOL-Key frame - key_data overflow (8 > 7)"])
1148 raise Exception("Key data overflow not reported")
1150 logger.debug("Too long EAPOL header length")
1151 msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter,
1154 send_eapol(dev[0], addr, build_eapol(msg))
1156 logger.debug("Unsupported descriptor type 0")
1157 msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter,
1160 send_eapol(dev[0], addr, build_eapol(msg))
1162 logger.debug("WPA descriptor type 0")
1163 msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter,
1166 send_eapol(dev[0], addr, build_eapol(msg))
1168 logger.debug("Non-zero key index for pairwise key")
1169 dev[0].dump_monitor()
1170 wrapped = aes_wrap(kek, 16*'z')
1171 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
1174 send_eapol(dev[0], addr, build_eapol(msg))
1175 ev = dev[0].wait_event(["WPA: Ignored EAPOL-Key (Pairwise) with non-zero key index"])
1177 raise Exception("Non-zero key index not reported")
1179 logger.debug("Invalid Key Data plaintext payload --> disconnect")
1180 dev[0].dump_monitor()
1181 wrapped = aes_wrap(kek, 16*'z')
1182 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1184 send_eapol(dev[0], addr, build_eapol(msg))
1185 dev[0].wait_disconnected(timeout=1)
1187 def test_ap_wpa2_psk_supp_proto_no_ie(dev, apdev):
1188 """WPA2-PSK supplicant protocol testing: IE not included"""
1189 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1191 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1192 msg = recv_eapol(hapd)
1193 dev[0].dump_monitor()
1195 # Build own EAPOL-Key msg 1/4
1196 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1198 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1200 send_eapol(dev[0], addr, build_eapol(msg))
1201 msg = recv_eapol(dev[0])
1202 snonce = msg['rsn_key_nonce']
1204 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1206 logger.debug("No IEs in msg 3/4 --> disconnect")
1207 dev[0].dump_monitor()
1208 wrapped = aes_wrap(kek, 16*'\0')
1209 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1211 send_eapol(dev[0], addr, build_eapol(msg))
1212 dev[0].wait_disconnected(timeout=1)
1214 def test_ap_wpa2_psk_supp_proto_ie_mismatch(dev, apdev):
1215 """WPA2-PSK supplicant protocol testing: IE mismatch"""
1216 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1218 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1219 msg = recv_eapol(hapd)
1220 dev[0].dump_monitor()
1222 # Build own EAPOL-Key msg 1/4
1223 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1225 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1227 send_eapol(dev[0], addr, build_eapol(msg))
1228 msg = recv_eapol(dev[0])
1229 snonce = msg['rsn_key_nonce']
1231 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1233 logger.debug("Msg 3/4 with mismatching IE")
1234 dev[0].dump_monitor()
1235 wrapped = aes_wrap(kek, pad_key_data(binascii.unhexlify('30060100000fac04dd16000fac010100dc11188831bf4aa4a8678d2b41498618')))
1236 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1238 send_eapol(dev[0], addr, build_eapol(msg))
1239 dev[0].wait_disconnected(timeout=1)
1241 def test_ap_wpa2_psk_supp_proto_ok(dev, apdev):
1242 """WPA2-PSK supplicant protocol testing: success"""
1243 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1245 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1246 msg = recv_eapol(hapd)
1247 dev[0].dump_monitor()
1249 # Build own EAPOL-Key msg 1/4
1250 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1252 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1254 send_eapol(dev[0], addr, build_eapol(msg))
1255 msg = recv_eapol(dev[0])
1256 snonce = msg['rsn_key_nonce']
1258 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1260 logger.debug("Valid EAPOL-Key msg 3/4")
1261 dev[0].dump_monitor()
1262 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
1263 wrapped = aes_wrap(kek, pad_key_data(plain))
1264 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1266 send_eapol(dev[0], addr, build_eapol(msg))
1267 dev[0].wait_connected(timeout=1)
1269 def test_ap_wpa2_psk_supp_proto_no_gtk(dev, apdev):
1270 """WPA2-PSK supplicant protocol testing: no GTK"""
1271 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1273 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1274 msg = recv_eapol(hapd)
1275 dev[0].dump_monitor()
1277 # Build own EAPOL-Key msg 1/4
1278 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1280 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1282 send_eapol(dev[0], addr, build_eapol(msg))
1283 msg = recv_eapol(dev[0])
1284 snonce = msg['rsn_key_nonce']
1286 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1288 logger.debug("EAPOL-Key msg 3/4 without GTK KDE")
1289 dev[0].dump_monitor()
1290 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00')
1291 wrapped = aes_wrap(kek, pad_key_data(plain))
1292 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1294 send_eapol(dev[0], addr, build_eapol(msg))
1295 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.1)
1297 raise Exception("Unexpected connection completion reported")
1299 def test_ap_wpa2_psk_supp_proto_anonce_change(dev, apdev):
1300 """WPA2-PSK supplicant protocol testing: ANonce change"""
1301 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1303 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1304 msg = recv_eapol(hapd)
1305 dev[0].dump_monitor()
1307 # Build own EAPOL-Key msg 1/4
1308 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1310 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1312 send_eapol(dev[0], addr, build_eapol(msg))
1313 msg = recv_eapol(dev[0])
1314 snonce = msg['rsn_key_nonce']
1316 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1318 logger.debug("Valid EAPOL-Key msg 3/4")
1319 dev[0].dump_monitor()
1320 anonce2 = binascii.unhexlify('3333333333333333333333333333333333333333333333333333333333333333')
1321 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
1322 wrapped = aes_wrap(kek, pad_key_data(plain))
1323 msg = build_eapol_key_3_4(anonce2, kck, wrapped, replay_counter=counter)
1325 send_eapol(dev[0], addr, build_eapol(msg))
1326 ev = dev[0].wait_event(["WPA: ANonce from message 1 of 4-Way Handshake differs from 3 of 4-Way Handshake"])
1328 raise Exception("ANonce change not reported")
1330 def test_ap_wpa2_psk_supp_proto_unexpected_group_msg(dev, apdev):
1331 """WPA2-PSK supplicant protocol testing: unexpected group message"""
1332 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1334 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1335 msg = recv_eapol(hapd)
1336 dev[0].dump_monitor()
1338 # Build own EAPOL-Key msg 1/4
1339 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1341 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1343 send_eapol(dev[0], addr, build_eapol(msg))
1344 msg = recv_eapol(dev[0])
1345 snonce = msg['rsn_key_nonce']
1347 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1349 logger.debug("Group key 1/2 instead of msg 3/4")
1350 dev[0].dump_monitor()
1351 wrapped = aes_wrap(kek, binascii.unhexlify('dd16000fac010100dc11188831bf4aa4a8678d2b41498618'))
1352 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
1355 send_eapol(dev[0], addr, build_eapol(msg))
1356 ev = dev[0].wait_event(["WPA: Group Key Handshake started prior to completion of 4-way handshake"])
1358 raise Exception("Unexpected group key message not reported")
1359 dev[0].wait_disconnected(timeout=1)
1361 def test_ap_wpa2_psk_supp_proto_msg_1_invalid_kde(dev, apdev):
1362 """WPA2-PSK supplicant protocol testing: invalid KDE in msg 1/4"""
1363 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1365 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1366 msg = recv_eapol(hapd)
1367 dev[0].dump_monitor()
1369 # Build own EAPOL-Key msg 1/4 with invalid KDE
1370 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1372 msg = build_eapol_key_1_4(anonce, replay_counter=counter,
1373 key_data=binascii.unhexlify('5555'))
1375 send_eapol(dev[0], addr, build_eapol(msg))
1376 dev[0].wait_disconnected(timeout=1)
1378 def test_ap_wpa2_psk_supp_proto_wrong_pairwise_key_len(dev, apdev):
1379 """WPA2-PSK supplicant protocol testing: wrong pairwise key length"""
1380 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1382 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1383 msg = recv_eapol(hapd)
1384 dev[0].dump_monitor()
1386 # Build own EAPOL-Key msg 1/4
1387 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1389 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1391 send_eapol(dev[0], addr, build_eapol(msg))
1392 msg = recv_eapol(dev[0])
1393 snonce = msg['rsn_key_nonce']
1395 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1397 logger.debug("Valid EAPOL-Key msg 3/4")
1398 dev[0].dump_monitor()
1399 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
1400 wrapped = aes_wrap(kek, pad_key_data(plain))
1401 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
1404 send_eapol(dev[0], addr, build_eapol(msg))
1405 ev = dev[0].wait_event(["WPA: Invalid CCMP key length 15"])
1407 raise Exception("Invalid CCMP key length not reported")
1408 dev[0].wait_disconnected(timeout=1)
1410 def test_ap_wpa2_psk_supp_proto_wrong_group_key_len(dev, apdev):
1411 """WPA2-PSK supplicant protocol testing: wrong group key length"""
1412 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1414 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1415 msg = recv_eapol(hapd)
1416 dev[0].dump_monitor()
1418 # Build own EAPOL-Key msg 1/4
1419 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1421 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1423 send_eapol(dev[0], addr, build_eapol(msg))
1424 msg = recv_eapol(dev[0])
1425 snonce = msg['rsn_key_nonce']
1427 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1429 logger.debug("Valid EAPOL-Key msg 3/4")
1430 dev[0].dump_monitor()
1431 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd15000fac010100dc11188831bf4aa4a8678d2b414986')
1432 wrapped = aes_wrap(kek, pad_key_data(plain))
1433 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1435 send_eapol(dev[0], addr, build_eapol(msg))
1436 ev = dev[0].wait_event(["WPA: Unsupported CCMP Group Cipher key length 15"])
1438 raise Exception("Invalid CCMP key length not reported")
1439 dev[0].wait_disconnected(timeout=1)
1441 def test_ap_wpa2_psk_supp_proto_gtk_tx_bit_workaround(dev, apdev):
1442 """WPA2-PSK supplicant protocol testing: GTK TX bit workaround"""
1443 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1445 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1446 msg = recv_eapol(hapd)
1447 dev[0].dump_monitor()
1449 # Build own EAPOL-Key msg 1/4
1450 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1452 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1454 send_eapol(dev[0], addr, build_eapol(msg))
1455 msg = recv_eapol(dev[0])
1456 snonce = msg['rsn_key_nonce']
1458 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1460 logger.debug("Valid EAPOL-Key msg 3/4")
1461 dev[0].dump_monitor()
1462 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010500dc11188831bf4aa4a8678d2b41498618')
1463 wrapped = aes_wrap(kek, pad_key_data(plain))
1464 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1466 send_eapol(dev[0], addr, build_eapol(msg))
1467 ev = dev[0].wait_event(["WPA: Tx bit set for GTK, but pairwise keys are used - ignore Tx bit"])
1469 raise Exception("GTK Tx bit workaround not reported")
1470 dev[0].wait_connected(timeout=1)
1472 def test_ap_wpa2_psk_supp_proto_gtk_keyidx_0_and_3(dev, apdev):
1473 """WPA2-PSK supplicant protocol testing: GTK key index 0 and 3"""
1474 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1476 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1477 msg = recv_eapol(hapd)
1478 dev[0].dump_monitor()
1480 # Build own EAPOL-Key msg 1/4
1481 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1483 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1485 send_eapol(dev[0], addr, build_eapol(msg))
1486 msg = recv_eapol(dev[0])
1487 snonce = msg['rsn_key_nonce']
1489 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1491 logger.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)")
1492 dev[0].dump_monitor()
1493 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618')
1494 wrapped = aes_wrap(kek, pad_key_data(plain))
1495 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1497 send_eapol(dev[0], addr, build_eapol(msg))
1498 dev[0].wait_connected(timeout=1)
1500 logger.debug("Valid EAPOL-Key group msg 1/2 (GTK keyidx 3)")
1501 dev[0].dump_monitor()
1502 plain = binascii.unhexlify('dd16000fac010300dc11188831bf4aa4a8678d2b41498618')
1503 wrapped = aes_wrap(kek, pad_key_data(plain))
1504 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
1507 send_eapol(dev[0], addr, build_eapol(msg))
1508 msg = recv_eapol(dev[0])
1509 ev = dev[0].wait_event(["WPA: Group rekeying completed"])
1511 raise Exception("GTK rekeing not reported")
1513 logger.debug("Unencrypted GTK KDE in group msg 1/2")
1514 dev[0].dump_monitor()
1515 plain = binascii.unhexlify('dd16000fac010300dc11188831bf4aa4a8678d2b41498618')
1516 msg = build_eapol_key_3_4(anonce, kck, plain, replay_counter=counter,
1519 send_eapol(dev[0], addr, build_eapol(msg))
1520 ev = dev[0].wait_event(["WPA: GTK IE in unencrypted key data"])
1522 raise Exception("Unencrypted GTK KDE not reported")
1523 dev[0].wait_disconnected(timeout=1)
1525 def test_ap_wpa2_psk_supp_proto_no_gtk_in_group_msg(dev, apdev):
1526 """WPA2-PSK supplicant protocol testing: GTK KDE missing from group msg"""
1527 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1529 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1530 msg = recv_eapol(hapd)
1531 dev[0].dump_monitor()
1533 # Build own EAPOL-Key msg 1/4
1534 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1536 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1538 send_eapol(dev[0], addr, build_eapol(msg))
1539 msg = recv_eapol(dev[0])
1540 snonce = msg['rsn_key_nonce']
1542 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1544 logger.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)")
1545 dev[0].dump_monitor()
1546 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618')
1547 wrapped = aes_wrap(kek, pad_key_data(plain))
1548 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1550 send_eapol(dev[0], addr, build_eapol(msg))
1551 dev[0].wait_connected(timeout=1)
1553 logger.debug("No GTK KDE in EAPOL-Key group msg 1/2")
1554 dev[0].dump_monitor()
1555 plain = binascii.unhexlify('dd00dd00dd00dd00dd00dd00dd00dd00')
1556 wrapped = aes_wrap(kek, pad_key_data(plain))
1557 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
1560 send_eapol(dev[0], addr, build_eapol(msg))
1561 ev = dev[0].wait_event(["WPA: No GTK IE in Group Key msg 1/2"])
1563 raise Exception("Missing GTK KDE not reported")
1564 dev[0].wait_disconnected(timeout=1)
1566 def test_ap_wpa2_psk_supp_proto_too_long_gtk_in_group_msg(dev, apdev):
1567 """WPA2-PSK supplicant protocol testing: too long GTK KDE in group msg"""
1568 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1570 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1571 msg = recv_eapol(hapd)
1572 dev[0].dump_monitor()
1574 # Build own EAPOL-Key msg 1/4
1575 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1577 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1579 send_eapol(dev[0], addr, build_eapol(msg))
1580 msg = recv_eapol(dev[0])
1581 snonce = msg['rsn_key_nonce']
1583 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1585 logger.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)")
1586 dev[0].dump_monitor()
1587 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618')
1588 wrapped = aes_wrap(kek, pad_key_data(plain))
1589 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1591 send_eapol(dev[0], addr, build_eapol(msg))
1592 dev[0].wait_connected(timeout=1)
1594 logger.debug("EAPOL-Key group msg 1/2 with too long GTK KDE")
1595 dev[0].dump_monitor()
1596 plain = binascii.unhexlify('dd27000fac010100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff')
1597 wrapped = aes_wrap(kek, pad_key_data(plain))
1598 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
1601 send_eapol(dev[0], addr, build_eapol(msg))
1602 ev = dev[0].wait_event(["WPA: Unsupported CCMP Group Cipher key length 33"])
1604 raise Exception("Too long GTK KDE not reported")
1605 dev[0].wait_disconnected(timeout=1)
1607 def test_ap_wpa2_psk_supp_proto_too_long_gtk_kde(dev, apdev):
1608 """WPA2-PSK supplicant protocol testing: too long GTK KDE"""
1609 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1611 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1612 msg = recv_eapol(hapd)
1613 dev[0].dump_monitor()
1615 # Build own EAPOL-Key msg 1/4
1616 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1618 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1620 send_eapol(dev[0], addr, build_eapol(msg))
1621 msg = recv_eapol(dev[0])
1622 snonce = msg['rsn_key_nonce']
1624 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1626 logger.debug("EAPOL-Key msg 3/4 with too short GTK KDE")
1627 dev[0].dump_monitor()
1628 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd27000fac010100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff')
1629 wrapped = aes_wrap(kek, pad_key_data(plain))
1630 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1632 send_eapol(dev[0], addr, build_eapol(msg))
1633 dev[0].wait_disconnected(timeout=1)
1635 def test_ap_wpa2_psk_supp_proto_gtk_not_encrypted(dev, apdev):
1636 """WPA2-PSK supplicant protocol testing: GTK KDE not encrypted"""
1637 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1639 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1640 msg = recv_eapol(hapd)
1641 dev[0].dump_monitor()
1643 # Build own EAPOL-Key msg 1/4
1644 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1646 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1648 send_eapol(dev[0], addr, build_eapol(msg))
1649 msg = recv_eapol(dev[0])
1650 snonce = msg['rsn_key_nonce']
1652 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1654 logger.debug("Valid EAPOL-Key msg 3/4")
1655 dev[0].dump_monitor()
1656 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
1657 msg = build_eapol_key_3_4(anonce, kck, plain, replay_counter=counter,
1660 send_eapol(dev[0], addr, build_eapol(msg))
1661 ev = dev[0].wait_event(["WPA: GTK IE in unencrypted key data"])
1663 raise Exception("Unencrypted GTK KDE not reported")
1664 dev[0].wait_disconnected(timeout=1)
1666 def find_wpas_process(dev):
1668 cmd = subprocess.Popen(['ps', 'ax'], stdout=subprocess.PIPE)
1669 (data,err) = cmd.communicate()
1670 for l in data.splitlines():
1671 if "wpa_supplicant" not in l:
1673 if "-i" + ifname not in l:
1675 return int(l.strip().split(' ')[0])
1676 raise Exception("Could not find wpa_supplicant process")
1678 def read_process_memory(pid, key=None):
1680 with open('/proc/%d/maps' % pid, 'r') as maps, \
1681 open('/proc/%d/mem' % pid, 'r') as mem:
1682 for l in maps.readlines():
1683 m = re.match(r'([0-9a-f]+)-([0-9a-f]+) ([-r][-w][-x][-p])', l)
1686 start = int(m.group(1), 16)
1687 end = int(m.group(2), 16)
1689 if start > 0xffffffffffff:
1693 if not perm.startswith('rw'):
1696 data = mem.read(end - start)
1698 if key and key in data:
1699 logger.info("Key found in " + l)
1702 def verify_not_present(buf, key, fname, keyname):
1707 prefix = 2048 if pos > 2048 else pos
1708 with open(fname + keyname, 'w') as f:
1709 f.write(buf[pos - prefix:pos + 2048])
1710 raise Exception(keyname + " found after disassociation")
1712 def get_key_locations(buf, key, keyname):
1716 pos = buf.find(key, pos)
1719 logger.info("Found %s at %d" % (keyname, pos))
1724 def test_wpa2_psk_key_lifetime_in_memory(dev, apdev, params):
1725 """WPA2-PSK and PSK/PTK lifetime in memory"""
1726 ssid = "test-wpa2-psk"
1727 passphrase = 'qwertyuiop'
1728 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
1729 pmk = binascii.unhexlify(psk)
1730 p = hostapd.wpa2_params(ssid=ssid)
1732 hapd = hostapd.add_ap(apdev[0]['ifname'], p)
1734 pid = find_wpas_process(dev[0])
1736 id = dev[0].connect(ssid, raw_psk=psk, scan_freq="2412",
1737 only_add_network=True)
1739 logger.info("Checking keys in memory after network profile configuration")
1740 buf = read_process_memory(pid, pmk)
1741 get_key_locations(buf, pmk, "PMK")
1743 dev[0].request("REMOVE_NETWORK all")
1744 logger.info("Checking keys in memory after network profile removal")
1745 buf = read_process_memory(pid, pmk)
1746 get_key_locations(buf, pmk, "PMK")
1748 id = dev[0].connect(ssid, psk=passphrase, scan_freq="2412",
1749 only_add_network=True)
1751 logger.info("Checking keys in memory before connection")
1752 buf = read_process_memory(pid, pmk)
1753 get_key_locations(buf, pmk, "PMK")
1755 dev[0].connect_network(id, timeout=20)
1758 buf = read_process_memory(pid, pmk)
1760 dev[0].request("DISCONNECT")
1761 dev[0].wait_disconnected()
1766 with open(os.path.join(params['logdir'], 'log0'), 'r') as f:
1767 for l in f.readlines():
1768 if "WPA: PTK - hexdump" in l:
1769 val = l.strip().split(':')[3].replace(' ', '')
1770 ptk = binascii.unhexlify(val)
1771 if "WPA: Group Key - hexdump" in l:
1772 val = l.strip().split(':')[3].replace(' ', '')
1773 gtk = binascii.unhexlify(val)
1774 if not pmk or not ptk or not gtk:
1775 raise Exception("Could not find keys from debug log")
1777 raise Exception("Unexpected GTK length")
1783 logger.info("Checking keys in memory while associated")
1784 get_key_locations(buf, pmk, "PMK")
1786 raise HwsimSkip("PMK not found while associated")
1788 raise Exception("KCK not found while associated")
1790 raise Exception("KEK not found while associated")
1792 raise Exception("TK found from memory")
1794 raise Exception("GTK found from memory")
1796 logger.info("Checking keys in memory after disassociation")
1797 buf = read_process_memory(pid, pmk)
1798 get_key_locations(buf, pmk, "PMK")
1800 # Note: PMK/PSK is still present in network configuration
1802 fname = os.path.join(params['logdir'],
1803 'wpa2_psk_key_lifetime_in_memory.memctx-')
1804 verify_not_present(buf, kck, fname, "KCK")
1805 verify_not_present(buf, kek, fname, "KEK")
1806 verify_not_present(buf, tk, fname, "TK")
1807 verify_not_present(buf, gtk, fname, "GTK")
1809 dev[0].request("REMOVE_NETWORK all")
1811 logger.info("Checking keys in memory after network profile removal")
1812 buf = read_process_memory(pid, pmk)
1813 get_key_locations(buf, pmk, "PMK")
1815 verify_not_present(buf, pmk, fname, "PMK")
1816 verify_not_present(buf, kck, fname, "KCK")
1817 verify_not_present(buf, kek, fname, "KEK")
1818 verify_not_present(buf, tk, fname, "TK")
1819 verify_not_present(buf, gtk, fname, "GTK")
1821 def test_ap_wpa2_psk_wep(dev, apdev):
1822 """WPA2-PSK AP and WEP enabled"""
1823 ssid = "test-wpa2-psk"
1824 passphrase = 'qwertyuiop'
1825 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
1826 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
1828 hapd.set('wep_key0', '"hello"')
1829 raise Exception("WEP key accepted to WPA2 network")
1833 def test_ap_wpa2_psk_wpas_in_bridge(dev, apdev):
1834 """WPA2-PSK AP and wpas interface in a bridge"""
1838 _test_ap_wpa2_psk_wpas_in_bridge(dev, apdev)
1840 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'down'])
1841 subprocess.call(['brctl', 'delif', br_ifname, ifname])
1842 subprocess.call(['brctl', 'delbr', br_ifname])
1843 subprocess.call(['iw', ifname, 'set', '4addr', 'off'])
1845 def _test_ap_wpa2_psk_wpas_in_bridge(dev, apdev):
1846 ssid = "test-wpa2-psk"
1847 passphrase = 'qwertyuiop'
1848 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
1849 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
1853 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
1854 subprocess.call(['brctl', 'addbr', br_ifname])
1855 subprocess.call(['brctl', 'setfd', br_ifname, '0'])
1856 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'up'])
1857 subprocess.call(['iw', ifname, 'set', '4addr', 'on'])
1858 subprocess.check_call(['brctl', 'addif', br_ifname, ifname])
1859 wpas.interface_add(ifname, br_ifname=br_ifname)
1862 wpas.connect(ssid, psk=passphrase, scan_freq="2412")
1865 def test_ap_wpa2_psk_ifdown(dev, apdev):
1866 """AP with open mode and external ifconfig down"""
1867 ssid = "test-wpa2-psk"
1868 passphrase = 'qwertyuiop'
1869 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
1870 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
1871 bssid = apdev[0]['bssid']
1873 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
1874 subprocess.call(['ip', 'link', 'set', 'dev', apdev[0]['ifname'], 'down'])
1875 ev = hapd.wait_event(["INTERFACE-DISABLED"], timeout=10)
1877 raise Exception("No INTERFACE-DISABLED event")
1878 # this wait tests beacon loss detection in mac80211
1879 dev[0].wait_disconnected()
1880 subprocess.call(['ip', 'link', 'set', 'dev', apdev[0]['ifname'], 'up'])
1881 ev = hapd.wait_event(["INTERFACE-ENABLED"], timeout=10)
1883 raise Exception("No INTERFACE-ENABLED event")
1884 dev[0].wait_connected()
1885 hwsim_utils.test_connectivity(dev[0], hapd)
1887 def test_ap_wpa2_psk_drop_first_msg_4(dev, apdev):
1888 """WPA2-PSK and first EAPOL-Key msg 4/4 dropped"""
1889 bssid = apdev[0]['bssid']
1890 ssid = "test-wpa2-psk"
1891 passphrase = 'qwertyuiop'
1892 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
1893 params = hostapd.wpa2_params(ssid=ssid)
1894 params['wpa_psk'] = psk
1895 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
1896 hapd.request("SET ext_eapol_frame_io 1")
1897 dev[0].request("SET ext_eapol_frame_io 1")
1898 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
1899 addr = dev[0].own_addr()
1902 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1904 raise Exception("Timeout on EAPOL-TX from hostapd")
1905 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
1907 raise Exception("EAPOL_RX to wpa_supplicant failed")
1910 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
1912 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1913 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
1915 raise Exception("EAPOL_RX to hostapd failed")
1918 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1920 raise Exception("Timeout on EAPOL-TX from hostapd")
1921 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
1923 raise Exception("EAPOL_RX to wpa_supplicant failed")
1926 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
1928 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1929 logger.info("Drop the first EAPOL-Key msg 4/4")
1931 # wpa_supplicant believes now that 4-way handshake succeeded; hostapd
1932 # doesn't. Use normal EAPOL TX/RX to handle retries.
1933 hapd.request("SET ext_eapol_frame_io 0")
1934 dev[0].request("SET ext_eapol_frame_io 0")
1935 dev[0].wait_connected()
1937 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
1939 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
1941 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=0.1)
1943 logger.info("Disconnection detected")
1944 # The EAPOL-Key retries are supposed to allow the connection to be
1945 # established without having to reassociate. However, this does not
1946 # currently work since mac80211 ends up encrypting EAPOL-Key msg 4/4
1947 # after the pairwise key has been configured and AP will drop those and
1948 # disconnect the station after reaching retransmission limit. Connection
1949 # is then established after reassociation. Once that behavior has been
1950 # optimized to prevent EAPOL-Key frame encryption for retransmission
1951 # case, this exception can be uncommented here.
1952 #raise Exception("Unexpected disconnection")
1954 def test_ap_wpa2_psk_disable_enable(dev, apdev):
1955 """WPA2-PSK AP getting disabled and re-enabled"""
1956 ssid = "test-wpa2-psk"
1957 passphrase = 'qwertyuiop'
1958 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
1959 params = hostapd.wpa2_params(ssid=ssid)
1960 params['wpa_psk'] = psk
1961 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
1962 dev[0].connect(ssid, raw_psk=psk, scan_freq="2412")
1965 hapd.request("DISABLE")
1966 dev[0].wait_disconnected()
1967 hapd.request("ENABLE")
1968 dev[0].wait_connected()
1969 hwsim_utils.test_connectivity(dev[0], hapd)
1971 def test_ap_wpa2_psk_incorrect_passphrase(dev, apdev):
1972 """WPA2-PSK AP and station using incorrect passphrase"""
1973 ssid = "test-wpa2-psk"
1974 passphrase = 'qwertyuiop'
1975 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
1976 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
1977 dev[0].connect(ssid, psk="incorrect passphrase", scan_freq="2412",
1979 ev = hapd.wait_event(["AP-STA-POSSIBLE-PSK-MISMATCH"], timeout=10)
1981 raise Exception("No AP-STA-POSSIBLE-PSK-MISMATCH reported")
1982 dev[0].dump_monitor()
1985 hapd.set("wpa_passphrase", "incorrect passphrase")
1988 dev[0].wait_connected(timeout=20)
1990 def test_ap_wpa_ie_parsing(dev, apdev):
1991 """WPA IE parsing"""
1992 skip_with_fips(dev[0])
1993 ssid = "test-wpa-psk"
1994 passphrase = 'qwertyuiop'
1995 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
1996 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
1997 id = dev[0].connect(ssid, psk=passphrase, scan_freq="2412",
1998 only_add_network=True)
2000 tests = [ "dd040050f201",
2004 "dd070050f201010000",
2005 "dd080050f20101000050",
2006 "dd090050f20101000050f2",
2007 "dd0a0050f20101000050f202",
2008 "dd0b0050f20101000050f20201",
2009 "dd0c0050f20101000050f2020100",
2010 "dd0c0050f20101000050f2020000",
2011 "dd0c0050f20101000050f202ffff",
2012 "dd0d0050f20101000050f202010000",
2013 "dd0e0050f20101000050f20201000050",
2014 "dd0f0050f20101000050f20201000050f2",
2015 "dd100050f20101000050f20201000050f202",
2016 "dd110050f20101000050f20201000050f20201",
2017 "dd120050f20101000050f20201000050f2020100",
2018 "dd120050f20101000050f20201000050f2020000",
2019 "dd120050f20101000050f20201000050f202ffff",
2020 "dd130050f20101000050f20201000050f202010000",
2021 "dd140050f20101000050f20201000050f20201000050",
2022 "dd150050f20101000050f20201000050f20201000050f2" ]
2025 if "OK" not in dev[0].request("VENDOR_ELEM_ADD 13 " + t):
2026 raise Exception("VENDOR_ELEM_ADD failed")
2027 dev[0].select_network(id)
2028 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
2030 raise Exception("Association rejection not reported")
2031 dev[0].request("DISCONNECT")
2033 dev[0].request("VENDOR_ELEM_REMOVE 13 *")
2035 tests = [ "dd170050f20101000050f20201000050f20201000050f202ff",
2036 "dd180050f20101000050f20201000050f20201000050f202ffff",
2037 "dd190050f20101000050f20201000050f20201000050f202ffffff" ]
2040 if "OK" not in dev[0].request("VENDOR_ELEM_ADD 13 " + t):
2041 raise Exception("VENDOR_ELEM_ADD failed")
2042 dev[0].select_network(id)
2043 dev[0].wait_connected()
2044 dev[0].request("DISCONNECT")
2046 dev[0].request("VENDOR_ELEM_REMOVE 13 *")
2048 def test_ap_wpa2_psk_no_random(dev, apdev):
2049 """WPA2-PSK AP and no random numbers available"""
2050 ssid = "test-wpa2-psk"
2051 passphrase = 'qwertyuiop'
2052 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
2053 params = hostapd.wpa2_params(ssid=ssid)
2054 params['wpa_psk'] = psk
2055 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
2056 with fail_test(hapd, 1, "wpa_gmk_to_gtk"):
2057 id = dev[0].connect(ssid, raw_psk=psk, scan_freq="2412",
2059 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=15)
2061 raise Exception("Disconnection event not reported")
2062 dev[0].request("DISCONNECT")
2063 dev[0].select_network(id, freq=2412)
2064 dev[0].wait_connected()
2066 def test_rsn_ie_proto_psk_sta(dev, apdev):
2067 """RSN element protocol testing for PSK cases on STA side"""
2068 bssid = apdev[0]['bssid']
2069 ssid = "test-wpa2-psk"
2070 passphrase = 'qwertyuiop'
2071 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
2072 # This is the RSN element used normally by hostapd
2073 params['own_ie_override'] = '30140100000fac040100000fac040100000fac020c00'
2074 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
2075 if "FAIL" not in hapd.request("SET own_ie_override qwerty"):
2076 raise Exception("Invalid own_ie_override value accepted")
2077 id = dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
2079 tests = [ ('No RSN Capabilities field',
2080 '30120100000fac040100000fac040100000fac02'),
2081 ('Reserved RSN Capabilities bits set',
2082 '30140100000fac040100000fac040100000fac023cff'),
2083 ('Extra pairwise cipher suite (unsupported)',
2084 '30180100000fac040200ffffffff000fac040100000fac020c00'),
2085 ('Extra AKM suite (unsupported)',
2086 '30180100000fac040100000fac040200ffffffff000fac020c00'),
2087 ('PMKIDCount field included',
2088 '30160100000fac040100000fac040100000fac020c000000'),
2089 ('Unexpected Group Management Cipher Suite with PMF disabled',
2090 '301a0100000fac040100000fac040100000fac020c000000000fac06'),
2091 ('Extra octet after defined fields (future extensibility)',
2092 '301b0100000fac040100000fac040100000fac020c000000000fac0600') ]
2093 for txt,ie in tests:
2094 dev[0].request("DISCONNECT")
2095 dev[0].wait_disconnected()
2098 hapd.set('own_ie_override', ie)
2100 dev[0].request("BSS_FLUSH 0")
2101 dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
2102 dev[0].select_network(id, freq=2412)
2103 dev[0].wait_connected()
2105 def test_ap_cli_order(dev, apdev):
2106 ssid = "test-rsn-setup"
2107 passphrase = 'zzzzzzzz'
2108 ifname = apdev[0]['ifname']
2110 hapd_global = hostapd.HostapdGlobal()
2111 hapd_global.remove(ifname)
2112 hapd_global.add(ifname)
2114 hapd = hostapd.Hostapd(ifname)
2116 hapd.set('ssid', ssid)
2117 hapd.set('wpa_passphrase', passphrase)
2118 hapd.set('rsn_pairwise', 'CCMP')
2119 hapd.set('wpa_key_mgmt', 'WPA-PSK')
2120 hapd.set('wpa', '2')
2122 cfg = hapd.get_config()
2123 if cfg['group_cipher'] != 'CCMP':
2124 raise Exception("Unexpected group_cipher: " + cfg['group_cipher'])
2125 if cfg['rsn_pairwise_cipher'] != 'CCMP':
2126 raise Exception("Unexpected rsn_pairwise_cipher: " + cfg['rsn_pairwise_cipher'])
2128 ev = hapd.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=30)
2130 raise Exception("AP startup timed out")
2131 if "AP-ENABLED" not in ev:
2132 raise Exception("AP startup failed")
2134 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")