]>
git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_ap_hs20.py
2 # Copyright (c) 2013-2014, Jouni Malinen <j@w1.fi>
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
10 logger
= logging
.getLogger()
16 from wlantest
import Wlantest
17 from wpasupplicant
import WpaSupplicant
19 def hs20_ap_params(ssid
="test-hs20"):
20 params
= hostapd
.wpa2_params(ssid
=ssid
)
21 params
['wpa_key_mgmt'] = "WPA-EAP"
22 params
['ieee80211w'] = "1"
23 params
['ieee8021x'] = "1"
24 params
['auth_server_addr'] = "127.0.0.1"
25 params
['auth_server_port'] = "1812"
26 params
['auth_server_shared_secret'] = "radius"
27 params
['interworking'] = "1"
28 params
['access_network_type'] = "14"
29 params
['internet'] = "1"
33 params
['venue_group'] = "7"
34 params
['venue_type'] = "1"
35 params
['venue_name'] = [ "eng:Example venue", "fin:Esimerkkipaikka" ]
36 params
['roaming_consortium'] = [ "112233", "1020304050", "010203040506",
38 params
['domain_name'] = "example.com,another.example.com"
39 params
['nai_realm'] = [ "0,example.com,13[5:6],21[2:4][5:7]",
40 "0,another.example.com" ]
42 params
['hs20_wan_metrics'] = "01:8000:1000:80:240:3000"
43 params
['hs20_conn_capab'] = [ "1:0:2", "6:22:1", "17:5060:0" ]
44 params
['hs20_operating_class'] = "5173"
45 params
['anqp_3gpp_cell_net'] = "244,91"
48 def check_auto_select(dev
, bssid
):
49 dev
.scan_for_bss(bssid
, freq
="2412")
50 dev
.request("INTERWORKING_SELECT auto freq=2412")
51 ev
= dev
.wait_event(["CTRL-EVENT-CONNECTED"], timeout
=15)
53 raise Exception("Connection timed out")
55 raise Exception("Connected to incorrect network")
56 dev
.request("REMOVE_NETWORK all")
58 def interworking_select(dev
, bssid
, type=None, no_match
=False, freq
=None):
60 if bssid
and freq
and not no_match
:
61 dev
.scan_for_bss(bssid
, freq
=freq
)
62 freq_extra
= " freq=" + freq
if freq
else ""
63 dev
.request("INTERWORKING_SELECT" + freq_extra
)
64 ev
= dev
.wait_event(["INTERWORKING-AP", "INTERWORKING-NO-MATCH"],
67 raise Exception("Network selection timed out");
69 if "INTERWORKING-NO-MATCH" not in ev
:
70 raise Exception("Unexpected network match")
72 if "INTERWORKING-NO-MATCH" in ev
:
73 logger
.info("Matching network not found - try again")
75 dev
.request("INTERWORKING_SELECT" + freq_extra
)
76 ev
= dev
.wait_event(["INTERWORKING-AP", "INTERWORKING-NO-MATCH"],
79 raise Exception("Network selection timed out");
80 if "INTERWORKING-NO-MATCH" in ev
:
81 raise Exception("Matching network not found")
82 if bssid
and bssid
not in ev
:
83 raise Exception("Unexpected BSSID in match")
84 if type and "type=" + type not in ev
:
85 raise Exception("Network type not recognized correctly")
87 def check_sp_type(dev
, sp_type
):
88 type = dev
.get_status_field("sp_type")
90 raise Exception("sp_type not available")
92 raise Exception("sp_type did not indicate home network")
94 def hlr_auc_gw_available():
95 if not os
.path
.exists("/tmp/hlr_auc_gw.sock"):
96 logger
.info("No hlr_auc_gw available");
98 if not os
.path
.exists("../../hostapd/hlr_auc_gw"):
99 logger
.info("No hlr_auc_gw available");
103 def interworking_ext_sim_connect(dev
, bssid
, method
):
104 dev
.request("INTERWORKING_CONNECT " + bssid
)
105 interworking_ext_sim_auth(dev
, method
)
107 def interworking_ext_sim_auth(dev
, method
):
108 ev
= dev
.wait_event(["CTRL-EVENT-EAP-METHOD"], timeout
=15)
110 raise Exception("Network connected timed out")
111 if "(" + method
+ ")" not in ev
:
112 raise Exception("Unexpected EAP method selection")
114 ev
= dev
.wait_event(["CTRL-REQ-SIM"], timeout
=15)
116 raise Exception("Wait for external SIM processing request timed out")
118 if p
[1] != "GSM-AUTH":
119 raise Exception("Unexpected CTRL-REQ-SIM type")
120 id = p
[0].split('-')[3]
121 rand
= p
[2].split(' ')[0]
123 res
= subprocess
.check_output(["../../hostapd/hlr_auc_gw",
125 "auth_serv/hlr_auc_gw.milenage_db",
126 "GSM-AUTH-REQ 232010000000000 " + rand
])
127 if "GSM-AUTH-RESP" not in res
:
128 raise Exception("Unexpected hlr_auc_gw response")
129 resp
= res
.split(' ')[2].rstrip()
131 dev
.request("CTRL-RSP-SIM-" + id + ":GSM-AUTH:" + resp
)
132 ev
= dev
.wait_event(["CTRL-EVENT-CONNECTED"], timeout
=15)
134 raise Exception("Connection timed out")
136 def interworking_connect(dev
, bssid
, method
):
137 dev
.request("INTERWORKING_CONNECT " + bssid
)
138 interworking_auth(dev
, method
)
140 def interworking_auth(dev
, method
):
141 ev
= dev
.wait_event(["CTRL-EVENT-EAP-METHOD"], timeout
=15)
143 raise Exception("Network connected timed out")
144 if "(" + method
+ ")" not in ev
:
145 raise Exception("Unexpected EAP method selection")
147 ev
= dev
.wait_event(["CTRL-EVENT-CONNECTED"], timeout
=15)
149 raise Exception("Connection timed out")
151 def check_probe_resp(wt
, bssid_unexpected
, bssid_expected
):
153 count
= wt
.get_bss_counter("probe_response", bssid_unexpected
)
155 raise Exception("Unexpected Probe Response frame from AP")
158 count
= wt
.get_bss_counter("probe_response", bssid_expected
)
160 raise Exception("No Probe Response frame from AP")
162 def test_ap_anqp_sharing(dev
, apdev
):
163 """ANQP sharing within ESS and explicit unshare"""
164 bssid
= apdev
[0]['bssid']
165 params
= hs20_ap_params()
166 params
['hessid'] = bssid
167 hostapd
.add_ap(apdev
[0]['ifname'], params
)
169 bssid2
= apdev
[1]['bssid']
170 params
= hs20_ap_params()
171 params
['hessid'] = bssid
172 params
['nai_realm'] = [ "0,example.com,13[5:6],21[2:4][5:7]" ]
173 hostapd
.add_ap(apdev
[1]['ifname'], params
)
176 id = dev
[0].add_cred_values({ 'realm': "example.com", 'username': "test",
177 'password': "secret",
178 'domain': "example.com" })
179 logger
.info("Normal network selection with shared ANQP results")
180 dev
[0].scan_for_bss(bssid
, freq
="2412")
181 dev
[0].scan_for_bss(bssid2
, freq
="2412")
182 interworking_select(dev
[0], None, "home", freq
="2412")
183 dev
[0].dump_monitor()
185 res1
= dev
[0].get_bss(bssid
)
186 res2
= dev
[0].get_bss(bssid2
)
187 if res1
['anqp_nai_realm'] != res2
['anqp_nai_realm']:
188 raise Exception("ANQP results were not shared between BSSes")
190 logger
.info("Explicit ANQP request to unshare ANQP results")
191 dev
[0].request("ANQP_GET " + bssid
+ " 263")
192 ev
= dev
[0].wait_event(["RX-ANQP"], timeout
=5)
194 raise Exception("ANQP operation timed out")
196 dev
[0].request("ANQP_GET " + bssid2
+ " 263")
197 ev
= dev
[0].wait_event(["RX-ANQP"], timeout
=5)
199 raise Exception("ANQP operation timed out")
201 res1
= dev
[0].get_bss(bssid
)
202 res2
= dev
[0].get_bss(bssid2
)
203 if res1
['anqp_nai_realm'] == res2
['anqp_nai_realm']:
204 raise Exception("ANQP results were not unshared")
206 def test_ap_nai_home_realm_query(dev
, apdev
):
207 """NAI Home Realm Query"""
208 bssid
= apdev
[0]['bssid']
209 params
= hs20_ap_params()
210 params
['nai_realm'] = [ "0,example.com,13[5:6],21[2:4][5:7]",
211 "0,another.example.org" ]
212 hostapd
.add_ap(apdev
[0]['ifname'], params
)
214 dev
[0].scan(freq
="2412")
215 dev
[0].request("HS20_GET_NAI_HOME_REALM_LIST " + bssid
+ " realm=example.com")
216 ev
= dev
[0].wait_event(["RX-ANQP"], timeout
=5)
218 raise Exception("ANQP operation timed out")
219 nai1
= dev
[0].get_bss(bssid
)['anqp_nai_realm']
220 dev
[0].dump_monitor()
222 dev
[0].request("ANQP_GET " + bssid
+ " 263")
223 ev
= dev
[0].wait_event(["RX-ANQP"], timeout
=5)
225 raise Exception("ANQP operation timed out")
226 nai2
= dev
[0].get_bss(bssid
)['anqp_nai_realm']
228 if len(nai1
) >= len(nai2
):
229 raise Exception("Unexpected NAI Realm list response lengths")
230 if "example.com".encode('hex') not in nai1
:
231 raise Exception("Home realm not reported")
232 if "example.org".encode('hex') in nai1
:
233 raise Exception("Non-home realm reported")
234 if "example.com".encode('hex') not in nai2
:
235 raise Exception("Home realm not reported in wildcard query")
236 if "example.org".encode('hex') not in nai2
:
237 raise Exception("Non-home realm not reported in wildcard query ")
239 def test_ap_interworking_scan_filtering(dev
, apdev
):
240 """Interworking scan filtering with HESSID and access network type"""
241 bssid
= apdev
[0]['bssid']
242 params
= hs20_ap_params()
243 ssid
= "test-hs20-ap1"
244 params
['ssid'] = ssid
245 params
['hessid'] = bssid
246 hostapd
.add_ap(apdev
[0]['ifname'], params
)
248 bssid2
= apdev
[1]['bssid']
249 params
= hs20_ap_params()
250 ssid2
= "test-hs20-ap2"
251 params
['ssid'] = ssid2
252 params
['hessid'] = bssid2
253 params
['access_network_type'] = "1"
254 del params
['venue_group']
255 del params
['venue_type']
256 hostapd
.add_ap(apdev
[1]['ifname'], params
)
263 logger
.info("Check probe request filtering based on HESSID")
265 dev
[0].request("SET hessid " + bssid2
)
266 dev
[0].scan(freq
="2412")
268 check_probe_resp(wt
, bssid
, bssid2
)
270 logger
.info("Check probe request filtering based on access network type")
272 wt
.clear_bss_counters(bssid
)
273 wt
.clear_bss_counters(bssid2
)
274 dev
[0].request("SET hessid 00:00:00:00:00:00")
275 dev
[0].request("SET access_network_type 14")
276 dev
[0].scan(freq
="2412")
278 check_probe_resp(wt
, bssid2
, bssid
)
280 wt
.clear_bss_counters(bssid
)
281 wt
.clear_bss_counters(bssid2
)
282 dev
[0].request("SET hessid 00:00:00:00:00:00")
283 dev
[0].request("SET access_network_type 1")
284 dev
[0].scan(freq
="2412")
286 check_probe_resp(wt
, bssid
, bssid2
)
288 logger
.info("Check probe request filtering based on HESSID and ANT")
290 wt
.clear_bss_counters(bssid
)
291 wt
.clear_bss_counters(bssid2
)
292 dev
[0].request("SET hessid " + bssid
)
293 dev
[0].request("SET access_network_type 14")
294 dev
[0].scan(freq
="2412")
296 check_probe_resp(wt
, bssid2
, bssid
)
298 wt
.clear_bss_counters(bssid
)
299 wt
.clear_bss_counters(bssid2
)
300 dev
[0].request("SET hessid " + bssid2
)
301 dev
[0].request("SET access_network_type 14")
302 dev
[0].scan(freq
="2412")
304 check_probe_resp(wt
, bssid
, None)
305 check_probe_resp(wt
, bssid2
, None)
307 wt
.clear_bss_counters(bssid
)
308 wt
.clear_bss_counters(bssid2
)
309 dev
[0].request("SET hessid " + bssid
)
310 dev
[0].request("SET access_network_type 1")
311 dev
[0].scan(freq
="2412")
313 check_probe_resp(wt
, bssid
, None)
314 check_probe_resp(wt
, bssid2
, None)
316 def test_ap_hs20_select(dev
, apdev
):
317 """Hotspot 2.0 network selection"""
318 bssid
= apdev
[0]['bssid']
319 params
= hs20_ap_params()
320 params
['hessid'] = bssid
321 hostapd
.add_ap(apdev
[0]['ifname'], params
)
324 id = dev
[0].add_cred_values({ 'realm': "example.com", 'username': "test",
325 'password': "secret",
326 'domain': "example.com" })
327 interworking_select(dev
[0], bssid
, "home")
329 dev
[0].remove_cred(id)
330 id = dev
[0].add_cred_values({ 'realm': "example.com", 'username': "test",
331 'password': "secret",
332 'domain': "no.match.example.com" })
333 interworking_select(dev
[0], bssid
, "roaming", freq
="2412")
335 dev
[0].set_cred_quoted(id, "realm", "no.match.example.com");
336 interworking_select(dev
[0], bssid
, no_match
=True, freq
="2412")
338 bssid2
= apdev
[1]['bssid']
339 params
= hs20_ap_params()
340 params
['nai_realm'] = [ "0,example.org,21" ]
341 params
['hessid'] = bssid2
342 params
['domain_name'] = "example.org"
343 hostapd
.add_ap(apdev
[1]['ifname'], params
)
344 dev
[0].remove_cred(id)
345 id = dev
[0].add_cred_values({ 'realm': "example.org", 'username': "test",
346 'password': "secret",
347 'domain': "example.org" })
348 interworking_select(dev
[0], bssid2
, "home", freq
="2412")
350 def hs20_simulated_sim(dev
, ap
, method
):
352 params
= hs20_ap_params()
353 params
['hessid'] = bssid
354 params
['anqp_3gpp_cell_net'] = "555,444"
355 params
['domain_name'] = "wlan.mnc444.mcc555.3gppnetwork.org"
356 hostapd
.add_ap(ap
['ifname'], params
)
359 dev
.add_cred_values({ 'imsi': "555444-333222111", 'eap': method
,
360 'milenage': "5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123"})
361 interworking_select(dev
, "home", freq
="2412")
362 interworking_connect(dev
, bssid
, method
)
363 check_sp_type(dev
, "home")
365 def test_ap_hs20_sim(dev
, apdev
):
366 """Hotspot 2.0 with simulated SIM and EAP-SIM"""
367 if not hlr_auc_gw_available():
369 hs20_simulated_sim(dev
[0], apdev
[0], "SIM")
370 dev
[0].request("INTERWORKING_SELECT auto freq=2412")
371 ev
= dev
[0].wait_event(["INTERWORKING-ALREADY-CONNECTED"], timeout
=15)
373 raise Exception("Timeout on already-connected event")
375 def test_ap_hs20_aka(dev
, apdev
):
376 """Hotspot 2.0 with simulated USIM and EAP-AKA"""
377 if not hlr_auc_gw_available():
379 hs20_simulated_sim(dev
[0], apdev
[0], "AKA")
381 def test_ap_hs20_aka_prime(dev
, apdev
):
382 """Hotspot 2.0 with simulated USIM and EAP-AKA'"""
383 if not hlr_auc_gw_available():
385 hs20_simulated_sim(dev
[0], apdev
[0], "AKA'")
387 def test_ap_hs20_ext_sim(dev
, apdev
):
388 """Hotspot 2.0 with external SIM processing"""
389 if not hlr_auc_gw_available():
391 bssid
= apdev
[0]['bssid']
392 params
= hs20_ap_params()
393 params
['hessid'] = bssid
394 params
['anqp_3gpp_cell_net'] = "232,01"
395 params
['domain_name'] = "wlan.mnc001.mcc232.3gppnetwork.org"
396 hostapd
.add_ap(apdev
[0]['ifname'], params
)
399 dev
[0].request("SET external_sim 1")
400 dev
[0].add_cred_values({ 'imsi': "23201-0000000000", 'eap': "SIM" })
401 interworking_select(dev
[0], "home", freq
="2412")
402 interworking_ext_sim_connect(dev
[0], bssid
, "SIM")
403 check_sp_type(dev
[0], "home")
405 def test_ap_hs20_ext_sim_roaming(dev
, apdev
):
406 """Hotspot 2.0 with external SIM processing in roaming network"""
407 if not hlr_auc_gw_available():
409 bssid
= apdev
[0]['bssid']
410 params
= hs20_ap_params()
411 params
['hessid'] = bssid
412 params
['anqp_3gpp_cell_net'] = "244,91;310,026;232,01;234,56"
413 params
['domain_name'] = "wlan.mnc091.mcc244.3gppnetwork.org"
414 hostapd
.add_ap(apdev
[0]['ifname'], params
)
417 dev
[0].request("SET external_sim 1")
418 dev
[0].add_cred_values({ 'imsi': "23201-0000000000", 'eap': "SIM" })
419 interworking_select(dev
[0], "roaming", freq
="2412")
420 interworking_ext_sim_connect(dev
[0], bssid
, "SIM")
421 check_sp_type(dev
[0], "roaming")
423 def test_ap_hs20_username(dev
, apdev
):
424 """Hotspot 2.0 connection in username/password credential"""
425 bssid
= apdev
[0]['bssid']
426 params
= hs20_ap_params()
427 params
['hessid'] = bssid
428 params
['disable_dgaf'] = '1'
429 hostapd
.add_ap(apdev
[0]['ifname'], params
)
432 id = dev
[0].add_cred_values({ 'realm': "example.com",
433 'username': "hs20-test",
434 'password': "password",
435 'ca_cert': "auth_serv/ca.pem",
436 'domain': "example.com",
437 'update_identifier': "1234" })
438 interworking_select(dev
[0], bssid
, "home", freq
="2412")
439 interworking_connect(dev
[0], bssid
, "TTLS")
440 check_sp_type(dev
[0], "home")
441 status
= dev
[0].get_status()
442 if status
['pairwise_cipher'] != "CCMP":
443 raise Exception("Unexpected pairwise cipher")
444 if status
['hs20'] != "2":
445 raise Exception("Unexpected HS 2.0 support indication")
447 dev
[1].connect("test-hs20", key_mgmt
="WPA-EAP", eap
="TTLS",
448 identity
="hs20-test", password
="password",
449 ca_cert
="auth_serv/ca.pem", phase2
="auth=MSCHAPV2",
452 def test_ap_hs20_connect_api(dev
, apdev
):
453 """Hotspot 2.0 connection with connect API"""
454 bssid
= apdev
[0]['bssid']
455 params
= hs20_ap_params()
456 params
['hessid'] = bssid
457 params
['disable_dgaf'] = '1'
458 hostapd
.add_ap(apdev
[0]['ifname'], params
)
460 wpas
= WpaSupplicant(global_iface
='/tmp/wpas-wlan5')
461 wpas
.interface_add("wlan5", drv_params
="force_connect_cmd=1")
463 id = wpas
.add_cred_values({ 'realm': "example.com",
464 'username': "hs20-test",
465 'password': "password",
466 'ca_cert': "auth_serv/ca.pem",
467 'domain': "example.com",
468 'update_identifier': "1234" })
469 interworking_select(wpas
, bssid
, "home", freq
="2412")
470 interworking_connect(wpas
, bssid
, "TTLS")
471 check_sp_type(wpas
, "home")
472 status
= wpas
.get_status()
473 if status
['pairwise_cipher'] != "CCMP":
474 raise Exception("Unexpected pairwise cipher")
475 if status
['hs20'] != "2":
476 raise Exception("Unexpected HS 2.0 support indication")
478 def test_ap_hs20_auto_interworking(dev
, apdev
):
479 """Hotspot 2.0 connection with auto_interworking=1"""
480 bssid
= apdev
[0]['bssid']
481 params
= hs20_ap_params()
482 params
['hessid'] = bssid
483 params
['disable_dgaf'] = '1'
484 hostapd
.add_ap(apdev
[0]['ifname'], params
)
486 dev
[0].hs20_enable(auto_interworking
=True)
487 id = dev
[0].add_cred_values({ 'realm': "example.com",
488 'username': "hs20-test",
489 'password': "password",
490 'ca_cert': "auth_serv/ca.pem",
491 'domain': "example.com",
492 'update_identifier': "1234" })
493 dev
[0].request("REASSOCIATE")
494 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=15)
496 raise Exception("Connection timed out")
497 check_sp_type(dev
[0], "home")
498 status
= dev
[0].get_status()
499 if status
['pairwise_cipher'] != "CCMP":
500 raise Exception("Unexpected pairwise cipher")
501 if status
['hs20'] != "2":
502 raise Exception("Unexpected HS 2.0 support indication")
504 def test_ap_hs20_auto_interworking_no_cred_match(dev
, apdev
):
505 """Hotspot 2.0 connection with auto_interworking=1 but no cred match"""
506 bssid
= apdev
[0]['bssid']
507 params
= { "ssid": "test" }
508 hostapd
.add_ap(apdev
[0]['ifname'], params
)
510 dev
[0].hs20_enable(auto_interworking
=True)
511 dev
[0].add_cred_values({ 'realm': "example.com",
512 'username': "hs20-test",
513 'password': "password",
514 'ca_cert': "auth_serv/ca.pem",
515 'domain': "example.com" })
517 id = dev
[0].connect("test", psk
="12345678", only_add_network
=True)
518 dev
[0].request("ENABLE_NETWORK %s" % id)
519 logger
.info("Verify that scanning continues when there is partial network block match")
520 for i
in range(0, 2):
521 ev
= dev
[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 10)
523 raise Exception("Scan timed out")
524 logger
.info("Scan completed")
526 def eap_test(dev
, ap
, eap_params
, method
, user
):
528 params
= hs20_ap_params()
529 params
['nai_realm'] = [ "0,example.com," + eap_params
]
530 hostapd
.add_ap(ap
['ifname'], params
)
533 dev
.add_cred_values({ 'realm': "example.com",
535 'password': "password" })
536 interworking_select(dev
, bssid
, freq
="2412")
537 interworking_connect(dev
, bssid
, method
)
539 def test_ap_hs20_eap_unknown(dev
, apdev
):
540 """Hotspot 2.0 connection with unknown EAP method"""
541 bssid
= apdev
[0]['bssid']
542 params
= hs20_ap_params()
543 params
['nai_realm'] = "0,example.com,99"
544 hostapd
.add_ap(apdev
[0]['ifname'], params
)
547 dev
[0].add_cred_values(default_cred())
548 interworking_select(dev
[0], None, no_match
=True, freq
="2412")
550 def test_ap_hs20_eap_peap_mschapv2(dev
, apdev
):
551 """Hotspot 2.0 connection with PEAP/MSCHAPV2"""
552 eap_test(dev
[0], apdev
[0], "25[3:26]", "PEAP", "user")
554 def test_ap_hs20_eap_peap_default(dev
, apdev
):
555 """Hotspot 2.0 connection with PEAP/MSCHAPV2 (as default)"""
556 eap_test(dev
[0], apdev
[0], "25", "PEAP", "user")
558 def test_ap_hs20_eap_peap_gtc(dev
, apdev
):
559 """Hotspot 2.0 connection with PEAP/GTC"""
560 eap_test(dev
[0], apdev
[0], "25[3:6]", "PEAP", "user")
562 def test_ap_hs20_eap_peap_unknown(dev
, apdev
):
563 """Hotspot 2.0 connection with PEAP/unknown"""
564 bssid
= apdev
[0]['bssid']
565 params
= hs20_ap_params()
566 params
['nai_realm'] = "0,example.com,25[3:99]"
567 hostapd
.add_ap(apdev
[0]['ifname'], params
)
570 dev
[0].add_cred_values(default_cred())
571 interworking_select(dev
[0], None, no_match
=True, freq
="2412")
573 def test_ap_hs20_eap_ttls_chap(dev
, apdev
):
574 """Hotspot 2.0 connection with TTLS/CHAP"""
575 eap_test(dev
[0], apdev
[0], "21[2:2]", "TTLS", "chap user")
577 def test_ap_hs20_eap_ttls_mschap(dev
, apdev
):
578 """Hotspot 2.0 connection with TTLS/MSCHAP"""
579 eap_test(dev
[0], apdev
[0], "21[2:3]", "TTLS", "mschap user")
581 def test_ap_hs20_eap_ttls_eap_mschapv2(dev
, apdev
):
582 """Hotspot 2.0 connection with TTLS/EAP-MSCHAPv2"""
583 eap_test(dev
[0], apdev
[0], "21[3:26][6:7][99:99]", "TTLS", "user")
585 def test_ap_hs20_eap_ttls_eap_unknown(dev
, apdev
):
586 """Hotspot 2.0 connection with TTLS/EAP-unknown"""
587 bssid
= apdev
[0]['bssid']
588 params
= hs20_ap_params()
589 params
['nai_realm'] = "0,example.com,21[3:99]"
590 hostapd
.add_ap(apdev
[0]['ifname'], params
)
593 dev
[0].add_cred_values(default_cred())
594 interworking_select(dev
[0], None, no_match
=True, freq
="2412")
596 def test_ap_hs20_eap_ttls_eap_unsupported(dev
, apdev
):
597 """Hotspot 2.0 connection with TTLS/EAP-OTP(unsupported)"""
598 bssid
= apdev
[0]['bssid']
599 params
= hs20_ap_params()
600 params
['nai_realm'] = "0,example.com,21[3:5]"
601 hostapd
.add_ap(apdev
[0]['ifname'], params
)
604 dev
[0].add_cred_values(default_cred())
605 interworking_select(dev
[0], None, no_match
=True, freq
="2412")
607 def test_ap_hs20_eap_ttls_unknown(dev
, apdev
):
608 """Hotspot 2.0 connection with TTLS/unknown"""
609 bssid
= apdev
[0]['bssid']
610 params
= hs20_ap_params()
611 params
['nai_realm'] = "0,example.com,21[2:5]"
612 hostapd
.add_ap(apdev
[0]['ifname'], params
)
615 dev
[0].add_cred_values(default_cred())
616 interworking_select(dev
[0], None, no_match
=True, freq
="2412")
618 def test_ap_hs20_eap_fast_mschapv2(dev
, apdev
):
619 """Hotspot 2.0 connection with FAST/EAP-MSCHAPV2"""
620 eap_test(dev
[0], apdev
[0], "43[3:26]", "FAST", "user")
622 def test_ap_hs20_eap_fast_gtc(dev
, apdev
):
623 """Hotspot 2.0 connection with FAST/EAP-GTC"""
624 eap_test(dev
[0], apdev
[0], "43[3:6]", "FAST", "user")
626 def test_ap_hs20_eap_tls(dev
, apdev
):
627 """Hotspot 2.0 connection with EAP-TLS"""
628 bssid
= apdev
[0]['bssid']
629 params
= hs20_ap_params()
630 params
['nai_realm'] = [ "0,example.com,13[5:6]" ]
631 hostapd
.add_ap(apdev
[0]['ifname'], params
)
634 dev
[0].add_cred_values({ 'realm': "example.com",
635 'username': "certificate-user",
636 'ca_cert': "auth_serv/ca.pem",
637 'client_cert': "auth_serv/user.pem",
638 'private_key': "auth_serv/user.key"})
639 interworking_select(dev
[0], bssid
, freq
="2412")
640 interworking_connect(dev
[0], bssid
, "TLS")
642 def test_ap_hs20_eap_cert_unknown(dev
, apdev
):
643 """Hotspot 2.0 connection with certificate, but unknown EAP method"""
644 bssid
= apdev
[0]['bssid']
645 params
= hs20_ap_params()
646 params
['nai_realm'] = [ "0,example.com,99[5:6]" ]
647 hostapd
.add_ap(apdev
[0]['ifname'], params
)
650 dev
[0].add_cred_values({ 'realm': "example.com",
651 'username': "certificate-user",
652 'ca_cert': "auth_serv/ca.pem",
653 'client_cert': "auth_serv/user.pem",
654 'private_key': "auth_serv/user.key"})
655 interworking_select(dev
[0], None, no_match
=True, freq
="2412")
657 def test_ap_hs20_eap_cert_unsupported(dev
, apdev
):
658 """Hotspot 2.0 connection with certificate, but unsupported TTLS"""
659 bssid
= apdev
[0]['bssid']
660 params
= hs20_ap_params()
661 params
['nai_realm'] = [ "0,example.com,21[5:6]" ]
662 hostapd
.add_ap(apdev
[0]['ifname'], params
)
665 dev
[0].add_cred_values({ 'realm': "example.com",
666 'username': "certificate-user",
667 'ca_cert': "auth_serv/ca.pem",
668 'client_cert': "auth_serv/user.pem",
669 'private_key': "auth_serv/user.key"})
670 interworking_select(dev
[0], None, no_match
=True, freq
="2412")
672 def test_ap_hs20_eap_invalid_cred(dev
, apdev
):
673 """Hotspot 2.0 connection with invalid cred configuration"""
674 bssid
= apdev
[0]['bssid']
675 params
= hs20_ap_params()
676 hostapd
.add_ap(apdev
[0]['ifname'], params
)
679 dev
[0].add_cred_values({ 'realm': "example.com",
680 'username': "certificate-user",
681 'client_cert': "auth_serv/user.pem" })
682 interworking_select(dev
[0], None, no_match
=True, freq
="2412")
684 def test_ap_hs20_nai_realms(dev
, apdev
):
685 """Hotspot 2.0 connection and multiple NAI realms and TTLS/PAP"""
686 bssid
= apdev
[0]['bssid']
687 params
= hs20_ap_params()
688 params
['hessid'] = bssid
689 params
['nai_realm'] = [ "0,no.match.here;example.com;no.match.here.either,21[2:1][5:7]" ]
690 hostapd
.add_ap(apdev
[0]['ifname'], params
)
693 id = dev
[0].add_cred_values({ 'realm': "example.com",
694 'username': "pap user",
695 'password': "password",
696 'domain': "example.com" })
697 interworking_select(dev
[0], bssid
, "home", freq
="2412")
698 interworking_connect(dev
[0], bssid
, "TTLS")
699 check_sp_type(dev
[0], "home")
701 def test_ap_hs20_roaming_consortium(dev
, apdev
):
702 """Hotspot 2.0 connection based on roaming consortium match"""
703 bssid
= apdev
[0]['bssid']
704 params
= hs20_ap_params()
705 params
['hessid'] = bssid
706 hostapd
.add_ap(apdev
[0]['ifname'], params
)
709 for consortium
in [ "112233", "1020304050", "010203040506", "fedcba" ]:
710 id = dev
[0].add_cred_values({ 'username': "user",
711 'password': "password",
712 'domain': "example.com",
713 'roaming_consortium': consortium
,
715 interworking_select(dev
[0], bssid
, "home", freq
="2412")
716 interworking_connect(dev
[0], bssid
, "PEAP")
717 check_sp_type(dev
[0], "home")
718 dev
[0].request("INTERWORKING_SELECT auto freq=2412")
719 ev
= dev
[0].wait_event(["INTERWORKING-ALREADY-CONNECTED"], timeout
=15)
721 raise Exception("Timeout on already-connected event")
722 dev
[0].remove_cred(id)
724 def test_ap_hs20_username_roaming(dev
, apdev
):
725 """Hotspot 2.0 connection in username/password credential (roaming)"""
726 bssid
= apdev
[0]['bssid']
727 params
= hs20_ap_params()
728 params
['nai_realm'] = [ "0,example.com,13[5:6],21[2:4][5:7]",
729 "0,roaming.example.com,21[2:4][5:7]",
730 "0,another.example.com" ]
731 params
['domain_name'] = "another.example.com"
732 params
['hessid'] = bssid
733 hostapd
.add_ap(apdev
[0]['ifname'], params
)
736 id = dev
[0].add_cred_values({ 'realm': "roaming.example.com",
737 'username': "hs20-test",
738 'password': "password",
739 'domain': "example.com" })
740 interworking_select(dev
[0], bssid
, "roaming", freq
="2412")
741 interworking_connect(dev
[0], bssid
, "TTLS")
742 check_sp_type(dev
[0], "roaming")
744 def test_ap_hs20_username_unknown(dev
, apdev
):
745 """Hotspot 2.0 connection in username/password credential (no domain in cred)"""
746 bssid
= apdev
[0]['bssid']
747 params
= hs20_ap_params()
748 params
['hessid'] = bssid
749 hostapd
.add_ap(apdev
[0]['ifname'], params
)
752 id = dev
[0].add_cred_values({ 'realm': "example.com",
753 'username': "hs20-test",
754 'password': "password" })
755 interworking_select(dev
[0], bssid
, "unknown", freq
="2412")
756 interworking_connect(dev
[0], bssid
, "TTLS")
757 check_sp_type(dev
[0], "unknown")
759 def test_ap_hs20_username_unknown2(dev
, apdev
):
760 """Hotspot 2.0 connection in username/password credential (no domain advertized)"""
761 bssid
= apdev
[0]['bssid']
762 params
= hs20_ap_params()
763 params
['hessid'] = bssid
764 del params
['domain_name']
765 hostapd
.add_ap(apdev
[0]['ifname'], params
)
768 id = dev
[0].add_cred_values({ 'realm': "example.com",
769 'username': "hs20-test",
770 'password': "password",
771 'domain': "example.com" })
772 interworking_select(dev
[0], bssid
, "unknown", freq
="2412")
773 interworking_connect(dev
[0], bssid
, "TTLS")
774 check_sp_type(dev
[0], "unknown")
776 def test_ap_hs20_gas_while_associated(dev
, apdev
):
777 """Hotspot 2.0 connection with GAS query while associated"""
778 bssid
= apdev
[0]['bssid']
779 params
= hs20_ap_params()
780 params
['hessid'] = bssid
781 hostapd
.add_ap(apdev
[0]['ifname'], params
)
784 id = dev
[0].add_cred_values({ 'realm': "example.com",
785 'username': "hs20-test",
786 'password': "password",
787 'domain': "example.com" })
788 interworking_select(dev
[0], bssid
, "home", freq
="2412")
789 interworking_connect(dev
[0], bssid
, "TTLS")
791 logger
.info("Verifying GAS query while associated")
792 dev
[0].request("FETCH_ANQP")
793 for i
in range(0, 6):
794 ev
= dev
[0].wait_event(["RX-ANQP"], timeout
=5)
796 raise Exception("Operation timed out")
798 def test_ap_hs20_gas_while_associated_with_pmf(dev
, apdev
):
799 """Hotspot 2.0 connection with GAS query while associated and using PMF"""
800 bssid
= apdev
[0]['bssid']
801 params
= hs20_ap_params()
802 params
['hessid'] = bssid
803 hostapd
.add_ap(apdev
[0]['ifname'], params
)
805 bssid2
= apdev
[1]['bssid']
806 params
= hs20_ap_params()
807 params
['hessid'] = bssid2
808 params
['nai_realm'] = [ "0,no-match.example.org,13[5:6],21[2:4][5:7]" ]
809 hostapd
.add_ap(apdev
[1]['ifname'], params
)
812 dev
[0].request("SET pmf 2")
813 id = dev
[0].add_cred_values({ 'realm': "example.com",
814 'username': "hs20-test",
815 'password': "password",
816 'domain': "example.com" })
817 interworking_select(dev
[0], bssid
, "home", freq
="2412")
818 interworking_connect(dev
[0], bssid
, "TTLS")
820 logger
.info("Verifying GAS query while associated")
821 dev
[0].request("FETCH_ANQP")
822 for i
in range(0, 2 * 6):
823 ev
= dev
[0].wait_event(["RX-ANQP"], timeout
=5)
825 raise Exception("Operation timed out")
827 def test_ap_hs20_gas_frag_while_associated(dev
, apdev
):
828 """Hotspot 2.0 connection with fragmented GAS query while associated"""
829 bssid
= apdev
[0]['bssid']
830 params
= hs20_ap_params()
831 params
['hessid'] = bssid
832 hostapd
.add_ap(apdev
[0]['ifname'], params
)
833 hapd
= hostapd
.Hostapd(apdev
[0]['ifname'])
834 hapd
.set("gas_frag_limit", "50")
837 id = dev
[0].add_cred_values({ 'realm': "example.com",
838 'username': "hs20-test",
839 'password': "password",
840 'domain': "example.com" })
841 interworking_select(dev
[0], bssid
, "home", freq
="2412")
842 interworking_connect(dev
[0], bssid
, "TTLS")
844 logger
.info("Verifying GAS query while associated")
845 dev
[0].request("FETCH_ANQP")
846 for i
in range(0, 6):
847 ev
= dev
[0].wait_event(["RX-ANQP"], timeout
=5)
849 raise Exception("Operation timed out")
851 def test_ap_hs20_multiple_connects(dev
, apdev
):
852 """Hotspot 2.0 connection through multiple network selections"""
853 bssid
= apdev
[0]['bssid']
854 params
= hs20_ap_params()
855 params
['hessid'] = bssid
856 hostapd
.add_ap(apdev
[0]['ifname'], params
)
859 values
= { 'realm': "example.com",
860 'username': "hs20-test",
861 'password': "password",
862 'domain': "example.com" }
863 id = dev
[0].add_cred_values(values
)
865 dev
[0].scan_for_bss(bssid
, freq
="2412")
867 for i
in range(0, 3):
868 logger
.info("Starting Interworking network selection")
869 dev
[0].request("INTERWORKING_SELECT auto freq=2412")
871 ev
= dev
[0].wait_event(["INTERWORKING-NO-MATCH",
872 "INTERWORKING-ALREADY-CONNECTED",
873 "CTRL-EVENT-CONNECTED"], timeout
=15)
875 raise Exception("Connection timed out")
876 if "INTERWORKING-NO-MATCH" in ev
:
877 raise Exception("Matching AP not found")
878 if "CTRL-EVENT-CONNECTED" in ev
:
880 if i
== 2 and "INTERWORKING-ALREADY-CONNECTED" in ev
:
883 dev
[0].request("DISCONNECT")
884 dev
[0].dump_monitor()
886 networks
= dev
[0].list_networks()
887 if len(networks
) > 1:
888 raise Exception("Duplicated network block detected")
890 def test_ap_hs20_disallow_aps(dev
, apdev
):
891 """Hotspot 2.0 connection and disallow_aps"""
892 bssid
= apdev
[0]['bssid']
893 params
= hs20_ap_params()
894 params
['hessid'] = bssid
895 hostapd
.add_ap(apdev
[0]['ifname'], params
)
898 values
= { 'realm': "example.com",
899 'username': "hs20-test",
900 'password': "password",
901 'domain': "example.com" }
902 id = dev
[0].add_cred_values(values
)
904 dev
[0].scan_for_bss(bssid
, freq
="2412")
906 logger
.info("Verify disallow_aps bssid")
907 dev
[0].request("SET disallow_aps bssid " + bssid
.translate(None, ':'))
908 dev
[0].request("INTERWORKING_SELECT auto")
909 ev
= dev
[0].wait_event(["INTERWORKING-NO-MATCH"], timeout
=15)
911 raise Exception("Network selection timed out")
912 dev
[0].dump_monitor()
914 logger
.info("Verify disallow_aps ssid")
915 dev
[0].request("SET disallow_aps ssid 746573742d68733230")
916 dev
[0].request("INTERWORKING_SELECT auto freq=2412")
917 ev
= dev
[0].wait_event(["INTERWORKING-NO-MATCH"], timeout
=15)
919 raise Exception("Network selection timed out")
920 dev
[0].dump_monitor()
922 logger
.info("Verify disallow_aps clear")
923 dev
[0].request("SET disallow_aps ")
924 interworking_select(dev
[0], bssid
, "home", freq
="2412")
926 dev
[0].request("SET disallow_aps bssid " + bssid
.translate(None, ':'))
927 ret
= dev
[0].request("INTERWORKING_CONNECT " + bssid
)
928 if "FAIL" not in ret
:
929 raise Exception("INTERWORKING_CONNECT to disallowed BSS not rejected")
931 def policy_test(dev
, ap
, values
, only_one
=True):
934 logger
.info("Verify network selection to AP " + ap
['ifname'])
936 dev
.scan_for_bss(bssid
, freq
="2412")
938 logger
.info("Verify network selection")
941 id = dev
.add_cred_values(values
)
942 dev
.request("INTERWORKING_SELECT auto freq=2412")
945 ev
= dev
.wait_event(["INTERWORKING-AP", "INTERWORKING-NO-MATCH",
946 "INTERWORKING-BLACKLISTED",
947 "INTERWORKING-SELECTED"], timeout
=15)
949 raise Exception("Network selection timed out")
951 if "INTERWORKING-NO-MATCH" in ev
:
952 raise Exception("Matching AP not found")
953 if bssid
and only_one
and "INTERWORKING-AP" in ev
and bssid
not in ev
:
954 raise Exception("Unexpected AP claimed acceptable")
955 if "INTERWORKING-SELECTED" in ev
:
956 if bssid
and bssid
not in ev
:
957 raise Exception("Selected incorrect BSS")
960 ev
= dev
.wait_event(["CTRL-EVENT-CONNECTED"], timeout
=15)
962 raise Exception("Connection timed out")
963 if bssid
and bssid
not in ev
:
964 raise Exception("Connected to incorrect BSS")
966 conn_bssid
= dev
.get_status_field("bssid")
967 if bssid
and conn_bssid
!= bssid
:
968 raise Exception("bssid information points to incorrect BSS")
974 def default_cred(domain
=None):
975 cred
= { 'realm': "example.com",
976 'username': "hs20-test",
977 'password': "password" }
979 cred
['domain'] = domain
982 def test_ap_hs20_prefer_home(dev
, apdev
):
983 """Hotspot 2.0 required roaming consortium"""
984 params
= hs20_ap_params()
985 params
['domain_name'] = "example.org"
986 hostapd
.add_ap(apdev
[0]['ifname'], params
)
988 params
= hs20_ap_params()
989 params
['ssid'] = "test-hs20-other"
990 params
['domain_name'] = "example.com"
991 hostapd
.add_ap(apdev
[1]['ifname'], params
)
993 values
= default_cred()
994 values
['domain'] = "example.com"
995 policy_test(dev
[0], apdev
[1], values
, only_one
=False)
996 values
['domain'] = "example.org"
997 policy_test(dev
[0], apdev
[0], values
, only_one
=False)
999 def test_ap_hs20_req_roaming_consortium(dev
, apdev
):
1000 """Hotspot 2.0 required roaming consortium"""
1001 params
= hs20_ap_params()
1002 hostapd
.add_ap(apdev
[0]['ifname'], params
)
1004 params
= hs20_ap_params()
1005 params
['ssid'] = "test-hs20-other"
1006 params
['roaming_consortium'] = [ "223344" ]
1007 hostapd
.add_ap(apdev
[1]['ifname'], params
)
1009 values
= default_cred()
1010 values
['required_roaming_consortium'] = "223344"
1011 policy_test(dev
[0], apdev
[1], values
)
1012 values
['required_roaming_consortium'] = "112233"
1013 policy_test(dev
[0], apdev
[0], values
)
1015 id = dev
[0].add_cred()
1016 dev
[0].set_cred(id, "required_roaming_consortium", "112233")
1017 dev
[0].set_cred(id, "required_roaming_consortium", "112233445566778899aabbccddeeff")
1019 for val
in [ "", "1", "11", "1122", "1122334", "112233445566778899aabbccddeeff00" ]:
1020 if "FAIL" not in dev
[0].request('SET_CRED {} required_roaming_consortium {}'.format(id, val
)):
1021 raise Exception("Invalid roaming consortium value accepted: " + val
)
1023 def test_ap_hs20_excluded_ssid(dev
, apdev
):
1024 """Hotspot 2.0 exclusion based on SSID"""
1025 params
= hs20_ap_params()
1026 params
['roaming_consortium'] = [ "223344" ]
1027 params
['anqp_3gpp_cell_net'] = "555,444"
1028 hostapd
.add_ap(apdev
[0]['ifname'], params
)
1030 params
= hs20_ap_params()
1031 params
['ssid'] = "test-hs20-other"
1032 params
['roaming_consortium'] = [ "223344" ]
1033 params
['anqp_3gpp_cell_net'] = "555,444"
1034 hostapd
.add_ap(apdev
[1]['ifname'], params
)
1036 values
= default_cred()
1037 values
['excluded_ssid'] = "test-hs20"
1038 events
= policy_test(dev
[0], apdev
[1], values
)
1039 ev
= [e
for e
in events
if "INTERWORKING-BLACKLISTED " + apdev
[0]['bssid'] in e
]
1041 raise Exception("Excluded network not reported")
1042 values
['excluded_ssid'] = "test-hs20-other"
1043 events
= policy_test(dev
[0], apdev
[0], values
)
1044 ev
= [e
for e
in events
if "INTERWORKING-BLACKLISTED " + apdev
[1]['bssid'] in e
]
1046 raise Exception("Excluded network not reported")
1048 values
= default_cred()
1049 values
['roaming_consortium'] = "223344"
1050 values
['eap'] = "TTLS"
1051 values
['phase2'] = "auth=MSCHAPV2"
1052 values
['excluded_ssid'] = "test-hs20"
1053 events
= policy_test(dev
[0], apdev
[1], values
)
1054 ev
= [e
for e
in events
if "INTERWORKING-BLACKLISTED " + apdev
[0]['bssid'] in e
]
1056 raise Exception("Excluded network not reported")
1058 values
= { 'imsi': "555444-333222111", 'eap': "SIM",
1059 'milenage': "5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123",
1060 'excluded_ssid': "test-hs20" }
1061 events
= policy_test(dev
[0], apdev
[1], values
)
1062 ev
= [e
for e
in events
if "INTERWORKING-BLACKLISTED " + apdev
[0]['bssid'] in e
]
1064 raise Exception("Excluded network not reported")
1066 def test_ap_hs20_roam_to_higher_prio(dev
, apdev
):
1067 """Hotspot 2.0 and roaming from current to higher priority network"""
1068 bssid
= apdev
[0]['bssid']
1069 params
= hs20_ap_params(ssid
="test-hs20-visited")
1070 params
['domain_name'] = "visited.example.org"
1071 hostapd
.add_ap(apdev
[0]['ifname'], params
)
1073 dev
[0].hs20_enable()
1074 id = dev
[0].add_cred_values({ 'realm': "example.com",
1075 'username': "hs20-test",
1076 'password': "password",
1077 'domain': "example.com" })
1078 logger
.info("Connect to the only network option")
1079 interworking_select(dev
[0], bssid
, "roaming", freq
="2412")
1080 dev
[0].dump_monitor()
1081 interworking_connect(dev
[0], bssid
, "TTLS")
1083 logger
.info("Start another AP (home operator) and reconnect")
1084 bssid2
= apdev
[1]['bssid']
1085 params
= hs20_ap_params(ssid
="test-hs20-home")
1086 params
['domain_name'] = "example.com"
1087 hostapd
.add_ap(apdev
[1]['ifname'], params
)
1089 dev
[0].scan_for_bss(bssid2
, freq
="2412", force_scan
=True)
1090 dev
[0].request("INTERWORKING_SELECT auto freq=2412")
1091 ev
= dev
[0].wait_event(["INTERWORKING-NO-MATCH",
1092 "INTERWORKING-ALREADY-CONNECTED",
1093 "CTRL-EVENT-CONNECTED"], timeout
=15)
1095 raise Exception("Connection timed out")
1096 if "INTERWORKING-NO-MATCH" in ev
:
1097 raise Exception("Matching AP not found")
1098 if "INTERWORKING-ALREADY-CONNECTED" in ev
:
1099 raise Exception("Unexpected AP selected")
1100 if bssid2
not in ev
:
1101 raise Exception("Unexpected BSSID after reconnection")
1103 def test_ap_hs20_domain_suffix_match(dev
, apdev
):
1104 """Hotspot 2.0 and domain_suffix_match"""
1105 bssid
= apdev
[0]['bssid']
1106 params
= hs20_ap_params()
1107 hostapd
.add_ap(apdev
[0]['ifname'], params
)
1109 dev
[0].hs20_enable()
1110 id = dev
[0].add_cred_values({ 'realm': "example.com",
1111 'username': "hs20-test",
1112 'password': "password",
1113 'domain': "example.com",
1114 'domain_suffix_match': "w1.fi" })
1115 interworking_select(dev
[0], bssid
, "home", freq
="2412")
1116 dev
[0].dump_monitor()
1117 interworking_connect(dev
[0], bssid
, "TTLS")
1118 dev
[0].request("REMOVE_NETWORK all")
1119 dev
[0].dump_monitor()
1121 dev
[0].set_cred_quoted(id, "domain_suffix_match", "no-match.example.com")
1122 interworking_select(dev
[0], bssid
, "home", freq
="2412")
1123 dev
[0].dump_monitor()
1124 dev
[0].request("INTERWORKING_CONNECT " + bssid
)
1125 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"])
1127 raise Exception("TLS certificate error not reported")
1128 if "Domain suffix mismatch" not in ev
:
1129 raise Exception("Domain suffix mismatch not reported")
1131 def test_ap_hs20_roaming_partner_preference(dev
, apdev
):
1132 """Hotspot 2.0 and roaming partner preference"""
1133 params
= hs20_ap_params()
1134 params
['domain_name'] = "roaming.example.org"
1135 hostapd
.add_ap(apdev
[0]['ifname'], params
)
1137 params
= hs20_ap_params()
1138 params
['ssid'] = "test-hs20-other"
1139 params
['domain_name'] = "roaming.example.net"
1140 hostapd
.add_ap(apdev
[1]['ifname'], params
)
1142 logger
.info("Verify default vs. specified preference")
1143 values
= default_cred()
1144 values
['roaming_partner'] = "roaming.example.net,1,127,*"
1145 policy_test(dev
[0], apdev
[1], values
, only_one
=False)
1146 values
['roaming_partner'] = "roaming.example.net,1,129,*"
1147 policy_test(dev
[0], apdev
[0], values
, only_one
=False)
1149 logger
.info("Verify partial FQDN match")
1150 values
['roaming_partner'] = "example.net,0,0,*"
1151 policy_test(dev
[0], apdev
[1], values
, only_one
=False)
1152 values
['roaming_partner'] = "example.net,0,255,*"
1153 policy_test(dev
[0], apdev
[0], values
, only_one
=False)
1155 def test_ap_hs20_max_bss_load(dev
, apdev
):
1156 """Hotspot 2.0 and maximum BSS load"""
1157 params
= hs20_ap_params()
1158 params
['bss_load_test'] = "12:200:20000"
1159 hostapd
.add_ap(apdev
[0]['ifname'], params
)
1161 params
= hs20_ap_params()
1162 params
['ssid'] = "test-hs20-other"
1163 params
['bss_load_test'] = "5:20:10000"
1164 hostapd
.add_ap(apdev
[1]['ifname'], params
)
1166 logger
.info("Verify maximum BSS load constraint")
1167 values
= default_cred()
1168 values
['domain'] = "example.com"
1169 values
['max_bss_load'] = "100"
1170 events
= policy_test(dev
[0], apdev
[1], values
, only_one
=False)
1172 ev
= [e
for e
in events
if "INTERWORKING-AP " + apdev
[0]['bssid'] in e
]
1173 if len(ev
) != 1 or "over_max_bss_load=1" not in ev
[0]:
1174 raise Exception("Maximum BSS Load case not noticed")
1175 ev
= [e
for e
in events
if "INTERWORKING-AP " + apdev
[1]['bssid'] in e
]
1176 if len(ev
) != 1 or "over_max_bss_load=1" in ev
[0]:
1177 raise Exception("Maximum BSS Load case reported incorrectly")
1179 logger
.info("Verify maximum BSS load does not prevent connection")
1180 values
['max_bss_load'] = "1"
1181 events
= policy_test(dev
[0], None, values
)
1183 ev
= [e
for e
in events
if "INTERWORKING-AP " + apdev
[0]['bssid'] in e
]
1184 if len(ev
) != 1 or "over_max_bss_load=1" not in ev
[0]:
1185 raise Exception("Maximum BSS Load case not noticed")
1186 ev
= [e
for e
in events
if "INTERWORKING-AP " + apdev
[1]['bssid'] in e
]
1187 if len(ev
) != 1 or "over_max_bss_load=1" not in ev
[0]:
1188 raise Exception("Maximum BSS Load case not noticed")
1190 def test_ap_hs20_max_bss_load2(dev
, apdev
):
1191 """Hotspot 2.0 and maximum BSS load with one AP not advertising"""
1192 params
= hs20_ap_params()
1193 params
['bss_load_test'] = "12:200:20000"
1194 hostapd
.add_ap(apdev
[0]['ifname'], params
)
1196 params
= hs20_ap_params()
1197 params
['ssid'] = "test-hs20-other"
1198 hostapd
.add_ap(apdev
[1]['ifname'], params
)
1200 logger
.info("Verify maximum BSS load constraint with AP advertisement")
1201 values
= default_cred()
1202 values
['domain'] = "example.com"
1203 values
['max_bss_load'] = "100"
1204 events
= policy_test(dev
[0], apdev
[1], values
, only_one
=False)
1206 ev
= [e
for e
in events
if "INTERWORKING-AP " + apdev
[0]['bssid'] in e
]
1207 if len(ev
) != 1 or "over_max_bss_load=1" not in ev
[0]:
1208 raise Exception("Maximum BSS Load case not noticed")
1209 ev
= [e
for e
in events
if "INTERWORKING-AP " + apdev
[1]['bssid'] in e
]
1210 if len(ev
) != 1 or "over_max_bss_load=1" in ev
[0]:
1211 raise Exception("Maximum BSS Load case reported incorrectly")
1213 def test_ap_hs20_multi_cred_sp_prio(dev
, apdev
):
1214 """Hotspot 2.0 multi-cred sp_priority"""
1215 if not hlr_auc_gw_available():
1217 bssid
= apdev
[0]['bssid']
1218 params
= hs20_ap_params()
1219 params
['hessid'] = bssid
1220 del params
['domain_name']
1221 params
['anqp_3gpp_cell_net'] = "232,01"
1222 hostapd
.add_ap(apdev
[0]['ifname'], params
)
1224 dev
[0].hs20_enable()
1225 dev
[0].scan_for_bss(bssid
, freq
="2412")
1226 dev
[0].request("SET external_sim 1")
1227 id1
= dev
[0].add_cred_values({ 'imsi': "23201-0000000000", 'eap': "SIM",
1228 'provisioning_sp': "example.com",
1229 'sp_priority' :"1" })
1230 id2
= dev
[0].add_cred_values({ 'realm': "example.com",
1231 'username': "hs20-test",
1232 'password': "password",
1233 'domain': "example.com",
1234 'provisioning_sp': "example.com",
1235 'sp_priority': "2" })
1236 dev
[0].dump_monitor()
1237 dev
[0].scan_for_bss(bssid
, freq
="2412")
1238 dev
[0].request("INTERWORKING_SELECT auto freq=2412")
1239 interworking_ext_sim_auth(dev
[0], "SIM")
1240 check_sp_type(dev
[0], "unknown")
1241 dev
[0].request("REMOVE_NETWORK all")
1243 dev
[0].set_cred(id1
, "sp_priority", "2")
1244 dev
[0].set_cred(id2
, "sp_priority", "1")
1245 dev
[0].dump_monitor()
1246 dev
[0].request("INTERWORKING_SELECT auto freq=2412")
1247 interworking_auth(dev
[0], "TTLS")
1248 check_sp_type(dev
[0], "unknown")
1250 def test_ap_hs20_multi_cred_sp_prio2(dev
, apdev
):
1251 """Hotspot 2.0 multi-cred sp_priority with two BSSes"""
1252 if not hlr_auc_gw_available():
1254 bssid
= apdev
[0]['bssid']
1255 params
= hs20_ap_params()
1256 params
['hessid'] = bssid
1257 del params
['nai_realm']
1258 del params
['domain_name']
1259 params
['anqp_3gpp_cell_net'] = "232,01"
1260 hostapd
.add_ap(apdev
[0]['ifname'], params
)
1262 bssid2
= apdev
[1]['bssid']
1263 params
= hs20_ap_params()
1264 params
['ssid'] = "test-hs20-other"
1265 params
['hessid'] = bssid2
1266 del params
['domain_name']
1267 del params
['anqp_3gpp_cell_net']
1268 hostapd
.add_ap(apdev
[1]['ifname'], params
)
1270 dev
[0].hs20_enable()
1271 dev
[0].request("SET external_sim 1")
1272 id1
= dev
[0].add_cred_values({ 'imsi': "23201-0000000000", 'eap': "SIM",
1273 'provisioning_sp': "example.com",
1274 'sp_priority': "1" })
1275 id2
= dev
[0].add_cred_values({ 'realm': "example.com",
1276 'username': "hs20-test",
1277 'password': "password",
1278 'domain': "example.com",
1279 'provisioning_sp': "example.com",
1280 'sp_priority': "2" })
1281 dev
[0].dump_monitor()
1282 dev
[0].scan_for_bss(bssid
, freq
="2412")
1283 dev
[0].scan_for_bss(bssid2
, freq
="2412")
1284 dev
[0].request("INTERWORKING_SELECT auto freq=2412")
1285 interworking_ext_sim_auth(dev
[0], "SIM")
1286 check_sp_type(dev
[0], "unknown")
1287 conn_bssid
= dev
[0].get_status_field("bssid")
1288 if conn_bssid
!= bssid
:
1289 raise Exception("Connected to incorrect BSS")
1290 dev
[0].request("REMOVE_NETWORK all")
1292 dev
[0].set_cred(id1
, "sp_priority", "2")
1293 dev
[0].set_cred(id2
, "sp_priority", "1")
1294 dev
[0].dump_monitor()
1295 dev
[0].request("INTERWORKING_SELECT auto freq=2412")
1296 interworking_auth(dev
[0], "TTLS")
1297 check_sp_type(dev
[0], "unknown")
1298 conn_bssid
= dev
[0].get_status_field("bssid")
1299 if conn_bssid
!= bssid2
:
1300 raise Exception("Connected to incorrect BSS")
1302 def check_conn_capab_selection(dev
, type, missing
):
1303 dev
.request("INTERWORKING_SELECT freq=2412")
1304 ev
= dev
.wait_event(["INTERWORKING-AP"])
1306 raise Exception("Network selection timed out");
1307 if "type=" + type not in ev
:
1308 raise Exception("Unexpected network type")
1309 if missing
and "conn_capab_missing=1" not in ev
:
1310 raise Exception("conn_capab_missing not reported")
1311 if not missing
and "conn_capab_missing=1" in ev
:
1312 raise Exception("conn_capab_missing reported unexpectedly")
1314 def conn_capab_cred(domain
=None, req_conn_capab
=None):
1315 cred
= default_cred(domain
=domain
)
1317 cred
['req_conn_capab'] = req_conn_capab
1320 def test_ap_hs20_req_conn_capab(dev
, apdev
):
1321 """Hotspot 2.0 network selection with req_conn_capab"""
1322 bssid
= apdev
[0]['bssid']
1323 params
= hs20_ap_params()
1324 hostapd
.add_ap(apdev
[0]['ifname'], params
)
1326 dev
[0].hs20_enable()
1327 dev
[0].scan_for_bss(bssid
, freq
="2412")
1328 logger
.info("Not used in home network")
1329 values
= conn_capab_cred(domain
="example.com", req_conn_capab
="6:1234")
1330 id = dev
[0].add_cred_values(values
)
1331 check_conn_capab_selection(dev
[0], "home", False)
1333 logger
.info("Used in roaming network")
1334 dev
[0].remove_cred(id)
1335 values
= conn_capab_cred(domain
="example.org", req_conn_capab
="6:1234")
1336 id = dev
[0].add_cred_values(values
)
1337 check_conn_capab_selection(dev
[0], "roaming", True)
1339 logger
.info("Verify that req_conn_capab does not prevent connection if no other network is available")
1340 check_auto_select(dev
[0], bssid
)
1342 logger
.info("Additional req_conn_capab checks")
1344 dev
[0].remove_cred(id)
1345 values
= conn_capab_cred(domain
="example.org", req_conn_capab
="1:0")
1346 id = dev
[0].add_cred_values(values
)
1347 check_conn_capab_selection(dev
[0], "roaming", True)
1349 dev
[0].remove_cred(id)
1350 values
= conn_capab_cred(domain
="example.org", req_conn_capab
="17:5060")
1351 id = dev
[0].add_cred_values(values
)
1352 check_conn_capab_selection(dev
[0], "roaming", True)
1354 bssid2
= apdev
[1]['bssid']
1355 params
= hs20_ap_params(ssid
="test-hs20b")
1356 params
['hs20_conn_capab'] = [ "1:0:2", "6:22:1", "17:5060:0", "50:0:1" ]
1357 hostapd
.add_ap(apdev
[1]['ifname'], params
)
1359 dev
[0].remove_cred(id)
1360 values
= conn_capab_cred(domain
="example.org", req_conn_capab
="50")
1361 id = dev
[0].add_cred_values(values
)
1362 dev
[0].set_cred(id, "req_conn_capab", "6:22")
1363 dev
[0].scan_for_bss(bssid2
, freq
="2412")
1364 dev
[0].request("INTERWORKING_SELECT freq=2412")
1365 for i
in range(0, 2):
1366 ev
= dev
[0].wait_event(["INTERWORKING-AP"])
1368 raise Exception("Network selection timed out");
1369 if bssid
in ev
and "conn_capab_missing=1" not in ev
:
1370 raise Exception("Missing protocol connection capability not reported")
1371 if bssid2
in ev
and "conn_capab_missing=1" in ev
:
1372 raise Exception("Protocol connection capability not reported correctly")
1374 def test_ap_hs20_req_conn_capab_and_roaming_partner_preference(dev
, apdev
):
1375 """Hotspot 2.0 and req_conn_capab with roaming partner preference"""
1376 bssid
= apdev
[0]['bssid']
1377 params
= hs20_ap_params()
1378 params
['domain_name'] = "roaming.example.org"
1379 params
['hs20_conn_capab'] = [ "1:0:2", "6:22:1", "17:5060:0", "50:0:1" ]
1380 hostapd
.add_ap(apdev
[0]['ifname'], params
)
1382 bssid2
= apdev
[1]['bssid']
1383 params
= hs20_ap_params(ssid
="test-hs20-b")
1384 params
['domain_name'] = "roaming.example.net"
1385 hostapd
.add_ap(apdev
[1]['ifname'], params
)
1387 values
= default_cred()
1388 values
['roaming_partner'] = "roaming.example.net,1,127,*"
1389 id = dev
[0].add_cred_values(values
)
1390 check_auto_select(dev
[0], bssid2
)
1392 dev
[0].set_cred(id, "req_conn_capab", "50")
1393 check_auto_select(dev
[0], bssid
)
1395 dev
[0].remove_cred(id)
1396 id = dev
[0].add_cred_values(values
)
1397 dev
[0].set_cred(id, "req_conn_capab", "51")
1398 check_auto_select(dev
[0], bssid2
)
1400 def check_bandwidth_selection(dev
, type, below
):
1401 dev
.request("INTERWORKING_SELECT freq=2412")
1402 ev
= dev
.wait_event(["INTERWORKING-AP"])
1404 raise Exception("Network selection timed out");
1405 if "type=" + type not in ev
:
1406 raise Exception("Unexpected network type")
1407 if below
and "below_min_backhaul=1" not in ev
:
1408 raise Exception("below_min_backhaul not reported")
1409 if not below
and "below_min_backhaul=1" in ev
:
1410 raise Exception("below_min_backhaul reported unexpectedly")
1412 def bw_cred(domain
=None, dl_home
=None, ul_home
=None, dl_roaming
=None, ul_roaming
=None):
1413 cred
= default_cred(domain
=domain
)
1415 cred
['min_dl_bandwidth_home'] = str(dl_home
)
1417 cred
['min_ul_bandwidth_home'] = str(ul_home
)
1419 cred
['min_dl_bandwidth_roaming'] = str(dl_roaming
)
1421 cred
['min_ul_bandwidth_roaming'] = str(ul_roaming
)
1424 def test_ap_hs20_min_bandwidth_home(dev
, apdev
):
1425 """Hotspot 2.0 network selection with min bandwidth (home)"""
1426 bssid
= apdev
[0]['bssid']
1427 params
= hs20_ap_params()
1428 hostapd
.add_ap(apdev
[0]['ifname'], params
)
1430 dev
[0].hs20_enable()
1431 dev
[0].scan_for_bss(bssid
, freq
="2412")
1432 values
= bw_cred(domain
="example.com", dl_home
=5490, ul_home
=58)
1433 id = dev
[0].add_cred_values(values
)
1434 check_bandwidth_selection(dev
[0], "home", False)
1435 dev
[0].remove_cred(id)
1437 values
= bw_cred(domain
="example.com", dl_home
=5491, ul_home
=58)
1438 id = dev
[0].add_cred_values(values
)
1439 check_bandwidth_selection(dev
[0], "home", True)
1440 dev
[0].remove_cred(id)
1442 values
= bw_cred(domain
="example.com", dl_home
=5490, ul_home
=59)
1443 id = dev
[0].add_cred_values(values
)
1444 check_bandwidth_selection(dev
[0], "home", True)
1445 dev
[0].remove_cred(id)
1447 values
= bw_cred(domain
="example.com", dl_home
=5491, ul_home
=59)
1448 id = dev
[0].add_cred_values(values
)
1449 check_bandwidth_selection(dev
[0], "home", True)
1450 check_auto_select(dev
[0], bssid
)
1452 bssid2
= apdev
[1]['bssid']
1453 params
= hs20_ap_params(ssid
="test-hs20-b")
1454 params
['hs20_wan_metrics'] = "01:8000:1000:1:1:3000"
1455 hostapd
.add_ap(apdev
[1]['ifname'], params
)
1457 check_auto_select(dev
[0], bssid2
)
1459 def test_ap_hs20_min_bandwidth_roaming(dev
, apdev
):
1460 """Hotspot 2.0 network selection with min bandwidth (roaming)"""
1461 bssid
= apdev
[0]['bssid']
1462 params
= hs20_ap_params()
1463 hostapd
.add_ap(apdev
[0]['ifname'], params
)
1465 dev
[0].hs20_enable()
1466 dev
[0].scan_for_bss(bssid
, freq
="2412")
1467 values
= bw_cred(domain
="example.org", dl_roaming
=5490, ul_roaming
=58)
1468 id = dev
[0].add_cred_values(values
)
1469 check_bandwidth_selection(dev
[0], "roaming", False)
1470 dev
[0].remove_cred(id)
1472 values
= bw_cred(domain
="example.org", dl_roaming
=5491, ul_roaming
=58)
1473 id = dev
[0].add_cred_values(values
)
1474 check_bandwidth_selection(dev
[0], "roaming", True)
1475 dev
[0].remove_cred(id)
1477 values
= bw_cred(domain
="example.org", dl_roaming
=5490, ul_roaming
=59)
1478 id = dev
[0].add_cred_values(values
)
1479 check_bandwidth_selection(dev
[0], "roaming", True)
1480 dev
[0].remove_cred(id)
1482 values
= bw_cred(domain
="example.org", dl_roaming
=5491, ul_roaming
=59)
1483 id = dev
[0].add_cred_values(values
)
1484 check_bandwidth_selection(dev
[0], "roaming", True)
1485 check_auto_select(dev
[0], bssid
)
1487 bssid2
= apdev
[1]['bssid']
1488 params
= hs20_ap_params(ssid
="test-hs20-b")
1489 params
['hs20_wan_metrics'] = "01:8000:1000:1:1:3000"
1490 hostapd
.add_ap(apdev
[1]['ifname'], params
)
1492 check_auto_select(dev
[0], bssid2
)
1494 def test_ap_hs20_min_bandwidth_and_roaming_partner_preference(dev
, apdev
):
1495 """Hotspot 2.0 and minimum bandwidth with roaming partner preference"""
1496 bssid
= apdev
[0]['bssid']
1497 params
= hs20_ap_params()
1498 params
['domain_name'] = "roaming.example.org"
1499 params
['hs20_wan_metrics'] = "01:8000:1000:1:1:3000"
1500 hostapd
.add_ap(apdev
[0]['ifname'], params
)
1502 bssid2
= apdev
[1]['bssid']
1503 params
= hs20_ap_params(ssid
="test-hs20-b")
1504 params
['domain_name'] = "roaming.example.net"
1505 hostapd
.add_ap(apdev
[1]['ifname'], params
)
1507 values
= default_cred()
1508 values
['roaming_partner'] = "roaming.example.net,1,127,*"
1509 id = dev
[0].add_cred_values(values
)
1510 check_auto_select(dev
[0], bssid2
)
1512 dev
[0].set_cred(id, "min_dl_bandwidth_roaming", "6000")
1513 check_auto_select(dev
[0], bssid
)
1515 dev
[0].set_cred(id, "min_dl_bandwidth_roaming", "10000")
1516 check_auto_select(dev
[0], bssid2
)
1518 def test_ap_hs20_min_bandwidth_no_wan_metrics(dev
, apdev
):
1519 """Hotspot 2.0 network selection with min bandwidth but no WAN Metrics"""
1520 bssid
= apdev
[0]['bssid']
1521 params
= hs20_ap_params()
1522 del params
['hs20_wan_metrics']
1523 hostapd
.add_ap(apdev
[0]['ifname'], params
)
1525 dev
[0].hs20_enable()
1526 dev
[0].scan_for_bss(bssid
, freq
="2412")
1527 values
= bw_cred(domain
="example.com", dl_home
=10000, ul_home
=10000,
1528 dl_roaming
=10000, ul_roaming
=10000)
1529 dev
[0].add_cred_values(values
)
1530 check_bandwidth_selection(dev
[0], "home", False)
1532 def test_ap_hs20_deauth_req_ess(dev
, apdev
):
1533 """Hotspot 2.0 connection and deauthentication request for ESS"""
1534 dev
[0].request("SET pmf 2")
1535 eap_test(dev
[0], apdev
[0], "21[3:26]", "TTLS", "user")
1536 dev
[0].dump_monitor()
1537 addr
= dev
[0].p2p_interface_addr()
1538 hapd
= hostapd
.Hostapd(apdev
[0]['ifname'])
1539 hapd
.request("HS20_DEAUTH_REQ " + addr
+ " 1 120 http://example.com/")
1540 ev
= dev
[0].wait_event(["HS20-DEAUTH-IMMINENT-NOTICE"])
1542 raise Exception("Timeout on deauth imminent notice")
1543 if "1 120 http://example.com/" not in ev
:
1544 raise Exception("Unexpected deauth imminent notice: " + ev
)
1545 hapd
.request("DEAUTHENTICATE " + addr
)
1546 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECTED"])
1548 raise Exception("Timeout on disconnection")
1549 if "[TEMP-DISABLED]" not in dev
[0].list_networks()[0]['flags']:
1550 raise Exception("Network not marked temporarily disabled")
1551 ev
= dev
[0].wait_event(["SME: Trying to authenticate",
1552 "Trying to associate",
1553 "CTRL-EVENT-CONNECTED"], timeout
=5)
1555 raise Exception("Unexpected connection attempt")
1557 def test_ap_hs20_deauth_req_bss(dev
, apdev
):
1558 """Hotspot 2.0 connection and deauthentication request for BSS"""
1559 dev
[0].request("SET pmf 2")
1560 eap_test(dev
[0], apdev
[0], "21[3:26]", "TTLS", "user")
1561 dev
[0].dump_monitor()
1562 addr
= dev
[0].p2p_interface_addr()
1563 hapd
= hostapd
.Hostapd(apdev
[0]['ifname'])
1564 hapd
.request("HS20_DEAUTH_REQ " + addr
+ " 0 120 http://example.com/")
1565 ev
= dev
[0].wait_event(["HS20-DEAUTH-IMMINENT-NOTICE"])
1567 raise Exception("Timeout on deauth imminent notice")
1568 if "0 120 http://example.com/" not in ev
:
1569 raise Exception("Unexpected deauth imminent notice: " + ev
)
1570 hapd
.request("DEAUTHENTICATE " + addr
+ " reason=4")
1571 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECTED"])
1573 raise Exception("Timeout on disconnection")
1574 if "reason=4" not in ev
:
1575 raise Exception("Unexpected disconnection reason")
1576 if "[TEMP-DISABLED]" not in dev
[0].list_networks()[0]['flags']:
1577 raise Exception("Network not marked temporarily disabled")
1578 ev
= dev
[0].wait_event(["SME: Trying to authenticate",
1579 "Trying to associate",
1580 "CTRL-EVENT-CONNECTED"], timeout
=5)
1582 raise Exception("Unexpected connection attempt")
1584 def test_ap_hs20_deauth_req_from_radius(dev
, apdev
):
1585 """Hotspot 2.0 connection and deauthentication request from RADIUS"""
1586 bssid
= apdev
[0]['bssid']
1587 params
= hs20_ap_params()
1588 params
['nai_realm'] = [ "0,example.com,21[2:4]" ]
1589 params
['hs20_deauth_req_timeout'] = "2"
1590 hostapd
.add_ap(apdev
[0]['ifname'], params
)
1592 dev
[0].request("SET pmf 2")
1593 dev
[0].hs20_enable()
1594 dev
[0].add_cred_values({ 'realm': "example.com",
1595 'username': "hs20-deauth-test",
1596 'password': "password" })
1597 interworking_select(dev
[0], bssid
, freq
="2412")
1598 interworking_connect(dev
[0], bssid
, "TTLS")
1599 ev
= dev
[0].wait_event(["HS20-DEAUTH-IMMINENT-NOTICE"], timeout
=5)
1601 raise Exception("Timeout on deauth imminent notice")
1602 if " 1 100" not in ev
:
1603 raise Exception("Unexpected deauth imminent contents")
1604 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout
=3)
1606 raise Exception("Timeout on disconnection")
1608 def test_ap_hs20_remediation_required(dev
, apdev
):
1609 """Hotspot 2.0 connection and remediation required from RADIUS"""
1610 bssid
= apdev
[0]['bssid']
1611 params
= hs20_ap_params()
1612 params
['nai_realm'] = [ "0,example.com,21[2:4]" ]
1613 hostapd
.add_ap(apdev
[0]['ifname'], params
)
1615 dev
[0].request("SET pmf 1")
1616 dev
[0].hs20_enable()
1617 dev
[0].add_cred_values({ 'realm': "example.com",
1618 'username': "hs20-subrem-test",
1619 'password': "password" })
1620 interworking_select(dev
[0], bssid
, freq
="2412")
1621 interworking_connect(dev
[0], bssid
, "TTLS")
1622 ev
= dev
[0].wait_event(["HS20-SUBSCRIPTION-REMEDIATION"], timeout
=5)
1624 raise Exception("Timeout on subscription remediation notice")
1625 if " 1 https://example.com/" not in ev
:
1626 raise Exception("Unexpected subscription remediation event contents")
1628 def test_ap_hs20_remediation_required_ctrl(dev
, apdev
):
1629 """Hotspot 2.0 connection and subrem from ctrl_iface"""
1630 bssid
= apdev
[0]['bssid']
1631 addr
= dev
[0].p2p_dev_addr()
1632 params
= hs20_ap_params()
1633 params
['nai_realm'] = [ "0,example.com,21[2:4]" ]
1634 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
1636 dev
[0].request("SET pmf 1")
1637 dev
[0].hs20_enable()
1638 dev
[0].add_cred_values(default_cred())
1639 interworking_select(dev
[0], bssid
, freq
="2412")
1640 interworking_connect(dev
[0], bssid
, "TTLS")
1642 hapd
.request("HS20_WNM_NOTIF " + addr
+ " https://example.com/")
1643 ev
= dev
[0].wait_event(["HS20-SUBSCRIPTION-REMEDIATION"], timeout
=5)
1645 raise Exception("Timeout on subscription remediation notice")
1646 if " 1 https://example.com/" not in ev
:
1647 raise Exception("Unexpected subscription remediation event contents")
1649 hapd
.request("HS20_WNM_NOTIF " + addr
)
1650 ev
= dev
[0].wait_event(["HS20-SUBSCRIPTION-REMEDIATION"], timeout
=5)
1652 raise Exception("Timeout on subscription remediation notice")
1653 if not ev
.endswith("HS20-SUBSCRIPTION-REMEDIATION "):
1654 raise Exception("Unexpected subscription remediation event contents: " + ev
)
1656 if "FAIL" not in hapd
.request("HS20_WNM_NOTIF "):
1657 raise Exception("Unexpected HS20_WNM_NOTIF success")
1658 if "FAIL" not in hapd
.request("HS20_WNM_NOTIF foo"):
1659 raise Exception("Unexpected HS20_WNM_NOTIF success")
1660 if "FAIL" not in hapd
.request("HS20_WNM_NOTIF " + addr
+ " https://12345678923456789842345678456783456712345678923456789842345678456783456712345678923456789842345678456783456712345678923456789842345678456783456712345678923456789842345678456783456712345678923456789842345678456783456712345678923456789842345678456783456712345678927.very.long.example.com/"):
1661 raise Exception("Unexpected HS20_WNM_NOTIF success")
1663 def test_ap_hs20_session_info(dev
, apdev
):
1664 """Hotspot 2.0 connection and session information from RADIUS"""
1665 bssid
= apdev
[0]['bssid']
1666 params
= hs20_ap_params()
1667 params
['nai_realm'] = [ "0,example.com,21[2:4]" ]
1668 hostapd
.add_ap(apdev
[0]['ifname'], params
)
1670 dev
[0].request("SET pmf 1")
1671 dev
[0].hs20_enable()
1672 dev
[0].add_cred_values({ 'realm': "example.com",
1673 'username': "hs20-session-info-test",
1674 'password': "password" })
1675 interworking_select(dev
[0], bssid
, freq
="2412")
1676 interworking_connect(dev
[0], bssid
, "TTLS")
1677 ev
= dev
[0].wait_event(["ESS-DISASSOC-IMMINENT"], timeout
=10)
1679 raise Exception("Timeout on ESS disassociation imminent notice")
1680 if " 1 59904 https://example.com/" not in ev
:
1681 raise Exception("Unexpected ESS disassociation imminent event contents")
1682 ev
= dev
[0].wait_event(["CTRL-EVENT-SCAN-STARTED"])
1684 raise Exception("Scan not started")
1685 ev
= dev
[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"])
1687 raise Exception("Scan not completed")
1689 def test_ap_hs20_osen(dev
, apdev
):
1690 """Hotspot 2.0 OSEN connection"""
1691 params
= { 'ssid': "osen",
1693 'auth_server_addr': "127.0.0.1",
1694 'auth_server_port': "1812",
1695 'auth_server_shared_secret': "radius" }
1696 hostapd
.add_ap(apdev
[0]['ifname'], params
)
1698 dev
[1].connect("osen", key_mgmt
="NONE", scan_freq
="2412",
1700 dev
[2].connect("osen", key_mgmt
="NONE", wep_key0
='"hello"',
1701 scan_freq
="2412", wait_connect
=False)
1702 dev
[0].connect("osen", proto
="OSEN", key_mgmt
="OSEN", pairwise
="CCMP",
1703 group
="GTK_NOT_USED",
1704 eap
="WFA-UNAUTH-TLS", identity
="osen@example.com",
1705 ca_cert
="auth_serv/ca.pem",
1708 wpas
= WpaSupplicant(global_iface
='/tmp/wpas-wlan5')
1709 wpas
.interface_add("wlan5", drv_params
="force_connect_cmd=1")
1710 wpas
.connect("osen", proto
="OSEN", key_mgmt
="OSEN", pairwise
="CCMP",
1711 group
="GTK_NOT_USED",
1712 eap
="WFA-UNAUTH-TLS", identity
="osen@example.com",
1713 ca_cert
="auth_serv/ca.pem",
1715 wpas
.request("DISCONNECT")
1717 def test_ap_hs20_network_preference(dev
, apdev
):
1718 """Hotspot 2.0 network selection with preferred home network"""
1719 bssid
= apdev
[0]['bssid']
1720 params
= hs20_ap_params()
1721 hostapd
.add_ap(apdev
[0]['ifname'], params
)
1723 dev
[0].hs20_enable()
1724 values
= { 'realm': "example.com",
1725 'username': "hs20-test",
1726 'password': "password",
1727 'domain': "example.com" }
1728 dev
[0].add_cred_values(values
)
1730 id = dev
[0].add_network()
1731 dev
[0].set_network_quoted(id, "ssid", "home")
1732 dev
[0].set_network_quoted(id, "psk", "12345678")
1733 dev
[0].set_network(id, "priority", "1")
1734 dev
[0].request("ENABLE_NETWORK %s no-connect" % id)
1736 dev
[0].scan_for_bss(bssid
, freq
="2412")
1737 dev
[0].request("INTERWORKING_SELECT auto freq=2412")
1738 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=15)
1740 raise Exception("Connection timed out")
1742 raise Exception("Unexpected network selected")
1744 bssid2
= apdev
[1]['bssid']
1745 params
= hostapd
.wpa2_params(ssid
="home", passphrase
="12345678")
1746 hostapd
.add_ap(apdev
[1]['ifname'], params
)
1748 dev
[0].scan_for_bss(bssid2
, freq
="2412")
1749 dev
[0].request("INTERWORKING_SELECT auto freq=2412")
1750 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED",
1751 "INTERWORKING-ALREADY-CONNECTED" ], timeout
=15)
1753 raise Exception("Connection timed out")
1754 if "INTERWORKING-ALREADY-CONNECTED" in ev
:
1755 raise Exception("No roam to higher priority network")
1756 if bssid2
not in ev
:
1757 raise Exception("Unexpected network selected")
1759 def test_ap_hs20_network_preference2(dev
, apdev
):
1760 """Hotspot 2.0 network selection with preferred credential"""
1761 bssid2
= apdev
[1]['bssid']
1762 params
= hostapd
.wpa2_params(ssid
="home", passphrase
="12345678")
1763 hostapd
.add_ap(apdev
[1]['ifname'], params
)
1765 dev
[0].hs20_enable()
1766 values
= { 'realm': "example.com",
1767 'username': "hs20-test",
1768 'password': "password",
1769 'domain': "example.com",
1771 dev
[0].add_cred_values(values
)
1773 id = dev
[0].add_network()
1774 dev
[0].set_network_quoted(id, "ssid", "home")
1775 dev
[0].set_network_quoted(id, "psk", "12345678")
1776 dev
[0].request("ENABLE_NETWORK %s no-connect" % id)
1778 dev
[0].scan_for_bss(bssid2
, freq
="2412")
1779 dev
[0].request("INTERWORKING_SELECT auto freq=2412")
1780 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=15)
1782 raise Exception("Connection timed out")
1783 if bssid2
not in ev
:
1784 raise Exception("Unexpected network selected")
1786 bssid
= apdev
[0]['bssid']
1787 params
= hs20_ap_params()
1788 hostapd
.add_ap(apdev
[0]['ifname'], params
)
1790 dev
[0].scan_for_bss(bssid
, freq
="2412")
1791 dev
[0].request("INTERWORKING_SELECT auto freq=2412")
1792 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED",
1793 "INTERWORKING-ALREADY-CONNECTED" ], timeout
=15)
1795 raise Exception("Connection timed out")
1796 if "INTERWORKING-ALREADY-CONNECTED" in ev
:
1797 raise Exception("No roam to higher priority network")
1799 raise Exception("Unexpected network selected")
1801 def test_ap_hs20_network_preference3(dev
, apdev
):
1802 """Hotspot 2.0 network selection with two credential (one preferred)"""
1803 bssid
= apdev
[0]['bssid']
1804 params
= hs20_ap_params()
1805 hostapd
.add_ap(apdev
[0]['ifname'], params
)
1807 bssid2
= apdev
[1]['bssid']
1808 params
= hs20_ap_params(ssid
="test-hs20b")
1809 params
['nai_realm'] = "0,example.org,13[5:6],21[2:4][5:7]"
1810 hostapd
.add_ap(apdev
[1]['ifname'], params
)
1812 dev
[0].hs20_enable()
1813 values
= { 'realm': "example.com",
1814 'username': "hs20-test",
1815 'password': "password",
1817 dev
[0].add_cred_values(values
)
1818 values
= { 'realm': "example.org",
1819 'username': "hs20-test",
1820 'password': "password" }
1821 id = dev
[0].add_cred_values(values
)
1823 dev
[0].scan_for_bss(bssid
, freq
="2412")
1824 dev
[0].scan_for_bss(bssid2
, freq
="2412")
1825 dev
[0].request("INTERWORKING_SELECT auto freq=2412")
1826 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=15)
1828 raise Exception("Connection timed out")
1830 raise Exception("Unexpected network selected")
1832 dev
[0].set_cred(id, "priority", "2")
1833 dev
[0].request("INTERWORKING_SELECT auto freq=2412")
1834 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED",
1835 "INTERWORKING-ALREADY-CONNECTED" ], timeout
=15)
1837 raise Exception("Connection timed out")
1838 if "INTERWORKING-ALREADY-CONNECTED" in ev
:
1839 raise Exception("No roam to higher priority network")
1840 if bssid2
not in ev
:
1841 raise Exception("Unexpected network selected")
1843 def test_ap_hs20_network_preference4(dev
, apdev
):
1844 """Hotspot 2.0 network selection with username vs. SIM credential"""
1845 bssid
= apdev
[0]['bssid']
1846 params
= hs20_ap_params()
1847 hostapd
.add_ap(apdev
[0]['ifname'], params
)
1849 bssid2
= apdev
[1]['bssid']
1850 params
= hs20_ap_params(ssid
="test-hs20b")
1851 params
['hessid'] = bssid2
1852 params
['anqp_3gpp_cell_net'] = "555,444"
1853 params
['domain_name'] = "wlan.mnc444.mcc555.3gppnetwork.org"
1854 hostapd
.add_ap(apdev
[1]['ifname'], params
)
1856 dev
[0].hs20_enable()
1857 values
= { 'realm': "example.com",
1858 'username': "hs20-test",
1859 'password': "password",
1861 dev
[0].add_cred_values(values
)
1862 values
= { 'imsi': "555444-333222111",
1864 'milenage': "5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123" }
1865 id = dev
[0].add_cred_values(values
)
1867 dev
[0].scan_for_bss(bssid
, freq
="2412")
1868 dev
[0].scan_for_bss(bssid2
, freq
="2412")
1869 dev
[0].request("INTERWORKING_SELECT auto freq=2412")
1870 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=15)
1872 raise Exception("Connection timed out")
1874 raise Exception("Unexpected network selected")
1876 dev
[0].set_cred(id, "priority", "2")
1877 dev
[0].request("INTERWORKING_SELECT auto freq=2412")
1878 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED",
1879 "INTERWORKING-ALREADY-CONNECTED" ], timeout
=15)
1881 raise Exception("Connection timed out")
1882 if "INTERWORKING-ALREADY-CONNECTED" in ev
:
1883 raise Exception("No roam to higher priority network")
1884 if bssid2
not in ev
:
1885 raise Exception("Unexpected network selected")
1887 def test_ap_hs20_fetch_osu(dev
, apdev
):
1888 """Hotspot 2.0 OSU provider and icon fetch"""
1889 bssid
= apdev
[0]['bssid']
1890 params
= hs20_ap_params()
1891 params
['hs20_icon'] = "128:80:zxx:image/png:w1fi_logo:w1fi_logo.png"
1892 params
['osu_ssid'] = '"HS 2.0 OSU open"'
1893 params
['osu_method_list'] = "1"
1894 params
['osu_friendly_name'] = [ "eng:Test OSU", "fin:Testi-OSU" ]
1895 params
['osu_icon'] = "w1fi_logo"
1896 params
['osu_service_desc'] = [ "eng:Example services", "fin:Esimerkkipalveluja" ]
1897 params
['osu_server_uri'] = "https://example.com/osu/"
1898 hostapd
.add_ap(apdev
[0]['ifname'], params
)
1900 bssid2
= apdev
[1]['bssid']
1901 params
= hs20_ap_params(ssid
="test-hs20b")
1902 params
['hessid'] = bssid2
1903 params
['hs20_icon'] = "128:80:zxx:image/png:w1fi_logo:w1fi_logo.png"
1904 params
['osu_ssid'] = '"HS 2.0 OSU OSEN"'
1905 params
['osu_method_list'] = "0"
1906 params
['osu_nai'] = "osen@example.com"
1907 params
['osu_friendly_name'] = [ "eng:Test2 OSU", "fin:Testi2-OSU" ]
1908 params
['osu_icon'] = "w1fi_logo"
1909 params
['osu_service_desc'] = [ "eng:Example services2", "fin:Esimerkkipalveluja2" ]
1910 params
['osu_server_uri'] = "https://example.org/osu/"
1911 hostapd
.add_ap(apdev
[1]['ifname'], params
)
1913 with
open("w1fi_logo.png", "r") as f
:
1914 orig_logo
= f
.read()
1915 dev
[0].hs20_enable()
1916 dir = "/tmp/osu-fetch"
1917 if os
.path
.isdir(dir):
1918 files
= [ f
for f
in os
.listdir(dir) if f
.startswith("osu-") ]
1920 os
.remove(dir + "/" + f
)
1927 dev
[1].scan(freq
="2412")
1928 dev
[0].request("SET osu_dir " + dir)
1929 dev
[0].request("FETCH_OSU")
1930 if "OK" not in dev
[1].request("HS20_ICON_REQUEST " + bssid
+ " w1fi_logo"):
1931 raise Exception("HS20_ICON_REQUEST failed")
1934 ev
= dev
[0].wait_event(["OSU provider fetch completed",
1935 "RX-HS20-ANQP-ICON"], timeout
=15)
1937 raise Exception("Timeout on OSU fetch")
1938 if "OSU provider fetch completed" in ev
:
1940 if "RX-HS20-ANQP-ICON" in ev
:
1941 with
open(ev
.split(' ')[1], "r") as f
:
1943 if logo
== orig_logo
:
1946 with
open(dir + "/osu-providers.txt", "r") as f
:
1948 if "OSU-PROVIDER " + bssid
not in prov
:
1949 raise Exception("Missing OSU_PROVIDER")
1950 if "OSU-PROVIDER " + bssid2
not in prov
:
1951 raise Exception("Missing OSU_PROVIDER")
1953 files
= [ f
for f
in os
.listdir(dir) if f
.startswith("osu-") ]
1955 os
.remove(dir + "/" + f
)
1959 raise Exception("Unexpected number of icons fetched")
1961 ev
= dev
[1].wait_event(["GAS-QUERY-START"], timeout
=5)
1963 raise Exception("Timeout on GAS-QUERY-DONE")
1964 ev
= dev
[1].wait_event(["GAS-QUERY-DONE"], timeout
=5)
1966 raise Exception("Timeout on GAS-QUERY-DONE")
1967 if "freq=2412 status_code=0 result=SUCCESS" not in ev
:
1968 raise Exception("Unexpected GAS-QUERY-DONE: " + ev
)
1969 ev
= dev
[1].wait_event(["RX-HS20-ANQP"], timeout
=15)
1971 raise Exception("Timeout on icon fetch")
1972 if "Icon Binary File" not in ev
:
1973 raise Exception("Unexpected ANQP element")
1975 def test_ap_hs20_ft(dev
, apdev
):
1976 """Hotspot 2.0 connection with FT"""
1977 bssid
= apdev
[0]['bssid']
1978 params
= hs20_ap_params()
1979 params
['wpa_key_mgmt'] = "FT-EAP"
1980 params
['nas_identifier'] = "nas1.w1.fi"
1981 params
['r1_key_holder'] = "000102030405"
1982 params
["mobility_domain"] = "a1b2"
1983 params
["reassociation_deadline"] = "1000"
1984 hostapd
.add_ap(apdev
[0]['ifname'], params
)
1986 dev
[0].hs20_enable()
1987 id = dev
[0].add_cred_values({ 'realm': "example.com",
1988 'username': "hs20-test",
1989 'password': "password",
1990 'ca_cert': "auth_serv/ca.pem",
1991 'domain': "example.com",
1992 'update_identifier': "1234" })
1993 interworking_select(dev
[0], bssid
, "home", freq
="2412")
1994 interworking_connect(dev
[0], bssid
, "TTLS")
1996 def test_ap_hs20_remediation_sql(dev
, apdev
, params
):
1997 """Hotspot 2.0 connection and remediation required using SQLite for user DB"""
2002 dbfile
= os
.path
.join(params
['logdir'], "eap-user.db")
2007 con
= sqlite3
.connect(dbfile
)
2010 cur
.execute("CREATE TABLE users(identity TEXT PRIMARY KEY, methods TEXT, password TEXT, remediation TEXT, phase2 INTEGER)")
2011 cur
.execute("CREATE TABLE wildcards(identity TEXT PRIMARY KEY, methods TEXT)")
2012 cur
.execute("INSERT INTO users(identity,methods,password,phase2,remediation) VALUES ('user-mschapv2','TTLS-MSCHAPV2','password',1,'user')")
2013 cur
.execute("INSERT INTO wildcards(identity,methods) VALUES ('','TTLS,TLS')")
2014 cur
.execute("CREATE TABLE authlog(timestamp TEXT, session TEXT, nas_ip TEXT, username TEXT, note TEXT)")
2017 params
= { "ssid": "as", "beacon_int": "2000",
2018 "radius_server_clients": "auth_serv/radius_clients.conf",
2019 "radius_server_auth_port": '18128',
2021 "eap_user_file": "sqlite:" + dbfile
,
2022 "ca_cert": "auth_serv/ca.pem",
2023 "server_cert": "auth_serv/server.pem",
2024 "private_key": "auth_serv/server.key",
2025 "subscr_remediation_url": "https://example.org/",
2026 "subscr_remediation_method": "1" }
2027 hostapd
.add_ap(apdev
[1]['ifname'], params
)
2029 bssid
= apdev
[0]['bssid']
2030 params
= hs20_ap_params()
2031 params
['auth_server_port'] = "18128"
2032 hostapd
.add_ap(apdev
[0]['ifname'], params
)
2034 dev
[0].request("SET pmf 1")
2035 dev
[0].hs20_enable()
2036 id = dev
[0].add_cred_values({ 'realm': "example.com",
2037 'username': "user-mschapv2",
2038 'password': "password",
2039 'ca_cert': "auth_serv/ca.pem" })
2040 interworking_select(dev
[0], bssid
, freq
="2412")
2041 interworking_connect(dev
[0], bssid
, "TTLS")
2042 ev
= dev
[0].wait_event(["HS20-SUBSCRIPTION-REMEDIATION"], timeout
=5)
2044 raise Exception("Timeout on subscription remediation notice")
2045 if " 1 https://example.org/" not in ev
:
2046 raise Exception("Unexpected subscription remediation event contents")
2050 cur
.execute("SELECT * from authlog")
2051 rows
= cur
.fetchall()
2053 raise Exception("No authlog entries")
2058 def test_ap_hs20_external_selection(dev
, apdev
):
2059 """Hotspot 2.0 connection using external network selection and creation"""
2060 bssid
= apdev
[0]['bssid']
2061 params
= hs20_ap_params()
2062 params
['hessid'] = bssid
2063 params
['disable_dgaf'] = '1'
2064 hostapd
.add_ap(apdev
[0]['ifname'], params
)
2066 dev
[0].hs20_enable()
2067 dev
[0].connect("test-hs20", proto
="RSN", key_mgmt
="WPA-EAP", eap
="TTLS",
2068 identity
="hs20-test", password
="password",
2069 ca_cert
="auth_serv/ca.pem", phase2
="auth=MSCHAPV2",
2070 scan_freq
="2412", update_identifier
="54321")
2071 if dev
[0].get_status_field("hs20") != "2":
2072 raise Exception("Unexpected hs20 indication")