2 # Copyright (c) 2014, Qualcomm Atheros, Inc.
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
8 from Crypto.Cipher import AES
12 logger = logging.getLogger()
20 from utils import HwsimSkip, fail_test, skip_with_fips
22 from wpasupplicant import WpaSupplicant
24 def check_mib(dev, vals):
28 raise Exception("Unexpected {} = {} (expected {})".format(v[0], mib[v[0]], v[1]))
30 def test_ap_wpa2_psk(dev, apdev):
31 """WPA2-PSK AP with PSK instead of passphrase"""
32 ssid = "test-wpa2-psk"
33 passphrase = 'qwertyuiop'
34 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
35 params = hostapd.wpa2_params(ssid=ssid)
36 params['wpa_psk'] = psk
37 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
38 key_mgmt = hapd.get_config()['key_mgmt']
39 if key_mgmt.split(' ')[0] != "WPA-PSK":
40 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
41 dev[0].connect(ssid, raw_psk=psk, scan_freq="2412")
42 dev[1].connect(ssid, psk=passphrase, scan_freq="2412")
44 sig = dev[0].request("SIGNAL_POLL").splitlines()
45 pkt = dev[0].request("PKTCNT_POLL").splitlines()
46 if "FREQUENCY=2412" not in sig:
47 raise Exception("Unexpected SIGNAL_POLL value: " + str(sig))
48 if "TXBAD=0" not in pkt:
49 raise Exception("Unexpected TXBAD value: " + str(pkt))
51 def test_ap_wpa2_psk_file(dev, apdev):
52 """WPA2-PSK AP with PSK from a file"""
53 ssid = "test-wpa2-psk"
54 passphrase = 'qwertyuiop'
55 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
56 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
57 params['wpa_psk_file'] = 'hostapd.wpa_psk'
58 hostapd.add_ap(apdev[0]['ifname'], params)
59 dev[1].connect(ssid, psk="very secret", scan_freq="2412", wait_connect=False)
60 dev[2].connect(ssid, raw_psk=psk, scan_freq="2412")
61 dev[2].request("REMOVE_NETWORK all")
62 dev[0].connect(ssid, psk="very secret", scan_freq="2412")
63 dev[0].request("REMOVE_NETWORK all")
64 dev[2].connect(ssid, psk="another passphrase for all STAs", scan_freq="2412")
65 dev[0].connect(ssid, psk="another passphrase for all STAs", scan_freq="2412")
66 ev = dev[1].wait_event(["WPA: 4-Way Handshake failed"], timeout=10)
68 raise Exception("Timed out while waiting for failure report")
69 dev[1].request("REMOVE_NETWORK all")
71 def test_ap_wpa2_psk_mem(dev, apdev):
72 """WPA2-PSK AP with passphrase only in memory"""
74 _test_ap_wpa2_psk_mem(dev, apdev)
76 dev[0].request("SCAN_INTERVAL 5")
77 dev[1].request("SCAN_INTERVAL 5")
79 def _test_ap_wpa2_psk_mem(dev, apdev):
80 ssid = "test-wpa2-psk"
81 passphrase = 'qwertyuiop'
82 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
83 params = hostapd.wpa2_params(ssid=ssid)
84 params['wpa_psk'] = psk
85 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
87 dev[0].connect(ssid, mem_only_psk="1", scan_freq="2412", wait_connect=False)
88 dev[0].request("SCAN_INTERVAL 1")
89 ev = dev[0].wait_event(["CTRL-REQ-PSK_PASSPHRASE"], timeout=10)
91 raise Exception("Request for PSK/passphrase timed out")
92 id = ev.split(':')[0].split('-')[-1]
93 dev[0].request("CTRL-RSP-PSK_PASSPHRASE-" + id + ':"' + passphrase + '"')
94 dev[0].wait_connected(timeout=10)
96 dev[1].connect(ssid, mem_only_psk="1", scan_freq="2412", wait_connect=False)
97 dev[1].request("SCAN_INTERVAL 1")
98 ev = dev[1].wait_event(["CTRL-REQ-PSK_PASSPHRASE"], timeout=10)
100 raise Exception("Request for PSK/passphrase timed out(2)")
101 id = ev.split(':')[0].split('-')[-1]
102 dev[1].request("CTRL-RSP-PSK_PASSPHRASE-" + id + ':' + psk)
103 dev[1].wait_connected(timeout=10)
105 def test_ap_wpa2_ptk_rekey(dev, apdev):
106 """WPA2-PSK AP and PTK rekey enforced by station"""
107 ssid = "test-wpa2-psk"
108 passphrase = 'qwertyuiop'
109 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
110 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
111 dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412")
112 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
114 raise Exception("PTK rekey timed out")
115 hwsim_utils.test_connectivity(dev[0], hapd)
117 def test_ap_wpa2_ptk_rekey_ap(dev, apdev):
118 """WPA2-PSK AP and PTK rekey enforced by AP"""
119 ssid = "test-wpa2-psk"
120 passphrase = 'qwertyuiop'
121 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
122 params['wpa_ptk_rekey'] = '2'
123 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
124 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
125 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
127 raise Exception("PTK rekey timed out")
128 hwsim_utils.test_connectivity(dev[0], hapd)
130 def test_ap_wpa2_sha256_ptk_rekey(dev, apdev):
131 """WPA2-PSK/SHA256 AKM AP and PTK rekey enforced by station"""
132 ssid = "test-wpa2-psk"
133 passphrase = 'qwertyuiop'
134 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
135 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
136 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
137 dev[0].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK-SHA256",
138 wpa_ptk_rekey="1", scan_freq="2412")
139 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
141 raise Exception("PTK rekey timed out")
142 hwsim_utils.test_connectivity(dev[0], hapd)
143 check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-6"),
144 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-6") ])
146 def test_ap_wpa2_sha256_ptk_rekey_ap(dev, apdev):
147 """WPA2-PSK/SHA256 AKM AP and PTK rekey enforced by AP"""
148 ssid = "test-wpa2-psk"
149 passphrase = 'qwertyuiop'
150 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
151 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
152 params['wpa_ptk_rekey'] = '2'
153 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
154 dev[0].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK-SHA256",
156 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
158 raise Exception("PTK rekey timed out")
159 hwsim_utils.test_connectivity(dev[0], hapd)
160 check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-6"),
161 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-6") ])
163 def test_ap_wpa_ptk_rekey(dev, apdev):
164 """WPA-PSK/TKIP AP and PTK rekey enforced by station"""
165 skip_with_fips(dev[0])
166 ssid = "test-wpa-psk"
167 passphrase = 'qwertyuiop'
168 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
169 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
170 dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412")
171 if "[WPA-PSK-TKIP]" not in dev[0].request("SCAN_RESULTS"):
172 raise Exception("Scan results missing WPA element info")
173 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
175 raise Exception("PTK rekey timed out")
176 hwsim_utils.test_connectivity(dev[0], hapd)
178 def test_ap_wpa_ptk_rekey_ap(dev, apdev):
179 """WPA-PSK/TKIP AP and PTK rekey enforced by AP"""
180 skip_with_fips(dev[0])
181 ssid = "test-wpa-psk"
182 passphrase = 'qwertyuiop'
183 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
184 params['wpa_ptk_rekey'] = '2'
185 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
186 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
187 ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=10)
189 raise Exception("PTK rekey timed out")
190 hwsim_utils.test_connectivity(dev[0], hapd)
192 def test_ap_wpa_ccmp(dev, apdev):
194 ssid = "test-wpa-psk"
195 passphrase = 'qwertyuiop'
196 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
197 params['wpa_pairwise'] = "CCMP"
198 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
199 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
200 hwsim_utils.test_connectivity(dev[0], hapd)
201 check_mib(dev[0], [ ("dot11RSNAConfigGroupCipherSize", "128"),
202 ("dot11RSNAGroupCipherRequested", "00-50-f2-4"),
203 ("dot11RSNAPairwiseCipherRequested", "00-50-f2-4"),
204 ("dot11RSNAAuthenticationSuiteRequested", "00-50-f2-2"),
205 ("dot11RSNAGroupCipherSelected", "00-50-f2-4"),
206 ("dot11RSNAPairwiseCipherSelected", "00-50-f2-4"),
207 ("dot11RSNAAuthenticationSuiteSelected", "00-50-f2-2"),
208 ("dot1xSuppSuppControlledPortStatus", "Authorized") ])
210 def test_ap_wpa2_psk_file(dev, apdev):
211 """WPA2-PSK AP with various PSK file error and success cases"""
212 addr0 = dev[0].own_addr()
213 addr1 = dev[1].own_addr()
214 addr2 = dev[2].own_addr()
216 pskfile = "/tmp/ap_wpa2_psk_file_errors.psk_file"
222 params = { "ssid": ssid, "wpa": "2", "wpa_key_mgmt": "WPA-PSK",
223 "rsn_pairwise": "CCMP", "wpa_psk_file": pskfile }
227 hapd = hostapd.add_ap(apdev[0]['ifname'], params, no_enable=True)
228 if "FAIL" not in hapd.request("ENABLE"):
229 raise Exception("Unexpected ENABLE success")
230 hapd.request("DISABLE")
232 # invalid MAC address
233 with open(pskfile, "w") as f:
236 if "FAIL" not in hapd.request("ENABLE"):
237 raise Exception("Unexpected ENABLE success")
238 hapd.request("DISABLE")
241 with open(pskfile, "w") as f:
242 f.write("00:11:22:33:44:55\n")
243 if "FAIL" not in hapd.request("ENABLE"):
244 raise Exception("Unexpected ENABLE success")
245 hapd.request("DISABLE")
248 with open(pskfile, "w") as f:
249 f.write("00:11:22:33:44:55 1234567\n")
250 if "FAIL" not in hapd.request("ENABLE"):
251 raise Exception("Unexpected ENABLE success")
252 hapd.request("DISABLE")
255 with open(pskfile, "w") as f:
256 f.write("00:11:22:33:44:55 12345678\n")
257 f.write(addr0 + " 123456789\n")
258 f.write(addr1 + " 123456789a\n")
259 f.write(addr2 + " 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\n")
260 if "FAIL" in hapd.request("ENABLE"):
261 raise Exception("Unexpected ENABLE failure")
263 dev[0].connect(ssid, psk="123456789", scan_freq="2412")
264 dev[1].connect(ssid, psk="123456789a", scan_freq="2412")
265 dev[2].connect(ssid, raw_psk="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef", scan_freq="2412")
273 def test_ap_wpa2_psk_wildcard_ssid(dev, apdev):
274 """WPA2-PSK AP and wildcard SSID configuration"""
275 ssid = "test-wpa2-psk"
276 passphrase = 'qwertyuiop'
277 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
278 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
279 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
280 dev[0].connect("", bssid=apdev[0]['bssid'], psk=passphrase,
282 dev[1].connect("", bssid=apdev[0]['bssid'], raw_psk=psk, scan_freq="2412")
284 def test_ap_wpa2_gtk_rekey(dev, apdev):
285 """WPA2-PSK AP and GTK rekey enforced by AP"""
286 ssid = "test-wpa2-psk"
287 passphrase = 'qwertyuiop'
288 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
289 params['wpa_group_rekey'] = '1'
290 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
291 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
292 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
294 raise Exception("GTK rekey timed out")
295 hwsim_utils.test_connectivity(dev[0], hapd)
297 def test_ap_wpa_gtk_rekey(dev, apdev):
298 """WPA-PSK/TKIP AP and GTK rekey enforced by AP"""
299 skip_with_fips(dev[0])
300 ssid = "test-wpa-psk"
301 passphrase = 'qwertyuiop'
302 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
303 params['wpa_group_rekey'] = '1'
304 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
305 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
306 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
308 raise Exception("GTK rekey timed out")
309 hwsim_utils.test_connectivity(dev[0], hapd)
311 def test_ap_wpa2_gmk_rekey(dev, apdev):
312 """WPA2-PSK AP and GMK and GTK rekey enforced by AP"""
313 ssid = "test-wpa2-psk"
314 passphrase = 'qwertyuiop'
315 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
316 params['wpa_group_rekey'] = '1'
317 params['wpa_gmk_rekey'] = '2'
318 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
319 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
320 for i in range(0, 3):
321 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
323 raise Exception("GTK rekey timed out")
324 hwsim_utils.test_connectivity(dev[0], hapd)
326 def test_ap_wpa2_strict_rekey(dev, apdev):
327 """WPA2-PSK AP and strict GTK rekey enforced by AP"""
328 ssid = "test-wpa2-psk"
329 passphrase = 'qwertyuiop'
330 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
331 params['wpa_strict_rekey'] = '1'
332 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
333 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
334 dev[1].connect(ssid, psk=passphrase, scan_freq="2412")
335 dev[1].request("DISCONNECT")
336 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
338 raise Exception("GTK rekey timed out")
339 hwsim_utils.test_connectivity(dev[0], hapd)
341 def test_ap_wpa2_bridge_fdb(dev, apdev):
342 """Bridge FDB entry removal"""
344 ssid = "test-wpa2-psk"
345 passphrase = "12345678"
346 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
347 params['bridge'] = 'ap-br0'
348 hostapd.add_ap(apdev[0]['ifname'], params)
349 subprocess.call(['brctl', 'setfd', 'ap-br0', '0'])
350 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
351 dev[0].connect(ssid, psk=passphrase, scan_freq="2412",
352 bssid=apdev[0]['bssid'])
353 dev[1].connect(ssid, psk=passphrase, scan_freq="2412",
354 bssid=apdev[0]['bssid'])
355 addr0 = dev[0].p2p_interface_addr()
356 hwsim_utils.test_connectivity_sta(dev[0], dev[1])
357 cmd = subprocess.Popen(['brctl', 'showmacs', 'ap-br0'],
358 stdout=subprocess.PIPE)
359 macs1 = cmd.stdout.read()
360 dev[0].request("DISCONNECT")
361 dev[1].request("DISCONNECT")
363 cmd = subprocess.Popen(['brctl', 'showmacs', 'ap-br0'],
364 stdout=subprocess.PIPE)
365 macs2 = cmd.stdout.read()
367 addr1 = dev[1].p2p_interface_addr()
368 if addr0 not in macs1 or addr1 not in macs1:
369 raise Exception("Bridge FDB entry missing")
370 if addr0 in macs2 or addr1 in macs2:
371 raise Exception("Bridge FDB entry was not removed")
373 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'])
374 subprocess.call(['brctl', 'delbr', 'ap-br0'])
376 def test_ap_wpa2_already_in_bridge(dev, apdev):
377 """hostapd behavior with interface already in bridge"""
378 ifname = apdev[0]['ifname']
379 br_ifname = 'ext-ap-br0'
381 ssid = "test-wpa2-psk"
382 passphrase = "12345678"
383 subprocess.call(['brctl', 'addbr', br_ifname])
384 subprocess.call(['brctl', 'setfd', br_ifname, '0'])
385 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'up'])
386 subprocess.call(['iw', ifname, 'set', 'type', '__ap'])
387 subprocess.call(['brctl', 'addif', br_ifname, ifname])
388 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
389 hapd = hostapd.add_ap(ifname, params)
390 if hapd.get_driver_status_field('brname') != br_ifname:
391 raise Exception("Bridge name not identified correctly")
392 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
394 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'down'])
395 subprocess.call(['brctl', 'delif', br_ifname, ifname])
396 subprocess.call(['iw', ifname, 'set', 'type', 'station'])
397 subprocess.call(['brctl', 'delbr', br_ifname])
399 def test_ap_wpa2_in_different_bridge(dev, apdev):
400 """hostapd behavior with interface in different bridge"""
401 ifname = apdev[0]['ifname']
402 br_ifname = 'ext-ap-br0'
404 ssid = "test-wpa2-psk"
405 passphrase = "12345678"
406 subprocess.call(['brctl', 'addbr', br_ifname])
407 subprocess.call(['brctl', 'setfd', br_ifname, '0'])
408 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'up'])
409 subprocess.call(['iw', ifname, 'set', 'type', '__ap'])
410 subprocess.call(['brctl', 'addif', br_ifname, ifname])
412 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
413 params['bridge'] = 'ap-br0'
414 hapd = hostapd.add_ap(ifname, params)
415 subprocess.call(['brctl', 'setfd', 'ap-br0', '0'])
416 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
417 brname = hapd.get_driver_status_field('brname')
418 if brname != 'ap-br0':
419 raise Exception("Incorrect bridge: " + brname)
420 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
421 hwsim_utils.test_connectivity_iface(dev[0], hapd, "ap-br0")
422 if hapd.get_driver_status_field("added_bridge") != "1":
423 raise Exception("Unexpected added_bridge value")
424 if hapd.get_driver_status_field("added_if_into_bridge") != "1":
425 raise Exception("Unexpected added_if_into_bridge value")
426 dev[0].request("DISCONNECT")
429 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'down'])
430 subprocess.call(['brctl', 'delif', br_ifname, ifname],
431 stderr=open('/dev/null', 'w'))
432 subprocess.call(['brctl', 'delbr', br_ifname])
434 def test_ap_wpa2_ext_add_to_bridge(dev, apdev):
435 """hostapd behavior with interface added to bridge externally"""
436 ifname = apdev[0]['ifname']
437 br_ifname = 'ext-ap-br0'
439 ssid = "test-wpa2-psk"
440 passphrase = "12345678"
441 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
442 hapd = hostapd.add_ap(ifname, params)
444 subprocess.call(['brctl', 'addbr', br_ifname])
445 subprocess.call(['brctl', 'setfd', br_ifname, '0'])
446 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'up'])
447 subprocess.call(['brctl', 'addif', br_ifname, ifname])
448 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
449 if hapd.get_driver_status_field('brname') != br_ifname:
450 raise Exception("Bridge name not identified correctly")
452 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'down'])
453 subprocess.call(['brctl', 'delif', br_ifname, ifname])
454 subprocess.call(['brctl', 'delbr', br_ifname])
456 def test_ap_wpa2_psk_ext(dev, apdev):
457 """WPA2-PSK AP using external EAPOL I/O"""
458 bssid = apdev[0]['bssid']
459 ssid = "test-wpa2-psk"
460 passphrase = 'qwertyuiop'
461 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
462 params = hostapd.wpa2_params(ssid=ssid)
463 params['wpa_psk'] = psk
464 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
465 hapd.request("SET ext_eapol_frame_io 1")
466 dev[0].request("SET ext_eapol_frame_io 1")
467 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
468 addr = dev[0].p2p_interface_addr()
470 ev = hapd.wait_event(["EAPOL-TX", "AP-STA-CONNECTED"], timeout=15)
472 raise Exception("Timeout on EAPOL-TX from hostapd")
473 if "AP-STA-CONNECTED" in ev:
474 dev[0].wait_connected(timeout=15)
476 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
478 raise Exception("EAPOL_RX to wpa_supplicant failed")
479 ev = dev[0].wait_event(["EAPOL-TX", "CTRL-EVENT-CONNECTED"], timeout=15)
481 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
482 if "CTRL-EVENT-CONNECTED" in ev:
484 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
486 raise Exception("EAPOL_RX to hostapd failed")
488 def parse_eapol(data):
489 (version, type, length) = struct.unpack('>BBH', data[0:4])
491 if length > len(payload):
492 raise Exception("Invalid EAPOL length")
493 if length < len(payload):
494 payload = payload[0:length]
496 eapol['version'] = version
498 eapol['length'] = length
499 eapol['payload'] = payload
502 (eapol['descr_type'],) = struct.unpack('B', payload[0:1])
503 payload = payload[1:]
504 if eapol['descr_type'] == 2 or eapol['descr_type'] == 254:
506 (key_info, key_len) = struct.unpack('>HH', payload[0:4])
507 eapol['rsn_key_info'] = key_info
508 eapol['rsn_key_len'] = key_len
509 eapol['rsn_replay_counter'] = payload[4:12]
510 eapol['rsn_key_nonce'] = payload[12:44]
511 eapol['rsn_key_iv'] = payload[44:60]
512 eapol['rsn_key_rsc'] = payload[60:68]
513 eapol['rsn_key_id'] = payload[68:76]
514 eapol['rsn_key_mic'] = payload[76:92]
515 payload = payload[92:]
516 (eapol['rsn_key_data_len'],) = struct.unpack('>H', payload[0:2])
517 payload = payload[2:]
518 eapol['rsn_key_data'] = payload
521 def build_eapol(msg):
522 data = struct.pack(">BBH", msg['version'], msg['type'], msg['length'])
524 data += struct.pack('>BHH', msg['descr_type'], msg['rsn_key_info'],
526 data += msg['rsn_replay_counter']
527 data += msg['rsn_key_nonce']
528 data += msg['rsn_key_iv']
529 data += msg['rsn_key_rsc']
530 data += msg['rsn_key_id']
531 data += msg['rsn_key_mic']
532 data += struct.pack('>H', msg['rsn_key_data_len'])
533 data += msg['rsn_key_data']
535 data += msg['payload']
538 def sha1_prf(key, label, data, outlen):
542 m = hmac.new(key, label, hashlib.sha1)
543 m.update(struct.pack('B', 0))
545 m.update(struct.pack('B', counter))
548 if outlen > len(hash):
552 res += hash[0:outlen]
556 def pmk_to_ptk(pmk, addr1, addr2, nonce1, nonce2):
558 data = binascii.unhexlify(addr1.replace(':','')) + binascii.unhexlify(addr2.replace(':',''))
560 data = binascii.unhexlify(addr2.replace(':','')) + binascii.unhexlify(addr1.replace(':',''))
562 data += nonce1 + nonce2
564 data += nonce2 + nonce1
565 label = "Pairwise key expansion"
566 ptk = sha1_prf(pmk, label, data, 48)
569 return (ptk, kck, kek)
571 def eapol_key_mic(kck, msg):
572 msg['rsn_key_mic'] = binascii.unhexlify('00000000000000000000000000000000')
573 data = build_eapol(msg)
574 m = hmac.new(kck, data, hashlib.sha1)
575 msg['rsn_key_mic'] = m.digest()[0:16]
577 def rsn_eapol_key_set(msg, key_info, key_len, nonce, data):
578 msg['rsn_key_info'] = key_info
579 msg['rsn_key_len'] = key_len
581 msg['rsn_key_nonce'] = nonce
583 msg['rsn_key_nonce'] = binascii.unhexlify('0000000000000000000000000000000000000000000000000000000000000000')
585 msg['rsn_key_data_len'] = len(data)
586 msg['rsn_key_data'] = data
587 msg['length'] = 95 + len(data)
589 msg['rsn_key_data_len'] = 0
590 msg['rsn_key_data'] = ''
593 def recv_eapol(hapd):
594 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
596 raise Exception("Timeout on EAPOL-TX from hostapd")
597 eapol = binascii.unhexlify(ev.split(' ')[2])
598 return parse_eapol(eapol)
600 def send_eapol(hapd, addr, data):
601 res = hapd.request("EAPOL_RX " + addr + " " + binascii.hexlify(data))
603 raise Exception("EAPOL_RX to hostapd failed")
605 def reply_eapol(info, hapd, addr, msg, key_info, nonce, data, kck):
606 logger.info("Send EAPOL-Key msg " + info)
607 rsn_eapol_key_set(msg, key_info, 0, nonce, data)
608 eapol_key_mic(kck, msg)
609 send_eapol(hapd, addr, build_eapol(msg))
611 def hapd_connected(hapd):
612 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
614 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
616 def eapol_test(apdev, dev, wpa2=True):
617 bssid = apdev['bssid']
619 ssid = "test-wpa2-psk"
621 ssid = "test-wpa-psk"
622 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
623 pmk = binascii.unhexlify(psk)
625 params = hostapd.wpa2_params(ssid=ssid)
627 params = hostapd.wpa_params(ssid=ssid)
628 params['wpa_psk'] = psk
629 hapd = hostapd.add_ap(apdev['ifname'], params)
630 hapd.request("SET ext_eapol_frame_io 1")
631 dev.request("SET ext_eapol_frame_io 1")
632 dev.connect(ssid, raw_psk=psk, scan_freq="2412", wait_connect=False)
633 addr = dev.p2p_interface_addr()
635 rsne = binascii.unhexlify('30140100000fac040100000fac040100000fac020000')
637 rsne = binascii.unhexlify('dd160050f20101000050f20201000050f20201000050f202')
638 snonce = binascii.unhexlify('1111111111111111111111111111111111111111111111111111111111111111')
639 return (bssid,ssid,hapd,snonce,pmk,addr,rsne)
641 def test_ap_wpa2_psk_ext_eapol(dev, apdev):
642 """WPA2-PSK AP using external EAPOL supplicant"""
643 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
645 msg = recv_eapol(hapd)
646 anonce = msg['rsn_key_nonce']
647 logger.info("Replay same data back")
648 send_eapol(hapd, addr, build_eapol(msg))
650 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
652 logger.info("Truncated Key Data in EAPOL-Key msg 2/4")
653 rsn_eapol_key_set(msg, 0x0101, 0, snonce, rsne)
654 msg['length'] = 95 + 22 - 1
655 send_eapol(hapd, addr, build_eapol(msg))
657 reply_eapol("2/4", hapd, addr, msg, 0x010a, snonce, rsne, kck)
659 msg = recv_eapol(hapd)
660 if anonce != msg['rsn_key_nonce']:
661 raise Exception("ANonce changed")
662 logger.info("Replay same data back")
663 send_eapol(hapd, addr, build_eapol(msg))
665 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
668 def test_ap_wpa2_psk_ext_eapol_retry1(dev, apdev):
669 """WPA2 4-way handshake with EAPOL-Key 1/4 retransmitted"""
670 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
672 msg1 = recv_eapol(hapd)
673 anonce = msg1['rsn_key_nonce']
675 msg2 = recv_eapol(hapd)
676 if anonce != msg2['rsn_key_nonce']:
677 raise Exception("ANonce changed")
679 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
681 logger.info("Send EAPOL-Key msg 2/4")
683 rsn_eapol_key_set(msg, 0x010a, 0, snonce, rsne)
684 eapol_key_mic(kck, msg)
685 send_eapol(hapd, addr, build_eapol(msg))
687 msg = recv_eapol(hapd)
688 if anonce != msg['rsn_key_nonce']:
689 raise Exception("ANonce changed")
691 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
694 def test_ap_wpa2_psk_ext_eapol_retry1b(dev, apdev):
695 """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted"""
696 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
698 msg1 = recv_eapol(hapd)
699 anonce = msg1['rsn_key_nonce']
700 msg2 = recv_eapol(hapd)
701 if anonce != msg2['rsn_key_nonce']:
702 raise Exception("ANonce changed")
704 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
705 reply_eapol("2/4 (a)", hapd, addr, msg1, 0x010a, snonce, rsne, kck)
706 reply_eapol("2/4 (b)", hapd, addr, msg2, 0x010a, snonce, rsne, kck)
708 msg = recv_eapol(hapd)
709 if anonce != msg['rsn_key_nonce']:
710 raise Exception("ANonce changed")
712 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
715 def test_ap_wpa2_psk_ext_eapol_retry1c(dev, apdev):
716 """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted and SNonce changing"""
717 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
719 msg1 = recv_eapol(hapd)
720 anonce = msg1['rsn_key_nonce']
722 msg2 = recv_eapol(hapd)
723 if anonce != msg2['rsn_key_nonce']:
724 raise Exception("ANonce changed")
725 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
726 reply_eapol("2/4 (a)", hapd, addr, msg1, 0x010a, snonce, rsne, kck)
728 snonce2 = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
729 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce2, anonce)
730 reply_eapol("2/4 (b)", hapd, addr, msg2, 0x010a, snonce2, rsne, kck)
732 msg = recv_eapol(hapd)
733 if anonce != msg['rsn_key_nonce']:
734 raise Exception("ANonce changed")
735 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
738 def test_ap_wpa2_psk_ext_eapol_retry1d(dev, apdev):
739 """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted and SNonce changing and older used"""
740 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
742 msg1 = recv_eapol(hapd)
743 anonce = msg1['rsn_key_nonce']
744 msg2 = recv_eapol(hapd)
745 if anonce != msg2['rsn_key_nonce']:
746 raise Exception("ANonce changed")
748 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
749 reply_eapol("2/4 (a)", hapd, addr, msg1, 0x010a, snonce, rsne, kck)
751 snonce2 = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
752 (ptk2, kck2, kek2) = pmk_to_ptk(pmk, addr, bssid, snonce2, anonce)
754 reply_eapol("2/4 (b)", hapd, addr, msg2, 0x010a, snonce2, rsne, kck2)
755 msg = recv_eapol(hapd)
756 if anonce != msg['rsn_key_nonce']:
757 raise Exception("ANonce changed")
758 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
761 def test_ap_wpa2_psk_ext_eapol_type_diff(dev, apdev):
762 """WPA2 4-way handshake using external EAPOL supplicant"""
763 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
765 msg = recv_eapol(hapd)
766 anonce = msg['rsn_key_nonce']
768 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
770 # Incorrect descriptor type (frame dropped)
771 msg['descr_type'] = 253
772 rsn_eapol_key_set(msg, 0x010a, 0, snonce, rsne)
773 eapol_key_mic(kck, msg)
774 send_eapol(hapd, addr, build_eapol(msg))
776 # Incorrect descriptor type, but with a workaround (frame processed)
777 msg['descr_type'] = 254
778 rsn_eapol_key_set(msg, 0x010a, 0, snonce, rsne)
779 eapol_key_mic(kck, msg)
780 send_eapol(hapd, addr, build_eapol(msg))
782 msg = recv_eapol(hapd)
783 if anonce != msg['rsn_key_nonce']:
784 raise Exception("ANonce changed")
785 logger.info("Replay same data back")
786 send_eapol(hapd, addr, build_eapol(msg))
788 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
791 def test_ap_wpa_psk_ext_eapol(dev, apdev):
792 """WPA2-PSK AP using external EAPOL supplicant"""
793 (bssid,ssid,hapd,snonce,pmk,addr,wpae) = eapol_test(apdev[0], dev[0],
796 msg = recv_eapol(hapd)
797 anonce = msg['rsn_key_nonce']
798 logger.info("Replay same data back")
799 send_eapol(hapd, addr, build_eapol(msg))
800 logger.info("Too short data")
801 send_eapol(hapd, addr, build_eapol(msg)[0:98])
803 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
804 msg['descr_type'] = 2
805 reply_eapol("2/4(invalid type)", hapd, addr, msg, 0x010a, snonce, wpae, kck)
806 msg['descr_type'] = 254
807 reply_eapol("2/4", hapd, addr, msg, 0x010a, snonce, wpae, kck)
809 msg = recv_eapol(hapd)
810 if anonce != msg['rsn_key_nonce']:
811 raise Exception("ANonce changed")
812 logger.info("Replay same data back")
813 send_eapol(hapd, addr, build_eapol(msg))
815 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
818 def test_ap_wpa2_psk_ext_eapol_key_info(dev, apdev):
819 """WPA2-PSK 4-way handshake with strange key info values"""
820 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
822 msg = recv_eapol(hapd)
823 anonce = msg['rsn_key_nonce']
825 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
826 rsn_eapol_key_set(msg, 0x0000, 0, snonce, rsne)
827 send_eapol(hapd, addr, build_eapol(msg))
828 rsn_eapol_key_set(msg, 0xffff, 0, snonce, rsne)
829 send_eapol(hapd, addr, build_eapol(msg))
831 rsn_eapol_key_set(msg, 0x2802, 0, snonce, rsne)
832 send_eapol(hapd, addr, build_eapol(msg))
834 rsn_eapol_key_set(msg, 0x2002, 0, snonce, rsne)
835 send_eapol(hapd, addr, build_eapol(msg))
837 rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne)
838 send_eapol(hapd, addr, build_eapol(msg))
840 rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne)
841 tmp_kck = binascii.unhexlify('00000000000000000000000000000000')
842 eapol_key_mic(tmp_kck, msg)
843 send_eapol(hapd, addr, build_eapol(msg))
845 reply_eapol("2/4", hapd, addr, msg, 0x010a, snonce, rsne, kck)
847 msg = recv_eapol(hapd)
848 if anonce != msg['rsn_key_nonce']:
849 raise Exception("ANonce changed")
851 # Request (valic MIC)
852 rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne)
853 eapol_key_mic(kck, msg)
854 send_eapol(hapd, addr, build_eapol(msg))
855 # Request (valid MIC, replayed counter)
856 rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne)
857 eapol_key_mic(kck, msg)
858 send_eapol(hapd, addr, build_eapol(msg))
860 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
863 def build_eapol_key_1_4(anonce, replay_counter=1, key_data='', key_len=16):
867 msg['length'] = 95 + len(key_data)
869 msg['descr_type'] = 2
870 msg['rsn_key_info'] = 0x8a
871 msg['rsn_key_len'] = key_len
872 msg['rsn_replay_counter'] = struct.pack('>Q', replay_counter)
873 msg['rsn_key_nonce'] = anonce
874 msg['rsn_key_iv'] = binascii.unhexlify('00000000000000000000000000000000')
875 msg['rsn_key_rsc'] = binascii.unhexlify('0000000000000000')
876 msg['rsn_key_id'] = binascii.unhexlify('0000000000000000')
877 msg['rsn_key_mic'] = binascii.unhexlify('00000000000000000000000000000000')
878 msg['rsn_key_data_len'] = len(key_data)
879 msg['rsn_key_data'] = key_data
882 def build_eapol_key_3_4(anonce, kck, key_data, replay_counter=2,
883 key_info=0x13ca, extra_len=0, descr_type=2, key_len=16):
887 msg['length'] = 95 + len(key_data) + extra_len
889 msg['descr_type'] = descr_type
890 msg['rsn_key_info'] = key_info
891 msg['rsn_key_len'] = key_len
892 msg['rsn_replay_counter'] = struct.pack('>Q', replay_counter)
893 msg['rsn_key_nonce'] = anonce
894 msg['rsn_key_iv'] = binascii.unhexlify('00000000000000000000000000000000')
895 msg['rsn_key_rsc'] = binascii.unhexlify('0000000000000000')
896 msg['rsn_key_id'] = binascii.unhexlify('0000000000000000')
897 msg['rsn_key_data_len'] = len(key_data)
898 msg['rsn_key_data'] = key_data
899 eapol_key_mic(kck, msg)
902 def aes_wrap(kek, plain):
904 a = 0xa6a6a6a6a6a6a6a6
905 enc = AES.new(kek).encrypt
906 r = [plain[i * 8:(i + 1) * 8] for i in range(0, n)]
908 for i in range(1, n + 1):
909 b = enc(struct.pack('>Q', a) + r[i - 1])
910 a = struct.unpack('>Q', b[:8])[0] ^ (n * j + i)
912 return struct.pack('>Q', a) + ''.join(r)
914 def pad_key_data(plain):
915 pad_len = len(plain) % 8
917 pad_len = 8 - pad_len
920 plain += pad_len * '\0'
923 def test_ap_wpa2_psk_supp_proto(dev, apdev):
924 """WPA2-PSK 4-way handshake protocol testing for supplicant"""
925 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
927 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
928 msg = recv_eapol(hapd)
929 dev[0].dump_monitor()
931 # Build own EAPOL-Key msg 1/4
932 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
934 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
936 send_eapol(dev[0], addr, build_eapol(msg))
937 msg = recv_eapol(dev[0])
938 snonce = msg['rsn_key_nonce']
940 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
942 logger.debug("Invalid AES wrap data length 0")
943 dev[0].dump_monitor()
944 msg = build_eapol_key_3_4(anonce, kck, '', replay_counter=counter)
946 send_eapol(dev[0], addr, build_eapol(msg))
947 ev = dev[0].wait_event(["WPA: Unsupported AES-WRAP len 0"])
949 raise Exception("Unsupported AES-WRAP len 0 not reported")
951 logger.debug("Invalid AES wrap data length 1")
952 dev[0].dump_monitor()
953 msg = build_eapol_key_3_4(anonce, kck, '1', replay_counter=counter)
955 send_eapol(dev[0], addr, build_eapol(msg))
956 ev = dev[0].wait_event(["WPA: Unsupported AES-WRAP len 1"])
958 raise Exception("Unsupported AES-WRAP len 1 not reported")
960 logger.debug("Invalid AES wrap data length 9")
961 dev[0].dump_monitor()
962 msg = build_eapol_key_3_4(anonce, kck, '123456789', replay_counter=counter)
964 send_eapol(dev[0], addr, build_eapol(msg))
965 ev = dev[0].wait_event(["WPA: Unsupported AES-WRAP len 9"])
967 raise Exception("Unsupported AES-WRAP len 9 not reported")
969 logger.debug("Invalid AES wrap data payload")
970 dev[0].dump_monitor()
971 msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter)
972 # do not increment counter to test replay protection
973 send_eapol(dev[0], addr, build_eapol(msg))
974 ev = dev[0].wait_event(["WPA: AES unwrap failed"])
976 raise Exception("AES unwrap failure not reported")
978 logger.debug("Replay Count not increasing")
979 dev[0].dump_monitor()
980 msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter)
982 send_eapol(dev[0], addr, build_eapol(msg))
983 ev = dev[0].wait_event(["WPA: EAPOL-Key Replay Counter did not increase"])
985 raise Exception("Replay Counter replay not reported")
987 logger.debug("Missing Ack bit in key info")
988 dev[0].dump_monitor()
989 msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter,
992 send_eapol(dev[0], addr, build_eapol(msg))
993 ev = dev[0].wait_event(["WPA: No Ack bit in key_info"])
995 raise Exception("Missing Ack bit not reported")
997 logger.debug("Unexpected Request bit in key info")
998 dev[0].dump_monitor()
999 msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter,
1002 send_eapol(dev[0], addr, build_eapol(msg))
1003 ev = dev[0].wait_event(["WPA: EAPOL-Key with Request bit"])
1005 raise Exception("Request bit not reported")
1007 logger.debug("Unsupported key descriptor version 0")
1008 dev[0].dump_monitor()
1009 msg = build_eapol_key_3_4(anonce, kck, '0123456789abcdef',
1010 replay_counter=counter, key_info=0x13c8)
1012 send_eapol(dev[0], addr, build_eapol(msg))
1013 ev = dev[0].wait_event(["WPA: Unsupported EAPOL-Key descriptor version 0"])
1015 raise Exception("Unsupported EAPOL-Key descriptor version 0 not reported")
1017 logger.debug("Key descriptor version 1 not allowed with CCMP")
1018 dev[0].dump_monitor()
1019 msg = build_eapol_key_3_4(anonce, kck, '0123456789abcdef',
1020 replay_counter=counter, key_info=0x13c9)
1022 send_eapol(dev[0], addr, build_eapol(msg))
1023 ev = dev[0].wait_event(["WPA: CCMP is used, but EAPOL-Key descriptor version (1) is not 2"])
1025 raise Exception("Not allowed EAPOL-Key descriptor version not reported")
1027 logger.debug("Invalid AES wrap payload with key descriptor version 2")
1028 dev[0].dump_monitor()
1029 msg = build_eapol_key_3_4(anonce, kck, '0123456789abcdef',
1030 replay_counter=counter, key_info=0x13ca)
1032 send_eapol(dev[0], addr, build_eapol(msg))
1033 ev = dev[0].wait_event(["WPA: AES unwrap failed"])
1035 raise Exception("AES unwrap failure not reported")
1037 logger.debug("Key descriptor version 3 workaround")
1038 dev[0].dump_monitor()
1039 msg = build_eapol_key_3_4(anonce, kck, '0123456789abcdef',
1040 replay_counter=counter, key_info=0x13cb)
1042 send_eapol(dev[0], addr, build_eapol(msg))
1043 ev = dev[0].wait_event(["WPA: CCMP is used, but EAPOL-Key descriptor version (3) is not 2"])
1045 raise Exception("CCMP key descriptor mismatch not reported")
1046 ev = dev[0].wait_event(["WPA: Interoperability workaround"])
1048 raise Exception("AES-128-CMAC workaround not reported")
1049 ev = dev[0].wait_event(["WPA: Invalid EAPOL-Key MIC - dropping packet"])
1051 raise Exception("MIC failure with AES-128-CMAC workaround not reported")
1053 logger.debug("Unsupported key descriptor version 4")
1054 dev[0].dump_monitor()
1055 msg = build_eapol_key_3_4(anonce, kck, '0123456789abcdef',
1056 replay_counter=counter, key_info=0x13cc)
1058 send_eapol(dev[0], addr, build_eapol(msg))
1059 ev = dev[0].wait_event(["WPA: Unsupported EAPOL-Key descriptor version 4"])
1061 raise Exception("Unsupported EAPOL-Key descriptor version 4 not reported")
1063 logger.debug("Unsupported key descriptor version 7")
1064 dev[0].dump_monitor()
1065 msg = build_eapol_key_3_4(anonce, kck, '0123456789abcdef',
1066 replay_counter=counter, key_info=0x13cf)
1068 send_eapol(dev[0], addr, build_eapol(msg))
1069 ev = dev[0].wait_event(["WPA: Unsupported EAPOL-Key descriptor version 7"])
1071 raise Exception("Unsupported EAPOL-Key descriptor version 7 not reported")
1073 logger.debug("Too short EAPOL header length")
1074 dev[0].dump_monitor()
1075 msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter,
1078 send_eapol(dev[0], addr, build_eapol(msg))
1079 ev = dev[0].wait_event(["WPA: Invalid EAPOL-Key frame - key_data overflow (8 > 7)"])
1081 raise Exception("Key data overflow not reported")
1083 logger.debug("Too long EAPOL header length")
1084 msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter,
1087 send_eapol(dev[0], addr, build_eapol(msg))
1089 logger.debug("Unsupported descriptor type 0")
1090 msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter,
1093 send_eapol(dev[0], addr, build_eapol(msg))
1095 logger.debug("WPA descriptor type 0")
1096 msg = build_eapol_key_3_4(anonce, kck, '12345678', replay_counter=counter,
1099 send_eapol(dev[0], addr, build_eapol(msg))
1101 logger.debug("Non-zero key index for pairwise key")
1102 dev[0].dump_monitor()
1103 wrapped = aes_wrap(kek, 16*'z')
1104 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
1107 send_eapol(dev[0], addr, build_eapol(msg))
1108 ev = dev[0].wait_event(["WPA: Ignored EAPOL-Key (Pairwise) with non-zero key index"])
1110 raise Exception("Non-zero key index not reported")
1112 logger.debug("Invalid Key Data plaintext payload --> disconnect")
1113 dev[0].dump_monitor()
1114 wrapped = aes_wrap(kek, 16*'z')
1115 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1117 send_eapol(dev[0], addr, build_eapol(msg))
1118 dev[0].wait_disconnected(timeout=1)
1120 def test_ap_wpa2_psk_supp_proto_no_ie(dev, apdev):
1121 """WPA2-PSK supplicant protocol testing: IE not included"""
1122 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1124 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1125 msg = recv_eapol(hapd)
1126 dev[0].dump_monitor()
1128 # Build own EAPOL-Key msg 1/4
1129 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1131 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1133 send_eapol(dev[0], addr, build_eapol(msg))
1134 msg = recv_eapol(dev[0])
1135 snonce = msg['rsn_key_nonce']
1137 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1139 logger.debug("No IEs in msg 3/4 --> disconnect")
1140 dev[0].dump_monitor()
1141 wrapped = aes_wrap(kek, 16*'\0')
1142 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1144 send_eapol(dev[0], addr, build_eapol(msg))
1145 dev[0].wait_disconnected(timeout=1)
1147 def test_ap_wpa2_psk_supp_proto_ie_mismatch(dev, apdev):
1148 """WPA2-PSK supplicant protocol testing: IE mismatch"""
1149 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1151 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1152 msg = recv_eapol(hapd)
1153 dev[0].dump_monitor()
1155 # Build own EAPOL-Key msg 1/4
1156 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1158 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1160 send_eapol(dev[0], addr, build_eapol(msg))
1161 msg = recv_eapol(dev[0])
1162 snonce = msg['rsn_key_nonce']
1164 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1166 logger.debug("Msg 3/4 with mismatching IE")
1167 dev[0].dump_monitor()
1168 wrapped = aes_wrap(kek, pad_key_data(binascii.unhexlify('30060100000fac04dd16000fac010100dc11188831bf4aa4a8678d2b41498618')))
1169 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1171 send_eapol(dev[0], addr, build_eapol(msg))
1172 dev[0].wait_disconnected(timeout=1)
1174 def test_ap_wpa2_psk_supp_proto_ok(dev, apdev):
1175 """WPA2-PSK supplicant protocol testing: success"""
1176 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1178 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1179 msg = recv_eapol(hapd)
1180 dev[0].dump_monitor()
1182 # Build own EAPOL-Key msg 1/4
1183 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1185 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1187 send_eapol(dev[0], addr, build_eapol(msg))
1188 msg = recv_eapol(dev[0])
1189 snonce = msg['rsn_key_nonce']
1191 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1193 logger.debug("Valid EAPOL-Key msg 3/4")
1194 dev[0].dump_monitor()
1195 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
1196 wrapped = aes_wrap(kek, pad_key_data(plain))
1197 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1199 send_eapol(dev[0], addr, build_eapol(msg))
1200 dev[0].wait_connected(timeout=1)
1202 def test_ap_wpa2_psk_supp_proto_no_gtk(dev, apdev):
1203 """WPA2-PSK supplicant protocol testing: no GTK"""
1204 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1206 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1207 msg = recv_eapol(hapd)
1208 dev[0].dump_monitor()
1210 # Build own EAPOL-Key msg 1/4
1211 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1213 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1215 send_eapol(dev[0], addr, build_eapol(msg))
1216 msg = recv_eapol(dev[0])
1217 snonce = msg['rsn_key_nonce']
1219 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1221 logger.debug("EAPOL-Key msg 3/4 without GTK KDE")
1222 dev[0].dump_monitor()
1223 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00')
1224 wrapped = aes_wrap(kek, pad_key_data(plain))
1225 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1227 send_eapol(dev[0], addr, build_eapol(msg))
1228 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.1)
1230 raise Exception("Unexpected connection completion reported")
1232 def test_ap_wpa2_psk_supp_proto_anonce_change(dev, apdev):
1233 """WPA2-PSK supplicant protocol testing: ANonce change"""
1234 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1236 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1237 msg = recv_eapol(hapd)
1238 dev[0].dump_monitor()
1240 # Build own EAPOL-Key msg 1/4
1241 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1243 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1245 send_eapol(dev[0], addr, build_eapol(msg))
1246 msg = recv_eapol(dev[0])
1247 snonce = msg['rsn_key_nonce']
1249 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1251 logger.debug("Valid EAPOL-Key msg 3/4")
1252 dev[0].dump_monitor()
1253 anonce2 = binascii.unhexlify('3333333333333333333333333333333333333333333333333333333333333333')
1254 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
1255 wrapped = aes_wrap(kek, pad_key_data(plain))
1256 msg = build_eapol_key_3_4(anonce2, kck, wrapped, replay_counter=counter)
1258 send_eapol(dev[0], addr, build_eapol(msg))
1259 ev = dev[0].wait_event(["WPA: ANonce from message 1 of 4-Way Handshake differs from 3 of 4-Way Handshake"])
1261 raise Exception("ANonce change not reported")
1263 def test_ap_wpa2_psk_supp_proto_unexpected_group_msg(dev, apdev):
1264 """WPA2-PSK supplicant protocol testing: unexpected group message"""
1265 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1267 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1268 msg = recv_eapol(hapd)
1269 dev[0].dump_monitor()
1271 # Build own EAPOL-Key msg 1/4
1272 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1274 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1276 send_eapol(dev[0], addr, build_eapol(msg))
1277 msg = recv_eapol(dev[0])
1278 snonce = msg['rsn_key_nonce']
1280 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1282 logger.debug("Group key 1/2 instead of msg 3/4")
1283 dev[0].dump_monitor()
1284 wrapped = aes_wrap(kek, binascii.unhexlify('dd16000fac010100dc11188831bf4aa4a8678d2b41498618'))
1285 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
1288 send_eapol(dev[0], addr, build_eapol(msg))
1289 ev = dev[0].wait_event(["WPA: Group Key Handshake started prior to completion of 4-way handshake"])
1291 raise Exception("Unexpected group key message not reported")
1292 dev[0].wait_disconnected(timeout=1)
1294 def test_ap_wpa2_psk_supp_proto_msg_1_invalid_kde(dev, apdev):
1295 """WPA2-PSK supplicant protocol testing: invalid KDE in msg 1/4"""
1296 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1298 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1299 msg = recv_eapol(hapd)
1300 dev[0].dump_monitor()
1302 # Build own EAPOL-Key msg 1/4 with invalid KDE
1303 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1305 msg = build_eapol_key_1_4(anonce, replay_counter=counter,
1306 key_data=binascii.unhexlify('5555'))
1308 send_eapol(dev[0], addr, build_eapol(msg))
1309 dev[0].wait_disconnected(timeout=1)
1311 def test_ap_wpa2_psk_supp_proto_wrong_pairwise_key_len(dev, apdev):
1312 """WPA2-PSK supplicant protocol testing: wrong pairwise key length"""
1313 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1315 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1316 msg = recv_eapol(hapd)
1317 dev[0].dump_monitor()
1319 # Build own EAPOL-Key msg 1/4
1320 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1322 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1324 send_eapol(dev[0], addr, build_eapol(msg))
1325 msg = recv_eapol(dev[0])
1326 snonce = msg['rsn_key_nonce']
1328 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1330 logger.debug("Valid EAPOL-Key msg 3/4")
1331 dev[0].dump_monitor()
1332 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
1333 wrapped = aes_wrap(kek, pad_key_data(plain))
1334 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
1337 send_eapol(dev[0], addr, build_eapol(msg))
1338 ev = dev[0].wait_event(["WPA: Invalid CCMP key length 15"])
1340 raise Exception("Invalid CCMP key length not reported")
1341 dev[0].wait_disconnected(timeout=1)
1343 def test_ap_wpa2_psk_supp_proto_wrong_group_key_len(dev, apdev):
1344 """WPA2-PSK supplicant protocol testing: wrong group key length"""
1345 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1347 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1348 msg = recv_eapol(hapd)
1349 dev[0].dump_monitor()
1351 # Build own EAPOL-Key msg 1/4
1352 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1354 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1356 send_eapol(dev[0], addr, build_eapol(msg))
1357 msg = recv_eapol(dev[0])
1358 snonce = msg['rsn_key_nonce']
1360 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1362 logger.debug("Valid EAPOL-Key msg 3/4")
1363 dev[0].dump_monitor()
1364 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd15000fac010100dc11188831bf4aa4a8678d2b414986')
1365 wrapped = aes_wrap(kek, pad_key_data(plain))
1366 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1368 send_eapol(dev[0], addr, build_eapol(msg))
1369 ev = dev[0].wait_event(["WPA: Unsupported CCMP Group Cipher key length 15"])
1371 raise Exception("Invalid CCMP key length not reported")
1372 dev[0].wait_disconnected(timeout=1)
1374 def test_ap_wpa2_psk_supp_proto_gtk_tx_bit_workaround(dev, apdev):
1375 """WPA2-PSK supplicant protocol testing: GTK TX bit workaround"""
1376 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1378 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1379 msg = recv_eapol(hapd)
1380 dev[0].dump_monitor()
1382 # Build own EAPOL-Key msg 1/4
1383 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1385 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1387 send_eapol(dev[0], addr, build_eapol(msg))
1388 msg = recv_eapol(dev[0])
1389 snonce = msg['rsn_key_nonce']
1391 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1393 logger.debug("Valid EAPOL-Key msg 3/4")
1394 dev[0].dump_monitor()
1395 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010500dc11188831bf4aa4a8678d2b41498618')
1396 wrapped = aes_wrap(kek, pad_key_data(plain))
1397 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1399 send_eapol(dev[0], addr, build_eapol(msg))
1400 ev = dev[0].wait_event(["WPA: Tx bit set for GTK, but pairwise keys are used - ignore Tx bit"])
1402 raise Exception("GTK Tx bit workaround not reported")
1403 dev[0].wait_connected(timeout=1)
1405 def test_ap_wpa2_psk_supp_proto_gtk_keyidx_0_and_3(dev, apdev):
1406 """WPA2-PSK supplicant protocol testing: GTK key index 0 and 3"""
1407 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1409 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1410 msg = recv_eapol(hapd)
1411 dev[0].dump_monitor()
1413 # Build own EAPOL-Key msg 1/4
1414 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1416 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1418 send_eapol(dev[0], addr, build_eapol(msg))
1419 msg = recv_eapol(dev[0])
1420 snonce = msg['rsn_key_nonce']
1422 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1424 logger.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)")
1425 dev[0].dump_monitor()
1426 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618')
1427 wrapped = aes_wrap(kek, pad_key_data(plain))
1428 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1430 send_eapol(dev[0], addr, build_eapol(msg))
1431 dev[0].wait_connected(timeout=1)
1433 logger.debug("Valid EAPOL-Key group msg 1/2 (GTK keyidx 3)")
1434 dev[0].dump_monitor()
1435 plain = binascii.unhexlify('dd16000fac010300dc11188831bf4aa4a8678d2b41498618')
1436 wrapped = aes_wrap(kek, pad_key_data(plain))
1437 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
1440 send_eapol(dev[0], addr, build_eapol(msg))
1441 msg = recv_eapol(dev[0])
1442 ev = dev[0].wait_event(["WPA: Group rekeying completed"])
1444 raise Exception("GTK rekeing not reported")
1446 logger.debug("Unencrypted GTK KDE in group msg 1/2")
1447 dev[0].dump_monitor()
1448 plain = binascii.unhexlify('dd16000fac010300dc11188831bf4aa4a8678d2b41498618')
1449 msg = build_eapol_key_3_4(anonce, kck, plain, replay_counter=counter,
1452 send_eapol(dev[0], addr, build_eapol(msg))
1453 ev = dev[0].wait_event(["WPA: GTK IE in unencrypted key data"])
1455 raise Exception("Unencrypted GTK KDE not reported")
1456 dev[0].wait_disconnected(timeout=1)
1458 def test_ap_wpa2_psk_supp_proto_no_gtk_in_group_msg(dev, apdev):
1459 """WPA2-PSK supplicant protocol testing: GTK KDE missing from group msg"""
1460 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1462 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1463 msg = recv_eapol(hapd)
1464 dev[0].dump_monitor()
1466 # Build own EAPOL-Key msg 1/4
1467 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1469 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1471 send_eapol(dev[0], addr, build_eapol(msg))
1472 msg = recv_eapol(dev[0])
1473 snonce = msg['rsn_key_nonce']
1475 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1477 logger.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)")
1478 dev[0].dump_monitor()
1479 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618')
1480 wrapped = aes_wrap(kek, pad_key_data(plain))
1481 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1483 send_eapol(dev[0], addr, build_eapol(msg))
1484 dev[0].wait_connected(timeout=1)
1486 logger.debug("No GTK KDE in EAPOL-Key group msg 1/2")
1487 dev[0].dump_monitor()
1488 plain = binascii.unhexlify('dd00dd00dd00dd00dd00dd00dd00dd00')
1489 wrapped = aes_wrap(kek, pad_key_data(plain))
1490 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
1493 send_eapol(dev[0], addr, build_eapol(msg))
1494 ev = dev[0].wait_event(["WPA: No GTK IE in Group Key msg 1/2"])
1496 raise Exception("Missing GTK KDE not reported")
1497 dev[0].wait_disconnected(timeout=1)
1499 def test_ap_wpa2_psk_supp_proto_too_long_gtk_in_group_msg(dev, apdev):
1500 """WPA2-PSK supplicant protocol testing: too long GTK KDE in group msg"""
1501 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1503 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1504 msg = recv_eapol(hapd)
1505 dev[0].dump_monitor()
1507 # Build own EAPOL-Key msg 1/4
1508 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1510 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1512 send_eapol(dev[0], addr, build_eapol(msg))
1513 msg = recv_eapol(dev[0])
1514 snonce = msg['rsn_key_nonce']
1516 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1518 logger.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)")
1519 dev[0].dump_monitor()
1520 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618')
1521 wrapped = aes_wrap(kek, pad_key_data(plain))
1522 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1524 send_eapol(dev[0], addr, build_eapol(msg))
1525 dev[0].wait_connected(timeout=1)
1527 logger.debug("EAPOL-Key group msg 1/2 with too long GTK KDE")
1528 dev[0].dump_monitor()
1529 plain = binascii.unhexlify('dd27000fac010100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff')
1530 wrapped = aes_wrap(kek, pad_key_data(plain))
1531 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
1534 send_eapol(dev[0], addr, build_eapol(msg))
1535 ev = dev[0].wait_event(["WPA: Unsupported CCMP Group Cipher key length 33"])
1537 raise Exception("Too long GTK KDE not reported")
1538 dev[0].wait_disconnected(timeout=1)
1540 def test_ap_wpa2_psk_supp_proto_too_long_gtk_kde(dev, apdev):
1541 """WPA2-PSK supplicant protocol testing: too long GTK KDE"""
1542 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1544 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1545 msg = recv_eapol(hapd)
1546 dev[0].dump_monitor()
1548 # Build own EAPOL-Key msg 1/4
1549 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1551 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1553 send_eapol(dev[0], addr, build_eapol(msg))
1554 msg = recv_eapol(dev[0])
1555 snonce = msg['rsn_key_nonce']
1557 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1559 logger.debug("EAPOL-Key msg 3/4 with too short GTK KDE")
1560 dev[0].dump_monitor()
1561 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd27000fac010100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff')
1562 wrapped = aes_wrap(kek, pad_key_data(plain))
1563 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1565 send_eapol(dev[0], addr, build_eapol(msg))
1566 dev[0].wait_disconnected(timeout=1)
1568 def test_ap_wpa2_psk_supp_proto_gtk_not_encrypted(dev, apdev):
1569 """WPA2-PSK supplicant protocol testing: GTK KDE not encrypted"""
1570 (bssid,ssid,hapd,snonce,pmk,addr,rsne) = eapol_test(apdev[0], dev[0])
1572 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1573 msg = recv_eapol(hapd)
1574 dev[0].dump_monitor()
1576 # Build own EAPOL-Key msg 1/4
1577 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1579 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1581 send_eapol(dev[0], addr, build_eapol(msg))
1582 msg = recv_eapol(dev[0])
1583 snonce = msg['rsn_key_nonce']
1585 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1587 logger.debug("Valid EAPOL-Key msg 3/4")
1588 dev[0].dump_monitor()
1589 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
1590 msg = build_eapol_key_3_4(anonce, kck, plain, replay_counter=counter,
1593 send_eapol(dev[0], addr, build_eapol(msg))
1594 ev = dev[0].wait_event(["WPA: GTK IE in unencrypted key data"])
1596 raise Exception("Unencrypted GTK KDE not reported")
1597 dev[0].wait_disconnected(timeout=1)
1599 def find_wpas_process(dev):
1601 cmd = subprocess.Popen(['ps', 'ax'], stdout=subprocess.PIPE)
1602 (data,err) = cmd.communicate()
1603 for l in data.splitlines():
1604 if "wpa_supplicant" not in l:
1606 if "-i" + ifname not in l:
1608 return int(l.strip().split(' ')[0])
1609 raise Exception("Could not find wpa_supplicant process")
1611 def read_process_memory(pid, key=None):
1613 with open('/proc/%d/maps' % pid, 'r') as maps, \
1614 open('/proc/%d/mem' % pid, 'r') as mem:
1615 for l in maps.readlines():
1616 m = re.match(r'([0-9a-f]+)-([0-9a-f]+) ([-r][-w][-x][-p])', l)
1619 start = int(m.group(1), 16)
1620 end = int(m.group(2), 16)
1622 if start > 0xffffffffffff:
1626 if not perm.startswith('rw'):
1629 data = mem.read(end - start)
1631 if key and key in data:
1632 logger.info("Key found in " + l)
1635 def verify_not_present(buf, key, fname, keyname):
1640 prefix = 2048 if pos > 2048 else pos
1641 with open(fname + keyname, 'w') as f:
1642 f.write(buf[pos - prefix:pos + 2048])
1643 raise Exception(keyname + " found after disassociation")
1645 def get_key_locations(buf, key, keyname):
1649 pos = buf.find(key, pos)
1652 logger.info("Found %s at %d" % (keyname, pos))
1657 def test_wpa2_psk_key_lifetime_in_memory(dev, apdev, params):
1658 """WPA2-PSK and PSK/PTK lifetime in memory"""
1659 ssid = "test-wpa2-psk"
1660 passphrase = 'qwertyuiop'
1661 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
1662 pmk = binascii.unhexlify(psk)
1663 p = hostapd.wpa2_params(ssid=ssid)
1665 hapd = hostapd.add_ap(apdev[0]['ifname'], p)
1667 pid = find_wpas_process(dev[0])
1669 id = dev[0].connect(ssid, raw_psk=psk, scan_freq="2412",
1670 only_add_network=True)
1672 logger.info("Checking keys in memory after network profile configuration")
1673 buf = read_process_memory(pid, pmk)
1674 get_key_locations(buf, pmk, "PMK")
1676 dev[0].request("REMOVE_NETWORK all")
1677 logger.info("Checking keys in memory after network profile removal")
1678 buf = read_process_memory(pid, pmk)
1679 get_key_locations(buf, pmk, "PMK")
1681 id = dev[0].connect(ssid, psk=passphrase, scan_freq="2412",
1682 only_add_network=True)
1684 logger.info("Checking keys in memory before connection")
1685 buf = read_process_memory(pid, pmk)
1686 get_key_locations(buf, pmk, "PMK")
1688 dev[0].connect_network(id, timeout=20)
1691 buf = read_process_memory(pid, pmk)
1693 dev[0].request("DISCONNECT")
1694 dev[0].wait_disconnected()
1699 with open(os.path.join(params['logdir'], 'log0'), 'r') as f:
1700 for l in f.readlines():
1701 if "WPA: PTK - hexdump" in l:
1702 val = l.strip().split(':')[3].replace(' ', '')
1703 ptk = binascii.unhexlify(val)
1704 if "WPA: Group Key - hexdump" in l:
1705 val = l.strip().split(':')[3].replace(' ', '')
1706 gtk = binascii.unhexlify(val)
1707 if not pmk or not ptk or not gtk:
1708 raise Exception("Could not find keys from debug log")
1710 raise Exception("Unexpected GTK length")
1716 logger.info("Checking keys in memory while associated")
1717 get_key_locations(buf, pmk, "PMK")
1719 raise HwsimSkip("PMK not found while associated")
1721 raise Exception("KCK not found while associated")
1723 raise Exception("KEK not found while associated")
1725 raise Exception("TK found from memory")
1727 raise Exception("GTK found from memory")
1729 logger.info("Checking keys in memory after disassociation")
1730 buf = read_process_memory(pid, pmk)
1731 get_key_locations(buf, pmk, "PMK")
1733 # Note: PMK/PSK is still present in network configuration
1735 fname = os.path.join(params['logdir'],
1736 'wpa2_psk_key_lifetime_in_memory.memctx-')
1737 verify_not_present(buf, kck, fname, "KCK")
1738 verify_not_present(buf, kek, fname, "KEK")
1739 verify_not_present(buf, tk, fname, "TK")
1740 verify_not_present(buf, gtk, fname, "GTK")
1742 dev[0].request("REMOVE_NETWORK all")
1744 logger.info("Checking keys in memory after network profile removal")
1745 buf = read_process_memory(pid, pmk)
1746 get_key_locations(buf, pmk, "PMK")
1748 verify_not_present(buf, pmk, fname, "PMK")
1749 verify_not_present(buf, kck, fname, "KCK")
1750 verify_not_present(buf, kek, fname, "KEK")
1751 verify_not_present(buf, tk, fname, "TK")
1752 verify_not_present(buf, gtk, fname, "GTK")
1754 def test_ap_wpa2_psk_wep(dev, apdev):
1755 """WPA2-PSK AP and WEP enabled"""
1756 ssid = "test-wpa2-psk"
1757 passphrase = 'qwertyuiop'
1758 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
1759 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
1761 hapd.set('wep_key0', '"hello"')
1762 raise Exception("WEP key accepted to WPA2 network")
1766 def test_ap_wpa2_psk_wpas_in_bridge(dev, apdev):
1767 """WPA2-PSK AP and wpas interface in a bridge"""
1771 _test_ap_wpa2_psk_wpas_in_bridge(dev, apdev)
1773 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'down'])
1774 subprocess.call(['brctl', 'delif', br_ifname, ifname])
1775 subprocess.call(['brctl', 'delbr', br_ifname])
1776 subprocess.call(['iw', ifname, 'set', '4addr', 'off'])
1778 def _test_ap_wpa2_psk_wpas_in_bridge(dev, apdev):
1779 ssid = "test-wpa2-psk"
1780 passphrase = 'qwertyuiop'
1781 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
1782 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
1786 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
1787 subprocess.call(['brctl', 'addbr', br_ifname])
1788 subprocess.call(['brctl', 'setfd', br_ifname, '0'])
1789 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'up'])
1790 subprocess.call(['iw', ifname, 'set', '4addr', 'on'])
1791 subprocess.check_call(['brctl', 'addif', br_ifname, ifname])
1792 wpas.interface_add(ifname, br_ifname=br_ifname)
1794 wpas.connect(ssid, psk=passphrase, scan_freq="2412")
1796 def test_ap_wpa2_psk_ifdown(dev, apdev):
1797 """AP with open mode and external ifconfig down"""
1798 ssid = "test-wpa2-psk"
1799 passphrase = 'qwertyuiop'
1800 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
1801 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
1802 bssid = apdev[0]['bssid']
1804 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
1805 subprocess.call(['ip', 'link', 'set', 'dev', apdev[0]['ifname'], 'down'])
1806 ev = hapd.wait_event(["INTERFACE-DISABLED"], timeout=10)
1808 raise Exception("No INTERFACE-DISABLED event")
1809 # this wait tests beacon loss detection in mac80211
1810 dev[0].wait_disconnected()
1811 subprocess.call(['ip', 'link', 'set', 'dev', apdev[0]['ifname'], 'up'])
1812 ev = hapd.wait_event(["INTERFACE-ENABLED"], timeout=10)
1814 raise Exception("No INTERFACE-ENABLED event")
1815 dev[0].wait_connected()
1816 hwsim_utils.test_connectivity(dev[0], hapd)
1818 def test_ap_wpa2_psk_drop_first_msg_4(dev, apdev):
1819 """WPA2-PSK and first EAPOL-Key msg 4/4 dropped"""
1820 bssid = apdev[0]['bssid']
1821 ssid = "test-wpa2-psk"
1822 passphrase = 'qwertyuiop'
1823 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
1824 params = hostapd.wpa2_params(ssid=ssid)
1825 params['wpa_psk'] = psk
1826 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
1827 hapd.request("SET ext_eapol_frame_io 1")
1828 dev[0].request("SET ext_eapol_frame_io 1")
1829 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
1830 addr = dev[0].own_addr()
1833 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1835 raise Exception("Timeout on EAPOL-TX from hostapd")
1836 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
1838 raise Exception("EAPOL_RX to wpa_supplicant failed")
1841 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
1843 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1844 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
1846 raise Exception("EAPOL_RX to hostapd failed")
1849 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1851 raise Exception("Timeout on EAPOL-TX from hostapd")
1852 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
1854 raise Exception("EAPOL_RX to wpa_supplicant failed")
1857 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
1859 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1860 logger.info("Drop the first EAPOL-Key msg 4/4")
1862 # wpa_supplicant believes now that 4-way handshake succeeded; hostapd
1863 # doesn't. Use normal EAPOL TX/RX to handle retries.
1864 hapd.request("SET ext_eapol_frame_io 0")
1865 dev[0].request("SET ext_eapol_frame_io 0")
1866 dev[0].wait_connected()
1868 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
1870 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
1872 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=0.1)
1874 logger.info("Disconnection detected")
1875 # The EAPOL-Key retries are supposed to allow the connection to be
1876 # established without having to reassociate. However, this does not
1877 # currently work since mac80211 ends up encrypting EAPOL-Key msg 4/4
1878 # after the pairwise key has been configured and AP will drop those and
1879 # disconnect the station after reaching retransmission limit. Connection
1880 # is then established after reassociation. Once that behavior has been
1881 # optimized to prevent EAPOL-Key frame encryption for retransmission
1882 # case, this exception can be uncommented here.
1883 #raise Exception("Unexpected disconnection")
1885 def test_ap_wpa2_psk_disable_enable(dev, apdev):
1886 """WPA2-PSK AP getting disabled and re-enabled"""
1887 ssid = "test-wpa2-psk"
1888 passphrase = 'qwertyuiop'
1889 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
1890 params = hostapd.wpa2_params(ssid=ssid)
1891 params['wpa_psk'] = psk
1892 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
1893 dev[0].connect(ssid, raw_psk=psk, scan_freq="2412")
1896 hapd.request("DISABLE")
1897 dev[0].wait_disconnected()
1898 hapd.request("ENABLE")
1899 dev[0].wait_connected()
1900 hwsim_utils.test_connectivity(dev[0], hapd)
1902 def test_ap_wpa2_psk_incorrect_passphrase(dev, apdev):
1903 """WPA2-PSK AP and station using incorrect passphrase"""
1904 ssid = "test-wpa2-psk"
1905 passphrase = 'qwertyuiop'
1906 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
1907 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
1908 dev[0].connect(ssid, psk="incorrect passphrase", scan_freq="2412",
1910 ev = hapd.wait_event(["AP-STA-POSSIBLE-PSK-MISMATCH"], timeout=10)
1912 raise Exception("No AP-STA-POSSIBLE-PSK-MISMATCH reported")
1913 dev[0].dump_monitor()
1916 hapd.set("wpa_passphrase", "incorrect passphrase")
1919 dev[0].wait_connected(timeout=20)
1921 def test_ap_wpa_ie_parsing(dev, apdev):
1922 """WPA IE parsing"""
1923 skip_with_fips(dev[0])
1924 ssid = "test-wpa-psk"
1925 passphrase = 'qwertyuiop'
1926 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
1927 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
1928 id = dev[0].connect(ssid, psk=passphrase, scan_freq="2412",
1929 only_add_network=True)
1931 tests = [ "dd040050f201",
1935 "dd070050f201010000",
1936 "dd080050f20101000050",
1937 "dd090050f20101000050f2",
1938 "dd0a0050f20101000050f202",
1939 "dd0b0050f20101000050f20201",
1940 "dd0c0050f20101000050f2020100",
1941 "dd0c0050f20101000050f2020000",
1942 "dd0c0050f20101000050f202ffff",
1943 "dd0d0050f20101000050f202010000",
1944 "dd0e0050f20101000050f20201000050",
1945 "dd0f0050f20101000050f20201000050f2",
1946 "dd100050f20101000050f20201000050f202",
1947 "dd110050f20101000050f20201000050f20201",
1948 "dd120050f20101000050f20201000050f2020100",
1949 "dd120050f20101000050f20201000050f2020000",
1950 "dd120050f20101000050f20201000050f202ffff",
1951 "dd130050f20101000050f20201000050f202010000",
1952 "dd140050f20101000050f20201000050f20201000050",
1953 "dd150050f20101000050f20201000050f20201000050f2" ]
1956 if "OK" not in dev[0].request("VENDOR_ELEM_ADD 13 " + t):
1957 raise Exception("VENDOR_ELEM_ADD failed")
1958 dev[0].select_network(id)
1959 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
1961 raise Exception("Association rejection not reported")
1962 dev[0].request("DISCONNECT")
1964 dev[0].request("VENDOR_ELEM_REMOVE 13 *")
1966 tests = [ "dd170050f20101000050f20201000050f20201000050f202ff",
1967 "dd180050f20101000050f20201000050f20201000050f202ffff",
1968 "dd190050f20101000050f20201000050f20201000050f202ffffff" ]
1971 if "OK" not in dev[0].request("VENDOR_ELEM_ADD 13 " + t):
1972 raise Exception("VENDOR_ELEM_ADD failed")
1973 dev[0].select_network(id)
1974 dev[0].wait_connected()
1975 dev[0].request("DISCONNECT")
1977 dev[0].request("VENDOR_ELEM_REMOVE 13 *")
1979 def test_ap_wpa2_psk_no_random(dev, apdev):
1980 """WPA2-PSK AP and no random numbers available"""
1981 ssid = "test-wpa2-psk"
1982 passphrase = 'qwertyuiop'
1983 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
1984 params = hostapd.wpa2_params(ssid=ssid)
1985 params['wpa_psk'] = psk
1986 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
1987 with fail_test(hapd, 1, "wpa_gmk_to_gtk"):
1988 id = dev[0].connect(ssid, raw_psk=psk, scan_freq="2412",
1990 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=15)
1992 raise Exception("Disconnection event not reported")
1993 dev[0].request("DISCONNECT")
1994 dev[0].select_network(id, freq=2412)
1995 dev[0].wait_connected()
1997 def test_rsn_ie_proto_psk_sta(dev, apdev):
1998 """RSN element protocol testing for PSK cases on STA side"""
1999 bssid = apdev[0]['bssid']
2000 ssid = "test-wpa2-psk"
2001 passphrase = 'qwertyuiop'
2002 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
2003 # This is the RSN element used normally by hostapd
2004 params['own_ie_override'] = '30140100000fac040100000fac040100000fac020c00'
2005 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
2006 if "FAIL" not in hapd.request("SET own_ie_override qwerty"):
2007 raise Exception("Invalid own_ie_override value accepted")
2008 id = dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
2010 tests = [ ('No RSN Capabilities field',
2011 '30120100000fac040100000fac040100000fac02'),
2012 ('Reserved RSN Capabilities bits set',
2013 '30140100000fac040100000fac040100000fac023cff'),
2014 ('Extra pairwise cipher suite (unsupported)',
2015 '30180100000fac040200ffffffff000fac040100000fac020c00'),
2016 ('Extra AKM suite (unsupported)',
2017 '30180100000fac040100000fac040200ffffffff000fac020c00'),
2018 ('PMKIDCount field included',
2019 '30160100000fac040100000fac040100000fac020c000000'),
2020 ('Unexpected Group Management Cipher Suite with PMF disabled',
2021 '301a0100000fac040100000fac040100000fac020c000000000fac06'),
2022 ('Extra octet after defined fields (future extensibility)',
2023 '301b0100000fac040100000fac040100000fac020c000000000fac0600') ]
2024 for txt,ie in tests:
2025 dev[0].request("DISCONNECT")
2026 dev[0].wait_disconnected()
2029 hapd.set('own_ie_override', ie)
2031 dev[0].request("BSS_FLUSH 0")
2032 dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
2033 dev[0].select_network(id, freq=2412)
2034 dev[0].wait_connected()
2036 def test_ap_cli_order(dev, apdev):
2037 ssid = "test-rsn-setup"
2038 passphrase = 'zzzzzzzz'
2039 ifname = apdev[0]['ifname']
2041 hapd_global = hostapd.HostapdGlobal()
2042 hapd_global.remove(ifname)
2043 hapd_global.add(ifname)
2045 hapd = hostapd.Hostapd(ifname)
2047 hapd.set('ssid', ssid)
2048 hapd.set('wpa_passphrase', passphrase)
2049 hapd.set('rsn_pairwise', 'CCMP')
2050 hapd.set('wpa_key_mgmt', 'WPA-PSK')
2051 hapd.set('wpa', '2')
2053 cfg = hapd.get_config()
2054 if cfg['group_cipher'] != 'CCMP':
2055 raise Exception("Unexpected group_cipher: " + cfg['group_cipher'])
2056 if cfg['rsn_pairwise_cipher'] != 'CCMP':
2057 raise Exception("Unexpected rsn_pairwise_cipher: " + cfg['rsn_pairwise_cipher'])
2059 ev = hapd.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=30)
2061 raise Exception("AP startup timed out")
2062 if "AP-ENABLED" not in ev:
2063 raise Exception("AP startup failed")
2065 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")