tests: EAPOL supplicant invalid frame handling

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests/hwsim/test_ap_eap.py

@@ -2606,3 +2606,17 @@ def test_wpa2_eap_ttls_pap_key_lifetime_in_memory(dev, apdev, params):
     verify_not_present(buf, gtk, fname, "GTK")
     verify_not_present(buf, msk, fname, "MSK")
     verify_not_present(buf, emsk, fname, "EMSK")
+
+def test_ap_wpa2_eap_unexpected_wep_eapol_key(dev, apdev):
+    """WPA2-Enterprise connection and unexpected WEP EAPOL-Key"""
+    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
+    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
+    bssid = apdev[0]['bssid']
+    eap_connect(dev[0], apdev[0], "TTLS", "pap user",
+                anonymous_identity="ttls", password="password",
+                ca_cert="auth_serv/ca.pem", phase2="auth=PAP")
+
+    # Send unexpected WEP EAPOL-Key; this gets dropped
+    res = dev[0].request("EAPOL_RX " + bssid + " 0203002c0100000000000000000000000000000000000000000000000000000000000000000000000000000000000000")
+    if "OK" not in res:
+        raise Exception("EAPOL_RX to wpa_supplicant failed")

tests/hwsim/test_ap_wps.py

@@ -2346,3 +2346,23 @@ def test_ap_wps_ap_scan_2(dev, apdev):
     wpas.dump_monitor()
     wpas.request("REASSOCIATE")
     wpas.wait_connected(timeout=30)
+
+def test_ap_wps_eapol_workaround(dev, apdev):
+    """EAPOL workaround code path for 802.1X header length mismatch"""
+    ssid = "test-wps"
+    hostapd.add_ap(apdev[0]['ifname'],
+                   { "ssid": ssid, "eap_server": "1", "wps_state": "1" })
+    hapd = hostapd.Hostapd(apdev[0]['ifname'])
+    bssid = apdev[0]['bssid']
+    hapd.request("SET ext_eapol_frame_io 1")
+    dev[0].request("SET ext_eapol_frame_io 1")
+    hapd.request("WPS_PBC")
+    dev[0].request("WPS_PBC")
+
+    ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
+    if ev is None:
+        raise Exception("Timeout on EAPOL-TX from hostapd")
+
+    res = dev[0].request("EAPOL_RX " + bssid + " 020000040193000501FFFF")
+    if "OK" not in res:
+        raise Exception("EAPOL_RX to wpa_supplicant failed")

tests/hwsim/test_ieee8021x.py

@@ -23,7 +23,8 @@ def test_ieee8021x_wep104(dev, apdev):
 
     dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X", eap="PSK",
                    identity="psk.user@example.com",
-                   password_hex="0123456789abcdef0123456789abcdef")
+                   password_hex="0123456789abcdef0123456789abcdef",
+                   scan_freq="2412")
     hwsim_utils.test_connectivity(dev[0], hapd)
 
 def test_ieee8021x_wep40(dev, apdev):
@@ -37,7 +38,8 @@ def test_ieee8021x_wep40(dev, apdev):
 
     dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X", eap="PSK",
                    identity="psk.user@example.com",
-                   password_hex="0123456789abcdef0123456789abcdef")
+                   password_hex="0123456789abcdef0123456789abcdef",
+                   scan_freq="2412")
     hwsim_utils.test_connectivity(dev[0], hapd)
 
 def test_ieee8021x_open(dev, apdev):
@@ -49,7 +51,8 @@ def test_ieee8021x_open(dev, apdev):
 
     id = dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
                         eap="PSK", identity="psk.user@example.com",
-                        password_hex="0123456789abcdef0123456789abcdef")
+                        password_hex="0123456789abcdef0123456789abcdef",
+                        scan_freq="2412")
     hwsim_utils.test_connectivity(dev[0], hapd)
 
     logger.info("Test EAPOL-Logoff")
@@ -75,5 +78,52 @@ def test_ieee8021x_static_wep40(dev, apdev):
     dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X", eap="PSK",
                    identity="psk.user@example.com",
                    password_hex="0123456789abcdef0123456789abcdef",
-                   wep_key0='"hello"', eapol_flags="0")
+                   wep_key0='"hello"', eapol_flags="0",
+                   scan_freq="2412")
     hwsim_utils.test_connectivity(dev[0], hapd)
+
+def test_ieee8021x_proto(dev, apdev):
+    """IEEE 802.1X and EAPOL supplicant protocol testing"""
+    params = hostapd.radius_params()
+    params["ssid"] = "ieee8021x-open"
+    params["ieee8021x"] = "1"
+    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
+    bssid = apdev[0]['bssid']
+
+    dev[1].request("SET ext_eapol_frame_io 1")
+    dev[1].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
+                   eap="PSK", identity="psk.user@example.com",
+                   password_hex="0123456789abcdef0123456789abcdef",
+                   scan_freq="2412", wait_connect=False)
+    id = dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
+                        eap="PSK", identity="psk.user@example.com",
+                        password_hex="0123456789abcdef0123456789abcdef",
+                        scan_freq="2412")
+    ev = dev[1].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)
+
+    start = dev[0].get_mib()
+
+    tests = [ "11",
+              "11223344",
+              "020000050a93000501",
+              "020300050a93000501",
+              "0203002c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
+              "0203002c0100000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
+              "0203002c0100050000000000000000000000000000000000000000000000000000000000000000000000000000000000",
+              "02aa00050a93000501" ]
+    for frame in tests:
+        res = dev[0].request("EAPOL_RX " + bssid + " " + frame)
+        if "OK" not in res:
+            raise Exception("EAPOL_RX to wpa_supplicant failed")
+        dev[1].request("EAPOL_RX " + bssid + " " + frame)
+
+    stop = dev[0].get_mib()
+
+    logger.info("MIB before test frames: " + str(start))
+    logger.info("MIB after test frames: " + str(stop))
+
+    vals = [ 'dot1xSuppInvalidEapolFramesRx',
+             'dot1xSuppEapLengthErrorFramesRx' ]
+    for val in vals:
+        if int(stop[val]) <= int(start[val]):
+            raise Exception(val + " did not increase")