def test_ap_acs_errors(dev, apdev): """Automatic channel selection failures""" clear_scan_cache(apdev[0]) force_prev_ap_on_24g(apdev[0]) params = hostapd.wpa2_params(ssid="test-acs", passphrase="12345678") params['channel'] = '0' params['acs_num_scans'] = '2' params['chanlist'] = '1' hapd = hostapd.add_ap(apdev[0], params, no_enable=True) with alloc_fail(hapd, 1, "acs_request_scan"): if "FAIL" not in hapd.request("ENABLE"): raise Exception("Unexpected success for ENABLE") hapd.dump_monitor() with fail_test(hapd, 1, "acs_request_scan"): if "FAIL" not in hapd.request("ENABLE"): raise Exception("Unexpected success for ENABLE") hapd.dump_monitor() with fail_test(hapd, 1, "acs_scan_complete"): hapd.enable() ev = hapd.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=10) if not ev: raise Exception("ACS start timed out") hapd.dump_monitor() with fail_test(hapd, 1, "acs_request_scan;acs_scan_complete"): hapd.enable() ev = hapd.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=10) if not ev: raise Exception("ACS start timed out")
def test_ap_ft_oom(dev, apdev): """WPA2-PSK-FT and OOM""" skip_with_fips(dev[0]) ssid = "test-ft" passphrase="12345678" params = ft_params1(ssid=ssid, passphrase=passphrase) hapd0 = hostapd.add_ap(apdev[0], params) params = ft_params2(ssid=ssid, passphrase=passphrase) hapd1 = hostapd.add_ap(apdev[1], params) dev[0].connect(ssid, psk=passphrase, key_mgmt="FT-PSK", proto="WPA2", scan_freq="2412") if dev[0].get_status_field('bssid') == apdev[0]['bssid']: dst = apdev[1]['bssid'] else: dst = apdev[0]['bssid'] dev[0].scan_for_bss(dst, freq="2412") with alloc_fail(dev[0], 1, "wpa_ft_gen_req_ies"): dev[0].roam(dst) with fail_test(dev[0], 1, "wpa_ft_mic"): dev[0].roam(dst, fail_test=True) with fail_test(dev[0], 1, "os_get_random;wpa_ft_prepare_auth_request"): dev[0].roam(dst, fail_test=True)
def test_nfc_wps_password_token_ap(dev, apdev): """WPS registrar configuring an AP using AP password token""" ssid = "test-wps-nfc-pw-token-init" hapd = hostapd.add_ap(apdev[0], { "ssid": ssid, "eap_server": "1", "wps_state": "1" }) logger.info("WPS configuration step") pw = hapd.request("WPS_NFC_TOKEN NDEF").rstrip() if "FAIL" in pw: raise Exception("Failed to generate password token") res = hapd.request("WPS_NFC_TOKEN enable") if "FAIL" in pw: raise Exception("Failed to enable AP password token") res = dev[0].request("WPS_NFC_TAG_READ " + pw) if "FAIL" in res: raise Exception("Failed to provide NFC tag contents to wpa_supplicant") dev[0].dump_monitor() new_ssid = "test-wps-nfc-pw-token-new-ssid" new_passphrase = "1234567890" res = dev[0].request("WPS_REG " + apdev[0]['bssid'] + " nfc-pw " + new_ssid.encode("hex") + " WPA2PSK CCMP " + new_passphrase.encode("hex")) if "FAIL" in res: raise Exception("Failed to start Registrar using NFC password token") dev[0].wait_connected(timeout=30) check_wpa2_connection(dev[0], apdev[0], hapd, new_ssid, mixed=True) if "FAIL" in hapd.request("WPS_NFC_TOKEN disable"): raise Exception("Failed to disable AP password token") if "FAIL" in hapd.request("WPS_NFC_TOKEN WPS"): raise Exception("Unexpected WPS_NFC_TOKEN WPS failure") with fail_test(hapd, 1, "os_get_random;wps_nfc_token_gen"): if "FAIL" not in hapd.request("WPS_NFC_TOKEN WPS"): raise Exception("Unexpected WPS_NFC_TOKEN success") with fail_test(hapd, 2, "os_get_random;wps_nfc_token_gen"): if "FAIL" not in hapd.request("WPS_NFC_TOKEN WPS"): raise Exception("Unexpected WPS_NFC_TOKEN success")
def test_ap_open_drv_fail(dev, apdev): """AP with open mode and driver operations failing""" hapd = hostapd.add_ap(apdev[0], { "ssid": "open" }) with fail_test(dev[0], 1, "wpa_driver_nl80211_authenticate"): dev[0].connect("open", key_mgmt="NONE", scan_freq="2412", wait_connect=False) wait_fail_trigger(dev[0], "GET_FAIL") dev[0].request("REMOVE_NETWORK all") with fail_test(dev[0], 1, "wpa_driver_nl80211_associate"): dev[0].connect("open", key_mgmt="NONE", scan_freq="2412", wait_connect=False) wait_fail_trigger(dev[0], "GET_FAIL") dev[0].request("REMOVE_NETWORK all")
def test_ap_bss_load_fail(dev, apdev): """BSS Load update failing to get survey data""" hapd = hostapd.add_ap(apdev[0], { "ssid": "open", "bss_load_update_period": "1" }) with fail_test(hapd, 1, "wpa_driver_nl80211_get_survey"): wait_fail_trigger(hapd, "GET_FAIL")
def test_ap_qosmap_invalid(dev, apdev): """QoS mapping ctrl_iface error handling""" ssid = "test-qosmap" params = { "ssid": ssid } hapd = hostapd.add_ap(apdev[0], params) if "FAIL" not in hapd.request("SEND_QOS_MAP_CONF 00:11:22:33:44:55"): raise Exception("Unexpected SEND_QOS_MAP_CONF success") if "FAIL" not in hapd.request("SET_QOS_MAP_SET "): raise Exception("Unexpected SET_QOS_MAP_SET success") if "FAIL" not in hapd.request("SET_QOS_MAP_SET 1,2,3"): raise Exception("Unexpected SET_QOS_MAP_SET success") if "FAIL" not in hapd.request("SET_QOS_MAP_SET 1,-2,3"): raise Exception("Unexpected SET_QOS_MAP_SET success") if "FAIL" not in hapd.request("SET_QOS_MAP_SET 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59"): raise Exception("Unexpected SET_QOS_MAP_SET success") if "FAIL" not in hapd.request("SET_QOS_MAP_SET 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21"): raise Exception("Unexpected SET_QOS_MAP_SET success") if "FAIL" in hapd.request("SET_QOS_MAP_SET 22,6,8,15,0,7,255,255,16,31,32,39,255,255,40,47,48,55"): raise Exception("Unexpected SET_QOS_MAP_SET failure") if "FAIL" not in hapd.request("SEND_QOS_MAP_CONF 00:11:22:33:44:55"): raise Exception("Unexpected SEND_QOS_MAP_CONF success") if "FAIL" not in hapd.request("SEND_QOS_MAP_CONF 00:11:22:33:44"): raise Exception("Unexpected SEND_QOS_MAP_CONF success") with fail_test(hapd, 1, "hostapd_ctrl_iface_set_qos_map_set"): if "FAIL" not in hapd.request("SET_QOS_MAP_SET 22,6,8,15,0,7,255,255,16,31,32,39,255,255,40,47,48,55"): raise Exception("SET_QOS_MAP_SET accepted during forced driver failure") dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412") with alloc_fail(hapd, 1, "wpabuf_alloc;hostapd_ctrl_iface_send_qos_map_conf"): if "FAIL" not in hapd.request("SEND_QOS_MAP_CONF " + dev[0].own_addr()): raise Exception("SEND_QOS_MAP_CONF accepted during OOM")
def test_bgscan_learn_driver_conf_failure(dev, apdev): """bgscan_learn driver configuration failure""" hapd = hostapd.add_ap(apdev[0], {"ssid": "bgscan"}) with fail_test(dev[0], 1, "bgscan_learn_init"): dev[0].connect("bgscan", key_mgmt="NONE", scan_freq="2412", bgscan="learn:1:-20:2")
def test_tnc_peap_soh_errors(dev, apdev): """TNC PEAP-SoH local error cases""" params = int_eap_server_params() params["tnc"] = "1" hostapd.add_ap(apdev[0], params) tests = [ (1, "tncc_build_soh"), (1, "eap_msg_alloc;=eap_peap_phase2_request") ] for count, func in tests: with alloc_fail(dev[0], count, func): dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="PEAP", identity="user", password="******", ca_cert="auth_serv/ca.pem", phase1="peapver=0 tnc=soh cryptobinding=0", phase2="auth=MSCHAPV2", scan_freq="2412", wait_connect=False) wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") dev[0].request("REMOVE_NETWORK all") dev[0].wait_disconnected() with fail_test(dev[0], 1, "os_get_random;tncc_build_soh"): dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="PEAP", identity="user", password="******", ca_cert="auth_serv/ca.pem", phase1="peapver=0 tnc=soh cryptobinding=0", phase2="auth=MSCHAPV2", scan_freq="2412", wait_connect=False) wait_fail_trigger(dev[0], "GET_FAIL") dev[0].request("REMOVE_NETWORK all") dev[0].wait_disconnected()
def test_hapd_ctrl_update_beacon(dev, apdev): """hostapd and UPDATE_BEACON""" ssid = "hapd-ctrl" params = {"ssid": ssid} hapd = hostapd.add_ap(apdev[0], params) if "OK" not in hapd.request("UPDATE_BEACON"): raise Exception("UPDATE_BEACON failed") with fail_test(hapd, 1, "ieee802_11_set_beacon"): if "FAIL" not in hapd.request("UPDATE_BEACON"): raise Exception("UPDATE_BEACON succeeded unexpectedly") dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412")
def test_tspec_ap_fail(dev, apdev): """AP failing to send tspec response""" # configure ap with VO and VI requiring admission-control hapd = add_wmm_ap(apdev[0], ["VO", "VI"]) dev[0].connect("wmm_ac", key_mgmt="NONE", scan_freq="2462") tsid = 5 with fail_test(hapd, 1, "wmm_send_action"): try: # add tspec for UP=6 dev[0].add_ts(tsid, 6) except: pass
def test_sae_pwe_failure(dev, apdev): """SAE and pwe failure""" if "SAE" not in dev[0].get_capability("auth_alg"): raise HwsimSkip("SAE not supported") params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678") params['wpa_key_mgmt'] = 'SAE' params['sae_groups'] = '19 5' hapd = hostapd.add_ap(apdev[0], params) dev[0].request("SET sae_groups 19") with fail_test(dev[0], 1, "hmac_sha256_vector;sae_derive_pwe_ecc"): dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE", scan_freq="2412") dev[0].request("REMOVE_NETWORK all") dev[0].wait_disconnected() with fail_test(dev[0], 1, "sae_test_pwd_seed_ecc"): dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE", scan_freq="2412") dev[0].request("REMOVE_NETWORK all") dev[0].wait_disconnected() dev[0].request("SET sae_groups 5") with fail_test(dev[0], 1, "hmac_sha256_vector;sae_derive_pwe_ffc"): dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE", scan_freq="2412") dev[0].request("REMOVE_NETWORK all") dev[0].wait_disconnected() dev[0].request("SET sae_groups 5") with fail_test(dev[0], 1, "sae_test_pwd_seed_ffc"): dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE", scan_freq="2412") dev[0].request("REMOVE_NETWORK all") dev[0].wait_disconnected() with fail_test(dev[0], 2, "sae_test_pwd_seed_ffc"): dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE", scan_freq="2412") dev[0].request("REMOVE_NETWORK all") dev[0].wait_disconnected()
def test_ap_pmf_sta_sa_query_local_failure(dev, apdev): """WPA2-PSK AP with station using SA Query (local failure)""" ssid = "assoc-comeback" addr = dev[0].own_addr() wpas = start_wpas_ap(ssid) dev[0].connect(ssid, psk="12345678", ieee80211w="1", key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2", scan_freq="2412") with fail_test(dev[0], 1, "os_get_random;sme_sa_query_timer"): wpas.request("DEAUTHENTICATE " + addr + " reason=6 test=0") wait_fail_trigger(dev[0], "GET_FAIL") dev[0].request("DISCONNECT") wpas.request("DISCONNECT") dev[0].wait_disconnected()
def test_suite_b_192_pmkid_failure(dev, apdev): """WPA2/GCMP-256 connection at Suite B 192-bit level and PMKID derivation failure""" check_suite_b_192_capa(dev) dev[0].flush_scan_cache() params = suite_b_192_ap_params() hapd = hostapd.add_ap(apdev[0], params) with fail_test(dev[0], 1, "rsn_pmkid_suite_b"): dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192", ieee80211w="2", openssl_ciphers="SUITEB192", eap="TLS", identity="tls user", ca_cert="auth_serv/ec2-ca.pem", client_cert="auth_serv/ec2-user.pem", private_key="auth_serv/ec2-user.key", pairwise="GCMP-256", group="GCMP-256", scan_freq="2412")
def test_suite_b_mic_failure(dev, apdev): """WPA2/GCMP connection at Suite B 128-bit level and MIC derivation failure""" check_suite_b_capa(dev) dev[0].flush_scan_cache() params = suite_b_ap_params() hapd = hostapd.add_ap(apdev[0], params) with fail_test(dev[0], 1, "wpa_eapol_key_mic"): dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B", ieee80211w="2", openssl_ciphers="SUITEB128", eap="TLS", identity="tls user", ca_cert="auth_serv/ec-ca.pem", client_cert="auth_serv/ec-user.pem", private_key="auth_serv/ec-user.key", pairwise="GCMP", group="GCMP", scan_freq="2412", wait_connect=False) dev[0].wait_disconnected()
def test_sae_no_random(dev, apdev): """SAE and no random numbers available""" if "SAE" not in dev[0].get_capability("auth_alg"): raise HwsimSkip("SAE not supported") params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678") params['wpa_key_mgmt'] = 'SAE' hapd = hostapd.add_ap(apdev[0], params) dev[0].request("SET sae_groups ") tests = [ (1, "os_get_random;sae_get_rand"), (1, "os_get_random;get_rand_1_to_p_1"), (1, "os_get_random;get_random_qr_qnr"), (1, "os_get_random;sae_derive_pwe_ecc") ] for count, func in tests: with fail_test(dev[0], count, func): dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE", scan_freq="2412") dev[0].request("REMOVE_NETWORK all") dev[0].wait_disconnected()
def test_mbo_failures(dev, apdev): """MBO failure cases""" ssid = "test-wnm-mbo" params = { 'ssid': ssid, 'mbo': '1' } hapd = hostapd.add_ap(apdev[0], params) with alloc_fail(dev[0], 1, "wpas_mbo_ie"): dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412") with alloc_fail(dev[0], 1, "wpas_mbo_send_wnm_notification"): if "OK" not in dev[0].request("SET mbo_cell_capa 1"): raise Exception("Failed to set STA as cellular data capable") with fail_test(dev[0], 1, "wpas_mbo_send_wnm_notification"): if "OK" not in dev[0].request("SET mbo_cell_capa 3"): raise Exception("Failed to set STA as cellular data not-capable") with alloc_fail(dev[0], 1, "wpas_mbo_update_non_pref_chan"): if "FAIL" not in dev[0].request("SET non_pref_chan 81:7:200:3"): raise Exception("non_pref_chan value accepted during OOM") with alloc_fail(dev[0], 2, "wpas_mbo_update_non_pref_chan"): if "FAIL" not in dev[0].request("SET non_pref_chan 81:7:200:3"): raise Exception("non_pref_chan value accepted during OOM")
def _test_scan_ap_scan_2_ap_mode(dev, apdev): if "OK" not in dev[0].request("AP_SCAN 2"): raise Exception("Failed to set AP_SCAN 2") id = dev[0].add_network() dev[0].set_network(id, "mode", "2") dev[0].set_network_quoted(id, "ssid", "wpas-ap-open") dev[0].set_network(id, "key_mgmt", "NONE") dev[0].set_network(id, "frequency", "2412") dev[0].set_network(id, "scan_freq", "2412") dev[0].set_network(id, "disabled", "0") dev[0].select_network(id) ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=5) if ev is None: raise Exception("AP failed to start") with fail_test(dev[0], 1, "wpa_driver_nl80211_scan"): if "OK" not in dev[0].request("SCAN freq=2412"): raise Exception("SCAN command failed unexpectedly") ev = dev[0].wait_event(["CTRL-EVENT-SCAN-FAILED", "AP-DISABLED"], timeout=5) if ev is None: raise Exception("CTRL-EVENT-SCAN-FAILED not seen") if "AP-DISABLED" in ev: raise Exception("Unexpected AP-DISABLED event") if "retry=1" in ev: # Wait for the retry to scan happen ev = dev[0].wait_event(["CTRL-EVENT-SCAN-FAILED", "AP-DISABLED"], timeout=5) if ev is None: raise Exception("CTRL-EVENT-SCAN-FAILED not seen - retry") if "AP-DISABLED" in ev: raise Exception("Unexpected AP-DISABLED event - retry") dev[1].connect("wpas-ap-open", key_mgmt="NONE", scan_freq="2412") dev[1].request("DISCONNECT") dev[1].wait_disconnected() dev[0].request("DISCONNECT") dev[0].wait_disconnected()
def test_ap_config_set_oom(dev, apdev): """hostapd configuration parsing OOM""" hapd = hostapd.add_ap(apdev[0], { "ssid": "foobar" }) tests = [ (1, "hostapd_parse_das_client", "SET radius_das_client 192.168.1.123 pw"), (1, "hostapd_config_read_wep", "SET wep_key0 \"hello\""), (1, "hostapd_config_read_wep", "SET wep_key0 0102030405"), (1, "hostapd_parse_chanlist", "SET chanlist 1 6 11-13"), (1, "hostapd_config_bss", "SET bss foo"), (2, "hostapd_config_bss", "SET bss foo"), (3, "hostapd_config_bss", "SET bss foo"), (1, "add_r0kh", "SET r0kh 02:01:02:03:04:05 r0kh-1.example.com 000102030405060708090a0b0c0d0e0f"), (1, "add_r1kh", "SET r1kh 02:01:02:03:04:05 02:11:22:33:44:55 000102030405060708090a0b0c0d0e0f"), (1, "parse_roaming_consortium", "SET roaming_consortium 021122"), (1, "parse_lang_string", "SET venue_name eng:Example venue"), (1, "parse_3gpp_cell_net", "SET anqp_3gpp_cell_net 244,91;310,026;234,56"), (1, "parse_nai_realm", "SET nai_realm 0,example.com;example.net"), (2, "parse_nai_realm", "SET nai_realm 0,example.com;example.net"), (1, "parse_anqp_elem", "SET anqp_elem 265:0000"), (2, "parse_anqp_elem", "SET anqp_elem 266:000000"), (1, "hs20_parse_conn_capab", "SET hs20_conn_capab 1:0:2"), (1, "hs20_parse_wan_metrics", "SET hs20_wan_metrics 01:8000:1000:80:240:3000"), (1, "hs20_parse_icon", "SET hs20_icon 32:32:eng:image/png:icon32:/tmp/icon32.png"), (1, "hs20_parse_osu_server_uri", "SET osu_server_uri https://example.com/osu/"), (1, "hostapd_config_parse_acs_chan_bias", "SET acs_chan_bias 1:0.8 6:0.8 11:0.8"), (2, "hostapd_config_parse_acs_chan_bias", "SET acs_chan_bias 1:0.8 6:0.8 11:0.8"), (1, "parse_wpabuf_hex", "SET vendor_elements 01020304"), (1, "parse_fils_realm", "SET fils_realm example.com"), (1, "hostapd_config_fill", "SET pac_opaque_encr_key 000102030405060708090a0b0c0d0e0f"), (1, "hostapd_config_fill", "SET eap_message hello"), (1, "hostapd_config_fill", "SET wpa_psk 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"), (1, "hostapd_config_fill", "SET time_zone EST5"), (1, "hostapd_config_fill", "SET network_auth_type 02http://www.example.com/redirect/"), (1, "hostapd_config_fill", "SET domain_name example.com"), (1, "hostapd_config_fill", "SET hs20_operating_class 5173"), (1, "hostapd_config_fill", "SET own_ie_override 11223344"), (1, "hostapd_parse_intlist", "SET sae_groups 19 25"), (1, "hostapd_parse_intlist", "SET basic_rates 10 20 55 110"), (1, "hostapd_parse_intlist", "SET supported_rates 10 20 55 110") ] for count, func, cmd in tests: with alloc_fail(hapd, count, func): if "FAIL" not in hapd.request(cmd): raise Exception("Command accepted during OOM: " + cmd) hapd.set("hs20_icon", "32:32:eng:image/png:icon32:/tmp/icon32.png") hapd.set("hs20_conn_capab", "1:0:2") hapd.set("nai_realm", "0,example.com;example.net") hapd.set("venue_name", "eng:Example venue") hapd.set("roaming_consortium", "021122") hapd.set("osu_server_uri", "https://example.com/osu/") hapd.set("vendor_elements", "01020304") hapd.set("vendor_elements", "01020304") hapd.set("vendor_elements", "") hapd.set("lci", "11223344") hapd.set("civic", "11223344") hapd.set("lci", "") hapd.set("civic", "") tests = [ (1, "hs20_parse_icon", "SET hs20_icon 32:32:eng:image/png:icon32:/tmp/icon32.png"), (1, "parse_roaming_consortium", "SET roaming_consortium 021122"), (2, "parse_nai_realm", "SET nai_realm 0,example.com;example.net"), (1, "parse_lang_string", "SET venue_name eng:Example venue"), (1, "hs20_parse_osu_server_uri", "SET osu_server_uri https://example.com/osu/"), (1, "hs20_parse_osu_nai", "SET osu_nai [email protected]"), (1, "hostapd_parse_intlist", "SET osu_method_list 1 0"), (1, "hs20_parse_osu_icon", "SET osu_icon icon32"), (2, "hs20_parse_osu_icon", "SET osu_icon icon32"), (2, "hs20_parse_osu_icon", "SET osu_icon icon32"), (1, "hs20_parse_conn_capab", "SET hs20_conn_capab 1:0:2") ] for count, func, cmd in tests: with alloc_fail(hapd, count, func): if "FAIL" not in hapd.request(cmd): raise Exception("Command accepted during OOM (2): " + cmd) tests = [ (1, "parse_fils_realm", "SET fils_realm example.com") ] for count, func, cmd in tests: with fail_test(hapd, count, func): if "FAIL" not in hapd.request(cmd): raise Exception("Command accepted during FAIL_TEST: " + cmd)
def test_scan_fail(dev, apdev): """Scan failures""" with fail_test(dev[0], 1, "wpa_driver_nl80211_scan"): dev[0].request("DISCONNECT") if "OK" not in dev[0].request("SCAN freq=2412"): raise Exception("SCAN failed") ev = dev[0].wait_event(["CTRL-EVENT-SCAN-FAILED"], timeout=5) if ev is None: raise Exception("Did not see scan failure event") dev[0].dump_monitor() for i in range(1, 5): with alloc_fail(dev[0], i, "wpa_scan_clone_params;wpa_supplicant_trigger_scan"): if "OK" not in dev[0].request("SCAN ssid 112233 freq=2412"): raise Exception("SCAN failed") ev = dev[0].wait_event(["CTRL-EVENT-SCAN-FAILED"], timeout=5) if ev is None: raise Exception("Did not see scan failure event") dev[0].dump_monitor() with alloc_fail(dev[0], 1, "radio_add_work;wpa_supplicant_trigger_scan"): if "OK" not in dev[0].request("SCAN freq=2412"): raise Exception("SCAN failed") ev = dev[0].wait_event(["CTRL-EVENT-SCAN-FAILED"], timeout=5) if ev is None: raise Exception("Did not see scan failure event") dev[0].dump_monitor() try: if "OK" not in dev[0].request("SET filter_ssids 1"): raise Exception("SET failed") id = dev[0].connect("test-scan", key_mgmt="NONE", only_add_network=True) with alloc_fail(dev[0], 1, "wpa_supplicant_build_filter_ssids"): # While the filter list cannot be created due to memory allocation # failure, this scan is expected to be completed without SSID # filtering. if "OK" not in dev[0].request("SCAN freq=2412"): raise Exception("SCAN failed") ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"]) if ev is None: raise Exception("Scan did not complete") dev[0].remove_network(id) finally: dev[0].request("SET filter_ssids 0") dev[0].dump_monitor() with alloc_fail(dev[0], 1, "nl80211_get_scan_results"): if "OK" not in dev[0].request("SCAN freq=2412"): raise Exception("SCAN failed") ev = dev[0].wait_event(["CTRL-EVENT-SCAN-STARTED"], timeout=5) if ev is None: raise Exception("Did not see scan started event") wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") dev[0].dump_monitor() try: if "OK" not in dev[0].request("SET setband 2G"): raise Exception("SET setband failed") with alloc_fail(dev[0], 1, "=wpa_setband_scan_freqs_list"): # While the frequency list cannot be created due to memory # allocation failure, this scan is expected to be completed without # frequency filtering. if "OK" not in dev[0].request("SCAN"): raise Exception("SCAN failed") wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") dev[0].request("ABORT_SCAN") ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"]) if ev is None: raise Exception("Scan did not complete") finally: dev[0].request("SET setband AUTO") dev[0].dump_monitor() wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5') wpas.interface_add("wlan5") wpas.request("SET preassoc_mac_addr 1") with fail_test(wpas, 1, "nl80211_set_mac_addr;wpas_trigger_scan_cb"): if "OK" not in wpas.request("SCAN freq=2412"): raise Exception("SCAN failed") ev = wpas.wait_event(["CTRL-EVENT-SCAN-FAILED"], timeout=5) if ev is None: raise Exception("Did not see scan failure event") wpas.request("SET preassoc_mac_addr 0") wpas.dump_monitor() hapd = hostapd.add_ap(apdev[0], {"ssid": "open"}) with alloc_fail(dev[0], 1, "wpa_bss_add"): dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
def test_sae_bignum_failure(dev, apdev): """SAE and bignum failure""" if "SAE" not in dev[0].get_capability("auth_alg"): raise HwsimSkip("SAE not supported") params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678") params['wpa_key_mgmt'] = 'SAE' params['sae_groups'] = '19 5 22' hapd = hostapd.add_ap(apdev[0], params) dev[0].request("SET sae_groups 19") tests = [ (1, "crypto_bignum_init_set;get_rand_1_to_p_1"), (1, "crypto_bignum_init;is_quadratic_residue_blind"), (1, "crypto_bignum_mulmod;is_quadratic_residue_blind"), (2, "crypto_bignum_mulmod;is_quadratic_residue_blind"), (3, "crypto_bignum_mulmod;is_quadratic_residue_blind"), (1, "crypto_bignum_legendre;is_quadratic_residue_blind"), (1, "crypto_bignum_init_set;sae_test_pwd_seed_ecc"), (1, "crypto_ec_point_compute_y_sqr;sae_test_pwd_seed_ecc"), (1, "crypto_bignum_init_set;get_random_qr_qnr"), (1, "crypto_bignum_to_bin;sae_derive_pwe_ecc"), (1, "crypto_ec_point_init;sae_derive_pwe_ecc"), (1, "crypto_ec_point_solve_y_coord;sae_derive_pwe_ecc"), (1, "crypto_ec_point_init;sae_derive_commit_element_ecc"), (1, "crypto_ec_point_mul;sae_derive_commit_element_ecc"), (1, "crypto_ec_point_invert;sae_derive_commit_element_ecc"), (1, "crypto_bignum_init;=sae_derive_commit"), (1, "crypto_ec_point_init;sae_derive_k_ecc"), (1, "crypto_ec_point_mul;sae_derive_k_ecc"), (1, "crypto_ec_point_add;sae_derive_k_ecc"), (2, "crypto_ec_point_mul;sae_derive_k_ecc"), (1, "crypto_ec_point_to_bin;sae_derive_k_ecc"), (1, "crypto_bignum_legendre;get_random_qr_qnr"), (1, "sha256_prf;sae_derive_keys"), (1, "crypto_bignum_init;sae_derive_keys"), (1, "crypto_bignum_init_set;sae_parse_commit_scalar"), (1, "crypto_bignum_to_bin;sae_parse_commit_element_ecc"), (1, "crypto_ec_point_from_bin;sae_parse_commit_element_ecc") ] for count, func in tests: with fail_test(dev[0], count, func): dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE", scan_freq="2412", wait_connect=False) wait_fail_trigger(dev[0], "GET_FAIL") dev[0].request("REMOVE_NETWORK all") dev[0].request("SET sae_groups 5") tests = [ (1, "crypto_bignum_init_set;sae_set_group"), (2, "crypto_bignum_init_set;sae_set_group"), (1, "crypto_bignum_init_set;sae_get_rand"), (1, "crypto_bignum_init_set;sae_test_pwd_seed_ffc"), (1, "crypto_bignum_exptmod;sae_test_pwd_seed_ffc"), (1, "crypto_bignum_init;sae_derive_pwe_ffc"), (1, "crypto_bignum_init;sae_derive_commit_element_ffc"), (1, "crypto_bignum_exptmod;sae_derive_commit_element_ffc"), (1, "crypto_bignum_inverse;sae_derive_commit_element_ffc"), (1, "crypto_bignum_init;sae_derive_k_ffc"), (1, "crypto_bignum_exptmod;sae_derive_k_ffc"), (1, "crypto_bignum_mulmod;sae_derive_k_ffc"), (2, "crypto_bignum_exptmod;sae_derive_k_ffc"), (1, "crypto_bignum_to_bin;sae_derive_k_ffc"), (1, "crypto_bignum_init_set;sae_parse_commit_element_ffc"), (1, "crypto_bignum_init;sae_parse_commit_element_ffc"), (2, "crypto_bignum_init_set;sae_parse_commit_element_ffc"), (1, "crypto_bignum_exptmod;sae_parse_commit_element_ffc") ] for count, func in tests: with fail_test(dev[0], count, func): dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE", scan_freq="2412", wait_connect=False) wait_fail_trigger(dev[0], "GET_FAIL") dev[0].request("REMOVE_NETWORK all") dev[0].request("SET sae_groups 22") tests = [ (1, "crypto_bignum_init_set;sae_test_pwd_seed_ffc"), (1, "crypto_bignum_sub;sae_test_pwd_seed_ffc"), (1, "crypto_bignum_div;sae_test_pwd_seed_ffc") ] for count, func in tests: with fail_test(dev[0], count, func): dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE", scan_freq="2412", wait_connect=False) wait_fail_trigger(dev[0], "GET_FAIL") dev[0].request("REMOVE_NETWORK all")
def test_owe_local_errors(dev, apdev): """Opportunistic Wireless Encryption - local errors on supplicant""" if "OWE" not in dev[0].get_capability("key_mgmt"): raise HwsimSkip("OWE not supported") params = {"ssid": "owe", "wpa": "2", "ieee80211w": "2", "wpa_key_mgmt": "OWE", "rsn_pairwise": "CCMP"} hapd = hostapd.add_ap(apdev[0], params) bssid = hapd.own_addr() dev[0].scan_for_bss(bssid, freq="2412") tests = [(1, "crypto_ecdh_init;owe_build_assoc_req"), (1, "crypto_ecdh_get_pubkey;owe_build_assoc_req"), (1, "wpabuf_alloc;owe_build_assoc_req")] for count, func in tests: with alloc_fail(dev[0], count, func): dev[0].connect("owe", key_mgmt="OWE", owe_group="20", ieee80211w="2", scan_freq="2412", wait_connect=False) wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") dev[0].request("REMOVE_NETWORK all") dev[0].dump_monitor() tests = [(1, "crypto_ecdh_set_peerkey;owe_process_assoc_resp"), (1, "crypto_ecdh_get_pubkey;owe_process_assoc_resp"), (1, "wpabuf_alloc;=owe_process_assoc_resp")] for count, func in tests: with alloc_fail(dev[0], count, func): dev[0].connect("owe", key_mgmt="OWE", owe_group="20", ieee80211w="2", scan_freq="2412", wait_connect=False) dev[0].wait_disconnected() dev[0].request("REMOVE_NETWORK all") dev[0].dump_monitor() tests = [(1, "hmac_sha256;owe_process_assoc_resp", 19), (1, "hmac_sha256_kdf;owe_process_assoc_resp", 19), (1, "hmac_sha384;owe_process_assoc_resp", 20), (1, "hmac_sha384_kdf;owe_process_assoc_resp", 20), (1, "hmac_sha512;owe_process_assoc_resp", 21), (1, "hmac_sha512_kdf;owe_process_assoc_resp", 21)] for count, func, group in tests: with fail_test(dev[0], count, func): dev[0].connect("owe", key_mgmt="OWE", owe_group=str(group), ieee80211w="2", scan_freq="2412", wait_connect=False) dev[0].wait_disconnected() dev[0].request("REMOVE_NETWORK all") dev[0].dump_monitor() dev[0].connect("owe", key_mgmt="OWE", owe_group="18", ieee80211w="2", scan_freq="2412", wait_connect=False) ev = dev[0].wait_event(["SME: Trying to authenticate"], timeout=5) if ev is None: raise Exception("No authentication attempt") time.sleep(0.5) dev[0].request("REMOVE_NETWORK all") dev[0].dump_monitor()
def test_authsrv_oom(dev, apdev): """Authentication server OOM""" params = authsrv_params() authsrv = hostapd.add_ap(apdev[1], params) params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") params['auth_server_port'] = "18128" hapd = hostapd.add_ap(apdev[0], params) dev[0].scan_for_bss(hapd.own_addr(), 2412) with alloc_fail(authsrv, 1, "hostapd_radius_get_eap_user"): dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS", identity="user", anonymous_identity="ttls", password="******", ca_cert="auth_serv/ca.pem", phase2="autheap=GTC", wait_connect=False, scan_freq="2412") ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10) if ev is None: raise Exception("EAP failure not reported") dev[0].request("REMOVE_NETWORK all") dev[0].wait_disconnected() dev[0].dump_monitor() with alloc_fail(authsrv, 1, "srv_log"): dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS", identity="user", anonymous_identity="ttls", password="******", ca_cert="auth_serv/ca.pem", phase2="autheap=GTC", scan_freq="2412") dev[0].request("REMOVE_NETWORK all") dev[0].wait_disconnected() dev[0].dump_monitor() with alloc_fail(authsrv, 1, "radius_server_new_session"): dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS", identity="user", anonymous_identity="ttls", password="******", ca_cert="auth_serv/ca.pem", phase2="autheap=GTC", wait_connect=False, scan_freq="2412") dev[0].wait_disconnected() dev[0].request("REMOVE_NETWORK all") dev[0].dump_monitor() for count in range(1, 3): with alloc_fail(authsrv, count, "=radius_server_get_new_session"): dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS", identity="user", anonymous_identity="ttls", password="******", ca_cert="auth_serv/ca.pem", phase2="autheap=GTC", wait_connect=False, scan_freq="2412") dev[0].wait_disconnected() dev[0].request("REMOVE_NETWORK all") dev[0].dump_monitor() with alloc_fail(authsrv, 1, "eap_server_sm_init"): dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS", identity="user", anonymous_identity="ttls", password="******", ca_cert="auth_serv/ca.pem", phase2="autheap=GTC", wait_connect=False, scan_freq="2412") dev[0].wait_disconnected() dev[0].request("REMOVE_NETWORK all") dev[0].dump_monitor() tests = [ "radius_server_encapsulate_eap", "radius_server_receive_auth" ] for t in tests: with alloc_fail(authsrv, 1, t): dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS", identity="user", anonymous_identity="ttls", password="******", ca_cert="auth_serv/ca.pem", phase2="autheap=GTC", wait_connect=False, scan_freq="2412") wait_fail_trigger(authsrv, "GET_ALLOC_FAIL") dev[0].request("REMOVE_NETWORK all") dev[0].wait_disconnected() dev[0].dump_monitor() tests = [ "radius_msg_add_attr;radius_server_encapsulate_eap", "radius_msg_add_eap;radius_server_encapsulate_eap", "radius_msg_finish_srv;radius_server_encapsulate_eap" ] for t in tests: with fail_test(authsrv, 1, t): dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS", identity="user", anonymous_identity="ttls", password="******", ca_cert="auth_serv/ca.pem", phase2="autheap=GTC", wait_connect=False, scan_freq="2412") wait_fail_trigger(authsrv, "GET_FAIL") dev[0].request("REMOVE_NETWORK all") dev[0].wait_disconnected() dev[0].dump_monitor() with alloc_fail(authsrv, 1, "radius_server_get_new_session"): with fail_test(authsrv, 1, "radius_msg_add_eap;radius_server_reject"): dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS", identity="user", anonymous_identity="ttls", password="******", ca_cert="auth_serv/ca.pem", phase2="autheap=GTC", wait_connect=False, scan_freq="2412") wait_fail_trigger(authsrv, "GET_FAIL") dev[0].request("REMOVE_NETWORK all") dev[0].wait_disconnected() dev[0].dump_monitor() with alloc_fail(authsrv, 1, "radius_server_get_new_session"): with fail_test(authsrv, 1, "radius_msg_finish_srv;radius_server_reject"): dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS", identity="user", anonymous_identity="ttls", password="******", ca_cert="auth_serv/ca.pem", phase2="autheap=GTC", wait_connect=False, scan_freq="2412") wait_fail_trigger(authsrv, "GET_FAIL") dev[0].request("REMOVE_NETWORK all") dev[0].wait_disconnected() dev[0].dump_monitor() authsrv.disable() with alloc_fail(authsrv, 1, "radius_server_init;hostapd_setup_radius_srv"): if "FAIL" not in authsrv.request("ENABLE"): raise Exception("ENABLE succeeded during OOM") with alloc_fail(authsrv, 2, "radius_server_init;hostapd_setup_radius_srv"): authsrv.request("ENABLE") # This is actually allowed to continue even though memory allocation # fails. authsrv.disable() for count in range(1, 4): with alloc_fail(authsrv, count, "radius_server_read_clients;radius_server_init;hostapd_setup_radius_srv"): if "FAIL" not in authsrv.request("ENABLE"): raise Exception("ENABLE succeeded during OOM") with alloc_fail(authsrv, 1, "eloop_sock_table_add_sock;radius_server_init;hostapd_setup_radius_srv"): if "FAIL" not in authsrv.request("ENABLE"): raise Exception("ENABLE succeeded during OOM") with alloc_fail(authsrv, 1, "tls_init;authsrv_init"): if "FAIL" not in authsrv.request("ENABLE"): raise Exception("ENABLE succeeded during OOM") for count in range(1, 3): with alloc_fail(authsrv, count, "eap_sim_db_init;authsrv_init"): if "FAIL" not in authsrv.request("ENABLE"): raise Exception("ENABLE succeeded during OOM")
def test_scan_fail(dev, apdev): """Scan failures""" with fail_test(dev[0], 1, "wpa_driver_nl80211_scan"): dev[0].request("DISCONNECT") if "OK" not in dev[0].request("SCAN freq=2412"): raise Exception("SCAN failed") ev = dev[0].wait_event(["CTRL-EVENT-SCAN-FAILED"], timeout=5) if ev is None: raise Exception("Did not see scan failure event") dev[0].dump_monitor() for i in range(1, 5): with alloc_fail(dev[0], i, "wpa_scan_clone_params;wpa_supplicant_trigger_scan"): if "OK" not in dev[0].request("SCAN ssid 112233 freq=2412"): raise Exception("SCAN failed") ev = dev[0].wait_event(["CTRL-EVENT-SCAN-FAILED"], timeout=5) if ev is None: raise Exception("Did not see scan failure event") dev[0].dump_monitor() with alloc_fail(dev[0], 1, "radio_add_work;wpa_supplicant_trigger_scan"): if "OK" not in dev[0].request("SCAN freq=2412"): raise Exception("SCAN failed") ev = dev[0].wait_event(["CTRL-EVENT-SCAN-FAILED"], timeout=5) if ev is None: raise Exception("Did not see scan failure event") dev[0].dump_monitor() try: if "OK" not in dev[0].request("SET filter_ssids 1"): raise Exception("SET failed") id = dev[0].connect("test-scan", key_mgmt="NONE", only_add_network=True) with alloc_fail(dev[0], 1, "wpa_supplicant_build_filter_ssids"): # While the filter list cannot be created due to memory allocation # failure, this scan is expected to be completed without SSID # filtering. if "OK" not in dev[0].request("SCAN freq=2412"): raise Exception("SCAN failed") ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"]) if ev is None: raise Exception("Scan did not complete") dev[0].remove_network(id) finally: dev[0].request("SET filter_ssids 0") dev[0].dump_monitor() with alloc_fail(dev[0], 1, "nl80211_get_scan_results"): if "OK" not in dev[0].request("SCAN freq=2412"): raise Exception("SCAN failed") ev = dev[0].wait_event(["CTRL-EVENT-SCAN-STARTED"], timeout=5) if ev is None: raise Exception("Did not see scan started event") wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") dev[0].dump_monitor() try: if "OK" not in dev[0].request("SET setband 2G"): raise Exception("SET setband failed") with alloc_fail(dev[0], 1, "=wpa_setband_scan_freqs_list"): # While the frequency list cannot be created due to memory # allocation failure, this scan is expected to be completed without # frequency filtering. if "OK" not in dev[0].request("SCAN"): raise Exception("SCAN failed") wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") dev[0].request("ABORT_SCAN") ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"]) if ev is None: raise Exception("Scan did not complete") finally: dev[0].request("SET setband AUTO") dev[0].dump_monitor() wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5') wpas.interface_add("wlan5") wpas.request("SET preassoc_mac_addr 1") with fail_test(wpas, 1, "nl80211_set_mac_addr;wpas_trigger_scan_cb"): if "OK" not in wpas.request("SCAN freq=2412"): raise Exception("SCAN failed") ev = wpas.wait_event(["CTRL-EVENT-SCAN-FAILED"], timeout=5) if ev is None: raise Exception("Did not see scan failure event") wpas.request("SET preassoc_mac_addr 0") wpas.dump_monitor() hapd = hostapd.add_ap(apdev[0], { "ssid": "open" }) with alloc_fail(dev[0], 1, "wpa_bss_add"): dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
def test_erp_local_errors(dev, apdev): """ERP and local error cases""" check_erp_capa(dev[0]) params = int_eap_server_params() params['erp_send_reauth_start'] = '1' params['erp_domain'] = 'example.com' params['eap_server_erp'] = '1' params['disable_pmksa_caching'] = '1' hapd = hostapd.add_ap(apdev[0]['ifname'], params) dev[0].request("ERP_FLUSH") with alloc_fail(dev[0], 1, "eap_peer_erp_init"): dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS", identity="*****@*****.**", anonymous_identity="*****@*****.**", password="******", ca_cert="auth_serv/ca.pem", phase2="auth=PAP", erp="1", scan_freq="2412") dev[0].request("REMOVE_NETWORK all") dev[0].wait_disconnected() for count in range(1, 6): dev[0].request("ERP_FLUSH") with fail_test(dev[0], count, "hmac_sha256_kdf;eap_peer_erp_init"): dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS", identity="*****@*****.**", anonymous_identity="*****@*****.**", password="******", ca_cert="auth_serv/ca.pem", phase2="auth=PAP", erp="1", scan_freq="2412") dev[0].request("REMOVE_NETWORK all") dev[0].wait_disconnected() dev[0].request("ERP_FLUSH") with alloc_fail(dev[0], 1, "eap_msg_alloc;eap_peer_erp_reauth_start"): dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS", identity="*****@*****.**", anonymous_identity="*****@*****.**", password="******", ca_cert="auth_serv/ca.pem", phase2="auth=PAP", erp="1", scan_freq="2412") dev[0].request("DISCONNECT") dev[0].wait_disconnected(timeout=15) dev[0].request("RECONNECT") wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") dev[0].request("REMOVE_NETWORK all") dev[0].wait_disconnected() dev[0].request("ERP_FLUSH") with fail_test(dev[0], 1, "hmac_sha256;eap_peer_erp_reauth_start"): dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS", identity="*****@*****.**", anonymous_identity="*****@*****.**", password="******", ca_cert="auth_serv/ca.pem", phase2="auth=PAP", erp="1", scan_freq="2412") dev[0].request("DISCONNECT") dev[0].wait_disconnected(timeout=15) dev[0].request("RECONNECT") wait_fail_trigger(dev[0], "GET_FAIL") dev[0].request("REMOVE_NETWORK all") dev[0].wait_disconnected() dev[0].request("ERP_FLUSH") with fail_test(dev[0], 1, "hmac_sha256;eap_peer_finish"): dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS", identity="*****@*****.**", anonymous_identity="*****@*****.**", password="******", ca_cert="auth_serv/ca.pem", phase2="auth=PAP", erp="1", scan_freq="2412") dev[0].request("DISCONNECT") dev[0].wait_disconnected(timeout=15) dev[0].request("RECONNECT") wait_fail_trigger(dev[0], "GET_FAIL") dev[0].request("REMOVE_NETWORK all") dev[0].wait_disconnected()