DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

RSN: Split EAPOL-Key group msg 1/2 processing more completely for WPA(v1)

Browse source 
Separate more of WPA(v1) functionality away from the RSN processing
code path.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2022-11-27 10:15:57 +02:00
parent 5ab43c738e
commit e5dfce38f7
7 changed files with 236 additions and 217 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

405
src/rsn_supp/wpa.c
View file

@ -2529,173 +2529,6 @@ failed:
}
static int wpa_supplicant_process_1_of_2_rsn(struct wpa_sm *sm,
const u8 *keydata,
size_t keydatalen,
u16 key_info,
struct wpa_gtk_data *gd)
{
int maxkeylen;
struct wpa_eapol_ie_parse ie;
u16 gtk_len;
wpa_hexdump_key(MSG_DEBUG, "RSN: msg 1/2 key data",
keydata, keydatalen);
if (wpa_supplicant_parse_ies(keydata, keydatalen, &ie) < 0)
return -1;
if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
"WPA: GTK IE in unencrypted key data");
return -1;
}
if (ie.gtk == NULL) {
wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
"WPA: No GTK IE in Group Key msg 1/2");
return -1;
}
gtk_len = ie.gtk_len;
if (gtk_len < 2) {
wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
"RSN: Invalid GTK KDE length (%u) in Group Key msg 1/2",
gtk_len);
return -1;
}
gtk_len -= 2;
if (gtk_len > sizeof(gd->gtk)) {
wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
"RSN: Too long GTK in GTK KDE (len=%u)", gtk_len);
return -1;
}
maxkeylen = gd->gtk_len = gtk_len;
#ifdef CONFIG_OCV
if (wpa_sm_ocv_enabled(sm)) {
struct wpa_channel_info ci;
if (wpa_sm_channel_info(sm, &ci) != 0) {
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
"Failed to get channel info to validate received OCI in EAPOL-Key group msg 1/2");
return -1;
}
if (ocv_verify_tx_params(ie.oci, ie.oci_len, &ci,
channel_width_to_int(ci.chanwidth),
ci.seg1_idx) != OCI_SUCCESS) {
wpa_msg(sm->ctx->msg_ctx, MSG_INFO, OCV_FAILURE
"addr=" MACSTR " frame=eapol-key-g1 error=%s",
MAC2STR(sm->bssid), ocv_errorstr);
return -1;
}
}
#endif /* CONFIG_OCV */
if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
gtk_len, maxkeylen,
&gd->key_rsc_len, &gd->alg))
return -1;
wpa_hexdump_key(MSG_DEBUG, "RSN: received GTK in group key handshake",
ie.gtk, 2 + gtk_len);
gd->keyidx = ie.gtk[0] & 0x3;
gd->tx = wpa_supplicant_gtk_tx_bit_workaround(sm,
!!(ie.gtk[0] & BIT(2)));
os_memcpy(gd->gtk, ie.gtk + 2, gtk_len);
if (ieee80211w_set_keys(sm, &ie) < 0)
wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
"RSN: Failed to configure IGTK");
return 0;
}
static int wpa_supplicant_process_1_of_2_wpa(struct wpa_sm *sm,
const struct wpa_eapol_key *key,
const u8 *key_data,
size_t key_data_len, u16 key_info,
u16 ver, struct wpa_gtk_data *gd)
{
size_t maxkeylen;
u16 gtk_len;
gtk_len = WPA_GET_BE16(key->key_length);
maxkeylen = key_data_len;
if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
if (maxkeylen < 8) {
wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
"WPA: Too short maxkeylen (%lu)",
(unsigned long) maxkeylen);
return -1;
}
maxkeylen -= 8;
}
if (gtk_len > maxkeylen ||
wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
gtk_len, maxkeylen,
&gd->key_rsc_len, &gd->alg))
return -1;
gd->gtk_len = gtk_len;
gd->keyidx = (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
WPA_KEY_INFO_KEY_INDEX_SHIFT;
if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && sm->ptk.kek_len == 16) {
#if defined(CONFIG_NO_RC4) || defined(CONFIG_FIPS)
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
"WPA: RC4 not supported in the build");
return -1;
#else /* CONFIG_NO_RC4 || CONFIG_FIPS */
u8 ek[32];
if (key_data_len > sizeof(gd->gtk)) {
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
"WPA: RC4 key data too long (%lu)",
(unsigned long) key_data_len);
return -1;
}
os_memcpy(ek, key->key_iv, 16);
os_memcpy(ek + 16, sm->ptk.kek, sm->ptk.kek_len);
os_memcpy(gd->gtk, key_data, key_data_len);
if (rc4_skip(ek, 32, 256, gd->gtk, key_data_len)) {
forced_memzero(ek, sizeof(ek));
wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
"WPA: RC4 failed");
return -1;
}
forced_memzero(ek, sizeof(ek));
#endif /* CONFIG_NO_RC4 || CONFIG_FIPS */
} else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
if (maxkeylen % 8) {
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
"WPA: Unsupported AES-WRAP len %lu",
(unsigned long) maxkeylen);
return -1;
}
if (maxkeylen > sizeof(gd->gtk)) {
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
"WPA: AES-WRAP key data "
"too long (keydatalen=%lu maxkeylen=%lu)",
(unsigned long) key_data_len,
(unsigned long) maxkeylen);
return -1;
}
if (aes_unwrap(sm->ptk.kek, sm->ptk.kek_len, maxkeylen / 8,
key_data, gd->gtk)) {
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
"WPA: AES unwrap failed - could not decrypt "
"GTK");
return -1;
}
} else {
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
"WPA: Unsupported key_info type %d", ver);
return -1;
}
gd->tx = wpa_supplicant_gtk_tx_bit_workaround(
sm, !!(key_info & WPA_KEY_INFO_TXRX));
return 0;
}
static int wpa_supplicant_send_2_of_2(struct wpa_sm *sm,
const struct wpa_eapol_key *key,
int ver, u16 key_info)
@ -2879,18 +2712,20 @@ failed:
}
static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
const unsigned char *src_addr,
const struct wpa_eapol_key *key,
const u8 *key_data,
size_t key_data_len, u16 ver)
static void wpa_supplicant_process_1_of_2_wpa(struct wpa_sm *sm,
const unsigned char *src_addr,
const struct wpa_eapol_key *key,
const u8 *key_data,
size_t key_data_len, u16 ver)
{
u16 key_info;
int rekey, ret;
int rekey;
struct wpa_gtk_data gd;
const u8 *key_rsc;
size_t maxkeylen;
u16 gtk_len;
if (!sm->msg_3_of_4_ok && !wpa_fils_is_completed(sm)) {
if (!sm->msg_3_of_4_ok) {
wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
"WPA: Group Key Handshake started prior to completion of 4-way handshake");
goto failed;
@ -2899,25 +2734,88 @@ static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
os_memset(&gd, 0, sizeof(gd));
rekey = wpa_sm_get_state(sm) == WPA_COMPLETED;
wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 1 of Group Key "
"Handshake from " MACSTR " (ver=%d)", MAC2STR(src_addr), ver);
wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
"WPA: RX message 1 of Group Key Handshake from " MACSTR
" (ver=%d)", MAC2STR(src_addr), ver);
key_info = WPA_GET_BE16(key->key_info);
if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) {
ret = wpa_supplicant_process_1_of_2_rsn(sm, key_data,
key_data_len, key_info,
&gd);
} else {
ret = wpa_supplicant_process_1_of_2_wpa(sm, key, key_data,
key_data_len,
key_info, ver, &gd);
gtk_len = WPA_GET_BE16(key->key_length);
maxkeylen = key_data_len;
if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
if (maxkeylen < 8) {
wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
"WPA: Too short maxkeylen (%lu)",
(unsigned long) maxkeylen);
goto failed;
}
maxkeylen -= 8;
}
if (gtk_len > maxkeylen ||
wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
gtk_len, maxkeylen,
&gd.key_rsc_len, &gd.alg))
goto failed;
wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
if (ret)
gd.gtk_len = gtk_len;
gd.keyidx = (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
WPA_KEY_INFO_KEY_INDEX_SHIFT;
if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && sm->ptk.kek_len == 16) {
#if defined(CONFIG_NO_RC4) || defined(CONFIG_FIPS)
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
"WPA: RC4 not supported in the build");
goto failed;
#else /* CONFIG_NO_RC4 || CONFIG_FIPS */
u8 ek[32];
if (key_data_len > sizeof(gd.gtk)) {
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
"WPA: RC4 key data too long (%lu)",
(unsigned long) key_data_len);
goto failed;
}
os_memcpy(ek, key->key_iv, 16);
os_memcpy(ek + 16, sm->ptk.kek, sm->ptk.kek_len);
os_memcpy(gd.gtk, key_data, key_data_len);
if (rc4_skip(ek, 32, 256, gd.gtk, key_data_len)) {
forced_memzero(ek, sizeof(ek));
wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
"WPA: RC4 failed");
goto failed;
}
forced_memzero(ek, sizeof(ek));
#endif /* CONFIG_NO_RC4 || CONFIG_FIPS */
} else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
if (maxkeylen % 8) {
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
"WPA: Unsupported AES-WRAP len %lu",
(unsigned long) maxkeylen);
goto failed;
}
if (maxkeylen > sizeof(gd.gtk)) {
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
"WPA: AES-WRAP key data "
"too long (keydatalen=%lu maxkeylen=%lu)",
(unsigned long) key_data_len,
(unsigned long) maxkeylen);
goto failed;
}
if (aes_unwrap(sm->ptk.kek, sm->ptk.kek_len, maxkeylen / 8,
key_data, gd.gtk)) {
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
"WPA: AES unwrap failed - could not decrypt "
"GTK");
goto failed;
}
} else {
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
"WPA: Unsupported key_info type %d", ver);
goto failed;
}
gd.tx = wpa_supplicant_gtk_tx_bit_workaround(
sm, !!(key_info & WPA_KEY_INFO_TXRX));
key_rsc = key->key_rsc;
if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc))
@ -2929,15 +2827,15 @@ static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
forced_memzero(&gd, sizeof(gd));
if (rekey) {
wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Group rekeying "
"completed with " MACSTR " [GTK=%s]",
wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
"WPA: Group rekeying completed with " MACSTR
" [GTK=%s]",
MAC2STR(sm->bssid), wpa_cipher_txt(sm->group_cipher));
wpa_sm_cancel_auth_timeout(sm);
wpa_sm_set_state(sm, WPA_COMPLETED);
} else {
wpa_supplicant_key_neg_complete(sm, sm->bssid,
key_info &
WPA_KEY_INFO_SECURE);
key_info & WPA_KEY_INFO_SECURE);
}
wpa_sm_set_rekey_offload(sm);
@ -2950,6 +2848,127 @@ failed:
}
static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
const unsigned char *src_addr,
const struct wpa_eapol_key *key,
const u8 *key_data,
size_t key_data_len, u16 ver)
{
u16 key_info;
struct wpa_gtk_data gd;
const u8 *key_rsc;
int maxkeylen;
struct wpa_eapol_ie_parse ie;
u16 gtk_len;
if (!sm->msg_3_of_4_ok && !wpa_fils_is_completed(sm)) {
wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
"RSN: Group Key Handshake started prior to completion of 4-way handshake");
goto failed;
}
os_memset(&gd, 0, sizeof(gd));
wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
"RSN: RX message 1 of Group Key Handshake from " MACSTR
" (ver=%d)", MAC2STR(src_addr), ver);
key_info = WPA_GET_BE16(key->key_info);
wpa_hexdump_key(MSG_DEBUG, "RSN: msg 1/2 key data",
key_data, key_data_len);
if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0)
goto failed;
wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
"RSN: GTK KDE in unencrypted key data");
goto failed;
}
if (!ie.gtk) {
wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
"RSN: No GTK KDE in Group Key msg 1/2");
goto failed;
}
gtk_len = ie.gtk_len;
if (gtk_len < 2) {
wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
"RSN: Invalid GTK KDE length (%u) in Group Key msg 1/2",
gtk_len);
goto failed;
}
gtk_len -= 2;
if (gtk_len > sizeof(gd.gtk)) {
wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
"RSN: Too long GTK in GTK KDE (len=%u)", gtk_len);
goto failed;
}
maxkeylen = gd.gtk_len = gtk_len;
#ifdef CONFIG_OCV
if (wpa_sm_ocv_enabled(sm)) {
struct wpa_channel_info ci;
if (wpa_sm_channel_info(sm, &ci) != 0) {
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
"Failed to get channel info to validate received OCI in EAPOL-Key group msg 1/2");
goto failed;
}
if (ocv_verify_tx_params(ie.oci, ie.oci_len, &ci,
channel_width_to_int(ci.chanwidth),
ci.seg1_idx) != OCI_SUCCESS) {
wpa_msg(sm->ctx->msg_ctx, MSG_INFO, OCV_FAILURE
"addr=" MACSTR " frame=eapol-key-g1 error=%s",
MAC2STR(sm->bssid), ocv_errorstr);
goto failed;
}
}
#endif /* CONFIG_OCV */
if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
gtk_len, maxkeylen,
&gd.key_rsc_len, &gd.alg))
goto failed;
wpa_hexdump_key(MSG_DEBUG, "RSN: received GTK in group key handshake",
ie.gtk, 2 + gtk_len);
gd.keyidx = ie.gtk[0] & 0x3;
gd.tx = wpa_supplicant_gtk_tx_bit_workaround(sm,
!!(ie.gtk[0] & BIT(2)));
os_memcpy(gd.gtk, ie.gtk + 2, gtk_len);
if (ieee80211w_set_keys(sm, &ie) < 0)
wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
"RSN: Failed to configure IGTK");
key_rsc = key->key_rsc;
if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc))
key_rsc = null_rsc;
if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) ||
wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0)
goto failed;
forced_memzero(&gd, sizeof(gd));
wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
"RSN: Group rekeying completed with " MACSTR " [GTK=%s]",
MAC2STR(sm->bssid), wpa_cipher_txt(sm->group_cipher));
wpa_sm_cancel_auth_timeout(sm);
wpa_sm_set_state(sm, WPA_COMPLETED);
wpa_sm_set_rekey_offload(sm);
return;
failed:
forced_memzero(&gd, sizeof(gd));
wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
}
static int wpa_supplicant_verify_eapol_key_mic(struct wpa_sm *sm,
struct wpa_eapol_key *key,
u16 ver,
@ -3318,10 +3337,10 @@ static int wpa_sm_rx_eapol_wpa(struct wpa_sm *sm, const u8 *src_addr,
} else {
if (key_info & WPA_KEY_INFO_MIC) {
/* 1/2 Group Key Handshake */
wpa_supplicant_process_1_of_2(sm, src_addr, key,
key_data,
key_data_len,
ver);
wpa_supplicant_process_1_of_2_wpa(sm, src_addr, key,
key_data,
key_data_len,
ver);
} else {
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
"WPA: EAPOL-Key (Group) without Mic/Encr bit - dropped");

4
tests/hwsim/test_ap_ft.py
View file

@ -1999,7 +1999,7 @@ def test_ap_ft_gtk_rekey(dev, apdev):
dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
ieee80211w="1", scan_freq="2412")
ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
ev = dev[0].wait_event(["RSN: Group rekeying completed"], timeout=2)
if ev is None:
raise Exception("GTK rekey timed out after initial association")
hwsim_utils.test_connectivity(dev[0], hapd)
@ -2014,7 +2014,7 @@ def test_ap_ft_gtk_rekey(dev, apdev):
raise Exception("Did not connect to correct AP")
hwsim_utils.test_connectivity(dev[0], hapd1)
ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
ev = dev[0].wait_event(["RSN: Group rekeying completed"], timeout=2)
if ev is None:
raise Exception("GTK rekey timed out after FT protocol")
hwsim_utils.test_connectivity(dev[0], hapd1)

28
tests/hwsim/test_ap_psk.py
View file

@ -484,7 +484,7 @@ def test_ap_wpa2_gtk_rekey(dev, apdev):
params['wpa_group_rekey'] = '1'
hapd = hostapd.add_ap(apdev[0], params)
dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
ev = dev[0].wait_event(["RSN: Group rekeying completed"], timeout=2)
if ev is None:
raise Exception("GTK rekey timed out")
hwsim_utils.test_connectivity(dev[0], hapd)
@ -498,7 +498,7 @@ def test_ap_wpa2_gtk_rekey_request(dev, apdev):
dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
if "OK" not in hapd.request("REKEY_GTK"):
raise Exception("REKEY_GTK failed")
ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
ev = dev[0].wait_event(["RSN: Group rekeying completed"], timeout=2)
if ev is None:
raise Exception("GTK rekey timed out")
hwsim_utils.test_connectivity(dev[0], hapd)
@ -514,7 +514,7 @@ def test_ap_wpa2_gtk_rekey_failure(dev, apdev):
if "OK" not in hapd.request("REKEY_GTK"):
raise Exception("REKEY_GTK failed")
wait_fail_trigger(hapd, "GET_FAIL")
ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
ev = dev[0].wait_event(["RSN: Group rekeying completed"], timeout=2)
if ev is None:
raise Exception("GTK rekey timed out")
dev[0].wait_disconnected()
@ -532,7 +532,7 @@ def test_ap_wpa2_gtk_rekey_request(dev, apdev):
if "OK" not in dev[i].request("KEY_REQUEST 0 0"):
raise Exception("KEY_REQUEST failed")
for i in range(3):
ev = dev[i].wait_event(["WPA: Group rekeying completed"], timeout=2)
ev = dev[i].wait_event(["RSN: Group rekeying completed"], timeout=2)
if ev is None:
raise Exception("GTK rekey timed out")
time.sleep(1)
@ -552,16 +552,16 @@ def test_ap_wpa2_gtk_rekey_fail_1_sta(dev, apdev):
dev[1].connect(ssid, psk=passphrase, scan_freq="2412")
dev[2].connect(ssid, psk=passphrase, scan_freq="2412")
ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=7)
ev = dev[0].wait_event(["RSN: Group rekeying completed"], timeout=7)
if ev is None:
raise Exception("GTK rekey timed out [0]")
ev = dev[2].wait_event(["WPA: Group rekeying completed"], timeout=1)
ev = dev[2].wait_event(["RSN: Group rekeying completed"], timeout=1)
if ev is None:
raise Exception("GTK rekey timed out [2]")
disconnected = False
for i in range(10):
ev = dev[1].wait_event(["WPA: Group rekeying completed",
ev = dev[1].wait_event(["RSN: Group rekeying completed",
"CTRL-EVENT-DISCONNECTED"], timeout=10)
if ev is None:
raise Exception("GTK rekey timed out [1]")
@ -609,7 +609,7 @@ def test_ap_wpa2_gmk_rekey(dev, apdev):
hapd = hostapd.add_ap(apdev[0], params)
dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
for i in range(0, 3):
ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
ev = dev[0].wait_event(["RSN: Group rekeying completed"], timeout=2)
if ev is None:
raise Exception("GTK rekey timed out")
hwsim_utils.test_connectivity(dev[0], hapd)
@ -625,7 +625,7 @@ def test_ap_wpa2_strict_rekey(dev, apdev):
dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
dev[1].connect(ssid, psk=passphrase, scan_freq="2412")
dev[1].request("DISCONNECT")
ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
ev = dev[0].wait_event(["RSN: Group rekeying completed"], timeout=2)
if ev is None:
raise Exception("GTK rekey timed out")
hwsim_utils.test_connectivity(dev[0], hapd)
@ -2150,7 +2150,7 @@ def test_ap_wpa2_psk_supp_proto_unexpected_group_msg(dev, apdev):
key_info=0x13c2)
counter += 1
send_eapol(dev[0], bssid, build_eapol(msg))
ev = dev[0].wait_event(["WPA: Group Key Handshake started prior to completion of 4-way handshake"])
ev = dev[0].wait_event(["RSN: Group Key Handshake started prior to completion of 4-way handshake"])
if ev is None:
raise Exception("Unexpected group key message not reported")
dev[0].wait_disconnected(timeout=1)
@ -2304,7 +2304,7 @@ def test_ap_wpa2_psk_supp_proto_gtk_keyidx_0_and_3(dev, apdev):
counter += 1
send_eapol(dev[0], bssid, build_eapol(msg))
msg = recv_eapol(dev[0])
ev = dev[0].wait_event(["WPA: Group rekeying completed"])
ev = dev[0].wait_event(["RSN: Group rekeying completed"])
if ev is None:
raise Exception("GTK rekeing not reported")
@ -2315,7 +2315,7 @@ def test_ap_wpa2_psk_supp_proto_gtk_keyidx_0_and_3(dev, apdev):
key_info=0x03c2)
counter += 1
send_eapol(dev[0], bssid, build_eapol(msg))
ev = dev[0].wait_event(["WPA: GTK IE in unencrypted key data"])
ev = dev[0].wait_event(["RSN: GTK KDE in unencrypted key data"])
if ev is None:
raise Exception("Unencrypted GTK KDE not reported")
dev[0].wait_disconnected(timeout=1)
@ -2356,7 +2356,7 @@ def test_ap_wpa2_psk_supp_proto_no_gtk_in_group_msg(dev, apdev):
key_info=0x13c2)
counter += 1
send_eapol(dev[0], bssid, build_eapol(msg))
ev = dev[0].wait_event(["WPA: No GTK IE in Group Key msg 1/2"])
ev = dev[0].wait_event(["RSN: No GTK KDE in Group Key msg 1/2"])
if ev is None:
raise Exception("Missing GTK KDE not reported")
dev[0].wait_disconnected(timeout=1)
@ -3212,7 +3212,7 @@ def test_ap_wpa2_disable_eapol_retry_group(dev, apdev):
dev[1].request("DISCONNECT")
dev[1].wait_disconnected()
ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
ev = dev[0].wait_event(["RSN: Group rekeying completed"], timeout=2)
if ev is None:
raise Exception("GTK rekey timed out")
dev[1].request("RECONNECT")

6
tests/hwsim/test_fils.py
View file

@ -61,7 +61,7 @@ def test_fils_sk_full_auth(dev, apdev, params):
erp="1", scan_freq="2412")
hwsim_utils.test_connectivity(dev[0], hapd)
ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
ev = dev[0].wait_event(["RSN: Group rekeying completed"], timeout=2)
if ev is None:
raise Exception("GTK rekey timed out")
hwsim_utils.test_connectivity(dev[0], hapd)
@ -110,7 +110,7 @@ def test_fils_sk_sha384_full_auth(dev, apdev, params):
erp="1", scan_freq="2412")
hwsim_utils.test_connectivity(dev[0], hapd)
ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
ev = dev[0].wait_event(["RSN: Group rekeying completed"], timeout=2)
if ev is None:
raise Exception("GTK rekey timed out")
hwsim_utils.test_connectivity(dev[0], hapd)
@ -1697,7 +1697,7 @@ def setup_fils_rekey(dev, apdev, params, wpa_ptk_rekey=0, wpa_group_rekey=0,
def test_fils_auth_gtk_rekey(dev, apdev, params):
"""GTK rekeying after FILS authentication"""
hapd = setup_fils_rekey(dev, apdev, params, wpa_group_rekey=1)
ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
ev = dev[0].wait_event(["RSN: Group rekeying completed"], timeout=2)
if ev is None:
raise Exception("GTK rekey timed out")
hwsim_utils.test_connectivity(dev[0], hapd)

2
tests/hwsim/test_ibss.py
View file

@ -182,7 +182,7 @@ def test_ibss_rsn_group_rekey(dev):
dev[1].dump_monitor()
hwsim_utils.test_connectivity(dev[0], dev[1])
ev = dev[1].wait_event(["WPA: Group rekeying completed"], timeout=10)
ev = dev[1].wait_event(["RSN: Group rekeying completed"], timeout=10)
if ev is None:
raise Exception("No group rekeying reported")
hwsim_utils.test_connectivity(dev[0], dev[1])

4
tests/hwsim/test_sigma_dut.py
View file

@ -6054,7 +6054,7 @@ def test_sigma_dut_gtk_rekey(dev, apdev):
dev[0].dump_monitor()
sigma_dut_cmd_check("dev_exec_action,interface,%s,program,WPA3,KeyRotation,1" % ifname)
ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=5)
ev = dev[0].wait_event(["RSN: Group rekeying completed"], timeout=5)
if ev is None:
raise Exception("GTK rekeying not seen")
@ -6081,7 +6081,7 @@ def test_sigma_dut_ap_gtk_rekey(dev, apdev, params):
sigma_dut_cmd_check("dev_exec_action,name,AP,interface,%s,program,WPA3,KeyRotation,1" % iface)
ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=5)
ev = dev[0].wait_event(["RSN: Group rekeying completed"], timeout=5)
if ev is None:
raise Exception("GTK rekeying not seen")

4
tests/hwsim/test_wnm.py
View file

@ -227,7 +227,7 @@ def check_wnm_sleep_mode_enter_exit(hapd, dev, interval=None, tfs_req=None,
time.sleep(0.1)
if "OK" not in hapd.request("REKEY_GTK"):
raise Exception("REKEY_GTK failed")
ev = dev.wait_event(["WPA: Group rekeying completed"], timeout=0.1)
ev = dev.wait_event(["RSN: Group rekeying completed"], timeout=0.1)
if ev is not None:
raise Exception("Unexpected report of GTK rekey during WNM-Sleep Mode")
@ -247,7 +247,7 @@ def check_wnm_sleep_mode_enter_exit(hapd, dev, interval=None, tfs_req=None,
time.sleep(0.1)
if "OK" not in hapd.request("REKEY_GTK"):
raise Exception("REKEY_GTK failed")
ev = dev.wait_event(["WPA: Group rekeying completed"], timeout=2)
ev = dev.wait_event(["RSN: Group rekeying completed"], timeout=2)
if ev is None:
raise Exception("GTK rekey timed out")