def test_owe_and_psk(dev, apdev):
"""Opportunistic Wireless Encryption and WPA2-PSK enabled"""
if "OWE" not in dev[0].get_capability("key_mgmt"):
raise HwsimSkip("OWE not supported")
params = {
"ssid": "owe+psk",
"wpa": "2",
"wpa_key_mgmt": "OWE WPA-PSK",
"rsn_pairwise": "CCMP",
"wpa_passphrase": "12345678"
}
hapd = hostapd.add_ap(apdev[0], params)
bssid = hapd.own_addr()
dev[0].scan_for_bss(bssid, freq="2412")
dev[0].connect("owe+psk", psk="12345678")
hwsim_utils.test_connectivity(dev[0], hapd)
dev[1].scan_for_bss(bssid, freq="2412")
dev[1].connect("owe+psk", key_mgmt="OWE")
hwsim_utils.test_connectivity(dev[1], hapd)
def test_sae_pmksa_caching(dev, apdev):
"""SAE and PMKSA caching"""
if "SAE" not in dev[0].get_capability("auth_alg"):
raise HwsimSkip("SAE not supported")
params = hostapd.wpa2_params(ssid="test-sae",
passphrase="12345678")
params['wpa_key_mgmt'] = 'SAE'
hapd = hostapd.add_ap(apdev[0]['ifname'], params)
dev[0].request("SET sae_groups ")
dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
scan_freq="2412")
ev = hapd.wait_event([ "AP-STA-CONNECTED" ], timeout=5)
if ev is None:
raise Exception("No connection event received from hostapd")
dev[0].request("DISCONNECT")
dev[0].wait_disconnected()
dev[0].request("RECONNECT")
dev[0].wait_connected(timeout=15, error="Reconnect timed out")
if dev[0].get_status_field('sae_group') is not None:
raise Exception("SAE group claimed to have been used")
def test_owe_transition_mode_open_only_ap(dev, apdev):
"""Opportunistic Wireless Encryption transition mode connect to open-only AP"""
if "OWE" not in dev[0].get_capability("key_mgmt"):
raise HwsimSkip("OWE not supported")
dev[0].flush_scan_cache()
params = {"ssid": "owe-test-open"}
hapd = hostapd.add_ap(apdev[0], params)
bssid = hapd.own_addr()
dev[0].scan_for_bss(bssid, freq="2412")
bss = dev[0].get_bss(bssid)
id = dev[0].connect("owe-test-open",
key_mgmt="OWE",
ieee80211w="2",
scan_freq="2412")
hwsim_utils.test_connectivity(dev[0], hapd)
val = dev[0].get_status_field("key_mgmt")
if val != "NONE":
raise Exception("Unexpected key_mgmt: " + val)
def test_tnc_ttls(dev, apdev):
"""TNC TTLS"""
check_eap_capa(dev[0], "MSCHAPV2")
params = int_eap_server_params()
params["tnc"] = "1"
hostapd.add_ap(apdev[0], params)
if not os.path.exists("tnc/libhostap_imc.so"):
raise HwsimSkip("No IMC installed")
dev[0].connect("test-wpa2-eap",
key_mgmt="WPA-EAP",
eap="TTLS",
identity="DOMAIN\mschapv2 user",
anonymous_identity="ttls",
password="******",
phase2="auth=MSCHAPV2",
ca_cert="auth_serv/ca.pem",
scan_freq="2412",
wait_connect=False)
dev[0].wait_connected(timeout=10)
def run_autogo_chan_switch(dev):
autogo(dev[0], freq=2417)
connect_cli(dev[0], dev[1], freq=2417)
res = dev[0].group_request("CHAN_SWITCH 5 2422")
if "FAIL" in res:
# for now, skip test since mac80211_hwsim support is not yet widely
# deployed
raise HwsimSkip(
"Assume mac80211_hwsim did not support channel switching")
ev = dev[0].wait_group_event(["AP-CSA-FINISHED"], timeout=10)
if ev is None:
raise Exception("CSA finished event timed out")
if "freq=2422" not in ev:
raise Exception("Unexpected cahnnel in CSA finished event")
dev[0].dump_monitor()
dev[1].dump_monitor()
time.sleep(0.1)
hwsim_utils.test_connectivity_p2p(dev[0], dev[1])
dev[0].remove_group()
dev[1].wait_go_ending_session()
def test_ap_cipher_tkip_countermeasures_ap(dev, apdev):
"""WPA-PSK/TKIP countermeasures (detected by AP)"""
skip_with_fips(dev[0])
testfile = "/sys/kernel/debug/ieee80211/%s/netdev:%s/tkip_mic_test" % (
dev[0].get_driver_status_field("phyname"), dev[0].ifname)
if dev[0].cmd_execute(["ls", testfile])[0] != 0:
raise HwsimSkip("tkip_mic_test not supported in mac80211")
params = {
"ssid": "tkip-countermeasures",
"wpa_passphrase": "12345678",
"wpa": "1",
"wpa_key_mgmt": "WPA-PSK",
"wpa_pairwise": "TKIP"
}
hapd = hostapd.add_ap(apdev[0], params)
dev[0].connect("tkip-countermeasures",
psk="12345678",
pairwise="TKIP",
group="TKIP",
scan_freq="2412")
dev[0].dump_monitor()
dev[0].cmd_execute(["echo", "-n", apdev[0]['bssid'], ">", testfile],
shell=True)
ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
if ev is not None:
raise Exception(
"Unexpected disconnection on first Michael MIC failure")
dev[0].cmd_execute(["echo", "-n", "ff:ff:ff:ff:ff:ff", ">", testfile],
shell=True)
ev = dev[0].wait_disconnected(
timeout=10, error="No disconnection after two Michael MIC failures")
if "reason=14" not in ev:
raise Exception("Unexpected disconnection reason: " + ev)
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
if ev is not None:
raise Exception("Unexpected connection during TKIP countermeasures")
def test_ap_vht_tkip(dev, apdev):
"""VHT and TKIP"""
try:
hapd = None
params = { "ssid": "vht",
"wpa": "1",
"wpa_key_mgmt": "WPA-PSK",
"wpa_pairwise": "TKIP",
"wpa_passphrase": "12345678",
"country_code": "FI",
"hw_mode": "a",
"channel": "36",
"ht_capab": "[HT40+]",
"ieee80211n": "1",
"ieee80211ac": "1",
"vht_oper_chwidth": "1",
"vht_oper_centr_freq_seg0_idx": "42" }
hapd = hostapd.add_ap(apdev[0], params)
bssid = apdev[0]['bssid']
dev[0].connect("vht", psk="12345678", scan_freq="5180")
hwsim_utils.test_connectivity(dev[0], hapd)
sig = dev[0].request("SIGNAL_POLL").splitlines()
if "FREQUENCY=5180" not in sig:
raise Exception("Unexpected SIGNAL_POLL value(1): " + str(sig))
if "WIDTH=20 MHz (no HT)" not in sig:
raise Exception("Unexpected SIGNAL_POLL value(2): " + str(sig))
status = hapd.get_status()
logger.info("hostapd STATUS: " + str(status))
if status["ieee80211n"] != "0":
raise Exception("Unexpected STATUS ieee80211n value")
if status["ieee80211ac"] != "0":
raise Exception("Unexpected STATUS ieee80211ac value")
if status["secondary_channel"] != "0":
raise Exception("Unexpected STATUS secondary_channel value")
except Exception, e:
if isinstance(e, Exception) and str(e) == "AP startup failed":
if not vht_supported():
raise HwsimSkip("80 MHz channel not supported in regulatory information")
raise
def test_hostapd_oom_wpa2_psk_connect(dev, apdev):
"""hostapd failing during WPA2-PSK mode connection due to OOM"""
params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678")
hapd = hostapd.add_ap(apdev[0]['ifname'], params)
dev[0].request("SCAN_INTERVAL 1")
count = 0
for i in range(1, 1000):
logger.info("Iteration %d" % i)
if "OK" not in hapd.request("TEST_ALLOC_FAIL %d:main" % i):
raise HwsimSkip("TEST_ALLOC_FAIL not supported")
id = dev[0].connect("test-wpa2-psk", psk="12345678",
scan_freq="2412", wait_connect=False)
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
"CTRL-EVENT-SSID-TEMP-DISABLED"], timeout=5)
if ev is None:
logger.info("Timeout while waiting for connection in iteration %d" % i)
dev[0].request("REMOVE_NETWORK all")
time.sleep(0.1)
else:
if "CTRL-EVENT-SSID-TEMP-DISABLED" in ev:
logger.info("Re-select to avoid long wait for temp disavle")
dev[0].select_network(id)
dev[0].wait_connected()
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
for i in range(3):
dev[i].dump_monitor()
hapd.dump_monitor()
state = hapd.request('GET_ALLOC_FAIL')
logger.info("GET_ALLOC_FAIL: " + state)
hapd.request("TEST_ALLOC_FAIL 0:")
if state.startswith('0:'):
count = 0
else:
count += 1
if count == 5:
break
dev[0].request("SCAN_INTERVAL 5")
def run_ap_wpa2_igtk_initial_rsc(dev, apdev, cipher):
if cipher not in dev[0].get_capability("group_mgmt"):
raise HwsimSkip("Cipher %s not supported" % cipher)
params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678")
params["ieee80211w"] = "2"
params["rsn_pairwise"] = "CCMP"
params["group_cipher"] = "CCMP"
params["group_mgmt_cipher"] = cipher
params["igtk_rsc_override"] = "341200000000"
hapd = hostapd.add_ap(apdev[0], params)
Wlantest.setup(hapd)
wt = Wlantest()
wt.flush()
wt.add_passphrase("12345678")
dev[0].connect("test-wpa2-psk", psk="12345678", proto="WPA2",
ieee80211w="2", pairwise="CCMP", group="CCMP",
group_mgmt=cipher,
scan_freq="2412")
hapd.wait_sta()
# Verify that broadcast robust management frames are dropped.
dev[0].note("Sending broadcast Deauthentication and Disassociation frames with too small IPN")
hapd.request("DEAUTHENTICATE ff:ff:ff:ff:ff:ff test=1")
hapd.request("DISASSOCIATE ff:ff:ff:ff:ff:ff test=1")
hapd.request("DEAUTHENTICATE ff:ff:ff:ff:ff:ff test=1")
hapd.request("DISASSOCIATE ff:ff:ff:ff:ff:ff test=1")
dev[0].note("Done sending broadcast Deauthentication and Disassociation frames with too small IPN")
ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
if ev is not None:
raise Exception("Unexpected disconnection")
# Verify thar unicast robust management frames go through.
hapd.request("DEAUTHENTICATE " + dev[0].own_addr() + " reason=123 test=1")
ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
if ev is None:
raise Exception("Disconnection not reported")
if "reason=123" not in ev:
raise Exception("Unexpected disconnection reason: " + ev)
def test_ap_cipher_tkip_countermeasures_sta(dev, apdev):
"""WPA-PSK/TKIP countermeasures (detected by STA)"""
skip_with_fips(dev[0])
params = {
"ssid": "tkip-countermeasures",
"wpa_passphrase": "12345678",
"wpa": "1",
"wpa_key_mgmt": "WPA-PSK",
"wpa_pairwise": "TKIP"
}
hapd = hostapd.add_ap(apdev[0]['ifname'], params)
testfile = "/sys/kernel/debug/ieee80211/%s/netdev:%s/tkip_mic_test" % (
hapd.get_driver_status_field("phyname"), apdev[0]['ifname'])
if not os.path.exists(testfile):
raise HwsimSkip("tkip_mic_test not supported in mac80211")
dev[0].connect("tkip-countermeasures",
psk="12345678",
pairwise="TKIP",
group="TKIP",
scan_freq="2412")
dev[0].dump_monitor()
with open(testfile, "w") as f:
f.write(dev[0].p2p_dev_addr())
ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
if ev is not None:
raise Exception(
"Unexpected disconnection on first Michael MIC failure")
with open(testfile, "w") as f:
f.write("ff:ff:ff:ff:ff:ff")
ev = dev[0].wait_disconnected(
timeout=10, error="No disconnection after two Michael MIC failures")
if "reason=14 locally_generated=1" not in ev:
raise Exception("Unexpected disconnection reason: " + ev)
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
if ev is not None:
raise Exception("Unexpected connection during TKIP countermeasures")
def test_ap_open_tdls_vht80(dev, apdev):
"""Open AP and two stations using TDLS with VHT 80"""
params = {
"ssid": "test-open",
"country_code": "US",
"hw_mode": "a",
"channel": "36",
"ht_capab": "[HT40+]",
"ieee80211n": "1",
"ieee80211ac": "1",
"vht_capab": "",
"vht_oper_chwidth": "1",
"vht_oper_centr_freq_seg0_idx": "42"
}
try:
hapd = None
hapd = hostapd.add_ap(apdev[0], params)
wlantest_setup(hapd)
connect_2sta_open(dev, hapd, scan_freq="5180")
sig = dev[0].request("SIGNAL_POLL").splitlines()
if "WIDTH=80 MHz" not in sig:
raise Exception("Unexpected SIGNAL_POLL value(2): " + str(sig))
setup_tdls(dev[0], dev[1], hapd)
for i in range(10):
check_connectivity(dev[0], dev[1], hapd)
for i in range(2):
cmd = subprocess.Popen(['iw', dev[0].ifname, 'station', 'dump'],
stdout=subprocess.PIPE)
res = cmd.stdout.read()
cmd.stdout.close()
logger.info("Station dump on dev[%d]:\n%s" % (i, res))
except Exception as e:
if isinstance(e, Exception) and str(e) == "AP startup failed":
if not vht_supported():
raise HwsimSkip(
"80/160 MHz channel not supported in regulatory information"
)
raise
finally:
tdls_clear_reg(hapd, dev)
def sae_reflection_attack(apdev, dev, group):
if "SAE" not in dev.get_capability("auth_alg"):
raise HwsimSkip("SAE not supported")
params = hostapd.wpa2_params(ssid="test-sae",
passphrase="no-knowledge-of-passphrase")
params['wpa_key_mgmt'] = 'SAE'
hapd = hostapd.add_ap(apdev, params)
bssid = apdev['bssid']
dev.scan_for_bss(bssid, freq=2412)
hapd.set("ext_mgmt_frame_handling", "1")
dev.request("SET sae_groups %d" % group)
dev.connect("test-sae", psk="reflection-attack", key_mgmt="SAE",
scan_freq="2412", wait_connect=False)
# Commit
for i in range(0, 10):
req = hapd.mgmt_rx()
if req is None:
raise Exception("MGMT RX wait timed out")
if req['subtype'] == 11:
break
req = None
if not req:
raise Exception("Authentication frame not received")
resp = {}
resp['fc'] = req['fc']
resp['da'] = req['sa']
resp['sa'] = req['da']
resp['bssid'] = req['bssid']
resp['payload'] = req['payload']
hapd.mgmt_tx(resp)
# Confirm
req = hapd.mgmt_rx(timeout=0.5)
if req is not None:
if req['subtype'] == 11:
raise Exception("Unexpected Authentication frame seen")
def test_ap_cipher_bip_req_mismatch(dev, apdev):
"""WPA2-PSK with BIP cipher mismatch"""
group_mgmt = dev[0].get_capability("group_mgmt")
for cipher in ["AES-128-CMAC", "BIP-GMAC-256"]:
if cipher not in group_mgmt:
raise HwsimSkip("Cipher %s not supported" % cipher)
params = {
"ssid": "test-wpa2-psk-pmf",
"wpa_passphrase": "12345678",
"wpa": "2",
"ieee80211w": "2",
"wpa_key_mgmt": "WPA-PSK-SHA256",
"rsn_pairwise": "CCMP",
"group_mgmt_cipher": "AES-128-CMAC"
}
hapd = hostapd.add_ap(apdev[0], params)
dev[0].scan_for_bss(hapd.own_addr(), 2412)
id = dev[0].connect("test-wpa2-psk-pmf",
psk="12345678",
ieee80211w="2",
key_mgmt="WPA-PSK-SHA256",
group_mgmt="BIP-GMAC-256",
pairwise="CCMP",
group="CCMP",
scan_freq="2412",
wait_connect=False)
ev = dev[0].wait_event(
["CTRL-EVENT-NETWORK-NOT-FOUND", "CTRL-EVENT-CONNECTED"], timeout=10)
if ev is None:
raise Exception("Network selection result not indicated")
if "CTRL-EVENT-CONNECTED" in ev:
raise Exception("Unexpected connection")
dev[0].request("DISCONNECT")
dev[0].set_network(id, "group_mgmt", "AES-128-CMAC")
dev[0].select_network(id)
dev[0].wait_connected()
def test_rrm_neighbor_rep_req_from_conf(dev, apdev):
"""wpa_supplicant ctrl_iface NEIGHBOR_REP_REQUEST and hostapd config"""
params = {
"ssid": "test2",
"rrm_neighbor_report": "1",
"stationary_ap": "1",
"lci": lci,
"civic": civic
}
hapd = hostapd.add_ap(apdev[0]['ifname'], params)
bssid = apdev[0]['bssid']
rrm = int(dev[0].get_driver_status_field("capa.rrm_flags"), 16)
if rrm & 0x5 != 0x5 and rrm & 0x10 != 0x10:
raise HwsimSkip("Required RRM capabilities are not supported")
dev[0].connect("test2", key_mgmt="NONE", scan_freq="2412")
if "OK" not in dev[0].request("NEIGHBOR_REP_REQUEST"):
raise Exception("Request failed")
check_nr_results(dev[0], [bssid])
def test_p2p_device_autogo_chan_switch(dev):
"""P2P autonomous GO switching channels with cfg80211 P2P Device"""
with HWSimRadio(use_p2p_device=True) as (radio, iface):
wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
wpas.interface_add(iface)
wpas.global_request("SET p2p_no_group_iface 1")
autogo(wpas, freq=2417)
connect_cli(wpas, dev[1])
res = wpas.group_request("CHAN_SWITCH 5 2422")
if "FAIL" in res:
# for now, skip test since mac80211_hwsim support is not yet widely
# deployed
raise HwsimSkip("Assume mac80211_hwsim did not support channel switching")
ev = wpas.wait_group_event(["AP-CSA-FINISHED"], timeout=10)
if ev is None:
raise Exception("CSA finished event timed out")
if "freq=2422" not in ev:
raise Exception("Unexpected cahnnel in CSA finished event")
wpas.dump_monitor()
dev[1].dump_monitor()
time.sleep(0.1)
hwsim_utils.test_connectivity_p2p(wpas, dev[1])
def check_group_mgmt_cipher(dev, ap, cipher):
wt = Wlantest()
wt.flush()
wt.add_passphrase("12345678")
if cipher not in dev.get_capability("group_mgmt"):
raise HwsimSkip("Cipher %s not supported" % cipher)
params = {
"ssid": "test-wpa2-psk-pmf",
"wpa_passphrase": "12345678",
"wpa": "2",
"ieee80211w": "2",
"wpa_key_mgmt": "WPA-PSK-SHA256",
"rsn_pairwise": "CCMP",
"group_mgmt_cipher": cipher
}
hapd = hostapd.add_ap(ap['ifname'], params)
dev.connect("test-wpa2-psk-pmf",
psk="12345678",
ieee80211w="2",
key_mgmt="WPA-PSK-SHA256",
pairwise="CCMP",
group="CCMP",
scan_freq="2412")
hwsim_utils.test_connectivity(dev, hapd)
hapd.request("DEAUTHENTICATE ff:ff:ff:ff:ff:ff")
dev.wait_disconnected()
if wt.get_bss_counter('valid_bip_mmie', ap['bssid']) < 1:
raise Exception("No valid BIP MMIE seen")
if wt.get_bss_counter('bip_deauth', ap['bssid']) < 1:
raise Exception("No valid BIP deauth seen")
if cipher == "AES-128-CMAC":
group_mgmt = "BIP"
else:
group_mgmt = cipher
res = wt.info_bss('group_mgmt', ap['bssid']).strip()
if res != group_mgmt:
raise Exception("Unexpected group mgmt cipher: " + res)
def test_sae(dev, apdev):
"""SAE with default group"""
if "SAE" not in dev[0].get_capability("auth_alg"):
raise HwsimSkip("SAE not supported")
params = hostapd.wpa2_params(ssid="test-sae",
passphrase="12345678")
params['wpa_key_mgmt'] = 'SAE'
hapd = hostapd.add_ap(apdev[0], params)
key_mgmt = hapd.get_config()['key_mgmt']
if key_mgmt.split(' ')[0] != "SAE":
raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
dev[0].request("SET sae_groups ")
id = dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
scan_freq="2412")
if dev[0].get_status_field('sae_group') != '19':
raise Exception("Expected default SAE group not used")
bss = dev[0].get_bss(apdev[0]['bssid'])
if 'flags' not in bss:
raise Exception("Could not get BSS flags from BSS table")
if "[WPA2-SAE-CCMP]" not in bss['flags']:
raise Exception("Unexpected BSS flags: " + bss['flags'])
def hs20_filters_connect(dev, apdev, disable_dgaf=False, proxy_arp=False):
bssid = apdev[0]['bssid']
params = hs20_ap_params()
params['hessid'] = bssid
# Do not disable dgaf, to test that the station drops unicast IP packets
# encrypted with GTK.
params['disable_dgaf'] = '0'
params['proxy_arp'] = '1'
params['ap_isolate'] = '1'
params['bridge'] = 'ap-br0'
try:
hapd = hostapd.add_ap(apdev[0], params)
except:
# For now, do not report failures due to missing kernel support.
raise HwsimSkip(
"Could not start hostapd - assume proxyarp not supported in the kernel"
)
subprocess.call(['brctl', 'setfd', 'ap-br0', '0'])
subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
dev[0].hs20_enable()
id = dev[0].add_cred_values({
'realm': "example.com",
'username': "******",
'password': "******",
'ca_cert': "auth_serv/ca.pem",
'domain': "example.com",
'update_identifier': "1234"
})
interworking_select(dev[0], bssid, "home", freq="2412")
interworking_connect(dev[0], bssid, "TTLS")
time.sleep(0.1)
return dev[0], hapd
def test_wmediumd_simple(dev, apdev):
"""test a simple wmediumd configuration"""
fd, fn = tempfile.mkstemp()
try:
f = os.fdopen(fd, 'w')
f.write(CFG % (apdev[0]['bssid'], dev[0].own_addr()))
f.close()
try:
p = subprocess.Popen(['wmediumd', '-c', fn],
stdout=open('/dev/null', 'a'),
stderr=subprocess.STDOUT)
except OSError, e:
if e.errno == errno.ENOENT:
raise HwsimSkip("wmediumd not available")
raise
try:
_test_ap_open(dev, apdev)
finally:
p.terminate()
p.wait()
# test that releasing hwsim works correctly
_test_ap_open(dev, apdev)
def test_wpas_ap_acs(dev):
"""wpa_supplicant AP mode - ACS"""
res = dev[0].get_capability("acs")
if res is None or "ACS" not in res:
raise HwsimSkip("ACS not supported")
id = dev[0].add_network()
dev[0].set_network(id, "mode", "2")
dev[0].set_network_quoted(id, "ssid", "wpas-ap-open")
dev[0].set_network(id, "key_mgmt", "NONE")
dev[0].set_network(id, "frequency", "2417")
dev[0].set_network(id, "scan_freq", "2417")
dev[0].set_network(id, "acs", "1")
dev[0].select_network(id)
wait_ap_ready(dev[0])
# ACS prefers channels 1, 6, 11
freq = dev[0].get_status_field('freq')
if freq == "2417":
raise Exception("Unexpected operating channel selected")
dev[1].connect("wpas-ap-open", key_mgmt="NONE", scan_freq=freq)
def test_sae_pwe_failure(dev, apdev):
"""SAE and pwe failure"""
if "SAE" not in dev[0].get_capability("auth_alg"):
raise HwsimSkip("SAE not supported")
params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678")
params['wpa_key_mgmt'] = 'SAE'
params['sae_groups'] = '19 5'
hapd = hostapd.add_ap(apdev[0], params)
dev[0].request("SET sae_groups 19")
with fail_test(dev[0], 1, "hmac_sha256_vector;sae_derive_pwe_ecc"):
dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
scan_freq="2412")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
with fail_test(dev[0], 1, "sae_test_pwd_seed_ecc"):
dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
scan_freq="2412")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
dev[0].request("SET sae_groups 5")
with fail_test(dev[0], 1, "hmac_sha256_vector;sae_derive_pwe_ffc"):
dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
scan_freq="2412")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
dev[0].request("SET sae_groups 5")
with fail_test(dev[0], 1, "sae_test_pwd_seed_ffc"):
dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
scan_freq="2412")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
with fail_test(dev[0], 2, "sae_test_pwd_seed_ffc"):
dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
scan_freq="2412")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
def test_owe_groups(dev, apdev):
"""Opportunistic Wireless Encryption - DH groups"""
if "OWE" not in dev[0].get_capability("key_mgmt"):
raise HwsimSkip("OWE not supported")
params = {
"ssid": "owe",
"wpa": "2",
"wpa_key_mgmt": "OWE",
"rsn_pairwise": "CCMP"
}
hapd = hostapd.add_ap(apdev[0], params)
bssid = hapd.own_addr()
dev[0].scan_for_bss(bssid, freq="2412")
for group in [19, 20, 21]:
dev[0].connect("owe", key_mgmt="OWE", owe_group=str(group))
hapd.wait_sta()
hwsim_utils.test_connectivity(dev[0], hapd)
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
dev[0].dump_monitor()
hapd.dump_monitor()
def test_ocv_sa_query(dev, apdev):
"""Test SA Query with OCV"""
ssid = "test-pmf-required"
params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
params["ieee80211w"] = "2"
params["ocv"] = "1"
try:
hapd = hostapd.add_ap(apdev[0], params)
except Exception as e:
if "Failed to set hostapd parameter ocv" in str(e):
raise HwsimSkip("OCV not supported")
raise
Wlantest.setup(hapd)
wt = Wlantest()
wt.flush()
wt.add_passphrase("12345678")
dev[0].connect(ssid,
psk="12345678",
ieee80211w="1",
ocv="1",
key_mgmt="WPA-PSK WPA-PSK-SHA256",
proto="WPA2",
scan_freq="2412")
# Test that client can handle SA Query with OCI element
if "OK" not in hapd.request("SA_QUERY " + dev[0].own_addr()):
raise Exception("SA_QUERY failed")
time.sleep(0.1)
if wt.get_sta_counter("valid_saqueryresp_tx", apdev[0]['bssid'],
dev[0].own_addr()) < 1:
raise Exception("STA did not reply to SA Query")
# Test that AP can handle SA Query with OCI element
if "OK" not in dev[0].request("UNPROT_DEAUTH"):
raise Exception("Triggering SA Query from the STA failed")
ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=3)
if ev is not None:
raise Exception("SA Query from the STA failed")
def test_ap_vht80_params(dev, apdev):
"""VHT with 80 MHz channel width and number of optional features enabled"""
try:
hapd = None
params = {
"ssid": "vht",
"country_code": "FI",
"hw_mode": "a",
"channel": "36",
"ht_capab": "[HT40+][SHORT-GI-40][DSS_CCK-40]",
"ieee80211n": "1",
"ieee80211ac": "1",
"vht_oper_chwidth": "1",
"vht_capab":
"[MAX-MPDU-11454][RXLDPC][SHORT-GI-80][TX-STBC-2BY1][RX-STBC-1][MAX-A-MPDU-LEN-EXP0]",
"vht_oper_centr_freq_seg0_idx": "42",
"require_vht": "1"
}
hapd = hostapd.add_ap(apdev[0], params)
dev[1].connect("vht",
key_mgmt="NONE",
scan_freq="5180",
disable_vht="1",
wait_connect=False)
dev[0].connect("vht", key_mgmt="NONE", scan_freq="5180")
ev = dev[1].wait_event(["CTRL-EVENT-ASSOC-REJECT"])
if ev is None:
raise Exception("Association rejection timed out")
if "status_code=104" not in ev:
raise Exception("Unexpected rejection status code")
dev[1].request("DISCONNECT")
hwsim_utils.test_connectivity(dev[0], hapd)
except Exception, e:
if isinstance(e, Exception) and str(e) == "AP startup failed":
if not vht_supported():
raise HwsimSkip(
"80 MHz channel not supported in regulatory information")
raise
def test_ap_ft_gcmp_256(dev, apdev):
"""WPA2-PSK-FT AP with GCMP-256 cipher"""
if "GCMP-256" not in dev[0].get_capability("pairwise"):
raise HwsimSkip("Cipher GCMP-256 not supported")
ssid = "test-ft"
passphrase = "12345678"
params = ft_params1(ssid=ssid, passphrase=passphrase)
params['rsn_pairwise'] = "GCMP-256"
hapd0 = hostapd.add_ap(apdev[0], params)
params = ft_params2(ssid=ssid, passphrase=passphrase)
params['rsn_pairwise'] = "GCMP-256"
hapd1 = hostapd.add_ap(apdev[1], params)
run_roams(dev[0],
apdev,
hapd0,
hapd1,
ssid,
passphrase,
pairwise_cipher="GCMP-256",
group_cipher="GCMP-256")
def test_dfs_ht40_minus(dev, apdev, params):
"""DFS CAC functionality on channel 104 HT40- [long]"""
if not params['long']:
raise HwsimSkip(
"Skip test case with long duration due to --long not specified")
try:
hapd = None
hapd = start_dfs_ap(apdev[0],
allow_failure=True,
ht40minus=True,
channel=104)
ev = wait_dfs_event(hapd, "DFS-CAC-COMPLETED", 70)
if "success=1" not in ev:
raise Exception("CAC failed")
if "freq=5520" not in ev:
raise Exception("Unexpected DFS freq result")
ev = hapd.wait_event(["AP-ENABLED"], timeout=5)
if not ev:
raise Exception("AP setup timed out")
state = hapd.get_status_field("state")
if state != "ENABLED":
raise Exception("Unexpected interface state")
freq = hapd.get_status_field("freq")
if freq != "5520":
raise Exception("Unexpected frequency")
dev[0].connect("dfs", key_mgmt="NONE", scan_freq="5520")
hwsim_utils.test_connectivity(dev[0], hapd)
finally:
dev[0].request("DISCONNECT")
if hapd:
hapd.request("DISABLE")
subprocess.call(['iw', 'reg', 'set', '00'])
dev[0].flush_scan_cache()
def test_owe(dev, apdev):
"""Opportunistic Wireless Encryption"""
if "OWE" not in dev[0].get_capability("key_mgmt"):
raise HwsimSkip("OWE not supported")
params = {
"ssid": "owe",
"wpa": "2",
"ieee80211w": "2",
"wpa_key_mgmt": "OWE",
"rsn_pairwise": "CCMP"
}
hapd = hostapd.add_ap(apdev[0], params)
bssid = hapd.own_addr()
conf = hapd.request("GET_CONFIG")
if "key_mgmt=OWE" not in conf.splitlines():
logger.info("GET_CONFIG:\n" + conf)
raise Exception("GET_CONFIG did not report correct key_mgmt")
dev[0].scan_for_bss(bssid, freq="2412")
bss = dev[0].get_bss(bssid)
if "[WPA2-OWE-CCMP]" not in bss['flags']:
raise Exception("OWE AKM not recognized: " + bss['flags'])
id = dev[0].connect("owe",
key_mgmt="OWE",
ieee80211w="2",
scan_freq="2412")
hapd.wait_sta()
pmk_h = hapd.request("GET_PMK " + dev[0].own_addr())
pmk_w = dev[0].get_pmk(id)
if pmk_h != pmk_w:
raise Exception(
"Fetched PMK does not match: hostapd %s, wpa_supplicant %s" %
(pmk_h, pmk_w))
hwsim_utils.test_connectivity(dev[0], hapd)
val = dev[0].get_status_field("key_mgmt")
if val != "OWE":
raise Exception("Unexpected key_mgmt: " + val)
def test_sae_anti_clogging(dev, apdev):
"""SAE anti clogging"""
if "SAE" not in dev[0].get_capability("auth_alg"):
raise HwsimSkip("SAE not supported")
params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678")
params['wpa_key_mgmt'] = 'SAE'
params['sae_anti_clogging_threshold'] = '1'
hostapd.add_ap(apdev[0], params)
dev[0].request("SET sae_groups ")
dev[1].request("SET sae_groups ")
id = {}
for i in range(0, 2):
dev[i].scan(freq="2412")
id[i] = dev[i].connect("test-sae",
psk="12345678",
key_mgmt="SAE",
scan_freq="2412",
only_add_network=True)
for i in range(0, 2):
dev[i].select_network(id[i])
for i in range(0, 2):
dev[i].wait_connected(timeout=10)
def test_scan_for_auth(dev, apdev):
"""cfg80211 workaround with scan-for-auth"""
hapd = hostapd.add_ap(apdev[0]['ifname'], {"ssid": "open"})
dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
# Block sme-connect radio work with an external radio work item, so that
# SELECT_NETWORK can decide to use fast associate without a new scan while
# cfg80211 still has the matching BSS entry, but the actual connection is
# not yet started.
id = dev[0].request("RADIO_WORK add block-work")
ev = dev[0].wait_event(["EXT-RADIO-WORK-START"])
if ev is None:
raise Exception("Timeout while waiting radio work to start")
dev[0].connect("open",
key_mgmt="NONE",
scan_freq="2412",
wait_connect=False)
dev[0].dump_monitor()
# Clear cfg80211 BSS table.
try:
subprocess.check_call(
['iw', dev[0].ifname, 'scan', 'trigger', 'freq', '2457', 'flush'])
except subprocess.CalledProcessError, e:
raise HwsimSkip("iw scan trigger flush not supported")
def test_ap_ft_sae_over_ds(dev, apdev):
"""WPA2-PSK-FT-SAE AP over DS"""
if "SAE" not in dev[0].get_capability("auth_alg"):
raise HwsimSkip("SAE not supported")
ssid = "test-ft"
passphrase = "12345678"
params = ft_params1(ssid=ssid, passphrase=passphrase)
params['wpa_key_mgmt'] = "FT-SAE"
hapd0 = hostapd.add_ap(apdev[0], params)
params = ft_params2(ssid=ssid, passphrase=passphrase)
params['wpa_key_mgmt'] = "FT-SAE"
hapd1 = hostapd.add_ap(apdev[1], params)
dev[0].request("SET sae_groups ")
run_roams(dev[0],
apdev,
hapd0,
hapd1,
ssid,
passphrase,
sae=True,
over_ds=True)
