[thirdparty/hostap.git] / tests / hwsim / test_ap_hs20.py

#!/usr/bin/python
#
# Hotspot 2.0 tests
# Copyright (c) 2013, Jouni Malinen <j@w1.fi>
#
# This software may be distributed under the terms of the BSD license.
# See README for more details.

import time
import subprocess
import logging
logger = logging.getLogger()
import os.path
import subprocess

import hostapd
from wlantest import Wlantest

def hs20_ap_params():
    params = hostapd.wpa2_params(ssid="test-hs20")
    params['wpa_key_mgmt'] = "WPA-EAP"
    params['ieee80211w'] = "1"
    params['ieee8021x'] = "1"
    params['auth_server_addr'] = "127.0.0.1"
    params['auth_server_port'] = "1812"
    params['auth_server_shared_secret'] = "radius"
    params['interworking'] = "1"
    params['access_network_type'] = "14"
    params['internet'] = "1"
    params['asra'] = "0"
    params['esr'] = "0"
    params['uesa'] = "0"
    params['venue_group'] = "7"
    params['venue_type'] = "1"
    params['venue_name'] = [ "eng:Example venue", "fin:Esimerkkipaikka" ]
    params['roaming_consortium'] = [ "112233", "1020304050", "010203040506",
                                     "fedcba" ]
    params['domain_name'] = "example.com,another.example.com"
    params['nai_realm'] = [ "0,example.com,13[5:6],21[2:4][5:7]",
                            "0,another.example.com" ]
    params['hs20'] = "1"
    params['hs20_wan_metrics'] = "01:8000:1000:80:240:3000"
    params['hs20_conn_capab'] = [ "1:0:2", "6:22:1", "17:5060:0" ]
    params['hs20_operating_class'] = "5173"
    params['anqp_3gpp_cell_net'] = "244,91"
    return params

def interworking_select(dev, bssid, type=None, no_match=False):
    dev.dump_monitor()
    dev.request("INTERWORKING_SELECT")
    ev = dev.wait_event(["INTERWORKING-AP", "INTERWORKING-NO-MATCH"],
                        timeout=15)
    if ev is None:
        raise Exception("Network selection timed out");
    if no_match:
        if "INTERWORKING-NO-MATCH" not in ev:
            raise Exception("Unexpected network match")
        return
    if "INTERWORKING-NO-MATCH" in ev:
        raise Exception("Matching network not found")
    if bssid not in ev:
        raise Exception("Unexpected BSSID in match")
    if type and "type=" + type not in ev:
        raise Exception("Network type not recognized correctly")

def check_sp_type(dev, sp_type):
    type = dev.get_status_field("sp_type")
    if type is None:
        raise Exception("sp_type not available")
    if type != sp_type:
        raise Exception("sp_type did not indicate home network")

def hlr_auc_gw_available():
    if not os.path.exists("/tmp/hlr_auc_gw.sock"):
        logger.info("No hlr_auc_gw available");
        return False
    if not os.path.exists("../../hostapd/hlr_auc_gw"):
        logger.info("No hlr_auc_gw available");
        return False
    return True

def interworking_ext_sim_connect(dev, bssid, method):
    dev.request("INTERWORKING_CONNECT " + bssid)

    ev = dev.wait_event(["CTRL-EVENT-EAP-METHOD"], timeout=15)
    if ev is None:
        raise Exception("Network connected timed out")
    if "(" + method + ")" not in ev:
        raise Exception("Unexpected EAP method selection")

    ev = dev.wait_event(["CTRL-REQ-SIM"], timeout=15)
    if ev is None:
        raise Exception("Wait for external SIM processing request timed out")
    p = ev.split(':', 2)
    if p[1] != "GSM-AUTH":
        raise Exception("Unexpected CTRL-REQ-SIM type")
    id = p[0].split('-')[3]
    rand = p[2].split(' ')[0]

    res = subprocess.check_output(["../../hostapd/hlr_auc_gw",
                                   "-m",
                                   "auth_serv/hlr_auc_gw.milenage_db",
                                   "GSM-AUTH-REQ 232010000000000 " + rand])
    if "GSM-AUTH-RESP" not in res:
        raise Exception("Unexpected hlr_auc_gw response")
    resp = res.split(' ')[2].rstrip()

    dev.request("CTRL-RSP-SIM-" + id + ":GSM-AUTH:" + resp)
    ev = dev.wait_event(["CTRL-EVENT-CONNECTED"], timeout=15)
    if ev is None:
        raise Exception("Connection timed out")

def interworking_connect(dev, bssid, method):
    dev.request("INTERWORKING_CONNECT " + bssid)

    ev = dev.wait_event(["CTRL-EVENT-EAP-METHOD"], timeout=15)
    if ev is None:
        raise Exception("Network connected timed out")
    if "(" + method + ")" not in ev:
        raise Exception("Unexpected EAP method selection")

    ev = dev.wait_event(["CTRL-EVENT-CONNECTED"], timeout=15)
    if ev is None:
        raise Exception("Connection timed out")

def check_probe_resp(wt, bssid_unexpected, bssid_expected):
    if bssid_unexpected:
        count = wt.get_bss_counter("probe_response", bssid_unexpected)
        if count > 0:
            raise Exception("Unexpected Probe Response frame from AP")

    if bssid_expected:
        count = wt.get_bss_counter("probe_response", bssid_expected)
        if count == 0:
            raise Exception("No Probe Response frame from AP")

def test_ap_interworking_scan_filtering(dev, apdev):
    """Interworking scan filtering with HESSID and access network type"""
    bssid = apdev[0]['bssid']
    params = hs20_ap_params()
    ssid = "test-hs20-ap1"
    params['ssid'] = ssid
    params['hessid'] = bssid
    hostapd.add_ap(apdev[0]['ifname'], params)

    bssid2 = apdev[1]['bssid']
    params = hs20_ap_params()
    ssid2 = "test-hs20-ap2"
    params['ssid'] = ssid2
    params['hessid'] = bssid2
    params['access_network_type'] = "1"
    del params['venue_group']
    del params['venue_type']
    hostapd.add_ap(apdev[1]['ifname'], params)

    dev[0].request("SET ignore_old_scan_res 1")
    dev[0].hs20_enable()

    wt = Wlantest()
    wt.flush()

    logger.info("Check probe request filtering based on HESSID")

    dev[0].request("SET hessid " + bssid2)
    dev[0].scan(freq="2412")
    check_probe_resp(wt, bssid, bssid2)

    logger.info("Check probe request filtering based on access network type")

    wt.clear_bss_counters(bssid)
    wt.clear_bss_counters(bssid2)
    dev[0].request("SET hessid 00:00:00:00:00:00")
    dev[0].request("SET access_network_type 14")
    dev[0].scan(freq="2412")
    check_probe_resp(wt, bssid2, bssid)

    wt.clear_bss_counters(bssid)
    wt.clear_bss_counters(bssid2)
    dev[0].request("SET hessid 00:00:00:00:00:00")
    dev[0].request("SET access_network_type 1")
    dev[0].scan(freq="2412")
    check_probe_resp(wt, bssid, bssid2)

    logger.info("Check probe request filtering based on HESSID and ANT")

    wt.clear_bss_counters(bssid)
    wt.clear_bss_counters(bssid2)
    dev[0].request("SET hessid " + bssid)
    dev[0].request("SET access_network_type 14")
    dev[0].scan(freq="2412")
    check_probe_resp(wt, bssid2, bssid)

    wt.clear_bss_counters(bssid)
    wt.clear_bss_counters(bssid2)
    dev[0].request("SET hessid " + bssid2)
    dev[0].request("SET access_network_type 14")
    dev[0].scan(freq="2412")
    check_probe_resp(wt, bssid, None)
    check_probe_resp(wt, bssid2, None)

    wt.clear_bss_counters(bssid)
    wt.clear_bss_counters(bssid2)
    dev[0].request("SET hessid " + bssid)
    dev[0].request("SET access_network_type 1")
    dev[0].scan(freq="2412")
    check_probe_resp(wt, bssid, None)
    check_probe_resp(wt, bssid2, None)

def test_ap_hs20_select(dev, apdev):
    """Hotspot 2.0 network selection"""
    bssid = apdev[0]['bssid']
    params = hs20_ap_params()
    params['hessid'] = bssid
    hostapd.add_ap(apdev[0]['ifname'], params)

    dev[0].request("SET ignore_old_scan_res 1")
    dev[0].hs20_enable()
    id = dev[0].add_cred_values({ 'realm': "example.com", 'username': "test",
                                  'password': "secret",
                                  'domain': "example.com" })
    interworking_select(dev[0], bssid, "home")

    dev[0].remove_cred(id)
    id = dev[0].add_cred_values({ 'realm': "example.com", 'username': "test",
                                  'password': "secret",
                                  'domain': "no.match.example.com" })
    interworking_select(dev[0], bssid, "roaming")

    dev[0].set_cred_quoted(id, "realm", "no.match.example.com");
    interworking_select(dev[0], bssid, no_match=True)

def test_ap_hs20_ext_sim(dev, apdev):
    """Hotspot 2.0 with external SIM processing"""
    if not hlr_auc_gw_available():
        return "skip"
    bssid = apdev[0]['bssid']
    params = hs20_ap_params()
    params['hessid'] = bssid
    params['anqp_3gpp_cell_net'] = "232,01"
    params['domain_name'] = "wlan.mnc001.mcc232.3gppnetwork.org"
    hostapd.add_ap(apdev[0]['ifname'], params)

    dev[0].request("SET ignore_old_scan_res 1")
    dev[0].hs20_enable()
    dev[0].request("SET external_sim 1")
    dev[0].add_cred_values({ 'imsi': "23201-0000000000", 'eap': "SIM" })
    interworking_select(dev[0], "home")
    interworking_ext_sim_connect(dev[0], bssid, "SIM")
    check_sp_type(dev[0], "home")

def test_ap_hs20_ext_sim_roaming(dev, apdev):
    """Hotspot 2.0 with external SIM processing in roaming network"""
    if not hlr_auc_gw_available():
        return "skip"
    bssid = apdev[0]['bssid']
    params = hs20_ap_params()
    params['hessid'] = bssid
    params['anqp_3gpp_cell_net'] = "244,91;310,026;232,01;234,56"
    params['domain_name'] = "wlan.mnc091.mcc244.3gppnetwork.org"
    hostapd.add_ap(apdev[0]['ifname'], params)

    dev[0].request("SET ignore_old_scan_res 1")
    dev[0].hs20_enable()
    dev[0].request("SET external_sim 1")
    dev[0].add_cred_values({ 'imsi': "23201-0000000000", 'eap': "SIM" })
    interworking_select(dev[0], "roaming")
    interworking_ext_sim_connect(dev[0], bssid, "SIM")
    check_sp_type(dev[0], "roaming")

def test_ap_hs20_username(dev, apdev):
    """Hotspot 2.0 connection in username/password credential"""
    bssid = apdev[0]['bssid']
    params = hs20_ap_params()
    params['hessid'] = bssid
    hostapd.add_ap(apdev[0]['ifname'], params)

    dev[0].request("SET ignore_old_scan_res 1")
    dev[0].hs20_enable()
    id = dev[0].add_cred_values({ 'realm': "example.com",
                                  'username': "hs20-test",
                                  'password': "password",
                                  'domain': "example.com" })
    interworking_select(dev[0], bssid, "home")
    interworking_connect(dev[0], bssid, "TTLS")
    check_sp_type(dev[0], "home")

def test_ap_hs20_username_roaming(dev, apdev):
    """Hotspot 2.0 connection in username/password credential (roaming)"""
    bssid = apdev[0]['bssid']
    params = hs20_ap_params()
    params['nai_realm'] = [ "0,example.com,13[5:6],21[2:4][5:7]",
                            "0,roaming.example.com,21[2:4][5:7]",
                            "0,another.example.com" ]
    params['domain_name'] = "another.example.com"
    params['hessid'] = bssid
    hostapd.add_ap(apdev[0]['ifname'], params)

    dev[0].request("SET ignore_old_scan_res 1")
    dev[0].hs20_enable()
    id = dev[0].add_cred_values({ 'realm': "roaming.example.com",
                                  'username': "hs20-test",
                                  'password': "password",
                                  'domain': "example.com" })
    interworking_select(dev[0], bssid, "roaming")
    interworking_connect(dev[0], bssid, "TTLS")
    check_sp_type(dev[0], "roaming")

def test_ap_hs20_username_unknown(dev, apdev):
    """Hotspot 2.0 connection in username/password credential (no domain in cred)"""
    bssid = apdev[0]['bssid']
    params = hs20_ap_params()
    params['hessid'] = bssid
    hostapd.add_ap(apdev[0]['ifname'], params)

    dev[0].request("SET ignore_old_scan_res 1")
    dev[0].hs20_enable()
    id = dev[0].add_cred_values({ 'realm': "example.com",
                                  'username': "hs20-test",
                                  'password': "password" })
    interworking_select(dev[0], bssid, "unknown")
    interworking_connect(dev[0], bssid, "TTLS")
    check_sp_type(dev[0], "unknown")

def test_ap_hs20_username_unknown2(dev, apdev):
    """Hotspot 2.0 connection in username/password credential (no domain advertized)"""
    bssid = apdev[0]['bssid']
    params = hs20_ap_params()
    params['hessid'] = bssid
    del params['domain_name']
    hostapd.add_ap(apdev[0]['ifname'], params)

    dev[0].request("SET ignore_old_scan_res 1")
    dev[0].hs20_enable()
    id = dev[0].add_cred_values({ 'realm': "example.com",
                                  'username': "hs20-test",
                                  'password': "password",
                                  'domain': "example.com" })
    interworking_select(dev[0], bssid, "unknown")
    interworking_connect(dev[0], bssid, "TTLS")
    check_sp_type(dev[0], "unknown")

def test_ap_hs20_gas_while_associated(dev, apdev):
    """Hotspot 2.0 connection with GAS query while associated"""
    bssid = apdev[0]['bssid']
    params = hs20_ap_params()
    params['hessid'] = bssid
    hostapd.add_ap(apdev[0]['ifname'], params)

    dev[0].request("SET ignore_old_scan_res 1")
    dev[0].hs20_enable()
    id = dev[0].add_cred_values({ 'realm': "example.com",
                                  'username': "hs20-test",
                                  'password': "password",
                                  'domain': "example.com" })
    interworking_select(dev[0], bssid, "home")
    interworking_connect(dev[0], bssid, "TTLS")

    logger.info("Verifying GAS query while associated")
    dev[0].request("FETCH_ANQP")
    for i in range(0, 6):
        ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
        if ev is None:
            raise Exception("Operation timed out")

def test_ap_hs20_gas_frag_while_associated(dev, apdev):
    """Hotspot 2.0 connection with fragmented GAS query while associated"""
    bssid = apdev[0]['bssid']
    params = hs20_ap_params()
    params['hessid'] = bssid
    hostapd.add_ap(apdev[0]['ifname'], params)
    hapd = hostapd.Hostapd(apdev[0]['ifname'])
    hapd.set("gas_frag_limit", "50")

    dev[0].request("SET ignore_old_scan_res 1")
    dev[0].hs20_enable()
    id = dev[0].add_cred_values({ 'realm': "example.com",
                                  'username': "hs20-test",
                                  'password': "password",
                                  'domain': "example.com" })
    interworking_select(dev[0], bssid, "home")
    interworking_connect(dev[0], bssid, "TTLS")

    logger.info("Verifying GAS query while associated")
    dev[0].request("FETCH_ANQP")
    for i in range(0, 6):
        ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
        if ev is None:
            raise Exception("Operation timed out")

def test_ap_hs20_multiple_connects(dev, apdev):
    """Hotspot 2.0 connection through multiple network selections"""
    bssid = apdev[0]['bssid']
    params = hs20_ap_params()
    params['hessid'] = bssid
    hostapd.add_ap(apdev[0]['ifname'], params)

    dev[0].request("SET ignore_old_scan_res 1")
    dev[0].hs20_enable()
    values = { 'realm': "example.com",
               'username': "hs20-test",
               'password': "password",
               'domain': "example.com" }
    id = dev[0].add_cred_values(values)

    for i in range(0, 3):
        logger.info("Starting Interworking network selection")
        dev[0].request("INTERWORKING_SELECT auto")
        while True:
            ev = dev[0].wait_event(["INTERWORKING-NO-MATCH",
                                    "INTERWORKING-ALREADY-CONNECTED",
                                    "CTRL-EVENT-CONNECTED"], timeout=15)
            if ev is None:
                raise Exception("Connection timed out")
            if "INTERWORKING-NO-MATCH" in ev:
                raise Exception("Matching AP not found")
            if "CTRL-EVENT-CONNECTED" in ev:
                break
            if i == 2 and "INTERWORKING-ALREADY-CONNECTED" in ev:
                break
        if i == 0:
            dev[0].request("DISCONNECT")
        dev[0].dump_monitor()

    networks = dev[0].list_networks()
    if len(networks) > 1:
        raise Exception("Duplicated network block detected")

def test_ap_hs20_disallow_aps(dev, apdev):
    """Hotspot 2.0 connection and disallow_aps"""
    bssid = apdev[0]['bssid']
    params = hs20_ap_params()
    params['hessid'] = bssid
    hostapd.add_ap(apdev[0]['ifname'], params)

    dev[0].request("SET ignore_old_scan_res 1")
    dev[0].hs20_enable()
    values = { 'realm': "example.com",
               'username': "hs20-test",
               'password': "password",
               'domain': "example.com" }
    id = dev[0].add_cred_values(values)

    logger.info("Verify disallow_aps bssid")
    dev[0].request("SET disallow_aps bssid " + bssid.translate(None, ':'))
    dev[0].request("INTERWORKING_SELECT auto")
    ev = dev[0].wait_event(["INTERWORKING-NO-MATCH"], timeout=15)
    if ev is None:
        raise Exception("Network selection timed out")
    dev[0].dump_monitor()

    logger.info("Verify disallow_aps ssid")
    dev[0].request("SET disallow_aps ssid 746573742d68733230")
    dev[0].request("INTERWORKING_SELECT auto")
    ev = dev[0].wait_event(["INTERWORKING-NO-MATCH"], timeout=15)
    if ev is None:
        raise Exception("Network selection timed out")
    dev[0].dump_monitor()

    logger.info("Verify disallow_aps clear")
    dev[0].request("SET disallow_aps ")
    interworking_select(dev[0], bssid, "home")

    dev[0].request("SET disallow_aps bssid " + bssid.translate(None, ':'))
    ret = dev[0].request("INTERWORKING_CONNECT " + bssid)
    if "FAIL" not in ret:
        raise Exception("INTERWORKING_CONNECT to disallowed BSS not rejected")

def policy_test(dev, ap, values, only_one=True):
    dev.dump_monitor()
    logger.info("Verify network selection to AP " + ap['ifname'])
    bssid = ap['bssid']
    dev.request("SET ignore_old_scan_res 1")
    dev.hs20_enable()
    id = dev.add_cred_values(values)
    dev.request("INTERWORKING_SELECT auto")
    while True:
        ev = dev.wait_event(["INTERWORKING-AP", "INTERWORKING-NO-MATCH",
                             "CTRL-EVENT-CONNECTED"], timeout=15)
        if ev is None:
            raise Exception("Connection timed out")
        if "INTERWORKING-NO-MATCH" in ev:
            raise Exception("Matching AP not found")
        if only_one and "INTERWORKING-AP" in ev and bssid not in ev:
            raise Exception("Unexpected AP claimed acceptable")
        if "CTRL-EVENT-CONNECTED" in ev:
            if bssid not in ev:
                raise Exception("Connected to incorrect BSS")
            break

    conn_bssid = dev.get_status_field("bssid")
    if conn_bssid != bssid:
        raise Exception("bssid information points to incorrect BSS")

    dev.remove_cred(id)
    dev.dump_monitor()

def default_cred():
    return { 'realm': "example.com",
             'username': "hs20-test",
             'password': "password" }

def test_ap_hs20_req_roaming_consortium(dev, apdev):
    """Hotspot 2.0 required roaming consortium"""
    params = hs20_ap_params()
    hostapd.add_ap(apdev[0]['ifname'], params)

    params = hs20_ap_params()
    params['ssid'] = "test-hs20-other"
    params['roaming_consortium'] = [ "223344" ]
    hostapd.add_ap(apdev[1]['ifname'], params)

    values = default_cred()
    values['required_roaming_consortium'] = "223344"
    policy_test(dev[0], apdev[1], values)
    values['required_roaming_consortium'] = "112233"
    policy_test(dev[0], apdev[0], values)

def test_ap_hs20_excluded_ssid(dev, apdev):
    """Hotspot 2.0 exclusion based on SSID"""
    params = hs20_ap_params()
    hostapd.add_ap(apdev[0]['ifname'], params)

    params = hs20_ap_params()
    params['ssid'] = "test-hs20-other"
    params['roaming_consortium'] = [ "223344" ]
    hostapd.add_ap(apdev[1]['ifname'], params)

    values = default_cred()
    values['excluded_ssid'] = "test-hs20"
    policy_test(dev[0], apdev[1], values)
    values['excluded_ssid'] = "test-hs20-other"
    policy_test(dev[0], apdev[0], values)
Commit	Line	Data
93a06242 JM	1	#!/usr/bin/python
	2	#
	3	# Hotspot 2.0 tests
	4	# Copyright (c) 2013, Jouni Malinen <j@w1.fi>
	5	#
	6	# This software may be distributed under the terms of the BSD license.
	7	# See README for more details.
	8
	9	import time
	10	import subprocess
	11	import logging
c9aa4308	12	logger = logging.getLogger()
efd43d85 JM	13	import os.path
efd43d85 JM	14	import subprocess
93a06242 JM	15
93a06242 JM	16	import hostapd
715bf904	17	from wlantest import Wlantest
93a06242 JM	18
	19	def hs20_ap_params():
	20	params = hostapd.wpa2_params(ssid="test-hs20")
	21	params['wpa_key_mgmt'] = "WPA-EAP"
	22	params['ieee80211w'] = "1"
	23	params['ieee8021x'] = "1"
	24	params['auth_server_addr'] = "127.0.0.1"
	25	params['auth_server_port'] = "1812"
	26	params['auth_server_shared_secret'] = "radius"
	27	params['interworking'] = "1"
	28	params['access_network_type'] = "14"
	29	params['internet'] = "1"
	30	params['asra'] = "0"
	31	params['esr'] = "0"
	32	params['uesa'] = "0"
	33	params['venue_group'] = "7"
	34	params['venue_type'] = "1"
	35	params['venue_name'] = [ "eng:Example venue", "fin:Esimerkkipaikka" ]
	36	params['roaming_consortium'] = [ "112233", "1020304050", "010203040506",
	37	"fedcba" ]
	38	params['domain_name'] = "example.com,another.example.com"
	39	params['nai_realm'] = [ "0,example.com,13[5:6],21[2:4][5:7]",
	40	"0,another.example.com" ]
	41	params['hs20'] = "1"
	42	params['hs20_wan_metrics'] = "01:8000:1000:80:240:3000"
	43	params['hs20_conn_capab'] = [ "1:0:2", "6:22:1", "17:5060:0" ]
	44	params['hs20_operating_class'] = "5173"
	45	params['anqp_3gpp_cell_net'] = "244,91"
	46	return params
	47
bbe86767 JM	48	def interworking_select(dev, bssid, type=None, no_match=False):
	49	dev.dump_monitor()
	50	dev.request("INTERWORKING_SELECT")
	51	ev = dev.wait_event(["INTERWORKING-AP", "INTERWORKING-NO-MATCH"],
	52	timeout=15)
93a06242 JM	53	if ev is None:
93a06242 JM	54	raise Exception("Network selection timed out");
bbe86767 JM	55	if no_match:
	56	if "INTERWORKING-NO-MATCH" not in ev:
	57	raise Exception("Unexpected network match")
	58	return
93a06242 JM	59	if "INTERWORKING-NO-MATCH" in ev:
	60	raise Exception("Matching network not found")
	61	if bssid not in ev:
	62	raise Exception("Unexpected BSSID in match")
bbe86767 JM	63	if type and "type=" + type not in ev:
bbe86767 JM	64	raise Exception("Network type not recognized correctly")
93a06242	65
bbe86767 JM	66	def check_sp_type(dev, sp_type):
	67	type = dev.get_status_field("sp_type")
	68	if type is None:
	69	raise Exception("sp_type not available")
	70	if type != sp_type:
	71	raise Exception("sp_type did not indicate home network")
efd43d85	72
bbe86767	73	def hlr_auc_gw_available():
efd43d85 JM	74	if not os.path.exists("/tmp/hlr_auc_gw.sock"):
efd43d85 JM	75	logger.info("No hlr_auc_gw available");
bbe86767	76	return False
efd43d85 JM	77	if not os.path.exists("../../hostapd/hlr_auc_gw"):
efd43d85 JM	78	logger.info("No hlr_auc_gw available");
bbe86767 JM	79	return False
bbe86767 JM	80	return True
efd43d85	81
bbe86767 JM	82	def interworking_ext_sim_connect(dev, bssid, method):
bbe86767 JM	83	dev.request("INTERWORKING_CONNECT " + bssid)
efd43d85	84
bbe86767	85	ev = dev.wait_event(["CTRL-EVENT-EAP-METHOD"], timeout=15)
efd43d85 JM	86	if ev is None:
efd43d85 JM	87	raise Exception("Network connected timed out")
bbe86767	88	if "(" + method + ")" not in ev:
efd43d85 JM	89	raise Exception("Unexpected EAP method selection")
efd43d85 JM	90
bbe86767	91	ev = dev.wait_event(["CTRL-REQ-SIM"], timeout=15)
efd43d85 JM	92	if ev is None:
	93	raise Exception("Wait for external SIM processing request timed out")
	94	p = ev.split(':', 2)
	95	if p[1] != "GSM-AUTH":
	96	raise Exception("Unexpected CTRL-REQ-SIM type")
	97	id = p[0].split('-')[3]
	98	rand = p[2].split(' ')[0]
	99
	100	res = subprocess.check_output(["../../hostapd/hlr_auc_gw",
	101	"-m",
	102	"auth_serv/hlr_auc_gw.milenage_db",
	103	"GSM-AUTH-REQ 232010000000000 " + rand])
	104	if "GSM-AUTH-RESP" not in res:
	105	raise Exception("Unexpected hlr_auc_gw response")
	106	resp = res.split(' ')[2].rstrip()
	107
bbe86767 JM	108	dev.request("CTRL-RSP-SIM-" + id + ":GSM-AUTH:" + resp)
bbe86767 JM	109	ev = dev.wait_event(["CTRL-EVENT-CONNECTED"], timeout=15)
efd43d85 JM	110	if ev is None:
efd43d85 JM	111	raise Exception("Connection timed out")
f4defd91	112
8fba2e5d JM	113	def interworking_connect(dev, bssid, method):
	114	dev.request("INTERWORKING_CONNECT " + bssid)
	115
	116	ev = dev.wait_event(["CTRL-EVENT-EAP-METHOD"], timeout=15)
	117	if ev is None:
	118	raise Exception("Network connected timed out")
	119	if "(" + method + ")" not in ev:
	120	raise Exception("Unexpected EAP method selection")
	121
	122	ev = dev.wait_event(["CTRL-EVENT-CONNECTED"], timeout=15)
	123	if ev is None:
	124	raise Exception("Connection timed out")
	125
715bf904 JM	126	def check_probe_resp(wt, bssid_unexpected, bssid_expected):
	127	if bssid_unexpected:
	128	count = wt.get_bss_counter("probe_response", bssid_unexpected)
	129	if count > 0:
	130	raise Exception("Unexpected Probe Response frame from AP")
	131
	132	if bssid_expected:
	133	count = wt.get_bss_counter("probe_response", bssid_expected)
	134	if count == 0:
	135	raise Exception("No Probe Response frame from AP")
	136
	137	def test_ap_interworking_scan_filtering(dev, apdev):
	138	"""Interworking scan filtering with HESSID and access network type"""
	139	bssid = apdev[0]['bssid']
	140	params = hs20_ap_params()
	141	ssid = "test-hs20-ap1"
	142	params['ssid'] = ssid
	143	params['hessid'] = bssid
	144	hostapd.add_ap(apdev[0]['ifname'], params)
	145
	146	bssid2 = apdev[1]['bssid']
	147	params = hs20_ap_params()
	148	ssid2 = "test-hs20-ap2"
	149	params['ssid'] = ssid2
	150	params['hessid'] = bssid2
	151	params['access_network_type'] = "1"
8175854e JM	152	del params['venue_group']
8175854e JM	153	del params['venue_type']
715bf904 JM	154	hostapd.add_ap(apdev[1]['ifname'], params)
	155
	156	dev[0].request("SET ignore_old_scan_res 1")
	157	dev[0].hs20_enable()
	158
	159	wt = Wlantest()
	160	wt.flush()
	161
	162	logger.info("Check probe request filtering based on HESSID")
	163
	164	dev[0].request("SET hessid " + bssid2)
0589f401	165	dev[0].scan(freq="2412")
715bf904 JM	166	check_probe_resp(wt, bssid, bssid2)
	167
	168	logger.info("Check probe request filtering based on access network type")
	169
	170	wt.clear_bss_counters(bssid)
	171	wt.clear_bss_counters(bssid2)
	172	dev[0].request("SET hessid 00:00:00:00:00:00")
	173	dev[0].request("SET access_network_type 14")
0589f401	174	dev[0].scan(freq="2412")
715bf904 JM	175	check_probe_resp(wt, bssid2, bssid)
	176
	177	wt.clear_bss_counters(bssid)
	178	wt.clear_bss_counters(bssid2)
	179	dev[0].request("SET hessid 00:00:00:00:00:00")
	180	dev[0].request("SET access_network_type 1")
0589f401	181	dev[0].scan(freq="2412")
715bf904 JM	182	check_probe_resp(wt, bssid, bssid2)
	183
	184	logger.info("Check probe request filtering based on HESSID and ANT")
	185
	186	wt.clear_bss_counters(bssid)
	187	wt.clear_bss_counters(bssid2)
	188	dev[0].request("SET hessid " + bssid)
	189	dev[0].request("SET access_network_type 14")
0589f401	190	dev[0].scan(freq="2412")
715bf904 JM	191	check_probe_resp(wt, bssid2, bssid)
	192
	193	wt.clear_bss_counters(bssid)
	194	wt.clear_bss_counters(bssid2)
	195	dev[0].request("SET hessid " + bssid2)
	196	dev[0].request("SET access_network_type 14")
0589f401	197	dev[0].scan(freq="2412")
715bf904 JM	198	check_probe_resp(wt, bssid, None)
	199	check_probe_resp(wt, bssid2, None)
	200
	201	wt.clear_bss_counters(bssid)
	202	wt.clear_bss_counters(bssid2)
	203	dev[0].request("SET hessid " + bssid)
	204	dev[0].request("SET access_network_type 1")
0589f401	205	dev[0].scan(freq="2412")
715bf904 JM	206	check_probe_resp(wt, bssid, None)
	207	check_probe_resp(wt, bssid2, None)
	208
bbe86767 JM	209	def test_ap_hs20_select(dev, apdev):
	210	"""Hotspot 2.0 network selection"""
	211	bssid = apdev[0]['bssid']
	212	params = hs20_ap_params()
	213	params['hessid'] = bssid
	214	hostapd.add_ap(apdev[0]['ifname'], params)
	215
469f5f3c	216	dev[0].request("SET ignore_old_scan_res 1")
bbe86767	217	dev[0].hs20_enable()
2232edf8 JM	218	id = dev[0].add_cred_values({ 'realm': "example.com", 'username': "test",
	219	'password': "secret",
	220	'domain': "example.com" })
bbe86767 JM	221	interworking_select(dev[0], bssid, "home")
	222
	223	dev[0].remove_cred(id)
2232edf8 JM	224	id = dev[0].add_cred_values({ 'realm': "example.com", 'username': "test",
	225	'password': "secret",
	226	'domain': "no.match.example.com" })
bbe86767 JM	227	interworking_select(dev[0], bssid, "roaming")
	228
	229	dev[0].set_cred_quoted(id, "realm", "no.match.example.com");
	230	interworking_select(dev[0], bssid, no_match=True)
	231
	232	def test_ap_hs20_ext_sim(dev, apdev):
	233	"""Hotspot 2.0 with external SIM processing"""
	234	if not hlr_auc_gw_available():
	235	return "skip"
	236	bssid = apdev[0]['bssid']
	237	params = hs20_ap_params()
	238	params['hessid'] = bssid
	239	params['anqp_3gpp_cell_net'] = "232,01"
	240	params['domain_name'] = "wlan.mnc001.mcc232.3gppnetwork.org"
	241	hostapd.add_ap(apdev[0]['ifname'], params)
	242
469f5f3c	243	dev[0].request("SET ignore_old_scan_res 1")
bbe86767 JM	244	dev[0].hs20_enable()
bbe86767 JM	245	dev[0].request("SET external_sim 1")
2232edf8	246	dev[0].add_cred_values({ 'imsi': "23201-0000000000", 'eap': "SIM" })
bbe86767 JM	247	interworking_select(dev[0], "home")
	248	interworking_ext_sim_connect(dev[0], bssid, "SIM")
	249	check_sp_type(dev[0], "home")
59f8a3c6 JM	250
	251	def test_ap_hs20_ext_sim_roaming(dev, apdev):
	252	"""Hotspot 2.0 with external SIM processing in roaming network"""
	253	if not hlr_auc_gw_available():
	254	return "skip"
	255	bssid = apdev[0]['bssid']
	256	params = hs20_ap_params()
	257	params['hessid'] = bssid
	258	params['anqp_3gpp_cell_net'] = "244,91;310,026;232,01;234,56"
	259	params['domain_name'] = "wlan.mnc091.mcc244.3gppnetwork.org"
	260	hostapd.add_ap(apdev[0]['ifname'], params)
	261
469f5f3c	262	dev[0].request("SET ignore_old_scan_res 1")
59f8a3c6 JM	263	dev[0].hs20_enable()
59f8a3c6 JM	264	dev[0].request("SET external_sim 1")
2232edf8	265	dev[0].add_cred_values({ 'imsi': "23201-0000000000", 'eap': "SIM" })
59f8a3c6 JM	266	interworking_select(dev[0], "roaming")
	267	interworking_ext_sim_connect(dev[0], bssid, "SIM")
	268	check_sp_type(dev[0], "roaming")
8fba2e5d JM	269
	270	def test_ap_hs20_username(dev, apdev):
	271	"""Hotspot 2.0 connection in username/password credential"""
8fba2e5d JM	272	bssid = apdev[0]['bssid']
	273	params = hs20_ap_params()
	274	params['hessid'] = bssid
	275	hostapd.add_ap(apdev[0]['ifname'], params)
	276
469f5f3c	277	dev[0].request("SET ignore_old_scan_res 1")
8fba2e5d	278	dev[0].hs20_enable()
2232edf8 JM	279	id = dev[0].add_cred_values({ 'realm': "example.com",
	280	'username': "hs20-test",
	281	'password': "password",
	282	'domain': "example.com" })
8fba2e5d JM	283	interworking_select(dev[0], bssid, "home")
	284	interworking_connect(dev[0], bssid, "TTLS")
	285	check_sp_type(dev[0], "home")
	286
	287	def test_ap_hs20_username_roaming(dev, apdev):
	288	"""Hotspot 2.0 connection in username/password credential (roaming)"""
8fba2e5d JM	289	bssid = apdev[0]['bssid']
	290	params = hs20_ap_params()
	291	params['nai_realm'] = [ "0,example.com,13[5:6],21[2:4][5:7]",
	292	"0,roaming.example.com,21[2:4][5:7]",
	293	"0,another.example.com" ]
	294	params['domain_name'] = "another.example.com"
	295	params['hessid'] = bssid
	296	hostapd.add_ap(apdev[0]['ifname'], params)
	297
469f5f3c	298	dev[0].request("SET ignore_old_scan_res 1")
8fba2e5d	299	dev[0].hs20_enable()
2232edf8 JM	300	id = dev[0].add_cred_values({ 'realm': "roaming.example.com",
	301	'username': "hs20-test",
	302	'password': "password",
	303	'domain': "example.com" })
8fba2e5d JM	304	interworking_select(dev[0], bssid, "roaming")
	305	interworking_connect(dev[0], bssid, "TTLS")
	306	check_sp_type(dev[0], "roaming")
	307
	308	def test_ap_hs20_username_unknown(dev, apdev):
	309	"""Hotspot 2.0 connection in username/password credential (no domain in cred)"""
8fba2e5d JM	310	bssid = apdev[0]['bssid']
	311	params = hs20_ap_params()
	312	params['hessid'] = bssid
	313	hostapd.add_ap(apdev[0]['ifname'], params)
	314
469f5f3c	315	dev[0].request("SET ignore_old_scan_res 1")
8fba2e5d	316	dev[0].hs20_enable()
2232edf8 JM	317	id = dev[0].add_cred_values({ 'realm': "example.com",
	318	'username': "hs20-test",
	319	'password': "password" })
8fba2e5d JM	320	interworking_select(dev[0], bssid, "unknown")
	321	interworking_connect(dev[0], bssid, "TTLS")
	322	check_sp_type(dev[0], "unknown")
	323
	324	def test_ap_hs20_username_unknown2(dev, apdev):
	325	"""Hotspot 2.0 connection in username/password credential (no domain advertized)"""
8fba2e5d JM	326	bssid = apdev[0]['bssid']
	327	params = hs20_ap_params()
	328	params['hessid'] = bssid
	329	del params['domain_name']
	330	hostapd.add_ap(apdev[0]['ifname'], params)
	331
469f5f3c	332	dev[0].request("SET ignore_old_scan_res 1")
8fba2e5d	333	dev[0].hs20_enable()
2232edf8 JM	334	id = dev[0].add_cred_values({ 'realm': "example.com",
	335	'username': "hs20-test",
	336	'password': "password",
	337	'domain': "example.com" })
8fba2e5d JM	338	interworking_select(dev[0], bssid, "unknown")
	339	interworking_connect(dev[0], bssid, "TTLS")
	340	check_sp_type(dev[0], "unknown")
d1ba402f	341
483691bd JM	342	def test_ap_hs20_gas_while_associated(dev, apdev):
	343	"""Hotspot 2.0 connection with GAS query while associated"""
	344	bssid = apdev[0]['bssid']
	345	params = hs20_ap_params()
	346	params['hessid'] = bssid
	347	hostapd.add_ap(apdev[0]['ifname'], params)
	348
	349	dev[0].request("SET ignore_old_scan_res 1")
	350	dev[0].hs20_enable()
	351	id = dev[0].add_cred_values({ 'realm': "example.com",
	352	'username': "hs20-test",
	353	'password': "password",
	354	'domain': "example.com" })
	355	interworking_select(dev[0], bssid, "home")
	356	interworking_connect(dev[0], bssid, "TTLS")
	357
	358	logger.info("Verifying GAS query while associated")
	359	dev[0].request("FETCH_ANQP")
	360	for i in range(0, 6):
	361	ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
	362	if ev is None:
	363	raise Exception("Operation timed out")
	364
	365	def test_ap_hs20_gas_frag_while_associated(dev, apdev):
	366	"""Hotspot 2.0 connection with fragmented GAS query while associated"""
	367	bssid = apdev[0]['bssid']
	368	params = hs20_ap_params()
	369	params['hessid'] = bssid
	370	hostapd.add_ap(apdev[0]['ifname'], params)
	371	hapd = hostapd.Hostapd(apdev[0]['ifname'])
	372	hapd.set("gas_frag_limit", "50")
	373
	374	dev[0].request("SET ignore_old_scan_res 1")
	375	dev[0].hs20_enable()
	376	id = dev[0].add_cred_values({ 'realm': "example.com",
	377	'username': "hs20-test",
	378	'password': "password",
	379	'domain': "example.com" })
	380	interworking_select(dev[0], bssid, "home")
	381	interworking_connect(dev[0], bssid, "TTLS")
	382
	383	logger.info("Verifying GAS query while associated")
	384	dev[0].request("FETCH_ANQP")
	385	for i in range(0, 6):
	386	ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
	387	if ev is None:
	388	raise Exception("Operation timed out")
	389
6a0b4002 JM	390	def test_ap_hs20_multiple_connects(dev, apdev):
	391	"""Hotspot 2.0 connection through multiple network selections"""
	392	bssid = apdev[0]['bssid']
	393	params = hs20_ap_params()
	394	params['hessid'] = bssid
	395	hostapd.add_ap(apdev[0]['ifname'], params)
	396
469f5f3c	397	dev[0].request("SET ignore_old_scan_res 1")
6a0b4002 JM	398	dev[0].hs20_enable()
	399	values = { 'realm': "example.com",
	400	'username': "hs20-test",
	401	'password': "password",
	402	'domain': "example.com" }
	403	id = dev[0].add_cred_values(values)
	404
	405	for i in range(0, 3):
	406	logger.info("Starting Interworking network selection")
	407	dev[0].request("INTERWORKING_SELECT auto")
	408	while True:
	409	ev = dev[0].wait_event(["INTERWORKING-NO-MATCH",
	410	"INTERWORKING-ALREADY-CONNECTED",
	411	"CTRL-EVENT-CONNECTED"], timeout=15)
	412	if ev is None:
	413	raise Exception("Connection timed out")
	414	if "INTERWORKING-NO-MATCH" in ev:
	415	raise Exception("Matching AP not found")
	416	if "CTRL-EVENT-CONNECTED" in ev:
	417	break
	418	if i == 2 and "INTERWORKING-ALREADY-CONNECTED" in ev:
	419	break
	420	if i == 0:
	421	dev[0].request("DISCONNECT")
	422	dev[0].dump_monitor()
	423
	424	networks = dev[0].list_networks()
	425	if len(networks) > 1:
	426	raise Exception("Duplicated network block detected")
	427
b4264f8f JM	428	def test_ap_hs20_disallow_aps(dev, apdev):
	429	"""Hotspot 2.0 connection and disallow_aps"""
	430	bssid = apdev[0]['bssid']
	431	params = hs20_ap_params()
	432	params['hessid'] = bssid
	433	hostapd.add_ap(apdev[0]['ifname'], params)
	434
469f5f3c	435	dev[0].request("SET ignore_old_scan_res 1")
b4264f8f JM	436	dev[0].hs20_enable()
	437	values = { 'realm': "example.com",
	438	'username': "hs20-test",
	439	'password': "password",
	440	'domain': "example.com" }
	441	id = dev[0].add_cred_values(values)
	442
	443	logger.info("Verify disallow_aps bssid")
	444	dev[0].request("SET disallow_aps bssid " + bssid.translate(None, ':'))
	445	dev[0].request("INTERWORKING_SELECT auto")
	446	ev = dev[0].wait_event(["INTERWORKING-NO-MATCH"], timeout=15)
	447	if ev is None:
	448	raise Exception("Network selection timed out")
	449	dev[0].dump_monitor()
	450
	451	logger.info("Verify disallow_aps ssid")
	452	dev[0].request("SET disallow_aps ssid 746573742d68733230")
	453	dev[0].request("INTERWORKING_SELECT auto")
	454	ev = dev[0].wait_event(["INTERWORKING-NO-MATCH"], timeout=15)
	455	if ev is None:
	456	raise Exception("Network selection timed out")
	457	dev[0].dump_monitor()
	458
	459	logger.info("Verify disallow_aps clear")
	460	dev[0].request("SET disallow_aps ")
	461	interworking_select(dev[0], bssid, "home")
	462
	463	dev[0].request("SET disallow_aps bssid " + bssid.translate(None, ':'))
	464	ret = dev[0].request("INTERWORKING_CONNECT " + bssid)
	465	if "FAIL" not in ret:
	466	raise Exception("INTERWORKING_CONNECT to disallowed BSS not rejected")
	467
d1ba402f JM	468	def policy_test(dev, ap, values, only_one=True):
	469	dev.dump_monitor()
	470	logger.info("Verify network selection to AP " + ap['ifname'])
	471	bssid = ap['bssid']
469f5f3c	472	dev.request("SET ignore_old_scan_res 1")
d1ba402f JM	473	dev.hs20_enable()
	474	id = dev.add_cred_values(values)
	475	dev.request("INTERWORKING_SELECT auto")
	476	while True:
	477	ev = dev.wait_event(["INTERWORKING-AP", "INTERWORKING-NO-MATCH",
	478	"CTRL-EVENT-CONNECTED"], timeout=15)
	479	if ev is None:
	480	raise Exception("Connection timed out")
	481	if "INTERWORKING-NO-MATCH" in ev:
	482	raise Exception("Matching AP not found")
	483	if only_one and "INTERWORKING-AP" in ev and bssid not in ev:
	484	raise Exception("Unexpected AP claimed acceptable")
	485	if "CTRL-EVENT-CONNECTED" in ev:
	486	if bssid not in ev:
	487	raise Exception("Connected to incorrect BSS")
	488	break
	489
	490	conn_bssid = dev.get_status_field("bssid")
	491	if conn_bssid != bssid:
	492	raise Exception("bssid information points to incorrect BSS")
	493
	494	dev.remove_cred(id)
	495	dev.dump_monitor()
	496
d355372c JM	497	def default_cred():
	498	return { 'realm': "example.com",
	499	'username': "hs20-test",
	500	'password': "password" }
	501
d1ba402f JM	502	def test_ap_hs20_req_roaming_consortium(dev, apdev):
	503	"""Hotspot 2.0 required roaming consortium"""
	504	params = hs20_ap_params()
	505	hostapd.add_ap(apdev[0]['ifname'], params)
	506
	507	params = hs20_ap_params()
	508	params['ssid'] = "test-hs20-other"
	509	params['roaming_consortium'] = [ "223344" ]
	510	hostapd.add_ap(apdev[1]['ifname'], params)
	511
d355372c JM	512	values = default_cred()
d355372c JM	513	values['required_roaming_consortium'] = "223344"
d1ba402f JM	514	policy_test(dev[0], apdev[1], values)
	515	values['required_roaming_consortium'] = "112233"
	516	policy_test(dev[0], apdev[0], values)
d355372c JM	517
	518	def test_ap_hs20_excluded_ssid(dev, apdev):
	519	"""Hotspot 2.0 exclusion based on SSID"""
	520	params = hs20_ap_params()
	521	hostapd.add_ap(apdev[0]['ifname'], params)
	522
	523	params = hs20_ap_params()
	524	params['ssid'] = "test-hs20-other"
	525	params['roaming_consortium'] = [ "223344" ]
	526	hostapd.add_ap(apdev[1]['ifname'], params)
	527
	528	values = default_cred()
	529	values['excluded_ssid'] = "test-hs20"
	530	policy_test(dev[0], apdev[1], values)
	531	values['excluded_ssid'] = "test-hs20-other"
	532	policy_test(dev[0], apdev[0], values)