2 # Copyright (c) 2014, Qualcomm Atheros, Inc.
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
8 from Crypto.Cipher import AES
12 logger = logging.getLogger()
20 from utils import HwsimSkip
22 from wpasupplicant import WpaSupplicant
24 def check_mib(dev, vals):
28 raise Exception("Unexpected {} = {} (expected {})".format(v[0], mib[v[0]], v[1]))
30 def test_ap_wpa2_psk(dev, apdev):
31 """WPA2-PSK AP with PSK instead of passphrase"""
32 ssid = "test-wpa2-psk"
33 passphrase = 'qwertyuiop'
34 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
35 params = hostapd.wpa2_params(ssid=ssid)
36 params['wpa_psk'] = psk
37 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
38 key_mgmt = hapd.get_config()['key_mgmt']
39 if key_mgmt.split(' ')[0] != "WPA-PSK":
40 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
41 dev[0].connect(ssid, raw_psk=psk, scan_freq="2412")
42 dev[1].connect(ssid, psk=passphrase, scan_freq="2412")
44 sig = dev[0].request("SIGNAL_POLL").splitlines()
45 pkt = dev[0].request("PKTCNT_POLL").splitlines()
46 if "FREQUENCY=2412" not in sig:
47 raise Exception("Unexpected SIGNAL_POLL value: " + str(sig))
48 if "TXBAD=0" not in pkt:
49 raise Exception("Unexpected TXBAD value: " + str(pkt))
51 def test_ap_wpa2_psk_file(dev, apdev):
52 """WPA2-PSK AP with PSK from a file"""
53 ssid = "test-wpa2-psk"
54 passphrase = 'qwertyuiop'
55 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
56 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
57 params['wpa_psk_file'] = 'hostapd.wpa_psk'
58 hostapd.add_ap(apdev[0]['ifname'], params)
59 dev[1].connect(ssid, psk="very secret", scan_freq="2412", wait_connect=False)
60 dev[2].connect(ssid, raw_psk=psk, scan_freq="2412")
61 dev[2].request("REMOVE_NETWORK all")
62 dev[0].connect(ssid, psk="very secret", scan_freq="2412")
63 dev[0].request("REMOVE_NETWORK all")
64 dev[2].connect(ssid, psk="another passphrase for all STAs", scan_freq="2412")
65 dev[0].connect(ssid, psk="another passphrase for all STAs", scan_freq="2412")
66 ev = dev[1].wait_event(["WPA: 4-Way Handshake failed"], timeout=10)
68 raise Exception("Timed out while waiting for failure report")
69 dev[1].request("REMOVE_NETWORK all")
71 def test_ap_wpa2_psk_mem(dev, apdev):
72 """WPA2-PSK AP with passphrase only in memory"""
74 _test_ap_wpa2_psk_mem(dev, apdev)
76 dev[0].request("SCAN_INTERVAL 5")
77 dev[1].request("SCAN_INTERVAL 5")
79 def _test_ap_wpa2_psk_mem(dev, apdev):
80 ssid = "test-wpa2-psk"
81 passphrase = 'qwertyuiop'
82 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
83 params = hostapd.wpa2_params(ssid=ssid)
84 params['wpa_psk'] = psk
85 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
87 dev[0].connect(ssid, mem_only_psk="1", scan_freq="2412", wait_connect=False)
88 dev[0].request("SCAN_INTERVAL 1")
89 ev = dev[0].wait_event(["CTRL-REQ-PSK_PASSPHRASE"], timeout=10)
91 raise Exception("Request for PSK/passphrase timed out")
92 id = ev.split(':')[0].split('-')[-1]
93 dev[0].request("CTRL-RSP-PSK_PASSPHRASE-" + id + ':"' + passphrase + '"')
94 dev[0].wait_connected(timeout=10)
96 dev[1].connect(ssid, mem_only_psk="1", scan_freq="2412", wait_connect=False)
97 dev[1].request("SCAN_INTERVAL 1")
98 ev = dev[1].wait_event(["CTRL-REQ-PSK_PASSPHRASE"], timeout=10)
100 raise Exception("Request for PSK/passphrase timed out(2)")
101 id = ev.split(':')[0].split('-')[-1]
102 dev[1].request("CTRL-RSP-PSK_PASSPHRASE-" + id + ':' + psk)
103 dev[1].wait_connected(timeout=10)
105 def test_ap_wpa2_ptk_rekey(dev, apdev):
106 """WPA2-PSK AP and PTK rekey enforced by station"""
107 ssid = "test-wpa2-psk"
108 passphrase = 'qwertyuiop'
109 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
110 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
111 dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412")
112 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
114 raise Exception("PTK rekey timed out")
115 hwsim_utils.test_connectivity(dev[0], hapd)
117 def test_ap_wpa2_ptk_rekey_ap(dev, apdev):
118 """WPA2-PSK AP and PTK rekey enforced by AP"""
119 ssid = "test-wpa2-psk"
120 passphrase = 'qwertyuiop'
121 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
122 params['wpa_ptk_rekey'] = '2'
123 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
124 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
125 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
127 raise Exception("PTK rekey timed out")
128 hwsim_utils.test_connectivity(dev[0], hapd)
130 def test_ap_wpa2_sha256_ptk_rekey(dev, apdev):
131 """WPA2-PSK/SHA256 AKM AP and PTK rekey enforced by station"""
132 ssid = "test-wpa2-psk"
133 passphrase = 'qwertyuiop'
134 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
135 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
136 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
137 dev[0].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK-SHA256",
138 wpa_ptk_rekey="1", scan_freq="2412")
139 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
141 raise Exception("PTK rekey timed out")
142 hwsim_utils.test_connectivity(dev[0], hapd)
143 check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-6"),
144 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-6") ])
146 def test_ap_wpa2_sha256_ptk_rekey_ap(dev, apdev):
147 """WPA2-PSK/SHA256 AKM AP and PTK rekey enforced by AP"""
148 ssid = "test-wpa2-psk"
149 passphrase = 'qwertyuiop'
150 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
151 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
152 params['wpa_ptk_rekey'] = '2'
153 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
154 dev[0].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK-SHA256",
156 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
158 raise Exception("PTK rekey timed out")
159 hwsim_utils.test_connectivity(dev[0], hapd)
160 check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-6"),
161 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-6") ])
163 def test_ap_wpa_ptk_rekey(dev, apdev):
164 """WPA-PSK/TKIP AP and PTK rekey enforced by station"""
165 ssid = "test-wpa-psk"
166 passphrase = 'qwertyuiop'
167 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
168 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
169 dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412")
170 if "[WPA-PSK-TKIP]" not in dev[0].request("SCAN_RESULTS"):
171 raise Exception("Scan results missing WPA element info")
172 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
174 raise Exception("PTK rekey timed out")
175 hwsim_utils.test_connectivity(dev[0], hapd)
177 def test_ap_wpa_ptk_rekey_ap(dev, apdev):
178 """WPA-PSK/TKIP AP and PTK rekey enforced by AP"""
179 ssid = "test-wpa-psk"
180 passphrase = 'qwertyuiop'
181 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
182 params['wpa_ptk_rekey'] = '2'
183 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
184 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
185 ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=10)
187 raise Exception("PTK rekey timed out")
188 hwsim_utils.test_connectivity(dev[0], hapd)
190 def test_ap_wpa_ccmp(dev, apdev):
192 ssid = "test-wpa-psk"
193 passphrase = 'qwertyuiop'
194 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
195 params['wpa_pairwise'] = "CCMP"
196 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
197 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
198 hwsim_utils.test_connectivity(dev[0], hapd)
199 check_mib(dev[0], [ ("dot11RSNAConfigGroupCipherSize", "128"),
200 ("dot11RSNAGroupCipherRequested", "00-50-f2-4"),
201 ("dot11RSNAPairwiseCipherRequested", "00-50-f2-4"),
202 ("dot11RSNAAuthenticationSuiteRequested", "00-50-f2-2"),
203 ("dot11RSNAGroupCipherSelected", "00-50-f2-4"),
204 ("dot11RSNAPairwiseCipherSelected", "00-50-f2-4"),
205 ("dot11RSNAAuthenticationSuiteSelected", "00-50-f2-2"),
206 ("dot1xSuppSuppControlledPortStatus", "Authorized") ])
208 def test_ap_wpa2_psk_file(dev, apdev):
209 """WPA2-PSK AP with various PSK file error and success cases"""
210 addr0 = dev[0].own_addr()
211 addr1 = dev[1].own_addr()
212 addr2 = dev[2].own_addr()
214 pskfile = "/tmp/ap_wpa2_psk_file_errors.psk_file"
220 params = { "ssid": ssid, "wpa": "2", "wpa_key_mgmt": "WPA-PSK",
221 "rsn_pairwise": "CCMP", "wpa_psk_file": pskfile }
225 hapd = hostapd.add_ap(apdev[0]['ifname'], params, no_enable=True)
226 if "FAIL" not in hapd.request("ENABLE"):
227 raise Exception("Unexpected ENABLE success")
228 hapd.request("DISABLE")
230 # invalid MAC address
231 with open(pskfile, "w") as f:
234 if "FAIL" not in hapd.request("ENABLE"):
235 raise Exception("Unexpected ENABLE success")
236 hapd.request("DISABLE")
239 with open(pskfile, "w") as f:
240 f.write("00:11:22:33:44:55\n")
241 if "FAIL" not in hapd.request("ENABLE"):
242 raise Exception("Unexpected ENABLE success")
243 hapd.request("DISABLE")
246 with open(pskfile, "w") as f:
247 f.write("00:11:22:33:44:55 1234567\n")
248 if "FAIL" not in hapd.request("ENABLE"):
249 raise Exception("Unexpected ENABLE success")
250 hapd.request("DISABLE")
253 with open(pskfile, "w") as f:
254 f.write("00:11:22:33:44:55 12345678\n")
255 f.write(addr0 + " 123456789\n")
256 f.write(addr1 + " 123456789a\n")
257 f.write(addr2 + " 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\n")
258 if "FAIL" in hapd.request("ENABLE"):
259 raise Exception("Unexpected ENABLE failure")
261 dev[0].connect(ssid, psk="123456789", scan_freq="2412")
262 dev[1].connect(ssid, psk="123456789a", scan_freq="2412")
263 dev[2].connect(ssid, raw_psk="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef", scan_freq="2412")
271 def test_ap_wpa2_psk_wildcard_ssid(dev, apdev):
272 """WPA2-PSK AP and wildcard SSID configuration"""
273 ssid = "test-wpa2-psk"
274 passphrase = 'qwertyuiop'
275 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
276 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
277 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
278 dev[0].connect("", bssid=apdev[0]['bssid'], psk=passphrase,
280 dev[1].connect("", bssid=apdev[0]['bssid'], raw_psk=psk, scan_freq="2412")
282 def test_ap_wpa2_gtk_rekey(dev, apdev):
283 """WPA2-PSK AP and GTK rekey enforced by AP"""
284 ssid = "test-wpa2-psk"
285 passphrase = 'qwertyuiop'
286 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
287 params['wpa_group_rekey'] = '1'
288 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
289 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
290 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
292 raise Exception("GTK rekey timed out")
293 hwsim_utils.test_connectivity(dev[0], hapd)
295 def test_ap_wpa_gtk_rekey(dev, apdev):
296 """WPA-PSK/TKIP AP and GTK rekey enforced by AP"""
297 ssid = "test-wpa-psk"
298 passphrase = 'qwertyuiop'
299 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
300 params['wpa_group_rekey'] = '1'
301 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
302 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
303 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
305 raise Exception("GTK rekey timed out")
306 hwsim_utils.test_connectivity(dev[0], hapd)
308 def test_ap_wpa2_gmk_rekey(dev, apdev):
309 """WPA2-PSK AP and GMK and GTK rekey enforced by AP"""
310 ssid = "test-wpa2-psk"
311 passphrase = 'qwertyuiop'
312 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
313 params['wpa_group_rekey'] = '1'
314 params['wpa_gmk_rekey'] = '2'
315 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
316 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
317 for i in range(0, 3):
318 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
320 raise Exception("GTK rekey timed out")
321 hwsim_utils.test_connectivity(dev[0], hapd)
323 def test_ap_wpa2_strict_rekey(dev, apdev):
324 """WPA2-PSK AP and strict GTK rekey enforced by AP"""
325 ssid = "test-wpa2-psk"
326 passphrase = 'qwertyuiop'
327 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
328 params['wpa_strict_rekey'] = '1'
329 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
330 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
331 dev[1].connect(ssid, psk=passphrase, scan_freq="2412")
332 dev[1].request("DISCONNECT")
333 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
335 raise Exception("GTK rekey timed out")
336 hwsim_utils.test_connectivity(dev[0], hapd)
338 def test_ap_wpa2_bridge_fdb(dev, apdev):
339 """Bridge FDB entry removal"""
341 ssid = "test-wpa2-psk"
342 passphrase = "12345678"
343 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
344 params['bridge'] = 'ap-br0'
345 hostapd.add_ap(apdev[0]['ifname'], params)
346 subprocess.call(['brctl', 'setfd', 'ap-br0', '0'])
347 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
348 dev[0].connect(ssid, psk=passphrase, scan_freq="2412",
349 bssid=apdev[0]['bssid'])
350 dev[1].connect(ssid, psk=passphrase, scan_freq="2412",
351 bssid=apdev[0]['bssid'])
352 addr0 = dev[0].p2p_interface_addr()
353 hwsim_utils.test_connectivity_sta(dev[0], dev[1])
354 cmd = subprocess.Popen(['brctl', 'showmacs', 'ap-br0'],
355 stdout=subprocess.PIPE)
356 macs1 = cmd.stdout.read()
357 dev[0].request("DISCONNECT")
358 dev[1].request("DISCONNECT")
360 cmd = subprocess.Popen(['brctl', 'showmacs', 'ap-br0'],
361 stdout=subprocess.PIPE)
362 macs2 = cmd.stdout.read()
364 addr1 = dev[1].p2p_interface_addr()
365 if addr0 not in macs1 or addr1 not in macs1:
366 raise Exception("Bridge FDB entry missing")
367 if addr0 in macs2 or addr1 in macs2:
368 raise Exception("Bridge FDB entry was not removed")
370 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'])
371 subprocess.call(['brctl', 'delbr', 'ap-br0'])
373 def test_ap_wpa2_already_in_bridge(dev, apdev):
374 """hostapd behavior with interface already in bridge"""
375 ifname = apdev[0]['ifname']
376 br_ifname = 'ext-ap-br0'
378 ssid = "test-wpa2-psk"
379 passphrase = "12345678"
380 subprocess.call(['brctl', 'addbr', br_ifname])
381 subprocess.call(['brctl', 'setfd', br_ifname, '0'])
382 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'up'])
383 subprocess.call(['iw', ifname, 'set', 'type', '__ap'])
384 subprocess.call(['brctl', 'addif', br_ifname, ifname])
385 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
386 hapd = hostapd.add_ap(ifname, params)
387 if hapd.get_driver_status_field('brname') != br_ifname:
388 raise Exception("Bridge name not identified correctly")
389 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
391 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'down'])
392 subprocess.call(['brctl', 'delif', br_ifname, ifname])
393 subprocess.call(['iw', ifname, 'set', 'type', 'station'])
394 subprocess.call(['brctl', 'delbr', br_ifname])
396 def test_ap_wpa2_in_different_bridge(dev, apdev):
397 """hostapd behavior with interface in different bridge"""
398 ifname = apdev[0]['ifname']
399 br_ifname = 'ext-ap-br0'
401 ssid = "test-wpa2-psk"
402 passphrase = "12345678"
403 subprocess.call(['brctl', 'addbr', br_ifname])
404 subprocess.call(['brctl', 'setfd', br_ifname, '0'])
405 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'up'])
406 subprocess.call(['iw', ifname, 'set', 'type', '__ap'])
407 subprocess.call(['brctl', 'addif', br_ifname, ifname])
409 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
410 params['bridge'] = 'ap-br0'
411 hapd = hostapd.add_ap(ifname, params)
412 subprocess.call(['brctl', 'setfd', 'ap-br0', '0'])
413 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
414 brname = hapd.get_driver_status_field('brname')
415 if brname != 'ap-br0':
416 raise Exception("Incorrect bridge: " + brname)
417 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
418 hwsim_utils.test_connectivity_iface(dev[0], hapd, "ap-br0")
419 if hapd.get_driver_status_field("added_bridge") != "1":
420 raise Exception("Unexpected added_bridge value")
421 if hapd.get_driver_status_field("added_if_into_bridge") != "1":
422 raise Exception("Unexpected added_if_into_bridge value")
423 dev[0].request("DISCONNECT")
426 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'down'])
427 subprocess.call(['brctl', 'delif', br_ifname, ifname],
428 stderr=open('/dev/null', 'w'))
429 subprocess.call(['brctl', 'delbr', br_ifname])
431 def test_ap_wpa2_ext_add_to_bridge(dev, apdev):
432 """hostapd behavior with interface added to bridge externally"""
433 ifname = apdev[0]['ifname']
434 br_ifname = 'ext-ap-br0'
436 ssid = "test-wpa2-psk"
437 passphrase = "12345678"
438 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
439 hapd = hostapd.add_ap(ifname, params)
441 subprocess.call(['brctl', 'addbr', br_ifname])
442 subprocess.call(['brctl', 'setfd', br_ifname, '0'])
443 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'up'])
444 subprocess.call(['brctl', 'addif', br_ifname, ifname])
445 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
446 if hapd.get_driver_status_field('brname') != br_ifname:
447 raise Exception("Bridge name not identified correctly")
449 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'down'])
450 subprocess.call(['brctl', 'delif', br_ifname, ifname])
451 subprocess.call(['brctl', 'delbr', br_ifname])
453 def test_ap_wpa2_psk_ext(dev, apdev):
454 """WPA2-PSK AP using external EAPOL I/O"""
455 bssid = apdev[0]['bssid']
456 ssid = "test-wpa2-psk"
457 passphrase = 'qwertyuiop'
458 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
459 params = hostapd.wpa2_params(ssid=ssid)
460 params['wpa_psk'] = psk
461 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
462 hapd.request("SET ext_eapol_frame_io 1")
463 dev[0].request("SET ext_eapol_frame_io 1")
464 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
465 addr = dev[0].p2p_interface_addr()
467 ev = hapd.wait_event(["EAPOL-TX", "AP-STA-CONNECTED"], timeout=15)
469 raise Exception("Timeout on EAPOL-TX from hostapd")
470 if "AP-STA-CONNECTED" in ev:
471 dev[0].wait_connected(timeout=15)
473 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
475 raise Exception("EAPOL_RX to wpa_supplicant failed")
476 ev = dev[0].wait_event(["EAPOL-TX", "CTRL-EVENT-CONNECTED"], timeout=15)
478 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
479 if "CTRL-EVENT-CONNECTED" in ev:
481 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
483 raise Exception("EAPOL_RX to hostapd failed")
485 def parse_eapol(data):
486 (version, type, length) = struct.unpack('>BBH', data[0:4])
488 if length > len(payload):
489 raise Exception("Invalid EAPOL length")
490 if length < len(payload):
491 payload = payload[0:length]
493 eapol['version'] = version
495 eapol['length'] = length
496 eapol['payload'] = payload
499 (eapol['descr_type'],) = struct.unpack('B', payload[0:1])
500 payload = payload[1:]
501 if eapol['descr_type'] == 2 or eapol['descr_type'] == 254:
503 (key_info, key_len) = struct.unpack('>HH', payload[0:4])
504 eapol['rsn_key_info'] = key_info
505 eapol['rsn_key_len'] = key_len
506 eapol['rsn_replay_counter'] = payload[4:12]
507 eapol['rsn_key_nonce'] = payload[12:44]
508 eapol['rsn_key_iv'] = payload[44:60]
509 eapol['rsn_key_rsc'] = payload[60:68]
510 eapol['rsn_key_id'] = payload[68:76]
511 eapol['rsn_key_mic'] = payload[76:92]
512 payload = payload[92:]
513 (eapol['rsn_key_data_len'],) = struct.unpack('>H', payload[0:2])
514 payload = payload[2:]
515 eapol['rsn_key_data'] = payload
518 def build_eapol(msg):
519 data = struct.pack(">BBH", msg['version'], msg['type'], msg['length'])
521 data += struct.pack('>BHH', msg['descr_type'], msg['rsn_key_info'],
523 data += msg['rsn_replay_counter']
524 data += msg['rsn_key_nonce']
525 data += msg['rsn_key_iv']
526 data += msg['rsn_key_rsc']
527 data += msg['rsn_key_id']
528 data += msg['rsn_key_mic']
529 data += struct.pack('>H', msg['rsn_key_data_len'])
530 data += msg['rsn_key_data']
532 data += msg['payload']
535 def sha1_prf(key, label, data, outlen):
539 m = hmac.new(key, label, hashlib.sha1)
540 m.update(struct.pack('B', 0))
542 m.update(struct.pack('B', counter))
545 if outlen > len(hash):
549 res += hash[0:outlen]
553 def pmk_to_ptk(pmk, addr1, addr2, nonce1, nonce2):
555 data = binascii.unhexlify(addr1.replace(':','')) + binascii.unhexlify(addr2.replace(':',''))
557 data = binascii.unhexlify(addr2.replace(':','')) + binascii.unhexlify(addr1.replace(':',''))
559 data += nonce1 + nonce2
561 data += nonce2 + nonce1
562 label = "Pairwise key expansion"
563 ptk = sha1_prf(pmk, label, data, 48)
566 return (ptk, kck, kek)
568 def eapol_key_mic(kck, msg):
569 msg['rsn_key_mic'] = binascii.unhexlify('00000000000000000000000000000000')
570 data = build_eapol(msg)
571 m = hmac.new(kck, data, hashlib.sha1)
572 msg['rsn_key_mic'] = m.digest()[0:16]
574 def rsn_eapol_key_set(msg, key_info, key_len, nonce, data):
575 msg['rsn_key_info'] = key_info
576 msg['rsn_key_len'] = key_len
578 msg['rsn_key_nonce'] = nonce
580 msg['rsn_key_nonce'] = binascii.unhexlify('0000000000000000000000000000000000000000000000000000000000000000')
582 msg['rsn_key_data_len'] = len(data)
583 msg['rsn_key_data'] = data
584 msg['length'] = 95 + len(data)
586 msg['rsn_key_data_len'] = 0
587 msg['rsn_key_data'] = ''
590 def recv_eapol(hapd):
591 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
593 raise Exception("Timeout on EAPOL-TX from hostapd")
594 eapol = binascii.unhexlify(ev.split(' ')[2])
595 return parse_eapol(eapol)
597 def send_eapol(hapd, addr, data):
598 res = hapd.request("EAPOL_RX " + addr + " " + binascii.hexlify(data))
600 raise Exception("EAPOL_RX to hostapd failed")
602 def reply_eapol(info, hapd, addr, msg, key_info, nonce, data, kck):
603 logger.info("Send EAPOL-Key msg " + info)
604 rsn_eapol_key_set(msg, key_info, 0, nonce, data)
605 eapol_key_mic(kck, msg)
606 send_eapol(hapd, addr, build_eapol(msg))
608 def hapd_connected(hapd):
609 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
611 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
613 def eapol_test(apdev, dev, wpa2=True):
614 bssid = apdev['bssid']
616 ssid = "test-wpa2-psk"
618 ssid = "test-wpa-psk"
619 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
620 pmk = binascii.unhexlify(psk)
622 params = hostapd.wpa2_params(ssid=ssid)
624 params = hostapd.wpa_params(ssid=ssid)
625 params['wpa_psk'] = psk
626 hapd = hostapd.add_ap(apdev['ifname'], params)
627 hapd.request("SET ext_eapol_frame_io 1")
628 dev.request("SET ext_eapol_frame_io 1")
629 dev.connect(ssid, raw_psk=psk, scan_freq="2412", wait_connect=False)
630 addr = dev.p2p_interface_addr()
632 rsne = binascii.unhexlify('30140100000fac040100000fac040100000fac020000')
634 rsne = binascii.unhexlify('dd160050f20101000050f20201000050f20201000050f202')
635 snonce = binascii.unhexlify('1111111111111111111111111111111111111111111111111111111111111111')
636 return (bssid,ssid,hapd,snonce,pmk,addr,rsne)
638 def test_ap_wpa2_psk_ext_eapol(dev, apdev):
639 """WPA2-PSK AP using external EAPOL supplicant"""
640 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
642 msg = recv_eapol(hapd)
643 anonce = msg['rsn_key_nonce']
644 logger.info("Replay same data back")
645 send_eapol(hapd, addr, build_eapol(msg))
647 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
649 logger.info("Truncated Key Data in EAPOL-Key msg 2/4")
650 rsn_eapol_key_set(msg, 0x0101, 0, snonce, rsne)
651 msg['length'] = 95 + 22 - 1
652 send_eapol(hapd, addr, build_eapol(msg))
654 reply_eapol("2/4", hapd, addr, msg, 0x010a, snonce, rsne, kck)
656 msg = recv_eapol(hapd)
657 if anonce != msg['rsn_key_nonce']:
658 raise Exception("ANonce changed")
659 logger.info("Replay same data back")
660 send_eapol(hapd, addr, build_eapol(msg))
662 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
665 def test_ap_wpa2_psk_ext_eapol_retry1(dev, apdev):
666 """WPA2 4-way handshake with EAPOL-Key 1/4 retransmitted"""
667 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
669 msg1 = recv_eapol(hapd)
670 anonce = msg1['rsn_key_nonce']
672 msg2 = recv_eapol(hapd)
673 if anonce != msg2['rsn_key_nonce']:
674 raise Exception("ANonce changed")
676 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
678 logger.info("Send EAPOL-Key msg 2/4")
680 rsn_eapol_key_set(msg, 0x010a, 0, snonce, rsne)
681 eapol_key_mic(kck, msg)
682 send_eapol(hapd, addr, build_eapol(msg))
684 msg = recv_eapol(hapd)
685 if anonce != msg['rsn_key_nonce']:
686 raise Exception("ANonce changed")
688 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
691 def test_ap_wpa2_psk_ext_eapol_retry1b(dev, apdev):
692 """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted"""
693 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
695 msg1 = recv_eapol(hapd)
696 anonce = msg1['rsn_key_nonce']
697 msg2 = recv_eapol(hapd)
698 if anonce != msg2['rsn_key_nonce']:
699 raise Exception("ANonce changed")
701 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
702 reply_eapol("2/4 (a)", hapd, addr, msg1, 0x010a, snonce, rsne, kck)
703 reply_eapol("2/4 (b)", hapd, addr, msg2, 0x010a, snonce, rsne, kck)
705 msg = recv_eapol(hapd)
706 if anonce != msg['rsn_key_nonce']:
707 raise Exception("ANonce changed")
709 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
712 def test_ap_wpa2_psk_ext_eapol_retry1c(dev, apdev):
713 """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted and SNonce changing"""
714 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
716 msg1 = recv_eapol(hapd)
717 anonce = msg1['rsn_key_nonce']
719 msg2 = recv_eapol(hapd)
720 if anonce != msg2['rsn_key_nonce']:
721 raise Exception("ANonce changed")
722 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
723 reply_eapol("2/4 (a)", hapd, addr, msg1, 0x010a, snonce, rsne, kck)
725 snonce2 = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
726 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce2, anonce)
727 reply_eapol("2/4 (b)", hapd, addr, msg2, 0x010a, snonce2, rsne, kck)
729 msg = recv_eapol(hapd)
730 if anonce != msg['rsn_key_nonce']:
731 raise Exception("ANonce changed")
732 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
735 def test_ap_wpa2_psk_ext_eapol_retry1d(dev, apdev):
736 """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted and SNonce changing and older used"""
737 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
739 msg1 = recv_eapol(hapd)
740 anonce = msg1['rsn_key_nonce']
741 msg2 = recv_eapol(hapd)
742 if anonce != msg2['rsn_key_nonce']:
743 raise Exception("ANonce changed")
745 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
746 reply_eapol("2/4 (a)", hapd, addr, msg1, 0x010a, snonce, rsne, kck)
748 snonce2 = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
749 (ptk2, kck2, kek2) = pmk_to_ptk(pmk, addr, bssid, snonce2, anonce)
751 reply_eapol("2/4 (b)", hapd, addr, msg2, 0x010a, snonce2, rsne, kck2)
752 msg = recv_eapol(hapd)
753 if anonce != msg['rsn_key_nonce']:
754 raise Exception("ANonce changed")
755 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
758 def test_ap_wpa2_psk_ext_eapol_type_diff(dev, apdev):
759 """WPA2 4-way handshake using external EAPOL supplicant"""
760 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
762 msg = recv_eapol(hapd)
763 anonce = msg['rsn_key_nonce']
765 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
767 # Incorrect descriptor type (frame dropped)
768 msg['descr_type'] = 253
769 rsn_eapol_key_set(msg, 0x010a, 0, snonce, rsne)
770 eapol_key_mic(kck, msg)
771 send_eapol(hapd, addr, build_eapol(msg))
773 # Incorrect descriptor type, but with a workaround (frame processed)
774 msg['descr_type'] = 254
775 rsn_eapol_key_set(msg, 0x010a, 0, snonce, rsne)
776 eapol_key_mic(kck, msg)
777 send_eapol(hapd, addr, build_eapol(msg))
779 msg = recv_eapol(hapd)
780 if anonce != msg['rsn_key_nonce']:
781 raise Exception("ANonce changed")
782 logger.info("Replay same data back")
783 send_eapol(hapd, addr, build_eapol(msg))
785 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
788 def test_ap_wpa_psk_ext_eapol(dev, apdev):
789 """WPA2-PSK AP using external EAPOL supplicant"""
790 (bssid,ssid,hapd,snonce,pmk,addr,wpae) = eapol_test(apdev[0], dev[0],
793 msg = recv_eapol(hapd)
794 anonce = msg['rsn_key_nonce']
795 logger.info("Replay same data back")
796 send_eapol(hapd, addr, build_eapol(msg))
797 logger.info("Too short data")
798 send_eapol(hapd, addr, build_eapol(msg)[0:98])
800 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
801 msg['descr_type'] = 2
802 reply_eapol("2/4(invalid type)", hapd, addr, msg, 0x010a, snonce, wpae, kck)
803 msg['descr_type'] = 254
804 reply_eapol("2/4", hapd, addr, msg, 0x010a, snonce, wpae, kck)
806 msg = recv_eapol(hapd)
807 if anonce != msg['rsn_key_nonce']:
808 raise Exception("ANonce changed")
809 logger.info("Replay same data back")
810 send_eapol(hapd, addr, build_eapol(msg))
812 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
815 def test_ap_wpa2_psk_ext_eapol_key_info(dev, apdev):
816 """WPA2-PSK 4-way handshake with strange key info values"""
817 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
819 msg = recv_eapol(hapd)
820 anonce = msg['rsn_key_nonce']
822 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
823 rsn_eapol_key_set(msg, 0x0000, 0, snonce, rsne)
824 send_eapol(hapd, addr, build_eapol(msg))
825 rsn_eapol_key_set(msg, 0xffff, 0, snonce, rsne)
826 send_eapol(hapd, addr, build_eapol(msg))
828 rsn_eapol_key_set(msg, 0x2802, 0, snonce, rsne)
829 send_eapol(hapd, addr, build_eapol(msg))
831 rsn_eapol_key_set(msg, 0x2002, 0, snonce, rsne)
832 send_eapol(hapd, addr, build_eapol(msg))
834 rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne)
835 send_eapol(hapd, addr, build_eapol(msg))
837 rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne)
838 tmp_kck = binascii.unhexlify('00000000000000000000000000000000')
839 eapol_key_mic(tmp_kck, msg)
840 send_eapol(hapd, addr, build_eapol(msg))
842 reply_eapol("2/4", hapd, addr, msg, 0x010a, snonce, rsne, kck)
844 msg = recv_eapol(hapd)
845 if anonce != msg['rsn_key_nonce']:
846 raise Exception("ANonce changed")
848 # Request (valic MIC)
849 rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne)
850 eapol_key_mic(kck, msg)
851 send_eapol(hapd, addr, build_eapol(msg))
852 # Request (valid MIC, replayed counter)
853 rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne)
854 eapol_key_mic(kck, msg)
855 send_eapol(hapd, addr, build_eapol(msg))
857 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
860 def build_eapol_key_1_4(anonce, replay_counter=1, key_data='', key_len=16):
864 msg['length'] = 95 + len(key_data)
866 msg['descr_type'] = 2
867 msg['rsn_key_info'] = 0x8a
868 msg['rsn_key_len'] = key_len
869 msg['rsn_replay_counter'] = struct.pack('>Q', replay_counter)
870 msg['rsn_key_nonce'] = anonce
871 msg['rsn_key_iv'] = binascii.unhexlify('00000000000000000000000000000000')
872 msg['rsn_key_rsc'] = binascii.unhexlify('0000000000000000')
873 msg['rsn_key_id'] = binascii.unhexlify('0000000000000000')
874 msg['rsn_key_mic'] = binascii.unhexlify('00000000000000000000000000000000')
875 msg['rsn_key_data_len'] = len(key_data)
876 msg['rsn_key_data'] = key_data
879 def build_eapol_key_3_4(anonce, kck, key_data, replay_counter=2,
880 key_info=0x13ca, extra_len=0, descr_type=2, key_len=16):
884 msg['length'] = 95 + len(key_data) + extra_len
886 msg['descr_type'] = descr_type
887 msg['rsn_key_info'] = key_info
888 msg['rsn_key_len'] = key_len
889 msg['rsn_replay_counter'] = struct.pack('>Q', replay_counter)
890 msg['rsn_key_nonce'] = anonce
891 msg['rsn_key_iv'] = binascii.unhexlify('00000000000000000000000000000000')
892 msg['rsn_key_rsc'] = binascii.unhexlify('0000000000000000')
893 msg['rsn_key_id'] = binascii.unhexlify('0000000000000000')
894 msg['rsn_key_data_len'] = len(key_data)
895 msg['rsn_key_data'] = key_data
896 eapol_key_mic(kck, msg)
899 def aes_wrap(kek, plain):
901 a = 0xa6a6a6a6a6a6a6a6
902 enc = AES.new(kek).encrypt
903 r = [plain[i * 8:(i + 1) * 8] for i in range(0, n)]
905 for i in range(1, n + 1):
906 b = enc(struct.pack('>Q', a) + r[i - 1])
907 a = struct.unpack('>Q', b[:8])[0] ^ (n * j + i)
909 return struct.pack('>Q', a) + ''.join(r)
911 def pad_key_data(plain):
912 pad_len = len(plain) % 8
914 pad_len = 8 - pad_len
917 plain += pad_len * '\0'
920 def test_ap_wpa2_psk_supp_proto(dev, apdev):
921 """WPA2-PSK 4-way handshake protocol testing for supplicant"""
922 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
924 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
925 msg = recv_eapol(hapd)
926 dev[0].dump_monitor()
928 # Build own EAPOL-Key msg 1/4
929 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
931 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
933 send_eapol(dev[0], addr, build_eapol(msg))
934 msg = recv_eapol(dev[0])
935 snonce = msg['rsn_key_nonce']
937 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
939 logger.debug("Invalid AES wrap data length 0")
940 dev[0].dump_monitor()
941 msg = build_eapol_key_3_4(anonce, kck, '', replay_counter=counter)
943 send_eapol(dev[0], addr, build_eapol(msg))
944 ev = dev[0].wait_event(["WPA: Unsupported AES-WRAP len 0"])
946 raise Exception("Unsupported AES-WRAP len 0 not reported")
948 logger.debug("Invalid AES wrap data length 1")
949 dev[0].dump_monitor()
950 msg = build_eapol_key_3_4(anonce, kck, '1', replay_counter=counter)
952 send_eapol(dev[0], addr, build_eapol(msg))
953 ev = dev[0].wait_event(["WPA: Unsupported AES-WRAP len 1"])
955 raise Exception("Unsupported AES-WRAP len 1 not reported")
957 logger.debug("Invalid AES wrap data length 9")
958 dev[0].dump_monitor()
959 msg = build_eapol_key_3_4(anonce, kck, '123456789', replay_counter=counter)
961 send_eapol(dev[0], addr, build_eapol(msg))
962 ev = dev[0].wait_event(["WPA: Unsupported AES-WRAP len 9"])
964 raise Exception("Unsupported AES-WRAP len 9 not reported")
966 logger.debug("Invalid AES wrap data payload")
967 dev[0].dump_monitor()
968 msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter)
969 # do not increment counter to test replay protection
970 send_eapol(dev[0], addr, build_eapol(msg))
971 ev = dev[0].wait_event(["WPA: AES unwrap failed"])
973 raise Exception("AES unwrap failure not reported")
975 logger.debug("Replay Count not increasing")
976 dev[0].dump_monitor()
977 msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter)
979 send_eapol(dev[0], addr, build_eapol(msg))
980 ev = dev[0].wait_event(["WPA: EAPOL-Key Replay Counter did not increase"])
982 raise Exception("Replay Counter replay not reported")
984 logger.debug("Missing Ack bit in key info")
985 dev[0].dump_monitor()
986 msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter,
989 send_eapol(dev[0], addr, build_eapol(msg))
990 ev = dev[0].wait_event(["WPA: No Ack bit in key_info"])
992 raise Exception("Missing Ack bit not reported")
994 logger.debug("Unexpected Request bit in key info")
995 dev[0].dump_monitor()
996 msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter,
999 send_eapol(dev[0], addr, build_eapol(msg))
1000 ev = dev[0].wait_event(["WPA: EAPOL-Key with Request bit"])
1002 raise Exception("Request bit not reported")
1004 logger.debug("Unsupported key descriptor version 0")
1005 dev[0].dump_monitor()
1006 msg = build_eapol_key_3_4(anonce, kck, '0123456789abcdef',
1007 replay_counter=counter, key_info=0x13c8)
1009 send_eapol(dev[0], addr, build_eapol(msg))
1010 ev = dev[0].wait_event(["WPA: Unsupported EAPOL-Key descriptor version 0"])
1012 raise Exception("Unsupported EAPOL-Key descriptor version 0 not reported")
1014 logger.debug("Key descriptor version 1 not allowed with CCMP")
1015 dev[0].dump_monitor()
1016 msg = build_eapol_key_3_4(anonce, kck, '0123456789abcdef',
1017 replay_counter=counter, key_info=0x13c9)
1019 send_eapol(dev[0], addr, build_eapol(msg))
1020 ev = dev[0].wait_event(["WPA: CCMP is used, but EAPOL-Key descriptor version (1) is not 2"])
1022 raise Exception("Not allowed EAPOL-Key descriptor version not reported")
1024 logger.debug("Invalid AES wrap payload with key descriptor version 2")
1025 dev[0].dump_monitor()
1026 msg = build_eapol_key_3_4(anonce, kck, '0123456789abcdef',
1027 replay_counter=counter, key_info=0x13ca)
1029 send_eapol(dev[0], addr, build_eapol(msg))
1030 ev = dev[0].wait_event(["WPA: AES unwrap failed"])
1032 raise Exception("AES unwrap failure not reported")
1034 logger.debug("Key descriptor version 3 workaround")
1035 dev[0].dump_monitor()
1036 msg = build_eapol_key_3_4(anonce, kck, '0123456789abcdef',
1037 replay_counter=counter, key_info=0x13cb)
1039 send_eapol(dev[0], addr, build_eapol(msg))
1040 ev = dev[0].wait_event(["WPA: CCMP is used, but EAPOL-Key descriptor version (3) is not 2"])
1042 raise Exception("CCMP key descriptor mismatch not reported")
1043 ev = dev[0].wait_event(["WPA: Interoperability workaround"])
1045 raise Exception("AES-128-CMAC workaround not reported")
1046 ev = dev[0].wait_event(["WPA: Invalid EAPOL-Key MIC - dropping packet"])
1048 raise Exception("MIC failure with AES-128-CMAC workaround not reported")
1050 logger.debug("Unsupported key descriptor version 4")
1051 dev[0].dump_monitor()
1052 msg = build_eapol_key_3_4(anonce, kck, '0123456789abcdef',
1053 replay_counter=counter, key_info=0x13cc)
1055 send_eapol(dev[0], addr, build_eapol(msg))
1056 ev = dev[0].wait_event(["WPA: Unsupported EAPOL-Key descriptor version 4"])
1058 raise Exception("Unsupported EAPOL-Key descriptor version 4 not reported")
1060 logger.debug("Unsupported key descriptor version 7")
1061 dev[0].dump_monitor()
1062 msg = build_eapol_key_3_4(anonce, kck, '0123456789abcdef',
1063 replay_counter=counter, key_info=0x13cf)
1065 send_eapol(dev[0], addr, build_eapol(msg))
1066 ev = dev[0].wait_event(["WPA: Unsupported EAPOL-Key descriptor version 7"])
1068 raise Exception("Unsupported EAPOL-Key descriptor version 7 not reported")
1070 logger.debug("Too short EAPOL header length")
1071 dev[0].dump_monitor()
1072 msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter,
1075 send_eapol(dev[0], addr, build_eapol(msg))
1076 ev = dev[0].wait_event(["WPA: Invalid EAPOL-Key frame - key_data overflow (8 > 7)"])
1078 raise Exception("Key data overflow not reported")
1080 logger.debug("Too long EAPOL header length")
1081 msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter,
1084 send_eapol(dev[0], addr, build_eapol(msg))
1086 logger.debug("Unsupported descriptor type 0")
1087 msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter,
1090 send_eapol(dev[0], addr, build_eapol(msg))
1092 logger.debug("WPA descriptor type 0")
1093 msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter,
1096 send_eapol(dev[0], addr, build_eapol(msg))
1098 logger.debug("Non-zero key index for pairwise key")
1099 dev[0].dump_monitor()
1100 wrapped = aes_wrap(kek, 16*'z')
1101 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
1104 send_eapol(dev[0], addr, build_eapol(msg))
1105 ev = dev[0].wait_event(["WPA: Ignored EAPOL-Key (Pairwise) with non-zero key index"])
1107 raise Exception("Non-zero key index not reported")
1109 logger.debug("Invalid Key Data plaintext payload --> disconnect")
1110 dev[0].dump_monitor()
1111 wrapped = aes_wrap(kek, 16*'z')
1112 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1114 send_eapol(dev[0], addr, build_eapol(msg))
1115 dev[0].wait_disconnected(timeout=1)
1117 def test_ap_wpa2_psk_supp_proto_no_ie(dev, apdev):
1118 """WPA2-PSK supplicant protocol testing: IE not included"""
1119 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1121 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1122 msg = recv_eapol(hapd)
1123 dev[0].dump_monitor()
1125 # Build own EAPOL-Key msg 1/4
1126 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1128 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1130 send_eapol(dev[0], addr, build_eapol(msg))
1131 msg = recv_eapol(dev[0])
1132 snonce = msg['rsn_key_nonce']
1134 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1136 logger.debug("No IEs in msg 3/4 --> disconnect")
1137 dev[0].dump_monitor()
1138 wrapped = aes_wrap(kek, 16*'\0')
1139 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1141 send_eapol(dev[0], addr, build_eapol(msg))
1142 dev[0].wait_disconnected(timeout=1)
1144 def test_ap_wpa2_psk_supp_proto_ie_mismatch(dev, apdev):
1145 """WPA2-PSK supplicant protocol testing: IE mismatch"""
1146 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1148 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1149 msg = recv_eapol(hapd)
1150 dev[0].dump_monitor()
1152 # Build own EAPOL-Key msg 1/4
1153 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1155 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1157 send_eapol(dev[0], addr, build_eapol(msg))
1158 msg = recv_eapol(dev[0])
1159 snonce = msg['rsn_key_nonce']
1161 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1163 logger.debug("Msg 3/4 with mismatching IE")
1164 dev[0].dump_monitor()
1165 wrapped = aes_wrap(kek, pad_key_data(binascii.unhexlify('30060100000fac04dd16000fac010100dc11188831bf4aa4a8678d2b41498618')))
1166 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1168 send_eapol(dev[0], addr, build_eapol(msg))
1169 dev[0].wait_disconnected(timeout=1)
1171 def test_ap_wpa2_psk_supp_proto_ok(dev, apdev):
1172 """WPA2-PSK supplicant protocol testing: success"""
1173 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1175 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1176 msg = recv_eapol(hapd)
1177 dev[0].dump_monitor()
1179 # Build own EAPOL-Key msg 1/4
1180 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1182 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1184 send_eapol(dev[0], addr, build_eapol(msg))
1185 msg = recv_eapol(dev[0])
1186 snonce = msg['rsn_key_nonce']
1188 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1190 logger.debug("Valid EAPOL-Key msg 3/4")
1191 dev[0].dump_monitor()
1192 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
1193 wrapped = aes_wrap(kek, pad_key_data(plain))
1194 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1196 send_eapol(dev[0], addr, build_eapol(msg))
1197 dev[0].wait_connected(timeout=1)
1199 def test_ap_wpa2_psk_supp_proto_no_gtk(dev, apdev):
1200 """WPA2-PSK supplicant protocol testing: no GTK"""
1201 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1203 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1204 msg = recv_eapol(hapd)
1205 dev[0].dump_monitor()
1207 # Build own EAPOL-Key msg 1/4
1208 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1210 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1212 send_eapol(dev[0], addr, build_eapol(msg))
1213 msg = recv_eapol(dev[0])
1214 snonce = msg['rsn_key_nonce']
1216 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1218 logger.debug("EAPOL-Key msg 3/4 without GTK KDE")
1219 dev[0].dump_monitor()
1220 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00')
1221 wrapped = aes_wrap(kek, pad_key_data(plain))
1222 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1224 send_eapol(dev[0], addr, build_eapol(msg))
1225 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.1)
1227 raise Exception("Unexpected connection completion reported")
1229 def test_ap_wpa2_psk_supp_proto_anonce_change(dev, apdev):
1230 """WPA2-PSK supplicant protocol testing: ANonce change"""
1231 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1233 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1234 msg = recv_eapol(hapd)
1235 dev[0].dump_monitor()
1237 # Build own EAPOL-Key msg 1/4
1238 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1240 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1242 send_eapol(dev[0], addr, build_eapol(msg))
1243 msg = recv_eapol(dev[0])
1244 snonce = msg['rsn_key_nonce']
1246 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1248 logger.debug("Valid EAPOL-Key msg 3/4")
1249 dev[0].dump_monitor()
1250 anonce2 = binascii.unhexlify('3333333333333333333333333333333333333333333333333333333333333333')
1251 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
1252 wrapped = aes_wrap(kek, pad_key_data(plain))
1253 msg = build_eapol_key_3_4(anonce2, kck, wrapped, replay_counter=counter)
1255 send_eapol(dev[0], addr, build_eapol(msg))
1256 ev = dev[0].wait_event(["WPA: ANonce from message 1 of 4-Way Handshake differs from 3 of 4-Way Handshake"])
1258 raise Exception("ANonce change not reported")
1260 def test_ap_wpa2_psk_supp_proto_unexpected_group_msg(dev, apdev):
1261 """WPA2-PSK supplicant protocol testing: unexpected group message"""
1262 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1264 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1265 msg = recv_eapol(hapd)
1266 dev[0].dump_monitor()
1268 # Build own EAPOL-Key msg 1/4
1269 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1271 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1273 send_eapol(dev[0], addr, build_eapol(msg))
1274 msg = recv_eapol(dev[0])
1275 snonce = msg['rsn_key_nonce']
1277 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1279 logger.debug("Group key 1/2 instead of msg 3/4")
1280 dev[0].dump_monitor()
1281 wrapped = aes_wrap(kek, binascii.unhexlify('dd16000fac010100dc11188831bf4aa4a8678d2b41498618'))
1282 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
1285 send_eapol(dev[0], addr, build_eapol(msg))
1286 ev = dev[0].wait_event(["WPA: Group Key Handshake started prior to completion of 4-way handshake"])
1288 raise Exception("Unexpected group key message not reported")
1289 dev[0].wait_disconnected(timeout=1)
1291 def test_ap_wpa2_psk_supp_proto_msg_1_invalid_kde(dev, apdev):
1292 """WPA2-PSK supplicant protocol testing: invalid KDE in msg 1/4"""
1293 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1295 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1296 msg = recv_eapol(hapd)
1297 dev[0].dump_monitor()
1299 # Build own EAPOL-Key msg 1/4 with invalid KDE
1300 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1302 msg = build_eapol_key_1_4(anonce, replay_counter=counter,
1303 key_data=binascii.unhexlify('5555'))
1305 send_eapol(dev[0], addr, build_eapol(msg))
1306 dev[0].wait_disconnected(timeout=1)
1308 def test_ap_wpa2_psk_supp_proto_wrong_pairwise_key_len(dev, apdev):
1309 """WPA2-PSK supplicant protocol testing: wrong pairwise key length"""
1310 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1312 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1313 msg = recv_eapol(hapd)
1314 dev[0].dump_monitor()
1316 # Build own EAPOL-Key msg 1/4
1317 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1319 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1321 send_eapol(dev[0], addr, build_eapol(msg))
1322 msg = recv_eapol(dev[0])
1323 snonce = msg['rsn_key_nonce']
1325 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1327 logger.debug("Valid EAPOL-Key msg 3/4")
1328 dev[0].dump_monitor()
1329 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
1330 wrapped = aes_wrap(kek, pad_key_data(plain))
1331 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
1334 send_eapol(dev[0], addr, build_eapol(msg))
1335 ev = dev[0].wait_event(["WPA: Invalid CCMP key length 15"])
1337 raise Exception("Invalid CCMP key length not reported")
1338 dev[0].wait_disconnected(timeout=1)
1340 def test_ap_wpa2_psk_supp_proto_wrong_group_key_len(dev, apdev):
1341 """WPA2-PSK supplicant protocol testing: wrong group key length"""
1342 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1344 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1345 msg = recv_eapol(hapd)
1346 dev[0].dump_monitor()
1348 # Build own EAPOL-Key msg 1/4
1349 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1351 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1353 send_eapol(dev[0], addr, build_eapol(msg))
1354 msg = recv_eapol(dev[0])
1355 snonce = msg['rsn_key_nonce']
1357 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1359 logger.debug("Valid EAPOL-Key msg 3/4")
1360 dev[0].dump_monitor()
1361 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd15000fac010100dc11188831bf4aa4a8678d2b414986')
1362 wrapped = aes_wrap(kek, pad_key_data(plain))
1363 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1365 send_eapol(dev[0], addr, build_eapol(msg))
1366 ev = dev[0].wait_event(["WPA: Unsupported CCMP Group Cipher key length 15"])
1368 raise Exception("Invalid CCMP key length not reported")
1369 dev[0].wait_disconnected(timeout=1)
1371 def test_ap_wpa2_psk_supp_proto_gtk_tx_bit_workaround(dev, apdev):
1372 """WPA2-PSK supplicant protocol testing: GTK TX bit workaround"""
1373 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1375 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1376 msg = recv_eapol(hapd)
1377 dev[0].dump_monitor()
1379 # Build own EAPOL-Key msg 1/4
1380 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1382 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1384 send_eapol(dev[0], addr, build_eapol(msg))
1385 msg = recv_eapol(dev[0])
1386 snonce = msg['rsn_key_nonce']
1388 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1390 logger.debug("Valid EAPOL-Key msg 3/4")
1391 dev[0].dump_monitor()
1392 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010500dc11188831bf4aa4a8678d2b41498618')
1393 wrapped = aes_wrap(kek, pad_key_data(plain))
1394 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1396 send_eapol(dev[0], addr, build_eapol(msg))
1397 ev = dev[0].wait_event(["WPA: Tx bit set for GTK, but pairwise keys are used - ignore Tx bit"])
1399 raise Exception("GTK Tx bit workaround not reported")
1400 dev[0].wait_connected(timeout=1)
1402 def test_ap_wpa2_psk_supp_proto_gtk_keyidx_0_and_3(dev, apdev):
1403 """WPA2-PSK supplicant protocol testing: GTK key index 0 and 3"""
1404 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1406 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1407 msg = recv_eapol(hapd)
1408 dev[0].dump_monitor()
1410 # Build own EAPOL-Key msg 1/4
1411 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1413 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1415 send_eapol(dev[0], addr, build_eapol(msg))
1416 msg = recv_eapol(dev[0])
1417 snonce = msg['rsn_key_nonce']
1419 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1421 logger.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)")
1422 dev[0].dump_monitor()
1423 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618')
1424 wrapped = aes_wrap(kek, pad_key_data(plain))
1425 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1427 send_eapol(dev[0], addr, build_eapol(msg))
1428 dev[0].wait_connected(timeout=1)
1430 logger.debug("Valid EAPOL-Key group msg 1/2 (GTK keyidx 3)")
1431 dev[0].dump_monitor()
1432 plain = binascii.unhexlify('dd16000fac010300dc11188831bf4aa4a8678d2b41498618')
1433 wrapped = aes_wrap(kek, pad_key_data(plain))
1434 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
1437 send_eapol(dev[0], addr, build_eapol(msg))
1438 msg = recv_eapol(dev[0])
1439 ev = dev[0].wait_event(["WPA: Group rekeying completed"])
1441 raise Exception("GTK rekeing not reported")
1443 logger.debug("Unencrypted GTK KDE in group msg 1/2")
1444 dev[0].dump_monitor()
1445 plain = binascii.unhexlify('dd16000fac010300dc11188831bf4aa4a8678d2b41498618')
1446 msg = build_eapol_key_3_4(anonce, kck, plain, replay_counter=counter,
1449 send_eapol(dev[0], addr, build_eapol(msg))
1450 ev = dev[0].wait_event(["WPA: GTK IE in unencrypted key data"])
1452 raise Exception("Unencrypted GTK KDE not reported")
1453 dev[0].wait_disconnected(timeout=1)
1455 def test_ap_wpa2_psk_supp_proto_no_gtk_in_group_msg(dev, apdev):
1456 """WPA2-PSK supplicant protocol testing: GTK KDE missing from group msg"""
1457 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1459 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1460 msg = recv_eapol(hapd)
1461 dev[0].dump_monitor()
1463 # Build own EAPOL-Key msg 1/4
1464 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1466 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1468 send_eapol(dev[0], addr, build_eapol(msg))
1469 msg = recv_eapol(dev[0])
1470 snonce = msg['rsn_key_nonce']
1472 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1474 logger.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)")
1475 dev[0].dump_monitor()
1476 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618')
1477 wrapped = aes_wrap(kek, pad_key_data(plain))
1478 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1480 send_eapol(dev[0], addr, build_eapol(msg))
1481 dev[0].wait_connected(timeout=1)
1483 logger.debug("No GTK KDE in EAPOL-Key group msg 1/2")
1484 dev[0].dump_monitor()
1485 plain = binascii.unhexlify('dd00dd00dd00dd00dd00dd00dd00dd00')
1486 wrapped = aes_wrap(kek, pad_key_data(plain))
1487 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
1490 send_eapol(dev[0], addr, build_eapol(msg))
1491 ev = dev[0].wait_event(["WPA: No GTK IE in Group Key msg 1/2"])
1493 raise Exception("Missing GTK KDE not reported")
1494 dev[0].wait_disconnected(timeout=1)
1496 def test_ap_wpa2_psk_supp_proto_too_long_gtk_in_group_msg(dev, apdev):
1497 """WPA2-PSK supplicant protocol testing: too long GTK KDE in group msg"""
1498 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1500 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1501 msg = recv_eapol(hapd)
1502 dev[0].dump_monitor()
1504 # Build own EAPOL-Key msg 1/4
1505 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1507 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1509 send_eapol(dev[0], addr, build_eapol(msg))
1510 msg = recv_eapol(dev[0])
1511 snonce = msg['rsn_key_nonce']
1513 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1515 logger.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)")
1516 dev[0].dump_monitor()
1517 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618')
1518 wrapped = aes_wrap(kek, pad_key_data(plain))
1519 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1521 send_eapol(dev[0], addr, build_eapol(msg))
1522 dev[0].wait_connected(timeout=1)
1524 logger.debug("EAPOL-Key group msg 1/2 with too long GTK KDE")
1525 dev[0].dump_monitor()
1526 plain = binascii.unhexlify('dd27000fac010100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff')
1527 wrapped = aes_wrap(kek, pad_key_data(plain))
1528 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
1531 send_eapol(dev[0], addr, build_eapol(msg))
1532 ev = dev[0].wait_event(["WPA: Unsupported CCMP Group Cipher key length 33"])
1534 raise Exception("Too long GTK KDE not reported")
1535 dev[0].wait_disconnected(timeout=1)
1537 def test_ap_wpa2_psk_supp_proto_too_long_gtk_kde(dev, apdev):
1538 """WPA2-PSK supplicant protocol testing: too long GTK KDE"""
1539 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1541 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1542 msg = recv_eapol(hapd)
1543 dev[0].dump_monitor()
1545 # Build own EAPOL-Key msg 1/4
1546 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1548 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1550 send_eapol(dev[0], addr, build_eapol(msg))
1551 msg = recv_eapol(dev[0])
1552 snonce = msg['rsn_key_nonce']
1554 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1556 logger.debug("EAPOL-Key msg 3/4 with too short GTK KDE")
1557 dev[0].dump_monitor()
1558 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd27000fac010100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff')
1559 wrapped = aes_wrap(kek, pad_key_data(plain))
1560 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1562 send_eapol(dev[0], addr, build_eapol(msg))
1563 dev[0].wait_disconnected(timeout=1)
1565 def test_ap_wpa2_psk_supp_proto_gtk_not_encrypted(dev, apdev):
1566 """WPA2-PSK supplicant protocol testing: GTK KDE not encrypted"""
1567 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1569 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1570 msg = recv_eapol(hapd)
1571 dev[0].dump_monitor()
1573 # Build own EAPOL-Key msg 1/4
1574 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1576 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1578 send_eapol(dev[0], addr, build_eapol(msg))
1579 msg = recv_eapol(dev[0])
1580 snonce = msg['rsn_key_nonce']
1582 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1584 logger.debug("Valid EAPOL-Key msg 3/4")
1585 dev[0].dump_monitor()
1586 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
1587 msg = build_eapol_key_3_4(anonce, kck, plain, replay_counter=counter,
1590 send_eapol(dev[0], addr, build_eapol(msg))
1591 ev = dev[0].wait_event(["WPA: GTK IE in unencrypted key data"])
1593 raise Exception("Unencrypted GTK KDE not reported")
1594 dev[0].wait_disconnected(timeout=1)
1596 def find_wpas_process(dev):
1598 cmd = subprocess.Popen(['ps', 'ax'], stdout=subprocess.PIPE)
1599 (data,err) = cmd.communicate()
1600 for l in data.splitlines():
1601 if "wpa_supplicant" not in l:
1603 if "-i" + ifname not in l:
1605 return int(l.strip().split(' ')[0])
1606 raise Exception("Could not find wpa_supplicant process")
1608 def read_process_memory(pid, key=None):
1610 with open('/proc/%d/maps' % pid, 'r') as maps, \
1611 open('/proc/%d/mem' % pid, 'r') as mem:
1612 for l in maps.readlines():
1613 m = re.match(r'([0-9a-f]+)-([0-9a-f]+) ([-r][-w][-x][-p])', l)
1616 start = int(m.group(1), 16)
1617 end = int(m.group(2), 16)
1619 if start > 0xffffffffffff:
1623 if not perm.startswith('rw'):
1626 data = mem.read(end - start)
1628 if key and key in data:
1629 logger.info("Key found in " + l)
1632 def verify_not_present(buf, key, fname, keyname):
1637 prefix = 2048 if pos > 2048 else pos
1638 with open(fname + keyname, 'w') as f:
1639 f.write(buf[pos - prefix:pos + 2048])
1640 raise Exception(keyname + " found after disassociation")
1642 def get_key_locations(buf, key, keyname):
1646 pos = buf.find(key, pos)
1649 logger.info("Found %s at %d" % (keyname, pos))
1654 def test_wpa2_psk_key_lifetime_in_memory(dev, apdev, params):
1655 """WPA2-PSK and PSK/PTK lifetime in memory"""
1656 ssid = "test-wpa2-psk"
1657 passphrase = 'qwertyuiop'
1658 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
1659 pmk = binascii.unhexlify(psk)
1660 p = hostapd.wpa2_params(ssid=ssid)
1662 hapd = hostapd.add_ap(apdev[0]['ifname'], p)
1664 pid = find_wpas_process(dev[0])
1666 id = dev[0].connect(ssid, raw_psk=psk, scan_freq="2412",
1667 only_add_network=True)
1669 logger.info("Checking keys in memory after network profile configuration")
1670 buf = read_process_memory(pid, pmk)
1671 get_key_locations(buf, pmk, "PMK")
1673 dev[0].request("REMOVE_NETWORK all")
1674 logger.info("Checking keys in memory after network profile removal")
1675 buf = read_process_memory(pid, pmk)
1676 get_key_locations(buf, pmk, "PMK")
1678 id = dev[0].connect(ssid, psk=passphrase, scan_freq="2412",
1679 only_add_network=True)
1681 logger.info("Checking keys in memory before connection")
1682 buf = read_process_memory(pid, pmk)
1683 get_key_locations(buf, pmk, "PMK")
1685 dev[0].connect_network(id, timeout=20)
1688 buf = read_process_memory(pid, pmk)
1690 dev[0].request("DISCONNECT")
1691 dev[0].wait_disconnected()
1696 with open(os.path.join(params['logdir'], 'log0'), 'r') as f:
1697 for l in f.readlines():
1698 if "WPA: PTK - hexdump" in l:
1699 val = l.strip().split(':')[3].replace(' ', '')
1700 ptk = binascii.unhexlify(val)
1701 if "WPA: Group Key - hexdump" in l:
1702 val = l.strip().split(':')[3].replace(' ', '')
1703 gtk = binascii.unhexlify(val)
1704 if not pmk or not ptk or not gtk:
1705 raise Exception("Could not find keys from debug log")
1707 raise Exception("Unexpected GTK length")
1713 logger.info("Checking keys in memory while associated")
1714 get_key_locations(buf, pmk, "PMK")
1716 raise HwsimSkip("PMK not found while associated")
1718 raise Exception("KCK not found while associated")
1720 raise Exception("KEK not found while associated")
1722 raise Exception("TK found from memory")
1724 raise Exception("GTK found from memory")
1726 logger.info("Checking keys in memory after disassociation")
1727 buf = read_process_memory(pid, pmk)
1728 get_key_locations(buf, pmk, "PMK")
1730 # Note: PMK/PSK is still present in network configuration
1732 fname = os.path.join(params['logdir'],
1733 'wpa2_psk_key_lifetime_in_memory.memctx-')
1734 verify_not_present(buf, kck, fname, "KCK")
1735 verify_not_present(buf, kek, fname, "KEK")
1736 verify_not_present(buf, tk, fname, "TK")
1737 verify_not_present(buf, gtk, fname, "GTK")
1739 dev[0].request("REMOVE_NETWORK all")
1741 logger.info("Checking keys in memory after network profile removal")
1742 buf = read_process_memory(pid, pmk)
1743 get_key_locations(buf, pmk, "PMK")
1745 verify_not_present(buf, pmk, fname, "PMK")
1746 verify_not_present(buf, kck, fname, "KCK")
1747 verify_not_present(buf, kek, fname, "KEK")
1748 verify_not_present(buf, tk, fname, "TK")
1749 verify_not_present(buf, gtk, fname, "GTK")
1751 def test_ap_wpa2_psk_wep(dev, apdev):
1752 """WPA2-PSK AP and WEP enabled"""
1753 ssid = "test-wpa2-psk"
1754 passphrase = 'qwertyuiop'
1755 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
1756 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
1758 hapd.set('wep_key0', '"hello"')
1759 raise Exception("WEP key accepted to WPA2 network")
1763 def test_ap_wpa2_psk_wpas_in_bridge(dev, apdev):
1764 """WPA2-PSK AP and wpas interface in a bridge"""
1768 _test_ap_wpa2_psk_wpas_in_bridge(dev, apdev)
1770 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'down'])
1771 subprocess.call(['brctl', 'delif', br_ifname, ifname])
1772 subprocess.call(['brctl', 'delbr', br_ifname])
1773 subprocess.call(['iw', ifname, 'set', '4addr', 'off'])
1775 def _test_ap_wpa2_psk_wpas_in_bridge(dev, apdev):
1776 ssid = "test-wpa2-psk"
1777 passphrase = 'qwertyuiop'
1778 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
1779 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
1783 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
1784 subprocess.call(['brctl', 'addbr', br_ifname])
1785 subprocess.call(['brctl', 'setfd', br_ifname, '0'])
1786 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'up'])
1787 subprocess.call(['iw', ifname, 'set', '4addr', 'on'])
1788 subprocess.check_call(['brctl', 'addif', br_ifname, ifname])
1789 wpas.interface_add(ifname, br_ifname=br_ifname)
1791 wpas.connect(ssid, psk=passphrase, scan_freq="2412")
1793 def test_ap_wpa2_psk_ifdown(dev, apdev):
1794 """AP with open mode and external ifconfig down"""
1795 ssid = "test-wpa2-psk"
1796 passphrase = 'qwertyuiop'
1797 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
1798 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
1799 bssid = apdev[0]['bssid']
1801 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
1802 subprocess.call(['ip', 'link', 'set', 'dev', apdev[0]['ifname'], 'down'])
1803 ev = hapd.wait_event(["INTERFACE-DISABLED"], timeout=10)
1805 raise Exception("No INTERFACE-DISABLED event")
1806 # this wait tests beacon loss detection in mac80211
1807 dev[0].wait_disconnected()
1808 subprocess.call(['ip', 'link', 'set', 'dev', apdev[0]['ifname'], 'up'])
1809 ev = hapd.wait_event(["INTERFACE-ENABLED"], timeout=10)
1811 raise Exception("No INTERFACE-ENABLED event")
1812 dev[0].wait_connected()
1813 hwsim_utils.test_connectivity(dev[0], hapd)
1815 def test_ap_wpa2_psk_drop_first_msg_4(dev, apdev):
1816 """WPA2-PSK and first EAPOL-Key msg 4/4 dropped"""
1817 bssid = apdev[0]['bssid']
1818 ssid = "test-wpa2-psk"
1819 passphrase = 'qwertyuiop'
1820 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
1821 params = hostapd.wpa2_params(ssid=ssid)
1822 params['wpa_psk'] = psk
1823 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
1824 hapd.request("SET ext_eapol_frame_io 1")
1825 dev[0].request("SET ext_eapol_frame_io 1")
1826 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
1827 addr = dev[0].own_addr()
1830 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1832 raise Exception("Timeout on EAPOL-TX from hostapd")
1833 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
1835 raise Exception("EAPOL_RX to wpa_supplicant failed")
1838 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
1840 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1841 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
1843 raise Exception("EAPOL_RX to hostapd failed")
1846 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1848 raise Exception("Timeout on EAPOL-TX from hostapd")
1849 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
1851 raise Exception("EAPOL_RX to wpa_supplicant failed")
1854 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
1856 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1857 logger.info("Drop the first EAPOL-Key msg 4/4")
1859 # wpa_supplicant believes now that 4-way handshake succeeded; hostapd
1860 # doesn't. Use normal EAPOL TX/RX to handle retries.
1861 hapd.request("SET ext_eapol_frame_io 0")
1862 dev[0].request("SET ext_eapol_frame_io 0")
1863 dev[0].wait_connected()
1865 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
1867 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
1869 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=0.1)
1871 logger.info("Disconnection detected")
1872 # The EAPOL-Key retries are supposed to allow the connection to be
1873 # established without having to reassociate. However, this does not
1874 # currently work since mac80211 ends up encrypting EAPOL-Key msg 4/4
1875 # after the pairwise key has been configured and AP will drop those and
1876 # disconnect the station after reaching retransmission limit. Connection
1877 # is then established after reassociation. Once that behavior has been
1878 # optimized to prevent EAPOL-Key frame encryption for retransmission
1879 # case, this exception can be uncommented here.
1880 #raise Exception("Unexpected disconnection")
1882 def test_ap_wpa2_psk_disable_enable(dev, apdev):
1883 """WPA2-PSK AP getting disabled and re-enabled"""
1884 ssid = "test-wpa2-psk"
1885 passphrase = 'qwertyuiop'
1886 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
1887 params = hostapd.wpa2_params(ssid=ssid)
1888 params['wpa_psk'] = psk
1889 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
1890 dev[0].connect(ssid, raw_psk=psk, scan_freq="2412")
1893 hapd.request("DISABLE")
1894 dev[0].wait_disconnected()
1895 hapd.request("ENABLE")
1896 dev[0].wait_connected()
1897 hwsim_utils.test_connectivity(dev[0], hapd)
1899 def test_ap_wpa2_psk_incorrect_passphrase(dev, apdev):
1900 """WPA2-PSK AP and station using incorrect passphrase"""
1901 ssid = "test-wpa2-psk"
1902 passphrase = 'qwertyuiop'
1903 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
1904 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
1905 dev[0].connect(ssid, psk="incorrect passphrase", scan_freq="2412",
1907 ev = hapd.wait_event(["AP-STA-POSSIBLE-PSK-MISMATCH"], timeout=10)
1909 raise Exception("No AP-STA-POSSIBLE-PSK-MISMATCH reported")
1910 dev[0].dump_monitor()
1913 hapd.set("wpa_passphrase", "incorrect passphrase")
1916 dev[0].wait_connected(timeout=20)