]> git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_ap_hs20.py
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tests: auto_interworking=1
[thirdparty/hostap.git] / tests / hwsim / test_ap_hs20.py
1 # Hotspot 2.0 tests
2 # Copyright (c) 2013-2014, Jouni Malinen <j@w1.fi>
3 #
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
6
7 import time
8 import subprocess
9 import logging
10 logger = logging.getLogger()
11 import os
12 import os.path
13 import subprocess
14
15 import hostapd
16 from wlantest import Wlantest
17 from wpasupplicant import WpaSupplicant
18
19 def hs20_ap_params(ssid="test-hs20"):
20 params = hostapd.wpa2_params(ssid=ssid)
21 params['wpa_key_mgmt'] = "WPA-EAP"
22 params['ieee80211w'] = "1"
23 params['ieee8021x'] = "1"
24 params['auth_server_addr'] = "127.0.0.1"
25 params['auth_server_port'] = "1812"
26 params['auth_server_shared_secret'] = "radius"
27 params['interworking'] = "1"
28 params['access_network_type'] = "14"
29 params['internet'] = "1"
30 params['asra'] = "0"
31 params['esr'] = "0"
32 params['uesa'] = "0"
33 params['venue_group'] = "7"
34 params['venue_type'] = "1"
35 params['venue_name'] = [ "eng:Example venue", "fin:Esimerkkipaikka" ]
36 params['roaming_consortium'] = [ "112233", "1020304050", "010203040506",
37 "fedcba" ]
38 params['domain_name'] = "example.com,another.example.com"
39 params['nai_realm'] = [ "0,example.com,13[5:6],21[2:4][5:7]",
40 "0,another.example.com" ]
41 params['hs20'] = "1"
42 params['hs20_wan_metrics'] = "01:8000:1000:80:240:3000"
43 params['hs20_conn_capab'] = [ "1:0:2", "6:22:1", "17:5060:0" ]
44 params['hs20_operating_class'] = "5173"
45 params['anqp_3gpp_cell_net'] = "244,91"
46 return params
47
48 def check_auto_select(dev, bssid):
49 dev.request("INTERWORKING_SELECT auto freq=2412")
50 ev = dev.wait_event(["CTRL-EVENT-CONNECTED"], timeout=15)
51 if ev is None:
52 raise Exception("Connection timed out")
53 if bssid not in ev:
54 raise Exception("Connected to incorrect network")
55 dev.request("REMOVE_NETWORK all")
56
57 def interworking_select(dev, bssid, type=None, no_match=False, freq=None):
58 dev.dump_monitor()
59 freq_extra = " freq=" + freq if freq else ""
60 dev.request("INTERWORKING_SELECT" + freq_extra)
61 ev = dev.wait_event(["INTERWORKING-AP", "INTERWORKING-NO-MATCH"],
62 timeout=15)
63 if ev is None:
64 raise Exception("Network selection timed out");
65 if no_match:
66 if "INTERWORKING-NO-MATCH" not in ev:
67 raise Exception("Unexpected network match")
68 return
69 if "INTERWORKING-NO-MATCH" in ev:
70 raise Exception("Matching network not found")
71 if bssid and bssid not in ev:
72 raise Exception("Unexpected BSSID in match")
73 if type and "type=" + type not in ev:
74 raise Exception("Network type not recognized correctly")
75
76 def check_sp_type(dev, sp_type):
77 type = dev.get_status_field("sp_type")
78 if type is None:
79 raise Exception("sp_type not available")
80 if type != sp_type:
81 raise Exception("sp_type did not indicate home network")
82
83 def hlr_auc_gw_available():
84 if not os.path.exists("/tmp/hlr_auc_gw.sock"):
85 logger.info("No hlr_auc_gw available");
86 return False
87 if not os.path.exists("../../hostapd/hlr_auc_gw"):
88 logger.info("No hlr_auc_gw available");
89 return False
90 return True
91
92 def interworking_ext_sim_connect(dev, bssid, method):
93 dev.request("INTERWORKING_CONNECT " + bssid)
94 interworking_ext_sim_auth(dev, method)
95
96 def interworking_ext_sim_auth(dev, method):
97 ev = dev.wait_event(["CTRL-EVENT-EAP-METHOD"], timeout=15)
98 if ev is None:
99 raise Exception("Network connected timed out")
100 if "(" + method + ")" not in ev:
101 raise Exception("Unexpected EAP method selection")
102
103 ev = dev.wait_event(["CTRL-REQ-SIM"], timeout=15)
104 if ev is None:
105 raise Exception("Wait for external SIM processing request timed out")
106 p = ev.split(':', 2)
107 if p[1] != "GSM-AUTH":
108 raise Exception("Unexpected CTRL-REQ-SIM type")
109 id = p[0].split('-')[3]
110 rand = p[2].split(' ')[0]
111
112 res = subprocess.check_output(["../../hostapd/hlr_auc_gw",
113 "-m",
114 "auth_serv/hlr_auc_gw.milenage_db",
115 "GSM-AUTH-REQ 232010000000000 " + rand])
116 if "GSM-AUTH-RESP" not in res:
117 raise Exception("Unexpected hlr_auc_gw response")
118 resp = res.split(' ')[2].rstrip()
119
120 dev.request("CTRL-RSP-SIM-" + id + ":GSM-AUTH:" + resp)
121 ev = dev.wait_event(["CTRL-EVENT-CONNECTED"], timeout=15)
122 if ev is None:
123 raise Exception("Connection timed out")
124
125 def interworking_connect(dev, bssid, method):
126 dev.request("INTERWORKING_CONNECT " + bssid)
127 interworking_auth(dev, method)
128
129 def interworking_auth(dev, method):
130 ev = dev.wait_event(["CTRL-EVENT-EAP-METHOD"], timeout=15)
131 if ev is None:
132 raise Exception("Network connected timed out")
133 if "(" + method + ")" not in ev:
134 raise Exception("Unexpected EAP method selection")
135
136 ev = dev.wait_event(["CTRL-EVENT-CONNECTED"], timeout=15)
137 if ev is None:
138 raise Exception("Connection timed out")
139
140 def check_probe_resp(wt, bssid_unexpected, bssid_expected):
141 if bssid_unexpected:
142 count = wt.get_bss_counter("probe_response", bssid_unexpected)
143 if count > 0:
144 raise Exception("Unexpected Probe Response frame from AP")
145
146 if bssid_expected:
147 count = wt.get_bss_counter("probe_response", bssid_expected)
148 if count == 0:
149 raise Exception("No Probe Response frame from AP")
150
151 def test_ap_anqp_sharing(dev, apdev):
152 """ANQP sharing within ESS and explicit unshare"""
153 bssid = apdev[0]['bssid']
154 params = hs20_ap_params()
155 params['hessid'] = bssid
156 hostapd.add_ap(apdev[0]['ifname'], params)
157
158 bssid2 = apdev[1]['bssid']
159 params = hs20_ap_params()
160 params['hessid'] = bssid
161 params['nai_realm'] = [ "0,example.com,13[5:6],21[2:4][5:7]" ]
162 hostapd.add_ap(apdev[1]['ifname'], params)
163
164 dev[0].hs20_enable()
165 id = dev[0].add_cred_values({ 'realm': "example.com", 'username': "test",
166 'password': "secret",
167 'domain': "example.com" })
168 logger.info("Normal network selection with shared ANQP results")
169 interworking_select(dev[0], None, "home", freq="2412")
170 dev[0].dump_monitor()
171
172 res1 = dev[0].get_bss(bssid)
173 res2 = dev[0].get_bss(bssid2)
174 if res1['anqp_nai_realm'] != res2['anqp_nai_realm']:
175 raise Exception("ANQP results were not shared between BSSes")
176
177 logger.info("Explicit ANQP request to unshare ANQP results")
178 dev[0].request("ANQP_GET " + bssid + " 263")
179 ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
180 if ev is None:
181 raise Exception("ANQP operation timed out")
182
183 dev[0].request("ANQP_GET " + bssid2 + " 263")
184 ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
185 if ev is None:
186 raise Exception("ANQP operation timed out")
187
188 res1 = dev[0].get_bss(bssid)
189 res2 = dev[0].get_bss(bssid2)
190 if res1['anqp_nai_realm'] == res2['anqp_nai_realm']:
191 raise Exception("ANQP results were not unshared")
192
193 def test_ap_nai_home_realm_query(dev, apdev):
194 """NAI Home Realm Query"""
195 bssid = apdev[0]['bssid']
196 params = hs20_ap_params()
197 params['nai_realm'] = [ "0,example.com,13[5:6],21[2:4][5:7]",
198 "0,another.example.org" ]
199 hostapd.add_ap(apdev[0]['ifname'], params)
200
201 dev[0].scan(freq="2412")
202 dev[0].request("HS20_GET_NAI_HOME_REALM_LIST " + bssid + " realm=example.com")
203 ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
204 if ev is None:
205 raise Exception("ANQP operation timed out")
206 nai1 = dev[0].get_bss(bssid)['anqp_nai_realm']
207 dev[0].dump_monitor()
208
209 dev[0].request("ANQP_GET " + bssid + " 263")
210 ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
211 if ev is None:
212 raise Exception("ANQP operation timed out")
213 nai2 = dev[0].get_bss(bssid)['anqp_nai_realm']
214
215 if len(nai1) >= len(nai2):
216 raise Exception("Unexpected NAI Realm list response lengths")
217 if "example.com".encode('hex') not in nai1:
218 raise Exception("Home realm not reported")
219 if "example.org".encode('hex') in nai1:
220 raise Exception("Non-home realm reported")
221 if "example.com".encode('hex') not in nai2:
222 raise Exception("Home realm not reported in wildcard query")
223 if "example.org".encode('hex') not in nai2:
224 raise Exception("Non-home realm not reported in wildcard query ")
225
226 def test_ap_interworking_scan_filtering(dev, apdev):
227 """Interworking scan filtering with HESSID and access network type"""
228 bssid = apdev[0]['bssid']
229 params = hs20_ap_params()
230 ssid = "test-hs20-ap1"
231 params['ssid'] = ssid
232 params['hessid'] = bssid
233 hostapd.add_ap(apdev[0]['ifname'], params)
234
235 bssid2 = apdev[1]['bssid']
236 params = hs20_ap_params()
237 ssid2 = "test-hs20-ap2"
238 params['ssid'] = ssid2
239 params['hessid'] = bssid2
240 params['access_network_type'] = "1"
241 del params['venue_group']
242 del params['venue_type']
243 hostapd.add_ap(apdev[1]['ifname'], params)
244
245 dev[0].hs20_enable()
246
247 wt = Wlantest()
248 wt.flush()
249
250 logger.info("Check probe request filtering based on HESSID")
251
252 dev[0].request("SET hessid " + bssid2)
253 dev[0].scan(freq="2412")
254 time.sleep(0.03)
255 check_probe_resp(wt, bssid, bssid2)
256
257 logger.info("Check probe request filtering based on access network type")
258
259 wt.clear_bss_counters(bssid)
260 wt.clear_bss_counters(bssid2)
261 dev[0].request("SET hessid 00:00:00:00:00:00")
262 dev[0].request("SET access_network_type 14")
263 dev[0].scan(freq="2412")
264 time.sleep(0.03)
265 check_probe_resp(wt, bssid2, bssid)
266
267 wt.clear_bss_counters(bssid)
268 wt.clear_bss_counters(bssid2)
269 dev[0].request("SET hessid 00:00:00:00:00:00")
270 dev[0].request("SET access_network_type 1")
271 dev[0].scan(freq="2412")
272 time.sleep(0.03)
273 check_probe_resp(wt, bssid, bssid2)
274
275 logger.info("Check probe request filtering based on HESSID and ANT")
276
277 wt.clear_bss_counters(bssid)
278 wt.clear_bss_counters(bssid2)
279 dev[0].request("SET hessid " + bssid)
280 dev[0].request("SET access_network_type 14")
281 dev[0].scan(freq="2412")
282 time.sleep(0.03)
283 check_probe_resp(wt, bssid2, bssid)
284
285 wt.clear_bss_counters(bssid)
286 wt.clear_bss_counters(bssid2)
287 dev[0].request("SET hessid " + bssid2)
288 dev[0].request("SET access_network_type 14")
289 dev[0].scan(freq="2412")
290 time.sleep(0.03)
291 check_probe_resp(wt, bssid, None)
292 check_probe_resp(wt, bssid2, None)
293
294 wt.clear_bss_counters(bssid)
295 wt.clear_bss_counters(bssid2)
296 dev[0].request("SET hessid " + bssid)
297 dev[0].request("SET access_network_type 1")
298 dev[0].scan(freq="2412")
299 time.sleep(0.03)
300 check_probe_resp(wt, bssid, None)
301 check_probe_resp(wt, bssid2, None)
302
303 def test_ap_hs20_select(dev, apdev):
304 """Hotspot 2.0 network selection"""
305 bssid = apdev[0]['bssid']
306 params = hs20_ap_params()
307 params['hessid'] = bssid
308 hostapd.add_ap(apdev[0]['ifname'], params)
309
310 dev[0].hs20_enable()
311 id = dev[0].add_cred_values({ 'realm': "example.com", 'username': "test",
312 'password': "secret",
313 'domain': "example.com" })
314 interworking_select(dev[0], bssid, "home")
315
316 dev[0].remove_cred(id)
317 id = dev[0].add_cred_values({ 'realm': "example.com", 'username': "test",
318 'password': "secret",
319 'domain': "no.match.example.com" })
320 interworking_select(dev[0], bssid, "roaming", freq="2412")
321
322 dev[0].set_cred_quoted(id, "realm", "no.match.example.com");
323 interworking_select(dev[0], bssid, no_match=True, freq="2412")
324
325 bssid2 = apdev[1]['bssid']
326 params = hs20_ap_params()
327 params['nai_realm'] = [ "0,example.org,21" ]
328 params['hessid'] = bssid2
329 params['domain_name'] = "example.org"
330 hostapd.add_ap(apdev[1]['ifname'], params)
331 dev[0].remove_cred(id)
332 id = dev[0].add_cred_values({ 'realm': "example.org", 'username': "test",
333 'password': "secret",
334 'domain': "example.org" })
335 interworking_select(dev[0], bssid2, "home", freq="2412")
336
337 def hs20_simulated_sim(dev, ap, method):
338 bssid = ap['bssid']
339 params = hs20_ap_params()
340 params['hessid'] = bssid
341 params['anqp_3gpp_cell_net'] = "555,444"
342 params['domain_name'] = "wlan.mnc444.mcc555.3gppnetwork.org"
343 hostapd.add_ap(ap['ifname'], params)
344
345 dev.hs20_enable()
346 dev.add_cred_values({ 'imsi': "555444-333222111", 'eap': method,
347 'milenage': "5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123"})
348 interworking_select(dev, "home", freq="2412")
349 interworking_connect(dev, bssid, method)
350 check_sp_type(dev, "home")
351
352 def test_ap_hs20_sim(dev, apdev):
353 """Hotspot 2.0 with simulated SIM and EAP-SIM"""
354 if not hlr_auc_gw_available():
355 return "skip"
356 hs20_simulated_sim(dev[0], apdev[0], "SIM")
357 dev[0].request("INTERWORKING_SELECT auto freq=2412")
358 ev = dev[0].wait_event(["INTERWORKING-ALREADY-CONNECTED"], timeout=15)
359 if ev is None:
360 raise Exception("Timeout on already-connected event")
361
362 def test_ap_hs20_aka(dev, apdev):
363 """Hotspot 2.0 with simulated USIM and EAP-AKA"""
364 if not hlr_auc_gw_available():
365 return "skip"
366 hs20_simulated_sim(dev[0], apdev[0], "AKA")
367
368 def test_ap_hs20_aka_prime(dev, apdev):
369 """Hotspot 2.0 with simulated USIM and EAP-AKA'"""
370 if not hlr_auc_gw_available():
371 return "skip"
372 hs20_simulated_sim(dev[0], apdev[0], "AKA'")
373
374 def test_ap_hs20_ext_sim(dev, apdev):
375 """Hotspot 2.0 with external SIM processing"""
376 if not hlr_auc_gw_available():
377 return "skip"
378 bssid = apdev[0]['bssid']
379 params = hs20_ap_params()
380 params['hessid'] = bssid
381 params['anqp_3gpp_cell_net'] = "232,01"
382 params['domain_name'] = "wlan.mnc001.mcc232.3gppnetwork.org"
383 hostapd.add_ap(apdev[0]['ifname'], params)
384
385 dev[0].hs20_enable()
386 dev[0].request("SET external_sim 1")
387 dev[0].add_cred_values({ 'imsi': "23201-0000000000", 'eap': "SIM" })
388 interworking_select(dev[0], "home", freq="2412")
389 interworking_ext_sim_connect(dev[0], bssid, "SIM")
390 check_sp_type(dev[0], "home")
391
392 def test_ap_hs20_ext_sim_roaming(dev, apdev):
393 """Hotspot 2.0 with external SIM processing in roaming network"""
394 if not hlr_auc_gw_available():
395 return "skip"
396 bssid = apdev[0]['bssid']
397 params = hs20_ap_params()
398 params['hessid'] = bssid
399 params['anqp_3gpp_cell_net'] = "244,91;310,026;232,01;234,56"
400 params['domain_name'] = "wlan.mnc091.mcc244.3gppnetwork.org"
401 hostapd.add_ap(apdev[0]['ifname'], params)
402
403 dev[0].hs20_enable()
404 dev[0].request("SET external_sim 1")
405 dev[0].add_cred_values({ 'imsi': "23201-0000000000", 'eap': "SIM" })
406 interworking_select(dev[0], "roaming", freq="2412")
407 interworking_ext_sim_connect(dev[0], bssid, "SIM")
408 check_sp_type(dev[0], "roaming")
409
410 def test_ap_hs20_username(dev, apdev):
411 """Hotspot 2.0 connection in username/password credential"""
412 bssid = apdev[0]['bssid']
413 params = hs20_ap_params()
414 params['hessid'] = bssid
415 params['disable_dgaf'] = '1'
416 hostapd.add_ap(apdev[0]['ifname'], params)
417
418 dev[0].hs20_enable()
419 id = dev[0].add_cred_values({ 'realm': "example.com",
420 'username': "hs20-test",
421 'password': "password",
422 'ca_cert': "auth_serv/ca.pem",
423 'domain': "example.com",
424 'update_identifier': "1234" })
425 interworking_select(dev[0], bssid, "home", freq="2412")
426 interworking_connect(dev[0], bssid, "TTLS")
427 check_sp_type(dev[0], "home")
428 status = dev[0].get_status()
429 if status['pairwise_cipher'] != "CCMP":
430 raise Exception("Unexpected pairwise cipher")
431 if status['hs20'] != "2":
432 raise Exception("Unexpected HS 2.0 support indication")
433
434 dev[1].connect("test-hs20", key_mgmt="WPA-EAP", eap="TTLS",
435 identity="hs20-test", password="password",
436 ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
437 scan_freq="2412")
438
439 def test_ap_hs20_auto_interworking(dev, apdev):
440 """Hotspot 2.0 connection with auto_interworking=1"""
441 bssid = apdev[0]['bssid']
442 params = hs20_ap_params()
443 params['hessid'] = bssid
444 params['disable_dgaf'] = '1'
445 hostapd.add_ap(apdev[0]['ifname'], params)
446
447 dev[0].hs20_enable(auto_interworking=True)
448 id = dev[0].add_cred_values({ 'realm': "example.com",
449 'username': "hs20-test",
450 'password': "password",
451 'ca_cert': "auth_serv/ca.pem",
452 'domain': "example.com",
453 'update_identifier': "1234" })
454 dev[0].request("REASSOCIATE")
455 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=15)
456 if ev is None:
457 raise Exception("Connection timed out")
458 check_sp_type(dev[0], "home")
459 status = dev[0].get_status()
460 if status['pairwise_cipher'] != "CCMP":
461 raise Exception("Unexpected pairwise cipher")
462 if status['hs20'] != "2":
463 raise Exception("Unexpected HS 2.0 support indication")
464
465 def eap_test(dev, ap, eap_params, method, user):
466 bssid = ap['bssid']
467 params = hs20_ap_params()
468 params['nai_realm'] = [ "0,example.com," + eap_params ]
469 hostapd.add_ap(ap['ifname'], params)
470
471 dev.hs20_enable()
472 dev.add_cred_values({ 'realm': "example.com",
473 'username': user,
474 'password': "password" })
475 interworking_select(dev, bssid, freq="2412")
476 interworking_connect(dev, bssid, method)
477
478 def test_ap_hs20_eap_unknown(dev, apdev):
479 """Hotspot 2.0 connection with unknown EAP method"""
480 bssid = apdev[0]['bssid']
481 params = hs20_ap_params()
482 params['nai_realm'] = "0,example.com,99"
483 hostapd.add_ap(apdev[0]['ifname'], params)
484
485 dev[0].hs20_enable()
486 dev[0].add_cred_values(default_cred())
487 interworking_select(dev[0], None, no_match=True, freq="2412")
488
489 def test_ap_hs20_eap_peap_mschapv2(dev, apdev):
490 """Hotspot 2.0 connection with PEAP/MSCHAPV2"""
491 eap_test(dev[0], apdev[0], "25[3:26]", "PEAP", "user")
492
493 def test_ap_hs20_eap_peap_default(dev, apdev):
494 """Hotspot 2.0 connection with PEAP/MSCHAPV2 (as default)"""
495 eap_test(dev[0], apdev[0], "25", "PEAP", "user")
496
497 def test_ap_hs20_eap_peap_gtc(dev, apdev):
498 """Hotspot 2.0 connection with PEAP/GTC"""
499 eap_test(dev[0], apdev[0], "25[3:6]", "PEAP", "user")
500
501 def test_ap_hs20_eap_peap_unknown(dev, apdev):
502 """Hotspot 2.0 connection with PEAP/unknown"""
503 bssid = apdev[0]['bssid']
504 params = hs20_ap_params()
505 params['nai_realm'] = "0,example.com,25[3:99]"
506 hostapd.add_ap(apdev[0]['ifname'], params)
507
508 dev[0].hs20_enable()
509 dev[0].add_cred_values(default_cred())
510 interworking_select(dev[0], None, no_match=True, freq="2412")
511
512 def test_ap_hs20_eap_ttls_chap(dev, apdev):
513 """Hotspot 2.0 connection with TTLS/CHAP"""
514 eap_test(dev[0], apdev[0], "21[2:2]", "TTLS", "chap user")
515
516 def test_ap_hs20_eap_ttls_mschap(dev, apdev):
517 """Hotspot 2.0 connection with TTLS/MSCHAP"""
518 eap_test(dev[0], apdev[0], "21[2:3]", "TTLS", "mschap user")
519
520 def test_ap_hs20_eap_ttls_eap_mschapv2(dev, apdev):
521 """Hotspot 2.0 connection with TTLS/EAP-MSCHAPv2"""
522 eap_test(dev[0], apdev[0], "21[3:26][6:7][99:99]", "TTLS", "user")
523
524 def test_ap_hs20_eap_ttls_eap_unknown(dev, apdev):
525 """Hotspot 2.0 connection with TTLS/EAP-unknown"""
526 bssid = apdev[0]['bssid']
527 params = hs20_ap_params()
528 params['nai_realm'] = "0,example.com,21[3:99]"
529 hostapd.add_ap(apdev[0]['ifname'], params)
530
531 dev[0].hs20_enable()
532 dev[0].add_cred_values(default_cred())
533 interworking_select(dev[0], None, no_match=True, freq="2412")
534
535 def test_ap_hs20_eap_ttls_eap_unsupported(dev, apdev):
536 """Hotspot 2.0 connection with TTLS/EAP-OTP(unsupported)"""
537 bssid = apdev[0]['bssid']
538 params = hs20_ap_params()
539 params['nai_realm'] = "0,example.com,21[3:5]"
540 hostapd.add_ap(apdev[0]['ifname'], params)
541
542 dev[0].hs20_enable()
543 dev[0].add_cred_values(default_cred())
544 interworking_select(dev[0], None, no_match=True, freq="2412")
545
546 def test_ap_hs20_eap_ttls_unknown(dev, apdev):
547 """Hotspot 2.0 connection with TTLS/unknown"""
548 bssid = apdev[0]['bssid']
549 params = hs20_ap_params()
550 params['nai_realm'] = "0,example.com,21[2:5]"
551 hostapd.add_ap(apdev[0]['ifname'], params)
552
553 dev[0].hs20_enable()
554 dev[0].add_cred_values(default_cred())
555 interworking_select(dev[0], None, no_match=True, freq="2412")
556
557 def test_ap_hs20_eap_fast_mschapv2(dev, apdev):
558 """Hotspot 2.0 connection with FAST/EAP-MSCHAPV2"""
559 eap_test(dev[0], apdev[0], "43[3:26]", "FAST", "user")
560
561 def test_ap_hs20_eap_fast_gtc(dev, apdev):
562 """Hotspot 2.0 connection with FAST/EAP-GTC"""
563 eap_test(dev[0], apdev[0], "43[3:6]", "FAST", "user")
564
565 def test_ap_hs20_eap_tls(dev, apdev):
566 """Hotspot 2.0 connection with EAP-TLS"""
567 bssid = apdev[0]['bssid']
568 params = hs20_ap_params()
569 params['nai_realm'] = [ "0,example.com,13[5:6]" ]
570 hostapd.add_ap(apdev[0]['ifname'], params)
571
572 dev[0].hs20_enable()
573 dev[0].add_cred_values({ 'realm': "example.com",
574 'username': "certificate-user",
575 'ca_cert': "auth_serv/ca.pem",
576 'client_cert': "auth_serv/user.pem",
577 'private_key': "auth_serv/user.key"})
578 interworking_select(dev[0], bssid, freq="2412")
579 interworking_connect(dev[0], bssid, "TLS")
580
581 def test_ap_hs20_eap_cert_unknown(dev, apdev):
582 """Hotspot 2.0 connection with certificate, but unknown EAP method"""
583 bssid = apdev[0]['bssid']
584 params = hs20_ap_params()
585 params['nai_realm'] = [ "0,example.com,99[5:6]" ]
586 hostapd.add_ap(apdev[0]['ifname'], params)
587
588 dev[0].hs20_enable()
589 dev[0].add_cred_values({ 'realm': "example.com",
590 'username': "certificate-user",
591 'ca_cert': "auth_serv/ca.pem",
592 'client_cert': "auth_serv/user.pem",
593 'private_key': "auth_serv/user.key"})
594 interworking_select(dev[0], None, no_match=True, freq="2412")
595
596 def test_ap_hs20_eap_cert_unsupported(dev, apdev):
597 """Hotspot 2.0 connection with certificate, but unsupported TTLS"""
598 bssid = apdev[0]['bssid']
599 params = hs20_ap_params()
600 params['nai_realm'] = [ "0,example.com,21[5:6]" ]
601 hostapd.add_ap(apdev[0]['ifname'], params)
602
603 dev[0].hs20_enable()
604 dev[0].add_cred_values({ 'realm': "example.com",
605 'username': "certificate-user",
606 'ca_cert': "auth_serv/ca.pem",
607 'client_cert': "auth_serv/user.pem",
608 'private_key': "auth_serv/user.key"})
609 interworking_select(dev[0], None, no_match=True, freq="2412")
610
611 def test_ap_hs20_eap_invalid_cred(dev, apdev):
612 """Hotspot 2.0 connection with invalid cred configuration"""
613 bssid = apdev[0]['bssid']
614 params = hs20_ap_params()
615 hostapd.add_ap(apdev[0]['ifname'], params)
616
617 dev[0].hs20_enable()
618 dev[0].add_cred_values({ 'realm': "example.com",
619 'username': "certificate-user",
620 'client_cert': "auth_serv/user.pem" })
621 interworking_select(dev[0], None, no_match=True, freq="2412")
622
623 def test_ap_hs20_nai_realms(dev, apdev):
624 """Hotspot 2.0 connection and multiple NAI realms and TTLS/PAP"""
625 bssid = apdev[0]['bssid']
626 params = hs20_ap_params()
627 params['hessid'] = bssid
628 params['nai_realm'] = [ "0,no.match.here;example.com;no.match.here.either,21[2:1][5:7]" ]
629 hostapd.add_ap(apdev[0]['ifname'], params)
630
631 dev[0].hs20_enable()
632 id = dev[0].add_cred_values({ 'realm': "example.com",
633 'username': "pap user",
634 'password': "password",
635 'domain': "example.com" })
636 interworking_select(dev[0], bssid, "home", freq="2412")
637 interworking_connect(dev[0], bssid, "TTLS")
638 check_sp_type(dev[0], "home")
639
640 def test_ap_hs20_roaming_consortium(dev, apdev):
641 """Hotspot 2.0 connection based on roaming consortium match"""
642 bssid = apdev[0]['bssid']
643 params = hs20_ap_params()
644 params['hessid'] = bssid
645 hostapd.add_ap(apdev[0]['ifname'], params)
646
647 dev[0].hs20_enable()
648 for consortium in [ "112233", "1020304050", "010203040506", "fedcba" ]:
649 id = dev[0].add_cred_values({ 'username': "user",
650 'password': "password",
651 'domain': "example.com",
652 'roaming_consortium': consortium,
653 'eap': "PEAP" })
654 interworking_select(dev[0], bssid, "home", freq="2412")
655 interworking_connect(dev[0], bssid, "PEAP")
656 check_sp_type(dev[0], "home")
657 dev[0].request("INTERWORKING_SELECT auto freq=2412")
658 ev = dev[0].wait_event(["INTERWORKING-ALREADY-CONNECTED"], timeout=15)
659 if ev is None:
660 raise Exception("Timeout on already-connected event")
661 dev[0].remove_cred(id)
662
663 def test_ap_hs20_username_roaming(dev, apdev):
664 """Hotspot 2.0 connection in username/password credential (roaming)"""
665 bssid = apdev[0]['bssid']
666 params = hs20_ap_params()
667 params['nai_realm'] = [ "0,example.com,13[5:6],21[2:4][5:7]",
668 "0,roaming.example.com,21[2:4][5:7]",
669 "0,another.example.com" ]
670 params['domain_name'] = "another.example.com"
671 params['hessid'] = bssid
672 hostapd.add_ap(apdev[0]['ifname'], params)
673
674 dev[0].hs20_enable()
675 id = dev[0].add_cred_values({ 'realm': "roaming.example.com",
676 'username': "hs20-test",
677 'password': "password",
678 'domain': "example.com" })
679 interworking_select(dev[0], bssid, "roaming", freq="2412")
680 interworking_connect(dev[0], bssid, "TTLS")
681 check_sp_type(dev[0], "roaming")
682
683 def test_ap_hs20_username_unknown(dev, apdev):
684 """Hotspot 2.0 connection in username/password credential (no domain in cred)"""
685 bssid = apdev[0]['bssid']
686 params = hs20_ap_params()
687 params['hessid'] = bssid
688 hostapd.add_ap(apdev[0]['ifname'], params)
689
690 dev[0].hs20_enable()
691 id = dev[0].add_cred_values({ 'realm': "example.com",
692 'username': "hs20-test",
693 'password': "password" })
694 interworking_select(dev[0], bssid, "unknown", freq="2412")
695 interworking_connect(dev[0], bssid, "TTLS")
696 check_sp_type(dev[0], "unknown")
697
698 def test_ap_hs20_username_unknown2(dev, apdev):
699 """Hotspot 2.0 connection in username/password credential (no domain advertized)"""
700 bssid = apdev[0]['bssid']
701 params = hs20_ap_params()
702 params['hessid'] = bssid
703 del params['domain_name']
704 hostapd.add_ap(apdev[0]['ifname'], params)
705
706 dev[0].hs20_enable()
707 id = dev[0].add_cred_values({ 'realm': "example.com",
708 'username': "hs20-test",
709 'password': "password",
710 'domain': "example.com" })
711 interworking_select(dev[0], bssid, "unknown", freq="2412")
712 interworking_connect(dev[0], bssid, "TTLS")
713 check_sp_type(dev[0], "unknown")
714
715 def test_ap_hs20_gas_while_associated(dev, apdev):
716 """Hotspot 2.0 connection with GAS query while associated"""
717 bssid = apdev[0]['bssid']
718 params = hs20_ap_params()
719 params['hessid'] = bssid
720 hostapd.add_ap(apdev[0]['ifname'], params)
721
722 dev[0].hs20_enable()
723 id = dev[0].add_cred_values({ 'realm': "example.com",
724 'username': "hs20-test",
725 'password': "password",
726 'domain': "example.com" })
727 interworking_select(dev[0], bssid, "home", freq="2412")
728 interworking_connect(dev[0], bssid, "TTLS")
729
730 logger.info("Verifying GAS query while associated")
731 dev[0].request("FETCH_ANQP")
732 for i in range(0, 6):
733 ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
734 if ev is None:
735 raise Exception("Operation timed out")
736
737 def test_ap_hs20_gas_while_associated_with_pmf(dev, apdev):
738 """Hotspot 2.0 connection with GAS query while associated and using PMF"""
739 bssid = apdev[0]['bssid']
740 params = hs20_ap_params()
741 params['hessid'] = bssid
742 hostapd.add_ap(apdev[0]['ifname'], params)
743
744 bssid2 = apdev[1]['bssid']
745 params = hs20_ap_params()
746 params['hessid'] = bssid2
747 params['nai_realm'] = [ "0,no-match.example.org,13[5:6],21[2:4][5:7]" ]
748 hostapd.add_ap(apdev[1]['ifname'], params)
749
750 dev[0].hs20_enable()
751 dev[0].request("SET pmf 2")
752 id = dev[0].add_cred_values({ 'realm': "example.com",
753 'username': "hs20-test",
754 'password': "password",
755 'domain': "example.com" })
756 interworking_select(dev[0], bssid, "home", freq="2412")
757 interworking_connect(dev[0], bssid, "TTLS")
758
759 logger.info("Verifying GAS query while associated")
760 dev[0].request("FETCH_ANQP")
761 for i in range(0, 2 * 6):
762 ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
763 if ev is None:
764 raise Exception("Operation timed out")
765
766 def test_ap_hs20_gas_frag_while_associated(dev, apdev):
767 """Hotspot 2.0 connection with fragmented GAS query while associated"""
768 bssid = apdev[0]['bssid']
769 params = hs20_ap_params()
770 params['hessid'] = bssid
771 hostapd.add_ap(apdev[0]['ifname'], params)
772 hapd = hostapd.Hostapd(apdev[0]['ifname'])
773 hapd.set("gas_frag_limit", "50")
774
775 dev[0].hs20_enable()
776 id = dev[0].add_cred_values({ 'realm': "example.com",
777 'username': "hs20-test",
778 'password': "password",
779 'domain': "example.com" })
780 interworking_select(dev[0], bssid, "home", freq="2412")
781 interworking_connect(dev[0], bssid, "TTLS")
782
783 logger.info("Verifying GAS query while associated")
784 dev[0].request("FETCH_ANQP")
785 for i in range(0, 6):
786 ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
787 if ev is None:
788 raise Exception("Operation timed out")
789
790 def test_ap_hs20_multiple_connects(dev, apdev):
791 """Hotspot 2.0 connection through multiple network selections"""
792 bssid = apdev[0]['bssid']
793 params = hs20_ap_params()
794 params['hessid'] = bssid
795 hostapd.add_ap(apdev[0]['ifname'], params)
796
797 dev[0].hs20_enable()
798 values = { 'realm': "example.com",
799 'username': "hs20-test",
800 'password': "password",
801 'domain': "example.com" }
802 id = dev[0].add_cred_values(values)
803
804 for i in range(0, 3):
805 logger.info("Starting Interworking network selection")
806 dev[0].request("INTERWORKING_SELECT auto freq=2412")
807 while True:
808 ev = dev[0].wait_event(["INTERWORKING-NO-MATCH",
809 "INTERWORKING-ALREADY-CONNECTED",
810 "CTRL-EVENT-CONNECTED"], timeout=15)
811 if ev is None:
812 raise Exception("Connection timed out")
813 if "INTERWORKING-NO-MATCH" in ev:
814 raise Exception("Matching AP not found")
815 if "CTRL-EVENT-CONNECTED" in ev:
816 break
817 if i == 2 and "INTERWORKING-ALREADY-CONNECTED" in ev:
818 break
819 if i == 0:
820 dev[0].request("DISCONNECT")
821 dev[0].dump_monitor()
822
823 networks = dev[0].list_networks()
824 if len(networks) > 1:
825 raise Exception("Duplicated network block detected")
826
827 def test_ap_hs20_disallow_aps(dev, apdev):
828 """Hotspot 2.0 connection and disallow_aps"""
829 bssid = apdev[0]['bssid']
830 params = hs20_ap_params()
831 params['hessid'] = bssid
832 hostapd.add_ap(apdev[0]['ifname'], params)
833
834 dev[0].hs20_enable()
835 values = { 'realm': "example.com",
836 'username': "hs20-test",
837 'password': "password",
838 'domain': "example.com" }
839 id = dev[0].add_cred_values(values)
840
841 logger.info("Verify disallow_aps bssid")
842 dev[0].request("SET disallow_aps bssid " + bssid.translate(None, ':'))
843 dev[0].request("INTERWORKING_SELECT auto")
844 ev = dev[0].wait_event(["INTERWORKING-NO-MATCH"], timeout=15)
845 if ev is None:
846 raise Exception("Network selection timed out")
847 dev[0].dump_monitor()
848
849 logger.info("Verify disallow_aps ssid")
850 dev[0].request("SET disallow_aps ssid 746573742d68733230")
851 dev[0].request("INTERWORKING_SELECT auto freq=2412")
852 ev = dev[0].wait_event(["INTERWORKING-NO-MATCH"], timeout=15)
853 if ev is None:
854 raise Exception("Network selection timed out")
855 dev[0].dump_monitor()
856
857 logger.info("Verify disallow_aps clear")
858 dev[0].request("SET disallow_aps ")
859 interworking_select(dev[0], bssid, "home", freq="2412")
860
861 dev[0].request("SET disallow_aps bssid " + bssid.translate(None, ':'))
862 ret = dev[0].request("INTERWORKING_CONNECT " + bssid)
863 if "FAIL" not in ret:
864 raise Exception("INTERWORKING_CONNECT to disallowed BSS not rejected")
865
866 def policy_test(dev, ap, values, only_one=True):
867 dev.dump_monitor()
868 if ap:
869 logger.info("Verify network selection to AP " + ap['ifname'])
870 bssid = ap['bssid']
871 else:
872 logger.info("Verify network selection")
873 bssid = None
874 dev.hs20_enable()
875 id = dev.add_cred_values(values)
876 dev.request("INTERWORKING_SELECT auto freq=2412")
877 events = []
878 while True:
879 ev = dev.wait_event(["INTERWORKING-AP", "INTERWORKING-NO-MATCH",
880 "INTERWORKING-BLACKLISTED",
881 "INTERWORKING-SELECTED"], timeout=15)
882 if ev is None:
883 raise Exception("Network selection timed out")
884 events.append(ev)
885 if "INTERWORKING-NO-MATCH" in ev:
886 raise Exception("Matching AP not found")
887 if bssid and only_one and "INTERWORKING-AP" in ev and bssid not in ev:
888 raise Exception("Unexpected AP claimed acceptable")
889 if "INTERWORKING-SELECTED" in ev:
890 if bssid and bssid not in ev:
891 raise Exception("Selected incorrect BSS")
892 break
893
894 ev = dev.wait_event(["CTRL-EVENT-CONNECTED"], timeout=15)
895 if ev is None:
896 raise Exception("Connection timed out")
897 if bssid and bssid not in ev:
898 raise Exception("Connected to incorrect BSS")
899
900 conn_bssid = dev.get_status_field("bssid")
901 if bssid and conn_bssid != bssid:
902 raise Exception("bssid information points to incorrect BSS")
903
904 dev.remove_cred(id)
905 dev.dump_monitor()
906 return events
907
908 def default_cred(domain=None):
909 cred = { 'realm': "example.com",
910 'username': "hs20-test",
911 'password': "password" }
912 if domain:
913 cred['domain'] = domain
914 return cred
915
916 def test_ap_hs20_prefer_home(dev, apdev):
917 """Hotspot 2.0 required roaming consortium"""
918 params = hs20_ap_params()
919 params['domain_name'] = "example.org"
920 hostapd.add_ap(apdev[0]['ifname'], params)
921
922 params = hs20_ap_params()
923 params['ssid'] = "test-hs20-other"
924 params['domain_name'] = "example.com"
925 hostapd.add_ap(apdev[1]['ifname'], params)
926
927 values = default_cred()
928 values['domain'] = "example.com"
929 policy_test(dev[0], apdev[1], values, only_one=False)
930 values['domain'] = "example.org"
931 policy_test(dev[0], apdev[0], values, only_one=False)
932
933 def test_ap_hs20_req_roaming_consortium(dev, apdev):
934 """Hotspot 2.0 required roaming consortium"""
935 params = hs20_ap_params()
936 hostapd.add_ap(apdev[0]['ifname'], params)
937
938 params = hs20_ap_params()
939 params['ssid'] = "test-hs20-other"
940 params['roaming_consortium'] = [ "223344" ]
941 hostapd.add_ap(apdev[1]['ifname'], params)
942
943 values = default_cred()
944 values['required_roaming_consortium'] = "223344"
945 policy_test(dev[0], apdev[1], values)
946 values['required_roaming_consortium'] = "112233"
947 policy_test(dev[0], apdev[0], values)
948
949 id = dev[0].add_cred()
950 dev[0].set_cred(id, "required_roaming_consortium", "112233")
951 dev[0].set_cred(id, "required_roaming_consortium", "112233445566778899aabbccddeeff")
952
953 for val in [ "", "1", "11", "1122", "1122334", "112233445566778899aabbccddeeff00" ]:
954 if "FAIL" not in dev[0].request('SET_CRED {} required_roaming_consortium {}'.format(id, val)):
955 raise Exception("Invalid roaming consortium value accepted: " + val)
956
957 def test_ap_hs20_excluded_ssid(dev, apdev):
958 """Hotspot 2.0 exclusion based on SSID"""
959 params = hs20_ap_params()
960 params['roaming_consortium'] = [ "223344" ]
961 params['anqp_3gpp_cell_net'] = "555,444"
962 hostapd.add_ap(apdev[0]['ifname'], params)
963
964 params = hs20_ap_params()
965 params['ssid'] = "test-hs20-other"
966 params['roaming_consortium'] = [ "223344" ]
967 params['anqp_3gpp_cell_net'] = "555,444"
968 hostapd.add_ap(apdev[1]['ifname'], params)
969
970 values = default_cred()
971 values['excluded_ssid'] = "test-hs20"
972 events = policy_test(dev[0], apdev[1], values)
973 ev = [e for e in events if "INTERWORKING-BLACKLISTED " + apdev[0]['bssid'] in e]
974 if len(ev) != 1:
975 raise Exception("Excluded network not reported")
976 values['excluded_ssid'] = "test-hs20-other"
977 events = policy_test(dev[0], apdev[0], values)
978 ev = [e for e in events if "INTERWORKING-BLACKLISTED " + apdev[1]['bssid'] in e]
979 if len(ev) != 1:
980 raise Exception("Excluded network not reported")
981
982 values = default_cred()
983 values['roaming_consortium'] = "223344"
984 values['eap'] = "TTLS"
985 values['phase2'] = "auth=MSCHAPV2"
986 values['excluded_ssid'] = "test-hs20"
987 events = policy_test(dev[0], apdev[1], values)
988 ev = [e for e in events if "INTERWORKING-BLACKLISTED " + apdev[0]['bssid'] in e]
989 if len(ev) != 1:
990 raise Exception("Excluded network not reported")
991
992 values = { 'imsi': "555444-333222111", 'eap': "SIM",
993 'milenage': "5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123",
994 'excluded_ssid': "test-hs20" }
995 events = policy_test(dev[0], apdev[1], values)
996 ev = [e for e in events if "INTERWORKING-BLACKLISTED " + apdev[0]['bssid'] in e]
997 if len(ev) != 1:
998 raise Exception("Excluded network not reported")
999
1000 def test_ap_hs20_roam_to_higher_prio(dev, apdev):
1001 """Hotspot 2.0 and roaming from current to higher priority network"""
1002 bssid = apdev[0]['bssid']
1003 params = hs20_ap_params(ssid="test-hs20-visited")
1004 params['domain_name'] = "visited.example.org"
1005 hostapd.add_ap(apdev[0]['ifname'], params)
1006
1007 dev[0].hs20_enable()
1008 id = dev[0].add_cred_values({ 'realm': "example.com",
1009 'username': "hs20-test",
1010 'password': "password",
1011 'domain': "example.com" })
1012 logger.info("Connect to the only network option")
1013 interworking_select(dev[0], bssid, "roaming", freq="2412")
1014 dev[0].dump_monitor()
1015 interworking_connect(dev[0], bssid, "TTLS")
1016
1017 logger.info("Start another AP (home operator) and reconnect")
1018 bssid2 = apdev[1]['bssid']
1019 params = hs20_ap_params(ssid="test-hs20-home")
1020 params['domain_name'] = "example.com"
1021 hostapd.add_ap(apdev[1]['ifname'], params)
1022
1023 dev[0].request("INTERWORKING_SELECT auto freq=2412")
1024 ev = dev[0].wait_event(["INTERWORKING-NO-MATCH",
1025 "INTERWORKING-ALREADY-CONNECTED",
1026 "CTRL-EVENT-CONNECTED"], timeout=15)
1027 if ev is None:
1028 raise Exception("Connection timed out")
1029 if "INTERWORKING-NO-MATCH" in ev:
1030 raise Exception("Matching AP not found")
1031 if "INTERWORKING-ALREADY-CONNECTED" in ev:
1032 raise Exception("Unexpected AP selected")
1033 if bssid2 not in ev:
1034 raise Exception("Unexpected BSSID after reconnection")
1035
1036 def test_ap_hs20_domain_suffix_match(dev, apdev):
1037 """Hotspot 2.0 and domain_suffix_match"""
1038 bssid = apdev[0]['bssid']
1039 params = hs20_ap_params()
1040 hostapd.add_ap(apdev[0]['ifname'], params)
1041
1042 dev[0].hs20_enable()
1043 id = dev[0].add_cred_values({ 'realm': "example.com",
1044 'username': "hs20-test",
1045 'password': "password",
1046 'domain': "example.com",
1047 'domain_suffix_match': "w1.fi" })
1048 interworking_select(dev[0], bssid, "home", freq="2412")
1049 dev[0].dump_monitor()
1050 interworking_connect(dev[0], bssid, "TTLS")
1051 dev[0].request("REMOVE_NETWORK all")
1052 dev[0].dump_monitor()
1053
1054 dev[0].set_cred_quoted(id, "domain_suffix_match", "no-match.example.com")
1055 interworking_select(dev[0], bssid, "home", freq="2412")
1056 dev[0].dump_monitor()
1057 dev[0].request("INTERWORKING_CONNECT " + bssid)
1058 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"])
1059 if ev is None:
1060 raise Exception("TLS certificate error not reported")
1061 if "Domain suffix mismatch" not in ev:
1062 raise Exception("Domain suffix mismatch not reported")
1063
1064 def test_ap_hs20_roaming_partner_preference(dev, apdev):
1065 """Hotspot 2.0 and roaming partner preference"""
1066 params = hs20_ap_params()
1067 params['domain_name'] = "roaming.example.org"
1068 hostapd.add_ap(apdev[0]['ifname'], params)
1069
1070 params = hs20_ap_params()
1071 params['ssid'] = "test-hs20-other"
1072 params['domain_name'] = "roaming.example.net"
1073 hostapd.add_ap(apdev[1]['ifname'], params)
1074
1075 logger.info("Verify default vs. specified preference")
1076 values = default_cred()
1077 values['roaming_partner'] = "roaming.example.net,1,127,*"
1078 policy_test(dev[0], apdev[1], values, only_one=False)
1079 values['roaming_partner'] = "roaming.example.net,1,129,*"
1080 policy_test(dev[0], apdev[0], values, only_one=False)
1081
1082 logger.info("Verify partial FQDN match")
1083 values['roaming_partner'] = "example.net,0,0,*"
1084 policy_test(dev[0], apdev[1], values, only_one=False)
1085 values['roaming_partner'] = "example.net,0,255,*"
1086 policy_test(dev[0], apdev[0], values, only_one=False)
1087
1088 def test_ap_hs20_max_bss_load(dev, apdev):
1089 """Hotspot 2.0 and maximum BSS load"""
1090 params = hs20_ap_params()
1091 params['bss_load_test'] = "12:200:20000"
1092 hostapd.add_ap(apdev[0]['ifname'], params)
1093
1094 params = hs20_ap_params()
1095 params['ssid'] = "test-hs20-other"
1096 params['bss_load_test'] = "5:20:10000"
1097 hostapd.add_ap(apdev[1]['ifname'], params)
1098
1099 logger.info("Verify maximum BSS load constraint")
1100 values = default_cred()
1101 values['domain'] = "example.com"
1102 values['max_bss_load'] = "100"
1103 events = policy_test(dev[0], apdev[1], values, only_one=False)
1104
1105 ev = [e for e in events if "INTERWORKING-AP " + apdev[0]['bssid'] in e]
1106 if len(ev) != 1 or "over_max_bss_load=1" not in ev[0]:
1107 raise Exception("Maximum BSS Load case not noticed")
1108 ev = [e for e in events if "INTERWORKING-AP " + apdev[1]['bssid'] in e]
1109 if len(ev) != 1 or "over_max_bss_load=1" in ev[0]:
1110 raise Exception("Maximum BSS Load case reported incorrectly")
1111
1112 logger.info("Verify maximum BSS load does not prevent connection")
1113 values['max_bss_load'] = "1"
1114 events = policy_test(dev[0], None, values)
1115
1116 ev = [e for e in events if "INTERWORKING-AP " + apdev[0]['bssid'] in e]
1117 if len(ev) != 1 or "over_max_bss_load=1" not in ev[0]:
1118 raise Exception("Maximum BSS Load case not noticed")
1119 ev = [e for e in events if "INTERWORKING-AP " + apdev[1]['bssid'] in e]
1120 if len(ev) != 1 or "over_max_bss_load=1" not in ev[0]:
1121 raise Exception("Maximum BSS Load case not noticed")
1122
1123 def test_ap_hs20_max_bss_load2(dev, apdev):
1124 """Hotspot 2.0 and maximum BSS load with one AP not advertising"""
1125 params = hs20_ap_params()
1126 params['bss_load_test'] = "12:200:20000"
1127 hostapd.add_ap(apdev[0]['ifname'], params)
1128
1129 params = hs20_ap_params()
1130 params['ssid'] = "test-hs20-other"
1131 hostapd.add_ap(apdev[1]['ifname'], params)
1132
1133 logger.info("Verify maximum BSS load constraint with AP advertisement")
1134 values = default_cred()
1135 values['domain'] = "example.com"
1136 values['max_bss_load'] = "100"
1137 events = policy_test(dev[0], apdev[1], values, only_one=False)
1138
1139 ev = [e for e in events if "INTERWORKING-AP " + apdev[0]['bssid'] in e]
1140 if len(ev) != 1 or "over_max_bss_load=1" not in ev[0]:
1141 raise Exception("Maximum BSS Load case not noticed")
1142 ev = [e for e in events if "INTERWORKING-AP " + apdev[1]['bssid'] in e]
1143 if len(ev) != 1 or "over_max_bss_load=1" in ev[0]:
1144 raise Exception("Maximum BSS Load case reported incorrectly")
1145
1146 def test_ap_hs20_multi_cred_sp_prio(dev, apdev):
1147 """Hotspot 2.0 multi-cred sp_priority"""
1148 if not hlr_auc_gw_available():
1149 return "skip"
1150 bssid = apdev[0]['bssid']
1151 params = hs20_ap_params()
1152 params['hessid'] = bssid
1153 del params['domain_name']
1154 params['anqp_3gpp_cell_net'] = "232,01"
1155 hostapd.add_ap(apdev[0]['ifname'], params)
1156
1157 dev[0].hs20_enable()
1158 dev[0].request("SET external_sim 1")
1159 id1 = dev[0].add_cred_values({ 'imsi': "23201-0000000000", 'eap': "SIM",
1160 'provisioning_sp': "example.com",
1161 'sp_priority' :"1" })
1162 id2 = dev[0].add_cred_values({ 'realm': "example.com",
1163 'username': "hs20-test",
1164 'password': "password",
1165 'domain': "example.com",
1166 'provisioning_sp': "example.com",
1167 'sp_priority': "2" })
1168 dev[0].dump_monitor()
1169 dev[0].request("INTERWORKING_SELECT auto freq=2412")
1170 interworking_ext_sim_auth(dev[0], "SIM")
1171 check_sp_type(dev[0], "unknown")
1172 dev[0].request("REMOVE_NETWORK all")
1173
1174 dev[0].set_cred(id1, "sp_priority", "2")
1175 dev[0].set_cred(id2, "sp_priority", "1")
1176 dev[0].dump_monitor()
1177 dev[0].request("INTERWORKING_SELECT auto freq=2412")
1178 interworking_auth(dev[0], "TTLS")
1179 check_sp_type(dev[0], "unknown")
1180
1181 def test_ap_hs20_multi_cred_sp_prio2(dev, apdev):
1182 """Hotspot 2.0 multi-cred sp_priority with two BSSes"""
1183 if not hlr_auc_gw_available():
1184 return "skip"
1185 bssid = apdev[0]['bssid']
1186 params = hs20_ap_params()
1187 params['hessid'] = bssid
1188 del params['nai_realm']
1189 del params['domain_name']
1190 params['anqp_3gpp_cell_net'] = "232,01"
1191 hostapd.add_ap(apdev[0]['ifname'], params)
1192
1193 bssid2 = apdev[1]['bssid']
1194 params = hs20_ap_params()
1195 params['ssid'] = "test-hs20-other"
1196 params['hessid'] = bssid2
1197 del params['domain_name']
1198 del params['anqp_3gpp_cell_net']
1199 hostapd.add_ap(apdev[1]['ifname'], params)
1200
1201 dev[0].hs20_enable()
1202 dev[0].request("SET external_sim 1")
1203 id1 = dev[0].add_cred_values({ 'imsi': "23201-0000000000", 'eap': "SIM",
1204 'provisioning_sp': "example.com",
1205 'sp_priority': "1" })
1206 id2 = dev[0].add_cred_values({ 'realm': "example.com",
1207 'username': "hs20-test",
1208 'password': "password",
1209 'domain': "example.com",
1210 'provisioning_sp': "example.com",
1211 'sp_priority': "2" })
1212 dev[0].dump_monitor()
1213 dev[0].request("INTERWORKING_SELECT auto freq=2412")
1214 interworking_ext_sim_auth(dev[0], "SIM")
1215 check_sp_type(dev[0], "unknown")
1216 conn_bssid = dev[0].get_status_field("bssid")
1217 if conn_bssid != bssid:
1218 raise Exception("Connected to incorrect BSS")
1219 dev[0].request("REMOVE_NETWORK all")
1220
1221 dev[0].set_cred(id1, "sp_priority", "2")
1222 dev[0].set_cred(id2, "sp_priority", "1")
1223 dev[0].dump_monitor()
1224 dev[0].request("INTERWORKING_SELECT auto freq=2412")
1225 interworking_auth(dev[0], "TTLS")
1226 check_sp_type(dev[0], "unknown")
1227 conn_bssid = dev[0].get_status_field("bssid")
1228 if conn_bssid != bssid2:
1229 raise Exception("Connected to incorrect BSS")
1230
1231 def check_conn_capab_selection(dev, type, missing):
1232 dev.request("INTERWORKING_SELECT freq=2412")
1233 ev = dev.wait_event(["INTERWORKING-AP"])
1234 if ev is None:
1235 raise Exception("Network selection timed out");
1236 if "type=" + type not in ev:
1237 raise Exception("Unexpected network type")
1238 if missing and "conn_capab_missing=1" not in ev:
1239 raise Exception("conn_capab_missing not reported")
1240 if not missing and "conn_capab_missing=1" in ev:
1241 raise Exception("conn_capab_missing reported unexpectedly")
1242
1243 def conn_capab_cred(domain=None, req_conn_capab=None):
1244 cred = default_cred(domain=domain)
1245 if req_conn_capab:
1246 cred['req_conn_capab'] = req_conn_capab
1247 return cred
1248
1249 def test_ap_hs20_req_conn_capab(dev, apdev):
1250 """Hotspot 2.0 network selection with req_conn_capab"""
1251 bssid = apdev[0]['bssid']
1252 params = hs20_ap_params()
1253 hostapd.add_ap(apdev[0]['ifname'], params)
1254
1255 dev[0].hs20_enable()
1256 logger.info("Not used in home network")
1257 values = conn_capab_cred(domain="example.com", req_conn_capab="6:1234")
1258 id = dev[0].add_cred_values(values)
1259 check_conn_capab_selection(dev[0], "home", False)
1260
1261 logger.info("Used in roaming network")
1262 dev[0].remove_cred(id)
1263 values = conn_capab_cred(domain="example.org", req_conn_capab="6:1234")
1264 id = dev[0].add_cred_values(values)
1265 check_conn_capab_selection(dev[0], "roaming", True)
1266
1267 logger.info("Verify that req_conn_capab does not prevent connection if no other network is available")
1268 check_auto_select(dev[0], bssid)
1269
1270 logger.info("Additional req_conn_capab checks")
1271
1272 dev[0].remove_cred(id)
1273 values = conn_capab_cred(domain="example.org", req_conn_capab="1:0")
1274 id = dev[0].add_cred_values(values)
1275 check_conn_capab_selection(dev[0], "roaming", True)
1276
1277 dev[0].remove_cred(id)
1278 values = conn_capab_cred(domain="example.org", req_conn_capab="17:5060")
1279 id = dev[0].add_cred_values(values)
1280 check_conn_capab_selection(dev[0], "roaming", True)
1281
1282 bssid2 = apdev[1]['bssid']
1283 params = hs20_ap_params(ssid="test-hs20b")
1284 params['hs20_conn_capab'] = [ "1:0:2", "6:22:1", "17:5060:0", "50:0:1" ]
1285 hostapd.add_ap(apdev[1]['ifname'], params)
1286
1287 dev[0].remove_cred(id)
1288 values = conn_capab_cred(domain="example.org", req_conn_capab="50")
1289 id = dev[0].add_cred_values(values)
1290 dev[0].set_cred(id, "req_conn_capab", "6:22")
1291 dev[0].request("INTERWORKING_SELECT freq=2412")
1292 for i in range(0, 2):
1293 ev = dev[0].wait_event(["INTERWORKING-AP"])
1294 if ev is None:
1295 raise Exception("Network selection timed out");
1296 if bssid in ev and "conn_capab_missing=1" not in ev:
1297 raise Exception("Missing protocol connection capability not reported")
1298 if bssid2 in ev and "conn_capab_missing=1" in ev:
1299 raise Exception("Protocol connection capability not reported correctly")
1300
1301 def test_ap_hs20_req_conn_capab_and_roaming_partner_preference(dev, apdev):
1302 """Hotspot 2.0 and req_conn_capab with roaming partner preference"""
1303 bssid = apdev[0]['bssid']
1304 params = hs20_ap_params()
1305 params['domain_name'] = "roaming.example.org"
1306 params['hs20_conn_capab'] = [ "1:0:2", "6:22:1", "17:5060:0", "50:0:1" ]
1307 hostapd.add_ap(apdev[0]['ifname'], params)
1308
1309 bssid2 = apdev[1]['bssid']
1310 params = hs20_ap_params(ssid="test-hs20-b")
1311 params['domain_name'] = "roaming.example.net"
1312 hostapd.add_ap(apdev[1]['ifname'], params)
1313
1314 values = default_cred()
1315 values['roaming_partner'] = "roaming.example.net,1,127,*"
1316 id = dev[0].add_cred_values(values)
1317 check_auto_select(dev[0], bssid2)
1318
1319 dev[0].set_cred(id, "req_conn_capab", "50")
1320 check_auto_select(dev[0], bssid)
1321
1322 dev[0].remove_cred(id)
1323 id = dev[0].add_cred_values(values)
1324 dev[0].set_cred(id, "req_conn_capab", "51")
1325 check_auto_select(dev[0], bssid2)
1326
1327 def check_bandwidth_selection(dev, type, below):
1328 dev.request("INTERWORKING_SELECT freq=2412")
1329 ev = dev.wait_event(["INTERWORKING-AP"])
1330 if ev is None:
1331 raise Exception("Network selection timed out");
1332 if "type=" + type not in ev:
1333 raise Exception("Unexpected network type")
1334 if below and "below_min_backhaul=1" not in ev:
1335 raise Exception("below_min_backhaul not reported")
1336 if not below and "below_min_backhaul=1" in ev:
1337 raise Exception("below_min_backhaul reported unexpectedly")
1338
1339 def bw_cred(domain=None, dl_home=None, ul_home=None, dl_roaming=None, ul_roaming=None):
1340 cred = default_cred(domain=domain)
1341 if dl_home:
1342 cred['min_dl_bandwidth_home'] = str(dl_home)
1343 if ul_home:
1344 cred['min_ul_bandwidth_home'] = str(ul_home)
1345 if dl_roaming:
1346 cred['min_dl_bandwidth_roaming'] = str(dl_roaming)
1347 if ul_roaming:
1348 cred['min_ul_bandwidth_roaming'] = str(ul_roaming)
1349 return cred
1350
1351 def test_ap_hs20_min_bandwidth_home(dev, apdev):
1352 """Hotspot 2.0 network selection with min bandwidth (home)"""
1353 bssid = apdev[0]['bssid']
1354 params = hs20_ap_params()
1355 hostapd.add_ap(apdev[0]['ifname'], params)
1356
1357 dev[0].hs20_enable()
1358 values = bw_cred(domain="example.com", dl_home=5490, ul_home=58)
1359 id = dev[0].add_cred_values(values)
1360 check_bandwidth_selection(dev[0], "home", False)
1361 dev[0].remove_cred(id)
1362
1363 values = bw_cred(domain="example.com", dl_home=5491, ul_home=58)
1364 id = dev[0].add_cred_values(values)
1365 check_bandwidth_selection(dev[0], "home", True)
1366 dev[0].remove_cred(id)
1367
1368 values = bw_cred(domain="example.com", dl_home=5490, ul_home=59)
1369 id = dev[0].add_cred_values(values)
1370 check_bandwidth_selection(dev[0], "home", True)
1371 dev[0].remove_cred(id)
1372
1373 values = bw_cred(domain="example.com", dl_home=5491, ul_home=59)
1374 id = dev[0].add_cred_values(values)
1375 check_bandwidth_selection(dev[0], "home", True)
1376 check_auto_select(dev[0], bssid)
1377
1378 bssid2 = apdev[1]['bssid']
1379 params = hs20_ap_params(ssid="test-hs20-b")
1380 params['hs20_wan_metrics'] = "01:8000:1000:1:1:3000"
1381 hostapd.add_ap(apdev[1]['ifname'], params)
1382
1383 check_auto_select(dev[0], bssid2)
1384
1385 def test_ap_hs20_min_bandwidth_roaming(dev, apdev):
1386 """Hotspot 2.0 network selection with min bandwidth (roaming)"""
1387 bssid = apdev[0]['bssid']
1388 params = hs20_ap_params()
1389 hostapd.add_ap(apdev[0]['ifname'], params)
1390
1391 dev[0].hs20_enable()
1392 values = bw_cred(domain="example.org", dl_roaming=5490, ul_roaming=58)
1393 id = dev[0].add_cred_values(values)
1394 check_bandwidth_selection(dev[0], "roaming", False)
1395 dev[0].remove_cred(id)
1396
1397 values = bw_cred(domain="example.org", dl_roaming=5491, ul_roaming=58)
1398 id = dev[0].add_cred_values(values)
1399 check_bandwidth_selection(dev[0], "roaming", True)
1400 dev[0].remove_cred(id)
1401
1402 values = bw_cred(domain="example.org", dl_roaming=5490, ul_roaming=59)
1403 id = dev[0].add_cred_values(values)
1404 check_bandwidth_selection(dev[0], "roaming", True)
1405 dev[0].remove_cred(id)
1406
1407 values = bw_cred(domain="example.org", dl_roaming=5491, ul_roaming=59)
1408 id = dev[0].add_cred_values(values)
1409 check_bandwidth_selection(dev[0], "roaming", True)
1410 check_auto_select(dev[0], bssid)
1411
1412 bssid2 = apdev[1]['bssid']
1413 params = hs20_ap_params(ssid="test-hs20-b")
1414 params['hs20_wan_metrics'] = "01:8000:1000:1:1:3000"
1415 hostapd.add_ap(apdev[1]['ifname'], params)
1416
1417 check_auto_select(dev[0], bssid2)
1418
1419 def test_ap_hs20_min_bandwidth_and_roaming_partner_preference(dev, apdev):
1420 """Hotspot 2.0 and minimum bandwidth with roaming partner preference"""
1421 bssid = apdev[0]['bssid']
1422 params = hs20_ap_params()
1423 params['domain_name'] = "roaming.example.org"
1424 params['hs20_wan_metrics'] = "01:8000:1000:1:1:3000"
1425 hostapd.add_ap(apdev[0]['ifname'], params)
1426
1427 bssid2 = apdev[1]['bssid']
1428 params = hs20_ap_params(ssid="test-hs20-b")
1429 params['domain_name'] = "roaming.example.net"
1430 hostapd.add_ap(apdev[1]['ifname'], params)
1431
1432 values = default_cred()
1433 values['roaming_partner'] = "roaming.example.net,1,127,*"
1434 id = dev[0].add_cred_values(values)
1435 check_auto_select(dev[0], bssid2)
1436
1437 dev[0].set_cred(id, "min_dl_bandwidth_roaming", "6000")
1438 check_auto_select(dev[0], bssid)
1439
1440 dev[0].set_cred(id, "min_dl_bandwidth_roaming", "10000")
1441 check_auto_select(dev[0], bssid2)
1442
1443 def test_ap_hs20_min_bandwidth_no_wan_metrics(dev, apdev):
1444 """Hotspot 2.0 network selection with min bandwidth but no WAN Metrics"""
1445 bssid = apdev[0]['bssid']
1446 params = hs20_ap_params()
1447 del params['hs20_wan_metrics']
1448 hostapd.add_ap(apdev[0]['ifname'], params)
1449
1450 dev[0].hs20_enable()
1451 values = bw_cred(domain="example.com", dl_home=10000, ul_home=10000,
1452 dl_roaming=10000, ul_roaming=10000)
1453 dev[0].add_cred_values(values)
1454 check_bandwidth_selection(dev[0], "home", False)
1455
1456 def test_ap_hs20_deauth_req_ess(dev, apdev):
1457 """Hotspot 2.0 connection and deauthentication request for ESS"""
1458 dev[0].request("SET pmf 2")
1459 eap_test(dev[0], apdev[0], "21[3:26]", "TTLS", "user")
1460 dev[0].dump_monitor()
1461 addr = dev[0].p2p_interface_addr()
1462 hapd = hostapd.Hostapd(apdev[0]['ifname'])
1463 hapd.request("HS20_DEAUTH_REQ " + addr + " 1 120 http://example.com/")
1464 ev = dev[0].wait_event(["HS20-DEAUTH-IMMINENT-NOTICE"])
1465 if ev is None:
1466 raise Exception("Timeout on deauth imminent notice")
1467 if "1 120 http://example.com/" not in ev:
1468 raise Exception("Unexpected deauth imminent notice: " + ev)
1469 hapd.request("DEAUTHENTICATE " + addr)
1470 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"])
1471 if ev is None:
1472 raise Exception("Timeout on disconnection")
1473 if "[TEMP-DISABLED]" not in dev[0].list_networks()[0]['flags']:
1474 raise Exception("Network not marked temporarily disabled")
1475 ev = dev[0].wait_event(["SME: Trying to authenticate",
1476 "Trying to associate",
1477 "CTRL-EVENT-CONNECTED"], timeout=5)
1478 if ev is not None:
1479 raise Exception("Unexpected connection attempt")
1480
1481 def test_ap_hs20_deauth_req_bss(dev, apdev):
1482 """Hotspot 2.0 connection and deauthentication request for BSS"""
1483 dev[0].request("SET pmf 2")
1484 eap_test(dev[0], apdev[0], "21[3:26]", "TTLS", "user")
1485 dev[0].dump_monitor()
1486 addr = dev[0].p2p_interface_addr()
1487 hapd = hostapd.Hostapd(apdev[0]['ifname'])
1488 hapd.request("HS20_DEAUTH_REQ " + addr + " 0 120 http://example.com/")
1489 ev = dev[0].wait_event(["HS20-DEAUTH-IMMINENT-NOTICE"])
1490 if ev is None:
1491 raise Exception("Timeout on deauth imminent notice")
1492 if "0 120 http://example.com/" not in ev:
1493 raise Exception("Unexpected deauth imminent notice: " + ev)
1494 hapd.request("DEAUTHENTICATE " + addr + " reason=4")
1495 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"])
1496 if ev is None:
1497 raise Exception("Timeout on disconnection")
1498 if "reason=4" not in ev:
1499 raise Exception("Unexpected disconnection reason")
1500 if "[TEMP-DISABLED]" not in dev[0].list_networks()[0]['flags']:
1501 raise Exception("Network not marked temporarily disabled")
1502 ev = dev[0].wait_event(["SME: Trying to authenticate",
1503 "Trying to associate",
1504 "CTRL-EVENT-CONNECTED"], timeout=5)
1505 if ev is not None:
1506 raise Exception("Unexpected connection attempt")
1507
1508 def test_ap_hs20_deauth_req_from_radius(dev, apdev):
1509 """Hotspot 2.0 connection and deauthentication request from RADIUS"""
1510 bssid = apdev[0]['bssid']
1511 params = hs20_ap_params()
1512 params['nai_realm'] = [ "0,example.com,21[2:4]" ]
1513 params['hs20_deauth_req_timeout'] = "2"
1514 hostapd.add_ap(apdev[0]['ifname'], params)
1515
1516 dev[0].request("SET pmf 2")
1517 dev[0].hs20_enable()
1518 dev[0].add_cred_values({ 'realm': "example.com",
1519 'username': "hs20-deauth-test",
1520 'password': "password" })
1521 interworking_select(dev[0], bssid, freq="2412")
1522 interworking_connect(dev[0], bssid, "TTLS")
1523 ev = dev[0].wait_event(["HS20-DEAUTH-IMMINENT-NOTICE"], timeout=5)
1524 if ev is None:
1525 raise Exception("Timeout on deauth imminent notice")
1526 if " 1 100" not in ev:
1527 raise Exception("Unexpected deauth imminent contents")
1528 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=3)
1529 if ev is None:
1530 raise Exception("Timeout on disconnection")
1531
1532 def test_ap_hs20_remediation_required(dev, apdev):
1533 """Hotspot 2.0 connection and remediation required from RADIUS"""
1534 bssid = apdev[0]['bssid']
1535 params = hs20_ap_params()
1536 params['nai_realm'] = [ "0,example.com,21[2:4]" ]
1537 hostapd.add_ap(apdev[0]['ifname'], params)
1538
1539 dev[0].request("SET pmf 1")
1540 dev[0].hs20_enable()
1541 dev[0].add_cred_values({ 'realm': "example.com",
1542 'username': "hs20-subrem-test",
1543 'password': "password" })
1544 interworking_select(dev[0], bssid, freq="2412")
1545 interworking_connect(dev[0], bssid, "TTLS")
1546 ev = dev[0].wait_event(["HS20-SUBSCRIPTION-REMEDIATION"], timeout=5)
1547 if ev is None:
1548 raise Exception("Timeout on subscription remediation notice")
1549 if " 1 https://example.com/" not in ev:
1550 raise Exception("Unexpected subscription remediation event contents")
1551
1552 def test_ap_hs20_remediation_required_ctrl(dev, apdev):
1553 """Hotspot 2.0 connection and subrem from ctrl_iface"""
1554 bssid = apdev[0]['bssid']
1555 addr = dev[0].p2p_dev_addr()
1556 params = hs20_ap_params()
1557 params['nai_realm'] = [ "0,example.com,21[2:4]" ]
1558 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
1559
1560 dev[0].request("SET pmf 1")
1561 dev[0].hs20_enable()
1562 dev[0].add_cred_values(default_cred())
1563 interworking_select(dev[0], bssid, freq="2412")
1564 interworking_connect(dev[0], bssid, "TTLS")
1565
1566 hapd.request("HS20_WNM_NOTIF " + addr + " https://example.com/")
1567 ev = dev[0].wait_event(["HS20-SUBSCRIPTION-REMEDIATION"], timeout=5)
1568 if ev is None:
1569 raise Exception("Timeout on subscription remediation notice")
1570 if " 1 https://example.com/" not in ev:
1571 raise Exception("Unexpected subscription remediation event contents")
1572
1573 hapd.request("HS20_WNM_NOTIF " + addr)
1574 ev = dev[0].wait_event(["HS20-SUBSCRIPTION-REMEDIATION"], timeout=5)
1575 if ev is None:
1576 raise Exception("Timeout on subscription remediation notice")
1577 if not ev.endswith("HS20-SUBSCRIPTION-REMEDIATION "):
1578 raise Exception("Unexpected subscription remediation event contents: " + ev)
1579
1580 if "FAIL" not in hapd.request("HS20_WNM_NOTIF "):
1581 raise Exception("Unexpected HS20_WNM_NOTIF success")
1582 if "FAIL" not in hapd.request("HS20_WNM_NOTIF foo"):
1583 raise Exception("Unexpected HS20_WNM_NOTIF success")
1584 if "FAIL" not in hapd.request("HS20_WNM_NOTIF " + addr + " https://12345678923456789842345678456783456712345678923456789842345678456783456712345678923456789842345678456783456712345678923456789842345678456783456712345678923456789842345678456783456712345678923456789842345678456783456712345678923456789842345678456783456712345678927.very.long.example.com/"):
1585 raise Exception("Unexpected HS20_WNM_NOTIF success")
1586
1587 def test_ap_hs20_session_info(dev, apdev):
1588 """Hotspot 2.0 connection and session information from RADIUS"""
1589 bssid = apdev[0]['bssid']
1590 params = hs20_ap_params()
1591 params['nai_realm'] = [ "0,example.com,21[2:4]" ]
1592 hostapd.add_ap(apdev[0]['ifname'], params)
1593
1594 dev[0].request("SET pmf 1")
1595 dev[0].hs20_enable()
1596 dev[0].add_cred_values({ 'realm': "example.com",
1597 'username': "hs20-session-info-test",
1598 'password': "password" })
1599 interworking_select(dev[0], bssid, freq="2412")
1600 interworking_connect(dev[0], bssid, "TTLS")
1601 ev = dev[0].wait_event(["ESS-DISASSOC-IMMINENT"], timeout=10)
1602 if ev is None:
1603 raise Exception("Timeout on ESS disassociation imminent notice")
1604 if " 1 59904 https://example.com/" not in ev:
1605 raise Exception("Unexpected ESS disassociation imminent event contents")
1606 ev = dev[0].wait_event(["CTRL-EVENT-SCAN-STARTED"])
1607 if ev is None:
1608 raise Exception("Scan not started")
1609 ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"])
1610 if ev is None:
1611 raise Exception("Scan not completed")
1612
1613 def test_ap_hs20_osen(dev, apdev):
1614 """Hotspot 2.0 OSEN connection"""
1615 params = { 'ssid': "osen",
1616 'osen': "1",
1617 'auth_server_addr': "127.0.0.1",
1618 'auth_server_port': "1812",
1619 'auth_server_shared_secret': "radius" }
1620 hostapd.add_ap(apdev[0]['ifname'], params)
1621
1622 dev[1].connect("osen", key_mgmt="NONE", scan_freq="2412",
1623 wait_connect=False)
1624 dev[2].connect("osen", key_mgmt="NONE", wep_key0='"hello"',
1625 scan_freq="2412", wait_connect=False)
1626 dev[0].connect("osen", proto="OSEN", key_mgmt="OSEN", pairwise="CCMP",
1627 group="GTK_NOT_USED",
1628 eap="WFA-UNAUTH-TLS", identity="osen@example.com",
1629 ca_cert="auth_serv/ca.pem",
1630 scan_freq="2412")
1631
1632 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
1633 wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
1634 wpas.connect("osen", proto="OSEN", key_mgmt="OSEN", pairwise="CCMP",
1635 group="GTK_NOT_USED",
1636 eap="WFA-UNAUTH-TLS", identity="osen@example.com",
1637 ca_cert="auth_serv/ca.pem",
1638 scan_freq="2412")
1639 wpas.request("DISCONNECT")
1640
1641 def test_ap_hs20_network_preference(dev, apdev):
1642 """Hotspot 2.0 network selection with preferred home network"""
1643 bssid = apdev[0]['bssid']
1644 params = hs20_ap_params()
1645 hostapd.add_ap(apdev[0]['ifname'], params)
1646
1647 dev[0].hs20_enable()
1648 values = { 'realm': "example.com",
1649 'username': "hs20-test",
1650 'password': "password",
1651 'domain': "example.com" }
1652 dev[0].add_cred_values(values)
1653
1654 id = dev[0].add_network()
1655 dev[0].set_network_quoted(id, "ssid", "home")
1656 dev[0].set_network_quoted(id, "psk", "12345678")
1657 dev[0].set_network(id, "priority", "1")
1658 dev[0].request("ENABLE_NETWORK %s no-connect" % id)
1659
1660 dev[0].request("INTERWORKING_SELECT auto freq=2412")
1661 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=15)
1662 if ev is None:
1663 raise Exception("Connection timed out")
1664 if bssid not in ev:
1665 raise Exception("Unexpected network selected")
1666
1667 bssid2 = apdev[1]['bssid']
1668 params = hostapd.wpa2_params(ssid="home", passphrase="12345678")
1669 hostapd.add_ap(apdev[1]['ifname'], params)
1670
1671 dev[0].request("INTERWORKING_SELECT auto freq=2412")
1672 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
1673 "INTERWORKING-ALREADY-CONNECTED" ], timeout=15)
1674 if ev is None:
1675 raise Exception("Connection timed out")
1676 if "INTERWORKING-ALREADY-CONNECTED" in ev:
1677 raise Exception("No roam to higher priority network")
1678 if bssid2 not in ev:
1679 raise Exception("Unexpected network selected")
1680
1681 def test_ap_hs20_network_preference2(dev, apdev):
1682 """Hotspot 2.0 network selection with preferred credential"""
1683 bssid2 = apdev[1]['bssid']
1684 params = hostapd.wpa2_params(ssid="home", passphrase="12345678")
1685 hostapd.add_ap(apdev[1]['ifname'], params)
1686
1687 dev[0].hs20_enable()
1688 values = { 'realm': "example.com",
1689 'username': "hs20-test",
1690 'password': "password",
1691 'domain': "example.com",
1692 'priority': "1" }
1693 dev[0].add_cred_values(values)
1694
1695 id = dev[0].add_network()
1696 dev[0].set_network_quoted(id, "ssid", "home")
1697 dev[0].set_network_quoted(id, "psk", "12345678")
1698 dev[0].request("ENABLE_NETWORK %s no-connect" % id)
1699
1700 dev[0].request("INTERWORKING_SELECT auto freq=2412")
1701 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=15)
1702 if ev is None:
1703 raise Exception("Connection timed out")
1704 if bssid2 not in ev:
1705 raise Exception("Unexpected network selected")
1706
1707 bssid = apdev[0]['bssid']
1708 params = hs20_ap_params()
1709 hostapd.add_ap(apdev[0]['ifname'], params)
1710
1711 dev[0].request("INTERWORKING_SELECT auto freq=2412")
1712 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
1713 "INTERWORKING-ALREADY-CONNECTED" ], timeout=15)
1714 if ev is None:
1715 raise Exception("Connection timed out")
1716 if "INTERWORKING-ALREADY-CONNECTED" in ev:
1717 raise Exception("No roam to higher priority network")
1718 if bssid not in ev:
1719 raise Exception("Unexpected network selected")
1720
1721 def test_ap_hs20_network_preference3(dev, apdev):
1722 """Hotspot 2.0 network selection with two credential (one preferred)"""
1723 bssid = apdev[0]['bssid']
1724 params = hs20_ap_params()
1725 hostapd.add_ap(apdev[0]['ifname'], params)
1726
1727 bssid2 = apdev[1]['bssid']
1728 params = hs20_ap_params(ssid="test-hs20b")
1729 params['nai_realm'] = "0,example.org,13[5:6],21[2:4][5:7]"
1730 hostapd.add_ap(apdev[1]['ifname'], params)
1731
1732 dev[0].hs20_enable()
1733 values = { 'realm': "example.com",
1734 'username': "hs20-test",
1735 'password': "password",
1736 'priority': "1" }
1737 dev[0].add_cred_values(values)
1738 values = { 'realm': "example.org",
1739 'username': "hs20-test",
1740 'password': "password" }
1741 id = dev[0].add_cred_values(values)
1742
1743 dev[0].request("INTERWORKING_SELECT auto freq=2412")
1744 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=15)
1745 if ev is None:
1746 raise Exception("Connection timed out")
1747 if bssid not in ev:
1748 raise Exception("Unexpected network selected")
1749
1750 dev[0].set_cred(id, "priority", "2")
1751 dev[0].request("INTERWORKING_SELECT auto freq=2412")
1752 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
1753 "INTERWORKING-ALREADY-CONNECTED" ], timeout=15)
1754 if ev is None:
1755 raise Exception("Connection timed out")
1756 if "INTERWORKING-ALREADY-CONNECTED" in ev:
1757 raise Exception("No roam to higher priority network")
1758 if bssid2 not in ev:
1759 raise Exception("Unexpected network selected")
1760
1761 def test_ap_hs20_network_preference4(dev, apdev):
1762 """Hotspot 2.0 network selection with username vs. SIM credential"""
1763 bssid = apdev[0]['bssid']
1764 params = hs20_ap_params()
1765 hostapd.add_ap(apdev[0]['ifname'], params)
1766
1767 bssid2 = apdev[1]['bssid']
1768 params = hs20_ap_params(ssid="test-hs20b")
1769 params['hessid'] = bssid2
1770 params['anqp_3gpp_cell_net'] = "555,444"
1771 params['domain_name'] = "wlan.mnc444.mcc555.3gppnetwork.org"
1772 hostapd.add_ap(apdev[1]['ifname'], params)
1773
1774 dev[0].hs20_enable()
1775 values = { 'realm': "example.com",
1776 'username': "hs20-test",
1777 'password': "password",
1778 'priority': "1" }
1779 dev[0].add_cred_values(values)
1780 values = { 'imsi': "555444-333222111",
1781 'eap': "SIM",
1782 'milenage': "5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123" }
1783 id = dev[0].add_cred_values(values)
1784
1785 dev[0].request("INTERWORKING_SELECT auto freq=2412")
1786 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=15)
1787 if ev is None:
1788 raise Exception("Connection timed out")
1789 if bssid not in ev:
1790 raise Exception("Unexpected network selected")
1791
1792 dev[0].set_cred(id, "priority", "2")
1793 dev[0].request("INTERWORKING_SELECT auto freq=2412")
1794 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
1795 "INTERWORKING-ALREADY-CONNECTED" ], timeout=15)
1796 if ev is None:
1797 raise Exception("Connection timed out")
1798 if "INTERWORKING-ALREADY-CONNECTED" in ev:
1799 raise Exception("No roam to higher priority network")
1800 if bssid2 not in ev:
1801 raise Exception("Unexpected network selected")
1802
1803 def test_ap_hs20_fetch_osu(dev, apdev):
1804 """Hotspot 2.0 OSU provider and icon fetch"""
1805 bssid = apdev[0]['bssid']
1806 params = hs20_ap_params()
1807 params['hs20_icon'] = "128:80:zxx:image/png:w1fi_logo:w1fi_logo.png"
1808 params['osu_ssid'] = '"HS 2.0 OSU open"'
1809 params['osu_method_list'] = "1"
1810 params['osu_friendly_name'] = [ "eng:Test OSU", "fin:Testi-OSU" ]
1811 params['osu_icon'] = "w1fi_logo"
1812 params['osu_service_desc'] = [ "eng:Example services", "fin:Esimerkkipalveluja" ]
1813 params['osu_server_uri'] = "https://example.com/osu/"
1814 hostapd.add_ap(apdev[0]['ifname'], params)
1815
1816 bssid2 = apdev[1]['bssid']
1817 params = hs20_ap_params(ssid="test-hs20b")
1818 params['hessid'] = bssid2
1819 params['hs20_icon'] = "128:80:zxx:image/png:w1fi_logo:w1fi_logo.png"
1820 params['osu_ssid'] = '"HS 2.0 OSU OSEN"'
1821 params['osu_method_list'] = "0"
1822 params['osu_nai'] = "osen@example.com"
1823 params['osu_friendly_name'] = [ "eng:Test2 OSU", "fin:Testi2-OSU" ]
1824 params['osu_icon'] = "w1fi_logo"
1825 params['osu_service_desc'] = [ "eng:Example services2", "fin:Esimerkkipalveluja2" ]
1826 params['osu_server_uri'] = "https://example.org/osu/"
1827 hostapd.add_ap(apdev[1]['ifname'], params)
1828
1829 with open("w1fi_logo.png", "r") as f:
1830 orig_logo = f.read()
1831 dev[0].hs20_enable()
1832 dir = "/tmp/osu-fetch"
1833 if os.path.isdir(dir):
1834 files = [ f for f in os.listdir(dir) if f.startswith("osu-") ]
1835 for f in files:
1836 os.remove(dir + "/" + f)
1837 else:
1838 try:
1839 os.makedirs(dir)
1840 except:
1841 pass
1842 try:
1843 dev[1].scan(freq="2412")
1844 dev[0].request("SET osu_dir " + dir)
1845 dev[0].request("FETCH_OSU")
1846 if "OK" not in dev[1].request("HS20_ICON_REQUEST " + bssid + " w1fi_logo"):
1847 raise Exception("HS20_ICON_REQUEST failed")
1848 icons = 0
1849 while True:
1850 ev = dev[0].wait_event(["OSU provider fetch completed",
1851 "RX-HS20-ANQP-ICON"], timeout=15)
1852 if ev is None:
1853 raise Exception("Timeout on OSU fetch")
1854 if "OSU provider fetch completed" in ev:
1855 break
1856 if "RX-HS20-ANQP-ICON" in ev:
1857 with open(ev.split(' ')[1], "r") as f:
1858 logo = f.read()
1859 if logo == orig_logo:
1860 icons += 1
1861
1862 with open(dir + "/osu-providers.txt", "r") as f:
1863 prov = f.read()
1864 if "OSU-PROVIDER " + bssid not in prov:
1865 raise Exception("Missing OSU_PROVIDER")
1866 if "OSU-PROVIDER " + bssid2 not in prov:
1867 raise Exception("Missing OSU_PROVIDER")
1868 finally:
1869 files = [ f for f in os.listdir(dir) if f.startswith("osu-") ]
1870 for f in files:
1871 os.remove(dir + "/" + f)
1872 os.rmdir(dir)
1873
1874 if icons != 2:
1875 raise Exception("Unexpected number of icons fetched")
1876
1877 ev = dev[1].wait_event(["GAS-QUERY-START"], timeout=5)
1878 if ev is None:
1879 raise Exception("Timeout on GAS-QUERY-DONE")
1880 ev = dev[1].wait_event(["GAS-QUERY-DONE"], timeout=5)
1881 if ev is None:
1882 raise Exception("Timeout on GAS-QUERY-DONE")
1883 if "freq=2412 status_code=0 result=SUCCESS" not in ev:
1884 raise Exception("Unexpected GAS-QUERY-DONE: " + ev)
1885 ev = dev[1].wait_event(["RX-HS20-ANQP"], timeout=15)
1886 if ev is None:
1887 raise Exception("Timeout on icon fetch")
1888 if "Icon Binary File" not in ev:
1889 raise Exception("Unexpected ANQP element")
Unnamed repository; edit this file 'description' to name the repository.