]> git.ipfire.org Git - thirdparty/hostap.git/blame - tests/hwsim/test_ap_wps.py
projects / thirdparty / hostap.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
WPS: Testing mechanism to force auth/encr type flags
[thirdparty/hostap.git] / tests / hwsim / test_ap_wps.py
CommitLineData
302b7a1b 1# WPS tests
a1eabc74 2# Copyright (c) 2013-2015, Jouni Malinen <j@w1.fi>
302b7a1b
JM		 3#
4# This software may be distributed under the terms of the BSD license.
5# See README for more details.
6
6aaa661a 7import base64
476daa05 8import binascii
7511ead0
JM		 9from Crypto.Cipher import AES
10import hashlib
11import hmac
2035b170 12import os
302b7a1b 13import time
2602a2ff 14import stat
302b7a1b
JM		 15import subprocess
16import logging
c9aa4308 17logger = logging.getLogger()
1013a576 18import re
44ff0400 19import socket
7511ead0 20import struct
47c549fd
JM		 21import httplib
22import urlparse
23import urllib
24import xml.etree.ElementTree as ET
25import StringIO
c965ae03 26import SocketServer
302b7a1b
JM		 27
28import hwsim_utils
29import hostapd
1531402e 30from wpasupplicant import WpaSupplicant
c965ae03 31from utils import HwsimSkip, alloc_fail, fail_test, skip_with_fips
302b7a1b 32
24b7f282
JM		 33def wps_start_ap(apdev, ssid="test-wps-conf"):
34 params = { "ssid": ssid, "eap_server": "1", "wps_state": "2",
35 "wpa_passphrase": "12345678", "wpa": "2",
36 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP" }
37 return hostapd.add_ap(apdev['ifname'], params)
38
ae3ad328 39def test_ap_wps_init(dev, apdev):
302b7a1b
JM		 40 """Initial AP configuration with first WPS Enrollee"""
41 ssid = "test-wps"
ae3ad328 42 hostapd.add_ap(apdev[0]['ifname'],
302b7a1b 43 { "ssid": ssid, "eap_server": "1", "wps_state": "1" })
ae3ad328 44 hapd = hostapd.Hostapd(apdev[0]['ifname'])
302b7a1b
JM		 45 logger.info("WPS provisioning step")
46 hapd.request("WPS_PBC")
d671a420
JM		 47 if "PBC Status: Active" not in hapd.request("WPS_GET_STATUS"):
48 raise Exception("PBC status not shown correctly")
b9018833
JM		 49
50 id = dev[0].add_network()
51 dev[0].set_network_quoted(id, "ssid", "home")
52 dev[0].set_network_quoted(id, "psk", "12345678")
53 dev[0].request("ENABLE_NETWORK %s no-connect" % id)
54
55 id = dev[0].add_network()
56 dev[0].set_network_quoted(id, "ssid", "home2")
57 dev[0].set_network(id, "bssid", "00:11:22:33:44:55")
58 dev[0].set_network(id, "key_mgmt", "NONE")
59 dev[0].request("ENABLE_NETWORK %s no-connect" % id)
60
302b7a1b 61 dev[0].request("WPS_PBC")
5f35a5e2 62 dev[0].wait_connected(timeout=30)
302b7a1b 63 status = dev[0].get_status()
ae3ad328 64 if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
302b7a1b
JM		 65 raise Exception("Not fully connected")
66 if status['ssid'] != ssid:
67 raise Exception("Unexpected SSID")
68 if status['pairwise_cipher'] != 'CCMP':
69 raise Exception("Unexpected encryption configuration")
70 if status['key_mgmt'] != 'WPA2-PSK':
71 raise Exception("Unexpected key_mgmt")
72
d671a420
JM		 73 status = hapd.request("WPS_GET_STATUS")
74 if "PBC Status: Disabled" not in status:
75 raise Exception("PBC status not shown correctly")
76 if "Last WPS result: Success" not in status:
77 raise Exception("Last WPS result not shown correctly")
78 if "Peer Address: " + dev[0].p2p_interface_addr() not in status:
79 raise Exception("Peer address not shown correctly")
75b25ece
JM		 80 conf = hapd.request("GET_CONFIG")
81 if "wps_state=configured" not in conf:
82 raise Exception("AP not in WPS configured state")
742408af
JM		 83 if "wpa=3" not in conf:
84 raise Exception("AP not in WPA+WPA2 configuration")
75b25ece
JM		 85 if "rsn_pairwise_cipher=CCMP TKIP" not in conf:
86 raise Exception("Unexpected rsn_pairwise_cipher")
87 if "wpa_pairwise_cipher=CCMP TKIP" not in conf:
88 raise Exception("Unexpected wpa_pairwise_cipher")
89 if "group_cipher=TKIP" not in conf:
90 raise Exception("Unexpected group_cipher")
d671a420 91
b9018833
JM		 92 if len(dev[0].list_networks()) != 3:
93 raise Exception("Unexpected number of network blocks")
94
18030dc0
JM		 95def test_ap_wps_init_2ap_pbc(dev, apdev):
96 """Initial two-radio AP configuration with first WPS PBC Enrollee"""
97 ssid = "test-wps"
98 params = { "ssid": ssid, "eap_server": "1", "wps_state": "1" }
99 hostapd.add_ap(apdev[0]['ifname'], params)
100 hostapd.add_ap(apdev[1]['ifname'], params)
101 hapd = hostapd.Hostapd(apdev[0]['ifname'])
102 logger.info("WPS provisioning step")
103 hapd.request("WPS_PBC")
84a40841
JM		 104 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True)
105 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
18030dc0
JM		 106 bss = dev[0].get_bss(apdev[0]['bssid'])
107 if "[WPS-PBC]" not in bss['flags']:
108 raise Exception("WPS-PBC flag missing from AP1")
109 bss = dev[0].get_bss(apdev[1]['bssid'])
110 if "[WPS-PBC]" not in bss['flags']:
111 raise Exception("WPS-PBC flag missing from AP2")
112 dev[0].dump_monitor()
f19d87f1 113 dev[0].request("SET wps_cred_processing 2")
18030dc0 114 dev[0].request("WPS_PBC")
f19d87f1
JM		 115 ev = dev[0].wait_event(["WPS-CRED-RECEIVED"], timeout=30)
116 dev[0].request("SET wps_cred_processing 0")
117 if ev is None:
118 raise Exception("WPS cred event not seen")
119 if "100e" not in ev:
120 raise Exception("WPS attributes not included in the cred event")
5f35a5e2 121 dev[0].wait_connected(timeout=30)
18030dc0 122
84a40841
JM		 123 dev[1].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True)
124 dev[1].scan_for_bss(apdev[1]['bssid'], freq="2412")
18030dc0
JM		 125 bss = dev[1].get_bss(apdev[0]['bssid'])
126 if "[WPS-PBC]" in bss['flags']:
127 raise Exception("WPS-PBC flag not cleared from AP1")
128 bss = dev[1].get_bss(apdev[1]['bssid'])
129 if "[WPS-PBC]" in bss['flags']:
0bde923c 130 raise Exception("WPS-PBC flag not cleared from AP2")
18030dc0
JM		 131
132def test_ap_wps_init_2ap_pin(dev, apdev):
133 """Initial two-radio AP configuration with first WPS PIN Enrollee"""
134 ssid = "test-wps"
135 params = { "ssid": ssid, "eap_server": "1", "wps_state": "1" }
136 hostapd.add_ap(apdev[0]['ifname'], params)
137 hostapd.add_ap(apdev[1]['ifname'], params)
138 hapd = hostapd.Hostapd(apdev[0]['ifname'])
139 logger.info("WPS provisioning step")
140 pin = dev[0].wps_read_pin()
141 hapd.request("WPS_PIN any " + pin)
84a40841
JM		 142 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True)
143 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
18030dc0
JM		 144 bss = dev[0].get_bss(apdev[0]['bssid'])
145 if "[WPS-AUTH]" not in bss['flags']:
146 raise Exception("WPS-AUTH flag missing from AP1")
147 bss = dev[0].get_bss(apdev[1]['bssid'])
148 if "[WPS-AUTH]" not in bss['flags']:
149 raise Exception("WPS-AUTH flag missing from AP2")
150 dev[0].dump_monitor()
151 dev[0].request("WPS_PIN any " + pin)
5f35a5e2 152 dev[0].wait_connected(timeout=30)
18030dc0 153
84a40841
JM		 154 dev[1].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True)
155 dev[1].scan_for_bss(apdev[1]['bssid'], freq="2412")
18030dc0
JM		 156 bss = dev[1].get_bss(apdev[0]['bssid'])
157 if "[WPS-AUTH]" in bss['flags']:
158 raise Exception("WPS-AUTH flag not cleared from AP1")
159 bss = dev[1].get_bss(apdev[1]['bssid'])
160 if "[WPS-AUTH]" in bss['flags']:
0bde923c 161 raise Exception("WPS-AUTH flag not cleared from AP2")
18030dc0 162
35831e94
JM		 163def test_ap_wps_init_through_wps_config(dev, apdev):
164 """Initial AP configuration using wps_config command"""
165 ssid = "test-wps-init-config"
166 hostapd.add_ap(apdev[0]['ifname'],
167 { "ssid": ssid, "eap_server": "1", "wps_state": "1" })
168 hapd = hostapd.Hostapd(apdev[0]['ifname'])
169 if "FAIL" in hapd.request("WPS_CONFIG " + ssid.encode("hex") + " WPA2PSK CCMP " + "12345678".encode("hex")):
170 raise Exception("WPS_CONFIG command failed")
180cd73d
JM		 171 ev = hapd.wait_event(["WPS-NEW-AP-SETTINGS"], timeout=5)
172 if ev is None:
173 raise Exception("Timeout on WPS-NEW-AP-SETTINGS events")
174 # It takes some time for the AP to update Beacon and Probe Response frames,
175 # so wait here before requesting the scan to be started to avoid adding
176 # extra five second wait to the test due to fetching obsolete scan results.
177 hapd.ping()
178 time.sleep(0.2)
35831e94
JM		 179 dev[0].connect(ssid, psk="12345678", scan_freq="2412", proto="WPA2",
180 pairwise="CCMP", group="CCMP")
181
fbf6b717
JM		 182def test_ap_wps_init_through_wps_config_2(dev, apdev):
183 """AP configuration using wps_config and wps_cred_processing=2"""
184 ssid = "test-wps-init-config"
185 hostapd.add_ap(apdev[0]['ifname'],
186 { "ssid": ssid, "eap_server": "1", "wps_state": "1",
187 "wps_cred_processing": "2" })
188 hapd = hostapd.Hostapd(apdev[0]['ifname'])
189 if "FAIL" in hapd.request("WPS_CONFIG " + ssid.encode("hex") + " WPA2PSK CCMP " + "12345678".encode("hex")):
190 raise Exception("WPS_CONFIG command failed")
191 ev = hapd.wait_event(["WPS-NEW-AP-SETTINGS"], timeout=5)
192 if ev is None:
193 raise Exception("Timeout on WPS-NEW-AP-SETTINGS events")
194 if "100e" not in ev:
195 raise Exception("WPS-NEW-AP-SETTINGS did not include Credential")
196
e1eb0e9e
JM		 197def test_ap_wps_invalid_wps_config_passphrase(dev, apdev):
198 """AP configuration using wps_config command with invalid passphrase"""
199 ssid = "test-wps-init-config"
200 hostapd.add_ap(apdev[0]['ifname'],
201 { "ssid": ssid, "eap_server": "1", "wps_state": "1" })
202 hapd = hostapd.Hostapd(apdev[0]['ifname'])
203 if "FAIL" not in hapd.request("WPS_CONFIG " + ssid.encode("hex") + " WPA2PSK CCMP " + "1234567".encode("hex")):
204 raise Exception("Invalid WPS_CONFIG command accepted")
205
ae3ad328 206def test_ap_wps_conf(dev, apdev):
302b7a1b
JM		 207 """WPS PBC provisioning with configured AP"""
208 ssid = "test-wps-conf"
ae3ad328 209 hostapd.add_ap(apdev[0]['ifname'],
302b7a1b
JM		 210 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
211 "wpa_passphrase": "12345678", "wpa": "2",
212 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
ae3ad328 213 hapd = hostapd.Hostapd(apdev[0]['ifname'])
302b7a1b
JM		 214 logger.info("WPS provisioning step")
215 hapd.request("WPS_PBC")
33d0b157 216 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
302b7a1b 217 dev[0].dump_monitor()
33d0b157 218 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
5f35a5e2 219 dev[0].wait_connected(timeout=30)
302b7a1b 220 status = dev[0].get_status()
ae3ad328 221 if status['wpa_state'] != 'COMPLETED':
302b7a1b 222 raise Exception("Not fully connected")
ae3ad328
JM		 223 if status['bssid'] != apdev[0]['bssid']:
224 raise Exception("Unexpected BSSID")
302b7a1b
JM		 225 if status['ssid'] != ssid:
226 raise Exception("Unexpected SSID")
227 if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'CCMP':
228 raise Exception("Unexpected encryption configuration")
229 if status['key_mgmt'] != 'WPA2-PSK':
230 raise Exception("Unexpected key_mgmt")
231
097cd9cd
JM		 232 sta = hapd.get_sta(dev[0].p2p_interface_addr())
233 if 'wpsDeviceName' not in sta or sta['wpsDeviceName'] != "Device A":
234 raise Exception("Device name not available in STA command")
235
daad14cc
JM		 236def test_ap_wps_conf_5ghz(dev, apdev):
237 """WPS PBC provisioning with configured AP on 5 GHz band"""
238 try:
9d7fdac5 239 hapd = None
daad14cc
JM		 240 ssid = "test-wps-conf"
241 params = { "ssid": ssid, "eap_server": "1", "wps_state": "2",
242 "wpa_passphrase": "12345678", "wpa": "2",
243 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
244 "country_code": "FI", "hw_mode": "a", "channel": "36" }
245 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
246 logger.info("WPS provisioning step")
247 hapd.request("WPS_PBC")
33d0b157
JM		 248 dev[0].scan_for_bss(apdev[0]['bssid'], freq="5180")
249 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
5f35a5e2 250 dev[0].wait_connected(timeout=30)
daad14cc
JM		 251
252 sta = hapd.get_sta(dev[0].p2p_interface_addr())
253 if 'wpsDeviceName' not in sta or sta['wpsDeviceName'] != "Device A":
254 raise Exception("Device name not available in STA command")
255 finally:
9d7fdac5
JM		 256 dev[0].request("DISCONNECT")
257 if hapd:
258 hapd.request("DISABLE")
c4668009 259 subprocess.call(['iw', 'reg', 'set', '00'])
9d7fdac5 260 dev[0].flush_scan_cache()
daad14cc
JM		 261
262def test_ap_wps_conf_chan14(dev, apdev):
263 """WPS PBC provisioning with configured AP on channel 14"""
264 try:
9d7fdac5 265 hapd = None
daad14cc
JM		 266 ssid = "test-wps-conf"
267 params = { "ssid": ssid, "eap_server": "1", "wps_state": "2",
268 "wpa_passphrase": "12345678", "wpa": "2",
269 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
270 "country_code": "JP", "hw_mode": "b", "channel": "14" }
271 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
272 logger.info("WPS provisioning step")
273 hapd.request("WPS_PBC")
274 dev[0].request("WPS_PBC")
5f35a5e2 275 dev[0].wait_connected(timeout=30)
daad14cc
JM		 276
277 sta = hapd.get_sta(dev[0].p2p_interface_addr())
278 if 'wpsDeviceName' not in sta or sta['wpsDeviceName'] != "Device A":
279 raise Exception("Device name not available in STA command")
280 finally:
9d7fdac5
JM		 281 dev[0].request("DISCONNECT")
282 if hapd:
283 hapd.request("DISABLE")
c4668009 284 subprocess.call(['iw', 'reg', 'set', '00'])
9d7fdac5 285 dev[0].flush_scan_cache()
daad14cc 286
04e62788
JM		 287def test_ap_wps_twice(dev, apdev):
288 """WPS provisioning with twice to change passphrase"""
289 ssid = "test-wps-twice"
290 params = { "ssid": ssid, "eap_server": "1", "wps_state": "2",
291 "wpa_passphrase": "12345678", "wpa": "2",
292 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP" }
293 hostapd.add_ap(apdev[0]['ifname'], params)
294 hapd = hostapd.Hostapd(apdev[0]['ifname'])
295 logger.info("WPS provisioning step")
296 hapd.request("WPS_PBC")
33d0b157 297 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
04e62788 298 dev[0].dump_monitor()
33d0b157 299 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
5f35a5e2 300 dev[0].wait_connected(timeout=30)
04e62788
JM		 301 dev[0].request("DISCONNECT")
302
303 logger.info("Restart AP with different passphrase and re-run WPS")
304 hapd_global = hostapd.HostapdGlobal()
305 hapd_global.remove(apdev[0]['ifname'])
306 params['wpa_passphrase'] = 'another passphrase'
307 hostapd.add_ap(apdev[0]['ifname'], params)
308 hapd = hostapd.Hostapd(apdev[0]['ifname'])
309 logger.info("WPS provisioning step")
310 hapd.request("WPS_PBC")
311 dev[0].dump_monitor()
33d0b157 312 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
5f35a5e2 313 dev[0].wait_connected(timeout=30)
04e62788
JM		 314 networks = dev[0].list_networks()
315 if len(networks) > 1:
316 raise Exception("Unexpected duplicated network block present")
317
d658205a
JM		 318def test_ap_wps_incorrect_pin(dev, apdev):
319 """WPS PIN provisioning with incorrect PIN"""
320 ssid = "test-wps-incorrect-pin"
321 hostapd.add_ap(apdev[0]['ifname'],
322 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
323 "wpa_passphrase": "12345678", "wpa": "2",
324 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
325 hapd = hostapd.Hostapd(apdev[0]['ifname'])
326
327 logger.info("WPS provisioning attempt 1")
328 hapd.request("WPS_PIN any 12345670")
33d0b157 329 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
d658205a 330 dev[0].dump_monitor()
33d0b157 331 dev[0].request("WPS_PIN %s 55554444" % apdev[0]['bssid'])
d658205a
JM		 332 ev = dev[0].wait_event(["WPS-FAIL"], timeout=30)
333 if ev is None:
334 raise Exception("WPS operation timed out")
335 if "config_error=18" not in ev:
336 raise Exception("Incorrect config_error reported")
337 if "msg=8" not in ev:
338 raise Exception("PIN error detected on incorrect message")
5f35a5e2 339 dev[0].wait_disconnected(timeout=10)
d658205a
JM		 340 dev[0].request("WPS_CANCEL")
341 # if a scan was in progress, wait for it to complete before trying WPS again
342 ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
343
d671a420
JM		 344 status = hapd.request("WPS_GET_STATUS")
345 if "Last WPS result: Failed" not in status:
346 raise Exception("WPS failure result not shown correctly")
347
d658205a
JM		 348 logger.info("WPS provisioning attempt 2")
349 hapd.request("WPS_PIN any 12345670")
350 dev[0].dump_monitor()
33d0b157 351 dev[0].request("WPS_PIN %s 12344444" % apdev[0]['bssid'])
d658205a
JM		 352 ev = dev[0].wait_event(["WPS-FAIL"], timeout=30)
353 if ev is None:
354 raise Exception("WPS operation timed out")
355 if "config_error=18" not in ev:
356 raise Exception("Incorrect config_error reported")
357 if "msg=10" not in ev:
358 raise Exception("PIN error detected on incorrect message")
5f35a5e2 359 dev[0].wait_disconnected(timeout=10)
d658205a 360
ae3ad328 361def test_ap_wps_conf_pin(dev, apdev):
302b7a1b
JM		 362 """WPS PIN provisioning with configured AP"""
363 ssid = "test-wps-conf-pin"
ae3ad328 364 hostapd.add_ap(apdev[0]['ifname'],
302b7a1b
JM		 365 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
366 "wpa_passphrase": "12345678", "wpa": "2",
367 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
ae3ad328 368 hapd = hostapd.Hostapd(apdev[0]['ifname'])
302b7a1b
JM		 369 logger.info("WPS provisioning step")
370 pin = dev[0].wps_read_pin()
371 hapd.request("WPS_PIN any " + pin)
33d0b157 372 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
302b7a1b 373 dev[0].dump_monitor()
33d0b157 374 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
5f35a5e2 375 dev[0].wait_connected(timeout=30)
302b7a1b 376 status = dev[0].get_status()
ae3ad328 377 if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
302b7a1b
JM		 378 raise Exception("Not fully connected")
379 if status['ssid'] != ssid:
380 raise Exception("Unexpected SSID")
381 if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'CCMP':
382 raise Exception("Unexpected encryption configuration")
383 if status['key_mgmt'] != 'WPA2-PSK':
384 raise Exception("Unexpected key_mgmt")
385
84a40841 386 dev[1].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True)
362ba6de
JM		 387 bss = dev[1].get_bss(apdev[0]['bssid'])
388 if "[WPS-AUTH]" in bss['flags']:
389 raise Exception("WPS-AUTH flag not cleared")
a60a6d6b 390 logger.info("Try to connect from another station using the same PIN")
33d0b157 391 pin = dev[1].request("WPS_PIN " + apdev[0]['bssid'])
a60a6d6b
JM		 392 ev = dev[1].wait_event(["WPS-M2D","CTRL-EVENT-CONNECTED"], timeout=30)
393 if ev is None:
394 raise Exception("Operation timed out")
395 if "WPS-M2D" not in ev:
396 raise Exception("Unexpected WPS operation started")
6e12eaa4 397 hapd.request("WPS_PIN any " + pin)
5f35a5e2 398 dev[1].wait_connected(timeout=30)
362ba6de 399
6257f9c0
JM		 400def test_ap_wps_conf_pin_v1(dev, apdev):
401 """WPS PIN provisioning with configured WPS v1.0 AP"""
402 ssid = "test-wps-conf-pin-v1"
403 hostapd.add_ap(apdev[0]['ifname'],
404 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
405 "wpa_passphrase": "12345678", "wpa": "2",
406 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
407 hapd = hostapd.Hostapd(apdev[0]['ifname'])
408 logger.info("WPS provisioning step")
409 pin = dev[0].wps_read_pin()
410 hapd.request("SET wps_version_number 0x10")
411 hapd.request("WPS_PIN any " + pin)
412 found = False
413 for i in range(0, 10):
414 dev[0].scan(freq="2412")
415 if "[WPS-PIN]" in dev[0].request("SCAN_RESULTS"):
416 found = True
417 break
418 if not found:
419 hapd.request("SET wps_version_number 0x20")
420 raise Exception("WPS-PIN flag not seen in scan results")
421 dev[0].dump_monitor()
33d0b157 422 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
5f35a5e2 423 dev[0].wait_connected(timeout=30)
6257f9c0 424 hapd.request("SET wps_version_number 0x20")
6257f9c0 425
e9129860
JM		 426def test_ap_wps_conf_pin_2sta(dev, apdev):
427 """Two stations trying to use WPS PIN at the same time"""
428 ssid = "test-wps-conf-pin2"
429 hostapd.add_ap(apdev[0]['ifname'],
430 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
431 "wpa_passphrase": "12345678", "wpa": "2",
432 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
433 hapd = hostapd.Hostapd(apdev[0]['ifname'])
434 logger.info("WPS provisioning step")
435 pin = "12345670"
436 pin2 = "55554444"
437 hapd.request("WPS_PIN " + dev[0].get_status_field("uuid") + " " + pin)
438 hapd.request("WPS_PIN " + dev[1].get_status_field("uuid") + " " + pin)
e9129860 439 dev[0].dump_monitor()
e9129860 440 dev[1].dump_monitor()
33d0b157
JM		 441 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
442 dev[1].scan_for_bss(apdev[0]['bssid'], freq="2412")
443 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
444 dev[1].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
5f35a5e2
JM		 445 dev[0].wait_connected(timeout=30)
446 dev[1].wait_connected(timeout=30)
0489e880
JM		 447
448def test_ap_wps_conf_pin_timeout(dev, apdev):
449 """WPS PIN provisioning with configured AP timing out PIN"""
450 ssid = "test-wps-conf-pin"
451 hostapd.add_ap(apdev[0]['ifname'],
452 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
453 "wpa_passphrase": "12345678", "wpa": "2",
454 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
455 hapd = hostapd.Hostapd(apdev[0]['ifname'])
456 addr = dev[0].p2p_interface_addr()
457 pin = dev[0].wps_read_pin()
458 if "FAIL" not in hapd.request("WPS_PIN "):
459 raise Exception("Unexpected success on invalid WPS_PIN")
460 hapd.request("WPS_PIN any " + pin + " 1")
33d0b157 461 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
0489e880 462 time.sleep(1.1)
33d0b157 463 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
0489e880
JM		 464 ev = hapd.wait_event(["WPS-PIN-NEEDED"], timeout=20)
465 if ev is None:
466 raise Exception("WPS-PIN-NEEDED event timed out")
467 ev = dev[0].wait_event(["WPS-M2D"])
468 if ev is None:
469 raise Exception("M2D not reported")
470 dev[0].request("WPS_CANCEL")
471
472 hapd.request("WPS_PIN any " + pin + " 20 " + addr)
33d0b157 473 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
5f35a5e2 474 dev[0].wait_connected(timeout=30)
e9129860 475
ae3ad328 476def test_ap_wps_reg_connect(dev, apdev):
302b7a1b 477 """WPS registrar using AP PIN to connect"""
803edd1c 478 ssid = "test-wps-reg-ap-pin"
302b7a1b 479 appin = "12345670"
ae3ad328 480 hostapd.add_ap(apdev[0]['ifname'],
302b7a1b
JM		 481 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
482 "wpa_passphrase": "12345678", "wpa": "2",
483 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
484 "ap_pin": appin})
485 logger.info("WPS provisioning step")
302b7a1b 486 dev[0].dump_monitor()
33d0b157 487 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
6edaee9c 488 dev[0].wps_reg(apdev[0]['bssid'], appin)
302b7a1b 489 status = dev[0].get_status()
ae3ad328 490 if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
302b7a1b
JM		 491 raise Exception("Not fully connected")
492 if status['ssid'] != ssid:
493 raise Exception("Unexpected SSID")
494 if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'CCMP':
495 raise Exception("Unexpected encryption configuration")
496 if status['key_mgmt'] != 'WPA2-PSK':
497 raise Exception("Unexpected key_mgmt")
498
e60be3b3
JM		 499def test_ap_wps_reg_connect_mixed_mode(dev, apdev):
500 """WPS registrar using AP PIN to connect (WPA+WPA2)"""
501 ssid = "test-wps-reg-ap-pin"
502 appin = "12345670"
503 hostapd.add_ap(apdev[0]['ifname'],
504 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
505 "wpa_passphrase": "12345678", "wpa": "3",
506 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
507 "wpa_pairwise": "TKIP", "ap_pin": appin})
508 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
509 dev[0].wps_reg(apdev[0]['bssid'], appin)
510 status = dev[0].get_status()
511 if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
512 raise Exception("Not fully connected")
513 if status['ssid'] != ssid:
514 raise Exception("Unexpected SSID")
515 if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'TKIP':
516 raise Exception("Unexpected encryption configuration")
517 if status['key_mgmt'] != 'WPA2-PSK':
518 raise Exception("Unexpected key_mgmt")
519
7511ead0
JM		 520def test_ap_wps_reg_override_ap_settings(dev, apdev):
521 """WPS registrar and ap_settings override"""
522 ap_settings = "/tmp/ap_wps_reg_override_ap_settings"
523 try:
524 os.remove(ap_settings)
525 except:
526 pass
527 # Override AP Settings with values that point to another AP
528 data = build_wsc_attr(ATTR_NETWORK_INDEX, '\x01')
529 data += build_wsc_attr(ATTR_SSID, "test")
530 data += build_wsc_attr(ATTR_AUTH_TYPE, '\x00\x01')
531 data += build_wsc_attr(ATTR_ENCR_TYPE, '\x00\x01')
532 data += build_wsc_attr(ATTR_NETWORK_KEY, '')
533 data += build_wsc_attr(ATTR_MAC_ADDR, binascii.unhexlify(apdev[1]['bssid'].replace(':', '')))
534 with open(ap_settings, "w") as f:
535 f.write(data)
536 ssid = "test-wps-reg-ap-pin"
537 appin = "12345670"
538 hostapd.add_ap(apdev[0]['ifname'],
539 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
540 "wpa_passphrase": "12345678", "wpa": "2",
541 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
542 "ap_pin": appin, "ap_settings": ap_settings })
543 hapd2 = hostapd.add_ap(apdev[1]['ifname'], { "ssid": "test" })
544 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
545 dev[0].scan_for_bss(apdev[1]['bssid'], freq=2412)
546 dev[0].wps_reg(apdev[0]['bssid'], appin)
547 ev = hapd2.wait_event(['AP-STA-CONNECTED'], timeout=10)
548 os.remove(ap_settings)
549 if ev is None:
550 raise Exception("No connection with the other AP")
551
9488858f
JM		 552def check_wps_reg_failure(dev, ap, appin):
553 dev.request("WPS_REG " + ap['bssid'] + " " + appin)
554 ev = dev.wait_event(["WPS-SUCCESS", "WPS-FAIL"], timeout=15)
555 if ev is None:
556 raise Exception("WPS operation timed out")
557 if "WPS-SUCCESS" in ev:
558 raise Exception("WPS operation succeeded unexpectedly")
559 if "config_error=15" not in ev:
560 raise Exception("WPS setup locked state was not reported correctly")
561
e4357b19
JM		 562def test_ap_wps_random_ap_pin(dev, apdev):
563 """WPS registrar using random AP PIN"""
564 ssid = "test-wps-reg-random-ap-pin"
565 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
566 hostapd.add_ap(apdev[0]['ifname'],
567 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
568 "wpa_passphrase": "12345678", "wpa": "2",
569 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
570 "device_name": "Wireless AP", "manufacturer": "Company",
571 "model_name": "WAP", "model_number": "123",
572 "serial_number": "12345", "device_type": "6-0050F204-1",
573 "os_version": "01020300",
574 "config_methods": "label push_button",
575 "uuid": ap_uuid, "upnp_iface": "lo" })
576 hapd = hostapd.Hostapd(apdev[0]['ifname'])
577 appin = hapd.request("WPS_AP_PIN random")
578 if "FAIL" in appin:
579 raise Exception("Could not generate random AP PIN")
580 if appin not in hapd.request("WPS_AP_PIN get"):
581 raise Exception("Could not fetch current AP PIN")
582 logger.info("WPS provisioning step")
33d0b157 583 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
e4357b19
JM		 584 dev[0].wps_reg(apdev[0]['bssid'], appin)
585
586 hapd.request("WPS_AP_PIN disable")
587 logger.info("WPS provisioning step with AP PIN disabled")
33d0b157 588 dev[1].scan_for_bss(apdev[0]['bssid'], freq=2412)
9488858f
JM		 589 check_wps_reg_failure(dev[1], apdev[0], appin)
590
591 logger.info("WPS provisioning step with AP PIN reset")
592 appin = "12345670"
593 hapd.request("WPS_AP_PIN set " + appin)
594 dev[1].wps_reg(apdev[0]['bssid'], appin)
595 dev[0].request("REMOVE_NETWORK all")
596 dev[1].request("REMOVE_NETWORK all")
5f35a5e2
JM		 597 dev[0].wait_disconnected(timeout=10)
598 dev[1].wait_disconnected(timeout=10)
9488858f
JM		 599
600 logger.info("WPS provisioning step after AP PIN timeout")
601 hapd.request("WPS_AP_PIN disable")
602 appin = hapd.request("WPS_AP_PIN random 1")
603 time.sleep(1.1)
604 if "FAIL" not in hapd.request("WPS_AP_PIN get"):
605 raise Exception("AP PIN unexpectedly still enabled")
606 check_wps_reg_failure(dev[0], apdev[0], appin)
607
608 logger.info("WPS provisioning step after AP PIN timeout(2)")
609 hapd.request("WPS_AP_PIN disable")
610 appin = "12345670"
611 hapd.request("WPS_AP_PIN set " + appin + " 1")
612 time.sleep(1.1)
613 if "FAIL" not in hapd.request("WPS_AP_PIN get"):
614 raise Exception("AP PIN unexpectedly still enabled")
615 check_wps_reg_failure(dev[1], apdev[0], appin)
e4357b19 616
24b7f282
JM		 617 with fail_test(hapd, 1, "os_get_random;wps_generate_pin"):
618 if "FAIL" in hapd.request("WPS_AP_PIN random 1"):
619 raise Exception("Failed to generate PIN during OOM")
620 hapd.request("WPS_AP_PIN disable")
621
622 with alloc_fail(hapd, 1, "upnp_wps_set_ap_pin"):
623 hapd.request("WPS_AP_PIN set 12345670")
624 hapd.request("WPS_AP_PIN disable")
625
ae3ad328 626def test_ap_wps_reg_config(dev, apdev):
4b727c5c 627 """WPS registrar configuring an AP using AP PIN"""
302b7a1b
JM		 628 ssid = "test-wps-init-ap-pin"
629 appin = "12345670"
ae3ad328 630 hostapd.add_ap(apdev[0]['ifname'],
302b7a1b
JM		 631 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
632 "ap_pin": appin})
633 logger.info("WPS configuration step")
33d0b157 634 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
302b7a1b
JM		 635 dev[0].dump_monitor()
636 new_ssid = "wps-new-ssid"
637 new_passphrase = "1234567890"
6edaee9c
JM		 638 dev[0].wps_reg(apdev[0]['bssid'], appin, new_ssid, "WPA2PSK", "CCMP",
639 new_passphrase)
302b7a1b 640 status = dev[0].get_status()
ae3ad328 641 if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
302b7a1b
JM		 642 raise Exception("Not fully connected")
643 if status['ssid'] != new_ssid:
644 raise Exception("Unexpected SSID")
645 if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'CCMP':
646 raise Exception("Unexpected encryption configuration")
647 if status['key_mgmt'] != 'WPA2-PSK':
648 raise Exception("Unexpected key_mgmt")
649
375afd7c
JM		 650 logger.info("Re-configure back to open")
651 dev[0].request("REMOVE_NETWORK all")
243dcc4a 652 dev[0].flush_scan_cache()
375afd7c
JM		 653 dev[0].dump_monitor()
654 dev[0].wps_reg(apdev[0]['bssid'], appin, "wps-open", "OPEN", "NONE", "")
655 status = dev[0].get_status()
656 if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
657 raise Exception("Not fully connected")
658 if status['ssid'] != "wps-open":
659 raise Exception("Unexpected SSID")
660 if status['key_mgmt'] != 'NONE':
661 raise Exception("Unexpected key_mgmt")
662
4b727c5c
JM		 663def test_ap_wps_reg_config_ext_processing(dev, apdev):
664 """WPS registrar configuring an AP with external config processing"""
665 ssid = "test-wps-init-ap-pin"
666 appin = "12345670"
667 params = { "ssid": ssid, "eap_server": "1", "wps_state": "2",
668 "wps_cred_processing": "1", "ap_pin": appin}
669 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
33d0b157 670 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
4b727c5c
JM		 671 new_ssid = "wps-new-ssid"
672 new_passphrase = "1234567890"
673 dev[0].wps_reg(apdev[0]['bssid'], appin, new_ssid, "WPA2PSK", "CCMP",
674 new_passphrase, no_wait=True)
675 ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15)
676 if ev is None:
677 raise Exception("WPS registrar operation timed out")
678 ev = hapd.wait_event(["WPS-NEW-AP-SETTINGS"], timeout=15)
679 if ev is None:
680 raise Exception("WPS configuration timed out")
681 if "1026" not in ev:
682 raise Exception("AP Settings missing from event")
683 hapd.request("SET wps_cred_processing 0")
684 if "FAIL" in hapd.request("WPS_CONFIG " + new_ssid.encode("hex") + " WPA2PSK CCMP " + new_passphrase.encode("hex")):
685 raise Exception("WPS_CONFIG command failed")
5f35a5e2 686 dev[0].wait_connected(timeout=15)
4b727c5c 687
eeefe187
JM		 688def test_ap_wps_reg_config_tkip(dev, apdev):
689 """WPS registrar configuring AP to use TKIP and AP upgrading to TKIP+CCMP"""
a1eabc74 690 skip_with_fips(dev[0])
eeefe187
JM		 691 ssid = "test-wps-init-ap"
692 appin = "12345670"
693 hostapd.add_ap(apdev[0]['ifname'],
694 { "ssid": ssid, "eap_server": "1", "wps_state": "1",
695 "ap_pin": appin})
696 logger.info("WPS configuration step")
eeefe187 697 dev[0].request("SET wps_version_number 0x10")
33d0b157 698 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
eeefe187
JM		 699 dev[0].dump_monitor()
700 new_ssid = "wps-new-ssid-with-tkip"
701 new_passphrase = "1234567890"
702 dev[0].wps_reg(apdev[0]['bssid'], appin, new_ssid, "WPAPSK", "TKIP",
703 new_passphrase)
704 logger.info("Re-connect to verify WPA2 mixed mode")
705 dev[0].request("DISCONNECT")
706 id = 0
707 dev[0].set_network(id, "pairwise", "CCMP")
708 dev[0].set_network(id, "proto", "RSN")
709 dev[0].connect_network(id)
710 status = dev[0].get_status()
711 if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
3c086180 712 raise Exception("Not fully connected: wpa_state={} bssid={}".format(status['wpa_state'], status['bssid']))
eeefe187
JM		 713 if status['ssid'] != new_ssid:
714 raise Exception("Unexpected SSID")
715 if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'TKIP':
716 raise Exception("Unexpected encryption configuration")
717 if status['key_mgmt'] != 'WPA2-PSK':
718 raise Exception("Unexpected key_mgmt")
719
6645ff50
JM		 720def test_ap_wps_setup_locked(dev, apdev):
721 """WPS registrar locking up AP setup on AP PIN failures"""
722 ssid = "test-wps-incorrect-ap-pin"
723 appin = "12345670"
724 hostapd.add_ap(apdev[0]['ifname'],
725 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
726 "wpa_passphrase": "12345678", "wpa": "2",
727 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
728 "ap_pin": appin})
6645ff50
JM		 729 new_ssid = "wps-new-ssid-test"
730 new_passphrase = "1234567890"
731
33d0b157 732 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
6645ff50
JM		 733 ap_setup_locked=False
734 for pin in ["55554444", "1234", "12345678", "00000000", "11111111"]:
735 dev[0].dump_monitor()
736 logger.info("Try incorrect AP PIN - attempt " + pin)
737 dev[0].wps_reg(apdev[0]['bssid'], pin, new_ssid, "WPA2PSK",
738 "CCMP", new_passphrase, no_wait=True)
739 ev = dev[0].wait_event(["WPS-FAIL", "CTRL-EVENT-CONNECTED"])
740 if ev is None:
741 raise Exception("Timeout on receiving WPS operation failure event")
742 if "CTRL-EVENT-CONNECTED" in ev:
743 raise Exception("Unexpected connection")
744 if "config_error=15" in ev:
745 logger.info("AP Setup Locked")
746 ap_setup_locked=True
747 elif "config_error=18" not in ev:
748 raise Exception("config_error=18 not reported")
5f35a5e2 749 dev[0].wait_disconnected(timeout=10)
6645ff50
JM		 750 time.sleep(0.1)
751 if not ap_setup_locked:
752 raise Exception("AP setup was not locked")
24b7f282
JM		 753 dev[0].request("WPS_CANCEL")
754 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412, force_scan=True,
755 only_new=True)
756 bss = dev[0].get_bss(apdev[0]['bssid'])
757 if 'wps_ap_setup_locked' not in bss or bss['wps_ap_setup_locked'] != '1':
758 logger.info("BSS: " + str(bss))
759 raise Exception("AP Setup Locked not indicated in scan results")
6645ff50 760
d671a420
JM		 761 hapd = hostapd.Hostapd(apdev[0]['ifname'])
762 status = hapd.request("WPS_GET_STATUS")
763 if "Last WPS result: Failed" not in status:
764 raise Exception("WPS failure result not shown correctly")
765 if "Peer Address: " + dev[0].p2p_interface_addr() not in status:
766 raise Exception("Peer address not shown correctly")
767
6645ff50
JM		 768 time.sleep(0.5)
769 dev[0].dump_monitor()
770 logger.info("WPS provisioning step")
771 pin = dev[0].wps_read_pin()
772 hapd = hostapd.Hostapd(apdev[0]['ifname'])
773 hapd.request("WPS_PIN any " + pin)
33d0b157 774 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
6645ff50
JM		 775 ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=30)
776 if ev is None:
777 raise Exception("WPS success was not reported")
5f35a5e2 778 dev[0].wait_connected(timeout=30)
6645ff50 779
c1cec68b
JM		 780 appin = hapd.request("WPS_AP_PIN random")
781 if "FAIL" in appin:
782 raise Exception("Could not generate random AP PIN")
783 ev = hapd.wait_event(["WPS-AP-SETUP-UNLOCKED"], timeout=10)
784 if ev is None:
785 raise Exception("Failed to unlock AP PIN")
786
33c9b8d8
JM		 787def test_ap_wps_setup_locked_timeout(dev, apdev):
788 """WPS re-enabling AP PIN after timeout"""
789 ssid = "test-wps-incorrect-ap-pin"
790 appin = "12345670"
791 hostapd.add_ap(apdev[0]['ifname'],
792 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
793 "wpa_passphrase": "12345678", "wpa": "2",
794 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
795 "ap_pin": appin})
796 new_ssid = "wps-new-ssid-test"
797 new_passphrase = "1234567890"
798
33d0b157 799 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
33c9b8d8
JM		 800 ap_setup_locked=False
801 for pin in ["55554444", "1234", "12345678", "00000000", "11111111"]:
802 dev[0].dump_monitor()
803 logger.info("Try incorrect AP PIN - attempt " + pin)
804 dev[0].wps_reg(apdev[0]['bssid'], pin, new_ssid, "WPA2PSK",
805 "CCMP", new_passphrase, no_wait=True)
9ed53f5e 806 ev = dev[0].wait_event(["WPS-FAIL", "CTRL-EVENT-CONNECTED"], timeout=15)
33c9b8d8
JM		 807 if ev is None:
808 raise Exception("Timeout on receiving WPS operation failure event")
809 if "CTRL-EVENT-CONNECTED" in ev:
810 raise Exception("Unexpected connection")
811 if "config_error=15" in ev:
812 logger.info("AP Setup Locked")
813 ap_setup_locked=True
814 break
815 elif "config_error=18" not in ev:
816 raise Exception("config_error=18 not reported")
5f35a5e2 817 dev[0].wait_disconnected(timeout=10)
33c9b8d8
JM		 818 time.sleep(0.1)
819 if not ap_setup_locked:
820 raise Exception("AP setup was not locked")
821 hapd = hostapd.Hostapd(apdev[0]['ifname'])
822 ev = hapd.wait_event(["WPS-AP-SETUP-UNLOCKED"], timeout=80)
823 if ev is None:
824 raise Exception("AP PIN did not get unlocked on 60 second timeout")
825
4c355e3e
JM		 826def test_ap_wps_setup_locked_2(dev, apdev):
827 """WPS AP configured for special ap_setup_locked=2 mode"""
828 ssid = "test-wps-ap-pin"
829 appin = "12345670"
830 params = { "ssid": ssid, "eap_server": "1", "wps_state": "2",
831 "wpa_passphrase": "12345678", "wpa": "2",
832 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
833 "ap_pin": appin, "ap_setup_locked": "2" }
834 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
835 new_ssid = "wps-new-ssid-test"
836 new_passphrase = "1234567890"
837
838 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
839 dev[0].wps_reg(apdev[0]['bssid'], appin)
840 dev[0].request("REMOVE_NETWORK all")
841 dev[0].wait_disconnected()
842
843 hapd.dump_monitor()
844 dev[0].dump_monitor()
845 dev[0].wps_reg(apdev[0]['bssid'], appin, new_ssid, "WPA2PSK",
846 "CCMP", new_passphrase, no_wait=True)
847
848 ev = hapd.wait_event(["WPS-FAIL"], timeout=5)
849 if ev is None:
850 raise Exception("hostapd did not report WPS failure")
851 if "msg=12 config_error=15" not in ev:
852 raise Exception("Unexpected failure reason (AP): " + ev)
853
854 ev = dev[0].wait_event(["WPS-FAIL", "CTRL-EVENT-CONNECTED"])
855 if ev is None:
856 raise Exception("Timeout on receiving WPS operation failure event")
857 if "CTRL-EVENT-CONNECTED" in ev:
858 raise Exception("Unexpected connection")
859 if "config_error=15" not in ev:
860 raise Exception("Unexpected failure reason (STA): " + ev)
861 dev[0].request("WPS_CANCEL")
862 dev[0].wait_disconnected()
863
ae3ad328 864def test_ap_wps_pbc_overlap_2ap(dev, apdev):
302b7a1b 865 """WPS PBC session overlap with two active APs"""
ae3ad328 866 hostapd.add_ap(apdev[0]['ifname'],
302b7a1b
JM		 867 { "ssid": "wps1", "eap_server": "1", "wps_state": "2",
868 "wpa_passphrase": "12345678", "wpa": "2",
869 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
870 "wps_independent": "1"})
ae3ad328 871 hostapd.add_ap(apdev[1]['ifname'],
302b7a1b
JM		 872 { "ssid": "wps2", "eap_server": "1", "wps_state": "2",
873 "wpa_passphrase": "123456789", "wpa": "2",
874 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
875 "wps_independent": "1"})
ae3ad328 876 hapd = hostapd.Hostapd(apdev[0]['ifname'])
302b7a1b 877 hapd.request("WPS_PBC")
ae3ad328 878 hapd2 = hostapd.Hostapd(apdev[1]['ifname'])
302b7a1b
JM		 879 hapd2.request("WPS_PBC")
880 logger.info("WPS provisioning step")
84a40841
JM		 881 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True)
882 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
302b7a1b
JM		 883 dev[0].request("WPS_PBC")
884 ev = dev[0].wait_event(["WPS-OVERLAP-DETECTED"], timeout=15)
885 if ev is None:
886 raise Exception("PBC session overlap not detected")
492c3a91
JM		 887 hapd.request("DISABLE")
888 hapd2.request("DISABLE")
889 dev[0].flush_scan_cache()
302b7a1b 890
ae3ad328 891def test_ap_wps_pbc_overlap_2sta(dev, apdev):
302b7a1b
JM		 892 """WPS PBC session overlap with two active STAs"""
893 ssid = "test-wps-pbc-overlap"
ae3ad328 894 hostapd.add_ap(apdev[0]['ifname'],
302b7a1b
JM		 895 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
896 "wpa_passphrase": "12345678", "wpa": "2",
897 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
ae3ad328 898 hapd = hostapd.Hostapd(apdev[0]['ifname'])
302b7a1b
JM		 899 logger.info("WPS provisioning step")
900 hapd.request("WPS_PBC")
33d0b157 901 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
302b7a1b 902 dev[0].dump_monitor()
33d0b157 903 dev[1].scan_for_bss(apdev[0]['bssid'], freq="2412")
302b7a1b 904 dev[1].dump_monitor()
33d0b157
JM		 905 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
906 dev[1].request("WPS_PBC " + apdev[0]['bssid'])
302b7a1b
JM		 907 ev = dev[0].wait_event(["WPS-M2D"], timeout=15)
908 if ev is None:
909 raise Exception("PBC session overlap not detected (dev0)")
910 if "config_error=12" not in ev:
911 raise Exception("PBC session overlap not correctly reported (dev0)")
492c3a91
JM		 912 dev[0].request("WPS_CANCEL")
913 dev[0].request("DISCONNECT")
302b7a1b
JM		 914 ev = dev[1].wait_event(["WPS-M2D"], timeout=15)
915 if ev is None:
916 raise Exception("PBC session overlap not detected (dev1)")
917 if "config_error=12" not in ev:
918 raise Exception("PBC session overlap not correctly reported (dev1)")
492c3a91
JM		 919 dev[1].request("WPS_CANCEL")
920 dev[1].request("DISCONNECT")
11e7eeba
JM		 921 hapd.request("WPS_CANCEL")
922 ret = hapd.request("WPS_PBC")
923 if "FAIL" not in ret:
924 raise Exception("PBC mode allowed to be started while PBC overlap still active")
492c3a91
JM		 925 hapd.request("DISABLE")
926 dev[0].flush_scan_cache()
927 dev[1].flush_scan_cache()
6edaee9c 928
71afe834
JM		 929def test_ap_wps_cancel(dev, apdev):
930 """WPS AP cancelling enabled config method"""
931 ssid = "test-wps-ap-cancel"
932 hostapd.add_ap(apdev[0]['ifname'],
933 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
934 "wpa_passphrase": "12345678", "wpa": "2",
935 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP" })
936 bssid = apdev[0]['bssid']
937 hapd = hostapd.Hostapd(apdev[0]['ifname'])
938
939 logger.info("Verify PBC enable/cancel")
940 hapd.request("WPS_PBC")
71afe834 941 dev[0].scan(freq="2412")
84a40841 942 dev[0].scan(freq="2412")
71afe834
JM		 943 bss = dev[0].get_bss(apdev[0]['bssid'])
944 if "[WPS-PBC]" not in bss['flags']:
945 raise Exception("WPS-PBC flag missing")
946 if "FAIL" in hapd.request("WPS_CANCEL"):
947 raise Exception("WPS_CANCEL failed")
948 dev[0].scan(freq="2412")
84a40841 949 dev[0].scan(freq="2412")
71afe834
JM		 950 bss = dev[0].get_bss(apdev[0]['bssid'])
951 if "[WPS-PBC]" in bss['flags']:
952 raise Exception("WPS-PBC flag not cleared")
953
954 logger.info("Verify PIN enable/cancel")
955 hapd.request("WPS_PIN any 12345670")
956 dev[0].scan(freq="2412")
84a40841 957 dev[0].scan(freq="2412")
71afe834
JM		 958 bss = dev[0].get_bss(apdev[0]['bssid'])
959 if "[WPS-AUTH]" not in bss['flags']:
960 raise Exception("WPS-AUTH flag missing")
961 if "FAIL" in hapd.request("WPS_CANCEL"):
962 raise Exception("WPS_CANCEL failed")
963 dev[0].scan(freq="2412")
84a40841 964 dev[0].scan(freq="2412")
71afe834
JM		 965 bss = dev[0].get_bss(apdev[0]['bssid'])
966 if "[WPS-AUTH]" in bss['flags']:
967 raise Exception("WPS-AUTH flag not cleared")
968
6edaee9c
JM		 969def test_ap_wps_er_add_enrollee(dev, apdev):
970 """WPS ER configuring AP and adding a new enrollee using PIN"""
be9f1562
JM		 971 try:
972 _test_ap_wps_er_add_enrollee(dev, apdev)
973 finally:
974 dev[0].request("WPS_ER_STOP")
975
976def _test_ap_wps_er_add_enrollee(dev, apdev):
6edaee9c
JM		 977 ssid = "wps-er-add-enrollee"
978 ap_pin = "12345670"
979 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
980 hostapd.add_ap(apdev[0]['ifname'],
981 { "ssid": ssid, "eap_server": "1", "wps_state": "1",
982 "device_name": "Wireless AP", "manufacturer": "Company",
983 "model_name": "WAP", "model_number": "123",
984 "serial_number": "12345", "device_type": "6-0050F204-1",
985 "os_version": "01020300",
24b7f282 986 'friendly_name': "WPS AP - <>&'\" - TEST",
6edaee9c
JM		 987 "config_methods": "label push_button",
988 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"})
989 logger.info("WPS configuration step")
990 new_passphrase = "1234567890"
991 dev[0].dump_monitor()
33d0b157 992 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
6edaee9c
JM		 993 dev[0].wps_reg(apdev[0]['bssid'], ap_pin, ssid, "WPA2PSK", "CCMP",
994 new_passphrase)
995 status = dev[0].get_status()
996 if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
997 raise Exception("Not fully connected")
998 if status['ssid'] != ssid:
999 raise Exception("Unexpected SSID")
1000 if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'CCMP':
1001 raise Exception("Unexpected encryption configuration")
1002 if status['key_mgmt'] != 'WPA2-PSK':
1003 raise Exception("Unexpected key_mgmt")
1004
1005 logger.info("Start ER")
1006 dev[0].request("WPS_ER_START ifname=lo")
1007 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
1008 if ev is None:
1009 raise Exception("AP discovery timed out")
1010 if ap_uuid not in ev:
1011 raise Exception("Expected AP UUID not found")
24b7f282
JM		 1012 if "|WPS AP - &lt;&gt;&amp;&apos;&quot; - TEST|Company|" not in ev:
1013 raise Exception("Expected friendly name not found")
6edaee9c
JM		 1014
1015 logger.info("Learn AP configuration through UPnP")
1016 dev[0].dump_monitor()
1017 dev[0].request("WPS_ER_LEARN " + ap_uuid + " " + ap_pin)
1018 ev = dev[0].wait_event(["WPS-ER-AP-SETTINGS"], timeout=15)
1019 if ev is None:
1020 raise Exception("AP learn timed out")
1021 if ap_uuid not in ev:
1022 raise Exception("Expected AP UUID not in settings")
1023 if "ssid=" + ssid not in ev:
1024 raise Exception("Expected SSID not in settings")
1025 if "key=" + new_passphrase not in ev:
1026 raise Exception("Expected passphrase not in settings")
33d0b157
JM		 1027 ev = dev[0].wait_event(["WPS-FAIL"], timeout=15)
1028 if ev is None:
1029 raise Exception("WPS-FAIL after AP learn timed out")
1030 time.sleep(0.1)
6edaee9c
JM		 1031
1032 logger.info("Add Enrollee using ER")
1033 pin = dev[1].wps_read_pin()
1034 dev[0].dump_monitor()
1035 dev[0].request("WPS_ER_PIN any " + pin + " " + dev[1].p2p_interface_addr())
33d0b157 1036 dev[1].scan_for_bss(apdev[0]['bssid'], freq=2412)
6edaee9c 1037 dev[1].dump_monitor()
33d0b157 1038 dev[1].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
846be889 1039 ev = dev[1].wait_event(["WPS-SUCCESS"], timeout=30)
6edaee9c
JM		 1040 if ev is None:
1041 raise Exception("Enrollee did not report success")
5f35a5e2 1042 dev[1].wait_connected(timeout=15)
6edaee9c
JM		 1043 ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15)
1044 if ev is None:
1045 raise Exception("WPS ER did not report success")
1046 hwsim_utils.test_connectivity_sta(dev[0], dev[1])
1047
11c26f1b
JM		 1048 logger.info("Add a specific Enrollee using ER")
1049 pin = dev[2].wps_read_pin()
1050 addr2 = dev[2].p2p_interface_addr()
1051 dev[0].dump_monitor()
33d0b157 1052 dev[2].scan_for_bss(apdev[0]['bssid'], freq=2412)
11c26f1b 1053 dev[2].dump_monitor()
33d0b157 1054 dev[2].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
11c26f1b
JM		 1055 ev = dev[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout=10)
1056 if ev is None:
1057 raise Exception("Enrollee not seen")
1058 if addr2 not in ev:
1059 raise Exception("Unexpected Enrollee MAC address")
1060 dev[0].request("WPS_ER_PIN " + addr2 + " " + pin + " " + addr2)
5f35a5e2 1061 dev[2].wait_connected(timeout=30)
11c26f1b
JM		 1062 ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15)
1063 if ev is None:
1064 raise Exception("WPS ER did not report success")
1065
38ae43de
JM		 1066 logger.info("Verify registrar selection behavior")
1067 dev[0].request("WPS_ER_PIN any " + pin + " " + dev[1].p2p_interface_addr())
1068 dev[1].request("DISCONNECT")
5f35a5e2 1069 dev[1].wait_disconnected(timeout=10)
84a40841 1070 dev[1].scan_for_bss(apdev[0]['bssid'], freq="2412")
38ae43de
JM		 1071 dev[1].scan(freq="2412")
1072 bss = dev[1].get_bss(apdev[0]['bssid'])
1073 if "[WPS-AUTH]" not in bss['flags']:
321c7f60
JM		 1074 # It is possible for scan to miss an update especially when running
1075 # tests under load with multiple VMs, so allow another attempt.
1076 dev[1].scan(freq="2412")
1077 bss = dev[1].get_bss(apdev[0]['bssid'])
1078 if "[WPS-AUTH]" not in bss['flags']:
1079 raise Exception("WPS-AUTH flag missing")
38ae43de
JM		 1080
1081 logger.info("Stop ER")
1082 dev[0].dump_monitor()
1083 dev[0].request("WPS_ER_STOP")
1084 ev = dev[0].wait_event(["WPS-ER-AP-REMOVE"])
1085 if ev is None:
1086 raise Exception("WPS ER unsubscription timed out")
8697cbc0 1087 # It takes some time for the UPnP UNSUBSCRIBE command to go through, so wait
befd671c 1088 # a bit before verifying that the scan results have changed.
8697cbc0 1089 time.sleep(0.2)
38ae43de 1090
befd671c
JM		 1091 for i in range(0, 10):
1092 dev[1].request("BSS_FLUSH 0")
1093 dev[1].scan(freq="2412", only_new=True)
1094 bss = dev[1].get_bss(apdev[0]['bssid'])
1095 if bss and 'flags' in bss and "[WPS-AUTH]" not in bss['flags']:
1096 break
1097 logger.debug("WPS-AUTH flag was still in place - wait a bit longer")
1098 time.sleep(0.1)
38ae43de
JM		 1099 if "[WPS-AUTH]" in bss['flags']:
1100 raise Exception("WPS-AUTH flag not removed")
1101
c965ae03
JM		 1102def test_ap_wps_er_add_enrollee_uuid(dev, apdev):
1103 """WPS ER adding a new enrollee identified by UUID"""
1104 try:
1105 _test_ap_wps_er_add_enrollee_uuid(dev, apdev)
1106 finally:
1107 dev[0].request("WPS_ER_STOP")
1108
1109def _test_ap_wps_er_add_enrollee_uuid(dev, apdev):
1110 ssid = "wps-er-add-enrollee"
1111 ap_pin = "12345670"
1112 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
1113 hostapd.add_ap(apdev[0]['ifname'],
1114 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
1115 "wpa_passphrase": "12345678", "wpa": "2",
1116 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
1117 "device_name": "Wireless AP", "manufacturer": "Company",
1118 "model_name": "WAP", "model_number": "123",
1119 "serial_number": "12345", "device_type": "6-0050F204-1",
1120 "os_version": "01020300",
1121 "config_methods": "label push_button",
1122 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"})
1123 logger.info("WPS configuration step")
1124 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
1125 dev[0].wps_reg(apdev[0]['bssid'], ap_pin)
1126
1127 logger.info("Start ER")
1128 dev[0].request("WPS_ER_START ifname=lo")
1129 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
1130 if ev is None:
1131 raise Exception("AP discovery timed out")
1132 if ap_uuid not in ev:
1133 raise Exception("Expected AP UUID not found")
1134
1135 logger.info("Learn AP configuration through UPnP")
1136 dev[0].dump_monitor()
1137 dev[0].request("WPS_ER_LEARN " + ap_uuid + " " + ap_pin)
1138 ev = dev[0].wait_event(["WPS-ER-AP-SETTINGS"], timeout=15)
1139 if ev is None:
1140 raise Exception("AP learn timed out")
1141 if ap_uuid not in ev:
1142 raise Exception("Expected AP UUID not in settings")
1143 ev = dev[0].wait_event(["WPS-FAIL"], timeout=15)
1144 if ev is None:
1145 raise Exception("WPS-FAIL after AP learn timed out")
1146 time.sleep(0.1)
1147
1148 logger.info("Add a specific Enrollee using ER (PBC/UUID)")
1149 addr1 = dev[1].p2p_interface_addr()
1150 dev[0].dump_monitor()
1151 dev[1].scan_for_bss(apdev[0]['bssid'], freq=2412)
1152 dev[1].dump_monitor()
1153 dev[1].request("WPS_PBC %s" % apdev[0]['bssid'])
1154 ev = dev[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout=10)
1155 if ev is None:
1156 raise Exception("Enrollee not seen")
1157 if addr1 not in ev:
1158 raise Exception("Unexpected Enrollee MAC address")
1159 uuid = ev.split(' ')[1]
1160 dev[0].request("WPS_ER_PBC " + uuid)
1161 dev[1].wait_connected(timeout=30)
1162 ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15)
1163 if ev is None:
1164 raise Exception("WPS ER did not report success")
1165
1166 logger.info("Add a specific Enrollee using ER (PIN/UUID)")
1167 pin = dev[2].wps_read_pin()
1168 addr2 = dev[2].p2p_interface_addr()
1169 dev[0].dump_monitor()
1170 dev[2].scan_for_bss(apdev[0]['bssid'], freq=2412)
1171 dev[2].dump_monitor()
1172 dev[2].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
1173 ev = dev[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout=10)
1174 if ev is None:
1175 raise Exception("Enrollee not seen")
1176 if addr2 not in ev:
1177 raise Exception("Unexpected Enrollee MAC address")
1178 uuid = ev.split(' ')[1]
1179 dev[0].request("WPS_ER_PIN " + uuid + " " + pin)
1180 dev[2].wait_connected(timeout=30)
1181 ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15)
1182 if ev is None:
1183 raise Exception("WPS ER did not report success")
1184
ea982de1
JM		 1185 ev = dev[0].wait_event(["WPS-ER-ENROLLEE-REMOVE"], timeout=15)
1186 if ev is None:
1187 raise Exception("No Enrollee STA entry timeout seen")
1188
c965ae03
JM		 1189 logger.info("Stop ER")
1190 dev[0].dump_monitor()
1191 dev[0].request("WPS_ER_STOP")
1192
61c3d464
JM		 1193def test_ap_wps_er_multi_add_enrollee(dev, apdev):
1194 """Multiple WPS ERs adding a new enrollee using PIN"""
1195 try:
1196 _test_ap_wps_er_multi_add_enrollee(dev, apdev)
1197 finally:
d887ed3f
JM		 1198 for i in range(2):
1199 dev[i].request("WPS_ER_STOP")
61c3d464
JM		 1200
1201def _test_ap_wps_er_multi_add_enrollee(dev, apdev):
1202 ssid = "wps-er-add-enrollee"
1203 ap_pin = "12345670"
1204 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
1205 hostapd.add_ap(apdev[0]['ifname'],
1206 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
1207 "wpa_passphrase": "12345678", "wpa": "2",
1208 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
1209 "device_name": "Wireless AP", "manufacturer": "Company",
1210 "model_name": "WAP", "model_number": "123",
1211 "serial_number": "12345", "device_type": "6-0050F204-1",
1212 "os_version": "01020300",
1213 'friendly_name': "WPS AP",
1214 "config_methods": "label push_button",
1215 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"})
1216
1217 for i in range(2):
1218 dev[i].scan_for_bss(apdev[0]['bssid'], freq=2412)
1219 dev[i].wps_reg(apdev[0]['bssid'], ap_pin)
6a5f578c 1220 for i in range(2):
61c3d464
JM		 1221 dev[i].request("WPS_ER_START ifname=lo")
1222 for i in range(2):
1223 ev = dev[i].wait_event(["WPS-ER-AP-ADD"], timeout=15)
1224 if ev is None:
1225 raise Exception("AP discovery timed out")
1226 dev[i].dump_monitor()
6a5f578c 1227 for i in range(2):
61c3d464 1228 dev[i].request("WPS_ER_LEARN " + ap_uuid + " " + ap_pin)
6a5f578c 1229 for i in range(2):
61c3d464
JM		 1230 ev = dev[i].wait_event(["WPS-ER-AP-SETTINGS"], timeout=15)
1231 if ev is None:
1232 raise Exception("AP learn timed out")
1233 ev = dev[i].wait_event(["WPS-FAIL"], timeout=15)
1234 if ev is None:
1235 raise Exception("WPS-FAIL after AP learn timed out")
1236
1237 time.sleep(0.1)
1238
1239 pin = dev[2].wps_read_pin()
1240 addr = dev[2].own_addr()
1241 dev[0].dump_monitor()
1242 dev[0].request("WPS_ER_PIN any " + pin + " " + addr)
1243 dev[1].dump_monitor()
1244 dev[1].request("WPS_ER_PIN any " + pin + " " + addr)
1245
1246 dev[2].scan_for_bss(apdev[0]['bssid'], freq=2412)
1247 dev[2].dump_monitor()
1248 dev[2].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
1249 ev = dev[2].wait_event(["WPS-SUCCESS"], timeout=30)
1250 if ev is None:
1251 raise Exception("Enrollee did not report success")
1252 dev[2].wait_connected(timeout=15)
1253
6edaee9c
JM		 1254def test_ap_wps_er_add_enrollee_pbc(dev, apdev):
1255 """WPS ER connected to AP and adding a new enrollee using PBC"""
be9f1562
JM		 1256 try:
1257 _test_ap_wps_er_add_enrollee_pbc(dev, apdev)
1258 finally:
1259 dev[0].request("WPS_ER_STOP")
1260
1261def _test_ap_wps_er_add_enrollee_pbc(dev, apdev):
6edaee9c
JM		 1262 ssid = "wps-er-add-enrollee-pbc"
1263 ap_pin = "12345670"
1264 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
1265 hostapd.add_ap(apdev[0]['ifname'],
1266 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
1267 "wpa_passphrase": "12345678", "wpa": "2",
1268 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
1269 "device_name": "Wireless AP", "manufacturer": "Company",
1270 "model_name": "WAP", "model_number": "123",
1271 "serial_number": "12345", "device_type": "6-0050F204-1",
1272 "os_version": "01020300",
1273 "config_methods": "label push_button",
1274 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"})
1275 logger.info("Learn AP configuration")
33d0b157 1276 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
6edaee9c 1277 dev[0].dump_monitor()
6edaee9c
JM		 1278 dev[0].wps_reg(apdev[0]['bssid'], ap_pin)
1279 status = dev[0].get_status()
1280 if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
1281 raise Exception("Not fully connected")
1282
1283 logger.info("Start ER")
1284 dev[0].request("WPS_ER_START ifname=lo")
1285 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
1286 if ev is None:
1287 raise Exception("AP discovery timed out")
1288 if ap_uuid not in ev:
1289 raise Exception("Expected AP UUID not found")
1290
d6b916c9
JM		 1291 enrollee = dev[1].p2p_interface_addr()
1292
1293 if "FAIL-UNKNOWN-UUID" not in dev[0].request("WPS_ER_PBC " + enrollee):
1294 raise Exception("Unknown UUID not reported")
6edaee9c
JM		 1295
1296 logger.info("Add Enrollee using ER and PBC")
1297 dev[0].dump_monitor()
6edaee9c
JM		 1298 dev[1].dump_monitor()
1299 dev[1].request("WPS_PBC")
1300
8674c022
JM		 1301 for i in range(0, 2):
1302 ev = dev[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout=15)
1303 if ev is None:
1304 raise Exception("Enrollee discovery timed out")
1305 if enrollee in ev:
1306 break
1307 if i == 1:
1308 raise Exception("Expected Enrollee not found")
d6b916c9
JM		 1309 if "FAIL-NO-AP-SETTINGS" not in dev[0].request("WPS_ER_PBC " + enrollee):
1310 raise Exception("Unknown UUID not reported")
1311 logger.info("Use learned network configuration on ER")
1312 dev[0].request("WPS_ER_SET_CONFIG " + ap_uuid + " 0")
1313 if "OK" not in dev[0].request("WPS_ER_PBC " + enrollee):
1314 raise Exception("WPS_ER_PBC failed")
6edaee9c
JM		 1315
1316 ev = dev[1].wait_event(["WPS-SUCCESS"], timeout=15)
1317 if ev is None:
1318 raise Exception("Enrollee did not report success")
5f35a5e2 1319 dev[1].wait_connected(timeout=15)
6edaee9c
JM		 1320 ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15)
1321 if ev is None:
1322 raise Exception("WPS ER did not report success")
1323 hwsim_utils.test_connectivity_sta(dev[0], dev[1])
bff3ac5b 1324
d6b916c9
JM		 1325def test_ap_wps_er_pbc_overlap(dev, apdev):
1326 """WPS ER connected to AP and PBC session overlap"""
be9f1562
JM		 1327 try:
1328 _test_ap_wps_er_pbc_overlap(dev, apdev)
1329 finally:
1330 dev[0].request("WPS_ER_STOP")
1331
1332def _test_ap_wps_er_pbc_overlap(dev, apdev):
d6b916c9
JM		 1333 ssid = "wps-er-add-enrollee-pbc"
1334 ap_pin = "12345670"
1335 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
1336 hostapd.add_ap(apdev[0]['ifname'],
1337 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
1338 "wpa_passphrase": "12345678", "wpa": "2",
1339 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
1340 "device_name": "Wireless AP", "manufacturer": "Company",
1341 "model_name": "WAP", "model_number": "123",
1342 "serial_number": "12345", "device_type": "6-0050F204-1",
1343 "os_version": "01020300",
1344 "config_methods": "label push_button",
1345 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"})
1346 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
1347 dev[0].dump_monitor()
1348 dev[0].wps_reg(apdev[0]['bssid'], ap_pin)
1349
fba25c99
JM		 1350 dev[1].scan_for_bss(apdev[0]['bssid'], freq="2412")
1351 dev[2].scan_for_bss(apdev[0]['bssid'], freq="2412")
1352 # avoid leaving dev 1 or 2 as the last Probe Request to the AP
1353 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412, force_scan=True)
1354
d6b916c9
JM		 1355 dev[0].dump_monitor()
1356 dev[0].request("WPS_ER_START ifname=lo")
1357
1358 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
1359 if ev is None:
1360 raise Exception("AP discovery timed out")
1361 if ap_uuid not in ev:
1362 raise Exception("Expected AP UUID not found")
1363
800bcf4e
JM		 1364 # verify BSSID selection of the AP instead of UUID
1365 if "FAIL" in dev[0].request("WPS_ER_SET_CONFIG " + apdev[0]['bssid'] + " 0"):
1366 raise Exception("Could not select AP based on BSSID")
1367
fba25c99 1368 dev[0].dump_monitor()
d6b916c9
JM		 1369 dev[1].request("WPS_PBC " + apdev[0]['bssid'])
1370 dev[2].request("WPS_PBC " + apdev[0]['bssid'])
1371 ev = dev[1].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=10)
1372 if ev is None:
1373 raise Exception("PBC scan failed")
1374 ev = dev[2].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=10)
1375 if ev is None:
1376 raise Exception("PBC scan failed")
fba25c99
JM		 1377 found1 = False
1378 found2 = False
1379 addr1 = dev[1].own_addr()
1380 addr2 = dev[2].own_addr()
1381 for i in range(3):
d6b916c9
JM		 1382 ev = dev[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout=15)
1383 if ev is None:
1384 raise Exception("Enrollee discovery timed out")
fba25c99
JM		 1385 if addr1 in ev:
1386 found1 = True
1387 if found2:
1388 break
1389 if addr2 in ev:
1390 found2 = True
1391 if found1:
1392 break
d6b916c9
JM		 1393 if dev[0].request("WPS_ER_PBC " + ap_uuid) != "FAIL-PBC-OVERLAP\n":
1394 raise Exception("PBC overlap not reported")
1395 dev[1].request("WPS_CANCEL")
1396 dev[2].request("WPS_CANCEL")
1397 if dev[0].request("WPS_ER_PBC foo") != "FAIL\n":
1398 raise Exception("Invalid WPS_ER_PBC accepted")
1399
1f020f5e
JM		 1400def test_ap_wps_er_v10_add_enrollee_pin(dev, apdev):
1401 """WPS v1.0 ER connected to AP and adding a new enrollee using PIN"""
be9f1562
JM		 1402 try:
1403 _test_ap_wps_er_v10_add_enrollee_pin(dev, apdev)
1404 finally:
1405 dev[0].request("WPS_ER_STOP")
1406
1407def _test_ap_wps_er_v10_add_enrollee_pin(dev, apdev):
1f020f5e
JM		 1408 ssid = "wps-er-add-enrollee-pbc"
1409 ap_pin = "12345670"
1410 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
1411 hostapd.add_ap(apdev[0]['ifname'],
1412 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
1413 "wpa_passphrase": "12345678", "wpa": "2",
1414 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
1415 "device_name": "Wireless AP", "manufacturer": "Company",
1416 "model_name": "WAP", "model_number": "123",
1417 "serial_number": "12345", "device_type": "6-0050F204-1",
1418 "os_version": "01020300",
1419 "config_methods": "label push_button",
1420 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"})
1421 logger.info("Learn AP configuration")
1422 dev[0].request("SET wps_version_number 0x10")
33d0b157 1423 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
1f020f5e
JM		 1424 dev[0].dump_monitor()
1425 dev[0].wps_reg(apdev[0]['bssid'], ap_pin)
1426 status = dev[0].get_status()
1427 if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
1428 raise Exception("Not fully connected")
1429
1430 logger.info("Start ER")
1431 dev[0].request("WPS_ER_START ifname=lo")
1432 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
1433 if ev is None:
1434 raise Exception("AP discovery timed out")
1435 if ap_uuid not in ev:
1436 raise Exception("Expected AP UUID not found")
1437
1438 logger.info("Use learned network configuration on ER")
1439 dev[0].request("WPS_ER_SET_CONFIG " + ap_uuid + " 0")
1440
1441 logger.info("Add Enrollee using ER and PIN")
1442 enrollee = dev[1].p2p_interface_addr()
1443 pin = dev[1].wps_read_pin()
1444 dev[0].dump_monitor()
1445 dev[0].request("WPS_ER_PIN any " + pin + " " + enrollee)
33d0b157 1446 dev[1].scan_for_bss(apdev[0]['bssid'], freq=2412)
1f020f5e 1447 dev[1].dump_monitor()
33d0b157 1448 dev[1].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
5f35a5e2 1449 dev[1].wait_connected(timeout=30)
1f020f5e
JM		 1450 ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15)
1451 if ev is None:
1452 raise Exception("WPS ER did not report success")
1453
be923570
JM		 1454def test_ap_wps_er_config_ap(dev, apdev):
1455 """WPS ER configuring AP over UPnP"""
be9f1562
JM		 1456 try:
1457 _test_ap_wps_er_config_ap(dev, apdev)
1458 finally:
1459 dev[0].request("WPS_ER_STOP")
1460
1461def _test_ap_wps_er_config_ap(dev, apdev):
be923570
JM		 1462 ssid = "wps-er-ap-config"
1463 ap_pin = "12345670"
1464 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
1465 hostapd.add_ap(apdev[0]['ifname'],
1466 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
1467 "wpa_passphrase": "12345678", "wpa": "2",
1468 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
1469 "device_name": "Wireless AP", "manufacturer": "Company",
1470 "model_name": "WAP", "model_number": "123",
1471 "serial_number": "12345", "device_type": "6-0050F204-1",
1472 "os_version": "01020300",
1473 "config_methods": "label push_button",
1474 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"})
1475
1476 logger.info("Connect ER to the AP")
1477 dev[0].connect(ssid, psk="12345678", scan_freq="2412")
1478
1479 logger.info("WPS configuration step")
1480 dev[0].request("WPS_ER_START ifname=lo")
1481 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
1482 if ev is None:
1483 raise Exception("AP discovery timed out")
1484 if ap_uuid not in ev:
1485 raise Exception("Expected AP UUID not found")
1486 new_passphrase = "1234567890"
1487 dev[0].request("WPS_ER_CONFIG " + apdev[0]['bssid'] + " " + ap_pin + " " +
1488 ssid.encode("hex") + " WPA2PSK CCMP " +
1489 new_passphrase.encode("hex"))
1490 ev = dev[0].wait_event(["WPS-SUCCESS"])
1491 if ev is None:
1492 raise Exception("WPS ER configuration operation timed out")
5f35a5e2 1493 dev[0].wait_disconnected(timeout=10)
be923570
JM		 1494 dev[0].connect(ssid, psk="1234567890", scan_freq="2412")
1495
8f8c2fe8
JM		 1496 logger.info("WPS ER restart")
1497 dev[0].request("WPS_ER_START")
1498 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
1499 if ev is None:
1500 raise Exception("AP discovery timed out on ER restart")
1501 if ap_uuid not in ev:
1502 raise Exception("Expected AP UUID not found on ER restart")
1503 if "OK" not in dev[0].request("WPS_ER_STOP"):
1504 raise Exception("WPS_ER_STOP failed")
1505 if "OK" not in dev[0].request("WPS_ER_STOP"):
1506 raise Exception("WPS_ER_STOP failed")
1507
6aaa661a
JM		 1508def test_ap_wps_er_cache_ap_settings(dev, apdev):
1509 """WPS ER caching AP settings"""
1510 try:
1511 _test_ap_wps_er_cache_ap_settings(dev, apdev)
1512 finally:
1513 dev[0].request("WPS_ER_STOP")
1514
1515def _test_ap_wps_er_cache_ap_settings(dev, apdev):
1516 ssid = "wps-er-add-enrollee"
1517 ap_pin = "12345670"
1518 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
1519 params = { "ssid": ssid, "eap_server": "1", "wps_state": "2",
1520 "wpa_passphrase": "12345678", "wpa": "2",
1521 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
1522 "device_name": "Wireless AP", "manufacturer": "Company",
1523 "model_name": "WAP", "model_number": "123",
1524 "serial_number": "12345", "device_type": "6-0050F204-1",
1525 "os_version": "01020300",
1526 "config_methods": "label push_button",
1527 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo" }
1528 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
1529 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
1530 dev[0].wps_reg(apdev[0]['bssid'], ap_pin)
1531 id = int(dev[0].list_networks()[0]['id'])
1532 dev[0].set_network(id, "scan_freq", "2412")
1533
1534 dev[0].request("WPS_ER_START ifname=lo")
1535 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
1536 if ev is None:
1537 raise Exception("AP discovery timed out")
1538 if ap_uuid not in ev:
1539 raise Exception("Expected AP UUID not found")
1540
1541 dev[0].dump_monitor()
1542 dev[0].request("WPS_ER_LEARN " + ap_uuid + " " + ap_pin)
1543 ev = dev[0].wait_event(["WPS-ER-AP-SETTINGS"], timeout=15)
1544 if ev is None:
1545 raise Exception("AP learn timed out")
1546 ev = dev[0].wait_event(["WPS-FAIL"], timeout=15)
1547 if ev is None:
1548 raise Exception("WPS-FAIL after AP learn timed out")
1549 time.sleep(0.1)
1550
1551 hapd.disable()
1552
1553 for i in range(2):
1554 ev = dev[0].wait_event([ "WPS-ER-AP-REMOVE",
1555 "CTRL-EVENT-DISCONNECTED" ],
1556 timeout=15)
1557 if ev is None:
1558 raise Exception("AP removal or disconnection timed out")
1559
1560 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
1561 for i in range(2):
1562 ev = dev[0].wait_event([ "WPS-ER-AP-ADD", "CTRL-EVENT-CONNECTED" ],
1563 timeout=15)
1564 if ev is None:
1565 raise Exception("AP discovery or connection timed out")
1566
1567 pin = dev[1].wps_read_pin()
1568 dev[0].dump_monitor()
1569 dev[0].request("WPS_ER_PIN any " + pin + " " + dev[1].p2p_interface_addr())
1570
1571 time.sleep(0.2)
1572
1573 dev[1].scan_for_bss(apdev[0]['bssid'], freq=2412)
1574 dev[1].dump_monitor()
1575 dev[1].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
1576 ev = dev[1].wait_event(["WPS-SUCCESS"], timeout=30)
1577 if ev is None:
1578 raise Exception("Enrollee did not report success")
1579 dev[1].wait_connected(timeout=15)
1580 ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15)
1581 if ev is None:
1582 raise Exception("WPS ER did not report success")
1583
1584 dev[0].dump_monitor()
1585 dev[0].request("WPS_ER_STOP")
1586
d840350a
JM		 1587def test_ap_wps_er_cache_ap_settings_oom(dev, apdev):
1588 """WPS ER caching AP settings (OOM)"""
1589 try:
1590 _test_ap_wps_er_cache_ap_settings_oom(dev, apdev)
1591 finally:
1592 dev[0].request("WPS_ER_STOP")
1593
1594def _test_ap_wps_er_cache_ap_settings_oom(dev, apdev):
1595 ssid = "wps-er-add-enrollee"
1596 ap_pin = "12345670"
1597 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
1598 params = { "ssid": ssid, "eap_server": "1", "wps_state": "2",
1599 "wpa_passphrase": "12345678", "wpa": "2",
1600 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
1601 "device_name": "Wireless AP", "manufacturer": "Company",
1602 "model_name": "WAP", "model_number": "123",
1603 "serial_number": "12345", "device_type": "6-0050F204-1",
1604 "os_version": "01020300",
1605 "config_methods": "label push_button",
1606 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo" }
1607 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
1608 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
1609 dev[0].wps_reg(apdev[0]['bssid'], ap_pin)
1610 id = int(dev[0].list_networks()[0]['id'])
1611 dev[0].set_network(id, "scan_freq", "2412")
1612
1613 dev[0].request("WPS_ER_START ifname=lo")
1614 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
1615 if ev is None:
1616 raise Exception("AP discovery timed out")
1617 if ap_uuid not in ev:
1618 raise Exception("Expected AP UUID not found")
1619
1620 dev[0].dump_monitor()
1621 dev[0].request("WPS_ER_LEARN " + ap_uuid + " " + ap_pin)
1622 ev = dev[0].wait_event(["WPS-ER-AP-SETTINGS"], timeout=15)
1623 if ev is None:
1624 raise Exception("AP learn timed out")
1625 ev = dev[0].wait_event(["WPS-FAIL"], timeout=15)
1626 if ev is None:
1627 raise Exception("WPS-FAIL after AP learn timed out")
1628 time.sleep(0.1)
1629
1630 with alloc_fail(dev[0], 1, "=wps_er_ap_use_cached_settings"):
1631 hapd.disable()
1632
1633 for i in range(2):
1634 ev = dev[0].wait_event([ "WPS-ER-AP-REMOVE",
1635 "CTRL-EVENT-DISCONNECTED" ],
1636 timeout=15)
1637 if ev is None:
1638 raise Exception("AP removal or disconnection timed out")
1639
1640 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
1641 for i in range(2):
1642 ev = dev[0].wait_event([ "WPS-ER-AP-ADD", "CTRL-EVENT-CONNECTED" ],
1643 timeout=15)
1644 if ev is None:
1645 raise Exception("AP discovery or connection timed out")
1646
1647 dev[0].request("WPS_ER_STOP")
1648
1649def test_ap_wps_er_cache_ap_settings_oom2(dev, apdev):
1650 """WPS ER caching AP settings (OOM 2)"""
1651 try:
1652 _test_ap_wps_er_cache_ap_settings_oom2(dev, apdev)
1653 finally:
1654 dev[0].request("WPS_ER_STOP")
1655
1656def _test_ap_wps_er_cache_ap_settings_oom2(dev, apdev):
1657 ssid = "wps-er-add-enrollee"
1658 ap_pin = "12345670"
1659 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
1660 params = { "ssid": ssid, "eap_server": "1", "wps_state": "2",
1661 "wpa_passphrase": "12345678", "wpa": "2",
1662 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
1663 "device_name": "Wireless AP", "manufacturer": "Company",
1664 "model_name": "WAP", "model_number": "123",
1665 "serial_number": "12345", "device_type": "6-0050F204-1",
1666 "os_version": "01020300",
1667 "config_methods": "label push_button",
1668 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo" }
1669 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
1670 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
1671 dev[0].wps_reg(apdev[0]['bssid'], ap_pin)
1672 id = int(dev[0].list_networks()[0]['id'])
1673 dev[0].set_network(id, "scan_freq", "2412")
1674
1675 dev[0].request("WPS_ER_START ifname=lo")
1676 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
1677 if ev is None:
1678 raise Exception("AP discovery timed out")
1679 if ap_uuid not in ev:
1680 raise Exception("Expected AP UUID not found")
1681
1682 dev[0].dump_monitor()
1683 dev[0].request("WPS_ER_LEARN " + ap_uuid + " " + ap_pin)
1684 ev = dev[0].wait_event(["WPS-ER-AP-SETTINGS"], timeout=15)
1685 if ev is None:
1686 raise Exception("AP learn timed out")
1687 ev = dev[0].wait_event(["WPS-FAIL"], timeout=15)
1688 if ev is None:
1689 raise Exception("WPS-FAIL after AP learn timed out")
1690 time.sleep(0.1)
1691
1692 with alloc_fail(dev[0], 1, "=wps_er_ap_cache_settings"):
1693 hapd.disable()
1694
1695 for i in range(2):
1696 ev = dev[0].wait_event([ "WPS-ER-AP-REMOVE",
1697 "CTRL-EVENT-DISCONNECTED" ],
1698 timeout=15)
1699 if ev is None:
1700 raise Exception("AP removal or disconnection timed out")
1701
1702 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
1703 for i in range(2):
1704 ev = dev[0].wait_event([ "WPS-ER-AP-ADD", "CTRL-EVENT-CONNECTED" ],
1705 timeout=15)
1706 if ev is None:
1707 raise Exception("AP discovery or connection timed out")
1708
1709 dev[0].request("WPS_ER_STOP")
1710
eb95ced2
JM		 1711def test_ap_wps_er_subscribe_oom(dev, apdev):
1712 """WPS ER subscribe OOM"""
1713 try:
1714 _test_ap_wps_er_subscribe_oom(dev, apdev)
1715 finally:
1716 dev[0].request("WPS_ER_STOP")
1717
1718def _test_ap_wps_er_subscribe_oom(dev, apdev):
1719 ssid = "wps-er-add-enrollee"
1720 ap_pin = "12345670"
1721 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
1722 params = { "ssid": ssid, "eap_server": "1", "wps_state": "2",
1723 "wpa_passphrase": "12345678", "wpa": "2",
1724 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
1725 "device_name": "Wireless AP", "manufacturer": "Company",
1726 "model_name": "WAP", "model_number": "123",
1727 "serial_number": "12345", "device_type": "6-0050F204-1",
1728 "os_version": "01020300",
1729 "config_methods": "label push_button",
1730 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo" }
1731 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
1732 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
1733 dev[0].wps_reg(apdev[0]['bssid'], ap_pin)
1734 id = int(dev[0].list_networks()[0]['id'])
1735 dev[0].set_network(id, "scan_freq", "2412")
1736
1737 with alloc_fail(dev[0], 1, "http_client_addr;wps_er_subscribe"):
1738 dev[0].request("WPS_ER_START ifname=lo")
1739 for i in range(50):
1740 res = dev[0].request("GET_ALLOC_FAIL")
1741 if res.startswith("0:"):
1742 break
1743 time.sleep(0.1)
1744 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=0)
1745 if ev:
1746 raise Exception("Unexpected AP discovery during OOM")
1747
1748 dev[0].request("WPS_ER_STOP")
1749
db9c88eb
JM		 1750def test_ap_wps_er_set_sel_reg_oom(dev, apdev):
1751 """WPS ER SetSelectedRegistrar OOM"""
1752 try:
1753 _test_ap_wps_er_set_sel_reg_oom(dev, apdev)
1754 finally:
1755 dev[0].request("WPS_ER_STOP")
1756
1757def _test_ap_wps_er_set_sel_reg_oom(dev, apdev):
1758 ssid = "wps-er-add-enrollee"
1759 ap_pin = "12345670"
1760 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
1761 params = { "ssid": ssid, "eap_server": "1", "wps_state": "2",
1762 "wpa_passphrase": "12345678", "wpa": "2",
1763 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
1764 "device_name": "Wireless AP", "manufacturer": "Company",
1765 "model_name": "WAP", "model_number": "123",
1766 "serial_number": "12345", "device_type": "6-0050F204-1",
1767 "os_version": "01020300",
1768 "config_methods": "label push_button",
1769 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo" }
1770 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
1771 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
1772 dev[0].wps_reg(apdev[0]['bssid'], ap_pin)
1773
1774 dev[0].request("WPS_ER_START ifname=lo")
1775 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=10)
1776 if ev is None:
1777 raise Exception("AP not discovered")
1778
1779 dev[0].request("WPS_ER_LEARN " + ap_uuid + " " + ap_pin)
1780 ev = dev[0].wait_event(["WPS-ER-AP-SETTINGS"], timeout=15)
1781 if ev is None:
1782 raise Exception("AP learn timed out")
1783 ev = dev[0].wait_event(["WPS-FAIL"], timeout=15)
1784 if ev is None:
1785 raise Exception("WPS-FAIL timed out")
1786 time.sleep(0.1)
1787
1788 for func in [ "http_client_url_parse;wps_er_send_set_sel_reg",
1789 "wps_er_soap_hdr;wps_er_send_set_sel_reg",
1790 "http_client_addr;wps_er_send_set_sel_reg",
1791 "wpabuf_alloc;wps_er_set_sel_reg" ]:
1792 with alloc_fail(dev[0], 1, func):
1793 if "OK" not in dev[0].request("WPS_ER_PBC " + ap_uuid):
1794 raise Exception("WPS_ER_PBC failed")
1795 ev = dev[0].wait_event(["WPS-PBC-ACTIVE"], timeout=3)
1796 if ev is None:
1797 raise Exception("WPS-PBC-ACTIVE not seen")
1798
1799 dev[0].request("WPS_ER_STOP")
1800
ae3eacf7
JM		 1801def test_ap_wps_er_learn_oom(dev, apdev):
1802 """WPS ER learn OOM"""
1803 try:
1804 _test_ap_wps_er_learn_oom(dev, apdev)
1805 finally:
1806 dev[0].request("WPS_ER_STOP")
1807
1808def _test_ap_wps_er_learn_oom(dev, apdev):
1809 ssid = "wps-er-add-enrollee"
1810 ap_pin = "12345670"
1811 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
1812 params = { "ssid": ssid, "eap_server": "1", "wps_state": "2",
1813 "wpa_passphrase": "12345678", "wpa": "2",
1814 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
1815 "device_name": "Wireless AP", "manufacturer": "Company",
1816 "model_name": "WAP", "model_number": "123",
1817 "serial_number": "12345", "device_type": "6-0050F204-1",
1818 "os_version": "01020300",
1819 "config_methods": "label push_button",
1820 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo" }
1821 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
1822 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
1823 dev[0].wps_reg(apdev[0]['bssid'], ap_pin)
1824
1825 dev[0].request("WPS_ER_START ifname=lo")
1826 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=10)
1827 if ev is None:
1828 raise Exception("AP not discovered")
1829
1830 for func in [ "wps_er_http_put_message_cb",
1831 "xml_get_base64_item;wps_er_http_put_message_cb",
1832 "http_client_url_parse;wps_er_ap_put_message",
1833 "wps_er_soap_hdr;wps_er_ap_put_message",
1834 "http_client_addr;wps_er_ap_put_message" ]:
1835 with alloc_fail(dev[0], 1, func):
1836 dev[0].request("WPS_ER_LEARN " + ap_uuid + " " + ap_pin)
1837 ev = dev[0].wait_event(["WPS-ER-AP-SETTINGS"], timeout=1)
1838 if ev is not None:
1839 raise Exception("AP learn succeeded during OOM")
1840
1841 dev[0].request("WPS_ER_LEARN " + ap_uuid + " " + ap_pin)
1842 ev = dev[0].wait_event(["WPS-ER-AP-SETTINGS"], timeout=10)
1843 if ev is None:
1844 raise Exception("AP learn did not succeed")
1845
1846 if "FAIL" not in dev[0].request("WPS_ER_LEARN 00000000-9e5c-4e73-bd82-f89cbcd10d7e " + ap_pin):
1847 raise Exception("WPS_ER_LEARN for unknown AP accepted")
1848
1849 dev[0].request("WPS_ER_STOP")
1850
bff3ac5b
JM		 1851def test_ap_wps_fragmentation(dev, apdev):
1852 """WPS with fragmentation in EAP-WSC and mixed mode WPA+WPA2"""
1853 ssid = "test-wps-fragmentation"
9602b355 1854 appin = "12345670"
bff3ac5b
JM		 1855 hostapd.add_ap(apdev[0]['ifname'],
1856 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
1857 "wpa_passphrase": "12345678", "wpa": "3",
1858 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
9602b355 1859 "wpa_pairwise": "TKIP", "ap_pin": appin,
bff3ac5b
JM		 1860 "fragment_size": "50" })
1861 hapd = hostapd.Hostapd(apdev[0]['ifname'])
9602b355 1862 logger.info("WPS provisioning step (PBC)")
bff3ac5b 1863 hapd.request("WPS_PBC")
33d0b157 1864 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
bff3ac5b
JM		 1865 dev[0].dump_monitor()
1866 dev[0].request("SET wps_fragment_size 50")
33d0b157 1867 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
5f35a5e2 1868 dev[0].wait_connected(timeout=30)
bff3ac5b
JM		 1869 status = dev[0].get_status()
1870 if status['wpa_state'] != 'COMPLETED':
9602b355
JM		 1871 raise Exception("Not fully connected")
1872 if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'TKIP':
1873 raise Exception("Unexpected encryption configuration")
1874 if status['key_mgmt'] != 'WPA2-PSK':
1875 raise Exception("Unexpected key_mgmt")
1876
1877 logger.info("WPS provisioning step (PIN)")
1878 pin = dev[1].wps_read_pin()
1879 hapd.request("WPS_PIN any " + pin)
33d0b157 1880 dev[1].scan_for_bss(apdev[0]['bssid'], freq=2412)
9602b355 1881 dev[1].request("SET wps_fragment_size 50")
33d0b157 1882 dev[1].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
5f35a5e2 1883 dev[1].wait_connected(timeout=30)
9602b355
JM		 1884 status = dev[1].get_status()
1885 if status['wpa_state'] != 'COMPLETED':
1886 raise Exception("Not fully connected")
1887 if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'TKIP':
1888 raise Exception("Unexpected encryption configuration")
1889 if status['key_mgmt'] != 'WPA2-PSK':
1890 raise Exception("Unexpected key_mgmt")
1891
1892 logger.info("WPS connection as registrar")
33d0b157 1893 dev[2].scan_for_bss(apdev[0]['bssid'], freq=2412)
9602b355
JM		 1894 dev[2].request("SET wps_fragment_size 50")
1895 dev[2].wps_reg(apdev[0]['bssid'], appin)
1896 status = dev[2].get_status()
1897 if status['wpa_state'] != 'COMPLETED':
bff3ac5b
JM		 1898 raise Exception("Not fully connected")
1899 if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'TKIP':
1900 raise Exception("Unexpected encryption configuration")
1901 if status['key_mgmt'] != 'WPA2-PSK':
1902 raise Exception("Unexpected key_mgmt")
10ea6848
JM		 1903
1904def test_ap_wps_new_version_sta(dev, apdev):
1905 """WPS compatibility with new version number on the station"""
1906 ssid = "test-wps-ver"
1907 hostapd.add_ap(apdev[0]['ifname'],
1908 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
1909 "wpa_passphrase": "12345678", "wpa": "2",
1910 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP" })
1911 hapd = hostapd.Hostapd(apdev[0]['ifname'])
1912 logger.info("WPS provisioning step")
1913 hapd.request("WPS_PBC")
33d0b157 1914 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
10ea6848
JM		 1915 dev[0].dump_monitor()
1916 dev[0].request("SET wps_version_number 0x43")
dccafedb 1917 dev[0].request("SET wps_vendor_ext_m1 000137100100020001")
33d0b157 1918 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
5f35a5e2 1919 dev[0].wait_connected(timeout=30)
10ea6848
JM		 1920
1921def test_ap_wps_new_version_ap(dev, apdev):
1922 """WPS compatibility with new version number on the AP"""
1923 ssid = "test-wps-ver"
1924 hostapd.add_ap(apdev[0]['ifname'],
1925 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
1926 "wpa_passphrase": "12345678", "wpa": "2",
1927 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP" })
1928 hapd = hostapd.Hostapd(apdev[0]['ifname'])
1929 logger.info("WPS provisioning step")
1930 if "FAIL" in hapd.request("SET wps_version_number 0x43"):
1931 raise Exception("Failed to enable test functionality")
1932 hapd.request("WPS_PBC")
33d0b157 1933 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
10ea6848 1934 dev[0].dump_monitor()
33d0b157 1935 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
5f35a5e2 1936 dev[0].wait_connected(timeout=30)
10ea6848 1937 hapd.request("SET wps_version_number 0x20")
3bdf7d7f
JM		 1938
1939def test_ap_wps_check_pin(dev, apdev):
1940 """Verify PIN checking through control interface"""
1941 hostapd.add_ap(apdev[0]['ifname'],
1942 { "ssid": "wps", "eap_server": "1", "wps_state": "2",
1943 "wpa_passphrase": "12345678", "wpa": "2",
1944 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP" })
1945 hapd = hostapd.Hostapd(apdev[0]['ifname'])
1946 for t in [ ("12345670", "12345670"),
1947 ("12345678", "FAIL-CHECKSUM"),
df58939c 1948 ("12345", "FAIL"),
6e12eaa4 1949 ("123456789", "FAIL"),
3bdf7d7f
JM		 1950 ("1234-5670", "12345670"),
1951 ("1234 5670", "12345670"),
1952 ("1-2.3:4 5670", "12345670") ]:
1953 res = hapd.request("WPS_CHECK_PIN " + t[0]).rstrip('\n')
1954 res2 = dev[0].request("WPS_CHECK_PIN " + t[0]).rstrip('\n')
1955 if res != res2:
1956 raise Exception("Unexpected difference in WPS_CHECK_PIN responses")
1957 if res != t[1]:
1958 raise Exception("Incorrect WPS_CHECK_PIN response {} (expected {})".format(res, t[1]))
9ba1fcb0 1959
ac786d67
JM		 1960 if "FAIL" not in hapd.request("WPS_CHECK_PIN 12345"):
1961 raise Exception("Unexpected WPS_CHECK_PIN success")
1962 if "FAIL" not in hapd.request("WPS_CHECK_PIN 123456789"):
1963 raise Exception("Unexpected WPS_CHECK_PIN success")
1964
acd9b45a
JM		 1965 for i in range(0, 10):
1966 pin = dev[0].request("WPS_PIN get")
1967 rpin = dev[0].request("WPS_CHECK_PIN " + pin).rstrip('\n')
1968 if pin != rpin:
1969 raise Exception("Random PIN validation failed for " + pin)
1970
9ba1fcb0
JM		 1971def test_ap_wps_wep_config(dev, apdev):
1972 """WPS 2.0 AP rejecting WEP configuration"""
1973 ssid = "test-wps-config"
1974 appin = "12345670"
1975 hostapd.add_ap(apdev[0]['ifname'],
1976 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
1977 "ap_pin": appin})
1978 hapd = hostapd.Hostapd(apdev[0]['ifname'])
33d0b157 1979 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
9ba1fcb0
JM		 1980 dev[0].wps_reg(apdev[0]['bssid'], appin, "wps-new-ssid-wep", "OPEN", "WEP",
1981 "hello", no_wait=True)
1982 ev = hapd.wait_event(["WPS-FAIL"], timeout=15)
1983 if ev is None:
1984 raise Exception("WPS-FAIL timed out")
1985 if "reason=2" not in ev:
1986 raise Exception("Unexpected reason code in WPS-FAIL")
1987 status = hapd.request("WPS_GET_STATUS")
1988 if "Last WPS result: Failed" not in status:
1989 raise Exception("WPS failure result not shown correctly")
1990 if "Failure Reason: WEP Prohibited" not in status:
1991 raise Exception("Failure reason not reported correctly")
1992 if "Peer Address: " + dev[0].p2p_interface_addr() not in status:
1993 raise Exception("Peer address not shown correctly")
1013a576 1994
11d78bb1
JM		 1995def test_ap_wps_wep_enroll(dev, apdev):
1996 """WPS 2.0 STA rejecting WEP configuration"""
1997 ssid = "test-wps-wep"
1998 hostapd.add_ap(apdev[0]['ifname'],
1999 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
2000 "skip_cred_build": "1", "extra_cred": "wps-wep-cred" })
2001 hapd = hostapd.Hostapd(apdev[0]['ifname'])
2002 hapd.request("WPS_PBC")
33d0b157
JM		 2003 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
2004 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
11d78bb1
JM		 2005 ev = dev[0].wait_event(["WPS-FAIL"], timeout=15)
2006 if ev is None:
2007 raise Exception("WPS-FAIL event timed out")
2008 if "msg=12" not in ev or "reason=2 (WEP Prohibited)" not in ev:
2009 raise Exception("Unexpected WPS-FAIL event: " + ev)
2010
1013a576
JM		 2011def test_ap_wps_ie_fragmentation(dev, apdev):
2012 """WPS AP using fragmented WPS IE"""
2013 ssid = "test-wps-ie-fragmentation"
2014 params = { "ssid": ssid, "eap_server": "1", "wps_state": "2",
2015 "wpa_passphrase": "12345678", "wpa": "2",
2016 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
2017 "device_name": "1234567890abcdef1234567890abcdef",
2018 "manufacturer": "1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef",
2019 "model_name": "1234567890abcdef1234567890abcdef",
2020 "model_number": "1234567890abcdef1234567890abcdef",
2021 "serial_number": "1234567890abcdef1234567890abcdef" }
2022 hostapd.add_ap(apdev[0]['ifname'], params)
2023 hapd = hostapd.Hostapd(apdev[0]['ifname'])
2024 hapd.request("WPS_PBC")
33d0b157
JM		 2025 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
2026 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
5f35a5e2 2027 dev[0].wait_connected(timeout=30)
1013a576
JM		 2028 bss = dev[0].get_bss(apdev[0]['bssid'])
2029 if "wps_device_name" not in bss or bss['wps_device_name'] != "1234567890abcdef1234567890abcdef":
cf3f0ec8 2030 logger.info("Device Name not received correctly")
d7a68ad6 2031 logger.info(bss)
cf3f0ec8
JM		 2032 # This can fail if Probe Response frame is missed and Beacon frame was
2033 # used to fill in the BSS entry. This can happen, e.g., during heavy
2034 # load every now and then and is not really an error, so try to
2035 # workaround by runnign another scan.
2036 dev[0].scan(freq="2412", only_new=True)
2037 bss = dev[0].get_bss(apdev[0]['bssid'])
84a40841 2038 if not bss or "wps_device_name" not in bss or bss['wps_device_name'] != "1234567890abcdef1234567890abcdef":
cf3f0ec8
JM		 2039 logger.info(bss)
2040 raise Exception("Device Name not received correctly")
1013a576
JM		 2041 if len(re.findall("dd..0050f204", bss['ie'])) != 2:
2042 raise Exception("Unexpected number of WPS IEs")
44ff0400 2043
2035b170
JM		 2044def get_psk(pskfile):
2045 psks = {}
2046 with open(pskfile, "r") as f:
2047 lines = f.read().splitlines()
2048 for l in lines:
2049 if l == "# WPA PSKs":
2050 continue
2051 (addr,psk) = l.split(' ')
2052 psks[addr] = psk
2053 return psks
2054
2055def test_ap_wps_per_station_psk(dev, apdev):
2056 """WPS PBC provisioning with per-station PSK"""
1d21a5be
B		 2057 addr0 = dev[0].own_addr()
2058 addr1 = dev[1].own_addr()
2059 addr2 = dev[2].own_addr()
2035b170
JM		 2060 ssid = "wps"
2061 appin = "12345670"
2062 pskfile = "/tmp/ap_wps_per_enrollee_psk.psk_file"
2063 try:
2064 os.remove(pskfile)
2065 except:
2066 pass
2067
4f524e99 2068 hapd = None
2035b170
JM		 2069 try:
2070 with open(pskfile, "w") as f:
2071 f.write("# WPA PSKs\n")
2072
2073 params = { "ssid": ssid, "eap_server": "1", "wps_state": "2",
2074 "wpa": "2", "wpa_key_mgmt": "WPA-PSK",
2075 "rsn_pairwise": "CCMP", "ap_pin": appin,
2076 "wpa_psk_file": pskfile }
2077 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
2078
2079 logger.info("First enrollee")
2080 hapd.request("WPS_PBC")
33d0b157
JM		 2081 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
2082 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
5f35a5e2 2083 dev[0].wait_connected(timeout=30)
2035b170
JM		 2084
2085 logger.info("Second enrollee")
2086 hapd.request("WPS_PBC")
33d0b157
JM		 2087 dev[1].scan_for_bss(apdev[0]['bssid'], freq=2412)
2088 dev[1].request("WPS_PBC " + apdev[0]['bssid'])
5f35a5e2 2089 dev[1].wait_connected(timeout=30)
2035b170
JM		 2090
2091 logger.info("External registrar")
33d0b157 2092 dev[2].scan_for_bss(apdev[0]['bssid'], freq=2412)
2035b170
JM		 2093 dev[2].wps_reg(apdev[0]['bssid'], appin)
2094
2095 logger.info("Verifying PSK results")
2096 psks = get_psk(pskfile)
2097 if addr0 not in psks:
2098 raise Exception("No PSK recorded for sta0")
2099 if addr1 not in psks:
2100 raise Exception("No PSK recorded for sta1")
2101 if addr2 not in psks:
2102 raise Exception("No PSK recorded for sta2")
2103 if psks[addr0] == psks[addr1]:
2104 raise Exception("Same PSK recorded for sta0 and sta1")
2105 if psks[addr0] == psks[addr2]:
2106 raise Exception("Same PSK recorded for sta0 and sta2")
2107 if psks[addr1] == psks[addr2]:
2108 raise Exception("Same PSK recorded for sta1 and sta2")
2109
2110 dev[0].request("REMOVE_NETWORK all")
2111 logger.info("Second external registrar")
33d0b157 2112 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
2035b170
JM		 2113 dev[0].wps_reg(apdev[0]['bssid'], appin)
2114 psks2 = get_psk(pskfile)
2115 if addr0 not in psks2:
2116 raise Exception("No PSK recorded for sta0(reg)")
2117 if psks[addr0] == psks2[addr0]:
2118 raise Exception("Same PSK recorded for sta0(enrollee) and sta0(reg)")
2119 finally:
2120 os.remove(pskfile)
4f524e99
JM		 2121 if hapd:
2122 dev[0].request("DISCONNECT")
2123 dev[1].request("DISCONNECT")
2124 dev[2].request("DISCONNECT")
2125 hapd.disable()
2126 dev[0].flush_scan_cache()
2127 dev[1].flush_scan_cache()
2128 dev[2].flush_scan_cache()
2035b170 2129
373cce55
JM		 2130def test_ap_wps_per_station_psk_failure(dev, apdev):
2131 """WPS PBC provisioning with per-station PSK (file not writable)"""
2132 addr0 = dev[0].p2p_dev_addr()
2133 addr1 = dev[1].p2p_dev_addr()
2134 addr2 = dev[2].p2p_dev_addr()
2135 ssid = "wps"
2136 appin = "12345670"
2137 pskfile = "/tmp/ap_wps_per_enrollee_psk.psk_file"
2138 try:
2139 os.remove(pskfile)
2140 except:
2141 pass
2142
2143 try:
2144 with open(pskfile, "w") as f:
2145 f.write("# WPA PSKs\n")
2146
2147 params = { "ssid": ssid, "eap_server": "1", "wps_state": "2",
2148 "wpa": "2", "wpa_key_mgmt": "WPA-PSK",
2149 "rsn_pairwise": "CCMP", "ap_pin": appin,
2150 "wpa_psk_file": pskfile }
2151 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
2152 if "FAIL" in hapd.request("SET wpa_psk_file /tmp/does/not/exists/ap_wps_per_enrollee_psk_failure.psk_file"):
2153 raise Exception("Failed to set wpa_psk_file")
2154
2155 logger.info("First enrollee")
2156 hapd.request("WPS_PBC")
33d0b157
JM		 2157 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
2158 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
5f35a5e2 2159 dev[0].wait_connected(timeout=30)
373cce55
JM		 2160
2161 logger.info("Second enrollee")
2162 hapd.request("WPS_PBC")
33d0b157
JM		 2163 dev[1].scan_for_bss(apdev[0]['bssid'], freq=2412)
2164 dev[1].request("WPS_PBC " + apdev[0]['bssid'])
5f35a5e2 2165 dev[1].wait_connected(timeout=30)
373cce55
JM		 2166
2167 logger.info("External registrar")
33d0b157 2168 dev[2].scan_for_bss(apdev[0]['bssid'], freq=2412)
373cce55
JM		 2169 dev[2].wps_reg(apdev[0]['bssid'], appin)
2170
2171 logger.info("Verifying PSK results")
2172 psks = get_psk(pskfile)
2173 if len(psks) > 0:
2174 raise Exception("PSK recorded unexpectedly")
2175 finally:
2176 os.remove(pskfile)
2177
e8518757
JM		 2178def test_ap_wps_pin_request_file(dev, apdev):
2179 """WPS PIN provisioning with configured AP"""
2180 ssid = "wps"
2181 pinfile = "/tmp/ap_wps_pin_request_file.log"
2182 if os.path.exists(pinfile):
b638f703 2183 os.remove(pinfile)
e8518757
JM		 2184 hostapd.add_ap(apdev[0]['ifname'],
2185 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
2186 "wps_pin_requests": pinfile,
2187 "wpa_passphrase": "12345678", "wpa": "2",
2188 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
2189 hapd = hostapd.Hostapd(apdev[0]['ifname'])
2190 uuid = dev[0].get_status_field("uuid")
2191 pin = dev[0].wps_read_pin()
2192 try:
33d0b157
JM		 2193 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
2194 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
e8518757
JM		 2195 ev = hapd.wait_event(["WPS-PIN-NEEDED"], timeout=15)
2196 if ev is None:
2197 raise Exception("PIN needed event not shown")
2198 if uuid not in ev:
2199 raise Exception("UUID mismatch")
2200 dev[0].request("WPS_CANCEL")
2201 success = False
2202 with open(pinfile, "r") as f:
2203 lines = f.readlines()
2204 for l in lines:
2205 if uuid in l:
2206 success = True
2207 break
2208 if not success:
2209 raise Exception("PIN request entry not in the log file")
2210 finally:
b638f703
JM		 2211 try:
2212 os.remove(pinfile)
2213 except:
2214 pass
e8518757 2215
56887c35
JM		 2216def test_ap_wps_auto_setup_with_config_file(dev, apdev):
2217 """WPS auto-setup with configuration file"""
2218 conffile = "/tmp/ap_wps_auto_setup_with_config_file.conf"
2219 ifname = apdev[0]['ifname']
2220 try:
2221 with open(conffile, "w") as f:
2222 f.write("driver=nl80211\n")
2223 f.write("hw_mode=g\n")
2224 f.write("channel=1\n")
2225 f.write("ieee80211n=1\n")
2226 f.write("interface=%s\n" % ifname)
2227 f.write("ctrl_interface=/var/run/hostapd\n")
2228 f.write("ssid=wps\n")
2229 f.write("eap_server=1\n")
2230 f.write("wps_state=1\n")
2231 hostapd.add_bss('phy3', ifname, conffile)
2232 hapd = hostapd.Hostapd(ifname)
2233 hapd.request("WPS_PBC")
33d0b157
JM		 2234 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
2235 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
5f35a5e2 2236 dev[0].wait_connected(timeout=30)
56887c35
JM		 2237 with open(conffile, "r") as f:
2238 lines = f.read().splitlines()
2239 vals = dict()
2240 for l in lines:
2241 try:
2242 [name,value] = l.split('=', 1)
2243 vals[name] = value
2244 except ValueError, e:
2245 if "# WPS configuration" in l:
2246 pass
2247 else:
2248 raise Exception("Unexpected configuration line: " + l)
2249 if vals['ieee80211n'] != '1' or vals['wps_state'] != '2' or "WPA-PSK" not in vals['wpa_key_mgmt']:
2250 raise Exception("Incorrect configuration: " + str(vals))
2251 finally:
b638f703
JM		 2252 try:
2253 os.remove(conffile)
2254 except:
2255 pass
56887c35 2256
91f3cf69 2257def test_ap_wps_pbc_timeout(dev, apdev, params):
31e56b95 2258 """wpa_supplicant PBC walk time and WPS ER SelReg timeout [long]"""
91f3cf69 2259 if not params['long']:
81e787b7 2260 raise HwsimSkip("Skip test case with long duration due to --long not specified")
31e56b95
JM		 2261 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
2262 hapd = add_ssdp_ap(apdev[0]['ifname'], ap_uuid)
2263
2264 location = ssdp_get_location(ap_uuid)
2265 urls = upnp_get_urls(location)
2266 eventurl = urlparse.urlparse(urls['event_sub_url'])
2267 ctrlurl = urlparse.urlparse(urls['control_url'])
2268
2269 url = urlparse.urlparse(location)
2270 conn = httplib.HTTPConnection(url.netloc)
2271
2272 class WPSERHTTPServer(SocketServer.StreamRequestHandler):
2273 def handle(self):
2274 data = self.rfile.readline().strip()
2275 logger.debug(data)
2276 self.wfile.write(gen_wps_event())
2277
2278 server = MyTCPServer(("127.0.0.1", 12345), WPSERHTTPServer)
2279 server.timeout = 1
2280
2281 headers = { "callback": '<http://127.0.0.1:12345/event>',
2282 "NT": "upnp:event",
2283 "timeout": "Second-1234" }
2284 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
2285 resp = conn.getresponse()
2286 if resp.status != 200:
2287 raise Exception("Unexpected HTTP response: %d" % resp.status)
2288 sid = resp.getheader("sid")
2289 logger.debug("Subscription SID " + sid)
2290
2291 msg = '''<?xml version="1.0"?>
2292<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
2293<s:Body>
2294<u:SetSelectedRegistrar xmlns:u="urn:schemas-wifialliance-org:service:WFAWLANConfig:1">
2295<NewMessage>EEoAARAQQQABARASAAIAABBTAAIxSBBJAA4ANyoAASABBv///////xBIABA2LbR7pTpRkYj7
2296VFi5hrLk
2297</NewMessage>
2298</u:SetSelectedRegistrar>
2299</s:Body>
2300</s:Envelope>'''
2301 headers = { "Content-type": 'text/xml; charset="utf-8"' }
2302 headers["SOAPAction"] = '"urn:schemas-wifialliance-org:service:WFAWLANConfig:1#%s"' % "SetSelectedRegistrar"
2303 conn.request("POST", ctrlurl.path, msg, headers)
2304 resp = conn.getresponse()
2305 if resp.status != 200:
2306 raise Exception("Unexpected HTTP response: %d" % resp.status)
2307
2308 server.handle_request()
2309
91f3cf69
JM		 2310 logger.info("Start WPS_PBC and wait for PBC walk time expiration")
2311 if "OK" not in dev[0].request("WPS_PBC"):
2312 raise Exception("WPS_PBC failed")
31e56b95
JM		 2313
2314 start = os.times()[4]
2315
2316 server.handle_request()
2317 dev[1].request("BSS_FLUSH 0")
2318 dev[1].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True,
2319 only_new=True)
2320 bss = dev[1].get_bss(apdev[0]['bssid'])
2321 logger.debug("BSS: " + str(bss))
2322 if '[WPS-AUTH]' not in bss['flags']:
2323 raise Exception("WPS not indicated authorized")
2324
2325 server.handle_request()
2326
2327 wps_timeout_seen = False
2328
2329 while True:
2330 hapd.dump_monitor()
2331 dev[1].dump_monitor()
2332 if not wps_timeout_seen:
2333 ev = dev[0].wait_event(["WPS-TIMEOUT"], timeout=0)
2334 if ev is not None:
2335 logger.info("PBC timeout seen")
2336 wps_timeout_seen = True
2337 else:
2338 dev[0].dump_monitor()
2339 now = os.times()[4]
2340 if now - start > 130:
2341 raise Exception("Selected registration information not removed")
2342 dev[1].request("BSS_FLUSH 0")
2343 dev[1].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True,
2344 only_new=True)
2345 bss = dev[1].get_bss(apdev[0]['bssid'])
2346 logger.debug("BSS: " + str(bss))
2347 if '[WPS-AUTH]' not in bss['flags']:
2348 break
2349 server.handle_request()
2350
2351 server.server_close()
2352
2353 if wps_timeout_seen:
2354 return
2355
2356 now = os.times()[4]
2357 if now < start + 150:
2358 dur = start + 150 - now
2359 else:
2360 dur = 1
2361 logger.info("Continue waiting for PBC timeout (%d sec)" % dur)
2362 ev = dev[0].wait_event(["WPS-TIMEOUT"], timeout=dur)
91f3cf69
JM		 2363 if ev is None:
2364 raise Exception("WPS-TIMEOUT not reported")
2365
44ff0400
JM		 2366def add_ssdp_ap(ifname, ap_uuid):
2367 ssid = "wps-ssdp"
2368 ap_pin = "12345670"
24b7f282
JM		 2369 params = { "ssid": ssid, "eap_server": "1", "wps_state": "2",
2370 "wpa_passphrase": "12345678", "wpa": "2",
2371 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
2372 "device_name": "Wireless AP", "manufacturer": "Company",
2373 "model_name": "WAP", "model_number": "123",
2374 "serial_number": "12345", "device_type": "6-0050F204-1",
2375 "os_version": "01020300",
2376 "config_methods": "label push_button",
2377 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo",
2378 "friendly_name": "WPS Access Point",
2379 "manufacturer_url": "http://www.example.com/",
2380 "model_description": "Wireless Access Point",
2381 "model_url": "http://www.example.com/model/",
2382 "upc": "123456789012" }
2383 return hostapd.add_ap(ifname, params)
44ff0400
JM		 2384
2385def ssdp_send(msg, no_recv=False):
2386 socket.setdefaulttimeout(1)
2387 sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
2388 sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
2389 sock.setsockopt(socket.IPPROTO_IP, socket.IP_MULTICAST_TTL, 2)
2390 sock.bind(("127.0.0.1", 0))
2391 sock.sendto(msg, ("239.255.255.250", 1900))
2392 if no_recv:
2393 return None
2394 return sock.recv(1000)
2395
96038a5f 2396def ssdp_send_msearch(st, no_recv=False):
44ff0400
JM		 2397 msg = '\r\n'.join([
2398 'M-SEARCH * HTTP/1.1',
2399 'HOST: 239.255.255.250:1900',
2400 'MX: 1',
2401 'MAN: "ssdp:discover"',
2402 'ST: ' + st,
2403 '', ''])
96038a5f 2404 return ssdp_send(msg, no_recv=no_recv)
44ff0400
JM		 2405
2406def test_ap_wps_ssdp_msearch(dev, apdev):
2407 """WPS AP and SSDP M-SEARCH messages"""
2408 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
2409 add_ssdp_ap(apdev[0]['ifname'], ap_uuid)
2410
2411 msg = '\r\n'.join([
2412 'M-SEARCH * HTTP/1.1',
2413 'Host: 239.255.255.250:1900',
2414 'Mx: 1',
2415 'Man: "ssdp:discover"',
2416 'St: urn:schemas-wifialliance-org:device:WFADevice:1',
2417 '', ''])
2418 ssdp_send(msg)
2419
2420 msg = '\r\n'.join([
2421 'M-SEARCH * HTTP/1.1',
2422 'host:\t239.255.255.250:1900\t\t\t\t \t\t',
2423 'mx: \t1\t\t ',
2424 'man: \t \t "ssdp:discover" ',
2425 'st: urn:schemas-wifialliance-org:device:WFADevice:1\t\t',
2426 '', ''])
2427 ssdp_send(msg)
2428
2429 ssdp_send_msearch("ssdp:all")
2430 ssdp_send_msearch("upnp:rootdevice")
2431 ssdp_send_msearch("uuid:" + ap_uuid)
2432 ssdp_send_msearch("urn:schemas-wifialliance-org:service:WFAWLANConfig:1")
2433 ssdp_send_msearch("urn:schemas-wifialliance-org:device:WFADevice:1");
2434
2435 msg = '\r\n'.join([
2436 'M-SEARCH * HTTP/1.1',
2437 'HOST:\t239.255.255.250:1900',
2438 'MAN: "ssdp:discover"',
2439 'MX: 130',
2440 'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
2441 '', ''])
2442 ssdp_send(msg, no_recv=True)
2443
2444def test_ap_wps_ssdp_invalid_msearch(dev, apdev):
2445 """WPS AP and invalid SSDP M-SEARCH messages"""
2446 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
2447 add_ssdp_ap(apdev[0]['ifname'], ap_uuid)
2448
2449 socket.setdefaulttimeout(1)
2450 sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
2451 sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
2452 sock.setsockopt(socket.IPPROTO_IP, socket.IP_MULTICAST_TTL, 2)
2453 sock.bind(("127.0.0.1", 0))
2454
2455 logger.debug("Missing MX")
2456 msg = '\r\n'.join([
2457 'M-SEARCH * HTTP/1.1',
2458 'HOST: 239.255.255.250:1900',
2459 'MAN: "ssdp:discover"',
2460 'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
2461 '', ''])
2462 sock.sendto(msg, ("239.255.255.250", 1900))
2463
2464 logger.debug("Negative MX")
2465 msg = '\r\n'.join([
2466 'M-SEARCH * HTTP/1.1',
2467 'HOST: 239.255.255.250:1900',
2468 'MX: -1',
2469 'MAN: "ssdp:discover"',
2470 'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
2471 '', ''])
2472 sock.sendto(msg, ("239.255.255.250", 1900))
2473
2474 logger.debug("Invalid MX")
2475 msg = '\r\n'.join([
2476 'M-SEARCH * HTTP/1.1',
2477 'HOST: 239.255.255.250:1900',
2478 'MX; 1',
2479 'MAN: "ssdp:discover"',
2480 'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
2481 '', ''])
2482 sock.sendto(msg, ("239.255.255.250", 1900))
2483
2484 logger.debug("Missing MAN")
2485 msg = '\r\n'.join([
2486 'M-SEARCH * HTTP/1.1',
2487 'HOST: 239.255.255.250:1900',
2488 'MX: 1',
2489 'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
2490 '', ''])
2491 sock.sendto(msg, ("239.255.255.250", 1900))
2492
2493 logger.debug("Invalid MAN")
2494 msg = '\r\n'.join([
2495 'M-SEARCH * HTTP/1.1',
2496 'HOST: 239.255.255.250:1900',
2497 'MX: 1',
2498 'MAN: foo',
2499 'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
2500 '', ''])
2501 sock.sendto(msg, ("239.255.255.250", 1900))
2502 msg = '\r\n'.join([
2503 'M-SEARCH * HTTP/1.1',
2504 'HOST: 239.255.255.250:1900',
2505 'MX: 1',
2506 'MAN; "ssdp:discover"',
2507 'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
2508 '', ''])
2509 sock.sendto(msg, ("239.255.255.250", 1900))
2510
2511 logger.debug("Missing HOST")
2512 msg = '\r\n'.join([
2513 'M-SEARCH * HTTP/1.1',
2514 'MAN: "ssdp:discover"',
2515 'MX: 1',
2516 'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
2517 '', ''])
2518 sock.sendto(msg, ("239.255.255.250", 1900))
2519
2520 logger.debug("Missing ST")
2521 msg = '\r\n'.join([
2522 'M-SEARCH * HTTP/1.1',
2523 'HOST: 239.255.255.250:1900',
2524 'MAN: "ssdp:discover"',
2525 'MX: 1',
2526 '', ''])
2527 sock.sendto(msg, ("239.255.255.250", 1900))
2528
2529 logger.debug("Mismatching ST")
2530 msg = '\r\n'.join([
2531 'M-SEARCH * HTTP/1.1',
2532 'HOST: 239.255.255.250:1900',
2533 'MAN: "ssdp:discover"',
2534 'MX: 1',
2535 'ST: uuid:16d5f8a9-4ee4-4f5e-81f9-cc6e2f47f42d',
2536 '', ''])
2537 sock.sendto(msg, ("239.255.255.250", 1900))
2538 msg = '\r\n'.join([
2539 'M-SEARCH * HTTP/1.1',
2540 'HOST: 239.255.255.250:1900',
2541 'MAN: "ssdp:discover"',
2542 'MX: 1',
2543 'ST: foo:bar',
2544 '', ''])
2545 sock.sendto(msg, ("239.255.255.250", 1900))
2546 msg = '\r\n'.join([
2547 'M-SEARCH * HTTP/1.1',
2548 'HOST: 239.255.255.250:1900',
2549 'MAN: "ssdp:discover"',
2550 'MX: 1',
2551 'ST: foobar',
2552 '', ''])
2553 sock.sendto(msg, ("239.255.255.250", 1900))
2554
2555 logger.debug("Invalid ST")
2556 msg = '\r\n'.join([
2557 'M-SEARCH * HTTP/1.1',
2558 'HOST: 239.255.255.250:1900',
2559 'MAN: "ssdp:discover"',
2560 'MX: 1',
2561 'ST; urn:schemas-wifialliance-org:device:WFADevice:1',
2562 '', ''])
2563 sock.sendto(msg, ("239.255.255.250", 1900))
2564
2565 logger.debug("Invalid M-SEARCH")
2566 msg = '\r\n'.join([
2567 'M+SEARCH * HTTP/1.1',
2568 'HOST: 239.255.255.250:1900',
2569 'MAN: "ssdp:discover"',
2570 'MX: 1',
2571 'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
2572 '', ''])
2573 sock.sendto(msg, ("239.255.255.250", 1900))
2574 msg = '\r\n'.join([
2575 'M-SEARCH-* HTTP/1.1',
2576 'HOST: 239.255.255.250:1900',
2577 'MAN: "ssdp:discover"',
2578 'MX: 1',
2579 'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
2580 '', ''])
2581 sock.sendto(msg, ("239.255.255.250", 1900))
2582
2583 logger.debug("Invalid message format")
2584 sock.sendto("NOTIFY * HTTP/1.1", ("239.255.255.250", 1900))
2585 msg = '\r'.join([
2586 'M-SEARCH * HTTP/1.1',
2587 'HOST: 239.255.255.250:1900',
2588 'MAN: "ssdp:discover"',
2589 'MX: 1',
2590 'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
2591 '', ''])
2592 sock.sendto(msg, ("239.255.255.250", 1900))
2593
2594 try:
2595 r = sock.recv(1000)
2596 raise Exception("Unexpected M-SEARCH response: " + r)
2597 except socket.timeout:
2598 pass
2599
2600 logger.debug("Valid M-SEARCH")
2601 msg = '\r\n'.join([
2602 'M-SEARCH * HTTP/1.1',
2603 'HOST: 239.255.255.250:1900',
2604 'MAN: "ssdp:discover"',
2605 'MX: 1',
2606 'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
2607 '', ''])
2608 sock.sendto(msg, ("239.255.255.250", 1900))
2609
2610 try:
2611 r = sock.recv(1000)
2612 pass
2613 except socket.timeout:
2614 raise Exception("No SSDP response")
2615
2616def test_ap_wps_ssdp_burst(dev, apdev):
2617 """WPS AP and SSDP burst"""
2618 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
2619 add_ssdp_ap(apdev[0]['ifname'], ap_uuid)
2620
2621 msg = '\r\n'.join([
2622 'M-SEARCH * HTTP/1.1',
2623 'HOST: 239.255.255.250:1900',
2624 'MAN: "ssdp:discover"',
2625 'MX: 1',
2626 'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
2627 '', ''])
2628 socket.setdefaulttimeout(1)
2629 sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
2630 sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
2631 sock.setsockopt(socket.IPPROTO_IP, socket.IP_MULTICAST_TTL, 2)
2632 sock.bind(("127.0.0.1", 0))
2633 for i in range(0, 25):
2634 sock.sendto(msg, ("239.255.255.250", 1900))
2635 resp = 0
2636 while True:
2637 try:
2638 r = sock.recv(1000)
2639 if not r.startswith("HTTP/1.1 200 OK\r\n"):
2640 raise Exception("Unexpected message: " + r)
2641 resp += 1
2642 except socket.timeout:
2643 break
2644 if resp < 20:
2645 raise Exception("Too few SSDP responses")
2646
2647 sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
2648 sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
2649 sock.setsockopt(socket.IPPROTO_IP, socket.IP_MULTICAST_TTL, 2)
2650 sock.bind(("127.0.0.1", 0))
2651 for i in range(0, 25):
2652 sock.sendto(msg, ("239.255.255.250", 1900))
2653 while True:
2654 try:
2655 r = sock.recv(1000)
2656 if ap_uuid in r:
2657 break
2658 except socket.timeout:
2659 raise Exception("No SSDP response")
47c549fd
JM		 2660
2661def ssdp_get_location(uuid):
2662 res = ssdp_send_msearch("uuid:" + uuid)
2663 location = None
2664 for l in res.splitlines():
2665 if l.lower().startswith("location:"):
2666 location = l.split(':', 1)[1].strip()
2667 break
2668 if location is None:
2669 raise Exception("No UPnP location found")
2670 return location
2671
2672def upnp_get_urls(location):
2673 conn = urllib.urlopen(location)
2674 tree = ET.parse(conn)
2675 root = tree.getroot()
2676 urn = '{urn:schemas-upnp-org:device-1-0}'
2677 service = root.find("./" + urn + "device/" + urn + "serviceList/" + urn + "service")
2678 res = {}
2679 res['scpd_url'] = urlparse.urljoin(location, service.find(urn + 'SCPDURL').text)
2680 res['control_url'] = urlparse.urljoin(location, service.find(urn + 'controlURL').text)
2681 res['event_sub_url'] = urlparse.urljoin(location, service.find(urn + 'eventSubURL').text)
2682 return res
2683
dd124ee8
JM		 2684def upnp_soap_action(conn, path, action, include_soap_action=True,
2685 soap_action_override=None, newmsg=None, neweventtype=None,
2686 neweventmac=None):
47c549fd
JM		 2687 soapns = 'http://schemas.xmlsoap.org/soap/envelope/'
2688 wpsns = 'urn:schemas-wifialliance-org:service:WFAWLANConfig:1'
2689 ET.register_namespace('soapenv', soapns)
2690 ET.register_namespace('wfa', wpsns)
2691 attrib = {}
2692 attrib['{%s}encodingStyle' % soapns] = 'http://schemas.xmlsoap.org/soap/encoding/'
2693 root = ET.Element("{%s}Envelope" % soapns, attrib=attrib)
2694 body = ET.SubElement(root, "{%s}Body" % soapns)
2695 act = ET.SubElement(body, "{%s}%s" % (wpsns, action))
dd124ee8
JM		 2696 if newmsg:
2697 msg = ET.SubElement(act, "NewMessage")
2698 msg.text = base64.b64encode(newmsg)
2699 if neweventtype:
2700 msg = ET.SubElement(act, "NewWLANEventType")
2701 msg.text = neweventtype
2702 if neweventmac:
2703 msg = ET.SubElement(act, "NewWLANEventMAC")
2704 msg.text = neweventmac
47c549fd
JM		 2705 tree = ET.ElementTree(root)
2706 soap = StringIO.StringIO()
2707 tree.write(soap, xml_declaration=True, encoding='utf-8')
2708
2709 headers = { "Content-type": 'text/xml; charset="utf-8"' }
2710 if include_soap_action:
2711 headers["SOAPAction"] = '"urn:schemas-wifialliance-org:service:WFAWLANConfig:1#%s"' % action
2712 elif soap_action_override:
2713 headers["SOAPAction"] = soap_action_override
2714 conn.request("POST", path, soap.getvalue(), headers)
2715 return conn.getresponse()
2716
2717def test_ap_wps_upnp(dev, apdev):
2718 """WPS AP and UPnP operations"""
2719 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
2720 add_ssdp_ap(apdev[0]['ifname'], ap_uuid)
2721
2722 location = ssdp_get_location(ap_uuid)
2723 urls = upnp_get_urls(location)
2724
2725 conn = urllib.urlopen(urls['scpd_url'])
2726 scpd = conn.read()
2727
2728 conn = urllib.urlopen(urlparse.urljoin(location, "unknown.html"))
2729 if conn.getcode() != 404:
2730 raise Exception("Unexpected HTTP response to GET unknown URL")
2731
2732 url = urlparse.urlparse(location)
2733 conn = httplib.HTTPConnection(url.netloc)
2734 #conn.set_debuglevel(1)
2735 headers = { "Content-type": 'text/xml; charset="utf-8"',
2736 "SOAPAction": '"urn:schemas-wifialliance-org:service:WFAWLANConfig:1#GetDeviceInfo"' }
2737 conn.request("POST", "hello", "\r\n\r\n", headers)
2738 resp = conn.getresponse()
2739 if resp.status != 404:
5c267d71 2740 raise Exception("Unexpected HTTP response: %d" % resp.status)
47c549fd
JM		 2741
2742 conn.request("UNKNOWN", "hello", "\r\n\r\n", headers)
2743 resp = conn.getresponse()
2744 if resp.status != 501:
5c267d71 2745 raise Exception("Unexpected HTTP response: %d" % resp.status)
47c549fd
JM		 2746
2747 headers = { "Content-type": 'text/xml; charset="utf-8"',
2748 "SOAPAction": '"urn:some-unknown-action#GetDeviceInfo"' }
2749 ctrlurl = urlparse.urlparse(urls['control_url'])
2750 conn.request("POST", ctrlurl.path, "\r\n\r\n", headers)
2751 resp = conn.getresponse()
2752 if resp.status != 401:
5c267d71 2753 raise Exception("Unexpected HTTP response: %d" % resp.status)
47c549fd
JM		 2754
2755 logger.debug("GetDeviceInfo without SOAPAction header")
2756 resp = upnp_soap_action(conn, ctrlurl.path, "GetDeviceInfo",
2757 include_soap_action=False)
2758 if resp.status != 401:
5c267d71 2759 raise Exception("Unexpected HTTP response: %d" % resp.status)
47c549fd
JM		 2760
2761 logger.debug("GetDeviceInfo with invalid SOAPAction header")
2762 for act in [ "foo",
2763 "urn:schemas-wifialliance-org:service:WFAWLANConfig:1#GetDeviceInfo",
2764 '"urn:schemas-wifialliance-org:service:WFAWLANConfig:1"',
2765 '"urn:schemas-wifialliance-org:service:WFAWLANConfig:123#GetDevice']:
2766 resp = upnp_soap_action(conn, ctrlurl.path, "GetDeviceInfo",
2767 include_soap_action=False,
2768 soap_action_override=act)
2769 if resp.status != 401:
5c267d71 2770 raise Exception("Unexpected HTTP response: %d" % resp.status)
47c549fd
JM		 2771
2772 resp = upnp_soap_action(conn, ctrlurl.path, "GetDeviceInfo")
2773 if resp.status != 200:
5c267d71 2774 raise Exception("Unexpected HTTP response: %d" % resp.status)
47c549fd
JM		 2775 dev = resp.read()
2776 if "NewDeviceInfo" not in dev:
2777 raise Exception("Unexpected GetDeviceInfo response")
2778
2779 logger.debug("PutMessage without required parameters")
2780 resp = upnp_soap_action(conn, ctrlurl.path, "PutMessage")
2781 if resp.status != 600:
5c267d71 2782 raise Exception("Unexpected HTTP response: %d" % resp.status)
47c549fd
JM		 2783
2784 logger.debug("PutWLANResponse without required parameters")
2785 resp = upnp_soap_action(conn, ctrlurl.path, "PutWLANResponse")
2786 if resp.status != 600:
5c267d71 2787 raise Exception("Unexpected HTTP response: %d" % resp.status)
47c549fd
JM		 2788
2789 logger.debug("SetSelectedRegistrar from unregistered ER")
2790 resp = upnp_soap_action(conn, ctrlurl.path, "SetSelectedRegistrar")
2791 if resp.status != 501:
5c267d71 2792 raise Exception("Unexpected HTTP response: %d" % resp.status)
47c549fd
JM		 2793
2794 logger.debug("Unknown action")
2795 resp = upnp_soap_action(conn, ctrlurl.path, "Unknown")
2796 if resp.status != 401:
5c267d71 2797 raise Exception("Unexpected HTTP response: %d" % resp.status)
47c549fd
JM		 2798
2799def test_ap_wps_upnp_subscribe(dev, apdev):
2800 """WPS AP and UPnP event subscription"""
2801 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
24b7f282 2802 hapd = add_ssdp_ap(apdev[0]['ifname'], ap_uuid)
47c549fd
JM		 2803
2804 location = ssdp_get_location(ap_uuid)
2805 urls = upnp_get_urls(location)
2806 eventurl = urlparse.urlparse(urls['event_sub_url'])
2807
2808 url = urlparse.urlparse(location)
2809 conn = httplib.HTTPConnection(url.netloc)
2810 #conn.set_debuglevel(1)
2811 headers = { "callback": '<http://127.0.0.1:12345/event>',
2812 "timeout": "Second-1234" }
2813 conn.request("SUBSCRIBE", "hello", "\r\n\r\n", headers)
2814 resp = conn.getresponse()
2815 if resp.status != 412:
5c267d71 2816 raise Exception("Unexpected HTTP response: %d" % resp.status)
47c549fd
JM		 2817
2818 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
2819 resp = conn.getresponse()
2820 if resp.status != 412:
5c267d71 2821 raise Exception("Unexpected HTTP response: %d" % resp.status)
47c549fd
JM		 2822
2823 headers = { "NT": "upnp:event",
2824 "timeout": "Second-1234" }
2825 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
2826 resp = conn.getresponse()
2827 if resp.status != 412:
5c267d71 2828 raise Exception("Unexpected HTTP response: %d" % resp.status)
47c549fd
JM		 2829
2830 headers = { "callback": '<http://127.0.0.1:12345/event>',
2831 "NT": "upnp:foobar",
2832 "timeout": "Second-1234" }
2833 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
2834 resp = conn.getresponse()
2835 if resp.status != 400:
5c267d71 2836 raise Exception("Unexpected HTTP response: %d" % resp.status)
47c549fd
JM		 2837
2838 logger.debug("Valid subscription")
2839 headers = { "callback": '<http://127.0.0.1:12345/event>',
2840 "NT": "upnp:event",
2841 "timeout": "Second-1234" }
2842 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
2843 resp = conn.getresponse()
2844 if resp.status != 200:
5c267d71 2845 raise Exception("Unexpected HTTP response: %d" % resp.status)
47c549fd
JM		 2846 sid = resp.getheader("sid")
2847 logger.debug("Subscription SID " + sid)
2848
2849 logger.debug("Invalid re-subscription")
2850 headers = { "NT": "upnp:event",
2851 "sid": "123456734567854",
2852 "timeout": "Second-1234" }
2853 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
2854 resp = conn.getresponse()
2855 if resp.status != 400:
5c267d71 2856 raise Exception("Unexpected HTTP response: %d" % resp.status)
47c549fd
JM		 2857
2858 logger.debug("Invalid re-subscription")
2859 headers = { "NT": "upnp:event",
2860 "sid": "uuid:123456734567854",
2861 "timeout": "Second-1234" }
2862 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
2863 resp = conn.getresponse()
2864 if resp.status != 400:
5c267d71 2865 raise Exception("Unexpected HTTP response: %d" % resp.status)
47c549fd
JM		 2866
2867 logger.debug("Invalid re-subscription")
2868 headers = { "callback": '<http://127.0.0.1:12345/event>',
2869 "NT": "upnp:event",
2870 "sid": sid,
2871 "timeout": "Second-1234" }
2872 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
2873 resp = conn.getresponse()
2874 if resp.status != 400:
5c267d71 2875 raise Exception("Unexpected HTTP response: %d" % resp.status)
47c549fd
JM		 2876
2877 logger.debug("SID mismatch in re-subscription")
2878 headers = { "NT": "upnp:event",
2879 "sid": "uuid:4c2bca79-1ff4-4e43-85d4-952a2b8a51fb",
2880 "timeout": "Second-1234" }
2881 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
2882 resp = conn.getresponse()
2883 if resp.status != 412:
5c267d71 2884 raise Exception("Unexpected HTTP response: %d" % resp.status)
47c549fd
JM		 2885
2886 logger.debug("Valid re-subscription")
2887 headers = { "NT": "upnp:event",
2888 "sid": sid,
2889 "timeout": "Second-1234" }
2890 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
2891 resp = conn.getresponse()
2892 if resp.status != 200:
5c267d71 2893 raise Exception("Unexpected HTTP response: %d" % resp.status)
47c549fd
JM		 2894 sid2 = resp.getheader("sid")
2895 logger.debug("Subscription SID " + sid2)
2896
2897 if sid != sid2:
2898 raise Exception("Unexpected SID change")
2899
2900 logger.debug("Valid re-subscription")
2901 headers = { "NT": "upnp:event",
2902 "sid": "uuid: \t \t" + sid.split(':')[1],
2903 "timeout": "Second-1234" }
2904 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
2905 resp = conn.getresponse()
2906 if resp.status != 200:
5c267d71 2907 raise Exception("Unexpected HTTP response: %d" % resp.status)
47c549fd
JM		 2908
2909 logger.debug("Invalid unsubscription")
2910 headers = { "sid": sid }
2911 conn.request("UNSUBSCRIBE", "/hello", "\r\n\r\n", headers)
2912 resp = conn.getresponse()
2913 if resp.status != 412:
5c267d71 2914 raise Exception("Unexpected HTTP response: %d" % resp.status)
47c549fd
JM		 2915 headers = { "foo": "bar" }
2916 conn.request("UNSUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
2917 resp = conn.getresponse()
2918 if resp.status != 412:
5c267d71 2919 raise Exception("Unexpected HTTP response: %d" % resp.status)
47c549fd
JM		 2920
2921 logger.debug("Valid unsubscription")
2922 headers = { "sid": sid }
2923 conn.request("UNSUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
2924 resp = conn.getresponse()
2925 if resp.status != 200:
5c267d71 2926 raise Exception("Unexpected HTTP response: %d" % resp.status)
47c549fd
JM		 2927
2928 logger.debug("Unsubscription for not existing SID")
2929 headers = { "sid": sid }
2930 conn.request("UNSUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
2931 resp = conn.getresponse()
2932 if resp.status != 412:
5c267d71 2933 raise Exception("Unexpected HTTP response: %d" % resp.status)
47c549fd
JM		 2934
2935 logger.debug("Invalid unsubscription")
2936 headers = { "sid": " \t \tfoo" }
2937 conn.request("UNSUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
2938 resp = conn.getresponse()
2939 if resp.status != 400:
5c267d71 2940 raise Exception("Unexpected HTTP response: %d" % resp.status)
47c549fd
JM		 2941
2942 logger.debug("Invalid unsubscription")
2943 headers = { "sid": "uuid:\t \tfoo" }
2944 conn.request("UNSUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
2945 resp = conn.getresponse()
2946 if resp.status != 400:
5c267d71 2947 raise Exception("Unexpected HTTP response: %d" % resp.status)
47c549fd
JM		 2948
2949 logger.debug("Invalid unsubscription")
2950 headers = { "NT": "upnp:event",
2951 "sid": sid }
2952 conn.request("UNSUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
2953 resp = conn.getresponse()
2954 if resp.status != 400:
5c267d71 2955 raise Exception("Unexpected HTTP response: %d" % resp.status)
47c549fd
JM		 2956 headers = { "callback": '<http://127.0.0.1:12345/event>',
2957 "sid": sid }
2958 conn.request("UNSUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
2959 resp = conn.getresponse()
2960 if resp.status != 400:
5c267d71 2961 raise Exception("Unexpected HTTP response: %d" % resp.status)
47c549fd
JM		 2962
2963 logger.debug("Valid subscription with multiple callbacks")
2964 headers = { "callback": '<http://127.0.0.1:12345/event> <http://127.0.0.1:12345/event>\t<http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event>',
2965 "NT": "upnp:event",
2966 "timeout": "Second-1234" }
2967 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
2968 resp = conn.getresponse()
2969 if resp.status != 200:
5c267d71 2970 raise Exception("Unexpected HTTP response: %d" % resp.status)
47c549fd
JM		 2971 sid = resp.getheader("sid")
2972 logger.debug("Subscription SID " + sid)
d352c407 2973
24b7f282
JM		 2974 # Force subscription to be deleted due to errors
2975 dev[1].scan_for_bss(apdev[0]['bssid'], freq=2412)
2976 dev[2].scan_for_bss(apdev[0]['bssid'], freq=2412)
2977 with alloc_fail(hapd, 1, "event_build_message"):
2978 for i in range(10):
2979 dev[1].dump_monitor()
2980 dev[2].dump_monitor()
2981 dev[1].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
2982 dev[2].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
2983 dev[1].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
2984 dev[1].request("WPS_CANCEL")
2985 dev[2].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
2986 dev[2].request("WPS_CANCEL")
2987 if i % 4 == 1:
2988 time.sleep(1)
2989 else:
2990 time.sleep(0.1)
2991 time.sleep(0.2)
2992
2993 headers = { "sid": sid }
2994 conn.request("UNSUBSCRIBE", eventurl.path, "", headers)
2995 resp = conn.getresponse()
2996 if resp.status != 200 and resp.status != 412:
2997 raise Exception("Unexpected HTTP response for UNSUBSCRIBE: %d" % resp.status)
2998
2999 headers = { "callback": '<http://127.0.0.1:12345/event>',
3000 "NT": "upnp:event",
3001 "timeout": "Second-1234" }
3002 with alloc_fail(hapd, 1, "http_client_addr;event_send_start"):
3003 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3004 resp = conn.getresponse()
3005 if resp.status != 200:
3006 raise Exception("Unexpected HTTP response for SUBSCRIBE: %d" % resp.status)
3007 sid = resp.getheader("sid")
3008 logger.debug("Subscription SID " + sid)
3009
3010 headers = { "sid": sid }
3011 conn.request("UNSUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3012 resp = conn.getresponse()
3013 if resp.status != 200:
3014 raise Exception("Unexpected HTTP response for UNSUBSCRIBE: %d" % resp.status)
3015
3016 headers = { "callback": '<http://127.0.0.1:12345/event>',
3017 "NT": "upnp:event",
3018 "timeout": "Second-1234" }
3019 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3020 resp = conn.getresponse()
3021 if resp.status != 200:
3022 raise Exception("Unexpected HTTP response: %d" % resp.status)
3023 sid = resp.getheader("sid")
3024 logger.debug("Subscription SID " + sid)
3025
3026 with alloc_fail(hapd, 1, "=event_add"):
3027 for i in range(2):
3028 dev[1].dump_monitor()
3029 dev[2].dump_monitor()
3030 dev[1].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
3031 dev[2].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
3032 dev[1].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
3033 dev[1].request("WPS_CANCEL")
3034 dev[2].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
3035 dev[2].request("WPS_CANCEL")
3036 if i == 0:
3037 time.sleep(1)
3038 else:
3039 time.sleep(0.1)
3040
3041 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3042 resp = conn.getresponse()
3043 if resp.status != 200:
3044 raise Exception("Unexpected HTTP response: %d" % resp.status)
3045
3046 with alloc_fail(hapd, 1, "wpabuf_dup;event_add"):
3047 dev[1].dump_monitor()
3048 dev[2].dump_monitor()
3049 dev[1].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
3050 dev[2].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
3051 dev[1].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
3052 dev[1].request("WPS_CANCEL")
3053 dev[2].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
3054 dev[2].request("WPS_CANCEL")
3055 time.sleep(0.1)
3056
3057 with fail_test(hapd, 1, "os_get_random;uuid_make;subscription_start"):
3058 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3059 resp = conn.getresponse()
3060 if resp.status != 500:
3061 raise Exception("Unexpected HTTP response: %d" % resp.status)
3062
3063 with alloc_fail(hapd, 1, "=subscription_start"):
3064 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3065 resp = conn.getresponse()
3066 if resp.status != 500:
3067 raise Exception("Unexpected HTTP response: %d" % resp.status)
3068
3069 headers = { "callback": '',
3070 "NT": "upnp:event",
3071 "timeout": "Second-1234" }
3072 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3073 resp = conn.getresponse()
3074 if resp.status != 500:
3075 raise Exception("Unexpected HTTP response: %d" % resp.status)
3076
3077 headers = { "callback": ' <',
3078 "NT": "upnp:event",
3079 "timeout": "Second-1234" }
3080 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3081 resp = conn.getresponse()
3082 if resp.status != 500:
3083 raise Exception("Unexpected HTTP response: %d" % resp.status)
3084
3085 headers = { "callback": '<http://127.0.0.1:12345/event>',
3086 "NT": "upnp:event",
3087 "timeout": "Second-1234" }
3088 with alloc_fail(hapd, 1, "wpabuf_alloc;subscription_first_event"):
3089 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3090 resp = conn.getresponse()
3091 if resp.status != 500:
3092 raise Exception("Unexpected HTTP response: %d" % resp.status)
3093
3094 with alloc_fail(hapd, 1, "event_add;subscription_first_event"):
3095 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3096 resp = conn.getresponse()
3097 if resp.status != 500:
3098 raise Exception("Unexpected HTTP response: %d" % resp.status)
3099
3100 with alloc_fail(hapd, 1, "subscr_addr_add_url"):
3101 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3102 resp = conn.getresponse()
3103 if resp.status != 500:
3104 raise Exception("Unexpected HTTP response: %d" % resp.status)
3105
3106 with alloc_fail(hapd, 2, "subscr_addr_add_url"):
3107 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3108 resp = conn.getresponse()
3109 if resp.status != 500:
3110 raise Exception("Unexpected HTTP response: %d" % resp.status)
3111
3112 for i in range(6):
3113 headers = { "callback": '<http://127.0.0.1:%d/event>' % (12345 + i),
3114 "NT": "upnp:event",
3115 "timeout": "Second-1234" }
3116 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3117 resp = conn.getresponse()
3118 if resp.status != 200:
3119 raise Exception("Unexpected HTTP response: %d" % resp.status)
3120
3121 with alloc_fail(hapd, 1, "=upnp_wps_device_send_wlan_event"):
3122 dev[1].dump_monitor()
3123 dev[1].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
3124 dev[1].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
3125 dev[1].request("WPS_CANCEL")
3126 time.sleep(0.1)
3127
3128 with alloc_fail(hapd, 1, "wpabuf_alloc;upnp_wps_device_send_event"):
3129 dev[1].dump_monitor()
3130 dev[1].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
3131 dev[1].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
3132 dev[1].request("WPS_CANCEL")
3133 time.sleep(0.1)
3134
3135 with alloc_fail(hapd, 1, "base64_encode;upnp_wps_device_send_wlan_event"):
3136 dev[1].dump_monitor()
3137 dev[1].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
3138 dev[1].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
3139 dev[1].request("WPS_CANCEL")
3140 time.sleep(0.1)
3141
3142 hapd.disable()
3143 with alloc_fail(hapd, 1, "get_netif_info"):
3144 if "FAIL" not in hapd.request("ENABLE"):
3145 raise Exception("ENABLE succeeded during OOM")
3146
d91a64c4
JM		 3147def test_ap_wps_upnp_subscribe_events(dev, apdev):
3148 """WPS AP and UPnP event subscription and many events"""
3149 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
3150 hapd = add_ssdp_ap(apdev[0]['ifname'], ap_uuid)
3151
3152 location = ssdp_get_location(ap_uuid)
3153 urls = upnp_get_urls(location)
3154 eventurl = urlparse.urlparse(urls['event_sub_url'])
3155
3156 class WPSERHTTPServer(SocketServer.StreamRequestHandler):
3157 def handle(self):
3158 data = self.rfile.readline().strip()
3159 logger.debug(data)
3160 self.wfile.write(gen_wps_event())
3161
3162 server = MyTCPServer(("127.0.0.1", 12345), WPSERHTTPServer)
3163 server.timeout = 1
3164
3165 url = urlparse.urlparse(location)
3166 conn = httplib.HTTPConnection(url.netloc)
3167
3168 headers = { "callback": '<http://127.0.0.1:12345/event>',
3169 "NT": "upnp:event",
3170 "timeout": "Second-1234" }
3171 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3172 resp = conn.getresponse()
3173 if resp.status != 200:
3174 raise Exception("Unexpected HTTP response: %d" % resp.status)
3175 sid = resp.getheader("sid")
3176 logger.debug("Subscription SID " + sid)
3177
3178 # Fetch the first event message
3179 server.handle_request()
3180
3181 # Force subscription event queue to reach the maximum length by generating
3182 # new proxied events without the ER fetching any of the pending events.
3183 dev[1].scan_for_bss(apdev[0]['bssid'], freq=2412)
3184 dev[2].scan_for_bss(apdev[0]['bssid'], freq=2412)
3185 for i in range(16):
3186 dev[1].dump_monitor()
3187 dev[2].dump_monitor()
3188 dev[1].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
3189 dev[2].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
3190 dev[1].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
3191 dev[1].request("WPS_CANCEL")
3192 dev[2].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
3193 dev[2].request("WPS_CANCEL")
3194 if i % 4 == 1:
3195 time.sleep(1)
3196 else:
3197 time.sleep(0.1)
3198
3199 hapd.request("WPS_PIN any 12345670")
3200 dev[1].dump_monitor()
3201 dev[1].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
3202 ev = dev[1].wait_event(["WPS-SUCCESS"], timeout=10)
3203 if ev is None:
3204 raise Exception("WPS success not reported")
3205
3206 # Close the WPS ER HTTP server without fetching all the pending events.
3207 # This tests hostapd code path that clears subscription and the remaining
3208 # event queue when the interface is deinitialized.
3209 server.handle_request()
3210 server.server_close()
3211
3212 dev[1].wait_connected()
3213
b2047531
JM		 3214def test_ap_wps_upnp_http_proto(dev, apdev):
3215 """WPS AP and UPnP/HTTP protocol testing"""
3216 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
3217 add_ssdp_ap(apdev[0]['ifname'], ap_uuid)
3218
3219 location = ssdp_get_location(ap_uuid)
3220
3221 url = urlparse.urlparse(location)
81f8e7e9 3222 conn = httplib.HTTPConnection(url.netloc, timeout=0.2)
b2047531
JM		 3223 #conn.set_debuglevel(1)
3224
3225 conn.request("HEAD", "hello")
3226 resp = conn.getresponse()
3227 if resp.status != 501:
3228 raise Exception("Unexpected response to HEAD: " + str(resp.status))
3229 conn.close()
3230
3231 for cmd in [ "PUT", "DELETE", "TRACE", "CONNECT", "M-SEARCH", "M-POST" ]:
3232 try:
3233 conn.request(cmd, "hello")
3234 resp = conn.getresponse()
3235 except Exception, e:
3236 pass
3237 conn.close()
3238
3239 headers = { "Content-Length": 'abc' }
3240 conn.request("HEAD", "hello", "\r\n\r\n", headers)
3241 try:
3242 resp = conn.getresponse()
3243 except Exception, e:
3244 pass
3245 conn.close()
3246
3247 headers = { "Content-Length": '-10' }
3248 conn.request("HEAD", "hello", "\r\n\r\n", headers)
3249 try:
3250 resp = conn.getresponse()
3251 except Exception, e:
3252 pass
3253 conn.close()
3254
3255 headers = { "Content-Length": '10000000000000' }
3256 conn.request("HEAD", "hello", "\r\n\r\nhello", headers)
3257 try:
3258 resp = conn.getresponse()
3259 except Exception, e:
3260 pass
3261 conn.close()
3262
3263 headers = { "Transfer-Encoding": 'abc' }
3264 conn.request("HEAD", "hello", "\r\n\r\n", headers)
3265 resp = conn.getresponse()
3266 if resp.status != 501:
3267 raise Exception("Unexpected response to HEAD: " + str(resp.status))
3268 conn.close()
3269
3270 headers = { "Transfer-Encoding": 'chunked' }
3271 conn.request("HEAD", "hello", "\r\n\r\n", headers)
3272 resp = conn.getresponse()
3273 if resp.status != 501:
3274 raise Exception("Unexpected response to HEAD: " + str(resp.status))
3275 conn.close()
3276
3277 # Too long a header
3278 conn.request("HEAD", 5000 * 'A')
3279 try:
3280 resp = conn.getresponse()
3281 except Exception, e:
3282 pass
3283 conn.close()
3284
3285 # Long URL but within header length limits
3286 conn.request("HEAD", 3000 * 'A')
3287 resp = conn.getresponse()
3288 if resp.status != 501:
3289 raise Exception("Unexpected response to HEAD: " + str(resp.status))
3290 conn.close()
3291
3292 headers = { "Content-Length": '20' }
3293 conn.request("POST", "hello", 10 * 'A' + "\r\n\r\n", headers)
3294 try:
3295 resp = conn.getresponse()
3296 except Exception, e:
3297 pass
3298 conn.close()
3299
3300 conn.request("POST", "hello", 5000 * 'A' + "\r\n\r\n")
3301 resp = conn.getresponse()
3302 if resp.status != 404:
5c267d71 3303 raise Exception("Unexpected HTTP response: %d" % resp.status)
b2047531
JM		 3304 conn.close()
3305
3306 conn.request("POST", "hello", 60000 * 'A' + "\r\n\r\n")
3307 try:
3308 resp = conn.getresponse()
3309 except Exception, e:
3310 pass
3311 conn.close()
3312
3313def test_ap_wps_upnp_http_proto_chunked(dev, apdev):
3314 """WPS AP and UPnP/HTTP protocol testing for chunked encoding"""
3315 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
3316 add_ssdp_ap(apdev[0]['ifname'], ap_uuid)
3317
3318 location = ssdp_get_location(ap_uuid)
3319
3320 url = urlparse.urlparse(location)
3321 conn = httplib.HTTPConnection(url.netloc)
3322 #conn.set_debuglevel(1)
3323
3324 headers = { "Transfer-Encoding": 'chunked' }
3325 conn.request("POST", "hello",
3326 "a\r\nabcdefghij\r\n" + "2\r\nkl\r\n" + "0\r\n\r\n",
3327 headers)
3328 resp = conn.getresponse()
3329 if resp.status != 404:
5c267d71 3330 raise Exception("Unexpected HTTP response: %d" % resp.status)
b2047531
JM		 3331 conn.close()
3332
3333 conn.putrequest("POST", "hello")
3334 conn.putheader('Transfer-Encoding', 'chunked')
3335 conn.endheaders()
3336 conn.send("a\r\nabcdefghij\r\n")
3337 time.sleep(0.1)
3338 conn.send("2\r\nkl\r\n")
3339 conn.send("0\r\n\r\n")
3340 resp = conn.getresponse()
3341 if resp.status != 404:
5c267d71 3342 raise Exception("Unexpected HTTP response: %d" % resp.status)
b2047531
JM		 3343 conn.close()
3344
3345 conn.putrequest("POST", "hello")
3346 conn.putheader('Transfer-Encoding', 'chunked')
3347 conn.endheaders()
3348 completed = False
3349 try:
3350 for i in range(20000):
3351 conn.send("1\r\nZ\r\n")
3352 conn.send("0\r\n\r\n")
3353 resp = conn.getresponse()
3354 completed = True
3355 except Exception, e:
3356 pass
3357 conn.close()
3358 if completed:
3359 raise Exception("Too long chunked request did not result in connection reset")
3360
3361 headers = { "Transfer-Encoding": 'chunked' }
3362 conn.request("POST", "hello", "80000000\r\na", headers)
3363 try:
3364 resp = conn.getresponse()
3365 except Exception, e:
3366 pass
3367 conn.close()
3368
3369 conn.request("POST", "hello", "10000000\r\na", headers)
3370 try:
3371 resp = conn.getresponse()
3372 except Exception, e:
3373 pass
3374 conn.close()
3375
d352c407
JM		 3376def test_ap_wps_disabled(dev, apdev):
3377 """WPS operations while WPS is disabled"""
3378 ssid = "test-wps-disabled"
3379 hostapd.add_ap(apdev[0]['ifname'], { "ssid": ssid })
3380 hapd = hostapd.Hostapd(apdev[0]['ifname'])
3381 if "FAIL" not in hapd.request("WPS_PBC"):
3382 raise Exception("WPS_PBC succeeded unexpectedly")
3383 if "FAIL" not in hapd.request("WPS_CANCEL"):
3384 raise Exception("WPS_CANCEL succeeded unexpectedly")
a0fd2ae6
JM		 3385
3386def test_ap_wps_mixed_cred(dev, apdev):
3387 """WPS 2.0 STA merging mixed mode WPA/WPA2 credentials"""
3388 ssid = "test-wps-wep"
3389 hostapd.add_ap(apdev[0]['ifname'],
3390 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
3391 "skip_cred_build": "1", "extra_cred": "wps-mixed-cred" })
3392 hapd = hostapd.Hostapd(apdev[0]['ifname'])
3393 hapd.request("WPS_PBC")
33d0b157
JM		 3394 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
3395 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
9ed53f5e 3396 ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=30)
a0fd2ae6
JM		 3397 if ev is None:
3398 raise Exception("WPS-SUCCESS event timed out")
3399 nets = dev[0].list_networks()
3400 if len(nets) != 1:
3401 raise Exception("Unexpected number of network blocks")
3402 id = nets[0]['id']
3403 proto = dev[0].get_network(id, "proto")
3404 if proto != "WPA RSN":
3405 raise Exception("Unexpected merged proto field value: " + proto)
3406 pairwise = dev[0].get_network(id, "pairwise")
72a8e30b 3407 if pairwise != "CCMP TKIP" and pairwise != "CCMP GCMP TKIP":
a0fd2ae6 3408 raise Exception("Unexpected merged pairwise field value: " + pairwise)
e5a79e3f
JM		 3409
3410def test_ap_wps_while_connected(dev, apdev):
3411 """WPS PBC provisioning while connected to another AP"""
3412 ssid = "test-wps-conf"
3413 hostapd.add_ap(apdev[0]['ifname'],
3414 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
3415 "wpa_passphrase": "12345678", "wpa": "2",
3416 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
3417 hapd = hostapd.Hostapd(apdev[0]['ifname'])
3418
3419 hostapd.add_ap(apdev[1]['ifname'], { "ssid": "open" })
3420 dev[0].connect("open", key_mgmt="NONE", scan_freq="2412")
3421
3422 logger.info("WPS provisioning step")
3423 hapd.request("WPS_PBC")
3424 dev[0].dump_monitor()
33d0b157 3425 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
5f35a5e2 3426 dev[0].wait_connected(timeout=30)
e5a79e3f
JM		 3427 status = dev[0].get_status()
3428 if status['bssid'] != apdev[0]['bssid']:
3429 raise Exception("Unexpected BSSID")
3430
3431def test_ap_wps_while_connected_no_autoconnect(dev, apdev):
3432 """WPS PBC provisioning while connected to another AP and STA_AUTOCONNECT disabled"""
3433 ssid = "test-wps-conf"
3434 hostapd.add_ap(apdev[0]['ifname'],
3435 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
3436 "wpa_passphrase": "12345678", "wpa": "2",
3437 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
3438 hapd = hostapd.Hostapd(apdev[0]['ifname'])
3439
3440 hostapd.add_ap(apdev[1]['ifname'], { "ssid": "open" })
3441
3442 try:
3443 dev[0].request("STA_AUTOCONNECT 0")
3444 dev[0].connect("open", key_mgmt="NONE", scan_freq="2412")
3445
3446 logger.info("WPS provisioning step")
3447 hapd.request("WPS_PBC")
3448 dev[0].dump_monitor()
33d0b157 3449 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
5f35a5e2 3450 dev[0].wait_connected(timeout=30)
e5a79e3f
JM		 3451 status = dev[0].get_status()
3452 if status['bssid'] != apdev[0]['bssid']:
3453 raise Exception("Unexpected BSSID")
3454 finally:
3455 dev[0].request("STA_AUTOCONNECT 1")
3f08d1cd
JM		 3456
3457def test_ap_wps_from_event(dev, apdev):
3458 """WPS PBC event on AP to enable PBC"""
3459 ssid = "test-wps-conf"
3460 hapd = hostapd.add_ap(apdev[0]['ifname'],
3461 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
3462 "wpa_passphrase": "12345678", "wpa": "2",
3463 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
33d0b157 3464 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
3f08d1cd 3465 dev[0].dump_monitor()
33d0b157
JM		 3466 hapd.dump_monitor()
3467 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
3f08d1cd
JM		 3468
3469 ev = hapd.wait_event(['WPS-ENROLLEE-SEEN'], timeout=15)
3470 if ev is None:
3471 raise Exception("No WPS-ENROLLEE-SEEN event on AP")
3472 vals = ev.split(' ')
3473 if vals[1] != dev[0].p2p_interface_addr():
3474 raise Exception("Unexpected enrollee address: " + vals[1])
3475 if vals[5] != '4':
3476 raise Exception("Unexpected Device Password Id: " + vals[5])
3477 hapd.request("WPS_PBC")
5f35a5e2 3478 dev[0].wait_connected(timeout=30)
1531402e
JM		 3479
3480def test_ap_wps_ap_scan_2(dev, apdev):
3481 """AP_SCAN 2 for WPS"""
3482 ssid = "test-wps-conf"
3483 hapd = hostapd.add_ap(apdev[0]['ifname'],
3484 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
3485 "wpa_passphrase": "12345678", "wpa": "2",
3486 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
3487 hapd.request("WPS_PBC")
3488
3489 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
3490 wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
4b9d79b6 3491 wpas.dump_monitor()
1531402e
JM		 3492
3493 if "OK" not in wpas.request("AP_SCAN 2"):
3494 raise Exception("Failed to set AP_SCAN 2")
3495
e51c8b2e 3496 wpas.flush_scan_cache()
33d0b157 3497 wpas.scan_for_bss(apdev[0]['bssid'], freq="2412")
4b9d79b6 3498 wpas.dump_monitor()
33d0b157 3499 wpas.request("WPS_PBC " + apdev[0]['bssid'])
1531402e
JM		 3500 ev = wpas.wait_event(["WPS-SUCCESS"], timeout=15)
3501 if ev is None:
3502 raise Exception("WPS-SUCCESS event timed out")
5f35a5e2 3503 wpas.wait_connected(timeout=30)
4b9d79b6 3504 wpas.dump_monitor()
1531402e
JM		 3505 wpas.request("DISCONNECT")
3506 wpas.request("BSS_FLUSH 0")
3507 wpas.dump_monitor()
3508 wpas.request("REASSOCIATE")
5f35a5e2 3509 wpas.wait_connected(timeout=30)
4b9d79b6 3510 wpas.dump_monitor()
a08fdb17
JM		 3511
3512def test_ap_wps_eapol_workaround(dev, apdev):
3513 """EAPOL workaround code path for 802.1X header length mismatch"""
3514 ssid = "test-wps"
3515 hostapd.add_ap(apdev[0]['ifname'],
3516 { "ssid": ssid, "eap_server": "1", "wps_state": "1" })
3517 hapd = hostapd.Hostapd(apdev[0]['ifname'])
3518 bssid = apdev[0]['bssid']
3519 hapd.request("SET ext_eapol_frame_io 1")
3520 dev[0].request("SET ext_eapol_frame_io 1")
3521 hapd.request("WPS_PBC")
3522 dev[0].request("WPS_PBC")
3523
3524 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
3525 if ev is None:
3526 raise Exception("Timeout on EAPOL-TX from hostapd")
3527
3528 res = dev[0].request("EAPOL_RX " + bssid + " 020000040193000501FFFF")
3529 if "OK" not in res:
3530 raise Exception("EAPOL_RX to wpa_supplicant failed")
46dea617
JM		 3531
3532def test_ap_wps_iteration(dev, apdev):
3533 """WPS PIN and iterate through APs without selected registrar"""
3534 ssid = "test-wps-conf"
3535 hapd = hostapd.add_ap(apdev[0]['ifname'],
3536 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
3537 "wpa_passphrase": "12345678", "wpa": "2",
3538 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
3539
3540 ssid2 = "test-wps-conf2"
3541 hapd2 = hostapd.add_ap(apdev[1]['ifname'],
3542 { "ssid": ssid2, "eap_server": "1", "wps_state": "2",
3543 "wpa_passphrase": "12345678", "wpa": "2",
3544 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
3545
3546 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
3547 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
3548 dev[0].dump_monitor()
3549 pin = dev[0].request("WPS_PIN any")
3550
3551 # Wait for iteration through all WPS APs to happen before enabling any
3552 # Registrar.
3553 for i in range(2):
3554 ev = dev[0].wait_event(["Associated with"], timeout=30)
3555 if ev is None:
3556 raise Exception("No association seen")
3557 ev = dev[0].wait_event(["WPS-M2D"], timeout=10)
3558 if ev is None:
3559 raise Exception("No M2D from AP")
3560 dev[0].wait_disconnected()
3561
3562 # Verify that each AP requested PIN
3563 ev = hapd.wait_event(["WPS-PIN-NEEDED"], timeout=1)
3564 if ev is None:
3565 raise Exception("No WPS-PIN-NEEDED event from AP")
3566 ev = hapd2.wait_event(["WPS-PIN-NEEDED"], timeout=1)
3567 if ev is None:
3568 raise Exception("No WPS-PIN-NEEDED event from AP2")
3569
3570 # Provide PIN to one of the APs and verify that connection gets formed
3571 hapd.request("WPS_PIN any " + pin)
3572 dev[0].wait_connected(timeout=30)
2272f5aa
JM		 3573
3574def test_ap_wps_iteration_error(dev, apdev):
3575 """WPS AP iteration on no Selected Registrar and error case with an AP"""
3576 ssid = "test-wps-conf-pin"
3577 hapd = hostapd.add_ap(apdev[0]['ifname'],
3578 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
3579 "wpa_passphrase": "12345678", "wpa": "2",
3580 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
3581 "wps_independent": "1" })
3582 hapd.request("SET ext_eapol_frame_io 1")
3583 bssid = apdev[0]['bssid']
3584 pin = dev[0].wps_read_pin()
3585 dev[0].request("WPS_PIN any " + pin)
3586
3587 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
3588 if ev is None:
3589 raise Exception("No EAPOL-TX (EAP-Request/Identity) from hostapd")
3590 dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
3591
3592 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
3593 if ev is None:
3594 raise Exception("No EAPOL-TX (EAP-WSC/Start) from hostapd")
3595 ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)
3596 if ev is None:
3597 raise Exception("No CTRL-EVENT-EAP-STARTED")
3598
3599 # Do not forward any more EAPOL frames to test wpa_supplicant behavior for
3600 # a case with an incorrectly behaving WPS AP.
3601
3602 # Start the real target AP and activate registrar on it.
3603 hapd2 = hostapd.add_ap(apdev[1]['ifname'],
3604 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
3605 "wpa_passphrase": "12345678", "wpa": "2",
3606 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
3607 "wps_independent": "1" })
3608 hapd2.request("WPS_PIN any " + pin)
3609
3610 dev[0].wait_disconnected(timeout=15)
3611 ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=15)
3612 if ev is None:
3613 raise Exception("No CTRL-EVENT-EAP-STARTED for the second AP")
3614 ev = dev[0].wait_event(["WPS-CRED-RECEIVED"], timeout=15)
3615 if ev is None:
3616 raise Exception("No WPS-CRED-RECEIVED for the second AP")
3617 dev[0].wait_connected(timeout=15)
d6f6a86a
JM		 3618
3619def test_ap_wps_priority(dev, apdev):
3620 """WPS PIN provisioning with configured AP and wps_priority"""
3621 ssid = "test-wps-conf-pin"
3622 hostapd.add_ap(apdev[0]['ifname'],
3623 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
3624 "wpa_passphrase": "12345678", "wpa": "2",
3625 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
3626 hapd = hostapd.Hostapd(apdev[0]['ifname'])
3627 logger.info("WPS provisioning step")
3628 pin = dev[0].wps_read_pin()
3629 hapd.request("WPS_PIN any " + pin)
3630 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
3631 dev[0].dump_monitor()
3632 try:
3633 dev[0].request("SET wps_priority 6")
3634 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
3635 dev[0].wait_connected(timeout=30)
3636 netw = dev[0].list_networks()
3637 prio = dev[0].get_network(netw[0]['id'], 'priority')
3638 if prio != '6':
3639 raise Exception("Unexpected network priority: " + prio)
3640 finally:
3641 dev[0].request("SET wps_priority 0")
2c3a0190 3642
df1d01cf
JM		 3643def test_ap_wps_and_non_wps(dev, apdev):
3644 """WPS and non-WPS AP in single hostapd process"""
3645 params = { "ssid": "wps", "eap_server": "1", "wps_state": "1" }
3646 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
3647
3648 params = { "ssid": "no wps" }
3649 hapd2 = hostapd.add_ap(apdev[1]['ifname'], params)
3650
3651 appin = hapd.request("WPS_AP_PIN random")
3652 if "FAIL" in appin:
3653 raise Exception("Could not generate random AP PIN")
3654 if appin not in hapd.request("WPS_AP_PIN get"):
3655 raise Exception("Could not fetch current AP PIN")
3656
3657 if "FAIL" in hapd.request("WPS_PBC"):
3658 raise Exception("WPS_PBC failed")
3659 if "FAIL" in hapd.request("WPS_CANCEL"):
3660 raise Exception("WPS_CANCEL failed")
3661
2c3a0190
JM		 3662def test_ap_wps_init_oom(dev, apdev):
3663 """Initial AP configuration and OOM during PSK generation"""
3664 ssid = "test-wps"
3665 params = { "ssid": ssid, "eap_server": "1", "wps_state": "1" }
3666 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
3667
3668 with alloc_fail(hapd, 1, "base64_encode;wps_build_cred"):
3669 pin = dev[0].wps_read_pin()
3670 hapd.request("WPS_PIN any " + pin)
3671 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
3672 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
3673 dev[0].wait_disconnected()
3674
3675 hapd.request("WPS_PIN any " + pin)
3676 dev[0].wait_connected(timeout=30)
ccf4d764
JM		 3677
3678def test_ap_wps_er_oom(dev, apdev):
3679 """WPS ER OOM in XML processing"""
3680 try:
3681 _test_ap_wps_er_oom(dev, apdev)
3682 finally:
3683 dev[0].request("WPS_ER_STOP")
3684 dev[1].request("WPS_CANCEL")
3685 dev[0].request("DISCONNECT")
3686
3687def _test_ap_wps_er_oom(dev, apdev):
3688 ssid = "wps-er-ap-config"
3689 ap_pin = "12345670"
3690 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
3691 hostapd.add_ap(apdev[0]['ifname'],
3692 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
3693 "wpa_passphrase": "12345678", "wpa": "2",
3694 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
3695 "device_name": "Wireless AP", "manufacturer": "Company",
3696 "model_name": "WAP", "model_number": "123",
3697 "serial_number": "12345", "device_type": "6-0050F204-1",
3698 "os_version": "01020300",
3699 "config_methods": "label push_button",
3700 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"})
3701
3702 dev[0].connect(ssid, psk="12345678", scan_freq="2412")
3703
3704 with alloc_fail(dev[0], 1, "base64_decode;xml_get_base64_item"):
3705 dev[0].request("WPS_ER_START ifname=lo")
3706 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=3)
3707 if ev is not None:
3708 raise Exception("Unexpected AP discovery")
3709
3710 dev[0].request("WPS_ER_STOP")
3711 dev[0].request("WPS_ER_START ifname=lo")
3712 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=10)
3713 if ev is None:
3714 raise Exception("AP discovery timed out")
3715
3716 dev[1].scan_for_bss(apdev[0]['bssid'], freq=2412)
3717 with alloc_fail(dev[0], 1, "base64_decode;xml_get_base64_item"):
3718 dev[1].request("WPS_PBC " + apdev[0]['bssid'])
3719 ev = dev[1].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=10)
3720 if ev is None:
3721 raise Exception("PBC scan failed")
3722 ev = dev[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout=15)
3723 if ev is None:
3724 raise Exception("Enrollee discovery timed out")
2602a2ff 3725
c965ae03
JM		 3726def test_ap_wps_er_init_oom(dev, apdev):
3727 """WPS ER and OOM during init"""
3728 try:
3729 _test_ap_wps_er_init_oom(dev, apdev)
3730 finally:
3731 dev[0].request("WPS_ER_STOP")
3732
3733def _test_ap_wps_er_init_oom(dev, apdev):
3734 with alloc_fail(dev[0], 1, "wps_er_init"):
3735 if "FAIL" not in dev[0].request("WPS_ER_START ifname=lo"):
3736 raise Exception("WPS_ER_START succeeded during OOM")
3737 with alloc_fail(dev[0], 1, "http_server_init"):
3738 if "FAIL" not in dev[0].request("WPS_ER_START ifname=lo"):
3739 raise Exception("WPS_ER_START succeeded during OOM")
3740 with alloc_fail(dev[0], 2, "http_server_init"):
3741 if "FAIL" not in dev[0].request("WPS_ER_START ifname=lo"):
3742 raise Exception("WPS_ER_START succeeded during OOM")
9b35afd6 3743 with alloc_fail(dev[0], 1, "eloop_sock_table_add_sock;?eloop_register_sock;wps_er_ssdp_init"):
c965ae03
JM		 3744 if "FAIL" not in dev[0].request("WPS_ER_START ifname=lo"):
3745 raise Exception("WPS_ER_START succeeded during OOM")
3746 with fail_test(dev[0], 1, "os_get_random;wps_er_init"):
3747 if "FAIL" not in dev[0].request("WPS_ER_START ifname=lo"):
3748 raise Exception("WPS_ER_START succeeded during os_get_random failure")
3749
07536b18
JM		 3750def test_ap_wps_er_init_fail(dev, apdev):
3751 """WPS ER init failure"""
3752 if "FAIL" not in dev[0].request("WPS_ER_START ifname=does-not-exist"):
3753 dev[0].request("WPS_ER_STOP")
3754 raise Exception("WPS_ER_START with non-existing ifname succeeded")
3755
2602a2ff
JM		 3756def test_ap_wps_wpa_cli_action(dev, apdev, test_params):
3757 """WPS events and wpa_cli action script"""
8936b095
JM		 3758 logdir = os.path.abspath(test_params['logdir'])
3759 pidfile = os.path.join(logdir, 'ap_wps_wpa_cli_action.wpa_cli.pid')
3760 logfile = os.path.join(logdir, 'ap_wps_wpa_cli_action.wpa_cli.res')
3761 actionfile = os.path.join(logdir, 'ap_wps_wpa_cli_action.wpa_cli.action.sh')
2602a2ff
JM		 3762
3763 with open(actionfile, 'w') as f:
3764 f.write('#!/bin/sh\n')
3765 f.write('echo $* >> %s\n' % logfile)
3766 # Kill the process and wait some time before returning to allow all the
3767 # pending events to be processed with some of this happening after the
3768 # eloop SIGALRM signal has been scheduled.
3769 f.write('if [ $2 = "WPS-SUCCESS" -a -r %s ]; then kill `cat %s`; sleep 1; fi\n' % (pidfile, pidfile))
3770
8936b095
JM		 3771 os.chmod(actionfile, stat.S_IREAD | stat.S_IWRITE | stat.S_IEXEC |
3772 stat.S_IRGRP | stat.S_IXGRP | stat.S_IROTH | stat.S_IXOTH)
2602a2ff
JM		 3773
3774 ssid = "test-wps-conf"
3775 hostapd.add_ap(apdev[0]['ifname'],
3776 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
3777 "wpa_passphrase": "12345678", "wpa": "2",
3778 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
3779 hapd = hostapd.Hostapd(apdev[0]['ifname'])
3780
3781 prg = os.path.join(test_params['logdir'],
3782 'alt-wpa_supplicant/wpa_supplicant/wpa_cli')
3783 if not os.path.exists(prg):
3784 prg = '../../wpa_supplicant/wpa_cli'
3785 arg = [ prg, '-P', pidfile, '-B', '-i', dev[0].ifname, '-a', actionfile ]
3786 subprocess.call(arg)
3787
3788 arg = [ 'ps', 'ax' ]
3789 cmd = subprocess.Popen(arg, stdout=subprocess.PIPE)
3790 out = cmd.communicate()[0]
3791 cmd.wait()
3792 logger.debug("Processes:\n" + out)
3793 if "wpa_cli -P %s -B -i %s" % (pidfile, dev[0].ifname) not in out:
3794 raise Exception("Did not see wpa_cli running")
3795
3796 hapd.request("WPS_PIN any 12345670")
3797 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
3798 dev[0].dump_monitor()
3799 dev[0].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
3800 dev[0].wait_connected(timeout=30)
3801
3802 for i in range(30):
3803 if not os.path.exists(pidfile):
3804 break
3805 time.sleep(0.1)
3806
3807 if not os.path.exists(logfile):
3808 raise Exception("wpa_cli action results file not found")
3809 with open(logfile, 'r') as f:
3810 res = f.read()
3811 if "WPS-SUCCESS" not in res:
3812 raise Exception("WPS-SUCCESS event not seen in action file")
3813
3814 arg = [ 'ps', 'ax' ]
3815 cmd = subprocess.Popen(arg, stdout=subprocess.PIPE)
3816 out = cmd.communicate()[0]
3817 cmd.wait()
3818 logger.debug("Remaining processes:\n" + out)
3819 if "wpa_cli -P %s -B -i %s" % (pidfile, dev[0].ifname) in out:
3820 raise Exception("wpa_cli still running")
3821
3822 if os.path.exists(pidfile):
3823 raise Exception("PID file not removed")
c965ae03
JM		 3824
3825def test_ap_wps_er_ssdp_proto(dev, apdev):
3826 """WPS ER SSDP protocol testing"""
3827 try:
3828 _test_ap_wps_er_ssdp_proto(dev, apdev)
3829 finally:
3830 dev[0].request("WPS_ER_STOP")
3831
3832def _test_ap_wps_er_ssdp_proto(dev, apdev):
3833 socket.setdefaulttimeout(1)
3834 sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
3835 sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
3836 sock.bind(("239.255.255.250", 1900))
3837 if "FAIL" not in dev[0].request("WPS_ER_START ifname=lo foo"):
3838 raise Exception("Invalid filter accepted")
3839 if "OK" not in dev[0].request("WPS_ER_START ifname=lo 1.2.3.4"):
3840 raise Exception("WPS_ER_START with filter failed")
3841 (msg,addr) = sock.recvfrom(1000)
3842 logger.debug("Received SSDP message from %s: %s" % (str(addr), msg))
3843 if "M-SEARCH" not in msg:
3844 raise Exception("Not an M-SEARCH")
3845 sock.sendto("FOO", addr)
3846 time.sleep(0.1)
3847 dev[0].request("WPS_ER_STOP")
3848
3849 dev[0].request("WPS_ER_START ifname=lo")
3850 (msg,addr) = sock.recvfrom(1000)
3851 logger.debug("Received SSDP message from %s: %s" % (str(addr), msg))
3852 if "M-SEARCH" not in msg:
3853 raise Exception("Not an M-SEARCH")
3854 sock.sendto("FOO", addr)
3855 sock.sendto("HTTP/1.1 200 OK\r\nFOO\r\n\r\n", addr)
3856 sock.sendto("HTTP/1.1 200 OK\r\nNTS:foo\r\n\r\n", addr)
3857 sock.sendto("HTTP/1.1 200 OK\r\nNTS:ssdp:byebye\r\n\r\n", addr)
3858 sock.sendto("HTTP/1.1 200 OK\r\ncache-control: foo=1\r\n\r\n", addr)
3859 sock.sendto("HTTP/1.1 200 OK\r\ncache-control: max-age=1\r\n\r\n", addr)
3860 sock.sendto("HTTP/1.1 200 OK\r\nusn:\r\n\r\n", addr)
3861 sock.sendto("HTTP/1.1 200 OK\r\nusn:foo\r\n\r\n", addr)
3862 sock.sendto("HTTP/1.1 200 OK\r\nusn: uuid:\r\n\r\n", addr)
3863 sock.sendto("HTTP/1.1 200 OK\r\nusn: uuid: \r\n\r\n", addr)
3864 sock.sendto("HTTP/1.1 200 OK\r\nusn: uuid: foo\r\n\r\n", addr)
3865 sock.sendto("HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\n\r\n", addr)
3866 sock.sendto("HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nNTS:ssdp:byebye\r\n\r\n", addr)
3867 sock.sendto("HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nlocation:foo\r\n\r\n", addr)
3868 with alloc_fail(dev[0], 1, "wps_er_ap_add"):
3869 sock.sendto("HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nlocation:foo\r\ncache-control:max-age=1\r\n\r\n", addr)
3870 time.sleep(0.1)
3871 with alloc_fail(dev[0], 2, "wps_er_ap_add"):
3872 sock.sendto("HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nlocation:foo\r\ncache-control:max-age=1\r\n\r\n", addr)
3873 time.sleep(0.1)
3874
3875 # Add an AP with bogus URL
3876 sock.sendto("HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nlocation:foo\r\ncache-control:max-age=1\r\n\r\n", addr)
3877 # Update timeout on AP without updating URL
3878 sock.sendto("HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nlocation:http://127.0.0.1:12345/foo.xml\r\ncache-control:max-age=1\r\n\r\n", addr)
3879 ev = dev[0].wait_event(["WPS-ER-AP-REMOVE"], timeout=5)
3880 if ev is None:
3881 raise Exception("No WPS-ER-AP-REMOVE event on max-age timeout")
3882
3883 # Add an AP with a valid URL (but no server listing to it)
3884 sock.sendto("HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nlocation:http://127.0.0.1:12345/foo.xml\r\ncache-control:max-age=1\r\n\r\n", addr)
3885 ev = dev[0].wait_event(["WPS-ER-AP-REMOVE"], timeout=5)
3886 if ev is None:
3887 raise Exception("No WPS-ER-AP-REMOVE event on max-age timeout")
3888
3889 sock.close()
3890
3891wps_event_url = None
3892
6aaa661a
JM		 3893def gen_upnp_info(eventSubURL='wps_event', controlURL='wps_control',
3894 udn='uuid:27ea801a-9e5c-4e73-bd82-f89cbcd10d7e'):
4c3ae1c0 3895 payload = '''<?xml version="1.0"?>
c965ae03
JM		 3896<root xmlns="urn:schemas-upnp-org:device-1-0">
3897<specVersion>
3898<major>1</major>
3899<minor>0</minor>
3900</specVersion>
3901<device>
3902<deviceType>urn:schemas-wifialliance-org:device:WFADevice:1</deviceType>
3903<friendlyName>WPS Access Point</friendlyName>
3904<manufacturer>Company</manufacturer>
3905<modelName>WAP</modelName>
3906<modelNumber>123</modelNumber>
3907<serialNumber>12345</serialNumber>
6aaa661a
JM		 3908'''
3909 if udn:
3910 payload += '<UDN>' + udn + '</UDN>'
3911 payload += '''<serviceList>
c965ae03
JM		 3912<service>
3913<serviceType>urn:schemas-wifialliance-org:service:WFAWLANConfig:1</serviceType>
3914<serviceId>urn:wifialliance-org:serviceId:WFAWLANConfig1</serviceId>
3915<SCPDURL>wps_scpd.xml</SCPDURL>
4c3ae1c0 3916'''
6aaa661a
JM		 3917 if controlURL:
3918 payload += '<controlURL>' + controlURL + '</controlURL>\n'
4c3ae1c0 3919 if eventSubURL:
6aaa661a 3920 payload += '<eventSubURL>' + eventSubURL + '</eventSubURL>\n'
4c3ae1c0 3921 payload += '''</service>
c965ae03
JM		 3922</serviceList>
3923</device>
3924</root>
3925'''
4c3ae1c0
JM		 3926 hdr = 'HTTP/1.1 200 OK\r\n' + \
3927 'Content-Type: text/xml; charset="utf-8"\r\n' + \
3928 'Server: Unspecified, UPnP/1.0, Unspecified\r\n' + \
3929 'Connection: close\r\n' + \
3930 'Content-Length: ' + str(len(payload)) + '\r\n' + \
3931 'Date: Sat, 15 Aug 2015 18:55:08 GMT\r\n\r\n'
3932 return hdr + payload
3933
6aaa661a 3934def gen_wps_control(payload_override=None):
4c3ae1c0 3935 payload = '''<?xml version="1.0"?>
c965ae03
JM		 3936<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
3937<s:Body>
3938<u:GetDeviceInfoResponse xmlns:u="urn:schemas-wifialliance-org:service:WFAWLANConfig:1">
3939<NewDeviceInfo>EEoAARAQIgABBBBHABAn6oAanlxOc72C+Jy80Q1+ECAABgIAAAADABAaABCJZ7DPtbU3Ust9
3940Z3wJF07WEDIAwH45D3i1OqB7eJGwTzqeapS71h3KyXncK2xJZ+xqScrlorNEg6LijBJzG2Ca
3941+FZli0iliDJd397yAx/jk4nFXco3q5ylBSvSw9dhJ5u1xBKSnTilKGlUHPhLP75PUqM3fot9
39427zwtFZ4bx6x1sBA6oEe2d0aUJmLumQGCiKEIWlnxs44zego/2tAe81bDzdPBM7o5HH/FUhD+
3943KoGzFXp51atP+1n9Vta6AkI0Vye99JKLcC6Md9dMJltSVBgd4Xc4lRAEAAIAIxAQAAIADRAN
3944AAEBEAgAAgAEEEQAAQIQIQAHQ29tcGFueRAjAANXQVAQJAADMTIzEEIABTEyMzQ1EFQACAAG
3945AFDyBAABEBEAC1dpcmVsZXNzIEFQEDwAAQEQAgACAAAQEgACAAAQCQACAAAQLQAEgQIDABBJ
3946AAYANyoAASA=
3947</NewDeviceInfo>
3948</u:GetDeviceInfoResponse>
3949</s:Body>
3950</s:Envelope>
3951'''
6aaa661a
JM		 3952 if payload_override:
3953 payload = payload_override
4c3ae1c0
JM		 3954 hdr = 'HTTP/1.1 200 OK\r\n' + \
3955 'Content-Type: text/xml; charset="utf-8"\r\n' + \
3956 'Server: Unspecified, UPnP/1.0, Unspecified\r\n' + \
3957 'Connection: close\r\n' + \
3958 'Content-Length: ' + str(len(payload)) + '\r\n' + \
3959 'Date: Sat, 15 Aug 2015 18:55:08 GMT\r\n\r\n'
3960 return hdr + payload
3961
6aaa661a 3962def gen_wps_event(sid='uuid:7eb3342a-8a5f-47fe-a585-0785bfec6d8a'):
4c3ae1c0
JM		 3963 payload = ""
3964 hdr = 'HTTP/1.1 200 OK\r\n' + \
3965 'Content-Type: text/xml; charset="utf-8"\r\n' + \
3966 'Server: Unspecified, UPnP/1.0, Unspecified\r\n' + \
3967 'Connection: close\r\n' + \
6aaa661a
JM		 3968 'Content-Length: ' + str(len(payload)) + '\r\n'
3969 if sid:
3970 hdr += 'SID: ' + sid + '\r\n'
3971 hdr += 'Timeout: Second-1801\r\n' + \
4c3ae1c0
JM		 3972 'Date: Sat, 15 Aug 2015 18:55:08 GMT\r\n\r\n'
3973 return hdr + payload
3974
3975class WPSAPHTTPServer(SocketServer.StreamRequestHandler):
3976 def handle(self):
3977 data = self.rfile.readline().strip()
3978 logger.info("HTTP server received: " + data)
3979 while True:
3980 hdr = self.rfile.readline().strip()
3981 if len(hdr) == 0:
3982 break
3983 logger.info("HTTP header: " + hdr)
3984 if "CALLBACK:" in hdr:
3985 global wps_event_url
3986 wps_event_url = hdr.split(' ')[1].strip('<>')
3987
3988 if "GET /foo.xml" in data:
6aaa661a
JM		 3989 self.handle_upnp_info()
3990 elif "POST /wps_control" in data:
3991 self.handle_wps_control()
3992 elif "SUBSCRIBE /wps_event" in data:
3993 self.handle_wps_event()
24b7f282
JM		 3994 else:
3995 self.handle_others(data)
6aaa661a
JM		 3996
3997 def handle_upnp_info(self):
3998 self.wfile.write(gen_upnp_info())
4c3ae1c0 3999
6aaa661a
JM		 4000 def handle_wps_control(self):
4001 self.wfile.write(gen_wps_control())
c965ae03 4002
6aaa661a
JM		 4003 def handle_wps_event(self):
4004 self.wfile.write(gen_wps_event())
c965ae03 4005
24b7f282
JM		 4006 def handle_others(self, data):
4007 logger.info("Ignore HTTP request: " + data)
4008
4c3ae1c0
JM		 4009class MyTCPServer(SocketServer.TCPServer):
4010 def __init__(self, addr, handler):
4011 self.allow_reuse_address = True
4012 SocketServer.TCPServer.__init__(self, addr, handler)
c965ae03 4013
24b7f282
JM		 4014def wps_er_start(dev, http_server, max_age=1, wait_m_search=False,
4015 location_url=None):
c965ae03
JM		 4016 socket.setdefaulttimeout(1)
4017 sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
4018 sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
4019 sock.bind(("239.255.255.250", 1900))
4c3ae1c0 4020 dev.request("WPS_ER_START ifname=lo")
24b7f282
JM		 4021 for i in range(100):
4022 (msg,addr) = sock.recvfrom(1000)
4023 logger.debug("Received SSDP message from %s: %s" % (str(addr), msg))
4024 if "M-SEARCH" in msg:
4025 break
4026 if not wait_m_search:
4027 raise Exception("Not an M-SEARCH")
4028 if i == 99:
4029 raise Exception("No M-SEARCH seen")
c965ae03
JM		 4030
4031 # Add an AP with a valid URL and server listing to it
4c3ae1c0 4032 server = MyTCPServer(("127.0.0.1", 12345), http_server)
24b7f282
JM		 4033 if not location_url:
4034 location_url = 'http://127.0.0.1:12345/foo.xml'
4035 sock.sendto("HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nlocation:%s\r\ncache-control:max-age=%d\r\n\r\n" % (location_url, max_age), addr)
c965ae03 4036 server.timeout = 1
4c3ae1c0
JM		 4037 return server,sock
4038
4039def wps_er_stop(dev, sock, server, on_alloc_fail=False):
4040 sock.close()
4041 server.server_close()
4042
4043 if on_alloc_fail:
4044 done = False
4045 for i in range(50):
4046 res = dev.request("GET_ALLOC_FAIL")
4047 if res.startswith("0:"):
4048 done = True
4049 break
4050 time.sleep(0.1)
4051 if not done:
4052 raise Exception("No allocation failure reported")
4053 else:
4054 ev = dev.wait_event(["WPS-ER-AP-REMOVE"], timeout=5)
4055 if ev is None:
4056 raise Exception("No WPS-ER-AP-REMOVE event on max-age timeout")
4057 dev.request("WPS_ER_STOP")
4058
24b7f282 4059def run_wps_er_proto_test(dev, handler, no_event_url=False, location_url=None):
6aaa661a
JM		 4060 try:
4061 uuid = '27ea801a-9e5c-4e73-bd82-f89cbcd10d7e'
24b7f282 4062 server,sock = wps_er_start(dev, handler, location_url=location_url)
6aaa661a
JM		 4063 global wps_event_url
4064 wps_event_url = None
4065 server.handle_request()
4066 server.handle_request()
4067 server.handle_request()
4068 server.server_close()
4069 if no_event_url:
4070 if wps_event_url:
4071 raise Exception("Received event URL unexpectedly")
4072 return
4073 if wps_event_url is None:
4074 raise Exception("Did not get event URL")
4075 logger.info("Event URL: " + wps_event_url)
4076 finally:
24b7f282 4077 dev.request("WPS_ER_STOP")
6aaa661a 4078
18478107 4079def send_wlanevent(url, uuid, data, no_response=False):
6aaa661a
JM		 4080 conn = httplib.HTTPConnection(url.netloc)
4081 payload = '''<?xml version="1.0" encoding="utf-8"?>
4082<e:propertyset xmlns:e="urn:schemas-upnp-org:event-1-0">
4083<e:property><STAStatus>1</STAStatus></e:property>
4084<e:property><APStatus>1</APStatus></e:property>
4085<e:property><WLANEvent>'''
4086 payload += base64.b64encode(data)
4087 payload += '</WLANEvent></e:property></e:propertyset>'
4088 headers = { "Content-type": 'text/xml; charset="utf-8"',
4089 "Server": "Unspecified, UPnP/1.0, Unspecified",
4090 "HOST": url.netloc,
4091 "NT": "upnp:event",
4092 "SID": "uuid:" + uuid,
4093 "SEQ": "0",
4094 "Content-Length": str(len(payload)) }
4095 conn.request("NOTIFY", url.path, payload, headers)
18478107
JM		 4096 if no_response:
4097 try:
4098 conn.getresponse()
4099 except Exception, e:
4100 pass
4101 return
6aaa661a
JM		 4102 resp = conn.getresponse()
4103 if resp.status != 200:
4104 raise Exception("Unexpected HTTP response: %d" % resp.status)
4105
4c3ae1c0
JM		 4106def test_ap_wps_er_http_proto(dev, apdev):
4107 """WPS ER HTTP protocol testing"""
4108 try:
4109 _test_ap_wps_er_http_proto(dev, apdev)
4110 finally:
4111 dev[0].request("WPS_ER_STOP")
4112
4113def _test_ap_wps_er_http_proto(dev, apdev):
4114 uuid = '27ea801a-9e5c-4e73-bd82-f89cbcd10d7e'
6aaa661a 4115 server,sock = wps_er_start(dev[0], WPSAPHTTPServer, max_age=15)
c965ae03
JM		 4116 global wps_event_url
4117 wps_event_url = None
4118 server.handle_request()
4119 server.handle_request()
4120 server.handle_request()
4121 server.server_close()
4122 if wps_event_url is None:
4123 raise Exception("Did not get event URL")
4124 logger.info("Event URL: " + wps_event_url)
4125
4126 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=10)
4127 if ev is None:
4128 raise Exception("No WPS-ER-AP-ADD event")
4129 if uuid not in ev:
4130 raise Exception("UUID mismatch")
4131
4132 sock.close()
4133
4134 logger.info("Valid Probe Request notification")
4135 url = urlparse.urlparse(wps_event_url)
4136 conn = httplib.HTTPConnection(url.netloc)
4137 payload = '''<?xml version="1.0" encoding="utf-8"?>
4138<e:propertyset xmlns:e="urn:schemas-upnp-org:event-1-0">
4139<e:property><STAStatus>1</STAStatus></e:property>
4140<e:property><APStatus>1</APStatus></e:property>
4141<e:property><WLANEvent>ATAyOjAwOjAwOjAwOjAwOjAwEEoAARAQOgABAhAIAAIxSBBHABA2LbR7pTpRkYj7VFi5hrLk
4142EFQACAAAAAAAAAAAEDwAAQMQAgACAAAQCQACAAAQEgACAAAQIQABIBAjAAEgECQAASAQEQAI
4143RGV2aWNlIEEQSQAGADcqAAEg
4144</WLANEvent></e:property>
4145</e:propertyset>
4146'''
4147 headers = { "Content-type": 'text/xml; charset="utf-8"',
4148 "Server": "Unspecified, UPnP/1.0, Unspecified",
4149 "HOST": url.netloc,
4150 "NT": "upnp:event",
4151 "SID": "uuid:" + uuid,
4152 "SEQ": "0",
4153 "Content-Length": str(len(payload)) }
4154 conn.request("NOTIFY", url.path, payload, headers)
4155 resp = conn.getresponse()
4156 if resp.status != 200:
4157 raise Exception("Unexpected HTTP response: %d" % resp.status)
4158
4159 ev = dev[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout=5)
4160 if ev is None:
4161 raise Exception("No WPS-ER-ENROLLEE-ADD event")
4162 if "362db47b-a53a-5191-88fb-5458b986b2e4" not in ev:
4163 raise Exception("No Enrollee UUID match")
4164
4165 logger.info("Incorrect event URL AP id")
4166 conn = httplib.HTTPConnection(url.netloc)
4167 conn.request("NOTIFY", url.path + '123', payload, headers)
4168 resp = conn.getresponse()
4169 if resp.status != 404:
4170 raise Exception("Unexpected HTTP response: %d" % resp.status)
4171
4172 logger.info("Missing AP id")
4173 conn = httplib.HTTPConnection(url.netloc)
4174 conn.request("NOTIFY", '/event/' + url.path.split('/')[2],
4175 payload, headers)
4176 time.sleep(0.1)
4177
4178 logger.info("Incorrect event URL event id")
4179 conn = httplib.HTTPConnection(url.netloc)
4180 conn.request("NOTIFY", '/event/123456789/123', payload, headers)
4181 time.sleep(0.1)
4182
4183 logger.info("Incorrect event URL prefix")
4184 conn = httplib.HTTPConnection(url.netloc)
4185 conn.request("NOTIFY", '/foobar/123456789/123', payload, headers)
4186 resp = conn.getresponse()
4187 if resp.status != 404:
4188 raise Exception("Unexpected HTTP response: %d" % resp.status)
4189
4190 logger.info("Unsupported request")
4191 conn = httplib.HTTPConnection(url.netloc)
4192 conn.request("FOOBAR", '/foobar/123456789/123', payload, headers)
4193 resp = conn.getresponse()
4194 if resp.status != 501:
4195 raise Exception("Unexpected HTTP response: %d" % resp.status)
4196
4197 logger.info("Unsupported request and OOM")
4198 with alloc_fail(dev[0], 1, "wps_er_http_req"):
4199 conn = httplib.HTTPConnection(url.netloc)
4200 conn.request("FOOBAR", '/foobar/123456789/123', payload, headers)
4201 time.sleep(0.5)
4c3ae1c0 4202
6aaa661a
JM		 4203 logger.info("Too short WLANEvent")
4204 data = '\x00'
4205 send_wlanevent(url, uuid, data)
4206
4207 logger.info("Invalid WLANEventMAC")
4208 data = '\x00qwertyuiopasdfghjklzxcvbnm'
4209 send_wlanevent(url, uuid, data)
4210
4211 logger.info("Unknown WLANEventType")
4212 data = '\xff02:00:00:00:00:00'
4213 send_wlanevent(url, uuid, data)
4214
4215 logger.info("Probe Request notification without any attributes")
4216 data = '\x0102:00:00:00:00:00'
4217 send_wlanevent(url, uuid, data)
4218
4219 logger.info("Probe Request notification with invalid attribute")
4220 data = '\x0102:00:00:00:00:00\xff'
4221 send_wlanevent(url, uuid, data)
4222
4223 logger.info("EAP message without any attributes")
4224 data = '\x0202:00:00:00:00:00'
4225 send_wlanevent(url, uuid, data)
4226
4227 logger.info("EAP message with invalid attribute")
4228 data = '\x0202:00:00:00:00:00\xff'
4229 send_wlanevent(url, uuid, data)
4230
4231 logger.info("EAP message from new STA and not M1")
4232 data = '\x0202:ff:ff:ff:ff:ff' + '\x10\x22\x00\x01\x05'
4233 send_wlanevent(url, uuid, data)
4234
4235 logger.info("EAP message: M1")
4236 data = '\x0202:00:00:00:00:00'
4237 data += '\x10\x22\x00\x01\x04'
4238 data += '\x10\x47\x00\x10' + 16*'\x00'
4239 data += '\x10\x20\x00\x06\x02\x00\x00\x00\x00\x00'
4240 data += '\x10\x1a\x00\x10' + 16*'\x00'
4241 data += '\x10\x32\x00\xc0' + 192*'\x00'
4242 data += '\x10\x04\x00\x02\x00\x00'
4243 data += '\x10\x10\x00\x02\x00\x00'
4244 data += '\x10\x0d\x00\x01\x00'
4245 data += '\x10\x08\x00\x02\x00\x00'
4246 data += '\x10\x44\x00\x01\x00'
4247 data += '\x10\x21\x00\x00'
4248 data += '\x10\x23\x00\x00'
4249 data += '\x10\x24\x00\x00'
4250 data += '\x10\x42\x00\x00'
4251 data += '\x10\x54\x00\x08' + 8*'\x00'
4252 data += '\x10\x11\x00\x00'
4253 data += '\x10\x3c\x00\x01\x00'
4254 data += '\x10\x02\x00\x02\x00\x00'
4255 data += '\x10\x12\x00\x02\x00\x00'
4256 data += '\x10\x09\x00\x02\x00\x00'
4257 data += '\x10\x2d\x00\x04\x00\x00\x00\x00'
4258 m1 = data
4259 send_wlanevent(url, uuid, data)
4260
4261 logger.info("EAP message: WSC_ACK")
4262 data = '\x0202:00:00:00:00:00' + '\x10\x22\x00\x01\x0d'
4263 send_wlanevent(url, uuid, data)
4264
4265 logger.info("EAP message: M1")
4266 send_wlanevent(url, uuid, m1)
4267
4268 logger.info("EAP message: WSC_NACK")
4269 data = '\x0202:00:00:00:00:00' + '\x10\x22\x00\x01\x0e'
4270 send_wlanevent(url, uuid, data)
4271
4272 logger.info("EAP message: M1 - Too long attribute values")
4273 data = '\x0202:00:00:00:00:00'
4274 data += '\x10\x11\x00\x21' + 33*'\x00'
4275 data += '\x10\x45\x00\x21' + 33*'\x00'
4276 data += '\x10\x42\x00\x21' + 33*'\x00'
4277 data += '\x10\x24\x00\x21' + 33*'\x00'
4278 data += '\x10\x23\x00\x21' + 33*'\x00'
4279 data += '\x10\x21\x00\x41' + 65*'\x00'
4280 data += '\x10\x49\x00\x09\x00\x37\x2a\x05\x02\x00\x00\x05\x00'
4281 send_wlanevent(url, uuid, data)
4282
4283 logger.info("EAP message: M1 missing UUID-E")
4284 data = '\x0202:00:00:00:00:00'
4285 data += '\x10\x22\x00\x01\x04'
4286 send_wlanevent(url, uuid, data)
4287
4288 logger.info("EAP message: M1 missing MAC Address")
4289 data += '\x10\x47\x00\x10' + 16*'\x00'
4290 send_wlanevent(url, uuid, data)
4291
4292 logger.info("EAP message: M1 missing Enrollee Nonce")
4293 data += '\x10\x20\x00\x06\x02\x00\x00\x00\x00\x00'
4294 send_wlanevent(url, uuid, data)
4295
4296 logger.info("EAP message: M1 missing Public Key")
4297 data += '\x10\x1a\x00\x10' + 16*'\x00'
4298 send_wlanevent(url, uuid, data)
4299
4300 logger.info("EAP message: M1 missing Authentication Type flags")
4301 data += '\x10\x32\x00\xc0' + 192*'\x00'
4302 send_wlanevent(url, uuid, data)
4303
4304 logger.info("EAP message: M1 missing Encryption Type Flags")
4305 data += '\x10\x04\x00\x02\x00\x00'
4306 send_wlanevent(url, uuid, data)
4307
4308 logger.info("EAP message: M1 missing Connection Type flags")
4309 data += '\x10\x10\x00\x02\x00\x00'
4310 send_wlanevent(url, uuid, data)
4311
4312 logger.info("EAP message: M1 missing Config Methods")
4313 data += '\x10\x0d\x00\x01\x00'
4314 send_wlanevent(url, uuid, data)
4315
4316 logger.info("EAP message: M1 missing Wi-Fi Protected Setup State")
4317 data += '\x10\x08\x00\x02\x00\x00'
4318 send_wlanevent(url, uuid, data)
4319
4320 logger.info("EAP message: M1 missing Manufacturer")
4321 data += '\x10\x44\x00\x01\x00'
4322 send_wlanevent(url, uuid, data)
4323
4324 logger.info("EAP message: M1 missing Model Name")
4325 data += '\x10\x21\x00\x00'
4326 send_wlanevent(url, uuid, data)
4327
4328 logger.info("EAP message: M1 missing Model Number")
4329 data += '\x10\x23\x00\x00'
4330 send_wlanevent(url, uuid, data)
4331
4332 logger.info("EAP message: M1 missing Serial Number")
4333 data += '\x10\x24\x00\x00'
4334 send_wlanevent(url, uuid, data)
4335
4336 logger.info("EAP message: M1 missing Primary Device Type")
4337 data += '\x10\x42\x00\x00'
4338 send_wlanevent(url, uuid, data)
4339
4340 logger.info("EAP message: M1 missing Device Name")
4341 data += '\x10\x54\x00\x08' + 8*'\x00'
4342 send_wlanevent(url, uuid, data)
4343
4344 logger.info("EAP message: M1 missing RF Bands")
4345 data += '\x10\x11\x00\x00'
4346 send_wlanevent(url, uuid, data)
4347
4348 logger.info("EAP message: M1 missing Association State")
4349 data += '\x10\x3c\x00\x01\x00'
4350 send_wlanevent(url, uuid, data)
4351
4352 logger.info("EAP message: M1 missing Device Password ID")
4353 data += '\x10\x02\x00\x02\x00\x00'
4354 send_wlanevent(url, uuid, data)
4355
4356 logger.info("EAP message: M1 missing Configuration Error")
4357 data += '\x10\x12\x00\x02\x00\x00'
4358 send_wlanevent(url, uuid, data)
4359
4360 logger.info("EAP message: M1 missing OS Version")
4361 data += '\x10\x09\x00\x02\x00\x00'
4362 send_wlanevent(url, uuid, data)
4c3ae1c0 4363
24b7f282
JM		 4364 logger.info("Check max concurrent requests")
4365 addr = (url.hostname, url.port)
4366 socks = {}
4367 for i in range(20):
4368 socks[i] = socket.socket(socket.AF_INET, socket.SOCK_STREAM,
4369 socket.IPPROTO_TCP)
4370 socks[i].connect(addr)
4371 for i in range(20):
4372 socks[i].send("GET / HTTP/1.1\r\n\r\n")
4373 count = 0
4374 for i in range(20):
4375 try:
4376 res = socks[i].recv(100)
4377 if "HTTP/1" in res:
4378 count += 1
4379 except:
4380 pass
4381 socks[i].close()
4382 logger.info("%d concurrent HTTP GET operations returned response" % count)
4383 if count < 10:
4384 raise Exception("Too few concurrent HTTP connections accepted")
4385
4386 logger.info("OOM in HTTP server")
4387 for func in [ "http_request_init", "httpread_create",
4388 "eloop_register_timeout;httpread_create",
9b35afd6 4389 "eloop_sock_table_add_sock;?eloop_register_sock;httpread_create",
24b7f282
JM		 4390 "httpread_hdr_analyze" ]:
4391 with alloc_fail(dev[0], 1, func):
4392 sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM,
4393 socket.IPPROTO_TCP)
4394 sock.connect(addr)
4395 sock.send("GET / HTTP/1.1\r\n\r\n")
4396 try:
4397 sock.recv(100)
4398 except:
4399 pass
4400 sock.close()
4401
4402 logger.info("Invalid HTTP header")
4403 for req in [ " GET / HTTP/1.1\r\n\r\n",
4404 "HTTP/1.1 200 OK\r\n\r\n",
4405 "HTTP/\r\n\r\n",
4406 "GET %%a%aa% HTTP/1.1\r\n\r\n",
4407 "GET / HTTP/1.1\r\n FOO\r\n\r\n",
4408 "NOTIFY / HTTP/1.1\r\n" + 4097*'a' + '\r\n\r\n',
4409 "NOTIFY / HTTP/1.1\r\n\r\n" + 8193*'a',
4410 "POST / HTTP/1.1\r\nTransfer-Encoding: CHUNKED\r\n\r\n foo\r\n",
4411 "POST / HTTP/1.1\r\nTransfer-Encoding: CHUNKED\r\n\r\n1\r\nfoo\r\n",
4412 "POST / HTTP/1.1\r\nTransfer-Encoding: CHUNKED\r\n\r\n0\r\n",
4413 "POST / HTTP/1.1\r\nTransfer-Encoding: CHUNKED\r\n\r\n0\r\naa\ra\r\n\ra" ]:
4414 sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM,
4415 socket.IPPROTO_TCP)
4416 sock.settimeout(0.1)
4417 sock.connect(addr)
4418 sock.send(req)
4419 try:
4420 sock.recv(100)
4421 except:
4422 pass
4423 sock.close()
4424
4425 with alloc_fail(dev[0], 2, "httpread_read_handler"):
4426 sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM,
4427 socket.IPPROTO_TCP)
4428 sock.connect(addr)
4429 sock.send("NOTIFY / HTTP/1.1\r\n\r\n" + 4500*'a')
4430 try:
4431 sock.recv(100)
4432 except:
4433 pass
4434 sock.close()
4435
4436 conn = httplib.HTTPConnection(url.netloc)
4437 payload = '<foo'
4438 headers = { "Content-type": 'text/xml; charset="utf-8"',
4439 "Server": "Unspecified, UPnP/1.0, Unspecified",
4440 "HOST": url.netloc,
4441 "NT": "upnp:event",
4442 "SID": "uuid:" + uuid,
4443 "SEQ": "0",
4444 "Content-Length": str(len(payload)) }
4445 conn.request("NOTIFY", url.path, payload, headers)
4446 resp = conn.getresponse()
4447 if resp.status != 200:
4448 raise Exception("Unexpected HTTP response: %d" % resp.status)
4449
4450 conn = httplib.HTTPConnection(url.netloc)
4451 payload = '<WLANEvent foo></WLANEvent>'
4452 headers = { "Content-type": 'text/xml; charset="utf-8"',
4453 "Server": "Unspecified, UPnP/1.0, Unspecified",
4454 "HOST": url.netloc,
4455 "NT": "upnp:event",
4456 "SID": "uuid:" + uuid,
4457 "SEQ": "0",
4458 "Content-Length": str(len(payload)) }
4459 conn.request("NOTIFY", url.path, payload, headers)
4460 resp = conn.getresponse()
4461 if resp.status != 200:
4462 raise Exception("Unexpected HTTP response: %d" % resp.status)
4463
4464 with alloc_fail(dev[0], 1, "xml_get_first_item"):
4465 send_wlanevent(url, uuid, '')
4466
4467 with alloc_fail(dev[0], 1, "wpabuf_alloc_ext_data;xml_get_base64_item"):
4468 send_wlanevent(url, uuid, 'foo')
4469
4470 for func in [ "wps_init",
4471 "wps_process_manufacturer",
4472 "wps_process_model_name",
4473 "wps_process_model_number",
4474 "wps_process_serial_number",
4475 "wps_process_dev_name" ]:
4476 with alloc_fail(dev[0], 1, func):
4477 send_wlanevent(url, uuid, m1)
4478
18478107
JM		 4479 with alloc_fail(dev[0], 1, "wps_er_http_resp_ok"):
4480 send_wlanevent(url, uuid, m1, no_response=True)
4481
4482 with alloc_fail(dev[0], 1, "wps_er_http_resp_not_found"):
4483 url2 = urlparse.urlparse(wps_event_url.replace('/event/', '/notfound/'))
4484 send_wlanevent(url2, uuid, m1, no_response=True)
4485
3d105cdf
JM		 4486 logger.info("EAP message: M1")
4487 data = '\x0202:11:22:00:00:00'
4488 data += '\x10\x22\x00\x01\x04'
4489 data += '\x10\x47\x00\x10' + 16*'\x00'
4490 data += '\x10\x20\x00\x06\x02\x00\x00\x00\x00\x00'
4491 data += '\x10\x1a\x00\x10' + 16*'\x00'
4492 data += '\x10\x32\x00\xc0' + 192*'\x00'
4493 data += '\x10\x04\x00\x02\x00\x00'
4494 data += '\x10\x10\x00\x02\x00\x00'
4495 data += '\x10\x0d\x00\x01\x00'
4496 data += '\x10\x08\x00\x02\x00\x00'
4497 data += '\x10\x44\x00\x01\x00'
4498 data += '\x10\x21\x00\x00'
4499 data += '\x10\x23\x00\x00'
4500 data += '\x10\x24\x00\x00'
4501 data += '\x10\x42\x00\x00'
4502 data += '\x10\x54\x00\x08' + 8*'\x00'
4503 data += '\x10\x11\x00\x00'
4504 data += '\x10\x3c\x00\x01\x00'
4505 data += '\x10\x02\x00\x02\x00\x00'
4506 data += '\x10\x12\x00\x02\x00\x00'
4507 data += '\x10\x09\x00\x02\x00\x00'
4508 data += '\x10\x2d\x00\x04\x00\x00\x00\x00'
4509 dev[0].dump_monitor()
4510 with alloc_fail(dev[0], 1, "wps_er_add_sta_data"):
4511 send_wlanevent(url, uuid, data)
4512 ev = dev[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout=0.1)
4513 if ev is not None:
4514 raise Exception("Unexpected enrollee add event")
4515 send_wlanevent(url, uuid, data)
4516 ev = dev[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout=2)
4517 if ev is None:
4518 raise Exception("Enrollee add event not seen")
4519
fe67b945
JM		 4520 with alloc_fail(dev[0], 1, "base64_encode;wps_er_soap_hdr"):
4521 send_wlanevent(url, uuid, data)
4522
4523 with alloc_fail(dev[0], 1, "wpabuf_alloc;wps_er_soap_hdr"):
4524 send_wlanevent(url, uuid, data)
4525
4526 with alloc_fail(dev[0], 1, "http_client_url_parse;wps_er_sta_send_msg"):
4527 send_wlanevent(url, uuid, data)
4528
4529 with alloc_fail(dev[0], 1, "http_client_addr;wps_er_sta_send_msg"):
4530 send_wlanevent(url, uuid, data)
4531
4c3ae1c0
JM		 4532def test_ap_wps_er_http_proto_no_event_sub_url(dev, apdev):
4533 """WPS ER HTTP protocol testing - no eventSubURL"""
6aaa661a
JM		 4534 class WPSAPHTTPServer_no_event_sub_url(WPSAPHTTPServer):
4535 def handle_upnp_info(self):
4536 self.wfile.write(gen_upnp_info(eventSubURL=None))
4537 run_wps_er_proto_test(dev[0], WPSAPHTTPServer_no_event_sub_url,
4538 no_event_url=True)
4c3ae1c0
JM		 4539
4540def test_ap_wps_er_http_proto_event_sub_url_dns(dev, apdev):
4541 """WPS ER HTTP protocol testing - DNS name in eventSubURL"""
6aaa661a
JM		 4542 class WPSAPHTTPServer_event_sub_url_dns(WPSAPHTTPServer):
4543 def handle_upnp_info(self):
4544 self.wfile.write(gen_upnp_info(eventSubURL='http://example.com/wps_event'))
4545 run_wps_er_proto_test(dev[0], WPSAPHTTPServer_event_sub_url_dns,
4546 no_event_url=True)
4c3ae1c0
JM		 4547
4548def test_ap_wps_er_http_proto_subscribe_oom(dev, apdev):
4549 """WPS ER HTTP protocol testing - subscribe OOM"""
4550 try:
4551 _test_ap_wps_er_http_proto_subscribe_oom(dev, apdev)
4552 finally:
4553 dev[0].request("WPS_ER_STOP")
4554
4555def _test_ap_wps_er_http_proto_subscribe_oom(dev, apdev):
4556 tests = [ (1, "http_client_url_parse"),
4557 (1, "wpabuf_alloc;wps_er_subscribe"),
4558 (1, "http_client_addr"),
9b35afd6 4559 (1, "eloop_sock_table_add_sock;?eloop_register_sock;http_client_addr"),
4c3ae1c0
JM		 4560 (1, "eloop_register_timeout;http_client_addr") ]
4561 for count,func in tests:
4562 with alloc_fail(dev[0], count, func):
4563 server,sock = wps_er_start(dev[0], WPSAPHTTPServer)
4564 server.handle_request()
4565 server.handle_request()
4566 wps_er_stop(dev[0], sock, server, on_alloc_fail=True)
6aaa661a
JM		 4567
4568def test_ap_wps_er_http_proto_no_sid(dev, apdev):
4569 """WPS ER HTTP protocol testing - no SID"""
4570 class WPSAPHTTPServer_no_sid(WPSAPHTTPServer):
4571 def handle_wps_event(self):
4572 self.wfile.write(gen_wps_event(sid=None))
4573 run_wps_er_proto_test(dev[0], WPSAPHTTPServer_no_sid)
4574
4575def test_ap_wps_er_http_proto_invalid_sid_no_uuid(dev, apdev):
4576 """WPS ER HTTP protocol testing - invalid SID - no UUID"""
4577 class WPSAPHTTPServer_invalid_sid_no_uuid(WPSAPHTTPServer):
4578 def handle_wps_event(self):
4579 self.wfile.write(gen_wps_event(sid='FOO'))
4580 run_wps_er_proto_test(dev[0], WPSAPHTTPServer_invalid_sid_no_uuid)
4581
4582def test_ap_wps_er_http_proto_invalid_sid_uuid(dev, apdev):
4583 """WPS ER HTTP protocol testing - invalid SID UUID"""
4584 class WPSAPHTTPServer_invalid_sid_uuid(WPSAPHTTPServer):
4585 def handle_wps_event(self):
4586 self.wfile.write(gen_wps_event(sid='uuid:FOO'))
4587 run_wps_er_proto_test(dev[0], WPSAPHTTPServer_invalid_sid_uuid)
4588
4589def test_ap_wps_er_http_proto_subscribe_failing(dev, apdev):
4590 """WPS ER HTTP protocol testing - SUBSCRIBE failing"""
4591 class WPSAPHTTPServer_fail_subscribe(WPSAPHTTPServer):
4592 def handle_wps_event(self):
4593 payload = ""
4594 hdr = 'HTTP/1.1 404 Not Found\r\n' + \
4595 'Content-Type: text/xml; charset="utf-8"\r\n' + \
4596 'Server: Unspecified, UPnP/1.0, Unspecified\r\n' + \
4597 'Connection: close\r\n' + \
4598 'Content-Length: ' + str(len(payload)) + '\r\n' + \
4599 'Timeout: Second-1801\r\n' + \
4600 'Date: Sat, 15 Aug 2015 18:55:08 GMT\r\n\r\n'
4601 self.wfile.write(hdr + payload)
4602 run_wps_er_proto_test(dev[0], WPSAPHTTPServer_fail_subscribe)
4603
4604def test_ap_wps_er_http_proto_subscribe_invalid_response(dev, apdev):
4605 """WPS ER HTTP protocol testing - SUBSCRIBE and invalid response"""
4606 class WPSAPHTTPServer_subscribe_invalid_response(WPSAPHTTPServer):
4607 def handle_wps_event(self):
4608 payload = ""
4609 hdr = 'HTTP/1.1 FOO\r\n' + \
4610 'Content-Type: text/xml; charset="utf-8"\r\n' + \
4611 'Server: Unspecified, UPnP/1.0, Unspecified\r\n' + \
4612 'Connection: close\r\n' + \
4613 'Content-Length: ' + str(len(payload)) + '\r\n' + \
4614 'Timeout: Second-1801\r\n' + \
4615 'Date: Sat, 15 Aug 2015 18:55:08 GMT\r\n\r\n'
4616 self.wfile.write(hdr + payload)
4617 run_wps_er_proto_test(dev[0], WPSAPHTTPServer_subscribe_invalid_response)
4618
4619def test_ap_wps_er_http_proto_subscribe_invalid_response(dev, apdev):
4620 """WPS ER HTTP protocol testing - SUBSCRIBE and invalid response"""
4621 class WPSAPHTTPServer_invalid_m1(WPSAPHTTPServer):
4622 def handle_wps_control(self):
4623 payload = '''<?xml version="1.0"?>
4624<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
4625<s:Body>
4626<u:GetDeviceInfoResponse xmlns:u="urn:schemas-wifialliance-org:service:WFAWLANConfig:1">
4627<NewDeviceInfo>Rk9P</NewDeviceInfo>
4628</u:GetDeviceInfoResponse>
4629</s:Body>
4630</s:Envelope>
4631'''
4632 self.wfile.write(gen_wps_control(payload_override=payload))
4633 run_wps_er_proto_test(dev[0], WPSAPHTTPServer_invalid_m1, no_event_url=True)
4634
4635def test_ap_wps_er_http_proto_upnp_info_no_device(dev, apdev):
4636 """WPS ER HTTP protocol testing - No device in UPnP info"""
4637 class WPSAPHTTPServer_no_device(WPSAPHTTPServer):
4638 def handle_upnp_info(self):
4639 payload = '''<?xml version="1.0"?>
4640<root xmlns="urn:schemas-upnp-org:device-1-0">
4641<specVersion>
4642<major>1</major>
4643<minor>0</minor>
4644</specVersion>
4645</root>
4646'''
4647 hdr = 'HTTP/1.1 200 OK\r\n' + \
4648 'Content-Type: text/xml; charset="utf-8"\r\n' + \
4649 'Server: Unspecified, UPnP/1.0, Unspecified\r\n' + \
4650 'Connection: close\r\n' + \
4651 'Content-Length: ' + str(len(payload)) + '\r\n' + \
4652 'Date: Sat, 15 Aug 2015 18:55:08 GMT\r\n\r\n'
4653 self.wfile.write(hdr + payload)
4654 run_wps_er_proto_test(dev[0], WPSAPHTTPServer_no_device, no_event_url=True)
4655
4656def test_ap_wps_er_http_proto_upnp_info_no_device_type(dev, apdev):
4657 """WPS ER HTTP protocol testing - No deviceType in UPnP info"""
4658 class WPSAPHTTPServer_no_device(WPSAPHTTPServer):
4659 def handle_upnp_info(self):
4660 payload = '''<?xml version="1.0"?>
4661<root xmlns="urn:schemas-upnp-org:device-1-0">
4662<specVersion>
4663<major>1</major>
4664<minor>0</minor>
4665</specVersion>
4666<device>
4667</device>
4668</root>
4669'''
4670 hdr = 'HTTP/1.1 200 OK\r\n' + \
4671 'Content-Type: text/xml; charset="utf-8"\r\n' + \
4672 'Server: Unspecified, UPnP/1.0, Unspecified\r\n' + \
4673 'Connection: close\r\n' + \
4674 'Content-Length: ' + str(len(payload)) + '\r\n' + \
4675 'Date: Sat, 15 Aug 2015 18:55:08 GMT\r\n\r\n'
4676 self.wfile.write(hdr + payload)
4677 run_wps_er_proto_test(dev[0], WPSAPHTTPServer_no_device, no_event_url=True)
4678
4679def test_ap_wps_er_http_proto_upnp_info_invalid_udn_uuid(dev, apdev):
4680 """WPS ER HTTP protocol testing - Invalid UDN UUID"""
4681 class WPSAPHTTPServer_invalid_udn_uuid(WPSAPHTTPServer):
4682 def handle_upnp_info(self):
4683 self.wfile.write(gen_upnp_info(udn='uuid:foo'))
4684 run_wps_er_proto_test(dev[0], WPSAPHTTPServer_invalid_udn_uuid)
4685
4686def test_ap_wps_er_http_proto_no_control_url(dev, apdev):
4687 """WPS ER HTTP protocol testing - no controlURL"""
4688 class WPSAPHTTPServer_no_control_url(WPSAPHTTPServer):
4689 def handle_upnp_info(self):
4690 self.wfile.write(gen_upnp_info(controlURL=None))
4691 run_wps_er_proto_test(dev[0], WPSAPHTTPServer_no_control_url,
4692 no_event_url=True)
4693
4694def test_ap_wps_er_http_proto_control_url_dns(dev, apdev):
4695 """WPS ER HTTP protocol testing - DNS name in controlURL"""
4696 class WPSAPHTTPServer_control_url_dns(WPSAPHTTPServer):
4697 def handle_upnp_info(self):
4698 self.wfile.write(gen_upnp_info(controlURL='http://example.com/wps_control'))
4699 run_wps_er_proto_test(dev[0], WPSAPHTTPServer_control_url_dns,
4700 no_event_url=True)
24b7f282
JM		 4701
4702def test_ap_wps_http_timeout(dev, apdev):
4703 """WPS AP/ER and HTTP timeout"""
4704 try:
4705 _test_ap_wps_http_timeout(dev, apdev)
4706 finally:
4707 dev[0].request("WPS_ER_STOP")
4708
4709def _test_ap_wps_http_timeout(dev, apdev):
4710 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
4711 add_ssdp_ap(apdev[0]['ifname'], ap_uuid)
4712
4713 location = ssdp_get_location(ap_uuid)
4714 url = urlparse.urlparse(location)
4715 addr = (url.hostname, url.port)
4716 logger.debug("Open HTTP connection to hostapd, but do not complete request")
4717 sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM,
4718 socket.IPPROTO_TCP)
4719 sock.connect(addr)
4720 sock.send("G")
4721
4722 class DummyServer(SocketServer.StreamRequestHandler):
4723 def handle(self):
4724 logger.debug("DummyServer - start 31 sec wait")
4725 time.sleep(31)
4726 logger.debug("DummyServer - wait done")
4727
4728 logger.debug("Start WPS ER")
4729 server,sock2 = wps_er_start(dev[0], DummyServer, max_age=40,
4730 wait_m_search=True)
4731
4732 logger.debug("Start server to accept, but not complete, HTTP connection from WPS ER")
4733 # This will wait for 31 seconds..
4734 server.handle_request()
4735
4736 logger.debug("Complete HTTP connection with hostapd (that should have already closed the connection)")
4737 try:
4738 sock.send("ET / HTTP/1.1\r\n\r\n")
4739 res = sock.recv(100)
4740 sock.close()
4741 except:
4742 pass
4743
4744def test_ap_wps_er_url_parse(dev, apdev):
4745 """WPS ER and URL parsing special cases"""
4746 try:
4747 _test_ap_wps_er_url_parse(dev, apdev)
4748 finally:
4749 dev[0].request("WPS_ER_STOP")
4750
4751def _test_ap_wps_er_url_parse(dev, apdev):
4752 sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
4753 sock.settimeout(1)
4754 sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
4755 sock.bind(("239.255.255.250", 1900))
4756 dev[0].request("WPS_ER_START ifname=lo")
4757 (msg,addr) = sock.recvfrom(1000)
4758 logger.debug("Received SSDP message from %s: %s" % (str(addr), msg))
4759 if "M-SEARCH" not in msg:
4760 raise Exception("Not an M-SEARCH")
4761 sock.sendto("HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nlocation:http://127.0.0.1\r\ncache-control:max-age=1\r\n\r\n", addr)
4762 ev = dev[0].wait_event(["WPS-ER-AP-REMOVE"], timeout=2)
4763 sock.sendto("HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nlocation:http://127.0.0.1/:foo\r\ncache-control:max-age=1\r\n\r\n", addr)
4764 ev = dev[0].wait_event(["WPS-ER-AP-REMOVE"], timeout=2)
4765 sock.sendto("HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nlocation:http://255.255.255.255:0/foo.xml\r\ncache-control:max-age=1\r\n\r\n", addr)
4766 ev = dev[0].wait_event(["WPS-ER-AP-REMOVE"], timeout=2)
4767
4768 sock.close()
4769
4770def test_ap_wps_er_link_update(dev, apdev):
4771 """WPS ER and link update special cases"""
4772 class WPSAPHTTPServer_link_update(WPSAPHTTPServer):
4773 def handle_upnp_info(self):
4774 self.wfile.write(gen_upnp_info(controlURL='/wps_control'))
4775 run_wps_er_proto_test(dev[0], WPSAPHTTPServer_link_update)
4776
4777 class WPSAPHTTPServer_link_update2(WPSAPHTTPServer):
4778 def handle_others(self, data):
4779 if "GET / " in data:
4780 self.wfile.write(gen_upnp_info(controlURL='/wps_control'))
4781 run_wps_er_proto_test(dev[0], WPSAPHTTPServer_link_update2,
4782 location_url='http://127.0.0.1:12345')
4783
4784def test_ap_wps_er_http_client(dev, apdev):
4785 """WPS ER and HTTP client special cases"""
4786 with alloc_fail(dev[0], 1, "http_link_update"):
4787 run_wps_er_proto_test(dev[0], WPSAPHTTPServer)
4788
4789 with alloc_fail(dev[0], 1, "wpabuf_alloc;http_client_url"):
4790 run_wps_er_proto_test(dev[0], WPSAPHTTPServer, no_event_url=True)
4791
4792 with alloc_fail(dev[0], 1, "httpread_create;http_client_tx_ready"):
4793 run_wps_er_proto_test(dev[0], WPSAPHTTPServer, no_event_url=True)
4794
4795 class WPSAPHTTPServer_req_as_resp(WPSAPHTTPServer):
4796 def handle_upnp_info(self):
4797 self.wfile.write("GET / HTTP/1.1\r\n\r\n")
4798 run_wps_er_proto_test(dev[0], WPSAPHTTPServer_req_as_resp,
4799 no_event_url=True)
4800
4801def test_ap_wps_init_oom(dev, apdev):
4802 """wps_init OOM cases"""
4803 ssid = "test-wps"
4804 appin = "12345670"
4805 params = { "ssid": ssid, "eap_server": "1", "wps_state": "2",
4806 "ap_pin": appin }
4807 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
4808 pin = dev[0].wps_read_pin()
4809
4810 with alloc_fail(hapd, 1, "wps_init"):
4811 hapd.request("WPS_PIN any " + pin)
4812 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
4813 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
4814 ev = hapd.wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
4815 if ev is None:
4816 raise Exception("No EAP failure reported")
4817 dev[0].request("WPS_CANCEL")
4818
4819 with alloc_fail(dev[0], 2, "wps_init"):
4820 hapd.request("WPS_PIN any " + pin)
4821 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
4822 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
4823 ev = hapd.wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
4824 if ev is None:
4825 raise Exception("No EAP failure reported")
4826 dev[0].request("WPS_CANCEL")
4827
4828 with alloc_fail(dev[0], 2, "wps_init"):
4829 hapd.request("WPS_PBC")
4830 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
4831 dev[0].request("WPS_PBC %s" % (apdev[0]['bssid']))
4832 ev = hapd.wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
4833 if ev is None:
4834 raise Exception("No EAP failure reported")
4835 dev[0].request("WPS_CANCEL")
4836
4837 dev[0].dump_monitor()
4838 new_ssid = "wps-new-ssid"
4839 new_passphrase = "1234567890"
4840 with alloc_fail(dev[0], 3, "wps_init"):
4841 dev[0].wps_reg(apdev[0]['bssid'], appin, new_ssid, "WPA2PSK", "CCMP",
4842 new_passphrase, no_wait=True)
4843 ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
4844 if ev is None:
4845 raise Exception("No EAP failure reported")
4846
4847 dev[0].flush_scan_cache()
4848
4849def test_ap_wps_invalid_assoc_req_elem(dev, apdev):
4850 """WPS and invalid IE in Association Request frame"""
4851 ssid = "test-wps"
4852 params = { "ssid": ssid, "eap_server": "1", "wps_state": "2" }
4853 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
4854 pin = "12345670"
4855 hapd.request("WPS_PIN any " + pin)
4856 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
4857 try:
4858 dev[0].request("VENDOR_ELEM_ADD 13 dd050050f20410")
4859 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
4860 for i in range(5):
4861 ev = hapd.wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=10)
4862 if ev and "vendor=14122" in ev:
4863 break
4864 if ev is None or "vendor=14122" not in ev:
4865 raise Exception("EAP-WSC not started")
4866 dev[0].request("WPS_CANCEL")
4867 finally:
4868 dev[0].request("VENDOR_ELEM_REMOVE 13 *")
4869
4870def test_ap_wps_pbc_pin_mismatch(dev, apdev):
4871 """WPS PBC/PIN mismatch"""
4872 ssid = "test-wps"
4873 params = { "ssid": ssid, "eap_server": "1", "wps_state": "2" }
4874 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
4875 hapd.request("SET wps_version_number 0x10")
4876 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
4877 hapd.request("WPS_PBC")
4878 pin = dev[0].wps_read_pin()
4879 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
4880 ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"])
4881 if ev is None:
4882 raise Exception("Scan did not complete")
4883 dev[0].request("WPS_CANCEL")
4884
4885 hapd.request("WPS_CANCEL")
4886 dev[0].flush_scan_cache()
4887
4888def test_ap_wps_ie_invalid(dev, apdev):
4889 """WPS PIN attempt with AP that has invalid WSC IE"""
4890 ssid = "test-wps"
4891 params = { "ssid": ssid, "eap_server": "1", "wps_state": "2",
4892 "vendor_elements": "dd050050f20410" }
4893 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
4894 params = { 'ssid': "another", "vendor_elements": "dd050050f20410" }
4895 hostapd.add_ap(apdev[1]['ifname'], params)
4896 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
4897 pin = dev[0].wps_read_pin()
4898 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
4899 ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"])
4900 if ev is None:
4901 raise Exception("Scan did not complete")
4902 dev[0].request("WPS_CANCEL")
4903
4904def test_ap_wps_scan_prio_order(dev, apdev):
4905 """WPS scan priority ordering"""
4906 ssid = "test-wps"
4907 params = { "ssid": ssid, "eap_server": "1", "wps_state": "2" }
4908 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
4909 params = { 'ssid': "another", "vendor_elements": "dd050050f20410" }
4910 hostapd.add_ap(apdev[1]['ifname'], params)
4911 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
4912 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
4913 pin = dev[0].wps_read_pin()
4914 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
4915 ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"])
4916 if ev is None:
4917 raise Exception("Scan did not complete")
4918 dev[0].request("WPS_CANCEL")
4919
4920def test_ap_wps_probe_req_ie_oom(dev, apdev):
4921 """WPS ProbeReq IE OOM"""
4922 ssid = "test-wps"
4923 params = { "ssid": ssid, "eap_server": "1", "wps_state": "2" }
4924 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
4925 pin = dev[0].wps_read_pin()
4926 hapd.request("WPS_PIN any " + pin)
4927 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
4928 with alloc_fail(dev[0], 1, "wps_build_probe_req_ie"):
4929 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
4930 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=10)
4931 if ev is None:
4932 raise Exception("Association not seen")
4933 dev[0].request("WPS_CANCEL")
161c8515 4934 dev[0].wait_disconnected()
24b7f282
JM		 4935
4936 with alloc_fail(dev[0], 1, "wps_ie_encapsulate"):
4937 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
4938 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=10)
4939 if ev is None:
4940 raise Exception("Association not seen")
4941 dev[0].request("WPS_CANCEL")
161c8515
JM		 4942 hapd.disable()
4943 dev[0].request("REMOVE_NETWORK all")
4944 dev[0].wait_disconnected()
4945 time.sleep(0.2)
4946 dev[0].flush_scan_cache()
24b7f282
JM		 4947
4948def test_ap_wps_assoc_req_ie_oom(dev, apdev):
4949 """WPS AssocReq IE OOM"""
4950 ssid = "test-wps"
4951 params = { "ssid": ssid, "eap_server": "1", "wps_state": "2" }
4952 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
4953 pin = dev[0].wps_read_pin()
4954 hapd.request("WPS_PIN any " + pin)
4955 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
4956 with alloc_fail(dev[0], 1, "wps_build_assoc_req_ie"):
4957 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
4958 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=10)
4959 if ev is None:
4960 raise Exception("Association not seen")
4961 dev[0].request("WPS_CANCEL")
4962
4963def test_ap_wps_assoc_resp_ie_oom(dev, apdev):
4964 """WPS AssocResp IE OOM"""
4965 ssid = "test-wps"
4966 params = { "ssid": ssid, "eap_server": "1", "wps_state": "2" }
4967 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
4968 pin = dev[0].wps_read_pin()
4969 hapd.request("WPS_PIN any " + pin)
4970 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
4971 with alloc_fail(hapd, 1, "wps_build_assoc_resp_ie"):
4972 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
4973 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=10)
4974 if ev is None:
4975 raise Exception("Association not seen")
4976 dev[0].request("WPS_CANCEL")
4977
4978def test_ap_wps_bss_info_errors(dev, apdev):
4979 """WPS BSS info errors"""
4980 params = { "ssid": "1",
4981 "vendor_elements": "dd0e0050f20410440001ff101100010a" }
4982 hostapd.add_ap(apdev[0]['ifname'], params)
4983 params = { 'ssid': "2", "vendor_elements": "dd050050f20410" }
4984 hostapd.add_ap(apdev[1]['ifname'], params)
4985 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
4986 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
4987 bss = dev[0].get_bss(apdev[0]['bssid'])
4988 logger.info("BSS: " + str(bss))
4989 if "wps_state" in bss:
4990 raise Exception("Unexpected wps_state in BSS info")
4991 if 'wps_device_name' not in bss:
4992 raise Exception("No wps_device_name in BSS info")
4993 if bss['wps_device_name'] != '_':
4994 raise Exception("Unexpected wps_device_name value")
4995 bss = dev[0].get_bss(apdev[1]['bssid'])
4996 logger.info("BSS: " + str(bss))
4997
4998 with alloc_fail(dev[0], 1, "=wps_attr_text"):
4999 bss = dev[0].get_bss(apdev[0]['bssid'])
5000 logger.info("BSS(OOM): " + str(bss))
5001
5002def wps_run_pbc_fail_ap(apdev, dev, hapd):
5003 hapd.request("WPS_PBC")
5004 dev.scan_for_bss(apdev['bssid'], freq="2412")
5005 dev.request("WPS_PBC " + apdev['bssid'])
5006 ev = dev.wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
5007 if ev is None:
5008 raise Exception("No EAP failure reported")
5009 dev.request("WPS_CANCEL")
5010 dev.wait_disconnected()
5011 for i in range(5):
5012 try:
5013 dev.flush_scan_cache()
5014 break
5015 except Exception, e:
5016 if str(e).startswith("Failed to trigger scan"):
5017 # Try again
5018 time.sleep(1)
5019 else:
5020 raise
5021
5022def wps_run_pbc_fail(apdev, dev):
5023 hapd = wps_start_ap(apdev)
5024 wps_run_pbc_fail_ap(apdev, dev, hapd)
5025
5026def test_ap_wps_pk_oom(dev, apdev):
5027 """WPS and public key OOM"""
5028 with alloc_fail(dev[0], 1, "wps_build_public_key"):
5029 wps_run_pbc_fail(apdev[0], dev[0])
5030
5031def test_ap_wps_pk_oom_ap(dev, apdev):
5032 """WPS and public key OOM on AP"""
5033 hapd = wps_start_ap(apdev[0])
5034 with alloc_fail(hapd, 1, "wps_build_public_key"):
5035 wps_run_pbc_fail_ap(apdev[0], dev[0], hapd)
5036
5037def test_ap_wps_encr_oom_ap(dev, apdev):
5038 """WPS and encrypted settings decryption OOM on AP"""
5039 hapd = wps_start_ap(apdev[0])
5040 pin = dev[0].wps_read_pin()
5041 hapd.request("WPS_PIN any " + pin)
5042 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
5043 with alloc_fail(hapd, 1, "wps_decrypt_encr_settings"):
5044 dev[0].request("WPS_PIN " + apdev[0]['bssid'] + " " + pin)
5045 ev = hapd.wait_event(["WPS-FAIL"], timeout=10)
5046 if ev is None:
5047 raise Exception("No WPS-FAIL reported")
5048 dev[0].request("WPS_CANCEL")
5049 dev[0].wait_disconnected()
5050
5051def test_ap_wps_encr_no_random_ap(dev, apdev):
5052 """WPS and no random data available for encryption on AP"""
5053 hapd = wps_start_ap(apdev[0])
5054 with fail_test(hapd, 1, "os_get_random;wps_build_encr_settings"):
5055 wps_run_pbc_fail_ap(apdev[0], dev[0], hapd)
5056
5057def test_ap_wps_e_hash_no_random_sta(dev, apdev):
5058 """WPS and no random data available for e-hash on STA"""
5059 with fail_test(dev[0], 1, "os_get_random;wps_build_e_hash"):
5060 wps_run_pbc_fail(apdev[0], dev[0])
5061
5062def test_ap_wps_m1_no_random(dev, apdev):
5063 """WPS and no random for M1 on STA"""
5064 with fail_test(dev[0], 1, "os_get_random;wps_build_m1"):
5065 wps_run_pbc_fail(apdev[0], dev[0])
5066
5067def test_ap_wps_m1_oom(dev, apdev):
5068 """WPS and OOM for M1 on STA"""
5069 with alloc_fail(dev[0], 1, "wps_build_m1"):
5070 wps_run_pbc_fail(apdev[0], dev[0])
5071
5072def test_ap_wps_m3_oom(dev, apdev):
5073 """WPS and OOM for M3 on STA"""
5074 with alloc_fail(dev[0], 1, "wps_build_m3"):
5075 wps_run_pbc_fail(apdev[0], dev[0])
5076
5077def test_ap_wps_m5_oom(dev, apdev):
5078 """WPS and OOM for M5 on STA"""
5079 hapd = wps_start_ap(apdev[0])
5080 hapd.request("WPS_PBC")
5081 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
5082 for i in range(1, 3):
5083 with alloc_fail(dev[0], i, "wps_build_m5"):
5084 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
5085 ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
5086 if ev is None:
5087 raise Exception("No EAP failure reported")
5088 dev[0].request("WPS_CANCEL")
5089 dev[0].wait_disconnected()
5090 dev[0].flush_scan_cache()
5091
5092def test_ap_wps_m5_no_random(dev, apdev):
5093 """WPS and no random for M5 on STA"""
5094 with fail_test(dev[0], 1,
5095 "os_get_random;wps_build_encr_settings;wps_build_m5"):
5096 wps_run_pbc_fail(apdev[0], dev[0])
5097
5098def test_ap_wps_m7_oom(dev, apdev):
5099 """WPS and OOM for M7 on STA"""
5100 hapd = wps_start_ap(apdev[0])
5101 hapd.request("WPS_PBC")
5102 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
5103 for i in range(1, 3):
5104 with alloc_fail(dev[0], i, "wps_build_m7"):
5105 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
5106 ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
5107 if ev is None:
5108 raise Exception("No EAP failure reported")
5109 dev[0].request("WPS_CANCEL")
5110 dev[0].wait_disconnected()
5111 dev[0].flush_scan_cache()
5112
5113def test_ap_wps_m7_no_random(dev, apdev):
5114 """WPS and no random for M7 on STA"""
5115 with fail_test(dev[0], 1,
5116 "os_get_random;wps_build_encr_settings;wps_build_m7"):
5117 wps_run_pbc_fail(apdev[0], dev[0])
5118
5119def test_ap_wps_wsc_done_oom(dev, apdev):
5120 """WPS and OOM for WSC_Done on STA"""
5121 with alloc_fail(dev[0], 1, "wps_build_wsc_done"):
5122 wps_run_pbc_fail(apdev[0], dev[0])
5123
5124def test_ap_wps_random_psk_fail(dev, apdev):
5125 """WPS and no random for PSK on AP"""
5126 ssid = "test-wps"
5127 pskfile = "/tmp/ap_wps_per_enrollee_psk.psk_file"
5128 appin = "12345670"
5129 try:
5130 os.remove(pskfile)
5131 except:
5132 pass
5133
5134 try:
5135 with open(pskfile, "w") as f:
5136 f.write("# WPA PSKs\n")
5137
5138 params = { "ssid": ssid, "eap_server": "1", "wps_state": "2",
5139 "wpa": "2", "wpa_key_mgmt": "WPA-PSK",
5140 "rsn_pairwise": "CCMP", "ap_pin": appin,
5141 "wpa_psk_file": pskfile }
5142 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
5143
5144 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
5145 with fail_test(hapd, 1, "os_get_random;wps_build_cred_network_key"):
5146 dev[0].request("WPS_REG " + apdev[0]['bssid'] + " " + appin)
5147 ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
5148 if ev is None:
5149 raise Exception("No EAP failure reported")
5150 dev[0].request("WPS_CANCEL")
5151 dev[0].wait_disconnected()
5152
5153 with fail_test(hapd, 1, "os_get_random;wps_build_cred"):
5154 wps_run_pbc_fail_ap(apdev[0], dev[0], hapd)
5155
5156 with alloc_fail(hapd, 1, "wps_build_cred"):
5157 wps_run_pbc_fail_ap(apdev[0], dev[0], hapd)
5158
5159 with alloc_fail(hapd, 2, "wps_build_cred"):
5160 wps_run_pbc_fail_ap(apdev[0], dev[0], hapd)
5161 finally:
5162 os.remove(pskfile)
5163
5164def wps_ext_eap_identity_req(dev, hapd, bssid):
5165 logger.debug("EAP-Identity/Request")
5166 ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
5167 if ev is None:
5168 raise Exception("Timeout on EAPOL-TX from hostapd")
5169 res = dev.request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
5170 if "OK" not in res:
5171 raise Exception("EAPOL_RX to wpa_supplicant failed")
5172
5173def wps_ext_eap_identity_resp(hapd, dev, addr):
5174 ev = dev.wait_event(["EAPOL-TX"], timeout=10)
5175 if ev is None:
5176 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
5177 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
5178 if "OK" not in res:
5179 raise Exception("EAPOL_RX to hostapd failed")
5180
5181def wps_ext_eap_wsc(dst, src, src_addr, msg):
5182 logger.debug(msg)
5183 ev = src.wait_event(["EAPOL-TX"], timeout=10)
5184 if ev is None:
5185 raise Exception("Timeout on EAPOL-TX")
5186 res = dst.request("EAPOL_RX " + src_addr + " " + ev.split(' ')[2])
5187 if "OK" not in res:
5188 raise Exception("EAPOL_RX failed")
5189
7511ead0 5190def wps_start_ext(apdev, dev, pbc=False, pin=None):
24b7f282
JM		 5191 addr = dev.own_addr()
5192 bssid = apdev['bssid']
5193 ssid = "test-wps-conf"
5194 params = { "ssid": ssid, "eap_server": "1", "wps_state": "2",
5195 "wpa_passphrase": "12345678", "wpa": "2",
5196 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"}
5197 hapd = hostapd.add_ap(apdev['ifname'], params)
5198
d1883671
JM		 5199 if pbc:
5200 hapd.request("WPS_PBC")
5201 else:
7511ead0
JM		 5202 if pin is None:
5203 pin = dev.wps_read_pin()
d1883671 5204 hapd.request("WPS_PIN any " + pin)
24b7f282
JM		 5205 dev.scan_for_bss(bssid, freq="2412")
5206 hapd.request("SET ext_eapol_frame_io 1")
5207 dev.request("SET ext_eapol_frame_io 1")
5208
d1883671
JM		 5209 if pbc:
5210 dev.request("WPS_PBC " + bssid)
5211 else:
5212 dev.request("WPS_PIN " + bssid + " " + pin)
24b7f282
JM		 5213 return addr,bssid,hapd
5214
5215def wps_auth_corrupt(dst, src, addr):
5216 ev = src.wait_event(["EAPOL-TX"], timeout=10)
5217 if ev is None:
5218 raise Exception("Timeout on EAPOL-TX")
5219 src.request("SET ext_eapol_frame_io 0")
5220 dst.request("SET ext_eapol_frame_io 0")
5221 msg = ev.split(' ')[2]
5222 if msg[-24:-16] != '10050008':
5223 raise Exception("Could not find Authenticator attribute")
5224 # Corrupt Authenticator value
5225 msg = msg[:-1] + '%x' % ((int(msg[-1], 16) + 1) % 16)
5226 res = dst.request("EAPOL_RX " + addr + " " + msg)
5227 if "OK" not in res:
5228 raise Exception("EAPOL_RX failed")
5229
5230def wps_fail_finish(hapd, dev, fail_str):
5231 ev = hapd.wait_event(["WPS-FAIL"], timeout=5)
5232 if ev is None:
5233 raise Exception("WPS-FAIL not indicated")
5234 if fail_str not in ev:
5235 raise Exception("Unexpected WPS-FAIL value: " + ev)
5236 dev.request("WPS_CANCEL")
5237 dev.wait_disconnected()
5238
5239def wps_auth_corrupt_from_ap(dev, hapd, bssid, fail_str):
5240 wps_auth_corrupt(dev, hapd, bssid)
5241 wps_fail_finish(hapd, dev, fail_str)
5242
5243def wps_auth_corrupt_to_ap(dev, hapd, addr, fail_str):
5244 wps_auth_corrupt(hapd, dev, addr)
5245 wps_fail_finish(hapd, dev, fail_str)
5246
5247def test_ap_wps_authenticator_mismatch_m2(dev, apdev):
5248 """WPS and Authenticator attribute mismatch in M2"""
5249 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0])
5250 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5251 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5252 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5253 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5254 logger.debug("M2")
5255 wps_auth_corrupt_from_ap(dev[0], hapd, bssid, "msg=5")
5256
5257def test_ap_wps_authenticator_mismatch_m3(dev, apdev):
5258 """WPS and Authenticator attribute mismatch in M3"""
5259 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0])
5260 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5261 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5262 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5263 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5264 wps_ext_eap_wsc(dev[0], hapd, bssid, "M2")
5265 logger.debug("M3")
5266 wps_auth_corrupt_to_ap(dev[0], hapd, addr, "msg=7")
5267
5268def test_ap_wps_authenticator_mismatch_m4(dev, apdev):
5269 """WPS and Authenticator attribute mismatch in M4"""
5270 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0])
5271 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5272 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5273 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5274 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5275 wps_ext_eap_wsc(dev[0], hapd, bssid, "M2")
5276 wps_ext_eap_wsc(hapd, dev[0], addr, "M3")
5277 logger.debug("M4")
5278 wps_auth_corrupt_from_ap(dev[0], hapd, bssid, "msg=8")
5279
5280def test_ap_wps_authenticator_mismatch_m5(dev, apdev):
5281 """WPS and Authenticator attribute mismatch in M5"""
5282 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0])
5283 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5284 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5285 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5286 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5287 wps_ext_eap_wsc(dev[0], hapd, bssid, "M2")
5288 wps_ext_eap_wsc(hapd, dev[0], addr, "M3")
5289 wps_ext_eap_wsc(dev[0], hapd, bssid, "M4")
5290 logger.debug("M5")
5291 wps_auth_corrupt_to_ap(dev[0], hapd, addr, "msg=9")
5292
5293def test_ap_wps_authenticator_mismatch_m6(dev, apdev):
5294 """WPS and Authenticator attribute mismatch in M6"""
5295 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0])
5296 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5297 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5298 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5299 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5300 wps_ext_eap_wsc(dev[0], hapd, bssid, "M2")
5301 wps_ext_eap_wsc(hapd, dev[0], addr, "M3")
5302 wps_ext_eap_wsc(dev[0], hapd, bssid, "M4")
5303 wps_ext_eap_wsc(hapd, dev[0], addr, "M5")
5304 logger.debug("M6")
5305 wps_auth_corrupt_from_ap(dev[0], hapd, bssid, "msg=10")
5306
5307def test_ap_wps_authenticator_mismatch_m7(dev, apdev):
5308 """WPS and Authenticator attribute mismatch in M7"""
5309 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0])
5310 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5311 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5312 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5313 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5314 wps_ext_eap_wsc(dev[0], hapd, bssid, "M2")
5315 wps_ext_eap_wsc(hapd, dev[0], addr, "M3")
5316 wps_ext_eap_wsc(dev[0], hapd, bssid, "M4")
5317 wps_ext_eap_wsc(hapd, dev[0], addr, "M5")
5318 wps_ext_eap_wsc(dev[0], hapd, bssid, "M6")
5319 logger.debug("M7")
5320 wps_auth_corrupt_to_ap(dev[0], hapd, addr, "msg=11")
5321
5322def test_ap_wps_authenticator_mismatch_m8(dev, apdev):
5323 """WPS and Authenticator attribute mismatch in M8"""
5324 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0])
5325 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5326 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5327 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5328 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5329 wps_ext_eap_wsc(dev[0], hapd, bssid, "M2")
5330 wps_ext_eap_wsc(hapd, dev[0], addr, "M3")
5331 wps_ext_eap_wsc(dev[0], hapd, bssid, "M4")
5332 wps_ext_eap_wsc(hapd, dev[0], addr, "M5")
5333 wps_ext_eap_wsc(dev[0], hapd, bssid, "M6")
5334 wps_ext_eap_wsc(hapd, dev[0], addr, "M7")
5335 logger.debug("M8")
5336 wps_auth_corrupt_from_ap(dev[0], hapd, bssid, "msg=12")
5337
5338def test_ap_wps_authenticator_missing_m2(dev, apdev):
5339 """WPS and Authenticator attribute missing from M2"""
5340 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0])
5341 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5342 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5343 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5344 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5345 logger.debug("M2")
5346 ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
5347 if ev is None:
5348 raise Exception("Timeout on EAPOL-TX")
5349 hapd.request("SET ext_eapol_frame_io 0")
5350 dev[0].request("SET ext_eapol_frame_io 0")
5351 msg = ev.split(' ')[2]
5352 if msg[-24:-16] != '10050008':
5353 raise Exception("Could not find Authenticator attribute")
5354 # Remove Authenticator value
5355 msg = msg[:-24]
5356 mlen = "%04x" % (int(msg[4:8], 16) - 12)
5357 msg = msg[0:4] + mlen + msg[8:12] + mlen + msg[16:]
5358 res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
5359 if "OK" not in res:
5360 raise Exception("EAPOL_RX failed")
5361 wps_fail_finish(hapd, dev[0], "msg=5")
5362
d1883671
JM		 5363def test_ap_wps_m2_dev_passwd_id_p2p(dev, apdev):
5364 """WPS and M2 with different Device Password ID (P2P)"""
5365 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0])
5366 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5367 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5368 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5369 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5370 logger.debug("M2")
5371 ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
5372 if ev is None:
5373 raise Exception("Timeout on EAPOL-TX")
5374 hapd.request("SET ext_eapol_frame_io 0")
5375 dev[0].request("SET ext_eapol_frame_io 0")
5376 msg = ev.split(' ')[2]
5377 if msg[722:730] != '10120002':
5378 raise Exception("Could not find Device Password ID attribute")
5379 # Replace Device Password ID value. This will fail Authenticator check, but
5380 # allows the code path in wps_process_dev_pw_id() to be checked from debug
5381 # log.
5382 msg = msg[0:730] + "0005" + msg[734:]
5383 res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
5384 if "OK" not in res:
5385 raise Exception("EAPOL_RX failed")
5386 wps_fail_finish(hapd, dev[0], "msg=5")
5387
5388def test_ap_wps_m2_dev_passwd_id_change_pin_to_pbc(dev, apdev):
5389 """WPS and M2 with different Device Password ID (PIN to PBC)"""
5390 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0])
5391 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5392 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5393 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5394 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5395 logger.debug("M2")
5396 ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
5397 if ev is None:
5398 raise Exception("Timeout on EAPOL-TX")
5399 hapd.request("SET ext_eapol_frame_io 0")
5400 dev[0].request("SET ext_eapol_frame_io 0")
5401 msg = ev.split(' ')[2]
5402 if msg[722:730] != '10120002':
5403 raise Exception("Could not find Device Password ID attribute")
5404 # Replace Device Password ID value (PIN --> PBC). This will be rejected.
5405 msg = msg[0:730] + "0004" + msg[734:]
5406 res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
5407 if "OK" not in res:
5408 raise Exception("EAPOL_RX failed")
5409 wps_fail_finish(hapd, dev[0], "msg=5")
5410
5411def test_ap_wps_m2_dev_passwd_id_change_pbc_to_pin(dev, apdev):
5412 """WPS and M2 with different Device Password ID (PBC to PIN)"""
5413 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0], pbc=True)
5414 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5415 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5416 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5417 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5418 logger.debug("M2")
5419 ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
5420 if ev is None:
5421 raise Exception("Timeout on EAPOL-TX")
5422 hapd.request("SET ext_eapol_frame_io 0")
5423 dev[0].request("SET ext_eapol_frame_io 0")
5424 msg = ev.split(' ')[2]
5425 if msg[722:730] != '10120002':
5426 raise Exception("Could not find Device Password ID attribute")
5427 # Replace Device Password ID value. This will fail Authenticator check, but
5428 # allows the code path in wps_process_dev_pw_id() to be checked from debug
5429 # log.
5430 msg = msg[0:730] + "0000" + msg[734:]
5431 res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
5432 if "OK" not in res:
5433 raise Exception("EAPOL_RX failed")
5434 wps_fail_finish(hapd, dev[0], "msg=5")
5435 dev[0].flush_scan_cache()
5436
5437def test_ap_wps_m2_missing_dev_passwd_id(dev, apdev):
5438 """WPS and M2 without Device Password ID"""
5439 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0])
5440 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5441 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5442 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5443 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5444 logger.debug("M2")
5445 ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
5446 if ev is None:
5447 raise Exception("Timeout on EAPOL-TX")
5448 hapd.request("SET ext_eapol_frame_io 0")
5449 dev[0].request("SET ext_eapol_frame_io 0")
5450 msg = ev.split(' ')[2]
5451 if msg[722:730] != '10120002':
5452 raise Exception("Could not find Device Password ID attribute")
5453 # Remove Device Password ID value. This will fail Authenticator check, but
5454 # allows the code path in wps_process_dev_pw_id() to be checked from debug
5455 # log.
5456 mlen = "%04x" % (int(msg[4:8], 16) - 6)
5457 msg = msg[0:4] + mlen + msg[8:12] + mlen + msg[16:722] + msg[734:]
5458 res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
5459 if "OK" not in res:
5460 raise Exception("EAPOL_RX failed")
5461 wps_fail_finish(hapd, dev[0], "msg=5")
5462
5463def test_ap_wps_m2_missing_registrar_nonce(dev, apdev):
5464 """WPS and M2 without Registrar Nonce"""
5465 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0], pbc=True)
5466 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5467 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5468 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5469 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5470 logger.debug("M2")
5471 ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
5472 if ev is None:
5473 raise Exception("Timeout on EAPOL-TX")
5474 hapd.request("SET ext_eapol_frame_io 0")
5475 dev[0].request("SET ext_eapol_frame_io 0")
5476 msg = ev.split(' ')[2]
5477 if msg[96:104] != '10390010':
5478 raise Exception("Could not find Registrar Nonce attribute")
5479 # Remove Registrar Nonce. This will fail Authenticator check, but
5480 # allows the code path in wps_process_registrar_nonce() to be checked from
5481 # the debug log.
5482 mlen = "%04x" % (int(msg[4:8], 16) - 20)
5483 msg = msg[0:4] + mlen + msg[8:12] + mlen + msg[16:96] + msg[136:]
5484 res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
5485 if "OK" not in res:
5486 raise Exception("EAPOL_RX failed")
5487 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECT"], timeout=5)
5488 if ev is None:
5489 raise Exception("Disconnect event not seen")
5490 dev[0].request("WPS_CANCEL")
5491 dev[0].flush_scan_cache()
5492
5493def test_ap_wps_m2_missing_enrollee_nonce(dev, apdev):
5494 """WPS and M2 without Enrollee Nonce"""
5495 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0], pbc=True)
5496 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5497 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5498 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5499 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5500 logger.debug("M2")
5501 ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
5502 if ev is None:
5503 raise Exception("Timeout on EAPOL-TX")
5504 hapd.request("SET ext_eapol_frame_io 0")
5505 dev[0].request("SET ext_eapol_frame_io 0")
5506 msg = ev.split(' ')[2]
5507 if msg[56:64] != '101a0010':
5508 raise Exception("Could not find enrollee Nonce attribute")
5509 # Remove Enrollee Nonce. This will fail Authenticator check, but
5510 # allows the code path in wps_process_enrollee_nonce() to be checked from
5511 # the debug log.
5512 mlen = "%04x" % (int(msg[4:8], 16) - 20)
5513 msg = msg[0:4] + mlen + msg[8:12] + mlen + msg[16:56] + msg[96:]
5514 res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
5515 if "OK" not in res:
5516 raise Exception("EAPOL_RX failed")
5517 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECT"], timeout=5)
5518 if ev is None:
5519 raise Exception("Disconnect event not seen")
5520 dev[0].request("WPS_CANCEL")
5521 dev[0].flush_scan_cache()
5522
5523def test_ap_wps_m2_missing_uuid_r(dev, apdev):
5524 """WPS and M2 without UUID-R"""
5525 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0], pbc=True)
5526 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5527 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5528 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5529 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5530 logger.debug("M2")
5531 ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
5532 if ev is None:
5533 raise Exception("Timeout on EAPOL-TX")
5534 hapd.request("SET ext_eapol_frame_io 0")
5535 dev[0].request("SET ext_eapol_frame_io 0")
5536 msg = ev.split(' ')[2]
5537 if msg[136:144] != '10480010':
5538 raise Exception("Could not find enrollee Nonce attribute")
5539 # Remove UUID-R. This will fail Authenticator check, but allows the code
5540 # path in wps_process_uuid_r() to be checked from the debug log.
5541 mlen = "%04x" % (int(msg[4:8], 16) - 20)
5542 msg = msg[0:4] + mlen + msg[8:12] + mlen + msg[16:136] + msg[176:]
5543 res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
5544 if "OK" not in res:
5545 raise Exception("EAPOL_RX failed")
5546 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECT"], timeout=5)
5547 if ev is None:
5548 raise Exception("Disconnect event not seen")
5549 dev[0].request("WPS_CANCEL")
5550 dev[0].flush_scan_cache()
5551
5552def test_ap_wps_m2_invalid(dev, apdev):
5553 """WPS and M2 parsing failure"""
5554 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0], pbc=True)
5555 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5556 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5557 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5558 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5559 logger.debug("M2")
5560 ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
5561 if ev is None:
5562 raise Exception("Timeout on EAPOL-TX")
5563 hapd.request("SET ext_eapol_frame_io 0")
5564 dev[0].request("SET ext_eapol_frame_io 0")
5565 msg = ev.split(' ')[2]
5566 if msg[136:144] != '10480010':
5567 raise Exception("Could not find enrollee Nonce attribute")
5568 # Remove UUID-R. This will fail Authenticator check, but allows the code
5569 # path in wps_process_uuid_r() to be checked from the debug log.
5570 mlen = "%04x" % (int(msg[4:8], 16) - 1)
5571 msg = msg[0:4] + mlen + msg[8:12] + mlen + msg[16:-2]
5572 res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
5573 if "OK" not in res:
5574 raise Exception("EAPOL_RX failed")
5575 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECT"], timeout=5)
5576 if ev is None:
5577 raise Exception("Disconnect event not seen")
5578 dev[0].request("WPS_CANCEL")
5579 dev[0].flush_scan_cache()
5580
5581def test_ap_wps_m2_missing_msg_type(dev, apdev):
5582 """WPS and M2 without Message Type"""
5583 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0], pbc=True)
5584 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5585 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5586 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5587 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5588 logger.debug("M2")
5589 ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
5590 if ev is None:
5591 raise Exception("Timeout on EAPOL-TX")
5592 hapd.request("SET ext_eapol_frame_io 0")
5593 dev[0].request("SET ext_eapol_frame_io 0")
5594 msg = ev.split(' ')[2]
5595 if msg[46:54] != '10220001':
5596 raise Exception("Could not find Message Type attribute")
5597 # Remove Message Type. This will fail Authenticator check, but allows the
5598 # code path in wps_process_wsc_msg() to be checked from the debug log.
5599 mlen = "%04x" % (int(msg[4:8], 16) - 5)
5600 msg = msg[0:4] + mlen + msg[8:12] + mlen + msg[16:46] + msg[56:]
5601 res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
5602 if "OK" not in res:
5603 raise Exception("EAPOL_RX failed")
5604 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECT"], timeout=5)
5605 if ev is None:
5606 raise Exception("Disconnect event not seen")
5607 dev[0].request("WPS_CANCEL")
5608 dev[0].flush_scan_cache()
5609
5610def test_ap_wps_m2_unknown_msg_type(dev, apdev):
5611 """WPS and M2 but unknown Message Type"""
5612 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0], pbc=True)
5613 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5614 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5615 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5616 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5617 logger.debug("M2")
5618 ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
5619 if ev is None:
5620 raise Exception("Timeout on EAPOL-TX")
5621 hapd.request("SET ext_eapol_frame_io 0")
5622 dev[0].request("SET ext_eapol_frame_io 0")
5623 msg = ev.split(' ')[2]
5624 if msg[46:54] != '10220001':
5625 raise Exception("Could not find Message Type attribute")
5626 # Replace Message Type value. This will be rejected.
5627 msg = msg[0:54] + "00" + msg[56:]
5628 res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
5629 if "OK" not in res:
5630 raise Exception("EAPOL_RX failed")
5631 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECT"], timeout=5)
5632 if ev is None:
5633 raise Exception("Disconnect event not seen")
5634 dev[0].request("WPS_CANCEL")
5635 dev[0].flush_scan_cache()
5636
5637def test_ap_wps_m2_unknown_opcode(dev, apdev):
5638 """WPS and M2 but unknown opcode"""
5639 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0], pbc=True)
5640 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5641 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5642 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5643 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5644 logger.debug("M2")
5645 ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
5646 if ev is None:
5647 raise Exception("Timeout on EAPOL-TX")
5648 hapd.request("SET ext_eapol_frame_io 0")
5649 dev[0].request("SET ext_eapol_frame_io 0")
5650 msg = ev.split(' ')[2]
5651 # Replace opcode. This will be discarded in EAP-WSC processing.
5652 msg = msg[0:32] + "00" + msg[34:]
5653 res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
5654 if "OK" not in res:
5655 raise Exception("EAPOL_RX failed")
5656 dev[0].request("WPS_CANCEL")
5657 dev[0].wait_disconnected()
5658 dev[0].flush_scan_cache()
5659
5660def test_ap_wps_m2_unknown_opcode2(dev, apdev):
5661 """WPS and M2 but unknown opcode (WSC_Start)"""
5662 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0], pbc=True)
5663 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5664 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5665 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5666 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5667 logger.debug("M2")
5668 ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
5669 if ev is None:
5670 raise Exception("Timeout on EAPOL-TX")
5671 hapd.request("SET ext_eapol_frame_io 0")
5672 dev[0].request("SET ext_eapol_frame_io 0")
5673 msg = ev.split(' ')[2]
5674 # Replace opcode. This will be discarded in EAP-WSC processing.
5675 msg = msg[0:32] + "01" + msg[34:]
5676 res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
5677 if "OK" not in res:
5678 raise Exception("EAPOL_RX failed")
5679 dev[0].request("WPS_CANCEL")
5680 dev[0].wait_disconnected()
5681 dev[0].flush_scan_cache()
5682
5683def test_ap_wps_m2_unknown_opcode3(dev, apdev):
5684 """WPS and M2 but unknown opcode (WSC_Done)"""
5685 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0], pbc=True)
5686 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5687 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5688 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5689 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5690 logger.debug("M2")
5691 ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
5692 if ev is None:
5693 raise Exception("Timeout on EAPOL-TX")
5694 hapd.request("SET ext_eapol_frame_io 0")
5695 dev[0].request("SET ext_eapol_frame_io 0")
5696 msg = ev.split(' ')[2]
5697 # Replace opcode. This will be discarded in WPS Enrollee processing.
5698 msg = msg[0:32] + "05" + msg[34:]
5699 res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
5700 if "OK" not in res:
5701 raise Exception("EAPOL_RX failed")
5702 dev[0].request("WPS_CANCEL")
5703 dev[0].wait_disconnected()
5704 dev[0].flush_scan_cache()
5705
5706def wps_m2_but_other(dev, apdev, title, msgtype):
5707 addr,bssid,hapd = wps_start_ext(apdev, dev)
5708 wps_ext_eap_identity_req(dev, hapd, bssid)
5709 wps_ext_eap_identity_resp(hapd, dev, addr)
5710 wps_ext_eap_wsc(dev, hapd, bssid, "EAP-WSC/Start")
5711 wps_ext_eap_wsc(hapd, dev, addr, "M1")
5712 logger.debug(title)
5713 ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
5714 if ev is None:
5715 raise Exception("Timeout on EAPOL-TX")
5716 hapd.request("SET ext_eapol_frame_io 0")
5717 dev.request("SET ext_eapol_frame_io 0")
5718 msg = ev.split(' ')[2]
5719 if msg[46:54] != '10220001':
5720 raise Exception("Could not find Message Type attribute")
5721 # Replace Message Type value. This will be rejected.
5722 msg = msg[0:54] + msgtype + msg[56:]
5723 res = dev.request("EAPOL_RX " + bssid + " " + msg)
5724 if "OK" not in res:
5725 raise Exception("EAPOL_RX failed")
5726 ev = dev.wait_event(["WPS-FAIL"], timeout=5)
5727 if ev is None:
5728 raise Exception("WPS-FAIL event not seen")
5729 dev.request("WPS_CANCEL")
5730 dev.wait_disconnected()
5731
5732def wps_m4_but_other(dev, apdev, title, msgtype):
5733 addr,bssid,hapd = wps_start_ext(apdev, dev)
5734 wps_ext_eap_identity_req(dev, hapd, bssid)
5735 wps_ext_eap_identity_resp(hapd, dev, addr)
5736 wps_ext_eap_wsc(dev, hapd, bssid, "EAP-WSC/Start")
5737 wps_ext_eap_wsc(hapd, dev, addr, "M1")
5738 wps_ext_eap_wsc(dev, hapd, bssid, "M2")
5739 wps_ext_eap_wsc(hapd, dev, addr, "M3")
5740 logger.debug(title)
5741 ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
5742 if ev is None:
5743 raise Exception("Timeout on EAPOL-TX")
5744 hapd.request("SET ext_eapol_frame_io 0")
5745 dev.request("SET ext_eapol_frame_io 0")
5746 msg = ev.split(' ')[2]
5747 if msg[46:54] != '10220001':
5748 raise Exception("Could not find Message Type attribute")
5749 # Replace Message Type value. This will be rejected.
5750 msg = msg[0:54] + msgtype + msg[56:]
5751 res = dev.request("EAPOL_RX " + bssid + " " + msg)
5752 if "OK" not in res:
5753 raise Exception("EAPOL_RX failed")
5754 ev = hapd.wait_event(["WPS-FAIL"], timeout=5)
5755 if ev is None:
5756 raise Exception("WPS-FAIL event not seen")
5757 dev.request("WPS_CANCEL")
5758 dev.wait_disconnected()
5759
5760def test_ap_wps_m2_msg_type_m4(dev, apdev):
5761 """WPS and M2 but Message Type M4"""
5762 wps_m2_but_other(dev[0], apdev[0], "M2/M4", "08")
5763
5764def test_ap_wps_m2_msg_type_m6(dev, apdev):
5765 """WPS and M2 but Message Type M6"""
5766 wps_m2_but_other(dev[0], apdev[0], "M2/M6", "0a")
5767
5768def test_ap_wps_m2_msg_type_m8(dev, apdev):
5769 """WPS and M2 but Message Type M8"""
5770 wps_m2_but_other(dev[0], apdev[0], "M2/M8", "0c")
5771
5772def test_ap_wps_m4_msg_type_m2(dev, apdev):
5773 """WPS and M4 but Message Type M2"""
5774 wps_m4_but_other(dev[0], apdev[0], "M4/M2", "05")
5775
5776def test_ap_wps_m4_msg_type_m2d(dev, apdev):
5777 """WPS and M4 but Message Type M2D"""
5778 wps_m4_but_other(dev[0], apdev[0], "M4/M2D", "06")
5779
24b7f282
JM		 5780def test_ap_wps_config_methods(dev, apdev):
5781 """WPS configuration method parsing"""
5782 ssid = "test-wps-conf"
5783 params = { "ssid": ssid, "eap_server": "1", "wps_state": "2",
5784 "wpa_passphrase": "12345678", "wpa": "2",
5785 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
5786 "config_methods": "ethernet display ext_nfc_token int_nfc_token physical_display physical_push_button" }
5787 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
5788 params = { "ssid": ssid, "eap_server": "1", "wps_state": "2",
5789 "wpa_passphrase": "12345678", "wpa": "2",
5790 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
5791 "config_methods": "display push_button" }
5792 hapd2 = hostapd.add_ap(apdev[1]['ifname'], params)
476daa05
JM		 5793
5794def test_ap_wps_set_selected_registrar_proto(dev, apdev):
5795 """WPS UPnP SetSelectedRegistrar protocol testing"""
5796 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
5797 hapd = add_ssdp_ap(apdev[0]['ifname'], ap_uuid)
5798
5799 location = ssdp_get_location(ap_uuid)
5800 urls = upnp_get_urls(location)
5801 eventurl = urlparse.urlparse(urls['event_sub_url'])
5802 ctrlurl = urlparse.urlparse(urls['control_url'])
5803 url = urlparse.urlparse(location)
5804 conn = httplib.HTTPConnection(url.netloc)
5805
5806 class WPSERHTTPServer(SocketServer.StreamRequestHandler):
5807 def handle(self):
5808 data = self.rfile.readline().strip()
5809 logger.debug(data)
5810 self.wfile.write(gen_wps_event())
5811
5812 server = MyTCPServer(("127.0.0.1", 12345), WPSERHTTPServer)
5813 server.timeout = 1
5814
5815 headers = { "callback": '<http://127.0.0.1:12345/event>',
5816 "NT": "upnp:event",
5817 "timeout": "Second-1234" }
5818 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
5819 resp = conn.getresponse()
5820 if resp.status != 200:
5821 raise Exception("Unexpected HTTP response: %d" % resp.status)
5822 sid = resp.getheader("sid")
5823 logger.debug("Subscription SID " + sid)
5824 server.handle_request()
5825
5826 tests = [ (500, "10"),
5827 (200, "104a000110" + "1041000101" + "101200020000" +
5828 "105300023148" +
5829 "1049002c00372a0001200124111111111111222222222222333333333333444444444444555555555555666666666666" +
5830 "10480010362db47ba53a519188fb5458b986b2e4"),
5831 (200, "104a000110" + "1041000100" + "101200020000" +
5832 "105300020000"),
5833 (200, "104a000110" + "1041000100"),
5834 (200, "104a000110") ]
5835 for status,test in tests:
5836 tlvs = binascii.unhexlify(test)
5837 newmsg = base64.b64encode(tlvs)
5838 msg = '<?xml version="1.0"?>\n'
5839 msg += '<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">'
5840 msg += '<s:Body>'
5841 msg += '<u:SetSelectedRegistrar xmlns:u="urn:schemas-wifialliance-org:service:WFAWLANConfig:1">'
5842 msg += '<NewMessage>'
5843 msg += newmsg
5844 msg += "</NewMessage></u:SetSelectedRegistrar></s:Body></s:Envelope>"
5845 headers = { "Content-type": 'text/xml; charset="utf-8"' }
5846 headers["SOAPAction"] = '"urn:schemas-wifialliance-org:service:WFAWLANConfig:1#%s"' % "SetSelectedRegistrar"
5847 conn.request("POST", ctrlurl.path, msg, headers)
5848 resp = conn.getresponse()
5849 if resp.status != status:
5850 raise Exception("Unexpected HTTP response: %d (expected %d)" % (resp.status, status))
96038a5f
JM		 5851
5852def test_ap_wps_adv_oom(dev, apdev):
5853 """WPS AP and advertisement OOM"""
5854 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
5855 hapd = add_ssdp_ap(apdev[0]['ifname'], ap_uuid)
5856
5857 with alloc_fail(hapd, 1, "=msearchreply_state_machine_start"):
5858 ssdp_send_msearch("urn:schemas-wifialliance-org:service:WFAWLANConfig:1",
5859 no_recv=True)
5860 time.sleep(0.2)
5861
5862 with alloc_fail(hapd, 1, "eloop_register_timeout;msearchreply_state_machine_start"):
5863 ssdp_send_msearch("urn:schemas-wifialliance-org:service:WFAWLANConfig:1",
5864 no_recv=True)
5865 time.sleep(0.2)
5866
5867 with alloc_fail(hapd, 1,
5868 "next_advertisement;advertisement_state_machine_stop"):
5869 hapd.disable()
5870
5871 with alloc_fail(hapd, 1, "ssdp_listener_start"):
5872 if "FAIL" not in hapd.request("ENABLE"):
5873 raise Exception("ENABLE succeeded during OOM")
926404a6
JM		 5874
5875def test_wps_config_methods(dev):
5876 """WPS config method update"""
5877 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
5878 wpas.interface_add("wlan5")
5879 if "OK" not in wpas.request("SET config_methods display label"):
5880 raise Exception("Failed to set config_methods")
5881 if wpas.request("GET config_methods").strip() != "display label":
5882 raise Exception("config_methods were not updated")
5883 if "OK" not in wpas.request("SET config_methods "):
5884 raise Exception("Failed to clear config_methods")
5885 if wpas.request("GET config_methods").strip() != "":
5886 raise Exception("config_methods were not cleared")
7511ead0
JM		 5887
5888WPS_VENDOR_ID_WFA = 14122
5889WPS_VENDOR_TYPE = 1
5890
5891# EAP-WSC Op-Code values
5892WSC_Start = 0x01
5893WSC_ACK = 0x02
5894WSC_NACK = 0x03
5895WSC_MSG = 0x04
5896WSC_Done = 0x05
5897WSC_FRAG_ACK = 0x06
5898
5899ATTR_AP_CHANNEL = 0x1001
5900ATTR_ASSOC_STATE = 0x1002
5901ATTR_AUTH_TYPE = 0x1003
5902ATTR_AUTH_TYPE_FLAGS = 0x1004
5903ATTR_AUTHENTICATOR = 0x1005
5904ATTR_CONFIG_METHODS = 0x1008
5905ATTR_CONFIG_ERROR = 0x1009
5906ATTR_CONFIRM_URL4 = 0x100a
5907ATTR_CONFIRM_URL6 = 0x100b
5908ATTR_CONN_TYPE = 0x100c
5909ATTR_CONN_TYPE_FLAGS = 0x100d
5910ATTR_CRED = 0x100e
5911ATTR_ENCR_TYPE = 0x100f
5912ATTR_ENCR_TYPE_FLAGS = 0x1010
5913ATTR_DEV_NAME = 0x1011
5914ATTR_DEV_PASSWORD_ID = 0x1012
5915ATTR_E_HASH1 = 0x1014
5916ATTR_E_HASH2 = 0x1015
5917ATTR_E_SNONCE1 = 0x1016
5918ATTR_E_SNONCE2 = 0x1017
5919ATTR_ENCR_SETTINGS = 0x1018
5920ATTR_ENROLLEE_NONCE = 0x101a
5921ATTR_FEATURE_ID = 0x101b
5922ATTR_IDENTITY = 0x101c
5923ATTR_IDENTITY_PROOF = 0x101d
5924ATTR_KEY_WRAP_AUTH = 0x101e
5925ATTR_KEY_ID = 0x101f
5926ATTR_MAC_ADDR = 0x1020
5927ATTR_MANUFACTURER = 0x1021
5928ATTR_MSG_TYPE = 0x1022
5929ATTR_MODEL_NAME = 0x1023
5930ATTR_MODEL_NUMBER = 0x1024
5931ATTR_NETWORK_INDEX = 0x1026
5932ATTR_NETWORK_KEY = 0x1027
5933ATTR_NETWORK_KEY_INDEX = 0x1028
5934ATTR_NEW_DEVICE_NAME = 0x1029
5935ATTR_NEW_PASSWORD = 0x102a
5936ATTR_OOB_DEVICE_PASSWORD = 0x102c
5937ATTR_OS_VERSION = 0x102d
5938ATTR_POWER_LEVEL = 0x102f
5939ATTR_PSK_CURRENT = 0x1030
5940ATTR_PSK_MAX = 0x1031
5941ATTR_PUBLIC_KEY = 0x1032
5942ATTR_RADIO_ENABLE = 0x1033
5943ATTR_REBOOT = 0x1034
5944ATTR_REGISTRAR_CURRENT = 0x1035
5945ATTR_REGISTRAR_ESTABLISHED = 0x1036
5946ATTR_REGISTRAR_LIST = 0x1037
5947ATTR_REGISTRAR_MAX = 0x1038
5948ATTR_REGISTRAR_NONCE = 0x1039
5949ATTR_REQUEST_TYPE = 0x103a
5950ATTR_RESPONSE_TYPE = 0x103b
5951ATTR_RF_BANDS = 0x103c
5952ATTR_R_HASH1 = 0x103d
5953ATTR_R_HASH2 = 0x103e
5954ATTR_R_SNONCE1 = 0x103f
5955ATTR_R_SNONCE2 = 0x1040
5956ATTR_SELECTED_REGISTRAR = 0x1041
5957ATTR_SERIAL_NUMBER = 0x1042
5958ATTR_WPS_STATE = 0x1044
5959ATTR_SSID = 0x1045
5960ATTR_TOTAL_NETWORKS = 0x1046
5961ATTR_UUID_E = 0x1047
5962ATTR_UUID_R = 0x1048
5963ATTR_VENDOR_EXT = 0x1049
5964ATTR_VERSION = 0x104a
5965ATTR_X509_CERT_REQ = 0x104b
5966ATTR_X509_CERT = 0x104c
5967ATTR_EAP_IDENTITY = 0x104d
5968ATTR_MSG_COUNTER = 0x104e
5969ATTR_PUBKEY_HASH = 0x104f
5970ATTR_REKEY_KEY = 0x1050
5971ATTR_KEY_LIFETIME = 0x1051
5972ATTR_PERMITTED_CFG_METHODS = 0x1052
5973ATTR_SELECTED_REGISTRAR_CONFIG_METHODS = 0x1053
5974ATTR_PRIMARY_DEV_TYPE = 0x1054
5975ATTR_SECONDARY_DEV_TYPE_LIST = 0x1055
5976ATTR_PORTABLE_DEV = 0x1056
5977ATTR_AP_SETUP_LOCKED = 0x1057
5978ATTR_APPLICATION_EXT = 0x1058
5979ATTR_EAP_TYPE = 0x1059
5980ATTR_IV = 0x1060
5981ATTR_KEY_PROVIDED_AUTO = 0x1061
5982ATTR_802_1X_ENABLED = 0x1062
5983ATTR_APPSESSIONKEY = 0x1063
5984ATTR_WEPTRANSMITKEY = 0x1064
5985ATTR_REQUESTED_DEV_TYPE = 0x106a
5986
5987# Message Type
5988WPS_Beacon = 0x01
5989WPS_ProbeRequest = 0x02
5990WPS_ProbeResponse = 0x03
5991WPS_M1 = 0x04
5992WPS_M2 = 0x05
5993WPS_M2D = 0x06
5994WPS_M3 = 0x07
5995WPS_M4 = 0x08
5996WPS_M5 = 0x09
5997WPS_M6 = 0x0a
5998WPS_M7 = 0x0b
5999WPS_M8 = 0x0c
6000WPS_WSC_ACK = 0x0d
6001WPS_WSC_NACK = 0x0e
6002WPS_WSC_DONE = 0x0f
6003
6004def get_wsc_msg(dev):
6005 ev = dev.wait_event(["EAPOL-TX"], timeout=10)
6006 if ev is None:
6007 raise Exception("Timeout on EAPOL-TX")
6008 data = binascii.unhexlify(ev.split(' ')[2])
6009 msg = {}
6010
6011 # Parse EAPOL header
6012 if len(data) < 4:
6013 raise Exception("No room for EAPOL header")
6014 version,type,length = struct.unpack('>BBH', data[0:4])
6015 msg['eapol_version'] = version
6016 msg['eapol_type'] = type
6017 msg['eapol_length'] = length
6018 data = data[4:]
6019 if length != len(data):
6020 raise Exception("EAPOL header length mismatch (%d != %d)" % (length, len(data)))
6021 if type != 0:
6022 raise Exception("Unexpected EAPOL header type: %d" % type)
6023
6024 # Parse EAP header
6025 if len(data) < 4:
6026 raise Exception("No room for EAP header")
6027 code,identifier,length = struct.unpack('>BBH', data[0:4])
6028 msg['eap_code'] = code
6029 msg['eap_identifier'] = identifier
6030 msg['eap_length'] = length
6031 data = data[4:]
6032 if msg['eapol_length'] != msg['eap_length']:
6033 raise Exception("EAP header length mismatch (%d != %d)" % (msg['eapol_length'], length))
6034
6035 # Parse EAP expanded header
6036 if len(data) < 1:
6037 raise Exception("No EAP type included")
6038 msg['eap_type'], = struct.unpack('B', data[0])
6039 data = data[1:]
6040
6041 if msg['eap_type'] == 254:
6042 if len(data) < 3 + 4:
6043 raise Exception("Truncated EAP expanded header")
6044 msg['eap_vendor_id'], msg['eap_vendor_type'] = struct.unpack('>LL', '\0' + data[0:7])
6045 data = data[7:]
6046 else:
6047 raise Exception("Unexpected EAP type")
6048
6049 if msg['eap_vendor_id'] != WPS_VENDOR_ID_WFA:
6050 raise Exception("Unexpected Vendor-Id")
6051 if msg['eap_vendor_type'] != WPS_VENDOR_TYPE:
6052 raise Exception("Unexpected Vendor-Type")
6053
6054 # Parse EAP-WSC header
6055 if len(data) < 2:
6056 raise Exception("Truncated EAP-WSC header")
6057 msg['wsc_opcode'], msg['wsc_flags'] = struct.unpack('BB', data[0:2])
6058 data = data[2:]
6059
6060 # Parse WSC attributes
6061 msg['raw_attrs'] = data
6062 attrs = {}
6063 while len(data) > 0:
6064 if len(data) < 4:
6065 raise Exception("Truncated attribute header")
6066 attr,length = struct.unpack('>HH', data[0:4])
6067 data = data[4:]
6068 if length > len(data):
6069 raise Exception("Truncated attribute 0x%04x" % attr)
6070 attrs[attr] = data[0:length]
6071 data = data[length:]
6072 msg['wsc_attrs'] = attrs
6073
6074 if ATTR_MSG_TYPE in attrs:
6075 msg['wsc_msg_type'], = struct.unpack('B', attrs[ATTR_MSG_TYPE])
6076
6077 return msg
6078
6079def recv_wsc_msg(dev, opcode, msg_type):
6080 msg = get_wsc_msg(dev)
6081 if msg['wsc_opcode'] != opcode or msg['wsc_msg_type'] != msg_type:
6082 raise Exception("Unexpected Op-Code/MsgType")
6083 return msg, msg['wsc_attrs'], msg['raw_attrs']
6084
6085def build_wsc_attr(attr, payload):
6086 return struct.pack('>HH', attr, len(payload)) + payload
6087
6088def build_attr_msg_type(msg_type):
6089 return build_wsc_attr(ATTR_MSG_TYPE, struct.pack('B', msg_type))
6090
6091def build_eap_wsc(eap_code, eap_id, payload, opcode=WSC_MSG):
6092 length = 4 + 8 + 2 + len(payload)
6093 # EAPOL header
6094 msg = struct.pack('>BBH', 2, 0, length)
6095 # EAP header
6096 msg += struct.pack('>BBH', eap_code, eap_id, length)
6097 # EAP expanded header for EAP-WSC
6098 msg += struct.pack('B', 254)
6099 msg += struct.pack('>L', WPS_VENDOR_ID_WFA)[1:4]
6100 msg += struct.pack('>L', WPS_VENDOR_TYPE)
6101 # EAP-WSC header
6102 msg += struct.pack('BB', opcode, 0)
6103 # WSC attributes
6104 msg += payload
6105 return msg
6106
6107def build_eap_success(eap_id):
6108 length = 4
6109 # EAPOL header
6110 msg = struct.pack('>BBH', 2, 0, length)
6111 # EAP header
6112 msg += struct.pack('>BBH', 3, eap_id, length)
6113 return msg
6114
6115def build_eap_failure(eap_id):
6116 length = 4
6117 # EAPOL header
6118 msg = struct.pack('>BBH', 2, 0, length)
6119 # EAP header
6120 msg += struct.pack('>BBH', 4, eap_id, length)
6121 return msg
6122
6123def send_wsc_msg(dev, src, msg):
6124 res = dev.request("EAPOL_RX " + src + " " + binascii.hexlify(msg))
6125 if "OK" not in res:
6126 raise Exception("EAPOL_RX failed")
6127
6128group_5_prime = 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF
6129group_5_generator = 2
6130
6131def wsc_kdf(key, label, bits):
6132 result = ''
6133 i = 1
6134 while len(result) * 8 < bits:
6135 data = struct.pack('>L', i) + label + struct.pack('>L', bits)
6136 m = hmac.new(key, data, hashlib.sha256)
6137 result += m.digest()
6138 i += 1
6139 return result[0:bits / 8]
6140
6141def wsc_keys(kdk):
6142 keys = wsc_kdf(kdk, "Wi-Fi Easy and Secure Key Derivation", 640)
6143 authkey = keys[0:32]
6144 keywrapkey = keys[32:48]
6145 emsk = keys[48:80]
6146 return authkey,keywrapkey,emsk
6147
6148def wsc_dev_pw_half_psk(authkey, dev_pw):
6149 m = hmac.new(authkey, dev_pw, hashlib.sha256)
6150 return m.digest()[0:16]
6151
6152def wsc_dev_pw_psk(authkey, dev_pw):
6153 dev_pw_1 = dev_pw[0:len(dev_pw) / 2]
6154 dev_pw_2 = dev_pw[len(dev_pw) / 2:]
6155 psk1 = wsc_dev_pw_half_psk(authkey, dev_pw_1)
6156 psk2 = wsc_dev_pw_half_psk(authkey, dev_pw_2)
6157 return psk1,psk2
6158
6159def build_attr_authenticator(authkey, prev_msg, curr_msg):
6160 m = hmac.new(authkey, prev_msg + curr_msg, hashlib.sha256)
6161 auth = m.digest()[0:8]
6162 return build_wsc_attr(ATTR_AUTHENTICATOR, auth)
6163
6164def build_attr_encr_settings(authkey, keywrapkey, data):
6165 m = hmac.new(authkey, data, hashlib.sha256)
6166 kwa = m.digest()[0:8]
6167 data += build_wsc_attr(ATTR_KEY_WRAP_AUTH, kwa)
6168 iv = 16*'\x99'
6169 aes = AES.new(keywrapkey, AES.MODE_CBC, iv)
6170 pad_len = 16 - len(data) % 16
6171 ps = pad_len * struct.pack('B', pad_len)
6172 data += ps
6173 wrapped = aes.encrypt(data)
6174 return build_wsc_attr(ATTR_ENCR_SETTINGS, iv + wrapped)
6175
6176def decrypt_attr_encr_settings(authkey, keywrapkey, data):
6177 if len(data) < 32 or len(data) % 16 != 0:
6178 raise Exception("Unexpected Encrypted Settings length: %d" % len(data))
6179 iv = data[0:16]
6180 encr = data[16:]
6181 aes = AES.new(keywrapkey, AES.MODE_CBC, iv)
6182 decrypted = aes.decrypt(encr)
6183 pad_len, = struct.unpack('B', decrypted[-1])
6184 if pad_len > len(decrypted):
6185 raise Exception("Invalid padding in Encrypted Settings")
6186 for i in range(-pad_len, -1):
6187 if decrypted[i] != decrypted[-1]:
6188 raise Exception("Invalid PS value in Encrypted Settings")
6189
6190 decrypted = decrypted[0:len(decrypted) - pad_len]
6191 if len(decrypted) < 12:
6192 raise Exception("Truncated Encrypted Settings plaintext")
6193 kwa = decrypted[-12:]
6194 attr,length = struct.unpack(">HH", kwa[0:4])
6195 if attr != ATTR_KEY_WRAP_AUTH or length != 8:
6196 raise Exception("Invalid KWA header")
6197 kwa = kwa[4:]
6198 decrypted = decrypted[0:len(decrypted) - 12]
6199
6200 m = hmac.new(authkey, decrypted, hashlib.sha256)
6201 calc_kwa = m.digest()[0:8]
6202 if kwa != calc_kwa:
6203 raise Exception("KWA mismatch")
6204
6205 return decrypted
6206
6207def zeropad_str(val, pad_len):
6208 while len(val) < pad_len * 2:
6209 val = '0' + val
6210 return val
6211
6212def wsc_dh_init():
6213 # For now, use a hardcoded private key. In theory, this is supposed to be
6214 # randomly selected.
6215 own_private = 0x123456789
6216 own_public = pow(group_5_generator, own_private, group_5_prime)
6217 pk = binascii.unhexlify(zeropad_str(format(own_public, '02x'), 192))
6218 return own_private, pk
6219
6220def wsc_dh_kdf(peer_pk, own_private, mac_addr, e_nonce, r_nonce):
6221 peer_public = long(binascii.hexlify(peer_pk), 16)
6222 if peer_public < 2 or peer_public >= group_5_prime:
6223 raise Exception("Invalid peer public key")
6224 if pow(peer_public, (group_5_prime - 1) / 2, group_5_prime) != 1:
6225 raise Exception("Unexpected Legendre symbol for peer public key")
6226
6227 shared_secret = pow(peer_public, own_private, group_5_prime)
6228 ss = zeropad_str(format(shared_secret, "02x"), 192)
6229 logger.debug("DH shared secret: " + ss)
6230
6231 dhkey = hashlib.sha256(binascii.unhexlify(ss)).digest()
6232 logger.debug("DHKey: " + binascii.hexlify(dhkey))
6233
6234 m = hmac.new(dhkey, e_nonce + mac_addr + r_nonce, hashlib.sha256)
6235 kdk = m.digest()
6236 logger.debug("KDK: " + binascii.hexlify(kdk))
6237 authkey,keywrapkey,emsk = wsc_keys(kdk)
6238 logger.debug("AuthKey: " + binascii.hexlify(authkey))
6239 logger.debug("KeyWrapKey: " + binascii.hexlify(keywrapkey))
6240 logger.debug("EMSK: " + binascii.hexlify(emsk))
6241 return authkey,keywrapkey
6242
6243def wsc_dev_pw_hash(authkey, dev_pw, e_pk, r_pk):
6244 psk1,psk2 = wsc_dev_pw_psk(authkey, dev_pw)
6245 logger.debug("PSK1: " + binascii.hexlify(psk1))
6246 logger.debug("PSK2: " + binascii.hexlify(psk2))
6247
6248 # Note: Secret values are supposed to be random, but hardcoded values are
6249 # fine for testing.
6250 s1 = 16*'\x77'
6251 m = hmac.new(authkey, s1 + psk1 + e_pk + r_pk, hashlib.sha256)
6252 hash1 = m.digest()
6253 logger.debug("Hash1: " + binascii.hexlify(hash1))
6254
6255 s2 = 16*'\x88'
6256 m = hmac.new(authkey, s2 + psk2 + e_pk + r_pk, hashlib.sha256)
6257 hash2 = m.digest()
6258 logger.debug("Hash2: " + binascii.hexlify(hash2))
6259 return s1,s2,hash1,hash2
6260
6261def build_m1(eap_id, uuid_e, mac_addr, e_nonce, e_pk,
6262 manufacturer='', model_name='', config_methods='\x00\x00'):
6263 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
6264 attrs += build_attr_msg_type(WPS_M1)
6265 attrs += build_wsc_attr(ATTR_UUID_E, uuid_e)
6266 attrs += build_wsc_attr(ATTR_MAC_ADDR, mac_addr)
6267 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
6268 attrs += build_wsc_attr(ATTR_PUBLIC_KEY, e_pk)
6269 attrs += build_wsc_attr(ATTR_AUTH_TYPE_FLAGS, '\x00\x00')
6270 attrs += build_wsc_attr(ATTR_ENCR_TYPE_FLAGS, '\x00\x00')
6271 attrs += build_wsc_attr(ATTR_CONN_TYPE_FLAGS, '\x00')
6272 attrs += build_wsc_attr(ATTR_CONFIG_METHODS, config_methods)
6273 attrs += build_wsc_attr(ATTR_WPS_STATE, '\x00')
6274 attrs += build_wsc_attr(ATTR_MANUFACTURER, manufacturer)
6275 attrs += build_wsc_attr(ATTR_MODEL_NAME, model_name)
6276 attrs += build_wsc_attr(ATTR_MODEL_NUMBER, '')
6277 attrs += build_wsc_attr(ATTR_SERIAL_NUMBER, '')
6278 attrs += build_wsc_attr(ATTR_PRIMARY_DEV_TYPE, 8*'\x00')
6279 attrs += build_wsc_attr(ATTR_DEV_NAME, '')
6280 attrs += build_wsc_attr(ATTR_RF_BANDS, '\x00')
6281 attrs += build_wsc_attr(ATTR_ASSOC_STATE, '\x00\x00')
6282 attrs += build_wsc_attr(ATTR_DEV_PASSWORD_ID, '\x00\x00')
6283 attrs += build_wsc_attr(ATTR_CONFIG_ERROR, '\x00\x00')
6284 attrs += build_wsc_attr(ATTR_OS_VERSION, '\x00\x00\x00\x00')
6285 m1 = build_eap_wsc(2, eap_id, attrs)
6286 return m1, attrs
6287
6288def build_m2(authkey, m1, eap_id, e_nonce, r_nonce, uuid_r, r_pk,
6289 dev_pw_id='\x00\x00', eap_code=1):
6290 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
6291 attrs += build_attr_msg_type(WPS_M2)
6292 if e_nonce:
6293 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
6294 if r_nonce:
6295 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
6296 attrs += build_wsc_attr(ATTR_UUID_R, uuid_r)
6297 if r_pk:
6298 attrs += build_wsc_attr(ATTR_PUBLIC_KEY, r_pk)
6299 attrs += build_wsc_attr(ATTR_AUTH_TYPE_FLAGS, '\x00\x00')
6300 attrs += build_wsc_attr(ATTR_ENCR_TYPE_FLAGS, '\x00\x00')
6301 attrs += build_wsc_attr(ATTR_CONN_TYPE_FLAGS, '\x00')
6302 attrs += build_wsc_attr(ATTR_CONFIG_METHODS, '\x00\x00')
6303 attrs += build_wsc_attr(ATTR_MANUFACTURER, '')
6304 attrs += build_wsc_attr(ATTR_MODEL_NAME, '')
6305 attrs += build_wsc_attr(ATTR_MODEL_NUMBER, '')
6306 attrs += build_wsc_attr(ATTR_SERIAL_NUMBER, '')
6307 attrs += build_wsc_attr(ATTR_PRIMARY_DEV_TYPE, 8*'\x00')
6308 attrs += build_wsc_attr(ATTR_DEV_NAME, '')
6309 attrs += build_wsc_attr(ATTR_RF_BANDS, '\x00')
6310 attrs += build_wsc_attr(ATTR_ASSOC_STATE, '\x00\x00')
6311 attrs += build_wsc_attr(ATTR_CONFIG_ERROR, '\x00\x00')
6312 attrs += build_wsc_attr(ATTR_DEV_PASSWORD_ID, dev_pw_id)
6313 attrs += build_wsc_attr(ATTR_OS_VERSION, '\x00\x00\x00\x00')
6314 attrs += build_attr_authenticator(authkey, m1, attrs)
6315 m2 = build_eap_wsc(eap_code, eap_id, attrs)
6316 return m2, attrs
6317
6318def build_m2d(m1, eap_id, e_nonce, r_nonce, uuid_r, dev_pw_id=None, eap_code=1):
6319 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
6320 attrs += build_attr_msg_type(WPS_M2D)
6321 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
6322 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
6323 attrs += build_wsc_attr(ATTR_UUID_R, uuid_r)
6324 attrs += build_wsc_attr(ATTR_AUTH_TYPE_FLAGS, '\x00\x00')
6325 attrs += build_wsc_attr(ATTR_ENCR_TYPE_FLAGS, '\x00\x00')
6326 attrs += build_wsc_attr(ATTR_CONN_TYPE_FLAGS, '\x00')
6327 attrs += build_wsc_attr(ATTR_CONFIG_METHODS, '\x00\x00')
6328 attrs += build_wsc_attr(ATTR_MANUFACTURER, '')
6329 attrs += build_wsc_attr(ATTR_MODEL_NAME, '')
6330 #attrs += build_wsc_attr(ATTR_MODEL_NUMBER, '')
6331 attrs += build_wsc_attr(ATTR_SERIAL_NUMBER, '')
6332 attrs += build_wsc_attr(ATTR_PRIMARY_DEV_TYPE, 8*'\x00')
6333 attrs += build_wsc_attr(ATTR_DEV_NAME, '')
6334 attrs += build_wsc_attr(ATTR_RF_BANDS, '\x00')
6335 attrs += build_wsc_attr(ATTR_ASSOC_STATE, '\x00\x00')
6336 attrs += build_wsc_attr(ATTR_CONFIG_ERROR, '\x00\x00')
6337 attrs += build_wsc_attr(ATTR_OS_VERSION, '\x00\x00\x00\x00')
6338 if dev_pw_id:
6339 attrs += build_wsc_attr(ATTR_DEV_PASSWORD_ID, dev_pw_id)
6340 m2d = build_eap_wsc(eap_code, eap_id, attrs)
6341 return m2d, attrs
6342
6343def build_ack(eap_id, e_nonce, r_nonce, msg_type=WPS_WSC_ACK, eap_code=1):
6344 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
6345 if msg_type is not None:
6346 attrs += build_attr_msg_type(msg_type)
6347 if e_nonce:
6348 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
6349 if r_nonce:
6350 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
6351 msg = build_eap_wsc(eap_code, eap_id, attrs, opcode=WSC_ACK)
6352 return msg, attrs
6353
6354def build_nack(eap_id, e_nonce, r_nonce, config_error='\x00\x00',
6355 msg_type=WPS_WSC_NACK, eap_code=1):
6356 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
6357 if msg_type is not None:
6358 attrs += build_attr_msg_type(msg_type)
6359 if e_nonce:
6360 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
6361 if r_nonce:
6362 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
6363 if config_error:
6364 attrs += build_wsc_attr(ATTR_CONFIG_ERROR, config_error)
6365 msg = build_eap_wsc(eap_code, eap_id, attrs, opcode=WSC_NACK)
6366 return msg, attrs
6367
6368def test_wps_ext(dev, apdev):
6369 """WPS against external implementation"""
6370 pin = "12345670"
6371 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
6372 wps_ext_eap_identity_req(dev[0], hapd, bssid)
6373 wps_ext_eap_identity_resp(hapd, dev[0], addr)
6374
6375 logger.debug("Receive WSC/Start from AP")
6376 msg = get_wsc_msg(hapd)
6377 if msg['wsc_opcode'] != WSC_Start:
6378 raise Exception("Unexpected Op-Code for WSC/Start")
6379 wsc_start_id = msg['eap_identifier']
6380
6381 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
6382 uuid_e = 16*'\x11'
6383 e_nonce = 16*'\x22'
6384 own_private, e_pk = wsc_dh_init()
6385
6386 logger.debug("Send M1 to AP")
6387 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
6388 e_nonce, e_pk)
6389 send_wsc_msg(hapd, addr, m1)
6390
6391 logger.debug("Receive M2 from AP")
6392 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
6393
6394 authkey,keywrapkey = wsc_dh_kdf(m2_attrs[ATTR_PUBLIC_KEY], own_private,
6395 mac_addr, e_nonce,
6396 m2_attrs[ATTR_REGISTRAR_NONCE])
6397 e_s1,e_s2,e_hash1,e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk,
6398 m2_attrs[ATTR_PUBLIC_KEY])
6399
6400 logger.debug("Send M3 to AP")
6401 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
6402 attrs += build_attr_msg_type(WPS_M3)
6403 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE,
6404 m2_attrs[ATTR_REGISTRAR_NONCE])
6405 attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
6406 attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
6407 attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
6408 raw_m3_attrs = attrs
6409 m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
6410 send_wsc_msg(hapd, addr, m3)
6411
6412 logger.debug("Receive M4 from AP")
6413 msg, m4_attrs, raw_m4_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M4)
6414
6415 logger.debug("Send M5 to AP")
6416 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
6417 attrs += build_attr_msg_type(WPS_M5)
6418 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE,
6419 m2_attrs[ATTR_REGISTRAR_NONCE])
6420 data = build_wsc_attr(ATTR_E_SNONCE1, e_s1)
6421 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
6422 attrs += build_attr_authenticator(authkey, raw_m4_attrs, attrs)
6423 raw_m5_attrs = attrs
6424 m5 = build_eap_wsc(2, msg['eap_identifier'], attrs)
6425 send_wsc_msg(hapd, addr, m5)
6426
6427 logger.debug("Receive M6 from AP")
6428 msg, m6_attrs, raw_m6_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M6)
6429
6430 logger.debug("Send M7 to AP")
6431 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
6432 attrs += build_attr_msg_type(WPS_M7)
6433 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE,
6434 m2_attrs[ATTR_REGISTRAR_NONCE])
6435 data = build_wsc_attr(ATTR_E_SNONCE2, e_s2)
6436 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
6437 attrs += build_attr_authenticator(authkey, raw_m6_attrs, attrs)
6438 m7 = build_eap_wsc(2, msg['eap_identifier'], attrs)
6439 raw_m7_attrs = attrs
6440 send_wsc_msg(hapd, addr, m7)
6441
6442 logger.debug("Receive M8 from AP")
6443 msg, m8_attrs, raw_m8_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M8)
6444 m8_cred = decrypt_attr_encr_settings(authkey, keywrapkey,
6445 m8_attrs[ATTR_ENCR_SETTINGS])
6446 logger.debug("M8 Credential: " + binascii.hexlify(m8_cred))
6447
6448 logger.debug("Prepare WSC_Done")
6449 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
6450 attrs += build_attr_msg_type(WPS_WSC_DONE)
6451 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
6452 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE,
6453 m2_attrs[ATTR_REGISTRAR_NONCE])
6454 wsc_done = build_eap_wsc(2, msg['eap_identifier'], attrs, opcode=WSC_Done)
6455 # Do not send WSC_Done yet to allow exchangw with STA complete before the
6456 # AP disconnects.
6457
6458 uuid_r = 16*'\x33'
6459 r_nonce = 16*'\x44'
6460
6461 eap_id = wsc_start_id
6462 logger.debug("Send WSC/Start to STA")
6463 wsc_start = build_eap_wsc(1, eap_id, "", opcode=WSC_Start)
6464 send_wsc_msg(dev[0], bssid, wsc_start)
6465 eap_id = (eap_id + 1) % 256
6466
6467 logger.debug("Receive M1 from STA")
6468 msg, m1_attrs, raw_m1_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M1)
6469
6470 authkey,keywrapkey = wsc_dh_kdf(m1_attrs[ATTR_PUBLIC_KEY], own_private,
6471 mac_addr, m1_attrs[ATTR_ENROLLEE_NONCE],
6472 r_nonce)
6473 r_s1,r_s2,r_hash1,r_hash2 = wsc_dev_pw_hash(authkey, pin,
6474 m1_attrs[ATTR_PUBLIC_KEY], e_pk)
6475
6476 logger.debug("Send M2 to STA")
6477 m2, raw_m2_attrs = build_m2(authkey, raw_m1_attrs, eap_id,
6478 m1_attrs[ATTR_ENROLLEE_NONCE],
6479 r_nonce, uuid_r, e_pk)
6480 send_wsc_msg(dev[0], bssid, m2)
6481 eap_id = (eap_id + 1) % 256
6482
6483 logger.debug("Receive M3 from STA")
6484 msg, m3_attrs, raw_m3_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M3)
6485
6486 logger.debug("Send M4 to STA")
6487 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
6488 attrs += build_attr_msg_type(WPS_M4)
6489 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, m1_attrs[ATTR_ENROLLEE_NONCE])
6490 attrs += build_wsc_attr(ATTR_R_HASH1, r_hash1)
6491 attrs += build_wsc_attr(ATTR_R_HASH2, r_hash2)
6492 data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
6493 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
6494 attrs += build_attr_authenticator(authkey, raw_m3_attrs, attrs)
6495 raw_m4_attrs = attrs
6496 m4 = build_eap_wsc(1, eap_id, attrs)
6497 send_wsc_msg(dev[0], bssid, m4)
6498 eap_id = (eap_id + 1) % 256
6499
6500 logger.debug("Receive M5 from STA")
6501 msg, m5_attrs, raw_m5_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M5)
6502
6503 logger.debug("Send M6 to STA")
6504 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
6505 attrs += build_attr_msg_type(WPS_M6)
6506 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE,
6507 m1_attrs[ATTR_ENROLLEE_NONCE])
6508 data = build_wsc_attr(ATTR_R_SNONCE2, r_s2)
6509 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
6510 attrs += build_attr_authenticator(authkey, raw_m5_attrs, attrs)
6511 raw_m6_attrs = attrs
6512 m6 = build_eap_wsc(1, eap_id, attrs)
6513 send_wsc_msg(dev[0], bssid, m6)
6514 eap_id = (eap_id + 1) % 256
6515
6516 logger.debug("Receive M7 from STA")
6517 msg, m7_attrs, raw_m7_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M7)
6518
6519 logger.debug("Send M8 to STA")
6520 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
6521 attrs += build_attr_msg_type(WPS_M8)
6522 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE,
6523 m1_attrs[ATTR_ENROLLEE_NONCE])
6524 attrs += build_attr_encr_settings(authkey, keywrapkey, m8_cred)
6525 attrs += build_attr_authenticator(authkey, raw_m7_attrs, attrs)
6526 raw_m8_attrs = attrs
6527 m8 = build_eap_wsc(1, eap_id, attrs)
6528 send_wsc_msg(dev[0], bssid, m8)
6529 eap_id = (eap_id + 1) % 256
6530
6531 ev = dev[0].wait_event(["WPS-CRED-RECEIVED"], timeout=5)
6532 if ev is None:
6533 raise Exception("wpa_supplicant did not report credential")
6534
6535 logger.debug("Receive WSC_Done from STA")
6536 msg = get_wsc_msg(dev[0])
6537 if msg['wsc_opcode'] != WSC_Done or msg['wsc_msg_type'] != WPS_WSC_DONE:
6538 raise Exception("Unexpected Op-Code/MsgType for WSC_Done")
6539
6540 logger.debug("Send WSC_Done to AP")
6541 hapd.request("SET ext_eapol_frame_io 0")
6542 dev[0].request("SET ext_eapol_frame_io 0")
6543 send_wsc_msg(hapd, addr, wsc_done)
6544
6545 ev = hapd.wait_event(["WPS-REG-SUCCESS"], timeout=5)
6546 if ev is None:
6547 raise Exception("hostapd did not report WPS success")
6548
6549 dev[0].wait_connected()
6550
6551def wps_start_kwa(dev, apdev):
6552 pin = "12345670"
6553 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
6554 wps_ext_eap_identity_req(dev[0], hapd, bssid)
6555 wps_ext_eap_identity_resp(hapd, dev[0], addr)
6556 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
6557
6558 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
6559 uuid_r = 16*'\x33'
6560 r_nonce = 16*'\x44'
6561 own_private, e_pk = wsc_dh_init()
6562
6563 logger.debug("Receive M1 from STA")
6564 msg, m1_attrs, raw_m1_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M1)
6565 eap_id = (msg['eap_identifier'] + 1) % 256
6566
6567 authkey,keywrapkey = wsc_dh_kdf(m1_attrs[ATTR_PUBLIC_KEY], own_private,
6568 mac_addr, m1_attrs[ATTR_ENROLLEE_NONCE],
6569 r_nonce)
6570 r_s1,r_s2,r_hash1,r_hash2 = wsc_dev_pw_hash(authkey, pin,
6571 m1_attrs[ATTR_PUBLIC_KEY], e_pk)
6572
6573 logger.debug("Send M2 to STA")
6574 m2, raw_m2_attrs = build_m2(authkey, raw_m1_attrs, eap_id,
6575 m1_attrs[ATTR_ENROLLEE_NONCE],
6576 r_nonce, uuid_r, e_pk)
6577 send_wsc_msg(dev[0], bssid, m2)
6578 eap_id = (eap_id + 1) % 256
6579
6580 logger.debug("Receive M3 from STA")
6581 msg, m3_attrs, raw_m3_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M3)
6582
6583 logger.debug("Send M4 to STA")
6584 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
6585 attrs += build_attr_msg_type(WPS_M4)
6586 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, m1_attrs[ATTR_ENROLLEE_NONCE])
6587 attrs += build_wsc_attr(ATTR_R_HASH1, r_hash1)
6588 attrs += build_wsc_attr(ATTR_R_HASH2, r_hash2)
6589
6590 return r_s1, keywrapkey, authkey, raw_m3_attrs, eap_id, bssid, attrs
6591
6592def wps_stop_kwa(dev, bssid, attrs, authkey, raw_m3_attrs, eap_id):
6593 attrs += build_attr_authenticator(authkey, raw_m3_attrs, attrs)
6594 m4 = build_eap_wsc(1, eap_id, attrs)
6595 send_wsc_msg(dev[0], bssid, m4)
6596 eap_id = (eap_id + 1) % 256
6597
6598 logger.debug("Receive M5 from STA")
6599 msg = get_wsc_msg(dev[0])
6600 if msg['wsc_opcode'] != WSC_NACK:
6601 raise Exception("Unexpected message - expected WSC_Nack")
6602
6603 dev[0].request("WPS_CANCEL")
6604 send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
6605 dev[0].wait_disconnected()
6606
6607def test_wps_ext_kwa_proto_no_kwa(dev, apdev):
6608 """WPS and KWA error: No KWA attribute"""
6609 r_s1,keywrapkey,authkey,raw_m3_attrs,eap_id,bssid,attrs = wps_start_kwa(dev, apdev)
6610 data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
6611 # Encrypted Settings without KWA
6612 iv = 16*'\x99'
6613 aes = AES.new(keywrapkey, AES.MODE_CBC, iv)
6614 pad_len = 16 - len(data) % 16
6615 ps = pad_len * struct.pack('B', pad_len)
6616 data += ps
6617 wrapped = aes.encrypt(data)
6618 attrs += build_wsc_attr(ATTR_ENCR_SETTINGS, iv + wrapped)
6619 wps_stop_kwa(dev, bssid, attrs, authkey, raw_m3_attrs, eap_id)
6620
6621def test_wps_ext_kwa_proto_data_after_kwa(dev, apdev):
6622 """WPS and KWA error: Data after KWA"""
6623 r_s1,keywrapkey,authkey,raw_m3_attrs,eap_id,bssid,attrs = wps_start_kwa(dev, apdev)
6624 data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
6625 # Encrypted Settings and data after KWA
6626 m = hmac.new(authkey, data, hashlib.sha256)
6627 kwa = m.digest()[0:8]
6628 data += build_wsc_attr(ATTR_KEY_WRAP_AUTH, kwa)
6629 data += build_wsc_attr(ATTR_VENDOR_EXT, "1234567890")
6630 iv = 16*'\x99'
6631 aes = AES.new(keywrapkey, AES.MODE_CBC, iv)
6632 pad_len = 16 - len(data) % 16
6633 ps = pad_len * struct.pack('B', pad_len)
6634 data += ps
6635 wrapped = aes.encrypt(data)
6636 attrs += build_wsc_attr(ATTR_ENCR_SETTINGS, iv + wrapped)
6637 wps_stop_kwa(dev, bssid, attrs, authkey, raw_m3_attrs, eap_id)
6638
6639def test_wps_ext_kwa_proto_kwa_mismatch(dev, apdev):
6640 """WPS and KWA error: KWA mismatch"""
6641 r_s1,keywrapkey,authkey,raw_m3_attrs,eap_id,bssid,attrs = wps_start_kwa(dev, apdev)
6642 data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
6643 # Encrypted Settings and KWA with incorrect value
6644 data += build_wsc_attr(ATTR_KEY_WRAP_AUTH, 8*'\x00')
6645 iv = 16*'\x99'
6646 aes = AES.new(keywrapkey, AES.MODE_CBC, iv)
6647 pad_len = 16 - len(data) % 16
6648 ps = pad_len * struct.pack('B', pad_len)
6649 data += ps
6650 wrapped = aes.encrypt(data)
6651 attrs += build_wsc_attr(ATTR_ENCR_SETTINGS, iv + wrapped)
6652 wps_stop_kwa(dev, bssid, attrs, authkey, raw_m3_attrs, eap_id)
6653
6654def wps_run_cred_proto(dev, apdev, m8_cred, connect=False, no_connect=False):
6655 pin = "12345670"
6656 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
6657 wps_ext_eap_identity_req(dev[0], hapd, bssid)
6658 wps_ext_eap_identity_resp(hapd, dev[0], addr)
6659 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
6660
6661 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
6662 uuid_r = 16*'\x33'
6663 r_nonce = 16*'\x44'
6664 own_private, e_pk = wsc_dh_init()
6665
6666 logger.debug("Receive M1 from STA")
6667 msg, m1_attrs, raw_m1_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M1)
6668 eap_id = (msg['eap_identifier'] + 1) % 256
6669
6670 authkey,keywrapkey = wsc_dh_kdf(m1_attrs[ATTR_PUBLIC_KEY], own_private,
6671 mac_addr, m1_attrs[ATTR_ENROLLEE_NONCE],
6672 r_nonce)
6673 r_s1,r_s2,r_hash1,r_hash2 = wsc_dev_pw_hash(authkey, pin,
6674 m1_attrs[ATTR_PUBLIC_KEY], e_pk)
6675
6676 logger.debug("Send M2 to STA")
6677 m2, raw_m2_attrs = build_m2(authkey, raw_m1_attrs, eap_id,
6678 m1_attrs[ATTR_ENROLLEE_NONCE],
6679 r_nonce, uuid_r, e_pk)
6680 send_wsc_msg(dev[0], bssid, m2)
6681 eap_id = (eap_id + 1) % 256
6682
6683 logger.debug("Receive M3 from STA")
6684 msg, m3_attrs, raw_m3_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M3)
6685
6686 logger.debug("Send M4 to STA")
6687 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
6688 attrs += build_attr_msg_type(WPS_M4)
6689 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, m1_attrs[ATTR_ENROLLEE_NONCE])
6690 attrs += build_wsc_attr(ATTR_R_HASH1, r_hash1)
6691 attrs += build_wsc_attr(ATTR_R_HASH2, r_hash2)
6692 data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
6693 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
6694 attrs += build_attr_authenticator(authkey, raw_m3_attrs, attrs)
6695 raw_m4_attrs = attrs
6696 m4 = build_eap_wsc(1, eap_id, attrs)
6697 send_wsc_msg(dev[0], bssid, m4)
6698 eap_id = (eap_id + 1) % 256
6699
6700 logger.debug("Receive M5 from STA")
6701 msg, m5_attrs, raw_m5_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M5)
6702
6703 logger.debug("Send M6 to STA")
6704 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
6705 attrs += build_attr_msg_type(WPS_M6)
6706 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE,
6707 m1_attrs[ATTR_ENROLLEE_NONCE])
6708 data = build_wsc_attr(ATTR_R_SNONCE2, r_s2)
6709 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
6710 attrs += build_attr_authenticator(authkey, raw_m5_attrs, attrs)
6711 raw_m6_attrs = attrs
6712 m6 = build_eap_wsc(1, eap_id, attrs)
6713 send_wsc_msg(dev[0], bssid, m6)
6714 eap_id = (eap_id + 1) % 256
6715
6716 logger.debug("Receive M7 from STA")
6717 msg, m7_attrs, raw_m7_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M7)
6718
6719 logger.debug("Send M8 to STA")
6720 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
6721 attrs += build_attr_msg_type(WPS_M8)
6722 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE,
6723 m1_attrs[ATTR_ENROLLEE_NONCE])
6724 attrs += build_attr_encr_settings(authkey, keywrapkey, m8_cred)
6725 attrs += build_attr_authenticator(authkey, raw_m7_attrs, attrs)
6726 raw_m8_attrs = attrs
6727 m8 = build_eap_wsc(1, eap_id, attrs)
6728 send_wsc_msg(dev[0], bssid, m8)
6729 eap_id = (eap_id + 1) % 256
6730
6731 if no_connect:
6732 logger.debug("Receive WSC_Done from STA")
6733 msg = get_wsc_msg(dev[0])
6734 if msg['wsc_opcode'] != WSC_Done or msg['wsc_msg_type'] != WPS_WSC_DONE:
6735 raise Exception("Unexpected Op-Code/MsgType for WSC_Done")
6736
6737 hapd.request("SET ext_eapol_frame_io 0")
6738 dev[0].request("SET ext_eapol_frame_io 0")
6739
6740 send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
6741
6742 dev[0].wait_disconnected()
6743 dev[0].request("REMOVE_NETWORK all")
6744 elif connect:
6745 logger.debug("Receive WSC_Done from STA")
6746 msg = get_wsc_msg(dev[0])
6747 if msg['wsc_opcode'] != WSC_Done or msg['wsc_msg_type'] != WPS_WSC_DONE:
6748 raise Exception("Unexpected Op-Code/MsgType for WSC_Done")
6749
6750 hapd.request("SET ext_eapol_frame_io 0")
6751 dev[0].request("SET ext_eapol_frame_io 0")
6752
6753 send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
6754
6755 dev[0].wait_connected()
6756 else:
6757 # Verify STA NACK's the credential
6758 msg = get_wsc_msg(dev[0])
6759 if msg['wsc_opcode'] != WSC_NACK:
6760 raise Exception("Unexpected message - expected WSC_Nack")
6761 dev[0].request("WPS_CANCEL")
6762 send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
6763 dev[0].wait_disconnected()
6764
6765def build_cred(nw_idx='\x01', ssid='test-wps-conf', auth_type='\x00\x20',
6766 encr_type='\x00\x08', nw_key="12345678",
6767 mac_addr='\x00\x00\x00\x00\x00\x00'):
6768 attrs = ''
6769 if nw_idx is not None:
6770 attrs += build_wsc_attr(ATTR_NETWORK_INDEX, nw_idx)
6771 if ssid is not None:
6772 attrs += build_wsc_attr(ATTR_SSID, ssid)
6773 if auth_type is not None:
6774 attrs += build_wsc_attr(ATTR_AUTH_TYPE, auth_type)
6775 if encr_type is not None:
6776 attrs += build_wsc_attr(ATTR_ENCR_TYPE, encr_type)
6777 if nw_key is not None:
6778 attrs += build_wsc_attr(ATTR_NETWORK_KEY, nw_key)
6779 if mac_addr is not None:
6780 attrs += build_wsc_attr(ATTR_MAC_ADDR, mac_addr)
6781 return build_wsc_attr(ATTR_CRED, attrs)
6782
6783def test_wps_ext_cred_proto_success(dev, apdev):
6784 """WPS and Credential: success"""
6785 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
6786 m8_cred = build_cred(mac_addr=mac_addr)
6787 wps_run_cred_proto(dev, apdev, m8_cred, connect=True)
6788
6789def test_wps_ext_cred_proto_mac_addr_mismatch(dev, apdev):
6790 """WPS and Credential: MAC Address mismatch"""
6791 m8_cred = build_cred()
6792 wps_run_cred_proto(dev, apdev, m8_cred, connect=True)
6793
6794def test_wps_ext_cred_proto_zero_padding(dev, apdev):
6795 """WPS and Credential: zeropadded attributes"""
6796 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
6797 m8_cred = build_cred(mac_addr=mac_addr, ssid='test-wps-conf\x00',
6798 nw_key="12345678\x00")
6799 wps_run_cred_proto(dev, apdev, m8_cred, connect=True)
6800
6801def test_wps_ext_cred_proto_ssid_missing(dev, apdev):
6802 """WPS and Credential: SSID missing"""
6803 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
6804 m8_cred = build_cred(mac_addr=mac_addr, ssid=None)
6805 wps_run_cred_proto(dev, apdev, m8_cred)
6806
6807def test_wps_ext_cred_proto_ssid_zero_len(dev, apdev):
6808 """WPS and Credential: Zero-length SSID"""
6809 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
6810 m8_cred = build_cred(mac_addr=mac_addr, ssid="")
6811 wps_run_cred_proto(dev, apdev, m8_cred, no_connect=True)
6812
6813def test_wps_ext_cred_proto_auth_type_missing(dev, apdev):
6814 """WPS and Credential: Auth Type missing"""
6815 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
6816 m8_cred = build_cred(mac_addr=mac_addr, auth_type=None)
6817 wps_run_cred_proto(dev, apdev, m8_cred)
6818
6819def test_wps_ext_cred_proto_encr_type_missing(dev, apdev):
6820 """WPS and Credential: Encr Type missing"""
6821 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
6822 m8_cred = build_cred(mac_addr=mac_addr, encr_type=None)
6823 wps_run_cred_proto(dev, apdev, m8_cred)
6824
6825def test_wps_ext_cred_proto_network_key_missing(dev, apdev):
6826 """WPS and Credential: Network Key missing"""
6827 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
6828 m8_cred = build_cred(mac_addr=mac_addr, nw_key=None)
6829 wps_run_cred_proto(dev, apdev, m8_cred)
6830
6831def test_wps_ext_cred_proto_network_key_missing_open(dev, apdev):
6832 """WPS and Credential: Network Key missing (open)"""
6833 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
6834 m8_cred = build_cred(mac_addr=mac_addr, auth_type='\x00\x01',
6835 encr_type='\x00\x01', nw_key=None, ssid="foo")
6836 wps_run_cred_proto(dev, apdev, m8_cred, no_connect=True)
6837
6838def test_wps_ext_cred_proto_mac_addr_missing(dev, apdev):
6839 """WPS and Credential: MAC Address missing"""
6840 m8_cred = build_cred(mac_addr=None)
6841 wps_run_cred_proto(dev, apdev, m8_cred)
6842
6843def test_wps_ext_cred_proto_invalid_encr_type(dev, apdev):
6844 """WPS and Credential: Invalid Encr Type"""
6845 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
6846 m8_cred = build_cred(mac_addr=mac_addr, encr_type='\x00\x00')
6847 wps_run_cred_proto(dev, apdev, m8_cred)
6848
6849def test_wps_ext_cred_proto_missing_cred(dev, apdev):
6850 """WPS and Credential: Missing Credential"""
6851 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
6852 m8_cred = ''
6853 wps_run_cred_proto(dev, apdev, m8_cred)
6854
6855def test_wps_ext_proto_m2_no_public_key(dev, apdev):
6856 """WPS and no Public Key in M2"""
6857 pin = "12345670"
6858 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
6859 wps_ext_eap_identity_req(dev[0], hapd, bssid)
6860 wps_ext_eap_identity_resp(hapd, dev[0], addr)
6861 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
6862
6863 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
6864 uuid_r = 16*'\x33'
6865 r_nonce = 16*'\x44'
6866 own_private, e_pk = wsc_dh_init()
6867
6868 logger.debug("Receive M1 from STA")
6869 msg, m1_attrs, raw_m1_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M1)
6870 eap_id = (msg['eap_identifier'] + 1) % 256
6871
6872 authkey,keywrapkey = wsc_dh_kdf(m1_attrs[ATTR_PUBLIC_KEY], own_private,
6873 mac_addr, m1_attrs[ATTR_ENROLLEE_NONCE],
6874 r_nonce)
6875 r_s1,r_s2,r_hash1,r_hash2 = wsc_dev_pw_hash(authkey, pin,
6876 m1_attrs[ATTR_PUBLIC_KEY], e_pk)
6877
6878 logger.debug("Send M2 to STA")
6879 m2, raw_m2_attrs = build_m2(authkey, raw_m1_attrs, eap_id,
6880 m1_attrs[ATTR_ENROLLEE_NONCE],
6881 r_nonce, uuid_r, None)
6882 send_wsc_msg(dev[0], bssid, m2)
6883 eap_id = (eap_id + 1) % 256
6884
6885 # Verify STA NACK's the credential
6886 msg = get_wsc_msg(dev[0])
6887 if msg['wsc_opcode'] != WSC_NACK:
6888 raise Exception("Unexpected message - expected WSC_Nack")
6889 dev[0].request("WPS_CANCEL")
6890 send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
6891 dev[0].wait_disconnected()
6892
6893def test_wps_ext_proto_m2_invalid_public_key(dev, apdev):
6894 """WPS and invalid Public Key in M2"""
6895 pin = "12345670"
6896 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
6897 wps_ext_eap_identity_req(dev[0], hapd, bssid)
6898 wps_ext_eap_identity_resp(hapd, dev[0], addr)
6899 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
6900
6901 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
6902 uuid_r = 16*'\x33'
6903 r_nonce = 16*'\x44'
6904 own_private, e_pk = wsc_dh_init()
6905
6906 logger.debug("Receive M1 from STA")
6907 msg, m1_attrs, raw_m1_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M1)
6908 eap_id = (msg['eap_identifier'] + 1) % 256
6909
6910 authkey,keywrapkey = wsc_dh_kdf(m1_attrs[ATTR_PUBLIC_KEY], own_private,
6911 mac_addr, m1_attrs[ATTR_ENROLLEE_NONCE],
6912 r_nonce)
6913 r_s1,r_s2,r_hash1,r_hash2 = wsc_dev_pw_hash(authkey, pin,
6914 m1_attrs[ATTR_PUBLIC_KEY], e_pk)
6915
6916 logger.debug("Send M2 to STA")
6917 m2, raw_m2_attrs = build_m2(authkey, raw_m1_attrs, eap_id,
6918 m1_attrs[ATTR_ENROLLEE_NONCE],
6919 r_nonce, uuid_r, 192*'\xff')
6920 send_wsc_msg(dev[0], bssid, m2)
6921 eap_id = (eap_id + 1) % 256
6922
6923 # Verify STA NACK's the credential
6924 msg = get_wsc_msg(dev[0])
6925 if msg['wsc_opcode'] != WSC_NACK:
6926 raise Exception("Unexpected message - expected WSC_Nack")
6927 dev[0].request("WPS_CANCEL")
6928 send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
6929 dev[0].wait_disconnected()
6930
6931def test_wps_ext_proto_m2_public_key_oom(dev, apdev):
6932 """WPS and Public Key OOM in M2"""
6933 pin = "12345670"
6934 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
6935 wps_ext_eap_identity_req(dev[0], hapd, bssid)
6936 wps_ext_eap_identity_resp(hapd, dev[0], addr)
6937 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
6938
6939 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
6940 uuid_r = 16*'\x33'
6941 r_nonce = 16*'\x44'
6942 own_private, e_pk = wsc_dh_init()
6943
6944 logger.debug("Receive M1 from STA")
6945 msg, m1_attrs, raw_m1_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M1)
6946 eap_id = (msg['eap_identifier'] + 1) % 256
6947
6948 authkey,keywrapkey = wsc_dh_kdf(m1_attrs[ATTR_PUBLIC_KEY], own_private,
6949 mac_addr, m1_attrs[ATTR_ENROLLEE_NONCE],
6950 r_nonce)
6951 r_s1,r_s2,r_hash1,r_hash2 = wsc_dev_pw_hash(authkey, pin,
6952 m1_attrs[ATTR_PUBLIC_KEY], e_pk)
6953
6954 logger.debug("Send M2 to STA")
6955 m2, raw_m2_attrs = build_m2(authkey, raw_m1_attrs, eap_id,
6956 m1_attrs[ATTR_ENROLLEE_NONCE],
6957 r_nonce, uuid_r, e_pk)
6958 with alloc_fail(dev[0], 1, "wpabuf_alloc_copy;wps_process_pubkey"):
6959 send_wsc_msg(dev[0], bssid, m2)
6960 eap_id = (eap_id + 1) % 256
6961
6962 # Verify STA NACK's the credential
6963 msg = get_wsc_msg(dev[0])
6964 if msg['wsc_opcode'] != WSC_NACK:
6965 raise Exception("Unexpected message - expected WSC_Nack")
6966 dev[0].request("WPS_CANCEL")
6967 send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
6968 dev[0].wait_disconnected()
6969
6970def test_wps_ext_proto_nack_m3(dev, apdev):
6971 """WPS and NACK M3"""
6972 pin = "12345670"
6973 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
6974 wps_ext_eap_identity_req(dev[0], hapd, bssid)
6975 wps_ext_eap_identity_resp(hapd, dev[0], addr)
6976 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
6977
6978 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
6979 uuid_r = 16*'\x33'
6980 r_nonce = 16*'\x44'
6981 own_private, e_pk = wsc_dh_init()
6982
6983 logger.debug("Receive M1 from STA")
6984 msg, m1_attrs, raw_m1_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M1)
6985 eap_id = (msg['eap_identifier'] + 1) % 256
6986
6987 authkey,keywrapkey = wsc_dh_kdf(m1_attrs[ATTR_PUBLIC_KEY], own_private,
6988 mac_addr, m1_attrs[ATTR_ENROLLEE_NONCE],
6989 r_nonce)
6990 r_s1,r_s2,r_hash1,r_hash2 = wsc_dev_pw_hash(authkey, pin,
6991 m1_attrs[ATTR_PUBLIC_KEY], e_pk)
6992
6993 logger.debug("Send M2 to STA")
6994 m2, raw_m2_attrs = build_m2(authkey, raw_m1_attrs, eap_id,
6995 m1_attrs[ATTR_ENROLLEE_NONCE],
6996 r_nonce, uuid_r, e_pk)
6997 send_wsc_msg(dev[0], bssid, m2)
6998 eap_id = (eap_id + 1) % 256
6999
7000 logger.debug("Receive M3 from STA")
7001 msg, m3_attrs, raw_m3_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M3)
7002
7003 logger.debug("Send NACK to STA")
7004 msg, attrs = build_nack(eap_id, m1_attrs[ATTR_ENROLLEE_NONCE],
7005 r_nonce, config_error='\x01\x23')
7006 send_wsc_msg(dev[0], bssid, msg)
7007 ev = dev[0].wait_event(["WPS-FAIL"], timeout=5)
7008 if ev is None:
7009 raise Exception("Failure not reported")
7010 if "msg=7 config_error=291" not in ev:
7011 raise Exception("Unexpected failure reason: " + ev)
7012
7013def test_wps_ext_proto_nack_m5(dev, apdev):
7014 """WPS and NACK M5"""
7015 pin = "12345670"
7016 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
7017 wps_ext_eap_identity_req(dev[0], hapd, bssid)
7018 wps_ext_eap_identity_resp(hapd, dev[0], addr)
7019 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
7020
7021 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
7022 uuid_r = 16*'\x33'
7023 r_nonce = 16*'\x44'
7024 own_private, e_pk = wsc_dh_init()
7025
7026 logger.debug("Receive M1 from STA")
7027 msg, m1_attrs, raw_m1_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M1)
7028 eap_id = (msg['eap_identifier'] + 1) % 256
7029
7030 authkey,keywrapkey = wsc_dh_kdf(m1_attrs[ATTR_PUBLIC_KEY], own_private,
7031 mac_addr, m1_attrs[ATTR_ENROLLEE_NONCE],
7032 r_nonce)
7033 r_s1,r_s2,r_hash1,r_hash2 = wsc_dev_pw_hash(authkey, pin,
7034 m1_attrs[ATTR_PUBLIC_KEY], e_pk)
7035
7036 logger.debug("Send M2 to STA")
7037 m2, raw_m2_attrs = build_m2(authkey, raw_m1_attrs, eap_id,
7038 m1_attrs[ATTR_ENROLLEE_NONCE],
7039 r_nonce, uuid_r, e_pk)
7040 send_wsc_msg(dev[0], bssid, m2)
7041 eap_id = (eap_id + 1) % 256
7042
7043 logger.debug("Receive M3 from STA")
7044 msg, m3_attrs, raw_m3_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M3)
7045
7046 logger.debug("Send M4 to STA")
7047 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7048 attrs += build_attr_msg_type(WPS_M4)
7049 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, m1_attrs[ATTR_ENROLLEE_NONCE])
7050 attrs += build_wsc_attr(ATTR_R_HASH1, r_hash1)
7051 attrs += build_wsc_attr(ATTR_R_HASH2, r_hash2)
7052 data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
7053 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
7054 attrs += build_attr_authenticator(authkey, raw_m3_attrs, attrs)
7055 raw_m4_attrs = attrs
7056 m4 = build_eap_wsc(1, eap_id, attrs)
7057 send_wsc_msg(dev[0], bssid, m4)
7058 eap_id = (eap_id + 1) % 256
7059
7060 logger.debug("Receive M5 from STA")
7061 msg, m5_attrs, raw_m5_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M5)
7062
7063 logger.debug("Send NACK to STA")
7064 msg, attrs = build_nack(eap_id, m1_attrs[ATTR_ENROLLEE_NONCE],
7065 r_nonce, config_error='\x01\x24')
7066 send_wsc_msg(dev[0], bssid, msg)
7067 ev = dev[0].wait_event(["WPS-FAIL"], timeout=5)
7068 if ev is None:
7069 raise Exception("Failure not reported")
7070 if "msg=9 config_error=292" not in ev:
7071 raise Exception("Unexpected failure reason: " + ev)
7072
7073def wps_nack_m3(dev, apdev):
7074 pin = "00000000"
7075 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0], pbc=True)
7076 wps_ext_eap_identity_req(dev[0], hapd, bssid)
7077 wps_ext_eap_identity_resp(hapd, dev[0], addr)
7078 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
7079
7080 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
7081 uuid_r = 16*'\x33'
7082 r_nonce = 16*'\x44'
7083 own_private, e_pk = wsc_dh_init()
7084
7085 logger.debug("Receive M1 from STA")
7086 msg, m1_attrs, raw_m1_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M1)
7087 eap_id = (msg['eap_identifier'] + 1) % 256
7088
7089 authkey,keywrapkey = wsc_dh_kdf(m1_attrs[ATTR_PUBLIC_KEY], own_private,
7090 mac_addr, m1_attrs[ATTR_ENROLLEE_NONCE],
7091 r_nonce)
7092 r_s1,r_s2,r_hash1,r_hash2 = wsc_dev_pw_hash(authkey, pin,
7093 m1_attrs[ATTR_PUBLIC_KEY], e_pk)
7094
7095 logger.debug("Send M2 to STA")
7096 m2, raw_m2_attrs = build_m2(authkey, raw_m1_attrs, eap_id,
7097 m1_attrs[ATTR_ENROLLEE_NONCE],
7098 r_nonce, uuid_r, e_pk, dev_pw_id='\x00\x04')
7099 send_wsc_msg(dev[0], bssid, m2)
7100 eap_id = (eap_id + 1) % 256
7101
7102 logger.debug("Receive M3 from STA")
7103 msg, m3_attrs, raw_m3_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M3)
7104 return eap_id, m1_attrs[ATTR_ENROLLEE_NONCE], r_nonce, bssid
7105
7106def test_wps_ext_proto_nack_m3_no_config_error(dev, apdev):
7107 """WPS and NACK M3 missing Config Error"""
7108 eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
7109 logger.debug("Send NACK to STA")
7110 msg, attrs = build_nack(eap_id, e_nonce, r_nonce, config_error=None)
7111 send_wsc_msg(dev[0], bssid, msg)
7112 dev[0].request("WPS_CANCEL")
7113 dev[0].wait_disconnected()
7114 dev[0].flush_scan_cache()
7115
7116def test_wps_ext_proto_nack_m3_no_e_nonce(dev, apdev):
7117 """WPS and NACK M3 missing E-Nonce"""
7118 eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
7119 logger.debug("Send NACK to STA")
7120 msg, attrs = build_nack(eap_id, None, r_nonce)
7121 send_wsc_msg(dev[0], bssid, msg)
7122 dev[0].request("WPS_CANCEL")
7123 dev[0].wait_disconnected()
7124 dev[0].flush_scan_cache()
7125
7126def test_wps_ext_proto_nack_m3_e_nonce_mismatch(dev, apdev):
7127 """WPS and NACK M3 E-Nonce mismatch"""
7128 eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
7129 logger.debug("Send NACK to STA")
7130 msg, attrs = build_nack(eap_id, 16*'\x00', r_nonce)
7131 send_wsc_msg(dev[0], bssid, msg)
7132 dev[0].request("WPS_CANCEL")
7133 dev[0].wait_disconnected()
7134 dev[0].flush_scan_cache()
7135
7136def test_wps_ext_proto_nack_m3_no_r_nonce(dev, apdev):
7137 """WPS and NACK M3 missing R-Nonce"""
7138 eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
7139 logger.debug("Send NACK to STA")
7140 msg, attrs = build_nack(eap_id, e_nonce, None)
7141 send_wsc_msg(dev[0], bssid, msg)
7142 dev[0].request("WPS_CANCEL")
7143 dev[0].wait_disconnected()
7144 dev[0].flush_scan_cache()
7145
7146def test_wps_ext_proto_nack_m3_r_nonce_mismatch(dev, apdev):
7147 """WPS and NACK M3 R-Nonce mismatch"""
7148 eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
7149 logger.debug("Send NACK to STA")
7150 msg, attrs = build_nack(eap_id, e_nonce, 16*'\x00')
7151 send_wsc_msg(dev[0], bssid, msg)
7152 dev[0].request("WPS_CANCEL")
7153 dev[0].wait_disconnected()
7154 dev[0].flush_scan_cache()
7155
7156def test_wps_ext_proto_nack_m3_no_msg_type(dev, apdev):
7157 """WPS and NACK M3 no Message Type"""
7158 eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
7159 logger.debug("Send NACK to STA")
7160 msg, attrs = build_nack(eap_id, e_nonce, r_nonce, msg_type=None)
7161 send_wsc_msg(dev[0], bssid, msg)
7162 dev[0].request("WPS_CANCEL")
7163 dev[0].wait_disconnected()
7164 dev[0].flush_scan_cache()
7165
7166def test_wps_ext_proto_nack_m3_invalid_msg_type(dev, apdev):
7167 """WPS and NACK M3 invalid Message Type"""
7168 eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
7169 logger.debug("Send NACK to STA")
7170 msg, attrs = build_nack(eap_id, e_nonce, r_nonce, msg_type=123)
7171 send_wsc_msg(dev[0], bssid, msg)
7172 dev[0].request("WPS_CANCEL")
7173 dev[0].wait_disconnected()
7174 dev[0].flush_scan_cache()
7175
7176def test_wps_ext_proto_nack_m3_invalid_attr(dev, apdev):
7177 """WPS and NACK M3 invalid attribute"""
7178 eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
7179 logger.debug("Send NACK to STA")
7180 attrs = '\x10\x10\x00'
7181 msg = build_eap_wsc(1, eap_id, attrs, opcode=WSC_NACK)
7182 send_wsc_msg(dev[0], bssid, msg)
7183 dev[0].request("WPS_CANCEL")
7184 dev[0].wait_disconnected()
7185 dev[0].flush_scan_cache()
7186
7187def test_wps_ext_proto_ack_m3_no_e_nonce(dev, apdev):
7188 """WPS and ACK M3 missing E-Nonce"""
7189 eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
7190 logger.debug("Send NACK to STA")
7191 msg, attrs = build_ack(eap_id, None, r_nonce)
7192 send_wsc_msg(dev[0], bssid, msg)
7193 dev[0].request("WPS_CANCEL")
7194 dev[0].wait_disconnected()
7195 dev[0].flush_scan_cache()
7196
7197def test_wps_ext_proto_ack_m3_e_nonce_mismatch(dev, apdev):
7198 """WPS and ACK M3 E-Nonce mismatch"""
7199 eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
7200 logger.debug("Send NACK to STA")
7201 msg, attrs = build_ack(eap_id, 16*'\x00', r_nonce)
7202 send_wsc_msg(dev[0], bssid, msg)
7203 dev[0].request("WPS_CANCEL")
7204 dev[0].wait_disconnected()
7205 dev[0].flush_scan_cache()
7206
7207def test_wps_ext_proto_ack_m3_no_r_nonce(dev, apdev):
7208 """WPS and ACK M3 missing R-Nonce"""
7209 eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
7210 logger.debug("Send NACK to STA")
7211 msg, attrs = build_ack(eap_id, e_nonce, None)
7212 send_wsc_msg(dev[0], bssid, msg)
7213 dev[0].request("WPS_CANCEL")
7214 dev[0].wait_disconnected()
7215 dev[0].flush_scan_cache()
7216
7217def test_wps_ext_proto_ack_m3_r_nonce_mismatch(dev, apdev):
7218 """WPS and ACK M3 R-Nonce mismatch"""
7219 eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
7220 logger.debug("Send NACK to STA")
7221 msg, attrs = build_ack(eap_id, e_nonce, 16*'\x00')
7222 send_wsc_msg(dev[0], bssid, msg)
7223 dev[0].request("WPS_CANCEL")
7224 dev[0].wait_disconnected()
7225 dev[0].flush_scan_cache()
7226
7227def test_wps_ext_proto_ack_m3_no_msg_type(dev, apdev):
7228 """WPS and ACK M3 no Message Type"""
7229 eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
7230 logger.debug("Send NACK to STA")
7231 msg, attrs = build_ack(eap_id, e_nonce, r_nonce, msg_type=None)
7232 send_wsc_msg(dev[0], bssid, msg)
7233 dev[0].request("WPS_CANCEL")
7234 dev[0].wait_disconnected()
7235 dev[0].flush_scan_cache()
7236
7237def test_wps_ext_proto_ack_m3_invalid_msg_type(dev, apdev):
7238 """WPS and ACK M3 invalid Message Type"""
7239 eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
7240 logger.debug("Send NACK to STA")
7241 msg, attrs = build_ack(eap_id, e_nonce, r_nonce, msg_type=123)
7242 send_wsc_msg(dev[0], bssid, msg)
7243 dev[0].request("WPS_CANCEL")
7244 dev[0].wait_disconnected()
7245 dev[0].flush_scan_cache()
7246
7247def test_wps_ext_proto_ack_m3_invalid_attr(dev, apdev):
7248 """WPS and ACK M3 invalid attribute"""
7249 eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
7250 logger.debug("Send ACK to STA")
7251 attrs = '\x10\x10\x00'
7252 msg = build_eap_wsc(1, eap_id, attrs, opcode=WSC_ACK)
7253 send_wsc_msg(dev[0], bssid, msg)
7254 dev[0].request("WPS_CANCEL")
7255 dev[0].wait_disconnected()
7256 dev[0].flush_scan_cache()
7257
7258def test_wps_ext_proto_ack_m3(dev, apdev):
7259 """WPS and ACK M3"""
7260 eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
7261 logger.debug("Send ACK to STA")
7262 msg, attrs = build_ack(eap_id, e_nonce, r_nonce)
7263 send_wsc_msg(dev[0], bssid, msg)
7264 dev[0].request("WPS_CANCEL")
7265 dev[0].wait_disconnected()
7266 dev[0].flush_scan_cache()
7267
7268def wps_to_m3_helper(dev, apdev):
7269 pin = "12345670"
7270 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
7271 wps_ext_eap_identity_req(dev[0], hapd, bssid)
7272 wps_ext_eap_identity_resp(hapd, dev[0], addr)
7273 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
7274
7275 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
7276 uuid_r = 16*'\x33'
7277 r_nonce = 16*'\x44'
7278 own_private, e_pk = wsc_dh_init()
7279
7280 logger.debug("Receive M1 from STA")
7281 msg, m1_attrs, raw_m1_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M1)
7282 eap_id = (msg['eap_identifier'] + 1) % 256
7283
7284 authkey,keywrapkey = wsc_dh_kdf(m1_attrs[ATTR_PUBLIC_KEY], own_private,
7285 mac_addr, m1_attrs[ATTR_ENROLLEE_NONCE],
7286 r_nonce)
7287 r_s1,r_s2,r_hash1,r_hash2 = wsc_dev_pw_hash(authkey, pin,
7288 m1_attrs[ATTR_PUBLIC_KEY], e_pk)
7289
7290 logger.debug("Send M2 to STA")
7291 m2, raw_m2_attrs = build_m2(authkey, raw_m1_attrs, eap_id,
7292 m1_attrs[ATTR_ENROLLEE_NONCE],
7293 r_nonce, uuid_r, e_pk)
7294 send_wsc_msg(dev[0], bssid, m2)
7295 eap_id = (eap_id + 1) % 256
7296
7297 logger.debug("Receive M3 from STA")
7298 msg, m3_attrs, raw_m3_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M3)
7299 return eap_id, m1_attrs, r_nonce, bssid, r_hash1, r_hash2, r_s1, r_s2, raw_m3_attrs, authkey, keywrapkey
7300
7301def wps_to_m3(dev, apdev):
7302 eap_id, m1_attrs, r_nonce, bssid, r_hash1, r_hash2, r_s1, r_s2, raw_m3_attrs, authkey, keywrapkey = wps_to_m3_helper(dev, apdev)
7303 return eap_id, m1_attrs[ATTR_ENROLLEE_NONCE], r_nonce, bssid, r_hash1, r_hash2, r_s1, raw_m3_attrs, authkey, keywrapkey
7304
7305def wps_to_m5(dev, apdev):
7306 eap_id, m1_attrs, r_nonce, bssid, r_hash1, r_hash2, r_s1, r_s2, raw_m3_attrs, authkey, keywrapkey = wps_to_m3_helper(dev, apdev)
7307
7308 logger.debug("Send M4 to STA")
7309 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7310 attrs += build_attr_msg_type(WPS_M4)
7311 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, m1_attrs[ATTR_ENROLLEE_NONCE])
7312 attrs += build_wsc_attr(ATTR_R_HASH1, r_hash1)
7313 attrs += build_wsc_attr(ATTR_R_HASH2, r_hash2)
7314 data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
7315 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
7316 attrs += build_attr_authenticator(authkey, raw_m3_attrs, attrs)
7317 raw_m4_attrs = attrs
7318 m4 = build_eap_wsc(1, eap_id, attrs)
7319 send_wsc_msg(dev[0], bssid, m4)
7320 eap_id = (eap_id + 1) % 256
7321
7322 logger.debug("Receive M5 from STA")
7323 msg, m5_attrs, raw_m5_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M5)
7324
7325 return eap_id, m1_attrs[ATTR_ENROLLEE_NONCE], r_nonce, bssid, r_hash1, r_hash2, r_s2, raw_m5_attrs, authkey, keywrapkey
7326
7327def test_wps_ext_proto_m4_missing_r_hash1(dev, apdev):
7328 """WPS and no R-Hash1 in M4"""
7329 eap_id, e_nonce, r_nonce, bssid, r_hash1, r_hash2, r_s1, m3, authkey, keywrapkey = wps_to_m3(dev, apdev)
7330
7331 logger.debug("Send M4 to STA")
7332 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7333 attrs += build_attr_msg_type(WPS_M4)
7334 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
7335 #attrs += build_wsc_attr(ATTR_R_HASH1, r_hash1)
7336 attrs += build_wsc_attr(ATTR_R_HASH2, r_hash2)
7337 data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
7338 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
7339 attrs += build_attr_authenticator(authkey, m3, attrs)
7340 m4 = build_eap_wsc(1, eap_id, attrs)
7341 send_wsc_msg(dev[0], bssid, m4)
7342 eap_id = (eap_id + 1) % 256
7343
7344 logger.debug("Receive M5 (NACK) from STA")
7345 msg = get_wsc_msg(dev[0])
7346 if msg['wsc_opcode'] != WSC_NACK:
7347 raise Exception("Unexpected message - expected WSC_Nack")
7348
7349 dev[0].request("WPS_CANCEL")
7350 send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
7351 dev[0].wait_disconnected()
7352
7353def test_wps_ext_proto_m4_missing_r_hash2(dev, apdev):
7354 """WPS and no R-Hash2 in M4"""
7355 eap_id, e_nonce, r_nonce, bssid, r_hash1, r_hash2, r_s1, m3, authkey, keywrapkey = wps_to_m3(dev, apdev)
7356
7357 logger.debug("Send M4 to STA")
7358 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7359 attrs += build_attr_msg_type(WPS_M4)
7360 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
7361 attrs += build_wsc_attr(ATTR_R_HASH1, r_hash1)
7362 #attrs += build_wsc_attr(ATTR_R_HASH2, r_hash2)
7363 data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
7364 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
7365 attrs += build_attr_authenticator(authkey, m3, attrs)
7366 m4 = build_eap_wsc(1, eap_id, attrs)
7367 send_wsc_msg(dev[0], bssid, m4)
7368 eap_id = (eap_id + 1) % 256
7369
7370 logger.debug("Receive M5 (NACK) from STA")
7371 msg = get_wsc_msg(dev[0])
7372 if msg['wsc_opcode'] != WSC_NACK:
7373 raise Exception("Unexpected message - expected WSC_Nack")
7374
7375 dev[0].request("WPS_CANCEL")
7376 send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
7377 dev[0].wait_disconnected()
7378
7379def test_wps_ext_proto_m4_missing_r_snonce1(dev, apdev):
7380 """WPS and no R-SNonce1 in M4"""
7381 eap_id, e_nonce, r_nonce, bssid, r_hash1, r_hash2, r_s1, m3, authkey, keywrapkey = wps_to_m3(dev, apdev)
7382
7383 logger.debug("Send M4 to STA")
7384 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7385 attrs += build_attr_msg_type(WPS_M4)
7386 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
7387 attrs += build_wsc_attr(ATTR_R_HASH1, r_hash1)
7388 attrs += build_wsc_attr(ATTR_R_HASH2, r_hash2)
7389 #data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
7390 data = ''
7391 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
7392 attrs += build_attr_authenticator(authkey, m3, attrs)
7393 m4 = build_eap_wsc(1, eap_id, attrs)
7394 send_wsc_msg(dev[0], bssid, m4)
7395 eap_id = (eap_id + 1) % 256
7396
7397 logger.debug("Receive M5 (NACK) from STA")
7398 msg = get_wsc_msg(dev[0])
7399 if msg['wsc_opcode'] != WSC_NACK:
7400 raise Exception("Unexpected message - expected WSC_Nack")
7401
7402 dev[0].request("WPS_CANCEL")
7403 send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
7404 dev[0].wait_disconnected()
7405
7406def test_wps_ext_proto_m4_invalid_pad_string(dev, apdev):
7407 """WPS and invalid pad string in M4"""
7408 eap_id, e_nonce, r_nonce, bssid, r_hash1, r_hash2, r_s1, m3, authkey, keywrapkey = wps_to_m3(dev, apdev)
7409
7410 logger.debug("Send M4 to STA")
7411 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7412 attrs += build_attr_msg_type(WPS_M4)
7413 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
7414 attrs += build_wsc_attr(ATTR_R_HASH1, r_hash1)
7415 attrs += build_wsc_attr(ATTR_R_HASH2, r_hash2)
7416 data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
7417
7418 m = hmac.new(authkey, data, hashlib.sha256)
7419 kwa = m.digest()[0:8]
7420 data += build_wsc_attr(ATTR_KEY_WRAP_AUTH, kwa)
7421 iv = 16*'\x99'
7422 aes = AES.new(keywrapkey, AES.MODE_CBC, iv)
7423 pad_len = 16 - len(data) % 16
7424 ps = (pad_len - 1) * struct.pack('B', pad_len) + struct.pack('B', pad_len - 1)
7425 data += ps
7426 wrapped = aes.encrypt(data)
7427 attrs += build_wsc_attr(ATTR_ENCR_SETTINGS, iv + wrapped)
7428
7429 attrs += build_attr_authenticator(authkey, m3, attrs)
7430 m4 = build_eap_wsc(1, eap_id, attrs)
7431 send_wsc_msg(dev[0], bssid, m4)
7432 eap_id = (eap_id + 1) % 256
7433
7434 logger.debug("Receive M5 (NACK) from STA")
7435 msg = get_wsc_msg(dev[0])
7436 if msg['wsc_opcode'] != WSC_NACK:
7437 raise Exception("Unexpected message - expected WSC_Nack")
7438
7439 dev[0].request("WPS_CANCEL")
7440 send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
7441 dev[0].wait_disconnected()
7442
7443def test_wps_ext_proto_m4_invalid_pad_value(dev, apdev):
7444 """WPS and invalid pad value in M4"""
7445 eap_id, e_nonce, r_nonce, bssid, r_hash1, r_hash2, r_s1, m3, authkey, keywrapkey = wps_to_m3(dev, apdev)
7446
7447 logger.debug("Send M4 to STA")
7448 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7449 attrs += build_attr_msg_type(WPS_M4)
7450 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
7451 attrs += build_wsc_attr(ATTR_R_HASH1, r_hash1)
7452 attrs += build_wsc_attr(ATTR_R_HASH2, r_hash2)
7453 data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
7454
7455 m = hmac.new(authkey, data, hashlib.sha256)
7456 kwa = m.digest()[0:8]
7457 data += build_wsc_attr(ATTR_KEY_WRAP_AUTH, kwa)
7458 iv = 16*'\x99'
7459 aes = AES.new(keywrapkey, AES.MODE_CBC, iv)
7460 pad_len = 16 - len(data) % 16
7461 ps = (pad_len - 1) * struct.pack('B', pad_len) + struct.pack('B', 255)
7462 data += ps
7463 wrapped = aes.encrypt(data)
7464 attrs += build_wsc_attr(ATTR_ENCR_SETTINGS, iv + wrapped)
7465
7466 attrs += build_attr_authenticator(authkey, m3, attrs)
7467 m4 = build_eap_wsc(1, eap_id, attrs)
7468 send_wsc_msg(dev[0], bssid, m4)
7469 eap_id = (eap_id + 1) % 256
7470
7471 logger.debug("Receive M5 (NACK) from STA")
7472 msg = get_wsc_msg(dev[0])
7473 if msg['wsc_opcode'] != WSC_NACK:
7474 raise Exception("Unexpected message - expected WSC_Nack")
7475
7476 dev[0].request("WPS_CANCEL")
7477 send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
7478 dev[0].wait_disconnected()
7479
7480def test_wps_ext_proto_m4_no_encr_settings(dev, apdev):
7481 """WPS and no Encr Settings in M4"""
7482 eap_id, e_nonce, r_nonce, bssid, r_hash1, r_hash2, r_s1, m3, authkey, keywrapkey = wps_to_m3(dev, apdev)
7483
7484 logger.debug("Send M4 to STA")
7485 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7486 attrs += build_attr_msg_type(WPS_M4)
7487 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
7488 attrs += build_wsc_attr(ATTR_R_HASH1, r_hash1)
7489 attrs += build_wsc_attr(ATTR_R_HASH2, r_hash2)
7490 attrs += build_attr_authenticator(authkey, m3, attrs)
7491 m4 = build_eap_wsc(1, eap_id, attrs)
7492 send_wsc_msg(dev[0], bssid, m4)
7493 eap_id = (eap_id + 1) % 256
7494
7495 logger.debug("Receive M5 (NACK) from STA")
7496 msg = get_wsc_msg(dev[0])
7497 if msg['wsc_opcode'] != WSC_NACK:
7498 raise Exception("Unexpected message - expected WSC_Nack")
7499
7500 dev[0].request("WPS_CANCEL")
7501 send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
7502 dev[0].wait_disconnected()
7503
7504def test_wps_ext_proto_m6_missing_r_snonce2(dev, apdev):
7505 """WPS and no R-SNonce2 in M6"""
7506 eap_id, e_nonce, r_nonce, bssid, r_hash1, r_hash2, r_s2, m5, authkey, keywrapkey = wps_to_m5(dev, apdev)
7507
7508 logger.debug("Send M6 to STA")
7509 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7510 attrs += build_attr_msg_type(WPS_M6)
7511 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
7512 #data = build_wsc_attr(ATTR_R_SNONCE2, r_s2)
7513 data = ''
7514 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
7515 attrs += build_attr_authenticator(authkey, m5, attrs)
7516 m6 = build_eap_wsc(1, eap_id, attrs)
7517 send_wsc_msg(dev[0], bssid, m6)
7518 eap_id = (eap_id + 1) % 256
7519
7520 logger.debug("Receive M7 (NACK) from STA")
7521 msg = get_wsc_msg(dev[0])
7522 if msg['wsc_opcode'] != WSC_NACK:
7523 raise Exception("Unexpected message - expected WSC_Nack")
7524
7525 dev[0].request("WPS_CANCEL")
7526 send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
7527 dev[0].wait_disconnected()
7528
7529def test_wps_ext_proto_m6_no_encr_settings(dev, apdev):
7530 """WPS and no Encr Settings in M6"""
7531 eap_id, e_nonce, r_nonce, bssid, r_hash1, r_hash2, r_s2, m5, authkey, keywrapkey = wps_to_m5(dev, apdev)
7532
7533 logger.debug("Send M6 to STA")
7534 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7535 attrs += build_attr_msg_type(WPS_M6)
7536 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
7537 data = build_wsc_attr(ATTR_R_SNONCE2, r_s2)
7538 #attrs += build_attr_encr_settings(authkey, keywrapkey, data)
7539 attrs += build_attr_authenticator(authkey, m5, attrs)
7540 m6 = build_eap_wsc(1, eap_id, attrs)
7541 send_wsc_msg(dev[0], bssid, m6)
7542 eap_id = (eap_id + 1) % 256
7543
7544 logger.debug("Receive M7 (NACK) from STA")
7545 msg = get_wsc_msg(dev[0])
7546 if msg['wsc_opcode'] != WSC_NACK:
7547 raise Exception("Unexpected message - expected WSC_Nack")
7548
7549 dev[0].request("WPS_CANCEL")
7550 send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
7551 dev[0].wait_disconnected()
7552
7553def test_wps_ext_proto_m8_no_encr_settings(dev, apdev):
7554 """WPS and no Encr Settings in M6"""
7555 eap_id, e_nonce, r_nonce, bssid, r_hash1, r_hash2, r_s2, m5, authkey, keywrapkey = wps_to_m5(dev, apdev)
7556
7557 logger.debug("Send M6 to STA")
7558 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7559 attrs += build_attr_msg_type(WPS_M6)
7560 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
7561 data = build_wsc_attr(ATTR_R_SNONCE2, r_s2)
7562 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
7563 attrs += build_attr_authenticator(authkey, m5, attrs)
7564 raw_m6_attrs = attrs
7565 m6 = build_eap_wsc(1, eap_id, attrs)
7566 send_wsc_msg(dev[0], bssid, m6)
7567 eap_id = (eap_id + 1) % 256
7568
7569 logger.debug("Receive M7 from STA")
7570 msg, m7_attrs, raw_m7_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M7)
7571
7572 logger.debug("Send M8 to STA")
7573 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7574 attrs += build_attr_msg_type(WPS_M8)
7575 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
7576 #attrs += build_attr_encr_settings(authkey, keywrapkey, m8_cred)
7577 attrs += build_attr_authenticator(authkey, raw_m7_attrs, attrs)
7578 raw_m8_attrs = attrs
7579 m8 = build_eap_wsc(1, eap_id, attrs)
7580 send_wsc_msg(dev[0], bssid, m8)
7581
7582 logger.debug("Receive WSC_Done (NACK) from STA")
7583 msg = get_wsc_msg(dev[0])
7584 if msg['wsc_opcode'] != WSC_NACK:
7585 raise Exception("Unexpected message - expected WSC_Nack")
7586
7587 dev[0].request("WPS_CANCEL")
7588 send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
7589 dev[0].wait_disconnected()
7590
7591def wps_start_ext_reg(apdev, dev):
7592 addr = dev.own_addr()
7593 bssid = apdev['bssid']
7594 ssid = "test-wps-conf"
7595 appin = "12345670"
7596 params = { "ssid": ssid, "eap_server": "1", "wps_state": "2",
7597 "wpa_passphrase": "12345678", "wpa": "2",
7598 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
7599 "ap_pin": appin }
7600 hapd = hostapd.add_ap(apdev['ifname'], params)
7601
7602 dev.scan_for_bss(bssid, freq="2412")
7603 hapd.request("SET ext_eapol_frame_io 1")
7604 dev.request("SET ext_eapol_frame_io 1")
7605
7606 dev.request("WPS_REG " + bssid + " " + appin)
7607
7608 return addr,bssid,hapd
7609
7610def wps_run_ap_settings_proto(dev, apdev, ap_settings, success):
7611 addr,bssid,hapd = wps_start_ext_reg(apdev[0], dev[0])
7612 wps_ext_eap_identity_req(dev[0], hapd, bssid)
7613 wps_ext_eap_identity_resp(hapd, dev[0], addr)
7614
7615 logger.debug("Receive M1 from AP")
7616 msg, m1_attrs, raw_m1_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M1)
7617 mac_addr = m1_attrs[ATTR_MAC_ADDR]
7618 e_nonce = m1_attrs[ATTR_ENROLLEE_NONCE]
7619 e_pk = m1_attrs[ATTR_PUBLIC_KEY]
7620
7621 appin = '12345670'
7622 uuid_r = 16*'\x33'
7623 r_nonce = 16*'\x44'
7624 own_private, r_pk = wsc_dh_init()
7625 authkey,keywrapkey = wsc_dh_kdf(e_pk, own_private, mac_addr, e_nonce,
7626 r_nonce)
7627 r_s1,r_s2,r_hash1,r_hash2 = wsc_dev_pw_hash(authkey, appin, e_pk, r_pk)
7628
7629 logger.debug("Send M2 to AP")
7630 m2, raw_m2_attrs = build_m2(authkey, raw_m1_attrs, msg['eap_identifier'],
7631 e_nonce, r_nonce, uuid_r, r_pk, eap_code=2)
7632 send_wsc_msg(hapd, addr, m2)
7633
7634 logger.debug("Receive M3 from AP")
7635 msg, m3_attrs, raw_m3_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M3)
7636
7637 logger.debug("Send M4 to AP")
7638 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7639 attrs += build_attr_msg_type(WPS_M4)
7640 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
7641 attrs += build_wsc_attr(ATTR_R_HASH1, r_hash1)
7642 attrs += build_wsc_attr(ATTR_R_HASH2, r_hash2)
7643 data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
7644 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
7645 attrs += build_attr_authenticator(authkey, raw_m3_attrs, attrs)
7646 raw_m4_attrs = attrs
7647 m4 = build_eap_wsc(2, msg['eap_identifier'], attrs)
7648 send_wsc_msg(hapd, addr, m4)
7649
7650 logger.debug("Receive M5 from AP")
7651 msg, m5_attrs, raw_m5_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M5)
7652
7653 logger.debug("Send M6 to STA")
7654 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7655 attrs += build_attr_msg_type(WPS_M6)
7656 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
7657 data = build_wsc_attr(ATTR_R_SNONCE2, r_s2)
7658 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
7659 attrs += build_attr_authenticator(authkey, raw_m5_attrs, attrs)
7660 raw_m6_attrs = attrs
7661 m6 = build_eap_wsc(2, msg['eap_identifier'], attrs)
7662 send_wsc_msg(hapd, addr, m6)
7663
7664 logger.debug("Receive M7 from AP")
7665 msg, m7_attrs, raw_m7_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M7)
7666
7667 logger.debug("Send M8 to STA")
7668 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7669 attrs += build_attr_msg_type(WPS_M8)
7670 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
7671 if ap_settings:
7672 attrs += build_attr_encr_settings(authkey, keywrapkey, ap_settings)
7673 attrs += build_attr_authenticator(authkey, raw_m7_attrs, attrs)
7674 raw_m8_attrs = attrs
7675 m8 = build_eap_wsc(2, msg['eap_identifier'], attrs)
7676 send_wsc_msg(hapd, addr, m8)
7677
7678 if success:
7679 ev = hapd.wait_event(["WPS-NEW-AP-SETTINGS"], timeout=5)
7680 if ev is None:
7681 raise Exception("New AP settings not reported")
7682 logger.debug("Receive WSC_Done from AP")
7683 msg = get_wsc_msg(hapd)
7684 if msg['wsc_opcode'] != WSC_Done:
7685 raise Exception("Unexpected message - expected WSC_Done")
7686
7687 logger.debug("Send WSC_ACK to AP")
7688 ack,attrs = build_ack(msg['eap_identifier'], e_nonce, r_nonce,
7689 eap_code=2)
7690 send_wsc_msg(hapd, addr, ack)
7691 dev[0].wait_disconnected()
7692 else:
7693 ev = hapd.wait_event(["WPS-FAIL"], timeout=5)
7694 if ev is None:
7695 raise Exception("WPS failure not reported")
7696 logger.debug("Receive WSC_NACK from AP")
7697 msg = get_wsc_msg(hapd)
7698 if msg['wsc_opcode'] != WSC_NACK:
7699 raise Exception("Unexpected message - expected WSC_NACK")
7700
7701 logger.debug("Send WSC_NACK to AP")
7702 nack,attrs = build_nack(msg['eap_identifier'], e_nonce, r_nonce,
7703 eap_code=2)
7704 send_wsc_msg(hapd, addr, nack)
7705 dev[0].wait_disconnected()
7706
7707def test_wps_ext_ap_settings_success(dev, apdev):
7708 """WPS and AP Settings: success"""
7709 ap_settings = build_wsc_attr(ATTR_NETWORK_INDEX, '\x01')
7710 ap_settings += build_wsc_attr(ATTR_SSID, "test")
7711 ap_settings += build_wsc_attr(ATTR_AUTH_TYPE, '\x00\x01')
7712 ap_settings += build_wsc_attr(ATTR_ENCR_TYPE, '\x00\x01')
7713 ap_settings += build_wsc_attr(ATTR_NETWORK_KEY, '')
7714 ap_settings += build_wsc_attr(ATTR_MAC_ADDR, binascii.unhexlify(apdev[0]['bssid'].replace(':', '')))
7715 wps_run_ap_settings_proto(dev, apdev, ap_settings, True)
7716
7717def test_wps_ext_ap_settings_missing(dev, apdev):
7718 """WPS and AP Settings: missing"""
7719 wps_run_ap_settings_proto(dev, apdev, None, False)
7720
7721def test_wps_ext_ap_settings_mac_addr_mismatch(dev, apdev):
7722 """WPS and AP Settings: MAC Address mismatch"""
7723 ap_settings = build_wsc_attr(ATTR_NETWORK_INDEX, '\x01')
7724 ap_settings += build_wsc_attr(ATTR_SSID, "test")
7725 ap_settings += build_wsc_attr(ATTR_AUTH_TYPE, '\x00\x01')
7726 ap_settings += build_wsc_attr(ATTR_ENCR_TYPE, '\x00\x01')
7727 ap_settings += build_wsc_attr(ATTR_NETWORK_KEY, '')
7728 ap_settings += build_wsc_attr(ATTR_MAC_ADDR, '\x00\x00\x00\x00\x00\x00')
7729 wps_run_ap_settings_proto(dev, apdev, ap_settings, True)
7730
7731def test_wps_ext_ap_settings_mac_addr_missing(dev, apdev):
7732 """WPS and AP Settings: missing MAC Address"""
7733 ap_settings = build_wsc_attr(ATTR_NETWORK_INDEX, '\x01')
7734 ap_settings += build_wsc_attr(ATTR_SSID, "test")
7735 ap_settings += build_wsc_attr(ATTR_AUTH_TYPE, '\x00\x01')
7736 ap_settings += build_wsc_attr(ATTR_ENCR_TYPE, '\x00\x01')
7737 ap_settings += build_wsc_attr(ATTR_NETWORK_KEY, '')
7738 wps_run_ap_settings_proto(dev, apdev, ap_settings, False)
7739
7740def test_wps_ext_ap_settings_reject_encr_type(dev, apdev):
7741 """WPS and AP Settings: reject Encr Type"""
7742 ap_settings = build_wsc_attr(ATTR_NETWORK_INDEX, '\x01')
7743 ap_settings += build_wsc_attr(ATTR_SSID, "test")
7744 ap_settings += build_wsc_attr(ATTR_AUTH_TYPE, '\x00\x01')
7745 ap_settings += build_wsc_attr(ATTR_ENCR_TYPE, '\x00\x00')
7746 ap_settings += build_wsc_attr(ATTR_NETWORK_KEY, '')
7747 ap_settings += build_wsc_attr(ATTR_MAC_ADDR, binascii.unhexlify(apdev[0]['bssid'].replace(':', '')))
7748 wps_run_ap_settings_proto(dev, apdev, ap_settings, False)
7749
7750def test_wps_ext_ap_settings_m2d(dev, apdev):
7751 """WPS and AP Settings: M2D"""
7752 addr,bssid,hapd = wps_start_ext_reg(apdev[0], dev[0])
7753 wps_ext_eap_identity_req(dev[0], hapd, bssid)
7754 wps_ext_eap_identity_resp(hapd, dev[0], addr)
7755
7756 logger.debug("Receive M1 from AP")
7757 msg, m1_attrs, raw_m1_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M1)
7758 e_nonce = m1_attrs[ATTR_ENROLLEE_NONCE]
7759
7760 r_nonce = 16*'\x44'
7761 uuid_r = 16*'\x33'
7762
7763 logger.debug("Send M2D to AP")
7764 m2d, raw_m2d_attrs = build_m2d(raw_m1_attrs, msg['eap_identifier'],
7765 e_nonce, r_nonce, uuid_r,
7766 dev_pw_id='\x00\x00', eap_code=2)
7767 send_wsc_msg(hapd, addr, m2d)
7768
7769 ev = hapd.wait_event(["WPS-M2D"], timeout=5)
7770 if ev is None:
7771 raise Exception("M2D not reported")
7772
7773 wps_wait_ap_nack(hapd, dev[0], e_nonce, r_nonce)
7774
7775def wps_wait_ap_nack(hapd, dev, e_nonce, r_nonce):
7776 logger.debug("Receive WSC_NACK from AP")
7777 msg = get_wsc_msg(hapd)
7778 if msg['wsc_opcode'] != WSC_NACK:
7779 raise Exception("Unexpected message - expected WSC_NACK")
7780
7781 logger.debug("Send WSC_NACK to AP")
7782 nack,attrs = build_nack(msg['eap_identifier'], e_nonce, r_nonce,
7783 eap_code=2)
7784 send_wsc_msg(hapd, dev.own_addr(), nack)
7785 dev.wait_disconnected()
7786
7787def test_wps_ext_m3_missing_e_hash1(dev, apdev):
7788 """WPS proto: M3 missing E-Hash1"""
7789 pin = "12345670"
7790 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
7791 wps_ext_eap_identity_req(dev[0], hapd, bssid)
7792 wps_ext_eap_identity_resp(hapd, dev[0], addr)
7793
7794 logger.debug("Receive WSC/Start from AP")
7795 msg = get_wsc_msg(hapd)
7796 if msg['wsc_opcode'] != WSC_Start:
7797 raise Exception("Unexpected Op-Code for WSC/Start")
7798
7799 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
7800 uuid_e = 16*'\x11'
7801 e_nonce = 16*'\x22'
7802 own_private, e_pk = wsc_dh_init()
7803
7804 logger.debug("Send M1 to AP")
7805 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
7806 e_nonce, e_pk)
7807 send_wsc_msg(hapd, addr, m1)
7808
7809 logger.debug("Receive M2 from AP")
7810 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
7811 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
7812 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
7813
7814 authkey,keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
7815 r_nonce)
7816 e_s1,e_s2,e_hash1,e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
7817
7818 logger.debug("Send M3 to AP")
7819 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7820 attrs += build_attr_msg_type(WPS_M3)
7821 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
7822 #attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
7823 attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
7824 attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
7825 raw_m3_attrs = attrs
7826 m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
7827 send_wsc_msg(hapd, addr, m3)
7828
7829 wps_wait_ap_nack(hapd, dev[0], e_nonce, r_nonce)
7830
7831def test_wps_ext_m3_missing_e_hash2(dev, apdev):
7832 """WPS proto: M3 missing E-Hash2"""
7833 pin = "12345670"
7834 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
7835 wps_ext_eap_identity_req(dev[0], hapd, bssid)
7836 wps_ext_eap_identity_resp(hapd, dev[0], addr)
7837
7838 logger.debug("Receive WSC/Start from AP")
7839 msg = get_wsc_msg(hapd)
7840 if msg['wsc_opcode'] != WSC_Start:
7841 raise Exception("Unexpected Op-Code for WSC/Start")
7842
7843 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
7844 uuid_e = 16*'\x11'
7845 e_nonce = 16*'\x22'
7846 own_private, e_pk = wsc_dh_init()
7847
7848 logger.debug("Send M1 to AP")
7849 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
7850 e_nonce, e_pk)
7851 send_wsc_msg(hapd, addr, m1)
7852
7853 logger.debug("Receive M2 from AP")
7854 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
7855 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
7856 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
7857
7858 authkey,keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
7859 r_nonce)
7860 e_s1,e_s2,e_hash1,e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
7861
7862 logger.debug("Send M3 to AP")
7863 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7864 attrs += build_attr_msg_type(WPS_M3)
7865 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
7866 attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
7867 #attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
7868 attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
7869 raw_m3_attrs = attrs
7870 m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
7871 send_wsc_msg(hapd, addr, m3)
7872
7873 wps_wait_ap_nack(hapd, dev[0], e_nonce, r_nonce)
7874
7875def test_wps_ext_m5_missing_e_snonce1(dev, apdev):
7876 """WPS proto: M5 missing E-SNonce1"""
7877 pin = "12345670"
7878 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
7879 wps_ext_eap_identity_req(dev[0], hapd, bssid)
7880 wps_ext_eap_identity_resp(hapd, dev[0], addr)
7881
7882 logger.debug("Receive WSC/Start from AP")
7883 msg = get_wsc_msg(hapd)
7884 if msg['wsc_opcode'] != WSC_Start:
7885 raise Exception("Unexpected Op-Code for WSC/Start")
7886
7887 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
7888 uuid_e = 16*'\x11'
7889 e_nonce = 16*'\x22'
7890 own_private, e_pk = wsc_dh_init()
7891
7892 logger.debug("Send M1 to AP")
7893 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
7894 e_nonce, e_pk)
7895 send_wsc_msg(hapd, addr, m1)
7896
7897 logger.debug("Receive M2 from AP")
7898 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
7899 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
7900 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
7901
7902 authkey,keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
7903 r_nonce)
7904 e_s1,e_s2,e_hash1,e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
7905
7906 logger.debug("Send M3 to AP")
7907 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7908 attrs += build_attr_msg_type(WPS_M3)
7909 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
7910 attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
7911 attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
7912 attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
7913 raw_m3_attrs = attrs
7914 m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
7915 send_wsc_msg(hapd, addr, m3)
7916
7917 logger.debug("Receive M4 from AP")
7918 msg, m4_attrs, raw_m4_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M4)
7919
7920 logger.debug("Send M5 to AP")
7921 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7922 attrs += build_attr_msg_type(WPS_M5)
7923 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
7924 #data = build_wsc_attr(ATTR_E_SNONCE1, e_s1)
7925 data = ''
7926 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
7927 attrs += build_attr_authenticator(authkey, raw_m4_attrs, attrs)
7928 raw_m5_attrs = attrs
7929 m5 = build_eap_wsc(2, msg['eap_identifier'], attrs)
7930 send_wsc_msg(hapd, addr, m5)
7931
7932 wps_wait_ap_nack(hapd, dev[0], e_nonce, r_nonce)
7933
7934def test_wps_ext_m5_e_snonce1_mismatch(dev, apdev):
7935 """WPS proto: M5 E-SNonce1 mismatch"""
7936 pin = "12345670"
7937 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
7938 wps_ext_eap_identity_req(dev[0], hapd, bssid)
7939 wps_ext_eap_identity_resp(hapd, dev[0], addr)
7940
7941 logger.debug("Receive WSC/Start from AP")
7942 msg = get_wsc_msg(hapd)
7943 if msg['wsc_opcode'] != WSC_Start:
7944 raise Exception("Unexpected Op-Code for WSC/Start")
7945
7946 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
7947 uuid_e = 16*'\x11'
7948 e_nonce = 16*'\x22'
7949 own_private, e_pk = wsc_dh_init()
7950
7951 logger.debug("Send M1 to AP")
7952 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
7953 e_nonce, e_pk)
7954 send_wsc_msg(hapd, addr, m1)
7955
7956 logger.debug("Receive M2 from AP")
7957 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
7958 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
7959 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
7960
7961 authkey,keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
7962 r_nonce)
7963 e_s1,e_s2,e_hash1,e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
7964
7965 logger.debug("Send M3 to AP")
7966 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7967 attrs += build_attr_msg_type(WPS_M3)
7968 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
7969 attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
7970 attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
7971 attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
7972 raw_m3_attrs = attrs
7973 m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
7974 send_wsc_msg(hapd, addr, m3)
7975
7976 logger.debug("Receive M4 from AP")
7977 msg, m4_attrs, raw_m4_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M4)
7978
7979 logger.debug("Send M5 to AP")
7980 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7981 attrs += build_attr_msg_type(WPS_M5)
7982 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
7983 data = build_wsc_attr(ATTR_E_SNONCE1, 16*'\x00')
7984 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
7985 attrs += build_attr_authenticator(authkey, raw_m4_attrs, attrs)
7986 raw_m5_attrs = attrs
7987 m5 = build_eap_wsc(2, msg['eap_identifier'], attrs)
7988 send_wsc_msg(hapd, addr, m5)
7989
7990 wps_wait_ap_nack(hapd, dev[0], e_nonce, r_nonce)
7991
7992def test_wps_ext_m7_missing_e_snonce2(dev, apdev):
7993 """WPS proto: M7 missing E-SNonce2"""
7994 pin = "12345670"
7995 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
7996 wps_ext_eap_identity_req(dev[0], hapd, bssid)
7997 wps_ext_eap_identity_resp(hapd, dev[0], addr)
7998
7999 logger.debug("Receive WSC/Start from AP")
8000 msg = get_wsc_msg(hapd)
8001 if msg['wsc_opcode'] != WSC_Start:
8002 raise Exception("Unexpected Op-Code for WSC/Start")
8003
8004 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8005 uuid_e = 16*'\x11'
8006 e_nonce = 16*'\x22'
8007 own_private, e_pk = wsc_dh_init()
8008
8009 logger.debug("Send M1 to AP")
8010 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8011 e_nonce, e_pk)
8012 send_wsc_msg(hapd, addr, m1)
8013
8014 logger.debug("Receive M2 from AP")
8015 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8016 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8017 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8018
8019 authkey,keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8020 r_nonce)
8021 e_s1,e_s2,e_hash1,e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8022
8023 logger.debug("Send M3 to AP")
8024 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8025 attrs += build_attr_msg_type(WPS_M3)
8026 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8027 attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
8028 attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
8029 attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
8030 raw_m3_attrs = attrs
8031 m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
8032 send_wsc_msg(hapd, addr, m3)
8033
8034 logger.debug("Receive M4 from AP")
8035 msg, m4_attrs, raw_m4_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M4)
8036
8037 logger.debug("Send M5 to AP")
8038 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8039 attrs += build_attr_msg_type(WPS_M5)
8040 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8041 data = build_wsc_attr(ATTR_E_SNONCE1, e_s1)
8042 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
8043 attrs += build_attr_authenticator(authkey, raw_m4_attrs, attrs)
8044 raw_m5_attrs = attrs
8045 m5 = build_eap_wsc(2, msg['eap_identifier'], attrs)
8046 send_wsc_msg(hapd, addr, m5)
8047
8048 logger.debug("Receive M6 from AP")
8049 msg, m6_attrs, raw_m6_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M6)
8050
8051 logger.debug("Send M7 to AP")
8052 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8053 attrs += build_attr_msg_type(WPS_M7)
8054 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8055 #data = build_wsc_attr(ATTR_E_SNONCE2, e_s2)
8056 data = ''
8057 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
8058 attrs += build_attr_authenticator(authkey, raw_m6_attrs, attrs)
8059 m7 = build_eap_wsc(2, msg['eap_identifier'], attrs)
8060 raw_m7_attrs = attrs
8061 send_wsc_msg(hapd, addr, m7)
8062
8063 wps_wait_ap_nack(hapd, dev[0], e_nonce, r_nonce)
8064
8065def test_wps_ext_m7_e_snonce2_mismatch(dev, apdev):
8066 """WPS proto: M7 E-SNonce2 mismatch"""
8067 pin = "12345670"
8068 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8069 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8070 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8071
8072 logger.debug("Receive WSC/Start from AP")
8073 msg = get_wsc_msg(hapd)
8074 if msg['wsc_opcode'] != WSC_Start:
8075 raise Exception("Unexpected Op-Code for WSC/Start")
8076
8077 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8078 uuid_e = 16*'\x11'
8079 e_nonce = 16*'\x22'
8080 own_private, e_pk = wsc_dh_init()
8081
8082 logger.debug("Send M1 to AP")
8083 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8084 e_nonce, e_pk)
8085 send_wsc_msg(hapd, addr, m1)
8086
8087 logger.debug("Receive M2 from AP")
8088 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8089 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8090 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8091
8092 authkey,keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8093 r_nonce)
8094 e_s1,e_s2,e_hash1,e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8095
8096 logger.debug("Send M3 to AP")
8097 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8098 attrs += build_attr_msg_type(WPS_M3)
8099 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8100 attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
8101 attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
8102 attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
8103 raw_m3_attrs = attrs
8104 m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
8105 send_wsc_msg(hapd, addr, m3)
8106
8107 logger.debug("Receive M4 from AP")
8108 msg, m4_attrs, raw_m4_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M4)
8109
8110 logger.debug("Send M5 to AP")
8111 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8112 attrs += build_attr_msg_type(WPS_M5)
8113 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8114 data = build_wsc_attr(ATTR_E_SNONCE1, e_s1)
8115 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
8116 attrs += build_attr_authenticator(authkey, raw_m4_attrs, attrs)
8117 raw_m5_attrs = attrs
8118 m5 = build_eap_wsc(2, msg['eap_identifier'], attrs)
8119 send_wsc_msg(hapd, addr, m5)
8120
8121 logger.debug("Receive M6 from AP")
8122 msg, m6_attrs, raw_m6_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M6)
8123
8124 logger.debug("Send M7 to AP")
8125 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8126 attrs += build_attr_msg_type(WPS_M7)
8127 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8128 data = build_wsc_attr(ATTR_E_SNONCE2, 16*'\x00')
8129 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
8130 attrs += build_attr_authenticator(authkey, raw_m6_attrs, attrs)
8131 m7 = build_eap_wsc(2, msg['eap_identifier'], attrs)
8132 raw_m7_attrs = attrs
8133 send_wsc_msg(hapd, addr, m7)
8134
8135 wps_wait_ap_nack(hapd, dev[0], e_nonce, r_nonce)
8136
8137def test_wps_ext_m1_pubkey_oom(dev, apdev):
8138 """WPS proto: M1 PubKey OOM"""
8139 pin = "12345670"
8140 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8141 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8142 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8143
8144 logger.debug("Receive WSC/Start from AP")
8145 msg = get_wsc_msg(hapd)
8146 if msg['wsc_opcode'] != WSC_Start:
8147 raise Exception("Unexpected Op-Code for WSC/Start")
8148
8149 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8150 uuid_e = 16*'\x11'
8151 e_nonce = 16*'\x22'
8152 own_private, e_pk = wsc_dh_init()
8153
8154 logger.debug("Send M1 to AP")
8155 with alloc_fail(hapd, 1, "wpabuf_alloc_copy;wps_process_pubkey"):
8156 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8157 e_nonce, e_pk)
8158 send_wsc_msg(hapd, addr, m1)
8159 wps_wait_eap_failure(hapd, dev[0])
8160
8161def wps_wait_eap_failure(hapd, dev):
8162 ev = hapd.wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=5)
8163 if ev is None:
8164 raise Exception("EAP-Failure not reported")
8165 dev.wait_disconnected()
8166
8167def test_wps_ext_m3_m1(dev, apdev):
8168 """WPS proto: M3 replaced with M1"""
8169 pin = "12345670"
8170 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8171 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8172 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8173
8174 logger.debug("Receive WSC/Start from AP")
8175 msg = get_wsc_msg(hapd)
8176 if msg['wsc_opcode'] != WSC_Start:
8177 raise Exception("Unexpected Op-Code for WSC/Start")
8178
8179 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8180 uuid_e = 16*'\x11'
8181 e_nonce = 16*'\x22'
8182 own_private, e_pk = wsc_dh_init()
8183
8184 logger.debug("Send M1 to AP")
8185 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8186 e_nonce, e_pk)
8187 send_wsc_msg(hapd, addr, m1)
8188
8189 logger.debug("Receive M2 from AP")
8190 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8191 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8192 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8193
8194 authkey,keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8195 r_nonce)
8196 e_s1,e_s2,e_hash1,e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8197
8198 logger.debug("Send M3(M1) to AP")
8199 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8200 attrs += build_attr_msg_type(WPS_M1)
8201 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8202 attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
8203 attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
8204 attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
8205 raw_m3_attrs = attrs
8206 m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
8207 send_wsc_msg(hapd, addr, m3)
8208
8209 wps_wait_eap_failure(hapd, dev[0])
8210
8211def test_wps_ext_m5_m3(dev, apdev):
8212 """WPS proto: M5 replaced with M3"""
8213 pin = "12345670"
8214 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8215 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8216 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8217
8218 logger.debug("Receive WSC/Start from AP")
8219 msg = get_wsc_msg(hapd)
8220 if msg['wsc_opcode'] != WSC_Start:
8221 raise Exception("Unexpected Op-Code for WSC/Start")
8222
8223 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8224 uuid_e = 16*'\x11'
8225 e_nonce = 16*'\x22'
8226 own_private, e_pk = wsc_dh_init()
8227
8228 logger.debug("Send M1 to AP")
8229 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8230 e_nonce, e_pk)
8231 send_wsc_msg(hapd, addr, m1)
8232
8233 logger.debug("Receive M2 from AP")
8234 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8235 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8236 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8237
8238 authkey,keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8239 r_nonce)
8240 e_s1,e_s2,e_hash1,e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8241
8242 logger.debug("Send M3 to AP")
8243 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8244 attrs += build_attr_msg_type(WPS_M3)
8245 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8246 attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
8247 attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
8248 attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
8249 raw_m3_attrs = attrs
8250 m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
8251 send_wsc_msg(hapd, addr, m3)
8252
8253 logger.debug("Receive M4 from AP")
8254 msg, m4_attrs, raw_m4_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M4)
8255
8256 logger.debug("Send M5(M3) to AP")
8257 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8258 attrs += build_attr_msg_type(WPS_M3)
8259 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8260 data = build_wsc_attr(ATTR_E_SNONCE1, e_s1)
8261 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
8262 attrs += build_attr_authenticator(authkey, raw_m4_attrs, attrs)
8263 raw_m5_attrs = attrs
8264 m5 = build_eap_wsc(2, msg['eap_identifier'], attrs)
8265 send_wsc_msg(hapd, addr, m5)
8266
8267 wps_wait_ap_nack(hapd, dev[0], e_nonce, r_nonce)
8268
8269def test_wps_ext_m3_m2(dev, apdev):
8270 """WPS proto: M3 replaced with M2"""
8271 pin = "12345670"
8272 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8273 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8274 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8275
8276 logger.debug("Receive WSC/Start from AP")
8277 msg = get_wsc_msg(hapd)
8278 if msg['wsc_opcode'] != WSC_Start:
8279 raise Exception("Unexpected Op-Code for WSC/Start")
8280
8281 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8282 uuid_e = 16*'\x11'
8283 e_nonce = 16*'\x22'
8284 own_private, e_pk = wsc_dh_init()
8285
8286 logger.debug("Send M1 to AP")
8287 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8288 e_nonce, e_pk)
8289 send_wsc_msg(hapd, addr, m1)
8290
8291 logger.debug("Receive M2 from AP")
8292 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8293 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8294 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8295
8296 authkey,keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8297 r_nonce)
8298 e_s1,e_s2,e_hash1,e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8299
8300 logger.debug("Send M3(M2) to AP")
8301 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8302 attrs += build_attr_msg_type(WPS_M2)
8303 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8304 attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
8305 raw_m3_attrs = attrs
8306 m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
8307 send_wsc_msg(hapd, addr, m3)
8308
8309 wps_wait_eap_failure(hapd, dev[0])
8310
8311def test_wps_ext_m3_m5(dev, apdev):
8312 """WPS proto: M3 replaced with M5"""
8313 pin = "12345670"
8314 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8315 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8316 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8317
8318 logger.debug("Receive WSC/Start from AP")
8319 msg = get_wsc_msg(hapd)
8320 if msg['wsc_opcode'] != WSC_Start:
8321 raise Exception("Unexpected Op-Code for WSC/Start")
8322
8323 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8324 uuid_e = 16*'\x11'
8325 e_nonce = 16*'\x22'
8326 own_private, e_pk = wsc_dh_init()
8327
8328 logger.debug("Send M1 to AP")
8329 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8330 e_nonce, e_pk)
8331 send_wsc_msg(hapd, addr, m1)
8332
8333 logger.debug("Receive M2 from AP")
8334 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8335 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8336 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8337
8338 authkey,keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8339 r_nonce)
8340 e_s1,e_s2,e_hash1,e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8341
8342 logger.debug("Send M3(M5) to AP")
8343 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8344 attrs += build_attr_msg_type(WPS_M5)
8345 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8346 attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
8347 attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
8348 attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
8349 raw_m3_attrs = attrs
8350 m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
8351 send_wsc_msg(hapd, addr, m3)
8352
8353 wps_wait_ap_nack(hapd, dev[0], e_nonce, r_nonce)
8354
8355def test_wps_ext_m3_m7(dev, apdev):
8356 """WPS proto: M3 replaced with M7"""
8357 pin = "12345670"
8358 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8359 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8360 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8361
8362 logger.debug("Receive WSC/Start from AP")
8363 msg = get_wsc_msg(hapd)
8364 if msg['wsc_opcode'] != WSC_Start:
8365 raise Exception("Unexpected Op-Code for WSC/Start")
8366
8367 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8368 uuid_e = 16*'\x11'
8369 e_nonce = 16*'\x22'
8370 own_private, e_pk = wsc_dh_init()
8371
8372 logger.debug("Send M1 to AP")
8373 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8374 e_nonce, e_pk)
8375 send_wsc_msg(hapd, addr, m1)
8376
8377 logger.debug("Receive M2 from AP")
8378 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8379 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8380 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8381
8382 authkey,keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8383 r_nonce)
8384 e_s1,e_s2,e_hash1,e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8385
8386 logger.debug("Send M3(M7) to AP")
8387 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8388 attrs += build_attr_msg_type(WPS_M7)
8389 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8390 attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
8391 attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
8392 attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
8393 raw_m3_attrs = attrs
8394 m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
8395 send_wsc_msg(hapd, addr, m3)
8396
8397 wps_wait_ap_nack(hapd, dev[0], e_nonce, r_nonce)
8398
8399def test_wps_ext_m3_done(dev, apdev):
8400 """WPS proto: M3 replaced with WSC_Done"""
8401 pin = "12345670"
8402 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8403 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8404 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8405
8406 logger.debug("Receive WSC/Start from AP")
8407 msg = get_wsc_msg(hapd)
8408 if msg['wsc_opcode'] != WSC_Start:
8409 raise Exception("Unexpected Op-Code for WSC/Start")
8410
8411 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8412 uuid_e = 16*'\x11'
8413 e_nonce = 16*'\x22'
8414 own_private, e_pk = wsc_dh_init()
8415
8416 logger.debug("Send M1 to AP")
8417 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8418 e_nonce, e_pk)
8419 send_wsc_msg(hapd, addr, m1)
8420
8421 logger.debug("Receive M2 from AP")
8422 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8423 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8424 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8425
8426 authkey,keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8427 r_nonce)
8428 e_s1,e_s2,e_hash1,e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8429
8430 logger.debug("Send M3(WSC_Done) to AP")
8431 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8432 attrs += build_attr_msg_type(WPS_WSC_DONE)
8433 attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
8434 raw_m3_attrs = attrs
8435 m3 = build_eap_wsc(2, msg['eap_identifier'], attrs, opcode=WSC_Done)
8436 send_wsc_msg(hapd, addr, m3)
8437
8438 wps_wait_eap_failure(hapd, dev[0])
8439
8440def test_wps_ext_m2_nack_invalid(dev, apdev):
8441 """WPS proto: M2 followed by invalid NACK"""
8442 pin = "12345670"
8443 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8444 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8445 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8446
8447 logger.debug("Receive WSC/Start from AP")
8448 msg = get_wsc_msg(hapd)
8449 if msg['wsc_opcode'] != WSC_Start:
8450 raise Exception("Unexpected Op-Code for WSC/Start")
8451
8452 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8453 uuid_e = 16*'\x11'
8454 e_nonce = 16*'\x22'
8455 own_private, e_pk = wsc_dh_init()
8456
8457 logger.debug("Send M1 to AP")
8458 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8459 e_nonce, e_pk)
8460 send_wsc_msg(hapd, addr, m1)
8461
8462 logger.debug("Receive M2 from AP")
8463 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8464 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8465 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8466
8467 authkey,keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8468 r_nonce)
8469 e_s1,e_s2,e_hash1,e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8470
8471 logger.debug("Send WSC_NACK to AP")
8472 attrs = '\x10\x00\x00'
8473 nack = build_eap_wsc(2, msg['eap_identifier'], attrs, opcode=WSC_NACK)
8474 send_wsc_msg(hapd, addr, nack)
8475
8476 wps_wait_eap_failure(hapd, dev[0])
8477
8478def test_wps_ext_m2_nack_no_msg_type(dev, apdev):
8479 """WPS proto: M2 followed by NACK without Msg Type"""
8480 pin = "12345670"
8481 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8482 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8483 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8484
8485 logger.debug("Receive WSC/Start from AP")
8486 msg = get_wsc_msg(hapd)
8487 if msg['wsc_opcode'] != WSC_Start:
8488 raise Exception("Unexpected Op-Code for WSC/Start")
8489
8490 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8491 uuid_e = 16*'\x11'
8492 e_nonce = 16*'\x22'
8493 own_private, e_pk = wsc_dh_init()
8494
8495 logger.debug("Send M1 to AP")
8496 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8497 e_nonce, e_pk)
8498 send_wsc_msg(hapd, addr, m1)
8499
8500 logger.debug("Receive M2 from AP")
8501 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8502 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8503 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8504
8505 authkey,keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8506 r_nonce)
8507 e_s1,e_s2,e_hash1,e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8508
8509 logger.debug("Send WSC_NACK to AP")
8510 nack,attrs = build_nack(msg['eap_identifier'], e_nonce, r_nonce,
8511 msg_type=None, eap_code=2)
8512 send_wsc_msg(hapd, addr, nack)
8513
8514 wps_wait_eap_failure(hapd, dev[0])
8515
8516def test_wps_ext_m2_nack_invalid_msg_type(dev, apdev):
8517 """WPS proto: M2 followed by NACK with invalid Msg Type"""
8518 pin = "12345670"
8519 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8520 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8521 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8522
8523 logger.debug("Receive WSC/Start from AP")
8524 msg = get_wsc_msg(hapd)
8525 if msg['wsc_opcode'] != WSC_Start:
8526 raise Exception("Unexpected Op-Code for WSC/Start")
8527
8528 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8529 uuid_e = 16*'\x11'
8530 e_nonce = 16*'\x22'
8531 own_private, e_pk = wsc_dh_init()
8532
8533 logger.debug("Send M1 to AP")
8534 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8535 e_nonce, e_pk)
8536 send_wsc_msg(hapd, addr, m1)
8537
8538 logger.debug("Receive M2 from AP")
8539 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8540 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8541 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8542
8543 authkey,keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8544 r_nonce)
8545 e_s1,e_s2,e_hash1,e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8546
8547 logger.debug("Send WSC_NACK to AP")
8548 nack,attrs = build_nack(msg['eap_identifier'], e_nonce, r_nonce,
8549 msg_type=WPS_WSC_ACK, eap_code=2)
8550 send_wsc_msg(hapd, addr, nack)
8551
8552 wps_wait_eap_failure(hapd, dev[0])
8553
8554def test_wps_ext_m2_nack_e_nonce_mismatch(dev, apdev):
8555 """WPS proto: M2 followed by NACK with e-nonce mismatch"""
8556 pin = "12345670"
8557 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8558 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8559 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8560
8561 logger.debug("Receive WSC/Start from AP")
8562 msg = get_wsc_msg(hapd)
8563 if msg['wsc_opcode'] != WSC_Start:
8564 raise Exception("Unexpected Op-Code for WSC/Start")
8565
8566 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8567 uuid_e = 16*'\x11'
8568 e_nonce = 16*'\x22'
8569 own_private, e_pk = wsc_dh_init()
8570
8571 logger.debug("Send M1 to AP")
8572 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8573 e_nonce, e_pk)
8574 send_wsc_msg(hapd, addr, m1)
8575
8576 logger.debug("Receive M2 from AP")
8577 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8578 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8579 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8580
8581 authkey,keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8582 r_nonce)
8583 e_s1,e_s2,e_hash1,e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8584
8585 logger.debug("Send WSC_NACK to AP")
8586 nack,attrs = build_nack(msg['eap_identifier'], 16*'\x00', r_nonce,
8587 eap_code=2)
8588 send_wsc_msg(hapd, addr, nack)
8589
8590 wps_wait_eap_failure(hapd, dev[0])
8591
8592def test_wps_ext_m2_nack_no_config_error(dev, apdev):
8593 """WPS proto: M2 followed by NACK without Config Error"""
8594 pin = "12345670"
8595 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8596 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8597 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8598
8599 logger.debug("Receive WSC/Start from AP")
8600 msg = get_wsc_msg(hapd)
8601 if msg['wsc_opcode'] != WSC_Start:
8602 raise Exception("Unexpected Op-Code for WSC/Start")
8603
8604 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8605 uuid_e = 16*'\x11'
8606 e_nonce = 16*'\x22'
8607 own_private, e_pk = wsc_dh_init()
8608
8609 logger.debug("Send M1 to AP")
8610 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8611 e_nonce, e_pk)
8612 send_wsc_msg(hapd, addr, m1)
8613
8614 logger.debug("Receive M2 from AP")
8615 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8616 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8617 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8618
8619 authkey,keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8620 r_nonce)
8621 e_s1,e_s2,e_hash1,e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8622
8623 logger.debug("Send WSC_NACK to AP")
8624 nack,attrs = build_nack(msg['eap_identifier'], e_nonce, r_nonce,
8625 config_error=None, eap_code=2)
8626 send_wsc_msg(hapd, addr, nack)
8627
8628 wps_wait_eap_failure(hapd, dev[0])
8629
8630def test_wps_ext_m2_ack_invalid(dev, apdev):
8631 """WPS proto: M2 followed by invalid ACK"""
8632 pin = "12345670"
8633 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8634 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8635 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8636
8637 logger.debug("Receive WSC/Start from AP")
8638 msg = get_wsc_msg(hapd)
8639 if msg['wsc_opcode'] != WSC_Start:
8640 raise Exception("Unexpected Op-Code for WSC/Start")
8641
8642 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8643 uuid_e = 16*'\x11'
8644 e_nonce = 16*'\x22'
8645 own_private, e_pk = wsc_dh_init()
8646
8647 logger.debug("Send M1 to AP")
8648 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8649 e_nonce, e_pk)
8650 send_wsc_msg(hapd, addr, m1)
8651
8652 logger.debug("Receive M2 from AP")
8653 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8654 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8655 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8656
8657 authkey,keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8658 r_nonce)
8659 e_s1,e_s2,e_hash1,e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8660
8661 logger.debug("Send WSC_ACK to AP")
8662 attrs = '\x10\x00\x00'
8663 ack = build_eap_wsc(2, msg['eap_identifier'], attrs, opcode=WSC_ACK)
8664 send_wsc_msg(hapd, addr, ack)
8665
8666 wps_wait_eap_failure(hapd, dev[0])
8667
8668def test_wps_ext_m2_ack(dev, apdev):
8669 """WPS proto: M2 followed by ACK"""
8670 pin = "12345670"
8671 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8672 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8673 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8674
8675 logger.debug("Receive WSC/Start from AP")
8676 msg = get_wsc_msg(hapd)
8677 if msg['wsc_opcode'] != WSC_Start:
8678 raise Exception("Unexpected Op-Code for WSC/Start")
8679
8680 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8681 uuid_e = 16*'\x11'
8682 e_nonce = 16*'\x22'
8683 own_private, e_pk = wsc_dh_init()
8684
8685 logger.debug("Send M1 to AP")
8686 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8687 e_nonce, e_pk)
8688 send_wsc_msg(hapd, addr, m1)
8689
8690 logger.debug("Receive M2 from AP")
8691 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8692 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8693 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8694
8695 authkey,keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8696 r_nonce)
8697 e_s1,e_s2,e_hash1,e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8698
8699 logger.debug("Send WSC_ACK to AP")
8700 ack,attrs = build_ack(msg['eap_identifier'], e_nonce, r_nonce, eap_code=2)
8701 send_wsc_msg(hapd, addr, ack)
8702
8703 wps_wait_eap_failure(hapd, dev[0])
8704
8705def test_wps_ext_m2_ack_no_msg_type(dev, apdev):
8706 """WPS proto: M2 followed by ACK missing Msg Type"""
8707 pin = "12345670"
8708 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8709 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8710 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8711
8712 logger.debug("Receive WSC/Start from AP")
8713 msg = get_wsc_msg(hapd)
8714 if msg['wsc_opcode'] != WSC_Start:
8715 raise Exception("Unexpected Op-Code for WSC/Start")
8716
8717 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8718 uuid_e = 16*'\x11'
8719 e_nonce = 16*'\x22'
8720 own_private, e_pk = wsc_dh_init()
8721
8722 logger.debug("Send M1 to AP")
8723 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8724 e_nonce, e_pk)
8725 send_wsc_msg(hapd, addr, m1)
8726
8727 logger.debug("Receive M2 from AP")
8728 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8729 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8730 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8731
8732 authkey,keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8733 r_nonce)
8734 e_s1,e_s2,e_hash1,e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8735
8736 logger.debug("Send WSC_ACK to AP")
8737 ack,attrs = build_ack(msg['eap_identifier'], e_nonce, r_nonce,
8738 msg_type=None, eap_code=2)
8739 send_wsc_msg(hapd, addr, ack)
8740
8741 wps_wait_eap_failure(hapd, dev[0])
8742
8743def test_wps_ext_m2_ack_invalid_msg_type(dev, apdev):
8744 """WPS proto: M2 followed by ACK with invalid Msg Type"""
8745 pin = "12345670"
8746 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8747 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8748 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8749
8750 logger.debug("Receive WSC/Start from AP")
8751 msg = get_wsc_msg(hapd)
8752 if msg['wsc_opcode'] != WSC_Start:
8753 raise Exception("Unexpected Op-Code for WSC/Start")
8754
8755 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8756 uuid_e = 16*'\x11'
8757 e_nonce = 16*'\x22'
8758 own_private, e_pk = wsc_dh_init()
8759
8760 logger.debug("Send M1 to AP")
8761 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8762 e_nonce, e_pk)
8763 send_wsc_msg(hapd, addr, m1)
8764
8765 logger.debug("Receive M2 from AP")
8766 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8767 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8768 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8769
8770 authkey,keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8771 r_nonce)
8772 e_s1,e_s2,e_hash1,e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8773
8774 logger.debug("Send WSC_ACK to AP")
8775 ack,attrs = build_ack(msg['eap_identifier'], e_nonce, r_nonce,
8776 msg_type=WPS_WSC_NACK, eap_code=2)
8777 send_wsc_msg(hapd, addr, ack)
8778
8779 wps_wait_eap_failure(hapd, dev[0])
8780
8781def test_wps_ext_m2_ack_e_nonce_mismatch(dev, apdev):
8782 """WPS proto: M2 followed by ACK with e-nonce mismatch"""
8783 pin = "12345670"
8784 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8785 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8786 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8787
8788 logger.debug("Receive WSC/Start from AP")
8789 msg = get_wsc_msg(hapd)
8790 if msg['wsc_opcode'] != WSC_Start:
8791 raise Exception("Unexpected Op-Code for WSC/Start")
8792
8793 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8794 uuid_e = 16*'\x11'
8795 e_nonce = 16*'\x22'
8796 own_private, e_pk = wsc_dh_init()
8797
8798 logger.debug("Send M1 to AP")
8799 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8800 e_nonce, e_pk)
8801 send_wsc_msg(hapd, addr, m1)
8802
8803 logger.debug("Receive M2 from AP")
8804 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8805 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8806 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8807
8808 authkey,keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8809 r_nonce)
8810 e_s1,e_s2,e_hash1,e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8811
8812 logger.debug("Send WSC_ACK to AP")
8813 ack,attrs = build_ack(msg['eap_identifier'], 16*'\x00', r_nonce,
8814 eap_code=2)
8815 send_wsc_msg(hapd, addr, ack)
8816
8817 wps_wait_eap_failure(hapd, dev[0])
8818
8819def test_wps_ext_m1_invalid(dev, apdev):
8820 """WPS proto: M1 failing parsing"""
8821 pin = "12345670"
8822 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8823 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8824 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8825
8826 logger.debug("Receive WSC/Start from AP")
8827 msg = get_wsc_msg(hapd)
8828 if msg['wsc_opcode'] != WSC_Start:
8829 raise Exception("Unexpected Op-Code for WSC/Start")
8830
8831 logger.debug("Send M1 to AP")
8832 attrs = '\x10\x00\x00'
8833 m1 = build_eap_wsc(2, msg['eap_identifier'], attrs)
8834 send_wsc_msg(hapd, addr, m1)
8835
8836 wps_wait_eap_failure(hapd, dev[0])
8837
8838def test_wps_ext_m1_missing_msg_type(dev, apdev):
8839 """WPS proto: M1 missing Msg Type"""
8840 pin = "12345670"
8841 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8842 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8843 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8844
8845 logger.debug("Receive WSC/Start from AP")
8846 msg = get_wsc_msg(hapd)
8847 if msg['wsc_opcode'] != WSC_Start:
8848 raise Exception("Unexpected Op-Code for WSC/Start")
8849
8850 logger.debug("Send M1 to AP")
8851 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8852 m1 = build_eap_wsc(2, msg['eap_identifier'], attrs)
8853 send_wsc_msg(hapd, addr, m1)
8854
8855 wps_wait_ap_nack(hapd, dev[0], 16*'\x00', 16*'\x00')
8856
8857def wps_ext_wsc_done(dev, apdev):
8858 pin = "12345670"
8859 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8860 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8861 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8862
8863 logger.debug("Receive WSC/Start from AP")
8864 msg = get_wsc_msg(hapd)
8865 if msg['wsc_opcode'] != WSC_Start:
8866 raise Exception("Unexpected Op-Code for WSC/Start")
8867
8868 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8869 uuid_e = 16*'\x11'
8870 e_nonce = 16*'\x22'
8871 own_private, e_pk = wsc_dh_init()
8872
8873 logger.debug("Send M1 to AP")
8874 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8875 e_nonce, e_pk)
8876 send_wsc_msg(hapd, addr, m1)
8877
8878 logger.debug("Receive M2 from AP")
8879 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8880 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8881 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8882
8883 authkey,keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8884 r_nonce)
8885 e_s1,e_s2,e_hash1,e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8886
8887 logger.debug("Send M3 to AP")
8888 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8889 attrs += build_attr_msg_type(WPS_M3)
8890 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8891 attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
8892 attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
8893 attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
8894 raw_m3_attrs = attrs
8895 m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
8896 send_wsc_msg(hapd, addr, m3)
8897
8898 logger.debug("Receive M4 from AP")
8899 msg, m4_attrs, raw_m4_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M4)
8900
8901 logger.debug("Send M5 to AP")
8902 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8903 attrs += build_attr_msg_type(WPS_M5)
8904 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8905 data = build_wsc_attr(ATTR_E_SNONCE1, e_s1)
8906 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
8907 attrs += build_attr_authenticator(authkey, raw_m4_attrs, attrs)
8908 raw_m5_attrs = attrs
8909 m5 = build_eap_wsc(2, msg['eap_identifier'], attrs)
8910 send_wsc_msg(hapd, addr, m5)
8911
8912 logger.debug("Receive M6 from AP")
8913 msg, m6_attrs, raw_m6_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M6)
8914
8915 logger.debug("Send M7 to AP")
8916 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8917 attrs += build_attr_msg_type(WPS_M7)
8918 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8919 data = build_wsc_attr(ATTR_E_SNONCE2, e_s2)
8920 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
8921 attrs += build_attr_authenticator(authkey, raw_m6_attrs, attrs)
8922 m7 = build_eap_wsc(2, msg['eap_identifier'], attrs)
8923 raw_m7_attrs = attrs
8924 send_wsc_msg(hapd, addr, m7)
8925
8926 logger.debug("Receive M8 from AP")
8927 msg, m8_attrs, raw_m8_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M8)
8928 return hapd, msg, e_nonce, r_nonce
8929
8930def test_wps_ext_wsc_done_invalid(dev, apdev):
8931 """WPS proto: invalid WSC_Done"""
8932 hapd, msg, e_nonce, r_nonce = wps_ext_wsc_done(dev, apdev)
8933
8934 logger.debug("Send WSC_Done to AP")
8935 attrs = '\x10\x00\x00'
8936 wsc_done = build_eap_wsc(2, msg['eap_identifier'], attrs, opcode=WSC_Done)
8937 send_wsc_msg(hapd, dev[0].own_addr(), wsc_done)
8938
8939 wps_wait_eap_failure(hapd, dev[0])
8940
8941def test_wps_ext_wsc_done_no_msg_type(dev, apdev):
8942 """WPS proto: invalid WSC_Done"""
8943 hapd, msg, e_nonce, r_nonce = wps_ext_wsc_done(dev, apdev)
8944
8945 logger.debug("Send WSC_Done to AP")
8946 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8947 #attrs += build_attr_msg_type(WPS_WSC_DONE)
8948 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
8949 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8950 wsc_done = build_eap_wsc(2, msg['eap_identifier'], attrs, opcode=WSC_Done)
8951 send_wsc_msg(hapd, dev[0].own_addr(), wsc_done)
8952
8953 wps_wait_eap_failure(hapd, dev[0])
8954
8955def test_wps_ext_wsc_done_wrong_msg_type(dev, apdev):
8956 """WPS proto: WSC_Done with wrong Msg Type"""
8957 hapd, msg, e_nonce, r_nonce = wps_ext_wsc_done(dev, apdev)
8958
8959 logger.debug("Send WSC_Done to AP")
8960 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8961 attrs += build_attr_msg_type(WPS_WSC_ACK)
8962 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
8963 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8964 wsc_done = build_eap_wsc(2, msg['eap_identifier'], attrs, opcode=WSC_Done)
8965 send_wsc_msg(hapd, dev[0].own_addr(), wsc_done)
8966
8967 wps_wait_eap_failure(hapd, dev[0])
8968
8969def test_wps_ext_wsc_done_no_e_nonce(dev, apdev):
8970 """WPS proto: WSC_Done without e_nonce"""
8971 hapd, msg, e_nonce, r_nonce = wps_ext_wsc_done(dev, apdev)
8972
8973 logger.debug("Send WSC_Done to AP")
8974 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8975 attrs += build_attr_msg_type(WPS_WSC_DONE)
8976 #attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
8977 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8978 wsc_done = build_eap_wsc(2, msg['eap_identifier'], attrs, opcode=WSC_Done)
8979 send_wsc_msg(hapd, dev[0].own_addr(), wsc_done)
8980
8981 wps_wait_eap_failure(hapd, dev[0])
8982
8983def test_wps_ext_wsc_done_no_r_nonce(dev, apdev):
8984 """WPS proto: WSC_Done without r_nonce"""
8985 hapd, msg, e_nonce, r_nonce = wps_ext_wsc_done(dev, apdev)
8986
8987 logger.debug("Send WSC_Done to AP")
8988 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8989 attrs += build_attr_msg_type(WPS_WSC_DONE)
8990 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
8991 #attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8992 wsc_done = build_eap_wsc(2, msg['eap_identifier'], attrs, opcode=WSC_Done)
8993 send_wsc_msg(hapd, dev[0].own_addr(), wsc_done)
8994
8995 wps_wait_eap_failure(hapd, dev[0])
8996
8997def test_wps_ext_m7_no_encr_settings(dev, apdev):
8998 """WPS proto: M7 without Encr Settings"""
8999 pin = "12345670"
9000 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
9001 wps_ext_eap_identity_req(dev[0], hapd, bssid)
9002 wps_ext_eap_identity_resp(hapd, dev[0], addr)
9003
9004 logger.debug("Receive WSC/Start from AP")
9005 msg = get_wsc_msg(hapd)
9006 if msg['wsc_opcode'] != WSC_Start:
9007 raise Exception("Unexpected Op-Code for WSC/Start")
9008
9009 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
9010 uuid_e = 16*'\x11'
9011 e_nonce = 16*'\x22'
9012 own_private, e_pk = wsc_dh_init()
9013
9014 logger.debug("Send M1 to AP")
9015 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
9016 e_nonce, e_pk)
9017 send_wsc_msg(hapd, addr, m1)
9018
9019 logger.debug("Receive M2 from AP")
9020 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
9021 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
9022 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
9023
9024 authkey,keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
9025 r_nonce)
9026 e_s1,e_s2,e_hash1,e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
9027
9028 logger.debug("Send M3 to AP")
9029 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
9030 attrs += build_attr_msg_type(WPS_M3)
9031 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
9032 attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
9033 attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
9034 attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
9035 raw_m3_attrs = attrs
9036 m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
9037 send_wsc_msg(hapd, addr, m3)
9038
9039 logger.debug("Receive M4 from AP")
9040 msg, m4_attrs, raw_m4_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M4)
9041
9042 logger.debug("Send M5 to AP")
9043 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
9044 attrs += build_attr_msg_type(WPS_M5)
9045 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
9046 data = build_wsc_attr(ATTR_E_SNONCE1, e_s1)
9047 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
9048 attrs += build_attr_authenticator(authkey, raw_m4_attrs, attrs)
9049 raw_m5_attrs = attrs
9050 m5 = build_eap_wsc(2, msg['eap_identifier'], attrs)
9051 send_wsc_msg(hapd, addr, m5)
9052
9053 logger.debug("Receive M6 from AP")
9054 msg, m6_attrs, raw_m6_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M6)
9055
9056 logger.debug("Send M7 to AP")
9057 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
9058 attrs += build_attr_msg_type(WPS_M7)
9059 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
9060 #data = build_wsc_attr(ATTR_E_SNONCE2, e_s2)
9061 #attrs += build_attr_encr_settings(authkey, keywrapkey, data)
9062 attrs += build_attr_authenticator(authkey, raw_m6_attrs, attrs)
9063 m7 = build_eap_wsc(2, msg['eap_identifier'], attrs)
9064 raw_m7_attrs = attrs
9065 send_wsc_msg(hapd, addr, m7)
9066
9067 wps_wait_ap_nack(hapd, dev[0], e_nonce, r_nonce)
9068
9069def test_wps_ext_m1_workaround(dev, apdev):
9070 """WPS proto: M1 Manufacturer/Model workaround"""
9071 pin = "12345670"
9072 addr,bssid,hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
9073 wps_ext_eap_identity_req(dev[0], hapd, bssid)
9074 wps_ext_eap_identity_resp(hapd, dev[0], addr)
9075
9076 logger.debug("Receive WSC/Start from AP")
9077 msg = get_wsc_msg(hapd)
9078 if msg['wsc_opcode'] != WSC_Start:
9079 raise Exception("Unexpected Op-Code for WSC/Start")
9080
9081 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
9082 uuid_e = 16*'\x11'
9083 e_nonce = 16*'\x22'
9084 own_private, e_pk = wsc_dh_init()
9085
9086 logger.debug("Send M1 to AP")
9087 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
9088 e_nonce, e_pk, manufacturer='Apple TEST',
9089 model_name='AirPort', config_methods='\xff\xff')
9090 send_wsc_msg(hapd, addr, m1)
9091
9092 logger.debug("Receive M2 from AP")
9093 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
53bd8653
JM		 9094
9095def test_ap_wps_disable_enable(dev, apdev):
9096 """WPS and DISABLE/ENABLE AP"""
9097 hapd = wps_start_ap(apdev[0])
9098 hapd.disable()
9099 hapd.enable()
9100 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
dd124ee8
JM		 9101
9102def test_ap_wps_upnp_web_oom(dev, apdev, params):
9103 """hostapd WPS UPnP web OOM"""
9104 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
9105 hapd = add_ssdp_ap(apdev[0]['ifname'], ap_uuid)
9106
9107 location = ssdp_get_location(ap_uuid)
9108 url = urlparse.urlparse(location)
9109 urls = upnp_get_urls(location)
9110 eventurl = urlparse.urlparse(urls['event_sub_url'])
9111 ctrlurl = urlparse.urlparse(urls['control_url'])
9112
9113 conn = httplib.HTTPConnection(url.netloc)
9114 with alloc_fail(hapd, 1, "web_connection_parse_get"):
9115 conn.request("GET", "/wps_device.xml")
9116 try:
9117 resp = conn.getresponse()
9118 except:
9119 pass
9120
9121 conn = httplib.HTTPConnection(url.netloc)
9122 conn.request("GET", "/unknown")
9123 resp = conn.getresponse()
9124 if resp.status != 404:
9125 raise Exception("Unexpected HTTP result for unknown URL: %d" + resp.status)
9126
9127 with alloc_fail(hapd, 1, "web_connection_parse_get"):
9128 conn.request("GET", "/unknown")
9129 try:
9130 resp = conn.getresponse()
9131 print resp.status
9132 except:
9133 pass
9134
9135 conn = httplib.HTTPConnection(url.netloc)
9136 conn.request("GET", "/wps_device.xml")
9137 resp = conn.getresponse()
9138 if resp.status != 200:
9139 raise Exception("GET /wps_device.xml failed")
9140
9141 conn = httplib.HTTPConnection(url.netloc)
9142 resp = upnp_soap_action(conn, ctrlurl.path, "GetDeviceInfo")
9143 if resp.status != 200:
9144 raise Exception("GetDeviceInfo failed")
9145
9146 with alloc_fail(hapd, 1, "web_process_get_device_info"):
9147 conn = httplib.HTTPConnection(url.netloc)
9148 resp = upnp_soap_action(conn, ctrlurl.path, "GetDeviceInfo")
9149 if resp.status != 500:
9150 raise Exception("Internal error not reported from GetDeviceInfo OOM")
9151
9152 with alloc_fail(hapd, 1, "wps_build_m1;web_process_get_device_info"):
9153 conn = httplib.HTTPConnection(url.netloc)
9154 resp = upnp_soap_action(conn, ctrlurl.path, "GetDeviceInfo")
9155 if resp.status != 500:
9156 raise Exception("Internal error not reported from GetDeviceInfo OOM")
9157
9158 with alloc_fail(hapd, 1, "wpabuf_alloc;web_connection_send_reply"):
9159 conn = httplib.HTTPConnection(url.netloc)
9160 try:
9161 resp = upnp_soap_action(conn, ctrlurl.path, "GetDeviceInfo")
9162 except:
9163 pass
9164
9165 conn = httplib.HTTPConnection(url.netloc)
9166 resp = upnp_soap_action(conn, ctrlurl.path, "GetDeviceInfo")
9167 if resp.status != 200:
9168 raise Exception("GetDeviceInfo failed")
9169
9170 # No NewWLANEventType in PutWLANResponse NewMessage
9171 conn = httplib.HTTPConnection(url.netloc)
9172 resp = upnp_soap_action(conn, ctrlurl.path, "PutWLANResponse", newmsg="foo")
9173 if resp.status != 600:
9174 raise Exception("Unexpected HTTP response: %d" % resp.status)
9175
9176 # No NewWLANEventMAC in PutWLANResponse NewMessage
9177 conn = httplib.HTTPConnection(url.netloc)
9178 resp = upnp_soap_action(conn, ctrlurl.path, "PutWLANResponse",
9179 newmsg="foo", neweventtype="1")
9180 if resp.status != 600:
9181 raise Exception("Unexpected HTTP response: %d" % resp.status)
9182
9183 # Invalid NewWLANEventMAC in PutWLANResponse NewMessage
9184 conn = httplib.HTTPConnection(url.netloc)
9185 resp = upnp_soap_action(conn, ctrlurl.path, "PutWLANResponse",
9186 newmsg="foo", neweventtype="1",
9187 neweventmac="foo")
9188 if resp.status != 600:
9189 raise Exception("Unexpected HTTP response: %d" % resp.status)
9190
9191 # Workaround for NewWLANEventMAC in PutWLANResponse NewMessage
9192 # Ignored unexpected PutWLANResponse WLANEventType 1
9193 conn = httplib.HTTPConnection(url.netloc)
9194 resp = upnp_soap_action(conn, ctrlurl.path, "PutWLANResponse",
9195 newmsg="foo", neweventtype="1",
9196 neweventmac="00.11.22.33.44.55")
9197 if resp.status != 500:
9198 raise Exception("Unexpected HTTP response: %d" % resp.status)
9199
9200 # PutWLANResponse NewMessage with invalid EAP message
9201 conn = httplib.HTTPConnection(url.netloc)
9202 resp = upnp_soap_action(conn, ctrlurl.path, "PutWLANResponse",
9203 newmsg="foo", neweventtype="2",
9204 neweventmac="00:11:22:33:44:55")
9205 if resp.status != 200:
9206 raise Exception("Unexpected HTTP response: %d" % resp.status)
9207
9208 with alloc_fail(hapd, 1, "web_connection_parse_subscribe"):
9209 conn = httplib.HTTPConnection(url.netloc)
9210 headers = { "callback": '<http://127.0.0.1:12345/event>',
9211 "NT": "upnp:event",
9212 "timeout": "Second-1234" }
9213 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
9214 try:
9215 resp = conn.getresponse()
9216 except:
9217 pass
9218
9219 with alloc_fail(hapd, 1, "dup_binstr;web_connection_parse_subscribe"):
9220 conn = httplib.HTTPConnection(url.netloc)
9221 headers = { "callback": '<http://127.0.0.1:12345/event>',
9222 "NT": "upnp:event",
9223 "timeout": "Second-1234" }
9224 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
9225 resp = conn.getresponse()
9226 if resp.status != 500:
9227 raise Exception("Unexpected HTTP response: %d" % resp.status)
9228
9229 with alloc_fail(hapd, 1, "wpabuf_alloc;web_connection_parse_unsubscribe"):
9230 conn = httplib.HTTPConnection(url.netloc)
9231 headers = { "callback": '<http://127.0.0.1:12345/event>',
9232 "NT": "upnp:event",
9233 "timeout": "Second-1234" }
9234 conn.request("UNSUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
9235 try:
9236 resp = conn.getresponse()
9237 except:
9238 pass
9239
9240 with alloc_fail(hapd, 1, "web_connection_unimplemented"):
9241 conn = httplib.HTTPConnection(url.netloc)
9242 conn.request("HEAD", "/wps_device.xml")
9243 try:
9244 resp = conn.getresponse()
9245 except:
9246 pass
d1341917
JM		 9247
9248def test_ap_wps_frag_ack_oom(dev, apdev):
9249 """WPS and fragment ack OOM"""
9250 dev[0].request("SET wps_fragment_size 50")
9251 hapd = wps_start_ap(apdev[0])
9252 with alloc_fail(hapd, 1, "eap_wsc_build_frag_ack"):
9253 wps_run_pbc_fail_ap(apdev[0], dev[0], hapd)
Unnamed repository; edit this file 'description' to name the repository.