def test_hapd_dup_network_global_wpa(dev, apdev):
"""hostapd and DUP_NETWORK command (WPA)"""
skip_with_fips(dev[0])
psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
src_ssid = "hapd-ctrl-src"
dst_ssid = "hapd-ctrl-dst"
src_params = hostapd.wpa_params(ssid=src_ssid)
src_params['wpa_psk'] = psk
src_ifname = apdev[0]['ifname']
src_hapd = hostapd.add_ap(apdev[0], src_params)
dst_params = { "ssid": dst_ssid }
dst_ifname = apdev[1]['ifname']
dst_hapd = hostapd.add_ap(apdev[1], dst_params, no_enable=True)
hapd_global = hostapd.HostapdGlobal()
for param in [ "wpa", "wpa_psk", "wpa_key_mgmt", "wpa_pairwise" ]:
dup_network(hapd_global, src_ifname, dst_ifname, param)
dst_hapd.enable()
dev[0].connect(dst_ssid, raw_psk=psk, proto="WPA", pairwise="TKIP",
scan_freq="2412")
addr = dev[0].own_addr()
if "FAIL" in dst_hapd.request("STA " + addr):
raise Exception("Could not connect using duplicated wpa params")
def eapol_test(apdev, dev, wpa2=True):
bssid = apdev['bssid']
if wpa2:
ssid = "test-wpa2-psk"
else:
ssid = "test-wpa-psk"
psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
pmk = binascii.unhexlify(psk)
if wpa2:
params = hostapd.wpa2_params(ssid=ssid)
else:
params = hostapd.wpa_params(ssid=ssid)
params['wpa_psk'] = psk
hapd = hostapd.add_ap(apdev['ifname'], params)
hapd.request("SET ext_eapol_frame_io 1")
dev.request("SET ext_eapol_frame_io 1")
dev.connect(ssid, psk="not used", scan_freq="2412", wait_connect=False)
addr = dev.p2p_interface_addr()
if wpa2:
rsne = binascii.unhexlify(
'30140100000fac040100000fac040100000fac020000')
else:
rsne = binascii.unhexlify(
'dd160050f20101000050f20201000050f20201000050f202')
snonce = binascii.unhexlify(
'1111111111111111111111111111111111111111111111111111111111111111')
return (bssid, ssid, hapd, snonce, pmk, addr, rsne)
def test_wext_wpa_psk(dev, apdev):
"""WEXT driver interface with WPA-PSK"""
skip_with_fips(dev[0])
wpas = get_wext_interface()
params = hostapd.wpa_params(ssid="wext-wpa-psk", passphrase="12345678")
hapd = hostapd.add_ap(apdev[0], params)
testfile = "/sys/kernel/debug/ieee80211/%s/netdev:%s/tkip_mic_test" % (hapd.get_driver_status_field("phyname"), apdev[0]['ifname'])
if not os.path.exists(testfile):
wpas.close_ctrl()
raise HwsimSkip("tkip_mic_test not supported in mac80211")
wpas.connect("wext-wpa-psk", psk="12345678")
hwsim_utils.test_connectivity(wpas, hapd)
with open(testfile, "w") as f:
f.write(wpas.p2p_interface_addr())
ev = wpas.wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
if ev is not None:
raise Exception("Unexpected disconnection on first Michael MIC failure")
with open(testfile, "w") as f:
f.write("ff:ff:ff:ff:ff:ff")
ev = wpas.wait_disconnected(timeout=10,
error="No disconnection after two Michael MIC failures")
if "reason=14 locally_generated=1" not in ev:
raise Exception("Unexpected disconnection reason: " + ev)
def test_wext_wpa_psk(dev, apdev):
"""WEXT driver interface with WPA-PSK"""
skip_with_fips(dev[0])
wpas = get_wext_interface()
params = hostapd.wpa_params(ssid="wext-wpa-psk", passphrase="12345678")
hapd = hostapd.add_ap(apdev[0]['ifname'], params)
testfile = "/sys/kernel/debug/ieee80211/%s/netdev:%s/tkip_mic_test" % (
hapd.get_driver_status_field("phyname"), apdev[0]['ifname'])
if not os.path.exists(testfile):
wpas.close_ctrl()
raise HwsimSkip("tkip_mic_test not supported in mac80211")
wpas.connect("wext-wpa-psk", psk="12345678")
hwsim_utils.test_connectivity(wpas, hapd)
with open(testfile, "w") as f:
f.write(wpas.p2p_interface_addr())
ev = wpas.wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
if ev is not None:
raise Exception(
"Unexpected disconnection on first Michael MIC failure")
with open(testfile, "w") as f:
f.write("ff:ff:ff:ff:ff:ff")
ev = wpas.wait_disconnected(
timeout=10, error="No disconnection after two Michael MIC failures")
if "reason=14 locally_generated=1" not in ev:
raise Exception("Unexpected disconnection reason: " + ev)
def test_hapd_dup_network_global_wpa(dev, apdev):
"""hostapd and DUP_NETWORK command (WPA)"""
skip_with_fips(dev[0])
psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
src_ssid = "hapd-ctrl-src"
dst_ssid = "hapd-ctrl-dst"
src_params = hostapd.wpa_params(ssid=src_ssid)
src_params['wpa_psk'] = psk
src_ifname = apdev[0]['ifname']
src_hapd = hostapd.add_ap(apdev[0], src_params)
dst_params = {"ssid": dst_ssid}
dst_ifname = apdev[1]['ifname']
dst_hapd = hostapd.add_ap(apdev[1], dst_params, no_enable=True)
hapd_global = hostapd.HostapdGlobal()
for param in ["wpa", "wpa_psk", "wpa_key_mgmt", "wpa_pairwise"]:
dup_network(hapd_global, src_ifname, dst_ifname, param)
dst_hapd.enable()
dev[0].connect(dst_ssid,
raw_psk=psk,
proto="WPA",
pairwise="TKIP",
scan_freq="2412")
addr = dev[0].own_addr()
if "FAIL" in dst_hapd.request("STA " + addr):
raise Exception("Could not connect using duplicated wpa params")
def test_ap_wpa_tdls(dev, apdev):
"""WPA-PSK AP and two stations using TDLS"""
hapd = hostapd.add_ap(apdev[0]['ifname'],
hostapd.wpa_params(ssid="test-wpa-psk",
passphrase="12345678"))
wlantest_setup()
connect_2sta_wpa_psk(dev, hapd)
setup_tdls(dev[0], dev[1], apdev[0])
teardown_tdls(dev[0], dev[1], apdev[0])
setup_tdls(dev[1], dev[0], apdev[0])
def test_ap_wpa_tdls(dev, apdev):
"""WPA-PSK AP and two stations using TDLS"""
hostapd.add_ap(
apdev[0]['ifname'],
hostapd.wpa_params(ssid="test-wpa-psk", passphrase="12345678"))
wlantest_setup()
connect_2sta_wpa_psk(dev, apdev[0]['ifname'])
setup_tdls(dev[0], dev[1], apdev[0])
teardown_tdls(dev[0], dev[1], apdev[0])
setup_tdls(dev[1], dev[0], apdev[0])
def test_ap_wpa_tdls(dev, apdev):
"""WPA-PSK AP and two stations using TDLS"""
skip_with_fips(dev[0])
hapd = hostapd.add_ap(
apdev[0], hostapd.wpa_params(ssid="test-wpa-psk",
passphrase="12345678"))
wlantest_setup(hapd)
connect_2sta_wpa_psk(dev, hapd)
setup_tdls(dev[0], dev[1], hapd)
teardown_tdls(dev[0], dev[1], hapd)
setup_tdls(dev[1], dev[0], hapd)
def test_ap_wpa_ptk_rekey(dev, apdev):
"""WPA-PSK/TKIP AP and PTK rekey enforced by station"""
ssid = "test-wpa-psk"
passphrase = 'qwertyuiop'
params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
hostapd.add_ap(apdev[0]['ifname'], params)
dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412")
ev = dev[0].wait_event(["WPA: Key negotiation completed"])
if ev is None:
raise Exception("PTK rekey timed out")
hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname'])
def test_ap_wpa_ptk_rekey(dev, apdev):
"""WPA-PSK/TKIP AP and PTK rekey enforced by station"""
ssid = "test-wpa-psk"
passphrase = 'qwertyuiop'
params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
hostapd.add_ap(apdev[0]['ifname'], params)
dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412")
ev = dev[0].wait_event(["WPA: Key negotiation completed"])
if ev is None:
raise Exception("PTK rekey timed out")
hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname'])
def test_ap_wpa_gtk_rekey(dev, apdev):
"""WPA-PSK/TKIP AP and GTK rekey enforced by AP"""
ssid = "test-wpa-psk"
passphrase = 'qwertyuiop'
params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
params['wpa_group_rekey'] = '1'
hostapd.add_ap(apdev[0]['ifname'], params)
dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
if ev is None:
raise Exception("GTK rekey timed out")
hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname'])
def test_ap_wpa_ptk_rekey(dev, apdev):
"""WPA-PSK/TKIP AP and PTK rekey enforced by station"""
ssid = "test-wpa-psk"
passphrase = 'qwertyuiop'
params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
hapd = hostapd.add_ap(apdev[0]['ifname'], params)
dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412")
if "[WPA-PSK-TKIP]" not in dev[0].request("SCAN_RESULTS"):
raise Exception("Scan results missing WPA element info")
ev = dev[0].wait_event(["WPA: Key negotiation completed"])
if ev is None:
raise Exception("PTK rekey timed out")
hwsim_utils.test_connectivity(dev[0], hapd)
def test_ap_wpa_ptk_rekey(dev, apdev):
"""WPA-PSK/TKIP AP and PTK rekey enforced by station"""
ssid = "test-wpa-psk"
passphrase = 'qwertyuiop'
params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
hapd = hostapd.add_ap(apdev[0]['ifname'], params)
dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412")
if "[WPA-PSK-TKIP]" not in dev[0].request("SCAN_RESULTS"):
raise Exception("Scan results missing WPA element info")
ev = dev[0].wait_event(["WPA: Key negotiation completed"])
if ev is None:
raise Exception("PTK rekey timed out")
hwsim_utils.test_connectivity(dev[0], hapd)
def test_ap_wpa_ccmp(dev, apdev):
"""WPA-PSK/CCMP"""
ssid = "test-wpa-psk"
passphrase = 'qwertyuiop'
params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
params['wpa_pairwise'] = "CCMP"
hostapd.add_ap(apdev[0]['ifname'], params)
dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname'])
check_mib(dev[0], [("dot11RSNAConfigGroupCipherSize", "128"),
("dot11RSNAGroupCipherRequested", "00-50-f2-4"),
("dot11RSNAPairwiseCipherRequested", "00-50-f2-4"),
("dot11RSNAAuthenticationSuiteRequested", "00-50-f2-2"),
("dot11RSNAGroupCipherSelected", "00-50-f2-4"),
("dot11RSNAPairwiseCipherSelected", "00-50-f2-4"),
("dot11RSNAAuthenticationSuiteSelected", "00-50-f2-2"),
("dot1xSuppSuppControlledPortStatus", "Authorized")])
def test_ap_wpa_ccmp(dev, apdev):
"""WPA-PSK/CCMP"""
ssid = "test-wpa-psk"
passphrase = 'qwertyuiop'
params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
params['wpa_pairwise'] = "CCMP"
hostapd.add_ap(apdev[0]['ifname'], params)
dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname'])
check_mib(dev[0], [ ("dot11RSNAConfigGroupCipherSize", "128"),
("dot11RSNAGroupCipherRequested", "00-50-f2-4"),
("dot11RSNAPairwiseCipherRequested", "00-50-f2-4"),
("dot11RSNAAuthenticationSuiteRequested", "00-50-f2-2"),
("dot11RSNAGroupCipherSelected", "00-50-f2-4"),
("dot11RSNAPairwiseCipherSelected", "00-50-f2-4"),
("dot11RSNAAuthenticationSuiteSelected", "00-50-f2-2"),
("dot1xSuppSuppControlledPortStatus", "Authorized") ])
def test_connect_cmd_wpa_psk_roam(dev, apdev):
"""WPA2/WPA-PSK connection using cfg80211 connect command to trigger roam"""
params = hostapd.wpa2_params(ssid="sta-connect", passphrase="12345678")
hostapd.add_ap(apdev[0], params)
wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
wpas.connect("sta-connect", psk="12345678", scan_freq="2412")
wpas.dump_monitor()
params = hostapd.wpa_params(ssid="sta-connect", passphrase="12345678")
hostapd.add_ap(apdev[1], params)
wpas.scan_for_bss(apdev[1]['bssid'], freq=2412, force_scan=True)
wpas.roam(apdev[1]['bssid'])
time.sleep(0.1)
wpas.request("DISCONNECT")
wpas.wait_disconnected()
wpas.dump_monitor()
def eapol_test(apdev, dev, wpa2=True):
bssid = apdev['bssid']
if wpa2:
ssid = "test-wpa2-psk"
else:
ssid = "test-wpa-psk"
psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
pmk = binascii.unhexlify(psk)
if wpa2:
params = hostapd.wpa2_params(ssid=ssid)
else:
params = hostapd.wpa_params(ssid=ssid)
params['wpa_psk'] = psk
hapd = hostapd.add_ap(apdev['ifname'], params)
hapd.request("SET ext_eapol_frame_io 1")
dev.request("SET ext_eapol_frame_io 1")
dev.connect(ssid, psk="not used", scan_freq="2412", wait_connect=False)
addr = dev.p2p_interface_addr()
if wpa2:
rsne = binascii.unhexlify('30140100000fac040100000fac040100000fac020000')
else:
rsne = binascii.unhexlify('dd160050f20101000050f20201000050f20201000050f202')
snonce = binascii.unhexlify('1111111111111111111111111111111111111111111111111111111111111111')
return (bssid,ssid,hapd,snonce,pmk,addr,rsne)
def get_ap_params(channel="1",
bw="HT20",
country="US",
security="open",
ht_capab=None,
vht_capab=None):
ssid = "test_" + channel + "_" + security + "_" + bw
if bw == "b_only":
params = hostapd.b_only_params(channel, ssid, country)
elif bw == "g_only":
params = hostapd.g_only_params(channel, ssid, country)
elif bw == "g_only_wmm":
params = hostapd.g_only_params(channel, ssid, country)
params['wmm_enabled'] = "1"
elif bw == "a_only":
params = hostapd.a_only_params(channel, ssid, country)
elif bw == "a_only_wmm":
params = hostapd.a_only_params(channel, ssid, country)
params['wmm_enabled'] = "1"
elif bw == "HT20":
params = hostapd.ht20_params(channel, ssid, country)
if ht_capab:
try:
params['ht_capab'] = params['ht_capab'] + ht_capab
except:
params['ht_capab'] = ht_capab
elif bw == "HT40+":
params = hostapd.ht40_plus_params(channel, ssid, country)
if ht_capab:
params['ht_capab'] = params['ht_capab'] + ht_capab
elif bw == "HT40-":
params = hostapd.ht40_minus_params(channel, ssid, country)
if ht_capab:
params['ht_capab'] = params['ht_capab'] + ht_capab
elif bw == "VHT80":
params = hostapd.ht40_plus_params(channel, ssid, country)
if ht_capab:
params['ht_capab'] = params['ht_capab'] + ht_capab
if vht_capab:
try:
params['vht_capab'] = params['vht_capab'] + vht_capab
except:
params['vht_capab'] = vht_capab
params['ieee80211ac'] = "1"
params['vht_oper_chwidth'] = "1"
params['vht_oper_centr_freq_seg0_idx'] = str(int(channel) + 6)
else:
params = {}
# now setup security params
if security == "tkip":
sec_params = hostapd.wpa_params(passphrase="testtest")
elif security == "ccmp":
sec_params = hostapd.wpa2_params(passphrase="testtest")
elif security == "mixed":
sec_params = hostapd.wpa_mixed_params(passphrase="testtest")
elif security == "wep":
sec_params = {
"wep_key0": "123456789a",
"wep_default_key": "0",
"auth_algs": "1"
}
elif security == "wep_shared":
sec_params = {
"wep_key0": "123456789a",
"wep_default_key": "0",
"auth_algs": "2"
}
else:
sec_params = {}
params.update(sec_params)
return params
def get_ap_params(channel="1", bw="HT20", country="US", security="open", ht_capab=None, vht_capab=None):
ssid = "test_" + channel + "_" + security + "_" + bw
if bw == "b_only":
params = hostapd.b_only_params(channel, ssid, country)
elif bw == "g_only":
params = hostapd.g_only_params(channel, ssid, country)
elif bw == "g_only_wmm":
params = hostapd.g_only_params(channel, ssid, country)
params['wmm_enabled'] = "1"
elif bw == "a_only":
params = hostapd.a_only_params(channel, ssid, country)
elif bw == "a_only_wmm":
params = hostapd.a_only_params(channel, ssid, country)
params['wmm_enabled'] = "1"
elif bw == "HT20":
params = hostapd.ht20_params(channel, ssid, country)
if ht_capab:
try:
params['ht_capab'] = params['ht_capab'] + ht_capab
except:
params['ht_capab'] = ht_capab
elif bw == "HT40+":
params = hostapd.ht40_plus_params(channel, ssid, country)
if ht_capab:
params['ht_capab'] = params['ht_capab'] + ht_capab
elif bw == "HT40-":
params = hostapd.ht40_minus_params(channel, ssid, country)
if ht_capab:
params['ht_capab'] = params['ht_capab'] + ht_capab
elif bw == "VHT80":
params = hostapd.ht40_plus_params(channel, ssid, country)
if ht_capab:
params['ht_capab'] = params['ht_capab'] + ht_capab
if vht_capab:
try:
params['vht_capab'] = params['vht_capab'] + vht_capab
except:
params['vht_capab'] = vht_capab
params['ieee80211ac'] = "1"
params['vht_oper_chwidth'] = "1"
params['vht_oper_centr_freq_seg0_idx'] = str(int(channel) + 6)
else:
params = {}
# now setup security params
if security == "tkip":
sec_params = hostapd.wpa_params(passphrase="testtest")
elif security == "ccmp":
sec_params = hostapd.wpa2_params(passphrase="testtest")
elif security == "mixed":
sec_params = hostapd.wpa_mixed_params(passphrase="testtest")
elif security == "wep":
sec_params = {"wep_key0" : "123456789a",
"wep_default_key" : "0",
"auth_algs" : "1"}
elif security == "wep_shared":
sec_params = {"wep_key0" : "123456789a",
"wep_default_key" : "0",
"auth_algs" : "2"}
else:
sec_params = {}
params.update(sec_params)
return params