]> git.ipfire.org Git - thirdparty/hostap.git/blame - tests/hwsim/test_ap_hs20.py
projects / thirdparty / hostap.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
tests: Remove unused import subprocess
[thirdparty/hostap.git] / tests / hwsim / test_ap_hs20.py
CommitLineData
93a06242 1# Hotspot 2.0 tests
3b51cc63 2# Copyright (c) 2013-2015, Jouni Malinen <j@w1.fi>
93a06242
JM		 3#
4# This software may be distributed under the terms of the BSD license.
5# See README for more details.
6
446dd748 7import base64
67aeee11
JM		 8import binascii
9import struct
93a06242 10import time
93a06242 11import logging
c9aa4308 12logger = logging.getLogger()
97de642a 13import os
efd43d85 14import os.path
67aeee11 15import socket
efd43d85 16import subprocess
93a06242
JM		 17
18import hostapd
20c7d26f 19from utils import HwsimSkip, skip_with_fips, alloc_fail
40e4c9c8 20import hwsim_utils
efd0a6fb 21from tshark import run_tshark
715bf904 22from wlantest import Wlantest
9d1e1172 23from wpasupplicant import WpaSupplicant
24579e70 24from test_ap_eap import check_eap_capa, check_domain_match_full
93a06242 25
d4058934
JM		 26def hs20_ap_params(ssid="test-hs20"):
27 params = hostapd.wpa2_params(ssid=ssid)
93a06242
JM		 28 params['wpa_key_mgmt'] = "WPA-EAP"
29 params['ieee80211w'] = "1"
30 params['ieee8021x'] = "1"
31 params['auth_server_addr'] = "127.0.0.1"
32 params['auth_server_port'] = "1812"
33 params['auth_server_shared_secret'] = "radius"
34 params['interworking'] = "1"
35 params['access_network_type'] = "14"
36 params['internet'] = "1"
37 params['asra'] = "0"
38 params['esr'] = "0"
39 params['uesa'] = "0"
40 params['venue_group'] = "7"
41 params['venue_type'] = "1"
42 params['venue_name'] = [ "eng:Example venue", "fin:Esimerkkipaikka" ]
43 params['roaming_consortium'] = [ "112233", "1020304050", "010203040506",
44 "fedcba" ]
45 params['domain_name'] = "example.com,another.example.com"
46 params['nai_realm'] = [ "0,example.com,13[5:6],21[2:4][5:7]",
47 "0,another.example.com" ]
48 params['hs20'] = "1"
49 params['hs20_wan_metrics'] = "01:8000:1000:80:240:3000"
50 params['hs20_conn_capab'] = [ "1:0:2", "6:22:1", "17:5060:0" ]
51 params['hs20_operating_class'] = "5173"
52 params['anqp_3gpp_cell_net'] = "244,91"
53 return params
54
9714fbcd 55def check_auto_select(dev, bssid):
841bed04 56 dev.scan_for_bss(bssid, freq="2412")
9714fbcd 57 dev.request("INTERWORKING_SELECT auto freq=2412")
5f35a5e2 58 ev = dev.wait_connected(timeout=15)
9714fbcd
JM		 59 if bssid not in ev:
60 raise Exception("Connected to incorrect network")
61 dev.request("REMOVE_NETWORK all")
092ac7bb 62 dev.wait_disconnected()
a359c7bb 63 dev.dump_monitor()
9714fbcd 64
2f37a66d 65def interworking_select(dev, bssid, type=None, no_match=False, freq=None):
bbe86767 66 dev.dump_monitor()
841bed04
JM		 67 if bssid and freq and not no_match:
68 dev.scan_for_bss(bssid, freq=freq)
22653762 69 freq_extra = " freq=" + str(freq) if freq else ""
2f37a66d 70 dev.request("INTERWORKING_SELECT" + freq_extra)
bbe86767
JM		 71 ev = dev.wait_event(["INTERWORKING-AP", "INTERWORKING-NO-MATCH"],
72 timeout=15)
93a06242
JM		 73 if ev is None:
74 raise Exception("Network selection timed out");
bbe86767
JM		 75 if no_match:
76 if "INTERWORKING-NO-MATCH" not in ev:
77 raise Exception("Unexpected network match")
78 return
93a06242 79 if "INTERWORKING-NO-MATCH" in ev:
0dee3a0a
JM		 80 logger.info("Matching network not found - try again")
81 dev.dump_monitor()
82 dev.request("INTERWORKING_SELECT" + freq_extra)
83 ev = dev.wait_event(["INTERWORKING-AP", "INTERWORKING-NO-MATCH"],
84 timeout=15)
85 if ev is None:
86 raise Exception("Network selection timed out");
87 if "INTERWORKING-NO-MATCH" in ev:
88 raise Exception("Matching network not found")
2cdd91d8 89 if bssid and bssid not in ev:
93a06242 90 raise Exception("Unexpected BSSID in match")
bbe86767
JM		 91 if type and "type=" + type not in ev:
92 raise Exception("Network type not recognized correctly")
93a06242 93
bbe86767
JM		 94def check_sp_type(dev, sp_type):
95 type = dev.get_status_field("sp_type")
96 if type is None:
97 raise Exception("sp_type not available")
98 if type != sp_type:
99 raise Exception("sp_type did not indicate home network")
efd43d85 100
bbe86767 101def hlr_auc_gw_available():
efd43d85 102 if not os.path.exists("/tmp/hlr_auc_gw.sock"):
81e787b7 103 raise HwsimSkip("No hlr_auc_gw socket available")
efd43d85 104 if not os.path.exists("../../hostapd/hlr_auc_gw"):
81e787b7 105 raise HwsimSkip("No hlr_auc_gw available")
efd43d85 106
bbe86767
JM		 107def interworking_ext_sim_connect(dev, bssid, method):
108 dev.request("INTERWORKING_CONNECT " + bssid)
078683ac 109 interworking_ext_sim_auth(dev, method)
efd43d85 110
078683ac 111def interworking_ext_sim_auth(dev, method):
bbe86767 112 ev = dev.wait_event(["CTRL-EVENT-EAP-METHOD"], timeout=15)
efd43d85
JM		 113 if ev is None:
114 raise Exception("Network connected timed out")
bbe86767 115 if "(" + method + ")" not in ev:
efd43d85
JM		 116 raise Exception("Unexpected EAP method selection")
117
bbe86767 118 ev = dev.wait_event(["CTRL-REQ-SIM"], timeout=15)
efd43d85
JM		 119 if ev is None:
120 raise Exception("Wait for external SIM processing request timed out")
121 p = ev.split(':', 2)
122 if p[1] != "GSM-AUTH":
123 raise Exception("Unexpected CTRL-REQ-SIM type")
124 id = p[0].split('-')[3]
125 rand = p[2].split(' ')[0]
126
127 res = subprocess.check_output(["../../hostapd/hlr_auc_gw",
128 "-m",
129 "auth_serv/hlr_auc_gw.milenage_db",
130 "GSM-AUTH-REQ 232010000000000 " + rand])
131 if "GSM-AUTH-RESP" not in res:
132 raise Exception("Unexpected hlr_auc_gw response")
133 resp = res.split(' ')[2].rstrip()
134
bbe86767 135 dev.request("CTRL-RSP-SIM-" + id + ":GSM-AUTH:" + resp)
5f35a5e2 136 dev.wait_connected(timeout=15)
f4defd91 137
8fba2e5d
JM		 138def interworking_connect(dev, bssid, method):
139 dev.request("INTERWORKING_CONNECT " + bssid)
078683ac 140 interworking_auth(dev, method)
8fba2e5d 141
078683ac 142def interworking_auth(dev, method):
8fba2e5d
JM		 143 ev = dev.wait_event(["CTRL-EVENT-EAP-METHOD"], timeout=15)
144 if ev is None:
145 raise Exception("Network connected timed out")
146 if "(" + method + ")" not in ev:
147 raise Exception("Unexpected EAP method selection")
148
5f35a5e2 149 dev.wait_connected(timeout=15)
8fba2e5d 150
715bf904
JM		 151def check_probe_resp(wt, bssid_unexpected, bssid_expected):
152 if bssid_unexpected:
153 count = wt.get_bss_counter("probe_response", bssid_unexpected)
154 if count > 0:
155 raise Exception("Unexpected Probe Response frame from AP")
156
157 if bssid_expected:
158 count = wt.get_bss_counter("probe_response", bssid_expected)
159 if count == 0:
160 raise Exception("No Probe Response frame from AP")
161
2cdd91d8
JM		 162def test_ap_anqp_sharing(dev, apdev):
163 """ANQP sharing within ESS and explicit unshare"""
e7ac04ce 164 check_eap_capa(dev[0], "MSCHAPV2")
57f08b3f
JM		 165 dev[0].flush_scan_cache()
166
2cdd91d8
JM		 167 bssid = apdev[0]['bssid']
168 params = hs20_ap_params()
169 params['hessid'] = bssid
8b8a1864 170 hostapd.add_ap(apdev[0], params)
2cdd91d8
JM		 171
172 bssid2 = apdev[1]['bssid']
173 params = hs20_ap_params()
174 params['hessid'] = bssid
175 params['nai_realm'] = [ "0,example.com,13[5:6],21[2:4][5:7]" ]
8b8a1864 176 hostapd.add_ap(apdev[1], params)
2cdd91d8 177
2cdd91d8
JM		 178 dev[0].hs20_enable()
179 id = dev[0].add_cred_values({ 'realm': "example.com", 'username': "test",
180 'password': "secret",
181 'domain': "example.com" })
182 logger.info("Normal network selection with shared ANQP results")
841bed04
JM		 183 dev[0].scan_for_bss(bssid, freq="2412")
184 dev[0].scan_for_bss(bssid2, freq="2412")
2f37a66d 185 interworking_select(dev[0], None, "home", freq="2412")
2cdd91d8
JM		 186 dev[0].dump_monitor()
187
57f08b3f 188 logger.debug("BSS entries:\n" + dev[0].request("BSS RANGE=ALL"))
2cdd91d8
JM		 189 res1 = dev[0].get_bss(bssid)
190 res2 = dev[0].get_bss(bssid2)
57f08b3f
JM		 191 if 'anqp_nai_realm' not in res1:
192 raise Exception("anqp_nai_realm not found for AP1")
193 if 'anqp_nai_realm' not in res2:
194 raise Exception("anqp_nai_realm not found for AP2")
2cdd91d8
JM		 195 if res1['anqp_nai_realm'] != res2['anqp_nai_realm']:
196 raise Exception("ANQP results were not shared between BSSes")
197
198 logger.info("Explicit ANQP request to unshare ANQP results")
199 dev[0].request("ANQP_GET " + bssid + " 263")
200 ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
201 if ev is None:
202 raise Exception("ANQP operation timed out")
203
204 dev[0].request("ANQP_GET " + bssid2 + " 263")
205 ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
206 if ev is None:
207 raise Exception("ANQP operation timed out")
208
209 res1 = dev[0].get_bss(bssid)
210 res2 = dev[0].get_bss(bssid2)
211 if res1['anqp_nai_realm'] == res2['anqp_nai_realm']:
212 raise Exception("ANQP results were not unshared")
213
20c7d26f
JM		 214def test_ap_anqp_sharing_oom(dev, apdev):
215 """ANQP sharing within ESS and explicit unshare OOM"""
216 check_eap_capa(dev[0], "MSCHAPV2")
217 dev[0].flush_scan_cache()
218
219 bssid = apdev[0]['bssid']
220 params = hs20_ap_params()
221 params['hessid'] = bssid
222 hostapd.add_ap(apdev[0], params)
223
224 bssid2 = apdev[1]['bssid']
225 params = hs20_ap_params()
226 params['hessid'] = bssid
227 params['nai_realm'] = [ "0,example.com,13[5:6],21[2:4][5:7]" ]
228 hostapd.add_ap(apdev[1], params)
229
230 dev[0].hs20_enable()
231 id = dev[0].add_cred_values({ 'realm': "example.com", 'username': "test",
232 'password': "secret",
233 'domain': "example.com" })
234 dev[0].scan_for_bss(bssid, freq="2412")
235 dev[0].scan_for_bss(bssid2, freq="2412")
236 interworking_select(dev[0], None, "home", freq="2412")
237 dev[0].dump_monitor()
238
239 with alloc_fail(dev[0], 1, "wpa_bss_anqp_clone"):
240 dev[0].request("ANQP_GET " + bssid + " 263")
241 ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
242 if ev is None:
243 raise Exception("ANQP operation timed out")
244
cddc19e5
JM		 245def test_ap_nai_home_realm_query(dev, apdev):
246 """NAI Home Realm Query"""
e7ac04ce 247 check_eap_capa(dev[0], "MSCHAPV2")
cddc19e5
JM		 248 bssid = apdev[0]['bssid']
249 params = hs20_ap_params()
250 params['nai_realm'] = [ "0,example.com,13[5:6],21[2:4][5:7]",
251 "0,another.example.org" ]
8b8a1864 252 hostapd.add_ap(apdev[0], params)
cddc19e5
JM		 253
254 dev[0].scan(freq="2412")
255 dev[0].request("HS20_GET_NAI_HOME_REALM_LIST " + bssid + " realm=example.com")
256 ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
257 if ev is None:
258 raise Exception("ANQP operation timed out")
259 nai1 = dev[0].get_bss(bssid)['anqp_nai_realm']
260 dev[0].dump_monitor()
261
262 dev[0].request("ANQP_GET " + bssid + " 263")
263 ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
264 if ev is None:
265 raise Exception("ANQP operation timed out")
266 nai2 = dev[0].get_bss(bssid)['anqp_nai_realm']
267
268 if len(nai1) >= len(nai2):
269 raise Exception("Unexpected NAI Realm list response lengths")
270 if "example.com".encode('hex') not in nai1:
271 raise Exception("Home realm not reported")
272 if "example.org".encode('hex') in nai1:
273 raise Exception("Non-home realm reported")
274 if "example.com".encode('hex') not in nai2:
275 raise Exception("Home realm not reported in wildcard query")
276 if "example.org".encode('hex') not in nai2:
277 raise Exception("Non-home realm not reported in wildcard query ")
278
ea215c54
JM		 279 cmds = [ "foo",
280 "00:11:22:33:44:55 123",
281 "00:11:22:33:44:55 qq" ]
282 for cmd in cmds:
283 if "FAIL" not in dev[0].request("HS20_GET_NAI_HOME_REALM_LIST " + cmd):
284 raise Exception("Invalid HS20_GET_NAI_HOME_REALM_LIST accepted: " + cmd)
285
286 dev[0].dump_monitor()
287 if "OK" not in dev[0].request("HS20_GET_NAI_HOME_REALM_LIST " + bssid):
288 raise Exception("HS20_GET_NAI_HOME_REALM_LIST failed")
289 ev = dev[0].wait_event(["GAS-QUERY-DONE"], timeout=10)
290 if ev is None:
291 raise Exception("ANQP operation timed out")
292 ev = dev[0].wait_event(["RX-ANQP"], timeout=0.1)
293 if ev is not None:
294 raise Exception("Unexpected ANQP response: " + ev)
295
296 dev[0].dump_monitor()
297 if "OK" not in dev[0].request("HS20_GET_NAI_HOME_REALM_LIST " + bssid + " 01000b6578616d706c652e636f6d"):
298 raise Exception("HS20_GET_NAI_HOME_REALM_LIST failed")
299 ev = dev[0].wait_event(["RX-ANQP"], timeout=10)
300 if ev is None:
301 raise Exception("No ANQP response")
302 if "NAI Realm list" not in ev:
303 raise Exception("Missing NAI Realm list: " + ev)
304
305 dev[0].add_cred_values({ 'realm': "example.com", 'username': "test",
306 'password': "secret",
307 'domain': "example.com" })
308 dev[0].dump_monitor()
309 if "OK" not in dev[0].request("HS20_GET_NAI_HOME_REALM_LIST " + bssid):
310 raise Exception("HS20_GET_NAI_HOME_REALM_LIST failed")
311 ev = dev[0].wait_event(["RX-ANQP"], timeout=10)
312 if ev is None:
313 raise Exception("No ANQP response")
314 if "NAI Realm list" not in ev:
315 raise Exception("Missing NAI Realm list: " + ev)
316
715bf904
JM		 317def test_ap_interworking_scan_filtering(dev, apdev):
318 """Interworking scan filtering with HESSID and access network type"""
e4d7b513 319 try:
81e787b7 320 _test_ap_interworking_scan_filtering(dev, apdev)
e4d7b513
JM		 321 finally:
322 dev[0].request("SET hessid 00:00:00:00:00:00")
323 dev[0].request("SET access_network_type 15")
324
325def _test_ap_interworking_scan_filtering(dev, apdev):
715bf904
JM		 326 bssid = apdev[0]['bssid']
327 params = hs20_ap_params()
328 ssid = "test-hs20-ap1"
329 params['ssid'] = ssid
330 params['hessid'] = bssid
8efc83d4 331 hapd0 = hostapd.add_ap(apdev[0], params)
715bf904
JM		 332
333 bssid2 = apdev[1]['bssid']
334 params = hs20_ap_params()
335 ssid2 = "test-hs20-ap2"
336 params['ssid'] = ssid2
337 params['hessid'] = bssid2
338 params['access_network_type'] = "1"
8175854e
JM		 339 del params['venue_group']
340 del params['venue_type']
8b8a1864 341 hostapd.add_ap(apdev[1], params)
715bf904 342
715bf904
JM		 343 dev[0].hs20_enable()
344
8efc83d4 345 Wlantest.setup(hapd0)
715bf904
JM		 346 wt = Wlantest()
347 wt.flush()
348
349 logger.info("Check probe request filtering based on HESSID")
350
351 dev[0].request("SET hessid " + bssid2)
0589f401 352 dev[0].scan(freq="2412")
94a2dd0b 353 time.sleep(0.03)
715bf904
JM		 354 check_probe_resp(wt, bssid, bssid2)
355
356 logger.info("Check probe request filtering based on access network type")
357
358 wt.clear_bss_counters(bssid)
359 wt.clear_bss_counters(bssid2)
360 dev[0].request("SET hessid 00:00:00:00:00:00")
361 dev[0].request("SET access_network_type 14")
0589f401 362 dev[0].scan(freq="2412")
94a2dd0b 363 time.sleep(0.03)
715bf904
JM		 364 check_probe_resp(wt, bssid2, bssid)
365
366 wt.clear_bss_counters(bssid)
367 wt.clear_bss_counters(bssid2)
368 dev[0].request("SET hessid 00:00:00:00:00:00")
369 dev[0].request("SET access_network_type 1")
0589f401 370 dev[0].scan(freq="2412")
94a2dd0b 371 time.sleep(0.03)
715bf904
JM		 372 check_probe_resp(wt, bssid, bssid2)
373
374 logger.info("Check probe request filtering based on HESSID and ANT")
375
376 wt.clear_bss_counters(bssid)
377 wt.clear_bss_counters(bssid2)
378 dev[0].request("SET hessid " + bssid)
379 dev[0].request("SET access_network_type 14")
0589f401 380 dev[0].scan(freq="2412")
94a2dd0b 381 time.sleep(0.03)
715bf904
JM		 382 check_probe_resp(wt, bssid2, bssid)
383
384 wt.clear_bss_counters(bssid)
385 wt.clear_bss_counters(bssid2)
386 dev[0].request("SET hessid " + bssid2)
387 dev[0].request("SET access_network_type 14")
0589f401 388 dev[0].scan(freq="2412")
94a2dd0b 389 time.sleep(0.03)
715bf904
JM		 390 check_probe_resp(wt, bssid, None)
391 check_probe_resp(wt, bssid2, None)
392
393 wt.clear_bss_counters(bssid)
394 wt.clear_bss_counters(bssid2)
395 dev[0].request("SET hessid " + bssid)
396 dev[0].request("SET access_network_type 1")
0589f401 397 dev[0].scan(freq="2412")
94a2dd0b 398 time.sleep(0.03)
715bf904
JM		 399 check_probe_resp(wt, bssid, None)
400 check_probe_resp(wt, bssid2, None)
401
bbe86767
JM		 402def test_ap_hs20_select(dev, apdev):
403 """Hotspot 2.0 network selection"""
404 bssid = apdev[0]['bssid']
405 params = hs20_ap_params()
406 params['hessid'] = bssid
8b8a1864 407 hostapd.add_ap(apdev[0], params)
bbe86767
JM		 408
409 dev[0].hs20_enable()
2232edf8
JM		 410 id = dev[0].add_cred_values({ 'realm': "example.com", 'username': "test",
411 'password': "secret",
412 'domain': "example.com" })
bbe86767
JM		 413 interworking_select(dev[0], bssid, "home")
414
415 dev[0].remove_cred(id)
2232edf8
JM		 416 id = dev[0].add_cred_values({ 'realm': "example.com", 'username': "test",
417 'password': "secret",
418 'domain': "no.match.example.com" })
2f37a66d 419 interworking_select(dev[0], bssid, "roaming", freq="2412")
bbe86767
JM		 420
421 dev[0].set_cred_quoted(id, "realm", "no.match.example.com");
2f37a66d 422 interworking_select(dev[0], bssid, no_match=True, freq="2412")
bbe86767 423
d463c556
JM		 424 res = dev[0].request("SCAN_RESULTS")
425 if "[HS20]" not in res:
426 raise Exception("HS20 flag missing from scan results: " + res)
427
4b572e3a
JM		 428 bssid2 = apdev[1]['bssid']
429 params = hs20_ap_params()
430 params['nai_realm'] = [ "0,example.org,21" ]
431 params['hessid'] = bssid2
432 params['domain_name'] = "example.org"
8b8a1864 433 hostapd.add_ap(apdev[1], params)
4b572e3a
JM		 434 dev[0].remove_cred(id)
435 id = dev[0].add_cred_values({ 'realm': "example.org", 'username': "test",
436 'password': "secret",
437 'domain': "example.org" })
438 interworking_select(dev[0], bssid2, "home", freq="2412")
439
459e96cd
JM		 440def hs20_simulated_sim(dev, ap, method):
441 bssid = ap['bssid']
442 params = hs20_ap_params()
443 params['hessid'] = bssid
444 params['anqp_3gpp_cell_net'] = "555,444"
445 params['domain_name'] = "wlan.mnc444.mcc555.3gppnetwork.org"
afc26df2 446 hostapd.add_ap(ap, params)
459e96cd 447
459e96cd
JM		 448 dev.hs20_enable()
449 dev.add_cred_values({ 'imsi': "555444-333222111", 'eap': method,
450 'milenage': "5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123"})
2f37a66d 451 interworking_select(dev, "home", freq="2412")
459e96cd
JM		 452 interworking_connect(dev, bssid, method)
453 check_sp_type(dev, "home")
454
455def test_ap_hs20_sim(dev, apdev):
456 """Hotspot 2.0 with simulated SIM and EAP-SIM"""
81e787b7 457 hlr_auc_gw_available()
459e96cd 458 hs20_simulated_sim(dev[0], apdev[0], "SIM")
16ab63f4
JM		 459 dev[0].request("INTERWORKING_SELECT auto freq=2412")
460 ev = dev[0].wait_event(["INTERWORKING-ALREADY-CONNECTED"], timeout=15)
461 if ev is None:
462 raise Exception("Timeout on already-connected event")
459e96cd
JM		 463
464def test_ap_hs20_aka(dev, apdev):
465 """Hotspot 2.0 with simulated USIM and EAP-AKA"""
81e787b7 466 hlr_auc_gw_available()
459e96cd
JM		 467 hs20_simulated_sim(dev[0], apdev[0], "AKA")
468
469def test_ap_hs20_aka_prime(dev, apdev):
470 """Hotspot 2.0 with simulated USIM and EAP-AKA'"""
81e787b7 471 hlr_auc_gw_available()
459e96cd
JM		 472 hs20_simulated_sim(dev[0], apdev[0], "AKA'")
473
bbe86767
JM		 474def test_ap_hs20_ext_sim(dev, apdev):
475 """Hotspot 2.0 with external SIM processing"""
81e787b7 476 hlr_auc_gw_available()
bbe86767
JM		 477 bssid = apdev[0]['bssid']
478 params = hs20_ap_params()
479 params['hessid'] = bssid
480 params['anqp_3gpp_cell_net'] = "232,01"
481 params['domain_name'] = "wlan.mnc001.mcc232.3gppnetwork.org"
8b8a1864 482 hostapd.add_ap(apdev[0], params)
bbe86767
JM		 483
484 dev[0].hs20_enable()
47dcb118
JM		 485 try:
486 dev[0].request("SET external_sim 1")
487 dev[0].add_cred_values({ 'imsi': "23201-0000000000", 'eap': "SIM" })
488 interworking_select(dev[0], "home", freq="2412")
489 interworking_ext_sim_connect(dev[0], bssid, "SIM")
490 check_sp_type(dev[0], "home")
491 finally:
492 dev[0].request("SET external_sim 0")
59f8a3c6
JM		 493
494def test_ap_hs20_ext_sim_roaming(dev, apdev):
495 """Hotspot 2.0 with external SIM processing in roaming network"""
81e787b7 496 hlr_auc_gw_available()
59f8a3c6
JM		 497 bssid = apdev[0]['bssid']
498 params = hs20_ap_params()
499 params['hessid'] = bssid
500 params['anqp_3gpp_cell_net'] = "244,91;310,026;232,01;234,56"
501 params['domain_name'] = "wlan.mnc091.mcc244.3gppnetwork.org"
8b8a1864 502 hostapd.add_ap(apdev[0], params)
59f8a3c6
JM		 503
504 dev[0].hs20_enable()
47dcb118
JM		 505 try:
506 dev[0].request("SET external_sim 1")
507 dev[0].add_cred_values({ 'imsi': "23201-0000000000", 'eap': "SIM" })
508 interworking_select(dev[0], "roaming", freq="2412")
509 interworking_ext_sim_connect(dev[0], bssid, "SIM")
510 check_sp_type(dev[0], "roaming")
511 finally:
512 dev[0].request("SET external_sim 0")
8fba2e5d
JM		 513
514def test_ap_hs20_username(dev, apdev):
515 """Hotspot 2.0 connection in username/password credential"""
e7ac04ce 516 check_eap_capa(dev[0], "MSCHAPV2")
8fba2e5d
JM		 517 bssid = apdev[0]['bssid']
518 params = hs20_ap_params()
519 params['hessid'] = bssid
d627e131 520 params['disable_dgaf'] = '1'
8b8a1864 521 hostapd.add_ap(apdev[0], params)
8fba2e5d
JM		 522
523 dev[0].hs20_enable()
2232edf8
JM		 524 id = dev[0].add_cred_values({ 'realm': "example.com",
525 'username': "hs20-test",
526 'password': "password",
a1281b9f 527 'ca_cert': "auth_serv/ca.pem",
5f1e31cf
JM		 528 'domain': "example.com",
529 'update_identifier': "1234" })
2f37a66d 530 interworking_select(dev[0], bssid, "home", freq="2412")
8fba2e5d
JM		 531 interworking_connect(dev[0], bssid, "TTLS")
532 check_sp_type(dev[0], "home")
10b3cc67
JM		 533 status = dev[0].get_status()
534 if status['pairwise_cipher'] != "CCMP":
535 raise Exception("Unexpected pairwise cipher")
536 if status['hs20'] != "2":
537 raise Exception("Unexpected HS 2.0 support indication")
8fba2e5d 538
a1281b9f
JM		 539 dev[1].connect("test-hs20", key_mgmt="WPA-EAP", eap="TTLS",
540 identity="hs20-test", password="password",
541 ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
542 scan_freq="2412")
543
1e780974
JM		 544def test_ap_hs20_connect_api(dev, apdev):
545 """Hotspot 2.0 connection with connect API"""
e7ac04ce 546 check_eap_capa(dev[0], "MSCHAPV2")
1e780974
JM		 547 bssid = apdev[0]['bssid']
548 params = hs20_ap_params()
549 params['hessid'] = bssid
550 params['disable_dgaf'] = '1'
8b8a1864 551 hostapd.add_ap(apdev[0], params)
1e780974
JM		 552
553 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
554 wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
555 wpas.hs20_enable()
243dcc4a 556 wpas.flush_scan_cache()
1e780974
JM		 557 id = wpas.add_cred_values({ 'realm': "example.com",
558 'username': "hs20-test",
559 'password': "password",
560 'ca_cert': "auth_serv/ca.pem",
561 'domain': "example.com",
562 'update_identifier': "1234" })
563 interworking_select(wpas, bssid, "home", freq="2412")
564 interworking_connect(wpas, bssid, "TTLS")
565 check_sp_type(wpas, "home")
566 status = wpas.get_status()
567 if status['pairwise_cipher'] != "CCMP":
568 raise Exception("Unexpected pairwise cipher")
569 if status['hs20'] != "2":
570 raise Exception("Unexpected HS 2.0 support indication")
571
543f9f7e
JM		 572def test_ap_hs20_auto_interworking(dev, apdev):
573 """Hotspot 2.0 connection with auto_interworking=1"""
e7ac04ce 574 check_eap_capa(dev[0], "MSCHAPV2")
543f9f7e
JM		 575 bssid = apdev[0]['bssid']
576 params = hs20_ap_params()
577 params['hessid'] = bssid
578 params['disable_dgaf'] = '1'
8b8a1864 579 hostapd.add_ap(apdev[0], params)
543f9f7e
JM		 580
581 dev[0].hs20_enable(auto_interworking=True)
582 id = dev[0].add_cred_values({ 'realm': "example.com",
583 'username': "hs20-test",
584 'password': "password",
585 'ca_cert': "auth_serv/ca.pem",
586 'domain': "example.com",
587 'update_identifier': "1234" })
588 dev[0].request("REASSOCIATE")
5f35a5e2 589 dev[0].wait_connected(timeout=15)
543f9f7e
JM		 590 check_sp_type(dev[0], "home")
591 status = dev[0].get_status()
592 if status['pairwise_cipher'] != "CCMP":
593 raise Exception("Unexpected pairwise cipher")
594 if status['hs20'] != "2":
595 raise Exception("Unexpected HS 2.0 support indication")
596
e912e4bc
JM		 597def test_ap_hs20_auto_interworking_no_match(dev, apdev):
598 """Hotspot 2.0 connection with auto_interworking=1 and no matching network"""
8b8a1864 599 hapd = hostapd.add_ap(apdev[0], { "ssid": "mismatch" })
e912e4bc
JM		 600
601 dev[0].hs20_enable(auto_interworking=True)
602 id = dev[0].connect("mismatch", psk="12345678", scan_freq="2412",
603 only_add_network=True)
604 dev[0].request("ENABLE_NETWORK " + str(id) + " no-connect")
605
606 id = dev[0].add_cred_values({ 'realm': "example.com",
607 'username': "hs20-test",
608 'password': "password",
609 'ca_cert': "auth_serv/ca.pem",
610 'domain': "example.com",
611 'update_identifier': "1234" })
612 dev[0].request("INTERWORKING_SELECT auto freq=2412")
613 time.sleep(0.1)
614 dev[0].dump_monitor()
615 for i in range(5):
616 logger.info("start ping")
617 if "PONG" not in dev[0].ctrl.request("PING", timeout=2):
618 raise Exception("PING failed")
619 logger.info("ping done")
620 fetch = 0
621 scan = 0
622 for j in range(15):
623 ev = dev[0].wait_event([ "ANQP fetch completed",
624 "CTRL-EVENT-SCAN-RESULTS" ], timeout=0.05)
625 if ev is None:
626 break
627 if "ANQP fetch completed" in ev:
628 fetch += 1
629 else:
630 scan += 1
631 if fetch > 2 * scan + 3:
632 raise Exception("Too many ANQP fetch iterations")
633 dev[0].dump_monitor()
634 dev[0].request("DISCONNECT")
635
bedb6ea5
JM		 636def test_ap_hs20_auto_interworking_no_cred_match(dev, apdev):
637 """Hotspot 2.0 connection with auto_interworking=1 but no cred match"""
638 bssid = apdev[0]['bssid']
639 params = { "ssid": "test" }
8b8a1864 640 hostapd.add_ap(apdev[0], params)
bedb6ea5
JM		 641
642 dev[0].hs20_enable(auto_interworking=True)
643 dev[0].add_cred_values({ 'realm': "example.com",
644 'username': "hs20-test",
645 'password': "password",
646 'ca_cert': "auth_serv/ca.pem",
647 'domain': "example.com" })
648
649 id = dev[0].connect("test", psk="12345678", only_add_network=True)
650 dev[0].request("ENABLE_NETWORK %s" % id)
651 logger.info("Verify that scanning continues when there is partial network block match")
652 for i in range(0, 2):
653 ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 10)
654 if ev is None:
655 raise Exception("Scan timed out")
656 logger.info("Scan completed")
657
dcd68168
JM		 658def eap_test(dev, ap, eap_params, method, user):
659 bssid = ap['bssid']
660 params = hs20_ap_params()
661 params['nai_realm'] = [ "0,example.com," + eap_params ]
afc26df2 662 hostapd.add_ap(ap, params)
dcd68168 663
dcd68168
JM		 664 dev.hs20_enable()
665 dev.add_cred_values({ 'realm': "example.com",
524c6c33 666 'ca_cert': "auth_serv/ca.pem",
dcd68168
JM		 667 'username': user,
668 'password': "password" })
2f37a66d 669 interworking_select(dev, bssid, freq="2412")
dcd68168
JM		 670 interworking_connect(dev, bssid, method)
671
932be82c
JM		 672def test_ap_hs20_eap_unknown(dev, apdev):
673 """Hotspot 2.0 connection with unknown EAP method"""
674 bssid = apdev[0]['bssid']
675 params = hs20_ap_params()
676 params['nai_realm'] = "0,example.com,99"
8b8a1864 677 hostapd.add_ap(apdev[0], params)
932be82c
JM		 678
679 dev[0].hs20_enable()
680 dev[0].add_cred_values(default_cred())
681 interworking_select(dev[0], None, no_match=True, freq="2412")
682
dcd68168
JM		 683def test_ap_hs20_eap_peap_mschapv2(dev, apdev):
684 """Hotspot 2.0 connection with PEAP/MSCHAPV2"""
e7ac04ce 685 check_eap_capa(dev[0], "MSCHAPV2")
dcd68168
JM		 686 eap_test(dev[0], apdev[0], "25[3:26]", "PEAP", "user")
687
932be82c
JM		 688def test_ap_hs20_eap_peap_default(dev, apdev):
689 """Hotspot 2.0 connection with PEAP/MSCHAPV2 (as default)"""
e7ac04ce 690 check_eap_capa(dev[0], "MSCHAPV2")
932be82c
JM		 691 eap_test(dev[0], apdev[0], "25", "PEAP", "user")
692
dcd68168
JM		 693def test_ap_hs20_eap_peap_gtc(dev, apdev):
694 """Hotspot 2.0 connection with PEAP/GTC"""
695 eap_test(dev[0], apdev[0], "25[3:6]", "PEAP", "user")
696
932be82c
JM		 697def test_ap_hs20_eap_peap_unknown(dev, apdev):
698 """Hotspot 2.0 connection with PEAP/unknown"""
699 bssid = apdev[0]['bssid']
700 params = hs20_ap_params()
701 params['nai_realm'] = "0,example.com,25[3:99]"
8b8a1864 702 hostapd.add_ap(apdev[0], params)
932be82c
JM		 703
704 dev[0].hs20_enable()
705 dev[0].add_cred_values(default_cred())
706 interworking_select(dev[0], None, no_match=True, freq="2412")
707
dcd68168
JM		 708def test_ap_hs20_eap_ttls_chap(dev, apdev):
709 """Hotspot 2.0 connection with TTLS/CHAP"""
ca158ea6 710 skip_with_fips(dev[0])
dcd68168
JM		 711 eap_test(dev[0], apdev[0], "21[2:2]", "TTLS", "chap user")
712
713def test_ap_hs20_eap_ttls_mschap(dev, apdev):
714 """Hotspot 2.0 connection with TTLS/MSCHAP"""
ca158ea6 715 skip_with_fips(dev[0])
dcd68168
JM		 716 eap_test(dev[0], apdev[0], "21[2:3]", "TTLS", "mschap user")
717
718def test_ap_hs20_eap_ttls_eap_mschapv2(dev, apdev):
719 """Hotspot 2.0 connection with TTLS/EAP-MSCHAPv2"""
e7ac04ce 720 check_eap_capa(dev[0], "MSCHAPV2")
932be82c
JM		 721 eap_test(dev[0], apdev[0], "21[3:26][6:7][99:99]", "TTLS", "user")
722
723def test_ap_hs20_eap_ttls_eap_unknown(dev, apdev):
724 """Hotspot 2.0 connection with TTLS/EAP-unknown"""
725 bssid = apdev[0]['bssid']
726 params = hs20_ap_params()
727 params['nai_realm'] = "0,example.com,21[3:99]"
8b8a1864 728 hostapd.add_ap(apdev[0], params)
932be82c
JM		 729
730 dev[0].hs20_enable()
731 dev[0].add_cred_values(default_cred())
732 interworking_select(dev[0], None, no_match=True, freq="2412")
733
734def test_ap_hs20_eap_ttls_eap_unsupported(dev, apdev):
735 """Hotspot 2.0 connection with TTLS/EAP-OTP(unsupported)"""
736 bssid = apdev[0]['bssid']
737 params = hs20_ap_params()
738 params['nai_realm'] = "0,example.com,21[3:5]"
8b8a1864 739 hostapd.add_ap(apdev[0], params)
932be82c
JM		 740
741 dev[0].hs20_enable()
742 dev[0].add_cred_values(default_cred())
743 interworking_select(dev[0], None, no_match=True, freq="2412")
744
745def test_ap_hs20_eap_ttls_unknown(dev, apdev):
746 """Hotspot 2.0 connection with TTLS/unknown"""
747 bssid = apdev[0]['bssid']
748 params = hs20_ap_params()
749 params['nai_realm'] = "0,example.com,21[2:5]"
8b8a1864 750 hostapd.add_ap(apdev[0], params)
932be82c
JM		 751
752 dev[0].hs20_enable()
753 dev[0].add_cred_values(default_cred())
754 interworking_select(dev[0], None, no_match=True, freq="2412")
dcd68168
JM		 755
756def test_ap_hs20_eap_fast_mschapv2(dev, apdev):
757 """Hotspot 2.0 connection with FAST/EAP-MSCHAPV2"""
3b51cc63 758 check_eap_capa(dev[0], "FAST")
dcd68168
JM		 759 eap_test(dev[0], apdev[0], "43[3:26]", "FAST", "user")
760
761def test_ap_hs20_eap_fast_gtc(dev, apdev):
762 """Hotspot 2.0 connection with FAST/EAP-GTC"""
3b51cc63 763 check_eap_capa(dev[0], "FAST")
dcd68168
JM		 764 eap_test(dev[0], apdev[0], "43[3:6]", "FAST", "user")
765
766def test_ap_hs20_eap_tls(dev, apdev):
767 """Hotspot 2.0 connection with EAP-TLS"""
768 bssid = apdev[0]['bssid']
769 params = hs20_ap_params()
770 params['nai_realm'] = [ "0,example.com,13[5:6]" ]
8b8a1864 771 hostapd.add_ap(apdev[0], params)
dcd68168 772
dcd68168
JM		 773 dev[0].hs20_enable()
774 dev[0].add_cred_values({ 'realm': "example.com",
775 'username': "certificate-user",
776 'ca_cert': "auth_serv/ca.pem",
777 'client_cert': "auth_serv/user.pem",
778 'private_key': "auth_serv/user.key"})
2f37a66d 779 interworking_select(dev[0], bssid, freq="2412")
dcd68168
JM		 780 interworking_connect(dev[0], bssid, "TLS")
781
932be82c
JM		 782def test_ap_hs20_eap_cert_unknown(dev, apdev):
783 """Hotspot 2.0 connection with certificate, but unknown EAP method"""
784 bssid = apdev[0]['bssid']
785 params = hs20_ap_params()
786 params['nai_realm'] = [ "0,example.com,99[5:6]" ]
8b8a1864 787 hostapd.add_ap(apdev[0], params)
932be82c
JM		 788
789 dev[0].hs20_enable()
790 dev[0].add_cred_values({ 'realm': "example.com",
791 'username': "certificate-user",
792 'ca_cert': "auth_serv/ca.pem",
793 'client_cert': "auth_serv/user.pem",
794 'private_key': "auth_serv/user.key"})
795 interworking_select(dev[0], None, no_match=True, freq="2412")
796
797def test_ap_hs20_eap_cert_unsupported(dev, apdev):
798 """Hotspot 2.0 connection with certificate, but unsupported TTLS"""
799 bssid = apdev[0]['bssid']
800 params = hs20_ap_params()
801 params['nai_realm'] = [ "0,example.com,21[5:6]" ]
8b8a1864 802 hostapd.add_ap(apdev[0], params)
932be82c
JM		 803
804 dev[0].hs20_enable()
805 dev[0].add_cred_values({ 'realm': "example.com",
806 'username': "certificate-user",
807 'ca_cert': "auth_serv/ca.pem",
808 'client_cert': "auth_serv/user.pem",
809 'private_key': "auth_serv/user.key"})
810 interworking_select(dev[0], None, no_match=True, freq="2412")
811
812def test_ap_hs20_eap_invalid_cred(dev, apdev):
813 """Hotspot 2.0 connection with invalid cred configuration"""
814 bssid = apdev[0]['bssid']
815 params = hs20_ap_params()
8b8a1864 816 hostapd.add_ap(apdev[0], params)
932be82c
JM		 817
818 dev[0].hs20_enable()
819 dev[0].add_cred_values({ 'realm': "example.com",
820 'username': "certificate-user",
821 'client_cert': "auth_serv/user.pem" })
822 interworking_select(dev[0], None, no_match=True, freq="2412")
823
0aca5d13
JM		 824def test_ap_hs20_nai_realms(dev, apdev):
825 """Hotspot 2.0 connection and multiple NAI realms and TTLS/PAP"""
826 bssid = apdev[0]['bssid']
827 params = hs20_ap_params()
828 params['hessid'] = bssid
829 params['nai_realm'] = [ "0,no.match.here;example.com;no.match.here.either,21[2:1][5:7]" ]
8b8a1864 830 hostapd.add_ap(apdev[0], params)
0aca5d13 831
0aca5d13
JM		 832 dev[0].hs20_enable()
833 id = dev[0].add_cred_values({ 'realm': "example.com",
524c6c33 834 'ca_cert': "auth_serv/ca.pem",
0aca5d13
JM		 835 'username': "pap user",
836 'password': "password",
837 'domain': "example.com" })
2f37a66d 838 interworking_select(dev[0], bssid, "home", freq="2412")
0aca5d13
JM		 839 interworking_connect(dev[0], bssid, "TTLS")
840 check_sp_type(dev[0], "home")
841
e209eb98
JM		 842def test_ap_hs20_roaming_consortium(dev, apdev):
843 """Hotspot 2.0 connection based on roaming consortium match"""
844 bssid = apdev[0]['bssid']
845 params = hs20_ap_params()
846 params['hessid'] = bssid
8b8a1864 847 hostapd.add_ap(apdev[0], params)
e209eb98 848
e209eb98 849 dev[0].hs20_enable()
80584122
JM		 850 for consortium in [ "112233", "1020304050", "010203040506", "fedcba" ]:
851 id = dev[0].add_cred_values({ 'username': "user",
852 'password': "password",
853 'domain': "example.com",
524c6c33 854 'ca_cert': "auth_serv/ca.pem",
80584122
JM		 855 'roaming_consortium': consortium,
856 'eap': "PEAP" })
857 interworking_select(dev[0], bssid, "home", freq="2412")
858 interworking_connect(dev[0], bssid, "PEAP")
859 check_sp_type(dev[0], "home")
860 dev[0].request("INTERWORKING_SELECT auto freq=2412")
861 ev = dev[0].wait_event(["INTERWORKING-ALREADY-CONNECTED"], timeout=15)
862 if ev is None:
863 raise Exception("Timeout on already-connected event")
864 dev[0].remove_cred(id)
e209eb98 865
8fba2e5d
JM		 866def test_ap_hs20_username_roaming(dev, apdev):
867 """Hotspot 2.0 connection in username/password credential (roaming)"""
e7ac04ce 868 check_eap_capa(dev[0], "MSCHAPV2")
8fba2e5d
JM		 869 bssid = apdev[0]['bssid']
870 params = hs20_ap_params()
871 params['nai_realm'] = [ "0,example.com,13[5:6],21[2:4][5:7]",
872 "0,roaming.example.com,21[2:4][5:7]",
873 "0,another.example.com" ]
874 params['domain_name'] = "another.example.com"
875 params['hessid'] = bssid
8b8a1864 876 hostapd.add_ap(apdev[0], params)
8fba2e5d
JM		 877
878 dev[0].hs20_enable()
2232edf8
JM		 879 id = dev[0].add_cred_values({ 'realm': "roaming.example.com",
880 'username': "hs20-test",
881 'password': "password",
524c6c33 882 'ca_cert': "auth_serv/ca.pem",
2232edf8 883 'domain': "example.com" })
2f37a66d 884 interworking_select(dev[0], bssid, "roaming", freq="2412")
8fba2e5d
JM		 885 interworking_connect(dev[0], bssid, "TTLS")
886 check_sp_type(dev[0], "roaming")
887
888def test_ap_hs20_username_unknown(dev, apdev):
889 """Hotspot 2.0 connection in username/password credential (no domain in cred)"""
e7ac04ce 890 check_eap_capa(dev[0], "MSCHAPV2")
8fba2e5d
JM		 891 bssid = apdev[0]['bssid']
892 params = hs20_ap_params()
893 params['hessid'] = bssid
8b8a1864 894 hostapd.add_ap(apdev[0], params)
8fba2e5d
JM		 895
896 dev[0].hs20_enable()
2232edf8 897 id = dev[0].add_cred_values({ 'realm': "example.com",
524c6c33 898 'ca_cert': "auth_serv/ca.pem",
2232edf8
JM		 899 'username': "hs20-test",
900 'password': "password" })
2f37a66d 901 interworking_select(dev[0], bssid, "unknown", freq="2412")
8fba2e5d
JM		 902 interworking_connect(dev[0], bssid, "TTLS")
903 check_sp_type(dev[0], "unknown")
904
905def test_ap_hs20_username_unknown2(dev, apdev):
906 """Hotspot 2.0 connection in username/password credential (no domain advertized)"""
e7ac04ce 907 check_eap_capa(dev[0], "MSCHAPV2")
8fba2e5d
JM		 908 bssid = apdev[0]['bssid']
909 params = hs20_ap_params()
910 params['hessid'] = bssid
911 del params['domain_name']
8b8a1864 912 hostapd.add_ap(apdev[0], params)
8fba2e5d
JM		 913
914 dev[0].hs20_enable()
2232edf8 915 id = dev[0].add_cred_values({ 'realm': "example.com",
524c6c33 916 'ca_cert': "auth_serv/ca.pem",
2232edf8
JM		 917 'username': "hs20-test",
918 'password': "password",
919 'domain': "example.com" })
2f37a66d 920 interworking_select(dev[0], bssid, "unknown", freq="2412")
8fba2e5d
JM		 921 interworking_connect(dev[0], bssid, "TTLS")
922 check_sp_type(dev[0], "unknown")
d1ba402f 923
483691bd
JM		 924def test_ap_hs20_gas_while_associated(dev, apdev):
925 """Hotspot 2.0 connection with GAS query while associated"""
e7ac04ce 926 check_eap_capa(dev[0], "MSCHAPV2")
483691bd
JM		 927 bssid = apdev[0]['bssid']
928 params = hs20_ap_params()
929 params['hessid'] = bssid
8b8a1864 930 hostapd.add_ap(apdev[0], params)
483691bd 931
483691bd
JM		 932 dev[0].hs20_enable()
933 id = dev[0].add_cred_values({ 'realm': "example.com",
524c6c33 934 'ca_cert': "auth_serv/ca.pem",
483691bd
JM		 935 'username': "hs20-test",
936 'password': "password",
937 'domain': "example.com" })
2f37a66d 938 interworking_select(dev[0], bssid, "home", freq="2412")
483691bd
JM		 939 interworking_connect(dev[0], bssid, "TTLS")
940
941 logger.info("Verifying GAS query while associated")
942 dev[0].request("FETCH_ANQP")
943 for i in range(0, 6):
944 ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
945 if ev is None:
946 raise Exception("Operation timed out")
947
cd18ec3b
JM		 948def test_ap_hs20_gas_with_another_ap_while_associated(dev, apdev):
949 """GAS query with another AP while associated"""
950 check_eap_capa(dev[0], "MSCHAPV2")
951 bssid = apdev[0]['bssid']
952 params = hs20_ap_params()
953 params['hessid'] = bssid
8b8a1864 954 hostapd.add_ap(apdev[0], params)
cd18ec3b
JM		 955
956 bssid2 = apdev[1]['bssid']
957 params = hs20_ap_params()
958 params['hessid'] = bssid2
959 params['nai_realm'] = [ "0,no-match.example.org,13[5:6],21[2:4][5:7]" ]
8b8a1864 960 hostapd.add_ap(apdev[1], params)
cd18ec3b
JM		 961
962 dev[0].hs20_enable()
963 id = dev[0].add_cred_values({ 'realm': "example.com",
964 'ca_cert': "auth_serv/ca.pem",
965 'username': "hs20-test",
966 'password': "password",
967 'domain': "example.com" })
968 interworking_select(dev[0], bssid, "home", freq="2412")
969 interworking_connect(dev[0], bssid, "TTLS")
970 dev[0].dump_monitor()
971
972 logger.info("Verifying GAS query with same AP while associated")
973 dev[0].request("ANQP_GET " + bssid + " 263")
974 ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
975 if ev is None:
976 raise Exception("ANQP operation timed out")
977 dev[0].dump_monitor()
978
979 logger.info("Verifying GAS query with another AP while associated")
980 dev[0].scan_for_bss(bssid2, 2412)
981 dev[0].request("ANQP_GET " + bssid2 + " 263")
982 ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
983 if ev is None:
984 raise Exception("ANQP operation timed out")
985
ee2caef3
JM		 986def test_ap_hs20_gas_while_associated_with_pmf(dev, apdev):
987 """Hotspot 2.0 connection with GAS query while associated and using PMF"""
e7ac04ce 988 check_eap_capa(dev[0], "MSCHAPV2")
909f13cc
JM		 989 try:
990 _test_ap_hs20_gas_while_associated_with_pmf(dev, apdev)
991 finally:
992 dev[0].request("SET pmf 0")
993
994def _test_ap_hs20_gas_while_associated_with_pmf(dev, apdev):
ee2caef3
JM		 995 bssid = apdev[0]['bssid']
996 params = hs20_ap_params()
997 params['hessid'] = bssid
8b8a1864 998 hostapd.add_ap(apdev[0], params)
ee2caef3
JM		 999
1000 bssid2 = apdev[1]['bssid']
1001 params = hs20_ap_params()
1002 params['hessid'] = bssid2
1003 params['nai_realm'] = [ "0,no-match.example.org,13[5:6],21[2:4][5:7]" ]
8b8a1864 1004 hostapd.add_ap(apdev[1], params)
ee2caef3
JM		 1005
1006 dev[0].hs20_enable()
1007 dev[0].request("SET pmf 2")
1008 id = dev[0].add_cred_values({ 'realm': "example.com",
524c6c33 1009 'ca_cert': "auth_serv/ca.pem",
ee2caef3
JM		 1010 'username': "hs20-test",
1011 'password': "password",
1012 'domain': "example.com" })
1013 interworking_select(dev[0], bssid, "home", freq="2412")
1014 interworking_connect(dev[0], bssid, "TTLS")
1015
1016 logger.info("Verifying GAS query while associated")
1017 dev[0].request("FETCH_ANQP")
1018 for i in range(0, 2 * 6):
1019 ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
1020 if ev is None:
1021 raise Exception("Operation timed out")
1022
1bef9e87
JM		 1023def test_ap_hs20_gas_with_another_ap_while_using_pmf(dev, apdev):
1024 """GAS query with another AP while associated and using PMF"""
1025 check_eap_capa(dev[0], "MSCHAPV2")
1026 try:
1027 _test_ap_hs20_gas_with_another_ap_while_using_pmf(dev, apdev)
1028 finally:
1029 dev[0].request("SET pmf 0")
1030
1031def _test_ap_hs20_gas_with_another_ap_while_using_pmf(dev, apdev):
1032 bssid = apdev[0]['bssid']
1033 params = hs20_ap_params()
1034 params['hessid'] = bssid
8b8a1864 1035 hostapd.add_ap(apdev[0], params)
1bef9e87
JM		 1036
1037 bssid2 = apdev[1]['bssid']
1038 params = hs20_ap_params()
1039 params['hessid'] = bssid2
1040 params['nai_realm'] = [ "0,no-match.example.org,13[5:6],21[2:4][5:7]" ]
8b8a1864 1041 hostapd.add_ap(apdev[1], params)
1bef9e87
JM		 1042
1043 dev[0].hs20_enable()
1044 dev[0].request("SET pmf 2")
1045 id = dev[0].add_cred_values({ 'realm': "example.com",
1046 'ca_cert': "auth_serv/ca.pem",
1047 'username': "hs20-test",
1048 'password': "password",
1049 'domain': "example.com" })
1050 interworking_select(dev[0], bssid, "home", freq="2412")
1051 interworking_connect(dev[0], bssid, "TTLS")
1052 dev[0].dump_monitor()
1053
1054 logger.info("Verifying GAS query with same AP while associated")
1055 dev[0].request("ANQP_GET " + bssid + " 263")
1056 ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
1057 if ev is None:
1058 raise Exception("ANQP operation timed out")
1059 dev[0].dump_monitor()
1060
1061 logger.info("Verifying GAS query with another AP while associated")
1062 dev[0].scan_for_bss(bssid2, 2412)
1063 dev[0].request("ANQP_GET " + bssid2 + " 263")
1064 ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
1065 if ev is None:
1066 raise Exception("ANQP operation timed out")
1067
483691bd
JM		 1068def test_ap_hs20_gas_frag_while_associated(dev, apdev):
1069 """Hotspot 2.0 connection with fragmented GAS query while associated"""
e7ac04ce 1070 check_eap_capa(dev[0], "MSCHAPV2")
483691bd
JM		 1071 bssid = apdev[0]['bssid']
1072 params = hs20_ap_params()
1073 params['hessid'] = bssid
6f334bf7 1074 hapd = hostapd.add_ap(apdev[0], params)
483691bd
JM		 1075 hapd.set("gas_frag_limit", "50")
1076
483691bd
JM		 1077 dev[0].hs20_enable()
1078 id = dev[0].add_cred_values({ 'realm': "example.com",
524c6c33 1079 'ca_cert': "auth_serv/ca.pem",
483691bd
JM		 1080 'username': "hs20-test",
1081 'password': "password",
1082 'domain': "example.com" })
2f37a66d 1083 interworking_select(dev[0], bssid, "home", freq="2412")
483691bd
JM		 1084 interworking_connect(dev[0], bssid, "TTLS")
1085
1086 logger.info("Verifying GAS query while associated")
1087 dev[0].request("FETCH_ANQP")
1088 for i in range(0, 6):
1089 ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
1090 if ev is None:
1091 raise Exception("Operation timed out")
1092
6a0b4002
JM		 1093def test_ap_hs20_multiple_connects(dev, apdev):
1094 """Hotspot 2.0 connection through multiple network selections"""
e7ac04ce 1095 check_eap_capa(dev[0], "MSCHAPV2")
6a0b4002
JM		 1096 bssid = apdev[0]['bssid']
1097 params = hs20_ap_params()
1098 params['hessid'] = bssid
8b8a1864 1099 hostapd.add_ap(apdev[0], params)
6a0b4002
JM		 1100
1101 dev[0].hs20_enable()
1102 values = { 'realm': "example.com",
524c6c33 1103 'ca_cert': "auth_serv/ca.pem",
6a0b4002
JM		 1104 'username': "hs20-test",
1105 'password': "password",
1106 'domain': "example.com" }
1107 id = dev[0].add_cred_values(values)
1108
841bed04
JM		 1109 dev[0].scan_for_bss(bssid, freq="2412")
1110
6a0b4002
JM		 1111 for i in range(0, 3):
1112 logger.info("Starting Interworking network selection")
2f37a66d 1113 dev[0].request("INTERWORKING_SELECT auto freq=2412")
6a0b4002
JM		 1114 while True:
1115 ev = dev[0].wait_event(["INTERWORKING-NO-MATCH",
1116 "INTERWORKING-ALREADY-CONNECTED",
1117 "CTRL-EVENT-CONNECTED"], timeout=15)
1118 if ev is None:
1119 raise Exception("Connection timed out")
1120 if "INTERWORKING-NO-MATCH" in ev:
1121 raise Exception("Matching AP not found")
1122 if "CTRL-EVENT-CONNECTED" in ev:
1123 break
1124 if i == 2 and "INTERWORKING-ALREADY-CONNECTED" in ev:
1125 break
1126 if i == 0:
1127 dev[0].request("DISCONNECT")
1128 dev[0].dump_monitor()
1129
1130 networks = dev[0].list_networks()
1131 if len(networks) > 1:
1132 raise Exception("Duplicated network block detected")
1133
b4264f8f
JM		 1134def test_ap_hs20_disallow_aps(dev, apdev):
1135 """Hotspot 2.0 connection and disallow_aps"""
1136 bssid = apdev[0]['bssid']
1137 params = hs20_ap_params()
1138 params['hessid'] = bssid
8b8a1864 1139 hostapd.add_ap(apdev[0], params)
b4264f8f
JM		 1140
1141 dev[0].hs20_enable()
1142 values = { 'realm': "example.com",
524c6c33 1143 'ca_cert': "auth_serv/ca.pem",
b4264f8f
JM		 1144 'username': "hs20-test",
1145 'password': "password",
1146 'domain': "example.com" }
1147 id = dev[0].add_cred_values(values)
1148
841bed04
JM		 1149 dev[0].scan_for_bss(bssid, freq="2412")
1150
b4264f8f
JM		 1151 logger.info("Verify disallow_aps bssid")
1152 dev[0].request("SET disallow_aps bssid " + bssid.translate(None, ':'))
1153 dev[0].request("INTERWORKING_SELECT auto")
1154 ev = dev[0].wait_event(["INTERWORKING-NO-MATCH"], timeout=15)
1155 if ev is None:
1156 raise Exception("Network selection timed out")
1157 dev[0].dump_monitor()
1158
1159 logger.info("Verify disallow_aps ssid")
1160 dev[0].request("SET disallow_aps ssid 746573742d68733230")
2f37a66d 1161 dev[0].request("INTERWORKING_SELECT auto freq=2412")
b4264f8f
JM		 1162 ev = dev[0].wait_event(["INTERWORKING-NO-MATCH"], timeout=15)
1163 if ev is None:
1164 raise Exception("Network selection timed out")
1165 dev[0].dump_monitor()
1166
1167 logger.info("Verify disallow_aps clear")
1168 dev[0].request("SET disallow_aps ")
2f37a66d 1169 interworking_select(dev[0], bssid, "home", freq="2412")
b4264f8f
JM		 1170
1171 dev[0].request("SET disallow_aps bssid " + bssid.translate(None, ':'))
1172 ret = dev[0].request("INTERWORKING_CONNECT " + bssid)
1173 if "FAIL" not in ret:
1174 raise Exception("INTERWORKING_CONNECT to disallowed BSS not rejected")
1175
7e71fbc1
JM		 1176 if "FAIL" not in dev[0].request("INTERWORKING_CONNECT foo"):
1177 raise Exception("Invalid INTERWORKING_CONNECT not rejected")
1178 if "FAIL" not in dev[0].request("INTERWORKING_CONNECT 00:11:22:33:44:55"):
1179 raise Exception("Invalid INTERWORKING_CONNECT not rejected")
1180
d1ba402f
JM		 1181def policy_test(dev, ap, values, only_one=True):
1182 dev.dump_monitor()
19839f8e
JM		 1183 if ap:
1184 logger.info("Verify network selection to AP " + ap['ifname'])
1185 bssid = ap['bssid']
841bed04 1186 dev.scan_for_bss(bssid, freq="2412")
19839f8e
JM		 1187 else:
1188 logger.info("Verify network selection")
1189 bssid = None
d1ba402f
JM		 1190 dev.hs20_enable()
1191 id = dev.add_cred_values(values)
2f37a66d 1192 dev.request("INTERWORKING_SELECT auto freq=2412")
19839f8e 1193 events = []
d1ba402f
JM		 1194 while True:
1195 ev = dev.wait_event(["INTERWORKING-AP", "INTERWORKING-NO-MATCH",
1965cc3a 1196 "INTERWORKING-BLACKLISTED",
953a574d 1197 "INTERWORKING-SELECTED"], timeout=15)
d1ba402f 1198 if ev is None:
953a574d 1199 raise Exception("Network selection timed out")
19839f8e 1200 events.append(ev)
d1ba402f
JM		 1201 if "INTERWORKING-NO-MATCH" in ev:
1202 raise Exception("Matching AP not found")
19839f8e 1203 if bssid and only_one and "INTERWORKING-AP" in ev and bssid not in ev:
d1ba402f 1204 raise Exception("Unexpected AP claimed acceptable")
953a574d 1205 if "INTERWORKING-SELECTED" in ev:
19839f8e 1206 if bssid and bssid not in ev:
953a574d 1207 raise Exception("Selected incorrect BSS")
d1ba402f
JM		 1208 break
1209
5f35a5e2 1210 ev = dev.wait_connected(timeout=15)
19839f8e 1211 if bssid and bssid not in ev:
953a574d
JM		 1212 raise Exception("Connected to incorrect BSS")
1213
d1ba402f 1214 conn_bssid = dev.get_status_field("bssid")
19839f8e 1215 if bssid and conn_bssid != bssid:
d1ba402f
JM		 1216 raise Exception("bssid information points to incorrect BSS")
1217
1218 dev.remove_cred(id)
1219 dev.dump_monitor()
19839f8e 1220 return events
d1ba402f 1221
22653762 1222def default_cred(domain=None, user="hs20-test"):
9714fbcd 1223 cred = { 'realm': "example.com",
524c6c33 1224 'ca_cert': "auth_serv/ca.pem",
22653762 1225 'username': user,
d355372c 1226 'password': "password" }
9714fbcd
JM		 1227 if domain:
1228 cred['domain'] = domain
1229 return cred
d355372c 1230
cfa57df6
JM		 1231def test_ap_hs20_prefer_home(dev, apdev):
1232 """Hotspot 2.0 required roaming consortium"""
e7ac04ce 1233 check_eap_capa(dev[0], "MSCHAPV2")
cfa57df6
JM		 1234 params = hs20_ap_params()
1235 params['domain_name'] = "example.org"
8b8a1864 1236 hostapd.add_ap(apdev[0], params)
cfa57df6
JM		 1237
1238 params = hs20_ap_params()
1239 params['ssid'] = "test-hs20-other"
1240 params['domain_name'] = "example.com"
8b8a1864 1241 hostapd.add_ap(apdev[1], params)
cfa57df6
JM		 1242
1243 values = default_cred()
1244 values['domain'] = "example.com"
1245 policy_test(dev[0], apdev[1], values, only_one=False)
1246 values['domain'] = "example.org"
1247 policy_test(dev[0], apdev[0], values, only_one=False)
1248
d1ba402f
JM		 1249def test_ap_hs20_req_roaming_consortium(dev, apdev):
1250 """Hotspot 2.0 required roaming consortium"""
e7ac04ce 1251 check_eap_capa(dev[0], "MSCHAPV2")
d1ba402f 1252 params = hs20_ap_params()
8b8a1864 1253 hostapd.add_ap(apdev[0], params)
d1ba402f
JM		 1254
1255 params = hs20_ap_params()
1256 params['ssid'] = "test-hs20-other"
1257 params['roaming_consortium'] = [ "223344" ]
8b8a1864 1258 hostapd.add_ap(apdev[1], params)
d1ba402f 1259
d355372c
JM		 1260 values = default_cred()
1261 values['required_roaming_consortium'] = "223344"
d1ba402f
JM		 1262 policy_test(dev[0], apdev[1], values)
1263 values['required_roaming_consortium'] = "112233"
1264 policy_test(dev[0], apdev[0], values)
d355372c 1265
af70a093
JM		 1266 id = dev[0].add_cred()
1267 dev[0].set_cred(id, "required_roaming_consortium", "112233")
1268 dev[0].set_cred(id, "required_roaming_consortium", "112233445566778899aabbccddeeff")
1269
1270 for val in [ "", "1", "11", "1122", "1122334", "112233445566778899aabbccddeeff00" ]:
1271 if "FAIL" not in dev[0].request('SET_CRED {} required_roaming_consortium {}'.format(id, val)):
1272 raise Exception("Invalid roaming consortium value accepted: " + val)
1273
d355372c
JM		 1274def test_ap_hs20_excluded_ssid(dev, apdev):
1275 """Hotspot 2.0 exclusion based on SSID"""
e7ac04ce 1276 check_eap_capa(dev[0], "MSCHAPV2")
d355372c 1277 params = hs20_ap_params()
e2afdef2
JM		 1278 params['roaming_consortium'] = [ "223344" ]
1279 params['anqp_3gpp_cell_net'] = "555,444"
8b8a1864 1280 hostapd.add_ap(apdev[0], params)
d355372c
JM		 1281
1282 params = hs20_ap_params()
1283 params['ssid'] = "test-hs20-other"
1284 params['roaming_consortium'] = [ "223344" ]
e2afdef2 1285 params['anqp_3gpp_cell_net'] = "555,444"
8b8a1864 1286 hostapd.add_ap(apdev[1], params)
d355372c
JM		 1287
1288 values = default_cred()
1289 values['excluded_ssid'] = "test-hs20"
1965cc3a
JM		 1290 events = policy_test(dev[0], apdev[1], values)
1291 ev = [e for e in events if "INTERWORKING-BLACKLISTED " + apdev[0]['bssid'] in e]
1292 if len(ev) != 1:
1293 raise Exception("Excluded network not reported")
d355372c 1294 values['excluded_ssid'] = "test-hs20-other"
1965cc3a
JM		 1295 events = policy_test(dev[0], apdev[0], values)
1296 ev = [e for e in events if "INTERWORKING-BLACKLISTED " + apdev[1]['bssid'] in e]
1297 if len(ev) != 1:
1298 raise Exception("Excluded network not reported")
d4058934 1299
e2afdef2
JM		 1300 values = default_cred()
1301 values['roaming_consortium'] = "223344"
1302 values['eap'] = "TTLS"
1303 values['phase2'] = "auth=MSCHAPV2"
1304 values['excluded_ssid'] = "test-hs20"
1305 events = policy_test(dev[0], apdev[1], values)
1306 ev = [e for e in events if "INTERWORKING-BLACKLISTED " + apdev[0]['bssid'] in e]
1307 if len(ev) != 1:
1308 raise Exception("Excluded network not reported")
1309
1310 values = { 'imsi': "555444-333222111", 'eap': "SIM",
1311 'milenage': "5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123",
1312 'excluded_ssid': "test-hs20" }
1313 events = policy_test(dev[0], apdev[1], values)
1314 ev = [e for e in events if "INTERWORKING-BLACKLISTED " + apdev[0]['bssid'] in e]
1315 if len(ev) != 1:
1316 raise Exception("Excluded network not reported")
1317
d4058934
JM		 1318def test_ap_hs20_roam_to_higher_prio(dev, apdev):
1319 """Hotspot 2.0 and roaming from current to higher priority network"""
e7ac04ce 1320 check_eap_capa(dev[0], "MSCHAPV2")
d4058934
JM		 1321 bssid = apdev[0]['bssid']
1322 params = hs20_ap_params(ssid="test-hs20-visited")
1323 params['domain_name'] = "visited.example.org"
8b8a1864 1324 hostapd.add_ap(apdev[0], params)
d4058934
JM		 1325
1326 dev[0].hs20_enable()
1327 id = dev[0].add_cred_values({ 'realm': "example.com",
524c6c33 1328 'ca_cert': "auth_serv/ca.pem",
d4058934
JM		 1329 'username': "hs20-test",
1330 'password': "password",
1331 'domain': "example.com" })
1332 logger.info("Connect to the only network option")
1333 interworking_select(dev[0], bssid, "roaming", freq="2412")
1334 dev[0].dump_monitor()
1335 interworking_connect(dev[0], bssid, "TTLS")
1336
1337 logger.info("Start another AP (home operator) and reconnect")
1338 bssid2 = apdev[1]['bssid']
1339 params = hs20_ap_params(ssid="test-hs20-home")
1340 params['domain_name'] = "example.com"
8b8a1864 1341 hostapd.add_ap(apdev[1], params)
d4058934 1342
841bed04 1343 dev[0].scan_for_bss(bssid2, freq="2412", force_scan=True)
d4058934
JM		 1344 dev[0].request("INTERWORKING_SELECT auto freq=2412")
1345 ev = dev[0].wait_event(["INTERWORKING-NO-MATCH",
1346 "INTERWORKING-ALREADY-CONNECTED",
1347 "CTRL-EVENT-CONNECTED"], timeout=15)
1348 if ev is None:
1349 raise Exception("Connection timed out")
1350 if "INTERWORKING-NO-MATCH" in ev:
1351 raise Exception("Matching AP not found")
1352 if "INTERWORKING-ALREADY-CONNECTED" in ev:
1353 raise Exception("Unexpected AP selected")
1354 if bssid2 not in ev:
1355 raise Exception("Unexpected BSSID after reconnection")
12c587a5 1356
24579e70 1357def test_ap_hs20_domain_suffix_match_full(dev, apdev):
12c587a5 1358 """Hotspot 2.0 and domain_suffix_match"""
e78eb404 1359 check_domain_match_full(dev[0])
e7ac04ce 1360 check_eap_capa(dev[0], "MSCHAPV2")
12c587a5
JM		 1361 bssid = apdev[0]['bssid']
1362 params = hs20_ap_params()
8b8a1864 1363 hostapd.add_ap(apdev[0], params)
12c587a5
JM		 1364
1365 dev[0].hs20_enable()
1366 id = dev[0].add_cred_values({ 'realm': "example.com",
1367 'username': "hs20-test",
1368 'password': "password",
524c6c33 1369 'ca_cert': "auth_serv/ca.pem",
12c587a5 1370 'domain': "example.com",
24579e70 1371 'domain_suffix_match': "server.w1.fi" })
12c587a5
JM		 1372 interworking_select(dev[0], bssid, "home", freq="2412")
1373 dev[0].dump_monitor()
1374 interworking_connect(dev[0], bssid, "TTLS")
1375 dev[0].request("REMOVE_NETWORK all")
1376 dev[0].dump_monitor()
1377
1378 dev[0].set_cred_quoted(id, "domain_suffix_match", "no-match.example.com")
1379 interworking_select(dev[0], bssid, "home", freq="2412")
1380 dev[0].dump_monitor()
1381 dev[0].request("INTERWORKING_CONNECT " + bssid)
1382 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"])
1383 if ev is None:
1384 raise Exception("TLS certificate error not reported")
1385 if "Domain suffix mismatch" not in ev:
1386 raise Exception("Domain suffix mismatch not reported")
078683ac 1387
24579e70
JM		 1388def test_ap_hs20_domain_suffix_match(dev, apdev):
1389 """Hotspot 2.0 and domain_suffix_match"""
e7ac04ce 1390 check_eap_capa(dev[0], "MSCHAPV2")
24579e70
JM		 1391 check_domain_match_full(dev[0])
1392 bssid = apdev[0]['bssid']
1393 params = hs20_ap_params()
8b8a1864 1394 hostapd.add_ap(apdev[0], params)
24579e70
JM		 1395
1396 dev[0].hs20_enable()
1397 id = dev[0].add_cred_values({ 'realm': "example.com",
1398 'username': "hs20-test",
1399 'password': "password",
1400 'ca_cert': "auth_serv/ca.pem",
1401 'domain': "example.com",
1402 'domain_suffix_match': "w1.fi" })
1403 interworking_select(dev[0], bssid, "home", freq="2412")
1404 dev[0].dump_monitor()
1405 interworking_connect(dev[0], bssid, "TTLS")
1406
2253ea44
JM		 1407def test_ap_hs20_roaming_partner_preference(dev, apdev):
1408 """Hotspot 2.0 and roaming partner preference"""
e7ac04ce 1409 check_eap_capa(dev[0], "MSCHAPV2")
2253ea44
JM		 1410 params = hs20_ap_params()
1411 params['domain_name'] = "roaming.example.org"
8b8a1864 1412 hostapd.add_ap(apdev[0], params)
2253ea44
JM		 1413
1414 params = hs20_ap_params()
1415 params['ssid'] = "test-hs20-other"
1416 params['domain_name'] = "roaming.example.net"
8b8a1864 1417 hostapd.add_ap(apdev[1], params)
2253ea44
JM		 1418
1419 logger.info("Verify default vs. specified preference")
1420 values = default_cred()
1421 values['roaming_partner'] = "roaming.example.net,1,127,*"
1422 policy_test(dev[0], apdev[1], values, only_one=False)
1423 values['roaming_partner'] = "roaming.example.net,1,129,*"
1424 policy_test(dev[0], apdev[0], values, only_one=False)
1425
1426 logger.info("Verify partial FQDN match")
1427 values['roaming_partner'] = "example.net,0,0,*"
1428 policy_test(dev[0], apdev[1], values, only_one=False)
1429 values['roaming_partner'] = "example.net,0,255,*"
1430 policy_test(dev[0], apdev[0], values, only_one=False)
1431
19839f8e
JM		 1432def test_ap_hs20_max_bss_load(dev, apdev):
1433 """Hotspot 2.0 and maximum BSS load"""
e7ac04ce 1434 check_eap_capa(dev[0], "MSCHAPV2")
19839f8e
JM		 1435 params = hs20_ap_params()
1436 params['bss_load_test'] = "12:200:20000"
8b8a1864 1437 hostapd.add_ap(apdev[0], params)
19839f8e
JM		 1438
1439 params = hs20_ap_params()
1440 params['ssid'] = "test-hs20-other"
1441 params['bss_load_test'] = "5:20:10000"
8b8a1864 1442 hostapd.add_ap(apdev[1], params)
19839f8e
JM		 1443
1444 logger.info("Verify maximum BSS load constraint")
1445 values = default_cred()
1446 values['domain'] = "example.com"
1447 values['max_bss_load'] = "100"
1448 events = policy_test(dev[0], apdev[1], values, only_one=False)
1449
1450 ev = [e for e in events if "INTERWORKING-AP " + apdev[0]['bssid'] in e]
1451 if len(ev) != 1 or "over_max_bss_load=1" not in ev[0]:
1452 raise Exception("Maximum BSS Load case not noticed")
1453 ev = [e for e in events if "INTERWORKING-AP " + apdev[1]['bssid'] in e]
1454 if len(ev) != 1 or "over_max_bss_load=1" in ev[0]:
1455 raise Exception("Maximum BSS Load case reported incorrectly")
1456
1457 logger.info("Verify maximum BSS load does not prevent connection")
1458 values['max_bss_load'] = "1"
1459 events = policy_test(dev[0], None, values)
1460
1461 ev = [e for e in events if "INTERWORKING-AP " + apdev[0]['bssid'] in e]
1462 if len(ev) != 1 or "over_max_bss_load=1" not in ev[0]:
1463 raise Exception("Maximum BSS Load case not noticed")
1464 ev = [e for e in events if "INTERWORKING-AP " + apdev[1]['bssid'] in e]
1465 if len(ev) != 1 or "over_max_bss_load=1" not in ev[0]:
1466 raise Exception("Maximum BSS Load case not noticed")
1467
1468def test_ap_hs20_max_bss_load2(dev, apdev):
1469 """Hotspot 2.0 and maximum BSS load with one AP not advertising"""
e7ac04ce 1470 check_eap_capa(dev[0], "MSCHAPV2")
19839f8e
JM		 1471 params = hs20_ap_params()
1472 params['bss_load_test'] = "12:200:20000"
8b8a1864 1473 hostapd.add_ap(apdev[0], params)
19839f8e
JM		 1474
1475 params = hs20_ap_params()
1476 params['ssid'] = "test-hs20-other"
8b8a1864 1477 hostapd.add_ap(apdev[1], params)
19839f8e
JM		 1478
1479 logger.info("Verify maximum BSS load constraint with AP advertisement")
1480 values = default_cred()
1481 values['domain'] = "example.com"
1482 values['max_bss_load'] = "100"
1483 events = policy_test(dev[0], apdev[1], values, only_one=False)
1484
1485 ev = [e for e in events if "INTERWORKING-AP " + apdev[0]['bssid'] in e]
1486 if len(ev) != 1 or "over_max_bss_load=1" not in ev[0]:
1487 raise Exception("Maximum BSS Load case not noticed")
1488 ev = [e for e in events if "INTERWORKING-AP " + apdev[1]['bssid'] in e]
1489 if len(ev) != 1 or "over_max_bss_load=1" in ev[0]:
1490 raise Exception("Maximum BSS Load case reported incorrectly")
1491
078683ac
JM		 1492def test_ap_hs20_multi_cred_sp_prio(dev, apdev):
1493 """Hotspot 2.0 multi-cred sp_priority"""
e7ac04ce 1494 check_eap_capa(dev[0], "MSCHAPV2")
47dcb118 1495 try:
81e787b7 1496 _test_ap_hs20_multi_cred_sp_prio(dev, apdev)
47dcb118
JM		 1497 finally:
1498 dev[0].request("SET external_sim 0")
1499
1500def _test_ap_hs20_multi_cred_sp_prio(dev, apdev):
81e787b7 1501 hlr_auc_gw_available()
078683ac
JM		 1502 bssid = apdev[0]['bssid']
1503 params = hs20_ap_params()
1504 params['hessid'] = bssid
1505 del params['domain_name']
1506 params['anqp_3gpp_cell_net'] = "232,01"
8b8a1864 1507 hostapd.add_ap(apdev[0], params)
078683ac
JM		 1508
1509 dev[0].hs20_enable()
852cb016 1510 dev[0].scan_for_bss(bssid, freq="2412")
078683ac
JM		 1511 dev[0].request("SET external_sim 1")
1512 id1 = dev[0].add_cred_values({ 'imsi': "23201-0000000000", 'eap': "SIM",
1513 'provisioning_sp': "example.com",
1514 'sp_priority' :"1" })
1515 id2 = dev[0].add_cred_values({ 'realm': "example.com",
524c6c33 1516 'ca_cert': "auth_serv/ca.pem",
078683ac
JM		 1517 'username': "hs20-test",
1518 'password': "password",
1519 'domain': "example.com",
1520 'provisioning_sp': "example.com",
1521 'sp_priority': "2" })
1522 dev[0].dump_monitor()
852cb016 1523 dev[0].scan_for_bss(bssid, freq="2412")
0b651713 1524 dev[0].request("INTERWORKING_SELECT auto freq=2412")
078683ac
JM		 1525 interworking_ext_sim_auth(dev[0], "SIM")
1526 check_sp_type(dev[0], "unknown")
1527 dev[0].request("REMOVE_NETWORK all")
1528
1529 dev[0].set_cred(id1, "sp_priority", "2")
1530 dev[0].set_cred(id2, "sp_priority", "1")
1531 dev[0].dump_monitor()
0b651713 1532 dev[0].request("INTERWORKING_SELECT auto freq=2412")
078683ac
JM		 1533 interworking_auth(dev[0], "TTLS")
1534 check_sp_type(dev[0], "unknown")
1535
1536def test_ap_hs20_multi_cred_sp_prio2(dev, apdev):
1537 """Hotspot 2.0 multi-cred sp_priority with two BSSes"""
e7ac04ce 1538 check_eap_capa(dev[0], "MSCHAPV2")
47dcb118 1539 try:
81e787b7 1540 _test_ap_hs20_multi_cred_sp_prio2(dev, apdev)
47dcb118
JM		 1541 finally:
1542 dev[0].request("SET external_sim 0")
1543
1544def _test_ap_hs20_multi_cred_sp_prio2(dev, apdev):
81e787b7 1545 hlr_auc_gw_available()
078683ac
JM		 1546 bssid = apdev[0]['bssid']
1547 params = hs20_ap_params()
1548 params['hessid'] = bssid
1549 del params['nai_realm']
1550 del params['domain_name']
1551 params['anqp_3gpp_cell_net'] = "232,01"
8b8a1864 1552 hostapd.add_ap(apdev[0], params)
078683ac
JM		 1553
1554 bssid2 = apdev[1]['bssid']
1555 params = hs20_ap_params()
1556 params['ssid'] = "test-hs20-other"
1557 params['hessid'] = bssid2
1558 del params['domain_name']
1559 del params['anqp_3gpp_cell_net']
8b8a1864 1560 hostapd.add_ap(apdev[1], params)
078683ac
JM		 1561
1562 dev[0].hs20_enable()
1563 dev[0].request("SET external_sim 1")
1564 id1 = dev[0].add_cred_values({ 'imsi': "23201-0000000000", 'eap': "SIM",
1565 'provisioning_sp': "example.com",
1566 'sp_priority': "1" })
1567 id2 = dev[0].add_cred_values({ 'realm': "example.com",
524c6c33 1568 'ca_cert': "auth_serv/ca.pem",
078683ac
JM		 1569 'username': "hs20-test",
1570 'password': "password",
1571 'domain': "example.com",
1572 'provisioning_sp': "example.com",
1573 'sp_priority': "2" })
1574 dev[0].dump_monitor()
852cb016
JM		 1575 dev[0].scan_for_bss(bssid, freq="2412")
1576 dev[0].scan_for_bss(bssid2, freq="2412")
0b651713 1577 dev[0].request("INTERWORKING_SELECT auto freq=2412")
078683ac
JM		 1578 interworking_ext_sim_auth(dev[0], "SIM")
1579 check_sp_type(dev[0], "unknown")
1580 conn_bssid = dev[0].get_status_field("bssid")
1581 if conn_bssid != bssid:
1582 raise Exception("Connected to incorrect BSS")
1583 dev[0].request("REMOVE_NETWORK all")
1584
1585 dev[0].set_cred(id1, "sp_priority", "2")
1586 dev[0].set_cred(id2, "sp_priority", "1")
1587 dev[0].dump_monitor()
0b651713 1588 dev[0].request("INTERWORKING_SELECT auto freq=2412")
078683ac
JM		 1589 interworking_auth(dev[0], "TTLS")
1590 check_sp_type(dev[0], "unknown")
1591 conn_bssid = dev[0].get_status_field("bssid")
1592 if conn_bssid != bssid2:
1593 raise Exception("Connected to incorrect BSS")
5e32f825 1594
a3dd0478
JM		 1595def check_conn_capab_selection(dev, type, missing):
1596 dev.request("INTERWORKING_SELECT freq=2412")
1597 ev = dev.wait_event(["INTERWORKING-AP"])
1598 if ev is None:
1599 raise Exception("Network selection timed out");
1600 if "type=" + type not in ev:
1601 raise Exception("Unexpected network type")
1602 if missing and "conn_capab_missing=1" not in ev:
1603 raise Exception("conn_capab_missing not reported")
1604 if not missing and "conn_capab_missing=1" in ev:
1605 raise Exception("conn_capab_missing reported unexpectedly")
1606
1607def conn_capab_cred(domain=None, req_conn_capab=None):
1608 cred = default_cred(domain=domain)
1609 if req_conn_capab:
1610 cred['req_conn_capab'] = req_conn_capab
1611 return cred
1612
18153179
JM		 1613def test_ap_hs20_req_conn_capab(dev, apdev):
1614 """Hotspot 2.0 network selection with req_conn_capab"""
e7ac04ce 1615 check_eap_capa(dev[0], "MSCHAPV2")
18153179
JM		 1616 bssid = apdev[0]['bssid']
1617 params = hs20_ap_params()
8b8a1864 1618 hostapd.add_ap(apdev[0], params)
18153179
JM		 1619
1620 dev[0].hs20_enable()
852cb016 1621 dev[0].scan_for_bss(bssid, freq="2412")
18153179 1622 logger.info("Not used in home network")
a3dd0478
JM		 1623 values = conn_capab_cred(domain="example.com", req_conn_capab="6:1234")
1624 id = dev[0].add_cred_values(values)
1625 check_conn_capab_selection(dev[0], "home", False)
18153179
JM		 1626
1627 logger.info("Used in roaming network")
1628 dev[0].remove_cred(id)
a3dd0478
JM		 1629 values = conn_capab_cred(domain="example.org", req_conn_capab="6:1234")
1630 id = dev[0].add_cred_values(values)
1631 check_conn_capab_selection(dev[0], "roaming", True)
18153179
JM		 1632
1633 logger.info("Verify that req_conn_capab does not prevent connection if no other network is available")
a3dd0478
JM		 1634 check_auto_select(dev[0], bssid)
1635
1636 logger.info("Additional req_conn_capab checks")
1637
1638 dev[0].remove_cred(id)
1639 values = conn_capab_cred(domain="example.org", req_conn_capab="1:0")
1640 id = dev[0].add_cred_values(values)
1641 check_conn_capab_selection(dev[0], "roaming", True)
1642
1643 dev[0].remove_cred(id)
1644 values = conn_capab_cred(domain="example.org", req_conn_capab="17:5060")
1645 id = dev[0].add_cred_values(values)
1646 check_conn_capab_selection(dev[0], "roaming", True)
1647
1648 bssid2 = apdev[1]['bssid']
1649 params = hs20_ap_params(ssid="test-hs20b")
1650 params['hs20_conn_capab'] = [ "1:0:2", "6:22:1", "17:5060:0", "50:0:1" ]
8b8a1864 1651 hostapd.add_ap(apdev[1], params)
a3dd0478
JM		 1652
1653 dev[0].remove_cred(id)
1654 values = conn_capab_cred(domain="example.org", req_conn_capab="50")
1655 id = dev[0].add_cred_values(values)
1656 dev[0].set_cred(id, "req_conn_capab", "6:22")
841bed04 1657 dev[0].scan_for_bss(bssid2, freq="2412")
a3dd0478
JM		 1658 dev[0].request("INTERWORKING_SELECT freq=2412")
1659 for i in range(0, 2):
1660 ev = dev[0].wait_event(["INTERWORKING-AP"])
1661 if ev is None:
1662 raise Exception("Network selection timed out");
1663 if bssid in ev and "conn_capab_missing=1" not in ev:
1664 raise Exception("Missing protocol connection capability not reported")
1665 if bssid2 in ev and "conn_capab_missing=1" in ev:
1666 raise Exception("Protocol connection capability not reported correctly")
1667
1668def test_ap_hs20_req_conn_capab_and_roaming_partner_preference(dev, apdev):
1669 """Hotspot 2.0 and req_conn_capab with roaming partner preference"""
e7ac04ce 1670 check_eap_capa(dev[0], "MSCHAPV2")
a3dd0478
JM		 1671 bssid = apdev[0]['bssid']
1672 params = hs20_ap_params()
1673 params['domain_name'] = "roaming.example.org"
1674 params['hs20_conn_capab'] = [ "1:0:2", "6:22:1", "17:5060:0", "50:0:1" ]
8b8a1864 1675 hostapd.add_ap(apdev[0], params)
a3dd0478
JM		 1676
1677 bssid2 = apdev[1]['bssid']
1678 params = hs20_ap_params(ssid="test-hs20-b")
1679 params['domain_name'] = "roaming.example.net"
8b8a1864 1680 hostapd.add_ap(apdev[1], params)
a3dd0478
JM		 1681
1682 values = default_cred()
1683 values['roaming_partner'] = "roaming.example.net,1,127,*"
1684 id = dev[0].add_cred_values(values)
1685 check_auto_select(dev[0], bssid2)
1686
1687 dev[0].set_cred(id, "req_conn_capab", "50")
1688 check_auto_select(dev[0], bssid)
1689
1690 dev[0].remove_cred(id)
1691 id = dev[0].add_cred_values(values)
1692 dev[0].set_cred(id, "req_conn_capab", "51")
1693 check_auto_select(dev[0], bssid2)
18153179 1694
9714fbcd
JM		 1695def check_bandwidth_selection(dev, type, below):
1696 dev.request("INTERWORKING_SELECT freq=2412")
1697 ev = dev.wait_event(["INTERWORKING-AP"])
1698 if ev is None:
1699 raise Exception("Network selection timed out");
092ac7bb 1700 logger.debug("BSS entries:\n" + dev.request("BSS RANGE=ALL"))
9714fbcd
JM		 1701 if "type=" + type not in ev:
1702 raise Exception("Unexpected network type")
1703 if below and "below_min_backhaul=1" not in ev:
1704 raise Exception("below_min_backhaul not reported")
1705 if not below and "below_min_backhaul=1" in ev:
1706 raise Exception("below_min_backhaul reported unexpectedly")
1707
1708def bw_cred(domain=None, dl_home=None, ul_home=None, dl_roaming=None, ul_roaming=None):
1709 cred = default_cred(domain=domain)
1710 if dl_home:
1711 cred['min_dl_bandwidth_home'] = str(dl_home)
1712 if ul_home:
1713 cred['min_ul_bandwidth_home'] = str(ul_home)
1714 if dl_roaming:
1715 cred['min_dl_bandwidth_roaming'] = str(dl_roaming)
1716 if ul_roaming:
1717 cred['min_ul_bandwidth_roaming'] = str(ul_roaming)
1718 return cred
1719
1720def test_ap_hs20_min_bandwidth_home(dev, apdev):
1721 """Hotspot 2.0 network selection with min bandwidth (home)"""
e7ac04ce 1722 check_eap_capa(dev[0], "MSCHAPV2")
9714fbcd
JM		 1723 bssid = apdev[0]['bssid']
1724 params = hs20_ap_params()
8b8a1864 1725 hostapd.add_ap(apdev[0], params)
9714fbcd
JM		 1726
1727 dev[0].hs20_enable()
852cb016 1728 dev[0].scan_for_bss(bssid, freq="2412")
9714fbcd
JM		 1729 values = bw_cred(domain="example.com", dl_home=5490, ul_home=58)
1730 id = dev[0].add_cred_values(values)
1731 check_bandwidth_selection(dev[0], "home", False)
1732 dev[0].remove_cred(id)
1733
1734 values = bw_cred(domain="example.com", dl_home=5491, ul_home=58)
1735 id = dev[0].add_cred_values(values)
1736 check_bandwidth_selection(dev[0], "home", True)
1737 dev[0].remove_cred(id)
1738
1739 values = bw_cred(domain="example.com", dl_home=5490, ul_home=59)
1740 id = dev[0].add_cred_values(values)
1741 check_bandwidth_selection(dev[0], "home", True)
1742 dev[0].remove_cred(id)
1743
1744 values = bw_cred(domain="example.com", dl_home=5491, ul_home=59)
1745 id = dev[0].add_cred_values(values)
1746 check_bandwidth_selection(dev[0], "home", True)
1747 check_auto_select(dev[0], bssid)
1748
1749 bssid2 = apdev[1]['bssid']
1750 params = hs20_ap_params(ssid="test-hs20-b")
1751 params['hs20_wan_metrics'] = "01:8000:1000:1:1:3000"
8b8a1864 1752 hostapd.add_ap(apdev[1], params)
9714fbcd
JM		 1753
1754 check_auto_select(dev[0], bssid2)
1755
092ac7bb
JM		 1756def test_ap_hs20_min_bandwidth_home_hidden_ssid_in_scan_res(dev, apdev):
1757 """Hotspot 2.0 network selection with min bandwidth (home) while hidden SSID is included in scan results"""
e7ac04ce 1758 check_eap_capa(dev[0], "MSCHAPV2")
092ac7bb
JM		 1759 bssid = apdev[0]['bssid']
1760
8b8a1864
JD		 1761 hapd = hostapd.add_ap(apdev[0], { "ssid": 'secret',
1762 "ignore_broadcast_ssid": "1" })
092ac7bb
JM		 1763 dev[0].scan_for_bss(bssid, freq=2412)
1764 hapd.disable()
dc6342de 1765 hapd_global = hostapd.HostapdGlobal(apdev[0])
092ac7bb
JM		 1766 hapd_global.flush()
1767 hapd_global.remove(apdev[0]['ifname'])
1768
1769 params = hs20_ap_params()
8b8a1864 1770 hostapd.add_ap(apdev[0], params)
092ac7bb
JM		 1771
1772 dev[0].hs20_enable()
1773 dev[0].scan_for_bss(bssid, freq="2412")
1774 values = bw_cred(domain="example.com", dl_home=5490, ul_home=58)
1775 id = dev[0].add_cred_values(values)
1776 check_bandwidth_selection(dev[0], "home", False)
1777 dev[0].remove_cred(id)
1778
1779 values = bw_cred(domain="example.com", dl_home=5491, ul_home=58)
1780 id = dev[0].add_cred_values(values)
1781 check_bandwidth_selection(dev[0], "home", True)
1782 dev[0].remove_cred(id)
1783
1784 values = bw_cred(domain="example.com", dl_home=5490, ul_home=59)
1785 id = dev[0].add_cred_values(values)
1786 check_bandwidth_selection(dev[0], "home", True)
1787 dev[0].remove_cred(id)
1788
1789 values = bw_cred(domain="example.com", dl_home=5491, ul_home=59)
1790 id = dev[0].add_cred_values(values)
1791 check_bandwidth_selection(dev[0], "home", True)
1792 check_auto_select(dev[0], bssid)
1793
1794 bssid2 = apdev[1]['bssid']
1795 params = hs20_ap_params(ssid="test-hs20-b")
1796 params['hs20_wan_metrics'] = "01:8000:1000:1:1:3000"
8b8a1864 1797 hostapd.add_ap(apdev[1], params)
092ac7bb
JM		 1798
1799 check_auto_select(dev[0], bssid2)
1800
1801 dev[0].flush_scan_cache()
1802
9714fbcd
JM		 1803def test_ap_hs20_min_bandwidth_roaming(dev, apdev):
1804 """Hotspot 2.0 network selection with min bandwidth (roaming)"""
e7ac04ce 1805 check_eap_capa(dev[0], "MSCHAPV2")
9714fbcd
JM		 1806 bssid = apdev[0]['bssid']
1807 params = hs20_ap_params()
8b8a1864 1808 hostapd.add_ap(apdev[0], params)
9714fbcd
JM		 1809
1810 dev[0].hs20_enable()
852cb016 1811 dev[0].scan_for_bss(bssid, freq="2412")
9714fbcd
JM		 1812 values = bw_cred(domain="example.org", dl_roaming=5490, ul_roaming=58)
1813 id = dev[0].add_cred_values(values)
1814 check_bandwidth_selection(dev[0], "roaming", False)
1815 dev[0].remove_cred(id)
1816
1817 values = bw_cred(domain="example.org", dl_roaming=5491, ul_roaming=58)
1818 id = dev[0].add_cred_values(values)
1819 check_bandwidth_selection(dev[0], "roaming", True)
1820 dev[0].remove_cred(id)
1821
1822 values = bw_cred(domain="example.org", dl_roaming=5490, ul_roaming=59)
1823 id = dev[0].add_cred_values(values)
1824 check_bandwidth_selection(dev[0], "roaming", True)
1825 dev[0].remove_cred(id)
1826
1827 values = bw_cred(domain="example.org", dl_roaming=5491, ul_roaming=59)
1828 id = dev[0].add_cred_values(values)
1829 check_bandwidth_selection(dev[0], "roaming", True)
1830 check_auto_select(dev[0], bssid)
1831
1832 bssid2 = apdev[1]['bssid']
1833 params = hs20_ap_params(ssid="test-hs20-b")
1834 params['hs20_wan_metrics'] = "01:8000:1000:1:1:3000"
8b8a1864 1835 hostapd.add_ap(apdev[1], params)
9714fbcd
JM		 1836
1837 check_auto_select(dev[0], bssid2)
1838
1839def test_ap_hs20_min_bandwidth_and_roaming_partner_preference(dev, apdev):
1840 """Hotspot 2.0 and minimum bandwidth with roaming partner preference"""
e7ac04ce 1841 check_eap_capa(dev[0], "MSCHAPV2")
9714fbcd
JM		 1842 bssid = apdev[0]['bssid']
1843 params = hs20_ap_params()
1844 params['domain_name'] = "roaming.example.org"
1845 params['hs20_wan_metrics'] = "01:8000:1000:1:1:3000"
8b8a1864 1846 hostapd.add_ap(apdev[0], params)
9714fbcd
JM		 1847
1848 bssid2 = apdev[1]['bssid']
1849 params = hs20_ap_params(ssid="test-hs20-b")
1850 params['domain_name'] = "roaming.example.net"
8b8a1864 1851 hostapd.add_ap(apdev[1], params)
9714fbcd
JM		 1852
1853 values = default_cred()
1854 values['roaming_partner'] = "roaming.example.net,1,127,*"
1855 id = dev[0].add_cred_values(values)
1856 check_auto_select(dev[0], bssid2)
1857
1858 dev[0].set_cred(id, "min_dl_bandwidth_roaming", "6000")
1859 check_auto_select(dev[0], bssid)
1860
1861 dev[0].set_cred(id, "min_dl_bandwidth_roaming", "10000")
1862 check_auto_select(dev[0], bssid2)
1863
1864def test_ap_hs20_min_bandwidth_no_wan_metrics(dev, apdev):
1865 """Hotspot 2.0 network selection with min bandwidth but no WAN Metrics"""
1866 bssid = apdev[0]['bssid']
1867 params = hs20_ap_params()
1868 del params['hs20_wan_metrics']
8b8a1864 1869 hostapd.add_ap(apdev[0], params)
9714fbcd
JM		 1870
1871 dev[0].hs20_enable()
852cb016 1872 dev[0].scan_for_bss(bssid, freq="2412")
9714fbcd
JM		 1873 values = bw_cred(domain="example.com", dl_home=10000, ul_home=10000,
1874 dl_roaming=10000, ul_roaming=10000)
1875 dev[0].add_cred_values(values)
1876 check_bandwidth_selection(dev[0], "home", False)
1877
5e32f825
JM		 1878def test_ap_hs20_deauth_req_ess(dev, apdev):
1879 """Hotspot 2.0 connection and deauthentication request for ESS"""
e7ac04ce 1880 check_eap_capa(dev[0], "MSCHAPV2")
909f13cc
JM		 1881 try:
1882 _test_ap_hs20_deauth_req_ess(dev, apdev)
1883 finally:
1884 dev[0].request("SET pmf 0")
1885
1886def _test_ap_hs20_deauth_req_ess(dev, apdev):
5e32f825
JM		 1887 dev[0].request("SET pmf 2")
1888 eap_test(dev[0], apdev[0], "21[3:26]", "TTLS", "user")
1889 dev[0].dump_monitor()
1890 addr = dev[0].p2p_interface_addr()
1891 hapd = hostapd.Hostapd(apdev[0]['ifname'])
1892 hapd.request("HS20_DEAUTH_REQ " + addr + " 1 120 http://example.com/")
1893 ev = dev[0].wait_event(["HS20-DEAUTH-IMMINENT-NOTICE"])
1894 if ev is None:
1895 raise Exception("Timeout on deauth imminent notice")
1896 if "1 120 http://example.com/" not in ev:
1897 raise Exception("Unexpected deauth imminent notice: " + ev)
1898 hapd.request("DEAUTHENTICATE " + addr)
5f35a5e2 1899 dev[0].wait_disconnected(timeout=10)
c61e5a82
JM		 1900 if "[TEMP-DISABLED]" not in dev[0].list_networks()[0]['flags']:
1901 raise Exception("Network not marked temporarily disabled")
5e32f825
JM		 1902 ev = dev[0].wait_event(["SME: Trying to authenticate",
1903 "Trying to associate",
1904 "CTRL-EVENT-CONNECTED"], timeout=5)
1905 if ev is not None:
1906 raise Exception("Unexpected connection attempt")
1907
1908def test_ap_hs20_deauth_req_bss(dev, apdev):
1909 """Hotspot 2.0 connection and deauthentication request for BSS"""
e7ac04ce 1910 check_eap_capa(dev[0], "MSCHAPV2")
909f13cc
JM		 1911 try:
1912 _test_ap_hs20_deauth_req_bss(dev, apdev)
1913 finally:
1914 dev[0].request("SET pmf 0")
1915
1916def _test_ap_hs20_deauth_req_bss(dev, apdev):
5e32f825
JM		 1917 dev[0].request("SET pmf 2")
1918 eap_test(dev[0], apdev[0], "21[3:26]", "TTLS", "user")
1919 dev[0].dump_monitor()
1920 addr = dev[0].p2p_interface_addr()
1921 hapd = hostapd.Hostapd(apdev[0]['ifname'])
1922 hapd.request("HS20_DEAUTH_REQ " + addr + " 0 120 http://example.com/")
1923 ev = dev[0].wait_event(["HS20-DEAUTH-IMMINENT-NOTICE"])
1924 if ev is None:
1925 raise Exception("Timeout on deauth imminent notice")
1926 if "0 120 http://example.com/" not in ev:
1927 raise Exception("Unexpected deauth imminent notice: " + ev)
1928 hapd.request("DEAUTHENTICATE " + addr + " reason=4")
5f35a5e2 1929 ev = dev[0].wait_disconnected(timeout=10)
5e32f825
JM		 1930 if "reason=4" not in ev:
1931 raise Exception("Unexpected disconnection reason")
c61e5a82
JM		 1932 if "[TEMP-DISABLED]" not in dev[0].list_networks()[0]['flags']:
1933 raise Exception("Network not marked temporarily disabled")
5e32f825
JM		 1934 ev = dev[0].wait_event(["SME: Trying to authenticate",
1935 "Trying to associate",
1936 "CTRL-EVENT-CONNECTED"], timeout=5)
1937 if ev is not None:
1938 raise Exception("Unexpected connection attempt")
9e709315 1939
48ef12e7
JM		 1940def test_ap_hs20_deauth_req_from_radius(dev, apdev):
1941 """Hotspot 2.0 connection and deauthentication request from RADIUS"""
e7ac04ce 1942 check_eap_capa(dev[0], "MSCHAPV2")
909f13cc
JM		 1943 try:
1944 _test_ap_hs20_deauth_req_from_radius(dev, apdev)
1945 finally:
1946 dev[0].request("SET pmf 0")
1947
1948def _test_ap_hs20_deauth_req_from_radius(dev, apdev):
48ef12e7
JM		 1949 bssid = apdev[0]['bssid']
1950 params = hs20_ap_params()
1951 params['nai_realm'] = [ "0,example.com,21[2:4]" ]
1952 params['hs20_deauth_req_timeout'] = "2"
8b8a1864 1953 hostapd.add_ap(apdev[0], params)
48ef12e7
JM		 1954
1955 dev[0].request("SET pmf 2")
1956 dev[0].hs20_enable()
1957 dev[0].add_cred_values({ 'realm': "example.com",
1958 'username': "hs20-deauth-test",
1959 'password': "password" })
1960 interworking_select(dev[0], bssid, freq="2412")
1961 interworking_connect(dev[0], bssid, "TTLS")
1962 ev = dev[0].wait_event(["HS20-DEAUTH-IMMINENT-NOTICE"], timeout=5)
1963 if ev is None:
1964 raise Exception("Timeout on deauth imminent notice")
1965 if " 1 100" not in ev:
1966 raise Exception("Unexpected deauth imminent contents")
5f35a5e2 1967 dev[0].wait_disconnected(timeout=3)
48ef12e7 1968
5cf88011
JM		 1969def test_ap_hs20_remediation_required(dev, apdev):
1970 """Hotspot 2.0 connection and remediation required from RADIUS"""
e7ac04ce 1971 check_eap_capa(dev[0], "MSCHAPV2")
909f13cc
JM		 1972 try:
1973 _test_ap_hs20_remediation_required(dev, apdev)
1974 finally:
1975 dev[0].request("SET pmf 0")
1976
1977def _test_ap_hs20_remediation_required(dev, apdev):
5cf88011
JM		 1978 bssid = apdev[0]['bssid']
1979 params = hs20_ap_params()
1980 params['nai_realm'] = [ "0,example.com,21[2:4]" ]
8b8a1864 1981 hostapd.add_ap(apdev[0], params)
5cf88011
JM		 1982
1983 dev[0].request("SET pmf 1")
1984 dev[0].hs20_enable()
1985 dev[0].add_cred_values({ 'realm': "example.com",
1986 'username': "hs20-subrem-test",
1987 'password': "password" })
1988 interworking_select(dev[0], bssid, freq="2412")
1989 interworking_connect(dev[0], bssid, "TTLS")
1990 ev = dev[0].wait_event(["HS20-SUBSCRIPTION-REMEDIATION"], timeout=5)
1991 if ev is None:
1992 raise Exception("Timeout on subscription remediation notice")
1993 if " 1 https://example.com/" not in ev:
1994 raise Exception("Unexpected subscription remediation event contents")
1995
32b450fc
JM		 1996def test_ap_hs20_remediation_required_ctrl(dev, apdev):
1997 """Hotspot 2.0 connection and subrem from ctrl_iface"""
e7ac04ce 1998 check_eap_capa(dev[0], "MSCHAPV2")
909f13cc
JM		 1999 try:
2000 _test_ap_hs20_remediation_required_ctrl(dev, apdev)
2001 finally:
2002 dev[0].request("SET pmf 0")
2003
2004def _test_ap_hs20_remediation_required_ctrl(dev, apdev):
32b450fc 2005 bssid = apdev[0]['bssid']
83e1bab0 2006 addr = dev[0].own_addr()
32b450fc
JM		 2007 params = hs20_ap_params()
2008 params['nai_realm'] = [ "0,example.com,21[2:4]" ]
8b8a1864 2009 hapd = hostapd.add_ap(apdev[0], params)
32b450fc
JM		 2010
2011 dev[0].request("SET pmf 1")
2012 dev[0].hs20_enable()
2013 dev[0].add_cred_values(default_cred())
2014 interworking_select(dev[0], bssid, freq="2412")
2015 interworking_connect(dev[0], bssid, "TTLS")
2016
2017 hapd.request("HS20_WNM_NOTIF " + addr + " https://example.com/")
2018 ev = dev[0].wait_event(["HS20-SUBSCRIPTION-REMEDIATION"], timeout=5)
2019 if ev is None:
2020 raise Exception("Timeout on subscription remediation notice")
2021 if " 1 https://example.com/" not in ev:
2022 raise Exception("Unexpected subscription remediation event contents")
2023
2024 hapd.request("HS20_WNM_NOTIF " + addr)
2025 ev = dev[0].wait_event(["HS20-SUBSCRIPTION-REMEDIATION"], timeout=5)
2026 if ev is None:
2027 raise Exception("Timeout on subscription remediation notice")
2028 if not ev.endswith("HS20-SUBSCRIPTION-REMEDIATION "):
2029 raise Exception("Unexpected subscription remediation event contents: " + ev)
2030
2031 if "FAIL" not in hapd.request("HS20_WNM_NOTIF "):
2032 raise Exception("Unexpected HS20_WNM_NOTIF success")
2033 if "FAIL" not in hapd.request("HS20_WNM_NOTIF foo"):
2034 raise Exception("Unexpected HS20_WNM_NOTIF success")
2035 if "FAIL" not in hapd.request("HS20_WNM_NOTIF " + addr + " https://12345678923456789842345678456783456712345678923456789842345678456783456712345678923456789842345678456783456712345678923456789842345678456783456712345678923456789842345678456783456712345678923456789842345678456783456712345678923456789842345678456783456712345678927.very.long.example.com/"):
2036 raise Exception("Unexpected HS20_WNM_NOTIF success")
2037
8fc1f204
JM		 2038def test_ap_hs20_session_info(dev, apdev):
2039 """Hotspot 2.0 connection and session information from RADIUS"""
e7ac04ce 2040 check_eap_capa(dev[0], "MSCHAPV2")
909f13cc
JM		 2041 try:
2042 _test_ap_hs20_session_info(dev, apdev)
2043 finally:
2044 dev[0].request("SET pmf 0")
2045
2046def _test_ap_hs20_session_info(dev, apdev):
8fc1f204
JM		 2047 bssid = apdev[0]['bssid']
2048 params = hs20_ap_params()
2049 params['nai_realm'] = [ "0,example.com,21[2:4]" ]
8b8a1864 2050 hostapd.add_ap(apdev[0], params)
8fc1f204
JM		 2051
2052 dev[0].request("SET pmf 1")
2053 dev[0].hs20_enable()
2054 dev[0].add_cred_values({ 'realm': "example.com",
2055 'username': "hs20-session-info-test",
2056 'password': "password" })
2057 interworking_select(dev[0], bssid, freq="2412")
2058 interworking_connect(dev[0], bssid, "TTLS")
2059 ev = dev[0].wait_event(["ESS-DISASSOC-IMMINENT"], timeout=10)
2060 if ev is None:
2061 raise Exception("Timeout on ESS disassociation imminent notice")
2062 if " 1 59904 https://example.com/" not in ev:
2063 raise Exception("Unexpected ESS disassociation imminent event contents")
2064 ev = dev[0].wait_event(["CTRL-EVENT-SCAN-STARTED"])
2065 if ev is None:
2066 raise Exception("Scan not started")
64502039 2067 ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=30)
8fc1f204
JM		 2068 if ev is None:
2069 raise Exception("Scan not completed")
2070
9e709315
JM		 2071def test_ap_hs20_osen(dev, apdev):
2072 """Hotspot 2.0 OSEN connection"""
2073 params = { 'ssid': "osen",
2074 'osen': "1",
2075 'auth_server_addr': "127.0.0.1",
2076 'auth_server_port': "1812",
2077 'auth_server_shared_secret': "radius" }
8b8a1864 2078 hostapd.add_ap(apdev[0], params)
9e709315 2079
8abb3d4e
JM		 2080 dev[1].connect("osen", key_mgmt="NONE", scan_freq="2412",
2081 wait_connect=False)
2082 dev[2].connect("osen", key_mgmt="NONE", wep_key0='"hello"',
2083 scan_freq="2412", wait_connect=False)
8278138e 2084 dev[0].flush_scan_cache()
9e709315
JM		 2085 dev[0].connect("osen", proto="OSEN", key_mgmt="OSEN", pairwise="CCMP",
2086 group="GTK_NOT_USED",
2087 eap="WFA-UNAUTH-TLS", identity="osen@example.com",
2088 ca_cert="auth_serv/ca.pem",
2089 scan_freq="2412")
8278138e
JM		 2090 res = dev[0].get_bss(apdev[0]['bssid'])['flags']
2091 if "[OSEN-OSEN-CCMP]" not in res:
2092 raise Exception("OSEN not reported in BSS")
2093 if "[WEP]" in res:
2094 raise Exception("WEP reported in BSS")
2095 res = dev[0].request("SCAN_RESULTS")
2096 if "[OSEN-OSEN-CCMP]" not in res:
2097 raise Exception("OSEN not reported in SCAN_RESULTS")
a96066a5 2098
9d1e1172
JM		 2099 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
2100 wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
2101 wpas.connect("osen", proto="OSEN", key_mgmt="OSEN", pairwise="CCMP",
2102 group="GTK_NOT_USED",
2103 eap="WFA-UNAUTH-TLS", identity="osen@example.com",
2104 ca_cert="auth_serv/ca.pem",
2105 scan_freq="2412")
2106 wpas.request("DISCONNECT")
2107
a96066a5
JM		 2108def test_ap_hs20_network_preference(dev, apdev):
2109 """Hotspot 2.0 network selection with preferred home network"""
e7ac04ce 2110 check_eap_capa(dev[0], "MSCHAPV2")
a96066a5
JM		 2111 bssid = apdev[0]['bssid']
2112 params = hs20_ap_params()
8b8a1864 2113 hostapd.add_ap(apdev[0], params)
a96066a5
JM		 2114
2115 dev[0].hs20_enable()
2116 values = { 'realm': "example.com",
2117 'username': "hs20-test",
2118 'password': "password",
2119 'domain': "example.com" }
2120 dev[0].add_cred_values(values)
2121
2122 id = dev[0].add_network()
2123 dev[0].set_network_quoted(id, "ssid", "home")
2124 dev[0].set_network_quoted(id, "psk", "12345678")
2125 dev[0].set_network(id, "priority", "1")
2126 dev[0].request("ENABLE_NETWORK %s no-connect" % id)
2127
852cb016 2128 dev[0].scan_for_bss(bssid, freq="2412")
a96066a5 2129 dev[0].request("INTERWORKING_SELECT auto freq=2412")
5f35a5e2 2130 ev = dev[0].wait_connected(timeout=15)
a96066a5
JM		 2131 if bssid not in ev:
2132 raise Exception("Unexpected network selected")
2133
2134 bssid2 = apdev[1]['bssid']
2135 params = hostapd.wpa2_params(ssid="home", passphrase="12345678")
8b8a1864 2136 hostapd.add_ap(apdev[1], params)
a96066a5 2137
852cb016 2138 dev[0].scan_for_bss(bssid2, freq="2412")
a96066a5
JM		 2139 dev[0].request("INTERWORKING_SELECT auto freq=2412")
2140 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
2141 "INTERWORKING-ALREADY-CONNECTED" ], timeout=15)
2142 if ev is None:
2143 raise Exception("Connection timed out")
2144 if "INTERWORKING-ALREADY-CONNECTED" in ev:
2145 raise Exception("No roam to higher priority network")
2146 if bssid2 not in ev:
2147 raise Exception("Unexpected network selected")
2148
2149def test_ap_hs20_network_preference2(dev, apdev):
2150 """Hotspot 2.0 network selection with preferred credential"""
e7ac04ce 2151 check_eap_capa(dev[0], "MSCHAPV2")
a96066a5
JM		 2152 bssid2 = apdev[1]['bssid']
2153 params = hostapd.wpa2_params(ssid="home", passphrase="12345678")
8b8a1864 2154 hostapd.add_ap(apdev[1], params)
a96066a5
JM		 2155
2156 dev[0].hs20_enable()
2157 values = { 'realm': "example.com",
2158 'username': "hs20-test",
2159 'password': "password",
2160 'domain': "example.com",
2161 'priority': "1" }
2162 dev[0].add_cred_values(values)
2163
2164 id = dev[0].add_network()
2165 dev[0].set_network_quoted(id, "ssid", "home")
2166 dev[0].set_network_quoted(id, "psk", "12345678")
2167 dev[0].request("ENABLE_NETWORK %s no-connect" % id)
2168
852cb016 2169 dev[0].scan_for_bss(bssid2, freq="2412")
a96066a5 2170 dev[0].request("INTERWORKING_SELECT auto freq=2412")
5f35a5e2 2171 ev = dev[0].wait_connected(timeout=15)
a96066a5
JM		 2172 if bssid2 not in ev:
2173 raise Exception("Unexpected network selected")
2174
2175 bssid = apdev[0]['bssid']
2176 params = hs20_ap_params()
8b8a1864 2177 hostapd.add_ap(apdev[0], params)
a96066a5 2178
852cb016 2179 dev[0].scan_for_bss(bssid, freq="2412")
a96066a5
JM		 2180 dev[0].request("INTERWORKING_SELECT auto freq=2412")
2181 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
2182 "INTERWORKING-ALREADY-CONNECTED" ], timeout=15)
2183 if ev is None:
2184 raise Exception("Connection timed out")
2185 if "INTERWORKING-ALREADY-CONNECTED" in ev:
2186 raise Exception("No roam to higher priority network")
2187 if bssid not in ev:
2188 raise Exception("Unexpected network selected")
eaff3458
JM		 2189
2190def test_ap_hs20_network_preference3(dev, apdev):
2191 """Hotspot 2.0 network selection with two credential (one preferred)"""
e7ac04ce 2192 check_eap_capa(dev[0], "MSCHAPV2")
eaff3458
JM		 2193 bssid = apdev[0]['bssid']
2194 params = hs20_ap_params()
8b8a1864 2195 hostapd.add_ap(apdev[0], params)
eaff3458
JM		 2196
2197 bssid2 = apdev[1]['bssid']
2198 params = hs20_ap_params(ssid="test-hs20b")
2199 params['nai_realm'] = "0,example.org,13[5:6],21[2:4][5:7]"
8b8a1864 2200 hostapd.add_ap(apdev[1], params)
eaff3458
JM		 2201
2202 dev[0].hs20_enable()
2203 values = { 'realm': "example.com",
2204 'username': "hs20-test",
2205 'password': "password",
2206 'priority': "1" }
2207 dev[0].add_cred_values(values)
2208 values = { 'realm': "example.org",
2209 'username': "hs20-test",
2210 'password': "password" }
2211 id = dev[0].add_cred_values(values)
2212
852cb016
JM		 2213 dev[0].scan_for_bss(bssid, freq="2412")
2214 dev[0].scan_for_bss(bssid2, freq="2412")
eaff3458 2215 dev[0].request("INTERWORKING_SELECT auto freq=2412")
5f35a5e2 2216 ev = dev[0].wait_connected(timeout=15)
eaff3458
JM		 2217 if bssid not in ev:
2218 raise Exception("Unexpected network selected")
2219
2220 dev[0].set_cred(id, "priority", "2")
2221 dev[0].request("INTERWORKING_SELECT auto freq=2412")
2222 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
2223 "INTERWORKING-ALREADY-CONNECTED" ], timeout=15)
2224 if ev is None:
2225 raise Exception("Connection timed out")
2226 if "INTERWORKING-ALREADY-CONNECTED" in ev:
2227 raise Exception("No roam to higher priority network")
2228 if bssid2 not in ev:
2229 raise Exception("Unexpected network selected")
1221639d
JM		 2230
2231def test_ap_hs20_network_preference4(dev, apdev):
2232 """Hotspot 2.0 network selection with username vs. SIM credential"""
e7ac04ce 2233 check_eap_capa(dev[0], "MSCHAPV2")
1221639d
JM		 2234 bssid = apdev[0]['bssid']
2235 params = hs20_ap_params()
8b8a1864 2236 hostapd.add_ap(apdev[0], params)
1221639d
JM		 2237
2238 bssid2 = apdev[1]['bssid']
2239 params = hs20_ap_params(ssid="test-hs20b")
2240 params['hessid'] = bssid2
2241 params['anqp_3gpp_cell_net'] = "555,444"
2242 params['domain_name'] = "wlan.mnc444.mcc555.3gppnetwork.org"
8b8a1864 2243 hostapd.add_ap(apdev[1], params)
1221639d
JM		 2244
2245 dev[0].hs20_enable()
2246 values = { 'realm': "example.com",
2247 'username': "hs20-test",
2248 'password': "password",
2249 'priority': "1" }
2250 dev[0].add_cred_values(values)
2251 values = { 'imsi': "555444-333222111",
2252 'eap': "SIM",
2253 'milenage': "5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123" }
2254 id = dev[0].add_cred_values(values)
2255
852cb016
JM		 2256 dev[0].scan_for_bss(bssid, freq="2412")
2257 dev[0].scan_for_bss(bssid2, freq="2412")
1221639d 2258 dev[0].request("INTERWORKING_SELECT auto freq=2412")
5f35a5e2 2259 ev = dev[0].wait_connected(timeout=15)
1221639d
JM		 2260 if bssid not in ev:
2261 raise Exception("Unexpected network selected")
2262
2263 dev[0].set_cred(id, "priority", "2")
2264 dev[0].request("INTERWORKING_SELECT auto freq=2412")
2265 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
2266 "INTERWORKING-ALREADY-CONNECTED" ], timeout=15)
2267 if ev is None:
2268 raise Exception("Connection timed out")
2269 if "INTERWORKING-ALREADY-CONNECTED" in ev:
2270 raise Exception("No roam to higher priority network")
2271 if bssid2 not in ev:
2272 raise Exception("Unexpected network selected")
97de642a 2273
5f6ce5b5
JM		 2274def test_ap_hs20_interworking_select_blocking_scan(dev, apdev):
2275 """Ongoing INTERWORKING_SELECT blocking SCAN"""
e7ac04ce 2276 check_eap_capa(dev[0], "MSCHAPV2")
5f6ce5b5
JM		 2277 bssid = apdev[0]['bssid']
2278 params = hs20_ap_params()
8b8a1864 2279 hostapd.add_ap(apdev[0], params)
5f6ce5b5
JM		 2280
2281 dev[0].hs20_enable()
2282 values = { 'realm': "example.com",
2283 'username': "hs20-test",
2284 'password': "password",
2285 'domain': "example.com" }
2286 dev[0].add_cred_values(values)
2287
2288 dev[0].scan_for_bss(bssid, freq="2412")
2289 dev[0].request("INTERWORKING_SELECT auto freq=2412")
2290 if "FAIL-BUSY" not in dev[0].request("SCAN"):
2291 raise Exception("Unexpected SCAN command result")
2292 dev[0].wait_connected(timeout=15)
2293
97de642a
JM		 2294def test_ap_hs20_fetch_osu(dev, apdev):
2295 """Hotspot 2.0 OSU provider and icon fetch"""
2296 bssid = apdev[0]['bssid']
2297 params = hs20_ap_params()
2298 params['hs20_icon'] = "128:80:zxx:image/png:w1fi_logo:w1fi_logo.png"
2299 params['osu_ssid'] = '"HS 2.0 OSU open"'
2300 params['osu_method_list'] = "1"
2301 params['osu_friendly_name'] = [ "eng:Test OSU", "fin:Testi-OSU" ]
2302 params['osu_icon'] = "w1fi_logo"
2303 params['osu_service_desc'] = [ "eng:Example services", "fin:Esimerkkipalveluja" ]
2304 params['osu_server_uri'] = "https://example.com/osu/"
8b8a1864 2305 hostapd.add_ap(apdev[0], params)
97de642a
JM		 2306
2307 bssid2 = apdev[1]['bssid']
2308 params = hs20_ap_params(ssid="test-hs20b")
2309 params['hessid'] = bssid2
2310 params['hs20_icon'] = "128:80:zxx:image/png:w1fi_logo:w1fi_logo.png"
2311 params['osu_ssid'] = '"HS 2.0 OSU OSEN"'
2312 params['osu_method_list'] = "0"
6acecce1 2313 params['osu_nai'] = "osen@example.com"
97de642a
JM		 2314 params['osu_friendly_name'] = [ "eng:Test2 OSU", "fin:Testi2-OSU" ]
2315 params['osu_icon'] = "w1fi_logo"
2316 params['osu_service_desc'] = [ "eng:Example services2", "fin:Esimerkkipalveluja2" ]
2317 params['osu_server_uri'] = "https://example.org/osu/"
8b8a1864 2318 hostapd.add_ap(apdev[1], params)
97de642a
JM		 2319
2320 with open("w1fi_logo.png", "r") as f:
2321 orig_logo = f.read()
2322 dev[0].hs20_enable()
2323 dir = "/tmp/osu-fetch"
2324 if os.path.isdir(dir):
2325 files = [ f for f in os.listdir(dir) if f.startswith("osu-") ]
2326 for f in files:
2327 os.remove(dir + "/" + f)
2328 else:
2329 try:
2330 os.makedirs(dir)
2331 except:
2332 pass
2333 try:
0a578716 2334 dev[1].scan_for_bss(bssid, freq="2412")
446dd748 2335 dev[2].scan_for_bss(bssid, freq="2412")
97de642a
JM		 2336 dev[0].request("SET osu_dir " + dir)
2337 dev[0].request("FETCH_OSU")
44c41cdf
JM		 2338 if "FAIL" not in dev[1].request("HS20_ICON_REQUEST foo w1fi_logo"):
2339 raise Exception("Invalid HS20_ICON_REQUEST accepted")
d2fb8b86
JM		 2340 if "OK" not in dev[1].request("HS20_ICON_REQUEST " + bssid + " w1fi_logo"):
2341 raise Exception("HS20_ICON_REQUEST failed")
446dd748
JM		 2342 if "OK" not in dev[2].request("REQ_HS20_ICON " + bssid + " w1fi_logo"):
2343 raise Exception("REQ_HS20_ICON failed")
97de642a
JM		 2344 icons = 0
2345 while True:
2346 ev = dev[0].wait_event(["OSU provider fetch completed",
2347 "RX-HS20-ANQP-ICON"], timeout=15)
2348 if ev is None:
2349 raise Exception("Timeout on OSU fetch")
2350 if "OSU provider fetch completed" in ev:
2351 break
2352 if "RX-HS20-ANQP-ICON" in ev:
2353 with open(ev.split(' ')[1], "r") as f:
2354 logo = f.read()
2355 if logo == orig_logo:
2356 icons += 1
2357
2358 with open(dir + "/osu-providers.txt", "r") as f:
2359 prov = f.read()
27f527e0 2360 logger.debug("osu-providers.txt: " + prov)
97de642a 2361 if "OSU-PROVIDER " + bssid not in prov:
27f527e0 2362 raise Exception("Missing OSU_PROVIDER(1)")
97de642a 2363 if "OSU-PROVIDER " + bssid2 not in prov:
27f527e0 2364 raise Exception("Missing OSU_PROVIDER(2)")
97de642a
JM		 2365 finally:
2366 files = [ f for f in os.listdir(dir) if f.startswith("osu-") ]
2367 for f in files:
2368 os.remove(dir + "/" + f)
2369 os.rmdir(dir)
2370
2371 if icons != 2:
2372 raise Exception("Unexpected number of icons fetched")
d2fb8b86
JM		 2373
2374 ev = dev[1].wait_event(["GAS-QUERY-START"], timeout=5)
2375 if ev is None:
2376 raise Exception("Timeout on GAS-QUERY-DONE")
2377 ev = dev[1].wait_event(["GAS-QUERY-DONE"], timeout=5)
2378 if ev is None:
2379 raise Exception("Timeout on GAS-QUERY-DONE")
2380 if "freq=2412 status_code=0 result=SUCCESS" not in ev:
2381 raise Exception("Unexpected GAS-QUERY-DONE: " + ev)
2382 ev = dev[1].wait_event(["RX-HS20-ANQP"], timeout=15)
2383 if ev is None:
2384 raise Exception("Timeout on icon fetch")
2385 if "Icon Binary File" not in ev:
2386 raise Exception("Unexpected ANQP element")
37ffe7c5 2387
446dd748
JM		 2388 ev = dev[2].wait_event(["RX-HS20-ICON"], timeout=5)
2389 if ev is None:
2390 raise Exception("Timeout on RX-HS20-ICON")
2391 event_icon_len = ev.split(' ')[3]
2392 if " w1fi_logo " not in ev:
2393 raise Exception("RX-HS20-ICON did not have the expected file name")
2394 if bssid not in ev:
2395 raise Exception("RX-HS20-ICON did not have the expected BSSID")
2396 if "FAIL" in dev[2].request("GET_HS20_ICON " + bssid + " w1fi_logo 0 10"):
2397 raise Exception("GET_HS20_ICON 0..10 failed")
2398 if "FAIL" in dev[2].request("GET_HS20_ICON " + bssid + " w1fi_logo 5 10"):
2399 raise Exception("GET_HS20_ICON 5..15 failed")
2400 if "FAIL" not in dev[2].request("GET_HS20_ICON " + bssid + " w1fi_logo 100000 10"):
2401 raise Exception("Unexpected success of GET_HS20_ICON with too large offset")
2402 icon = ""
2403 pos = 0
2404 while True:
2405 if pos > 100000:
2406 raise Exception("Unexpectedly long icon")
2407 res = dev[2].request("GET_HS20_ICON " + bssid + " w1fi_logo %d 1000" % pos)
2408 if res.startswith("FAIL"):
2409 break
2410 icon += base64.b64decode(res)
2411 pos += 1000
2412 hex = binascii.hexlify(icon)
2413 if not hex.startswith("0009696d6167652f706e677d1d"):
2414 raise Exception("Unexpected beacon binary header: " + hex)
2415 with open('w1fi_logo.png', 'r') as f:
2416 data = f.read()
2417 if icon[13:] != data:
2418 raise Exception("Unexpected icon data")
2419 if len(icon) != int(event_icon_len):
2420 raise Exception("Unexpected RX-HS20-ICON event length: " + event_icon_len)
2421
2422 for i in range(3):
2423 if "OK" not in dev[i].request("REQ_HS20_ICON " + bssid + " w1fi_logo"):
2424 raise Exception("REQ_HS20_ICON failed [2]")
2425 for i in range(3):
2426 ev = dev[i].wait_event(["RX-HS20-ICON"], timeout=5)
2427 if ev is None:
2428 raise Exception("Timeout on RX-HS20-ICON [2]")
2429
2430 if "FAIL" not in dev[2].request("DEL_HS20_ICON foo w1fi_logo"):
2431 raise Exception("Invalid DEL_HS20_ICON accepted")
2432 if "OK" not in dev[2].request("DEL_HS20_ICON " + bssid + " w1fi_logo"):
2433 raise Exception("DEL_HS20_ICON failed")
2434 if "OK" not in dev[1].request("DEL_HS20_ICON " + bssid):
2435 raise Exception("DEL_HS20_ICON failed")
2436 if "OK" not in dev[0].request("DEL_HS20_ICON "):
2437 raise Exception("DEL_HS20_ICON failed")
2438 for i in range(3):
2439 if "FAIL" not in dev[i].request("DEL_HS20_ICON "):
2440 raise Exception("DEL_HS20_ICON accepted when no icons left")
2441
1018bc99
JM		 2442def get_icon(dev, bssid, iconname):
2443 icon = ""
2444 pos = 0
2445 while True:
2446 if pos > 100000:
2447 raise Exception("Unexpectedly long icon")
2448 res = dev.request("GET_HS20_ICON " + bssid + " " + iconname + " %d 3000" % pos)
2449 if res.startswith("FAIL"):
2450 break
2451 icon += base64.b64decode(res)
2452 pos += 3000
2453 if len(icon) < 13:
2454 raise Exception("Too short GET_HS20_ICON response")
2455 return icon[0:13], icon[13:]
2456
2457def test_ap_hs20_req_hs20_icon(dev, apdev):
2458 """Hotspot 2.0 OSU provider and multi-icon fetch with REQ_HS20_ICON"""
2459 bssid = apdev[0]['bssid']
2460 params = hs20_ap_params()
2461 params['hs20_icon'] = [ "128:80:zxx:image/png:w1fi_logo:w1fi_logo.png",
2462 "128:80:zxx:image/png:test_logo:auth_serv/sha512-server.pem" ]
2463 params['osu_ssid'] = '"HS 2.0 OSU open"'
2464 params['osu_method_list'] = "1"
2465 params['osu_friendly_name'] = [ "eng:Test OSU", "fin:Testi-OSU" ]
2466 params['osu_icon'] = [ "w1fi_logo", "w1fi_logo2" ]
2467 params['osu_service_desc'] = [ "eng:Example services", "fin:Esimerkkipalveluja" ]
2468 params['osu_server_uri'] = "https://example.com/osu/"
8b8a1864 2469 hostapd.add_ap(apdev[0], params)
1018bc99
JM		 2470
2471 dev[0].scan_for_bss(bssid, freq="2412")
2472
2473 # First, fetch two icons from the AP to wpa_supplicant
2474
2475 if "OK" not in dev[0].request("REQ_HS20_ICON " + bssid + " w1fi_logo"):
2476 raise Exception("REQ_HS20_ICON failed")
2477 ev = dev[0].wait_event(["RX-HS20-ICON"], timeout=5)
2478 if ev is None:
2479 raise Exception("Timeout on RX-HS20-ICON (1)")
2480
2481 if "OK" not in dev[0].request("REQ_HS20_ICON " + bssid + " test_logo"):
2482 raise Exception("REQ_HS20_ICON failed")
2483 ev = dev[0].wait_event(["RX-HS20-ICON"], timeout=5)
2484 if ev is None:
2485 raise Exception("Timeout on RX-HS20-ICON (2)")
2486
2487 # Then, fetch the icons from wpa_supplicant for validation
2488
2489 hdr, data1 = get_icon(dev[0], bssid, "w1fi_logo")
2490 hdr, data2 = get_icon(dev[0], bssid, "test_logo")
2491
2492 with open('w1fi_logo.png', 'r') as f:
2493 data = f.read()
2494 if data1 != data:
2495 raise Exception("Unexpected icon data (1)")
2496
2497 with open('auth_serv/sha512-server.pem', 'r') as f:
2498 data = f.read()
2499 if data2 != data:
2500 raise Exception("Unexpected icon data (2)")
2501
2502 # Finally, delete the icons from wpa_supplicant
2503
2504 if "OK" not in dev[0].request("DEL_HS20_ICON " + bssid + " w1fi_logo"):
2505 raise Exception("DEL_HS20_ICON failed")
2506 if "OK" not in dev[0].request("DEL_HS20_ICON " + bssid + " test_logo"):
2507 raise Exception("DEL_HS20_ICON failed")
2508
2509def test_ap_hs20_req_hs20_icon_parallel(dev, apdev):
2510 """Hotspot 2.0 OSU provider and multi-icon parallel fetch with REQ_HS20_ICON"""
2511 bssid = apdev[0]['bssid']
2512 params = hs20_ap_params()
2513 params['hs20_icon'] = [ "128:80:zxx:image/png:w1fi_logo:w1fi_logo.png",
2514 "128:80:zxx:image/png:test_logo:auth_serv/sha512-server.pem" ]
2515 params['osu_ssid'] = '"HS 2.0 OSU open"'
2516 params['osu_method_list'] = "1"
2517 params['osu_friendly_name'] = [ "eng:Test OSU", "fin:Testi-OSU" ]
2518 params['osu_icon'] = [ "w1fi_logo", "w1fi_logo2" ]
2519 params['osu_service_desc'] = [ "eng:Example services", "fin:Esimerkkipalveluja" ]
2520 params['osu_server_uri'] = "https://example.com/osu/"
8b8a1864 2521 hostapd.add_ap(apdev[0], params)
1018bc99
JM		 2522
2523 dev[0].scan_for_bss(bssid, freq="2412")
2524
2525 # First, fetch two icons from the AP to wpa_supplicant
2526
2527 if "OK" not in dev[0].request("REQ_HS20_ICON " + bssid + " w1fi_logo"):
2528 raise Exception("REQ_HS20_ICON failed")
2529
2530 if "OK" not in dev[0].request("REQ_HS20_ICON " + bssid + " test_logo"):
2531 raise Exception("REQ_HS20_ICON failed")
2532 ev = dev[0].wait_event(["RX-HS20-ICON"], timeout=5)
2533 if ev is None:
2534 raise Exception("Timeout on RX-HS20-ICON (1)")
2535 ev = dev[0].wait_event(["RX-HS20-ICON"], timeout=5)
2536 if ev is None:
2537 raise Exception("Timeout on RX-HS20-ICON (2)")
2538
2539 # Then, fetch the icons from wpa_supplicant for validation
2540
2541 hdr, data1 = get_icon(dev[0], bssid, "w1fi_logo")
2542 hdr, data2 = get_icon(dev[0], bssid, "test_logo")
2543
2544 with open('w1fi_logo.png', 'r') as f:
2545 data = f.read()
2546 if data1 != data:
2547 raise Exception("Unexpected icon data (1)")
2548
2549 with open('auth_serv/sha512-server.pem', 'r') as f:
2550 data = f.read()
2551 if data2 != data:
2552 raise Exception("Unexpected icon data (2)")
2553
2554 # Finally, delete the icons from wpa_supplicant
2555
2556 if "OK" not in dev[0].request("DEL_HS20_ICON " + bssid + " w1fi_logo"):
2557 raise Exception("DEL_HS20_ICON failed")
2558 if "OK" not in dev[0].request("DEL_HS20_ICON " + bssid + " test_logo"):
2559 raise Exception("DEL_HS20_ICON failed")
2560
69f99123
JM		 2561def test_ap_hs20_fetch_osu_stop(dev, apdev):
2562 """Hotspot 2.0 OSU provider fetch stopped"""
2563 bssid = apdev[0]['bssid']
2564 params = hs20_ap_params()
2565 params['hs20_icon'] = "128:80:zxx:image/png:w1fi_logo:w1fi_logo.png"
2566 params['osu_ssid'] = '"HS 2.0 OSU open"'
2567 params['osu_method_list'] = "1"
2568 params['osu_friendly_name'] = [ "eng:Test OSU", "fin:Testi-OSU" ]
2569 params['osu_icon'] = "w1fi_logo"
2570 params['osu_service_desc'] = [ "eng:Example services", "fin:Esimerkkipalveluja" ]
2571 params['osu_server_uri'] = "https://example.com/osu/"
8b8a1864 2572 hapd = hostapd.add_ap(apdev[0], params)
69f99123
JM		 2573
2574 dev[0].hs20_enable()
2575 dir = "/tmp/osu-fetch"
2576 if os.path.isdir(dir):
2577 files = [ f for f in os.listdir(dir) if f.startswith("osu-") ]
2578 for f in files:
2579 os.remove(dir + "/" + f)
2580 else:
2581 try:
2582 os.makedirs(dir)
2583 except:
2584 pass
2585 try:
2586 dev[0].request("SET osu_dir " + dir)
2587 dev[0].request("SCAN freq=2412-2462")
2588 ev = dev[0].wait_event(["CTRL-EVENT-SCAN-STARTED"], timeout=10)
2589 if ev is None:
2590 raise Exception("Scan did not start")
2591 if "FAIL" not in dev[0].request("FETCH_OSU"):
2592 raise Exception("FETCH_OSU accepted while scanning")
2593 ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 10)
2594 if ev is None:
2595 raise Exception("Scan timed out")
2596 hapd.set("ext_mgmt_frame_handling", "1")
2597 dev[0].request("FETCH_ANQP")
2598 if "FAIL" not in dev[0].request("FETCH_OSU"):
2599 raise Exception("FETCH_OSU accepted while in FETCH_ANQP")
2600 dev[0].request("STOP_FETCH_ANQP")
2601 dev[0].wait_event(["GAS-QUERY-DONE"], timeout=5)
2602 dev[0].dump_monitor()
2603 hapd.dump_monitor()
2604 dev[0].request("INTERWORKING_SELECT freq=2412")
2605 for i in range(5):
2606 msg = hapd.mgmt_rx()
2607 if msg['subtype'] == 13:
2608 break
2609 if "FAIL" not in dev[0].request("FETCH_OSU"):
2610 raise Exception("FETCH_OSU accepted while in INTERWORKING_SELECT")
2611 ev = dev[0].wait_event(["INTERWORKING-AP", "INTERWORKING-NO-MATCH"],
2612 timeout=15)
2613 if ev is None:
2614 raise Exception("Network selection timed out");
2615
2616 dev[0].dump_monitor()
2617 if "OK" not in dev[0].request("FETCH_OSU"):
2618 raise Exception("FETCH_OSU failed")
2619 dev[0].request("CANCEL_FETCH_OSU")
2620
2621 for i in range(15):
2622 time.sleep(0.5)
2623 if dev[0].get_driver_status_field("scan_state") == "SCAN_COMPLETED":
2624 break
2625
2626 dev[0].dump_monitor()
2627 if "OK" not in dev[0].request("FETCH_OSU"):
2628 raise Exception("FETCH_OSU failed")
2629 if "FAIL" not in dev[0].request("FETCH_OSU"):
2630 raise Exception("FETCH_OSU accepted while in FETCH_OSU")
2631 ev = dev[0].wait_event(["GAS-QUERY-START"], 10)
2632 if ev is None:
2633 raise Exception("GAS timed out")
2634 if "FAIL" not in dev[0].request("FETCH_OSU"):
2635 raise Exception("FETCH_OSU accepted while in FETCH_OSU")
2636 dev[0].request("CANCEL_FETCH_OSU")
2637 ev = dev[0].wait_event(["GAS-QUERY-DONE"], 10)
2638 if ev is None:
2639 raise Exception("GAS event timed out after CANCEL_FETCH_OSU")
2640 finally:
2641 files = [ f for f in os.listdir(dir) if f.startswith("osu-") ]
2642 for f in files:
2643 os.remove(dir + "/" + f)
2644 os.rmdir(dir)
2645
37ffe7c5
JM		 2646def test_ap_hs20_ft(dev, apdev):
2647 """Hotspot 2.0 connection with FT"""
e7ac04ce 2648 check_eap_capa(dev[0], "MSCHAPV2")
37ffe7c5
JM		 2649 bssid = apdev[0]['bssid']
2650 params = hs20_ap_params()
2651 params['wpa_key_mgmt'] = "FT-EAP"
2652 params['nas_identifier'] = "nas1.w1.fi"
2653 params['r1_key_holder'] = "000102030405"
2654 params["mobility_domain"] = "a1b2"
2655 params["reassociation_deadline"] = "1000"
8b8a1864 2656 hostapd.add_ap(apdev[0], params)
37ffe7c5
JM		 2657
2658 dev[0].hs20_enable()
2659 id = dev[0].add_cred_values({ 'realm': "example.com",
2660 'username': "hs20-test",
2661 'password': "password",
2662 'ca_cert': "auth_serv/ca.pem",
2663 'domain': "example.com",
2664 'update_identifier': "1234" })
2665 interworking_select(dev[0], bssid, "home", freq="2412")
2666 interworking_connect(dev[0], bssid, "TTLS")
350a7ba9
JM		 2667
2668def test_ap_hs20_remediation_sql(dev, apdev, params):
2669 """Hotspot 2.0 connection and remediation required using SQLite for user DB"""
e7ac04ce 2670 check_eap_capa(dev[0], "MSCHAPV2")
350a7ba9
JM		 2671 try:
2672 import sqlite3
2673 except ImportError:
81e787b7 2674 raise HwsimSkip("No sqlite3 module available")
350a7ba9
JM		 2675 dbfile = os.path.join(params['logdir'], "eap-user.db")
2676 try:
2677 os.remove(dbfile)
2678 except:
2679 pass
2680 con = sqlite3.connect(dbfile)
2681 with con:
2682 cur = con.cursor()
2683 cur.execute("CREATE TABLE users(identity TEXT PRIMARY KEY, methods TEXT, password TEXT, remediation TEXT, phase2 INTEGER)")
2684 cur.execute("CREATE TABLE wildcards(identity TEXT PRIMARY KEY, methods TEXT)")
2685 cur.execute("INSERT INTO users(identity,methods,password,phase2,remediation) VALUES ('user-mschapv2','TTLS-MSCHAPV2','password',1,'user')")
2686 cur.execute("INSERT INTO wildcards(identity,methods) VALUES ('','TTLS,TLS')")
2687 cur.execute("CREATE TABLE authlog(timestamp TEXT, session TEXT, nas_ip TEXT, username TEXT, note TEXT)")
2688
2689 try:
2690 params = { "ssid": "as", "beacon_int": "2000",
2691 "radius_server_clients": "auth_serv/radius_clients.conf",
2692 "radius_server_auth_port": '18128',
2693 "eap_server": "1",
2694 "eap_user_file": "sqlite:" + dbfile,
2695 "ca_cert": "auth_serv/ca.pem",
2696 "server_cert": "auth_serv/server.pem",
2697 "private_key": "auth_serv/server.key",
2698 "subscr_remediation_url": "https://example.org/",
2699 "subscr_remediation_method": "1" }
8b8a1864 2700 hostapd.add_ap(apdev[1], params)
350a7ba9
JM		 2701
2702 bssid = apdev[0]['bssid']
2703 params = hs20_ap_params()
2704 params['auth_server_port'] = "18128"
8b8a1864 2705 hostapd.add_ap(apdev[0], params)
350a7ba9
JM		 2706
2707 dev[0].request("SET pmf 1")
2708 dev[0].hs20_enable()
2709 id = dev[0].add_cred_values({ 'realm': "example.com",
2710 'username': "user-mschapv2",
2711 'password': "password",
2712 'ca_cert': "auth_serv/ca.pem" })
2713 interworking_select(dev[0], bssid, freq="2412")
2714 interworking_connect(dev[0], bssid, "TTLS")
2715 ev = dev[0].wait_event(["HS20-SUBSCRIPTION-REMEDIATION"], timeout=5)
2716 if ev is None:
2717 raise Exception("Timeout on subscription remediation notice")
2718 if " 1 https://example.org/" not in ev:
2719 raise Exception("Unexpected subscription remediation event contents")
2720
2721 with con:
2722 cur = con.cursor()
2723 cur.execute("SELECT * from authlog")
2724 rows = cur.fetchall()
2725 if len(rows) < 1:
2726 raise Exception("No authlog entries")
2727
2728 finally:
2729 os.remove(dbfile)
909f13cc 2730 dev[0].request("SET pmf 0")
f1a36a53
JM		 2731
2732def test_ap_hs20_external_selection(dev, apdev):
2733 """Hotspot 2.0 connection using external network selection and creation"""
e7ac04ce 2734 check_eap_capa(dev[0], "MSCHAPV2")
f1a36a53
JM		 2735 bssid = apdev[0]['bssid']
2736 params = hs20_ap_params()
2737 params['hessid'] = bssid
2738 params['disable_dgaf'] = '1'
8b8a1864 2739 hostapd.add_ap(apdev[0], params)
f1a36a53
JM		 2740
2741 dev[0].hs20_enable()
2742 dev[0].connect("test-hs20", proto="RSN", key_mgmt="WPA-EAP", eap="TTLS",
2743 identity="hs20-test", password="password",
2744 ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
2745 scan_freq="2412", update_identifier="54321")
2746 if dev[0].get_status_field("hs20") != "2":
2747 raise Exception("Unexpected hs20 indication")
816e3df9
JM		 2748
2749def test_ap_hs20_random_mac_addr(dev, apdev):
2750 """Hotspot 2.0 connection with random MAC address"""
e7ac04ce 2751 check_eap_capa(dev[0], "MSCHAPV2")
816e3df9
JM		 2752 bssid = apdev[0]['bssid']
2753 params = hs20_ap_params()
2754 params['hessid'] = bssid
2755 params['disable_dgaf'] = '1'
8b8a1864 2756 hapd = hostapd.add_ap(apdev[0], params)
816e3df9
JM		 2757
2758 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
2759 wpas.interface_add("wlan5")
2760 addr = wpas.p2p_interface_addr()
2761 wpas.request("SET mac_addr 1")
2762 wpas.request("SET preassoc_mac_addr 1")
2763 wpas.request("SET rand_addr_lifetime 60")
2764 wpas.hs20_enable()
243dcc4a 2765 wpas.flush_scan_cache()
816e3df9
JM		 2766 id = wpas.add_cred_values({ 'realm': "example.com",
2767 'username': "hs20-test",
2768 'password': "password",
2769 'ca_cert': "auth_serv/ca.pem",
2770 'domain': "example.com",
2771 'update_identifier': "1234" })
2772 interworking_select(wpas, bssid, "home", freq="2412")
2773 interworking_connect(wpas, bssid, "TTLS")
816e3df9
JM		 2774 addr1 = wpas.get_driver_status_field("addr")
2775 if addr == addr1:
2776 raise Exception("Did not use random MAC address")
2777
2778 sta = hapd.get_sta(addr)
2779 if sta['addr'] != "FAIL":
2780 raise Exception("Unexpected STA association with permanent address")
2781 sta = hapd.get_sta(addr1)
2782 if sta['addr'] != addr1:
2783 raise Exception("STA association with random address not found")
5f7b07de 2784
76b76941
JM		 2785def test_ap_hs20_multi_network_and_cred_removal(dev, apdev):
2786 """Multiple networks and cred removal"""
e7ac04ce 2787 check_eap_capa(dev[0], "MSCHAPV2")
76b76941
JM		 2788 bssid = apdev[0]['bssid']
2789 params = hs20_ap_params()
2790 params['nai_realm'] = [ "0,example.com,25[3:26]"]
8b8a1864 2791 hapd = hostapd.add_ap(apdev[0], params)
76b76941
JM		 2792
2793 dev[0].add_network()
2794 dev[0].hs20_enable()
2795 id = dev[0].add_cred_values({ 'realm': "example.com",
2796 'username': "user",
2797 'password': "password" })
2798 interworking_select(dev[0], bssid, freq="2412")
2799 interworking_connect(dev[0], bssid, "PEAP")
2800 dev[0].add_network()
2801
2802 dev[0].request("DISCONNECT")
5f35a5e2 2803 dev[0].wait_disconnected(timeout=10)
76b76941
JM		 2804
2805 hapd.disable()
2806 hapd.set("ssid", "another ssid")
2807 hapd.enable()
2808
2809 interworking_select(dev[0], bssid, freq="2412")
2810 interworking_connect(dev[0], bssid, "PEAP")
2811 dev[0].add_network()
2812 if len(dev[0].list_networks()) != 5:
2813 raise Exception("Unexpected number of networks prior to remove_crec")
2814
2815 dev[0].dump_monitor()
2816 dev[0].remove_cred(id)
2817 if len(dev[0].list_networks()) != 3:
2818 raise Exception("Unexpected number of networks after to remove_crec")
5f35a5e2 2819 dev[0].wait_disconnected(timeout=10)
76b76941 2820
22653762
JM		 2821def test_ap_hs20_interworking_add_network(dev, apdev):
2822 """Hotspot 2.0 connection using INTERWORKING_ADD_NETWORK"""
e7ac04ce 2823 check_eap_capa(dev[0], "MSCHAPV2")
22653762
JM		 2824 bssid = apdev[0]['bssid']
2825 params = hs20_ap_params()
2826 params['nai_realm'] = [ "0,example.com,21[3:26][6:7][99:99]" ]
8b8a1864 2827 hostapd.add_ap(apdev[0], params)
22653762
JM		 2828
2829 dev[0].hs20_enable()
2830 dev[0].add_cred_values(default_cred(user="user"))
2831 interworking_select(dev[0], bssid, freq=2412)
2832 id = dev[0].interworking_add_network(bssid)
2833 dev[0].select_network(id, freq=2412)
2834 dev[0].wait_connected()
2835
5f7b07de
JM		 2836def _test_ap_hs20_proxyarp(dev, apdev):
2837 bssid = apdev[0]['bssid']
2838 params = hs20_ap_params()
2839 params['hessid'] = bssid
2840 params['disable_dgaf'] = '0'
2841 params['proxy_arp'] = '1'
8b8a1864 2842 hapd = hostapd.add_ap(apdev[0], params, no_enable=True)
5f7b07de
JM		 2843 if "OK" in hapd.request("ENABLE"):
2844 raise Exception("Incomplete hostapd configuration was accepted")
2845 hapd.set("ap_isolate", "1")
2846 if "OK" in hapd.request("ENABLE"):
2847 raise Exception("Incomplete hostapd configuration was accepted")
2848 hapd.set('bridge', 'ap-br0')
2849 hapd.dump_monitor()
2850 try:
2851 hapd.enable()
2852 except:
2853 # For now, do not report failures due to missing kernel support
81e787b7 2854 raise HwsimSkip("Could not start hostapd - assume proxyarp not supported in kernel version")
5f7b07de
JM		 2855 ev = hapd.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=10)
2856 if ev is None:
2857 raise Exception("AP startup timed out")
2858 if "AP-ENABLED" not in ev:
2859 raise Exception("AP startup failed")
2860
2861 dev[0].hs20_enable()
2862 subprocess.call(['brctl', 'setfd', 'ap-br0', '0'])
2863 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
5f7b07de
JM		 2864
2865 id = dev[0].add_cred_values({ 'realm': "example.com",
2866 'username': "hs20-test",
2867 'password': "password",
2868 'ca_cert': "auth_serv/ca.pem",
2869 'domain': "example.com",
2870 'update_identifier': "1234" })
2871 interworking_select(dev[0], bssid, "home", freq="2412")
2872 interworking_connect(dev[0], bssid, "TTLS")
2873
2874 dev[1].connect("test-hs20", key_mgmt="WPA-EAP", eap="TTLS",
2875 identity="hs20-test", password="password",
2876 ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
2877 scan_freq="2412")
2878 time.sleep(0.1)
2879
67aeee11
JM		 2880 addr0 = dev[0].p2p_interface_addr()
2881 addr1 = dev[1].p2p_interface_addr()
2882
2883 src_ll_opt0 = "\x01\x01" + binascii.unhexlify(addr0.replace(':',''))
2884 src_ll_opt1 = "\x01\x01" + binascii.unhexlify(addr1.replace(':',''))
2885
2886 pkt = build_ns(src_ll=addr0, ip_src="aaaa:bbbb:cccc::2",
2887 ip_dst="ff02::1:ff00:2", target="aaaa:bbbb:cccc::2",
2888 opt=src_ll_opt0)
2889 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
2890 raise Exception("DATA_TEST_FRAME failed")
2891
2892 pkt = build_ns(src_ll=addr1, ip_src="aaaa:bbbb:dddd::2",
2893 ip_dst="ff02::1:ff00:2", target="aaaa:bbbb:dddd::2",
2894 opt=src_ll_opt1)
2895 if "OK" not in dev[1].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
2896 raise Exception("DATA_TEST_FRAME failed")
2897
2898 pkt = build_ns(src_ll=addr1, ip_src="aaaa:bbbb:eeee::2",
2899 ip_dst="ff02::1:ff00:2", target="aaaa:bbbb:eeee::2",
2900 opt=src_ll_opt1)
2901 if "OK" not in dev[1].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
2902 raise Exception("DATA_TEST_FRAME failed")
2903
5f7b07de
JM		 2904 matches = get_permanent_neighbors("ap-br0")
2905 logger.info("After connect: " + str(matches))
67aeee11
JM		 2906 if len(matches) != 3:
2907 raise Exception("Unexpected number of neighbor entries after connect")
2908 if 'aaaa:bbbb:cccc::2 dev ap-br0 lladdr 02:00:00:00:00:00 PERMANENT' not in matches:
2909 raise Exception("dev0 addr missing")
2910 if 'aaaa:bbbb:dddd::2 dev ap-br0 lladdr 02:00:00:00:01:00 PERMANENT' not in matches:
2911 raise Exception("dev1 addr(1) missing")
2912 if 'aaaa:bbbb:eeee::2 dev ap-br0 lladdr 02:00:00:00:01:00 PERMANENT' not in matches:
2913 raise Exception("dev1 addr(2) missing")
5f7b07de
JM		 2914 dev[0].request("DISCONNECT")
2915 dev[1].request("DISCONNECT")
2916 time.sleep(0.5)
2917 matches = get_permanent_neighbors("ap-br0")
2918 logger.info("After disconnect: " + str(matches))
2919 if len(matches) > 0:
2920 raise Exception("Unexpected neighbor entries after disconnect")
2921
e1f8fe88
JM		 2922def test_ap_hs20_hidden_ssid_in_scan_res(dev, apdev):
2923 """Hotspot 2.0 connection with hidden SSId in scan results"""
e7ac04ce 2924 check_eap_capa(dev[0], "MSCHAPV2")
e1f8fe88
JM		 2925 bssid = apdev[0]['bssid']
2926
8b8a1864
JD		 2927 hapd = hostapd.add_ap(apdev[0], { "ssid": 'secret',
2928 "ignore_broadcast_ssid": "1" })
e1f8fe88
JM		 2929 dev[0].scan_for_bss(bssid, freq=2412)
2930 hapd.disable()
dc6342de 2931 hapd_global = hostapd.HostapdGlobal(apdev[0])
e1f8fe88
JM		 2932 hapd_global.flush()
2933 hapd_global.remove(apdev[0]['ifname'])
2934
2935 params = hs20_ap_params()
2936 params['hessid'] = bssid
8b8a1864 2937 hapd = hostapd.add_ap(apdev[0], params)
e1f8fe88
JM		 2938
2939 dev[0].hs20_enable()
2940 id = dev[0].add_cred_values({ 'realm': "example.com",
2941 'username': "hs20-test",
2942 'password': "password",
2943 'ca_cert': "auth_serv/ca.pem",
2944 'domain': "example.com" })
2945 interworking_select(dev[0], bssid, "home", freq="2412")
2946 interworking_connect(dev[0], bssid, "TTLS")
2947
2948 # clear BSS table to avoid issues in following test cases
2949 dev[0].request("DISCONNECT")
2950 dev[0].wait_disconnected()
45de3286
JM		 2951 hapd.disable()
2952 dev[0].flush_scan_cache()
e1f8fe88
JM		 2953 dev[0].flush_scan_cache()
2954
5f7b07de
JM		 2955def test_ap_hs20_proxyarp(dev, apdev):
2956 """Hotspot 2.0 and ProxyARP"""
e7ac04ce 2957 check_eap_capa(dev[0], "MSCHAPV2")
5f7b07de 2958 try:
81e787b7 2959 _test_ap_hs20_proxyarp(dev, apdev)
5f7b07de
JM		 2960 finally:
2961 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'],
2962 stderr=open('/dev/null', 'w'))
2963 subprocess.call(['brctl', 'delbr', 'ap-br0'],
2964 stderr=open('/dev/null', 'w'))
5f7b07de 2965
356a497d
JM		 2966def _test_ap_hs20_proxyarp_dgaf(dev, apdev, disabled):
2967 bssid = apdev[0]['bssid']
2968 params = hs20_ap_params()
2969 params['hessid'] = bssid
2970 params['disable_dgaf'] = '1' if disabled else '0'
2971 params['proxy_arp'] = '1'
798c7951 2972 params['na_mcast_to_ucast'] = '1'
356a497d
JM		 2973 params['ap_isolate'] = '1'
2974 params['bridge'] = 'ap-br0'
8b8a1864 2975 hapd = hostapd.add_ap(apdev[0], params, no_enable=True)
356a497d
JM		 2976 try:
2977 hapd.enable()
2978 except:
2979 # For now, do not report failures due to missing kernel support
81e787b7 2980 raise HwsimSkip("Could not start hostapd - assume proxyarp not supported in kernel version")
356a497d
JM		 2981 ev = hapd.wait_event(["AP-ENABLED"], timeout=10)
2982 if ev is None:
2983 raise Exception("AP startup timed out")
2984
2985 dev[0].hs20_enable()
2986 subprocess.call(['brctl', 'setfd', 'ap-br0', '0'])
2987 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
2988
2989 id = dev[0].add_cred_values({ 'realm': "example.com",
2990 'username': "hs20-test",
2991 'password': "password",
2992 'ca_cert': "auth_serv/ca.pem",
2993 'domain': "example.com",
2994 'update_identifier': "1234" })
2995 interworking_select(dev[0], bssid, "home", freq="2412")
2996 interworking_connect(dev[0], bssid, "TTLS")
2997
2998 dev[1].connect("test-hs20", key_mgmt="WPA-EAP", eap="TTLS",
2999 identity="hs20-test", password="password",
3000 ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
3001 scan_freq="2412")
3002 time.sleep(0.1)
3003
3004 addr0 = dev[0].p2p_interface_addr()
3005
3006 src_ll_opt0 = "\x01\x01" + binascii.unhexlify(addr0.replace(':',''))
3007
3008 pkt = build_ns(src_ll=addr0, ip_src="aaaa:bbbb:cccc::2",
3009 ip_dst="ff02::1:ff00:2", target="aaaa:bbbb:cccc::2",
3010 opt=src_ll_opt0)
3011 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
3012 raise Exception("DATA_TEST_FRAME failed")
3013
3014 pkt = build_ra(src_ll=apdev[0]['bssid'], ip_src="aaaa:bbbb:cccc::33",
3015 ip_dst="ff01::1")
3016 if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt)):
3017 raise Exception("DATA_TEST_FRAME failed")
3018
3019 pkt = build_na(src_ll=apdev[0]['bssid'], ip_src="aaaa:bbbb:cccc::44",
3020 ip_dst="ff01::1", target="aaaa:bbbb:cccc::55")
3021 if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt)):
3022 raise Exception("DATA_TEST_FRAME failed")
3023
a712282b
JM		 3024 pkt = build_dhcp_ack(dst_ll="ff:ff:ff:ff:ff:ff", src_ll=bssid,
3025 ip_src="192.168.1.1", ip_dst="255.255.255.255",
3026 yiaddr="192.168.1.123", chaddr=addr0)
3027 if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt)):
3028 raise Exception("DATA_TEST_FRAME failed")
3029 # another copy for additional code coverage
3030 pkt = build_dhcp_ack(dst_ll=addr0, src_ll=bssid,
3031 ip_src="192.168.1.1", ip_dst="255.255.255.255",
3032 yiaddr="192.168.1.123", chaddr=addr0)
3033 if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt)):
3034 raise Exception("DATA_TEST_FRAME failed")
3035
356a497d
JM		 3036 matches = get_permanent_neighbors("ap-br0")
3037 logger.info("After connect: " + str(matches))
a712282b 3038 if len(matches) != 2:
356a497d
JM		 3039 raise Exception("Unexpected number of neighbor entries after connect")
3040 if 'aaaa:bbbb:cccc::2 dev ap-br0 lladdr 02:00:00:00:00:00 PERMANENT' not in matches:
3041 raise Exception("dev0 addr missing")
a712282b
JM		 3042 if '192.168.1.123 dev ap-br0 lladdr 02:00:00:00:00:00 PERMANENT' not in matches:
3043 raise Exception("dev0 IPv4 addr missing")
356a497d
JM		 3044 dev[0].request("DISCONNECT")
3045 dev[1].request("DISCONNECT")
3046 time.sleep(0.5)
3047 matches = get_permanent_neighbors("ap-br0")
3048 logger.info("After disconnect: " + str(matches))
3049 if len(matches) > 0:
3050 raise Exception("Unexpected neighbor entries after disconnect")
3051
3052def test_ap_hs20_proxyarp_disable_dgaf(dev, apdev):
3053 """Hotspot 2.0 and ProxyARP with DGAF disabled"""
e7ac04ce 3054 check_eap_capa(dev[0], "MSCHAPV2")
356a497d 3055 try:
81e787b7 3056 _test_ap_hs20_proxyarp_dgaf(dev, apdev, True)
356a497d
JM		 3057 finally:
3058 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'],
3059 stderr=open('/dev/null', 'w'))
3060 subprocess.call(['brctl', 'delbr', 'ap-br0'],
3061 stderr=open('/dev/null', 'w'))
3062
356a497d
JM		 3063def test_ap_hs20_proxyarp_enable_dgaf(dev, apdev):
3064 """Hotspot 2.0 and ProxyARP with DGAF enabled"""
e7ac04ce 3065 check_eap_capa(dev[0], "MSCHAPV2")
356a497d 3066 try:
81e787b7 3067 _test_ap_hs20_proxyarp_dgaf(dev, apdev, False)
356a497d
JM		 3068 finally:
3069 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'],
3070 stderr=open('/dev/null', 'w'))
3071 subprocess.call(['brctl', 'delbr', 'ap-br0'],
3072 stderr=open('/dev/null', 'w'))
3073
67aeee11
JM		 3074def ip_checksum(buf):
3075 sum = 0
3076 if len(buf) & 0x01:
3077 buf += '\0x00'
3078 for i in range(0, len(buf), 2):
3079 val, = struct.unpack('H', buf[i:i+2])
3080 sum += val
3081 while (sum >> 16):
3082 sum = (sum & 0xffff) + (sum >> 16)
3083 return struct.pack('H', ~sum & 0xffff)
3084
5a3ce802
JM		 3085def ipv6_solicited_node_mcaddr(target):
3086 prefix = socket.inet_pton(socket.AF_INET6, "ff02::1:ff00:0")
3087 mask = socket.inet_pton(socket.AF_INET6, "::ff:ffff")
3088 _target = socket.inet_pton(socket.AF_INET6, target)
3089 p = struct.unpack('4I', prefix)
3090 m = struct.unpack('4I', mask)
3091 t = struct.unpack('4I', _target)
3092 res = (p[0] | (t[0] & m[0]),
3093 p[1] | (t[1] & m[1]),
3094 p[2] | (t[2] & m[2]),
3095 p[3] | (t[3] & m[3]))
3096 return socket.inet_ntop(socket.AF_INET6, struct.pack('4I', *res))
3097
67aeee11
JM		 3098def build_icmpv6(ipv6_addrs, type, code, payload):
3099 start = struct.pack("BB", type, code)
3100 end = payload
3101 icmp = start + '\x00\x00' + end
3102 pseudo = ipv6_addrs + struct.pack(">LBBBB", len(icmp), 0, 0, 0, 58)
3103 csum = ip_checksum(pseudo + icmp)
3104 return start + csum + end
3105
356a497d
JM		 3106def build_ra(src_ll, ip_src, ip_dst, cur_hop_limit=0, router_lifetime=0,
3107 reachable_time=0, retrans_timer=0, opt=None):
3108 link_mc = binascii.unhexlify("3333ff000002")
3109 _src_ll = binascii.unhexlify(src_ll.replace(':',''))
3110 proto = '\x86\xdd'
3111 ehdr = link_mc + _src_ll + proto
3112 _ip_src = socket.inet_pton(socket.AF_INET6, ip_src)
3113 _ip_dst = socket.inet_pton(socket.AF_INET6, ip_dst)
3114
3115 adv = struct.pack('>BBHLL', cur_hop_limit, 0, router_lifetime,
3116 reachable_time, retrans_timer)
3117 if opt:
3118 payload = adv + opt
3119 else:
3120 payload = adv
3121 icmp = build_icmpv6(_ip_src + _ip_dst, 134, 0, payload)
3122
3123 ipv6 = struct.pack('>BBBBHBB', 0x60, 0, 0, 0, len(icmp), 58, 255)
3124 ipv6 += _ip_src + _ip_dst
3125
3126 return ehdr + ipv6 + icmp
3127
67aeee11
JM		 3128def build_ns(src_ll, ip_src, ip_dst, target, opt=None):
3129 link_mc = binascii.unhexlify("3333ff000002")
3130 _src_ll = binascii.unhexlify(src_ll.replace(':',''))
3131 proto = '\x86\xdd'
3132 ehdr = link_mc + _src_ll + proto
3133 _ip_src = socket.inet_pton(socket.AF_INET6, ip_src)
5a3ce802
JM		 3134 if ip_dst is None:
3135 ip_dst = ipv6_solicited_node_mcaddr(target)
67aeee11
JM		 3136 _ip_dst = socket.inet_pton(socket.AF_INET6, ip_dst)
3137
3138 reserved = '\x00\x00\x00\x00'
3139 _target = socket.inet_pton(socket.AF_INET6, target)
3140 if opt:
3141 payload = reserved + _target + opt
3142 else:
3143 payload = reserved + _target
3144 icmp = build_icmpv6(_ip_src + _ip_dst, 135, 0, payload)
3145
3146 ipv6 = struct.pack('>BBBBHBB', 0x60, 0, 0, 0, len(icmp), 58, 255)
3147 ipv6 += _ip_src + _ip_dst
3148
3149 return ehdr + ipv6 + icmp
3150
5a3ce802
JM		 3151def send_ns(dev, src_ll=None, target=None, ip_src=None, ip_dst=None, opt=None,
3152 hapd_bssid=None):
3153 if hapd_bssid:
3154 if src_ll is None:
3155 src_ll = hapd_bssid
3156 cmd = "DATA_TEST_FRAME ifname=ap-br0 "
3157 else:
3158 if src_ll is None:
3159 src_ll = dev.p2p_interface_addr()
3160 cmd = "DATA_TEST_FRAME "
3161
3162 if opt is None:
3163 opt = "\x01\x01" + binascii.unhexlify(src_ll.replace(':',''))
3164
3165 pkt = build_ns(src_ll=src_ll, ip_src=ip_src, ip_dst=ip_dst, target=target,
3166 opt=opt)
3167 if "OK" not in dev.request(cmd + binascii.hexlify(pkt)):
3168 raise Exception("DATA_TEST_FRAME failed")
3169
890fd60f 3170def build_na(src_ll, ip_src, ip_dst, target, opt=None, flags=0):
356a497d
JM		 3171 link_mc = binascii.unhexlify("3333ff000002")
3172 _src_ll = binascii.unhexlify(src_ll.replace(':',''))
3173 proto = '\x86\xdd'
3174 ehdr = link_mc + _src_ll + proto
3175 _ip_src = socket.inet_pton(socket.AF_INET6, ip_src)
3176 _ip_dst = socket.inet_pton(socket.AF_INET6, ip_dst)
3177
356a497d
JM		 3178 _target = socket.inet_pton(socket.AF_INET6, target)
3179 if opt:
890fd60f 3180 payload = struct.pack('>Bxxx', flags) + _target + opt
356a497d 3181 else:
890fd60f 3182 payload = struct.pack('>Bxxx', flags) + _target
356a497d
JM		 3183 icmp = build_icmpv6(_ip_src + _ip_dst, 136, 0, payload)
3184
3185 ipv6 = struct.pack('>BBBBHBB', 0x60, 0, 0, 0, len(icmp), 58, 255)
3186 ipv6 += _ip_src + _ip_dst
3187
3188 return ehdr + ipv6 + icmp
3189
5a3ce802
JM		 3190def send_na(dev, src_ll=None, target=None, ip_src=None, ip_dst=None, opt=None,
3191 hapd_bssid=None):
3192 if hapd_bssid:
3193 if src_ll is None:
3194 src_ll = hapd_bssid
3195 cmd = "DATA_TEST_FRAME ifname=ap-br0 "
3196 else:
3197 if src_ll is None:
3198 src_ll = dev.p2p_interface_addr()
3199 cmd = "DATA_TEST_FRAME "
3200
3201 pkt = build_na(src_ll=src_ll, ip_src=ip_src, ip_dst=ip_dst, target=target,
3202 opt=opt)
3203 if "OK" not in dev.request(cmd + binascii.hexlify(pkt)):
3204 raise Exception("DATA_TEST_FRAME failed")
3205
a712282b
JM		 3206def build_dhcp_ack(dst_ll, src_ll, ip_src, ip_dst, yiaddr, chaddr,
3207 subnet_mask="255.255.255.0", truncated_opt=False,
3208 wrong_magic=False, force_tot_len=None, no_dhcp=False):
3209 _dst_ll = binascii.unhexlify(dst_ll.replace(':',''))
3210 _src_ll = binascii.unhexlify(src_ll.replace(':',''))
3211 proto = '\x08\x00'
3212 ehdr = _dst_ll + _src_ll + proto
3213 _ip_src = socket.inet_pton(socket.AF_INET, ip_src)
3214 _ip_dst = socket.inet_pton(socket.AF_INET, ip_dst)
3215 _subnet_mask = socket.inet_pton(socket.AF_INET, subnet_mask)
3216
3217 _ciaddr = '\x00\x00\x00\x00'
3218 _yiaddr = socket.inet_pton(socket.AF_INET, yiaddr)
3219 _siaddr = '\x00\x00\x00\x00'
3220 _giaddr = '\x00\x00\x00\x00'
3221 _chaddr = binascii.unhexlify(chaddr.replace(':','') + "00000000000000000000")
3222 payload = struct.pack('>BBBBL3BB', 2, 1, 6, 0, 12345, 0, 0, 0, 0)
3223 payload += _ciaddr + _yiaddr + _siaddr + _giaddr + _chaddr + 192*'\x00'
3224 # magic
3225 if wrong_magic:
3226 payload += '\x63\x82\x53\x00'
3227 else:
3228 payload += '\x63\x82\x53\x63'
3229 if truncated_opt:
3230 payload += '\x22\xff\x00'
3231 # Option: DHCP Message Type = ACK
3232 payload += '\x35\x01\x05'
3233 # Pad Option
3234 payload += '\x00'
3235 # Option: Subnet Mask
3236 payload += '\x01\x04' + _subnet_mask
3237 # Option: Time Offset
3238 payload += struct.pack('>BBL', 2, 4, 0)
3239 # End Option
3240 payload += '\xff'
3241 # Pad Option
3242 payload += '\x00\x00\x00\x00'
3243
3244 if no_dhcp:
3245 payload = struct.pack('>BBBBL3BB', 2, 1, 6, 0, 12345, 0, 0, 0, 0)
3246 payload += _ciaddr + _yiaddr + _siaddr + _giaddr + _chaddr + 192*'\x00'
3247
3248 udp = struct.pack('>HHHH', 67, 68, 8 + len(payload), 0) + payload
3249
3250 if force_tot_len:
3251 tot_len = force_tot_len
3252 else:
3253 tot_len = 20 + len(udp)
3254 start = struct.pack('>BBHHBBBB', 0x45, 0, tot_len, 0, 0, 0, 128, 17)
3255 ipv4 = start + '\x00\x00' + _ip_src + _ip_dst
3256 csum = ip_checksum(ipv4)
3257 ipv4 = start + csum + _ip_src + _ip_dst
3258
3259 return ehdr + ipv4 + udp
3260
d9f3bb1a
JM		 3261def build_arp(dst_ll, src_ll, opcode, sender_mac, sender_ip,
3262 target_mac, target_ip):
3263 _dst_ll = binascii.unhexlify(dst_ll.replace(':',''))
3264 _src_ll = binascii.unhexlify(src_ll.replace(':',''))
3265 proto = '\x08\x06'
3266 ehdr = _dst_ll + _src_ll + proto
3267
3268 _sender_mac = binascii.unhexlify(sender_mac.replace(':',''))
3269 _sender_ip = socket.inet_pton(socket.AF_INET, sender_ip)
3270 _target_mac = binascii.unhexlify(target_mac.replace(':',''))
3271 _target_ip = socket.inet_pton(socket.AF_INET, target_ip)
3272
3273 arp = struct.pack('>HHBBH', 1, 0x0800, 6, 4, opcode)
3274 arp += _sender_mac + _sender_ip
3275 arp += _target_mac + _target_ip
3276
3277 return ehdr + arp
3278
3279def send_arp(dev, dst_ll="ff:ff:ff:ff:ff:ff", src_ll=None, opcode=1,
3280 sender_mac=None, sender_ip="0.0.0.0",
3281 target_mac="00:00:00:00:00:00", target_ip="0.0.0.0",
3282 hapd_bssid=None):
3283 if hapd_bssid:
3284 if src_ll is None:
3285 src_ll = hapd_bssid
3286 if sender_mac is None:
3287 sender_mac = hapd_bssid
3288 cmd = "DATA_TEST_FRAME ifname=ap-br0 "
3289 else:
3290 if src_ll is None:
3291 src_ll = dev.p2p_interface_addr()
3292 if sender_mac is None:
3293 sender_mac = dev.p2p_interface_addr()
3294 cmd = "DATA_TEST_FRAME "
3295
89cd4355 3296 pkt = build_arp(dst_ll=dst_ll, src_ll=src_ll, opcode=opcode,
d9f3bb1a
JM		 3297 sender_mac=sender_mac, sender_ip=sender_ip,
3298 target_mac=target_mac, target_ip=target_ip)
3299 if "OK" not in dev.request(cmd + binascii.hexlify(pkt)):
3300 raise Exception("DATA_TEST_FRAME failed")
3301
5f7b07de
JM		 3302def get_permanent_neighbors(ifname):
3303 cmd = subprocess.Popen(['ip', 'nei'], stdout=subprocess.PIPE)
3304 res = cmd.stdout.read()
3305 cmd.stdout.close()
3306 return [ line for line in res.splitlines() if "PERMANENT" in line and ifname in line ]
3307
87f0ede9
JM		 3308def get_bridge_macs(ifname):
3309 cmd = subprocess.Popen(['brctl', 'showmacs', ifname],
3310 stdout=subprocess.PIPE)
3311 res = cmd.stdout.read()
3312 cmd.stdout.close()
3313 return res
3314
efd0a6fb
JM		 3315def tshark_get_arp(cap, filter):
3316 res = run_tshark(cap, filter,
3317 [ "eth.dst", "eth.src",
3318 "arp.src.hw_mac", "arp.src.proto_ipv4",
3319 "arp.dst.hw_mac", "arp.dst.proto_ipv4" ],
3320 wait=False)
3321 frames = []
3322 for l in res.splitlines():
3323 frames.append(l.split('\t'))
3324 return frames
3325
55c430b6
JM		 3326def tshark_get_ns(cap):
3327 res = run_tshark(cap, "icmpv6.type == 135",
3328 [ "eth.dst", "eth.src",
3329 "ipv6.src", "ipv6.dst",
3330 "icmpv6.nd.ns.target_address",
3331 "icmpv6.opt.linkaddr" ],
3332 wait=False)
3333 frames = []
3334 for l in res.splitlines():
3335 frames.append(l.split('\t'))
3336 return frames
3337
3338def tshark_get_na(cap):
3339 res = run_tshark(cap, "icmpv6.type == 136",
3340 [ "eth.dst", "eth.src",
3341 "ipv6.src", "ipv6.dst",
3342 "icmpv6.nd.na.target_address",
3343 "icmpv6.opt.linkaddr" ],
3344 wait=False)
3345 frames = []
3346 for l in res.splitlines():
3347 frames.append(l.split('\t'))
3348 return frames
3349
9934ee19
JM		 3350def _test_proxyarp_open(dev, apdev, params, ebtables=False):
3351 prefix = "proxyarp_open"
3352 if ebtables:
3353 prefix += "_ebtables"
3354 cap_br = os.path.join(params['logdir'], prefix + ".ap-br0.pcap")
3355 cap_dev0 = os.path.join(params['logdir'],
3356 prefix + ".%s.pcap" % dev[0].ifname)
3357 cap_dev1 = os.path.join(params['logdir'],
3358 prefix + ".%s.pcap" % dev[1].ifname)
210a4f6a
JM		 3359 cap_dev2 = os.path.join(params['logdir'],
3360 prefix + ".%s.pcap" % dev[2].ifname)
d9f3bb1a 3361
5f7b07de
JM		 3362 bssid = apdev[0]['bssid']
3363 params = { 'ssid': 'open' }
3364 params['proxy_arp'] = '1'
8b8a1864 3365 hapd = hostapd.add_ap(apdev[0], params, no_enable=True)
5f7b07de
JM		 3366 hapd.set("ap_isolate", "1")
3367 hapd.set('bridge', 'ap-br0')
3368 hapd.dump_monitor()
3369 try:
3370 hapd.enable()
3371 except:
3372 # For now, do not report failures due to missing kernel support
81e787b7 3373 raise HwsimSkip("Could not start hostapd - assume proxyarp not supported in kernel version")
5f7b07de
JM		 3374 ev = hapd.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=10)
3375 if ev is None:
3376 raise Exception("AP startup timed out")
3377 if "AP-ENABLED" not in ev:
3378 raise Exception("AP startup failed")
3379
210a4f6a 3380 params2 = { 'ssid': 'another' }
8b8a1864 3381 hapd2 = hostapd.add_ap(apdev[1], params2, no_enable=True)
210a4f6a
JM		 3382 hapd2.set('bridge', 'ap-br0')
3383 hapd2.enable()
3384
5f7b07de
JM		 3385 subprocess.call(['brctl', 'setfd', 'ap-br0', '0'])
3386 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
5f7b07de 3387
9934ee19
JM		 3388 if ebtables:
3389 for chain in [ 'FORWARD', 'OUTPUT' ]:
3390 subprocess.call(['ebtables', '-A', chain, '-p', 'ARP',
3391 '-d', 'Broadcast', '-o', apdev[0]['ifname'],
3392 '-j', 'DROP'])
3393 subprocess.call(['ebtables', '-A', chain, '-d', 'Multicast',
3394 '-p', 'IPv6', '--ip6-protocol', 'ipv6-icmp',
3395 '--ip6-icmp-type', 'neighbor-solicitation',
3396 '-o', apdev[0]['ifname'], '-j', 'DROP'])
3397 subprocess.call(['ebtables', '-A', chain, '-d', 'Multicast',
3398 '-p', 'IPv6', '--ip6-protocol', 'ipv6-icmp',
3399 '--ip6-icmp-type', 'neighbor-advertisement',
3400 '-o', apdev[0]['ifname'], '-j', 'DROP'])
3401 subprocess.call(['ebtables', '-A', chain,
3402 '-p', 'IPv6', '--ip6-protocol', 'ipv6-icmp',
3403 '--ip6-icmp-type', 'router-solicitation',
3404 '-o', apdev[0]['ifname'], '-j', 'DROP'])
3405 # Multicast Listener Report Message
3406 subprocess.call(['ebtables', '-A', chain, '-d', 'Multicast',
3407 '-p', 'IPv6', '--ip6-protocol', 'ipv6-icmp',
3408 '--ip6-icmp-type', '143',
3409 '-o', apdev[0]['ifname'], '-j', 'DROP'])
19cbe062 3410
55c430b6 3411 time.sleep(0.5)
d9f3bb1a 3412 cmd = {}
a95c6973
JM		 3413 cmd[0] = subprocess.Popen(['tcpdump', '-p', '-U', '-i', 'ap-br0',
3414 '-w', cap_br, '-s', '2000'],
3415 stderr=open('/dev/null', 'w'))
3416 cmd[1] = subprocess.Popen(['tcpdump', '-p', '-U', '-i', dev[0].ifname,
3417 '-w', cap_dev0, '-s', '2000'],
3418 stderr=open('/dev/null', 'w'))
3419 cmd[2] = subprocess.Popen(['tcpdump', '-p', '-U', '-i', dev[1].ifname,
3420 '-w', cap_dev1, '-s', '2000'],
3421 stderr=open('/dev/null', 'w'))
210a4f6a
JM		 3422 cmd[3] = subprocess.Popen(['tcpdump', '-p', '-U', '-i', dev[2].ifname,
3423 '-w', cap_dev2, '-s', '2000'],
3424 stderr=open('/dev/null', 'w'))
d9f3bb1a 3425
5f7b07de
JM		 3426 dev[0].connect("open", key_mgmt="NONE", scan_freq="2412")
3427 dev[1].connect("open", key_mgmt="NONE", scan_freq="2412")
210a4f6a 3428 dev[2].connect("another", key_mgmt="NONE", scan_freq="2412")
5f7b07de
JM		 3429 time.sleep(0.1)
3430
210a4f6a
JM		 3431 brcmd = subprocess.Popen(['brctl', 'show'], stdout=subprocess.PIPE)
3432 res = brcmd.stdout.read()
3433 brcmd.stdout.close()
3434 logger.info("Bridge setup: " + res)
3435
3436 brcmd = subprocess.Popen(['brctl', 'showstp', 'ap-br0'],
3437 stdout=subprocess.PIPE)
3438 res = brcmd.stdout.read()
3439 brcmd.stdout.close()
3440 logger.info("Bridge showstp: " + res)
3441
67aeee11
JM		 3442 addr0 = dev[0].p2p_interface_addr()
3443 addr1 = dev[1].p2p_interface_addr()
efd0a6fb 3444 addr2 = dev[2].p2p_interface_addr()
67aeee11
JM		 3445
3446 src_ll_opt0 = "\x01\x01" + binascii.unhexlify(addr0.replace(':',''))
3447 src_ll_opt1 = "\x01\x01" + binascii.unhexlify(addr1.replace(':',''))
3448
3449 # DAD NS
6d533294 3450 send_ns(dev[0], ip_src="::", target="aaaa:bbbb:cccc::2")
67aeee11 3451
6d533294 3452 send_ns(dev[0], ip_src="aaaa:bbbb:cccc::2", target="aaaa:bbbb:cccc::2")
67aeee11 3453 # test frame without source link-layer address option
6d533294
JM		 3454 send_ns(dev[0], ip_src="aaaa:bbbb:cccc::2", target="aaaa:bbbb:cccc::2",
3455 opt='')
67aeee11 3456 # test frame with bogus option
6d533294
JM		 3457 send_ns(dev[0], ip_src="aaaa:bbbb:cccc::2", target="aaaa:bbbb:cccc::2",
3458 opt="\x70\x01\x01\x02\x03\x04\x05\x05")
67aeee11 3459 # test frame with truncated source link-layer address option
6d533294
JM		 3460 send_ns(dev[0], ip_src="aaaa:bbbb:cccc::2", target="aaaa:bbbb:cccc::2",
3461 opt="\x01\x01\x01\x02\x03\x04")
67aeee11 3462 # test frame with foreign source link-layer address option
6d533294
JM		 3463 send_ns(dev[0], ip_src="aaaa:bbbb:cccc::2", target="aaaa:bbbb:cccc::2",
3464 opt="\x01\x01\x01\x02\x03\x04\x05\x06")
67aeee11 3465
6d533294 3466 send_ns(dev[1], ip_src="aaaa:bbbb:dddd::2", target="aaaa:bbbb:dddd::2")
67aeee11 3467
6d533294 3468 send_ns(dev[1], ip_src="aaaa:bbbb:eeee::2", target="aaaa:bbbb:eeee::2")
67aeee11 3469 # another copy for additional code coverage
6d533294 3470 send_ns(dev[1], ip_src="aaaa:bbbb:eeee::2", target="aaaa:bbbb:eeee::2")
67aeee11 3471
a712282b
JM		 3472 pkt = build_dhcp_ack(dst_ll="ff:ff:ff:ff:ff:ff", src_ll=bssid,
3473 ip_src="192.168.1.1", ip_dst="255.255.255.255",
3474 yiaddr="192.168.1.124", chaddr=addr0)
3475 if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt)):
3476 raise Exception("DATA_TEST_FRAME failed")
3477 # Change address and verify unicast
3478 pkt = build_dhcp_ack(dst_ll=addr0, src_ll=bssid,
3479 ip_src="192.168.1.1", ip_dst="255.255.255.255",
3480 yiaddr="192.168.1.123", chaddr=addr0)
3481 if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt)):
3482 raise Exception("DATA_TEST_FRAME failed")
3483
3484 # Not-associated client MAC address
3485 pkt = build_dhcp_ack(dst_ll="ff:ff:ff:ff:ff:ff", src_ll=bssid,
3486 ip_src="192.168.1.1", ip_dst="255.255.255.255",
3487 yiaddr="192.168.1.125", chaddr="22:33:44:55:66:77")
3488 if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt)):
3489 raise Exception("DATA_TEST_FRAME failed")
3490
3491 # No IP address
3492 pkt = build_dhcp_ack(dst_ll=addr1, src_ll=bssid,
3493 ip_src="192.168.1.1", ip_dst="255.255.255.255",
3494 yiaddr="0.0.0.0", chaddr=addr1)
3495 if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt)):
3496 raise Exception("DATA_TEST_FRAME failed")
3497
3498 # Zero subnet mask
3499 pkt = build_dhcp_ack(dst_ll=addr1, src_ll=bssid,
3500 ip_src="192.168.1.1", ip_dst="255.255.255.255",
3501 yiaddr="192.168.1.126", chaddr=addr1,
3502 subnet_mask="0.0.0.0")
3503 if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt)):
3504 raise Exception("DATA_TEST_FRAME failed")
3505
3506 # Truncated option
3507 pkt = build_dhcp_ack(dst_ll=addr1, src_ll=bssid,
3508 ip_src="192.168.1.1", ip_dst="255.255.255.255",
3509 yiaddr="192.168.1.127", chaddr=addr1,
3510 truncated_opt=True)
3511 if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt)):
3512 raise Exception("DATA_TEST_FRAME failed")
3513
3514 # Wrong magic
3515 pkt = build_dhcp_ack(dst_ll=addr1, src_ll=bssid,
3516 ip_src="192.168.1.1", ip_dst="255.255.255.255",
3517 yiaddr="192.168.1.128", chaddr=addr1,
3518 wrong_magic=True)
3519 if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt)):
3520 raise Exception("DATA_TEST_FRAME failed")
3521
3522 # Wrong IPv4 total length
3523 pkt = build_dhcp_ack(dst_ll=addr1, src_ll=bssid,
3524 ip_src="192.168.1.1", ip_dst="255.255.255.255",
3525 yiaddr="192.168.1.129", chaddr=addr1,
3526 force_tot_len=1000)
3527 if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt)):
3528 raise Exception("DATA_TEST_FRAME failed")
3529
3530 # BOOTP
3531 pkt = build_dhcp_ack(dst_ll=addr1, src_ll=bssid,
3532 ip_src="192.168.1.1", ip_dst="255.255.255.255",
3533 yiaddr="192.168.1.129", chaddr=addr1,
3534 no_dhcp=True)
3535 if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt)):
3536 raise Exception("DATA_TEST_FRAME failed")
3537
87f0ede9
JM		 3538 macs = get_bridge_macs("ap-br0")
3539 logger.info("After connect (showmacs): " + str(macs))
3540
5f7b07de
JM		 3541 matches = get_permanent_neighbors("ap-br0")
3542 logger.info("After connect: " + str(matches))
a712282b 3543 if len(matches) != 4:
5f7b07de 3544 raise Exception("Unexpected number of neighbor entries after connect")
67aeee11
JM		 3545 if 'aaaa:bbbb:cccc::2 dev ap-br0 lladdr 02:00:00:00:00:00 PERMANENT' not in matches:
3546 raise Exception("dev0 addr missing")
3547 if 'aaaa:bbbb:dddd::2 dev ap-br0 lladdr 02:00:00:00:01:00 PERMANENT' not in matches:
3548 raise Exception("dev1 addr(1) missing")
3549 if 'aaaa:bbbb:eeee::2 dev ap-br0 lladdr 02:00:00:00:01:00 PERMANENT' not in matches:
3550 raise Exception("dev1 addr(2) missing")
a712282b
JM		 3551 if '192.168.1.123 dev ap-br0 lladdr 02:00:00:00:00:00 PERMANENT' not in matches:
3552 raise Exception("dev0 IPv4 addr missing")
67aeee11 3553
d9f3bb1a
JM		 3554 targets = [ "192.168.1.123", "192.168.1.124", "192.168.1.125",
3555 "192.168.1.126" ]
3556 for target in targets:
3557 send_arp(dev[1], sender_ip="192.168.1.100", target_ip=target)
3558
3559 for target in targets:
3560 send_arp(hapd, hapd_bssid=bssid, sender_ip="192.168.1.101",
3561 target_ip=target)
3562
210a4f6a
JM		 3563 for target in targets:
3564 send_arp(dev[2], sender_ip="192.168.1.103", target_ip=target)
3565
d9f3bb1a
JM		 3566 # ARP Probe from wireless STA
3567 send_arp(dev[1], target_ip="192.168.1.127")
3568 # ARP Announcement from wireless STA
3569 send_arp(dev[1], sender_ip="192.168.1.127", target_ip="192.168.1.127")
3570 send_arp(dev[1], sender_ip="192.168.1.127", target_ip="192.168.1.127",
3571 opcode=2)
3572
87f0ede9
JM		 3573 macs = get_bridge_macs("ap-br0")
3574 logger.info("After ARP Probe + Announcement (showmacs): " + str(macs))
3575
d9f3bb1a
JM		 3576 matches = get_permanent_neighbors("ap-br0")
3577 logger.info("After ARP Probe + Announcement: " + str(matches))
3578
3579 # ARP Request for the newly introduced IP address from wireless STA
3580 send_arp(dev[0], sender_ip="192.168.1.123", target_ip="192.168.1.127")
3581
3582 # ARP Request for the newly introduced IP address from bridge
3583 send_arp(hapd, hapd_bssid=bssid, sender_ip="192.168.1.102",
3584 target_ip="192.168.1.127")
210a4f6a 3585 send_arp(dev[2], sender_ip="192.168.1.103", target_ip="192.168.1.127")
d9f3bb1a
JM		 3586
3587 # ARP Probe from bridge
89cd4355 3588 send_arp(hapd, hapd_bssid=bssid, target_ip="192.168.1.130")
210a4f6a 3589 send_arp(dev[2], target_ip="192.168.1.131")
89cd4355
JM		 3590 # ARP Announcement from bridge (not to be learned by AP for proxyarp)
3591 send_arp(hapd, hapd_bssid=bssid, sender_ip="192.168.1.130",
3592 target_ip="192.168.1.130")
3593 send_arp(hapd, hapd_bssid=bssid, sender_ip="192.168.1.130",
3594 target_ip="192.168.1.130", opcode=2)
210a4f6a
JM		 3595 send_arp(dev[2], sender_ip="192.168.1.131", target_ip="192.168.1.131")
3596 send_arp(dev[2], sender_ip="192.168.1.131", target_ip="192.168.1.131",
3597 opcode=2)
d9f3bb1a 3598
87f0ede9
JM		 3599 macs = get_bridge_macs("ap-br0")
3600 logger.info("After ARP Probe + Announcement (showmacs): " + str(macs))
3601
d9f3bb1a
JM		 3602 matches = get_permanent_neighbors("ap-br0")
3603 logger.info("After ARP Probe + Announcement: " + str(matches))
3604
3605 # ARP Request for the newly introduced IP address from wireless STA
89cd4355
JM		 3606 send_arp(dev[0], sender_ip="192.168.1.123", target_ip="192.168.1.130")
3607 # ARP Response from bridge (AP does not proxy for non-wireless devices)
3608 send_arp(hapd, hapd_bssid=bssid, dst_ll=addr0, sender_ip="192.168.1.130",
3609 target_ip="192.168.1.123", opcode=2)
d9f3bb1a 3610
210a4f6a
JM		 3611 # ARP Request for the newly introduced IP address from wireless STA
3612 send_arp(dev[0], sender_ip="192.168.1.123", target_ip="192.168.1.131")
3613 # ARP Response from bridge (AP does not proxy for non-wireless devices)
3614 send_arp(dev[2], dst_ll=addr0, sender_ip="192.168.1.131",
3615 target_ip="192.168.1.123", opcode=2)
3616
d9f3bb1a
JM		 3617 # ARP Request for the newly introduced IP address from bridge
3618 send_arp(hapd, hapd_bssid=bssid, sender_ip="192.168.1.102",
89cd4355 3619 target_ip="192.168.1.130")
210a4f6a 3620 send_arp(dev[2], sender_ip="192.168.1.104", target_ip="192.168.1.131")
d9f3bb1a
JM		 3621
3622 # ARP Probe from wireless STA (duplicate address; learned through DHCP)
3623 send_arp(dev[1], target_ip="192.168.1.123")
3624 # ARP Probe from wireless STA (duplicate address; learned through ARP)
3625 send_arp(dev[0], target_ip="192.168.1.127")
3626
3627 # Gratuitous ARP Reply for another STA's IP address
3628 send_arp(dev[0], opcode=2, sender_mac=addr0, sender_ip="192.168.1.127",
3629 target_mac=addr1, target_ip="192.168.1.127")
3630 send_arp(dev[1], opcode=2, sender_mac=addr1, sender_ip="192.168.1.123",
3631 target_mac=addr0, target_ip="192.168.1.123")
3632 # ARP Request to verify previous mapping
3633 send_arp(dev[1], sender_ip="192.168.1.127", target_ip="192.168.1.123")
3634 send_arp(dev[0], sender_ip="192.168.1.123", target_ip="192.168.1.127")
3635
3636 time.sleep(0.1)
3637
5a3ce802
JM		 3638 send_ns(dev[0], target="aaaa:bbbb:dddd::2", ip_src="aaaa:bbbb:cccc::2")
3639 time.sleep(0.1)
3640 send_ns(dev[1], target="aaaa:bbbb:cccc::2", ip_src="aaaa:bbbb:dddd::2")
3641 time.sleep(0.1)
3642 send_ns(hapd, hapd_bssid=bssid, target="aaaa:bbbb:dddd::2",
3643 ip_src="aaaa:bbbb:ffff::2")
3644 time.sleep(0.1)
210a4f6a
JM		 3645 send_ns(dev[2], target="aaaa:bbbb:cccc::2", ip_src="aaaa:bbbb:ff00::2")
3646 time.sleep(0.1)
3647 send_ns(dev[2], target="aaaa:bbbb:dddd::2", ip_src="aaaa:bbbb:ff00::2")
3648 time.sleep(0.1)
3649 send_ns(dev[2], target="aaaa:bbbb:eeee::2", ip_src="aaaa:bbbb:ff00::2")
3650 time.sleep(0.1)
5a3ce802
JM		 3651
3652 # Try to probe for an already assigned address
3653 send_ns(dev[1], target="aaaa:bbbb:cccc::2", ip_src="::")
3654 time.sleep(0.1)
3655 send_ns(hapd, hapd_bssid=bssid, target="aaaa:bbbb:cccc::2", ip_src="::")
3656 time.sleep(0.1)
210a4f6a
JM		 3657 send_ns(dev[2], target="aaaa:bbbb:cccc::2", ip_src="::")
3658 time.sleep(0.1)
5a3ce802
JM		 3659
3660 # Unsolicited NA
3661 send_na(dev[1], target="aaaa:bbbb:cccc:aeae::3",
3662 ip_src="aaaa:bbbb:cccc:aeae::3", ip_dst="ff02::1")
3663 send_na(hapd, hapd_bssid=bssid, target="aaaa:bbbb:cccc:aeae::4",
3664 ip_src="aaaa:bbbb:cccc:aeae::4", ip_dst="ff02::1")
210a4f6a
JM		 3665 send_na(dev[2], target="aaaa:bbbb:cccc:aeae::5",
3666 ip_src="aaaa:bbbb:cccc:aeae::5", ip_dst="ff02::1")
5a3ce802 3667
7e3a6c9e
JM		 3668 try:
3669 hwsim_utils.test_connectivity_iface(dev[0], hapd, "ap-br0")
3670 except Exception, e:
3671 logger.info("test_connectibity_iface failed: " + str(e))
3672 raise HwsimSkip("Assume kernel did not have the required patches for proxyarp")
40e4c9c8
JM		 3673 hwsim_utils.test_connectivity_iface(dev[1], hapd, "ap-br0")
3674 hwsim_utils.test_connectivity(dev[0], dev[1])
3675
5f7b07de
JM		 3676 dev[0].request("DISCONNECT")
3677 dev[1].request("DISCONNECT")
3678 time.sleep(0.5)
210a4f6a 3679 for i in range(len(cmd)):
d9f3bb1a 3680 cmd[i].terminate()
87f0ede9
JM		 3681 macs = get_bridge_macs("ap-br0")
3682 logger.info("After disconnect (showmacs): " + str(macs))
5f7b07de
JM		 3683 matches = get_permanent_neighbors("ap-br0")
3684 logger.info("After disconnect: " + str(matches))
3685 if len(matches) > 0:
3686 raise Exception("Unexpected neighbor entries after disconnect")
9934ee19
JM		 3687 if ebtables:
3688 cmd = subprocess.Popen(['ebtables', '-L', '--Lc'],
3689 stdout=subprocess.PIPE)
3690 res = cmd.stdout.read()
3691 cmd.stdout.close()
3692 logger.info("ebtables results:\n" + res)
5f7b07de 3693
efd0a6fb
JM		 3694 # Verify that expected ARP messages were seen and no unexpected
3695 # ARP messages were seen.
3696
3697 arp_req = tshark_get_arp(cap_dev0, "arp.opcode == 1")
3698 arp_reply = tshark_get_arp(cap_dev0, "arp.opcode == 2")
3699 logger.info("dev0 seen ARP requests:\n" + str(arp_req))
3700 logger.info("dev0 seen ARP replies:\n" + str(arp_reply))
3701
3702 if [ 'ff:ff:ff:ff:ff:ff', addr1,
3703 addr1, '192.168.1.100',
3704 '00:00:00:00:00:00', '192.168.1.123' ] in arp_req:
3705 raise Exception("dev0 saw ARP request from dev1")
3706 if [ 'ff:ff:ff:ff:ff:ff', addr2,
3707 addr2, '192.168.1.103',
3708 '00:00:00:00:00:00', '192.168.1.123' ] in arp_req:
3709 raise Exception("dev0 saw ARP request from dev2")
3710 # TODO: Uncomment once fixed in kernel
3711 #if [ 'ff:ff:ff:ff:ff:ff', bssid,
3712 # bssid, '192.168.1.101',
3713 # '00:00:00:00:00:00', '192.168.1.123' ] in arp_req:
3714 # raise Exception("dev0 saw ARP request from br")
3715
3716 if ebtables:
3717 for req in arp_req:
3718 if req[1] != addr0:
3719 raise Exception("Unexpected foreign ARP request on dev0")
3720
3721 arp_req = tshark_get_arp(cap_dev1, "arp.opcode == 1")
3722 arp_reply = tshark_get_arp(cap_dev1, "arp.opcode == 2")
3723 logger.info("dev1 seen ARP requests:\n" + str(arp_req))
3724 logger.info("dev1 seen ARP replies:\n" + str(arp_reply))
3725
3726 if [ 'ff:ff:ff:ff:ff:ff', addr2,
3727 addr2, '192.168.1.103',
3728 '00:00:00:00:00:00', '192.168.1.123' ] in arp_req:
3729 raise Exception("dev1 saw ARP request from dev2")
3730 if [addr1, addr0, addr0, '192.168.1.123', addr1, '192.168.1.100'] not in arp_reply:
3731 raise Exception("dev1 did not get ARP response for 192.168.1.123")
3732
3733 if ebtables:
3734 for req in arp_req:
3735 if req[1] != addr1:
3736 raise Exception("Unexpected foreign ARP request on dev1")
3737
3738 arp_req = tshark_get_arp(cap_dev2, "arp.opcode == 1")
3739 arp_reply = tshark_get_arp(cap_dev2, "arp.opcode == 2")
3740 logger.info("dev2 seen ARP requests:\n" + str(arp_req))
3741 logger.info("dev2 seen ARP replies:\n" + str(arp_reply))
3742
3743 if [ addr2, addr0,
3744 addr0, '192.168.1.123',
3745 addr2, '192.168.1.103' ] not in arp_reply:
3746 raise Exception("dev2 did not get ARP response for 192.168.1.123")
3747
3748 arp_req = tshark_get_arp(cap_br, "arp.opcode == 1")
3749 arp_reply = tshark_get_arp(cap_br, "arp.opcode == 2")
3750 logger.info("br seen ARP requests:\n" + str(arp_req))
3751 logger.info("br seen ARP replies:\n" + str(arp_reply))
3752
3753 # TODO: Uncomment once fixed in kernel
3754 #if [ bssid, addr0,
3755 # addr0, '192.168.1.123',
3756 # bssid, '192.168.1.101' ] not in arp_reply:
3757 # raise Exception("br did not get ARP response for 192.168.1.123")
3758
55c430b6
JM		 3759 ns = tshark_get_ns(cap_dev0)
3760 logger.info("dev0 seen NS: " + str(ns))
3761 na = tshark_get_na(cap_dev0)
3762 logger.info("dev0 seen NA: " + str(na))
3763
05121d35 3764 if [ addr0, addr1, 'aaaa:bbbb:dddd::2', 'aaaa:bbbb:cccc::2',
55c430b6
JM		 3765 'aaaa:bbbb:dddd::2', addr1 ] not in na:
3766 raise Exception("dev0 did not get NA for aaaa:bbbb:dddd::2")
3767
3768 if ebtables:
3769 for req in ns:
3770 if req[1] != addr0:
3771 raise Exception("Unexpected foreign NS on dev0: " + str(req))
3772
3773 ns = tshark_get_ns(cap_dev1)
3774 logger.info("dev1 seen NS: " + str(ns))
3775 na = tshark_get_na(cap_dev1)
3776 logger.info("dev1 seen NA: " + str(na))
3777
05121d35 3778 if [ addr1, addr0, 'aaaa:bbbb:cccc::2', 'aaaa:bbbb:dddd::2',
55c430b6
JM		 3779 'aaaa:bbbb:cccc::2', addr0 ] not in na:
3780 raise Exception("dev1 did not get NA for aaaa:bbbb:cccc::2")
3781
3782 if ebtables:
3783 for req in ns:
3784 if req[1] != addr1:
3785 raise Exception("Unexpected foreign NS on dev1: " + str(req))
3786
3787 ns = tshark_get_ns(cap_dev2)
3788 logger.info("dev2 seen NS: " + str(ns))
3789 na = tshark_get_na(cap_dev2)
3790 logger.info("dev2 seen NA: " + str(na))
3791
3792 # FIX: enable once kernel implementation for proxyarp IPv6 is fixed
05121d35 3793 #if [ addr2, addr0, 'aaaa:bbbb:cccc::2', 'aaaa:bbbb:ff00::2',
55c430b6
JM		 3794 # 'aaaa:bbbb:cccc::2', addr0 ] not in na:
3795 # raise Exception("dev2 did not get NA for aaaa:bbbb:cccc::2")
05121d35 3796 #if [ addr2, addr1, 'aaaa:bbbb:dddd::2', 'aaaa:bbbb:ff00::2',
55c430b6
JM		 3797 # 'aaaa:bbbb:dddd::2', addr1 ] not in na:
3798 # raise Exception("dev2 did not get NA for aaaa:bbbb:dddd::2")
05121d35 3799 #if [ addr2, addr1, 'aaaa:bbbb:eeee::2', 'aaaa:bbbb:ff00::2',
55c430b6
JM		 3800 # 'aaaa:bbbb:eeee::2', addr1 ] not in na:
3801 # raise Exception("dev2 did not get NA for aaaa:bbbb:eeee::2")
3802
d9f3bb1a 3803def test_proxyarp_open(dev, apdev, params):
5f7b07de 3804 """ProxyARP with open network"""
5f7b07de 3805 try:
81e787b7 3806 _test_proxyarp_open(dev, apdev, params)
9934ee19
JM		 3807 finally:
3808 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'],
3809 stderr=open('/dev/null', 'w'))
3810 subprocess.call(['brctl', 'delbr', 'ap-br0'],
3811 stderr=open('/dev/null', 'w'))
3812
3813def test_proxyarp_open_ebtables(dev, apdev, params):
3814 """ProxyARP with open network"""
3815 try:
3816 _test_proxyarp_open(dev, apdev, params, ebtables=True)
5f7b07de 3817 finally:
01c87519
JM		 3818 try:
3819 subprocess.call(['ebtables', '-F', 'FORWARD'])
3820 subprocess.call(['ebtables', '-F', 'OUTPUT'])
3821 except:
3822 pass
5f7b07de
JM		 3823 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'],
3824 stderr=open('/dev/null', 'w'))
3825 subprocess.call(['brctl', 'delbr', 'ap-br0'],
3826 stderr=open('/dev/null', 'w'))
c518fecc
JM		 3827
3828def test_ap_hs20_connect_deinit(dev, apdev):
3829 """Hotspot 2.0 connection interrupted with deinit"""
e7ac04ce 3830 check_eap_capa(dev[0], "MSCHAPV2")
c518fecc
JM		 3831 bssid = apdev[0]['bssid']
3832 params = hs20_ap_params()
3833 params['hessid'] = bssid
8b8a1864 3834 hapd = hostapd.add_ap(apdev[0], params)
c518fecc
JM		 3835
3836 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
3837 wpas.interface_add("wlan5", drv_params="")
3838 wpas.hs20_enable()
3839 wpas.flush_scan_cache()
3840 wpas.add_cred_values({ 'realm': "example.com",
3841 'username': "hs20-test",
3842 'password': "password",
3843 'ca_cert': "auth_serv/ca.pem",
3844 'domain': "example.com" })
3845
3846 wpas.scan_for_bss(bssid, freq=2412)
3847 hapd.disable()
3848
3849 wpas.request("INTERWORKING_SELECT freq=2412")
3850
3851 id = wpas.request("RADIO_WORK add block-work")
3852 ev = wpas.wait_event(["GAS-QUERY-START", "EXT-RADIO-WORK-START"], timeout=5)
3853 if ev is None:
3854 raise Exception("Timeout while waiting radio work to start")
3855 ev = wpas.wait_event(["GAS-QUERY-START", "EXT-RADIO-WORK-START"], timeout=5)
3856 if ev is None:
3857 raise Exception("Timeout while waiting radio work to start (2)")
3858
3859 # Remove the interface while the gas-query radio work is still pending and
3860 # GAS query has not yet been started.
3861 wpas.interface_remove("wlan5")
046e63fa
JM		 3862
3863def test_ap_hs20_anqp_format_errors(dev, apdev):
3864 """Interworking network selection and ANQP format errors"""
3865 bssid = apdev[0]['bssid']
3866 params = hs20_ap_params()
3867 params['hessid'] = bssid
8b8a1864 3868 hapd = hostapd.add_ap(apdev[0], params)
046e63fa
JM		 3869
3870 dev[0].hs20_enable()
3871 values = { 'realm': "example.com",
3872 'ca_cert': "auth_serv/ca.pem",
3873 'username': "hs20-test",
3874 'password': "password",
3875 'domain': "example.com" }
3876 id = dev[0].add_cred_values(values)
3877
3878 dev[0].scan_for_bss(bssid, freq="2412")
3879
3880 tests = [ "00", "ffff", "010011223344", "020008000005112233445500",
3881 "01000400000000", "01000000000000",
3882 "01000300000200", "0100040000ff0000", "01000300000100",
3883 "01000300000001",
3884 "01000600000056112233",
3885 "01000900000002050001000111",
3886 "01000600000001000000", "01000600000001ff0000",
3887 "01000600000001020001",
3888 "010008000000010400010001", "0100080000000104000100ff",
3889 "010011000000010d00050200020100030005000600",
3890 "0000" ]
3891 for t in tests:
3892 hapd.set("anqp_elem", "263:" + t)
3893 dev[0].request("INTERWORKING_SELECT freq=2412")
3894 ev = dev[0].wait_event(["INTERWORKING-NO-MATCH"], timeout=5)
3895 if ev is None:
3896 raise Exception("Network selection timed out")
3897 dev[0].dump_monitor()
3898
3899 dev[0].remove_cred(id)
3900 id = dev[0].add_cred_values({ 'imsi': "555444-333222111", 'eap': "AKA",
3901 'milenage': "5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123"})
3902
3903 tests = [ "00", "0100", "0001", "00ff", "000200ff", "0003000101",
3904 "00020100" ]
3905 for t in tests:
3906 hapd.set("anqp_elem", "264:" + t)
3907 dev[0].request("INTERWORKING_SELECT freq=2412")
3908 ev = dev[0].wait_event(["INTERWORKING-NO-MATCH"], timeout=5)
3909 if ev is None:
3910 raise Exception("Network selection timed out")
3911 dev[0].dump_monitor()
Unnamed repository; edit this file 'description' to name the repository.