def test_ap_ft_oom(dev, apdev): """WPA2-PSK-FT and OOM""" skip_with_fips(dev[0]) ssid = "test-ft" passphrase="12345678" params = ft_params1(ssid=ssid, passphrase=passphrase) hapd0 = hostapd.add_ap(apdev[0]['ifname'], params) params = ft_params2(ssid=ssid, passphrase=passphrase) hapd1 = hostapd.add_ap(apdev[1]['ifname'], params) dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", scan_freq="2412") if dev[0].get_status_field('bssid') == apdev[0]['bssid']: dst = apdev[1]['bssid'] else: dst = apdev[0]['bssid'] dev[0].scan_for_bss(dst, freq="2412") with alloc_fail(dev[0], 1, "wpa_ft_gen_req_ies"): dev[0].roam(dst) with alloc_fail(dev[0], 1, "wpa_ft_mic"): dev[0].roam(dst, fail_test=True) with fail_test(dev[0], 1, "os_get_random;wpa_ft_prepare_auth_request"): dev[0].roam(dst, fail_test=True)
def test_ap_vlan_file_parsing(dev, apdev, params): """hostapd vlan_file/mac_file parsing""" tmp = os.path.join(params['logdir'], 'ap_vlan_file_parsing.tmp') params = {"ssid": "test-vlan-open", "dynamic_vlan": "1"} hapd = hostapd.add_ap(apdev[0], params) tests = ["#\n\n0\t11\n", "* ", "1 netdev12345678901234567890"] for t in tests: with open(tmp, "w") as f: f.write(t) if "FAIL" not in hapd.request("SET vlan_file " + tmp): raise Exception("Invalid vlan_file accepted") with open(tmp, "w") as f: f.write("1\tvlan\n") with alloc_fail(hapd, 1, "=hostapd_config_read_vlan_file"): if "FAIL" not in hapd.request("SET vlan_file " + tmp): raise Exception("vlan_file accepted during OOM") tests = [ "#\n\n0\tvlan\n", "4095\tvlan\n", "vlan\n", "1\t1234567890abcdef1234567890\n", "1\n" ] for t in tests: with open(tmp, "w") as f: f.write(t) if "FAIL" not in hapd.request("SET accept_mac_file " + tmp): raise Exception("Invalid accept_mac_file accepted") with open(tmp, "w") as f: f.write("00:11:22:33:44:55\n") with alloc_fail(hapd, 1, "hostapd_config_read_maclist"): if "FAIL" not in hapd.request("SET accept_mac_file " + tmp): raise Exception("accept_mac_file accepted during OOM")
def test_ap_ft_oom(dev, apdev): """WPA2-PSK-FT and OOM""" skip_with_fips(dev[0]) ssid = "test-ft" passphrase = "12345678" params = ft_params1(ssid=ssid, passphrase=passphrase) hapd0 = hostapd.add_ap(apdev[0]['ifname'], params) params = ft_params2(ssid=ssid, passphrase=passphrase) hapd1 = hostapd.add_ap(apdev[1]['ifname'], params) dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", scan_freq="2412") if dev[0].get_status_field('bssid') == apdev[0]['bssid']: dst = apdev[1]['bssid'] else: dst = apdev[0]['bssid'] dev[0].scan_for_bss(dst, freq="2412") with alloc_fail(dev[0], 1, "wpa_ft_gen_req_ies"): dev[0].roam(dst) with alloc_fail(dev[0], 1, "wpa_ft_mic"): dev[0].roam(dst, fail_test=True) with fail_test(dev[0], 1, "os_get_random;wpa_ft_prepare_auth_request"): dev[0].roam(dst, fail_test=True)
def test_hapd_ctrl_ext_io_errors(dev, apdev): """hostapd and external I/O errors""" ssid = "hapd-ctrl" params = {"ssid": ssid} hapd = hostapd.add_ap(apdev[0], params) tests = [ "MGMT_TX 1", "MGMT_TX 1q", "MGMT_RX_PROCESS freq=2412", "EAPOL_RX foo", "EAPOL_RX 00:11:22:33:44:55 1", "EAPOL_RX 00:11:22:33:44:55 1q" ] for t in tests: if "FAIL" not in hapd.request(t): raise Exception("Invalid command accepted: " + t) with alloc_fail(hapd, 1, "=hostapd_ctrl_iface_mgmt_tx"): if "FAIL" not in hapd.request("MGMT_TX 12"): raise Exception("MGMT_TX accepted during OOM") with alloc_fail(hapd, 1, "=hostapd_ctrl_iface_eapol_rx"): if "FAIL" not in hapd.request("EAPOL_RX 00:11:22:33:44:55 11"): raise Exception("EAPOL_RX accepted during OOM") hapd.set("ext_mgmt_frame_handling", "1") tests = [ "MGMT_RX_PROCESS freq=2412", "MGMT_RX_PROCESS freq=2412 ssi_signal=0", "MGMT_RX_PROCESS freq=2412 frame=1", "MGMT_RX_PROCESS freq=2412 frame=1q" ] for t in tests: if "FAIL" not in hapd.request(t): raise Exception("Invalid command accepted: " + t) with alloc_fail(hapd, 1, "=hostapd_ctrl_iface_mgmt_rx_process"): if "FAIL" not in hapd.request("MGMT_RX_PROCESS freq=2412 frame=11"): raise Exception("MGMT_RX_PROCESS accepted during OOM") hapd.set("ext_mgmt_frame_handling", "0") if "OK" not in hapd.request("DATA_TEST_CONFIG 1"): raise Exception("Failed to enable l2_test") if "OK" not in hapd.request("DATA_TEST_CONFIG 1"): raise Exception("Failed to enable l2_test(2)") tests = [ "DATA_TEST_TX foo", "DATA_TEST_TX 00:11:22:33:44:55 foo", "DATA_TEST_TX 00:11:22:33:44:55 00:11:22:33:44:55 -1", "DATA_TEST_TX 00:11:22:33:44:55 00:11:22:33:44:55 256" ] for t in tests: if "FAIL" not in hapd.request(t): raise Exception("Invalid command accepted: " + t) if "OK" not in hapd.request("DATA_TEST_CONFIG 0"): raise Exception("Failed to disable l2_test") tests = [ "DATA_TEST_TX 00:11:22:33:44:55 00:11:22:33:44:55 0", "DATA_TEST_FRAME ifname=foo", "DATA_TEST_FRAME 1", "DATA_TEST_FRAME 11", "DATA_TEST_FRAME 112233445566778899aabbccddeefq" ] for t in tests: if "FAIL" not in hapd.request(t): raise Exception("Invalid command accepted: " + t) with alloc_fail(hapd, 1, "=hostapd_ctrl_iface_data_test_frame"): if "FAIL" not in hapd.request( "DATA_TEST_FRAME 112233445566778899aabbccddeeff"): raise Exception("DATA_TEST_FRAME accepted during OOM")
def test_wpas_ap_oom(dev): """wpa_supplicant AP mode - OOM""" id = dev[0].add_network() dev[0].set_network(id, "mode", "2") dev[0].set_network_quoted(id, "ssid", "wpas-ap") dev[0].set_network_quoted(id, "psk", "1234567890") dev[0].set_network(id, "frequency", "2412") dev[0].set_network(id, "scan_freq", "2412") with alloc_fail(dev[0], 1, "=wpa_supplicant_conf_ap"): dev[0].select_network(id) dev[0].wait_disconnected() dev[0].request("REMOVE_NETWORK all") id = dev[0].add_network() dev[0].set_network(id, "mode", "2") dev[0].set_network_quoted(id, "ssid", "wpas-ap") dev[0].set_network(id, "psk", "1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef") dev[0].set_network(id, "frequency", "2412") dev[0].set_network(id, "scan_freq", "2412") with alloc_fail(dev[0], 1, "=wpa_supplicant_conf_ap"): dev[0].select_network(id) dev[0].wait_disconnected() dev[0].request("REMOVE_NETWORK all") id = dev[0].add_network() dev[0].set_network(id, "mode", "2") dev[0].set_network_quoted(id, "ssid", "wpas-ap") dev[0].set_network(id, "key_mgmt", "NONE") dev[0].set_network_quoted(id, "wep_key0", "hello") dev[0].set_network(id, "frequency", "2412") dev[0].set_network(id, "scan_freq", "2412") with alloc_fail(dev[0], 1, "=wpa_supplicant_conf_ap"): dev[0].select_network(id) dev[0].wait_disconnected() dev[0].request("REMOVE_NETWORK all") wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5') wpas.interface_add("wlan5") wpas.request("SET manufacturer test") wpas.request("SET model_name test") wpas.request("SET model_number test") wpas.request("SET serial_number test") wpas.request("SET serial_number test") wpas.request("SET serial_number test") wpas.request("SET ap_vendor_elements dd0411223301") id = wpas.add_network() wpas.set_network(id, "mode", "2") wpas.set_network_quoted(id, "ssid", "wpas-ap") wpas.set_network(id, "key_mgmt", "NONE") wpas.set_network(id, "frequency", "2412") wpas.set_network(id, "scan_freq", "2412") for i in range(5): with alloc_fail(wpas, i, "=wpa_supplicant_conf_ap"): wpas.select_network(id) ev = dev[0].wait_event([ "CTRL-EVENT-CONNECTED", "CTRL-EVENT-DISCONNECTED" ], timeout=1) wpas.request("DISCONNECT") wpas.wait_disconnected()
def test_hapd_ctrl_ext_io_errors(dev, apdev): """hostapd and external I/O errors""" ssid = "hapd-ctrl" params = {"ssid": ssid} hapd = hostapd.add_ap(apdev[0], params) tests = ["MGMT_TX 1", "MGMT_TX 1q", "MGMT_RX_PROCESS freq=2412", "EAPOL_RX foo", "EAPOL_RX 00:11:22:33:44:55 1", "EAPOL_RX 00:11:22:33:44:55 1q"] for t in tests: if "FAIL" not in hapd.request(t): raise Exception("Invalid command accepted: " + t) with alloc_fail(hapd, 1, "=hostapd_ctrl_iface_mgmt_tx"): if "FAIL" not in hapd.request("MGMT_TX 12"): raise Exception("MGMT_TX accepted during OOM") with alloc_fail(hapd, 1, "=hostapd_ctrl_iface_eapol_rx"): if "FAIL" not in hapd.request("EAPOL_RX 00:11:22:33:44:55 11"): raise Exception("EAPOL_RX accepted during OOM") hapd.set("ext_mgmt_frame_handling", "1") tests = ["MGMT_RX_PROCESS freq=2412", "MGMT_RX_PROCESS freq=2412 ssi_signal=0", "MGMT_RX_PROCESS freq=2412 frame=1", "MGMT_RX_PROCESS freq=2412 frame=1q"] for t in tests: if "FAIL" not in hapd.request(t): raise Exception("Invalid command accepted: " + t) with alloc_fail(hapd, 1, "=hostapd_ctrl_iface_mgmt_rx_process"): if "FAIL" not in hapd.request("MGMT_RX_PROCESS freq=2412 frame=11"): raise Exception("MGMT_RX_PROCESS accepted during OOM") hapd.set("ext_mgmt_frame_handling", "0") if "OK" not in hapd.request("DATA_TEST_CONFIG 1"): raise Exception("Failed to enable l2_test") if "OK" not in hapd.request("DATA_TEST_CONFIG 1"): raise Exception("Failed to enable l2_test(2)") tests = ["DATA_TEST_TX foo", "DATA_TEST_TX 00:11:22:33:44:55 foo", "DATA_TEST_TX 00:11:22:33:44:55 00:11:22:33:44:55 -1", "DATA_TEST_TX 00:11:22:33:44:55 00:11:22:33:44:55 256"] for t in tests: if "FAIL" not in hapd.request(t): raise Exception("Invalid command accepted: " + t) if "OK" not in hapd.request("DATA_TEST_CONFIG 0"): raise Exception("Failed to disable l2_test") tests = ["DATA_TEST_TX 00:11:22:33:44:55 00:11:22:33:44:55 0", "DATA_TEST_FRAME ifname=foo", "DATA_TEST_FRAME 1", "DATA_TEST_FRAME 11", "DATA_TEST_FRAME 112233445566778899aabbccddeefq"] for t in tests: if "FAIL" not in hapd.request(t): raise Exception("Invalid command accepted: " + t) with alloc_fail(hapd, 1, "=hostapd_ctrl_iface_data_test_frame"): if "FAIL" not in hapd.request("DATA_TEST_FRAME 112233445566778899aabbccddeeff"): raise Exception("DATA_TEST_FRAME accepted during OOM")
def test_erp_home_realm_oom(dev, apdev): """ERP and home realm OOM""" check_erp_capa(dev[0]) params = int_eap_server_params() params['erp_send_reauth_start'] = '1' params['erp_domain'] = 'example.com' params['eap_server_erp'] = '1' params['disable_pmksa_caching'] = '1' hapd = hostapd.add_ap(apdev[0], params) for count in range(1, 3): with alloc_fail(dev[0], count, "eap_get_realm"): dev[0].request("ERP_FLUSH") dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS", identity="*****@*****.**", anonymous_identity="*****@*****.**", password="******", ca_cert="auth_serv/ca.pem", phase2="auth=PAP", erp="1", scan_freq="2412", wait_connect=False) dev[0].wait_connected(timeout=10) wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") dev[0].request("REMOVE_NETWORK all") dev[0].wait_disconnected() for count in range(1, 3): with alloc_fail(dev[0], count, "eap_get_realm"): dev[0].request("ERP_FLUSH") dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS", identity="erp-ttls", anonymous_identity="*****@*****.**", password="******", ca_cert="auth_serv/ca.pem", phase2="auth=PAP", erp="1", scan_freq="2412", wait_connect=False) dev[0].wait_connected(timeout=10) wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") dev[0].request("REMOVE_NETWORK all") dev[0].wait_disconnected() for count in range(1, 3): dev[0].request("ERP_FLUSH") dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS", identity="*****@*****.**", anonymous_identity="*****@*****.**", password="******", ca_cert="auth_serv/ca.pem", phase2="auth=PAP", erp="1", scan_freq="2412", wait_connect=False) dev[0].wait_connected(timeout=10) if range > 1: continue with alloc_fail(dev[0], count, "eap_get_realm"): dev[0].request("DISCONNECT") dev[0].wait_disconnected(timeout=15) dev[0].request("RECONNECT") wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") dev[0].request("REMOVE_NETWORK all") dev[0].wait_disconnected()
def test_erp_home_realm_oom(dev, apdev): """ERP and home realm OOM""" check_erp_capa(dev[0]) params = int_eap_server_params() params['erp_send_reauth_start'] = '1' params['erp_domain'] = 'example.com' params['eap_server_erp'] = '1' params['disable_pmksa_caching'] = '1' hapd = hostapd.add_ap(apdev[0]['ifname'], params) for count in range(1, 3): with alloc_fail(dev[0], count, "eap_home_realm"): dev[0].request("ERP_FLUSH") dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS", identity="*****@*****.**", anonymous_identity="*****@*****.**", password="******", ca_cert="auth_serv/ca.pem", phase2="auth=PAP", erp="1", scan_freq="2412", wait_connect=False) dev[0].wait_connected(timeout=10) wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") dev[0].request("REMOVE_NETWORK all") dev[0].wait_disconnected() for count in range(1, 3): with alloc_fail(dev[0], count, "eap_home_realm"): dev[0].request("ERP_FLUSH") dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS", identity="erp-ttls", anonymous_identity="*****@*****.**", password="******", ca_cert="auth_serv/ca.pem", phase2="auth=PAP", erp="1", scan_freq="2412", wait_connect=False) dev[0].wait_connected(timeout=10) wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") dev[0].request("REMOVE_NETWORK all") dev[0].wait_disconnected() for count in range(1, 3): dev[0].request("ERP_FLUSH") dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS", identity="*****@*****.**", anonymous_identity="*****@*****.**", password="******", ca_cert="auth_serv/ca.pem", phase2="auth=PAP", erp="1", scan_freq="2412", wait_connect=False) dev[0].wait_connected(timeout=10) if range > 1: continue with alloc_fail(dev[0], count, "eap_home_realm"): dev[0].request("DISCONNECT") dev[0].wait_disconnected(timeout=15) dev[0].request("RECONNECT") wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") dev[0].request("REMOVE_NETWORK all") dev[0].wait_disconnected()
def test_rsn_preauth_local_errors(dev, apdev): """RSN pre-authentication and local errors on AP""" params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") params['rsn_preauth'] = '1' params['rsn_preauth_interfaces'] = "lo" hapd = hostapd.add_ap(apdev[0], params) bssid = hapd.own_addr() _bssid = binascii.unhexlify(bssid.replace(':', '')) sock = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.htons(0x88c7)) sock.bind(("lo", socket.htons(0x88c7))) foreign = b"\x02\x03\x04\x05\x06\x07" foreign2 = b"\x02\x03\x04\x05\x06\x08" proto = b"\x88\xc7" with alloc_fail(hapd, 1, "ap_sta_add;rsn_preauth_receive"): sock.send(_bssid + foreign + proto + struct.pack('>BBH', 2, 1, 0)) wait_fail_trigger(hapd, "GET_ALLOC_FAIL") with alloc_fail(hapd, 1, "eapol_auth_alloc;rsn_preauth_receive"): sock.send(_bssid + foreign + proto + struct.pack('>BBH', 2, 1, 0)) wait_fail_trigger(hapd, "GET_ALLOC_FAIL") sock.send(_bssid + foreign + proto + struct.pack('>BBH', 2, 1, 0)) with alloc_fail(hapd, 1, "eap_server_sm_init;ieee802_1x_new_station;rsn_preauth_receive"): sock.send(_bssid + foreign2 + proto + struct.pack('>BBH', 2, 1, 0)) wait_fail_trigger(hapd, "GET_ALLOC_FAIL") sock.send(_bssid + foreign2 + proto + struct.pack('>BBH', 2, 1, 0)) hapd.request("DISABLE") tests = [(1, "=rsn_preauth_iface_add"), (2, "=rsn_preauth_iface_add"), (1, "l2_packet_init;rsn_preauth_iface_add"), (1, "rsn_preauth_iface_init"), (1, "rsn_preauth_iface_init")] for count, func in tests: with alloc_fail(hapd, count, func): if "FAIL" not in hapd.request("ENABLE"): raise Exception("ENABLE succeeded unexpectedly") hapd.set("rsn_preauth_interfaces", "lo lo lo does-not-exist lo ") if "FAIL" not in hapd.request("ENABLE"): raise Exception("ENABLE succeeded unexpectedly") hapd.set("rsn_preauth_interfaces", " lo lo ") if "OK" not in hapd.request("ENABLE"): raise Exception("ENABLE failed") sock.send(_bssid + foreign + proto + struct.pack('>BBH', 2, 1, 0)) sock.send(_bssid + foreign2 + proto + struct.pack('>BBH', 2, 1, 0))
def test_gas_anqp_oom_hapd(dev, apdev): """GAS/ANQP query and OOM in hostapd""" hapd = start_ap(apdev[0]) bssid = apdev[0]['bssid'] dev[0].scan_for_bss(bssid, freq="2412", force_scan=True) with alloc_fail(hapd, 1, "gas_build_resp"): # This query will time out due to the AP not sending a response (OOM). if "OK" not in dev[0].request("ANQP_GET " + bssid + " 258"): raise Exception("ANQP_GET command failed") ev = dev[0].wait_event(["GAS-QUERY-START"], timeout=5) if ev is None: raise Exception("GAS query start timed out") ev = dev[0].wait_event(["GAS-QUERY-DONE"], timeout=10) if ev is None: raise Exception("GAS query timed out") if "result=TIMEOUT" not in ev: raise Exception("Unexpected result: " + ev) ev = dev[0].wait_event(["ANQP-QUERY-DONE"], timeout=10) if ev is None: raise Exception("ANQP-QUERY-DONE event not seen") if "result=FAILURE" not in ev: raise Exception("Unexpected result: " + ev) with alloc_fail(hapd, 1, "gas_anqp_build_comeback_resp"): hapd.set("gas_frag_limit", "50") # The first attempt of this query will time out due to the AP not # sending a response (OOM), but the retry succeeds. dev[0].request("FETCH_ANQP") ev = dev[0].wait_event(["GAS-QUERY-START"], timeout=5) if ev is None: raise Exception("GAS query start timed out") ev = dev[0].wait_event(["GAS-QUERY-DONE"], timeout=10) if ev is None: raise Exception("GAS query timed out") if "result=SUCCESS" not in ev: raise Exception("Unexpected result: " + ev) ev = dev[0].wait_event(["ANQP-QUERY-DONE"], timeout=10) if ev is None: raise Exception("ANQP-QUERY-DONE event not seen") if "result=SUCCESS" not in ev: raise Exception("Unexpected result: " + ev)
def test_hapd_ctrl_vendor_errors(dev, apdev): """hostapd and VENDOR errors""" ssid = "hapd-ctrl" params = {"ssid": ssid} hapd = hostapd.add_ap(apdev[0], params) tests = ["q", "10q", "10 10q", "10 10 123q", "10 10"] for t in tests: if "FAIL" not in hapd.request("VENDOR " + t): raise Exception("Invalid VENDOR command accepted: " + t) with alloc_fail(hapd, 1, "=hostapd_ctrl_iface_vendor"): if "FAIL" not in hapd.request("VENDOR 10 10 10"): raise Exception("VENDOR accepted during OOM") with alloc_fail(hapd, 1, "wpabuf_alloc;hostapd_ctrl_iface_vendor"): if "FAIL" not in hapd.request("VENDOR 10 10"): raise Exception("VENDOR accepted during OOM")
def test_ap_config_eap_user_file_parsing(dev, apdev, params): """hostapd eap_user_file parsing""" tmp = os.path.join(params['logdir'], 'ap_config_eap_user_file_parsing.tmp') hapd = hostapd.add_ap(apdev[0], {"ssid": "foobar"}) for i in range(2): if "OK" not in hapd.request("SET eap_user_file auth_serv/eap_user.conf"): raise Exception("eap_user_file rejected") tests = ["#\n\n*\tTLS\nradius_accept_attr=:", "foo\n", "\"foo\n", "\"foo\"\n", "\"foo\" FOOBAR\n", "\"foo\" " + 10*"TLS," + "TLS \"\n", "\"foo\" TLS \nfoo\n", "\"foo\" PEAP hash:foo\n", "\"foo\" PEAP hash:8846f7eaee8fb117ad06bdd830b7586q\n", "\"foo\" PEAP 01020\n", "\"foo\" PEAP 010q\n" '"pwd" PWD ssha1:\n', '"pwd" PWD ssha1:' + 20*'00' + '\n', '"pwd" PWD ssha256:\n', '"pwd" PWD ssha512:\n', '"pwd" PWD ssha1:' + 20*'00' + 'qq\n', '"pwd" PWD ssha1:' + 19*'00' + 'qq00\n', "\"foo\" TLS\nradius_accept_attr=123:x:012\n", "\"foo\" TLS\nradius_accept_attr=123:x:012q\n", "\"foo\" TLS\nradius_accept_attr=123:Q:01\n", "\"foo\" TLS\nradius_accept_attr=123\nfoo\n"] for t in tests: with open(tmp, "w") as f: f.write(t) if "FAIL" not in hapd.request("SET eap_user_file " + tmp): raise Exception("Invalid eap_user_file accepted") tests = [("\"foo\" TLS\n", 2, "hostapd_config_read_eap_user"), ("\"foo\" PEAP \"foo\"\n", 3, "hostapd_config_read_eap_user"), ("\"foo\" PEAP hash:8846f7eaee8fb117ad06bdd830b75861\n", 3, "hostapd_config_read_eap_user"), ("\"foo\" PEAP 0102\n", 3, "hostapd_config_read_eap_user"), ("\"foo\" TLS\nradius_accept_attr=123\n", 1, "=hostapd_parse_radius_attr"), ("\"foo\" TLS\nradius_accept_attr=123\n", 1, "wpabuf_alloc;hostapd_parse_radius_attr"), ("\"foo\" TLS\nradius_accept_attr=123:s:foo\n", 2, "hostapd_parse_radius_attr"), ("\"foo\" TLS\nradius_accept_attr=123:x:0102\n", 2, "hostapd_parse_radius_attr"), ("\"foo\" TLS\nradius_accept_attr=123:d:1\n", 2, "hostapd_parse_radius_attr"), ('"pwd" PWD ssha1:046239e0660a59015231082a071c803e9f5848ae42eaccb4c08c97ae397bc879c4b071b9088ee715\n', 1, "hostapd_config_eap_user_salted"), ('"pwd" PWD ssha1:046239e0660a59015231082a071c803e9f5848ae42eaccb4c08c97ae397bc879c4b071b9088ee715\n', 2, "hostapd_config_eap_user_salted"), ("* TLS\n", 1, "hostapd_config_read_eap_user")] for t, count, func in tests: with alloc_fail(hapd, count, func): with open(tmp, "w") as f: f.write(t) if "FAIL" not in hapd.request("SET eap_user_file " + tmp): raise Exception("eap_user_file accepted during OOM")
def test_nfc_wps_config_token(dev, apdev): """NFC tag with configuration token from AP""" ssid = "test-wps-nfc-conf-token" params = ap_wps_params(ssid) hapd = hostapd.add_ap(apdev[0], params) logger.info("NFC configuration token from AP to station") conf = hapd.request("WPS_NFC_CONFIG_TOKEN NDEF").rstrip() if "FAIL" in conf: raise Exception("Failed to generate configuration token") ndef_conf = conf dev[0].dump_monitor() res = dev[0].request("WPS_NFC_TAG_READ " + conf) if "FAIL" in res: raise Exception("Failed to provide NFC tag contents to wpa_supplicant") dev[0].wait_connected(timeout=15) check_wpa2_connection(dev[0], apdev[0], hapd, ssid) with alloc_fail(hapd, 1, "wps_get_oob_cred"): conf = hapd.request("WPS_NFC_CONFIG_TOKEN NDEF").rstrip() if "FAIL" not in conf: raise Exception("Unexpected configuration token received during OOM") wps_conf = hapd.request("WPS_NFC_CONFIG_TOKEN WPS").rstrip() if "FAIL" in wps_conf: raise Exception("Failed to generate configuration token (WPS)") if wps_conf not in ndef_conf: raise Exception("WPS config token not within NDEF encapsulated one") conf = hapd.request("WPS_NFC_CONFIG_TOKEN FOO").rstrip() if "FAIL" not in conf: raise Exception("Invalid WPS_NFC_CONFIG_TOKEN accepted")
def test_nfc_wps_handover_init(dev, apdev): """Connect to WPS AP with NFC connection handover and move to configured state""" dev[0].request("SET ignore_old_scan_res 1") ssid = "test-wps-nfc-handover-init" hostapd.add_ap(apdev[0]['ifname'], { "ssid": ssid, "eap_server": "1", "wps_state": "1" }) hapd = hostapd.Hostapd(apdev[0]['ifname']) logger.info("NFC connection handover") req = dev[0].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip() if "FAIL" in req: raise Exception("Failed to generate NFC connection handover request") sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip() if "FAIL" in sel: raise Exception("Failed to generate NFC connection handover select") res = hapd.request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel) if "FAIL" in res: raise Exception("Failed to report NFC connection handover to to hostapd") dev[0].dump_monitor() res = dev[0].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel) if "FAIL" in res: raise Exception("Failed to report NFC connection handover to to wpa_supplicant") dev[0].wait_connected(timeout=15) check_wpa2_connection(dev[0], apdev[0], hapd, ssid, mixed=True) with alloc_fail(hapd, 1, "wps_build_nfc_handover_sel"): if "FAIL" not in hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR"): raise Exception("Unexpected NFC_GET_HANDOVER_SEL success during OOM")
def _test_nfc_wps_handover_init(dev, apdev): dev[0].request("SET ignore_old_scan_res 1") ssid = "test-wps-nfc-handover-init" hapd = hostapd.add_ap(apdev[0], { "ssid": ssid, "eap_server": "1", "wps_state": "1" }) logger.info("NFC connection handover") req = dev[0].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip() if "FAIL" in req: raise Exception("Failed to generate NFC connection handover request") sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip() if "FAIL" in sel: raise Exception("Failed to generate NFC connection handover select") res = hapd.request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel) if "FAIL" in res: raise Exception("Failed to report NFC connection handover to to hostapd") dev[0].dump_monitor() res = dev[0].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel) if "FAIL" in res: raise Exception("Failed to report NFC connection handover to to wpa_supplicant") dev[0].wait_connected(timeout=15) check_wpa2_connection(dev[0], apdev[0], hapd, ssid, mixed=True) with alloc_fail(hapd, 1, "wps_build_nfc_handover_sel"): if "FAIL" not in hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR"): raise Exception("Unexpected NFC_GET_HANDOVER_SEL success during OOM")
def test_nfc_wps_config_token(dev, apdev): """NFC tag with configuration token from AP""" ssid = "test-wps-nfc-conf-token" params = ap_wps_params(ssid) hapd = hostapd.add_ap(apdev[0], params) logger.info("NFC configuration token from AP to station") conf = hapd.request("WPS_NFC_CONFIG_TOKEN NDEF").rstrip() if "FAIL" in conf: raise Exception("Failed to generate configuration token") ndef_conf = conf dev[0].dump_monitor() res = dev[0].request("WPS_NFC_TAG_READ " + conf) if "FAIL" in res: raise Exception("Failed to provide NFC tag contents to wpa_supplicant") dev[0].wait_connected(timeout=15) check_wpa2_connection(dev[0], apdev[0], hapd, ssid) with alloc_fail(hapd, 1, "wps_get_oob_cred"): conf = hapd.request("WPS_NFC_CONFIG_TOKEN NDEF").rstrip() if "FAIL" not in conf: raise Exception( "Unexpected configuration token received during OOM") wps_conf = hapd.request("WPS_NFC_CONFIG_TOKEN WPS").rstrip() if "FAIL" in wps_conf: raise Exception("Failed to generate configuration token (WPS)") if wps_conf not in ndef_conf: raise Exception("WPS config token not within NDEF encapsulated one") conf = hapd.request("WPS_NFC_CONFIG_TOKEN FOO").rstrip() if "FAIL" not in conf: raise Exception("Invalid WPS_NFC_CONFIG_TOKEN accepted")
def test_nfc_wps_password_token_sta(dev, apdev): """NFC tag with password token on the station/Enrollee""" ssid = "test-wps-nfc-pw-token-conf" params = ap_wps_params(ssid) hapd = hostapd.add_ap(apdev[0], params) logger.info("WPS provisioning step using password token from station") wps = dev[0].request("WPS_NFC_TOKEN WPS").rstrip() if "FAIL" in wps: raise Exception("Failed to generate password token (WPS only)") pw = dev[0].request("WPS_NFC_TOKEN NDEF").rstrip() if "FAIL" in pw: raise Exception("Failed to generate password token") res = hapd.request("WPS_NFC_TAG_READ " + pw) if "FAIL" in res: raise Exception("Failed to provide NFC tag contents to hostapd") dev[0].dump_monitor() res = dev[0].request("WPS_NFC") if "FAIL" in res: raise Exception("Failed to start Enrollee using NFC password token") dev[0].wait_connected(timeout=30) check_wpa2_connection(dev[0], apdev[0], hapd, ssid) if "FAIL" not in hapd.request("WPS_NFC_TAG_READ 0"): raise Exception("Invalid WPS_NFC_TAG_READ accepted") if "FAIL" not in hapd.request("WPS_NFC_TAG_READ 0q"): raise Exception("Invalid WPS_NFC_TAG_READ accepted") with alloc_fail(hapd, 1, "wpabuf_alloc;hostapd_ctrl_iface_wps_nfc_tag_read"): if "FAIL" not in hapd.request("WPS_NFC_TAG_READ 00"): raise Exception("WPS_NFC_TAG_READ accepted during OOM")
def test_nfc_wps_handover_errors(dev, apdev): """WPS AP NFC handover report error cases""" ssid = "test-wps-nfc-handover" hapd = hostapd.add_ap(apdev[0], {"ssid": ssid, "eap_server": "1", "wps_state": "1"}) sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip() if "FAIL" in sel: raise Exception("Failed to generate NFC connection handover select") if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER "): raise Exception("Unexpected handover report success") if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP"): raise Exception("Unexpected handover report success") if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS"): raise Exception("Unexpected handover report success") if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS 001122"): raise Exception("Unexpected handover report success") if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS 001122 00"): raise Exception("Unexpected handover report success") if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS 0 00"): raise Exception("Unexpected handover report success") if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS 001122 0"): raise Exception("Unexpected handover report success") if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS 00q122 001122"): raise Exception("Unexpected handover report success") if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS 001122 001q22"): raise Exception("Unexpected handover report success") if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP FOO 001122 00"): raise Exception("Unexpected handover report success") for i in range(1, 3): with alloc_fail(hapd, i, "wpabuf_alloc;hostapd_ctrl_iface_nfc_report_handover"): if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS 001122 001122"): raise Exception("NFC_REPORT_HANDOVER RESP succeeded during OOM")
def test_ap_acs_errors(dev, apdev): """Automatic channel selection failures""" clear_scan_cache(apdev[0]) force_prev_ap_on_24g(apdev[0]) params = hostapd.wpa2_params(ssid="test-acs", passphrase="12345678") params['channel'] = '0' params['acs_num_scans'] = '2' params['chanlist'] = '1' hapd = hostapd.add_ap(apdev[0], params, no_enable=True) with alloc_fail(hapd, 1, "acs_request_scan"): if "FAIL" not in hapd.request("ENABLE"): raise Exception("Unexpected success for ENABLE") hapd.dump_monitor() with fail_test(hapd, 1, "acs_request_scan"): if "FAIL" not in hapd.request("ENABLE"): raise Exception("Unexpected success for ENABLE") hapd.dump_monitor() with fail_test(hapd, 1, "acs_scan_complete"): hapd.enable() ev = hapd.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=10) if not ev: raise Exception("ACS start timed out") hapd.dump_monitor() with fail_test(hapd, 1, "acs_request_scan;acs_scan_complete"): hapd.enable() ev = hapd.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=10) if not ev: raise Exception("ACS start timed out")
def test_nfc_wps_handover_errors(dev, apdev): """WPS AP NFC handover report error cases""" ssid = "test-wps-nfc-handover" hapd = hostapd.add_ap(apdev[0], { "ssid": ssid, "eap_server": "1", "wps_state": "1" }) sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip() if "FAIL" in sel: raise Exception("Failed to generate NFC connection handover select") if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER "): raise Exception("Unexpected handover report success") if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP"): raise Exception("Unexpected handover report success") if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS"): raise Exception("Unexpected handover report success") if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS 001122"): raise Exception("Unexpected handover report success") if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS 001122 00"): raise Exception("Unexpected handover report success") if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS 0 00"): raise Exception("Unexpected handover report success") if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS 001122 0"): raise Exception("Unexpected handover report success") if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS 00q122 001122"): raise Exception("Unexpected handover report success") if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS 001122 001q22"): raise Exception("Unexpected handover report success") if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP FOO 001122 00"): raise Exception("Unexpected handover report success") for i in range(1, 3): with alloc_fail(hapd, i, "wpabuf_alloc;hostapd_ctrl_iface_nfc_report_handover"): if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS 001122 001122"): raise Exception("NFC_REPORT_HANDOVER RESP succeeded during OOM")
def test_ibss_rsn_oom(dev): """IBSS RSN OOM during wpa_init""" with alloc_fail(dev[0], 1, "wpa_init"): ssid="ibss-rsn" id = add_ibss_rsn(dev[0], ssid) connect_ibss_cmd(dev[0], id) bssid0 = wait_ibss_connection(dev[0])
def hapd_bss_out_of_mem(hapd, phy, confname, count, func): with alloc_fail(hapd, count, func): hapd_global = hostapd.HostapdGlobal() res = hapd_global.ctrl.request("ADD bss_config=" + phy + ":" + confname) if "OK" in res: raise Exception("add_bss succeeded")
def test_bgscan_learn_oom(dev, apdev): """bgscan_learn OOM""" hapd = hostapd.add_ap(apdev[0], {"ssid": "bgscan"}) with alloc_fail(dev[0], 1, "bgscan_learn_init"): dev[0].connect("bgscan", key_mgmt="NONE", scan_freq="2412", bgscan="learn:1:-20:2")
def test_eap_teap_errors2(dev, apdev): """EAP-TEAP local errors 2 (Basic-Password-Auth specific)""" check_eap_capa(dev[0], "TEAP") check_eap_capa(dev[0], "MSCHAPV2") params = int_teap_server_params(eap_teap_auth="1") hapd = hostapd.add_ap(apdev[0], params) tests = [(1, "eap_teap_tlv_pac_ack"), (1, "eap_teap_process_basic_auth_req")] for count, func in tests: with alloc_fail(dev[0], count, func): dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", scan_freq="2412", eap="TEAP", identity="user", password="******", anonymous_identity="TEAP", phase1="teap_provisioning=2", ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2", pac_file="blob://teap_pac", wait_connect=False) wait_eap_proposed(dev[0], wait_trigger="GET_ALLOC_FAIL") tests = [(1, "eap_teap_derive_cmk_basic_pw_auth")] for count, func in tests: with fail_test(dev[0], count, func): dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", scan_freq="2412", eap="TEAP", identity="user", password="******", anonymous_identity="TEAP", phase1="teap_provisioning=2", ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2", pac_file="blob://teap_pac", wait_connect=False) wait_eap_proposed(dev[0], wait_trigger="GET_FAIL")
def test_nfc_wps_handover_failure(dev, apdev): """Connect to WPS AP with NFC connection handover (local failure)""" ssid = "test-wps-nfc-handover" params = ap_wps_params(ssid) hapd = hostapd.add_ap(apdev[0], params) logger.info("NFC connection handover") req = dev[0].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip() if "FAIL" in req: raise Exception("Failed to generate NFC connection handover request") sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip() if "FAIL" in sel: raise Exception("Failed to generate NFC connection handover select") res = hapd.request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel) if "FAIL" in res: raise Exception( "Failed to report NFC connection handover to to hostapd") dev[0].dump_monitor() with alloc_fail(hapd, 1, "wpabuf_dup;wps_build_public_key"): res = dev[0].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel) if "FAIL" in res: raise Exception( "Failed to report NFC connection handover to to wpa_supplicant" ) ev = dev[0].wait_event(["WPS-FAIL"], timeout=10) if ev is None: raise Exception("WPS failure not reported")
def test_tnc_peap_soh_errors(dev, apdev): """TNC PEAP-SoH local error cases""" params = int_eap_server_params() params["tnc"] = "1" hostapd.add_ap(apdev[0], params) tests = [ (1, "tncc_build_soh"), (1, "eap_msg_alloc;=eap_peap_phase2_request") ] for count, func in tests: with alloc_fail(dev[0], count, func): dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="PEAP", identity="user", password="******", ca_cert="auth_serv/ca.pem", phase1="peapver=0 tnc=soh cryptobinding=0", phase2="auth=MSCHAPV2", scan_freq="2412", wait_connect=False) wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") dev[0].request("REMOVE_NETWORK all") dev[0].wait_disconnected() with fail_test(dev[0], 1, "os_get_random;tncc_build_soh"): dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="PEAP", identity="user", password="******", ca_cert="auth_serv/ca.pem", phase1="peapver=0 tnc=soh cryptobinding=0", phase2="auth=MSCHAPV2", scan_freq="2412", wait_connect=False) wait_fail_trigger(dev[0], "GET_FAIL") dev[0].request("REMOVE_NETWORK all") dev[0].wait_disconnected()
def test_ap_qosmap_invalid(dev, apdev): """QoS mapping ctrl_iface error handling""" ssid = "test-qosmap" params = { "ssid": ssid } hapd = hostapd.add_ap(apdev[0], params) if "FAIL" not in hapd.request("SEND_QOS_MAP_CONF 00:11:22:33:44:55"): raise Exception("Unexpected SEND_QOS_MAP_CONF success") if "FAIL" not in hapd.request("SET_QOS_MAP_SET "): raise Exception("Unexpected SET_QOS_MAP_SET success") if "FAIL" not in hapd.request("SET_QOS_MAP_SET 1,2,3"): raise Exception("Unexpected SET_QOS_MAP_SET success") if "FAIL" not in hapd.request("SET_QOS_MAP_SET 1,-2,3"): raise Exception("Unexpected SET_QOS_MAP_SET success") if "FAIL" not in hapd.request("SET_QOS_MAP_SET 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59"): raise Exception("Unexpected SET_QOS_MAP_SET success") if "FAIL" not in hapd.request("SET_QOS_MAP_SET 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21"): raise Exception("Unexpected SET_QOS_MAP_SET success") if "FAIL" in hapd.request("SET_QOS_MAP_SET 22,6,8,15,0,7,255,255,16,31,32,39,255,255,40,47,48,55"): raise Exception("Unexpected SET_QOS_MAP_SET failure") if "FAIL" not in hapd.request("SEND_QOS_MAP_CONF 00:11:22:33:44:55"): raise Exception("Unexpected SEND_QOS_MAP_CONF success") if "FAIL" not in hapd.request("SEND_QOS_MAP_CONF 00:11:22:33:44"): raise Exception("Unexpected SEND_QOS_MAP_CONF success") with fail_test(hapd, 1, "hostapd_ctrl_iface_set_qos_map_set"): if "FAIL" not in hapd.request("SET_QOS_MAP_SET 22,6,8,15,0,7,255,255,16,31,32,39,255,255,40,47,48,55"): raise Exception("SET_QOS_MAP_SET accepted during forced driver failure") dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412") with alloc_fail(hapd, 1, "wpabuf_alloc;hostapd_ctrl_iface_send_qos_map_conf"): if "FAIL" not in hapd.request("SEND_QOS_MAP_CONF " + dev[0].own_addr()): raise Exception("SEND_QOS_MAP_CONF accepted during OOM")
def test_ibss_rsn_oom(dev): """IBSS RSN OOM during wpa_init""" with alloc_fail(dev[0], 1, "wpa_init"): ssid = "ibss-rsn" id = add_ibss_rsn(dev[0], ssid, scan_freq=2412) connect_ibss_cmd(dev[0], id) bssid0 = wait_ibss_connection(dev[0]) dev[0].request("REMOVE_NETWORK all") dev[0].dump_monitor() with alloc_fail(dev[0], 1, "=ibss_rsn_init"): ssid = "ibss-rsn" id = add_ibss_rsn(dev[0], ssid, scan_freq=2412) connect_ibss_cmd(dev[0], id) bssid0 = wait_ibss_connection(dev[0]) dev[0].request("REMOVE_NETWORK all") dev[0].dump_monitor()
def test_tnc_ttls_errors(dev, apdev): """TNC TTLS local error cases""" if not os.path.exists("tnc/libhostap_imc.so"): raise HwsimSkip("No IMC installed") check_eap_capa(dev[0], "MSCHAPV2") params = int_eap_server_params() params["tnc"] = "1" params["fragment_size"] = "150" hostapd.add_ap(apdev[0], params) tests = [(1, "eap_ttls_process_phase2_eap;eap_ttls_process_tnc_start", "DOMAIN\mschapv2 user", "auth=MSCHAPV2"), (1, "eap_ttls_process_phase2_eap;eap_ttls_process_tnc_start", "mschap user", "auth=MSCHAP"), (1, "=eap_tnc_init", "chap user", "auth=CHAP"), (1, "tncc_init;eap_tnc_init", "pap user", "auth=PAP"), (1, "eap_msg_alloc;eap_tnc_build_frag_ack", "pap user", "auth=PAP"), (1, "eap_msg_alloc;eap_tnc_build_msg", "pap user", "auth=PAP"), (1, "wpabuf_alloc;=eap_tnc_process_fragment", "pap user", "auth=PAP"), (1, "eap_msg_alloc;=eap_tnc_process", "pap user", "auth=PAP"), (1, "wpabuf_alloc;=eap_tnc_process", "pap user", "auth=PAP"), (1, "dup_binstr;tncc_process_if_tnccs", "pap user", "auth=PAP"), (1, "tncc_get_base64;tncc_process_if_tnccs", "pap user", "auth=PAP"), (1, "tncc_if_tnccs_start", "pap user", "auth=PAP"), (1, "tncc_if_tnccs_end", "pap user", "auth=PAP"), (1, "tncc_parse_imc", "pap user", "auth=PAP"), (2, "tncc_parse_imc", "pap user", "auth=PAP"), (3, "tncc_parse_imc", "pap user", "auth=PAP"), (1, "os_readfile;tncc_read_config", "pap user", "auth=PAP"), (1, "tncc_init", "pap user", "auth=PAP"), (1, "TNC_TNCC_ReportMessageTypes", "pap user", "auth=PAP"), (1, "base64_gen_encode;?base64_encode;TNC_TNCC_SendMessage", "pap user", "auth=PAP"), (1, "=TNC_TNCC_SendMessage", "pap user", "auth=PAP"), (1, "tncc_get_base64;tncc_process_if_tnccs", "pap user", "auth=PAP")] for count, func, identity, phase2 in tests: with alloc_fail(dev[0], count, func): dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", scan_freq="2412", eap="TTLS", anonymous_identity="ttls", identity=identity, password="******", ca_cert="auth_serv/ca.pem", phase2=phase2, fragment_size="150", wait_connect=False) ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=15) if ev is None: raise Exception("Timeout on EAP start") wait_fail_trigger(dev[0], "GET_ALLOC_FAIL", note="Allocation failure not triggered for: %d:%s" % (count, func)) dev[0].request("REMOVE_NETWORK all") dev[0].wait_disconnected() dev[0].dump_monitor()
def hapd_out_of_mem(hapd, apdev, count, func): with alloc_fail(hapd, count, func): started = False try: hostapd.add_ap(apdev, { "ssid": "open" }) started = True except: pass if started: raise Exception("hostapd interface started even with memory allocation failure: %d:%s" % (count, func))
def test_gas_anqp_oom_wpas(dev, apdev): """GAS/ANQP query and OOM in wpa_supplicant""" hapd = start_ap(apdev[0]) bssid = apdev[0]['bssid'] dev[0].scan_for_bss(bssid, freq="2412", force_scan=True) with alloc_fail(dev[0], 1, "gas_build_req"): if "FAIL" not in dev[0].request("ANQP_GET " + bssid + " 258"): raise Exception("Unexpected ANQP_GET command success (OOM)")
def test_mesh_wpa_auth_init_oom(dev, apdev): """Secure mesh network setup failing due to wpa_init() OOM""" check_mesh_support(dev[0], secure=True) dev[0].request("SET sae_groups ") with alloc_fail(dev[0], 1, "wpa_init"): id = add_mesh_secure_net(dev[0]) dev[0].mesh_group_add(id) ev = dev[0].wait_event(["MESH-GROUP-STARTED"], timeout=0.2) if ev is not None: raise Exception("Unexpected mesh group start during OOM")
def test_ap_element_parse_oom(dev, apdev): """Information element parsing OOM""" bssid = apdev[0]['bssid'] ssid = "test-wpa2-psk" params = { 'ssid': ssid, 'vendor_elements': "dd0d506f9a0a00000600411c440028" } hapd = hostapd.add_ap(apdev[0], params) dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412") with alloc_fail(dev[0], 1, "wpabuf_alloc;ieee802_11_vendor_ie_concat"): bss = dev[0].get_bss(bssid) logger.info(str(bss))
def test_sae_oom_wpas(dev, apdev): """SAE and OOM in wpa_supplicant""" if "SAE" not in dev[0].get_capability("auth_alg"): raise HwsimSkip("SAE not supported") params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678") params["wpa_key_mgmt"] = "SAE" hapd = hostapd.add_ap(apdev[0]["ifname"], params) dev[0].request("SET sae_groups 25") tls = dev[0].request("GET tls_library") if "BoringSSL" in tls: dev[0].request("SET sae_groups 26") with alloc_fail(dev[0], 1, "sae_set_group"): dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE", scan_freq="2412") dev[0].request("REMOVE_NETWORK all") dev[0].request("SET sae_groups ") with alloc_fail(dev[0], 2, "sae_set_group"): dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE", scan_freq="2412") dev[0].request("REMOVE_NETWORK all")
def test_ap_element_parse_oom(dev, apdev): """Information element parsing OOM""" bssid = apdev[0]['bssid'] ssid = "test-wpa2-psk" params = {'ssid': ssid, 'vendor_elements': "dd0d506f9a0a00000600411c440028"} hapd = hostapd.add_ap(apdev[0], params) dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412") with alloc_fail(dev[0], 1, "wpabuf_alloc;ieee802_11_vendor_ie_concat"): bss = dev[0].get_bss(bssid) logger.info(str(bss))
def test_mbo_failures(dev, apdev): """MBO failure cases""" ssid = "test-wnm-mbo" params = { 'ssid': ssid, 'mbo': '1' } hapd = hostapd.add_ap(apdev[0], params) with alloc_fail(dev[0], 1, "wpas_mbo_ie"): dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412") with alloc_fail(dev[0], 1, "wpas_mbo_send_wnm_notification"): if "OK" not in dev[0].request("SET mbo_cell_capa 1"): raise Exception("Failed to set STA as cellular data capable") with fail_test(dev[0], 1, "wpas_mbo_send_wnm_notification"): if "OK" not in dev[0].request("SET mbo_cell_capa 3"): raise Exception("Failed to set STA as cellular data not-capable") with alloc_fail(dev[0], 1, "wpas_mbo_update_non_pref_chan"): if "FAIL" not in dev[0].request("SET non_pref_chan 81:7:200:3"): raise Exception("non_pref_chan value accepted during OOM") with alloc_fail(dev[0], 2, "wpas_mbo_update_non_pref_chan"): if "FAIL" not in dev[0].request("SET non_pref_chan 81:7:200:3"): raise Exception("non_pref_chan value accepted during OOM")
def test_mbo_failures(dev, apdev): """MBO failure cases""" ssid = "test-wnm-mbo" params = {'ssid': ssid, 'mbo': '1'} hapd = hostapd.add_ap(apdev[0], params) with alloc_fail(dev[0], 1, "wpas_mbo_ie"): dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412") with alloc_fail(dev[0], 1, "wpas_mbo_send_wnm_notification"): if "OK" not in dev[0].request("SET mbo_cell_capa 1"): raise Exception("Failed to set STA as cellular data capable") with fail_test(dev[0], 1, "wpas_mbo_send_wnm_notification"): if "OK" not in dev[0].request("SET mbo_cell_capa 3"): raise Exception("Failed to set STA as cellular data not-capable") with alloc_fail(dev[0], 1, "wpas_mbo_update_non_pref_chan"): if "FAIL" not in dev[0].request("SET non_pref_chan 81:7:200:3"): raise Exception("non_pref_chan value accepted during OOM") with alloc_fail(dev[0], 2, "wpas_mbo_update_non_pref_chan"): if "FAIL" not in dev[0].request("SET non_pref_chan 81:7:200:3"): raise Exception("non_pref_chan value accepted during OOM")
def test_nfc_p2p_go_neg_ip_pool_oom(dev): """NFC connection handover to form a new P2P group and IP pool OOM""" set_ip_addr_info(dev[0]) ip = dev[0].request("GET ip_addr_go") if ip != "192.168.42.1": raise Exception("Unexpected ip_addr_go returned: " + ip) dev[0].global_request("SET p2p_go_intent 10") logger.info("Perform NFC connection handover") req = dev[0].global_request("NFC_GET_HANDOVER_REQ NDEF P2P-CR").rstrip() if "FAIL" in req: raise Exception("Failed to generate NFC connection handover request") sel = dev[1].global_request("NFC_GET_HANDOVER_SEL NDEF P2P-CR").rstrip() if "FAIL" in sel: raise Exception("Failed to generate NFC connection handover select") dev[0].dump_monitor() dev[1].dump_monitor() with alloc_fail(dev[0], 1, "bitfield_alloc;wpa_init"): res = dev[1].global_request("NFC_REPORT_HANDOVER RESP P2P " + req + " " + sel) if "FAIL" in res: raise Exception( "Failed to report NFC connection handover to wpa_supplicant(resp)" ) res = dev[0].global_request("NFC_REPORT_HANDOVER INIT P2P " + req + " " + sel) if "FAIL" in res: raise Exception( "Failed to report NFC connection handover to wpa_supplicant(init)" ) ev = dev[0].wait_global_event([ "P2P-GROUP-STARTED", "P2P-GO-NEG-FAILURE", "P2P-GROUP-FORMATION-FAILURE", "WPS-PIN-NEEDED" ], timeout=15) if ev is None: raise Exception("Group formation timed out") res0 = dev[0].group_form_result(ev) ev = dev[1].wait_global_event([ "P2P-GROUP-STARTED", "P2P-GO-NEG-FAILURE", "P2P-GROUP-FORMATION-FAILURE", "WPS-PIN-NEEDED" ], timeout=1) if ev is None: raise Exception("Group formation timed out") res1 = dev[1].group_form_result(ev) logger.info("Group formed") hwsim_utils.test_connectivity_p2p(dev[0], dev[1]) if 'ip_addr' in res1: raise Exception("Unexpectedly received IP address from GO")
def test_sae_oom_wpas(dev, apdev): """SAE and OOM in wpa_supplicant""" if "SAE" not in dev[0].get_capability("auth_alg"): raise HwsimSkip("SAE not supported") params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678") params['wpa_key_mgmt'] = 'SAE' hapd = hostapd.add_ap(apdev[0], params) dev[0].request("SET sae_groups 25") tls = dev[0].request("GET tls_library") if "BoringSSL" in tls: dev[0].request("SET sae_groups 26") with alloc_fail(dev[0], 1, "sae_set_group"): dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE", scan_freq="2412") dev[0].request("REMOVE_NETWORK all") dev[0].request("SET sae_groups ") with alloc_fail(dev[0], 2, "sae_set_group"): dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE", scan_freq="2412") dev[0].request("REMOVE_NETWORK all") with alloc_fail(dev[0], 1, "wpabuf_alloc;sme_auth_build_sae_commit"): dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE", scan_freq="2412") dev[0].request("REMOVE_NETWORK all") with alloc_fail(dev[0], 1, "wpabuf_alloc;sme_auth_build_sae_confirm"): dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE", scan_freq="2412", wait_connect=False) wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") dev[0].request("REMOVE_NETWORK all") with alloc_fail(dev[0], 1, "=sme_authenticate"): dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE", scan_freq="2412", wait_connect=False) wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") dev[0].request("REMOVE_NETWORK all") with alloc_fail(dev[0], 1, "radio_add_work;sme_authenticate"): dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE", scan_freq="2412", wait_connect=False) wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") dev[0].request("REMOVE_NETWORK all")
def test_ap_config_eap_user_file_parsing(dev, apdev, params): """hostapd eap_user_file parsing""" tmp = os.path.join(params['logdir'], 'ap_vlan_file_parsing.tmp') hapd = hostapd.add_ap(apdev[0], { "ssid": "foobar" }) for i in range(2): if "OK" not in hapd.request("SET eap_user_file auth_serv/eap_user.conf"): raise Exception("eap_user_file rejected") tests = [ "#\n\n*\tTLS\nradius_accept_attr=:", "foo\n", "\"foo\n", "\"foo\"\n", "\"foo\" FOOBAR\n", "\"foo\" " + 10*"TLS," + "TLS \"\n", "\"foo\" TLS \nfoo\n", "\"foo\" PEAP hash:foo\n", "\"foo\" PEAP hash:8846f7eaee8fb117ad06bdd830b7586q\n", "\"foo\" PEAP 01020\n", "\"foo\" PEAP 010q\n", "\"foo\" TLS\nradius_accept_attr=123:x:012\n", "\"foo\" TLS\nradius_accept_attr=123:x:012q\n", "\"foo\" TLS\nradius_accept_attr=123:Q:01\n", "\"foo\" TLS\nradius_accept_attr=123\nfoo\n" ] for t in tests: with open(tmp, "w") as f: f.write(t) if "FAIL" not in hapd.request("SET eap_user_file " + tmp): raise Exception("Invalid eap_user_file accepted") tests = [ ("\"foo\" TLS\n", 2, "hostapd_config_read_eap_user"), ("\"foo\" PEAP \"foo\"\n", 3, "hostapd_config_read_eap_user"), ("\"foo\" PEAP hash:8846f7eaee8fb117ad06bdd830b75861\n", 3, "hostapd_config_read_eap_user"), ("\"foo\" PEAP 0102\n", 3, "hostapd_config_read_eap_user"), ("\"foo\" TLS\nradius_accept_attr=123\n", 1, "=hostapd_parse_radius_attr"), ("\"foo\" TLS\nradius_accept_attr=123\n", 1, "wpabuf_alloc;hostapd_parse_radius_attr"), ("\"foo\" TLS\nradius_accept_attr=123:s:foo\n", 2, "hostapd_parse_radius_attr"), ("\"foo\" TLS\nradius_accept_attr=123:x:0102\n", 2, "hostapd_parse_radius_attr"), ("\"foo\" TLS\nradius_accept_attr=123:d:1\n", 2, "hostapd_parse_radius_attr"), ("* TLS\n", 1, "hostapd_config_read_eap_user") ] for t, count, func in tests: with alloc_fail(hapd, count, func): with open(tmp, "w") as f: f.write(t) if "FAIL" not in hapd.request("SET eap_user_file " + tmp): raise Exception("eap_user_file accepted during OOM")
def test_macsec_psk_fail_cp2(dev, apdev): """MACsec PSK local failures in CP state machine (2)""" try: add_veth() wpa = add_wpas_interfaces() set_mka_psk_config(wpa[0]) with alloc_fail(wpa[1], 1, "ieee802_1x_cp_sm_init"): set_mka_psk_config(wpa[1]) wait_fail_trigger(wpa[1], "GET_ALLOC_FAIL", max_iter=100) wait_mka_done(wpa) finally: cleanup_macsec()
def test_bgscan_simple_scan_failure(dev, apdev): """bgscan_simple and scan failure""" hapd = hostapd.add_ap(apdev[0], {"ssid": "bgscan"}) dev[0].connect("bgscan", key_mgmt="NONE", scan_freq="2412", bgscan="simple:1:-20:2") with alloc_fail(dev[0], 1, "wpa_supplicant_trigger_scan;bgscan_simple_timeout"): ev = dev[0].wait_event(["CTRL-EVENT-SCAN-FAILED"], timeout=10) if ev is None: raise Exception("No scan failure reported") ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 10) if ev is None: raise Exception("Scanning not continued after failure")
def test_ap_pmf_sta_sa_query_oom(dev, apdev): """WPA2-PSK AP with station using SA Query (OOM)""" ssid = "assoc-comeback" addr = dev[0].own_addr() wpas = start_wpas_ap(ssid) dev[0].connect(ssid, psk="12345678", ieee80211w="1", key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2", scan_freq="2412") with alloc_fail(dev[0], 1, "=sme_sa_query_timer"): wpas.request("DEAUTHENTICATE " + addr + " reason=6 test=0") wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") dev[0].request("DISCONNECT") wpas.request("DISCONNECT") dev[0].wait_disconnected()
def test_sae_oom_wpas(dev, apdev): """SAE and OOM in wpa_supplicant""" if "SAE" not in dev[0].get_capability("auth_alg"): raise HwsimSkip("SAE not supported") params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678") params['wpa_key_mgmt'] = 'SAE' hapd = hostapd.add_ap(apdev[0]['ifname'], params) dev[0].request("SET sae_groups 25") with alloc_fail(dev[0], 1, "sae_set_group"): dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE", scan_freq="2412") dev[0].request("REMOVE_NETWORK all") dev[0].request("SET sae_groups ") with alloc_fail(dev[0], 2, "sae_set_group"): dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE", scan_freq="2412") dev[0].request("REMOVE_NETWORK all")
def test_ap_vlan_file_parsing(dev, apdev, params): """hostapd vlan_file/mac_file parsing""" tmp = os.path.join(params['logdir'], 'ap_vlan_file_parsing.tmp') params = { "ssid": "test-vlan-open", "dynamic_vlan": "1" } hapd = hostapd.add_ap(apdev[0], params) tests = [ "#\n\n0\t11\n", "* ", "1 netdev12345678901234567890" ] for t in tests: with open(tmp, "w") as f: f.write(t) if "FAIL" not in hapd.request("SET vlan_file " + tmp): raise Exception("Invalid vlan_file accepted") with open(tmp, "w") as f: f.write("1\tvlan\n") with alloc_fail(hapd, 1, "=hostapd_config_read_vlan_file"): if "FAIL" not in hapd.request("SET vlan_file " + tmp): raise Exception("vlan_file accepted during OOM") tests = [ "#\n\n0\tvlan\n", "4095\tvlan\n", "vlan\n", "1\t1234567890abcdef1234567890\n", "1\n" ] for t in tests: with open(tmp, "w") as f: f.write(t) if "FAIL" not in hapd.request("SET accept_mac_file " + tmp): raise Exception("Invalid accept_mac_file accepted") with open(tmp, "w") as f: f.write("00:11:22:33:44:55\n") with alloc_fail(hapd, 1, "hostapd_config_read_maclist"): if "FAIL" not in hapd.request("SET accept_mac_file " + tmp): raise Exception("accept_mac_file accepted during OOM")
def test_pmksa_cache_preauth_wpas_oom(dev, apdev): """RSN pre-authentication OOM in wpa_supplicant""" params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") hapd = hostapd.add_ap(apdev[0], params) eap_connect(dev[0], hapd, "PAX", "*****@*****.**", password_hex="0123456789abcdef0123456789abcdef", bssid=apdev[0]['bssid']) for i in range(1, 11): with alloc_fail(dev[0], i, "rsn_preauth_init"): res = dev[0].request("PREAUTH f2:11:22:33:44:55").strip() logger.info("Iteration %d - PREAUTH command results: %s" % (i, res)) for j in range(10): state = dev[0].request('GET_ALLOC_FAIL') if state.startswith('0:'): break time.sleep(0.05)