]>
git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_ap_psk.py
2 # Copyright (c) 2014, Qualcomm Atheros, Inc.
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
11 logger
= logging
.getLogger()
19 from utils
import HwsimSkip
21 from wpasupplicant
import WpaSupplicant
23 def check_mib(dev
, vals
):
27 raise Exception("Unexpected {} = {} (expected {})".format(v
[0], mib
[v
[0]], v
[1]))
29 def test_ap_wpa2_psk(dev
, apdev
):
30 """WPA2-PSK AP with PSK instead of passphrase"""
31 ssid
= "test-wpa2-psk"
32 passphrase
= 'qwertyuiop'
33 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
34 params
= hostapd
.wpa2_params(ssid
=ssid
)
35 params
['wpa_psk'] = psk
36 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
37 key_mgmt
= hapd
.get_config()['key_mgmt']
38 if key_mgmt
.split(' ')[0] != "WPA-PSK":
39 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
40 dev
[0].connect(ssid
, raw_psk
=psk
, scan_freq
="2412")
41 dev
[1].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
43 sig
= dev
[0].request("SIGNAL_POLL").splitlines()
44 pkt
= dev
[0].request("PKTCNT_POLL").splitlines()
45 if "FREQUENCY=2412" not in sig
:
46 raise Exception("Unexpected SIGNAL_POLL value: " + str(sig
))
47 if "TXBAD=0" not in pkt
:
48 raise Exception("Unexpected TXBAD value: " + str(pkt
))
50 def test_ap_wpa2_psk_file(dev
, apdev
):
51 """WPA2-PSK AP with PSK from a file"""
52 ssid
= "test-wpa2-psk"
53 passphrase
= 'qwertyuiop'
54 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
55 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
56 params
['wpa_psk_file'] = 'hostapd.wpa_psk'
57 hostapd
.add_ap(apdev
[0]['ifname'], params
)
58 dev
[1].connect(ssid
, psk
="very secret", scan_freq
="2412", wait_connect
=False)
59 dev
[2].connect(ssid
, raw_psk
=psk
, scan_freq
="2412")
60 dev
[2].request("REMOVE_NETWORK all")
61 dev
[0].connect(ssid
, psk
="very secret", scan_freq
="2412")
62 dev
[0].request("REMOVE_NETWORK all")
63 dev
[2].connect(ssid
, psk
="another passphrase for all STAs", scan_freq
="2412")
64 dev
[0].connect(ssid
, psk
="another passphrase for all STAs", scan_freq
="2412")
65 ev
= dev
[1].wait_event(["WPA: 4-Way Handshake failed"], timeout
=10)
67 raise Exception("Timed out while waiting for failure report")
68 dev
[1].request("REMOVE_NETWORK all")
70 def test_ap_wpa2_ptk_rekey(dev
, apdev
):
71 """WPA2-PSK AP and PTK rekey enforced by station"""
72 ssid
= "test-wpa2-psk"
73 passphrase
= 'qwertyuiop'
74 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
75 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
76 dev
[0].connect(ssid
, psk
=passphrase
, wpa_ptk_rekey
="1", scan_freq
="2412")
77 ev
= dev
[0].wait_event(["WPA: Key negotiation completed"])
79 raise Exception("PTK rekey timed out")
80 hwsim_utils
.test_connectivity(dev
[0], hapd
)
82 def test_ap_wpa2_ptk_rekey_ap(dev
, apdev
):
83 """WPA2-PSK AP and PTK rekey enforced by AP"""
84 ssid
= "test-wpa2-psk"
85 passphrase
= 'qwertyuiop'
86 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
87 params
['wpa_ptk_rekey'] = '2'
88 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
89 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
90 ev
= dev
[0].wait_event(["WPA: Key negotiation completed"])
92 raise Exception("PTK rekey timed out")
93 hwsim_utils
.test_connectivity(dev
[0], hapd
)
95 def test_ap_wpa2_sha256_ptk_rekey(dev
, apdev
):
96 """WPA2-PSK/SHA256 AKM AP and PTK rekey enforced by station"""
97 ssid
= "test-wpa2-psk"
98 passphrase
= 'qwertyuiop'
99 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
100 params
["wpa_key_mgmt"] = "WPA-PSK-SHA256"
101 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
102 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK-SHA256",
103 wpa_ptk_rekey
="1", scan_freq
="2412")
104 ev
= dev
[0].wait_event(["WPA: Key negotiation completed"])
106 raise Exception("PTK rekey timed out")
107 hwsim_utils
.test_connectivity(dev
[0], hapd
)
108 check_mib(dev
[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-6"),
109 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-6") ])
111 def test_ap_wpa2_sha256_ptk_rekey_ap(dev
, apdev
):
112 """WPA2-PSK/SHA256 AKM AP and PTK rekey enforced by AP"""
113 ssid
= "test-wpa2-psk"
114 passphrase
= 'qwertyuiop'
115 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
116 params
["wpa_key_mgmt"] = "WPA-PSK-SHA256"
117 params
['wpa_ptk_rekey'] = '2'
118 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
119 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK-SHA256",
121 ev
= dev
[0].wait_event(["WPA: Key negotiation completed"])
123 raise Exception("PTK rekey timed out")
124 hwsim_utils
.test_connectivity(dev
[0], hapd
)
125 check_mib(dev
[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-6"),
126 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-6") ])
128 def test_ap_wpa_ptk_rekey(dev
, apdev
):
129 """WPA-PSK/TKIP AP and PTK rekey enforced by station"""
130 ssid
= "test-wpa-psk"
131 passphrase
= 'qwertyuiop'
132 params
= hostapd
.wpa_params(ssid
=ssid
, passphrase
=passphrase
)
133 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
134 dev
[0].connect(ssid
, psk
=passphrase
, wpa_ptk_rekey
="1", scan_freq
="2412")
135 if "[WPA-PSK-TKIP]" not in dev
[0].request("SCAN_RESULTS"):
136 raise Exception("Scan results missing WPA element info")
137 ev
= dev
[0].wait_event(["WPA: Key negotiation completed"])
139 raise Exception("PTK rekey timed out")
140 hwsim_utils
.test_connectivity(dev
[0], hapd
)
142 def test_ap_wpa_ptk_rekey_ap(dev
, apdev
):
143 """WPA-PSK/TKIP AP and PTK rekey enforced by AP"""
144 ssid
= "test-wpa-psk"
145 passphrase
= 'qwertyuiop'
146 params
= hostapd
.wpa_params(ssid
=ssid
, passphrase
=passphrase
)
147 params
['wpa_ptk_rekey'] = '2'
148 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
149 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
150 ev
= dev
[0].wait_event(["WPA: Key negotiation completed"], timeout
=10)
152 raise Exception("PTK rekey timed out")
153 hwsim_utils
.test_connectivity(dev
[0], hapd
)
155 def test_ap_wpa_ccmp(dev
, apdev
):
157 ssid
= "test-wpa-psk"
158 passphrase
= 'qwertyuiop'
159 params
= hostapd
.wpa_params(ssid
=ssid
, passphrase
=passphrase
)
160 params
['wpa_pairwise'] = "CCMP"
161 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
162 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
163 hwsim_utils
.test_connectivity(dev
[0], hapd
)
164 check_mib(dev
[0], [ ("dot11RSNAConfigGroupCipherSize", "128"),
165 ("dot11RSNAGroupCipherRequested", "00-50-f2-4"),
166 ("dot11RSNAPairwiseCipherRequested", "00-50-f2-4"),
167 ("dot11RSNAAuthenticationSuiteRequested", "00-50-f2-2"),
168 ("dot11RSNAGroupCipherSelected", "00-50-f2-4"),
169 ("dot11RSNAPairwiseCipherSelected", "00-50-f2-4"),
170 ("dot11RSNAAuthenticationSuiteSelected", "00-50-f2-2"),
171 ("dot1xSuppSuppControlledPortStatus", "Authorized") ])
173 def test_ap_wpa2_psk_file(dev
, apdev
):
174 """WPA2-PSK AP with various PSK file error and success cases"""
175 addr0
= dev
[0].own_addr()
176 addr1
= dev
[1].own_addr()
177 addr2
= dev
[2].own_addr()
179 pskfile
= "/tmp/ap_wpa2_psk_file_errors.psk_file"
185 params
= { "ssid": ssid
, "wpa": "2", "wpa_key_mgmt": "WPA-PSK",
186 "rsn_pairwise": "CCMP", "wpa_psk_file": pskfile
}
190 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
, no_enable
=True)
191 if "FAIL" not in hapd
.request("ENABLE"):
192 raise Exception("Unexpected ENABLE success")
193 hapd
.request("DISABLE")
195 # invalid MAC address
196 with
open(pskfile
, "w") as f
:
199 if "FAIL" not in hapd
.request("ENABLE"):
200 raise Exception("Unexpected ENABLE success")
201 hapd
.request("DISABLE")
204 with
open(pskfile
, "w") as f
:
205 f
.write("00:11:22:33:44:55\n")
206 if "FAIL" not in hapd
.request("ENABLE"):
207 raise Exception("Unexpected ENABLE success")
208 hapd
.request("DISABLE")
211 with
open(pskfile
, "w") as f
:
212 f
.write("00:11:22:33:44:55 1234567\n")
213 if "FAIL" not in hapd
.request("ENABLE"):
214 raise Exception("Unexpected ENABLE success")
215 hapd
.request("DISABLE")
218 with
open(pskfile
, "w") as f
:
219 f
.write("00:11:22:33:44:55 12345678\n")
220 f
.write(addr0
+ " 123456789\n")
221 f
.write(addr1
+ " 123456789a\n")
222 f
.write(addr2
+ " 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\n")
223 if "FAIL" in hapd
.request("ENABLE"):
224 raise Exception("Unexpected ENABLE failure")
226 dev
[0].connect(ssid
, psk
="123456789", scan_freq
="2412")
227 dev
[1].connect(ssid
, psk
="123456789a", scan_freq
="2412")
228 dev
[2].connect(ssid
, raw_psk
="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef", scan_freq
="2412")
236 def test_ap_wpa2_psk_wildcard_ssid(dev
, apdev
):
237 """WPA2-PSK AP and wildcard SSID configuration"""
238 ssid
= "test-wpa2-psk"
239 passphrase
= 'qwertyuiop'
240 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
241 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
242 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
243 dev
[0].connect("", bssid
=apdev
[0]['bssid'], psk
=passphrase
,
245 dev
[1].connect("", bssid
=apdev
[0]['bssid'], raw_psk
=psk
, scan_freq
="2412")
247 def test_ap_wpa2_gtk_rekey(dev
, apdev
):
248 """WPA2-PSK AP and GTK rekey enforced by AP"""
249 ssid
= "test-wpa2-psk"
250 passphrase
= 'qwertyuiop'
251 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
252 params
['wpa_group_rekey'] = '1'
253 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
254 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
255 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
257 raise Exception("GTK rekey timed out")
258 hwsim_utils
.test_connectivity(dev
[0], hapd
)
260 def test_ap_wpa_gtk_rekey(dev
, apdev
):
261 """WPA-PSK/TKIP AP and GTK rekey enforced by AP"""
262 ssid
= "test-wpa-psk"
263 passphrase
= 'qwertyuiop'
264 params
= hostapd
.wpa_params(ssid
=ssid
, passphrase
=passphrase
)
265 params
['wpa_group_rekey'] = '1'
266 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
267 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
268 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
270 raise Exception("GTK rekey timed out")
271 hwsim_utils
.test_connectivity(dev
[0], hapd
)
273 def test_ap_wpa2_gmk_rekey(dev
, apdev
):
274 """WPA2-PSK AP and GMK and GTK rekey enforced by AP"""
275 ssid
= "test-wpa2-psk"
276 passphrase
= 'qwertyuiop'
277 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
278 params
['wpa_group_rekey'] = '1'
279 params
['wpa_gmk_rekey'] = '2'
280 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
281 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
282 for i
in range(0, 3):
283 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
285 raise Exception("GTK rekey timed out")
286 hwsim_utils
.test_connectivity(dev
[0], hapd
)
288 def test_ap_wpa2_strict_rekey(dev
, apdev
):
289 """WPA2-PSK AP and strict GTK rekey enforced by AP"""
290 ssid
= "test-wpa2-psk"
291 passphrase
= 'qwertyuiop'
292 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
293 params
['wpa_strict_rekey'] = '1'
294 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
295 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
296 dev
[1].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
297 dev
[1].request("DISCONNECT")
298 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
300 raise Exception("GTK rekey timed out")
301 hwsim_utils
.test_connectivity(dev
[0], hapd
)
303 def test_ap_wpa2_bridge_fdb(dev
, apdev
):
304 """Bridge FDB entry removal"""
306 ssid
= "test-wpa2-psk"
307 passphrase
= "12345678"
308 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
309 params
['bridge'] = 'ap-br0'
310 hostapd
.add_ap(apdev
[0]['ifname'], params
)
311 subprocess
.call(['sudo', 'brctl', 'setfd', 'ap-br0', '0'])
312 subprocess
.call(['sudo', 'ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
313 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412",
314 bssid
=apdev
[0]['bssid'])
315 dev
[1].connect(ssid
, psk
=passphrase
, scan_freq
="2412",
316 bssid
=apdev
[0]['bssid'])
317 addr0
= dev
[0].p2p_interface_addr()
318 hwsim_utils
.test_connectivity_sta(dev
[0], dev
[1])
319 cmd
= subprocess
.Popen(['brctl', 'showmacs', 'ap-br0'],
320 stdout
=subprocess
.PIPE
)
321 macs1
= cmd
.stdout
.read()
322 dev
[0].request("DISCONNECT")
323 dev
[1].request("DISCONNECT")
325 cmd
= subprocess
.Popen(['brctl', 'showmacs', 'ap-br0'],
326 stdout
=subprocess
.PIPE
)
327 macs2
= cmd
.stdout
.read()
329 addr1
= dev
[1].p2p_interface_addr()
330 if addr0
not in macs1
or addr1
not in macs1
:
331 raise Exception("Bridge FDB entry missing")
332 if addr0
in macs2
or addr1
in macs2
:
333 raise Exception("Bridge FDB entry was not removed")
335 subprocess
.call(['sudo', 'ip', 'link', 'set', 'dev', 'ap-br0', 'down'])
336 subprocess
.call(['sudo', 'brctl', 'delbr', 'ap-br0'])
338 def test_ap_wpa2_already_in_bridge(dev
, apdev
):
339 """hostapd behavior with interface already in bridge"""
340 ifname
= apdev
[0]['ifname']
341 br_ifname
= 'ext-ap-br0'
343 ssid
= "test-wpa2-psk"
344 passphrase
= "12345678"
345 subprocess
.call(['brctl', 'addbr', br_ifname
])
346 subprocess
.call(['brctl', 'setfd', br_ifname
, '0'])
347 subprocess
.call(['ip', 'link', 'set', 'dev', br_ifname
, 'up'])
348 subprocess
.call(['iw', ifname
, 'set', 'type', '__ap'])
349 subprocess
.call(['brctl', 'addif', br_ifname
, ifname
])
350 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
351 hapd
= hostapd
.add_ap(ifname
, params
)
352 if hapd
.get_driver_status_field('brname') != br_ifname
:
353 raise Exception("Bridge name not identified correctly")
354 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
356 subprocess
.call(['ip', 'link', 'set', 'dev', br_ifname
, 'down'])
357 subprocess
.call(['brctl', 'delif', br_ifname
, ifname
])
358 subprocess
.call(['iw', ifname
, 'set', 'type', 'station'])
359 subprocess
.call(['brctl', 'delbr', br_ifname
])
361 def test_ap_wpa2_in_different_bridge(dev
, apdev
):
362 """hostapd behavior with interface in different bridge"""
363 ifname
= apdev
[0]['ifname']
364 br_ifname
= 'ext-ap-br0'
366 ssid
= "test-wpa2-psk"
367 passphrase
= "12345678"
368 subprocess
.call(['brctl', 'addbr', br_ifname
])
369 subprocess
.call(['brctl', 'setfd', br_ifname
, '0'])
370 subprocess
.call(['ip', 'link', 'set', 'dev', br_ifname
, 'up'])
371 subprocess
.call(['iw', ifname
, 'set', 'type', '__ap'])
372 subprocess
.call(['brctl', 'addif', br_ifname
, ifname
])
374 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
375 params
['bridge'] = 'ap-br0'
376 hapd
= hostapd
.add_ap(ifname
, params
)
377 subprocess
.call(['brctl', 'setfd', 'ap-br0', '0'])
378 subprocess
.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
379 brname
= hapd
.get_driver_status_field('brname')
380 if brname
!= 'ap-br0':
381 raise Exception("Incorrect bridge: " + brname
)
382 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
383 hwsim_utils
.test_connectivity_iface(dev
[0], hapd
, "ap-br0")
384 if hapd
.get_driver_status_field("added_bridge") != "1":
385 raise Exception("Unexpected added_bridge value")
386 if hapd
.get_driver_status_field("added_if_into_bridge") != "1":
387 raise Exception("Unexpected added_if_into_bridge value")
388 dev
[0].request("DISCONNECT")
391 subprocess
.call(['ip', 'link', 'set', 'dev', br_ifname
, 'down'])
392 subprocess
.call(['brctl', 'delif', br_ifname
, ifname
],
393 stderr
=open('/dev/null', 'w'))
394 subprocess
.call(['brctl', 'delbr', br_ifname
])
396 def test_ap_wpa2_ext_add_to_bridge(dev
, apdev
):
397 """hostapd behavior with interface added to bridge externally"""
398 ifname
= apdev
[0]['ifname']
399 br_ifname
= 'ext-ap-br0'
401 ssid
= "test-wpa2-psk"
402 passphrase
= "12345678"
403 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
404 hapd
= hostapd
.add_ap(ifname
, params
)
406 subprocess
.call(['brctl', 'addbr', br_ifname
])
407 subprocess
.call(['brctl', 'setfd', br_ifname
, '0'])
408 subprocess
.call(['ip', 'link', 'set', 'dev', br_ifname
, 'up'])
409 subprocess
.call(['brctl', 'addif', br_ifname
, ifname
])
410 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
411 if hapd
.get_driver_status_field('brname') != br_ifname
:
412 raise Exception("Bridge name not identified correctly")
414 subprocess
.call(['ip', 'link', 'set', 'dev', br_ifname
, 'down'])
415 subprocess
.call(['brctl', 'delif', br_ifname
, ifname
])
416 subprocess
.call(['brctl', 'delbr', br_ifname
])
418 def test_ap_wpa2_psk_ext(dev
, apdev
):
419 """WPA2-PSK AP using external EAPOL I/O"""
420 bssid
= apdev
[0]['bssid']
421 ssid
= "test-wpa2-psk"
422 passphrase
= 'qwertyuiop'
423 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
424 params
= hostapd
.wpa2_params(ssid
=ssid
)
425 params
['wpa_psk'] = psk
426 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
427 hapd
.request("SET ext_eapol_frame_io 1")
428 dev
[0].request("SET ext_eapol_frame_io 1")
429 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412", wait_connect
=False)
430 addr
= dev
[0].p2p_interface_addr()
432 ev
= hapd
.wait_event(["EAPOL-TX", "AP-STA-CONNECTED"], timeout
=15)
434 raise Exception("Timeout on EAPOL-TX from hostapd")
435 if "AP-STA-CONNECTED" in ev
:
436 dev
[0].wait_connected(timeout
=15)
438 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
440 raise Exception("EAPOL_RX to wpa_supplicant failed")
441 ev
= dev
[0].wait_event(["EAPOL-TX", "CTRL-EVENT-CONNECTED"], timeout
=15)
443 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
444 if "CTRL-EVENT-CONNECTED" in ev
:
446 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
448 raise Exception("EAPOL_RX to hostapd failed")
450 def parse_eapol(data
):
451 (version
, type, length
) = struct
.unpack('>BBH', data
[0:4])
453 if length
> len(payload
):
454 raise Exception("Invalid EAPOL length")
455 if length
< len(payload
):
456 payload
= payload
[0:length
]
458 eapol
['version'] = version
460 eapol
['length'] = length
461 eapol
['payload'] = payload
464 (eapol
['descr_type'],) = struct
.unpack('B', payload
[0:1])
465 payload
= payload
[1:]
466 if eapol
['descr_type'] == 2 or eapol
['descr_type'] == 254:
468 (key_info
, key_len
) = struct
.unpack('>HH', payload
[0:4])
469 eapol
['rsn_key_info'] = key_info
470 eapol
['rsn_key_len'] = key_len
471 eapol
['rsn_replay_counter'] = payload
[4:12]
472 eapol
['rsn_key_nonce'] = payload
[12:44]
473 eapol
['rsn_key_iv'] = payload
[44:60]
474 eapol
['rsn_key_rsc'] = payload
[60:68]
475 eapol
['rsn_key_id'] = payload
[68:76]
476 eapol
['rsn_key_mic'] = payload
[76:92]
477 payload
= payload
[92:]
478 (eapol
['rsn_key_data_len'],) = struct
.unpack('>H', payload
[0:2])
479 payload
= payload
[2:]
480 eapol
['rsn_key_data'] = payload
483 def build_eapol(msg
):
484 data
= struct
.pack(">BBH", msg
['version'], msg
['type'], msg
['length'])
486 data
+= struct
.pack('>BHH', msg
['descr_type'], msg
['rsn_key_info'],
488 data
+= msg
['rsn_replay_counter']
489 data
+= msg
['rsn_key_nonce']
490 data
+= msg
['rsn_key_iv']
491 data
+= msg
['rsn_key_rsc']
492 data
+= msg
['rsn_key_id']
493 data
+= msg
['rsn_key_mic']
494 data
+= struct
.pack('>H', msg
['rsn_key_data_len'])
495 data
+= msg
['rsn_key_data']
497 data
+= msg
['payload']
500 def sha1_prf(key
, label
, data
, outlen
):
504 m
= hmac
.new(key
, label
, hashlib
.sha1
)
505 m
.update(struct
.pack('B', 0))
507 m
.update(struct
.pack('B', counter
))
510 if outlen
> len(hash):
514 res
+= hash[0:outlen
]
518 def pmk_to_ptk(pmk
, addr1
, addr2
, nonce1
, nonce2
):
520 data
= binascii
.unhexlify(addr1
.replace(':','')) + binascii
.unhexlify(addr2
.replace(':',''))
522 data
= binascii
.unhexlify(addr2
.replace(':','')) + binascii
.unhexlify(addr1
.replace(':',''))
524 data
+= nonce1
+ nonce2
526 data
+= nonce2
+ nonce1
527 label
= "Pairwise key expansion"
528 ptk
= sha1_prf(pmk
, label
, data
, 48)
531 return (ptk
, kck
, kek
)
533 def eapol_key_mic(kck
, msg
):
534 msg
['rsn_key_mic'] = binascii
.unhexlify('00000000000000000000000000000000')
535 data
= build_eapol(msg
)
536 m
= hmac
.new(kck
, data
, hashlib
.sha1
)
537 msg
['rsn_key_mic'] = m
.digest()[0:16]
539 def rsn_eapol_key_set(msg
, key_info
, key_len
, nonce
, data
):
540 msg
['rsn_key_info'] = key_info
541 msg
['rsn_key_len'] = key_len
543 msg
['rsn_key_nonce'] = nonce
545 msg
['rsn_key_nonce'] = binascii
.unhexlify('0000000000000000000000000000000000000000000000000000000000000000')
547 msg
['rsn_key_data_len'] = len(data
)
548 msg
['rsn_key_data'] = data
549 msg
['length'] = 95 + len(data
)
551 msg
['rsn_key_data_len'] = 0
552 msg
['rsn_key_data'] = ''
555 def recv_eapol(hapd
):
556 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
558 raise Exception("Timeout on EAPOL-TX from hostapd")
559 eapol
= binascii
.unhexlify(ev
.split(' ')[2])
560 return parse_eapol(eapol
)
562 def send_eapol(hapd
, addr
, data
):
563 res
= hapd
.request("EAPOL_RX " + addr
+ " " + binascii
.hexlify(data
))
565 raise Exception("EAPOL_RX to hostapd failed")
567 def reply_eapol(info
, hapd
, addr
, msg
, key_info
, nonce
, data
, kck
):
568 logger
.info("Send EAPOL-Key msg " + info
)
569 rsn_eapol_key_set(msg
, key_info
, 0, nonce
, data
)
570 eapol_key_mic(kck
, msg
)
571 send_eapol(hapd
, addr
, build_eapol(msg
))
573 def hapd_connected(hapd
):
574 ev
= hapd
.wait_event(["AP-STA-CONNECTED"], timeout
=15)
576 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
578 def eapol_test(apdev
, dev
, wpa2
=True):
579 bssid
= apdev
['bssid']
581 ssid
= "test-wpa2-psk"
583 ssid
= "test-wpa-psk"
584 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
585 pmk
= binascii
.unhexlify(psk
)
587 params
= hostapd
.wpa2_params(ssid
=ssid
)
589 params
= hostapd
.wpa_params(ssid
=ssid
)
590 params
['wpa_psk'] = psk
591 hapd
= hostapd
.add_ap(apdev
['ifname'], params
)
592 hapd
.request("SET ext_eapol_frame_io 1")
593 dev
.request("SET ext_eapol_frame_io 1")
594 dev
.connect(ssid
, psk
="not used", scan_freq
="2412", wait_connect
=False)
595 addr
= dev
.p2p_interface_addr()
597 rsne
= binascii
.unhexlify('30140100000fac040100000fac040100000fac020000')
599 rsne
= binascii
.unhexlify('dd160050f20101000050f20201000050f20201000050f202')
600 snonce
= binascii
.unhexlify('1111111111111111111111111111111111111111111111111111111111111111')
601 return (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
)
603 def test_ap_wpa2_psk_ext_eapol(dev
, apdev
):
604 """WPA2-PSK AP using external EAPOL supplicant"""
605 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
607 msg
= recv_eapol(hapd
)
608 anonce
= msg
['rsn_key_nonce']
609 logger
.info("Replay same data back")
610 send_eapol(hapd
, addr
, build_eapol(msg
))
612 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
614 logger
.info("Truncated Key Data in EAPOL-Key msg 2/4")
615 rsn_eapol_key_set(msg
, 0x0101, 0, snonce
, rsne
)
616 msg
['length'] = 95 + 22 - 1
617 send_eapol(hapd
, addr
, build_eapol(msg
))
619 reply_eapol("2/4", hapd
, addr
, msg
, 0x010a, snonce
, rsne
, kck
)
621 msg
= recv_eapol(hapd
)
622 if anonce
!= msg
['rsn_key_nonce']:
623 raise Exception("ANonce changed")
624 logger
.info("Replay same data back")
625 send_eapol(hapd
, addr
, build_eapol(msg
))
627 reply_eapol("4/4", hapd
, addr
, msg
, 0x030a, None, None, kck
)
630 def test_ap_wpa2_psk_ext_eapol_retry1(dev
, apdev
):
631 """WPA2 4-way handshake with EAPOL-Key 1/4 retransmitted"""
632 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
634 msg1
= recv_eapol(hapd
)
635 anonce
= msg1
['rsn_key_nonce']
637 msg2
= recv_eapol(hapd
)
638 if anonce
!= msg2
['rsn_key_nonce']:
639 raise Exception("ANonce changed")
641 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
643 logger
.info("Send EAPOL-Key msg 2/4")
645 rsn_eapol_key_set(msg
, 0x010a, 0, snonce
, rsne
)
646 eapol_key_mic(kck
, msg
)
647 send_eapol(hapd
, addr
, build_eapol(msg
))
649 msg
= recv_eapol(hapd
)
650 if anonce
!= msg
['rsn_key_nonce']:
651 raise Exception("ANonce changed")
653 reply_eapol("4/4", hapd
, addr
, msg
, 0x030a, None, None, kck
)
656 def test_ap_wpa2_psk_ext_eapol_retry1b(dev
, apdev
):
657 """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted"""
658 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
660 msg1
= recv_eapol(hapd
)
661 anonce
= msg1
['rsn_key_nonce']
662 msg2
= recv_eapol(hapd
)
663 if anonce
!= msg2
['rsn_key_nonce']:
664 raise Exception("ANonce changed")
666 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
667 reply_eapol("2/4 (a)", hapd
, addr
, msg1
, 0x010a, snonce
, rsne
, kck
)
668 reply_eapol("2/4 (b)", hapd
, addr
, msg2
, 0x010a, snonce
, rsne
, kck
)
670 msg
= recv_eapol(hapd
)
671 if anonce
!= msg
['rsn_key_nonce']:
672 raise Exception("ANonce changed")
674 reply_eapol("4/4", hapd
, addr
, msg
, 0x030a, None, None, kck
)
677 def test_ap_wpa2_psk_ext_eapol_retry1c(dev
, apdev
):
678 """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted and SNonce changing"""
679 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
681 msg1
= recv_eapol(hapd
)
682 anonce
= msg1
['rsn_key_nonce']
684 msg2
= recv_eapol(hapd
)
685 if anonce
!= msg2
['rsn_key_nonce']:
686 raise Exception("ANonce changed")
687 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
688 reply_eapol("2/4 (a)", hapd
, addr
, msg1
, 0x010a, snonce
, rsne
, kck
)
690 snonce2
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
691 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce2
, anonce
)
692 reply_eapol("2/4 (b)", hapd
, addr
, msg2
, 0x010a, snonce2
, rsne
, kck
)
694 msg
= recv_eapol(hapd
)
695 if anonce
!= msg
['rsn_key_nonce']:
696 raise Exception("ANonce changed")
697 reply_eapol("4/4", hapd
, addr
, msg
, 0x030a, None, None, kck
)
700 def test_ap_wpa2_psk_ext_eapol_retry1d(dev
, apdev
):
701 """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted and SNonce changing and older used"""
702 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
704 msg1
= recv_eapol(hapd
)
705 anonce
= msg1
['rsn_key_nonce']
706 msg2
= recv_eapol(hapd
)
707 if anonce
!= msg2
['rsn_key_nonce']:
708 raise Exception("ANonce changed")
710 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
711 reply_eapol("2/4 (a)", hapd
, addr
, msg1
, 0x010a, snonce
, rsne
, kck
)
713 snonce2
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
714 (ptk2
, kck2
, kek2
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce2
, anonce
)
716 reply_eapol("2/4 (b)", hapd
, addr
, msg2
, 0x010a, snonce2
, rsne
, kck2
)
717 msg
= recv_eapol(hapd
)
718 if anonce
!= msg
['rsn_key_nonce']:
719 raise Exception("ANonce changed")
720 reply_eapol("4/4", hapd
, addr
, msg
, 0x030a, None, None, kck
)
723 def test_ap_wpa2_psk_ext_eapol_type_diff(dev
, apdev
):
724 """WPA2 4-way handshake using external EAPOL supplicant"""
725 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
727 msg
= recv_eapol(hapd
)
728 anonce
= msg
['rsn_key_nonce']
730 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
732 # Incorrect descriptor type (frame dropped)
733 msg
['descr_type'] = 253
734 rsn_eapol_key_set(msg
, 0x010a, 0, snonce
, rsne
)
735 eapol_key_mic(kck
, msg
)
736 send_eapol(hapd
, addr
, build_eapol(msg
))
738 # Incorrect descriptor type, but with a workaround (frame processed)
739 msg
['descr_type'] = 254
740 rsn_eapol_key_set(msg
, 0x010a, 0, snonce
, rsne
)
741 eapol_key_mic(kck
, msg
)
742 send_eapol(hapd
, addr
, build_eapol(msg
))
744 msg
= recv_eapol(hapd
)
745 if anonce
!= msg
['rsn_key_nonce']:
746 raise Exception("ANonce changed")
747 logger
.info("Replay same data back")
748 send_eapol(hapd
, addr
, build_eapol(msg
))
750 reply_eapol("4/4", hapd
, addr
, msg
, 0x030a, None, None, kck
)
753 def test_ap_wpa_psk_ext_eapol(dev
, apdev
):
754 """WPA2-PSK AP using external EAPOL supplicant"""
755 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,wpae
) = eapol_test(apdev
[0], dev
[0],
758 msg
= recv_eapol(hapd
)
759 anonce
= msg
['rsn_key_nonce']
760 logger
.info("Replay same data back")
761 send_eapol(hapd
, addr
, build_eapol(msg
))
762 logger
.info("Too short data")
763 send_eapol(hapd
, addr
, build_eapol(msg
)[0:98])
765 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
766 msg
['descr_type'] = 2
767 reply_eapol("2/4(invalid type)", hapd
, addr
, msg
, 0x010a, snonce
, wpae
, kck
)
768 msg
['descr_type'] = 254
769 reply_eapol("2/4", hapd
, addr
, msg
, 0x010a, snonce
, wpae
, kck
)
771 msg
= recv_eapol(hapd
)
772 if anonce
!= msg
['rsn_key_nonce']:
773 raise Exception("ANonce changed")
774 logger
.info("Replay same data back")
775 send_eapol(hapd
, addr
, build_eapol(msg
))
777 reply_eapol("4/4", hapd
, addr
, msg
, 0x030a, None, None, kck
)
780 def test_ap_wpa2_psk_ext_eapol_key_info(dev
, apdev
):
781 """WPA2-PSK 4-way handshake with strange key info values"""
782 (bssid
,ssid
,hapd
,snonce
,pmk
,addr
,rsne
) = eapol_test(apdev
[0], dev
[0])
784 msg
= recv_eapol(hapd
)
785 anonce
= msg
['rsn_key_nonce']
787 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
788 rsn_eapol_key_set(msg
, 0x0000, 0, snonce
, rsne
)
789 send_eapol(hapd
, addr
, build_eapol(msg
))
790 rsn_eapol_key_set(msg
, 0xffff, 0, snonce
, rsne
)
791 send_eapol(hapd
, addr
, build_eapol(msg
))
793 rsn_eapol_key_set(msg
, 0x2802, 0, snonce
, rsne
)
794 send_eapol(hapd
, addr
, build_eapol(msg
))
796 rsn_eapol_key_set(msg
, 0x2002, 0, snonce
, rsne
)
797 send_eapol(hapd
, addr
, build_eapol(msg
))
799 rsn_eapol_key_set(msg
, 0x0902, 0, snonce
, rsne
)
800 send_eapol(hapd
, addr
, build_eapol(msg
))
802 rsn_eapol_key_set(msg
, 0x0902, 0, snonce
, rsne
)
803 tmp_kck
= binascii
.unhexlify('00000000000000000000000000000000')
804 eapol_key_mic(tmp_kck
, msg
)
805 send_eapol(hapd
, addr
, build_eapol(msg
))
807 reply_eapol("2/4", hapd
, addr
, msg
, 0x010a, snonce
, rsne
, kck
)
809 msg
= recv_eapol(hapd
)
810 if anonce
!= msg
['rsn_key_nonce']:
811 raise Exception("ANonce changed")
813 # Request (valic MIC)
814 rsn_eapol_key_set(msg
, 0x0902, 0, snonce
, rsne
)
815 eapol_key_mic(kck
, msg
)
816 send_eapol(hapd
, addr
, build_eapol(msg
))
817 # Request (valid MIC, replayed counter)
818 rsn_eapol_key_set(msg
, 0x0902, 0, snonce
, rsne
)
819 eapol_key_mic(kck
, msg
)
820 send_eapol(hapd
, addr
, build_eapol(msg
))
822 reply_eapol("4/4", hapd
, addr
, msg
, 0x030a, None, None, kck
)
825 def find_wpas_process(dev
):
827 cmd
= subprocess
.Popen(['ps', 'ax'], stdout
=subprocess
.PIPE
)
828 (data
,err
) = cmd
.communicate()
829 for l
in data
.splitlines():
830 if "wpa_supplicant" not in l
:
832 if "-i" + ifname
not in l
:
834 return int(l
.strip().split(' ')[0])
835 raise Exception("Could not find wpa_supplicant process")
837 def read_process_memory(pid
, key
=None):
839 with
open('/proc/%d/maps' % pid
, 'r') as maps
, \
840 open('/proc/%d/mem' % pid
, 'r') as mem
:
841 for l
in maps
.readlines():
842 m
= re
.match(r
'([0-9a-f]+)-([0-9a-f]+) ([-r][-w][-x][-p])', l
)
845 start
= int(m
.group(1), 16)
846 end
= int(m
.group(2), 16)
848 if start
> 0xffffffffffff:
852 if not perm
.startswith('rw'):
855 data
= mem
.read(end
- start
)
857 if key
and key
in data
:
858 logger
.info("Key found in " + l
)
861 def verify_not_present(buf
, key
, fname
, keyname
):
866 prefix
= 2048 if pos
> 2048 else pos
867 with
open(fname
+ keyname
, 'w') as f
:
868 f
.write(buf
[pos
- prefix
:pos
+ 2048])
869 raise Exception(keyname
+ " found after disassociation")
871 def get_key_locations(buf
, key
, keyname
):
875 pos
= buf
.find(key
, pos
)
878 logger
.info("Found %s at %d" % (keyname
, pos
))
883 def test_wpa2_psk_key_lifetime_in_memory(dev
, apdev
, params
):
884 """WPA2-PSK and PSK/PTK lifetime in memory"""
885 ssid
= "test-wpa2-psk"
886 passphrase
= 'qwertyuiop'
887 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
888 pmk
= binascii
.unhexlify(psk
)
889 p
= hostapd
.wpa2_params(ssid
=ssid
)
891 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], p
)
893 pid
= find_wpas_process(dev
[0])
895 id = dev
[0].connect(ssid
, raw_psk
=psk
, scan_freq
="2412",
896 only_add_network
=True)
898 logger
.info("Checking keys in memory after network profile configuration")
899 buf
= read_process_memory(pid
, pmk
)
900 get_key_locations(buf
, pmk
, "PMK")
902 dev
[0].request("REMOVE_NETWORK all")
903 logger
.info("Checking keys in memory after network profile removal")
904 buf
= read_process_memory(pid
, pmk
)
905 get_key_locations(buf
, pmk
, "PMK")
907 id = dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412",
908 only_add_network
=True)
910 logger
.info("Checking keys in memory before connection")
911 buf
= read_process_memory(pid
, pmk
)
912 get_key_locations(buf
, pmk
, "PMK")
914 dev
[0].connect_network(id, timeout
=20)
917 buf
= read_process_memory(pid
, pmk
)
919 dev
[0].request("DISCONNECT")
920 dev
[0].wait_disconnected()
925 with
open(os
.path
.join(params
['logdir'], 'log0'), 'r') as f
:
926 for l
in f
.readlines():
927 if "WPA: PTK - hexdump" in l
:
928 val
= l
.strip().split(':')[3].replace(' ', '')
929 ptk
= binascii
.unhexlify(val
)
930 if "WPA: Group Key - hexdump" in l
:
931 val
= l
.strip().split(':')[3].replace(' ', '')
932 gtk
= binascii
.unhexlify(val
)
933 if not pmk
or not ptk
or not gtk
:
934 raise Exception("Could not find keys from debug log")
936 raise Exception("Unexpected GTK length")
942 logger
.info("Checking keys in memory while associated")
943 get_key_locations(buf
, pmk
, "PMK")
945 raise HwsimSkip("PMK not found while associated")
947 raise Exception("KCK not found while associated")
949 raise Exception("KEK not found while associated")
951 raise Exception("TK found from memory")
953 raise Exception("GTK found from memory")
955 logger
.info("Checking keys in memory after disassociation")
956 buf
= read_process_memory(pid
, pmk
)
957 get_key_locations(buf
, pmk
, "PMK")
959 # Note: PMK/PSK is still present in network configuration
961 fname
= os
.path
.join(params
['logdir'],
962 'wpa2_psk_key_lifetime_in_memory.memctx-')
963 verify_not_present(buf
, kck
, fname
, "KCK")
964 verify_not_present(buf
, kek
, fname
, "KEK")
965 verify_not_present(buf
, tk
, fname
, "TK")
966 verify_not_present(buf
, gtk
, fname
, "GTK")
968 dev
[0].request("REMOVE_NETWORK all")
970 logger
.info("Checking keys in memory after network profile removal")
971 buf
= read_process_memory(pid
, pmk
)
972 get_key_locations(buf
, pmk
, "PMK")
974 verify_not_present(buf
, pmk
, fname
, "PMK")
975 verify_not_present(buf
, kck
, fname
, "KCK")
976 verify_not_present(buf
, kek
, fname
, "KEK")
977 verify_not_present(buf
, tk
, fname
, "TK")
978 verify_not_present(buf
, gtk
, fname
, "GTK")
980 def test_ap_wpa2_psk_wep(dev
, apdev
):
981 """WPA2-PSK AP and WEP enabled"""
982 ssid
= "test-wpa2-psk"
983 passphrase
= 'qwertyuiop'
984 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
985 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
987 hapd
.set('wep_key0', '"hello"')
988 raise Exception("WEP key accepted to WPA2 network")
992 def test_ap_wpa2_psk_wpas_in_bridge(dev
, apdev
):
993 """WPA2-PSK AP and wpas interface in a bridge"""
997 _test_ap_wpa2_psk_wpas_in_bridge(dev
, apdev
)
999 subprocess
.call(['ip', 'link', 'set', 'dev', br_ifname
, 'down'])
1000 subprocess
.call(['brctl', 'delif', br_ifname
, ifname
])
1001 subprocess
.call(['brctl', 'delbr', br_ifname
])
1002 subprocess
.call(['iw', ifname
, 'set', '4addr', 'on'])
1004 def _test_ap_wpa2_psk_wpas_in_bridge(dev
, apdev
):
1005 ssid
= "test-wpa2-psk"
1006 passphrase
= 'qwertyuiop'
1007 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
1008 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
1012 wpas
= WpaSupplicant(global_iface
='/tmp/wpas-wlan5')
1013 subprocess
.call(['brctl', 'addbr', br_ifname
])
1014 subprocess
.call(['brctl', 'setfd', br_ifname
, '0'])
1015 subprocess
.call(['ip', 'link', 'set', 'dev', br_ifname
, 'up'])
1016 subprocess
.call(['iw', ifname
, 'set', '4addr', 'on'])
1017 subprocess
.check_call(['brctl', 'addif', br_ifname
, ifname
])
1018 wpas
.interface_add(ifname
, br_ifname
=br_ifname
)
1020 wpas
.connect(ssid
, psk
=passphrase
, scan_freq
="2412")