X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=tests%2Fhwsim%2Ftest_ap_hs20.py;h=521422bc6c1c569932fd6bce1048f916e3b4a1d8;hb=fb120f1652ddebe9062d1eacf87661fff14ee092;hp=ff0034c656b74e7b3a569f952d99d14bb708e502;hpb=40e4c9c8b0904dceaaf082f937c951210c1acbfd;p=thirdparty%2Fhostap.git diff --git a/tests/hwsim/test_ap_hs20.py b/tests/hwsim/test_ap_hs20.py index ff0034c65..521422bc6 100644 --- a/tests/hwsim/test_ap_hs20.py +++ b/tests/hwsim/test_ap_hs20.py @@ -1,13 +1,13 @@ # Hotspot 2.0 tests -# Copyright (c) 2013-2014, Jouni Malinen +# Copyright (c) 2013-2015, Jouni Malinen # # This software may be distributed under the terms of the BSD license. # See README for more details. +import base64 import binascii import struct import time -import subprocess import logging logger = logging.getLogger() import os @@ -16,9 +16,12 @@ import socket import subprocess import hostapd +from utils import HwsimSkip, skip_with_fips, alloc_fail import hwsim_utils +from tshark import run_tshark from wlantest import Wlantest from wpasupplicant import WpaSupplicant +from test_ap_eap import check_eap_capa, check_domain_match_full def hs20_ap_params(ssid="test-hs20"): params = hostapd.wpa2_params(ssid=ssid) @@ -52,18 +55,18 @@ def hs20_ap_params(ssid="test-hs20"): def check_auto_select(dev, bssid): dev.scan_for_bss(bssid, freq="2412") dev.request("INTERWORKING_SELECT auto freq=2412") - ev = dev.wait_event(["CTRL-EVENT-CONNECTED"], timeout=15) - if ev is None: - raise Exception("Connection timed out") + ev = dev.wait_connected(timeout=15) if bssid not in ev: raise Exception("Connected to incorrect network") dev.request("REMOVE_NETWORK all") + dev.wait_disconnected() + dev.dump_monitor() def interworking_select(dev, bssid, type=None, no_match=False, freq=None): dev.dump_monitor() if bssid and freq and not no_match: dev.scan_for_bss(bssid, freq=freq) - freq_extra = " freq=" + freq if freq else "" + freq_extra = " freq=" + str(freq) if freq else "" dev.request("INTERWORKING_SELECT" + freq_extra) ev = dev.wait_event(["INTERWORKING-AP", "INTERWORKING-NO-MATCH"], timeout=15) @@ -97,12 +100,9 @@ def check_sp_type(dev, sp_type): def hlr_auc_gw_available(): if not os.path.exists("/tmp/hlr_auc_gw.sock"): - logger.info("No hlr_auc_gw available"); - return False + raise HwsimSkip("No hlr_auc_gw socket available") if not os.path.exists("../../hostapd/hlr_auc_gw"): - logger.info("No hlr_auc_gw available"); - return False - return True + raise HwsimSkip("No hlr_auc_gw available") def interworking_ext_sim_connect(dev, bssid, method): dev.request("INTERWORKING_CONNECT " + bssid) @@ -133,9 +133,7 @@ def interworking_ext_sim_auth(dev, method): resp = res.split(' ')[2].rstrip() dev.request("CTRL-RSP-SIM-" + id + ":GSM-AUTH:" + resp) - ev = dev.wait_event(["CTRL-EVENT-CONNECTED"], timeout=15) - if ev is None: - raise Exception("Connection timed out") + dev.wait_connected(timeout=15) def interworking_connect(dev, bssid, method): dev.request("INTERWORKING_CONNECT " + bssid) @@ -148,9 +146,7 @@ def interworking_auth(dev, method): if "(" + method + ")" not in ev: raise Exception("Unexpected EAP method selection") - ev = dev.wait_event(["CTRL-EVENT-CONNECTED"], timeout=15) - if ev is None: - raise Exception("Connection timed out") + dev.wait_connected(timeout=15) def check_probe_resp(wt, bssid_unexpected, bssid_expected): if bssid_unexpected: @@ -165,16 +161,19 @@ def check_probe_resp(wt, bssid_unexpected, bssid_expected): def test_ap_anqp_sharing(dev, apdev): """ANQP sharing within ESS and explicit unshare""" + check_eap_capa(dev[0], "MSCHAPV2") + dev[0].flush_scan_cache() + bssid = apdev[0]['bssid'] params = hs20_ap_params() params['hessid'] = bssid - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) bssid2 = apdev[1]['bssid'] params = hs20_ap_params() params['hessid'] = bssid params['nai_realm'] = [ "0,example.com,13[5:6],21[2:4][5:7]" ] - hostapd.add_ap(apdev[1]['ifname'], params) + hostapd.add_ap(apdev[1], params) dev[0].hs20_enable() id = dev[0].add_cred_values({ 'realm': "example.com", 'username': "test", @@ -186,8 +185,13 @@ def test_ap_anqp_sharing(dev, apdev): interworking_select(dev[0], None, "home", freq="2412") dev[0].dump_monitor() + logger.debug("BSS entries:\n" + dev[0].request("BSS RANGE=ALL")) res1 = dev[0].get_bss(bssid) res2 = dev[0].get_bss(bssid2) + if 'anqp_nai_realm' not in res1: + raise Exception("anqp_nai_realm not found for AP1") + if 'anqp_nai_realm' not in res2: + raise Exception("anqp_nai_realm not found for AP2") if res1['anqp_nai_realm'] != res2['anqp_nai_realm']: raise Exception("ANQP results were not shared between BSSes") @@ -207,13 +211,45 @@ def test_ap_anqp_sharing(dev, apdev): if res1['anqp_nai_realm'] == res2['anqp_nai_realm']: raise Exception("ANQP results were not unshared") +def test_ap_anqp_sharing_oom(dev, apdev): + """ANQP sharing within ESS and explicit unshare OOM""" + check_eap_capa(dev[0], "MSCHAPV2") + dev[0].flush_scan_cache() + + bssid = apdev[0]['bssid'] + params = hs20_ap_params() + params['hessid'] = bssid + hostapd.add_ap(apdev[0], params) + + bssid2 = apdev[1]['bssid'] + params = hs20_ap_params() + params['hessid'] = bssid + params['nai_realm'] = [ "0,example.com,13[5:6],21[2:4][5:7]" ] + hostapd.add_ap(apdev[1], params) + + dev[0].hs20_enable() + id = dev[0].add_cred_values({ 'realm': "example.com", 'username': "test", + 'password': "secret", + 'domain': "example.com" }) + dev[0].scan_for_bss(bssid, freq="2412") + dev[0].scan_for_bss(bssid2, freq="2412") + interworking_select(dev[0], None, "home", freq="2412") + dev[0].dump_monitor() + + with alloc_fail(dev[0], 1, "wpa_bss_anqp_clone"): + dev[0].request("ANQP_GET " + bssid + " 263") + ev = dev[0].wait_event(["RX-ANQP"], timeout=5) + if ev is None: + raise Exception("ANQP operation timed out") + def test_ap_nai_home_realm_query(dev, apdev): """NAI Home Realm Query""" + check_eap_capa(dev[0], "MSCHAPV2") bssid = apdev[0]['bssid'] params = hs20_ap_params() params['nai_realm'] = [ "0,example.com,13[5:6],21[2:4][5:7]", "0,another.example.org" ] - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) dev[0].scan(freq="2412") dev[0].request("HS20_GET_NAI_HOME_REALM_LIST " + bssid + " realm=example.com") @@ -281,7 +317,7 @@ def test_ap_nai_home_realm_query(dev, apdev): def test_ap_interworking_scan_filtering(dev, apdev): """Interworking scan filtering with HESSID and access network type""" try: - return _test_ap_interworking_scan_filtering(dev, apdev) + _test_ap_interworking_scan_filtering(dev, apdev) finally: dev[0].request("SET hessid 00:00:00:00:00:00") dev[0].request("SET access_network_type 15") @@ -292,7 +328,7 @@ def _test_ap_interworking_scan_filtering(dev, apdev): ssid = "test-hs20-ap1" params['ssid'] = ssid params['hessid'] = bssid - hostapd.add_ap(apdev[0]['ifname'], params) + hapd0 = hostapd.add_ap(apdev[0], params) bssid2 = apdev[1]['bssid'] params = hs20_ap_params() @@ -302,10 +338,11 @@ def _test_ap_interworking_scan_filtering(dev, apdev): params['access_network_type'] = "1" del params['venue_group'] del params['venue_type'] - hostapd.add_ap(apdev[1]['ifname'], params) + hostapd.add_ap(apdev[1], params) dev[0].hs20_enable() + Wlantest.setup(hapd0) wt = Wlantest() wt.flush() @@ -367,7 +404,7 @@ def test_ap_hs20_select(dev, apdev): bssid = apdev[0]['bssid'] params = hs20_ap_params() params['hessid'] = bssid - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) dev[0].hs20_enable() id = dev[0].add_cred_values({ 'realm': "example.com", 'username': "test", @@ -393,7 +430,7 @@ def test_ap_hs20_select(dev, apdev): params['nai_realm'] = [ "0,example.org,21" ] params['hessid'] = bssid2 params['domain_name'] = "example.org" - hostapd.add_ap(apdev[1]['ifname'], params) + hostapd.add_ap(apdev[1], params) dev[0].remove_cred(id) id = dev[0].add_cred_values({ 'realm': "example.org", 'username': "test", 'password': "secret", @@ -406,7 +443,7 @@ def hs20_simulated_sim(dev, ap, method): params['hessid'] = bssid params['anqp_3gpp_cell_net'] = "555,444" params['domain_name'] = "wlan.mnc444.mcc555.3gppnetwork.org" - hostapd.add_ap(ap['ifname'], params) + hostapd.add_ap(ap, params) dev.hs20_enable() dev.add_cred_values({ 'imsi': "555444-333222111", 'eap': method, @@ -417,8 +454,7 @@ def hs20_simulated_sim(dev, ap, method): def test_ap_hs20_sim(dev, apdev): """Hotspot 2.0 with simulated SIM and EAP-SIM""" - if not hlr_auc_gw_available(): - return "skip" + hlr_auc_gw_available() hs20_simulated_sim(dev[0], apdev[0], "SIM") dev[0].request("INTERWORKING_SELECT auto freq=2412") ev = dev[0].wait_event(["INTERWORKING-ALREADY-CONNECTED"], timeout=15) @@ -427,26 +463,23 @@ def test_ap_hs20_sim(dev, apdev): def test_ap_hs20_aka(dev, apdev): """Hotspot 2.0 with simulated USIM and EAP-AKA""" - if not hlr_auc_gw_available(): - return "skip" + hlr_auc_gw_available() hs20_simulated_sim(dev[0], apdev[0], "AKA") def test_ap_hs20_aka_prime(dev, apdev): """Hotspot 2.0 with simulated USIM and EAP-AKA'""" - if not hlr_auc_gw_available(): - return "skip" + hlr_auc_gw_available() hs20_simulated_sim(dev[0], apdev[0], "AKA'") def test_ap_hs20_ext_sim(dev, apdev): """Hotspot 2.0 with external SIM processing""" - if not hlr_auc_gw_available(): - return "skip" + hlr_auc_gw_available() bssid = apdev[0]['bssid'] params = hs20_ap_params() params['hessid'] = bssid params['anqp_3gpp_cell_net'] = "232,01" params['domain_name'] = "wlan.mnc001.mcc232.3gppnetwork.org" - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) dev[0].hs20_enable() try: @@ -460,14 +493,13 @@ def test_ap_hs20_ext_sim(dev, apdev): def test_ap_hs20_ext_sim_roaming(dev, apdev): """Hotspot 2.0 with external SIM processing in roaming network""" - if not hlr_auc_gw_available(): - return "skip" + hlr_auc_gw_available() bssid = apdev[0]['bssid'] params = hs20_ap_params() params['hessid'] = bssid params['anqp_3gpp_cell_net'] = "244,91;310,026;232,01;234,56" params['domain_name'] = "wlan.mnc091.mcc244.3gppnetwork.org" - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) dev[0].hs20_enable() try: @@ -481,11 +513,12 @@ def test_ap_hs20_ext_sim_roaming(dev, apdev): def test_ap_hs20_username(dev, apdev): """Hotspot 2.0 connection in username/password credential""" + check_eap_capa(dev[0], "MSCHAPV2") bssid = apdev[0]['bssid'] params = hs20_ap_params() params['hessid'] = bssid params['disable_dgaf'] = '1' - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) dev[0].hs20_enable() id = dev[0].add_cred_values({ 'realm': "example.com", @@ -510,11 +543,12 @@ def test_ap_hs20_username(dev, apdev): def test_ap_hs20_connect_api(dev, apdev): """Hotspot 2.0 connection with connect API""" + check_eap_capa(dev[0], "MSCHAPV2") bssid = apdev[0]['bssid'] params = hs20_ap_params() params['hessid'] = bssid params['disable_dgaf'] = '1' - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5') wpas.interface_add("wlan5", drv_params="force_connect_cmd=1") @@ -537,11 +571,12 @@ def test_ap_hs20_connect_api(dev, apdev): def test_ap_hs20_auto_interworking(dev, apdev): """Hotspot 2.0 connection with auto_interworking=1""" + check_eap_capa(dev[0], "MSCHAPV2") bssid = apdev[0]['bssid'] params = hs20_ap_params() params['hessid'] = bssid params['disable_dgaf'] = '1' - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) dev[0].hs20_enable(auto_interworking=True) id = dev[0].add_cred_values({ 'realm': "example.com", @@ -551,9 +586,7 @@ def test_ap_hs20_auto_interworking(dev, apdev): 'domain': "example.com", 'update_identifier': "1234" }) dev[0].request("REASSOCIATE") - ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=15) - if ev is None: - raise Exception("Connection timed out") + dev[0].wait_connected(timeout=15) check_sp_type(dev[0], "home") status = dev[0].get_status() if status['pairwise_cipher'] != "CCMP": @@ -561,11 +594,50 @@ def test_ap_hs20_auto_interworking(dev, apdev): if status['hs20'] != "2": raise Exception("Unexpected HS 2.0 support indication") +def test_ap_hs20_auto_interworking_no_match(dev, apdev): + """Hotspot 2.0 connection with auto_interworking=1 and no matching network""" + hapd = hostapd.add_ap(apdev[0], { "ssid": "mismatch" }) + + dev[0].hs20_enable(auto_interworking=True) + id = dev[0].connect("mismatch", psk="12345678", scan_freq="2412", + only_add_network=True) + dev[0].request("ENABLE_NETWORK " + str(id) + " no-connect") + + id = dev[0].add_cred_values({ 'realm': "example.com", + 'username': "hs20-test", + 'password': "password", + 'ca_cert': "auth_serv/ca.pem", + 'domain': "example.com", + 'update_identifier': "1234" }) + dev[0].request("INTERWORKING_SELECT auto freq=2412") + time.sleep(0.1) + dev[0].dump_monitor() + for i in range(5): + logger.info("start ping") + if "PONG" not in dev[0].ctrl.request("PING", timeout=2): + raise Exception("PING failed") + logger.info("ping done") + fetch = 0 + scan = 0 + for j in range(15): + ev = dev[0].wait_event([ "ANQP fetch completed", + "CTRL-EVENT-SCAN-RESULTS" ], timeout=0.05) + if ev is None: + break + if "ANQP fetch completed" in ev: + fetch += 1 + else: + scan += 1 + if fetch > 2 * scan + 3: + raise Exception("Too many ANQP fetch iterations") + dev[0].dump_monitor() + dev[0].request("DISCONNECT") + def test_ap_hs20_auto_interworking_no_cred_match(dev, apdev): """Hotspot 2.0 connection with auto_interworking=1 but no cred match""" bssid = apdev[0]['bssid'] params = { "ssid": "test" } - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) dev[0].hs20_enable(auto_interworking=True) dev[0].add_cred_values({ 'realm': "example.com", @@ -587,10 +659,11 @@ def eap_test(dev, ap, eap_params, method, user): bssid = ap['bssid'] params = hs20_ap_params() params['nai_realm'] = [ "0,example.com," + eap_params ] - hostapd.add_ap(ap['ifname'], params) + hostapd.add_ap(ap, params) dev.hs20_enable() dev.add_cred_values({ 'realm': "example.com", + 'ca_cert': "auth_serv/ca.pem", 'username': user, 'password': "password" }) interworking_select(dev, bssid, freq="2412") @@ -601,7 +674,7 @@ def test_ap_hs20_eap_unknown(dev, apdev): bssid = apdev[0]['bssid'] params = hs20_ap_params() params['nai_realm'] = "0,example.com,99" - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) dev[0].hs20_enable() dev[0].add_cred_values(default_cred()) @@ -609,10 +682,12 @@ def test_ap_hs20_eap_unknown(dev, apdev): def test_ap_hs20_eap_peap_mschapv2(dev, apdev): """Hotspot 2.0 connection with PEAP/MSCHAPV2""" + check_eap_capa(dev[0], "MSCHAPV2") eap_test(dev[0], apdev[0], "25[3:26]", "PEAP", "user") def test_ap_hs20_eap_peap_default(dev, apdev): """Hotspot 2.0 connection with PEAP/MSCHAPV2 (as default)""" + check_eap_capa(dev[0], "MSCHAPV2") eap_test(dev[0], apdev[0], "25", "PEAP", "user") def test_ap_hs20_eap_peap_gtc(dev, apdev): @@ -624,7 +699,7 @@ def test_ap_hs20_eap_peap_unknown(dev, apdev): bssid = apdev[0]['bssid'] params = hs20_ap_params() params['nai_realm'] = "0,example.com,25[3:99]" - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) dev[0].hs20_enable() dev[0].add_cred_values(default_cred()) @@ -632,14 +707,17 @@ def test_ap_hs20_eap_peap_unknown(dev, apdev): def test_ap_hs20_eap_ttls_chap(dev, apdev): """Hotspot 2.0 connection with TTLS/CHAP""" + skip_with_fips(dev[0]) eap_test(dev[0], apdev[0], "21[2:2]", "TTLS", "chap user") def test_ap_hs20_eap_ttls_mschap(dev, apdev): """Hotspot 2.0 connection with TTLS/MSCHAP""" + skip_with_fips(dev[0]) eap_test(dev[0], apdev[0], "21[2:3]", "TTLS", "mschap user") def test_ap_hs20_eap_ttls_eap_mschapv2(dev, apdev): """Hotspot 2.0 connection with TTLS/EAP-MSCHAPv2""" + check_eap_capa(dev[0], "MSCHAPV2") eap_test(dev[0], apdev[0], "21[3:26][6:7][99:99]", "TTLS", "user") def test_ap_hs20_eap_ttls_eap_unknown(dev, apdev): @@ -647,7 +725,7 @@ def test_ap_hs20_eap_ttls_eap_unknown(dev, apdev): bssid = apdev[0]['bssid'] params = hs20_ap_params() params['nai_realm'] = "0,example.com,21[3:99]" - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) dev[0].hs20_enable() dev[0].add_cred_values(default_cred()) @@ -658,7 +736,7 @@ def test_ap_hs20_eap_ttls_eap_unsupported(dev, apdev): bssid = apdev[0]['bssid'] params = hs20_ap_params() params['nai_realm'] = "0,example.com,21[3:5]" - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) dev[0].hs20_enable() dev[0].add_cred_values(default_cred()) @@ -669,7 +747,7 @@ def test_ap_hs20_eap_ttls_unknown(dev, apdev): bssid = apdev[0]['bssid'] params = hs20_ap_params() params['nai_realm'] = "0,example.com,21[2:5]" - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) dev[0].hs20_enable() dev[0].add_cred_values(default_cred()) @@ -677,10 +755,12 @@ def test_ap_hs20_eap_ttls_unknown(dev, apdev): def test_ap_hs20_eap_fast_mschapv2(dev, apdev): """Hotspot 2.0 connection with FAST/EAP-MSCHAPV2""" + check_eap_capa(dev[0], "FAST") eap_test(dev[0], apdev[0], "43[3:26]", "FAST", "user") def test_ap_hs20_eap_fast_gtc(dev, apdev): """Hotspot 2.0 connection with FAST/EAP-GTC""" + check_eap_capa(dev[0], "FAST") eap_test(dev[0], apdev[0], "43[3:6]", "FAST", "user") def test_ap_hs20_eap_tls(dev, apdev): @@ -688,7 +768,7 @@ def test_ap_hs20_eap_tls(dev, apdev): bssid = apdev[0]['bssid'] params = hs20_ap_params() params['nai_realm'] = [ "0,example.com,13[5:6]" ] - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) dev[0].hs20_enable() dev[0].add_cred_values({ 'realm': "example.com", @@ -704,7 +784,7 @@ def test_ap_hs20_eap_cert_unknown(dev, apdev): bssid = apdev[0]['bssid'] params = hs20_ap_params() params['nai_realm'] = [ "0,example.com,99[5:6]" ] - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) dev[0].hs20_enable() dev[0].add_cred_values({ 'realm': "example.com", @@ -719,7 +799,7 @@ def test_ap_hs20_eap_cert_unsupported(dev, apdev): bssid = apdev[0]['bssid'] params = hs20_ap_params() params['nai_realm'] = [ "0,example.com,21[5:6]" ] - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) dev[0].hs20_enable() dev[0].add_cred_values({ 'realm': "example.com", @@ -733,7 +813,7 @@ def test_ap_hs20_eap_invalid_cred(dev, apdev): """Hotspot 2.0 connection with invalid cred configuration""" bssid = apdev[0]['bssid'] params = hs20_ap_params() - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) dev[0].hs20_enable() dev[0].add_cred_values({ 'realm': "example.com", @@ -747,10 +827,11 @@ def test_ap_hs20_nai_realms(dev, apdev): params = hs20_ap_params() params['hessid'] = bssid params['nai_realm'] = [ "0,no.match.here;example.com;no.match.here.either,21[2:1][5:7]" ] - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) dev[0].hs20_enable() id = dev[0].add_cred_values({ 'realm': "example.com", + 'ca_cert': "auth_serv/ca.pem", 'username': "pap user", 'password': "password", 'domain': "example.com" }) @@ -763,13 +844,14 @@ def test_ap_hs20_roaming_consortium(dev, apdev): bssid = apdev[0]['bssid'] params = hs20_ap_params() params['hessid'] = bssid - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) dev[0].hs20_enable() for consortium in [ "112233", "1020304050", "010203040506", "fedcba" ]: id = dev[0].add_cred_values({ 'username': "user", 'password': "password", 'domain': "example.com", + 'ca_cert': "auth_serv/ca.pem", 'roaming_consortium': consortium, 'eap': "PEAP" }) interworking_select(dev[0], bssid, "home", freq="2412") @@ -783,6 +865,7 @@ def test_ap_hs20_roaming_consortium(dev, apdev): def test_ap_hs20_username_roaming(dev, apdev): """Hotspot 2.0 connection in username/password credential (roaming)""" + check_eap_capa(dev[0], "MSCHAPV2") bssid = apdev[0]['bssid'] params = hs20_ap_params() params['nai_realm'] = [ "0,example.com,13[5:6],21[2:4][5:7]", @@ -790,12 +873,13 @@ def test_ap_hs20_username_roaming(dev, apdev): "0,another.example.com" ] params['domain_name'] = "another.example.com" params['hessid'] = bssid - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) dev[0].hs20_enable() id = dev[0].add_cred_values({ 'realm': "roaming.example.com", 'username': "hs20-test", 'password': "password", + 'ca_cert': "auth_serv/ca.pem", 'domain': "example.com" }) interworking_select(dev[0], bssid, "roaming", freq="2412") interworking_connect(dev[0], bssid, "TTLS") @@ -803,13 +887,15 @@ def test_ap_hs20_username_roaming(dev, apdev): def test_ap_hs20_username_unknown(dev, apdev): """Hotspot 2.0 connection in username/password credential (no domain in cred)""" + check_eap_capa(dev[0], "MSCHAPV2") bssid = apdev[0]['bssid'] params = hs20_ap_params() params['hessid'] = bssid - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) dev[0].hs20_enable() id = dev[0].add_cred_values({ 'realm': "example.com", + 'ca_cert': "auth_serv/ca.pem", 'username': "hs20-test", 'password': "password" }) interworking_select(dev[0], bssid, "unknown", freq="2412") @@ -818,14 +904,16 @@ def test_ap_hs20_username_unknown(dev, apdev): def test_ap_hs20_username_unknown2(dev, apdev): """Hotspot 2.0 connection in username/password credential (no domain advertized)""" + check_eap_capa(dev[0], "MSCHAPV2") bssid = apdev[0]['bssid'] params = hs20_ap_params() params['hessid'] = bssid del params['domain_name'] - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) dev[0].hs20_enable() id = dev[0].add_cred_values({ 'realm': "example.com", + 'ca_cert': "auth_serv/ca.pem", 'username': "hs20-test", 'password': "password", 'domain': "example.com" }) @@ -835,13 +923,15 @@ def test_ap_hs20_username_unknown2(dev, apdev): def test_ap_hs20_gas_while_associated(dev, apdev): """Hotspot 2.0 connection with GAS query while associated""" + check_eap_capa(dev[0], "MSCHAPV2") bssid = apdev[0]['bssid'] params = hs20_ap_params() params['hessid'] = bssid - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) dev[0].hs20_enable() id = dev[0].add_cred_values({ 'realm': "example.com", + 'ca_cert': "auth_serv/ca.pem", 'username': "hs20-test", 'password': "password", 'domain': "example.com" }) @@ -855,8 +945,47 @@ def test_ap_hs20_gas_while_associated(dev, apdev): if ev is None: raise Exception("Operation timed out") +def test_ap_hs20_gas_with_another_ap_while_associated(dev, apdev): + """GAS query with another AP while associated""" + check_eap_capa(dev[0], "MSCHAPV2") + bssid = apdev[0]['bssid'] + params = hs20_ap_params() + params['hessid'] = bssid + hostapd.add_ap(apdev[0], params) + + bssid2 = apdev[1]['bssid'] + params = hs20_ap_params() + params['hessid'] = bssid2 + params['nai_realm'] = [ "0,no-match.example.org,13[5:6],21[2:4][5:7]" ] + hostapd.add_ap(apdev[1], params) + + dev[0].hs20_enable() + id = dev[0].add_cred_values({ 'realm': "example.com", + 'ca_cert': "auth_serv/ca.pem", + 'username': "hs20-test", + 'password': "password", + 'domain': "example.com" }) + interworking_select(dev[0], bssid, "home", freq="2412") + interworking_connect(dev[0], bssid, "TTLS") + dev[0].dump_monitor() + + logger.info("Verifying GAS query with same AP while associated") + dev[0].request("ANQP_GET " + bssid + " 263") + ev = dev[0].wait_event(["RX-ANQP"], timeout=5) + if ev is None: + raise Exception("ANQP operation timed out") + dev[0].dump_monitor() + + logger.info("Verifying GAS query with another AP while associated") + dev[0].scan_for_bss(bssid2, 2412) + dev[0].request("ANQP_GET " + bssid2 + " 263") + ev = dev[0].wait_event(["RX-ANQP"], timeout=5) + if ev is None: + raise Exception("ANQP operation timed out") + def test_ap_hs20_gas_while_associated_with_pmf(dev, apdev): """Hotspot 2.0 connection with GAS query while associated and using PMF""" + check_eap_capa(dev[0], "MSCHAPV2") try: _test_ap_hs20_gas_while_associated_with_pmf(dev, apdev) finally: @@ -866,17 +995,18 @@ def _test_ap_hs20_gas_while_associated_with_pmf(dev, apdev): bssid = apdev[0]['bssid'] params = hs20_ap_params() params['hessid'] = bssid - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) bssid2 = apdev[1]['bssid'] params = hs20_ap_params() params['hessid'] = bssid2 params['nai_realm'] = [ "0,no-match.example.org,13[5:6],21[2:4][5:7]" ] - hostapd.add_ap(apdev[1]['ifname'], params) + hostapd.add_ap(apdev[1], params) dev[0].hs20_enable() dev[0].request("SET pmf 2") id = dev[0].add_cred_values({ 'realm': "example.com", + 'ca_cert': "auth_serv/ca.pem", 'username': "hs20-test", 'password': "password", 'domain': "example.com" }) @@ -890,17 +1020,63 @@ def _test_ap_hs20_gas_while_associated_with_pmf(dev, apdev): if ev is None: raise Exception("Operation timed out") +def test_ap_hs20_gas_with_another_ap_while_using_pmf(dev, apdev): + """GAS query with another AP while associated and using PMF""" + check_eap_capa(dev[0], "MSCHAPV2") + try: + _test_ap_hs20_gas_with_another_ap_while_using_pmf(dev, apdev) + finally: + dev[0].request("SET pmf 0") + +def _test_ap_hs20_gas_with_another_ap_while_using_pmf(dev, apdev): + bssid = apdev[0]['bssid'] + params = hs20_ap_params() + params['hessid'] = bssid + hostapd.add_ap(apdev[0], params) + + bssid2 = apdev[1]['bssid'] + params = hs20_ap_params() + params['hessid'] = bssid2 + params['nai_realm'] = [ "0,no-match.example.org,13[5:6],21[2:4][5:7]" ] + hostapd.add_ap(apdev[1], params) + + dev[0].hs20_enable() + dev[0].request("SET pmf 2") + id = dev[0].add_cred_values({ 'realm': "example.com", + 'ca_cert': "auth_serv/ca.pem", + 'username': "hs20-test", + 'password': "password", + 'domain': "example.com" }) + interworking_select(dev[0], bssid, "home", freq="2412") + interworking_connect(dev[0], bssid, "TTLS") + dev[0].dump_monitor() + + logger.info("Verifying GAS query with same AP while associated") + dev[0].request("ANQP_GET " + bssid + " 263") + ev = dev[0].wait_event(["RX-ANQP"], timeout=5) + if ev is None: + raise Exception("ANQP operation timed out") + dev[0].dump_monitor() + + logger.info("Verifying GAS query with another AP while associated") + dev[0].scan_for_bss(bssid2, 2412) + dev[0].request("ANQP_GET " + bssid2 + " 263") + ev = dev[0].wait_event(["RX-ANQP"], timeout=5) + if ev is None: + raise Exception("ANQP operation timed out") + def test_ap_hs20_gas_frag_while_associated(dev, apdev): """Hotspot 2.0 connection with fragmented GAS query while associated""" + check_eap_capa(dev[0], "MSCHAPV2") bssid = apdev[0]['bssid'] params = hs20_ap_params() params['hessid'] = bssid - hostapd.add_ap(apdev[0]['ifname'], params) - hapd = hostapd.Hostapd(apdev[0]['ifname']) + hapd = hostapd.add_ap(apdev[0], params) hapd.set("gas_frag_limit", "50") dev[0].hs20_enable() id = dev[0].add_cred_values({ 'realm': "example.com", + 'ca_cert': "auth_serv/ca.pem", 'username': "hs20-test", 'password': "password", 'domain': "example.com" }) @@ -916,13 +1092,15 @@ def test_ap_hs20_gas_frag_while_associated(dev, apdev): def test_ap_hs20_multiple_connects(dev, apdev): """Hotspot 2.0 connection through multiple network selections""" + check_eap_capa(dev[0], "MSCHAPV2") bssid = apdev[0]['bssid'] params = hs20_ap_params() params['hessid'] = bssid - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) dev[0].hs20_enable() values = { 'realm': "example.com", + 'ca_cert': "auth_serv/ca.pem", 'username': "hs20-test", 'password': "password", 'domain': "example.com" } @@ -958,10 +1136,11 @@ def test_ap_hs20_disallow_aps(dev, apdev): bssid = apdev[0]['bssid'] params = hs20_ap_params() params['hessid'] = bssid - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) dev[0].hs20_enable() values = { 'realm': "example.com", + 'ca_cert': "auth_serv/ca.pem", 'username': "hs20-test", 'password': "password", 'domain': "example.com" } @@ -1028,9 +1207,7 @@ def policy_test(dev, ap, values, only_one=True): raise Exception("Selected incorrect BSS") break - ev = dev.wait_event(["CTRL-EVENT-CONNECTED"], timeout=15) - if ev is None: - raise Exception("Connection timed out") + ev = dev.wait_connected(timeout=15) if bssid and bssid not in ev: raise Exception("Connected to incorrect BSS") @@ -1042,9 +1219,10 @@ def policy_test(dev, ap, values, only_one=True): dev.dump_monitor() return events -def default_cred(domain=None): +def default_cred(domain=None, user="hs20-test"): cred = { 'realm': "example.com", - 'username': "hs20-test", + 'ca_cert': "auth_serv/ca.pem", + 'username': user, 'password': "password" } if domain: cred['domain'] = domain @@ -1052,14 +1230,15 @@ def default_cred(domain=None): def test_ap_hs20_prefer_home(dev, apdev): """Hotspot 2.0 required roaming consortium""" + check_eap_capa(dev[0], "MSCHAPV2") params = hs20_ap_params() params['domain_name'] = "example.org" - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) params = hs20_ap_params() params['ssid'] = "test-hs20-other" params['domain_name'] = "example.com" - hostapd.add_ap(apdev[1]['ifname'], params) + hostapd.add_ap(apdev[1], params) values = default_cred() values['domain'] = "example.com" @@ -1069,13 +1248,14 @@ def test_ap_hs20_prefer_home(dev, apdev): def test_ap_hs20_req_roaming_consortium(dev, apdev): """Hotspot 2.0 required roaming consortium""" + check_eap_capa(dev[0], "MSCHAPV2") params = hs20_ap_params() - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) params = hs20_ap_params() params['ssid'] = "test-hs20-other" params['roaming_consortium'] = [ "223344" ] - hostapd.add_ap(apdev[1]['ifname'], params) + hostapd.add_ap(apdev[1], params) values = default_cred() values['required_roaming_consortium'] = "223344" @@ -1093,16 +1273,17 @@ def test_ap_hs20_req_roaming_consortium(dev, apdev): def test_ap_hs20_excluded_ssid(dev, apdev): """Hotspot 2.0 exclusion based on SSID""" + check_eap_capa(dev[0], "MSCHAPV2") params = hs20_ap_params() params['roaming_consortium'] = [ "223344" ] params['anqp_3gpp_cell_net'] = "555,444" - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) params = hs20_ap_params() params['ssid'] = "test-hs20-other" params['roaming_consortium'] = [ "223344" ] params['anqp_3gpp_cell_net'] = "555,444" - hostapd.add_ap(apdev[1]['ifname'], params) + hostapd.add_ap(apdev[1], params) values = default_cred() values['excluded_ssid'] = "test-hs20" @@ -1136,13 +1317,15 @@ def test_ap_hs20_excluded_ssid(dev, apdev): def test_ap_hs20_roam_to_higher_prio(dev, apdev): """Hotspot 2.0 and roaming from current to higher priority network""" + check_eap_capa(dev[0], "MSCHAPV2") bssid = apdev[0]['bssid'] params = hs20_ap_params(ssid="test-hs20-visited") params['domain_name'] = "visited.example.org" - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) dev[0].hs20_enable() id = dev[0].add_cred_values({ 'realm': "example.com", + 'ca_cert': "auth_serv/ca.pem", 'username': "hs20-test", 'password': "password", 'domain': "example.com" }) @@ -1155,7 +1338,7 @@ def test_ap_hs20_roam_to_higher_prio(dev, apdev): bssid2 = apdev[1]['bssid'] params = hs20_ap_params(ssid="test-hs20-home") params['domain_name'] = "example.com" - hostapd.add_ap(apdev[1]['ifname'], params) + hostapd.add_ap(apdev[1], params) dev[0].scan_for_bss(bssid2, freq="2412", force_scan=True) dev[0].request("INTERWORKING_SELECT auto freq=2412") @@ -1171,18 +1354,21 @@ def test_ap_hs20_roam_to_higher_prio(dev, apdev): if bssid2 not in ev: raise Exception("Unexpected BSSID after reconnection") -def test_ap_hs20_domain_suffix_match(dev, apdev): +def test_ap_hs20_domain_suffix_match_full(dev, apdev): """Hotspot 2.0 and domain_suffix_match""" + check_domain_match_full(dev[0]) + check_eap_capa(dev[0], "MSCHAPV2") bssid = apdev[0]['bssid'] params = hs20_ap_params() - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) dev[0].hs20_enable() id = dev[0].add_cred_values({ 'realm': "example.com", 'username': "hs20-test", 'password': "password", + 'ca_cert': "auth_serv/ca.pem", 'domain': "example.com", - 'domain_suffix_match': "w1.fi" }) + 'domain_suffix_match': "server.w1.fi" }) interworking_select(dev[0], bssid, "home", freq="2412") dev[0].dump_monitor() interworking_connect(dev[0], bssid, "TTLS") @@ -1199,16 +1385,36 @@ def test_ap_hs20_domain_suffix_match(dev, apdev): if "Domain suffix mismatch" not in ev: raise Exception("Domain suffix mismatch not reported") +def test_ap_hs20_domain_suffix_match(dev, apdev): + """Hotspot 2.0 and domain_suffix_match""" + check_eap_capa(dev[0], "MSCHAPV2") + check_domain_match_full(dev[0]) + bssid = apdev[0]['bssid'] + params = hs20_ap_params() + hostapd.add_ap(apdev[0], params) + + dev[0].hs20_enable() + id = dev[0].add_cred_values({ 'realm': "example.com", + 'username': "hs20-test", + 'password': "password", + 'ca_cert': "auth_serv/ca.pem", + 'domain': "example.com", + 'domain_suffix_match': "w1.fi" }) + interworking_select(dev[0], bssid, "home", freq="2412") + dev[0].dump_monitor() + interworking_connect(dev[0], bssid, "TTLS") + def test_ap_hs20_roaming_partner_preference(dev, apdev): """Hotspot 2.0 and roaming partner preference""" + check_eap_capa(dev[0], "MSCHAPV2") params = hs20_ap_params() params['domain_name'] = "roaming.example.org" - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) params = hs20_ap_params() params['ssid'] = "test-hs20-other" params['domain_name'] = "roaming.example.net" - hostapd.add_ap(apdev[1]['ifname'], params) + hostapd.add_ap(apdev[1], params) logger.info("Verify default vs. specified preference") values = default_cred() @@ -1225,14 +1431,15 @@ def test_ap_hs20_roaming_partner_preference(dev, apdev): def test_ap_hs20_max_bss_load(dev, apdev): """Hotspot 2.0 and maximum BSS load""" + check_eap_capa(dev[0], "MSCHAPV2") params = hs20_ap_params() params['bss_load_test'] = "12:200:20000" - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) params = hs20_ap_params() params['ssid'] = "test-hs20-other" params['bss_load_test'] = "5:20:10000" - hostapd.add_ap(apdev[1]['ifname'], params) + hostapd.add_ap(apdev[1], params) logger.info("Verify maximum BSS load constraint") values = default_cred() @@ -1260,13 +1467,14 @@ def test_ap_hs20_max_bss_load(dev, apdev): def test_ap_hs20_max_bss_load2(dev, apdev): """Hotspot 2.0 and maximum BSS load with one AP not advertising""" + check_eap_capa(dev[0], "MSCHAPV2") params = hs20_ap_params() params['bss_load_test'] = "12:200:20000" - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) params = hs20_ap_params() params['ssid'] = "test-hs20-other" - hostapd.add_ap(apdev[1]['ifname'], params) + hostapd.add_ap(apdev[1], params) logger.info("Verify maximum BSS load constraint with AP advertisement") values = default_cred() @@ -1283,20 +1491,20 @@ def test_ap_hs20_max_bss_load2(dev, apdev): def test_ap_hs20_multi_cred_sp_prio(dev, apdev): """Hotspot 2.0 multi-cred sp_priority""" + check_eap_capa(dev[0], "MSCHAPV2") try: - return _test_ap_hs20_multi_cred_sp_prio(dev, apdev) + _test_ap_hs20_multi_cred_sp_prio(dev, apdev) finally: dev[0].request("SET external_sim 0") def _test_ap_hs20_multi_cred_sp_prio(dev, apdev): - if not hlr_auc_gw_available(): - return "skip" + hlr_auc_gw_available() bssid = apdev[0]['bssid'] params = hs20_ap_params() params['hessid'] = bssid del params['domain_name'] params['anqp_3gpp_cell_net'] = "232,01" - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) dev[0].hs20_enable() dev[0].scan_for_bss(bssid, freq="2412") @@ -1305,6 +1513,7 @@ def _test_ap_hs20_multi_cred_sp_prio(dev, apdev): 'provisioning_sp': "example.com", 'sp_priority' :"1" }) id2 = dev[0].add_cred_values({ 'realm': "example.com", + 'ca_cert': "auth_serv/ca.pem", 'username': "hs20-test", 'password': "password", 'domain': "example.com", @@ -1326,21 +1535,21 @@ def _test_ap_hs20_multi_cred_sp_prio(dev, apdev): def test_ap_hs20_multi_cred_sp_prio2(dev, apdev): """Hotspot 2.0 multi-cred sp_priority with two BSSes""" + check_eap_capa(dev[0], "MSCHAPV2") try: - return _test_ap_hs20_multi_cred_sp_prio2(dev, apdev) + _test_ap_hs20_multi_cred_sp_prio2(dev, apdev) finally: dev[0].request("SET external_sim 0") def _test_ap_hs20_multi_cred_sp_prio2(dev, apdev): - if not hlr_auc_gw_available(): - return "skip" + hlr_auc_gw_available() bssid = apdev[0]['bssid'] params = hs20_ap_params() params['hessid'] = bssid del params['nai_realm'] del params['domain_name'] params['anqp_3gpp_cell_net'] = "232,01" - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) bssid2 = apdev[1]['bssid'] params = hs20_ap_params() @@ -1348,7 +1557,7 @@ def _test_ap_hs20_multi_cred_sp_prio2(dev, apdev): params['hessid'] = bssid2 del params['domain_name'] del params['anqp_3gpp_cell_net'] - hostapd.add_ap(apdev[1]['ifname'], params) + hostapd.add_ap(apdev[1], params) dev[0].hs20_enable() dev[0].request("SET external_sim 1") @@ -1356,6 +1565,7 @@ def _test_ap_hs20_multi_cred_sp_prio2(dev, apdev): 'provisioning_sp': "example.com", 'sp_priority': "1" }) id2 = dev[0].add_cred_values({ 'realm': "example.com", + 'ca_cert': "auth_serv/ca.pem", 'username': "hs20-test", 'password': "password", 'domain': "example.com", @@ -1402,9 +1612,10 @@ def conn_capab_cred(domain=None, req_conn_capab=None): def test_ap_hs20_req_conn_capab(dev, apdev): """Hotspot 2.0 network selection with req_conn_capab""" + check_eap_capa(dev[0], "MSCHAPV2") bssid = apdev[0]['bssid'] params = hs20_ap_params() - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) dev[0].hs20_enable() dev[0].scan_for_bss(bssid, freq="2412") @@ -1437,7 +1648,7 @@ def test_ap_hs20_req_conn_capab(dev, apdev): bssid2 = apdev[1]['bssid'] params = hs20_ap_params(ssid="test-hs20b") params['hs20_conn_capab'] = [ "1:0:2", "6:22:1", "17:5060:0", "50:0:1" ] - hostapd.add_ap(apdev[1]['ifname'], params) + hostapd.add_ap(apdev[1], params) dev[0].remove_cred(id) values = conn_capab_cred(domain="example.org", req_conn_capab="50") @@ -1456,16 +1667,17 @@ def test_ap_hs20_req_conn_capab(dev, apdev): def test_ap_hs20_req_conn_capab_and_roaming_partner_preference(dev, apdev): """Hotspot 2.0 and req_conn_capab with roaming partner preference""" + check_eap_capa(dev[0], "MSCHAPV2") bssid = apdev[0]['bssid'] params = hs20_ap_params() params['domain_name'] = "roaming.example.org" params['hs20_conn_capab'] = [ "1:0:2", "6:22:1", "17:5060:0", "50:0:1" ] - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) bssid2 = apdev[1]['bssid'] params = hs20_ap_params(ssid="test-hs20-b") params['domain_name'] = "roaming.example.net" - hostapd.add_ap(apdev[1]['ifname'], params) + hostapd.add_ap(apdev[1], params) values = default_cred() values['roaming_partner'] = "roaming.example.net,1,127,*" @@ -1485,6 +1697,7 @@ def check_bandwidth_selection(dev, type, below): ev = dev.wait_event(["INTERWORKING-AP"]) if ev is None: raise Exception("Network selection timed out"); + logger.debug("BSS entries:\n" + dev.request("BSS RANGE=ALL")) if "type=" + type not in ev: raise Exception("Unexpected network type") if below and "below_min_backhaul=1" not in ev: @@ -1506,9 +1719,10 @@ def bw_cred(domain=None, dl_home=None, ul_home=None, dl_roaming=None, ul_roaming def test_ap_hs20_min_bandwidth_home(dev, apdev): """Hotspot 2.0 network selection with min bandwidth (home)""" + check_eap_capa(dev[0], "MSCHAPV2") bssid = apdev[0]['bssid'] params = hs20_ap_params() - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) dev[0].hs20_enable() dev[0].scan_for_bss(bssid, freq="2412") @@ -1535,15 +1749,63 @@ def test_ap_hs20_min_bandwidth_home(dev, apdev): bssid2 = apdev[1]['bssid'] params = hs20_ap_params(ssid="test-hs20-b") params['hs20_wan_metrics'] = "01:8000:1000:1:1:3000" - hostapd.add_ap(apdev[1]['ifname'], params) + hostapd.add_ap(apdev[1], params) check_auto_select(dev[0], bssid2) +def test_ap_hs20_min_bandwidth_home_hidden_ssid_in_scan_res(dev, apdev): + """Hotspot 2.0 network selection with min bandwidth (home) while hidden SSID is included in scan results""" + check_eap_capa(dev[0], "MSCHAPV2") + bssid = apdev[0]['bssid'] + + hapd = hostapd.add_ap(apdev[0], { "ssid": 'secret', + "ignore_broadcast_ssid": "1" }) + dev[0].scan_for_bss(bssid, freq=2412) + hapd.disable() + hapd_global = hostapd.HostapdGlobal(apdev[0]) + hapd_global.flush() + hapd_global.remove(apdev[0]['ifname']) + + params = hs20_ap_params() + hostapd.add_ap(apdev[0], params) + + dev[0].hs20_enable() + dev[0].scan_for_bss(bssid, freq="2412") + values = bw_cred(domain="example.com", dl_home=5490, ul_home=58) + id = dev[0].add_cred_values(values) + check_bandwidth_selection(dev[0], "home", False) + dev[0].remove_cred(id) + + values = bw_cred(domain="example.com", dl_home=5491, ul_home=58) + id = dev[0].add_cred_values(values) + check_bandwidth_selection(dev[0], "home", True) + dev[0].remove_cred(id) + + values = bw_cred(domain="example.com", dl_home=5490, ul_home=59) + id = dev[0].add_cred_values(values) + check_bandwidth_selection(dev[0], "home", True) + dev[0].remove_cred(id) + + values = bw_cred(domain="example.com", dl_home=5491, ul_home=59) + id = dev[0].add_cred_values(values) + check_bandwidth_selection(dev[0], "home", True) + check_auto_select(dev[0], bssid) + + bssid2 = apdev[1]['bssid'] + params = hs20_ap_params(ssid="test-hs20-b") + params['hs20_wan_metrics'] = "01:8000:1000:1:1:3000" + hostapd.add_ap(apdev[1], params) + + check_auto_select(dev[0], bssid2) + + dev[0].flush_scan_cache() + def test_ap_hs20_min_bandwidth_roaming(dev, apdev): """Hotspot 2.0 network selection with min bandwidth (roaming)""" + check_eap_capa(dev[0], "MSCHAPV2") bssid = apdev[0]['bssid'] params = hs20_ap_params() - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) dev[0].hs20_enable() dev[0].scan_for_bss(bssid, freq="2412") @@ -1570,22 +1832,23 @@ def test_ap_hs20_min_bandwidth_roaming(dev, apdev): bssid2 = apdev[1]['bssid'] params = hs20_ap_params(ssid="test-hs20-b") params['hs20_wan_metrics'] = "01:8000:1000:1:1:3000" - hostapd.add_ap(apdev[1]['ifname'], params) + hostapd.add_ap(apdev[1], params) check_auto_select(dev[0], bssid2) def test_ap_hs20_min_bandwidth_and_roaming_partner_preference(dev, apdev): """Hotspot 2.0 and minimum bandwidth with roaming partner preference""" + check_eap_capa(dev[0], "MSCHAPV2") bssid = apdev[0]['bssid'] params = hs20_ap_params() params['domain_name'] = "roaming.example.org" params['hs20_wan_metrics'] = "01:8000:1000:1:1:3000" - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) bssid2 = apdev[1]['bssid'] params = hs20_ap_params(ssid="test-hs20-b") params['domain_name'] = "roaming.example.net" - hostapd.add_ap(apdev[1]['ifname'], params) + hostapd.add_ap(apdev[1], params) values = default_cred() values['roaming_partner'] = "roaming.example.net,1,127,*" @@ -1603,7 +1866,7 @@ def test_ap_hs20_min_bandwidth_no_wan_metrics(dev, apdev): bssid = apdev[0]['bssid'] params = hs20_ap_params() del params['hs20_wan_metrics'] - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) dev[0].hs20_enable() dev[0].scan_for_bss(bssid, freq="2412") @@ -1614,6 +1877,7 @@ def test_ap_hs20_min_bandwidth_no_wan_metrics(dev, apdev): def test_ap_hs20_deauth_req_ess(dev, apdev): """Hotspot 2.0 connection and deauthentication request for ESS""" + check_eap_capa(dev[0], "MSCHAPV2") try: _test_ap_hs20_deauth_req_ess(dev, apdev) finally: @@ -1632,9 +1896,7 @@ def _test_ap_hs20_deauth_req_ess(dev, apdev): if "1 120 http://example.com/" not in ev: raise Exception("Unexpected deauth imminent notice: " + ev) hapd.request("DEAUTHENTICATE " + addr) - ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"]) - if ev is None: - raise Exception("Timeout on disconnection") + dev[0].wait_disconnected(timeout=10) if "[TEMP-DISABLED]" not in dev[0].list_networks()[0]['flags']: raise Exception("Network not marked temporarily disabled") ev = dev[0].wait_event(["SME: Trying to authenticate", @@ -1645,6 +1907,7 @@ def _test_ap_hs20_deauth_req_ess(dev, apdev): def test_ap_hs20_deauth_req_bss(dev, apdev): """Hotspot 2.0 connection and deauthentication request for BSS""" + check_eap_capa(dev[0], "MSCHAPV2") try: _test_ap_hs20_deauth_req_bss(dev, apdev) finally: @@ -1663,9 +1926,7 @@ def _test_ap_hs20_deauth_req_bss(dev, apdev): if "0 120 http://example.com/" not in ev: raise Exception("Unexpected deauth imminent notice: " + ev) hapd.request("DEAUTHENTICATE " + addr + " reason=4") - ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"]) - if ev is None: - raise Exception("Timeout on disconnection") + ev = dev[0].wait_disconnected(timeout=10) if "reason=4" not in ev: raise Exception("Unexpected disconnection reason") if "[TEMP-DISABLED]" not in dev[0].list_networks()[0]['flags']: @@ -1678,6 +1939,7 @@ def _test_ap_hs20_deauth_req_bss(dev, apdev): def test_ap_hs20_deauth_req_from_radius(dev, apdev): """Hotspot 2.0 connection and deauthentication request from RADIUS""" + check_eap_capa(dev[0], "MSCHAPV2") try: _test_ap_hs20_deauth_req_from_radius(dev, apdev) finally: @@ -1688,7 +1950,7 @@ def _test_ap_hs20_deauth_req_from_radius(dev, apdev): params = hs20_ap_params() params['nai_realm'] = [ "0,example.com,21[2:4]" ] params['hs20_deauth_req_timeout'] = "2" - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) dev[0].request("SET pmf 2") dev[0].hs20_enable() @@ -1702,12 +1964,11 @@ def _test_ap_hs20_deauth_req_from_radius(dev, apdev): raise Exception("Timeout on deauth imminent notice") if " 1 100" not in ev: raise Exception("Unexpected deauth imminent contents") - ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=3) - if ev is None: - raise Exception("Timeout on disconnection") + dev[0].wait_disconnected(timeout=3) def test_ap_hs20_remediation_required(dev, apdev): """Hotspot 2.0 connection and remediation required from RADIUS""" + check_eap_capa(dev[0], "MSCHAPV2") try: _test_ap_hs20_remediation_required(dev, apdev) finally: @@ -1717,7 +1978,7 @@ def _test_ap_hs20_remediation_required(dev, apdev): bssid = apdev[0]['bssid'] params = hs20_ap_params() params['nai_realm'] = [ "0,example.com,21[2:4]" ] - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) dev[0].request("SET pmf 1") dev[0].hs20_enable() @@ -1734,6 +1995,7 @@ def _test_ap_hs20_remediation_required(dev, apdev): def test_ap_hs20_remediation_required_ctrl(dev, apdev): """Hotspot 2.0 connection and subrem from ctrl_iface""" + check_eap_capa(dev[0], "MSCHAPV2") try: _test_ap_hs20_remediation_required_ctrl(dev, apdev) finally: @@ -1741,10 +2003,10 @@ def test_ap_hs20_remediation_required_ctrl(dev, apdev): def _test_ap_hs20_remediation_required_ctrl(dev, apdev): bssid = apdev[0]['bssid'] - addr = dev[0].p2p_dev_addr() + addr = dev[0].own_addr() params = hs20_ap_params() params['nai_realm'] = [ "0,example.com,21[2:4]" ] - hapd = hostapd.add_ap(apdev[0]['ifname'], params) + hapd = hostapd.add_ap(apdev[0], params) dev[0].request("SET pmf 1") dev[0].hs20_enable() @@ -1775,6 +2037,7 @@ def _test_ap_hs20_remediation_required_ctrl(dev, apdev): def test_ap_hs20_session_info(dev, apdev): """Hotspot 2.0 connection and session information from RADIUS""" + check_eap_capa(dev[0], "MSCHAPV2") try: _test_ap_hs20_session_info(dev, apdev) finally: @@ -1784,7 +2047,7 @@ def _test_ap_hs20_session_info(dev, apdev): bssid = apdev[0]['bssid'] params = hs20_ap_params() params['nai_realm'] = [ "0,example.com,21[2:4]" ] - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) dev[0].request("SET pmf 1") dev[0].hs20_enable() @@ -1812,17 +2075,26 @@ def test_ap_hs20_osen(dev, apdev): 'auth_server_addr': "127.0.0.1", 'auth_server_port': "1812", 'auth_server_shared_secret': "radius" } - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) dev[1].connect("osen", key_mgmt="NONE", scan_freq="2412", wait_connect=False) dev[2].connect("osen", key_mgmt="NONE", wep_key0='"hello"', scan_freq="2412", wait_connect=False) + dev[0].flush_scan_cache() dev[0].connect("osen", proto="OSEN", key_mgmt="OSEN", pairwise="CCMP", group="GTK_NOT_USED", eap="WFA-UNAUTH-TLS", identity="osen@example.com", ca_cert="auth_serv/ca.pem", scan_freq="2412") + res = dev[0].get_bss(apdev[0]['bssid'])['flags'] + if "[OSEN-OSEN-CCMP]" not in res: + raise Exception("OSEN not reported in BSS") + if "[WEP]" in res: + raise Exception("WEP reported in BSS") + res = dev[0].request("SCAN_RESULTS") + if "[OSEN-OSEN-CCMP]" not in res: + raise Exception("OSEN not reported in SCAN_RESULTS") wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5') wpas.interface_add("wlan5", drv_params="force_connect_cmd=1") @@ -1835,9 +2107,10 @@ def test_ap_hs20_osen(dev, apdev): def test_ap_hs20_network_preference(dev, apdev): """Hotspot 2.0 network selection with preferred home network""" + check_eap_capa(dev[0], "MSCHAPV2") bssid = apdev[0]['bssid'] params = hs20_ap_params() - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) dev[0].hs20_enable() values = { 'realm': "example.com", @@ -1854,15 +2127,13 @@ def test_ap_hs20_network_preference(dev, apdev): dev[0].scan_for_bss(bssid, freq="2412") dev[0].request("INTERWORKING_SELECT auto freq=2412") - ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=15) - if ev is None: - raise Exception("Connection timed out") + ev = dev[0].wait_connected(timeout=15) if bssid not in ev: raise Exception("Unexpected network selected") bssid2 = apdev[1]['bssid'] params = hostapd.wpa2_params(ssid="home", passphrase="12345678") - hostapd.add_ap(apdev[1]['ifname'], params) + hostapd.add_ap(apdev[1], params) dev[0].scan_for_bss(bssid2, freq="2412") dev[0].request("INTERWORKING_SELECT auto freq=2412") @@ -1877,9 +2148,10 @@ def test_ap_hs20_network_preference(dev, apdev): def test_ap_hs20_network_preference2(dev, apdev): """Hotspot 2.0 network selection with preferred credential""" + check_eap_capa(dev[0], "MSCHAPV2") bssid2 = apdev[1]['bssid'] params = hostapd.wpa2_params(ssid="home", passphrase="12345678") - hostapd.add_ap(apdev[1]['ifname'], params) + hostapd.add_ap(apdev[1], params) dev[0].hs20_enable() values = { 'realm': "example.com", @@ -1896,15 +2168,13 @@ def test_ap_hs20_network_preference2(dev, apdev): dev[0].scan_for_bss(bssid2, freq="2412") dev[0].request("INTERWORKING_SELECT auto freq=2412") - ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=15) - if ev is None: - raise Exception("Connection timed out") + ev = dev[0].wait_connected(timeout=15) if bssid2 not in ev: raise Exception("Unexpected network selected") bssid = apdev[0]['bssid'] params = hs20_ap_params() - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) dev[0].scan_for_bss(bssid, freq="2412") dev[0].request("INTERWORKING_SELECT auto freq=2412") @@ -1919,14 +2189,15 @@ def test_ap_hs20_network_preference2(dev, apdev): def test_ap_hs20_network_preference3(dev, apdev): """Hotspot 2.0 network selection with two credential (one preferred)""" + check_eap_capa(dev[0], "MSCHAPV2") bssid = apdev[0]['bssid'] params = hs20_ap_params() - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) bssid2 = apdev[1]['bssid'] params = hs20_ap_params(ssid="test-hs20b") params['nai_realm'] = "0,example.org,13[5:6],21[2:4][5:7]" - hostapd.add_ap(apdev[1]['ifname'], params) + hostapd.add_ap(apdev[1], params) dev[0].hs20_enable() values = { 'realm': "example.com", @@ -1942,9 +2213,7 @@ def test_ap_hs20_network_preference3(dev, apdev): dev[0].scan_for_bss(bssid, freq="2412") dev[0].scan_for_bss(bssid2, freq="2412") dev[0].request("INTERWORKING_SELECT auto freq=2412") - ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=15) - if ev is None: - raise Exception("Connection timed out") + ev = dev[0].wait_connected(timeout=15) if bssid not in ev: raise Exception("Unexpected network selected") @@ -1961,16 +2230,17 @@ def test_ap_hs20_network_preference3(dev, apdev): def test_ap_hs20_network_preference4(dev, apdev): """Hotspot 2.0 network selection with username vs. SIM credential""" + check_eap_capa(dev[0], "MSCHAPV2") bssid = apdev[0]['bssid'] params = hs20_ap_params() - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) bssid2 = apdev[1]['bssid'] params = hs20_ap_params(ssid="test-hs20b") params['hessid'] = bssid2 params['anqp_3gpp_cell_net'] = "555,444" params['domain_name'] = "wlan.mnc444.mcc555.3gppnetwork.org" - hostapd.add_ap(apdev[1]['ifname'], params) + hostapd.add_ap(apdev[1], params) dev[0].hs20_enable() values = { 'realm': "example.com", @@ -1986,9 +2256,7 @@ def test_ap_hs20_network_preference4(dev, apdev): dev[0].scan_for_bss(bssid, freq="2412") dev[0].scan_for_bss(bssid2, freq="2412") dev[0].request("INTERWORKING_SELECT auto freq=2412") - ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=15) - if ev is None: - raise Exception("Connection timed out") + ev = dev[0].wait_connected(timeout=15) if bssid not in ev: raise Exception("Unexpected network selected") @@ -2003,6 +2271,26 @@ def test_ap_hs20_network_preference4(dev, apdev): if bssid2 not in ev: raise Exception("Unexpected network selected") +def test_ap_hs20_interworking_select_blocking_scan(dev, apdev): + """Ongoing INTERWORKING_SELECT blocking SCAN""" + check_eap_capa(dev[0], "MSCHAPV2") + bssid = apdev[0]['bssid'] + params = hs20_ap_params() + hostapd.add_ap(apdev[0], params) + + dev[0].hs20_enable() + values = { 'realm': "example.com", + 'username': "hs20-test", + 'password': "password", + 'domain': "example.com" } + dev[0].add_cred_values(values) + + dev[0].scan_for_bss(bssid, freq="2412") + dev[0].request("INTERWORKING_SELECT auto freq=2412") + if "FAIL-BUSY" not in dev[0].request("SCAN"): + raise Exception("Unexpected SCAN command result") + dev[0].wait_connected(timeout=15) + def test_ap_hs20_fetch_osu(dev, apdev): """Hotspot 2.0 OSU provider and icon fetch""" bssid = apdev[0]['bssid'] @@ -2014,7 +2302,7 @@ def test_ap_hs20_fetch_osu(dev, apdev): params['osu_icon'] = "w1fi_logo" params['osu_service_desc'] = [ "eng:Example services", "fin:Esimerkkipalveluja" ] params['osu_server_uri'] = "https://example.com/osu/" - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) bssid2 = apdev[1]['bssid'] params = hs20_ap_params(ssid="test-hs20b") @@ -2027,7 +2315,7 @@ def test_ap_hs20_fetch_osu(dev, apdev): params['osu_icon'] = "w1fi_logo" params['osu_service_desc'] = [ "eng:Example services2", "fin:Esimerkkipalveluja2" ] params['osu_server_uri'] = "https://example.org/osu/" - hostapd.add_ap(apdev[1]['ifname'], params) + hostapd.add_ap(apdev[1], params) with open("w1fi_logo.png", "r") as f: orig_logo = f.read() @@ -2044,12 +2332,15 @@ def test_ap_hs20_fetch_osu(dev, apdev): pass try: dev[1].scan_for_bss(bssid, freq="2412") + dev[2].scan_for_bss(bssid, freq="2412") dev[0].request("SET osu_dir " + dir) dev[0].request("FETCH_OSU") if "FAIL" not in dev[1].request("HS20_ICON_REQUEST foo w1fi_logo"): raise Exception("Invalid HS20_ICON_REQUEST accepted") if "OK" not in dev[1].request("HS20_ICON_REQUEST " + bssid + " w1fi_logo"): raise Exception("HS20_ICON_REQUEST failed") + if "OK" not in dev[2].request("REQ_HS20_ICON " + bssid + " w1fi_logo"): + raise Exception("REQ_HS20_ICON failed") icons = 0 while True: ev = dev[0].wait_event(["OSU provider fetch completed", @@ -2066,10 +2357,11 @@ def test_ap_hs20_fetch_osu(dev, apdev): with open(dir + "/osu-providers.txt", "r") as f: prov = f.read() + logger.debug("osu-providers.txt: " + prov) if "OSU-PROVIDER " + bssid not in prov: - raise Exception("Missing OSU_PROVIDER") + raise Exception("Missing OSU_PROVIDER(1)") if "OSU-PROVIDER " + bssid2 not in prov: - raise Exception("Missing OSU_PROVIDER") + raise Exception("Missing OSU_PROVIDER(2)") finally: files = [ f for f in os.listdir(dir) if f.startswith("osu-") ] for f in files: @@ -2093,6 +2385,179 @@ def test_ap_hs20_fetch_osu(dev, apdev): if "Icon Binary File" not in ev: raise Exception("Unexpected ANQP element") + ev = dev[2].wait_event(["RX-HS20-ICON"], timeout=5) + if ev is None: + raise Exception("Timeout on RX-HS20-ICON") + event_icon_len = ev.split(' ')[3] + if " w1fi_logo " not in ev: + raise Exception("RX-HS20-ICON did not have the expected file name") + if bssid not in ev: + raise Exception("RX-HS20-ICON did not have the expected BSSID") + if "FAIL" in dev[2].request("GET_HS20_ICON " + bssid + " w1fi_logo 0 10"): + raise Exception("GET_HS20_ICON 0..10 failed") + if "FAIL" in dev[2].request("GET_HS20_ICON " + bssid + " w1fi_logo 5 10"): + raise Exception("GET_HS20_ICON 5..15 failed") + if "FAIL" not in dev[2].request("GET_HS20_ICON " + bssid + " w1fi_logo 100000 10"): + raise Exception("Unexpected success of GET_HS20_ICON with too large offset") + icon = "" + pos = 0 + while True: + if pos > 100000: + raise Exception("Unexpectedly long icon") + res = dev[2].request("GET_HS20_ICON " + bssid + " w1fi_logo %d 1000" % pos) + if res.startswith("FAIL"): + break + icon += base64.b64decode(res) + pos += 1000 + hex = binascii.hexlify(icon) + if not hex.startswith("0009696d6167652f706e677d1d"): + raise Exception("Unexpected beacon binary header: " + hex) + with open('w1fi_logo.png', 'r') as f: + data = f.read() + if icon[13:] != data: + raise Exception("Unexpected icon data") + if len(icon) != int(event_icon_len): + raise Exception("Unexpected RX-HS20-ICON event length: " + event_icon_len) + + for i in range(3): + if "OK" not in dev[i].request("REQ_HS20_ICON " + bssid + " w1fi_logo"): + raise Exception("REQ_HS20_ICON failed [2]") + for i in range(3): + ev = dev[i].wait_event(["RX-HS20-ICON"], timeout=5) + if ev is None: + raise Exception("Timeout on RX-HS20-ICON [2]") + + if "FAIL" not in dev[2].request("DEL_HS20_ICON foo w1fi_logo"): + raise Exception("Invalid DEL_HS20_ICON accepted") + if "OK" not in dev[2].request("DEL_HS20_ICON " + bssid + " w1fi_logo"): + raise Exception("DEL_HS20_ICON failed") + if "OK" not in dev[1].request("DEL_HS20_ICON " + bssid): + raise Exception("DEL_HS20_ICON failed") + if "OK" not in dev[0].request("DEL_HS20_ICON "): + raise Exception("DEL_HS20_ICON failed") + for i in range(3): + if "FAIL" not in dev[i].request("DEL_HS20_ICON "): + raise Exception("DEL_HS20_ICON accepted when no icons left") + +def get_icon(dev, bssid, iconname): + icon = "" + pos = 0 + while True: + if pos > 100000: + raise Exception("Unexpectedly long icon") + res = dev.request("GET_HS20_ICON " + bssid + " " + iconname + " %d 3000" % pos) + if res.startswith("FAIL"): + break + icon += base64.b64decode(res) + pos += 3000 + if len(icon) < 13: + raise Exception("Too short GET_HS20_ICON response") + return icon[0:13], icon[13:] + +def test_ap_hs20_req_hs20_icon(dev, apdev): + """Hotspot 2.0 OSU provider and multi-icon fetch with REQ_HS20_ICON""" + bssid = apdev[0]['bssid'] + params = hs20_ap_params() + params['hs20_icon'] = [ "128:80:zxx:image/png:w1fi_logo:w1fi_logo.png", + "128:80:zxx:image/png:test_logo:auth_serv/sha512-server.pem" ] + params['osu_ssid'] = '"HS 2.0 OSU open"' + params['osu_method_list'] = "1" + params['osu_friendly_name'] = [ "eng:Test OSU", "fin:Testi-OSU" ] + params['osu_icon'] = [ "w1fi_logo", "w1fi_logo2" ] + params['osu_service_desc'] = [ "eng:Example services", "fin:Esimerkkipalveluja" ] + params['osu_server_uri'] = "https://example.com/osu/" + hostapd.add_ap(apdev[0], params) + + dev[0].scan_for_bss(bssid, freq="2412") + + # First, fetch two icons from the AP to wpa_supplicant + + if "OK" not in dev[0].request("REQ_HS20_ICON " + bssid + " w1fi_logo"): + raise Exception("REQ_HS20_ICON failed") + ev = dev[0].wait_event(["RX-HS20-ICON"], timeout=5) + if ev is None: + raise Exception("Timeout on RX-HS20-ICON (1)") + + if "OK" not in dev[0].request("REQ_HS20_ICON " + bssid + " test_logo"): + raise Exception("REQ_HS20_ICON failed") + ev = dev[0].wait_event(["RX-HS20-ICON"], timeout=5) + if ev is None: + raise Exception("Timeout on RX-HS20-ICON (2)") + + # Then, fetch the icons from wpa_supplicant for validation + + hdr, data1 = get_icon(dev[0], bssid, "w1fi_logo") + hdr, data2 = get_icon(dev[0], bssid, "test_logo") + + with open('w1fi_logo.png', 'r') as f: + data = f.read() + if data1 != data: + raise Exception("Unexpected icon data (1)") + + with open('auth_serv/sha512-server.pem', 'r') as f: + data = f.read() + if data2 != data: + raise Exception("Unexpected icon data (2)") + + # Finally, delete the icons from wpa_supplicant + + if "OK" not in dev[0].request("DEL_HS20_ICON " + bssid + " w1fi_logo"): + raise Exception("DEL_HS20_ICON failed") + if "OK" not in dev[0].request("DEL_HS20_ICON " + bssid + " test_logo"): + raise Exception("DEL_HS20_ICON failed") + +def test_ap_hs20_req_hs20_icon_parallel(dev, apdev): + """Hotspot 2.0 OSU provider and multi-icon parallel fetch with REQ_HS20_ICON""" + bssid = apdev[0]['bssid'] + params = hs20_ap_params() + params['hs20_icon'] = [ "128:80:zxx:image/png:w1fi_logo:w1fi_logo.png", + "128:80:zxx:image/png:test_logo:auth_serv/sha512-server.pem" ] + params['osu_ssid'] = '"HS 2.0 OSU open"' + params['osu_method_list'] = "1" + params['osu_friendly_name'] = [ "eng:Test OSU", "fin:Testi-OSU" ] + params['osu_icon'] = [ "w1fi_logo", "w1fi_logo2" ] + params['osu_service_desc'] = [ "eng:Example services", "fin:Esimerkkipalveluja" ] + params['osu_server_uri'] = "https://example.com/osu/" + hostapd.add_ap(apdev[0], params) + + dev[0].scan_for_bss(bssid, freq="2412") + + # First, fetch two icons from the AP to wpa_supplicant + + if "OK" not in dev[0].request("REQ_HS20_ICON " + bssid + " w1fi_logo"): + raise Exception("REQ_HS20_ICON failed") + + if "OK" not in dev[0].request("REQ_HS20_ICON " + bssid + " test_logo"): + raise Exception("REQ_HS20_ICON failed") + ev = dev[0].wait_event(["RX-HS20-ICON"], timeout=5) + if ev is None: + raise Exception("Timeout on RX-HS20-ICON (1)") + ev = dev[0].wait_event(["RX-HS20-ICON"], timeout=5) + if ev is None: + raise Exception("Timeout on RX-HS20-ICON (2)") + + # Then, fetch the icons from wpa_supplicant for validation + + hdr, data1 = get_icon(dev[0], bssid, "w1fi_logo") + hdr, data2 = get_icon(dev[0], bssid, "test_logo") + + with open('w1fi_logo.png', 'r') as f: + data = f.read() + if data1 != data: + raise Exception("Unexpected icon data (1)") + + with open('auth_serv/sha512-server.pem', 'r') as f: + data = f.read() + if data2 != data: + raise Exception("Unexpected icon data (2)") + + # Finally, delete the icons from wpa_supplicant + + if "OK" not in dev[0].request("DEL_HS20_ICON " + bssid + " w1fi_logo"): + raise Exception("DEL_HS20_ICON failed") + if "OK" not in dev[0].request("DEL_HS20_ICON " + bssid + " test_logo"): + raise Exception("DEL_HS20_ICON failed") + def test_ap_hs20_fetch_osu_stop(dev, apdev): """Hotspot 2.0 OSU provider fetch stopped""" bssid = apdev[0]['bssid'] @@ -2104,7 +2569,7 @@ def test_ap_hs20_fetch_osu_stop(dev, apdev): params['osu_icon'] = "w1fi_logo" params['osu_service_desc'] = [ "eng:Example services", "fin:Esimerkkipalveluja" ] params['osu_server_uri'] = "https://example.com/osu/" - hapd = hostapd.add_ap(apdev[0]['ifname'], params) + hapd = hostapd.add_ap(apdev[0], params) dev[0].hs20_enable() dir = "/tmp/osu-fetch" @@ -2180,6 +2645,7 @@ def test_ap_hs20_fetch_osu_stop(dev, apdev): def test_ap_hs20_ft(dev, apdev): """Hotspot 2.0 connection with FT""" + check_eap_capa(dev[0], "MSCHAPV2") bssid = apdev[0]['bssid'] params = hs20_ap_params() params['wpa_key_mgmt'] = "FT-EAP" @@ -2187,7 +2653,7 @@ def test_ap_hs20_ft(dev, apdev): params['r1_key_holder'] = "000102030405" params["mobility_domain"] = "a1b2" params["reassociation_deadline"] = "1000" - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) dev[0].hs20_enable() id = dev[0].add_cred_values({ 'realm': "example.com", @@ -2201,10 +2667,11 @@ def test_ap_hs20_ft(dev, apdev): def test_ap_hs20_remediation_sql(dev, apdev, params): """Hotspot 2.0 connection and remediation required using SQLite for user DB""" + check_eap_capa(dev[0], "MSCHAPV2") try: import sqlite3 except ImportError: - return "skip" + raise HwsimSkip("No sqlite3 module available") dbfile = os.path.join(params['logdir'], "eap-user.db") try: os.remove(dbfile) @@ -2230,12 +2697,12 @@ def test_ap_hs20_remediation_sql(dev, apdev, params): "private_key": "auth_serv/server.key", "subscr_remediation_url": "https://example.org/", "subscr_remediation_method": "1" } - hostapd.add_ap(apdev[1]['ifname'], params) + hostapd.add_ap(apdev[1], params) bssid = apdev[0]['bssid'] params = hs20_ap_params() params['auth_server_port'] = "18128" - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) dev[0].request("SET pmf 1") dev[0].hs20_enable() @@ -2264,11 +2731,12 @@ def test_ap_hs20_remediation_sql(dev, apdev, params): def test_ap_hs20_external_selection(dev, apdev): """Hotspot 2.0 connection using external network selection and creation""" + check_eap_capa(dev[0], "MSCHAPV2") bssid = apdev[0]['bssid'] params = hs20_ap_params() params['hessid'] = bssid params['disable_dgaf'] = '1' - hostapd.add_ap(apdev[0]['ifname'], params) + hostapd.add_ap(apdev[0], params) dev[0].hs20_enable() dev[0].connect("test-hs20", proto="RSN", key_mgmt="WPA-EAP", eap="TTLS", @@ -2280,11 +2748,12 @@ def test_ap_hs20_external_selection(dev, apdev): def test_ap_hs20_random_mac_addr(dev, apdev): """Hotspot 2.0 connection with random MAC address""" + check_eap_capa(dev[0], "MSCHAPV2") bssid = apdev[0]['bssid'] params = hs20_ap_params() params['hessid'] = bssid params['disable_dgaf'] = '1' - hapd = hostapd.add_ap(apdev[0]['ifname'], params) + hapd = hostapd.add_ap(apdev[0], params) wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5') wpas.interface_add("wlan5") @@ -2315,10 +2784,11 @@ def test_ap_hs20_random_mac_addr(dev, apdev): def test_ap_hs20_multi_network_and_cred_removal(dev, apdev): """Multiple networks and cred removal""" + check_eap_capa(dev[0], "MSCHAPV2") bssid = apdev[0]['bssid'] params = hs20_ap_params() params['nai_realm'] = [ "0,example.com,25[3:26]"] - hapd = hostapd.add_ap(apdev[0]['ifname'], params) + hapd = hostapd.add_ap(apdev[0], params) dev[0].add_network() dev[0].hs20_enable() @@ -2330,9 +2800,7 @@ def test_ap_hs20_multi_network_and_cred_removal(dev, apdev): dev[0].add_network() dev[0].request("DISCONNECT") - ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"]) - if ev is None: - raise Exception("Timeout on disconnection") + dev[0].wait_disconnected(timeout=10) hapd.disable() hapd.set("ssid", "another ssid") @@ -2348,9 +2816,22 @@ def test_ap_hs20_multi_network_and_cred_removal(dev, apdev): dev[0].remove_cred(id) if len(dev[0].list_networks()) != 3: raise Exception("Unexpected number of networks after to remove_crec") - ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"]) - if ev is None: - raise Exception("Timeout on disconnection") + dev[0].wait_disconnected(timeout=10) + +def test_ap_hs20_interworking_add_network(dev, apdev): + """Hotspot 2.0 connection using INTERWORKING_ADD_NETWORK""" + check_eap_capa(dev[0], "MSCHAPV2") + bssid = apdev[0]['bssid'] + params = hs20_ap_params() + params['nai_realm'] = [ "0,example.com,21[3:26][6:7][99:99]" ] + hostapd.add_ap(apdev[0], params) + + dev[0].hs20_enable() + dev[0].add_cred_values(default_cred(user="user")) + interworking_select(dev[0], bssid, freq=2412) + id = dev[0].interworking_add_network(bssid) + dev[0].select_network(id, freq=2412) + dev[0].wait_connected() def _test_ap_hs20_proxyarp(dev, apdev): bssid = apdev[0]['bssid'] @@ -2358,7 +2839,7 @@ def _test_ap_hs20_proxyarp(dev, apdev): params['hessid'] = bssid params['disable_dgaf'] = '0' params['proxy_arp'] = '1' - hapd = hostapd.add_ap(apdev[0]['ifname'], params, no_enable=True) + hapd = hostapd.add_ap(apdev[0], params, no_enable=True) if "OK" in hapd.request("ENABLE"): raise Exception("Incomplete hostapd configuration was accepted") hapd.set("ap_isolate", "1") @@ -2370,8 +2851,7 @@ def _test_ap_hs20_proxyarp(dev, apdev): hapd.enable() except: # For now, do not report failures due to missing kernel support - logger.info("Could not start hostapd - assume proxyarp not supported in kernel version") - return "skip" + raise HwsimSkip("Could not start hostapd - assume proxyarp not supported in kernel version") ev = hapd.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=10) if ev is None: raise Exception("AP startup timed out") @@ -2439,34 +2919,65 @@ def _test_ap_hs20_proxyarp(dev, apdev): if len(matches) > 0: raise Exception("Unexpected neighbor entries after disconnect") +def test_ap_hs20_hidden_ssid_in_scan_res(dev, apdev): + """Hotspot 2.0 connection with hidden SSId in scan results""" + check_eap_capa(dev[0], "MSCHAPV2") + bssid = apdev[0]['bssid'] + + hapd = hostapd.add_ap(apdev[0], { "ssid": 'secret', + "ignore_broadcast_ssid": "1" }) + dev[0].scan_for_bss(bssid, freq=2412) + hapd.disable() + hapd_global = hostapd.HostapdGlobal(apdev[0]) + hapd_global.flush() + hapd_global.remove(apdev[0]['ifname']) + + params = hs20_ap_params() + params['hessid'] = bssid + hapd = hostapd.add_ap(apdev[0], params) + + dev[0].hs20_enable() + id = dev[0].add_cred_values({ 'realm': "example.com", + 'username': "hs20-test", + 'password': "password", + 'ca_cert': "auth_serv/ca.pem", + 'domain': "example.com" }) + interworking_select(dev[0], bssid, "home", freq="2412") + interworking_connect(dev[0], bssid, "TTLS") + + # clear BSS table to avoid issues in following test cases + dev[0].request("DISCONNECT") + dev[0].wait_disconnected() + hapd.disable() + dev[0].flush_scan_cache() + dev[0].flush_scan_cache() + def test_ap_hs20_proxyarp(dev, apdev): """Hotspot 2.0 and ProxyARP""" - res = None + check_eap_capa(dev[0], "MSCHAPV2") try: - res = _test_ap_hs20_proxyarp(dev, apdev) + _test_ap_hs20_proxyarp(dev, apdev) finally: subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'], stderr=open('/dev/null', 'w')) subprocess.call(['brctl', 'delbr', 'ap-br0'], stderr=open('/dev/null', 'w')) - return res - def _test_ap_hs20_proxyarp_dgaf(dev, apdev, disabled): bssid = apdev[0]['bssid'] params = hs20_ap_params() params['hessid'] = bssid params['disable_dgaf'] = '1' if disabled else '0' params['proxy_arp'] = '1' + params['na_mcast_to_ucast'] = '1' params['ap_isolate'] = '1' params['bridge'] = 'ap-br0' - hapd = hostapd.add_ap(apdev[0]['ifname'], params, no_enable=True) + hapd = hostapd.add_ap(apdev[0], params, no_enable=True) try: hapd.enable() except: # For now, do not report failures due to missing kernel support - logger.info("Could not start hostapd - assume proxyarp not supported in kernel version") - return "skip" + raise HwsimSkip("Could not start hostapd - assume proxyarp not supported in kernel version") ev = hapd.wait_event(["AP-ENABLED"], timeout=10) if ev is None: raise Exception("AP startup timed out") @@ -2540,30 +3051,26 @@ def _test_ap_hs20_proxyarp_dgaf(dev, apdev, disabled): def test_ap_hs20_proxyarp_disable_dgaf(dev, apdev): """Hotspot 2.0 and ProxyARP with DGAF disabled""" - res = None + check_eap_capa(dev[0], "MSCHAPV2") try: - res = _test_ap_hs20_proxyarp_dgaf(dev, apdev, True) + _test_ap_hs20_proxyarp_dgaf(dev, apdev, True) finally: subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'], stderr=open('/dev/null', 'w')) subprocess.call(['brctl', 'delbr', 'ap-br0'], stderr=open('/dev/null', 'w')) - return res - def test_ap_hs20_proxyarp_enable_dgaf(dev, apdev): """Hotspot 2.0 and ProxyARP with DGAF enabled""" - res = None + check_eap_capa(dev[0], "MSCHAPV2") try: - res = _test_ap_hs20_proxyarp_dgaf(dev, apdev, False) + _test_ap_hs20_proxyarp_dgaf(dev, apdev, False) finally: subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'], stderr=open('/dev/null', 'w')) subprocess.call(['brctl', 'delbr', 'ap-br0'], stderr=open('/dev/null', 'w')) - return res - def ip_checksum(buf): sum = 0 if len(buf) & 0x01: @@ -2660,7 +3167,7 @@ def send_ns(dev, src_ll=None, target=None, ip_src=None, ip_dst=None, opt=None, if "OK" not in dev.request(cmd + binascii.hexlify(pkt)): raise Exception("DATA_TEST_FRAME failed") -def build_na(src_ll, ip_src, ip_dst, target, opt=None): +def build_na(src_ll, ip_src, ip_dst, target, opt=None, flags=0): link_mc = binascii.unhexlify("3333ff000002") _src_ll = binascii.unhexlify(src_ll.replace(':','')) proto = '\x86\xdd' @@ -2668,12 +3175,11 @@ def build_na(src_ll, ip_src, ip_dst, target, opt=None): _ip_src = socket.inet_pton(socket.AF_INET6, ip_src) _ip_dst = socket.inet_pton(socket.AF_INET6, ip_dst) - reserved = '\x00\x00\x00\x00' _target = socket.inet_pton(socket.AF_INET6, target) if opt: - payload = reserved + _target + opt + payload = struct.pack('>Bxxx', flags) + _target + opt else: - payload = reserved + _target + payload = struct.pack('>Bxxx', flags) + _target icmp = build_icmpv6(_ip_src + _ip_dst, 136, 0, payload) ipv6 = struct.pack('>BBBBHBB', 0x60, 0, 0, 0, len(icmp), 58, 255) @@ -2787,7 +3293,7 @@ def send_arp(dev, dst_ll="ff:ff:ff:ff:ff:ff", src_ll=None, opcode=1, sender_mac = dev.p2p_interface_addr() cmd = "DATA_TEST_FRAME " - pkt = build_arp(dst_ll="ff:ff:ff:ff:ff:ff", src_ll=src_ll, opcode=opcode, + pkt = build_arp(dst_ll=dst_ll, src_ll=src_ll, opcode=opcode, sender_mac=sender_mac, sender_ip=sender_ip, target_mac=target_mac, target_ip=target_ip) if "OK" not in dev.request(cmd + binascii.hexlify(pkt)): @@ -2799,15 +3305,64 @@ def get_permanent_neighbors(ifname): cmd.stdout.close() return [ line for line in res.splitlines() if "PERMANENT" in line and ifname in line ] -def _test_proxyarp_open(dev, apdev, params): - cap_br = os.path.join(params['logdir'], "proxyarp_open.ap-br0.pcap") - cap_dev0 = os.path.join(params['logdir'], "proxyarp_open.%s.pcap" % dev[0].ifname) - cap_dev1 = os.path.join(params['logdir'], "proxyarp_open.%s.pcap" % dev[1].ifname) +def get_bridge_macs(ifname): + cmd = subprocess.Popen(['brctl', 'showmacs', ifname], + stdout=subprocess.PIPE) + res = cmd.stdout.read() + cmd.stdout.close() + return res + +def tshark_get_arp(cap, filter): + res = run_tshark(cap, filter, + [ "eth.dst", "eth.src", + "arp.src.hw_mac", "arp.src.proto_ipv4", + "arp.dst.hw_mac", "arp.dst.proto_ipv4" ], + wait=False) + frames = [] + for l in res.splitlines(): + frames.append(l.split('\t')) + return frames + +def tshark_get_ns(cap): + res = run_tshark(cap, "icmpv6.type == 135", + [ "eth.dst", "eth.src", + "ipv6.src", "ipv6.dst", + "icmpv6.nd.ns.target_address", + "icmpv6.opt.linkaddr" ], + wait=False) + frames = [] + for l in res.splitlines(): + frames.append(l.split('\t')) + return frames + +def tshark_get_na(cap): + res = run_tshark(cap, "icmpv6.type == 136", + [ "eth.dst", "eth.src", + "ipv6.src", "ipv6.dst", + "icmpv6.nd.na.target_address", + "icmpv6.opt.linkaddr" ], + wait=False) + frames = [] + for l in res.splitlines(): + frames.append(l.split('\t')) + return frames + +def _test_proxyarp_open(dev, apdev, params, ebtables=False): + prefix = "proxyarp_open" + if ebtables: + prefix += "_ebtables" + cap_br = os.path.join(params['logdir'], prefix + ".ap-br0.pcap") + cap_dev0 = os.path.join(params['logdir'], + prefix + ".%s.pcap" % dev[0].ifname) + cap_dev1 = os.path.join(params['logdir'], + prefix + ".%s.pcap" % dev[1].ifname) + cap_dev2 = os.path.join(params['logdir'], + prefix + ".%s.pcap" % dev[2].ifname) bssid = apdev[0]['bssid'] params = { 'ssid': 'open' } params['proxy_arp'] = '1' - hapd = hostapd.add_ap(apdev[0]['ifname'], params, no_enable=True) + hapd = hostapd.add_ap(apdev[0], params, no_enable=True) hapd.set("ap_isolate", "1") hapd.set('bridge', 'ap-br0') hapd.dump_monitor() @@ -2815,39 +3370,45 @@ def _test_proxyarp_open(dev, apdev, params): hapd.enable() except: # For now, do not report failures due to missing kernel support - logger.info("Could not start hostapd - assume proxyarp not supported in kernel version") - return "skip" + raise HwsimSkip("Could not start hostapd - assume proxyarp not supported in kernel version") ev = hapd.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=10) if ev is None: raise Exception("AP startup timed out") if "AP-ENABLED" not in ev: raise Exception("AP startup failed") + params2 = { 'ssid': 'another' } + hapd2 = hostapd.add_ap(apdev[1], params2, no_enable=True) + hapd2.set('bridge', 'ap-br0') + hapd2.enable() + subprocess.call(['brctl', 'setfd', 'ap-br0', '0']) subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up']) - for chain in [ 'FORWARD', 'OUTPUT' ]: - subprocess.call(['ebtables', '-A', chain, '-p', 'ARP', - '-d', 'Broadcast', '-o', apdev[0]['ifname'], - '-j', 'DROP']) - subprocess.call(['ebtables', '-A', chain, '-d', 'Multicast', - '-p', 'IPv6', '--ip6-protocol', 'ipv6-icmp', - '--ip6-icmp-type', 'neighbor-solicitation', - '-o', apdev[0]['ifname'], '-j', 'DROP']) - subprocess.call(['ebtables', '-A', chain, '-d', 'Multicast', - '-p', 'IPv6', '--ip6-protocol', 'ipv6-icmp', - '--ip6-icmp-type', 'neighbor-advertisement', - '-o', apdev[0]['ifname'], '-j', 'DROP']) - subprocess.call(['ebtables', '-A', chain, - '-p', 'IPv6', '--ip6-protocol', 'ipv6-icmp', - '--ip6-icmp-type', 'router-solicitation', - '-o', apdev[0]['ifname'], '-j', 'DROP']) - # Multicast Listener Report Message - subprocess.call(['ebtables', '-A', chain, '-d', 'Multicast', - '-p', 'IPv6', '--ip6-protocol', 'ipv6-icmp', - '--ip6-icmp-type', '143', - '-o', apdev[0]['ifname'], '-j', 'DROP']) + if ebtables: + for chain in [ 'FORWARD', 'OUTPUT' ]: + subprocess.call(['ebtables', '-A', chain, '-p', 'ARP', + '-d', 'Broadcast', '-o', apdev[0]['ifname'], + '-j', 'DROP']) + subprocess.call(['ebtables', '-A', chain, '-d', 'Multicast', + '-p', 'IPv6', '--ip6-protocol', 'ipv6-icmp', + '--ip6-icmp-type', 'neighbor-solicitation', + '-o', apdev[0]['ifname'], '-j', 'DROP']) + subprocess.call(['ebtables', '-A', chain, '-d', 'Multicast', + '-p', 'IPv6', '--ip6-protocol', 'ipv6-icmp', + '--ip6-icmp-type', 'neighbor-advertisement', + '-o', apdev[0]['ifname'], '-j', 'DROP']) + subprocess.call(['ebtables', '-A', chain, + '-p', 'IPv6', '--ip6-protocol', 'ipv6-icmp', + '--ip6-icmp-type', 'router-solicitation', + '-o', apdev[0]['ifname'], '-j', 'DROP']) + # Multicast Listener Report Message + subprocess.call(['ebtables', '-A', chain, '-d', 'Multicast', + '-p', 'IPv6', '--ip6-protocol', 'ipv6-icmp', + '--ip6-icmp-type', '143', + '-o', apdev[0]['ifname'], '-j', 'DROP']) + time.sleep(0.5) cmd = {} cmd[0] = subprocess.Popen(['tcpdump', '-p', '-U', '-i', 'ap-br0', '-w', cap_br, '-s', '2000'], @@ -2858,66 +3419,55 @@ def _test_proxyarp_open(dev, apdev, params): cmd[2] = subprocess.Popen(['tcpdump', '-p', '-U', '-i', dev[1].ifname, '-w', cap_dev1, '-s', '2000'], stderr=open('/dev/null', 'w')) + cmd[3] = subprocess.Popen(['tcpdump', '-p', '-U', '-i', dev[2].ifname, + '-w', cap_dev2, '-s', '2000'], + stderr=open('/dev/null', 'w')) dev[0].connect("open", key_mgmt="NONE", scan_freq="2412") dev[1].connect("open", key_mgmt="NONE", scan_freq="2412") + dev[2].connect("another", key_mgmt="NONE", scan_freq="2412") time.sleep(0.1) + brcmd = subprocess.Popen(['brctl', 'show'], stdout=subprocess.PIPE) + res = brcmd.stdout.read() + brcmd.stdout.close() + logger.info("Bridge setup: " + res) + + brcmd = subprocess.Popen(['brctl', 'showstp', 'ap-br0'], + stdout=subprocess.PIPE) + res = brcmd.stdout.read() + brcmd.stdout.close() + logger.info("Bridge showstp: " + res) + addr0 = dev[0].p2p_interface_addr() addr1 = dev[1].p2p_interface_addr() + addr2 = dev[2].p2p_interface_addr() src_ll_opt0 = "\x01\x01" + binascii.unhexlify(addr0.replace(':','')) src_ll_opt1 = "\x01\x01" + binascii.unhexlify(addr1.replace(':','')) # DAD NS - pkt = build_ns(src_ll=addr0, ip_src="::", ip_dst="ff02::1:ff00:2", - target="aaaa:bbbb:cccc::2", opt=src_ll_opt0) - if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)): - raise Exception("DATA_TEST_FRAME failed") + send_ns(dev[0], ip_src="::", target="aaaa:bbbb:cccc::2") - pkt = build_ns(src_ll=addr0, ip_src="aaaa:bbbb:cccc::2", - ip_dst="ff02::1:ff00:2", target="aaaa:bbbb:cccc::2", - opt=src_ll_opt0) - if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)): - raise Exception("DATA_TEST_FRAME failed") + send_ns(dev[0], ip_src="aaaa:bbbb:cccc::2", target="aaaa:bbbb:cccc::2") # test frame without source link-layer address option - pkt = build_ns(src_ll=addr0, ip_src="aaaa:bbbb:cccc::2", - ip_dst="ff02::1:ff00:2", target="aaaa:bbbb:cccc::2") - if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)): - raise Exception("DATA_TEST_FRAME failed") + send_ns(dev[0], ip_src="aaaa:bbbb:cccc::2", target="aaaa:bbbb:cccc::2", + opt='') # test frame with bogus option - pkt = build_ns(src_ll=addr0, ip_src="aaaa:bbbb:cccc::2", - ip_dst="ff02::1:ff00:2", target="aaaa:bbbb:cccc::2", - opt="\x70\x01\x01\x02\x03\x04\x05\x05") - if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)): - raise Exception("DATA_TEST_FRAME failed") + send_ns(dev[0], ip_src="aaaa:bbbb:cccc::2", target="aaaa:bbbb:cccc::2", + opt="\x70\x01\x01\x02\x03\x04\x05\x05") # test frame with truncated source link-layer address option - pkt = build_ns(src_ll=addr0, ip_src="aaaa:bbbb:cccc::2", - ip_dst="ff02::1:ff00:2", target="aaaa:bbbb:cccc::2", - opt="\x01\x01\x01\x02\x03\x04") - if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)): - raise Exception("DATA_TEST_FRAME failed") + send_ns(dev[0], ip_src="aaaa:bbbb:cccc::2", target="aaaa:bbbb:cccc::2", + opt="\x01\x01\x01\x02\x03\x04") # test frame with foreign source link-layer address option - pkt = build_ns(src_ll=addr0, ip_src="aaaa:bbbb:cccc::2", - ip_dst="ff02::1:ff00:2", target="aaaa:bbbb:cccc::2", - opt="\x01\x01\x01\x02\x03\x04\x05\x06") - if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)): - raise Exception("DATA_TEST_FRAME failed") + send_ns(dev[0], ip_src="aaaa:bbbb:cccc::2", target="aaaa:bbbb:cccc::2", + opt="\x01\x01\x01\x02\x03\x04\x05\x06") - pkt = build_ns(src_ll=addr1, ip_src="aaaa:bbbb:dddd::2", - ip_dst="ff02::1:ff00:2", target="aaaa:bbbb:dddd::2", - opt=src_ll_opt1) - if "OK" not in dev[1].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)): - raise Exception("DATA_TEST_FRAME failed") + send_ns(dev[1], ip_src="aaaa:bbbb:dddd::2", target="aaaa:bbbb:dddd::2") - pkt = build_ns(src_ll=addr1, ip_src="aaaa:bbbb:eeee::2", - ip_dst="ff02::1:ff00:2", target="aaaa:bbbb:eeee::2", - opt=src_ll_opt1) - if "OK" not in dev[1].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)): - raise Exception("DATA_TEST_FRAME failed") + send_ns(dev[1], ip_src="aaaa:bbbb:eeee::2", target="aaaa:bbbb:eeee::2") # another copy for additional code coverage - if "OK" not in dev[1].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)): - raise Exception("DATA_TEST_FRAME failed") + send_ns(dev[1], ip_src="aaaa:bbbb:eeee::2", target="aaaa:bbbb:eeee::2") pkt = build_dhcp_ack(dst_ll="ff:ff:ff:ff:ff:ff", src_ll=bssid, ip_src="192.168.1.1", ip_dst="255.255.255.255", @@ -2985,6 +3535,9 @@ def _test_proxyarp_open(dev, apdev, params): if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt)): raise Exception("DATA_TEST_FRAME failed") + macs = get_bridge_macs("ap-br0") + logger.info("After connect (showmacs): " + str(macs)) + matches = get_permanent_neighbors("ap-br0") logger.info("After connect: " + str(matches)) if len(matches) != 4: @@ -3007,6 +3560,9 @@ def _test_proxyarp_open(dev, apdev, params): send_arp(hapd, hapd_bssid=bssid, sender_ip="192.168.1.101", target_ip=target) + for target in targets: + send_arp(dev[2], sender_ip="192.168.1.103", target_ip=target) + # ARP Probe from wireless STA send_arp(dev[1], target_ip="192.168.1.127") # ARP Announcement from wireless STA @@ -3014,6 +3570,9 @@ def _test_proxyarp_open(dev, apdev, params): send_arp(dev[1], sender_ip="192.168.1.127", target_ip="192.168.1.127", opcode=2) + macs = get_bridge_macs("ap-br0") + logger.info("After ARP Probe + Announcement (showmacs): " + str(macs)) + matches = get_permanent_neighbors("ap-br0") logger.info("After ARP Probe + Announcement: " + str(matches)) @@ -3023,24 +3582,42 @@ def _test_proxyarp_open(dev, apdev, params): # ARP Request for the newly introduced IP address from bridge send_arp(hapd, hapd_bssid=bssid, sender_ip="192.168.1.102", target_ip="192.168.1.127") + send_arp(dev[2], sender_ip="192.168.1.103", target_ip="192.168.1.127") # ARP Probe from bridge - send_arp(hapd, hapd_bssid=bssid, target_ip="192.168.1.128") - # ARP Announcement from bridge - send_arp(hapd, hapd_bssid=bssid, sender_ip="129.168.1.128", - target_ip="192.168.1.128") - send_arp(hapd, hapd_bssid=bssid, sender_ip="129.168.1.128", - target_ip="192.168.1.128", opcode=2) + send_arp(hapd, hapd_bssid=bssid, target_ip="192.168.1.130") + send_arp(dev[2], target_ip="192.168.1.131") + # ARP Announcement from bridge (not to be learned by AP for proxyarp) + send_arp(hapd, hapd_bssid=bssid, sender_ip="192.168.1.130", + target_ip="192.168.1.130") + send_arp(hapd, hapd_bssid=bssid, sender_ip="192.168.1.130", + target_ip="192.168.1.130", opcode=2) + send_arp(dev[2], sender_ip="192.168.1.131", target_ip="192.168.1.131") + send_arp(dev[2], sender_ip="192.168.1.131", target_ip="192.168.1.131", + opcode=2) + + macs = get_bridge_macs("ap-br0") + logger.info("After ARP Probe + Announcement (showmacs): " + str(macs)) matches = get_permanent_neighbors("ap-br0") logger.info("After ARP Probe + Announcement: " + str(matches)) # ARP Request for the newly introduced IP address from wireless STA - send_arp(dev[0], sender_ip="192.168.1.123", target_ip="192.168.1.128") + send_arp(dev[0], sender_ip="192.168.1.123", target_ip="192.168.1.130") + # ARP Response from bridge (AP does not proxy for non-wireless devices) + send_arp(hapd, hapd_bssid=bssid, dst_ll=addr0, sender_ip="192.168.1.130", + target_ip="192.168.1.123", opcode=2) + + # ARP Request for the newly introduced IP address from wireless STA + send_arp(dev[0], sender_ip="192.168.1.123", target_ip="192.168.1.131") + # ARP Response from bridge (AP does not proxy for non-wireless devices) + send_arp(dev[2], dst_ll=addr0, sender_ip="192.168.1.131", + target_ip="192.168.1.123", opcode=2) # ARP Request for the newly introduced IP address from bridge send_arp(hapd, hapd_bssid=bssid, sender_ip="192.168.1.102", - target_ip="192.168.1.128") + target_ip="192.168.1.130") + send_arp(dev[2], sender_ip="192.168.1.104", target_ip="192.168.1.131") # ARP Probe from wireless STA (duplicate address; learned through DHCP) send_arp(dev[1], target_ip="192.168.1.123") @@ -3065,48 +3642,270 @@ def _test_proxyarp_open(dev, apdev, params): send_ns(hapd, hapd_bssid=bssid, target="aaaa:bbbb:dddd::2", ip_src="aaaa:bbbb:ffff::2") time.sleep(0.1) + send_ns(dev[2], target="aaaa:bbbb:cccc::2", ip_src="aaaa:bbbb:ff00::2") + time.sleep(0.1) + send_ns(dev[2], target="aaaa:bbbb:dddd::2", ip_src="aaaa:bbbb:ff00::2") + time.sleep(0.1) + send_ns(dev[2], target="aaaa:bbbb:eeee::2", ip_src="aaaa:bbbb:ff00::2") + time.sleep(0.1) # Try to probe for an already assigned address send_ns(dev[1], target="aaaa:bbbb:cccc::2", ip_src="::") time.sleep(0.1) send_ns(hapd, hapd_bssid=bssid, target="aaaa:bbbb:cccc::2", ip_src="::") time.sleep(0.1) + send_ns(dev[2], target="aaaa:bbbb:cccc::2", ip_src="::") + time.sleep(0.1) # Unsolicited NA send_na(dev[1], target="aaaa:bbbb:cccc:aeae::3", ip_src="aaaa:bbbb:cccc:aeae::3", ip_dst="ff02::1") send_na(hapd, hapd_bssid=bssid, target="aaaa:bbbb:cccc:aeae::4", ip_src="aaaa:bbbb:cccc:aeae::4", ip_dst="ff02::1") + send_na(dev[2], target="aaaa:bbbb:cccc:aeae::5", + ip_src="aaaa:bbbb:cccc:aeae::5", ip_dst="ff02::1") - hwsim_utils.test_connectivity_iface(dev[0], hapd, "ap-br0") + try: + hwsim_utils.test_connectivity_iface(dev[0], hapd, "ap-br0") + except Exception, e: + logger.info("test_connectibity_iface failed: " + str(e)) + raise HwsimSkip("Assume kernel did not have the required patches for proxyarp") hwsim_utils.test_connectivity_iface(dev[1], hapd, "ap-br0") hwsim_utils.test_connectivity(dev[0], dev[1]) dev[0].request("DISCONNECT") dev[1].request("DISCONNECT") time.sleep(0.5) - for i in range(3): + for i in range(len(cmd)): cmd[i].terminate() + macs = get_bridge_macs("ap-br0") + logger.info("After disconnect (showmacs): " + str(macs)) matches = get_permanent_neighbors("ap-br0") logger.info("After disconnect: " + str(matches)) if len(matches) > 0: raise Exception("Unexpected neighbor entries after disconnect") - cmd = subprocess.Popen(['ebtables', '-L', '--Lc'], stdout=subprocess.PIPE) - res = cmd.stdout.read() - cmd.stdout.close() - logger.info("ebtables results:\n" + res) + if ebtables: + cmd = subprocess.Popen(['ebtables', '-L', '--Lc'], + stdout=subprocess.PIPE) + res = cmd.stdout.read() + cmd.stdout.close() + logger.info("ebtables results:\n" + res) + + # Verify that expected ARP messages were seen and no unexpected + # ARP messages were seen. + + arp_req = tshark_get_arp(cap_dev0, "arp.opcode == 1") + arp_reply = tshark_get_arp(cap_dev0, "arp.opcode == 2") + logger.info("dev0 seen ARP requests:\n" + str(arp_req)) + logger.info("dev0 seen ARP replies:\n" + str(arp_reply)) + + if [ 'ff:ff:ff:ff:ff:ff', addr1, + addr1, '192.168.1.100', + '00:00:00:00:00:00', '192.168.1.123' ] in arp_req: + raise Exception("dev0 saw ARP request from dev1") + if [ 'ff:ff:ff:ff:ff:ff', addr2, + addr2, '192.168.1.103', + '00:00:00:00:00:00', '192.168.1.123' ] in arp_req: + raise Exception("dev0 saw ARP request from dev2") + # TODO: Uncomment once fixed in kernel + #if [ 'ff:ff:ff:ff:ff:ff', bssid, + # bssid, '192.168.1.101', + # '00:00:00:00:00:00', '192.168.1.123' ] in arp_req: + # raise Exception("dev0 saw ARP request from br") + + if ebtables: + for req in arp_req: + if req[1] != addr0: + raise Exception("Unexpected foreign ARP request on dev0") + + arp_req = tshark_get_arp(cap_dev1, "arp.opcode == 1") + arp_reply = tshark_get_arp(cap_dev1, "arp.opcode == 2") + logger.info("dev1 seen ARP requests:\n" + str(arp_req)) + logger.info("dev1 seen ARP replies:\n" + str(arp_reply)) + + if [ 'ff:ff:ff:ff:ff:ff', addr2, + addr2, '192.168.1.103', + '00:00:00:00:00:00', '192.168.1.123' ] in arp_req: + raise Exception("dev1 saw ARP request from dev2") + if [addr1, addr0, addr0, '192.168.1.123', addr1, '192.168.1.100'] not in arp_reply: + raise Exception("dev1 did not get ARP response for 192.168.1.123") + + if ebtables: + for req in arp_req: + if req[1] != addr1: + raise Exception("Unexpected foreign ARP request on dev1") + + arp_req = tshark_get_arp(cap_dev2, "arp.opcode == 1") + arp_reply = tshark_get_arp(cap_dev2, "arp.opcode == 2") + logger.info("dev2 seen ARP requests:\n" + str(arp_req)) + logger.info("dev2 seen ARP replies:\n" + str(arp_reply)) + + if [ addr2, addr0, + addr0, '192.168.1.123', + addr2, '192.168.1.103' ] not in arp_reply: + raise Exception("dev2 did not get ARP response for 192.168.1.123") + + arp_req = tshark_get_arp(cap_br, "arp.opcode == 1") + arp_reply = tshark_get_arp(cap_br, "arp.opcode == 2") + logger.info("br seen ARP requests:\n" + str(arp_req)) + logger.info("br seen ARP replies:\n" + str(arp_reply)) + + # TODO: Uncomment once fixed in kernel + #if [ bssid, addr0, + # addr0, '192.168.1.123', + # bssid, '192.168.1.101' ] not in arp_reply: + # raise Exception("br did not get ARP response for 192.168.1.123") + + ns = tshark_get_ns(cap_dev0) + logger.info("dev0 seen NS: " + str(ns)) + na = tshark_get_na(cap_dev0) + logger.info("dev0 seen NA: " + str(na)) + + if [ addr0, addr1, 'aaaa:bbbb:dddd::2', 'aaaa:bbbb:cccc::2', + 'aaaa:bbbb:dddd::2', addr1 ] not in na: + raise Exception("dev0 did not get NA for aaaa:bbbb:dddd::2") + + if ebtables: + for req in ns: + if req[1] != addr0: + raise Exception("Unexpected foreign NS on dev0: " + str(req)) + + ns = tshark_get_ns(cap_dev1) + logger.info("dev1 seen NS: " + str(ns)) + na = tshark_get_na(cap_dev1) + logger.info("dev1 seen NA: " + str(na)) + + if [ addr1, addr0, 'aaaa:bbbb:cccc::2', 'aaaa:bbbb:dddd::2', + 'aaaa:bbbb:cccc::2', addr0 ] not in na: + raise Exception("dev1 did not get NA for aaaa:bbbb:cccc::2") + + if ebtables: + for req in ns: + if req[1] != addr1: + raise Exception("Unexpected foreign NS on dev1: " + str(req)) + + ns = tshark_get_ns(cap_dev2) + logger.info("dev2 seen NS: " + str(ns)) + na = tshark_get_na(cap_dev2) + logger.info("dev2 seen NA: " + str(na)) + + # FIX: enable once kernel implementation for proxyarp IPv6 is fixed + #if [ addr2, addr0, 'aaaa:bbbb:cccc::2', 'aaaa:bbbb:ff00::2', + # 'aaaa:bbbb:cccc::2', addr0 ] not in na: + # raise Exception("dev2 did not get NA for aaaa:bbbb:cccc::2") + #if [ addr2, addr1, 'aaaa:bbbb:dddd::2', 'aaaa:bbbb:ff00::2', + # 'aaaa:bbbb:dddd::2', addr1 ] not in na: + # raise Exception("dev2 did not get NA for aaaa:bbbb:dddd::2") + #if [ addr2, addr1, 'aaaa:bbbb:eeee::2', 'aaaa:bbbb:ff00::2', + # 'aaaa:bbbb:eeee::2', addr1 ] not in na: + # raise Exception("dev2 did not get NA for aaaa:bbbb:eeee::2") def test_proxyarp_open(dev, apdev, params): """ProxyARP with open network""" - res = None try: - res = _test_proxyarp_open(dev, apdev, params) + _test_proxyarp_open(dev, apdev, params) finally: - subprocess.call(['ebtables', '-F', 'FORWARD']) - subprocess.call(['ebtables', '-F', 'OUTPUT']) subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'], stderr=open('/dev/null', 'w')) subprocess.call(['brctl', 'delbr', 'ap-br0'], stderr=open('/dev/null', 'w')) - return res +def test_proxyarp_open_ebtables(dev, apdev, params): + """ProxyARP with open network""" + try: + _test_proxyarp_open(dev, apdev, params, ebtables=True) + finally: + try: + subprocess.call(['ebtables', '-F', 'FORWARD']) + subprocess.call(['ebtables', '-F', 'OUTPUT']) + except: + pass + subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'], + stderr=open('/dev/null', 'w')) + subprocess.call(['brctl', 'delbr', 'ap-br0'], + stderr=open('/dev/null', 'w')) + +def test_ap_hs20_connect_deinit(dev, apdev): + """Hotspot 2.0 connection interrupted with deinit""" + check_eap_capa(dev[0], "MSCHAPV2") + bssid = apdev[0]['bssid'] + params = hs20_ap_params() + params['hessid'] = bssid + hapd = hostapd.add_ap(apdev[0], params) + + wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5') + wpas.interface_add("wlan5", drv_params="") + wpas.hs20_enable() + wpas.flush_scan_cache() + wpas.add_cred_values({ 'realm': "example.com", + 'username': "hs20-test", + 'password': "password", + 'ca_cert': "auth_serv/ca.pem", + 'domain': "example.com" }) + + wpas.scan_for_bss(bssid, freq=2412) + hapd.disable() + + wpas.request("INTERWORKING_SELECT freq=2412") + + id = wpas.request("RADIO_WORK add block-work") + ev = wpas.wait_event(["GAS-QUERY-START", "EXT-RADIO-WORK-START"], timeout=5) + if ev is None: + raise Exception("Timeout while waiting radio work to start") + ev = wpas.wait_event(["GAS-QUERY-START", "EXT-RADIO-WORK-START"], timeout=5) + if ev is None: + raise Exception("Timeout while waiting radio work to start (2)") + + # Remove the interface while the gas-query radio work is still pending and + # GAS query has not yet been started. + wpas.interface_remove("wlan5") + +def test_ap_hs20_anqp_format_errors(dev, apdev): + """Interworking network selection and ANQP format errors""" + bssid = apdev[0]['bssid'] + params = hs20_ap_params() + params['hessid'] = bssid + hapd = hostapd.add_ap(apdev[0], params) + + dev[0].hs20_enable() + values = { 'realm': "example.com", + 'ca_cert': "auth_serv/ca.pem", + 'username': "hs20-test", + 'password': "password", + 'domain': "example.com" } + id = dev[0].add_cred_values(values) + + dev[0].scan_for_bss(bssid, freq="2412") + + tests = [ "00", "ffff", "010011223344", "020008000005112233445500", + "01000400000000", "01000000000000", + "01000300000200", "0100040000ff0000", "01000300000100", + "01000300000001", + "01000600000056112233", + "01000900000002050001000111", + "01000600000001000000", "01000600000001ff0000", + "01000600000001020001", + "010008000000010400010001", "0100080000000104000100ff", + "010011000000010d00050200020100030005000600", + "0000" ] + for t in tests: + hapd.set("anqp_elem", "263:" + t) + dev[0].request("INTERWORKING_SELECT freq=2412") + ev = dev[0].wait_event(["INTERWORKING-NO-MATCH"], timeout=5) + if ev is None: + raise Exception("Network selection timed out") + dev[0].dump_monitor() + + dev[0].remove_cred(id) + id = dev[0].add_cred_values({ 'imsi': "555444-333222111", 'eap': "AKA", + 'milenage': "5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123"}) + + tests = [ "00", "0100", "0001", "00ff", "000200ff", "0003000101", + "00020100" ] + for t in tests: + hapd.set("anqp_elem", "264:" + t) + dev[0].request("INTERWORKING_SELECT freq=2412") + ev = dev[0].wait_event(["INTERWORKING-NO-MATCH"], timeout=5) + if ev is None: + raise Exception("Network selection timed out") + dev[0].dump_monitor()