]>
Commit | Line | Data |
---|---|---|
c89d9ebb JM |
1 | # WPA2-Personal tests |
2 | # Copyright (c) 2014, Qualcomm Atheros, Inc. | |
3 | # | |
4 | # This software may be distributed under the terms of the BSD license. | |
5 | # See README for more details. | |
6 | ||
7 | import logging | |
8 | logger = logging.getLogger() | |
138ec97e | 9 | import os |
c89d9ebb JM |
10 | |
11 | import hostapd | |
fb5c8cea | 12 | import hwsim_utils |
c89d9ebb | 13 | |
eaf3f9b1 JM |
14 | def check_mib(dev, vals): |
15 | mib = dev.get_mib() | |
16 | for v in vals: | |
17 | if mib[v[0]] != v[1]: | |
18 | raise Exception("Unexpected {} = {} (expected {})".format(v[0], mib[v[0]], v[1])) | |
19 | ||
c89d9ebb JM |
20 | def test_ap_wpa2_psk(dev, apdev): |
21 | """WPA2-PSK AP with PSK instead of passphrase""" | |
22 | ssid = "test-wpa2-psk" | |
23 | passphrase = 'qwertyuiop' | |
24 | psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6' | |
25 | params = hostapd.wpa2_params(ssid=ssid) | |
26 | params['wpa_psk'] = psk | |
65038313 JM |
27 | hapd = hostapd.add_ap(apdev[0]['ifname'], params) |
28 | key_mgmt = hapd.get_config()['key_mgmt'] | |
29 | if key_mgmt.split(' ')[0] != "WPA-PSK": | |
30 | raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt) | |
c89d9ebb JM |
31 | dev[0].connect(ssid, raw_psk=psk, scan_freq="2412") |
32 | dev[1].connect(ssid, psk=passphrase, scan_freq="2412") | |
33 | ||
de748924 JM |
34 | sig = dev[0].request("SIGNAL_POLL").splitlines() |
35 | pkt = dev[0].request("PKTCNT_POLL").splitlines() | |
36 | if "FREQUENCY=2412" not in sig: | |
37 | raise Exception("Unexpected SIGNAL_POLL value: " + str(sig)) | |
38 | if "TXBAD=0" not in pkt: | |
39 | raise Exception("Unexpected TXBAD value: " + str(pkt)) | |
40 | ||
c89d9ebb JM |
41 | def test_ap_wpa2_psk_file(dev, apdev): |
42 | """WPA2-PSK AP with PSK from a file""" | |
43 | ssid = "test-wpa2-psk" | |
44 | passphrase = 'qwertyuiop' | |
45 | psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6' | |
46 | params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) | |
47 | params['wpa_psk_file'] = 'hostapd.wpa_psk' | |
48 | hostapd.add_ap(apdev[0]['ifname'], params) | |
49 | dev[1].connect(ssid, psk="very secret", scan_freq="2412", wait_connect=False) | |
50 | dev[2].connect(ssid, raw_psk=psk, scan_freq="2412") | |
51 | dev[2].request("REMOVE_NETWORK all") | |
52 | dev[0].connect(ssid, psk="very secret", scan_freq="2412") | |
53 | dev[0].request("REMOVE_NETWORK all") | |
54 | dev[2].connect(ssid, psk="another passphrase for all STAs", scan_freq="2412") | |
55 | dev[0].connect(ssid, psk="another passphrase for all STAs", scan_freq="2412") | |
56 | ev = dev[1].wait_event(["WPA: 4-Way Handshake failed"], timeout=10) | |
57 | if ev is None: | |
58 | raise Exception("Timed out while waiting for failure report") | |
59 | dev[1].request("REMOVE_NETWORK all") | |
fb5c8cea | 60 | |
d1635d97 JM |
61 | def test_ap_wpa2_ptk_rekey(dev, apdev): |
62 | """WPA2-PSK AP and PTK rekey enforced by station""" | |
63 | ssid = "test-wpa2-psk" | |
64 | passphrase = 'qwertyuiop' | |
65 | params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) | |
66 | hostapd.add_ap(apdev[0]['ifname'], params) | |
67 | dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412") | |
68 | ev = dev[0].wait_event(["WPA: Key negotiation completed"]) | |
69 | if ev is None: | |
70 | raise Exception("PTK rekey timed out") | |
71 | hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname']) | |
72 | ||
73 | def test_ap_wpa2_sha256_ptk_rekey(dev, apdev): | |
74 | """WPA2-PSK/SHA256 AKM AP and PTK rekey enforced by station""" | |
75 | ssid = "test-wpa2-psk" | |
76 | passphrase = 'qwertyuiop' | |
77 | params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) | |
78 | params["wpa_key_mgmt"] = "WPA-PSK-SHA256" | |
79 | hostapd.add_ap(apdev[0]['ifname'], params) | |
80 | dev[0].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK-SHA256", | |
81 | wpa_ptk_rekey="1", scan_freq="2412") | |
82 | ev = dev[0].wait_event(["WPA: Key negotiation completed"]) | |
83 | if ev is None: | |
84 | raise Exception("PTK rekey timed out") | |
85 | hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname']) | |
eaf3f9b1 JM |
86 | check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-6"), |
87 | ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-6") ]) | |
d1635d97 | 88 | |
fb5c8cea JM |
89 | def test_ap_wpa_ptk_rekey(dev, apdev): |
90 | """WPA-PSK/TKIP AP and PTK rekey enforced by station""" | |
91 | ssid = "test-wpa-psk" | |
92 | passphrase = 'qwertyuiop' | |
93 | params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase) | |
94 | hostapd.add_ap(apdev[0]['ifname'], params) | |
95 | dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412") | |
96 | ev = dev[0].wait_event(["WPA: Key negotiation completed"]) | |
97 | if ev is None: | |
98 | raise Exception("PTK rekey timed out") | |
99 | hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname']) | |
138ec97e | 100 | |
12124240 JM |
101 | def test_ap_wpa_ccmp(dev, apdev): |
102 | """WPA-PSK/CCMP""" | |
103 | ssid = "test-wpa-psk" | |
104 | passphrase = 'qwertyuiop' | |
105 | params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase) | |
106 | params['wpa_pairwise'] = "CCMP" | |
107 | hostapd.add_ap(apdev[0]['ifname'], params) | |
108 | dev[0].connect(ssid, psk=passphrase, scan_freq="2412") | |
109 | hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname']) | |
eaf3f9b1 JM |
110 | check_mib(dev[0], [ ("dot11RSNAConfigGroupCipherSize", "128"), |
111 | ("dot11RSNAGroupCipherRequested", "00-50-f2-4"), | |
112 | ("dot11RSNAPairwiseCipherRequested", "00-50-f2-4"), | |
113 | ("dot11RSNAAuthenticationSuiteRequested", "00-50-f2-2"), | |
114 | ("dot11RSNAGroupCipherSelected", "00-50-f2-4"), | |
115 | ("dot11RSNAPairwiseCipherSelected", "00-50-f2-4"), | |
116 | ("dot11RSNAAuthenticationSuiteSelected", "00-50-f2-2"), | |
117 | ("dot1xSuppSuppControlledPortStatus", "Authorized") ]) | |
12124240 | 118 | |
138ec97e JM |
119 | def test_ap_wpa2_psk_file(dev, apdev): |
120 | """WPA2-PSK AP with various PSK file error and success cases""" | |
121 | addr0 = dev[0].p2p_dev_addr() | |
122 | addr1 = dev[1].p2p_dev_addr() | |
123 | addr2 = dev[2].p2p_dev_addr() | |
124 | ssid = "psk" | |
125 | pskfile = "/tmp/ap_wpa2_psk_file_errors.psk_file" | |
126 | try: | |
127 | os.remove(pskfile) | |
128 | except: | |
129 | pass | |
130 | ||
131 | params = { "ssid": ssid, "wpa": "2", "wpa_key_mgmt": "WPA-PSK", | |
132 | "rsn_pairwise": "CCMP", "wpa_psk_file": pskfile } | |
133 | ||
134 | try: | |
135 | # missing PSK file | |
136 | hapd = hostapd.add_ap(apdev[0]['ifname'], params, no_enable=True) | |
137 | if "FAIL" not in hapd.request("ENABLE"): | |
138 | raise Exception("Unexpected ENABLE success") | |
139 | hapd.request("DISABLE") | |
140 | ||
141 | # invalid MAC address | |
142 | with open(pskfile, "w") as f: | |
143 | f.write("\n") | |
144 | f.write("foo\n") | |
145 | if "FAIL" not in hapd.request("ENABLE"): | |
146 | raise Exception("Unexpected ENABLE success") | |
147 | hapd.request("DISABLE") | |
148 | ||
149 | # no PSK on line | |
150 | with open(pskfile, "w") as f: | |
151 | f.write("00:11:22:33:44:55\n") | |
152 | if "FAIL" not in hapd.request("ENABLE"): | |
153 | raise Exception("Unexpected ENABLE success") | |
154 | hapd.request("DISABLE") | |
155 | ||
156 | # invalid PSK | |
157 | with open(pskfile, "w") as f: | |
158 | f.write("00:11:22:33:44:55 1234567\n") | |
159 | if "FAIL" not in hapd.request("ENABLE"): | |
160 | raise Exception("Unexpected ENABLE success") | |
161 | hapd.request("DISABLE") | |
162 | ||
163 | # valid PSK file | |
164 | with open(pskfile, "w") as f: | |
165 | f.write("00:11:22:33:44:55 12345678\n") | |
166 | f.write(addr0 + " 123456789\n") | |
167 | f.write(addr1 + " 123456789a\n") | |
168 | f.write(addr2 + " 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\n") | |
169 | if "FAIL" in hapd.request("ENABLE"): | |
170 | raise Exception("Unexpected ENABLE failure") | |
171 | ||
172 | dev[0].connect(ssid, psk="123456789", scan_freq="2412") | |
173 | dev[1].connect(ssid, psk="123456789a", scan_freq="2412") | |
174 | dev[2].connect(ssid, raw_psk="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef", scan_freq="2412") | |
175 | ||
176 | finally: | |
177 | try: | |
178 | os.remove(pskfile) | |
179 | except: | |
180 | pass |