]> git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_ap_psk.py
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tests: External bridge control for hostapd interface
[thirdparty/hostap.git] / tests / hwsim / test_ap_psk.py
1 # WPA2-Personal tests
2 # Copyright (c) 2014, Qualcomm Atheros, Inc.
3 #
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
6
7 import logging
8 logger = logging.getLogger()
9 import os
10 import subprocess
11 import time
12
13 import hostapd
14 import hwsim_utils
15
16 def check_mib(dev, vals):
17 mib = dev.get_mib()
18 for v in vals:
19 if mib[v[0]] != v[1]:
20 raise Exception("Unexpected {} = {} (expected {})".format(v[0], mib[v[0]], v[1]))
21
22 def test_ap_wpa2_psk(dev, apdev):
23 """WPA2-PSK AP with PSK instead of passphrase"""
24 ssid = "test-wpa2-psk"
25 passphrase = 'qwertyuiop'
26 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
27 params = hostapd.wpa2_params(ssid=ssid)
28 params['wpa_psk'] = psk
29 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
30 key_mgmt = hapd.get_config()['key_mgmt']
31 if key_mgmt.split(' ')[0] != "WPA-PSK":
32 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
33 dev[0].connect(ssid, raw_psk=psk, scan_freq="2412")
34 dev[1].connect(ssid, psk=passphrase, scan_freq="2412")
35
36 sig = dev[0].request("SIGNAL_POLL").splitlines()
37 pkt = dev[0].request("PKTCNT_POLL").splitlines()
38 if "FREQUENCY=2412" not in sig:
39 raise Exception("Unexpected SIGNAL_POLL value: " + str(sig))
40 if "TXBAD=0" not in pkt:
41 raise Exception("Unexpected TXBAD value: " + str(pkt))
42
43 def test_ap_wpa2_psk_file(dev, apdev):
44 """WPA2-PSK AP with PSK from a file"""
45 ssid = "test-wpa2-psk"
46 passphrase = 'qwertyuiop'
47 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
48 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
49 params['wpa_psk_file'] = 'hostapd.wpa_psk'
50 hostapd.add_ap(apdev[0]['ifname'], params)
51 dev[1].connect(ssid, psk="very secret", scan_freq="2412", wait_connect=False)
52 dev[2].connect(ssid, raw_psk=psk, scan_freq="2412")
53 dev[2].request("REMOVE_NETWORK all")
54 dev[0].connect(ssid, psk="very secret", scan_freq="2412")
55 dev[0].request("REMOVE_NETWORK all")
56 dev[2].connect(ssid, psk="another passphrase for all STAs", scan_freq="2412")
57 dev[0].connect(ssid, psk="another passphrase for all STAs", scan_freq="2412")
58 ev = dev[1].wait_event(["WPA: 4-Way Handshake failed"], timeout=10)
59 if ev is None:
60 raise Exception("Timed out while waiting for failure report")
61 dev[1].request("REMOVE_NETWORK all")
62
63 def test_ap_wpa2_ptk_rekey(dev, apdev):
64 """WPA2-PSK AP and PTK rekey enforced by station"""
65 ssid = "test-wpa2-psk"
66 passphrase = 'qwertyuiop'
67 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
68 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
69 dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412")
70 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
71 if ev is None:
72 raise Exception("PTK rekey timed out")
73 hwsim_utils.test_connectivity(dev[0], hapd)
74
75 def test_ap_wpa2_ptk_rekey_ap(dev, apdev):
76 """WPA2-PSK AP and PTK rekey enforced by AP"""
77 ssid = "test-wpa2-psk"
78 passphrase = 'qwertyuiop'
79 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
80 params['wpa_ptk_rekey'] = '2'
81 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
82 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
83 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
84 if ev is None:
85 raise Exception("PTK rekey timed out")
86 hwsim_utils.test_connectivity(dev[0], hapd)
87
88 def test_ap_wpa2_sha256_ptk_rekey(dev, apdev):
89 """WPA2-PSK/SHA256 AKM AP and PTK rekey enforced by station"""
90 ssid = "test-wpa2-psk"
91 passphrase = 'qwertyuiop'
92 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
93 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
94 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
95 dev[0].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK-SHA256",
96 wpa_ptk_rekey="1", scan_freq="2412")
97 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
98 if ev is None:
99 raise Exception("PTK rekey timed out")
100 hwsim_utils.test_connectivity(dev[0], hapd)
101 check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-6"),
102 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-6") ])
103
104 def test_ap_wpa2_sha256_ptk_rekey_ap(dev, apdev):
105 """WPA2-PSK/SHA256 AKM AP and PTK rekey enforced by AP"""
106 ssid = "test-wpa2-psk"
107 passphrase = 'qwertyuiop'
108 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
109 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
110 params['wpa_ptk_rekey'] = '2'
111 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
112 dev[0].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK-SHA256",
113 scan_freq="2412")
114 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
115 if ev is None:
116 raise Exception("PTK rekey timed out")
117 hwsim_utils.test_connectivity(dev[0], hapd)
118 check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-6"),
119 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-6") ])
120
121 def test_ap_wpa_ptk_rekey(dev, apdev):
122 """WPA-PSK/TKIP AP and PTK rekey enforced by station"""
123 ssid = "test-wpa-psk"
124 passphrase = 'qwertyuiop'
125 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
126 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
127 dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412")
128 if "[WPA-PSK-TKIP]" not in dev[0].request("SCAN_RESULTS"):
129 raise Exception("Scan results missing WPA element info")
130 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
131 if ev is None:
132 raise Exception("PTK rekey timed out")
133 hwsim_utils.test_connectivity(dev[0], hapd)
134
135 def test_ap_wpa_ptk_rekey_ap(dev, apdev):
136 """WPA-PSK/TKIP AP and PTK rekey enforced by AP"""
137 ssid = "test-wpa-psk"
138 passphrase = 'qwertyuiop'
139 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
140 params['wpa_ptk_rekey'] = '2'
141 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
142 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
143 ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=10)
144 if ev is None:
145 raise Exception("PTK rekey timed out")
146 hwsim_utils.test_connectivity(dev[0], hapd)
147
148 def test_ap_wpa_ccmp(dev, apdev):
149 """WPA-PSK/CCMP"""
150 ssid = "test-wpa-psk"
151 passphrase = 'qwertyuiop'
152 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
153 params['wpa_pairwise'] = "CCMP"
154 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
155 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
156 hwsim_utils.test_connectivity(dev[0], hapd)
157 check_mib(dev[0], [ ("dot11RSNAConfigGroupCipherSize", "128"),
158 ("dot11RSNAGroupCipherRequested", "00-50-f2-4"),
159 ("dot11RSNAPairwiseCipherRequested", "00-50-f2-4"),
160 ("dot11RSNAAuthenticationSuiteRequested", "00-50-f2-2"),
161 ("dot11RSNAGroupCipherSelected", "00-50-f2-4"),
162 ("dot11RSNAPairwiseCipherSelected", "00-50-f2-4"),
163 ("dot11RSNAAuthenticationSuiteSelected", "00-50-f2-2"),
164 ("dot1xSuppSuppControlledPortStatus", "Authorized") ])
165
166 def test_ap_wpa2_psk_file(dev, apdev):
167 """WPA2-PSK AP with various PSK file error and success cases"""
168 addr0 = dev[0].p2p_dev_addr()
169 addr1 = dev[1].p2p_dev_addr()
170 addr2 = dev[2].p2p_dev_addr()
171 ssid = "psk"
172 pskfile = "/tmp/ap_wpa2_psk_file_errors.psk_file"
173 try:
174 os.remove(pskfile)
175 except:
176 pass
177
178 params = { "ssid": ssid, "wpa": "2", "wpa_key_mgmt": "WPA-PSK",
179 "rsn_pairwise": "CCMP", "wpa_psk_file": pskfile }
180
181 try:
182 # missing PSK file
183 hapd = hostapd.add_ap(apdev[0]['ifname'], params, no_enable=True)
184 if "FAIL" not in hapd.request("ENABLE"):
185 raise Exception("Unexpected ENABLE success")
186 hapd.request("DISABLE")
187
188 # invalid MAC address
189 with open(pskfile, "w") as f:
190 f.write("\n")
191 f.write("foo\n")
192 if "FAIL" not in hapd.request("ENABLE"):
193 raise Exception("Unexpected ENABLE success")
194 hapd.request("DISABLE")
195
196 # no PSK on line
197 with open(pskfile, "w") as f:
198 f.write("00:11:22:33:44:55\n")
199 if "FAIL" not in hapd.request("ENABLE"):
200 raise Exception("Unexpected ENABLE success")
201 hapd.request("DISABLE")
202
203 # invalid PSK
204 with open(pskfile, "w") as f:
205 f.write("00:11:22:33:44:55 1234567\n")
206 if "FAIL" not in hapd.request("ENABLE"):
207 raise Exception("Unexpected ENABLE success")
208 hapd.request("DISABLE")
209
210 # valid PSK file
211 with open(pskfile, "w") as f:
212 f.write("00:11:22:33:44:55 12345678\n")
213 f.write(addr0 + " 123456789\n")
214 f.write(addr1 + " 123456789a\n")
215 f.write(addr2 + " 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\n")
216 if "FAIL" in hapd.request("ENABLE"):
217 raise Exception("Unexpected ENABLE failure")
218
219 dev[0].connect(ssid, psk="123456789", scan_freq="2412")
220 dev[1].connect(ssid, psk="123456789a", scan_freq="2412")
221 dev[2].connect(ssid, raw_psk="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef", scan_freq="2412")
222
223 finally:
224 try:
225 os.remove(pskfile)
226 except:
227 pass
228
229 def test_ap_wpa2_psk_wildcard_ssid(dev, apdev):
230 """WPA2-PSK AP and wildcard SSID configuration"""
231 ssid = "test-wpa2-psk"
232 passphrase = 'qwertyuiop'
233 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
234 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
235 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
236 dev[0].connect("", bssid=apdev[0]['bssid'], psk=passphrase,
237 scan_freq="2412")
238 dev[1].connect("", bssid=apdev[0]['bssid'], raw_psk=psk, scan_freq="2412")
239
240 def test_ap_wpa2_gtk_rekey(dev, apdev):
241 """WPA2-PSK AP and GTK rekey enforced by AP"""
242 ssid = "test-wpa2-psk"
243 passphrase = 'qwertyuiop'
244 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
245 params['wpa_group_rekey'] = '1'
246 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
247 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
248 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
249 if ev is None:
250 raise Exception("GTK rekey timed out")
251 hwsim_utils.test_connectivity(dev[0], hapd)
252
253 def test_ap_wpa_gtk_rekey(dev, apdev):
254 """WPA-PSK/TKIP AP and GTK rekey enforced by AP"""
255 ssid = "test-wpa-psk"
256 passphrase = 'qwertyuiop'
257 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
258 params['wpa_group_rekey'] = '1'
259 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
260 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
261 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
262 if ev is None:
263 raise Exception("GTK rekey timed out")
264 hwsim_utils.test_connectivity(dev[0], hapd)
265
266 def test_ap_wpa2_gmk_rekey(dev, apdev):
267 """WPA2-PSK AP and GMK and GTK rekey enforced by AP"""
268 ssid = "test-wpa2-psk"
269 passphrase = 'qwertyuiop'
270 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
271 params['wpa_group_rekey'] = '1'
272 params['wpa_gmk_rekey'] = '2'
273 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
274 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
275 for i in range(0, 3):
276 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
277 if ev is None:
278 raise Exception("GTK rekey timed out")
279 hwsim_utils.test_connectivity(dev[0], hapd)
280
281 def test_ap_wpa2_strict_rekey(dev, apdev):
282 """WPA2-PSK AP and strict GTK rekey enforced by AP"""
283 ssid = "test-wpa2-psk"
284 passphrase = 'qwertyuiop'
285 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
286 params['wpa_strict_rekey'] = '1'
287 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
288 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
289 dev[1].connect(ssid, psk=passphrase, scan_freq="2412")
290 dev[1].request("DISCONNECT")
291 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
292 if ev is None:
293 raise Exception("GTK rekey timed out")
294 hwsim_utils.test_connectivity(dev[0], hapd)
295
296 def test_ap_wpa2_bridge_fdb(dev, apdev):
297 """Bridge FDB entry removal"""
298 try:
299 ssid = "test-wpa2-psk"
300 passphrase = "12345678"
301 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
302 params['bridge'] = 'ap-br0'
303 hostapd.add_ap(apdev[0]['ifname'], params)
304 subprocess.call(['sudo', 'brctl', 'setfd', 'ap-br0', '0'])
305 subprocess.call(['sudo', 'ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
306 dev[0].connect(ssid, psk=passphrase, scan_freq="2412",
307 bssid=apdev[0]['bssid'])
308 dev[1].connect(ssid, psk=passphrase, scan_freq="2412",
309 bssid=apdev[0]['bssid'])
310 addr0 = dev[0].p2p_interface_addr()
311 hwsim_utils.test_connectivity_sta(dev[0], dev[1])
312 cmd = subprocess.Popen(['brctl', 'showmacs', 'ap-br0'],
313 stdout=subprocess.PIPE)
314 macs1 = cmd.stdout.read()
315 dev[0].request("DISCONNECT")
316 dev[1].request("DISCONNECT")
317 time.sleep(1)
318 cmd = subprocess.Popen(['brctl', 'showmacs', 'ap-br0'],
319 stdout=subprocess.PIPE)
320 macs2 = cmd.stdout.read()
321
322 addr1 = dev[1].p2p_interface_addr()
323 if addr0 not in macs1 or addr1 not in macs1:
324 raise Exception("Bridge FDB entry missing")
325 if addr0 in macs2 or addr1 in macs2:
326 raise Exception("Bridge FDB entry was not removed")
327 finally:
328 subprocess.call(['sudo', 'ip', 'link', 'set', 'dev', 'ap-br0', 'down'])
329 subprocess.call(['sudo', 'brctl', 'delbr', 'ap-br0'])
330
331 def test_ap_wpa2_already_in_bridge(dev, apdev):
332 """hostapd behavior with interface already in bridge"""
333 ifname = apdev[0]['ifname']
334 br_ifname = 'ext-ap-br0'
335 try:
336 ssid = "test-wpa2-psk"
337 passphrase = "12345678"
338 subprocess.call(['brctl', 'addbr', br_ifname])
339 subprocess.call(['brctl', 'setfd', br_ifname, '0'])
340 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'up'])
341 subprocess.call(['iw', ifname, 'set', 'type', '__ap'])
342 subprocess.call(['brctl', 'addif', br_ifname, ifname])
343 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
344 hapd = hostapd.add_ap(ifname, params)
345 if hapd.get_driver_status_field('brname') != br_ifname:
346 raise Exception("Bridge name not identified correctly")
347 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
348 finally:
349 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'down'])
350 subprocess.call(['brctl', 'delif', br_ifname, ifname])
351 subprocess.call(['iw', ifname, 'set', 'type', 'station'])
352 subprocess.call(['brctl', 'delbr', br_ifname])
353
354 def test_ap_wpa2_ext_add_to_bridge(dev, apdev):
355 """hostapd behavior with interface added to bridge externally"""
356 ifname = apdev[0]['ifname']
357 br_ifname = 'ext-ap-br0'
358 try:
359 ssid = "test-wpa2-psk"
360 passphrase = "12345678"
361 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
362 hapd = hostapd.add_ap(ifname, params)
363
364 subprocess.call(['brctl', 'addbr', br_ifname])
365 subprocess.call(['brctl', 'setfd', br_ifname, '0'])
366 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'up'])
367 subprocess.call(['brctl', 'addif', br_ifname, ifname])
368 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
369 if hapd.get_driver_status_field('brname') != br_ifname:
370 raise Exception("Bridge name not identified correctly")
371 finally:
372 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'down'])
373 subprocess.call(['brctl', 'delif', br_ifname, ifname])
374 subprocess.call(['brctl', 'delbr', br_ifname])
375
376 def test_ap_wpa2_psk_ext(dev, apdev):
377 """WPA2-PSK AP using external EAPOL I/O"""
378 bssid = apdev[0]['bssid']
379 ssid = "test-wpa2-psk"
380 passphrase = 'qwertyuiop'
381 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
382 params = hostapd.wpa2_params(ssid=ssid)
383 params['wpa_psk'] = psk
384 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
385 hapd.request("SET ext_eapol_frame_io 1")
386 dev[0].request("SET ext_eapol_frame_io 1")
387 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
388 addr = dev[0].p2p_interface_addr()
389 while True:
390 ev = hapd.wait_event(["EAPOL-TX", "AP-STA-CONNECTED"], timeout=15)
391 if ev is None:
392 raise Exception("Timeout on EAPOL-TX from hostapd")
393 if "AP-STA-CONNECTED" in ev:
394 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=15)
395 if ev is None:
396 raise Exception("Timeout on connection event from wpa_supplicant")
397 break
398 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
399 if "OK" not in res:
400 raise Exception("EAPOL_RX to wpa_supplicant failed")
401 ev = dev[0].wait_event(["EAPOL-TX", "CTRL-EVENT-CONNECTED"], timeout=15)
402 if ev is None:
403 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
404 if "CTRL-EVENT-CONNECTED" in ev:
405 break
406 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
407 if "OK" not in res:
408 raise Exception("EAPOL_RX to hostapd failed")
Unnamed repository; edit this file 'description' to name the repository.