def test_wpa2_ocv_ap_group_hs(dev, apdev): """OCV group handshake (AP)""" params = { "channel": "1", "ieee80211w": "1", "freq": "2412", "wpa_strict_rekey": "1" } conn = APConnection(apdev[0], dev[0], params) conn.confirm_valid_oci(81, 1, 0) conn.hapd.request("SET ext_eapol_frame_io 0") dev[1].connect(conn.ssid, psk=conn.passphrase, scan_freq="2412", ocv="1", ieee80211w="1") conn.hapd.wait_sta() conn.hapd.request("SET ext_eapol_frame_io 1") # Trigger a group key handshake dev[1].request("DISCONNECT") dev[0].dump_monitor() # Wait for EAPOL-Key msg 1/2 conn.msg = recv_eapol(conn.hapd) if conn.msg["rsn_key_info"] != 4994: raise Exception("Didn't receive 1/2 of group key handshake") # Send a EAPOL-Key msg 2/2 with a bad OCI logger.info("Bad OCI element") ocikde = make_ocikde(1, 1, 1) msg = build_eapol_key_2_2(conn.kck, ocikde, replay_counter=3) conn.hapd.dump_monitor() send_eapol(conn.hapd, conn.addr, build_eapol(msg)) # Wait for retransmitted EAPOL-Key msg 1/2 conn.msg = recv_eapol(conn.hapd) if conn.msg["rsn_key_info"] != 4994: raise Exception("Didn't receive 1/2 of group key handshake") # Send a EAPOL-Key msg 2/2 with a good OCI logger.info("Good OCI element") ocikde = make_ocikde(81, 1, 0) msg = build_eapol_key_2_2(conn.kck, ocikde, replay_counter=4) conn.hapd.dump_monitor() send_eapol(conn.hapd, conn.addr, build_eapol(msg)) # Verify that group key handshake has completed ev = conn.hapd.wait_event(["EAPOL-TX"], timeout=1) if ev is not None: eapol = binascii.unhexlify(ev.split(' ')[2]) msg = parse_eapol(eapol) if msg["rsn_key_info"] == 4994: raise Exception("AP didn't accept 2/2 of group key handshake")
def test_wpa2_ocv_ap_group_hs(dev, apdev): """OCV group handshake (AP)""" params = {"channel": "1", "ieee80211w": "1", "freq": "2412", "wpa_strict_rekey": "1"} conn = APConnection(apdev[0], dev[0], params) conn.confirm_valid_oci(81, 1, 0) conn.hapd.request("SET ext_eapol_frame_io 0") dev[1].connect(conn.ssid, psk=conn.passphrase, scan_freq="2412", ocv="1", ieee80211w="1") conn.hapd.request("SET ext_eapol_frame_io 1") # Trigger a group key handshake dev[1].request("DISCONNECT") dev[0].dump_monitor() # Wait for EAPOL-Key msg 1/2 conn.msg = recv_eapol(conn.hapd) if conn.msg["rsn_key_info"] != 4994: raise Exception("Didn't receive 1/2 of group key handshake") # Send a EAPOL-Key msg 2/2 with a bad OCI logger.info("Bad OCI element") ocikde = make_ocikde(1, 1, 1) msg = build_eapol_key_2_2(conn.kck, ocikde, replay_counter=3) conn.hapd.dump_monitor() send_eapol(conn.hapd, conn.addr, build_eapol(msg)) # Wait for retransmitted EAPOL-Key msg 1/2 conn.msg = recv_eapol(conn.hapd) if conn.msg["rsn_key_info"] != 4994: raise Exception("Didn't receive 1/2 of group key handshake") # Send a EAPOL-Key msg 2/2 with a good OCI logger.info("Good OCI element") ocikde = make_ocikde(81, 1, 0) msg = build_eapol_key_2_2(conn.kck, ocikde, replay_counter=4) conn.hapd.dump_monitor() send_eapol(conn.hapd, conn.addr, build_eapol(msg)) # Verify that group key handshake has completed ev = conn.hapd.wait_event(["EAPOL-TX"], timeout=1) if ev is not None: eapol = binascii.unhexlify(ev.split(' ')[2]) msg = parse_eapol(eapol) if msg["rsn_key_info"] == 4994: raise Exception("AP didn't accept 2/2 of group key handshake")
def __init__(self, apdev, dev, params, sta_params=None): self.init_params() self.dev = dev self.bssid = apdev['bssid'] freq = params.pop("freq") if sta_params is None: sta_params = dict() if "ocv" not in sta_params: sta_params["ocv"] = "1" if "ieee80211w" not in sta_params: sta_params["ieee80211w"] = "1" params.update( hostapd.wpa2_params(ssid=self.ssid, passphrase=self.passphrase)) params['wpa_pairwise_update_count'] = "10" try: self.hapd = hostapd.add_ap(apdev, params) except Exception as e: if "Failed to set hostapd parameter ocv" in str(e): raise HwsimSkip("OCV not supported") raise self.hapd.request("SET ext_eapol_frame_io 1") self.dev.request("SET ext_eapol_frame_io 1") pmk = binascii.unhexlify( "c2c6c255af836bed1b3f2f1ded98e052f5ad618bb554e2836757b55854a0eab7") self.gtkie = binascii.unhexlify( "dd16000fac010100dc11188831bf4aa4a8678d2b41498618") if sta_params["ocv"] != "0": self.rsne = binascii.unhexlify( "30140100000fac040100000fac040100000fac028c40") else: self.rsne = binascii.unhexlify( "30140100000fac040100000fac040100000fac028c00") self.dev.connect(self.ssid, raw_psk=self.psk, scan_freq=freq, wait_connect=False, **sta_params) if "country_code" in params: self.dev.wait_regdom(country_ie=True) self.addr = dev.p2p_interface_addr() # Forward msg 1/4 from AP to STA self.msg = recv_eapol(self.hapd) self.anonce = self.msg['rsn_key_nonce'] send_eapol(self.dev, self.bssid, build_eapol(self.msg)) # Capture msg 2/4 from the STA so we can derive the session keys self.msg = recv_eapol(dev) self.snonce = self.msg['rsn_key_nonce'] (ptk, self.kck, self.kek) = pmk_to_ptk(pmk, self.addr, self.bssid, self.snonce, self.anonce) self.counter = struct.unpack('>Q', self.msg['rsn_replay_counter'])[0] + 1
def test_wpa2_ocv_sta_group_hs(dev, apdev): """OCV group handshake (STA)""" params = { "channel": "1", "ieee80211w": "1", "ocv": "1", "freq": "2412", "wpa_strict_rekey": "1" } conn = STAConnection(apdev[0], dev[0], params.copy()) conn.confirm_valid_oci(81, 1, 0) # Send a EAPOL-Key msg 1/2 with a bad OCI logger.info("Bad OCI element") plain = conn.gtkie + make_ocikde(1, 1, 1) wrapped = aes_wrap(conn.kek, pad_key_data(plain)) msg = build_eapol_key_1_2(conn.kck, wrapped, replay_counter=3) send_eapol(dev[0], conn.bssid, build_eapol(msg)) # We shouldn't get a EAPOL-Key message back ev = dev[0].wait_event(["EAPOL-TX"], timeout=1) if ev is not None: raise Exception("Received response to invalid EAPOL-Key 1/2") # Reset AP to try with valid OCI conn.hapd.disable() conn = STAConnection(apdev[0], dev[0], params.copy()) conn.confirm_valid_oci(81, 1, 0) # Send a EAPOL-Key msg 1/2 with a good OCI logger.info("Good OCI element") plain = conn.gtkie + make_ocikde(81, 1, 0) wrapped = aes_wrap(conn.kek, pad_key_data(plain)) msg = build_eapol_key_1_2(conn.kck, wrapped, replay_counter=4) send_eapol(dev[0], conn.bssid, build_eapol(msg)) # Wait for EAPOL-Key msg 2/2 conn.msg = recv_eapol(dev[0]) if conn.msg["rsn_key_info"] != 0x0302: raise Exception("Didn't receive 2/2 of group key handshake")
def __init__(self, apdev, dev, params, sta_params=None): self.init_params() self.dev = dev self.bssid = apdev['bssid'] freq = params.pop("freq") if sta_params is None: sta_params = dict() if "ocv" not in sta_params: sta_params["ocv"] = "1" if "ieee80211w" not in sta_params: sta_params["ieee80211w"] = "1" params.update(hostapd.wpa2_params(ssid=self.ssid, passphrase=self.passphrase)) params['wpa_pairwise_update_count'] = "10" try: self.hapd = hostapd.add_ap(apdev, params) except Exception as e: if "Failed to set hostapd parameter ocv" in str(e): raise HwsimSkip("OCV not supported") raise self.hapd.request("SET ext_eapol_frame_io 1") self.dev.request("SET ext_eapol_frame_io 1") pmk = binascii.unhexlify("c2c6c255af836bed1b3f2f1ded98e052f5ad618bb554e2836757b55854a0eab7") self.gtkie = binascii.unhexlify("dd16000fac010100dc11188831bf4aa4a8678d2b41498618") if sta_params["ocv"] != "0": self.rsne = binascii.unhexlify("30140100000fac040100000fac040100000fac028c40") else: self.rsne = binascii.unhexlify("30140100000fac040100000fac040100000fac028c00") self.dev.connect(self.ssid, raw_psk=self.psk, scan_freq=freq, wait_connect=False, **sta_params) if "country_code" in params: self.dev.wait_regdom(country_ie=True) self.addr = dev.p2p_interface_addr() # Forward msg 1/4 from AP to STA self.msg = recv_eapol(self.hapd) self.anonce = self.msg['rsn_key_nonce'] send_eapol(self.dev, self.bssid, build_eapol(self.msg)) # Capture msg 2/4 from the STA so we can derive the session keys self.msg = recv_eapol(dev) self.snonce = self.msg['rsn_key_nonce'] (ptk, self.kck, self.kek) = pmk_to_ptk(pmk, self.addr, self.bssid, self.snonce, self.anonce) self.counter = struct.unpack('>Q', self.msg['rsn_replay_counter'])[0] + 1
def test_wpa2_ocv_sta_group_hs(dev, apdev): """OCV group handshake (STA)""" params = {"channel": "1", "ieee80211w": "1", "ocv": "1", "freq": "2412", "wpa_strict_rekey": "1"} conn = STAConnection(apdev[0], dev[0], params.copy()) conn.confirm_valid_oci(81, 1, 0) # Send a EAPOL-Key msg 1/2 with a bad OCI logger.info("Bad OCI element") plain = conn.gtkie + make_ocikde(1, 1, 1) wrapped = aes_wrap(conn.kek, pad_key_data(plain)) msg = build_eapol_key_1_2(conn.kck, wrapped, replay_counter=3) send_eapol(dev[0], conn.bssid, build_eapol(msg)) # We shouldn't get a EAPOL-Key message back ev = dev[0].wait_event(["EAPOL-TX"], timeout=1) if ev is not None: raise Exception("Received response to invalid EAPOL-Key 1/2") # Reset AP to try with valid OCI conn.hapd.disable() conn = STAConnection(apdev[0], dev[0], params.copy()) conn.confirm_valid_oci(81, 1, 0) # Send a EAPOL-Key msg 1/2 with a good OCI logger.info("Good OCI element") plain = conn.gtkie + make_ocikde(81, 1, 0) wrapped = aes_wrap(conn.kek, pad_key_data(plain)) msg = build_eapol_key_1_2(conn.kck, wrapped, replay_counter=4) send_eapol(dev[0], conn.bssid, build_eapol(msg)) # Wait for EAPOL-Key msg 2/2 conn.msg = recv_eapol(dev[0]) if conn.msg["rsn_key_info"] != 0x0302: raise Exception("Didn't receive 2/2 of group key handshake")
def confirm_valid_oci(self, op_class, channel, seg1_idx): logger.debug("Valid OCI element to complete handshake") ocikde = make_ocikde(op_class, channel, seg1_idx) plain = self.rsne + self.gtkie + ocikde wrapped = aes_wrap(self.kek, pad_key_data(plain)) msg = build_eapol_key_3_4(self.anonce, self.kck, wrapped, replay_counter=self.counter) self.dev.dump_monitor() send_eapol(self.dev, self.bssid, build_eapol(msg)) self.counter += 1 self.dev.wait_connected(timeout=1)
def test_bad_oci(self, logmsg, op_class, channel, seg1_idx, errmsg): logger.info("Bad OCI element: " + logmsg) if op_class is None: ocikde = b'' else: ocikde = make_ocikde(op_class, channel, seg1_idx) plain = self.rsne + self.gtkie + ocikde wrapped = aes_wrap(self.kek, pad_key_data(plain)) msg = build_eapol_key_3_4(self.anonce, self.kck, wrapped, replay_counter=self.counter) self.dev.dump_monitor() send_eapol(self.dev, self.bssid, build_eapol(msg)) self.counter += 1 ev = self.dev.wait_event([errmsg], timeout=5) if ev is None: raise Exception("Bad OCI not reported")