+
+def wait_scan_stopped(dev):
+ dev.request("ABORT_SCAN")
+ for i in range(50):
+ res = dev.get_driver_status_field("scan_state")
+ if "SCAN_STARTED" not in res and "SCAN_REQUESTED" not in res:
+ break
+ logger.debug("Waiting for scan to complete")
+ time.sleep(0.1)
+
+@remote_compatible
+def test_ap_wps_eap_wsc_errors(dev, apdev):
+ """WPS and EAP-WSC error cases"""
+ ssid = "test-wps-conf-pin"
+ appin = "12345670"
+ params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
+ "wpa_passphrase": "12345678", "wpa": "2",
+ "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
+ "fragment_size": "300", "ap_pin": appin}
+ hapd = hostapd.add_ap(apdev[0], params)
+ bssid = apdev[0]['bssid']
+
+ pin = dev[0].wps_read_pin()
+ hapd.request("WPS_PIN any " + pin)
+ dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
+ dev[0].dump_monitor()
+
+ dev[0].wps_reg(bssid, appin + " new_ssid=a", "new ssid", "WPA2PSK", "CCMP",
+ "new passphrase", no_wait=True)
+ ev = dev[0].wait_event(["WPS-FAIL"], timeout=10)
+ if ev is None:
+ raise Exception("WPS-FAIL not reported")
+ dev[0].request("WPS_CANCEL")
+ dev[0].wait_disconnected()
+ wait_scan_stopped(dev[0])
+ dev[0].dump_monitor()
+
+ dev[0].wps_reg(bssid, appin, "new ssid", "FOO", "CCMP",
+ "new passphrase", no_wait=True)
+ ev = dev[0].wait_event(["WPS-FAIL"], timeout=10)
+ if ev is None:
+ raise Exception("WPS-FAIL not reported")
+ dev[0].request("WPS_CANCEL")
+ dev[0].wait_disconnected()
+ wait_scan_stopped(dev[0])
+ dev[0].dump_monitor()
+
+ dev[0].wps_reg(bssid, appin, "new ssid", "WPA2PSK", "FOO",
+ "new passphrase", no_wait=True)
+ ev = dev[0].wait_event(["WPS-FAIL"], timeout=10)
+ if ev is None:
+ raise Exception("WPS-FAIL not reported")
+ dev[0].request("WPS_CANCEL")
+ dev[0].wait_disconnected()
+ wait_scan_stopped(dev[0])
+ dev[0].dump_monitor()
+
+ dev[0].wps_reg(bssid, appin + "new_key=a", "new ssid", "WPA2PSK", "CCMP",
+ "new passphrase", no_wait=True)
+ ev = dev[0].wait_event(["WPS-FAIL"], timeout=10)
+ if ev is None:
+ raise Exception("WPS-FAIL not reported")
+ dev[0].request("WPS_CANCEL")
+ dev[0].wait_disconnected()
+ wait_scan_stopped(dev[0])
+ dev[0].dump_monitor()
+
+ tests = ["eap_wsc_init",
+ "eap_msg_alloc;eap_wsc_build_msg",
+ "wpabuf_alloc;eap_wsc_process_fragment"]
+ for func in tests:
+ with alloc_fail(dev[0], 1, func):
+ dev[0].request("WPS_PIN %s %s" % (bssid, pin))
+ wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
+ dev[0].request("WPS_CANCEL")
+ dev[0].wait_disconnected()
+ wait_scan_stopped(dev[0])
+ dev[0].dump_monitor()
+
+ tests = [(1, "wps_decrypt_encr_settings"),
+ (2, "hmac_sha256;wps_derive_psk")]
+ for count, func in tests:
+ hapd.request("WPS_PIN any " + pin)
+ with fail_test(dev[0], count, func):
+ dev[0].request("WPS_PIN %s %s" % (bssid, pin))
+ wait_fail_trigger(dev[0], "GET_FAIL")
+ dev[0].request("WPS_CANCEL")
+ dev[0].wait_disconnected()
+ wait_scan_stopped(dev[0])
+ dev[0].dump_monitor()
+
+ with alloc_fail(dev[0], 1, "eap_msg_alloc;eap_sm_build_expanded_nak"):
+ dev[0].wps_reg(bssid, appin + " new_ssid=a", "new ssid", "WPA2PSK",
+ "CCMP", "new passphrase", no_wait=True)
+ wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
+ dev[0].request("WPS_CANCEL")
+ dev[0].wait_disconnected()
+ wait_scan_stopped(dev[0])
+ dev[0].dump_monitor()
+
+def test_ap_wps_eap_wsc(dev, apdev):
+ """WPS and EAP-WSC in network profile"""
+ params = int_eap_server_params()
+ params["wps_state"] = "2"
+ hapd = hostapd.add_ap(apdev[0], params)
+ bssid = apdev[0]['bssid']
+
+ logger.info("Unexpected identity")
+ dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", scan_freq="2412",
+ eap="WSC", identity="WFA-SimpleConfig-Enrollee-unexpected",
+ wait_connect=False)
+ ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=5)
+ if ev is None:
+ raise Exception("No EAP-Failure seen")
+ dev[0].request("REMOVE_NETWORK all")
+ dev[0].wait_disconnected()
+
+ logger.info("No phase1 parameter")
+ dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", scan_freq="2412",
+ eap="WSC", identity="WFA-SimpleConfig-Enrollee-1-0",
+ wait_connect=False)
+ ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=5)
+ if ev is None:
+ raise Exception("Timeout on EAP method start")
+ ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=5)
+ if ev is None:
+ raise Exception("No EAP-Failure seen")
+ dev[0].request("REMOVE_NETWORK all")
+ dev[0].wait_disconnected()
+
+ logger.info("No PIN/PBC in phase1")
+ dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", scan_freq="2412",
+ eap="WSC", identity="WFA-SimpleConfig-Enrollee-1-0",
+ phase1="foo", wait_connect=False)
+ ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=5)
+ if ev is None:
+ raise Exception("Timeout on EAP method start")
+ ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=5)
+ if ev is None:
+ raise Exception("No EAP-Failure seen")
+ dev[0].request("REMOVE_NETWORK all")
+ dev[0].wait_disconnected()
+
+ logger.info("Invalid pkhash in phase1")
+ dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", scan_freq="2412",
+ eap="WSC", identity="WFA-SimpleConfig-Enrollee-1-0",
+ phase1="foo pkhash=q pbc=1", wait_connect=False)
+ ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=5)
+ if ev is None:
+ raise Exception("Timeout on EAP method start")
+ ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=5)
+ if ev is None:
+ raise Exception("No EAP-Failure seen")
+ dev[0].request("REMOVE_NETWORK all")
+ dev[0].wait_disconnected()
+
+ logger.info("Zero fragment_size")
+ dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", scan_freq="2412",
+ eap="WSC", identity="WFA-SimpleConfig-Enrollee-1-0",
+ fragment_size="0", phase1="pin=12345670", wait_connect=False)
+ ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=5)
+ if ev is None:
+ raise Exception("Timeout on EAP method start")
+ ev = dev[0].wait_event(["WPS-M2D"], timeout=5)
+ if ev is None:
+ raise Exception("No M2D seen")
+ ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=5)
+ if ev is None:
+ raise Exception("No EAP-Failure seen")
+ dev[0].request("REMOVE_NETWORK all")
+ dev[0].wait_disconnected()
+
+ logger.info("Missing new_auth")
+ dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", scan_freq="2412",
+ eap="WSC", identity="WFA-SimpleConfig-Enrollee-1-0",
+ phase1="pin=12345670 new_ssid=aa", wait_connect=False)
+ ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=5)
+ if ev is None:
+ raise Exception("Timeout on EAP method start")
+ ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=5)
+ if ev is None:
+ raise Exception("No EAP-Failure seen")
+ dev[0].request("REMOVE_NETWORK all")
+ dev[0].wait_disconnected()
+
+ logger.info("Missing new_encr")
+ dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", scan_freq="2412",
+ eap="WSC", identity="WFA-SimpleConfig-Enrollee-1-0",
+ phase1="pin=12345670 new_auth=WPA2PSK new_ssid=aa", wait_connect=False)
+ ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=5)
+ if ev is None:
+ raise Exception("Timeout on EAP method start")
+ ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=5)
+ if ev is None:
+ raise Exception("No EAP-Failure seen")
+ dev[0].request("REMOVE_NETWORK all")
+ dev[0].wait_disconnected()
+
+ logger.info("Missing new_key")
+ dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", scan_freq="2412",
+ eap="WSC", identity="WFA-SimpleConfig-Enrollee-1-0",
+ phase1="pin=12345670 new_auth=WPA2PSK new_ssid=aa new_encr=CCMP",
+ wait_connect=False)
+ ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=5)
+ if ev is None:
+ raise Exception("Timeout on EAP method start")
+ ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=5)
+ if ev is None:
+ raise Exception("No EAP-Failure seen")
+ dev[0].request("REMOVE_NETWORK all")
+ dev[0].wait_disconnected()
+
+def test_ap_wps_and_bss_limit(dev, apdev):
+ """WPS and wpa_supplicant BSS entry limit"""
+ try:
+ _test_ap_wps_and_bss_limit(dev, apdev)
+ finally:
+ dev[0].request("SET bss_max_count 200")
+ pass
+
+def _test_ap_wps_and_bss_limit(dev, apdev):
+ params = {"ssid": "test-wps", "eap_server": "1", "wps_state": "2",
+ "wpa_passphrase": "12345678", "wpa": "2",
+ "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"}
+ hapd = hostapd.add_ap(apdev[0], params)
+
+ params = {"ssid": "test-wps-2", "eap_server": "1", "wps_state": "2",
+ "wpa_passphrase": "1234567890", "wpa": "2",
+ "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"}
+ hapd2 = hostapd.add_ap(apdev[1], params)
+
+ id = dev[1].add_network()
+ dev[1].set_network(id, "mode", "2")
+ dev[1].set_network_quoted(id, "ssid", "wpas-ap-no-wps")
+ dev[1].set_network_quoted(id, "psk", "12345678")
+ dev[1].set_network(id, "frequency", "2462")
+ dev[1].set_network(id, "scan_freq", "2462")
+ dev[1].set_network(id, "wps_disabled", "1")
+ dev[1].select_network(id)
+
+ id = dev[2].add_network()
+ dev[2].set_network(id, "mode", "2")
+ dev[2].set_network_quoted(id, "ssid", "wpas-ap")
+ dev[2].set_network_quoted(id, "psk", "12345678")
+ dev[2].set_network(id, "frequency", "2437")
+ dev[2].set_network(id, "scan_freq", "2437")
+ dev[2].select_network(id)
+
+ wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
+ wpas.interface_add("wlan5")
+ id = wpas.add_network()
+ wpas.set_network(id, "mode", "2")
+ wpas.set_network_quoted(id, "ssid", "wpas-ap")
+ wpas.set_network_quoted(id, "psk", "12345678")
+ wpas.set_network(id, "frequency", "2437")
+ wpas.set_network(id, "scan_freq", "2437")
+ wpas.select_network(id)
+
+ dev[1].wait_connected()
+ dev[2].wait_connected()
+ wpas.wait_connected()
+ wpas.request("WPS_PIN any 12345670")
+
+ hapd.request("WPS_PBC")
+ hapd2.request("WPS_PBC")
+
+ dev[0].request("SET bss_max_count 1")
+
+ id = dev[0].add_network()
+ dev[0].set_network_quoted(id, "ssid", "testing")
+
+ id = dev[0].add_network()
+ dev[0].set_network_quoted(id, "ssid", "testing")
+ dev[0].set_network(id, "key_mgmt", "WPS")
+
+ dev[0].request("WPS_PBC")
+ ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=10)
+ dev[0].request("WPS_CANCEL")
+
+ id = dev[0].add_network()
+ dev[0].set_network_quoted(id, "ssid", "testing")
+ dev[0].set_network(id, "key_mgmt", "WPS")
+
+ dev[0].scan(freq="2412")
+
+def test_ap_wps_pbc_2ap(dev, apdev):
+ """WPS PBC with two APs advertising same SSID"""
+ params = {"ssid": "wps", "eap_server": "1", "wps_state": "2",
+ "wpa_passphrase": "12345678", "wpa": "2",
+ "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
+ "wps_independent": "1"}
+ hapd = hostapd.add_ap(apdev[0], params)
+ params = {"ssid": "wps", "eap_server": "1", "wps_state": "2",
+ "wpa_passphrase": "123456789", "wpa": "2",
+ "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
+ "wps_independent": "1"}
+ hapd2 = hostapd.add_ap(apdev[1], params)
+ hapd.request("WPS_PBC")
+
+ wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
+ wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
+ wpas.dump_monitor()
+ wpas.flush_scan_cache()
+
+ wpas.scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True)
+ wpas.scan_for_bss(apdev[1]['bssid'], freq="2412")
+ wpas.request("WPS_PBC")
+ wpas.wait_connected()
+ wpas.request("DISCONNECT")
+ hapd.request("DISABLE")
+ hapd2.request("DISABLE")
+ wpas.flush_scan_cache()
+
+def test_ap_wps_er_enrollee_to_conf_ap(dev, apdev):
+ """WPS ER enrolling a new device to a configured AP"""
+ try:
+ _test_ap_wps_er_enrollee_to_conf_ap(dev, apdev)
+ finally:
+ dev[0].request("WPS_ER_STOP")
+
+def _test_ap_wps_er_enrollee_to_conf_ap(dev, apdev):
+ ssid = "wps-er-enrollee-to-conf-ap"
+ ap_pin = "12345670"
+ ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
+ params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
+ "wpa_passphrase": "12345678", "wpa": "2",
+ "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
+ "device_name": "Wireless AP", "manufacturer": "Company",
+ "model_name": "WAP", "model_number": "123",
+ "serial_number": "12345", "device_type": "6-0050F204-1",
+ "os_version": "01020300",
+ "config_methods": "label push_button",
+ "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"}
+ hapd = hostapd.add_ap(apdev[0], params)
+ bssid = hapd.own_addr()
+
+ id = dev[0].connect(ssid, psk="12345678", scan_freq="2412")
+ dev[0].dump_monitor()
+
+ dev[0].request("WPS_ER_START ifname=lo")
+ ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
+ if ev is None:
+ raise Exception("AP discovery timed out")
+ if ap_uuid not in ev:
+ raise Exception("Expected AP UUID not found")
+
+ pin = dev[2].wps_read_pin()
+ addr2 = dev[2].own_addr()
+ dev[0].dump_monitor()
+ dev[2].scan_for_bss(bssid, freq=2412)
+ dev[2].dump_monitor()
+ dev[2].request("WPS_PIN %s %s" % (bssid, pin))
+
+ for i in range(3):
+ ev = dev[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout=10)
+ if ev is None:
+ raise Exception("Enrollee not seen")
+ if addr2 in ev:
+ break
+ if addr2 not in ev:
+ raise Exception("Unexpected Enrollee MAC address")
+ dev[0].dump_monitor()
+
+ dev[0].request("WPS_ER_SET_CONFIG " + ap_uuid + " " + str(id))
+ dev[0].request("WPS_ER_PIN " + addr2 + " " + pin + " " + addr2)
+ dev[2].wait_connected(timeout=30)
+ ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15)
+ if ev is None:
+ raise Exception("WPS ER did not report success")
+
+def test_ap_wps_er_enrollee_to_conf_ap2(dev, apdev):
+ """WPS ER enrolling a new device to a configured AP (2)"""
+ try:
+ _test_ap_wps_er_enrollee_to_conf_ap2(dev, apdev)
+ finally:
+ dev[0].request("WPS_ER_STOP")
+
+def _test_ap_wps_er_enrollee_to_conf_ap2(dev, apdev):
+ ssid = "wps-er-enrollee-to-conf-ap"
+ ap_pin = "12345670"
+ ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
+ params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
+ "wpa_passphrase": "12345678", "wpa": "2",
+ "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
+ "device_name": "Wireless AP", "manufacturer": "Company",
+ "model_name": "WAP", "model_number": "123",
+ "serial_number": "12345", "device_type": "6-0050F204-1",
+ "os_version": "01020300",
+ "config_methods": "label push_button",
+ "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"}
+ hapd = hostapd.add_ap(apdev[0], params)
+ bssid = hapd.own_addr()
+
+ id = dev[0].connect(ssid, psk="12345678", scan_freq="2412")
+ dev[0].dump_monitor()
+
+ dev[0].request("WPS_ER_START ifname=lo")
+ ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
+ if ev is None:
+ raise Exception("AP discovery timed out")
+ if ap_uuid not in ev:
+ raise Exception("Expected AP UUID not found")
+
+ dev[0].request("WPS_ER_LEARN " + ap_uuid + " " + ap_pin)
+ ev = dev[0].wait_event(["WPS-ER-AP-SETTINGS"], timeout=15)
+ if ev is None:
+ raise Exception("AP learn timed out")
+ if ap_uuid not in ev:
+ raise Exception("Expected AP UUID not in settings")
+ ev = dev[0].wait_event(["WPS-FAIL"], timeout=15)
+ if ev is None:
+ raise Exception("WPS-FAIL after AP learn timed out")
+ time.sleep(0.1)
+
+ pin = dev[1].wps_read_pin()
+ addr1 = dev[1].own_addr()
+ dev[0].dump_monitor()
+ dev[0].request("WPS_ER_PIN any " + pin)
+ time.sleep(0.1)
+ dev[1].scan_for_bss(bssid, freq=2412)
+ dev[1].request("WPS_PIN any %s" % pin)
+ ev = dev[1].wait_event(["WPS-SUCCESS"], timeout=30)
+ if ev is None:
+ raise Exception("Enrollee did not report success")
+ dev[1].wait_connected(timeout=15)
+ ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15)
+ if ev is None:
+ raise Exception("WPS ER did not report success")
+
+def test_ap_wps_ignore_broadcast_ssid(dev, apdev):
+ """WPS AP trying to ignore broadcast SSID"""
+ ssid = "test-wps"
+ hapd = hostapd.add_ap(apdev[0],
+ {"ssid": ssid, "eap_server": "1", "wps_state": "1",
+ "ignore_broadcast_ssid": "1"})
+ if "FAIL" not in hapd.request("WPS_PBC"):
+ raise Exception("WPS unexpectedly enabled")
+
+def test_ap_wps_wep(dev, apdev):
+ """WPS AP trying to enable WEP"""
+ ssid = "test-wps"
+ hapd = hostapd.add_ap(apdev[0],
+ {"ssid": ssid, "eap_server": "1", "wps_state": "1",
+ "ieee80211n": "0", "wep_key0": '"hello"'})
+ if "FAIL" not in hapd.request("WPS_PBC"):
+ raise Exception("WPS unexpectedly enabled")
+
+def test_ap_wps_tkip(dev, apdev):
+ """WPS AP trying to enable TKIP"""
+ ssid = "test-wps"
+ hapd = hostapd.add_ap(apdev[0],
+ {"ssid": ssid, "eap_server": "1", "wps_state": "1",
+ "ieee80211n": "0", "wpa": '1',
+ "wpa_key_mgmt": "WPA-PSK",
+ "wpa_passphrase": "12345678"})
+ if "FAIL" not in hapd.request("WPS_PBC"):
+ raise Exception("WPS unexpectedly enabled")
+
+def test_ap_wps_conf_dummy_cred(dev, apdev):
+ """WPS PIN provisioning with configured AP using dummy cred"""
+ ssid = "test-wps-conf"
+ hapd = hostapd.add_ap(apdev[0],
+ {"ssid": ssid, "eap_server": "1", "wps_state": "2",
+ "wpa_passphrase": "12345678", "wpa": "2",
+ "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
+ hapd.request("WPS_PIN any 12345670")
+ dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
+ dev[0].dump_monitor()
+ try:
+ hapd.set("wps_testing_dummy_cred", "1")
+ dev[0].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
+ for i in range(1, 3):
+ ev = dev[0].wait_event(["WPS-CRED-RECEIVED"], timeout=15)
+ if ev is None:
+ raise Exception("WPS credential %d not received" % i)
+ dev[0].wait_connected(timeout=30)
+ finally:
+ hapd.set("wps_testing_dummy_cred", "0")
+
+def test_ap_wps_rf_bands(dev, apdev):
+ """WPS and wps_rf_bands configuration"""
+ ssid = "test-wps-conf"
+ params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
+ "wpa_passphrase": "12345678", "wpa": "2",
+ "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
+ "wps_rf_bands": "ag"}
+
+ hapd = hostapd.add_ap(apdev[0], params)
+ bssid = hapd.own_addr()
+ hapd.request("WPS_PBC")
+ dev[0].scan_for_bss(bssid, freq="2412")
+ dev[0].dump_monitor()
+ dev[0].request("WPS_PBC " + bssid)
+ dev[0].wait_connected(timeout=30)
+ bss = dev[0].get_bss(bssid)
+ logger.info("BSS: " + str(bss))
+ if "103c000103" not in bss['ie']:
+ raise Exception("RF Bands attribute with expected values not found")
+ dev[0].request("DISCONNECT")
+ dev[0].wait_disconnected()
+ hapd.set("wps_rf_bands", "ad")
+ hapd.set("wps_rf_bands", "a")
+ hapd.set("wps_rf_bands", "g")
+ hapd.set("wps_rf_bands", "b")
+ hapd.set("wps_rf_bands", "ga")
+ hapd.disable()
+ dev[0].dump_monitor()
+ dev[0].flush_scan_cache()
+
+def test_ap_wps_pbc_in_m1(dev, apdev):
+ """WPS and pbc_in_m1"""
+ ssid = "test-wps-conf"
+ params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
+ "wpa_passphrase": "12345678", "wpa": "2",
+ "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
+ "config_methods": "virtual_push_button virtual_display",
+ "pbc_in_m1": "1"}
+
+ hapd = hostapd.add_ap(apdev[0], params)
+ bssid = hapd.own_addr()
+ hapd.request("WPS_PBC")
+ dev[0].scan_for_bss(bssid, freq="2412")
+ dev[0].dump_monitor()
+ dev[0].request("WPS_PBC " + bssid)
+ dev[0].wait_connected(timeout=30)
+ dev[0].request("DISCONNECT")
+ dev[0].wait_disconnected()
+ hapd.disable()
+ dev[0].dump_monitor()
+ dev[0].flush_scan_cache()
+
+def test_ap_wps_pbc_mac_addr_change(dev, apdev, params):
+ """WPS M1 with MAC address change"""
+ ssid = "test-wps-mac-addr-change"
+ hapd = hostapd.add_ap(apdev[0],
+ {"ssid": ssid, "eap_server": "1", "wps_state": "1"})
+ hapd.request("WPS_PBC")
+ if "PBC Status: Active" not in hapd.request("WPS_GET_STATUS"):
+ raise Exception("PBC status not shown correctly")
+ dev[0].flush_scan_cache()
+
+ test_addr = '02:11:22:33:44:55'
+ addr = dev[0].get_status_field("address")
+ if addr == test_addr:
+ raise Exception("Unexpected initial MAC address")
+
+ try:
+ subprocess.call(['ip', 'link', 'set', 'dev', dev[0].ifname, 'down'])
+ subprocess.call(['ip', 'link', 'set', 'dev', dev[0].ifname, 'address',
+ test_addr])
+ subprocess.call(['ip', 'link', 'set', 'dev', dev[0].ifname, 'up'])
+ addr1 = dev[0].get_status_field("address")
+ if addr1 != test_addr:
+ raise Exception("Failed to change MAC address")
+
+ dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True)
+ dev[0].request("WPS_PBC " + apdev[0]['bssid'])
+ dev[0].wait_connected(timeout=30)
+ status = dev[0].get_status()
+ if status['wpa_state'] != 'COMPLETED' or \
+ status['bssid'] != apdev[0]['bssid']:
+ raise Exception("Not fully connected")
+
+ out = run_tshark(os.path.join(params['logdir'], "hwsim0.pcapng"),
+ "wps.message_type == 0x04",
+ display=["wps.mac_address"])
+ res = out.splitlines()
+
+ if len(res) < 1:
+ raise Exception("No M1 message with MAC address found")
+ if res[0] != addr1:
+ raise Exception("Wrong M1 MAC address")
+ dev[0].request("DISCONNECT")
+ dev[0].wait_disconnected()
+ hapd.disable()
+ dev[0].dump_monitor()
+ dev[0].flush_scan_cache()
+ finally:
+ # Restore MAC address
+ subprocess.call(['ip', 'link', 'set', 'dev', dev[0].ifname, 'down'])
+ subprocess.call(['ip', 'link', 'set', 'dev', dev[0].ifname, 'address',
+ addr])
+ subprocess.call(['ip', 'link', 'set', 'dev', dev[0].ifname, 'up'])
+
+def test_ap_wps_pin_start_failure(dev, apdev):
+ """WPS_PIN start failure"""
+ with alloc_fail(dev[0], 1, "wpas_wps_start_dev_pw"):
+ if "FAIL" not in dev[0].request("WPS_PIN any 12345670"):
+ raise Exception("WPS_PIN not rejected during OOM")
+ with alloc_fail(dev[0], 1, "wpas_wps_start_dev_pw"):
+ if "FAIL" not in dev[0].request("WPS_PIN any"):
+ raise Exception("WPS_PIN not rejected during OOM")
+
+def test_ap_wps_ap_pin_failure(dev, apdev):
+ """WPS_AP_PIN failure"""
+ id = dev[0].add_network()
+ dev[0].set_network(id, "mode", "2")
+ dev[0].set_network_quoted(id, "ssid", "wpas-ap-wps")
+ dev[0].set_network_quoted(id, "psk", "1234567890")
+ dev[0].set_network(id, "frequency", "2412")
+ dev[0].set_network(id, "scan_freq", "2412")
+ dev[0].select_network(id)
+ dev[0].wait_connected()
+
+ with fail_test(dev[0], 1,
+ "os_get_random;wpa_supplicant_ctrl_iface_wps_ap_pin"):
+ if "FAIL" not in dev[0].request("WPS_AP_PIN random"):
+ raise Exception("WPS_AP_PIN random accepted")
+ with alloc_fail(dev[0], 1, "wpas_wps_ap_pin_set"):
+ if "FAIL" not in dev[0].request("WPS_AP_PIN set 12345670"):
+ raise Exception("WPS_AP_PIN set accepted")
+
+ dev[0].request("DISCONNECT")
+ dev[0].wait_disconnected()
+
+def test_ap_wps_random_uuid(dev, apdev, params):
+ """WPS and random UUID on Enrollee"""
+ ssid = "test-wps-conf"
+ hapd = hostapd.add_ap(apdev[0],
+ {"ssid": ssid, "eap_server": "1", "wps_state": "2",
+ "wpa_passphrase": "12345678", "wpa": "2",
+ "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
+
+ config = os.path.join(params['logdir'], 'ap_wps_random_uuid.conf')
+ with open(config, "w") as f:
+ f.write("auto_uuid=1\n")
+
+ wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
+
+ uuid = []
+ for i in range(3):
+ wpas.interface_add("wlan5", config=config)
+
+ wpas.scan_for_bss(apdev[0]['bssid'], freq="2412")
+ wpas.dump_monitor()
+ wpas.request("WPS_PBC " + apdev[0]['bssid'])
+
+ ev = hapd.wait_event(["WPS-ENROLLEE-SEEN"], timeout=10)
+ if ev is None:
+ raise Exception("Enrollee not seen")
+ uuid.append(ev.split(' ')[2])
+ wpas.request("WPS_CANCEL")
+ wpas.dump_monitor()
+
+ wpas.interface_remove("wlan5")
+
+ hapd.dump_monitor()
+
+ logger.info("Seen UUIDs: " + str(uuid))
+ if uuid[0] == uuid[1] or uuid[0] == uuid[2] or uuid[1] == uuid[2]:
+ raise Exception("Same UUID used multiple times")
+
+def test_ap_wps_conf_pin_gcmp_128(dev, apdev):
+ """WPS PIN provisioning with configured AP using GCMP-128"""
+ run_ap_wps_conf_pin_cipher(dev, apdev, "GCMP")
+
+def test_ap_wps_conf_pin_gcmp_256(dev, apdev):
+ """WPS PIN provisioning with configured AP using GCMP-256"""
+ run_ap_wps_conf_pin_cipher(dev, apdev, "GCMP-256")
+
+def test_ap_wps_conf_pin_ccmp_256(dev, apdev):
+ """WPS PIN provisioning with configured AP using CCMP-256"""
+ run_ap_wps_conf_pin_cipher(dev, apdev, "CCMP-256")
+
+def run_ap_wps_conf_pin_cipher(dev, apdev, cipher):
+ if cipher not in dev[0].get_capability("pairwise"):
+ raise HwsimSkip("Cipher %s not supported" % cipher)
+ ssid = "test-wps-conf-pin"
+ hapd = hostapd.add_ap(apdev[0],
+ {"ssid": ssid, "eap_server": "1", "wps_state": "2",
+ "wpa_passphrase": "12345678", "wpa": "2",
+ "wpa_key_mgmt": "WPA-PSK",
+ "rsn_pairwise": cipher})
+ logger.info("WPS provisioning step")
+ pin = dev[0].wps_read_pin()
+ hapd.request("WPS_PIN any " + pin)
+ dev[0].flush_scan_cache()
+ dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
+ dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
+ dev[0].wait_connected(timeout=15)
+
+def test_ap_wps_and_sae(dev, apdev):
+ """Initial AP configuration with first WPS Enrollee and adding SAE"""
+ try:
+ run_ap_wps_and_sae(dev, apdev)
+ finally:
+ dev[0].set("wps_cred_add_sae", "0")
+
+def run_ap_wps_and_sae(dev, apdev):
+ check_sae_capab(dev[0])
+ ssid = "test-wps-sae"
+ hapd = hostapd.add_ap(apdev[0],
+ {"ssid": ssid, "eap_server": "1", "wps_state": "1",
+ "wps_cred_add_sae": "1"})
+ logger.info("WPS provisioning step")
+ pin = dev[0].wps_read_pin()
+ hapd.request("WPS_PIN any " + pin)
+
+ dev[0].set("wps_cred_add_sae", "1")
+ dev[0].request("SET sae_groups ")
+ dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True)
+ dev[0].request("WPS_PIN " + apdev[0]['bssid'] + " " + pin)
+ dev[0].wait_connected(timeout=30)
+ status = dev[0].get_status()
+ if status['key_mgmt'] != "SAE":
+ raise Exception("SAE not used")
+ if 'pmf' not in status or status['pmf'] != "1":
+ raise Exception("PMF not enabled")
+
+ pin = dev[1].wps_read_pin()
+ hapd.request("WPS_PIN any " + pin)
+ dev[1].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True)
+ dev[1].request("WPS_PIN " + apdev[0]['bssid'] + " " + pin)
+ dev[1].wait_connected(timeout=30)
+ status = dev[1].get_status()
+ if status['key_mgmt'] != "WPA2-PSK":
+ raise Exception("WPA2-PSK not used")
+ if 'pmf' in status:
+ raise Exception("PMF enabled")
+
+def test_ap_wps_conf_and_sae(dev, apdev):
+ """WPS PBC provisioning with configured AP using PSK+SAE"""
+ try:
+ run_ap_wps_conf_and_sae(dev, apdev)
+ finally:
+ dev[0].set("wps_cred_add_sae", "0")
+
+def run_ap_wps_conf_and_sae(dev, apdev):
+ check_sae_capab(dev[0])
+ ssid = "test-wps-conf-sae"
+ hapd = hostapd.add_ap(apdev[0],
+ {"ssid": ssid, "eap_server": "1", "wps_state": "2",
+ "wpa_passphrase": "12345678", "wpa": "2",
+ "ieee80211w": "1", "sae_require_mfp": "1",
+ "wpa_key_mgmt": "WPA-PSK SAE",
+ "rsn_pairwise": "CCMP"})
+
+ dev[0].set("wps_cred_add_sae", "1")
+ dev[0].request("SET sae_groups ")
+ dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
+ pin = dev[0].wps_read_pin()
+ hapd.request("WPS_PIN any " + pin)
+ dev[0].request("WPS_PIN " + apdev[0]['bssid'] + " " + pin)
+ dev[0].wait_connected(timeout=30)
+ status = dev[0].get_status()
+ if status['key_mgmt'] != "SAE":
+ raise Exception("SAE not used")
+ if 'pmf' not in status or status['pmf'] != "1":
+ raise Exception("PMF not enabled")
+
+ dev[1].connect(ssid, psk="12345678", scan_freq="2412", proto="WPA2",
+ key_mgmt="WPA-PSK", ieee80211w="0")
+
+def test_ap_wps_reg_config_and_sae(dev, apdev):
+ """WPS registrar configuring an AP using AP PIN and using PSK+SAE"""
+ try:
+ run_ap_wps_reg_config_and_sae(dev, apdev)
+ finally:
+ dev[0].set("wps_cred_add_sae", "0")
+
+def run_ap_wps_reg_config_and_sae(dev, apdev):
+ check_sae_capab(dev[0])
+ ssid = "test-wps-init-ap-pin-sae"
+ appin = "12345670"
+ hostapd.add_ap(apdev[0],
+ {"ssid": ssid, "eap_server": "1", "wps_state": "2",
+ "ap_pin": appin, "wps_cred_add_sae": "1"})
+ logger.info("WPS configuration step")
+ dev[0].flush_scan_cache()
+ dev[0].set("wps_cred_add_sae", "1")
+ dev[0].request("SET sae_groups ")
+ dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
+ dev[0].dump_monitor()
+ new_ssid = "wps-new-ssid"
+ new_passphrase = "1234567890"
+ dev[0].wps_reg(apdev[0]['bssid'], appin, new_ssid, "WPA2PSK", "CCMP",
+ new_passphrase)
+ status = dev[0].get_status()
+ if status['key_mgmt'] != "SAE":
+ raise Exception("SAE not used")
+ if 'pmf' not in status or status['pmf'] != "1":
+ raise Exception("PMF not enabled")
+
+ dev[1].connect(new_ssid, psk=new_passphrase, scan_freq="2412", proto="WPA2",
+ key_mgmt="WPA-PSK", ieee80211w="0")
+
+def test_ap_wps_appl_ext(dev, apdev):
+ """WPS Application Extension attribute"""
+ ssid = "test-wps-conf"
+ params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
+ "wps_application_ext": 16*"11" + 5*"ee",
+ "wpa_passphrase": "12345678", "wpa": "2",
+ "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"}
+ hapd = hostapd.add_ap(apdev[0], params)
+ pin = dev[0].wps_read_pin()
+ hapd.request("WPS_PIN any " + pin)
+ dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
+ dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
+ dev[0].wait_connected(timeout=30)