def test_ap_eapol_version(dev, apdev):
"""hostapd eapol_version configuration"""
passphrase = "asdfghjkl"
params = hostapd.wpa2_params(ssid="test1", passphrase=passphrase)
hapd = hostapd.add_ap(apdev[0], params)
params = hostapd.wpa2_params(ssid="test2", passphrase=passphrase)
params['eapol_version'] = '1'
hapd2 = hostapd.add_ap(apdev[1], params)
hapd.request("SET ext_eapol_frame_io 1")
dev[0].connect("test1", psk=passphrase, scan_freq="2412",
wait_connect=False)
ev1 = hapd.wait_event(["EAPOL-TX"], timeout=15)
if ev1 is None:
raise Exception("Timeout on EAPOL-TX from hostapd")
hapd.request("SET ext_eapol_frame_io 0")
hapd2.request("SET ext_eapol_frame_io 1")
dev[1].connect("test2", psk=passphrase, scan_freq="2412",
wait_connect=False)
ev2 = hapd2.wait_event(["EAPOL-TX"], timeout=15)
if ev2 is None:
raise Exception("Timeout on EAPOL-TX from hostapd")
hapd2.request("SET ext_eapol_frame_io 0")
dev[0].wait_connected()
dev[1].wait_connected()
ver1 = ev1.split(' ')[2][0:2]
ver2 = ev2.split(' ')[2][0:2]
if ver1 != "02":
raise Exception("Unexpected default eapol_version: " + ver1)
if ver2 != "01":
raise Exception("eapol_version did not match configuration: " + ver2)
def test_multi_ap_wps_split_psk(dev, apdev):
"""WPS on split fronthaul and backhaul AP"""
backhaul_ssid = "multi-ap-backhaul-wps"
backhaul_psk = "1234567890abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
params = hostapd.wpa2_params(ssid="multi-ap-fronthaul-wps",
passphrase="12345678")
params.update({"multi_ap": "2",
"multi_ap_backhaul_ssid": '"%s"' % backhaul_ssid,
"multi_ap_backhaul_wpa_psk": backhaul_psk})
params_backhaul = hostapd.wpa2_params(ssid=backhaul_ssid)
params_backhaul.update({"multi_ap": "1", "wpa_psk": backhaul_psk})
hapd_backhaul = hostapd.add_ap(apdev[1], params_backhaul)
run_multi_ap_wps(dev, apdev, params, hapd_backhaul.own_addr())
def test_mbo_cell_capa_update_pmf(dev, apdev):
"""MBO cellular data capability update with PMF required"""
ssid = "test-wnm-mbo"
passphrase = "12345678"
params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
params["ieee80211w"] = "2"
params['mbo'] = '1'
hapd = hostapd.add_ap(apdev[0], params)
bssid = apdev[0]['bssid']
if "OK" not in dev[0].request("SET mbo_cell_capa 1"):
raise Exception("Failed to set STA as cellular data capable")
dev[0].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK-SHA256",
proto="WPA2", ieee80211w="2", scan_freq="2412")
addr = dev[0].own_addr()
sta = hapd.get_sta(addr)
if 'mbo_cell_capa' not in sta or sta['mbo_cell_capa'] != '1':
raise Exception("mbo_cell_capa missing after association")
if "OK" not in dev[0].request("SET mbo_cell_capa 3"):
raise Exception("Failed to set STA as cellular data not-capable")
time.sleep(0.2)
sta = hapd.get_sta(addr)
if 'mbo_cell_capa' not in sta:
raise Exception("mbo_cell_capa missing after update")
if sta['mbo_cell_capa'] != '3':
raise Exception("mbo_cell_capa not updated properly")
def test_ap_wpa2_bridge_fdb(dev, apdev):
"""Bridge FDB entry removal"""
try:
ssid = "test-wpa2-psk"
passphrase = "12345678"
params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
params['bridge'] = 'ap-br0'
hostapd.add_ap(apdev[0]['ifname'], params)
subprocess.call(['sudo', 'brctl', 'setfd', 'ap-br0', '0'])
subprocess.call(['sudo', 'ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
dev[0].connect(ssid, psk=passphrase, scan_freq="2412",
bssid=apdev[0]['bssid'])
dev[1].connect(ssid, psk=passphrase, scan_freq="2412",
bssid=apdev[0]['bssid'])
addr0 = dev[0].p2p_interface_addr()
hwsim_utils.test_connectivity_sta(dev[0], dev[1])
cmd = subprocess.Popen(['brctl', 'showmacs', 'ap-br0'],
stdout=subprocess.PIPE)
macs1 = cmd.stdout.read()
dev[0].request("DISCONNECT")
dev[1].request("DISCONNECT")
time.sleep(1)
cmd = subprocess.Popen(['brctl', 'showmacs', 'ap-br0'],
stdout=subprocess.PIPE)
macs2 = cmd.stdout.read()
addr1 = dev[1].p2p_interface_addr()
if addr0 not in macs1 or addr1 not in macs1:
raise Exception("Bridge FDB entry missing")
if addr0 in macs2 or addr1 in macs2:
raise Exception("Bridge FDB entry was not removed")
finally:
subprocess.call(['sudo', 'ip', 'link', 'set', 'dev', 'ap-br0', 'down'])
subprocess.call(['sudo', 'brctl', 'delbr', 'ap-br0'])
def test_ap_wpa2_tdls_bssid_mismatch(dev, apdev):
"""TDLS failure due to BSSID mismatch"""
try:
ssid = "test-wpa2-psk"
passphrase = "12345678"
params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
params['bridge'] = 'ap-br0'
hapd = hostapd.add_ap(apdev[0], params)
hostapd.add_ap(apdev[1], params)
wlantest_setup(hapd)
subprocess.call(['brctl', 'setfd', 'ap-br0', '0'])
subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
dev[0].connect(ssid, psk=passphrase, scan_freq="2412",
bssid=apdev[0]['bssid'])
dev[1].connect(ssid, psk=passphrase, scan_freq="2412",
bssid=apdev[1]['bssid'])
hwsim_utils.test_connectivity_sta(dev[0], dev[1])
hwsim_utils.test_connectivity_iface(dev[0], hapd, "ap-br0")
hwsim_utils.test_connectivity_iface(dev[1], hapd, "ap-br0")
addr0 = dev[0].p2p_interface_addr()
dev[1].tdls_setup(addr0)
time.sleep(1)
hwsim_utils.test_connectivity_sta(dev[0], dev[1])
finally:
subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'])
subprocess.call(['brctl', 'delbr', 'ap-br0'])
def test_ocv_sa_query(dev, apdev):
"""Test SA Query with OCV"""
ssid = "test-pmf-required"
params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
params["ieee80211w"] = "2"
params["ocv"] = "1"
try:
hapd = hostapd.add_ap(apdev[0], params)
except Exception as e:
if "Failed to set hostapd parameter ocv" in str(e):
raise HwsimSkip("OCV not supported")
raise
Wlantest.setup(hapd)
wt = Wlantest()
wt.flush()
wt.add_passphrase("12345678")
dev[0].connect(ssid, psk="12345678", ieee80211w="1", ocv="1",
key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
scan_freq="2412")
# Test that client can handle SA Query with OCI element
if "OK" not in hapd.request("SA_QUERY " + dev[0].own_addr()):
raise Exception("SA_QUERY failed")
time.sleep(0.1)
if wt.get_sta_counter("valid_saqueryresp_tx", apdev[0]['bssid'],
dev[0].own_addr()) < 1:
raise Exception("STA did not reply to SA Query")
# Test that AP can handle SA Query with OCI element
if "OK" not in dev[0].request("UNPROT_DEAUTH"):
raise Exception("Triggering SA Query from the STA failed")
ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=3)
if ev is not None:
raise Exception("SA Query from the STA failed")
def test_ap_acs_vht160(dev, apdev):
"""Automatic channel selection for VHT160"""
try:
hapd = None
force_prev_ap_on_5g(apdev[0])
params = hostapd.wpa2_params(ssid="test-acs", passphrase="12345678")
params['hw_mode'] = 'a'
params['channel'] = '0'
params['ht_capab'] = '[HT40+]'
params['country_code'] = 'ZA'
params['ieee80211ac'] = '1'
params['vht_oper_chwidth'] = '2'
params["vht_oper_centr_freq_seg0_idx"] = "114"
params['ieee80211d'] = '1'
params['ieee80211h'] = '1'
params['chanlist'] = '100'
params['acs_num_scans'] = '1'
hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
ev = hapd.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=10)
if not ev:
raise Exception("ACS start timed out")
# VHT160 is not currently supported in hostapd ACS, so do not try to
# enforce successful AP start.
if "AP-ENABLED" in ev:
freq = hapd.get_status_field("freq")
if int(freq) < 5000:
raise Exception("Unexpected frequency")
dev[0].connect("test-acs", psk="12345678", scan_freq=freq)
finally:
dev[0].request("DISCONNECT")
if hapd:
hapd.request("DISABLE")
hostapd.cmd_execute(apdev[0], ['iw', 'reg', 'set', '00'])
def test_sae(dev, apdev):
"""SAE with default group"""
if "SAE" not in dev[0].get_capability("auth_alg"):
raise HwsimSkip("SAE not supported")
params = hostapd.wpa2_params(ssid="test-sae",
passphrase="12345678")
params['wpa_key_mgmt'] = 'SAE'
hapd = hostapd.add_ap(apdev[0], params)
key_mgmt = hapd.get_config()['key_mgmt']
if key_mgmt.split(' ')[0] != "SAE":
raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
dev[0].request("SET sae_groups ")
id = dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
scan_freq="2412")
if dev[0].get_status_field('sae_group') != '19':
raise Exception("Expected default SAE group not used")
bss = dev[0].get_bss(apdev[0]['bssid'])
if 'flags' not in bss:
raise Exception("Could not get BSS flags from BSS table")
if "[WPA2-SAE-CCMP]" not in bss['flags']:
raise Exception("Unexpected BSS flags: " + bss['flags'])
res = hapd.request("STA-FIRST")
if "sae_group=19" not in res.splitlines():
raise Exception("hostapd STA output did not specify SAE group")
def test_ap_pmf_optional_2akm(dev, apdev):
"""WPA2-PSK AP with PMF optional (2 AKMs)"""
ssid = "test-pmf-optional-2akm"
wt = Wlantest()
wt.flush()
wt.add_passphrase("12345678")
params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
params["wpa_key_mgmt"] = "WPA-PSK WPA-PSK-SHA256";
params["ieee80211w"] = "1";
hostapd.add_ap(apdev[0]['ifname'], params)
dev[0].connect(ssid, psk="12345678", ieee80211w="1",
key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
scan_freq="2412")
hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname'])
dev[1].connect(ssid, psk="12345678", ieee80211w="2",
key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
scan_freq="2412")
hwsim_utils.test_connectivity(dev[1].ifname, apdev[0]['ifname'])
wt.require_ap_pmf_optional(apdev[0]['bssid'])
wt.require_sta_pmf(apdev[0]['bssid'], dev[0].p2p_interface_addr())
wt.require_sta_key_mgmt(apdev[0]['bssid'], dev[0].p2p_interface_addr(),
"PSK-SHA256")
wt.require_sta_pmf_mandatory(apdev[0]['bssid'], dev[1].p2p_interface_addr())
wt.require_sta_key_mgmt(apdev[0]['bssid'], dev[1].p2p_interface_addr(),
"PSK-SHA256")
def test_hapd_ctrl_status(dev, apdev):
"""hostapd ctrl_iface STATUS commands"""
ssid = "hapd-ctrl"
bssid = apdev[0]['bssid']
params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
hapd = hostapd.add_ap(apdev[0], params)
status = hapd.get_status()
logger.info("STATUS: " + str(status))
driver = hapd.get_driver_status()
logger.info("STATUS-DRIVER: " + str(driver))
if status['bss[0]'] != apdev[0]['ifname']:
raise Exception("Unexpected bss[0]")
if status['ssid[0]'] != ssid:
raise Exception("Unexpected ssid[0]")
if status['bssid[0]'] != bssid:
raise Exception("Unexpected bssid[0]")
if status['freq'] != "2412":
raise Exception("Unexpected freq")
if status['beacon_int'] != "100":
raise Exception("Unexpected beacon_int")
if status['dtim_period'] != "2":
raise Exception("Unexpected dtim_period")
if "max_txpower" not in status:
raise Exception("Missing max_txpower")
if "ht_caps_info" not in status:
raise Exception("Missing ht_caps_info")
if driver['beacon_set'] != "1":
raise Exception("Unexpected beacon_set")
if driver['addr'] != bssid:
raise Exception("Unexpected addr")
def test_rfkill_wpa2_psk(dev, apdev):
"""rfkill block/unblock during WPA2-PSK connection"""
id = get_rfkill_id(dev[0])
if id is None:
return "skip"
ssid = "test-wpa2-psk"
passphrase = 'qwertyuiop'
params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
hapd = hostapd.add_ap(apdev[0]['ifname'], params)
dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
try:
logger.info("rfkill block")
subprocess.call(['sudo', 'rfkill', 'block', id])
ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=10)
if ev is None:
raise Exception("Missing disconnection event on rfkill block")
logger.info("rfkill unblock")
subprocess.call(['sudo', 'rfkill', 'unblock', id])
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=10)
if ev is None:
raise Exception("Missing connection event on rfkill unblock")
hwsim_utils.test_connectivity(dev[0], hapd)
finally:
subprocess.call(['sudo', 'rfkill', 'unblock', id])
def test_ap_pmf_assoc_comeback(dev, apdev):
"""WPA2-PSK AP with PMF association comeback"""
ssid = "assoc-comeback"
wt = Wlantest()
wt.flush()
wt.add_passphrase("12345678")
params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
params["wpa_key_mgmt"] = "WPA-PSK-SHA256";
params["ieee80211w"] = "2";
hapd = hostapd.add_ap(apdev[0]['ifname'], params)
dev[0].connect(ssid, psk="12345678", ieee80211w="1",
key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
scan_freq="2412")
hapd.set("ext_mgmt_frame_handling", "1")
dev[0].request("DISCONNECT")
ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"])
if ev is None:
raise Exception("Timeout on disconnection")
hapd.set("ext_mgmt_frame_handling", "0")
dev[0].request("REASSOCIATE")
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"])
if ev is None:
raise Exception("Timeout on re-connection")
if wt.get_sta_counter("assocresp_comeback", apdev[0]['bssid'],
dev[0].p2p_interface_addr()) < 1:
raise Exception("AP did not use association comeback request")
def test_ap_remove_during_acs(dev, apdev):
"""Remove interface during ACS"""
force_prev_ap_on_24g(apdev[0])
params = hostapd.wpa2_params(ssid="test-acs-remove", passphrase="12345678")
params['channel'] = '0'
hostapd.add_ap(apdev[0], params)
hostapd.remove_bss(apdev[0])
def test_ap_acs_errors(dev, apdev):
"""Automatic channel selection failures"""
clear_scan_cache(apdev[0])
force_prev_ap_on_24g(apdev[0])
params = hostapd.wpa2_params(ssid="test-acs", passphrase="12345678")
params['channel'] = '0'
params['acs_num_scans'] = '2'
params['chanlist'] = '1'
hapd = hostapd.add_ap(apdev[0], params, no_enable=True)
with alloc_fail(hapd, 1, "acs_request_scan"):
if "FAIL" not in hapd.request("ENABLE"):
raise Exception("Unexpected success for ENABLE")
hapd.dump_monitor()
with fail_test(hapd, 1, "acs_request_scan"):
if "FAIL" not in hapd.request("ENABLE"):
raise Exception("Unexpected success for ENABLE")
hapd.dump_monitor()
with fail_test(hapd, 1, "acs_scan_complete"):
hapd.enable()
ev = hapd.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=10)
if not ev:
raise Exception("ACS start timed out")
hapd.dump_monitor()
with fail_test(hapd, 1, "acs_request_scan;acs_scan_complete"):
hapd.enable()
ev = hapd.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=10)
if not ev:
raise Exception("ACS start timed out")
def test_hapd_ctrl_disconnect(dev, apdev):
"""hostapd and disconnection ctrl_iface commands"""
ssid = "hapd-ctrl"
passphrase = "12345678"
params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
hapd = hostapd.add_ap(apdev[0]['ifname'], params)
dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
addr = dev[0].p2p_dev_addr()
if "FAIL" not in hapd.request("DEAUTHENTICATE 00:11:22:33:44"):
raise Exception("Unexpected DEAUTHENTICATE success")
if "OK" not in hapd.request("DEAUTHENTICATE ff:ff:ff:ff:ff:ff"):
raise Exception("Unexpected DEAUTHENTICATE failure")
ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=5)
if ev is None:
raise Exception("Disconnection event timed out")
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"])
if ev is None:
raise Exception("Re-connection timed out")
if "FAIL" not in hapd.request("DISASSOCIATE 00:11:22:33:44"):
raise Exception("Unexpected DISASSOCIATE success")
if "OK" not in hapd.request("DISASSOCIATE ff:ff:ff:ff:ff:ff"):
raise Exception("Unexpected DISASSOCIATE failure")
ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=5)
if ev is None:
raise Exception("Disconnection event timed out")
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"])
if ev is None:
raise Exception("Re-connection timed out")
def test_peerkey_pairwise_mismatch(dev, apdev):
"""RSN TKIP+CCMP AP and PeerKey between two STAs using different ciphers"""
skip_with_fips(dev[0])
ssid = "test-peerkey"
passphrase = "12345678"
params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
params['peerkey'] = "1"
params['rsn_pairwise'] = "TKIP CCMP"
hapd = hostapd.add_ap(apdev[0], params)
Wlantest.setup(hapd)
wt = Wlantest()
wt.flush()
wt.add_passphrase("12345678")
dev[0].connect(ssid, psk=passphrase, scan_freq="2412", peerkey=True,
pairwise="CCMP")
dev[1].connect(ssid, psk=passphrase, scan_freq="2412", peerkey=True,
pairwise="TKIP")
hwsim_utils.test_connectivity_sta(dev[0], dev[1])
dev[0].request("STKSTART " + dev[1].p2p_interface_addr())
time.sleep(0.5)
dev[1].request("STKSTART " + dev[0].p2p_interface_addr())
time.sleep(0.5)
def test_hapd_dup_network_global_wpa2(dev, apdev):
"""hostapd and DUP_NETWORK command (WPA2"""
passphrase="12345678"
src_ssid = "hapd-ctrl-src"
dst_ssid = "hapd-ctrl-dst"
src_params = hostapd.wpa2_params(ssid=src_ssid, passphrase=passphrase)
src_ifname = apdev[0]['ifname']
src_hapd = hostapd.add_ap(apdev[0], src_params)
dst_params = { "ssid": dst_ssid }
dst_ifname = apdev[1]['ifname']
dst_hapd = hostapd.add_ap(apdev[1], dst_params, no_enable=True)
hapd_global = hostapd.HostapdGlobal()
for param in [ "wpa", "wpa_passphrase", "wpa_key_mgmt", "rsn_pairwise" ]:
dup_network(hapd_global, src_ifname, dst_ifname, param)
dst_hapd.enable()
dev[0].connect(dst_ssid, psk=passphrase, proto="RSN", pairwise="CCMP",
scan_freq="2412")
addr = dev[0].own_addr()
if "FAIL" in dst_hapd.request("STA " + addr):
raise Exception("Could not connect using duplicated wpa params")
def test_ap_roam_with_reassoc_auth_timeout(dev, apdev, params):
"""Roam using reassoc between two APs and authentication times out"""
wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
wpas.interface_add("wlan5",
drv_params="force_connect_cmd=1,force_bss_selection=1")
params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678")
hapd0 = hostapd.add_ap(apdev[0], params)
bssid0 = hapd0.own_addr()
id = wpas.connect("test-wpa2-psk", psk="12345678", scan_freq="2412")
hwsim_utils.test_connectivity(wpas, hapd0)
hapd1 = hostapd.add_ap(apdev[1], params)
bssid1 = hapd1.own_addr()
wpas.scan_for_bss(bssid1, freq=2412)
if "OK" not in wpas.request("SET_NETWORK " + str(id) + " bssid " + bssid1):
raise Exception("SET_NETWORK failed")
if "OK" not in wpas.request("SET ignore_auth_resp 1"):
raise Exception("SET ignore_auth_resp failed")
if "OK" not in wpas.request("REASSOCIATE"):
raise Exception("REASSOCIATE failed")
logger.info("Wait ~10s for auth timeout...")
time.sleep(10)
ev = wpas.wait_event(["CTRL-EVENT-SCAN-STARTED"], 12)
if not ev:
raise Exception("CTRL-EVENT-SCAN-STARTED not seen")
b = get_blacklist(wpas)
if bssid0 in b:
raise Exception("Unexpected blacklist contents: " + str(b))
def test_ap_wpa2_in_different_bridge(dev, apdev):
"""hostapd behavior with interface in different bridge"""
ifname = apdev[0]['ifname']
br_ifname = 'ext-ap-br0'
try:
ssid = "test-wpa2-psk"
passphrase = "12345678"
subprocess.call(['brctl', 'addbr', br_ifname])
subprocess.call(['brctl', 'setfd', br_ifname, '0'])
subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'up'])
subprocess.call(['iw', ifname, 'set', 'type', '__ap'])
subprocess.call(['brctl', 'addif', br_ifname, ifname])
time.sleep(0.5)
params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
params['bridge'] = 'ap-br0'
hapd = hostapd.add_ap(ifname, params)
subprocess.call(['brctl', 'setfd', 'ap-br0', '0'])
subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
brname = hapd.get_driver_status_field('brname')
if brname != 'ap-br0':
raise Exception("Incorrect bridge: " + brname)
dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
hwsim_utils.test_connectivity_iface(dev[0], hapd, "ap-br0")
if hapd.get_driver_status_field("added_bridge") != "1":
raise Exception("Unexpected added_bridge value")
if hapd.get_driver_status_field("added_if_into_bridge") != "1":
raise Exception("Unexpected added_if_into_bridge value")
dev[0].request("DISCONNECT")
hapd.disable()
finally:
subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'down'])
subprocess.call(['brctl', 'delif', br_ifname, ifname],
stderr=open('/dev/null', 'w'))
subprocess.call(['brctl', 'delbr', br_ifname])
def test_ap_wpa2_psk_ext(dev, apdev):
"""WPA2-PSK AP using external EAPOL I/O"""
bssid = apdev[0]['bssid']
ssid = "test-wpa2-psk"
passphrase = 'qwertyuiop'
psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
params = hostapd.wpa2_params(ssid=ssid)
params['wpa_psk'] = psk
hapd = hostapd.add_ap(apdev[0]['ifname'], params)
hapd.request("SET ext_eapol_frame_io 1")
dev[0].request("SET ext_eapol_frame_io 1")
dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
addr = dev[0].p2p_interface_addr()
while True:
ev = hapd.wait_event(["EAPOL-TX", "AP-STA-CONNECTED"], timeout=15)
if ev is None:
raise Exception("Timeout on EAPOL-TX from hostapd")
if "AP-STA-CONNECTED" in ev:
dev[0].wait_connected(timeout=15)
break
res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
if "OK" not in res:
raise Exception("EAPOL_RX to wpa_supplicant failed")
ev = dev[0].wait_event(["EAPOL-TX", "CTRL-EVENT-CONNECTED"], timeout=15)
if ev is None:
raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
if "CTRL-EVENT-CONNECTED" in ev:
break
res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
if "OK" not in res:
raise Exception("EAPOL_RX to hostapd failed")
def test_ap_acs_vht(dev, apdev):
"""Automatic channel selection for VHT"""
try:
hapd = None
force_prev_ap_on_5g(apdev[0])
params = hostapd.wpa2_params(ssid="test-acs", passphrase="12345678")
params['hw_mode'] = 'a'
params['channel'] = '0'
params['ht_capab'] = '[HT40+]'
params['country_code'] = 'US'
params['ieee80211ac'] = '1'
params['vht_oper_chwidth'] = '1'
hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
wait_acs(hapd)
freq = hapd.get_status_field("freq")
if int(freq) < 5000:
raise Exception("Unexpected frequency")
sec = hapd.get_status_field("secondary_channel")
if int(sec) == 0:
raise Exception("Secondary channel not set")
dev[0].connect("test-acs", psk="12345678", scan_freq=freq)
finally:
dev[0].request("DISCONNECT")
if hapd:
hapd.request("DISABLE")
subprocess.call(['iw', 'reg', 'set', '00'])
dev[0].flush_scan_cache()
def test_ap_pmf_inject_auth(dev, apdev):
"""WPA2-PSK AP with PMF and Authentication frame injection"""
ssid = "test-pmf"
params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
params["ieee80211w"] = "2"
hapd = hostapd.add_ap(apdev[0], params)
dev[0].connect(ssid, psk="12345678", ieee80211w="2",
key_mgmt="WPA-PSK-SHA256", proto="WPA2",
scan_freq="2412")
hwsim_utils.test_connectivity(dev[0], hapd)
bssid = hapd.own_addr().replace(':', '')
addr = dev[0].own_addr().replace(':', '')
# Inject an unprotected Authentication frame claiming to be from the
# associated STA.
auth = "b0003a01" + bssid + addr + bssid + '1000000001000000'
hapd.request("SET ext_mgmt_frame_handling 1")
res = hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=%s" % auth)
hapd.request("SET ext_mgmt_frame_handling 0")
if "OK" not in res:
raise Exception("MGMT_RX_PROCESS failed")
# Verify that original association is still functional.
hwsim_utils.test_connectivity(dev[0], hapd)
def test_ap_roam_wpa2_psk_failed(dev, apdev, params):
"""Roam failure with WPA2-PSK AP due to wrong passphrase"""
params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678")
hapd0 = hostapd.add_ap(apdev[0], params)
id = dev[0].connect("test-wpa2-psk", psk="12345678", scan_freq="2412")
hwsim_utils.test_connectivity(dev[0], hapd0)
params['wpa_passphrase'] = "22345678"
hapd1 = hostapd.add_ap(apdev[1], params)
bssid = hapd1.own_addr()
dev[0].scan_for_bss(bssid, freq=2412)
dev[0].dump_monitor()
if "OK" not in dev[0].request("ROAM " + bssid):
raise Exception("ROAM failed")
ev = dev[0].wait_event(["CTRL-EVENT-SSID-TEMP-DISABLED",
"CTRL-EVENT-CONNECTED"], 5)
if "CTRL-EVENT-CONNECTED" in ev:
raise Exception("Got unexpected CTRL-EVENT-CONNECTED")
if "CTRL-EVENT-SSID-TEMP-DISABLED" not in ev:
raise Exception("CTRL-EVENT-SSID-TEMP-DISABLED not seen")
if "OK" not in dev[0].request("SELECT_NETWORK id=" + str(id)):
raise Exception("SELECT_NETWORK failed")
ev = dev[0].wait_event(["CTRL-EVENT-SSID-REENABLED"], 3)
if not ev:
raise Exception("CTRL-EVENT-SSID-REENABLED not seen")
dev[0].wait_connected(timeout=5)
hwsim_utils.test_connectivity(dev[0], hapd0)
def test_monitor_iface_unknown_sta(dev, apdev):
"""AP mode monitor interface and Data frame from unknown STA"""
ssid = "monitor-iface-pmf"
passphrase = "12345678"
params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
params["ieee80211w"] = "2"
params['driver_params'] = "use_monitor=1"
hapd = hostapd.add_ap(apdev[0]['ifname'], params)
bssid = apdev[0]['bssid']
addr = dev[0].p2p_interface_addr()
dev[0].connect(ssid, psk=passphrase, ieee80211w="2",
key_mgmt="WPA-PSK-SHA256", proto="WPA2",
scan_freq="2412")
dev[0].request("DROP_SA")
# This protected Deauth will be ignored by the STA
hapd.request("DEAUTHENTICATE " + addr)
# But the unprotected Deauth from TX frame-from-unassoc-STA will now be
# processed
dev[0].request("DATA_TEST_CONFIG 1")
dev[0].request("DATA_TEST_TX " + bssid + " " + addr + " 0")
dev[0].request("DATA_TEST_CONFIG 0")
ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=5)
if ev is None:
raise Exception("No disconnection")
dev[0].request("DISCONNECT")
def test_ext_password_psk_not_found(dev, apdev):
"""External password storage for PSK and PSK not found"""
params = hostapd.wpa2_params(ssid="ext-pw-psk", passphrase="12345678")
hostapd.add_ap(apdev[0]['ifname'], params)
dev[0].request("SET ext_password_backend test:psk1=12345678")
dev[0].connect("ext-pw-psk", raw_psk="ext:psk2", scan_freq="2412",
wait_connect=False)
dev[1].request("SET ext_password_backend test:psk1=1234567")
dev[1].connect("ext-pw-psk", raw_psk="ext:psk1", scan_freq="2412",
wait_connect=False)
dev[2].request("SET ext_password_backend test:psk1=1234567890123456789012345678901234567890123456789012345678901234567890")
dev[2].connect("ext-pw-psk", raw_psk="ext:psk1", scan_freq="2412",
wait_connect=False)
wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
wpas.interface_add("wlan5")
wpas.request("SET ext_password_backend test:psk1=123456789012345678901234567890123456789012345678901234567890123q")
wpas.connect("ext-pw-psk", raw_psk="ext:psk1", scan_freq="2412",
wait_connect=False)
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
if ev is not None:
raise Exception("Unexpected association")
ev = dev[1].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.1)
if ev is not None:
raise Exception("Unexpected association")
ev = dev[2].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.1)
if ev is not None:
raise Exception("Unexpected association")
ev = wpas.wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.1)
if ev is not None:
raise Exception("Unexpected association")
def test_hapd_ctrl_p2p_manager(dev, apdev):
"""hostapd as P2P Device manager"""
ssid = "hapd-p2p-mgr"
passphrase = "12345678"
params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
params['manage_p2p'] = '1'
params['allow_cross_connection'] = '0'
hapd = hostapd.add_ap(apdev[0]['ifname'], params)
dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
addr = dev[0].p2p_dev_addr()
if "OK" not in hapd.request("DEAUTHENTICATE " + addr + " p2p=2"):
raise Exception("DEAUTHENTICATE command failed")
ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=5)
if ev is None:
raise Exception("Disconnection event timed out")
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"])
if ev is None:
raise Exception("Re-connection timed out")
if "OK" not in hapd.request("DISASSOCIATE " + addr + " p2p=2"):
raise Exception("DISASSOCIATE command failed")
ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=5)
if ev is None:
raise Exception("Disconnection event timed out")
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"])
if ev is None:
raise Exception("Re-connection timed out")
def test_ap_pmf_required(dev, apdev):
"""WPA2-PSK AP with PMF required"""
ssid = "test-pmf-required"
wt = Wlantest()
wt.flush()
wt.add_passphrase("12345678")
params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
params["wpa_key_mgmt"] = "WPA-PSK-SHA256";
params["ieee80211w"] = "2";
hapd = hostapd.add_ap(apdev[0]['ifname'], params)
key_mgmt = hapd.get_config()['key_mgmt']
if key_mgmt.split(' ')[0] != "WPA-PSK-SHA256":
raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
dev[0].connect(ssid, psk="12345678", ieee80211w="1",
key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
scan_freq="2412")
hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname'])
dev[1].connect(ssid, psk="12345678", ieee80211w="2",
key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
scan_freq="2412")
hwsim_utils.test_connectivity(dev[1].ifname, apdev[0]['ifname'])
hapd = hostapd.Hostapd(apdev[0]['ifname'])
hapd.request("SA_QUERY " + dev[0].p2p_interface_addr())
hapd.request("SA_QUERY " + dev[1].p2p_interface_addr())
wt.require_ap_pmf_mandatory(apdev[0]['bssid'])
wt.require_sta_pmf(apdev[0]['bssid'], dev[0].p2p_interface_addr())
wt.require_sta_pmf_mandatory(apdev[0]['bssid'], dev[1].p2p_interface_addr())
time.sleep(0.1)
if wt.get_sta_counter("valid_saqueryresp_tx", apdev[0]['bssid'],
dev[0].p2p_interface_addr()) < 1:
raise Exception("STA did not reply to SA Query")
if wt.get_sta_counter("valid_saqueryresp_tx", apdev[0]['bssid'],
dev[1].p2p_interface_addr()) < 1:
raise Exception("STA did not reply to SA Query")
def test_ap_pmf_tkip_reject(dev, apdev):
"""Mixed mode BSS and MFP-enabled AP rejecting TKIP"""
params = hostapd.wpa2_params(ssid="test-pmf", passphrase="12345678")
params['wpa'] = '3'
params["ieee80211w"] = "1"
params["wpa_pairwise"] = "TKIP CCMP"
params["rsn_pairwise"] = "TKIP CCMP"
hostapd.add_ap(apdev[0], params)
dev[0].connect("test-pmf", psk="12345678", pairwise="CCMP", ieee80211w="2",
scan_freq="2412")
dev[0].dump_monitor()
dev[1].connect("test-pmf", psk="12345678", proto="WPA", pairwise="TKIP",
ieee80211w="0", scan_freq="2412")
dev[1].dump_monitor()
dev[2].connect("test-pmf", psk="12345678", pairwise="TKIP",
ieee80211w="2", scan_freq="2412", wait_connect=False)
ev = dev[2].wait_event(["CTRL-EVENT-CONNECTED",
"CTRL-EVENT-ASSOC-REJECT"], timeout=10)
if ev is None:
raise Exception("No connection result reported")
if "CTRL-EVENT-ASSOC-REJECT" not in ev:
raise Exception("MFP + TKIP connection was not rejected")
if "status_code=31" not in ev:
raise Exception("Unexpected status code in rejection: " + ev)
dev[2].request("DISCONNECT")
dev[2].dump_monitor()
def test_ocv_sa_query_csa(dev, apdev):
"""Test SA Query with OCV after channel switch"""
ssid = "test-pmf-required"
params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
params["ieee80211w"] = "2"
params["ocv"] = "1"
try:
hapd = hostapd.add_ap(apdev[0], params)
except Exception as e:
if "Failed to set hostapd parameter ocv" in str(e):
raise HwsimSkip("OCV not supported")
raise
Wlantest.setup(hapd)
wt = Wlantest()
wt.flush()
wt.add_passphrase("12345678")
dev[0].connect(ssid, psk="12345678", ieee80211w="1", ocv="1",
key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
scan_freq="2412")
hapd.request("CHAN_SWITCH 5 2437")
time.sleep(1)
if wt.get_sta_counter("valid_saqueryreq_tx", apdev[0]['bssid'],
dev[0].own_addr()) < 1:
raise Exception("STA did not start SA Query after channel switch")
def hs20_ap_params():
params = hostapd.wpa2_params(ssid="test-gas")
params['wpa_key_mgmt'] = "WPA-EAP"
params['ieee80211w'] = "1"
params['ieee8021x'] = "1"
params['auth_server_addr'] = "127.0.0.1"
params['auth_server_port'] = "1812"
params['auth_server_shared_secret'] = "radius"
params['interworking'] = "1"
params['access_network_type'] = "14"
params['internet'] = "1"
params['asra'] = "0"
params['esr'] = "0"
params['uesa'] = "0"
params['venue_group'] = "7"
params['venue_type'] = "1"
params['venue_name'] = [ "eng:Example venue", "fin:Esimerkkipaikka" ]
params['roaming_consortium'] = [ "112233", "1020304050", "010203040506",
"fedcba" ]
params['domain_name'] = "example.com,another.example.com"
params['nai_realm'] = [ "0,example.com,13[5:6],21[2:4][5:7]",
"0,another.example.com" ]
params['anqp_3gpp_cell_net'] = "244,91"
params['network_auth_type'] = "02http://www.example.com/redirect/me/here/"
params['ipaddr_type_availability'] = "14"
params['hs20'] = "1"
params['hs20_oper_friendly_name'] = [ "eng:Example operator", "fin:Esimerkkioperaattori" ]
params['hs20_wan_metrics'] = "01:8000:1000:80:240:3000"
params['hs20_conn_capab'] = [ "1:0:2", "6:22:1", "17:5060:0" ]
params['hs20_operating_class'] = "5173"
return params
def test_ap_change_ssid_wps(dev, apdev):
"""Dynamic SSID change with hostapd and WPA2-PSK using WPS"""
params = hostapd.wpa2_params(ssid="test-wpa2-psk-start",
passphrase="12345678")
# Use a PSK and not the passphrase, because the PSK will have to be computed
# again if we use a passphrase.
del params["wpa_passphrase"]
params["wpa_psk"] = "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
params.update({"wps_state": "2", "eap_server": "1"})
bssid = apdev[0]['bssid']
hapd = hostapd.add_ap(apdev[0], params)
new_ssid = "test-wpa2-psk-new"
logger.info("Change SSID dynamically (WPS)")
res = hapd.request("SET ssid " + new_ssid)
if "OK" not in res:
raise Exception("SET command failed")
res = hapd.request("RELOAD")
if "OK" not in res:
raise Exception("RELOAD command failed")
# Connect to the new ssid using wps:
hapd.request("WPS_PBC")
if "PBC Status: Active" not in hapd.request("WPS_GET_STATUS"):
raise Exception("PBC status not shown correctly")
dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True)
dev[0].request("WPS_PBC")
dev[0].wait_connected(timeout=20)
status = dev[0].get_status()
if status['wpa_state'] != 'COMPLETED' or status['bssid'] != bssid:
raise Exception("Not fully connected")
if status['ssid'] != new_ssid:
raise Exception("Unexpected SSID %s != %s" % (status['ssid'], new_ssid))
dev[0].request("DISCONNECT")
dev[0].wait_disconnected()
def test_hapd_ctrl_disconnect_no_tx(dev, apdev):
"""hostapd disconnecting STA without transmitting Deauth/Disassoc"""
ssid = "hapd-test"
passphrase = "12345678"
params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
hapd = hostapd.add_ap(apdev[0], params)
bssid = apdev[0]['bssid']
dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
addr0 = dev[0].own_addr()
dev[1].connect(ssid, psk=passphrase, scan_freq="2412")
addr1 = dev[1].own_addr()
# Disconnect the STA without sending out Deauthentication frame
if "OK" not in hapd.request("DEAUTHENTICATE " + addr0 + " tx=0"):
raise Exception("DEAUTHENTICATE command failed")
# Force disconnection due to AP receiving a frame from not-asssociated STA
dev[0].request("DATA_TEST_CONFIG 1")
dev[0].request("DATA_TEST_TX " + bssid + " " + addr0)
ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=5)
dev[0].request("DATA_TEST_CONFIG 0")
if ev is None:
raise Exception("Disconnection event not seen after TX attempt")
if "reason=7" not in ev:
raise Exception("Unexpected disconnection reason: " + ev)
# Disconnect the STA without sending out Disassociation frame
if "OK" not in hapd.request("DISASSOCIATE " + addr1 + " tx=0"):
raise Exception("DISASSOCIATE command failed")
# Force disconnection due to AP receiving a frame from not-asssociated STA
dev[1].request("DATA_TEST_CONFIG 1")
dev[1].request("DATA_TEST_TX " + bssid + " " + addr1)
ev = dev[1].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=5)
dev[1].request("DATA_TEST_CONFIG 0")
if ev is None:
raise Exception("Disconnection event not seen after TX attempt")
if "reason=7" not in ev:
raise Exception("Unexpected disconnection reason: " + ev)
def test_ap_pmf_sa_query_timeout(dev, apdev):
"""SA Query timeout"""
ssid = "test-pmf-required"
params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
params["ieee80211w"] = "2"
hapd = hostapd.add_ap(apdev[0], params)
dev[0].connect(ssid,
psk="12345678",
ieee80211w="2",
key_mgmt="WPA-PSK-SHA256",
proto="WPA2",
scan_freq="2412")
hapd.set("ext_mgmt_frame_handling", "1")
if "OK" not in dev[0].request("UNPROT_DEAUTH"):
raise Exception("Triggering SA Query from the STA failed")
ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=2)
if ev is None:
raise Exception("No disconnection on SA Query timeout seen")
hapd.set("ext_mgmt_frame_handling", "0")
dev[0].wait_connected()
dev[0].dump_monitor()
hapd.set("ext_mgmt_frame_handling", "1")
if "OK" not in dev[0].request("UNPROT_DEAUTH"):
raise Exception("Triggering SA Query from the STA failed")
ev = hapd.mgmt_rx()
hapd.set("ext_mgmt_frame_handling", "0")
dev[0].request("DISCONNECT")
dev[0].wait_disconnected()
dev[0].request("RECONNECT")
dev[0].wait_connected()
hapd.set("ext_mgmt_frame_handling", "1")
ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1.5)
if ev is not None:
raise Exception("Unexpected disconnection after reconnection seen")
def test_ap_acs_exclude_dfs(dev, apdev, params):
"""Automatic channel selection, exclude DFS"""
try:
hapd = None
force_prev_ap_on_5g(apdev[0])
params = hostapd.wpa2_params(ssid="test-acs", passphrase="12345678")
params['hw_mode'] = 'a'
params['channel'] = '0'
params['ht_capab'] = '[HT40+]'
params['country_code'] = 'US'
params['ieee80211d'] = '1'
params['ieee80211h'] = '1'
params['acs_num_scans'] = '1'
params['acs_exclude_dfs'] = '1'
hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
wait_acs(hapd)
state = hapd.get_status_field("state")
if state != "ENABLED":
raise Exception("Unexpected interface state")
freq = int(hapd.get_status_field("freq"))
if freq in [
5260, 5280, 5300, 5320, 5500, 5520, 5540, 5560, 5580, 5600,
5620, 5640, 5660, 5680
]:
raise Exception("Unexpected frequency: %d" % freq)
dev[0].connect("test-acs", psk="12345678", scan_freq=str(freq))
dev[0].wait_regdom(country_ie=True)
finally:
if hapd:
hapd.request("DISABLE")
dev[0].disconnect_and_stop_scan()
hostapd.cmd_execute(apdev[0], ['iw', 'reg', 'set', '00'])
dev[0].wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=0.5)
dev[0].flush_scan_cache()
def run_ap_wpa2_delayed_group_m1_retransmission(dev, apdev):
params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678")
hapd = hostapd.add_ap(apdev[0], params)
Wlantest.setup(hapd)
wt = Wlantest()
wt.flush()
wt.add_passphrase("12345678")
phy = dev[0].get_driver_status_field("phyname")
dev[0].connect("test-wpa2-psk", psk="12345678", scan_freq="2412")
hapd.wait_sta()
for i in range(5):
hwsim_utils.test_connectivity(dev[0], hapd)
time.sleep(0.1)
before = get_rx_spec(phy, gtk=True).splitlines()
addr = dev[0].own_addr()
if "OK" not in hapd.request("RESEND_GROUP_M1 " + addr):
raise Exception("RESEND_GROUP_M1 failed")
time.sleep(0.1)
after = get_rx_spec(phy, gtk=True).splitlines()
if "OK" not in hapd.request("RESET_PN " + addr):
raise Exception("RESET_PN failed")
time.sleep(0.1)
hwsim_utils.test_connectivity(dev[0], hapd, timeout=1,
success_expected=False)
dev[0].request("DISCONNECT")
dev[0].wait_disconnected()
for i in range(len(before)):
b = int(before[i], 16)
a = int(after[i], 16)
if a < b:
raise Exception("RX counter decreased: idx=%d before=%d after=%d" % (i, b, a))
def test_ap_acs_vht160(dev, apdev):
"""Automatic channel selection for VHT160"""
try:
hapd = None
force_prev_ap_on_5g(apdev[0])
params = hostapd.wpa2_params(ssid="test-acs", passphrase="12345678")
params['hw_mode'] = 'a'
params['channel'] = '0'
params['ht_capab'] = '[HT40+]'
params['country_code'] = 'ZA'
params['ieee80211ac'] = '1'
params['vht_oper_chwidth'] = '2'
params['ieee80211d'] = '1'
params['ieee80211h'] = '1'
params['chanlist'] = '100'
params['acs_num_scans'] = '1'
hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
ev = hapd.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=10)
if not ev:
raise Exception("ACS start timed out")
# VHT160 is not currently supported in hostapd ACS, so do not try to
# enforce successful AP start.
if "AP-ENABLED" in ev:
freq = hapd.get_status_field("freq")
if int(freq) < 5000:
raise Exception("Unexpected frequency")
dev[0].connect("test-acs", psk="12345678", scan_freq=freq)
dev[0].wait_regdom(country_ie=True)
finally:
if hapd:
hapd.request("DISABLE")
dev[0].request("DISCONNECT")
dev[0].request("ABORT_SCAN")
dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=0.5)
hostapd.cmd_execute(apdev[0], ['iw', 'reg', 'set', '00'])
dev[0].wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=0.5)
dev[0].flush_scan_cache()
def test_sae_pk_invalid_pw(dev, apdev):
"""SAE-PK with invalid password on AP"""
check_sae_pk_capab(dev[0])
dev[0].set("sae_groups", "")
params = hostapd.wpa2_params(ssid=SAE_PK_SSID)
params['wpa_key_mgmt'] = 'SAE'
params["ieee80211w"] = "2"
params["sae_pk_password_check_skip"] = "1"
invalid_pw = "r6cr+6ksa+56og"
params['sae_password'] = [
'%s|pk=%s:%s' % (invalid_pw, SAE_PK_SEC3_M, SAE_PK_19_PK)
]
hapd = hostapd.add_ap(apdev[0], params)
dev[0].connect(SAE_PK_SSID,
sae_password=invalid_pw,
key_mgmt="SAE",
ieee80211w="2",
scan_freq="2412")
dev[0].request("REMOVE_NETWORK *")
dev[0].wait_disconnected()
dev[0].dump_monitor()
dev[0].connect(SAE_PK_SSID,
sae_password=SAE_PK_SEC3_PW,
key_mgmt="SAE",
ieee80211w="2",
scan_freq="2412",
wait_connect=False)
ev = dev[0].wait_event(
["CTRL-EVENT-CONNECTED", "CTRL-EVENT-SSID-TEMP-DISABLED"], timeout=10)
if ev is None:
raise Exception("No result for the connection attempt")
if "CTRL-EVENT-CONNECTED" in ev:
raise Exception("Unexpected connection with invalid SAE-PK password")
dev[0].request("DISCONNECT")
def test_sigma_dut_sae(dev, apdev):
"""sigma_dut controlled SAE association"""
if "SAE" not in dev[0].get_capability("auth_alg"):
raise HwsimSkip("SAE not supported")
ifname = dev[0].ifname
sigma = start_sigma_dut(ifname)
ssid = "test-sae"
params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
params['wpa_key_mgmt'] = 'SAE'
hapd = hostapd.add_ap(apdev[0], params)
sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname, "test-sae", "12345678"))
sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"))
sigma_dut_wait_connected(ifname)
sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
if dev[0].get_status_field('sae_group') != '19':
raise Exception("Expected default SAE group not used")
sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,ECGroupID,20" % (ifname, "test-sae", "12345678"))
sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"))
sigma_dut_wait_connected(ifname)
sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
if dev[0].get_status_field('sae_group') != '20':
raise Exception("Expected SAE group not used")
sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
stop_sigma_dut(sigma)
def test_ap_acs_5ghz(dev, apdev):
"""Automatic channel selection on 5 GHz"""
try:
params = hostapd.wpa2_params(ssid="test-acs", passphrase="12345678")
params['hw_mode'] = 'a'
params['channel'] = '0'
params['country_code'] = 'US'
hapd = hostapd.add_ap(apdev[0]['ifname'], params, wait_enabled=False)
# TODO: Remove exception acceptance once mac80211_hwsim supports ACS on
# 5 GHz
run = False
try:
wait_acs(hapd)
run = True
except Exception, e:
logger.info("Ignore exception due to missing hwsim support: " +
str(e))
if run:
freq = hapd.get_status_field("freq")
if int(freq) < 5000:
raise Exception("Unexpected frequency")
dev[0].connect("test-acs", psk="12345678", scan_freq=freq)
def test_rfkill_wpa2_psk(dev, apdev):
"""rfkill block/unblock during WPA2-PSK connection"""
rfk = get_rfkill(dev[0])
ssid = "test-wpa2-psk"
passphrase = 'qwertyuiop'
params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
hapd = hostapd.add_ap(apdev[0], params)
dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
hapd.wait_sta()
try:
logger.info("rfkill block")
rfk.block()
dev[0].wait_disconnected(
timeout=10, error="Missing disconnection event on rfkill block")
logger.info("rfkill unblock")
rfk.unblock()
dev[0].wait_connected(
timeout=10, error="Missing connection event on rfkill unblock")
hapd.wait_sta()
hwsim_utils.test_connectivity(dev[0], hapd)
finally:
rfk.unblock()
def test_ap_wpa2_plaintext_group_m1_pmf(dev, apdev):
"""Plaintext group M1 (PMF)"""
params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678")
params["ieee80211w"] = "2"
hapd = hostapd.add_ap(apdev[0], params)
Wlantest.setup(hapd)
wt = Wlantest()
wt.flush()
wt.add_passphrase("12345678")
dev[0].connect("test-wpa2-psk",
psk="12345678",
ieee80211w="2",
scan_freq="2412")
time.sleep(0.1)
addr = dev[0].own_addr()
if "OK" not in hapd.request("RESEND_GROUP_M1 " + addr + " plaintext"):
raise Exception("RESEND_GROUP_M1 failed")
time.sleep(0.2)
if "OK" not in hapd.request("RESEND_GROUP_M1 " + addr):
raise Exception("RESEND_GROUP_M1 failed")
time.sleep(0.1)
def test_ap_pmf_required(dev, apdev):
"""WPA2-PSK AP with PMF required"""
ssid = "test-pmf-required"
params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
params["ieee80211w"] = "2"
hapd = hostapd.add_ap(apdev[0], params)
Wlantest.setup(hapd)
wt = Wlantest()
wt.flush()
wt.add_passphrase("12345678")
key_mgmt = hapd.get_config()['key_mgmt']
if key_mgmt.split(' ')[0] != "WPA-PSK-SHA256":
raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
dev[0].connect(ssid, psk="12345678", ieee80211w="1",
key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
scan_freq="2412")
if "[WPA2-PSK-SHA256-CCMP]" not in dev[0].request("SCAN_RESULTS"):
raise Exception("Scan results missing RSN element info")
hwsim_utils.test_connectivity(dev[0], hapd)
dev[1].connect(ssid, psk="12345678", ieee80211w="2",
key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
scan_freq="2412")
hwsim_utils.test_connectivity(dev[1], hapd)
hapd.request("SA_QUERY " + dev[0].p2p_interface_addr())
hapd.request("SA_QUERY " + dev[1].p2p_interface_addr())
wt.require_ap_pmf_mandatory(apdev[0]['bssid'])
wt.require_sta_pmf(apdev[0]['bssid'], dev[0].p2p_interface_addr())
wt.require_sta_pmf_mandatory(apdev[0]['bssid'], dev[1].p2p_interface_addr())
time.sleep(0.1)
if wt.get_sta_counter("valid_saqueryresp_tx", apdev[0]['bssid'],
dev[0].p2p_interface_addr()) < 1:
raise Exception("STA did not reply to SA Query")
if wt.get_sta_counter("valid_saqueryresp_tx", apdev[0]['bssid'],
dev[1].p2p_interface_addr()) < 1:
raise Exception("STA did not reply to SA Query")
def test_ap_acs_5ghz(dev, apdev):
"""Automatic channel selection on 5 GHz"""
try:
hapd = None
force_prev_ap_on_5g(apdev[0])
params = hostapd.wpa2_params(ssid="test-acs", passphrase="12345678")
params['hw_mode'] = 'a'
params['channel'] = '0'
params['country_code'] = 'US'
hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
wait_acs(hapd)
freq = hapd.get_status_field("freq")
if int(freq) < 5000:
raise Exception("Unexpected frequency")
dev[0].connect("test-acs", psk="12345678", scan_freq=freq)
dev[0].wait_regdom(country_ie=True)
finally:
if hapd:
hapd.request("DISABLE")
dev[0].disconnect_and_stop_scan()
hostapd.cmd_execute(apdev[0], ['iw', 'reg', 'set', '00'])
dev[0].wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=0.5)
dev[0].flush_scan_cache()
def test_ap_wpa2_tdls_bssid_mismatch(dev, apdev):
"""TDLS failure due to BSSID mismatch"""
try:
ssid = "test-wpa2-psk"
passphrase = "12345678"
params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
params['bridge'] = 'ap-br0'
hostapd.add_ap(apdev[0]['ifname'], params)
hostapd.add_ap(apdev[1]['ifname'], params)
wlantest_setup()
subprocess.call(['sudo', 'brctl', 'setfd', 'ap-br0', '0'])
subprocess.call(['sudo', 'ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
dev[0].connect(ssid, psk=passphrase, scan_freq="2412",
bssid=apdev[0]['bssid'])
dev[1].connect(ssid, psk=passphrase, scan_freq="2412",
bssid=apdev[1]['bssid'])
connectivity(dev, "ap-br0")
addr0 = dev[0].p2p_interface_addr()
dev[1].tdls_setup(addr0)
time.sleep(1)
hwsim_utils.test_connectivity_sta(dev[0], dev[1])
finally:
subprocess.call(['sudo', 'ip', 'link', 'set', 'dev', 'ap-br0', 'down'])
subprocess.call(['sudo', 'brctl', 'delbr', 'ap-br0'])
def test_ap_pmf_assoc_comeback2(dev, apdev):
"""WPA2-PSK AP with PMF association comeback (using DROP_SA)"""
ssid = "assoc-comeback"
params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
params["wpa_key_mgmt"] = "WPA-PSK"
params["ieee80211w"] = "1"
hapd = hostapd.add_ap(apdev[0], params)
Wlantest.setup(hapd)
wt = Wlantest()
wt.flush()
wt.add_passphrase("12345678")
dev[0].connect(ssid,
psk="12345678",
ieee80211w="2",
key_mgmt="WPA-PSK",
proto="WPA2",
scan_freq="2412")
if "OK" not in dev[0].request("DROP_SA"):
raise Exception("DROP_SA failed")
dev[0].request("REASSOCIATE")
dev[0].wait_connected(timeout=10, error="Timeout on re-connection")
if wt.get_sta_counter("reassocresp_comeback", apdev[0]['bssid'],
dev[0].p2p_interface_addr()) < 1:
raise Exception("AP did not use reassociation comeback request")
def test_ap_pmf_sta_sa_query_no_response_hostapd(dev, apdev):
"""WPA2-PSK AP with station using SA Query and getting no response (hostapd)"""
ssid = "assoc-comeback"
passphrase = "12345678"
addr = dev[0].own_addr()
params = hostapd.wpa2_params(ssid=ssid,
passphrase=passphrase,
wpa_key_mgmt="WPA-PSK-SHA256",
ieee80211w="2")
hapd = hostapd.add_ap(apdev[0], params)
bssid = hapd.own_addr()
Wlantest.setup(hapd)
wt = Wlantest()
wt.flush()
wt.add_passphrase("12345678")
dev[0].connect(ssid,
psk=passphrase,
ieee80211w="2",
key_mgmt="WPA-PSK-SHA256",
proto="WPA2",
scan_freq="2412")
hapd.wait_sta()
hapd.set("ext_mgmt_frame_handling", "1")
if "OK" not in hapd.request("DEAUTHENTICATE " + addr + " reason=6 test=0") or \
"OK" not in hapd.request("DISASSOCIATE " + addr + " reason=7 test=0"):
raise Exception("Failed to send unprotected disconnection messages")
dev[0].wait_disconnected()
hapd.set("ext_mgmt_frame_handling", "0")
if wt.get_sta_counter("valid_saqueryreq_tx", bssid, addr) < 1:
raise Exception("STA did not send SA Query")
if wt.get_sta_counter("valid_saqueryresp_rx", bssid, addr) > 0:
raise Exception("AP replied to SA Query")
dev[0].wait_connected()
def run_ap_pmf_valid(dev, apdev, disassociate, broadcast):
ssid = "pmf"
params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
params["ieee80211w"] = "2"
hapd = hostapd.add_ap(apdev[0], params)
bssid = hapd.own_addr()
Wlantest.setup(hapd)
wt = Wlantest()
wt.flush()
wt.add_passphrase("12345678")
dev[0].connect(ssid,
psk="12345678",
ieee80211w="2",
key_mgmt="WPA-PSK-SHA256",
proto="WPA2",
scan_freq="2412")
addr0 = dev[0].own_addr()
dev[0].dump_monitor()
hapd.wait_sta()
cmd = "DISASSOCIATE " if disassociate else "DEAUTHENTICATE "
cmd += "ff:ff:ff:ff:ff:ff" if broadcast else addr0
cmd += " test=1"
if "OK" not in hapd.request(cmd):
raise Exception("hostapd command failed")
sta = hapd.get_sta(addr0)
if not sta:
raise Exception("STA entry lost")
ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=5)
if ev is None:
raise Exception("Disconnection not reported")
if "locally_generated=1" in ev:
raise Exception("Unexpected locally generated disconnection")
# Wait for SA Query procedure to fail and association comeback to succeed
dev[0].wait_connected()
def test_ap_pmf_ap_dropping_sa(dev, apdev):
"""WPA2-PSK PMF AP dropping SA"""
ssid = "pmf"
params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
params["ieee80211w"] = "2"
hapd = hostapd.add_ap(apdev[0], params)
bssid = hapd.own_addr()
Wlantest.setup(hapd)
wt = Wlantest()
wt.flush()
wt.add_passphrase("12345678")
dev[0].connect(ssid,
psk="12345678",
ieee80211w="2",
key_mgmt="WPA-PSK-SHA256",
proto="WPA2",
scan_freq="2412")
addr0 = dev[0].own_addr()
dev[0].dump_monitor()
hapd.wait_sta()
# Drop SA and association at the AP locally without notifying the STA. This
# results in the STA getting unprotected Deauthentication frames when trying
# to transmit the next Class 3 frame.
if "OK" not in hapd.request("DEAUTHENTICATE " + addr0 + " tx=0"):
raise Exception("DEAUTHENTICATE command failed")
ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
if ev is not None:
raise Exception(
"Unexpected disconnection event after DEAUTHENTICATE tx=0: " + ev)
dev[0].request("DATA_TEST_CONFIG 1")
dev[0].request("DATA_TEST_TX " + bssid + " " + addr0)
ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=5)
dev[0].request("DATA_TEST_CONFIG 0")
if ev is None or "locally_generated=1" not in ev:
raise Exception("Locally generated disconnection not reported")
def test_multi_ap_wps_fail_non_multi_ap(dev, apdev):
"""Multi-AP WPS on non-WPS AP fails"""
params = hostapd.wpa2_params(ssid="non-multi-ap-wps",
passphrase="12345678")
params.update({"wps_state": "2", "eap_server": "1"})
hapd = hostapd.add_ap(apdev[0], params)
hapd.request("WPS_PBC")
if "PBC Status: Active" not in hapd.request("WPS_GET_STATUS"):
raise Exception("PBC status not shown correctly")
dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
dev[0].request("WPS_PBC %s multi_ap=1" % apdev[0]['bssid'])
# Since we will fail to associate and WPS doesn't even get started, there
# isn't much we can do except wait for timeout. For PBC, it is not possible
# to change the timeout from 2 minutes. Instead of waiting for the timeout,
# just check that WPS doesn't finish within reasonable time.
for i in range(2):
ev = dev[0].wait_event(
["WPS-SUCCESS", "WPS-FAIL", "CTRL-EVENT-DISCONNECTED"], timeout=10)
if ev and "WPS-" in ev:
raise Exception("WPS operation completed: " + ev)
dev[0].request("WPS_CANCEL")
def test_pasn_comeback_multi(dev, apdev):
"""PASN authentication with SAE, with multiple stations with comeback"""
check_pasn_capab(dev[0])
check_sae_capab(dev[0])
params = hostapd.wpa2_params(ssid="test-pasn-sae",
passphrase="12345678")
params['wpa_key_mgmt'] = 'SAE PASN'
params['anti_clogging_threshold'] = '1'
params['pasn_comeback_after'] = '0'
hapd = start_pasn_ap(apdev[0], params)
bssid = hapd.own_addr()
id = {}
for i in range(0, 2):
dev[i].flush_scan_cache()
dev[i].scan(type="ONLY", freq=2412)
id[i] = dev[i].connect("test-pasn-sae", psk="12345678", key_mgmt="SAE",
scan_freq="2412", only_add_network=True)
for i in range(0, 2):
cmd = "PASN_START bssid=%s akmp=PASN cipher=CCMP group=19, nid=%s" % (bssid, id[i])
resp = dev[i].request(cmd)
if "OK" not in resp:
raise Exception("Failed to start pasn authentication")
for i in range(0, 2):
ev = dev[i].wait_event(["PASN-AUTH-STATUS"], 3)
if not ev:
raise Exception("PASN: PASN-AUTH-STATUS not seen")
if bssid + " akmp=PASN, status=0" not in ev:
raise Exception("PASN: unexpected status")
check_pasn_ptk(dev[i], hapd, "CCMP")
def test_ap_country(dev, apdev):
"""WPA2-PSK AP setting country code and using 5 GHz band"""
try:
hapd = None
bssid = apdev[0]['bssid']
ssid = "test-wpa2-psk"
passphrase = 'qwertyuiop'
params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
params['country_code'] = 'FI'
params['ieee80211d'] = '1'
params['hw_mode'] = 'a'
params['channel'] = '36'
hapd = hostapd.add_ap(apdev[0], params)
dev[0].connect(ssid, psk=passphrase, scan_freq="5180")
hwsim_utils.test_connectivity(dev[0], hapd)
finally:
if hapd:
hapd.request("DISABLE")
dev[0].request("DISCONNECT")
dev[0].request("ABORT_SCAN")
dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=0.5)
hostapd.cmd_execute(apdev[0], ['iw', 'reg', 'set', '00'])
dev[0].wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=0.5)
dev[0].flush_scan_cache()
def test_ap_acs_5ghz_40mhz(dev, apdev):
"""Automatic channel selection on 5 GHz for 40 MHz channel"""
try:
hapd = None
force_prev_ap_on_5g(apdev[0])
params = hostapd.wpa2_params(ssid="test-acs", passphrase="12345678")
params['hw_mode'] = 'a'
params['channel'] = '0'
params['ht_capab'] = '[HT40+]'
params['country_code'] = 'US'
hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
wait_acs(hapd)
freq = hapd.get_status_field("freq")
if int(freq) < 5000:
raise Exception("Unexpected frequency")
sec = hapd.get_status_field("secondary_channel")
if int(sec) == 0:
raise Exception("Secondary channel not set")
dev[0].connect("test-acs", psk="12345678", scan_freq=freq)
dev[0].wait_regdom(country_ie=True)
finally:
clear_regdom(hapd, dev)
def test_ap_pmf_negative(dev, apdev):
"""WPA2-PSK AP without PMF (negative test)"""
ssid = "test-pmf-negative"
wt = Wlantest()
wt.flush()
wt.add_passphrase("12345678")
params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
hostapd.add_ap(apdev[0]['ifname'], params)
dev[0].connect(ssid,
psk="12345678",
ieee80211w="1",
key_mgmt="WPA-PSK WPA-PSK-SHA256",
proto="WPA2")
hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname'])
try:
dev[1].connect(ssid,
psk="12345678",
ieee80211w="2",
key_mgmt="WPA-PSK WPA-PSK-SHA256",
proto="WPA2")
hwsim_utils.test_connectivity(dev[1].ifname, apdev[0]['ifname'])
raise Exception("PMF required STA connected to no PMF AP")
except Exception, e:
logger.debug("Ignore expected exception: " + str(e))
def test_ap_pmf_required_sta_no_pmf(dev, apdev):
"""WPA2-PSK AP with PMF required and PMF disabled on STA"""
ssid = "test-pmf-required"
params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
params["ieee80211w"] = "2"
hapd = hostapd.add_ap(apdev[0], params)
# Disable PMF on the station and try to connect
dev[0].connect(ssid,
psk="12345678",
ieee80211w="0",
key_mgmt="WPA-PSK WPA-PSK-SHA256",
proto="WPA2",
scan_freq="2412",
wait_connect=False)
ev = dev[0].wait_event(
["CTRL-EVENT-NETWORK-NOT-FOUND", "CTRL-EVENT-ASSOC-REJECT"], timeout=2)
if ev is None:
raise Exception("No connection result")
if "CTRL-EVENT-ASSOC-REJECT" in ev:
raise Exception(
"Tried to connect to PMF required AP without PMF enabled")
dev[0].request("REMOVE_NETWORK all")
def test_ap_pmf_required(dev, apdev):
"""WPA2-PSK AP with PMF required"""
ssid = "test-pmf-required"
wt = Wlantest()
wt.flush()
wt.add_passphrase("12345678")
params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
params["ieee80211w"] = "2"
hostapd.add_ap(apdev[0]['ifname'], params)
dev[0].connect(ssid,
psk="12345678",
ieee80211w="1",
key_mgmt="WPA-PSK WPA-PSK-SHA256",
proto="WPA2")
hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname'])
dev[1].connect(ssid,
psk="12345678",
ieee80211w="2",
key_mgmt="WPA-PSK WPA-PSK-SHA256",
proto="WPA2")
hwsim_utils.test_connectivity(dev[1].ifname, apdev[0]['ifname'])
hapd = hostapd.Hostapd(apdev[0]['ifname'])
hapd.request("SA_QUERY " + dev[0].p2p_interface_addr())
hapd.request("SA_QUERY " + dev[1].p2p_interface_addr())
wt.require_ap_pmf_mandatory(apdev[0]['bssid'])
wt.require_sta_pmf(apdev[0]['bssid'], dev[0].p2p_interface_addr())
wt.require_sta_pmf_mandatory(apdev[0]['bssid'],
dev[1].p2p_interface_addr())
time.sleep(0.1)
if wt.get_sta_counter("valid_saqueryresp_tx", apdev[0]['bssid'],
dev[0].p2p_interface_addr()) < 1:
raise Exception("STA did not reply to SA Query")
if wt.get_sta_counter("valid_saqueryresp_tx", apdev[0]['bssid'],
dev[1].p2p_interface_addr()) < 1:
raise Exception("STA did not reply to SA Query")
def test_bgscan_simple_beacon_loss(dev, apdev):
"""bgscan_simple and beacon loss"""
params = hostapd.wpa2_params(ssid="bgscan", passphrase="12345678")
params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
params["ieee80211w"] = "2"
hapd = hostapd.add_ap(apdev[0], params)
dev[0].set("disable_sa_query", "1")
dev[0].connect("bgscan",
ieee80211w="2",
key_mgmt="WPA-PSK-SHA256",
psk="12345678",
scan_freq="2412",
bgscan="simple:100:-20:200")
hapd.set("ext_mgmt_frame_handling", "1")
if "OK" not in hapd.request("STOP_AP"):
raise Exception("Failed to stop AP")
hapd.disable()
hapd.set("ssid", "foo")
hapd.set("beacon_int", "10000")
hapd.enable()
ev = dev[0].wait_event(["CTRL-EVENT-BEACON-LOSS"], timeout=10)
if ev is None:
raise Exception("Beacon loss not reported")
def test_hapd_ctrl_disconnect(dev, apdev):
"""hostapd and disconnection ctrl_iface commands"""
ssid = "hapd-ctrl"
passphrase = "12345678"
params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
hapd = hostapd.add_ap(apdev[0], params)
dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
addr = dev[0].p2p_dev_addr()
if "FAIL" not in hapd.request("DEAUTHENTICATE 00:11:22:33:44"):
raise Exception("Unexpected DEAUTHENTICATE success")
if "OK" not in hapd.request("DEAUTHENTICATE ff:ff:ff:ff:ff:ff"):
raise Exception("Unexpected DEAUTHENTICATE failure")
dev[0].wait_disconnected(timeout=5)
dev[0].wait_connected(timeout=10, error="Re-connection timed out")
if "FAIL" not in hapd.request("DISASSOCIATE 00:11:22:33:44"):
raise Exception("Unexpected DISASSOCIATE success")
if "OK" not in hapd.request("DISASSOCIATE ff:ff:ff:ff:ff:ff"):
raise Exception("Unexpected DISASSOCIATE failure")
dev[0].wait_disconnected(timeout=5)
dev[0].wait_connected(timeout=10, error="Re-connection timed out")
def test_ap_vlan_without_station(dev, apdev, p):
"""AP VLAN with WPA2-PSK and no station"""
try:
subprocess.call(['brctl', 'addbr', 'brvlan1'])
subprocess.call(['brctl', 'setfd', 'brvlan1', '0'])
subprocess.call(['ifconfig', 'brvlan1', 'up'])
# use a passphrase wlantest does not know, so it cannot
# inject decrypted frames into pcap
params = hostapd.wpa2_params(ssid="test-vlan",
passphrase="12345678x")
params['dynamic_vlan'] = "1"
params['vlan_file'] = 'hostapd.wlan3.vlan'
params['accept_mac_file'] = "hostapd.accept"
hapd = hostapd.add_ap(apdev[0], params)
# inject some traffic
sa = hapd.own_addr()
da = "ff:ff:ff:ff:ff:00"
hapd.request('DATA_TEST_CONFIG 1 ifname=brvlan1')
hapd.request('DATA_TEST_TX {} {} 0'.format(da, sa))
hapd.request('DATA_TEST_CONFIG 0')
time.sleep(.1)
dev[0].connect("test-vlan", psk="12345678x", scan_freq="2412")
# inject some traffic
sa = hapd.own_addr()
da = "ff:ff:ff:ff:ff:01"
hapd.request('DATA_TEST_CONFIG 1 ifname=brvlan1')
hapd.request('DATA_TEST_TX {} {} 0'.format(da, sa))
hapd.request('DATA_TEST_CONFIG 0')
# let the AP send couple of Beacon frames
time.sleep(1)
out = run_tshark(os.path.join(p['logdir'], "hwsim0.pcapng"),
"wlan.da == ff:ff:ff:ff:ff:00",
["wlan.fc.protected"])
if out is not None:
lines = out.splitlines()
if len(lines) < 1:
raise Exception("first frame not observed")
state = 1
for l in lines:
is_protected = int(l, 16)
if is_protected != 1:
state = 0
if state != 1:
raise Exception("Broadcast packets were not encrypted when no station was connected")
else:
raise Exception("first frame not observed")
out = run_tshark(os.path.join(p['logdir'], "hwsim0.pcapng"),
"wlan.da == ff:ff:ff:ff:ff:01",
["wlan.fc.protected"])
if out is not None:
lines = out.splitlines()
if len(lines) < 1:
raise Exception("second frame not observed")
state = 1
for l in lines:
is_protected = int(l, 16)
if is_protected != 1:
state = 0
if state != 1:
raise Exception("Broadcast packets were not encrypted when station was connected")
else:
raise Exception("second frame not observed")
dev[0].request("DISCONNECT")
dev[0].wait_disconnected()
finally:
subprocess.call(['ip', 'link', 'set', 'dev', 'brvlan1', 'down'])
subprocess.call(['ip', 'link', 'set', 'dev', 'wlan3.1', 'down'],
stderr=open('/dev/null', 'w'))
subprocess.call(['brctl', 'delif', 'brvlan1', 'wlan3.1'],
stderr=open('/dev/null', 'w'))
subprocess.call(['brctl', 'delbr', 'brvlan1'])
def test_sae_invalid_anti_clogging_token_req(dev, apdev):
"""SAE and invalid anti-clogging token request"""
if "SAE" not in dev[0].get_capability("auth_alg"):
raise HwsimSkip("SAE not supported")
params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678")
params['wpa_key_mgmt'] = 'SAE'
hapd = hostapd.add_ap(apdev[0], params)
bssid = apdev[0]['bssid']
dev[0].request("SET sae_groups 19")
dev[0].scan_for_bss(bssid, freq=2412)
hapd.set("ext_mgmt_frame_handling", "1")
dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
scan_freq="2412", wait_connect=False)
ev = dev[0].wait_event(["SME: Trying to authenticate"])
if ev is None:
raise Exception("No authentication attempt seen")
dev[0].dump_monitor()
for i in range(0, 10):
req = hapd.mgmt_rx()
if req is None:
raise Exception("MGMT RX wait timed out (commit)")
if req['subtype'] == 11:
break
req = None
if not req:
raise Exception("Authentication frame (commit) not received")
hapd.dump_monitor()
resp = {}
resp['fc'] = req['fc']
resp['da'] = req['sa']
resp['sa'] = req['da']
resp['bssid'] = req['bssid']
resp['payload'] = binascii.unhexlify("030001004c0013")
hapd.mgmt_tx(resp)
ev = dev[0].wait_event(["SME: Trying to authenticate"])
if ev is None:
raise Exception("No authentication attempt seen")
dev[0].dump_monitor()
for i in range(0, 10):
req = hapd.mgmt_rx()
if req is None:
raise Exception("MGMT RX wait timed out (commit) (2)")
if req['subtype'] == 11:
break
req = None
if not req:
raise Exception("Authentication frame (commit) not received (2)")
hapd.dump_monitor()
resp = {}
resp['fc'] = req['fc']
resp['da'] = req['sa']
resp['sa'] = req['da']
resp['bssid'] = req['bssid']
resp['payload'] = binascii.unhexlify("030001000100")
hapd.mgmt_tx(resp)
ev = dev[0].wait_event(["SME: Trying to authenticate"])
if ev is None:
raise Exception("No authentication attempt seen")
dev[0].dump_monitor()
dev[0].request("DISCONNECT")
def test_sae_bignum_failure(dev, apdev):
"""SAE and bignum failure"""
if "SAE" not in dev[0].get_capability("auth_alg"):
raise HwsimSkip("SAE not supported")
params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678")
params['wpa_key_mgmt'] = 'SAE'
params['sae_groups'] = '19 5 22'
hapd = hostapd.add_ap(apdev[0], params)
dev[0].request("SET sae_groups 19")
tests = [ (1, "crypto_bignum_init_set;get_rand_1_to_p_1"),
(1, "crypto_bignum_init;is_quadratic_residue_blind"),
(1, "crypto_bignum_mulmod;is_quadratic_residue_blind"),
(2, "crypto_bignum_mulmod;is_quadratic_residue_blind"),
(3, "crypto_bignum_mulmod;is_quadratic_residue_blind"),
(1, "crypto_bignum_legendre;is_quadratic_residue_blind"),
(1, "crypto_bignum_init_set;sae_test_pwd_seed_ecc"),
(1, "crypto_ec_point_compute_y_sqr;sae_test_pwd_seed_ecc"),
(1, "crypto_bignum_init_set;get_random_qr_qnr"),
(1, "crypto_bignum_to_bin;sae_derive_pwe_ecc"),
(1, "crypto_ec_point_init;sae_derive_pwe_ecc"),
(1, "crypto_ec_point_solve_y_coord;sae_derive_pwe_ecc"),
(1, "crypto_ec_point_init;sae_derive_commit_element_ecc"),
(1, "crypto_ec_point_mul;sae_derive_commit_element_ecc"),
(1, "crypto_ec_point_invert;sae_derive_commit_element_ecc"),
(1, "crypto_bignum_init;=sae_derive_commit"),
(1, "crypto_ec_point_init;sae_derive_k_ecc"),
(1, "crypto_ec_point_mul;sae_derive_k_ecc"),
(1, "crypto_ec_point_add;sae_derive_k_ecc"),
(2, "crypto_ec_point_mul;sae_derive_k_ecc"),
(1, "crypto_ec_point_to_bin;sae_derive_k_ecc"),
(1, "crypto_bignum_legendre;get_random_qr_qnr"),
(1, "sha256_prf;sae_derive_keys"),
(1, "crypto_bignum_init;sae_derive_keys"),
(1, "crypto_bignum_init_set;sae_parse_commit_scalar"),
(1, "crypto_bignum_to_bin;sae_parse_commit_element_ecc"),
(1, "crypto_ec_point_from_bin;sae_parse_commit_element_ecc") ]
for count, func in tests:
with fail_test(dev[0], count, func):
dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
scan_freq="2412", wait_connect=False)
wait_fail_trigger(dev[0], "GET_FAIL")
dev[0].request("REMOVE_NETWORK all")
dev[0].request("SET sae_groups 5")
tests = [ (1, "crypto_bignum_init_set;sae_set_group"),
(2, "crypto_bignum_init_set;sae_set_group"),
(1, "crypto_bignum_init_set;sae_get_rand"),
(1, "crypto_bignum_init_set;sae_test_pwd_seed_ffc"),
(1, "crypto_bignum_exptmod;sae_test_pwd_seed_ffc"),
(1, "crypto_bignum_init;sae_derive_pwe_ffc"),
(1, "crypto_bignum_init;sae_derive_commit_element_ffc"),
(1, "crypto_bignum_exptmod;sae_derive_commit_element_ffc"),
(1, "crypto_bignum_inverse;sae_derive_commit_element_ffc"),
(1, "crypto_bignum_init;sae_derive_k_ffc"),
(1, "crypto_bignum_exptmod;sae_derive_k_ffc"),
(1, "crypto_bignum_mulmod;sae_derive_k_ffc"),
(2, "crypto_bignum_exptmod;sae_derive_k_ffc"),
(1, "crypto_bignum_to_bin;sae_derive_k_ffc"),
(1, "crypto_bignum_init_set;sae_parse_commit_element_ffc"),
(1, "crypto_bignum_init;sae_parse_commit_element_ffc"),
(2, "crypto_bignum_init_set;sae_parse_commit_element_ffc"),
(1, "crypto_bignum_exptmod;sae_parse_commit_element_ffc") ]
for count, func in tests:
with fail_test(dev[0], count, func):
dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
scan_freq="2412", wait_connect=False)
wait_fail_trigger(dev[0], "GET_FAIL")
dev[0].request("REMOVE_NETWORK all")
dev[0].request("SET sae_groups 22")
tests = [ (1, "crypto_bignum_init_set;sae_test_pwd_seed_ffc"),
(1, "crypto_bignum_sub;sae_test_pwd_seed_ffc"),
(1, "crypto_bignum_div;sae_test_pwd_seed_ffc") ]
for count, func in tests:
with fail_test(dev[0], count, func):
dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
scan_freq="2412", wait_connect=False)
wait_fail_trigger(dev[0], "GET_FAIL")
dev[0].request("REMOVE_NETWORK all")