def test_owe_and_psk(dev, apdev): """Opportunistic Wireless Encryption and WPA2-PSK enabled""" if "OWE" not in dev[0].get_capability("key_mgmt"): raise HwsimSkip("OWE not supported") params = { "ssid": "owe+psk", "wpa": "2", "wpa_key_mgmt": "OWE WPA-PSK", "rsn_pairwise": "CCMP", "wpa_passphrase": "12345678" } hapd = hostapd.add_ap(apdev[0], params) bssid = hapd.own_addr() dev[0].scan_for_bss(bssid, freq="2412") dev[0].connect("owe+psk", psk="12345678") hwsim_utils.test_connectivity(dev[0], hapd) dev[1].scan_for_bss(bssid, freq="2412") dev[1].connect("owe+psk", key_mgmt="OWE") hwsim_utils.test_connectivity(dev[1], hapd)
def test_sae_pmksa_caching(dev, apdev): """SAE and PMKSA caching""" if "SAE" not in dev[0].get_capability("auth_alg"): raise HwsimSkip("SAE not supported") params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678") params['wpa_key_mgmt'] = 'SAE' hapd = hostapd.add_ap(apdev[0]['ifname'], params) dev[0].request("SET sae_groups ") dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE", scan_freq="2412") ev = hapd.wait_event([ "AP-STA-CONNECTED" ], timeout=5) if ev is None: raise Exception("No connection event received from hostapd") dev[0].request("DISCONNECT") dev[0].wait_disconnected() dev[0].request("RECONNECT") dev[0].wait_connected(timeout=15, error="Reconnect timed out") if dev[0].get_status_field('sae_group') is not None: raise Exception("SAE group claimed to have been used")
def test_owe_transition_mode_open_only_ap(dev, apdev): """Opportunistic Wireless Encryption transition mode connect to open-only AP""" if "OWE" not in dev[0].get_capability("key_mgmt"): raise HwsimSkip("OWE not supported") dev[0].flush_scan_cache() params = {"ssid": "owe-test-open"} hapd = hostapd.add_ap(apdev[0], params) bssid = hapd.own_addr() dev[0].scan_for_bss(bssid, freq="2412") bss = dev[0].get_bss(bssid) id = dev[0].connect("owe-test-open", key_mgmt="OWE", ieee80211w="2", scan_freq="2412") hwsim_utils.test_connectivity(dev[0], hapd) val = dev[0].get_status_field("key_mgmt") if val != "NONE": raise Exception("Unexpected key_mgmt: " + val)
def test_tnc_ttls(dev, apdev): """TNC TTLS""" check_eap_capa(dev[0], "MSCHAPV2") params = int_eap_server_params() params["tnc"] = "1" hostapd.add_ap(apdev[0], params) if not os.path.exists("tnc/libhostap_imc.so"): raise HwsimSkip("No IMC installed") dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS", identity="DOMAIN\mschapv2 user", anonymous_identity="ttls", password="******", phase2="auth=MSCHAPV2", ca_cert="auth_serv/ca.pem", scan_freq="2412", wait_connect=False) dev[0].wait_connected(timeout=10)
def run_autogo_chan_switch(dev): autogo(dev[0], freq=2417) connect_cli(dev[0], dev[1], freq=2417) res = dev[0].group_request("CHAN_SWITCH 5 2422") if "FAIL" in res: # for now, skip test since mac80211_hwsim support is not yet widely # deployed raise HwsimSkip( "Assume mac80211_hwsim did not support channel switching") ev = dev[0].wait_group_event(["AP-CSA-FINISHED"], timeout=10) if ev is None: raise Exception("CSA finished event timed out") if "freq=2422" not in ev: raise Exception("Unexpected cahnnel in CSA finished event") dev[0].dump_monitor() dev[1].dump_monitor() time.sleep(0.1) hwsim_utils.test_connectivity_p2p(dev[0], dev[1]) dev[0].remove_group() dev[1].wait_go_ending_session()
def test_ap_cipher_tkip_countermeasures_ap(dev, apdev): """WPA-PSK/TKIP countermeasures (detected by AP)""" skip_with_fips(dev[0]) testfile = "/sys/kernel/debug/ieee80211/%s/netdev:%s/tkip_mic_test" % ( dev[0].get_driver_status_field("phyname"), dev[0].ifname) if dev[0].cmd_execute(["ls", testfile])[0] != 0: raise HwsimSkip("tkip_mic_test not supported in mac80211") params = { "ssid": "tkip-countermeasures", "wpa_passphrase": "12345678", "wpa": "1", "wpa_key_mgmt": "WPA-PSK", "wpa_pairwise": "TKIP" } hapd = hostapd.add_ap(apdev[0], params) dev[0].connect("tkip-countermeasures", psk="12345678", pairwise="TKIP", group="TKIP", scan_freq="2412") dev[0].dump_monitor() dev[0].cmd_execute(["echo", "-n", apdev[0]['bssid'], ">", testfile], shell=True) ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1) if ev is not None: raise Exception( "Unexpected disconnection on first Michael MIC failure") dev[0].cmd_execute(["echo", "-n", "ff:ff:ff:ff:ff:ff", ">", testfile], shell=True) ev = dev[0].wait_disconnected( timeout=10, error="No disconnection after two Michael MIC failures") if "reason=14" not in ev: raise Exception("Unexpected disconnection reason: " + ev) ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1) if ev is not None: raise Exception("Unexpected connection during TKIP countermeasures")
def test_ap_vht_tkip(dev, apdev): """VHT and TKIP""" try: hapd = None params = { "ssid": "vht", "wpa": "1", "wpa_key_mgmt": "WPA-PSK", "wpa_pairwise": "TKIP", "wpa_passphrase": "12345678", "country_code": "FI", "hw_mode": "a", "channel": "36", "ht_capab": "[HT40+]", "ieee80211n": "1", "ieee80211ac": "1", "vht_oper_chwidth": "1", "vht_oper_centr_freq_seg0_idx": "42" } hapd = hostapd.add_ap(apdev[0], params) bssid = apdev[0]['bssid'] dev[0].connect("vht", psk="12345678", scan_freq="5180") hwsim_utils.test_connectivity(dev[0], hapd) sig = dev[0].request("SIGNAL_POLL").splitlines() if "FREQUENCY=5180" not in sig: raise Exception("Unexpected SIGNAL_POLL value(1): " + str(sig)) if "WIDTH=20 MHz (no HT)" not in sig: raise Exception("Unexpected SIGNAL_POLL value(2): " + str(sig)) status = hapd.get_status() logger.info("hostapd STATUS: " + str(status)) if status["ieee80211n"] != "0": raise Exception("Unexpected STATUS ieee80211n value") if status["ieee80211ac"] != "0": raise Exception("Unexpected STATUS ieee80211ac value") if status["secondary_channel"] != "0": raise Exception("Unexpected STATUS secondary_channel value") except Exception, e: if isinstance(e, Exception) and str(e) == "AP startup failed": if not vht_supported(): raise HwsimSkip("80 MHz channel not supported in regulatory information") raise
def test_hostapd_oom_wpa2_psk_connect(dev, apdev): """hostapd failing during WPA2-PSK mode connection due to OOM""" params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678") hapd = hostapd.add_ap(apdev[0]['ifname'], params) dev[0].request("SCAN_INTERVAL 1") count = 0 for i in range(1, 1000): logger.info("Iteration %d" % i) if "OK" not in hapd.request("TEST_ALLOC_FAIL %d:main" % i): raise HwsimSkip("TEST_ALLOC_FAIL not supported") id = dev[0].connect("test-wpa2-psk", psk="12345678", scan_freq="2412", wait_connect=False) ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED", "CTRL-EVENT-SSID-TEMP-DISABLED"], timeout=5) if ev is None: logger.info("Timeout while waiting for connection in iteration %d" % i) dev[0].request("REMOVE_NETWORK all") time.sleep(0.1) else: if "CTRL-EVENT-SSID-TEMP-DISABLED" in ev: logger.info("Re-select to avoid long wait for temp disavle") dev[0].select_network(id) dev[0].wait_connected() dev[0].request("REMOVE_NETWORK all") dev[0].wait_disconnected() for i in range(3): dev[i].dump_monitor() hapd.dump_monitor() state = hapd.request('GET_ALLOC_FAIL') logger.info("GET_ALLOC_FAIL: " + state) hapd.request("TEST_ALLOC_FAIL 0:") if state.startswith('0:'): count = 0 else: count += 1 if count == 5: break dev[0].request("SCAN_INTERVAL 5")
def run_ap_wpa2_igtk_initial_rsc(dev, apdev, cipher): if cipher not in dev[0].get_capability("group_mgmt"): raise HwsimSkip("Cipher %s not supported" % cipher) params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678") params["ieee80211w"] = "2" params["rsn_pairwise"] = "CCMP" params["group_cipher"] = "CCMP" params["group_mgmt_cipher"] = cipher params["igtk_rsc_override"] = "341200000000" hapd = hostapd.add_ap(apdev[0], params) Wlantest.setup(hapd) wt = Wlantest() wt.flush() wt.add_passphrase("12345678") dev[0].connect("test-wpa2-psk", psk="12345678", proto="WPA2", ieee80211w="2", pairwise="CCMP", group="CCMP", group_mgmt=cipher, scan_freq="2412") hapd.wait_sta() # Verify that broadcast robust management frames are dropped. dev[0].note("Sending broadcast Deauthentication and Disassociation frames with too small IPN") hapd.request("DEAUTHENTICATE ff:ff:ff:ff:ff:ff test=1") hapd.request("DISASSOCIATE ff:ff:ff:ff:ff:ff test=1") hapd.request("DEAUTHENTICATE ff:ff:ff:ff:ff:ff test=1") hapd.request("DISASSOCIATE ff:ff:ff:ff:ff:ff test=1") dev[0].note("Done sending broadcast Deauthentication and Disassociation frames with too small IPN") ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1) if ev is not None: raise Exception("Unexpected disconnection") # Verify thar unicast robust management frames go through. hapd.request("DEAUTHENTICATE " + dev[0].own_addr() + " reason=123 test=1") ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1) if ev is None: raise Exception("Disconnection not reported") if "reason=123" not in ev: raise Exception("Unexpected disconnection reason: " + ev)
def test_ap_cipher_tkip_countermeasures_sta(dev, apdev): """WPA-PSK/TKIP countermeasures (detected by STA)""" skip_with_fips(dev[0]) params = { "ssid": "tkip-countermeasures", "wpa_passphrase": "12345678", "wpa": "1", "wpa_key_mgmt": "WPA-PSK", "wpa_pairwise": "TKIP" } hapd = hostapd.add_ap(apdev[0]['ifname'], params) testfile = "/sys/kernel/debug/ieee80211/%s/netdev:%s/tkip_mic_test" % ( hapd.get_driver_status_field("phyname"), apdev[0]['ifname']) if not os.path.exists(testfile): raise HwsimSkip("tkip_mic_test not supported in mac80211") dev[0].connect("tkip-countermeasures", psk="12345678", pairwise="TKIP", group="TKIP", scan_freq="2412") dev[0].dump_monitor() with open(testfile, "w") as f: f.write(dev[0].p2p_dev_addr()) ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1) if ev is not None: raise Exception( "Unexpected disconnection on first Michael MIC failure") with open(testfile, "w") as f: f.write("ff:ff:ff:ff:ff:ff") ev = dev[0].wait_disconnected( timeout=10, error="No disconnection after two Michael MIC failures") if "reason=14 locally_generated=1" not in ev: raise Exception("Unexpected disconnection reason: " + ev) ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1) if ev is not None: raise Exception("Unexpected connection during TKIP countermeasures")
def test_ap_open_tdls_vht80(dev, apdev): """Open AP and two stations using TDLS with VHT 80""" params = { "ssid": "test-open", "country_code": "US", "hw_mode": "a", "channel": "36", "ht_capab": "[HT40+]", "ieee80211n": "1", "ieee80211ac": "1", "vht_capab": "", "vht_oper_chwidth": "1", "vht_oper_centr_freq_seg0_idx": "42" } try: hapd = None hapd = hostapd.add_ap(apdev[0], params) wlantest_setup(hapd) connect_2sta_open(dev, hapd, scan_freq="5180") sig = dev[0].request("SIGNAL_POLL").splitlines() if "WIDTH=80 MHz" not in sig: raise Exception("Unexpected SIGNAL_POLL value(2): " + str(sig)) setup_tdls(dev[0], dev[1], hapd) for i in range(10): check_connectivity(dev[0], dev[1], hapd) for i in range(2): cmd = subprocess.Popen(['iw', dev[0].ifname, 'station', 'dump'], stdout=subprocess.PIPE) res = cmd.stdout.read() cmd.stdout.close() logger.info("Station dump on dev[%d]:\n%s" % (i, res)) except Exception as e: if isinstance(e, Exception) and str(e) == "AP startup failed": if not vht_supported(): raise HwsimSkip( "80/160 MHz channel not supported in regulatory information" ) raise finally: tdls_clear_reg(hapd, dev)
def sae_reflection_attack(apdev, dev, group): if "SAE" not in dev.get_capability("auth_alg"): raise HwsimSkip("SAE not supported") params = hostapd.wpa2_params(ssid="test-sae", passphrase="no-knowledge-of-passphrase") params['wpa_key_mgmt'] = 'SAE' hapd = hostapd.add_ap(apdev, params) bssid = apdev['bssid'] dev.scan_for_bss(bssid, freq=2412) hapd.set("ext_mgmt_frame_handling", "1") dev.request("SET sae_groups %d" % group) dev.connect("test-sae", psk="reflection-attack", key_mgmt="SAE", scan_freq="2412", wait_connect=False) # Commit for i in range(0, 10): req = hapd.mgmt_rx() if req is None: raise Exception("MGMT RX wait timed out") if req['subtype'] == 11: break req = None if not req: raise Exception("Authentication frame not received") resp = {} resp['fc'] = req['fc'] resp['da'] = req['sa'] resp['sa'] = req['da'] resp['bssid'] = req['bssid'] resp['payload'] = req['payload'] hapd.mgmt_tx(resp) # Confirm req = hapd.mgmt_rx(timeout=0.5) if req is not None: if req['subtype'] == 11: raise Exception("Unexpected Authentication frame seen")
def test_ap_cipher_bip_req_mismatch(dev, apdev): """WPA2-PSK with BIP cipher mismatch""" group_mgmt = dev[0].get_capability("group_mgmt") for cipher in ["AES-128-CMAC", "BIP-GMAC-256"]: if cipher not in group_mgmt: raise HwsimSkip("Cipher %s not supported" % cipher) params = { "ssid": "test-wpa2-psk-pmf", "wpa_passphrase": "12345678", "wpa": "2", "ieee80211w": "2", "wpa_key_mgmt": "WPA-PSK-SHA256", "rsn_pairwise": "CCMP", "group_mgmt_cipher": "AES-128-CMAC" } hapd = hostapd.add_ap(apdev[0], params) dev[0].scan_for_bss(hapd.own_addr(), 2412) id = dev[0].connect("test-wpa2-psk-pmf", psk="12345678", ieee80211w="2", key_mgmt="WPA-PSK-SHA256", group_mgmt="BIP-GMAC-256", pairwise="CCMP", group="CCMP", scan_freq="2412", wait_connect=False) ev = dev[0].wait_event( ["CTRL-EVENT-NETWORK-NOT-FOUND", "CTRL-EVENT-CONNECTED"], timeout=10) if ev is None: raise Exception("Network selection result not indicated") if "CTRL-EVENT-CONNECTED" in ev: raise Exception("Unexpected connection") dev[0].request("DISCONNECT") dev[0].set_network(id, "group_mgmt", "AES-128-CMAC") dev[0].select_network(id) dev[0].wait_connected()
def test_rrm_neighbor_rep_req_from_conf(dev, apdev): """wpa_supplicant ctrl_iface NEIGHBOR_REP_REQUEST and hostapd config""" params = { "ssid": "test2", "rrm_neighbor_report": "1", "stationary_ap": "1", "lci": lci, "civic": civic } hapd = hostapd.add_ap(apdev[0]['ifname'], params) bssid = apdev[0]['bssid'] rrm = int(dev[0].get_driver_status_field("capa.rrm_flags"), 16) if rrm & 0x5 != 0x5 and rrm & 0x10 != 0x10: raise HwsimSkip("Required RRM capabilities are not supported") dev[0].connect("test2", key_mgmt="NONE", scan_freq="2412") if "OK" not in dev[0].request("NEIGHBOR_REP_REQUEST"): raise Exception("Request failed") check_nr_results(dev[0], [bssid])
def test_p2p_device_autogo_chan_switch(dev): """P2P autonomous GO switching channels with cfg80211 P2P Device""" with HWSimRadio(use_p2p_device=True) as (radio, iface): wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5') wpas.interface_add(iface) wpas.global_request("SET p2p_no_group_iface 1") autogo(wpas, freq=2417) connect_cli(wpas, dev[1]) res = wpas.group_request("CHAN_SWITCH 5 2422") if "FAIL" in res: # for now, skip test since mac80211_hwsim support is not yet widely # deployed raise HwsimSkip("Assume mac80211_hwsim did not support channel switching") ev = wpas.wait_group_event(["AP-CSA-FINISHED"], timeout=10) if ev is None: raise Exception("CSA finished event timed out") if "freq=2422" not in ev: raise Exception("Unexpected cahnnel in CSA finished event") wpas.dump_monitor() dev[1].dump_monitor() time.sleep(0.1) hwsim_utils.test_connectivity_p2p(wpas, dev[1])
def check_group_mgmt_cipher(dev, ap, cipher): wt = Wlantest() wt.flush() wt.add_passphrase("12345678") if cipher not in dev.get_capability("group_mgmt"): raise HwsimSkip("Cipher %s not supported" % cipher) params = { "ssid": "test-wpa2-psk-pmf", "wpa_passphrase": "12345678", "wpa": "2", "ieee80211w": "2", "wpa_key_mgmt": "WPA-PSK-SHA256", "rsn_pairwise": "CCMP", "group_mgmt_cipher": cipher } hapd = hostapd.add_ap(ap['ifname'], params) dev.connect("test-wpa2-psk-pmf", psk="12345678", ieee80211w="2", key_mgmt="WPA-PSK-SHA256", pairwise="CCMP", group="CCMP", scan_freq="2412") hwsim_utils.test_connectivity(dev, hapd) hapd.request("DEAUTHENTICATE ff:ff:ff:ff:ff:ff") dev.wait_disconnected() if wt.get_bss_counter('valid_bip_mmie', ap['bssid']) < 1: raise Exception("No valid BIP MMIE seen") if wt.get_bss_counter('bip_deauth', ap['bssid']) < 1: raise Exception("No valid BIP deauth seen") if cipher == "AES-128-CMAC": group_mgmt = "BIP" else: group_mgmt = cipher res = wt.info_bss('group_mgmt', ap['bssid']).strip() if res != group_mgmt: raise Exception("Unexpected group mgmt cipher: " + res)
def test_sae(dev, apdev): """SAE with default group""" if "SAE" not in dev[0].get_capability("auth_alg"): raise HwsimSkip("SAE not supported") params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678") params['wpa_key_mgmt'] = 'SAE' hapd = hostapd.add_ap(apdev[0], params) key_mgmt = hapd.get_config()['key_mgmt'] if key_mgmt.split(' ')[0] != "SAE": raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt) dev[0].request("SET sae_groups ") id = dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE", scan_freq="2412") if dev[0].get_status_field('sae_group') != '19': raise Exception("Expected default SAE group not used") bss = dev[0].get_bss(apdev[0]['bssid']) if 'flags' not in bss: raise Exception("Could not get BSS flags from BSS table") if "[WPA2-SAE-CCMP]" not in bss['flags']: raise Exception("Unexpected BSS flags: " + bss['flags'])
def hs20_filters_connect(dev, apdev, disable_dgaf=False, proxy_arp=False): bssid = apdev[0]['bssid'] params = hs20_ap_params() params['hessid'] = bssid # Do not disable dgaf, to test that the station drops unicast IP packets # encrypted with GTK. params['disable_dgaf'] = '0' params['proxy_arp'] = '1' params['ap_isolate'] = '1' params['bridge'] = 'ap-br0' try: hapd = hostapd.add_ap(apdev[0], params) except: # For now, do not report failures due to missing kernel support. raise HwsimSkip( "Could not start hostapd - assume proxyarp not supported in the kernel" ) subprocess.call(['brctl', 'setfd', 'ap-br0', '0']) subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up']) dev[0].hs20_enable() id = dev[0].add_cred_values({ 'realm': "example.com", 'username': "******", 'password': "******", 'ca_cert': "auth_serv/ca.pem", 'domain': "example.com", 'update_identifier': "1234" }) interworking_select(dev[0], bssid, "home", freq="2412") interworking_connect(dev[0], bssid, "TTLS") time.sleep(0.1) return dev[0], hapd
def test_wmediumd_simple(dev, apdev): """test a simple wmediumd configuration""" fd, fn = tempfile.mkstemp() try: f = os.fdopen(fd, 'w') f.write(CFG % (apdev[0]['bssid'], dev[0].own_addr())) f.close() try: p = subprocess.Popen(['wmediumd', '-c', fn], stdout=open('/dev/null', 'a'), stderr=subprocess.STDOUT) except OSError, e: if e.errno == errno.ENOENT: raise HwsimSkip("wmediumd not available") raise try: _test_ap_open(dev, apdev) finally: p.terminate() p.wait() # test that releasing hwsim works correctly _test_ap_open(dev, apdev)
def test_wpas_ap_acs(dev): """wpa_supplicant AP mode - ACS""" res = dev[0].get_capability("acs") if res is None or "ACS" not in res: raise HwsimSkip("ACS not supported") id = dev[0].add_network() dev[0].set_network(id, "mode", "2") dev[0].set_network_quoted(id, "ssid", "wpas-ap-open") dev[0].set_network(id, "key_mgmt", "NONE") dev[0].set_network(id, "frequency", "2417") dev[0].set_network(id, "scan_freq", "2417") dev[0].set_network(id, "acs", "1") dev[0].select_network(id) wait_ap_ready(dev[0]) # ACS prefers channels 1, 6, 11 freq = dev[0].get_status_field('freq') if freq == "2417": raise Exception("Unexpected operating channel selected") dev[1].connect("wpas-ap-open", key_mgmt="NONE", scan_freq=freq)
def test_sae_pwe_failure(dev, apdev): """SAE and pwe failure""" if "SAE" not in dev[0].get_capability("auth_alg"): raise HwsimSkip("SAE not supported") params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678") params['wpa_key_mgmt'] = 'SAE' params['sae_groups'] = '19 5' hapd = hostapd.add_ap(apdev[0], params) dev[0].request("SET sae_groups 19") with fail_test(dev[0], 1, "hmac_sha256_vector;sae_derive_pwe_ecc"): dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE", scan_freq="2412") dev[0].request("REMOVE_NETWORK all") dev[0].wait_disconnected() with fail_test(dev[0], 1, "sae_test_pwd_seed_ecc"): dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE", scan_freq="2412") dev[0].request("REMOVE_NETWORK all") dev[0].wait_disconnected() dev[0].request("SET sae_groups 5") with fail_test(dev[0], 1, "hmac_sha256_vector;sae_derive_pwe_ffc"): dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE", scan_freq="2412") dev[0].request("REMOVE_NETWORK all") dev[0].wait_disconnected() dev[0].request("SET sae_groups 5") with fail_test(dev[0], 1, "sae_test_pwd_seed_ffc"): dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE", scan_freq="2412") dev[0].request("REMOVE_NETWORK all") dev[0].wait_disconnected() with fail_test(dev[0], 2, "sae_test_pwd_seed_ffc"): dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE", scan_freq="2412") dev[0].request("REMOVE_NETWORK all") dev[0].wait_disconnected()
def test_owe_groups(dev, apdev): """Opportunistic Wireless Encryption - DH groups""" if "OWE" not in dev[0].get_capability("key_mgmt"): raise HwsimSkip("OWE not supported") params = { "ssid": "owe", "wpa": "2", "wpa_key_mgmt": "OWE", "rsn_pairwise": "CCMP" } hapd = hostapd.add_ap(apdev[0], params) bssid = hapd.own_addr() dev[0].scan_for_bss(bssid, freq="2412") for group in [19, 20, 21]: dev[0].connect("owe", key_mgmt="OWE", owe_group=str(group)) hapd.wait_sta() hwsim_utils.test_connectivity(dev[0], hapd) dev[0].request("REMOVE_NETWORK all") dev[0].wait_disconnected() dev[0].dump_monitor() hapd.dump_monitor()
def test_ocv_sa_query(dev, apdev): """Test SA Query with OCV""" ssid = "test-pmf-required" params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678") params["wpa_key_mgmt"] = "WPA-PSK-SHA256" params["ieee80211w"] = "2" params["ocv"] = "1" try: hapd = hostapd.add_ap(apdev[0], params) except Exception as e: if "Failed to set hostapd parameter ocv" in str(e): raise HwsimSkip("OCV not supported") raise Wlantest.setup(hapd) wt = Wlantest() wt.flush() wt.add_passphrase("12345678") dev[0].connect(ssid, psk="12345678", ieee80211w="1", ocv="1", key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2", scan_freq="2412") # Test that client can handle SA Query with OCI element if "OK" not in hapd.request("SA_QUERY " + dev[0].own_addr()): raise Exception("SA_QUERY failed") time.sleep(0.1) if wt.get_sta_counter("valid_saqueryresp_tx", apdev[0]['bssid'], dev[0].own_addr()) < 1: raise Exception("STA did not reply to SA Query") # Test that AP can handle SA Query with OCI element if "OK" not in dev[0].request("UNPROT_DEAUTH"): raise Exception("Triggering SA Query from the STA failed") ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=3) if ev is not None: raise Exception("SA Query from the STA failed")
def test_ap_vht80_params(dev, apdev): """VHT with 80 MHz channel width and number of optional features enabled""" try: hapd = None params = { "ssid": "vht", "country_code": "FI", "hw_mode": "a", "channel": "36", "ht_capab": "[HT40+][SHORT-GI-40][DSS_CCK-40]", "ieee80211n": "1", "ieee80211ac": "1", "vht_oper_chwidth": "1", "vht_capab": "[MAX-MPDU-11454][RXLDPC][SHORT-GI-80][TX-STBC-2BY1][RX-STBC-1][MAX-A-MPDU-LEN-EXP0]", "vht_oper_centr_freq_seg0_idx": "42", "require_vht": "1" } hapd = hostapd.add_ap(apdev[0], params) dev[1].connect("vht", key_mgmt="NONE", scan_freq="5180", disable_vht="1", wait_connect=False) dev[0].connect("vht", key_mgmt="NONE", scan_freq="5180") ev = dev[1].wait_event(["CTRL-EVENT-ASSOC-REJECT"]) if ev is None: raise Exception("Association rejection timed out") if "status_code=104" not in ev: raise Exception("Unexpected rejection status code") dev[1].request("DISCONNECT") hwsim_utils.test_connectivity(dev[0], hapd) except Exception, e: if isinstance(e, Exception) and str(e) == "AP startup failed": if not vht_supported(): raise HwsimSkip( "80 MHz channel not supported in regulatory information") raise
def test_ap_ft_gcmp_256(dev, apdev): """WPA2-PSK-FT AP with GCMP-256 cipher""" if "GCMP-256" not in dev[0].get_capability("pairwise"): raise HwsimSkip("Cipher GCMP-256 not supported") ssid = "test-ft" passphrase = "12345678" params = ft_params1(ssid=ssid, passphrase=passphrase) params['rsn_pairwise'] = "GCMP-256" hapd0 = hostapd.add_ap(apdev[0], params) params = ft_params2(ssid=ssid, passphrase=passphrase) params['rsn_pairwise'] = "GCMP-256" hapd1 = hostapd.add_ap(apdev[1], params) run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, pairwise_cipher="GCMP-256", group_cipher="GCMP-256")
def test_dfs_ht40_minus(dev, apdev, params): """DFS CAC functionality on channel 104 HT40- [long]""" if not params['long']: raise HwsimSkip( "Skip test case with long duration due to --long not specified") try: hapd = None hapd = start_dfs_ap(apdev[0], allow_failure=True, ht40minus=True, channel=104) ev = wait_dfs_event(hapd, "DFS-CAC-COMPLETED", 70) if "success=1" not in ev: raise Exception("CAC failed") if "freq=5520" not in ev: raise Exception("Unexpected DFS freq result") ev = hapd.wait_event(["AP-ENABLED"], timeout=5) if not ev: raise Exception("AP setup timed out") state = hapd.get_status_field("state") if state != "ENABLED": raise Exception("Unexpected interface state") freq = hapd.get_status_field("freq") if freq != "5520": raise Exception("Unexpected frequency") dev[0].connect("dfs", key_mgmt="NONE", scan_freq="5520") hwsim_utils.test_connectivity(dev[0], hapd) finally: dev[0].request("DISCONNECT") if hapd: hapd.request("DISABLE") subprocess.call(['iw', 'reg', 'set', '00']) dev[0].flush_scan_cache()
def test_owe(dev, apdev): """Opportunistic Wireless Encryption""" if "OWE" not in dev[0].get_capability("key_mgmt"): raise HwsimSkip("OWE not supported") params = { "ssid": "owe", "wpa": "2", "ieee80211w": "2", "wpa_key_mgmt": "OWE", "rsn_pairwise": "CCMP" } hapd = hostapd.add_ap(apdev[0], params) bssid = hapd.own_addr() conf = hapd.request("GET_CONFIG") if "key_mgmt=OWE" not in conf.splitlines(): logger.info("GET_CONFIG:\n" + conf) raise Exception("GET_CONFIG did not report correct key_mgmt") dev[0].scan_for_bss(bssid, freq="2412") bss = dev[0].get_bss(bssid) if "[WPA2-OWE-CCMP]" not in bss['flags']: raise Exception("OWE AKM not recognized: " + bss['flags']) id = dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2", scan_freq="2412") hapd.wait_sta() pmk_h = hapd.request("GET_PMK " + dev[0].own_addr()) pmk_w = dev[0].get_pmk(id) if pmk_h != pmk_w: raise Exception( "Fetched PMK does not match: hostapd %s, wpa_supplicant %s" % (pmk_h, pmk_w)) hwsim_utils.test_connectivity(dev[0], hapd) val = dev[0].get_status_field("key_mgmt") if val != "OWE": raise Exception("Unexpected key_mgmt: " + val)
def test_sae_anti_clogging(dev, apdev): """SAE anti clogging""" if "SAE" not in dev[0].get_capability("auth_alg"): raise HwsimSkip("SAE not supported") params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678") params['wpa_key_mgmt'] = 'SAE' params['sae_anti_clogging_threshold'] = '1' hostapd.add_ap(apdev[0], params) dev[0].request("SET sae_groups ") dev[1].request("SET sae_groups ") id = {} for i in range(0, 2): dev[i].scan(freq="2412") id[i] = dev[i].connect("test-sae", psk="12345678", key_mgmt="SAE", scan_freq="2412", only_add_network=True) for i in range(0, 2): dev[i].select_network(id[i]) for i in range(0, 2): dev[i].wait_connected(timeout=10)
def test_scan_for_auth(dev, apdev): """cfg80211 workaround with scan-for-auth""" hapd = hostapd.add_ap(apdev[0]['ifname'], {"ssid": "open"}) dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412") # Block sme-connect radio work with an external radio work item, so that # SELECT_NETWORK can decide to use fast associate without a new scan while # cfg80211 still has the matching BSS entry, but the actual connection is # not yet started. id = dev[0].request("RADIO_WORK add block-work") ev = dev[0].wait_event(["EXT-RADIO-WORK-START"]) if ev is None: raise Exception("Timeout while waiting radio work to start") dev[0].connect("open", key_mgmt="NONE", scan_freq="2412", wait_connect=False) dev[0].dump_monitor() # Clear cfg80211 BSS table. try: subprocess.check_call( ['iw', dev[0].ifname, 'scan', 'trigger', 'freq', '2457', 'flush']) except subprocess.CalledProcessError, e: raise HwsimSkip("iw scan trigger flush not supported")
def test_ap_ft_sae_over_ds(dev, apdev): """WPA2-PSK-FT-SAE AP over DS""" if "SAE" not in dev[0].get_capability("auth_alg"): raise HwsimSkip("SAE not supported") ssid = "test-ft" passphrase = "12345678" params = ft_params1(ssid=ssid, passphrase=passphrase) params['wpa_key_mgmt'] = "FT-SAE" hapd0 = hostapd.add_ap(apdev[0], params) params = ft_params2(ssid=ssid, passphrase=passphrase) params['wpa_key_mgmt'] = "FT-SAE" hapd1 = hostapd.add_ap(apdev[1], params) dev[0].request("SET sae_groups ") run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, sae=True, over_ds=True)