def test_ap_acs_errors(dev, apdev):
"""Automatic channel selection failures"""
clear_scan_cache(apdev[0])
force_prev_ap_on_24g(apdev[0])
params = hostapd.wpa2_params(ssid="test-acs", passphrase="12345678")
params['channel'] = '0'
params['acs_num_scans'] = '2'
params['chanlist'] = '1'
hapd = hostapd.add_ap(apdev[0], params, no_enable=True)
with alloc_fail(hapd, 1, "acs_request_scan"):
if "FAIL" not in hapd.request("ENABLE"):
raise Exception("Unexpected success for ENABLE")
hapd.dump_monitor()
with fail_test(hapd, 1, "acs_request_scan"):
if "FAIL" not in hapd.request("ENABLE"):
raise Exception("Unexpected success for ENABLE")
hapd.dump_monitor()
with fail_test(hapd, 1, "acs_scan_complete"):
hapd.enable()
ev = hapd.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=10)
if not ev:
raise Exception("ACS start timed out")
hapd.dump_monitor()
with fail_test(hapd, 1, "acs_request_scan;acs_scan_complete"):
hapd.enable()
ev = hapd.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=10)
if not ev:
raise Exception("ACS start timed out")
def test_ap_ft_oom(dev, apdev):
"""WPA2-PSK-FT and OOM"""
skip_with_fips(dev[0])
ssid = "test-ft"
passphrase="12345678"
params = ft_params1(ssid=ssid, passphrase=passphrase)
hapd0 = hostapd.add_ap(apdev[0], params)
params = ft_params2(ssid=ssid, passphrase=passphrase)
hapd1 = hostapd.add_ap(apdev[1], params)
dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2",
scan_freq="2412")
if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
dst = apdev[1]['bssid']
else:
dst = apdev[0]['bssid']
dev[0].scan_for_bss(dst, freq="2412")
with alloc_fail(dev[0], 1, "wpa_ft_gen_req_ies"):
dev[0].roam(dst)
with fail_test(dev[0], 1, "wpa_ft_mic"):
dev[0].roam(dst, fail_test=True)
with fail_test(dev[0], 1, "os_get_random;wpa_ft_prepare_auth_request"):
dev[0].roam(dst, fail_test=True)
def test_nfc_wps_password_token_ap(dev, apdev):
"""WPS registrar configuring an AP using AP password token"""
ssid = "test-wps-nfc-pw-token-init"
hapd = hostapd.add_ap(apdev[0],
{ "ssid": ssid, "eap_server": "1", "wps_state": "1" })
logger.info("WPS configuration step")
pw = hapd.request("WPS_NFC_TOKEN NDEF").rstrip()
if "FAIL" in pw:
raise Exception("Failed to generate password token")
res = hapd.request("WPS_NFC_TOKEN enable")
if "FAIL" in pw:
raise Exception("Failed to enable AP password token")
res = dev[0].request("WPS_NFC_TAG_READ " + pw)
if "FAIL" in res:
raise Exception("Failed to provide NFC tag contents to wpa_supplicant")
dev[0].dump_monitor()
new_ssid = "test-wps-nfc-pw-token-new-ssid"
new_passphrase = "1234567890"
res = dev[0].request("WPS_REG " + apdev[0]['bssid'] + " nfc-pw " + new_ssid.encode("hex") + " WPA2PSK CCMP " + new_passphrase.encode("hex"))
if "FAIL" in res:
raise Exception("Failed to start Registrar using NFC password token")
dev[0].wait_connected(timeout=30)
check_wpa2_connection(dev[0], apdev[0], hapd, new_ssid, mixed=True)
if "FAIL" in hapd.request("WPS_NFC_TOKEN disable"):
raise Exception("Failed to disable AP password token")
if "FAIL" in hapd.request("WPS_NFC_TOKEN WPS"):
raise Exception("Unexpected WPS_NFC_TOKEN WPS failure")
with fail_test(hapd, 1, "os_get_random;wps_nfc_token_gen"):
if "FAIL" not in hapd.request("WPS_NFC_TOKEN WPS"):
raise Exception("Unexpected WPS_NFC_TOKEN success")
with fail_test(hapd, 2, "os_get_random;wps_nfc_token_gen"):
if "FAIL" not in hapd.request("WPS_NFC_TOKEN WPS"):
raise Exception("Unexpected WPS_NFC_TOKEN success")
def test_ap_open_drv_fail(dev, apdev):
"""AP with open mode and driver operations failing"""
hapd = hostapd.add_ap(apdev[0], { "ssid": "open" })
with fail_test(dev[0], 1, "wpa_driver_nl80211_authenticate"):
dev[0].connect("open", key_mgmt="NONE", scan_freq="2412",
wait_connect=False)
wait_fail_trigger(dev[0], "GET_FAIL")
dev[0].request("REMOVE_NETWORK all")
with fail_test(dev[0], 1, "wpa_driver_nl80211_associate"):
dev[0].connect("open", key_mgmt="NONE", scan_freq="2412",
wait_connect=False)
wait_fail_trigger(dev[0], "GET_FAIL")
dev[0].request("REMOVE_NETWORK all")
def test_ap_bss_load_fail(dev, apdev):
"""BSS Load update failing to get survey data"""
hapd = hostapd.add_ap(apdev[0],
{ "ssid": "open",
"bss_load_update_period": "1" })
with fail_test(hapd, 1, "wpa_driver_nl80211_get_survey"):
wait_fail_trigger(hapd, "GET_FAIL")
def test_ap_qosmap_invalid(dev, apdev):
"""QoS mapping ctrl_iface error handling"""
ssid = "test-qosmap"
params = { "ssid": ssid }
hapd = hostapd.add_ap(apdev[0], params)
if "FAIL" not in hapd.request("SEND_QOS_MAP_CONF 00:11:22:33:44:55"):
raise Exception("Unexpected SEND_QOS_MAP_CONF success")
if "FAIL" not in hapd.request("SET_QOS_MAP_SET "):
raise Exception("Unexpected SET_QOS_MAP_SET success")
if "FAIL" not in hapd.request("SET_QOS_MAP_SET 1,2,3"):
raise Exception("Unexpected SET_QOS_MAP_SET success")
if "FAIL" not in hapd.request("SET_QOS_MAP_SET 1,-2,3"):
raise Exception("Unexpected SET_QOS_MAP_SET success")
if "FAIL" not in hapd.request("SET_QOS_MAP_SET 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59"):
raise Exception("Unexpected SET_QOS_MAP_SET success")
if "FAIL" not in hapd.request("SET_QOS_MAP_SET 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21"):
raise Exception("Unexpected SET_QOS_MAP_SET success")
if "FAIL" in hapd.request("SET_QOS_MAP_SET 22,6,8,15,0,7,255,255,16,31,32,39,255,255,40,47,48,55"):
raise Exception("Unexpected SET_QOS_MAP_SET failure")
if "FAIL" not in hapd.request("SEND_QOS_MAP_CONF 00:11:22:33:44:55"):
raise Exception("Unexpected SEND_QOS_MAP_CONF success")
if "FAIL" not in hapd.request("SEND_QOS_MAP_CONF 00:11:22:33:44"):
raise Exception("Unexpected SEND_QOS_MAP_CONF success")
with fail_test(hapd, 1, "hostapd_ctrl_iface_set_qos_map_set"):
if "FAIL" not in hapd.request("SET_QOS_MAP_SET 22,6,8,15,0,7,255,255,16,31,32,39,255,255,40,47,48,55"):
raise Exception("SET_QOS_MAP_SET accepted during forced driver failure")
dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412")
with alloc_fail(hapd, 1,
"wpabuf_alloc;hostapd_ctrl_iface_send_qos_map_conf"):
if "FAIL" not in hapd.request("SEND_QOS_MAP_CONF " + dev[0].own_addr()):
raise Exception("SEND_QOS_MAP_CONF accepted during OOM")
def test_bgscan_learn_driver_conf_failure(dev, apdev):
"""bgscan_learn driver configuration failure"""
hapd = hostapd.add_ap(apdev[0], {"ssid": "bgscan"})
with fail_test(dev[0], 1, "bgscan_learn_init"):
dev[0].connect("bgscan", key_mgmt="NONE", scan_freq="2412",
bgscan="learn:1:-20:2")
def test_tnc_peap_soh_errors(dev, apdev):
"""TNC PEAP-SoH local error cases"""
params = int_eap_server_params()
params["tnc"] = "1"
hostapd.add_ap(apdev[0], params)
tests = [ (1, "tncc_build_soh"),
(1, "eap_msg_alloc;=eap_peap_phase2_request") ]
for count, func in tests:
with alloc_fail(dev[0], count, func):
dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
eap="PEAP", identity="user", password="******",
ca_cert="auth_serv/ca.pem",
phase1="peapver=0 tnc=soh cryptobinding=0",
phase2="auth=MSCHAPV2",
scan_freq="2412", wait_connect=False)
wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
with fail_test(dev[0], 1, "os_get_random;tncc_build_soh"):
dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
eap="PEAP", identity="user", password="******",
ca_cert="auth_serv/ca.pem",
phase1="peapver=0 tnc=soh cryptobinding=0",
phase2="auth=MSCHAPV2",
scan_freq="2412", wait_connect=False)
wait_fail_trigger(dev[0], "GET_FAIL")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
def test_hapd_ctrl_update_beacon(dev, apdev):
"""hostapd and UPDATE_BEACON"""
ssid = "hapd-ctrl"
params = {"ssid": ssid}
hapd = hostapd.add_ap(apdev[0], params)
if "OK" not in hapd.request("UPDATE_BEACON"):
raise Exception("UPDATE_BEACON failed")
with fail_test(hapd, 1, "ieee802_11_set_beacon"):
if "FAIL" not in hapd.request("UPDATE_BEACON"):
raise Exception("UPDATE_BEACON succeeded unexpectedly")
dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412")
def test_tspec_ap_fail(dev, apdev):
"""AP failing to send tspec response"""
# configure ap with VO and VI requiring admission-control
hapd = add_wmm_ap(apdev[0], ["VO", "VI"])
dev[0].connect("wmm_ac", key_mgmt="NONE", scan_freq="2462")
tsid = 5
with fail_test(hapd, 1, "wmm_send_action"):
try:
# add tspec for UP=6
dev[0].add_ts(tsid, 6)
except:
pass
def test_sae_pwe_failure(dev, apdev):
"""SAE and pwe failure"""
if "SAE" not in dev[0].get_capability("auth_alg"):
raise HwsimSkip("SAE not supported")
params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678")
params['wpa_key_mgmt'] = 'SAE'
params['sae_groups'] = '19 5'
hapd = hostapd.add_ap(apdev[0], params)
dev[0].request("SET sae_groups 19")
with fail_test(dev[0], 1, "hmac_sha256_vector;sae_derive_pwe_ecc"):
dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
scan_freq="2412")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
with fail_test(dev[0], 1, "sae_test_pwd_seed_ecc"):
dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
scan_freq="2412")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
dev[0].request("SET sae_groups 5")
with fail_test(dev[0], 1, "hmac_sha256_vector;sae_derive_pwe_ffc"):
dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
scan_freq="2412")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
dev[0].request("SET sae_groups 5")
with fail_test(dev[0], 1, "sae_test_pwd_seed_ffc"):
dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
scan_freq="2412")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
with fail_test(dev[0], 2, "sae_test_pwd_seed_ffc"):
dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
scan_freq="2412")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
def test_ap_pmf_sta_sa_query_local_failure(dev, apdev):
"""WPA2-PSK AP with station using SA Query (local failure)"""
ssid = "assoc-comeback"
addr = dev[0].own_addr()
wpas = start_wpas_ap(ssid)
dev[0].connect(ssid, psk="12345678", ieee80211w="1",
key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
scan_freq="2412")
with fail_test(dev[0], 1, "os_get_random;sme_sa_query_timer"):
wpas.request("DEAUTHENTICATE " + addr + " reason=6 test=0")
wait_fail_trigger(dev[0], "GET_FAIL")
dev[0].request("DISCONNECT")
wpas.request("DISCONNECT")
dev[0].wait_disconnected()
def test_suite_b_192_pmkid_failure(dev, apdev):
"""WPA2/GCMP-256 connection at Suite B 192-bit level and PMKID derivation failure"""
check_suite_b_192_capa(dev)
dev[0].flush_scan_cache()
params = suite_b_192_ap_params()
hapd = hostapd.add_ap(apdev[0], params)
with fail_test(dev[0], 1, "rsn_pmkid_suite_b"):
dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
ieee80211w="2",
openssl_ciphers="SUITEB192",
eap="TLS", identity="tls user",
ca_cert="auth_serv/ec2-ca.pem",
client_cert="auth_serv/ec2-user.pem",
private_key="auth_serv/ec2-user.key",
pairwise="GCMP-256", group="GCMP-256", scan_freq="2412")
def test_suite_b_mic_failure(dev, apdev):
"""WPA2/GCMP connection at Suite B 128-bit level and MIC derivation failure"""
check_suite_b_capa(dev)
dev[0].flush_scan_cache()
params = suite_b_ap_params()
hapd = hostapd.add_ap(apdev[0], params)
with fail_test(dev[0], 1, "wpa_eapol_key_mic"):
dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B",
ieee80211w="2",
openssl_ciphers="SUITEB128",
eap="TLS", identity="tls user",
ca_cert="auth_serv/ec-ca.pem",
client_cert="auth_serv/ec-user.pem",
private_key="auth_serv/ec-user.key",
pairwise="GCMP", group="GCMP", scan_freq="2412",
wait_connect=False)
dev[0].wait_disconnected()
def test_sae_no_random(dev, apdev):
"""SAE and no random numbers available"""
if "SAE" not in dev[0].get_capability("auth_alg"):
raise HwsimSkip("SAE not supported")
params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678")
params['wpa_key_mgmt'] = 'SAE'
hapd = hostapd.add_ap(apdev[0], params)
dev[0].request("SET sae_groups ")
tests = [ (1, "os_get_random;sae_get_rand"),
(1, "os_get_random;get_rand_1_to_p_1"),
(1, "os_get_random;get_random_qr_qnr"),
(1, "os_get_random;sae_derive_pwe_ecc") ]
for count, func in tests:
with fail_test(dev[0], count, func):
dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
scan_freq="2412")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
def test_mbo_failures(dev, apdev):
"""MBO failure cases"""
ssid = "test-wnm-mbo"
params = { 'ssid': ssid, 'mbo': '1' }
hapd = hostapd.add_ap(apdev[0], params)
with alloc_fail(dev[0], 1, "wpas_mbo_ie"):
dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412")
with alloc_fail(dev[0], 1, "wpas_mbo_send_wnm_notification"):
if "OK" not in dev[0].request("SET mbo_cell_capa 1"):
raise Exception("Failed to set STA as cellular data capable")
with fail_test(dev[0], 1, "wpas_mbo_send_wnm_notification"):
if "OK" not in dev[0].request("SET mbo_cell_capa 3"):
raise Exception("Failed to set STA as cellular data not-capable")
with alloc_fail(dev[0], 1, "wpas_mbo_update_non_pref_chan"):
if "FAIL" not in dev[0].request("SET non_pref_chan 81:7:200:3"):
raise Exception("non_pref_chan value accepted during OOM")
with alloc_fail(dev[0], 2, "wpas_mbo_update_non_pref_chan"):
if "FAIL" not in dev[0].request("SET non_pref_chan 81:7:200:3"):
raise Exception("non_pref_chan value accepted during OOM")
def _test_scan_ap_scan_2_ap_mode(dev, apdev):
if "OK" not in dev[0].request("AP_SCAN 2"):
raise Exception("Failed to set AP_SCAN 2")
id = dev[0].add_network()
dev[0].set_network(id, "mode", "2")
dev[0].set_network_quoted(id, "ssid", "wpas-ap-open")
dev[0].set_network(id, "key_mgmt", "NONE")
dev[0].set_network(id, "frequency", "2412")
dev[0].set_network(id, "scan_freq", "2412")
dev[0].set_network(id, "disabled", "0")
dev[0].select_network(id)
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=5)
if ev is None:
raise Exception("AP failed to start")
with fail_test(dev[0], 1, "wpa_driver_nl80211_scan"):
if "OK" not in dev[0].request("SCAN freq=2412"):
raise Exception("SCAN command failed unexpectedly")
ev = dev[0].wait_event(["CTRL-EVENT-SCAN-FAILED",
"AP-DISABLED"], timeout=5)
if ev is None:
raise Exception("CTRL-EVENT-SCAN-FAILED not seen")
if "AP-DISABLED" in ev:
raise Exception("Unexpected AP-DISABLED event")
if "retry=1" in ev:
# Wait for the retry to scan happen
ev = dev[0].wait_event(["CTRL-EVENT-SCAN-FAILED",
"AP-DISABLED"], timeout=5)
if ev is None:
raise Exception("CTRL-EVENT-SCAN-FAILED not seen - retry")
if "AP-DISABLED" in ev:
raise Exception("Unexpected AP-DISABLED event - retry")
dev[1].connect("wpas-ap-open", key_mgmt="NONE", scan_freq="2412")
dev[1].request("DISCONNECT")
dev[1].wait_disconnected()
dev[0].request("DISCONNECT")
dev[0].wait_disconnected()
def test_ap_config_set_oom(dev, apdev):
"""hostapd configuration parsing OOM"""
hapd = hostapd.add_ap(apdev[0], { "ssid": "foobar" })
tests = [ (1, "hostapd_parse_das_client",
"SET radius_das_client 192.168.1.123 pw"),
(1, "hostapd_config_read_wep", "SET wep_key0 \"hello\""),
(1, "hostapd_config_read_wep", "SET wep_key0 0102030405"),
(1, "hostapd_parse_chanlist", "SET chanlist 1 6 11-13"),
(1, "hostapd_config_bss", "SET bss foo"),
(2, "hostapd_config_bss", "SET bss foo"),
(3, "hostapd_config_bss", "SET bss foo"),
(1, "add_r0kh",
"SET r0kh 02:01:02:03:04:05 r0kh-1.example.com 000102030405060708090a0b0c0d0e0f"),
(1, "add_r1kh",
"SET r1kh 02:01:02:03:04:05 02:11:22:33:44:55 000102030405060708090a0b0c0d0e0f"),
(1, "parse_roaming_consortium", "SET roaming_consortium 021122"),
(1, "parse_lang_string", "SET venue_name eng:Example venue"),
(1, "parse_3gpp_cell_net",
"SET anqp_3gpp_cell_net 244,91;310,026;234,56"),
(1, "parse_nai_realm", "SET nai_realm 0,example.com;example.net"),
(2, "parse_nai_realm", "SET nai_realm 0,example.com;example.net"),
(1, "parse_anqp_elem", "SET anqp_elem 265:0000"),
(2, "parse_anqp_elem", "SET anqp_elem 266:000000"),
(1, "hs20_parse_conn_capab", "SET hs20_conn_capab 1:0:2"),
(1, "hs20_parse_wan_metrics",
"SET hs20_wan_metrics 01:8000:1000:80:240:3000"),
(1, "hs20_parse_icon",
"SET hs20_icon 32:32:eng:image/png:icon32:/tmp/icon32.png"),
(1, "hs20_parse_osu_server_uri",
"SET osu_server_uri https://example.com/osu/"),
(1, "hostapd_config_parse_acs_chan_bias",
"SET acs_chan_bias 1:0.8 6:0.8 11:0.8"),
(2, "hostapd_config_parse_acs_chan_bias",
"SET acs_chan_bias 1:0.8 6:0.8 11:0.8"),
(1, "parse_wpabuf_hex", "SET vendor_elements 01020304"),
(1, "parse_fils_realm", "SET fils_realm example.com"),
(1, "hostapd_config_fill",
"SET pac_opaque_encr_key 000102030405060708090a0b0c0d0e0f"),
(1, "hostapd_config_fill", "SET eap_message hello"),
(1, "hostapd_config_fill",
"SET wpa_psk 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"),
(1, "hostapd_config_fill", "SET time_zone EST5"),
(1, "hostapd_config_fill",
"SET network_auth_type 02http://www.example.com/redirect/"),
(1, "hostapd_config_fill", "SET domain_name example.com"),
(1, "hostapd_config_fill", "SET hs20_operating_class 5173"),
(1, "hostapd_config_fill", "SET own_ie_override 11223344"),
(1, "hostapd_parse_intlist", "SET sae_groups 19 25"),
(1, "hostapd_parse_intlist", "SET basic_rates 10 20 55 110"),
(1, "hostapd_parse_intlist", "SET supported_rates 10 20 55 110") ]
for count, func, cmd in tests:
with alloc_fail(hapd, count, func):
if "FAIL" not in hapd.request(cmd):
raise Exception("Command accepted during OOM: " + cmd)
hapd.set("hs20_icon", "32:32:eng:image/png:icon32:/tmp/icon32.png")
hapd.set("hs20_conn_capab", "1:0:2")
hapd.set("nai_realm", "0,example.com;example.net")
hapd.set("venue_name", "eng:Example venue")
hapd.set("roaming_consortium", "021122")
hapd.set("osu_server_uri", "https://example.com/osu/")
hapd.set("vendor_elements", "01020304")
hapd.set("vendor_elements", "01020304")
hapd.set("vendor_elements", "")
hapd.set("lci", "11223344")
hapd.set("civic", "11223344")
hapd.set("lci", "")
hapd.set("civic", "")
tests = [ (1, "hs20_parse_icon",
"SET hs20_icon 32:32:eng:image/png:icon32:/tmp/icon32.png"),
(1, "parse_roaming_consortium", "SET roaming_consortium 021122"),
(2, "parse_nai_realm", "SET nai_realm 0,example.com;example.net"),
(1, "parse_lang_string", "SET venue_name eng:Example venue"),
(1, "hs20_parse_osu_server_uri",
"SET osu_server_uri https://example.com/osu/"),
(1, "hs20_parse_osu_nai", "SET osu_nai [email protected]"),
(1, "hostapd_parse_intlist", "SET osu_method_list 1 0"),
(1, "hs20_parse_osu_icon", "SET osu_icon icon32"),
(2, "hs20_parse_osu_icon", "SET osu_icon icon32"),
(2, "hs20_parse_osu_icon", "SET osu_icon icon32"),
(1, "hs20_parse_conn_capab", "SET hs20_conn_capab 1:0:2") ]
for count, func, cmd in tests:
with alloc_fail(hapd, count, func):
if "FAIL" not in hapd.request(cmd):
raise Exception("Command accepted during OOM (2): " + cmd)
tests = [ (1, "parse_fils_realm", "SET fils_realm example.com") ]
for count, func, cmd in tests:
with fail_test(hapd, count, func):
if "FAIL" not in hapd.request(cmd):
raise Exception("Command accepted during FAIL_TEST: " + cmd)
def test_scan_fail(dev, apdev):
"""Scan failures"""
with fail_test(dev[0], 1, "wpa_driver_nl80211_scan"):
dev[0].request("DISCONNECT")
if "OK" not in dev[0].request("SCAN freq=2412"):
raise Exception("SCAN failed")
ev = dev[0].wait_event(["CTRL-EVENT-SCAN-FAILED"], timeout=5)
if ev is None:
raise Exception("Did not see scan failure event")
dev[0].dump_monitor()
for i in range(1, 5):
with alloc_fail(dev[0], i,
"wpa_scan_clone_params;wpa_supplicant_trigger_scan"):
if "OK" not in dev[0].request("SCAN ssid 112233 freq=2412"):
raise Exception("SCAN failed")
ev = dev[0].wait_event(["CTRL-EVENT-SCAN-FAILED"], timeout=5)
if ev is None:
raise Exception("Did not see scan failure event")
dev[0].dump_monitor()
with alloc_fail(dev[0], 1, "radio_add_work;wpa_supplicant_trigger_scan"):
if "OK" not in dev[0].request("SCAN freq=2412"):
raise Exception("SCAN failed")
ev = dev[0].wait_event(["CTRL-EVENT-SCAN-FAILED"], timeout=5)
if ev is None:
raise Exception("Did not see scan failure event")
dev[0].dump_monitor()
try:
if "OK" not in dev[0].request("SET filter_ssids 1"):
raise Exception("SET failed")
id = dev[0].connect("test-scan",
key_mgmt="NONE",
only_add_network=True)
with alloc_fail(dev[0], 1, "wpa_supplicant_build_filter_ssids"):
# While the filter list cannot be created due to memory allocation
# failure, this scan is expected to be completed without SSID
# filtering.
if "OK" not in dev[0].request("SCAN freq=2412"):
raise Exception("SCAN failed")
ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"])
if ev is None:
raise Exception("Scan did not complete")
dev[0].remove_network(id)
finally:
dev[0].request("SET filter_ssids 0")
dev[0].dump_monitor()
with alloc_fail(dev[0], 1, "nl80211_get_scan_results"):
if "OK" not in dev[0].request("SCAN freq=2412"):
raise Exception("SCAN failed")
ev = dev[0].wait_event(["CTRL-EVENT-SCAN-STARTED"], timeout=5)
if ev is None:
raise Exception("Did not see scan started event")
wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
dev[0].dump_monitor()
try:
if "OK" not in dev[0].request("SET setband 2G"):
raise Exception("SET setband failed")
with alloc_fail(dev[0], 1, "=wpa_setband_scan_freqs_list"):
# While the frequency list cannot be created due to memory
# allocation failure, this scan is expected to be completed without
# frequency filtering.
if "OK" not in dev[0].request("SCAN"):
raise Exception("SCAN failed")
wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
dev[0].request("ABORT_SCAN")
ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"])
if ev is None:
raise Exception("Scan did not complete")
finally:
dev[0].request("SET setband AUTO")
dev[0].dump_monitor()
wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
wpas.interface_add("wlan5")
wpas.request("SET preassoc_mac_addr 1")
with fail_test(wpas, 1, "nl80211_set_mac_addr;wpas_trigger_scan_cb"):
if "OK" not in wpas.request("SCAN freq=2412"):
raise Exception("SCAN failed")
ev = wpas.wait_event(["CTRL-EVENT-SCAN-FAILED"], timeout=5)
if ev is None:
raise Exception("Did not see scan failure event")
wpas.request("SET preassoc_mac_addr 0")
wpas.dump_monitor()
hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
with alloc_fail(dev[0], 1, "wpa_bss_add"):
dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
def test_sae_bignum_failure(dev, apdev):
"""SAE and bignum failure"""
if "SAE" not in dev[0].get_capability("auth_alg"):
raise HwsimSkip("SAE not supported")
params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678")
params['wpa_key_mgmt'] = 'SAE'
params['sae_groups'] = '19 5 22'
hapd = hostapd.add_ap(apdev[0], params)
dev[0].request("SET sae_groups 19")
tests = [ (1, "crypto_bignum_init_set;get_rand_1_to_p_1"),
(1, "crypto_bignum_init;is_quadratic_residue_blind"),
(1, "crypto_bignum_mulmod;is_quadratic_residue_blind"),
(2, "crypto_bignum_mulmod;is_quadratic_residue_blind"),
(3, "crypto_bignum_mulmod;is_quadratic_residue_blind"),
(1, "crypto_bignum_legendre;is_quadratic_residue_blind"),
(1, "crypto_bignum_init_set;sae_test_pwd_seed_ecc"),
(1, "crypto_ec_point_compute_y_sqr;sae_test_pwd_seed_ecc"),
(1, "crypto_bignum_init_set;get_random_qr_qnr"),
(1, "crypto_bignum_to_bin;sae_derive_pwe_ecc"),
(1, "crypto_ec_point_init;sae_derive_pwe_ecc"),
(1, "crypto_ec_point_solve_y_coord;sae_derive_pwe_ecc"),
(1, "crypto_ec_point_init;sae_derive_commit_element_ecc"),
(1, "crypto_ec_point_mul;sae_derive_commit_element_ecc"),
(1, "crypto_ec_point_invert;sae_derive_commit_element_ecc"),
(1, "crypto_bignum_init;=sae_derive_commit"),
(1, "crypto_ec_point_init;sae_derive_k_ecc"),
(1, "crypto_ec_point_mul;sae_derive_k_ecc"),
(1, "crypto_ec_point_add;sae_derive_k_ecc"),
(2, "crypto_ec_point_mul;sae_derive_k_ecc"),
(1, "crypto_ec_point_to_bin;sae_derive_k_ecc"),
(1, "crypto_bignum_legendre;get_random_qr_qnr"),
(1, "sha256_prf;sae_derive_keys"),
(1, "crypto_bignum_init;sae_derive_keys"),
(1, "crypto_bignum_init_set;sae_parse_commit_scalar"),
(1, "crypto_bignum_to_bin;sae_parse_commit_element_ecc"),
(1, "crypto_ec_point_from_bin;sae_parse_commit_element_ecc") ]
for count, func in tests:
with fail_test(dev[0], count, func):
dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
scan_freq="2412", wait_connect=False)
wait_fail_trigger(dev[0], "GET_FAIL")
dev[0].request("REMOVE_NETWORK all")
dev[0].request("SET sae_groups 5")
tests = [ (1, "crypto_bignum_init_set;sae_set_group"),
(2, "crypto_bignum_init_set;sae_set_group"),
(1, "crypto_bignum_init_set;sae_get_rand"),
(1, "crypto_bignum_init_set;sae_test_pwd_seed_ffc"),
(1, "crypto_bignum_exptmod;sae_test_pwd_seed_ffc"),
(1, "crypto_bignum_init;sae_derive_pwe_ffc"),
(1, "crypto_bignum_init;sae_derive_commit_element_ffc"),
(1, "crypto_bignum_exptmod;sae_derive_commit_element_ffc"),
(1, "crypto_bignum_inverse;sae_derive_commit_element_ffc"),
(1, "crypto_bignum_init;sae_derive_k_ffc"),
(1, "crypto_bignum_exptmod;sae_derive_k_ffc"),
(1, "crypto_bignum_mulmod;sae_derive_k_ffc"),
(2, "crypto_bignum_exptmod;sae_derive_k_ffc"),
(1, "crypto_bignum_to_bin;sae_derive_k_ffc"),
(1, "crypto_bignum_init_set;sae_parse_commit_element_ffc"),
(1, "crypto_bignum_init;sae_parse_commit_element_ffc"),
(2, "crypto_bignum_init_set;sae_parse_commit_element_ffc"),
(1, "crypto_bignum_exptmod;sae_parse_commit_element_ffc") ]
for count, func in tests:
with fail_test(dev[0], count, func):
dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
scan_freq="2412", wait_connect=False)
wait_fail_trigger(dev[0], "GET_FAIL")
dev[0].request("REMOVE_NETWORK all")
dev[0].request("SET sae_groups 22")
tests = [ (1, "crypto_bignum_init_set;sae_test_pwd_seed_ffc"),
(1, "crypto_bignum_sub;sae_test_pwd_seed_ffc"),
(1, "crypto_bignum_div;sae_test_pwd_seed_ffc") ]
for count, func in tests:
with fail_test(dev[0], count, func):
dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
scan_freq="2412", wait_connect=False)
wait_fail_trigger(dev[0], "GET_FAIL")
dev[0].request("REMOVE_NETWORK all")
def test_owe_local_errors(dev, apdev):
"""Opportunistic Wireless Encryption - local errors on supplicant"""
if "OWE" not in dev[0].get_capability("key_mgmt"):
raise HwsimSkip("OWE not supported")
params = {"ssid": "owe",
"wpa": "2",
"ieee80211w": "2",
"wpa_key_mgmt": "OWE",
"rsn_pairwise": "CCMP"}
hapd = hostapd.add_ap(apdev[0], params)
bssid = hapd.own_addr()
dev[0].scan_for_bss(bssid, freq="2412")
tests = [(1, "crypto_ecdh_init;owe_build_assoc_req"),
(1, "crypto_ecdh_get_pubkey;owe_build_assoc_req"),
(1, "wpabuf_alloc;owe_build_assoc_req")]
for count, func in tests:
with alloc_fail(dev[0], count, func):
dev[0].connect("owe", key_mgmt="OWE", owe_group="20",
ieee80211w="2",
scan_freq="2412", wait_connect=False)
wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
dev[0].request("REMOVE_NETWORK all")
dev[0].dump_monitor()
tests = [(1, "crypto_ecdh_set_peerkey;owe_process_assoc_resp"),
(1, "crypto_ecdh_get_pubkey;owe_process_assoc_resp"),
(1, "wpabuf_alloc;=owe_process_assoc_resp")]
for count, func in tests:
with alloc_fail(dev[0], count, func):
dev[0].connect("owe", key_mgmt="OWE", owe_group="20",
ieee80211w="2",
scan_freq="2412", wait_connect=False)
dev[0].wait_disconnected()
dev[0].request("REMOVE_NETWORK all")
dev[0].dump_monitor()
tests = [(1, "hmac_sha256;owe_process_assoc_resp", 19),
(1, "hmac_sha256_kdf;owe_process_assoc_resp", 19),
(1, "hmac_sha384;owe_process_assoc_resp", 20),
(1, "hmac_sha384_kdf;owe_process_assoc_resp", 20),
(1, "hmac_sha512;owe_process_assoc_resp", 21),
(1, "hmac_sha512_kdf;owe_process_assoc_resp", 21)]
for count, func, group in tests:
with fail_test(dev[0], count, func):
dev[0].connect("owe", key_mgmt="OWE", owe_group=str(group),
ieee80211w="2",
scan_freq="2412", wait_connect=False)
dev[0].wait_disconnected()
dev[0].request("REMOVE_NETWORK all")
dev[0].dump_monitor()
dev[0].connect("owe", key_mgmt="OWE", owe_group="18",
ieee80211w="2",
scan_freq="2412", wait_connect=False)
ev = dev[0].wait_event(["SME: Trying to authenticate"], timeout=5)
if ev is None:
raise Exception("No authentication attempt")
time.sleep(0.5)
dev[0].request("REMOVE_NETWORK all")
dev[0].dump_monitor()
def test_authsrv_oom(dev, apdev):
"""Authentication server OOM"""
params = authsrv_params()
authsrv = hostapd.add_ap(apdev[1], params)
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
params['auth_server_port'] = "18128"
hapd = hostapd.add_ap(apdev[0], params)
dev[0].scan_for_bss(hapd.own_addr(), 2412)
with alloc_fail(authsrv, 1, "hostapd_radius_get_eap_user"):
dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
eap="TTLS", identity="user",
anonymous_identity="ttls", password="******",
ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
wait_connect=False, scan_freq="2412")
ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
if ev is None:
raise Exception("EAP failure not reported")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
dev[0].dump_monitor()
with alloc_fail(authsrv, 1, "srv_log"):
dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
eap="TTLS", identity="user",
anonymous_identity="ttls", password="******",
ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
scan_freq="2412")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
dev[0].dump_monitor()
with alloc_fail(authsrv, 1, "radius_server_new_session"):
dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
eap="TTLS", identity="user",
anonymous_identity="ttls", password="******",
ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
wait_connect=False, scan_freq="2412")
dev[0].wait_disconnected()
dev[0].request("REMOVE_NETWORK all")
dev[0].dump_monitor()
for count in range(1, 3):
with alloc_fail(authsrv, count, "=radius_server_get_new_session"):
dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
eap="TTLS", identity="user",
anonymous_identity="ttls", password="******",
ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
wait_connect=False, scan_freq="2412")
dev[0].wait_disconnected()
dev[0].request("REMOVE_NETWORK all")
dev[0].dump_monitor()
with alloc_fail(authsrv, 1, "eap_server_sm_init"):
dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
eap="TTLS", identity="user",
anonymous_identity="ttls", password="******",
ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
wait_connect=False, scan_freq="2412")
dev[0].wait_disconnected()
dev[0].request("REMOVE_NETWORK all")
dev[0].dump_monitor()
tests = [ "radius_server_encapsulate_eap",
"radius_server_receive_auth" ]
for t in tests:
with alloc_fail(authsrv, 1, t):
dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
eap="TTLS", identity="user",
anonymous_identity="ttls", password="******",
ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
wait_connect=False, scan_freq="2412")
wait_fail_trigger(authsrv, "GET_ALLOC_FAIL")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
dev[0].dump_monitor()
tests = [ "radius_msg_add_attr;radius_server_encapsulate_eap",
"radius_msg_add_eap;radius_server_encapsulate_eap",
"radius_msg_finish_srv;radius_server_encapsulate_eap" ]
for t in tests:
with fail_test(authsrv, 1, t):
dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
eap="TTLS", identity="user",
anonymous_identity="ttls", password="******",
ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
wait_connect=False, scan_freq="2412")
wait_fail_trigger(authsrv, "GET_FAIL")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
dev[0].dump_monitor()
with alloc_fail(authsrv, 1, "radius_server_get_new_session"):
with fail_test(authsrv, 1, "radius_msg_add_eap;radius_server_reject"):
dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
eap="TTLS", identity="user",
anonymous_identity="ttls", password="******",
ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
wait_connect=False, scan_freq="2412")
wait_fail_trigger(authsrv, "GET_FAIL")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
dev[0].dump_monitor()
with alloc_fail(authsrv, 1, "radius_server_get_new_session"):
with fail_test(authsrv, 1,
"radius_msg_finish_srv;radius_server_reject"):
dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
eap="TTLS", identity="user",
anonymous_identity="ttls", password="******",
ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
wait_connect=False, scan_freq="2412")
wait_fail_trigger(authsrv, "GET_FAIL")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
dev[0].dump_monitor()
authsrv.disable()
with alloc_fail(authsrv, 1, "radius_server_init;hostapd_setup_radius_srv"):
if "FAIL" not in authsrv.request("ENABLE"):
raise Exception("ENABLE succeeded during OOM")
with alloc_fail(authsrv, 2, "radius_server_init;hostapd_setup_radius_srv"):
authsrv.request("ENABLE")
# This is actually allowed to continue even though memory allocation
# fails.
authsrv.disable()
for count in range(1, 4):
with alloc_fail(authsrv, count,
"radius_server_read_clients;radius_server_init;hostapd_setup_radius_srv"):
if "FAIL" not in authsrv.request("ENABLE"):
raise Exception("ENABLE succeeded during OOM")
with alloc_fail(authsrv, 1, "eloop_sock_table_add_sock;radius_server_init;hostapd_setup_radius_srv"):
if "FAIL" not in authsrv.request("ENABLE"):
raise Exception("ENABLE succeeded during OOM")
with alloc_fail(authsrv, 1, "tls_init;authsrv_init"):
if "FAIL" not in authsrv.request("ENABLE"):
raise Exception("ENABLE succeeded during OOM")
for count in range(1, 3):
with alloc_fail(authsrv, count, "eap_sim_db_init;authsrv_init"):
if "FAIL" not in authsrv.request("ENABLE"):
raise Exception("ENABLE succeeded during OOM")
def test_scan_fail(dev, apdev):
"""Scan failures"""
with fail_test(dev[0], 1, "wpa_driver_nl80211_scan"):
dev[0].request("DISCONNECT")
if "OK" not in dev[0].request("SCAN freq=2412"):
raise Exception("SCAN failed")
ev = dev[0].wait_event(["CTRL-EVENT-SCAN-FAILED"], timeout=5)
if ev is None:
raise Exception("Did not see scan failure event")
dev[0].dump_monitor()
for i in range(1, 5):
with alloc_fail(dev[0], i,
"wpa_scan_clone_params;wpa_supplicant_trigger_scan"):
if "OK" not in dev[0].request("SCAN ssid 112233 freq=2412"):
raise Exception("SCAN failed")
ev = dev[0].wait_event(["CTRL-EVENT-SCAN-FAILED"], timeout=5)
if ev is None:
raise Exception("Did not see scan failure event")
dev[0].dump_monitor()
with alloc_fail(dev[0], 1, "radio_add_work;wpa_supplicant_trigger_scan"):
if "OK" not in dev[0].request("SCAN freq=2412"):
raise Exception("SCAN failed")
ev = dev[0].wait_event(["CTRL-EVENT-SCAN-FAILED"], timeout=5)
if ev is None:
raise Exception("Did not see scan failure event")
dev[0].dump_monitor()
try:
if "OK" not in dev[0].request("SET filter_ssids 1"):
raise Exception("SET failed")
id = dev[0].connect("test-scan", key_mgmt="NONE", only_add_network=True)
with alloc_fail(dev[0], 1, "wpa_supplicant_build_filter_ssids"):
# While the filter list cannot be created due to memory allocation
# failure, this scan is expected to be completed without SSID
# filtering.
if "OK" not in dev[0].request("SCAN freq=2412"):
raise Exception("SCAN failed")
ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"])
if ev is None:
raise Exception("Scan did not complete")
dev[0].remove_network(id)
finally:
dev[0].request("SET filter_ssids 0")
dev[0].dump_monitor()
with alloc_fail(dev[0], 1, "nl80211_get_scan_results"):
if "OK" not in dev[0].request("SCAN freq=2412"):
raise Exception("SCAN failed")
ev = dev[0].wait_event(["CTRL-EVENT-SCAN-STARTED"], timeout=5)
if ev is None:
raise Exception("Did not see scan started event")
wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
dev[0].dump_monitor()
try:
if "OK" not in dev[0].request("SET setband 2G"):
raise Exception("SET setband failed")
with alloc_fail(dev[0], 1, "=wpa_setband_scan_freqs_list"):
# While the frequency list cannot be created due to memory
# allocation failure, this scan is expected to be completed without
# frequency filtering.
if "OK" not in dev[0].request("SCAN"):
raise Exception("SCAN failed")
wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
dev[0].request("ABORT_SCAN")
ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"])
if ev is None:
raise Exception("Scan did not complete")
finally:
dev[0].request("SET setband AUTO")
dev[0].dump_monitor()
wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
wpas.interface_add("wlan5")
wpas.request("SET preassoc_mac_addr 1")
with fail_test(wpas, 1, "nl80211_set_mac_addr;wpas_trigger_scan_cb"):
if "OK" not in wpas.request("SCAN freq=2412"):
raise Exception("SCAN failed")
ev = wpas.wait_event(["CTRL-EVENT-SCAN-FAILED"], timeout=5)
if ev is None:
raise Exception("Did not see scan failure event")
wpas.request("SET preassoc_mac_addr 0")
wpas.dump_monitor()
hapd = hostapd.add_ap(apdev[0], { "ssid": "open" })
with alloc_fail(dev[0], 1, "wpa_bss_add"):
dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
def test_erp_local_errors(dev, apdev):
"""ERP and local error cases"""
check_erp_capa(dev[0])
params = int_eap_server_params()
params['erp_send_reauth_start'] = '1'
params['erp_domain'] = 'example.com'
params['eap_server_erp'] = '1'
params['disable_pmksa_caching'] = '1'
hapd = hostapd.add_ap(apdev[0]['ifname'], params)
dev[0].request("ERP_FLUSH")
with alloc_fail(dev[0], 1, "eap_peer_erp_init"):
dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
identity="*****@*****.**",
anonymous_identity="*****@*****.**",
password="******",
ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
erp="1", scan_freq="2412")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
for count in range(1, 6):
dev[0].request("ERP_FLUSH")
with fail_test(dev[0], count, "hmac_sha256_kdf;eap_peer_erp_init"):
dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
identity="*****@*****.**",
anonymous_identity="*****@*****.**",
password="******",
ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
erp="1", scan_freq="2412")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
dev[0].request("ERP_FLUSH")
with alloc_fail(dev[0], 1, "eap_msg_alloc;eap_peer_erp_reauth_start"):
dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
identity="*****@*****.**",
anonymous_identity="*****@*****.**",
password="******",
ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
erp="1", scan_freq="2412")
dev[0].request("DISCONNECT")
dev[0].wait_disconnected(timeout=15)
dev[0].request("RECONNECT")
wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
dev[0].request("ERP_FLUSH")
with fail_test(dev[0], 1, "hmac_sha256;eap_peer_erp_reauth_start"):
dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
identity="*****@*****.**",
anonymous_identity="*****@*****.**",
password="******",
ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
erp="1", scan_freq="2412")
dev[0].request("DISCONNECT")
dev[0].wait_disconnected(timeout=15)
dev[0].request("RECONNECT")
wait_fail_trigger(dev[0], "GET_FAIL")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
dev[0].request("ERP_FLUSH")
with fail_test(dev[0], 1, "hmac_sha256;eap_peer_finish"):
dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
identity="*****@*****.**",
anonymous_identity="*****@*****.**",
password="******",
ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
erp="1", scan_freq="2412")
dev[0].request("DISCONNECT")
dev[0].wait_disconnected(timeout=15)
dev[0].request("RECONNECT")
wait_fail_trigger(dev[0], "GET_FAIL")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
