2 # Copyright (c) 2013-2015, Jouni Malinen <j@w1.fi>
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
7 from remotehost
import remote_compatible
10 from Crypto
.Cipher
import AES
18 logger
= logging
.getLogger()
25 import xml
.etree
.ElementTree
as ET
31 from wpasupplicant
import WpaSupplicant
32 from utils
import HwsimSkip
, alloc_fail
, fail_test
, skip_with_fips
33 from utils
import wait_fail_trigger
34 from test_ap_eap
import int_eap_server_params
36 def wps_start_ap(apdev
, ssid
="test-wps-conf"):
37 params
= { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
38 "wpa_passphrase": "12345678", "wpa": "2",
39 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP" }
40 return hostapd
.add_ap(apdev
, params
)
43 def test_ap_wps_init(dev
, apdev
):
44 """Initial AP configuration with first WPS Enrollee"""
46 hapd
= hostapd
.add_ap(apdev
[0],
47 { "ssid": ssid
, "eap_server": "1", "wps_state": "1" })
48 logger
.info("WPS provisioning step")
49 hapd
.request("WPS_PBC")
50 if "PBC Status: Active" not in hapd
.request("WPS_GET_STATUS"):
51 raise Exception("PBC status not shown correctly")
53 id = dev
[0].add_network()
54 dev
[0].set_network_quoted(id, "ssid", "home")
55 dev
[0].set_network_quoted(id, "psk", "12345678")
56 dev
[0].request("ENABLE_NETWORK %s no-connect" % id)
58 id = dev
[0].add_network()
59 dev
[0].set_network_quoted(id, "ssid", "home2")
60 dev
[0].set_network(id, "bssid", "00:11:22:33:44:55")
61 dev
[0].set_network(id, "key_mgmt", "NONE")
62 dev
[0].request("ENABLE_NETWORK %s no-connect" % id)
64 dev
[0].request("WPS_PBC")
65 dev
[0].wait_connected(timeout
=30)
66 status
= dev
[0].get_status()
67 if status
['wpa_state'] != 'COMPLETED' or status
['bssid'] != apdev
[0]['bssid']:
68 raise Exception("Not fully connected")
69 if status
['ssid'] != ssid
:
70 raise Exception("Unexpected SSID")
71 if status
['pairwise_cipher'] != 'CCMP':
72 raise Exception("Unexpected encryption configuration")
73 if status
['key_mgmt'] != 'WPA2-PSK':
74 raise Exception("Unexpected key_mgmt")
76 status
= hapd
.request("WPS_GET_STATUS")
77 if "PBC Status: Disabled" not in status
:
78 raise Exception("PBC status not shown correctly")
79 if "Last WPS result: Success" not in status
:
80 raise Exception("Last WPS result not shown correctly")
81 if "Peer Address: " + dev
[0].p2p_interface_addr() not in status
:
82 raise Exception("Peer address not shown correctly")
83 conf
= hapd
.request("GET_CONFIG")
84 if "wps_state=configured" not in conf
:
85 raise Exception("AP not in WPS configured state")
86 if "wpa=3" not in conf
:
87 raise Exception("AP not in WPA+WPA2 configuration")
88 if "rsn_pairwise_cipher=CCMP TKIP" not in conf
:
89 raise Exception("Unexpected rsn_pairwise_cipher")
90 if "wpa_pairwise_cipher=CCMP TKIP" not in conf
:
91 raise Exception("Unexpected wpa_pairwise_cipher")
92 if "group_cipher=TKIP" not in conf
:
93 raise Exception("Unexpected group_cipher")
95 if len(dev
[0].list_networks()) != 3:
96 raise Exception("Unexpected number of network blocks")
98 def test_ap_wps_init_2ap_pbc(dev
, apdev
):
99 """Initial two-radio AP configuration with first WPS PBC Enrollee"""
101 params
= { "ssid": ssid
, "eap_server": "1", "wps_state": "1" }
102 hapd
= hostapd
.add_ap(apdev
[0], params
)
103 hostapd
.add_ap(apdev
[1], params
)
104 logger
.info("WPS provisioning step")
105 hapd
.request("WPS_PBC")
106 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
="2412", force_scan
=True)
107 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
108 bss
= dev
[0].get_bss(apdev
[0]['bssid'])
109 if "[WPS-PBC]" not in bss
['flags']:
110 raise Exception("WPS-PBC flag missing from AP1")
111 bss
= dev
[0].get_bss(apdev
[1]['bssid'])
112 if "[WPS-PBC]" not in bss
['flags']:
113 raise Exception("WPS-PBC flag missing from AP2")
114 dev
[0].dump_monitor()
115 dev
[0].request("SET wps_cred_processing 2")
116 dev
[0].request("WPS_PBC")
117 ev
= dev
[0].wait_event(["WPS-CRED-RECEIVED"], timeout
=30)
118 dev
[0].request("SET wps_cred_processing 0")
120 raise Exception("WPS cred event not seen")
122 raise Exception("WPS attributes not included in the cred event")
123 dev
[0].wait_connected(timeout
=30)
125 dev
[1].scan_for_bss(apdev
[0]['bssid'], freq
="2412", force_scan
=True)
126 dev
[1].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
127 bss
= dev
[1].get_bss(apdev
[0]['bssid'])
128 if "[WPS-PBC]" in bss
['flags']:
129 raise Exception("WPS-PBC flag not cleared from AP1")
130 bss
= dev
[1].get_bss(apdev
[1]['bssid'])
131 if "[WPS-PBC]" in bss
['flags']:
132 raise Exception("WPS-PBC flag not cleared from AP2")
134 def test_ap_wps_init_2ap_pin(dev
, apdev
):
135 """Initial two-radio AP configuration with first WPS PIN Enrollee"""
137 params
= { "ssid": ssid
, "eap_server": "1", "wps_state": "1" }
138 hapd
= hostapd
.add_ap(apdev
[0], params
)
139 hostapd
.add_ap(apdev
[1], params
)
140 logger
.info("WPS provisioning step")
141 pin
= dev
[0].wps_read_pin()
142 hapd
.request("WPS_PIN any " + pin
)
143 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
="2412", force_scan
=True)
144 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
145 bss
= dev
[0].get_bss(apdev
[0]['bssid'])
146 if "[WPS-AUTH]" not in bss
['flags']:
147 raise Exception("WPS-AUTH flag missing from AP1")
148 bss
= dev
[0].get_bss(apdev
[1]['bssid'])
149 if "[WPS-AUTH]" not in bss
['flags']:
150 raise Exception("WPS-AUTH flag missing from AP2")
151 dev
[0].dump_monitor()
152 dev
[0].request("WPS_PIN any " + pin
)
153 dev
[0].wait_connected(timeout
=30)
155 dev
[1].scan_for_bss(apdev
[0]['bssid'], freq
="2412", force_scan
=True)
156 dev
[1].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
157 bss
= dev
[1].get_bss(apdev
[0]['bssid'])
158 if "[WPS-AUTH]" in bss
['flags']:
159 raise Exception("WPS-AUTH flag not cleared from AP1")
160 bss
= dev
[1].get_bss(apdev
[1]['bssid'])
161 if "[WPS-AUTH]" in bss
['flags']:
162 raise Exception("WPS-AUTH flag not cleared from AP2")
165 def test_ap_wps_init_through_wps_config(dev
, apdev
):
166 """Initial AP configuration using wps_config command"""
167 ssid
= "test-wps-init-config"
168 hapd
= hostapd
.add_ap(apdev
[0],
169 { "ssid": ssid
, "eap_server": "1", "wps_state": "1" })
170 if "FAIL" in hapd
.request("WPS_CONFIG " + ssid
.encode("hex") + " WPA2PSK CCMP " + "12345678".encode("hex")):
171 raise Exception("WPS_CONFIG command failed")
172 ev
= hapd
.wait_event(["WPS-NEW-AP-SETTINGS"], timeout
=5)
174 raise Exception("Timeout on WPS-NEW-AP-SETTINGS events")
175 # It takes some time for the AP to update Beacon and Probe Response frames,
176 # so wait here before requesting the scan to be started to avoid adding
177 # extra five second wait to the test due to fetching obsolete scan results.
180 dev
[0].connect(ssid
, psk
="12345678", scan_freq
="2412", proto
="WPA2",
181 pairwise
="CCMP", group
="CCMP")
184 def test_ap_wps_init_through_wps_config_2(dev
, apdev
):
185 """AP configuration using wps_config and wps_cred_processing=2"""
186 ssid
= "test-wps-init-config"
187 hapd
= hostapd
.add_ap(apdev
[0],
188 { "ssid": ssid
, "eap_server": "1", "wps_state": "1",
189 "wps_cred_processing": "2" })
190 if "FAIL" in hapd
.request("WPS_CONFIG " + ssid
.encode("hex") + " WPA2PSK CCMP " + "12345678".encode("hex")):
191 raise Exception("WPS_CONFIG command failed")
192 ev
= hapd
.wait_event(["WPS-NEW-AP-SETTINGS"], timeout
=5)
194 raise Exception("Timeout on WPS-NEW-AP-SETTINGS events")
196 raise Exception("WPS-NEW-AP-SETTINGS did not include Credential")
199 def test_ap_wps_invalid_wps_config_passphrase(dev
, apdev
):
200 """AP configuration using wps_config command with invalid passphrase"""
201 ssid
= "test-wps-init-config"
202 hapd
= hostapd
.add_ap(apdev
[0],
203 { "ssid": ssid
, "eap_server": "1", "wps_state": "1" })
204 if "FAIL" not in hapd
.request("WPS_CONFIG " + ssid
.encode("hex") + " WPA2PSK CCMP " + "1234567".encode("hex")):
205 raise Exception("Invalid WPS_CONFIG command accepted")
207 def test_ap_wps_conf(dev
, apdev
):
208 """WPS PBC provisioning with configured AP"""
209 ssid
= "test-wps-conf"
210 hapd
= hostapd
.add_ap(apdev
[0],
211 { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
212 "wpa_passphrase": "12345678", "wpa": "2",
213 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
214 logger
.info("WPS provisioning step")
215 hapd
.request("WPS_PBC")
216 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
="2412")
217 dev
[0].dump_monitor()
218 dev
[0].request("WPS_PBC " + apdev
[0]['bssid'])
219 dev
[0].wait_connected(timeout
=30)
220 status
= dev
[0].get_status()
221 if status
['wpa_state'] != 'COMPLETED':
222 raise Exception("Not fully connected")
223 if status
['bssid'] != apdev
[0]['bssid']:
224 raise Exception("Unexpected BSSID")
225 if status
['ssid'] != ssid
:
226 raise Exception("Unexpected SSID")
227 if status
['pairwise_cipher'] != 'CCMP' or status
['group_cipher'] != 'CCMP':
228 raise Exception("Unexpected encryption configuration")
229 if status
['key_mgmt'] != 'WPA2-PSK':
230 raise Exception("Unexpected key_mgmt")
232 sta
= hapd
.get_sta(dev
[0].p2p_interface_addr())
233 if 'wpsDeviceName' not in sta
or sta
['wpsDeviceName'] != "Device A":
234 raise Exception("Device name not available in STA command")
236 def test_ap_wps_conf_5ghz(dev
, apdev
):
237 """WPS PBC provisioning with configured AP on 5 GHz band"""
240 ssid
= "test-wps-conf"
241 params
= { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
242 "wpa_passphrase": "12345678", "wpa": "2",
243 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
244 "country_code": "FI", "hw_mode": "a", "channel": "36" }
245 hapd
= hostapd
.add_ap(apdev
[0], params
)
246 logger
.info("WPS provisioning step")
247 hapd
.request("WPS_PBC")
248 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
="5180")
249 dev
[0].request("WPS_PBC " + apdev
[0]['bssid'])
250 dev
[0].wait_connected(timeout
=30)
252 sta
= hapd
.get_sta(dev
[0].p2p_interface_addr())
253 if 'wpsDeviceName' not in sta
or sta
['wpsDeviceName'] != "Device A":
254 raise Exception("Device name not available in STA command")
256 dev
[0].request("DISCONNECT")
258 hapd
.request("DISABLE")
259 subprocess
.call(['iw', 'reg', 'set', '00'])
260 dev
[0].flush_scan_cache()
262 def test_ap_wps_conf_chan14(dev
, apdev
):
263 """WPS PBC provisioning with configured AP on channel 14"""
266 ssid
= "test-wps-conf"
267 params
= { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
268 "wpa_passphrase": "12345678", "wpa": "2",
269 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
270 "country_code": "JP", "hw_mode": "b", "channel": "14" }
271 hapd
= hostapd
.add_ap(apdev
[0], params
)
272 logger
.info("WPS provisioning step")
273 hapd
.request("WPS_PBC")
274 dev
[0].request("WPS_PBC")
275 dev
[0].wait_connected(timeout
=30)
277 sta
= hapd
.get_sta(dev
[0].p2p_interface_addr())
278 if 'wpsDeviceName' not in sta
or sta
['wpsDeviceName'] != "Device A":
279 raise Exception("Device name not available in STA command")
281 dev
[0].request("DISCONNECT")
283 hapd
.request("DISABLE")
284 subprocess
.call(['iw', 'reg', 'set', '00'])
285 dev
[0].flush_scan_cache()
288 def test_ap_wps_twice(dev
, apdev
):
289 """WPS provisioning with twice to change passphrase"""
290 ssid
= "test-wps-twice"
291 params
= { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
292 "wpa_passphrase": "12345678", "wpa": "2",
293 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP" }
294 hapd
= hostapd
.add_ap(apdev
[0], params
)
295 logger
.info("WPS provisioning step")
296 hapd
.request("WPS_PBC")
297 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
="2412")
298 dev
[0].dump_monitor()
299 dev
[0].request("WPS_PBC " + apdev
[0]['bssid'])
300 dev
[0].wait_connected(timeout
=30)
301 dev
[0].request("DISCONNECT")
303 logger
.info("Restart AP with different passphrase and re-run WPS")
304 hostapd
.remove_bss(apdev
[0])
305 params
['wpa_passphrase'] = 'another passphrase'
306 hapd
= hostapd
.add_ap(apdev
[0], params
)
307 logger
.info("WPS provisioning step")
308 hapd
.request("WPS_PBC")
309 dev
[0].dump_monitor()
310 dev
[0].request("WPS_PBC " + apdev
[0]['bssid'])
311 dev
[0].wait_connected(timeout
=30)
312 networks
= dev
[0].list_networks()
313 if len(networks
) > 1:
314 raise Exception("Unexpected duplicated network block present")
317 def test_ap_wps_incorrect_pin(dev
, apdev
):
318 """WPS PIN provisioning with incorrect PIN"""
319 ssid
= "test-wps-incorrect-pin"
320 hapd
= hostapd
.add_ap(apdev
[0],
321 { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
322 "wpa_passphrase": "12345678", "wpa": "2",
323 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
325 logger
.info("WPS provisioning attempt 1")
326 hapd
.request("WPS_PIN any 12345670")
327 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
="2412")
328 dev
[0].dump_monitor()
329 dev
[0].request("WPS_PIN %s 55554444" % apdev
[0]['bssid'])
330 ev
= dev
[0].wait_event(["WPS-FAIL"], timeout
=30)
332 raise Exception("WPS operation timed out")
333 if "config_error=18" not in ev
:
334 raise Exception("Incorrect config_error reported")
335 if "msg=8" not in ev
:
336 raise Exception("PIN error detected on incorrect message")
337 dev
[0].wait_disconnected(timeout
=10)
338 dev
[0].request("WPS_CANCEL")
339 # if a scan was in progress, wait for it to complete before trying WPS again
340 ev
= dev
[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
342 status
= hapd
.request("WPS_GET_STATUS")
343 if "Last WPS result: Failed" not in status
:
344 raise Exception("WPS failure result not shown correctly")
346 logger
.info("WPS provisioning attempt 2")
347 hapd
.request("WPS_PIN any 12345670")
348 dev
[0].dump_monitor()
349 dev
[0].request("WPS_PIN %s 12344444" % apdev
[0]['bssid'])
350 ev
= dev
[0].wait_event(["WPS-FAIL"], timeout
=30)
352 raise Exception("WPS operation timed out")
353 if "config_error=18" not in ev
:
354 raise Exception("Incorrect config_error reported")
355 if "msg=10" not in ev
:
356 raise Exception("PIN error detected on incorrect message")
357 dev
[0].wait_disconnected(timeout
=10)
360 def test_ap_wps_conf_pin(dev
, apdev
):
361 """WPS PIN provisioning with configured AP"""
362 ssid
= "test-wps-conf-pin"
363 hapd
= hostapd
.add_ap(apdev
[0],
364 { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
365 "wpa_passphrase": "12345678", "wpa": "2",
366 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
367 logger
.info("WPS provisioning step")
368 pin
= dev
[0].wps_read_pin()
369 hapd
.request("WPS_PIN any " + pin
)
370 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
="2412")
371 dev
[0].dump_monitor()
372 dev
[0].request("WPS_PIN %s %s" % (apdev
[0]['bssid'], pin
))
373 dev
[0].wait_connected(timeout
=30)
374 status
= dev
[0].get_status()
375 if status
['wpa_state'] != 'COMPLETED' or status
['bssid'] != apdev
[0]['bssid']:
376 raise Exception("Not fully connected")
377 if status
['ssid'] != ssid
:
378 raise Exception("Unexpected SSID")
379 if status
['pairwise_cipher'] != 'CCMP' or status
['group_cipher'] != 'CCMP':
380 raise Exception("Unexpected encryption configuration")
381 if status
['key_mgmt'] != 'WPA2-PSK':
382 raise Exception("Unexpected key_mgmt")
384 dev
[1].scan_for_bss(apdev
[0]['bssid'], freq
="2412", force_scan
=True)
385 bss
= dev
[1].get_bss(apdev
[0]['bssid'])
386 if "[WPS-AUTH]" in bss
['flags']:
387 raise Exception("WPS-AUTH flag not cleared")
388 logger
.info("Try to connect from another station using the same PIN")
389 pin
= dev
[1].request("WPS_PIN " + apdev
[0]['bssid'])
390 ev
= dev
[1].wait_event(["WPS-M2D","CTRL-EVENT-CONNECTED"], timeout
=30)
392 raise Exception("Operation timed out")
393 if "WPS-M2D" not in ev
:
394 raise Exception("Unexpected WPS operation started")
395 hapd
.request("WPS_PIN any " + pin
)
396 dev
[1].wait_connected(timeout
=30)
398 def test_ap_wps_conf_pin_mixed_mode(dev
, apdev
):
399 """WPS PIN provisioning with configured AP (WPA+WPA2)"""
400 ssid
= "test-wps-conf-pin-mixed"
401 hapd
= hostapd
.add_ap(apdev
[0],
402 { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
403 "wpa_passphrase": "12345678", "wpa": "3",
404 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
405 "wpa_pairwise": "TKIP" })
407 logger
.info("WPS provisioning step")
408 pin
= dev
[0].wps_read_pin()
409 hapd
.request("WPS_PIN any " + pin
)
410 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
="2412")
411 dev
[0].dump_monitor()
412 dev
[0].request("WPS_PIN %s %s" % (apdev
[0]['bssid'], pin
))
413 dev
[0].wait_connected(timeout
=30)
414 status
= dev
[0].get_status()
415 dev
[0].request("REMOVE_NETWORK all")
416 dev
[0].wait_disconnected()
417 if status
['pairwise_cipher'] != 'CCMP' or status
['group_cipher'] != 'TKIP' or status
['key_mgmt'] != 'WPA2-PSK':
418 raise Exception("Unexpected encryption/key_mgmt configuration: pairwise=%s group=%s key_mgmt=%s" % (status
['pairwise_cipher'], status
['group_cipher'], status
['key_mgmt']))
420 logger
.info("WPS provisioning step (auth_types=0x1b)")
421 if "OK" not in dev
[0].request("SET wps_force_auth_types 0x1b"):
422 raise Exception("Failed to set wps_force_auth_types 0x1b")
423 pin
= dev
[0].wps_read_pin()
424 hapd
.request("WPS_PIN any " + pin
)
425 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
="2412")
426 dev
[0].dump_monitor()
427 dev
[0].request("WPS_PIN %s %s" % (apdev
[0]['bssid'], pin
))
428 dev
[0].wait_connected(timeout
=30)
429 status
= dev
[0].get_status()
430 dev
[0].request("REMOVE_NETWORK all")
431 dev
[0].wait_disconnected()
432 if status
['pairwise_cipher'] != 'CCMP' or status
['group_cipher'] != 'TKIP' or status
['key_mgmt'] != 'WPA2-PSK':
433 raise Exception("Unexpected encryption/key_mgmt configuration: pairwise=%s group=%s key_mgmt=%s" % (status
['pairwise_cipher'], status
['group_cipher'], status
['key_mgmt']))
435 logger
.info("WPS provisioning step (auth_types=0 encr_types=0)")
436 if "OK" not in dev
[0].request("SET wps_force_auth_types 0"):
437 raise Exception("Failed to set wps_force_auth_types 0")
438 if "OK" not in dev
[0].request("SET wps_force_encr_types 0"):
439 raise Exception("Failed to set wps_force_encr_types 0")
440 pin
= dev
[0].wps_read_pin()
441 hapd
.request("WPS_PIN any " + pin
)
442 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
="2412")
443 dev
[0].dump_monitor()
444 dev
[0].request("WPS_PIN %s %s" % (apdev
[0]['bssid'], pin
))
445 dev
[0].wait_connected(timeout
=30)
446 status
= dev
[0].get_status()
447 dev
[0].request("REMOVE_NETWORK all")
448 dev
[0].wait_disconnected()
449 if status
['pairwise_cipher'] != 'CCMP' or status
['group_cipher'] != 'TKIP' or status
['key_mgmt'] != 'WPA2-PSK':
450 raise Exception("Unexpected encryption/key_mgmt configuration: pairwise=%s group=%s key_mgmt=%s" % (status
['pairwise_cipher'], status
['group_cipher'], status
['key_mgmt']))
452 dev
[0].request("SET wps_force_auth_types ")
453 dev
[0].request("SET wps_force_encr_types ")
456 def test_ap_wps_conf_pin_v1(dev
, apdev
):
457 """WPS PIN provisioning with configured WPS v1.0 AP"""
458 ssid
= "test-wps-conf-pin-v1"
459 hapd
= hostapd
.add_ap(apdev
[0],
460 { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
461 "wpa_passphrase": "12345678", "wpa": "2",
462 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
463 logger
.info("WPS provisioning step")
464 pin
= dev
[0].wps_read_pin()
465 hapd
.request("SET wps_version_number 0x10")
466 hapd
.request("WPS_PIN any " + pin
)
468 for i
in range(0, 10):
469 dev
[0].scan(freq
="2412")
470 if "[WPS-PIN]" in dev
[0].request("SCAN_RESULTS"):
474 hapd
.request("SET wps_version_number 0x20")
475 raise Exception("WPS-PIN flag not seen in scan results")
476 dev
[0].dump_monitor()
477 dev
[0].request("WPS_PIN %s %s" % (apdev
[0]['bssid'], pin
))
478 dev
[0].wait_connected(timeout
=30)
479 hapd
.request("SET wps_version_number 0x20")
482 def test_ap_wps_conf_pin_2sta(dev
, apdev
):
483 """Two stations trying to use WPS PIN at the same time"""
484 ssid
= "test-wps-conf-pin2"
485 hapd
= hostapd
.add_ap(apdev
[0],
486 { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
487 "wpa_passphrase": "12345678", "wpa": "2",
488 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
489 logger
.info("WPS provisioning step")
492 hapd
.request("WPS_PIN " + dev
[0].get_status_field("uuid") + " " + pin
)
493 hapd
.request("WPS_PIN " + dev
[1].get_status_field("uuid") + " " + pin
)
494 dev
[0].dump_monitor()
495 dev
[1].dump_monitor()
496 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
="2412")
497 dev
[1].scan_for_bss(apdev
[0]['bssid'], freq
="2412")
498 dev
[0].request("WPS_PIN %s %s" % (apdev
[0]['bssid'], pin
))
499 dev
[1].request("WPS_PIN %s %s" % (apdev
[0]['bssid'], pin
))
500 dev
[0].wait_connected(timeout
=30)
501 dev
[1].wait_connected(timeout
=30)
504 def test_ap_wps_conf_pin_timeout(dev
, apdev
):
505 """WPS PIN provisioning with configured AP timing out PIN"""
506 ssid
= "test-wps-conf-pin"
507 hapd
= hostapd
.add_ap(apdev
[0],
508 { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
509 "wpa_passphrase": "12345678", "wpa": "2",
510 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
511 addr
= dev
[0].p2p_interface_addr()
512 pin
= dev
[0].wps_read_pin()
513 if "FAIL" not in hapd
.request("WPS_PIN "):
514 raise Exception("Unexpected success on invalid WPS_PIN")
515 hapd
.request("WPS_PIN any " + pin
+ " 1")
516 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
="2412")
518 dev
[0].request("WPS_PIN %s %s" % (apdev
[0]['bssid'], pin
))
519 ev
= hapd
.wait_event(["WPS-PIN-NEEDED"], timeout
=20)
521 raise Exception("WPS-PIN-NEEDED event timed out")
522 ev
= dev
[0].wait_event(["WPS-M2D"])
524 raise Exception("M2D not reported")
525 dev
[0].request("WPS_CANCEL")
527 hapd
.request("WPS_PIN any " + pin
+ " 20 " + addr
)
528 dev
[0].request("WPS_PIN %s %s" % (apdev
[0]['bssid'], pin
))
529 dev
[0].wait_connected(timeout
=30)
531 def test_ap_wps_reg_connect(dev
, apdev
):
532 """WPS registrar using AP PIN to connect"""
533 ssid
= "test-wps-reg-ap-pin"
535 hostapd
.add_ap(apdev
[0],
536 { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
537 "wpa_passphrase": "12345678", "wpa": "2",
538 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
540 logger
.info("WPS provisioning step")
541 dev
[0].dump_monitor()
542 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
=2412)
543 dev
[0].wps_reg(apdev
[0]['bssid'], appin
)
544 status
= dev
[0].get_status()
545 if status
['wpa_state'] != 'COMPLETED' or status
['bssid'] != apdev
[0]['bssid']:
546 raise Exception("Not fully connected")
547 if status
['ssid'] != ssid
:
548 raise Exception("Unexpected SSID")
549 if status
['pairwise_cipher'] != 'CCMP' or status
['group_cipher'] != 'CCMP':
550 raise Exception("Unexpected encryption configuration")
551 if status
['key_mgmt'] != 'WPA2-PSK':
552 raise Exception("Unexpected key_mgmt")
554 def test_ap_wps_reg_connect_mixed_mode(dev
, apdev
):
555 """WPS registrar using AP PIN to connect (WPA+WPA2)"""
556 ssid
= "test-wps-reg-ap-pin"
558 hostapd
.add_ap(apdev
[0],
559 { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
560 "wpa_passphrase": "12345678", "wpa": "3",
561 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
562 "wpa_pairwise": "TKIP", "ap_pin": appin
})
563 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
=2412)
564 dev
[0].wps_reg(apdev
[0]['bssid'], appin
)
565 status
= dev
[0].get_status()
566 if status
['wpa_state'] != 'COMPLETED' or status
['bssid'] != apdev
[0]['bssid']:
567 raise Exception("Not fully connected")
568 if status
['ssid'] != ssid
:
569 raise Exception("Unexpected SSID")
570 if status
['pairwise_cipher'] != 'CCMP' or status
['group_cipher'] != 'TKIP':
571 raise Exception("Unexpected encryption configuration")
572 if status
['key_mgmt'] != 'WPA2-PSK':
573 raise Exception("Unexpected key_mgmt")
575 def test_ap_wps_reg_override_ap_settings(dev
, apdev
):
576 """WPS registrar and ap_settings override"""
577 ap_settings
= "/tmp/ap_wps_reg_override_ap_settings"
579 os
.remove(ap_settings
)
582 # Override AP Settings with values that point to another AP
583 data
= build_wsc_attr(ATTR_NETWORK_INDEX
, '\x01')
584 data
+= build_wsc_attr(ATTR_SSID
, "test")
585 data
+= build_wsc_attr(ATTR_AUTH_TYPE
, '\x00\x01')
586 data
+= build_wsc_attr(ATTR_ENCR_TYPE
, '\x00\x01')
587 data
+= build_wsc_attr(ATTR_NETWORK_KEY
, '')
588 data
+= build_wsc_attr(ATTR_MAC_ADDR
, binascii
.unhexlify(apdev
[1]['bssid'].replace(':', '')))
589 with
open(ap_settings
, "w") as f
:
591 ssid
= "test-wps-reg-ap-pin"
593 hostapd
.add_ap(apdev
[0],
594 { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
595 "wpa_passphrase": "12345678", "wpa": "2",
596 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
597 "ap_pin": appin
, "ap_settings": ap_settings
})
598 hapd2
= hostapd
.add_ap(apdev
[1], { "ssid": "test" })
599 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
=2412)
600 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
=2412)
601 dev
[0].wps_reg(apdev
[0]['bssid'], appin
)
602 ev
= hapd2
.wait_event(['AP-STA-CONNECTED'], timeout
=10)
603 os
.remove(ap_settings
)
605 raise Exception("No connection with the other AP")
607 def check_wps_reg_failure(dev
, ap
, appin
):
608 dev
.request("WPS_REG " + ap
['bssid'] + " " + appin
)
609 ev
= dev
.wait_event(["WPS-SUCCESS", "WPS-FAIL"], timeout
=15)
611 raise Exception("WPS operation timed out")
612 if "WPS-SUCCESS" in ev
:
613 raise Exception("WPS operation succeeded unexpectedly")
614 if "config_error=15" not in ev
:
615 raise Exception("WPS setup locked state was not reported correctly")
617 def test_ap_wps_random_ap_pin(dev
, apdev
):
618 """WPS registrar using random AP PIN"""
619 ssid
= "test-wps-reg-random-ap-pin"
620 ap_uuid
= "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
621 params
= { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
622 "wpa_passphrase": "12345678", "wpa": "2",
623 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
624 "device_name": "Wireless AP", "manufacturer": "Company",
625 "model_name": "WAP", "model_number": "123",
626 "serial_number": "12345", "device_type": "6-0050F204-1",
627 "os_version": "01020300",
628 "config_methods": "label push_button",
629 "uuid": ap_uuid
, "upnp_iface": "lo" }
630 hapd
= hostapd
.add_ap(apdev
[0], params
)
631 appin
= hapd
.request("WPS_AP_PIN random")
633 raise Exception("Could not generate random AP PIN")
634 if appin
not in hapd
.request("WPS_AP_PIN get"):
635 raise Exception("Could not fetch current AP PIN")
636 logger
.info("WPS provisioning step")
637 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
=2412)
638 dev
[0].wps_reg(apdev
[0]['bssid'], appin
)
640 hapd
.request("WPS_AP_PIN disable")
641 logger
.info("WPS provisioning step with AP PIN disabled")
642 dev
[1].scan_for_bss(apdev
[0]['bssid'], freq
=2412)
643 check_wps_reg_failure(dev
[1], apdev
[0], appin
)
645 logger
.info("WPS provisioning step with AP PIN reset")
647 hapd
.request("WPS_AP_PIN set " + appin
)
648 dev
[1].wps_reg(apdev
[0]['bssid'], appin
)
649 dev
[0].request("REMOVE_NETWORK all")
650 dev
[1].request("REMOVE_NETWORK all")
651 dev
[0].wait_disconnected(timeout
=10)
652 dev
[1].wait_disconnected(timeout
=10)
654 logger
.info("WPS provisioning step after AP PIN timeout")
655 hapd
.request("WPS_AP_PIN disable")
656 appin
= hapd
.request("WPS_AP_PIN random 1")
658 if "FAIL" not in hapd
.request("WPS_AP_PIN get"):
659 raise Exception("AP PIN unexpectedly still enabled")
660 check_wps_reg_failure(dev
[0], apdev
[0], appin
)
662 logger
.info("WPS provisioning step after AP PIN timeout(2)")
663 hapd
.request("WPS_AP_PIN disable")
665 hapd
.request("WPS_AP_PIN set " + appin
+ " 1")
667 if "FAIL" not in hapd
.request("WPS_AP_PIN get"):
668 raise Exception("AP PIN unexpectedly still enabled")
669 check_wps_reg_failure(dev
[1], apdev
[0], appin
)
671 with
fail_test(hapd
, 1, "os_get_random;wps_generate_pin"):
672 hapd
.request("WPS_AP_PIN random 1")
673 hapd
.request("WPS_AP_PIN disable")
675 with
alloc_fail(hapd
, 1, "upnp_wps_set_ap_pin"):
676 hapd
.request("WPS_AP_PIN set 12345670")
677 hapd
.request("WPS_AP_PIN disable")
679 def test_ap_wps_reg_config(dev
, apdev
):
680 """WPS registrar configuring an AP using AP PIN"""
681 ssid
= "test-wps-init-ap-pin"
683 hostapd
.add_ap(apdev
[0],
684 { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
686 logger
.info("WPS configuration step")
687 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
=2412)
688 dev
[0].dump_monitor()
689 new_ssid
= "wps-new-ssid"
690 new_passphrase
= "1234567890"
691 dev
[0].wps_reg(apdev
[0]['bssid'], appin
, new_ssid
, "WPA2PSK", "CCMP",
693 status
= dev
[0].get_status()
694 if status
['wpa_state'] != 'COMPLETED' or status
['bssid'] != apdev
[0]['bssid']:
695 raise Exception("Not fully connected")
696 if status
['ssid'] != new_ssid
:
697 raise Exception("Unexpected SSID")
698 if status
['pairwise_cipher'] != 'CCMP' or status
['group_cipher'] != 'CCMP':
699 raise Exception("Unexpected encryption configuration")
700 if status
['key_mgmt'] != 'WPA2-PSK':
701 raise Exception("Unexpected key_mgmt")
703 logger
.info("Re-configure back to open")
704 dev
[0].request("REMOVE_NETWORK all")
705 dev
[0].flush_scan_cache()
706 dev
[0].dump_monitor()
707 dev
[0].wps_reg(apdev
[0]['bssid'], appin
, "wps-open", "OPEN", "NONE", "")
708 status
= dev
[0].get_status()
709 if status
['wpa_state'] != 'COMPLETED' or status
['bssid'] != apdev
[0]['bssid']:
710 raise Exception("Not fully connected")
711 if status
['ssid'] != "wps-open":
712 raise Exception("Unexpected SSID")
713 if status
['key_mgmt'] != 'NONE':
714 raise Exception("Unexpected key_mgmt")
716 def test_ap_wps_reg_config_ext_processing(dev
, apdev
):
717 """WPS registrar configuring an AP with external config processing"""
718 ssid
= "test-wps-init-ap-pin"
720 params
= { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
721 "wps_cred_processing": "1", "ap_pin": appin
}
722 hapd
= hostapd
.add_ap(apdev
[0], params
)
723 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
=2412)
724 new_ssid
= "wps-new-ssid"
725 new_passphrase
= "1234567890"
726 dev
[0].wps_reg(apdev
[0]['bssid'], appin
, new_ssid
, "WPA2PSK", "CCMP",
727 new_passphrase
, no_wait
=True)
728 ev
= dev
[0].wait_event(["WPS-SUCCESS"], timeout
=15)
730 raise Exception("WPS registrar operation timed out")
731 ev
= hapd
.wait_event(["WPS-NEW-AP-SETTINGS"], timeout
=15)
733 raise Exception("WPS configuration timed out")
735 raise Exception("AP Settings missing from event")
736 hapd
.request("SET wps_cred_processing 0")
737 if "FAIL" in hapd
.request("WPS_CONFIG " + new_ssid
.encode("hex") + " WPA2PSK CCMP " + new_passphrase
.encode("hex")):
738 raise Exception("WPS_CONFIG command failed")
739 dev
[0].wait_connected(timeout
=15)
741 def test_ap_wps_reg_config_tkip(dev
, apdev
):
742 """WPS registrar configuring AP to use TKIP and AP upgrading to TKIP+CCMP"""
743 skip_with_fips(dev
[0])
744 ssid
= "test-wps-init-ap"
746 hostapd
.add_ap(apdev
[0],
747 { "ssid": ssid
, "eap_server": "1", "wps_state": "1",
749 logger
.info("WPS configuration step")
750 dev
[0].request("SET wps_version_number 0x10")
751 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
=2412)
752 dev
[0].dump_monitor()
753 new_ssid
= "wps-new-ssid-with-tkip"
754 new_passphrase
= "1234567890"
755 dev
[0].wps_reg(apdev
[0]['bssid'], appin
, new_ssid
, "WPAPSK", "TKIP",
757 logger
.info("Re-connect to verify WPA2 mixed mode")
758 dev
[0].request("DISCONNECT")
760 dev
[0].set_network(id, "pairwise", "CCMP")
761 dev
[0].set_network(id, "proto", "RSN")
762 dev
[0].connect_network(id)
763 status
= dev
[0].get_status()
764 if status
['wpa_state'] != 'COMPLETED' or status
['bssid'] != apdev
[0]['bssid']:
765 raise Exception("Not fully connected: wpa_state={} bssid={}".format(status
['wpa_state'], status
['bssid']))
766 if status
['ssid'] != new_ssid
:
767 raise Exception("Unexpected SSID")
768 if status
['pairwise_cipher'] != 'CCMP' or status
['group_cipher'] != 'TKIP':
769 raise Exception("Unexpected encryption configuration")
770 if status
['key_mgmt'] != 'WPA2-PSK':
771 raise Exception("Unexpected key_mgmt")
773 def test_ap_wps_setup_locked(dev
, apdev
):
774 """WPS registrar locking up AP setup on AP PIN failures"""
775 ssid
= "test-wps-incorrect-ap-pin"
777 hapd
= hostapd
.add_ap(apdev
[0],
778 { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
779 "wpa_passphrase": "12345678", "wpa": "2",
780 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
782 new_ssid
= "wps-new-ssid-test"
783 new_passphrase
= "1234567890"
785 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
=2412)
786 ap_setup_locked
=False
787 for pin
in ["55554444", "1234", "12345678", "00000000", "11111111"]:
788 dev
[0].dump_monitor()
789 logger
.info("Try incorrect AP PIN - attempt " + pin
)
790 dev
[0].wps_reg(apdev
[0]['bssid'], pin
, new_ssid
, "WPA2PSK",
791 "CCMP", new_passphrase
, no_wait
=True)
792 ev
= dev
[0].wait_event(["WPS-FAIL", "CTRL-EVENT-CONNECTED"])
794 raise Exception("Timeout on receiving WPS operation failure event")
795 if "CTRL-EVENT-CONNECTED" in ev
:
796 raise Exception("Unexpected connection")
797 if "config_error=15" in ev
:
798 logger
.info("AP Setup Locked")
800 elif "config_error=18" not in ev
:
801 raise Exception("config_error=18 not reported")
802 dev
[0].wait_disconnected(timeout
=10)
804 if not ap_setup_locked
:
805 raise Exception("AP setup was not locked")
806 dev
[0].request("WPS_CANCEL")
807 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
=2412, force_scan
=True,
809 bss
= dev
[0].get_bss(apdev
[0]['bssid'])
810 if 'wps_ap_setup_locked' not in bss
or bss
['wps_ap_setup_locked'] != '1':
811 logger
.info("BSS: " + str(bss
))
812 raise Exception("AP Setup Locked not indicated in scan results")
814 status
= hapd
.request("WPS_GET_STATUS")
815 if "Last WPS result: Failed" not in status
:
816 raise Exception("WPS failure result not shown correctly")
817 if "Peer Address: " + dev
[0].p2p_interface_addr() not in status
:
818 raise Exception("Peer address not shown correctly")
821 dev
[0].dump_monitor()
822 logger
.info("WPS provisioning step")
823 pin
= dev
[0].wps_read_pin()
824 hapd
.request("WPS_PIN any " + pin
)
825 dev
[0].request("WPS_PIN %s %s" % (apdev
[0]['bssid'], pin
))
826 ev
= dev
[0].wait_event(["WPS-SUCCESS"], timeout
=30)
828 raise Exception("WPS success was not reported")
829 dev
[0].wait_connected(timeout
=30)
831 appin
= hapd
.request("WPS_AP_PIN random")
833 raise Exception("Could not generate random AP PIN")
834 ev
= hapd
.wait_event(["WPS-AP-SETUP-UNLOCKED"], timeout
=10)
836 raise Exception("Failed to unlock AP PIN")
838 def test_ap_wps_setup_locked_timeout(dev
, apdev
):
839 """WPS re-enabling AP PIN after timeout"""
840 ssid
= "test-wps-incorrect-ap-pin"
842 hapd
= hostapd
.add_ap(apdev
[0],
843 { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
844 "wpa_passphrase": "12345678", "wpa": "2",
845 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
847 new_ssid
= "wps-new-ssid-test"
848 new_passphrase
= "1234567890"
850 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
=2412)
851 ap_setup_locked
=False
852 for pin
in ["55554444", "1234", "12345678", "00000000", "11111111"]:
853 dev
[0].dump_monitor()
854 logger
.info("Try incorrect AP PIN - attempt " + pin
)
855 dev
[0].wps_reg(apdev
[0]['bssid'], pin
, new_ssid
, "WPA2PSK",
856 "CCMP", new_passphrase
, no_wait
=True)
857 ev
= dev
[0].wait_event(["WPS-FAIL", "CTRL-EVENT-CONNECTED"], timeout
=15)
859 raise Exception("Timeout on receiving WPS operation failure event")
860 if "CTRL-EVENT-CONNECTED" in ev
:
861 raise Exception("Unexpected connection")
862 if "config_error=15" in ev
:
863 logger
.info("AP Setup Locked")
866 elif "config_error=18" not in ev
:
867 raise Exception("config_error=18 not reported")
868 dev
[0].wait_disconnected(timeout
=10)
870 if not ap_setup_locked
:
871 raise Exception("AP setup was not locked")
872 ev
= hapd
.wait_event(["WPS-AP-SETUP-UNLOCKED"], timeout
=80)
874 raise Exception("AP PIN did not get unlocked on 60 second timeout")
876 def test_ap_wps_setup_locked_2(dev
, apdev
):
877 """WPS AP configured for special ap_setup_locked=2 mode"""
878 ssid
= "test-wps-ap-pin"
880 params
= { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
881 "wpa_passphrase": "12345678", "wpa": "2",
882 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
883 "ap_pin": appin
, "ap_setup_locked": "2" }
884 hapd
= hostapd
.add_ap(apdev
[0], params
)
885 new_ssid
= "wps-new-ssid-test"
886 new_passphrase
= "1234567890"
888 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
=2412)
889 dev
[0].wps_reg(apdev
[0]['bssid'], appin
)
890 dev
[0].request("REMOVE_NETWORK all")
891 dev
[0].wait_disconnected()
894 dev
[0].dump_monitor()
895 dev
[0].wps_reg(apdev
[0]['bssid'], appin
, new_ssid
, "WPA2PSK",
896 "CCMP", new_passphrase
, no_wait
=True)
898 ev
= hapd
.wait_event(["WPS-FAIL"], timeout
=5)
900 raise Exception("hostapd did not report WPS failure")
901 if "msg=12 config_error=15" not in ev
:
902 raise Exception("Unexpected failure reason (AP): " + ev
)
904 ev
= dev
[0].wait_event(["WPS-FAIL", "CTRL-EVENT-CONNECTED"])
906 raise Exception("Timeout on receiving WPS operation failure event")
907 if "CTRL-EVENT-CONNECTED" in ev
:
908 raise Exception("Unexpected connection")
909 if "config_error=15" not in ev
:
910 raise Exception("Unexpected failure reason (STA): " + ev
)
911 dev
[0].request("WPS_CANCEL")
912 dev
[0].wait_disconnected()
915 def test_ap_wps_pbc_overlap_2ap(dev
, apdev
):
916 """WPS PBC session overlap with two active APs"""
917 params
= { "ssid": "wps1", "eap_server": "1", "wps_state": "2",
918 "wpa_passphrase": "12345678", "wpa": "2",
919 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
920 "wps_independent": "1"}
921 hapd
= hostapd
.add_ap(apdev
[0], params
)
922 params
= { "ssid": "wps2", "eap_server": "1", "wps_state": "2",
923 "wpa_passphrase": "123456789", "wpa": "2",
924 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
925 "wps_independent": "1"}
926 hapd2
= hostapd
.add_ap(apdev
[1], params
)
927 hapd
.request("WPS_PBC")
928 hapd2
.request("WPS_PBC")
929 logger
.info("WPS provisioning step")
930 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
="2412", force_scan
=True)
931 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
932 dev
[0].request("WPS_PBC")
933 ev
= dev
[0].wait_event(["WPS-OVERLAP-DETECTED"], timeout
=15)
935 raise Exception("PBC session overlap not detected")
936 hapd
.request("DISABLE")
937 hapd2
.request("DISABLE")
938 dev
[0].flush_scan_cache()
941 def test_ap_wps_pbc_overlap_2sta(dev
, apdev
):
942 """WPS PBC session overlap with two active STAs"""
943 ssid
= "test-wps-pbc-overlap"
944 hapd
= hostapd
.add_ap(apdev
[0],
945 { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
946 "wpa_passphrase": "12345678", "wpa": "2",
947 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
948 logger
.info("WPS provisioning step")
949 hapd
.request("WPS_PBC")
950 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
="2412")
951 dev
[0].dump_monitor()
952 dev
[1].scan_for_bss(apdev
[0]['bssid'], freq
="2412")
953 dev
[1].dump_monitor()
954 dev
[0].request("WPS_PBC " + apdev
[0]['bssid'])
955 dev
[1].request("WPS_PBC " + apdev
[0]['bssid'])
956 ev
= dev
[0].wait_event(["WPS-M2D"], timeout
=15)
958 raise Exception("PBC session overlap not detected (dev0)")
959 if "config_error=12" not in ev
:
960 raise Exception("PBC session overlap not correctly reported (dev0)")
961 dev
[0].request("WPS_CANCEL")
962 dev
[0].request("DISCONNECT")
963 ev
= dev
[1].wait_event(["WPS-M2D"], timeout
=15)
965 raise Exception("PBC session overlap not detected (dev1)")
966 if "config_error=12" not in ev
:
967 raise Exception("PBC session overlap not correctly reported (dev1)")
968 dev
[1].request("WPS_CANCEL")
969 dev
[1].request("DISCONNECT")
970 hapd
.request("WPS_CANCEL")
971 ret
= hapd
.request("WPS_PBC")
972 if "FAIL" not in ret
:
973 raise Exception("PBC mode allowed to be started while PBC overlap still active")
974 hapd
.request("DISABLE")
975 dev
[0].flush_scan_cache()
976 dev
[1].flush_scan_cache()
979 def test_ap_wps_cancel(dev
, apdev
):
980 """WPS AP cancelling enabled config method"""
981 ssid
= "test-wps-ap-cancel"
982 hapd
= hostapd
.add_ap(apdev
[0],
983 { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
984 "wpa_passphrase": "12345678", "wpa": "2",
985 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP" })
986 bssid
= apdev
[0]['bssid']
988 logger
.info("Verify PBC enable/cancel")
989 hapd
.request("WPS_PBC")
990 dev
[0].scan(freq
="2412")
991 dev
[0].scan(freq
="2412")
992 bss
= dev
[0].get_bss(apdev
[0]['bssid'])
993 if "[WPS-PBC]" not in bss
['flags']:
994 raise Exception("WPS-PBC flag missing")
995 if "FAIL" in hapd
.request("WPS_CANCEL"):
996 raise Exception("WPS_CANCEL failed")
997 dev
[0].scan(freq
="2412")
998 dev
[0].scan(freq
="2412")
999 bss
= dev
[0].get_bss(apdev
[0]['bssid'])
1000 if "[WPS-PBC]" in bss
['flags']:
1001 raise Exception("WPS-PBC flag not cleared")
1003 logger
.info("Verify PIN enable/cancel")
1004 hapd
.request("WPS_PIN any 12345670")
1005 dev
[0].scan(freq
="2412")
1006 dev
[0].scan(freq
="2412")
1007 bss
= dev
[0].get_bss(apdev
[0]['bssid'])
1008 if "[WPS-AUTH]" not in bss
['flags']:
1009 raise Exception("WPS-AUTH flag missing")
1010 if "FAIL" in hapd
.request("WPS_CANCEL"):
1011 raise Exception("WPS_CANCEL failed")
1012 dev
[0].scan(freq
="2412")
1013 dev
[0].scan(freq
="2412")
1014 bss
= dev
[0].get_bss(apdev
[0]['bssid'])
1015 if "[WPS-AUTH]" in bss
['flags']:
1016 raise Exception("WPS-AUTH flag not cleared")
1018 def test_ap_wps_er_add_enrollee(dev
, apdev
):
1019 """WPS ER configuring AP and adding a new enrollee using PIN"""
1021 _test_ap_wps_er_add_enrollee(dev
, apdev
)
1023 dev
[0].request("WPS_ER_STOP")
1025 def _test_ap_wps_er_add_enrollee(dev
, apdev
):
1026 ssid
= "wps-er-add-enrollee"
1028 ap_uuid
= "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
1029 hostapd
.add_ap(apdev
[0],
1030 { "ssid": ssid
, "eap_server": "1", "wps_state": "1",
1031 "device_name": "Wireless AP", "manufacturer": "Company",
1032 "model_name": "WAP", "model_number": "123",
1033 "serial_number": "12345", "device_type": "6-0050F204-1",
1034 "os_version": "01020300",
1035 'friendly_name': "WPS AP - <>&'\" - TEST",
1036 "config_methods": "label push_button",
1037 "ap_pin": ap_pin
, "uuid": ap_uuid
, "upnp_iface": "lo"})
1038 logger
.info("WPS configuration step")
1039 new_passphrase
= "1234567890"
1040 dev
[0].dump_monitor()
1041 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
=2412)
1042 dev
[0].wps_reg(apdev
[0]['bssid'], ap_pin
, ssid
, "WPA2PSK", "CCMP",
1044 status
= dev
[0].get_status()
1045 if status
['wpa_state'] != 'COMPLETED' or status
['bssid'] != apdev
[0]['bssid']:
1046 raise Exception("Not fully connected")
1047 if status
['ssid'] != ssid
:
1048 raise Exception("Unexpected SSID")
1049 if status
['pairwise_cipher'] != 'CCMP' or status
['group_cipher'] != 'CCMP':
1050 raise Exception("Unexpected encryption configuration")
1051 if status
['key_mgmt'] != 'WPA2-PSK':
1052 raise Exception("Unexpected key_mgmt")
1054 logger
.info("Start ER")
1055 dev
[0].request("WPS_ER_START ifname=lo")
1056 ev
= dev
[0].wait_event(["WPS-ER-AP-ADD"], timeout
=15)
1058 raise Exception("AP discovery timed out")
1059 if ap_uuid
not in ev
:
1060 raise Exception("Expected AP UUID not found")
1061 if "|WPS AP - <>&'" - TEST|Company|" not in ev
:
1062 raise Exception("Expected friendly name not found")
1064 logger
.info("Learn AP configuration through UPnP")
1065 dev
[0].dump_monitor()
1066 dev
[0].request("WPS_ER_LEARN " + ap_uuid
+ " " + ap_pin
)
1067 ev
= dev
[0].wait_event(["WPS-ER-AP-SETTINGS"], timeout
=15)
1069 raise Exception("AP learn timed out")
1070 if ap_uuid
not in ev
:
1071 raise Exception("Expected AP UUID not in settings")
1072 if "ssid=" + ssid
not in ev
:
1073 raise Exception("Expected SSID not in settings")
1074 if "key=" + new_passphrase
not in ev
:
1075 raise Exception("Expected passphrase not in settings")
1076 ev
= dev
[0].wait_event(["WPS-FAIL"], timeout
=15)
1078 raise Exception("WPS-FAIL after AP learn timed out")
1081 logger
.info("Add Enrollee using ER")
1082 pin
= dev
[1].wps_read_pin()
1083 dev
[0].dump_monitor()
1084 dev
[0].request("WPS_ER_PIN any " + pin
+ " " + dev
[1].p2p_interface_addr())
1085 dev
[1].scan_for_bss(apdev
[0]['bssid'], freq
=2412)
1086 dev
[1].dump_monitor()
1087 dev
[1].request("WPS_PIN %s %s" % (apdev
[0]['bssid'], pin
))
1088 ev
= dev
[1].wait_event(["WPS-SUCCESS"], timeout
=30)
1090 raise Exception("Enrollee did not report success")
1091 dev
[1].wait_connected(timeout
=15)
1092 ev
= dev
[0].wait_event(["WPS-SUCCESS"], timeout
=15)
1094 raise Exception("WPS ER did not report success")
1095 hwsim_utils
.test_connectivity_sta(dev
[0], dev
[1])
1097 logger
.info("Add a specific Enrollee using ER")
1098 pin
= dev
[2].wps_read_pin()
1099 addr2
= dev
[2].p2p_interface_addr()
1100 dev
[0].dump_monitor()
1101 dev
[2].scan_for_bss(apdev
[0]['bssid'], freq
=2412)
1102 dev
[2].dump_monitor()
1103 dev
[2].request("WPS_PIN %s %s" % (apdev
[0]['bssid'], pin
))
1104 ev
= dev
[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout
=10)
1106 raise Exception("Enrollee not seen")
1108 raise Exception("Unexpected Enrollee MAC address")
1109 dev
[0].request("WPS_ER_PIN " + addr2
+ " " + pin
+ " " + addr2
)
1110 dev
[2].wait_connected(timeout
=30)
1111 ev
= dev
[0].wait_event(["WPS-SUCCESS"], timeout
=15)
1113 raise Exception("WPS ER did not report success")
1115 logger
.info("Verify registrar selection behavior")
1116 dev
[0].request("WPS_ER_PIN any " + pin
+ " " + dev
[1].p2p_interface_addr())
1117 dev
[1].request("DISCONNECT")
1118 dev
[1].wait_disconnected(timeout
=10)
1119 dev
[1].scan_for_bss(apdev
[0]['bssid'], freq
="2412")
1120 dev
[1].scan(freq
="2412")
1121 bss
= dev
[1].get_bss(apdev
[0]['bssid'])
1122 if "[WPS-AUTH]" not in bss
['flags']:
1123 # It is possible for scan to miss an update especially when running
1124 # tests under load with multiple VMs, so allow another attempt.
1125 dev
[1].scan(freq
="2412")
1126 bss
= dev
[1].get_bss(apdev
[0]['bssid'])
1127 if "[WPS-AUTH]" not in bss
['flags']:
1128 raise Exception("WPS-AUTH flag missing")
1130 logger
.info("Stop ER")
1131 dev
[0].dump_monitor()
1132 dev
[0].request("WPS_ER_STOP")
1133 ev
= dev
[0].wait_event(["WPS-ER-AP-REMOVE"])
1135 raise Exception("WPS ER unsubscription timed out")
1136 # It takes some time for the UPnP UNSUBSCRIBE command to go through, so wait
1137 # a bit before verifying that the scan results have changed.
1140 for i
in range(0, 10):
1141 dev
[1].request("BSS_FLUSH 0")
1142 dev
[1].scan(freq
="2412", only_new
=True)
1143 bss
= dev
[1].get_bss(apdev
[0]['bssid'])
1144 if bss
and 'flags' in bss
and "[WPS-AUTH]" not in bss
['flags']:
1146 logger
.debug("WPS-AUTH flag was still in place - wait a bit longer")
1148 if "[WPS-AUTH]" in bss
['flags']:
1149 raise Exception("WPS-AUTH flag not removed")
1151 def test_ap_wps_er_add_enrollee_uuid(dev
, apdev
):
1152 """WPS ER adding a new enrollee identified by UUID"""
1154 _test_ap_wps_er_add_enrollee_uuid(dev
, apdev
)
1156 dev
[0].request("WPS_ER_STOP")
1158 def _test_ap_wps_er_add_enrollee_uuid(dev
, apdev
):
1159 ssid
= "wps-er-add-enrollee"
1161 ap_uuid
= "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
1162 hostapd
.add_ap(apdev
[0],
1163 { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
1164 "wpa_passphrase": "12345678", "wpa": "2",
1165 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
1166 "device_name": "Wireless AP", "manufacturer": "Company",
1167 "model_name": "WAP", "model_number": "123",
1168 "serial_number": "12345", "device_type": "6-0050F204-1",
1169 "os_version": "01020300",
1170 "config_methods": "label push_button",
1171 "ap_pin": ap_pin
, "uuid": ap_uuid
, "upnp_iface": "lo"})
1172 logger
.info("WPS configuration step")
1173 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
=2412)
1174 dev
[0].wps_reg(apdev
[0]['bssid'], ap_pin
)
1176 logger
.info("Start ER")
1177 dev
[0].request("WPS_ER_START ifname=lo")
1178 ev
= dev
[0].wait_event(["WPS-ER-AP-ADD"], timeout
=15)
1180 raise Exception("AP discovery timed out")
1181 if ap_uuid
not in ev
:
1182 raise Exception("Expected AP UUID not found")
1184 logger
.info("Learn AP configuration through UPnP")
1185 dev
[0].dump_monitor()
1186 dev
[0].request("WPS_ER_LEARN " + ap_uuid
+ " " + ap_pin
)
1187 ev
= dev
[0].wait_event(["WPS-ER-AP-SETTINGS"], timeout
=15)
1189 raise Exception("AP learn timed out")
1190 if ap_uuid
not in ev
:
1191 raise Exception("Expected AP UUID not in settings")
1192 ev
= dev
[0].wait_event(["WPS-FAIL"], timeout
=15)
1194 raise Exception("WPS-FAIL after AP learn timed out")
1197 logger
.info("Add a specific Enrollee using ER (PBC/UUID)")
1198 addr1
= dev
[1].p2p_interface_addr()
1199 dev
[0].dump_monitor()
1200 dev
[1].scan_for_bss(apdev
[0]['bssid'], freq
=2412)
1201 dev
[1].dump_monitor()
1202 dev
[1].request("WPS_PBC %s" % apdev
[0]['bssid'])
1203 ev
= dev
[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout
=10)
1205 raise Exception("Enrollee not seen")
1207 raise Exception("Unexpected Enrollee MAC address")
1208 uuid
= ev
.split(' ')[1]
1209 dev
[0].request("WPS_ER_PBC " + uuid
)
1210 dev
[1].wait_connected(timeout
=30)
1211 ev
= dev
[0].wait_event(["WPS-SUCCESS"], timeout
=15)
1213 raise Exception("WPS ER did not report success")
1215 logger
.info("Add a specific Enrollee using ER (PIN/UUID)")
1216 pin
= dev
[2].wps_read_pin()
1217 addr2
= dev
[2].p2p_interface_addr()
1218 dev
[0].dump_monitor()
1219 dev
[2].scan_for_bss(apdev
[0]['bssid'], freq
=2412)
1220 dev
[2].dump_monitor()
1221 dev
[2].request("WPS_PIN %s %s" % (apdev
[0]['bssid'], pin
))
1222 ev
= dev
[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout
=10)
1224 raise Exception("Enrollee not seen")
1226 raise Exception("Unexpected Enrollee MAC address")
1227 uuid
= ev
.split(' ')[1]
1228 dev
[0].request("WPS_ER_PIN " + uuid
+ " " + pin
)
1229 dev
[2].wait_connected(timeout
=30)
1230 ev
= dev
[0].wait_event(["WPS-SUCCESS"], timeout
=15)
1232 raise Exception("WPS ER did not report success")
1234 ev
= dev
[0].wait_event(["WPS-ER-ENROLLEE-REMOVE"], timeout
=15)
1236 raise Exception("No Enrollee STA entry timeout seen")
1238 logger
.info("Stop ER")
1239 dev
[0].dump_monitor()
1240 dev
[0].request("WPS_ER_STOP")
1242 def test_ap_wps_er_multi_add_enrollee(dev
, apdev
):
1243 """Multiple WPS ERs adding a new enrollee using PIN"""
1245 _test_ap_wps_er_multi_add_enrollee(dev
, apdev
)
1248 dev
[i
].request("WPS_ER_STOP")
1250 def _test_ap_wps_er_multi_add_enrollee(dev
, apdev
):
1251 ssid
= "wps-er-add-enrollee"
1253 ap_uuid
= "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
1254 hostapd
.add_ap(apdev
[0],
1255 { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
1256 "wpa_passphrase": "12345678", "wpa": "2",
1257 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
1258 "device_name": "Wireless AP", "manufacturer": "Company",
1259 "model_name": "WAP", "model_number": "123",
1260 "serial_number": "12345", "device_type": "6-0050F204-1",
1261 "os_version": "01020300",
1262 'friendly_name': "WPS AP",
1263 "config_methods": "label push_button",
1264 "ap_pin": ap_pin
, "uuid": ap_uuid
, "upnp_iface": "lo"})
1267 dev
[i
].scan_for_bss(apdev
[0]['bssid'], freq
=2412)
1268 dev
[i
].wps_reg(apdev
[0]['bssid'], ap_pin
)
1270 dev
[i
].request("WPS_ER_START ifname=lo")
1272 ev
= dev
[i
].wait_event(["WPS-ER-AP-ADD"], timeout
=15)
1274 raise Exception("AP discovery timed out")
1275 dev
[i
].dump_monitor()
1277 dev
[i
].request("WPS_ER_LEARN " + ap_uuid
+ " " + ap_pin
)
1279 ev
= dev
[i
].wait_event(["WPS-ER-AP-SETTINGS"], timeout
=15)
1281 raise Exception("AP learn timed out")
1282 ev
= dev
[i
].wait_event(["WPS-FAIL"], timeout
=15)
1284 raise Exception("WPS-FAIL after AP learn timed out")
1288 pin
= dev
[2].wps_read_pin()
1289 addr
= dev
[2].own_addr()
1290 dev
[0].dump_monitor()
1291 dev
[0].request("WPS_ER_PIN any " + pin
+ " " + addr
)
1292 dev
[1].dump_monitor()
1293 dev
[1].request("WPS_ER_PIN any " + pin
+ " " + addr
)
1295 dev
[2].scan_for_bss(apdev
[0]['bssid'], freq
=2412)
1296 dev
[2].dump_monitor()
1297 dev
[2].request("WPS_PIN %s %s" % (apdev
[0]['bssid'], pin
))
1298 ev
= dev
[2].wait_event(["WPS-SUCCESS"], timeout
=30)
1300 raise Exception("Enrollee did not report success")
1301 dev
[2].wait_connected(timeout
=15)
1303 def test_ap_wps_er_add_enrollee_pbc(dev
, apdev
):
1304 """WPS ER connected to AP and adding a new enrollee using PBC"""
1306 _test_ap_wps_er_add_enrollee_pbc(dev
, apdev
)
1308 dev
[0].request("WPS_ER_STOP")
1310 def _test_ap_wps_er_add_enrollee_pbc(dev
, apdev
):
1311 ssid
= "wps-er-add-enrollee-pbc"
1313 ap_uuid
= "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
1314 hostapd
.add_ap(apdev
[0],
1315 { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
1316 "wpa_passphrase": "12345678", "wpa": "2",
1317 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
1318 "device_name": "Wireless AP", "manufacturer": "Company",
1319 "model_name": "WAP", "model_number": "123",
1320 "serial_number": "12345", "device_type": "6-0050F204-1",
1321 "os_version": "01020300",
1322 "config_methods": "label push_button",
1323 "ap_pin": ap_pin
, "uuid": ap_uuid
, "upnp_iface": "lo"})
1324 logger
.info("Learn AP configuration")
1325 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
=2412)
1326 dev
[0].dump_monitor()
1327 dev
[0].wps_reg(apdev
[0]['bssid'], ap_pin
)
1328 status
= dev
[0].get_status()
1329 if status
['wpa_state'] != 'COMPLETED' or status
['bssid'] != apdev
[0]['bssid']:
1330 raise Exception("Not fully connected")
1332 logger
.info("Start ER")
1333 dev
[0].request("WPS_ER_START ifname=lo")
1334 ev
= dev
[0].wait_event(["WPS-ER-AP-ADD"], timeout
=15)
1336 raise Exception("AP discovery timed out")
1337 if ap_uuid
not in ev
:
1338 raise Exception("Expected AP UUID not found")
1340 enrollee
= dev
[1].p2p_interface_addr()
1342 if "FAIL-UNKNOWN-UUID" not in dev
[0].request("WPS_ER_PBC " + enrollee
):
1343 raise Exception("Unknown UUID not reported")
1345 logger
.info("Add Enrollee using ER and PBC")
1346 dev
[0].dump_monitor()
1347 dev
[1].dump_monitor()
1348 dev
[1].request("WPS_PBC")
1350 for i
in range(0, 2):
1351 ev
= dev
[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout
=15)
1353 raise Exception("Enrollee discovery timed out")
1357 raise Exception("Expected Enrollee not found")
1358 if "FAIL-NO-AP-SETTINGS" not in dev
[0].request("WPS_ER_PBC " + enrollee
):
1359 raise Exception("Unknown UUID not reported")
1360 logger
.info("Use learned network configuration on ER")
1361 dev
[0].request("WPS_ER_SET_CONFIG " + ap_uuid
+ " 0")
1362 if "OK" not in dev
[0].request("WPS_ER_PBC " + enrollee
):
1363 raise Exception("WPS_ER_PBC failed")
1365 ev
= dev
[1].wait_event(["WPS-SUCCESS"], timeout
=15)
1367 raise Exception("Enrollee did not report success")
1368 dev
[1].wait_connected(timeout
=15)
1369 ev
= dev
[0].wait_event(["WPS-SUCCESS"], timeout
=15)
1371 raise Exception("WPS ER did not report success")
1372 hwsim_utils
.test_connectivity_sta(dev
[0], dev
[1])
1374 def test_ap_wps_er_pbc_overlap(dev
, apdev
):
1375 """WPS ER connected to AP and PBC session overlap"""
1377 _test_ap_wps_er_pbc_overlap(dev
, apdev
)
1379 dev
[0].request("WPS_ER_STOP")
1381 def _test_ap_wps_er_pbc_overlap(dev
, apdev
):
1382 ssid
= "wps-er-add-enrollee-pbc"
1384 ap_uuid
= "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
1385 hostapd
.add_ap(apdev
[0],
1386 { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
1387 "wpa_passphrase": "12345678", "wpa": "2",
1388 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
1389 "device_name": "Wireless AP", "manufacturer": "Company",
1390 "model_name": "WAP", "model_number": "123",
1391 "serial_number": "12345", "device_type": "6-0050F204-1",
1392 "os_version": "01020300",
1393 "config_methods": "label push_button",
1394 "ap_pin": ap_pin
, "uuid": ap_uuid
, "upnp_iface": "lo"})
1395 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
=2412)
1396 dev
[0].dump_monitor()
1397 dev
[0].wps_reg(apdev
[0]['bssid'], ap_pin
)
1399 dev
[1].scan_for_bss(apdev
[0]['bssid'], freq
="2412")
1400 dev
[2].scan_for_bss(apdev
[0]['bssid'], freq
="2412")
1401 # avoid leaving dev 1 or 2 as the last Probe Request to the AP
1402 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
=2412, force_scan
=True)
1404 dev
[0].dump_monitor()
1405 dev
[0].request("WPS_ER_START ifname=lo")
1407 ev
= dev
[0].wait_event(["WPS-ER-AP-ADD"], timeout
=15)
1409 raise Exception("AP discovery timed out")
1410 if ap_uuid
not in ev
:
1411 raise Exception("Expected AP UUID not found")
1413 # verify BSSID selection of the AP instead of UUID
1414 if "FAIL" in dev
[0].request("WPS_ER_SET_CONFIG " + apdev
[0]['bssid'] + " 0"):
1415 raise Exception("Could not select AP based on BSSID")
1417 dev
[0].dump_monitor()
1418 dev
[1].request("WPS_PBC " + apdev
[0]['bssid'])
1419 dev
[2].request("WPS_PBC " + apdev
[0]['bssid'])
1420 ev
= dev
[1].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout
=10)
1422 raise Exception("PBC scan failed")
1423 ev
= dev
[2].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout
=10)
1425 raise Exception("PBC scan failed")
1428 addr1
= dev
[1].own_addr()
1429 addr2
= dev
[2].own_addr()
1431 ev
= dev
[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout
=15)
1433 raise Exception("Enrollee discovery timed out")
1442 if dev
[0].request("WPS_ER_PBC " + ap_uuid
) != "FAIL-PBC-OVERLAP\n":
1443 raise Exception("PBC overlap not reported")
1444 dev
[1].request("WPS_CANCEL")
1445 dev
[2].request("WPS_CANCEL")
1446 if dev
[0].request("WPS_ER_PBC foo") != "FAIL\n":
1447 raise Exception("Invalid WPS_ER_PBC accepted")
1449 def test_ap_wps_er_v10_add_enrollee_pin(dev
, apdev
):
1450 """WPS v1.0 ER connected to AP and adding a new enrollee using PIN"""
1452 _test_ap_wps_er_v10_add_enrollee_pin(dev
, apdev
)
1454 dev
[0].request("WPS_ER_STOP")
1456 def _test_ap_wps_er_v10_add_enrollee_pin(dev
, apdev
):
1457 ssid
= "wps-er-add-enrollee-pbc"
1459 ap_uuid
= "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
1460 hostapd
.add_ap(apdev
[0],
1461 { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
1462 "wpa_passphrase": "12345678", "wpa": "2",
1463 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
1464 "device_name": "Wireless AP", "manufacturer": "Company",
1465 "model_name": "WAP", "model_number": "123",
1466 "serial_number": "12345", "device_type": "6-0050F204-1",
1467 "os_version": "01020300",
1468 "config_methods": "label push_button",
1469 "ap_pin": ap_pin
, "uuid": ap_uuid
, "upnp_iface": "lo"})
1470 logger
.info("Learn AP configuration")
1471 dev
[0].request("SET wps_version_number 0x10")
1472 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
=2412)
1473 dev
[0].dump_monitor()
1474 dev
[0].wps_reg(apdev
[0]['bssid'], ap_pin
)
1475 status
= dev
[0].get_status()
1476 if status
['wpa_state'] != 'COMPLETED' or status
['bssid'] != apdev
[0]['bssid']:
1477 raise Exception("Not fully connected")
1479 logger
.info("Start ER")
1480 dev
[0].request("WPS_ER_START ifname=lo")
1481 ev
= dev
[0].wait_event(["WPS-ER-AP-ADD"], timeout
=15)
1483 raise Exception("AP discovery timed out")
1484 if ap_uuid
not in ev
:
1485 raise Exception("Expected AP UUID not found")
1487 logger
.info("Use learned network configuration on ER")
1488 dev
[0].request("WPS_ER_SET_CONFIG " + ap_uuid
+ " 0")
1490 logger
.info("Add Enrollee using ER and PIN")
1491 enrollee
= dev
[1].p2p_interface_addr()
1492 pin
= dev
[1].wps_read_pin()
1493 dev
[0].dump_monitor()
1494 dev
[0].request("WPS_ER_PIN any " + pin
+ " " + enrollee
)
1495 dev
[1].scan_for_bss(apdev
[0]['bssid'], freq
=2412)
1496 dev
[1].dump_monitor()
1497 dev
[1].request("WPS_PIN %s %s" % (apdev
[0]['bssid'], pin
))
1498 dev
[1].wait_connected(timeout
=30)
1499 ev
= dev
[0].wait_event(["WPS-SUCCESS"], timeout
=15)
1501 raise Exception("WPS ER did not report success")
1504 def test_ap_wps_er_config_ap(dev
, apdev
):
1505 """WPS ER configuring AP over UPnP"""
1507 _test_ap_wps_er_config_ap(dev
, apdev
)
1509 dev
[0].request("WPS_ER_STOP")
1511 def _test_ap_wps_er_config_ap(dev
, apdev
):
1512 ssid
= "wps-er-ap-config"
1514 ap_uuid
= "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
1515 hostapd
.add_ap(apdev
[0],
1516 { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
1517 "wpa_passphrase": "12345678", "wpa": "2",
1518 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
1519 "device_name": "Wireless AP", "manufacturer": "Company",
1520 "model_name": "WAP", "model_number": "123",
1521 "serial_number": "12345", "device_type": "6-0050F204-1",
1522 "os_version": "01020300",
1523 "config_methods": "label push_button",
1524 "ap_pin": ap_pin
, "uuid": ap_uuid
, "upnp_iface": "lo"})
1526 logger
.info("Connect ER to the AP")
1527 dev
[0].connect(ssid
, psk
="12345678", scan_freq
="2412")
1529 logger
.info("WPS configuration step")
1530 dev
[0].request("WPS_ER_START ifname=lo")
1531 ev
= dev
[0].wait_event(["WPS-ER-AP-ADD"], timeout
=15)
1533 raise Exception("AP discovery timed out")
1534 if ap_uuid
not in ev
:
1535 raise Exception("Expected AP UUID not found")
1536 new_passphrase
= "1234567890"
1537 dev
[0].request("WPS_ER_CONFIG " + apdev
[0]['bssid'] + " " + ap_pin
+ " " +
1538 ssid
.encode("hex") + " WPA2PSK CCMP " +
1539 new_passphrase
.encode("hex"))
1540 ev
= dev
[0].wait_event(["WPS-SUCCESS"])
1542 raise Exception("WPS ER configuration operation timed out")
1543 dev
[0].wait_disconnected(timeout
=10)
1544 dev
[0].connect(ssid
, psk
="1234567890", scan_freq
="2412")
1546 logger
.info("WPS ER restart")
1547 dev
[0].request("WPS_ER_START")
1548 ev
= dev
[0].wait_event(["WPS-ER-AP-ADD"], timeout
=15)
1550 raise Exception("AP discovery timed out on ER restart")
1551 if ap_uuid
not in ev
:
1552 raise Exception("Expected AP UUID not found on ER restart")
1553 if "OK" not in dev
[0].request("WPS_ER_STOP"):
1554 raise Exception("WPS_ER_STOP failed")
1555 if "OK" not in dev
[0].request("WPS_ER_STOP"):
1556 raise Exception("WPS_ER_STOP failed")
1559 def test_ap_wps_er_cache_ap_settings(dev
, apdev
):
1560 """WPS ER caching AP settings"""
1562 _test_ap_wps_er_cache_ap_settings(dev
, apdev
)
1564 dev
[0].request("WPS_ER_STOP")
1566 def _test_ap_wps_er_cache_ap_settings(dev
, apdev
):
1567 ssid
= "wps-er-add-enrollee"
1569 ap_uuid
= "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
1570 params
= { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
1571 "wpa_passphrase": "12345678", "wpa": "2",
1572 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
1573 "device_name": "Wireless AP", "manufacturer": "Company",
1574 "model_name": "WAP", "model_number": "123",
1575 "serial_number": "12345", "device_type": "6-0050F204-1",
1576 "os_version": "01020300",
1577 "config_methods": "label push_button",
1578 "ap_pin": ap_pin
, "uuid": ap_uuid
, "upnp_iface": "lo" }
1579 hapd
= hostapd
.add_ap(apdev
[0], params
)
1580 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
=2412)
1581 dev
[0].wps_reg(apdev
[0]['bssid'], ap_pin
)
1582 id = int(dev
[0].list_networks()[0]['id'])
1583 dev
[0].set_network(id, "scan_freq", "2412")
1585 dev
[0].request("WPS_ER_START ifname=lo")
1586 ev
= dev
[0].wait_event(["WPS-ER-AP-ADD"], timeout
=15)
1588 raise Exception("AP discovery timed out")
1589 if ap_uuid
not in ev
:
1590 raise Exception("Expected AP UUID not found")
1592 dev
[0].dump_monitor()
1593 dev
[0].request("WPS_ER_LEARN " + ap_uuid
+ " " + ap_pin
)
1594 ev
= dev
[0].wait_event(["WPS-ER-AP-SETTINGS"], timeout
=15)
1596 raise Exception("AP learn timed out")
1597 ev
= dev
[0].wait_event(["WPS-FAIL"], timeout
=15)
1599 raise Exception("WPS-FAIL after AP learn timed out")
1605 ev
= dev
[0].wait_event([ "WPS-ER-AP-REMOVE",
1606 "CTRL-EVENT-DISCONNECTED" ],
1609 raise Exception("AP removal or disconnection timed out")
1611 hapd
= hostapd
.add_ap(apdev
[0], params
)
1613 ev
= dev
[0].wait_event([ "WPS-ER-AP-ADD", "CTRL-EVENT-CONNECTED" ],
1616 raise Exception("AP discovery or connection timed out")
1618 pin
= dev
[1].wps_read_pin()
1619 dev
[0].dump_monitor()
1620 dev
[0].request("WPS_ER_PIN any " + pin
+ " " + dev
[1].p2p_interface_addr())
1624 dev
[1].scan_for_bss(apdev
[0]['bssid'], freq
=2412)
1625 dev
[1].dump_monitor()
1626 dev
[1].request("WPS_PIN %s %s" % (apdev
[0]['bssid'], pin
))
1627 ev
= dev
[1].wait_event(["WPS-SUCCESS"], timeout
=30)
1629 raise Exception("Enrollee did not report success")
1630 dev
[1].wait_connected(timeout
=15)
1631 ev
= dev
[0].wait_event(["WPS-SUCCESS"], timeout
=15)
1633 raise Exception("WPS ER did not report success")
1635 dev
[0].dump_monitor()
1636 dev
[0].request("WPS_ER_STOP")
1638 def test_ap_wps_er_cache_ap_settings_oom(dev
, apdev
):
1639 """WPS ER caching AP settings (OOM)"""
1641 _test_ap_wps_er_cache_ap_settings_oom(dev
, apdev
)
1643 dev
[0].request("WPS_ER_STOP")
1645 def _test_ap_wps_er_cache_ap_settings_oom(dev
, apdev
):
1646 ssid
= "wps-er-add-enrollee"
1648 ap_uuid
= "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
1649 params
= { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
1650 "wpa_passphrase": "12345678", "wpa": "2",
1651 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
1652 "device_name": "Wireless AP", "manufacturer": "Company",
1653 "model_name": "WAP", "model_number": "123",
1654 "serial_number": "12345", "device_type": "6-0050F204-1",
1655 "os_version": "01020300",
1656 "config_methods": "label push_button",
1657 "ap_pin": ap_pin
, "uuid": ap_uuid
, "upnp_iface": "lo" }
1658 hapd
= hostapd
.add_ap(apdev
[0], params
)
1659 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
=2412)
1660 dev
[0].wps_reg(apdev
[0]['bssid'], ap_pin
)
1661 id = int(dev
[0].list_networks()[0]['id'])
1662 dev
[0].set_network(id, "scan_freq", "2412")
1664 dev
[0].request("WPS_ER_START ifname=lo")
1665 ev
= dev
[0].wait_event(["WPS-ER-AP-ADD"], timeout
=15)
1667 raise Exception("AP discovery timed out")
1668 if ap_uuid
not in ev
:
1669 raise Exception("Expected AP UUID not found")
1671 dev
[0].dump_monitor()
1672 dev
[0].request("WPS_ER_LEARN " + ap_uuid
+ " " + ap_pin
)
1673 ev
= dev
[0].wait_event(["WPS-ER-AP-SETTINGS"], timeout
=15)
1675 raise Exception("AP learn timed out")
1676 ev
= dev
[0].wait_event(["WPS-FAIL"], timeout
=15)
1678 raise Exception("WPS-FAIL after AP learn timed out")
1681 with
alloc_fail(dev
[0], 1, "=wps_er_ap_use_cached_settings"):
1685 ev
= dev
[0].wait_event([ "WPS-ER-AP-REMOVE",
1686 "CTRL-EVENT-DISCONNECTED" ],
1689 raise Exception("AP removal or disconnection timed out")
1691 hapd
= hostapd
.add_ap(apdev
[0], params
)
1693 ev
= dev
[0].wait_event([ "WPS-ER-AP-ADD", "CTRL-EVENT-CONNECTED" ],
1696 raise Exception("AP discovery or connection timed out")
1698 dev
[0].request("WPS_ER_STOP")
1700 def test_ap_wps_er_cache_ap_settings_oom2(dev
, apdev
):
1701 """WPS ER caching AP settings (OOM 2)"""
1703 _test_ap_wps_er_cache_ap_settings_oom2(dev
, apdev
)
1705 dev
[0].request("WPS_ER_STOP")
1707 def _test_ap_wps_er_cache_ap_settings_oom2(dev
, apdev
):
1708 ssid
= "wps-er-add-enrollee"
1710 ap_uuid
= "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
1711 params
= { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
1712 "wpa_passphrase": "12345678", "wpa": "2",
1713 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
1714 "device_name": "Wireless AP", "manufacturer": "Company",
1715 "model_name": "WAP", "model_number": "123",
1716 "serial_number": "12345", "device_type": "6-0050F204-1",
1717 "os_version": "01020300",
1718 "config_methods": "label push_button",
1719 "ap_pin": ap_pin
, "uuid": ap_uuid
, "upnp_iface": "lo" }
1720 hapd
= hostapd
.add_ap(apdev
[0], params
)
1721 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
=2412)
1722 dev
[0].wps_reg(apdev
[0]['bssid'], ap_pin
)
1723 id = int(dev
[0].list_networks()[0]['id'])
1724 dev
[0].set_network(id, "scan_freq", "2412")
1726 dev
[0].request("WPS_ER_START ifname=lo")
1727 ev
= dev
[0].wait_event(["WPS-ER-AP-ADD"], timeout
=15)
1729 raise Exception("AP discovery timed out")
1730 if ap_uuid
not in ev
:
1731 raise Exception("Expected AP UUID not found")
1733 dev
[0].dump_monitor()
1734 dev
[0].request("WPS_ER_LEARN " + ap_uuid
+ " " + ap_pin
)
1735 ev
= dev
[0].wait_event(["WPS-ER-AP-SETTINGS"], timeout
=15)
1737 raise Exception("AP learn timed out")
1738 ev
= dev
[0].wait_event(["WPS-FAIL"], timeout
=15)
1740 raise Exception("WPS-FAIL after AP learn timed out")
1743 with
alloc_fail(dev
[0], 1, "=wps_er_ap_cache_settings"):
1747 ev
= dev
[0].wait_event([ "WPS-ER-AP-REMOVE",
1748 "CTRL-EVENT-DISCONNECTED" ],
1751 raise Exception("AP removal or disconnection timed out")
1753 hapd
= hostapd
.add_ap(apdev
[0], params
)
1755 ev
= dev
[0].wait_event([ "WPS-ER-AP-ADD", "CTRL-EVENT-CONNECTED" ],
1758 raise Exception("AP discovery or connection timed out")
1760 dev
[0].request("WPS_ER_STOP")
1762 def test_ap_wps_er_subscribe_oom(dev
, apdev
):
1763 """WPS ER subscribe OOM"""
1765 _test_ap_wps_er_subscribe_oom(dev
, apdev
)
1767 dev
[0].request("WPS_ER_STOP")
1769 def _test_ap_wps_er_subscribe_oom(dev
, apdev
):
1770 ssid
= "wps-er-add-enrollee"
1772 ap_uuid
= "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
1773 params
= { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
1774 "wpa_passphrase": "12345678", "wpa": "2",
1775 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
1776 "device_name": "Wireless AP", "manufacturer": "Company",
1777 "model_name": "WAP", "model_number": "123",
1778 "serial_number": "12345", "device_type": "6-0050F204-1",
1779 "os_version": "01020300",
1780 "config_methods": "label push_button",
1781 "ap_pin": ap_pin
, "uuid": ap_uuid
, "upnp_iface": "lo" }
1782 hapd
= hostapd
.add_ap(apdev
[0], params
)
1783 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
=2412)
1784 dev
[0].wps_reg(apdev
[0]['bssid'], ap_pin
)
1785 id = int(dev
[0].list_networks()[0]['id'])
1786 dev
[0].set_network(id, "scan_freq", "2412")
1788 with
alloc_fail(dev
[0], 1, "http_client_addr;wps_er_subscribe"):
1789 dev
[0].request("WPS_ER_START ifname=lo")
1791 res
= dev
[0].request("GET_ALLOC_FAIL")
1792 if res
.startswith("0:"):
1795 ev
= dev
[0].wait_event(["WPS-ER-AP-ADD"], timeout
=0)
1797 raise Exception("Unexpected AP discovery during OOM")
1799 dev
[0].request("WPS_ER_STOP")
1801 def test_ap_wps_er_set_sel_reg_oom(dev
, apdev
):
1802 """WPS ER SetSelectedRegistrar OOM"""
1804 _test_ap_wps_er_set_sel_reg_oom(dev
, apdev
)
1806 dev
[0].request("WPS_ER_STOP")
1808 def _test_ap_wps_er_set_sel_reg_oom(dev
, apdev
):
1809 ssid
= "wps-er-add-enrollee"
1811 ap_uuid
= "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
1812 params
= { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
1813 "wpa_passphrase": "12345678", "wpa": "2",
1814 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
1815 "device_name": "Wireless AP", "manufacturer": "Company",
1816 "model_name": "WAP", "model_number": "123",
1817 "serial_number": "12345", "device_type": "6-0050F204-1",
1818 "os_version": "01020300",
1819 "config_methods": "label push_button",
1820 "ap_pin": ap_pin
, "uuid": ap_uuid
, "upnp_iface": "lo" }
1821 hapd
= hostapd
.add_ap(apdev
[0], params
)
1822 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
=2412)
1823 dev
[0].wps_reg(apdev
[0]['bssid'], ap_pin
)
1825 dev
[0].request("WPS_ER_START ifname=lo")
1826 ev
= dev
[0].wait_event(["WPS-ER-AP-ADD"], timeout
=10)
1828 raise Exception("AP not discovered")
1830 dev
[0].request("WPS_ER_LEARN " + ap_uuid
+ " " + ap_pin
)
1831 ev
= dev
[0].wait_event(["WPS-ER-AP-SETTINGS"], timeout
=15)
1833 raise Exception("AP learn timed out")
1834 ev
= dev
[0].wait_event(["WPS-FAIL"], timeout
=15)
1836 raise Exception("WPS-FAIL timed out")
1839 for func
in [ "http_client_url_parse;wps_er_send_set_sel_reg",
1840 "wps_er_soap_hdr;wps_er_send_set_sel_reg",
1841 "http_client_addr;wps_er_send_set_sel_reg",
1842 "wpabuf_alloc;wps_er_set_sel_reg" ]:
1843 with
alloc_fail(dev
[0], 1, func
):
1844 if "OK" not in dev
[0].request("WPS_ER_PBC " + ap_uuid
):
1845 raise Exception("WPS_ER_PBC failed")
1846 ev
= dev
[0].wait_event(["WPS-PBC-ACTIVE"], timeout
=3)
1848 raise Exception("WPS-PBC-ACTIVE not seen")
1850 dev
[0].request("WPS_ER_STOP")
1853 def test_ap_wps_er_learn_oom(dev
, apdev
):
1854 """WPS ER learn OOM"""
1856 _test_ap_wps_er_learn_oom(dev
, apdev
)
1858 dev
[0].request("WPS_ER_STOP")
1860 def _test_ap_wps_er_learn_oom(dev
, apdev
):
1861 ssid
= "wps-er-add-enrollee"
1863 ap_uuid
= "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
1864 params
= { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
1865 "wpa_passphrase": "12345678", "wpa": "2",
1866 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
1867 "device_name": "Wireless AP", "manufacturer": "Company",
1868 "model_name": "WAP", "model_number": "123",
1869 "serial_number": "12345", "device_type": "6-0050F204-1",
1870 "os_version": "01020300",
1871 "config_methods": "label push_button",
1872 "ap_pin": ap_pin
, "uuid": ap_uuid
, "upnp_iface": "lo" }
1873 hapd
= hostapd
.add_ap(apdev
[0], params
)
1874 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
=2412)
1875 dev
[0].wps_reg(apdev
[0]['bssid'], ap_pin
)
1877 dev
[0].request("WPS_ER_START ifname=lo")
1878 ev
= dev
[0].wait_event(["WPS-ER-AP-ADD"], timeout
=10)
1880 raise Exception("AP not discovered")
1882 for func
in [ "wps_er_http_put_message_cb",
1883 "xml_get_base64_item;wps_er_http_put_message_cb",
1884 "http_client_url_parse;wps_er_ap_put_message",
1885 "wps_er_soap_hdr;wps_er_ap_put_message",
1886 "http_client_addr;wps_er_ap_put_message" ]:
1887 with
alloc_fail(dev
[0], 1, func
):
1888 dev
[0].request("WPS_ER_LEARN " + ap_uuid
+ " " + ap_pin
)
1889 ev
= dev
[0].wait_event(["WPS-ER-AP-SETTINGS"], timeout
=1)
1891 raise Exception("AP learn succeeded during OOM")
1893 dev
[0].request("WPS_ER_LEARN " + ap_uuid
+ " " + ap_pin
)
1894 ev
= dev
[0].wait_event(["WPS-ER-AP-SETTINGS"], timeout
=10)
1896 raise Exception("AP learn did not succeed")
1898 if "FAIL" not in dev
[0].request("WPS_ER_LEARN 00000000-9e5c-4e73-bd82-f89cbcd10d7e " + ap_pin
):
1899 raise Exception("WPS_ER_LEARN for unknown AP accepted")
1901 dev
[0].request("WPS_ER_STOP")
1903 def test_ap_wps_fragmentation(dev
, apdev
):
1904 """WPS with fragmentation in EAP-WSC and mixed mode WPA+WPA2"""
1905 ssid
= "test-wps-fragmentation"
1907 hapd
= hostapd
.add_ap(apdev
[0],
1908 { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
1909 "wpa_passphrase": "12345678", "wpa": "3",
1910 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
1911 "wpa_pairwise": "TKIP", "ap_pin": appin
,
1912 "fragment_size": "50" })
1913 logger
.info("WPS provisioning step (PBC)")
1914 hapd
.request("WPS_PBC")
1915 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
=2412)
1916 dev
[0].dump_monitor()
1917 dev
[0].request("SET wps_fragment_size 50")
1918 dev
[0].request("WPS_PBC " + apdev
[0]['bssid'])
1919 dev
[0].wait_connected(timeout
=30)
1920 status
= dev
[0].get_status()
1921 if status
['wpa_state'] != 'COMPLETED':
1922 raise Exception("Not fully connected")
1923 if status
['pairwise_cipher'] != 'CCMP' or status
['group_cipher'] != 'TKIP':
1924 raise Exception("Unexpected encryption configuration")
1925 if status
['key_mgmt'] != 'WPA2-PSK':
1926 raise Exception("Unexpected key_mgmt")
1928 logger
.info("WPS provisioning step (PIN)")
1929 pin
= dev
[1].wps_read_pin()
1930 hapd
.request("WPS_PIN any " + pin
)
1931 dev
[1].scan_for_bss(apdev
[0]['bssid'], freq
=2412)
1932 dev
[1].request("SET wps_fragment_size 50")
1933 dev
[1].request("WPS_PIN %s %s" % (apdev
[0]['bssid'], pin
))
1934 dev
[1].wait_connected(timeout
=30)
1935 status
= dev
[1].get_status()
1936 if status
['wpa_state'] != 'COMPLETED':
1937 raise Exception("Not fully connected")
1938 if status
['pairwise_cipher'] != 'CCMP' or status
['group_cipher'] != 'TKIP':
1939 raise Exception("Unexpected encryption configuration")
1940 if status
['key_mgmt'] != 'WPA2-PSK':
1941 raise Exception("Unexpected key_mgmt")
1943 logger
.info("WPS connection as registrar")
1944 dev
[2].scan_for_bss(apdev
[0]['bssid'], freq
=2412)
1945 dev
[2].request("SET wps_fragment_size 50")
1946 dev
[2].wps_reg(apdev
[0]['bssid'], appin
)
1947 status
= dev
[2].get_status()
1948 if status
['wpa_state'] != 'COMPLETED':
1949 raise Exception("Not fully connected")
1950 if status
['pairwise_cipher'] != 'CCMP' or status
['group_cipher'] != 'TKIP':
1951 raise Exception("Unexpected encryption configuration")
1952 if status
['key_mgmt'] != 'WPA2-PSK':
1953 raise Exception("Unexpected key_mgmt")
1956 def test_ap_wps_new_version_sta(dev
, apdev
):
1957 """WPS compatibility with new version number on the station"""
1958 ssid
= "test-wps-ver"
1959 hapd
= hostapd
.add_ap(apdev
[0],
1960 { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
1961 "wpa_passphrase": "12345678", "wpa": "2",
1962 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP" })
1963 logger
.info("WPS provisioning step")
1964 hapd
.request("WPS_PBC")
1965 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
="2412")
1966 dev
[0].dump_monitor()
1967 dev
[0].request("SET wps_version_number 0x43")
1968 dev
[0].request("SET wps_vendor_ext_m1 000137100100020001")
1969 dev
[0].request("WPS_PBC " + apdev
[0]['bssid'])
1970 dev
[0].wait_connected(timeout
=30)
1973 def test_ap_wps_new_version_ap(dev
, apdev
):
1974 """WPS compatibility with new version number on the AP"""
1975 ssid
= "test-wps-ver"
1976 hapd
= hostapd
.add_ap(apdev
[0],
1977 { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
1978 "wpa_passphrase": "12345678", "wpa": "2",
1979 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP" })
1980 logger
.info("WPS provisioning step")
1981 if "FAIL" in hapd
.request("SET wps_version_number 0x43"):
1982 raise Exception("Failed to enable test functionality")
1983 hapd
.request("WPS_PBC")
1984 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
="2412")
1985 dev
[0].dump_monitor()
1986 dev
[0].request("WPS_PBC " + apdev
[0]['bssid'])
1987 dev
[0].wait_connected(timeout
=30)
1988 hapd
.request("SET wps_version_number 0x20")
1991 def test_ap_wps_check_pin(dev
, apdev
):
1992 """Verify PIN checking through control interface"""
1993 hapd
= hostapd
.add_ap(apdev
[0],
1994 { "ssid": "wps", "eap_server": "1", "wps_state": "2",
1995 "wpa_passphrase": "12345678", "wpa": "2",
1996 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP" })
1997 for t
in [ ("12345670", "12345670"),
1998 ("12345678", "FAIL-CHECKSUM"),
2000 ("123456789", "FAIL"),
2001 ("1234-5670", "12345670"),
2002 ("1234 5670", "12345670"),
2003 ("1-2.3:4 5670", "12345670") ]:
2004 res
= hapd
.request("WPS_CHECK_PIN " + t
[0]).rstrip('\n')
2005 res2
= dev
[0].request("WPS_CHECK_PIN " + t
[0]).rstrip('\n')
2007 raise Exception("Unexpected difference in WPS_CHECK_PIN responses")
2009 raise Exception("Incorrect WPS_CHECK_PIN response {} (expected {})".format(res
, t
[1]))
2011 if "FAIL" not in hapd
.request("WPS_CHECK_PIN 12345"):
2012 raise Exception("Unexpected WPS_CHECK_PIN success")
2013 if "FAIL" not in hapd
.request("WPS_CHECK_PIN 123456789"):
2014 raise Exception("Unexpected WPS_CHECK_PIN success")
2016 for i
in range(0, 10):
2017 pin
= dev
[0].request("WPS_PIN get")
2018 rpin
= dev
[0].request("WPS_CHECK_PIN " + pin
).rstrip('\n')
2020 raise Exception("Random PIN validation failed for " + pin
)
2022 def test_ap_wps_wep_config(dev
, apdev
):
2023 """WPS 2.0 AP rejecting WEP configuration"""
2024 ssid
= "test-wps-config"
2026 hapd
= hostapd
.add_ap(apdev
[0],
2027 { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
2029 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
=2412)
2030 dev
[0].wps_reg(apdev
[0]['bssid'], appin
, "wps-new-ssid-wep", "OPEN", "WEP",
2031 "hello", no_wait
=True)
2032 ev
= hapd
.wait_event(["WPS-FAIL"], timeout
=15)
2034 raise Exception("WPS-FAIL timed out")
2035 if "reason=2" not in ev
:
2036 raise Exception("Unexpected reason code in WPS-FAIL")
2037 status
= hapd
.request("WPS_GET_STATUS")
2038 if "Last WPS result: Failed" not in status
:
2039 raise Exception("WPS failure result not shown correctly")
2040 if "Failure Reason: WEP Prohibited" not in status
:
2041 raise Exception("Failure reason not reported correctly")
2042 if "Peer Address: " + dev
[0].p2p_interface_addr() not in status
:
2043 raise Exception("Peer address not shown correctly")
2045 def test_ap_wps_wep_enroll(dev
, apdev
):
2046 """WPS 2.0 STA rejecting WEP configuration"""
2047 ssid
= "test-wps-wep"
2048 params
= { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
2049 "skip_cred_build": "1", "extra_cred": "wps-wep-cred" }
2050 hapd
= hostapd
.add_ap(apdev
[0], params
)
2051 hapd
.request("WPS_PBC")
2052 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
=2412)
2053 dev
[0].request("WPS_PBC " + apdev
[0]['bssid'])
2054 ev
= dev
[0].wait_event(["WPS-FAIL"], timeout
=15)
2056 raise Exception("WPS-FAIL event timed out")
2057 if "msg=12" not in ev
or "reason=2 (WEP Prohibited)" not in ev
:
2058 raise Exception("Unexpected WPS-FAIL event: " + ev
)
2061 def test_ap_wps_ie_fragmentation(dev
, apdev
):
2062 """WPS AP using fragmented WPS IE"""
2063 ssid
= "test-wps-ie-fragmentation"
2064 params
= { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
2065 "wpa_passphrase": "12345678", "wpa": "2",
2066 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
2067 "device_name": "1234567890abcdef1234567890abcdef",
2068 "manufacturer": "1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef",
2069 "model_name": "1234567890abcdef1234567890abcdef",
2070 "model_number": "1234567890abcdef1234567890abcdef",
2071 "serial_number": "1234567890abcdef1234567890abcdef" }
2072 hapd
= hostapd
.add_ap(apdev
[0], params
)
2073 hapd
.request("WPS_PBC")
2074 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
="2412")
2075 dev
[0].request("WPS_PBC " + apdev
[0]['bssid'])
2076 dev
[0].wait_connected(timeout
=30)
2077 bss
= dev
[0].get_bss(apdev
[0]['bssid'])
2078 if "wps_device_name" not in bss
or bss
['wps_device_name'] != "1234567890abcdef1234567890abcdef":
2079 logger
.info("Device Name not received correctly")
2081 # This can fail if Probe Response frame is missed and Beacon frame was
2082 # used to fill in the BSS entry. This can happen, e.g., during heavy
2083 # load every now and then and is not really an error, so try to
2084 # workaround by runnign another scan.
2085 dev
[0].scan(freq
="2412", only_new
=True)
2086 bss
= dev
[0].get_bss(apdev
[0]['bssid'])
2087 if not bss
or "wps_device_name" not in bss
or bss
['wps_device_name'] != "1234567890abcdef1234567890abcdef":
2089 raise Exception("Device Name not received correctly")
2090 if len(re
.findall("dd..0050f204", bss
['ie'])) != 2:
2091 raise Exception("Unexpected number of WPS IEs")
2093 def get_psk(pskfile
):
2095 with
open(pskfile
, "r") as f
:
2096 lines
= f
.read().splitlines()
2098 if l
== "# WPA PSKs":
2100 (addr
,psk
) = l
.split(' ')
2104 def test_ap_wps_per_station_psk(dev
, apdev
):
2105 """WPS PBC provisioning with per-station PSK"""
2106 addr0
= dev
[0].own_addr()
2107 addr1
= dev
[1].own_addr()
2108 addr2
= dev
[2].own_addr()
2111 pskfile
= "/tmp/ap_wps_per_enrollee_psk.psk_file"
2119 with
open(pskfile
, "w") as f
:
2120 f
.write("# WPA PSKs\n")
2122 params
= { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
2123 "wpa": "2", "wpa_key_mgmt": "WPA-PSK",
2124 "rsn_pairwise": "CCMP", "ap_pin": appin
,
2125 "wpa_psk_file": pskfile
}
2126 hapd
= hostapd
.add_ap(apdev
[0], params
)
2128 logger
.info("First enrollee")
2129 hapd
.request("WPS_PBC")
2130 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
=2412)
2131 dev
[0].request("WPS_PBC " + apdev
[0]['bssid'])
2132 dev
[0].wait_connected(timeout
=30)
2134 logger
.info("Second enrollee")
2135 hapd
.request("WPS_PBC")
2136 dev
[1].scan_for_bss(apdev
[0]['bssid'], freq
=2412)
2137 dev
[1].request("WPS_PBC " + apdev
[0]['bssid'])
2138 dev
[1].wait_connected(timeout
=30)
2140 logger
.info("External registrar")
2141 dev
[2].scan_for_bss(apdev
[0]['bssid'], freq
=2412)
2142 dev
[2].wps_reg(apdev
[0]['bssid'], appin
)
2144 logger
.info("Verifying PSK results")
2145 psks
= get_psk(pskfile
)
2146 if addr0
not in psks
:
2147 raise Exception("No PSK recorded for sta0")
2148 if addr1
not in psks
:
2149 raise Exception("No PSK recorded for sta1")
2150 if addr2
not in psks
:
2151 raise Exception("No PSK recorded for sta2")
2152 if psks
[addr0
] == psks
[addr1
]:
2153 raise Exception("Same PSK recorded for sta0 and sta1")
2154 if psks
[addr0
] == psks
[addr2
]:
2155 raise Exception("Same PSK recorded for sta0 and sta2")
2156 if psks
[addr1
] == psks
[addr2
]:
2157 raise Exception("Same PSK recorded for sta1 and sta2")
2159 dev
[0].request("REMOVE_NETWORK all")
2160 logger
.info("Second external registrar")
2161 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
=2412)
2162 dev
[0].wps_reg(apdev
[0]['bssid'], appin
)
2163 psks2
= get_psk(pskfile
)
2164 if addr0
not in psks2
:
2165 raise Exception("No PSK recorded for sta0(reg)")
2166 if psks
[addr0
] == psks2
[addr0
]:
2167 raise Exception("Same PSK recorded for sta0(enrollee) and sta0(reg)")
2171 dev
[0].request("DISCONNECT")
2172 dev
[1].request("DISCONNECT")
2173 dev
[2].request("DISCONNECT")
2175 dev
[0].flush_scan_cache()
2176 dev
[1].flush_scan_cache()
2177 dev
[2].flush_scan_cache()
2179 def test_ap_wps_per_station_psk_failure(dev
, apdev
):
2180 """WPS PBC provisioning with per-station PSK (file not writable)"""
2181 addr0
= dev
[0].p2p_dev_addr()
2182 addr1
= dev
[1].p2p_dev_addr()
2183 addr2
= dev
[2].p2p_dev_addr()
2186 pskfile
= "/tmp/ap_wps_per_enrollee_psk.psk_file"
2193 with
open(pskfile
, "w") as f
:
2194 f
.write("# WPA PSKs\n")
2196 params
= { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
2197 "wpa": "2", "wpa_key_mgmt": "WPA-PSK",
2198 "rsn_pairwise": "CCMP", "ap_pin": appin
,
2199 "wpa_psk_file": pskfile
}
2200 hapd
= hostapd
.add_ap(apdev
[0], params
)
2201 if "FAIL" in hapd
.request("SET wpa_psk_file /tmp/does/not/exists/ap_wps_per_enrollee_psk_failure.psk_file"):
2202 raise Exception("Failed to set wpa_psk_file")
2204 logger
.info("First enrollee")
2205 hapd
.request("WPS_PBC")
2206 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
=2412)
2207 dev
[0].request("WPS_PBC " + apdev
[0]['bssid'])
2208 dev
[0].wait_connected(timeout
=30)
2210 logger
.info("Second enrollee")
2211 hapd
.request("WPS_PBC")
2212 dev
[1].scan_for_bss(apdev
[0]['bssid'], freq
=2412)
2213 dev
[1].request("WPS_PBC " + apdev
[0]['bssid'])
2214 dev
[1].wait_connected(timeout
=30)
2216 logger
.info("External registrar")
2217 dev
[2].scan_for_bss(apdev
[0]['bssid'], freq
=2412)
2218 dev
[2].wps_reg(apdev
[0]['bssid'], appin
)
2220 logger
.info("Verifying PSK results")
2221 psks
= get_psk(pskfile
)
2223 raise Exception("PSK recorded unexpectedly")
2227 def test_ap_wps_pin_request_file(dev
, apdev
):
2228 """WPS PIN provisioning with configured AP"""
2230 pinfile
= "/tmp/ap_wps_pin_request_file.log"
2231 if os
.path
.exists(pinfile
):
2233 hapd
= hostapd
.add_ap(apdev
[0],
2234 { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
2235 "wps_pin_requests": pinfile
,
2236 "wpa_passphrase": "12345678", "wpa": "2",
2237 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
2238 uuid
= dev
[0].get_status_field("uuid")
2239 pin
= dev
[0].wps_read_pin()
2241 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
="2412")
2242 dev
[0].request("WPS_PIN %s %s" % (apdev
[0]['bssid'], pin
))
2243 ev
= hapd
.wait_event(["WPS-PIN-NEEDED"], timeout
=15)
2245 raise Exception("PIN needed event not shown")
2247 raise Exception("UUID mismatch")
2248 dev
[0].request("WPS_CANCEL")
2250 with
open(pinfile
, "r") as f
:
2251 lines
= f
.readlines()
2257 raise Exception("PIN request entry not in the log file")
2264 def test_ap_wps_auto_setup_with_config_file(dev
, apdev
):
2265 """WPS auto-setup with configuration file"""
2266 conffile
= "/tmp/ap_wps_auto_setup_with_config_file.conf"
2267 ifname
= apdev
[0]['ifname']
2269 with
open(conffile
, "w") as f
:
2270 f
.write("driver=nl80211\n")
2271 f
.write("hw_mode=g\n")
2272 f
.write("channel=1\n")
2273 f
.write("ieee80211n=1\n")
2274 f
.write("interface=%s\n" % ifname
)
2275 f
.write("ctrl_interface=/var/run/hostapd\n")
2276 f
.write("ssid=wps\n")
2277 f
.write("eap_server=1\n")
2278 f
.write("wps_state=1\n")
2279 hapd
= hostapd
.add_bss(apdev
[0], ifname
, conffile
)
2280 hapd
.request("WPS_PBC")
2281 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
="2412")
2282 dev
[0].request("WPS_PBC " + apdev
[0]['bssid'])
2283 dev
[0].wait_connected(timeout
=30)
2284 with
open(conffile
, "r") as f
:
2285 lines
= f
.read().splitlines()
2289 [name
,value
] = l
.split('=', 1)
2291 except ValueError, e
:
2292 if "# WPS configuration" in l
:
2295 raise Exception("Unexpected configuration line: " + l
)
2296 if vals
['ieee80211n'] != '1' or vals
['wps_state'] != '2' or "WPA-PSK" not in vals
['wpa_key_mgmt']:
2297 raise Exception("Incorrect configuration: " + str(vals
))
2304 def test_ap_wps_pbc_timeout(dev
, apdev
, params
):
2305 """wpa_supplicant PBC walk time and WPS ER SelReg timeout [long]"""
2306 if not params
['long']:
2307 raise HwsimSkip("Skip test case with long duration due to --long not specified")
2308 ap_uuid
= "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
2309 hapd
= add_ssdp_ap(apdev
[0], ap_uuid
)
2311 location
= ssdp_get_location(ap_uuid
)
2312 urls
= upnp_get_urls(location
)
2313 eventurl
= urlparse
.urlparse(urls
['event_sub_url'])
2314 ctrlurl
= urlparse
.urlparse(urls
['control_url'])
2316 url
= urlparse
.urlparse(location
)
2317 conn
= httplib
.HTTPConnection(url
.netloc
)
2319 class WPSERHTTPServer(SocketServer
.StreamRequestHandler
):
2321 data
= self
.rfile
.readline().strip()
2323 self
.wfile
.write(gen_wps_event())
2325 server
= MyTCPServer(("127.0.0.1", 12345), WPSERHTTPServer
)
2328 headers
= { "callback": '<http://127.0.0.1:12345/event>',
2330 "timeout": "Second-1234" }
2331 conn
.request("SUBSCRIBE", eventurl
.path
, "\r\n\r\n", headers
)
2332 resp
= conn
.getresponse()
2333 if resp
.status
!= 200:
2334 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
2335 sid
= resp
.getheader("sid")
2336 logger
.debug("Subscription SID " + sid
)
2338 msg
= '''<?xml version="1.0"?>
2339 <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
2341 <u:SetSelectedRegistrar xmlns:u="urn:schemas-wifialliance-org:service:WFAWLANConfig:1">
2342 <NewMessage>EEoAARAQQQABARASAAIAABBTAAIxSBBJAA4ANyoAASABBv///////xBIABA2LbR7pTpRkYj7
2345 </u:SetSelectedRegistrar>
2348 headers
= { "Content-type": 'text/xml; charset="utf-8"' }
2349 headers
["SOAPAction"] = '"urn:schemas-wifialliance-org:service:WFAWLANConfig:1#%s"' % "SetSelectedRegistrar"
2350 conn
.request("POST", ctrlurl
.path
, msg
, headers
)
2351 resp
= conn
.getresponse()
2352 if resp
.status
!= 200:
2353 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
2355 server
.handle_request()
2357 logger
.info("Start WPS_PBC and wait for PBC walk time expiration")
2358 if "OK" not in dev
[0].request("WPS_PBC"):
2359 raise Exception("WPS_PBC failed")
2361 start
= os
.times()[4]
2363 server
.handle_request()
2364 dev
[1].request("BSS_FLUSH 0")
2365 dev
[1].scan_for_bss(apdev
[0]['bssid'], freq
="2412", force_scan
=True,
2367 bss
= dev
[1].get_bss(apdev
[0]['bssid'])
2368 logger
.debug("BSS: " + str(bss
))
2369 if '[WPS-AUTH]' not in bss
['flags']:
2370 raise Exception("WPS not indicated authorized")
2372 server
.handle_request()
2374 wps_timeout_seen
= False
2378 dev
[1].dump_monitor()
2379 if not wps_timeout_seen
:
2380 ev
= dev
[0].wait_event(["WPS-TIMEOUT"], timeout
=0)
2382 logger
.info("PBC timeout seen")
2383 wps_timeout_seen
= True
2385 dev
[0].dump_monitor()
2387 if now
- start
> 130:
2388 raise Exception("Selected registration information not removed")
2389 dev
[1].request("BSS_FLUSH 0")
2390 dev
[1].scan_for_bss(apdev
[0]['bssid'], freq
="2412", force_scan
=True,
2392 bss
= dev
[1].get_bss(apdev
[0]['bssid'])
2393 logger
.debug("BSS: " + str(bss
))
2394 if '[WPS-AUTH]' not in bss
['flags']:
2396 server
.handle_request()
2398 server
.server_close()
2400 if wps_timeout_seen
:
2404 if now
< start
+ 150:
2405 dur
= start
+ 150 - now
2408 logger
.info("Continue waiting for PBC timeout (%d sec)" % dur
)
2409 ev
= dev
[0].wait_event(["WPS-TIMEOUT"], timeout
=dur
)
2411 raise Exception("WPS-TIMEOUT not reported")
2413 def add_ssdp_ap(ap
, ap_uuid
):
2416 params
= { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
2417 "wpa_passphrase": "12345678", "wpa": "2",
2418 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
2419 "device_name": "Wireless AP", "manufacturer": "Company",
2420 "model_name": "WAP", "model_number": "123",
2421 "serial_number": "12345", "device_type": "6-0050F204-1",
2422 "os_version": "01020300",
2423 "config_methods": "label push_button",
2424 "ap_pin": ap_pin
, "uuid": ap_uuid
, "upnp_iface": "lo",
2425 "friendly_name": "WPS Access Point",
2426 "manufacturer_url": "http://www.example.com/",
2427 "model_description": "Wireless Access Point",
2428 "model_url": "http://www.example.com/model/",
2429 "upc": "123456789012" }
2430 return hostapd
.add_ap(ap
, params
)
2432 def ssdp_send(msg
, no_recv
=False):
2433 socket
.setdefaulttimeout(1)
2434 sock
= socket
.socket(socket
.AF_INET
, socket
.SOCK_DGRAM
, socket
.IPPROTO_UDP
)
2435 sock
.setsockopt(socket
.SOL_SOCKET
, socket
.SO_REUSEADDR
, 1)
2436 sock
.setsockopt(socket
.IPPROTO_IP
, socket
.IP_MULTICAST_TTL
, 2)
2437 sock
.bind(("127.0.0.1", 0))
2438 sock
.sendto(msg
, ("239.255.255.250", 1900))
2441 return sock
.recv(1000)
2443 def ssdp_send_msearch(st
, no_recv
=False):
2445 'M-SEARCH * HTTP/1.1',
2446 'HOST: 239.255.255.250:1900',
2448 'MAN: "ssdp:discover"',
2451 return ssdp_send(msg
, no_recv
=no_recv
)
2453 def test_ap_wps_ssdp_msearch(dev
, apdev
):
2454 """WPS AP and SSDP M-SEARCH messages"""
2455 ap_uuid
= "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
2456 add_ssdp_ap(apdev
[0], ap_uuid
)
2459 'M-SEARCH * HTTP/1.1',
2460 'Host: 239.255.255.250:1900',
2462 'Man: "ssdp:discover"',
2463 'St: urn:schemas-wifialliance-org:device:WFADevice:1',
2468 'M-SEARCH * HTTP/1.1',
2469 'host:\t239.255.255.250:1900\t\t\t\t \t\t',
2471 'man: \t \t "ssdp:discover" ',
2472 'st: urn:schemas-wifialliance-org:device:WFADevice:1\t\t',
2476 ssdp_send_msearch("ssdp:all")
2477 ssdp_send_msearch("upnp:rootdevice")
2478 ssdp_send_msearch("uuid:" + ap_uuid
)
2479 ssdp_send_msearch("urn:schemas-wifialliance-org:service:WFAWLANConfig:1")
2480 ssdp_send_msearch("urn:schemas-wifialliance-org:device:WFADevice:1")
2483 'M-SEARCH * HTTP/1.1',
2484 'HOST:\t239.255.255.250:1900',
2485 'MAN: "ssdp:discover"',
2487 'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
2489 ssdp_send(msg
, no_recv
=True)
2491 def test_ap_wps_ssdp_invalid_msearch(dev
, apdev
):
2492 """WPS AP and invalid SSDP M-SEARCH messages"""
2493 ap_uuid
= "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
2494 add_ssdp_ap(apdev
[0], ap_uuid
)
2496 socket
.setdefaulttimeout(1)
2497 sock
= socket
.socket(socket
.AF_INET
, socket
.SOCK_DGRAM
, socket
.IPPROTO_UDP
)
2498 sock
.setsockopt(socket
.SOL_SOCKET
, socket
.SO_REUSEADDR
, 1)
2499 sock
.setsockopt(socket
.IPPROTO_IP
, socket
.IP_MULTICAST_TTL
, 2)
2500 sock
.bind(("127.0.0.1", 0))
2502 logger
.debug("Missing MX")
2504 'M-SEARCH * HTTP/1.1',
2505 'HOST: 239.255.255.250:1900',
2506 'MAN: "ssdp:discover"',
2507 'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
2509 sock
.sendto(msg
, ("239.255.255.250", 1900))
2511 logger
.debug("Negative MX")
2513 'M-SEARCH * HTTP/1.1',
2514 'HOST: 239.255.255.250:1900',
2516 'MAN: "ssdp:discover"',
2517 'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
2519 sock
.sendto(msg
, ("239.255.255.250", 1900))
2521 logger
.debug("Invalid MX")
2523 'M-SEARCH * HTTP/1.1',
2524 'HOST: 239.255.255.250:1900',
2526 'MAN: "ssdp:discover"',
2527 'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
2529 sock
.sendto(msg
, ("239.255.255.250", 1900))
2531 logger
.debug("Missing MAN")
2533 'M-SEARCH * HTTP/1.1',
2534 'HOST: 239.255.255.250:1900',
2536 'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
2538 sock
.sendto(msg
, ("239.255.255.250", 1900))
2540 logger
.debug("Invalid MAN")
2542 'M-SEARCH * HTTP/1.1',
2543 'HOST: 239.255.255.250:1900',
2546 'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
2548 sock
.sendto(msg
, ("239.255.255.250", 1900))
2550 'M-SEARCH * HTTP/1.1',
2551 'HOST: 239.255.255.250:1900',
2553 'MAN; "ssdp:discover"',
2554 'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
2556 sock
.sendto(msg
, ("239.255.255.250", 1900))
2558 logger
.debug("Missing HOST")
2560 'M-SEARCH * HTTP/1.1',
2561 'MAN: "ssdp:discover"',
2563 'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
2565 sock
.sendto(msg
, ("239.255.255.250", 1900))
2567 logger
.debug("Missing ST")
2569 'M-SEARCH * HTTP/1.1',
2570 'HOST: 239.255.255.250:1900',
2571 'MAN: "ssdp:discover"',
2574 sock
.sendto(msg
, ("239.255.255.250", 1900))
2576 logger
.debug("Mismatching ST")
2578 'M-SEARCH * HTTP/1.1',
2579 'HOST: 239.255.255.250:1900',
2580 'MAN: "ssdp:discover"',
2582 'ST: uuid:16d5f8a9-4ee4-4f5e-81f9-cc6e2f47f42d',
2584 sock
.sendto(msg
, ("239.255.255.250", 1900))
2586 'M-SEARCH * HTTP/1.1',
2587 'HOST: 239.255.255.250:1900',
2588 'MAN: "ssdp:discover"',
2592 sock
.sendto(msg
, ("239.255.255.250", 1900))
2594 'M-SEARCH * HTTP/1.1',
2595 'HOST: 239.255.255.250:1900',
2596 'MAN: "ssdp:discover"',
2600 sock
.sendto(msg
, ("239.255.255.250", 1900))
2602 logger
.debug("Invalid ST")
2604 'M-SEARCH * HTTP/1.1',
2605 'HOST: 239.255.255.250:1900',
2606 'MAN: "ssdp:discover"',
2608 'ST; urn:schemas-wifialliance-org:device:WFADevice:1',
2610 sock
.sendto(msg
, ("239.255.255.250", 1900))
2612 logger
.debug("Invalid M-SEARCH")
2614 'M+SEARCH * HTTP/1.1',
2615 'HOST: 239.255.255.250:1900',
2616 'MAN: "ssdp:discover"',
2618 'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
2620 sock
.sendto(msg
, ("239.255.255.250", 1900))
2622 'M-SEARCH-* HTTP/1.1',
2623 'HOST: 239.255.255.250:1900',
2624 'MAN: "ssdp:discover"',
2626 'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
2628 sock
.sendto(msg
, ("239.255.255.250", 1900))
2630 logger
.debug("Invalid message format")
2631 sock
.sendto("NOTIFY * HTTP/1.1", ("239.255.255.250", 1900))
2633 'M-SEARCH * HTTP/1.1',
2634 'HOST: 239.255.255.250:1900',
2635 'MAN: "ssdp:discover"',
2637 'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
2639 sock
.sendto(msg
, ("239.255.255.250", 1900))
2643 raise Exception("Unexpected M-SEARCH response: " + r
)
2644 except socket
.timeout
:
2647 logger
.debug("Valid M-SEARCH")
2649 'M-SEARCH * HTTP/1.1',
2650 'HOST: 239.255.255.250:1900',
2651 'MAN: "ssdp:discover"',
2653 'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
2655 sock
.sendto(msg
, ("239.255.255.250", 1900))
2660 except socket
.timeout
:
2661 raise Exception("No SSDP response")
2663 def test_ap_wps_ssdp_burst(dev
, apdev
):
2664 """WPS AP and SSDP burst"""
2665 ap_uuid
= "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
2666 add_ssdp_ap(apdev
[0], ap_uuid
)
2669 'M-SEARCH * HTTP/1.1',
2670 'HOST: 239.255.255.250:1900',
2671 'MAN: "ssdp:discover"',
2673 'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
2675 socket
.setdefaulttimeout(1)
2676 sock
= socket
.socket(socket
.AF_INET
, socket
.SOCK_DGRAM
, socket
.IPPROTO_UDP
)
2677 sock
.setsockopt(socket
.SOL_SOCKET
, socket
.SO_REUSEADDR
, 1)
2678 sock
.setsockopt(socket
.IPPROTO_IP
, socket
.IP_MULTICAST_TTL
, 2)
2679 sock
.bind(("127.0.0.1", 0))
2680 for i
in range(0, 25):
2681 sock
.sendto(msg
, ("239.255.255.250", 1900))
2686 if not r
.startswith("HTTP/1.1 200 OK\r\n"):
2687 raise Exception("Unexpected message: " + r
)
2689 except socket
.timeout
:
2692 raise Exception("Too few SSDP responses")
2694 sock
= socket
.socket(socket
.AF_INET
, socket
.SOCK_DGRAM
, socket
.IPPROTO_UDP
)
2695 sock
.setsockopt(socket
.SOL_SOCKET
, socket
.SO_REUSEADDR
, 1)
2696 sock
.setsockopt(socket
.IPPROTO_IP
, socket
.IP_MULTICAST_TTL
, 2)
2697 sock
.bind(("127.0.0.1", 0))
2698 for i
in range(0, 25):
2699 sock
.sendto(msg
, ("239.255.255.250", 1900))
2705 except socket
.timeout
:
2706 raise Exception("No SSDP response")
2708 def ssdp_get_location(uuid
):
2709 res
= ssdp_send_msearch("uuid:" + uuid
)
2711 for l
in res
.splitlines():
2712 if l
.lower().startswith("location:"):
2713 location
= l
.split(':', 1)[1].strip()
2715 if location
is None:
2716 raise Exception("No UPnP location found")
2719 def upnp_get_urls(location
):
2720 conn
= urllib
.urlopen(location
, proxies
={})
2721 tree
= ET
.parse(conn
)
2722 root
= tree
.getroot()
2723 urn
= '{urn:schemas-upnp-org:device-1-0}'
2724 service
= root
.find("./" + urn
+ "device/" + urn
+ "serviceList/" + urn
+ "service")
2726 res
['scpd_url'] = urlparse
.urljoin(location
, service
.find(urn
+ 'SCPDURL').text
)
2727 res
['control_url'] = urlparse
.urljoin(location
, service
.find(urn
+ 'controlURL').text
)
2728 res
['event_sub_url'] = urlparse
.urljoin(location
, service
.find(urn
+ 'eventSubURL').text
)
2731 def upnp_soap_action(conn
, path
, action
, include_soap_action
=True,
2732 soap_action_override
=None, newmsg
=None, neweventtype
=None,
2734 soapns
= 'http://schemas.xmlsoap.org/soap/envelope/'
2735 wpsns
= 'urn:schemas-wifialliance-org:service:WFAWLANConfig:1'
2736 ET
.register_namespace('soapenv', soapns
)
2737 ET
.register_namespace('wfa', wpsns
)
2739 attrib
['{%s}encodingStyle' % soapns
] = 'http://schemas.xmlsoap.org/soap/encoding/'
2740 root
= ET
.Element("{%s}Envelope" % soapns
, attrib
=attrib
)
2741 body
= ET
.SubElement(root
, "{%s}Body" % soapns
)
2742 act
= ET
.SubElement(body
, "{%s}%s" % (wpsns
, action
))
2744 msg
= ET
.SubElement(act
, "NewMessage")
2745 msg
.text
= base64
.b64encode(newmsg
)
2747 msg
= ET
.SubElement(act
, "NewWLANEventType")
2748 msg
.text
= neweventtype
2750 msg
= ET
.SubElement(act
, "NewWLANEventMAC")
2751 msg
.text
= neweventmac
2752 tree
= ET
.ElementTree(root
)
2753 soap
= StringIO
.StringIO()
2754 tree
.write(soap
, xml_declaration
=True, encoding
='utf-8')
2756 headers
= { "Content-type": 'text/xml; charset="utf-8"' }
2757 if include_soap_action
:
2758 headers
["SOAPAction"] = '"urn:schemas-wifialliance-org:service:WFAWLANConfig:1#%s"' % action
2759 elif soap_action_override
:
2760 headers
["SOAPAction"] = soap_action_override
2761 conn
.request("POST", path
, soap
.getvalue(), headers
)
2762 return conn
.getresponse()
2764 def test_ap_wps_upnp(dev
, apdev
):
2765 """WPS AP and UPnP operations"""
2766 ap_uuid
= "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
2767 add_ssdp_ap(apdev
[0], ap_uuid
)
2769 location
= ssdp_get_location(ap_uuid
)
2770 urls
= upnp_get_urls(location
)
2772 conn
= urllib
.urlopen(urls
['scpd_url'], proxies
={})
2775 conn
= urllib
.urlopen(urlparse
.urljoin(location
, "unknown.html"),
2777 if conn
.getcode() != 404:
2778 raise Exception("Unexpected HTTP response to GET unknown URL")
2780 url
= urlparse
.urlparse(location
)
2781 conn
= httplib
.HTTPConnection(url
.netloc
)
2782 #conn.set_debuglevel(1)
2783 headers
= { "Content-type": 'text/xml; charset="utf-8"',
2784 "SOAPAction": '"urn:schemas-wifialliance-org:service:WFAWLANConfig:1#GetDeviceInfo"' }
2785 conn
.request("POST", "hello", "\r\n\r\n", headers
)
2786 resp
= conn
.getresponse()
2787 if resp
.status
!= 404:
2788 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
2790 conn
.request("UNKNOWN", "hello", "\r\n\r\n", headers
)
2791 resp
= conn
.getresponse()
2792 if resp
.status
!= 501:
2793 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
2795 headers
= { "Content-type": 'text/xml; charset="utf-8"',
2796 "SOAPAction": '"urn:some-unknown-action#GetDeviceInfo"' }
2797 ctrlurl
= urlparse
.urlparse(urls
['control_url'])
2798 conn
.request("POST", ctrlurl
.path
, "\r\n\r\n", headers
)
2799 resp
= conn
.getresponse()
2800 if resp
.status
!= 401:
2801 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
2803 logger
.debug("GetDeviceInfo without SOAPAction header")
2804 resp
= upnp_soap_action(conn
, ctrlurl
.path
, "GetDeviceInfo",
2805 include_soap_action
=False)
2806 if resp
.status
!= 401:
2807 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
2809 logger
.debug("GetDeviceInfo with invalid SOAPAction header")
2811 "urn:schemas-wifialliance-org:service:WFAWLANConfig:1#GetDeviceInfo",
2812 '"urn:schemas-wifialliance-org:service:WFAWLANConfig:1"',
2813 '"urn:schemas-wifialliance-org:service:WFAWLANConfig:123#GetDevice']:
2814 resp
= upnp_soap_action(conn
, ctrlurl
.path
, "GetDeviceInfo",
2815 include_soap_action
=False,
2816 soap_action_override
=act
)
2817 if resp
.status
!= 401:
2818 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
2820 resp
= upnp_soap_action(conn
, ctrlurl
.path
, "GetDeviceInfo")
2821 if resp
.status
!= 200:
2822 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
2824 if "NewDeviceInfo" not in dev
:
2825 raise Exception("Unexpected GetDeviceInfo response")
2827 logger
.debug("PutMessage without required parameters")
2828 resp
= upnp_soap_action(conn
, ctrlurl
.path
, "PutMessage")
2829 if resp
.status
!= 600:
2830 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
2832 logger
.debug("PutWLANResponse without required parameters")
2833 resp
= upnp_soap_action(conn
, ctrlurl
.path
, "PutWLANResponse")
2834 if resp
.status
!= 600:
2835 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
2837 logger
.debug("SetSelectedRegistrar from unregistered ER")
2838 resp
= upnp_soap_action(conn
, ctrlurl
.path
, "SetSelectedRegistrar")
2839 if resp
.status
!= 501:
2840 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
2842 logger
.debug("Unknown action")
2843 resp
= upnp_soap_action(conn
, ctrlurl
.path
, "Unknown")
2844 if resp
.status
!= 401:
2845 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
2847 def test_ap_wps_upnp_subscribe(dev
, apdev
):
2848 """WPS AP and UPnP event subscription"""
2849 ap_uuid
= "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
2850 hapd
= add_ssdp_ap(apdev
[0], ap_uuid
)
2852 location
= ssdp_get_location(ap_uuid
)
2853 urls
= upnp_get_urls(location
)
2854 eventurl
= urlparse
.urlparse(urls
['event_sub_url'])
2856 url
= urlparse
.urlparse(location
)
2857 conn
= httplib
.HTTPConnection(url
.netloc
)
2858 #conn.set_debuglevel(1)
2859 headers
= { "callback": '<http://127.0.0.1:12345/event>',
2860 "timeout": "Second-1234" }
2861 conn
.request("SUBSCRIBE", "hello", "\r\n\r\n", headers
)
2862 resp
= conn
.getresponse()
2863 if resp
.status
!= 412:
2864 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
2866 conn
.request("SUBSCRIBE", eventurl
.path
, "\r\n\r\n", headers
)
2867 resp
= conn
.getresponse()
2868 if resp
.status
!= 412:
2869 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
2871 headers
= { "NT": "upnp:event",
2872 "timeout": "Second-1234" }
2873 conn
.request("SUBSCRIBE", eventurl
.path
, "\r\n\r\n", headers
)
2874 resp
= conn
.getresponse()
2875 if resp
.status
!= 412:
2876 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
2878 headers
= { "callback": '<http://127.0.0.1:12345/event>',
2879 "NT": "upnp:foobar",
2880 "timeout": "Second-1234" }
2881 conn
.request("SUBSCRIBE", eventurl
.path
, "\r\n\r\n", headers
)
2882 resp
= conn
.getresponse()
2883 if resp
.status
!= 400:
2884 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
2886 logger
.debug("Valid subscription")
2887 headers
= { "callback": '<http://127.0.0.1:12345/event>',
2889 "timeout": "Second-1234" }
2890 conn
.request("SUBSCRIBE", eventurl
.path
, "\r\n\r\n", headers
)
2891 resp
= conn
.getresponse()
2892 if resp
.status
!= 200:
2893 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
2894 sid
= resp
.getheader("sid")
2895 logger
.debug("Subscription SID " + sid
)
2897 logger
.debug("Invalid re-subscription")
2898 headers
= { "NT": "upnp:event",
2899 "sid": "123456734567854",
2900 "timeout": "Second-1234" }
2901 conn
.request("SUBSCRIBE", eventurl
.path
, "\r\n\r\n", headers
)
2902 resp
= conn
.getresponse()
2903 if resp
.status
!= 400:
2904 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
2906 logger
.debug("Invalid re-subscription")
2907 headers
= { "NT": "upnp:event",
2908 "sid": "uuid:123456734567854",
2909 "timeout": "Second-1234" }
2910 conn
.request("SUBSCRIBE", eventurl
.path
, "\r\n\r\n", headers
)
2911 resp
= conn
.getresponse()
2912 if resp
.status
!= 400:
2913 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
2915 logger
.debug("Invalid re-subscription")
2916 headers
= { "callback": '<http://127.0.0.1:12345/event>',
2919 "timeout": "Second-1234" }
2920 conn
.request("SUBSCRIBE", eventurl
.path
, "\r\n\r\n", headers
)
2921 resp
= conn
.getresponse()
2922 if resp
.status
!= 400:
2923 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
2925 logger
.debug("SID mismatch in re-subscription")
2926 headers
= { "NT": "upnp:event",
2927 "sid": "uuid:4c2bca79-1ff4-4e43-85d4-952a2b8a51fb",
2928 "timeout": "Second-1234" }
2929 conn
.request("SUBSCRIBE", eventurl
.path
, "\r\n\r\n", headers
)
2930 resp
= conn
.getresponse()
2931 if resp
.status
!= 412:
2932 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
2934 logger
.debug("Valid re-subscription")
2935 headers
= { "NT": "upnp:event",
2937 "timeout": "Second-1234" }
2938 conn
.request("SUBSCRIBE", eventurl
.path
, "\r\n\r\n", headers
)
2939 resp
= conn
.getresponse()
2940 if resp
.status
!= 200:
2941 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
2942 sid2
= resp
.getheader("sid")
2943 logger
.debug("Subscription SID " + sid2
)
2946 raise Exception("Unexpected SID change")
2948 logger
.debug("Valid re-subscription")
2949 headers
= { "NT": "upnp:event",
2950 "sid": "uuid: \t \t" + sid
.split(':')[1],
2951 "timeout": "Second-1234" }
2952 conn
.request("SUBSCRIBE", eventurl
.path
, "\r\n\r\n", headers
)
2953 resp
= conn
.getresponse()
2954 if resp
.status
!= 200:
2955 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
2957 logger
.debug("Invalid unsubscription")
2958 headers
= { "sid": sid
}
2959 conn
.request("UNSUBSCRIBE", "/hello", "\r\n\r\n", headers
)
2960 resp
= conn
.getresponse()
2961 if resp
.status
!= 412:
2962 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
2963 headers
= { "foo": "bar" }
2964 conn
.request("UNSUBSCRIBE", eventurl
.path
, "\r\n\r\n", headers
)
2965 resp
= conn
.getresponse()
2966 if resp
.status
!= 412:
2967 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
2969 logger
.debug("Valid unsubscription")
2970 headers
= { "sid": sid
}
2971 conn
.request("UNSUBSCRIBE", eventurl
.path
, "\r\n\r\n", headers
)
2972 resp
= conn
.getresponse()
2973 if resp
.status
!= 200:
2974 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
2976 logger
.debug("Unsubscription for not existing SID")
2977 headers
= { "sid": sid
}
2978 conn
.request("UNSUBSCRIBE", eventurl
.path
, "\r\n\r\n", headers
)
2979 resp
= conn
.getresponse()
2980 if resp
.status
!= 412:
2981 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
2983 logger
.debug("Invalid unsubscription")
2984 headers
= { "sid": " \t \tfoo" }
2985 conn
.request("UNSUBSCRIBE", eventurl
.path
, "\r\n\r\n", headers
)
2986 resp
= conn
.getresponse()
2987 if resp
.status
!= 400:
2988 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
2990 logger
.debug("Invalid unsubscription")
2991 headers
= { "sid": "uuid:\t \tfoo" }
2992 conn
.request("UNSUBSCRIBE", eventurl
.path
, "\r\n\r\n", headers
)
2993 resp
= conn
.getresponse()
2994 if resp
.status
!= 400:
2995 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
2997 logger
.debug("Invalid unsubscription")
2998 headers
= { "NT": "upnp:event",
3000 conn
.request("UNSUBSCRIBE", eventurl
.path
, "\r\n\r\n", headers
)
3001 resp
= conn
.getresponse()
3002 if resp
.status
!= 400:
3003 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
3004 headers
= { "callback": '<http://127.0.0.1:12345/event>',
3006 conn
.request("UNSUBSCRIBE", eventurl
.path
, "\r\n\r\n", headers
)
3007 resp
= conn
.getresponse()
3008 if resp
.status
!= 400:
3009 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
3011 logger
.debug("Valid subscription with multiple callbacks")
3012 headers
= { "callback": '<http://127.0.0.1:12345/event> <http://127.0.0.1:12345/event>\t<http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event>',
3014 "timeout": "Second-1234" }
3015 conn
.request("SUBSCRIBE", eventurl
.path
, "\r\n\r\n", headers
)
3016 resp
= conn
.getresponse()
3017 if resp
.status
!= 200:
3018 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
3019 sid
= resp
.getheader("sid")
3020 logger
.debug("Subscription SID " + sid
)
3022 # Force subscription to be deleted due to errors
3023 dev
[1].scan_for_bss(apdev
[0]['bssid'], freq
=2412)
3024 dev
[2].scan_for_bss(apdev
[0]['bssid'], freq
=2412)
3025 with
alloc_fail(hapd
, 1, "event_build_message"):
3027 dev
[1].dump_monitor()
3028 dev
[2].dump_monitor()
3029 dev
[1].request("WPS_PIN " + apdev
[0]['bssid'] + " 12345670")
3030 dev
[2].request("WPS_PIN " + apdev
[0]['bssid'] + " 12345670")
3031 dev
[1].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
3032 dev
[1].request("WPS_CANCEL")
3033 dev
[2].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
3034 dev
[2].request("WPS_CANCEL")
3041 headers
= { "sid": sid
}
3042 conn
.request("UNSUBSCRIBE", eventurl
.path
, "", headers
)
3043 resp
= conn
.getresponse()
3044 if resp
.status
!= 200 and resp
.status
!= 412:
3045 raise Exception("Unexpected HTTP response for UNSUBSCRIBE: %d" % resp
.status
)
3047 headers
= { "callback": '<http://127.0.0.1:12345/event>',
3049 "timeout": "Second-1234" }
3050 with
alloc_fail(hapd
, 1, "http_client_addr;event_send_start"):
3051 conn
.request("SUBSCRIBE", eventurl
.path
, "\r\n\r\n", headers
)
3052 resp
= conn
.getresponse()
3053 if resp
.status
!= 200:
3054 raise Exception("Unexpected HTTP response for SUBSCRIBE: %d" % resp
.status
)
3055 sid
= resp
.getheader("sid")
3056 logger
.debug("Subscription SID " + sid
)
3058 headers
= { "sid": sid
}
3059 conn
.request("UNSUBSCRIBE", eventurl
.path
, "\r\n\r\n", headers
)
3060 resp
= conn
.getresponse()
3061 if resp
.status
!= 200:
3062 raise Exception("Unexpected HTTP response for UNSUBSCRIBE: %d" % resp
.status
)
3064 headers
= { "callback": '<http://127.0.0.1:12345/event>',
3066 "timeout": "Second-1234" }
3067 conn
.request("SUBSCRIBE", eventurl
.path
, "\r\n\r\n", headers
)
3068 resp
= conn
.getresponse()
3069 if resp
.status
!= 200:
3070 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
3071 sid
= resp
.getheader("sid")
3072 logger
.debug("Subscription SID " + sid
)
3074 with
alloc_fail(hapd
, 1, "=event_add"):
3076 dev
[1].dump_monitor()
3077 dev
[2].dump_monitor()
3078 dev
[1].request("WPS_PIN " + apdev
[0]['bssid'] + " 12345670")
3079 dev
[2].request("WPS_PIN " + apdev
[0]['bssid'] + " 12345670")
3080 dev
[1].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
3081 dev
[1].request("WPS_CANCEL")
3082 dev
[2].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
3083 dev
[2].request("WPS_CANCEL")
3089 conn
.request("SUBSCRIBE", eventurl
.path
, "\r\n\r\n", headers
)
3090 resp
= conn
.getresponse()
3091 if resp
.status
!= 200:
3092 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
3094 with
alloc_fail(hapd
, 1, "wpabuf_dup;event_add"):
3095 dev
[1].dump_monitor()
3096 dev
[2].dump_monitor()
3097 dev
[1].request("WPS_PIN " + apdev
[0]['bssid'] + " 12345670")
3098 dev
[2].request("WPS_PIN " + apdev
[0]['bssid'] + " 12345670")
3099 dev
[1].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
3100 dev
[1].request("WPS_CANCEL")
3101 dev
[2].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
3102 dev
[2].request("WPS_CANCEL")
3105 with
fail_test(hapd
, 1, "os_get_random;uuid_make;subscription_start"):
3106 conn
.request("SUBSCRIBE", eventurl
.path
, "\r\n\r\n", headers
)
3107 resp
= conn
.getresponse()
3108 if resp
.status
!= 500:
3109 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
3111 with
alloc_fail(hapd
, 1, "=subscription_start"):
3112 conn
.request("SUBSCRIBE", eventurl
.path
, "\r\n\r\n", headers
)
3113 resp
= conn
.getresponse()
3114 if resp
.status
!= 500:
3115 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
3117 headers
= { "callback": '',
3119 "timeout": "Second-1234" }
3120 conn
.request("SUBSCRIBE", eventurl
.path
, "\r\n\r\n", headers
)
3121 resp
= conn
.getresponse()
3122 if resp
.status
!= 500:
3123 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
3125 headers
= { "callback": ' <',
3127 "timeout": "Second-1234" }
3128 conn
.request("SUBSCRIBE", eventurl
.path
, "\r\n\r\n", headers
)
3129 resp
= conn
.getresponse()
3130 if resp
.status
!= 500:
3131 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
3133 headers
= { "callback": '<http://127.0.0.1:12345/event>',
3135 "timeout": "Second-1234" }
3136 with
alloc_fail(hapd
, 1, "wpabuf_alloc;subscription_first_event"):
3137 conn
.request("SUBSCRIBE", eventurl
.path
, "\r\n\r\n", headers
)
3138 resp
= conn
.getresponse()
3139 if resp
.status
!= 500:
3140 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
3142 with
alloc_fail(hapd
, 1, "event_add;subscription_first_event"):
3143 conn
.request("SUBSCRIBE", eventurl
.path
, "\r\n\r\n", headers
)
3144 resp
= conn
.getresponse()
3145 if resp
.status
!= 500:
3146 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
3148 with
alloc_fail(hapd
, 1, "subscr_addr_add_url"):
3149 conn
.request("SUBSCRIBE", eventurl
.path
, "\r\n\r\n", headers
)
3150 resp
= conn
.getresponse()
3151 if resp
.status
!= 500:
3152 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
3154 with
alloc_fail(hapd
, 2, "subscr_addr_add_url"):
3155 conn
.request("SUBSCRIBE", eventurl
.path
, "\r\n\r\n", headers
)
3156 resp
= conn
.getresponse()
3157 if resp
.status
!= 500:
3158 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
3161 headers
= { "callback": '<http://127.0.0.1:%d/event>' % (12345 + i
),
3163 "timeout": "Second-1234" }
3164 conn
.request("SUBSCRIBE", eventurl
.path
, "\r\n\r\n", headers
)
3165 resp
= conn
.getresponse()
3166 if resp
.status
!= 200:
3167 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
3169 with
alloc_fail(hapd
, 1, "=upnp_wps_device_send_wlan_event"):
3170 dev
[1].dump_monitor()
3171 dev
[1].request("WPS_PIN " + apdev
[0]['bssid'] + " 12345670")
3172 dev
[1].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
3173 dev
[1].request("WPS_CANCEL")
3176 with
alloc_fail(hapd
, 1, "wpabuf_alloc;upnp_wps_device_send_event"):
3177 dev
[1].dump_monitor()
3178 dev
[1].request("WPS_PIN " + apdev
[0]['bssid'] + " 12345670")
3179 dev
[1].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
3180 dev
[1].request("WPS_CANCEL")
3183 with
alloc_fail(hapd
, 1, "base64_encode;upnp_wps_device_send_wlan_event"):
3184 dev
[1].dump_monitor()
3185 dev
[1].request("WPS_PIN " + apdev
[0]['bssid'] + " 12345670")
3186 dev
[1].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
3187 dev
[1].request("WPS_CANCEL")
3191 with
alloc_fail(hapd
, 1, "get_netif_info"):
3192 if "FAIL" not in hapd
.request("ENABLE"):
3193 raise Exception("ENABLE succeeded during OOM")
3195 def test_ap_wps_upnp_subscribe_events(dev
, apdev
):
3196 """WPS AP and UPnP event subscription and many events"""
3197 ap_uuid
= "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
3198 hapd
= add_ssdp_ap(apdev
[0], ap_uuid
)
3200 location
= ssdp_get_location(ap_uuid
)
3201 urls
= upnp_get_urls(location
)
3202 eventurl
= urlparse
.urlparse(urls
['event_sub_url'])
3204 class WPSERHTTPServer(SocketServer
.StreamRequestHandler
):
3206 data
= self
.rfile
.readline().strip()
3208 self
.wfile
.write(gen_wps_event())
3210 server
= MyTCPServer(("127.0.0.1", 12345), WPSERHTTPServer
)
3213 url
= urlparse
.urlparse(location
)
3214 conn
= httplib
.HTTPConnection(url
.netloc
)
3216 headers
= { "callback": '<http://127.0.0.1:12345/event>',
3218 "timeout": "Second-1234" }
3219 conn
.request("SUBSCRIBE", eventurl
.path
, "\r\n\r\n", headers
)
3220 resp
= conn
.getresponse()
3221 if resp
.status
!= 200:
3222 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
3223 sid
= resp
.getheader("sid")
3224 logger
.debug("Subscription SID " + sid
)
3226 # Fetch the first event message
3227 server
.handle_request()
3229 # Force subscription event queue to reach the maximum length by generating
3230 # new proxied events without the ER fetching any of the pending events.
3231 dev
[1].scan_for_bss(apdev
[0]['bssid'], freq
=2412)
3232 dev
[2].scan_for_bss(apdev
[0]['bssid'], freq
=2412)
3234 dev
[1].dump_monitor()
3235 dev
[2].dump_monitor()
3236 dev
[1].request("WPS_PIN " + apdev
[0]['bssid'] + " 12345670")
3237 dev
[2].request("WPS_PIN " + apdev
[0]['bssid'] + " 12345670")
3238 dev
[1].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
3239 dev
[1].request("WPS_CANCEL")
3240 dev
[2].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
3241 dev
[2].request("WPS_CANCEL")
3247 hapd
.request("WPS_PIN any 12345670")
3248 dev
[1].dump_monitor()
3249 dev
[1].request("WPS_PIN " + apdev
[0]['bssid'] + " 12345670")
3250 ev
= dev
[1].wait_event(["WPS-SUCCESS"], timeout
=10)
3252 raise Exception("WPS success not reported")
3254 # Close the WPS ER HTTP server without fetching all the pending events.
3255 # This tests hostapd code path that clears subscription and the remaining
3256 # event queue when the interface is deinitialized.
3257 server
.handle_request()
3258 server
.server_close()
3260 dev
[1].wait_connected()
3262 def test_ap_wps_upnp_http_proto(dev
, apdev
):
3263 """WPS AP and UPnP/HTTP protocol testing"""
3264 ap_uuid
= "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
3265 add_ssdp_ap(apdev
[0], ap_uuid
)
3267 location
= ssdp_get_location(ap_uuid
)
3269 url
= urlparse
.urlparse(location
)
3270 conn
= httplib
.HTTPConnection(url
.netloc
, timeout
=0.2)
3271 #conn.set_debuglevel(1)
3273 conn
.request("HEAD", "hello")
3274 resp
= conn
.getresponse()
3275 if resp
.status
!= 501:
3276 raise Exception("Unexpected response to HEAD: " + str(resp
.status
))
3279 for cmd
in [ "PUT", "DELETE", "TRACE", "CONNECT", "M-SEARCH", "M-POST" ]:
3281 conn
.request(cmd
, "hello")
3282 resp
= conn
.getresponse()
3283 except Exception, e
:
3287 headers
= { "Content-Length": 'abc' }
3288 conn
.request("HEAD", "hello", "\r\n\r\n", headers
)
3290 resp
= conn
.getresponse()
3291 except Exception, e
:
3295 headers
= { "Content-Length": '-10' }
3296 conn
.request("HEAD", "hello", "\r\n\r\n", headers
)
3298 resp
= conn
.getresponse()
3299 except Exception, e
:
3303 headers
= { "Content-Length": '10000000000000' }
3304 conn
.request("HEAD", "hello", "\r\n\r\nhello", headers
)
3306 resp
= conn
.getresponse()
3307 except Exception, e
:
3311 headers
= { "Transfer-Encoding": 'abc' }
3312 conn
.request("HEAD", "hello", "\r\n\r\n", headers
)
3313 resp
= conn
.getresponse()
3314 if resp
.status
!= 501:
3315 raise Exception("Unexpected response to HEAD: " + str(resp
.status
))
3318 headers
= { "Transfer-Encoding": 'chunked' }
3319 conn
.request("HEAD", "hello", "\r\n\r\n", headers
)
3320 resp
= conn
.getresponse()
3321 if resp
.status
!= 501:
3322 raise Exception("Unexpected response to HEAD: " + str(resp
.status
))
3326 conn
.request("HEAD", 5000 * 'A')
3328 resp
= conn
.getresponse()
3329 except Exception, e
:
3333 # Long URL but within header length limits
3334 conn
.request("HEAD", 3000 * 'A')
3335 resp
= conn
.getresponse()
3336 if resp
.status
!= 501:
3337 raise Exception("Unexpected response to HEAD: " + str(resp
.status
))
3340 headers
= { "Content-Length": '20' }
3341 conn
.request("POST", "hello", 10 * 'A' + "\r\n\r\n", headers
)
3343 resp
= conn
.getresponse()
3344 except Exception, e
:
3348 conn
.request("POST", "hello", 5000 * 'A' + "\r\n\r\n")
3349 resp
= conn
.getresponse()
3350 if resp
.status
!= 404:
3351 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
3354 conn
.request("POST", "hello", 60000 * 'A' + "\r\n\r\n")
3356 resp
= conn
.getresponse()
3357 except Exception, e
:
3361 def test_ap_wps_upnp_http_proto_chunked(dev
, apdev
):
3362 """WPS AP and UPnP/HTTP protocol testing for chunked encoding"""
3363 ap_uuid
= "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
3364 add_ssdp_ap(apdev
[0], ap_uuid
)
3366 location
= ssdp_get_location(ap_uuid
)
3368 url
= urlparse
.urlparse(location
)
3369 conn
= httplib
.HTTPConnection(url
.netloc
)
3370 #conn.set_debuglevel(1)
3372 headers
= { "Transfer-Encoding": 'chunked' }
3373 conn
.request("POST", "hello",
3374 "a\r\nabcdefghij\r\n" + "2\r\nkl\r\n" + "0\r\n\r\n",
3376 resp
= conn
.getresponse()
3377 if resp
.status
!= 404:
3378 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
3381 conn
.putrequest("POST", "hello")
3382 conn
.putheader('Transfer-Encoding', 'chunked')
3384 conn
.send("a\r\nabcdefghij\r\n")
3386 conn
.send("2\r\nkl\r\n")
3387 conn
.send("0\r\n\r\n")
3388 resp
= conn
.getresponse()
3389 if resp
.status
!= 404:
3390 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
3393 conn
.putrequest("POST", "hello")
3394 conn
.putheader('Transfer-Encoding', 'chunked')
3398 for i
in range(20000):
3399 conn
.send("1\r\nZ\r\n")
3400 conn
.send("0\r\n\r\n")
3401 resp
= conn
.getresponse()
3403 except Exception, e
:
3407 raise Exception("Too long chunked request did not result in connection reset")
3409 headers
= { "Transfer-Encoding": 'chunked' }
3410 conn
.request("POST", "hello", "80000000\r\na", headers
)
3412 resp
= conn
.getresponse()
3413 except Exception, e
:
3417 conn
.request("POST", "hello", "10000000\r\na", headers
)
3419 resp
= conn
.getresponse()
3420 except Exception, e
:
3425 def test_ap_wps_disabled(dev
, apdev
):
3426 """WPS operations while WPS is disabled"""
3427 ssid
= "test-wps-disabled"
3428 hapd
= hostapd
.add_ap(apdev
[0], { "ssid": ssid
})
3429 if "FAIL" not in hapd
.request("WPS_PBC"):
3430 raise Exception("WPS_PBC succeeded unexpectedly")
3431 if "FAIL" not in hapd
.request("WPS_CANCEL"):
3432 raise Exception("WPS_CANCEL succeeded unexpectedly")
3434 def test_ap_wps_mixed_cred(dev
, apdev
):
3435 """WPS 2.0 STA merging mixed mode WPA/WPA2 credentials"""
3436 ssid
= "test-wps-wep"
3437 params
= { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
3438 "skip_cred_build": "1", "extra_cred": "wps-mixed-cred" }
3439 hapd
= hostapd
.add_ap(apdev
[0], params
)
3440 hapd
.request("WPS_PBC")
3441 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
="2412")
3442 dev
[0].request("WPS_PBC " + apdev
[0]['bssid'])
3443 ev
= dev
[0].wait_event(["WPS-SUCCESS"], timeout
=30)
3445 raise Exception("WPS-SUCCESS event timed out")
3446 nets
= dev
[0].list_networks()
3448 raise Exception("Unexpected number of network blocks")
3450 proto
= dev
[0].get_network(id, "proto")
3451 if proto
!= "WPA RSN":
3452 raise Exception("Unexpected merged proto field value: " + proto
)
3453 pairwise
= dev
[0].get_network(id, "pairwise")
3454 if pairwise
!= "CCMP TKIP" and pairwise
!= "CCMP GCMP TKIP":
3455 raise Exception("Unexpected merged pairwise field value: " + pairwise
)
3458 def test_ap_wps_while_connected(dev
, apdev
):
3459 """WPS PBC provisioning while connected to another AP"""
3460 ssid
= "test-wps-conf"
3461 hapd
= hostapd
.add_ap(apdev
[0],
3462 { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
3463 "wpa_passphrase": "12345678", "wpa": "2",
3464 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
3466 hostapd
.add_ap(apdev
[1], { "ssid": "open" })
3467 dev
[0].connect("open", key_mgmt
="NONE", scan_freq
="2412")
3469 logger
.info("WPS provisioning step")
3470 hapd
.request("WPS_PBC")
3471 dev
[0].dump_monitor()
3472 dev
[0].request("WPS_PBC " + apdev
[0]['bssid'])
3473 dev
[0].wait_connected(timeout
=30)
3474 status
= dev
[0].get_status()
3475 if status
['bssid'] != apdev
[0]['bssid']:
3476 raise Exception("Unexpected BSSID")
3479 def test_ap_wps_while_connected_no_autoconnect(dev
, apdev
):
3480 """WPS PBC provisioning while connected to another AP and STA_AUTOCONNECT disabled"""
3481 ssid
= "test-wps-conf"
3482 hapd
= hostapd
.add_ap(apdev
[0],
3483 { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
3484 "wpa_passphrase": "12345678", "wpa": "2",
3485 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
3487 hostapd
.add_ap(apdev
[1], { "ssid": "open" })
3490 dev
[0].request("STA_AUTOCONNECT 0")
3491 dev
[0].connect("open", key_mgmt
="NONE", scan_freq
="2412")
3493 logger
.info("WPS provisioning step")
3494 hapd
.request("WPS_PBC")
3495 dev
[0].dump_monitor()
3496 dev
[0].request("WPS_PBC " + apdev
[0]['bssid'])
3497 dev
[0].wait_connected(timeout
=30)
3498 status
= dev
[0].get_status()
3499 if status
['bssid'] != apdev
[0]['bssid']:
3500 raise Exception("Unexpected BSSID")
3502 dev
[0].request("STA_AUTOCONNECT 1")
3505 def test_ap_wps_from_event(dev
, apdev
):
3506 """WPS PBC event on AP to enable PBC"""
3507 ssid
= "test-wps-conf"
3508 hapd
= hostapd
.add_ap(apdev
[0],
3509 { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
3510 "wpa_passphrase": "12345678", "wpa": "2",
3511 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
3512 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
="2412")
3513 dev
[0].dump_monitor()
3515 dev
[0].request("WPS_PBC " + apdev
[0]['bssid'])
3517 ev
= hapd
.wait_event(['WPS-ENROLLEE-SEEN'], timeout
=15)
3519 raise Exception("No WPS-ENROLLEE-SEEN event on AP")
3520 vals
= ev
.split(' ')
3521 if vals
[1] != dev
[0].p2p_interface_addr():
3522 raise Exception("Unexpected enrollee address: " + vals
[1])
3524 raise Exception("Unexpected Device Password Id: " + vals
[5])
3525 hapd
.request("WPS_PBC")
3526 dev
[0].wait_connected(timeout
=30)
3528 def test_ap_wps_ap_scan_2(dev
, apdev
):
3529 """AP_SCAN 2 for WPS"""
3530 ssid
= "test-wps-conf"
3531 hapd
= hostapd
.add_ap(apdev
[0],
3532 { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
3533 "wpa_passphrase": "12345678", "wpa": "2",
3534 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
3535 hapd
.request("WPS_PBC")
3537 wpas
= WpaSupplicant(global_iface
='/tmp/wpas-wlan5')
3538 wpas
.interface_add("wlan5", drv_params
="force_connect_cmd=1")
3541 if "OK" not in wpas
.request("AP_SCAN 2"):
3542 raise Exception("Failed to set AP_SCAN 2")
3544 wpas
.flush_scan_cache()
3545 wpas
.scan_for_bss(apdev
[0]['bssid'], freq
="2412")
3547 wpas
.request("WPS_PBC " + apdev
[0]['bssid'])
3548 ev
= wpas
.wait_event(["WPS-SUCCESS"], timeout
=15)
3550 raise Exception("WPS-SUCCESS event timed out")
3551 wpas
.wait_connected(timeout
=30)
3553 wpas
.request("DISCONNECT")
3554 wpas
.request("BSS_FLUSH 0")
3556 wpas
.request("REASSOCIATE")
3557 wpas
.wait_connected(timeout
=30)
3561 def test_ap_wps_eapol_workaround(dev
, apdev
):
3562 """EAPOL workaround code path for 802.1X header length mismatch"""
3564 hapd
= hostapd
.add_ap(apdev
[0],
3565 { "ssid": ssid
, "eap_server": "1", "wps_state": "1" })
3566 bssid
= apdev
[0]['bssid']
3567 hapd
.request("SET ext_eapol_frame_io 1")
3568 dev
[0].request("SET ext_eapol_frame_io 1")
3569 hapd
.request("WPS_PBC")
3570 dev
[0].request("WPS_PBC")
3572 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
3574 raise Exception("Timeout on EAPOL-TX from hostapd")
3576 res
= dev
[0].request("EAPOL_RX " + bssid
+ " 020000040193000501FFFF")
3578 raise Exception("EAPOL_RX to wpa_supplicant failed")
3580 def test_ap_wps_iteration(dev
, apdev
):
3581 """WPS PIN and iterate through APs without selected registrar"""
3582 ssid
= "test-wps-conf"
3583 hapd
= hostapd
.add_ap(apdev
[0],
3584 { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
3585 "wpa_passphrase": "12345678", "wpa": "2",
3586 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
3588 ssid2
= "test-wps-conf2"
3589 hapd2
= hostapd
.add_ap(apdev
[1],
3590 { "ssid": ssid2
, "eap_server": "1", "wps_state": "2",
3591 "wpa_passphrase": "12345678", "wpa": "2",
3592 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
3594 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
="2412")
3595 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
3596 dev
[0].dump_monitor()
3597 pin
= dev
[0].request("WPS_PIN any")
3599 # Wait for iteration through all WPS APs to happen before enabling any
3602 ev
= dev
[0].wait_event(["Associated with"], timeout
=30)
3604 raise Exception("No association seen")
3605 ev
= dev
[0].wait_event(["WPS-M2D"], timeout
=10)
3607 raise Exception("No M2D from AP")
3608 dev
[0].wait_disconnected()
3610 # Verify that each AP requested PIN
3611 ev
= hapd
.wait_event(["WPS-PIN-NEEDED"], timeout
=1)
3613 raise Exception("No WPS-PIN-NEEDED event from AP")
3614 ev
= hapd2
.wait_event(["WPS-PIN-NEEDED"], timeout
=1)
3616 raise Exception("No WPS-PIN-NEEDED event from AP2")
3618 # Provide PIN to one of the APs and verify that connection gets formed
3619 hapd
.request("WPS_PIN any " + pin
)
3620 dev
[0].wait_connected(timeout
=30)
3622 def test_ap_wps_iteration_error(dev
, apdev
):
3623 """WPS AP iteration on no Selected Registrar and error case with an AP"""
3624 ssid
= "test-wps-conf-pin"
3625 hapd
= hostapd
.add_ap(apdev
[0],
3626 { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
3627 "wpa_passphrase": "12345678", "wpa": "2",
3628 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
3629 "wps_independent": "1" })
3630 hapd
.request("SET ext_eapol_frame_io 1")
3631 bssid
= apdev
[0]['bssid']
3632 pin
= dev
[0].wps_read_pin()
3633 dev
[0].request("WPS_PIN any " + pin
)
3635 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
3637 raise Exception("No EAPOL-TX (EAP-Request/Identity) from hostapd")
3638 dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
3640 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
3642 raise Exception("No EAPOL-TX (EAP-WSC/Start) from hostapd")
3643 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout
=5)
3645 raise Exception("No CTRL-EVENT-EAP-STARTED")
3647 # Do not forward any more EAPOL frames to test wpa_supplicant behavior for
3648 # a case with an incorrectly behaving WPS AP.
3650 # Start the real target AP and activate registrar on it.
3651 hapd2
= hostapd
.add_ap(apdev
[1],
3652 { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
3653 "wpa_passphrase": "12345678", "wpa": "2",
3654 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
3655 "wps_independent": "1" })
3656 hapd2
.request("WPS_PIN any " + pin
)
3658 dev
[0].wait_disconnected(timeout
=15)
3659 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout
=15)
3661 raise Exception("No CTRL-EVENT-EAP-STARTED for the second AP")
3662 ev
= dev
[0].wait_event(["WPS-CRED-RECEIVED"], timeout
=15)
3664 raise Exception("No WPS-CRED-RECEIVED for the second AP")
3665 dev
[0].wait_connected(timeout
=15)
3668 def test_ap_wps_priority(dev
, apdev
):
3669 """WPS PIN provisioning with configured AP and wps_priority"""
3670 ssid
= "test-wps-conf-pin"
3671 hapd
= hostapd
.add_ap(apdev
[0],
3672 { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
3673 "wpa_passphrase": "12345678", "wpa": "2",
3674 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
3675 logger
.info("WPS provisioning step")
3676 pin
= dev
[0].wps_read_pin()
3677 hapd
.request("WPS_PIN any " + pin
)
3678 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
="2412")
3679 dev
[0].dump_monitor()
3681 dev
[0].request("SET wps_priority 6")
3682 dev
[0].request("WPS_PIN %s %s" % (apdev
[0]['bssid'], pin
))
3683 dev
[0].wait_connected(timeout
=30)
3684 netw
= dev
[0].list_networks()
3685 prio
= dev
[0].get_network(netw
[0]['id'], 'priority')
3687 raise Exception("Unexpected network priority: " + prio
)
3689 dev
[0].request("SET wps_priority 0")
3692 def test_ap_wps_and_non_wps(dev
, apdev
):
3693 """WPS and non-WPS AP in single hostapd process"""
3694 params
= { "ssid": "wps", "eap_server": "1", "wps_state": "1" }
3695 hapd
= hostapd
.add_ap(apdev
[0], params
)
3697 params
= { "ssid": "no wps" }
3698 hapd2
= hostapd
.add_ap(apdev
[1], params
)
3700 appin
= hapd
.request("WPS_AP_PIN random")
3702 raise Exception("Could not generate random AP PIN")
3703 if appin
not in hapd
.request("WPS_AP_PIN get"):
3704 raise Exception("Could not fetch current AP PIN")
3706 if "FAIL" in hapd
.request("WPS_PBC"):
3707 raise Exception("WPS_PBC failed")
3708 if "FAIL" in hapd
.request("WPS_CANCEL"):
3709 raise Exception("WPS_CANCEL failed")
3711 def test_ap_wps_init_oom(dev
, apdev
):
3712 """Initial AP configuration and OOM during PSK generation"""
3714 params
= { "ssid": ssid
, "eap_server": "1", "wps_state": "1" }
3715 hapd
= hostapd
.add_ap(apdev
[0], params
)
3717 with
alloc_fail(hapd
, 1, "base64_encode;wps_build_cred"):
3718 pin
= dev
[0].wps_read_pin()
3719 hapd
.request("WPS_PIN any " + pin
)
3720 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
="2412")
3721 dev
[0].request("WPS_PIN %s %s" % (apdev
[0]['bssid'], pin
))
3722 dev
[0].wait_disconnected()
3724 hapd
.request("WPS_PIN any " + pin
)
3725 dev
[0].wait_connected(timeout
=30)
3728 def test_ap_wps_er_oom(dev
, apdev
):
3729 """WPS ER OOM in XML processing"""
3731 _test_ap_wps_er_oom(dev
, apdev
)
3733 dev
[0].request("WPS_ER_STOP")
3734 dev
[1].request("WPS_CANCEL")
3735 dev
[0].request("DISCONNECT")
3737 def _test_ap_wps_er_oom(dev
, apdev
):
3738 ssid
= "wps-er-ap-config"
3740 ap_uuid
= "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
3741 hostapd
.add_ap(apdev
[0],
3742 { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
3743 "wpa_passphrase": "12345678", "wpa": "2",
3744 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
3745 "device_name": "Wireless AP", "manufacturer": "Company",
3746 "model_name": "WAP", "model_number": "123",
3747 "serial_number": "12345", "device_type": "6-0050F204-1",
3748 "os_version": "01020300",
3749 "config_methods": "label push_button",
3750 "ap_pin": ap_pin
, "uuid": ap_uuid
, "upnp_iface": "lo"})
3752 dev
[0].connect(ssid
, psk
="12345678", scan_freq
="2412")
3754 with
alloc_fail(dev
[0], 1, "base64_decode;xml_get_base64_item"):
3755 dev
[0].request("WPS_ER_START ifname=lo")
3756 ev
= dev
[0].wait_event(["WPS-ER-AP-ADD"], timeout
=3)
3758 raise Exception("Unexpected AP discovery")
3760 dev
[0].request("WPS_ER_STOP")
3761 dev
[0].request("WPS_ER_START ifname=lo")
3762 ev
= dev
[0].wait_event(["WPS-ER-AP-ADD"], timeout
=10)
3764 raise Exception("AP discovery timed out")
3766 dev
[1].scan_for_bss(apdev
[0]['bssid'], freq
=2412)
3767 with
alloc_fail(dev
[0], 1, "base64_decode;xml_get_base64_item"):
3768 dev
[1].request("WPS_PBC " + apdev
[0]['bssid'])
3769 ev
= dev
[1].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout
=10)
3771 raise Exception("PBC scan failed")
3772 ev
= dev
[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout
=15)
3774 raise Exception("Enrollee discovery timed out")
3777 def test_ap_wps_er_init_oom(dev
, apdev
):
3778 """WPS ER and OOM during init"""
3780 _test_ap_wps_er_init_oom(dev
, apdev
)
3782 dev
[0].request("WPS_ER_STOP")
3784 def _test_ap_wps_er_init_oom(dev
, apdev
):
3785 with
alloc_fail(dev
[0], 1, "wps_er_init"):
3786 if "FAIL" not in dev
[0].request("WPS_ER_START ifname=lo"):
3787 raise Exception("WPS_ER_START succeeded during OOM")
3788 with
alloc_fail(dev
[0], 1, "http_server_init"):
3789 if "FAIL" not in dev
[0].request("WPS_ER_START ifname=lo"):
3790 raise Exception("WPS_ER_START succeeded during OOM")
3791 with
alloc_fail(dev
[0], 2, "http_server_init"):
3792 if "FAIL" not in dev
[0].request("WPS_ER_START ifname=lo"):
3793 raise Exception("WPS_ER_START succeeded during OOM")
3794 with
alloc_fail(dev
[0], 1, "eloop_sock_table_add_sock;?eloop_register_sock;wps_er_ssdp_init"):
3795 if "FAIL" not in dev
[0].request("WPS_ER_START ifname=lo"):
3796 raise Exception("WPS_ER_START succeeded during OOM")
3797 with
fail_test(dev
[0], 1, "os_get_random;wps_er_init"):
3798 if "FAIL" not in dev
[0].request("WPS_ER_START ifname=lo"):
3799 raise Exception("WPS_ER_START succeeded during os_get_random failure")
3802 def test_ap_wps_er_init_fail(dev
, apdev
):
3803 """WPS ER init failure"""
3804 if "FAIL" not in dev
[0].request("WPS_ER_START ifname=does-not-exist"):
3805 dev
[0].request("WPS_ER_STOP")
3806 raise Exception("WPS_ER_START with non-existing ifname succeeded")
3808 def test_ap_wps_wpa_cli_action(dev
, apdev
, test_params
):
3809 """WPS events and wpa_cli action script"""
3810 logdir
= os
.path
.abspath(test_params
['logdir'])
3811 pidfile
= os
.path
.join(logdir
, 'ap_wps_wpa_cli_action.wpa_cli.pid')
3812 logfile
= os
.path
.join(logdir
, 'ap_wps_wpa_cli_action.wpa_cli.res')
3813 actionfile
= os
.path
.join(logdir
, 'ap_wps_wpa_cli_action.wpa_cli.action.sh')
3815 with
open(actionfile
, 'w') as f
:
3816 f
.write('#!/bin/sh\n')
3817 f
.write('echo $* >> %s\n' % logfile
)
3818 # Kill the process and wait some time before returning to allow all the
3819 # pending events to be processed with some of this happening after the
3820 # eloop SIGALRM signal has been scheduled.
3821 f
.write('if [ $2 = "WPS-SUCCESS" -a -r %s ]; then kill `cat %s`; sleep 1; fi\n' % (pidfile
, pidfile
))
3823 os
.chmod(actionfile
, stat
.S_IREAD | stat
.S_IWRITE | stat
.S_IEXEC |
3824 stat
.S_IRGRP | stat
.S_IXGRP | stat
.S_IROTH | stat
.S_IXOTH
)
3826 ssid
= "test-wps-conf"
3827 hapd
= hostapd
.add_ap(apdev
[0],
3828 { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
3829 "wpa_passphrase": "12345678", "wpa": "2",
3830 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
3832 prg
= os
.path
.join(test_params
['logdir'],
3833 'alt-wpa_supplicant/wpa_supplicant/wpa_cli')
3834 if not os
.path
.exists(prg
):
3835 prg
= '../../wpa_supplicant/wpa_cli'
3836 arg
= [ prg
, '-P', pidfile
, '-B', '-i', dev
[0].ifname
, '-a', actionfile
]
3837 subprocess
.call(arg
)
3839 arg
= [ 'ps', 'ax' ]
3840 cmd
= subprocess
.Popen(arg
, stdout
=subprocess
.PIPE
)
3841 out
= cmd
.communicate()[0]
3843 logger
.debug("Processes:\n" + out
)
3844 if "wpa_cli -P %s -B -i %s" % (pidfile
, dev
[0].ifname
) not in out
:
3845 raise Exception("Did not see wpa_cli running")
3847 hapd
.request("WPS_PIN any 12345670")
3848 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
="2412")
3849 dev
[0].dump_monitor()
3850 dev
[0].request("WPS_PIN " + apdev
[0]['bssid'] + " 12345670")
3851 dev
[0].wait_connected(timeout
=30)
3854 if not os
.path
.exists(pidfile
):
3858 if not os
.path
.exists(logfile
):
3859 raise Exception("wpa_cli action results file not found")
3860 with
open(logfile
, 'r') as f
:
3862 if "WPS-SUCCESS" not in res
:
3863 raise Exception("WPS-SUCCESS event not seen in action file")
3865 arg
= [ 'ps', 'ax' ]
3866 cmd
= subprocess
.Popen(arg
, stdout
=subprocess
.PIPE
)
3867 out
= cmd
.communicate()[0]
3869 logger
.debug("Remaining processes:\n" + out
)
3870 if "wpa_cli -P %s -B -i %s" % (pidfile
, dev
[0].ifname
) in out
:
3871 raise Exception("wpa_cli still running")
3873 if os
.path
.exists(pidfile
):
3874 raise Exception("PID file not removed")
3876 def test_ap_wps_er_ssdp_proto(dev
, apdev
):
3877 """WPS ER SSDP protocol testing"""
3879 _test_ap_wps_er_ssdp_proto(dev
, apdev
)
3881 dev
[0].request("WPS_ER_STOP")
3883 def _test_ap_wps_er_ssdp_proto(dev
, apdev
):
3884 socket
.setdefaulttimeout(1)
3885 sock
= socket
.socket(socket
.AF_INET
, socket
.SOCK_DGRAM
, socket
.IPPROTO_UDP
)
3886 sock
.setsockopt(socket
.SOL_SOCKET
, socket
.SO_REUSEADDR
, 1)
3887 sock
.bind(("239.255.255.250", 1900))
3888 if "FAIL" not in dev
[0].request("WPS_ER_START ifname=lo foo"):
3889 raise Exception("Invalid filter accepted")
3890 if "OK" not in dev
[0].request("WPS_ER_START ifname=lo 1.2.3.4"):
3891 raise Exception("WPS_ER_START with filter failed")
3892 (msg
,addr
) = sock
.recvfrom(1000)
3893 logger
.debug("Received SSDP message from %s: %s" % (str(addr
), msg
))
3894 if "M-SEARCH" not in msg
:
3895 raise Exception("Not an M-SEARCH")
3896 sock
.sendto("FOO", addr
)
3898 dev
[0].request("WPS_ER_STOP")
3900 dev
[0].request("WPS_ER_START ifname=lo")
3901 (msg
,addr
) = sock
.recvfrom(1000)
3902 logger
.debug("Received SSDP message from %s: %s" % (str(addr
), msg
))
3903 if "M-SEARCH" not in msg
:
3904 raise Exception("Not an M-SEARCH")
3905 sock
.sendto("FOO", addr
)
3906 sock
.sendto("HTTP/1.1 200 OK\r\nFOO\r\n\r\n", addr
)
3907 sock
.sendto("HTTP/1.1 200 OK\r\nNTS:foo\r\n\r\n", addr
)
3908 sock
.sendto("HTTP/1.1 200 OK\r\nNTS:ssdp:byebye\r\n\r\n", addr
)
3909 sock
.sendto("HTTP/1.1 200 OK\r\ncache-control: foo=1\r\n\r\n", addr
)
3910 sock
.sendto("HTTP/1.1 200 OK\r\ncache-control: max-age=1\r\n\r\n", addr
)
3911 sock
.sendto("HTTP/1.1 200 OK\r\nusn:\r\n\r\n", addr
)
3912 sock
.sendto("HTTP/1.1 200 OK\r\nusn:foo\r\n\r\n", addr
)
3913 sock
.sendto("HTTP/1.1 200 OK\r\nusn: uuid:\r\n\r\n", addr
)
3914 sock
.sendto("HTTP/1.1 200 OK\r\nusn: uuid: \r\n\r\n", addr
)
3915 sock
.sendto("HTTP/1.1 200 OK\r\nusn: uuid: foo\r\n\r\n", addr
)
3916 sock
.sendto("HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\n\r\n", addr
)
3917 sock
.sendto("HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nNTS:ssdp:byebye\r\n\r\n", addr
)
3918 sock
.sendto("HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nlocation:foo\r\n\r\n", addr
)
3919 with
alloc_fail(dev
[0], 1, "wps_er_ap_add"):
3920 sock
.sendto("HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nlocation:foo\r\ncache-control:max-age=1\r\n\r\n", addr
)
3922 with
alloc_fail(dev
[0], 2, "wps_er_ap_add"):
3923 sock
.sendto("HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nlocation:foo\r\ncache-control:max-age=1\r\n\r\n", addr
)
3926 # Add an AP with bogus URL
3927 sock
.sendto("HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nlocation:foo\r\ncache-control:max-age=1\r\n\r\n", addr
)
3928 # Update timeout on AP without updating URL
3929 sock
.sendto("HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nlocation:http://127.0.0.1:12345/foo.xml\r\ncache-control:max-age=1\r\n\r\n", addr
)
3930 ev
= dev
[0].wait_event(["WPS-ER-AP-REMOVE"], timeout
=5)
3932 raise Exception("No WPS-ER-AP-REMOVE event on max-age timeout")
3934 # Add an AP with a valid URL (but no server listing to it)
3935 sock
.sendto("HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nlocation:http://127.0.0.1:12345/foo.xml\r\ncache-control:max-age=1\r\n\r\n", addr
)
3936 ev
= dev
[0].wait_event(["WPS-ER-AP-REMOVE"], timeout
=5)
3938 raise Exception("No WPS-ER-AP-REMOVE event on max-age timeout")
3942 wps_event_url
= None
3944 def gen_upnp_info(eventSubURL
='wps_event', controlURL
='wps_control',
3945 udn
='uuid:27ea801a-9e5c-4e73-bd82-f89cbcd10d7e'):
3946 payload
= '''<?xml version="1.0"?>
3947 <root xmlns="urn:schemas-upnp-org:device-1-0">
3953 <deviceType>urn:schemas-wifialliance-org:device:WFADevice:1</deviceType>
3954 <friendlyName>WPS Access Point</friendlyName>
3955 <manufacturer>Company</manufacturer>
3956 <modelName>WAP</modelName>
3957 <modelNumber>123</modelNumber>
3958 <serialNumber>12345</serialNumber>
3961 payload
+= '<UDN>' + udn
+ '</UDN>'
3962 payload
+= '''<serviceList>
3964 <serviceType>urn:schemas-wifialliance-org:service:WFAWLANConfig:1</serviceType>
3965 <serviceId>urn:wifialliance-org:serviceId:WFAWLANConfig1</serviceId>
3966 <SCPDURL>wps_scpd.xml</SCPDURL>
3969 payload
+= '<controlURL>' + controlURL
+ '</controlURL>\n'
3971 payload
+= '<eventSubURL>' + eventSubURL
+ '</eventSubURL>\n'
3972 payload
+= '''</service>
3977 hdr
= 'HTTP/1.1 200 OK\r\n' + \
3978 'Content-Type: text/xml; charset="utf-8"\r\n' + \
3979 'Server: Unspecified, UPnP/1.0, Unspecified\r\n' + \
3980 'Connection: close\r\n' + \
3981 'Content-Length: ' + str(len(payload
)) + '\r\n' + \
3982 'Date: Sat, 15 Aug 2015 18:55:08 GMT\r\n\r\n'
3983 return hdr
+ payload
3985 def gen_wps_control(payload_override
=None):
3986 payload
= '''<?xml version="1.0"?>
3987 <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
3989 <u:GetDeviceInfoResponse xmlns:u="urn:schemas-wifialliance-org:service:WFAWLANConfig:1">
3990 <NewDeviceInfo>EEoAARAQIgABBBBHABAn6oAanlxOc72C+Jy80Q1+ECAABgIAAAADABAaABCJZ7DPtbU3Ust9
3991 Z3wJF07WEDIAwH45D3i1OqB7eJGwTzqeapS71h3KyXncK2xJZ+xqScrlorNEg6LijBJzG2Ca
3992 +FZli0iliDJd397yAx/jk4nFXco3q5ylBSvSw9dhJ5u1xBKSnTilKGlUHPhLP75PUqM3fot9
3993 7zwtFZ4bx6x1sBA6oEe2d0aUJmLumQGCiKEIWlnxs44zego/2tAe81bDzdPBM7o5HH/FUhD+
3994 KoGzFXp51atP+1n9Vta6AkI0Vye99JKLcC6Md9dMJltSVBgd4Xc4lRAEAAIAIxAQAAIADRAN
3995 AAEBEAgAAgAEEEQAAQIQIQAHQ29tcGFueRAjAANXQVAQJAADMTIzEEIABTEyMzQ1EFQACAAG
3996 AFDyBAABEBEAC1dpcmVsZXNzIEFQEDwAAQEQAgACAAAQEgACAAAQCQACAAAQLQAEgQIDABBJ
3999 </u:GetDeviceInfoResponse>
4003 if payload_override
:
4004 payload
= payload_override
4005 hdr
= 'HTTP/1.1 200 OK\r\n' + \
4006 'Content-Type: text/xml; charset="utf-8"\r\n' + \
4007 'Server: Unspecified, UPnP/1.0, Unspecified\r\n' + \
4008 'Connection: close\r\n' + \
4009 'Content-Length: ' + str(len(payload
)) + '\r\n' + \
4010 'Date: Sat, 15 Aug 2015 18:55:08 GMT\r\n\r\n'
4011 return hdr
+ payload
4013 def gen_wps_event(sid
='uuid:7eb3342a-8a5f-47fe-a585-0785bfec6d8a'):
4015 hdr
= 'HTTP/1.1 200 OK\r\n' + \
4016 'Content-Type: text/xml; charset="utf-8"\r\n' + \
4017 'Server: Unspecified, UPnP/1.0, Unspecified\r\n' + \
4018 'Connection: close\r\n' + \
4019 'Content-Length: ' + str(len(payload
)) + '\r\n'
4021 hdr
+= 'SID: ' + sid
+ '\r\n'
4022 hdr
+= 'Timeout: Second-1801\r\n' + \
4023 'Date: Sat, 15 Aug 2015 18:55:08 GMT\r\n\r\n'
4024 return hdr
+ payload
4026 class WPSAPHTTPServer(SocketServer
.StreamRequestHandler
):
4028 data
= self
.rfile
.readline().strip()
4029 logger
.info("HTTP server received: " + data
)
4031 hdr
= self
.rfile
.readline().strip()
4034 logger
.info("HTTP header: " + hdr
)
4035 if "CALLBACK:" in hdr
:
4036 global wps_event_url
4037 wps_event_url
= hdr
.split(' ')[1].strip('<>')
4039 if "GET /foo.xml" in data
:
4040 self
.handle_upnp_info()
4041 elif "POST /wps_control" in data
:
4042 self
.handle_wps_control()
4043 elif "SUBSCRIBE /wps_event" in data
:
4044 self
.handle_wps_event()
4046 self
.handle_others(data
)
4048 def handle_upnp_info(self
):
4049 self
.wfile
.write(gen_upnp_info())
4051 def handle_wps_control(self
):
4052 self
.wfile
.write(gen_wps_control())
4054 def handle_wps_event(self
):
4055 self
.wfile
.write(gen_wps_event())
4057 def handle_others(self
, data
):
4058 logger
.info("Ignore HTTP request: " + data
)
4060 class MyTCPServer(SocketServer
.TCPServer
):
4061 def __init__(self
, addr
, handler
):
4062 self
.allow_reuse_address
= True
4063 SocketServer
.TCPServer
.__init
__(self
, addr
, handler
)
4065 def wps_er_start(dev
, http_server
, max_age
=1, wait_m_search
=False,
4067 socket
.setdefaulttimeout(1)
4068 sock
= socket
.socket(socket
.AF_INET
, socket
.SOCK_DGRAM
, socket
.IPPROTO_UDP
)
4069 sock
.setsockopt(socket
.SOL_SOCKET
, socket
.SO_REUSEADDR
, 1)
4070 sock
.bind(("239.255.255.250", 1900))
4071 dev
.request("WPS_ER_START ifname=lo")
4072 for i
in range(100):
4073 (msg
,addr
) = sock
.recvfrom(1000)
4074 logger
.debug("Received SSDP message from %s: %s" % (str(addr
), msg
))
4075 if "M-SEARCH" in msg
:
4077 if not wait_m_search
:
4078 raise Exception("Not an M-SEARCH")
4080 raise Exception("No M-SEARCH seen")
4082 # Add an AP with a valid URL and server listing to it
4083 server
= MyTCPServer(("127.0.0.1", 12345), http_server
)
4084 if not location_url
:
4085 location_url
= 'http://127.0.0.1:12345/foo.xml'
4086 sock
.sendto("HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nlocation:%s\r\ncache-control:max-age=%d\r\n\r\n" % (location_url
, max_age
), addr
)
4090 def wps_er_stop(dev
, sock
, server
, on_alloc_fail
=False):
4092 server
.server_close()
4097 res
= dev
.request("GET_ALLOC_FAIL")
4098 if res
.startswith("0:"):
4103 raise Exception("No allocation failure reported")
4105 ev
= dev
.wait_event(["WPS-ER-AP-REMOVE"], timeout
=5)
4107 raise Exception("No WPS-ER-AP-REMOVE event on max-age timeout")
4108 dev
.request("WPS_ER_STOP")
4110 def run_wps_er_proto_test(dev
, handler
, no_event_url
=False, location_url
=None):
4112 uuid
= '27ea801a-9e5c-4e73-bd82-f89cbcd10d7e'
4113 server
,sock
= wps_er_start(dev
, handler
, location_url
=location_url
)
4114 global wps_event_url
4115 wps_event_url
= None
4116 server
.handle_request()
4117 server
.handle_request()
4118 server
.handle_request()
4119 server
.server_close()
4122 raise Exception("Received event URL unexpectedly")
4124 if wps_event_url
is None:
4125 raise Exception("Did not get event URL")
4126 logger
.info("Event URL: " + wps_event_url
)
4128 dev
.request("WPS_ER_STOP")
4130 def send_wlanevent(url
, uuid
, data
, no_response
=False):
4131 conn
= httplib
.HTTPConnection(url
.netloc
)
4132 payload
= '''<?xml version="1.0" encoding="utf-8"?>
4133 <e:propertyset xmlns:e="urn:schemas-upnp-org:event-1-0">
4134 <e:property><STAStatus>1</STAStatus></e:property>
4135 <e:property><APStatus>1</APStatus></e:property>
4136 <e:property><WLANEvent>'''
4137 payload
+= base64
.b64encode(data
)
4138 payload
+= '</WLANEvent></e:property></e:propertyset>'
4139 headers
= { "Content-type": 'text/xml; charset="utf-8"',
4140 "Server": "Unspecified, UPnP/1.0, Unspecified",
4143 "SID": "uuid:" + uuid
,
4145 "Content-Length": str(len(payload
)) }
4146 conn
.request("NOTIFY", url
.path
, payload
, headers
)
4150 except Exception, e
:
4153 resp
= conn
.getresponse()
4154 if resp
.status
!= 200:
4155 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
4157 def test_ap_wps_er_http_proto(dev
, apdev
):
4158 """WPS ER HTTP protocol testing"""
4160 _test_ap_wps_er_http_proto(dev
, apdev
)
4162 dev
[0].request("WPS_ER_STOP")
4164 def _test_ap_wps_er_http_proto(dev
, apdev
):
4165 uuid
= '27ea801a-9e5c-4e73-bd82-f89cbcd10d7e'
4166 server
,sock
= wps_er_start(dev
[0], WPSAPHTTPServer
, max_age
=15)
4167 global wps_event_url
4168 wps_event_url
= None
4169 server
.handle_request()
4170 server
.handle_request()
4171 server
.handle_request()
4172 server
.server_close()
4173 if wps_event_url
is None:
4174 raise Exception("Did not get event URL")
4175 logger
.info("Event URL: " + wps_event_url
)
4177 ev
= dev
[0].wait_event(["WPS-ER-AP-ADD"], timeout
=10)
4179 raise Exception("No WPS-ER-AP-ADD event")
4181 raise Exception("UUID mismatch")
4185 logger
.info("Valid Probe Request notification")
4186 url
= urlparse
.urlparse(wps_event_url
)
4187 conn
= httplib
.HTTPConnection(url
.netloc
)
4188 payload
= '''<?xml version="1.0" encoding="utf-8"?>
4189 <e:propertyset xmlns:e="urn:schemas-upnp-org:event-1-0">
4190 <e:property><STAStatus>1</STAStatus></e:property>
4191 <e:property><APStatus>1</APStatus></e:property>
4192 <e:property><WLANEvent>ATAyOjAwOjAwOjAwOjAwOjAwEEoAARAQOgABAhAIAAIxSBBHABA2LbR7pTpRkYj7VFi5hrLk
4193 EFQACAAAAAAAAAAAEDwAAQMQAgACAAAQCQACAAAQEgACAAAQIQABIBAjAAEgECQAASAQEQAI
4194 RGV2aWNlIEEQSQAGADcqAAEg
4195 </WLANEvent></e:property>
4198 headers
= { "Content-type": 'text/xml; charset="utf-8"',
4199 "Server": "Unspecified, UPnP/1.0, Unspecified",
4202 "SID": "uuid:" + uuid
,
4204 "Content-Length": str(len(payload
)) }
4205 conn
.request("NOTIFY", url
.path
, payload
, headers
)
4206 resp
= conn
.getresponse()
4207 if resp
.status
!= 200:
4208 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
4210 ev
= dev
[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout
=5)
4212 raise Exception("No WPS-ER-ENROLLEE-ADD event")
4213 if "362db47b-a53a-5191-88fb-5458b986b2e4" not in ev
:
4214 raise Exception("No Enrollee UUID match")
4216 logger
.info("Incorrect event URL AP id")
4217 conn
= httplib
.HTTPConnection(url
.netloc
)
4218 conn
.request("NOTIFY", url
.path
+ '123', payload
, headers
)
4219 resp
= conn
.getresponse()
4220 if resp
.status
!= 404:
4221 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
4223 logger
.info("Missing AP id")
4224 conn
= httplib
.HTTPConnection(url
.netloc
)
4225 conn
.request("NOTIFY", '/event/' + url
.path
.split('/')[2],
4229 logger
.info("Incorrect event URL event id")
4230 conn
= httplib
.HTTPConnection(url
.netloc
)
4231 conn
.request("NOTIFY", '/event/123456789/123', payload
, headers
)
4234 logger
.info("Incorrect event URL prefix")
4235 conn
= httplib
.HTTPConnection(url
.netloc
)
4236 conn
.request("NOTIFY", '/foobar/123456789/123', payload
, headers
)
4237 resp
= conn
.getresponse()
4238 if resp
.status
!= 404:
4239 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
4241 logger
.info("Unsupported request")
4242 conn
= httplib
.HTTPConnection(url
.netloc
)
4243 conn
.request("FOOBAR", '/foobar/123456789/123', payload
, headers
)
4244 resp
= conn
.getresponse()
4245 if resp
.status
!= 501:
4246 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
4248 logger
.info("Unsupported request and OOM")
4249 with
alloc_fail(dev
[0], 1, "wps_er_http_req"):
4250 conn
= httplib
.HTTPConnection(url
.netloc
)
4251 conn
.request("FOOBAR", '/foobar/123456789/123', payload
, headers
)
4254 logger
.info("Too short WLANEvent")
4256 send_wlanevent(url
, uuid
, data
)
4258 logger
.info("Invalid WLANEventMAC")
4259 data
= '\x00qwertyuiopasdfghjklzxcvbnm'
4260 send_wlanevent(url
, uuid
, data
)
4262 logger
.info("Unknown WLANEventType")
4263 data
= '\xff02:00:00:00:00:00'
4264 send_wlanevent(url
, uuid
, data
)
4266 logger
.info("Probe Request notification without any attributes")
4267 data
= '\x0102:00:00:00:00:00'
4268 send_wlanevent(url
, uuid
, data
)
4270 logger
.info("Probe Request notification with invalid attribute")
4271 data
= '\x0102:00:00:00:00:00\xff'
4272 send_wlanevent(url
, uuid
, data
)
4274 logger
.info("EAP message without any attributes")
4275 data
= '\x0202:00:00:00:00:00'
4276 send_wlanevent(url
, uuid
, data
)
4278 logger
.info("EAP message with invalid attribute")
4279 data
= '\x0202:00:00:00:00:00\xff'
4280 send_wlanevent(url
, uuid
, data
)
4282 logger
.info("EAP message from new STA and not M1")
4283 data
= '\x0202:ff:ff:ff:ff:ff' + '\x10\x22\x00\x01\x05'
4284 send_wlanevent(url
, uuid
, data
)
4286 logger
.info("EAP message: M1")
4287 data
= '\x0202:00:00:00:00:00'
4288 data
+= '\x10\x22\x00\x01\x04'
4289 data
+= '\x10\x47\x00\x10' + 16*'\x00'
4290 data
+= '\x10\x20\x00\x06\x02\x00\x00\x00\x00\x00'
4291 data
+= '\x10\x1a\x00\x10' + 16*'\x00'
4292 data
+= '\x10\x32\x00\xc0' + 192*'\x00'
4293 data
+= '\x10\x04\x00\x02\x00\x00'
4294 data
+= '\x10\x10\x00\x02\x00\x00'
4295 data
+= '\x10\x0d\x00\x01\x00'
4296 data
+= '\x10\x08\x00\x02\x00\x00'
4297 data
+= '\x10\x44\x00\x01\x00'
4298 data
+= '\x10\x21\x00\x00'
4299 data
+= '\x10\x23\x00\x00'
4300 data
+= '\x10\x24\x00\x00'
4301 data
+= '\x10\x42\x00\x00'
4302 data
+= '\x10\x54\x00\x08' + 8*'\x00'
4303 data
+= '\x10\x11\x00\x00'
4304 data
+= '\x10\x3c\x00\x01\x00'
4305 data
+= '\x10\x02\x00\x02\x00\x00'
4306 data
+= '\x10\x12\x00\x02\x00\x00'
4307 data
+= '\x10\x09\x00\x02\x00\x00'
4308 data
+= '\x10\x2d\x00\x04\x00\x00\x00\x00'
4310 send_wlanevent(url
, uuid
, data
)
4312 logger
.info("EAP message: WSC_ACK")
4313 data
= '\x0202:00:00:00:00:00' + '\x10\x22\x00\x01\x0d'
4314 send_wlanevent(url
, uuid
, data
)
4316 logger
.info("EAP message: M1")
4317 send_wlanevent(url
, uuid
, m1
)
4319 logger
.info("EAP message: WSC_NACK")
4320 data
= '\x0202:00:00:00:00:00' + '\x10\x22\x00\x01\x0e'
4321 send_wlanevent(url
, uuid
, data
)
4323 logger
.info("EAP message: M1 - Too long attribute values")
4324 data
= '\x0202:00:00:00:00:00'
4325 data
+= '\x10\x11\x00\x21' + 33*'\x00'
4326 data
+= '\x10\x45\x00\x21' + 33*'\x00'
4327 data
+= '\x10\x42\x00\x21' + 33*'\x00'
4328 data
+= '\x10\x24\x00\x21' + 33*'\x00'
4329 data
+= '\x10\x23\x00\x21' + 33*'\x00'
4330 data
+= '\x10\x21\x00\x41' + 65*'\x00'
4331 data
+= '\x10\x49\x00\x09\x00\x37\x2a\x05\x02\x00\x00\x05\x00'
4332 send_wlanevent(url
, uuid
, data
)
4334 logger
.info("EAP message: M1 missing UUID-E")
4335 data
= '\x0202:00:00:00:00:00'
4336 data
+= '\x10\x22\x00\x01\x04'
4337 send_wlanevent(url
, uuid
, data
)
4339 logger
.info("EAP message: M1 missing MAC Address")
4340 data
+= '\x10\x47\x00\x10' + 16*'\x00'
4341 send_wlanevent(url
, uuid
, data
)
4343 logger
.info("EAP message: M1 missing Enrollee Nonce")
4344 data
+= '\x10\x20\x00\x06\x02\x00\x00\x00\x00\x00'
4345 send_wlanevent(url
, uuid
, data
)
4347 logger
.info("EAP message: M1 missing Public Key")
4348 data
+= '\x10\x1a\x00\x10' + 16*'\x00'
4349 send_wlanevent(url
, uuid
, data
)
4351 logger
.info("EAP message: M1 missing Authentication Type flags")
4352 data
+= '\x10\x32\x00\xc0' + 192*'\x00'
4353 send_wlanevent(url
, uuid
, data
)
4355 logger
.info("EAP message: M1 missing Encryption Type Flags")
4356 data
+= '\x10\x04\x00\x02\x00\x00'
4357 send_wlanevent(url
, uuid
, data
)
4359 logger
.info("EAP message: M1 missing Connection Type flags")
4360 data
+= '\x10\x10\x00\x02\x00\x00'
4361 send_wlanevent(url
, uuid
, data
)
4363 logger
.info("EAP message: M1 missing Config Methods")
4364 data
+= '\x10\x0d\x00\x01\x00'
4365 send_wlanevent(url
, uuid
, data
)
4367 logger
.info("EAP message: M1 missing Wi-Fi Protected Setup State")
4368 data
+= '\x10\x08\x00\x02\x00\x00'
4369 send_wlanevent(url
, uuid
, data
)
4371 logger
.info("EAP message: M1 missing Manufacturer")
4372 data
+= '\x10\x44\x00\x01\x00'
4373 send_wlanevent(url
, uuid
, data
)
4375 logger
.info("EAP message: M1 missing Model Name")
4376 data
+= '\x10\x21\x00\x00'
4377 send_wlanevent(url
, uuid
, data
)
4379 logger
.info("EAP message: M1 missing Model Number")
4380 data
+= '\x10\x23\x00\x00'
4381 send_wlanevent(url
, uuid
, data
)
4383 logger
.info("EAP message: M1 missing Serial Number")
4384 data
+= '\x10\x24\x00\x00'
4385 send_wlanevent(url
, uuid
, data
)
4387 logger
.info("EAP message: M1 missing Primary Device Type")
4388 data
+= '\x10\x42\x00\x00'
4389 send_wlanevent(url
, uuid
, data
)
4391 logger
.info("EAP message: M1 missing Device Name")
4392 data
+= '\x10\x54\x00\x08' + 8*'\x00'
4393 send_wlanevent(url
, uuid
, data
)
4395 logger
.info("EAP message: M1 missing RF Bands")
4396 data
+= '\x10\x11\x00\x00'
4397 send_wlanevent(url
, uuid
, data
)
4399 logger
.info("EAP message: M1 missing Association State")
4400 data
+= '\x10\x3c\x00\x01\x00'
4401 send_wlanevent(url
, uuid
, data
)
4403 logger
.info("EAP message: M1 missing Device Password ID")
4404 data
+= '\x10\x02\x00\x02\x00\x00'
4405 send_wlanevent(url
, uuid
, data
)
4407 logger
.info("EAP message: M1 missing Configuration Error")
4408 data
+= '\x10\x12\x00\x02\x00\x00'
4409 send_wlanevent(url
, uuid
, data
)
4411 logger
.info("EAP message: M1 missing OS Version")
4412 data
+= '\x10\x09\x00\x02\x00\x00'
4413 send_wlanevent(url
, uuid
, data
)
4415 logger
.info("Check max concurrent requests")
4416 addr
= (url
.hostname
, url
.port
)
4419 socks
[i
] = socket
.socket(socket
.AF_INET
, socket
.SOCK_STREAM
,
4421 socks
[i
].connect(addr
)
4423 socks
[i
].send("GET / HTTP/1.1\r\n\r\n")
4427 res
= socks
[i
].recv(100)
4433 logger
.info("%d concurrent HTTP GET operations returned response" % count
)
4435 raise Exception("Too few concurrent HTTP connections accepted")
4437 logger
.info("OOM in HTTP server")
4438 for func
in [ "http_request_init", "httpread_create",
4439 "eloop_register_timeout;httpread_create",
4440 "eloop_sock_table_add_sock;?eloop_register_sock;httpread_create",
4441 "httpread_hdr_analyze" ]:
4442 with
alloc_fail(dev
[0], 1, func
):
4443 sock
= socket
.socket(socket
.AF_INET
, socket
.SOCK_STREAM
,
4446 sock
.send("GET / HTTP/1.1\r\n\r\n")
4453 logger
.info("Invalid HTTP header")
4454 for req
in [ " GET / HTTP/1.1\r\n\r\n",
4455 "HTTP/1.1 200 OK\r\n\r\n",
4457 "GET %%a%aa% HTTP/1.1\r\n\r\n",
4458 "GET / HTTP/1.1\r\n FOO\r\n\r\n",
4459 "NOTIFY / HTTP/1.1\r\n" + 4097*'a' + '\r\n\r\n',
4460 "NOTIFY / HTTP/1.1\r\n\r\n" + 8193*'a',
4461 "POST / HTTP/1.1\r\nTransfer-Encoding: CHUNKED\r\n\r\n foo\r\n",
4462 "POST / HTTP/1.1\r\nTransfer-Encoding: CHUNKED\r\n\r\n1\r\nfoo\r\n",
4463 "POST / HTTP/1.1\r\nTransfer-Encoding: CHUNKED\r\n\r\n0\r\n",
4464 "POST / HTTP/1.1\r\nTransfer-Encoding: CHUNKED\r\n\r\n0\r\naa\ra\r\n\ra" ]:
4465 sock
= socket
.socket(socket
.AF_INET
, socket
.SOCK_STREAM
,
4467 sock
.settimeout(0.1)
4476 with
alloc_fail(dev
[0], 2, "httpread_read_handler"):
4477 sock
= socket
.socket(socket
.AF_INET
, socket
.SOCK_STREAM
,
4480 sock
.send("NOTIFY / HTTP/1.1\r\n\r\n" + 4500*'a')
4487 conn
= httplib
.HTTPConnection(url
.netloc
)
4489 headers
= { "Content-type": 'text/xml; charset="utf-8"',
4490 "Server": "Unspecified, UPnP/1.0, Unspecified",
4493 "SID": "uuid:" + uuid
,
4495 "Content-Length": str(len(payload
)) }
4496 conn
.request("NOTIFY", url
.path
, payload
, headers
)
4497 resp
= conn
.getresponse()
4498 if resp
.status
!= 200:
4499 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
4501 conn
= httplib
.HTTPConnection(url
.netloc
)
4502 payload
= '<WLANEvent foo></WLANEvent>'
4503 headers
= { "Content-type": 'text/xml; charset="utf-8"',
4504 "Server": "Unspecified, UPnP/1.0, Unspecified",
4507 "SID": "uuid:" + uuid
,
4509 "Content-Length": str(len(payload
)) }
4510 conn
.request("NOTIFY", url
.path
, payload
, headers
)
4511 resp
= conn
.getresponse()
4512 if resp
.status
!= 200:
4513 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
4515 with
alloc_fail(dev
[0], 1, "xml_get_first_item"):
4516 send_wlanevent(url
, uuid
, '')
4518 with
alloc_fail(dev
[0], 1, "wpabuf_alloc_ext_data;xml_get_base64_item"):
4519 send_wlanevent(url
, uuid
, 'foo')
4521 for func
in [ "wps_init",
4522 "wps_process_manufacturer",
4523 "wps_process_model_name",
4524 "wps_process_model_number",
4525 "wps_process_serial_number",
4526 "wps_process_dev_name" ]:
4527 with
alloc_fail(dev
[0], 1, func
):
4528 send_wlanevent(url
, uuid
, m1
)
4530 with
alloc_fail(dev
[0], 1, "wps_er_http_resp_ok"):
4531 send_wlanevent(url
, uuid
, m1
, no_response
=True)
4533 with
alloc_fail(dev
[0], 1, "wps_er_http_resp_not_found"):
4534 url2
= urlparse
.urlparse(wps_event_url
.replace('/event/', '/notfound/'))
4535 send_wlanevent(url2
, uuid
, m1
, no_response
=True)
4537 logger
.info("EAP message: M1")
4538 data
= '\x0202:11:22:00:00:00'
4539 data
+= '\x10\x22\x00\x01\x04'
4540 data
+= '\x10\x47\x00\x10' + 16*'\x00'
4541 data
+= '\x10\x20\x00\x06\x02\x00\x00\x00\x00\x00'
4542 data
+= '\x10\x1a\x00\x10' + 16*'\x00'
4543 data
+= '\x10\x32\x00\xc0' + 192*'\x00'
4544 data
+= '\x10\x04\x00\x02\x00\x00'
4545 data
+= '\x10\x10\x00\x02\x00\x00'
4546 data
+= '\x10\x0d\x00\x01\x00'
4547 data
+= '\x10\x08\x00\x02\x00\x00'
4548 data
+= '\x10\x44\x00\x01\x00'
4549 data
+= '\x10\x21\x00\x00'
4550 data
+= '\x10\x23\x00\x00'
4551 data
+= '\x10\x24\x00\x00'
4552 data
+= '\x10\x42\x00\x00'
4553 data
+= '\x10\x54\x00\x08' + 8*'\x00'
4554 data
+= '\x10\x11\x00\x00'
4555 data
+= '\x10\x3c\x00\x01\x00'
4556 data
+= '\x10\x02\x00\x02\x00\x00'
4557 data
+= '\x10\x12\x00\x02\x00\x00'
4558 data
+= '\x10\x09\x00\x02\x00\x00'
4559 data
+= '\x10\x2d\x00\x04\x00\x00\x00\x00'
4560 dev
[0].dump_monitor()
4561 with
alloc_fail(dev
[0], 1, "wps_er_add_sta_data"):
4562 send_wlanevent(url
, uuid
, data
)
4563 ev
= dev
[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout
=0.1)
4565 raise Exception("Unexpected enrollee add event")
4566 send_wlanevent(url
, uuid
, data
)
4567 ev
= dev
[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout
=2)
4569 raise Exception("Enrollee add event not seen")
4571 with
alloc_fail(dev
[0], 1, "base64_encode;wps_er_soap_hdr"):
4572 send_wlanevent(url
, uuid
, data
)
4574 with
alloc_fail(dev
[0], 1, "wpabuf_alloc;wps_er_soap_hdr"):
4575 send_wlanevent(url
, uuid
, data
)
4577 with
alloc_fail(dev
[0], 1, "http_client_url_parse;wps_er_sta_send_msg"):
4578 send_wlanevent(url
, uuid
, data
)
4580 with
alloc_fail(dev
[0], 1, "http_client_addr;wps_er_sta_send_msg"):
4581 send_wlanevent(url
, uuid
, data
)
4583 def test_ap_wps_er_http_proto_no_event_sub_url(dev
, apdev
):
4584 """WPS ER HTTP protocol testing - no eventSubURL"""
4585 class WPSAPHTTPServer_no_event_sub_url(WPSAPHTTPServer
):
4586 def handle_upnp_info(self
):
4587 self
.wfile
.write(gen_upnp_info(eventSubURL
=None))
4588 run_wps_er_proto_test(dev
[0], WPSAPHTTPServer_no_event_sub_url
,
4591 def test_ap_wps_er_http_proto_event_sub_url_dns(dev
, apdev
):
4592 """WPS ER HTTP protocol testing - DNS name in eventSubURL"""
4593 class WPSAPHTTPServer_event_sub_url_dns(WPSAPHTTPServer
):
4594 def handle_upnp_info(self
):
4595 self
.wfile
.write(gen_upnp_info(eventSubURL
='http://example.com/wps_event'))
4596 run_wps_er_proto_test(dev
[0], WPSAPHTTPServer_event_sub_url_dns
,
4599 def test_ap_wps_er_http_proto_subscribe_oom(dev
, apdev
):
4600 """WPS ER HTTP protocol testing - subscribe OOM"""
4602 _test_ap_wps_er_http_proto_subscribe_oom(dev
, apdev
)
4604 dev
[0].request("WPS_ER_STOP")
4606 def _test_ap_wps_er_http_proto_subscribe_oom(dev
, apdev
):
4607 tests
= [ (1, "http_client_url_parse"),
4608 (1, "wpabuf_alloc;wps_er_subscribe"),
4609 (1, "http_client_addr"),
4610 (1, "eloop_sock_table_add_sock;?eloop_register_sock;http_client_addr"),
4611 (1, "eloop_register_timeout;http_client_addr") ]
4612 for count
,func
in tests
:
4613 with
alloc_fail(dev
[0], count
, func
):
4614 server
,sock
= wps_er_start(dev
[0], WPSAPHTTPServer
)
4615 server
.handle_request()
4616 server
.handle_request()
4617 wps_er_stop(dev
[0], sock
, server
, on_alloc_fail
=True)
4619 def test_ap_wps_er_http_proto_no_sid(dev
, apdev
):
4620 """WPS ER HTTP protocol testing - no SID"""
4621 class WPSAPHTTPServer_no_sid(WPSAPHTTPServer
):
4622 def handle_wps_event(self
):
4623 self
.wfile
.write(gen_wps_event(sid
=None))
4624 run_wps_er_proto_test(dev
[0], WPSAPHTTPServer_no_sid
)
4626 def test_ap_wps_er_http_proto_invalid_sid_no_uuid(dev
, apdev
):
4627 """WPS ER HTTP protocol testing - invalid SID - no UUID"""
4628 class WPSAPHTTPServer_invalid_sid_no_uuid(WPSAPHTTPServer
):
4629 def handle_wps_event(self
):
4630 self
.wfile
.write(gen_wps_event(sid
='FOO'))
4631 run_wps_er_proto_test(dev
[0], WPSAPHTTPServer_invalid_sid_no_uuid
)
4633 def test_ap_wps_er_http_proto_invalid_sid_uuid(dev
, apdev
):
4634 """WPS ER HTTP protocol testing - invalid SID UUID"""
4635 class WPSAPHTTPServer_invalid_sid_uuid(WPSAPHTTPServer
):
4636 def handle_wps_event(self
):
4637 self
.wfile
.write(gen_wps_event(sid
='uuid:FOO'))
4638 run_wps_er_proto_test(dev
[0], WPSAPHTTPServer_invalid_sid_uuid
)
4640 def test_ap_wps_er_http_proto_subscribe_failing(dev
, apdev
):
4641 """WPS ER HTTP protocol testing - SUBSCRIBE failing"""
4642 class WPSAPHTTPServer_fail_subscribe(WPSAPHTTPServer
):
4643 def handle_wps_event(self
):
4645 hdr
= 'HTTP/1.1 404 Not Found\r\n' + \
4646 'Content-Type: text/xml; charset="utf-8"\r\n' + \
4647 'Server: Unspecified, UPnP/1.0, Unspecified\r\n' + \
4648 'Connection: close\r\n' + \
4649 'Content-Length: ' + str(len(payload
)) + '\r\n' + \
4650 'Timeout: Second-1801\r\n' + \
4651 'Date: Sat, 15 Aug 2015 18:55:08 GMT\r\n\r\n'
4652 self
.wfile
.write(hdr
+ payload
)
4653 run_wps_er_proto_test(dev
[0], WPSAPHTTPServer_fail_subscribe
)
4655 def test_ap_wps_er_http_proto_subscribe_invalid_response(dev
, apdev
):
4656 """WPS ER HTTP protocol testing - SUBSCRIBE and invalid response"""
4657 class WPSAPHTTPServer_subscribe_invalid_response(WPSAPHTTPServer
):
4658 def handle_wps_event(self
):
4660 hdr
= 'HTTP/1.1 FOO\r\n' + \
4661 'Content-Type: text/xml; charset="utf-8"\r\n' + \
4662 'Server: Unspecified, UPnP/1.0, Unspecified\r\n' + \
4663 'Connection: close\r\n' + \
4664 'Content-Length: ' + str(len(payload
)) + '\r\n' + \
4665 'Timeout: Second-1801\r\n' + \
4666 'Date: Sat, 15 Aug 2015 18:55:08 GMT\r\n\r\n'
4667 self
.wfile
.write(hdr
+ payload
)
4668 run_wps_er_proto_test(dev
[0], WPSAPHTTPServer_subscribe_invalid_response
)
4670 def test_ap_wps_er_http_proto_subscribe_invalid_response(dev
, apdev
):
4671 """WPS ER HTTP protocol testing - SUBSCRIBE and invalid response"""
4672 class WPSAPHTTPServer_invalid_m1(WPSAPHTTPServer
):
4673 def handle_wps_control(self
):
4674 payload
= '''<?xml version="1.0"?>
4675 <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
4677 <u:GetDeviceInfoResponse xmlns:u="urn:schemas-wifialliance-org:service:WFAWLANConfig:1">
4678 <NewDeviceInfo>Rk9P</NewDeviceInfo>
4679 </u:GetDeviceInfoResponse>
4683 self
.wfile
.write(gen_wps_control(payload_override
=payload
))
4684 run_wps_er_proto_test(dev
[0], WPSAPHTTPServer_invalid_m1
, no_event_url
=True)
4686 def test_ap_wps_er_http_proto_upnp_info_no_device(dev
, apdev
):
4687 """WPS ER HTTP protocol testing - No device in UPnP info"""
4688 class WPSAPHTTPServer_no_device(WPSAPHTTPServer
):
4689 def handle_upnp_info(self
):
4690 payload
= '''<?xml version="1.0"?>
4691 <root xmlns="urn:schemas-upnp-org:device-1-0">
4698 hdr
= 'HTTP/1.1 200 OK\r\n' + \
4699 'Content-Type: text/xml; charset="utf-8"\r\n' + \
4700 'Server: Unspecified, UPnP/1.0, Unspecified\r\n' + \
4701 'Connection: close\r\n' + \
4702 'Content-Length: ' + str(len(payload
)) + '\r\n' + \
4703 'Date: Sat, 15 Aug 2015 18:55:08 GMT\r\n\r\n'
4704 self
.wfile
.write(hdr
+ payload
)
4705 run_wps_er_proto_test(dev
[0], WPSAPHTTPServer_no_device
, no_event_url
=True)
4707 def test_ap_wps_er_http_proto_upnp_info_no_device_type(dev
, apdev
):
4708 """WPS ER HTTP protocol testing - No deviceType in UPnP info"""
4709 class WPSAPHTTPServer_no_device(WPSAPHTTPServer
):
4710 def handle_upnp_info(self
):
4711 payload
= '''<?xml version="1.0"?>
4712 <root xmlns="urn:schemas-upnp-org:device-1-0">
4721 hdr
= 'HTTP/1.1 200 OK\r\n' + \
4722 'Content-Type: text/xml; charset="utf-8"\r\n' + \
4723 'Server: Unspecified, UPnP/1.0, Unspecified\r\n' + \
4724 'Connection: close\r\n' + \
4725 'Content-Length: ' + str(len(payload
)) + '\r\n' + \
4726 'Date: Sat, 15 Aug 2015 18:55:08 GMT\r\n\r\n'
4727 self
.wfile
.write(hdr
+ payload
)
4728 run_wps_er_proto_test(dev
[0], WPSAPHTTPServer_no_device
, no_event_url
=True)
4730 def test_ap_wps_er_http_proto_upnp_info_invalid_udn_uuid(dev
, apdev
):
4731 """WPS ER HTTP protocol testing - Invalid UDN UUID"""
4732 class WPSAPHTTPServer_invalid_udn_uuid(WPSAPHTTPServer
):
4733 def handle_upnp_info(self
):
4734 self
.wfile
.write(gen_upnp_info(udn
='uuid:foo'))
4735 run_wps_er_proto_test(dev
[0], WPSAPHTTPServer_invalid_udn_uuid
)
4737 def test_ap_wps_er_http_proto_no_control_url(dev
, apdev
):
4738 """WPS ER HTTP protocol testing - no controlURL"""
4739 class WPSAPHTTPServer_no_control_url(WPSAPHTTPServer
):
4740 def handle_upnp_info(self
):
4741 self
.wfile
.write(gen_upnp_info(controlURL
=None))
4742 run_wps_er_proto_test(dev
[0], WPSAPHTTPServer_no_control_url
,
4745 def test_ap_wps_er_http_proto_control_url_dns(dev
, apdev
):
4746 """WPS ER HTTP protocol testing - DNS name in controlURL"""
4747 class WPSAPHTTPServer_control_url_dns(WPSAPHTTPServer
):
4748 def handle_upnp_info(self
):
4749 self
.wfile
.write(gen_upnp_info(controlURL
='http://example.com/wps_control'))
4750 run_wps_er_proto_test(dev
[0], WPSAPHTTPServer_control_url_dns
,
4753 def test_ap_wps_http_timeout(dev
, apdev
):
4754 """WPS AP/ER and HTTP timeout"""
4756 _test_ap_wps_http_timeout(dev
, apdev
)
4758 dev
[0].request("WPS_ER_STOP")
4760 def _test_ap_wps_http_timeout(dev
, apdev
):
4761 ap_uuid
= "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
4762 add_ssdp_ap(apdev
[0], ap_uuid
)
4764 location
= ssdp_get_location(ap_uuid
)
4765 url
= urlparse
.urlparse(location
)
4766 addr
= (url
.hostname
, url
.port
)
4767 logger
.debug("Open HTTP connection to hostapd, but do not complete request")
4768 sock
= socket
.socket(socket
.AF_INET
, socket
.SOCK_STREAM
,
4773 class DummyServer(SocketServer
.StreamRequestHandler
):
4775 logger
.debug("DummyServer - start 31 sec wait")
4777 logger
.debug("DummyServer - wait done")
4779 logger
.debug("Start WPS ER")
4780 server
,sock2
= wps_er_start(dev
[0], DummyServer
, max_age
=40,
4783 logger
.debug("Start server to accept, but not complete, HTTP connection from WPS ER")
4784 # This will wait for 31 seconds..
4785 server
.handle_request()
4787 logger
.debug("Complete HTTP connection with hostapd (that should have already closed the connection)")
4789 sock
.send("ET / HTTP/1.1\r\n\r\n")
4790 res
= sock
.recv(100)
4795 def test_ap_wps_er_url_parse(dev
, apdev
):
4796 """WPS ER and URL parsing special cases"""
4798 _test_ap_wps_er_url_parse(dev
, apdev
)
4800 dev
[0].request("WPS_ER_STOP")
4802 def _test_ap_wps_er_url_parse(dev
, apdev
):
4803 sock
= socket
.socket(socket
.AF_INET
, socket
.SOCK_DGRAM
, socket
.IPPROTO_UDP
)
4805 sock
.setsockopt(socket
.SOL_SOCKET
, socket
.SO_REUSEADDR
, 1)
4806 sock
.bind(("239.255.255.250", 1900))
4807 dev
[0].request("WPS_ER_START ifname=lo")
4808 (msg
,addr
) = sock
.recvfrom(1000)
4809 logger
.debug("Received SSDP message from %s: %s" % (str(addr
), msg
))
4810 if "M-SEARCH" not in msg
:
4811 raise Exception("Not an M-SEARCH")
4812 sock
.sendto("HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nlocation:http://127.0.0.1\r\ncache-control:max-age=1\r\n\r\n", addr
)
4813 ev
= dev
[0].wait_event(["WPS-ER-AP-REMOVE"], timeout
=2)
4814 sock
.sendto("HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nlocation:http://127.0.0.1/:foo\r\ncache-control:max-age=1\r\n\r\n", addr
)
4815 ev
= dev
[0].wait_event(["WPS-ER-AP-REMOVE"], timeout
=2)
4816 sock
.sendto("HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nlocation:http://255.255.255.255:0/foo.xml\r\ncache-control:max-age=1\r\n\r\n", addr
)
4817 ev
= dev
[0].wait_event(["WPS-ER-AP-REMOVE"], timeout
=2)
4821 def test_ap_wps_er_link_update(dev
, apdev
):
4822 """WPS ER and link update special cases"""
4823 class WPSAPHTTPServer_link_update(WPSAPHTTPServer
):
4824 def handle_upnp_info(self
):
4825 self
.wfile
.write(gen_upnp_info(controlURL
='/wps_control'))
4826 run_wps_er_proto_test(dev
[0], WPSAPHTTPServer_link_update
)
4828 class WPSAPHTTPServer_link_update2(WPSAPHTTPServer
):
4829 def handle_others(self
, data
):
4830 if "GET / " in data
:
4831 self
.wfile
.write(gen_upnp_info(controlURL
='/wps_control'))
4832 run_wps_er_proto_test(dev
[0], WPSAPHTTPServer_link_update2
,
4833 location_url
='http://127.0.0.1:12345')
4835 def test_ap_wps_er_http_client(dev
, apdev
):
4836 """WPS ER and HTTP client special cases"""
4837 with
alloc_fail(dev
[0], 1, "http_link_update"):
4838 run_wps_er_proto_test(dev
[0], WPSAPHTTPServer
)
4840 with
alloc_fail(dev
[0], 1, "wpabuf_alloc;http_client_url"):
4841 run_wps_er_proto_test(dev
[0], WPSAPHTTPServer
, no_event_url
=True)
4843 with
alloc_fail(dev
[0], 1, "httpread_create;http_client_tx_ready"):
4844 run_wps_er_proto_test(dev
[0], WPSAPHTTPServer
, no_event_url
=True)
4846 class WPSAPHTTPServer_req_as_resp(WPSAPHTTPServer
):
4847 def handle_upnp_info(self
):
4848 self
.wfile
.write("GET / HTTP/1.1\r\n\r\n")
4849 run_wps_er_proto_test(dev
[0], WPSAPHTTPServer_req_as_resp
,
4852 def test_ap_wps_init_oom(dev
, apdev
):
4853 """wps_init OOM cases"""
4856 params
= { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
4858 hapd
= hostapd
.add_ap(apdev
[0], params
)
4859 pin
= dev
[0].wps_read_pin()
4861 with
alloc_fail(hapd
, 1, "wps_init"):
4862 hapd
.request("WPS_PIN any " + pin
)
4863 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
="2412")
4864 dev
[0].request("WPS_PIN %s %s" % (apdev
[0]['bssid'], pin
))
4865 ev
= hapd
.wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout
=10)
4867 raise Exception("No EAP failure reported")
4868 dev
[0].request("WPS_CANCEL")
4870 with
alloc_fail(dev
[0], 2, "wps_init"):
4871 hapd
.request("WPS_PIN any " + pin
)
4872 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
="2412")
4873 dev
[0].request("WPS_PIN %s %s" % (apdev
[0]['bssid'], pin
))
4874 ev
= hapd
.wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout
=10)
4876 raise Exception("No EAP failure reported")
4877 dev
[0].request("WPS_CANCEL")
4879 with
alloc_fail(dev
[0], 2, "wps_init"):
4880 hapd
.request("WPS_PBC")
4881 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
="2412")
4882 dev
[0].request("WPS_PBC %s" % (apdev
[0]['bssid']))
4883 ev
= hapd
.wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout
=10)
4885 raise Exception("No EAP failure reported")
4886 dev
[0].request("WPS_CANCEL")
4888 dev
[0].dump_monitor()
4889 new_ssid
= "wps-new-ssid"
4890 new_passphrase
= "1234567890"
4891 with
alloc_fail(dev
[0], 3, "wps_init"):
4892 dev
[0].wps_reg(apdev
[0]['bssid'], appin
, new_ssid
, "WPA2PSK", "CCMP",
4893 new_passphrase
, no_wait
=True)
4894 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout
=10)
4896 raise Exception("No EAP failure reported")
4898 dev
[0].flush_scan_cache()
4901 def test_ap_wps_invalid_assoc_req_elem(dev
, apdev
):
4902 """WPS and invalid IE in Association Request frame"""
4904 params
= { "ssid": ssid
, "eap_server": "1", "wps_state": "2" }
4905 hapd
= hostapd
.add_ap(apdev
[0], params
)
4907 hapd
.request("WPS_PIN any " + pin
)
4908 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
="2412")
4910 dev
[0].request("VENDOR_ELEM_ADD 13 dd050050f20410")
4911 dev
[0].request("WPS_PIN %s %s" % (apdev
[0]['bssid'], pin
))
4913 ev
= hapd
.wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout
=10)
4914 if ev
and "vendor=14122" in ev
:
4916 if ev
is None or "vendor=14122" not in ev
:
4917 raise Exception("EAP-WSC not started")
4918 dev
[0].request("WPS_CANCEL")
4920 dev
[0].request("VENDOR_ELEM_REMOVE 13 *")
4922 def test_ap_wps_pbc_pin_mismatch(dev
, apdev
):
4923 """WPS PBC/PIN mismatch"""
4925 params
= { "ssid": ssid
, "eap_server": "1", "wps_state": "2" }
4926 hapd
= hostapd
.add_ap(apdev
[0], params
)
4927 hapd
.request("SET wps_version_number 0x10")
4928 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
="2412")
4929 hapd
.request("WPS_PBC")
4930 pin
= dev
[0].wps_read_pin()
4931 dev
[0].request("WPS_PIN %s %s" % (apdev
[0]['bssid'], pin
))
4932 ev
= dev
[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"])
4934 raise Exception("Scan did not complete")
4935 dev
[0].request("WPS_CANCEL")
4937 hapd
.request("WPS_CANCEL")
4938 dev
[0].flush_scan_cache()
4941 def test_ap_wps_ie_invalid(dev
, apdev
):
4942 """WPS PIN attempt with AP that has invalid WSC IE"""
4944 params
= { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
4945 "vendor_elements": "dd050050f20410" }
4946 hapd
= hostapd
.add_ap(apdev
[0], params
)
4947 params
= { 'ssid': "another", "vendor_elements": "dd050050f20410" }
4948 hostapd
.add_ap(apdev
[1], params
)
4949 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
="2412")
4950 pin
= dev
[0].wps_read_pin()
4951 dev
[0].request("WPS_PIN %s %s" % (apdev
[0]['bssid'], pin
))
4952 ev
= dev
[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"])
4954 raise Exception("Scan did not complete")
4955 dev
[0].request("WPS_CANCEL")
4958 def test_ap_wps_scan_prio_order(dev
, apdev
):
4959 """WPS scan priority ordering"""
4961 params
= { "ssid": ssid
, "eap_server": "1", "wps_state": "2" }
4962 hapd
= hostapd
.add_ap(apdev
[0], params
)
4963 params
= { 'ssid': "another", "vendor_elements": "dd050050f20410" }
4964 hostapd
.add_ap(apdev
[1], params
)
4965 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
="2412")
4966 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
4967 pin
= dev
[0].wps_read_pin()
4968 dev
[0].request("WPS_PIN %s %s" % (apdev
[0]['bssid'], pin
))
4969 ev
= dev
[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"])
4971 raise Exception("Scan did not complete")
4972 dev
[0].request("WPS_CANCEL")
4974 def test_ap_wps_probe_req_ie_oom(dev
, apdev
):
4975 """WPS ProbeReq IE OOM"""
4977 params
= { "ssid": ssid
, "eap_server": "1", "wps_state": "2" }
4978 hapd
= hostapd
.add_ap(apdev
[0], params
)
4979 pin
= dev
[0].wps_read_pin()
4980 hapd
.request("WPS_PIN any " + pin
)
4981 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
="2412")
4982 with
alloc_fail(dev
[0], 1, "wps_build_probe_req_ie"):
4983 dev
[0].request("WPS_PIN %s %s" % (apdev
[0]['bssid'], pin
))
4984 ev
= hapd
.wait_event(["AP-STA-CONNECTED"], timeout
=10)
4986 raise Exception("Association not seen")
4987 dev
[0].request("WPS_CANCEL")
4988 dev
[0].wait_disconnected()
4990 with
alloc_fail(dev
[0], 1, "wps_ie_encapsulate"):
4991 dev
[0].request("WPS_PIN %s %s" % (apdev
[0]['bssid'], pin
))
4992 ev
= hapd
.wait_event(["AP-STA-CONNECTED"], timeout
=10)
4994 raise Exception("Association not seen")
4995 dev
[0].request("WPS_CANCEL")
4997 dev
[0].request("REMOVE_NETWORK all")
4998 dev
[0].wait_disconnected()
5000 dev
[0].flush_scan_cache()
5002 def test_ap_wps_assoc_req_ie_oom(dev
, apdev
):
5003 """WPS AssocReq IE OOM"""
5005 params
= { "ssid": ssid
, "eap_server": "1", "wps_state": "2" }
5006 hapd
= hostapd
.add_ap(apdev
[0], params
)
5007 pin
= dev
[0].wps_read_pin()
5008 hapd
.request("WPS_PIN any " + pin
)
5009 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
="2412")
5010 with
alloc_fail(dev
[0], 1, "wps_build_assoc_req_ie"):
5011 dev
[0].request("WPS_PIN %s %s" % (apdev
[0]['bssid'], pin
))
5012 ev
= hapd
.wait_event(["AP-STA-CONNECTED"], timeout
=10)
5014 raise Exception("Association not seen")
5015 dev
[0].request("WPS_CANCEL")
5017 def test_ap_wps_assoc_resp_ie_oom(dev
, apdev
):
5018 """WPS AssocResp IE OOM"""
5020 params
= { "ssid": ssid
, "eap_server": "1", "wps_state": "2" }
5021 hapd
= hostapd
.add_ap(apdev
[0], params
)
5022 pin
= dev
[0].wps_read_pin()
5023 hapd
.request("WPS_PIN any " + pin
)
5024 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
="2412")
5025 with
alloc_fail(hapd
, 1, "wps_build_assoc_resp_ie"):
5026 dev
[0].request("WPS_PIN %s %s" % (apdev
[0]['bssid'], pin
))
5027 ev
= hapd
.wait_event(["AP-STA-CONNECTED"], timeout
=10)
5029 raise Exception("Association not seen")
5030 dev
[0].request("WPS_CANCEL")
5033 def test_ap_wps_bss_info_errors(dev
, apdev
):
5034 """WPS BSS info errors"""
5035 params
= { "ssid": "1",
5036 "vendor_elements": "dd0e0050f20410440001ff101100010a" }
5037 hostapd
.add_ap(apdev
[0], params
)
5038 params
= { 'ssid': "2", "vendor_elements": "dd050050f20410" }
5039 hostapd
.add_ap(apdev
[1], params
)
5040 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
="2412")
5041 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
5042 bss
= dev
[0].get_bss(apdev
[0]['bssid'])
5043 logger
.info("BSS: " + str(bss
))
5044 if "wps_state" in bss
:
5045 raise Exception("Unexpected wps_state in BSS info")
5046 if 'wps_device_name' not in bss
:
5047 raise Exception("No wps_device_name in BSS info")
5048 if bss
['wps_device_name'] != '_':
5049 raise Exception("Unexpected wps_device_name value")
5050 bss
= dev
[0].get_bss(apdev
[1]['bssid'])
5051 logger
.info("BSS: " + str(bss
))
5053 with
alloc_fail(dev
[0], 1, "=wps_attr_text"):
5054 bss
= dev
[0].get_bss(apdev
[0]['bssid'])
5055 logger
.info("BSS(OOM): " + str(bss
))
5057 def wps_run_pbc_fail_ap(apdev
, dev
, hapd
):
5058 hapd
.request("WPS_PBC")
5059 dev
.scan_for_bss(apdev
['bssid'], freq
="2412")
5060 dev
.request("WPS_PBC " + apdev
['bssid'])
5061 ev
= dev
.wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout
=10)
5063 raise Exception("No EAP failure reported")
5064 dev
.request("WPS_CANCEL")
5065 dev
.wait_disconnected()
5068 dev
.flush_scan_cache()
5070 except Exception, e
:
5071 if str(e
).startswith("Failed to trigger scan"):
5077 def wps_run_pbc_fail(apdev
, dev
):
5078 hapd
= wps_start_ap(apdev
)
5079 wps_run_pbc_fail_ap(apdev
, dev
, hapd
)
5082 def test_ap_wps_pk_oom(dev
, apdev
):
5083 """WPS and public key OOM"""
5084 with
alloc_fail(dev
[0], 1, "wps_build_public_key"):
5085 wps_run_pbc_fail(apdev
[0], dev
[0])
5088 def test_ap_wps_pk_oom_ap(dev
, apdev
):
5089 """WPS and public key OOM on AP"""
5090 hapd
= wps_start_ap(apdev
[0])
5091 with
alloc_fail(hapd
, 1, "wps_build_public_key"):
5092 wps_run_pbc_fail_ap(apdev
[0], dev
[0], hapd
)
5095 def test_ap_wps_encr_oom_ap(dev
, apdev
):
5096 """WPS and encrypted settings decryption OOM on AP"""
5097 hapd
= wps_start_ap(apdev
[0])
5098 pin
= dev
[0].wps_read_pin()
5099 hapd
.request("WPS_PIN any " + pin
)
5100 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
="2412")
5101 with
alloc_fail(hapd
, 1, "wps_decrypt_encr_settings"):
5102 dev
[0].request("WPS_PIN " + apdev
[0]['bssid'] + " " + pin
)
5103 ev
= hapd
.wait_event(["WPS-FAIL"], timeout
=10)
5105 raise Exception("No WPS-FAIL reported")
5106 dev
[0].request("WPS_CANCEL")
5107 dev
[0].wait_disconnected()
5110 def test_ap_wps_encr_no_random_ap(dev
, apdev
):
5111 """WPS and no random data available for encryption on AP"""
5112 hapd
= wps_start_ap(apdev
[0])
5113 with
fail_test(hapd
, 1, "os_get_random;wps_build_encr_settings"):
5114 wps_run_pbc_fail_ap(apdev
[0], dev
[0], hapd
)
5117 def test_ap_wps_e_hash_no_random_sta(dev
, apdev
):
5118 """WPS and no random data available for e-hash on STA"""
5119 with
fail_test(dev
[0], 1, "os_get_random;wps_build_e_hash"):
5120 wps_run_pbc_fail(apdev
[0], dev
[0])
5123 def test_ap_wps_m1_no_random(dev
, apdev
):
5124 """WPS and no random for M1 on STA"""
5125 with
fail_test(dev
[0], 1, "os_get_random;wps_build_m1"):
5126 wps_run_pbc_fail(apdev
[0], dev
[0])
5129 def test_ap_wps_m1_oom(dev
, apdev
):
5130 """WPS and OOM for M1 on STA"""
5131 with
alloc_fail(dev
[0], 1, "wps_build_m1"):
5132 wps_run_pbc_fail(apdev
[0], dev
[0])
5135 def test_ap_wps_m3_oom(dev
, apdev
):
5136 """WPS and OOM for M3 on STA"""
5137 with
alloc_fail(dev
[0], 1, "wps_build_m3"):
5138 wps_run_pbc_fail(apdev
[0], dev
[0])
5141 def test_ap_wps_m5_oom(dev
, apdev
):
5142 """WPS and OOM for M5 on STA"""
5143 hapd
= wps_start_ap(apdev
[0])
5144 hapd
.request("WPS_PBC")
5145 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
="2412")
5146 for i
in range(1, 3):
5147 with
alloc_fail(dev
[0], i
, "wps_build_m5"):
5148 dev
[0].request("WPS_PBC " + apdev
[0]['bssid'])
5149 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout
=10)
5151 raise Exception("No EAP failure reported")
5152 dev
[0].request("WPS_CANCEL")
5153 dev
[0].wait_disconnected()
5154 dev
[0].flush_scan_cache()
5157 def test_ap_wps_m5_no_random(dev
, apdev
):
5158 """WPS and no random for M5 on STA"""
5159 with
fail_test(dev
[0], 1,
5160 "os_get_random;wps_build_encr_settings;wps_build_m5"):
5161 wps_run_pbc_fail(apdev
[0], dev
[0])
5164 def test_ap_wps_m7_oom(dev
, apdev
):
5165 """WPS and OOM for M7 on STA"""
5166 hapd
= wps_start_ap(apdev
[0])
5167 hapd
.request("WPS_PBC")
5168 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
="2412")
5169 for i
in range(1, 3):
5170 with
alloc_fail(dev
[0], i
, "wps_build_m7"):
5171 dev
[0].request("WPS_PBC " + apdev
[0]['bssid'])
5172 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout
=10)
5174 raise Exception("No EAP failure reported")
5175 dev
[0].request("WPS_CANCEL")
5176 dev
[0].wait_disconnected()
5177 dev
[0].flush_scan_cache()
5180 def test_ap_wps_m7_no_random(dev
, apdev
):
5181 """WPS and no random for M7 on STA"""
5182 with
fail_test(dev
[0], 1,
5183 "os_get_random;wps_build_encr_settings;wps_build_m7"):
5184 wps_run_pbc_fail(apdev
[0], dev
[0])
5187 def test_ap_wps_wsc_done_oom(dev
, apdev
):
5188 """WPS and OOM for WSC_Done on STA"""
5189 with
alloc_fail(dev
[0], 1, "wps_build_wsc_done"):
5190 wps_run_pbc_fail(apdev
[0], dev
[0])
5192 def test_ap_wps_random_psk_fail(dev
, apdev
):
5193 """WPS and no random for PSK on AP"""
5195 pskfile
= "/tmp/ap_wps_per_enrollee_psk.psk_file"
5203 with
open(pskfile
, "w") as f
:
5204 f
.write("# WPA PSKs\n")
5206 params
= { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
5207 "wpa": "2", "wpa_key_mgmt": "WPA-PSK",
5208 "rsn_pairwise": "CCMP", "ap_pin": appin
,
5209 "wpa_psk_file": pskfile
}
5210 hapd
= hostapd
.add_ap(apdev
[0], params
)
5212 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
="2412")
5213 with
fail_test(hapd
, 1, "os_get_random;wps_build_cred_network_key"):
5214 dev
[0].request("WPS_REG " + apdev
[0]['bssid'] + " " + appin
)
5215 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout
=10)
5217 raise Exception("No EAP failure reported")
5218 dev
[0].request("WPS_CANCEL")
5219 dev
[0].wait_disconnected()
5221 with
fail_test(hapd
, 1, "os_get_random;wps_build_cred"):
5222 wps_run_pbc_fail_ap(apdev
[0], dev
[0], hapd
)
5224 with
alloc_fail(hapd
, 1, "wps_build_cred"):
5225 wps_run_pbc_fail_ap(apdev
[0], dev
[0], hapd
)
5227 with
alloc_fail(hapd
, 2, "wps_build_cred"):
5228 wps_run_pbc_fail_ap(apdev
[0], dev
[0], hapd
)
5232 def wps_ext_eap_identity_req(dev
, hapd
, bssid
):
5233 logger
.debug("EAP-Identity/Request")
5234 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=10)
5236 raise Exception("Timeout on EAPOL-TX from hostapd")
5237 res
= dev
.request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
5239 raise Exception("EAPOL_RX to wpa_supplicant failed")
5241 def wps_ext_eap_identity_resp(hapd
, dev
, addr
):
5242 ev
= dev
.wait_event(["EAPOL-TX"], timeout
=10)
5244 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
5245 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
5247 raise Exception("EAPOL_RX to hostapd failed")
5249 def wps_ext_eap_wsc(dst
, src
, src_addr
, msg
):
5251 ev
= src
.wait_event(["EAPOL-TX"], timeout
=10)
5253 raise Exception("Timeout on EAPOL-TX")
5254 res
= dst
.request("EAPOL_RX " + src_addr
+ " " + ev
.split(' ')[2])
5256 raise Exception("EAPOL_RX failed")
5258 def wps_start_ext(apdev
, dev
, pbc
=False, pin
=None):
5259 addr
= dev
.own_addr()
5260 bssid
= apdev
['bssid']
5261 ssid
= "test-wps-conf"
5262 params
= { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
5263 "wpa_passphrase": "12345678", "wpa": "2",
5264 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"}
5265 hapd
= hostapd
.add_ap(apdev
, params
)
5268 hapd
.request("WPS_PBC")
5271 pin
= dev
.wps_read_pin()
5272 hapd
.request("WPS_PIN any " + pin
)
5273 dev
.scan_for_bss(bssid
, freq
="2412")
5274 hapd
.request("SET ext_eapol_frame_io 1")
5275 dev
.request("SET ext_eapol_frame_io 1")
5278 dev
.request("WPS_PBC " + bssid
)
5280 dev
.request("WPS_PIN " + bssid
+ " " + pin
)
5281 return addr
,bssid
,hapd
5283 def wps_auth_corrupt(dst
, src
, addr
):
5284 ev
= src
.wait_event(["EAPOL-TX"], timeout
=10)
5286 raise Exception("Timeout on EAPOL-TX")
5287 src
.request("SET ext_eapol_frame_io 0")
5288 dst
.request("SET ext_eapol_frame_io 0")
5289 msg
= ev
.split(' ')[2]
5290 if msg
[-24:-16] != '10050008':
5291 raise Exception("Could not find Authenticator attribute")
5292 # Corrupt Authenticator value
5293 msg
= msg
[:-1] + '%x' % ((int(msg
[-1], 16) + 1) % 16)
5294 res
= dst
.request("EAPOL_RX " + addr
+ " " + msg
)
5296 raise Exception("EAPOL_RX failed")
5298 def wps_fail_finish(hapd
, dev
, fail_str
):
5299 ev
= hapd
.wait_event(["WPS-FAIL"], timeout
=5)
5301 raise Exception("WPS-FAIL not indicated")
5302 if fail_str
not in ev
:
5303 raise Exception("Unexpected WPS-FAIL value: " + ev
)
5304 dev
.request("WPS_CANCEL")
5305 dev
.wait_disconnected()
5307 def wps_auth_corrupt_from_ap(dev
, hapd
, bssid
, fail_str
):
5308 wps_auth_corrupt(dev
, hapd
, bssid
)
5309 wps_fail_finish(hapd
, dev
, fail_str
)
5311 def wps_auth_corrupt_to_ap(dev
, hapd
, addr
, fail_str
):
5312 wps_auth_corrupt(hapd
, dev
, addr
)
5313 wps_fail_finish(hapd
, dev
, fail_str
)
5315 def test_ap_wps_authenticator_mismatch_m2(dev
, apdev
):
5316 """WPS and Authenticator attribute mismatch in M2"""
5317 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0])
5318 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
5319 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
5320 wps_ext_eap_wsc(dev
[0], hapd
, bssid
, "EAP-WSC/Start")
5321 wps_ext_eap_wsc(hapd
, dev
[0], addr
, "M1")
5323 wps_auth_corrupt_from_ap(dev
[0], hapd
, bssid
, "msg=5")
5325 def test_ap_wps_authenticator_mismatch_m3(dev
, apdev
):
5326 """WPS and Authenticator attribute mismatch in M3"""
5327 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0])
5328 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
5329 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
5330 wps_ext_eap_wsc(dev
[0], hapd
, bssid
, "EAP-WSC/Start")
5331 wps_ext_eap_wsc(hapd
, dev
[0], addr
, "M1")
5332 wps_ext_eap_wsc(dev
[0], hapd
, bssid
, "M2")
5334 wps_auth_corrupt_to_ap(dev
[0], hapd
, addr
, "msg=7")
5336 def test_ap_wps_authenticator_mismatch_m4(dev
, apdev
):
5337 """WPS and Authenticator attribute mismatch in M4"""
5338 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0])
5339 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
5340 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
5341 wps_ext_eap_wsc(dev
[0], hapd
, bssid
, "EAP-WSC/Start")
5342 wps_ext_eap_wsc(hapd
, dev
[0], addr
, "M1")
5343 wps_ext_eap_wsc(dev
[0], hapd
, bssid
, "M2")
5344 wps_ext_eap_wsc(hapd
, dev
[0], addr
, "M3")
5346 wps_auth_corrupt_from_ap(dev
[0], hapd
, bssid
, "msg=8")
5348 def test_ap_wps_authenticator_mismatch_m5(dev
, apdev
):
5349 """WPS and Authenticator attribute mismatch in M5"""
5350 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0])
5351 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
5352 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
5353 wps_ext_eap_wsc(dev
[0], hapd
, bssid
, "EAP-WSC/Start")
5354 wps_ext_eap_wsc(hapd
, dev
[0], addr
, "M1")
5355 wps_ext_eap_wsc(dev
[0], hapd
, bssid
, "M2")
5356 wps_ext_eap_wsc(hapd
, dev
[0], addr
, "M3")
5357 wps_ext_eap_wsc(dev
[0], hapd
, bssid
, "M4")
5359 wps_auth_corrupt_to_ap(dev
[0], hapd
, addr
, "msg=9")
5361 def test_ap_wps_authenticator_mismatch_m6(dev
, apdev
):
5362 """WPS and Authenticator attribute mismatch in M6"""
5363 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0])
5364 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
5365 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
5366 wps_ext_eap_wsc(dev
[0], hapd
, bssid
, "EAP-WSC/Start")
5367 wps_ext_eap_wsc(hapd
, dev
[0], addr
, "M1")
5368 wps_ext_eap_wsc(dev
[0], hapd
, bssid
, "M2")
5369 wps_ext_eap_wsc(hapd
, dev
[0], addr
, "M3")
5370 wps_ext_eap_wsc(dev
[0], hapd
, bssid
, "M4")
5371 wps_ext_eap_wsc(hapd
, dev
[0], addr
, "M5")
5373 wps_auth_corrupt_from_ap(dev
[0], hapd
, bssid
, "msg=10")
5375 def test_ap_wps_authenticator_mismatch_m7(dev
, apdev
):
5376 """WPS and Authenticator attribute mismatch in M7"""
5377 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0])
5378 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
5379 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
5380 wps_ext_eap_wsc(dev
[0], hapd
, bssid
, "EAP-WSC/Start")
5381 wps_ext_eap_wsc(hapd
, dev
[0], addr
, "M1")
5382 wps_ext_eap_wsc(dev
[0], hapd
, bssid
, "M2")
5383 wps_ext_eap_wsc(hapd
, dev
[0], addr
, "M3")
5384 wps_ext_eap_wsc(dev
[0], hapd
, bssid
, "M4")
5385 wps_ext_eap_wsc(hapd
, dev
[0], addr
, "M5")
5386 wps_ext_eap_wsc(dev
[0], hapd
, bssid
, "M6")
5388 wps_auth_corrupt_to_ap(dev
[0], hapd
, addr
, "msg=11")
5390 def test_ap_wps_authenticator_mismatch_m8(dev
, apdev
):
5391 """WPS and Authenticator attribute mismatch in M8"""
5392 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0])
5393 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
5394 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
5395 wps_ext_eap_wsc(dev
[0], hapd
, bssid
, "EAP-WSC/Start")
5396 wps_ext_eap_wsc(hapd
, dev
[0], addr
, "M1")
5397 wps_ext_eap_wsc(dev
[0], hapd
, bssid
, "M2")
5398 wps_ext_eap_wsc(hapd
, dev
[0], addr
, "M3")
5399 wps_ext_eap_wsc(dev
[0], hapd
, bssid
, "M4")
5400 wps_ext_eap_wsc(hapd
, dev
[0], addr
, "M5")
5401 wps_ext_eap_wsc(dev
[0], hapd
, bssid
, "M6")
5402 wps_ext_eap_wsc(hapd
, dev
[0], addr
, "M7")
5404 wps_auth_corrupt_from_ap(dev
[0], hapd
, bssid
, "msg=12")
5406 def test_ap_wps_authenticator_missing_m2(dev
, apdev
):
5407 """WPS and Authenticator attribute missing from M2"""
5408 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0])
5409 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
5410 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
5411 wps_ext_eap_wsc(dev
[0], hapd
, bssid
, "EAP-WSC/Start")
5412 wps_ext_eap_wsc(hapd
, dev
[0], addr
, "M1")
5414 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=10)
5416 raise Exception("Timeout on EAPOL-TX")
5417 hapd
.request("SET ext_eapol_frame_io 0")
5418 dev
[0].request("SET ext_eapol_frame_io 0")
5419 msg
= ev
.split(' ')[2]
5420 if msg
[-24:-16] != '10050008':
5421 raise Exception("Could not find Authenticator attribute")
5422 # Remove Authenticator value
5424 mlen
= "%04x" % (int(msg
[4:8], 16) - 12)
5425 msg
= msg
[0:4] + mlen
+ msg
[8:12] + mlen
+ msg
[16:]
5426 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg
)
5428 raise Exception("EAPOL_RX failed")
5429 wps_fail_finish(hapd
, dev
[0], "msg=5")
5431 def test_ap_wps_m2_dev_passwd_id_p2p(dev
, apdev
):
5432 """WPS and M2 with different Device Password ID (P2P)"""
5433 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0])
5434 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
5435 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
5436 wps_ext_eap_wsc(dev
[0], hapd
, bssid
, "EAP-WSC/Start")
5437 wps_ext_eap_wsc(hapd
, dev
[0], addr
, "M1")
5439 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=10)
5441 raise Exception("Timeout on EAPOL-TX")
5442 hapd
.request("SET ext_eapol_frame_io 0")
5443 dev
[0].request("SET ext_eapol_frame_io 0")
5444 msg
= ev
.split(' ')[2]
5445 if msg
[722:730] != '10120002':
5446 raise Exception("Could not find Device Password ID attribute")
5447 # Replace Device Password ID value. This will fail Authenticator check, but
5448 # allows the code path in wps_process_dev_pw_id() to be checked from debug
5450 msg
= msg
[0:730] + "0005" + msg
[734:]
5451 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg
)
5453 raise Exception("EAPOL_RX failed")
5454 wps_fail_finish(hapd
, dev
[0], "msg=5")
5456 def test_ap_wps_m2_dev_passwd_id_change_pin_to_pbc(dev
, apdev
):
5457 """WPS and M2 with different Device Password ID (PIN to PBC)"""
5458 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0])
5459 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
5460 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
5461 wps_ext_eap_wsc(dev
[0], hapd
, bssid
, "EAP-WSC/Start")
5462 wps_ext_eap_wsc(hapd
, dev
[0], addr
, "M1")
5464 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=10)
5466 raise Exception("Timeout on EAPOL-TX")
5467 hapd
.request("SET ext_eapol_frame_io 0")
5468 dev
[0].request("SET ext_eapol_frame_io 0")
5469 msg
= ev
.split(' ')[2]
5470 if msg
[722:730] != '10120002':
5471 raise Exception("Could not find Device Password ID attribute")
5472 # Replace Device Password ID value (PIN --> PBC). This will be rejected.
5473 msg
= msg
[0:730] + "0004" + msg
[734:]
5474 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg
)
5476 raise Exception("EAPOL_RX failed")
5477 wps_fail_finish(hapd
, dev
[0], "msg=5")
5479 def test_ap_wps_m2_dev_passwd_id_change_pbc_to_pin(dev
, apdev
):
5480 """WPS and M2 with different Device Password ID (PBC to PIN)"""
5481 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0], pbc
=True)
5482 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
5483 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
5484 wps_ext_eap_wsc(dev
[0], hapd
, bssid
, "EAP-WSC/Start")
5485 wps_ext_eap_wsc(hapd
, dev
[0], addr
, "M1")
5487 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=10)
5489 raise Exception("Timeout on EAPOL-TX")
5490 hapd
.request("SET ext_eapol_frame_io 0")
5491 dev
[0].request("SET ext_eapol_frame_io 0")
5492 msg
= ev
.split(' ')[2]
5493 if msg
[722:730] != '10120002':
5494 raise Exception("Could not find Device Password ID attribute")
5495 # Replace Device Password ID value. This will fail Authenticator check, but
5496 # allows the code path in wps_process_dev_pw_id() to be checked from debug
5498 msg
= msg
[0:730] + "0000" + msg
[734:]
5499 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg
)
5501 raise Exception("EAPOL_RX failed")
5502 wps_fail_finish(hapd
, dev
[0], "msg=5")
5503 dev
[0].flush_scan_cache()
5505 def test_ap_wps_m2_missing_dev_passwd_id(dev
, apdev
):
5506 """WPS and M2 without Device Password ID"""
5507 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0])
5508 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
5509 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
5510 wps_ext_eap_wsc(dev
[0], hapd
, bssid
, "EAP-WSC/Start")
5511 wps_ext_eap_wsc(hapd
, dev
[0], addr
, "M1")
5513 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=10)
5515 raise Exception("Timeout on EAPOL-TX")
5516 hapd
.request("SET ext_eapol_frame_io 0")
5517 dev
[0].request("SET ext_eapol_frame_io 0")
5518 msg
= ev
.split(' ')[2]
5519 if msg
[722:730] != '10120002':
5520 raise Exception("Could not find Device Password ID attribute")
5521 # Remove Device Password ID value. This will fail Authenticator check, but
5522 # allows the code path in wps_process_dev_pw_id() to be checked from debug
5524 mlen
= "%04x" % (int(msg
[4:8], 16) - 6)
5525 msg
= msg
[0:4] + mlen
+ msg
[8:12] + mlen
+ msg
[16:722] + msg
[734:]
5526 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg
)
5528 raise Exception("EAPOL_RX failed")
5529 wps_fail_finish(hapd
, dev
[0], "msg=5")
5531 def test_ap_wps_m2_missing_registrar_nonce(dev
, apdev
):
5532 """WPS and M2 without Registrar Nonce"""
5533 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0], pbc
=True)
5534 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
5535 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
5536 wps_ext_eap_wsc(dev
[0], hapd
, bssid
, "EAP-WSC/Start")
5537 wps_ext_eap_wsc(hapd
, dev
[0], addr
, "M1")
5539 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=10)
5541 raise Exception("Timeout on EAPOL-TX")
5542 hapd
.request("SET ext_eapol_frame_io 0")
5543 dev
[0].request("SET ext_eapol_frame_io 0")
5544 msg
= ev
.split(' ')[2]
5545 if msg
[96:104] != '10390010':
5546 raise Exception("Could not find Registrar Nonce attribute")
5547 # Remove Registrar Nonce. This will fail Authenticator check, but
5548 # allows the code path in wps_process_registrar_nonce() to be checked from
5550 mlen
= "%04x" % (int(msg
[4:8], 16) - 20)
5551 msg
= msg
[0:4] + mlen
+ msg
[8:12] + mlen
+ msg
[16:96] + msg
[136:]
5552 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg
)
5554 raise Exception("EAPOL_RX failed")
5555 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECT"], timeout
=5)
5557 raise Exception("Disconnect event not seen")
5558 dev
[0].request("WPS_CANCEL")
5559 dev
[0].flush_scan_cache()
5561 def test_ap_wps_m2_missing_enrollee_nonce(dev
, apdev
):
5562 """WPS and M2 without Enrollee Nonce"""
5563 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0], pbc
=True)
5564 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
5565 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
5566 wps_ext_eap_wsc(dev
[0], hapd
, bssid
, "EAP-WSC/Start")
5567 wps_ext_eap_wsc(hapd
, dev
[0], addr
, "M1")
5569 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=10)
5571 raise Exception("Timeout on EAPOL-TX")
5572 hapd
.request("SET ext_eapol_frame_io 0")
5573 dev
[0].request("SET ext_eapol_frame_io 0")
5574 msg
= ev
.split(' ')[2]
5575 if msg
[56:64] != '101a0010':
5576 raise Exception("Could not find enrollee Nonce attribute")
5577 # Remove Enrollee Nonce. This will fail Authenticator check, but
5578 # allows the code path in wps_process_enrollee_nonce() to be checked from
5580 mlen
= "%04x" % (int(msg
[4:8], 16) - 20)
5581 msg
= msg
[0:4] + mlen
+ msg
[8:12] + mlen
+ msg
[16:56] + msg
[96:]
5582 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg
)
5584 raise Exception("EAPOL_RX failed")
5585 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECT"], timeout
=5)
5587 raise Exception("Disconnect event not seen")
5588 dev
[0].request("WPS_CANCEL")
5589 dev
[0].flush_scan_cache()
5591 def test_ap_wps_m2_missing_uuid_r(dev
, apdev
):
5592 """WPS and M2 without UUID-R"""
5593 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0], pbc
=True)
5594 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
5595 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
5596 wps_ext_eap_wsc(dev
[0], hapd
, bssid
, "EAP-WSC/Start")
5597 wps_ext_eap_wsc(hapd
, dev
[0], addr
, "M1")
5599 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=10)
5601 raise Exception("Timeout on EAPOL-TX")
5602 hapd
.request("SET ext_eapol_frame_io 0")
5603 dev
[0].request("SET ext_eapol_frame_io 0")
5604 msg
= ev
.split(' ')[2]
5605 if msg
[136:144] != '10480010':
5606 raise Exception("Could not find enrollee Nonce attribute")
5607 # Remove UUID-R. This will fail Authenticator check, but allows the code
5608 # path in wps_process_uuid_r() to be checked from the debug log.
5609 mlen
= "%04x" % (int(msg
[4:8], 16) - 20)
5610 msg
= msg
[0:4] + mlen
+ msg
[8:12] + mlen
+ msg
[16:136] + msg
[176:]
5611 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg
)
5613 raise Exception("EAPOL_RX failed")
5614 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECT"], timeout
=5)
5616 raise Exception("Disconnect event not seen")
5617 dev
[0].request("WPS_CANCEL")
5618 dev
[0].flush_scan_cache()
5620 def test_ap_wps_m2_invalid(dev
, apdev
):
5621 """WPS and M2 parsing failure"""
5622 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0], pbc
=True)
5623 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
5624 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
5625 wps_ext_eap_wsc(dev
[0], hapd
, bssid
, "EAP-WSC/Start")
5626 wps_ext_eap_wsc(hapd
, dev
[0], addr
, "M1")
5628 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=10)
5630 raise Exception("Timeout on EAPOL-TX")
5631 hapd
.request("SET ext_eapol_frame_io 0")
5632 dev
[0].request("SET ext_eapol_frame_io 0")
5633 msg
= ev
.split(' ')[2]
5634 if msg
[136:144] != '10480010':
5635 raise Exception("Could not find enrollee Nonce attribute")
5636 # Remove UUID-R. This will fail Authenticator check, but allows the code
5637 # path in wps_process_uuid_r() to be checked from the debug log.
5638 mlen
= "%04x" % (int(msg
[4:8], 16) - 1)
5639 msg
= msg
[0:4] + mlen
+ msg
[8:12] + mlen
+ msg
[16:-2]
5640 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg
)
5642 raise Exception("EAPOL_RX failed")
5643 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECT"], timeout
=5)
5645 raise Exception("Disconnect event not seen")
5646 dev
[0].request("WPS_CANCEL")
5647 dev
[0].flush_scan_cache()
5649 def test_ap_wps_m2_missing_msg_type(dev
, apdev
):
5650 """WPS and M2 without Message Type"""
5651 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0], pbc
=True)
5652 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
5653 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
5654 wps_ext_eap_wsc(dev
[0], hapd
, bssid
, "EAP-WSC/Start")
5655 wps_ext_eap_wsc(hapd
, dev
[0], addr
, "M1")
5657 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=10)
5659 raise Exception("Timeout on EAPOL-TX")
5660 hapd
.request("SET ext_eapol_frame_io 0")
5661 dev
[0].request("SET ext_eapol_frame_io 0")
5662 msg
= ev
.split(' ')[2]
5663 if msg
[46:54] != '10220001':
5664 raise Exception("Could not find Message Type attribute")
5665 # Remove Message Type. This will fail Authenticator check, but allows the
5666 # code path in wps_process_wsc_msg() to be checked from the debug log.
5667 mlen
= "%04x" % (int(msg
[4:8], 16) - 5)
5668 msg
= msg
[0:4] + mlen
+ msg
[8:12] + mlen
+ msg
[16:46] + msg
[56:]
5669 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg
)
5671 raise Exception("EAPOL_RX failed")
5672 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECT"], timeout
=5)
5674 raise Exception("Disconnect event not seen")
5675 dev
[0].request("WPS_CANCEL")
5676 dev
[0].flush_scan_cache()
5678 def test_ap_wps_m2_unknown_msg_type(dev
, apdev
):
5679 """WPS and M2 but unknown Message Type"""
5680 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0], pbc
=True)
5681 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
5682 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
5683 wps_ext_eap_wsc(dev
[0], hapd
, bssid
, "EAP-WSC/Start")
5684 wps_ext_eap_wsc(hapd
, dev
[0], addr
, "M1")
5686 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=10)
5688 raise Exception("Timeout on EAPOL-TX")
5689 hapd
.request("SET ext_eapol_frame_io 0")
5690 dev
[0].request("SET ext_eapol_frame_io 0")
5691 msg
= ev
.split(' ')[2]
5692 if msg
[46:54] != '10220001':
5693 raise Exception("Could not find Message Type attribute")
5694 # Replace Message Type value. This will be rejected.
5695 msg
= msg
[0:54] + "00" + msg
[56:]
5696 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg
)
5698 raise Exception("EAPOL_RX failed")
5699 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECT"], timeout
=5)
5701 raise Exception("Disconnect event not seen")
5702 dev
[0].request("WPS_CANCEL")
5703 dev
[0].flush_scan_cache()
5705 def test_ap_wps_m2_unknown_opcode(dev
, apdev
):
5706 """WPS and M2 but unknown opcode"""
5707 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0], pbc
=True)
5708 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
5709 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
5710 wps_ext_eap_wsc(dev
[0], hapd
, bssid
, "EAP-WSC/Start")
5711 wps_ext_eap_wsc(hapd
, dev
[0], addr
, "M1")
5713 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=10)
5715 raise Exception("Timeout on EAPOL-TX")
5716 hapd
.request("SET ext_eapol_frame_io 0")
5717 dev
[0].request("SET ext_eapol_frame_io 0")
5718 msg
= ev
.split(' ')[2]
5719 # Replace opcode. This will be discarded in EAP-WSC processing.
5720 msg
= msg
[0:32] + "00" + msg
[34:]
5721 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg
)
5723 raise Exception("EAPOL_RX failed")
5724 dev
[0].request("WPS_CANCEL")
5725 dev
[0].wait_disconnected()
5726 dev
[0].flush_scan_cache()
5728 def test_ap_wps_m2_unknown_opcode2(dev
, apdev
):
5729 """WPS and M2 but unknown opcode (WSC_Start)"""
5730 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0], pbc
=True)
5731 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
5732 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
5733 wps_ext_eap_wsc(dev
[0], hapd
, bssid
, "EAP-WSC/Start")
5734 wps_ext_eap_wsc(hapd
, dev
[0], addr
, "M1")
5736 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=10)
5738 raise Exception("Timeout on EAPOL-TX")
5739 hapd
.request("SET ext_eapol_frame_io 0")
5740 dev
[0].request("SET ext_eapol_frame_io 0")
5741 msg
= ev
.split(' ')[2]
5742 # Replace opcode. This will be discarded in EAP-WSC processing.
5743 msg
= msg
[0:32] + "01" + msg
[34:]
5744 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg
)
5746 raise Exception("EAPOL_RX failed")
5747 dev
[0].request("WPS_CANCEL")
5748 dev
[0].wait_disconnected()
5749 dev
[0].flush_scan_cache()
5751 def test_ap_wps_m2_unknown_opcode3(dev
, apdev
):
5752 """WPS and M2 but unknown opcode (WSC_Done)"""
5753 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0], pbc
=True)
5754 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
5755 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
5756 wps_ext_eap_wsc(dev
[0], hapd
, bssid
, "EAP-WSC/Start")
5757 wps_ext_eap_wsc(hapd
, dev
[0], addr
, "M1")
5759 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=10)
5761 raise Exception("Timeout on EAPOL-TX")
5762 hapd
.request("SET ext_eapol_frame_io 0")
5763 dev
[0].request("SET ext_eapol_frame_io 0")
5764 msg
= ev
.split(' ')[2]
5765 # Replace opcode. This will be discarded in WPS Enrollee processing.
5766 msg
= msg
[0:32] + "05" + msg
[34:]
5767 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg
)
5769 raise Exception("EAPOL_RX failed")
5770 dev
[0].request("WPS_CANCEL")
5771 dev
[0].wait_disconnected()
5772 dev
[0].flush_scan_cache()
5774 def wps_m2_but_other(dev
, apdev
, title
, msgtype
):
5775 addr
,bssid
,hapd
= wps_start_ext(apdev
, dev
)
5776 wps_ext_eap_identity_req(dev
, hapd
, bssid
)
5777 wps_ext_eap_identity_resp(hapd
, dev
, addr
)
5778 wps_ext_eap_wsc(dev
, hapd
, bssid
, "EAP-WSC/Start")
5779 wps_ext_eap_wsc(hapd
, dev
, addr
, "M1")
5781 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=10)
5783 raise Exception("Timeout on EAPOL-TX")
5784 hapd
.request("SET ext_eapol_frame_io 0")
5785 dev
.request("SET ext_eapol_frame_io 0")
5786 msg
= ev
.split(' ')[2]
5787 if msg
[46:54] != '10220001':
5788 raise Exception("Could not find Message Type attribute")
5789 # Replace Message Type value. This will be rejected.
5790 msg
= msg
[0:54] + msgtype
+ msg
[56:]
5791 res
= dev
.request("EAPOL_RX " + bssid
+ " " + msg
)
5793 raise Exception("EAPOL_RX failed")
5794 ev
= dev
.wait_event(["WPS-FAIL"], timeout
=5)
5796 raise Exception("WPS-FAIL event not seen")
5797 dev
.request("WPS_CANCEL")
5798 dev
.wait_disconnected()
5800 def wps_m4_but_other(dev
, apdev
, title
, msgtype
):
5801 addr
,bssid
,hapd
= wps_start_ext(apdev
, dev
)
5802 wps_ext_eap_identity_req(dev
, hapd
, bssid
)
5803 wps_ext_eap_identity_resp(hapd
, dev
, addr
)
5804 wps_ext_eap_wsc(dev
, hapd
, bssid
, "EAP-WSC/Start")
5805 wps_ext_eap_wsc(hapd
, dev
, addr
, "M1")
5806 wps_ext_eap_wsc(dev
, hapd
, bssid
, "M2")
5807 wps_ext_eap_wsc(hapd
, dev
, addr
, "M3")
5809 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=10)
5811 raise Exception("Timeout on EAPOL-TX")
5812 hapd
.request("SET ext_eapol_frame_io 0")
5813 dev
.request("SET ext_eapol_frame_io 0")
5814 msg
= ev
.split(' ')[2]
5815 if msg
[46:54] != '10220001':
5816 raise Exception("Could not find Message Type attribute")
5817 # Replace Message Type value. This will be rejected.
5818 msg
= msg
[0:54] + msgtype
+ msg
[56:]
5819 res
= dev
.request("EAPOL_RX " + bssid
+ " " + msg
)
5821 raise Exception("EAPOL_RX failed")
5822 ev
= hapd
.wait_event(["WPS-FAIL"], timeout
=5)
5824 raise Exception("WPS-FAIL event not seen")
5825 dev
.request("WPS_CANCEL")
5826 dev
.wait_disconnected()
5828 def test_ap_wps_m2_msg_type_m4(dev
, apdev
):
5829 """WPS and M2 but Message Type M4"""
5830 wps_m2_but_other(dev
[0], apdev
[0], "M2/M4", "08")
5832 def test_ap_wps_m2_msg_type_m6(dev
, apdev
):
5833 """WPS and M2 but Message Type M6"""
5834 wps_m2_but_other(dev
[0], apdev
[0], "M2/M6", "0a")
5836 def test_ap_wps_m2_msg_type_m8(dev
, apdev
):
5837 """WPS and M2 but Message Type M8"""
5838 wps_m2_but_other(dev
[0], apdev
[0], "M2/M8", "0c")
5840 def test_ap_wps_m4_msg_type_m2(dev
, apdev
):
5841 """WPS and M4 but Message Type M2"""
5842 wps_m4_but_other(dev
[0], apdev
[0], "M4/M2", "05")
5844 def test_ap_wps_m4_msg_type_m2d(dev
, apdev
):
5845 """WPS and M4 but Message Type M2D"""
5846 wps_m4_but_other(dev
[0], apdev
[0], "M4/M2D", "06")
5849 def test_ap_wps_config_methods(dev
, apdev
):
5850 """WPS configuration method parsing"""
5851 ssid
= "test-wps-conf"
5852 params
= { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
5853 "wpa_passphrase": "12345678", "wpa": "2",
5854 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
5855 "config_methods": "ethernet display ext_nfc_token int_nfc_token physical_display physical_push_button" }
5856 hapd
= hostapd
.add_ap(apdev
[0], params
)
5857 params
= { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
5858 "wpa_passphrase": "12345678", "wpa": "2",
5859 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
5860 "config_methods": "display push_button" }
5861 hapd2
= hostapd
.add_ap(apdev
[1], params
)
5863 def test_ap_wps_set_selected_registrar_proto(dev
, apdev
):
5864 """WPS UPnP SetSelectedRegistrar protocol testing"""
5865 ap_uuid
= "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
5866 hapd
= add_ssdp_ap(apdev
[0], ap_uuid
)
5868 location
= ssdp_get_location(ap_uuid
)
5869 urls
= upnp_get_urls(location
)
5870 eventurl
= urlparse
.urlparse(urls
['event_sub_url'])
5871 ctrlurl
= urlparse
.urlparse(urls
['control_url'])
5872 url
= urlparse
.urlparse(location
)
5873 conn
= httplib
.HTTPConnection(url
.netloc
)
5875 class WPSERHTTPServer(SocketServer
.StreamRequestHandler
):
5877 data
= self
.rfile
.readline().strip()
5879 self
.wfile
.write(gen_wps_event())
5881 server
= MyTCPServer(("127.0.0.1", 12345), WPSERHTTPServer
)
5884 headers
= { "callback": '<http://127.0.0.1:12345/event>',
5886 "timeout": "Second-1234" }
5887 conn
.request("SUBSCRIBE", eventurl
.path
, "\r\n\r\n", headers
)
5888 resp
= conn
.getresponse()
5889 if resp
.status
!= 200:
5890 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
5891 sid
= resp
.getheader("sid")
5892 logger
.debug("Subscription SID " + sid
)
5893 server
.handle_request()
5895 tests
= [ (500, "10"),
5896 (200, "104a000110" + "1041000101" + "101200020000" +
5898 "1049002c00372a0001200124111111111111222222222222333333333333444444444444555555555555666666666666" +
5899 "10480010362db47ba53a519188fb5458b986b2e4"),
5900 (200, "104a000110" + "1041000100" + "101200020000" +
5902 (200, "104a000110" + "1041000100"),
5903 (200, "104a000110") ]
5904 for status
,test
in tests
:
5905 tlvs
= binascii
.unhexlify(test
)
5906 newmsg
= base64
.b64encode(tlvs
)
5907 msg
= '<?xml version="1.0"?>\n'
5908 msg
+= '<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">'
5910 msg
+= '<u:SetSelectedRegistrar xmlns:u="urn:schemas-wifialliance-org:service:WFAWLANConfig:1">'
5911 msg
+= '<NewMessage>'
5913 msg
+= "</NewMessage></u:SetSelectedRegistrar></s:Body></s:Envelope>"
5914 headers
= { "Content-type": 'text/xml; charset="utf-8"' }
5915 headers
["SOAPAction"] = '"urn:schemas-wifialliance-org:service:WFAWLANConfig:1#%s"' % "SetSelectedRegistrar"
5916 conn
.request("POST", ctrlurl
.path
, msg
, headers
)
5917 resp
= conn
.getresponse()
5918 if resp
.status
!= status
:
5919 raise Exception("Unexpected HTTP response: %d (expected %d)" % (resp
.status
, status
))
5921 def test_ap_wps_adv_oom(dev
, apdev
):
5922 """WPS AP and advertisement OOM"""
5923 ap_uuid
= "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
5924 hapd
= add_ssdp_ap(apdev
[0], ap_uuid
)
5926 with
alloc_fail(hapd
, 1, "=msearchreply_state_machine_start"):
5927 ssdp_send_msearch("urn:schemas-wifialliance-org:service:WFAWLANConfig:1",
5931 with
alloc_fail(hapd
, 1, "eloop_register_timeout;msearchreply_state_machine_start"):
5932 ssdp_send_msearch("urn:schemas-wifialliance-org:service:WFAWLANConfig:1",
5936 with
alloc_fail(hapd
, 1,
5937 "next_advertisement;advertisement_state_machine_stop"):
5940 with
alloc_fail(hapd
, 1, "ssdp_listener_start"):
5941 if "FAIL" not in hapd
.request("ENABLE"):
5942 raise Exception("ENABLE succeeded during OOM")
5944 def test_wps_config_methods(dev
):
5945 """WPS config method update"""
5946 wpas
= WpaSupplicant(global_iface
='/tmp/wpas-wlan5')
5947 wpas
.interface_add("wlan5")
5948 if "OK" not in wpas
.request("SET config_methods display label"):
5949 raise Exception("Failed to set config_methods")
5950 if wpas
.request("GET config_methods").strip() != "display label":
5951 raise Exception("config_methods were not updated")
5952 if "OK" not in wpas
.request("SET config_methods "):
5953 raise Exception("Failed to clear config_methods")
5954 if wpas
.request("GET config_methods").strip() != "":
5955 raise Exception("config_methods were not cleared")
5957 WPS_VENDOR_ID_WFA
= 14122
5960 # EAP-WSC Op-Code values
5968 ATTR_AP_CHANNEL
= 0x1001
5969 ATTR_ASSOC_STATE
= 0x1002
5970 ATTR_AUTH_TYPE
= 0x1003
5971 ATTR_AUTH_TYPE_FLAGS
= 0x1004
5972 ATTR_AUTHENTICATOR
= 0x1005
5973 ATTR_CONFIG_METHODS
= 0x1008
5974 ATTR_CONFIG_ERROR
= 0x1009
5975 ATTR_CONFIRM_URL4
= 0x100a
5976 ATTR_CONFIRM_URL6
= 0x100b
5977 ATTR_CONN_TYPE
= 0x100c
5978 ATTR_CONN_TYPE_FLAGS
= 0x100d
5980 ATTR_ENCR_TYPE
= 0x100f
5981 ATTR_ENCR_TYPE_FLAGS
= 0x1010
5982 ATTR_DEV_NAME
= 0x1011
5983 ATTR_DEV_PASSWORD_ID
= 0x1012
5984 ATTR_E_HASH1
= 0x1014
5985 ATTR_E_HASH2
= 0x1015
5986 ATTR_E_SNONCE1
= 0x1016
5987 ATTR_E_SNONCE2
= 0x1017
5988 ATTR_ENCR_SETTINGS
= 0x1018
5989 ATTR_ENROLLEE_NONCE
= 0x101a
5990 ATTR_FEATURE_ID
= 0x101b
5991 ATTR_IDENTITY
= 0x101c
5992 ATTR_IDENTITY_PROOF
= 0x101d
5993 ATTR_KEY_WRAP_AUTH
= 0x101e
5994 ATTR_KEY_ID
= 0x101f
5995 ATTR_MAC_ADDR
= 0x1020
5996 ATTR_MANUFACTURER
= 0x1021
5997 ATTR_MSG_TYPE
= 0x1022
5998 ATTR_MODEL_NAME
= 0x1023
5999 ATTR_MODEL_NUMBER
= 0x1024
6000 ATTR_NETWORK_INDEX
= 0x1026
6001 ATTR_NETWORK_KEY
= 0x1027
6002 ATTR_NETWORK_KEY_INDEX
= 0x1028
6003 ATTR_NEW_DEVICE_NAME
= 0x1029
6004 ATTR_NEW_PASSWORD
= 0x102a
6005 ATTR_OOB_DEVICE_PASSWORD
= 0x102c
6006 ATTR_OS_VERSION
= 0x102d
6007 ATTR_POWER_LEVEL
= 0x102f
6008 ATTR_PSK_CURRENT
= 0x1030
6009 ATTR_PSK_MAX
= 0x1031
6010 ATTR_PUBLIC_KEY
= 0x1032
6011 ATTR_RADIO_ENABLE
= 0x1033
6012 ATTR_REBOOT
= 0x1034
6013 ATTR_REGISTRAR_CURRENT
= 0x1035
6014 ATTR_REGISTRAR_ESTABLISHED
= 0x1036
6015 ATTR_REGISTRAR_LIST
= 0x1037
6016 ATTR_REGISTRAR_MAX
= 0x1038
6017 ATTR_REGISTRAR_NONCE
= 0x1039
6018 ATTR_REQUEST_TYPE
= 0x103a
6019 ATTR_RESPONSE_TYPE
= 0x103b
6020 ATTR_RF_BANDS
= 0x103c
6021 ATTR_R_HASH1
= 0x103d
6022 ATTR_R_HASH2
= 0x103e
6023 ATTR_R_SNONCE1
= 0x103f
6024 ATTR_R_SNONCE2
= 0x1040
6025 ATTR_SELECTED_REGISTRAR
= 0x1041
6026 ATTR_SERIAL_NUMBER
= 0x1042
6027 ATTR_WPS_STATE
= 0x1044
6029 ATTR_TOTAL_NETWORKS
= 0x1046
6030 ATTR_UUID_E
= 0x1047
6031 ATTR_UUID_R
= 0x1048
6032 ATTR_VENDOR_EXT
= 0x1049
6033 ATTR_VERSION
= 0x104a
6034 ATTR_X509_CERT_REQ
= 0x104b
6035 ATTR_X509_CERT
= 0x104c
6036 ATTR_EAP_IDENTITY
= 0x104d
6037 ATTR_MSG_COUNTER
= 0x104e
6038 ATTR_PUBKEY_HASH
= 0x104f
6039 ATTR_REKEY_KEY
= 0x1050
6040 ATTR_KEY_LIFETIME
= 0x1051
6041 ATTR_PERMITTED_CFG_METHODS
= 0x1052
6042 ATTR_SELECTED_REGISTRAR_CONFIG_METHODS
= 0x1053
6043 ATTR_PRIMARY_DEV_TYPE
= 0x1054
6044 ATTR_SECONDARY_DEV_TYPE_LIST
= 0x1055
6045 ATTR_PORTABLE_DEV
= 0x1056
6046 ATTR_AP_SETUP_LOCKED
= 0x1057
6047 ATTR_APPLICATION_EXT
= 0x1058
6048 ATTR_EAP_TYPE
= 0x1059
6050 ATTR_KEY_PROVIDED_AUTO
= 0x1061
6051 ATTR_802_1X_ENABLED
= 0x1062
6052 ATTR_APPSESSIONKEY
= 0x1063
6053 ATTR_WEPTRANSMITKEY
= 0x1064
6054 ATTR_REQUESTED_DEV_TYPE
= 0x106a
6058 WPS_ProbeRequest
= 0x02
6059 WPS_ProbeResponse
= 0x03
6073 def get_wsc_msg(dev
):
6074 ev
= dev
.wait_event(["EAPOL-TX"], timeout
=10)
6076 raise Exception("Timeout on EAPOL-TX")
6077 data
= binascii
.unhexlify(ev
.split(' ')[2])
6080 # Parse EAPOL header
6082 raise Exception("No room for EAPOL header")
6083 version
,type,length
= struct
.unpack('>BBH', data
[0:4])
6084 msg
['eapol_version'] = version
6085 msg
['eapol_type'] = type
6086 msg
['eapol_length'] = length
6088 if length
!= len(data
):
6089 raise Exception("EAPOL header length mismatch (%d != %d)" % (length
, len(data
)))
6091 raise Exception("Unexpected EAPOL header type: %d" % type)
6095 raise Exception("No room for EAP header")
6096 code
,identifier
,length
= struct
.unpack('>BBH', data
[0:4])
6097 msg
['eap_code'] = code
6098 msg
['eap_identifier'] = identifier
6099 msg
['eap_length'] = length
6101 if msg
['eapol_length'] != msg
['eap_length']:
6102 raise Exception("EAP header length mismatch (%d != %d)" % (msg
['eapol_length'], length
))
6104 # Parse EAP expanded header
6106 raise Exception("No EAP type included")
6107 msg
['eap_type'], = struct
.unpack('B', data
[0])
6110 if msg
['eap_type'] == 254:
6111 if len(data
) < 3 + 4:
6112 raise Exception("Truncated EAP expanded header")
6113 msg
['eap_vendor_id'], msg
['eap_vendor_type'] = struct
.unpack('>LL', '\0' + data
[0:7])
6116 raise Exception("Unexpected EAP type")
6118 if msg
['eap_vendor_id'] != WPS_VENDOR_ID_WFA
:
6119 raise Exception("Unexpected Vendor-Id")
6120 if msg
['eap_vendor_type'] != WPS_VENDOR_TYPE
:
6121 raise Exception("Unexpected Vendor-Type")
6123 # Parse EAP-WSC header
6125 raise Exception("Truncated EAP-WSC header")
6126 msg
['wsc_opcode'], msg
['wsc_flags'] = struct
.unpack('BB', data
[0:2])
6129 # Parse WSC attributes
6130 msg
['raw_attrs'] = data
6132 while len(data
) > 0:
6134 raise Exception("Truncated attribute header")
6135 attr
,length
= struct
.unpack('>HH', data
[0:4])
6137 if length
> len(data
):
6138 raise Exception("Truncated attribute 0x%04x" % attr
)
6139 attrs
[attr
] = data
[0:length
]
6140 data
= data
[length
:]
6141 msg
['wsc_attrs'] = attrs
6143 if ATTR_MSG_TYPE
in attrs
:
6144 msg
['wsc_msg_type'], = struct
.unpack('B', attrs
[ATTR_MSG_TYPE
])
6148 def recv_wsc_msg(dev
, opcode
, msg_type
):
6149 msg
= get_wsc_msg(dev
)
6150 if msg
['wsc_opcode'] != opcode
or msg
['wsc_msg_type'] != msg_type
:
6151 raise Exception("Unexpected Op-Code/MsgType")
6152 return msg
, msg
['wsc_attrs'], msg
['raw_attrs']
6154 def build_wsc_attr(attr
, payload
):
6155 return struct
.pack('>HH', attr
, len(payload
)) + payload
6157 def build_attr_msg_type(msg_type
):
6158 return build_wsc_attr(ATTR_MSG_TYPE
, struct
.pack('B', msg_type
))
6160 def build_eap_wsc(eap_code
, eap_id
, payload
, opcode
=WSC_MSG
):
6161 length
= 4 + 8 + 2 + len(payload
)
6163 msg
= struct
.pack('>BBH', 2, 0, length
)
6165 msg
+= struct
.pack('>BBH', eap_code
, eap_id
, length
)
6166 # EAP expanded header for EAP-WSC
6167 msg
+= struct
.pack('B', 254)
6168 msg
+= struct
.pack('>L', WPS_VENDOR_ID_WFA
)[1:4]
6169 msg
+= struct
.pack('>L', WPS_VENDOR_TYPE
)
6171 msg
+= struct
.pack('BB', opcode
, 0)
6176 def build_eap_success(eap_id
):
6179 msg
= struct
.pack('>BBH', 2, 0, length
)
6181 msg
+= struct
.pack('>BBH', 3, eap_id
, length
)
6184 def build_eap_failure(eap_id
):
6187 msg
= struct
.pack('>BBH', 2, 0, length
)
6189 msg
+= struct
.pack('>BBH', 4, eap_id
, length
)
6192 def send_wsc_msg(dev
, src
, msg
):
6193 res
= dev
.request("EAPOL_RX " + src
+ " " + binascii
.hexlify(msg
))
6195 raise Exception("EAPOL_RX failed")
6197 group_5_prime
= 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF
6198 group_5_generator
= 2
6200 def wsc_kdf(key
, label
, bits
):
6203 while len(result
) * 8 < bits
:
6204 data
= struct
.pack('>L', i
) + label
+ struct
.pack('>L', bits
)
6205 m
= hmac
.new(key
, data
, hashlib
.sha256
)
6206 result
+= m
.digest()
6208 return result
[0:bits
/ 8]
6211 keys
= wsc_kdf(kdk
, "Wi-Fi Easy and Secure Key Derivation", 640)
6212 authkey
= keys
[0:32]
6213 keywrapkey
= keys
[32:48]
6215 return authkey
,keywrapkey
,emsk
6217 def wsc_dev_pw_half_psk(authkey
, dev_pw
):
6218 m
= hmac
.new(authkey
, dev_pw
, hashlib
.sha256
)
6219 return m
.digest()[0:16]
6221 def wsc_dev_pw_psk(authkey
, dev_pw
):
6222 dev_pw_1
= dev_pw
[0:len(dev_pw
) / 2]
6223 dev_pw_2
= dev_pw
[len(dev_pw
) / 2:]
6224 psk1
= wsc_dev_pw_half_psk(authkey
, dev_pw_1
)
6225 psk2
= wsc_dev_pw_half_psk(authkey
, dev_pw_2
)
6228 def build_attr_authenticator(authkey
, prev_msg
, curr_msg
):
6229 m
= hmac
.new(authkey
, prev_msg
+ curr_msg
, hashlib
.sha256
)
6230 auth
= m
.digest()[0:8]
6231 return build_wsc_attr(ATTR_AUTHENTICATOR
, auth
)
6233 def build_attr_encr_settings(authkey
, keywrapkey
, data
):
6234 m
= hmac
.new(authkey
, data
, hashlib
.sha256
)
6235 kwa
= m
.digest()[0:8]
6236 data
+= build_wsc_attr(ATTR_KEY_WRAP_AUTH
, kwa
)
6238 aes
= AES
.new(keywrapkey
, AES
.MODE_CBC
, iv
)
6239 pad_len
= 16 - len(data
) % 16
6240 ps
= pad_len
* struct
.pack('B', pad_len
)
6242 wrapped
= aes
.encrypt(data
)
6243 return build_wsc_attr(ATTR_ENCR_SETTINGS
, iv
+ wrapped
)
6245 def decrypt_attr_encr_settings(authkey
, keywrapkey
, data
):
6246 if len(data
) < 32 or len(data
) % 16 != 0:
6247 raise Exception("Unexpected Encrypted Settings length: %d" % len(data
))
6250 aes
= AES
.new(keywrapkey
, AES
.MODE_CBC
, iv
)
6251 decrypted
= aes
.decrypt(encr
)
6252 pad_len
, = struct
.unpack('B', decrypted
[-1])
6253 if pad_len
> len(decrypted
):
6254 raise Exception("Invalid padding in Encrypted Settings")
6255 for i
in range(-pad_len
, -1):
6256 if decrypted
[i
] != decrypted
[-1]:
6257 raise Exception("Invalid PS value in Encrypted Settings")
6259 decrypted
= decrypted
[0:len(decrypted
) - pad_len
]
6260 if len(decrypted
) < 12:
6261 raise Exception("Truncated Encrypted Settings plaintext")
6262 kwa
= decrypted
[-12:]
6263 attr
,length
= struct
.unpack(">HH", kwa
[0:4])
6264 if attr
!= ATTR_KEY_WRAP_AUTH
or length
!= 8:
6265 raise Exception("Invalid KWA header")
6267 decrypted
= decrypted
[0:len(decrypted
) - 12]
6269 m
= hmac
.new(authkey
, decrypted
, hashlib
.sha256
)
6270 calc_kwa
= m
.digest()[0:8]
6272 raise Exception("KWA mismatch")
6276 def zeropad_str(val
, pad_len
):
6277 while len(val
) < pad_len
* 2:
6282 # For now, use a hardcoded private key. In theory, this is supposed to be
6283 # randomly selected.
6284 own_private
= 0x123456789
6285 own_public
= pow(group_5_generator
, own_private
, group_5_prime
)
6286 pk
= binascii
.unhexlify(zeropad_str(format(own_public
, '02x'), 192))
6287 return own_private
, pk
6289 def wsc_dh_kdf(peer_pk
, own_private
, mac_addr
, e_nonce
, r_nonce
):
6290 peer_public
= long(binascii
.hexlify(peer_pk
), 16)
6291 if peer_public
< 2 or peer_public
>= group_5_prime
:
6292 raise Exception("Invalid peer public key")
6293 if pow(peer_public
, (group_5_prime
- 1) / 2, group_5_prime
) != 1:
6294 raise Exception("Unexpected Legendre symbol for peer public key")
6296 shared_secret
= pow(peer_public
, own_private
, group_5_prime
)
6297 ss
= zeropad_str(format(shared_secret
, "02x"), 192)
6298 logger
.debug("DH shared secret: " + ss
)
6300 dhkey
= hashlib
.sha256(binascii
.unhexlify(ss
)).digest()
6301 logger
.debug("DHKey: " + binascii
.hexlify(dhkey
))
6303 m
= hmac
.new(dhkey
, e_nonce
+ mac_addr
+ r_nonce
, hashlib
.sha256
)
6305 logger
.debug("KDK: " + binascii
.hexlify(kdk
))
6306 authkey
,keywrapkey
,emsk
= wsc_keys(kdk
)
6307 logger
.debug("AuthKey: " + binascii
.hexlify(authkey
))
6308 logger
.debug("KeyWrapKey: " + binascii
.hexlify(keywrapkey
))
6309 logger
.debug("EMSK: " + binascii
.hexlify(emsk
))
6310 return authkey
,keywrapkey
6312 def wsc_dev_pw_hash(authkey
, dev_pw
, e_pk
, r_pk
):
6313 psk1
,psk2
= wsc_dev_pw_psk(authkey
, dev_pw
)
6314 logger
.debug("PSK1: " + binascii
.hexlify(psk1
))
6315 logger
.debug("PSK2: " + binascii
.hexlify(psk2
))
6317 # Note: Secret values are supposed to be random, but hardcoded values are
6320 m
= hmac
.new(authkey
, s1
+ psk1
+ e_pk
+ r_pk
, hashlib
.sha256
)
6322 logger
.debug("Hash1: " + binascii
.hexlify(hash1
))
6325 m
= hmac
.new(authkey
, s2
+ psk2
+ e_pk
+ r_pk
, hashlib
.sha256
)
6327 logger
.debug("Hash2: " + binascii
.hexlify(hash2
))
6328 return s1
,s2
,hash1
,hash2
6330 def build_m1(eap_id
, uuid_e
, mac_addr
, e_nonce
, e_pk
,
6331 manufacturer
='', model_name
='', config_methods
='\x00\x00'):
6332 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
6333 attrs
+= build_attr_msg_type(WPS_M1
)
6334 attrs
+= build_wsc_attr(ATTR_UUID_E
, uuid_e
)
6335 attrs
+= build_wsc_attr(ATTR_MAC_ADDR
, mac_addr
)
6336 attrs
+= build_wsc_attr(ATTR_ENROLLEE_NONCE
, e_nonce
)
6337 attrs
+= build_wsc_attr(ATTR_PUBLIC_KEY
, e_pk
)
6338 attrs
+= build_wsc_attr(ATTR_AUTH_TYPE_FLAGS
, '\x00\x00')
6339 attrs
+= build_wsc_attr(ATTR_ENCR_TYPE_FLAGS
, '\x00\x00')
6340 attrs
+= build_wsc_attr(ATTR_CONN_TYPE_FLAGS
, '\x00')
6341 attrs
+= build_wsc_attr(ATTR_CONFIG_METHODS
, config_methods
)
6342 attrs
+= build_wsc_attr(ATTR_WPS_STATE
, '\x00')
6343 attrs
+= build_wsc_attr(ATTR_MANUFACTURER
, manufacturer
)
6344 attrs
+= build_wsc_attr(ATTR_MODEL_NAME
, model_name
)
6345 attrs
+= build_wsc_attr(ATTR_MODEL_NUMBER
, '')
6346 attrs
+= build_wsc_attr(ATTR_SERIAL_NUMBER
, '')
6347 attrs
+= build_wsc_attr(ATTR_PRIMARY_DEV_TYPE
, 8*'\x00')
6348 attrs
+= build_wsc_attr(ATTR_DEV_NAME
, '')
6349 attrs
+= build_wsc_attr(ATTR_RF_BANDS
, '\x00')
6350 attrs
+= build_wsc_attr(ATTR_ASSOC_STATE
, '\x00\x00')
6351 attrs
+= build_wsc_attr(ATTR_DEV_PASSWORD_ID
, '\x00\x00')
6352 attrs
+= build_wsc_attr(ATTR_CONFIG_ERROR
, '\x00\x00')
6353 attrs
+= build_wsc_attr(ATTR_OS_VERSION
, '\x00\x00\x00\x00')
6354 m1
= build_eap_wsc(2, eap_id
, attrs
)
6357 def build_m2(authkey
, m1
, eap_id
, e_nonce
, r_nonce
, uuid_r
, r_pk
,
6358 dev_pw_id
='\x00\x00', eap_code
=1):
6359 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
6360 attrs
+= build_attr_msg_type(WPS_M2
)
6362 attrs
+= build_wsc_attr(ATTR_ENROLLEE_NONCE
, e_nonce
)
6364 attrs
+= build_wsc_attr(ATTR_REGISTRAR_NONCE
, r_nonce
)
6365 attrs
+= build_wsc_attr(ATTR_UUID_R
, uuid_r
)
6367 attrs
+= build_wsc_attr(ATTR_PUBLIC_KEY
, r_pk
)
6368 attrs
+= build_wsc_attr(ATTR_AUTH_TYPE_FLAGS
, '\x00\x00')
6369 attrs
+= build_wsc_attr(ATTR_ENCR_TYPE_FLAGS
, '\x00\x00')
6370 attrs
+= build_wsc_attr(ATTR_CONN_TYPE_FLAGS
, '\x00')
6371 attrs
+= build_wsc_attr(ATTR_CONFIG_METHODS
, '\x00\x00')
6372 attrs
+= build_wsc_attr(ATTR_MANUFACTURER
, '')
6373 attrs
+= build_wsc_attr(ATTR_MODEL_NAME
, '')
6374 attrs
+= build_wsc_attr(ATTR_MODEL_NUMBER
, '')
6375 attrs
+= build_wsc_attr(ATTR_SERIAL_NUMBER
, '')
6376 attrs
+= build_wsc_attr(ATTR_PRIMARY_DEV_TYPE
, 8*'\x00')
6377 attrs
+= build_wsc_attr(ATTR_DEV_NAME
, '')
6378 attrs
+= build_wsc_attr(ATTR_RF_BANDS
, '\x00')
6379 attrs
+= build_wsc_attr(ATTR_ASSOC_STATE
, '\x00\x00')
6380 attrs
+= build_wsc_attr(ATTR_CONFIG_ERROR
, '\x00\x00')
6381 attrs
+= build_wsc_attr(ATTR_DEV_PASSWORD_ID
, dev_pw_id
)
6382 attrs
+= build_wsc_attr(ATTR_OS_VERSION
, '\x00\x00\x00\x00')
6383 attrs
+= build_attr_authenticator(authkey
, m1
, attrs
)
6384 m2
= build_eap_wsc(eap_code
, eap_id
, attrs
)
6387 def build_m2d(m1
, eap_id
, e_nonce
, r_nonce
, uuid_r
, dev_pw_id
=None, eap_code
=1):
6388 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
6389 attrs
+= build_attr_msg_type(WPS_M2D
)
6390 attrs
+= build_wsc_attr(ATTR_ENROLLEE_NONCE
, e_nonce
)
6391 attrs
+= build_wsc_attr(ATTR_REGISTRAR_NONCE
, r_nonce
)
6392 attrs
+= build_wsc_attr(ATTR_UUID_R
, uuid_r
)
6393 attrs
+= build_wsc_attr(ATTR_AUTH_TYPE_FLAGS
, '\x00\x00')
6394 attrs
+= build_wsc_attr(ATTR_ENCR_TYPE_FLAGS
, '\x00\x00')
6395 attrs
+= build_wsc_attr(ATTR_CONN_TYPE_FLAGS
, '\x00')
6396 attrs
+= build_wsc_attr(ATTR_CONFIG_METHODS
, '\x00\x00')
6397 attrs
+= build_wsc_attr(ATTR_MANUFACTURER
, '')
6398 attrs
+= build_wsc_attr(ATTR_MODEL_NAME
, '')
6399 #attrs += build_wsc_attr(ATTR_MODEL_NUMBER, '')
6400 attrs
+= build_wsc_attr(ATTR_SERIAL_NUMBER
, '')
6401 attrs
+= build_wsc_attr(ATTR_PRIMARY_DEV_TYPE
, 8*'\x00')
6402 attrs
+= build_wsc_attr(ATTR_DEV_NAME
, '')
6403 attrs
+= build_wsc_attr(ATTR_RF_BANDS
, '\x00')
6404 attrs
+= build_wsc_attr(ATTR_ASSOC_STATE
, '\x00\x00')
6405 attrs
+= build_wsc_attr(ATTR_CONFIG_ERROR
, '\x00\x00')
6406 attrs
+= build_wsc_attr(ATTR_OS_VERSION
, '\x00\x00\x00\x00')
6408 attrs
+= build_wsc_attr(ATTR_DEV_PASSWORD_ID
, dev_pw_id
)
6409 m2d
= build_eap_wsc(eap_code
, eap_id
, attrs
)
6412 def build_ack(eap_id
, e_nonce
, r_nonce
, msg_type
=WPS_WSC_ACK
, eap_code
=1):
6413 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
6414 if msg_type
is not None:
6415 attrs
+= build_attr_msg_type(msg_type
)
6417 attrs
+= build_wsc_attr(ATTR_ENROLLEE_NONCE
, e_nonce
)
6419 attrs
+= build_wsc_attr(ATTR_REGISTRAR_NONCE
, r_nonce
)
6420 msg
= build_eap_wsc(eap_code
, eap_id
, attrs
, opcode
=WSC_ACK
)
6423 def build_nack(eap_id
, e_nonce
, r_nonce
, config_error
='\x00\x00',
6424 msg_type
=WPS_WSC_NACK
, eap_code
=1):
6425 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
6426 if msg_type
is not None:
6427 attrs
+= build_attr_msg_type(msg_type
)
6429 attrs
+= build_wsc_attr(ATTR_ENROLLEE_NONCE
, e_nonce
)
6431 attrs
+= build_wsc_attr(ATTR_REGISTRAR_NONCE
, r_nonce
)
6433 attrs
+= build_wsc_attr(ATTR_CONFIG_ERROR
, config_error
)
6434 msg
= build_eap_wsc(eap_code
, eap_id
, attrs
, opcode
=WSC_NACK
)
6437 def test_wps_ext(dev
, apdev
):
6438 """WPS against external implementation"""
6440 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0], pin
=pin
)
6441 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
6442 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
6444 logger
.debug("Receive WSC/Start from AP")
6445 msg
= get_wsc_msg(hapd
)
6446 if msg
['wsc_opcode'] != WSC_Start
:
6447 raise Exception("Unexpected Op-Code for WSC/Start")
6448 wsc_start_id
= msg
['eap_identifier']
6450 mac_addr
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
6453 own_private
, e_pk
= wsc_dh_init()
6455 logger
.debug("Send M1 to AP")
6456 m1
, raw_m1_attrs
= build_m1(msg
['eap_identifier'], uuid_e
, mac_addr
,
6458 send_wsc_msg(hapd
, addr
, m1
)
6460 logger
.debug("Receive M2 from AP")
6461 msg
, m2_attrs
, raw_m2_attrs
= recv_wsc_msg(hapd
, WSC_MSG
, WPS_M2
)
6463 authkey
,keywrapkey
= wsc_dh_kdf(m2_attrs
[ATTR_PUBLIC_KEY
], own_private
,
6465 m2_attrs
[ATTR_REGISTRAR_NONCE
])
6466 e_s1
,e_s2
,e_hash1
,e_hash2
= wsc_dev_pw_hash(authkey
, pin
, e_pk
,
6467 m2_attrs
[ATTR_PUBLIC_KEY
])
6469 logger
.debug("Send M3 to AP")
6470 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
6471 attrs
+= build_attr_msg_type(WPS_M3
)
6472 attrs
+= build_wsc_attr(ATTR_REGISTRAR_NONCE
,
6473 m2_attrs
[ATTR_REGISTRAR_NONCE
])
6474 attrs
+= build_wsc_attr(ATTR_E_HASH1
, e_hash1
)
6475 attrs
+= build_wsc_attr(ATTR_E_HASH2
, e_hash2
)
6476 attrs
+= build_attr_authenticator(authkey
, raw_m2_attrs
, attrs
)
6477 raw_m3_attrs
= attrs
6478 m3
= build_eap_wsc(2, msg
['eap_identifier'], attrs
)
6479 send_wsc_msg(hapd
, addr
, m3
)
6481 logger
.debug("Receive M4 from AP")
6482 msg
, m4_attrs
, raw_m4_attrs
= recv_wsc_msg(hapd
, WSC_MSG
, WPS_M4
)
6484 logger
.debug("Send M5 to AP")
6485 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
6486 attrs
+= build_attr_msg_type(WPS_M5
)
6487 attrs
+= build_wsc_attr(ATTR_REGISTRAR_NONCE
,
6488 m2_attrs
[ATTR_REGISTRAR_NONCE
])
6489 data
= build_wsc_attr(ATTR_E_SNONCE1
, e_s1
)
6490 attrs
+= build_attr_encr_settings(authkey
, keywrapkey
, data
)
6491 attrs
+= build_attr_authenticator(authkey
, raw_m4_attrs
, attrs
)
6492 raw_m5_attrs
= attrs
6493 m5
= build_eap_wsc(2, msg
['eap_identifier'], attrs
)
6494 send_wsc_msg(hapd
, addr
, m5
)
6496 logger
.debug("Receive M6 from AP")
6497 msg
, m6_attrs
, raw_m6_attrs
= recv_wsc_msg(hapd
, WSC_MSG
, WPS_M6
)
6499 logger
.debug("Send M7 to AP")
6500 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
6501 attrs
+= build_attr_msg_type(WPS_M7
)
6502 attrs
+= build_wsc_attr(ATTR_REGISTRAR_NONCE
,
6503 m2_attrs
[ATTR_REGISTRAR_NONCE
])
6504 data
= build_wsc_attr(ATTR_E_SNONCE2
, e_s2
)
6505 attrs
+= build_attr_encr_settings(authkey
, keywrapkey
, data
)
6506 attrs
+= build_attr_authenticator(authkey
, raw_m6_attrs
, attrs
)
6507 m7
= build_eap_wsc(2, msg
['eap_identifier'], attrs
)
6508 raw_m7_attrs
= attrs
6509 send_wsc_msg(hapd
, addr
, m7
)
6511 logger
.debug("Receive M8 from AP")
6512 msg
, m8_attrs
, raw_m8_attrs
= recv_wsc_msg(hapd
, WSC_MSG
, WPS_M8
)
6513 m8_cred
= decrypt_attr_encr_settings(authkey
, keywrapkey
,
6514 m8_attrs
[ATTR_ENCR_SETTINGS
])
6515 logger
.debug("M8 Credential: " + binascii
.hexlify(m8_cred
))
6517 logger
.debug("Prepare WSC_Done")
6518 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
6519 attrs
+= build_attr_msg_type(WPS_WSC_DONE
)
6520 attrs
+= build_wsc_attr(ATTR_ENROLLEE_NONCE
, e_nonce
)
6521 attrs
+= build_wsc_attr(ATTR_REGISTRAR_NONCE
,
6522 m2_attrs
[ATTR_REGISTRAR_NONCE
])
6523 wsc_done
= build_eap_wsc(2, msg
['eap_identifier'], attrs
, opcode
=WSC_Done
)
6524 # Do not send WSC_Done yet to allow exchangw with STA complete before the
6530 eap_id
= wsc_start_id
6531 logger
.debug("Send WSC/Start to STA")
6532 wsc_start
= build_eap_wsc(1, eap_id
, "", opcode
=WSC_Start
)
6533 send_wsc_msg(dev
[0], bssid
, wsc_start
)
6534 eap_id
= (eap_id
+ 1) % 256
6536 logger
.debug("Receive M1 from STA")
6537 msg
, m1_attrs
, raw_m1_attrs
= recv_wsc_msg(dev
[0], WSC_MSG
, WPS_M1
)
6539 authkey
,keywrapkey
= wsc_dh_kdf(m1_attrs
[ATTR_PUBLIC_KEY
], own_private
,
6540 mac_addr
, m1_attrs
[ATTR_ENROLLEE_NONCE
],
6542 r_s1
,r_s2
,r_hash1
,r_hash2
= wsc_dev_pw_hash(authkey
, pin
,
6543 m1_attrs
[ATTR_PUBLIC_KEY
], e_pk
)
6545 logger
.debug("Send M2 to STA")
6546 m2
, raw_m2_attrs
= build_m2(authkey
, raw_m1_attrs
, eap_id
,
6547 m1_attrs
[ATTR_ENROLLEE_NONCE
],
6548 r_nonce
, uuid_r
, e_pk
)
6549 send_wsc_msg(dev
[0], bssid
, m2
)
6550 eap_id
= (eap_id
+ 1) % 256
6552 logger
.debug("Receive M3 from STA")
6553 msg
, m3_attrs
, raw_m3_attrs
= recv_wsc_msg(dev
[0], WSC_MSG
, WPS_M3
)
6555 logger
.debug("Send M4 to STA")
6556 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
6557 attrs
+= build_attr_msg_type(WPS_M4
)
6558 attrs
+= build_wsc_attr(ATTR_ENROLLEE_NONCE
, m1_attrs
[ATTR_ENROLLEE_NONCE
])
6559 attrs
+= build_wsc_attr(ATTR_R_HASH1
, r_hash1
)
6560 attrs
+= build_wsc_attr(ATTR_R_HASH2
, r_hash2
)
6561 data
= build_wsc_attr(ATTR_R_SNONCE1
, r_s1
)
6562 attrs
+= build_attr_encr_settings(authkey
, keywrapkey
, data
)
6563 attrs
+= build_attr_authenticator(authkey
, raw_m3_attrs
, attrs
)
6564 raw_m4_attrs
= attrs
6565 m4
= build_eap_wsc(1, eap_id
, attrs
)
6566 send_wsc_msg(dev
[0], bssid
, m4
)
6567 eap_id
= (eap_id
+ 1) % 256
6569 logger
.debug("Receive M5 from STA")
6570 msg
, m5_attrs
, raw_m5_attrs
= recv_wsc_msg(dev
[0], WSC_MSG
, WPS_M5
)
6572 logger
.debug("Send M6 to STA")
6573 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
6574 attrs
+= build_attr_msg_type(WPS_M6
)
6575 attrs
+= build_wsc_attr(ATTR_ENROLLEE_NONCE
,
6576 m1_attrs
[ATTR_ENROLLEE_NONCE
])
6577 data
= build_wsc_attr(ATTR_R_SNONCE2
, r_s2
)
6578 attrs
+= build_attr_encr_settings(authkey
, keywrapkey
, data
)
6579 attrs
+= build_attr_authenticator(authkey
, raw_m5_attrs
, attrs
)
6580 raw_m6_attrs
= attrs
6581 m6
= build_eap_wsc(1, eap_id
, attrs
)
6582 send_wsc_msg(dev
[0], bssid
, m6
)
6583 eap_id
= (eap_id
+ 1) % 256
6585 logger
.debug("Receive M7 from STA")
6586 msg
, m7_attrs
, raw_m7_attrs
= recv_wsc_msg(dev
[0], WSC_MSG
, WPS_M7
)
6588 logger
.debug("Send M8 to STA")
6589 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
6590 attrs
+= build_attr_msg_type(WPS_M8
)
6591 attrs
+= build_wsc_attr(ATTR_ENROLLEE_NONCE
,
6592 m1_attrs
[ATTR_ENROLLEE_NONCE
])
6593 attrs
+= build_attr_encr_settings(authkey
, keywrapkey
, m8_cred
)
6594 attrs
+= build_attr_authenticator(authkey
, raw_m7_attrs
, attrs
)
6595 raw_m8_attrs
= attrs
6596 m8
= build_eap_wsc(1, eap_id
, attrs
)
6597 send_wsc_msg(dev
[0], bssid
, m8
)
6598 eap_id
= (eap_id
+ 1) % 256
6600 ev
= dev
[0].wait_event(["WPS-CRED-RECEIVED"], timeout
=5)
6602 raise Exception("wpa_supplicant did not report credential")
6604 logger
.debug("Receive WSC_Done from STA")
6605 msg
= get_wsc_msg(dev
[0])
6606 if msg
['wsc_opcode'] != WSC_Done
or msg
['wsc_msg_type'] != WPS_WSC_DONE
:
6607 raise Exception("Unexpected Op-Code/MsgType for WSC_Done")
6609 logger
.debug("Send WSC_Done to AP")
6610 hapd
.request("SET ext_eapol_frame_io 0")
6611 dev
[0].request("SET ext_eapol_frame_io 0")
6612 send_wsc_msg(hapd
, addr
, wsc_done
)
6614 ev
= hapd
.wait_event(["WPS-REG-SUCCESS"], timeout
=5)
6616 raise Exception("hostapd did not report WPS success")
6618 dev
[0].wait_connected()
6620 def wps_start_kwa(dev
, apdev
):
6622 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0], pin
=pin
)
6623 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
6624 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
6625 wps_ext_eap_wsc(dev
[0], hapd
, bssid
, "EAP-WSC/Start")
6627 mac_addr
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
6630 own_private
, e_pk
= wsc_dh_init()
6632 logger
.debug("Receive M1 from STA")
6633 msg
, m1_attrs
, raw_m1_attrs
= recv_wsc_msg(dev
[0], WSC_MSG
, WPS_M1
)
6634 eap_id
= (msg
['eap_identifier'] + 1) % 256
6636 authkey
,keywrapkey
= wsc_dh_kdf(m1_attrs
[ATTR_PUBLIC_KEY
], own_private
,
6637 mac_addr
, m1_attrs
[ATTR_ENROLLEE_NONCE
],
6639 r_s1
,r_s2
,r_hash1
,r_hash2
= wsc_dev_pw_hash(authkey
, pin
,
6640 m1_attrs
[ATTR_PUBLIC_KEY
], e_pk
)
6642 logger
.debug("Send M2 to STA")
6643 m2
, raw_m2_attrs
= build_m2(authkey
, raw_m1_attrs
, eap_id
,
6644 m1_attrs
[ATTR_ENROLLEE_NONCE
],
6645 r_nonce
, uuid_r
, e_pk
)
6646 send_wsc_msg(dev
[0], bssid
, m2
)
6647 eap_id
= (eap_id
+ 1) % 256
6649 logger
.debug("Receive M3 from STA")
6650 msg
, m3_attrs
, raw_m3_attrs
= recv_wsc_msg(dev
[0], WSC_MSG
, WPS_M3
)
6652 logger
.debug("Send M4 to STA")
6653 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
6654 attrs
+= build_attr_msg_type(WPS_M4
)
6655 attrs
+= build_wsc_attr(ATTR_ENROLLEE_NONCE
, m1_attrs
[ATTR_ENROLLEE_NONCE
])
6656 attrs
+= build_wsc_attr(ATTR_R_HASH1
, r_hash1
)
6657 attrs
+= build_wsc_attr(ATTR_R_HASH2
, r_hash2
)
6659 return r_s1
, keywrapkey
, authkey
, raw_m3_attrs
, eap_id
, bssid
, attrs
6661 def wps_stop_kwa(dev
, bssid
, attrs
, authkey
, raw_m3_attrs
, eap_id
):
6662 attrs
+= build_attr_authenticator(authkey
, raw_m3_attrs
, attrs
)
6663 m4
= build_eap_wsc(1, eap_id
, attrs
)
6664 send_wsc_msg(dev
[0], bssid
, m4
)
6665 eap_id
= (eap_id
+ 1) % 256
6667 logger
.debug("Receive M5 from STA")
6668 msg
= get_wsc_msg(dev
[0])
6669 if msg
['wsc_opcode'] != WSC_NACK
:
6670 raise Exception("Unexpected message - expected WSC_Nack")
6672 dev
[0].request("WPS_CANCEL")
6673 send_wsc_msg(dev
[0], bssid
, build_eap_failure(eap_id
))
6674 dev
[0].wait_disconnected()
6676 def test_wps_ext_kwa_proto_no_kwa(dev
, apdev
):
6677 """WPS and KWA error: No KWA attribute"""
6678 r_s1
,keywrapkey
,authkey
,raw_m3_attrs
,eap_id
,bssid
,attrs
= wps_start_kwa(dev
, apdev
)
6679 data
= build_wsc_attr(ATTR_R_SNONCE1
, r_s1
)
6680 # Encrypted Settings without KWA
6682 aes
= AES
.new(keywrapkey
, AES
.MODE_CBC
, iv
)
6683 pad_len
= 16 - len(data
) % 16
6684 ps
= pad_len
* struct
.pack('B', pad_len
)
6686 wrapped
= aes
.encrypt(data
)
6687 attrs
+= build_wsc_attr(ATTR_ENCR_SETTINGS
, iv
+ wrapped
)
6688 wps_stop_kwa(dev
, bssid
, attrs
, authkey
, raw_m3_attrs
, eap_id
)
6690 def test_wps_ext_kwa_proto_data_after_kwa(dev
, apdev
):
6691 """WPS and KWA error: Data after KWA"""
6692 r_s1
,keywrapkey
,authkey
,raw_m3_attrs
,eap_id
,bssid
,attrs
= wps_start_kwa(dev
, apdev
)
6693 data
= build_wsc_attr(ATTR_R_SNONCE1
, r_s1
)
6694 # Encrypted Settings and data after KWA
6695 m
= hmac
.new(authkey
, data
, hashlib
.sha256
)
6696 kwa
= m
.digest()[0:8]
6697 data
+= build_wsc_attr(ATTR_KEY_WRAP_AUTH
, kwa
)
6698 data
+= build_wsc_attr(ATTR_VENDOR_EXT
, "1234567890")
6700 aes
= AES
.new(keywrapkey
, AES
.MODE_CBC
, iv
)
6701 pad_len
= 16 - len(data
) % 16
6702 ps
= pad_len
* struct
.pack('B', pad_len
)
6704 wrapped
= aes
.encrypt(data
)
6705 attrs
+= build_wsc_attr(ATTR_ENCR_SETTINGS
, iv
+ wrapped
)
6706 wps_stop_kwa(dev
, bssid
, attrs
, authkey
, raw_m3_attrs
, eap_id
)
6708 def test_wps_ext_kwa_proto_kwa_mismatch(dev
, apdev
):
6709 """WPS and KWA error: KWA mismatch"""
6710 r_s1
,keywrapkey
,authkey
,raw_m3_attrs
,eap_id
,bssid
,attrs
= wps_start_kwa(dev
, apdev
)
6711 data
= build_wsc_attr(ATTR_R_SNONCE1
, r_s1
)
6712 # Encrypted Settings and KWA with incorrect value
6713 data
+= build_wsc_attr(ATTR_KEY_WRAP_AUTH
, 8*'\x00')
6715 aes
= AES
.new(keywrapkey
, AES
.MODE_CBC
, iv
)
6716 pad_len
= 16 - len(data
) % 16
6717 ps
= pad_len
* struct
.pack('B', pad_len
)
6719 wrapped
= aes
.encrypt(data
)
6720 attrs
+= build_wsc_attr(ATTR_ENCR_SETTINGS
, iv
+ wrapped
)
6721 wps_stop_kwa(dev
, bssid
, attrs
, authkey
, raw_m3_attrs
, eap_id
)
6723 def wps_run_cred_proto(dev
, apdev
, m8_cred
, connect
=False, no_connect
=False):
6725 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0], pin
=pin
)
6726 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
6727 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
6728 wps_ext_eap_wsc(dev
[0], hapd
, bssid
, "EAP-WSC/Start")
6730 mac_addr
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
6733 own_private
, e_pk
= wsc_dh_init()
6735 logger
.debug("Receive M1 from STA")
6736 msg
, m1_attrs
, raw_m1_attrs
= recv_wsc_msg(dev
[0], WSC_MSG
, WPS_M1
)
6737 eap_id
= (msg
['eap_identifier'] + 1) % 256
6739 authkey
,keywrapkey
= wsc_dh_kdf(m1_attrs
[ATTR_PUBLIC_KEY
], own_private
,
6740 mac_addr
, m1_attrs
[ATTR_ENROLLEE_NONCE
],
6742 r_s1
,r_s2
,r_hash1
,r_hash2
= wsc_dev_pw_hash(authkey
, pin
,
6743 m1_attrs
[ATTR_PUBLIC_KEY
], e_pk
)
6745 logger
.debug("Send M2 to STA")
6746 m2
, raw_m2_attrs
= build_m2(authkey
, raw_m1_attrs
, eap_id
,
6747 m1_attrs
[ATTR_ENROLLEE_NONCE
],
6748 r_nonce
, uuid_r
, e_pk
)
6749 send_wsc_msg(dev
[0], bssid
, m2
)
6750 eap_id
= (eap_id
+ 1) % 256
6752 logger
.debug("Receive M3 from STA")
6753 msg
, m3_attrs
, raw_m3_attrs
= recv_wsc_msg(dev
[0], WSC_MSG
, WPS_M3
)
6755 logger
.debug("Send M4 to STA")
6756 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
6757 attrs
+= build_attr_msg_type(WPS_M4
)
6758 attrs
+= build_wsc_attr(ATTR_ENROLLEE_NONCE
, m1_attrs
[ATTR_ENROLLEE_NONCE
])
6759 attrs
+= build_wsc_attr(ATTR_R_HASH1
, r_hash1
)
6760 attrs
+= build_wsc_attr(ATTR_R_HASH2
, r_hash2
)
6761 data
= build_wsc_attr(ATTR_R_SNONCE1
, r_s1
)
6762 attrs
+= build_attr_encr_settings(authkey
, keywrapkey
, data
)
6763 attrs
+= build_attr_authenticator(authkey
, raw_m3_attrs
, attrs
)
6764 raw_m4_attrs
= attrs
6765 m4
= build_eap_wsc(1, eap_id
, attrs
)
6766 send_wsc_msg(dev
[0], bssid
, m4
)
6767 eap_id
= (eap_id
+ 1) % 256
6769 logger
.debug("Receive M5 from STA")
6770 msg
, m5_attrs
, raw_m5_attrs
= recv_wsc_msg(dev
[0], WSC_MSG
, WPS_M5
)
6772 logger
.debug("Send M6 to STA")
6773 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
6774 attrs
+= build_attr_msg_type(WPS_M6
)
6775 attrs
+= build_wsc_attr(ATTR_ENROLLEE_NONCE
,
6776 m1_attrs
[ATTR_ENROLLEE_NONCE
])
6777 data
= build_wsc_attr(ATTR_R_SNONCE2
, r_s2
)
6778 attrs
+= build_attr_encr_settings(authkey
, keywrapkey
, data
)
6779 attrs
+= build_attr_authenticator(authkey
, raw_m5_attrs
, attrs
)
6780 raw_m6_attrs
= attrs
6781 m6
= build_eap_wsc(1, eap_id
, attrs
)
6782 send_wsc_msg(dev
[0], bssid
, m6
)
6783 eap_id
= (eap_id
+ 1) % 256
6785 logger
.debug("Receive M7 from STA")
6786 msg
, m7_attrs
, raw_m7_attrs
= recv_wsc_msg(dev
[0], WSC_MSG
, WPS_M7
)
6788 logger
.debug("Send M8 to STA")
6789 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
6790 attrs
+= build_attr_msg_type(WPS_M8
)
6791 attrs
+= build_wsc_attr(ATTR_ENROLLEE_NONCE
,
6792 m1_attrs
[ATTR_ENROLLEE_NONCE
])
6793 attrs
+= build_attr_encr_settings(authkey
, keywrapkey
, m8_cred
)
6794 attrs
+= build_attr_authenticator(authkey
, raw_m7_attrs
, attrs
)
6795 raw_m8_attrs
= attrs
6796 m8
= build_eap_wsc(1, eap_id
, attrs
)
6797 send_wsc_msg(dev
[0], bssid
, m8
)
6798 eap_id
= (eap_id
+ 1) % 256
6801 logger
.debug("Receive WSC_Done from STA")
6802 msg
= get_wsc_msg(dev
[0])
6803 if msg
['wsc_opcode'] != WSC_Done
or msg
['wsc_msg_type'] != WPS_WSC_DONE
:
6804 raise Exception("Unexpected Op-Code/MsgType for WSC_Done")
6806 hapd
.request("SET ext_eapol_frame_io 0")
6807 dev
[0].request("SET ext_eapol_frame_io 0")
6809 send_wsc_msg(dev
[0], bssid
, build_eap_failure(eap_id
))
6811 dev
[0].wait_disconnected()
6812 dev
[0].request("REMOVE_NETWORK all")
6814 logger
.debug("Receive WSC_Done from STA")
6815 msg
= get_wsc_msg(dev
[0])
6816 if msg
['wsc_opcode'] != WSC_Done
or msg
['wsc_msg_type'] != WPS_WSC_DONE
:
6817 raise Exception("Unexpected Op-Code/MsgType for WSC_Done")
6819 hapd
.request("SET ext_eapol_frame_io 0")
6820 dev
[0].request("SET ext_eapol_frame_io 0")
6822 send_wsc_msg(dev
[0], bssid
, build_eap_failure(eap_id
))
6824 dev
[0].wait_connected()
6826 # Verify STA NACK's the credential
6827 msg
= get_wsc_msg(dev
[0])
6828 if msg
['wsc_opcode'] != WSC_NACK
:
6829 raise Exception("Unexpected message - expected WSC_Nack")
6830 dev
[0].request("WPS_CANCEL")
6831 send_wsc_msg(dev
[0], bssid
, build_eap_failure(eap_id
))
6832 dev
[0].wait_disconnected()
6834 def build_cred(nw_idx
='\x01', ssid
='test-wps-conf', auth_type
='\x00\x20',
6835 encr_type
='\x00\x08', nw_key
="12345678",
6836 mac_addr
='\x00\x00\x00\x00\x00\x00'):
6838 if nw_idx
is not None:
6839 attrs
+= build_wsc_attr(ATTR_NETWORK_INDEX
, nw_idx
)
6840 if ssid
is not None:
6841 attrs
+= build_wsc_attr(ATTR_SSID
, ssid
)
6842 if auth_type
is not None:
6843 attrs
+= build_wsc_attr(ATTR_AUTH_TYPE
, auth_type
)
6844 if encr_type
is not None:
6845 attrs
+= build_wsc_attr(ATTR_ENCR_TYPE
, encr_type
)
6846 if nw_key
is not None:
6847 attrs
+= build_wsc_attr(ATTR_NETWORK_KEY
, nw_key
)
6848 if mac_addr
is not None:
6849 attrs
+= build_wsc_attr(ATTR_MAC_ADDR
, mac_addr
)
6850 return build_wsc_attr(ATTR_CRED
, attrs
)
6852 def test_wps_ext_cred_proto_success(dev
, apdev
):
6853 """WPS and Credential: success"""
6854 mac_addr
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
6855 m8_cred
= build_cred(mac_addr
=mac_addr
)
6856 wps_run_cred_proto(dev
, apdev
, m8_cred
, connect
=True)
6858 def test_wps_ext_cred_proto_mac_addr_mismatch(dev
, apdev
):
6859 """WPS and Credential: MAC Address mismatch"""
6860 m8_cred
= build_cred()
6861 wps_run_cred_proto(dev
, apdev
, m8_cred
, connect
=True)
6863 def test_wps_ext_cred_proto_zero_padding(dev
, apdev
):
6864 """WPS and Credential: zeropadded attributes"""
6865 mac_addr
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
6866 m8_cred
= build_cred(mac_addr
=mac_addr
, ssid
='test-wps-conf\x00',
6867 nw_key
="12345678\x00")
6868 wps_run_cred_proto(dev
, apdev
, m8_cred
, connect
=True)
6870 def test_wps_ext_cred_proto_ssid_missing(dev
, apdev
):
6871 """WPS and Credential: SSID missing"""
6872 mac_addr
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
6873 m8_cred
= build_cred(mac_addr
=mac_addr
, ssid
=None)
6874 wps_run_cred_proto(dev
, apdev
, m8_cred
)
6876 def test_wps_ext_cred_proto_ssid_zero_len(dev
, apdev
):
6877 """WPS and Credential: Zero-length SSID"""
6878 mac_addr
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
6879 m8_cred
= build_cred(mac_addr
=mac_addr
, ssid
="")
6880 wps_run_cred_proto(dev
, apdev
, m8_cred
, no_connect
=True)
6882 def test_wps_ext_cred_proto_auth_type_missing(dev
, apdev
):
6883 """WPS and Credential: Auth Type missing"""
6884 mac_addr
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
6885 m8_cred
= build_cred(mac_addr
=mac_addr
, auth_type
=None)
6886 wps_run_cred_proto(dev
, apdev
, m8_cred
)
6888 def test_wps_ext_cred_proto_encr_type_missing(dev
, apdev
):
6889 """WPS and Credential: Encr Type missing"""
6890 mac_addr
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
6891 m8_cred
= build_cred(mac_addr
=mac_addr
, encr_type
=None)
6892 wps_run_cred_proto(dev
, apdev
, m8_cred
)
6894 def test_wps_ext_cred_proto_network_key_missing(dev
, apdev
):
6895 """WPS and Credential: Network Key missing"""
6896 mac_addr
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
6897 m8_cred
= build_cred(mac_addr
=mac_addr
, nw_key
=None)
6898 wps_run_cred_proto(dev
, apdev
, m8_cred
)
6900 def test_wps_ext_cred_proto_network_key_missing_open(dev
, apdev
):
6901 """WPS and Credential: Network Key missing (open)"""
6902 mac_addr
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
6903 m8_cred
= build_cred(mac_addr
=mac_addr
, auth_type
='\x00\x01',
6904 encr_type
='\x00\x01', nw_key
=None, ssid
="foo")
6905 wps_run_cred_proto(dev
, apdev
, m8_cred
, no_connect
=True)
6907 def test_wps_ext_cred_proto_mac_addr_missing(dev
, apdev
):
6908 """WPS and Credential: MAC Address missing"""
6909 m8_cred
= build_cred(mac_addr
=None)
6910 wps_run_cred_proto(dev
, apdev
, m8_cred
)
6912 def test_wps_ext_cred_proto_invalid_encr_type(dev
, apdev
):
6913 """WPS and Credential: Invalid Encr Type"""
6914 mac_addr
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
6915 m8_cred
= build_cred(mac_addr
=mac_addr
, encr_type
='\x00\x00')
6916 wps_run_cred_proto(dev
, apdev
, m8_cred
)
6918 def test_wps_ext_cred_proto_missing_cred(dev
, apdev
):
6919 """WPS and Credential: Missing Credential"""
6920 mac_addr
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
6922 wps_run_cred_proto(dev
, apdev
, m8_cred
)
6924 def test_wps_ext_proto_m2_no_public_key(dev
, apdev
):
6925 """WPS and no Public Key in M2"""
6927 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0], pin
=pin
)
6928 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
6929 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
6930 wps_ext_eap_wsc(dev
[0], hapd
, bssid
, "EAP-WSC/Start")
6932 mac_addr
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
6935 own_private
, e_pk
= wsc_dh_init()
6937 logger
.debug("Receive M1 from STA")
6938 msg
, m1_attrs
, raw_m1_attrs
= recv_wsc_msg(dev
[0], WSC_MSG
, WPS_M1
)
6939 eap_id
= (msg
['eap_identifier'] + 1) % 256
6941 authkey
,keywrapkey
= wsc_dh_kdf(m1_attrs
[ATTR_PUBLIC_KEY
], own_private
,
6942 mac_addr
, m1_attrs
[ATTR_ENROLLEE_NONCE
],
6944 r_s1
,r_s2
,r_hash1
,r_hash2
= wsc_dev_pw_hash(authkey
, pin
,
6945 m1_attrs
[ATTR_PUBLIC_KEY
], e_pk
)
6947 logger
.debug("Send M2 to STA")
6948 m2
, raw_m2_attrs
= build_m2(authkey
, raw_m1_attrs
, eap_id
,
6949 m1_attrs
[ATTR_ENROLLEE_NONCE
],
6950 r_nonce
, uuid_r
, None)
6951 send_wsc_msg(dev
[0], bssid
, m2
)
6952 eap_id
= (eap_id
+ 1) % 256
6954 # Verify STA NACK's the credential
6955 msg
= get_wsc_msg(dev
[0])
6956 if msg
['wsc_opcode'] != WSC_NACK
:
6957 raise Exception("Unexpected message - expected WSC_Nack")
6958 dev
[0].request("WPS_CANCEL")
6959 send_wsc_msg(dev
[0], bssid
, build_eap_failure(eap_id
))
6960 dev
[0].wait_disconnected()
6962 def test_wps_ext_proto_m2_invalid_public_key(dev
, apdev
):
6963 """WPS and invalid Public Key in M2"""
6965 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0], pin
=pin
)
6966 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
6967 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
6968 wps_ext_eap_wsc(dev
[0], hapd
, bssid
, "EAP-WSC/Start")
6970 mac_addr
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
6973 own_private
, e_pk
= wsc_dh_init()
6975 logger
.debug("Receive M1 from STA")
6976 msg
, m1_attrs
, raw_m1_attrs
= recv_wsc_msg(dev
[0], WSC_MSG
, WPS_M1
)
6977 eap_id
= (msg
['eap_identifier'] + 1) % 256
6979 authkey
,keywrapkey
= wsc_dh_kdf(m1_attrs
[ATTR_PUBLIC_KEY
], own_private
,
6980 mac_addr
, m1_attrs
[ATTR_ENROLLEE_NONCE
],
6982 r_s1
,r_s2
,r_hash1
,r_hash2
= wsc_dev_pw_hash(authkey
, pin
,
6983 m1_attrs
[ATTR_PUBLIC_KEY
], e_pk
)
6985 logger
.debug("Send M2 to STA")
6986 m2
, raw_m2_attrs
= build_m2(authkey
, raw_m1_attrs
, eap_id
,
6987 m1_attrs
[ATTR_ENROLLEE_NONCE
],
6988 r_nonce
, uuid_r
, 192*'\xff')
6989 send_wsc_msg(dev
[0], bssid
, m2
)
6990 eap_id
= (eap_id
+ 1) % 256
6992 # Verify STA NACK's the credential
6993 msg
= get_wsc_msg(dev
[0])
6994 if msg
['wsc_opcode'] != WSC_NACK
:
6995 raise Exception("Unexpected message - expected WSC_Nack")
6996 dev
[0].request("WPS_CANCEL")
6997 send_wsc_msg(dev
[0], bssid
, build_eap_failure(eap_id
))
6998 dev
[0].wait_disconnected()
7000 def test_wps_ext_proto_m2_public_key_oom(dev
, apdev
):
7001 """WPS and Public Key OOM in M2"""
7003 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0], pin
=pin
)
7004 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
7005 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
7006 wps_ext_eap_wsc(dev
[0], hapd
, bssid
, "EAP-WSC/Start")
7008 mac_addr
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
7011 own_private
, e_pk
= wsc_dh_init()
7013 logger
.debug("Receive M1 from STA")
7014 msg
, m1_attrs
, raw_m1_attrs
= recv_wsc_msg(dev
[0], WSC_MSG
, WPS_M1
)
7015 eap_id
= (msg
['eap_identifier'] + 1) % 256
7017 authkey
,keywrapkey
= wsc_dh_kdf(m1_attrs
[ATTR_PUBLIC_KEY
], own_private
,
7018 mac_addr
, m1_attrs
[ATTR_ENROLLEE_NONCE
],
7020 r_s1
,r_s2
,r_hash1
,r_hash2
= wsc_dev_pw_hash(authkey
, pin
,
7021 m1_attrs
[ATTR_PUBLIC_KEY
], e_pk
)
7023 logger
.debug("Send M2 to STA")
7024 m2
, raw_m2_attrs
= build_m2(authkey
, raw_m1_attrs
, eap_id
,
7025 m1_attrs
[ATTR_ENROLLEE_NONCE
],
7026 r_nonce
, uuid_r
, e_pk
)
7027 with
alloc_fail(dev
[0], 1, "wpabuf_alloc_copy;wps_process_pubkey"):
7028 send_wsc_msg(dev
[0], bssid
, m2
)
7029 eap_id
= (eap_id
+ 1) % 256
7031 # Verify STA NACK's the credential
7032 msg
= get_wsc_msg(dev
[0])
7033 if msg
['wsc_opcode'] != WSC_NACK
:
7034 raise Exception("Unexpected message - expected WSC_Nack")
7035 dev
[0].request("WPS_CANCEL")
7036 send_wsc_msg(dev
[0], bssid
, build_eap_failure(eap_id
))
7037 dev
[0].wait_disconnected()
7039 def test_wps_ext_proto_nack_m3(dev
, apdev
):
7040 """WPS and NACK M3"""
7042 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0], pin
=pin
)
7043 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
7044 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
7045 wps_ext_eap_wsc(dev
[0], hapd
, bssid
, "EAP-WSC/Start")
7047 mac_addr
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
7050 own_private
, e_pk
= wsc_dh_init()
7052 logger
.debug("Receive M1 from STA")
7053 msg
, m1_attrs
, raw_m1_attrs
= recv_wsc_msg(dev
[0], WSC_MSG
, WPS_M1
)
7054 eap_id
= (msg
['eap_identifier'] + 1) % 256
7056 authkey
,keywrapkey
= wsc_dh_kdf(m1_attrs
[ATTR_PUBLIC_KEY
], own_private
,
7057 mac_addr
, m1_attrs
[ATTR_ENROLLEE_NONCE
],
7059 r_s1
,r_s2
,r_hash1
,r_hash2
= wsc_dev_pw_hash(authkey
, pin
,
7060 m1_attrs
[ATTR_PUBLIC_KEY
], e_pk
)
7062 logger
.debug("Send M2 to STA")
7063 m2
, raw_m2_attrs
= build_m2(authkey
, raw_m1_attrs
, eap_id
,
7064 m1_attrs
[ATTR_ENROLLEE_NONCE
],
7065 r_nonce
, uuid_r
, e_pk
)
7066 send_wsc_msg(dev
[0], bssid
, m2
)
7067 eap_id
= (eap_id
+ 1) % 256
7069 logger
.debug("Receive M3 from STA")
7070 msg
, m3_attrs
, raw_m3_attrs
= recv_wsc_msg(dev
[0], WSC_MSG
, WPS_M3
)
7072 logger
.debug("Send NACK to STA")
7073 msg
, attrs
= build_nack(eap_id
, m1_attrs
[ATTR_ENROLLEE_NONCE
],
7074 r_nonce
, config_error
='\x01\x23')
7075 send_wsc_msg(dev
[0], bssid
, msg
)
7076 ev
= dev
[0].wait_event(["WPS-FAIL"], timeout
=5)
7078 raise Exception("Failure not reported")
7079 if "msg=7 config_error=291" not in ev
:
7080 raise Exception("Unexpected failure reason: " + ev
)
7082 def test_wps_ext_proto_nack_m5(dev
, apdev
):
7083 """WPS and NACK M5"""
7085 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0], pin
=pin
)
7086 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
7087 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
7088 wps_ext_eap_wsc(dev
[0], hapd
, bssid
, "EAP-WSC/Start")
7090 mac_addr
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
7093 own_private
, e_pk
= wsc_dh_init()
7095 logger
.debug("Receive M1 from STA")
7096 msg
, m1_attrs
, raw_m1_attrs
= recv_wsc_msg(dev
[0], WSC_MSG
, WPS_M1
)
7097 eap_id
= (msg
['eap_identifier'] + 1) % 256
7099 authkey
,keywrapkey
= wsc_dh_kdf(m1_attrs
[ATTR_PUBLIC_KEY
], own_private
,
7100 mac_addr
, m1_attrs
[ATTR_ENROLLEE_NONCE
],
7102 r_s1
,r_s2
,r_hash1
,r_hash2
= wsc_dev_pw_hash(authkey
, pin
,
7103 m1_attrs
[ATTR_PUBLIC_KEY
], e_pk
)
7105 logger
.debug("Send M2 to STA")
7106 m2
, raw_m2_attrs
= build_m2(authkey
, raw_m1_attrs
, eap_id
,
7107 m1_attrs
[ATTR_ENROLLEE_NONCE
],
7108 r_nonce
, uuid_r
, e_pk
)
7109 send_wsc_msg(dev
[0], bssid
, m2
)
7110 eap_id
= (eap_id
+ 1) % 256
7112 logger
.debug("Receive M3 from STA")
7113 msg
, m3_attrs
, raw_m3_attrs
= recv_wsc_msg(dev
[0], WSC_MSG
, WPS_M3
)
7115 logger
.debug("Send M4 to STA")
7116 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
7117 attrs
+= build_attr_msg_type(WPS_M4
)
7118 attrs
+= build_wsc_attr(ATTR_ENROLLEE_NONCE
, m1_attrs
[ATTR_ENROLLEE_NONCE
])
7119 attrs
+= build_wsc_attr(ATTR_R_HASH1
, r_hash1
)
7120 attrs
+= build_wsc_attr(ATTR_R_HASH2
, r_hash2
)
7121 data
= build_wsc_attr(ATTR_R_SNONCE1
, r_s1
)
7122 attrs
+= build_attr_encr_settings(authkey
, keywrapkey
, data
)
7123 attrs
+= build_attr_authenticator(authkey
, raw_m3_attrs
, attrs
)
7124 raw_m4_attrs
= attrs
7125 m4
= build_eap_wsc(1, eap_id
, attrs
)
7126 send_wsc_msg(dev
[0], bssid
, m4
)
7127 eap_id
= (eap_id
+ 1) % 256
7129 logger
.debug("Receive M5 from STA")
7130 msg
, m5_attrs
, raw_m5_attrs
= recv_wsc_msg(dev
[0], WSC_MSG
, WPS_M5
)
7132 logger
.debug("Send NACK to STA")
7133 msg
, attrs
= build_nack(eap_id
, m1_attrs
[ATTR_ENROLLEE_NONCE
],
7134 r_nonce
, config_error
='\x01\x24')
7135 send_wsc_msg(dev
[0], bssid
, msg
)
7136 ev
= dev
[0].wait_event(["WPS-FAIL"], timeout
=5)
7138 raise Exception("Failure not reported")
7139 if "msg=9 config_error=292" not in ev
:
7140 raise Exception("Unexpected failure reason: " + ev
)
7142 def wps_nack_m3(dev
, apdev
):
7144 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0], pbc
=True)
7145 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
7146 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
7147 wps_ext_eap_wsc(dev
[0], hapd
, bssid
, "EAP-WSC/Start")
7149 mac_addr
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
7152 own_private
, e_pk
= wsc_dh_init()
7154 logger
.debug("Receive M1 from STA")
7155 msg
, m1_attrs
, raw_m1_attrs
= recv_wsc_msg(dev
[0], WSC_MSG
, WPS_M1
)
7156 eap_id
= (msg
['eap_identifier'] + 1) % 256
7158 authkey
,keywrapkey
= wsc_dh_kdf(m1_attrs
[ATTR_PUBLIC_KEY
], own_private
,
7159 mac_addr
, m1_attrs
[ATTR_ENROLLEE_NONCE
],
7161 r_s1
,r_s2
,r_hash1
,r_hash2
= wsc_dev_pw_hash(authkey
, pin
,
7162 m1_attrs
[ATTR_PUBLIC_KEY
], e_pk
)
7164 logger
.debug("Send M2 to STA")
7165 m2
, raw_m2_attrs
= build_m2(authkey
, raw_m1_attrs
, eap_id
,
7166 m1_attrs
[ATTR_ENROLLEE_NONCE
],
7167 r_nonce
, uuid_r
, e_pk
, dev_pw_id
='\x00\x04')
7168 send_wsc_msg(dev
[0], bssid
, m2
)
7169 eap_id
= (eap_id
+ 1) % 256
7171 logger
.debug("Receive M3 from STA")
7172 msg
, m3_attrs
, raw_m3_attrs
= recv_wsc_msg(dev
[0], WSC_MSG
, WPS_M3
)
7173 return eap_id
, m1_attrs
[ATTR_ENROLLEE_NONCE
], r_nonce
, bssid
7175 def test_wps_ext_proto_nack_m3_no_config_error(dev
, apdev
):
7176 """WPS and NACK M3 missing Config Error"""
7177 eap_id
, e_nonce
, r_nonce
, bssid
= wps_nack_m3(dev
, apdev
)
7178 logger
.debug("Send NACK to STA")
7179 msg
, attrs
= build_nack(eap_id
, e_nonce
, r_nonce
, config_error
=None)
7180 send_wsc_msg(dev
[0], bssid
, msg
)
7181 dev
[0].request("WPS_CANCEL")
7182 dev
[0].wait_disconnected()
7183 dev
[0].flush_scan_cache()
7185 def test_wps_ext_proto_nack_m3_no_e_nonce(dev
, apdev
):
7186 """WPS and NACK M3 missing E-Nonce"""
7187 eap_id
, e_nonce
, r_nonce
, bssid
= wps_nack_m3(dev
, apdev
)
7188 logger
.debug("Send NACK to STA")
7189 msg
, attrs
= build_nack(eap_id
, None, r_nonce
)
7190 send_wsc_msg(dev
[0], bssid
, msg
)
7191 dev
[0].request("WPS_CANCEL")
7192 dev
[0].wait_disconnected()
7193 dev
[0].flush_scan_cache()
7195 def test_wps_ext_proto_nack_m3_e_nonce_mismatch(dev
, apdev
):
7196 """WPS and NACK M3 E-Nonce mismatch"""
7197 eap_id
, e_nonce
, r_nonce
, bssid
= wps_nack_m3(dev
, apdev
)
7198 logger
.debug("Send NACK to STA")
7199 msg
, attrs
= build_nack(eap_id
, 16*'\x00', r_nonce
)
7200 send_wsc_msg(dev
[0], bssid
, msg
)
7201 dev
[0].request("WPS_CANCEL")
7202 dev
[0].wait_disconnected()
7203 dev
[0].flush_scan_cache()
7205 def test_wps_ext_proto_nack_m3_no_r_nonce(dev
, apdev
):
7206 """WPS and NACK M3 missing R-Nonce"""
7207 eap_id
, e_nonce
, r_nonce
, bssid
= wps_nack_m3(dev
, apdev
)
7208 logger
.debug("Send NACK to STA")
7209 msg
, attrs
= build_nack(eap_id
, e_nonce
, None)
7210 send_wsc_msg(dev
[0], bssid
, msg
)
7211 dev
[0].request("WPS_CANCEL")
7212 dev
[0].wait_disconnected()
7213 dev
[0].flush_scan_cache()
7215 def test_wps_ext_proto_nack_m3_r_nonce_mismatch(dev
, apdev
):
7216 """WPS and NACK M3 R-Nonce mismatch"""
7217 eap_id
, e_nonce
, r_nonce
, bssid
= wps_nack_m3(dev
, apdev
)
7218 logger
.debug("Send NACK to STA")
7219 msg
, attrs
= build_nack(eap_id
, e_nonce
, 16*'\x00')
7220 send_wsc_msg(dev
[0], bssid
, msg
)
7221 dev
[0].request("WPS_CANCEL")
7222 dev
[0].wait_disconnected()
7223 dev
[0].flush_scan_cache()
7225 def test_wps_ext_proto_nack_m3_no_msg_type(dev
, apdev
):
7226 """WPS and NACK M3 no Message Type"""
7227 eap_id
, e_nonce
, r_nonce
, bssid
= wps_nack_m3(dev
, apdev
)
7228 logger
.debug("Send NACK to STA")
7229 msg
, attrs
= build_nack(eap_id
, e_nonce
, r_nonce
, msg_type
=None)
7230 send_wsc_msg(dev
[0], bssid
, msg
)
7231 dev
[0].request("WPS_CANCEL")
7232 dev
[0].wait_disconnected()
7233 dev
[0].flush_scan_cache()
7235 def test_wps_ext_proto_nack_m3_invalid_msg_type(dev
, apdev
):
7236 """WPS and NACK M3 invalid Message Type"""
7237 eap_id
, e_nonce
, r_nonce
, bssid
= wps_nack_m3(dev
, apdev
)
7238 logger
.debug("Send NACK to STA")
7239 msg
, attrs
= build_nack(eap_id
, e_nonce
, r_nonce
, msg_type
=123)
7240 send_wsc_msg(dev
[0], bssid
, msg
)
7241 dev
[0].request("WPS_CANCEL")
7242 dev
[0].wait_disconnected()
7243 dev
[0].flush_scan_cache()
7245 def test_wps_ext_proto_nack_m3_invalid_attr(dev
, apdev
):
7246 """WPS and NACK M3 invalid attribute"""
7247 eap_id
, e_nonce
, r_nonce
, bssid
= wps_nack_m3(dev
, apdev
)
7248 logger
.debug("Send NACK to STA")
7249 attrs
= '\x10\x10\x00'
7250 msg
= build_eap_wsc(1, eap_id
, attrs
, opcode
=WSC_NACK
)
7251 send_wsc_msg(dev
[0], bssid
, msg
)
7252 dev
[0].request("WPS_CANCEL")
7253 dev
[0].wait_disconnected()
7254 dev
[0].flush_scan_cache()
7256 def test_wps_ext_proto_ack_m3_no_e_nonce(dev
, apdev
):
7257 """WPS and ACK M3 missing E-Nonce"""
7258 eap_id
, e_nonce
, r_nonce
, bssid
= wps_nack_m3(dev
, apdev
)
7259 logger
.debug("Send NACK to STA")
7260 msg
, attrs
= build_ack(eap_id
, None, r_nonce
)
7261 send_wsc_msg(dev
[0], bssid
, msg
)
7262 dev
[0].request("WPS_CANCEL")
7263 dev
[0].wait_disconnected()
7264 dev
[0].flush_scan_cache()
7266 def test_wps_ext_proto_ack_m3_e_nonce_mismatch(dev
, apdev
):
7267 """WPS and ACK M3 E-Nonce mismatch"""
7268 eap_id
, e_nonce
, r_nonce
, bssid
= wps_nack_m3(dev
, apdev
)
7269 logger
.debug("Send NACK to STA")
7270 msg
, attrs
= build_ack(eap_id
, 16*'\x00', r_nonce
)
7271 send_wsc_msg(dev
[0], bssid
, msg
)
7272 dev
[0].request("WPS_CANCEL")
7273 dev
[0].wait_disconnected()
7274 dev
[0].flush_scan_cache()
7276 def test_wps_ext_proto_ack_m3_no_r_nonce(dev
, apdev
):
7277 """WPS and ACK M3 missing R-Nonce"""
7278 eap_id
, e_nonce
, r_nonce
, bssid
= wps_nack_m3(dev
, apdev
)
7279 logger
.debug("Send NACK to STA")
7280 msg
, attrs
= build_ack(eap_id
, e_nonce
, None)
7281 send_wsc_msg(dev
[0], bssid
, msg
)
7282 dev
[0].request("WPS_CANCEL")
7283 dev
[0].wait_disconnected()
7284 dev
[0].flush_scan_cache()
7286 def test_wps_ext_proto_ack_m3_r_nonce_mismatch(dev
, apdev
):
7287 """WPS and ACK M3 R-Nonce mismatch"""
7288 eap_id
, e_nonce
, r_nonce
, bssid
= wps_nack_m3(dev
, apdev
)
7289 logger
.debug("Send NACK to STA")
7290 msg
, attrs
= build_ack(eap_id
, e_nonce
, 16*'\x00')
7291 send_wsc_msg(dev
[0], bssid
, msg
)
7292 dev
[0].request("WPS_CANCEL")
7293 dev
[0].wait_disconnected()
7294 dev
[0].flush_scan_cache()
7296 def test_wps_ext_proto_ack_m3_no_msg_type(dev
, apdev
):
7297 """WPS and ACK M3 no Message Type"""
7298 eap_id
, e_nonce
, r_nonce
, bssid
= wps_nack_m3(dev
, apdev
)
7299 logger
.debug("Send NACK to STA")
7300 msg
, attrs
= build_ack(eap_id
, e_nonce
, r_nonce
, msg_type
=None)
7301 send_wsc_msg(dev
[0], bssid
, msg
)
7302 dev
[0].request("WPS_CANCEL")
7303 dev
[0].wait_disconnected()
7304 dev
[0].flush_scan_cache()
7306 def test_wps_ext_proto_ack_m3_invalid_msg_type(dev
, apdev
):
7307 """WPS and ACK M3 invalid Message Type"""
7308 eap_id
, e_nonce
, r_nonce
, bssid
= wps_nack_m3(dev
, apdev
)
7309 logger
.debug("Send NACK to STA")
7310 msg
, attrs
= build_ack(eap_id
, e_nonce
, r_nonce
, msg_type
=123)
7311 send_wsc_msg(dev
[0], bssid
, msg
)
7312 dev
[0].request("WPS_CANCEL")
7313 dev
[0].wait_disconnected()
7314 dev
[0].flush_scan_cache()
7316 def test_wps_ext_proto_ack_m3_invalid_attr(dev
, apdev
):
7317 """WPS and ACK M3 invalid attribute"""
7318 eap_id
, e_nonce
, r_nonce
, bssid
= wps_nack_m3(dev
, apdev
)
7319 logger
.debug("Send ACK to STA")
7320 attrs
= '\x10\x10\x00'
7321 msg
= build_eap_wsc(1, eap_id
, attrs
, opcode
=WSC_ACK
)
7322 send_wsc_msg(dev
[0], bssid
, msg
)
7323 dev
[0].request("WPS_CANCEL")
7324 dev
[0].wait_disconnected()
7325 dev
[0].flush_scan_cache()
7327 def test_wps_ext_proto_ack_m3(dev
, apdev
):
7328 """WPS and ACK M3"""
7329 eap_id
, e_nonce
, r_nonce
, bssid
= wps_nack_m3(dev
, apdev
)
7330 logger
.debug("Send ACK to STA")
7331 msg
, attrs
= build_ack(eap_id
, e_nonce
, r_nonce
)
7332 send_wsc_msg(dev
[0], bssid
, msg
)
7333 dev
[0].request("WPS_CANCEL")
7334 dev
[0].wait_disconnected()
7335 dev
[0].flush_scan_cache()
7337 def wps_to_m3_helper(dev
, apdev
):
7339 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0], pin
=pin
)
7340 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
7341 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
7342 wps_ext_eap_wsc(dev
[0], hapd
, bssid
, "EAP-WSC/Start")
7344 mac_addr
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
7347 own_private
, e_pk
= wsc_dh_init()
7349 logger
.debug("Receive M1 from STA")
7350 msg
, m1_attrs
, raw_m1_attrs
= recv_wsc_msg(dev
[0], WSC_MSG
, WPS_M1
)
7351 eap_id
= (msg
['eap_identifier'] + 1) % 256
7353 authkey
,keywrapkey
= wsc_dh_kdf(m1_attrs
[ATTR_PUBLIC_KEY
], own_private
,
7354 mac_addr
, m1_attrs
[ATTR_ENROLLEE_NONCE
],
7356 r_s1
,r_s2
,r_hash1
,r_hash2
= wsc_dev_pw_hash(authkey
, pin
,
7357 m1_attrs
[ATTR_PUBLIC_KEY
], e_pk
)
7359 logger
.debug("Send M2 to STA")
7360 m2
, raw_m2_attrs
= build_m2(authkey
, raw_m1_attrs
, eap_id
,
7361 m1_attrs
[ATTR_ENROLLEE_NONCE
],
7362 r_nonce
, uuid_r
, e_pk
)
7363 send_wsc_msg(dev
[0], bssid
, m2
)
7364 eap_id
= (eap_id
+ 1) % 256
7366 logger
.debug("Receive M3 from STA")
7367 msg
, m3_attrs
, raw_m3_attrs
= recv_wsc_msg(dev
[0], WSC_MSG
, WPS_M3
)
7368 return eap_id
, m1_attrs
, r_nonce
, bssid
, r_hash1
, r_hash2
, r_s1
, r_s2
, raw_m3_attrs
, authkey
, keywrapkey
7370 def wps_to_m3(dev
, apdev
):
7371 eap_id
, m1_attrs
, r_nonce
, bssid
, r_hash1
, r_hash2
, r_s1
, r_s2
, raw_m3_attrs
, authkey
, keywrapkey
= wps_to_m3_helper(dev
, apdev
)
7372 return eap_id
, m1_attrs
[ATTR_ENROLLEE_NONCE
], r_nonce
, bssid
, r_hash1
, r_hash2
, r_s1
, raw_m3_attrs
, authkey
, keywrapkey
7374 def wps_to_m5(dev
, apdev
):
7375 eap_id
, m1_attrs
, r_nonce
, bssid
, r_hash1
, r_hash2
, r_s1
, r_s2
, raw_m3_attrs
, authkey
, keywrapkey
= wps_to_m3_helper(dev
, apdev
)
7377 logger
.debug("Send M4 to STA")
7378 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
7379 attrs
+= build_attr_msg_type(WPS_M4
)
7380 attrs
+= build_wsc_attr(ATTR_ENROLLEE_NONCE
, m1_attrs
[ATTR_ENROLLEE_NONCE
])
7381 attrs
+= build_wsc_attr(ATTR_R_HASH1
, r_hash1
)
7382 attrs
+= build_wsc_attr(ATTR_R_HASH2
, r_hash2
)
7383 data
= build_wsc_attr(ATTR_R_SNONCE1
, r_s1
)
7384 attrs
+= build_attr_encr_settings(authkey
, keywrapkey
, data
)
7385 attrs
+= build_attr_authenticator(authkey
, raw_m3_attrs
, attrs
)
7386 raw_m4_attrs
= attrs
7387 m4
= build_eap_wsc(1, eap_id
, attrs
)
7388 send_wsc_msg(dev
[0], bssid
, m4
)
7389 eap_id
= (eap_id
+ 1) % 256
7391 logger
.debug("Receive M5 from STA")
7392 msg
, m5_attrs
, raw_m5_attrs
= recv_wsc_msg(dev
[0], WSC_MSG
, WPS_M5
)
7394 return eap_id
, m1_attrs
[ATTR_ENROLLEE_NONCE
], r_nonce
, bssid
, r_hash1
, r_hash2
, r_s2
, raw_m5_attrs
, authkey
, keywrapkey
7396 def test_wps_ext_proto_m4_missing_r_hash1(dev
, apdev
):
7397 """WPS and no R-Hash1 in M4"""
7398 eap_id
, e_nonce
, r_nonce
, bssid
, r_hash1
, r_hash2
, r_s1
, m3
, authkey
, keywrapkey
= wps_to_m3(dev
, apdev
)
7400 logger
.debug("Send M4 to STA")
7401 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
7402 attrs
+= build_attr_msg_type(WPS_M4
)
7403 attrs
+= build_wsc_attr(ATTR_ENROLLEE_NONCE
, e_nonce
)
7404 #attrs += build_wsc_attr(ATTR_R_HASH1, r_hash1)
7405 attrs
+= build_wsc_attr(ATTR_R_HASH2
, r_hash2
)
7406 data
= build_wsc_attr(ATTR_R_SNONCE1
, r_s1
)
7407 attrs
+= build_attr_encr_settings(authkey
, keywrapkey
, data
)
7408 attrs
+= build_attr_authenticator(authkey
, m3
, attrs
)
7409 m4
= build_eap_wsc(1, eap_id
, attrs
)
7410 send_wsc_msg(dev
[0], bssid
, m4
)
7411 eap_id
= (eap_id
+ 1) % 256
7413 logger
.debug("Receive M5 (NACK) from STA")
7414 msg
= get_wsc_msg(dev
[0])
7415 if msg
['wsc_opcode'] != WSC_NACK
:
7416 raise Exception("Unexpected message - expected WSC_Nack")
7418 dev
[0].request("WPS_CANCEL")
7419 send_wsc_msg(dev
[0], bssid
, build_eap_failure(eap_id
))
7420 dev
[0].wait_disconnected()
7422 def test_wps_ext_proto_m4_missing_r_hash2(dev
, apdev
):
7423 """WPS and no R-Hash2 in M4"""
7424 eap_id
, e_nonce
, r_nonce
, bssid
, r_hash1
, r_hash2
, r_s1
, m3
, authkey
, keywrapkey
= wps_to_m3(dev
, apdev
)
7426 logger
.debug("Send M4 to STA")
7427 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
7428 attrs
+= build_attr_msg_type(WPS_M4
)
7429 attrs
+= build_wsc_attr(ATTR_ENROLLEE_NONCE
, e_nonce
)
7430 attrs
+= build_wsc_attr(ATTR_R_HASH1
, r_hash1
)
7431 #attrs += build_wsc_attr(ATTR_R_HASH2, r_hash2)
7432 data
= build_wsc_attr(ATTR_R_SNONCE1
, r_s1
)
7433 attrs
+= build_attr_encr_settings(authkey
, keywrapkey
, data
)
7434 attrs
+= build_attr_authenticator(authkey
, m3
, attrs
)
7435 m4
= build_eap_wsc(1, eap_id
, attrs
)
7436 send_wsc_msg(dev
[0], bssid
, m4
)
7437 eap_id
= (eap_id
+ 1) % 256
7439 logger
.debug("Receive M5 (NACK) from STA")
7440 msg
= get_wsc_msg(dev
[0])
7441 if msg
['wsc_opcode'] != WSC_NACK
:
7442 raise Exception("Unexpected message - expected WSC_Nack")
7444 dev
[0].request("WPS_CANCEL")
7445 send_wsc_msg(dev
[0], bssid
, build_eap_failure(eap_id
))
7446 dev
[0].wait_disconnected()
7448 def test_wps_ext_proto_m4_missing_r_snonce1(dev
, apdev
):
7449 """WPS and no R-SNonce1 in M4"""
7450 eap_id
, e_nonce
, r_nonce
, bssid
, r_hash1
, r_hash2
, r_s1
, m3
, authkey
, keywrapkey
= wps_to_m3(dev
, apdev
)
7452 logger
.debug("Send M4 to STA")
7453 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
7454 attrs
+= build_attr_msg_type(WPS_M4
)
7455 attrs
+= build_wsc_attr(ATTR_ENROLLEE_NONCE
, e_nonce
)
7456 attrs
+= build_wsc_attr(ATTR_R_HASH1
, r_hash1
)
7457 attrs
+= build_wsc_attr(ATTR_R_HASH2
, r_hash2
)
7458 #data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
7460 attrs
+= build_attr_encr_settings(authkey
, keywrapkey
, data
)
7461 attrs
+= build_attr_authenticator(authkey
, m3
, attrs
)
7462 m4
= build_eap_wsc(1, eap_id
, attrs
)
7463 send_wsc_msg(dev
[0], bssid
, m4
)
7464 eap_id
= (eap_id
+ 1) % 256
7466 logger
.debug("Receive M5 (NACK) from STA")
7467 msg
= get_wsc_msg(dev
[0])
7468 if msg
['wsc_opcode'] != WSC_NACK
:
7469 raise Exception("Unexpected message - expected WSC_Nack")
7471 dev
[0].request("WPS_CANCEL")
7472 send_wsc_msg(dev
[0], bssid
, build_eap_failure(eap_id
))
7473 dev
[0].wait_disconnected()
7475 def test_wps_ext_proto_m4_invalid_pad_string(dev
, apdev
):
7476 """WPS and invalid pad string in M4"""
7477 eap_id
, e_nonce
, r_nonce
, bssid
, r_hash1
, r_hash2
, r_s1
, m3
, authkey
, keywrapkey
= wps_to_m3(dev
, apdev
)
7479 logger
.debug("Send M4 to STA")
7480 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
7481 attrs
+= build_attr_msg_type(WPS_M4
)
7482 attrs
+= build_wsc_attr(ATTR_ENROLLEE_NONCE
, e_nonce
)
7483 attrs
+= build_wsc_attr(ATTR_R_HASH1
, r_hash1
)
7484 attrs
+= build_wsc_attr(ATTR_R_HASH2
, r_hash2
)
7485 data
= build_wsc_attr(ATTR_R_SNONCE1
, r_s1
)
7487 m
= hmac
.new(authkey
, data
, hashlib
.sha256
)
7488 kwa
= m
.digest()[0:8]
7489 data
+= build_wsc_attr(ATTR_KEY_WRAP_AUTH
, kwa
)
7491 aes
= AES
.new(keywrapkey
, AES
.MODE_CBC
, iv
)
7492 pad_len
= 16 - len(data
) % 16
7493 ps
= (pad_len
- 1) * struct
.pack('B', pad_len
) + struct
.pack('B', pad_len
- 1)
7495 wrapped
= aes
.encrypt(data
)
7496 attrs
+= build_wsc_attr(ATTR_ENCR_SETTINGS
, iv
+ wrapped
)
7498 attrs
+= build_attr_authenticator(authkey
, m3
, attrs
)
7499 m4
= build_eap_wsc(1, eap_id
, attrs
)
7500 send_wsc_msg(dev
[0], bssid
, m4
)
7501 eap_id
= (eap_id
+ 1) % 256
7503 logger
.debug("Receive M5 (NACK) from STA")
7504 msg
= get_wsc_msg(dev
[0])
7505 if msg
['wsc_opcode'] != WSC_NACK
:
7506 raise Exception("Unexpected message - expected WSC_Nack")
7508 dev
[0].request("WPS_CANCEL")
7509 send_wsc_msg(dev
[0], bssid
, build_eap_failure(eap_id
))
7510 dev
[0].wait_disconnected()
7512 def test_wps_ext_proto_m4_invalid_pad_value(dev
, apdev
):
7513 """WPS and invalid pad value in M4"""
7514 eap_id
, e_nonce
, r_nonce
, bssid
, r_hash1
, r_hash2
, r_s1
, m3
, authkey
, keywrapkey
= wps_to_m3(dev
, apdev
)
7516 logger
.debug("Send M4 to STA")
7517 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
7518 attrs
+= build_attr_msg_type(WPS_M4
)
7519 attrs
+= build_wsc_attr(ATTR_ENROLLEE_NONCE
, e_nonce
)
7520 attrs
+= build_wsc_attr(ATTR_R_HASH1
, r_hash1
)
7521 attrs
+= build_wsc_attr(ATTR_R_HASH2
, r_hash2
)
7522 data
= build_wsc_attr(ATTR_R_SNONCE1
, r_s1
)
7524 m
= hmac
.new(authkey
, data
, hashlib
.sha256
)
7525 kwa
= m
.digest()[0:8]
7526 data
+= build_wsc_attr(ATTR_KEY_WRAP_AUTH
, kwa
)
7528 aes
= AES
.new(keywrapkey
, AES
.MODE_CBC
, iv
)
7529 pad_len
= 16 - len(data
) % 16
7530 ps
= (pad_len
- 1) * struct
.pack('B', pad_len
) + struct
.pack('B', 255)
7532 wrapped
= aes
.encrypt(data
)
7533 attrs
+= build_wsc_attr(ATTR_ENCR_SETTINGS
, iv
+ wrapped
)
7535 attrs
+= build_attr_authenticator(authkey
, m3
, attrs
)
7536 m4
= build_eap_wsc(1, eap_id
, attrs
)
7537 send_wsc_msg(dev
[0], bssid
, m4
)
7538 eap_id
= (eap_id
+ 1) % 256
7540 logger
.debug("Receive M5 (NACK) from STA")
7541 msg
= get_wsc_msg(dev
[0])
7542 if msg
['wsc_opcode'] != WSC_NACK
:
7543 raise Exception("Unexpected message - expected WSC_Nack")
7545 dev
[0].request("WPS_CANCEL")
7546 send_wsc_msg(dev
[0], bssid
, build_eap_failure(eap_id
))
7547 dev
[0].wait_disconnected()
7549 def test_wps_ext_proto_m4_no_encr_settings(dev
, apdev
):
7550 """WPS and no Encr Settings in M4"""
7551 eap_id
, e_nonce
, r_nonce
, bssid
, r_hash1
, r_hash2
, r_s1
, m3
, authkey
, keywrapkey
= wps_to_m3(dev
, apdev
)
7553 logger
.debug("Send M4 to STA")
7554 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
7555 attrs
+= build_attr_msg_type(WPS_M4
)
7556 attrs
+= build_wsc_attr(ATTR_ENROLLEE_NONCE
, e_nonce
)
7557 attrs
+= build_wsc_attr(ATTR_R_HASH1
, r_hash1
)
7558 attrs
+= build_wsc_attr(ATTR_R_HASH2
, r_hash2
)
7559 attrs
+= build_attr_authenticator(authkey
, m3
, attrs
)
7560 m4
= build_eap_wsc(1, eap_id
, attrs
)
7561 send_wsc_msg(dev
[0], bssid
, m4
)
7562 eap_id
= (eap_id
+ 1) % 256
7564 logger
.debug("Receive M5 (NACK) from STA")
7565 msg
= get_wsc_msg(dev
[0])
7566 if msg
['wsc_opcode'] != WSC_NACK
:
7567 raise Exception("Unexpected message - expected WSC_Nack")
7569 dev
[0].request("WPS_CANCEL")
7570 send_wsc_msg(dev
[0], bssid
, build_eap_failure(eap_id
))
7571 dev
[0].wait_disconnected()
7573 def test_wps_ext_proto_m6_missing_r_snonce2(dev
, apdev
):
7574 """WPS and no R-SNonce2 in M6"""
7575 eap_id
, e_nonce
, r_nonce
, bssid
, r_hash1
, r_hash2
, r_s2
, m5
, authkey
, keywrapkey
= wps_to_m5(dev
, apdev
)
7577 logger
.debug("Send M6 to STA")
7578 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
7579 attrs
+= build_attr_msg_type(WPS_M6
)
7580 attrs
+= build_wsc_attr(ATTR_ENROLLEE_NONCE
, e_nonce
)
7581 #data = build_wsc_attr(ATTR_R_SNONCE2, r_s2)
7583 attrs
+= build_attr_encr_settings(authkey
, keywrapkey
, data
)
7584 attrs
+= build_attr_authenticator(authkey
, m5
, attrs
)
7585 m6
= build_eap_wsc(1, eap_id
, attrs
)
7586 send_wsc_msg(dev
[0], bssid
, m6
)
7587 eap_id
= (eap_id
+ 1) % 256
7589 logger
.debug("Receive M7 (NACK) from STA")
7590 msg
= get_wsc_msg(dev
[0])
7591 if msg
['wsc_opcode'] != WSC_NACK
:
7592 raise Exception("Unexpected message - expected WSC_Nack")
7594 dev
[0].request("WPS_CANCEL")
7595 send_wsc_msg(dev
[0], bssid
, build_eap_failure(eap_id
))
7596 dev
[0].wait_disconnected()
7598 def test_wps_ext_proto_m6_no_encr_settings(dev
, apdev
):
7599 """WPS and no Encr Settings in M6"""
7600 eap_id
, e_nonce
, r_nonce
, bssid
, r_hash1
, r_hash2
, r_s2
, m5
, authkey
, keywrapkey
= wps_to_m5(dev
, apdev
)
7602 logger
.debug("Send M6 to STA")
7603 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
7604 attrs
+= build_attr_msg_type(WPS_M6
)
7605 attrs
+= build_wsc_attr(ATTR_ENROLLEE_NONCE
, e_nonce
)
7606 data
= build_wsc_attr(ATTR_R_SNONCE2
, r_s2
)
7607 #attrs += build_attr_encr_settings(authkey, keywrapkey, data)
7608 attrs
+= build_attr_authenticator(authkey
, m5
, attrs
)
7609 m6
= build_eap_wsc(1, eap_id
, attrs
)
7610 send_wsc_msg(dev
[0], bssid
, m6
)
7611 eap_id
= (eap_id
+ 1) % 256
7613 logger
.debug("Receive M7 (NACK) from STA")
7614 msg
= get_wsc_msg(dev
[0])
7615 if msg
['wsc_opcode'] != WSC_NACK
:
7616 raise Exception("Unexpected message - expected WSC_Nack")
7618 dev
[0].request("WPS_CANCEL")
7619 send_wsc_msg(dev
[0], bssid
, build_eap_failure(eap_id
))
7620 dev
[0].wait_disconnected()
7622 def test_wps_ext_proto_m8_no_encr_settings(dev
, apdev
):
7623 """WPS and no Encr Settings in M6"""
7624 eap_id
, e_nonce
, r_nonce
, bssid
, r_hash1
, r_hash2
, r_s2
, m5
, authkey
, keywrapkey
= wps_to_m5(dev
, apdev
)
7626 logger
.debug("Send M6 to STA")
7627 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
7628 attrs
+= build_attr_msg_type(WPS_M6
)
7629 attrs
+= build_wsc_attr(ATTR_ENROLLEE_NONCE
, e_nonce
)
7630 data
= build_wsc_attr(ATTR_R_SNONCE2
, r_s2
)
7631 attrs
+= build_attr_encr_settings(authkey
, keywrapkey
, data
)
7632 attrs
+= build_attr_authenticator(authkey
, m5
, attrs
)
7633 raw_m6_attrs
= attrs
7634 m6
= build_eap_wsc(1, eap_id
, attrs
)
7635 send_wsc_msg(dev
[0], bssid
, m6
)
7636 eap_id
= (eap_id
+ 1) % 256
7638 logger
.debug("Receive M7 from STA")
7639 msg
, m7_attrs
, raw_m7_attrs
= recv_wsc_msg(dev
[0], WSC_MSG
, WPS_M7
)
7641 logger
.debug("Send M8 to STA")
7642 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
7643 attrs
+= build_attr_msg_type(WPS_M8
)
7644 attrs
+= build_wsc_attr(ATTR_ENROLLEE_NONCE
, e_nonce
)
7645 #attrs += build_attr_encr_settings(authkey, keywrapkey, m8_cred)
7646 attrs
+= build_attr_authenticator(authkey
, raw_m7_attrs
, attrs
)
7647 raw_m8_attrs
= attrs
7648 m8
= build_eap_wsc(1, eap_id
, attrs
)
7649 send_wsc_msg(dev
[0], bssid
, m8
)
7651 logger
.debug("Receive WSC_Done (NACK) from STA")
7652 msg
= get_wsc_msg(dev
[0])
7653 if msg
['wsc_opcode'] != WSC_NACK
:
7654 raise Exception("Unexpected message - expected WSC_Nack")
7656 dev
[0].request("WPS_CANCEL")
7657 send_wsc_msg(dev
[0], bssid
, build_eap_failure(eap_id
))
7658 dev
[0].wait_disconnected()
7660 def wps_start_ext_reg(apdev
, dev
):
7661 addr
= dev
.own_addr()
7662 bssid
= apdev
['bssid']
7663 ssid
= "test-wps-conf"
7665 params
= { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
7666 "wpa_passphrase": "12345678", "wpa": "2",
7667 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
7669 hapd
= hostapd
.add_ap(apdev
, params
)
7671 dev
.scan_for_bss(bssid
, freq
="2412")
7672 hapd
.request("SET ext_eapol_frame_io 1")
7673 dev
.request("SET ext_eapol_frame_io 1")
7675 dev
.request("WPS_REG " + bssid
+ " " + appin
)
7677 return addr
,bssid
,hapd
7679 def wps_run_ap_settings_proto(dev
, apdev
, ap_settings
, success
):
7680 addr
,bssid
,hapd
= wps_start_ext_reg(apdev
[0], dev
[0])
7681 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
7682 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
7684 logger
.debug("Receive M1 from AP")
7685 msg
, m1_attrs
, raw_m1_attrs
= recv_wsc_msg(hapd
, WSC_MSG
, WPS_M1
)
7686 mac_addr
= m1_attrs
[ATTR_MAC_ADDR
]
7687 e_nonce
= m1_attrs
[ATTR_ENROLLEE_NONCE
]
7688 e_pk
= m1_attrs
[ATTR_PUBLIC_KEY
]
7693 own_private
, r_pk
= wsc_dh_init()
7694 authkey
,keywrapkey
= wsc_dh_kdf(e_pk
, own_private
, mac_addr
, e_nonce
,
7696 r_s1
,r_s2
,r_hash1
,r_hash2
= wsc_dev_pw_hash(authkey
, appin
, e_pk
, r_pk
)
7698 logger
.debug("Send M2 to AP")
7699 m2
, raw_m2_attrs
= build_m2(authkey
, raw_m1_attrs
, msg
['eap_identifier'],
7700 e_nonce
, r_nonce
, uuid_r
, r_pk
, eap_code
=2)
7701 send_wsc_msg(hapd
, addr
, m2
)
7703 logger
.debug("Receive M3 from AP")
7704 msg
, m3_attrs
, raw_m3_attrs
= recv_wsc_msg(hapd
, WSC_MSG
, WPS_M3
)
7706 logger
.debug("Send M4 to AP")
7707 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
7708 attrs
+= build_attr_msg_type(WPS_M4
)
7709 attrs
+= build_wsc_attr(ATTR_ENROLLEE_NONCE
, e_nonce
)
7710 attrs
+= build_wsc_attr(ATTR_R_HASH1
, r_hash1
)
7711 attrs
+= build_wsc_attr(ATTR_R_HASH2
, r_hash2
)
7712 data
= build_wsc_attr(ATTR_R_SNONCE1
, r_s1
)
7713 attrs
+= build_attr_encr_settings(authkey
, keywrapkey
, data
)
7714 attrs
+= build_attr_authenticator(authkey
, raw_m3_attrs
, attrs
)
7715 raw_m4_attrs
= attrs
7716 m4
= build_eap_wsc(2, msg
['eap_identifier'], attrs
)
7717 send_wsc_msg(hapd
, addr
, m4
)
7719 logger
.debug("Receive M5 from AP")
7720 msg
, m5_attrs
, raw_m5_attrs
= recv_wsc_msg(hapd
, WSC_MSG
, WPS_M5
)
7722 logger
.debug("Send M6 to STA")
7723 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
7724 attrs
+= build_attr_msg_type(WPS_M6
)
7725 attrs
+= build_wsc_attr(ATTR_ENROLLEE_NONCE
, e_nonce
)
7726 data
= build_wsc_attr(ATTR_R_SNONCE2
, r_s2
)
7727 attrs
+= build_attr_encr_settings(authkey
, keywrapkey
, data
)
7728 attrs
+= build_attr_authenticator(authkey
, raw_m5_attrs
, attrs
)
7729 raw_m6_attrs
= attrs
7730 m6
= build_eap_wsc(2, msg
['eap_identifier'], attrs
)
7731 send_wsc_msg(hapd
, addr
, m6
)
7733 logger
.debug("Receive M7 from AP")
7734 msg
, m7_attrs
, raw_m7_attrs
= recv_wsc_msg(hapd
, WSC_MSG
, WPS_M7
)
7736 logger
.debug("Send M8 to STA")
7737 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
7738 attrs
+= build_attr_msg_type(WPS_M8
)
7739 attrs
+= build_wsc_attr(ATTR_ENROLLEE_NONCE
, e_nonce
)
7741 attrs
+= build_attr_encr_settings(authkey
, keywrapkey
, ap_settings
)
7742 attrs
+= build_attr_authenticator(authkey
, raw_m7_attrs
, attrs
)
7743 raw_m8_attrs
= attrs
7744 m8
= build_eap_wsc(2, msg
['eap_identifier'], attrs
)
7745 send_wsc_msg(hapd
, addr
, m8
)
7748 ev
= hapd
.wait_event(["WPS-NEW-AP-SETTINGS"], timeout
=5)
7750 raise Exception("New AP settings not reported")
7751 logger
.debug("Receive WSC_Done from AP")
7752 msg
= get_wsc_msg(hapd
)
7753 if msg
['wsc_opcode'] != WSC_Done
:
7754 raise Exception("Unexpected message - expected WSC_Done")
7756 logger
.debug("Send WSC_ACK to AP")
7757 ack
,attrs
= build_ack(msg
['eap_identifier'], e_nonce
, r_nonce
,
7759 send_wsc_msg(hapd
, addr
, ack
)
7760 dev
[0].wait_disconnected()
7762 ev
= hapd
.wait_event(["WPS-FAIL"], timeout
=5)
7764 raise Exception("WPS failure not reported")
7765 logger
.debug("Receive WSC_NACK from AP")
7766 msg
= get_wsc_msg(hapd
)
7767 if msg
['wsc_opcode'] != WSC_NACK
:
7768 raise Exception("Unexpected message - expected WSC_NACK")
7770 logger
.debug("Send WSC_NACK to AP")
7771 nack
,attrs
= build_nack(msg
['eap_identifier'], e_nonce
, r_nonce
,
7773 send_wsc_msg(hapd
, addr
, nack
)
7774 dev
[0].wait_disconnected()
7776 def test_wps_ext_ap_settings_success(dev
, apdev
):
7777 """WPS and AP Settings: success"""
7778 ap_settings
= build_wsc_attr(ATTR_NETWORK_INDEX
, '\x01')
7779 ap_settings
+= build_wsc_attr(ATTR_SSID
, "test")
7780 ap_settings
+= build_wsc_attr(ATTR_AUTH_TYPE
, '\x00\x01')
7781 ap_settings
+= build_wsc_attr(ATTR_ENCR_TYPE
, '\x00\x01')
7782 ap_settings
+= build_wsc_attr(ATTR_NETWORK_KEY
, '')
7783 ap_settings
+= build_wsc_attr(ATTR_MAC_ADDR
, binascii
.unhexlify(apdev
[0]['bssid'].replace(':', '')))
7784 wps_run_ap_settings_proto(dev
, apdev
, ap_settings
, True)
7787 def test_wps_ext_ap_settings_missing(dev
, apdev
):
7788 """WPS and AP Settings: missing"""
7789 wps_run_ap_settings_proto(dev
, apdev
, None, False)
7792 def test_wps_ext_ap_settings_mac_addr_mismatch(dev
, apdev
):
7793 """WPS and AP Settings: MAC Address mismatch"""
7794 ap_settings
= build_wsc_attr(ATTR_NETWORK_INDEX
, '\x01')
7795 ap_settings
+= build_wsc_attr(ATTR_SSID
, "test")
7796 ap_settings
+= build_wsc_attr(ATTR_AUTH_TYPE
, '\x00\x01')
7797 ap_settings
+= build_wsc_attr(ATTR_ENCR_TYPE
, '\x00\x01')
7798 ap_settings
+= build_wsc_attr(ATTR_NETWORK_KEY
, '')
7799 ap_settings
+= build_wsc_attr(ATTR_MAC_ADDR
, '\x00\x00\x00\x00\x00\x00')
7800 wps_run_ap_settings_proto(dev
, apdev
, ap_settings
, True)
7803 def test_wps_ext_ap_settings_mac_addr_missing(dev
, apdev
):
7804 """WPS and AP Settings: missing MAC Address"""
7805 ap_settings
= build_wsc_attr(ATTR_NETWORK_INDEX
, '\x01')
7806 ap_settings
+= build_wsc_attr(ATTR_SSID
, "test")
7807 ap_settings
+= build_wsc_attr(ATTR_AUTH_TYPE
, '\x00\x01')
7808 ap_settings
+= build_wsc_attr(ATTR_ENCR_TYPE
, '\x00\x01')
7809 ap_settings
+= build_wsc_attr(ATTR_NETWORK_KEY
, '')
7810 wps_run_ap_settings_proto(dev
, apdev
, ap_settings
, False)
7813 def test_wps_ext_ap_settings_reject_encr_type(dev
, apdev
):
7814 """WPS and AP Settings: reject Encr Type"""
7815 ap_settings
= build_wsc_attr(ATTR_NETWORK_INDEX
, '\x01')
7816 ap_settings
+= build_wsc_attr(ATTR_SSID
, "test")
7817 ap_settings
+= build_wsc_attr(ATTR_AUTH_TYPE
, '\x00\x01')
7818 ap_settings
+= build_wsc_attr(ATTR_ENCR_TYPE
, '\x00\x00')
7819 ap_settings
+= build_wsc_attr(ATTR_NETWORK_KEY
, '')
7820 ap_settings
+= build_wsc_attr(ATTR_MAC_ADDR
, binascii
.unhexlify(apdev
[0]['bssid'].replace(':', '')))
7821 wps_run_ap_settings_proto(dev
, apdev
, ap_settings
, False)
7824 def test_wps_ext_ap_settings_m2d(dev
, apdev
):
7825 """WPS and AP Settings: M2D"""
7826 addr
,bssid
,hapd
= wps_start_ext_reg(apdev
[0], dev
[0])
7827 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
7828 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
7830 logger
.debug("Receive M1 from AP")
7831 msg
, m1_attrs
, raw_m1_attrs
= recv_wsc_msg(hapd
, WSC_MSG
, WPS_M1
)
7832 e_nonce
= m1_attrs
[ATTR_ENROLLEE_NONCE
]
7837 logger
.debug("Send M2D to AP")
7838 m2d
, raw_m2d_attrs
= build_m2d(raw_m1_attrs
, msg
['eap_identifier'],
7839 e_nonce
, r_nonce
, uuid_r
,
7840 dev_pw_id
='\x00\x00', eap_code
=2)
7841 send_wsc_msg(hapd
, addr
, m2d
)
7843 ev
= hapd
.wait_event(["WPS-M2D"], timeout
=5)
7845 raise Exception("M2D not reported")
7847 wps_wait_ap_nack(hapd
, dev
[0], e_nonce
, r_nonce
)
7849 def wps_wait_ap_nack(hapd
, dev
, e_nonce
, r_nonce
):
7850 logger
.debug("Receive WSC_NACK from AP")
7851 msg
= get_wsc_msg(hapd
)
7852 if msg
['wsc_opcode'] != WSC_NACK
:
7853 raise Exception("Unexpected message - expected WSC_NACK")
7855 logger
.debug("Send WSC_NACK to AP")
7856 nack
,attrs
= build_nack(msg
['eap_identifier'], e_nonce
, r_nonce
,
7858 send_wsc_msg(hapd
, dev
.own_addr(), nack
)
7859 dev
.wait_disconnected()
7862 def test_wps_ext_m3_missing_e_hash1(dev
, apdev
):
7863 """WPS proto: M3 missing E-Hash1"""
7865 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0], pin
=pin
)
7866 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
7867 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
7869 logger
.debug("Receive WSC/Start from AP")
7870 msg
= get_wsc_msg(hapd
)
7871 if msg
['wsc_opcode'] != WSC_Start
:
7872 raise Exception("Unexpected Op-Code for WSC/Start")
7874 mac_addr
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
7877 own_private
, e_pk
= wsc_dh_init()
7879 logger
.debug("Send M1 to AP")
7880 m1
, raw_m1_attrs
= build_m1(msg
['eap_identifier'], uuid_e
, mac_addr
,
7882 send_wsc_msg(hapd
, addr
, m1
)
7884 logger
.debug("Receive M2 from AP")
7885 msg
, m2_attrs
, raw_m2_attrs
= recv_wsc_msg(hapd
, WSC_MSG
, WPS_M2
)
7886 r_nonce
= m2_attrs
[ATTR_REGISTRAR_NONCE
]
7887 r_pk
= m2_attrs
[ATTR_PUBLIC_KEY
]
7889 authkey
,keywrapkey
= wsc_dh_kdf(r_pk
, own_private
, mac_addr
, e_nonce
,
7891 e_s1
,e_s2
,e_hash1
,e_hash2
= wsc_dev_pw_hash(authkey
, pin
, e_pk
, r_pk
)
7893 logger
.debug("Send M3 to AP")
7894 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
7895 attrs
+= build_attr_msg_type(WPS_M3
)
7896 attrs
+= build_wsc_attr(ATTR_REGISTRAR_NONCE
, r_nonce
)
7897 #attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
7898 attrs
+= build_wsc_attr(ATTR_E_HASH2
, e_hash2
)
7899 attrs
+= build_attr_authenticator(authkey
, raw_m2_attrs
, attrs
)
7900 raw_m3_attrs
= attrs
7901 m3
= build_eap_wsc(2, msg
['eap_identifier'], attrs
)
7902 send_wsc_msg(hapd
, addr
, m3
)
7904 wps_wait_ap_nack(hapd
, dev
[0], e_nonce
, r_nonce
)
7907 def test_wps_ext_m3_missing_e_hash2(dev
, apdev
):
7908 """WPS proto: M3 missing E-Hash2"""
7910 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0], pin
=pin
)
7911 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
7912 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
7914 logger
.debug("Receive WSC/Start from AP")
7915 msg
= get_wsc_msg(hapd
)
7916 if msg
['wsc_opcode'] != WSC_Start
:
7917 raise Exception("Unexpected Op-Code for WSC/Start")
7919 mac_addr
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
7922 own_private
, e_pk
= wsc_dh_init()
7924 logger
.debug("Send M1 to AP")
7925 m1
, raw_m1_attrs
= build_m1(msg
['eap_identifier'], uuid_e
, mac_addr
,
7927 send_wsc_msg(hapd
, addr
, m1
)
7929 logger
.debug("Receive M2 from AP")
7930 msg
, m2_attrs
, raw_m2_attrs
= recv_wsc_msg(hapd
, WSC_MSG
, WPS_M2
)
7931 r_nonce
= m2_attrs
[ATTR_REGISTRAR_NONCE
]
7932 r_pk
= m2_attrs
[ATTR_PUBLIC_KEY
]
7934 authkey
,keywrapkey
= wsc_dh_kdf(r_pk
, own_private
, mac_addr
, e_nonce
,
7936 e_s1
,e_s2
,e_hash1
,e_hash2
= wsc_dev_pw_hash(authkey
, pin
, e_pk
, r_pk
)
7938 logger
.debug("Send M3 to AP")
7939 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
7940 attrs
+= build_attr_msg_type(WPS_M3
)
7941 attrs
+= build_wsc_attr(ATTR_REGISTRAR_NONCE
, r_nonce
)
7942 attrs
+= build_wsc_attr(ATTR_E_HASH1
, e_hash1
)
7943 #attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
7944 attrs
+= build_attr_authenticator(authkey
, raw_m2_attrs
, attrs
)
7945 raw_m3_attrs
= attrs
7946 m3
= build_eap_wsc(2, msg
['eap_identifier'], attrs
)
7947 send_wsc_msg(hapd
, addr
, m3
)
7949 wps_wait_ap_nack(hapd
, dev
[0], e_nonce
, r_nonce
)
7952 def test_wps_ext_m5_missing_e_snonce1(dev
, apdev
):
7953 """WPS proto: M5 missing E-SNonce1"""
7955 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0], pin
=pin
)
7956 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
7957 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
7959 logger
.debug("Receive WSC/Start from AP")
7960 msg
= get_wsc_msg(hapd
)
7961 if msg
['wsc_opcode'] != WSC_Start
:
7962 raise Exception("Unexpected Op-Code for WSC/Start")
7964 mac_addr
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
7967 own_private
, e_pk
= wsc_dh_init()
7969 logger
.debug("Send M1 to AP")
7970 m1
, raw_m1_attrs
= build_m1(msg
['eap_identifier'], uuid_e
, mac_addr
,
7972 send_wsc_msg(hapd
, addr
, m1
)
7974 logger
.debug("Receive M2 from AP")
7975 msg
, m2_attrs
, raw_m2_attrs
= recv_wsc_msg(hapd
, WSC_MSG
, WPS_M2
)
7976 r_nonce
= m2_attrs
[ATTR_REGISTRAR_NONCE
]
7977 r_pk
= m2_attrs
[ATTR_PUBLIC_KEY
]
7979 authkey
,keywrapkey
= wsc_dh_kdf(r_pk
, own_private
, mac_addr
, e_nonce
,
7981 e_s1
,e_s2
,e_hash1
,e_hash2
= wsc_dev_pw_hash(authkey
, pin
, e_pk
, r_pk
)
7983 logger
.debug("Send M3 to AP")
7984 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
7985 attrs
+= build_attr_msg_type(WPS_M3
)
7986 attrs
+= build_wsc_attr(ATTR_REGISTRAR_NONCE
, r_nonce
)
7987 attrs
+= build_wsc_attr(ATTR_E_HASH1
, e_hash1
)
7988 attrs
+= build_wsc_attr(ATTR_E_HASH2
, e_hash2
)
7989 attrs
+= build_attr_authenticator(authkey
, raw_m2_attrs
, attrs
)
7990 raw_m3_attrs
= attrs
7991 m3
= build_eap_wsc(2, msg
['eap_identifier'], attrs
)
7992 send_wsc_msg(hapd
, addr
, m3
)
7994 logger
.debug("Receive M4 from AP")
7995 msg
, m4_attrs
, raw_m4_attrs
= recv_wsc_msg(hapd
, WSC_MSG
, WPS_M4
)
7997 logger
.debug("Send M5 to AP")
7998 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
7999 attrs
+= build_attr_msg_type(WPS_M5
)
8000 attrs
+= build_wsc_attr(ATTR_REGISTRAR_NONCE
, r_nonce
)
8001 #data = build_wsc_attr(ATTR_E_SNONCE1, e_s1)
8003 attrs
+= build_attr_encr_settings(authkey
, keywrapkey
, data
)
8004 attrs
+= build_attr_authenticator(authkey
, raw_m4_attrs
, attrs
)
8005 raw_m5_attrs
= attrs
8006 m5
= build_eap_wsc(2, msg
['eap_identifier'], attrs
)
8007 send_wsc_msg(hapd
, addr
, m5
)
8009 wps_wait_ap_nack(hapd
, dev
[0], e_nonce
, r_nonce
)
8012 def test_wps_ext_m5_e_snonce1_mismatch(dev
, apdev
):
8013 """WPS proto: M5 E-SNonce1 mismatch"""
8015 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0], pin
=pin
)
8016 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
8017 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
8019 logger
.debug("Receive WSC/Start from AP")
8020 msg
= get_wsc_msg(hapd
)
8021 if msg
['wsc_opcode'] != WSC_Start
:
8022 raise Exception("Unexpected Op-Code for WSC/Start")
8024 mac_addr
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
8027 own_private
, e_pk
= wsc_dh_init()
8029 logger
.debug("Send M1 to AP")
8030 m1
, raw_m1_attrs
= build_m1(msg
['eap_identifier'], uuid_e
, mac_addr
,
8032 send_wsc_msg(hapd
, addr
, m1
)
8034 logger
.debug("Receive M2 from AP")
8035 msg
, m2_attrs
, raw_m2_attrs
= recv_wsc_msg(hapd
, WSC_MSG
, WPS_M2
)
8036 r_nonce
= m2_attrs
[ATTR_REGISTRAR_NONCE
]
8037 r_pk
= m2_attrs
[ATTR_PUBLIC_KEY
]
8039 authkey
,keywrapkey
= wsc_dh_kdf(r_pk
, own_private
, mac_addr
, e_nonce
,
8041 e_s1
,e_s2
,e_hash1
,e_hash2
= wsc_dev_pw_hash(authkey
, pin
, e_pk
, r_pk
)
8043 logger
.debug("Send M3 to AP")
8044 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
8045 attrs
+= build_attr_msg_type(WPS_M3
)
8046 attrs
+= build_wsc_attr(ATTR_REGISTRAR_NONCE
, r_nonce
)
8047 attrs
+= build_wsc_attr(ATTR_E_HASH1
, e_hash1
)
8048 attrs
+= build_wsc_attr(ATTR_E_HASH2
, e_hash2
)
8049 attrs
+= build_attr_authenticator(authkey
, raw_m2_attrs
, attrs
)
8050 raw_m3_attrs
= attrs
8051 m3
= build_eap_wsc(2, msg
['eap_identifier'], attrs
)
8052 send_wsc_msg(hapd
, addr
, m3
)
8054 logger
.debug("Receive M4 from AP")
8055 msg
, m4_attrs
, raw_m4_attrs
= recv_wsc_msg(hapd
, WSC_MSG
, WPS_M4
)
8057 logger
.debug("Send M5 to AP")
8058 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
8059 attrs
+= build_attr_msg_type(WPS_M5
)
8060 attrs
+= build_wsc_attr(ATTR_REGISTRAR_NONCE
, r_nonce
)
8061 data
= build_wsc_attr(ATTR_E_SNONCE1
, 16*'\x00')
8062 attrs
+= build_attr_encr_settings(authkey
, keywrapkey
, data
)
8063 attrs
+= build_attr_authenticator(authkey
, raw_m4_attrs
, attrs
)
8064 raw_m5_attrs
= attrs
8065 m5
= build_eap_wsc(2, msg
['eap_identifier'], attrs
)
8066 send_wsc_msg(hapd
, addr
, m5
)
8068 wps_wait_ap_nack(hapd
, dev
[0], e_nonce
, r_nonce
)
8070 def test_wps_ext_m7_missing_e_snonce2(dev
, apdev
):
8071 """WPS proto: M7 missing E-SNonce2"""
8073 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0], pin
=pin
)
8074 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
8075 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
8077 logger
.debug("Receive WSC/Start from AP")
8078 msg
= get_wsc_msg(hapd
)
8079 if msg
['wsc_opcode'] != WSC_Start
:
8080 raise Exception("Unexpected Op-Code for WSC/Start")
8082 mac_addr
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
8085 own_private
, e_pk
= wsc_dh_init()
8087 logger
.debug("Send M1 to AP")
8088 m1
, raw_m1_attrs
= build_m1(msg
['eap_identifier'], uuid_e
, mac_addr
,
8090 send_wsc_msg(hapd
, addr
, m1
)
8092 logger
.debug("Receive M2 from AP")
8093 msg
, m2_attrs
, raw_m2_attrs
= recv_wsc_msg(hapd
, WSC_MSG
, WPS_M2
)
8094 r_nonce
= m2_attrs
[ATTR_REGISTRAR_NONCE
]
8095 r_pk
= m2_attrs
[ATTR_PUBLIC_KEY
]
8097 authkey
,keywrapkey
= wsc_dh_kdf(r_pk
, own_private
, mac_addr
, e_nonce
,
8099 e_s1
,e_s2
,e_hash1
,e_hash2
= wsc_dev_pw_hash(authkey
, pin
, e_pk
, r_pk
)
8101 logger
.debug("Send M3 to AP")
8102 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
8103 attrs
+= build_attr_msg_type(WPS_M3
)
8104 attrs
+= build_wsc_attr(ATTR_REGISTRAR_NONCE
, r_nonce
)
8105 attrs
+= build_wsc_attr(ATTR_E_HASH1
, e_hash1
)
8106 attrs
+= build_wsc_attr(ATTR_E_HASH2
, e_hash2
)
8107 attrs
+= build_attr_authenticator(authkey
, raw_m2_attrs
, attrs
)
8108 raw_m3_attrs
= attrs
8109 m3
= build_eap_wsc(2, msg
['eap_identifier'], attrs
)
8110 send_wsc_msg(hapd
, addr
, m3
)
8112 logger
.debug("Receive M4 from AP")
8113 msg
, m4_attrs
, raw_m4_attrs
= recv_wsc_msg(hapd
, WSC_MSG
, WPS_M4
)
8115 logger
.debug("Send M5 to AP")
8116 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
8117 attrs
+= build_attr_msg_type(WPS_M5
)
8118 attrs
+= build_wsc_attr(ATTR_REGISTRAR_NONCE
, r_nonce
)
8119 data
= build_wsc_attr(ATTR_E_SNONCE1
, e_s1
)
8120 attrs
+= build_attr_encr_settings(authkey
, keywrapkey
, data
)
8121 attrs
+= build_attr_authenticator(authkey
, raw_m4_attrs
, attrs
)
8122 raw_m5_attrs
= attrs
8123 m5
= build_eap_wsc(2, msg
['eap_identifier'], attrs
)
8124 send_wsc_msg(hapd
, addr
, m5
)
8126 logger
.debug("Receive M6 from AP")
8127 msg
, m6_attrs
, raw_m6_attrs
= recv_wsc_msg(hapd
, WSC_MSG
, WPS_M6
)
8129 logger
.debug("Send M7 to AP")
8130 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
8131 attrs
+= build_attr_msg_type(WPS_M7
)
8132 attrs
+= build_wsc_attr(ATTR_REGISTRAR_NONCE
, r_nonce
)
8133 #data = build_wsc_attr(ATTR_E_SNONCE2, e_s2)
8135 attrs
+= build_attr_encr_settings(authkey
, keywrapkey
, data
)
8136 attrs
+= build_attr_authenticator(authkey
, raw_m6_attrs
, attrs
)
8137 m7
= build_eap_wsc(2, msg
['eap_identifier'], attrs
)
8138 raw_m7_attrs
= attrs
8139 send_wsc_msg(hapd
, addr
, m7
)
8141 wps_wait_ap_nack(hapd
, dev
[0], e_nonce
, r_nonce
)
8144 def test_wps_ext_m7_e_snonce2_mismatch(dev
, apdev
):
8145 """WPS proto: M7 E-SNonce2 mismatch"""
8147 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0], pin
=pin
)
8148 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
8149 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
8151 logger
.debug("Receive WSC/Start from AP")
8152 msg
= get_wsc_msg(hapd
)
8153 if msg
['wsc_opcode'] != WSC_Start
:
8154 raise Exception("Unexpected Op-Code for WSC/Start")
8156 mac_addr
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
8159 own_private
, e_pk
= wsc_dh_init()
8161 logger
.debug("Send M1 to AP")
8162 m1
, raw_m1_attrs
= build_m1(msg
['eap_identifier'], uuid_e
, mac_addr
,
8164 send_wsc_msg(hapd
, addr
, m1
)
8166 logger
.debug("Receive M2 from AP")
8167 msg
, m2_attrs
, raw_m2_attrs
= recv_wsc_msg(hapd
, WSC_MSG
, WPS_M2
)
8168 r_nonce
= m2_attrs
[ATTR_REGISTRAR_NONCE
]
8169 r_pk
= m2_attrs
[ATTR_PUBLIC_KEY
]
8171 authkey
,keywrapkey
= wsc_dh_kdf(r_pk
, own_private
, mac_addr
, e_nonce
,
8173 e_s1
,e_s2
,e_hash1
,e_hash2
= wsc_dev_pw_hash(authkey
, pin
, e_pk
, r_pk
)
8175 logger
.debug("Send M3 to AP")
8176 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
8177 attrs
+= build_attr_msg_type(WPS_M3
)
8178 attrs
+= build_wsc_attr(ATTR_REGISTRAR_NONCE
, r_nonce
)
8179 attrs
+= build_wsc_attr(ATTR_E_HASH1
, e_hash1
)
8180 attrs
+= build_wsc_attr(ATTR_E_HASH2
, e_hash2
)
8181 attrs
+= build_attr_authenticator(authkey
, raw_m2_attrs
, attrs
)
8182 raw_m3_attrs
= attrs
8183 m3
= build_eap_wsc(2, msg
['eap_identifier'], attrs
)
8184 send_wsc_msg(hapd
, addr
, m3
)
8186 logger
.debug("Receive M4 from AP")
8187 msg
, m4_attrs
, raw_m4_attrs
= recv_wsc_msg(hapd
, WSC_MSG
, WPS_M4
)
8189 logger
.debug("Send M5 to AP")
8190 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
8191 attrs
+= build_attr_msg_type(WPS_M5
)
8192 attrs
+= build_wsc_attr(ATTR_REGISTRAR_NONCE
, r_nonce
)
8193 data
= build_wsc_attr(ATTR_E_SNONCE1
, e_s1
)
8194 attrs
+= build_attr_encr_settings(authkey
, keywrapkey
, data
)
8195 attrs
+= build_attr_authenticator(authkey
, raw_m4_attrs
, attrs
)
8196 raw_m5_attrs
= attrs
8197 m5
= build_eap_wsc(2, msg
['eap_identifier'], attrs
)
8198 send_wsc_msg(hapd
, addr
, m5
)
8200 logger
.debug("Receive M6 from AP")
8201 msg
, m6_attrs
, raw_m6_attrs
= recv_wsc_msg(hapd
, WSC_MSG
, WPS_M6
)
8203 logger
.debug("Send M7 to AP")
8204 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
8205 attrs
+= build_attr_msg_type(WPS_M7
)
8206 attrs
+= build_wsc_attr(ATTR_REGISTRAR_NONCE
, r_nonce
)
8207 data
= build_wsc_attr(ATTR_E_SNONCE2
, 16*'\x00')
8208 attrs
+= build_attr_encr_settings(authkey
, keywrapkey
, data
)
8209 attrs
+= build_attr_authenticator(authkey
, raw_m6_attrs
, attrs
)
8210 m7
= build_eap_wsc(2, msg
['eap_identifier'], attrs
)
8211 raw_m7_attrs
= attrs
8212 send_wsc_msg(hapd
, addr
, m7
)
8214 wps_wait_ap_nack(hapd
, dev
[0], e_nonce
, r_nonce
)
8217 def test_wps_ext_m1_pubkey_oom(dev
, apdev
):
8218 """WPS proto: M1 PubKey OOM"""
8220 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0], pin
=pin
)
8221 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
8222 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
8224 logger
.debug("Receive WSC/Start from AP")
8225 msg
= get_wsc_msg(hapd
)
8226 if msg
['wsc_opcode'] != WSC_Start
:
8227 raise Exception("Unexpected Op-Code for WSC/Start")
8229 mac_addr
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
8232 own_private
, e_pk
= wsc_dh_init()
8234 logger
.debug("Send M1 to AP")
8235 with
alloc_fail(hapd
, 1, "wpabuf_alloc_copy;wps_process_pubkey"):
8236 m1
, raw_m1_attrs
= build_m1(msg
['eap_identifier'], uuid_e
, mac_addr
,
8238 send_wsc_msg(hapd
, addr
, m1
)
8239 wps_wait_eap_failure(hapd
, dev
[0])
8241 def wps_wait_eap_failure(hapd
, dev
):
8242 ev
= hapd
.wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout
=5)
8244 raise Exception("EAP-Failure not reported")
8245 dev
.wait_disconnected()
8248 def test_wps_ext_m3_m1(dev
, apdev
):
8249 """WPS proto: M3 replaced with M1"""
8251 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0], pin
=pin
)
8252 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
8253 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
8255 logger
.debug("Receive WSC/Start from AP")
8256 msg
= get_wsc_msg(hapd
)
8257 if msg
['wsc_opcode'] != WSC_Start
:
8258 raise Exception("Unexpected Op-Code for WSC/Start")
8260 mac_addr
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
8263 own_private
, e_pk
= wsc_dh_init()
8265 logger
.debug("Send M1 to AP")
8266 m1
, raw_m1_attrs
= build_m1(msg
['eap_identifier'], uuid_e
, mac_addr
,
8268 send_wsc_msg(hapd
, addr
, m1
)
8270 logger
.debug("Receive M2 from AP")
8271 msg
, m2_attrs
, raw_m2_attrs
= recv_wsc_msg(hapd
, WSC_MSG
, WPS_M2
)
8272 r_nonce
= m2_attrs
[ATTR_REGISTRAR_NONCE
]
8273 r_pk
= m2_attrs
[ATTR_PUBLIC_KEY
]
8275 authkey
,keywrapkey
= wsc_dh_kdf(r_pk
, own_private
, mac_addr
, e_nonce
,
8277 e_s1
,e_s2
,e_hash1
,e_hash2
= wsc_dev_pw_hash(authkey
, pin
, e_pk
, r_pk
)
8279 logger
.debug("Send M3(M1) to AP")
8280 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
8281 attrs
+= build_attr_msg_type(WPS_M1
)
8282 attrs
+= build_wsc_attr(ATTR_REGISTRAR_NONCE
, r_nonce
)
8283 attrs
+= build_wsc_attr(ATTR_E_HASH1
, e_hash1
)
8284 attrs
+= build_wsc_attr(ATTR_E_HASH2
, e_hash2
)
8285 attrs
+= build_attr_authenticator(authkey
, raw_m2_attrs
, attrs
)
8286 raw_m3_attrs
= attrs
8287 m3
= build_eap_wsc(2, msg
['eap_identifier'], attrs
)
8288 send_wsc_msg(hapd
, addr
, m3
)
8290 wps_wait_eap_failure(hapd
, dev
[0])
8293 def test_wps_ext_m5_m3(dev
, apdev
):
8294 """WPS proto: M5 replaced with M3"""
8296 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0], pin
=pin
)
8297 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
8298 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
8300 logger
.debug("Receive WSC/Start from AP")
8301 msg
= get_wsc_msg(hapd
)
8302 if msg
['wsc_opcode'] != WSC_Start
:
8303 raise Exception("Unexpected Op-Code for WSC/Start")
8305 mac_addr
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
8308 own_private
, e_pk
= wsc_dh_init()
8310 logger
.debug("Send M1 to AP")
8311 m1
, raw_m1_attrs
= build_m1(msg
['eap_identifier'], uuid_e
, mac_addr
,
8313 send_wsc_msg(hapd
, addr
, m1
)
8315 logger
.debug("Receive M2 from AP")
8316 msg
, m2_attrs
, raw_m2_attrs
= recv_wsc_msg(hapd
, WSC_MSG
, WPS_M2
)
8317 r_nonce
= m2_attrs
[ATTR_REGISTRAR_NONCE
]
8318 r_pk
= m2_attrs
[ATTR_PUBLIC_KEY
]
8320 authkey
,keywrapkey
= wsc_dh_kdf(r_pk
, own_private
, mac_addr
, e_nonce
,
8322 e_s1
,e_s2
,e_hash1
,e_hash2
= wsc_dev_pw_hash(authkey
, pin
, e_pk
, r_pk
)
8324 logger
.debug("Send M3 to AP")
8325 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
8326 attrs
+= build_attr_msg_type(WPS_M3
)
8327 attrs
+= build_wsc_attr(ATTR_REGISTRAR_NONCE
, r_nonce
)
8328 attrs
+= build_wsc_attr(ATTR_E_HASH1
, e_hash1
)
8329 attrs
+= build_wsc_attr(ATTR_E_HASH2
, e_hash2
)
8330 attrs
+= build_attr_authenticator(authkey
, raw_m2_attrs
, attrs
)
8331 raw_m3_attrs
= attrs
8332 m3
= build_eap_wsc(2, msg
['eap_identifier'], attrs
)
8333 send_wsc_msg(hapd
, addr
, m3
)
8335 logger
.debug("Receive M4 from AP")
8336 msg
, m4_attrs
, raw_m4_attrs
= recv_wsc_msg(hapd
, WSC_MSG
, WPS_M4
)
8338 logger
.debug("Send M5(M3) to AP")
8339 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
8340 attrs
+= build_attr_msg_type(WPS_M3
)
8341 attrs
+= build_wsc_attr(ATTR_REGISTRAR_NONCE
, r_nonce
)
8342 data
= build_wsc_attr(ATTR_E_SNONCE1
, e_s1
)
8343 attrs
+= build_attr_encr_settings(authkey
, keywrapkey
, data
)
8344 attrs
+= build_attr_authenticator(authkey
, raw_m4_attrs
, attrs
)
8345 raw_m5_attrs
= attrs
8346 m5
= build_eap_wsc(2, msg
['eap_identifier'], attrs
)
8347 send_wsc_msg(hapd
, addr
, m5
)
8349 wps_wait_ap_nack(hapd
, dev
[0], e_nonce
, r_nonce
)
8352 def test_wps_ext_m3_m2(dev
, apdev
):
8353 """WPS proto: M3 replaced with M2"""
8355 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0], pin
=pin
)
8356 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
8357 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
8359 logger
.debug("Receive WSC/Start from AP")
8360 msg
= get_wsc_msg(hapd
)
8361 if msg
['wsc_opcode'] != WSC_Start
:
8362 raise Exception("Unexpected Op-Code for WSC/Start")
8364 mac_addr
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
8367 own_private
, e_pk
= wsc_dh_init()
8369 logger
.debug("Send M1 to AP")
8370 m1
, raw_m1_attrs
= build_m1(msg
['eap_identifier'], uuid_e
, mac_addr
,
8372 send_wsc_msg(hapd
, addr
, m1
)
8374 logger
.debug("Receive M2 from AP")
8375 msg
, m2_attrs
, raw_m2_attrs
= recv_wsc_msg(hapd
, WSC_MSG
, WPS_M2
)
8376 r_nonce
= m2_attrs
[ATTR_REGISTRAR_NONCE
]
8377 r_pk
= m2_attrs
[ATTR_PUBLIC_KEY
]
8379 authkey
,keywrapkey
= wsc_dh_kdf(r_pk
, own_private
, mac_addr
, e_nonce
,
8381 e_s1
,e_s2
,e_hash1
,e_hash2
= wsc_dev_pw_hash(authkey
, pin
, e_pk
, r_pk
)
8383 logger
.debug("Send M3(M2) to AP")
8384 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
8385 attrs
+= build_attr_msg_type(WPS_M2
)
8386 attrs
+= build_wsc_attr(ATTR_REGISTRAR_NONCE
, r_nonce
)
8387 attrs
+= build_attr_authenticator(authkey
, raw_m2_attrs
, attrs
)
8388 raw_m3_attrs
= attrs
8389 m3
= build_eap_wsc(2, msg
['eap_identifier'], attrs
)
8390 send_wsc_msg(hapd
, addr
, m3
)
8392 wps_wait_eap_failure(hapd
, dev
[0])
8395 def test_wps_ext_m3_m5(dev
, apdev
):
8396 """WPS proto: M3 replaced with M5"""
8398 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0], pin
=pin
)
8399 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
8400 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
8402 logger
.debug("Receive WSC/Start from AP")
8403 msg
= get_wsc_msg(hapd
)
8404 if msg
['wsc_opcode'] != WSC_Start
:
8405 raise Exception("Unexpected Op-Code for WSC/Start")
8407 mac_addr
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
8410 own_private
, e_pk
= wsc_dh_init()
8412 logger
.debug("Send M1 to AP")
8413 m1
, raw_m1_attrs
= build_m1(msg
['eap_identifier'], uuid_e
, mac_addr
,
8415 send_wsc_msg(hapd
, addr
, m1
)
8417 logger
.debug("Receive M2 from AP")
8418 msg
, m2_attrs
, raw_m2_attrs
= recv_wsc_msg(hapd
, WSC_MSG
, WPS_M2
)
8419 r_nonce
= m2_attrs
[ATTR_REGISTRAR_NONCE
]
8420 r_pk
= m2_attrs
[ATTR_PUBLIC_KEY
]
8422 authkey
,keywrapkey
= wsc_dh_kdf(r_pk
, own_private
, mac_addr
, e_nonce
,
8424 e_s1
,e_s2
,e_hash1
,e_hash2
= wsc_dev_pw_hash(authkey
, pin
, e_pk
, r_pk
)
8426 logger
.debug("Send M3(M5) to AP")
8427 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
8428 attrs
+= build_attr_msg_type(WPS_M5
)
8429 attrs
+= build_wsc_attr(ATTR_REGISTRAR_NONCE
, r_nonce
)
8430 attrs
+= build_wsc_attr(ATTR_E_HASH1
, e_hash1
)
8431 attrs
+= build_wsc_attr(ATTR_E_HASH2
, e_hash2
)
8432 attrs
+= build_attr_authenticator(authkey
, raw_m2_attrs
, attrs
)
8433 raw_m3_attrs
= attrs
8434 m3
= build_eap_wsc(2, msg
['eap_identifier'], attrs
)
8435 send_wsc_msg(hapd
, addr
, m3
)
8437 wps_wait_ap_nack(hapd
, dev
[0], e_nonce
, r_nonce
)
8440 def test_wps_ext_m3_m7(dev
, apdev
):
8441 """WPS proto: M3 replaced with M7"""
8443 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0], pin
=pin
)
8444 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
8445 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
8447 logger
.debug("Receive WSC/Start from AP")
8448 msg
= get_wsc_msg(hapd
)
8449 if msg
['wsc_opcode'] != WSC_Start
:
8450 raise Exception("Unexpected Op-Code for WSC/Start")
8452 mac_addr
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
8455 own_private
, e_pk
= wsc_dh_init()
8457 logger
.debug("Send M1 to AP")
8458 m1
, raw_m1_attrs
= build_m1(msg
['eap_identifier'], uuid_e
, mac_addr
,
8460 send_wsc_msg(hapd
, addr
, m1
)
8462 logger
.debug("Receive M2 from AP")
8463 msg
, m2_attrs
, raw_m2_attrs
= recv_wsc_msg(hapd
, WSC_MSG
, WPS_M2
)
8464 r_nonce
= m2_attrs
[ATTR_REGISTRAR_NONCE
]
8465 r_pk
= m2_attrs
[ATTR_PUBLIC_KEY
]
8467 authkey
,keywrapkey
= wsc_dh_kdf(r_pk
, own_private
, mac_addr
, e_nonce
,
8469 e_s1
,e_s2
,e_hash1
,e_hash2
= wsc_dev_pw_hash(authkey
, pin
, e_pk
, r_pk
)
8471 logger
.debug("Send M3(M7) to AP")
8472 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
8473 attrs
+= build_attr_msg_type(WPS_M7
)
8474 attrs
+= build_wsc_attr(ATTR_REGISTRAR_NONCE
, r_nonce
)
8475 attrs
+= build_wsc_attr(ATTR_E_HASH1
, e_hash1
)
8476 attrs
+= build_wsc_attr(ATTR_E_HASH2
, e_hash2
)
8477 attrs
+= build_attr_authenticator(authkey
, raw_m2_attrs
, attrs
)
8478 raw_m3_attrs
= attrs
8479 m3
= build_eap_wsc(2, msg
['eap_identifier'], attrs
)
8480 send_wsc_msg(hapd
, addr
, m3
)
8482 wps_wait_ap_nack(hapd
, dev
[0], e_nonce
, r_nonce
)
8485 def test_wps_ext_m3_done(dev
, apdev
):
8486 """WPS proto: M3 replaced with WSC_Done"""
8488 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0], pin
=pin
)
8489 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
8490 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
8492 logger
.debug("Receive WSC/Start from AP")
8493 msg
= get_wsc_msg(hapd
)
8494 if msg
['wsc_opcode'] != WSC_Start
:
8495 raise Exception("Unexpected Op-Code for WSC/Start")
8497 mac_addr
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
8500 own_private
, e_pk
= wsc_dh_init()
8502 logger
.debug("Send M1 to AP")
8503 m1
, raw_m1_attrs
= build_m1(msg
['eap_identifier'], uuid_e
, mac_addr
,
8505 send_wsc_msg(hapd
, addr
, m1
)
8507 logger
.debug("Receive M2 from AP")
8508 msg
, m2_attrs
, raw_m2_attrs
= recv_wsc_msg(hapd
, WSC_MSG
, WPS_M2
)
8509 r_nonce
= m2_attrs
[ATTR_REGISTRAR_NONCE
]
8510 r_pk
= m2_attrs
[ATTR_PUBLIC_KEY
]
8512 authkey
,keywrapkey
= wsc_dh_kdf(r_pk
, own_private
, mac_addr
, e_nonce
,
8514 e_s1
,e_s2
,e_hash1
,e_hash2
= wsc_dev_pw_hash(authkey
, pin
, e_pk
, r_pk
)
8516 logger
.debug("Send M3(WSC_Done) to AP")
8517 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
8518 attrs
+= build_attr_msg_type(WPS_WSC_DONE
)
8519 attrs
+= build_attr_authenticator(authkey
, raw_m2_attrs
, attrs
)
8520 raw_m3_attrs
= attrs
8521 m3
= build_eap_wsc(2, msg
['eap_identifier'], attrs
, opcode
=WSC_Done
)
8522 send_wsc_msg(hapd
, addr
, m3
)
8524 wps_wait_eap_failure(hapd
, dev
[0])
8527 def test_wps_ext_m2_nack_invalid(dev
, apdev
):
8528 """WPS proto: M2 followed by invalid NACK"""
8530 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0], pin
=pin
)
8531 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
8532 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
8534 logger
.debug("Receive WSC/Start from AP")
8535 msg
= get_wsc_msg(hapd
)
8536 if msg
['wsc_opcode'] != WSC_Start
:
8537 raise Exception("Unexpected Op-Code for WSC/Start")
8539 mac_addr
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
8542 own_private
, e_pk
= wsc_dh_init()
8544 logger
.debug("Send M1 to AP")
8545 m1
, raw_m1_attrs
= build_m1(msg
['eap_identifier'], uuid_e
, mac_addr
,
8547 send_wsc_msg(hapd
, addr
, m1
)
8549 logger
.debug("Receive M2 from AP")
8550 msg
, m2_attrs
, raw_m2_attrs
= recv_wsc_msg(hapd
, WSC_MSG
, WPS_M2
)
8551 r_nonce
= m2_attrs
[ATTR_REGISTRAR_NONCE
]
8552 r_pk
= m2_attrs
[ATTR_PUBLIC_KEY
]
8554 authkey
,keywrapkey
= wsc_dh_kdf(r_pk
, own_private
, mac_addr
, e_nonce
,
8556 e_s1
,e_s2
,e_hash1
,e_hash2
= wsc_dev_pw_hash(authkey
, pin
, e_pk
, r_pk
)
8558 logger
.debug("Send WSC_NACK to AP")
8559 attrs
= '\x10\x00\x00'
8560 nack
= build_eap_wsc(2, msg
['eap_identifier'], attrs
, opcode
=WSC_NACK
)
8561 send_wsc_msg(hapd
, addr
, nack
)
8563 wps_wait_eap_failure(hapd
, dev
[0])
8566 def test_wps_ext_m2_nack_no_msg_type(dev
, apdev
):
8567 """WPS proto: M2 followed by NACK without Msg Type"""
8569 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0], pin
=pin
)
8570 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
8571 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
8573 logger
.debug("Receive WSC/Start from AP")
8574 msg
= get_wsc_msg(hapd
)
8575 if msg
['wsc_opcode'] != WSC_Start
:
8576 raise Exception("Unexpected Op-Code for WSC/Start")
8578 mac_addr
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
8581 own_private
, e_pk
= wsc_dh_init()
8583 logger
.debug("Send M1 to AP")
8584 m1
, raw_m1_attrs
= build_m1(msg
['eap_identifier'], uuid_e
, mac_addr
,
8586 send_wsc_msg(hapd
, addr
, m1
)
8588 logger
.debug("Receive M2 from AP")
8589 msg
, m2_attrs
, raw_m2_attrs
= recv_wsc_msg(hapd
, WSC_MSG
, WPS_M2
)
8590 r_nonce
= m2_attrs
[ATTR_REGISTRAR_NONCE
]
8591 r_pk
= m2_attrs
[ATTR_PUBLIC_KEY
]
8593 authkey
,keywrapkey
= wsc_dh_kdf(r_pk
, own_private
, mac_addr
, e_nonce
,
8595 e_s1
,e_s2
,e_hash1
,e_hash2
= wsc_dev_pw_hash(authkey
, pin
, e_pk
, r_pk
)
8597 logger
.debug("Send WSC_NACK to AP")
8598 nack
,attrs
= build_nack(msg
['eap_identifier'], e_nonce
, r_nonce
,
8599 msg_type
=None, eap_code
=2)
8600 send_wsc_msg(hapd
, addr
, nack
)
8602 wps_wait_eap_failure(hapd
, dev
[0])
8605 def test_wps_ext_m2_nack_invalid_msg_type(dev
, apdev
):
8606 """WPS proto: M2 followed by NACK with invalid Msg Type"""
8608 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0], pin
=pin
)
8609 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
8610 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
8612 logger
.debug("Receive WSC/Start from AP")
8613 msg
= get_wsc_msg(hapd
)
8614 if msg
['wsc_opcode'] != WSC_Start
:
8615 raise Exception("Unexpected Op-Code for WSC/Start")
8617 mac_addr
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
8620 own_private
, e_pk
= wsc_dh_init()
8622 logger
.debug("Send M1 to AP")
8623 m1
, raw_m1_attrs
= build_m1(msg
['eap_identifier'], uuid_e
, mac_addr
,
8625 send_wsc_msg(hapd
, addr
, m1
)
8627 logger
.debug("Receive M2 from AP")
8628 msg
, m2_attrs
, raw_m2_attrs
= recv_wsc_msg(hapd
, WSC_MSG
, WPS_M2
)
8629 r_nonce
= m2_attrs
[ATTR_REGISTRAR_NONCE
]
8630 r_pk
= m2_attrs
[ATTR_PUBLIC_KEY
]
8632 authkey
,keywrapkey
= wsc_dh_kdf(r_pk
, own_private
, mac_addr
, e_nonce
,
8634 e_s1
,e_s2
,e_hash1
,e_hash2
= wsc_dev_pw_hash(authkey
, pin
, e_pk
, r_pk
)
8636 logger
.debug("Send WSC_NACK to AP")
8637 nack
,attrs
= build_nack(msg
['eap_identifier'], e_nonce
, r_nonce
,
8638 msg_type
=WPS_WSC_ACK
, eap_code
=2)
8639 send_wsc_msg(hapd
, addr
, nack
)
8641 wps_wait_eap_failure(hapd
, dev
[0])
8644 def test_wps_ext_m2_nack_e_nonce_mismatch(dev
, apdev
):
8645 """WPS proto: M2 followed by NACK with e-nonce mismatch"""
8647 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0], pin
=pin
)
8648 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
8649 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
8651 logger
.debug("Receive WSC/Start from AP")
8652 msg
= get_wsc_msg(hapd
)
8653 if msg
['wsc_opcode'] != WSC_Start
:
8654 raise Exception("Unexpected Op-Code for WSC/Start")
8656 mac_addr
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
8659 own_private
, e_pk
= wsc_dh_init()
8661 logger
.debug("Send M1 to AP")
8662 m1
, raw_m1_attrs
= build_m1(msg
['eap_identifier'], uuid_e
, mac_addr
,
8664 send_wsc_msg(hapd
, addr
, m1
)
8666 logger
.debug("Receive M2 from AP")
8667 msg
, m2_attrs
, raw_m2_attrs
= recv_wsc_msg(hapd
, WSC_MSG
, WPS_M2
)
8668 r_nonce
= m2_attrs
[ATTR_REGISTRAR_NONCE
]
8669 r_pk
= m2_attrs
[ATTR_PUBLIC_KEY
]
8671 authkey
,keywrapkey
= wsc_dh_kdf(r_pk
, own_private
, mac_addr
, e_nonce
,
8673 e_s1
,e_s2
,e_hash1
,e_hash2
= wsc_dev_pw_hash(authkey
, pin
, e_pk
, r_pk
)
8675 logger
.debug("Send WSC_NACK to AP")
8676 nack
,attrs
= build_nack(msg
['eap_identifier'], 16*'\x00', r_nonce
,
8678 send_wsc_msg(hapd
, addr
, nack
)
8680 wps_wait_eap_failure(hapd
, dev
[0])
8683 def test_wps_ext_m2_nack_no_config_error(dev
, apdev
):
8684 """WPS proto: M2 followed by NACK without Config Error"""
8686 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0], pin
=pin
)
8687 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
8688 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
8690 logger
.debug("Receive WSC/Start from AP")
8691 msg
= get_wsc_msg(hapd
)
8692 if msg
['wsc_opcode'] != WSC_Start
:
8693 raise Exception("Unexpected Op-Code for WSC/Start")
8695 mac_addr
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
8698 own_private
, e_pk
= wsc_dh_init()
8700 logger
.debug("Send M1 to AP")
8701 m1
, raw_m1_attrs
= build_m1(msg
['eap_identifier'], uuid_e
, mac_addr
,
8703 send_wsc_msg(hapd
, addr
, m1
)
8705 logger
.debug("Receive M2 from AP")
8706 msg
, m2_attrs
, raw_m2_attrs
= recv_wsc_msg(hapd
, WSC_MSG
, WPS_M2
)
8707 r_nonce
= m2_attrs
[ATTR_REGISTRAR_NONCE
]
8708 r_pk
= m2_attrs
[ATTR_PUBLIC_KEY
]
8710 authkey
,keywrapkey
= wsc_dh_kdf(r_pk
, own_private
, mac_addr
, e_nonce
,
8712 e_s1
,e_s2
,e_hash1
,e_hash2
= wsc_dev_pw_hash(authkey
, pin
, e_pk
, r_pk
)
8714 logger
.debug("Send WSC_NACK to AP")
8715 nack
,attrs
= build_nack(msg
['eap_identifier'], e_nonce
, r_nonce
,
8716 config_error
=None, eap_code
=2)
8717 send_wsc_msg(hapd
, addr
, nack
)
8719 wps_wait_eap_failure(hapd
, dev
[0])
8722 def test_wps_ext_m2_ack_invalid(dev
, apdev
):
8723 """WPS proto: M2 followed by invalid ACK"""
8725 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0], pin
=pin
)
8726 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
8727 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
8729 logger
.debug("Receive WSC/Start from AP")
8730 msg
= get_wsc_msg(hapd
)
8731 if msg
['wsc_opcode'] != WSC_Start
:
8732 raise Exception("Unexpected Op-Code for WSC/Start")
8734 mac_addr
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
8737 own_private
, e_pk
= wsc_dh_init()
8739 logger
.debug("Send M1 to AP")
8740 m1
, raw_m1_attrs
= build_m1(msg
['eap_identifier'], uuid_e
, mac_addr
,
8742 send_wsc_msg(hapd
, addr
, m1
)
8744 logger
.debug("Receive M2 from AP")
8745 msg
, m2_attrs
, raw_m2_attrs
= recv_wsc_msg(hapd
, WSC_MSG
, WPS_M2
)
8746 r_nonce
= m2_attrs
[ATTR_REGISTRAR_NONCE
]
8747 r_pk
= m2_attrs
[ATTR_PUBLIC_KEY
]
8749 authkey
,keywrapkey
= wsc_dh_kdf(r_pk
, own_private
, mac_addr
, e_nonce
,
8751 e_s1
,e_s2
,e_hash1
,e_hash2
= wsc_dev_pw_hash(authkey
, pin
, e_pk
, r_pk
)
8753 logger
.debug("Send WSC_ACK to AP")
8754 attrs
= '\x10\x00\x00'
8755 ack
= build_eap_wsc(2, msg
['eap_identifier'], attrs
, opcode
=WSC_ACK
)
8756 send_wsc_msg(hapd
, addr
, ack
)
8758 wps_wait_eap_failure(hapd
, dev
[0])
8761 def test_wps_ext_m2_ack(dev
, apdev
):
8762 """WPS proto: M2 followed by ACK"""
8764 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0], pin
=pin
)
8765 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
8766 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
8768 logger
.debug("Receive WSC/Start from AP")
8769 msg
= get_wsc_msg(hapd
)
8770 if msg
['wsc_opcode'] != WSC_Start
:
8771 raise Exception("Unexpected Op-Code for WSC/Start")
8773 mac_addr
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
8776 own_private
, e_pk
= wsc_dh_init()
8778 logger
.debug("Send M1 to AP")
8779 m1
, raw_m1_attrs
= build_m1(msg
['eap_identifier'], uuid_e
, mac_addr
,
8781 send_wsc_msg(hapd
, addr
, m1
)
8783 logger
.debug("Receive M2 from AP")
8784 msg
, m2_attrs
, raw_m2_attrs
= recv_wsc_msg(hapd
, WSC_MSG
, WPS_M2
)
8785 r_nonce
= m2_attrs
[ATTR_REGISTRAR_NONCE
]
8786 r_pk
= m2_attrs
[ATTR_PUBLIC_KEY
]
8788 authkey
,keywrapkey
= wsc_dh_kdf(r_pk
, own_private
, mac_addr
, e_nonce
,
8790 e_s1
,e_s2
,e_hash1
,e_hash2
= wsc_dev_pw_hash(authkey
, pin
, e_pk
, r_pk
)
8792 logger
.debug("Send WSC_ACK to AP")
8793 ack
,attrs
= build_ack(msg
['eap_identifier'], e_nonce
, r_nonce
, eap_code
=2)
8794 send_wsc_msg(hapd
, addr
, ack
)
8796 wps_wait_eap_failure(hapd
, dev
[0])
8799 def test_wps_ext_m2_ack_no_msg_type(dev
, apdev
):
8800 """WPS proto: M2 followed by ACK missing Msg Type"""
8802 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0], pin
=pin
)
8803 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
8804 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
8806 logger
.debug("Receive WSC/Start from AP")
8807 msg
= get_wsc_msg(hapd
)
8808 if msg
['wsc_opcode'] != WSC_Start
:
8809 raise Exception("Unexpected Op-Code for WSC/Start")
8811 mac_addr
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
8814 own_private
, e_pk
= wsc_dh_init()
8816 logger
.debug("Send M1 to AP")
8817 m1
, raw_m1_attrs
= build_m1(msg
['eap_identifier'], uuid_e
, mac_addr
,
8819 send_wsc_msg(hapd
, addr
, m1
)
8821 logger
.debug("Receive M2 from AP")
8822 msg
, m2_attrs
, raw_m2_attrs
= recv_wsc_msg(hapd
, WSC_MSG
, WPS_M2
)
8823 r_nonce
= m2_attrs
[ATTR_REGISTRAR_NONCE
]
8824 r_pk
= m2_attrs
[ATTR_PUBLIC_KEY
]
8826 authkey
,keywrapkey
= wsc_dh_kdf(r_pk
, own_private
, mac_addr
, e_nonce
,
8828 e_s1
,e_s2
,e_hash1
,e_hash2
= wsc_dev_pw_hash(authkey
, pin
, e_pk
, r_pk
)
8830 logger
.debug("Send WSC_ACK to AP")
8831 ack
,attrs
= build_ack(msg
['eap_identifier'], e_nonce
, r_nonce
,
8832 msg_type
=None, eap_code
=2)
8833 send_wsc_msg(hapd
, addr
, ack
)
8835 wps_wait_eap_failure(hapd
, dev
[0])
8838 def test_wps_ext_m2_ack_invalid_msg_type(dev
, apdev
):
8839 """WPS proto: M2 followed by ACK with invalid Msg Type"""
8841 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0], pin
=pin
)
8842 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
8843 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
8845 logger
.debug("Receive WSC/Start from AP")
8846 msg
= get_wsc_msg(hapd
)
8847 if msg
['wsc_opcode'] != WSC_Start
:
8848 raise Exception("Unexpected Op-Code for WSC/Start")
8850 mac_addr
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
8853 own_private
, e_pk
= wsc_dh_init()
8855 logger
.debug("Send M1 to AP")
8856 m1
, raw_m1_attrs
= build_m1(msg
['eap_identifier'], uuid_e
, mac_addr
,
8858 send_wsc_msg(hapd
, addr
, m1
)
8860 logger
.debug("Receive M2 from AP")
8861 msg
, m2_attrs
, raw_m2_attrs
= recv_wsc_msg(hapd
, WSC_MSG
, WPS_M2
)
8862 r_nonce
= m2_attrs
[ATTR_REGISTRAR_NONCE
]
8863 r_pk
= m2_attrs
[ATTR_PUBLIC_KEY
]
8865 authkey
,keywrapkey
= wsc_dh_kdf(r_pk
, own_private
, mac_addr
, e_nonce
,
8867 e_s1
,e_s2
,e_hash1
,e_hash2
= wsc_dev_pw_hash(authkey
, pin
, e_pk
, r_pk
)
8869 logger
.debug("Send WSC_ACK to AP")
8870 ack
,attrs
= build_ack(msg
['eap_identifier'], e_nonce
, r_nonce
,
8871 msg_type
=WPS_WSC_NACK
, eap_code
=2)
8872 send_wsc_msg(hapd
, addr
, ack
)
8874 wps_wait_eap_failure(hapd
, dev
[0])
8877 def test_wps_ext_m2_ack_e_nonce_mismatch(dev
, apdev
):
8878 """WPS proto: M2 followed by ACK with e-nonce mismatch"""
8880 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0], pin
=pin
)
8881 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
8882 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
8884 logger
.debug("Receive WSC/Start from AP")
8885 msg
= get_wsc_msg(hapd
)
8886 if msg
['wsc_opcode'] != WSC_Start
:
8887 raise Exception("Unexpected Op-Code for WSC/Start")
8889 mac_addr
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
8892 own_private
, e_pk
= wsc_dh_init()
8894 logger
.debug("Send M1 to AP")
8895 m1
, raw_m1_attrs
= build_m1(msg
['eap_identifier'], uuid_e
, mac_addr
,
8897 send_wsc_msg(hapd
, addr
, m1
)
8899 logger
.debug("Receive M2 from AP")
8900 msg
, m2_attrs
, raw_m2_attrs
= recv_wsc_msg(hapd
, WSC_MSG
, WPS_M2
)
8901 r_nonce
= m2_attrs
[ATTR_REGISTRAR_NONCE
]
8902 r_pk
= m2_attrs
[ATTR_PUBLIC_KEY
]
8904 authkey
,keywrapkey
= wsc_dh_kdf(r_pk
, own_private
, mac_addr
, e_nonce
,
8906 e_s1
,e_s2
,e_hash1
,e_hash2
= wsc_dev_pw_hash(authkey
, pin
, e_pk
, r_pk
)
8908 logger
.debug("Send WSC_ACK to AP")
8909 ack
,attrs
= build_ack(msg
['eap_identifier'], 16*'\x00', r_nonce
,
8911 send_wsc_msg(hapd
, addr
, ack
)
8913 wps_wait_eap_failure(hapd
, dev
[0])
8916 def test_wps_ext_m1_invalid(dev
, apdev
):
8917 """WPS proto: M1 failing parsing"""
8919 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0], pin
=pin
)
8920 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
8921 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
8923 logger
.debug("Receive WSC/Start from AP")
8924 msg
= get_wsc_msg(hapd
)
8925 if msg
['wsc_opcode'] != WSC_Start
:
8926 raise Exception("Unexpected Op-Code for WSC/Start")
8928 logger
.debug("Send M1 to AP")
8929 attrs
= '\x10\x00\x00'
8930 m1
= build_eap_wsc(2, msg
['eap_identifier'], attrs
)
8931 send_wsc_msg(hapd
, addr
, m1
)
8933 wps_wait_eap_failure(hapd
, dev
[0])
8935 def test_wps_ext_m1_missing_msg_type(dev
, apdev
):
8936 """WPS proto: M1 missing Msg Type"""
8938 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0], pin
=pin
)
8939 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
8940 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
8942 logger
.debug("Receive WSC/Start from AP")
8943 msg
= get_wsc_msg(hapd
)
8944 if msg
['wsc_opcode'] != WSC_Start
:
8945 raise Exception("Unexpected Op-Code for WSC/Start")
8947 logger
.debug("Send M1 to AP")
8948 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
8949 m1
= build_eap_wsc(2, msg
['eap_identifier'], attrs
)
8950 send_wsc_msg(hapd
, addr
, m1
)
8952 wps_wait_ap_nack(hapd
, dev
[0], 16*'\x00', 16*'\x00')
8954 def wps_ext_wsc_done(dev
, apdev
):
8956 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0], pin
=pin
)
8957 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
8958 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
8960 logger
.debug("Receive WSC/Start from AP")
8961 msg
= get_wsc_msg(hapd
)
8962 if msg
['wsc_opcode'] != WSC_Start
:
8963 raise Exception("Unexpected Op-Code for WSC/Start")
8965 mac_addr
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
8968 own_private
, e_pk
= wsc_dh_init()
8970 logger
.debug("Send M1 to AP")
8971 m1
, raw_m1_attrs
= build_m1(msg
['eap_identifier'], uuid_e
, mac_addr
,
8973 send_wsc_msg(hapd
, addr
, m1
)
8975 logger
.debug("Receive M2 from AP")
8976 msg
, m2_attrs
, raw_m2_attrs
= recv_wsc_msg(hapd
, WSC_MSG
, WPS_M2
)
8977 r_nonce
= m2_attrs
[ATTR_REGISTRAR_NONCE
]
8978 r_pk
= m2_attrs
[ATTR_PUBLIC_KEY
]
8980 authkey
,keywrapkey
= wsc_dh_kdf(r_pk
, own_private
, mac_addr
, e_nonce
,
8982 e_s1
,e_s2
,e_hash1
,e_hash2
= wsc_dev_pw_hash(authkey
, pin
, e_pk
, r_pk
)
8984 logger
.debug("Send M3 to AP")
8985 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
8986 attrs
+= build_attr_msg_type(WPS_M3
)
8987 attrs
+= build_wsc_attr(ATTR_REGISTRAR_NONCE
, r_nonce
)
8988 attrs
+= build_wsc_attr(ATTR_E_HASH1
, e_hash1
)
8989 attrs
+= build_wsc_attr(ATTR_E_HASH2
, e_hash2
)
8990 attrs
+= build_attr_authenticator(authkey
, raw_m2_attrs
, attrs
)
8991 raw_m3_attrs
= attrs
8992 m3
= build_eap_wsc(2, msg
['eap_identifier'], attrs
)
8993 send_wsc_msg(hapd
, addr
, m3
)
8995 logger
.debug("Receive M4 from AP")
8996 msg
, m4_attrs
, raw_m4_attrs
= recv_wsc_msg(hapd
, WSC_MSG
, WPS_M4
)
8998 logger
.debug("Send M5 to AP")
8999 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
9000 attrs
+= build_attr_msg_type(WPS_M5
)
9001 attrs
+= build_wsc_attr(ATTR_REGISTRAR_NONCE
, r_nonce
)
9002 data
= build_wsc_attr(ATTR_E_SNONCE1
, e_s1
)
9003 attrs
+= build_attr_encr_settings(authkey
, keywrapkey
, data
)
9004 attrs
+= build_attr_authenticator(authkey
, raw_m4_attrs
, attrs
)
9005 raw_m5_attrs
= attrs
9006 m5
= build_eap_wsc(2, msg
['eap_identifier'], attrs
)
9007 send_wsc_msg(hapd
, addr
, m5
)
9009 logger
.debug("Receive M6 from AP")
9010 msg
, m6_attrs
, raw_m6_attrs
= recv_wsc_msg(hapd
, WSC_MSG
, WPS_M6
)
9012 logger
.debug("Send M7 to AP")
9013 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
9014 attrs
+= build_attr_msg_type(WPS_M7
)
9015 attrs
+= build_wsc_attr(ATTR_REGISTRAR_NONCE
, r_nonce
)
9016 data
= build_wsc_attr(ATTR_E_SNONCE2
, e_s2
)
9017 attrs
+= build_attr_encr_settings(authkey
, keywrapkey
, data
)
9018 attrs
+= build_attr_authenticator(authkey
, raw_m6_attrs
, attrs
)
9019 m7
= build_eap_wsc(2, msg
['eap_identifier'], attrs
)
9020 raw_m7_attrs
= attrs
9021 send_wsc_msg(hapd
, addr
, m7
)
9023 logger
.debug("Receive M8 from AP")
9024 msg
, m8_attrs
, raw_m8_attrs
= recv_wsc_msg(hapd
, WSC_MSG
, WPS_M8
)
9025 return hapd
, msg
, e_nonce
, r_nonce
9028 def test_wps_ext_wsc_done_invalid(dev
, apdev
):
9029 """WPS proto: invalid WSC_Done"""
9030 hapd
, msg
, e_nonce
, r_nonce
= wps_ext_wsc_done(dev
, apdev
)
9032 logger
.debug("Send WSC_Done to AP")
9033 attrs
= '\x10\x00\x00'
9034 wsc_done
= build_eap_wsc(2, msg
['eap_identifier'], attrs
, opcode
=WSC_Done
)
9035 send_wsc_msg(hapd
, dev
[0].own_addr(), wsc_done
)
9037 wps_wait_eap_failure(hapd
, dev
[0])
9040 def test_wps_ext_wsc_done_no_msg_type(dev
, apdev
):
9041 """WPS proto: invalid WSC_Done"""
9042 hapd
, msg
, e_nonce
, r_nonce
= wps_ext_wsc_done(dev
, apdev
)
9044 logger
.debug("Send WSC_Done to AP")
9045 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
9046 #attrs += build_attr_msg_type(WPS_WSC_DONE)
9047 attrs
+= build_wsc_attr(ATTR_ENROLLEE_NONCE
, e_nonce
)
9048 attrs
+= build_wsc_attr(ATTR_REGISTRAR_NONCE
, r_nonce
)
9049 wsc_done
= build_eap_wsc(2, msg
['eap_identifier'], attrs
, opcode
=WSC_Done
)
9050 send_wsc_msg(hapd
, dev
[0].own_addr(), wsc_done
)
9052 wps_wait_eap_failure(hapd
, dev
[0])
9055 def test_wps_ext_wsc_done_wrong_msg_type(dev
, apdev
):
9056 """WPS proto: WSC_Done with wrong Msg Type"""
9057 hapd
, msg
, e_nonce
, r_nonce
= wps_ext_wsc_done(dev
, apdev
)
9059 logger
.debug("Send WSC_Done to AP")
9060 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
9061 attrs
+= build_attr_msg_type(WPS_WSC_ACK
)
9062 attrs
+= build_wsc_attr(ATTR_ENROLLEE_NONCE
, e_nonce
)
9063 attrs
+= build_wsc_attr(ATTR_REGISTRAR_NONCE
, r_nonce
)
9064 wsc_done
= build_eap_wsc(2, msg
['eap_identifier'], attrs
, opcode
=WSC_Done
)
9065 send_wsc_msg(hapd
, dev
[0].own_addr(), wsc_done
)
9067 wps_wait_eap_failure(hapd
, dev
[0])
9070 def test_wps_ext_wsc_done_no_e_nonce(dev
, apdev
):
9071 """WPS proto: WSC_Done without e_nonce"""
9072 hapd
, msg
, e_nonce
, r_nonce
= wps_ext_wsc_done(dev
, apdev
)
9074 logger
.debug("Send WSC_Done to AP")
9075 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
9076 attrs
+= build_attr_msg_type(WPS_WSC_DONE
)
9077 #attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
9078 attrs
+= build_wsc_attr(ATTR_REGISTRAR_NONCE
, r_nonce
)
9079 wsc_done
= build_eap_wsc(2, msg
['eap_identifier'], attrs
, opcode
=WSC_Done
)
9080 send_wsc_msg(hapd
, dev
[0].own_addr(), wsc_done
)
9082 wps_wait_eap_failure(hapd
, dev
[0])
9084 def test_wps_ext_wsc_done_no_r_nonce(dev
, apdev
):
9085 """WPS proto: WSC_Done without r_nonce"""
9086 hapd
, msg
, e_nonce
, r_nonce
= wps_ext_wsc_done(dev
, apdev
)
9088 logger
.debug("Send WSC_Done to AP")
9089 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
9090 attrs
+= build_attr_msg_type(WPS_WSC_DONE
)
9091 attrs
+= build_wsc_attr(ATTR_ENROLLEE_NONCE
, e_nonce
)
9092 #attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
9093 wsc_done
= build_eap_wsc(2, msg
['eap_identifier'], attrs
, opcode
=WSC_Done
)
9094 send_wsc_msg(hapd
, dev
[0].own_addr(), wsc_done
)
9096 wps_wait_eap_failure(hapd
, dev
[0])
9099 def test_wps_ext_m7_no_encr_settings(dev
, apdev
):
9100 """WPS proto: M7 without Encr Settings"""
9102 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0], pin
=pin
)
9103 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
9104 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
9106 logger
.debug("Receive WSC/Start from AP")
9107 msg
= get_wsc_msg(hapd
)
9108 if msg
['wsc_opcode'] != WSC_Start
:
9109 raise Exception("Unexpected Op-Code for WSC/Start")
9111 mac_addr
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
9114 own_private
, e_pk
= wsc_dh_init()
9116 logger
.debug("Send M1 to AP")
9117 m1
, raw_m1_attrs
= build_m1(msg
['eap_identifier'], uuid_e
, mac_addr
,
9119 send_wsc_msg(hapd
, addr
, m1
)
9121 logger
.debug("Receive M2 from AP")
9122 msg
, m2_attrs
, raw_m2_attrs
= recv_wsc_msg(hapd
, WSC_MSG
, WPS_M2
)
9123 r_nonce
= m2_attrs
[ATTR_REGISTRAR_NONCE
]
9124 r_pk
= m2_attrs
[ATTR_PUBLIC_KEY
]
9126 authkey
,keywrapkey
= wsc_dh_kdf(r_pk
, own_private
, mac_addr
, e_nonce
,
9128 e_s1
,e_s2
,e_hash1
,e_hash2
= wsc_dev_pw_hash(authkey
, pin
, e_pk
, r_pk
)
9130 logger
.debug("Send M3 to AP")
9131 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
9132 attrs
+= build_attr_msg_type(WPS_M3
)
9133 attrs
+= build_wsc_attr(ATTR_REGISTRAR_NONCE
, r_nonce
)
9134 attrs
+= build_wsc_attr(ATTR_E_HASH1
, e_hash1
)
9135 attrs
+= build_wsc_attr(ATTR_E_HASH2
, e_hash2
)
9136 attrs
+= build_attr_authenticator(authkey
, raw_m2_attrs
, attrs
)
9137 raw_m3_attrs
= attrs
9138 m3
= build_eap_wsc(2, msg
['eap_identifier'], attrs
)
9139 send_wsc_msg(hapd
, addr
, m3
)
9141 logger
.debug("Receive M4 from AP")
9142 msg
, m4_attrs
, raw_m4_attrs
= recv_wsc_msg(hapd
, WSC_MSG
, WPS_M4
)
9144 logger
.debug("Send M5 to AP")
9145 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
9146 attrs
+= build_attr_msg_type(WPS_M5
)
9147 attrs
+= build_wsc_attr(ATTR_REGISTRAR_NONCE
, r_nonce
)
9148 data
= build_wsc_attr(ATTR_E_SNONCE1
, e_s1
)
9149 attrs
+= build_attr_encr_settings(authkey
, keywrapkey
, data
)
9150 attrs
+= build_attr_authenticator(authkey
, raw_m4_attrs
, attrs
)
9151 raw_m5_attrs
= attrs
9152 m5
= build_eap_wsc(2, msg
['eap_identifier'], attrs
)
9153 send_wsc_msg(hapd
, addr
, m5
)
9155 logger
.debug("Receive M6 from AP")
9156 msg
, m6_attrs
, raw_m6_attrs
= recv_wsc_msg(hapd
, WSC_MSG
, WPS_M6
)
9158 logger
.debug("Send M7 to AP")
9159 attrs
= build_wsc_attr(ATTR_VERSION
, '\x10')
9160 attrs
+= build_attr_msg_type(WPS_M7
)
9161 attrs
+= build_wsc_attr(ATTR_REGISTRAR_NONCE
, r_nonce
)
9162 #data = build_wsc_attr(ATTR_E_SNONCE2, e_s2)
9163 #attrs += build_attr_encr_settings(authkey, keywrapkey, data)
9164 attrs
+= build_attr_authenticator(authkey
, raw_m6_attrs
, attrs
)
9165 m7
= build_eap_wsc(2, msg
['eap_identifier'], attrs
)
9166 raw_m7_attrs
= attrs
9167 send_wsc_msg(hapd
, addr
, m7
)
9169 wps_wait_ap_nack(hapd
, dev
[0], e_nonce
, r_nonce
)
9172 def test_wps_ext_m1_workaround(dev
, apdev
):
9173 """WPS proto: M1 Manufacturer/Model workaround"""
9175 addr
,bssid
,hapd
= wps_start_ext(apdev
[0], dev
[0], pin
=pin
)
9176 wps_ext_eap_identity_req(dev
[0], hapd
, bssid
)
9177 wps_ext_eap_identity_resp(hapd
, dev
[0], addr
)
9179 logger
.debug("Receive WSC/Start from AP")
9180 msg
= get_wsc_msg(hapd
)
9181 if msg
['wsc_opcode'] != WSC_Start
:
9182 raise Exception("Unexpected Op-Code for WSC/Start")
9184 mac_addr
= binascii
.unhexlify(dev
[0].own_addr().replace(':', ''))
9187 own_private
, e_pk
= wsc_dh_init()
9189 logger
.debug("Send M1 to AP")
9190 m1
, raw_m1_attrs
= build_m1(msg
['eap_identifier'], uuid_e
, mac_addr
,
9191 e_nonce
, e_pk
, manufacturer
='Apple TEST',
9192 model_name
='AirPort', config_methods
='\xff\xff')
9193 send_wsc_msg(hapd
, addr
, m1
)
9195 logger
.debug("Receive M2 from AP")
9196 msg
, m2_attrs
, raw_m2_attrs
= recv_wsc_msg(hapd
, WSC_MSG
, WPS_M2
)
9199 def test_ap_wps_disable_enable(dev
, apdev
):
9200 """WPS and DISABLE/ENABLE AP"""
9201 hapd
= wps_start_ap(apdev
[0])
9204 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
="2412")
9206 def test_ap_wps_upnp_web_oom(dev
, apdev
, params
):
9207 """hostapd WPS UPnP web OOM"""
9208 ap_uuid
= "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
9209 hapd
= add_ssdp_ap(apdev
[0], ap_uuid
)
9211 location
= ssdp_get_location(ap_uuid
)
9212 url
= urlparse
.urlparse(location
)
9213 urls
= upnp_get_urls(location
)
9214 eventurl
= urlparse
.urlparse(urls
['event_sub_url'])
9215 ctrlurl
= urlparse
.urlparse(urls
['control_url'])
9217 conn
= httplib
.HTTPConnection(url
.netloc
)
9218 with
alloc_fail(hapd
, 1, "web_connection_parse_get"):
9219 conn
.request("GET", "/wps_device.xml")
9221 resp
= conn
.getresponse()
9225 conn
= httplib
.HTTPConnection(url
.netloc
)
9226 conn
.request("GET", "/unknown")
9227 resp
= conn
.getresponse()
9228 if resp
.status
!= 404:
9229 raise Exception("Unexpected HTTP result for unknown URL: %d" + resp
.status
)
9231 with
alloc_fail(hapd
, 1, "web_connection_parse_get"):
9232 conn
.request("GET", "/unknown")
9234 resp
= conn
.getresponse()
9239 conn
= httplib
.HTTPConnection(url
.netloc
)
9240 conn
.request("GET", "/wps_device.xml")
9241 resp
= conn
.getresponse()
9242 if resp
.status
!= 200:
9243 raise Exception("GET /wps_device.xml failed")
9245 conn
= httplib
.HTTPConnection(url
.netloc
)
9246 resp
= upnp_soap_action(conn
, ctrlurl
.path
, "GetDeviceInfo")
9247 if resp
.status
!= 200:
9248 raise Exception("GetDeviceInfo failed")
9250 with
alloc_fail(hapd
, 1, "web_process_get_device_info"):
9251 conn
= httplib
.HTTPConnection(url
.netloc
)
9252 resp
= upnp_soap_action(conn
, ctrlurl
.path
, "GetDeviceInfo")
9253 if resp
.status
!= 500:
9254 raise Exception("Internal error not reported from GetDeviceInfo OOM")
9256 with
alloc_fail(hapd
, 1, "wps_build_m1;web_process_get_device_info"):
9257 conn
= httplib
.HTTPConnection(url
.netloc
)
9258 resp
= upnp_soap_action(conn
, ctrlurl
.path
, "GetDeviceInfo")
9259 if resp
.status
!= 500:
9260 raise Exception("Internal error not reported from GetDeviceInfo OOM")
9262 with
alloc_fail(hapd
, 1, "wpabuf_alloc;web_connection_send_reply"):
9263 conn
= httplib
.HTTPConnection(url
.netloc
)
9265 resp
= upnp_soap_action(conn
, ctrlurl
.path
, "GetDeviceInfo")
9269 conn
= httplib
.HTTPConnection(url
.netloc
)
9270 resp
= upnp_soap_action(conn
, ctrlurl
.path
, "GetDeviceInfo")
9271 if resp
.status
!= 200:
9272 raise Exception("GetDeviceInfo failed")
9274 # No NewWLANEventType in PutWLANResponse NewMessage
9275 conn
= httplib
.HTTPConnection(url
.netloc
)
9276 resp
= upnp_soap_action(conn
, ctrlurl
.path
, "PutWLANResponse", newmsg
="foo")
9277 if resp
.status
!= 600:
9278 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
9280 # No NewWLANEventMAC in PutWLANResponse NewMessage
9281 conn
= httplib
.HTTPConnection(url
.netloc
)
9282 resp
= upnp_soap_action(conn
, ctrlurl
.path
, "PutWLANResponse",
9283 newmsg
="foo", neweventtype
="1")
9284 if resp
.status
!= 600:
9285 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
9287 # Invalid NewWLANEventMAC in PutWLANResponse NewMessage
9288 conn
= httplib
.HTTPConnection(url
.netloc
)
9289 resp
= upnp_soap_action(conn
, ctrlurl
.path
, "PutWLANResponse",
9290 newmsg
="foo", neweventtype
="1",
9292 if resp
.status
!= 600:
9293 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
9295 # Workaround for NewWLANEventMAC in PutWLANResponse NewMessage
9296 # Ignored unexpected PutWLANResponse WLANEventType 1
9297 conn
= httplib
.HTTPConnection(url
.netloc
)
9298 resp
= upnp_soap_action(conn
, ctrlurl
.path
, "PutWLANResponse",
9299 newmsg
="foo", neweventtype
="1",
9300 neweventmac
="00.11.22.33.44.55")
9301 if resp
.status
!= 500:
9302 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
9304 # PutWLANResponse NewMessage with invalid EAP message
9305 conn
= httplib
.HTTPConnection(url
.netloc
)
9306 resp
= upnp_soap_action(conn
, ctrlurl
.path
, "PutWLANResponse",
9307 newmsg
="foo", neweventtype
="2",
9308 neweventmac
="00:11:22:33:44:55")
9309 if resp
.status
!= 200:
9310 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
9312 with
alloc_fail(hapd
, 1, "web_connection_parse_subscribe"):
9313 conn
= httplib
.HTTPConnection(url
.netloc
)
9314 headers
= { "callback": '<http://127.0.0.1:12345/event>',
9316 "timeout": "Second-1234" }
9317 conn
.request("SUBSCRIBE", eventurl
.path
, "\r\n\r\n", headers
)
9319 resp
= conn
.getresponse()
9323 with
alloc_fail(hapd
, 1, "dup_binstr;web_connection_parse_subscribe"):
9324 conn
= httplib
.HTTPConnection(url
.netloc
)
9325 headers
= { "callback": '<http://127.0.0.1:12345/event>',
9327 "timeout": "Second-1234" }
9328 conn
.request("SUBSCRIBE", eventurl
.path
, "\r\n\r\n", headers
)
9329 resp
= conn
.getresponse()
9330 if resp
.status
!= 500:
9331 raise Exception("Unexpected HTTP response: %d" % resp
.status
)
9333 with
alloc_fail(hapd
, 1, "wpabuf_alloc;web_connection_parse_unsubscribe"):
9334 conn
= httplib
.HTTPConnection(url
.netloc
)
9335 headers
= { "callback": '<http://127.0.0.1:12345/event>',
9337 "timeout": "Second-1234" }
9338 conn
.request("UNSUBSCRIBE", eventurl
.path
, "\r\n\r\n", headers
)
9340 resp
= conn
.getresponse()
9344 with
alloc_fail(hapd
, 1, "web_connection_unimplemented"):
9345 conn
= httplib
.HTTPConnection(url
.netloc
)
9346 conn
.request("HEAD", "/wps_device.xml")
9348 resp
= conn
.getresponse()
9352 def test_ap_wps_frag_ack_oom(dev
, apdev
):
9353 """WPS and fragment ack OOM"""
9354 dev
[0].request("SET wps_fragment_size 50")
9355 hapd
= wps_start_ap(apdev
[0])
9356 with
alloc_fail(hapd
, 1, "eap_wsc_build_frag_ack"):
9357 wps_run_pbc_fail_ap(apdev
[0], dev
[0], hapd
)
9359 def wait_scan_stopped(dev
):
9360 dev
.request("ABORT_SCAN")
9362 res
= dev
.get_driver_status_field("scan_state")
9363 if "SCAN_STARTED" not in res
and "SCAN_REQUESTED" not in res
:
9365 logger
.debug("Waiting for scan to complete")
9369 def test_ap_wps_eap_wsc_errors(dev
, apdev
):
9370 """WPS and EAP-WSC error cases"""
9371 ssid
= "test-wps-conf-pin"
9373 params
= { "ssid": ssid
, "eap_server": "1", "wps_state": "2",
9374 "wpa_passphrase": "12345678", "wpa": "2",
9375 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
9376 "fragment_size": "300", "ap_pin": appin
}
9377 hapd
= hostapd
.add_ap(apdev
[0], params
)
9378 bssid
= apdev
[0]['bssid']
9380 pin
= dev
[0].wps_read_pin()
9381 hapd
.request("WPS_PIN any " + pin
)
9382 dev
[0].scan_for_bss(apdev
[0]['bssid'], freq
="2412")
9383 dev
[0].dump_monitor()
9385 dev
[0].wps_reg(bssid
, appin
+ " new_ssid=a", "new ssid", "WPA2PSK", "CCMP",
9386 "new passphrase", no_wait
=True)
9387 ev
= dev
[0].wait_event(["WPS-FAIL"], timeout
=10)
9389 raise Exception("WPS-FAIL not reported")
9390 dev
[0].request("WPS_CANCEL")
9391 dev
[0].wait_disconnected()
9392 wait_scan_stopped(dev
[0])
9393 dev
[0].dump_monitor()
9395 dev
[0].wps_reg(bssid
, appin
, "new ssid", "FOO", "CCMP",
9396 "new passphrase", no_wait
=True)
9397 ev
= dev
[0].wait_event(["WPS-FAIL"], timeout
=10)
9399 raise Exception("WPS-FAIL not reported")
9400 dev
[0].request("WPS_CANCEL")
9401 dev
[0].wait_disconnected()
9402 wait_scan_stopped(dev
[0])
9403 dev
[0].dump_monitor()
9405 dev
[0].wps_reg(bssid
, appin
, "new ssid", "WPA2PSK", "FOO",
9406 "new passphrase", no_wait
=True)
9407 ev
= dev
[0].wait_event(["WPS-FAIL"], timeout
=10)
9409 raise Exception("WPS-FAIL not reported")
9410 dev
[0].request("WPS_CANCEL")
9411 dev
[0].wait_disconnected()
9412 wait_scan_stopped(dev
[0])
9413 dev
[0].dump_monitor()
9415 dev
[0].wps_reg(bssid
, appin
+ "new_key=a", "new ssid", "WPA2PSK", "CCMP",
9416 "new passphrase", no_wait
=True)
9417 ev
= dev
[0].wait_event(["WPS-FAIL"], timeout
=10)
9419 raise Exception("WPS-FAIL not reported")
9420 dev
[0].request("WPS_CANCEL")
9421 dev
[0].wait_disconnected()
9422 wait_scan_stopped(dev
[0])
9423 dev
[0].dump_monitor()
9425 tests
= [ "eap_wsc_init",
9426 "eap_msg_alloc;eap_wsc_build_msg",
9427 "wpabuf_alloc;eap_wsc_process_fragment" ]
9429 with
alloc_fail(dev
[0], 1, func
):
9430 dev
[0].request("WPS_PIN %s %s" % (bssid
, pin
))
9431 wait_fail_trigger(dev
[0], "GET_ALLOC_FAIL")
9432 dev
[0].request("WPS_CANCEL")
9433 dev
[0].wait_disconnected()
9434 wait_scan_stopped(dev
[0])
9435 dev
[0].dump_monitor()
9437 with
alloc_fail(dev
[0], 1, "eap_msg_alloc;eap_sm_build_expanded_nak"):
9438 dev
[0].wps_reg(bssid
, appin
+ " new_ssid=a", "new ssid", "WPA2PSK",
9439 "CCMP", "new passphrase", no_wait
=True)
9440 wait_fail_trigger(dev
[0], "GET_ALLOC_FAIL")
9441 dev
[0].request("WPS_CANCEL")
9442 dev
[0].wait_disconnected()
9443 wait_scan_stopped(dev
[0])
9444 dev
[0].dump_monitor()
9446 def test_ap_wps_eap_wsc(dev
, apdev
):
9447 """WPS and EAP-WSC in network profile"""
9448 params
= int_eap_server_params()
9449 params
["wps_state"] = "2"
9450 hapd
= hostapd
.add_ap(apdev
[0], params
)
9451 bssid
= apdev
[0]['bssid']
9453 logger
.info("Unexpected identity")
9454 dev
[0].connect("test-wpa2-eap", key_mgmt
="WPA-EAP", scan_freq
="2412",
9455 eap
="WSC", identity
="WFA-SimpleConfig-Enrollee-unexpected",
9457 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout
=5)
9459 raise Exception("No EAP-Failure seen")
9460 dev
[0].request("REMOVE_NETWORK all")
9461 dev
[0].wait_disconnected()
9463 logger
.info("No phase1 parameter")
9464 dev
[0].connect("test-wpa2-eap", key_mgmt
="WPA-EAP", scan_freq
="2412",
9465 eap
="WSC", identity
="WFA-SimpleConfig-Enrollee-1-0",
9467 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout
=5)
9469 raise Exception("Timeout on EAP method start")
9470 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout
=5)
9472 raise Exception("No EAP-Failure seen")
9473 dev
[0].request("REMOVE_NETWORK all")
9474 dev
[0].wait_disconnected()
9476 logger
.info("No PIN/PBC in phase1")
9477 dev
[0].connect("test-wpa2-eap", key_mgmt
="WPA-EAP", scan_freq
="2412",
9478 eap
="WSC", identity
="WFA-SimpleConfig-Enrollee-1-0",
9479 phase1
="foo", wait_connect
=False)
9480 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout
=5)
9482 raise Exception("Timeout on EAP method start")
9483 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout
=5)
9485 raise Exception("No EAP-Failure seen")
9486 dev
[0].request("REMOVE_NETWORK all")
9487 dev
[0].wait_disconnected()
9489 logger
.info("Invalid pkhash in phase1")
9490 dev
[0].connect("test-wpa2-eap", key_mgmt
="WPA-EAP", scan_freq
="2412",
9491 eap
="WSC", identity
="WFA-SimpleConfig-Enrollee-1-0",
9492 phase1
="foo pkhash=q pbc=1", wait_connect
=False)
9493 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout
=5)
9495 raise Exception("Timeout on EAP method start")
9496 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout
=5)
9498 raise Exception("No EAP-Failure seen")
9499 dev
[0].request("REMOVE_NETWORK all")
9500 dev
[0].wait_disconnected()
9502 logger
.info("Zero fragment_size")
9503 dev
[0].connect("test-wpa2-eap", key_mgmt
="WPA-EAP", scan_freq
="2412",
9504 eap
="WSC", identity
="WFA-SimpleConfig-Enrollee-1-0",
9505 fragment_size
="0", phase1
="pin=12345670", wait_connect
=False)
9506 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout
=5)
9508 raise Exception("Timeout on EAP method start")
9509 ev
= dev
[0].wait_event(["WPS-M2D"], timeout
=5)
9511 raise Exception("No M2D seen")
9512 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout
=5)
9514 raise Exception("No EAP-Failure seen")
9515 dev
[0].request("REMOVE_NETWORK all")
9516 dev
[0].wait_disconnected()
9518 logger
.info("Missing new_auth")
9519 dev
[0].connect("test-wpa2-eap", key_mgmt
="WPA-EAP", scan_freq
="2412",
9520 eap
="WSC", identity
="WFA-SimpleConfig-Enrollee-1-0",
9521 phase1
="pin=12345670 new_ssid=aa", wait_connect
=False)
9522 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout
=5)
9524 raise Exception("Timeout on EAP method start")
9525 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout
=5)
9527 raise Exception("No EAP-Failure seen")
9528 dev
[0].request("REMOVE_NETWORK all")
9529 dev
[0].wait_disconnected()
9531 logger
.info("Missing new_encr")
9532 dev
[0].connect("test-wpa2-eap", key_mgmt
="WPA-EAP", scan_freq
="2412",
9533 eap
="WSC", identity
="WFA-SimpleConfig-Enrollee-1-0",
9534 phase1
="pin=12345670 new_auth=WPA2PSK new_ssid=aa", wait_connect
=False)
9535 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout
=5)
9537 raise Exception("Timeout on EAP method start")
9538 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout
=5)
9540 raise Exception("No EAP-Failure seen")
9541 dev
[0].request("REMOVE_NETWORK all")
9542 dev
[0].wait_disconnected()
9544 logger
.info("Missing new_key")
9545 dev
[0].connect("test-wpa2-eap", key_mgmt
="WPA-EAP", scan_freq
="2412",
9546 eap
="WSC", identity
="WFA-SimpleConfig-Enrollee-1-0",
9547 phase1
="pin=12345670 new_auth=WPA2PSK new_ssid=aa new_encr=CCMP",
9549 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout
=5)
9551 raise Exception("Timeout on EAP method start")
9552 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout
=5)
9554 raise Exception("No EAP-Failure seen")
9555 dev
[0].request("REMOVE_NETWORK all")
9556 dev
[0].wait_disconnected()
9558 def test_ap_wps_and_bss_limit(dev
, apdev
):
9559 """WPS and wpa_supplicant BSS entry limit"""
9561 _test_ap_wps_and_bss_limit(dev
, apdev
)
9563 dev
[0].request("SET bss_max_count 200")
9566 def _test_ap_wps_and_bss_limit(dev
, apdev
):
9567 params
= { "ssid": "test-wps", "eap_server": "1", "wps_state": "2",
9568 "wpa_passphrase": "12345678", "wpa": "2",
9569 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP" }
9570 hapd
= hostapd
.add_ap(apdev
[0], params
)
9572 params
= { "ssid": "test-wps-2", "eap_server": "1", "wps_state": "2",
9573 "wpa_passphrase": "1234567890", "wpa": "2",
9574 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP" }
9575 hapd2
= hostapd
.add_ap(apdev
[1], params
)
9577 id = dev
[1].add_network()
9578 dev
[1].set_network(id, "mode", "2")
9579 dev
[1].set_network_quoted(id, "ssid", "wpas-ap-no-wps")
9580 dev
[1].set_network_quoted(id, "psk", "12345678")
9581 dev
[1].set_network(id, "frequency", "2462")
9582 dev
[1].set_network(id, "scan_freq", "2462")
9583 dev
[1].set_network(id, "wps_disabled", "1")
9584 dev
[1].select_network(id)
9586 id = dev
[2].add_network()
9587 dev
[2].set_network(id, "mode", "2")
9588 dev
[2].set_network_quoted(id, "ssid", "wpas-ap")
9589 dev
[2].set_network_quoted(id, "psk", "12345678")
9590 dev
[2].set_network(id, "frequency", "2437")
9591 dev
[2].set_network(id, "scan_freq", "2437")
9592 dev
[2].select_network(id)
9594 wpas
= WpaSupplicant(global_iface
='/tmp/wpas-wlan5')
9595 wpas
.interface_add("wlan5")
9596 id = wpas
.add_network()
9597 wpas
.set_network(id, "mode", "2")
9598 wpas
.set_network_quoted(id, "ssid", "wpas-ap")
9599 wpas
.set_network_quoted(id, "psk", "12345678")
9600 wpas
.set_network(id, "frequency", "2437")
9601 wpas
.set_network(id, "scan_freq", "2437")
9602 wpas
.select_network(id)
9604 dev
[1].wait_connected()
9605 dev
[2].wait_connected()
9606 wpas
.wait_connected()
9607 wpas
.request("WPS_PIN any 12345670")
9609 hapd
.request("WPS_PBC")
9610 hapd2
.request("WPS_PBC")
9612 dev
[0].request("SET bss_max_count 1")
9614 id = dev
[0].add_network()
9615 dev
[0].set_network_quoted(id, "ssid", "testing")
9617 id = dev
[0].add_network()
9618 dev
[0].set_network_quoted(id, "ssid", "testing")
9619 dev
[0].set_network(id, "key_mgmt", "WPS")
9621 dev
[0].request("WPS_PBC")
9622 ev
= dev
[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout
=10)
9623 dev
[0].request("WPS_CANCEL")
9625 id = dev
[0].add_network()
9626 dev
[0].set_network_quoted(id, "ssid", "testing")
9627 dev
[0].set_network(id, "key_mgmt", "WPS")
9629 dev
[0].scan(freq
="2412")