From e5dfce38f79da3032715da0f65a8326d46acc078 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sun, 27 Nov 2022 10:15:57 +0200 Subject: [PATCH] RSN: Split EAPOL-Key group msg 1/2 processing more completely for WPA(v1) Separate more of WPA(v1) functionality away from the RSN processing code path. Signed-off-by: Jouni Malinen --- src/rsn_supp/wpa.c | 405 ++++++++++++++++++---------------- tests/hwsim/test_ap_ft.py | 4 +- tests/hwsim/test_ap_psk.py | 28 +-- tests/hwsim/test_fils.py | 6 +- tests/hwsim/test_ibss.py | 2 +- tests/hwsim/test_sigma_dut.py | 4 +- tests/hwsim/test_wnm.py | 4 +- 7 files changed, 236 insertions(+), 217 deletions(-) diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c index e3a64f171..aba476a0c 100644 --- a/src/rsn_supp/wpa.c +++ b/src/rsn_supp/wpa.c @@ -2529,173 +2529,6 @@ failed: } -static int wpa_supplicant_process_1_of_2_rsn(struct wpa_sm *sm, - const u8 *keydata, - size_t keydatalen, - u16 key_info, - struct wpa_gtk_data *gd) -{ - int maxkeylen; - struct wpa_eapol_ie_parse ie; - u16 gtk_len; - - wpa_hexdump_key(MSG_DEBUG, "RSN: msg 1/2 key data", - keydata, keydatalen); - if (wpa_supplicant_parse_ies(keydata, keydatalen, &ie) < 0) - return -1; - if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { - wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, - "WPA: GTK IE in unencrypted key data"); - return -1; - } - if (ie.gtk == NULL) { - wpa_msg(sm->ctx->msg_ctx, MSG_INFO, - "WPA: No GTK IE in Group Key msg 1/2"); - return -1; - } - gtk_len = ie.gtk_len; - if (gtk_len < 2) { - wpa_msg(sm->ctx->msg_ctx, MSG_INFO, - "RSN: Invalid GTK KDE length (%u) in Group Key msg 1/2", - gtk_len); - return -1; - } - gtk_len -= 2; - if (gtk_len > sizeof(gd->gtk)) { - wpa_msg(sm->ctx->msg_ctx, MSG_INFO, - "RSN: Too long GTK in GTK KDE (len=%u)", gtk_len); - return -1; - } - maxkeylen = gd->gtk_len = gtk_len; - -#ifdef CONFIG_OCV - if (wpa_sm_ocv_enabled(sm)) { - struct wpa_channel_info ci; - - if (wpa_sm_channel_info(sm, &ci) != 0) { - wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, - "Failed to get channel info to validate received OCI in EAPOL-Key group msg 1/2"); - return -1; - } - - if (ocv_verify_tx_params(ie.oci, ie.oci_len, &ci, - channel_width_to_int(ci.chanwidth), - ci.seg1_idx) != OCI_SUCCESS) { - wpa_msg(sm->ctx->msg_ctx, MSG_INFO, OCV_FAILURE - "addr=" MACSTR " frame=eapol-key-g1 error=%s", - MAC2STR(sm->bssid), ocv_errorstr); - return -1; - } - } -#endif /* CONFIG_OCV */ - - if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher, - gtk_len, maxkeylen, - &gd->key_rsc_len, &gd->alg)) - return -1; - - wpa_hexdump_key(MSG_DEBUG, "RSN: received GTK in group key handshake", - ie.gtk, 2 + gtk_len); - gd->keyidx = ie.gtk[0] & 0x3; - gd->tx = wpa_supplicant_gtk_tx_bit_workaround(sm, - !!(ie.gtk[0] & BIT(2))); - os_memcpy(gd->gtk, ie.gtk + 2, gtk_len); - - if (ieee80211w_set_keys(sm, &ie) < 0) - wpa_msg(sm->ctx->msg_ctx, MSG_INFO, - "RSN: Failed to configure IGTK"); - - return 0; -} - - -static int wpa_supplicant_process_1_of_2_wpa(struct wpa_sm *sm, - const struct wpa_eapol_key *key, - const u8 *key_data, - size_t key_data_len, u16 key_info, - u16 ver, struct wpa_gtk_data *gd) -{ - size_t maxkeylen; - u16 gtk_len; - - gtk_len = WPA_GET_BE16(key->key_length); - maxkeylen = key_data_len; - if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { - if (maxkeylen < 8) { - wpa_msg(sm->ctx->msg_ctx, MSG_INFO, - "WPA: Too short maxkeylen (%lu)", - (unsigned long) maxkeylen); - return -1; - } - maxkeylen -= 8; - } - - if (gtk_len > maxkeylen || - wpa_supplicant_check_group_cipher(sm, sm->group_cipher, - gtk_len, maxkeylen, - &gd->key_rsc_len, &gd->alg)) - return -1; - - gd->gtk_len = gtk_len; - gd->keyidx = (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >> - WPA_KEY_INFO_KEY_INDEX_SHIFT; - if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && sm->ptk.kek_len == 16) { -#if defined(CONFIG_NO_RC4) || defined(CONFIG_FIPS) - wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, - "WPA: RC4 not supported in the build"); - return -1; -#else /* CONFIG_NO_RC4 || CONFIG_FIPS */ - u8 ek[32]; - if (key_data_len > sizeof(gd->gtk)) { - wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, - "WPA: RC4 key data too long (%lu)", - (unsigned long) key_data_len); - return -1; - } - os_memcpy(ek, key->key_iv, 16); - os_memcpy(ek + 16, sm->ptk.kek, sm->ptk.kek_len); - os_memcpy(gd->gtk, key_data, key_data_len); - if (rc4_skip(ek, 32, 256, gd->gtk, key_data_len)) { - forced_memzero(ek, sizeof(ek)); - wpa_msg(sm->ctx->msg_ctx, MSG_ERROR, - "WPA: RC4 failed"); - return -1; - } - forced_memzero(ek, sizeof(ek)); -#endif /* CONFIG_NO_RC4 || CONFIG_FIPS */ - } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { - if (maxkeylen % 8) { - wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, - "WPA: Unsupported AES-WRAP len %lu", - (unsigned long) maxkeylen); - return -1; - } - if (maxkeylen > sizeof(gd->gtk)) { - wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, - "WPA: AES-WRAP key data " - "too long (keydatalen=%lu maxkeylen=%lu)", - (unsigned long) key_data_len, - (unsigned long) maxkeylen); - return -1; - } - if (aes_unwrap(sm->ptk.kek, sm->ptk.kek_len, maxkeylen / 8, - key_data, gd->gtk)) { - wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, - "WPA: AES unwrap failed - could not decrypt " - "GTK"); - return -1; - } - } else { - wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, - "WPA: Unsupported key_info type %d", ver); - return -1; - } - gd->tx = wpa_supplicant_gtk_tx_bit_workaround( - sm, !!(key_info & WPA_KEY_INFO_TXRX)); - return 0; -} - - static int wpa_supplicant_send_2_of_2(struct wpa_sm *sm, const struct wpa_eapol_key *key, int ver, u16 key_info) @@ -2879,18 +2712,20 @@ failed: } -static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm, - const unsigned char *src_addr, - const struct wpa_eapol_key *key, - const u8 *key_data, - size_t key_data_len, u16 ver) +static void wpa_supplicant_process_1_of_2_wpa(struct wpa_sm *sm, + const unsigned char *src_addr, + const struct wpa_eapol_key *key, + const u8 *key_data, + size_t key_data_len, u16 ver) { u16 key_info; - int rekey, ret; + int rekey; struct wpa_gtk_data gd; const u8 *key_rsc; + size_t maxkeylen; + u16 gtk_len; - if (!sm->msg_3_of_4_ok && !wpa_fils_is_completed(sm)) { + if (!sm->msg_3_of_4_ok) { wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Group Key Handshake started prior to completion of 4-way handshake"); goto failed; @@ -2899,25 +2734,88 @@ static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm, os_memset(&gd, 0, sizeof(gd)); rekey = wpa_sm_get_state(sm) == WPA_COMPLETED; - wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 1 of Group Key " - "Handshake from " MACSTR " (ver=%d)", MAC2STR(src_addr), ver); + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, + "WPA: RX message 1 of Group Key Handshake from " MACSTR + " (ver=%d)", MAC2STR(src_addr), ver); key_info = WPA_GET_BE16(key->key_info); - if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) { - ret = wpa_supplicant_process_1_of_2_rsn(sm, key_data, - key_data_len, key_info, - &gd); - } else { - ret = wpa_supplicant_process_1_of_2_wpa(sm, key, key_data, - key_data_len, - key_info, ver, &gd); + gtk_len = WPA_GET_BE16(key->key_length); + maxkeylen = key_data_len; + if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { + if (maxkeylen < 8) { + wpa_msg(sm->ctx->msg_ctx, MSG_INFO, + "WPA: Too short maxkeylen (%lu)", + (unsigned long) maxkeylen); + goto failed; + } + maxkeylen -= 8; } + if (gtk_len > maxkeylen || + wpa_supplicant_check_group_cipher(sm, sm->group_cipher, + gtk_len, maxkeylen, + &gd.key_rsc_len, &gd.alg)) + goto failed; + wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE); - if (ret) + gd.gtk_len = gtk_len; + gd.keyidx = (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >> + WPA_KEY_INFO_KEY_INDEX_SHIFT; + if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && sm->ptk.kek_len == 16) { +#if defined(CONFIG_NO_RC4) || defined(CONFIG_FIPS) + wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, + "WPA: RC4 not supported in the build"); goto failed; +#else /* CONFIG_NO_RC4 || CONFIG_FIPS */ + u8 ek[32]; + if (key_data_len > sizeof(gd.gtk)) { + wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, + "WPA: RC4 key data too long (%lu)", + (unsigned long) key_data_len); + goto failed; + } + os_memcpy(ek, key->key_iv, 16); + os_memcpy(ek + 16, sm->ptk.kek, sm->ptk.kek_len); + os_memcpy(gd.gtk, key_data, key_data_len); + if (rc4_skip(ek, 32, 256, gd.gtk, key_data_len)) { + forced_memzero(ek, sizeof(ek)); + wpa_msg(sm->ctx->msg_ctx, MSG_ERROR, + "WPA: RC4 failed"); + goto failed; + } + forced_memzero(ek, sizeof(ek)); +#endif /* CONFIG_NO_RC4 || CONFIG_FIPS */ + } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { + if (maxkeylen % 8) { + wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, + "WPA: Unsupported AES-WRAP len %lu", + (unsigned long) maxkeylen); + goto failed; + } + if (maxkeylen > sizeof(gd.gtk)) { + wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, + "WPA: AES-WRAP key data " + "too long (keydatalen=%lu maxkeylen=%lu)", + (unsigned long) key_data_len, + (unsigned long) maxkeylen); + goto failed; + } + if (aes_unwrap(sm->ptk.kek, sm->ptk.kek_len, maxkeylen / 8, + key_data, gd.gtk)) { + wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, + "WPA: AES unwrap failed - could not decrypt " + "GTK"); + goto failed; + } + } else { + wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, + "WPA: Unsupported key_info type %d", ver); + goto failed; + } + gd.tx = wpa_supplicant_gtk_tx_bit_workaround( + sm, !!(key_info & WPA_KEY_INFO_TXRX)); key_rsc = key->key_rsc; if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc)) @@ -2929,15 +2827,15 @@ static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm, forced_memzero(&gd, sizeof(gd)); if (rekey) { - wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Group rekeying " - "completed with " MACSTR " [GTK=%s]", + wpa_msg(sm->ctx->msg_ctx, MSG_INFO, + "WPA: Group rekeying completed with " MACSTR + " [GTK=%s]", MAC2STR(sm->bssid), wpa_cipher_txt(sm->group_cipher)); wpa_sm_cancel_auth_timeout(sm); wpa_sm_set_state(sm, WPA_COMPLETED); } else { wpa_supplicant_key_neg_complete(sm, sm->bssid, - key_info & - WPA_KEY_INFO_SECURE); + key_info & WPA_KEY_INFO_SECURE); } wpa_sm_set_rekey_offload(sm); @@ -2950,6 +2848,127 @@ failed: } +static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm, + const unsigned char *src_addr, + const struct wpa_eapol_key *key, + const u8 *key_data, + size_t key_data_len, u16 ver) +{ + u16 key_info; + struct wpa_gtk_data gd; + const u8 *key_rsc; + int maxkeylen; + struct wpa_eapol_ie_parse ie; + u16 gtk_len; + + if (!sm->msg_3_of_4_ok && !wpa_fils_is_completed(sm)) { + wpa_msg(sm->ctx->msg_ctx, MSG_INFO, + "RSN: Group Key Handshake started prior to completion of 4-way handshake"); + goto failed; + } + + os_memset(&gd, 0, sizeof(gd)); + + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, + "RSN: RX message 1 of Group Key Handshake from " MACSTR + " (ver=%d)", MAC2STR(src_addr), ver); + + key_info = WPA_GET_BE16(key->key_info); + + wpa_hexdump_key(MSG_DEBUG, "RSN: msg 1/2 key data", + key_data, key_data_len); + if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0) + goto failed; + + wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE); + + if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { + wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, + "RSN: GTK KDE in unencrypted key data"); + goto failed; + } + if (!ie.gtk) { + wpa_msg(sm->ctx->msg_ctx, MSG_INFO, + "RSN: No GTK KDE in Group Key msg 1/2"); + goto failed; + } + gtk_len = ie.gtk_len; + if (gtk_len < 2) { + wpa_msg(sm->ctx->msg_ctx, MSG_INFO, + "RSN: Invalid GTK KDE length (%u) in Group Key msg 1/2", + gtk_len); + goto failed; + } + gtk_len -= 2; + if (gtk_len > sizeof(gd.gtk)) { + wpa_msg(sm->ctx->msg_ctx, MSG_INFO, + "RSN: Too long GTK in GTK KDE (len=%u)", gtk_len); + goto failed; + } + maxkeylen = gd.gtk_len = gtk_len; + +#ifdef CONFIG_OCV + if (wpa_sm_ocv_enabled(sm)) { + struct wpa_channel_info ci; + + if (wpa_sm_channel_info(sm, &ci) != 0) { + wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, + "Failed to get channel info to validate received OCI in EAPOL-Key group msg 1/2"); + goto failed; + } + + if (ocv_verify_tx_params(ie.oci, ie.oci_len, &ci, + channel_width_to_int(ci.chanwidth), + ci.seg1_idx) != OCI_SUCCESS) { + wpa_msg(sm->ctx->msg_ctx, MSG_INFO, OCV_FAILURE + "addr=" MACSTR " frame=eapol-key-g1 error=%s", + MAC2STR(sm->bssid), ocv_errorstr); + goto failed; + } + } +#endif /* CONFIG_OCV */ + + if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher, + gtk_len, maxkeylen, + &gd.key_rsc_len, &gd.alg)) + goto failed; + + wpa_hexdump_key(MSG_DEBUG, "RSN: received GTK in group key handshake", + ie.gtk, 2 + gtk_len); + gd.keyidx = ie.gtk[0] & 0x3; + gd.tx = wpa_supplicant_gtk_tx_bit_workaround(sm, + !!(ie.gtk[0] & BIT(2))); + os_memcpy(gd.gtk, ie.gtk + 2, gtk_len); + + if (ieee80211w_set_keys(sm, &ie) < 0) + wpa_msg(sm->ctx->msg_ctx, MSG_INFO, + "RSN: Failed to configure IGTK"); + + key_rsc = key->key_rsc; + if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc)) + key_rsc = null_rsc; + + if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) || + wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0) + goto failed; + forced_memzero(&gd, sizeof(gd)); + + wpa_msg(sm->ctx->msg_ctx, MSG_INFO, + "RSN: Group rekeying completed with " MACSTR " [GTK=%s]", + MAC2STR(sm->bssid), wpa_cipher_txt(sm->group_cipher)); + wpa_sm_cancel_auth_timeout(sm); + wpa_sm_set_state(sm, WPA_COMPLETED); + + wpa_sm_set_rekey_offload(sm); + + return; + +failed: + forced_memzero(&gd, sizeof(gd)); + wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); +} + + static int wpa_supplicant_verify_eapol_key_mic(struct wpa_sm *sm, struct wpa_eapol_key *key, u16 ver, @@ -3318,10 +3337,10 @@ static int wpa_sm_rx_eapol_wpa(struct wpa_sm *sm, const u8 *src_addr, } else { if (key_info & WPA_KEY_INFO_MIC) { /* 1/2 Group Key Handshake */ - wpa_supplicant_process_1_of_2(sm, src_addr, key, - key_data, - key_data_len, - ver); + wpa_supplicant_process_1_of_2_wpa(sm, src_addr, key, + key_data, + key_data_len, + ver); } else { wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: EAPOL-Key (Group) without Mic/Encr bit - dropped"); diff --git a/tests/hwsim/test_ap_ft.py b/tests/hwsim/test_ap_ft.py index 4eb838500..48c5b522e 100644 --- a/tests/hwsim/test_ap_ft.py +++ b/tests/hwsim/test_ap_ft.py @@ -1999,7 +1999,7 @@ def test_ap_ft_gtk_rekey(dev, apdev): dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", ieee80211w="1", scan_freq="2412") - ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2) + ev = dev[0].wait_event(["RSN: Group rekeying completed"], timeout=2) if ev is None: raise Exception("GTK rekey timed out after initial association") hwsim_utils.test_connectivity(dev[0], hapd) @@ -2014,7 +2014,7 @@ def test_ap_ft_gtk_rekey(dev, apdev): raise Exception("Did not connect to correct AP") hwsim_utils.test_connectivity(dev[0], hapd1) - ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2) + ev = dev[0].wait_event(["RSN: Group rekeying completed"], timeout=2) if ev is None: raise Exception("GTK rekey timed out after FT protocol") hwsim_utils.test_connectivity(dev[0], hapd1) diff --git a/tests/hwsim/test_ap_psk.py b/tests/hwsim/test_ap_psk.py index fc9f894c2..6df2662d6 100644 --- a/tests/hwsim/test_ap_psk.py +++ b/tests/hwsim/test_ap_psk.py @@ -484,7 +484,7 @@ def test_ap_wpa2_gtk_rekey(dev, apdev): params['wpa_group_rekey'] = '1' hapd = hostapd.add_ap(apdev[0], params) dev[0].connect(ssid, psk=passphrase, scan_freq="2412") - ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2) + ev = dev[0].wait_event(["RSN: Group rekeying completed"], timeout=2) if ev is None: raise Exception("GTK rekey timed out") hwsim_utils.test_connectivity(dev[0], hapd) @@ -498,7 +498,7 @@ def test_ap_wpa2_gtk_rekey_request(dev, apdev): dev[0].connect(ssid, psk=passphrase, scan_freq="2412") if "OK" not in hapd.request("REKEY_GTK"): raise Exception("REKEY_GTK failed") - ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2) + ev = dev[0].wait_event(["RSN: Group rekeying completed"], timeout=2) if ev is None: raise Exception("GTK rekey timed out") hwsim_utils.test_connectivity(dev[0], hapd) @@ -514,7 +514,7 @@ def test_ap_wpa2_gtk_rekey_failure(dev, apdev): if "OK" not in hapd.request("REKEY_GTK"): raise Exception("REKEY_GTK failed") wait_fail_trigger(hapd, "GET_FAIL") - ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2) + ev = dev[0].wait_event(["RSN: Group rekeying completed"], timeout=2) if ev is None: raise Exception("GTK rekey timed out") dev[0].wait_disconnected() @@ -532,7 +532,7 @@ def test_ap_wpa2_gtk_rekey_request(dev, apdev): if "OK" not in dev[i].request("KEY_REQUEST 0 0"): raise Exception("KEY_REQUEST failed") for i in range(3): - ev = dev[i].wait_event(["WPA: Group rekeying completed"], timeout=2) + ev = dev[i].wait_event(["RSN: Group rekeying completed"], timeout=2) if ev is None: raise Exception("GTK rekey timed out") time.sleep(1) @@ -552,16 +552,16 @@ def test_ap_wpa2_gtk_rekey_fail_1_sta(dev, apdev): dev[1].connect(ssid, psk=passphrase, scan_freq="2412") dev[2].connect(ssid, psk=passphrase, scan_freq="2412") - ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=7) + ev = dev[0].wait_event(["RSN: Group rekeying completed"], timeout=7) if ev is None: raise Exception("GTK rekey timed out [0]") - ev = dev[2].wait_event(["WPA: Group rekeying completed"], timeout=1) + ev = dev[2].wait_event(["RSN: Group rekeying completed"], timeout=1) if ev is None: raise Exception("GTK rekey timed out [2]") disconnected = False for i in range(10): - ev = dev[1].wait_event(["WPA: Group rekeying completed", + ev = dev[1].wait_event(["RSN: Group rekeying completed", "CTRL-EVENT-DISCONNECTED"], timeout=10) if ev is None: raise Exception("GTK rekey timed out [1]") @@ -609,7 +609,7 @@ def test_ap_wpa2_gmk_rekey(dev, apdev): hapd = hostapd.add_ap(apdev[0], params) dev[0].connect(ssid, psk=passphrase, scan_freq="2412") for i in range(0, 3): - ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2) + ev = dev[0].wait_event(["RSN: Group rekeying completed"], timeout=2) if ev is None: raise Exception("GTK rekey timed out") hwsim_utils.test_connectivity(dev[0], hapd) @@ -625,7 +625,7 @@ def test_ap_wpa2_strict_rekey(dev, apdev): dev[0].connect(ssid, psk=passphrase, scan_freq="2412") dev[1].connect(ssid, psk=passphrase, scan_freq="2412") dev[1].request("DISCONNECT") - ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2) + ev = dev[0].wait_event(["RSN: Group rekeying completed"], timeout=2) if ev is None: raise Exception("GTK rekey timed out") hwsim_utils.test_connectivity(dev[0], hapd) @@ -2150,7 +2150,7 @@ def test_ap_wpa2_psk_supp_proto_unexpected_group_msg(dev, apdev): key_info=0x13c2) counter += 1 send_eapol(dev[0], bssid, build_eapol(msg)) - ev = dev[0].wait_event(["WPA: Group Key Handshake started prior to completion of 4-way handshake"]) + ev = dev[0].wait_event(["RSN: Group Key Handshake started prior to completion of 4-way handshake"]) if ev is None: raise Exception("Unexpected group key message not reported") dev[0].wait_disconnected(timeout=1) @@ -2304,7 +2304,7 @@ def test_ap_wpa2_psk_supp_proto_gtk_keyidx_0_and_3(dev, apdev): counter += 1 send_eapol(dev[0], bssid, build_eapol(msg)) msg = recv_eapol(dev[0]) - ev = dev[0].wait_event(["WPA: Group rekeying completed"]) + ev = dev[0].wait_event(["RSN: Group rekeying completed"]) if ev is None: raise Exception("GTK rekeing not reported") @@ -2315,7 +2315,7 @@ def test_ap_wpa2_psk_supp_proto_gtk_keyidx_0_and_3(dev, apdev): key_info=0x03c2) counter += 1 send_eapol(dev[0], bssid, build_eapol(msg)) - ev = dev[0].wait_event(["WPA: GTK IE in unencrypted key data"]) + ev = dev[0].wait_event(["RSN: GTK KDE in unencrypted key data"]) if ev is None: raise Exception("Unencrypted GTK KDE not reported") dev[0].wait_disconnected(timeout=1) @@ -2356,7 +2356,7 @@ def test_ap_wpa2_psk_supp_proto_no_gtk_in_group_msg(dev, apdev): key_info=0x13c2) counter += 1 send_eapol(dev[0], bssid, build_eapol(msg)) - ev = dev[0].wait_event(["WPA: No GTK IE in Group Key msg 1/2"]) + ev = dev[0].wait_event(["RSN: No GTK KDE in Group Key msg 1/2"]) if ev is None: raise Exception("Missing GTK KDE not reported") dev[0].wait_disconnected(timeout=1) @@ -3212,7 +3212,7 @@ def test_ap_wpa2_disable_eapol_retry_group(dev, apdev): dev[1].request("DISCONNECT") dev[1].wait_disconnected() - ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2) + ev = dev[0].wait_event(["RSN: Group rekeying completed"], timeout=2) if ev is None: raise Exception("GTK rekey timed out") dev[1].request("RECONNECT") diff --git a/tests/hwsim/test_fils.py b/tests/hwsim/test_fils.py index e03b81326..f7daf1907 100644 --- a/tests/hwsim/test_fils.py +++ b/tests/hwsim/test_fils.py @@ -61,7 +61,7 @@ def test_fils_sk_full_auth(dev, apdev, params): erp="1", scan_freq="2412") hwsim_utils.test_connectivity(dev[0], hapd) - ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2) + ev = dev[0].wait_event(["RSN: Group rekeying completed"], timeout=2) if ev is None: raise Exception("GTK rekey timed out") hwsim_utils.test_connectivity(dev[0], hapd) @@ -110,7 +110,7 @@ def test_fils_sk_sha384_full_auth(dev, apdev, params): erp="1", scan_freq="2412") hwsim_utils.test_connectivity(dev[0], hapd) - ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2) + ev = dev[0].wait_event(["RSN: Group rekeying completed"], timeout=2) if ev is None: raise Exception("GTK rekey timed out") hwsim_utils.test_connectivity(dev[0], hapd) @@ -1697,7 +1697,7 @@ def setup_fils_rekey(dev, apdev, params, wpa_ptk_rekey=0, wpa_group_rekey=0, def test_fils_auth_gtk_rekey(dev, apdev, params): """GTK rekeying after FILS authentication""" hapd = setup_fils_rekey(dev, apdev, params, wpa_group_rekey=1) - ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2) + ev = dev[0].wait_event(["RSN: Group rekeying completed"], timeout=2) if ev is None: raise Exception("GTK rekey timed out") hwsim_utils.test_connectivity(dev[0], hapd) diff --git a/tests/hwsim/test_ibss.py b/tests/hwsim/test_ibss.py index 29ebd8129..f2b3e7006 100644 --- a/tests/hwsim/test_ibss.py +++ b/tests/hwsim/test_ibss.py @@ -182,7 +182,7 @@ def test_ibss_rsn_group_rekey(dev): dev[1].dump_monitor() hwsim_utils.test_connectivity(dev[0], dev[1]) - ev = dev[1].wait_event(["WPA: Group rekeying completed"], timeout=10) + ev = dev[1].wait_event(["RSN: Group rekeying completed"], timeout=10) if ev is None: raise Exception("No group rekeying reported") hwsim_utils.test_connectivity(dev[0], dev[1]) diff --git a/tests/hwsim/test_sigma_dut.py b/tests/hwsim/test_sigma_dut.py index d2b6fb99b..100993cf6 100644 --- a/tests/hwsim/test_sigma_dut.py +++ b/tests/hwsim/test_sigma_dut.py @@ -6054,7 +6054,7 @@ def test_sigma_dut_gtk_rekey(dev, apdev): dev[0].dump_monitor() sigma_dut_cmd_check("dev_exec_action,interface,%s,program,WPA3,KeyRotation,1" % ifname) - ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=5) + ev = dev[0].wait_event(["RSN: Group rekeying completed"], timeout=5) if ev is None: raise Exception("GTK rekeying not seen") @@ -6081,7 +6081,7 @@ def test_sigma_dut_ap_gtk_rekey(dev, apdev, params): sigma_dut_cmd_check("dev_exec_action,name,AP,interface,%s,program,WPA3,KeyRotation,1" % iface) - ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=5) + ev = dev[0].wait_event(["RSN: Group rekeying completed"], timeout=5) if ev is None: raise Exception("GTK rekeying not seen") diff --git a/tests/hwsim/test_wnm.py b/tests/hwsim/test_wnm.py index 5e28c683f..54e7354e9 100644 --- a/tests/hwsim/test_wnm.py +++ b/tests/hwsim/test_wnm.py @@ -227,7 +227,7 @@ def check_wnm_sleep_mode_enter_exit(hapd, dev, interval=None, tfs_req=None, time.sleep(0.1) if "OK" not in hapd.request("REKEY_GTK"): raise Exception("REKEY_GTK failed") - ev = dev.wait_event(["WPA: Group rekeying completed"], timeout=0.1) + ev = dev.wait_event(["RSN: Group rekeying completed"], timeout=0.1) if ev is not None: raise Exception("Unexpected report of GTK rekey during WNM-Sleep Mode") @@ -247,7 +247,7 @@ def check_wnm_sleep_mode_enter_exit(hapd, dev, interval=None, tfs_req=None, time.sleep(0.1) if "OK" not in hapd.request("REKEY_GTK"): raise Exception("REKEY_GTK failed") - ev = dev.wait_event(["WPA: Group rekeying completed"], timeout=2) + ev = dev.wait_event(["RSN: Group rekeying completed"], timeout=2) if ev is None: raise Exception("GTK rekey timed out")