def test_ap_cipher_tkip_countermeasures_ap(dev, apdev):
"""WPA-PSK/TKIP countermeasures (detected by AP)"""
skip_with_fips(dev[0])
testfile = "/sys/kernel/debug/ieee80211/%s/netdev:%s/tkip_mic_test" % (dev[0].get_driver_status_field("phyname"), dev[0].ifname)
if not os.path.exists(testfile):
raise HwsimSkip("tkip_mic_test not supported in mac80211")
params = { "ssid": "tkip-countermeasures",
"wpa_passphrase": "12345678",
"wpa": "1",
"wpa_key_mgmt": "WPA-PSK",
"wpa_pairwise": "TKIP" }
hapd = hostapd.add_ap(apdev[0]['ifname'], params)
dev[0].connect("tkip-countermeasures", psk="12345678",
pairwise="TKIP", group="TKIP", scan_freq="2412")
dev[0].dump_monitor()
with open(testfile, "w") as f:
f.write(apdev[0]['bssid'])
ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
if ev is not None:
raise Exception("Unexpected disconnection on first Michael MIC failure")
with open(testfile, "w") as f:
f.write("ff:ff:ff:ff:ff:ff")
ev = dev[0].wait_disconnected(timeout=10,
error="No disconnection after two Michael MIC failures")
if "reason=14" not in ev:
raise Exception("Unexpected disconnection reason: " + ev)
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
if ev is not None:
raise Exception("Unexpected connection during TKIP countermeasures")
def test_ap_ft_oom(dev, apdev):
"""WPA2-PSK-FT and OOM"""
skip_with_fips(dev[0])
ssid = "test-ft"
passphrase="12345678"
params = ft_params1(ssid=ssid, passphrase=passphrase)
hapd0 = hostapd.add_ap(apdev[0], params)
params = ft_params2(ssid=ssid, passphrase=passphrase)
hapd1 = hostapd.add_ap(apdev[1], params)
dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
scan_freq="2412")
if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
dst = apdev[1]['bssid']
else:
dst = apdev[0]['bssid']
dev[0].scan_for_bss(dst, freq="2412")
with alloc_fail(dev[0], 1, "wpa_ft_gen_req_ies"):
dev[0].roam(dst)
with fail_test(dev[0], 1, "wpa_ft_mic"):
dev[0].roam(dst, fail_test=True)
with fail_test(dev[0], 1, "os_get_random;wpa_ft_prepare_auth_request"):
dev[0].roam(dst, fail_test=True)
def test_wext_wpa_psk(dev, apdev):
"""WEXT driver interface with WPA-PSK"""
skip_with_fips(dev[0])
wpas = get_wext_interface()
params = hostapd.wpa_params(ssid="wext-wpa-psk", passphrase="12345678")
hapd = hostapd.add_ap(apdev[0], params)
testfile = "/sys/kernel/debug/ieee80211/%s/netdev:%s/tkip_mic_test" % (hapd.get_driver_status_field("phyname"), apdev[0]['ifname'])
if not os.path.exists(testfile):
wpas.close_ctrl()
raise HwsimSkip("tkip_mic_test not supported in mac80211")
wpas.connect("wext-wpa-psk", psk="12345678")
hwsim_utils.test_connectivity(wpas, hapd)
with open(testfile, "w") as f:
f.write(wpas.p2p_interface_addr())
ev = wpas.wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
if ev is not None:
raise Exception("Unexpected disconnection on first Michael MIC failure")
with open(testfile, "w") as f:
f.write("ff:ff:ff:ff:ff:ff")
ev = wpas.wait_disconnected(timeout=10,
error="No disconnection after two Michael MIC failures")
if "reason=14 locally_generated=1" not in ev:
raise Exception("Unexpected disconnection reason: " + ev)
def test_hapd_dup_network_global_wpa(dev, apdev):
"""hostapd and DUP_NETWORK command (WPA)"""
skip_with_fips(dev[0])
psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
src_ssid = "hapd-ctrl-src"
dst_ssid = "hapd-ctrl-dst"
src_params = hostapd.wpa_params(ssid=src_ssid)
src_params['wpa_psk'] = psk
src_ifname = apdev[0]['ifname']
src_hapd = hostapd.add_ap(apdev[0], src_params)
dst_params = { "ssid": dst_ssid }
dst_ifname = apdev[1]['ifname']
dst_hapd = hostapd.add_ap(apdev[1], dst_params, no_enable=True)
hapd_global = hostapd.HostapdGlobal()
for param in [ "wpa", "wpa_psk", "wpa_key_mgmt", "wpa_pairwise" ]:
dup_network(hapd_global, src_ifname, dst_ifname, param)
dst_hapd.enable()
dev[0].connect(dst_ssid, raw_psk=psk, proto="WPA", pairwise="TKIP",
scan_freq="2412")
addr = dev[0].own_addr()
if "FAIL" in dst_hapd.request("STA " + addr):
raise Exception("Could not connect using duplicated wpa params")
def test_peerkey_pairwise_mismatch(dev, apdev):
"""RSN TKIP+CCMP AP and PeerKey between two STAs using different ciphers"""
skip_with_fips(dev[0])
ssid = "test-peerkey"
passphrase = "12345678"
params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
params['peerkey'] = "1"
params['rsn_pairwise'] = "TKIP CCMP"
hapd = hostapd.add_ap(apdev[0], params)
Wlantest.setup(hapd)
wt = Wlantest()
wt.flush()
wt.add_passphrase("12345678")
dev[0].connect(ssid, psk=passphrase, scan_freq="2412", peerkey=True,
pairwise="CCMP")
dev[1].connect(ssid, psk=passphrase, scan_freq="2412", peerkey=True,
pairwise="TKIP")
hwsim_utils.test_connectivity_sta(dev[0], dev[1])
dev[0].request("STKSTART " + dev[1].p2p_interface_addr())
time.sleep(0.5)
dev[1].request("STKSTART " + dev[0].p2p_interface_addr())
time.sleep(0.5)
def test_gas_concurrent_connect(dev, apdev):
"""Generic GAS queries with concurrent connection operation"""
skip_with_fips(dev[0])
bssid = apdev[0]['bssid']
params = hs20_ap_params()
params['hessid'] = bssid
hostapd.add_ap(apdev[0], params)
dev[0].scan_for_bss(bssid, freq="2412", force_scan=True)
logger.debug("Start concurrent connect and GAS request")
dev[0].connect("test-gas", key_mgmt="WPA-EAP", eap="TTLS",
identity="DOMAIN\mschapv2 user", anonymous_identity="ttls",
password="******", phase2="auth=MSCHAPV2",
ca_cert="auth_serv/ca.pem", wait_connect=False,
scan_freq="2412")
req = dev[0].request("GAS_REQUEST " + bssid + " 00 000102000101")
if "FAIL" in req:
raise Exception("GAS query request rejected")
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED", "GAS-RESPONSE-INFO"],
timeout=20)
if ev is None:
raise Exception("Operation timed out")
if "CTRL-EVENT-CONNECTED" not in ev:
raise Exception("Unexpected operation order")
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED", "GAS-RESPONSE-INFO"],
timeout=20)
if ev is None:
raise Exception("Operation timed out")
if "GAS-RESPONSE-INFO" not in ev:
raise Exception("Unexpected operation order")
get_gas_response(dev[0], bssid, ev)
dev[0].request("DISCONNECT")
dev[0].wait_disconnected(timeout=5)
logger.debug("Wait six seconds for expiration of connect-without-scan")
time.sleep(6)
dev[0].dump_monitor()
logger.debug("Start concurrent GAS request and connect")
req = dev[0].request("GAS_REQUEST " + bssid + " 00 000102000101")
if "FAIL" in req:
raise Exception("GAS query request rejected")
dev[0].request("RECONNECT")
ev = dev[0].wait_event(["GAS-RESPONSE-INFO"], timeout=10)
if ev is None:
raise Exception("Operation timed out")
get_gas_response(dev[0], bssid, ev)
ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=20)
if ev is None:
raise Exception("No new scan results reported")
ev = dev[0].wait_connected(timeout=20, error="Operation tiemd out")
if "CTRL-EVENT-CONNECTED" not in ev:
raise Exception("Unexpected operation order")
def test_ap_cipher_tkip_countermeasures_sta(dev, apdev):
"""WPA-PSK/TKIP countermeasures (detected by STA)"""
skip_with_fips(dev[0])
params = { "ssid": "tkip-countermeasures",
"wpa_passphrase": "12345678",
"wpa": "1",
"wpa_key_mgmt": "WPA-PSK",
"wpa_pairwise": "TKIP" }
hapd = hostapd.add_ap(apdev[0], params)
testfile = "/sys/kernel/debug/ieee80211/%s/netdev:%s/tkip_mic_test" % (hapd.get_driver_status_field("phyname"), apdev[0]['ifname'])
if hapd.cmd_execute([ "ls", testfile ])[0] != 0:
raise HwsimSkip("tkip_mic_test not supported in mac80211")
dev[0].connect("tkip-countermeasures", psk="12345678",
pairwise="TKIP", group="TKIP", scan_freq="2412")
dev[0].dump_monitor()
hapd.cmd_execute([ "echo", "-n", dev[0].own_addr(), ">", testfile ],
shell=True)
ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
if ev is not None:
raise Exception("Unexpected disconnection on first Michael MIC failure")
hapd.cmd_execute([ "echo", "-n", "ff:ff:ff:ff:ff:ff", ">", testfile ],
shell=True)
ev = dev[0].wait_disconnected(timeout=10,
error="No disconnection after two Michael MIC failures")
if "reason=14 locally_generated=1" not in ev:
raise Exception("Unexpected disconnection reason: " + ev)
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
if ev is not None:
raise Exception("Unexpected connection during TKIP countermeasures")
def test_ap_wpa_mixed_tdls(dev, apdev):
"""WPA+WPA2-PSK AP and two stations using TDLS"""
skip_with_fips(dev[0])
hapd = hostapd.add_ap(apdev[0],
hostapd.wpa_mixed_params(ssid="test-wpa-mixed-psk",
passphrase="12345678"))
wlantest_setup(hapd)
connect_2sta_wpa_psk_mixed(dev, hapd)
setup_tdls(dev[0], dev[1], hapd)
teardown_tdls(dev[0], dev[1], hapd)
setup_tdls(dev[1], dev[0], hapd)
def test_ap_cipher_mixed_wpa_wpa2(dev, apdev):
"""WPA2-PSK/CCMP/ and WPA-PSK/TKIP mixed configuration"""
skip_with_fips(dev[0])
ssid = "test-wpa-wpa2-psk"
passphrase = "12345678"
params = {
"ssid": ssid,
"wpa_passphrase": passphrase,
"wpa": "3",
"wpa_key_mgmt": "WPA-PSK",
"rsn_pairwise": "CCMP",
"wpa_pairwise": "TKIP"
}
hapd = hostapd.add_ap(apdev[0], params)
dev[0].connect(ssid,
psk=passphrase,
proto="WPA2",
pairwise="CCMP",
group="TKIP",
scan_freq="2412")
status = dev[0].get_status()
if status['key_mgmt'] != 'WPA2-PSK':
raise Exception("Incorrect key_mgmt reported")
if status['pairwise_cipher'] != 'CCMP':
raise Exception("Incorrect pairwise_cipher reported")
if status['group_cipher'] != 'TKIP':
raise Exception("Incorrect group_cipher reported")
bss = dev[0].get_bss(apdev[0]['bssid'])
if bss['ssid'] != ssid:
raise Exception("Unexpected SSID in the BSS entry")
if "[WPA-PSK-TKIP]" not in bss['flags']:
raise Exception("Missing BSS flag WPA-PSK-TKIP")
if "[WPA2-PSK-CCMP]" not in bss['flags']:
raise Exception("Missing BSS flag WPA2-PSK-CCMP")
hapd.wait_sta()
hwsim_utils.test_connectivity(dev[0], hapd)
dev[1].connect(ssid,
psk=passphrase,
proto="WPA",
pairwise="TKIP",
group="TKIP",
scan_freq="2412")
status = dev[1].get_status()
if status['key_mgmt'] != 'WPA-PSK':
raise Exception("Incorrect key_mgmt reported")
if status['pairwise_cipher'] != 'TKIP':
raise Exception("Incorrect pairwise_cipher reported")
if status['group_cipher'] != 'TKIP':
raise Exception("Incorrect group_cipher reported")
hapd.wait_sta()
hwsim_utils.test_connectivity(dev[1], hapd)
hwsim_utils.test_connectivity(dev[0], dev[1])
def test_ap_wpa_mixed_tdls(dev, apdev):
"""WPA+WPA2-PSK AP and two stations using TDLS"""
skip_with_fips(dev[0])
hapd = hostapd.add_ap(
apdev[0],
hostapd.wpa_mixed_params(ssid="test-wpa-mixed-psk",
passphrase="12345678"))
wlantest_setup(hapd)
connect_2sta_wpa_psk_mixed(dev, hapd)
setup_tdls(dev[0], dev[1], hapd)
teardown_tdls(dev[0], dev[1], hapd)
setup_tdls(dev[1], dev[0], hapd)
def test_ext_password_interworking(dev, apdev):
"""External password storage for Interworking network selection"""
skip_with_fips(dev[0])
bssid = apdev[0]['bssid']
params = hs20_ap_params()
hostapd.add_ap(apdev[0], params)
dev[0].hs20_enable()
dev[0].request("SET ext_password_backend test:pw1=password")
id = dev[0].add_cred_values({'realm': "example.com",
'username': "******"})
dev[0].set_cred(id, "password", "ext:pw1")
interworking_select(dev[0], bssid, freq="2412")
interworking_connect(dev[0], bssid, "TTLS")
def test_ext_password_interworking(dev, apdev):
"""External password storage for Interworking network selection"""
skip_with_fips(dev[0])
bssid = apdev[0]['bssid']
params = hs20_ap_params()
hostapd.add_ap(apdev[0]['ifname'], params)
dev[0].hs20_enable()
dev[0].request("SET ext_password_backend test:pw1=password")
id = dev[0].add_cred_values({ 'realm': "example.com",
'username': "******" })
dev[0].set_cred(id, "password", "ext:pw1")
interworking_select(dev[0], bssid, freq="2412")
interworking_connect(dev[0], bssid, "TTLS")
def test_ieee8021x_and_wpa_enabled(dev, apdev):
"""IEEE 802.1X connection using dynamic WEP104 when WPA enabled"""
skip_with_fips(dev[0])
params = hostapd.radius_params()
params["ssid"] = "ieee8021x-wep"
params["ieee8021x"] = "1"
params["wep_key_len_broadcast"] = "13"
params["wep_key_len_unicast"] = "13"
hapd = hostapd.add_ap(apdev[0], params)
dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X WPA-EAP", eap="PSK",
identity="*****@*****.**",
password_hex="0123456789abcdef0123456789abcdef",
scan_freq="2412")
hwsim_utils.test_connectivity(dev[0], hapd)
def test_ieee8021x_wep_index_workaround(dev, apdev):
"""IEEE 802.1X and EAPOL-Key index workaround"""
skip_with_fips(dev[0])
params = hostapd.radius_params()
params["ssid"] = "ieee8021x-wep"
params["ieee8021x"] = "1"
params["wep_key_len_broadcast"] = "5"
params["eapol_key_index_workaround"] = "1"
hapd = hostapd.add_ap(apdev[0], params)
dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X", eapol_flags="1",
eap="PSK",
identity="*****@*****.**",
password_hex="0123456789abcdef0123456789abcdef",
scan_freq="2412")
def test_ieee8021x_and_wpa_enabled(dev, apdev):
"""IEEE 802.1X connection using dynamic WEP104 when WPA enabled"""
skip_with_fips(dev[0])
params = hostapd.radius_params()
params["ssid"] = "ieee8021x-wep"
params["ieee8021x"] = "1"
params["wep_key_len_broadcast"] = "13"
params["wep_key_len_unicast"] = "13"
hapd = hostapd.add_ap(apdev[0], params)
dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X WPA-EAP", eap="PSK",
identity="*****@*****.**",
password_hex="0123456789abcdef0123456789abcdef",
scan_freq="2412")
hwsim_utils.test_connectivity(dev[0], hapd)
def test_ieee8021x_wep_index_workaround(dev, apdev):
"""IEEE 802.1X and EAPOL-Key index workaround"""
skip_with_fips(dev[0])
params = hostapd.radius_params()
params["ssid"] = "ieee8021x-wep"
params["ieee8021x"] = "1"
params["wep_key_len_broadcast"] = "5"
params["eapol_key_index_workaround"] = "1"
hapd = hostapd.add_ap(apdev[0], params)
dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X", eapol_flags="1",
eap="PSK",
identity="*****@*****.**",
password_hex="0123456789abcdef0123456789abcdef",
scan_freq="2412")
def test_ap_multi_bss_acs(dev, apdev):
"""hostapd start with a multi-BSS configuration file using ACS"""
skip_with_fips(dev[0])
force_prev_ap_on_24g(apdev[0])
# start the actual test
hapd = hostapd.add_iface(apdev[0], 'multi-bss-acs.conf')
hapd.enable()
wait_acs(hapd)
freq = hapd.get_status_field("freq")
if int(freq) < 2400:
raise Exception("Unexpected frequency")
dev[0].connect("bss-1", key_mgmt="NONE", scan_freq=freq)
dev[1].connect("bss-2", psk="12345678", scan_freq=freq)
dev[2].connect("bss-3", psk="qwertyuiop", scan_freq=freq)
def test_ap_cipher_tkip_countermeasures_ap_mixed_mode(dev, apdev):
"""WPA+WPA2-PSK/TKIP countermeasures (detected by mixed mode AP)"""
skip_with_fips(dev[0])
testfile = "/sys/kernel/debug/ieee80211/%s/netdev:%s/tkip_mic_test" % (dev[0].get_driver_status_field("phyname"), dev[0].ifname)
if dev[0].cmd_execute([ "ls", testfile ])[0] != 0:
raise HwsimSkip("tkip_mic_test not supported in mac80211")
params = { "ssid": "tkip-countermeasures",
"wpa_passphrase": "12345678",
"wpa": "3",
"wpa_key_mgmt": "WPA-PSK",
"wpa_pairwise": "TKIP",
"rsn_pairwise": "CCMP" }
hapd = hostapd.add_ap(apdev[0], params)
dev[0].connect("tkip-countermeasures", psk="12345678",
pairwise="TKIP", group="TKIP", scan_freq="2412")
dev[1].connect("tkip-countermeasures", psk="12345678",
pairwise="CCMP", scan_freq="2412")
dev[0].dump_monitor()
dev[0].cmd_execute([ "echo", "-n", apdev[0]['bssid'], ">", testfile ],
shell=True)
ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
if ev is not None:
raise Exception("Unexpected disconnection on first Michael MIC failure")
dev[0].cmd_execute([ "echo", "-n", "ff:ff:ff:ff:ff:ff", ">", testfile ],
shell=True)
ev = dev[0].wait_disconnected(timeout=10,
error="No disconnection after two Michael MIC failures")
if "reason=14" not in ev:
raise Exception("Unexpected disconnection reason: " + ev)
ev = dev[1].wait_disconnected(timeout=10,
error="No disconnection after two Michael MIC failures (2)")
if "reason=14" not in ev:
raise Exception("Unexpected disconnection reason (2): " + ev)
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
if ev is not None:
raise Exception("Unexpected connection during TKIP countermeasures (1)")
ev = dev[1].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
if ev is not None:
raise Exception("Unexpected connection during TKIP countermeasures (2)")
def test_ap_multi_bss_acs(dev, apdev):
"""hostapd start with a multi-BSS configuration file using ACS"""
skip_with_fips(dev[0])
force_prev_ap_on_24g(apdev[0])
# start the actual test
hapd = hostapd.add_iface(apdev[0], 'multi-bss-acs.conf')
hapd.enable()
wait_acs(hapd)
freq = hapd.get_status_field("freq")
if int(freq) < 2400:
raise Exception("Unexpected frequency")
dev[0].connect("bss-1", key_mgmt="NONE", scan_freq=freq)
dev[1].connect("bss-2", psk="12345678", scan_freq=freq)
dev[2].connect("bss-3", psk="qwertyuiop", scan_freq=freq)
def test_ieee8021x_eapol_key(dev, apdev):
"""IEEE 802.1X connection and EAPOL-Key protocol tests"""
check_wep_capa(dev[0])
skip_with_fips(dev[0])
params = hostapd.radius_params()
params["ssid"] = "ieee8021x-wep"
params["ieee8021x"] = "1"
params["wep_key_len_broadcast"] = "5"
params["wep_key_len_unicast"] = "5"
hapd = hostapd.add_ap(apdev[0], params)
bssid = apdev[0]['bssid']
dev[0].connect("ieee8021x-wep",
key_mgmt="IEEE8021X",
eap="VENDOR-TEST",
identity="vendor-test",
scan_freq="2412")
# Hardcoded MSK from VENDOR-TEST
encrkey = "1111111111111111111111111111111111111111111111111111111111111111"
signkey = "2222222222222222222222222222222222222222222222222222222222222222"
# EAPOL-Key replay counter does not increase
send_eapol_key(
dev[0], bssid, signkey, "02030031" + "010005" + "0000000000000000" +
"056c22d109f29d4d9fb9b9ccbad33283" + "02", "1c636a30a4")
# EAPOL-Key too large Key Length field value
send_eapol_key(
dev[0], bssid, signkey, "02030031" + "010021" + "ffffffffffffffff" +
"056c22d109f29d4d9fb9b9ccbad33283" + "02", "1c636a30a4")
# EAPOL-Key too much key data
send_eapol_key(
dev[0], bssid, signkey, "0203004d" + "010005" + "ffffffffffffffff" +
"056c22d109f29d4d9fb9b9ccbad33283" + "02", 33 * "ff")
# EAPOL-Key too little key data
send_eapol_key(
dev[0], bssid, signkey, "02030030" + "010005" + "ffffffffffffffff" +
"056c22d109f29d4d9fb9b9ccbad33283" + "02", "1c636a30")
# EAPOL-Key with no key data and too long WEP key length
send_eapol_key(
dev[0], bssid, signkey, "0203002c" + "010020" + "ffffffffffffffff" +
"056c22d109f29d4d9fb9b9ccbad33283" + "02", "")
def test_ieee8021x_eapol_key(dev, apdev):
"""IEEE 802.1X connection and EAPOL-Key protocol tests"""
skip_with_fips(dev[0])
params = hostapd.radius_params()
params["ssid"] = "ieee8021x-wep"
params["ieee8021x"] = "1"
params["wep_key_len_broadcast"] = "5"
params["wep_key_len_unicast"] = "5"
hapd = hostapd.add_ap(apdev[0], params)
bssid = apdev[0]['bssid']
dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X", eap="VENDOR-TEST",
identity="vendor-test", scan_freq="2412")
# Hardcoded MSK from VENDOR-TEST
encrkey = "1111111111111111111111111111111111111111111111111111111111111111"
signkey = "2222222222222222222222222222222222222222222222222222222222222222"
# EAPOL-Key replay counter does not increase
send_eapol_key(dev[0], bssid, signkey,
"02030031" + "010005" + "0000000000000000" + "056c22d109f29d4d9fb9b9ccbad33283" + "02",
"1c636a30a4")
# EAPOL-Key too large Key Length field value
send_eapol_key(dev[0], bssid, signkey,
"02030031" + "010021" + "ffffffffffffffff" + "056c22d109f29d4d9fb9b9ccbad33283" + "02",
"1c636a30a4")
# EAPOL-Key too much key data
send_eapol_key(dev[0], bssid, signkey,
"0203004d" + "010005" + "ffffffffffffffff" + "056c22d109f29d4d9fb9b9ccbad33283" + "02",
33*"ff")
# EAPOL-Key too little key data
send_eapol_key(dev[0], bssid, signkey,
"02030030" + "010005" + "ffffffffffffffff" + "056c22d109f29d4d9fb9b9ccbad33283" + "02",
"1c636a30")
# EAPOL-Key with no key data and too long WEP key length
send_eapol_key(dev[0], bssid, signkey,
"0203002c" + "010020" + "ffffffffffffffff" + "056c22d109f29d4d9fb9b9ccbad33283" + "02",
"")
def test_ap_cipher_mixed_wpa_wpa2(dev, apdev):
"""WPA2-PSK/CCMP/ and WPA-PSK/TKIP mixed configuration"""
skip_with_fips(dev[0])
ssid = "test-wpa-wpa2-psk"
passphrase = "12345678"
params = {
"ssid": ssid,
"wpa_passphrase": passphrase,
"wpa": "3",
"wpa_key_mgmt": "WPA-PSK",
"rsn_pairwise": "CCMP",
"wpa_pairwise": "TKIP",
}
hapd = hostapd.add_ap(apdev[0]["ifname"], params)
dev[0].connect(ssid, psk=passphrase, proto="WPA2", pairwise="CCMP", group="TKIP", scan_freq="2412")
status = dev[0].get_status()
if status["key_mgmt"] != "WPA2-PSK":
raise Exception("Incorrect key_mgmt reported")
if status["pairwise_cipher"] != "CCMP":
raise Exception("Incorrect pairwise_cipher reported")
if status["group_cipher"] != "TKIP":
raise Exception("Incorrect group_cipher reported")
bss = dev[0].get_bss(apdev[0]["bssid"])
if bss["ssid"] != ssid:
raise Exception("Unexpected SSID in the BSS entry")
if "[WPA-PSK-TKIP]" not in bss["flags"]:
raise Exception("Missing BSS flag WPA-PSK-TKIP")
if "[WPA2-PSK-CCMP]" not in bss["flags"]:
raise Exception("Missing BSS flag WPA2-PSK-CCMP")
hwsim_utils.test_connectivity(dev[0], hapd)
dev[1].connect(ssid, psk=passphrase, proto="WPA", pairwise="TKIP", group="TKIP", scan_freq="2412")
status = dev[1].get_status()
if status["key_mgmt"] != "WPA-PSK":
raise Exception("Incorrect key_mgmt reported")
if status["pairwise_cipher"] != "TKIP":
raise Exception("Incorrect pairwise_cipher reported")
if status["group_cipher"] != "TKIP":
raise Exception("Incorrect group_cipher reported")
hwsim_utils.test_connectivity(dev[1], hapd)
hwsim_utils.test_connectivity(dev[0], dev[1])
def test_ap_cipher_tkip_countermeasures_ap(dev, apdev):
"""WPA-PSK/TKIP countermeasures (detected by AP)"""
skip_with_fips(dev[0])
testfile = "/sys/kernel/debug/ieee80211/%s/netdev:%s/tkip_mic_test" % (
dev[0].get_driver_status_field("phyname"), dev[0].ifname)
if not os.path.exists(testfile):
raise HwsimSkip("tkip_mic_test not supported in mac80211")
params = {
"ssid": "tkip-countermeasures",
"wpa_passphrase": "12345678",
"wpa": "1",
"wpa_key_mgmt": "WPA-PSK",
"wpa_pairwise": "TKIP"
}
hapd = hostapd.add_ap(apdev[0]['ifname'], params)
dev[0].connect("tkip-countermeasures",
psk="12345678",
pairwise="TKIP",
group="TKIP",
scan_freq="2412")
dev[0].dump_monitor()
with open(testfile, "w") as f:
f.write(apdev[0]['bssid'])
ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
if ev is not None:
raise Exception(
"Unexpected disconnection on first Michael MIC failure")
with open(testfile, "w") as f:
f.write("ff:ff:ff:ff:ff:ff")
ev = dev[0].wait_disconnected(
timeout=10, error="No disconnection after two Michael MIC failures")
if "reason=14" not in ev:
raise Exception("Unexpected disconnection reason: " + ev)
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
if ev is not None:
raise Exception("Unexpected connection during TKIP countermeasures")
def test_ap_ft_oom(dev, apdev):
"""WPA2-PSK-FT and OOM"""
skip_with_fips(dev[0])
ssid = "test-ft"
passphrase = "12345678"
params = ft_params1(ssid=ssid, passphrase=passphrase)
hapd0 = hostapd.add_ap(apdev[0], params)
params = ft_params2(ssid=ssid, passphrase=passphrase)
hapd1 = hostapd.add_ap(apdev[1], params)
dev[0].connect(ssid,
psk=passphrase,
key_mgmt="FT-PSK",
proto="WPA2",
scan_freq="2412")
if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
dst = apdev[1]['bssid']
else:
dst = apdev[0]['bssid']
dev[0].scan_for_bss(dst, freq="2412")
with alloc_fail(dev[0], 1, "wpa_ft_gen_req_ies"):
dev[0].roam(dst)
with fail_test(dev[0], 1, "wpa_ft_mic"):
dev[0].roam(dst, fail_test=True)
with fail_test(dev[0], 1, "os_get_random;wpa_ft_prepare_auth_request"):
dev[0].roam(dst, fail_test=True)
dev[0].request("REMOVE_NETWORK all")
with alloc_fail(dev[0], 1, "=sme_update_ft_ies"):
dev[0].connect(ssid,
psk=passphrase,
key_mgmt="FT-PSK",
proto="WPA2",
scan_freq="2412")
def test_ap_cipher_tkip_countermeasures_sta2(dev, apdev, params):
"""WPA-PSK/TKIP countermeasures (detected by two STAs) [long]"""
if not params['long']:
raise HwsimSkip("Skip test case with long duration due to --long not specified")
skip_with_fips(dev[0])
params = { "ssid": "tkip-countermeasures",
"wpa_passphrase": "12345678",
"wpa": "1",
"wpa_key_mgmt": "WPA-PSK",
"wpa_pairwise": "TKIP" }
hapd = hostapd.add_ap(apdev[0], params)
testfile = "/sys/kernel/debug/ieee80211/%s/netdev:%s/tkip_mic_test" % (hapd.get_driver_status_field("phyname"), apdev[0]['ifname'])
if hapd.cmd_execute([ "ls", testfile ])[0] != 0:
raise HwsimSkip("tkip_mic_test not supported in mac80211")
dev[0].connect("tkip-countermeasures", psk="12345678",
pairwise="TKIP", group="TKIP", scan_freq="2412")
dev[0].dump_monitor()
id = dev[1].connect("tkip-countermeasures", psk="12345678",
pairwise="TKIP", group="TKIP", scan_freq="2412")
dev[1].dump_monitor()
hapd.cmd_execute([ "echo", "-n", "ff:ff:ff:ff:ff:ff", ">", testfile ],
shell=True)
ev = dev[0].wait_disconnected(timeout=10,
error="No disconnection after two Michael MIC failure")
if "reason=14" not in ev:
raise Exception("Unexpected disconnection reason: " + ev)
ev = dev[1].wait_disconnected(timeout=5,
error="No disconnection after two Michael MIC failure")
if "reason=14" not in ev:
raise Exception("Unexpected disconnection reason: " + ev)
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
if ev is not None:
raise Exception("Unexpected connection during TKIP countermeasures")
ev = dev[1].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
if ev is not None:
raise Exception("Unexpected connection during TKIP countermeasures")
dev[0].request("REMOVE_NETWORK all")
logger.info("Waiting for TKIP countermeasures to end")
connected = False
start = os.times()[4]
while True:
now = os.times()[4]
if start + 70 < now:
break
dev[0].connect("tkip-countermeasures", psk="12345678",
pairwise="TKIP", group="TKIP", scan_freq="2412",
wait_connect=False)
ev = dev[0].wait_event(["CTRL-EVENT-AUTH-REJECT",
"CTRL-EVENT-CONNECTED"], timeout=10)
if ev is None:
raise Exception("No connection result")
if "CTRL-EVENT-CONNECTED" in ev:
connected = True
break
if "status_code=1" not in ev:
raise Exception("Unexpected connection failure reason during TKIP countermeasures: " + ev)
dev[0].request("REMOVE_NETWORK all")
time.sleep(1)
dev[0].dump_monitor()
dev[1].dump_monitor()
if not connected:
raise Exception("No connection after TKIP countermeasures terminated")
ev = dev[1].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
if ev is None:
dev[1].request("DISCONNECT")
dev[1].select_network(id)
dev[1].wait_connected()
def test_ap_mixed_security(dev, apdev):
"""WPA/WPA2 with PSK, EAP, SAE, FT in a single BSS"""
skip_with_fips(dev[0])
dev[0].flush_scan_cache()
sae = "SAE" in dev[0].get_capability("auth_alg")
ssid = "test-mixed"
passphrase = 'qwertyuiop'
params = hostapd.wpa_mixed_params(ssid=ssid, passphrase=passphrase)
params['wpa_key_mgmt'] = "WPA-PSK WPA-PSK-SHA256 WPA-EAP WPA-EAP-SHA256 SAE FT-PSK FT-EAP FT-SAE"
params["ieee8021x"] = "1"
params["eap_server"] = "1"
params["eap_user_file"] = "auth_serv/eap_user.conf"
params['nas_identifier'] = "nas1.w1.fi"
hapd = hostapd.add_ap(apdev[0]['ifname'], params)
dev[0].connect(ssid, key_mgmt="WPA-PSK", proto="WPA", pairwise="TKIP",
psk=passphrase, scan_freq="2412")
dev[1].connect(ssid, key_mgmt="WPA-EAP-SHA256", proto="WPA2", eap="GPSK",
identity="gpsk user",
password="******",
scan_freq="2412")
if sae:
dev[2].connect(ssid, psk=passphrase, key_mgmt="SAE", scan_freq="2412")
logger.debug(dev[0].request("SCAN_RESULTS"))
bss = dev[0].get_bss(apdev[0]['bssid'])
logger.debug(bss)
if "[WPA-EAP+PSK-TKIP]" not in bss['flags']:
raise Exception("Unexpected flags (WPA): " + bss['flags'])
if sae and "[WPA2-EAP+PSK+SAE+FT/EAP+FT/PSK+FT/SAE+EAP-SHA256+PSK-SHA256-CCMP]" not in bss['flags']:
raise Exception("Unexpected flags (WPA2): " + bss['flags'])
if dev[0].get_status_field("key_mgmt") != "WPA-PSK":
raise Exception("Unexpected key_mgmt(1)")
if dev[0].get_status_field("pairwise_cipher") != "TKIP":
raise Exception("Unexpected pairwise(1)")
if dev[1].get_status_field("key_mgmt") != "WPA2-EAP-SHA256":
raise Exception("Unexpected key_mgmt(2)")
if sae and dev[2].get_status_field("key_mgmt") != "SAE":
raise Exception("Unexpected key_mgmt(3)")
hwsim_utils.test_connectivity(dev[0], dev[1])
if sae:
hwsim_utils.test_connectivity(dev[1], dev[2])
hwsim_utils.test_connectivity(dev[0], dev[2])
for i in range(3):
if i < 2 or sae:
hwsim_utils.test_connectivity(dev[i], hapd)
dev[i].request("DISCONNECT")
dev[0].connect(ssid, key_mgmt="WPA-PSK WPA-PSK-SHA256", psk=passphrase,
scan_freq="2412")
dev[1].connect(ssid, key_mgmt="WPA-EAP", proto="WPA", eap="GPSK",
identity="gpsk user",
password="******",
scan_freq="2412")
if sae:
dev[2].connect(ssid, key_mgmt="WPA-PSK WPA-PSK-SHA256 SAE",
psk=passphrase, scan_freq="2412")
if dev[0].get_status_field("key_mgmt") != "WPA2-PSK-SHA256":
raise Exception("Unexpected key_mgmt(1b)")
if dev[0].get_status_field("pairwise_cipher") != "CCMP":
raise Exception("Unexpected pairwise(1b)")
if dev[1].get_status_field("key_mgmt") != "WPA/IEEE 802.1X/EAP":
raise Exception("Unexpected key_mgmt(2b)")
if sae and dev[2].get_status_field("key_mgmt") != "SAE":
raise Exception("Unexpected key_mgmt(3b)")
for i in range(3):
dev[i].request("DISCONNECT")
dev[0].connect(ssid, key_mgmt="FT-PSK", psk=passphrase, scan_freq="2412")
dev[1].connect(ssid, key_mgmt="FT-EAP", eap="GPSK", identity="gpsk user",
password="******",
scan_freq="2412")
if sae:
dev[2].connect(ssid, psk=passphrase, key_mgmt="FT-SAE",
scan_freq="2412")
if dev[0].get_status_field("key_mgmt") != "FT-PSK":
raise Exception("Unexpected key_mgmt(1c)")
if dev[1].get_status_field("key_mgmt") != "FT-EAP":
raise Exception("Unexpected key_mgmt(2c)")
if sae and dev[2].get_status_field("key_mgmt") != "FT-SAE":
raise Exception("Unexpected key_mgmt(3c)")
def test_ap_cipher_tkip_countermeasures_sta2(dev, apdev, params):
"""WPA-PSK/TKIP countermeasures (detected by two STAs) [long]"""
if not params['long']:
raise HwsimSkip(
"Skip test case with long duration due to --long not specified")
skip_with_fips(dev[0])
params = {
"ssid": "tkip-countermeasures",
"wpa_passphrase": "12345678",
"wpa": "1",
"wpa_key_mgmt": "WPA-PSK",
"wpa_pairwise": "TKIP"
}
hapd = hostapd.add_ap(apdev[0], params)
testfile = "/sys/kernel/debug/ieee80211/%s/netdev:%s/tkip_mic_test" % (
hapd.get_driver_status_field("phyname"), apdev[0]['ifname'])
if hapd.cmd_execute(["ls", testfile])[0] != 0:
raise HwsimSkip("tkip_mic_test not supported in mac80211")
dev[0].connect("tkip-countermeasures",
psk="12345678",
pairwise="TKIP",
group="TKIP",
scan_freq="2412")
dev[0].dump_monitor()
id = dev[1].connect("tkip-countermeasures",
psk="12345678",
pairwise="TKIP",
group="TKIP",
scan_freq="2412")
dev[1].dump_monitor()
hapd.cmd_execute(["echo", "-n", "ff:ff:ff:ff:ff:ff", ">", testfile],
shell=True)
ev = dev[0].wait_disconnected(
timeout=10, error="No disconnection after two Michael MIC failure")
if "reason=14" not in ev:
raise Exception("Unexpected disconnection reason: " + ev)
ev = dev[1].wait_disconnected(
timeout=5, error="No disconnection after two Michael MIC failure")
if "reason=14" not in ev:
raise Exception("Unexpected disconnection reason: " + ev)
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
if ev is not None:
raise Exception("Unexpected connection during TKIP countermeasures")
ev = dev[1].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
if ev is not None:
raise Exception("Unexpected connection during TKIP countermeasures")
dev[0].request("REMOVE_NETWORK all")
logger.info("Waiting for TKIP countermeasures to end")
connected = False
start = os.times()[4]
while True:
now = os.times()[4]
if start + 70 < now:
break
dev[0].connect("tkip-countermeasures",
psk="12345678",
pairwise="TKIP",
group="TKIP",
scan_freq="2412",
wait_connect=False)
ev = dev[0].wait_event(
["CTRL-EVENT-AUTH-REJECT", "CTRL-EVENT-CONNECTED"], timeout=10)
if ev is None:
raise Exception("No connection result")
if "CTRL-EVENT-CONNECTED" in ev:
connected = True
break
if "status_code=14" not in ev:
raise Exception(
"Unexpected connection failure reason during TKIP countermeasures: "
+ ev)
dev[0].request("REMOVE_NETWORK all")
time.sleep(1)
dev[0].dump_monitor()
dev[1].dump_monitor()
if not connected:
raise Exception("No connection after TKIP countermeasures terminated")
ev = dev[1].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
if ev is None:
dev[1].request("DISCONNECT")
dev[1].select_network(id)
dev[1].wait_connected()
def test_ap_cipher_tkip(dev, apdev):
"""WPA2-PSK/TKIP connection"""
skip_with_fips(dev[0])
check_cipher(dev[0], apdev[0], "TKIP")
def test_gas_concurrent_connect(dev, apdev):
"""Generic GAS queries with concurrent connection operation"""
skip_with_fips(dev[0])
bssid = apdev[0]['bssid']
params = hs20_ap_params()
params['hessid'] = bssid
hostapd.add_ap(apdev[0]['ifname'], params)
dev[0].scan_for_bss(bssid, freq="2412", force_scan=True)
logger.debug("Start concurrent connect and GAS request")
dev[0].connect("test-gas",
key_mgmt="WPA-EAP",
eap="TTLS",
identity="DOMAIN\mschapv2 user",
anonymous_identity="ttls",
password="******",
phase2="auth=MSCHAPV2",
ca_cert="auth_serv/ca.pem",
wait_connect=False,
scan_freq="2412")
req = dev[0].request("GAS_REQUEST " + bssid + " 00 000102000101")
if "FAIL" in req:
raise Exception("GAS query request rejected")
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED", "GAS-RESPONSE-INFO"],
timeout=20)
if ev is None:
raise Exception("Operation timed out")
if "CTRL-EVENT-CONNECTED" not in ev:
raise Exception("Unexpected operation order")
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED", "GAS-RESPONSE-INFO"],
timeout=20)
if ev is None:
raise Exception("Operation timed out")
if "GAS-RESPONSE-INFO" not in ev:
raise Exception("Unexpected operation order")
get_gas_response(dev[0], bssid, ev)
dev[0].request("DISCONNECT")
dev[0].wait_disconnected(timeout=5)
logger.debug("Wait six seconds for expiration of connect-without-scan")
time.sleep(6)
dev[0].dump_monitor()
logger.debug("Start concurrent GAS request and connect")
req = dev[0].request("GAS_REQUEST " + bssid + " 00 000102000101")
if "FAIL" in req:
raise Exception("GAS query request rejected")
dev[0].request("RECONNECT")
ev = dev[0].wait_event(["GAS-RESPONSE-INFO"], timeout=10)
if ev is None:
raise Exception("Operation timed out")
get_gas_response(dev[0], bssid, ev)
ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=20)
if ev is None:
raise Exception("No new scan results reported")
ev = dev[0].wait_connected(timeout=20, error="Operation tiemd out")
if "CTRL-EVENT-CONNECTED" not in ev:
raise Exception("Unexpected operation order")
def test_ap_cipher_tkip(dev, apdev):
"""WPA2-PSK/TKIP connection"""
skip_with_fips(dev[0])
check_cipher(dev[0], apdev[0], "TKIP")
