]> git.ipfire.org Git - thirdparty/hostap.git/blame - tests/hwsim/test_ap_hs20.py
projects / thirdparty / hostap.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
tests: Hotspot 2.0 OSU provider and no AP with info
[thirdparty/hostap.git] / tests / hwsim / test_ap_hs20.py
CommitLineData
93a06242 1# Hotspot 2.0 tests
3b51cc63 2# Copyright (c) 2013-2015, Jouni Malinen <j@w1.fi>
93a06242
JM		 3#
4# This software may be distributed under the terms of the BSD license.
5# See README for more details.
6
9fd6804d 7from remotehost import remote_compatible
446dd748 8import base64
67aeee11
JM		 9import binascii
10import struct
93a06242 11import time
93a06242 12import logging
c9aa4308 13logger = logging.getLogger()
97de642a 14import os
efd43d85 15import os.path
67aeee11 16import socket
efd43d85 17import subprocess
93a06242
JM		 18
19import hostapd
208ebb9d 20from utils import HwsimSkip, skip_with_fips, alloc_fail, wait_fail_trigger
40e4c9c8 21import hwsim_utils
efd0a6fb 22from tshark import run_tshark
715bf904 23from wlantest import Wlantest
9d1e1172 24from wpasupplicant import WpaSupplicant
24579e70 25from test_ap_eap import check_eap_capa, check_domain_match_full
1ea75c7c 26from test_gas import gas_rx, parse_gas, action_response, send_gas_resp, ACTION_CATEG_PUBLIC, GAS_INITIAL_RESPONSE
93a06242 27
d4058934
JM		 28def hs20_ap_params(ssid="test-hs20"):
29 params = hostapd.wpa2_params(ssid=ssid)
93a06242
JM		 30 params['wpa_key_mgmt'] = "WPA-EAP"
31 params['ieee80211w'] = "1"
32 params['ieee8021x'] = "1"
33 params['auth_server_addr'] = "127.0.0.1"
34 params['auth_server_port'] = "1812"
35 params['auth_server_shared_secret'] = "radius"
36 params['interworking'] = "1"
37 params['access_network_type'] = "14"
38 params['internet'] = "1"
39 params['asra'] = "0"
40 params['esr'] = "0"
41 params['uesa'] = "0"
42 params['venue_group'] = "7"
43 params['venue_type'] = "1"
44 params['venue_name'] = [ "eng:Example venue", "fin:Esimerkkipaikka" ]
45 params['roaming_consortium'] = [ "112233", "1020304050", "010203040506",
46 "fedcba" ]
47 params['domain_name'] = "example.com,another.example.com"
48 params['nai_realm'] = [ "0,example.com,13[5:6],21[2:4][5:7]",
49 "0,another.example.com" ]
50 params['hs20'] = "1"
51 params['hs20_wan_metrics'] = "01:8000:1000:80:240:3000"
52 params['hs20_conn_capab'] = [ "1:0:2", "6:22:1", "17:5060:0" ]
53 params['hs20_operating_class'] = "5173"
54 params['anqp_3gpp_cell_net'] = "244,91"
55 return params
56
9714fbcd 57def check_auto_select(dev, bssid):
841bed04 58 dev.scan_for_bss(bssid, freq="2412")
9714fbcd 59 dev.request("INTERWORKING_SELECT auto freq=2412")
5f35a5e2 60 ev = dev.wait_connected(timeout=15)
9714fbcd
JM		 61 if bssid not in ev:
62 raise Exception("Connected to incorrect network")
63 dev.request("REMOVE_NETWORK all")
092ac7bb 64 dev.wait_disconnected()
a359c7bb 65 dev.dump_monitor()
9714fbcd 66
2f37a66d 67def interworking_select(dev, bssid, type=None, no_match=False, freq=None):
bbe86767 68 dev.dump_monitor()
841bed04
JM		 69 if bssid and freq and not no_match:
70 dev.scan_for_bss(bssid, freq=freq)
22653762 71 freq_extra = " freq=" + str(freq) if freq else ""
2f37a66d 72 dev.request("INTERWORKING_SELECT" + freq_extra)
bbe86767
JM		 73 ev = dev.wait_event(["INTERWORKING-AP", "INTERWORKING-NO-MATCH"],
74 timeout=15)
93a06242 75 if ev is None:
bc6e3288 76 raise Exception("Network selection timed out")
bbe86767
JM		 77 if no_match:
78 if "INTERWORKING-NO-MATCH" not in ev:
79 raise Exception("Unexpected network match")
80 return
93a06242 81 if "INTERWORKING-NO-MATCH" in ev:
0dee3a0a
JM		 82 logger.info("Matching network not found - try again")
83 dev.dump_monitor()
84 dev.request("INTERWORKING_SELECT" + freq_extra)
85 ev = dev.wait_event(["INTERWORKING-AP", "INTERWORKING-NO-MATCH"],
86 timeout=15)
87 if ev is None:
bc6e3288 88 raise Exception("Network selection timed out")
0dee3a0a
JM		 89 if "INTERWORKING-NO-MATCH" in ev:
90 raise Exception("Matching network not found")
2cdd91d8 91 if bssid and bssid not in ev:
93a06242 92 raise Exception("Unexpected BSSID in match")
bbe86767
JM		 93 if type and "type=" + type not in ev:
94 raise Exception("Network type not recognized correctly")
93a06242 95
bbe86767
JM		 96def check_sp_type(dev, sp_type):
97 type = dev.get_status_field("sp_type")
98 if type is None:
99 raise Exception("sp_type not available")
100 if type != sp_type:
101 raise Exception("sp_type did not indicate home network")
efd43d85 102
bbe86767 103def hlr_auc_gw_available():
efd43d85 104 if not os.path.exists("/tmp/hlr_auc_gw.sock"):
81e787b7 105 raise HwsimSkip("No hlr_auc_gw socket available")
efd43d85 106 if not os.path.exists("../../hostapd/hlr_auc_gw"):
81e787b7 107 raise HwsimSkip("No hlr_auc_gw available")
efd43d85 108
bbe86767
JM		 109def interworking_ext_sim_connect(dev, bssid, method):
110 dev.request("INTERWORKING_CONNECT " + bssid)
078683ac 111 interworking_ext_sim_auth(dev, method)
efd43d85 112
078683ac 113def interworking_ext_sim_auth(dev, method):
bbe86767 114 ev = dev.wait_event(["CTRL-EVENT-EAP-METHOD"], timeout=15)
efd43d85
JM		 115 if ev is None:
116 raise Exception("Network connected timed out")
bbe86767 117 if "(" + method + ")" not in ev:
efd43d85
JM		 118 raise Exception("Unexpected EAP method selection")
119
bbe86767 120 ev = dev.wait_event(["CTRL-REQ-SIM"], timeout=15)
efd43d85
JM		 121 if ev is None:
122 raise Exception("Wait for external SIM processing request timed out")
123 p = ev.split(':', 2)
124 if p[1] != "GSM-AUTH":
125 raise Exception("Unexpected CTRL-REQ-SIM type")
126 id = p[0].split('-')[3]
127 rand = p[2].split(' ')[0]
128
129 res = subprocess.check_output(["../../hostapd/hlr_auc_gw",
130 "-m",
131 "auth_serv/hlr_auc_gw.milenage_db",
132 "GSM-AUTH-REQ 232010000000000 " + rand])
133 if "GSM-AUTH-RESP" not in res:
134 raise Exception("Unexpected hlr_auc_gw response")
135 resp = res.split(' ')[2].rstrip()
136
bbe86767 137 dev.request("CTRL-RSP-SIM-" + id + ":GSM-AUTH:" + resp)
5f35a5e2 138 dev.wait_connected(timeout=15)
f4defd91 139
8fba2e5d
JM		 140def interworking_connect(dev, bssid, method):
141 dev.request("INTERWORKING_CONNECT " + bssid)
078683ac 142 interworking_auth(dev, method)
8fba2e5d 143
078683ac 144def interworking_auth(dev, method):
8fba2e5d
JM		 145 ev = dev.wait_event(["CTRL-EVENT-EAP-METHOD"], timeout=15)
146 if ev is None:
147 raise Exception("Network connected timed out")
148 if "(" + method + ")" not in ev:
149 raise Exception("Unexpected EAP method selection")
150
5f35a5e2 151 dev.wait_connected(timeout=15)
8fba2e5d 152
715bf904
JM		 153def check_probe_resp(wt, bssid_unexpected, bssid_expected):
154 if bssid_unexpected:
155 count = wt.get_bss_counter("probe_response", bssid_unexpected)
156 if count > 0:
157 raise Exception("Unexpected Probe Response frame from AP")
158
159 if bssid_expected:
160 count = wt.get_bss_counter("probe_response", bssid_expected)
161 if count == 0:
162 raise Exception("No Probe Response frame from AP")
163
2cdd91d8
JM		 164def test_ap_anqp_sharing(dev, apdev):
165 """ANQP sharing within ESS and explicit unshare"""
e7ac04ce 166 check_eap_capa(dev[0], "MSCHAPV2")
57f08b3f
JM		 167 dev[0].flush_scan_cache()
168
2cdd91d8
JM		 169 bssid = apdev[0]['bssid']
170 params = hs20_ap_params()
171 params['hessid'] = bssid
8b8a1864 172 hostapd.add_ap(apdev[0], params)
2cdd91d8
JM		 173
174 bssid2 = apdev[1]['bssid']
175 params = hs20_ap_params()
176 params['hessid'] = bssid
177 params['nai_realm'] = [ "0,example.com,13[5:6],21[2:4][5:7]" ]
8b8a1864 178 hostapd.add_ap(apdev[1], params)
2cdd91d8 179
2cdd91d8
JM		 180 dev[0].hs20_enable()
181 id = dev[0].add_cred_values({ 'realm': "example.com", 'username': "test",
182 'password': "secret",
183 'domain': "example.com" })
184 logger.info("Normal network selection with shared ANQP results")
841bed04
JM		 185 dev[0].scan_for_bss(bssid, freq="2412")
186 dev[0].scan_for_bss(bssid2, freq="2412")
2f37a66d 187 interworking_select(dev[0], None, "home", freq="2412")
2cdd91d8
JM		 188 dev[0].dump_monitor()
189
57f08b3f 190 logger.debug("BSS entries:\n" + dev[0].request("BSS RANGE=ALL"))
2cdd91d8
JM		 191 res1 = dev[0].get_bss(bssid)
192 res2 = dev[0].get_bss(bssid2)
57f08b3f
JM		 193 if 'anqp_nai_realm' not in res1:
194 raise Exception("anqp_nai_realm not found for AP1")
195 if 'anqp_nai_realm' not in res2:
196 raise Exception("anqp_nai_realm not found for AP2")
2cdd91d8
JM		 197 if res1['anqp_nai_realm'] != res2['anqp_nai_realm']:
198 raise Exception("ANQP results were not shared between BSSes")
199
200 logger.info("Explicit ANQP request to unshare ANQP results")
201 dev[0].request("ANQP_GET " + bssid + " 263")
202 ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
203 if ev is None:
204 raise Exception("ANQP operation timed out")
205
206 dev[0].request("ANQP_GET " + bssid2 + " 263")
207 ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
208 if ev is None:
209 raise Exception("ANQP operation timed out")
210
211 res1 = dev[0].get_bss(bssid)
212 res2 = dev[0].get_bss(bssid2)
213 if res1['anqp_nai_realm'] == res2['anqp_nai_realm']:
214 raise Exception("ANQP results were not unshared")
215
20c7d26f
JM		 216def test_ap_anqp_sharing_oom(dev, apdev):
217 """ANQP sharing within ESS and explicit unshare OOM"""
218 check_eap_capa(dev[0], "MSCHAPV2")
219 dev[0].flush_scan_cache()
220
221 bssid = apdev[0]['bssid']
222 params = hs20_ap_params()
223 params['hessid'] = bssid
224 hostapd.add_ap(apdev[0], params)
225
226 bssid2 = apdev[1]['bssid']
227 params = hs20_ap_params()
228 params['hessid'] = bssid
229 params['nai_realm'] = [ "0,example.com,13[5:6],21[2:4][5:7]" ]
230 hostapd.add_ap(apdev[1], params)
231
232 dev[0].hs20_enable()
233 id = dev[0].add_cred_values({ 'realm': "example.com", 'username': "test",
234 'password': "secret",
235 'domain': "example.com" })
236 dev[0].scan_for_bss(bssid, freq="2412")
237 dev[0].scan_for_bss(bssid2, freq="2412")
238 interworking_select(dev[0], None, "home", freq="2412")
239 dev[0].dump_monitor()
240
241 with alloc_fail(dev[0], 1, "wpa_bss_anqp_clone"):
242 dev[0].request("ANQP_GET " + bssid + " 263")
243 ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
244 if ev is None:
245 raise Exception("ANQP operation timed out")
246
cddc19e5
JM		 247def test_ap_nai_home_realm_query(dev, apdev):
248 """NAI Home Realm Query"""
e7ac04ce 249 check_eap_capa(dev[0], "MSCHAPV2")
cddc19e5
JM		 250 bssid = apdev[0]['bssid']
251 params = hs20_ap_params()
252 params['nai_realm'] = [ "0,example.com,13[5:6],21[2:4][5:7]",
253 "0,another.example.org" ]
8b8a1864 254 hostapd.add_ap(apdev[0], params)
cddc19e5
JM		 255
256 dev[0].scan(freq="2412")
257 dev[0].request("HS20_GET_NAI_HOME_REALM_LIST " + bssid + " realm=example.com")
258 ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
259 if ev is None:
260 raise Exception("ANQP operation timed out")
261 nai1 = dev[0].get_bss(bssid)['anqp_nai_realm']
262 dev[0].dump_monitor()
263
264 dev[0].request("ANQP_GET " + bssid + " 263")
265 ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
266 if ev is None:
267 raise Exception("ANQP operation timed out")
268 nai2 = dev[0].get_bss(bssid)['anqp_nai_realm']
269
270 if len(nai1) >= len(nai2):
271 raise Exception("Unexpected NAI Realm list response lengths")
272 if "example.com".encode('hex') not in nai1:
273 raise Exception("Home realm not reported")
274 if "example.org".encode('hex') in nai1:
275 raise Exception("Non-home realm reported")
276 if "example.com".encode('hex') not in nai2:
277 raise Exception("Home realm not reported in wildcard query")
278 if "example.org".encode('hex') not in nai2:
279 raise Exception("Non-home realm not reported in wildcard query ")
280
ea215c54
JM		 281 cmds = [ "foo",
282 "00:11:22:33:44:55 123",
283 "00:11:22:33:44:55 qq" ]
284 for cmd in cmds:
285 if "FAIL" not in dev[0].request("HS20_GET_NAI_HOME_REALM_LIST " + cmd):
286 raise Exception("Invalid HS20_GET_NAI_HOME_REALM_LIST accepted: " + cmd)
287
288 dev[0].dump_monitor()
289 if "OK" not in dev[0].request("HS20_GET_NAI_HOME_REALM_LIST " + bssid):
290 raise Exception("HS20_GET_NAI_HOME_REALM_LIST failed")
291 ev = dev[0].wait_event(["GAS-QUERY-DONE"], timeout=10)
292 if ev is None:
293 raise Exception("ANQP operation timed out")
294 ev = dev[0].wait_event(["RX-ANQP"], timeout=0.1)
295 if ev is not None:
296 raise Exception("Unexpected ANQP response: " + ev)
297
298 dev[0].dump_monitor()
299 if "OK" not in dev[0].request("HS20_GET_NAI_HOME_REALM_LIST " + bssid + " 01000b6578616d706c652e636f6d"):
300 raise Exception("HS20_GET_NAI_HOME_REALM_LIST failed")
301 ev = dev[0].wait_event(["RX-ANQP"], timeout=10)
302 if ev is None:
303 raise Exception("No ANQP response")
304 if "NAI Realm list" not in ev:
305 raise Exception("Missing NAI Realm list: " + ev)
306
307 dev[0].add_cred_values({ 'realm': "example.com", 'username': "test",
308 'password': "secret",
309 'domain': "example.com" })
310 dev[0].dump_monitor()
311 if "OK" not in dev[0].request("HS20_GET_NAI_HOME_REALM_LIST " + bssid):
312 raise Exception("HS20_GET_NAI_HOME_REALM_LIST failed")
313 ev = dev[0].wait_event(["RX-ANQP"], timeout=10)
314 if ev is None:
315 raise Exception("No ANQP response")
316 if "NAI Realm list" not in ev:
317 raise Exception("Missing NAI Realm list: " + ev)
318
9fd6804d 319@remote_compatible
715bf904
JM		 320def test_ap_interworking_scan_filtering(dev, apdev):
321 """Interworking scan filtering with HESSID and access network type"""
e4d7b513 322 try:
81e787b7 323 _test_ap_interworking_scan_filtering(dev, apdev)
e4d7b513
JM		 324 finally:
325 dev[0].request("SET hessid 00:00:00:00:00:00")
326 dev[0].request("SET access_network_type 15")
327
328def _test_ap_interworking_scan_filtering(dev, apdev):
715bf904
JM		 329 bssid = apdev[0]['bssid']
330 params = hs20_ap_params()
331 ssid = "test-hs20-ap1"
332 params['ssid'] = ssid
333 params['hessid'] = bssid
8efc83d4 334 hapd0 = hostapd.add_ap(apdev[0], params)
715bf904
JM		 335
336 bssid2 = apdev[1]['bssid']
337 params = hs20_ap_params()
338 ssid2 = "test-hs20-ap2"
339 params['ssid'] = ssid2
340 params['hessid'] = bssid2
341 params['access_network_type'] = "1"
8175854e
JM		 342 del params['venue_group']
343 del params['venue_type']
8b8a1864 344 hostapd.add_ap(apdev[1], params)
715bf904 345
715bf904
JM		 346 dev[0].hs20_enable()
347
8efc83d4 348 Wlantest.setup(hapd0)
715bf904
JM		 349 wt = Wlantest()
350 wt.flush()
351
352 logger.info("Check probe request filtering based on HESSID")
353
354 dev[0].request("SET hessid " + bssid2)
0589f401 355 dev[0].scan(freq="2412")
94a2dd0b 356 time.sleep(0.03)
715bf904
JM		 357 check_probe_resp(wt, bssid, bssid2)
358
359 logger.info("Check probe request filtering based on access network type")
360
361 wt.clear_bss_counters(bssid)
362 wt.clear_bss_counters(bssid2)
363 dev[0].request("SET hessid 00:00:00:00:00:00")
364 dev[0].request("SET access_network_type 14")
0589f401 365 dev[0].scan(freq="2412")
94a2dd0b 366 time.sleep(0.03)
715bf904
JM		 367 check_probe_resp(wt, bssid2, bssid)
368
369 wt.clear_bss_counters(bssid)
370 wt.clear_bss_counters(bssid2)
371 dev[0].request("SET hessid 00:00:00:00:00:00")
372 dev[0].request("SET access_network_type 1")
0589f401 373 dev[0].scan(freq="2412")
94a2dd0b 374 time.sleep(0.03)
715bf904
JM		 375 check_probe_resp(wt, bssid, bssid2)
376
377 logger.info("Check probe request filtering based on HESSID and ANT")
378
379 wt.clear_bss_counters(bssid)
380 wt.clear_bss_counters(bssid2)
381 dev[0].request("SET hessid " + bssid)
382 dev[0].request("SET access_network_type 14")
0589f401 383 dev[0].scan(freq="2412")
94a2dd0b 384 time.sleep(0.03)
715bf904
JM		 385 check_probe_resp(wt, bssid2, bssid)
386
387 wt.clear_bss_counters(bssid)
388 wt.clear_bss_counters(bssid2)
389 dev[0].request("SET hessid " + bssid2)
390 dev[0].request("SET access_network_type 14")
0589f401 391 dev[0].scan(freq="2412")
94a2dd0b 392 time.sleep(0.03)
715bf904
JM		 393 check_probe_resp(wt, bssid, None)
394 check_probe_resp(wt, bssid2, None)
395
396 wt.clear_bss_counters(bssid)
397 wt.clear_bss_counters(bssid2)
398 dev[0].request("SET hessid " + bssid)
399 dev[0].request("SET access_network_type 1")
0589f401 400 dev[0].scan(freq="2412")
94a2dd0b 401 time.sleep(0.03)
715bf904
JM		 402 check_probe_resp(wt, bssid, None)
403 check_probe_resp(wt, bssid2, None)
404
bbe86767
JM		 405def test_ap_hs20_select(dev, apdev):
406 """Hotspot 2.0 network selection"""
407 bssid = apdev[0]['bssid']
408 params = hs20_ap_params()
409 params['hessid'] = bssid
8b8a1864 410 hostapd.add_ap(apdev[0], params)
bbe86767
JM		 411
412 dev[0].hs20_enable()
2232edf8
JM		 413 id = dev[0].add_cred_values({ 'realm': "example.com", 'username': "test",
414 'password': "secret",
415 'domain': "example.com" })
bbe86767
JM		 416 interworking_select(dev[0], bssid, "home")
417
418 dev[0].remove_cred(id)
2232edf8
JM		 419 id = dev[0].add_cred_values({ 'realm': "example.com", 'username': "test",
420 'password': "secret",
421 'domain': "no.match.example.com" })
2f37a66d 422 interworking_select(dev[0], bssid, "roaming", freq="2412")
bbe86767 423
bc6e3288 424 dev[0].set_cred_quoted(id, "realm", "no.match.example.com")
2f37a66d 425 interworking_select(dev[0], bssid, no_match=True, freq="2412")
bbe86767 426
d463c556
JM		 427 res = dev[0].request("SCAN_RESULTS")
428 if "[HS20]" not in res:
429 raise Exception("HS20 flag missing from scan results: " + res)
430
4b572e3a
JM		 431 bssid2 = apdev[1]['bssid']
432 params = hs20_ap_params()
433 params['nai_realm'] = [ "0,example.org,21" ]
434 params['hessid'] = bssid2
435 params['domain_name'] = "example.org"
8b8a1864 436 hostapd.add_ap(apdev[1], params)
4b572e3a
JM		 437 dev[0].remove_cred(id)
438 id = dev[0].add_cred_values({ 'realm': "example.org", 'username': "test",
439 'password': "secret",
440 'domain': "example.org" })
441 interworking_select(dev[0], bssid2, "home", freq="2412")
442
459e96cd
JM		 443def hs20_simulated_sim(dev, ap, method):
444 bssid = ap['bssid']
445 params = hs20_ap_params()
446 params['hessid'] = bssid
447 params['anqp_3gpp_cell_net'] = "555,444"
448 params['domain_name'] = "wlan.mnc444.mcc555.3gppnetwork.org"
afc26df2 449 hostapd.add_ap(ap, params)
459e96cd 450
459e96cd
JM		 451 dev.hs20_enable()
452 dev.add_cred_values({ 'imsi': "555444-333222111", 'eap': method,
453 'milenage': "5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123"})
c8ae9daf 454 interworking_select(dev, bssid, "home", freq="2412")
459e96cd
JM		 455 interworking_connect(dev, bssid, method)
456 check_sp_type(dev, "home")
457
458def test_ap_hs20_sim(dev, apdev):
459 """Hotspot 2.0 with simulated SIM and EAP-SIM"""
81e787b7 460 hlr_auc_gw_available()
459e96cd 461 hs20_simulated_sim(dev[0], apdev[0], "SIM")
16ab63f4
JM		 462 dev[0].request("INTERWORKING_SELECT auto freq=2412")
463 ev = dev[0].wait_event(["INTERWORKING-ALREADY-CONNECTED"], timeout=15)
464 if ev is None:
465 raise Exception("Timeout on already-connected event")
459e96cd 466
0e67d81f
JM		 467def test_ap_hs20_sim_invalid(dev, apdev):
468 """Hotspot 2.0 with simulated SIM and EAP-SIM - invalid IMSI"""
469 hlr_auc_gw_available()
470 bssid = apdev[0]['bssid']
471 params = hs20_ap_params()
472 params['hessid'] = bssid
473 params['anqp_3gpp_cell_net'] = "555,444"
474 params['domain_name'] = "wlan.mnc444.mcc555.3gppnetwork.org"
475 hostapd.add_ap(apdev[0], params)
476
477 dev[0].hs20_enable()
478 dev[0].add_cred_values({ 'imsi': "555444-3332221110", 'eap': "SIM",
479 'milenage': "5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123"})
480 # This hits "No valid IMSI available" in build_root_nai()
481 interworking_select(dev[0], bssid, freq="2412")
482
26597515
JM		 483def test_ap_hs20_sim_oom(dev, apdev):
484 """Hotspot 2.0 with simulated SIM and EAP-SIM - OOM"""
485 hlr_auc_gw_available()
486 bssid = apdev[0]['bssid']
487 params = hs20_ap_params()
488 params['hessid'] = bssid
489 params['anqp_3gpp_cell_net'] = "555,444"
490 params['domain_name'] = "wlan.mnc444.mcc555.3gppnetwork.org"
491 hostapd.add_ap(apdev[0], params)
492
493 dev[0].hs20_enable()
494 dev[0].add_cred_values({ 'imsi': "555444-333222111", 'eap': "SIM",
495 'milenage': "5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123"})
496 dev[0].scan_for_bss(bssid, freq=2412)
497 interworking_select(dev[0], bssid, freq="2412")
498
499 with alloc_fail(dev[0], 1, "wpa_config_add_network;interworking_connect_3gpp"):
500 dev[0].request("INTERWORKING_CONNECT " + bssid)
501 wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
502
503 with alloc_fail(dev[0], 1, "=interworking_connect_3gpp"):
504 dev[0].request("INTERWORKING_CONNECT " + bssid)
505 wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
506
459e96cd
JM		 507def test_ap_hs20_aka(dev, apdev):
508 """Hotspot 2.0 with simulated USIM and EAP-AKA"""
81e787b7 509 hlr_auc_gw_available()
459e96cd
JM		 510 hs20_simulated_sim(dev[0], apdev[0], "AKA")
511
512def test_ap_hs20_aka_prime(dev, apdev):
513 """Hotspot 2.0 with simulated USIM and EAP-AKA'"""
81e787b7 514 hlr_auc_gw_available()
459e96cd
JM		 515 hs20_simulated_sim(dev[0], apdev[0], "AKA'")
516
bbe86767
JM		 517def test_ap_hs20_ext_sim(dev, apdev):
518 """Hotspot 2.0 with external SIM processing"""
81e787b7 519 hlr_auc_gw_available()
bbe86767
JM		 520 bssid = apdev[0]['bssid']
521 params = hs20_ap_params()
522 params['hessid'] = bssid
523 params['anqp_3gpp_cell_net'] = "232,01"
524 params['domain_name'] = "wlan.mnc001.mcc232.3gppnetwork.org"
8b8a1864 525 hostapd.add_ap(apdev[0], params)
bbe86767
JM		 526
527 dev[0].hs20_enable()
47dcb118
JM		 528 try:
529 dev[0].request("SET external_sim 1")
530 dev[0].add_cred_values({ 'imsi': "23201-0000000000", 'eap': "SIM" })
c8ae9daf 531 interworking_select(dev[0], bssid, "home", freq="2412")
47dcb118
JM		 532 interworking_ext_sim_connect(dev[0], bssid, "SIM")
533 check_sp_type(dev[0], "home")
534 finally:
535 dev[0].request("SET external_sim 0")
59f8a3c6
JM		 536
537def test_ap_hs20_ext_sim_roaming(dev, apdev):
538 """Hotspot 2.0 with external SIM processing in roaming network"""
81e787b7 539 hlr_auc_gw_available()
59f8a3c6
JM		 540 bssid = apdev[0]['bssid']
541 params = hs20_ap_params()
542 params['hessid'] = bssid
543 params['anqp_3gpp_cell_net'] = "244,91;310,026;232,01;234,56"
544 params['domain_name'] = "wlan.mnc091.mcc244.3gppnetwork.org"
8b8a1864 545 hostapd.add_ap(apdev[0], params)
59f8a3c6
JM		 546
547 dev[0].hs20_enable()
47dcb118
JM		 548 try:
549 dev[0].request("SET external_sim 1")
550 dev[0].add_cred_values({ 'imsi': "23201-0000000000", 'eap': "SIM" })
c8ae9daf 551 interworking_select(dev[0], bssid, "roaming", freq="2412")
47dcb118
JM		 552 interworking_ext_sim_connect(dev[0], bssid, "SIM")
553 check_sp_type(dev[0], "roaming")
554 finally:
555 dev[0].request("SET external_sim 0")
8fba2e5d
JM		 556
557def test_ap_hs20_username(dev, apdev):
558 """Hotspot 2.0 connection in username/password credential"""
e7ac04ce 559 check_eap_capa(dev[0], "MSCHAPV2")
8fba2e5d
JM		 560 bssid = apdev[0]['bssid']
561 params = hs20_ap_params()
562 params['hessid'] = bssid
d627e131 563 params['disable_dgaf'] = '1'
8b8a1864 564 hostapd.add_ap(apdev[0], params)
8fba2e5d
JM		 565
566 dev[0].hs20_enable()
2232edf8
JM		 567 id = dev[0].add_cred_values({ 'realm': "example.com",
568 'username': "hs20-test",
569 'password': "password",
a1281b9f 570 'ca_cert': "auth_serv/ca.pem",
5f1e31cf
JM		 571 'domain': "example.com",
572 'update_identifier': "1234" })
2f37a66d 573 interworking_select(dev[0], bssid, "home", freq="2412")
8fba2e5d
JM		 574 interworking_connect(dev[0], bssid, "TTLS")
575 check_sp_type(dev[0], "home")
10b3cc67
JM		 576 status = dev[0].get_status()
577 if status['pairwise_cipher'] != "CCMP":
578 raise Exception("Unexpected pairwise cipher")
579 if status['hs20'] != "2":
580 raise Exception("Unexpected HS 2.0 support indication")
8fba2e5d 581
a1281b9f
JM		 582 dev[1].connect("test-hs20", key_mgmt="WPA-EAP", eap="TTLS",
583 identity="hs20-test", password="password",
584 ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
585 scan_freq="2412")
586
1e780974
JM		 587def test_ap_hs20_connect_api(dev, apdev):
588 """Hotspot 2.0 connection with connect API"""
e7ac04ce 589 check_eap_capa(dev[0], "MSCHAPV2")
1e780974
JM		 590 bssid = apdev[0]['bssid']
591 params = hs20_ap_params()
592 params['hessid'] = bssid
593 params['disable_dgaf'] = '1'
8b8a1864 594 hostapd.add_ap(apdev[0], params)
1e780974
JM		 595
596 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
597 wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
598 wpas.hs20_enable()
243dcc4a 599 wpas.flush_scan_cache()
1e780974
JM		 600 id = wpas.add_cred_values({ 'realm': "example.com",
601 'username': "hs20-test",
602 'password': "password",
603 'ca_cert': "auth_serv/ca.pem",
604 'domain': "example.com",
605 'update_identifier': "1234" })
606 interworking_select(wpas, bssid, "home", freq="2412")
607 interworking_connect(wpas, bssid, "TTLS")
608 check_sp_type(wpas, "home")
609 status = wpas.get_status()
610 if status['pairwise_cipher'] != "CCMP":
611 raise Exception("Unexpected pairwise cipher")
612 if status['hs20'] != "2":
613 raise Exception("Unexpected HS 2.0 support indication")
614
543f9f7e
JM		 615def test_ap_hs20_auto_interworking(dev, apdev):
616 """Hotspot 2.0 connection with auto_interworking=1"""
e7ac04ce 617 check_eap_capa(dev[0], "MSCHAPV2")
543f9f7e
JM		 618 bssid = apdev[0]['bssid']
619 params = hs20_ap_params()
620 params['hessid'] = bssid
621 params['disable_dgaf'] = '1'
8b8a1864 622 hostapd.add_ap(apdev[0], params)
543f9f7e
JM		 623
624 dev[0].hs20_enable(auto_interworking=True)
625 id = dev[0].add_cred_values({ 'realm': "example.com",
626 'username': "hs20-test",
627 'password': "password",
628 'ca_cert': "auth_serv/ca.pem",
629 'domain': "example.com",
630 'update_identifier': "1234" })
631 dev[0].request("REASSOCIATE")
5f35a5e2 632 dev[0].wait_connected(timeout=15)
543f9f7e
JM		 633 check_sp_type(dev[0], "home")
634 status = dev[0].get_status()
635 if status['pairwise_cipher'] != "CCMP":
636 raise Exception("Unexpected pairwise cipher")
637 if status['hs20'] != "2":
638 raise Exception("Unexpected HS 2.0 support indication")
639
9fd6804d 640@remote_compatible
e912e4bc
JM		 641def test_ap_hs20_auto_interworking_no_match(dev, apdev):
642 """Hotspot 2.0 connection with auto_interworking=1 and no matching network"""
8b8a1864 643 hapd = hostapd.add_ap(apdev[0], { "ssid": "mismatch" })
e912e4bc
JM		 644
645 dev[0].hs20_enable(auto_interworking=True)
646 id = dev[0].connect("mismatch", psk="12345678", scan_freq="2412",
647 only_add_network=True)
648 dev[0].request("ENABLE_NETWORK " + str(id) + " no-connect")
649
650 id = dev[0].add_cred_values({ 'realm': "example.com",
651 'username': "hs20-test",
652 'password': "password",
653 'ca_cert': "auth_serv/ca.pem",
654 'domain': "example.com",
655 'update_identifier': "1234" })
656 dev[0].request("INTERWORKING_SELECT auto freq=2412")
657 time.sleep(0.1)
658 dev[0].dump_monitor()
659 for i in range(5):
660 logger.info("start ping")
661 if "PONG" not in dev[0].ctrl.request("PING", timeout=2):
662 raise Exception("PING failed")
663 logger.info("ping done")
664 fetch = 0
665 scan = 0
666 for j in range(15):
667 ev = dev[0].wait_event([ "ANQP fetch completed",
668 "CTRL-EVENT-SCAN-RESULTS" ], timeout=0.05)
669 if ev is None:
670 break
671 if "ANQP fetch completed" in ev:
672 fetch += 1
673 else:
674 scan += 1
675 if fetch > 2 * scan + 3:
676 raise Exception("Too many ANQP fetch iterations")
677 dev[0].dump_monitor()
678 dev[0].request("DISCONNECT")
679
9fd6804d 680@remote_compatible
bedb6ea5
JM		 681def test_ap_hs20_auto_interworking_no_cred_match(dev, apdev):
682 """Hotspot 2.0 connection with auto_interworking=1 but no cred match"""
683 bssid = apdev[0]['bssid']
684 params = { "ssid": "test" }
8b8a1864 685 hostapd.add_ap(apdev[0], params)
bedb6ea5
JM		 686
687 dev[0].hs20_enable(auto_interworking=True)
688 dev[0].add_cred_values({ 'realm': "example.com",
689 'username': "hs20-test",
690 'password': "password",
691 'ca_cert': "auth_serv/ca.pem",
692 'domain': "example.com" })
693
694 id = dev[0].connect("test", psk="12345678", only_add_network=True)
695 dev[0].request("ENABLE_NETWORK %s" % id)
696 logger.info("Verify that scanning continues when there is partial network block match")
697 for i in range(0, 2):
698 ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 10)
699 if ev is None:
700 raise Exception("Scan timed out")
701 logger.info("Scan completed")
702
dcd68168
JM		 703def eap_test(dev, ap, eap_params, method, user):
704 bssid = ap['bssid']
705 params = hs20_ap_params()
706 params['nai_realm'] = [ "0,example.com," + eap_params ]
afc26df2 707 hostapd.add_ap(ap, params)
dcd68168 708
dcd68168
JM		 709 dev.hs20_enable()
710 dev.add_cred_values({ 'realm': "example.com",
524c6c33 711 'ca_cert': "auth_serv/ca.pem",
dcd68168
JM		 712 'username': user,
713 'password': "password" })
2f37a66d 714 interworking_select(dev, bssid, freq="2412")
dcd68168
JM		 715 interworking_connect(dev, bssid, method)
716
9fd6804d 717@remote_compatible
932be82c
JM		 718def test_ap_hs20_eap_unknown(dev, apdev):
719 """Hotspot 2.0 connection with unknown EAP method"""
720 bssid = apdev[0]['bssid']
721 params = hs20_ap_params()
722 params['nai_realm'] = "0,example.com,99"
8b8a1864 723 hostapd.add_ap(apdev[0], params)
932be82c
JM		 724
725 dev[0].hs20_enable()
726 dev[0].add_cred_values(default_cred())
727 interworking_select(dev[0], None, no_match=True, freq="2412")
728
dcd68168
JM		 729def test_ap_hs20_eap_peap_mschapv2(dev, apdev):
730 """Hotspot 2.0 connection with PEAP/MSCHAPV2"""
e7ac04ce 731 check_eap_capa(dev[0], "MSCHAPV2")
dcd68168
JM		 732 eap_test(dev[0], apdev[0], "25[3:26]", "PEAP", "user")
733
932be82c
JM		 734def test_ap_hs20_eap_peap_default(dev, apdev):
735 """Hotspot 2.0 connection with PEAP/MSCHAPV2 (as default)"""
e7ac04ce 736 check_eap_capa(dev[0], "MSCHAPV2")
932be82c
JM		 737 eap_test(dev[0], apdev[0], "25", "PEAP", "user")
738
dcd68168
JM		 739def test_ap_hs20_eap_peap_gtc(dev, apdev):
740 """Hotspot 2.0 connection with PEAP/GTC"""
741 eap_test(dev[0], apdev[0], "25[3:6]", "PEAP", "user")
742
9fd6804d 743@remote_compatible
932be82c
JM		 744def test_ap_hs20_eap_peap_unknown(dev, apdev):
745 """Hotspot 2.0 connection with PEAP/unknown"""
746 bssid = apdev[0]['bssid']
747 params = hs20_ap_params()
748 params['nai_realm'] = "0,example.com,25[3:99]"
8b8a1864 749 hostapd.add_ap(apdev[0], params)
932be82c
JM		 750
751 dev[0].hs20_enable()
752 dev[0].add_cred_values(default_cred())
753 interworking_select(dev[0], None, no_match=True, freq="2412")
754
dcd68168
JM		 755def test_ap_hs20_eap_ttls_chap(dev, apdev):
756 """Hotspot 2.0 connection with TTLS/CHAP"""
ca158ea6 757 skip_with_fips(dev[0])
dcd68168
JM		 758 eap_test(dev[0], apdev[0], "21[2:2]", "TTLS", "chap user")
759
760def test_ap_hs20_eap_ttls_mschap(dev, apdev):
761 """Hotspot 2.0 connection with TTLS/MSCHAP"""
ca158ea6 762 skip_with_fips(dev[0])
dcd68168
JM		 763 eap_test(dev[0], apdev[0], "21[2:3]", "TTLS", "mschap user")
764
765def test_ap_hs20_eap_ttls_eap_mschapv2(dev, apdev):
766 """Hotspot 2.0 connection with TTLS/EAP-MSCHAPv2"""
e7ac04ce 767 check_eap_capa(dev[0], "MSCHAPV2")
932be82c
JM		 768 eap_test(dev[0], apdev[0], "21[3:26][6:7][99:99]", "TTLS", "user")
769
9fd6804d 770@remote_compatible
932be82c
JM		 771def test_ap_hs20_eap_ttls_eap_unknown(dev, apdev):
772 """Hotspot 2.0 connection with TTLS/EAP-unknown"""
773 bssid = apdev[0]['bssid']
774 params = hs20_ap_params()
775 params['nai_realm'] = "0,example.com,21[3:99]"
8b8a1864 776 hostapd.add_ap(apdev[0], params)
932be82c
JM		 777
778 dev[0].hs20_enable()
779 dev[0].add_cred_values(default_cred())
780 interworking_select(dev[0], None, no_match=True, freq="2412")
781
9fd6804d 782@remote_compatible
932be82c
JM		 783def test_ap_hs20_eap_ttls_eap_unsupported(dev, apdev):
784 """Hotspot 2.0 connection with TTLS/EAP-OTP(unsupported)"""
785 bssid = apdev[0]['bssid']
786 params = hs20_ap_params()
787 params['nai_realm'] = "0,example.com,21[3:5]"
8b8a1864 788 hostapd.add_ap(apdev[0], params)
932be82c
JM		 789
790 dev[0].hs20_enable()
791 dev[0].add_cred_values(default_cred())
792 interworking_select(dev[0], None, no_match=True, freq="2412")
793
9fd6804d 794@remote_compatible
932be82c
JM		 795def test_ap_hs20_eap_ttls_unknown(dev, apdev):
796 """Hotspot 2.0 connection with TTLS/unknown"""
797 bssid = apdev[0]['bssid']
798 params = hs20_ap_params()
799 params['nai_realm'] = "0,example.com,21[2:5]"
8b8a1864 800 hostapd.add_ap(apdev[0], params)
932be82c
JM		 801
802 dev[0].hs20_enable()
803 dev[0].add_cred_values(default_cred())
804 interworking_select(dev[0], None, no_match=True, freq="2412")
dcd68168
JM		 805
806def test_ap_hs20_eap_fast_mschapv2(dev, apdev):
807 """Hotspot 2.0 connection with FAST/EAP-MSCHAPV2"""
3b51cc63 808 check_eap_capa(dev[0], "FAST")
dcd68168
JM		 809 eap_test(dev[0], apdev[0], "43[3:26]", "FAST", "user")
810
811def test_ap_hs20_eap_fast_gtc(dev, apdev):
812 """Hotspot 2.0 connection with FAST/EAP-GTC"""
3b51cc63 813 check_eap_capa(dev[0], "FAST")
dcd68168
JM		 814 eap_test(dev[0], apdev[0], "43[3:6]", "FAST", "user")
815
816def test_ap_hs20_eap_tls(dev, apdev):
817 """Hotspot 2.0 connection with EAP-TLS"""
818 bssid = apdev[0]['bssid']
819 params = hs20_ap_params()
820 params['nai_realm'] = [ "0,example.com,13[5:6]" ]
8b8a1864 821 hostapd.add_ap(apdev[0], params)
dcd68168 822
dcd68168
JM		 823 dev[0].hs20_enable()
824 dev[0].add_cred_values({ 'realm': "example.com",
825 'username': "certificate-user",
826 'ca_cert': "auth_serv/ca.pem",
827 'client_cert': "auth_serv/user.pem",
828 'private_key': "auth_serv/user.key"})
2f37a66d 829 interworking_select(dev[0], bssid, freq="2412")
dcd68168
JM		 830 interworking_connect(dev[0], bssid, "TLS")
831
9fd6804d 832@remote_compatible
932be82c
JM		 833def test_ap_hs20_eap_cert_unknown(dev, apdev):
834 """Hotspot 2.0 connection with certificate, but unknown EAP method"""
835 bssid = apdev[0]['bssid']
836 params = hs20_ap_params()
837 params['nai_realm'] = [ "0,example.com,99[5:6]" ]
8b8a1864 838 hostapd.add_ap(apdev[0], params)
932be82c
JM		 839
840 dev[0].hs20_enable()
841 dev[0].add_cred_values({ 'realm': "example.com",
842 'username': "certificate-user",
843 'ca_cert': "auth_serv/ca.pem",
844 'client_cert': "auth_serv/user.pem",
845 'private_key': "auth_serv/user.key"})
846 interworking_select(dev[0], None, no_match=True, freq="2412")
847
9fd6804d 848@remote_compatible
932be82c
JM		 849def test_ap_hs20_eap_cert_unsupported(dev, apdev):
850 """Hotspot 2.0 connection with certificate, but unsupported TTLS"""
851 bssid = apdev[0]['bssid']
852 params = hs20_ap_params()
853 params['nai_realm'] = [ "0,example.com,21[5:6]" ]
8b8a1864 854 hostapd.add_ap(apdev[0], params)
932be82c
JM		 855
856 dev[0].hs20_enable()
857 dev[0].add_cred_values({ 'realm': "example.com",
858 'username': "certificate-user",
859 'ca_cert': "auth_serv/ca.pem",
860 'client_cert': "auth_serv/user.pem",
861 'private_key': "auth_serv/user.key"})
862 interworking_select(dev[0], None, no_match=True, freq="2412")
863
9fd6804d 864@remote_compatible
932be82c
JM		 865def test_ap_hs20_eap_invalid_cred(dev, apdev):
866 """Hotspot 2.0 connection with invalid cred configuration"""
867 bssid = apdev[0]['bssid']
868 params = hs20_ap_params()
8b8a1864 869 hostapd.add_ap(apdev[0], params)
932be82c
JM		 870
871 dev[0].hs20_enable()
872 dev[0].add_cred_values({ 'realm': "example.com",
873 'username': "certificate-user",
874 'client_cert': "auth_serv/user.pem" })
875 interworking_select(dev[0], None, no_match=True, freq="2412")
876
0aca5d13
JM		 877def test_ap_hs20_nai_realms(dev, apdev):
878 """Hotspot 2.0 connection and multiple NAI realms and TTLS/PAP"""
879 bssid = apdev[0]['bssid']
880 params = hs20_ap_params()
881 params['hessid'] = bssid
882 params['nai_realm'] = [ "0,no.match.here;example.com;no.match.here.either,21[2:1][5:7]" ]
8b8a1864 883 hostapd.add_ap(apdev[0], params)
0aca5d13 884
0aca5d13
JM		 885 dev[0].hs20_enable()
886 id = dev[0].add_cred_values({ 'realm': "example.com",
524c6c33 887 'ca_cert': "auth_serv/ca.pem",
0aca5d13
JM		 888 'username': "pap user",
889 'password': "password",
890 'domain': "example.com" })
2f37a66d 891 interworking_select(dev[0], bssid, "home", freq="2412")
0aca5d13
JM		 892 interworking_connect(dev[0], bssid, "TTLS")
893 check_sp_type(dev[0], "home")
894
e209eb98
JM		 895def test_ap_hs20_roaming_consortium(dev, apdev):
896 """Hotspot 2.0 connection based on roaming consortium match"""
897 bssid = apdev[0]['bssid']
898 params = hs20_ap_params()
899 params['hessid'] = bssid
8b8a1864 900 hostapd.add_ap(apdev[0], params)
e209eb98 901
e209eb98 902 dev[0].hs20_enable()
80584122
JM		 903 for consortium in [ "112233", "1020304050", "010203040506", "fedcba" ]:
904 id = dev[0].add_cred_values({ 'username': "user",
905 'password': "password",
906 'domain': "example.com",
524c6c33 907 'ca_cert': "auth_serv/ca.pem",
80584122
JM		 908 'roaming_consortium': consortium,
909 'eap': "PEAP" })
910 interworking_select(dev[0], bssid, "home", freq="2412")
911 interworking_connect(dev[0], bssid, "PEAP")
912 check_sp_type(dev[0], "home")
913 dev[0].request("INTERWORKING_SELECT auto freq=2412")
914 ev = dev[0].wait_event(["INTERWORKING-ALREADY-CONNECTED"], timeout=15)
915 if ev is None:
916 raise Exception("Timeout on already-connected event")
917 dev[0].remove_cred(id)
e209eb98 918
d717c102
JM		 919def test_ap_hs20_roaming_consortium_invalid(dev, apdev):
920 """Hotspot 2.0 connection and invalid roaming consortium ANQP-element"""
921 bssid = apdev[0]['bssid']
922 params = hs20_ap_params()
923 params['hessid'] = bssid
924 # Override Roaming Consortium ANQP-element with an incorrectly encoded
925 # value.
926 params['anqp_elem'] = "261:04fedcba"
927 hostapd.add_ap(apdev[0], params)
928
929 dev[0].hs20_enable()
930 id = dev[0].add_cred_values({ 'username': "user",
931 'password': "password",
932 'domain': "example.com",
933 'ca_cert': "auth_serv/ca.pem",
934 'roaming_consortium': "fedcba",
935 'eap': "PEAP" })
936 interworking_select(dev[0], bssid, "home", freq="2412", no_match=True)
937
8fba2e5d
JM		 938def test_ap_hs20_username_roaming(dev, apdev):
939 """Hotspot 2.0 connection in username/password credential (roaming)"""
e7ac04ce 940 check_eap_capa(dev[0], "MSCHAPV2")
8fba2e5d
JM		 941 bssid = apdev[0]['bssid']
942 params = hs20_ap_params()
943 params['nai_realm'] = [ "0,example.com,13[5:6],21[2:4][5:7]",
944 "0,roaming.example.com,21[2:4][5:7]",
945 "0,another.example.com" ]
946 params['domain_name'] = "another.example.com"
947 params['hessid'] = bssid
8b8a1864 948 hostapd.add_ap(apdev[0], params)
8fba2e5d
JM		 949
950 dev[0].hs20_enable()
2232edf8
JM		 951 id = dev[0].add_cred_values({ 'realm': "roaming.example.com",
952 'username': "hs20-test",
953 'password': "password",
524c6c33 954 'ca_cert': "auth_serv/ca.pem",
2232edf8 955 'domain': "example.com" })
2f37a66d 956 interworking_select(dev[0], bssid, "roaming", freq="2412")
8fba2e5d
JM		 957 interworking_connect(dev[0], bssid, "TTLS")
958 check_sp_type(dev[0], "roaming")
959
960def test_ap_hs20_username_unknown(dev, apdev):
961 """Hotspot 2.0 connection in username/password credential (no domain in cred)"""
e7ac04ce 962 check_eap_capa(dev[0], "MSCHAPV2")
8fba2e5d
JM		 963 bssid = apdev[0]['bssid']
964 params = hs20_ap_params()
965 params['hessid'] = bssid
8b8a1864 966 hostapd.add_ap(apdev[0], params)
8fba2e5d
JM		 967
968 dev[0].hs20_enable()
2232edf8 969 id = dev[0].add_cred_values({ 'realm': "example.com",
524c6c33 970 'ca_cert': "auth_serv/ca.pem",
2232edf8
JM		 971 'username': "hs20-test",
972 'password': "password" })
2f37a66d 973 interworking_select(dev[0], bssid, "unknown", freq="2412")
8fba2e5d
JM		 974 interworking_connect(dev[0], bssid, "TTLS")
975 check_sp_type(dev[0], "unknown")
976
977def test_ap_hs20_username_unknown2(dev, apdev):
978 """Hotspot 2.0 connection in username/password credential (no domain advertized)"""
e7ac04ce 979 check_eap_capa(dev[0], "MSCHAPV2")
8fba2e5d
JM		 980 bssid = apdev[0]['bssid']
981 params = hs20_ap_params()
982 params['hessid'] = bssid
983 del params['domain_name']
8b8a1864 984 hostapd.add_ap(apdev[0], params)
8fba2e5d
JM		 985
986 dev[0].hs20_enable()
2232edf8 987 id = dev[0].add_cred_values({ 'realm': "example.com",
524c6c33 988 'ca_cert': "auth_serv/ca.pem",
2232edf8
JM		 989 'username': "hs20-test",
990 'password': "password",
991 'domain': "example.com" })
2f37a66d 992 interworking_select(dev[0], bssid, "unknown", freq="2412")
8fba2e5d
JM		 993 interworking_connect(dev[0], bssid, "TTLS")
994 check_sp_type(dev[0], "unknown")
d1ba402f 995
483691bd
JM		 996def test_ap_hs20_gas_while_associated(dev, apdev):
997 """Hotspot 2.0 connection with GAS query while associated"""
e7ac04ce 998 check_eap_capa(dev[0], "MSCHAPV2")
483691bd
JM		 999 bssid = apdev[0]['bssid']
1000 params = hs20_ap_params()
1001 params['hessid'] = bssid
8b8a1864 1002 hostapd.add_ap(apdev[0], params)
483691bd 1003
483691bd
JM		 1004 dev[0].hs20_enable()
1005 id = dev[0].add_cred_values({ 'realm': "example.com",
524c6c33 1006 'ca_cert': "auth_serv/ca.pem",
483691bd
JM		 1007 'username': "hs20-test",
1008 'password': "password",
1009 'domain': "example.com" })
2f37a66d 1010 interworking_select(dev[0], bssid, "home", freq="2412")
483691bd
JM		 1011 interworking_connect(dev[0], bssid, "TTLS")
1012
1013 logger.info("Verifying GAS query while associated")
1014 dev[0].request("FETCH_ANQP")
1015 for i in range(0, 6):
1016 ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
1017 if ev is None:
1018 raise Exception("Operation timed out")
1019
cd18ec3b
JM		 1020def test_ap_hs20_gas_with_another_ap_while_associated(dev, apdev):
1021 """GAS query with another AP while associated"""
1022 check_eap_capa(dev[0], "MSCHAPV2")
1023 bssid = apdev[0]['bssid']
1024 params = hs20_ap_params()
1025 params['hessid'] = bssid
8b8a1864 1026 hostapd.add_ap(apdev[0], params)
cd18ec3b
JM		 1027
1028 bssid2 = apdev[1]['bssid']
1029 params = hs20_ap_params()
1030 params['hessid'] = bssid2
1031 params['nai_realm'] = [ "0,no-match.example.org,13[5:6],21[2:4][5:7]" ]
8b8a1864 1032 hostapd.add_ap(apdev[1], params)
cd18ec3b
JM		 1033
1034 dev[0].hs20_enable()
1035 id = dev[0].add_cred_values({ 'realm': "example.com",
1036 'ca_cert': "auth_serv/ca.pem",
1037 'username': "hs20-test",
1038 'password': "password",
1039 'domain': "example.com" })
1040 interworking_select(dev[0], bssid, "home", freq="2412")
1041 interworking_connect(dev[0], bssid, "TTLS")
1042 dev[0].dump_monitor()
1043
1044 logger.info("Verifying GAS query with same AP while associated")
1045 dev[0].request("ANQP_GET " + bssid + " 263")
1046 ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
1047 if ev is None:
1048 raise Exception("ANQP operation timed out")
1049 dev[0].dump_monitor()
1050
1051 logger.info("Verifying GAS query with another AP while associated")
1052 dev[0].scan_for_bss(bssid2, 2412)
1053 dev[0].request("ANQP_GET " + bssid2 + " 263")
1054 ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
1055 if ev is None:
1056 raise Exception("ANQP operation timed out")
1057
ee2caef3
JM		 1058def test_ap_hs20_gas_while_associated_with_pmf(dev, apdev):
1059 """Hotspot 2.0 connection with GAS query while associated and using PMF"""
e7ac04ce 1060 check_eap_capa(dev[0], "MSCHAPV2")
909f13cc
JM		 1061 try:
1062 _test_ap_hs20_gas_while_associated_with_pmf(dev, apdev)
1063 finally:
1064 dev[0].request("SET pmf 0")
1065
1066def _test_ap_hs20_gas_while_associated_with_pmf(dev, apdev):
ee2caef3
JM		 1067 bssid = apdev[0]['bssid']
1068 params = hs20_ap_params()
1069 params['hessid'] = bssid
8b8a1864 1070 hostapd.add_ap(apdev[0], params)
ee2caef3
JM		 1071
1072 bssid2 = apdev[1]['bssid']
1073 params = hs20_ap_params()
1074 params['hessid'] = bssid2
1075 params['nai_realm'] = [ "0,no-match.example.org,13[5:6],21[2:4][5:7]" ]
8b8a1864 1076 hostapd.add_ap(apdev[1], params)
ee2caef3
JM		 1077
1078 dev[0].hs20_enable()
1079 dev[0].request("SET pmf 2")
1080 id = dev[0].add_cred_values({ 'realm': "example.com",
524c6c33 1081 'ca_cert': "auth_serv/ca.pem",
ee2caef3
JM		 1082 'username': "hs20-test",
1083 'password': "password",
1084 'domain': "example.com" })
1085 interworking_select(dev[0], bssid, "home", freq="2412")
1086 interworking_connect(dev[0], bssid, "TTLS")
1087
1088 logger.info("Verifying GAS query while associated")
1089 dev[0].request("FETCH_ANQP")
1090 for i in range(0, 2 * 6):
1091 ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
1092 if ev is None:
1093 raise Exception("Operation timed out")
1094
1bef9e87
JM		 1095def test_ap_hs20_gas_with_another_ap_while_using_pmf(dev, apdev):
1096 """GAS query with another AP while associated and using PMF"""
1097 check_eap_capa(dev[0], "MSCHAPV2")
1098 try:
1099 _test_ap_hs20_gas_with_another_ap_while_using_pmf(dev, apdev)
1100 finally:
1101 dev[0].request("SET pmf 0")
1102
1103def _test_ap_hs20_gas_with_another_ap_while_using_pmf(dev, apdev):
1104 bssid = apdev[0]['bssid']
1105 params = hs20_ap_params()
1106 params['hessid'] = bssid
8b8a1864 1107 hostapd.add_ap(apdev[0], params)
1bef9e87
JM		 1108
1109 bssid2 = apdev[1]['bssid']
1110 params = hs20_ap_params()
1111 params['hessid'] = bssid2
1112 params['nai_realm'] = [ "0,no-match.example.org,13[5:6],21[2:4][5:7]" ]
8b8a1864 1113 hostapd.add_ap(apdev[1], params)
1bef9e87
JM		 1114
1115 dev[0].hs20_enable()
1116 dev[0].request("SET pmf 2")
1117 id = dev[0].add_cred_values({ 'realm': "example.com",
1118 'ca_cert': "auth_serv/ca.pem",
1119 'username': "hs20-test",
1120 'password': "password",
1121 'domain': "example.com" })
1122 interworking_select(dev[0], bssid, "home", freq="2412")
1123 interworking_connect(dev[0], bssid, "TTLS")
1124 dev[0].dump_monitor()
1125
1126 logger.info("Verifying GAS query with same AP while associated")
1127 dev[0].request("ANQP_GET " + bssid + " 263")
1128 ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
1129 if ev is None:
1130 raise Exception("ANQP operation timed out")
1131 dev[0].dump_monitor()
1132
1133 logger.info("Verifying GAS query with another AP while associated")
1134 dev[0].scan_for_bss(bssid2, 2412)
1135 dev[0].request("ANQP_GET " + bssid2 + " 263")
1136 ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
1137 if ev is None:
1138 raise Exception("ANQP operation timed out")
1139
483691bd
JM		 1140def test_ap_hs20_gas_frag_while_associated(dev, apdev):
1141 """Hotspot 2.0 connection with fragmented GAS query while associated"""
e7ac04ce 1142 check_eap_capa(dev[0], "MSCHAPV2")
483691bd
JM		 1143 bssid = apdev[0]['bssid']
1144 params = hs20_ap_params()
1145 params['hessid'] = bssid
6f334bf7 1146 hapd = hostapd.add_ap(apdev[0], params)
483691bd
JM		 1147 hapd.set("gas_frag_limit", "50")
1148
483691bd
JM		 1149 dev[0].hs20_enable()
1150 id = dev[0].add_cred_values({ 'realm': "example.com",
524c6c33 1151 'ca_cert': "auth_serv/ca.pem",
483691bd
JM		 1152 'username': "hs20-test",
1153 'password': "password",
1154 'domain': "example.com" })
2f37a66d 1155 interworking_select(dev[0], bssid, "home", freq="2412")
483691bd
JM		 1156 interworking_connect(dev[0], bssid, "TTLS")
1157
1158 logger.info("Verifying GAS query while associated")
1159 dev[0].request("FETCH_ANQP")
1160 for i in range(0, 6):
1161 ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
1162 if ev is None:
1163 raise Exception("Operation timed out")
1164
6a0b4002
JM		 1165def test_ap_hs20_multiple_connects(dev, apdev):
1166 """Hotspot 2.0 connection through multiple network selections"""
e7ac04ce 1167 check_eap_capa(dev[0], "MSCHAPV2")
6a0b4002
JM		 1168 bssid = apdev[0]['bssid']
1169 params = hs20_ap_params()
1170 params['hessid'] = bssid
8b8a1864 1171 hostapd.add_ap(apdev[0], params)
6a0b4002
JM		 1172
1173 dev[0].hs20_enable()
1174 values = { 'realm': "example.com",
524c6c33 1175 'ca_cert': "auth_serv/ca.pem",
6a0b4002
JM		 1176 'username': "hs20-test",
1177 'password': "password",
1178 'domain': "example.com" }
1179 id = dev[0].add_cred_values(values)
1180
841bed04
JM		 1181 dev[0].scan_for_bss(bssid, freq="2412")
1182
6a0b4002
JM		 1183 for i in range(0, 3):
1184 logger.info("Starting Interworking network selection")
2f37a66d 1185 dev[0].request("INTERWORKING_SELECT auto freq=2412")
6a0b4002
JM		 1186 while True:
1187 ev = dev[0].wait_event(["INTERWORKING-NO-MATCH",
1188 "INTERWORKING-ALREADY-CONNECTED",
1189 "CTRL-EVENT-CONNECTED"], timeout=15)
1190 if ev is None:
1191 raise Exception("Connection timed out")
1192 if "INTERWORKING-NO-MATCH" in ev:
1193 raise Exception("Matching AP not found")
1194 if "CTRL-EVENT-CONNECTED" in ev:
1195 break
1196 if i == 2 and "INTERWORKING-ALREADY-CONNECTED" in ev:
1197 break
1198 if i == 0:
1199 dev[0].request("DISCONNECT")
1200 dev[0].dump_monitor()
1201
1202 networks = dev[0].list_networks()
1203 if len(networks) > 1:
1204 raise Exception("Duplicated network block detected")
1205
b4264f8f
JM		 1206def test_ap_hs20_disallow_aps(dev, apdev):
1207 """Hotspot 2.0 connection and disallow_aps"""
1208 bssid = apdev[0]['bssid']
1209 params = hs20_ap_params()
1210 params['hessid'] = bssid
8b8a1864 1211 hostapd.add_ap(apdev[0], params)
b4264f8f
JM		 1212
1213 dev[0].hs20_enable()
1214 values = { 'realm': "example.com",
524c6c33 1215 'ca_cert': "auth_serv/ca.pem",
b4264f8f
JM		 1216 'username': "hs20-test",
1217 'password': "password",
1218 'domain': "example.com" }
1219 id = dev[0].add_cred_values(values)
1220
841bed04
JM		 1221 dev[0].scan_for_bss(bssid, freq="2412")
1222
b4264f8f
JM		 1223 logger.info("Verify disallow_aps bssid")
1224 dev[0].request("SET disallow_aps bssid " + bssid.translate(None, ':'))
1225 dev[0].request("INTERWORKING_SELECT auto")
1226 ev = dev[0].wait_event(["INTERWORKING-NO-MATCH"], timeout=15)
1227 if ev is None:
1228 raise Exception("Network selection timed out")
1229 dev[0].dump_monitor()
1230
1231 logger.info("Verify disallow_aps ssid")
1232 dev[0].request("SET disallow_aps ssid 746573742d68733230")
2f37a66d 1233 dev[0].request("INTERWORKING_SELECT auto freq=2412")
b4264f8f
JM		 1234 ev = dev[0].wait_event(["INTERWORKING-NO-MATCH"], timeout=15)
1235 if ev is None:
1236 raise Exception("Network selection timed out")
1237 dev[0].dump_monitor()
1238
1239 logger.info("Verify disallow_aps clear")
1240 dev[0].request("SET disallow_aps ")
2f37a66d 1241 interworking_select(dev[0], bssid, "home", freq="2412")
b4264f8f
JM		 1242
1243 dev[0].request("SET disallow_aps bssid " + bssid.translate(None, ':'))
1244 ret = dev[0].request("INTERWORKING_CONNECT " + bssid)
1245 if "FAIL" not in ret:
1246 raise Exception("INTERWORKING_CONNECT to disallowed BSS not rejected")
1247
7e71fbc1
JM		 1248 if "FAIL" not in dev[0].request("INTERWORKING_CONNECT foo"):
1249 raise Exception("Invalid INTERWORKING_CONNECT not rejected")
1250 if "FAIL" not in dev[0].request("INTERWORKING_CONNECT 00:11:22:33:44:55"):
1251 raise Exception("Invalid INTERWORKING_CONNECT not rejected")
1252
d1ba402f
JM		 1253def policy_test(dev, ap, values, only_one=True):
1254 dev.dump_monitor()
19839f8e
JM		 1255 if ap:
1256 logger.info("Verify network selection to AP " + ap['ifname'])
1257 bssid = ap['bssid']
841bed04 1258 dev.scan_for_bss(bssid, freq="2412")
19839f8e
JM		 1259 else:
1260 logger.info("Verify network selection")
1261 bssid = None
d1ba402f
JM		 1262 dev.hs20_enable()
1263 id = dev.add_cred_values(values)
2f37a66d 1264 dev.request("INTERWORKING_SELECT auto freq=2412")
19839f8e 1265 events = []
d1ba402f
JM		 1266 while True:
1267 ev = dev.wait_event(["INTERWORKING-AP", "INTERWORKING-NO-MATCH",
1965cc3a 1268 "INTERWORKING-BLACKLISTED",
953a574d 1269 "INTERWORKING-SELECTED"], timeout=15)
d1ba402f 1270 if ev is None:
953a574d 1271 raise Exception("Network selection timed out")
19839f8e 1272 events.append(ev)
d1ba402f
JM		 1273 if "INTERWORKING-NO-MATCH" in ev:
1274 raise Exception("Matching AP not found")
19839f8e 1275 if bssid and only_one and "INTERWORKING-AP" in ev and bssid not in ev:
d1ba402f 1276 raise Exception("Unexpected AP claimed acceptable")
953a574d 1277 if "INTERWORKING-SELECTED" in ev:
19839f8e 1278 if bssid and bssid not in ev:
953a574d 1279 raise Exception("Selected incorrect BSS")
d1ba402f
JM		 1280 break
1281
5f35a5e2 1282 ev = dev.wait_connected(timeout=15)
19839f8e 1283 if bssid and bssid not in ev:
953a574d
JM		 1284 raise Exception("Connected to incorrect BSS")
1285
d1ba402f 1286 conn_bssid = dev.get_status_field("bssid")
19839f8e 1287 if bssid and conn_bssid != bssid:
d1ba402f
JM		 1288 raise Exception("bssid information points to incorrect BSS")
1289
1290 dev.remove_cred(id)
1291 dev.dump_monitor()
19839f8e 1292 return events
d1ba402f 1293
22653762 1294def default_cred(domain=None, user="hs20-test"):
9714fbcd 1295 cred = { 'realm': "example.com",
524c6c33 1296 'ca_cert': "auth_serv/ca.pem",
22653762 1297 'username': user,
d355372c 1298 'password': "password" }
9714fbcd
JM		 1299 if domain:
1300 cred['domain'] = domain
1301 return cred
d355372c 1302
cfa57df6
JM		 1303def test_ap_hs20_prefer_home(dev, apdev):
1304 """Hotspot 2.0 required roaming consortium"""
e7ac04ce 1305 check_eap_capa(dev[0], "MSCHAPV2")
cfa57df6
JM		 1306 params = hs20_ap_params()
1307 params['domain_name'] = "example.org"
8b8a1864 1308 hostapd.add_ap(apdev[0], params)
cfa57df6
JM		 1309
1310 params = hs20_ap_params()
1311 params['ssid'] = "test-hs20-other"
1312 params['domain_name'] = "example.com"
8b8a1864 1313 hostapd.add_ap(apdev[1], params)
cfa57df6
JM		 1314
1315 values = default_cred()
1316 values['domain'] = "example.com"
1317 policy_test(dev[0], apdev[1], values, only_one=False)
1318 values['domain'] = "example.org"
1319 policy_test(dev[0], apdev[0], values, only_one=False)
1320
d1ba402f
JM		 1321def test_ap_hs20_req_roaming_consortium(dev, apdev):
1322 """Hotspot 2.0 required roaming consortium"""
e7ac04ce 1323 check_eap_capa(dev[0], "MSCHAPV2")
d1ba402f 1324 params = hs20_ap_params()
8b8a1864 1325 hostapd.add_ap(apdev[0], params)
d1ba402f
JM		 1326
1327 params = hs20_ap_params()
1328 params['ssid'] = "test-hs20-other"
1329 params['roaming_consortium'] = [ "223344" ]
8b8a1864 1330 hostapd.add_ap(apdev[1], params)
d1ba402f 1331
d355372c
JM		 1332 values = default_cred()
1333 values['required_roaming_consortium'] = "223344"
d1ba402f
JM		 1334 policy_test(dev[0], apdev[1], values)
1335 values['required_roaming_consortium'] = "112233"
1336 policy_test(dev[0], apdev[0], values)
d355372c 1337
af70a093
JM		 1338 id = dev[0].add_cred()
1339 dev[0].set_cred(id, "required_roaming_consortium", "112233")
1340 dev[0].set_cred(id, "required_roaming_consortium", "112233445566778899aabbccddeeff")
1341
1342 for val in [ "", "1", "11", "1122", "1122334", "112233445566778899aabbccddeeff00" ]:
1343 if "FAIL" not in dev[0].request('SET_CRED {} required_roaming_consortium {}'.format(id, val)):
1344 raise Exception("Invalid roaming consortium value accepted: " + val)
1345
43e337f7
JM		 1346def test_ap_hs20_req_roaming_consortium_no_match(dev, apdev):
1347 """Hotspot 2.0 required roaming consortium and no match"""
1348 check_eap_capa(dev[0], "MSCHAPV2")
1349 params = hs20_ap_params()
1350 del params['roaming_consortium']
1351 hostapd.add_ap(apdev[0], params)
1352
1353 params = hs20_ap_params()
1354 params['ssid'] = "test-hs20-other"
1355 params['roaming_consortium'] = [ "223345" ]
1356 hostapd.add_ap(apdev[1], params)
1357
1358 values = default_cred()
1359 values['required_roaming_consortium'] = "223344"
1360 dev[0].hs20_enable()
1361 id = dev[0].add_cred_values(values)
1362 dev[0].request("INTERWORKING_SELECT auto freq=2412")
1363 ev = dev[0].wait_event(["INTERWORKING-NO-MATCH"], timeout=10)
1364 if ev is None:
1365 raise Exception("INTERWORKING-NO-MATCH not reported")
1366
d355372c
JM		 1367def test_ap_hs20_excluded_ssid(dev, apdev):
1368 """Hotspot 2.0 exclusion based on SSID"""
e7ac04ce 1369 check_eap_capa(dev[0], "MSCHAPV2")
d355372c 1370 params = hs20_ap_params()
e2afdef2
JM		 1371 params['roaming_consortium'] = [ "223344" ]
1372 params['anqp_3gpp_cell_net'] = "555,444"
8b8a1864 1373 hostapd.add_ap(apdev[0], params)
d355372c
JM		 1374
1375 params = hs20_ap_params()
1376 params['ssid'] = "test-hs20-other"
1377 params['roaming_consortium'] = [ "223344" ]
e2afdef2 1378 params['anqp_3gpp_cell_net'] = "555,444"
8b8a1864 1379 hostapd.add_ap(apdev[1], params)
d355372c
JM		 1380
1381 values = default_cred()
1382 values['excluded_ssid'] = "test-hs20"
1965cc3a
JM		 1383 events = policy_test(dev[0], apdev[1], values)
1384 ev = [e for e in events if "INTERWORKING-BLACKLISTED " + apdev[0]['bssid'] in e]
1385 if len(ev) != 1:
1386 raise Exception("Excluded network not reported")
d355372c 1387 values['excluded_ssid'] = "test-hs20-other"
1965cc3a
JM		 1388 events = policy_test(dev[0], apdev[0], values)
1389 ev = [e for e in events if "INTERWORKING-BLACKLISTED " + apdev[1]['bssid'] in e]
1390 if len(ev) != 1:
1391 raise Exception("Excluded network not reported")
d4058934 1392
e2afdef2
JM		 1393 values = default_cred()
1394 values['roaming_consortium'] = "223344"
1395 values['eap'] = "TTLS"
1396 values['phase2'] = "auth=MSCHAPV2"
1397 values['excluded_ssid'] = "test-hs20"
1398 events = policy_test(dev[0], apdev[1], values)
1399 ev = [e for e in events if "INTERWORKING-BLACKLISTED " + apdev[0]['bssid'] in e]
1400 if len(ev) != 1:
1401 raise Exception("Excluded network not reported")
1402
1403 values = { 'imsi': "555444-333222111", 'eap': "SIM",
1404 'milenage': "5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123",
1405 'excluded_ssid': "test-hs20" }
1406 events = policy_test(dev[0], apdev[1], values)
1407 ev = [e for e in events if "INTERWORKING-BLACKLISTED " + apdev[0]['bssid'] in e]
1408 if len(ev) != 1:
1409 raise Exception("Excluded network not reported")
1410
d4058934
JM		 1411def test_ap_hs20_roam_to_higher_prio(dev, apdev):
1412 """Hotspot 2.0 and roaming from current to higher priority network"""
e7ac04ce 1413 check_eap_capa(dev[0], "MSCHAPV2")
d4058934
JM		 1414 bssid = apdev[0]['bssid']
1415 params = hs20_ap_params(ssid="test-hs20-visited")
1416 params['domain_name'] = "visited.example.org"
8b8a1864 1417 hostapd.add_ap(apdev[0], params)
d4058934
JM		 1418
1419 dev[0].hs20_enable()
1420 id = dev[0].add_cred_values({ 'realm': "example.com",
524c6c33 1421 'ca_cert': "auth_serv/ca.pem",
d4058934
JM		 1422 'username': "hs20-test",
1423 'password': "password",
1424 'domain': "example.com" })
1425 logger.info("Connect to the only network option")
1426 interworking_select(dev[0], bssid, "roaming", freq="2412")
1427 dev[0].dump_monitor()
1428 interworking_connect(dev[0], bssid, "TTLS")
1429
1430 logger.info("Start another AP (home operator) and reconnect")
1431 bssid2 = apdev[1]['bssid']
1432 params = hs20_ap_params(ssid="test-hs20-home")
1433 params['domain_name'] = "example.com"
8b8a1864 1434 hostapd.add_ap(apdev[1], params)
d4058934 1435
841bed04 1436 dev[0].scan_for_bss(bssid2, freq="2412", force_scan=True)
d4058934
JM		 1437 dev[0].request("INTERWORKING_SELECT auto freq=2412")
1438 ev = dev[0].wait_event(["INTERWORKING-NO-MATCH",
1439 "INTERWORKING-ALREADY-CONNECTED",
1440 "CTRL-EVENT-CONNECTED"], timeout=15)
1441 if ev is None:
1442 raise Exception("Connection timed out")
1443 if "INTERWORKING-NO-MATCH" in ev:
1444 raise Exception("Matching AP not found")
1445 if "INTERWORKING-ALREADY-CONNECTED" in ev:
1446 raise Exception("Unexpected AP selected")
1447 if bssid2 not in ev:
1448 raise Exception("Unexpected BSSID after reconnection")
12c587a5 1449
24579e70 1450def test_ap_hs20_domain_suffix_match_full(dev, apdev):
12c587a5 1451 """Hotspot 2.0 and domain_suffix_match"""
e78eb404 1452 check_domain_match_full(dev[0])
e7ac04ce 1453 check_eap_capa(dev[0], "MSCHAPV2")
12c587a5
JM		 1454 bssid = apdev[0]['bssid']
1455 params = hs20_ap_params()
8b8a1864 1456 hostapd.add_ap(apdev[0], params)
12c587a5
JM		 1457
1458 dev[0].hs20_enable()
1459 id = dev[0].add_cred_values({ 'realm': "example.com",
1460 'username': "hs20-test",
1461 'password': "password",
524c6c33 1462 'ca_cert': "auth_serv/ca.pem",
12c587a5 1463 'domain': "example.com",
24579e70 1464 'domain_suffix_match': "server.w1.fi" })
12c587a5
JM		 1465 interworking_select(dev[0], bssid, "home", freq="2412")
1466 dev[0].dump_monitor()
1467 interworking_connect(dev[0], bssid, "TTLS")
1468 dev[0].request("REMOVE_NETWORK all")
1469 dev[0].dump_monitor()
1470
1471 dev[0].set_cred_quoted(id, "domain_suffix_match", "no-match.example.com")
1472 interworking_select(dev[0], bssid, "home", freq="2412")
1473 dev[0].dump_monitor()
1474 dev[0].request("INTERWORKING_CONNECT " + bssid)
1475 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"])
1476 if ev is None:
1477 raise Exception("TLS certificate error not reported")
1478 if "Domain suffix mismatch" not in ev:
1479 raise Exception("Domain suffix mismatch not reported")
078683ac 1480
24579e70
JM		 1481def test_ap_hs20_domain_suffix_match(dev, apdev):
1482 """Hotspot 2.0 and domain_suffix_match"""
e7ac04ce 1483 check_eap_capa(dev[0], "MSCHAPV2")
24579e70
JM		 1484 check_domain_match_full(dev[0])
1485 bssid = apdev[0]['bssid']
1486 params = hs20_ap_params()
8b8a1864 1487 hostapd.add_ap(apdev[0], params)
24579e70
JM		 1488
1489 dev[0].hs20_enable()
1490 id = dev[0].add_cred_values({ 'realm': "example.com",
1491 'username': "hs20-test",
1492 'password': "password",
1493 'ca_cert': "auth_serv/ca.pem",
1494 'domain': "example.com",
1495 'domain_suffix_match': "w1.fi" })
1496 interworking_select(dev[0], bssid, "home", freq="2412")
1497 dev[0].dump_monitor()
1498 interworking_connect(dev[0], bssid, "TTLS")
1499
2253ea44
JM		 1500def test_ap_hs20_roaming_partner_preference(dev, apdev):
1501 """Hotspot 2.0 and roaming partner preference"""
e7ac04ce 1502 check_eap_capa(dev[0], "MSCHAPV2")
2253ea44
JM		 1503 params = hs20_ap_params()
1504 params['domain_name'] = "roaming.example.org"
8b8a1864 1505 hostapd.add_ap(apdev[0], params)
2253ea44
JM		 1506
1507 params = hs20_ap_params()
1508 params['ssid'] = "test-hs20-other"
1509 params['domain_name'] = "roaming.example.net"
8b8a1864 1510 hostapd.add_ap(apdev[1], params)
2253ea44
JM		 1511
1512 logger.info("Verify default vs. specified preference")
1513 values = default_cred()
1514 values['roaming_partner'] = "roaming.example.net,1,127,*"
1515 policy_test(dev[0], apdev[1], values, only_one=False)
1516 values['roaming_partner'] = "roaming.example.net,1,129,*"
1517 policy_test(dev[0], apdev[0], values, only_one=False)
1518
1519 logger.info("Verify partial FQDN match")
1520 values['roaming_partner'] = "example.net,0,0,*"
1521 policy_test(dev[0], apdev[1], values, only_one=False)
1522 values['roaming_partner'] = "example.net,0,255,*"
1523 policy_test(dev[0], apdev[0], values, only_one=False)
1524
19839f8e
JM		 1525def test_ap_hs20_max_bss_load(dev, apdev):
1526 """Hotspot 2.0 and maximum BSS load"""
e7ac04ce 1527 check_eap_capa(dev[0], "MSCHAPV2")
19839f8e
JM		 1528 params = hs20_ap_params()
1529 params['bss_load_test'] = "12:200:20000"
8b8a1864 1530 hostapd.add_ap(apdev[0], params)
19839f8e
JM		 1531
1532 params = hs20_ap_params()
1533 params['ssid'] = "test-hs20-other"
1534 params['bss_load_test'] = "5:20:10000"
8b8a1864 1535 hostapd.add_ap(apdev[1], params)
19839f8e
JM		 1536
1537 logger.info("Verify maximum BSS load constraint")
1538 values = default_cred()
1539 values['domain'] = "example.com"
1540 values['max_bss_load'] = "100"
1541 events = policy_test(dev[0], apdev[1], values, only_one=False)
1542
1543 ev = [e for e in events if "INTERWORKING-AP " + apdev[0]['bssid'] in e]
1544 if len(ev) != 1 or "over_max_bss_load=1" not in ev[0]:
1545 raise Exception("Maximum BSS Load case not noticed")
1546 ev = [e for e in events if "INTERWORKING-AP " + apdev[1]['bssid'] in e]
1547 if len(ev) != 1 or "over_max_bss_load=1" in ev[0]:
1548 raise Exception("Maximum BSS Load case reported incorrectly")
1549
1550 logger.info("Verify maximum BSS load does not prevent connection")
1551 values['max_bss_load'] = "1"
1552 events = policy_test(dev[0], None, values)
1553
1554 ev = [e for e in events if "INTERWORKING-AP " + apdev[0]['bssid'] in e]
1555 if len(ev) != 1 or "over_max_bss_load=1" not in ev[0]:
1556 raise Exception("Maximum BSS Load case not noticed")
1557 ev = [e for e in events if "INTERWORKING-AP " + apdev[1]['bssid'] in e]
1558 if len(ev) != 1 or "over_max_bss_load=1" not in ev[0]:
1559 raise Exception("Maximum BSS Load case not noticed")
1560
1561def test_ap_hs20_max_bss_load2(dev, apdev):
1562 """Hotspot 2.0 and maximum BSS load with one AP not advertising"""
e7ac04ce 1563 check_eap_capa(dev[0], "MSCHAPV2")
19839f8e
JM		 1564 params = hs20_ap_params()
1565 params['bss_load_test'] = "12:200:20000"
8b8a1864 1566 hostapd.add_ap(apdev[0], params)
19839f8e
JM		 1567
1568 params = hs20_ap_params()
1569 params['ssid'] = "test-hs20-other"
8b8a1864 1570 hostapd.add_ap(apdev[1], params)
19839f8e
JM		 1571
1572 logger.info("Verify maximum BSS load constraint with AP advertisement")
1573 values = default_cred()
1574 values['domain'] = "example.com"
1575 values['max_bss_load'] = "100"
1576 events = policy_test(dev[0], apdev[1], values, only_one=False)
1577
1578 ev = [e for e in events if "INTERWORKING-AP " + apdev[0]['bssid'] in e]
1579 if len(ev) != 1 or "over_max_bss_load=1" not in ev[0]:
1580 raise Exception("Maximum BSS Load case not noticed")
1581 ev = [e for e in events if "INTERWORKING-AP " + apdev[1]['bssid'] in e]
1582 if len(ev) != 1 or "over_max_bss_load=1" in ev[0]:
1583 raise Exception("Maximum BSS Load case reported incorrectly")
1584
1169516b
JM		 1585def test_ap_hs20_max_bss_load_roaming(dev, apdev):
1586 """Hotspot 2.0 and maximum BSS load (roaming)"""
1587 check_eap_capa(dev[0], "MSCHAPV2")
1588 params = hs20_ap_params()
1589 params['bss_load_test'] = "12:200:20000"
1590 hostapd.add_ap(apdev[0], params)
1591
1592 values = default_cred()
1593 values['domain'] = "roaming.example.com"
1594 values['max_bss_load'] = "100"
1595 events = policy_test(dev[0], apdev[0], values, only_one=True)
1596 ev = [e for e in events if "INTERWORKING-AP " + apdev[0]['bssid'] in e]
1597 if len(ev) != 1:
1598 raise Exception("No INTERWORKING-AP event")
1599 if "over_max_bss_load=1" in ev[0]:
1600 raise Exception("Maximum BSS Load reported for roaming")
1601
078683ac
JM		 1602def test_ap_hs20_multi_cred_sp_prio(dev, apdev):
1603 """Hotspot 2.0 multi-cred sp_priority"""
e7ac04ce 1604 check_eap_capa(dev[0], "MSCHAPV2")
47dcb118 1605 try:
81e787b7 1606 _test_ap_hs20_multi_cred_sp_prio(dev, apdev)
47dcb118
JM		 1607 finally:
1608 dev[0].request("SET external_sim 0")
1609
1610def _test_ap_hs20_multi_cred_sp_prio(dev, apdev):
81e787b7 1611 hlr_auc_gw_available()
078683ac
JM		 1612 bssid = apdev[0]['bssid']
1613 params = hs20_ap_params()
1614 params['hessid'] = bssid
1615 del params['domain_name']
1616 params['anqp_3gpp_cell_net'] = "232,01"
8b8a1864 1617 hostapd.add_ap(apdev[0], params)
078683ac
JM		 1618
1619 dev[0].hs20_enable()
852cb016 1620 dev[0].scan_for_bss(bssid, freq="2412")
078683ac
JM		 1621 dev[0].request("SET external_sim 1")
1622 id1 = dev[0].add_cred_values({ 'imsi': "23201-0000000000", 'eap': "SIM",
1623 'provisioning_sp': "example.com",
1624 'sp_priority' :"1" })
1625 id2 = dev[0].add_cred_values({ 'realm': "example.com",
524c6c33 1626 'ca_cert': "auth_serv/ca.pem",
078683ac
JM		 1627 'username': "hs20-test",
1628 'password': "password",
1629 'domain': "example.com",
1630 'provisioning_sp': "example.com",
1631 'sp_priority': "2" })
1632 dev[0].dump_monitor()
852cb016 1633 dev[0].scan_for_bss(bssid, freq="2412")
0b651713 1634 dev[0].request("INTERWORKING_SELECT auto freq=2412")
078683ac
JM		 1635 interworking_ext_sim_auth(dev[0], "SIM")
1636 check_sp_type(dev[0], "unknown")
1637 dev[0].request("REMOVE_NETWORK all")
1638
1639 dev[0].set_cred(id1, "sp_priority", "2")
1640 dev[0].set_cred(id2, "sp_priority", "1")
1641 dev[0].dump_monitor()
0b651713 1642 dev[0].request("INTERWORKING_SELECT auto freq=2412")
078683ac
JM		 1643 interworking_auth(dev[0], "TTLS")
1644 check_sp_type(dev[0], "unknown")
1645
1646def test_ap_hs20_multi_cred_sp_prio2(dev, apdev):
1647 """Hotspot 2.0 multi-cred sp_priority with two BSSes"""
e7ac04ce 1648 check_eap_capa(dev[0], "MSCHAPV2")
47dcb118 1649 try:
81e787b7 1650 _test_ap_hs20_multi_cred_sp_prio2(dev, apdev)
47dcb118
JM		 1651 finally:
1652 dev[0].request("SET external_sim 0")
1653
1654def _test_ap_hs20_multi_cred_sp_prio2(dev, apdev):
81e787b7 1655 hlr_auc_gw_available()
078683ac
JM		 1656 bssid = apdev[0]['bssid']
1657 params = hs20_ap_params()
1658 params['hessid'] = bssid
1659 del params['nai_realm']
1660 del params['domain_name']
1661 params['anqp_3gpp_cell_net'] = "232,01"
8b8a1864 1662 hostapd.add_ap(apdev[0], params)
078683ac
JM		 1663
1664 bssid2 = apdev[1]['bssid']
1665 params = hs20_ap_params()
1666 params['ssid'] = "test-hs20-other"
1667 params['hessid'] = bssid2
1668 del params['domain_name']
1669 del params['anqp_3gpp_cell_net']
8b8a1864 1670 hostapd.add_ap(apdev[1], params)
078683ac
JM		 1671
1672 dev[0].hs20_enable()
1673 dev[0].request("SET external_sim 1")
1674 id1 = dev[0].add_cred_values({ 'imsi': "23201-0000000000", 'eap': "SIM",
1675 'provisioning_sp': "example.com",
1676 'sp_priority': "1" })
1677 id2 = dev[0].add_cred_values({ 'realm': "example.com",
524c6c33 1678 'ca_cert': "auth_serv/ca.pem",
078683ac
JM		 1679 'username': "hs20-test",
1680 'password': "password",
1681 'domain': "example.com",
1682 'provisioning_sp': "example.com",
1683 'sp_priority': "2" })
1684 dev[0].dump_monitor()
852cb016
JM		 1685 dev[0].scan_for_bss(bssid, freq="2412")
1686 dev[0].scan_for_bss(bssid2, freq="2412")
0b651713 1687 dev[0].request("INTERWORKING_SELECT auto freq=2412")
078683ac
JM		 1688 interworking_ext_sim_auth(dev[0], "SIM")
1689 check_sp_type(dev[0], "unknown")
1690 conn_bssid = dev[0].get_status_field("bssid")
1691 if conn_bssid != bssid:
1692 raise Exception("Connected to incorrect BSS")
1693 dev[0].request("REMOVE_NETWORK all")
1694
1695 dev[0].set_cred(id1, "sp_priority", "2")
1696 dev[0].set_cred(id2, "sp_priority", "1")
1697 dev[0].dump_monitor()
0b651713 1698 dev[0].request("INTERWORKING_SELECT auto freq=2412")
078683ac
JM		 1699 interworking_auth(dev[0], "TTLS")
1700 check_sp_type(dev[0], "unknown")
1701 conn_bssid = dev[0].get_status_field("bssid")
1702 if conn_bssid != bssid2:
1703 raise Exception("Connected to incorrect BSS")
5e32f825 1704
04f4a1f5
JM		 1705def test_ap_hs20_multi_cred_sp_prio_same(dev, apdev):
1706 """Hotspot 2.0 multi-cred and same sp_priority"""
1707 check_eap_capa(dev[0], "MSCHAPV2")
1708 hlr_auc_gw_available()
1709 bssid = apdev[0]['bssid']
1710 params = hs20_ap_params()
1711 params['hessid'] = bssid
1712 del params['domain_name']
1713 params['anqp_3gpp_cell_net'] = "232,01"
1714 hostapd.add_ap(apdev[0], params)
1715
1716 dev[0].hs20_enable()
1717 dev[0].scan_for_bss(bssid, freq="2412")
1718 id1 = dev[0].add_cred_values({ 'realm': "example.com",
1719 'ca_cert': "auth_serv/ca.pem",
1720 'username': "hs20-test",
1721 'password': "password",
1722 'domain': "domain1.example.com",
1723 'provisioning_sp': "example.com",
1724 'sp_priority': "1" })
1725 id2 = dev[0].add_cred_values({ 'realm': "example.com",
1726 'ca_cert': "auth_serv/ca.pem",
1727 'username': "hs20-test",
1728 'password': "password",
1729 'domain': "domain2.example.com",
1730 'provisioning_sp': "example.com",
1731 'sp_priority': "1" })
1732 dev[0].dump_monitor()
1733 dev[0].scan_for_bss(bssid, freq="2412")
1734 check_auto_select(dev[0], bssid)
1735
a3dd0478
JM		 1736def check_conn_capab_selection(dev, type, missing):
1737 dev.request("INTERWORKING_SELECT freq=2412")
1738 ev = dev.wait_event(["INTERWORKING-AP"])
1739 if ev is None:
bc6e3288 1740 raise Exception("Network selection timed out")
a3dd0478
JM		 1741 if "type=" + type not in ev:
1742 raise Exception("Unexpected network type")
1743 if missing and "conn_capab_missing=1" not in ev:
1744 raise Exception("conn_capab_missing not reported")
1745 if not missing and "conn_capab_missing=1" in ev:
1746 raise Exception("conn_capab_missing reported unexpectedly")
1747
1748def conn_capab_cred(domain=None, req_conn_capab=None):
1749 cred = default_cred(domain=domain)
1750 if req_conn_capab:
1751 cred['req_conn_capab'] = req_conn_capab
1752 return cred
1753
18153179
JM		 1754def test_ap_hs20_req_conn_capab(dev, apdev):
1755 """Hotspot 2.0 network selection with req_conn_capab"""
e7ac04ce 1756 check_eap_capa(dev[0], "MSCHAPV2")
18153179
JM		 1757 bssid = apdev[0]['bssid']
1758 params = hs20_ap_params()
8b8a1864 1759 hostapd.add_ap(apdev[0], params)
18153179
JM		 1760
1761 dev[0].hs20_enable()
852cb016 1762 dev[0].scan_for_bss(bssid, freq="2412")
18153179 1763 logger.info("Not used in home network")
a3dd0478
JM		 1764 values = conn_capab_cred(domain="example.com", req_conn_capab="6:1234")
1765 id = dev[0].add_cred_values(values)
1766 check_conn_capab_selection(dev[0], "home", False)
18153179
JM		 1767
1768 logger.info("Used in roaming network")
1769 dev[0].remove_cred(id)
a3dd0478
JM		 1770 values = conn_capab_cred(domain="example.org", req_conn_capab="6:1234")
1771 id = dev[0].add_cred_values(values)
1772 check_conn_capab_selection(dev[0], "roaming", True)
18153179
JM		 1773
1774 logger.info("Verify that req_conn_capab does not prevent connection if no other network is available")
a3dd0478
JM		 1775 check_auto_select(dev[0], bssid)
1776
1777 logger.info("Additional req_conn_capab checks")
1778
1779 dev[0].remove_cred(id)
1780 values = conn_capab_cred(domain="example.org", req_conn_capab="1:0")
1781 id = dev[0].add_cred_values(values)
1782 check_conn_capab_selection(dev[0], "roaming", True)
1783
1784 dev[0].remove_cred(id)
1785 values = conn_capab_cred(domain="example.org", req_conn_capab="17:5060")
1786 id = dev[0].add_cred_values(values)
1787 check_conn_capab_selection(dev[0], "roaming", True)
1788
1789 bssid2 = apdev[1]['bssid']
1790 params = hs20_ap_params(ssid="test-hs20b")
1791 params['hs20_conn_capab'] = [ "1:0:2", "6:22:1", "17:5060:0", "50:0:1" ]
8b8a1864 1792 hostapd.add_ap(apdev[1], params)
a3dd0478
JM		 1793
1794 dev[0].remove_cred(id)
1795 values = conn_capab_cred(domain="example.org", req_conn_capab="50")
1796 id = dev[0].add_cred_values(values)
1797 dev[0].set_cred(id, "req_conn_capab", "6:22")
841bed04 1798 dev[0].scan_for_bss(bssid2, freq="2412")
a3dd0478
JM		 1799 dev[0].request("INTERWORKING_SELECT freq=2412")
1800 for i in range(0, 2):
1801 ev = dev[0].wait_event(["INTERWORKING-AP"])
1802 if ev is None:
bc6e3288 1803 raise Exception("Network selection timed out")
a3dd0478
JM		 1804 if bssid in ev and "conn_capab_missing=1" not in ev:
1805 raise Exception("Missing protocol connection capability not reported")
1806 if bssid2 in ev and "conn_capab_missing=1" in ev:
1807 raise Exception("Protocol connection capability not reported correctly")
1808
1809def test_ap_hs20_req_conn_capab_and_roaming_partner_preference(dev, apdev):
1810 """Hotspot 2.0 and req_conn_capab with roaming partner preference"""
e7ac04ce 1811 check_eap_capa(dev[0], "MSCHAPV2")
a3dd0478
JM		 1812 bssid = apdev[0]['bssid']
1813 params = hs20_ap_params()
1814 params['domain_name'] = "roaming.example.org"
1815 params['hs20_conn_capab'] = [ "1:0:2", "6:22:1", "17:5060:0", "50:0:1" ]
8b8a1864 1816 hostapd.add_ap(apdev[0], params)
a3dd0478
JM		 1817
1818 bssid2 = apdev[1]['bssid']
1819 params = hs20_ap_params(ssid="test-hs20-b")
1820 params['domain_name'] = "roaming.example.net"
8b8a1864 1821 hostapd.add_ap(apdev[1], params)
a3dd0478
JM		 1822
1823 values = default_cred()
1824 values['roaming_partner'] = "roaming.example.net,1,127,*"
1825 id = dev[0].add_cred_values(values)
1826 check_auto_select(dev[0], bssid2)
1827
1828 dev[0].set_cred(id, "req_conn_capab", "50")
1829 check_auto_select(dev[0], bssid)
1830
1831 dev[0].remove_cred(id)
1832 id = dev[0].add_cred_values(values)
1833 dev[0].set_cred(id, "req_conn_capab", "51")
1834 check_auto_select(dev[0], bssid2)
18153179 1835
9714fbcd
JM		 1836def check_bandwidth_selection(dev, type, below):
1837 dev.request("INTERWORKING_SELECT freq=2412")
1838 ev = dev.wait_event(["INTERWORKING-AP"])
1839 if ev is None:
bc6e3288 1840 raise Exception("Network selection timed out")
092ac7bb 1841 logger.debug("BSS entries:\n" + dev.request("BSS RANGE=ALL"))
9714fbcd
JM		 1842 if "type=" + type not in ev:
1843 raise Exception("Unexpected network type")
1844 if below and "below_min_backhaul=1" not in ev:
1845 raise Exception("below_min_backhaul not reported")
1846 if not below and "below_min_backhaul=1" in ev:
1847 raise Exception("below_min_backhaul reported unexpectedly")
1848
1849def bw_cred(domain=None, dl_home=None, ul_home=None, dl_roaming=None, ul_roaming=None):
1850 cred = default_cred(domain=domain)
1851 if dl_home:
1852 cred['min_dl_bandwidth_home'] = str(dl_home)
1853 if ul_home:
1854 cred['min_ul_bandwidth_home'] = str(ul_home)
1855 if dl_roaming:
1856 cred['min_dl_bandwidth_roaming'] = str(dl_roaming)
1857 if ul_roaming:
1858 cred['min_ul_bandwidth_roaming'] = str(ul_roaming)
1859 return cred
1860
1861def test_ap_hs20_min_bandwidth_home(dev, apdev):
1862 """Hotspot 2.0 network selection with min bandwidth (home)"""
e7ac04ce 1863 check_eap_capa(dev[0], "MSCHAPV2")
9714fbcd
JM		 1864 bssid = apdev[0]['bssid']
1865 params = hs20_ap_params()
8b8a1864 1866 hostapd.add_ap(apdev[0], params)
9714fbcd
JM		 1867
1868 dev[0].hs20_enable()
852cb016 1869 dev[0].scan_for_bss(bssid, freq="2412")
9714fbcd
JM		 1870 values = bw_cred(domain="example.com", dl_home=5490, ul_home=58)
1871 id = dev[0].add_cred_values(values)
1872 check_bandwidth_selection(dev[0], "home", False)
1873 dev[0].remove_cred(id)
1874
1875 values = bw_cred(domain="example.com", dl_home=5491, ul_home=58)
1876 id = dev[0].add_cred_values(values)
1877 check_bandwidth_selection(dev[0], "home", True)
1878 dev[0].remove_cred(id)
1879
1880 values = bw_cred(domain="example.com", dl_home=5490, ul_home=59)
1881 id = dev[0].add_cred_values(values)
1882 check_bandwidth_selection(dev[0], "home", True)
1883 dev[0].remove_cred(id)
1884
1885 values = bw_cred(domain="example.com", dl_home=5491, ul_home=59)
1886 id = dev[0].add_cred_values(values)
1887 check_bandwidth_selection(dev[0], "home", True)
1888 check_auto_select(dev[0], bssid)
1889
1890 bssid2 = apdev[1]['bssid']
1891 params = hs20_ap_params(ssid="test-hs20-b")
1892 params['hs20_wan_metrics'] = "01:8000:1000:1:1:3000"
8b8a1864 1893 hostapd.add_ap(apdev[1], params)
9714fbcd
JM		 1894
1895 check_auto_select(dev[0], bssid2)
1896
a0061cf4
JM		 1897def test_ap_hs20_min_bandwidth_home2(dev, apdev):
1898 """Hotspot 2.0 network selection with min bandwidth - special cases"""
1899 check_eap_capa(dev[0], "MSCHAPV2")
1900 bssid = apdev[0]['bssid']
1901 params = hs20_ap_params()
1902 hapd = hostapd.add_ap(apdev[0], params)
1903
1904 dev[0].hs20_enable()
1905 dev[0].scan_for_bss(bssid, freq="2412")
1906 values = bw_cred(domain="example.com", dl_home=5490, ul_home=58)
1907 id = dev[0].add_cred_values(values)
1908 check_bandwidth_selection(dev[0], "home", False)
1909
1910 logger.info("WAN link at capacity")
1911 hapd.set('hs20_wan_metrics', "09:8000:1000:80:240:3000")
1912 check_bandwidth_selection(dev[0], "home", True)
1913
1914 logger.info("Downlink/Uplink Load was not measured")
1915 hapd.set('hs20_wan_metrics', "01:8000:1000:80:240:0")
1916 check_bandwidth_selection(dev[0], "home", False)
1917
1918 logger.info("Uplink and Downlink max values")
1919 hapd.set('hs20_wan_metrics', "01:4294967295:4294967295:80:240:3000")
1920 check_bandwidth_selection(dev[0], "home", False)
1921
1922 dev[0].remove_cred(id)
1923
092ac7bb
JM		 1924def test_ap_hs20_min_bandwidth_home_hidden_ssid_in_scan_res(dev, apdev):
1925 """Hotspot 2.0 network selection with min bandwidth (home) while hidden SSID is included in scan results"""
e7ac04ce 1926 check_eap_capa(dev[0], "MSCHAPV2")
092ac7bb
JM		 1927 bssid = apdev[0]['bssid']
1928
8b8a1864
JD		 1929 hapd = hostapd.add_ap(apdev[0], { "ssid": 'secret',
1930 "ignore_broadcast_ssid": "1" })
092ac7bb
JM		 1931 dev[0].scan_for_bss(bssid, freq=2412)
1932 hapd.disable()
dc6342de 1933 hapd_global = hostapd.HostapdGlobal(apdev[0])
092ac7bb
JM		 1934 hapd_global.flush()
1935 hapd_global.remove(apdev[0]['ifname'])
1936
1937 params = hs20_ap_params()
8b8a1864 1938 hostapd.add_ap(apdev[0], params)
092ac7bb
JM		 1939
1940 dev[0].hs20_enable()
1941 dev[0].scan_for_bss(bssid, freq="2412")
1942 values = bw_cred(domain="example.com", dl_home=5490, ul_home=58)
1943 id = dev[0].add_cred_values(values)
1944 check_bandwidth_selection(dev[0], "home", False)
1945 dev[0].remove_cred(id)
1946
1947 values = bw_cred(domain="example.com", dl_home=5491, ul_home=58)
1948 id = dev[0].add_cred_values(values)
1949 check_bandwidth_selection(dev[0], "home", True)
1950 dev[0].remove_cred(id)
1951
1952 values = bw_cred(domain="example.com", dl_home=5490, ul_home=59)
1953 id = dev[0].add_cred_values(values)
1954 check_bandwidth_selection(dev[0], "home", True)
1955 dev[0].remove_cred(id)
1956
1957 values = bw_cred(domain="example.com", dl_home=5491, ul_home=59)
1958 id = dev[0].add_cred_values(values)
1959 check_bandwidth_selection(dev[0], "home", True)
1960 check_auto_select(dev[0], bssid)
1961
1962 bssid2 = apdev[1]['bssid']
1963 params = hs20_ap_params(ssid="test-hs20-b")
1964 params['hs20_wan_metrics'] = "01:8000:1000:1:1:3000"
8b8a1864 1965 hostapd.add_ap(apdev[1], params)
092ac7bb
JM		 1966
1967 check_auto_select(dev[0], bssid2)
1968
1969 dev[0].flush_scan_cache()
1970
9714fbcd
JM		 1971def test_ap_hs20_min_bandwidth_roaming(dev, apdev):
1972 """Hotspot 2.0 network selection with min bandwidth (roaming)"""
e7ac04ce 1973 check_eap_capa(dev[0], "MSCHAPV2")
9714fbcd
JM		 1974 bssid = apdev[0]['bssid']
1975 params = hs20_ap_params()
8b8a1864 1976 hostapd.add_ap(apdev[0], params)
9714fbcd
JM		 1977
1978 dev[0].hs20_enable()
852cb016 1979 dev[0].scan_for_bss(bssid, freq="2412")
9714fbcd
JM		 1980 values = bw_cred(domain="example.org", dl_roaming=5490, ul_roaming=58)
1981 id = dev[0].add_cred_values(values)
1982 check_bandwidth_selection(dev[0], "roaming", False)
1983 dev[0].remove_cred(id)
1984
1985 values = bw_cred(domain="example.org", dl_roaming=5491, ul_roaming=58)
1986 id = dev[0].add_cred_values(values)
1987 check_bandwidth_selection(dev[0], "roaming", True)
1988 dev[0].remove_cred(id)
1989
1990 values = bw_cred(domain="example.org", dl_roaming=5490, ul_roaming=59)
1991 id = dev[0].add_cred_values(values)
1992 check_bandwidth_selection(dev[0], "roaming", True)
1993 dev[0].remove_cred(id)
1994
1995 values = bw_cred(domain="example.org", dl_roaming=5491, ul_roaming=59)
1996 id = dev[0].add_cred_values(values)
1997 check_bandwidth_selection(dev[0], "roaming", True)
1998 check_auto_select(dev[0], bssid)
1999
2000 bssid2 = apdev[1]['bssid']
2001 params = hs20_ap_params(ssid="test-hs20-b")
2002 params['hs20_wan_metrics'] = "01:8000:1000:1:1:3000"
8b8a1864 2003 hostapd.add_ap(apdev[1], params)
9714fbcd
JM		 2004
2005 check_auto_select(dev[0], bssid2)
2006
2007def test_ap_hs20_min_bandwidth_and_roaming_partner_preference(dev, apdev):
2008 """Hotspot 2.0 and minimum bandwidth with roaming partner preference"""
e7ac04ce 2009 check_eap_capa(dev[0], "MSCHAPV2")
9714fbcd
JM		 2010 bssid = apdev[0]['bssid']
2011 params = hs20_ap_params()
2012 params['domain_name'] = "roaming.example.org"
2013 params['hs20_wan_metrics'] = "01:8000:1000:1:1:3000"
8b8a1864 2014 hostapd.add_ap(apdev[0], params)
9714fbcd
JM		 2015
2016 bssid2 = apdev[1]['bssid']
2017 params = hs20_ap_params(ssid="test-hs20-b")
2018 params['domain_name'] = "roaming.example.net"
8b8a1864 2019 hostapd.add_ap(apdev[1], params)
9714fbcd
JM		 2020
2021 values = default_cred()
2022 values['roaming_partner'] = "roaming.example.net,1,127,*"
2023 id = dev[0].add_cred_values(values)
2024 check_auto_select(dev[0], bssid2)
2025
2026 dev[0].set_cred(id, "min_dl_bandwidth_roaming", "6000")
2027 check_auto_select(dev[0], bssid)
2028
2029 dev[0].set_cred(id, "min_dl_bandwidth_roaming", "10000")
2030 check_auto_select(dev[0], bssid2)
2031
2032def test_ap_hs20_min_bandwidth_no_wan_metrics(dev, apdev):
2033 """Hotspot 2.0 network selection with min bandwidth but no WAN Metrics"""
2034 bssid = apdev[0]['bssid']
2035 params = hs20_ap_params()
2036 del params['hs20_wan_metrics']
8b8a1864 2037 hostapd.add_ap(apdev[0], params)
9714fbcd
JM		 2038
2039 dev[0].hs20_enable()
852cb016 2040 dev[0].scan_for_bss(bssid, freq="2412")
9714fbcd
JM		 2041 values = bw_cred(domain="example.com", dl_home=10000, ul_home=10000,
2042 dl_roaming=10000, ul_roaming=10000)
2043 dev[0].add_cred_values(values)
2044 check_bandwidth_selection(dev[0], "home", False)
2045
5e32f825
JM		 2046def test_ap_hs20_deauth_req_ess(dev, apdev):
2047 """Hotspot 2.0 connection and deauthentication request for ESS"""
e7ac04ce 2048 check_eap_capa(dev[0], "MSCHAPV2")
909f13cc
JM		 2049 try:
2050 _test_ap_hs20_deauth_req_ess(dev, apdev)
2051 finally:
2052 dev[0].request("SET pmf 0")
2053
2054def _test_ap_hs20_deauth_req_ess(dev, apdev):
5e32f825
JM		 2055 dev[0].request("SET pmf 2")
2056 eap_test(dev[0], apdev[0], "21[3:26]", "TTLS", "user")
2057 dev[0].dump_monitor()
2058 addr = dev[0].p2p_interface_addr()
2059 hapd = hostapd.Hostapd(apdev[0]['ifname'])
2060 hapd.request("HS20_DEAUTH_REQ " + addr + " 1 120 http://example.com/")
2061 ev = dev[0].wait_event(["HS20-DEAUTH-IMMINENT-NOTICE"])
2062 if ev is None:
2063 raise Exception("Timeout on deauth imminent notice")
2064 if "1 120 http://example.com/" not in ev:
2065 raise Exception("Unexpected deauth imminent notice: " + ev)
2066 hapd.request("DEAUTHENTICATE " + addr)
5f35a5e2 2067 dev[0].wait_disconnected(timeout=10)
c61e5a82
JM		 2068 if "[TEMP-DISABLED]" not in dev[0].list_networks()[0]['flags']:
2069 raise Exception("Network not marked temporarily disabled")
5e32f825
JM		 2070 ev = dev[0].wait_event(["SME: Trying to authenticate",
2071 "Trying to associate",
2072 "CTRL-EVENT-CONNECTED"], timeout=5)
2073 if ev is not None:
2074 raise Exception("Unexpected connection attempt")
2075
2076def test_ap_hs20_deauth_req_bss(dev, apdev):
2077 """Hotspot 2.0 connection and deauthentication request for BSS"""
e7ac04ce 2078 check_eap_capa(dev[0], "MSCHAPV2")
909f13cc
JM		 2079 try:
2080 _test_ap_hs20_deauth_req_bss(dev, apdev)
2081 finally:
2082 dev[0].request("SET pmf 0")
2083
2084def _test_ap_hs20_deauth_req_bss(dev, apdev):
5e32f825
JM		 2085 dev[0].request("SET pmf 2")
2086 eap_test(dev[0], apdev[0], "21[3:26]", "TTLS", "user")
2087 dev[0].dump_monitor()
2088 addr = dev[0].p2p_interface_addr()
2089 hapd = hostapd.Hostapd(apdev[0]['ifname'])
2090 hapd.request("HS20_DEAUTH_REQ " + addr + " 0 120 http://example.com/")
2091 ev = dev[0].wait_event(["HS20-DEAUTH-IMMINENT-NOTICE"])
2092 if ev is None:
2093 raise Exception("Timeout on deauth imminent notice")
2094 if "0 120 http://example.com/" not in ev:
2095 raise Exception("Unexpected deauth imminent notice: " + ev)
2096 hapd.request("DEAUTHENTICATE " + addr + " reason=4")
5f35a5e2 2097 ev = dev[0].wait_disconnected(timeout=10)
5e32f825
JM		 2098 if "reason=4" not in ev:
2099 raise Exception("Unexpected disconnection reason")
c61e5a82
JM		 2100 if "[TEMP-DISABLED]" not in dev[0].list_networks()[0]['flags']:
2101 raise Exception("Network not marked temporarily disabled")
5e32f825
JM		 2102 ev = dev[0].wait_event(["SME: Trying to authenticate",
2103 "Trying to associate",
2104 "CTRL-EVENT-CONNECTED"], timeout=5)
2105 if ev is not None:
2106 raise Exception("Unexpected connection attempt")
9e709315 2107
48ef12e7
JM		 2108def test_ap_hs20_deauth_req_from_radius(dev, apdev):
2109 """Hotspot 2.0 connection and deauthentication request from RADIUS"""
e7ac04ce 2110 check_eap_capa(dev[0], "MSCHAPV2")
909f13cc
JM		 2111 try:
2112 _test_ap_hs20_deauth_req_from_radius(dev, apdev)
2113 finally:
2114 dev[0].request("SET pmf 0")
2115
2116def _test_ap_hs20_deauth_req_from_radius(dev, apdev):
48ef12e7
JM		 2117 bssid = apdev[0]['bssid']
2118 params = hs20_ap_params()
2119 params['nai_realm'] = [ "0,example.com,21[2:4]" ]
2120 params['hs20_deauth_req_timeout'] = "2"
8b8a1864 2121 hostapd.add_ap(apdev[0], params)
48ef12e7
JM		 2122
2123 dev[0].request("SET pmf 2")
2124 dev[0].hs20_enable()
2125 dev[0].add_cred_values({ 'realm': "example.com",
2126 'username': "hs20-deauth-test",
2127 'password': "password" })
2128 interworking_select(dev[0], bssid, freq="2412")
2129 interworking_connect(dev[0], bssid, "TTLS")
2130 ev = dev[0].wait_event(["HS20-DEAUTH-IMMINENT-NOTICE"], timeout=5)
2131 if ev is None:
2132 raise Exception("Timeout on deauth imminent notice")
2133 if " 1 100" not in ev:
2134 raise Exception("Unexpected deauth imminent contents")
5f35a5e2 2135 dev[0].wait_disconnected(timeout=3)
48ef12e7 2136
5cf88011
JM		 2137def test_ap_hs20_remediation_required(dev, apdev):
2138 """Hotspot 2.0 connection and remediation required from RADIUS"""
e7ac04ce 2139 check_eap_capa(dev[0], "MSCHAPV2")
909f13cc
JM		 2140 try:
2141 _test_ap_hs20_remediation_required(dev, apdev)
2142 finally:
2143 dev[0].request("SET pmf 0")
2144
2145def _test_ap_hs20_remediation_required(dev, apdev):
5cf88011
JM		 2146 bssid = apdev[0]['bssid']
2147 params = hs20_ap_params()
2148 params['nai_realm'] = [ "0,example.com,21[2:4]" ]
8b8a1864 2149 hostapd.add_ap(apdev[0], params)
5cf88011
JM		 2150
2151 dev[0].request("SET pmf 1")
2152 dev[0].hs20_enable()
2153 dev[0].add_cred_values({ 'realm': "example.com",
2154 'username': "hs20-subrem-test",
2155 'password': "password" })
2156 interworking_select(dev[0], bssid, freq="2412")
2157 interworking_connect(dev[0], bssid, "TTLS")
2158 ev = dev[0].wait_event(["HS20-SUBSCRIPTION-REMEDIATION"], timeout=5)
2159 if ev is None:
2160 raise Exception("Timeout on subscription remediation notice")
2161 if " 1 https://example.com/" not in ev:
2162 raise Exception("Unexpected subscription remediation event contents")
2163
32b450fc
JM		 2164def test_ap_hs20_remediation_required_ctrl(dev, apdev):
2165 """Hotspot 2.0 connection and subrem from ctrl_iface"""
e7ac04ce 2166 check_eap_capa(dev[0], "MSCHAPV2")
909f13cc
JM		 2167 try:
2168 _test_ap_hs20_remediation_required_ctrl(dev, apdev)
2169 finally:
2170 dev[0].request("SET pmf 0")
2171
2172def _test_ap_hs20_remediation_required_ctrl(dev, apdev):
32b450fc 2173 bssid = apdev[0]['bssid']
83e1bab0 2174 addr = dev[0].own_addr()
32b450fc
JM		 2175 params = hs20_ap_params()
2176 params['nai_realm'] = [ "0,example.com,21[2:4]" ]
8b8a1864 2177 hapd = hostapd.add_ap(apdev[0], params)
32b450fc
JM		 2178
2179 dev[0].request("SET pmf 1")
2180 dev[0].hs20_enable()
2181 dev[0].add_cred_values(default_cred())
2182 interworking_select(dev[0], bssid, freq="2412")
2183 interworking_connect(dev[0], bssid, "TTLS")
2184
2185 hapd.request("HS20_WNM_NOTIF " + addr + " https://example.com/")
2186 ev = dev[0].wait_event(["HS20-SUBSCRIPTION-REMEDIATION"], timeout=5)
2187 if ev is None:
2188 raise Exception("Timeout on subscription remediation notice")
2189 if " 1 https://example.com/" not in ev:
2190 raise Exception("Unexpected subscription remediation event contents")
2191
2192 hapd.request("HS20_WNM_NOTIF " + addr)
2193 ev = dev[0].wait_event(["HS20-SUBSCRIPTION-REMEDIATION"], timeout=5)
2194 if ev is None:
2195 raise Exception("Timeout on subscription remediation notice")
2196 if not ev.endswith("HS20-SUBSCRIPTION-REMEDIATION "):
2197 raise Exception("Unexpected subscription remediation event contents: " + ev)
2198
2199 if "FAIL" not in hapd.request("HS20_WNM_NOTIF "):
2200 raise Exception("Unexpected HS20_WNM_NOTIF success")
2201 if "FAIL" not in hapd.request("HS20_WNM_NOTIF foo"):
2202 raise Exception("Unexpected HS20_WNM_NOTIF success")
2203 if "FAIL" not in hapd.request("HS20_WNM_NOTIF " + addr + " https://12345678923456789842345678456783456712345678923456789842345678456783456712345678923456789842345678456783456712345678923456789842345678456783456712345678923456789842345678456783456712345678923456789842345678456783456712345678923456789842345678456783456712345678927.very.long.example.com/"):
2204 raise Exception("Unexpected HS20_WNM_NOTIF success")
2205
8fc1f204
JM		 2206def test_ap_hs20_session_info(dev, apdev):
2207 """Hotspot 2.0 connection and session information from RADIUS"""
e7ac04ce 2208 check_eap_capa(dev[0], "MSCHAPV2")
909f13cc
JM		 2209 try:
2210 _test_ap_hs20_session_info(dev, apdev)
2211 finally:
2212 dev[0].request("SET pmf 0")
2213
2214def _test_ap_hs20_session_info(dev, apdev):
8fc1f204
JM		 2215 bssid = apdev[0]['bssid']
2216 params = hs20_ap_params()
2217 params['nai_realm'] = [ "0,example.com,21[2:4]" ]
8b8a1864 2218 hostapd.add_ap(apdev[0], params)
8fc1f204
JM		 2219
2220 dev[0].request("SET pmf 1")
2221 dev[0].hs20_enable()
2222 dev[0].add_cred_values({ 'realm': "example.com",
2223 'username': "hs20-session-info-test",
2224 'password': "password" })
2225 interworking_select(dev[0], bssid, freq="2412")
2226 interworking_connect(dev[0], bssid, "TTLS")
2227 ev = dev[0].wait_event(["ESS-DISASSOC-IMMINENT"], timeout=10)
2228 if ev is None:
2229 raise Exception("Timeout on ESS disassociation imminent notice")
2230 if " 1 59904 https://example.com/" not in ev:
2231 raise Exception("Unexpected ESS disassociation imminent event contents")
2232 ev = dev[0].wait_event(["CTRL-EVENT-SCAN-STARTED"])
2233 if ev is None:
2234 raise Exception("Scan not started")
64502039 2235 ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=30)
8fc1f204
JM		 2236 if ev is None:
2237 raise Exception("Scan not completed")
2238
9e709315
JM		 2239def test_ap_hs20_osen(dev, apdev):
2240 """Hotspot 2.0 OSEN connection"""
2241 params = { 'ssid': "osen",
2242 'osen': "1",
2243 'auth_server_addr': "127.0.0.1",
2244 'auth_server_port': "1812",
2245 'auth_server_shared_secret': "radius" }
8b8a1864 2246 hostapd.add_ap(apdev[0], params)
9e709315 2247
8abb3d4e
JM		 2248 dev[1].connect("osen", key_mgmt="NONE", scan_freq="2412",
2249 wait_connect=False)
2250 dev[2].connect("osen", key_mgmt="NONE", wep_key0='"hello"',
2251 scan_freq="2412", wait_connect=False)
8278138e 2252 dev[0].flush_scan_cache()
9e709315
JM		 2253 dev[0].connect("osen", proto="OSEN", key_mgmt="OSEN", pairwise="CCMP",
2254 group="GTK_NOT_USED",
2255 eap="WFA-UNAUTH-TLS", identity="osen@example.com",
2256 ca_cert="auth_serv/ca.pem",
2257 scan_freq="2412")
8278138e
JM		 2258 res = dev[0].get_bss(apdev[0]['bssid'])['flags']
2259 if "[OSEN-OSEN-CCMP]" not in res:
2260 raise Exception("OSEN not reported in BSS")
2261 if "[WEP]" in res:
2262 raise Exception("WEP reported in BSS")
2263 res = dev[0].request("SCAN_RESULTS")
2264 if "[OSEN-OSEN-CCMP]" not in res:
2265 raise Exception("OSEN not reported in SCAN_RESULTS")
a96066a5 2266
9d1e1172
JM		 2267 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
2268 wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
2269 wpas.connect("osen", proto="OSEN", key_mgmt="OSEN", pairwise="CCMP",
2270 group="GTK_NOT_USED",
2271 eap="WFA-UNAUTH-TLS", identity="osen@example.com",
2272 ca_cert="auth_serv/ca.pem",
2273 scan_freq="2412")
2274 wpas.request("DISCONNECT")
2275
a96066a5
JM		 2276def test_ap_hs20_network_preference(dev, apdev):
2277 """Hotspot 2.0 network selection with preferred home network"""
e7ac04ce 2278 check_eap_capa(dev[0], "MSCHAPV2")
a96066a5
JM		 2279 bssid = apdev[0]['bssid']
2280 params = hs20_ap_params()
8b8a1864 2281 hostapd.add_ap(apdev[0], params)
a96066a5
JM		 2282
2283 dev[0].hs20_enable()
2284 values = { 'realm': "example.com",
2285 'username': "hs20-test",
2286 'password': "password",
2287 'domain': "example.com" }
2288 dev[0].add_cred_values(values)
2289
2290 id = dev[0].add_network()
2291 dev[0].set_network_quoted(id, "ssid", "home")
2292 dev[0].set_network_quoted(id, "psk", "12345678")
2293 dev[0].set_network(id, "priority", "1")
2294 dev[0].request("ENABLE_NETWORK %s no-connect" % id)
2295
852cb016 2296 dev[0].scan_for_bss(bssid, freq="2412")
a96066a5 2297 dev[0].request("INTERWORKING_SELECT auto freq=2412")
5f35a5e2 2298 ev = dev[0].wait_connected(timeout=15)
a96066a5
JM		 2299 if bssid not in ev:
2300 raise Exception("Unexpected network selected")
2301
2302 bssid2 = apdev[1]['bssid']
2303 params = hostapd.wpa2_params(ssid="home", passphrase="12345678")
8b8a1864 2304 hostapd.add_ap(apdev[1], params)
a96066a5 2305
852cb016 2306 dev[0].scan_for_bss(bssid2, freq="2412")
a96066a5
JM		 2307 dev[0].request("INTERWORKING_SELECT auto freq=2412")
2308 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
2309 "INTERWORKING-ALREADY-CONNECTED" ], timeout=15)
2310 if ev is None:
2311 raise Exception("Connection timed out")
2312 if "INTERWORKING-ALREADY-CONNECTED" in ev:
2313 raise Exception("No roam to higher priority network")
2314 if bssid2 not in ev:
2315 raise Exception("Unexpected network selected")
2316
2317def test_ap_hs20_network_preference2(dev, apdev):
2318 """Hotspot 2.0 network selection with preferred credential"""
e7ac04ce 2319 check_eap_capa(dev[0], "MSCHAPV2")
a96066a5
JM		 2320 bssid2 = apdev[1]['bssid']
2321 params = hostapd.wpa2_params(ssid="home", passphrase="12345678")
8b8a1864 2322 hostapd.add_ap(apdev[1], params)
a96066a5
JM		 2323
2324 dev[0].hs20_enable()
2325 values = { 'realm': "example.com",
2326 'username': "hs20-test",
2327 'password': "password",
2328 'domain': "example.com",
2329 'priority': "1" }
2330 dev[0].add_cred_values(values)
2331
2332 id = dev[0].add_network()
2333 dev[0].set_network_quoted(id, "ssid", "home")
2334 dev[0].set_network_quoted(id, "psk", "12345678")
2335 dev[0].request("ENABLE_NETWORK %s no-connect" % id)
2336
852cb016 2337 dev[0].scan_for_bss(bssid2, freq="2412")
a96066a5 2338 dev[0].request("INTERWORKING_SELECT auto freq=2412")
5f35a5e2 2339 ev = dev[0].wait_connected(timeout=15)
a96066a5
JM		 2340 if bssid2 not in ev:
2341 raise Exception("Unexpected network selected")
2342
2343 bssid = apdev[0]['bssid']
2344 params = hs20_ap_params()
8b8a1864 2345 hostapd.add_ap(apdev[0], params)
a96066a5 2346
852cb016 2347 dev[0].scan_for_bss(bssid, freq="2412")
a96066a5
JM		 2348 dev[0].request("INTERWORKING_SELECT auto freq=2412")
2349 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
2350 "INTERWORKING-ALREADY-CONNECTED" ], timeout=15)
2351 if ev is None:
2352 raise Exception("Connection timed out")
2353 if "INTERWORKING-ALREADY-CONNECTED" in ev:
2354 raise Exception("No roam to higher priority network")
2355 if bssid not in ev:
2356 raise Exception("Unexpected network selected")
eaff3458
JM		 2357
2358def test_ap_hs20_network_preference3(dev, apdev):
2359 """Hotspot 2.0 network selection with two credential (one preferred)"""
e7ac04ce 2360 check_eap_capa(dev[0], "MSCHAPV2")
eaff3458
JM		 2361 bssid = apdev[0]['bssid']
2362 params = hs20_ap_params()
8b8a1864 2363 hostapd.add_ap(apdev[0], params)
eaff3458
JM		 2364
2365 bssid2 = apdev[1]['bssid']
2366 params = hs20_ap_params(ssid="test-hs20b")
2367 params['nai_realm'] = "0,example.org,13[5:6],21[2:4][5:7]"
8b8a1864 2368 hostapd.add_ap(apdev[1], params)
eaff3458
JM		 2369
2370 dev[0].hs20_enable()
2371 values = { 'realm': "example.com",
2372 'username': "hs20-test",
2373 'password': "password",
2374 'priority': "1" }
2375 dev[0].add_cred_values(values)
2376 values = { 'realm': "example.org",
2377 'username': "hs20-test",
2378 'password': "password" }
2379 id = dev[0].add_cred_values(values)
2380
852cb016
JM		 2381 dev[0].scan_for_bss(bssid, freq="2412")
2382 dev[0].scan_for_bss(bssid2, freq="2412")
eaff3458 2383 dev[0].request("INTERWORKING_SELECT auto freq=2412")
5f35a5e2 2384 ev = dev[0].wait_connected(timeout=15)
eaff3458
JM		 2385 if bssid not in ev:
2386 raise Exception("Unexpected network selected")
2387
2388 dev[0].set_cred(id, "priority", "2")
2389 dev[0].request("INTERWORKING_SELECT auto freq=2412")
2390 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
2391 "INTERWORKING-ALREADY-CONNECTED" ], timeout=15)
2392 if ev is None:
2393 raise Exception("Connection timed out")
2394 if "INTERWORKING-ALREADY-CONNECTED" in ev:
2395 raise Exception("No roam to higher priority network")
2396 if bssid2 not in ev:
2397 raise Exception("Unexpected network selected")
1221639d
JM		 2398
2399def test_ap_hs20_network_preference4(dev, apdev):
2400 """Hotspot 2.0 network selection with username vs. SIM credential"""
e7ac04ce 2401 check_eap_capa(dev[0], "MSCHAPV2")
1221639d
JM		 2402 bssid = apdev[0]['bssid']
2403 params = hs20_ap_params()
8b8a1864 2404 hostapd.add_ap(apdev[0], params)
1221639d
JM		 2405
2406 bssid2 = apdev[1]['bssid']
2407 params = hs20_ap_params(ssid="test-hs20b")
2408 params['hessid'] = bssid2
2409 params['anqp_3gpp_cell_net'] = "555,444"
2410 params['domain_name'] = "wlan.mnc444.mcc555.3gppnetwork.org"
8b8a1864 2411 hostapd.add_ap(apdev[1], params)
1221639d
JM		 2412
2413 dev[0].hs20_enable()
2414 values = { 'realm': "example.com",
2415 'username': "hs20-test",
2416 'password': "password",
2417 'priority': "1" }
2418 dev[0].add_cred_values(values)
2419 values = { 'imsi': "555444-333222111",
2420 'eap': "SIM",
2421 'milenage': "5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123" }
2422 id = dev[0].add_cred_values(values)
2423
852cb016
JM		 2424 dev[0].scan_for_bss(bssid, freq="2412")
2425 dev[0].scan_for_bss(bssid2, freq="2412")
1221639d 2426 dev[0].request("INTERWORKING_SELECT auto freq=2412")
5f35a5e2 2427 ev = dev[0].wait_connected(timeout=15)
1221639d
JM		 2428 if bssid not in ev:
2429 raise Exception("Unexpected network selected")
2430
2431 dev[0].set_cred(id, "priority", "2")
2432 dev[0].request("INTERWORKING_SELECT auto freq=2412")
2433 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
2434 "INTERWORKING-ALREADY-CONNECTED" ], timeout=15)
2435 if ev is None:
2436 raise Exception("Connection timed out")
2437 if "INTERWORKING-ALREADY-CONNECTED" in ev:
2438 raise Exception("No roam to higher priority network")
2439 if bssid2 not in ev:
2440 raise Exception("Unexpected network selected")
97de642a 2441
5f6ce5b5
JM		 2442def test_ap_hs20_interworking_select_blocking_scan(dev, apdev):
2443 """Ongoing INTERWORKING_SELECT blocking SCAN"""
e7ac04ce 2444 check_eap_capa(dev[0], "MSCHAPV2")
5f6ce5b5
JM		 2445 bssid = apdev[0]['bssid']
2446 params = hs20_ap_params()
8b8a1864 2447 hostapd.add_ap(apdev[0], params)
5f6ce5b5
JM		 2448
2449 dev[0].hs20_enable()
2450 values = { 'realm': "example.com",
2451 'username': "hs20-test",
2452 'password': "password",
2453 'domain': "example.com" }
2454 dev[0].add_cred_values(values)
2455
2456 dev[0].scan_for_bss(bssid, freq="2412")
2457 dev[0].request("INTERWORKING_SELECT auto freq=2412")
2458 if "FAIL-BUSY" not in dev[0].request("SCAN"):
2459 raise Exception("Unexpected SCAN command result")
2460 dev[0].wait_connected(timeout=15)
2461
97de642a
JM		 2462def test_ap_hs20_fetch_osu(dev, apdev):
2463 """Hotspot 2.0 OSU provider and icon fetch"""
2464 bssid = apdev[0]['bssid']
2465 params = hs20_ap_params()
2466 params['hs20_icon'] = "128:80:zxx:image/png:w1fi_logo:w1fi_logo.png"
2467 params['osu_ssid'] = '"HS 2.0 OSU open"'
2468 params['osu_method_list'] = "1"
2469 params['osu_friendly_name'] = [ "eng:Test OSU", "fin:Testi-OSU" ]
2470 params['osu_icon'] = "w1fi_logo"
2471 params['osu_service_desc'] = [ "eng:Example services", "fin:Esimerkkipalveluja" ]
2472 params['osu_server_uri'] = "https://example.com/osu/"
8b8a1864 2473 hostapd.add_ap(apdev[0], params)
97de642a
JM		 2474
2475 bssid2 = apdev[1]['bssid']
2476 params = hs20_ap_params(ssid="test-hs20b")
2477 params['hessid'] = bssid2
2478 params['hs20_icon'] = "128:80:zxx:image/png:w1fi_logo:w1fi_logo.png"
2479 params['osu_ssid'] = '"HS 2.0 OSU OSEN"'
2480 params['osu_method_list'] = "0"
6acecce1 2481 params['osu_nai'] = "osen@example.com"
97de642a
JM		 2482 params['osu_friendly_name'] = [ "eng:Test2 OSU", "fin:Testi2-OSU" ]
2483 params['osu_icon'] = "w1fi_logo"
2484 params['osu_service_desc'] = [ "eng:Example services2", "fin:Esimerkkipalveluja2" ]
2485 params['osu_server_uri'] = "https://example.org/osu/"
8b8a1864 2486 hostapd.add_ap(apdev[1], params)
97de642a
JM		 2487
2488 with open("w1fi_logo.png", "r") as f:
2489 orig_logo = f.read()
2490 dev[0].hs20_enable()
2491 dir = "/tmp/osu-fetch"
2492 if os.path.isdir(dir):
2493 files = [ f for f in os.listdir(dir) if f.startswith("osu-") ]
2494 for f in files:
2495 os.remove(dir + "/" + f)
2496 else:
2497 try:
2498 os.makedirs(dir)
2499 except:
2500 pass
2501 try:
0a578716 2502 dev[1].scan_for_bss(bssid, freq="2412")
446dd748 2503 dev[2].scan_for_bss(bssid, freq="2412")
97de642a
JM		 2504 dev[0].request("SET osu_dir " + dir)
2505 dev[0].request("FETCH_OSU")
44c41cdf
JM		 2506 if "FAIL" not in dev[1].request("HS20_ICON_REQUEST foo w1fi_logo"):
2507 raise Exception("Invalid HS20_ICON_REQUEST accepted")
d2fb8b86
JM		 2508 if "OK" not in dev[1].request("HS20_ICON_REQUEST " + bssid + " w1fi_logo"):
2509 raise Exception("HS20_ICON_REQUEST failed")
446dd748
JM		 2510 if "OK" not in dev[2].request("REQ_HS20_ICON " + bssid + " w1fi_logo"):
2511 raise Exception("REQ_HS20_ICON failed")
97de642a
JM		 2512 icons = 0
2513 while True:
2514 ev = dev[0].wait_event(["OSU provider fetch completed",
2515 "RX-HS20-ANQP-ICON"], timeout=15)
2516 if ev is None:
2517 raise Exception("Timeout on OSU fetch")
2518 if "OSU provider fetch completed" in ev:
2519 break
2520 if "RX-HS20-ANQP-ICON" in ev:
2521 with open(ev.split(' ')[1], "r") as f:
2522 logo = f.read()
2523 if logo == orig_logo:
2524 icons += 1
2525
2526 with open(dir + "/osu-providers.txt", "r") as f:
2527 prov = f.read()
27f527e0 2528 logger.debug("osu-providers.txt: " + prov)
97de642a 2529 if "OSU-PROVIDER " + bssid not in prov:
27f527e0 2530 raise Exception("Missing OSU_PROVIDER(1)")
97de642a 2531 if "OSU-PROVIDER " + bssid2 not in prov:
27f527e0 2532 raise Exception("Missing OSU_PROVIDER(2)")
97de642a
JM		 2533 finally:
2534 files = [ f for f in os.listdir(dir) if f.startswith("osu-") ]
2535 for f in files:
2536 os.remove(dir + "/" + f)
2537 os.rmdir(dir)
2538
2539 if icons != 2:
2540 raise Exception("Unexpected number of icons fetched")
d2fb8b86
JM		 2541
2542 ev = dev[1].wait_event(["GAS-QUERY-START"], timeout=5)
2543 if ev is None:
2544 raise Exception("Timeout on GAS-QUERY-DONE")
2545 ev = dev[1].wait_event(["GAS-QUERY-DONE"], timeout=5)
2546 if ev is None:
2547 raise Exception("Timeout on GAS-QUERY-DONE")
2548 if "freq=2412 status_code=0 result=SUCCESS" not in ev:
2549 raise Exception("Unexpected GAS-QUERY-DONE: " + ev)
2550 ev = dev[1].wait_event(["RX-HS20-ANQP"], timeout=15)
2551 if ev is None:
2552 raise Exception("Timeout on icon fetch")
2553 if "Icon Binary File" not in ev:
2554 raise Exception("Unexpected ANQP element")
37ffe7c5 2555
446dd748
JM		 2556 ev = dev[2].wait_event(["RX-HS20-ICON"], timeout=5)
2557 if ev is None:
2558 raise Exception("Timeout on RX-HS20-ICON")
2559 event_icon_len = ev.split(' ')[3]
2560 if " w1fi_logo " not in ev:
2561 raise Exception("RX-HS20-ICON did not have the expected file name")
2562 if bssid not in ev:
2563 raise Exception("RX-HS20-ICON did not have the expected BSSID")
2564 if "FAIL" in dev[2].request("GET_HS20_ICON " + bssid + " w1fi_logo 0 10"):
2565 raise Exception("GET_HS20_ICON 0..10 failed")
2566 if "FAIL" in dev[2].request("GET_HS20_ICON " + bssid + " w1fi_logo 5 10"):
2567 raise Exception("GET_HS20_ICON 5..15 failed")
2568 if "FAIL" not in dev[2].request("GET_HS20_ICON " + bssid + " w1fi_logo 100000 10"):
2569 raise Exception("Unexpected success of GET_HS20_ICON with too large offset")
2570 icon = ""
2571 pos = 0
2572 while True:
2573 if pos > 100000:
2574 raise Exception("Unexpectedly long icon")
2575 res = dev[2].request("GET_HS20_ICON " + bssid + " w1fi_logo %d 1000" % pos)
2576 if res.startswith("FAIL"):
2577 break
2578 icon += base64.b64decode(res)
2579 pos += 1000
2580 hex = binascii.hexlify(icon)
2581 if not hex.startswith("0009696d6167652f706e677d1d"):
2582 raise Exception("Unexpected beacon binary header: " + hex)
2583 with open('w1fi_logo.png', 'r') as f:
2584 data = f.read()
2585 if icon[13:] != data:
2586 raise Exception("Unexpected icon data")
2587 if len(icon) != int(event_icon_len):
2588 raise Exception("Unexpected RX-HS20-ICON event length: " + event_icon_len)
2589
2590 for i in range(3):
2591 if "OK" not in dev[i].request("REQ_HS20_ICON " + bssid + " w1fi_logo"):
2592 raise Exception("REQ_HS20_ICON failed [2]")
2593 for i in range(3):
2594 ev = dev[i].wait_event(["RX-HS20-ICON"], timeout=5)
2595 if ev is None:
2596 raise Exception("Timeout on RX-HS20-ICON [2]")
2597
2598 if "FAIL" not in dev[2].request("DEL_HS20_ICON foo w1fi_logo"):
2599 raise Exception("Invalid DEL_HS20_ICON accepted")
2600 if "OK" not in dev[2].request("DEL_HS20_ICON " + bssid + " w1fi_logo"):
2601 raise Exception("DEL_HS20_ICON failed")
2602 if "OK" not in dev[1].request("DEL_HS20_ICON " + bssid):
2603 raise Exception("DEL_HS20_ICON failed")
2604 if "OK" not in dev[0].request("DEL_HS20_ICON "):
2605 raise Exception("DEL_HS20_ICON failed")
2606 for i in range(3):
2607 if "FAIL" not in dev[i].request("DEL_HS20_ICON "):
2608 raise Exception("DEL_HS20_ICON accepted when no icons left")
2609
c8fa30f2
JM		 2610def test_ap_hs20_fetch_osu_no_info(dev, apdev):
2611 """Hotspot 2.0 OSU provider and no AP with info"""
2612 bssid = apdev[0]['bssid']
2613 params = hs20_ap_params()
2614 hostapd.add_ap(apdev[0], params)
2615
2616 dev[0].hs20_enable()
2617 dir = "/tmp/osu-fetch"
2618 if os.path.isdir(dir):
2619 files = [ f for f in os.listdir(dir) if f.startswith("osu-") ]
2620 for f in files:
2621 os.remove(dir + "/" + f)
2622 else:
2623 try:
2624 os.makedirs(dir)
2625 except:
2626 pass
2627 dev[0].scan_for_bss(bssid, freq="2412")
2628 try:
2629 dev[0].request("SET osu_dir " + dir)
2630 dev[0].request("FETCH_OSU")
2631 ev = dev[0].wait_event(["OSU provider fetch completed"], timeout=30)
2632 if ev is None:
2633 raise Exception("Timeout on OSU fetch")
2634 finally:
2635 files = [ f for f in os.listdir(dir) if f.startswith("osu-") ]
2636 for f in files:
2637 os.remove(dir + "/" + f)
2638 os.rmdir(dir)
2639
1018bc99
JM		 2640def get_icon(dev, bssid, iconname):
2641 icon = ""
2642 pos = 0
2643 while True:
2644 if pos > 100000:
2645 raise Exception("Unexpectedly long icon")
2646 res = dev.request("GET_HS20_ICON " + bssid + " " + iconname + " %d 3000" % pos)
2647 if res.startswith("FAIL"):
2648 break
2649 icon += base64.b64decode(res)
2650 pos += 3000
2651 if len(icon) < 13:
2652 raise Exception("Too short GET_HS20_ICON response")
2653 return icon[0:13], icon[13:]
2654
2655def test_ap_hs20_req_hs20_icon(dev, apdev):
2656 """Hotspot 2.0 OSU provider and multi-icon fetch with REQ_HS20_ICON"""
2657 bssid = apdev[0]['bssid']
2658 params = hs20_ap_params()
2659 params['hs20_icon'] = [ "128:80:zxx:image/png:w1fi_logo:w1fi_logo.png",
2660 "128:80:zxx:image/png:test_logo:auth_serv/sha512-server.pem" ]
2661 params['osu_ssid'] = '"HS 2.0 OSU open"'
2662 params['osu_method_list'] = "1"
2663 params['osu_friendly_name'] = [ "eng:Test OSU", "fin:Testi-OSU" ]
2664 params['osu_icon'] = [ "w1fi_logo", "w1fi_logo2" ]
2665 params['osu_service_desc'] = [ "eng:Example services", "fin:Esimerkkipalveluja" ]
2666 params['osu_server_uri'] = "https://example.com/osu/"
8b8a1864 2667 hostapd.add_ap(apdev[0], params)
1018bc99
JM		 2668
2669 dev[0].scan_for_bss(bssid, freq="2412")
2670
2671 # First, fetch two icons from the AP to wpa_supplicant
2672
2673 if "OK" not in dev[0].request("REQ_HS20_ICON " + bssid + " w1fi_logo"):
2674 raise Exception("REQ_HS20_ICON failed")
2675 ev = dev[0].wait_event(["RX-HS20-ICON"], timeout=5)
2676 if ev is None:
2677 raise Exception("Timeout on RX-HS20-ICON (1)")
2678
2679 if "OK" not in dev[0].request("REQ_HS20_ICON " + bssid + " test_logo"):
2680 raise Exception("REQ_HS20_ICON failed")
2681 ev = dev[0].wait_event(["RX-HS20-ICON"], timeout=5)
2682 if ev is None:
2683 raise Exception("Timeout on RX-HS20-ICON (2)")
2684
2685 # Then, fetch the icons from wpa_supplicant for validation
2686
2687 hdr, data1 = get_icon(dev[0], bssid, "w1fi_logo")
2688 hdr, data2 = get_icon(dev[0], bssid, "test_logo")
2689
2690 with open('w1fi_logo.png', 'r') as f:
2691 data = f.read()
2692 if data1 != data:
2693 raise Exception("Unexpected icon data (1)")
2694
2695 with open('auth_serv/sha512-server.pem', 'r') as f:
2696 data = f.read()
2697 if data2 != data:
2698 raise Exception("Unexpected icon data (2)")
2699
2700 # Finally, delete the icons from wpa_supplicant
2701
2702 if "OK" not in dev[0].request("DEL_HS20_ICON " + bssid + " w1fi_logo"):
2703 raise Exception("DEL_HS20_ICON failed")
2704 if "OK" not in dev[0].request("DEL_HS20_ICON " + bssid + " test_logo"):
2705 raise Exception("DEL_HS20_ICON failed")
2706
2707def test_ap_hs20_req_hs20_icon_parallel(dev, apdev):
2708 """Hotspot 2.0 OSU provider and multi-icon parallel fetch with REQ_HS20_ICON"""
2709 bssid = apdev[0]['bssid']
2710 params = hs20_ap_params()
2711 params['hs20_icon'] = [ "128:80:zxx:image/png:w1fi_logo:w1fi_logo.png",
2712 "128:80:zxx:image/png:test_logo:auth_serv/sha512-server.pem" ]
2713 params['osu_ssid'] = '"HS 2.0 OSU open"'
2714 params['osu_method_list'] = "1"
2715 params['osu_friendly_name'] = [ "eng:Test OSU", "fin:Testi-OSU" ]
2716 params['osu_icon'] = [ "w1fi_logo", "w1fi_logo2" ]
2717 params['osu_service_desc'] = [ "eng:Example services", "fin:Esimerkkipalveluja" ]
2718 params['osu_server_uri'] = "https://example.com/osu/"
8b8a1864 2719 hostapd.add_ap(apdev[0], params)
1018bc99
JM		 2720
2721 dev[0].scan_for_bss(bssid, freq="2412")
2722
2723 # First, fetch two icons from the AP to wpa_supplicant
2724
2725 if "OK" not in dev[0].request("REQ_HS20_ICON " + bssid + " w1fi_logo"):
2726 raise Exception("REQ_HS20_ICON failed")
2727
2728 if "OK" not in dev[0].request("REQ_HS20_ICON " + bssid + " test_logo"):
2729 raise Exception("REQ_HS20_ICON failed")
2730 ev = dev[0].wait_event(["RX-HS20-ICON"], timeout=5)
2731 if ev is None:
2732 raise Exception("Timeout on RX-HS20-ICON (1)")
2733 ev = dev[0].wait_event(["RX-HS20-ICON"], timeout=5)
2734 if ev is None:
2735 raise Exception("Timeout on RX-HS20-ICON (2)")
2736
2737 # Then, fetch the icons from wpa_supplicant for validation
2738
2739 hdr, data1 = get_icon(dev[0], bssid, "w1fi_logo")
2740 hdr, data2 = get_icon(dev[0], bssid, "test_logo")
2741
2742 with open('w1fi_logo.png', 'r') as f:
2743 data = f.read()
2744 if data1 != data:
2745 raise Exception("Unexpected icon data (1)")
2746
2747 with open('auth_serv/sha512-server.pem', 'r') as f:
2748 data = f.read()
2749 if data2 != data:
2750 raise Exception("Unexpected icon data (2)")
2751
2752 # Finally, delete the icons from wpa_supplicant
2753
2754 if "OK" not in dev[0].request("DEL_HS20_ICON " + bssid + " w1fi_logo"):
2755 raise Exception("DEL_HS20_ICON failed")
2756 if "OK" not in dev[0].request("DEL_HS20_ICON " + bssid + " test_logo"):
2757 raise Exception("DEL_HS20_ICON failed")
2758
69f99123
JM		 2759def test_ap_hs20_fetch_osu_stop(dev, apdev):
2760 """Hotspot 2.0 OSU provider fetch stopped"""
2761 bssid = apdev[0]['bssid']
2762 params = hs20_ap_params()
2763 params['hs20_icon'] = "128:80:zxx:image/png:w1fi_logo:w1fi_logo.png"
2764 params['osu_ssid'] = '"HS 2.0 OSU open"'
2765 params['osu_method_list'] = "1"
2766 params['osu_friendly_name'] = [ "eng:Test OSU", "fin:Testi-OSU" ]
2767 params['osu_icon'] = "w1fi_logo"
2768 params['osu_service_desc'] = [ "eng:Example services", "fin:Esimerkkipalveluja" ]
2769 params['osu_server_uri'] = "https://example.com/osu/"
8b8a1864 2770 hapd = hostapd.add_ap(apdev[0], params)
69f99123
JM		 2771
2772 dev[0].hs20_enable()
2773 dir = "/tmp/osu-fetch"
2774 if os.path.isdir(dir):
2775 files = [ f for f in os.listdir(dir) if f.startswith("osu-") ]
2776 for f in files:
2777 os.remove(dir + "/" + f)
2778 else:
2779 try:
2780 os.makedirs(dir)
2781 except:
2782 pass
2783 try:
2784 dev[0].request("SET osu_dir " + dir)
2785 dev[0].request("SCAN freq=2412-2462")
2786 ev = dev[0].wait_event(["CTRL-EVENT-SCAN-STARTED"], timeout=10)
2787 if ev is None:
2788 raise Exception("Scan did not start")
2789 if "FAIL" not in dev[0].request("FETCH_OSU"):
2790 raise Exception("FETCH_OSU accepted while scanning")
2791 ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 10)
2792 if ev is None:
2793 raise Exception("Scan timed out")
2794 hapd.set("ext_mgmt_frame_handling", "1")
2795 dev[0].request("FETCH_ANQP")
2796 if "FAIL" not in dev[0].request("FETCH_OSU"):
2797 raise Exception("FETCH_OSU accepted while in FETCH_ANQP")
2798 dev[0].request("STOP_FETCH_ANQP")
2799 dev[0].wait_event(["GAS-QUERY-DONE"], timeout=5)
2800 dev[0].dump_monitor()
2801 hapd.dump_monitor()
2802 dev[0].request("INTERWORKING_SELECT freq=2412")
2803 for i in range(5):
2804 msg = hapd.mgmt_rx()
2805 if msg['subtype'] == 13:
2806 break
2807 if "FAIL" not in dev[0].request("FETCH_OSU"):
2808 raise Exception("FETCH_OSU accepted while in INTERWORKING_SELECT")
2809 ev = dev[0].wait_event(["INTERWORKING-AP", "INTERWORKING-NO-MATCH"],
2810 timeout=15)
2811 if ev is None:
bc6e3288 2812 raise Exception("Network selection timed out")
69f99123
JM		 2813
2814 dev[0].dump_monitor()
2815 if "OK" not in dev[0].request("FETCH_OSU"):
2816 raise Exception("FETCH_OSU failed")
2817 dev[0].request("CANCEL_FETCH_OSU")
2818
2819 for i in range(15):
2820 time.sleep(0.5)
2821 if dev[0].get_driver_status_field("scan_state") == "SCAN_COMPLETED":
2822 break
2823
2824 dev[0].dump_monitor()
2825 if "OK" not in dev[0].request("FETCH_OSU"):
2826 raise Exception("FETCH_OSU failed")
2827 if "FAIL" not in dev[0].request("FETCH_OSU"):
2828 raise Exception("FETCH_OSU accepted while in FETCH_OSU")
2829 ev = dev[0].wait_event(["GAS-QUERY-START"], 10)
2830 if ev is None:
2831 raise Exception("GAS timed out")
2832 if "FAIL" not in dev[0].request("FETCH_OSU"):
2833 raise Exception("FETCH_OSU accepted while in FETCH_OSU")
2834 dev[0].request("CANCEL_FETCH_OSU")
2835 ev = dev[0].wait_event(["GAS-QUERY-DONE"], 10)
2836 if ev is None:
2837 raise Exception("GAS event timed out after CANCEL_FETCH_OSU")
2838 finally:
2839 files = [ f for f in os.listdir(dir) if f.startswith("osu-") ]
2840 for f in files:
2841 os.remove(dir + "/" + f)
2842 os.rmdir(dir)
2843
37ffe7c5
JM		 2844def test_ap_hs20_ft(dev, apdev):
2845 """Hotspot 2.0 connection with FT"""
e7ac04ce 2846 check_eap_capa(dev[0], "MSCHAPV2")
37ffe7c5
JM		 2847 bssid = apdev[0]['bssid']
2848 params = hs20_ap_params()
2849 params['wpa_key_mgmt'] = "FT-EAP"
2850 params['nas_identifier'] = "nas1.w1.fi"
2851 params['r1_key_holder'] = "000102030405"
2852 params["mobility_domain"] = "a1b2"
2853 params["reassociation_deadline"] = "1000"
8b8a1864 2854 hostapd.add_ap(apdev[0], params)
37ffe7c5
JM		 2855
2856 dev[0].hs20_enable()
2857 id = dev[0].add_cred_values({ 'realm': "example.com",
2858 'username': "hs20-test",
2859 'password': "password",
2860 'ca_cert': "auth_serv/ca.pem",
2861 'domain': "example.com",
2862 'update_identifier': "1234" })
2863 interworking_select(dev[0], bssid, "home", freq="2412")
2864 interworking_connect(dev[0], bssid, "TTLS")
350a7ba9
JM		 2865
2866def test_ap_hs20_remediation_sql(dev, apdev, params):
2867 """Hotspot 2.0 connection and remediation required using SQLite for user DB"""
e7ac04ce 2868 check_eap_capa(dev[0], "MSCHAPV2")
350a7ba9
JM		 2869 try:
2870 import sqlite3
2871 except ImportError:
81e787b7 2872 raise HwsimSkip("No sqlite3 module available")
350a7ba9
JM		 2873 dbfile = os.path.join(params['logdir'], "eap-user.db")
2874 try:
2875 os.remove(dbfile)
2876 except:
2877 pass
2878 con = sqlite3.connect(dbfile)
2879 with con:
2880 cur = con.cursor()
2881 cur.execute("CREATE TABLE users(identity TEXT PRIMARY KEY, methods TEXT, password TEXT, remediation TEXT, phase2 INTEGER)")
2882 cur.execute("CREATE TABLE wildcards(identity TEXT PRIMARY KEY, methods TEXT)")
2883 cur.execute("INSERT INTO users(identity,methods,password,phase2,remediation) VALUES ('user-mschapv2','TTLS-MSCHAPV2','password',1,'user')")
2884 cur.execute("INSERT INTO wildcards(identity,methods) VALUES ('','TTLS,TLS')")
2885 cur.execute("CREATE TABLE authlog(timestamp TEXT, session TEXT, nas_ip TEXT, username TEXT, note TEXT)")
2886
2887 try:
2888 params = { "ssid": "as", "beacon_int": "2000",
2889 "radius_server_clients": "auth_serv/radius_clients.conf",
2890 "radius_server_auth_port": '18128',
2891 "eap_server": "1",
2892 "eap_user_file": "sqlite:" + dbfile,
2893 "ca_cert": "auth_serv/ca.pem",
2894 "server_cert": "auth_serv/server.pem",
2895 "private_key": "auth_serv/server.key",
2896 "subscr_remediation_url": "https://example.org/",
2897 "subscr_remediation_method": "1" }
8b8a1864 2898 hostapd.add_ap(apdev[1], params)
350a7ba9
JM		 2899
2900 bssid = apdev[0]['bssid']
2901 params = hs20_ap_params()
2902 params['auth_server_port'] = "18128"
8b8a1864 2903 hostapd.add_ap(apdev[0], params)
350a7ba9
JM		 2904
2905 dev[0].request("SET pmf 1")
2906 dev[0].hs20_enable()
2907 id = dev[0].add_cred_values({ 'realm': "example.com",
2908 'username': "user-mschapv2",
2909 'password': "password",
2910 'ca_cert': "auth_serv/ca.pem" })
2911 interworking_select(dev[0], bssid, freq="2412")
2912 interworking_connect(dev[0], bssid, "TTLS")
2913 ev = dev[0].wait_event(["HS20-SUBSCRIPTION-REMEDIATION"], timeout=5)
2914 if ev is None:
2915 raise Exception("Timeout on subscription remediation notice")
2916 if " 1 https://example.org/" not in ev:
2917 raise Exception("Unexpected subscription remediation event contents")
2918
2919 with con:
2920 cur = con.cursor()
2921 cur.execute("SELECT * from authlog")
2922 rows = cur.fetchall()
2923 if len(rows) < 1:
2924 raise Exception("No authlog entries")
2925
2926 finally:
2927 os.remove(dbfile)
909f13cc 2928 dev[0].request("SET pmf 0")
f1a36a53
JM		 2929
2930def test_ap_hs20_external_selection(dev, apdev):
2931 """Hotspot 2.0 connection using external network selection and creation"""
e7ac04ce 2932 check_eap_capa(dev[0], "MSCHAPV2")
f1a36a53
JM		 2933 bssid = apdev[0]['bssid']
2934 params = hs20_ap_params()
2935 params['hessid'] = bssid
2936 params['disable_dgaf'] = '1'
8b8a1864 2937 hostapd.add_ap(apdev[0], params)
f1a36a53
JM		 2938
2939 dev[0].hs20_enable()
2940 dev[0].connect("test-hs20", proto="RSN", key_mgmt="WPA-EAP", eap="TTLS",
2941 identity="hs20-test", password="password",
2942 ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
2943 scan_freq="2412", update_identifier="54321")
2944 if dev[0].get_status_field("hs20") != "2":
2945 raise Exception("Unexpected hs20 indication")
816e3df9
JM		 2946
2947def test_ap_hs20_random_mac_addr(dev, apdev):
2948 """Hotspot 2.0 connection with random MAC address"""
e7ac04ce 2949 check_eap_capa(dev[0], "MSCHAPV2")
816e3df9
JM		 2950 bssid = apdev[0]['bssid']
2951 params = hs20_ap_params()
2952 params['hessid'] = bssid
2953 params['disable_dgaf'] = '1'
8b8a1864 2954 hapd = hostapd.add_ap(apdev[0], params)
816e3df9
JM		 2955
2956 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
2957 wpas.interface_add("wlan5")
2958 addr = wpas.p2p_interface_addr()
2959 wpas.request("SET mac_addr 1")
2960 wpas.request("SET preassoc_mac_addr 1")
2961 wpas.request("SET rand_addr_lifetime 60")
2962 wpas.hs20_enable()
243dcc4a 2963 wpas.flush_scan_cache()
816e3df9
JM		 2964 id = wpas.add_cred_values({ 'realm': "example.com",
2965 'username': "hs20-test",
2966 'password': "password",
2967 'ca_cert': "auth_serv/ca.pem",
2968 'domain': "example.com",
2969 'update_identifier': "1234" })
2970 interworking_select(wpas, bssid, "home", freq="2412")
2971 interworking_connect(wpas, bssid, "TTLS")
816e3df9
JM		 2972 addr1 = wpas.get_driver_status_field("addr")
2973 if addr == addr1:
2974 raise Exception("Did not use random MAC address")
2975
2976 sta = hapd.get_sta(addr)
2977 if sta['addr'] != "FAIL":
2978 raise Exception("Unexpected STA association with permanent address")
2979 sta = hapd.get_sta(addr1)
2980 if sta['addr'] != addr1:
2981 raise Exception("STA association with random address not found")
5f7b07de 2982
76b76941
JM		 2983def test_ap_hs20_multi_network_and_cred_removal(dev, apdev):
2984 """Multiple networks and cred removal"""
e7ac04ce 2985 check_eap_capa(dev[0], "MSCHAPV2")
76b76941
JM		 2986 bssid = apdev[0]['bssid']
2987 params = hs20_ap_params()
2988 params['nai_realm'] = [ "0,example.com,25[3:26]"]
8b8a1864 2989 hapd = hostapd.add_ap(apdev[0], params)
76b76941
JM		 2990
2991 dev[0].add_network()
2992 dev[0].hs20_enable()
2993 id = dev[0].add_cred_values({ 'realm': "example.com",
2994 'username': "user",
2995 'password': "password" })
2996 interworking_select(dev[0], bssid, freq="2412")
2997 interworking_connect(dev[0], bssid, "PEAP")
2998 dev[0].add_network()
2999
3000 dev[0].request("DISCONNECT")
5f35a5e2 3001 dev[0].wait_disconnected(timeout=10)
76b76941
JM		 3002
3003 hapd.disable()
3004 hapd.set("ssid", "another ssid")
3005 hapd.enable()
3006
3007 interworking_select(dev[0], bssid, freq="2412")
3008 interworking_connect(dev[0], bssid, "PEAP")
3009 dev[0].add_network()
3010 if len(dev[0].list_networks()) != 5:
3011 raise Exception("Unexpected number of networks prior to remove_crec")
3012
3013 dev[0].dump_monitor()
3014 dev[0].remove_cred(id)
3015 if len(dev[0].list_networks()) != 3:
3016 raise Exception("Unexpected number of networks after to remove_crec")
5f35a5e2 3017 dev[0].wait_disconnected(timeout=10)
76b76941 3018
22653762
JM		 3019def test_ap_hs20_interworking_add_network(dev, apdev):
3020 """Hotspot 2.0 connection using INTERWORKING_ADD_NETWORK"""
e7ac04ce 3021 check_eap_capa(dev[0], "MSCHAPV2")
22653762
JM		 3022 bssid = apdev[0]['bssid']
3023 params = hs20_ap_params()
3024 params['nai_realm'] = [ "0,example.com,21[3:26][6:7][99:99]" ]
8b8a1864 3025 hostapd.add_ap(apdev[0], params)
22653762
JM		 3026
3027 dev[0].hs20_enable()
3028 dev[0].add_cred_values(default_cred(user="user"))
3029 interworking_select(dev[0], bssid, freq=2412)
3030 id = dev[0].interworking_add_network(bssid)
3031 dev[0].select_network(id, freq=2412)
3032 dev[0].wait_connected()
3033
5f7b07de
JM		 3034def _test_ap_hs20_proxyarp(dev, apdev):
3035 bssid = apdev[0]['bssid']
3036 params = hs20_ap_params()
3037 params['hessid'] = bssid
3038 params['disable_dgaf'] = '0'
3039 params['proxy_arp'] = '1'
8b8a1864 3040 hapd = hostapd.add_ap(apdev[0], params, no_enable=True)
5f7b07de
JM		 3041 if "OK" in hapd.request("ENABLE"):
3042 raise Exception("Incomplete hostapd configuration was accepted")
3043 hapd.set("ap_isolate", "1")
3044 if "OK" in hapd.request("ENABLE"):
3045 raise Exception("Incomplete hostapd configuration was accepted")
3046 hapd.set('bridge', 'ap-br0')
3047 hapd.dump_monitor()
3048 try:
3049 hapd.enable()
3050 except:
3051 # For now, do not report failures due to missing kernel support
81e787b7 3052 raise HwsimSkip("Could not start hostapd - assume proxyarp not supported in kernel version")
5f7b07de
JM		 3053 ev = hapd.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=10)
3054 if ev is None:
3055 raise Exception("AP startup timed out")
3056 if "AP-ENABLED" not in ev:
3057 raise Exception("AP startup failed")
3058
3059 dev[0].hs20_enable()
3060 subprocess.call(['brctl', 'setfd', 'ap-br0', '0'])
3061 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
5f7b07de
JM		 3062
3063 id = dev[0].add_cred_values({ 'realm': "example.com",
3064 'username': "hs20-test",
3065 'password': "password",
3066 'ca_cert': "auth_serv/ca.pem",
3067 'domain': "example.com",
3068 'update_identifier': "1234" })
3069 interworking_select(dev[0], bssid, "home", freq="2412")
3070 interworking_connect(dev[0], bssid, "TTLS")
3071
3072 dev[1].connect("test-hs20", key_mgmt="WPA-EAP", eap="TTLS",
3073 identity="hs20-test", password="password",
3074 ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
3075 scan_freq="2412")
3076 time.sleep(0.1)
3077
67aeee11
JM		 3078 addr0 = dev[0].p2p_interface_addr()
3079 addr1 = dev[1].p2p_interface_addr()
3080
3081 src_ll_opt0 = "\x01\x01" + binascii.unhexlify(addr0.replace(':',''))
3082 src_ll_opt1 = "\x01\x01" + binascii.unhexlify(addr1.replace(':',''))
3083
3084 pkt = build_ns(src_ll=addr0, ip_src="aaaa:bbbb:cccc::2",
3085 ip_dst="ff02::1:ff00:2", target="aaaa:bbbb:cccc::2",
3086 opt=src_ll_opt0)
3087 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
3088 raise Exception("DATA_TEST_FRAME failed")
3089
3090 pkt = build_ns(src_ll=addr1, ip_src="aaaa:bbbb:dddd::2",
3091 ip_dst="ff02::1:ff00:2", target="aaaa:bbbb:dddd::2",
3092 opt=src_ll_opt1)
3093 if "OK" not in dev[1].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
3094 raise Exception("DATA_TEST_FRAME failed")
3095
3096 pkt = build_ns(src_ll=addr1, ip_src="aaaa:bbbb:eeee::2",
3097 ip_dst="ff02::1:ff00:2", target="aaaa:bbbb:eeee::2",
3098 opt=src_ll_opt1)
3099 if "OK" not in dev[1].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
3100 raise Exception("DATA_TEST_FRAME failed")
3101
5f7b07de
JM		 3102 matches = get_permanent_neighbors("ap-br0")
3103 logger.info("After connect: " + str(matches))
67aeee11
JM		 3104 if len(matches) != 3:
3105 raise Exception("Unexpected number of neighbor entries after connect")
3106 if 'aaaa:bbbb:cccc::2 dev ap-br0 lladdr 02:00:00:00:00:00 PERMANENT' not in matches:
3107 raise Exception("dev0 addr missing")
3108 if 'aaaa:bbbb:dddd::2 dev ap-br0 lladdr 02:00:00:00:01:00 PERMANENT' not in matches:
3109 raise Exception("dev1 addr(1) missing")
3110 if 'aaaa:bbbb:eeee::2 dev ap-br0 lladdr 02:00:00:00:01:00 PERMANENT' not in matches:
3111 raise Exception("dev1 addr(2) missing")
5f7b07de
JM		 3112 dev[0].request("DISCONNECT")
3113 dev[1].request("DISCONNECT")
3114 time.sleep(0.5)
3115 matches = get_permanent_neighbors("ap-br0")
3116 logger.info("After disconnect: " + str(matches))
3117 if len(matches) > 0:
3118 raise Exception("Unexpected neighbor entries after disconnect")
3119
e1f8fe88
JM		 3120def test_ap_hs20_hidden_ssid_in_scan_res(dev, apdev):
3121 """Hotspot 2.0 connection with hidden SSId in scan results"""
e7ac04ce 3122 check_eap_capa(dev[0], "MSCHAPV2")
e1f8fe88
JM		 3123 bssid = apdev[0]['bssid']
3124
8b8a1864
JD		 3125 hapd = hostapd.add_ap(apdev[0], { "ssid": 'secret',
3126 "ignore_broadcast_ssid": "1" })
e1f8fe88
JM		 3127 dev[0].scan_for_bss(bssid, freq=2412)
3128 hapd.disable()
dc6342de 3129 hapd_global = hostapd.HostapdGlobal(apdev[0])
e1f8fe88
JM		 3130 hapd_global.flush()
3131 hapd_global.remove(apdev[0]['ifname'])
3132
3133 params = hs20_ap_params()
3134 params['hessid'] = bssid
8b8a1864 3135 hapd = hostapd.add_ap(apdev[0], params)
e1f8fe88
JM		 3136
3137 dev[0].hs20_enable()
3138 id = dev[0].add_cred_values({ 'realm': "example.com",
3139 'username': "hs20-test",
3140 'password': "password",
3141 'ca_cert': "auth_serv/ca.pem",
3142 'domain': "example.com" })
3143 interworking_select(dev[0], bssid, "home", freq="2412")
3144 interworking_connect(dev[0], bssid, "TTLS")
3145
3146 # clear BSS table to avoid issues in following test cases
3147 dev[0].request("DISCONNECT")
3148 dev[0].wait_disconnected()
45de3286
JM		 3149 hapd.disable()
3150 dev[0].flush_scan_cache()
e1f8fe88
JM		 3151 dev[0].flush_scan_cache()
3152
5f7b07de
JM		 3153def test_ap_hs20_proxyarp(dev, apdev):
3154 """Hotspot 2.0 and ProxyARP"""
e7ac04ce 3155 check_eap_capa(dev[0], "MSCHAPV2")
5f7b07de 3156 try:
81e787b7 3157 _test_ap_hs20_proxyarp(dev, apdev)
5f7b07de
JM		 3158 finally:
3159 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'],
3160 stderr=open('/dev/null', 'w'))
3161 subprocess.call(['brctl', 'delbr', 'ap-br0'],
3162 stderr=open('/dev/null', 'w'))
5f7b07de 3163
356a497d
JM		 3164def _test_ap_hs20_proxyarp_dgaf(dev, apdev, disabled):
3165 bssid = apdev[0]['bssid']
3166 params = hs20_ap_params()
3167 params['hessid'] = bssid
3168 params['disable_dgaf'] = '1' if disabled else '0'
3169 params['proxy_arp'] = '1'
798c7951 3170 params['na_mcast_to_ucast'] = '1'
356a497d
JM		 3171 params['ap_isolate'] = '1'
3172 params['bridge'] = 'ap-br0'
8b8a1864 3173 hapd = hostapd.add_ap(apdev[0], params, no_enable=True)
356a497d
JM		 3174 try:
3175 hapd.enable()
3176 except:
3177 # For now, do not report failures due to missing kernel support
81e787b7 3178 raise HwsimSkip("Could not start hostapd - assume proxyarp not supported in kernel version")
356a497d
JM		 3179 ev = hapd.wait_event(["AP-ENABLED"], timeout=10)
3180 if ev is None:
3181 raise Exception("AP startup timed out")
3182
3183 dev[0].hs20_enable()
3184 subprocess.call(['brctl', 'setfd', 'ap-br0', '0'])
3185 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
3186
3187 id = dev[0].add_cred_values({ 'realm': "example.com",
3188 'username': "hs20-test",
3189 'password': "password",
3190 'ca_cert': "auth_serv/ca.pem",
3191 'domain': "example.com",
3192 'update_identifier': "1234" })
3193 interworking_select(dev[0], bssid, "home", freq="2412")
3194 interworking_connect(dev[0], bssid, "TTLS")
3195
3196 dev[1].connect("test-hs20", key_mgmt="WPA-EAP", eap="TTLS",
3197 identity="hs20-test", password="password",
3198 ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
3199 scan_freq="2412")
3200 time.sleep(0.1)
3201
3202 addr0 = dev[0].p2p_interface_addr()
3203
3204 src_ll_opt0 = "\x01\x01" + binascii.unhexlify(addr0.replace(':',''))
3205
3206 pkt = build_ns(src_ll=addr0, ip_src="aaaa:bbbb:cccc::2",
3207 ip_dst="ff02::1:ff00:2", target="aaaa:bbbb:cccc::2",
3208 opt=src_ll_opt0)
3209 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
3210 raise Exception("DATA_TEST_FRAME failed")
3211
3212 pkt = build_ra(src_ll=apdev[0]['bssid'], ip_src="aaaa:bbbb:cccc::33",
3213 ip_dst="ff01::1")
3214 if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt)):
3215 raise Exception("DATA_TEST_FRAME failed")
3216
3217 pkt = build_na(src_ll=apdev[0]['bssid'], ip_src="aaaa:bbbb:cccc::44",
3218 ip_dst="ff01::1", target="aaaa:bbbb:cccc::55")
3219 if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt)):
3220 raise Exception("DATA_TEST_FRAME failed")
3221
a712282b
JM		 3222 pkt = build_dhcp_ack(dst_ll="ff:ff:ff:ff:ff:ff", src_ll=bssid,
3223 ip_src="192.168.1.1", ip_dst="255.255.255.255",
3224 yiaddr="192.168.1.123", chaddr=addr0)
3225 if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt)):
3226 raise Exception("DATA_TEST_FRAME failed")
3227 # another copy for additional code coverage
3228 pkt = build_dhcp_ack(dst_ll=addr0, src_ll=bssid,
3229 ip_src="192.168.1.1", ip_dst="255.255.255.255",
3230 yiaddr="192.168.1.123", chaddr=addr0)
3231 if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt)):
3232 raise Exception("DATA_TEST_FRAME failed")
3233
356a497d
JM		 3234 matches = get_permanent_neighbors("ap-br0")
3235 logger.info("After connect: " + str(matches))
a712282b 3236 if len(matches) != 2:
356a497d
JM		 3237 raise Exception("Unexpected number of neighbor entries after connect")
3238 if 'aaaa:bbbb:cccc::2 dev ap-br0 lladdr 02:00:00:00:00:00 PERMANENT' not in matches:
3239 raise Exception("dev0 addr missing")
a712282b
JM		 3240 if '192.168.1.123 dev ap-br0 lladdr 02:00:00:00:00:00 PERMANENT' not in matches:
3241 raise Exception("dev0 IPv4 addr missing")
356a497d
JM		 3242 dev[0].request("DISCONNECT")
3243 dev[1].request("DISCONNECT")
3244 time.sleep(0.5)
3245 matches = get_permanent_neighbors("ap-br0")
3246 logger.info("After disconnect: " + str(matches))
3247 if len(matches) > 0:
3248 raise Exception("Unexpected neighbor entries after disconnect")
3249
3250def test_ap_hs20_proxyarp_disable_dgaf(dev, apdev):
3251 """Hotspot 2.0 and ProxyARP with DGAF disabled"""
e7ac04ce 3252 check_eap_capa(dev[0], "MSCHAPV2")
356a497d 3253 try:
81e787b7 3254 _test_ap_hs20_proxyarp_dgaf(dev, apdev, True)
356a497d
JM		 3255 finally:
3256 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'],
3257 stderr=open('/dev/null', 'w'))
3258 subprocess.call(['brctl', 'delbr', 'ap-br0'],
3259 stderr=open('/dev/null', 'w'))
3260
356a497d
JM		 3261def test_ap_hs20_proxyarp_enable_dgaf(dev, apdev):
3262 """Hotspot 2.0 and ProxyARP with DGAF enabled"""
e7ac04ce 3263 check_eap_capa(dev[0], "MSCHAPV2")
356a497d 3264 try:
81e787b7 3265 _test_ap_hs20_proxyarp_dgaf(dev, apdev, False)
356a497d
JM		 3266 finally:
3267 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'],
3268 stderr=open('/dev/null', 'w'))
3269 subprocess.call(['brctl', 'delbr', 'ap-br0'],
3270 stderr=open('/dev/null', 'w'))
3271
67aeee11
JM		 3272def ip_checksum(buf):
3273 sum = 0
3274 if len(buf) & 0x01:
3275 buf += '\0x00'
3276 for i in range(0, len(buf), 2):
3277 val, = struct.unpack('H', buf[i:i+2])
3278 sum += val
3279 while (sum >> 16):
3280 sum = (sum & 0xffff) + (sum >> 16)
3281 return struct.pack('H', ~sum & 0xffff)
3282
5a3ce802
JM		 3283def ipv6_solicited_node_mcaddr(target):
3284 prefix = socket.inet_pton(socket.AF_INET6, "ff02::1:ff00:0")
3285 mask = socket.inet_pton(socket.AF_INET6, "::ff:ffff")
3286 _target = socket.inet_pton(socket.AF_INET6, target)
3287 p = struct.unpack('4I', prefix)
3288 m = struct.unpack('4I', mask)
3289 t = struct.unpack('4I', _target)
3290 res = (p[0] | (t[0] & m[0]),
3291 p[1] | (t[1] & m[1]),
3292 p[2] | (t[2] & m[2]),
3293 p[3] | (t[3] & m[3]))
3294 return socket.inet_ntop(socket.AF_INET6, struct.pack('4I', *res))
3295
67aeee11
JM		 3296def build_icmpv6(ipv6_addrs, type, code, payload):
3297 start = struct.pack("BB", type, code)
3298 end = payload
3299 icmp = start + '\x00\x00' + end
3300 pseudo = ipv6_addrs + struct.pack(">LBBBB", len(icmp), 0, 0, 0, 58)
3301 csum = ip_checksum(pseudo + icmp)
3302 return start + csum + end
3303
356a497d
JM		 3304def build_ra(src_ll, ip_src, ip_dst, cur_hop_limit=0, router_lifetime=0,
3305 reachable_time=0, retrans_timer=0, opt=None):
3306 link_mc = binascii.unhexlify("3333ff000002")
3307 _src_ll = binascii.unhexlify(src_ll.replace(':',''))
3308 proto = '\x86\xdd'
3309 ehdr = link_mc + _src_ll + proto
3310 _ip_src = socket.inet_pton(socket.AF_INET6, ip_src)
3311 _ip_dst = socket.inet_pton(socket.AF_INET6, ip_dst)
3312
3313 adv = struct.pack('>BBHLL', cur_hop_limit, 0, router_lifetime,
3314 reachable_time, retrans_timer)
3315 if opt:
3316 payload = adv + opt
3317 else:
3318 payload = adv
3319 icmp = build_icmpv6(_ip_src + _ip_dst, 134, 0, payload)
3320
3321 ipv6 = struct.pack('>BBBBHBB', 0x60, 0, 0, 0, len(icmp), 58, 255)
3322 ipv6 += _ip_src + _ip_dst
3323
3324 return ehdr + ipv6 + icmp
3325
67aeee11
JM		 3326def build_ns(src_ll, ip_src, ip_dst, target, opt=None):
3327 link_mc = binascii.unhexlify("3333ff000002")
3328 _src_ll = binascii.unhexlify(src_ll.replace(':',''))
3329 proto = '\x86\xdd'
3330 ehdr = link_mc + _src_ll + proto
3331 _ip_src = socket.inet_pton(socket.AF_INET6, ip_src)
5a3ce802
JM		 3332 if ip_dst is None:
3333 ip_dst = ipv6_solicited_node_mcaddr(target)
67aeee11
JM		 3334 _ip_dst = socket.inet_pton(socket.AF_INET6, ip_dst)
3335
3336 reserved = '\x00\x00\x00\x00'
3337 _target = socket.inet_pton(socket.AF_INET6, target)
3338 if opt:
3339 payload = reserved + _target + opt
3340 else:
3341 payload = reserved + _target
3342 icmp = build_icmpv6(_ip_src + _ip_dst, 135, 0, payload)
3343
3344 ipv6 = struct.pack('>BBBBHBB', 0x60, 0, 0, 0, len(icmp), 58, 255)
3345 ipv6 += _ip_src + _ip_dst
3346
3347 return ehdr + ipv6 + icmp
3348
5a3ce802
JM		 3349def send_ns(dev, src_ll=None, target=None, ip_src=None, ip_dst=None, opt=None,
3350 hapd_bssid=None):
3351 if hapd_bssid:
3352 if src_ll is None:
3353 src_ll = hapd_bssid
3354 cmd = "DATA_TEST_FRAME ifname=ap-br0 "
3355 else:
3356 if src_ll is None:
3357 src_ll = dev.p2p_interface_addr()
3358 cmd = "DATA_TEST_FRAME "
3359
3360 if opt is None:
3361 opt = "\x01\x01" + binascii.unhexlify(src_ll.replace(':',''))
3362
3363 pkt = build_ns(src_ll=src_ll, ip_src=ip_src, ip_dst=ip_dst, target=target,
3364 opt=opt)
3365 if "OK" not in dev.request(cmd + binascii.hexlify(pkt)):
3366 raise Exception("DATA_TEST_FRAME failed")
3367
890fd60f 3368def build_na(src_ll, ip_src, ip_dst, target, opt=None, flags=0):
356a497d
JM		 3369 link_mc = binascii.unhexlify("3333ff000002")
3370 _src_ll = binascii.unhexlify(src_ll.replace(':',''))
3371 proto = '\x86\xdd'
3372 ehdr = link_mc + _src_ll + proto
3373 _ip_src = socket.inet_pton(socket.AF_INET6, ip_src)
3374 _ip_dst = socket.inet_pton(socket.AF_INET6, ip_dst)
3375
356a497d
JM		 3376 _target = socket.inet_pton(socket.AF_INET6, target)
3377 if opt:
890fd60f 3378 payload = struct.pack('>Bxxx', flags) + _target + opt
356a497d 3379 else:
890fd60f 3380 payload = struct.pack('>Bxxx', flags) + _target
356a497d
JM		 3381 icmp = build_icmpv6(_ip_src + _ip_dst, 136, 0, payload)
3382
3383 ipv6 = struct.pack('>BBBBHBB', 0x60, 0, 0, 0, len(icmp), 58, 255)
3384 ipv6 += _ip_src + _ip_dst
3385
3386 return ehdr + ipv6 + icmp
3387
5a3ce802
JM		 3388def send_na(dev, src_ll=None, target=None, ip_src=None, ip_dst=None, opt=None,
3389 hapd_bssid=None):
3390 if hapd_bssid:
3391 if src_ll is None:
3392 src_ll = hapd_bssid
3393 cmd = "DATA_TEST_FRAME ifname=ap-br0 "
3394 else:
3395 if src_ll is None:
3396 src_ll = dev.p2p_interface_addr()
3397 cmd = "DATA_TEST_FRAME "
3398
3399 pkt = build_na(src_ll=src_ll, ip_src=ip_src, ip_dst=ip_dst, target=target,
3400 opt=opt)
3401 if "OK" not in dev.request(cmd + binascii.hexlify(pkt)):
3402 raise Exception("DATA_TEST_FRAME failed")
3403
a712282b
JM		 3404def build_dhcp_ack(dst_ll, src_ll, ip_src, ip_dst, yiaddr, chaddr,
3405 subnet_mask="255.255.255.0", truncated_opt=False,
3406 wrong_magic=False, force_tot_len=None, no_dhcp=False):
3407 _dst_ll = binascii.unhexlify(dst_ll.replace(':',''))
3408 _src_ll = binascii.unhexlify(src_ll.replace(':',''))
3409 proto = '\x08\x00'
3410 ehdr = _dst_ll + _src_ll + proto
3411 _ip_src = socket.inet_pton(socket.AF_INET, ip_src)
3412 _ip_dst = socket.inet_pton(socket.AF_INET, ip_dst)
3413 _subnet_mask = socket.inet_pton(socket.AF_INET, subnet_mask)
3414
3415 _ciaddr = '\x00\x00\x00\x00'
3416 _yiaddr = socket.inet_pton(socket.AF_INET, yiaddr)
3417 _siaddr = '\x00\x00\x00\x00'
3418 _giaddr = '\x00\x00\x00\x00'
3419 _chaddr = binascii.unhexlify(chaddr.replace(':','') + "00000000000000000000")
3420 payload = struct.pack('>BBBBL3BB', 2, 1, 6, 0, 12345, 0, 0, 0, 0)
3421 payload += _ciaddr + _yiaddr + _siaddr + _giaddr + _chaddr + 192*'\x00'
3422 # magic
3423 if wrong_magic:
3424 payload += '\x63\x82\x53\x00'
3425 else:
3426 payload += '\x63\x82\x53\x63'
3427 if truncated_opt:
3428 payload += '\x22\xff\x00'
3429 # Option: DHCP Message Type = ACK
3430 payload += '\x35\x01\x05'
3431 # Pad Option
3432 payload += '\x00'
3433 # Option: Subnet Mask
3434 payload += '\x01\x04' + _subnet_mask
3435 # Option: Time Offset
3436 payload += struct.pack('>BBL', 2, 4, 0)
3437 # End Option
3438 payload += '\xff'
3439 # Pad Option
3440 payload += '\x00\x00\x00\x00'
3441
3442 if no_dhcp:
3443 payload = struct.pack('>BBBBL3BB', 2, 1, 6, 0, 12345, 0, 0, 0, 0)
3444 payload += _ciaddr + _yiaddr + _siaddr + _giaddr + _chaddr + 192*'\x00'
3445
3446 udp = struct.pack('>HHHH', 67, 68, 8 + len(payload), 0) + payload
3447
3448 if force_tot_len:
3449 tot_len = force_tot_len
3450 else:
3451 tot_len = 20 + len(udp)
3452 start = struct.pack('>BBHHBBBB', 0x45, 0, tot_len, 0, 0, 0, 128, 17)
3453 ipv4 = start + '\x00\x00' + _ip_src + _ip_dst
3454 csum = ip_checksum(ipv4)
3455 ipv4 = start + csum + _ip_src + _ip_dst
3456
3457 return ehdr + ipv4 + udp
3458
d9f3bb1a
JM		 3459def build_arp(dst_ll, src_ll, opcode, sender_mac, sender_ip,
3460 target_mac, target_ip):
3461 _dst_ll = binascii.unhexlify(dst_ll.replace(':',''))
3462 _src_ll = binascii.unhexlify(src_ll.replace(':',''))
3463 proto = '\x08\x06'
3464 ehdr = _dst_ll + _src_ll + proto
3465
3466 _sender_mac = binascii.unhexlify(sender_mac.replace(':',''))
3467 _sender_ip = socket.inet_pton(socket.AF_INET, sender_ip)
3468 _target_mac = binascii.unhexlify(target_mac.replace(':',''))
3469 _target_ip = socket.inet_pton(socket.AF_INET, target_ip)
3470
3471 arp = struct.pack('>HHBBH', 1, 0x0800, 6, 4, opcode)
3472 arp += _sender_mac + _sender_ip
3473 arp += _target_mac + _target_ip
3474
3475 return ehdr + arp
3476
3477def send_arp(dev, dst_ll="ff:ff:ff:ff:ff:ff", src_ll=None, opcode=1,
3478 sender_mac=None, sender_ip="0.0.0.0",
3479 target_mac="00:00:00:00:00:00", target_ip="0.0.0.0",
3480 hapd_bssid=None):
3481 if hapd_bssid:
3482 if src_ll is None:
3483 src_ll = hapd_bssid
3484 if sender_mac is None:
3485 sender_mac = hapd_bssid
3486 cmd = "DATA_TEST_FRAME ifname=ap-br0 "
3487 else:
3488 if src_ll is None:
3489 src_ll = dev.p2p_interface_addr()
3490 if sender_mac is None:
3491 sender_mac = dev.p2p_interface_addr()
3492 cmd = "DATA_TEST_FRAME "
3493
89cd4355 3494 pkt = build_arp(dst_ll=dst_ll, src_ll=src_ll, opcode=opcode,
d9f3bb1a
JM		 3495 sender_mac=sender_mac, sender_ip=sender_ip,
3496 target_mac=target_mac, target_ip=target_ip)
3497 if "OK" not in dev.request(cmd + binascii.hexlify(pkt)):
3498 raise Exception("DATA_TEST_FRAME failed")
3499
5f7b07de
JM		 3500def get_permanent_neighbors(ifname):
3501 cmd = subprocess.Popen(['ip', 'nei'], stdout=subprocess.PIPE)
3502 res = cmd.stdout.read()
3503 cmd.stdout.close()
3504 return [ line for line in res.splitlines() if "PERMANENT" in line and ifname in line ]
3505
87f0ede9
JM		 3506def get_bridge_macs(ifname):
3507 cmd = subprocess.Popen(['brctl', 'showmacs', ifname],
3508 stdout=subprocess.PIPE)
3509 res = cmd.stdout.read()
3510 cmd.stdout.close()
3511 return res
3512
efd0a6fb
JM		 3513def tshark_get_arp(cap, filter):
3514 res = run_tshark(cap, filter,
3515 [ "eth.dst", "eth.src",
3516 "arp.src.hw_mac", "arp.src.proto_ipv4",
3517 "arp.dst.hw_mac", "arp.dst.proto_ipv4" ],
3518 wait=False)
3519 frames = []
3520 for l in res.splitlines():
3521 frames.append(l.split('\t'))
3522 return frames
3523
55c430b6
JM		 3524def tshark_get_ns(cap):
3525 res = run_tshark(cap, "icmpv6.type == 135",
3526 [ "eth.dst", "eth.src",
3527 "ipv6.src", "ipv6.dst",
3528 "icmpv6.nd.ns.target_address",
3529 "icmpv6.opt.linkaddr" ],
3530 wait=False)
3531 frames = []
3532 for l in res.splitlines():
3533 frames.append(l.split('\t'))
3534 return frames
3535
3536def tshark_get_na(cap):
3537 res = run_tshark(cap, "icmpv6.type == 136",
3538 [ "eth.dst", "eth.src",
3539 "ipv6.src", "ipv6.dst",
3540 "icmpv6.nd.na.target_address",
3541 "icmpv6.opt.linkaddr" ],
3542 wait=False)
3543 frames = []
3544 for l in res.splitlines():
3545 frames.append(l.split('\t'))
3546 return frames
3547
9934ee19
JM		 3548def _test_proxyarp_open(dev, apdev, params, ebtables=False):
3549 prefix = "proxyarp_open"
3550 if ebtables:
3551 prefix += "_ebtables"
3552 cap_br = os.path.join(params['logdir'], prefix + ".ap-br0.pcap")
3553 cap_dev0 = os.path.join(params['logdir'],
3554 prefix + ".%s.pcap" % dev[0].ifname)
3555 cap_dev1 = os.path.join(params['logdir'],
3556 prefix + ".%s.pcap" % dev[1].ifname)
210a4f6a
JM		 3557 cap_dev2 = os.path.join(params['logdir'],
3558 prefix + ".%s.pcap" % dev[2].ifname)
d9f3bb1a 3559
5f7b07de
JM		 3560 bssid = apdev[0]['bssid']
3561 params = { 'ssid': 'open' }
3562 params['proxy_arp'] = '1'
8b8a1864 3563 hapd = hostapd.add_ap(apdev[0], params, no_enable=True)
5f7b07de
JM		 3564 hapd.set("ap_isolate", "1")
3565 hapd.set('bridge', 'ap-br0')
3566 hapd.dump_monitor()
3567 try:
3568 hapd.enable()
3569 except:
3570 # For now, do not report failures due to missing kernel support
81e787b7 3571 raise HwsimSkip("Could not start hostapd - assume proxyarp not supported in kernel version")
5f7b07de
JM		 3572 ev = hapd.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=10)
3573 if ev is None:
3574 raise Exception("AP startup timed out")
3575 if "AP-ENABLED" not in ev:
3576 raise Exception("AP startup failed")
3577
210a4f6a 3578 params2 = { 'ssid': 'another' }
8b8a1864 3579 hapd2 = hostapd.add_ap(apdev[1], params2, no_enable=True)
210a4f6a
JM		 3580 hapd2.set('bridge', 'ap-br0')
3581 hapd2.enable()
3582
5f7b07de
JM		 3583 subprocess.call(['brctl', 'setfd', 'ap-br0', '0'])
3584 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
5f7b07de 3585
9934ee19
JM		 3586 if ebtables:
3587 for chain in [ 'FORWARD', 'OUTPUT' ]:
3588 subprocess.call(['ebtables', '-A', chain, '-p', 'ARP',
3589 '-d', 'Broadcast', '-o', apdev[0]['ifname'],
3590 '-j', 'DROP'])
3591 subprocess.call(['ebtables', '-A', chain, '-d', 'Multicast',
3592 '-p', 'IPv6', '--ip6-protocol', 'ipv6-icmp',
3593 '--ip6-icmp-type', 'neighbor-solicitation',
3594 '-o', apdev[0]['ifname'], '-j', 'DROP'])
3595 subprocess.call(['ebtables', '-A', chain, '-d', 'Multicast',
3596 '-p', 'IPv6', '--ip6-protocol', 'ipv6-icmp',
3597 '--ip6-icmp-type', 'neighbor-advertisement',
3598 '-o', apdev[0]['ifname'], '-j', 'DROP'])
3599 subprocess.call(['ebtables', '-A', chain,
3600 '-p', 'IPv6', '--ip6-protocol', 'ipv6-icmp',
3601 '--ip6-icmp-type', 'router-solicitation',
3602 '-o', apdev[0]['ifname'], '-j', 'DROP'])
3603 # Multicast Listener Report Message
3604 subprocess.call(['ebtables', '-A', chain, '-d', 'Multicast',
3605 '-p', 'IPv6', '--ip6-protocol', 'ipv6-icmp',
3606 '--ip6-icmp-type', '143',
3607 '-o', apdev[0]['ifname'], '-j', 'DROP'])
19cbe062 3608
55c430b6 3609 time.sleep(0.5)
d9f3bb1a 3610 cmd = {}
a95c6973
JM		 3611 cmd[0] = subprocess.Popen(['tcpdump', '-p', '-U', '-i', 'ap-br0',
3612 '-w', cap_br, '-s', '2000'],
3613 stderr=open('/dev/null', 'w'))
3614 cmd[1] = subprocess.Popen(['tcpdump', '-p', '-U', '-i', dev[0].ifname,
3615 '-w', cap_dev0, '-s', '2000'],
3616 stderr=open('/dev/null', 'w'))
3617 cmd[2] = subprocess.Popen(['tcpdump', '-p', '-U', '-i', dev[1].ifname,
3618 '-w', cap_dev1, '-s', '2000'],
3619 stderr=open('/dev/null', 'w'))
210a4f6a
JM		 3620 cmd[3] = subprocess.Popen(['tcpdump', '-p', '-U', '-i', dev[2].ifname,
3621 '-w', cap_dev2, '-s', '2000'],
3622 stderr=open('/dev/null', 'w'))
d9f3bb1a 3623
5f7b07de
JM		 3624 dev[0].connect("open", key_mgmt="NONE", scan_freq="2412")
3625 dev[1].connect("open", key_mgmt="NONE", scan_freq="2412")
210a4f6a 3626 dev[2].connect("another", key_mgmt="NONE", scan_freq="2412")
5f7b07de
JM		 3627 time.sleep(0.1)
3628
210a4f6a
JM		 3629 brcmd = subprocess.Popen(['brctl', 'show'], stdout=subprocess.PIPE)
3630 res = brcmd.stdout.read()
3631 brcmd.stdout.close()
3632 logger.info("Bridge setup: " + res)
3633
3634 brcmd = subprocess.Popen(['brctl', 'showstp', 'ap-br0'],
3635 stdout=subprocess.PIPE)
3636 res = brcmd.stdout.read()
3637 brcmd.stdout.close()
3638 logger.info("Bridge showstp: " + res)
3639
67aeee11
JM		 3640 addr0 = dev[0].p2p_interface_addr()
3641 addr1 = dev[1].p2p_interface_addr()
efd0a6fb 3642 addr2 = dev[2].p2p_interface_addr()
67aeee11
JM		 3643
3644 src_ll_opt0 = "\x01\x01" + binascii.unhexlify(addr0.replace(':',''))
3645 src_ll_opt1 = "\x01\x01" + binascii.unhexlify(addr1.replace(':',''))
3646
3647 # DAD NS
6d533294 3648 send_ns(dev[0], ip_src="::", target="aaaa:bbbb:cccc::2")
67aeee11 3649
6d533294 3650 send_ns(dev[0], ip_src="aaaa:bbbb:cccc::2", target="aaaa:bbbb:cccc::2")
67aeee11 3651 # test frame without source link-layer address option
6d533294
JM		 3652 send_ns(dev[0], ip_src="aaaa:bbbb:cccc::2", target="aaaa:bbbb:cccc::2",
3653 opt='')
67aeee11 3654 # test frame with bogus option
6d533294
JM		 3655 send_ns(dev[0], ip_src="aaaa:bbbb:cccc::2", target="aaaa:bbbb:cccc::2",
3656 opt="\x70\x01\x01\x02\x03\x04\x05\x05")
67aeee11 3657 # test frame with truncated source link-layer address option
6d533294
JM		 3658 send_ns(dev[0], ip_src="aaaa:bbbb:cccc::2", target="aaaa:bbbb:cccc::2",
3659 opt="\x01\x01\x01\x02\x03\x04")
67aeee11 3660 # test frame with foreign source link-layer address option
6d533294
JM		 3661 send_ns(dev[0], ip_src="aaaa:bbbb:cccc::2", target="aaaa:bbbb:cccc::2",
3662 opt="\x01\x01\x01\x02\x03\x04\x05\x06")
67aeee11 3663
6d533294 3664 send_ns(dev[1], ip_src="aaaa:bbbb:dddd::2", target="aaaa:bbbb:dddd::2")
67aeee11 3665
6d533294 3666 send_ns(dev[1], ip_src="aaaa:bbbb:eeee::2", target="aaaa:bbbb:eeee::2")
67aeee11 3667 # another copy for additional code coverage
6d533294 3668 send_ns(dev[1], ip_src="aaaa:bbbb:eeee::2", target="aaaa:bbbb:eeee::2")
67aeee11 3669
a712282b
JM		 3670 pkt = build_dhcp_ack(dst_ll="ff:ff:ff:ff:ff:ff", src_ll=bssid,
3671 ip_src="192.168.1.1", ip_dst="255.255.255.255",
3672 yiaddr="192.168.1.124", chaddr=addr0)
3673 if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt)):
3674 raise Exception("DATA_TEST_FRAME failed")
3675 # Change address and verify unicast
3676 pkt = build_dhcp_ack(dst_ll=addr0, src_ll=bssid,
3677 ip_src="192.168.1.1", ip_dst="255.255.255.255",
3678 yiaddr="192.168.1.123", chaddr=addr0)
3679 if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt)):
3680 raise Exception("DATA_TEST_FRAME failed")
3681
3682 # Not-associated client MAC address
3683 pkt = build_dhcp_ack(dst_ll="ff:ff:ff:ff:ff:ff", src_ll=bssid,
3684 ip_src="192.168.1.1", ip_dst="255.255.255.255",
3685 yiaddr="192.168.1.125", chaddr="22:33:44:55:66:77")
3686 if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt)):
3687 raise Exception("DATA_TEST_FRAME failed")
3688
3689 # No IP address
3690 pkt = build_dhcp_ack(dst_ll=addr1, src_ll=bssid,
3691 ip_src="192.168.1.1", ip_dst="255.255.255.255",
3692 yiaddr="0.0.0.0", chaddr=addr1)
3693 if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt)):
3694 raise Exception("DATA_TEST_FRAME failed")
3695
3696 # Zero subnet mask
3697 pkt = build_dhcp_ack(dst_ll=addr1, src_ll=bssid,
3698 ip_src="192.168.1.1", ip_dst="255.255.255.255",
3699 yiaddr="192.168.1.126", chaddr=addr1,
3700 subnet_mask="0.0.0.0")
3701 if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt)):
3702 raise Exception("DATA_TEST_FRAME failed")
3703
3704 # Truncated option
3705 pkt = build_dhcp_ack(dst_ll=addr1, src_ll=bssid,
3706 ip_src="192.168.1.1", ip_dst="255.255.255.255",
3707 yiaddr="192.168.1.127", chaddr=addr1,
3708 truncated_opt=True)
3709 if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt)):
3710 raise Exception("DATA_TEST_FRAME failed")
3711
3712 # Wrong magic
3713 pkt = build_dhcp_ack(dst_ll=addr1, src_ll=bssid,
3714 ip_src="192.168.1.1", ip_dst="255.255.255.255",
3715 yiaddr="192.168.1.128", chaddr=addr1,
3716 wrong_magic=True)
3717 if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt)):
3718 raise Exception("DATA_TEST_FRAME failed")
3719
3720 # Wrong IPv4 total length
3721 pkt = build_dhcp_ack(dst_ll=addr1, src_ll=bssid,
3722 ip_src="192.168.1.1", ip_dst="255.255.255.255",
3723 yiaddr="192.168.1.129", chaddr=addr1,
3724 force_tot_len=1000)
3725 if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt)):
3726 raise Exception("DATA_TEST_FRAME failed")
3727
3728 # BOOTP
3729 pkt = build_dhcp_ack(dst_ll=addr1, src_ll=bssid,
3730 ip_src="192.168.1.1", ip_dst="255.255.255.255",
3731 yiaddr="192.168.1.129", chaddr=addr1,
3732 no_dhcp=True)
3733 if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt)):
3734 raise Exception("DATA_TEST_FRAME failed")
3735
87f0ede9
JM		 3736 macs = get_bridge_macs("ap-br0")
3737 logger.info("After connect (showmacs): " + str(macs))
3738
5f7b07de
JM		 3739 matches = get_permanent_neighbors("ap-br0")
3740 logger.info("After connect: " + str(matches))
a712282b 3741 if len(matches) != 4:
5f7b07de 3742 raise Exception("Unexpected number of neighbor entries after connect")
67aeee11
JM		 3743 if 'aaaa:bbbb:cccc::2 dev ap-br0 lladdr 02:00:00:00:00:00 PERMANENT' not in matches:
3744 raise Exception("dev0 addr missing")
3745 if 'aaaa:bbbb:dddd::2 dev ap-br0 lladdr 02:00:00:00:01:00 PERMANENT' not in matches:
3746 raise Exception("dev1 addr(1) missing")
3747 if 'aaaa:bbbb:eeee::2 dev ap-br0 lladdr 02:00:00:00:01:00 PERMANENT' not in matches:
3748 raise Exception("dev1 addr(2) missing")
a712282b
JM		 3749 if '192.168.1.123 dev ap-br0 lladdr 02:00:00:00:00:00 PERMANENT' not in matches:
3750 raise Exception("dev0 IPv4 addr missing")
67aeee11 3751
d9f3bb1a
JM		 3752 targets = [ "192.168.1.123", "192.168.1.124", "192.168.1.125",
3753 "192.168.1.126" ]
3754 for target in targets:
3755 send_arp(dev[1], sender_ip="192.168.1.100", target_ip=target)
3756
3757 for target in targets:
3758 send_arp(hapd, hapd_bssid=bssid, sender_ip="192.168.1.101",
3759 target_ip=target)
3760
210a4f6a
JM		 3761 for target in targets:
3762 send_arp(dev[2], sender_ip="192.168.1.103", target_ip=target)
3763
d9f3bb1a
JM		 3764 # ARP Probe from wireless STA
3765 send_arp(dev[1], target_ip="192.168.1.127")
3766 # ARP Announcement from wireless STA
3767 send_arp(dev[1], sender_ip="192.168.1.127", target_ip="192.168.1.127")
3768 send_arp(dev[1], sender_ip="192.168.1.127", target_ip="192.168.1.127",
3769 opcode=2)
3770
87f0ede9
JM		 3771 macs = get_bridge_macs("ap-br0")
3772 logger.info("After ARP Probe + Announcement (showmacs): " + str(macs))
3773
d9f3bb1a
JM		 3774 matches = get_permanent_neighbors("ap-br0")
3775 logger.info("After ARP Probe + Announcement: " + str(matches))
3776
3777 # ARP Request for the newly introduced IP address from wireless STA
3778 send_arp(dev[0], sender_ip="192.168.1.123", target_ip="192.168.1.127")
3779
3780 # ARP Request for the newly introduced IP address from bridge
3781 send_arp(hapd, hapd_bssid=bssid, sender_ip="192.168.1.102",
3782 target_ip="192.168.1.127")
210a4f6a 3783 send_arp(dev[2], sender_ip="192.168.1.103", target_ip="192.168.1.127")
d9f3bb1a
JM		 3784
3785 # ARP Probe from bridge
89cd4355 3786 send_arp(hapd, hapd_bssid=bssid, target_ip="192.168.1.130")
210a4f6a 3787 send_arp(dev[2], target_ip="192.168.1.131")
89cd4355
JM		 3788 # ARP Announcement from bridge (not to be learned by AP for proxyarp)
3789 send_arp(hapd, hapd_bssid=bssid, sender_ip="192.168.1.130",
3790 target_ip="192.168.1.130")
3791 send_arp(hapd, hapd_bssid=bssid, sender_ip="192.168.1.130",
3792 target_ip="192.168.1.130", opcode=2)
210a4f6a
JM		 3793 send_arp(dev[2], sender_ip="192.168.1.131", target_ip="192.168.1.131")
3794 send_arp(dev[2], sender_ip="192.168.1.131", target_ip="192.168.1.131",
3795 opcode=2)
d9f3bb1a 3796
87f0ede9
JM		 3797 macs = get_bridge_macs("ap-br0")
3798 logger.info("After ARP Probe + Announcement (showmacs): " + str(macs))
3799
d9f3bb1a
JM		 3800 matches = get_permanent_neighbors("ap-br0")
3801 logger.info("After ARP Probe + Announcement: " + str(matches))
3802
3803 # ARP Request for the newly introduced IP address from wireless STA
89cd4355
JM		 3804 send_arp(dev[0], sender_ip="192.168.1.123", target_ip="192.168.1.130")
3805 # ARP Response from bridge (AP does not proxy for non-wireless devices)
3806 send_arp(hapd, hapd_bssid=bssid, dst_ll=addr0, sender_ip="192.168.1.130",
3807 target_ip="192.168.1.123", opcode=2)
d9f3bb1a 3808
210a4f6a
JM		 3809 # ARP Request for the newly introduced IP address from wireless STA
3810 send_arp(dev[0], sender_ip="192.168.1.123", target_ip="192.168.1.131")
3811 # ARP Response from bridge (AP does not proxy for non-wireless devices)
3812 send_arp(dev[2], dst_ll=addr0, sender_ip="192.168.1.131",
3813 target_ip="192.168.1.123", opcode=2)
3814
d9f3bb1a
JM		 3815 # ARP Request for the newly introduced IP address from bridge
3816 send_arp(hapd, hapd_bssid=bssid, sender_ip="192.168.1.102",
89cd4355 3817 target_ip="192.168.1.130")
210a4f6a 3818 send_arp(dev[2], sender_ip="192.168.1.104", target_ip="192.168.1.131")
d9f3bb1a
JM		 3819
3820 # ARP Probe from wireless STA (duplicate address; learned through DHCP)
3821 send_arp(dev[1], target_ip="192.168.1.123")
3822 # ARP Probe from wireless STA (duplicate address; learned through ARP)
3823 send_arp(dev[0], target_ip="192.168.1.127")
3824
3825 # Gratuitous ARP Reply for another STA's IP address
3826 send_arp(dev[0], opcode=2, sender_mac=addr0, sender_ip="192.168.1.127",
3827 target_mac=addr1, target_ip="192.168.1.127")
3828 send_arp(dev[1], opcode=2, sender_mac=addr1, sender_ip="192.168.1.123",
3829 target_mac=addr0, target_ip="192.168.1.123")
3830 # ARP Request to verify previous mapping
3831 send_arp(dev[1], sender_ip="192.168.1.127", target_ip="192.168.1.123")
3832 send_arp(dev[0], sender_ip="192.168.1.123", target_ip="192.168.1.127")
3833
3834 time.sleep(0.1)
3835
5a3ce802
JM		 3836 send_ns(dev[0], target="aaaa:bbbb:dddd::2", ip_src="aaaa:bbbb:cccc::2")
3837 time.sleep(0.1)
3838 send_ns(dev[1], target="aaaa:bbbb:cccc::2", ip_src="aaaa:bbbb:dddd::2")
3839 time.sleep(0.1)
3840 send_ns(hapd, hapd_bssid=bssid, target="aaaa:bbbb:dddd::2",
3841 ip_src="aaaa:bbbb:ffff::2")
3842 time.sleep(0.1)
210a4f6a
JM		 3843 send_ns(dev[2], target="aaaa:bbbb:cccc::2", ip_src="aaaa:bbbb:ff00::2")
3844 time.sleep(0.1)
3845 send_ns(dev[2], target="aaaa:bbbb:dddd::2", ip_src="aaaa:bbbb:ff00::2")
3846 time.sleep(0.1)
3847 send_ns(dev[2], target="aaaa:bbbb:eeee::2", ip_src="aaaa:bbbb:ff00::2")
3848 time.sleep(0.1)
5a3ce802
JM		 3849
3850 # Try to probe for an already assigned address
3851 send_ns(dev[1], target="aaaa:bbbb:cccc::2", ip_src="::")
3852 time.sleep(0.1)
3853 send_ns(hapd, hapd_bssid=bssid, target="aaaa:bbbb:cccc::2", ip_src="::")
3854 time.sleep(0.1)
210a4f6a
JM		 3855 send_ns(dev[2], target="aaaa:bbbb:cccc::2", ip_src="::")
3856 time.sleep(0.1)
5a3ce802
JM		 3857
3858 # Unsolicited NA
3859 send_na(dev[1], target="aaaa:bbbb:cccc:aeae::3",
3860 ip_src="aaaa:bbbb:cccc:aeae::3", ip_dst="ff02::1")
3861 send_na(hapd, hapd_bssid=bssid, target="aaaa:bbbb:cccc:aeae::4",
3862 ip_src="aaaa:bbbb:cccc:aeae::4", ip_dst="ff02::1")
210a4f6a
JM		 3863 send_na(dev[2], target="aaaa:bbbb:cccc:aeae::5",
3864 ip_src="aaaa:bbbb:cccc:aeae::5", ip_dst="ff02::1")
5a3ce802 3865
7e3a6c9e
JM		 3866 try:
3867 hwsim_utils.test_connectivity_iface(dev[0], hapd, "ap-br0")
3868 except Exception, e:
3869 logger.info("test_connectibity_iface failed: " + str(e))
3870 raise HwsimSkip("Assume kernel did not have the required patches for proxyarp")
40e4c9c8
JM		 3871 hwsim_utils.test_connectivity_iface(dev[1], hapd, "ap-br0")
3872 hwsim_utils.test_connectivity(dev[0], dev[1])
3873
5f7b07de
JM		 3874 dev[0].request("DISCONNECT")
3875 dev[1].request("DISCONNECT")
3876 time.sleep(0.5)
210a4f6a 3877 for i in range(len(cmd)):
d9f3bb1a 3878 cmd[i].terminate()
87f0ede9
JM		 3879 macs = get_bridge_macs("ap-br0")
3880 logger.info("After disconnect (showmacs): " + str(macs))
5f7b07de
JM		 3881 matches = get_permanent_neighbors("ap-br0")
3882 logger.info("After disconnect: " + str(matches))
3883 if len(matches) > 0:
3884 raise Exception("Unexpected neighbor entries after disconnect")
9934ee19
JM		 3885 if ebtables:
3886 cmd = subprocess.Popen(['ebtables', '-L', '--Lc'],
3887 stdout=subprocess.PIPE)
3888 res = cmd.stdout.read()
3889 cmd.stdout.close()
3890 logger.info("ebtables results:\n" + res)
5f7b07de 3891
efd0a6fb
JM		 3892 # Verify that expected ARP messages were seen and no unexpected
3893 # ARP messages were seen.
3894
3895 arp_req = tshark_get_arp(cap_dev0, "arp.opcode == 1")
3896 arp_reply = tshark_get_arp(cap_dev0, "arp.opcode == 2")
3897 logger.info("dev0 seen ARP requests:\n" + str(arp_req))
3898 logger.info("dev0 seen ARP replies:\n" + str(arp_reply))
3899
3900 if [ 'ff:ff:ff:ff:ff:ff', addr1,
3901 addr1, '192.168.1.100',
3902 '00:00:00:00:00:00', '192.168.1.123' ] in arp_req:
3903 raise Exception("dev0 saw ARP request from dev1")
3904 if [ 'ff:ff:ff:ff:ff:ff', addr2,
3905 addr2, '192.168.1.103',
3906 '00:00:00:00:00:00', '192.168.1.123' ] in arp_req:
3907 raise Exception("dev0 saw ARP request from dev2")
3908 # TODO: Uncomment once fixed in kernel
3909 #if [ 'ff:ff:ff:ff:ff:ff', bssid,
3910 # bssid, '192.168.1.101',
3911 # '00:00:00:00:00:00', '192.168.1.123' ] in arp_req:
3912 # raise Exception("dev0 saw ARP request from br")
3913
3914 if ebtables:
3915 for req in arp_req:
3916 if req[1] != addr0:
3917 raise Exception("Unexpected foreign ARP request on dev0")
3918
3919 arp_req = tshark_get_arp(cap_dev1, "arp.opcode == 1")
3920 arp_reply = tshark_get_arp(cap_dev1, "arp.opcode == 2")
3921 logger.info("dev1 seen ARP requests:\n" + str(arp_req))
3922 logger.info("dev1 seen ARP replies:\n" + str(arp_reply))
3923
3924 if [ 'ff:ff:ff:ff:ff:ff', addr2,
3925 addr2, '192.168.1.103',
3926 '00:00:00:00:00:00', '192.168.1.123' ] in arp_req:
3927 raise Exception("dev1 saw ARP request from dev2")
3928 if [addr1, addr0, addr0, '192.168.1.123', addr1, '192.168.1.100'] not in arp_reply:
3929 raise Exception("dev1 did not get ARP response for 192.168.1.123")
3930
3931 if ebtables:
3932 for req in arp_req:
3933 if req[1] != addr1:
3934 raise Exception("Unexpected foreign ARP request on dev1")
3935
3936 arp_req = tshark_get_arp(cap_dev2, "arp.opcode == 1")
3937 arp_reply = tshark_get_arp(cap_dev2, "arp.opcode == 2")
3938 logger.info("dev2 seen ARP requests:\n" + str(arp_req))
3939 logger.info("dev2 seen ARP replies:\n" + str(arp_reply))
3940
3941 if [ addr2, addr0,
3942 addr0, '192.168.1.123',
3943 addr2, '192.168.1.103' ] not in arp_reply:
3944 raise Exception("dev2 did not get ARP response for 192.168.1.123")
3945
3946 arp_req = tshark_get_arp(cap_br, "arp.opcode == 1")
3947 arp_reply = tshark_get_arp(cap_br, "arp.opcode == 2")
3948 logger.info("br seen ARP requests:\n" + str(arp_req))
3949 logger.info("br seen ARP replies:\n" + str(arp_reply))
3950
3951 # TODO: Uncomment once fixed in kernel
3952 #if [ bssid, addr0,
3953 # addr0, '192.168.1.123',
3954 # bssid, '192.168.1.101' ] not in arp_reply:
3955 # raise Exception("br did not get ARP response for 192.168.1.123")
3956
55c430b6
JM		 3957 ns = tshark_get_ns(cap_dev0)
3958 logger.info("dev0 seen NS: " + str(ns))
3959 na = tshark_get_na(cap_dev0)
3960 logger.info("dev0 seen NA: " + str(na))
3961
05121d35 3962 if [ addr0, addr1, 'aaaa:bbbb:dddd::2', 'aaaa:bbbb:cccc::2',
55c430b6
JM		 3963 'aaaa:bbbb:dddd::2', addr1 ] not in na:
3964 raise Exception("dev0 did not get NA for aaaa:bbbb:dddd::2")
3965
3966 if ebtables:
3967 for req in ns:
3968 if req[1] != addr0:
3969 raise Exception("Unexpected foreign NS on dev0: " + str(req))
3970
3971 ns = tshark_get_ns(cap_dev1)
3972 logger.info("dev1 seen NS: " + str(ns))
3973 na = tshark_get_na(cap_dev1)
3974 logger.info("dev1 seen NA: " + str(na))
3975
05121d35 3976 if [ addr1, addr0, 'aaaa:bbbb:cccc::2', 'aaaa:bbbb:dddd::2',
55c430b6
JM		 3977 'aaaa:bbbb:cccc::2', addr0 ] not in na:
3978 raise Exception("dev1 did not get NA for aaaa:bbbb:cccc::2")
3979
3980 if ebtables:
3981 for req in ns:
3982 if req[1] != addr1:
3983 raise Exception("Unexpected foreign NS on dev1: " + str(req))
3984
3985 ns = tshark_get_ns(cap_dev2)
3986 logger.info("dev2 seen NS: " + str(ns))
3987 na = tshark_get_na(cap_dev2)
3988 logger.info("dev2 seen NA: " + str(na))
3989
3990 # FIX: enable once kernel implementation for proxyarp IPv6 is fixed
05121d35 3991 #if [ addr2, addr0, 'aaaa:bbbb:cccc::2', 'aaaa:bbbb:ff00::2',
55c430b6
JM		 3992 # 'aaaa:bbbb:cccc::2', addr0 ] not in na:
3993 # raise Exception("dev2 did not get NA for aaaa:bbbb:cccc::2")
05121d35 3994 #if [ addr2, addr1, 'aaaa:bbbb:dddd::2', 'aaaa:bbbb:ff00::2',
55c430b6
JM		 3995 # 'aaaa:bbbb:dddd::2', addr1 ] not in na:
3996 # raise Exception("dev2 did not get NA for aaaa:bbbb:dddd::2")
05121d35 3997 #if [ addr2, addr1, 'aaaa:bbbb:eeee::2', 'aaaa:bbbb:ff00::2',
55c430b6
JM		 3998 # 'aaaa:bbbb:eeee::2', addr1 ] not in na:
3999 # raise Exception("dev2 did not get NA for aaaa:bbbb:eeee::2")
4000
d9f3bb1a 4001def test_proxyarp_open(dev, apdev, params):
5f7b07de 4002 """ProxyARP with open network"""
5f7b07de 4003 try:
81e787b7 4004 _test_proxyarp_open(dev, apdev, params)
9934ee19
JM		 4005 finally:
4006 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'],
4007 stderr=open('/dev/null', 'w'))
4008 subprocess.call(['brctl', 'delbr', 'ap-br0'],
4009 stderr=open('/dev/null', 'w'))
4010
4011def test_proxyarp_open_ebtables(dev, apdev, params):
4012 """ProxyARP with open network"""
4013 try:
4014 _test_proxyarp_open(dev, apdev, params, ebtables=True)
5f7b07de 4015 finally:
01c87519
JM		 4016 try:
4017 subprocess.call(['ebtables', '-F', 'FORWARD'])
4018 subprocess.call(['ebtables', '-F', 'OUTPUT'])
4019 except:
4020 pass
5f7b07de
JM		 4021 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'],
4022 stderr=open('/dev/null', 'w'))
4023 subprocess.call(['brctl', 'delbr', 'ap-br0'],
4024 stderr=open('/dev/null', 'w'))
c518fecc
JM		 4025
4026def test_ap_hs20_connect_deinit(dev, apdev):
4027 """Hotspot 2.0 connection interrupted with deinit"""
e7ac04ce 4028 check_eap_capa(dev[0], "MSCHAPV2")
c518fecc
JM		 4029 bssid = apdev[0]['bssid']
4030 params = hs20_ap_params()
4031 params['hessid'] = bssid
8b8a1864 4032 hapd = hostapd.add_ap(apdev[0], params)
c518fecc
JM		 4033
4034 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
4035 wpas.interface_add("wlan5", drv_params="")
4036 wpas.hs20_enable()
4037 wpas.flush_scan_cache()
4038 wpas.add_cred_values({ 'realm': "example.com",
4039 'username': "hs20-test",
4040 'password': "password",
4041 'ca_cert': "auth_serv/ca.pem",
4042 'domain': "example.com" })
4043
4044 wpas.scan_for_bss(bssid, freq=2412)
4045 hapd.disable()
4046
4047 wpas.request("INTERWORKING_SELECT freq=2412")
4048
4049 id = wpas.request("RADIO_WORK add block-work")
4050 ev = wpas.wait_event(["GAS-QUERY-START", "EXT-RADIO-WORK-START"], timeout=5)
4051 if ev is None:
4052 raise Exception("Timeout while waiting radio work to start")
4053 ev = wpas.wait_event(["GAS-QUERY-START", "EXT-RADIO-WORK-START"], timeout=5)
4054 if ev is None:
4055 raise Exception("Timeout while waiting radio work to start (2)")
4056
4057 # Remove the interface while the gas-query radio work is still pending and
4058 # GAS query has not yet been started.
4059 wpas.interface_remove("wlan5")
046e63fa
JM		 4060
4061def test_ap_hs20_anqp_format_errors(dev, apdev):
4062 """Interworking network selection and ANQP format errors"""
4063 bssid = apdev[0]['bssid']
4064 params = hs20_ap_params()
4065 params['hessid'] = bssid
8b8a1864 4066 hapd = hostapd.add_ap(apdev[0], params)
046e63fa
JM		 4067
4068 dev[0].hs20_enable()
4069 values = { 'realm': "example.com",
4070 'ca_cert': "auth_serv/ca.pem",
4071 'username': "hs20-test",
4072 'password': "password",
4073 'domain': "example.com" }
4074 id = dev[0].add_cred_values(values)
4075
4076 dev[0].scan_for_bss(bssid, freq="2412")
4077
4078 tests = [ "00", "ffff", "010011223344", "020008000005112233445500",
4079 "01000400000000", "01000000000000",
4080 "01000300000200", "0100040000ff0000", "01000300000100",
4081 "01000300000001",
4082 "01000600000056112233",
4083 "01000900000002050001000111",
4084 "01000600000001000000", "01000600000001ff0000",
4085 "01000600000001020001",
4086 "010008000000010400010001", "0100080000000104000100ff",
4087 "010011000000010d00050200020100030005000600",
4088 "0000" ]
4089 for t in tests:
4090 hapd.set("anqp_elem", "263:" + t)
4091 dev[0].request("INTERWORKING_SELECT freq=2412")
4092 ev = dev[0].wait_event(["INTERWORKING-NO-MATCH"], timeout=5)
4093 if ev is None:
4094 raise Exception("Network selection timed out")
4095 dev[0].dump_monitor()
4096
4097 dev[0].remove_cred(id)
4098 id = dev[0].add_cred_values({ 'imsi': "555444-333222111", 'eap': "AKA",
4099 'milenage': "5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123"})
4100
4101 tests = [ "00", "0100", "0001", "00ff", "000200ff", "0003000101",
4102 "00020100" ]
4103 for t in tests:
4104 hapd.set("anqp_elem", "264:" + t)
4105 dev[0].request("INTERWORKING_SELECT freq=2412")
4106 ev = dev[0].wait_event(["INTERWORKING-NO-MATCH"], timeout=5)
4107 if ev is None:
4108 raise Exception("Network selection timed out")
4109 dev[0].dump_monitor()
e330daa9
JM		 4110
4111def test_ap_hs20_cred_with_nai_realm(dev, apdev):
4112 """Hotspot 2.0 network selection and cred_with_nai_realm cred->realm"""
4113 bssid = apdev[0]['bssid']
4114 params = hs20_ap_params()
4115 params['hessid'] = bssid
4116 hostapd.add_ap(apdev[0], params)
4117
4118 dev[0].hs20_enable()
4119
4120 id = dev[0].add_cred_values({ 'realm': "example.com",
4121 'username': "test",
4122 'password': "secret",
4123 'domain': "example.com",
4124 'eap': 'TTLS' })
4125 interworking_select(dev[0], bssid, "home", freq=2412)
4126 dev[0].remove_cred(id)
4127
4128 id = dev[0].add_cred_values({ 'realm': "foo.com",
4129 'username': "test",
4130 'password': "secret",
4131 'domain': "example.com",
4132 'roaming_consortium': "112234",
4133 'eap': 'TTLS' })
4134 interworking_select(dev[0], bssid, "home", freq=2412, no_match=True)
4135 dev[0].remove_cred(id)
28642616
JM		 4136
4137def test_ap_hs20_cred_and_no_roaming_consortium(dev, apdev):
4138 """Hotspot 2.0 network selection and no roaming consortium"""
4139 bssid = apdev[0]['bssid']
4140 params = hs20_ap_params()
4141 params['hessid'] = bssid
4142 del params['roaming_consortium']
4143 hostapd.add_ap(apdev[0], params)
4144
4145 dev[0].hs20_enable()
4146
4147 id = dev[0].add_cred_values({ 'realm': "example.com",
4148 'username': "test",
4149 'password': "secret",
4150 'domain': "example.com",
4151 'roaming_consortium': "112234",
4152 'eap': 'TTLS' })
4153 interworking_select(dev[0], bssid, "home", freq=2412, no_match=True)
208ebb9d
JM		 4154
4155def test_ap_hs20_interworking_oom(dev, apdev):
4156 """Hotspot 2.0 network selection and OOM"""
4157 bssid = apdev[0]['bssid']
4158 params = hs20_ap_params()
4159 params['hessid'] = bssid
4160 params['nai_realm'] = [ "0,no.match.here;example.com;no.match.here.either,21[2:1][5:7]",
4161 "0,example.com,13[5:6],21[2:4][5:7]",
4162 "0,another.example.com" ]
4163 hostapd.add_ap(apdev[0], params)
4164
4165 dev[0].hs20_enable()
4166
4167 id = dev[0].add_cred_values({ 'realm': "example.com",
4168 'username': "test",
4169 'password': "secret",
4170 'domain': "example.com",
4171 'eap': 'TTLS' })
4172
4173 dev[0].scan_for_bss(bssid, freq="2412")
4174
4175 funcs = [ "wpabuf_alloc;interworking_anqp_send_req",
4176 "anqp_build_req;interworking_anqp_send_req",
4177 "gas_query_req;interworking_anqp_send_req",
4178 "dup_binstr;nai_realm_parse_realm",
4179 "=nai_realm_parse_realm",
4180 "=nai_realm_parse",
4181 "=nai_realm_match" ]
4182 for func in funcs:
4183 with alloc_fail(dev[0], 1, func):
4184 dev[0].request("INTERWORKING_SELECT auto freq=2412")
4185 ev = dev[0].wait_event(["Starting ANQP"], timeout=5)
4186 if ev is None:
4187 raise Exception("ANQP did not start")
4188 wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
1ea75c7c
JM		 4189
4190def test_ap_hs20_anqp_invalid_gas_response(dev, apdev):
4191 """Hotspot 2.0 network selection and invalid GAS response"""
4192 bssid = apdev[0]['bssid']
4193 params = hs20_ap_params()
4194 params['hessid'] = bssid
4195 hapd = hostapd.add_ap(apdev[0], params)
4196
4197 dev[0].scan_for_bss(bssid, freq="2412")
4198 hapd.set("ext_mgmt_frame_handling", "1")
4199
4200 dev[0].hs20_enable()
4201
4202 id = dev[0].add_cred_values({ 'realm': "example.com",
4203 'username': "test",
4204 'password': "secret",
4205 'domain': "example.com",
4206 'roaming_consortium': "112234",
4207 'eap': 'TTLS' })
4208 dev[0].request("INTERWORKING_SELECT freq=2412")
4209
4210 query = gas_rx(hapd)
4211 gas = parse_gas(query['payload'])
4212
4213 logger.info("ANQP: Unexpected Advertisement Protocol in response")
4214 resp = action_response(query)
4215 adv_proto = struct.pack('8B', 108, 6, 127, 0xdd, 0x00, 0x11, 0x22, 0x33)
4216 data = struct.pack('<H', 0)
4217 resp['payload'] = struct.pack('<BBBHH', ACTION_CATEG_PUBLIC,
4218 GAS_INITIAL_RESPONSE,
4219 gas['dialog_token'], 0, 0) + adv_proto + data
4220 send_gas_resp(hapd, resp)
4221
4222 ev = dev[0].wait_event(["ANQP-QUERY-DONE"], timeout=5)
4223 if ev is None:
4224 raise Exception("No ANQP-QUERY-DONE seen")
4225 if "result=INVALID_FRAME" not in ev:
4226 raise Exception("Unexpected result: " + ev)
4227
4228 dev[0].request("INTERWORKING_SELECT freq=2412")
4229
4230 query = gas_rx(hapd)
4231 gas = parse_gas(query['payload'])
4232
4233 logger.info("ANQP: Invalid element length for Info ID 1234")
4234 resp = action_response(query)
4235 adv_proto = struct.pack('BBBB', 108, 2, 127, 0)
4236 elements = struct.pack('<HH', 1234, 1)
4237 data = struct.pack('<H', len(elements)) + elements
4238 resp['payload'] = struct.pack('<BBBHH', ACTION_CATEG_PUBLIC,
4239 GAS_INITIAL_RESPONSE,
4240 gas['dialog_token'], 0, 0) + adv_proto + data
4241 send_gas_resp(hapd, resp)
4242
4243 ev = dev[0].wait_event(["ANQP-QUERY-DONE"], timeout=5)
4244 if ev is None:
4245 raise Exception("No ANQP-QUERY-DONE seen")
4246 if "result=INVALID_FRAME" not in ev:
4247 raise Exception("Unexpected result: " + ev)
4248
4249 with alloc_fail(dev[0], 1, "=anqp_add_extra"):
4250 dev[0].request("INTERWORKING_SELECT freq=2412")
4251
4252 query = gas_rx(hapd)
4253 gas = parse_gas(query['payload'])
4254
4255 resp = action_response(query)
4256 elements = struct.pack('<HHHH', 1, 0, 1, 0)
4257 data = struct.pack('<H', len(elements)) + elements
4258 resp['payload'] = struct.pack('<BBBHH', ACTION_CATEG_PUBLIC,
4259 GAS_INITIAL_RESPONSE,
4260 gas['dialog_token'], 0, 0) + adv_proto + data
4261 send_gas_resp(hapd, resp)
4262
4263 ev = dev[0].wait_event(["ANQP-QUERY-DONE"], timeout=5)
4264 if ev is None:
4265 raise Exception("No ANQP-QUERY-DONE seen")
4266 if "result=SUCCESS" not in ev:
4267 raise Exception("Unexpected result: " + ev)
4268
4269 with alloc_fail(dev[0], 1, "wpabuf_alloc_copy;anqp_add_extra"):
4270 dev[0].request("INTERWORKING_SELECT freq=2412")
4271
4272 query = gas_rx(hapd)
4273 gas = parse_gas(query['payload'])
4274
4275 resp = action_response(query)
4276 elements = struct.pack('<HHHH', 1, 0, 1, 0)
4277 data = struct.pack('<H', len(elements)) + elements
4278 resp['payload'] = struct.pack('<BBBHH', ACTION_CATEG_PUBLIC,
4279 GAS_INITIAL_RESPONSE,
4280 gas['dialog_token'], 0, 0) + adv_proto + data
4281 send_gas_resp(hapd, resp)
4282
4283 ev = dev[0].wait_event(["ANQP-QUERY-DONE"], timeout=5)
4284 if ev is None:
4285 raise Exception("No ANQP-QUERY-DONE seen")
4286 if "result=SUCCESS" not in ev:
4287 raise Exception("Unexpected result: " + ev)
4288
4289 tests = [ struct.pack('<HH', 0xdddd, 0),
4290 struct.pack('<HH3B', 0xdddd, 3, 0x50, 0x6f, 0x9a),
4291 struct.pack('<HH4B', 0xdddd, 4, 0x50, 0x6f, 0x9a, 0),
4292 struct.pack('<HH4B', 0xdddd, 4, 0x11, 0x22, 0x33, 0),
4293 struct.pack('<HHHH', 1, 0, 1, 0) ]
4294 for elements in tests:
4295 dev[0].request("INTERWORKING_SELECT freq=2412")
4296
4297 query = gas_rx(hapd)
4298 gas = parse_gas(query['payload'])
4299
4300 resp = action_response(query)
4301 data = struct.pack('<H', len(elements)) + elements
4302 resp['payload'] = struct.pack('<BBBHH', ACTION_CATEG_PUBLIC,
4303 GAS_INITIAL_RESPONSE,
4304 gas['dialog_token'], 0, 0) + adv_proto + data
4305 send_gas_resp(hapd, resp)
4306
4307 ev = dev[0].wait_event(["ANQP-QUERY-DONE"], timeout=5)
4308 if ev is None:
4309 raise Exception("No ANQP-QUERY-DONE seen")
4310 if "result=SUCCESS" not in ev:
4311 raise Exception("Unexpected result: " + ev)
Unnamed repository; edit this file 'description' to name the repository.