]>
Commit | Line | Data |
---|---|---|
302b7a1b JM |
1 | #!/usr/bin/python |
2 | # | |
3 | # WPS tests | |
4 | # Copyright (c) 2013, Jouni Malinen <j@w1.fi> | |
5 | # | |
6 | # This software may be distributed under the terms of the BSD license. | |
7 | # See README for more details. | |
8 | ||
9 | import time | |
10 | import subprocess | |
11 | import logging | |
c9aa4308 | 12 | logger = logging.getLogger() |
302b7a1b JM |
13 | |
14 | import hwsim_utils | |
15 | import hostapd | |
16 | ||
ae3ad328 | 17 | def test_ap_wps_init(dev, apdev): |
302b7a1b JM |
18 | """Initial AP configuration with first WPS Enrollee""" |
19 | ssid = "test-wps" | |
ae3ad328 | 20 | hostapd.add_ap(apdev[0]['ifname'], |
302b7a1b | 21 | { "ssid": ssid, "eap_server": "1", "wps_state": "1" }) |
ae3ad328 | 22 | hapd = hostapd.Hostapd(apdev[0]['ifname']) |
302b7a1b JM |
23 | logger.info("WPS provisioning step") |
24 | hapd.request("WPS_PBC") | |
6dacb8e9 | 25 | dev[0].request("SET ignore_old_scan_res 1") |
302b7a1b JM |
26 | dev[0].dump_monitor() |
27 | dev[0].request("WPS_PBC") | |
853b49a0 | 28 | ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=30) |
302b7a1b JM |
29 | if ev is None: |
30 | raise Exception("Association with the AP timed out") | |
31 | status = dev[0].get_status() | |
ae3ad328 | 32 | if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']: |
302b7a1b JM |
33 | raise Exception("Not fully connected") |
34 | if status['ssid'] != ssid: | |
35 | raise Exception("Unexpected SSID") | |
36 | if status['pairwise_cipher'] != 'CCMP': | |
37 | raise Exception("Unexpected encryption configuration") | |
38 | if status['key_mgmt'] != 'WPA2-PSK': | |
39 | raise Exception("Unexpected key_mgmt") | |
40 | ||
ae3ad328 | 41 | def test_ap_wps_conf(dev, apdev): |
302b7a1b JM |
42 | """WPS PBC provisioning with configured AP""" |
43 | ssid = "test-wps-conf" | |
ae3ad328 | 44 | hostapd.add_ap(apdev[0]['ifname'], |
302b7a1b JM |
45 | { "ssid": ssid, "eap_server": "1", "wps_state": "2", |
46 | "wpa_passphrase": "12345678", "wpa": "2", | |
47 | "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"}) | |
ae3ad328 | 48 | hapd = hostapd.Hostapd(apdev[0]['ifname']) |
302b7a1b JM |
49 | logger.info("WPS provisioning step") |
50 | hapd.request("WPS_PBC") | |
51 | dev[0].dump_monitor() | |
52 | dev[0].request("WPS_PBC") | |
7e3f110b | 53 | ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=30) |
302b7a1b JM |
54 | if ev is None: |
55 | raise Exception("Association with the AP timed out") | |
56 | status = dev[0].get_status() | |
ae3ad328 | 57 | if status['wpa_state'] != 'COMPLETED': |
302b7a1b | 58 | raise Exception("Not fully connected") |
ae3ad328 JM |
59 | if status['bssid'] != apdev[0]['bssid']: |
60 | raise Exception("Unexpected BSSID") | |
302b7a1b JM |
61 | if status['ssid'] != ssid: |
62 | raise Exception("Unexpected SSID") | |
63 | if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'CCMP': | |
64 | raise Exception("Unexpected encryption configuration") | |
65 | if status['key_mgmt'] != 'WPA2-PSK': | |
66 | raise Exception("Unexpected key_mgmt") | |
67 | ||
04e62788 JM |
68 | def test_ap_wps_twice(dev, apdev): |
69 | """WPS provisioning with twice to change passphrase""" | |
70 | ssid = "test-wps-twice" | |
71 | params = { "ssid": ssid, "eap_server": "1", "wps_state": "2", | |
72 | "wpa_passphrase": "12345678", "wpa": "2", | |
73 | "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP" } | |
74 | hostapd.add_ap(apdev[0]['ifname'], params) | |
75 | hapd = hostapd.Hostapd(apdev[0]['ifname']) | |
76 | logger.info("WPS provisioning step") | |
77 | hapd.request("WPS_PBC") | |
78 | dev[0].request("SET ignore_old_scan_res 1") | |
79 | dev[0].dump_monitor() | |
80 | dev[0].request("WPS_PBC") | |
81 | ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=30) | |
82 | if ev is None: | |
83 | raise Exception("Association with the AP timed out") | |
84 | dev[0].request("DISCONNECT") | |
85 | ||
86 | logger.info("Restart AP with different passphrase and re-run WPS") | |
87 | hapd_global = hostapd.HostapdGlobal() | |
88 | hapd_global.remove(apdev[0]['ifname']) | |
89 | params['wpa_passphrase'] = 'another passphrase' | |
90 | hostapd.add_ap(apdev[0]['ifname'], params) | |
91 | hapd = hostapd.Hostapd(apdev[0]['ifname']) | |
92 | logger.info("WPS provisioning step") | |
93 | hapd.request("WPS_PBC") | |
94 | dev[0].dump_monitor() | |
95 | dev[0].request("WPS_PBC") | |
96 | ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=30) | |
97 | if ev is None: | |
98 | raise Exception("Association with the AP timed out") | |
99 | networks = dev[0].list_networks() | |
100 | if len(networks) > 1: | |
101 | raise Exception("Unexpected duplicated network block present") | |
102 | ||
ae3ad328 | 103 | def test_ap_wps_conf_pin(dev, apdev): |
302b7a1b JM |
104 | """WPS PIN provisioning with configured AP""" |
105 | ssid = "test-wps-conf-pin" | |
ae3ad328 | 106 | hostapd.add_ap(apdev[0]['ifname'], |
302b7a1b JM |
107 | { "ssid": ssid, "eap_server": "1", "wps_state": "2", |
108 | "wpa_passphrase": "12345678", "wpa": "2", | |
109 | "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"}) | |
ae3ad328 | 110 | hapd = hostapd.Hostapd(apdev[0]['ifname']) |
302b7a1b JM |
111 | logger.info("WPS provisioning step") |
112 | pin = dev[0].wps_read_pin() | |
113 | hapd.request("WPS_PIN any " + pin) | |
6dacb8e9 | 114 | dev[0].request("SET ignore_old_scan_res 1") |
302b7a1b JM |
115 | dev[0].dump_monitor() |
116 | dev[0].request("WPS_PIN any " + pin) | |
7e3f110b | 117 | ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=30) |
302b7a1b JM |
118 | if ev is None: |
119 | raise Exception("Association with the AP timed out") | |
120 | status = dev[0].get_status() | |
ae3ad328 | 121 | if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']: |
302b7a1b JM |
122 | raise Exception("Not fully connected") |
123 | if status['ssid'] != ssid: | |
124 | raise Exception("Unexpected SSID") | |
125 | if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'CCMP': | |
126 | raise Exception("Unexpected encryption configuration") | |
127 | if status['key_mgmt'] != 'WPA2-PSK': | |
128 | raise Exception("Unexpected key_mgmt") | |
129 | ||
ae3ad328 | 130 | def test_ap_wps_reg_connect(dev, apdev): |
302b7a1b | 131 | """WPS registrar using AP PIN to connect""" |
803edd1c | 132 | ssid = "test-wps-reg-ap-pin" |
302b7a1b | 133 | appin = "12345670" |
ae3ad328 | 134 | hostapd.add_ap(apdev[0]['ifname'], |
302b7a1b JM |
135 | { "ssid": ssid, "eap_server": "1", "wps_state": "2", |
136 | "wpa_passphrase": "12345678", "wpa": "2", | |
137 | "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP", | |
138 | "ap_pin": appin}) | |
139 | logger.info("WPS provisioning step") | |
803edd1c | 140 | dev[0].request("SET ignore_old_scan_res 1") |
302b7a1b | 141 | dev[0].dump_monitor() |
6edaee9c | 142 | dev[0].wps_reg(apdev[0]['bssid'], appin) |
302b7a1b | 143 | status = dev[0].get_status() |
ae3ad328 | 144 | if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']: |
302b7a1b JM |
145 | raise Exception("Not fully connected") |
146 | if status['ssid'] != ssid: | |
147 | raise Exception("Unexpected SSID") | |
148 | if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'CCMP': | |
149 | raise Exception("Unexpected encryption configuration") | |
150 | if status['key_mgmt'] != 'WPA2-PSK': | |
151 | raise Exception("Unexpected key_mgmt") | |
152 | ||
ae3ad328 | 153 | def test_ap_wps_reg_config(dev, apdev): |
302b7a1b JM |
154 | """WPS registrar configuring and AP using AP PIN""" |
155 | ssid = "test-wps-init-ap-pin" | |
156 | appin = "12345670" | |
ae3ad328 | 157 | hostapd.add_ap(apdev[0]['ifname'], |
302b7a1b JM |
158 | { "ssid": ssid, "eap_server": "1", "wps_state": "2", |
159 | "ap_pin": appin}) | |
160 | logger.info("WPS configuration step") | |
803edd1c | 161 | dev[0].request("SET ignore_old_scan_res 1") |
302b7a1b JM |
162 | dev[0].dump_monitor() |
163 | new_ssid = "wps-new-ssid" | |
164 | new_passphrase = "1234567890" | |
6edaee9c JM |
165 | dev[0].wps_reg(apdev[0]['bssid'], appin, new_ssid, "WPA2PSK", "CCMP", |
166 | new_passphrase) | |
302b7a1b | 167 | status = dev[0].get_status() |
ae3ad328 | 168 | if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']: |
302b7a1b JM |
169 | raise Exception("Not fully connected") |
170 | if status['ssid'] != new_ssid: | |
171 | raise Exception("Unexpected SSID") | |
172 | if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'CCMP': | |
173 | raise Exception("Unexpected encryption configuration") | |
174 | if status['key_mgmt'] != 'WPA2-PSK': | |
175 | raise Exception("Unexpected key_mgmt") | |
176 | ||
ae3ad328 | 177 | def test_ap_wps_pbc_overlap_2ap(dev, apdev): |
302b7a1b | 178 | """WPS PBC session overlap with two active APs""" |
ae3ad328 | 179 | hostapd.add_ap(apdev[0]['ifname'], |
302b7a1b JM |
180 | { "ssid": "wps1", "eap_server": "1", "wps_state": "2", |
181 | "wpa_passphrase": "12345678", "wpa": "2", | |
182 | "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP", | |
183 | "wps_independent": "1"}) | |
ae3ad328 | 184 | hostapd.add_ap(apdev[1]['ifname'], |
302b7a1b JM |
185 | { "ssid": "wps2", "eap_server": "1", "wps_state": "2", |
186 | "wpa_passphrase": "123456789", "wpa": "2", | |
187 | "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP", | |
188 | "wps_independent": "1"}) | |
ae3ad328 | 189 | hapd = hostapd.Hostapd(apdev[0]['ifname']) |
302b7a1b | 190 | hapd.request("WPS_PBC") |
ae3ad328 | 191 | hapd2 = hostapd.Hostapd(apdev[1]['ifname']) |
302b7a1b JM |
192 | hapd2.request("WPS_PBC") |
193 | logger.info("WPS provisioning step") | |
194 | dev[0].dump_monitor() | |
195 | dev[0].request("WPS_PBC") | |
196 | ev = dev[0].wait_event(["WPS-OVERLAP-DETECTED"], timeout=15) | |
197 | if ev is None: | |
198 | raise Exception("PBC session overlap not detected") | |
199 | ||
ae3ad328 | 200 | def test_ap_wps_pbc_overlap_2sta(dev, apdev): |
302b7a1b JM |
201 | """WPS PBC session overlap with two active STAs""" |
202 | ssid = "test-wps-pbc-overlap" | |
ae3ad328 | 203 | hostapd.add_ap(apdev[0]['ifname'], |
302b7a1b JM |
204 | { "ssid": ssid, "eap_server": "1", "wps_state": "2", |
205 | "wpa_passphrase": "12345678", "wpa": "2", | |
206 | "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"}) | |
ae3ad328 | 207 | hapd = hostapd.Hostapd(apdev[0]['ifname']) |
302b7a1b JM |
208 | logger.info("WPS provisioning step") |
209 | hapd.request("WPS_PBC") | |
803edd1c | 210 | dev[0].request("SET ignore_old_scan_res 1") |
803edd1c | 211 | dev[1].request("SET ignore_old_scan_res 1") |
302b7a1b JM |
212 | dev[0].dump_monitor() |
213 | dev[1].dump_monitor() | |
214 | dev[0].request("WPS_PBC") | |
215 | dev[1].request("WPS_PBC") | |
216 | ev = dev[0].wait_event(["WPS-M2D"], timeout=15) | |
217 | if ev is None: | |
218 | raise Exception("PBC session overlap not detected (dev0)") | |
219 | if "config_error=12" not in ev: | |
220 | raise Exception("PBC session overlap not correctly reported (dev0)") | |
221 | ev = dev[1].wait_event(["WPS-M2D"], timeout=15) | |
222 | if ev is None: | |
223 | raise Exception("PBC session overlap not detected (dev1)") | |
224 | if "config_error=12" not in ev: | |
225 | raise Exception("PBC session overlap not correctly reported (dev1)") | |
6edaee9c JM |
226 | |
227 | def test_ap_wps_er_add_enrollee(dev, apdev): | |
228 | """WPS ER configuring AP and adding a new enrollee using PIN""" | |
229 | ssid = "wps-er-add-enrollee" | |
230 | ap_pin = "12345670" | |
231 | ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e" | |
232 | hostapd.add_ap(apdev[0]['ifname'], | |
233 | { "ssid": ssid, "eap_server": "1", "wps_state": "1", | |
234 | "device_name": "Wireless AP", "manufacturer": "Company", | |
235 | "model_name": "WAP", "model_number": "123", | |
236 | "serial_number": "12345", "device_type": "6-0050F204-1", | |
237 | "os_version": "01020300", | |
238 | "config_methods": "label push_button", | |
239 | "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"}) | |
240 | logger.info("WPS configuration step") | |
241 | new_passphrase = "1234567890" | |
242 | dev[0].dump_monitor() | |
243 | dev[0].request("SET ignore_old_scan_res 1") | |
244 | dev[0].wps_reg(apdev[0]['bssid'], ap_pin, ssid, "WPA2PSK", "CCMP", | |
245 | new_passphrase) | |
246 | status = dev[0].get_status() | |
247 | if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']: | |
248 | raise Exception("Not fully connected") | |
249 | if status['ssid'] != ssid: | |
250 | raise Exception("Unexpected SSID") | |
251 | if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'CCMP': | |
252 | raise Exception("Unexpected encryption configuration") | |
253 | if status['key_mgmt'] != 'WPA2-PSK': | |
254 | raise Exception("Unexpected key_mgmt") | |
255 | ||
256 | logger.info("Start ER") | |
257 | dev[0].request("WPS_ER_START ifname=lo") | |
258 | ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15) | |
259 | if ev is None: | |
260 | raise Exception("AP discovery timed out") | |
261 | if ap_uuid not in ev: | |
262 | raise Exception("Expected AP UUID not found") | |
263 | ||
264 | logger.info("Learn AP configuration through UPnP") | |
265 | dev[0].dump_monitor() | |
266 | dev[0].request("WPS_ER_LEARN " + ap_uuid + " " + ap_pin) | |
267 | ev = dev[0].wait_event(["WPS-ER-AP-SETTINGS"], timeout=15) | |
268 | if ev is None: | |
269 | raise Exception("AP learn timed out") | |
270 | if ap_uuid not in ev: | |
271 | raise Exception("Expected AP UUID not in settings") | |
272 | if "ssid=" + ssid not in ev: | |
273 | raise Exception("Expected SSID not in settings") | |
274 | if "key=" + new_passphrase not in ev: | |
275 | raise Exception("Expected passphrase not in settings") | |
276 | ||
277 | logger.info("Add Enrollee using ER") | |
278 | pin = dev[1].wps_read_pin() | |
279 | dev[0].dump_monitor() | |
280 | dev[0].request("WPS_ER_PIN any " + pin + " " + dev[1].p2p_interface_addr()) | |
281 | dev[1].request("SET ignore_old_scan_res 1") | |
282 | dev[1].dump_monitor() | |
283 | dev[1].request("WPS_PIN any " + pin) | |
846be889 | 284 | ev = dev[1].wait_event(["WPS-SUCCESS"], timeout=30) |
6edaee9c JM |
285 | if ev is None: |
286 | raise Exception("Enrollee did not report success") | |
287 | ev = dev[1].wait_event(["CTRL-EVENT-CONNECTED"], timeout=15) | |
288 | if ev is None: | |
289 | raise Exception("Association with the AP timed out") | |
290 | ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15) | |
291 | if ev is None: | |
292 | raise Exception("WPS ER did not report success") | |
293 | hwsim_utils.test_connectivity_sta(dev[0], dev[1]) | |
294 | ||
295 | def test_ap_wps_er_add_enrollee_pbc(dev, apdev): | |
296 | """WPS ER connected to AP and adding a new enrollee using PBC""" | |
297 | ssid = "wps-er-add-enrollee-pbc" | |
298 | ap_pin = "12345670" | |
299 | ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e" | |
300 | hostapd.add_ap(apdev[0]['ifname'], | |
301 | { "ssid": ssid, "eap_server": "1", "wps_state": "2", | |
302 | "wpa_passphrase": "12345678", "wpa": "2", | |
303 | "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP", | |
304 | "device_name": "Wireless AP", "manufacturer": "Company", | |
305 | "model_name": "WAP", "model_number": "123", | |
306 | "serial_number": "12345", "device_type": "6-0050F204-1", | |
307 | "os_version": "01020300", | |
308 | "config_methods": "label push_button", | |
309 | "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"}) | |
310 | logger.info("Learn AP configuration") | |
311 | dev[0].dump_monitor() | |
312 | dev[0].request("SET ignore_old_scan_res 1") | |
313 | dev[0].wps_reg(apdev[0]['bssid'], ap_pin) | |
314 | status = dev[0].get_status() | |
315 | if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']: | |
316 | raise Exception("Not fully connected") | |
317 | ||
318 | logger.info("Start ER") | |
319 | dev[0].request("WPS_ER_START ifname=lo") | |
320 | ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15) | |
321 | if ev is None: | |
322 | raise Exception("AP discovery timed out") | |
323 | if ap_uuid not in ev: | |
324 | raise Exception("Expected AP UUID not found") | |
325 | ||
326 | logger.info("Use learned network configuration on ER") | |
327 | dev[0].request("WPS_ER_SET_CONFIG " + ap_uuid + " 0") | |
328 | ||
329 | logger.info("Add Enrollee using ER and PBC") | |
330 | dev[0].dump_monitor() | |
331 | enrollee = dev[1].p2p_interface_addr() | |
332 | dev[1].request("SET ignore_old_scan_res 1") | |
333 | dev[1].dump_monitor() | |
334 | dev[1].request("WPS_PBC") | |
335 | ||
336 | ev = dev[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout=15) | |
337 | if ev is None: | |
338 | raise Exception("Enrollee discovery timed out") | |
339 | if enrollee not in ev: | |
340 | raise Exception("Expected Enrollee not found") | |
341 | dev[0].request("WPS_ER_PBC " + enrollee) | |
342 | ||
343 | ev = dev[1].wait_event(["WPS-SUCCESS"], timeout=15) | |
344 | if ev is None: | |
345 | raise Exception("Enrollee did not report success") | |
346 | ev = dev[1].wait_event(["CTRL-EVENT-CONNECTED"], timeout=15) | |
347 | if ev is None: | |
348 | raise Exception("Association with the AP timed out") | |
349 | ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15) | |
350 | if ev is None: | |
351 | raise Exception("WPS ER did not report success") | |
352 | hwsim_utils.test_connectivity_sta(dev[0], dev[1]) | |
bff3ac5b JM |
353 | |
354 | def test_ap_wps_fragmentation(dev, apdev): | |
355 | """WPS with fragmentation in EAP-WSC and mixed mode WPA+WPA2""" | |
356 | ssid = "test-wps-fragmentation" | |
357 | hostapd.add_ap(apdev[0]['ifname'], | |
358 | { "ssid": ssid, "eap_server": "1", "wps_state": "2", | |
359 | "wpa_passphrase": "12345678", "wpa": "3", | |
360 | "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP", | |
361 | "wpa_pairwise": "TKIP", | |
362 | "fragment_size": "50" }) | |
363 | hapd = hostapd.Hostapd(apdev[0]['ifname']) | |
364 | logger.info("WPS provisioning step") | |
365 | hapd.request("WPS_PBC") | |
366 | dev[0].request("SET ignore_old_scan_res 1") | |
367 | dev[0].dump_monitor() | |
368 | dev[0].request("SET wps_fragment_size 50") | |
369 | dev[0].request("WPS_PBC") | |
370 | ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=30) | |
371 | if ev is None: | |
372 | raise Exception("Association with the AP timed out") | |
373 | status = dev[0].get_status() | |
374 | if status['wpa_state'] != 'COMPLETED': | |
375 | raise Exception("Not fully connected") | |
376 | if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'TKIP': | |
377 | raise Exception("Unexpected encryption configuration") | |
378 | if status['key_mgmt'] != 'WPA2-PSK': | |
379 | raise Exception("Unexpected key_mgmt") |