]> git.ipfire.org Git - thirdparty/hostap.git/blame - tests/hwsim/test_ap_wps.py
projects / thirdparty / hostap.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
tests: WPS 2.0 AP rejecting WEP configuration
[thirdparty/hostap.git] / tests / hwsim / test_ap_wps.py
CommitLineData
302b7a1b
JM		 1#!/usr/bin/python
2#
3# WPS tests
8674c022 4# Copyright (c) 2013-2014, Jouni Malinen <j@w1.fi>
302b7a1b
JM		 5#
6# This software may be distributed under the terms of the BSD license.
7# See README for more details.
8
9import time
10import subprocess
11import logging
c9aa4308 12logger = logging.getLogger()
302b7a1b
JM		 13
14import hwsim_utils
15import hostapd
16
ae3ad328 17def test_ap_wps_init(dev, apdev):
302b7a1b
JM		 18 """Initial AP configuration with first WPS Enrollee"""
19 ssid = "test-wps"
ae3ad328 20 hostapd.add_ap(apdev[0]['ifname'],
302b7a1b 21 { "ssid": ssid, "eap_server": "1", "wps_state": "1" })
ae3ad328 22 hapd = hostapd.Hostapd(apdev[0]['ifname'])
302b7a1b
JM		 23 logger.info("WPS provisioning step")
24 hapd.request("WPS_PBC")
d671a420
JM		 25 if "PBC Status: Active" not in hapd.request("WPS_GET_STATUS"):
26 raise Exception("PBC status not shown correctly")
302b7a1b
JM		 27 dev[0].dump_monitor()
28 dev[0].request("WPS_PBC")
853b49a0 29 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=30)
302b7a1b
JM		 30 if ev is None:
31 raise Exception("Association with the AP timed out")
32 status = dev[0].get_status()
ae3ad328 33 if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
302b7a1b
JM		 34 raise Exception("Not fully connected")
35 if status['ssid'] != ssid:
36 raise Exception("Unexpected SSID")
37 if status['pairwise_cipher'] != 'CCMP':
38 raise Exception("Unexpected encryption configuration")
39 if status['key_mgmt'] != 'WPA2-PSK':
40 raise Exception("Unexpected key_mgmt")
41
d671a420
JM		 42 status = hapd.request("WPS_GET_STATUS")
43 if "PBC Status: Disabled" not in status:
44 raise Exception("PBC status not shown correctly")
45 if "Last WPS result: Success" not in status:
46 raise Exception("Last WPS result not shown correctly")
47 if "Peer Address: " + dev[0].p2p_interface_addr() not in status:
48 raise Exception("Peer address not shown correctly")
75b25ece
JM		 49 conf = hapd.request("GET_CONFIG")
50 if "wps_state=configured" not in conf:
51 raise Exception("AP not in WPS configured state")
52 if "rsn_pairwise_cipher=CCMP TKIP" not in conf:
53 raise Exception("Unexpected rsn_pairwise_cipher")
54 if "wpa_pairwise_cipher=CCMP TKIP" not in conf:
55 raise Exception("Unexpected wpa_pairwise_cipher")
56 if "group_cipher=TKIP" not in conf:
57 raise Exception("Unexpected group_cipher")
d671a420 58
18030dc0
JM		 59def test_ap_wps_init_2ap_pbc(dev, apdev):
60 """Initial two-radio AP configuration with first WPS PBC Enrollee"""
61 ssid = "test-wps"
62 params = { "ssid": ssid, "eap_server": "1", "wps_state": "1" }
63 hostapd.add_ap(apdev[0]['ifname'], params)
64 hostapd.add_ap(apdev[1]['ifname'], params)
65 hapd = hostapd.Hostapd(apdev[0]['ifname'])
66 logger.info("WPS provisioning step")
67 hapd.request("WPS_PBC")
18030dc0
JM		 68 dev[0].scan(freq="2412")
69 bss = dev[0].get_bss(apdev[0]['bssid'])
70 if "[WPS-PBC]" not in bss['flags']:
71 raise Exception("WPS-PBC flag missing from AP1")
72 bss = dev[0].get_bss(apdev[1]['bssid'])
73 if "[WPS-PBC]" not in bss['flags']:
74 raise Exception("WPS-PBC flag missing from AP2")
75 dev[0].dump_monitor()
76 dev[0].request("WPS_PBC")
77 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=30)
78 if ev is None:
79 raise Exception("Association with the AP timed out")
80
18030dc0
JM		 81 dev[1].scan(freq="2412")
82 bss = dev[1].get_bss(apdev[0]['bssid'])
83 if "[WPS-PBC]" in bss['flags']:
84 raise Exception("WPS-PBC flag not cleared from AP1")
85 bss = dev[1].get_bss(apdev[1]['bssid'])
86 if "[WPS-PBC]" in bss['flags']:
87 raise Exception("WPS-PBC flag bit ckeared from AP2")
88
89def test_ap_wps_init_2ap_pin(dev, apdev):
90 """Initial two-radio AP configuration with first WPS PIN Enrollee"""
91 ssid = "test-wps"
92 params = { "ssid": ssid, "eap_server": "1", "wps_state": "1" }
93 hostapd.add_ap(apdev[0]['ifname'], params)
94 hostapd.add_ap(apdev[1]['ifname'], params)
95 hapd = hostapd.Hostapd(apdev[0]['ifname'])
96 logger.info("WPS provisioning step")
97 pin = dev[0].wps_read_pin()
98 hapd.request("WPS_PIN any " + pin)
18030dc0
JM		 99 dev[0].scan(freq="2412")
100 bss = dev[0].get_bss(apdev[0]['bssid'])
101 if "[WPS-AUTH]" not in bss['flags']:
102 raise Exception("WPS-AUTH flag missing from AP1")
103 bss = dev[0].get_bss(apdev[1]['bssid'])
104 if "[WPS-AUTH]" not in bss['flags']:
105 raise Exception("WPS-AUTH flag missing from AP2")
106 dev[0].dump_monitor()
107 dev[0].request("WPS_PIN any " + pin)
108 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=30)
109 if ev is None:
110 raise Exception("Association with the AP timed out")
111
18030dc0
JM		 112 dev[1].scan(freq="2412")
113 bss = dev[1].get_bss(apdev[0]['bssid'])
114 if "[WPS-AUTH]" in bss['flags']:
115 raise Exception("WPS-AUTH flag not cleared from AP1")
116 bss = dev[1].get_bss(apdev[1]['bssid'])
117 if "[WPS-AUTH]" in bss['flags']:
118 raise Exception("WPS-AUTH flag bit ckeared from AP2")
119
35831e94
JM		 120def test_ap_wps_init_through_wps_config(dev, apdev):
121 """Initial AP configuration using wps_config command"""
122 ssid = "test-wps-init-config"
123 hostapd.add_ap(apdev[0]['ifname'],
124 { "ssid": ssid, "eap_server": "1", "wps_state": "1" })
125 hapd = hostapd.Hostapd(apdev[0]['ifname'])
126 if "FAIL" in hapd.request("WPS_CONFIG " + ssid.encode("hex") + " WPA2PSK CCMP " + "12345678".encode("hex")):
127 raise Exception("WPS_CONFIG command failed")
128 dev[0].connect(ssid, psk="12345678", scan_freq="2412", proto="WPA2",
129 pairwise="CCMP", group="CCMP")
130
ae3ad328 131def test_ap_wps_conf(dev, apdev):
302b7a1b
JM		 132 """WPS PBC provisioning with configured AP"""
133 ssid = "test-wps-conf"
ae3ad328 134 hostapd.add_ap(apdev[0]['ifname'],
302b7a1b
JM		 135 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
136 "wpa_passphrase": "12345678", "wpa": "2",
137 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
ae3ad328 138 hapd = hostapd.Hostapd(apdev[0]['ifname'])
302b7a1b
JM		 139 logger.info("WPS provisioning step")
140 hapd.request("WPS_PBC")
141 dev[0].dump_monitor()
142 dev[0].request("WPS_PBC")
7e3f110b 143 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=30)
302b7a1b
JM		 144 if ev is None:
145 raise Exception("Association with the AP timed out")
146 status = dev[0].get_status()
ae3ad328 147 if status['wpa_state'] != 'COMPLETED':
302b7a1b 148 raise Exception("Not fully connected")
ae3ad328
JM		 149 if status['bssid'] != apdev[0]['bssid']:
150 raise Exception("Unexpected BSSID")
302b7a1b
JM		 151 if status['ssid'] != ssid:
152 raise Exception("Unexpected SSID")
153 if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'CCMP':
154 raise Exception("Unexpected encryption configuration")
155 if status['key_mgmt'] != 'WPA2-PSK':
156 raise Exception("Unexpected key_mgmt")
157
097cd9cd
JM		 158 sta = hapd.get_sta(dev[0].p2p_interface_addr())
159 if 'wpsDeviceName' not in sta or sta['wpsDeviceName'] != "Device A":
160 raise Exception("Device name not available in STA command")
161
04e62788
JM		 162def test_ap_wps_twice(dev, apdev):
163 """WPS provisioning with twice to change passphrase"""
164 ssid = "test-wps-twice"
165 params = { "ssid": ssid, "eap_server": "1", "wps_state": "2",
166 "wpa_passphrase": "12345678", "wpa": "2",
167 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP" }
168 hostapd.add_ap(apdev[0]['ifname'], params)
169 hapd = hostapd.Hostapd(apdev[0]['ifname'])
170 logger.info("WPS provisioning step")
171 hapd.request("WPS_PBC")
04e62788
JM		 172 dev[0].dump_monitor()
173 dev[0].request("WPS_PBC")
174 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=30)
175 if ev is None:
176 raise Exception("Association with the AP timed out")
177 dev[0].request("DISCONNECT")
178
179 logger.info("Restart AP with different passphrase and re-run WPS")
180 hapd_global = hostapd.HostapdGlobal()
181 hapd_global.remove(apdev[0]['ifname'])
182 params['wpa_passphrase'] = 'another passphrase'
183 hostapd.add_ap(apdev[0]['ifname'], params)
184 hapd = hostapd.Hostapd(apdev[0]['ifname'])
185 logger.info("WPS provisioning step")
186 hapd.request("WPS_PBC")
187 dev[0].dump_monitor()
188 dev[0].request("WPS_PBC")
189 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=30)
190 if ev is None:
191 raise Exception("Association with the AP timed out")
192 networks = dev[0].list_networks()
193 if len(networks) > 1:
194 raise Exception("Unexpected duplicated network block present")
195
d658205a
JM		 196def test_ap_wps_incorrect_pin(dev, apdev):
197 """WPS PIN provisioning with incorrect PIN"""
198 ssid = "test-wps-incorrect-pin"
199 hostapd.add_ap(apdev[0]['ifname'],
200 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
201 "wpa_passphrase": "12345678", "wpa": "2",
202 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
203 hapd = hostapd.Hostapd(apdev[0]['ifname'])
204
205 logger.info("WPS provisioning attempt 1")
206 hapd.request("WPS_PIN any 12345670")
d658205a
JM		 207 dev[0].dump_monitor()
208 dev[0].request("WPS_PIN any 55554444")
209 ev = dev[0].wait_event(["WPS-FAIL"], timeout=30)
210 if ev is None:
211 raise Exception("WPS operation timed out")
212 if "config_error=18" not in ev:
213 raise Exception("Incorrect config_error reported")
214 if "msg=8" not in ev:
215 raise Exception("PIN error detected on incorrect message")
216 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"])
217 if ev is None:
218 raise Exception("Timeout on disconnection event")
219 dev[0].request("WPS_CANCEL")
220 # if a scan was in progress, wait for it to complete before trying WPS again
221 ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
222
d671a420
JM		 223 status = hapd.request("WPS_GET_STATUS")
224 if "Last WPS result: Failed" not in status:
225 raise Exception("WPS failure result not shown correctly")
226
d658205a
JM		 227 logger.info("WPS provisioning attempt 2")
228 hapd.request("WPS_PIN any 12345670")
229 dev[0].dump_monitor()
230 dev[0].request("WPS_PIN any 12344444")
231 ev = dev[0].wait_event(["WPS-FAIL"], timeout=30)
232 if ev is None:
233 raise Exception("WPS operation timed out")
234 if "config_error=18" not in ev:
235 raise Exception("Incorrect config_error reported")
236 if "msg=10" not in ev:
237 raise Exception("PIN error detected on incorrect message")
238 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"])
239 if ev is None:
240 raise Exception("Timeout on disconnection event")
241
ae3ad328 242def test_ap_wps_conf_pin(dev, apdev):
302b7a1b
JM		 243 """WPS PIN provisioning with configured AP"""
244 ssid = "test-wps-conf-pin"
ae3ad328 245 hostapd.add_ap(apdev[0]['ifname'],
302b7a1b
JM		 246 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
247 "wpa_passphrase": "12345678", "wpa": "2",
248 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
ae3ad328 249 hapd = hostapd.Hostapd(apdev[0]['ifname'])
302b7a1b
JM		 250 logger.info("WPS provisioning step")
251 pin = dev[0].wps_read_pin()
252 hapd.request("WPS_PIN any " + pin)
253 dev[0].dump_monitor()
254 dev[0].request("WPS_PIN any " + pin)
7e3f110b 255 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=30)
302b7a1b
JM		 256 if ev is None:
257 raise Exception("Association with the AP timed out")
258 status = dev[0].get_status()
ae3ad328 259 if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
302b7a1b
JM		 260 raise Exception("Not fully connected")
261 if status['ssid'] != ssid:
262 raise Exception("Unexpected SSID")
263 if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'CCMP':
264 raise Exception("Unexpected encryption configuration")
265 if status['key_mgmt'] != 'WPA2-PSK':
266 raise Exception("Unexpected key_mgmt")
267
362ba6de
JM		 268 dev[1].scan(freq="2412")
269 bss = dev[1].get_bss(apdev[0]['bssid'])
270 if "[WPS-AUTH]" in bss['flags']:
271 raise Exception("WPS-AUTH flag not cleared")
a60a6d6b
JM		 272 logger.info("Try to connect from another station using the same PIN")
273 dev[1].request("WPS_PIN any " + pin)
274 ev = dev[1].wait_event(["WPS-M2D","CTRL-EVENT-CONNECTED"], timeout=30)
275 if ev is None:
276 raise Exception("Operation timed out")
277 if "WPS-M2D" not in ev:
278 raise Exception("Unexpected WPS operation started")
362ba6de 279
e9129860
JM		 280def test_ap_wps_conf_pin_2sta(dev, apdev):
281 """Two stations trying to use WPS PIN at the same time"""
282 ssid = "test-wps-conf-pin2"
283 hostapd.add_ap(apdev[0]['ifname'],
284 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
285 "wpa_passphrase": "12345678", "wpa": "2",
286 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
287 hapd = hostapd.Hostapd(apdev[0]['ifname'])
288 logger.info("WPS provisioning step")
289 pin = "12345670"
290 pin2 = "55554444"
291 hapd.request("WPS_PIN " + dev[0].get_status_field("uuid") + " " + pin)
292 hapd.request("WPS_PIN " + dev[1].get_status_field("uuid") + " " + pin)
e9129860 293 dev[0].dump_monitor()
e9129860
JM		 294 dev[1].dump_monitor()
295 dev[0].request("WPS_PIN any " + pin)
296 dev[1].request("WPS_PIN any " + pin)
297 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=30)
298 if ev is None:
299 raise Exception("Association with the AP timed out")
300 ev = dev[1].wait_event(["CTRL-EVENT-CONNECTED"], timeout=30)
301 if ev is None:
302 raise Exception("Association with the AP timed out")
303
ae3ad328 304def test_ap_wps_reg_connect(dev, apdev):
302b7a1b 305 """WPS registrar using AP PIN to connect"""
803edd1c 306 ssid = "test-wps-reg-ap-pin"
302b7a1b 307 appin = "12345670"
ae3ad328 308 hostapd.add_ap(apdev[0]['ifname'],
302b7a1b
JM		 309 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
310 "wpa_passphrase": "12345678", "wpa": "2",
311 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
312 "ap_pin": appin})
313 logger.info("WPS provisioning step")
302b7a1b 314 dev[0].dump_monitor()
6edaee9c 315 dev[0].wps_reg(apdev[0]['bssid'], appin)
302b7a1b 316 status = dev[0].get_status()
ae3ad328 317 if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
302b7a1b
JM		 318 raise Exception("Not fully connected")
319 if status['ssid'] != ssid:
320 raise Exception("Unexpected SSID")
321 if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'CCMP':
322 raise Exception("Unexpected encryption configuration")
323 if status['key_mgmt'] != 'WPA2-PSK':
324 raise Exception("Unexpected key_mgmt")
325
9488858f
JM		 326def check_wps_reg_failure(dev, ap, appin):
327 dev.request("WPS_REG " + ap['bssid'] + " " + appin)
328 ev = dev.wait_event(["WPS-SUCCESS", "WPS-FAIL"], timeout=15)
329 if ev is None:
330 raise Exception("WPS operation timed out")
331 if "WPS-SUCCESS" in ev:
332 raise Exception("WPS operation succeeded unexpectedly")
333 if "config_error=15" not in ev:
334 raise Exception("WPS setup locked state was not reported correctly")
335
e4357b19
JM		 336def test_ap_wps_random_ap_pin(dev, apdev):
337 """WPS registrar using random AP PIN"""
338 ssid = "test-wps-reg-random-ap-pin"
339 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
340 hostapd.add_ap(apdev[0]['ifname'],
341 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
342 "wpa_passphrase": "12345678", "wpa": "2",
343 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
344 "device_name": "Wireless AP", "manufacturer": "Company",
345 "model_name": "WAP", "model_number": "123",
346 "serial_number": "12345", "device_type": "6-0050F204-1",
347 "os_version": "01020300",
348 "config_methods": "label push_button",
349 "uuid": ap_uuid, "upnp_iface": "lo" })
350 hapd = hostapd.Hostapd(apdev[0]['ifname'])
351 appin = hapd.request("WPS_AP_PIN random")
352 if "FAIL" in appin:
353 raise Exception("Could not generate random AP PIN")
354 if appin not in hapd.request("WPS_AP_PIN get"):
355 raise Exception("Could not fetch current AP PIN")
356 logger.info("WPS provisioning step")
e4357b19
JM		 357 dev[0].wps_reg(apdev[0]['bssid'], appin)
358
359 hapd.request("WPS_AP_PIN disable")
360 logger.info("WPS provisioning step with AP PIN disabled")
9488858f
JM		 361 check_wps_reg_failure(dev[1], apdev[0], appin)
362
363 logger.info("WPS provisioning step with AP PIN reset")
364 appin = "12345670"
365 hapd.request("WPS_AP_PIN set " + appin)
366 dev[1].wps_reg(apdev[0]['bssid'], appin)
367 dev[0].request("REMOVE_NETWORK all")
368 dev[1].request("REMOVE_NETWORK all")
369 dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"])
370 dev[1].wait_event(["CTRL-EVENT-DISCONNECTED"])
371
372 logger.info("WPS provisioning step after AP PIN timeout")
373 hapd.request("WPS_AP_PIN disable")
374 appin = hapd.request("WPS_AP_PIN random 1")
375 time.sleep(1.1)
376 if "FAIL" not in hapd.request("WPS_AP_PIN get"):
377 raise Exception("AP PIN unexpectedly still enabled")
378 check_wps_reg_failure(dev[0], apdev[0], appin)
379
380 logger.info("WPS provisioning step after AP PIN timeout(2)")
381 hapd.request("WPS_AP_PIN disable")
382 appin = "12345670"
383 hapd.request("WPS_AP_PIN set " + appin + " 1")
384 time.sleep(1.1)
385 if "FAIL" not in hapd.request("WPS_AP_PIN get"):
386 raise Exception("AP PIN unexpectedly still enabled")
387 check_wps_reg_failure(dev[1], apdev[0], appin)
e4357b19 388
ae3ad328 389def test_ap_wps_reg_config(dev, apdev):
302b7a1b
JM		 390 """WPS registrar configuring and AP using AP PIN"""
391 ssid = "test-wps-init-ap-pin"
392 appin = "12345670"
ae3ad328 393 hostapd.add_ap(apdev[0]['ifname'],
302b7a1b
JM		 394 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
395 "ap_pin": appin})
396 logger.info("WPS configuration step")
302b7a1b
JM		 397 dev[0].dump_monitor()
398 new_ssid = "wps-new-ssid"
399 new_passphrase = "1234567890"
6edaee9c
JM		 400 dev[0].wps_reg(apdev[0]['bssid'], appin, new_ssid, "WPA2PSK", "CCMP",
401 new_passphrase)
302b7a1b 402 status = dev[0].get_status()
ae3ad328 403 if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
302b7a1b
JM		 404 raise Exception("Not fully connected")
405 if status['ssid'] != new_ssid:
406 raise Exception("Unexpected SSID")
407 if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'CCMP':
408 raise Exception("Unexpected encryption configuration")
409 if status['key_mgmt'] != 'WPA2-PSK':
410 raise Exception("Unexpected key_mgmt")
411
eeefe187
JM		 412def test_ap_wps_reg_config_tkip(dev, apdev):
413 """WPS registrar configuring AP to use TKIP and AP upgrading to TKIP+CCMP"""
414 ssid = "test-wps-init-ap"
415 appin = "12345670"
416 hostapd.add_ap(apdev[0]['ifname'],
417 { "ssid": ssid, "eap_server": "1", "wps_state": "1",
418 "ap_pin": appin})
419 logger.info("WPS configuration step")
eeefe187
JM		 420 dev[0].request("SET wps_version_number 0x10")
421 dev[0].dump_monitor()
422 new_ssid = "wps-new-ssid-with-tkip"
423 new_passphrase = "1234567890"
424 dev[0].wps_reg(apdev[0]['bssid'], appin, new_ssid, "WPAPSK", "TKIP",
425 new_passphrase)
426 logger.info("Re-connect to verify WPA2 mixed mode")
427 dev[0].request("DISCONNECT")
428 id = 0
429 dev[0].set_network(id, "pairwise", "CCMP")
430 dev[0].set_network(id, "proto", "RSN")
431 dev[0].connect_network(id)
432 status = dev[0].get_status()
433 if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
434 raise Exception("Not fully connected")
435 if status['ssid'] != new_ssid:
436 raise Exception("Unexpected SSID")
437 if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'TKIP':
438 raise Exception("Unexpected encryption configuration")
439 if status['key_mgmt'] != 'WPA2-PSK':
440 raise Exception("Unexpected key_mgmt")
441
6645ff50
JM		 442def test_ap_wps_setup_locked(dev, apdev):
443 """WPS registrar locking up AP setup on AP PIN failures"""
444 ssid = "test-wps-incorrect-ap-pin"
445 appin = "12345670"
446 hostapd.add_ap(apdev[0]['ifname'],
447 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
448 "wpa_passphrase": "12345678", "wpa": "2",
449 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
450 "ap_pin": appin})
6645ff50
JM		 451 new_ssid = "wps-new-ssid-test"
452 new_passphrase = "1234567890"
453
454 ap_setup_locked=False
455 for pin in ["55554444", "1234", "12345678", "00000000", "11111111"]:
456 dev[0].dump_monitor()
457 logger.info("Try incorrect AP PIN - attempt " + pin)
458 dev[0].wps_reg(apdev[0]['bssid'], pin, new_ssid, "WPA2PSK",
459 "CCMP", new_passphrase, no_wait=True)
460 ev = dev[0].wait_event(["WPS-FAIL", "CTRL-EVENT-CONNECTED"])
461 if ev is None:
462 raise Exception("Timeout on receiving WPS operation failure event")
463 if "CTRL-EVENT-CONNECTED" in ev:
464 raise Exception("Unexpected connection")
465 if "config_error=15" in ev:
466 logger.info("AP Setup Locked")
467 ap_setup_locked=True
468 elif "config_error=18" not in ev:
469 raise Exception("config_error=18 not reported")
470 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"])
471 if ev is None:
472 raise Exception("Timeout on disconnection event")
473 time.sleep(0.1)
474 if not ap_setup_locked:
475 raise Exception("AP setup was not locked")
476
d671a420
JM		 477 hapd = hostapd.Hostapd(apdev[0]['ifname'])
478 status = hapd.request("WPS_GET_STATUS")
479 if "Last WPS result: Failed" not in status:
480 raise Exception("WPS failure result not shown correctly")
481 if "Peer Address: " + dev[0].p2p_interface_addr() not in status:
482 raise Exception("Peer address not shown correctly")
483
6645ff50
JM		 484 time.sleep(0.5)
485 dev[0].dump_monitor()
486 logger.info("WPS provisioning step")
487 pin = dev[0].wps_read_pin()
488 hapd = hostapd.Hostapd(apdev[0]['ifname'])
489 hapd.request("WPS_PIN any " + pin)
490 dev[0].request("WPS_PIN any " + pin)
491 ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=30)
492 if ev is None:
493 raise Exception("WPS success was not reported")
494 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=30)
495 if ev is None:
496 raise Exception("Association with the AP timed out")
497
ae3ad328 498def test_ap_wps_pbc_overlap_2ap(dev, apdev):
302b7a1b 499 """WPS PBC session overlap with two active APs"""
ae3ad328 500 hostapd.add_ap(apdev[0]['ifname'],
302b7a1b
JM		 501 { "ssid": "wps1", "eap_server": "1", "wps_state": "2",
502 "wpa_passphrase": "12345678", "wpa": "2",
503 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
504 "wps_independent": "1"})
ae3ad328 505 hostapd.add_ap(apdev[1]['ifname'],
302b7a1b
JM		 506 { "ssid": "wps2", "eap_server": "1", "wps_state": "2",
507 "wpa_passphrase": "123456789", "wpa": "2",
508 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
509 "wps_independent": "1"})
ae3ad328 510 hapd = hostapd.Hostapd(apdev[0]['ifname'])
302b7a1b 511 hapd.request("WPS_PBC")
ae3ad328 512 hapd2 = hostapd.Hostapd(apdev[1]['ifname'])
302b7a1b
JM		 513 hapd2.request("WPS_PBC")
514 logger.info("WPS provisioning step")
515 dev[0].dump_monitor()
516 dev[0].request("WPS_PBC")
517 ev = dev[0].wait_event(["WPS-OVERLAP-DETECTED"], timeout=15)
518 if ev is None:
519 raise Exception("PBC session overlap not detected")
520
ae3ad328 521def test_ap_wps_pbc_overlap_2sta(dev, apdev):
302b7a1b
JM		 522 """WPS PBC session overlap with two active STAs"""
523 ssid = "test-wps-pbc-overlap"
ae3ad328 524 hostapd.add_ap(apdev[0]['ifname'],
302b7a1b
JM		 525 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
526 "wpa_passphrase": "12345678", "wpa": "2",
527 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
ae3ad328 528 hapd = hostapd.Hostapd(apdev[0]['ifname'])
302b7a1b
JM		 529 logger.info("WPS provisioning step")
530 hapd.request("WPS_PBC")
302b7a1b
JM		 531 dev[0].dump_monitor()
532 dev[1].dump_monitor()
533 dev[0].request("WPS_PBC")
534 dev[1].request("WPS_PBC")
535 ev = dev[0].wait_event(["WPS-M2D"], timeout=15)
536 if ev is None:
537 raise Exception("PBC session overlap not detected (dev0)")
538 if "config_error=12" not in ev:
539 raise Exception("PBC session overlap not correctly reported (dev0)")
540 ev = dev[1].wait_event(["WPS-M2D"], timeout=15)
541 if ev is None:
542 raise Exception("PBC session overlap not detected (dev1)")
543 if "config_error=12" not in ev:
544 raise Exception("PBC session overlap not correctly reported (dev1)")
6edaee9c 545
71afe834
JM		 546def test_ap_wps_cancel(dev, apdev):
547 """WPS AP cancelling enabled config method"""
548 ssid = "test-wps-ap-cancel"
549 hostapd.add_ap(apdev[0]['ifname'],
550 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
551 "wpa_passphrase": "12345678", "wpa": "2",
552 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP" })
553 bssid = apdev[0]['bssid']
554 hapd = hostapd.Hostapd(apdev[0]['ifname'])
555
556 logger.info("Verify PBC enable/cancel")
557 hapd.request("WPS_PBC")
71afe834
JM		 558 dev[0].scan(freq="2412")
559 bss = dev[0].get_bss(apdev[0]['bssid'])
560 if "[WPS-PBC]" not in bss['flags']:
561 raise Exception("WPS-PBC flag missing")
562 if "FAIL" in hapd.request("WPS_CANCEL"):
563 raise Exception("WPS_CANCEL failed")
564 dev[0].scan(freq="2412")
565 bss = dev[0].get_bss(apdev[0]['bssid'])
566 if "[WPS-PBC]" in bss['flags']:
567 raise Exception("WPS-PBC flag not cleared")
568
569 logger.info("Verify PIN enable/cancel")
570 hapd.request("WPS_PIN any 12345670")
571 dev[0].scan(freq="2412")
572 bss = dev[0].get_bss(apdev[0]['bssid'])
573 if "[WPS-AUTH]" not in bss['flags']:
574 raise Exception("WPS-AUTH flag missing")
575 if "FAIL" in hapd.request("WPS_CANCEL"):
576 raise Exception("WPS_CANCEL failed")
577 dev[0].scan(freq="2412")
578 bss = dev[0].get_bss(apdev[0]['bssid'])
579 if "[WPS-AUTH]" in bss['flags']:
580 raise Exception("WPS-AUTH flag not cleared")
581
6edaee9c
JM		 582def test_ap_wps_er_add_enrollee(dev, apdev):
583 """WPS ER configuring AP and adding a new enrollee using PIN"""
584 ssid = "wps-er-add-enrollee"
585 ap_pin = "12345670"
586 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
587 hostapd.add_ap(apdev[0]['ifname'],
588 { "ssid": ssid, "eap_server": "1", "wps_state": "1",
589 "device_name": "Wireless AP", "manufacturer": "Company",
590 "model_name": "WAP", "model_number": "123",
591 "serial_number": "12345", "device_type": "6-0050F204-1",
592 "os_version": "01020300",
593 "config_methods": "label push_button",
594 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"})
595 logger.info("WPS configuration step")
596 new_passphrase = "1234567890"
597 dev[0].dump_monitor()
6edaee9c
JM		 598 dev[0].wps_reg(apdev[0]['bssid'], ap_pin, ssid, "WPA2PSK", "CCMP",
599 new_passphrase)
600 status = dev[0].get_status()
601 if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
602 raise Exception("Not fully connected")
603 if status['ssid'] != ssid:
604 raise Exception("Unexpected SSID")
605 if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'CCMP':
606 raise Exception("Unexpected encryption configuration")
607 if status['key_mgmt'] != 'WPA2-PSK':
608 raise Exception("Unexpected key_mgmt")
609
610 logger.info("Start ER")
611 dev[0].request("WPS_ER_START ifname=lo")
612 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
613 if ev is None:
614 raise Exception("AP discovery timed out")
615 if ap_uuid not in ev:
616 raise Exception("Expected AP UUID not found")
617
618 logger.info("Learn AP configuration through UPnP")
619 dev[0].dump_monitor()
620 dev[0].request("WPS_ER_LEARN " + ap_uuid + " " + ap_pin)
621 ev = dev[0].wait_event(["WPS-ER-AP-SETTINGS"], timeout=15)
622 if ev is None:
623 raise Exception("AP learn timed out")
624 if ap_uuid not in ev:
625 raise Exception("Expected AP UUID not in settings")
626 if "ssid=" + ssid not in ev:
627 raise Exception("Expected SSID not in settings")
628 if "key=" + new_passphrase not in ev:
629 raise Exception("Expected passphrase not in settings")
630
631 logger.info("Add Enrollee using ER")
632 pin = dev[1].wps_read_pin()
633 dev[0].dump_monitor()
634 dev[0].request("WPS_ER_PIN any " + pin + " " + dev[1].p2p_interface_addr())
6edaee9c
JM		 635 dev[1].dump_monitor()
636 dev[1].request("WPS_PIN any " + pin)
846be889 637 ev = dev[1].wait_event(["WPS-SUCCESS"], timeout=30)
6edaee9c
JM		 638 if ev is None:
639 raise Exception("Enrollee did not report success")
640 ev = dev[1].wait_event(["CTRL-EVENT-CONNECTED"], timeout=15)
641 if ev is None:
642 raise Exception("Association with the AP timed out")
643 ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15)
644 if ev is None:
645 raise Exception("WPS ER did not report success")
646 hwsim_utils.test_connectivity_sta(dev[0], dev[1])
647
38ae43de
JM		 648 logger.info("Verify registrar selection behavior")
649 dev[0].request("WPS_ER_PIN any " + pin + " " + dev[1].p2p_interface_addr())
650 dev[1].request("DISCONNECT")
651 dev[1].wait_event(["CTRL-EVENT-DISCONNECTED"])
652 dev[1].scan(freq="2412")
653 bss = dev[1].get_bss(apdev[0]['bssid'])
654 if "[WPS-AUTH]" not in bss['flags']:
655 raise Exception("WPS-AUTH flag missing")
656
657 logger.info("Stop ER")
658 dev[0].dump_monitor()
659 dev[0].request("WPS_ER_STOP")
660 ev = dev[0].wait_event(["WPS-ER-AP-REMOVE"])
661 if ev is None:
662 raise Exception("WPS ER unsubscription timed out")
8697cbc0
JM		 663 # It takes some time for the UPnP UNSUBSCRIBE command to go through, so wait
664 # a bit before verifying that the scan results have change.
665 time.sleep(0.2)
38ae43de
JM		 666
667 dev[1].scan(freq="2412")
668 bss = dev[1].get_bss(apdev[0]['bssid'])
669 if "[WPS-AUTH]" in bss['flags']:
670 raise Exception("WPS-AUTH flag not removed")
671
6edaee9c
JM		 672def test_ap_wps_er_add_enrollee_pbc(dev, apdev):
673 """WPS ER connected to AP and adding a new enrollee using PBC"""
674 ssid = "wps-er-add-enrollee-pbc"
675 ap_pin = "12345670"
676 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
677 hostapd.add_ap(apdev[0]['ifname'],
678 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
679 "wpa_passphrase": "12345678", "wpa": "2",
680 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
681 "device_name": "Wireless AP", "manufacturer": "Company",
682 "model_name": "WAP", "model_number": "123",
683 "serial_number": "12345", "device_type": "6-0050F204-1",
684 "os_version": "01020300",
685 "config_methods": "label push_button",
686 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"})
687 logger.info("Learn AP configuration")
688 dev[0].dump_monitor()
6edaee9c
JM		 689 dev[0].wps_reg(apdev[0]['bssid'], ap_pin)
690 status = dev[0].get_status()
691 if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
692 raise Exception("Not fully connected")
693
694 logger.info("Start ER")
695 dev[0].request("WPS_ER_START ifname=lo")
696 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
697 if ev is None:
698 raise Exception("AP discovery timed out")
699 if ap_uuid not in ev:
700 raise Exception("Expected AP UUID not found")
701
702 logger.info("Use learned network configuration on ER")
703 dev[0].request("WPS_ER_SET_CONFIG " + ap_uuid + " 0")
704
705 logger.info("Add Enrollee using ER and PBC")
706 dev[0].dump_monitor()
707 enrollee = dev[1].p2p_interface_addr()
6edaee9c
JM		 708 dev[1].dump_monitor()
709 dev[1].request("WPS_PBC")
710
8674c022
JM		 711 for i in range(0, 2):
712 ev = dev[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout=15)
713 if ev is None:
714 raise Exception("Enrollee discovery timed out")
715 if enrollee in ev:
716 break
717 if i == 1:
718 raise Exception("Expected Enrollee not found")
6edaee9c
JM		 719 dev[0].request("WPS_ER_PBC " + enrollee)
720
721 ev = dev[1].wait_event(["WPS-SUCCESS"], timeout=15)
722 if ev is None:
723 raise Exception("Enrollee did not report success")
724 ev = dev[1].wait_event(["CTRL-EVENT-CONNECTED"], timeout=15)
725 if ev is None:
726 raise Exception("Association with the AP timed out")
727 ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15)
728 if ev is None:
729 raise Exception("WPS ER did not report success")
730 hwsim_utils.test_connectivity_sta(dev[0], dev[1])
bff3ac5b 731
800bcf4e
JM		 732 # verify BSSID selection of the AP instead of UUID
733 if "FAIL" in dev[0].request("WPS_ER_SET_CONFIG " + apdev[0]['bssid'] + " 0"):
734 raise Exception("Could not select AP based on BSSID")
735
be923570
JM		 736def test_ap_wps_er_config_ap(dev, apdev):
737 """WPS ER configuring AP over UPnP"""
738 ssid = "wps-er-ap-config"
739 ap_pin = "12345670"
740 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
741 hostapd.add_ap(apdev[0]['ifname'],
742 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
743 "wpa_passphrase": "12345678", "wpa": "2",
744 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
745 "device_name": "Wireless AP", "manufacturer": "Company",
746 "model_name": "WAP", "model_number": "123",
747 "serial_number": "12345", "device_type": "6-0050F204-1",
748 "os_version": "01020300",
749 "config_methods": "label push_button",
750 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"})
751
752 logger.info("Connect ER to the AP")
753 dev[0].connect(ssid, psk="12345678", scan_freq="2412")
754
755 logger.info("WPS configuration step")
756 dev[0].request("WPS_ER_START ifname=lo")
757 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
758 if ev is None:
759 raise Exception("AP discovery timed out")
760 if ap_uuid not in ev:
761 raise Exception("Expected AP UUID not found")
762 new_passphrase = "1234567890"
763 dev[0].request("WPS_ER_CONFIG " + apdev[0]['bssid'] + " " + ap_pin + " " +
764 ssid.encode("hex") + " WPA2PSK CCMP " +
765 new_passphrase.encode("hex"))
766 ev = dev[0].wait_event(["WPS-SUCCESS"])
767 if ev is None:
768 raise Exception("WPS ER configuration operation timed out")
769 dev[1].wait_event(["CTRL-EVENT-DISCONNECTED"])
770 dev[0].connect(ssid, psk="1234567890", scan_freq="2412")
771
bff3ac5b
JM		 772def test_ap_wps_fragmentation(dev, apdev):
773 """WPS with fragmentation in EAP-WSC and mixed mode WPA+WPA2"""
774 ssid = "test-wps-fragmentation"
775 hostapd.add_ap(apdev[0]['ifname'],
776 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
777 "wpa_passphrase": "12345678", "wpa": "3",
778 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
779 "wpa_pairwise": "TKIP",
780 "fragment_size": "50" })
781 hapd = hostapd.Hostapd(apdev[0]['ifname'])
782 logger.info("WPS provisioning step")
783 hapd.request("WPS_PBC")
bff3ac5b
JM		 784 dev[0].dump_monitor()
785 dev[0].request("SET wps_fragment_size 50")
786 dev[0].request("WPS_PBC")
787 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=30)
788 if ev is None:
789 raise Exception("Association with the AP timed out")
790 status = dev[0].get_status()
791 if status['wpa_state'] != 'COMPLETED':
792 raise Exception("Not fully connected")
793 if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'TKIP':
794 raise Exception("Unexpected encryption configuration")
795 if status['key_mgmt'] != 'WPA2-PSK':
796 raise Exception("Unexpected key_mgmt")
10ea6848
JM		 797
798def test_ap_wps_new_version_sta(dev, apdev):
799 """WPS compatibility with new version number on the station"""
800 ssid = "test-wps-ver"
801 hostapd.add_ap(apdev[0]['ifname'],
802 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
803 "wpa_passphrase": "12345678", "wpa": "2",
804 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP" })
805 hapd = hostapd.Hostapd(apdev[0]['ifname'])
806 logger.info("WPS provisioning step")
807 hapd.request("WPS_PBC")
10ea6848
JM		 808 dev[0].dump_monitor()
809 dev[0].request("SET wps_version_number 0x43")
810 dev[0].request("WPS_PBC")
811 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=30)
812 if ev is None:
813 raise Exception("Association with the AP timed out")
814
815def test_ap_wps_new_version_ap(dev, apdev):
816 """WPS compatibility with new version number on the AP"""
817 ssid = "test-wps-ver"
818 hostapd.add_ap(apdev[0]['ifname'],
819 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
820 "wpa_passphrase": "12345678", "wpa": "2",
821 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP" })
822 hapd = hostapd.Hostapd(apdev[0]['ifname'])
823 logger.info("WPS provisioning step")
824 if "FAIL" in hapd.request("SET wps_version_number 0x43"):
825 raise Exception("Failed to enable test functionality")
826 hapd.request("WPS_PBC")
10ea6848
JM		 827 dev[0].dump_monitor()
828 dev[0].request("WPS_PBC")
829 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=30)
830 hapd.request("SET wps_version_number 0x20")
831 if ev is None:
832 raise Exception("Association with the AP timed out")
3bdf7d7f
JM		 833
834def test_ap_wps_check_pin(dev, apdev):
835 """Verify PIN checking through control interface"""
836 hostapd.add_ap(apdev[0]['ifname'],
837 { "ssid": "wps", "eap_server": "1", "wps_state": "2",
838 "wpa_passphrase": "12345678", "wpa": "2",
839 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP" })
840 hapd = hostapd.Hostapd(apdev[0]['ifname'])
841 for t in [ ("12345670", "12345670"),
842 ("12345678", "FAIL-CHECKSUM"),
843 ("1234-5670", "12345670"),
844 ("1234 5670", "12345670"),
845 ("1-2.3:4 5670", "12345670") ]:
846 res = hapd.request("WPS_CHECK_PIN " + t[0]).rstrip('\n')
847 res2 = dev[0].request("WPS_CHECK_PIN " + t[0]).rstrip('\n')
848 if res != res2:
849 raise Exception("Unexpected difference in WPS_CHECK_PIN responses")
850 if res != t[1]:
851 raise Exception("Incorrect WPS_CHECK_PIN response {} (expected {})".format(res, t[1]))
9ba1fcb0
JM		 852
853def test_ap_wps_wep_config(dev, apdev):
854 """WPS 2.0 AP rejecting WEP configuration"""
855 ssid = "test-wps-config"
856 appin = "12345670"
857 hostapd.add_ap(apdev[0]['ifname'],
858 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
859 "ap_pin": appin})
860 hapd = hostapd.Hostapd(apdev[0]['ifname'])
861 dev[0].wps_reg(apdev[0]['bssid'], appin, "wps-new-ssid-wep", "OPEN", "WEP",
862 "hello", no_wait=True)
863 ev = hapd.wait_event(["WPS-FAIL"], timeout=15)
864 if ev is None:
865 raise Exception("WPS-FAIL timed out")
866 if "reason=2" not in ev:
867 raise Exception("Unexpected reason code in WPS-FAIL")
868 status = hapd.request("WPS_GET_STATUS")
869 if "Last WPS result: Failed" not in status:
870 raise Exception("WPS failure result not shown correctly")
871 if "Failure Reason: WEP Prohibited" not in status:
872 raise Exception("Failure reason not reported correctly")
873 if "Peer Address: " + dev[0].p2p_interface_addr() not in status:
874 raise Exception("Peer address not shown correctly")
Unnamed repository; edit this file 'description' to name the repository.