tests: RSN element protocol testing for STA side
Signed-off-by: Jouni Malinen <j@w1.fi>
diff --git a/tests/hwsim/test_ap_eap.py b/tests/hwsim/test_ap_eap.py
index eced98e..a4f2e67 100644
--- a/tests/hwsim/test_ap_eap.py
+++ b/tests/hwsim/test_ap_eap.py
@@ -3408,3 +3408,35 @@
"tls_disable_tlsv1_0=1 tls_disable_tlsv1_2=1", "TLSv1.1")
check_tls_ver(dev[2], apdev[0],
"tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1", "TLSv1")
+
+def test_rsn_ie_proto_eap_sta(dev, apdev):
+ """RSN element protocol testing for EAP cases on STA side"""
+ bssid = apdev[0]['bssid']
+ params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
+ # This is the RSN element used normally by hostapd
+ params['own_ie_override'] = '30140100000fac040100000fac040100000fac010c00'
+ hapd = hostapd.add_ap(apdev[0]['ifname'], params)
+ id = dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="GPSK",
+ identity="gpsk user",
+ password="abcdefghijklmnop0123456789abcdef",
+ scan_freq="2412")
+
+ tests = [ ('No RSN Capabilities field',
+ '30120100000fac040100000fac040100000fac01'),
+ ('No AKM Suite fields',
+ '300c0100000fac040100000fac04'),
+ ('No Pairwise Cipher Suite fields',
+ '30060100000fac04'),
+ ('No Group Data Cipher Suite field',
+ '30020100') ]
+ for txt,ie in tests:
+ dev[0].request("DISCONNECT")
+ dev[0].wait_disconnected()
+ logger.info(txt)
+ hapd.disable()
+ hapd.set('own_ie_override', ie)
+ hapd.enable()
+ dev[0].request("BSS_FLUSH 0")
+ dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
+ dev[0].select_network(id, freq=2412)
+ dev[0].wait_connected()
diff --git a/tests/hwsim/test_ap_ft.py b/tests/hwsim/test_ap_ft.py
index 9c51815..f95966c 100644
--- a/tests/hwsim/test_ap_ft.py
+++ b/tests/hwsim/test_ap_ft.py
@@ -913,3 +913,71 @@
pkt = ehdr + '\x01' + '\xc9' + '\x5a\x00' + _src_ll + '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + 76*'\00'
if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
raise Exception("DATA_TEST_FRAME failed")
+
+def test_rsn_ie_proto_ft_psk_sta(dev, apdev):
+ """RSN element protocol testing for FT-PSK + PMF cases on STA side"""
+ bssid = apdev[0]['bssid']
+ ssid = "test-ft"
+ passphrase="12345678"
+
+ params = ft_params1(ssid=ssid, passphrase=passphrase)
+ params["ieee80211w"] = "1";
+ # This is the RSN element used normally by hostapd
+ params['own_ie_override'] = '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'
+ hapd = hostapd.add_ap(apdev[0]['ifname'], params)
+ id = dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
+ ieee80211w="1", scan_freq="2412",
+ pairwise="CCMP", group="CCMP")
+
+ tests = [ ('PMKIDCount field included',
+ '30160100000fac040100000fac040100000fac048c000000' + '3603a1b201'),
+ ('Extra IE before RSNE',
+ 'dd0400000000' + '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'),
+ ('PMKIDCount and Group Management Cipher suite fields included',
+ '301a0100000fac040100000fac040100000fac048c000000000fac06' + '3603a1b201'),
+ ('Extra octet after defined fields (future extensibility)',
+ '301b0100000fac040100000fac040100000fac048c000000000fac0600' + '3603a1b201'),
+ ('No RSN Capabilities field (PMF disabled in practice)',
+ '30120100000fac040100000fac040100000fac04' + '3603a1b201') ]
+ for txt,ie in tests:
+ dev[0].request("DISCONNECT")
+ dev[0].wait_disconnected()
+ logger.info(txt)
+ hapd.disable()
+ hapd.set('own_ie_override', ie)
+ hapd.enable()
+ dev[0].request("BSS_FLUSH 0")
+ dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
+ dev[0].select_network(id, freq=2412)
+ dev[0].wait_connected()
+
+ dev[0].request("DISCONNECT")
+ dev[0].wait_disconnected()
+
+ logger.info('Invalid RSNE causing internal hostapd error')
+ hapd.disable()
+ hapd.set('own_ie_override', '30130100000fac040100000fac040100000fac048c' + '3603a1b201')
+ hapd.enable()
+ dev[0].request("BSS_FLUSH 0")
+ dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
+ dev[0].select_network(id, freq=2412)
+ # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
+ # complete.
+ ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
+ if ev is not None:
+ raise Exception("Unexpected connection")
+ dev[0].request("DISCONNECT")
+
+ logger.info('Unexpected PMKID causing internal hostapd error')
+ hapd.disable()
+ hapd.set('own_ie_override', '30260100000fac040100000fac040100000fac048c000100ffffffffffffffffffffffffffffffff' + '3603a1b201')
+ hapd.enable()
+ dev[0].request("BSS_FLUSH 0")
+ dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
+ dev[0].select_network(id, freq=2412)
+ # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
+ # complete.
+ ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
+ if ev is not None:
+ raise Exception("Unexpected connection")
+ dev[0].request("DISCONNECT")
diff --git a/tests/hwsim/test_ap_psk.py b/tests/hwsim/test_ap_psk.py
index 5d9ccf2..89135e8 100644
--- a/tests/hwsim/test_ap_psk.py
+++ b/tests/hwsim/test_ap_psk.py
@@ -1993,3 +1993,42 @@
dev[0].request("DISCONNECT")
dev[0].select_network(id, freq=2412)
dev[0].wait_connected()
+
+def test_rsn_ie_proto_psk_sta(dev, apdev):
+ """RSN element protocol testing for PSK cases on STA side"""
+ bssid = apdev[0]['bssid']
+ ssid = "test-wpa2-psk"
+ passphrase = 'qwertyuiop'
+ params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
+ # This is the RSN element used normally by hostapd
+ params['own_ie_override'] = '30140100000fac040100000fac040100000fac020c00'
+ hapd = hostapd.add_ap(apdev[0]['ifname'], params)
+ if "FAIL" not in hapd.request("SET own_ie_override qwerty"):
+ raise Exception("Invalid own_ie_override value accepted")
+ id = dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
+
+ tests = [ ('No RSN Capabilities field',
+ '30120100000fac040100000fac040100000fac02'),
+ ('Reserved RSN Capabilities bits set',
+ '30140100000fac040100000fac040100000fac023cff'),
+ ('Extra pairwise cipher suite (unsupported)',
+ '30180100000fac040200ffffffff000fac040100000fac020c00'),
+ ('Extra AKM suite (unsupported)',
+ '30180100000fac040100000fac040200ffffffff000fac020c00'),
+ ('PMKIDCount field included',
+ '30160100000fac040100000fac040100000fac020c000000'),
+ ('Unexpected Group Management Cipher Suite with PMF disabled',
+ '301a0100000fac040100000fac040100000fac020c000000000fac06'),
+ ('Extra octet after defined fields (future extensibility)',
+ '301b0100000fac040100000fac040100000fac020c000000000fac0600') ]
+ for txt,ie in tests:
+ dev[0].request("DISCONNECT")
+ dev[0].wait_disconnected()
+ logger.info(txt)
+ hapd.disable()
+ hapd.set('own_ie_override', ie)
+ hapd.enable()
+ dev[0].request("BSS_FLUSH 0")
+ dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
+ dev[0].select_network(id, freq=2412)
+ dev[0].wait_connected()