]> git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_ap_wps.py
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tests: Verify EAP-WSC fragmentation and mixed mode WPA+WPA2
[thirdparty/hostap.git] / tests / hwsim / test_ap_wps.py
1 #!/usr/bin/python
2 #
3 # WPS tests
4 # Copyright (c) 2013, Jouni Malinen <j@w1.fi>
5 #
6 # This software may be distributed under the terms of the BSD license.
7 # See README for more details.
8
9 import time
10 import subprocess
11 import logging
12 logger = logging.getLogger()
13
14 import hwsim_utils
15 import hostapd
16
17 def test_ap_wps_init(dev, apdev):
18 """Initial AP configuration with first WPS Enrollee"""
19 ssid = "test-wps"
20 hostapd.add_ap(apdev[0]['ifname'],
21 { "ssid": ssid, "eap_server": "1", "wps_state": "1" })
22 hapd = hostapd.Hostapd(apdev[0]['ifname'])
23 logger.info("WPS provisioning step")
24 hapd.request("WPS_PBC")
25 dev[0].request("SET ignore_old_scan_res 1")
26 dev[0].dump_monitor()
27 dev[0].request("WPS_PBC")
28 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=30)
29 if ev is None:
30 raise Exception("Association with the AP timed out")
31 status = dev[0].get_status()
32 if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
33 raise Exception("Not fully connected")
34 if status['ssid'] != ssid:
35 raise Exception("Unexpected SSID")
36 if status['pairwise_cipher'] != 'CCMP':
37 raise Exception("Unexpected encryption configuration")
38 if status['key_mgmt'] != 'WPA2-PSK':
39 raise Exception("Unexpected key_mgmt")
40
41 def test_ap_wps_conf(dev, apdev):
42 """WPS PBC provisioning with configured AP"""
43 ssid = "test-wps-conf"
44 hostapd.add_ap(apdev[0]['ifname'],
45 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
46 "wpa_passphrase": "12345678", "wpa": "2",
47 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
48 hapd = hostapd.Hostapd(apdev[0]['ifname'])
49 logger.info("WPS provisioning step")
50 hapd.request("WPS_PBC")
51 dev[0].dump_monitor()
52 dev[0].request("WPS_PBC")
53 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=30)
54 if ev is None:
55 raise Exception("Association with the AP timed out")
56 status = dev[0].get_status()
57 if status['wpa_state'] != 'COMPLETED':
58 raise Exception("Not fully connected")
59 if status['bssid'] != apdev[0]['bssid']:
60 raise Exception("Unexpected BSSID")
61 if status['ssid'] != ssid:
62 raise Exception("Unexpected SSID")
63 if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'CCMP':
64 raise Exception("Unexpected encryption configuration")
65 if status['key_mgmt'] != 'WPA2-PSK':
66 raise Exception("Unexpected key_mgmt")
67
68 def test_ap_wps_twice(dev, apdev):
69 """WPS provisioning with twice to change passphrase"""
70 ssid = "test-wps-twice"
71 params = { "ssid": ssid, "eap_server": "1", "wps_state": "2",
72 "wpa_passphrase": "12345678", "wpa": "2",
73 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP" }
74 hostapd.add_ap(apdev[0]['ifname'], params)
75 hapd = hostapd.Hostapd(apdev[0]['ifname'])
76 logger.info("WPS provisioning step")
77 hapd.request("WPS_PBC")
78 dev[0].request("SET ignore_old_scan_res 1")
79 dev[0].dump_monitor()
80 dev[0].request("WPS_PBC")
81 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=30)
82 if ev is None:
83 raise Exception("Association with the AP timed out")
84 dev[0].request("DISCONNECT")
85
86 logger.info("Restart AP with different passphrase and re-run WPS")
87 hapd_global = hostapd.HostapdGlobal()
88 hapd_global.remove(apdev[0]['ifname'])
89 params['wpa_passphrase'] = 'another passphrase'
90 hostapd.add_ap(apdev[0]['ifname'], params)
91 hapd = hostapd.Hostapd(apdev[0]['ifname'])
92 logger.info("WPS provisioning step")
93 hapd.request("WPS_PBC")
94 dev[0].dump_monitor()
95 dev[0].request("WPS_PBC")
96 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=30)
97 if ev is None:
98 raise Exception("Association with the AP timed out")
99 networks = dev[0].list_networks()
100 if len(networks) > 1:
101 raise Exception("Unexpected duplicated network block present")
102
103 def test_ap_wps_conf_pin(dev, apdev):
104 """WPS PIN provisioning with configured AP"""
105 ssid = "test-wps-conf-pin"
106 hostapd.add_ap(apdev[0]['ifname'],
107 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
108 "wpa_passphrase": "12345678", "wpa": "2",
109 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
110 hapd = hostapd.Hostapd(apdev[0]['ifname'])
111 logger.info("WPS provisioning step")
112 pin = dev[0].wps_read_pin()
113 hapd.request("WPS_PIN any " + pin)
114 dev[0].request("SET ignore_old_scan_res 1")
115 dev[0].dump_monitor()
116 dev[0].request("WPS_PIN any " + pin)
117 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=30)
118 if ev is None:
119 raise Exception("Association with the AP timed out")
120 status = dev[0].get_status()
121 if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
122 raise Exception("Not fully connected")
123 if status['ssid'] != ssid:
124 raise Exception("Unexpected SSID")
125 if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'CCMP':
126 raise Exception("Unexpected encryption configuration")
127 if status['key_mgmt'] != 'WPA2-PSK':
128 raise Exception("Unexpected key_mgmt")
129
130 def test_ap_wps_reg_connect(dev, apdev):
131 """WPS registrar using AP PIN to connect"""
132 ssid = "test-wps-reg-ap-pin"
133 appin = "12345670"
134 hostapd.add_ap(apdev[0]['ifname'],
135 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
136 "wpa_passphrase": "12345678", "wpa": "2",
137 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
138 "ap_pin": appin})
139 logger.info("WPS provisioning step")
140 dev[0].request("SET ignore_old_scan_res 1")
141 dev[0].dump_monitor()
142 dev[0].wps_reg(apdev[0]['bssid'], appin)
143 status = dev[0].get_status()
144 if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
145 raise Exception("Not fully connected")
146 if status['ssid'] != ssid:
147 raise Exception("Unexpected SSID")
148 if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'CCMP':
149 raise Exception("Unexpected encryption configuration")
150 if status['key_mgmt'] != 'WPA2-PSK':
151 raise Exception("Unexpected key_mgmt")
152
153 def test_ap_wps_reg_config(dev, apdev):
154 """WPS registrar configuring and AP using AP PIN"""
155 ssid = "test-wps-init-ap-pin"
156 appin = "12345670"
157 hostapd.add_ap(apdev[0]['ifname'],
158 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
159 "ap_pin": appin})
160 logger.info("WPS configuration step")
161 dev[0].request("SET ignore_old_scan_res 1")
162 dev[0].dump_monitor()
163 new_ssid = "wps-new-ssid"
164 new_passphrase = "1234567890"
165 dev[0].wps_reg(apdev[0]['bssid'], appin, new_ssid, "WPA2PSK", "CCMP",
166 new_passphrase)
167 status = dev[0].get_status()
168 if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
169 raise Exception("Not fully connected")
170 if status['ssid'] != new_ssid:
171 raise Exception("Unexpected SSID")
172 if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'CCMP':
173 raise Exception("Unexpected encryption configuration")
174 if status['key_mgmt'] != 'WPA2-PSK':
175 raise Exception("Unexpected key_mgmt")
176
177 def test_ap_wps_pbc_overlap_2ap(dev, apdev):
178 """WPS PBC session overlap with two active APs"""
179 hostapd.add_ap(apdev[0]['ifname'],
180 { "ssid": "wps1", "eap_server": "1", "wps_state": "2",
181 "wpa_passphrase": "12345678", "wpa": "2",
182 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
183 "wps_independent": "1"})
184 hostapd.add_ap(apdev[1]['ifname'],
185 { "ssid": "wps2", "eap_server": "1", "wps_state": "2",
186 "wpa_passphrase": "123456789", "wpa": "2",
187 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
188 "wps_independent": "1"})
189 hapd = hostapd.Hostapd(apdev[0]['ifname'])
190 hapd.request("WPS_PBC")
191 hapd2 = hostapd.Hostapd(apdev[1]['ifname'])
192 hapd2.request("WPS_PBC")
193 logger.info("WPS provisioning step")
194 dev[0].dump_monitor()
195 dev[0].request("WPS_PBC")
196 ev = dev[0].wait_event(["WPS-OVERLAP-DETECTED"], timeout=15)
197 if ev is None:
198 raise Exception("PBC session overlap not detected")
199
200 def test_ap_wps_pbc_overlap_2sta(dev, apdev):
201 """WPS PBC session overlap with two active STAs"""
202 ssid = "test-wps-pbc-overlap"
203 hostapd.add_ap(apdev[0]['ifname'],
204 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
205 "wpa_passphrase": "12345678", "wpa": "2",
206 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
207 hapd = hostapd.Hostapd(apdev[0]['ifname'])
208 logger.info("WPS provisioning step")
209 hapd.request("WPS_PBC")
210 dev[0].request("SET ignore_old_scan_res 1")
211 dev[1].request("SET ignore_old_scan_res 1")
212 dev[0].dump_monitor()
213 dev[1].dump_monitor()
214 dev[0].request("WPS_PBC")
215 dev[1].request("WPS_PBC")
216 ev = dev[0].wait_event(["WPS-M2D"], timeout=15)
217 if ev is None:
218 raise Exception("PBC session overlap not detected (dev0)")
219 if "config_error=12" not in ev:
220 raise Exception("PBC session overlap not correctly reported (dev0)")
221 ev = dev[1].wait_event(["WPS-M2D"], timeout=15)
222 if ev is None:
223 raise Exception("PBC session overlap not detected (dev1)")
224 if "config_error=12" not in ev:
225 raise Exception("PBC session overlap not correctly reported (dev1)")
226
227 def test_ap_wps_er_add_enrollee(dev, apdev):
228 """WPS ER configuring AP and adding a new enrollee using PIN"""
229 ssid = "wps-er-add-enrollee"
230 ap_pin = "12345670"
231 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
232 hostapd.add_ap(apdev[0]['ifname'],
233 { "ssid": ssid, "eap_server": "1", "wps_state": "1",
234 "device_name": "Wireless AP", "manufacturer": "Company",
235 "model_name": "WAP", "model_number": "123",
236 "serial_number": "12345", "device_type": "6-0050F204-1",
237 "os_version": "01020300",
238 "config_methods": "label push_button",
239 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"})
240 logger.info("WPS configuration step")
241 new_passphrase = "1234567890"
242 dev[0].dump_monitor()
243 dev[0].request("SET ignore_old_scan_res 1")
244 dev[0].wps_reg(apdev[0]['bssid'], ap_pin, ssid, "WPA2PSK", "CCMP",
245 new_passphrase)
246 status = dev[0].get_status()
247 if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
248 raise Exception("Not fully connected")
249 if status['ssid'] != ssid:
250 raise Exception("Unexpected SSID")
251 if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'CCMP':
252 raise Exception("Unexpected encryption configuration")
253 if status['key_mgmt'] != 'WPA2-PSK':
254 raise Exception("Unexpected key_mgmt")
255
256 logger.info("Start ER")
257 dev[0].request("WPS_ER_START ifname=lo")
258 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
259 if ev is None:
260 raise Exception("AP discovery timed out")
261 if ap_uuid not in ev:
262 raise Exception("Expected AP UUID not found")
263
264 logger.info("Learn AP configuration through UPnP")
265 dev[0].dump_monitor()
266 dev[0].request("WPS_ER_LEARN " + ap_uuid + " " + ap_pin)
267 ev = dev[0].wait_event(["WPS-ER-AP-SETTINGS"], timeout=15)
268 if ev is None:
269 raise Exception("AP learn timed out")
270 if ap_uuid not in ev:
271 raise Exception("Expected AP UUID not in settings")
272 if "ssid=" + ssid not in ev:
273 raise Exception("Expected SSID not in settings")
274 if "key=" + new_passphrase not in ev:
275 raise Exception("Expected passphrase not in settings")
276
277 logger.info("Add Enrollee using ER")
278 pin = dev[1].wps_read_pin()
279 dev[0].dump_monitor()
280 dev[0].request("WPS_ER_PIN any " + pin + " " + dev[1].p2p_interface_addr())
281 dev[1].request("SET ignore_old_scan_res 1")
282 dev[1].dump_monitor()
283 dev[1].request("WPS_PIN any " + pin)
284 ev = dev[1].wait_event(["WPS-SUCCESS"], timeout=30)
285 if ev is None:
286 raise Exception("Enrollee did not report success")
287 ev = dev[1].wait_event(["CTRL-EVENT-CONNECTED"], timeout=15)
288 if ev is None:
289 raise Exception("Association with the AP timed out")
290 ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15)
291 if ev is None:
292 raise Exception("WPS ER did not report success")
293 hwsim_utils.test_connectivity_sta(dev[0], dev[1])
294
295 def test_ap_wps_er_add_enrollee_pbc(dev, apdev):
296 """WPS ER connected to AP and adding a new enrollee using PBC"""
297 ssid = "wps-er-add-enrollee-pbc"
298 ap_pin = "12345670"
299 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
300 hostapd.add_ap(apdev[0]['ifname'],
301 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
302 "wpa_passphrase": "12345678", "wpa": "2",
303 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
304 "device_name": "Wireless AP", "manufacturer": "Company",
305 "model_name": "WAP", "model_number": "123",
306 "serial_number": "12345", "device_type": "6-0050F204-1",
307 "os_version": "01020300",
308 "config_methods": "label push_button",
309 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"})
310 logger.info("Learn AP configuration")
311 dev[0].dump_monitor()
312 dev[0].request("SET ignore_old_scan_res 1")
313 dev[0].wps_reg(apdev[0]['bssid'], ap_pin)
314 status = dev[0].get_status()
315 if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
316 raise Exception("Not fully connected")
317
318 logger.info("Start ER")
319 dev[0].request("WPS_ER_START ifname=lo")
320 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
321 if ev is None:
322 raise Exception("AP discovery timed out")
323 if ap_uuid not in ev:
324 raise Exception("Expected AP UUID not found")
325
326 logger.info("Use learned network configuration on ER")
327 dev[0].request("WPS_ER_SET_CONFIG " + ap_uuid + " 0")
328
329 logger.info("Add Enrollee using ER and PBC")
330 dev[0].dump_monitor()
331 enrollee = dev[1].p2p_interface_addr()
332 dev[1].request("SET ignore_old_scan_res 1")
333 dev[1].dump_monitor()
334 dev[1].request("WPS_PBC")
335
336 ev = dev[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout=15)
337 if ev is None:
338 raise Exception("Enrollee discovery timed out")
339 if enrollee not in ev:
340 raise Exception("Expected Enrollee not found")
341 dev[0].request("WPS_ER_PBC " + enrollee)
342
343 ev = dev[1].wait_event(["WPS-SUCCESS"], timeout=15)
344 if ev is None:
345 raise Exception("Enrollee did not report success")
346 ev = dev[1].wait_event(["CTRL-EVENT-CONNECTED"], timeout=15)
347 if ev is None:
348 raise Exception("Association with the AP timed out")
349 ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15)
350 if ev is None:
351 raise Exception("WPS ER did not report success")
352 hwsim_utils.test_connectivity_sta(dev[0], dev[1])
353
354 def test_ap_wps_fragmentation(dev, apdev):
355 """WPS with fragmentation in EAP-WSC and mixed mode WPA+WPA2"""
356 ssid = "test-wps-fragmentation"
357 hostapd.add_ap(apdev[0]['ifname'],
358 { "ssid": ssid, "eap_server": "1", "wps_state": "2",
359 "wpa_passphrase": "12345678", "wpa": "3",
360 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
361 "wpa_pairwise": "TKIP",
362 "fragment_size": "50" })
363 hapd = hostapd.Hostapd(apdev[0]['ifname'])
364 logger.info("WPS provisioning step")
365 hapd.request("WPS_PBC")
366 dev[0].request("SET ignore_old_scan_res 1")
367 dev[0].dump_monitor()
368 dev[0].request("SET wps_fragment_size 50")
369 dev[0].request("WPS_PBC")
370 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=30)
371 if ev is None:
372 raise Exception("Association with the AP timed out")
373 status = dev[0].get_status()
374 if status['wpa_state'] != 'COMPLETED':
375 raise Exception("Not fully connected")
376 if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'TKIP':
377 raise Exception("Unexpected encryption configuration")
378 if status['key_mgmt'] != 'WPA2-PSK':
379 raise Exception("Unexpected key_mgmt")
Unnamed repository; edit this file 'description' to name the repository.