#!/usr/bin/python
#
# WPS tests
-# Copyright (c) 2013, Jouni Malinen <j@w1.fi>
+# Copyright (c) 2013-2014, Jouni Malinen <j@w1.fi>
#
# This software may be distributed under the terms of the BSD license.
# See README for more details.
import subprocess
import logging
logger = logging.getLogger()
+import re
import hwsim_utils
import hostapd
hapd = hostapd.Hostapd(apdev[0]['ifname'])
logger.info("WPS provisioning step")
hapd.request("WPS_PBC")
- dev[0].request("SET ignore_old_scan_res 1")
+ if "PBC Status: Active" not in hapd.request("WPS_GET_STATUS"):
+ raise Exception("PBC status not shown correctly")
dev[0].dump_monitor()
dev[0].request("WPS_PBC")
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=30)
if status['key_mgmt'] != 'WPA2-PSK':
raise Exception("Unexpected key_mgmt")
+ status = hapd.request("WPS_GET_STATUS")
+ if "PBC Status: Disabled" not in status:
+ raise Exception("PBC status not shown correctly")
+ if "Last WPS result: Success" not in status:
+ raise Exception("Last WPS result not shown correctly")
+ if "Peer Address: " + dev[0].p2p_interface_addr() not in status:
+ raise Exception("Peer address not shown correctly")
+ conf = hapd.request("GET_CONFIG")
+ if "wps_state=configured" not in conf:
+ raise Exception("AP not in WPS configured state")
+ if "rsn_pairwise_cipher=CCMP TKIP" not in conf:
+ raise Exception("Unexpected rsn_pairwise_cipher")
+ if "wpa_pairwise_cipher=CCMP TKIP" not in conf:
+ raise Exception("Unexpected wpa_pairwise_cipher")
+ if "group_cipher=TKIP" not in conf:
+ raise Exception("Unexpected group_cipher")
+
def test_ap_wps_init_2ap_pbc(dev, apdev):
"""Initial two-radio AP configuration with first WPS PBC Enrollee"""
ssid = "test-wps"
hapd = hostapd.Hostapd(apdev[0]['ifname'])
logger.info("WPS provisioning step")
hapd.request("WPS_PBC")
- dev[0].request("SET ignore_old_scan_res 1")
dev[0].scan(freq="2412")
bss = dev[0].get_bss(apdev[0]['bssid'])
if "[WPS-PBC]" not in bss['flags']:
if ev is None:
raise Exception("Association with the AP timed out")
- dev[1].request("SET ignore_old_scan_res 1")
dev[1].scan(freq="2412")
bss = dev[1].get_bss(apdev[0]['bssid'])
if "[WPS-PBC]" in bss['flags']:
logger.info("WPS provisioning step")
pin = dev[0].wps_read_pin()
hapd.request("WPS_PIN any " + pin)
- dev[0].request("SET ignore_old_scan_res 1")
dev[0].scan(freq="2412")
bss = dev[0].get_bss(apdev[0]['bssid'])
if "[WPS-AUTH]" not in bss['flags']:
if ev is None:
raise Exception("Association with the AP timed out")
- dev[1].request("SET ignore_old_scan_res 1")
dev[1].scan(freq="2412")
bss = dev[1].get_bss(apdev[0]['bssid'])
if "[WPS-AUTH]" in bss['flags']:
if "[WPS-AUTH]" in bss['flags']:
raise Exception("WPS-AUTH flag bit ckeared from AP2")
+def test_ap_wps_init_through_wps_config(dev, apdev):
+ """Initial AP configuration using wps_config command"""
+ ssid = "test-wps-init-config"
+ hostapd.add_ap(apdev[0]['ifname'],
+ { "ssid": ssid, "eap_server": "1", "wps_state": "1" })
+ hapd = hostapd.Hostapd(apdev[0]['ifname'])
+ if "FAIL" in hapd.request("WPS_CONFIG " + ssid.encode("hex") + " WPA2PSK CCMP " + "12345678".encode("hex")):
+ raise Exception("WPS_CONFIG command failed")
+ dev[0].connect(ssid, psk="12345678", scan_freq="2412", proto="WPA2",
+ pairwise="CCMP", group="CCMP")
+
def test_ap_wps_conf(dev, apdev):
"""WPS PBC provisioning with configured AP"""
ssid = "test-wps-conf"
hapd = hostapd.Hostapd(apdev[0]['ifname'])
logger.info("WPS provisioning step")
hapd.request("WPS_PBC")
- dev[0].request("SET ignore_old_scan_res 1")
dev[0].dump_monitor()
dev[0].request("WPS_PBC")
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=30)
logger.info("WPS provisioning attempt 1")
hapd.request("WPS_PIN any 12345670")
- dev[0].request("SET ignore_old_scan_res 1")
dev[0].dump_monitor()
dev[0].request("WPS_PIN any 55554444")
ev = dev[0].wait_event(["WPS-FAIL"], timeout=30)
# if a scan was in progress, wait for it to complete before trying WPS again
ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
+ status = hapd.request("WPS_GET_STATUS")
+ if "Last WPS result: Failed" not in status:
+ raise Exception("WPS failure result not shown correctly")
+
logger.info("WPS provisioning attempt 2")
hapd.request("WPS_PIN any 12345670")
dev[0].dump_monitor()
logger.info("WPS provisioning step")
pin = dev[0].wps_read_pin()
hapd.request("WPS_PIN any " + pin)
- dev[0].request("SET ignore_old_scan_res 1")
dev[0].dump_monitor()
dev[0].request("WPS_PIN any " + pin)
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=30)
if status['key_mgmt'] != 'WPA2-PSK':
raise Exception("Unexpected key_mgmt")
- dev[1].request("SET ignore_old_scan_res 1")
dev[1].scan(freq="2412")
bss = dev[1].get_bss(apdev[0]['bssid'])
if "[WPS-AUTH]" in bss['flags']:
pin2 = "55554444"
hapd.request("WPS_PIN " + dev[0].get_status_field("uuid") + " " + pin)
hapd.request("WPS_PIN " + dev[1].get_status_field("uuid") + " " + pin)
- dev[0].request("SET ignore_old_scan_res 1")
dev[0].dump_monitor()
- dev[1].request("SET ignore_old_scan_res 1")
dev[1].dump_monitor()
dev[0].request("WPS_PIN any " + pin)
dev[1].request("WPS_PIN any " + pin)
"wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
"ap_pin": appin})
logger.info("WPS provisioning step")
- dev[0].request("SET ignore_old_scan_res 1")
dev[0].dump_monitor()
dev[0].wps_reg(apdev[0]['bssid'], appin)
status = dev[0].get_status()
if status['key_mgmt'] != 'WPA2-PSK':
raise Exception("Unexpected key_mgmt")
+def check_wps_reg_failure(dev, ap, appin):
+ dev.request("WPS_REG " + ap['bssid'] + " " + appin)
+ ev = dev.wait_event(["WPS-SUCCESS", "WPS-FAIL"], timeout=15)
+ if ev is None:
+ raise Exception("WPS operation timed out")
+ if "WPS-SUCCESS" in ev:
+ raise Exception("WPS operation succeeded unexpectedly")
+ if "config_error=15" not in ev:
+ raise Exception("WPS setup locked state was not reported correctly")
+
def test_ap_wps_random_ap_pin(dev, apdev):
"""WPS registrar using random AP PIN"""
ssid = "test-wps-reg-random-ap-pin"
if appin not in hapd.request("WPS_AP_PIN get"):
raise Exception("Could not fetch current AP PIN")
logger.info("WPS provisioning step")
- dev[0].request("SET ignore_old_scan_res 1")
dev[0].wps_reg(apdev[0]['bssid'], appin)
hapd.request("WPS_AP_PIN disable")
logger.info("WPS provisioning step with AP PIN disabled")
- dev[1].request("SET ignore_old_scan_res 1")
- dev[1].request("WPS_REG " + apdev[0]['bssid'] + " " + appin)
- ev = dev[1].wait_event(["WPS-SUCCESS", "WPS-FAIL"], timeout=15)
- if ev is None:
- raise Exception("WPS operation timed out")
- if "WPS-SUCCESS" in ev:
- raise Exception("WPS operation succeeded unexpectedly")
- if "config_error=15" not in ev:
- raise Exception("WPS setup locked state was not reported correctly")
+ check_wps_reg_failure(dev[1], apdev[0], appin)
+
+ logger.info("WPS provisioning step with AP PIN reset")
+ appin = "12345670"
+ hapd.request("WPS_AP_PIN set " + appin)
+ dev[1].wps_reg(apdev[0]['bssid'], appin)
+ dev[0].request("REMOVE_NETWORK all")
+ dev[1].request("REMOVE_NETWORK all")
+ dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"])
+ dev[1].wait_event(["CTRL-EVENT-DISCONNECTED"])
+
+ logger.info("WPS provisioning step after AP PIN timeout")
+ hapd.request("WPS_AP_PIN disable")
+ appin = hapd.request("WPS_AP_PIN random 1")
+ time.sleep(1.1)
+ if "FAIL" not in hapd.request("WPS_AP_PIN get"):
+ raise Exception("AP PIN unexpectedly still enabled")
+ check_wps_reg_failure(dev[0], apdev[0], appin)
+
+ logger.info("WPS provisioning step after AP PIN timeout(2)")
+ hapd.request("WPS_AP_PIN disable")
+ appin = "12345670"
+ hapd.request("WPS_AP_PIN set " + appin + " 1")
+ time.sleep(1.1)
+ if "FAIL" not in hapd.request("WPS_AP_PIN get"):
+ raise Exception("AP PIN unexpectedly still enabled")
+ check_wps_reg_failure(dev[1], apdev[0], appin)
def test_ap_wps_reg_config(dev, apdev):
"""WPS registrar configuring and AP using AP PIN"""
{ "ssid": ssid, "eap_server": "1", "wps_state": "2",
"ap_pin": appin})
logger.info("WPS configuration step")
- dev[0].request("SET ignore_old_scan_res 1")
dev[0].dump_monitor()
new_ssid = "wps-new-ssid"
new_passphrase = "1234567890"
{ "ssid": ssid, "eap_server": "1", "wps_state": "1",
"ap_pin": appin})
logger.info("WPS configuration step")
- dev[0].request("SET ignore_old_scan_res 1")
dev[0].request("SET wps_version_number 0x10")
dev[0].dump_monitor()
new_ssid = "wps-new-ssid-with-tkip"
"wpa_passphrase": "12345678", "wpa": "2",
"wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
"ap_pin": appin})
- dev[0].request("SET ignore_old_scan_res 1")
new_ssid = "wps-new-ssid-test"
new_passphrase = "1234567890"
if not ap_setup_locked:
raise Exception("AP setup was not locked")
+ hapd = hostapd.Hostapd(apdev[0]['ifname'])
+ status = hapd.request("WPS_GET_STATUS")
+ if "Last WPS result: Failed" not in status:
+ raise Exception("WPS failure result not shown correctly")
+ if "Peer Address: " + dev[0].p2p_interface_addr() not in status:
+ raise Exception("Peer address not shown correctly")
+
time.sleep(0.5)
dev[0].dump_monitor()
logger.info("WPS provisioning step")
hapd = hostapd.Hostapd(apdev[0]['ifname'])
logger.info("WPS provisioning step")
hapd.request("WPS_PBC")
- dev[0].request("SET ignore_old_scan_res 1")
- dev[1].request("SET ignore_old_scan_res 1")
dev[0].dump_monitor()
dev[1].dump_monitor()
dev[0].request("WPS_PBC")
raise Exception("PBC session overlap not detected (dev1)")
if "config_error=12" not in ev:
raise Exception("PBC session overlap not correctly reported (dev1)")
+ hapd.request("WPS_CANCEL")
+ ret = hapd.request("WPS_PBC")
+ if "FAIL" not in ret:
+ raise Exception("PBC mode allowed to be started while PBC overlap still active")
def test_ap_wps_cancel(dev, apdev):
"""WPS AP cancelling enabled config method"""
logger.info("Verify PBC enable/cancel")
hapd.request("WPS_PBC")
- dev[0].request("SET ignore_old_scan_res 1")
dev[0].scan(freq="2412")
bss = dev[0].get_bss(apdev[0]['bssid'])
if "[WPS-PBC]" not in bss['flags']:
logger.info("WPS configuration step")
new_passphrase = "1234567890"
dev[0].dump_monitor()
- dev[0].request("SET ignore_old_scan_res 1")
dev[0].wps_reg(apdev[0]['bssid'], ap_pin, ssid, "WPA2PSK", "CCMP",
new_passphrase)
status = dev[0].get_status()
pin = dev[1].wps_read_pin()
dev[0].dump_monitor()
dev[0].request("WPS_ER_PIN any " + pin + " " + dev[1].p2p_interface_addr())
- dev[1].request("SET ignore_old_scan_res 1")
dev[1].dump_monitor()
dev[1].request("WPS_PIN any " + pin)
ev = dev[1].wait_event(["WPS-SUCCESS"], timeout=30)
raise Exception("WPS ER did not report success")
hwsim_utils.test_connectivity_sta(dev[0], dev[1])
+ logger.info("Add a specific Enrollee using ER")
+ pin = dev[2].wps_read_pin()
+ addr2 = dev[2].p2p_interface_addr()
+ dev[0].dump_monitor()
+ dev[2].dump_monitor()
+ dev[2].request("WPS_PIN any " + pin)
+ ev = dev[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout=10)
+ if ev is None:
+ raise Exception("Enrollee not seen")
+ if addr2 not in ev:
+ raise Exception("Unexpected Enrollee MAC address")
+ dev[0].request("WPS_ER_PIN " + addr2 + " " + pin + " " + addr2)
+ ev = dev[2].wait_event(["CTRL-EVENT-CONNECTED"], timeout=15)
+ if ev is None:
+ raise Exception("Association with the AP timed out")
+ ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15)
+ if ev is None:
+ raise Exception("WPS ER did not report success")
+
logger.info("Verify registrar selection behavior")
dev[0].request("WPS_ER_PIN any " + pin + " " + dev[1].p2p_interface_addr())
dev[1].request("DISCONNECT")
ev = dev[0].wait_event(["WPS-ER-AP-REMOVE"])
if ev is None:
raise Exception("WPS ER unsubscription timed out")
+ # It takes some time for the UPnP UNSUBSCRIBE command to go through, so wait
+ # a bit before verifying that the scan results have change.
+ time.sleep(0.2)
dev[1].scan(freq="2412")
bss = dev[1].get_bss(apdev[0]['bssid'])
"ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"})
logger.info("Learn AP configuration")
dev[0].dump_monitor()
- dev[0].request("SET ignore_old_scan_res 1")
dev[0].wps_reg(apdev[0]['bssid'], ap_pin)
status = dev[0].get_status()
if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
logger.info("Add Enrollee using ER and PBC")
dev[0].dump_monitor()
enrollee = dev[1].p2p_interface_addr()
- dev[1].request("SET ignore_old_scan_res 1")
dev[1].dump_monitor()
dev[1].request("WPS_PBC")
- ev = dev[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout=15)
- if ev is None:
- raise Exception("Enrollee discovery timed out")
- if enrollee not in ev:
- raise Exception("Expected Enrollee not found")
+ for i in range(0, 2):
+ ev = dev[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout=15)
+ if ev is None:
+ raise Exception("Enrollee discovery timed out")
+ if enrollee in ev:
+ break
+ if i == 1:
+ raise Exception("Expected Enrollee not found")
dev[0].request("WPS_ER_PBC " + enrollee)
ev = dev[1].wait_event(["WPS-SUCCESS"], timeout=15)
if "FAIL" in dev[0].request("WPS_ER_SET_CONFIG " + apdev[0]['bssid'] + " 0"):
raise Exception("Could not select AP based on BSSID")
+def test_ap_wps_er_v10_add_enrollee_pin(dev, apdev):
+ """WPS v1.0 ER connected to AP and adding a new enrollee using PIN"""
+ ssid = "wps-er-add-enrollee-pbc"
+ ap_pin = "12345670"
+ ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
+ hostapd.add_ap(apdev[0]['ifname'],
+ { "ssid": ssid, "eap_server": "1", "wps_state": "2",
+ "wpa_passphrase": "12345678", "wpa": "2",
+ "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
+ "device_name": "Wireless AP", "manufacturer": "Company",
+ "model_name": "WAP", "model_number": "123",
+ "serial_number": "12345", "device_type": "6-0050F204-1",
+ "os_version": "01020300",
+ "config_methods": "label push_button",
+ "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"})
+ logger.info("Learn AP configuration")
+ dev[0].request("SET wps_version_number 0x10")
+ dev[0].dump_monitor()
+ dev[0].wps_reg(apdev[0]['bssid'], ap_pin)
+ status = dev[0].get_status()
+ if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
+ raise Exception("Not fully connected")
+
+ logger.info("Start ER")
+ dev[0].request("WPS_ER_START ifname=lo")
+ ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
+ if ev is None:
+ raise Exception("AP discovery timed out")
+ if ap_uuid not in ev:
+ raise Exception("Expected AP UUID not found")
+
+ logger.info("Use learned network configuration on ER")
+ dev[0].request("WPS_ER_SET_CONFIG " + ap_uuid + " 0")
+
+ logger.info("Add Enrollee using ER and PIN")
+ enrollee = dev[1].p2p_interface_addr()
+ pin = dev[1].wps_read_pin()
+ dev[0].dump_monitor()
+ dev[0].request("WPS_ER_PIN any " + pin + " " + enrollee)
+ dev[1].dump_monitor()
+ dev[1].request("WPS_PIN any " + pin)
+ ev = dev[1].wait_event(["CTRL-EVENT-CONNECTED"], timeout=15)
+ if ev is None:
+ raise Exception("Association with the AP timed out")
+ ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15)
+ if ev is None:
+ raise Exception("WPS ER did not report success")
+
def test_ap_wps_er_config_ap(dev, apdev):
"""WPS ER configuring AP over UPnP"""
ssid = "wps-er-ap-config"
hapd = hostapd.Hostapd(apdev[0]['ifname'])
logger.info("WPS provisioning step")
hapd.request("WPS_PBC")
- dev[0].request("SET ignore_old_scan_res 1")
dev[0].dump_monitor()
dev[0].request("SET wps_fragment_size 50")
dev[0].request("WPS_PBC")
hapd = hostapd.Hostapd(apdev[0]['ifname'])
logger.info("WPS provisioning step")
hapd.request("WPS_PBC")
- dev[0].request("SET ignore_old_scan_res 1")
dev[0].dump_monitor()
dev[0].request("SET wps_version_number 0x43")
+ dev[0].request("SET wps_vendor_ext_m1 000137100100020001")
dev[0].request("WPS_PBC")
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=30)
if ev is None:
if "FAIL" in hapd.request("SET wps_version_number 0x43"):
raise Exception("Failed to enable test functionality")
hapd.request("WPS_PBC")
- dev[0].request("SET ignore_old_scan_res 1")
dev[0].dump_monitor()
dev[0].request("WPS_PBC")
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=30)
hapd.request("SET wps_version_number 0x20")
if ev is None:
raise Exception("Association with the AP timed out")
+
+def test_ap_wps_check_pin(dev, apdev):
+ """Verify PIN checking through control interface"""
+ hostapd.add_ap(apdev[0]['ifname'],
+ { "ssid": "wps", "eap_server": "1", "wps_state": "2",
+ "wpa_passphrase": "12345678", "wpa": "2",
+ "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP" })
+ hapd = hostapd.Hostapd(apdev[0]['ifname'])
+ for t in [ ("12345670", "12345670"),
+ ("12345678", "FAIL-CHECKSUM"),
+ ("1234-5670", "12345670"),
+ ("1234 5670", "12345670"),
+ ("1-2.3:4 5670", "12345670") ]:
+ res = hapd.request("WPS_CHECK_PIN " + t[0]).rstrip('\n')
+ res2 = dev[0].request("WPS_CHECK_PIN " + t[0]).rstrip('\n')
+ if res != res2:
+ raise Exception("Unexpected difference in WPS_CHECK_PIN responses")
+ if res != t[1]:
+ raise Exception("Incorrect WPS_CHECK_PIN response {} (expected {})".format(res, t[1]))
+
+def test_ap_wps_wep_config(dev, apdev):
+ """WPS 2.0 AP rejecting WEP configuration"""
+ ssid = "test-wps-config"
+ appin = "12345670"
+ hostapd.add_ap(apdev[0]['ifname'],
+ { "ssid": ssid, "eap_server": "1", "wps_state": "2",
+ "ap_pin": appin})
+ hapd = hostapd.Hostapd(apdev[0]['ifname'])
+ dev[0].wps_reg(apdev[0]['bssid'], appin, "wps-new-ssid-wep", "OPEN", "WEP",
+ "hello", no_wait=True)
+ ev = hapd.wait_event(["WPS-FAIL"], timeout=15)
+ if ev is None:
+ raise Exception("WPS-FAIL timed out")
+ if "reason=2" not in ev:
+ raise Exception("Unexpected reason code in WPS-FAIL")
+ status = hapd.request("WPS_GET_STATUS")
+ if "Last WPS result: Failed" not in status:
+ raise Exception("WPS failure result not shown correctly")
+ if "Failure Reason: WEP Prohibited" not in status:
+ raise Exception("Failure reason not reported correctly")
+ if "Peer Address: " + dev[0].p2p_interface_addr() not in status:
+ raise Exception("Peer address not shown correctly")
+
+def test_ap_wps_ie_fragmentation(dev, apdev):
+ """WPS AP using fragmented WPS IE"""
+ ssid = "test-wps-ie-fragmentation"
+ params = { "ssid": ssid, "eap_server": "1", "wps_state": "2",
+ "wpa_passphrase": "12345678", "wpa": "2",
+ "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
+ "device_name": "1234567890abcdef1234567890abcdef",
+ "manufacturer": "1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef",
+ "model_name": "1234567890abcdef1234567890abcdef",
+ "model_number": "1234567890abcdef1234567890abcdef",
+ "serial_number": "1234567890abcdef1234567890abcdef" }
+ hostapd.add_ap(apdev[0]['ifname'], params)
+ hapd = hostapd.Hostapd(apdev[0]['ifname'])
+ hapd.request("WPS_PBC")
+ dev[0].request("WPS_PBC")
+ ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=30)
+ if ev is None:
+ raise Exception("Association with the AP timed out")
+ bss = dev[0].get_bss(apdev[0]['bssid'])
+ if "wps_device_name" not in bss or bss['wps_device_name'] != "1234567890abcdef1234567890abcdef":
+ raise Exception("Device Name not received correctly")
+ if len(re.findall("dd..0050f204", bss['ie'])) != 2:
+ raise Exception("Unexpected number of WPS IEs")
projects / thirdparty / hostap.git / blobdiff