def test_ap_eapol_version(dev, apdev):
"""hostapd eapol_version configuration"""
passphrase = "asdfghjkl"
params = hostapd.wpa2_params(ssid="test1", passphrase=passphrase)
hapd = hostapd.add_ap(apdev[0], params)
params = hostapd.wpa2_params(ssid="test2", passphrase=passphrase)
params['eapol_version'] = '1'
hapd2 = hostapd.add_ap(apdev[1], params)
hapd.request("SET ext_eapol_frame_io 1")
dev[0].connect("test1", psk=passphrase, scan_freq="2412",
wait_connect=False)
ev1 = hapd.wait_event(["EAPOL-TX"], timeout=15)
if ev1 is None:
raise Exception("Timeout on EAPOL-TX from hostapd")
hapd.request("SET ext_eapol_frame_io 0")
hapd2.request("SET ext_eapol_frame_io 1")
dev[1].connect("test2", psk=passphrase, scan_freq="2412",
wait_connect=False)
ev2 = hapd2.wait_event(["EAPOL-TX"], timeout=15)
if ev2 is None:
raise Exception("Timeout on EAPOL-TX from hostapd")
hapd2.request("SET ext_eapol_frame_io 0")
dev[0].wait_connected()
dev[1].wait_connected()
ver1 = ev1.split(' ')[2][0:2]
ver2 = ev2.split(' ')[2][0:2]
if ver1 != "02":
raise Exception("Unexpected default eapol_version: " + ver1)
if ver2 != "01":
raise Exception("eapol_version did not match configuration: " + ver2)
def test_multi_ap_wps_split_psk(dev, apdev):
"""WPS on split fronthaul and backhaul AP"""
backhaul_ssid = "multi-ap-backhaul-wps"
backhaul_psk = "1234567890abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
params = hostapd.wpa2_params(ssid="multi-ap-fronthaul-wps",
passphrase="12345678")
params.update({"multi_ap": "2",
"multi_ap_backhaul_ssid": '"%s"' % backhaul_ssid,
"multi_ap_backhaul_wpa_psk": backhaul_psk})
params_backhaul = hostapd.wpa2_params(ssid=backhaul_ssid)
params_backhaul.update({"multi_ap": "1", "wpa_psk": backhaul_psk})
hapd_backhaul = hostapd.add_ap(apdev[1], params_backhaul)
run_multi_ap_wps(dev, apdev, params, hapd_backhaul.own_addr())
def test_ext_password_psk_not_found(dev, apdev):
"""External password storage for PSK and PSK not found"""
params = hostapd.wpa2_params(ssid="ext-pw-psk", passphrase="12345678")
hostapd.add_ap(apdev[0]['ifname'], params)
dev[0].request("SET ext_password_backend test:psk1=12345678")
dev[0].connect("ext-pw-psk", raw_psk="ext:psk2", scan_freq="2412",
wait_connect=False)
dev[1].request("SET ext_password_backend test:psk1=1234567")
dev[1].connect("ext-pw-psk", raw_psk="ext:psk1", scan_freq="2412",
wait_connect=False)
dev[2].request("SET ext_password_backend test:psk1=1234567890123456789012345678901234567890123456789012345678901234567890")
dev[2].connect("ext-pw-psk", raw_psk="ext:psk1", scan_freq="2412",
wait_connect=False)
wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
wpas.interface_add("wlan5")
wpas.request("SET ext_password_backend test:psk1=123456789012345678901234567890123456789012345678901234567890123q")
wpas.connect("ext-pw-psk", raw_psk="ext:psk1", scan_freq="2412",
wait_connect=False)
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
if ev is not None:
raise Exception("Unexpected association")
ev = dev[1].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.1)
if ev is not None:
raise Exception("Unexpected association")
ev = dev[2].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.1)
if ev is not None:
raise Exception("Unexpected association")
ev = wpas.wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.1)
if ev is not None:
raise Exception("Unexpected association")
def test_ap_remove_during_acs(dev, apdev):
"""Remove interface during ACS"""
force_prev_ap_on_24g(apdev[0])
params = hostapd.wpa2_params(ssid="test-acs-remove", passphrase="12345678")
params['channel'] = '0'
hostapd.add_ap(apdev[0], params)
hostapd.remove_bss(apdev[0])
def test_ocv_sa_query_csa(dev, apdev):
"""Test SA Query with OCV after channel switch"""
ssid = "test-pmf-required"
params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
params["ieee80211w"] = "2"
params["ocv"] = "1"
try:
hapd = hostapd.add_ap(apdev[0], params)
except Exception as e:
if "Failed to set hostapd parameter ocv" in str(e):
raise HwsimSkip("OCV not supported")
raise
Wlantest.setup(hapd)
wt = Wlantest()
wt.flush()
wt.add_passphrase("12345678")
dev[0].connect(ssid, psk="12345678", ieee80211w="1", ocv="1",
key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
scan_freq="2412")
hapd.request("CHAN_SWITCH 5 2437")
time.sleep(1)
if wt.get_sta_counter("valid_saqueryreq_tx", apdev[0]['bssid'],
dev[0].own_addr()) < 1:
raise Exception("STA did not start SA Query after channel switch")
def test_ap_pmf_optional_2akm(dev, apdev):
"""WPA2-PSK AP with PMF optional (2 AKMs)"""
ssid = "test-pmf-optional-2akm"
wt = Wlantest()
wt.flush()
wt.add_passphrase("12345678")
params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
params["wpa_key_mgmt"] = "WPA-PSK WPA-PSK-SHA256";
params["ieee80211w"] = "1";
hostapd.add_ap(apdev[0]['ifname'], params)
dev[0].connect(ssid, psk="12345678", ieee80211w="1",
key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
scan_freq="2412")
hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname'])
dev[1].connect(ssid, psk="12345678", ieee80211w="2",
key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
scan_freq="2412")
hwsim_utils.test_connectivity(dev[1].ifname, apdev[0]['ifname'])
wt.require_ap_pmf_optional(apdev[0]['bssid'])
wt.require_sta_pmf(apdev[0]['bssid'], dev[0].p2p_interface_addr())
wt.require_sta_key_mgmt(apdev[0]['bssid'], dev[0].p2p_interface_addr(),
"PSK-SHA256")
wt.require_sta_pmf_mandatory(apdev[0]['bssid'], dev[1].p2p_interface_addr())
wt.require_sta_key_mgmt(apdev[0]['bssid'], dev[1].p2p_interface_addr(),
"PSK-SHA256")
def test_monitor_iface_unknown_sta(dev, apdev):
"""AP mode monitor interface and Data frame from unknown STA"""
ssid = "monitor-iface-pmf"
passphrase = "12345678"
params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
params["ieee80211w"] = "2"
params['driver_params'] = "use_monitor=1"
hapd = hostapd.add_ap(apdev[0]['ifname'], params)
bssid = apdev[0]['bssid']
addr = dev[0].p2p_interface_addr()
dev[0].connect(ssid, psk=passphrase, ieee80211w="2",
key_mgmt="WPA-PSK-SHA256", proto="WPA2",
scan_freq="2412")
dev[0].request("DROP_SA")
# This protected Deauth will be ignored by the STA
hapd.request("DEAUTHENTICATE " + addr)
# But the unprotected Deauth from TX frame-from-unassoc-STA will now be
# processed
dev[0].request("DATA_TEST_CONFIG 1")
dev[0].request("DATA_TEST_TX " + bssid + " " + addr + " 0")
dev[0].request("DATA_TEST_CONFIG 0")
ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=5)
if ev is None:
raise Exception("No disconnection")
dev[0].request("DISCONNECT")
def test_hapd_ctrl_p2p_manager(dev, apdev):
"""hostapd as P2P Device manager"""
ssid = "hapd-p2p-mgr"
passphrase = "12345678"
params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
params['manage_p2p'] = '1'
params['allow_cross_connection'] = '0'
hapd = hostapd.add_ap(apdev[0]['ifname'], params)
dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
addr = dev[0].p2p_dev_addr()
if "OK" not in hapd.request("DEAUTHENTICATE " + addr + " p2p=2"):
raise Exception("DEAUTHENTICATE command failed")
ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=5)
if ev is None:
raise Exception("Disconnection event timed out")
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"])
if ev is None:
raise Exception("Re-connection timed out")
if "OK" not in hapd.request("DISASSOCIATE " + addr + " p2p=2"):
raise Exception("DISASSOCIATE command failed")
ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=5)
if ev is None:
raise Exception("Disconnection event timed out")
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"])
if ev is None:
raise Exception("Re-connection timed out")
def test_ap_pmf_assoc_comeback(dev, apdev):
"""WPA2-PSK AP with PMF association comeback"""
ssid = "assoc-comeback"
wt = Wlantest()
wt.flush()
wt.add_passphrase("12345678")
params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
params["wpa_key_mgmt"] = "WPA-PSK-SHA256";
params["ieee80211w"] = "2";
hapd = hostapd.add_ap(apdev[0]['ifname'], params)
dev[0].connect(ssid, psk="12345678", ieee80211w="1",
key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
scan_freq="2412")
hapd.set("ext_mgmt_frame_handling", "1")
dev[0].request("DISCONNECT")
ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"])
if ev is None:
raise Exception("Timeout on disconnection")
hapd.set("ext_mgmt_frame_handling", "0")
dev[0].request("REASSOCIATE")
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"])
if ev is None:
raise Exception("Timeout on re-connection")
if wt.get_sta_counter("assocresp_comeback", apdev[0]['bssid'],
dev[0].p2p_interface_addr()) < 1:
raise Exception("AP did not use association comeback request")
def test_ap_roam_wpa2_psk_failed(dev, apdev, params):
"""Roam failure with WPA2-PSK AP due to wrong passphrase"""
params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678")
hapd0 = hostapd.add_ap(apdev[0], params)
id = dev[0].connect("test-wpa2-psk", psk="12345678", scan_freq="2412")
hwsim_utils.test_connectivity(dev[0], hapd0)
params['wpa_passphrase'] = "22345678"
hapd1 = hostapd.add_ap(apdev[1], params)
bssid = hapd1.own_addr()
dev[0].scan_for_bss(bssid, freq=2412)
dev[0].dump_monitor()
if "OK" not in dev[0].request("ROAM " + bssid):
raise Exception("ROAM failed")
ev = dev[0].wait_event(["CTRL-EVENT-SSID-TEMP-DISABLED",
"CTRL-EVENT-CONNECTED"], 5)
if "CTRL-EVENT-CONNECTED" in ev:
raise Exception("Got unexpected CTRL-EVENT-CONNECTED")
if "CTRL-EVENT-SSID-TEMP-DISABLED" not in ev:
raise Exception("CTRL-EVENT-SSID-TEMP-DISABLED not seen")
if "OK" not in dev[0].request("SELECT_NETWORK id=" + str(id)):
raise Exception("SELECT_NETWORK failed")
ev = dev[0].wait_event(["CTRL-EVENT-SSID-REENABLED"], 3)
if not ev:
raise Exception("CTRL-EVENT-SSID-REENABLED not seen")
dev[0].wait_connected(timeout=5)
hwsim_utils.test_connectivity(dev[0], hapd0)
def test_ap_pmf_inject_auth(dev, apdev):
"""WPA2-PSK AP with PMF and Authentication frame injection"""
ssid = "test-pmf"
params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
params["ieee80211w"] = "2"
hapd = hostapd.add_ap(apdev[0], params)
dev[0].connect(ssid, psk="12345678", ieee80211w="2",
key_mgmt="WPA-PSK-SHA256", proto="WPA2",
scan_freq="2412")
hwsim_utils.test_connectivity(dev[0], hapd)
bssid = hapd.own_addr().replace(':', '')
addr = dev[0].own_addr().replace(':', '')
# Inject an unprotected Authentication frame claiming to be from the
# associated STA.
auth = "b0003a01" + bssid + addr + bssid + '1000000001000000'
hapd.request("SET ext_mgmt_frame_handling 1")
res = hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=%s" % auth)
hapd.request("SET ext_mgmt_frame_handling 0")
if "OK" not in res:
raise Exception("MGMT_RX_PROCESS failed")
# Verify that original association is still functional.
hwsim_utils.test_connectivity(dev[0], hapd)
def test_peerkey_pairwise_mismatch(dev, apdev):
"""RSN TKIP+CCMP AP and PeerKey between two STAs using different ciphers"""
skip_with_fips(dev[0])
ssid = "test-peerkey"
passphrase = "12345678"
params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
params['peerkey'] = "1"
params['rsn_pairwise'] = "TKIP CCMP"
hapd = hostapd.add_ap(apdev[0], params)
Wlantest.setup(hapd)
wt = Wlantest()
wt.flush()
wt.add_passphrase("12345678")
dev[0].connect(ssid, psk=passphrase, scan_freq="2412", peerkey=True,
pairwise="CCMP")
dev[1].connect(ssid, psk=passphrase, scan_freq="2412", peerkey=True,
pairwise="TKIP")
hwsim_utils.test_connectivity_sta(dev[0], dev[1])
dev[0].request("STKSTART " + dev[1].p2p_interface_addr())
time.sleep(0.5)
dev[1].request("STKSTART " + dev[0].p2p_interface_addr())
time.sleep(0.5)
def test_ap_roam_with_reassoc_auth_timeout(dev, apdev, params):
"""Roam using reassoc between two APs and authentication times out"""
wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
wpas.interface_add("wlan5",
drv_params="force_connect_cmd=1,force_bss_selection=1")
params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678")
hapd0 = hostapd.add_ap(apdev[0], params)
bssid0 = hapd0.own_addr()
id = wpas.connect("test-wpa2-psk", psk="12345678", scan_freq="2412")
hwsim_utils.test_connectivity(wpas, hapd0)
hapd1 = hostapd.add_ap(apdev[1], params)
bssid1 = hapd1.own_addr()
wpas.scan_for_bss(bssid1, freq=2412)
if "OK" not in wpas.request("SET_NETWORK " + str(id) + " bssid " + bssid1):
raise Exception("SET_NETWORK failed")
if "OK" not in wpas.request("SET ignore_auth_resp 1"):
raise Exception("SET ignore_auth_resp failed")
if "OK" not in wpas.request("REASSOCIATE"):
raise Exception("REASSOCIATE failed")
logger.info("Wait ~10s for auth timeout...")
time.sleep(10)
ev = wpas.wait_event(["CTRL-EVENT-SCAN-STARTED"], 12)
if not ev:
raise Exception("CTRL-EVENT-SCAN-STARTED not seen")
b = get_blacklist(wpas)
if bssid0 in b:
raise Exception("Unexpected blacklist contents: " + str(b))
def test_ap_acs_errors(dev, apdev):
"""Automatic channel selection failures"""
clear_scan_cache(apdev[0])
force_prev_ap_on_24g(apdev[0])
params = hostapd.wpa2_params(ssid="test-acs", passphrase="12345678")
params['channel'] = '0'
params['acs_num_scans'] = '2'
params['chanlist'] = '1'
hapd = hostapd.add_ap(apdev[0], params, no_enable=True)
with alloc_fail(hapd, 1, "acs_request_scan"):
if "FAIL" not in hapd.request("ENABLE"):
raise Exception("Unexpected success for ENABLE")
hapd.dump_monitor()
with fail_test(hapd, 1, "acs_request_scan"):
if "FAIL" not in hapd.request("ENABLE"):
raise Exception("Unexpected success for ENABLE")
hapd.dump_monitor()
with fail_test(hapd, 1, "acs_scan_complete"):
hapd.enable()
ev = hapd.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=10)
if not ev:
raise Exception("ACS start timed out")
hapd.dump_monitor()
with fail_test(hapd, 1, "acs_request_scan;acs_scan_complete"):
hapd.enable()
ev = hapd.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=10)
if not ev:
raise Exception("ACS start timed out")
def test_ap_acs_vht160(dev, apdev):
"""Automatic channel selection for VHT160"""
try:
hapd = None
force_prev_ap_on_5g(apdev[0])
params = hostapd.wpa2_params(ssid="test-acs", passphrase="12345678")
params['hw_mode'] = 'a'
params['channel'] = '0'
params['ht_capab'] = '[HT40+]'
params['country_code'] = 'ZA'
params['ieee80211ac'] = '1'
params['vht_oper_chwidth'] = '2'
params["vht_oper_centr_freq_seg0_idx"] = "114"
params['ieee80211d'] = '1'
params['ieee80211h'] = '1'
params['chanlist'] = '100'
params['acs_num_scans'] = '1'
hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
ev = hapd.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=10)
if not ev:
raise Exception("ACS start timed out")
# VHT160 is not currently supported in hostapd ACS, so do not try to
# enforce successful AP start.
if "AP-ENABLED" in ev:
freq = hapd.get_status_field("freq")
if int(freq) < 5000:
raise Exception("Unexpected frequency")
dev[0].connect("test-acs", psk="12345678", scan_freq=freq)
finally:
dev[0].request("DISCONNECT")
if hapd:
hapd.request("DISABLE")
hostapd.cmd_execute(apdev[0], ['iw', 'reg', 'set', '00'])
def test_hapd_ctrl_disconnect(dev, apdev):
"""hostapd and disconnection ctrl_iface commands"""
ssid = "hapd-ctrl"
passphrase = "12345678"
params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
hapd = hostapd.add_ap(apdev[0]['ifname'], params)
dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
addr = dev[0].p2p_dev_addr()
if "FAIL" not in hapd.request("DEAUTHENTICATE 00:11:22:33:44"):
raise Exception("Unexpected DEAUTHENTICATE success")
if "OK" not in hapd.request("DEAUTHENTICATE ff:ff:ff:ff:ff:ff"):
raise Exception("Unexpected DEAUTHENTICATE failure")
ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=5)
if ev is None:
raise Exception("Disconnection event timed out")
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"])
if ev is None:
raise Exception("Re-connection timed out")
if "FAIL" not in hapd.request("DISASSOCIATE 00:11:22:33:44"):
raise Exception("Unexpected DISASSOCIATE success")
if "OK" not in hapd.request("DISASSOCIATE ff:ff:ff:ff:ff:ff"):
raise Exception("Unexpected DISASSOCIATE failure")
ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=5)
if ev is None:
raise Exception("Disconnection event timed out")
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"])
if ev is None:
raise Exception("Re-connection timed out")
def test_hapd_dup_network_global_wpa2(dev, apdev):
"""hostapd and DUP_NETWORK command (WPA2"""
passphrase="12345678"
src_ssid = "hapd-ctrl-src"
dst_ssid = "hapd-ctrl-dst"
src_params = hostapd.wpa2_params(ssid=src_ssid, passphrase=passphrase)
src_ifname = apdev[0]['ifname']
src_hapd = hostapd.add_ap(apdev[0], src_params)
dst_params = { "ssid": dst_ssid }
dst_ifname = apdev[1]['ifname']
dst_hapd = hostapd.add_ap(apdev[1], dst_params, no_enable=True)
hapd_global = hostapd.HostapdGlobal()
for param in [ "wpa", "wpa_passphrase", "wpa_key_mgmt", "rsn_pairwise" ]:
dup_network(hapd_global, src_ifname, dst_ifname, param)
dst_hapd.enable()
dev[0].connect(dst_ssid, psk=passphrase, proto="RSN", pairwise="CCMP",
scan_freq="2412")
addr = dev[0].own_addr()
if "FAIL" in dst_hapd.request("STA " + addr):
raise Exception("Could not connect using duplicated wpa params")
def test_ap_wpa2_tdls_bssid_mismatch(dev, apdev):
"""TDLS failure due to BSSID mismatch"""
try:
ssid = "test-wpa2-psk"
passphrase = "12345678"
params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
params['bridge'] = 'ap-br0'
hapd = hostapd.add_ap(apdev[0], params)
hostapd.add_ap(apdev[1], params)
wlantest_setup(hapd)
subprocess.call(['brctl', 'setfd', 'ap-br0', '0'])
subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
dev[0].connect(ssid, psk=passphrase, scan_freq="2412",
bssid=apdev[0]['bssid'])
dev[1].connect(ssid, psk=passphrase, scan_freq="2412",
bssid=apdev[1]['bssid'])
hwsim_utils.test_connectivity_sta(dev[0], dev[1])
hwsim_utils.test_connectivity_iface(dev[0], hapd, "ap-br0")
hwsim_utils.test_connectivity_iface(dev[1], hapd, "ap-br0")
addr0 = dev[0].p2p_interface_addr()
dev[1].tdls_setup(addr0)
time.sleep(1)
hwsim_utils.test_connectivity_sta(dev[0], dev[1])
finally:
subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'])
subprocess.call(['brctl', 'delbr', 'ap-br0'])
def test_ap_wpa2_in_different_bridge(dev, apdev):
"""hostapd behavior with interface in different bridge"""
ifname = apdev[0]['ifname']
br_ifname = 'ext-ap-br0'
try:
ssid = "test-wpa2-psk"
passphrase = "12345678"
subprocess.call(['brctl', 'addbr', br_ifname])
subprocess.call(['brctl', 'setfd', br_ifname, '0'])
subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'up'])
subprocess.call(['iw', ifname, 'set', 'type', '__ap'])
subprocess.call(['brctl', 'addif', br_ifname, ifname])
time.sleep(0.5)
params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
params['bridge'] = 'ap-br0'
hapd = hostapd.add_ap(ifname, params)
subprocess.call(['brctl', 'setfd', 'ap-br0', '0'])
subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
brname = hapd.get_driver_status_field('brname')
if brname != 'ap-br0':
raise Exception("Incorrect bridge: " + brname)
dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
hwsim_utils.test_connectivity_iface(dev[0], hapd, "ap-br0")
if hapd.get_driver_status_field("added_bridge") != "1":
raise Exception("Unexpected added_bridge value")
if hapd.get_driver_status_field("added_if_into_bridge") != "1":
raise Exception("Unexpected added_if_into_bridge value")
dev[0].request("DISCONNECT")
hapd.disable()
finally:
subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'down'])
subprocess.call(['brctl', 'delif', br_ifname, ifname],
stderr=open('/dev/null', 'w'))
subprocess.call(['brctl', 'delbr', br_ifname])
def test_rfkill_wpa2_psk(dev, apdev):
"""rfkill block/unblock during WPA2-PSK connection"""
id = get_rfkill_id(dev[0])
if id is None:
return "skip"
ssid = "test-wpa2-psk"
passphrase = 'qwertyuiop'
params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
hapd = hostapd.add_ap(apdev[0]['ifname'], params)
dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
try:
logger.info("rfkill block")
subprocess.call(['sudo', 'rfkill', 'block', id])
ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=10)
if ev is None:
raise Exception("Missing disconnection event on rfkill block")
logger.info("rfkill unblock")
subprocess.call(['sudo', 'rfkill', 'unblock', id])
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=10)
if ev is None:
raise Exception("Missing connection event on rfkill unblock")
hwsim_utils.test_connectivity(dev[0], hapd)
finally:
subprocess.call(['sudo', 'rfkill', 'unblock', id])
def test_ap_acs_vht(dev, apdev):
"""Automatic channel selection for VHT"""
try:
hapd = None
force_prev_ap_on_5g(apdev[0])
params = hostapd.wpa2_params(ssid="test-acs", passphrase="12345678")
params['hw_mode'] = 'a'
params['channel'] = '0'
params['ht_capab'] = '[HT40+]'
params['country_code'] = 'US'
params['ieee80211ac'] = '1'
params['vht_oper_chwidth'] = '1'
hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
wait_acs(hapd)
freq = hapd.get_status_field("freq")
if int(freq) < 5000:
raise Exception("Unexpected frequency")
sec = hapd.get_status_field("secondary_channel")
if int(sec) == 0:
raise Exception("Secondary channel not set")
dev[0].connect("test-acs", psk="12345678", scan_freq=freq)
finally:
dev[0].request("DISCONNECT")
if hapd:
hapd.request("DISABLE")
subprocess.call(['iw', 'reg', 'set', '00'])
dev[0].flush_scan_cache()
def test_ap_wpa2_psk_ext(dev, apdev):
"""WPA2-PSK AP using external EAPOL I/O"""
bssid = apdev[0]['bssid']
ssid = "test-wpa2-psk"
passphrase = 'qwertyuiop'
psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
params = hostapd.wpa2_params(ssid=ssid)
params['wpa_psk'] = psk
hapd = hostapd.add_ap(apdev[0]['ifname'], params)
hapd.request("SET ext_eapol_frame_io 1")
dev[0].request("SET ext_eapol_frame_io 1")
dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
addr = dev[0].p2p_interface_addr()
while True:
ev = hapd.wait_event(["EAPOL-TX", "AP-STA-CONNECTED"], timeout=15)
if ev is None:
raise Exception("Timeout on EAPOL-TX from hostapd")
if "AP-STA-CONNECTED" in ev:
dev[0].wait_connected(timeout=15)
break
res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
if "OK" not in res:
raise Exception("EAPOL_RX to wpa_supplicant failed")
ev = dev[0].wait_event(["EAPOL-TX", "CTRL-EVENT-CONNECTED"], timeout=15)
if ev is None:
raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
if "CTRL-EVENT-CONNECTED" in ev:
break
res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
if "OK" not in res:
raise Exception("EAPOL_RX to hostapd failed")
def hs20_ap_params():
params = hostapd.wpa2_params(ssid="test-gas")
params['wpa_key_mgmt'] = "WPA-EAP"
params['ieee80211w'] = "1"
params['ieee8021x'] = "1"
params['auth_server_addr'] = "127.0.0.1"
params['auth_server_port'] = "1812"
params['auth_server_shared_secret'] = "radius"
params['interworking'] = "1"
params['access_network_type'] = "14"
params['internet'] = "1"
params['asra'] = "0"
params['esr'] = "0"
params['uesa'] = "0"
params['venue_group'] = "7"
params['venue_type'] = "1"
params['venue_name'] = [ "eng:Example venue", "fin:Esimerkkipaikka" ]
params['roaming_consortium'] = [ "112233", "1020304050", "010203040506",
"fedcba" ]
params['domain_name'] = "example.com,another.example.com"
params['nai_realm'] = [ "0,example.com,13[5:6],21[2:4][5:7]",
"0,another.example.com" ]
params['anqp_3gpp_cell_net'] = "244,91"
params['network_auth_type'] = "02http://www.example.com/redirect/me/here/"
params['ipaddr_type_availability'] = "14"
params['hs20'] = "1"
params['hs20_oper_friendly_name'] = [ "eng:Example operator", "fin:Esimerkkioperaattori" ]
params['hs20_wan_metrics'] = "01:8000:1000:80:240:3000"
params['hs20_conn_capab'] = [ "1:0:2", "6:22:1", "17:5060:0" ]
params['hs20_operating_class'] = "5173"
return params
def test_ap_wpa2_bridge_fdb(dev, apdev):
"""Bridge FDB entry removal"""
try:
ssid = "test-wpa2-psk"
passphrase = "12345678"
params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
params['bridge'] = 'ap-br0'
hostapd.add_ap(apdev[0]['ifname'], params)
subprocess.call(['sudo', 'brctl', 'setfd', 'ap-br0', '0'])
subprocess.call(['sudo', 'ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
dev[0].connect(ssid, psk=passphrase, scan_freq="2412",
bssid=apdev[0]['bssid'])
dev[1].connect(ssid, psk=passphrase, scan_freq="2412",
bssid=apdev[0]['bssid'])
addr0 = dev[0].p2p_interface_addr()
hwsim_utils.test_connectivity_sta(dev[0], dev[1])
cmd = subprocess.Popen(['brctl', 'showmacs', 'ap-br0'],
stdout=subprocess.PIPE)
macs1 = cmd.stdout.read()
dev[0].request("DISCONNECT")
dev[1].request("DISCONNECT")
time.sleep(1)
cmd = subprocess.Popen(['brctl', 'showmacs', 'ap-br0'],
stdout=subprocess.PIPE)
macs2 = cmd.stdout.read()
addr1 = dev[1].p2p_interface_addr()
if addr0 not in macs1 or addr1 not in macs1:
raise Exception("Bridge FDB entry missing")
if addr0 in macs2 or addr1 in macs2:
raise Exception("Bridge FDB entry was not removed")
finally:
subprocess.call(['sudo', 'ip', 'link', 'set', 'dev', 'ap-br0', 'down'])
subprocess.call(['sudo', 'brctl', 'delbr', 'ap-br0'])
def test_ap_pmf_required(dev, apdev):
"""WPA2-PSK AP with PMF required"""
ssid = "test-pmf-required"
wt = Wlantest()
wt.flush()
wt.add_passphrase("12345678")
params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
params["wpa_key_mgmt"] = "WPA-PSK-SHA256";
params["ieee80211w"] = "2";
hapd = hostapd.add_ap(apdev[0]['ifname'], params)
key_mgmt = hapd.get_config()['key_mgmt']
if key_mgmt.split(' ')[0] != "WPA-PSK-SHA256":
raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
dev[0].connect(ssid, psk="12345678", ieee80211w="1",
key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
scan_freq="2412")
hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname'])
dev[1].connect(ssid, psk="12345678", ieee80211w="2",
key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
scan_freq="2412")
hwsim_utils.test_connectivity(dev[1].ifname, apdev[0]['ifname'])
hapd = hostapd.Hostapd(apdev[0]['ifname'])
hapd.request("SA_QUERY " + dev[0].p2p_interface_addr())
hapd.request("SA_QUERY " + dev[1].p2p_interface_addr())
wt.require_ap_pmf_mandatory(apdev[0]['bssid'])
wt.require_sta_pmf(apdev[0]['bssid'], dev[0].p2p_interface_addr())
wt.require_sta_pmf_mandatory(apdev[0]['bssid'], dev[1].p2p_interface_addr())
time.sleep(0.1)
if wt.get_sta_counter("valid_saqueryresp_tx", apdev[0]['bssid'],
dev[0].p2p_interface_addr()) < 1:
raise Exception("STA did not reply to SA Query")
if wt.get_sta_counter("valid_saqueryresp_tx", apdev[0]['bssid'],
dev[1].p2p_interface_addr()) < 1:
raise Exception("STA did not reply to SA Query")
def test_hapd_ctrl_status(dev, apdev):
"""hostapd ctrl_iface STATUS commands"""
ssid = "hapd-ctrl"
bssid = apdev[0]['bssid']
params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
hapd = hostapd.add_ap(apdev[0], params)
status = hapd.get_status()
logger.info("STATUS: " + str(status))
driver = hapd.get_driver_status()
logger.info("STATUS-DRIVER: " + str(driver))
if status['bss[0]'] != apdev[0]['ifname']:
raise Exception("Unexpected bss[0]")
if status['ssid[0]'] != ssid:
raise Exception("Unexpected ssid[0]")
if status['bssid[0]'] != bssid:
raise Exception("Unexpected bssid[0]")
if status['freq'] != "2412":
raise Exception("Unexpected freq")
if status['beacon_int'] != "100":
raise Exception("Unexpected beacon_int")
if status['dtim_period'] != "2":
raise Exception("Unexpected dtim_period")
if "max_txpower" not in status:
raise Exception("Missing max_txpower")
if "ht_caps_info" not in status:
raise Exception("Missing ht_caps_info")
if driver['beacon_set'] != "1":
raise Exception("Unexpected beacon_set")
if driver['addr'] != bssid:
raise Exception("Unexpected addr")
def test_mbo_cell_capa_update_pmf(dev, apdev):
"""MBO cellular data capability update with PMF required"""
ssid = "test-wnm-mbo"
passphrase = "12345678"
params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
params["ieee80211w"] = "2"
params['mbo'] = '1'
hapd = hostapd.add_ap(apdev[0], params)
bssid = apdev[0]['bssid']
if "OK" not in dev[0].request("SET mbo_cell_capa 1"):
raise Exception("Failed to set STA as cellular data capable")
dev[0].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK-SHA256",
proto="WPA2", ieee80211w="2", scan_freq="2412")
addr = dev[0].own_addr()
sta = hapd.get_sta(addr)
if 'mbo_cell_capa' not in sta or sta['mbo_cell_capa'] != '1':
raise Exception("mbo_cell_capa missing after association")
if "OK" not in dev[0].request("SET mbo_cell_capa 3"):
raise Exception("Failed to set STA as cellular data not-capable")
time.sleep(0.2)
sta = hapd.get_sta(addr)
if 'mbo_cell_capa' not in sta:
raise Exception("mbo_cell_capa missing after update")
if sta['mbo_cell_capa'] != '3':
raise Exception("mbo_cell_capa not updated properly")
def test_ap_pmf_tkip_reject(dev, apdev):
"""Mixed mode BSS and MFP-enabled AP rejecting TKIP"""
params = hostapd.wpa2_params(ssid="test-pmf", passphrase="12345678")
params['wpa'] = '3'
params["ieee80211w"] = "1"
params["wpa_pairwise"] = "TKIP CCMP"
params["rsn_pairwise"] = "TKIP CCMP"
hostapd.add_ap(apdev[0], params)
dev[0].connect("test-pmf", psk="12345678", pairwise="CCMP", ieee80211w="2",
scan_freq="2412")
dev[0].dump_monitor()
dev[1].connect("test-pmf", psk="12345678", proto="WPA", pairwise="TKIP",
ieee80211w="0", scan_freq="2412")
dev[1].dump_monitor()
dev[2].connect("test-pmf", psk="12345678", pairwise="TKIP",
ieee80211w="2", scan_freq="2412", wait_connect=False)
ev = dev[2].wait_event(["CTRL-EVENT-CONNECTED",
"CTRL-EVENT-ASSOC-REJECT"], timeout=10)
if ev is None:
raise Exception("No connection result reported")
if "CTRL-EVENT-ASSOC-REJECT" not in ev:
raise Exception("MFP + TKIP connection was not rejected")
if "status_code=31" not in ev:
raise Exception("Unexpected status code in rejection: " + ev)
dev[2].request("DISCONNECT")
dev[2].dump_monitor()
def test_sae(dev, apdev):
"""SAE with default group"""
if "SAE" not in dev[0].get_capability("auth_alg"):
raise HwsimSkip("SAE not supported")
params = hostapd.wpa2_params(ssid="test-sae",
passphrase="12345678")
params['wpa_key_mgmt'] = 'SAE'
hapd = hostapd.add_ap(apdev[0], params)
key_mgmt = hapd.get_config()['key_mgmt']
if key_mgmt.split(' ')[0] != "SAE":
raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
dev[0].request("SET sae_groups ")
id = dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
scan_freq="2412")
if dev[0].get_status_field('sae_group') != '19':
raise Exception("Expected default SAE group not used")
bss = dev[0].get_bss(apdev[0]['bssid'])
if 'flags' not in bss:
raise Exception("Could not get BSS flags from BSS table")
if "[WPA2-SAE-CCMP]" not in bss['flags']:
raise Exception("Unexpected BSS flags: " + bss['flags'])
res = hapd.request("STA-FIRST")
if "sae_group=19" not in res.splitlines():
raise Exception("hostapd STA output did not specify SAE group")
def test_ocv_sa_query(dev, apdev):
"""Test SA Query with OCV"""
ssid = "test-pmf-required"
params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
params["ieee80211w"] = "2"
params["ocv"] = "1"
try:
hapd = hostapd.add_ap(apdev[0], params)
except Exception as e:
if "Failed to set hostapd parameter ocv" in str(e):
raise HwsimSkip("OCV not supported")
raise
Wlantest.setup(hapd)
wt = Wlantest()
wt.flush()
wt.add_passphrase("12345678")
dev[0].connect(ssid, psk="12345678", ieee80211w="1", ocv="1",
key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
scan_freq="2412")
# Test that client can handle SA Query with OCI element
if "OK" not in hapd.request("SA_QUERY " + dev[0].own_addr()):
raise Exception("SA_QUERY failed")
time.sleep(0.1)
if wt.get_sta_counter("valid_saqueryresp_tx", apdev[0]['bssid'],
dev[0].own_addr()) < 1:
raise Exception("STA did not reply to SA Query")
# Test that AP can handle SA Query with OCI element
if "OK" not in dev[0].request("UNPROT_DEAUTH"):
raise Exception("Triggering SA Query from the STA failed")
ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=3)
if ev is not None:
raise Exception("SA Query from the STA failed")
