def test_tnc_peap_soh_errors(dev, apdev):
"""TNC PEAP-SoH local error cases"""
params = int_eap_server_params()
params["tnc"] = "1"
hostapd.add_ap(apdev[0], params)
tests = [ (1, "tncc_build_soh"),
(1, "eap_msg_alloc;=eap_peap_phase2_request") ]
for count, func in tests:
with alloc_fail(dev[0], count, func):
dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
eap="PEAP", identity="user", password="******",
ca_cert="auth_serv/ca.pem",
phase1="peapver=0 tnc=soh cryptobinding=0",
phase2="auth=MSCHAPV2",
scan_freq="2412", wait_connect=False)
wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
with fail_test(dev[0], 1, "os_get_random;tncc_build_soh"):
dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
eap="PEAP", identity="user", password="******",
ca_cert="auth_serv/ca.pem",
phase1="peapver=0 tnc=soh cryptobinding=0",
phase2="auth=MSCHAPV2",
scan_freq="2412", wait_connect=False)
wait_fail_trigger(dev[0], "GET_FAIL")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
def test_ap_bss_load_fail(dev, apdev):
"""BSS Load update failing to get survey data"""
hapd = hostapd.add_ap(apdev[0],
{ "ssid": "open",
"bss_load_update_period": "1" })
with fail_test(hapd, 1, "wpa_driver_nl80211_get_survey"):
wait_fail_trigger(hapd, "GET_FAIL")
def test_ap_bss_load_fail(dev, apdev):
"""BSS Load update failing to get survey data"""
hapd = hostapd.add_ap(apdev[0],
{ "ssid": "open",
"bss_load_update_period": "1" })
with fail_test(hapd, 1, "wpa_driver_nl80211_get_survey"):
wait_fail_trigger(hapd, "GET_FAIL")
def test_tnc_ttls_errors(dev, apdev):
"""TNC TTLS local error cases"""
if not os.path.exists("tnc/libhostap_imc.so"):
raise HwsimSkip("No IMC installed")
check_eap_capa(dev[0], "MSCHAPV2")
params = int_eap_server_params()
params["tnc"] = "1"
params["fragment_size"] = "150"
hostapd.add_ap(apdev[0], params)
tests = [(1, "eap_ttls_process_phase2_eap;eap_ttls_process_tnc_start",
"DOMAIN\mschapv2 user", "auth=MSCHAPV2"),
(1, "eap_ttls_process_phase2_eap;eap_ttls_process_tnc_start",
"mschap user", "auth=MSCHAP"),
(1, "=eap_tnc_init", "chap user", "auth=CHAP"),
(1, "tncc_init;eap_tnc_init", "pap user", "auth=PAP"),
(1, "eap_msg_alloc;eap_tnc_build_frag_ack",
"pap user", "auth=PAP"),
(1, "eap_msg_alloc;eap_tnc_build_msg",
"pap user", "auth=PAP"),
(1, "wpabuf_alloc;=eap_tnc_process_fragment",
"pap user", "auth=PAP"),
(1, "eap_msg_alloc;=eap_tnc_process", "pap user", "auth=PAP"),
(1, "wpabuf_alloc;=eap_tnc_process", "pap user", "auth=PAP"),
(1, "dup_binstr;tncc_process_if_tnccs", "pap user", "auth=PAP"),
(1, "tncc_get_base64;tncc_process_if_tnccs",
"pap user", "auth=PAP"),
(1, "tncc_if_tnccs_start", "pap user", "auth=PAP"),
(1, "tncc_if_tnccs_end", "pap user", "auth=PAP"),
(1, "tncc_parse_imc", "pap user", "auth=PAP"),
(2, "tncc_parse_imc", "pap user", "auth=PAP"),
(3, "tncc_parse_imc", "pap user", "auth=PAP"),
(1, "os_readfile;tncc_read_config", "pap user", "auth=PAP"),
(1, "tncc_init", "pap user", "auth=PAP"),
(1, "TNC_TNCC_ReportMessageTypes", "pap user", "auth=PAP"),
(1, "base64_gen_encode;?base64_encode;TNC_TNCC_SendMessage",
"pap user", "auth=PAP"),
(1, "=TNC_TNCC_SendMessage", "pap user", "auth=PAP"),
(1, "tncc_get_base64;tncc_process_if_tnccs",
"pap user", "auth=PAP")]
for count, func, identity, phase2 in tests:
with alloc_fail(dev[0], count, func):
dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
scan_freq="2412",
eap="TTLS", anonymous_identity="ttls",
identity=identity, password="******",
ca_cert="auth_serv/ca.pem", phase2=phase2,
fragment_size="150", wait_connect=False)
ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
timeout=15)
if ev is None:
raise Exception("Timeout on EAP start")
wait_fail_trigger(dev[0], "GET_ALLOC_FAIL",
note="Allocation failure not triggered for: %d:%s" % (count, func))
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
dev[0].dump_monitor()
def wait_eap_proposed(dev, wait_trigger=None):
ev = dev.wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=10)
if ev is None:
raise Exception("Timeout on EAP start")
if wait_trigger:
wait_fail_trigger(dev, wait_trigger)
dev.request("REMOVE_NETWORK all")
dev.wait_disconnected()
dev.dump_monitor()
def test_macsec_psk_fail_cp2(dev, apdev):
"""MACsec PSK local failures in CP state machine (2)"""
try:
add_veth()
wpa = add_wpas_interfaces()
set_mka_psk_config(wpa[0])
with alloc_fail(wpa[1], 1, "ieee802_1x_cp_sm_init"):
set_mka_psk_config(wpa[1])
wait_fail_trigger(wpa[1], "GET_ALLOC_FAIL", max_iter=100)
wait_mka_done(wpa)
finally:
cleanup_macsec()
def test_macsec_psk_fail_cp2(dev, apdev):
"""MACsec PSK local failures in CP state machine (2)"""
try:
add_veth()
wpa = add_wpas_interfaces()
set_mka_psk_config(wpa[0])
with alloc_fail(wpa[1], 1, "ieee802_1x_cp_sm_init"):
set_mka_psk_config(wpa[1])
wait_fail_trigger(wpa[1], "GET_ALLOC_FAIL", max_iter=100)
wait_mka_done(wpa)
finally:
cleanup_macsec()
def test_ap_pmf_sta_sa_query_local_failure(dev, apdev):
"""WPA2-PSK AP with station using SA Query (local failure)"""
ssid = "assoc-comeback"
addr = dev[0].own_addr()
wpas = start_wpas_ap(ssid)
dev[0].connect(ssid, psk="12345678", ieee80211w="1",
key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2",
scan_freq="2412")
with fail_test(dev[0], 1, "os_get_random;sme_sa_query_timer"):
wpas.request("DEAUTHENTICATE " + addr + " reason=6 test=0")
wait_fail_trigger(dev[0], "GET_FAIL")
dev[0].request("DISCONNECT")
wpas.request("DISCONNECT")
dev[0].wait_disconnected()
def test_ap_open_drv_fail(dev, apdev):
"""AP with open mode and driver operations failing"""
hapd = hostapd.add_ap(apdev[0], { "ssid": "open" })
with fail_test(dev[0], 1, "wpa_driver_nl80211_authenticate"):
dev[0].connect("open", key_mgmt="NONE", scan_freq="2412",
wait_connect=False)
wait_fail_trigger(dev[0], "GET_FAIL")
dev[0].request("REMOVE_NETWORK all")
with fail_test(dev[0], 1, "wpa_driver_nl80211_associate"):
dev[0].connect("open", key_mgmt="NONE", scan_freq="2412",
wait_connect=False)
wait_fail_trigger(dev[0], "GET_FAIL")
dev[0].request("REMOVE_NETWORK all")
def test_ap_open_drv_fail(dev, apdev):
"""AP with open mode and driver operations failing"""
hapd = hostapd.add_ap(apdev[0], { "ssid": "open" })
with fail_test(dev[0], 1, "wpa_driver_nl80211_authenticate"):
dev[0].connect("open", key_mgmt="NONE", scan_freq="2412",
wait_connect=False)
wait_fail_trigger(dev[0], "GET_FAIL")
dev[0].request("REMOVE_NETWORK all")
with fail_test(dev[0], 1, "wpa_driver_nl80211_associate"):
dev[0].connect("open", key_mgmt="NONE", scan_freq="2412",
wait_connect=False)
wait_fail_trigger(dev[0], "GET_FAIL")
dev[0].request("REMOVE_NETWORK all")
def test_sae_oom_wpas(dev, apdev):
"""SAE and OOM in wpa_supplicant"""
if "SAE" not in dev[0].get_capability("auth_alg"):
raise HwsimSkip("SAE not supported")
params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678")
params['wpa_key_mgmt'] = 'SAE'
hapd = hostapd.add_ap(apdev[0], params)
dev[0].request("SET sae_groups 25")
tls = dev[0].request("GET tls_library")
if "BoringSSL" in tls:
dev[0].request("SET sae_groups 26")
with alloc_fail(dev[0], 1, "sae_set_group"):
dev[0].connect("test-sae",
psk="12345678",
key_mgmt="SAE",
scan_freq="2412")
dev[0].request("REMOVE_NETWORK all")
dev[0].request("SET sae_groups ")
with alloc_fail(dev[0], 2, "sae_set_group"):
dev[0].connect("test-sae",
psk="12345678",
key_mgmt="SAE",
scan_freq="2412")
dev[0].request("REMOVE_NETWORK all")
with alloc_fail(dev[0], 1, "wpabuf_alloc;sme_auth_build_sae_commit"):
dev[0].connect("test-sae",
psk="12345678",
key_mgmt="SAE",
scan_freq="2412")
dev[0].request("REMOVE_NETWORK all")
with alloc_fail(dev[0], 1, "wpabuf_alloc;sme_auth_build_sae_confirm"):
dev[0].connect("test-sae",
psk="12345678",
key_mgmt="SAE",
scan_freq="2412",
wait_connect=False)
wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
dev[0].request("REMOVE_NETWORK all")
with alloc_fail(dev[0], 1, "=sme_authenticate"):
dev[0].connect("test-sae",
psk="12345678",
key_mgmt="SAE",
scan_freq="2412",
wait_connect=False)
wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
dev[0].request("REMOVE_NETWORK all")
with alloc_fail(dev[0], 1, "radio_add_work;sme_authenticate"):
dev[0].connect("test-sae",
psk="12345678",
key_mgmt="SAE",
scan_freq="2412",
wait_connect=False)
wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
dev[0].request("REMOVE_NETWORK all")
def test_tnc_peap_soh_errors(dev, apdev):
"""TNC PEAP-SoH local error cases"""
params = int_eap_server_params()
params["tnc"] = "1"
hostapd.add_ap(apdev[0]['ifname'], params)
tests = [(1, "tncc_build_soh"),
(1, "eap_msg_alloc;=eap_peap_phase2_request")]
for count, func in tests:
with alloc_fail(dev[0], count, func):
dev[0].connect("test-wpa2-eap",
key_mgmt="WPA-EAP",
eap="PEAP",
identity="user",
password="******",
ca_cert="auth_serv/ca.pem",
phase1="peapver=0 tnc=soh cryptobinding=0",
phase2="auth=MSCHAPV2",
scan_freq="2412",
wait_connect=False)
wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
with fail_test(dev[0], 1, "os_get_random;tncc_build_soh"):
dev[0].connect("test-wpa2-eap",
key_mgmt="WPA-EAP",
eap="PEAP",
identity="user",
password="******",
ca_cert="auth_serv/ca.pem",
phase1="peapver=0 tnc=soh cryptobinding=0",
phase2="auth=MSCHAPV2",
scan_freq="2412",
wait_connect=False)
wait_fail_trigger(dev[0], "GET_FAIL")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
def test_erp_home_realm_oom(dev, apdev):
"""ERP and home realm OOM"""
check_erp_capa(dev[0])
params = int_eap_server_params()
params['erp_send_reauth_start'] = '1'
params['erp_domain'] = 'example.com'
params['eap_server_erp'] = '1'
params['disable_pmksa_caching'] = '1'
hapd = hostapd.add_ap(apdev[0]['ifname'], params)
for count in range(1, 3):
with alloc_fail(dev[0], count, "eap_home_realm"):
dev[0].request("ERP_FLUSH")
dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
identity="*****@*****.**",
anonymous_identity="*****@*****.**",
password="******",
ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
erp="1", scan_freq="2412", wait_connect=False)
dev[0].wait_connected(timeout=10)
wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
for count in range(1, 3):
with alloc_fail(dev[0], count, "eap_home_realm"):
dev[0].request("ERP_FLUSH")
dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
identity="erp-ttls",
anonymous_identity="*****@*****.**",
password="******",
ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
erp="1", scan_freq="2412", wait_connect=False)
dev[0].wait_connected(timeout=10)
wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
for count in range(1, 3):
dev[0].request("ERP_FLUSH")
dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
identity="*****@*****.**",
anonymous_identity="*****@*****.**",
password="******",
ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
erp="1", scan_freq="2412", wait_connect=False)
dev[0].wait_connected(timeout=10)
if range > 1:
continue
with alloc_fail(dev[0], count, "eap_home_realm"):
dev[0].request("DISCONNECT")
dev[0].wait_disconnected(timeout=15)
dev[0].request("RECONNECT")
wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
def test_erp_home_realm_oom(dev, apdev):
"""ERP and home realm OOM"""
check_erp_capa(dev[0])
params = int_eap_server_params()
params['erp_send_reauth_start'] = '1'
params['erp_domain'] = 'example.com'
params['eap_server_erp'] = '1'
params['disable_pmksa_caching'] = '1'
hapd = hostapd.add_ap(apdev[0], params)
for count in range(1, 3):
with alloc_fail(dev[0], count, "eap_get_realm"):
dev[0].request("ERP_FLUSH")
dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
identity="*****@*****.**",
anonymous_identity="*****@*****.**",
password="******",
ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
erp="1", scan_freq="2412", wait_connect=False)
dev[0].wait_connected(timeout=10)
wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
for count in range(1, 3):
with alloc_fail(dev[0], count, "eap_get_realm"):
dev[0].request("ERP_FLUSH")
dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
identity="erp-ttls",
anonymous_identity="*****@*****.**",
password="******",
ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
erp="1", scan_freq="2412", wait_connect=False)
dev[0].wait_connected(timeout=10)
wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
for count in range(1, 3):
dev[0].request("ERP_FLUSH")
dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
identity="*****@*****.**",
anonymous_identity="*****@*****.**",
password="******",
ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
erp="1", scan_freq="2412", wait_connect=False)
dev[0].wait_connected(timeout=10)
if range > 1:
continue
with alloc_fail(dev[0], count, "eap_get_realm"):
dev[0].request("DISCONNECT")
dev[0].wait_disconnected(timeout=15)
dev[0].request("RECONNECT")
wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
def test_rsn_preauth_local_errors(dev, apdev):
"""RSN pre-authentication and local errors on AP"""
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
params['rsn_preauth'] = '1'
params['rsn_preauth_interfaces'] = "lo"
hapd = hostapd.add_ap(apdev[0], params)
bssid = hapd.own_addr()
_bssid = binascii.unhexlify(bssid.replace(':', ''))
sock = socket.socket(socket.AF_PACKET, socket.SOCK_RAW,
socket.htons(0x88c7))
sock.bind(("lo", socket.htons(0x88c7)))
foreign = b"\x02\x03\x04\x05\x06\x07"
foreign2 = b"\x02\x03\x04\x05\x06\x08"
proto = b"\x88\xc7"
with alloc_fail(hapd, 1, "ap_sta_add;rsn_preauth_receive"):
sock.send(_bssid + foreign + proto + struct.pack('>BBH', 2, 1, 0))
wait_fail_trigger(hapd, "GET_ALLOC_FAIL")
with alloc_fail(hapd, 1, "eapol_auth_alloc;rsn_preauth_receive"):
sock.send(_bssid + foreign + proto + struct.pack('>BBH', 2, 1, 0))
wait_fail_trigger(hapd, "GET_ALLOC_FAIL")
sock.send(_bssid + foreign + proto + struct.pack('>BBH', 2, 1, 0))
with alloc_fail(hapd, 1, "eap_server_sm_init;ieee802_1x_new_station;rsn_preauth_receive"):
sock.send(_bssid + foreign2 + proto + struct.pack('>BBH', 2, 1, 0))
wait_fail_trigger(hapd, "GET_ALLOC_FAIL")
sock.send(_bssid + foreign2 + proto + struct.pack('>BBH', 2, 1, 0))
hapd.request("DISABLE")
tests = [(1, "=rsn_preauth_iface_add"),
(2, "=rsn_preauth_iface_add"),
(1, "l2_packet_init;rsn_preauth_iface_add"),
(1, "rsn_preauth_iface_init"),
(1, "rsn_preauth_iface_init")]
for count, func in tests:
with alloc_fail(hapd, count, func):
if "FAIL" not in hapd.request("ENABLE"):
raise Exception("ENABLE succeeded unexpectedly")
hapd.set("rsn_preauth_interfaces", "lo lo lo does-not-exist lo ")
if "FAIL" not in hapd.request("ENABLE"):
raise Exception("ENABLE succeeded unexpectedly")
hapd.set("rsn_preauth_interfaces", " lo lo ")
if "OK" not in hapd.request("ENABLE"):
raise Exception("ENABLE failed")
sock.send(_bssid + foreign + proto + struct.pack('>BBH', 2, 1, 0))
sock.send(_bssid + foreign2 + proto + struct.pack('>BBH', 2, 1, 0))
def test_sae_oom_wpas(dev, apdev):
"""SAE and OOM in wpa_supplicant"""
if "SAE" not in dev[0].get_capability("auth_alg"):
raise HwsimSkip("SAE not supported")
params = hostapd.wpa2_params(ssid="test-sae",
passphrase="12345678")
params['wpa_key_mgmt'] = 'SAE'
hapd = hostapd.add_ap(apdev[0], params)
dev[0].request("SET sae_groups 25")
tls = dev[0].request("GET tls_library")
if "BoringSSL" in tls:
dev[0].request("SET sae_groups 26")
with alloc_fail(dev[0], 1, "sae_set_group"):
dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
scan_freq="2412")
dev[0].request("REMOVE_NETWORK all")
dev[0].request("SET sae_groups ")
with alloc_fail(dev[0], 2, "sae_set_group"):
dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
scan_freq="2412")
dev[0].request("REMOVE_NETWORK all")
with alloc_fail(dev[0], 1, "wpabuf_alloc;sme_auth_build_sae_commit"):
dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
scan_freq="2412")
dev[0].request("REMOVE_NETWORK all")
with alloc_fail(dev[0], 1, "wpabuf_alloc;sme_auth_build_sae_confirm"):
dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
scan_freq="2412", wait_connect=False)
wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
dev[0].request("REMOVE_NETWORK all")
with alloc_fail(dev[0], 1, "=sme_authenticate"):
dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
scan_freq="2412", wait_connect=False)
wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
dev[0].request("REMOVE_NETWORK all")
with alloc_fail(dev[0], 1, "radio_add_work;sme_authenticate"):
dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
scan_freq="2412", wait_connect=False)
wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
dev[0].request("REMOVE_NETWORK all")
def test_sae_bignum_failure(dev, apdev):
"""SAE and bignum failure"""
if "SAE" not in dev[0].get_capability("auth_alg"):
raise HwsimSkip("SAE not supported")
params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678")
params['wpa_key_mgmt'] = 'SAE'
params['sae_groups'] = '19 5 22'
hapd = hostapd.add_ap(apdev[0], params)
dev[0].request("SET sae_groups 19")
tests = [ (1, "crypto_bignum_init_set;get_rand_1_to_p_1"),
(1, "crypto_bignum_init;is_quadratic_residue_blind"),
(1, "crypto_bignum_mulmod;is_quadratic_residue_blind"),
(2, "crypto_bignum_mulmod;is_quadratic_residue_blind"),
(3, "crypto_bignum_mulmod;is_quadratic_residue_blind"),
(1, "crypto_bignum_legendre;is_quadratic_residue_blind"),
(1, "crypto_bignum_init_set;sae_test_pwd_seed_ecc"),
(1, "crypto_ec_point_compute_y_sqr;sae_test_pwd_seed_ecc"),
(1, "crypto_bignum_init_set;get_random_qr_qnr"),
(1, "crypto_bignum_to_bin;sae_derive_pwe_ecc"),
(1, "crypto_ec_point_init;sae_derive_pwe_ecc"),
(1, "crypto_ec_point_solve_y_coord;sae_derive_pwe_ecc"),
(1, "crypto_ec_point_init;sae_derive_commit_element_ecc"),
(1, "crypto_ec_point_mul;sae_derive_commit_element_ecc"),
(1, "crypto_ec_point_invert;sae_derive_commit_element_ecc"),
(1, "crypto_bignum_init;=sae_derive_commit"),
(1, "crypto_ec_point_init;sae_derive_k_ecc"),
(1, "crypto_ec_point_mul;sae_derive_k_ecc"),
(1, "crypto_ec_point_add;sae_derive_k_ecc"),
(2, "crypto_ec_point_mul;sae_derive_k_ecc"),
(1, "crypto_ec_point_to_bin;sae_derive_k_ecc"),
(1, "crypto_bignum_legendre;get_random_qr_qnr"),
(1, "sha256_prf;sae_derive_keys"),
(1, "crypto_bignum_init;sae_derive_keys"),
(1, "crypto_bignum_init_set;sae_parse_commit_scalar"),
(1, "crypto_bignum_to_bin;sae_parse_commit_element_ecc"),
(1, "crypto_ec_point_from_bin;sae_parse_commit_element_ecc") ]
for count, func in tests:
with fail_test(dev[0], count, func):
dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
scan_freq="2412", wait_connect=False)
wait_fail_trigger(dev[0], "GET_FAIL")
dev[0].request("REMOVE_NETWORK all")
dev[0].request("SET sae_groups 5")
tests = [ (1, "crypto_bignum_init_set;sae_set_group"),
(2, "crypto_bignum_init_set;sae_set_group"),
(1, "crypto_bignum_init_set;sae_get_rand"),
(1, "crypto_bignum_init_set;sae_test_pwd_seed_ffc"),
(1, "crypto_bignum_exptmod;sae_test_pwd_seed_ffc"),
(1, "crypto_bignum_init;sae_derive_pwe_ffc"),
(1, "crypto_bignum_init;sae_derive_commit_element_ffc"),
(1, "crypto_bignum_exptmod;sae_derive_commit_element_ffc"),
(1, "crypto_bignum_inverse;sae_derive_commit_element_ffc"),
(1, "crypto_bignum_init;sae_derive_k_ffc"),
(1, "crypto_bignum_exptmod;sae_derive_k_ffc"),
(1, "crypto_bignum_mulmod;sae_derive_k_ffc"),
(2, "crypto_bignum_exptmod;sae_derive_k_ffc"),
(1, "crypto_bignum_to_bin;sae_derive_k_ffc"),
(1, "crypto_bignum_init_set;sae_parse_commit_element_ffc"),
(1, "crypto_bignum_init;sae_parse_commit_element_ffc"),
(2, "crypto_bignum_init_set;sae_parse_commit_element_ffc"),
(1, "crypto_bignum_exptmod;sae_parse_commit_element_ffc") ]
for count, func in tests:
with fail_test(dev[0], count, func):
dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
scan_freq="2412", wait_connect=False)
wait_fail_trigger(dev[0], "GET_FAIL")
dev[0].request("REMOVE_NETWORK all")
dev[0].request("SET sae_groups 22")
tests = [ (1, "crypto_bignum_init_set;sae_test_pwd_seed_ffc"),
(1, "crypto_bignum_sub;sae_test_pwd_seed_ffc"),
(1, "crypto_bignum_div;sae_test_pwd_seed_ffc") ]
for count, func in tests:
with fail_test(dev[0], count, func):
dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
scan_freq="2412", wait_connect=False)
wait_fail_trigger(dev[0], "GET_FAIL")
dev[0].request("REMOVE_NETWORK all")
def test_owe_local_errors(dev, apdev):
"""Opportunistic Wireless Encryption - local errors on supplicant"""
if "OWE" not in dev[0].get_capability("key_mgmt"):
raise HwsimSkip("OWE not supported")
params = {
"ssid": "owe",
"wpa": "2",
"ieee80211w": "2",
"wpa_key_mgmt": "OWE",
"rsn_pairwise": "CCMP"
}
hapd = hostapd.add_ap(apdev[0], params)
bssid = hapd.own_addr()
dev[0].scan_for_bss(bssid, freq="2412")
tests = [(1, "crypto_ecdh_init;owe_build_assoc_req"),
(1, "crypto_ecdh_get_pubkey;owe_build_assoc_req"),
(1, "wpabuf_alloc;owe_build_assoc_req")]
for count, func in tests:
with alloc_fail(dev[0], count, func):
dev[0].connect("owe",
key_mgmt="OWE",
owe_group="20",
ieee80211w="2",
scan_freq="2412",
wait_connect=False)
wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
dev[0].request("REMOVE_NETWORK all")
dev[0].dump_monitor()
tests = [(1, "crypto_ecdh_set_peerkey;owe_process_assoc_resp"),
(1, "crypto_ecdh_get_pubkey;owe_process_assoc_resp"),
(1, "wpabuf_alloc;=owe_process_assoc_resp")]
for count, func in tests:
with alloc_fail(dev[0], count, func):
dev[0].connect("owe",
key_mgmt="OWE",
owe_group="20",
ieee80211w="2",
scan_freq="2412",
wait_connect=False)
dev[0].wait_disconnected()
dev[0].request("REMOVE_NETWORK all")
dev[0].dump_monitor()
tests = [(1, "hmac_sha256;owe_process_assoc_resp", 19),
(1, "hmac_sha256_kdf;owe_process_assoc_resp", 19),
(1, "hmac_sha384;owe_process_assoc_resp", 20),
(1, "hmac_sha384_kdf;owe_process_assoc_resp", 20),
(1, "hmac_sha512;owe_process_assoc_resp", 21),
(1, "hmac_sha512_kdf;owe_process_assoc_resp", 21)]
for count, func, group in tests:
with fail_test(dev[0], count, func):
dev[0].connect("owe",
key_mgmt="OWE",
owe_group=str(group),
ieee80211w="2",
scan_freq="2412",
wait_connect=False)
dev[0].wait_disconnected()
dev[0].request("REMOVE_NETWORK all")
dev[0].dump_monitor()
dev[0].connect("owe",
key_mgmt="OWE",
owe_group="18",
ieee80211w="2",
scan_freq="2412",
wait_connect=False)
ev = dev[0].wait_event(["SME: Trying to authenticate"], timeout=5)
if ev is None:
raise Exception("No authentication attempt")
time.sleep(0.5)
dev[0].request("REMOVE_NETWORK all")
dev[0].dump_monitor()
def test_authsrv_oom(dev, apdev):
"""Authentication server OOM"""
params = authsrv_params()
authsrv = hostapd.add_ap(apdev[1], params)
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
params['auth_server_port'] = "18128"
hapd = hostapd.add_ap(apdev[0], params)
dev[0].scan_for_bss(hapd.own_addr(), 2412)
with alloc_fail(authsrv, 1, "hostapd_radius_get_eap_user"):
dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
eap="TTLS", identity="user",
anonymous_identity="ttls", password="******",
ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
wait_connect=False, scan_freq="2412")
ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
if ev is None:
raise Exception("EAP failure not reported")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
dev[0].dump_monitor()
with alloc_fail(authsrv, 1, "srv_log"):
dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
eap="TTLS", identity="user",
anonymous_identity="ttls", password="******",
ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
scan_freq="2412")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
dev[0].dump_monitor()
with alloc_fail(authsrv, 1, "radius_server_new_session"):
dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
eap="TTLS", identity="user",
anonymous_identity="ttls", password="******",
ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
wait_connect=False, scan_freq="2412")
dev[0].wait_disconnected()
dev[0].request("REMOVE_NETWORK all")
dev[0].dump_monitor()
for count in range(1, 3):
with alloc_fail(authsrv, count, "=radius_server_get_new_session"):
dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
eap="TTLS", identity="user",
anonymous_identity="ttls", password="******",
ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
wait_connect=False, scan_freq="2412")
dev[0].wait_disconnected()
dev[0].request("REMOVE_NETWORK all")
dev[0].dump_monitor()
with alloc_fail(authsrv, 1, "eap_server_sm_init"):
dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
eap="TTLS", identity="user",
anonymous_identity="ttls", password="******",
ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
wait_connect=False, scan_freq="2412")
dev[0].wait_disconnected()
dev[0].request("REMOVE_NETWORK all")
dev[0].dump_monitor()
tests = [ "radius_server_encapsulate_eap",
"radius_server_receive_auth" ]
for t in tests:
with alloc_fail(authsrv, 1, t):
dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
eap="TTLS", identity="user",
anonymous_identity="ttls", password="******",
ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
wait_connect=False, scan_freq="2412")
wait_fail_trigger(authsrv, "GET_ALLOC_FAIL")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
dev[0].dump_monitor()
tests = [ "radius_msg_add_attr;radius_server_encapsulate_eap",
"radius_msg_add_eap;radius_server_encapsulate_eap",
"radius_msg_finish_srv;radius_server_encapsulate_eap" ]
for t in tests:
with fail_test(authsrv, 1, t):
dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
eap="TTLS", identity="user",
anonymous_identity="ttls", password="******",
ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
wait_connect=False, scan_freq="2412")
wait_fail_trigger(authsrv, "GET_FAIL")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
dev[0].dump_monitor()
with alloc_fail(authsrv, 1, "radius_server_get_new_session"):
with fail_test(authsrv, 1, "radius_msg_add_eap;radius_server_reject"):
dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
eap="TTLS", identity="user",
anonymous_identity="ttls", password="******",
ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
wait_connect=False, scan_freq="2412")
wait_fail_trigger(authsrv, "GET_FAIL")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
dev[0].dump_monitor()
with alloc_fail(authsrv, 1, "radius_server_get_new_session"):
with fail_test(authsrv, 1,
"radius_msg_finish_srv;radius_server_reject"):
dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
eap="TTLS", identity="user",
anonymous_identity="ttls", password="******",
ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
wait_connect=False, scan_freq="2412")
wait_fail_trigger(authsrv, "GET_FAIL")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
dev[0].dump_monitor()
authsrv.disable()
with alloc_fail(authsrv, 1, "radius_server_init;hostapd_setup_radius_srv"):
if "FAIL" not in authsrv.request("ENABLE"):
raise Exception("ENABLE succeeded during OOM")
with alloc_fail(authsrv, 2, "radius_server_init;hostapd_setup_radius_srv"):
authsrv.request("ENABLE")
# This is actually allowed to continue even though memory allocation
# fails.
authsrv.disable()
for count in range(1, 4):
with alloc_fail(authsrv, count,
"radius_server_read_clients;radius_server_init;hostapd_setup_radius_srv"):
if "FAIL" not in authsrv.request("ENABLE"):
raise Exception("ENABLE succeeded during OOM")
with alloc_fail(authsrv, 1, "eloop_sock_table_add_sock;radius_server_init;hostapd_setup_radius_srv"):
if "FAIL" not in authsrv.request("ENABLE"):
raise Exception("ENABLE succeeded during OOM")
with alloc_fail(authsrv, 1, "tls_init;authsrv_init"):
if "FAIL" not in authsrv.request("ENABLE"):
raise Exception("ENABLE succeeded during OOM")
for count in range(1, 3):
with alloc_fail(authsrv, count, "eap_sim_db_init;authsrv_init"):
if "FAIL" not in authsrv.request("ENABLE"):
raise Exception("ENABLE succeeded during OOM")
def test_scan_fail(dev, apdev):
"""Scan failures"""
with fail_test(dev[0], 1, "wpa_driver_nl80211_scan"):
dev[0].request("DISCONNECT")
if "OK" not in dev[0].request("SCAN freq=2412"):
raise Exception("SCAN failed")
ev = dev[0].wait_event(["CTRL-EVENT-SCAN-FAILED"], timeout=5)
if ev is None:
raise Exception("Did not see scan failure event")
dev[0].dump_monitor()
for i in range(1, 5):
with alloc_fail(dev[0], i,
"wpa_scan_clone_params;wpa_supplicant_trigger_scan"):
if "OK" not in dev[0].request("SCAN ssid 112233 freq=2412"):
raise Exception("SCAN failed")
ev = dev[0].wait_event(["CTRL-EVENT-SCAN-FAILED"], timeout=5)
if ev is None:
raise Exception("Did not see scan failure event")
dev[0].dump_monitor()
with alloc_fail(dev[0], 1, "radio_add_work;wpa_supplicant_trigger_scan"):
if "OK" not in dev[0].request("SCAN freq=2412"):
raise Exception("SCAN failed")
ev = dev[0].wait_event(["CTRL-EVENT-SCAN-FAILED"], timeout=5)
if ev is None:
raise Exception("Did not see scan failure event")
dev[0].dump_monitor()
try:
if "OK" not in dev[0].request("SET filter_ssids 1"):
raise Exception("SET failed")
id = dev[0].connect("test-scan", key_mgmt="NONE", only_add_network=True)
with alloc_fail(dev[0], 1, "wpa_supplicant_build_filter_ssids"):
# While the filter list cannot be created due to memory allocation
# failure, this scan is expected to be completed without SSID
# filtering.
if "OK" not in dev[0].request("SCAN freq=2412"):
raise Exception("SCAN failed")
ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"])
if ev is None:
raise Exception("Scan did not complete")
dev[0].remove_network(id)
finally:
dev[0].request("SET filter_ssids 0")
dev[0].dump_monitor()
with alloc_fail(dev[0], 1, "nl80211_get_scan_results"):
if "OK" not in dev[0].request("SCAN freq=2412"):
raise Exception("SCAN failed")
ev = dev[0].wait_event(["CTRL-EVENT-SCAN-STARTED"], timeout=5)
if ev is None:
raise Exception("Did not see scan started event")
wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
dev[0].dump_monitor()
try:
if "OK" not in dev[0].request("SET setband 2G"):
raise Exception("SET setband failed")
with alloc_fail(dev[0], 1, "=wpa_setband_scan_freqs_list"):
# While the frequency list cannot be created due to memory
# allocation failure, this scan is expected to be completed without
# frequency filtering.
if "OK" not in dev[0].request("SCAN"):
raise Exception("SCAN failed")
wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
dev[0].request("ABORT_SCAN")
ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"])
if ev is None:
raise Exception("Scan did not complete")
finally:
dev[0].request("SET setband AUTO")
dev[0].dump_monitor()
wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
wpas.interface_add("wlan5")
wpas.request("SET preassoc_mac_addr 1")
with fail_test(wpas, 1, "nl80211_set_mac_addr;wpas_trigger_scan_cb"):
if "OK" not in wpas.request("SCAN freq=2412"):
raise Exception("SCAN failed")
ev = wpas.wait_event(["CTRL-EVENT-SCAN-FAILED"], timeout=5)
if ev is None:
raise Exception("Did not see scan failure event")
wpas.request("SET preassoc_mac_addr 0")
wpas.dump_monitor()
hapd = hostapd.add_ap(apdev[0], { "ssid": "open" })
with alloc_fail(dev[0], 1, "wpa_bss_add"):
dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
def test_scan_fail(dev, apdev):
"""Scan failures"""
with fail_test(dev[0], 1, "wpa_driver_nl80211_scan"):
dev[0].request("DISCONNECT")
if "OK" not in dev[0].request("SCAN freq=2412"):
raise Exception("SCAN failed")
ev = dev[0].wait_event(["CTRL-EVENT-SCAN-FAILED"], timeout=5)
if ev is None:
raise Exception("Did not see scan failure event")
dev[0].dump_monitor()
for i in range(1, 5):
with alloc_fail(dev[0], i,
"wpa_scan_clone_params;wpa_supplicant_trigger_scan"):
if "OK" not in dev[0].request("SCAN ssid 112233 freq=2412"):
raise Exception("SCAN failed")
ev = dev[0].wait_event(["CTRL-EVENT-SCAN-FAILED"], timeout=5)
if ev is None:
raise Exception("Did not see scan failure event")
dev[0].dump_monitor()
with alloc_fail(dev[0], 1, "radio_add_work;wpa_supplicant_trigger_scan"):
if "OK" not in dev[0].request("SCAN freq=2412"):
raise Exception("SCAN failed")
ev = dev[0].wait_event(["CTRL-EVENT-SCAN-FAILED"], timeout=5)
if ev is None:
raise Exception("Did not see scan failure event")
dev[0].dump_monitor()
try:
if "OK" not in dev[0].request("SET filter_ssids 1"):
raise Exception("SET failed")
id = dev[0].connect("test-scan",
key_mgmt="NONE",
only_add_network=True)
with alloc_fail(dev[0], 1, "wpa_supplicant_build_filter_ssids"):
# While the filter list cannot be created due to memory allocation
# failure, this scan is expected to be completed without SSID
# filtering.
if "OK" not in dev[0].request("SCAN freq=2412"):
raise Exception("SCAN failed")
ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"])
if ev is None:
raise Exception("Scan did not complete")
dev[0].remove_network(id)
finally:
dev[0].request("SET filter_ssids 0")
dev[0].dump_monitor()
with alloc_fail(dev[0], 1, "nl80211_get_scan_results"):
if "OK" not in dev[0].request("SCAN freq=2412"):
raise Exception("SCAN failed")
ev = dev[0].wait_event(["CTRL-EVENT-SCAN-STARTED"], timeout=5)
if ev is None:
raise Exception("Did not see scan started event")
wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
dev[0].dump_monitor()
try:
if "OK" not in dev[0].request("SET setband 2G"):
raise Exception("SET setband failed")
with alloc_fail(dev[0], 1, "=wpa_setband_scan_freqs_list"):
# While the frequency list cannot be created due to memory
# allocation failure, this scan is expected to be completed without
# frequency filtering.
if "OK" not in dev[0].request("SCAN"):
raise Exception("SCAN failed")
wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
dev[0].request("ABORT_SCAN")
ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"])
if ev is None:
raise Exception("Scan did not complete")
finally:
dev[0].request("SET setband AUTO")
dev[0].dump_monitor()
wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
wpas.interface_add("wlan5")
wpas.request("SET preassoc_mac_addr 1")
with fail_test(wpas, 1, "nl80211_set_mac_addr;wpas_trigger_scan_cb"):
if "OK" not in wpas.request("SCAN freq=2412"):
raise Exception("SCAN failed")
ev = wpas.wait_event(["CTRL-EVENT-SCAN-FAILED"], timeout=5)
if ev is None:
raise Exception("Did not see scan failure event")
wpas.request("SET preassoc_mac_addr 0")
wpas.dump_monitor()
hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
with alloc_fail(dev[0], 1, "wpa_bss_add"):
dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
def test_ibss_rsn_eapol_trigger(dev):
"""IBSS RSN and EAPOL trigger for a new peer"""
ssid = "ibss-rsn"
id = add_ibss_rsn(dev[0], ssid, scan_freq=2412)
connect_ibss_cmd(dev[0], id)
bssid0 = wait_ibss_connection(dev[0])
send_eapol_rx(dev[0], "02:ff:00:00:00:01")
send_eapol_rx(dev[0], "02:ff:00:00:00:01")
dst = "02:ff:00:00:00:01"
logger.info("Too short EAPOL frame")
if "OK" not in dev[0].request("EAPOL_RX %s 0203005e02008a001000000000000000013a54fb19d8a785f5986bdc2ba800553550bc9513e6603eb50809154588c22b1100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" % dst):
raise Exception("EAPOL_RX for %s failed" % dst)
logger.info("RSN: EAPOL frame (type 255) discarded, not a Key frame")
if "OK" not in dev[0].request("EAPOL_RX %s 02ff005f02008a001000000000000000013a54fb19d8a785f5986bdc2ba800553550bc9513e6603eb50809154588c22b110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" % dst):
raise Exception("EAPOL_RX for %s failed" % dst)
logger.info("RSN: EAPOL frame payload size 96 invalid (frame size 99)")
if "OK" not in dev[0].request("EAPOL_RX %s 0203006002008a001000000000000000013a54fb19d8a785f5986bdc2ba800553550bc9513e6603eb50809154588c22b110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" % dst):
raise Exception("EAPOL_RX for %s failed" % dst)
logger.info("RSN: EAPOL-Key type (255) unknown, discarded")
if "OK" not in dev[0].request("EAPOL_RX %s 0203005fff008a001000000000000000013a54fb19d8a785f5986bdc2ba800553550bc9513e6603eb50809154588c22b110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" % dst):
raise Exception("EAPOL_RX for %s failed" % dst)
with alloc_fail(dev[0], 1, "ibss_rsn_rx_eapol"):
send_eapol_rx(dev[0], "02:ff:00:00:00:02")
wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
with alloc_fail(dev[0], 1, "wpa_auth_sta_init;ibss_rsn_auth_init"):
send_eapol_rx(dev[0], "02:ff:00:00:00:03")
wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
with alloc_fail(dev[0], 1, "=ibss_rsn_peer_init"):
send_eapol_rx(dev[0], "02:ff:00:00:00:04")
wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
with alloc_fail(dev[0], 1, "ibss_rsn_process_rx_eapol"):
send_eapol_rx(dev[0], "02:ff:00:00:00:05")
wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
with alloc_fail(dev[0], 1,
"wpa_sm_set_assoc_wpa_ie_default;ibss_rsn_supp_init"):
send_eapol_rx(dev[0], "02:ff:00:00:00:06")
wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
with alloc_fail(dev[0], 1, "wpa_sm_init;ibss_rsn_supp_init"):
send_eapol_rx(dev[0], "02:ff:00:00:00:07")
wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
with alloc_fail(dev[0], 1, "=ibss_rsn_supp_init"):
send_eapol_rx(dev[0], "02:ff:00:00:00:08")
wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
with alloc_fail(dev[0], 1, "supp_alloc_eapol"):
send_eapol_rx(dev[0], "02:ff:00:00:00:09")
wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
with alloc_fail(dev[0], 1, "wpa_validate_wpa_ie;ibss_rsn_auth_init"):
send_eapol_rx(dev[0], "02:ff:00:00:00:0a")
wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
logger.info("RSN: Timeout on waiting Authentication frame response")
if "OK" not in dev[0].request("IBSS_RSN 02:ff:00:00:00:0b"):
raise Exception("Unexpected IBSS_RSN result")
time.sleep(1.1)
def test_owe_local_errors(dev, apdev):
"""Opportunistic Wireless Encryption - local errors on supplicant"""
if "OWE" not in dev[0].get_capability("key_mgmt"):
raise HwsimSkip("OWE not supported")
params = {"ssid": "owe",
"wpa": "2",
"ieee80211w": "2",
"wpa_key_mgmt": "OWE",
"rsn_pairwise": "CCMP"}
hapd = hostapd.add_ap(apdev[0], params)
bssid = hapd.own_addr()
dev[0].scan_for_bss(bssid, freq="2412")
tests = [(1, "crypto_ecdh_init;owe_build_assoc_req"),
(1, "crypto_ecdh_get_pubkey;owe_build_assoc_req"),
(1, "wpabuf_alloc;owe_build_assoc_req")]
for count, func in tests:
with alloc_fail(dev[0], count, func):
dev[0].connect("owe", key_mgmt="OWE", owe_group="20",
ieee80211w="2",
scan_freq="2412", wait_connect=False)
wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
dev[0].request("REMOVE_NETWORK all")
dev[0].dump_monitor()
tests = [(1, "crypto_ecdh_set_peerkey;owe_process_assoc_resp"),
(1, "crypto_ecdh_get_pubkey;owe_process_assoc_resp"),
(1, "wpabuf_alloc;=owe_process_assoc_resp")]
for count, func in tests:
with alloc_fail(dev[0], count, func):
dev[0].connect("owe", key_mgmt="OWE", owe_group="20",
ieee80211w="2",
scan_freq="2412", wait_connect=False)
dev[0].wait_disconnected()
dev[0].request("REMOVE_NETWORK all")
dev[0].dump_monitor()
tests = [(1, "hmac_sha256;owe_process_assoc_resp", 19),
(1, "hmac_sha256_kdf;owe_process_assoc_resp", 19),
(1, "hmac_sha384;owe_process_assoc_resp", 20),
(1, "hmac_sha384_kdf;owe_process_assoc_resp", 20),
(1, "hmac_sha512;owe_process_assoc_resp", 21),
(1, "hmac_sha512_kdf;owe_process_assoc_resp", 21)]
for count, func, group in tests:
with fail_test(dev[0], count, func):
dev[0].connect("owe", key_mgmt="OWE", owe_group=str(group),
ieee80211w="2",
scan_freq="2412", wait_connect=False)
dev[0].wait_disconnected()
dev[0].request("REMOVE_NETWORK all")
dev[0].dump_monitor()
dev[0].connect("owe", key_mgmt="OWE", owe_group="18",
ieee80211w="2",
scan_freq="2412", wait_connect=False)
ev = dev[0].wait_event(["SME: Trying to authenticate"], timeout=5)
if ev is None:
raise Exception("No authentication attempt")
time.sleep(0.5)
dev[0].request("REMOVE_NETWORK all")
dev[0].dump_monitor()
def test_tnc_ttls_errors(dev, apdev):
"""TNC TTLS local error cases"""
if not os.path.exists("tnc/libhostap_imc.so"):
raise HwsimSkip("No IMC installed")
check_eap_capa(dev[0], "MSCHAPV2")
params = int_eap_server_params()
params["tnc"] = "1"
params["fragment_size"] = "150"
hostapd.add_ap(apdev[0]['ifname'], params)
tests = [
(1, "eap_ttls_process_phase2_eap;eap_ttls_process_tnc_start",
"DOMAIN\mschapv2 user", "auth=MSCHAPV2"),
(1, "eap_ttls_process_phase2_eap;eap_ttls_process_tnc_start",
"mschap user", "auth=MSCHAP"),
(1, "=eap_tnc_init", "chap user", "auth=CHAP"),
(1, "tncc_init;eap_tnc_init", "pap user", "auth=PAP"),
(1, "eap_msg_alloc;eap_tnc_build_frag_ack", "pap user", "auth=PAP"),
(1, "eap_msg_alloc;eap_tnc_build_msg", "pap user", "auth=PAP"),
(1, "wpabuf_alloc;=eap_tnc_process_fragment", "pap user", "auth=PAP"),
(1, "eap_msg_alloc;=eap_tnc_process", "pap user", "auth=PAP"),
(1, "wpabuf_alloc;=eap_tnc_process", "pap user", "auth=PAP"),
(1, "dup_binstr;tncc_process_if_tnccs", "pap user", "auth=PAP"),
(1, "tncc_get_base64;tncc_process_if_tnccs", "pap user", "auth=PAP"),
(1, "tncc_if_tnccs_start", "pap user", "auth=PAP"),
(1, "tncc_if_tnccs_end", "pap user", "auth=PAP"),
(1, "tncc_parse_imc", "pap user", "auth=PAP"),
(2, "tncc_parse_imc", "pap user", "auth=PAP"),
(3, "tncc_parse_imc", "pap user", "auth=PAP"),
(1, "os_readfile;tncc_read_config", "pap user", "auth=PAP"),
(1, "tncc_init", "pap user", "auth=PAP"),
(1, "TNC_TNCC_ReportMessageTypes", "pap user", "auth=PAP"),
(1, "base64_encode;TNC_TNCC_SendMessage", "pap user", "auth=PAP"),
(1, "=TNC_TNCC_SendMessage", "pap user", "auth=PAP"),
(1, "tncc_get_base64;tncc_process_if_tnccs", "pap user", "auth=PAP")
]
for count, func, identity, phase2 in tests:
with alloc_fail(dev[0], count, func):
dev[0].connect("test-wpa2-eap",
key_mgmt="WPA-EAP",
scan_freq="2412",
eap="TTLS",
anonymous_identity="ttls",
identity=identity,
password="******",
ca_cert="auth_serv/ca.pem",
phase2=phase2,
fragment_size="150",
wait_connect=False)
ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
timeout=15)
if ev is None:
raise Exception("Timeout on EAP start")
wait_fail_trigger(
dev[0],
"GET_ALLOC_FAIL",
note="Allocation failure not triggered for: %d:%s" %
(count, func))
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
dev[0].dump_monitor()
def test_erp_local_errors(dev, apdev):
"""ERP and local error cases"""
check_erp_capa(dev[0])
params = int_eap_server_params()
params['erp_send_reauth_start'] = '1'
params['erp_domain'] = 'example.com'
params['eap_server_erp'] = '1'
params['disable_pmksa_caching'] = '1'
hapd = hostapd.add_ap(apdev[0], params)
dev[0].request("ERP_FLUSH")
with alloc_fail(dev[0], 1, "eap_peer_erp_init"):
dev[0].connect("test-wpa2-eap",
key_mgmt="WPA-EAP",
eap="TTLS",
identity="*****@*****.**",
anonymous_identity="*****@*****.**",
password="******",
ca_cert="auth_serv/ca.pem",
phase2="auth=PAP",
erp="1",
scan_freq="2412")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
for count in range(1, 6):
dev[0].request("ERP_FLUSH")
with fail_test(dev[0], count, "hmac_sha256_kdf;eap_peer_erp_init"):
dev[0].connect("test-wpa2-eap",
key_mgmt="WPA-EAP",
eap="TTLS",
identity="*****@*****.**",
anonymous_identity="*****@*****.**",
password="******",
ca_cert="auth_serv/ca.pem",
phase2="auth=PAP",
erp="1",
scan_freq="2412")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
dev[0].request("ERP_FLUSH")
with alloc_fail(dev[0], 1, "eap_msg_alloc;eap_peer_erp_reauth_start"):
dev[0].connect("test-wpa2-eap",
key_mgmt="WPA-EAP",
eap="TTLS",
identity="*****@*****.**",
anonymous_identity="*****@*****.**",
password="******",
ca_cert="auth_serv/ca.pem",
phase2="auth=PAP",
erp="1",
scan_freq="2412")
dev[0].request("DISCONNECT")
dev[0].wait_disconnected(timeout=15)
dev[0].request("RECONNECT")
wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
dev[0].request("ERP_FLUSH")
with fail_test(dev[0], 1, "hmac_sha256;eap_peer_erp_reauth_start"):
dev[0].connect("test-wpa2-eap",
key_mgmt="WPA-EAP",
eap="TTLS",
identity="*****@*****.**",
anonymous_identity="*****@*****.**",
password="******",
ca_cert="auth_serv/ca.pem",
phase2="auth=PAP",
erp="1",
scan_freq="2412")
dev[0].request("DISCONNECT")
dev[0].wait_disconnected(timeout=15)
dev[0].request("RECONNECT")
wait_fail_trigger(dev[0], "GET_FAIL")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
dev[0].request("ERP_FLUSH")
with fail_test(dev[0], 1, "hmac_sha256;eap_peer_finish"):
dev[0].connect("test-wpa2-eap",
key_mgmt="WPA-EAP",
eap="TTLS",
identity="*****@*****.**",
anonymous_identity="*****@*****.**",
password="******",
ca_cert="auth_serv/ca.pem",
phase2="auth=PAP",
erp="1",
scan_freq="2412")
dev[0].request("DISCONNECT")
dev[0].wait_disconnected(timeout=15)
dev[0].request("RECONNECT")
wait_fail_trigger(dev[0], "GET_FAIL")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
dev[0].request("ERP_FLUSH")
with alloc_fail(dev[0], 1, "eap_peer_erp_init"):
dev[0].connect("test-wpa2-eap",
key_mgmt="WPA-EAP",
eap="TTLS",
identity="*****@*****.**",
anonymous_identity="*****@*****.**",
password="******",
ca_cert="auth_serv/ca.pem",
phase2="auth=PAP",
erp="1",
scan_freq="2412")
dev[0].request("DISCONNECT")
dev[0].wait_disconnected(timeout=15)
dev[0].request("ERP_FLUSH")
with alloc_fail(dev[0], 1, "eap_peer_finish"):
dev[0].connect("test-wpa2-eap",
key_mgmt="WPA-EAP",
eap="TTLS",
identity="*****@*****.**",
anonymous_identity="*****@*****.**",
password="******",
ca_cert="auth_serv/ca.pem",
phase2="auth=PAP",
erp="1",
scan_freq="2412")
dev[0].request("DISCONNECT")
dev[0].wait_disconnected(timeout=15)
dev[0].request("RECONNECT")
wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
dev[0].request("ERP_FLUSH")
with fail_test(dev[0], 1, "hmac_sha256_kdf;eap_peer_finish"):
dev[0].connect("test-wpa2-eap",
key_mgmt="WPA-EAP",
eap="TTLS",
identity="*****@*****.**",
anonymous_identity="*****@*****.**",
password="******",
ca_cert="auth_serv/ca.pem",
phase2="auth=PAP",
erp="1",
scan_freq="2412")
dev[0].request("DISCONNECT")
dev[0].wait_disconnected(timeout=15)
dev[0].request("RECONNECT")
wait_fail_trigger(dev[0], "GET_FAIL")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
def test_authsrv_oom(dev, apdev):
"""Authentication server OOM"""
params = authsrv_params()
authsrv = hostapd.add_ap(apdev[1], params)
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
params['auth_server_port'] = "18128"
hapd = hostapd.add_ap(apdev[0], params)
dev[0].scan_for_bss(hapd.own_addr(), 2412)
with alloc_fail(authsrv, 1, "hostapd_radius_get_eap_user"):
dev[0].connect("test-wpa2-eap",
key_mgmt="WPA-EAP",
eap="TTLS",
identity="user",
anonymous_identity="ttls",
password="******",
ca_cert="auth_serv/ca.pem",
phase2="autheap=GTC",
wait_connect=False,
scan_freq="2412")
ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
if ev is None:
raise Exception("EAP failure not reported")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
dev[0].dump_monitor()
with alloc_fail(authsrv, 1, "srv_log"):
dev[0].connect("test-wpa2-eap",
key_mgmt="WPA-EAP",
eap="TTLS",
identity="user",
anonymous_identity="ttls",
password="******",
ca_cert="auth_serv/ca.pem",
phase2="autheap=GTC",
scan_freq="2412")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
dev[0].dump_monitor()
with alloc_fail(authsrv, 1, "radius_server_new_session"):
dev[0].connect("test-wpa2-eap",
key_mgmt="WPA-EAP",
eap="TTLS",
identity="user",
anonymous_identity="ttls",
password="******",
ca_cert="auth_serv/ca.pem",
phase2="autheap=GTC",
wait_connect=False,
scan_freq="2412")
dev[0].wait_disconnected()
dev[0].request("REMOVE_NETWORK all")
dev[0].dump_monitor()
for count in range(1, 3):
with alloc_fail(authsrv, count, "=radius_server_get_new_session"):
dev[0].connect("test-wpa2-eap",
key_mgmt="WPA-EAP",
eap="TTLS",
identity="user",
anonymous_identity="ttls",
password="******",
ca_cert="auth_serv/ca.pem",
phase2="autheap=GTC",
wait_connect=False,
scan_freq="2412")
dev[0].wait_disconnected()
dev[0].request("REMOVE_NETWORK all")
dev[0].dump_monitor()
with alloc_fail(authsrv, 1, "eap_server_sm_init"):
dev[0].connect("test-wpa2-eap",
key_mgmt="WPA-EAP",
eap="TTLS",
identity="user",
anonymous_identity="ttls",
password="******",
ca_cert="auth_serv/ca.pem",
phase2="autheap=GTC",
wait_connect=False,
scan_freq="2412")
dev[0].wait_disconnected()
dev[0].request("REMOVE_NETWORK all")
dev[0].dump_monitor()
tests = ["radius_server_encapsulate_eap", "radius_server_receive_auth"]
for t in tests:
with alloc_fail(authsrv, 1, t):
dev[0].connect("test-wpa2-eap",
key_mgmt="WPA-EAP",
eap="TTLS",
identity="user",
anonymous_identity="ttls",
password="******",
ca_cert="auth_serv/ca.pem",
phase2="autheap=GTC",
wait_connect=False,
scan_freq="2412")
wait_fail_trigger(authsrv, "GET_ALLOC_FAIL")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
dev[0].dump_monitor()
tests = [
"radius_msg_add_attr;radius_server_encapsulate_eap",
"radius_msg_add_eap;radius_server_encapsulate_eap",
"radius_msg_finish_srv;radius_server_encapsulate_eap"
]
for t in tests:
with fail_test(authsrv, 1, t):
dev[0].connect("test-wpa2-eap",
key_mgmt="WPA-EAP",
eap="TTLS",
identity="user",
anonymous_identity="ttls",
password="******",
ca_cert="auth_serv/ca.pem",
phase2="autheap=GTC",
wait_connect=False,
scan_freq="2412")
wait_fail_trigger(authsrv, "GET_FAIL")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
dev[0].dump_monitor()
with alloc_fail(authsrv, 1, "radius_server_get_new_session"):
with fail_test(authsrv, 1, "radius_msg_add_eap;radius_server_reject"):
dev[0].connect("test-wpa2-eap",
key_mgmt="WPA-EAP",
eap="TTLS",
identity="user",
anonymous_identity="ttls",
password="******",
ca_cert="auth_serv/ca.pem",
phase2="autheap=GTC",
wait_connect=False,
scan_freq="2412")
wait_fail_trigger(authsrv, "GET_FAIL")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
dev[0].dump_monitor()
with alloc_fail(authsrv, 1, "radius_server_get_new_session"):
with fail_test(authsrv, 1,
"radius_msg_finish_srv;radius_server_reject"):
dev[0].connect("test-wpa2-eap",
key_mgmt="WPA-EAP",
eap="TTLS",
identity="user",
anonymous_identity="ttls",
password="******",
ca_cert="auth_serv/ca.pem",
phase2="autheap=GTC",
wait_connect=False,
scan_freq="2412")
wait_fail_trigger(authsrv, "GET_FAIL")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
dev[0].dump_monitor()
authsrv.disable()
with alloc_fail(authsrv, 1, "radius_server_init;hostapd_setup_radius_srv"):
if "FAIL" not in authsrv.request("ENABLE"):
raise Exception("ENABLE succeeded during OOM")
with alloc_fail(authsrv, 2, "radius_server_init;hostapd_setup_radius_srv"):
if "FAIL" not in authsrv.request("ENABLE"):
raise Exception("ENABLE succeeded during OOM")
for count in range(1, 4):
with alloc_fail(
authsrv, count,
"radius_server_read_clients;radius_server_init;hostapd_setup_radius_srv"
):
if "FAIL" not in authsrv.request("ENABLE"):
raise Exception("ENABLE succeeded during OOM")
with alloc_fail(
authsrv, 1,
"eloop_sock_table_add_sock;radius_server_init;hostapd_setup_radius_srv"
):
if "FAIL" not in authsrv.request("ENABLE"):
raise Exception("ENABLE succeeded during OOM")
with alloc_fail(authsrv, 1, "tls_init;authsrv_init"):
if "FAIL" not in authsrv.request("ENABLE"):
raise Exception("ENABLE succeeded during OOM")
for count in range(1, 3):
with alloc_fail(authsrv, count, "eap_sim_db_init;authsrv_init"):
if "FAIL" not in authsrv.request("ENABLE"):
raise Exception("ENABLE succeeded during OOM")
def test_ibss_rsn_eapol_trigger(dev):
"""IBSS RSN and EAPOL trigger for a new peer"""
ssid = "ibss-rsn"
id = add_ibss_rsn(dev[0], ssid, scan_freq=2412)
connect_ibss_cmd(dev[0], id)
bssid0 = wait_ibss_connection(dev[0])
send_eapol_rx(dev[0], "02:ff:00:00:00:01")
send_eapol_rx(dev[0], "02:ff:00:00:00:01")
dst = "02:ff:00:00:00:01"
logger.info("Too short EAPOL frame")
if "OK" not in dev[0].request("EAPOL_RX %s 0203005e02008a001000000000000000013a54fb19d8a785f5986bdc2ba800553550bc9513e6603eb50809154588c22b1100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" % dst):
raise Exception("EAPOL_RX for %s failed" % dst)
logger.info("RSN: EAPOL frame (type 255) discarded, not a Key frame")
if "OK" not in dev[0].request("EAPOL_RX %s 02ff005f02008a001000000000000000013a54fb19d8a785f5986bdc2ba800553550bc9513e6603eb50809154588c22b110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" % dst):
raise Exception("EAPOL_RX for %s failed" % dst)
logger.info("RSN: EAPOL frame payload size 96 invalid (frame size 99)")
if "OK" not in dev[0].request("EAPOL_RX %s 0203006002008a001000000000000000013a54fb19d8a785f5986bdc2ba800553550bc9513e6603eb50809154588c22b110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" % dst):
raise Exception("EAPOL_RX for %s failed" % dst)
logger.info("RSN: EAPOL-Key type (255) unknown, discarded")
if "OK" not in dev[0].request("EAPOL_RX %s 0203005fff008a001000000000000000013a54fb19d8a785f5986bdc2ba800553550bc9513e6603eb50809154588c22b110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" % dst):
raise Exception("EAPOL_RX for %s failed" % dst)
with alloc_fail(dev[0], 1, "ibss_rsn_rx_eapol"):
send_eapol_rx(dev[0], "02:ff:00:00:00:02")
wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
with alloc_fail(dev[0], 1, "wpa_auth_sta_init;ibss_rsn_auth_init"):
send_eapol_rx(dev[0], "02:ff:00:00:00:03")
wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
with alloc_fail(dev[0], 1, "=ibss_rsn_peer_init"):
send_eapol_rx(dev[0], "02:ff:00:00:00:04")
wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
with alloc_fail(dev[0], 1, "ibss_rsn_process_rx_eapol"):
send_eapol_rx(dev[0], "02:ff:00:00:00:05")
wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
with alloc_fail(dev[0], 1,
"wpa_sm_set_assoc_wpa_ie_default;ibss_rsn_supp_init"):
send_eapol_rx(dev[0], "02:ff:00:00:00:06")
wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
with alloc_fail(dev[0], 1, "wpa_sm_init;ibss_rsn_supp_init"):
send_eapol_rx(dev[0], "02:ff:00:00:00:07")
wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
with alloc_fail(dev[0], 1, "=ibss_rsn_supp_init"):
send_eapol_rx(dev[0], "02:ff:00:00:00:08")
wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
with alloc_fail(dev[0], 1, "supp_alloc_eapol"):
send_eapol_rx(dev[0], "02:ff:00:00:00:09")
wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
with alloc_fail(dev[0], 1, "wpa_validate_wpa_ie;ibss_rsn_auth_init"):
send_eapol_rx(dev[0], "02:ff:00:00:00:0a")
wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
logger.info("RSN: Timeout on waiting Authentication frame response")
if "OK" not in dev[0].request("IBSS_RSN 02:ff:00:00:00:0b"):
raise Exception("Unexpected IBSS_RSN result")
time.sleep(1.1)
def test_erp_local_errors(dev, apdev):
"""ERP and local error cases"""
check_erp_capa(dev[0])
params = int_eap_server_params()
params['erp_send_reauth_start'] = '1'
params['erp_domain'] = 'example.com'
params['eap_server_erp'] = '1'
params['disable_pmksa_caching'] = '1'
hapd = hostapd.add_ap(apdev[0]['ifname'], params)
dev[0].request("ERP_FLUSH")
with alloc_fail(dev[0], 1, "eap_peer_erp_init"):
dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
identity="*****@*****.**",
anonymous_identity="*****@*****.**",
password="******",
ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
erp="1", scan_freq="2412")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
for count in range(1, 6):
dev[0].request("ERP_FLUSH")
with fail_test(dev[0], count, "hmac_sha256_kdf;eap_peer_erp_init"):
dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
identity="*****@*****.**",
anonymous_identity="*****@*****.**",
password="******",
ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
erp="1", scan_freq="2412")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
dev[0].request("ERP_FLUSH")
with alloc_fail(dev[0], 1, "eap_msg_alloc;eap_peer_erp_reauth_start"):
dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
identity="*****@*****.**",
anonymous_identity="*****@*****.**",
password="******",
ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
erp="1", scan_freq="2412")
dev[0].request("DISCONNECT")
dev[0].wait_disconnected(timeout=15)
dev[0].request("RECONNECT")
wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
dev[0].request("ERP_FLUSH")
with fail_test(dev[0], 1, "hmac_sha256;eap_peer_erp_reauth_start"):
dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
identity="*****@*****.**",
anonymous_identity="*****@*****.**",
password="******",
ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
erp="1", scan_freq="2412")
dev[0].request("DISCONNECT")
dev[0].wait_disconnected(timeout=15)
dev[0].request("RECONNECT")
wait_fail_trigger(dev[0], "GET_FAIL")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
dev[0].request("ERP_FLUSH")
with fail_test(dev[0], 1, "hmac_sha256;eap_peer_finish"):
dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
identity="*****@*****.**",
anonymous_identity="*****@*****.**",
password="******",
ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
erp="1", scan_freq="2412")
dev[0].request("DISCONNECT")
dev[0].wait_disconnected(timeout=15)
dev[0].request("RECONNECT")
wait_fail_trigger(dev[0], "GET_FAIL")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()