Add the needed infrastructure for the Extended Key ID tests, update tests overriding RSN Capabilities to work with and without Extended Key ID support and add additional interoperability tests for Extended Key ID. All tests will use Extended Key ID by default when available. When Extended Key ID is not supported only ap_wpa2_ptk_extended_key_id will fail and all other tests for Extended Key ID will be skipped. Signed-off-by: Alexander Wetzel <alexander@xxxxxxxxxxxxxx> --- tests/hwsim/hostapd.py | 13 ++- tests/hwsim/test_ap_eap.py | 26 +++++- tests/hwsim/test_ap_ft.py | 13 ++- tests/hwsim/test_ap_psk.py | 153 +++++++++++++++++++++++++++++++++-- tests/hwsim/test_fils.py | 68 +++++++++++++++- tests/hwsim/test_ocv.py | 13 ++- tests/hwsim/test_rrm.py | 7 +- tests/hwsim/wpasupplicant.py | 1 + 8 files changed, 273 insertions(+), 21 deletions(-) diff --git a/tests/hwsim/hostapd.py b/tests/hwsim/hostapd.py index 62b3302be..bd0d5597a 100644 --- a/tests/hwsim/hostapd.py +++ b/tests/hwsim/hostapd.py @@ -203,6 +203,7 @@ class Hostapd: self.set("hw_mode", "g") self.set("channel", "1") self.set("ieee80211n", "1") + self.set("extended_key_id", "2"); self.set("logger_stdout", "-1") self.set("logger_stdout_level", "0") @@ -321,6 +322,12 @@ class Hostapd: return vals[field] return None + def extended_key_id(self): + res = self.get_driver_status_field('capa.flags') + if (int(res, 0) & 0x8000000000000000) != 0: + return True + return False + def get_config(self): res = self.request("GET_CONFIG") lines = res.splitlines() @@ -559,7 +566,7 @@ def add_ap(apdev, params, wait_enabled=True, no_enable=False, timeout=30, raise Exception("Could not ping hostapd") hapd.set_defaults() fields = ["ssid", "wpa_passphrase", "nas_identifier", "wpa_key_mgmt", - "wpa", "wpa_deny_ptk0_rekey", + "wpa", "wpa_deny_ptk0_rekey", "extended_key_id", "wpa_pairwise", "rsn_pairwise", "auth_server_addr", "acct_server_addr", "osu_server_uri"] for field in fields: @@ -647,7 +654,7 @@ def terminate(apdev): hapd_global.terminate() def wpa2_params(ssid=None, passphrase=None, wpa_key_mgmt="WPA-PSK", - ieee80211w=None): + extended_key_id=None, ieee80211w=None): params = {"wpa": "2", "wpa_key_mgmt": wpa_key_mgmt, "rsn_pairwise": "CCMP"} @@ -657,6 +664,8 @@ def wpa2_params(ssid=None, passphrase=None, wpa_key_mgmt="WPA-PSK", params["wpa_passphrase"] = passphrase if ieee80211w is not None: params["ieee80211w"] = ieee80211w + if extended_key_id: + params["extended_key_id"] = extended_key_id return params def wpa_params(ssid=None, passphrase=None): diff --git a/tests/hwsim/test_ap_eap.py b/tests/hwsim/test_ap_eap.py index bdfe96111..7c259006d 100644 --- a/tests/hwsim/test_ap_eap.py +++ b/tests/hwsim/test_ap_eap.py @@ -5136,6 +5136,7 @@ def test_ap_wpa2_eap_reauth_ptk_rekey_blocked_ap(dev, apdev): params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") params['eap_reauth_period'] = '2' params['wpa_deny_ptk0_rekey'] = '2' + params['extended_key_id'] = '0' hapd = hostapd.add_ap(apdev[0], params) eap_connect(dev[0], hapd, "PAX", "pax.user@xxxxxxxxxxx", password_hex="0123456789abcdef0123456789abcdef") @@ -5156,18 +5157,23 @@ def test_ap_wpa2_eap_reauth_ptk_rekey_blocked_sta(dev, apdev): params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") params['eap_reauth_period'] = '2' hapd = hostapd.add_ap(apdev[0], params) + dev[0].set("extended_key_id", "0") eap_connect(dev[0], hapd, "PAX", "pax.user@xxxxxxxxxxx", password_hex="0123456789abcdef0123456789abcdef", wpa_deny_ptk0_rekey="2") + logger.info("Wait for disconnect due to reauth") ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED", "CTRL-EVENT-DISCONNECTED"], timeout=10) if ev is None: + dev[0].reset() raise Exception("Timeout on reauthentication") if "CTRL-EVENT-EAP-STARTED" in ev: + dev[0].reset() raise Exception("Reauthentication without disconnect") ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=1) + dev[0].reset() if ev is None: raise Exception("Timeout on reconnect") @@ -6692,7 +6698,7 @@ def test_eap_tls_sha384(dev, apdev, params): def test_ap_wpa2_eap_assoc_rsn(dev, apdev): """WPA2-Enterprise AP and association request RSN IE differences""" params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") - hostapd.add_ap(apdev[0], params) + hapd = hostapd.add_ap(apdev[0], params) params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap-11w") params["ieee80211w"] = "2" @@ -6712,6 +6718,17 @@ def test_ap_wpa2_eap_assoc_rsn(dev, apdev): ("RSN IE without AKM", "300c0100000fac040100000fac04"), ("RSN IE without pairwise", "30060100000fac04"), ("RSN IE without group", "30020100")] + + if hapd.extended_key_id(): + tests += [("Normal wpa_supplicant assoc req RSN IE with Extended Key ID", + "30140100000fac040100000fac040100000fac010020"), + ("Extra PMKIDCount field in RSN IE with Extended Key ID", + "30160100000fac040100000fac040100000fac0100200000"), + ("Extra Group Management Cipher Suite in RSN IE with Extended Key ID", + "301a0100000fac040100000fac040100000fac0100200000000fac06"), + ("Extra undefined extension field in RSN IE with Extended Key ID", + "301c0100000fac040100000fac040100000fac0100200000000fac061122")] + for title, ie in tests: logger.info(title) set_test_assoc_ie(dev[0], ie) @@ -6726,6 +6743,13 @@ def test_ap_wpa2_eap_assoc_rsn(dev, apdev): "30140100000fac040100000fac040100000fac01cc00"), ("Group management cipher included in assoc req RSN IE", "301a0100000fac040100000fac040100000fac01cc000000000fac06")] + + if hapd.extended_key_id(): + tests += [("Normal wpa_supplicant assoc req RSN IE with Extended Key ID", + "30140100000fac040100000fac040100000fac01cc20"), + ("Group management cipher included in assoc req RSN IE with Extended Key ID", + "301a0100000fac040100000fac040100000fac01cc200000000fac06")] + for title, ie in tests: logger.info(title) set_test_assoc_ie(dev[0], ie) diff --git a/tests/hwsim/test_ap_ft.py b/tests/hwsim/test_ap_ft.py index 1dc75a344..f3b70a6da 100644 --- a/tests/hwsim/test_ap_ft.py +++ b/tests/hwsim/test_ap_ft.py @@ -136,7 +136,8 @@ def run_roams(dev, apdev, hapd0, hapd1, ssid, passphrase, over_ds=False, group_mgmt=None, ocv=None, sae_password=None, sae_password_id=None, sae_and_psk=False, pmksa_caching=False, roam_with_reassoc=False, also_non_ft=False, only_one_way=False, - wait_before_roam=0, return_after_initial=False, ieee80211w="1"): + wait_before_roam=0, return_after_initial=False, ieee80211w="1", + sta_extended_key_id="1"): logger.info("Connect to first AP") copts = {} @@ -146,6 +147,7 @@ def run_roams(dev, apdev, hapd0, hapd1, ssid, passphrase, over_ds=False, copts["pairwise"] = pairwise_cipher copts["group"] = group_cipher copts["wpa_ptk_rekey"] = ptk_rekey + copts["extended_key_key"] = sta_extended_key_id if group_mgmt: copts["group_mgmt"] = group_mgmt if ocv: @@ -257,6 +259,7 @@ def run_roams(dev, apdev, hapd0, hapd1, ssid, passphrase, over_ds=False, dev.roam(ap1['bssid']) if dev.get_status_field('bssid') != ap1['bssid']: raise Exception("Did not connect to correct AP") + if (i == 0 or i == roams - 1) and test_connectivity: hapd1ap.wait_sta() if conndev: @@ -1269,7 +1272,8 @@ def test_ap_ft_sae_pmksa_caching_h2e(dev, apdev): def generic_ap_ft_eap(dev, apdev, vlan=False, cui=False, over_ds=False, discovery=False, roams=1, wpa_ptk_rekey=0, - only_one_way=False): + only_one_way=False, ap_extended_key_id="2", + sta_extended_key_id="1"): ssid = "test-ft" passphrase = "12345678" if vlan: @@ -1286,6 +1290,7 @@ def generic_ap_ft_eap(dev, apdev, vlan=False, cui=False, over_ds=False, params = ft_params1(ssid=ssid, passphrase=passphrase, discovery=discovery) params['wpa_key_mgmt'] = "FT-EAP" params["ieee8021x"] = "1" + params["extended_key_id"] = ap_extended_key_id if vlan: params["dynamic_vlan"] = "1" params = dict(list(radius.items()) + list(params.items())) @@ -1296,6 +1301,7 @@ def generic_ap_ft_eap(dev, apdev, vlan=False, cui=False, over_ds=False, params = ft_params2(ssid=ssid, passphrase=passphrase, discovery=discovery) params['wpa_key_mgmt'] = "FT-EAP" params["ieee8021x"] = "1" + params["extended_key_id"] = ap_extended_key_id if vlan: params["dynamic_vlan"] = "1" if wpa_ptk_rekey: @@ -1305,7 +1311,8 @@ def generic_ap_ft_eap(dev, apdev, vlan=False, cui=False, over_ds=False, run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True, over_ds=over_ds, roams=roams, eap_identity=identity, - conndev=conndev, only_one_way=only_one_way) + conndev=conndev, only_one_way=only_one_way, + sta_extended_key_id=sta_extended_key_id) if "[WPA2-FT/EAP-CCMP]" not in dev[0].request("SCAN_RESULTS"): raise Exception("Scan results missing RSN element info") check_mib(dev[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-3"), diff --git a/tests/hwsim/test_ap_psk.py b/tests/hwsim/test_ap_psk.py index febbc07fe..893a4ddc3 100644 --- a/tests/hwsim/test_ap_psk.py +++ b/tests/hwsim/test_ap_psk.py @@ -205,10 +205,11 @@ def _test_ap_wpa2_psk_mem(dev, apdev): @remote_compatible def test_ap_wpa2_ptk_rekey(dev, apdev): - """WPA2-PSK AP and PTK rekey enforced by station""" + """WPA2-PSK AP and PTK rekey enforced by station without Extended Key ID""" ssid = "test-wpa2-psk" passphrase = 'qwertyuiop' - params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) + params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase, + extended_key_id="0") hapd = hostapd.add_ap(apdev[0], params) Wlantest.setup(hapd) @@ -216,7 +217,8 @@ def test_ap_wpa2_ptk_rekey(dev, apdev): wt.flush() wt.add_passphrase(passphrase) - dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412") + dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412", + extended_key_id="0") ev = dev[0].wait_event(["WPA: Key negotiation completed", "CTRL-EVENT-DISCONNECTED"]) if ev is None: @@ -231,6 +233,7 @@ def test_ap_wpa2_ptk_rekey_blocked_ap(dev, apdev): passphrase = 'qwertyuiop' params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) params['wpa_deny_ptk0_rekey'] = "2" + params['extended_key_id'] = "0" hapd = hostapd.add_ap(apdev[0], params) dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412") ev = dev[0].wait_event(["WPA: Key negotiation completed", @@ -249,15 +252,19 @@ def test_ap_wpa2_ptk_rekey_blocked_sta(dev, apdev): passphrase = 'qwertyuiop' params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) hapd = hostapd.add_ap(apdev[0], params) + dev[0].set("extended_key_id", "0") dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412", wpa_deny_ptk0_rekey="2") ev = dev[0].wait_event(["WPA: Key negotiation completed", "CTRL-EVENT-DISCONNECTED"]) if ev is None: + dev[0].reset() raise Exception("PTK rekey timed out") if "WPA: Key negotiation completed" in ev: + dev[0].reset() raise Exception("No disconnect, PTK rekey succeeded") ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=1) + dev[0].reset() if ev is None: raise Exception("Reconnect too slow") @@ -1397,10 +1404,16 @@ def eapol_test(apdev, dev, wpa2=True, ieee80211w=0): ieee80211w=str(ieee80211w)) addr = dev.p2p_interface_addr() if wpa2: - if ieee80211w == 2: - rsne = binascii.unhexlify('30140100000fac040100000fac040100000fac02cc00') + extended_key_id = hapd.extended_key_id() + if extended_key_id and ieee80211w == 2: + cap = "cc20" + elif extended_key_id: + cap = "0020" + elif ieee80211w == 2: + cap = "cc00" else: - rsne = binascii.unhexlify('30140100000fac040100000fac040100000fac020000') + cap = "0000" + rsne = binascii.unhexlify('30140100000fac040100000fac040100000fac02'+cap) else: rsne = binascii.unhexlify('dd160050f20101000050f20201000050f20201000050f202') snonce = binascii.unhexlify('1111111111111111111111111111111111111111111111111111111111111111') @@ -2970,6 +2983,11 @@ def test_ap_wpa2_psk_assoc_rsn(dev, apdev): "30140100000fac040100000fac040100000fac020000"), ("RSN IE without RSN Capabilities", "30120100000fac040100000fac040100000fac02")] + + if hapd.extended_key_id(): + tests += [("Normal wpa_supplicant assoc req RSN IE with Extended Key ID", + "30140100000fac040100000fac040100000fac020020")] + for title, ie in tests: logger.info(title) set_test_assoc_ie(dev[0], ie) @@ -3013,9 +3031,13 @@ def test_ap_wpa2_psk_ft_workaround(dev, apdev): params['r1_key_holder'] = "000102030405" hapd = hostapd.add_ap(apdev[0], params) + if hapd.extended_key_id(): + ie = "30180100000fac040100000fac040200000fac02000fac040020" + else: + ie = "30180100000fac040100000fac040200000fac02000fac040000" + # Include both WPA-PSK and FT-PSK AKMs in Association Request frame - set_test_assoc_ie(dev[0], - "30180100000fac040100000fac040200000fac02000fac040000") + set_test_assoc_ie(dev[0], ie) dev[0].connect(ssid, psk=passphrase, scan_freq="2412") dev[0].request("REMOVE_NETWORK all") dev[0].wait_disconnected() @@ -3032,6 +3054,14 @@ def test_ap_wpa2_psk_assoc_rsn_pmkid(dev, apdev): dev[0].request("REMOVE_NETWORK all") dev[0].wait_disconnected() + if not hapd.extended_key_id(): + return + + set_test_assoc_ie(dev[0], "30260100000fac040100000fac040100000fac0200200100" + 16*'00') + dev[0].connect(ssid, psk=passphrase, scan_freq="2412") + dev[0].request("REMOVE_NETWORK all") + dev[0].wait_disconnected() + def test_ap_wpa_psk_rsn_pairwise(dev, apdev): """WPA-PSK AP and only rsn_pairwise set""" params = {"ssid": "wpapsk", "wpa": "1", "wpa_key_mgmt": "WPA-PSK", @@ -3404,3 +3434,110 @@ def test_ap_wpa2_psk_rsnxe_mismatch_ap(dev, apdev): raise Exception("Unexpected connection") if "reason=17 locally_generated=1" not in ev: raise Exception("Unexpected disconnection reason: " + ev) + +def test_ap_wpa2_ptk_extended_key_id(dev, apdev): + """Extended Key ID WPA2-PSK AP and PTK rekey enforced by station""" + ssid = "test-wpa2-psk" + passphrase = 'qwertyuiop' + params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) + hapd = hostapd.add_ap(apdev[0], params) + if not hapd.extended_key_id(): + raise Exception("No Extended Key ID support") + + dev[0].set("extended_key_id", "1") + dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412") + ev = dev[0].wait_event(["WPA: Key negotiation completed"]) + if ev is None: + raise Exception("PTK rekey timed out (STA with Extended Key ID)") + if "Extended_Key_ID" not in ev: + raise Exception("Extended Key ID not used") + hwsim_utils.test_connectivity(dev[0], hapd) + ev = dev[0].wait_event(["WPA: Key negotiation completed"]) + if ev is None: + raise Exception("PTK rekey timed out 2 (STA with Extended Key ID)") + if "Extended_Key_ID" not in ev: + raise Exception("Extended Key ID not used") + hwsim_utils.test_connectivity(dev[0], hapd) + dev[0].reset() + +def test_ap_wpa2_ptk_extended_key_id_compat_ap(dev, apdev): + """Extended Key ID WPA2-PSK AP and station not supporting Extended Key ID""" + ssid = "test-wpa2-psk" + passphrase = 'qwertyuiop' + params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) + hapd = hostapd.add_ap(apdev[0], params) + if not hapd.extended_key_id(): + raise HwsimSkip("No Extended Key ID support") + + dev[0].set("extended_key_id", "0") + dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412") + ev = dev[0].wait_event(["WPA: Key negotiation completed"]) + if ev is None: + dev[0].reset() + raise Exception("PTK rekey timed out (STA without Extended Key ID)") + if "Extended_Key_ID" in ev: + dev[0].reset() + raise Exception("Invalid Extended Key ID usage") + hwsim_utils.test_connectivity(dev[0], hapd) + dev[0].reset() + +def test_ap_wpa2_ptk_extended_key_id_compat_sta(dev, apdev): + """WPA2-PSK AP not supporting Extended Key ID and station supporting it""" + ssid = "test-wpa2-psk" + passphrase = 'qwertyuiop' + params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase, + extended_key_id="0") + hapd = hostapd.add_ap(apdev[0], params) + if not hapd.extended_key_id(): + raise HwsimSkip("No Extended Key ID support") + + dev[0].set("extended_key_id", "1") + dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412") + ev = dev[0].wait_event(["WPA: Key negotiation completed"]) + if ev is None: + raise Exception("PTK rekey timed out (AP without Extended Key ID") + if "Extended_Key_ID" in ev: + raise Exception("Extended Key ID used when AP not supporting it") + hwsim_utils.test_connectivity(dev[0], hapd) + dev[0].reset() + +def test_ap_wpa2_ptk_extended_key_id_tkip(dev, apdev): + """Extended Key ID with TKIP only AP""" + ssid = "test-wpa2-psk" + passphrase = 'qwertyuiop' + params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) + params["rsn_pairwise"] = "TKIP" + hapd = hostapd.add_ap(apdev[0], params) + if not hapd.extended_key_id(): + raise HwsimSkip("No Extended Key ID support") + + dev[0].set("extended_key_id", "1") + dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412") + ev = dev[0].wait_event(["WPA: Key negotiation completed"]) + if ev is None: + raise Exception("PTK rekey timed out") + if "Extended_Key_ID" in ev: + raise Exception("Extended Key ID used with TKIP") + hwsim_utils.test_connectivity(dev[0], hapd) + dev[0].reset() + +def test_ap_wpa2_ptk_extended_key_id_tkip_sta(dev, apdev): + """Extended Key ID WPA2-PSK AP and station using WPA2 with TKIP only""" + ssid = "test-wpa2-psk" + passphrase = 'qwertyuiop' + params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) + params["rsn_pairwise"] = "TKIP CCMP" + hapd = hostapd.add_ap(apdev[0], params) + if not hapd.extended_key_id(): + raise HwsimSkip("No Extended Key ID support") + + dev[0].set("extended_key_id", "1") + dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", pairwise="TKIP", + scan_freq="2412") + ev = dev[0].wait_event(["WPA: Key negotiation completed"]) + if ev is None: + raise Exception("PTK rekey timed out") + if "Extended_Key_ID" in ev: + raise Exception("Extended Key ID used with TKIP") + hwsim_utils.test_connectivity(dev[0], hapd) + dev[0].reset() diff --git a/tests/hwsim/test_fils.py b/tests/hwsim/test_fils.py index 16fc03852..695367d6f 100644 --- a/tests/hwsim/test_fils.py +++ b/tests/hwsim/test_fils.py @@ -1655,7 +1655,8 @@ def test_fils_sk_auth_mismatch(dev, apdev, params): hwsim_utils.test_connectivity(dev[0], hapd) def setup_fils_rekey(dev, apdev, params, wpa_ptk_rekey=0, wpa_group_rekey=0, - pmksa_caching=True): + pmksa_caching=True, + ap_extended_key_id=None, sta_extended_key_id="1"): check_fils_capa(dev[0]) check_erp_capa(dev[0]) @@ -1671,13 +1672,17 @@ def setup_fils_rekey(dev, apdev, params, wpa_ptk_rekey=0, wpa_group_rekey=0, params['wpa_ptk_rekey'] = str(wpa_ptk_rekey) if wpa_group_rekey: params['wpa_group_rekey'] = str(wpa_group_rekey) + if ap_extended_key_id: + params['extended_key_id'] = str(ap_extended_key_id) if not pmksa_caching: params['disable_pmksa_caching'] = '1' hapd = hostapd.add_ap(apdev[0]['ifname'], params) + dev[0].set("extended_key_id", sta_extended_key_id) dev[0].scan_for_bss(bssid, freq=2412) dev[0].request("ERP_FLUSH") id = dev[0].connect("fils", key_mgmt="FILS-SHA256", + extended_key_id=str(sta_extended_key_id), eap="PSK", identity="psk.user@xxxxxxxxxxx", password_hex="0123456789abcdef0123456789abcdef", erp="1", scan_freq="2412") @@ -1713,10 +1718,54 @@ def test_fils_auth_gtk_rekey(dev, apdev, params): def test_fils_auth_ptk_rekey_ap(dev, apdev, params): """PTK rekeying after FILS authentication triggered by AP""" - hapd = setup_fils_rekey(dev, apdev, params, wpa_ptk_rekey=2) + hapd = setup_fils_rekey(dev, apdev, params, wpa_ptk_rekey=2, + ap_extended_key_id="0", + sta_extended_key_id="0") + ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=3) + if ev is None: + raise Exception("PTK rekey timed out") + if "Extended_Key_ID" in ev: + raise Exception("PTK rekey using Extended Key ID") + hwsim_utils.test_connectivity(dev[0], hapd) + + ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1) + if ev is not None: + raise Exception("Rekeying failed - disconnected") + hwsim_utils.test_connectivity(dev[0], hapd) + +def test_fils_auth_ptk_rekey_ap_extended_key_id(dev, apdev, params): + """PTK rekeying after FILS authentication triggered by AP (using Extended Key ID)""" + hapd = setup_fils_rekey(dev, apdev, params, wpa_ptk_rekey=2, + ap_extended_key_id="1", + sta_extended_key_id="1") + if not hapd.extended_key_id(): + raise HwsimSkip("No Extended Key ID support") + + ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=3) + if ev is None: + raise Exception("PTK rekey timed out") + if "Extended_Key_ID" not in ev: + raise Exception("PTK rekey not using Extended Key ID") + hwsim_utils.test_connectivity(dev[0], hapd) + + ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1) + if ev is not None: + raise Exception("Rekeying failed - disconnected") + hwsim_utils.test_connectivity(dev[0], hapd) + +def test_fils_auth_ptk_rekey_ap_extended_key_id_compat(dev, apdev, params): + """PTK rekeying after FILS authentication triggered by AP (only AP supporting Extended Key ID)""" + hapd = setup_fils_rekey(dev, apdev, params, wpa_ptk_rekey=2, + ap_extended_key_id="1", + sta_extended_key_id="0") + if not hapd.extended_key_id(): + raise HwsimSkip("No Extended Key ID support") + ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=3) if ev is None: raise Exception("PTK rekey timed out") + if "Extended_Key_ID" in ev: + raise Exception("PTK rekey using Extended Key ID") hwsim_utils.test_connectivity(dev[0], hapd) ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1) @@ -1727,10 +1776,14 @@ def test_fils_auth_ptk_rekey_ap(dev, apdev, params): def test_fils_auth_ptk_rekey_ap_erp(dev, apdev, params): """PTK rekeying after FILS authentication triggered by AP (ERP)""" hapd = setup_fils_rekey(dev, apdev, params, wpa_ptk_rekey=2, - pmksa_caching=False) + pmksa_caching=False, + ap_extended_key_id="0", + sta_extended_key_id="0") ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=3) if ev is None: raise Exception("PTK rekey timed out") + if "Extended_Key_ID" in ev: + raise Exception("PTK rekey using Extended Key ID") hwsim_utils.test_connectivity(dev[0], hapd) ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1) @@ -1752,11 +1805,13 @@ def test_fils_and_ft(dev, apdev, params): params['erp_domain'] = 'example.com' params['fils_realm'] = 'example.com' params['disable_pmksa_caching'] = '1' + params['extended_key_id'] = '1' hapd = hostapd.add_ap(apdev[0]['ifname'], params) dev[0].scan_for_bss(bssid, freq=2412) dev[0].request("ERP_FLUSH") id = dev[0].connect("fils", key_mgmt="FILS-SHA256", + extended_key_id="1", eap="PSK", identity="psk.user@xxxxxxxxxxx", password_hex="0123456789abcdef0123456789abcdef", erp="1", scan_freq="2412") @@ -1783,12 +1838,14 @@ def test_fils_and_ft(dev, apdev, params): params['r0kh'] = ["02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f"] params['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f" params['ieee80211w'] = "1" + params['extended_key_id'] = '1' hapd = hostapd.add_ap(apdev[0]['ifname'], params) dev[0].scan_for_bss(bssid, freq=2412) dev[0].dump_monitor() id = dev[0].connect("fils-ft", key_mgmt="FILS-SHA256 FT-FILS-SHA256 FT-EAP", ieee80211w="1", + extended_key_id="1", eap="PSK", identity="psk.user@xxxxxxxxxxx", password_hex="0123456789abcdef0123456789abcdef", erp="1", scan_freq="2412", wait_connect=False) @@ -1819,6 +1876,7 @@ def test_fils_and_ft(dev, apdev, params): params['r1_key_holder'] = "000102030406" params['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f"] params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f" + params['extended_key_id'] = '1' hapd2 = hostapd.add_ap(apdev[1]['ifname'], params) dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412", force_scan=True) @@ -1897,6 +1955,7 @@ def run_fils_and_ft_setup(dev, apdev, params, key_mgmt): params['fils_realm'] = 'example.com' params['disable_pmksa_caching'] = '1' params['ieee80211w'] = "2" + params['extended_key_id'] = '1' hapd = hostapd.add_ap(apdev[0]['ifname'], params) dev[0].scan_for_bss(bssid, freq=2412) @@ -1904,6 +1963,7 @@ def run_fils_and_ft_setup(dev, apdev, params, key_mgmt): hapd.request("NOTE Initial association to establish ERP keys") id = dev[0].connect("fils", key_mgmt=key_mgmt, ieee80211w="2", eap="PSK", identity="psk.user@xxxxxxxxxxx", + extended_key_id="1", password_hex="0123456789abcdef0123456789abcdef", erp="1", scan_freq="2412") hapd.wait_sta() @@ -1933,6 +1993,7 @@ def run_fils_and_ft_setup(dev, apdev, params, key_mgmt): "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f"] params['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f" params['ieee80211w'] = "2" + params['extended_key_id'] = '1' hapd = hostapd.add_ap(apdev[0]['ifname'], params) dev[0].scan_for_bss(bssid, freq=2412) @@ -1964,6 +2025,7 @@ def run_fils_and_ft_setup(dev, apdev, params, key_mgmt): params['r0kh'] = ["02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f", "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f"] params['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f" + params['extended_key_id'] = '1' hapd2 = hostapd.add_ap(apdev[1]['ifname'], params) return hapd, hapd2 diff --git a/tests/hwsim/test_ocv.py b/tests/hwsim/test_ocv.py index df84e7124..75eca7590 100644 --- a/tests/hwsim/test_ocv.py +++ b/tests/hwsim/test_ocv.py @@ -380,10 +380,17 @@ class APConnection: self.bssid = apdev['bssid'] pmk = binascii.unhexlify("c2c6c255af836bed1b3f2f1ded98e052f5ad618bb554e2836757b55854a0eab7") - if sta_ocv != "0": - self.rsne = binascii.unhexlify("301a0100000fac040100000fac040100000fac0280400000000fac06") + if self.hapd.extended_key_id(): + if sta_ocv != "0": + cap = "8060" + else: + cap = "8020" else: - self.rsne = binascii.unhexlify("301a0100000fac040100000fac040100000fac0280000000000fac06") + if sta_ocv != "0": + cap = "8040" + else: + cap = "8000" + self.rsne = binascii.unhexlify("301a0100000fac040100000fac040100000fac02"+cap+"0000000fac06") self.snonce = binascii.unhexlify('1111111111111111111111111111111111111111111111111111111111111111') dev.connect(self.ssid, raw_psk=self.psk, scan_freq=freq, ocv=sta_ocv, diff --git a/tests/hwsim/test_rrm.py b/tests/hwsim/test_rrm.py index dde98932b..610efe1f6 100644 --- a/tests/hwsim/test_rrm.py +++ b/tests/hwsim/test_rrm.py @@ -1233,6 +1233,11 @@ def test_rrm_beacon_req_table_rsne(dev, apdev): params["rrm_beacon_report"] = "1" hapd = hostapd.add_ap(apdev[0], params) + if hapd.extended_key_id(): + cap = "0c20" + else: + cap = "0c00" + dev[0].connect("rrm-rsn", psk="12345678", scan_freq="2412") addr = dev[0].own_addr() @@ -1247,7 +1252,7 @@ def test_rrm_beacon_req_table_rsne(dev, apdev): raise Exception("Reported Frame Body subelement missing") if len(report.frame_body) != 12 + 22: raise Exception("Unexpected Reported Frame Body subelement length with Reporting Detail 1 and requested element RSNE") - if binascii.unhexlify("30140100000fac040100000fac040100000fac020c00") not in report.frame_body: + if binascii.unhexlify("30140100000fac040100000fac040100000fac02"+cap) not in report.frame_body: raise Exception("Full RSNE not found") def test_rrm_beacon_req_table_vht(dev, apdev): diff --git a/tests/hwsim/wpasupplicant.py b/tests/hwsim/wpasupplicant.py index d99e6889d..00a51c045 100644 --- a/tests/hwsim/wpasupplicant.py +++ b/tests/hwsim/wpasupplicant.py @@ -297,6 +297,7 @@ class WpaSupplicant: self.close_monitor_group() self.group_ifname = None self.dump_monitor() + self.set("extended_key_id", "1") iter = 0 while iter < 60: -- 2.25.2 _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap