diff --git a/tests/hwsim/test_ap_eap.py b/tests/hwsim/test_ap_eap.py index eced98e18..a4f2e67c3 100644 --- a/tests/hwsim/test_ap_eap.py +++ b/tests/hwsim/test_ap_eap.py @@ -3408,3 +3408,35 @@ def test_ap_wpa2_eap_tls_versions(dev, apdev): "tls_disable_tlsv1_0=1 tls_disable_tlsv1_2=1", "TLSv1.1") check_tls_ver(dev[2], apdev[0], "tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1", "TLSv1") + +def test_rsn_ie_proto_eap_sta(dev, apdev): + """RSN element protocol testing for EAP cases on STA side""" + bssid = apdev[0]['bssid'] + params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") + # This is the RSN element used normally by hostapd + params['own_ie_override'] = '30140100000fac040100000fac040100000fac010c00' + hapd = hostapd.add_ap(apdev[0]['ifname'], params) + id = dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="GPSK", + identity="gpsk user", + password="abcdefghijklmnop0123456789abcdef", + scan_freq="2412") + + tests = [ ('No RSN Capabilities field', + '30120100000fac040100000fac040100000fac01'), + ('No AKM Suite fields', + '300c0100000fac040100000fac04'), + ('No Pairwise Cipher Suite fields', + '30060100000fac04'), + ('No Group Data Cipher Suite field', + '30020100') ] + for txt,ie in tests: + dev[0].request("DISCONNECT") + dev[0].wait_disconnected() + logger.info(txt) + hapd.disable() + hapd.set('own_ie_override', ie) + hapd.enable() + dev[0].request("BSS_FLUSH 0") + dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True) + dev[0].select_network(id, freq=2412) + dev[0].wait_connected() diff --git a/tests/hwsim/test_ap_ft.py b/tests/hwsim/test_ap_ft.py index 9c5181519..f95966cb8 100644 --- a/tests/hwsim/test_ap_ft.py +++ b/tests/hwsim/test_ap_ft.py @@ -913,3 +913,71 @@ def test_ap_ft_rrb(dev, apdev): pkt = ehdr + '\x01' + '\xc9' + '\x5a\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + 76*'\00' if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)): raise Exception("DATA_TEST_FRAME failed") + +def test_rsn_ie_proto_ft_psk_sta(dev, apdev): + """RSN element protocol testing for FT-PSK + PMF cases on STA side""" + bssid = apdev[0]['bssid'] + ssid = "test-ft" + passphrase="12345678" + + params = ft_params1(ssid=ssid, passphrase=passphrase) + params["ieee80211w"] = "1"; + # This is the RSN element used normally by hostapd + params['own_ie_override'] = '30140100000fac040100000fac040100000fac048c00' + '3603a1b201' + hapd = hostapd.add_ap(apdev[0]['ifname'], params) + id = dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", + ieee80211w="1", scan_freq="2412", + pairwise="CCMP", group="CCMP") + + tests = [ ('PMKIDCount field included', + '30160100000fac040100000fac040100000fac048c000000' + '3603a1b201'), + ('Extra IE before RSNE', + 'dd0400000000' + '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'), + ('PMKIDCount and Group Management Cipher suite fields included', + '301a0100000fac040100000fac040100000fac048c000000000fac06' + '3603a1b201'), + ('Extra octet after defined fields (future extensibility)', + '301b0100000fac040100000fac040100000fac048c000000000fac0600' + '3603a1b201'), + ('No RSN Capabilities field (PMF disabled in practice)', + '30120100000fac040100000fac040100000fac04' + '3603a1b201') ] + for txt,ie in tests: + dev[0].request("DISCONNECT") + dev[0].wait_disconnected() + logger.info(txt) + hapd.disable() + hapd.set('own_ie_override', ie) + hapd.enable() + dev[0].request("BSS_FLUSH 0") + dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True) + dev[0].select_network(id, freq=2412) + dev[0].wait_connected() + + dev[0].request("DISCONNECT") + dev[0].wait_disconnected() + + logger.info('Invalid RSNE causing internal hostapd error') + hapd.disable() + hapd.set('own_ie_override', '30130100000fac040100000fac040100000fac048c' + '3603a1b201') + hapd.enable() + dev[0].request("BSS_FLUSH 0") + dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True) + dev[0].select_network(id, freq=2412) + # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot + # complete. + ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1) + if ev is not None: + raise Exception("Unexpected connection") + dev[0].request("DISCONNECT") + + logger.info('Unexpected PMKID causing internal hostapd error') + hapd.disable() + hapd.set('own_ie_override', '30260100000fac040100000fac040100000fac048c000100ffffffffffffffffffffffffffffffff' + '3603a1b201') + hapd.enable() + dev[0].request("BSS_FLUSH 0") + dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True) + dev[0].select_network(id, freq=2412) + # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot + # complete. + ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1) + if ev is not None: + raise Exception("Unexpected connection") + dev[0].request("DISCONNECT") diff --git a/tests/hwsim/test_ap_psk.py b/tests/hwsim/test_ap_psk.py index 5d9ccf27e..89135e849 100644 --- a/tests/hwsim/test_ap_psk.py +++ b/tests/hwsim/test_ap_psk.py @@ -1993,3 +1993,42 @@ def test_ap_wpa2_psk_no_random(dev, apdev): dev[0].request("DISCONNECT") dev[0].select_network(id, freq=2412) dev[0].wait_connected() + +def test_rsn_ie_proto_psk_sta(dev, apdev): + """RSN element protocol testing for PSK cases on STA side""" + bssid = apdev[0]['bssid'] + ssid = "test-wpa2-psk" + passphrase = 'qwertyuiop' + params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) + # This is the RSN element used normally by hostapd + params['own_ie_override'] = '30140100000fac040100000fac040100000fac020c00' + hapd = hostapd.add_ap(apdev[0]['ifname'], params) + if "FAIL" not in hapd.request("SET own_ie_override qwerty"): + raise Exception("Invalid own_ie_override value accepted") + id = dev[0].connect(ssid, psk=passphrase, scan_freq="2412") + + tests = [ ('No RSN Capabilities field', + '30120100000fac040100000fac040100000fac02'), + ('Reserved RSN Capabilities bits set', + '30140100000fac040100000fac040100000fac023cff'), + ('Extra pairwise cipher suite (unsupported)', + '30180100000fac040200ffffffff000fac040100000fac020c00'), + ('Extra AKM suite (unsupported)', + '30180100000fac040100000fac040200ffffffff000fac020c00'), + ('PMKIDCount field included', + '30160100000fac040100000fac040100000fac020c000000'), + ('Unexpected Group Management Cipher Suite with PMF disabled', + '301a0100000fac040100000fac040100000fac020c000000000fac06'), + ('Extra octet after defined fields (future extensibility)', + '301b0100000fac040100000fac040100000fac020c000000000fac0600') ] + for txt,ie in tests: + dev[0].request("DISCONNECT") + dev[0].wait_disconnected() + logger.info(txt) + hapd.disable() + hapd.set('own_ie_override', ie) + hapd.enable() + dev[0].request("BSS_FLUSH 0") + dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True) + dev[0].select_network(id, freq=2412) + dev[0].wait_connected()