]>
git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_ap_psk.py
2 # Copyright (c) 2014, Qualcomm Atheros, Inc.
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
8 logger
= logging
.getLogger()
16 def check_mib(dev
, vals
):
20 raise Exception("Unexpected {} = {} (expected {})".format(v
[0], mib
[v
[0]], v
[1]))
22 def test_ap_wpa2_psk(dev
, apdev
):
23 """WPA2-PSK AP with PSK instead of passphrase"""
24 ssid
= "test-wpa2-psk"
25 passphrase
= 'qwertyuiop'
26 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
27 params
= hostapd
.wpa2_params(ssid
=ssid
)
28 params
['wpa_psk'] = psk
29 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
30 key_mgmt
= hapd
.get_config()['key_mgmt']
31 if key_mgmt
.split(' ')[0] != "WPA-PSK":
32 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
33 dev
[0].connect(ssid
, raw_psk
=psk
, scan_freq
="2412")
34 dev
[1].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
36 sig
= dev
[0].request("SIGNAL_POLL").splitlines()
37 pkt
= dev
[0].request("PKTCNT_POLL").splitlines()
38 if "FREQUENCY=2412" not in sig
:
39 raise Exception("Unexpected SIGNAL_POLL value: " + str(sig
))
40 if "TXBAD=0" not in pkt
:
41 raise Exception("Unexpected TXBAD value: " + str(pkt
))
43 def test_ap_wpa2_psk_file(dev
, apdev
):
44 """WPA2-PSK AP with PSK from a file"""
45 ssid
= "test-wpa2-psk"
46 passphrase
= 'qwertyuiop'
47 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
48 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
49 params
['wpa_psk_file'] = 'hostapd.wpa_psk'
50 hostapd
.add_ap(apdev
[0]['ifname'], params
)
51 dev
[1].connect(ssid
, psk
="very secret", scan_freq
="2412", wait_connect
=False)
52 dev
[2].connect(ssid
, raw_psk
=psk
, scan_freq
="2412")
53 dev
[2].request("REMOVE_NETWORK all")
54 dev
[0].connect(ssid
, psk
="very secret", scan_freq
="2412")
55 dev
[0].request("REMOVE_NETWORK all")
56 dev
[2].connect(ssid
, psk
="another passphrase for all STAs", scan_freq
="2412")
57 dev
[0].connect(ssid
, psk
="another passphrase for all STAs", scan_freq
="2412")
58 ev
= dev
[1].wait_event(["WPA: 4-Way Handshake failed"], timeout
=10)
60 raise Exception("Timed out while waiting for failure report")
61 dev
[1].request("REMOVE_NETWORK all")
63 def test_ap_wpa2_ptk_rekey(dev
, apdev
):
64 """WPA2-PSK AP and PTK rekey enforced by station"""
65 ssid
= "test-wpa2-psk"
66 passphrase
= 'qwertyuiop'
67 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
68 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
69 dev
[0].connect(ssid
, psk
=passphrase
, wpa_ptk_rekey
="1", scan_freq
="2412")
70 ev
= dev
[0].wait_event(["WPA: Key negotiation completed"])
72 raise Exception("PTK rekey timed out")
73 hwsim_utils
.test_connectivity(dev
[0], hapd
)
75 def test_ap_wpa2_ptk_rekey_ap(dev
, apdev
):
76 """WPA2-PSK AP and PTK rekey enforced by AP"""
77 ssid
= "test-wpa2-psk"
78 passphrase
= 'qwertyuiop'
79 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
80 params
['wpa_ptk_rekey'] = '2'
81 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
82 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
83 ev
= dev
[0].wait_event(["WPA: Key negotiation completed"])
85 raise Exception("PTK rekey timed out")
86 hwsim_utils
.test_connectivity(dev
[0], hapd
)
88 def test_ap_wpa2_sha256_ptk_rekey(dev
, apdev
):
89 """WPA2-PSK/SHA256 AKM AP and PTK rekey enforced by station"""
90 ssid
= "test-wpa2-psk"
91 passphrase
= 'qwertyuiop'
92 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
93 params
["wpa_key_mgmt"] = "WPA-PSK-SHA256"
94 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
95 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK-SHA256",
96 wpa_ptk_rekey
="1", scan_freq
="2412")
97 ev
= dev
[0].wait_event(["WPA: Key negotiation completed"])
99 raise Exception("PTK rekey timed out")
100 hwsim_utils
.test_connectivity(dev
[0], hapd
)
101 check_mib(dev
[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-6"),
102 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-6") ])
104 def test_ap_wpa2_sha256_ptk_rekey_ap(dev
, apdev
):
105 """WPA2-PSK/SHA256 AKM AP and PTK rekey enforced by AP"""
106 ssid
= "test-wpa2-psk"
107 passphrase
= 'qwertyuiop'
108 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
109 params
["wpa_key_mgmt"] = "WPA-PSK-SHA256"
110 params
['wpa_ptk_rekey'] = '2'
111 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
112 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK-SHA256",
114 ev
= dev
[0].wait_event(["WPA: Key negotiation completed"])
116 raise Exception("PTK rekey timed out")
117 hwsim_utils
.test_connectivity(dev
[0], hapd
)
118 check_mib(dev
[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-6"),
119 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-6") ])
121 def test_ap_wpa_ptk_rekey(dev
, apdev
):
122 """WPA-PSK/TKIP AP and PTK rekey enforced by station"""
123 ssid
= "test-wpa-psk"
124 passphrase
= 'qwertyuiop'
125 params
= hostapd
.wpa_params(ssid
=ssid
, passphrase
=passphrase
)
126 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
127 dev
[0].connect(ssid
, psk
=passphrase
, wpa_ptk_rekey
="1", scan_freq
="2412")
128 if "[WPA-PSK-TKIP]" not in dev
[0].request("SCAN_RESULTS"):
129 raise Exception("Scan results missing WPA element info")
130 ev
= dev
[0].wait_event(["WPA: Key negotiation completed"])
132 raise Exception("PTK rekey timed out")
133 hwsim_utils
.test_connectivity(dev
[0], hapd
)
135 def test_ap_wpa_ptk_rekey_ap(dev
, apdev
):
136 """WPA-PSK/TKIP AP and PTK rekey enforced by AP"""
137 ssid
= "test-wpa-psk"
138 passphrase
= 'qwertyuiop'
139 params
= hostapd
.wpa_params(ssid
=ssid
, passphrase
=passphrase
)
140 params
['wpa_ptk_rekey'] = '2'
141 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
142 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
143 ev
= dev
[0].wait_event(["WPA: Key negotiation completed"], timeout
=10)
145 raise Exception("PTK rekey timed out")
146 hwsim_utils
.test_connectivity(dev
[0], hapd
)
148 def test_ap_wpa_ccmp(dev
, apdev
):
150 ssid
= "test-wpa-psk"
151 passphrase
= 'qwertyuiop'
152 params
= hostapd
.wpa_params(ssid
=ssid
, passphrase
=passphrase
)
153 params
['wpa_pairwise'] = "CCMP"
154 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
155 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
156 hwsim_utils
.test_connectivity(dev
[0], hapd
)
157 check_mib(dev
[0], [ ("dot11RSNAConfigGroupCipherSize", "128"),
158 ("dot11RSNAGroupCipherRequested", "00-50-f2-4"),
159 ("dot11RSNAPairwiseCipherRequested", "00-50-f2-4"),
160 ("dot11RSNAAuthenticationSuiteRequested", "00-50-f2-2"),
161 ("dot11RSNAGroupCipherSelected", "00-50-f2-4"),
162 ("dot11RSNAPairwiseCipherSelected", "00-50-f2-4"),
163 ("dot11RSNAAuthenticationSuiteSelected", "00-50-f2-2"),
164 ("dot1xSuppSuppControlledPortStatus", "Authorized") ])
166 def test_ap_wpa2_psk_file(dev
, apdev
):
167 """WPA2-PSK AP with various PSK file error and success cases"""
168 addr0
= dev
[0].p2p_dev_addr()
169 addr1
= dev
[1].p2p_dev_addr()
170 addr2
= dev
[2].p2p_dev_addr()
172 pskfile
= "/tmp/ap_wpa2_psk_file_errors.psk_file"
178 params
= { "ssid": ssid
, "wpa": "2", "wpa_key_mgmt": "WPA-PSK",
179 "rsn_pairwise": "CCMP", "wpa_psk_file": pskfile
}
183 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
, no_enable
=True)
184 if "FAIL" not in hapd
.request("ENABLE"):
185 raise Exception("Unexpected ENABLE success")
186 hapd
.request("DISABLE")
188 # invalid MAC address
189 with
open(pskfile
, "w") as f
:
192 if "FAIL" not in hapd
.request("ENABLE"):
193 raise Exception("Unexpected ENABLE success")
194 hapd
.request("DISABLE")
197 with
open(pskfile
, "w") as f
:
198 f
.write("00:11:22:33:44:55\n")
199 if "FAIL" not in hapd
.request("ENABLE"):
200 raise Exception("Unexpected ENABLE success")
201 hapd
.request("DISABLE")
204 with
open(pskfile
, "w") as f
:
205 f
.write("00:11:22:33:44:55 1234567\n")
206 if "FAIL" not in hapd
.request("ENABLE"):
207 raise Exception("Unexpected ENABLE success")
208 hapd
.request("DISABLE")
211 with
open(pskfile
, "w") as f
:
212 f
.write("00:11:22:33:44:55 12345678\n")
213 f
.write(addr0
+ " 123456789\n")
214 f
.write(addr1
+ " 123456789a\n")
215 f
.write(addr2
+ " 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\n")
216 if "FAIL" in hapd
.request("ENABLE"):
217 raise Exception("Unexpected ENABLE failure")
219 dev
[0].connect(ssid
, psk
="123456789", scan_freq
="2412")
220 dev
[1].connect(ssid
, psk
="123456789a", scan_freq
="2412")
221 dev
[2].connect(ssid
, raw_psk
="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef", scan_freq
="2412")
229 def test_ap_wpa2_psk_wildcard_ssid(dev
, apdev
):
230 """WPA2-PSK AP and wildcard SSID configuration"""
231 ssid
= "test-wpa2-psk"
232 passphrase
= 'qwertyuiop'
233 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
234 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
235 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
236 dev
[0].connect("", bssid
=apdev
[0]['bssid'], psk
=passphrase
,
238 dev
[1].connect("", bssid
=apdev
[0]['bssid'], raw_psk
=psk
, scan_freq
="2412")
240 def test_ap_wpa2_gtk_rekey(dev
, apdev
):
241 """WPA2-PSK AP and GTK rekey enforced by AP"""
242 ssid
= "test-wpa2-psk"
243 passphrase
= 'qwertyuiop'
244 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
245 params
['wpa_group_rekey'] = '1'
246 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
247 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
248 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
250 raise Exception("GTK rekey timed out")
251 hwsim_utils
.test_connectivity(dev
[0], hapd
)
253 def test_ap_wpa_gtk_rekey(dev
, apdev
):
254 """WPA-PSK/TKIP AP and GTK rekey enforced by AP"""
255 ssid
= "test-wpa-psk"
256 passphrase
= 'qwertyuiop'
257 params
= hostapd
.wpa_params(ssid
=ssid
, passphrase
=passphrase
)
258 params
['wpa_group_rekey'] = '1'
259 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
260 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
261 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
263 raise Exception("GTK rekey timed out")
264 hwsim_utils
.test_connectivity(dev
[0], hapd
)
266 def test_ap_wpa2_gmk_rekey(dev
, apdev
):
267 """WPA2-PSK AP and GMK and GTK rekey enforced by AP"""
268 ssid
= "test-wpa2-psk"
269 passphrase
= 'qwertyuiop'
270 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
271 params
['wpa_group_rekey'] = '1'
272 params
['wpa_gmk_rekey'] = '2'
273 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
274 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
275 for i
in range(0, 3):
276 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
278 raise Exception("GTK rekey timed out")
279 hwsim_utils
.test_connectivity(dev
[0], hapd
)
281 def test_ap_wpa2_strict_rekey(dev
, apdev
):
282 """WPA2-PSK AP and strict GTK rekey enforced by AP"""
283 ssid
= "test-wpa2-psk"
284 passphrase
= 'qwertyuiop'
285 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
286 params
['wpa_strict_rekey'] = '1'
287 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
288 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
289 dev
[1].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
290 dev
[1].request("DISCONNECT")
291 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
293 raise Exception("GTK rekey timed out")
294 hwsim_utils
.test_connectivity(dev
[0], hapd
)
296 def test_ap_wpa2_bridge_fdb(dev
, apdev
):
297 """Bridge FDB entry removal"""
299 ssid
= "test-wpa2-psk"
300 passphrase
= "12345678"
301 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
302 params
['bridge'] = 'ap-br0'
303 hostapd
.add_ap(apdev
[0]['ifname'], params
)
304 subprocess
.call(['sudo', 'brctl', 'setfd', 'ap-br0', '0'])
305 subprocess
.call(['sudo', 'ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
306 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412",
307 bssid
=apdev
[0]['bssid'])
308 dev
[1].connect(ssid
, psk
=passphrase
, scan_freq
="2412",
309 bssid
=apdev
[0]['bssid'])
310 addr0
= dev
[0].p2p_interface_addr()
311 hwsim_utils
.test_connectivity_sta(dev
[0], dev
[1])
312 cmd
= subprocess
.Popen(['brctl', 'showmacs', 'ap-br0'],
313 stdout
=subprocess
.PIPE
)
314 macs1
= cmd
.stdout
.read()
315 dev
[0].request("DISCONNECT")
316 dev
[1].request("DISCONNECT")
318 cmd
= subprocess
.Popen(['brctl', 'showmacs', 'ap-br0'],
319 stdout
=subprocess
.PIPE
)
320 macs2
= cmd
.stdout
.read()
322 addr1
= dev
[1].p2p_interface_addr()
323 if addr0
not in macs1
or addr1
not in macs1
:
324 raise Exception("Bridge FDB entry missing")
325 if addr0
in macs2
or addr1
in macs2
:
326 raise Exception("Bridge FDB entry was not removed")
328 subprocess
.call(['sudo', 'ip', 'link', 'set', 'dev', 'ap-br0', 'down'])
329 subprocess
.call(['sudo', 'brctl', 'delbr', 'ap-br0'])
331 def test_ap_wpa2_already_in_bridge(dev
, apdev
):
332 """hostapd behavior with interface already in bridge"""
333 ifname
= apdev
[0]['ifname']
334 br_ifname
= 'ext-ap-br0'
336 ssid
= "test-wpa2-psk"
337 passphrase
= "12345678"
338 subprocess
.call(['brctl', 'addbr', br_ifname
])
339 subprocess
.call(['brctl', 'setfd', br_ifname
, '0'])
340 subprocess
.call(['ip', 'link', 'set', 'dev', br_ifname
, 'up'])
341 subprocess
.call(['iw', ifname
, 'set', 'type', '__ap'])
342 subprocess
.call(['brctl', 'addif', br_ifname
, ifname
])
343 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
344 hapd
= hostapd
.add_ap(ifname
, params
)
345 if hapd
.get_driver_status_field('brname') != br_ifname
:
346 raise Exception("Bridge name not identified correctly")
347 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
349 subprocess
.call(['ip', 'link', 'set', 'dev', br_ifname
, 'down'])
350 subprocess
.call(['brctl', 'delif', br_ifname
, ifname
])
351 subprocess
.call(['iw', ifname
, 'set', 'type', 'station'])
352 subprocess
.call(['brctl', 'delbr', br_ifname
])
354 def test_ap_wpa2_ext_add_to_bridge(dev
, apdev
):
355 """hostapd behavior with interface added to bridge externally"""
356 ifname
= apdev
[0]['ifname']
357 br_ifname
= 'ext-ap-br0'
359 ssid
= "test-wpa2-psk"
360 passphrase
= "12345678"
361 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
362 hapd
= hostapd
.add_ap(ifname
, params
)
364 subprocess
.call(['brctl', 'addbr', br_ifname
])
365 subprocess
.call(['brctl', 'setfd', br_ifname
, '0'])
366 subprocess
.call(['ip', 'link', 'set', 'dev', br_ifname
, 'up'])
367 subprocess
.call(['brctl', 'addif', br_ifname
, ifname
])
368 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
369 if hapd
.get_driver_status_field('brname') != br_ifname
:
370 raise Exception("Bridge name not identified correctly")
372 subprocess
.call(['ip', 'link', 'set', 'dev', br_ifname
, 'down'])
373 subprocess
.call(['brctl', 'delif', br_ifname
, ifname
])
374 subprocess
.call(['brctl', 'delbr', br_ifname
])
376 def test_ap_wpa2_psk_ext(dev
, apdev
):
377 """WPA2-PSK AP using external EAPOL I/O"""
378 bssid
= apdev
[0]['bssid']
379 ssid
= "test-wpa2-psk"
380 passphrase
= 'qwertyuiop'
381 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
382 params
= hostapd
.wpa2_params(ssid
=ssid
)
383 params
['wpa_psk'] = psk
384 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
385 hapd
.request("SET ext_eapol_frame_io 1")
386 dev
[0].request("SET ext_eapol_frame_io 1")
387 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412", wait_connect
=False)
388 addr
= dev
[0].p2p_interface_addr()
390 ev
= hapd
.wait_event(["EAPOL-TX", "AP-STA-CONNECTED"], timeout
=15)
392 raise Exception("Timeout on EAPOL-TX from hostapd")
393 if "AP-STA-CONNECTED" in ev
:
394 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=15)
396 raise Exception("Timeout on connection event from wpa_supplicant")
398 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
400 raise Exception("EAPOL_RX to wpa_supplicant failed")
401 ev
= dev
[0].wait_event(["EAPOL-TX", "CTRL-EVENT-CONNECTED"], timeout
=15)
403 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
404 if "CTRL-EVENT-CONNECTED" in ev
:
406 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
408 raise Exception("EAPOL_RX to hostapd failed")