def test_ap_cipher_tkip_countermeasures_ap(dev, apdev): """WPA-PSK/TKIP countermeasures (detected by AP)""" skip_with_fips(dev[0]) testfile = "/sys/kernel/debug/ieee80211/%s/netdev:%s/tkip_mic_test" % (dev[0].get_driver_status_field("phyname"), dev[0].ifname) if not os.path.exists(testfile): raise HwsimSkip("tkip_mic_test not supported in mac80211") params = { "ssid": "tkip-countermeasures", "wpa_passphrase": "12345678", "wpa": "1", "wpa_key_mgmt": "WPA-PSK", "wpa_pairwise": "TKIP" } hapd = hostapd.add_ap(apdev[0]['ifname'], params) dev[0].connect("tkip-countermeasures", psk="12345678", pairwise="TKIP", group="TKIP", scan_freq="2412") dev[0].dump_monitor() with open(testfile, "w") as f: f.write(apdev[0]['bssid']) ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1) if ev is not None: raise Exception("Unexpected disconnection on first Michael MIC failure") with open(testfile, "w") as f: f.write("ff:ff:ff:ff:ff:ff") ev = dev[0].wait_disconnected(timeout=10, error="No disconnection after two Michael MIC failures") if "reason=14" not in ev: raise Exception("Unexpected disconnection reason: " + ev) ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1) if ev is not None: raise Exception("Unexpected connection during TKIP countermeasures")
def test_ap_ft_oom(dev, apdev): """WPA2-PSK-FT and OOM""" skip_with_fips(dev[0]) ssid = "test-ft" passphrase="12345678" params = ft_params1(ssid=ssid, passphrase=passphrase) hapd0 = hostapd.add_ap(apdev[0], params) params = ft_params2(ssid=ssid, passphrase=passphrase) hapd1 = hostapd.add_ap(apdev[1], params) dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", scan_freq="2412") if dev[0].get_status_field('bssid') == apdev[0]['bssid']: dst = apdev[1]['bssid'] else: dst = apdev[0]['bssid'] dev[0].scan_for_bss(dst, freq="2412") with alloc_fail(dev[0], 1, "wpa_ft_gen_req_ies"): dev[0].roam(dst) with fail_test(dev[0], 1, "wpa_ft_mic"): dev[0].roam(dst, fail_test=True) with fail_test(dev[0], 1, "os_get_random;wpa_ft_prepare_auth_request"): dev[0].roam(dst, fail_test=True)
def test_wext_wpa_psk(dev, apdev): """WEXT driver interface with WPA-PSK""" skip_with_fips(dev[0]) wpas = get_wext_interface() params = hostapd.wpa_params(ssid="wext-wpa-psk", passphrase="12345678") hapd = hostapd.add_ap(apdev[0], params) testfile = "/sys/kernel/debug/ieee80211/%s/netdev:%s/tkip_mic_test" % (hapd.get_driver_status_field("phyname"), apdev[0]['ifname']) if not os.path.exists(testfile): wpas.close_ctrl() raise HwsimSkip("tkip_mic_test not supported in mac80211") wpas.connect("wext-wpa-psk", psk="12345678") hwsim_utils.test_connectivity(wpas, hapd) with open(testfile, "w") as f: f.write(wpas.p2p_interface_addr()) ev = wpas.wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1) if ev is not None: raise Exception("Unexpected disconnection on first Michael MIC failure") with open(testfile, "w") as f: f.write("ff:ff:ff:ff:ff:ff") ev = wpas.wait_disconnected(timeout=10, error="No disconnection after two Michael MIC failures") if "reason=14 locally_generated=1" not in ev: raise Exception("Unexpected disconnection reason: " + ev)
def test_hapd_dup_network_global_wpa(dev, apdev): """hostapd and DUP_NETWORK command (WPA)""" skip_with_fips(dev[0]) psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6' src_ssid = "hapd-ctrl-src" dst_ssid = "hapd-ctrl-dst" src_params = hostapd.wpa_params(ssid=src_ssid) src_params['wpa_psk'] = psk src_ifname = apdev[0]['ifname'] src_hapd = hostapd.add_ap(apdev[0], src_params) dst_params = { "ssid": dst_ssid } dst_ifname = apdev[1]['ifname'] dst_hapd = hostapd.add_ap(apdev[1], dst_params, no_enable=True) hapd_global = hostapd.HostapdGlobal() for param in [ "wpa", "wpa_psk", "wpa_key_mgmt", "wpa_pairwise" ]: dup_network(hapd_global, src_ifname, dst_ifname, param) dst_hapd.enable() dev[0].connect(dst_ssid, raw_psk=psk, proto="WPA", pairwise="TKIP", scan_freq="2412") addr = dev[0].own_addr() if "FAIL" in dst_hapd.request("STA " + addr): raise Exception("Could not connect using duplicated wpa params")
def test_peerkey_pairwise_mismatch(dev, apdev): """RSN TKIP+CCMP AP and PeerKey between two STAs using different ciphers""" skip_with_fips(dev[0]) ssid = "test-peerkey" passphrase = "12345678" params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) params['peerkey'] = "1" params['rsn_pairwise'] = "TKIP CCMP" hapd = hostapd.add_ap(apdev[0], params) Wlantest.setup(hapd) wt = Wlantest() wt.flush() wt.add_passphrase("12345678") dev[0].connect(ssid, psk=passphrase, scan_freq="2412", peerkey=True, pairwise="CCMP") dev[1].connect(ssid, psk=passphrase, scan_freq="2412", peerkey=True, pairwise="TKIP") hwsim_utils.test_connectivity_sta(dev[0], dev[1]) dev[0].request("STKSTART " + dev[1].p2p_interface_addr()) time.sleep(0.5) dev[1].request("STKSTART " + dev[0].p2p_interface_addr()) time.sleep(0.5)
def test_gas_concurrent_connect(dev, apdev): """Generic GAS queries with concurrent connection operation""" skip_with_fips(dev[0]) bssid = apdev[0]['bssid'] params = hs20_ap_params() params['hessid'] = bssid hostapd.add_ap(apdev[0], params) dev[0].scan_for_bss(bssid, freq="2412", force_scan=True) logger.debug("Start concurrent connect and GAS request") dev[0].connect("test-gas", key_mgmt="WPA-EAP", eap="TTLS", identity="DOMAIN\mschapv2 user", anonymous_identity="ttls", password="******", phase2="auth=MSCHAPV2", ca_cert="auth_serv/ca.pem", wait_connect=False, scan_freq="2412") req = dev[0].request("GAS_REQUEST " + bssid + " 00 000102000101") if "FAIL" in req: raise Exception("GAS query request rejected") ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED", "GAS-RESPONSE-INFO"], timeout=20) if ev is None: raise Exception("Operation timed out") if "CTRL-EVENT-CONNECTED" not in ev: raise Exception("Unexpected operation order") ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED", "GAS-RESPONSE-INFO"], timeout=20) if ev is None: raise Exception("Operation timed out") if "GAS-RESPONSE-INFO" not in ev: raise Exception("Unexpected operation order") get_gas_response(dev[0], bssid, ev) dev[0].request("DISCONNECT") dev[0].wait_disconnected(timeout=5) logger.debug("Wait six seconds for expiration of connect-without-scan") time.sleep(6) dev[0].dump_monitor() logger.debug("Start concurrent GAS request and connect") req = dev[0].request("GAS_REQUEST " + bssid + " 00 000102000101") if "FAIL" in req: raise Exception("GAS query request rejected") dev[0].request("RECONNECT") ev = dev[0].wait_event(["GAS-RESPONSE-INFO"], timeout=10) if ev is None: raise Exception("Operation timed out") get_gas_response(dev[0], bssid, ev) ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=20) if ev is None: raise Exception("No new scan results reported") ev = dev[0].wait_connected(timeout=20, error="Operation tiemd out") if "CTRL-EVENT-CONNECTED" not in ev: raise Exception("Unexpected operation order")
def test_ap_cipher_tkip_countermeasures_sta(dev, apdev): """WPA-PSK/TKIP countermeasures (detected by STA)""" skip_with_fips(dev[0]) params = { "ssid": "tkip-countermeasures", "wpa_passphrase": "12345678", "wpa": "1", "wpa_key_mgmt": "WPA-PSK", "wpa_pairwise": "TKIP" } hapd = hostapd.add_ap(apdev[0], params) testfile = "/sys/kernel/debug/ieee80211/%s/netdev:%s/tkip_mic_test" % (hapd.get_driver_status_field("phyname"), apdev[0]['ifname']) if hapd.cmd_execute([ "ls", testfile ])[0] != 0: raise HwsimSkip("tkip_mic_test not supported in mac80211") dev[0].connect("tkip-countermeasures", psk="12345678", pairwise="TKIP", group="TKIP", scan_freq="2412") dev[0].dump_monitor() hapd.cmd_execute([ "echo", "-n", dev[0].own_addr(), ">", testfile ], shell=True) ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1) if ev is not None: raise Exception("Unexpected disconnection on first Michael MIC failure") hapd.cmd_execute([ "echo", "-n", "ff:ff:ff:ff:ff:ff", ">", testfile ], shell=True) ev = dev[0].wait_disconnected(timeout=10, error="No disconnection after two Michael MIC failures") if "reason=14 locally_generated=1" not in ev: raise Exception("Unexpected disconnection reason: " + ev) ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1) if ev is not None: raise Exception("Unexpected connection during TKIP countermeasures")
def test_ap_wpa_mixed_tdls(dev, apdev): """WPA+WPA2-PSK AP and two stations using TDLS""" skip_with_fips(dev[0]) hapd = hostapd.add_ap(apdev[0], hostapd.wpa_mixed_params(ssid="test-wpa-mixed-psk", passphrase="12345678")) wlantest_setup(hapd) connect_2sta_wpa_psk_mixed(dev, hapd) setup_tdls(dev[0], dev[1], hapd) teardown_tdls(dev[0], dev[1], hapd) setup_tdls(dev[1], dev[0], hapd)
def test_ap_cipher_mixed_wpa_wpa2(dev, apdev): """WPA2-PSK/CCMP/ and WPA-PSK/TKIP mixed configuration""" skip_with_fips(dev[0]) ssid = "test-wpa-wpa2-psk" passphrase = "12345678" params = { "ssid": ssid, "wpa_passphrase": passphrase, "wpa": "3", "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP", "wpa_pairwise": "TKIP" } hapd = hostapd.add_ap(apdev[0], params) dev[0].connect(ssid, psk=passphrase, proto="WPA2", pairwise="CCMP", group="TKIP", scan_freq="2412") status = dev[0].get_status() if status['key_mgmt'] != 'WPA2-PSK': raise Exception("Incorrect key_mgmt reported") if status['pairwise_cipher'] != 'CCMP': raise Exception("Incorrect pairwise_cipher reported") if status['group_cipher'] != 'TKIP': raise Exception("Incorrect group_cipher reported") bss = dev[0].get_bss(apdev[0]['bssid']) if bss['ssid'] != ssid: raise Exception("Unexpected SSID in the BSS entry") if "[WPA-PSK-TKIP]" not in bss['flags']: raise Exception("Missing BSS flag WPA-PSK-TKIP") if "[WPA2-PSK-CCMP]" not in bss['flags']: raise Exception("Missing BSS flag WPA2-PSK-CCMP") hapd.wait_sta() hwsim_utils.test_connectivity(dev[0], hapd) dev[1].connect(ssid, psk=passphrase, proto="WPA", pairwise="TKIP", group="TKIP", scan_freq="2412") status = dev[1].get_status() if status['key_mgmt'] != 'WPA-PSK': raise Exception("Incorrect key_mgmt reported") if status['pairwise_cipher'] != 'TKIP': raise Exception("Incorrect pairwise_cipher reported") if status['group_cipher'] != 'TKIP': raise Exception("Incorrect group_cipher reported") hapd.wait_sta() hwsim_utils.test_connectivity(dev[1], hapd) hwsim_utils.test_connectivity(dev[0], dev[1])
def test_ap_wpa_mixed_tdls(dev, apdev): """WPA+WPA2-PSK AP and two stations using TDLS""" skip_with_fips(dev[0]) hapd = hostapd.add_ap( apdev[0], hostapd.wpa_mixed_params(ssid="test-wpa-mixed-psk", passphrase="12345678")) wlantest_setup(hapd) connect_2sta_wpa_psk_mixed(dev, hapd) setup_tdls(dev[0], dev[1], hapd) teardown_tdls(dev[0], dev[1], hapd) setup_tdls(dev[1], dev[0], hapd)
def test_ext_password_interworking(dev, apdev): """External password storage for Interworking network selection""" skip_with_fips(dev[0]) bssid = apdev[0]['bssid'] params = hs20_ap_params() hostapd.add_ap(apdev[0], params) dev[0].hs20_enable() dev[0].request("SET ext_password_backend test:pw1=password") id = dev[0].add_cred_values({'realm': "example.com", 'username': "******"}) dev[0].set_cred(id, "password", "ext:pw1") interworking_select(dev[0], bssid, freq="2412") interworking_connect(dev[0], bssid, "TTLS")
def test_ext_password_interworking(dev, apdev): """External password storage for Interworking network selection""" skip_with_fips(dev[0]) bssid = apdev[0]['bssid'] params = hs20_ap_params() hostapd.add_ap(apdev[0]['ifname'], params) dev[0].hs20_enable() dev[0].request("SET ext_password_backend test:pw1=password") id = dev[0].add_cred_values({ 'realm': "example.com", 'username': "******" }) dev[0].set_cred(id, "password", "ext:pw1") interworking_select(dev[0], bssid, freq="2412") interworking_connect(dev[0], bssid, "TTLS")
def test_ieee8021x_and_wpa_enabled(dev, apdev): """IEEE 802.1X connection using dynamic WEP104 when WPA enabled""" skip_with_fips(dev[0]) params = hostapd.radius_params() params["ssid"] = "ieee8021x-wep" params["ieee8021x"] = "1" params["wep_key_len_broadcast"] = "13" params["wep_key_len_unicast"] = "13" hapd = hostapd.add_ap(apdev[0], params) dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X WPA-EAP", eap="PSK", identity="*****@*****.**", password_hex="0123456789abcdef0123456789abcdef", scan_freq="2412") hwsim_utils.test_connectivity(dev[0], hapd)
def test_ieee8021x_wep_index_workaround(dev, apdev): """IEEE 802.1X and EAPOL-Key index workaround""" skip_with_fips(dev[0]) params = hostapd.radius_params() params["ssid"] = "ieee8021x-wep" params["ieee8021x"] = "1" params["wep_key_len_broadcast"] = "5" params["eapol_key_index_workaround"] = "1" hapd = hostapd.add_ap(apdev[0], params) dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X", eapol_flags="1", eap="PSK", identity="*****@*****.**", password_hex="0123456789abcdef0123456789abcdef", scan_freq="2412")
def test_ieee8021x_and_wpa_enabled(dev, apdev): """IEEE 802.1X connection using dynamic WEP104 when WPA enabled""" skip_with_fips(dev[0]) params = hostapd.radius_params() params["ssid"] = "ieee8021x-wep" params["ieee8021x"] = "1" params["wep_key_len_broadcast"] = "13" params["wep_key_len_unicast"] = "13" hapd = hostapd.add_ap(apdev[0], params) dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X WPA-EAP", eap="PSK", identity="*****@*****.**", password_hex="0123456789abcdef0123456789abcdef", scan_freq="2412") hwsim_utils.test_connectivity(dev[0], hapd)
def test_ieee8021x_wep_index_workaround(dev, apdev): """IEEE 802.1X and EAPOL-Key index workaround""" skip_with_fips(dev[0]) params = hostapd.radius_params() params["ssid"] = "ieee8021x-wep" params["ieee8021x"] = "1" params["wep_key_len_broadcast"] = "5" params["eapol_key_index_workaround"] = "1" hapd = hostapd.add_ap(apdev[0], params) dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X", eapol_flags="1", eap="PSK", identity="*****@*****.**", password_hex="0123456789abcdef0123456789abcdef", scan_freq="2412")
def test_ap_multi_bss_acs(dev, apdev): """hostapd start with a multi-BSS configuration file using ACS""" skip_with_fips(dev[0]) force_prev_ap_on_24g(apdev[0]) # start the actual test hapd = hostapd.add_iface(apdev[0], 'multi-bss-acs.conf') hapd.enable() wait_acs(hapd) freq = hapd.get_status_field("freq") if int(freq) < 2400: raise Exception("Unexpected frequency") dev[0].connect("bss-1", key_mgmt="NONE", scan_freq=freq) dev[1].connect("bss-2", psk="12345678", scan_freq=freq) dev[2].connect("bss-3", psk="qwertyuiop", scan_freq=freq)
def test_ap_cipher_tkip_countermeasures_ap_mixed_mode(dev, apdev): """WPA+WPA2-PSK/TKIP countermeasures (detected by mixed mode AP)""" skip_with_fips(dev[0]) testfile = "/sys/kernel/debug/ieee80211/%s/netdev:%s/tkip_mic_test" % (dev[0].get_driver_status_field("phyname"), dev[0].ifname) if dev[0].cmd_execute([ "ls", testfile ])[0] != 0: raise HwsimSkip("tkip_mic_test not supported in mac80211") params = { "ssid": "tkip-countermeasures", "wpa_passphrase": "12345678", "wpa": "3", "wpa_key_mgmt": "WPA-PSK", "wpa_pairwise": "TKIP", "rsn_pairwise": "CCMP" } hapd = hostapd.add_ap(apdev[0], params) dev[0].connect("tkip-countermeasures", psk="12345678", pairwise="TKIP", group="TKIP", scan_freq="2412") dev[1].connect("tkip-countermeasures", psk="12345678", pairwise="CCMP", scan_freq="2412") dev[0].dump_monitor() dev[0].cmd_execute([ "echo", "-n", apdev[0]['bssid'], ">", testfile ], shell=True) ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1) if ev is not None: raise Exception("Unexpected disconnection on first Michael MIC failure") dev[0].cmd_execute([ "echo", "-n", "ff:ff:ff:ff:ff:ff", ">", testfile ], shell=True) ev = dev[0].wait_disconnected(timeout=10, error="No disconnection after two Michael MIC failures") if "reason=14" not in ev: raise Exception("Unexpected disconnection reason: " + ev) ev = dev[1].wait_disconnected(timeout=10, error="No disconnection after two Michael MIC failures (2)") if "reason=14" not in ev: raise Exception("Unexpected disconnection reason (2): " + ev) ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1) if ev is not None: raise Exception("Unexpected connection during TKIP countermeasures (1)") ev = dev[1].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1) if ev is not None: raise Exception("Unexpected connection during TKIP countermeasures (2)")
def test_ap_multi_bss_acs(dev, apdev): """hostapd start with a multi-BSS configuration file using ACS""" skip_with_fips(dev[0]) force_prev_ap_on_24g(apdev[0]) # start the actual test hapd = hostapd.add_iface(apdev[0], 'multi-bss-acs.conf') hapd.enable() wait_acs(hapd) freq = hapd.get_status_field("freq") if int(freq) < 2400: raise Exception("Unexpected frequency") dev[0].connect("bss-1", key_mgmt="NONE", scan_freq=freq) dev[1].connect("bss-2", psk="12345678", scan_freq=freq) dev[2].connect("bss-3", psk="qwertyuiop", scan_freq=freq)
def test_ieee8021x_eapol_key(dev, apdev): """IEEE 802.1X connection and EAPOL-Key protocol tests""" check_wep_capa(dev[0]) skip_with_fips(dev[0]) params = hostapd.radius_params() params["ssid"] = "ieee8021x-wep" params["ieee8021x"] = "1" params["wep_key_len_broadcast"] = "5" params["wep_key_len_unicast"] = "5" hapd = hostapd.add_ap(apdev[0], params) bssid = apdev[0]['bssid'] dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X", eap="VENDOR-TEST", identity="vendor-test", scan_freq="2412") # Hardcoded MSK from VENDOR-TEST encrkey = "1111111111111111111111111111111111111111111111111111111111111111" signkey = "2222222222222222222222222222222222222222222222222222222222222222" # EAPOL-Key replay counter does not increase send_eapol_key( dev[0], bssid, signkey, "02030031" + "010005" + "0000000000000000" + "056c22d109f29d4d9fb9b9ccbad33283" + "02", "1c636a30a4") # EAPOL-Key too large Key Length field value send_eapol_key( dev[0], bssid, signkey, "02030031" + "010021" + "ffffffffffffffff" + "056c22d109f29d4d9fb9b9ccbad33283" + "02", "1c636a30a4") # EAPOL-Key too much key data send_eapol_key( dev[0], bssid, signkey, "0203004d" + "010005" + "ffffffffffffffff" + "056c22d109f29d4d9fb9b9ccbad33283" + "02", 33 * "ff") # EAPOL-Key too little key data send_eapol_key( dev[0], bssid, signkey, "02030030" + "010005" + "ffffffffffffffff" + "056c22d109f29d4d9fb9b9ccbad33283" + "02", "1c636a30") # EAPOL-Key with no key data and too long WEP key length send_eapol_key( dev[0], bssid, signkey, "0203002c" + "010020" + "ffffffffffffffff" + "056c22d109f29d4d9fb9b9ccbad33283" + "02", "")
def test_ieee8021x_eapol_key(dev, apdev): """IEEE 802.1X connection and EAPOL-Key protocol tests""" skip_with_fips(dev[0]) params = hostapd.radius_params() params["ssid"] = "ieee8021x-wep" params["ieee8021x"] = "1" params["wep_key_len_broadcast"] = "5" params["wep_key_len_unicast"] = "5" hapd = hostapd.add_ap(apdev[0], params) bssid = apdev[0]['bssid'] dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X", eap="VENDOR-TEST", identity="vendor-test", scan_freq="2412") # Hardcoded MSK from VENDOR-TEST encrkey = "1111111111111111111111111111111111111111111111111111111111111111" signkey = "2222222222222222222222222222222222222222222222222222222222222222" # EAPOL-Key replay counter does not increase send_eapol_key(dev[0], bssid, signkey, "02030031" + "010005" + "0000000000000000" + "056c22d109f29d4d9fb9b9ccbad33283" + "02", "1c636a30a4") # EAPOL-Key too large Key Length field value send_eapol_key(dev[0], bssid, signkey, "02030031" + "010021" + "ffffffffffffffff" + "056c22d109f29d4d9fb9b9ccbad33283" + "02", "1c636a30a4") # EAPOL-Key too much key data send_eapol_key(dev[0], bssid, signkey, "0203004d" + "010005" + "ffffffffffffffff" + "056c22d109f29d4d9fb9b9ccbad33283" + "02", 33*"ff") # EAPOL-Key too little key data send_eapol_key(dev[0], bssid, signkey, "02030030" + "010005" + "ffffffffffffffff" + "056c22d109f29d4d9fb9b9ccbad33283" + "02", "1c636a30") # EAPOL-Key with no key data and too long WEP key length send_eapol_key(dev[0], bssid, signkey, "0203002c" + "010020" + "ffffffffffffffff" + "056c22d109f29d4d9fb9b9ccbad33283" + "02", "")
def test_ap_cipher_mixed_wpa_wpa2(dev, apdev): """WPA2-PSK/CCMP/ and WPA-PSK/TKIP mixed configuration""" skip_with_fips(dev[0]) ssid = "test-wpa-wpa2-psk" passphrase = "12345678" params = { "ssid": ssid, "wpa_passphrase": passphrase, "wpa": "3", "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP", "wpa_pairwise": "TKIP", } hapd = hostapd.add_ap(apdev[0]["ifname"], params) dev[0].connect(ssid, psk=passphrase, proto="WPA2", pairwise="CCMP", group="TKIP", scan_freq="2412") status = dev[0].get_status() if status["key_mgmt"] != "WPA2-PSK": raise Exception("Incorrect key_mgmt reported") if status["pairwise_cipher"] != "CCMP": raise Exception("Incorrect pairwise_cipher reported") if status["group_cipher"] != "TKIP": raise Exception("Incorrect group_cipher reported") bss = dev[0].get_bss(apdev[0]["bssid"]) if bss["ssid"] != ssid: raise Exception("Unexpected SSID in the BSS entry") if "[WPA-PSK-TKIP]" not in bss["flags"]: raise Exception("Missing BSS flag WPA-PSK-TKIP") if "[WPA2-PSK-CCMP]" not in bss["flags"]: raise Exception("Missing BSS flag WPA2-PSK-CCMP") hwsim_utils.test_connectivity(dev[0], hapd) dev[1].connect(ssid, psk=passphrase, proto="WPA", pairwise="TKIP", group="TKIP", scan_freq="2412") status = dev[1].get_status() if status["key_mgmt"] != "WPA-PSK": raise Exception("Incorrect key_mgmt reported") if status["pairwise_cipher"] != "TKIP": raise Exception("Incorrect pairwise_cipher reported") if status["group_cipher"] != "TKIP": raise Exception("Incorrect group_cipher reported") hwsim_utils.test_connectivity(dev[1], hapd) hwsim_utils.test_connectivity(dev[0], dev[1])
def test_ap_cipher_tkip_countermeasures_ap(dev, apdev): """WPA-PSK/TKIP countermeasures (detected by AP)""" skip_with_fips(dev[0]) testfile = "/sys/kernel/debug/ieee80211/%s/netdev:%s/tkip_mic_test" % ( dev[0].get_driver_status_field("phyname"), dev[0].ifname) if not os.path.exists(testfile): raise HwsimSkip("tkip_mic_test not supported in mac80211") params = { "ssid": "tkip-countermeasures", "wpa_passphrase": "12345678", "wpa": "1", "wpa_key_mgmt": "WPA-PSK", "wpa_pairwise": "TKIP" } hapd = hostapd.add_ap(apdev[0]['ifname'], params) dev[0].connect("tkip-countermeasures", psk="12345678", pairwise="TKIP", group="TKIP", scan_freq="2412") dev[0].dump_monitor() with open(testfile, "w") as f: f.write(apdev[0]['bssid']) ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1) if ev is not None: raise Exception( "Unexpected disconnection on first Michael MIC failure") with open(testfile, "w") as f: f.write("ff:ff:ff:ff:ff:ff") ev = dev[0].wait_disconnected( timeout=10, error="No disconnection after two Michael MIC failures") if "reason=14" not in ev: raise Exception("Unexpected disconnection reason: " + ev) ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1) if ev is not None: raise Exception("Unexpected connection during TKIP countermeasures")
def test_ap_ft_oom(dev, apdev): """WPA2-PSK-FT and OOM""" skip_with_fips(dev[0]) ssid = "test-ft" passphrase = "12345678" params = ft_params1(ssid=ssid, passphrase=passphrase) hapd0 = hostapd.add_ap(apdev[0], params) params = ft_params2(ssid=ssid, passphrase=passphrase) hapd1 = hostapd.add_ap(apdev[1], params) dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", scan_freq="2412") if dev[0].get_status_field('bssid') == apdev[0]['bssid']: dst = apdev[1]['bssid'] else: dst = apdev[0]['bssid'] dev[0].scan_for_bss(dst, freq="2412") with alloc_fail(dev[0], 1, "wpa_ft_gen_req_ies"): dev[0].roam(dst) with fail_test(dev[0], 1, "wpa_ft_mic"): dev[0].roam(dst, fail_test=True) with fail_test(dev[0], 1, "os_get_random;wpa_ft_prepare_auth_request"): dev[0].roam(dst, fail_test=True) dev[0].request("REMOVE_NETWORK all") with alloc_fail(dev[0], 1, "=sme_update_ft_ies"): dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", scan_freq="2412")
def test_ap_cipher_tkip_countermeasures_sta2(dev, apdev, params): """WPA-PSK/TKIP countermeasures (detected by two STAs) [long]""" if not params['long']: raise HwsimSkip("Skip test case with long duration due to --long not specified") skip_with_fips(dev[0]) params = { "ssid": "tkip-countermeasures", "wpa_passphrase": "12345678", "wpa": "1", "wpa_key_mgmt": "WPA-PSK", "wpa_pairwise": "TKIP" } hapd = hostapd.add_ap(apdev[0], params) testfile = "/sys/kernel/debug/ieee80211/%s/netdev:%s/tkip_mic_test" % (hapd.get_driver_status_field("phyname"), apdev[0]['ifname']) if hapd.cmd_execute([ "ls", testfile ])[0] != 0: raise HwsimSkip("tkip_mic_test not supported in mac80211") dev[0].connect("tkip-countermeasures", psk="12345678", pairwise="TKIP", group="TKIP", scan_freq="2412") dev[0].dump_monitor() id = dev[1].connect("tkip-countermeasures", psk="12345678", pairwise="TKIP", group="TKIP", scan_freq="2412") dev[1].dump_monitor() hapd.cmd_execute([ "echo", "-n", "ff:ff:ff:ff:ff:ff", ">", testfile ], shell=True) ev = dev[0].wait_disconnected(timeout=10, error="No disconnection after two Michael MIC failure") if "reason=14" not in ev: raise Exception("Unexpected disconnection reason: " + ev) ev = dev[1].wait_disconnected(timeout=5, error="No disconnection after two Michael MIC failure") if "reason=14" not in ev: raise Exception("Unexpected disconnection reason: " + ev) ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1) if ev is not None: raise Exception("Unexpected connection during TKIP countermeasures") ev = dev[1].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1) if ev is not None: raise Exception("Unexpected connection during TKIP countermeasures") dev[0].request("REMOVE_NETWORK all") logger.info("Waiting for TKIP countermeasures to end") connected = False start = os.times()[4] while True: now = os.times()[4] if start + 70 < now: break dev[0].connect("tkip-countermeasures", psk="12345678", pairwise="TKIP", group="TKIP", scan_freq="2412", wait_connect=False) ev = dev[0].wait_event(["CTRL-EVENT-AUTH-REJECT", "CTRL-EVENT-CONNECTED"], timeout=10) if ev is None: raise Exception("No connection result") if "CTRL-EVENT-CONNECTED" in ev: connected = True break if "status_code=1" not in ev: raise Exception("Unexpected connection failure reason during TKIP countermeasures: " + ev) dev[0].request("REMOVE_NETWORK all") time.sleep(1) dev[0].dump_monitor() dev[1].dump_monitor() if not connected: raise Exception("No connection after TKIP countermeasures terminated") ev = dev[1].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1) if ev is None: dev[1].request("DISCONNECT") dev[1].select_network(id) dev[1].wait_connected()
def test_ap_mixed_security(dev, apdev): """WPA/WPA2 with PSK, EAP, SAE, FT in a single BSS""" skip_with_fips(dev[0]) dev[0].flush_scan_cache() sae = "SAE" in dev[0].get_capability("auth_alg") ssid = "test-mixed" passphrase = 'qwertyuiop' params = hostapd.wpa_mixed_params(ssid=ssid, passphrase=passphrase) params['wpa_key_mgmt'] = "WPA-PSK WPA-PSK-SHA256 WPA-EAP WPA-EAP-SHA256 SAE FT-PSK FT-EAP FT-SAE" params["ieee8021x"] = "1" params["eap_server"] = "1" params["eap_user_file"] = "auth_serv/eap_user.conf" params['nas_identifier'] = "nas1.w1.fi" hapd = hostapd.add_ap(apdev[0]['ifname'], params) dev[0].connect(ssid, key_mgmt="WPA-PSK", proto="WPA", pairwise="TKIP", psk=passphrase, scan_freq="2412") dev[1].connect(ssid, key_mgmt="WPA-EAP-SHA256", proto="WPA2", eap="GPSK", identity="gpsk user", password="******", scan_freq="2412") if sae: dev[2].connect(ssid, psk=passphrase, key_mgmt="SAE", scan_freq="2412") logger.debug(dev[0].request("SCAN_RESULTS")) bss = dev[0].get_bss(apdev[0]['bssid']) logger.debug(bss) if "[WPA-EAP+PSK-TKIP]" not in bss['flags']: raise Exception("Unexpected flags (WPA): " + bss['flags']) if sae and "[WPA2-EAP+PSK+SAE+FT/EAP+FT/PSK+FT/SAE+EAP-SHA256+PSK-SHA256-CCMP]" not in bss['flags']: raise Exception("Unexpected flags (WPA2): " + bss['flags']) if dev[0].get_status_field("key_mgmt") != "WPA-PSK": raise Exception("Unexpected key_mgmt(1)") if dev[0].get_status_field("pairwise_cipher") != "TKIP": raise Exception("Unexpected pairwise(1)") if dev[1].get_status_field("key_mgmt") != "WPA2-EAP-SHA256": raise Exception("Unexpected key_mgmt(2)") if sae and dev[2].get_status_field("key_mgmt") != "SAE": raise Exception("Unexpected key_mgmt(3)") hwsim_utils.test_connectivity(dev[0], dev[1]) if sae: hwsim_utils.test_connectivity(dev[1], dev[2]) hwsim_utils.test_connectivity(dev[0], dev[2]) for i in range(3): if i < 2 or sae: hwsim_utils.test_connectivity(dev[i], hapd) dev[i].request("DISCONNECT") dev[0].connect(ssid, key_mgmt="WPA-PSK WPA-PSK-SHA256", psk=passphrase, scan_freq="2412") dev[1].connect(ssid, key_mgmt="WPA-EAP", proto="WPA", eap="GPSK", identity="gpsk user", password="******", scan_freq="2412") if sae: dev[2].connect(ssid, key_mgmt="WPA-PSK WPA-PSK-SHA256 SAE", psk=passphrase, scan_freq="2412") if dev[0].get_status_field("key_mgmt") != "WPA2-PSK-SHA256": raise Exception("Unexpected key_mgmt(1b)") if dev[0].get_status_field("pairwise_cipher") != "CCMP": raise Exception("Unexpected pairwise(1b)") if dev[1].get_status_field("key_mgmt") != "WPA/IEEE 802.1X/EAP": raise Exception("Unexpected key_mgmt(2b)") if sae and dev[2].get_status_field("key_mgmt") != "SAE": raise Exception("Unexpected key_mgmt(3b)") for i in range(3): dev[i].request("DISCONNECT") dev[0].connect(ssid, key_mgmt="FT-PSK", psk=passphrase, scan_freq="2412") dev[1].connect(ssid, key_mgmt="FT-EAP", eap="GPSK", identity="gpsk user", password="******", scan_freq="2412") if sae: dev[2].connect(ssid, psk=passphrase, key_mgmt="FT-SAE", scan_freq="2412") if dev[0].get_status_field("key_mgmt") != "FT-PSK": raise Exception("Unexpected key_mgmt(1c)") if dev[1].get_status_field("key_mgmt") != "FT-EAP": raise Exception("Unexpected key_mgmt(2c)") if sae and dev[2].get_status_field("key_mgmt") != "FT-SAE": raise Exception("Unexpected key_mgmt(3c)")
def test_ap_cipher_tkip_countermeasures_sta2(dev, apdev, params): """WPA-PSK/TKIP countermeasures (detected by two STAs) [long]""" if not params['long']: raise HwsimSkip( "Skip test case with long duration due to --long not specified") skip_with_fips(dev[0]) params = { "ssid": "tkip-countermeasures", "wpa_passphrase": "12345678", "wpa": "1", "wpa_key_mgmt": "WPA-PSK", "wpa_pairwise": "TKIP" } hapd = hostapd.add_ap(apdev[0], params) testfile = "/sys/kernel/debug/ieee80211/%s/netdev:%s/tkip_mic_test" % ( hapd.get_driver_status_field("phyname"), apdev[0]['ifname']) if hapd.cmd_execute(["ls", testfile])[0] != 0: raise HwsimSkip("tkip_mic_test not supported in mac80211") dev[0].connect("tkip-countermeasures", psk="12345678", pairwise="TKIP", group="TKIP", scan_freq="2412") dev[0].dump_monitor() id = dev[1].connect("tkip-countermeasures", psk="12345678", pairwise="TKIP", group="TKIP", scan_freq="2412") dev[1].dump_monitor() hapd.cmd_execute(["echo", "-n", "ff:ff:ff:ff:ff:ff", ">", testfile], shell=True) ev = dev[0].wait_disconnected( timeout=10, error="No disconnection after two Michael MIC failure") if "reason=14" not in ev: raise Exception("Unexpected disconnection reason: " + ev) ev = dev[1].wait_disconnected( timeout=5, error="No disconnection after two Michael MIC failure") if "reason=14" not in ev: raise Exception("Unexpected disconnection reason: " + ev) ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1) if ev is not None: raise Exception("Unexpected connection during TKIP countermeasures") ev = dev[1].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1) if ev is not None: raise Exception("Unexpected connection during TKIP countermeasures") dev[0].request("REMOVE_NETWORK all") logger.info("Waiting for TKIP countermeasures to end") connected = False start = os.times()[4] while True: now = os.times()[4] if start + 70 < now: break dev[0].connect("tkip-countermeasures", psk="12345678", pairwise="TKIP", group="TKIP", scan_freq="2412", wait_connect=False) ev = dev[0].wait_event( ["CTRL-EVENT-AUTH-REJECT", "CTRL-EVENT-CONNECTED"], timeout=10) if ev is None: raise Exception("No connection result") if "CTRL-EVENT-CONNECTED" in ev: connected = True break if "status_code=14" not in ev: raise Exception( "Unexpected connection failure reason during TKIP countermeasures: " + ev) dev[0].request("REMOVE_NETWORK all") time.sleep(1) dev[0].dump_monitor() dev[1].dump_monitor() if not connected: raise Exception("No connection after TKIP countermeasures terminated") ev = dev[1].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1) if ev is None: dev[1].request("DISCONNECT") dev[1].select_network(id) dev[1].wait_connected()
def test_ap_cipher_tkip(dev, apdev): """WPA2-PSK/TKIP connection""" skip_with_fips(dev[0]) check_cipher(dev[0], apdev[0], "TKIP")
def test_gas_concurrent_connect(dev, apdev): """Generic GAS queries with concurrent connection operation""" skip_with_fips(dev[0]) bssid = apdev[0]['bssid'] params = hs20_ap_params() params['hessid'] = bssid hostapd.add_ap(apdev[0]['ifname'], params) dev[0].scan_for_bss(bssid, freq="2412", force_scan=True) logger.debug("Start concurrent connect and GAS request") dev[0].connect("test-gas", key_mgmt="WPA-EAP", eap="TTLS", identity="DOMAIN\mschapv2 user", anonymous_identity="ttls", password="******", phase2="auth=MSCHAPV2", ca_cert="auth_serv/ca.pem", wait_connect=False, scan_freq="2412") req = dev[0].request("GAS_REQUEST " + bssid + " 00 000102000101") if "FAIL" in req: raise Exception("GAS query request rejected") ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED", "GAS-RESPONSE-INFO"], timeout=20) if ev is None: raise Exception("Operation timed out") if "CTRL-EVENT-CONNECTED" not in ev: raise Exception("Unexpected operation order") ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED", "GAS-RESPONSE-INFO"], timeout=20) if ev is None: raise Exception("Operation timed out") if "GAS-RESPONSE-INFO" not in ev: raise Exception("Unexpected operation order") get_gas_response(dev[0], bssid, ev) dev[0].request("DISCONNECT") dev[0].wait_disconnected(timeout=5) logger.debug("Wait six seconds for expiration of connect-without-scan") time.sleep(6) dev[0].dump_monitor() logger.debug("Start concurrent GAS request and connect") req = dev[0].request("GAS_REQUEST " + bssid + " 00 000102000101") if "FAIL" in req: raise Exception("GAS query request rejected") dev[0].request("RECONNECT") ev = dev[0].wait_event(["GAS-RESPONSE-INFO"], timeout=10) if ev is None: raise Exception("Operation timed out") get_gas_response(dev[0], bssid, ev) ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=20) if ev is None: raise Exception("No new scan results reported") ev = dev[0].wait_connected(timeout=20, error="Operation tiemd out") if "CTRL-EVENT-CONNECTED" not in ev: raise Exception("Unexpected operation order")
def test_ap_cipher_tkip(dev, apdev): """WPA2-PSK/TKIP connection""" skip_with_fips(dev[0]) check_cipher(dev[0], apdev[0], "TKIP")