From 682a79f0888c22b6b4b01111ef90beca12ea66aa Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Tue, 14 Feb 2017 11:10:58 +0200 Subject: [PATCH] tests: WPA2-PSK-FT and AP OOM Signed-off-by: Jouni Malinen --- tests/hwsim/test_ap_ft.py | 326 +++++++++++++++++++++++++++++++++++++- 1 file changed, 325 insertions(+), 1 deletion(-) diff --git a/tests/hwsim/test_ap_ft.py b/tests/hwsim/test_ap_ft.py index 43621aa09..d70647295 100644 --- a/tests/hwsim/test_ap_ft.py +++ b/tests/hwsim/test_ap_ft.py @@ -13,7 +13,7 @@ logger = logging.getLogger() import hwsim_utils import hostapd -from utils import HwsimSkip, alloc_fail, fail_test, skip_with_fips +from utils import HwsimSkip, alloc_fail, fail_test, wait_fail_trigger, skip_with_fips from wlantest import Wlantest from test_ap_psk import check_mib, find_wpas_process, read_process_memory, verify_not_present, get_key_locations @@ -964,6 +964,330 @@ def test_ap_ft_oom(dev, apdev): dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", scan_freq="2412") +def test_ap_ft_ap_oom(dev, apdev): + """WPA2-PSK-FT and AP OOM""" + ssid = "test-ft" + passphrase="12345678" + + params = ft_params1(ssid=ssid, passphrase=passphrase) + hapd0 = hostapd.add_ap(apdev[0], params) + bssid0 = hapd0.own_addr() + + dev[0].scan_for_bss(bssid0, freq="2412") + with alloc_fail(hapd0, 1, "wpa_ft_store_pmk_r0"): + dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", + scan_freq="2412") + + params = ft_params2(ssid=ssid, passphrase=passphrase) + hapd1 = hostapd.add_ap(apdev[1], params) + bssid1 = hapd1.own_addr() + dev[0].scan_for_bss(bssid1, freq="2412") + # This roam will fail due to missing PMK-R0 (OOM prevented storing it) + dev[0].roam(bssid1) + +def test_ap_ft_ap_oom2(dev, apdev): + """WPA2-PSK-FT and AP OOM 2""" + ssid = "test-ft" + passphrase="12345678" + + params = ft_params1(ssid=ssid, passphrase=passphrase) + hapd0 = hostapd.add_ap(apdev[0], params) + bssid0 = hapd0.own_addr() + + dev[0].scan_for_bss(bssid0, freq="2412") + with alloc_fail(hapd0, 1, "wpa_ft_store_pmk_r1"): + dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", + scan_freq="2412") + + params = ft_params2(ssid=ssid, passphrase=passphrase) + hapd1 = hostapd.add_ap(apdev[1], params) + bssid1 = hapd1.own_addr() + dev[0].scan_for_bss(bssid1, freq="2412") + dev[0].roam(bssid1) + if dev[0].get_status_field('bssid') != bssid1: + raise Exception("Did not roam to AP1") + # This roam will fail due to missing PMK-R1 (OOM prevented storing it) + dev[0].roam(bssid0) + +def test_ap_ft_ap_oom3(dev, apdev): + """WPA2-PSK-FT and AP OOM 3""" + ssid = "test-ft" + passphrase="12345678" + + params = ft_params1(ssid=ssid, passphrase=passphrase) + hapd0 = hostapd.add_ap(apdev[0], params) + bssid0 = hapd0.own_addr() + + dev[0].scan_for_bss(bssid0, freq="2412") + dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", + scan_freq="2412") + + params = ft_params2(ssid=ssid, passphrase=passphrase) + hapd1 = hostapd.add_ap(apdev[1], params) + bssid1 = hapd1.own_addr() + dev[0].scan_for_bss(bssid1, freq="2412") + with alloc_fail(hapd1, 1, "wpa_ft_pull_pmk_r1"): + # This will fail due to not being able to send out PMK-R1 pull request + dev[0].roam(bssid1) + + with fail_test(hapd1, 1, "os_get_random;wpa_ft_pull_pmk_r1"): + # This will fail due to not being able to send out PMK-R1 pull request + dev[0].roam(bssid1) + + with fail_test(hapd1, 1, "aes_wrap;wpa_ft_pull_pmk_r1"): + # This will fail due to not being able to send out PMK-R1 pull request + dev[0].roam(bssid1) + +def test_ap_ft_ap_oom4(dev, apdev): + """WPA2-PSK-FT and AP OOM 4""" + ssid = "test-ft" + passphrase="12345678" + + params = ft_params1(ssid=ssid, passphrase=passphrase) + hapd0 = hostapd.add_ap(apdev[0], params) + bssid0 = hapd0.own_addr() + + dev[0].scan_for_bss(bssid0, freq="2412") + dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", + scan_freq="2412") + + params = ft_params2(ssid=ssid, passphrase=passphrase) + hapd1 = hostapd.add_ap(apdev[1], params) + bssid1 = hapd1.own_addr() + dev[0].scan_for_bss(bssid1, freq="2412") + with alloc_fail(hapd1, 1, "wpa_ft_gtk_subelem"): + dev[0].roam(bssid1) + if dev[0].get_status_field('bssid') != bssid1: + raise Exception("Did not roam to AP1") + + with fail_test(hapd0, 1, "wpa_auth_get_seqnum;wpa_ft_gtk_subelem"): + dev[0].roam(bssid0) + if dev[0].get_status_field('bssid') != bssid0: + raise Exception("Did not roam to AP0") + + with fail_test(hapd0, 1, "aes_wrap;wpa_ft_gtk_subelem"): + dev[0].roam(bssid1) + if dev[0].get_status_field('bssid') != bssid1: + raise Exception("Did not roam to AP1") + +def test_ap_ft_ap_oom5(dev, apdev): + """WPA2-PSK-FT and AP OOM 5""" + ssid = "test-ft" + passphrase="12345678" + + params = ft_params1(ssid=ssid, passphrase=passphrase) + hapd0 = hostapd.add_ap(apdev[0], params) + bssid0 = hapd0.own_addr() + + dev[0].scan_for_bss(bssid0, freq="2412") + dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", + scan_freq="2412") + + params = ft_params2(ssid=ssid, passphrase=passphrase) + hapd1 = hostapd.add_ap(apdev[1], params) + bssid1 = hapd1.own_addr() + dev[0].scan_for_bss(bssid1, freq="2412") + with alloc_fail(hapd1, 1, "=wpa_ft_process_auth_req"): + # This will fail to roam + dev[0].roam(bssid1) + + with fail_test(hapd1, 1, "os_get_random;wpa_ft_process_auth_req"): + # This will fail to roam + dev[0].roam(bssid1) + + with fail_test(hapd1, 1, "sha256_prf_bits;wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"): + # This will fail to roam + dev[0].roam(bssid1) + + with fail_test(hapd1, 3, "wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"): + # This will fail to roam + dev[0].roam(bssid1) + + with fail_test(hapd1, 1, "wpa_derive_pmk_r1_name;wpa_ft_process_auth_req"): + # This will fail to roam + dev[0].roam(bssid1) + +def test_ap_ft_ap_oom6(dev, apdev): + """WPA2-PSK-FT and AP OOM 6""" + ssid = "test-ft" + passphrase="12345678" + + params = ft_params1(ssid=ssid, passphrase=passphrase) + hapd0 = hostapd.add_ap(apdev[0], params) + bssid0 = hapd0.own_addr() + + dev[0].scan_for_bss(bssid0, freq="2412") + with fail_test(hapd0, 1, "wpa_derive_pmk_r0;wpa_auth_derive_ptk_ft"): + dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", + scan_freq="2412") + dev[0].request("REMOVE_NETWORK all") + dev[0].wait_disconnected() + with fail_test(hapd0, 1, "wpa_derive_pmk_r1;wpa_auth_derive_ptk_ft"): + dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", + scan_freq="2412") + dev[0].request("REMOVE_NETWORK all") + dev[0].wait_disconnected() + with fail_test(hapd0, 1, "wpa_pmk_r1_to_ptk;wpa_auth_derive_ptk_ft"): + dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", + scan_freq="2412") + +def test_ap_ft_ap_oom7(dev, apdev): + """WPA2-PSK-FT and AP OOM 7""" + ssid = "test-ft" + passphrase="12345678" + + params = ft_params1(ssid=ssid, passphrase=passphrase) + params["ieee80211w"] = "2" + hapd0 = hostapd.add_ap(apdev[0], params) + bssid0 = hapd0.own_addr() + + dev[0].scan_for_bss(bssid0, freq="2412") + dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", + ieee80211w="2", scan_freq="2412") + + params = ft_params2(ssid=ssid, passphrase=passphrase) + params["ieee80211w"] = "2" + hapd1 = hostapd.add_ap(apdev[1], params) + bssid1 = hapd1.own_addr() + dev[0].scan_for_bss(bssid1, freq="2412") + with alloc_fail(hapd1, 1, "wpa_ft_igtk_subelem"): + # This will fail to roam + dev[0].roam(bssid1) + with fail_test(hapd1, 1, "aes_wrap;wpa_ft_igtk_subelem"): + # This will fail to roam + dev[0].roam(bssid1) + with alloc_fail(hapd1, 1, "=wpa_sm_write_assoc_resp_ies"): + # This will fail to roam + dev[0].roam(bssid1) + with fail_test(hapd1, 1, "wpa_ft_mic;wpa_sm_write_assoc_resp_ies"): + # This will fail to roam + dev[0].roam(bssid1) + +def test_ap_ft_ap_oom8(dev, apdev): + """WPA2-PSK-FT and AP OOM 8""" + ssid = "test-ft" + passphrase="12345678" + + params = ft_params1(ssid=ssid, passphrase=passphrase) + params['ft_psk_generate_local'] = "1"; + hapd0 = hostapd.add_ap(apdev[0], params) + bssid0 = hapd0.own_addr() + + dev[0].scan_for_bss(bssid0, freq="2412") + dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", + scan_freq="2412") + + params = ft_params2(ssid=ssid, passphrase=passphrase) + params['ft_psk_generate_local'] = "1"; + hapd1 = hostapd.add_ap(apdev[1], params) + bssid1 = hapd1.own_addr() + dev[0].scan_for_bss(bssid1, freq="2412") + with fail_test(hapd1, 1, "wpa_derive_pmk_r0;wpa_ft_psk_pmk_r1"): + # This will fail to roam + dev[0].roam(bssid1) + with fail_test(hapd1, 1, "wpa_derive_pmk_r1;wpa_ft_psk_pmk_r1"): + # This will fail to roam + dev[0].roam(bssid1) + +def test_ap_ft_ap_oom9(dev, apdev): + """WPA2-PSK-FT and AP OOM 9""" + ssid = "test-ft" + passphrase="12345678" + + params = ft_params1(ssid=ssid, passphrase=passphrase) + hapd0 = hostapd.add_ap(apdev[0], params) + bssid0 = hapd0.own_addr() + + dev[0].scan_for_bss(bssid0, freq="2412") + dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", + scan_freq="2412") + + params = ft_params2(ssid=ssid, passphrase=passphrase) + hapd1 = hostapd.add_ap(apdev[1], params) + bssid1 = hapd1.own_addr() + dev[0].scan_for_bss(bssid1, freq="2412") + + with alloc_fail(hapd0, 1, "wpa_ft_action_rx"): + # This will fail to roam + if "OK" not in dev[0].request("FT_DS " + bssid1): + raise Exception("FT_DS failed") + wait_fail_trigger(hapd0, "GET_ALLOC_FAIL") + + with alloc_fail(hapd1, 1, "wpa_ft_rrb_rx_request"): + # This will fail to roam + if "OK" not in dev[0].request("FT_DS " + bssid1): + raise Exception("FT_DS failed") + wait_fail_trigger(hapd1, "GET_ALLOC_FAIL") + + with alloc_fail(hapd1, 1, "wpa_ft_send_rrb_auth_resp"): + # This will fail to roam + if "OK" not in dev[0].request("FT_DS " + bssid1): + raise Exception("FT_DS failed") + wait_fail_trigger(hapd1, "GET_ALLOC_FAIL") + +def test_ap_ft_ap_oom10(dev, apdev): + """WPA2-PSK-FT and AP OOM 10""" + ssid = "test-ft" + passphrase="12345678" + + params = ft_params1(ssid=ssid, passphrase=passphrase) + hapd0 = hostapd.add_ap(apdev[0], params) + bssid0 = hapd0.own_addr() + + dev[0].scan_for_bss(bssid0, freq="2412") + dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", + scan_freq="2412") + + params = ft_params2(ssid=ssid, passphrase=passphrase) + hapd1 = hostapd.add_ap(apdev[1], params) + bssid1 = hapd1.own_addr() + dev[0].scan_for_bss(bssid1, freq="2412") + + with fail_test(hapd0, 1, "aes_unwrap;wpa_ft_rrb_rx_pull"): + # This will fail to roam + if "OK" not in dev[0].request("FT_DS " + bssid1): + raise Exception("FT_DS failed") + wait_fail_trigger(hapd0, "GET_FAIL") + + with fail_test(hapd0, 1, "wpa_derive_pmk_r1;wpa_ft_rrb_rx_pull"): + # This will fail to roam + if "OK" not in dev[0].request("FT_DS " + bssid1): + raise Exception("FT_DS failed") + wait_fail_trigger(hapd0, "GET_FAIL") + + with fail_test(hapd0, 1, "aes_wrap;wpa_ft_rrb_rx_pull"): + # This will fail to roam + if "OK" not in dev[0].request("FT_DS " + bssid1): + raise Exception("FT_DS failed") + wait_fail_trigger(hapd0, "GET_FAIL") + + with fail_test(hapd1, 1, "aes_unwrap;wpa_ft_rrb_rx_resp"): + # This will fail to roam + if "OK" not in dev[0].request("FT_DS " + bssid1): + raise Exception("FT_DS failed") + wait_fail_trigger(hapd1, "GET_FAIL") + +def test_ap_ft_ap_oom11(dev, apdev): + """WPA2-PSK-FT and AP OOM 11""" + ssid = "test-ft" + passphrase="12345678" + + params = ft_params1(ssid=ssid, passphrase=passphrase) + hapd0 = hostapd.add_ap(apdev[0], params) + bssid0 = hapd0.own_addr() + + dev[0].scan_for_bss(bssid0, freq="2412") + with fail_test(hapd0, 1, "wpa_derive_pmk_r1;wpa_ft_generate_pmk_r1"): + dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", + scan_freq="2412") + wait_fail_trigger(hapd0, "GET_FAIL") + + dev[1].scan_for_bss(bssid0, freq="2412") + with fail_test(hapd0, 1, "aes_wrap;wpa_ft_generate_pmk_r1"): + dev[1].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", + scan_freq="2412") + wait_fail_trigger(hapd0, "GET_FAIL") + def test_ap_ft_over_ds_proto(dev, apdev): """WPA2-PSK-FT AP over DS protocol testing""" ssid = "test-ft"