]> git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_ap_wps.py
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tests: WPS MAC address change
[thirdparty/hostap.git] / tests / hwsim / test_ap_wps.py
1 # WPS tests
2 # Copyright (c) 2013-2017, Jouni Malinen <j@w1.fi>
3 #
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
6
7 from remotehost import remote_compatible
8 from tshark import run_tshark
9 import base64
10 import binascii
11 from Crypto.Cipher import AES
12 import hashlib
13 import hmac
14 import os
15 import time
16 import sys
17 import stat
18 import subprocess
19 import logging
20 logger = logging.getLogger()
21 import re
22 import socket
23 import struct
24 try:
25 from http.client import HTTPConnection
26 from urllib.request import urlopen
27 from urllib.parse import urlparse, urljoin
28 from urllib.error import HTTPError
29 from io import StringIO
30 from socketserver import StreamRequestHandler, TCPServer
31 except ImportError:
32 from httplib import HTTPConnection
33 from urllib import urlopen
34 from urlparse import urlparse, urljoin
35 from urllib2 import build_opener, ProxyHandler, HTTPError
36 from StringIO import StringIO
37 from SocketServer import StreamRequestHandler, TCPServer
38 import urllib
39 import xml.etree.ElementTree as ET
40
41 import hwsim_utils
42 import hostapd
43 from wpasupplicant import WpaSupplicant
44 from utils import HwsimSkip, alloc_fail, fail_test, skip_with_fips
45 from utils import wait_fail_trigger, clear_regdom
46 from test_ap_eap import int_eap_server_params
47
48 def wps_start_ap(apdev, ssid="test-wps-conf"):
49 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
50 "wpa_passphrase": "12345678", "wpa": "2",
51 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"}
52 return hostapd.add_ap(apdev, params)
53
54 @remote_compatible
55 def test_ap_wps_init(dev, apdev):
56 """Initial AP configuration with first WPS Enrollee"""
57 ssid = "test-wps"
58 hapd = hostapd.add_ap(apdev[0],
59 {"ssid": ssid, "eap_server": "1", "wps_state": "1"})
60 logger.info("WPS provisioning step")
61 hapd.request("WPS_PBC")
62 if "PBC Status: Active" not in hapd.request("WPS_GET_STATUS"):
63 raise Exception("PBC status not shown correctly")
64
65 id = dev[0].add_network()
66 dev[0].set_network_quoted(id, "ssid", "home")
67 dev[0].set_network_quoted(id, "psk", "12345678")
68 dev[0].request("ENABLE_NETWORK %s no-connect" % id)
69
70 id = dev[0].add_network()
71 dev[0].set_network_quoted(id, "ssid", "home2")
72 dev[0].set_network(id, "bssid", "00:11:22:33:44:55")
73 dev[0].set_network(id, "key_mgmt", "NONE")
74 dev[0].request("ENABLE_NETWORK %s no-connect" % id)
75
76 dev[0].request("WPS_PBC")
77 dev[0].wait_connected(timeout=30)
78 status = dev[0].get_status()
79 if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
80 raise Exception("Not fully connected")
81 if status['ssid'] != ssid:
82 raise Exception("Unexpected SSID")
83 if status['pairwise_cipher'] != 'CCMP':
84 raise Exception("Unexpected encryption configuration")
85 if status['key_mgmt'] != 'WPA2-PSK':
86 raise Exception("Unexpected key_mgmt")
87
88 status = hapd.request("WPS_GET_STATUS")
89 if "PBC Status: Disabled" not in status:
90 raise Exception("PBC status not shown correctly")
91 if "Last WPS result: Success" not in status:
92 raise Exception("Last WPS result not shown correctly")
93 if "Peer Address: " + dev[0].p2p_interface_addr() not in status:
94 raise Exception("Peer address not shown correctly")
95 conf = hapd.request("GET_CONFIG")
96 if "wps_state=configured" not in conf:
97 raise Exception("AP not in WPS configured state")
98 if "wpa=3" not in conf:
99 raise Exception("AP not in WPA+WPA2 configuration")
100 if "rsn_pairwise_cipher=CCMP TKIP" not in conf:
101 raise Exception("Unexpected rsn_pairwise_cipher")
102 if "wpa_pairwise_cipher=CCMP TKIP" not in conf:
103 raise Exception("Unexpected wpa_pairwise_cipher")
104 if "group_cipher=TKIP" not in conf:
105 raise Exception("Unexpected group_cipher")
106
107 if len(dev[0].list_networks()) != 3:
108 raise Exception("Unexpected number of network blocks")
109
110 def test_ap_wps_init_2ap_pbc(dev, apdev):
111 """Initial two-radio AP configuration with first WPS PBC Enrollee"""
112 ssid = "test-wps"
113 params = {"ssid": ssid, "eap_server": "1", "wps_state": "1"}
114 hapd = hostapd.add_ap(apdev[0], params)
115 hostapd.add_ap(apdev[1], params)
116 logger.info("WPS provisioning step")
117 hapd.request("WPS_PBC")
118 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True)
119 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
120 bss = dev[0].get_bss(apdev[0]['bssid'])
121 if "[WPS-PBC]" not in bss['flags']:
122 raise Exception("WPS-PBC flag missing from AP1")
123 bss = dev[0].get_bss(apdev[1]['bssid'])
124 if "[WPS-PBC]" not in bss['flags']:
125 raise Exception("WPS-PBC flag missing from AP2")
126 dev[0].dump_monitor()
127 dev[0].request("SET wps_cred_processing 2")
128 dev[0].request("WPS_PBC")
129 ev = dev[0].wait_event(["WPS-CRED-RECEIVED"], timeout=30)
130 dev[0].request("SET wps_cred_processing 0")
131 if ev is None:
132 raise Exception("WPS cred event not seen")
133 if "100e" not in ev:
134 raise Exception("WPS attributes not included in the cred event")
135 dev[0].wait_connected(timeout=30)
136
137 dev[1].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True)
138 dev[1].scan_for_bss(apdev[1]['bssid'], freq="2412")
139 bss = dev[1].get_bss(apdev[0]['bssid'])
140 if "[WPS-PBC]" in bss['flags']:
141 raise Exception("WPS-PBC flag not cleared from AP1")
142 bss = dev[1].get_bss(apdev[1]['bssid'])
143 if "[WPS-PBC]" in bss['flags']:
144 raise Exception("WPS-PBC flag not cleared from AP2")
145
146 def test_ap_wps_init_2ap_pin(dev, apdev):
147 """Initial two-radio AP configuration with first WPS PIN Enrollee"""
148 ssid = "test-wps"
149 params = {"ssid": ssid, "eap_server": "1", "wps_state": "1"}
150 hapd = hostapd.add_ap(apdev[0], params)
151 hostapd.add_ap(apdev[1], params)
152 logger.info("WPS provisioning step")
153 pin = dev[0].wps_read_pin()
154 hapd.request("WPS_PIN any " + pin)
155 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True)
156 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
157 bss = dev[0].get_bss(apdev[0]['bssid'])
158 if "[WPS-AUTH]" not in bss['flags']:
159 raise Exception("WPS-AUTH flag missing from AP1")
160 bss = dev[0].get_bss(apdev[1]['bssid'])
161 if "[WPS-AUTH]" not in bss['flags']:
162 raise Exception("WPS-AUTH flag missing from AP2")
163 dev[0].dump_monitor()
164 dev[0].request("WPS_PIN any " + pin)
165 dev[0].wait_connected(timeout=30)
166
167 dev[1].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True)
168 dev[1].scan_for_bss(apdev[1]['bssid'], freq="2412")
169 bss = dev[1].get_bss(apdev[0]['bssid'])
170 if "[WPS-AUTH]" in bss['flags']:
171 raise Exception("WPS-AUTH flag not cleared from AP1")
172 bss = dev[1].get_bss(apdev[1]['bssid'])
173 if "[WPS-AUTH]" in bss['flags']:
174 raise Exception("WPS-AUTH flag not cleared from AP2")
175
176 @remote_compatible
177 def test_ap_wps_init_through_wps_config(dev, apdev):
178 """Initial AP configuration using wps_config command"""
179 ssid = "test-wps-init-config"
180 hapd = hostapd.add_ap(apdev[0],
181 {"ssid": ssid, "eap_server": "1", "wps_state": "1"})
182 if "FAIL" in hapd.request("WPS_CONFIG " + binascii.hexlify(ssid.encode()).decode() + " WPA2PSK CCMP " + binascii.hexlify(b"12345678").decode()):
183 raise Exception("WPS_CONFIG command failed")
184 ev = hapd.wait_event(["WPS-NEW-AP-SETTINGS"], timeout=5)
185 if ev is None:
186 raise Exception("Timeout on WPS-NEW-AP-SETTINGS events")
187 # It takes some time for the AP to update Beacon and Probe Response frames,
188 # so wait here before requesting the scan to be started to avoid adding
189 # extra five second wait to the test due to fetching obsolete scan results.
190 hapd.ping()
191 time.sleep(0.2)
192 dev[0].connect(ssid, psk="12345678", scan_freq="2412", proto="WPA2",
193 pairwise="CCMP", group="CCMP")
194
195 if "FAIL" not in hapd.request("WPS_CONFIG foo"):
196 raise Exception("Invalid WPS_CONFIG accepted")
197
198 @remote_compatible
199 def test_ap_wps_init_through_wps_config_2(dev, apdev):
200 """AP configuration using wps_config and wps_cred_processing=2"""
201 ssid = "test-wps-init-config"
202 hapd = hostapd.add_ap(apdev[0],
203 {"ssid": ssid, "eap_server": "1", "wps_state": "1",
204 "wps_cred_processing": "2"})
205 if "FAIL" in hapd.request("WPS_CONFIG " + binascii.hexlify(ssid.encode()).decode() + " WPA2PSK CCMP " + binascii.hexlify(b"12345678").decode()):
206 raise Exception("WPS_CONFIG command failed")
207 ev = hapd.wait_event(["WPS-NEW-AP-SETTINGS"], timeout=5)
208 if ev is None:
209 raise Exception("Timeout on WPS-NEW-AP-SETTINGS events")
210 if "100e" not in ev:
211 raise Exception("WPS-NEW-AP-SETTINGS did not include Credential")
212
213 @remote_compatible
214 def test_ap_wps_invalid_wps_config_passphrase(dev, apdev):
215 """AP configuration using wps_config command with invalid passphrase"""
216 ssid = "test-wps-init-config"
217 hapd = hostapd.add_ap(apdev[0],
218 {"ssid": ssid, "eap_server": "1", "wps_state": "1"})
219 if "FAIL" not in hapd.request("WPS_CONFIG " + binascii.hexlify(ssid.encode()).decode() + " WPA2PSK CCMP " + binascii.hexlify(b"1234567").decode()):
220 raise Exception("Invalid WPS_CONFIG command accepted")
221
222 def test_ap_wps_conf(dev, apdev):
223 """WPS PBC provisioning with configured AP"""
224 ssid = "test-wps-conf"
225 hapd = hostapd.add_ap(apdev[0],
226 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
227 "wpa_passphrase": "12345678", "wpa": "2",
228 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
229 logger.info("WPS provisioning step")
230 hapd.request("WPS_PBC")
231 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
232 dev[0].dump_monitor()
233 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
234 dev[0].wait_connected(timeout=30)
235 status = dev[0].get_status()
236 if status['wpa_state'] != 'COMPLETED':
237 raise Exception("Not fully connected")
238 if status['bssid'] != apdev[0]['bssid']:
239 raise Exception("Unexpected BSSID")
240 if status['ssid'] != ssid:
241 raise Exception("Unexpected SSID")
242 if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'CCMP':
243 raise Exception("Unexpected encryption configuration")
244 if status['key_mgmt'] != 'WPA2-PSK':
245 raise Exception("Unexpected key_mgmt")
246
247 sta = hapd.get_sta(dev[0].p2p_interface_addr())
248 if 'wpsDeviceName' not in sta or sta['wpsDeviceName'] != "Device A":
249 raise Exception("Device name not available in STA command")
250
251 def test_ap_wps_conf_5ghz(dev, apdev):
252 """WPS PBC provisioning with configured AP on 5 GHz band"""
253 try:
254 hapd = None
255 ssid = "test-wps-conf"
256 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
257 "wpa_passphrase": "12345678", "wpa": "2",
258 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
259 "country_code": "FI", "hw_mode": "a", "channel": "36"}
260 hapd = hostapd.add_ap(apdev[0], params)
261 logger.info("WPS provisioning step")
262 hapd.request("WPS_PBC")
263 dev[0].scan_for_bss(apdev[0]['bssid'], freq="5180")
264 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
265 dev[0].wait_connected(timeout=30)
266
267 sta = hapd.get_sta(dev[0].p2p_interface_addr())
268 if 'wpsDeviceName' not in sta or sta['wpsDeviceName'] != "Device A":
269 raise Exception("Device name not available in STA command")
270 finally:
271 dev[0].request("DISCONNECT")
272 clear_regdom(hapd, dev)
273
274 def test_ap_wps_conf_chan14(dev, apdev):
275 """WPS PBC provisioning with configured AP on channel 14"""
276 try:
277 hapd = None
278 ssid = "test-wps-conf"
279 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
280 "wpa_passphrase": "12345678", "wpa": "2",
281 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
282 "country_code": "JP", "hw_mode": "b", "channel": "14"}
283 hapd = hostapd.add_ap(apdev[0], params)
284 logger.info("WPS provisioning step")
285 hapd.request("WPS_PBC")
286 dev[0].request("WPS_PBC")
287 dev[0].wait_connected(timeout=30)
288
289 sta = hapd.get_sta(dev[0].p2p_interface_addr())
290 if 'wpsDeviceName' not in sta or sta['wpsDeviceName'] != "Device A":
291 raise Exception("Device name not available in STA command")
292 finally:
293 dev[0].request("DISCONNECT")
294 clear_regdom(hapd, dev)
295
296 @remote_compatible
297 def test_ap_wps_twice(dev, apdev):
298 """WPS provisioning with twice to change passphrase"""
299 ssid = "test-wps-twice"
300 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
301 "wpa_passphrase": "12345678", "wpa": "2",
302 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"}
303 hapd = hostapd.add_ap(apdev[0], params)
304 logger.info("WPS provisioning step")
305 hapd.request("WPS_PBC")
306 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
307 dev[0].dump_monitor()
308 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
309 dev[0].wait_connected(timeout=30)
310 dev[0].request("DISCONNECT")
311
312 logger.info("Restart AP with different passphrase and re-run WPS")
313 hostapd.remove_bss(apdev[0])
314 params['wpa_passphrase'] = 'another passphrase'
315 hapd = hostapd.add_ap(apdev[0], params)
316 logger.info("WPS provisioning step")
317 hapd.request("WPS_PBC")
318 dev[0].dump_monitor()
319 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
320 dev[0].wait_connected(timeout=30)
321 networks = dev[0].list_networks()
322 if len(networks) > 1:
323 raise Exception("Unexpected duplicated network block present")
324
325 @remote_compatible
326 def test_ap_wps_incorrect_pin(dev, apdev):
327 """WPS PIN provisioning with incorrect PIN"""
328 ssid = "test-wps-incorrect-pin"
329 hapd = hostapd.add_ap(apdev[0],
330 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
331 "wpa_passphrase": "12345678", "wpa": "2",
332 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
333
334 logger.info("WPS provisioning attempt 1")
335 hapd.request("WPS_PIN any 12345670")
336 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
337 dev[0].dump_monitor()
338 dev[0].request("WPS_PIN %s 55554444" % apdev[0]['bssid'])
339 ev = dev[0].wait_event(["WPS-FAIL"], timeout=30)
340 if ev is None:
341 raise Exception("WPS operation timed out")
342 if "config_error=18" not in ev:
343 raise Exception("Incorrect config_error reported")
344 if "msg=8" not in ev:
345 raise Exception("PIN error detected on incorrect message")
346 dev[0].wait_disconnected(timeout=10)
347 dev[0].request("WPS_CANCEL")
348 # if a scan was in progress, wait for it to complete before trying WPS again
349 ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
350
351 status = hapd.request("WPS_GET_STATUS")
352 if "Last WPS result: Failed" not in status:
353 raise Exception("WPS failure result not shown correctly")
354
355 logger.info("WPS provisioning attempt 2")
356 hapd.request("WPS_PIN any 12345670")
357 dev[0].dump_monitor()
358 dev[0].request("WPS_PIN %s 12344444" % apdev[0]['bssid'])
359 ev = dev[0].wait_event(["WPS-FAIL"], timeout=30)
360 if ev is None:
361 raise Exception("WPS operation timed out")
362 if "config_error=18" not in ev:
363 raise Exception("Incorrect config_error reported")
364 if "msg=10" not in ev:
365 raise Exception("PIN error detected on incorrect message")
366 dev[0].wait_disconnected(timeout=10)
367
368 @remote_compatible
369 def test_ap_wps_conf_pin(dev, apdev):
370 """WPS PIN provisioning with configured AP"""
371 ssid = "test-wps-conf-pin"
372 hapd = hostapd.add_ap(apdev[0],
373 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
374 "wpa_passphrase": "12345678", "wpa": "2",
375 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
376 logger.info("WPS provisioning step")
377 pin = dev[0].wps_read_pin()
378 hapd.request("WPS_PIN any " + pin)
379 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
380 dev[0].dump_monitor()
381 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
382 dev[0].wait_connected(timeout=30)
383 status = dev[0].get_status()
384 if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
385 raise Exception("Not fully connected")
386 if status['ssid'] != ssid:
387 raise Exception("Unexpected SSID")
388 if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'CCMP':
389 raise Exception("Unexpected encryption configuration")
390 if status['key_mgmt'] != 'WPA2-PSK':
391 raise Exception("Unexpected key_mgmt")
392
393 dev[1].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True)
394 bss = dev[1].get_bss(apdev[0]['bssid'])
395 if "[WPS-AUTH]" in bss['flags']:
396 raise Exception("WPS-AUTH flag not cleared")
397 logger.info("Try to connect from another station using the same PIN")
398 pin = dev[1].request("WPS_PIN " + apdev[0]['bssid'])
399 ev = dev[1].wait_event(["WPS-M2D", "CTRL-EVENT-CONNECTED"], timeout=30)
400 if ev is None:
401 raise Exception("Operation timed out")
402 if "WPS-M2D" not in ev:
403 raise Exception("Unexpected WPS operation started")
404 hapd.request("WPS_PIN any " + pin)
405 dev[1].wait_connected(timeout=30)
406
407 def test_ap_wps_conf_pin_mixed_mode(dev, apdev):
408 """WPS PIN provisioning with configured AP (WPA+WPA2)"""
409 ssid = "test-wps-conf-pin-mixed"
410 hapd = hostapd.add_ap(apdev[0],
411 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
412 "wpa_passphrase": "12345678", "wpa": "3",
413 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
414 "wpa_pairwise": "TKIP"})
415
416 logger.info("WPS provisioning step")
417 pin = dev[0].wps_read_pin()
418 hapd.request("WPS_PIN any " + pin)
419 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
420 dev[0].dump_monitor()
421 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
422 dev[0].wait_connected(timeout=30)
423 status = dev[0].get_status()
424 dev[0].request("REMOVE_NETWORK all")
425 dev[0].wait_disconnected()
426 if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'TKIP' or status['key_mgmt'] != 'WPA2-PSK':
427 raise Exception("Unexpected encryption/key_mgmt configuration: pairwise=%s group=%s key_mgmt=%s" % (status['pairwise_cipher'], status['group_cipher'], status['key_mgmt']))
428
429 logger.info("WPS provisioning step (auth_types=0x1b)")
430 if "OK" not in dev[0].request("SET wps_force_auth_types 0x1b"):
431 raise Exception("Failed to set wps_force_auth_types 0x1b")
432 pin = dev[0].wps_read_pin()
433 hapd.request("WPS_PIN any " + pin)
434 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
435 dev[0].dump_monitor()
436 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
437 dev[0].wait_connected(timeout=30)
438 status = dev[0].get_status()
439 dev[0].request("REMOVE_NETWORK all")
440 dev[0].wait_disconnected()
441 if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'TKIP' or status['key_mgmt'] != 'WPA2-PSK':
442 raise Exception("Unexpected encryption/key_mgmt configuration: pairwise=%s group=%s key_mgmt=%s" % (status['pairwise_cipher'], status['group_cipher'], status['key_mgmt']))
443
444 logger.info("WPS provisioning step (auth_types=0 encr_types=0)")
445 if "OK" not in dev[0].request("SET wps_force_auth_types 0"):
446 raise Exception("Failed to set wps_force_auth_types 0")
447 if "OK" not in dev[0].request("SET wps_force_encr_types 0"):
448 raise Exception("Failed to set wps_force_encr_types 0")
449 pin = dev[0].wps_read_pin()
450 hapd.request("WPS_PIN any " + pin)
451 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
452 dev[0].dump_monitor()
453 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
454 dev[0].wait_connected(timeout=30)
455 status = dev[0].get_status()
456 dev[0].request("REMOVE_NETWORK all")
457 dev[0].wait_disconnected()
458 if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'TKIP' or status['key_mgmt'] != 'WPA2-PSK':
459 raise Exception("Unexpected encryption/key_mgmt configuration: pairwise=%s group=%s key_mgmt=%s" % (status['pairwise_cipher'], status['group_cipher'], status['key_mgmt']))
460
461 dev[0].request("SET wps_force_auth_types ")
462 dev[0].request("SET wps_force_encr_types ")
463
464 @remote_compatible
465 def test_ap_wps_conf_pin_v1(dev, apdev):
466 """WPS PIN provisioning with configured WPS v1.0 AP"""
467 ssid = "test-wps-conf-pin-v1"
468 hapd = hostapd.add_ap(apdev[0],
469 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
470 "wpa_passphrase": "12345678", "wpa": "2",
471 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
472 logger.info("WPS provisioning step")
473 pin = dev[0].wps_read_pin()
474 hapd.request("SET wps_version_number 0x10")
475 hapd.request("WPS_PIN any " + pin)
476 found = False
477 for i in range(0, 10):
478 dev[0].scan(freq="2412")
479 if "[WPS-PIN]" in dev[0].request("SCAN_RESULTS"):
480 found = True
481 break
482 if not found:
483 hapd.request("SET wps_version_number 0x20")
484 raise Exception("WPS-PIN flag not seen in scan results")
485 dev[0].dump_monitor()
486 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
487 dev[0].wait_connected(timeout=30)
488 hapd.request("SET wps_version_number 0x20")
489
490 @remote_compatible
491 def test_ap_wps_conf_pin_2sta(dev, apdev):
492 """Two stations trying to use WPS PIN at the same time"""
493 ssid = "test-wps-conf-pin2"
494 hapd = hostapd.add_ap(apdev[0],
495 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
496 "wpa_passphrase": "12345678", "wpa": "2",
497 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
498 logger.info("WPS provisioning step")
499 pin = "12345670"
500 pin2 = "55554444"
501 hapd.request("WPS_PIN " + dev[0].get_status_field("uuid") + " " + pin)
502 hapd.request("WPS_PIN " + dev[1].get_status_field("uuid") + " " + pin)
503 dev[0].dump_monitor()
504 dev[1].dump_monitor()
505 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
506 dev[1].scan_for_bss(apdev[0]['bssid'], freq="2412")
507 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
508 dev[1].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
509 dev[0].wait_connected(timeout=30)
510 dev[1].wait_connected(timeout=30)
511
512 @remote_compatible
513 def test_ap_wps_conf_pin_timeout(dev, apdev):
514 """WPS PIN provisioning with configured AP timing out PIN"""
515 ssid = "test-wps-conf-pin"
516 hapd = hostapd.add_ap(apdev[0],
517 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
518 "wpa_passphrase": "12345678", "wpa": "2",
519 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
520 addr = dev[0].p2p_interface_addr()
521 pin = dev[0].wps_read_pin()
522 if "FAIL" not in hapd.request("WPS_PIN "):
523 raise Exception("Unexpected success on invalid WPS_PIN")
524 hapd.request("WPS_PIN any " + pin + " 1")
525 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
526 time.sleep(1.1)
527 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
528 ev = hapd.wait_event(["WPS-PIN-NEEDED"], timeout=20)
529 if ev is None:
530 raise Exception("WPS-PIN-NEEDED event timed out")
531 ev = dev[0].wait_event(["WPS-M2D"])
532 if ev is None:
533 raise Exception("M2D not reported")
534 dev[0].request("WPS_CANCEL")
535
536 hapd.request("WPS_PIN any " + pin + " 20 " + addr)
537 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
538 dev[0].wait_connected(timeout=30)
539
540 def test_ap_wps_reg_connect(dev, apdev):
541 """WPS registrar using AP PIN to connect"""
542 ssid = "test-wps-reg-ap-pin"
543 appin = "12345670"
544 hostapd.add_ap(apdev[0],
545 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
546 "wpa_passphrase": "12345678", "wpa": "2",
547 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
548 "ap_pin": appin})
549 logger.info("WPS provisioning step")
550 dev[0].dump_monitor()
551 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
552 dev[0].wps_reg(apdev[0]['bssid'], appin)
553 status = dev[0].get_status()
554 if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
555 raise Exception("Not fully connected")
556 if status['ssid'] != ssid:
557 raise Exception("Unexpected SSID")
558 if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'CCMP':
559 raise Exception("Unexpected encryption configuration")
560 if status['key_mgmt'] != 'WPA2-PSK':
561 raise Exception("Unexpected key_mgmt")
562
563 def test_ap_wps_reg_connect_zero_len_ap_pin(dev, apdev):
564 """hostapd with zero length ap_pin parameter"""
565 ssid = "test-wps-reg-ap-pin"
566 appin = ""
567 hostapd.add_ap(apdev[0],
568 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
569 "wpa_passphrase": "12345678", "wpa": "2",
570 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
571 "ap_pin": appin})
572 logger.info("WPS provisioning step")
573 dev[0].dump_monitor()
574 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
575 dev[0].wps_reg(apdev[0]['bssid'], appin, no_wait=True)
576 ev = dev[0].wait_event(["WPS-FAIL"], timeout=15)
577 if ev is None:
578 raise Exception("No WPS-FAIL reported")
579 if "msg=5 config_error=15" not in ev:
580 raise Exception("Unexpected WPS-FAIL: " + ev)
581
582 def test_ap_wps_reg_connect_mixed_mode(dev, apdev):
583 """WPS registrar using AP PIN to connect (WPA+WPA2)"""
584 ssid = "test-wps-reg-ap-pin"
585 appin = "12345670"
586 hostapd.add_ap(apdev[0],
587 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
588 "wpa_passphrase": "12345678", "wpa": "3",
589 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
590 "wpa_pairwise": "TKIP", "ap_pin": appin})
591 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
592 dev[0].wps_reg(apdev[0]['bssid'], appin)
593 status = dev[0].get_status()
594 if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
595 raise Exception("Not fully connected")
596 if status['ssid'] != ssid:
597 raise Exception("Unexpected SSID")
598 if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'TKIP':
599 raise Exception("Unexpected encryption configuration")
600 if status['key_mgmt'] != 'WPA2-PSK':
601 raise Exception("Unexpected key_mgmt")
602
603 def test_ap_wps_reg_override_ap_settings(dev, apdev):
604 """WPS registrar and ap_settings override"""
605 ap_settings = "/tmp/ap_wps_reg_override_ap_settings"
606 try:
607 os.remove(ap_settings)
608 except:
609 pass
610 # Override AP Settings with values that point to another AP
611 data = build_wsc_attr(ATTR_NETWORK_INDEX, b'\x01')
612 data += build_wsc_attr(ATTR_SSID, b"test")
613 data += build_wsc_attr(ATTR_AUTH_TYPE, b'\x00\x01')
614 data += build_wsc_attr(ATTR_ENCR_TYPE, b'\x00\x01')
615 data += build_wsc_attr(ATTR_NETWORK_KEY, b'')
616 data += build_wsc_attr(ATTR_MAC_ADDR, binascii.unhexlify(apdev[1]['bssid'].replace(':', '')))
617 with open(ap_settings, "wb") as f:
618 f.write(data)
619 ssid = "test-wps-reg-ap-pin"
620 appin = "12345670"
621 hostapd.add_ap(apdev[0],
622 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
623 "wpa_passphrase": "12345678", "wpa": "2",
624 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
625 "ap_pin": appin, "ap_settings": ap_settings})
626 hapd2 = hostapd.add_ap(apdev[1], {"ssid": "test"})
627 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
628 dev[0].scan_for_bss(apdev[1]['bssid'], freq=2412)
629 dev[0].wps_reg(apdev[0]['bssid'], appin)
630 ev = hapd2.wait_event(['AP-STA-CONNECTED'], timeout=10)
631 os.remove(ap_settings)
632 if ev is None:
633 raise Exception("No connection with the other AP")
634
635 def check_wps_reg_failure(dev, ap, appin):
636 dev.request("WPS_REG " + ap['bssid'] + " " + appin)
637 ev = dev.wait_event(["WPS-SUCCESS", "WPS-FAIL"], timeout=15)
638 if ev is None:
639 raise Exception("WPS operation timed out")
640 if "WPS-SUCCESS" in ev:
641 raise Exception("WPS operation succeeded unexpectedly")
642 if "config_error=15" not in ev:
643 raise Exception("WPS setup locked state was not reported correctly")
644
645 def test_ap_wps_random_ap_pin(dev, apdev):
646 """WPS registrar using random AP PIN"""
647 ssid = "test-wps-reg-random-ap-pin"
648 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
649 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
650 "wpa_passphrase": "12345678", "wpa": "2",
651 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
652 "device_name": "Wireless AP", "manufacturer": "Company",
653 "model_name": "WAP", "model_number": "123",
654 "serial_number": "12345", "device_type": "6-0050F204-1",
655 "os_version": "01020300",
656 "config_methods": "label push_button",
657 "uuid": ap_uuid, "upnp_iface": "lo"}
658 hapd = hostapd.add_ap(apdev[0], params)
659 appin = hapd.request("WPS_AP_PIN random")
660 if "FAIL" in appin:
661 raise Exception("Could not generate random AP PIN")
662 if appin not in hapd.request("WPS_AP_PIN get"):
663 raise Exception("Could not fetch current AP PIN")
664 logger.info("WPS provisioning step")
665 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
666 dev[0].wps_reg(apdev[0]['bssid'], appin)
667
668 hapd.request("WPS_AP_PIN disable")
669 logger.info("WPS provisioning step with AP PIN disabled")
670 dev[1].scan_for_bss(apdev[0]['bssid'], freq=2412)
671 check_wps_reg_failure(dev[1], apdev[0], appin)
672
673 logger.info("WPS provisioning step with AP PIN reset")
674 appin = "12345670"
675 hapd.request("WPS_AP_PIN set " + appin)
676 dev[1].wps_reg(apdev[0]['bssid'], appin)
677 dev[0].request("REMOVE_NETWORK all")
678 dev[1].request("REMOVE_NETWORK all")
679 dev[0].wait_disconnected(timeout=10)
680 dev[1].wait_disconnected(timeout=10)
681
682 logger.info("WPS provisioning step after AP PIN timeout")
683 hapd.request("WPS_AP_PIN disable")
684 appin = hapd.request("WPS_AP_PIN random 1")
685 time.sleep(1.1)
686 if "FAIL" not in hapd.request("WPS_AP_PIN get"):
687 raise Exception("AP PIN unexpectedly still enabled")
688 check_wps_reg_failure(dev[0], apdev[0], appin)
689
690 logger.info("WPS provisioning step after AP PIN timeout(2)")
691 hapd.request("WPS_AP_PIN disable")
692 appin = "12345670"
693 hapd.request("WPS_AP_PIN set " + appin + " 1")
694 time.sleep(1.1)
695 if "FAIL" not in hapd.request("WPS_AP_PIN get"):
696 raise Exception("AP PIN unexpectedly still enabled")
697 check_wps_reg_failure(dev[1], apdev[0], appin)
698
699 with fail_test(hapd, 1, "os_get_random;wps_generate_pin"):
700 hapd.request("WPS_AP_PIN random 1")
701 hapd.request("WPS_AP_PIN disable")
702
703 with alloc_fail(hapd, 1, "upnp_wps_set_ap_pin"):
704 hapd.request("WPS_AP_PIN set 12345670")
705 hapd.request("WPS_AP_PIN disable")
706
707 if "FAIL" not in hapd.request("WPS_AP_PIN set"):
708 raise Exception("Invalid WPS_AP_PIN accepted")
709 if "FAIL" not in hapd.request("WPS_AP_PIN foo"):
710 raise Exception("Invalid WPS_AP_PIN accepted")
711
712 def test_ap_wps_reg_config(dev, apdev):
713 """WPS registrar configuring an AP using AP PIN"""
714 ssid = "test-wps-init-ap-pin"
715 appin = "12345670"
716 hostapd.add_ap(apdev[0],
717 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
718 "ap_pin": appin})
719 logger.info("WPS configuration step")
720 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
721 dev[0].dump_monitor()
722 new_ssid = "wps-new-ssid"
723 new_passphrase = "1234567890"
724 dev[0].wps_reg(apdev[0]['bssid'], appin, new_ssid, "WPA2PSK", "CCMP",
725 new_passphrase)
726 status = dev[0].get_status()
727 if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
728 raise Exception("Not fully connected")
729 if status['ssid'] != new_ssid:
730 raise Exception("Unexpected SSID")
731 if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'CCMP':
732 raise Exception("Unexpected encryption configuration")
733 if status['key_mgmt'] != 'WPA2-PSK':
734 raise Exception("Unexpected key_mgmt")
735
736 logger.info("Re-configure back to open")
737 dev[0].request("REMOVE_NETWORK all")
738 dev[0].flush_scan_cache()
739 dev[0].dump_monitor()
740 dev[0].wps_reg(apdev[0]['bssid'], appin, "wps-open", "OPEN", "NONE", "")
741 status = dev[0].get_status()
742 if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
743 raise Exception("Not fully connected")
744 if status['ssid'] != "wps-open":
745 raise Exception("Unexpected SSID")
746 if status['key_mgmt'] != 'NONE':
747 raise Exception("Unexpected key_mgmt")
748
749 def test_ap_wps_reg_config_ext_processing(dev, apdev):
750 """WPS registrar configuring an AP with external config processing"""
751 ssid = "test-wps-init-ap-pin"
752 appin = "12345670"
753 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
754 "wps_cred_processing": "1", "ap_pin": appin}
755 hapd = hostapd.add_ap(apdev[0], params)
756 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
757 new_ssid = "wps-new-ssid"
758 new_passphrase = "1234567890"
759 dev[0].wps_reg(apdev[0]['bssid'], appin, new_ssid, "WPA2PSK", "CCMP",
760 new_passphrase, no_wait=True)
761 ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15)
762 if ev is None:
763 raise Exception("WPS registrar operation timed out")
764 ev = hapd.wait_event(["WPS-NEW-AP-SETTINGS"], timeout=15)
765 if ev is None:
766 raise Exception("WPS configuration timed out")
767 if "1026" not in ev:
768 raise Exception("AP Settings missing from event")
769 hapd.request("SET wps_cred_processing 0")
770 if "FAIL" in hapd.request("WPS_CONFIG " + binascii.hexlify(new_ssid.encode()).decode() + " WPA2PSK CCMP " + binascii.hexlify(new_passphrase.encode()).decode()):
771 raise Exception("WPS_CONFIG command failed")
772 dev[0].wait_connected(timeout=15)
773
774 def test_ap_wps_reg_config_tkip(dev, apdev):
775 """WPS registrar configuring AP to use TKIP and AP upgrading to TKIP+CCMP"""
776 skip_with_fips(dev[0])
777 ssid = "test-wps-init-ap"
778 appin = "12345670"
779 hostapd.add_ap(apdev[0],
780 {"ssid": ssid, "eap_server": "1", "wps_state": "1",
781 "ap_pin": appin})
782 logger.info("WPS configuration step")
783 dev[0].request("SET wps_version_number 0x10")
784 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
785 dev[0].dump_monitor()
786 new_ssid = "wps-new-ssid-with-tkip"
787 new_passphrase = "1234567890"
788 dev[0].wps_reg(apdev[0]['bssid'], appin, new_ssid, "WPAPSK", "TKIP",
789 new_passphrase)
790 logger.info("Re-connect to verify WPA2 mixed mode")
791 dev[0].request("DISCONNECT")
792 id = 0
793 dev[0].set_network(id, "pairwise", "CCMP")
794 dev[0].set_network(id, "proto", "RSN")
795 dev[0].connect_network(id)
796 status = dev[0].get_status()
797 if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
798 raise Exception("Not fully connected: wpa_state={} bssid={}".format(status['wpa_state'], status['bssid']))
799 if status['ssid'] != new_ssid:
800 raise Exception("Unexpected SSID")
801 if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'TKIP':
802 raise Exception("Unexpected encryption configuration")
803 if status['key_mgmt'] != 'WPA2-PSK':
804 raise Exception("Unexpected key_mgmt")
805
806 def test_ap_wps_setup_locked(dev, apdev):
807 """WPS registrar locking up AP setup on AP PIN failures"""
808 ssid = "test-wps-incorrect-ap-pin"
809 appin = "12345670"
810 hapd = hostapd.add_ap(apdev[0],
811 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
812 "wpa_passphrase": "12345678", "wpa": "2",
813 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
814 "ap_pin": appin})
815 new_ssid = "wps-new-ssid-test"
816 new_passphrase = "1234567890"
817
818 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
819 ap_setup_locked = False
820 for pin in ["55554444", "1234", "12345678", "00000000", "11111111"]:
821 dev[0].dump_monitor()
822 logger.info("Try incorrect AP PIN - attempt " + pin)
823 dev[0].wps_reg(apdev[0]['bssid'], pin, new_ssid, "WPA2PSK",
824 "CCMP", new_passphrase, no_wait=True)
825 ev = dev[0].wait_event(["WPS-FAIL", "CTRL-EVENT-CONNECTED"])
826 if ev is None:
827 raise Exception("Timeout on receiving WPS operation failure event")
828 if "CTRL-EVENT-CONNECTED" in ev:
829 raise Exception("Unexpected connection")
830 if "config_error=15" in ev:
831 logger.info("AP Setup Locked")
832 ap_setup_locked = True
833 elif "config_error=18" not in ev:
834 raise Exception("config_error=18 not reported")
835 dev[0].wait_disconnected(timeout=10)
836 time.sleep(0.1)
837 if not ap_setup_locked:
838 raise Exception("AP setup was not locked")
839 dev[0].request("WPS_CANCEL")
840 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412, force_scan=True,
841 only_new=True)
842 bss = dev[0].get_bss(apdev[0]['bssid'])
843 if 'wps_ap_setup_locked' not in bss or bss['wps_ap_setup_locked'] != '1':
844 logger.info("BSS: " + str(bss))
845 raise Exception("AP Setup Locked not indicated in scan results")
846
847 status = hapd.request("WPS_GET_STATUS")
848 if "Last WPS result: Failed" not in status:
849 raise Exception("WPS failure result not shown correctly")
850 if "Peer Address: " + dev[0].p2p_interface_addr() not in status:
851 raise Exception("Peer address not shown correctly")
852
853 time.sleep(0.5)
854 dev[0].dump_monitor()
855 logger.info("WPS provisioning step")
856 pin = dev[0].wps_read_pin()
857 hapd.request("WPS_PIN any " + pin)
858 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
859 ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=30)
860 if ev is None:
861 raise Exception("WPS success was not reported")
862 dev[0].wait_connected(timeout=30)
863
864 appin = hapd.request("WPS_AP_PIN random")
865 if "FAIL" in appin:
866 raise Exception("Could not generate random AP PIN")
867 ev = hapd.wait_event(["WPS-AP-SETUP-UNLOCKED"], timeout=10)
868 if ev is None:
869 raise Exception("Failed to unlock AP PIN")
870
871 def test_ap_wps_setup_locked_timeout(dev, apdev):
872 """WPS re-enabling AP PIN after timeout"""
873 ssid = "test-wps-incorrect-ap-pin"
874 appin = "12345670"
875 hapd = hostapd.add_ap(apdev[0],
876 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
877 "wpa_passphrase": "12345678", "wpa": "2",
878 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
879 "ap_pin": appin})
880 new_ssid = "wps-new-ssid-test"
881 new_passphrase = "1234567890"
882
883 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
884 ap_setup_locked = False
885 for pin in ["55554444", "1234", "12345678", "00000000", "11111111"]:
886 dev[0].dump_monitor()
887 logger.info("Try incorrect AP PIN - attempt " + pin)
888 dev[0].wps_reg(apdev[0]['bssid'], pin, new_ssid, "WPA2PSK",
889 "CCMP", new_passphrase, no_wait=True)
890 ev = dev[0].wait_event(["WPS-FAIL", "CTRL-EVENT-CONNECTED"], timeout=15)
891 if ev is None:
892 raise Exception("Timeout on receiving WPS operation failure event")
893 if "CTRL-EVENT-CONNECTED" in ev:
894 raise Exception("Unexpected connection")
895 if "config_error=15" in ev:
896 logger.info("AP Setup Locked")
897 ap_setup_locked = True
898 break
899 elif "config_error=18" not in ev:
900 raise Exception("config_error=18 not reported")
901 dev[0].wait_disconnected(timeout=10)
902 time.sleep(0.1)
903 if not ap_setup_locked:
904 raise Exception("AP setup was not locked")
905 ev = hapd.wait_event(["WPS-AP-SETUP-UNLOCKED"], timeout=80)
906 if ev is None:
907 raise Exception("AP PIN did not get unlocked on 60 second timeout")
908
909 def test_ap_wps_setup_locked_2(dev, apdev):
910 """WPS AP configured for special ap_setup_locked=2 mode"""
911 ssid = "test-wps-ap-pin"
912 appin = "12345670"
913 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
914 "wpa_passphrase": "12345678", "wpa": "2",
915 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
916 "ap_pin": appin, "ap_setup_locked": "2"}
917 hapd = hostapd.add_ap(apdev[0], params)
918 new_ssid = "wps-new-ssid-test"
919 new_passphrase = "1234567890"
920
921 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
922 dev[0].wps_reg(apdev[0]['bssid'], appin)
923 dev[0].request("REMOVE_NETWORK all")
924 dev[0].wait_disconnected()
925
926 hapd.dump_monitor()
927 dev[0].dump_monitor()
928 dev[0].wps_reg(apdev[0]['bssid'], appin, new_ssid, "WPA2PSK",
929 "CCMP", new_passphrase, no_wait=True)
930
931 ev = hapd.wait_event(["WPS-FAIL"], timeout=5)
932 if ev is None:
933 raise Exception("hostapd did not report WPS failure")
934 if "msg=12 config_error=15" not in ev:
935 raise Exception("Unexpected failure reason (AP): " + ev)
936
937 ev = dev[0].wait_event(["WPS-FAIL", "CTRL-EVENT-CONNECTED"])
938 if ev is None:
939 raise Exception("Timeout on receiving WPS operation failure event")
940 if "CTRL-EVENT-CONNECTED" in ev:
941 raise Exception("Unexpected connection")
942 if "config_error=15" not in ev:
943 raise Exception("Unexpected failure reason (STA): " + ev)
944 dev[0].request("WPS_CANCEL")
945 dev[0].wait_disconnected()
946
947 @remote_compatible
948 def test_ap_wps_pbc_overlap_2ap(dev, apdev):
949 """WPS PBC session overlap with two active APs"""
950 params = {"ssid": "wps1", "eap_server": "1", "wps_state": "2",
951 "wpa_passphrase": "12345678", "wpa": "2",
952 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
953 "wps_independent": "1"}
954 hapd = hostapd.add_ap(apdev[0], params)
955 params = {"ssid": "wps2", "eap_server": "1", "wps_state": "2",
956 "wpa_passphrase": "123456789", "wpa": "2",
957 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
958 "wps_independent": "1"}
959 hapd2 = hostapd.add_ap(apdev[1], params)
960 hapd.request("WPS_PBC")
961 hapd2.request("WPS_PBC")
962 logger.info("WPS provisioning step")
963 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True)
964 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
965 dev[0].request("WPS_PBC")
966 ev = dev[0].wait_event(["WPS-OVERLAP-DETECTED"], timeout=15)
967 if ev is None:
968 raise Exception("PBC session overlap not detected")
969 hapd.request("DISABLE")
970 hapd2.request("DISABLE")
971 dev[0].flush_scan_cache()
972
973 @remote_compatible
974 def test_ap_wps_pbc_overlap_2sta(dev, apdev):
975 """WPS PBC session overlap with two active STAs"""
976 ssid = "test-wps-pbc-overlap"
977 hapd = hostapd.add_ap(apdev[0],
978 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
979 "wpa_passphrase": "12345678", "wpa": "2",
980 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
981 logger.info("WPS provisioning step")
982 hapd.request("WPS_PBC")
983 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
984 dev[0].dump_monitor()
985 dev[1].scan_for_bss(apdev[0]['bssid'], freq="2412")
986 dev[1].dump_monitor()
987 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
988 dev[1].request("WPS_PBC " + apdev[0]['bssid'])
989 ev = dev[0].wait_event(["WPS-M2D"], timeout=15)
990 if ev is None:
991 raise Exception("PBC session overlap not detected (dev0)")
992 if "config_error=12" not in ev:
993 raise Exception("PBC session overlap not correctly reported (dev0)")
994 dev[0].request("WPS_CANCEL")
995 dev[0].request("DISCONNECT")
996 ev = dev[1].wait_event(["WPS-M2D"], timeout=15)
997 if ev is None:
998 raise Exception("PBC session overlap not detected (dev1)")
999 if "config_error=12" not in ev:
1000 raise Exception("PBC session overlap not correctly reported (dev1)")
1001 dev[1].request("WPS_CANCEL")
1002 dev[1].request("DISCONNECT")
1003 hapd.request("WPS_CANCEL")
1004 ret = hapd.request("WPS_PBC")
1005 if "FAIL" not in ret:
1006 raise Exception("PBC mode allowed to be started while PBC overlap still active")
1007 hapd.request("DISABLE")
1008 dev[0].flush_scan_cache()
1009 dev[1].flush_scan_cache()
1010
1011 @remote_compatible
1012 def test_ap_wps_cancel(dev, apdev):
1013 """WPS AP cancelling enabled config method"""
1014 ssid = "test-wps-ap-cancel"
1015 hapd = hostapd.add_ap(apdev[0],
1016 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
1017 "wpa_passphrase": "12345678", "wpa": "2",
1018 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
1019 bssid = apdev[0]['bssid']
1020
1021 logger.info("Verify PBC enable/cancel")
1022 hapd.request("WPS_PBC")
1023 dev[0].scan(freq="2412")
1024 dev[0].scan(freq="2412")
1025 bss = dev[0].get_bss(apdev[0]['bssid'])
1026 if "[WPS-PBC]" not in bss['flags']:
1027 raise Exception("WPS-PBC flag missing")
1028 if "FAIL" in hapd.request("WPS_CANCEL"):
1029 raise Exception("WPS_CANCEL failed")
1030 dev[0].scan(freq="2412")
1031 dev[0].scan(freq="2412")
1032 bss = dev[0].get_bss(apdev[0]['bssid'])
1033 if "[WPS-PBC]" in bss['flags']:
1034 raise Exception("WPS-PBC flag not cleared")
1035
1036 logger.info("Verify PIN enable/cancel")
1037 hapd.request("WPS_PIN any 12345670")
1038 dev[0].scan(freq="2412")
1039 dev[0].scan(freq="2412")
1040 bss = dev[0].get_bss(apdev[0]['bssid'])
1041 if "[WPS-AUTH]" not in bss['flags']:
1042 raise Exception("WPS-AUTH flag missing")
1043 if "FAIL" in hapd.request("WPS_CANCEL"):
1044 raise Exception("WPS_CANCEL failed")
1045 dev[0].scan(freq="2412")
1046 dev[0].scan(freq="2412")
1047 bss = dev[0].get_bss(apdev[0]['bssid'])
1048 if "[WPS-AUTH]" in bss['flags']:
1049 raise Exception("WPS-AUTH flag not cleared")
1050
1051 def test_ap_wps_er_add_enrollee(dev, apdev):
1052 """WPS ER configuring AP and adding a new enrollee using PIN"""
1053 try:
1054 _test_ap_wps_er_add_enrollee(dev, apdev)
1055 finally:
1056 dev[0].request("WPS_ER_STOP")
1057
1058 def _test_ap_wps_er_add_enrollee(dev, apdev):
1059 ssid = "wps-er-add-enrollee"
1060 ap_pin = "12345670"
1061 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
1062 hostapd.add_ap(apdev[0],
1063 {"ssid": ssid, "eap_server": "1", "wps_state": "1",
1064 "device_name": "Wireless AP", "manufacturer": "Company",
1065 "model_name": "WAP", "model_number": "123",
1066 "serial_number": "12345", "device_type": "6-0050F204-1",
1067 "os_version": "01020300",
1068 'friendly_name': "WPS AP - <>&'\" - TEST",
1069 "config_methods": "label push_button",
1070 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"})
1071 logger.info("WPS configuration step")
1072 new_passphrase = "1234567890"
1073 dev[0].dump_monitor()
1074 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
1075 dev[0].wps_reg(apdev[0]['bssid'], ap_pin, ssid, "WPA2PSK", "CCMP",
1076 new_passphrase)
1077 status = dev[0].get_status()
1078 if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
1079 raise Exception("Not fully connected")
1080 if status['ssid'] != ssid:
1081 raise Exception("Unexpected SSID")
1082 if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'CCMP':
1083 raise Exception("Unexpected encryption configuration")
1084 if status['key_mgmt'] != 'WPA2-PSK':
1085 raise Exception("Unexpected key_mgmt")
1086
1087 logger.info("Start ER")
1088 dev[0].request("WPS_ER_START ifname=lo")
1089 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
1090 if ev is None:
1091 raise Exception("AP discovery timed out")
1092 if ap_uuid not in ev:
1093 raise Exception("Expected AP UUID not found")
1094 if "|WPS AP - &lt;&gt;&amp;&apos;&quot; - TEST|Company|" not in ev:
1095 raise Exception("Expected friendly name not found")
1096
1097 logger.info("Learn AP configuration through UPnP")
1098 dev[0].dump_monitor()
1099 dev[0].request("WPS_ER_LEARN " + ap_uuid + " " + ap_pin)
1100 ev = dev[0].wait_event(["WPS-ER-AP-SETTINGS"], timeout=15)
1101 if ev is None:
1102 raise Exception("AP learn timed out")
1103 if ap_uuid not in ev:
1104 raise Exception("Expected AP UUID not in settings")
1105 if "ssid=" + ssid not in ev:
1106 raise Exception("Expected SSID not in settings")
1107 if "key=" + new_passphrase not in ev:
1108 raise Exception("Expected passphrase not in settings")
1109 ev = dev[0].wait_event(["WPS-FAIL"], timeout=15)
1110 if ev is None:
1111 raise Exception("WPS-FAIL after AP learn timed out")
1112 time.sleep(0.1)
1113
1114 logger.info("Add Enrollee using ER")
1115 pin = dev[1].wps_read_pin()
1116 dev[0].dump_monitor()
1117 dev[0].request("WPS_ER_PIN any " + pin + " " + dev[1].p2p_interface_addr())
1118 dev[1].scan_for_bss(apdev[0]['bssid'], freq=2412)
1119 dev[1].dump_monitor()
1120 dev[1].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
1121 ev = dev[1].wait_event(["WPS-SUCCESS"], timeout=30)
1122 if ev is None:
1123 raise Exception("Enrollee did not report success")
1124 dev[1].wait_connected(timeout=15)
1125 ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15)
1126 if ev is None:
1127 raise Exception("WPS ER did not report success")
1128 hwsim_utils.test_connectivity_sta(dev[0], dev[1])
1129
1130 logger.info("Add a specific Enrollee using ER")
1131 pin = dev[2].wps_read_pin()
1132 addr2 = dev[2].p2p_interface_addr()
1133 dev[0].dump_monitor()
1134 dev[2].scan_for_bss(apdev[0]['bssid'], freq=2412)
1135 dev[2].dump_monitor()
1136 dev[2].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
1137 ev = dev[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout=10)
1138 if ev is None:
1139 raise Exception("Enrollee not seen")
1140 if addr2 not in ev:
1141 raise Exception("Unexpected Enrollee MAC address")
1142 dev[0].request("WPS_ER_PIN " + addr2 + " " + pin + " " + addr2)
1143 dev[2].wait_connected(timeout=30)
1144 ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15)
1145 if ev is None:
1146 raise Exception("WPS ER did not report success")
1147
1148 logger.info("Verify registrar selection behavior")
1149 dev[0].request("WPS_ER_PIN any " + pin + " " + dev[1].p2p_interface_addr())
1150 dev[1].request("DISCONNECT")
1151 dev[1].wait_disconnected(timeout=10)
1152 dev[1].scan_for_bss(apdev[0]['bssid'], freq="2412")
1153 dev[1].scan(freq="2412")
1154 bss = dev[1].get_bss(apdev[0]['bssid'])
1155 if "[WPS-AUTH]" not in bss['flags']:
1156 # It is possible for scan to miss an update especially when running
1157 # tests under load with multiple VMs, so allow another attempt.
1158 dev[1].scan(freq="2412")
1159 bss = dev[1].get_bss(apdev[0]['bssid'])
1160 if "[WPS-AUTH]" not in bss['flags']:
1161 raise Exception("WPS-AUTH flag missing")
1162
1163 logger.info("Stop ER")
1164 dev[0].dump_monitor()
1165 dev[0].request("WPS_ER_STOP")
1166 ev = dev[0].wait_event(["WPS-ER-AP-REMOVE"])
1167 if ev is None:
1168 raise Exception("WPS ER unsubscription timed out")
1169 # It takes some time for the UPnP UNSUBSCRIBE command to go through, so wait
1170 # a bit before verifying that the scan results have changed.
1171 time.sleep(0.2)
1172
1173 for i in range(0, 10):
1174 dev[1].request("BSS_FLUSH 0")
1175 dev[1].scan(freq="2412", only_new=True)
1176 bss = dev[1].get_bss(apdev[0]['bssid'])
1177 if bss and 'flags' in bss and "[WPS-AUTH]" not in bss['flags']:
1178 break
1179 logger.debug("WPS-AUTH flag was still in place - wait a bit longer")
1180 time.sleep(0.1)
1181 if "[WPS-AUTH]" in bss['flags']:
1182 raise Exception("WPS-AUTH flag not removed")
1183
1184 def test_ap_wps_er_add_enrollee_uuid(dev, apdev):
1185 """WPS ER adding a new enrollee identified by UUID"""
1186 try:
1187 _test_ap_wps_er_add_enrollee_uuid(dev, apdev)
1188 finally:
1189 dev[0].request("WPS_ER_STOP")
1190
1191 def _test_ap_wps_er_add_enrollee_uuid(dev, apdev):
1192 ssid = "wps-er-add-enrollee"
1193 ap_pin = "12345670"
1194 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
1195 hostapd.add_ap(apdev[0],
1196 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
1197 "wpa_passphrase": "12345678", "wpa": "2",
1198 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
1199 "device_name": "Wireless AP", "manufacturer": "Company",
1200 "model_name": "WAP", "model_number": "123",
1201 "serial_number": "12345", "device_type": "6-0050F204-1",
1202 "os_version": "01020300",
1203 "config_methods": "label push_button",
1204 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"})
1205 logger.info("WPS configuration step")
1206 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
1207 dev[0].wps_reg(apdev[0]['bssid'], ap_pin)
1208
1209 logger.info("Start ER")
1210 dev[0].request("WPS_ER_START ifname=lo")
1211 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
1212 if ev is None:
1213 raise Exception("AP discovery timed out")
1214 if ap_uuid not in ev:
1215 raise Exception("Expected AP UUID not found")
1216
1217 logger.info("Learn AP configuration through UPnP")
1218 dev[0].dump_monitor()
1219 dev[0].request("WPS_ER_LEARN " + ap_uuid + " " + ap_pin)
1220 ev = dev[0].wait_event(["WPS-ER-AP-SETTINGS"], timeout=15)
1221 if ev is None:
1222 raise Exception("AP learn timed out")
1223 if ap_uuid not in ev:
1224 raise Exception("Expected AP UUID not in settings")
1225 ev = dev[0].wait_event(["WPS-FAIL"], timeout=15)
1226 if ev is None:
1227 raise Exception("WPS-FAIL after AP learn timed out")
1228 time.sleep(0.1)
1229
1230 logger.info("Add a specific Enrollee using ER (PBC/UUID)")
1231 addr1 = dev[1].p2p_interface_addr()
1232 dev[0].dump_monitor()
1233 dev[1].scan_for_bss(apdev[0]['bssid'], freq=2412)
1234 dev[1].dump_monitor()
1235 dev[1].request("WPS_PBC %s" % apdev[0]['bssid'])
1236 ev = dev[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout=10)
1237 if ev is None:
1238 raise Exception("Enrollee not seen")
1239 if addr1 not in ev:
1240 raise Exception("Unexpected Enrollee MAC address")
1241 uuid = ev.split(' ')[1]
1242 dev[0].request("WPS_ER_PBC " + uuid)
1243 dev[1].wait_connected(timeout=30)
1244 ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15)
1245 if ev is None:
1246 raise Exception("WPS ER did not report success")
1247
1248 logger.info("Add a specific Enrollee using ER (PIN/UUID)")
1249 pin = dev[2].wps_read_pin()
1250 addr2 = dev[2].p2p_interface_addr()
1251 dev[0].dump_monitor()
1252 dev[2].scan_for_bss(apdev[0]['bssid'], freq=2412)
1253 dev[2].dump_monitor()
1254 dev[2].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
1255 ev = dev[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout=10)
1256 if ev is None:
1257 raise Exception("Enrollee not seen")
1258 if addr2 not in ev:
1259 raise Exception("Unexpected Enrollee MAC address")
1260 uuid = ev.split(' ')[1]
1261 dev[0].request("WPS_ER_PIN " + uuid + " " + pin)
1262 dev[2].wait_connected(timeout=30)
1263 ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15)
1264 if ev is None:
1265 raise Exception("WPS ER did not report success")
1266
1267 ev = dev[0].wait_event(["WPS-ER-ENROLLEE-REMOVE"], timeout=15)
1268 if ev is None:
1269 raise Exception("No Enrollee STA entry timeout seen")
1270
1271 logger.info("Stop ER")
1272 dev[0].dump_monitor()
1273 dev[0].request("WPS_ER_STOP")
1274
1275 def test_ap_wps_er_multi_add_enrollee(dev, apdev):
1276 """Multiple WPS ERs adding a new enrollee using PIN"""
1277 try:
1278 _test_ap_wps_er_multi_add_enrollee(dev, apdev)
1279 finally:
1280 for i in range(2):
1281 dev[i].request("WPS_ER_STOP")
1282
1283 def _test_ap_wps_er_multi_add_enrollee(dev, apdev):
1284 ssid = "wps-er-add-enrollee"
1285 ap_pin = "12345670"
1286 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
1287 hostapd.add_ap(apdev[0],
1288 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
1289 "wpa_passphrase": "12345678", "wpa": "2",
1290 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
1291 "device_name": "Wireless AP", "manufacturer": "Company",
1292 "model_name": "WAP", "model_number": "123",
1293 "serial_number": "12345", "device_type": "6-0050F204-1",
1294 "os_version": "01020300",
1295 'friendly_name': "WPS AP",
1296 "config_methods": "label push_button",
1297 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"})
1298
1299 for i in range(2):
1300 dev[i].scan_for_bss(apdev[0]['bssid'], freq=2412)
1301 dev[i].wps_reg(apdev[0]['bssid'], ap_pin)
1302 for i in range(2):
1303 dev[i].request("WPS_ER_START ifname=lo")
1304 for i in range(2):
1305 ev = dev[i].wait_event(["WPS-ER-AP-ADD"], timeout=15)
1306 if ev is None:
1307 raise Exception("AP discovery timed out")
1308 dev[i].dump_monitor()
1309 for i in range(2):
1310 dev[i].request("WPS_ER_LEARN " + ap_uuid + " " + ap_pin)
1311 for i in range(2):
1312 ev = dev[i].wait_event(["WPS-ER-AP-SETTINGS"], timeout=15)
1313 if ev is None:
1314 raise Exception("AP learn timed out")
1315 ev = dev[i].wait_event(["WPS-FAIL"], timeout=15)
1316 if ev is None:
1317 raise Exception("WPS-FAIL after AP learn timed out")
1318
1319 time.sleep(0.1)
1320
1321 pin = dev[2].wps_read_pin()
1322 addr = dev[2].own_addr()
1323 dev[0].dump_monitor()
1324 dev[0].request("WPS_ER_PIN any " + pin + " " + addr)
1325 dev[1].dump_monitor()
1326 dev[1].request("WPS_ER_PIN any " + pin + " " + addr)
1327
1328 dev[2].scan_for_bss(apdev[0]['bssid'], freq=2412)
1329 dev[2].dump_monitor()
1330 dev[2].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
1331 ev = dev[2].wait_event(["WPS-SUCCESS"], timeout=30)
1332 if ev is None:
1333 raise Exception("Enrollee did not report success")
1334 dev[2].wait_connected(timeout=15)
1335
1336 def test_ap_wps_er_add_enrollee_pbc(dev, apdev):
1337 """WPS ER connected to AP and adding a new enrollee using PBC"""
1338 try:
1339 _test_ap_wps_er_add_enrollee_pbc(dev, apdev)
1340 finally:
1341 dev[0].request("WPS_ER_STOP")
1342
1343 def _test_ap_wps_er_add_enrollee_pbc(dev, apdev):
1344 ssid = "wps-er-add-enrollee-pbc"
1345 ap_pin = "12345670"
1346 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
1347 hostapd.add_ap(apdev[0],
1348 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
1349 "wpa_passphrase": "12345678", "wpa": "2",
1350 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
1351 "device_name": "Wireless AP", "manufacturer": "Company",
1352 "model_name": "WAP", "model_number": "123",
1353 "serial_number": "12345", "device_type": "6-0050F204-1",
1354 "os_version": "01020300",
1355 "config_methods": "label push_button",
1356 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"})
1357 logger.info("Learn AP configuration")
1358 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
1359 dev[0].dump_monitor()
1360 dev[0].wps_reg(apdev[0]['bssid'], ap_pin)
1361 status = dev[0].get_status()
1362 if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
1363 raise Exception("Not fully connected")
1364
1365 logger.info("Start ER")
1366 dev[0].request("WPS_ER_START ifname=lo")
1367 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
1368 if ev is None:
1369 raise Exception("AP discovery timed out")
1370 if ap_uuid not in ev:
1371 raise Exception("Expected AP UUID not found")
1372
1373 enrollee = dev[1].p2p_interface_addr()
1374
1375 if "FAIL-UNKNOWN-UUID" not in dev[0].request("WPS_ER_PBC " + enrollee):
1376 raise Exception("Unknown UUID not reported")
1377
1378 logger.info("Add Enrollee using ER and PBC")
1379 dev[0].dump_monitor()
1380 dev[1].dump_monitor()
1381 dev[1].request("WPS_PBC")
1382
1383 for i in range(0, 2):
1384 ev = dev[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout=15)
1385 if ev is None:
1386 raise Exception("Enrollee discovery timed out")
1387 if enrollee in ev:
1388 break
1389 if i == 1:
1390 raise Exception("Expected Enrollee not found")
1391 if "FAIL-NO-AP-SETTINGS" not in dev[0].request("WPS_ER_PBC " + enrollee):
1392 raise Exception("Unknown UUID not reported")
1393 logger.info("Use learned network configuration on ER")
1394 dev[0].request("WPS_ER_SET_CONFIG " + ap_uuid + " 0")
1395 if "OK" not in dev[0].request("WPS_ER_PBC " + enrollee):
1396 raise Exception("WPS_ER_PBC failed")
1397
1398 ev = dev[1].wait_event(["WPS-SUCCESS"], timeout=15)
1399 if ev is None:
1400 raise Exception("Enrollee did not report success")
1401 dev[1].wait_connected(timeout=15)
1402 ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15)
1403 if ev is None:
1404 raise Exception("WPS ER did not report success")
1405 hwsim_utils.test_connectivity_sta(dev[0], dev[1])
1406
1407 def test_ap_wps_er_pbc_overlap(dev, apdev):
1408 """WPS ER connected to AP and PBC session overlap"""
1409 try:
1410 _test_ap_wps_er_pbc_overlap(dev, apdev)
1411 finally:
1412 dev[0].request("WPS_ER_STOP")
1413
1414 def _test_ap_wps_er_pbc_overlap(dev, apdev):
1415 ssid = "wps-er-add-enrollee-pbc"
1416 ap_pin = "12345670"
1417 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
1418 hostapd.add_ap(apdev[0],
1419 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
1420 "wpa_passphrase": "12345678", "wpa": "2",
1421 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
1422 "device_name": "Wireless AP", "manufacturer": "Company",
1423 "model_name": "WAP", "model_number": "123",
1424 "serial_number": "12345", "device_type": "6-0050F204-1",
1425 "os_version": "01020300",
1426 "config_methods": "label push_button",
1427 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"})
1428 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
1429 dev[0].dump_monitor()
1430 dev[0].wps_reg(apdev[0]['bssid'], ap_pin)
1431
1432 dev[1].scan_for_bss(apdev[0]['bssid'], freq="2412")
1433 dev[2].scan_for_bss(apdev[0]['bssid'], freq="2412")
1434 # avoid leaving dev 1 or 2 as the last Probe Request to the AP
1435 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412, force_scan=True)
1436
1437 dev[0].dump_monitor()
1438 dev[0].request("WPS_ER_START ifname=lo")
1439
1440 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
1441 if ev is None:
1442 raise Exception("AP discovery timed out")
1443 if ap_uuid not in ev:
1444 raise Exception("Expected AP UUID not found")
1445
1446 # verify BSSID selection of the AP instead of UUID
1447 if "FAIL" in dev[0].request("WPS_ER_SET_CONFIG " + apdev[0]['bssid'] + " 0"):
1448 raise Exception("Could not select AP based on BSSID")
1449
1450 dev[0].dump_monitor()
1451 dev[1].request("WPS_PBC " + apdev[0]['bssid'])
1452 dev[2].request("WPS_PBC " + apdev[0]['bssid'])
1453 ev = dev[1].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=10)
1454 if ev is None:
1455 raise Exception("PBC scan failed")
1456 ev = dev[2].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=10)
1457 if ev is None:
1458 raise Exception("PBC scan failed")
1459 found1 = False
1460 found2 = False
1461 addr1 = dev[1].own_addr()
1462 addr2 = dev[2].own_addr()
1463 for i in range(3):
1464 ev = dev[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout=15)
1465 if ev is None:
1466 raise Exception("Enrollee discovery timed out")
1467 if addr1 in ev:
1468 found1 = True
1469 if found2:
1470 break
1471 if addr2 in ev:
1472 found2 = True
1473 if found1:
1474 break
1475 if dev[0].request("WPS_ER_PBC " + ap_uuid) != "FAIL-PBC-OVERLAP\n":
1476 raise Exception("PBC overlap not reported")
1477 dev[1].request("WPS_CANCEL")
1478 dev[2].request("WPS_CANCEL")
1479 if dev[0].request("WPS_ER_PBC foo") != "FAIL\n":
1480 raise Exception("Invalid WPS_ER_PBC accepted")
1481
1482 def test_ap_wps_er_v10_add_enrollee_pin(dev, apdev):
1483 """WPS v1.0 ER connected to AP and adding a new enrollee using PIN"""
1484 try:
1485 _test_ap_wps_er_v10_add_enrollee_pin(dev, apdev)
1486 finally:
1487 dev[0].request("WPS_ER_STOP")
1488
1489 def _test_ap_wps_er_v10_add_enrollee_pin(dev, apdev):
1490 ssid = "wps-er-add-enrollee-pbc"
1491 ap_pin = "12345670"
1492 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
1493 hostapd.add_ap(apdev[0],
1494 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
1495 "wpa_passphrase": "12345678", "wpa": "2",
1496 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
1497 "device_name": "Wireless AP", "manufacturer": "Company",
1498 "model_name": "WAP", "model_number": "123",
1499 "serial_number": "12345", "device_type": "6-0050F204-1",
1500 "os_version": "01020300",
1501 "config_methods": "label push_button",
1502 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"})
1503 logger.info("Learn AP configuration")
1504 dev[0].request("SET wps_version_number 0x10")
1505 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
1506 dev[0].dump_monitor()
1507 dev[0].wps_reg(apdev[0]['bssid'], ap_pin)
1508 status = dev[0].get_status()
1509 if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
1510 raise Exception("Not fully connected")
1511
1512 logger.info("Start ER")
1513 dev[0].request("WPS_ER_START ifname=lo")
1514 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
1515 if ev is None:
1516 raise Exception("AP discovery timed out")
1517 if ap_uuid not in ev:
1518 raise Exception("Expected AP UUID not found")
1519
1520 logger.info("Use learned network configuration on ER")
1521 dev[0].request("WPS_ER_SET_CONFIG " + ap_uuid + " 0")
1522
1523 logger.info("Add Enrollee using ER and PIN")
1524 enrollee = dev[1].p2p_interface_addr()
1525 pin = dev[1].wps_read_pin()
1526 dev[0].dump_monitor()
1527 dev[0].request("WPS_ER_PIN any " + pin + " " + enrollee)
1528 dev[1].scan_for_bss(apdev[0]['bssid'], freq=2412)
1529 dev[1].dump_monitor()
1530 dev[1].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
1531 dev[1].wait_connected(timeout=30)
1532 ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15)
1533 if ev is None:
1534 raise Exception("WPS ER did not report success")
1535
1536 @remote_compatible
1537 def test_ap_wps_er_config_ap(dev, apdev):
1538 """WPS ER configuring AP over UPnP"""
1539 try:
1540 _test_ap_wps_er_config_ap(dev, apdev)
1541 finally:
1542 dev[0].request("WPS_ER_STOP")
1543
1544 def _test_ap_wps_er_config_ap(dev, apdev):
1545 ssid = "wps-er-ap-config"
1546 ap_pin = "12345670"
1547 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
1548 hostapd.add_ap(apdev[0],
1549 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
1550 "wpa_passphrase": "12345678", "wpa": "2",
1551 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
1552 "device_name": "Wireless AP", "manufacturer": "Company",
1553 "model_name": "WAP", "model_number": "123",
1554 "serial_number": "12345", "device_type": "6-0050F204-1",
1555 "os_version": "01020300",
1556 "config_methods": "label push_button",
1557 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"})
1558
1559 logger.info("Connect ER to the AP")
1560 dev[0].connect(ssid, psk="12345678", scan_freq="2412")
1561
1562 logger.info("WPS configuration step")
1563 dev[0].request("WPS_ER_START ifname=lo")
1564 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
1565 if ev is None:
1566 raise Exception("AP discovery timed out")
1567 if ap_uuid not in ev:
1568 raise Exception("Expected AP UUID not found")
1569 new_passphrase = "1234567890"
1570 dev[0].request("WPS_ER_CONFIG " + apdev[0]['bssid'] + " " + ap_pin + " " +
1571 binascii.hexlify(ssid.encode()).decode() + " WPA2PSK CCMP " +
1572 binascii.hexlify(new_passphrase.encode()).decode())
1573 ev = dev[0].wait_event(["WPS-SUCCESS"])
1574 if ev is None:
1575 raise Exception("WPS ER configuration operation timed out")
1576 dev[0].wait_disconnected(timeout=10)
1577 dev[0].connect(ssid, psk="1234567890", scan_freq="2412")
1578
1579 logger.info("WPS ER restart")
1580 dev[0].request("WPS_ER_START")
1581 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
1582 if ev is None:
1583 raise Exception("AP discovery timed out on ER restart")
1584 if ap_uuid not in ev:
1585 raise Exception("Expected AP UUID not found on ER restart")
1586 if "OK" not in dev[0].request("WPS_ER_STOP"):
1587 raise Exception("WPS_ER_STOP failed")
1588 if "OK" not in dev[0].request("WPS_ER_STOP"):
1589 raise Exception("WPS_ER_STOP failed")
1590
1591 @remote_compatible
1592 def test_ap_wps_er_cache_ap_settings(dev, apdev):
1593 """WPS ER caching AP settings"""
1594 try:
1595 _test_ap_wps_er_cache_ap_settings(dev, apdev)
1596 finally:
1597 dev[0].request("WPS_ER_STOP")
1598
1599 def _test_ap_wps_er_cache_ap_settings(dev, apdev):
1600 ssid = "wps-er-add-enrollee"
1601 ap_pin = "12345670"
1602 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
1603 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
1604 "wpa_passphrase": "12345678", "wpa": "2",
1605 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
1606 "device_name": "Wireless AP", "manufacturer": "Company",
1607 "model_name": "WAP", "model_number": "123",
1608 "serial_number": "12345", "device_type": "6-0050F204-1",
1609 "os_version": "01020300",
1610 "config_methods": "label push_button",
1611 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"}
1612 hapd = hostapd.add_ap(apdev[0], params)
1613 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
1614 dev[0].wps_reg(apdev[0]['bssid'], ap_pin)
1615 id = int(dev[0].list_networks()[0]['id'])
1616 dev[0].set_network(id, "scan_freq", "2412")
1617
1618 dev[0].request("WPS_ER_START ifname=lo")
1619 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
1620 if ev is None:
1621 raise Exception("AP discovery timed out")
1622 if ap_uuid not in ev:
1623 raise Exception("Expected AP UUID not found")
1624
1625 dev[0].dump_monitor()
1626 dev[0].request("WPS_ER_LEARN " + ap_uuid + " " + ap_pin)
1627 ev = dev[0].wait_event(["WPS-ER-AP-SETTINGS"], timeout=15)
1628 if ev is None:
1629 raise Exception("AP learn timed out")
1630 ev = dev[0].wait_event(["WPS-FAIL"], timeout=15)
1631 if ev is None:
1632 raise Exception("WPS-FAIL after AP learn timed out")
1633 time.sleep(0.1)
1634
1635 hapd.disable()
1636
1637 for i in range(2):
1638 ev = dev[0].wait_event(["WPS-ER-AP-REMOVE", "CTRL-EVENT-DISCONNECTED"],
1639 timeout=15)
1640 if ev is None:
1641 raise Exception("AP removal or disconnection timed out")
1642
1643 hapd = hostapd.add_ap(apdev[0], params)
1644 for i in range(2):
1645 ev = dev[0].wait_event(["WPS-ER-AP-ADD", "CTRL-EVENT-CONNECTED"],
1646 timeout=15)
1647 if ev is None:
1648 raise Exception("AP discovery or connection timed out")
1649
1650 pin = dev[1].wps_read_pin()
1651 dev[0].dump_monitor()
1652 dev[0].request("WPS_ER_PIN any " + pin + " " + dev[1].p2p_interface_addr())
1653
1654 time.sleep(0.2)
1655
1656 dev[1].scan_for_bss(apdev[0]['bssid'], freq=2412)
1657 dev[1].dump_monitor()
1658 dev[1].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
1659 ev = dev[1].wait_event(["WPS-SUCCESS"], timeout=30)
1660 if ev is None:
1661 raise Exception("Enrollee did not report success")
1662 dev[1].wait_connected(timeout=15)
1663 ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15)
1664 if ev is None:
1665 raise Exception("WPS ER did not report success")
1666
1667 dev[0].dump_monitor()
1668 dev[0].request("WPS_ER_STOP")
1669
1670 def test_ap_wps_er_cache_ap_settings_oom(dev, apdev):
1671 """WPS ER caching AP settings (OOM)"""
1672 try:
1673 _test_ap_wps_er_cache_ap_settings_oom(dev, apdev)
1674 finally:
1675 dev[0].request("WPS_ER_STOP")
1676
1677 def _test_ap_wps_er_cache_ap_settings_oom(dev, apdev):
1678 ssid = "wps-er-add-enrollee"
1679 ap_pin = "12345670"
1680 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
1681 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
1682 "wpa_passphrase": "12345678", "wpa": "2",
1683 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
1684 "device_name": "Wireless AP", "manufacturer": "Company",
1685 "model_name": "WAP", "model_number": "123",
1686 "serial_number": "12345", "device_type": "6-0050F204-1",
1687 "os_version": "01020300",
1688 "config_methods": "label push_button",
1689 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"}
1690 hapd = hostapd.add_ap(apdev[0], params)
1691 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
1692 dev[0].wps_reg(apdev[0]['bssid'], ap_pin)
1693 id = int(dev[0].list_networks()[0]['id'])
1694 dev[0].set_network(id, "scan_freq", "2412")
1695
1696 dev[0].request("WPS_ER_START ifname=lo")
1697 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
1698 if ev is None:
1699 raise Exception("AP discovery timed out")
1700 if ap_uuid not in ev:
1701 raise Exception("Expected AP UUID not found")
1702
1703 dev[0].dump_monitor()
1704 dev[0].request("WPS_ER_LEARN " + ap_uuid + " " + ap_pin)
1705 ev = dev[0].wait_event(["WPS-ER-AP-SETTINGS"], timeout=15)
1706 if ev is None:
1707 raise Exception("AP learn timed out")
1708 ev = dev[0].wait_event(["WPS-FAIL"], timeout=15)
1709 if ev is None:
1710 raise Exception("WPS-FAIL after AP learn timed out")
1711 time.sleep(0.1)
1712
1713 with alloc_fail(dev[0], 1, "=wps_er_ap_use_cached_settings"):
1714 hapd.disable()
1715
1716 for i in range(2):
1717 ev = dev[0].wait_event(["WPS-ER-AP-REMOVE",
1718 "CTRL-EVENT-DISCONNECTED"],
1719 timeout=15)
1720 if ev is None:
1721 raise Exception("AP removal or disconnection timed out")
1722
1723 hapd = hostapd.add_ap(apdev[0], params)
1724 for i in range(2):
1725 ev = dev[0].wait_event(["WPS-ER-AP-ADD", "CTRL-EVENT-CONNECTED"],
1726 timeout=15)
1727 if ev is None:
1728 raise Exception("AP discovery or connection timed out")
1729
1730 dev[0].request("WPS_ER_STOP")
1731
1732 def test_ap_wps_er_cache_ap_settings_oom2(dev, apdev):
1733 """WPS ER caching AP settings (OOM 2)"""
1734 try:
1735 _test_ap_wps_er_cache_ap_settings_oom2(dev, apdev)
1736 finally:
1737 dev[0].request("WPS_ER_STOP")
1738
1739 def _test_ap_wps_er_cache_ap_settings_oom2(dev, apdev):
1740 ssid = "wps-er-add-enrollee"
1741 ap_pin = "12345670"
1742 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
1743 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
1744 "wpa_passphrase": "12345678", "wpa": "2",
1745 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
1746 "device_name": "Wireless AP", "manufacturer": "Company",
1747 "model_name": "WAP", "model_number": "123",
1748 "serial_number": "12345", "device_type": "6-0050F204-1",
1749 "os_version": "01020300",
1750 "config_methods": "label push_button",
1751 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"}
1752 hapd = hostapd.add_ap(apdev[0], params)
1753 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
1754 dev[0].wps_reg(apdev[0]['bssid'], ap_pin)
1755 id = int(dev[0].list_networks()[0]['id'])
1756 dev[0].set_network(id, "scan_freq", "2412")
1757
1758 dev[0].request("WPS_ER_START ifname=lo")
1759 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
1760 if ev is None:
1761 raise Exception("AP discovery timed out")
1762 if ap_uuid not in ev:
1763 raise Exception("Expected AP UUID not found")
1764
1765 dev[0].dump_monitor()
1766 dev[0].request("WPS_ER_LEARN " + ap_uuid + " " + ap_pin)
1767 ev = dev[0].wait_event(["WPS-ER-AP-SETTINGS"], timeout=15)
1768 if ev is None:
1769 raise Exception("AP learn timed out")
1770 ev = dev[0].wait_event(["WPS-FAIL"], timeout=15)
1771 if ev is None:
1772 raise Exception("WPS-FAIL after AP learn timed out")
1773 time.sleep(0.1)
1774
1775 with alloc_fail(dev[0], 1, "=wps_er_ap_cache_settings"):
1776 hapd.disable()
1777
1778 for i in range(2):
1779 ev = dev[0].wait_event(["WPS-ER-AP-REMOVE",
1780 "CTRL-EVENT-DISCONNECTED"],
1781 timeout=15)
1782 if ev is None:
1783 raise Exception("AP removal or disconnection timed out")
1784
1785 hapd = hostapd.add_ap(apdev[0], params)
1786 for i in range(2):
1787 ev = dev[0].wait_event(["WPS-ER-AP-ADD", "CTRL-EVENT-CONNECTED"],
1788 timeout=15)
1789 if ev is None:
1790 raise Exception("AP discovery or connection timed out")
1791
1792 dev[0].request("WPS_ER_STOP")
1793
1794 def test_ap_wps_er_subscribe_oom(dev, apdev):
1795 """WPS ER subscribe OOM"""
1796 try:
1797 _test_ap_wps_er_subscribe_oom(dev, apdev)
1798 finally:
1799 dev[0].request("WPS_ER_STOP")
1800
1801 def _test_ap_wps_er_subscribe_oom(dev, apdev):
1802 ssid = "wps-er-add-enrollee"
1803 ap_pin = "12345670"
1804 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
1805 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
1806 "wpa_passphrase": "12345678", "wpa": "2",
1807 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
1808 "device_name": "Wireless AP", "manufacturer": "Company",
1809 "model_name": "WAP", "model_number": "123",
1810 "serial_number": "12345", "device_type": "6-0050F204-1",
1811 "os_version": "01020300",
1812 "config_methods": "label push_button",
1813 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"}
1814 hapd = hostapd.add_ap(apdev[0], params)
1815 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
1816 dev[0].wps_reg(apdev[0]['bssid'], ap_pin)
1817 id = int(dev[0].list_networks()[0]['id'])
1818 dev[0].set_network(id, "scan_freq", "2412")
1819
1820 with alloc_fail(dev[0], 1, "http_client_addr;wps_er_subscribe"):
1821 dev[0].request("WPS_ER_START ifname=lo")
1822 for i in range(50):
1823 res = dev[0].request("GET_ALLOC_FAIL")
1824 if res.startswith("0:"):
1825 break
1826 time.sleep(0.1)
1827 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=0)
1828 if ev:
1829 raise Exception("Unexpected AP discovery during OOM")
1830
1831 dev[0].request("WPS_ER_STOP")
1832
1833 def test_ap_wps_er_set_sel_reg_oom(dev, apdev):
1834 """WPS ER SetSelectedRegistrar OOM"""
1835 try:
1836 _test_ap_wps_er_set_sel_reg_oom(dev, apdev)
1837 finally:
1838 dev[0].request("WPS_ER_STOP")
1839
1840 def _test_ap_wps_er_set_sel_reg_oom(dev, apdev):
1841 ssid = "wps-er-add-enrollee"
1842 ap_pin = "12345670"
1843 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
1844 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
1845 "wpa_passphrase": "12345678", "wpa": "2",
1846 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
1847 "device_name": "Wireless AP", "manufacturer": "Company",
1848 "model_name": "WAP", "model_number": "123",
1849 "serial_number": "12345", "device_type": "6-0050F204-1",
1850 "os_version": "01020300",
1851 "config_methods": "label push_button",
1852 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"}
1853 hapd = hostapd.add_ap(apdev[0], params)
1854 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
1855 dev[0].wps_reg(apdev[0]['bssid'], ap_pin)
1856
1857 dev[0].request("WPS_ER_START ifname=lo")
1858 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=10)
1859 if ev is None:
1860 raise Exception("AP not discovered")
1861
1862 dev[0].request("WPS_ER_LEARN " + ap_uuid + " " + ap_pin)
1863 ev = dev[0].wait_event(["WPS-ER-AP-SETTINGS"], timeout=15)
1864 if ev is None:
1865 raise Exception("AP learn timed out")
1866 ev = dev[0].wait_event(["WPS-FAIL"], timeout=15)
1867 if ev is None:
1868 raise Exception("WPS-FAIL timed out")
1869 time.sleep(0.1)
1870
1871 for func in ["http_client_url_parse;wps_er_send_set_sel_reg",
1872 "wps_er_soap_hdr;wps_er_send_set_sel_reg",
1873 "http_client_addr;wps_er_send_set_sel_reg",
1874 "wpabuf_alloc;wps_er_set_sel_reg"]:
1875 with alloc_fail(dev[0], 1, func):
1876 if "OK" not in dev[0].request("WPS_ER_PBC " + ap_uuid):
1877 raise Exception("WPS_ER_PBC failed")
1878 ev = dev[0].wait_event(["WPS-PBC-ACTIVE"], timeout=3)
1879 if ev is None:
1880 raise Exception("WPS-PBC-ACTIVE not seen")
1881
1882 dev[0].request("WPS_ER_STOP")
1883
1884 @remote_compatible
1885 def test_ap_wps_er_learn_oom(dev, apdev):
1886 """WPS ER learn OOM"""
1887 try:
1888 _test_ap_wps_er_learn_oom(dev, apdev)
1889 finally:
1890 dev[0].request("WPS_ER_STOP")
1891
1892 def _test_ap_wps_er_learn_oom(dev, apdev):
1893 ssid = "wps-er-add-enrollee"
1894 ap_pin = "12345670"
1895 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
1896 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
1897 "wpa_passphrase": "12345678", "wpa": "2",
1898 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
1899 "device_name": "Wireless AP", "manufacturer": "Company",
1900 "model_name": "WAP", "model_number": "123",
1901 "serial_number": "12345", "device_type": "6-0050F204-1",
1902 "os_version": "01020300",
1903 "config_methods": "label push_button",
1904 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"}
1905 hapd = hostapd.add_ap(apdev[0], params)
1906 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
1907 dev[0].wps_reg(apdev[0]['bssid'], ap_pin)
1908
1909 dev[0].request("WPS_ER_START ifname=lo")
1910 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=10)
1911 if ev is None:
1912 raise Exception("AP not discovered")
1913
1914 for func in ["wps_er_http_put_message_cb",
1915 "xml_get_base64_item;wps_er_http_put_message_cb",
1916 "http_client_url_parse;wps_er_ap_put_message",
1917 "wps_er_soap_hdr;wps_er_ap_put_message",
1918 "http_client_addr;wps_er_ap_put_message"]:
1919 with alloc_fail(dev[0], 1, func):
1920 dev[0].request("WPS_ER_LEARN " + ap_uuid + " " + ap_pin)
1921 ev = dev[0].wait_event(["WPS-ER-AP-SETTINGS"], timeout=1)
1922 if ev is not None:
1923 raise Exception("AP learn succeeded during OOM")
1924
1925 dev[0].request("WPS_ER_LEARN " + ap_uuid + " " + ap_pin)
1926 ev = dev[0].wait_event(["WPS-ER-AP-SETTINGS"], timeout=10)
1927 if ev is None:
1928 raise Exception("AP learn did not succeed")
1929
1930 if "FAIL" not in dev[0].request("WPS_ER_LEARN 00000000-9e5c-4e73-bd82-f89cbcd10d7e " + ap_pin):
1931 raise Exception("WPS_ER_LEARN for unknown AP accepted")
1932
1933 dev[0].request("WPS_ER_STOP")
1934
1935 def test_ap_wps_fragmentation(dev, apdev):
1936 """WPS with fragmentation in EAP-WSC and mixed mode WPA+WPA2"""
1937 ssid = "test-wps-fragmentation"
1938 appin = "12345670"
1939 hapd = hostapd.add_ap(apdev[0],
1940 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
1941 "wpa_passphrase": "12345678", "wpa": "3",
1942 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
1943 "wpa_pairwise": "TKIP", "ap_pin": appin,
1944 "fragment_size": "50"})
1945 logger.info("WPS provisioning step (PBC)")
1946 hapd.request("WPS_PBC")
1947 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
1948 dev[0].dump_monitor()
1949 dev[0].request("SET wps_fragment_size 50")
1950 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
1951 dev[0].wait_connected(timeout=30)
1952 status = dev[0].get_status()
1953 if status['wpa_state'] != 'COMPLETED':
1954 raise Exception("Not fully connected")
1955 if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'TKIP':
1956 raise Exception("Unexpected encryption configuration")
1957 if status['key_mgmt'] != 'WPA2-PSK':
1958 raise Exception("Unexpected key_mgmt")
1959
1960 logger.info("WPS provisioning step (PIN)")
1961 pin = dev[1].wps_read_pin()
1962 hapd.request("WPS_PIN any " + pin)
1963 dev[1].scan_for_bss(apdev[0]['bssid'], freq=2412)
1964 dev[1].request("SET wps_fragment_size 50")
1965 dev[1].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
1966 dev[1].wait_connected(timeout=30)
1967 status = dev[1].get_status()
1968 if status['wpa_state'] != 'COMPLETED':
1969 raise Exception("Not fully connected")
1970 if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'TKIP':
1971 raise Exception("Unexpected encryption configuration")
1972 if status['key_mgmt'] != 'WPA2-PSK':
1973 raise Exception("Unexpected key_mgmt")
1974
1975 logger.info("WPS connection as registrar")
1976 dev[2].scan_for_bss(apdev[0]['bssid'], freq=2412)
1977 dev[2].request("SET wps_fragment_size 50")
1978 dev[2].wps_reg(apdev[0]['bssid'], appin)
1979 status = dev[2].get_status()
1980 if status['wpa_state'] != 'COMPLETED':
1981 raise Exception("Not fully connected")
1982 if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'TKIP':
1983 raise Exception("Unexpected encryption configuration")
1984 if status['key_mgmt'] != 'WPA2-PSK':
1985 raise Exception("Unexpected key_mgmt")
1986
1987 @remote_compatible
1988 def test_ap_wps_new_version_sta(dev, apdev):
1989 """WPS compatibility with new version number on the station"""
1990 ssid = "test-wps-ver"
1991 hapd = hostapd.add_ap(apdev[0],
1992 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
1993 "wpa_passphrase": "12345678", "wpa": "2",
1994 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
1995 logger.info("WPS provisioning step")
1996 hapd.request("WPS_PBC")
1997 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
1998 dev[0].dump_monitor()
1999 dev[0].request("SET wps_version_number 0x43")
2000 dev[0].request("SET wps_vendor_ext_m1 000137100100020001")
2001 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
2002 dev[0].wait_connected(timeout=30)
2003
2004 @remote_compatible
2005 def test_ap_wps_new_version_ap(dev, apdev):
2006 """WPS compatibility with new version number on the AP"""
2007 ssid = "test-wps-ver"
2008 hapd = hostapd.add_ap(apdev[0],
2009 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
2010 "wpa_passphrase": "12345678", "wpa": "2",
2011 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
2012 logger.info("WPS provisioning step")
2013 if "FAIL" in hapd.request("SET wps_version_number 0x43"):
2014 raise Exception("Failed to enable test functionality")
2015 hapd.request("WPS_PBC")
2016 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
2017 dev[0].dump_monitor()
2018 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
2019 dev[0].wait_connected(timeout=30)
2020 hapd.request("SET wps_version_number 0x20")
2021
2022 @remote_compatible
2023 def test_ap_wps_check_pin(dev, apdev):
2024 """Verify PIN checking through control interface"""
2025 hapd = hostapd.add_ap(apdev[0],
2026 {"ssid": "wps", "eap_server": "1", "wps_state": "2",
2027 "wpa_passphrase": "12345678", "wpa": "2",
2028 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
2029 for t in [("12345670", "12345670"),
2030 ("12345678", "FAIL-CHECKSUM"),
2031 ("12345", "FAIL"),
2032 ("123456789", "FAIL"),
2033 ("1234-5670", "12345670"),
2034 ("1234 5670", "12345670"),
2035 ("1-2.3:4 5670", "12345670")]:
2036 res = hapd.request("WPS_CHECK_PIN " + t[0]).rstrip('\n')
2037 res2 = dev[0].request("WPS_CHECK_PIN " + t[0]).rstrip('\n')
2038 if res != res2:
2039 raise Exception("Unexpected difference in WPS_CHECK_PIN responses")
2040 if res != t[1]:
2041 raise Exception("Incorrect WPS_CHECK_PIN response {} (expected {})".format(res, t[1]))
2042
2043 if "FAIL" not in hapd.request("WPS_CHECK_PIN 12345"):
2044 raise Exception("Unexpected WPS_CHECK_PIN success")
2045 if "FAIL" not in hapd.request("WPS_CHECK_PIN 123456789"):
2046 raise Exception("Unexpected WPS_CHECK_PIN success")
2047
2048 for i in range(0, 10):
2049 pin = dev[0].request("WPS_PIN get")
2050 rpin = dev[0].request("WPS_CHECK_PIN " + pin).rstrip('\n')
2051 if pin != rpin:
2052 raise Exception("Random PIN validation failed for " + pin)
2053
2054 def test_ap_wps_pin_get_failure(dev, apdev):
2055 """PIN generation failure"""
2056 with fail_test(dev[0], 1,
2057 "os_get_random;wpa_supplicant_ctrl_iface_wps_pin"):
2058 if "FAIL" not in dev[0].request("WPS_PIN get"):
2059 raise Exception("WPS_PIN did not report failure")
2060
2061 def test_ap_wps_wep_config(dev, apdev):
2062 """WPS 2.0 AP rejecting WEP configuration"""
2063 ssid = "test-wps-config"
2064 appin = "12345670"
2065 hapd = hostapd.add_ap(apdev[0],
2066 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
2067 "ap_pin": appin})
2068 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
2069 dev[0].wps_reg(apdev[0]['bssid'], appin, "wps-new-ssid-wep", "OPEN", "WEP",
2070 "hello", no_wait=True)
2071 ev = hapd.wait_event(["WPS-FAIL"], timeout=15)
2072 if ev is None:
2073 raise Exception("WPS-FAIL timed out")
2074 if "reason=2" not in ev:
2075 raise Exception("Unexpected reason code in WPS-FAIL")
2076 status = hapd.request("WPS_GET_STATUS")
2077 if "Last WPS result: Failed" not in status:
2078 raise Exception("WPS failure result not shown correctly")
2079 if "Failure Reason: WEP Prohibited" not in status:
2080 raise Exception("Failure reason not reported correctly")
2081 if "Peer Address: " + dev[0].p2p_interface_addr() not in status:
2082 raise Exception("Peer address not shown correctly")
2083
2084 def test_ap_wps_wep_enroll(dev, apdev):
2085 """WPS 2.0 STA rejecting WEP configuration"""
2086 ssid = "test-wps-wep"
2087 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
2088 "skip_cred_build": "1", "extra_cred": "wps-wep-cred"}
2089 hapd = hostapd.add_ap(apdev[0], params)
2090 hapd.request("WPS_PBC")
2091 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
2092 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
2093 ev = dev[0].wait_event(["WPS-FAIL"], timeout=15)
2094 if ev is None:
2095 raise Exception("WPS-FAIL event timed out")
2096 if "msg=12" not in ev or "reason=2 (WEP Prohibited)" not in ev:
2097 raise Exception("Unexpected WPS-FAIL event: " + ev)
2098
2099 @remote_compatible
2100 def test_ap_wps_ie_fragmentation(dev, apdev):
2101 """WPS AP using fragmented WPS IE"""
2102 ssid = "test-wps-ie-fragmentation"
2103 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
2104 "wpa_passphrase": "12345678", "wpa": "2",
2105 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
2106 "device_name": "1234567890abcdef1234567890abcdef",
2107 "manufacturer": "1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef",
2108 "model_name": "1234567890abcdef1234567890abcdef",
2109 "model_number": "1234567890abcdef1234567890abcdef",
2110 "serial_number": "1234567890abcdef1234567890abcdef"}
2111 hapd = hostapd.add_ap(apdev[0], params)
2112 hapd.request("WPS_PBC")
2113 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
2114 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
2115 dev[0].wait_connected(timeout=30)
2116 bss = dev[0].get_bss(apdev[0]['bssid'])
2117 if "wps_device_name" not in bss or bss['wps_device_name'] != "1234567890abcdef1234567890abcdef":
2118 logger.info("Device Name not received correctly")
2119 logger.info(bss)
2120 # This can fail if Probe Response frame is missed and Beacon frame was
2121 # used to fill in the BSS entry. This can happen, e.g., during heavy
2122 # load every now and then and is not really an error, so try to
2123 # workaround by runnign another scan.
2124 dev[0].scan(freq="2412", only_new=True)
2125 bss = dev[0].get_bss(apdev[0]['bssid'])
2126 if not bss or "wps_device_name" not in bss or bss['wps_device_name'] != "1234567890abcdef1234567890abcdef":
2127 logger.info(bss)
2128 raise Exception("Device Name not received correctly")
2129 if len(re.findall("dd..0050f204", bss['ie'])) != 2:
2130 raise Exception("Unexpected number of WPS IEs")
2131
2132 def get_psk(pskfile):
2133 psks = {}
2134 with open(pskfile, "r") as f:
2135 lines = f.read().splitlines()
2136 for l in lines:
2137 if l == "# WPA PSKs":
2138 continue
2139 (addr, psk) = l.split(' ')
2140 psks[addr] = psk
2141 return psks
2142
2143 def test_ap_wps_per_station_psk(dev, apdev):
2144 """WPS PBC provisioning with per-station PSK"""
2145 addr0 = dev[0].own_addr()
2146 addr1 = dev[1].own_addr()
2147 addr2 = dev[2].own_addr()
2148 ssid = "wps"
2149 appin = "12345670"
2150 pskfile = "/tmp/ap_wps_per_enrollee_psk.psk_file"
2151 try:
2152 os.remove(pskfile)
2153 except:
2154 pass
2155
2156 hapd = None
2157 try:
2158 with open(pskfile, "w") as f:
2159 f.write("# WPA PSKs\n")
2160
2161 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
2162 "wpa": "2", "wpa_key_mgmt": "WPA-PSK",
2163 "rsn_pairwise": "CCMP", "ap_pin": appin,
2164 "wpa_psk_file": pskfile}
2165 hapd = hostapd.add_ap(apdev[0], params)
2166
2167 logger.info("First enrollee")
2168 hapd.request("WPS_PBC")
2169 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
2170 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
2171 dev[0].wait_connected(timeout=30)
2172
2173 logger.info("Second enrollee")
2174 hapd.request("WPS_PBC")
2175 dev[1].scan_for_bss(apdev[0]['bssid'], freq=2412)
2176 dev[1].request("WPS_PBC " + apdev[0]['bssid'])
2177 dev[1].wait_connected(timeout=30)
2178
2179 logger.info("External registrar")
2180 dev[2].scan_for_bss(apdev[0]['bssid'], freq=2412)
2181 dev[2].wps_reg(apdev[0]['bssid'], appin)
2182
2183 logger.info("Verifying PSK results")
2184 psks = get_psk(pskfile)
2185 if addr0 not in psks:
2186 raise Exception("No PSK recorded for sta0")
2187 if addr1 not in psks:
2188 raise Exception("No PSK recorded for sta1")
2189 if addr2 not in psks:
2190 raise Exception("No PSK recorded for sta2")
2191 if psks[addr0] == psks[addr1]:
2192 raise Exception("Same PSK recorded for sta0 and sta1")
2193 if psks[addr0] == psks[addr2]:
2194 raise Exception("Same PSK recorded for sta0 and sta2")
2195 if psks[addr1] == psks[addr2]:
2196 raise Exception("Same PSK recorded for sta1 and sta2")
2197
2198 dev[0].request("REMOVE_NETWORK all")
2199 logger.info("Second external registrar")
2200 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
2201 dev[0].wps_reg(apdev[0]['bssid'], appin)
2202 psks2 = get_psk(pskfile)
2203 if addr0 not in psks2:
2204 raise Exception("No PSK recorded for sta0(reg)")
2205 if psks[addr0] == psks2[addr0]:
2206 raise Exception("Same PSK recorded for sta0(enrollee) and sta0(reg)")
2207 finally:
2208 os.remove(pskfile)
2209 if hapd:
2210 dev[0].request("DISCONNECT")
2211 dev[1].request("DISCONNECT")
2212 dev[2].request("DISCONNECT")
2213 hapd.disable()
2214 dev[0].flush_scan_cache()
2215 dev[1].flush_scan_cache()
2216 dev[2].flush_scan_cache()
2217
2218 def test_ap_wps_per_station_psk_failure(dev, apdev):
2219 """WPS PBC provisioning with per-station PSK (file not writable)"""
2220 addr0 = dev[0].p2p_dev_addr()
2221 addr1 = dev[1].p2p_dev_addr()
2222 addr2 = dev[2].p2p_dev_addr()
2223 ssid = "wps"
2224 appin = "12345670"
2225 pskfile = "/tmp/ap_wps_per_enrollee_psk.psk_file"
2226 try:
2227 os.remove(pskfile)
2228 except:
2229 pass
2230
2231 hapd = None
2232 try:
2233 with open(pskfile, "w") as f:
2234 f.write("# WPA PSKs\n")
2235
2236 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
2237 "wpa": "2", "wpa_key_mgmt": "WPA-PSK",
2238 "rsn_pairwise": "CCMP", "ap_pin": appin,
2239 "wpa_psk_file": pskfile}
2240 hapd = hostapd.add_ap(apdev[0], params)
2241 if "FAIL" in hapd.request("SET wpa_psk_file /tmp/does/not/exists/ap_wps_per_enrollee_psk_failure.psk_file"):
2242 raise Exception("Failed to set wpa_psk_file")
2243
2244 logger.info("First enrollee")
2245 hapd.request("WPS_PBC")
2246 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
2247 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
2248 dev[0].wait_connected(timeout=30)
2249
2250 logger.info("Second enrollee")
2251 hapd.request("WPS_PBC")
2252 dev[1].scan_for_bss(apdev[0]['bssid'], freq=2412)
2253 dev[1].request("WPS_PBC " + apdev[0]['bssid'])
2254 dev[1].wait_connected(timeout=30)
2255
2256 logger.info("External registrar")
2257 dev[2].scan_for_bss(apdev[0]['bssid'], freq=2412)
2258 dev[2].wps_reg(apdev[0]['bssid'], appin)
2259
2260 logger.info("Verifying PSK results")
2261 psks = get_psk(pskfile)
2262 if len(psks) > 0:
2263 raise Exception("PSK recorded unexpectedly")
2264 finally:
2265 if hapd:
2266 for i in range(3):
2267 dev[i].request("DISCONNECT")
2268 hapd.disable()
2269 for i in range(3):
2270 dev[i].flush_scan_cache()
2271 os.remove(pskfile)
2272
2273 def test_ap_wps_pin_request_file(dev, apdev):
2274 """WPS PIN provisioning with configured AP"""
2275 ssid = "wps"
2276 pinfile = "/tmp/ap_wps_pin_request_file.log"
2277 if os.path.exists(pinfile):
2278 os.remove(pinfile)
2279 hapd = hostapd.add_ap(apdev[0],
2280 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
2281 "wps_pin_requests": pinfile,
2282 "wpa_passphrase": "12345678", "wpa": "2",
2283 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
2284 uuid = dev[0].get_status_field("uuid")
2285 pin = dev[0].wps_read_pin()
2286 try:
2287 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
2288 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
2289 ev = hapd.wait_event(["WPS-PIN-NEEDED"], timeout=15)
2290 if ev is None:
2291 raise Exception("PIN needed event not shown")
2292 if uuid not in ev:
2293 raise Exception("UUID mismatch")
2294 dev[0].request("WPS_CANCEL")
2295 success = False
2296 with open(pinfile, "r") as f:
2297 lines = f.readlines()
2298 for l in lines:
2299 if uuid in l:
2300 success = True
2301 break
2302 if not success:
2303 raise Exception("PIN request entry not in the log file")
2304 finally:
2305 try:
2306 os.remove(pinfile)
2307 except:
2308 pass
2309
2310 def test_ap_wps_auto_setup_with_config_file(dev, apdev):
2311 """WPS auto-setup with configuration file"""
2312 conffile = "/tmp/ap_wps_auto_setup_with_config_file.conf"
2313 ifname = apdev[0]['ifname']
2314 try:
2315 with open(conffile, "w") as f:
2316 f.write("driver=nl80211\n")
2317 f.write("hw_mode=g\n")
2318 f.write("channel=1\n")
2319 f.write("ieee80211n=1\n")
2320 f.write("interface=%s\n" % ifname)
2321 f.write("ctrl_interface=/var/run/hostapd\n")
2322 f.write("ssid=wps\n")
2323 f.write("eap_server=1\n")
2324 f.write("wps_state=1\n")
2325 hapd = hostapd.add_bss(apdev[0], ifname, conffile)
2326 hapd.request("WPS_PBC")
2327 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
2328 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
2329 dev[0].wait_connected(timeout=30)
2330 with open(conffile, "r") as f:
2331 lines = f.read().splitlines()
2332 vals = dict()
2333 for l in lines:
2334 try:
2335 [name, value] = l.split('=', 1)
2336 vals[name] = value
2337 except ValueError as e:
2338 if "# WPS configuration" in l:
2339 pass
2340 else:
2341 raise Exception("Unexpected configuration line: " + l)
2342 if vals['ieee80211n'] != '1' or vals['wps_state'] != '2' or "WPA-PSK" not in vals['wpa_key_mgmt']:
2343 raise Exception("Incorrect configuration: " + str(vals))
2344 finally:
2345 try:
2346 os.remove(conffile)
2347 except:
2348 pass
2349
2350 def test_ap_wps_pbc_timeout(dev, apdev, params):
2351 """wpa_supplicant PBC walk time and WPS ER SelReg timeout [long]"""
2352 if not params['long']:
2353 raise HwsimSkip("Skip test case with long duration due to --long not specified")
2354 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
2355 hapd = add_ssdp_ap(apdev[0], ap_uuid)
2356
2357 location = ssdp_get_location(ap_uuid)
2358 urls = upnp_get_urls(location)
2359 eventurl = urlparse(urls['event_sub_url'])
2360 ctrlurl = urlparse(urls['control_url'])
2361
2362 url = urlparse(location)
2363 conn = HTTPConnection(url.netloc)
2364
2365 class WPSERHTTPServer(StreamRequestHandler):
2366 def handle(self):
2367 data = self.rfile.readline().strip()
2368 logger.debug(data)
2369 self.wfile.write(gen_wps_event())
2370
2371 server = MyTCPServer(("127.0.0.1", 12345), WPSERHTTPServer)
2372 server.timeout = 1
2373
2374 headers = {"callback": '<http://127.0.0.1:12345/event>',
2375 "NT": "upnp:event",
2376 "timeout": "Second-1234"}
2377 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
2378 resp = conn.getresponse()
2379 if resp.status != 200:
2380 raise Exception("Unexpected HTTP response: %d" % resp.status)
2381 sid = resp.getheader("sid")
2382 logger.debug("Subscription SID " + sid)
2383
2384 msg = '''<?xml version="1.0"?>
2385 <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
2386 <s:Body>
2387 <u:SetSelectedRegistrar xmlns:u="urn:schemas-wifialliance-org:service:WFAWLANConfig:1">
2388 <NewMessage>EEoAARAQQQABARASAAIAABBTAAIxSBBJAA4ANyoAASABBv///////xBIABA2LbR7pTpRkYj7
2389 VFi5hrLk
2390 </NewMessage>
2391 </u:SetSelectedRegistrar>
2392 </s:Body>
2393 </s:Envelope>'''
2394 headers = {"Content-type": 'text/xml; charset="utf-8"'}
2395 headers["SOAPAction"] = '"urn:schemas-wifialliance-org:service:WFAWLANConfig:1#%s"' % "SetSelectedRegistrar"
2396 conn.request("POST", ctrlurl.path, msg, headers)
2397 resp = conn.getresponse()
2398 if resp.status != 200:
2399 raise Exception("Unexpected HTTP response: %d" % resp.status)
2400
2401 server.handle_request()
2402
2403 logger.info("Start WPS_PBC and wait for PBC walk time expiration")
2404 if "OK" not in dev[0].request("WPS_PBC"):
2405 raise Exception("WPS_PBC failed")
2406
2407 start = os.times()[4]
2408
2409 server.handle_request()
2410 dev[1].request("BSS_FLUSH 0")
2411 dev[1].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True,
2412 only_new=True)
2413 bss = dev[1].get_bss(apdev[0]['bssid'])
2414 logger.debug("BSS: " + str(bss))
2415 if '[WPS-AUTH]' not in bss['flags']:
2416 raise Exception("WPS not indicated authorized")
2417
2418 server.handle_request()
2419
2420 wps_timeout_seen = False
2421
2422 while True:
2423 hapd.dump_monitor()
2424 dev[1].dump_monitor()
2425 if not wps_timeout_seen:
2426 ev = dev[0].wait_event(["WPS-TIMEOUT"], timeout=0)
2427 if ev is not None:
2428 logger.info("PBC timeout seen")
2429 wps_timeout_seen = True
2430 else:
2431 dev[0].dump_monitor()
2432 now = os.times()[4]
2433 if now - start > 130:
2434 raise Exception("Selected registration information not removed")
2435 dev[1].request("BSS_FLUSH 0")
2436 dev[1].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True,
2437 only_new=True)
2438 bss = dev[1].get_bss(apdev[0]['bssid'])
2439 logger.debug("BSS: " + str(bss))
2440 if '[WPS-AUTH]' not in bss['flags']:
2441 break
2442 server.handle_request()
2443
2444 server.server_close()
2445
2446 if wps_timeout_seen:
2447 return
2448
2449 now = os.times()[4]
2450 if now < start + 150:
2451 dur = start + 150 - now
2452 else:
2453 dur = 1
2454 logger.info("Continue waiting for PBC timeout (%d sec)" % dur)
2455 ev = dev[0].wait_event(["WPS-TIMEOUT"], timeout=dur)
2456 if ev is None:
2457 raise Exception("WPS-TIMEOUT not reported")
2458
2459 def add_ssdp_ap(ap, ap_uuid):
2460 ssid = "wps-ssdp"
2461 ap_pin = "12345670"
2462 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
2463 "wpa_passphrase": "12345678", "wpa": "2",
2464 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
2465 "device_name": "Wireless AP", "manufacturer": "Company",
2466 "model_name": "WAP", "model_number": "123",
2467 "serial_number": "12345", "device_type": "6-0050F204-1",
2468 "os_version": "01020300",
2469 "config_methods": "label push_button",
2470 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo",
2471 "friendly_name": "WPS Access Point",
2472 "manufacturer_url": "http://www.example.com/",
2473 "model_description": "Wireless Access Point",
2474 "model_url": "http://www.example.com/model/",
2475 "upc": "123456789012"}
2476 return hostapd.add_ap(ap, params)
2477
2478 def ssdp_send(msg, no_recv=False):
2479 socket.setdefaulttimeout(1)
2480 sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
2481 sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
2482 sock.setsockopt(socket.IPPROTO_IP, socket.IP_MULTICAST_TTL, 2)
2483 sock.bind(("127.0.0.1", 0))
2484 sock.sendto(msg.encode(), ("239.255.255.250", 1900))
2485 if no_recv:
2486 return None
2487 return sock.recv(1000).decode()
2488
2489 def ssdp_send_msearch(st, no_recv=False):
2490 msg = '\r\n'.join([
2491 'M-SEARCH * HTTP/1.1',
2492 'HOST: 239.255.255.250:1900',
2493 'MX: 1',
2494 'MAN: "ssdp:discover"',
2495 'ST: ' + st,
2496 '', ''])
2497 return ssdp_send(msg, no_recv=no_recv)
2498
2499 def test_ap_wps_ssdp_msearch(dev, apdev):
2500 """WPS AP and SSDP M-SEARCH messages"""
2501 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
2502 add_ssdp_ap(apdev[0], ap_uuid)
2503
2504 msg = '\r\n'.join([
2505 'M-SEARCH * HTTP/1.1',
2506 'Host: 239.255.255.250:1900',
2507 'Mx: 1',
2508 'Man: "ssdp:discover"',
2509 'St: urn:schemas-wifialliance-org:device:WFADevice:1',
2510 '', ''])
2511 ssdp_send(msg)
2512
2513 msg = '\r\n'.join([
2514 'M-SEARCH * HTTP/1.1',
2515 'host:\t239.255.255.250:1900\t\t\t\t \t\t',
2516 'mx: \t1\t\t ',
2517 'man: \t \t "ssdp:discover" ',
2518 'st: urn:schemas-wifialliance-org:device:WFADevice:1\t\t',
2519 '', ''])
2520 ssdp_send(msg)
2521
2522 ssdp_send_msearch("ssdp:all")
2523 ssdp_send_msearch("upnp:rootdevice")
2524 ssdp_send_msearch("uuid:" + ap_uuid)
2525 ssdp_send_msearch("urn:schemas-wifialliance-org:service:WFAWLANConfig:1")
2526 ssdp_send_msearch("urn:schemas-wifialliance-org:device:WFADevice:1")
2527
2528 msg = '\r\n'.join([
2529 'M-SEARCH * HTTP/1.1',
2530 'HOST:\t239.255.255.250:1900',
2531 'MAN: "ssdp:discover"',
2532 'MX: 130',
2533 'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
2534 '', ''])
2535 ssdp_send(msg, no_recv=True)
2536
2537 def test_ap_wps_ssdp_invalid_msearch(dev, apdev):
2538 """WPS AP and invalid SSDP M-SEARCH messages"""
2539 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
2540 add_ssdp_ap(apdev[0], ap_uuid)
2541
2542 socket.setdefaulttimeout(1)
2543 sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
2544 sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
2545 sock.setsockopt(socket.IPPROTO_IP, socket.IP_MULTICAST_TTL, 2)
2546 sock.bind(("127.0.0.1", 0))
2547
2548 logger.debug("Missing MX")
2549 msg = '\r\n'.join([
2550 'M-SEARCH * HTTP/1.1',
2551 'HOST: 239.255.255.250:1900',
2552 'MAN: "ssdp:discover"',
2553 'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
2554 '', ''])
2555 sock.sendto(msg.encode(), ("239.255.255.250", 1900))
2556
2557 logger.debug("Negative MX")
2558 msg = '\r\n'.join([
2559 'M-SEARCH * HTTP/1.1',
2560 'HOST: 239.255.255.250:1900',
2561 'MX: -1',
2562 'MAN: "ssdp:discover"',
2563 'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
2564 '', ''])
2565 sock.sendto(msg.encode(), ("239.255.255.250", 1900))
2566
2567 logger.debug("Invalid MX")
2568 msg = '\r\n'.join([
2569 'M-SEARCH * HTTP/1.1',
2570 'HOST: 239.255.255.250:1900',
2571 'MX; 1',
2572 'MAN: "ssdp:discover"',
2573 'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
2574 '', ''])
2575 sock.sendto(msg.encode(), ("239.255.255.250", 1900))
2576
2577 logger.debug("Missing MAN")
2578 msg = '\r\n'.join([
2579 'M-SEARCH * HTTP/1.1',
2580 'HOST: 239.255.255.250:1900',
2581 'MX: 1',
2582 'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
2583 '', ''])
2584 sock.sendto(msg.encode(), ("239.255.255.250", 1900))
2585
2586 logger.debug("Invalid MAN")
2587 msg = '\r\n'.join([
2588 'M-SEARCH * HTTP/1.1',
2589 'HOST: 239.255.255.250:1900',
2590 'MX: 1',
2591 'MAN: foo',
2592 'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
2593 '', ''])
2594 sock.sendto(msg.encode(), ("239.255.255.250", 1900))
2595 msg = '\r\n'.join([
2596 'M-SEARCH * HTTP/1.1',
2597 'HOST: 239.255.255.250:1900',
2598 'MX: 1',
2599 'MAN; "ssdp:discover"',
2600 'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
2601 '', ''])
2602 sock.sendto(msg.encode(), ("239.255.255.250", 1900))
2603
2604 logger.debug("Missing HOST")
2605 msg = '\r\n'.join([
2606 'M-SEARCH * HTTP/1.1',
2607 'MAN: "ssdp:discover"',
2608 'MX: 1',
2609 'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
2610 '', ''])
2611 sock.sendto(msg.encode(), ("239.255.255.250", 1900))
2612
2613 logger.debug("Missing ST")
2614 msg = '\r\n'.join([
2615 'M-SEARCH * HTTP/1.1',
2616 'HOST: 239.255.255.250:1900',
2617 'MAN: "ssdp:discover"',
2618 'MX: 1',
2619 '', ''])
2620 sock.sendto(msg.encode(), ("239.255.255.250", 1900))
2621
2622 logger.debug("Mismatching ST")
2623 msg = '\r\n'.join([
2624 'M-SEARCH * HTTP/1.1',
2625 'HOST: 239.255.255.250:1900',
2626 'MAN: "ssdp:discover"',
2627 'MX: 1',
2628 'ST: uuid:16d5f8a9-4ee4-4f5e-81f9-cc6e2f47f42d',
2629 '', ''])
2630 sock.sendto(msg.encode(), ("239.255.255.250", 1900))
2631 msg = '\r\n'.join([
2632 'M-SEARCH * HTTP/1.1',
2633 'HOST: 239.255.255.250:1900',
2634 'MAN: "ssdp:discover"',
2635 'MX: 1',
2636 'ST: foo:bar',
2637 '', ''])
2638 sock.sendto(msg.encode(), ("239.255.255.250", 1900))
2639 msg = '\r\n'.join([
2640 'M-SEARCH * HTTP/1.1',
2641 'HOST: 239.255.255.250:1900',
2642 'MAN: "ssdp:discover"',
2643 'MX: 1',
2644 'ST: foobar',
2645 '', ''])
2646 sock.sendto(msg.encode(), ("239.255.255.250", 1900))
2647
2648 logger.debug("Invalid ST")
2649 msg = '\r\n'.join([
2650 'M-SEARCH * HTTP/1.1',
2651 'HOST: 239.255.255.250:1900',
2652 'MAN: "ssdp:discover"',
2653 'MX: 1',
2654 'ST; urn:schemas-wifialliance-org:device:WFADevice:1',
2655 '', ''])
2656 sock.sendto(msg.encode(), ("239.255.255.250", 1900))
2657
2658 logger.debug("Invalid M-SEARCH")
2659 msg = '\r\n'.join([
2660 'M+SEARCH * HTTP/1.1',
2661 'HOST: 239.255.255.250:1900',
2662 'MAN: "ssdp:discover"',
2663 'MX: 1',
2664 'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
2665 '', ''])
2666 sock.sendto(msg.encode(), ("239.255.255.250", 1900))
2667 msg = '\r\n'.join([
2668 'M-SEARCH-* HTTP/1.1',
2669 'HOST: 239.255.255.250:1900',
2670 'MAN: "ssdp:discover"',
2671 'MX: 1',
2672 'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
2673 '', ''])
2674 sock.sendto(msg.encode(), ("239.255.255.250", 1900))
2675
2676 logger.debug("Invalid message format")
2677 sock.sendto(b"NOTIFY * HTTP/1.1", ("239.255.255.250", 1900))
2678 msg = '\r'.join([
2679 'M-SEARCH * HTTP/1.1',
2680 'HOST: 239.255.255.250:1900',
2681 'MAN: "ssdp:discover"',
2682 'MX: 1',
2683 'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
2684 '', ''])
2685 sock.sendto(msg.encode(), ("239.255.255.250", 1900))
2686
2687 try:
2688 r = sock.recv(1000)
2689 raise Exception("Unexpected M-SEARCH response: " + r)
2690 except socket.timeout:
2691 pass
2692
2693 logger.debug("Valid M-SEARCH")
2694 msg = '\r\n'.join([
2695 'M-SEARCH * HTTP/1.1',
2696 'HOST: 239.255.255.250:1900',
2697 'MAN: "ssdp:discover"',
2698 'MX: 1',
2699 'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
2700 '', ''])
2701 sock.sendto(msg.encode(), ("239.255.255.250", 1900))
2702
2703 try:
2704 r = sock.recv(1000)
2705 pass
2706 except socket.timeout:
2707 raise Exception("No SSDP response")
2708
2709 def test_ap_wps_ssdp_burst(dev, apdev):
2710 """WPS AP and SSDP burst"""
2711 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
2712 add_ssdp_ap(apdev[0], ap_uuid)
2713
2714 msg = '\r\n'.join([
2715 'M-SEARCH * HTTP/1.1',
2716 'HOST: 239.255.255.250:1900',
2717 'MAN: "ssdp:discover"',
2718 'MX: 1',
2719 'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
2720 '', ''])
2721 socket.setdefaulttimeout(1)
2722 sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
2723 sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
2724 sock.setsockopt(socket.IPPROTO_IP, socket.IP_MULTICAST_TTL, 2)
2725 sock.bind(("127.0.0.1", 0))
2726 for i in range(0, 25):
2727 sock.sendto(msg.encode(), ("239.255.255.250", 1900))
2728 resp = 0
2729 while True:
2730 try:
2731 r = sock.recv(1000).decode()
2732 if not r.startswith("HTTP/1.1 200 OK\r\n"):
2733 raise Exception("Unexpected message: " + r)
2734 resp += 1
2735 except socket.timeout:
2736 break
2737 if resp < 20:
2738 raise Exception("Too few SSDP responses")
2739
2740 sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
2741 sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
2742 sock.setsockopt(socket.IPPROTO_IP, socket.IP_MULTICAST_TTL, 2)
2743 sock.bind(("127.0.0.1", 0))
2744 for i in range(0, 25):
2745 sock.sendto(msg.encode(), ("239.255.255.250", 1900))
2746 while True:
2747 try:
2748 r = sock.recv(1000).decode()
2749 if ap_uuid in r:
2750 break
2751 except socket.timeout:
2752 raise Exception("No SSDP response")
2753
2754 def ssdp_get_location(uuid):
2755 res = ssdp_send_msearch("uuid:" + uuid)
2756 location = None
2757 for l in res.splitlines():
2758 if l.lower().startswith("location:"):
2759 location = l.split(':', 1)[1].strip()
2760 break
2761 if location is None:
2762 raise Exception("No UPnP location found")
2763 return location
2764
2765 def upnp_get_urls(location):
2766 if sys.version_info[0] > 2:
2767 conn = urlopen(location)
2768 else:
2769 conn = urlopen(location, proxies={})
2770 tree = ET.parse(conn)
2771 root = tree.getroot()
2772 urn = '{urn:schemas-upnp-org:device-1-0}'
2773 service = root.find("./" + urn + "device/" + urn + "serviceList/" + urn + "service")
2774 res = {}
2775 res['scpd_url'] = urljoin(location, service.find(urn + 'SCPDURL').text)
2776 res['control_url'] = urljoin(location,
2777 service.find(urn + 'controlURL').text)
2778 res['event_sub_url'] = urljoin(location,
2779 service.find(urn + 'eventSubURL').text)
2780 return res
2781
2782 def upnp_soap_action(conn, path, action, include_soap_action=True,
2783 soap_action_override=None, newmsg=None, neweventtype=None,
2784 neweventmac=None):
2785 soapns = 'http://schemas.xmlsoap.org/soap/envelope/'
2786 wpsns = 'urn:schemas-wifialliance-org:service:WFAWLANConfig:1'
2787 ET.register_namespace('soapenv', soapns)
2788 ET.register_namespace('wfa', wpsns)
2789 attrib = {}
2790 attrib['{%s}encodingStyle' % soapns] = 'http://schemas.xmlsoap.org/soap/encoding/'
2791 root = ET.Element("{%s}Envelope" % soapns, attrib=attrib)
2792 body = ET.SubElement(root, "{%s}Body" % soapns)
2793 act = ET.SubElement(body, "{%s}%s" % (wpsns, action))
2794 if newmsg:
2795 msg = ET.SubElement(act, "NewMessage")
2796 msg.text = base64.b64encode(newmsg.encode()).decode()
2797 if neweventtype:
2798 msg = ET.SubElement(act, "NewWLANEventType")
2799 msg.text = neweventtype
2800 if neweventmac:
2801 msg = ET.SubElement(act, "NewWLANEventMAC")
2802 msg.text = neweventmac
2803
2804 headers = {"Content-type": 'text/xml; charset="utf-8"'}
2805 if include_soap_action:
2806 headers["SOAPAction"] = '"urn:schemas-wifialliance-org:service:WFAWLANConfig:1#%s"' % action
2807 elif soap_action_override:
2808 headers["SOAPAction"] = soap_action_override
2809 decl = b'<?xml version=\'1.0\' encoding=\'utf8\'?>\n'
2810 conn.request("POST", path, decl + ET.tostring(root), headers)
2811 return conn.getresponse()
2812
2813 def test_ap_wps_upnp(dev, apdev):
2814 """WPS AP and UPnP operations"""
2815 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
2816 add_ssdp_ap(apdev[0], ap_uuid)
2817
2818 location = ssdp_get_location(ap_uuid)
2819 urls = upnp_get_urls(location)
2820
2821 if sys.version_info[0] > 2:
2822 conn = urlopen(urls['scpd_url'])
2823 else:
2824 conn = urlopen(urls['scpd_url'], proxies={})
2825 scpd = conn.read()
2826
2827 if sys.version_info[0] > 2:
2828 try:
2829 conn = urlopen(urljoin(location, "unknown.html"))
2830 raise Exception("Unexpected HTTP response to GET unknown URL")
2831 except HTTPError as e:
2832 if e.code != 404:
2833 raise Exception("Unexpected HTTP response to GET unknown URL")
2834 else:
2835 conn = urlopen(urljoin(location, "unknown.html"), proxies={})
2836 if conn.getcode() != 404:
2837 raise Exception("Unexpected HTTP response to GET unknown URL")
2838
2839 url = urlparse(location)
2840 conn = HTTPConnection(url.netloc)
2841 #conn.set_debuglevel(1)
2842 headers = {"Content-type": 'text/xml; charset="utf-8"',
2843 "SOAPAction": '"urn:schemas-wifialliance-org:service:WFAWLANConfig:1#GetDeviceInfo"'}
2844 conn.request("POST", "hello", "\r\n\r\n", headers)
2845 resp = conn.getresponse()
2846 if resp.status != 404:
2847 raise Exception("Unexpected HTTP response: %d" % resp.status)
2848
2849 conn.request("UNKNOWN", "hello", "\r\n\r\n", headers)
2850 resp = conn.getresponse()
2851 if resp.status != 501:
2852 raise Exception("Unexpected HTTP response: %d" % resp.status)
2853
2854 headers = {"Content-type": 'text/xml; charset="utf-8"',
2855 "SOAPAction": '"urn:some-unknown-action#GetDeviceInfo"'}
2856 ctrlurl = urlparse(urls['control_url'])
2857 conn.request("POST", ctrlurl.path, "\r\n\r\n", headers)
2858 resp = conn.getresponse()
2859 if resp.status != 401:
2860 raise Exception("Unexpected HTTP response: %d" % resp.status)
2861
2862 logger.debug("GetDeviceInfo without SOAPAction header")
2863 resp = upnp_soap_action(conn, ctrlurl.path, "GetDeviceInfo",
2864 include_soap_action=False)
2865 if resp.status != 401:
2866 raise Exception("Unexpected HTTP response: %d" % resp.status)
2867
2868 logger.debug("GetDeviceInfo with invalid SOAPAction header")
2869 for act in ["foo",
2870 "urn:schemas-wifialliance-org:service:WFAWLANConfig:1#GetDeviceInfo",
2871 '"urn:schemas-wifialliance-org:service:WFAWLANConfig:1"',
2872 '"urn:schemas-wifialliance-org:service:WFAWLANConfig:123#GetDevice']:
2873 resp = upnp_soap_action(conn, ctrlurl.path, "GetDeviceInfo",
2874 include_soap_action=False,
2875 soap_action_override=act)
2876 if resp.status != 401:
2877 raise Exception("Unexpected HTTP response: %d" % resp.status)
2878
2879 resp = upnp_soap_action(conn, ctrlurl.path, "GetDeviceInfo")
2880 if resp.status != 200:
2881 raise Exception("Unexpected HTTP response: %d" % resp.status)
2882 dev = resp.read().decode()
2883 if "NewDeviceInfo" not in dev:
2884 raise Exception("Unexpected GetDeviceInfo response")
2885
2886 logger.debug("PutMessage without required parameters")
2887 resp = upnp_soap_action(conn, ctrlurl.path, "PutMessage")
2888 if resp.status != 600:
2889 raise Exception("Unexpected HTTP response: %d" % resp.status)
2890
2891 logger.debug("PutWLANResponse without required parameters")
2892 resp = upnp_soap_action(conn, ctrlurl.path, "PutWLANResponse")
2893 if resp.status != 600:
2894 raise Exception("Unexpected HTTP response: %d" % resp.status)
2895
2896 logger.debug("SetSelectedRegistrar from unregistered ER")
2897 resp = upnp_soap_action(conn, ctrlurl.path, "SetSelectedRegistrar")
2898 if resp.status != 501:
2899 raise Exception("Unexpected HTTP response: %d" % resp.status)
2900
2901 logger.debug("Unknown action")
2902 resp = upnp_soap_action(conn, ctrlurl.path, "Unknown")
2903 if resp.status != 401:
2904 raise Exception("Unexpected HTTP response: %d" % resp.status)
2905
2906 def test_ap_wps_upnp_subscribe(dev, apdev):
2907 """WPS AP and UPnP event subscription"""
2908 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
2909 hapd = add_ssdp_ap(apdev[0], ap_uuid)
2910
2911 location = ssdp_get_location(ap_uuid)
2912 urls = upnp_get_urls(location)
2913 eventurl = urlparse(urls['event_sub_url'])
2914
2915 url = urlparse(location)
2916 conn = HTTPConnection(url.netloc)
2917 #conn.set_debuglevel(1)
2918 headers = {"callback": '<http://127.0.0.1:12345/event>',
2919 "timeout": "Second-1234"}
2920 conn.request("SUBSCRIBE", "hello", "\r\n\r\n", headers)
2921 resp = conn.getresponse()
2922 if resp.status != 412:
2923 raise Exception("Unexpected HTTP response: %d" % resp.status)
2924
2925 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
2926 resp = conn.getresponse()
2927 if resp.status != 412:
2928 raise Exception("Unexpected HTTP response: %d" % resp.status)
2929
2930 headers = {"NT": "upnp:event",
2931 "timeout": "Second-1234"}
2932 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
2933 resp = conn.getresponse()
2934 if resp.status != 412:
2935 raise Exception("Unexpected HTTP response: %d" % resp.status)
2936
2937 headers = {"callback": '<http://127.0.0.1:12345/event>',
2938 "NT": "upnp:foobar",
2939 "timeout": "Second-1234"}
2940 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
2941 resp = conn.getresponse()
2942 if resp.status != 400:
2943 raise Exception("Unexpected HTTP response: %d" % resp.status)
2944
2945 logger.debug("Valid subscription")
2946 headers = {"callback": '<http://127.0.0.1:12345/event>',
2947 "NT": "upnp:event",
2948 "timeout": "Second-1234"}
2949 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
2950 resp = conn.getresponse()
2951 if resp.status != 200:
2952 raise Exception("Unexpected HTTP response: %d" % resp.status)
2953 sid = resp.getheader("sid")
2954 logger.debug("Subscription SID " + sid)
2955
2956 logger.debug("Invalid re-subscription")
2957 headers = {"NT": "upnp:event",
2958 "sid": "123456734567854",
2959 "timeout": "Second-1234"}
2960 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
2961 resp = conn.getresponse()
2962 if resp.status != 400:
2963 raise Exception("Unexpected HTTP response: %d" % resp.status)
2964
2965 logger.debug("Invalid re-subscription")
2966 headers = {"NT": "upnp:event",
2967 "sid": "uuid:123456734567854",
2968 "timeout": "Second-1234"}
2969 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
2970 resp = conn.getresponse()
2971 if resp.status != 400:
2972 raise Exception("Unexpected HTTP response: %d" % resp.status)
2973
2974 logger.debug("Invalid re-subscription")
2975 headers = {"callback": '<http://127.0.0.1:12345/event>',
2976 "NT": "upnp:event",
2977 "sid": sid,
2978 "timeout": "Second-1234"}
2979 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
2980 resp = conn.getresponse()
2981 if resp.status != 400:
2982 raise Exception("Unexpected HTTP response: %d" % resp.status)
2983
2984 logger.debug("SID mismatch in re-subscription")
2985 headers = {"NT": "upnp:event",
2986 "sid": "uuid:4c2bca79-1ff4-4e43-85d4-952a2b8a51fb",
2987 "timeout": "Second-1234"}
2988 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
2989 resp = conn.getresponse()
2990 if resp.status != 412:
2991 raise Exception("Unexpected HTTP response: %d" % resp.status)
2992
2993 logger.debug("Valid re-subscription")
2994 headers = {"NT": "upnp:event",
2995 "sid": sid,
2996 "timeout": "Second-1234"}
2997 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
2998 resp = conn.getresponse()
2999 if resp.status != 200:
3000 raise Exception("Unexpected HTTP response: %d" % resp.status)
3001 sid2 = resp.getheader("sid")
3002 logger.debug("Subscription SID " + sid2)
3003
3004 if sid != sid2:
3005 raise Exception("Unexpected SID change")
3006
3007 logger.debug("Valid re-subscription")
3008 headers = {"NT": "upnp:event",
3009 "sid": "uuid: \t \t" + sid.split(':')[1],
3010 "timeout": "Second-1234"}
3011 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3012 resp = conn.getresponse()
3013 if resp.status != 200:
3014 raise Exception("Unexpected HTTP response: %d" % resp.status)
3015
3016 logger.debug("Invalid unsubscription")
3017 headers = {"sid": sid}
3018 conn.request("UNSUBSCRIBE", "/hello", "\r\n\r\n", headers)
3019 resp = conn.getresponse()
3020 if resp.status != 412:
3021 raise Exception("Unexpected HTTP response: %d" % resp.status)
3022 headers = {"foo": "bar"}
3023 conn.request("UNSUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3024 resp = conn.getresponse()
3025 if resp.status != 412:
3026 raise Exception("Unexpected HTTP response: %d" % resp.status)
3027
3028 logger.debug("Valid unsubscription")
3029 headers = {"sid": sid}
3030 conn.request("UNSUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3031 resp = conn.getresponse()
3032 if resp.status != 200:
3033 raise Exception("Unexpected HTTP response: %d" % resp.status)
3034
3035 logger.debug("Unsubscription for not existing SID")
3036 headers = {"sid": sid}
3037 conn.request("UNSUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3038 resp = conn.getresponse()
3039 if resp.status != 412:
3040 raise Exception("Unexpected HTTP response: %d" % resp.status)
3041
3042 logger.debug("Invalid unsubscription")
3043 headers = {"sid": " \t \tfoo"}
3044 conn.request("UNSUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3045 resp = conn.getresponse()
3046 if resp.status != 400:
3047 raise Exception("Unexpected HTTP response: %d" % resp.status)
3048
3049 logger.debug("Invalid unsubscription")
3050 headers = {"sid": "uuid:\t \tfoo"}
3051 conn.request("UNSUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3052 resp = conn.getresponse()
3053 if resp.status != 400:
3054 raise Exception("Unexpected HTTP response: %d" % resp.status)
3055
3056 logger.debug("Invalid unsubscription")
3057 headers = {"NT": "upnp:event",
3058 "sid": sid}
3059 conn.request("UNSUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3060 resp = conn.getresponse()
3061 if resp.status != 400:
3062 raise Exception("Unexpected HTTP response: %d" % resp.status)
3063 headers = {"callback": '<http://127.0.0.1:12345/event>',
3064 "sid": sid}
3065 conn.request("UNSUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3066 resp = conn.getresponse()
3067 if resp.status != 400:
3068 raise Exception("Unexpected HTTP response: %d" % resp.status)
3069
3070 logger.debug("Valid subscription with multiple callbacks")
3071 headers = {"callback": '<http://127.0.0.1:12345/event> <http://127.0.0.1:12345/event>\t<http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event>',
3072 "NT": "upnp:event",
3073 "timeout": "Second-1234"}
3074 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3075 resp = conn.getresponse()
3076 if resp.status != 200:
3077 raise Exception("Unexpected HTTP response: %d" % resp.status)
3078 sid = resp.getheader("sid")
3079 logger.debug("Subscription SID " + sid)
3080
3081 # Force subscription to be deleted due to errors
3082 dev[1].scan_for_bss(apdev[0]['bssid'], freq=2412)
3083 dev[2].scan_for_bss(apdev[0]['bssid'], freq=2412)
3084 with alloc_fail(hapd, 1, "event_build_message"):
3085 for i in range(10):
3086 dev[1].dump_monitor()
3087 dev[2].dump_monitor()
3088 dev[1].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
3089 dev[2].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
3090 dev[1].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
3091 dev[1].request("WPS_CANCEL")
3092 dev[2].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
3093 dev[2].request("WPS_CANCEL")
3094 if i % 4 == 1:
3095 time.sleep(1)
3096 else:
3097 time.sleep(0.1)
3098 time.sleep(0.2)
3099
3100 headers = {"sid": sid}
3101 conn.request("UNSUBSCRIBE", eventurl.path, "", headers)
3102 resp = conn.getresponse()
3103 if resp.status != 200 and resp.status != 412:
3104 raise Exception("Unexpected HTTP response for UNSUBSCRIBE: %d" % resp.status)
3105
3106 headers = {"callback": '<http://127.0.0.1:12345/event>',
3107 "NT": "upnp:event",
3108 "timeout": "Second-1234"}
3109 with alloc_fail(hapd, 1, "http_client_addr;event_send_start"):
3110 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3111 resp = conn.getresponse()
3112 if resp.status != 200:
3113 raise Exception("Unexpected HTTP response for SUBSCRIBE: %d" % resp.status)
3114 sid = resp.getheader("sid")
3115 logger.debug("Subscription SID " + sid)
3116
3117 headers = {"sid": sid}
3118 conn.request("UNSUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3119 resp = conn.getresponse()
3120 if resp.status != 200:
3121 raise Exception("Unexpected HTTP response for UNSUBSCRIBE: %d" % resp.status)
3122
3123 headers = {"callback": '<http://127.0.0.1:12345/event>',
3124 "NT": "upnp:event",
3125 "timeout": "Second-1234"}
3126 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3127 resp = conn.getresponse()
3128 if resp.status != 200:
3129 raise Exception("Unexpected HTTP response: %d" % resp.status)
3130 sid = resp.getheader("sid")
3131 logger.debug("Subscription SID " + sid)
3132
3133 with alloc_fail(hapd, 1, "=event_add"):
3134 for i in range(2):
3135 dev[1].dump_monitor()
3136 dev[2].dump_monitor()
3137 dev[1].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
3138 dev[2].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
3139 dev[1].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
3140 dev[1].request("WPS_CANCEL")
3141 dev[2].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
3142 dev[2].request("WPS_CANCEL")
3143 if i == 0:
3144 time.sleep(1)
3145 else:
3146 time.sleep(0.1)
3147
3148 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3149 resp = conn.getresponse()
3150 if resp.status != 200:
3151 raise Exception("Unexpected HTTP response: %d" % resp.status)
3152
3153 with alloc_fail(hapd, 1, "wpabuf_dup;event_add"):
3154 dev[1].dump_monitor()
3155 dev[2].dump_monitor()
3156 dev[1].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
3157 dev[2].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
3158 dev[1].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
3159 dev[1].request("WPS_CANCEL")
3160 dev[2].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
3161 dev[2].request("WPS_CANCEL")
3162 time.sleep(0.1)
3163
3164 with fail_test(hapd, 1, "os_get_random;uuid_make;subscription_start"):
3165 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3166 resp = conn.getresponse()
3167 if resp.status != 500:
3168 raise Exception("Unexpected HTTP response: %d" % resp.status)
3169
3170 with alloc_fail(hapd, 1, "=subscription_start"):
3171 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3172 resp = conn.getresponse()
3173 if resp.status != 500:
3174 raise Exception("Unexpected HTTP response: %d" % resp.status)
3175
3176 headers = {"callback": '',
3177 "NT": "upnp:event",
3178 "timeout": "Second-1234"}
3179 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3180 resp = conn.getresponse()
3181 if resp.status != 500:
3182 raise Exception("Unexpected HTTP response: %d" % resp.status)
3183
3184 headers = {"callback": ' <',
3185 "NT": "upnp:event",
3186 "timeout": "Second-1234"}
3187 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3188 resp = conn.getresponse()
3189 if resp.status != 500:
3190 raise Exception("Unexpected HTTP response: %d" % resp.status)
3191
3192 headers = {"callback": '<http://127.0.0.1:12345/event>',
3193 "NT": "upnp:event",
3194 "timeout": "Second-1234"}
3195 with alloc_fail(hapd, 1, "wpabuf_alloc;subscription_first_event"):
3196 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3197 resp = conn.getresponse()
3198 if resp.status != 500:
3199 raise Exception("Unexpected HTTP response: %d" % resp.status)
3200
3201 with alloc_fail(hapd, 1, "event_add;subscription_first_event"):
3202 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3203 resp = conn.getresponse()
3204 if resp.status != 500:
3205 raise Exception("Unexpected HTTP response: %d" % resp.status)
3206
3207 with alloc_fail(hapd, 1, "subscr_addr_add_url"):
3208 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3209 resp = conn.getresponse()
3210 if resp.status != 500:
3211 raise Exception("Unexpected HTTP response: %d" % resp.status)
3212
3213 with alloc_fail(hapd, 2, "subscr_addr_add_url"):
3214 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3215 resp = conn.getresponse()
3216 if resp.status != 500:
3217 raise Exception("Unexpected HTTP response: %d" % resp.status)
3218
3219 for i in range(6):
3220 headers = {"callback": '<http://127.0.0.1:%d/event>' % (12345 + i),
3221 "NT": "upnp:event",
3222 "timeout": "Second-1234"}
3223 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3224 resp = conn.getresponse()
3225 if resp.status != 200:
3226 raise Exception("Unexpected HTTP response: %d" % resp.status)
3227
3228 with alloc_fail(hapd, 1, "=upnp_wps_device_send_wlan_event"):
3229 dev[1].dump_monitor()
3230 dev[1].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
3231 dev[1].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
3232 dev[1].request("WPS_CANCEL")
3233 time.sleep(0.1)
3234
3235 with alloc_fail(hapd, 1, "wpabuf_alloc;upnp_wps_device_send_event"):
3236 dev[1].dump_monitor()
3237 dev[1].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
3238 dev[1].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
3239 dev[1].request("WPS_CANCEL")
3240 time.sleep(0.1)
3241
3242 with alloc_fail(hapd, 1,
3243 "base64_gen_encode;?base64_encode;upnp_wps_device_send_wlan_event"):
3244 dev[1].dump_monitor()
3245 dev[1].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
3246 dev[1].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
3247 dev[1].request("WPS_CANCEL")
3248 time.sleep(0.1)
3249
3250 hapd.disable()
3251 with alloc_fail(hapd, 1, "get_netif_info"):
3252 if "FAIL" not in hapd.request("ENABLE"):
3253 raise Exception("ENABLE succeeded during OOM")
3254
3255 def test_ap_wps_upnp_subscribe_events(dev, apdev):
3256 """WPS AP and UPnP event subscription and many events"""
3257 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
3258 hapd = add_ssdp_ap(apdev[0], ap_uuid)
3259
3260 location = ssdp_get_location(ap_uuid)
3261 urls = upnp_get_urls(location)
3262 eventurl = urlparse(urls['event_sub_url'])
3263
3264 class WPSERHTTPServer(StreamRequestHandler):
3265 def handle(self):
3266 data = self.rfile.readline().strip()
3267 logger.debug(data)
3268 self.wfile.write(gen_wps_event())
3269
3270 server = MyTCPServer(("127.0.0.1", 12345), WPSERHTTPServer)
3271 server.timeout = 1
3272
3273 url = urlparse(location)
3274 conn = HTTPConnection(url.netloc)
3275
3276 headers = {"callback": '<http://127.0.0.1:12345/event>',
3277 "NT": "upnp:event",
3278 "timeout": "Second-1234"}
3279 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3280 resp = conn.getresponse()
3281 if resp.status != 200:
3282 raise Exception("Unexpected HTTP response: %d" % resp.status)
3283 sid = resp.getheader("sid")
3284 logger.debug("Subscription SID " + sid)
3285
3286 # Fetch the first event message
3287 server.handle_request()
3288
3289 # Force subscription event queue to reach the maximum length by generating
3290 # new proxied events without the ER fetching any of the pending events.
3291 dev[1].scan_for_bss(apdev[0]['bssid'], freq=2412)
3292 dev[2].scan_for_bss(apdev[0]['bssid'], freq=2412)
3293 for i in range(16):
3294 dev[1].dump_monitor()
3295 dev[2].dump_monitor()
3296 dev[1].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
3297 dev[2].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
3298 dev[1].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
3299 dev[1].request("WPS_CANCEL")
3300 dev[2].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
3301 dev[2].request("WPS_CANCEL")
3302 if i % 4 == 1:
3303 time.sleep(1)
3304 else:
3305 time.sleep(0.1)
3306
3307 hapd.request("WPS_PIN any 12345670")
3308 dev[1].dump_monitor()
3309 dev[1].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
3310 ev = dev[1].wait_event(["WPS-SUCCESS"], timeout=10)
3311 if ev is None:
3312 raise Exception("WPS success not reported")
3313
3314 # Close the WPS ER HTTP server without fetching all the pending events.
3315 # This tests hostapd code path that clears subscription and the remaining
3316 # event queue when the interface is deinitialized.
3317 server.handle_request()
3318 server.server_close()
3319
3320 dev[1].wait_connected()
3321
3322 def test_ap_wps_upnp_http_proto(dev, apdev):
3323 """WPS AP and UPnP/HTTP protocol testing"""
3324 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
3325 add_ssdp_ap(apdev[0], ap_uuid)
3326
3327 location = ssdp_get_location(ap_uuid)
3328
3329 url = urlparse(location)
3330 conn = HTTPConnection(url.netloc, timeout=0.2)
3331 #conn.set_debuglevel(1)
3332
3333 conn.request("HEAD", "hello")
3334 resp = conn.getresponse()
3335 if resp.status != 501:
3336 raise Exception("Unexpected response to HEAD: " + str(resp.status))
3337 conn.close()
3338
3339 for cmd in ["PUT", "DELETE", "TRACE", "CONNECT", "M-SEARCH", "M-POST"]:
3340 try:
3341 conn.request(cmd, "hello")
3342 resp = conn.getresponse()
3343 except Exception as e:
3344 pass
3345 conn.close()
3346
3347 headers = {"Content-Length": 'abc'}
3348 conn.request("HEAD", "hello", "\r\n\r\n", headers)
3349 try:
3350 resp = conn.getresponse()
3351 except Exception as e:
3352 pass
3353 conn.close()
3354
3355 headers = {"Content-Length": '-10'}
3356 conn.request("HEAD", "hello", "\r\n\r\n", headers)
3357 try:
3358 resp = conn.getresponse()
3359 except Exception as e:
3360 pass
3361 conn.close()
3362
3363 headers = {"Content-Length": '10000000000000'}
3364 conn.request("HEAD", "hello", "\r\n\r\nhello", headers)
3365 try:
3366 resp = conn.getresponse()
3367 except Exception as e:
3368 pass
3369 conn.close()
3370
3371 headers = {"Transfer-Encoding": 'abc'}
3372 conn.request("HEAD", "hello", "\r\n\r\n", headers)
3373 resp = conn.getresponse()
3374 if resp.status != 501:
3375 raise Exception("Unexpected response to HEAD: " + str(resp.status))
3376 conn.close()
3377
3378 headers = {"Transfer-Encoding": 'chunked'}
3379 conn.request("HEAD", "hello", "\r\n\r\n", headers)
3380 resp = conn.getresponse()
3381 if resp.status != 501:
3382 raise Exception("Unexpected response to HEAD: " + str(resp.status))
3383 conn.close()
3384
3385 # Too long a header
3386 conn.request("HEAD", 5000 * 'A')
3387 try:
3388 resp = conn.getresponse()
3389 except Exception as e:
3390 pass
3391 conn.close()
3392
3393 # Long URL but within header length limits
3394 conn.request("HEAD", 3000 * 'A')
3395 resp = conn.getresponse()
3396 if resp.status != 501:
3397 raise Exception("Unexpected response to HEAD: " + str(resp.status))
3398 conn.close()
3399
3400 headers = {"Content-Length": '20'}
3401 conn.request("POST", "hello", 10 * 'A' + "\r\n\r\n", headers)
3402 try:
3403 resp = conn.getresponse()
3404 except Exception as e:
3405 pass
3406 conn.close()
3407
3408 conn.request("POST", "hello", 5000 * 'A' + "\r\n\r\n")
3409 resp = conn.getresponse()
3410 if resp.status != 404:
3411 raise Exception("Unexpected HTTP response: %d" % resp.status)
3412 conn.close()
3413
3414 conn.request("POST", "hello", 60000 * 'A' + "\r\n\r\n")
3415 try:
3416 resp = conn.getresponse()
3417 except Exception as e:
3418 pass
3419 conn.close()
3420
3421 def test_ap_wps_upnp_http_proto_chunked(dev, apdev):
3422 """WPS AP and UPnP/HTTP protocol testing for chunked encoding"""
3423 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
3424 add_ssdp_ap(apdev[0], ap_uuid)
3425
3426 location = ssdp_get_location(ap_uuid)
3427
3428 url = urlparse(location)
3429 conn = HTTPConnection(url.netloc)
3430 #conn.set_debuglevel(1)
3431
3432 headers = {"Transfer-Encoding": 'chunked'}
3433 conn.request("POST", "hello",
3434 "a\r\nabcdefghij\r\n" + "2\r\nkl\r\n" + "0\r\n\r\n",
3435 headers)
3436 resp = conn.getresponse()
3437 if resp.status != 404:
3438 raise Exception("Unexpected HTTP response: %d" % resp.status)
3439 conn.close()
3440
3441 conn.putrequest("POST", "hello")
3442 conn.putheader('Transfer-Encoding', 'chunked')
3443 conn.endheaders()
3444 conn.send(b"a\r\nabcdefghij\r\n")
3445 time.sleep(0.1)
3446 conn.send(b"2\r\nkl\r\n")
3447 conn.send(b"0\r\n\r\n")
3448 resp = conn.getresponse()
3449 if resp.status != 404:
3450 raise Exception("Unexpected HTTP response: %d" % resp.status)
3451 conn.close()
3452
3453 conn.putrequest("POST", "hello")
3454 conn.putheader('Transfer-Encoding', 'chunked')
3455 conn.endheaders()
3456 completed = False
3457 try:
3458 for i in range(20000):
3459 conn.send(b"1\r\nZ\r\n")
3460 conn.send(b"0\r\n\r\n")
3461 resp = conn.getresponse()
3462 completed = True
3463 except Exception as e:
3464 pass
3465 conn.close()
3466 if completed:
3467 raise Exception("Too long chunked request did not result in connection reset")
3468
3469 headers = {"Transfer-Encoding": 'chunked'}
3470 conn.request("POST", "hello", "80000000\r\na", headers)
3471 try:
3472 resp = conn.getresponse()
3473 except Exception as e:
3474 pass
3475 conn.close()
3476
3477 conn.request("POST", "hello", "10000000\r\na", headers)
3478 try:
3479 resp = conn.getresponse()
3480 except Exception as e:
3481 pass
3482 conn.close()
3483
3484 @remote_compatible
3485 def test_ap_wps_disabled(dev, apdev):
3486 """WPS operations while WPS is disabled"""
3487 ssid = "test-wps-disabled"
3488 hapd = hostapd.add_ap(apdev[0], {"ssid": ssid})
3489 if "FAIL" not in hapd.request("WPS_PBC"):
3490 raise Exception("WPS_PBC succeeded unexpectedly")
3491 if "FAIL" not in hapd.request("WPS_CANCEL"):
3492 raise Exception("WPS_CANCEL succeeded unexpectedly")
3493
3494 def test_ap_wps_mixed_cred(dev, apdev):
3495 """WPS 2.0 STA merging mixed mode WPA/WPA2 credentials"""
3496 ssid = "test-wps-wep"
3497 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
3498 "skip_cred_build": "1", "extra_cred": "wps-mixed-cred"}
3499 hapd = hostapd.add_ap(apdev[0], params)
3500 hapd.request("WPS_PBC")
3501 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
3502 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
3503 ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=30)
3504 if ev is None:
3505 raise Exception("WPS-SUCCESS event timed out")
3506 nets = dev[0].list_networks()
3507 if len(nets) != 1:
3508 raise Exception("Unexpected number of network blocks")
3509 id = nets[0]['id']
3510 proto = dev[0].get_network(id, "proto")
3511 if proto != "WPA RSN":
3512 raise Exception("Unexpected merged proto field value: " + proto)
3513 pairwise = dev[0].get_network(id, "pairwise")
3514 p = pairwise.split()
3515 if "CCMP" not in p or "TKIP" not in p:
3516 raise Exception("Unexpected merged pairwise field value: " + pairwise)
3517
3518 @remote_compatible
3519 def test_ap_wps_while_connected(dev, apdev):
3520 """WPS PBC provisioning while connected to another AP"""
3521 ssid = "test-wps-conf"
3522 hapd = hostapd.add_ap(apdev[0],
3523 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
3524 "wpa_passphrase": "12345678", "wpa": "2",
3525 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
3526
3527 hostapd.add_ap(apdev[1], {"ssid": "open"})
3528 dev[0].connect("open", key_mgmt="NONE", scan_freq="2412")
3529
3530 logger.info("WPS provisioning step")
3531 hapd.request("WPS_PBC")
3532 dev[0].dump_monitor()
3533 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
3534 dev[0].wait_connected(timeout=30)
3535 status = dev[0].get_status()
3536 if status['bssid'] != apdev[0]['bssid']:
3537 raise Exception("Unexpected BSSID")
3538
3539 @remote_compatible
3540 def test_ap_wps_while_connected_no_autoconnect(dev, apdev):
3541 """WPS PBC provisioning while connected to another AP and STA_AUTOCONNECT disabled"""
3542 ssid = "test-wps-conf"
3543 hapd = hostapd.add_ap(apdev[0],
3544 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
3545 "wpa_passphrase": "12345678", "wpa": "2",
3546 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
3547
3548 hostapd.add_ap(apdev[1], {"ssid": "open"})
3549
3550 try:
3551 dev[0].request("STA_AUTOCONNECT 0")
3552 dev[0].connect("open", key_mgmt="NONE", scan_freq="2412")
3553
3554 logger.info("WPS provisioning step")
3555 hapd.request("WPS_PBC")
3556 dev[0].dump_monitor()
3557 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
3558 dev[0].wait_connected(timeout=30)
3559 status = dev[0].get_status()
3560 if status['bssid'] != apdev[0]['bssid']:
3561 raise Exception("Unexpected BSSID")
3562 finally:
3563 dev[0].request("STA_AUTOCONNECT 1")
3564
3565 @remote_compatible
3566 def test_ap_wps_from_event(dev, apdev):
3567 """WPS PBC event on AP to enable PBC"""
3568 ssid = "test-wps-conf"
3569 hapd = hostapd.add_ap(apdev[0],
3570 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
3571 "wpa_passphrase": "12345678", "wpa": "2",
3572 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
3573 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
3574 dev[0].dump_monitor()
3575 hapd.dump_monitor()
3576 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
3577
3578 ev = hapd.wait_event(['WPS-ENROLLEE-SEEN'], timeout=15)
3579 if ev is None:
3580 raise Exception("No WPS-ENROLLEE-SEEN event on AP")
3581 vals = ev.split(' ')
3582 if vals[1] != dev[0].p2p_interface_addr():
3583 raise Exception("Unexpected enrollee address: " + vals[1])
3584 if vals[5] != '4':
3585 raise Exception("Unexpected Device Password Id: " + vals[5])
3586 hapd.request("WPS_PBC")
3587 dev[0].wait_connected(timeout=30)
3588
3589 def test_ap_wps_ap_scan_2(dev, apdev):
3590 """AP_SCAN 2 for WPS"""
3591 ssid = "test-wps-conf"
3592 hapd = hostapd.add_ap(apdev[0],
3593 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
3594 "wpa_passphrase": "12345678", "wpa": "2",
3595 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
3596 hapd.request("WPS_PBC")
3597
3598 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
3599 wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
3600 wpas.dump_monitor()
3601
3602 if "OK" not in wpas.request("AP_SCAN 2"):
3603 raise Exception("Failed to set AP_SCAN 2")
3604
3605 wpas.flush_scan_cache()
3606 wpas.scan_for_bss(apdev[0]['bssid'], freq="2412")
3607 wpas.dump_monitor()
3608 wpas.request("WPS_PBC " + apdev[0]['bssid'])
3609 ev = wpas.wait_event(["WPS-SUCCESS"], timeout=15)
3610 if ev is None:
3611 raise Exception("WPS-SUCCESS event timed out")
3612 wpas.wait_connected(timeout=30)
3613 wpas.dump_monitor()
3614 wpas.request("DISCONNECT")
3615 wpas.wait_disconnected()
3616 id = wpas.list_networks()[0]['id']
3617 pairwise = wpas.get_network(id, "pairwise")
3618 if "CCMP" not in pairwise.split():
3619 raise Exception("Unexpected pairwise parameter value: " + pairwise)
3620 group = wpas.get_network(id, "group")
3621 if "CCMP" not in group.split():
3622 raise Exception("Unexpected group parameter value: " + group)
3623 # Need to select a single cipher for ap_scan=2 testing
3624 wpas.set_network(id, "pairwise", "CCMP")
3625 wpas.set_network(id, "group", "CCMP")
3626 wpas.request("BSS_FLUSH 0")
3627 wpas.dump_monitor()
3628 wpas.request("REASSOCIATE")
3629 wpas.wait_connected(timeout=30)
3630 wpas.dump_monitor()
3631 wpas.request("DISCONNECT")
3632 wpas.wait_disconnected()
3633 wpas.flush_scan_cache()
3634
3635 @remote_compatible
3636 def test_ap_wps_eapol_workaround(dev, apdev):
3637 """EAPOL workaround code path for 802.1X header length mismatch"""
3638 ssid = "test-wps"
3639 hapd = hostapd.add_ap(apdev[0],
3640 {"ssid": ssid, "eap_server": "1", "wps_state": "1"})
3641 bssid = apdev[0]['bssid']
3642 hapd.request("SET ext_eapol_frame_io 1")
3643 dev[0].request("SET ext_eapol_frame_io 1")
3644 hapd.request("WPS_PBC")
3645 dev[0].request("WPS_PBC")
3646
3647 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
3648 if ev is None:
3649 raise Exception("Timeout on EAPOL-TX from hostapd")
3650
3651 res = dev[0].request("EAPOL_RX " + bssid + " 020000040193000501FFFF")
3652 if "OK" not in res:
3653 raise Exception("EAPOL_RX to wpa_supplicant failed")
3654
3655 def test_ap_wps_iteration(dev, apdev):
3656 """WPS PIN and iterate through APs without selected registrar"""
3657 ssid = "test-wps-conf"
3658 hapd = hostapd.add_ap(apdev[0],
3659 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
3660 "wpa_passphrase": "12345678", "wpa": "2",
3661 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
3662
3663 ssid2 = "test-wps-conf2"
3664 hapd2 = hostapd.add_ap(apdev[1],
3665 {"ssid": ssid2, "eap_server": "1", "wps_state": "2",
3666 "wpa_passphrase": "12345678", "wpa": "2",
3667 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
3668
3669 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
3670 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
3671 dev[0].dump_monitor()
3672 pin = dev[0].request("WPS_PIN any")
3673
3674 # Wait for iteration through all WPS APs to happen before enabling any
3675 # Registrar.
3676 for i in range(2):
3677 ev = dev[0].wait_event(["Associated with"], timeout=30)
3678 if ev is None:
3679 raise Exception("No association seen")
3680 ev = dev[0].wait_event(["WPS-M2D"], timeout=10)
3681 if ev is None:
3682 raise Exception("No M2D from AP")
3683 dev[0].wait_disconnected()
3684
3685 # Verify that each AP requested PIN
3686 ev = hapd.wait_event(["WPS-PIN-NEEDED"], timeout=1)
3687 if ev is None:
3688 raise Exception("No WPS-PIN-NEEDED event from AP")
3689 ev = hapd2.wait_event(["WPS-PIN-NEEDED"], timeout=1)
3690 if ev is None:
3691 raise Exception("No WPS-PIN-NEEDED event from AP2")
3692
3693 # Provide PIN to one of the APs and verify that connection gets formed
3694 hapd.request("WPS_PIN any " + pin)
3695 dev[0].wait_connected(timeout=30)
3696
3697 def test_ap_wps_iteration_error(dev, apdev):
3698 """WPS AP iteration on no Selected Registrar and error case with an AP"""
3699 ssid = "test-wps-conf-pin"
3700 hapd = hostapd.add_ap(apdev[0],
3701 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
3702 "wpa_passphrase": "12345678", "wpa": "2",
3703 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
3704 "wps_independent": "1"})
3705 hapd.request("SET ext_eapol_frame_io 1")
3706 bssid = apdev[0]['bssid']
3707 pin = dev[0].wps_read_pin()
3708 dev[0].request("WPS_PIN any " + pin)
3709
3710 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
3711 if ev is None:
3712 raise Exception("No EAPOL-TX (EAP-Request/Identity) from hostapd")
3713 dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
3714
3715 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
3716 if ev is None:
3717 raise Exception("No EAPOL-TX (EAP-WSC/Start) from hostapd")
3718 ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)
3719 if ev is None:
3720 raise Exception("No CTRL-EVENT-EAP-STARTED")
3721
3722 # Do not forward any more EAPOL frames to test wpa_supplicant behavior for
3723 # a case with an incorrectly behaving WPS AP.
3724
3725 # Start the real target AP and activate registrar on it.
3726 hapd2 = hostapd.add_ap(apdev[1],
3727 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
3728 "wpa_passphrase": "12345678", "wpa": "2",
3729 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
3730 "wps_independent": "1"})
3731 hapd2.request("WPS_PIN any " + pin)
3732
3733 dev[0].wait_disconnected(timeout=15)
3734 ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=15)
3735 if ev is None:
3736 raise Exception("No CTRL-EVENT-EAP-STARTED for the second AP")
3737 ev = dev[0].wait_event(["WPS-CRED-RECEIVED"], timeout=15)
3738 if ev is None:
3739 raise Exception("No WPS-CRED-RECEIVED for the second AP")
3740 dev[0].wait_connected(timeout=15)
3741
3742 @remote_compatible
3743 def test_ap_wps_priority(dev, apdev):
3744 """WPS PIN provisioning with configured AP and wps_priority"""
3745 ssid = "test-wps-conf-pin"
3746 hapd = hostapd.add_ap(apdev[0],
3747 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
3748 "wpa_passphrase": "12345678", "wpa": "2",
3749 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
3750 logger.info("WPS provisioning step")
3751 pin = dev[0].wps_read_pin()
3752 hapd.request("WPS_PIN any " + pin)
3753 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
3754 dev[0].dump_monitor()
3755 try:
3756 dev[0].request("SET wps_priority 6")
3757 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
3758 dev[0].wait_connected(timeout=30)
3759 netw = dev[0].list_networks()
3760 prio = dev[0].get_network(netw[0]['id'], 'priority')
3761 if prio != '6':
3762 raise Exception("Unexpected network priority: " + prio)
3763 finally:
3764 dev[0].request("SET wps_priority 0")
3765
3766 @remote_compatible
3767 def test_ap_wps_and_non_wps(dev, apdev):
3768 """WPS and non-WPS AP in single hostapd process"""
3769 params = {"ssid": "wps", "eap_server": "1", "wps_state": "1"}
3770 hapd = hostapd.add_ap(apdev[0], params)
3771
3772 params = {"ssid": "no wps"}
3773 hapd2 = hostapd.add_ap(apdev[1], params)
3774
3775 appin = hapd.request("WPS_AP_PIN random")
3776 if "FAIL" in appin:
3777 raise Exception("Could not generate random AP PIN")
3778 if appin not in hapd.request("WPS_AP_PIN get"):
3779 raise Exception("Could not fetch current AP PIN")
3780
3781 if "FAIL" in hapd.request("WPS_PBC"):
3782 raise Exception("WPS_PBC failed")
3783 if "FAIL" in hapd.request("WPS_CANCEL"):
3784 raise Exception("WPS_CANCEL failed")
3785
3786 def test_ap_wps_init_oom(dev, apdev):
3787 """Initial AP configuration and OOM during PSK generation"""
3788 ssid = "test-wps"
3789 params = {"ssid": ssid, "eap_server": "1", "wps_state": "1"}
3790 hapd = hostapd.add_ap(apdev[0], params)
3791
3792 with alloc_fail(hapd, 1, "base64_gen_encode;?base64_encode;wps_build_cred"):
3793 pin = dev[0].wps_read_pin()
3794 hapd.request("WPS_PIN any " + pin)
3795 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
3796 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
3797 dev[0].wait_disconnected()
3798
3799 hapd.request("WPS_PIN any " + pin)
3800 dev[0].wait_connected(timeout=30)
3801
3802 @remote_compatible
3803 def test_ap_wps_er_oom(dev, apdev):
3804 """WPS ER OOM in XML processing"""
3805 try:
3806 _test_ap_wps_er_oom(dev, apdev)
3807 finally:
3808 dev[0].request("WPS_ER_STOP")
3809 dev[1].request("WPS_CANCEL")
3810 dev[0].request("DISCONNECT")
3811
3812 def _test_ap_wps_er_oom(dev, apdev):
3813 ssid = "wps-er-ap-config"
3814 ap_pin = "12345670"
3815 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
3816 hostapd.add_ap(apdev[0],
3817 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
3818 "wpa_passphrase": "12345678", "wpa": "2",
3819 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
3820 "device_name": "Wireless AP", "manufacturer": "Company",
3821 "model_name": "WAP", "model_number": "123",
3822 "serial_number": "12345", "device_type": "6-0050F204-1",
3823 "os_version": "01020300",
3824 "config_methods": "label push_button",
3825 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"})
3826
3827 dev[0].connect(ssid, psk="12345678", scan_freq="2412")
3828
3829 with alloc_fail(dev[0], 1,
3830 "base64_gen_decode;?base64_decode;xml_get_base64_item"):
3831 dev[0].request("WPS_ER_START ifname=lo")
3832 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=3)
3833 if ev is not None:
3834 raise Exception("Unexpected AP discovery")
3835
3836 dev[0].request("WPS_ER_STOP")
3837 dev[0].request("WPS_ER_START ifname=lo")
3838 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=10)
3839 if ev is None:
3840 raise Exception("AP discovery timed out")
3841
3842 dev[1].scan_for_bss(apdev[0]['bssid'], freq=2412)
3843 with alloc_fail(dev[0], 1,
3844 "base64_gen_decode;?base64_decode;xml_get_base64_item"):
3845 dev[1].request("WPS_PBC " + apdev[0]['bssid'])
3846 ev = dev[1].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=10)
3847 if ev is None:
3848 raise Exception("PBC scan failed")
3849 ev = dev[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout=15)
3850 if ev is None:
3851 raise Exception("Enrollee discovery timed out")
3852
3853 @remote_compatible
3854 def test_ap_wps_er_init_oom(dev, apdev):
3855 """WPS ER and OOM during init"""
3856 try:
3857 _test_ap_wps_er_init_oom(dev, apdev)
3858 finally:
3859 dev[0].request("WPS_ER_STOP")
3860
3861 def _test_ap_wps_er_init_oom(dev, apdev):
3862 with alloc_fail(dev[0], 1, "wps_er_init"):
3863 if "FAIL" not in dev[0].request("WPS_ER_START ifname=lo"):
3864 raise Exception("WPS_ER_START succeeded during OOM")
3865 with alloc_fail(dev[0], 1, "http_server_init"):
3866 if "FAIL" not in dev[0].request("WPS_ER_START ifname=lo"):
3867 raise Exception("WPS_ER_START succeeded during OOM")
3868 with alloc_fail(dev[0], 2, "http_server_init"):
3869 if "FAIL" not in dev[0].request("WPS_ER_START ifname=lo"):
3870 raise Exception("WPS_ER_START succeeded during OOM")
3871 with alloc_fail(dev[0], 1, "eloop_sock_table_add_sock;?eloop_register_sock;wps_er_ssdp_init"):
3872 if "FAIL" not in dev[0].request("WPS_ER_START ifname=lo"):
3873 raise Exception("WPS_ER_START succeeded during OOM")
3874 with fail_test(dev[0], 1, "os_get_random;wps_er_init"):
3875 if "FAIL" not in dev[0].request("WPS_ER_START ifname=lo"):
3876 raise Exception("WPS_ER_START succeeded during os_get_random failure")
3877
3878 @remote_compatible
3879 def test_ap_wps_er_init_fail(dev, apdev):
3880 """WPS ER init failure"""
3881 if "FAIL" not in dev[0].request("WPS_ER_START ifname=does-not-exist"):
3882 dev[0].request("WPS_ER_STOP")
3883 raise Exception("WPS_ER_START with non-existing ifname succeeded")
3884
3885 def test_ap_wps_wpa_cli_action(dev, apdev, test_params):
3886 """WPS events and wpa_cli action script"""
3887 logdir = os.path.abspath(test_params['logdir'])
3888 pidfile = os.path.join(logdir, 'ap_wps_wpa_cli_action.wpa_cli.pid')
3889 logfile = os.path.join(logdir, 'ap_wps_wpa_cli_action.wpa_cli.res')
3890 actionfile = os.path.join(logdir, 'ap_wps_wpa_cli_action.wpa_cli.action.sh')
3891
3892 with open(actionfile, 'w') as f:
3893 f.write('#!/bin/sh\n')
3894 f.write('echo $* >> %s\n' % logfile)
3895 # Kill the process and wait some time before returning to allow all the
3896 # pending events to be processed with some of this happening after the
3897 # eloop SIGALRM signal has been scheduled.
3898 f.write('if [ $2 = "WPS-SUCCESS" -a -r %s ]; then kill `cat %s`; sleep 1; fi\n' % (pidfile, pidfile))
3899
3900 os.chmod(actionfile, stat.S_IREAD | stat.S_IWRITE | stat.S_IEXEC |
3901 stat.S_IRGRP | stat.S_IXGRP | stat.S_IROTH | stat.S_IXOTH)
3902
3903 ssid = "test-wps-conf"
3904 hapd = hostapd.add_ap(apdev[0],
3905 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
3906 "wpa_passphrase": "12345678", "wpa": "2",
3907 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
3908
3909 prg = os.path.join(test_params['logdir'],
3910 'alt-wpa_supplicant/wpa_supplicant/wpa_cli')
3911 if not os.path.exists(prg):
3912 prg = '../../wpa_supplicant/wpa_cli'
3913 arg = [prg, '-P', pidfile, '-B', '-i', dev[0].ifname, '-a', actionfile]
3914 subprocess.call(arg)
3915
3916 arg = ['ps', 'ax']
3917 cmd = subprocess.Popen(arg, stdout=subprocess.PIPE)
3918 out = cmd.communicate()[0].decode()
3919 cmd.wait()
3920 logger.debug("Processes:\n" + out)
3921 if "wpa_cli -P %s -B -i %s" % (pidfile, dev[0].ifname) not in out:
3922 raise Exception("Did not see wpa_cli running")
3923
3924 hapd.request("WPS_PIN any 12345670")
3925 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
3926 dev[0].dump_monitor()
3927 dev[0].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
3928 dev[0].wait_connected(timeout=30)
3929
3930 for i in range(30):
3931 if not os.path.exists(pidfile):
3932 break
3933 time.sleep(0.1)
3934
3935 if not os.path.exists(logfile):
3936 raise Exception("wpa_cli action results file not found")
3937 with open(logfile, 'r') as f:
3938 res = f.read()
3939 if "WPS-SUCCESS" not in res:
3940 raise Exception("WPS-SUCCESS event not seen in action file")
3941
3942 arg = ['ps', 'ax']
3943 cmd = subprocess.Popen(arg, stdout=subprocess.PIPE)
3944 out = cmd.communicate()[0].decode()
3945 cmd.wait()
3946 logger.debug("Remaining processes:\n" + out)
3947 if "wpa_cli -P %s -B -i %s" % (pidfile, dev[0].ifname) in out:
3948 raise Exception("wpa_cli still running")
3949
3950 if os.path.exists(pidfile):
3951 raise Exception("PID file not removed")
3952
3953 def test_ap_wps_er_ssdp_proto(dev, apdev):
3954 """WPS ER SSDP protocol testing"""
3955 try:
3956 _test_ap_wps_er_ssdp_proto(dev, apdev)
3957 finally:
3958 dev[0].request("WPS_ER_STOP")
3959
3960 def _test_ap_wps_er_ssdp_proto(dev, apdev):
3961 socket.setdefaulttimeout(1)
3962 sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
3963 sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
3964 sock.bind(("239.255.255.250", 1900))
3965 if "FAIL" not in dev[0].request("WPS_ER_START ifname=lo foo"):
3966 raise Exception("Invalid filter accepted")
3967 if "OK" not in dev[0].request("WPS_ER_START ifname=lo 1.2.3.4"):
3968 raise Exception("WPS_ER_START with filter failed")
3969 (msg, addr) = sock.recvfrom(1000)
3970 msg = msg.decode()
3971 logger.debug("Received SSDP message from %s: %s" % (str(addr), msg))
3972 if "M-SEARCH" not in msg:
3973 raise Exception("Not an M-SEARCH")
3974 sock.sendto(b"FOO", addr)
3975 time.sleep(0.1)
3976 dev[0].request("WPS_ER_STOP")
3977
3978 dev[0].request("WPS_ER_START ifname=lo")
3979 (msg, addr) = sock.recvfrom(1000)
3980 msg = msg.decode()
3981 logger.debug("Received SSDP message from %s: %s" % (str(addr), msg))
3982 if "M-SEARCH" not in msg:
3983 raise Exception("Not an M-SEARCH")
3984 sock.sendto(b"FOO", addr)
3985 sock.sendto(b"HTTP/1.1 200 OK\r\nFOO\r\n\r\n", addr)
3986 sock.sendto(b"HTTP/1.1 200 OK\r\nNTS:foo\r\n\r\n", addr)
3987 sock.sendto(b"HTTP/1.1 200 OK\r\nNTS:ssdp:byebye\r\n\r\n", addr)
3988 sock.sendto(b"HTTP/1.1 200 OK\r\ncache-control: foo=1\r\n\r\n", addr)
3989 sock.sendto(b"HTTP/1.1 200 OK\r\ncache-control: max-age=1\r\n\r\n", addr)
3990 sock.sendto(b"HTTP/1.1 200 OK\r\nusn:\r\n\r\n", addr)
3991 sock.sendto(b"HTTP/1.1 200 OK\r\nusn:foo\r\n\r\n", addr)
3992 sock.sendto(b"HTTP/1.1 200 OK\r\nusn: uuid:\r\n\r\n", addr)
3993 sock.sendto(b"HTTP/1.1 200 OK\r\nusn: uuid: \r\n\r\n", addr)
3994 sock.sendto(b"HTTP/1.1 200 OK\r\nusn: uuid: foo\r\n\r\n", addr)
3995 sock.sendto(b"HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\n\r\n", addr)
3996 sock.sendto(b"HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nNTS:ssdp:byebye\r\n\r\n", addr)
3997 sock.sendto(b"HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nlocation:foo\r\n\r\n", addr)
3998 with alloc_fail(dev[0], 1, "wps_er_ap_add"):
3999 sock.sendto(b"HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nlocation:foo\r\ncache-control:max-age=1\r\n\r\n", addr)
4000 time.sleep(0.1)
4001 with alloc_fail(dev[0], 2, "wps_er_ap_add"):
4002 sock.sendto(b"HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nlocation:foo\r\ncache-control:max-age=1\r\n\r\n", addr)
4003 time.sleep(0.1)
4004
4005 # Add an AP with bogus URL
4006 sock.sendto(b"HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nlocation:foo\r\ncache-control:max-age=1\r\n\r\n", addr)
4007 # Update timeout on AP without updating URL
4008 sock.sendto(b"HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nlocation:http://127.0.0.1:12345/foo.xml\r\ncache-control:max-age=1\r\n\r\n", addr)
4009 ev = dev[0].wait_event(["WPS-ER-AP-REMOVE"], timeout=5)
4010 if ev is None:
4011 raise Exception("No WPS-ER-AP-REMOVE event on max-age timeout")
4012
4013 # Add an AP with a valid URL (but no server listing to it)
4014 sock.sendto(b"HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nlocation:http://127.0.0.1:12345/foo.xml\r\ncache-control:max-age=1\r\n\r\n", addr)
4015 ev = dev[0].wait_event(["WPS-ER-AP-REMOVE"], timeout=5)
4016 if ev is None:
4017 raise Exception("No WPS-ER-AP-REMOVE event on max-age timeout")
4018
4019 sock.close()
4020
4021 wps_event_url = None
4022
4023 def gen_upnp_info(eventSubURL='wps_event', controlURL='wps_control',
4024 udn='uuid:27ea801a-9e5c-4e73-bd82-f89cbcd10d7e'):
4025 payload = '''<?xml version="1.0"?>
4026 <root xmlns="urn:schemas-upnp-org:device-1-0">
4027 <specVersion>
4028 <major>1</major>
4029 <minor>0</minor>
4030 </specVersion>
4031 <device>
4032 <deviceType>urn:schemas-wifialliance-org:device:WFADevice:1</deviceType>
4033 <friendlyName>WPS Access Point</friendlyName>
4034 <manufacturer>Company</manufacturer>
4035 <modelName>WAP</modelName>
4036 <modelNumber>123</modelNumber>
4037 <serialNumber>12345</serialNumber>
4038 '''
4039 if udn:
4040 payload += '<UDN>' + udn + '</UDN>'
4041 payload += '''<serviceList>
4042 <service>
4043 <serviceType>urn:schemas-wifialliance-org:service:WFAWLANConfig:1</serviceType>
4044 <serviceId>urn:wifialliance-org:serviceId:WFAWLANConfig1</serviceId>
4045 <SCPDURL>wps_scpd.xml</SCPDURL>
4046 '''
4047 if controlURL:
4048 payload += '<controlURL>' + controlURL + '</controlURL>\n'
4049 if eventSubURL:
4050 payload += '<eventSubURL>' + eventSubURL + '</eventSubURL>\n'
4051 payload += '''</service>
4052 </serviceList>
4053 </device>
4054 </root>
4055 '''
4056 hdr = 'HTTP/1.1 200 OK\r\n' + \
4057 'Content-Type: text/xml; charset="utf-8"\r\n' + \
4058 'Server: Unspecified, UPnP/1.0, Unspecified\r\n' + \
4059 'Connection: close\r\n' + \
4060 'Content-Length: ' + str(len(payload)) + '\r\n' + \
4061 'Date: Sat, 15 Aug 2015 18:55:08 GMT\r\n\r\n'
4062 return (hdr + payload).encode()
4063
4064 def gen_wps_control(payload_override=None):
4065 payload = '''<?xml version="1.0"?>
4066 <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
4067 <s:Body>
4068 <u:GetDeviceInfoResponse xmlns:u="urn:schemas-wifialliance-org:service:WFAWLANConfig:1">
4069 <NewDeviceInfo>EEoAARAQIgABBBBHABAn6oAanlxOc72C+Jy80Q1+ECAABgIAAAADABAaABCJZ7DPtbU3Ust9
4070 Z3wJF07WEDIAwH45D3i1OqB7eJGwTzqeapS71h3KyXncK2xJZ+xqScrlorNEg6LijBJzG2Ca
4071 +FZli0iliDJd397yAx/jk4nFXco3q5ylBSvSw9dhJ5u1xBKSnTilKGlUHPhLP75PUqM3fot9
4072 7zwtFZ4bx6x1sBA6oEe2d0aUJmLumQGCiKEIWlnxs44zego/2tAe81bDzdPBM7o5HH/FUhD+
4073 KoGzFXp51atP+1n9Vta6AkI0Vye99JKLcC6Md9dMJltSVBgd4Xc4lRAEAAIAIxAQAAIADRAN
4074 AAEBEAgAAgAEEEQAAQIQIQAHQ29tcGFueRAjAANXQVAQJAADMTIzEEIABTEyMzQ1EFQACAAG
4075 AFDyBAABEBEAC1dpcmVsZXNzIEFQEDwAAQEQAgACAAAQEgACAAAQCQACAAAQLQAEgQIDABBJ
4076 AAYANyoAASA=
4077 </NewDeviceInfo>
4078 </u:GetDeviceInfoResponse>
4079 </s:Body>
4080 </s:Envelope>
4081 '''
4082 if payload_override:
4083 payload = payload_override
4084 hdr = 'HTTP/1.1 200 OK\r\n' + \
4085 'Content-Type: text/xml; charset="utf-8"\r\n' + \
4086 'Server: Unspecified, UPnP/1.0, Unspecified\r\n' + \
4087 'Connection: close\r\n' + \
4088 'Content-Length: ' + str(len(payload)) + '\r\n' + \
4089 'Date: Sat, 15 Aug 2015 18:55:08 GMT\r\n\r\n'
4090 return (hdr + payload).encode()
4091
4092 def gen_wps_event(sid='uuid:7eb3342a-8a5f-47fe-a585-0785bfec6d8a'):
4093 payload = ""
4094 hdr = 'HTTP/1.1 200 OK\r\n' + \
4095 'Content-Type: text/xml; charset="utf-8"\r\n' + \
4096 'Server: Unspecified, UPnP/1.0, Unspecified\r\n' + \
4097 'Connection: close\r\n' + \
4098 'Content-Length: ' + str(len(payload)) + '\r\n'
4099 if sid:
4100 hdr += 'SID: ' + sid + '\r\n'
4101 hdr += 'Timeout: Second-1801\r\n' + \
4102 'Date: Sat, 15 Aug 2015 18:55:08 GMT\r\n\r\n'
4103 return (hdr + payload).encode()
4104
4105 class WPSAPHTTPServer(StreamRequestHandler):
4106 def handle(self):
4107 data = self.rfile.readline().decode().strip()
4108 logger.info("HTTP server received: " + data)
4109 while True:
4110 hdr = self.rfile.readline().decode().strip()
4111 if len(hdr) == 0:
4112 break
4113 logger.info("HTTP header: " + hdr)
4114 if "CALLBACK:" in hdr:
4115 global wps_event_url
4116 wps_event_url = hdr.split(' ')[1].strip('<>')
4117
4118 if "GET /foo.xml" in data:
4119 self.handle_upnp_info()
4120 elif "POST /wps_control" in data:
4121 self.handle_wps_control()
4122 elif "SUBSCRIBE /wps_event" in data:
4123 self.handle_wps_event()
4124 else:
4125 self.handle_others(data)
4126
4127 def handle_upnp_info(self):
4128 self.wfile.write(gen_upnp_info())
4129
4130 def handle_wps_control(self):
4131 self.wfile.write(gen_wps_control())
4132
4133 def handle_wps_event(self):
4134 self.wfile.write(gen_wps_event())
4135
4136 def handle_others(self, data):
4137 logger.info("Ignore HTTP request: " + data)
4138
4139 class MyTCPServer(TCPServer):
4140 def __init__(self, addr, handler):
4141 self.allow_reuse_address = True
4142 TCPServer.__init__(self, addr, handler)
4143
4144 def wps_er_start(dev, http_server, max_age=1, wait_m_search=False,
4145 location_url=None):
4146 socket.setdefaulttimeout(1)
4147 sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
4148 sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
4149 sock.bind(("239.255.255.250", 1900))
4150 dev.request("WPS_ER_START ifname=lo")
4151 for i in range(100):
4152 (msg, addr) = sock.recvfrom(1000)
4153 msg = msg.decode()
4154 logger.debug("Received SSDP message from %s: %s" % (str(addr), msg))
4155 if "M-SEARCH" in msg:
4156 break
4157 if not wait_m_search:
4158 raise Exception("Not an M-SEARCH")
4159 if i == 99:
4160 raise Exception("No M-SEARCH seen")
4161
4162 # Add an AP with a valid URL and server listing to it
4163 server = MyTCPServer(("127.0.0.1", 12345), http_server)
4164 if not location_url:
4165 location_url = 'http://127.0.0.1:12345/foo.xml'
4166 sock.sendto(("HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nlocation:%s\r\ncache-control:max-age=%d\r\n\r\n" % (location_url, max_age)).encode(), addr)
4167 server.timeout = 1
4168 return server, sock
4169
4170 def wps_er_stop(dev, sock, server, on_alloc_fail=False):
4171 sock.close()
4172 server.server_close()
4173
4174 if on_alloc_fail:
4175 done = False
4176 for i in range(50):
4177 res = dev.request("GET_ALLOC_FAIL")
4178 if res.startswith("0:"):
4179 done = True
4180 break
4181 time.sleep(0.1)
4182 if not done:
4183 raise Exception("No allocation failure reported")
4184 else:
4185 ev = dev.wait_event(["WPS-ER-AP-REMOVE"], timeout=5)
4186 if ev is None:
4187 raise Exception("No WPS-ER-AP-REMOVE event on max-age timeout")
4188 dev.request("WPS_ER_STOP")
4189
4190 def run_wps_er_proto_test(dev, handler, no_event_url=False, location_url=None):
4191 try:
4192 uuid = '27ea801a-9e5c-4e73-bd82-f89cbcd10d7e'
4193 server, sock = wps_er_start(dev, handler, location_url=location_url)
4194 global wps_event_url
4195 wps_event_url = None
4196 server.handle_request()
4197 server.handle_request()
4198 server.handle_request()
4199 server.server_close()
4200 if no_event_url:
4201 if wps_event_url:
4202 raise Exception("Received event URL unexpectedly")
4203 return
4204 if wps_event_url is None:
4205 raise Exception("Did not get event URL")
4206 logger.info("Event URL: " + wps_event_url)
4207 finally:
4208 dev.request("WPS_ER_STOP")
4209
4210 def send_wlanevent(url, uuid, data, no_response=False):
4211 conn = HTTPConnection(url.netloc)
4212 payload = '''<?xml version="1.0" encoding="utf-8"?>
4213 <e:propertyset xmlns:e="urn:schemas-upnp-org:event-1-0">
4214 <e:property><STAStatus>1</STAStatus></e:property>
4215 <e:property><APStatus>1</APStatus></e:property>
4216 <e:property><WLANEvent>'''
4217 payload += base64.b64encode(data).decode()
4218 payload += '</WLANEvent></e:property></e:propertyset>'
4219 headers = {"Content-type": 'text/xml; charset="utf-8"',
4220 "Server": "Unspecified, UPnP/1.0, Unspecified",
4221 "HOST": url.netloc,
4222 "NT": "upnp:event",
4223 "SID": "uuid:" + uuid,
4224 "SEQ": "0",
4225 "Content-Length": str(len(payload))}
4226 conn.request("NOTIFY", url.path, payload, headers)
4227 if no_response:
4228 try:
4229 conn.getresponse()
4230 except Exception as e:
4231 pass
4232 return
4233 resp = conn.getresponse()
4234 if resp.status != 200:
4235 raise Exception("Unexpected HTTP response: %d" % resp.status)
4236
4237 def test_ap_wps_er_http_proto(dev, apdev):
4238 """WPS ER HTTP protocol testing"""
4239 try:
4240 _test_ap_wps_er_http_proto(dev, apdev)
4241 finally:
4242 dev[0].request("WPS_ER_STOP")
4243
4244 def _test_ap_wps_er_http_proto(dev, apdev):
4245 uuid = '27ea801a-9e5c-4e73-bd82-f89cbcd10d7e'
4246 server, sock = wps_er_start(dev[0], WPSAPHTTPServer, max_age=15)
4247 global wps_event_url
4248 wps_event_url = None
4249 server.handle_request()
4250 server.handle_request()
4251 server.handle_request()
4252 server.server_close()
4253 if wps_event_url is None:
4254 raise Exception("Did not get event URL")
4255 logger.info("Event URL: " + wps_event_url)
4256
4257 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=10)
4258 if ev is None:
4259 raise Exception("No WPS-ER-AP-ADD event")
4260 if uuid not in ev:
4261 raise Exception("UUID mismatch")
4262
4263 sock.close()
4264
4265 logger.info("Valid Probe Request notification")
4266 url = urlparse(wps_event_url)
4267 conn = HTTPConnection(url.netloc)
4268 payload = '''<?xml version="1.0" encoding="utf-8"?>
4269 <e:propertyset xmlns:e="urn:schemas-upnp-org:event-1-0">
4270 <e:property><STAStatus>1</STAStatus></e:property>
4271 <e:property><APStatus>1</APStatus></e:property>
4272 <e:property><WLANEvent>ATAyOjAwOjAwOjAwOjAwOjAwEEoAARAQOgABAhAIAAIxSBBHABA2LbR7pTpRkYj7VFi5hrLk
4273 EFQACAAAAAAAAAAAEDwAAQMQAgACAAAQCQACAAAQEgACAAAQIQABIBAjAAEgECQAASAQEQAI
4274 RGV2aWNlIEEQSQAGADcqAAEg
4275 </WLANEvent></e:property>
4276 </e:propertyset>
4277 '''
4278 headers = {"Content-type": 'text/xml; charset="utf-8"',
4279 "Server": "Unspecified, UPnP/1.0, Unspecified",
4280 "HOST": url.netloc,
4281 "NT": "upnp:event",
4282 "SID": "uuid:" + uuid,
4283 "SEQ": "0",
4284 "Content-Length": str(len(payload))}
4285 conn.request("NOTIFY", url.path, payload, headers)
4286 resp = conn.getresponse()
4287 if resp.status != 200:
4288 raise Exception("Unexpected HTTP response: %d" % resp.status)
4289
4290 ev = dev[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout=5)
4291 if ev is None:
4292 raise Exception("No WPS-ER-ENROLLEE-ADD event")
4293 if "362db47b-a53a-5191-88fb-5458b986b2e4" not in ev:
4294 raise Exception("No Enrollee UUID match")
4295
4296 logger.info("Incorrect event URL AP id")
4297 conn = HTTPConnection(url.netloc)
4298 conn.request("NOTIFY", url.path + '123', payload, headers)
4299 resp = conn.getresponse()
4300 if resp.status != 404:
4301 raise Exception("Unexpected HTTP response: %d" % resp.status)
4302
4303 logger.info("Missing AP id")
4304 conn = HTTPConnection(url.netloc)
4305 conn.request("NOTIFY", '/event/' + url.path.split('/')[2],
4306 payload, headers)
4307 time.sleep(0.1)
4308
4309 logger.info("Incorrect event URL event id")
4310 conn = HTTPConnection(url.netloc)
4311 conn.request("NOTIFY", '/event/123456789/123', payload, headers)
4312 time.sleep(0.1)
4313
4314 logger.info("Incorrect event URL prefix")
4315 conn = HTTPConnection(url.netloc)
4316 conn.request("NOTIFY", '/foobar/123456789/123', payload, headers)
4317 resp = conn.getresponse()
4318 if resp.status != 404:
4319 raise Exception("Unexpected HTTP response: %d" % resp.status)
4320
4321 logger.info("Unsupported request")
4322 conn = HTTPConnection(url.netloc)
4323 conn.request("FOOBAR", '/foobar/123456789/123', payload, headers)
4324 resp = conn.getresponse()
4325 if resp.status != 501:
4326 raise Exception("Unexpected HTTP response: %d" % resp.status)
4327
4328 logger.info("Unsupported request and OOM")
4329 with alloc_fail(dev[0], 1, "wps_er_http_req"):
4330 conn = HTTPConnection(url.netloc)
4331 conn.request("FOOBAR", '/foobar/123456789/123', payload, headers)
4332 time.sleep(0.5)
4333
4334 logger.info("Too short WLANEvent")
4335 data = b'\x00'
4336 send_wlanevent(url, uuid, data)
4337
4338 logger.info("Invalid WLANEventMAC")
4339 data = b'\x00qwertyuiopasdfghjklzxcvbnm'
4340 send_wlanevent(url, uuid, data)
4341
4342 logger.info("Unknown WLANEventType")
4343 data = b'\xff02:00:00:00:00:00'
4344 send_wlanevent(url, uuid, data)
4345
4346 logger.info("Probe Request notification without any attributes")
4347 data = b'\x0102:00:00:00:00:00'
4348 send_wlanevent(url, uuid, data)
4349
4350 logger.info("Probe Request notification with invalid attribute")
4351 data = b'\x0102:00:00:00:00:00\xff'
4352 send_wlanevent(url, uuid, data)
4353
4354 logger.info("EAP message without any attributes")
4355 data = b'\x0202:00:00:00:00:00'
4356 send_wlanevent(url, uuid, data)
4357
4358 logger.info("EAP message with invalid attribute")
4359 data = b'\x0202:00:00:00:00:00\xff'
4360 send_wlanevent(url, uuid, data)
4361
4362 logger.info("EAP message from new STA and not M1")
4363 data = b'\x0202:ff:ff:ff:ff:ff' + b'\x10\x22\x00\x01\x05'
4364 send_wlanevent(url, uuid, data)
4365
4366 logger.info("EAP message: M1")
4367 data = b'\x0202:00:00:00:00:00'
4368 data += b'\x10\x22\x00\x01\x04'
4369 data += b'\x10\x47\x00\x10' + 16 * b'\x00'
4370 data += b'\x10\x20\x00\x06\x02\x00\x00\x00\x00\x00'
4371 data += b'\x10\x1a\x00\x10' + 16 * b'\x00'
4372 data += b'\x10\x32\x00\xc0' + 192 * b'\x00'
4373 data += b'\x10\x04\x00\x02\x00\x00'
4374 data += b'\x10\x10\x00\x02\x00\x00'
4375 data += b'\x10\x0d\x00\x01\x00'
4376 data += b'\x10\x08\x00\x02\x00\x00'
4377 data += b'\x10\x44\x00\x01\x00'
4378 data += b'\x10\x21\x00\x00'
4379 data += b'\x10\x23\x00\x00'
4380 data += b'\x10\x24\x00\x00'
4381 data += b'\x10\x42\x00\x00'
4382 data += b'\x10\x54\x00\x08' + 8 * b'\x00'
4383 data += b'\x10\x11\x00\x00'
4384 data += b'\x10\x3c\x00\x01\x00'
4385 data += b'\x10\x02\x00\x02\x00\x00'
4386 data += b'\x10\x12\x00\x02\x00\x00'
4387 data += b'\x10\x09\x00\x02\x00\x00'
4388 data += b'\x10\x2d\x00\x04\x00\x00\x00\x00'
4389 m1 = data
4390 send_wlanevent(url, uuid, data)
4391
4392 logger.info("EAP message: WSC_ACK")
4393 data = b'\x0202:00:00:00:00:00' + b'\x10\x22\x00\x01\x0d'
4394 send_wlanevent(url, uuid, data)
4395
4396 logger.info("EAP message: M1")
4397 send_wlanevent(url, uuid, m1)
4398
4399 logger.info("EAP message: WSC_NACK")
4400 data = b'\x0202:00:00:00:00:00' + b'\x10\x22\x00\x01\x0e'
4401 send_wlanevent(url, uuid, data)
4402
4403 logger.info("EAP message: M1 - Too long attribute values")
4404 data = b'\x0202:00:00:00:00:00'
4405 data += b'\x10\x11\x00\x21' + 33 * b'\x00'
4406 data += b'\x10\x45\x00\x21' + 33 * b'\x00'
4407 data += b'\x10\x42\x00\x21' + 33 * b'\x00'
4408 data += b'\x10\x24\x00\x21' + 33 * b'\x00'
4409 data += b'\x10\x23\x00\x21' + 33 * b'\x00'
4410 data += b'\x10\x21\x00\x41' + 65 * b'\x00'
4411 data += b'\x10\x49\x00\x09\x00\x37\x2a\x05\x02\x00\x00\x05\x00'
4412 send_wlanevent(url, uuid, data)
4413
4414 logger.info("EAP message: M1 missing UUID-E")
4415 data = b'\x0202:00:00:00:00:00'
4416 data += b'\x10\x22\x00\x01\x04'
4417 send_wlanevent(url, uuid, data)
4418
4419 logger.info("EAP message: M1 missing MAC Address")
4420 data += b'\x10\x47\x00\x10' + 16 * b'\x00'
4421 send_wlanevent(url, uuid, data)
4422
4423 logger.info("EAP message: M1 missing Enrollee Nonce")
4424 data += b'\x10\x20\x00\x06\x02\x00\x00\x00\x00\x00'
4425 send_wlanevent(url, uuid, data)
4426
4427 logger.info("EAP message: M1 missing Public Key")
4428 data += b'\x10\x1a\x00\x10' + 16 * b'\x00'
4429 send_wlanevent(url, uuid, data)
4430
4431 logger.info("EAP message: M1 missing Authentication Type flags")
4432 data += b'\x10\x32\x00\xc0' + 192 * b'\x00'
4433 send_wlanevent(url, uuid, data)
4434
4435 logger.info("EAP message: M1 missing Encryption Type Flags")
4436 data += b'\x10\x04\x00\x02\x00\x00'
4437 send_wlanevent(url, uuid, data)
4438
4439 logger.info("EAP message: M1 missing Connection Type flags")
4440 data += b'\x10\x10\x00\x02\x00\x00'
4441 send_wlanevent(url, uuid, data)
4442
4443 logger.info("EAP message: M1 missing Config Methods")
4444 data += b'\x10\x0d\x00\x01\x00'
4445 send_wlanevent(url, uuid, data)
4446
4447 logger.info("EAP message: M1 missing Wi-Fi Protected Setup State")
4448 data += b'\x10\x08\x00\x02\x00\x00'
4449 send_wlanevent(url, uuid, data)
4450
4451 logger.info("EAP message: M1 missing Manufacturer")
4452 data += b'\x10\x44\x00\x01\x00'
4453 send_wlanevent(url, uuid, data)
4454
4455 logger.info("EAP message: M1 missing Model Name")
4456 data += b'\x10\x21\x00\x00'
4457 send_wlanevent(url, uuid, data)
4458
4459 logger.info("EAP message: M1 missing Model Number")
4460 data += b'\x10\x23\x00\x00'
4461 send_wlanevent(url, uuid, data)
4462
4463 logger.info("EAP message: M1 missing Serial Number")
4464 data += b'\x10\x24\x00\x00'
4465 send_wlanevent(url, uuid, data)
4466
4467 logger.info("EAP message: M1 missing Primary Device Type")
4468 data += b'\x10\x42\x00\x00'
4469 send_wlanevent(url, uuid, data)
4470
4471 logger.info("EAP message: M1 missing Device Name")
4472 data += b'\x10\x54\x00\x08' + 8 * b'\x00'
4473 send_wlanevent(url, uuid, data)
4474
4475 logger.info("EAP message: M1 missing RF Bands")
4476 data += b'\x10\x11\x00\x00'
4477 send_wlanevent(url, uuid, data)
4478
4479 logger.info("EAP message: M1 missing Association State")
4480 data += b'\x10\x3c\x00\x01\x00'
4481 send_wlanevent(url, uuid, data)
4482
4483 logger.info("EAP message: M1 missing Device Password ID")
4484 data += b'\x10\x02\x00\x02\x00\x00'
4485 send_wlanevent(url, uuid, data)
4486
4487 logger.info("EAP message: M1 missing Configuration Error")
4488 data += b'\x10\x12\x00\x02\x00\x00'
4489 send_wlanevent(url, uuid, data)
4490
4491 logger.info("EAP message: M1 missing OS Version")
4492 data += b'\x10\x09\x00\x02\x00\x00'
4493 send_wlanevent(url, uuid, data)
4494
4495 logger.info("Check max concurrent requests")
4496 addr = (url.hostname, url.port)
4497 socks = {}
4498 for i in range(20):
4499 socks[i] = socket.socket(socket.AF_INET, socket.SOCK_STREAM,
4500 socket.IPPROTO_TCP)
4501 socks[i].settimeout(10)
4502 socks[i].connect(addr)
4503 for i in range(20):
4504 socks[i].send(b"GET / HTTP/1.1\r\n\r\n")
4505 count = 0
4506 for i in range(20):
4507 try:
4508 res = socks[i].recv(100).decode()
4509 if "HTTP/1" in res:
4510 count += 1
4511 else:
4512 logger.info("recv[%d]: len=%d" % (i, len(res)))
4513 except:
4514 pass
4515 socks[i].close()
4516 logger.info("%d concurrent HTTP GET operations returned response" % count)
4517 if count < 8:
4518 raise Exception("Too few concurrent HTTP connections accepted")
4519
4520 logger.info("OOM in HTTP server")
4521 for func in ["http_request_init", "httpread_create",
4522 "eloop_register_timeout;httpread_create",
4523 "eloop_sock_table_add_sock;?eloop_register_sock;httpread_create",
4524 "httpread_hdr_analyze"]:
4525 with alloc_fail(dev[0], 1, func):
4526 sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM,
4527 socket.IPPROTO_TCP)
4528 sock.connect(addr)
4529 sock.send(b"GET / HTTP/1.1\r\n\r\n")
4530 try:
4531 sock.recv(100)
4532 except:
4533 pass
4534 sock.close()
4535
4536 logger.info("Invalid HTTP header")
4537 for req in [" GET / HTTP/1.1\r\n\r\n",
4538 "HTTP/1.1 200 OK\r\n\r\n",
4539 "HTTP/\r\n\r\n",
4540 "GET %%a%aa% HTTP/1.1\r\n\r\n",
4541 "GET / HTTP/1.1\r\n FOO\r\n\r\n",
4542 "NOTIFY / HTTP/1.1\r\n" + 4097*'a' + '\r\n\r\n',
4543 "NOTIFY / HTTP/1.1\r\n\r\n" + 8193*'a',
4544 "POST / HTTP/1.1\r\nTransfer-Encoding: CHUNKED\r\n\r\n foo\r\n",
4545 "POST / HTTP/1.1\r\nTransfer-Encoding: CHUNKED\r\n\r\n1\r\nfoo\r\n",
4546 "POST / HTTP/1.1\r\nTransfer-Encoding: CHUNKED\r\n\r\n0\r\n",
4547 "POST / HTTP/1.1\r\nTransfer-Encoding: CHUNKED\r\n\r\n0\r\naa\ra\r\n\ra"]:
4548 sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM,
4549 socket.IPPROTO_TCP)
4550 sock.settimeout(0.1)
4551 sock.connect(addr)
4552 sock.send(req.encode())
4553 try:
4554 sock.recv(100)
4555 except:
4556 pass
4557 sock.close()
4558
4559 with alloc_fail(dev[0], 2, "httpread_read_handler"):
4560 sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM,
4561 socket.IPPROTO_TCP)
4562 sock.connect(addr)
4563 sock.send(b"NOTIFY / HTTP/1.1\r\n\r\n" + 4500 * b'a')
4564 try:
4565 sock.recv(100)
4566 except:
4567 pass
4568 sock.close()
4569
4570 conn = HTTPConnection(url.netloc)
4571 payload = '<foo'
4572 headers = {"Content-type": 'text/xml; charset="utf-8"',
4573 "Server": "Unspecified, UPnP/1.0, Unspecified",
4574 "HOST": url.netloc,
4575 "NT": "upnp:event",
4576 "SID": "uuid:" + uuid,
4577 "SEQ": "0",
4578 "Content-Length": str(len(payload))}
4579 conn.request("NOTIFY", url.path, payload, headers)
4580 resp = conn.getresponse()
4581 if resp.status != 200:
4582 raise Exception("Unexpected HTTP response: %d" % resp.status)
4583
4584 conn = HTTPConnection(url.netloc)
4585 payload = '<WLANEvent foo></WLANEvent>'
4586 headers = {"Content-type": 'text/xml; charset="utf-8"',
4587 "Server": "Unspecified, UPnP/1.0, Unspecified",
4588 "HOST": url.netloc,
4589 "NT": "upnp:event",
4590 "SID": "uuid:" + uuid,
4591 "SEQ": "0",
4592 "Content-Length": str(len(payload))}
4593 conn.request("NOTIFY", url.path, payload, headers)
4594 resp = conn.getresponse()
4595 if resp.status != 200:
4596 raise Exception("Unexpected HTTP response: %d" % resp.status)
4597
4598 with alloc_fail(dev[0], 1, "xml_get_first_item"):
4599 send_wlanevent(url, uuid, b'')
4600
4601 with alloc_fail(dev[0], 1, "wpabuf_alloc_ext_data;xml_get_base64_item"):
4602 send_wlanevent(url, uuid, b'foo')
4603
4604 for func in ["wps_init",
4605 "wps_process_manufacturer",
4606 "wps_process_model_name",
4607 "wps_process_model_number",
4608 "wps_process_serial_number",
4609 "wps_process_dev_name"]:
4610 with alloc_fail(dev[0], 1, func):
4611 send_wlanevent(url, uuid, m1)
4612
4613 with alloc_fail(dev[0], 1, "wps_er_http_resp_ok"):
4614 send_wlanevent(url, uuid, m1, no_response=True)
4615
4616 with alloc_fail(dev[0], 1, "wps_er_http_resp_not_found"):
4617 url2 = urlparse(wps_event_url.replace('/event/', '/notfound/'))
4618 send_wlanevent(url2, uuid, m1, no_response=True)
4619
4620 logger.info("EAP message: M1")
4621 data = b'\x0202:11:22:00:00:00'
4622 data += b'\x10\x22\x00\x01\x04'
4623 data += b'\x10\x47\x00\x10' + 16 * b'\x00'
4624 data += b'\x10\x20\x00\x06\x02\x00\x00\x00\x00\x00'
4625 data += b'\x10\x1a\x00\x10' + 16 * b'\x00'
4626 data += b'\x10\x32\x00\xc0' + 192 * b'\x00'
4627 data += b'\x10\x04\x00\x02\x00\x00'
4628 data += b'\x10\x10\x00\x02\x00\x00'
4629 data += b'\x10\x0d\x00\x01\x00'
4630 data += b'\x10\x08\x00\x02\x00\x00'
4631 data += b'\x10\x44\x00\x01\x00'
4632 data += b'\x10\x21\x00\x00'
4633 data += b'\x10\x23\x00\x00'
4634 data += b'\x10\x24\x00\x00'
4635 data += b'\x10\x42\x00\x00'
4636 data += b'\x10\x54\x00\x08' + 8 * b'\x00'
4637 data += b'\x10\x11\x00\x00'
4638 data += b'\x10\x3c\x00\x01\x00'
4639 data += b'\x10\x02\x00\x02\x00\x00'
4640 data += b'\x10\x12\x00\x02\x00\x00'
4641 data += b'\x10\x09\x00\x02\x00\x00'
4642 data += b'\x10\x2d\x00\x04\x00\x00\x00\x00'
4643 dev[0].dump_monitor()
4644 with alloc_fail(dev[0], 1, "wps_er_add_sta_data"):
4645 send_wlanevent(url, uuid, data)
4646 ev = dev[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout=0.1)
4647 if ev is not None:
4648 raise Exception("Unexpected enrollee add event")
4649 send_wlanevent(url, uuid, data)
4650 ev = dev[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout=2)
4651 if ev is None:
4652 raise Exception("Enrollee add event not seen")
4653
4654 with alloc_fail(dev[0], 1,
4655 "base64_gen_encode;?base64_encode;wps_er_soap_hdr"):
4656 send_wlanevent(url, uuid, data)
4657
4658 with alloc_fail(dev[0], 1, "wpabuf_alloc;wps_er_soap_hdr"):
4659 send_wlanevent(url, uuid, data)
4660
4661 with alloc_fail(dev[0], 1, "http_client_url_parse;wps_er_sta_send_msg"):
4662 send_wlanevent(url, uuid, data)
4663
4664 with alloc_fail(dev[0], 1, "http_client_addr;wps_er_sta_send_msg"):
4665 send_wlanevent(url, uuid, data)
4666
4667 def test_ap_wps_er_http_proto_no_event_sub_url(dev, apdev):
4668 """WPS ER HTTP protocol testing - no eventSubURL"""
4669 class WPSAPHTTPServer_no_event_sub_url(WPSAPHTTPServer):
4670 def handle_upnp_info(self):
4671 self.wfile.write(gen_upnp_info(eventSubURL=None))
4672 run_wps_er_proto_test(dev[0], WPSAPHTTPServer_no_event_sub_url,
4673 no_event_url=True)
4674
4675 def test_ap_wps_er_http_proto_event_sub_url_dns(dev, apdev):
4676 """WPS ER HTTP protocol testing - DNS name in eventSubURL"""
4677 class WPSAPHTTPServer_event_sub_url_dns(WPSAPHTTPServer):
4678 def handle_upnp_info(self):
4679 self.wfile.write(gen_upnp_info(eventSubURL='http://example.com/wps_event'))
4680 run_wps_er_proto_test(dev[0], WPSAPHTTPServer_event_sub_url_dns,
4681 no_event_url=True)
4682
4683 def test_ap_wps_er_http_proto_subscribe_oom(dev, apdev):
4684 """WPS ER HTTP protocol testing - subscribe OOM"""
4685 try:
4686 _test_ap_wps_er_http_proto_subscribe_oom(dev, apdev)
4687 finally:
4688 dev[0].request("WPS_ER_STOP")
4689
4690 def _test_ap_wps_er_http_proto_subscribe_oom(dev, apdev):
4691 tests = [(1, "http_client_url_parse"),
4692 (1, "wpabuf_alloc;wps_er_subscribe"),
4693 (1, "http_client_addr"),
4694 (1, "eloop_sock_table_add_sock;?eloop_register_sock;http_client_addr"),
4695 (1, "eloop_register_timeout;http_client_addr")]
4696 for count, func in tests:
4697 with alloc_fail(dev[0], count, func):
4698 server, sock = wps_er_start(dev[0], WPSAPHTTPServer)
4699 server.handle_request()
4700 server.handle_request()
4701 wps_er_stop(dev[0], sock, server, on_alloc_fail=True)
4702
4703 def test_ap_wps_er_http_proto_no_sid(dev, apdev):
4704 """WPS ER HTTP protocol testing - no SID"""
4705 class WPSAPHTTPServer_no_sid(WPSAPHTTPServer):
4706 def handle_wps_event(self):
4707 self.wfile.write(gen_wps_event(sid=None))
4708 run_wps_er_proto_test(dev[0], WPSAPHTTPServer_no_sid)
4709
4710 def test_ap_wps_er_http_proto_invalid_sid_no_uuid(dev, apdev):
4711 """WPS ER HTTP protocol testing - invalid SID - no UUID"""
4712 class WPSAPHTTPServer_invalid_sid_no_uuid(WPSAPHTTPServer):
4713 def handle_wps_event(self):
4714 self.wfile.write(gen_wps_event(sid='FOO'))
4715 run_wps_er_proto_test(dev[0], WPSAPHTTPServer_invalid_sid_no_uuid)
4716
4717 def test_ap_wps_er_http_proto_invalid_sid_uuid(dev, apdev):
4718 """WPS ER HTTP protocol testing - invalid SID UUID"""
4719 class WPSAPHTTPServer_invalid_sid_uuid(WPSAPHTTPServer):
4720 def handle_wps_event(self):
4721 self.wfile.write(gen_wps_event(sid='uuid:FOO'))
4722 run_wps_er_proto_test(dev[0], WPSAPHTTPServer_invalid_sid_uuid)
4723
4724 def test_ap_wps_er_http_proto_subscribe_failing(dev, apdev):
4725 """WPS ER HTTP protocol testing - SUBSCRIBE failing"""
4726 class WPSAPHTTPServer_fail_subscribe(WPSAPHTTPServer):
4727 def handle_wps_event(self):
4728 payload = ""
4729 hdr = 'HTTP/1.1 404 Not Found\r\n' + \
4730 'Content-Type: text/xml; charset="utf-8"\r\n' + \
4731 'Server: Unspecified, UPnP/1.0, Unspecified\r\n' + \
4732 'Connection: close\r\n' + \
4733 'Content-Length: ' + str(len(payload)) + '\r\n' + \
4734 'Timeout: Second-1801\r\n' + \
4735 'Date: Sat, 15 Aug 2015 18:55:08 GMT\r\n\r\n'
4736 self.wfile.write((hdr + payload).encode())
4737 run_wps_er_proto_test(dev[0], WPSAPHTTPServer_fail_subscribe)
4738
4739 def test_ap_wps_er_http_proto_subscribe_invalid_response(dev, apdev):
4740 """WPS ER HTTP protocol testing - SUBSCRIBE and invalid response"""
4741 class WPSAPHTTPServer_subscribe_invalid_response(WPSAPHTTPServer):
4742 def handle_wps_event(self):
4743 payload = ""
4744 hdr = 'HTTP/1.1 FOO\r\n' + \
4745 'Content-Type: text/xml; charset="utf-8"\r\n' + \
4746 'Server: Unspecified, UPnP/1.0, Unspecified\r\n' + \
4747 'Connection: close\r\n' + \
4748 'Content-Length: ' + str(len(payload)) + '\r\n' + \
4749 'Timeout: Second-1801\r\n' + \
4750 'Date: Sat, 15 Aug 2015 18:55:08 GMT\r\n\r\n'
4751 self.wfile.write((hdr + payload).encode())
4752 run_wps_er_proto_test(dev[0], WPSAPHTTPServer_subscribe_invalid_response)
4753
4754 def test_ap_wps_er_http_proto_subscribe_invalid_response(dev, apdev):
4755 """WPS ER HTTP protocol testing - SUBSCRIBE and invalid response"""
4756 class WPSAPHTTPServer_invalid_m1(WPSAPHTTPServer):
4757 def handle_wps_control(self):
4758 payload = '''<?xml version="1.0"?>
4759 <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
4760 <s:Body>
4761 <u:GetDeviceInfoResponse xmlns:u="urn:schemas-wifialliance-org:service:WFAWLANConfig:1">
4762 <NewDeviceInfo>Rk9P</NewDeviceInfo>
4763 </u:GetDeviceInfoResponse>
4764 </s:Body>
4765 </s:Envelope>
4766 '''
4767 self.wfile.write(gen_wps_control(payload_override=payload))
4768 run_wps_er_proto_test(dev[0], WPSAPHTTPServer_invalid_m1, no_event_url=True)
4769
4770 def test_ap_wps_er_http_proto_upnp_info_no_device(dev, apdev):
4771 """WPS ER HTTP protocol testing - No device in UPnP info"""
4772 class WPSAPHTTPServer_no_device(WPSAPHTTPServer):
4773 def handle_upnp_info(self):
4774 payload = '''<?xml version="1.0"?>
4775 <root xmlns="urn:schemas-upnp-org:device-1-0">
4776 <specVersion>
4777 <major>1</major>
4778 <minor>0</minor>
4779 </specVersion>
4780 </root>
4781 '''
4782 hdr = 'HTTP/1.1 200 OK\r\n' + \
4783 'Content-Type: text/xml; charset="utf-8"\r\n' + \
4784 'Server: Unspecified, UPnP/1.0, Unspecified\r\n' + \
4785 'Connection: close\r\n' + \
4786 'Content-Length: ' + str(len(payload)) + '\r\n' + \
4787 'Date: Sat, 15 Aug 2015 18:55:08 GMT\r\n\r\n'
4788 self.wfile.write((hdr + payload).encode())
4789 run_wps_er_proto_test(dev[0], WPSAPHTTPServer_no_device, no_event_url=True)
4790
4791 def test_ap_wps_er_http_proto_upnp_info_no_device_type(dev, apdev):
4792 """WPS ER HTTP protocol testing - No deviceType in UPnP info"""
4793 class WPSAPHTTPServer_no_device(WPSAPHTTPServer):
4794 def handle_upnp_info(self):
4795 payload = '''<?xml version="1.0"?>
4796 <root xmlns="urn:schemas-upnp-org:device-1-0">
4797 <specVersion>
4798 <major>1</major>
4799 <minor>0</minor>
4800 </specVersion>
4801 <device>
4802 </device>
4803 </root>
4804 '''
4805 hdr = 'HTTP/1.1 200 OK\r\n' + \
4806 'Content-Type: text/xml; charset="utf-8"\r\n' + \
4807 'Server: Unspecified, UPnP/1.0, Unspecified\r\n' + \
4808 'Connection: close\r\n' + \
4809 'Content-Length: ' + str(len(payload)) + '\r\n' + \
4810 'Date: Sat, 15 Aug 2015 18:55:08 GMT\r\n\r\n'
4811 self.wfile.write((hdr + payload).encode())
4812 run_wps_er_proto_test(dev[0], WPSAPHTTPServer_no_device, no_event_url=True)
4813
4814 def test_ap_wps_er_http_proto_upnp_info_invalid_udn_uuid(dev, apdev):
4815 """WPS ER HTTP protocol testing - Invalid UDN UUID"""
4816 class WPSAPHTTPServer_invalid_udn_uuid(WPSAPHTTPServer):
4817 def handle_upnp_info(self):
4818 self.wfile.write(gen_upnp_info(udn='uuid:foo'))
4819 run_wps_er_proto_test(dev[0], WPSAPHTTPServer_invalid_udn_uuid)
4820
4821 def test_ap_wps_er_http_proto_no_control_url(dev, apdev):
4822 """WPS ER HTTP protocol testing - no controlURL"""
4823 class WPSAPHTTPServer_no_control_url(WPSAPHTTPServer):
4824 def handle_upnp_info(self):
4825 self.wfile.write(gen_upnp_info(controlURL=None))
4826 run_wps_er_proto_test(dev[0], WPSAPHTTPServer_no_control_url,
4827 no_event_url=True)
4828
4829 def test_ap_wps_er_http_proto_control_url_dns(dev, apdev):
4830 """WPS ER HTTP protocol testing - DNS name in controlURL"""
4831 class WPSAPHTTPServer_control_url_dns(WPSAPHTTPServer):
4832 def handle_upnp_info(self):
4833 self.wfile.write(gen_upnp_info(controlURL='http://example.com/wps_control'))
4834 run_wps_er_proto_test(dev[0], WPSAPHTTPServer_control_url_dns,
4835 no_event_url=True)
4836
4837 def test_ap_wps_http_timeout(dev, apdev):
4838 """WPS AP/ER and HTTP timeout"""
4839 try:
4840 _test_ap_wps_http_timeout(dev, apdev)
4841 finally:
4842 dev[0].request("WPS_ER_STOP")
4843
4844 def _test_ap_wps_http_timeout(dev, apdev):
4845 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
4846 add_ssdp_ap(apdev[0], ap_uuid)
4847
4848 location = ssdp_get_location(ap_uuid)
4849 url = urlparse(location)
4850 addr = (url.hostname, url.port)
4851 logger.debug("Open HTTP connection to hostapd, but do not complete request")
4852 sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM,
4853 socket.IPPROTO_TCP)
4854 sock.connect(addr)
4855 sock.send(b"G")
4856
4857 class DummyServer(StreamRequestHandler):
4858 def handle(self):
4859 logger.debug("DummyServer - start 31 sec wait")
4860 time.sleep(31)
4861 logger.debug("DummyServer - wait done")
4862
4863 logger.debug("Start WPS ER")
4864 server, sock2 = wps_er_start(dev[0], DummyServer, max_age=40,
4865 wait_m_search=True)
4866
4867 logger.debug("Start server to accept, but not complete, HTTP connection from WPS ER")
4868 # This will wait for 31 seconds..
4869 server.handle_request()
4870
4871 logger.debug("Complete HTTP connection with hostapd (that should have already closed the connection)")
4872 try:
4873 sock.send("ET / HTTP/1.1\r\n\r\n")
4874 res = sock.recv(100)
4875 sock.close()
4876 except:
4877 pass
4878
4879 def test_ap_wps_er_url_parse(dev, apdev):
4880 """WPS ER and URL parsing special cases"""
4881 try:
4882 _test_ap_wps_er_url_parse(dev, apdev)
4883 finally:
4884 dev[0].request("WPS_ER_STOP")
4885
4886 def _test_ap_wps_er_url_parse(dev, apdev):
4887 sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
4888 sock.settimeout(1)
4889 sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
4890 sock.bind(("239.255.255.250", 1900))
4891 dev[0].request("WPS_ER_START ifname=lo")
4892 (msg, addr) = sock.recvfrom(1000)
4893 msg = msg.decode()
4894 logger.debug("Received SSDP message from %s: %s" % (str(addr), msg))
4895 if "M-SEARCH" not in msg:
4896 raise Exception("Not an M-SEARCH")
4897 sock.sendto(b"HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nlocation:http://127.0.0.1\r\ncache-control:max-age=1\r\n\r\n", addr)
4898 ev = dev[0].wait_event(["WPS-ER-AP-REMOVE"], timeout=2)
4899 sock.sendto(b"HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nlocation:http://127.0.0.1/:foo\r\ncache-control:max-age=1\r\n\r\n", addr)
4900 ev = dev[0].wait_event(["WPS-ER-AP-REMOVE"], timeout=2)
4901 sock.sendto(b"HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nlocation:http://255.255.255.255:0/foo.xml\r\ncache-control:max-age=1\r\n\r\n", addr)
4902 ev = dev[0].wait_event(["WPS-ER-AP-REMOVE"], timeout=2)
4903
4904 sock.close()
4905
4906 def test_ap_wps_er_link_update(dev, apdev):
4907 """WPS ER and link update special cases"""
4908 class WPSAPHTTPServer_link_update(WPSAPHTTPServer):
4909 def handle_upnp_info(self):
4910 self.wfile.write(gen_upnp_info(controlURL='/wps_control'))
4911 run_wps_er_proto_test(dev[0], WPSAPHTTPServer_link_update)
4912
4913 class WPSAPHTTPServer_link_update2(WPSAPHTTPServer):
4914 def handle_others(self, data):
4915 if "GET / " in data:
4916 self.wfile.write(gen_upnp_info(controlURL='/wps_control'))
4917 run_wps_er_proto_test(dev[0], WPSAPHTTPServer_link_update2,
4918 location_url='http://127.0.0.1:12345')
4919
4920 def test_ap_wps_er_http_client(dev, apdev):
4921 """WPS ER and HTTP client special cases"""
4922 with alloc_fail(dev[0], 1, "http_link_update"):
4923 run_wps_er_proto_test(dev[0], WPSAPHTTPServer)
4924
4925 with alloc_fail(dev[0], 1, "wpabuf_alloc;http_client_url"):
4926 run_wps_er_proto_test(dev[0], WPSAPHTTPServer, no_event_url=True)
4927
4928 with alloc_fail(dev[0], 1, "httpread_create;http_client_tx_ready"):
4929 run_wps_er_proto_test(dev[0], WPSAPHTTPServer, no_event_url=True)
4930
4931 class WPSAPHTTPServer_req_as_resp(WPSAPHTTPServer):
4932 def handle_upnp_info(self):
4933 self.wfile.write(b"GET / HTTP/1.1\r\n\r\n")
4934 run_wps_er_proto_test(dev[0], WPSAPHTTPServer_req_as_resp,
4935 no_event_url=True)
4936
4937 def test_ap_wps_init_oom(dev, apdev):
4938 """wps_init OOM cases"""
4939 ssid = "test-wps"
4940 appin = "12345670"
4941 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
4942 "ap_pin": appin}
4943 hapd = hostapd.add_ap(apdev[0], params)
4944 pin = dev[0].wps_read_pin()
4945
4946 with alloc_fail(hapd, 1, "wps_init"):
4947 hapd.request("WPS_PIN any " + pin)
4948 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
4949 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
4950 ev = hapd.wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
4951 if ev is None:
4952 raise Exception("No EAP failure reported")
4953 dev[0].request("WPS_CANCEL")
4954
4955 with alloc_fail(dev[0], 2, "wps_init"):
4956 hapd.request("WPS_PIN any " + pin)
4957 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
4958 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
4959 ev = hapd.wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
4960 if ev is None:
4961 raise Exception("No EAP failure reported")
4962 dev[0].request("WPS_CANCEL")
4963
4964 with alloc_fail(dev[0], 2, "wps_init"):
4965 hapd.request("WPS_PBC")
4966 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
4967 dev[0].request("WPS_PBC %s" % (apdev[0]['bssid']))
4968 ev = hapd.wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
4969 if ev is None:
4970 raise Exception("No EAP failure reported")
4971 dev[0].request("WPS_CANCEL")
4972
4973 dev[0].dump_monitor()
4974 new_ssid = "wps-new-ssid"
4975 new_passphrase = "1234567890"
4976 with alloc_fail(dev[0], 3, "wps_init"):
4977 dev[0].wps_reg(apdev[0]['bssid'], appin, new_ssid, "WPA2PSK", "CCMP",
4978 new_passphrase, no_wait=True)
4979 ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
4980 if ev is None:
4981 raise Exception("No EAP failure reported")
4982
4983 dev[0].flush_scan_cache()
4984
4985 @remote_compatible
4986 def test_ap_wps_invalid_assoc_req_elem(dev, apdev):
4987 """WPS and invalid IE in Association Request frame"""
4988 ssid = "test-wps"
4989 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2"}
4990 hapd = hostapd.add_ap(apdev[0], params)
4991 pin = "12345670"
4992 hapd.request("WPS_PIN any " + pin)
4993 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
4994 try:
4995 dev[0].request("VENDOR_ELEM_ADD 13 dd050050f20410")
4996 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
4997 for i in range(5):
4998 ev = hapd.wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=10)
4999 if ev and "vendor=14122" in ev:
5000 break
5001 if ev is None or "vendor=14122" not in ev:
5002 raise Exception("EAP-WSC not started")
5003 dev[0].request("WPS_CANCEL")
5004 finally:
5005 dev[0].request("VENDOR_ELEM_REMOVE 13 *")
5006
5007 def test_ap_wps_pbc_pin_mismatch(dev, apdev):
5008 """WPS PBC/PIN mismatch"""
5009 ssid = "test-wps"
5010 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2"}
5011 hapd = hostapd.add_ap(apdev[0], params)
5012 hapd.request("SET wps_version_number 0x10")
5013 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
5014 hapd.request("WPS_PBC")
5015 pin = dev[0].wps_read_pin()
5016 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
5017 ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"])
5018 if ev is None:
5019 raise Exception("Scan did not complete")
5020 dev[0].request("WPS_CANCEL")
5021
5022 hapd.request("WPS_CANCEL")
5023 dev[0].flush_scan_cache()
5024
5025 @remote_compatible
5026 def test_ap_wps_ie_invalid(dev, apdev):
5027 """WPS PIN attempt with AP that has invalid WSC IE"""
5028 ssid = "test-wps"
5029 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
5030 "vendor_elements": "dd050050f20410"}
5031 hapd = hostapd.add_ap(apdev[0], params)
5032 params = {'ssid': "another", "vendor_elements": "dd050050f20410"}
5033 hostapd.add_ap(apdev[1], params)
5034 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
5035 pin = dev[0].wps_read_pin()
5036 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
5037 ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"])
5038 if ev is None:
5039 raise Exception("Scan did not complete")
5040 dev[0].request("WPS_CANCEL")
5041
5042 @remote_compatible
5043 def test_ap_wps_scan_prio_order(dev, apdev):
5044 """WPS scan priority ordering"""
5045 ssid = "test-wps"
5046 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2"}
5047 hapd = hostapd.add_ap(apdev[0], params)
5048 params = {'ssid': "another", "vendor_elements": "dd050050f20410"}
5049 hostapd.add_ap(apdev[1], params)
5050 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
5051 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
5052 pin = dev[0].wps_read_pin()
5053 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
5054 ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"])
5055 if ev is None:
5056 raise Exception("Scan did not complete")
5057 dev[0].request("WPS_CANCEL")
5058
5059 def test_ap_wps_probe_req_ie_oom(dev, apdev):
5060 """WPS ProbeReq IE OOM"""
5061 ssid = "test-wps"
5062 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2"}
5063 hapd = hostapd.add_ap(apdev[0], params)
5064 pin = dev[0].wps_read_pin()
5065 hapd.request("WPS_PIN any " + pin)
5066 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
5067 with alloc_fail(dev[0], 1, "wps_build_probe_req_ie"):
5068 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
5069 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=10)
5070 if ev is None:
5071 raise Exception("Association not seen")
5072 dev[0].request("WPS_CANCEL")
5073 dev[0].wait_disconnected()
5074
5075 with alloc_fail(dev[0], 1, "wps_ie_encapsulate"):
5076 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
5077 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=10)
5078 if ev is None:
5079 raise Exception("Association not seen")
5080 dev[0].request("WPS_CANCEL")
5081 hapd.disable()
5082 dev[0].request("REMOVE_NETWORK all")
5083 dev[0].wait_disconnected()
5084 time.sleep(0.2)
5085 dev[0].flush_scan_cache()
5086
5087 def test_ap_wps_assoc_req_ie_oom(dev, apdev):
5088 """WPS AssocReq IE OOM"""
5089 ssid = "test-wps"
5090 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2"}
5091 hapd = hostapd.add_ap(apdev[0], params)
5092 pin = dev[0].wps_read_pin()
5093 hapd.request("WPS_PIN any " + pin)
5094 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
5095 with alloc_fail(dev[0], 1, "wps_build_assoc_req_ie"):
5096 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
5097 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=10)
5098 if ev is None:
5099 raise Exception("Association not seen")
5100 dev[0].request("WPS_CANCEL")
5101
5102 def test_ap_wps_assoc_resp_ie_oom(dev, apdev):
5103 """WPS AssocResp IE OOM"""
5104 ssid = "test-wps"
5105 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2"}
5106 hapd = hostapd.add_ap(apdev[0], params)
5107 pin = dev[0].wps_read_pin()
5108 hapd.request("WPS_PIN any " + pin)
5109 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
5110 with alloc_fail(hapd, 1, "wps_build_assoc_resp_ie"):
5111 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
5112 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=10)
5113 if ev is None:
5114 raise Exception("Association not seen")
5115 dev[0].request("WPS_CANCEL")
5116
5117 @remote_compatible
5118 def test_ap_wps_bss_info_errors(dev, apdev):
5119 """WPS BSS info errors"""
5120 params = {"ssid": "1",
5121 "vendor_elements": "dd0e0050f20410440001ff101100010a"}
5122 hostapd.add_ap(apdev[0], params)
5123 params = {'ssid': "2", "vendor_elements": "dd050050f20410"}
5124 hostapd.add_ap(apdev[1], params)
5125 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
5126 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
5127 bss = dev[0].get_bss(apdev[0]['bssid'])
5128 logger.info("BSS: " + str(bss))
5129 if "wps_state" in bss:
5130 raise Exception("Unexpected wps_state in BSS info")
5131 if 'wps_device_name' not in bss:
5132 raise Exception("No wps_device_name in BSS info")
5133 if bss['wps_device_name'] != '_':
5134 raise Exception("Unexpected wps_device_name value")
5135 bss = dev[0].get_bss(apdev[1]['bssid'])
5136 logger.info("BSS: " + str(bss))
5137
5138 with alloc_fail(dev[0], 1, "=wps_attr_text"):
5139 bss = dev[0].get_bss(apdev[0]['bssid'])
5140 logger.info("BSS(OOM): " + str(bss))
5141
5142 def wps_run_pbc_fail_ap(apdev, dev, hapd):
5143 hapd.request("WPS_PBC")
5144 dev.scan_for_bss(apdev['bssid'], freq="2412")
5145 dev.request("WPS_PBC " + apdev['bssid'])
5146 ev = dev.wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
5147 if ev is None:
5148 raise Exception("No EAP failure reported")
5149 dev.request("WPS_CANCEL")
5150 dev.wait_disconnected()
5151 for i in range(5):
5152 try:
5153 dev.flush_scan_cache()
5154 break
5155 except Exception as e:
5156 if str(e).startswith("Failed to trigger scan"):
5157 # Try again
5158 time.sleep(1)
5159 else:
5160 raise
5161
5162 def wps_run_pbc_fail(apdev, dev):
5163 hapd = wps_start_ap(apdev)
5164 wps_run_pbc_fail_ap(apdev, dev, hapd)
5165
5166 @remote_compatible
5167 def test_ap_wps_pk_oom(dev, apdev):
5168 """WPS and public key OOM"""
5169 with alloc_fail(dev[0], 1, "wps_build_public_key"):
5170 wps_run_pbc_fail(apdev[0], dev[0])
5171
5172 @remote_compatible
5173 def test_ap_wps_pk_oom_ap(dev, apdev):
5174 """WPS and public key OOM on AP"""
5175 hapd = wps_start_ap(apdev[0])
5176 with alloc_fail(hapd, 1, "wps_build_public_key"):
5177 wps_run_pbc_fail_ap(apdev[0], dev[0], hapd)
5178
5179 @remote_compatible
5180 def test_ap_wps_encr_oom_ap(dev, apdev):
5181 """WPS and encrypted settings decryption OOM on AP"""
5182 hapd = wps_start_ap(apdev[0])
5183 pin = dev[0].wps_read_pin()
5184 hapd.request("WPS_PIN any " + pin)
5185 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
5186 with alloc_fail(hapd, 1, "wps_decrypt_encr_settings"):
5187 dev[0].request("WPS_PIN " + apdev[0]['bssid'] + " " + pin)
5188 ev = hapd.wait_event(["WPS-FAIL"], timeout=10)
5189 if ev is None:
5190 raise Exception("No WPS-FAIL reported")
5191 dev[0].request("WPS_CANCEL")
5192 dev[0].wait_disconnected()
5193
5194 @remote_compatible
5195 def test_ap_wps_encr_no_random_ap(dev, apdev):
5196 """WPS and no random data available for encryption on AP"""
5197 hapd = wps_start_ap(apdev[0])
5198 with fail_test(hapd, 1, "os_get_random;wps_build_encr_settings"):
5199 wps_run_pbc_fail_ap(apdev[0], dev[0], hapd)
5200
5201 @remote_compatible
5202 def test_ap_wps_e_hash_no_random_sta(dev, apdev):
5203 """WPS and no random data available for e-hash on STA"""
5204 with fail_test(dev[0], 1, "os_get_random;wps_build_e_hash"):
5205 wps_run_pbc_fail(apdev[0], dev[0])
5206
5207 @remote_compatible
5208 def test_ap_wps_m1_no_random(dev, apdev):
5209 """WPS and no random for M1 on STA"""
5210 with fail_test(dev[0], 1, "os_get_random;wps_build_m1"):
5211 wps_run_pbc_fail(apdev[0], dev[0])
5212
5213 @remote_compatible
5214 def test_ap_wps_m1_oom(dev, apdev):
5215 """WPS and OOM for M1 on STA"""
5216 with alloc_fail(dev[0], 1, "wps_build_m1"):
5217 wps_run_pbc_fail(apdev[0], dev[0])
5218
5219 @remote_compatible
5220 def test_ap_wps_m3_oom(dev, apdev):
5221 """WPS and OOM for M3 on STA"""
5222 with alloc_fail(dev[0], 1, "wps_build_m3"):
5223 wps_run_pbc_fail(apdev[0], dev[0])
5224
5225 @remote_compatible
5226 def test_ap_wps_m5_oom(dev, apdev):
5227 """WPS and OOM for M5 on STA"""
5228 hapd = wps_start_ap(apdev[0])
5229 hapd.request("WPS_PBC")
5230 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
5231 for i in range(1, 3):
5232 with alloc_fail(dev[0], i, "wps_build_m5"):
5233 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
5234 ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
5235 if ev is None:
5236 raise Exception("No EAP failure reported")
5237 dev[0].request("WPS_CANCEL")
5238 dev[0].wait_disconnected()
5239 dev[0].flush_scan_cache()
5240
5241 @remote_compatible
5242 def test_ap_wps_m5_no_random(dev, apdev):
5243 """WPS and no random for M5 on STA"""
5244 with fail_test(dev[0], 1,
5245 "os_get_random;wps_build_encr_settings;wps_build_m5"):
5246 wps_run_pbc_fail(apdev[0], dev[0])
5247
5248 @remote_compatible
5249 def test_ap_wps_m7_oom(dev, apdev):
5250 """WPS and OOM for M7 on STA"""
5251 hapd = wps_start_ap(apdev[0])
5252 hapd.request("WPS_PBC")
5253 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
5254 for i in range(1, 3):
5255 with alloc_fail(dev[0], i, "wps_build_m7"):
5256 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
5257 ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
5258 if ev is None:
5259 raise Exception("No EAP failure reported")
5260 dev[0].request("WPS_CANCEL")
5261 dev[0].wait_disconnected()
5262 dev[0].flush_scan_cache()
5263
5264 @remote_compatible
5265 def test_ap_wps_m7_no_random(dev, apdev):
5266 """WPS and no random for M7 on STA"""
5267 with fail_test(dev[0], 1,
5268 "os_get_random;wps_build_encr_settings;wps_build_m7"):
5269 wps_run_pbc_fail(apdev[0], dev[0])
5270
5271 @remote_compatible
5272 def test_ap_wps_wsc_done_oom(dev, apdev):
5273 """WPS and OOM for WSC_Done on STA"""
5274 with alloc_fail(dev[0], 1, "wps_build_wsc_done"):
5275 wps_run_pbc_fail(apdev[0], dev[0])
5276
5277 def test_ap_wps_random_psk_fail(dev, apdev):
5278 """WPS and no random for PSK on AP"""
5279 ssid = "test-wps"
5280 pskfile = "/tmp/ap_wps_per_enrollee_psk.psk_file"
5281 appin = "12345670"
5282 try:
5283 os.remove(pskfile)
5284 except:
5285 pass
5286
5287 try:
5288 with open(pskfile, "w") as f:
5289 f.write("# WPA PSKs\n")
5290
5291 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
5292 "wpa": "2", "wpa_key_mgmt": "WPA-PSK",
5293 "rsn_pairwise": "CCMP", "ap_pin": appin,
5294 "wpa_psk_file": pskfile}
5295 hapd = hostapd.add_ap(apdev[0], params)
5296
5297 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
5298 with fail_test(hapd, 1, "os_get_random;wps_build_cred_network_key"):
5299 dev[0].request("WPS_REG " + apdev[0]['bssid'] + " " + appin)
5300 ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
5301 if ev is None:
5302 raise Exception("No EAP failure reported")
5303 dev[0].request("WPS_CANCEL")
5304 dev[0].wait_disconnected()
5305
5306 with fail_test(hapd, 1, "os_get_random;wps_build_cred"):
5307 wps_run_pbc_fail_ap(apdev[0], dev[0], hapd)
5308
5309 with alloc_fail(hapd, 1, "wps_build_cred"):
5310 wps_run_pbc_fail_ap(apdev[0], dev[0], hapd)
5311
5312 with alloc_fail(hapd, 2, "wps_build_cred"):
5313 wps_run_pbc_fail_ap(apdev[0], dev[0], hapd)
5314 finally:
5315 os.remove(pskfile)
5316
5317 def wps_ext_eap_identity_req(dev, hapd, bssid):
5318 logger.debug("EAP-Identity/Request")
5319 ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
5320 if ev is None:
5321 raise Exception("Timeout on EAPOL-TX from hostapd")
5322 res = dev.request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
5323 if "OK" not in res:
5324 raise Exception("EAPOL_RX to wpa_supplicant failed")
5325
5326 def wps_ext_eap_identity_resp(hapd, dev, addr):
5327 ev = dev.wait_event(["EAPOL-TX"], timeout=10)
5328 if ev is None:
5329 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
5330 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
5331 if "OK" not in res:
5332 raise Exception("EAPOL_RX to hostapd failed")
5333
5334 def wps_ext_eap_wsc(dst, src, src_addr, msg):
5335 logger.debug(msg)
5336 ev = src.wait_event(["EAPOL-TX"], timeout=10)
5337 if ev is None:
5338 raise Exception("Timeout on EAPOL-TX")
5339 res = dst.request("EAPOL_RX " + src_addr + " " + ev.split(' ')[2])
5340 if "OK" not in res:
5341 raise Exception("EAPOL_RX failed")
5342
5343 def wps_start_ext(apdev, dev, pbc=False, pin=None):
5344 addr = dev.own_addr()
5345 bssid = apdev['bssid']
5346 ssid = "test-wps-conf"
5347 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
5348 "wpa_passphrase": "12345678", "wpa": "2",
5349 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"}
5350 hapd = hostapd.add_ap(apdev, params)
5351
5352 if pbc:
5353 hapd.request("WPS_PBC")
5354 else:
5355 if pin is None:
5356 pin = dev.wps_read_pin()
5357 hapd.request("WPS_PIN any " + pin)
5358 dev.scan_for_bss(bssid, freq="2412")
5359 hapd.request("SET ext_eapol_frame_io 1")
5360 dev.request("SET ext_eapol_frame_io 1")
5361
5362 if pbc:
5363 dev.request("WPS_PBC " + bssid)
5364 else:
5365 dev.request("WPS_PIN " + bssid + " " + pin)
5366 return addr, bssid, hapd
5367
5368 def wps_auth_corrupt(dst, src, addr):
5369 ev = src.wait_event(["EAPOL-TX"], timeout=10)
5370 if ev is None:
5371 raise Exception("Timeout on EAPOL-TX")
5372 src.request("SET ext_eapol_frame_io 0")
5373 dst.request("SET ext_eapol_frame_io 0")
5374 msg = ev.split(' ')[2]
5375 if msg[-24:-16] != '10050008':
5376 raise Exception("Could not find Authenticator attribute")
5377 # Corrupt Authenticator value
5378 msg = msg[:-1] + '%x' % ((int(msg[-1], 16) + 1) % 16)
5379 res = dst.request("EAPOL_RX " + addr + " " + msg)
5380 if "OK" not in res:
5381 raise Exception("EAPOL_RX failed")
5382
5383 def wps_fail_finish(hapd, dev, fail_str):
5384 ev = hapd.wait_event(["WPS-FAIL"], timeout=5)
5385 if ev is None:
5386 raise Exception("WPS-FAIL not indicated")
5387 if fail_str not in ev:
5388 raise Exception("Unexpected WPS-FAIL value: " + ev)
5389 dev.request("WPS_CANCEL")
5390 dev.wait_disconnected()
5391
5392 def wps_auth_corrupt_from_ap(dev, hapd, bssid, fail_str):
5393 wps_auth_corrupt(dev, hapd, bssid)
5394 wps_fail_finish(hapd, dev, fail_str)
5395
5396 def wps_auth_corrupt_to_ap(dev, hapd, addr, fail_str):
5397 wps_auth_corrupt(hapd, dev, addr)
5398 wps_fail_finish(hapd, dev, fail_str)
5399
5400 def test_ap_wps_authenticator_mismatch_m2(dev, apdev):
5401 """WPS and Authenticator attribute mismatch in M2"""
5402 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0])
5403 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5404 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5405 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5406 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5407 logger.debug("M2")
5408 wps_auth_corrupt_from_ap(dev[0], hapd, bssid, "msg=5")
5409
5410 def test_ap_wps_authenticator_mismatch_m3(dev, apdev):
5411 """WPS and Authenticator attribute mismatch in M3"""
5412 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0])
5413 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5414 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5415 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5416 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5417 wps_ext_eap_wsc(dev[0], hapd, bssid, "M2")
5418 logger.debug("M3")
5419 wps_auth_corrupt_to_ap(dev[0], hapd, addr, "msg=7")
5420
5421 def test_ap_wps_authenticator_mismatch_m4(dev, apdev):
5422 """WPS and Authenticator attribute mismatch in M4"""
5423 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0])
5424 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5425 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5426 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5427 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5428 wps_ext_eap_wsc(dev[0], hapd, bssid, "M2")
5429 wps_ext_eap_wsc(hapd, dev[0], addr, "M3")
5430 logger.debug("M4")
5431 wps_auth_corrupt_from_ap(dev[0], hapd, bssid, "msg=8")
5432
5433 def test_ap_wps_authenticator_mismatch_m5(dev, apdev):
5434 """WPS and Authenticator attribute mismatch in M5"""
5435 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0])
5436 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5437 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5438 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5439 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5440 wps_ext_eap_wsc(dev[0], hapd, bssid, "M2")
5441 wps_ext_eap_wsc(hapd, dev[0], addr, "M3")
5442 wps_ext_eap_wsc(dev[0], hapd, bssid, "M4")
5443 logger.debug("M5")
5444 wps_auth_corrupt_to_ap(dev[0], hapd, addr, "msg=9")
5445
5446 def test_ap_wps_authenticator_mismatch_m6(dev, apdev):
5447 """WPS and Authenticator attribute mismatch in M6"""
5448 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0])
5449 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5450 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5451 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5452 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5453 wps_ext_eap_wsc(dev[0], hapd, bssid, "M2")
5454 wps_ext_eap_wsc(hapd, dev[0], addr, "M3")
5455 wps_ext_eap_wsc(dev[0], hapd, bssid, "M4")
5456 wps_ext_eap_wsc(hapd, dev[0], addr, "M5")
5457 logger.debug("M6")
5458 wps_auth_corrupt_from_ap(dev[0], hapd, bssid, "msg=10")
5459
5460 def test_ap_wps_authenticator_mismatch_m7(dev, apdev):
5461 """WPS and Authenticator attribute mismatch in M7"""
5462 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0])
5463 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5464 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5465 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5466 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5467 wps_ext_eap_wsc(dev[0], hapd, bssid, "M2")
5468 wps_ext_eap_wsc(hapd, dev[0], addr, "M3")
5469 wps_ext_eap_wsc(dev[0], hapd, bssid, "M4")
5470 wps_ext_eap_wsc(hapd, dev[0], addr, "M5")
5471 wps_ext_eap_wsc(dev[0], hapd, bssid, "M6")
5472 logger.debug("M7")
5473 wps_auth_corrupt_to_ap(dev[0], hapd, addr, "msg=11")
5474
5475 def test_ap_wps_authenticator_mismatch_m8(dev, apdev):
5476 """WPS and Authenticator attribute mismatch in M8"""
5477 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0])
5478 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5479 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5480 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5481 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5482 wps_ext_eap_wsc(dev[0], hapd, bssid, "M2")
5483 wps_ext_eap_wsc(hapd, dev[0], addr, "M3")
5484 wps_ext_eap_wsc(dev[0], hapd, bssid, "M4")
5485 wps_ext_eap_wsc(hapd, dev[0], addr, "M5")
5486 wps_ext_eap_wsc(dev[0], hapd, bssid, "M6")
5487 wps_ext_eap_wsc(hapd, dev[0], addr, "M7")
5488 logger.debug("M8")
5489 wps_auth_corrupt_from_ap(dev[0], hapd, bssid, "msg=12")
5490
5491 def test_ap_wps_authenticator_missing_m2(dev, apdev):
5492 """WPS and Authenticator attribute missing from M2"""
5493 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0])
5494 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5495 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5496 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5497 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5498 logger.debug("M2")
5499 ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
5500 if ev is None:
5501 raise Exception("Timeout on EAPOL-TX")
5502 hapd.request("SET ext_eapol_frame_io 0")
5503 dev[0].request("SET ext_eapol_frame_io 0")
5504 msg = ev.split(' ')[2]
5505 if msg[-24:-16] != '10050008':
5506 raise Exception("Could not find Authenticator attribute")
5507 # Remove Authenticator value
5508 msg = msg[:-24]
5509 mlen = "%04x" % (int(msg[4:8], 16) - 12)
5510 msg = msg[0:4] + mlen + msg[8:12] + mlen + msg[16:]
5511 res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
5512 if "OK" not in res:
5513 raise Exception("EAPOL_RX failed")
5514 wps_fail_finish(hapd, dev[0], "msg=5")
5515
5516 def test_ap_wps_m2_dev_passwd_id_p2p(dev, apdev):
5517 """WPS and M2 with different Device Password ID (P2P)"""
5518 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0])
5519 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5520 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5521 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5522 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5523 logger.debug("M2")
5524 ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
5525 if ev is None:
5526 raise Exception("Timeout on EAPOL-TX")
5527 hapd.request("SET ext_eapol_frame_io 0")
5528 dev[0].request("SET ext_eapol_frame_io 0")
5529 msg = ev.split(' ')[2]
5530 if msg[722:730] != '10120002':
5531 raise Exception("Could not find Device Password ID attribute")
5532 # Replace Device Password ID value. This will fail Authenticator check, but
5533 # allows the code path in wps_process_dev_pw_id() to be checked from debug
5534 # log.
5535 msg = msg[0:730] + "0005" + msg[734:]
5536 res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
5537 if "OK" not in res:
5538 raise Exception("EAPOL_RX failed")
5539 wps_fail_finish(hapd, dev[0], "msg=5")
5540
5541 def test_ap_wps_m2_dev_passwd_id_change_pin_to_pbc(dev, apdev):
5542 """WPS and M2 with different Device Password ID (PIN to PBC)"""
5543 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0])
5544 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5545 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5546 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5547 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5548 logger.debug("M2")
5549 ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
5550 if ev is None:
5551 raise Exception("Timeout on EAPOL-TX")
5552 hapd.request("SET ext_eapol_frame_io 0")
5553 dev[0].request("SET ext_eapol_frame_io 0")
5554 msg = ev.split(' ')[2]
5555 if msg[722:730] != '10120002':
5556 raise Exception("Could not find Device Password ID attribute")
5557 # Replace Device Password ID value (PIN --> PBC). This will be rejected.
5558 msg = msg[0:730] + "0004" + msg[734:]
5559 res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
5560 if "OK" not in res:
5561 raise Exception("EAPOL_RX failed")
5562 wps_fail_finish(hapd, dev[0], "msg=5")
5563
5564 def test_ap_wps_m2_dev_passwd_id_change_pbc_to_pin(dev, apdev):
5565 """WPS and M2 with different Device Password ID (PBC to PIN)"""
5566 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pbc=True)
5567 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5568 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5569 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5570 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5571 logger.debug("M2")
5572 ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
5573 if ev is None:
5574 raise Exception("Timeout on EAPOL-TX")
5575 hapd.request("SET ext_eapol_frame_io 0")
5576 dev[0].request("SET ext_eapol_frame_io 0")
5577 msg = ev.split(' ')[2]
5578 if msg[722:730] != '10120002':
5579 raise Exception("Could not find Device Password ID attribute")
5580 # Replace Device Password ID value. This will fail Authenticator check, but
5581 # allows the code path in wps_process_dev_pw_id() to be checked from debug
5582 # log.
5583 msg = msg[0:730] + "0000" + msg[734:]
5584 res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
5585 if "OK" not in res:
5586 raise Exception("EAPOL_RX failed")
5587 wps_fail_finish(hapd, dev[0], "msg=5")
5588 dev[0].flush_scan_cache()
5589
5590 def test_ap_wps_m2_missing_dev_passwd_id(dev, apdev):
5591 """WPS and M2 without Device Password ID"""
5592 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0])
5593 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5594 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5595 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5596 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5597 logger.debug("M2")
5598 ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
5599 if ev is None:
5600 raise Exception("Timeout on EAPOL-TX")
5601 hapd.request("SET ext_eapol_frame_io 0")
5602 dev[0].request("SET ext_eapol_frame_io 0")
5603 msg = ev.split(' ')[2]
5604 if msg[722:730] != '10120002':
5605 raise Exception("Could not find Device Password ID attribute")
5606 # Remove Device Password ID value. This will fail Authenticator check, but
5607 # allows the code path in wps_process_dev_pw_id() to be checked from debug
5608 # log.
5609 mlen = "%04x" % (int(msg[4:8], 16) - 6)
5610 msg = msg[0:4] + mlen + msg[8:12] + mlen + msg[16:722] + msg[734:]
5611 res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
5612 if "OK" not in res:
5613 raise Exception("EAPOL_RX failed")
5614 wps_fail_finish(hapd, dev[0], "msg=5")
5615
5616 def test_ap_wps_m2_missing_registrar_nonce(dev, apdev):
5617 """WPS and M2 without Registrar Nonce"""
5618 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pbc=True)
5619 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5620 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5621 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5622 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5623 logger.debug("M2")
5624 ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
5625 if ev is None:
5626 raise Exception("Timeout on EAPOL-TX")
5627 hapd.request("SET ext_eapol_frame_io 0")
5628 dev[0].request("SET ext_eapol_frame_io 0")
5629 msg = ev.split(' ')[2]
5630 if msg[96:104] != '10390010':
5631 raise Exception("Could not find Registrar Nonce attribute")
5632 # Remove Registrar Nonce. This will fail Authenticator check, but
5633 # allows the code path in wps_process_registrar_nonce() to be checked from
5634 # the debug log.
5635 mlen = "%04x" % (int(msg[4:8], 16) - 20)
5636 msg = msg[0:4] + mlen + msg[8:12] + mlen + msg[16:96] + msg[136:]
5637 res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
5638 if "OK" not in res:
5639 raise Exception("EAPOL_RX failed")
5640 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECT"], timeout=5)
5641 if ev is None:
5642 raise Exception("Disconnect event not seen")
5643 dev[0].request("WPS_CANCEL")
5644 dev[0].flush_scan_cache()
5645
5646 def test_ap_wps_m2_missing_enrollee_nonce(dev, apdev):
5647 """WPS and M2 without Enrollee Nonce"""
5648 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pbc=True)
5649 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5650 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5651 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5652 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5653 logger.debug("M2")
5654 ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
5655 if ev is None:
5656 raise Exception("Timeout on EAPOL-TX")
5657 hapd.request("SET ext_eapol_frame_io 0")
5658 dev[0].request("SET ext_eapol_frame_io 0")
5659 msg = ev.split(' ')[2]
5660 if msg[56:64] != '101a0010':
5661 raise Exception("Could not find enrollee Nonce attribute")
5662 # Remove Enrollee Nonce. This will fail Authenticator check, but
5663 # allows the code path in wps_process_enrollee_nonce() to be checked from
5664 # the debug log.
5665 mlen = "%04x" % (int(msg[4:8], 16) - 20)
5666 msg = msg[0:4] + mlen + msg[8:12] + mlen + msg[16:56] + msg[96:]
5667 res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
5668 if "OK" not in res:
5669 raise Exception("EAPOL_RX failed")
5670 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECT"], timeout=5)
5671 if ev is None:
5672 raise Exception("Disconnect event not seen")
5673 dev[0].request("WPS_CANCEL")
5674 dev[0].flush_scan_cache()
5675
5676 def test_ap_wps_m2_missing_uuid_r(dev, apdev):
5677 """WPS and M2 without UUID-R"""
5678 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pbc=True)
5679 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5680 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5681 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5682 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5683 logger.debug("M2")
5684 ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
5685 if ev is None:
5686 raise Exception("Timeout on EAPOL-TX")
5687 hapd.request("SET ext_eapol_frame_io 0")
5688 dev[0].request("SET ext_eapol_frame_io 0")
5689 msg = ev.split(' ')[2]
5690 if msg[136:144] != '10480010':
5691 raise Exception("Could not find enrollee Nonce attribute")
5692 # Remove UUID-R. This will fail Authenticator check, but allows the code
5693 # path in wps_process_uuid_r() to be checked from the debug log.
5694 mlen = "%04x" % (int(msg[4:8], 16) - 20)
5695 msg = msg[0:4] + mlen + msg[8:12] + mlen + msg[16:136] + msg[176:]
5696 res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
5697 if "OK" not in res:
5698 raise Exception("EAPOL_RX failed")
5699 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECT"], timeout=5)
5700 if ev is None:
5701 raise Exception("Disconnect event not seen")
5702 dev[0].request("WPS_CANCEL")
5703 dev[0].flush_scan_cache()
5704
5705 def test_ap_wps_m2_invalid(dev, apdev):
5706 """WPS and M2 parsing failure"""
5707 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pbc=True)
5708 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5709 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5710 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5711 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5712 logger.debug("M2")
5713 ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
5714 if ev is None:
5715 raise Exception("Timeout on EAPOL-TX")
5716 hapd.request("SET ext_eapol_frame_io 0")
5717 dev[0].request("SET ext_eapol_frame_io 0")
5718 msg = ev.split(' ')[2]
5719 if msg[136:144] != '10480010':
5720 raise Exception("Could not find enrollee Nonce attribute")
5721 # Remove UUID-R. This will fail Authenticator check, but allows the code
5722 # path in wps_process_uuid_r() to be checked from the debug log.
5723 mlen = "%04x" % (int(msg[4:8], 16) - 1)
5724 msg = msg[0:4] + mlen + msg[8:12] + mlen + msg[16:-2]
5725 res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
5726 if "OK" not in res:
5727 raise Exception("EAPOL_RX failed")
5728 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECT"], timeout=5)
5729 if ev is None:
5730 raise Exception("Disconnect event not seen")
5731 dev[0].request("WPS_CANCEL")
5732 dev[0].flush_scan_cache()
5733
5734 def test_ap_wps_m2_missing_msg_type(dev, apdev):
5735 """WPS and M2 without Message Type"""
5736 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pbc=True)
5737 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5738 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5739 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5740 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5741 logger.debug("M2")
5742 ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
5743 if ev is None:
5744 raise Exception("Timeout on EAPOL-TX")
5745 hapd.request("SET ext_eapol_frame_io 0")
5746 dev[0].request("SET ext_eapol_frame_io 0")
5747 msg = ev.split(' ')[2]
5748 if msg[46:54] != '10220001':
5749 raise Exception("Could not find Message Type attribute")
5750 # Remove Message Type. This will fail Authenticator check, but allows the
5751 # code path in wps_process_wsc_msg() to be checked from the debug log.
5752 mlen = "%04x" % (int(msg[4:8], 16) - 5)
5753 msg = msg[0:4] + mlen + msg[8:12] + mlen + msg[16:46] + msg[56:]
5754 res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
5755 if "OK" not in res:
5756 raise Exception("EAPOL_RX failed")
5757 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECT"], timeout=5)
5758 if ev is None:
5759 raise Exception("Disconnect event not seen")
5760 dev[0].request("WPS_CANCEL")
5761 dev[0].flush_scan_cache()
5762
5763 def test_ap_wps_m2_unknown_msg_type(dev, apdev):
5764 """WPS and M2 but unknown Message Type"""
5765 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pbc=True)
5766 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5767 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5768 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5769 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5770 logger.debug("M2")
5771 ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
5772 if ev is None:
5773 raise Exception("Timeout on EAPOL-TX")
5774 hapd.request("SET ext_eapol_frame_io 0")
5775 dev[0].request("SET ext_eapol_frame_io 0")
5776 msg = ev.split(' ')[2]
5777 if msg[46:54] != '10220001':
5778 raise Exception("Could not find Message Type attribute")
5779 # Replace Message Type value. This will be rejected.
5780 msg = msg[0:54] + "00" + msg[56:]
5781 res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
5782 if "OK" not in res:
5783 raise Exception("EAPOL_RX failed")
5784 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECT"], timeout=5)
5785 if ev is None:
5786 raise Exception("Disconnect event not seen")
5787 dev[0].request("WPS_CANCEL")
5788 dev[0].flush_scan_cache()
5789
5790 def test_ap_wps_m2_unknown_opcode(dev, apdev):
5791 """WPS and M2 but unknown opcode"""
5792 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pbc=True)
5793 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5794 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5795 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5796 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5797 logger.debug("M2")
5798 ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
5799 if ev is None:
5800 raise Exception("Timeout on EAPOL-TX")
5801 hapd.request("SET ext_eapol_frame_io 0")
5802 dev[0].request("SET ext_eapol_frame_io 0")
5803 msg = ev.split(' ')[2]
5804 # Replace opcode. This will be discarded in EAP-WSC processing.
5805 msg = msg[0:32] + "00" + msg[34:]
5806 res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
5807 if "OK" not in res:
5808 raise Exception("EAPOL_RX failed")
5809 dev[0].request("WPS_CANCEL")
5810 dev[0].wait_disconnected()
5811 dev[0].flush_scan_cache()
5812
5813 def test_ap_wps_m2_unknown_opcode2(dev, apdev):
5814 """WPS and M2 but unknown opcode (WSC_Start)"""
5815 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pbc=True)
5816 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5817 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5818 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5819 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5820 logger.debug("M2")
5821 ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
5822 if ev is None:
5823 raise Exception("Timeout on EAPOL-TX")
5824 hapd.request("SET ext_eapol_frame_io 0")
5825 dev[0].request("SET ext_eapol_frame_io 0")
5826 msg = ev.split(' ')[2]
5827 # Replace opcode. This will be discarded in EAP-WSC processing.
5828 msg = msg[0:32] + "01" + msg[34:]
5829 res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
5830 if "OK" not in res:
5831 raise Exception("EAPOL_RX failed")
5832 dev[0].request("WPS_CANCEL")
5833 dev[0].wait_disconnected()
5834 dev[0].flush_scan_cache()
5835
5836 def test_ap_wps_m2_unknown_opcode3(dev, apdev):
5837 """WPS and M2 but unknown opcode (WSC_Done)"""
5838 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pbc=True)
5839 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5840 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5841 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5842 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5843 logger.debug("M2")
5844 ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
5845 if ev is None:
5846 raise Exception("Timeout on EAPOL-TX")
5847 hapd.request("SET ext_eapol_frame_io 0")
5848 dev[0].request("SET ext_eapol_frame_io 0")
5849 msg = ev.split(' ')[2]
5850 # Replace opcode. This will be discarded in WPS Enrollee processing.
5851 msg = msg[0:32] + "05" + msg[34:]
5852 res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
5853 if "OK" not in res:
5854 raise Exception("EAPOL_RX failed")
5855 dev[0].request("WPS_CANCEL")
5856 dev[0].wait_disconnected()
5857 dev[0].flush_scan_cache()
5858
5859 def wps_m2_but_other(dev, apdev, title, msgtype):
5860 addr, bssid, hapd = wps_start_ext(apdev, dev)
5861 wps_ext_eap_identity_req(dev, hapd, bssid)
5862 wps_ext_eap_identity_resp(hapd, dev, addr)
5863 wps_ext_eap_wsc(dev, hapd, bssid, "EAP-WSC/Start")
5864 wps_ext_eap_wsc(hapd, dev, addr, "M1")
5865 logger.debug(title)
5866 ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
5867 if ev is None:
5868 raise Exception("Timeout on EAPOL-TX")
5869 hapd.request("SET ext_eapol_frame_io 0")
5870 dev.request("SET ext_eapol_frame_io 0")
5871 msg = ev.split(' ')[2]
5872 if msg[46:54] != '10220001':
5873 raise Exception("Could not find Message Type attribute")
5874 # Replace Message Type value. This will be rejected.
5875 msg = msg[0:54] + msgtype + msg[56:]
5876 res = dev.request("EAPOL_RX " + bssid + " " + msg)
5877 if "OK" not in res:
5878 raise Exception("EAPOL_RX failed")
5879 ev = dev.wait_event(["WPS-FAIL"], timeout=5)
5880 if ev is None:
5881 raise Exception("WPS-FAIL event not seen")
5882 dev.request("WPS_CANCEL")
5883 dev.wait_disconnected()
5884
5885 def wps_m4_but_other(dev, apdev, title, msgtype):
5886 addr, bssid, hapd = wps_start_ext(apdev, dev)
5887 wps_ext_eap_identity_req(dev, hapd, bssid)
5888 wps_ext_eap_identity_resp(hapd, dev, addr)
5889 wps_ext_eap_wsc(dev, hapd, bssid, "EAP-WSC/Start")
5890 wps_ext_eap_wsc(hapd, dev, addr, "M1")
5891 wps_ext_eap_wsc(dev, hapd, bssid, "M2")
5892 wps_ext_eap_wsc(hapd, dev, addr, "M3")
5893 logger.debug(title)
5894 ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
5895 if ev is None:
5896 raise Exception("Timeout on EAPOL-TX")
5897 hapd.request("SET ext_eapol_frame_io 0")
5898 dev.request("SET ext_eapol_frame_io 0")
5899 msg = ev.split(' ')[2]
5900 if msg[46:54] != '10220001':
5901 raise Exception("Could not find Message Type attribute")
5902 # Replace Message Type value. This will be rejected.
5903 msg = msg[0:54] + msgtype + msg[56:]
5904 res = dev.request("EAPOL_RX " + bssid + " " + msg)
5905 if "OK" not in res:
5906 raise Exception("EAPOL_RX failed")
5907 ev = hapd.wait_event(["WPS-FAIL"], timeout=5)
5908 if ev is None:
5909 raise Exception("WPS-FAIL event not seen")
5910 dev.request("WPS_CANCEL")
5911 dev.wait_disconnected()
5912
5913 def test_ap_wps_m2_msg_type_m4(dev, apdev):
5914 """WPS and M2 but Message Type M4"""
5915 wps_m2_but_other(dev[0], apdev[0], "M2/M4", "08")
5916
5917 def test_ap_wps_m2_msg_type_m6(dev, apdev):
5918 """WPS and M2 but Message Type M6"""
5919 wps_m2_but_other(dev[0], apdev[0], "M2/M6", "0a")
5920
5921 def test_ap_wps_m2_msg_type_m8(dev, apdev):
5922 """WPS and M2 but Message Type M8"""
5923 wps_m2_but_other(dev[0], apdev[0], "M2/M8", "0c")
5924
5925 def test_ap_wps_m4_msg_type_m2(dev, apdev):
5926 """WPS and M4 but Message Type M2"""
5927 wps_m4_but_other(dev[0], apdev[0], "M4/M2", "05")
5928
5929 def test_ap_wps_m4_msg_type_m2d(dev, apdev):
5930 """WPS and M4 but Message Type M2D"""
5931 wps_m4_but_other(dev[0], apdev[0], "M4/M2D", "06")
5932
5933 @remote_compatible
5934 def test_ap_wps_config_methods(dev, apdev):
5935 """WPS configuration method parsing"""
5936 ssid = "test-wps-conf"
5937 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
5938 "wpa_passphrase": "12345678", "wpa": "2",
5939 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
5940 "config_methods": "ethernet display ext_nfc_token int_nfc_token physical_display physical_push_button"}
5941 hapd = hostapd.add_ap(apdev[0], params)
5942 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
5943 "wpa_passphrase": "12345678", "wpa": "2",
5944 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
5945 "config_methods": "display push_button"}
5946 hapd2 = hostapd.add_ap(apdev[1], params)
5947
5948 def test_ap_wps_set_selected_registrar_proto(dev, apdev):
5949 """WPS UPnP SetSelectedRegistrar protocol testing"""
5950 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
5951 hapd = add_ssdp_ap(apdev[0], ap_uuid)
5952
5953 location = ssdp_get_location(ap_uuid)
5954 urls = upnp_get_urls(location)
5955 eventurl = urlparse(urls['event_sub_url'])
5956 ctrlurl = urlparse(urls['control_url'])
5957 url = urlparse(location)
5958 conn = HTTPConnection(url.netloc)
5959
5960 class WPSERHTTPServer(StreamRequestHandler):
5961 def handle(self):
5962 data = self.rfile.readline().strip()
5963 logger.debug(data)
5964 self.wfile.write(gen_wps_event())
5965
5966 server = MyTCPServer(("127.0.0.1", 12345), WPSERHTTPServer)
5967 server.timeout = 1
5968
5969 headers = {"callback": '<http://127.0.0.1:12345/event>',
5970 "NT": "upnp:event",
5971 "timeout": "Second-1234"}
5972 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
5973 resp = conn.getresponse()
5974 if resp.status != 200:
5975 raise Exception("Unexpected HTTP response: %d" % resp.status)
5976 sid = resp.getheader("sid")
5977 logger.debug("Subscription SID " + sid)
5978 server.handle_request()
5979
5980 tests = [(500, "10"),
5981 (200, "104a000110" + "1041000101" + "101200020000" +
5982 "105300023148" +
5983 "1049002c00372a0001200124111111111111222222222222333333333333444444444444555555555555666666666666" +
5984 "10480010362db47ba53a519188fb5458b986b2e4"),
5985 (200, "104a000110" + "1041000100" + "101200020000" +
5986 "105300020000"),
5987 (200, "104a000110" + "1041000100"),
5988 (200, "104a000110")]
5989 for status, test in tests:
5990 tlvs = binascii.unhexlify(test)
5991 newmsg = base64.b64encode(tlvs).decode()
5992 msg = '<?xml version="1.0"?>\n'
5993 msg += '<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">'
5994 msg += '<s:Body>'
5995 msg += '<u:SetSelectedRegistrar xmlns:u="urn:schemas-wifialliance-org:service:WFAWLANConfig:1">'
5996 msg += '<NewMessage>'
5997 msg += newmsg
5998 msg += "</NewMessage></u:SetSelectedRegistrar></s:Body></s:Envelope>"
5999 headers = {"Content-type": 'text/xml; charset="utf-8"'}
6000 headers["SOAPAction"] = '"urn:schemas-wifialliance-org:service:WFAWLANConfig:1#%s"' % "SetSelectedRegistrar"
6001 conn.request("POST", ctrlurl.path, msg, headers)
6002 resp = conn.getresponse()
6003 if resp.status != status:
6004 raise Exception("Unexpected HTTP response: %d (expected %d)" % (resp.status, status))
6005
6006 def test_ap_wps_adv_oom(dev, apdev):
6007 """WPS AP and advertisement OOM"""
6008 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
6009 hapd = add_ssdp_ap(apdev[0], ap_uuid)
6010
6011 with alloc_fail(hapd, 1, "=msearchreply_state_machine_start"):
6012 ssdp_send_msearch("urn:schemas-wifialliance-org:service:WFAWLANConfig:1",
6013 no_recv=True)
6014 time.sleep(0.2)
6015
6016 with alloc_fail(hapd, 1, "eloop_register_timeout;msearchreply_state_machine_start"):
6017 ssdp_send_msearch("urn:schemas-wifialliance-org:service:WFAWLANConfig:1",
6018 no_recv=True)
6019 time.sleep(0.2)
6020
6021 with alloc_fail(hapd, 1,
6022 "next_advertisement;advertisement_state_machine_stop"):
6023 hapd.disable()
6024
6025 with alloc_fail(hapd, 1, "ssdp_listener_start"):
6026 if "FAIL" not in hapd.request("ENABLE"):
6027 raise Exception("ENABLE succeeded during OOM")
6028
6029 def test_wps_config_methods(dev):
6030 """WPS config method update"""
6031 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
6032 wpas.interface_add("wlan5")
6033 if "OK" not in wpas.request("SET config_methods display label"):
6034 raise Exception("Failed to set config_methods")
6035 if wpas.request("GET config_methods").strip() != "display label":
6036 raise Exception("config_methods were not updated")
6037 if "OK" not in wpas.request("SET config_methods "):
6038 raise Exception("Failed to clear config_methods")
6039 if wpas.request("GET config_methods").strip() != "":
6040 raise Exception("config_methods were not cleared")
6041
6042 WPS_VENDOR_ID_WFA = 14122
6043 WPS_VENDOR_TYPE = 1
6044
6045 # EAP-WSC Op-Code values
6046 WSC_Start = 0x01
6047 WSC_ACK = 0x02
6048 WSC_NACK = 0x03
6049 WSC_MSG = 0x04
6050 WSC_Done = 0x05
6051 WSC_FRAG_ACK = 0x06
6052
6053 ATTR_AP_CHANNEL = 0x1001
6054 ATTR_ASSOC_STATE = 0x1002
6055 ATTR_AUTH_TYPE = 0x1003
6056 ATTR_AUTH_TYPE_FLAGS = 0x1004
6057 ATTR_AUTHENTICATOR = 0x1005
6058 ATTR_CONFIG_METHODS = 0x1008
6059 ATTR_CONFIG_ERROR = 0x1009
6060 ATTR_CONFIRM_URL4 = 0x100a
6061 ATTR_CONFIRM_URL6 = 0x100b
6062 ATTR_CONN_TYPE = 0x100c
6063 ATTR_CONN_TYPE_FLAGS = 0x100d
6064 ATTR_CRED = 0x100e
6065 ATTR_ENCR_TYPE = 0x100f
6066 ATTR_ENCR_TYPE_FLAGS = 0x1010
6067 ATTR_DEV_NAME = 0x1011
6068 ATTR_DEV_PASSWORD_ID = 0x1012
6069 ATTR_E_HASH1 = 0x1014
6070 ATTR_E_HASH2 = 0x1015
6071 ATTR_E_SNONCE1 = 0x1016
6072 ATTR_E_SNONCE2 = 0x1017
6073 ATTR_ENCR_SETTINGS = 0x1018
6074 ATTR_ENROLLEE_NONCE = 0x101a
6075 ATTR_FEATURE_ID = 0x101b
6076 ATTR_IDENTITY = 0x101c
6077 ATTR_IDENTITY_PROOF = 0x101d
6078 ATTR_KEY_WRAP_AUTH = 0x101e
6079 ATTR_KEY_ID = 0x101f
6080 ATTR_MAC_ADDR = 0x1020
6081 ATTR_MANUFACTURER = 0x1021
6082 ATTR_MSG_TYPE = 0x1022
6083 ATTR_MODEL_NAME = 0x1023
6084 ATTR_MODEL_NUMBER = 0x1024
6085 ATTR_NETWORK_INDEX = 0x1026
6086 ATTR_NETWORK_KEY = 0x1027
6087 ATTR_NETWORK_KEY_INDEX = 0x1028
6088 ATTR_NEW_DEVICE_NAME = 0x1029
6089 ATTR_NEW_PASSWORD = 0x102a
6090 ATTR_OOB_DEVICE_PASSWORD = 0x102c
6091 ATTR_OS_VERSION = 0x102d
6092 ATTR_POWER_LEVEL = 0x102f
6093 ATTR_PSK_CURRENT = 0x1030
6094 ATTR_PSK_MAX = 0x1031
6095 ATTR_PUBLIC_KEY = 0x1032
6096 ATTR_RADIO_ENABLE = 0x1033
6097 ATTR_REBOOT = 0x1034
6098 ATTR_REGISTRAR_CURRENT = 0x1035
6099 ATTR_REGISTRAR_ESTABLISHED = 0x1036
6100 ATTR_REGISTRAR_LIST = 0x1037
6101 ATTR_REGISTRAR_MAX = 0x1038
6102 ATTR_REGISTRAR_NONCE = 0x1039
6103 ATTR_REQUEST_TYPE = 0x103a
6104 ATTR_RESPONSE_TYPE = 0x103b
6105 ATTR_RF_BANDS = 0x103c
6106 ATTR_R_HASH1 = 0x103d
6107 ATTR_R_HASH2 = 0x103e
6108 ATTR_R_SNONCE1 = 0x103f
6109 ATTR_R_SNONCE2 = 0x1040
6110 ATTR_SELECTED_REGISTRAR = 0x1041
6111 ATTR_SERIAL_NUMBER = 0x1042
6112 ATTR_WPS_STATE = 0x1044
6113 ATTR_SSID = 0x1045
6114 ATTR_TOTAL_NETWORKS = 0x1046
6115 ATTR_UUID_E = 0x1047
6116 ATTR_UUID_R = 0x1048
6117 ATTR_VENDOR_EXT = 0x1049
6118 ATTR_VERSION = 0x104a
6119 ATTR_X509_CERT_REQ = 0x104b
6120 ATTR_X509_CERT = 0x104c
6121 ATTR_EAP_IDENTITY = 0x104d
6122 ATTR_MSG_COUNTER = 0x104e
6123 ATTR_PUBKEY_HASH = 0x104f
6124 ATTR_REKEY_KEY = 0x1050
6125 ATTR_KEY_LIFETIME = 0x1051
6126 ATTR_PERMITTED_CFG_METHODS = 0x1052
6127 ATTR_SELECTED_REGISTRAR_CONFIG_METHODS = 0x1053
6128 ATTR_PRIMARY_DEV_TYPE = 0x1054
6129 ATTR_SECONDARY_DEV_TYPE_LIST = 0x1055
6130 ATTR_PORTABLE_DEV = 0x1056
6131 ATTR_AP_SETUP_LOCKED = 0x1057
6132 ATTR_APPLICATION_EXT = 0x1058
6133 ATTR_EAP_TYPE = 0x1059
6134 ATTR_IV = 0x1060
6135 ATTR_KEY_PROVIDED_AUTO = 0x1061
6136 ATTR_802_1X_ENABLED = 0x1062
6137 ATTR_APPSESSIONKEY = 0x1063
6138 ATTR_WEPTRANSMITKEY = 0x1064
6139 ATTR_REQUESTED_DEV_TYPE = 0x106a
6140
6141 # Message Type
6142 WPS_Beacon = 0x01
6143 WPS_ProbeRequest = 0x02
6144 WPS_ProbeResponse = 0x03
6145 WPS_M1 = 0x04
6146 WPS_M2 = 0x05
6147 WPS_M2D = 0x06
6148 WPS_M3 = 0x07
6149 WPS_M4 = 0x08
6150 WPS_M5 = 0x09
6151 WPS_M6 = 0x0a
6152 WPS_M7 = 0x0b
6153 WPS_M8 = 0x0c
6154 WPS_WSC_ACK = 0x0d
6155 WPS_WSC_NACK = 0x0e
6156 WPS_WSC_DONE = 0x0f
6157
6158 def get_wsc_msg(dev):
6159 ev = dev.wait_event(["EAPOL-TX"], timeout=10)
6160 if ev is None:
6161 raise Exception("Timeout on EAPOL-TX")
6162 data = binascii.unhexlify(ev.split(' ')[2])
6163 msg = {}
6164
6165 # Parse EAPOL header
6166 if len(data) < 4:
6167 raise Exception("No room for EAPOL header")
6168 version, type, length = struct.unpack('>BBH', data[0:4])
6169 msg['eapol_version'] = version
6170 msg['eapol_type'] = type
6171 msg['eapol_length'] = length
6172 data = data[4:]
6173 if length != len(data):
6174 raise Exception("EAPOL header length mismatch (%d != %d)" % (length, len(data)))
6175 if type != 0:
6176 raise Exception("Unexpected EAPOL header type: %d" % type)
6177
6178 # Parse EAP header
6179 if len(data) < 4:
6180 raise Exception("No room for EAP header")
6181 code, identifier, length = struct.unpack('>BBH', data[0:4])
6182 msg['eap_code'] = code
6183 msg['eap_identifier'] = identifier
6184 msg['eap_length'] = length
6185 data = data[4:]
6186 if msg['eapol_length'] != msg['eap_length']:
6187 raise Exception("EAP header length mismatch (%d != %d)" % (msg['eapol_length'], length))
6188
6189 # Parse EAP expanded header
6190 if len(data) < 1:
6191 raise Exception("No EAP type included")
6192 msg['eap_type'], = struct.unpack('B', data[0:1])
6193 data = data[1:]
6194
6195 if msg['eap_type'] == 254:
6196 if len(data) < 3 + 4:
6197 raise Exception("Truncated EAP expanded header")
6198 msg['eap_vendor_id'], msg['eap_vendor_type'] = struct.unpack('>LL', b'\x00' + data[0:7])
6199 data = data[7:]
6200 else:
6201 raise Exception("Unexpected EAP type")
6202
6203 if msg['eap_vendor_id'] != WPS_VENDOR_ID_WFA:
6204 raise Exception("Unexpected Vendor-Id")
6205 if msg['eap_vendor_type'] != WPS_VENDOR_TYPE:
6206 raise Exception("Unexpected Vendor-Type")
6207
6208 # Parse EAP-WSC header
6209 if len(data) < 2:
6210 raise Exception("Truncated EAP-WSC header")
6211 msg['wsc_opcode'], msg['wsc_flags'] = struct.unpack('BB', data[0:2])
6212 data = data[2:]
6213
6214 # Parse WSC attributes
6215 msg['raw_attrs'] = data
6216 attrs = {}
6217 while len(data) > 0:
6218 if len(data) < 4:
6219 raise Exception("Truncated attribute header")
6220 attr, length = struct.unpack('>HH', data[0:4])
6221 data = data[4:]
6222 if length > len(data):
6223 raise Exception("Truncated attribute 0x%04x" % attr)
6224 attrs[attr] = data[0:length]
6225 data = data[length:]
6226 msg['wsc_attrs'] = attrs
6227
6228 if ATTR_MSG_TYPE in attrs:
6229 msg['wsc_msg_type'], = struct.unpack('B', attrs[ATTR_MSG_TYPE])
6230
6231 return msg
6232
6233 def recv_wsc_msg(dev, opcode, msg_type):
6234 msg = get_wsc_msg(dev)
6235 if msg['wsc_opcode'] != opcode or msg['wsc_msg_type'] != msg_type:
6236 raise Exception("Unexpected Op-Code/MsgType")
6237 return msg, msg['wsc_attrs'], msg['raw_attrs']
6238
6239 def build_wsc_attr(attr, payload):
6240 _payload = payload if type(payload) == bytes else payload.encode()
6241 return struct.pack('>HH', attr, len(_payload)) + _payload
6242
6243 def build_attr_msg_type(msg_type):
6244 return build_wsc_attr(ATTR_MSG_TYPE, struct.pack('B', msg_type))
6245
6246 def build_eap_wsc(eap_code, eap_id, payload, opcode=WSC_MSG):
6247 length = 4 + 8 + 2 + len(payload)
6248 # EAPOL header
6249 msg = struct.pack('>BBH', 2, 0, length)
6250 # EAP header
6251 msg += struct.pack('>BBH', eap_code, eap_id, length)
6252 # EAP expanded header for EAP-WSC
6253 msg += struct.pack('B', 254)
6254 msg += struct.pack('>L', WPS_VENDOR_ID_WFA)[1:4]
6255 msg += struct.pack('>L', WPS_VENDOR_TYPE)
6256 # EAP-WSC header
6257 msg += struct.pack('BB', opcode, 0)
6258 # WSC attributes
6259 msg += payload
6260 return msg
6261
6262 def build_eap_success(eap_id):
6263 length = 4
6264 # EAPOL header
6265 msg = struct.pack('>BBH', 2, 0, length)
6266 # EAP header
6267 msg += struct.pack('>BBH', 3, eap_id, length)
6268 return msg
6269
6270 def build_eap_failure(eap_id):
6271 length = 4
6272 # EAPOL header
6273 msg = struct.pack('>BBH', 2, 0, length)
6274 # EAP header
6275 msg += struct.pack('>BBH', 4, eap_id, length)
6276 return msg
6277
6278 def send_wsc_msg(dev, src, msg):
6279 res = dev.request("EAPOL_RX " + src + " " + binascii.hexlify(msg).decode())
6280 if "OK" not in res:
6281 raise Exception("EAPOL_RX failed")
6282
6283 group_5_prime = 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF
6284 group_5_generator = 2
6285
6286 def wsc_kdf(key, label, bits):
6287 result = b''
6288 i = 1
6289 while len(result) * 8 < bits:
6290 data = struct.pack('>L', i) + label.encode() + struct.pack('>L', bits)
6291 m = hmac.new(key, data, hashlib.sha256)
6292 result += m.digest()
6293 i += 1
6294 return result[0:bits // 8]
6295
6296 def wsc_keys(kdk):
6297 keys = wsc_kdf(kdk, "Wi-Fi Easy and Secure Key Derivation", 640)
6298 authkey = keys[0:32]
6299 keywrapkey = keys[32:48]
6300 emsk = keys[48:80]
6301 return authkey, keywrapkey, emsk
6302
6303 def wsc_dev_pw_half_psk(authkey, dev_pw):
6304 m = hmac.new(authkey, dev_pw.encode(), hashlib.sha256)
6305 return m.digest()[0:16]
6306
6307 def wsc_dev_pw_psk(authkey, dev_pw):
6308 dev_pw_1 = dev_pw[0:len(dev_pw) // 2]
6309 dev_pw_2 = dev_pw[len(dev_pw) // 2:]
6310 psk1 = wsc_dev_pw_half_psk(authkey, dev_pw_1)
6311 psk2 = wsc_dev_pw_half_psk(authkey, dev_pw_2)
6312 return psk1, psk2
6313
6314 def build_attr_authenticator(authkey, prev_msg, curr_msg):
6315 m = hmac.new(authkey, prev_msg + curr_msg, hashlib.sha256)
6316 auth = m.digest()[0:8]
6317 return build_wsc_attr(ATTR_AUTHENTICATOR, auth)
6318
6319 def build_attr_encr_settings(authkey, keywrapkey, data):
6320 m = hmac.new(authkey, data, hashlib.sha256)
6321 kwa = m.digest()[0:8]
6322 data += build_wsc_attr(ATTR_KEY_WRAP_AUTH, kwa)
6323 iv = 16*b'\x99'
6324 aes = AES.new(keywrapkey, AES.MODE_CBC, iv)
6325 pad_len = 16 - len(data) % 16
6326 ps = pad_len * struct.pack('B', pad_len)
6327 data += ps
6328 wrapped = aes.encrypt(data)
6329 return build_wsc_attr(ATTR_ENCR_SETTINGS, iv + wrapped)
6330
6331 def decrypt_attr_encr_settings(authkey, keywrapkey, data):
6332 if len(data) < 32 or len(data) % 16 != 0:
6333 raise Exception("Unexpected Encrypted Settings length: %d" % len(data))
6334 iv = data[0:16]
6335 encr = data[16:]
6336 aes = AES.new(keywrapkey, AES.MODE_CBC, iv)
6337 decrypted = aes.decrypt(encr)
6338 pad_len, = struct.unpack('B', decrypted[-1:])
6339 if pad_len > len(decrypted):
6340 raise Exception("Invalid padding in Encrypted Settings")
6341 for i in range(-pad_len, -1):
6342 if decrypted[i] != decrypted[-1]:
6343 raise Exception("Invalid PS value in Encrypted Settings")
6344
6345 decrypted = decrypted[0:len(decrypted) - pad_len]
6346 if len(decrypted) < 12:
6347 raise Exception("Truncated Encrypted Settings plaintext")
6348 kwa = decrypted[-12:]
6349 attr, length = struct.unpack(">HH", kwa[0:4])
6350 if attr != ATTR_KEY_WRAP_AUTH or length != 8:
6351 raise Exception("Invalid KWA header")
6352 kwa = kwa[4:]
6353 decrypted = decrypted[0:len(decrypted) - 12]
6354
6355 m = hmac.new(authkey, decrypted, hashlib.sha256)
6356 calc_kwa = m.digest()[0:8]
6357 if kwa != calc_kwa:
6358 raise Exception("KWA mismatch")
6359
6360 return decrypted
6361
6362 def zeropad_str(val, pad_len):
6363 while len(val) < pad_len * 2:
6364 val = '0' + val
6365 return val
6366
6367 def wsc_dh_init():
6368 # For now, use a hardcoded private key. In theory, this is supposed to be
6369 # randomly selected.
6370 own_private = 0x123456789
6371 own_public = pow(group_5_generator, own_private, group_5_prime)
6372 pk = binascii.unhexlify(zeropad_str(format(own_public, '02x'), 192))
6373 return own_private, pk
6374
6375 def wsc_dh_kdf(peer_pk, own_private, mac_addr, e_nonce, r_nonce):
6376 peer_public = int(binascii.hexlify(peer_pk), 16)
6377 if peer_public < 2 or peer_public >= group_5_prime:
6378 raise Exception("Invalid peer public key")
6379 if pow(peer_public, (group_5_prime - 1) // 2, group_5_prime) != 1:
6380 raise Exception("Unexpected Legendre symbol for peer public key")
6381
6382 shared_secret = pow(peer_public, own_private, group_5_prime)
6383 ss = zeropad_str(format(shared_secret, "02x"), 192)
6384 logger.debug("DH shared secret: " + ss)
6385
6386 dhkey = hashlib.sha256(binascii.unhexlify(ss)).digest()
6387 logger.debug("DHKey: " + binascii.hexlify(dhkey).decode())
6388
6389 m = hmac.new(dhkey, e_nonce + mac_addr + r_nonce, hashlib.sha256)
6390 kdk = m.digest()
6391 logger.debug("KDK: " + binascii.hexlify(kdk).decode())
6392 authkey, keywrapkey, emsk = wsc_keys(kdk)
6393 logger.debug("AuthKey: " + binascii.hexlify(authkey).decode())
6394 logger.debug("KeyWrapKey: " + binascii.hexlify(keywrapkey).decode())
6395 logger.debug("EMSK: " + binascii.hexlify(emsk).decode())
6396 return authkey, keywrapkey
6397
6398 def wsc_dev_pw_hash(authkey, dev_pw, e_pk, r_pk):
6399 psk1, psk2 = wsc_dev_pw_psk(authkey, dev_pw)
6400 logger.debug("PSK1: " + binascii.hexlify(psk1).decode())
6401 logger.debug("PSK2: " + binascii.hexlify(psk2).decode())
6402
6403 # Note: Secret values are supposed to be random, but hardcoded values are
6404 # fine for testing.
6405 s1 = 16*b'\x77'
6406 m = hmac.new(authkey, s1 + psk1 + e_pk + r_pk, hashlib.sha256)
6407 hash1 = m.digest()
6408 logger.debug("Hash1: " + binascii.hexlify(hash1).decode())
6409
6410 s2 = 16*b'\x88'
6411 m = hmac.new(authkey, s2 + psk2 + e_pk + r_pk, hashlib.sha256)
6412 hash2 = m.digest()
6413 logger.debug("Hash2: " + binascii.hexlify(hash2).decode())
6414 return s1, s2, hash1, hash2
6415
6416 def build_m1(eap_id, uuid_e, mac_addr, e_nonce, e_pk,
6417 manufacturer='', model_name='', config_methods='\x00\x00'):
6418 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
6419 attrs += build_attr_msg_type(WPS_M1)
6420 attrs += build_wsc_attr(ATTR_UUID_E, uuid_e)
6421 attrs += build_wsc_attr(ATTR_MAC_ADDR, mac_addr)
6422 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
6423 attrs += build_wsc_attr(ATTR_PUBLIC_KEY, e_pk)
6424 attrs += build_wsc_attr(ATTR_AUTH_TYPE_FLAGS, '\x00\x00')
6425 attrs += build_wsc_attr(ATTR_ENCR_TYPE_FLAGS, '\x00\x00')
6426 attrs += build_wsc_attr(ATTR_CONN_TYPE_FLAGS, '\x00')
6427 attrs += build_wsc_attr(ATTR_CONFIG_METHODS, config_methods)
6428 attrs += build_wsc_attr(ATTR_WPS_STATE, '\x00')
6429 attrs += build_wsc_attr(ATTR_MANUFACTURER, manufacturer)
6430 attrs += build_wsc_attr(ATTR_MODEL_NAME, model_name)
6431 attrs += build_wsc_attr(ATTR_MODEL_NUMBER, '')
6432 attrs += build_wsc_attr(ATTR_SERIAL_NUMBER, '')
6433 attrs += build_wsc_attr(ATTR_PRIMARY_DEV_TYPE, 8*'\x00')
6434 attrs += build_wsc_attr(ATTR_DEV_NAME, '')
6435 attrs += build_wsc_attr(ATTR_RF_BANDS, '\x00')
6436 attrs += build_wsc_attr(ATTR_ASSOC_STATE, '\x00\x00')
6437 attrs += build_wsc_attr(ATTR_DEV_PASSWORD_ID, '\x00\x00')
6438 attrs += build_wsc_attr(ATTR_CONFIG_ERROR, '\x00\x00')
6439 attrs += build_wsc_attr(ATTR_OS_VERSION, '\x00\x00\x00\x00')
6440 m1 = build_eap_wsc(2, eap_id, attrs)
6441 return m1, attrs
6442
6443 def build_m2(authkey, m1, eap_id, e_nonce, r_nonce, uuid_r, r_pk,
6444 dev_pw_id='\x00\x00', eap_code=1):
6445 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
6446 attrs += build_attr_msg_type(WPS_M2)
6447 if e_nonce:
6448 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
6449 if r_nonce:
6450 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
6451 attrs += build_wsc_attr(ATTR_UUID_R, uuid_r)
6452 if r_pk:
6453 attrs += build_wsc_attr(ATTR_PUBLIC_KEY, r_pk)
6454 attrs += build_wsc_attr(ATTR_AUTH_TYPE_FLAGS, '\x00\x00')
6455 attrs += build_wsc_attr(ATTR_ENCR_TYPE_FLAGS, '\x00\x00')
6456 attrs += build_wsc_attr(ATTR_CONN_TYPE_FLAGS, '\x00')
6457 attrs += build_wsc_attr(ATTR_CONFIG_METHODS, '\x00\x00')
6458 attrs += build_wsc_attr(ATTR_MANUFACTURER, '')
6459 attrs += build_wsc_attr(ATTR_MODEL_NAME, '')
6460 attrs += build_wsc_attr(ATTR_MODEL_NUMBER, '')
6461 attrs += build_wsc_attr(ATTR_SERIAL_NUMBER, '')
6462 attrs += build_wsc_attr(ATTR_PRIMARY_DEV_TYPE, 8*'\x00')
6463 attrs += build_wsc_attr(ATTR_DEV_NAME, '')
6464 attrs += build_wsc_attr(ATTR_RF_BANDS, '\x00')
6465 attrs += build_wsc_attr(ATTR_ASSOC_STATE, '\x00\x00')
6466 attrs += build_wsc_attr(ATTR_CONFIG_ERROR, '\x00\x00')
6467 attrs += build_wsc_attr(ATTR_DEV_PASSWORD_ID, dev_pw_id)
6468 attrs += build_wsc_attr(ATTR_OS_VERSION, '\x00\x00\x00\x00')
6469 attrs += build_attr_authenticator(authkey, m1, attrs)
6470 m2 = build_eap_wsc(eap_code, eap_id, attrs)
6471 return m2, attrs
6472
6473 def build_m2d(m1, eap_id, e_nonce, r_nonce, uuid_r, dev_pw_id=None, eap_code=1):
6474 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
6475 attrs += build_attr_msg_type(WPS_M2D)
6476 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
6477 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
6478 attrs += build_wsc_attr(ATTR_UUID_R, uuid_r)
6479 attrs += build_wsc_attr(ATTR_AUTH_TYPE_FLAGS, '\x00\x00')
6480 attrs += build_wsc_attr(ATTR_ENCR_TYPE_FLAGS, '\x00\x00')
6481 attrs += build_wsc_attr(ATTR_CONN_TYPE_FLAGS, '\x00')
6482 attrs += build_wsc_attr(ATTR_CONFIG_METHODS, '\x00\x00')
6483 attrs += build_wsc_attr(ATTR_MANUFACTURER, '')
6484 attrs += build_wsc_attr(ATTR_MODEL_NAME, '')
6485 #attrs += build_wsc_attr(ATTR_MODEL_NUMBER, '')
6486 attrs += build_wsc_attr(ATTR_SERIAL_NUMBER, '')
6487 attrs += build_wsc_attr(ATTR_PRIMARY_DEV_TYPE, 8*'\x00')
6488 attrs += build_wsc_attr(ATTR_DEV_NAME, '')
6489 attrs += build_wsc_attr(ATTR_RF_BANDS, '\x00')
6490 attrs += build_wsc_attr(ATTR_ASSOC_STATE, '\x00\x00')
6491 attrs += build_wsc_attr(ATTR_CONFIG_ERROR, '\x00\x00')
6492 attrs += build_wsc_attr(ATTR_OS_VERSION, '\x00\x00\x00\x00')
6493 if dev_pw_id:
6494 attrs += build_wsc_attr(ATTR_DEV_PASSWORD_ID, dev_pw_id)
6495 m2d = build_eap_wsc(eap_code, eap_id, attrs)
6496 return m2d, attrs
6497
6498 def build_ack(eap_id, e_nonce, r_nonce, msg_type=WPS_WSC_ACK, eap_code=1):
6499 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
6500 if msg_type is not None:
6501 attrs += build_attr_msg_type(msg_type)
6502 if e_nonce:
6503 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
6504 if r_nonce:
6505 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
6506 msg = build_eap_wsc(eap_code, eap_id, attrs, opcode=WSC_ACK)
6507 return msg, attrs
6508
6509 def build_nack(eap_id, e_nonce, r_nonce, config_error='\x00\x00',
6510 msg_type=WPS_WSC_NACK, eap_code=1):
6511 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
6512 if msg_type is not None:
6513 attrs += build_attr_msg_type(msg_type)
6514 if e_nonce:
6515 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
6516 if r_nonce:
6517 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
6518 if config_error:
6519 attrs += build_wsc_attr(ATTR_CONFIG_ERROR, config_error)
6520 msg = build_eap_wsc(eap_code, eap_id, attrs, opcode=WSC_NACK)
6521 return msg, attrs
6522
6523 def test_wps_ext(dev, apdev):
6524 """WPS against external implementation"""
6525 pin = "12345670"
6526 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
6527 wps_ext_eap_identity_req(dev[0], hapd, bssid)
6528 wps_ext_eap_identity_resp(hapd, dev[0], addr)
6529
6530 logger.debug("Receive WSC/Start from AP")
6531 msg = get_wsc_msg(hapd)
6532 if msg['wsc_opcode'] != WSC_Start:
6533 raise Exception("Unexpected Op-Code for WSC/Start")
6534 wsc_start_id = msg['eap_identifier']
6535
6536 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
6537 uuid_e = 16*b'\x11'
6538 e_nonce = 16*b'\x22'
6539 own_private, e_pk = wsc_dh_init()
6540
6541 logger.debug("Send M1 to AP")
6542 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
6543 e_nonce, e_pk)
6544 send_wsc_msg(hapd, addr, m1)
6545
6546 logger.debug("Receive M2 from AP")
6547 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
6548
6549 authkey, keywrapkey = wsc_dh_kdf(m2_attrs[ATTR_PUBLIC_KEY], own_private,
6550 mac_addr, e_nonce,
6551 m2_attrs[ATTR_REGISTRAR_NONCE])
6552 e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk,
6553 m2_attrs[ATTR_PUBLIC_KEY])
6554
6555 logger.debug("Send M3 to AP")
6556 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
6557 attrs += build_attr_msg_type(WPS_M3)
6558 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE,
6559 m2_attrs[ATTR_REGISTRAR_NONCE])
6560 attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
6561 attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
6562 attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
6563 raw_m3_attrs = attrs
6564 m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
6565 send_wsc_msg(hapd, addr, m3)
6566
6567 logger.debug("Receive M4 from AP")
6568 msg, m4_attrs, raw_m4_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M4)
6569
6570 logger.debug("Send M5 to AP")
6571 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
6572 attrs += build_attr_msg_type(WPS_M5)
6573 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE,
6574 m2_attrs[ATTR_REGISTRAR_NONCE])
6575 data = build_wsc_attr(ATTR_E_SNONCE1, e_s1)
6576 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
6577 attrs += build_attr_authenticator(authkey, raw_m4_attrs, attrs)
6578 raw_m5_attrs = attrs
6579 m5 = build_eap_wsc(2, msg['eap_identifier'], attrs)
6580 send_wsc_msg(hapd, addr, m5)
6581
6582 logger.debug("Receive M6 from AP")
6583 msg, m6_attrs, raw_m6_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M6)
6584
6585 logger.debug("Send M7 to AP")
6586 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
6587 attrs += build_attr_msg_type(WPS_M7)
6588 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE,
6589 m2_attrs[ATTR_REGISTRAR_NONCE])
6590 data = build_wsc_attr(ATTR_E_SNONCE2, e_s2)
6591 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
6592 attrs += build_attr_authenticator(authkey, raw_m6_attrs, attrs)
6593 m7 = build_eap_wsc(2, msg['eap_identifier'], attrs)
6594 raw_m7_attrs = attrs
6595 send_wsc_msg(hapd, addr, m7)
6596
6597 logger.debug("Receive M8 from AP")
6598 msg, m8_attrs, raw_m8_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M8)
6599 m8_cred = decrypt_attr_encr_settings(authkey, keywrapkey,
6600 m8_attrs[ATTR_ENCR_SETTINGS])
6601 logger.debug("M8 Credential: " + binascii.hexlify(m8_cred).decode())
6602
6603 logger.debug("Prepare WSC_Done")
6604 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
6605 attrs += build_attr_msg_type(WPS_WSC_DONE)
6606 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
6607 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE,
6608 m2_attrs[ATTR_REGISTRAR_NONCE])
6609 wsc_done = build_eap_wsc(2, msg['eap_identifier'], attrs, opcode=WSC_Done)
6610 # Do not send WSC_Done yet to allow exchangw with STA complete before the
6611 # AP disconnects.
6612
6613 uuid_r = 16*b'\x33'
6614 r_nonce = 16*b'\x44'
6615
6616 eap_id = wsc_start_id
6617 logger.debug("Send WSC/Start to STA")
6618 wsc_start = build_eap_wsc(1, eap_id, b'', opcode=WSC_Start)
6619 send_wsc_msg(dev[0], bssid, wsc_start)
6620 eap_id = (eap_id + 1) % 256
6621
6622 logger.debug("Receive M1 from STA")
6623 msg, m1_attrs, raw_m1_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M1)
6624
6625 authkey, keywrapkey = wsc_dh_kdf(m1_attrs[ATTR_PUBLIC_KEY], own_private,
6626 mac_addr, m1_attrs[ATTR_ENROLLEE_NONCE],
6627 r_nonce)
6628 r_s1, r_s2, r_hash1, r_hash2 = wsc_dev_pw_hash(authkey, pin,
6629 m1_attrs[ATTR_PUBLIC_KEY],
6630 e_pk)
6631
6632 logger.debug("Send M2 to STA")
6633 m2, raw_m2_attrs = build_m2(authkey, raw_m1_attrs, eap_id,
6634 m1_attrs[ATTR_ENROLLEE_NONCE],
6635 r_nonce, uuid_r, e_pk)
6636 send_wsc_msg(dev[0], bssid, m2)
6637 eap_id = (eap_id + 1) % 256
6638
6639 logger.debug("Receive M3 from STA")
6640 msg, m3_attrs, raw_m3_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M3)
6641
6642 logger.debug("Send M4 to STA")
6643 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
6644 attrs += build_attr_msg_type(WPS_M4)
6645 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, m1_attrs[ATTR_ENROLLEE_NONCE])
6646 attrs += build_wsc_attr(ATTR_R_HASH1, r_hash1)
6647 attrs += build_wsc_attr(ATTR_R_HASH2, r_hash2)
6648 data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
6649 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
6650 attrs += build_attr_authenticator(authkey, raw_m3_attrs, attrs)
6651 raw_m4_attrs = attrs
6652 m4 = build_eap_wsc(1, eap_id, attrs)
6653 send_wsc_msg(dev[0], bssid, m4)
6654 eap_id = (eap_id + 1) % 256
6655
6656 logger.debug("Receive M5 from STA")
6657 msg, m5_attrs, raw_m5_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M5)
6658
6659 logger.debug("Send M6 to STA")
6660 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
6661 attrs += build_attr_msg_type(WPS_M6)
6662 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE,
6663 m1_attrs[ATTR_ENROLLEE_NONCE])
6664 data = build_wsc_attr(ATTR_R_SNONCE2, r_s2)
6665 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
6666 attrs += build_attr_authenticator(authkey, raw_m5_attrs, attrs)
6667 raw_m6_attrs = attrs
6668 m6 = build_eap_wsc(1, eap_id, attrs)
6669 send_wsc_msg(dev[0], bssid, m6)
6670 eap_id = (eap_id + 1) % 256
6671
6672 logger.debug("Receive M7 from STA")
6673 msg, m7_attrs, raw_m7_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M7)
6674
6675 logger.debug("Send M8 to STA")
6676 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
6677 attrs += build_attr_msg_type(WPS_M8)
6678 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE,
6679 m1_attrs[ATTR_ENROLLEE_NONCE])
6680 attrs += build_attr_encr_settings(authkey, keywrapkey, m8_cred)
6681 attrs += build_attr_authenticator(authkey, raw_m7_attrs, attrs)
6682 raw_m8_attrs = attrs
6683 m8 = build_eap_wsc(1, eap_id, attrs)
6684 send_wsc_msg(dev[0], bssid, m8)
6685 eap_id = (eap_id + 1) % 256
6686
6687 ev = dev[0].wait_event(["WPS-CRED-RECEIVED"], timeout=5)
6688 if ev is None:
6689 raise Exception("wpa_supplicant did not report credential")
6690
6691 logger.debug("Receive WSC_Done from STA")
6692 msg = get_wsc_msg(dev[0])
6693 if msg['wsc_opcode'] != WSC_Done or msg['wsc_msg_type'] != WPS_WSC_DONE:
6694 raise Exception("Unexpected Op-Code/MsgType for WSC_Done")
6695
6696 logger.debug("Send WSC_Done to AP")
6697 hapd.request("SET ext_eapol_frame_io 0")
6698 dev[0].request("SET ext_eapol_frame_io 0")
6699 send_wsc_msg(hapd, addr, wsc_done)
6700
6701 ev = hapd.wait_event(["WPS-REG-SUCCESS"], timeout=5)
6702 if ev is None:
6703 raise Exception("hostapd did not report WPS success")
6704
6705 dev[0].wait_connected()
6706
6707 def wps_start_kwa(dev, apdev):
6708 pin = "12345670"
6709 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
6710 wps_ext_eap_identity_req(dev[0], hapd, bssid)
6711 wps_ext_eap_identity_resp(hapd, dev[0], addr)
6712 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
6713
6714 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
6715 uuid_r = 16*b'\x33'
6716 r_nonce = 16*b'\x44'
6717 own_private, e_pk = wsc_dh_init()
6718
6719 logger.debug("Receive M1 from STA")
6720 msg, m1_attrs, raw_m1_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M1)
6721 eap_id = (msg['eap_identifier'] + 1) % 256
6722
6723 authkey, keywrapkey = wsc_dh_kdf(m1_attrs[ATTR_PUBLIC_KEY], own_private,
6724 mac_addr, m1_attrs[ATTR_ENROLLEE_NONCE],
6725 r_nonce)
6726 r_s1, r_s2, r_hash1, r_hash2 = wsc_dev_pw_hash(authkey, pin,
6727 m1_attrs[ATTR_PUBLIC_KEY],
6728 e_pk)
6729
6730 logger.debug("Send M2 to STA")
6731 m2, raw_m2_attrs = build_m2(authkey, raw_m1_attrs, eap_id,
6732 m1_attrs[ATTR_ENROLLEE_NONCE],
6733 r_nonce, uuid_r, e_pk)
6734 send_wsc_msg(dev[0], bssid, m2)
6735 eap_id = (eap_id + 1) % 256
6736
6737 logger.debug("Receive M3 from STA")
6738 msg, m3_attrs, raw_m3_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M3)
6739
6740 logger.debug("Send M4 to STA")
6741 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
6742 attrs += build_attr_msg_type(WPS_M4)
6743 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, m1_attrs[ATTR_ENROLLEE_NONCE])
6744 attrs += build_wsc_attr(ATTR_R_HASH1, r_hash1)
6745 attrs += build_wsc_attr(ATTR_R_HASH2, r_hash2)
6746
6747 return r_s1, keywrapkey, authkey, raw_m3_attrs, eap_id, bssid, attrs
6748
6749 def wps_stop_kwa(dev, bssid, attrs, authkey, raw_m3_attrs, eap_id):
6750 attrs += build_attr_authenticator(authkey, raw_m3_attrs, attrs)
6751 m4 = build_eap_wsc(1, eap_id, attrs)
6752 send_wsc_msg(dev[0], bssid, m4)
6753 eap_id = (eap_id + 1) % 256
6754
6755 logger.debug("Receive M5 from STA")
6756 msg = get_wsc_msg(dev[0])
6757 if msg['wsc_opcode'] != WSC_NACK:
6758 raise Exception("Unexpected message - expected WSC_Nack")
6759
6760 dev[0].request("WPS_CANCEL")
6761 send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
6762 dev[0].wait_disconnected()
6763
6764 def test_wps_ext_kwa_proto_no_kwa(dev, apdev):
6765 """WPS and KWA error: No KWA attribute"""
6766 r_s1, keywrapkey, authkey, raw_m3_attrs, eap_id, bssid, attrs = wps_start_kwa(dev, apdev)
6767 data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
6768 # Encrypted Settings without KWA
6769 iv = 16*b'\x99'
6770 aes = AES.new(keywrapkey, AES.MODE_CBC, iv)
6771 pad_len = 16 - len(data) % 16
6772 ps = pad_len * struct.pack('B', pad_len)
6773 data += ps
6774 wrapped = aes.encrypt(data)
6775 attrs += build_wsc_attr(ATTR_ENCR_SETTINGS, iv + wrapped)
6776 wps_stop_kwa(dev, bssid, attrs, authkey, raw_m3_attrs, eap_id)
6777
6778 def test_wps_ext_kwa_proto_data_after_kwa(dev, apdev):
6779 """WPS and KWA error: Data after KWA"""
6780 r_s1, keywrapkey, authkey, raw_m3_attrs, eap_id, bssid, attrs = wps_start_kwa(dev, apdev)
6781 data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
6782 # Encrypted Settings and data after KWA
6783 m = hmac.new(authkey, data, hashlib.sha256)
6784 kwa = m.digest()[0:8]
6785 data += build_wsc_attr(ATTR_KEY_WRAP_AUTH, kwa)
6786 data += build_wsc_attr(ATTR_VENDOR_EXT, "1234567890")
6787 iv = 16*b'\x99'
6788 aes = AES.new(keywrapkey, AES.MODE_CBC, iv)
6789 pad_len = 16 - len(data) % 16
6790 ps = pad_len * struct.pack('B', pad_len)
6791 data += ps
6792 wrapped = aes.encrypt(data)
6793 attrs += build_wsc_attr(ATTR_ENCR_SETTINGS, iv + wrapped)
6794 wps_stop_kwa(dev, bssid, attrs, authkey, raw_m3_attrs, eap_id)
6795
6796 def test_wps_ext_kwa_proto_kwa_mismatch(dev, apdev):
6797 """WPS and KWA error: KWA mismatch"""
6798 r_s1, keywrapkey, authkey, raw_m3_attrs, eap_id, bssid, attrs = wps_start_kwa(dev, apdev)
6799 data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
6800 # Encrypted Settings and KWA with incorrect value
6801 data += build_wsc_attr(ATTR_KEY_WRAP_AUTH, 8*'\x00')
6802 iv = 16*b'\x99'
6803 aes = AES.new(keywrapkey, AES.MODE_CBC, iv)
6804 pad_len = 16 - len(data) % 16
6805 ps = pad_len * struct.pack('B', pad_len)
6806 data += ps
6807 wrapped = aes.encrypt(data)
6808 attrs += build_wsc_attr(ATTR_ENCR_SETTINGS, iv + wrapped)
6809 wps_stop_kwa(dev, bssid, attrs, authkey, raw_m3_attrs, eap_id)
6810
6811 def wps_run_cred_proto(dev, apdev, m8_cred, connect=False, no_connect=False):
6812 pin = "12345670"
6813 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
6814 wps_ext_eap_identity_req(dev[0], hapd, bssid)
6815 wps_ext_eap_identity_resp(hapd, dev[0], addr)
6816 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
6817
6818 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
6819 uuid_r = 16*b'\x33'
6820 r_nonce = 16*b'\x44'
6821 own_private, e_pk = wsc_dh_init()
6822
6823 logger.debug("Receive M1 from STA")
6824 msg, m1_attrs, raw_m1_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M1)
6825 eap_id = (msg['eap_identifier'] + 1) % 256
6826
6827 authkey, keywrapkey = wsc_dh_kdf(m1_attrs[ATTR_PUBLIC_KEY], own_private,
6828 mac_addr, m1_attrs[ATTR_ENROLLEE_NONCE],
6829 r_nonce)
6830 r_s1, r_s2, r_hash1, r_hash2 = wsc_dev_pw_hash(authkey, pin,
6831 m1_attrs[ATTR_PUBLIC_KEY],
6832 e_pk)
6833
6834 logger.debug("Send M2 to STA")
6835 m2, raw_m2_attrs = build_m2(authkey, raw_m1_attrs, eap_id,
6836 m1_attrs[ATTR_ENROLLEE_NONCE],
6837 r_nonce, uuid_r, e_pk)
6838 send_wsc_msg(dev[0], bssid, m2)
6839 eap_id = (eap_id + 1) % 256
6840
6841 logger.debug("Receive M3 from STA")
6842 msg, m3_attrs, raw_m3_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M3)
6843
6844 logger.debug("Send M4 to STA")
6845 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
6846 attrs += build_attr_msg_type(WPS_M4)
6847 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, m1_attrs[ATTR_ENROLLEE_NONCE])
6848 attrs += build_wsc_attr(ATTR_R_HASH1, r_hash1)
6849 attrs += build_wsc_attr(ATTR_R_HASH2, r_hash2)
6850 data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
6851 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
6852 attrs += build_attr_authenticator(authkey, raw_m3_attrs, attrs)
6853 raw_m4_attrs = attrs
6854 m4 = build_eap_wsc(1, eap_id, attrs)
6855 send_wsc_msg(dev[0], bssid, m4)
6856 eap_id = (eap_id + 1) % 256
6857
6858 logger.debug("Receive M5 from STA")
6859 msg, m5_attrs, raw_m5_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M5)
6860
6861 logger.debug("Send M6 to STA")
6862 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
6863 attrs += build_attr_msg_type(WPS_M6)
6864 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE,
6865 m1_attrs[ATTR_ENROLLEE_NONCE])
6866 data = build_wsc_attr(ATTR_R_SNONCE2, r_s2)
6867 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
6868 attrs += build_attr_authenticator(authkey, raw_m5_attrs, attrs)
6869 raw_m6_attrs = attrs
6870 m6 = build_eap_wsc(1, eap_id, attrs)
6871 send_wsc_msg(dev[0], bssid, m6)
6872 eap_id = (eap_id + 1) % 256
6873
6874 logger.debug("Receive M7 from STA")
6875 msg, m7_attrs, raw_m7_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M7)
6876
6877 logger.debug("Send M8 to STA")
6878 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
6879 attrs += build_attr_msg_type(WPS_M8)
6880 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE,
6881 m1_attrs[ATTR_ENROLLEE_NONCE])
6882 attrs += build_attr_encr_settings(authkey, keywrapkey, m8_cred)
6883 attrs += build_attr_authenticator(authkey, raw_m7_attrs, attrs)
6884 raw_m8_attrs = attrs
6885 m8 = build_eap_wsc(1, eap_id, attrs)
6886 send_wsc_msg(dev[0], bssid, m8)
6887 eap_id = (eap_id + 1) % 256
6888
6889 if no_connect:
6890 logger.debug("Receive WSC_Done from STA")
6891 msg = get_wsc_msg(dev[0])
6892 if msg['wsc_opcode'] != WSC_Done or msg['wsc_msg_type'] != WPS_WSC_DONE:
6893 raise Exception("Unexpected Op-Code/MsgType for WSC_Done")
6894
6895 hapd.request("SET ext_eapol_frame_io 0")
6896 dev[0].request("SET ext_eapol_frame_io 0")
6897
6898 send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
6899
6900 dev[0].wait_disconnected()
6901 dev[0].request("REMOVE_NETWORK all")
6902 elif connect:
6903 logger.debug("Receive WSC_Done from STA")
6904 msg = get_wsc_msg(dev[0])
6905 if msg['wsc_opcode'] != WSC_Done or msg['wsc_msg_type'] != WPS_WSC_DONE:
6906 raise Exception("Unexpected Op-Code/MsgType for WSC_Done")
6907
6908 hapd.request("SET ext_eapol_frame_io 0")
6909 dev[0].request("SET ext_eapol_frame_io 0")
6910
6911 send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
6912
6913 dev[0].wait_connected()
6914 else:
6915 # Verify STA NACK's the credential
6916 msg = get_wsc_msg(dev[0])
6917 if msg['wsc_opcode'] != WSC_NACK:
6918 raise Exception("Unexpected message - expected WSC_Nack")
6919 dev[0].request("WPS_CANCEL")
6920 send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
6921 dev[0].wait_disconnected()
6922
6923 def build_cred(nw_idx='\x01', ssid='test-wps-conf', auth_type='\x00\x20',
6924 encr_type='\x00\x08', nw_key="12345678",
6925 mac_addr='\x00\x00\x00\x00\x00\x00'):
6926 attrs = b''
6927 if nw_idx is not None:
6928 attrs += build_wsc_attr(ATTR_NETWORK_INDEX, nw_idx)
6929 if ssid is not None:
6930 attrs += build_wsc_attr(ATTR_SSID, ssid)
6931 if auth_type is not None:
6932 attrs += build_wsc_attr(ATTR_AUTH_TYPE, auth_type)
6933 if encr_type is not None:
6934 attrs += build_wsc_attr(ATTR_ENCR_TYPE, encr_type)
6935 if nw_key is not None:
6936 attrs += build_wsc_attr(ATTR_NETWORK_KEY, nw_key)
6937 if mac_addr is not None:
6938 attrs += build_wsc_attr(ATTR_MAC_ADDR, mac_addr)
6939 return build_wsc_attr(ATTR_CRED, attrs)
6940
6941 def test_wps_ext_cred_proto_success(dev, apdev):
6942 """WPS and Credential: success"""
6943 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
6944 m8_cred = build_cred(mac_addr=mac_addr)
6945 wps_run_cred_proto(dev, apdev, m8_cred, connect=True)
6946
6947 def test_wps_ext_cred_proto_mac_addr_mismatch(dev, apdev):
6948 """WPS and Credential: MAC Address mismatch"""
6949 m8_cred = build_cred()
6950 wps_run_cred_proto(dev, apdev, m8_cred, connect=True)
6951
6952 def test_wps_ext_cred_proto_zero_padding(dev, apdev):
6953 """WPS and Credential: zeropadded attributes"""
6954 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
6955 m8_cred = build_cred(mac_addr=mac_addr, ssid='test-wps-conf\x00',
6956 nw_key="12345678\x00")
6957 wps_run_cred_proto(dev, apdev, m8_cred, connect=True)
6958
6959 def test_wps_ext_cred_proto_ssid_missing(dev, apdev):
6960 """WPS and Credential: SSID missing"""
6961 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
6962 m8_cred = build_cred(mac_addr=mac_addr, ssid=None)
6963 wps_run_cred_proto(dev, apdev, m8_cred)
6964
6965 def test_wps_ext_cred_proto_ssid_zero_len(dev, apdev):
6966 """WPS and Credential: Zero-length SSID"""
6967 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
6968 m8_cred = build_cred(mac_addr=mac_addr, ssid="")
6969 wps_run_cred_proto(dev, apdev, m8_cred, no_connect=True)
6970
6971 def test_wps_ext_cred_proto_auth_type_missing(dev, apdev):
6972 """WPS and Credential: Auth Type missing"""
6973 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
6974 m8_cred = build_cred(mac_addr=mac_addr, auth_type=None)
6975 wps_run_cred_proto(dev, apdev, m8_cred)
6976
6977 def test_wps_ext_cred_proto_encr_type_missing(dev, apdev):
6978 """WPS and Credential: Encr Type missing"""
6979 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
6980 m8_cred = build_cred(mac_addr=mac_addr, encr_type=None)
6981 wps_run_cred_proto(dev, apdev, m8_cred)
6982
6983 def test_wps_ext_cred_proto_network_key_missing(dev, apdev):
6984 """WPS and Credential: Network Key missing"""
6985 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
6986 m8_cred = build_cred(mac_addr=mac_addr, nw_key=None)
6987 wps_run_cred_proto(dev, apdev, m8_cred)
6988
6989 def test_wps_ext_cred_proto_network_key_missing_open(dev, apdev):
6990 """WPS and Credential: Network Key missing (open)"""
6991 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
6992 m8_cred = build_cred(mac_addr=mac_addr, auth_type='\x00\x01',
6993 encr_type='\x00\x01', nw_key=None, ssid="foo")
6994 wps_run_cred_proto(dev, apdev, m8_cred, no_connect=True)
6995
6996 def test_wps_ext_cred_proto_mac_addr_missing(dev, apdev):
6997 """WPS and Credential: MAC Address missing"""
6998 m8_cred = build_cred(mac_addr=None)
6999 wps_run_cred_proto(dev, apdev, m8_cred)
7000
7001 def test_wps_ext_cred_proto_invalid_encr_type(dev, apdev):
7002 """WPS and Credential: Invalid Encr Type"""
7003 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
7004 m8_cred = build_cred(mac_addr=mac_addr, encr_type='\x00\x00')
7005 wps_run_cred_proto(dev, apdev, m8_cred)
7006
7007 def test_wps_ext_cred_proto_missing_cred(dev, apdev):
7008 """WPS and Credential: Missing Credential"""
7009 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
7010 m8_cred = b''
7011 wps_run_cred_proto(dev, apdev, m8_cred)
7012
7013 def test_wps_ext_proto_m2_no_public_key(dev, apdev):
7014 """WPS and no Public Key in M2"""
7015 pin = "12345670"
7016 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
7017 wps_ext_eap_identity_req(dev[0], hapd, bssid)
7018 wps_ext_eap_identity_resp(hapd, dev[0], addr)
7019 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
7020
7021 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
7022 uuid_r = 16*b'\x33'
7023 r_nonce = 16*b'\x44'
7024 own_private, e_pk = wsc_dh_init()
7025
7026 logger.debug("Receive M1 from STA")
7027 msg, m1_attrs, raw_m1_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M1)
7028 eap_id = (msg['eap_identifier'] + 1) % 256
7029
7030 authkey, keywrapkey = wsc_dh_kdf(m1_attrs[ATTR_PUBLIC_KEY], own_private,
7031 mac_addr, m1_attrs[ATTR_ENROLLEE_NONCE],
7032 r_nonce)
7033 r_s1, r_s2, r_hash1, r_hash2 = wsc_dev_pw_hash(authkey, pin,
7034 m1_attrs[ATTR_PUBLIC_KEY],
7035 e_pk)
7036
7037 logger.debug("Send M2 to STA")
7038 m2, raw_m2_attrs = build_m2(authkey, raw_m1_attrs, eap_id,
7039 m1_attrs[ATTR_ENROLLEE_NONCE],
7040 r_nonce, uuid_r, None)
7041 send_wsc_msg(dev[0], bssid, m2)
7042 eap_id = (eap_id + 1) % 256
7043
7044 # Verify STA NACK's the credential
7045 msg = get_wsc_msg(dev[0])
7046 if msg['wsc_opcode'] != WSC_NACK:
7047 raise Exception("Unexpected message - expected WSC_Nack")
7048 dev[0].request("WPS_CANCEL")
7049 send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
7050 dev[0].wait_disconnected()
7051
7052 def test_wps_ext_proto_m2_invalid_public_key(dev, apdev):
7053 """WPS and invalid Public Key in M2"""
7054 pin = "12345670"
7055 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
7056 wps_ext_eap_identity_req(dev[0], hapd, bssid)
7057 wps_ext_eap_identity_resp(hapd, dev[0], addr)
7058 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
7059
7060 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
7061 uuid_r = 16*b'\x33'
7062 r_nonce = 16*b'\x44'
7063 own_private, e_pk = wsc_dh_init()
7064
7065 logger.debug("Receive M1 from STA")
7066 msg, m1_attrs, raw_m1_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M1)
7067 eap_id = (msg['eap_identifier'] + 1) % 256
7068
7069 authkey, keywrapkey = wsc_dh_kdf(m1_attrs[ATTR_PUBLIC_KEY], own_private,
7070 mac_addr, m1_attrs[ATTR_ENROLLEE_NONCE],
7071 r_nonce)
7072 r_s1, r_s2, r_hash1, r_hash2 = wsc_dev_pw_hash(authkey, pin,
7073 m1_attrs[ATTR_PUBLIC_KEY],
7074 e_pk)
7075
7076 logger.debug("Send M2 to STA")
7077 m2, raw_m2_attrs = build_m2(authkey, raw_m1_attrs, eap_id,
7078 m1_attrs[ATTR_ENROLLEE_NONCE],
7079 r_nonce, uuid_r, 192*b'\xff')
7080 send_wsc_msg(dev[0], bssid, m2)
7081 eap_id = (eap_id + 1) % 256
7082
7083 # Verify STA NACK's the credential
7084 msg = get_wsc_msg(dev[0])
7085 if msg['wsc_opcode'] != WSC_NACK:
7086 raise Exception("Unexpected message - expected WSC_Nack")
7087 dev[0].request("WPS_CANCEL")
7088 send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
7089 dev[0].wait_disconnected()
7090
7091 def test_wps_ext_proto_m2_public_key_oom(dev, apdev):
7092 """WPS and Public Key OOM in M2"""
7093 pin = "12345670"
7094 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
7095 wps_ext_eap_identity_req(dev[0], hapd, bssid)
7096 wps_ext_eap_identity_resp(hapd, dev[0], addr)
7097 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
7098
7099 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
7100 uuid_r = 16*b'\x33'
7101 r_nonce = 16*b'\x44'
7102 own_private, e_pk = wsc_dh_init()
7103
7104 logger.debug("Receive M1 from STA")
7105 msg, m1_attrs, raw_m1_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M1)
7106 eap_id = (msg['eap_identifier'] + 1) % 256
7107
7108 authkey, keywrapkey = wsc_dh_kdf(m1_attrs[ATTR_PUBLIC_KEY], own_private,
7109 mac_addr, m1_attrs[ATTR_ENROLLEE_NONCE],
7110 r_nonce)
7111 r_s1, r_s2, r_hash1, r_hash2 = wsc_dev_pw_hash(authkey, pin,
7112 m1_attrs[ATTR_PUBLIC_KEY],
7113 e_pk)
7114
7115 logger.debug("Send M2 to STA")
7116 m2, raw_m2_attrs = build_m2(authkey, raw_m1_attrs, eap_id,
7117 m1_attrs[ATTR_ENROLLEE_NONCE],
7118 r_nonce, uuid_r, e_pk)
7119 with alloc_fail(dev[0], 1, "wpabuf_alloc_copy;wps_process_pubkey"):
7120 send_wsc_msg(dev[0], bssid, m2)
7121 eap_id = (eap_id + 1) % 256
7122
7123 # Verify STA NACK's the credential
7124 msg = get_wsc_msg(dev[0])
7125 if msg['wsc_opcode'] != WSC_NACK:
7126 raise Exception("Unexpected message - expected WSC_Nack")
7127 dev[0].request("WPS_CANCEL")
7128 send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
7129 dev[0].wait_disconnected()
7130
7131 def test_wps_ext_proto_nack_m3(dev, apdev):
7132 """WPS and NACK M3"""
7133 pin = "12345670"
7134 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
7135 wps_ext_eap_identity_req(dev[0], hapd, bssid)
7136 wps_ext_eap_identity_resp(hapd, dev[0], addr)
7137 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
7138
7139 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
7140 uuid_r = 16*b'\x33'
7141 r_nonce = 16*b'\x44'
7142 own_private, e_pk = wsc_dh_init()
7143
7144 logger.debug("Receive M1 from STA")
7145 msg, m1_attrs, raw_m1_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M1)
7146 eap_id = (msg['eap_identifier'] + 1) % 256
7147
7148 authkey, keywrapkey = wsc_dh_kdf(m1_attrs[ATTR_PUBLIC_KEY], own_private,
7149 mac_addr, m1_attrs[ATTR_ENROLLEE_NONCE],
7150 r_nonce)
7151 r_s1, r_s2, r_hash1, r_hash2 = wsc_dev_pw_hash(authkey, pin,
7152 m1_attrs[ATTR_PUBLIC_KEY],
7153 e_pk)
7154
7155 logger.debug("Send M2 to STA")
7156 m2, raw_m2_attrs = build_m2(authkey, raw_m1_attrs, eap_id,
7157 m1_attrs[ATTR_ENROLLEE_NONCE],
7158 r_nonce, uuid_r, e_pk)
7159 send_wsc_msg(dev[0], bssid, m2)
7160 eap_id = (eap_id + 1) % 256
7161
7162 logger.debug("Receive M3 from STA")
7163 msg, m3_attrs, raw_m3_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M3)
7164
7165 logger.debug("Send NACK to STA")
7166 msg, attrs = build_nack(eap_id, m1_attrs[ATTR_ENROLLEE_NONCE],
7167 r_nonce, config_error='\x01\x23')
7168 send_wsc_msg(dev[0], bssid, msg)
7169 ev = dev[0].wait_event(["WPS-FAIL"], timeout=5)
7170 if ev is None:
7171 raise Exception("Failure not reported")
7172 if "msg=7 config_error=291" not in ev:
7173 raise Exception("Unexpected failure reason: " + ev)
7174
7175 def test_wps_ext_proto_nack_m5(dev, apdev):
7176 """WPS and NACK M5"""
7177 pin = "12345670"
7178 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
7179 wps_ext_eap_identity_req(dev[0], hapd, bssid)
7180 wps_ext_eap_identity_resp(hapd, dev[0], addr)
7181 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
7182
7183 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
7184 uuid_r = 16*b'\x33'
7185 r_nonce = 16*b'\x44'
7186 own_private, e_pk = wsc_dh_init()
7187
7188 logger.debug("Receive M1 from STA")
7189 msg, m1_attrs, raw_m1_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M1)
7190 eap_id = (msg['eap_identifier'] + 1) % 256
7191
7192 authkey, keywrapkey = wsc_dh_kdf(m1_attrs[ATTR_PUBLIC_KEY], own_private,
7193 mac_addr, m1_attrs[ATTR_ENROLLEE_NONCE],
7194 r_nonce)
7195 r_s1, r_s2, r_hash1, r_hash2 = wsc_dev_pw_hash(authkey, pin,
7196 m1_attrs[ATTR_PUBLIC_KEY],
7197 e_pk)
7198
7199 logger.debug("Send M2 to STA")
7200 m2, raw_m2_attrs = build_m2(authkey, raw_m1_attrs, eap_id,
7201 m1_attrs[ATTR_ENROLLEE_NONCE],
7202 r_nonce, uuid_r, e_pk)
7203 send_wsc_msg(dev[0], bssid, m2)
7204 eap_id = (eap_id + 1) % 256
7205
7206 logger.debug("Receive M3 from STA")
7207 msg, m3_attrs, raw_m3_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M3)
7208
7209 logger.debug("Send M4 to STA")
7210 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7211 attrs += build_attr_msg_type(WPS_M4)
7212 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, m1_attrs[ATTR_ENROLLEE_NONCE])
7213 attrs += build_wsc_attr(ATTR_R_HASH1, r_hash1)
7214 attrs += build_wsc_attr(ATTR_R_HASH2, r_hash2)
7215 data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
7216 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
7217 attrs += build_attr_authenticator(authkey, raw_m3_attrs, attrs)
7218 raw_m4_attrs = attrs
7219 m4 = build_eap_wsc(1, eap_id, attrs)
7220 send_wsc_msg(dev[0], bssid, m4)
7221 eap_id = (eap_id + 1) % 256
7222
7223 logger.debug("Receive M5 from STA")
7224 msg, m5_attrs, raw_m5_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M5)
7225
7226 logger.debug("Send NACK to STA")
7227 msg, attrs = build_nack(eap_id, m1_attrs[ATTR_ENROLLEE_NONCE],
7228 r_nonce, config_error='\x01\x24')
7229 send_wsc_msg(dev[0], bssid, msg)
7230 ev = dev[0].wait_event(["WPS-FAIL"], timeout=5)
7231 if ev is None:
7232 raise Exception("Failure not reported")
7233 if "msg=9 config_error=292" not in ev:
7234 raise Exception("Unexpected failure reason: " + ev)
7235
7236 def wps_nack_m3(dev, apdev):
7237 pin = "00000000"
7238 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pbc=True)
7239 wps_ext_eap_identity_req(dev[0], hapd, bssid)
7240 wps_ext_eap_identity_resp(hapd, dev[0], addr)
7241 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
7242
7243 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
7244 uuid_r = 16*b'\x33'
7245 r_nonce = 16*b'\x44'
7246 own_private, e_pk = wsc_dh_init()
7247
7248 logger.debug("Receive M1 from STA")
7249 msg, m1_attrs, raw_m1_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M1)
7250 eap_id = (msg['eap_identifier'] + 1) % 256
7251
7252 authkey, keywrapkey = wsc_dh_kdf(m1_attrs[ATTR_PUBLIC_KEY], own_private,
7253 mac_addr, m1_attrs[ATTR_ENROLLEE_NONCE],
7254 r_nonce)
7255 r_s1, r_s2, r_hash1, r_hash2 = wsc_dev_pw_hash(authkey, pin,
7256 m1_attrs[ATTR_PUBLIC_KEY],
7257 e_pk)
7258
7259 logger.debug("Send M2 to STA")
7260 m2, raw_m2_attrs = build_m2(authkey, raw_m1_attrs, eap_id,
7261 m1_attrs[ATTR_ENROLLEE_NONCE],
7262 r_nonce, uuid_r, e_pk, dev_pw_id='\x00\x04')
7263 send_wsc_msg(dev[0], bssid, m2)
7264 eap_id = (eap_id + 1) % 256
7265
7266 logger.debug("Receive M3 from STA")
7267 msg, m3_attrs, raw_m3_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M3)
7268 return eap_id, m1_attrs[ATTR_ENROLLEE_NONCE], r_nonce, bssid
7269
7270 def test_wps_ext_proto_nack_m3_no_config_error(dev, apdev):
7271 """WPS and NACK M3 missing Config Error"""
7272 eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
7273 logger.debug("Send NACK to STA")
7274 msg, attrs = build_nack(eap_id, e_nonce, r_nonce, config_error=None)
7275 send_wsc_msg(dev[0], bssid, msg)
7276 dev[0].request("WPS_CANCEL")
7277 dev[0].wait_disconnected()
7278 dev[0].flush_scan_cache()
7279
7280 def test_wps_ext_proto_nack_m3_no_e_nonce(dev, apdev):
7281 """WPS and NACK M3 missing E-Nonce"""
7282 eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
7283 logger.debug("Send NACK to STA")
7284 msg, attrs = build_nack(eap_id, None, r_nonce)
7285 send_wsc_msg(dev[0], bssid, msg)
7286 dev[0].request("WPS_CANCEL")
7287 dev[0].wait_disconnected()
7288 dev[0].flush_scan_cache()
7289
7290 def test_wps_ext_proto_nack_m3_e_nonce_mismatch(dev, apdev):
7291 """WPS and NACK M3 E-Nonce mismatch"""
7292 eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
7293 logger.debug("Send NACK to STA")
7294 msg, attrs = build_nack(eap_id, 16*'\x00', r_nonce)
7295 send_wsc_msg(dev[0], bssid, msg)
7296 dev[0].request("WPS_CANCEL")
7297 dev[0].wait_disconnected()
7298 dev[0].flush_scan_cache()
7299
7300 def test_wps_ext_proto_nack_m3_no_r_nonce(dev, apdev):
7301 """WPS and NACK M3 missing R-Nonce"""
7302 eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
7303 logger.debug("Send NACK to STA")
7304 msg, attrs = build_nack(eap_id, e_nonce, None)
7305 send_wsc_msg(dev[0], bssid, msg)
7306 dev[0].request("WPS_CANCEL")
7307 dev[0].wait_disconnected()
7308 dev[0].flush_scan_cache()
7309
7310 def test_wps_ext_proto_nack_m3_r_nonce_mismatch(dev, apdev):
7311 """WPS and NACK M3 R-Nonce mismatch"""
7312 eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
7313 logger.debug("Send NACK to STA")
7314 msg, attrs = build_nack(eap_id, e_nonce, 16*'\x00')
7315 send_wsc_msg(dev[0], bssid, msg)
7316 dev[0].request("WPS_CANCEL")
7317 dev[0].wait_disconnected()
7318 dev[0].flush_scan_cache()
7319
7320 def test_wps_ext_proto_nack_m3_no_msg_type(dev, apdev):
7321 """WPS and NACK M3 no Message Type"""
7322 eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
7323 logger.debug("Send NACK to STA")
7324 msg, attrs = build_nack(eap_id, e_nonce, r_nonce, msg_type=None)
7325 send_wsc_msg(dev[0], bssid, msg)
7326 dev[0].request("WPS_CANCEL")
7327 dev[0].wait_disconnected()
7328 dev[0].flush_scan_cache()
7329
7330 def test_wps_ext_proto_nack_m3_invalid_msg_type(dev, apdev):
7331 """WPS and NACK M3 invalid Message Type"""
7332 eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
7333 logger.debug("Send NACK to STA")
7334 msg, attrs = build_nack(eap_id, e_nonce, r_nonce, msg_type=123)
7335 send_wsc_msg(dev[0], bssid, msg)
7336 dev[0].request("WPS_CANCEL")
7337 dev[0].wait_disconnected()
7338 dev[0].flush_scan_cache()
7339
7340 def test_wps_ext_proto_nack_m3_invalid_attr(dev, apdev):
7341 """WPS and NACK M3 invalid attribute"""
7342 eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
7343 logger.debug("Send NACK to STA")
7344 attrs = b'\x10\x10\x00'
7345 msg = build_eap_wsc(1, eap_id, attrs, opcode=WSC_NACK)
7346 send_wsc_msg(dev[0], bssid, msg)
7347 dev[0].request("WPS_CANCEL")
7348 dev[0].wait_disconnected()
7349 dev[0].flush_scan_cache()
7350
7351 def test_wps_ext_proto_ack_m3_no_e_nonce(dev, apdev):
7352 """WPS and ACK M3 missing E-Nonce"""
7353 eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
7354 logger.debug("Send NACK to STA")
7355 msg, attrs = build_ack(eap_id, None, r_nonce)
7356 send_wsc_msg(dev[0], bssid, msg)
7357 dev[0].request("WPS_CANCEL")
7358 dev[0].wait_disconnected()
7359 dev[0].flush_scan_cache()
7360
7361 def test_wps_ext_proto_ack_m3_e_nonce_mismatch(dev, apdev):
7362 """WPS and ACK M3 E-Nonce mismatch"""
7363 eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
7364 logger.debug("Send NACK to STA")
7365 msg, attrs = build_ack(eap_id, 16*'\x00', r_nonce)
7366 send_wsc_msg(dev[0], bssid, msg)
7367 dev[0].request("WPS_CANCEL")
7368 dev[0].wait_disconnected()
7369 dev[0].flush_scan_cache()
7370
7371 def test_wps_ext_proto_ack_m3_no_r_nonce(dev, apdev):
7372 """WPS and ACK M3 missing R-Nonce"""
7373 eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
7374 logger.debug("Send NACK to STA")
7375 msg, attrs = build_ack(eap_id, e_nonce, None)
7376 send_wsc_msg(dev[0], bssid, msg)
7377 dev[0].request("WPS_CANCEL")
7378 dev[0].wait_disconnected()
7379 dev[0].flush_scan_cache()
7380
7381 def test_wps_ext_proto_ack_m3_r_nonce_mismatch(dev, apdev):
7382 """WPS and ACK M3 R-Nonce mismatch"""
7383 eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
7384 logger.debug("Send NACK to STA")
7385 msg, attrs = build_ack(eap_id, e_nonce, 16*'\x00')
7386 send_wsc_msg(dev[0], bssid, msg)
7387 dev[0].request("WPS_CANCEL")
7388 dev[0].wait_disconnected()
7389 dev[0].flush_scan_cache()
7390
7391 def test_wps_ext_proto_ack_m3_no_msg_type(dev, apdev):
7392 """WPS and ACK M3 no Message Type"""
7393 eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
7394 logger.debug("Send NACK to STA")
7395 msg, attrs = build_ack(eap_id, e_nonce, r_nonce, msg_type=None)
7396 send_wsc_msg(dev[0], bssid, msg)
7397 dev[0].request("WPS_CANCEL")
7398 dev[0].wait_disconnected()
7399 dev[0].flush_scan_cache()
7400
7401 def test_wps_ext_proto_ack_m3_invalid_msg_type(dev, apdev):
7402 """WPS and ACK M3 invalid Message Type"""
7403 eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
7404 logger.debug("Send NACK to STA")
7405 msg, attrs = build_ack(eap_id, e_nonce, r_nonce, msg_type=123)
7406 send_wsc_msg(dev[0], bssid, msg)
7407 dev[0].request("WPS_CANCEL")
7408 dev[0].wait_disconnected()
7409 dev[0].flush_scan_cache()
7410
7411 def test_wps_ext_proto_ack_m3_invalid_attr(dev, apdev):
7412 """WPS and ACK M3 invalid attribute"""
7413 eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
7414 logger.debug("Send ACK to STA")
7415 attrs = b'\x10\x10\x00'
7416 msg = build_eap_wsc(1, eap_id, attrs, opcode=WSC_ACK)
7417 send_wsc_msg(dev[0], bssid, msg)
7418 dev[0].request("WPS_CANCEL")
7419 dev[0].wait_disconnected()
7420 dev[0].flush_scan_cache()
7421
7422 def test_wps_ext_proto_ack_m3(dev, apdev):
7423 """WPS and ACK M3"""
7424 eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
7425 logger.debug("Send ACK to STA")
7426 msg, attrs = build_ack(eap_id, e_nonce, r_nonce)
7427 send_wsc_msg(dev[0], bssid, msg)
7428 dev[0].request("WPS_CANCEL")
7429 dev[0].wait_disconnected()
7430 dev[0].flush_scan_cache()
7431
7432 def wps_to_m3_helper(dev, apdev):
7433 pin = "12345670"
7434 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
7435 wps_ext_eap_identity_req(dev[0], hapd, bssid)
7436 wps_ext_eap_identity_resp(hapd, dev[0], addr)
7437 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
7438
7439 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
7440 uuid_r = 16*b'\x33'
7441 r_nonce = 16*b'\x44'
7442 own_private, e_pk = wsc_dh_init()
7443
7444 logger.debug("Receive M1 from STA")
7445 msg, m1_attrs, raw_m1_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M1)
7446 eap_id = (msg['eap_identifier'] + 1) % 256
7447
7448 authkey, keywrapkey = wsc_dh_kdf(m1_attrs[ATTR_PUBLIC_KEY], own_private,
7449 mac_addr, m1_attrs[ATTR_ENROLLEE_NONCE],
7450 r_nonce)
7451 r_s1, r_s2, r_hash1, r_hash2 = wsc_dev_pw_hash(authkey, pin,
7452 m1_attrs[ATTR_PUBLIC_KEY],
7453 e_pk)
7454
7455 logger.debug("Send M2 to STA")
7456 m2, raw_m2_attrs = build_m2(authkey, raw_m1_attrs, eap_id,
7457 m1_attrs[ATTR_ENROLLEE_NONCE],
7458 r_nonce, uuid_r, e_pk)
7459 send_wsc_msg(dev[0], bssid, m2)
7460 eap_id = (eap_id + 1) % 256
7461
7462 logger.debug("Receive M3 from STA")
7463 msg, m3_attrs, raw_m3_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M3)
7464 return eap_id, m1_attrs, r_nonce, bssid, r_hash1, r_hash2, r_s1, r_s2, raw_m3_attrs, authkey, keywrapkey
7465
7466 def wps_to_m3(dev, apdev):
7467 eap_id, m1_attrs, r_nonce, bssid, r_hash1, r_hash2, r_s1, r_s2, raw_m3_attrs, authkey, keywrapkey = wps_to_m3_helper(dev, apdev)
7468 return eap_id, m1_attrs[ATTR_ENROLLEE_NONCE], r_nonce, bssid, r_hash1, r_hash2, r_s1, raw_m3_attrs, authkey, keywrapkey
7469
7470 def wps_to_m5(dev, apdev):
7471 eap_id, m1_attrs, r_nonce, bssid, r_hash1, r_hash2, r_s1, r_s2, raw_m3_attrs, authkey, keywrapkey = wps_to_m3_helper(dev, apdev)
7472
7473 logger.debug("Send M4 to STA")
7474 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7475 attrs += build_attr_msg_type(WPS_M4)
7476 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, m1_attrs[ATTR_ENROLLEE_NONCE])
7477 attrs += build_wsc_attr(ATTR_R_HASH1, r_hash1)
7478 attrs += build_wsc_attr(ATTR_R_HASH2, r_hash2)
7479 data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
7480 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
7481 attrs += build_attr_authenticator(authkey, raw_m3_attrs, attrs)
7482 raw_m4_attrs = attrs
7483 m4 = build_eap_wsc(1, eap_id, attrs)
7484 send_wsc_msg(dev[0], bssid, m4)
7485 eap_id = (eap_id + 1) % 256
7486
7487 logger.debug("Receive M5 from STA")
7488 msg, m5_attrs, raw_m5_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M5)
7489
7490 return eap_id, m1_attrs[ATTR_ENROLLEE_NONCE], r_nonce, bssid, r_hash1, r_hash2, r_s2, raw_m5_attrs, authkey, keywrapkey
7491
7492 def test_wps_ext_proto_m4_missing_r_hash1(dev, apdev):
7493 """WPS and no R-Hash1 in M4"""
7494 eap_id, e_nonce, r_nonce, bssid, r_hash1, r_hash2, r_s1, m3, authkey, keywrapkey = wps_to_m3(dev, apdev)
7495
7496 logger.debug("Send M4 to STA")
7497 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7498 attrs += build_attr_msg_type(WPS_M4)
7499 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
7500 #attrs += build_wsc_attr(ATTR_R_HASH1, r_hash1)
7501 attrs += build_wsc_attr(ATTR_R_HASH2, r_hash2)
7502 data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
7503 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
7504 attrs += build_attr_authenticator(authkey, m3, attrs)
7505 m4 = build_eap_wsc(1, eap_id, attrs)
7506 send_wsc_msg(dev[0], bssid, m4)
7507 eap_id = (eap_id + 1) % 256
7508
7509 logger.debug("Receive M5 (NACK) from STA")
7510 msg = get_wsc_msg(dev[0])
7511 if msg['wsc_opcode'] != WSC_NACK:
7512 raise Exception("Unexpected message - expected WSC_Nack")
7513
7514 dev[0].request("WPS_CANCEL")
7515 send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
7516 dev[0].wait_disconnected()
7517
7518 def test_wps_ext_proto_m4_missing_r_hash2(dev, apdev):
7519 """WPS and no R-Hash2 in M4"""
7520 eap_id, e_nonce, r_nonce, bssid, r_hash1, r_hash2, r_s1, m3, authkey, keywrapkey = wps_to_m3(dev, apdev)
7521
7522 logger.debug("Send M4 to STA")
7523 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7524 attrs += build_attr_msg_type(WPS_M4)
7525 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
7526 attrs += build_wsc_attr(ATTR_R_HASH1, r_hash1)
7527 #attrs += build_wsc_attr(ATTR_R_HASH2, r_hash2)
7528 data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
7529 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
7530 attrs += build_attr_authenticator(authkey, m3, attrs)
7531 m4 = build_eap_wsc(1, eap_id, attrs)
7532 send_wsc_msg(dev[0], bssid, m4)
7533 eap_id = (eap_id + 1) % 256
7534
7535 logger.debug("Receive M5 (NACK) from STA")
7536 msg = get_wsc_msg(dev[0])
7537 if msg['wsc_opcode'] != WSC_NACK:
7538 raise Exception("Unexpected message - expected WSC_Nack")
7539
7540 dev[0].request("WPS_CANCEL")
7541 send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
7542 dev[0].wait_disconnected()
7543
7544 def test_wps_ext_proto_m4_missing_r_snonce1(dev, apdev):
7545 """WPS and no R-SNonce1 in M4"""
7546 eap_id, e_nonce, r_nonce, bssid, r_hash1, r_hash2, r_s1, m3, authkey, keywrapkey = wps_to_m3(dev, apdev)
7547
7548 logger.debug("Send M4 to STA")
7549 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7550 attrs += build_attr_msg_type(WPS_M4)
7551 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
7552 attrs += build_wsc_attr(ATTR_R_HASH1, r_hash1)
7553 attrs += build_wsc_attr(ATTR_R_HASH2, r_hash2)
7554 #data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
7555 data = b''
7556 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
7557 attrs += build_attr_authenticator(authkey, m3, attrs)
7558 m4 = build_eap_wsc(1, eap_id, attrs)
7559 send_wsc_msg(dev[0], bssid, m4)
7560 eap_id = (eap_id + 1) % 256
7561
7562 logger.debug("Receive M5 (NACK) from STA")
7563 msg = get_wsc_msg(dev[0])
7564 if msg['wsc_opcode'] != WSC_NACK:
7565 raise Exception("Unexpected message - expected WSC_Nack")
7566
7567 dev[0].request("WPS_CANCEL")
7568 send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
7569 dev[0].wait_disconnected()
7570
7571 def test_wps_ext_proto_m4_invalid_pad_string(dev, apdev):
7572 """WPS and invalid pad string in M4"""
7573 eap_id, e_nonce, r_nonce, bssid, r_hash1, r_hash2, r_s1, m3, authkey, keywrapkey = wps_to_m3(dev, apdev)
7574
7575 logger.debug("Send M4 to STA")
7576 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7577 attrs += build_attr_msg_type(WPS_M4)
7578 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
7579 attrs += build_wsc_attr(ATTR_R_HASH1, r_hash1)
7580 attrs += build_wsc_attr(ATTR_R_HASH2, r_hash2)
7581 data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
7582
7583 m = hmac.new(authkey, data, hashlib.sha256)
7584 kwa = m.digest()[0:8]
7585 data += build_wsc_attr(ATTR_KEY_WRAP_AUTH, kwa)
7586 iv = 16*b'\x99'
7587 aes = AES.new(keywrapkey, AES.MODE_CBC, iv)
7588 pad_len = 16 - len(data) % 16
7589 ps = (pad_len - 1) * struct.pack('B', pad_len) + struct.pack('B', pad_len - 1)
7590 data += ps
7591 wrapped = aes.encrypt(data)
7592 attrs += build_wsc_attr(ATTR_ENCR_SETTINGS, iv + wrapped)
7593
7594 attrs += build_attr_authenticator(authkey, m3, attrs)
7595 m4 = build_eap_wsc(1, eap_id, attrs)
7596 send_wsc_msg(dev[0], bssid, m4)
7597 eap_id = (eap_id + 1) % 256
7598
7599 logger.debug("Receive M5 (NACK) from STA")
7600 msg = get_wsc_msg(dev[0])
7601 if msg['wsc_opcode'] != WSC_NACK:
7602 raise Exception("Unexpected message - expected WSC_Nack")
7603
7604 dev[0].request("WPS_CANCEL")
7605 send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
7606 dev[0].wait_disconnected()
7607
7608 def test_wps_ext_proto_m4_invalid_pad_value(dev, apdev):
7609 """WPS and invalid pad value in M4"""
7610 eap_id, e_nonce, r_nonce, bssid, r_hash1, r_hash2, r_s1, m3, authkey, keywrapkey = wps_to_m3(dev, apdev)
7611
7612 logger.debug("Send M4 to STA")
7613 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7614 attrs += build_attr_msg_type(WPS_M4)
7615 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
7616 attrs += build_wsc_attr(ATTR_R_HASH1, r_hash1)
7617 attrs += build_wsc_attr(ATTR_R_HASH2, r_hash2)
7618 data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
7619
7620 m = hmac.new(authkey, data, hashlib.sha256)
7621 kwa = m.digest()[0:8]
7622 data += build_wsc_attr(ATTR_KEY_WRAP_AUTH, kwa)
7623 iv = 16*b'\x99'
7624 aes = AES.new(keywrapkey, AES.MODE_CBC, iv)
7625 pad_len = 16 - len(data) % 16
7626 ps = (pad_len - 1) * struct.pack('B', pad_len) + struct.pack('B', 255)
7627 data += ps
7628 wrapped = aes.encrypt(data)
7629 attrs += build_wsc_attr(ATTR_ENCR_SETTINGS, iv + wrapped)
7630
7631 attrs += build_attr_authenticator(authkey, m3, attrs)
7632 m4 = build_eap_wsc(1, eap_id, attrs)
7633 send_wsc_msg(dev[0], bssid, m4)
7634 eap_id = (eap_id + 1) % 256
7635
7636 logger.debug("Receive M5 (NACK) from STA")
7637 msg = get_wsc_msg(dev[0])
7638 if msg['wsc_opcode'] != WSC_NACK:
7639 raise Exception("Unexpected message - expected WSC_Nack")
7640
7641 dev[0].request("WPS_CANCEL")
7642 send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
7643 dev[0].wait_disconnected()
7644
7645 def test_wps_ext_proto_m4_no_encr_settings(dev, apdev):
7646 """WPS and no Encr Settings in M4"""
7647 eap_id, e_nonce, r_nonce, bssid, r_hash1, r_hash2, r_s1, m3, authkey, keywrapkey = wps_to_m3(dev, apdev)
7648
7649 logger.debug("Send M4 to STA")
7650 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7651 attrs += build_attr_msg_type(WPS_M4)
7652 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
7653 attrs += build_wsc_attr(ATTR_R_HASH1, r_hash1)
7654 attrs += build_wsc_attr(ATTR_R_HASH2, r_hash2)
7655 attrs += build_attr_authenticator(authkey, m3, attrs)
7656 m4 = build_eap_wsc(1, eap_id, attrs)
7657 send_wsc_msg(dev[0], bssid, m4)
7658 eap_id = (eap_id + 1) % 256
7659
7660 logger.debug("Receive M5 (NACK) from STA")
7661 msg = get_wsc_msg(dev[0])
7662 if msg['wsc_opcode'] != WSC_NACK:
7663 raise Exception("Unexpected message - expected WSC_Nack")
7664
7665 dev[0].request("WPS_CANCEL")
7666 send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
7667 dev[0].wait_disconnected()
7668
7669 def test_wps_ext_proto_m6_missing_r_snonce2(dev, apdev):
7670 """WPS and no R-SNonce2 in M6"""
7671 eap_id, e_nonce, r_nonce, bssid, r_hash1, r_hash2, r_s2, m5, authkey, keywrapkey = wps_to_m5(dev, apdev)
7672
7673 logger.debug("Send M6 to STA")
7674 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7675 attrs += build_attr_msg_type(WPS_M6)
7676 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
7677 #data = build_wsc_attr(ATTR_R_SNONCE2, r_s2)
7678 data = b''
7679 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
7680 attrs += build_attr_authenticator(authkey, m5, attrs)
7681 m6 = build_eap_wsc(1, eap_id, attrs)
7682 send_wsc_msg(dev[0], bssid, m6)
7683 eap_id = (eap_id + 1) % 256
7684
7685 logger.debug("Receive M7 (NACK) from STA")
7686 msg = get_wsc_msg(dev[0])
7687 if msg['wsc_opcode'] != WSC_NACK:
7688 raise Exception("Unexpected message - expected WSC_Nack")
7689
7690 dev[0].request("WPS_CANCEL")
7691 send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
7692 dev[0].wait_disconnected()
7693
7694 def test_wps_ext_proto_m6_no_encr_settings(dev, apdev):
7695 """WPS and no Encr Settings in M6"""
7696 eap_id, e_nonce, r_nonce, bssid, r_hash1, r_hash2, r_s2, m5, authkey, keywrapkey = wps_to_m5(dev, apdev)
7697
7698 logger.debug("Send M6 to STA")
7699 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7700 attrs += build_attr_msg_type(WPS_M6)
7701 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
7702 data = build_wsc_attr(ATTR_R_SNONCE2, r_s2)
7703 #attrs += build_attr_encr_settings(authkey, keywrapkey, data)
7704 attrs += build_attr_authenticator(authkey, m5, attrs)
7705 m6 = build_eap_wsc(1, eap_id, attrs)
7706 send_wsc_msg(dev[0], bssid, m6)
7707 eap_id = (eap_id + 1) % 256
7708
7709 logger.debug("Receive M7 (NACK) from STA")
7710 msg = get_wsc_msg(dev[0])
7711 if msg['wsc_opcode'] != WSC_NACK:
7712 raise Exception("Unexpected message - expected WSC_Nack")
7713
7714 dev[0].request("WPS_CANCEL")
7715 send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
7716 dev[0].wait_disconnected()
7717
7718 def test_wps_ext_proto_m8_no_encr_settings(dev, apdev):
7719 """WPS and no Encr Settings in M6"""
7720 eap_id, e_nonce, r_nonce, bssid, r_hash1, r_hash2, r_s2, m5, authkey, keywrapkey = wps_to_m5(dev, apdev)
7721
7722 logger.debug("Send M6 to STA")
7723 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7724 attrs += build_attr_msg_type(WPS_M6)
7725 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
7726 data = build_wsc_attr(ATTR_R_SNONCE2, r_s2)
7727 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
7728 attrs += build_attr_authenticator(authkey, m5, attrs)
7729 raw_m6_attrs = attrs
7730 m6 = build_eap_wsc(1, eap_id, attrs)
7731 send_wsc_msg(dev[0], bssid, m6)
7732 eap_id = (eap_id + 1) % 256
7733
7734 logger.debug("Receive M7 from STA")
7735 msg, m7_attrs, raw_m7_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M7)
7736
7737 logger.debug("Send M8 to STA")
7738 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7739 attrs += build_attr_msg_type(WPS_M8)
7740 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
7741 #attrs += build_attr_encr_settings(authkey, keywrapkey, m8_cred)
7742 attrs += build_attr_authenticator(authkey, raw_m7_attrs, attrs)
7743 raw_m8_attrs = attrs
7744 m8 = build_eap_wsc(1, eap_id, attrs)
7745 send_wsc_msg(dev[0], bssid, m8)
7746
7747 logger.debug("Receive WSC_Done (NACK) from STA")
7748 msg = get_wsc_msg(dev[0])
7749 if msg['wsc_opcode'] != WSC_NACK:
7750 raise Exception("Unexpected message - expected WSC_Nack")
7751
7752 dev[0].request("WPS_CANCEL")
7753 send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
7754 dev[0].wait_disconnected()
7755
7756 def wps_start_ext_reg(apdev, dev):
7757 addr = dev.own_addr()
7758 bssid = apdev['bssid']
7759 ssid = "test-wps-conf"
7760 appin = "12345670"
7761 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
7762 "wpa_passphrase": "12345678", "wpa": "2",
7763 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
7764 "ap_pin": appin}
7765 hapd = hostapd.add_ap(apdev, params)
7766
7767 dev.scan_for_bss(bssid, freq="2412")
7768 hapd.request("SET ext_eapol_frame_io 1")
7769 dev.request("SET ext_eapol_frame_io 1")
7770
7771 dev.request("WPS_REG " + bssid + " " + appin)
7772
7773 return addr, bssid, hapd
7774
7775 def wps_run_ap_settings_proto(dev, apdev, ap_settings, success):
7776 addr, bssid, hapd = wps_start_ext_reg(apdev[0], dev[0])
7777 wps_ext_eap_identity_req(dev[0], hapd, bssid)
7778 wps_ext_eap_identity_resp(hapd, dev[0], addr)
7779
7780 logger.debug("Receive M1 from AP")
7781 msg, m1_attrs, raw_m1_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M1)
7782 mac_addr = m1_attrs[ATTR_MAC_ADDR]
7783 e_nonce = m1_attrs[ATTR_ENROLLEE_NONCE]
7784 e_pk = m1_attrs[ATTR_PUBLIC_KEY]
7785
7786 appin = '12345670'
7787 uuid_r = 16*b'\x33'
7788 r_nonce = 16*b'\x44'
7789 own_private, r_pk = wsc_dh_init()
7790 authkey, keywrapkey = wsc_dh_kdf(e_pk, own_private, mac_addr, e_nonce,
7791 r_nonce)
7792 r_s1, r_s2, r_hash1, r_hash2 = wsc_dev_pw_hash(authkey, appin, e_pk, r_pk)
7793
7794 logger.debug("Send M2 to AP")
7795 m2, raw_m2_attrs = build_m2(authkey, raw_m1_attrs, msg['eap_identifier'],
7796 e_nonce, r_nonce, uuid_r, r_pk, eap_code=2)
7797 send_wsc_msg(hapd, addr, m2)
7798
7799 logger.debug("Receive M3 from AP")
7800 msg, m3_attrs, raw_m3_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M3)
7801
7802 logger.debug("Send M4 to AP")
7803 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7804 attrs += build_attr_msg_type(WPS_M4)
7805 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
7806 attrs += build_wsc_attr(ATTR_R_HASH1, r_hash1)
7807 attrs += build_wsc_attr(ATTR_R_HASH2, r_hash2)
7808 data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
7809 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
7810 attrs += build_attr_authenticator(authkey, raw_m3_attrs, attrs)
7811 raw_m4_attrs = attrs
7812 m4 = build_eap_wsc(2, msg['eap_identifier'], attrs)
7813 send_wsc_msg(hapd, addr, m4)
7814
7815 logger.debug("Receive M5 from AP")
7816 msg, m5_attrs, raw_m5_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M5)
7817
7818 logger.debug("Send M6 to STA")
7819 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7820 attrs += build_attr_msg_type(WPS_M6)
7821 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
7822 data = build_wsc_attr(ATTR_R_SNONCE2, r_s2)
7823 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
7824 attrs += build_attr_authenticator(authkey, raw_m5_attrs, attrs)
7825 raw_m6_attrs = attrs
7826 m6 = build_eap_wsc(2, msg['eap_identifier'], attrs)
7827 send_wsc_msg(hapd, addr, m6)
7828
7829 logger.debug("Receive M7 from AP")
7830 msg, m7_attrs, raw_m7_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M7)
7831
7832 logger.debug("Send M8 to STA")
7833 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7834 attrs += build_attr_msg_type(WPS_M8)
7835 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
7836 if ap_settings:
7837 attrs += build_attr_encr_settings(authkey, keywrapkey, ap_settings)
7838 attrs += build_attr_authenticator(authkey, raw_m7_attrs, attrs)
7839 raw_m8_attrs = attrs
7840 m8 = build_eap_wsc(2, msg['eap_identifier'], attrs)
7841 send_wsc_msg(hapd, addr, m8)
7842
7843 if success:
7844 ev = hapd.wait_event(["WPS-NEW-AP-SETTINGS"], timeout=5)
7845 if ev is None:
7846 raise Exception("New AP settings not reported")
7847 logger.debug("Receive WSC_Done from AP")
7848 msg = get_wsc_msg(hapd)
7849 if msg['wsc_opcode'] != WSC_Done:
7850 raise Exception("Unexpected message - expected WSC_Done")
7851
7852 logger.debug("Send WSC_ACK to AP")
7853 ack, attrs = build_ack(msg['eap_identifier'], e_nonce, r_nonce,
7854 eap_code=2)
7855 send_wsc_msg(hapd, addr, ack)
7856 dev[0].wait_disconnected()
7857 else:
7858 ev = hapd.wait_event(["WPS-FAIL"], timeout=5)
7859 if ev is None:
7860 raise Exception("WPS failure not reported")
7861 logger.debug("Receive WSC_NACK from AP")
7862 msg = get_wsc_msg(hapd)
7863 if msg['wsc_opcode'] != WSC_NACK:
7864 raise Exception("Unexpected message - expected WSC_NACK")
7865
7866 logger.debug("Send WSC_NACK to AP")
7867 nack, attrs = build_nack(msg['eap_identifier'], e_nonce, r_nonce,
7868 eap_code=2)
7869 send_wsc_msg(hapd, addr, nack)
7870 dev[0].wait_disconnected()
7871
7872 def test_wps_ext_ap_settings_success(dev, apdev):
7873 """WPS and AP Settings: success"""
7874 ap_settings = build_wsc_attr(ATTR_NETWORK_INDEX, '\x01')
7875 ap_settings += build_wsc_attr(ATTR_SSID, "test")
7876 ap_settings += build_wsc_attr(ATTR_AUTH_TYPE, '\x00\x01')
7877 ap_settings += build_wsc_attr(ATTR_ENCR_TYPE, '\x00\x01')
7878 ap_settings += build_wsc_attr(ATTR_NETWORK_KEY, '')
7879 ap_settings += build_wsc_attr(ATTR_MAC_ADDR, binascii.unhexlify(apdev[0]['bssid'].replace(':', '')))
7880 wps_run_ap_settings_proto(dev, apdev, ap_settings, True)
7881
7882 @remote_compatible
7883 def test_wps_ext_ap_settings_missing(dev, apdev):
7884 """WPS and AP Settings: missing"""
7885 wps_run_ap_settings_proto(dev, apdev, None, False)
7886
7887 @remote_compatible
7888 def test_wps_ext_ap_settings_mac_addr_mismatch(dev, apdev):
7889 """WPS and AP Settings: MAC Address mismatch"""
7890 ap_settings = build_wsc_attr(ATTR_NETWORK_INDEX, '\x01')
7891 ap_settings += build_wsc_attr(ATTR_SSID, "test")
7892 ap_settings += build_wsc_attr(ATTR_AUTH_TYPE, '\x00\x01')
7893 ap_settings += build_wsc_attr(ATTR_ENCR_TYPE, '\x00\x01')
7894 ap_settings += build_wsc_attr(ATTR_NETWORK_KEY, '')
7895 ap_settings += build_wsc_attr(ATTR_MAC_ADDR, '\x00\x00\x00\x00\x00\x00')
7896 wps_run_ap_settings_proto(dev, apdev, ap_settings, True)
7897
7898 @remote_compatible
7899 def test_wps_ext_ap_settings_mac_addr_missing(dev, apdev):
7900 """WPS and AP Settings: missing MAC Address"""
7901 ap_settings = build_wsc_attr(ATTR_NETWORK_INDEX, '\x01')
7902 ap_settings += build_wsc_attr(ATTR_SSID, "test")
7903 ap_settings += build_wsc_attr(ATTR_AUTH_TYPE, '\x00\x01')
7904 ap_settings += build_wsc_attr(ATTR_ENCR_TYPE, '\x00\x01')
7905 ap_settings += build_wsc_attr(ATTR_NETWORK_KEY, '')
7906 wps_run_ap_settings_proto(dev, apdev, ap_settings, False)
7907
7908 @remote_compatible
7909 def test_wps_ext_ap_settings_reject_encr_type(dev, apdev):
7910 """WPS and AP Settings: reject Encr Type"""
7911 ap_settings = build_wsc_attr(ATTR_NETWORK_INDEX, '\x01')
7912 ap_settings += build_wsc_attr(ATTR_SSID, "test")
7913 ap_settings += build_wsc_attr(ATTR_AUTH_TYPE, '\x00\x01')
7914 ap_settings += build_wsc_attr(ATTR_ENCR_TYPE, '\x00\x00')
7915 ap_settings += build_wsc_attr(ATTR_NETWORK_KEY, '')
7916 ap_settings += build_wsc_attr(ATTR_MAC_ADDR, binascii.unhexlify(apdev[0]['bssid'].replace(':', '')))
7917 wps_run_ap_settings_proto(dev, apdev, ap_settings, False)
7918
7919 @remote_compatible
7920 def test_wps_ext_ap_settings_m2d(dev, apdev):
7921 """WPS and AP Settings: M2D"""
7922 addr, bssid, hapd = wps_start_ext_reg(apdev[0], dev[0])
7923 wps_ext_eap_identity_req(dev[0], hapd, bssid)
7924 wps_ext_eap_identity_resp(hapd, dev[0], addr)
7925
7926 logger.debug("Receive M1 from AP")
7927 msg, m1_attrs, raw_m1_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M1)
7928 e_nonce = m1_attrs[ATTR_ENROLLEE_NONCE]
7929
7930 r_nonce = 16*'\x44'
7931 uuid_r = 16*'\x33'
7932
7933 logger.debug("Send M2D to AP")
7934 m2d, raw_m2d_attrs = build_m2d(raw_m1_attrs, msg['eap_identifier'],
7935 e_nonce, r_nonce, uuid_r,
7936 dev_pw_id='\x00\x00', eap_code=2)
7937 send_wsc_msg(hapd, addr, m2d)
7938
7939 ev = hapd.wait_event(["WPS-M2D"], timeout=5)
7940 if ev is None:
7941 raise Exception("M2D not reported")
7942
7943 wps_wait_ap_nack(hapd, dev[0], e_nonce, r_nonce)
7944
7945 def wps_wait_ap_nack(hapd, dev, e_nonce, r_nonce):
7946 logger.debug("Receive WSC_NACK from AP")
7947 msg = get_wsc_msg(hapd)
7948 if msg['wsc_opcode'] != WSC_NACK:
7949 raise Exception("Unexpected message - expected WSC_NACK")
7950
7951 logger.debug("Send WSC_NACK to AP")
7952 nack, attrs = build_nack(msg['eap_identifier'], e_nonce, r_nonce,
7953 eap_code=2)
7954 send_wsc_msg(hapd, dev.own_addr(), nack)
7955 dev.wait_disconnected()
7956
7957 @remote_compatible
7958 def test_wps_ext_m3_missing_e_hash1(dev, apdev):
7959 """WPS proto: M3 missing E-Hash1"""
7960 pin = "12345670"
7961 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
7962 wps_ext_eap_identity_req(dev[0], hapd, bssid)
7963 wps_ext_eap_identity_resp(hapd, dev[0], addr)
7964
7965 logger.debug("Receive WSC/Start from AP")
7966 msg = get_wsc_msg(hapd)
7967 if msg['wsc_opcode'] != WSC_Start:
7968 raise Exception("Unexpected Op-Code for WSC/Start")
7969
7970 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
7971 uuid_e = 16*b'\x11'
7972 e_nonce = 16*b'\x22'
7973 own_private, e_pk = wsc_dh_init()
7974
7975 logger.debug("Send M1 to AP")
7976 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
7977 e_nonce, e_pk)
7978 send_wsc_msg(hapd, addr, m1)
7979
7980 logger.debug("Receive M2 from AP")
7981 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
7982 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
7983 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
7984
7985 authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
7986 r_nonce)
7987 e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
7988
7989 logger.debug("Send M3 to AP")
7990 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7991 attrs += build_attr_msg_type(WPS_M3)
7992 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
7993 #attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
7994 attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
7995 attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
7996 raw_m3_attrs = attrs
7997 m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
7998 send_wsc_msg(hapd, addr, m3)
7999
8000 wps_wait_ap_nack(hapd, dev[0], e_nonce, r_nonce)
8001
8002 @remote_compatible
8003 def test_wps_ext_m3_missing_e_hash2(dev, apdev):
8004 """WPS proto: M3 missing E-Hash2"""
8005 pin = "12345670"
8006 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8007 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8008 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8009
8010 logger.debug("Receive WSC/Start from AP")
8011 msg = get_wsc_msg(hapd)
8012 if msg['wsc_opcode'] != WSC_Start:
8013 raise Exception("Unexpected Op-Code for WSC/Start")
8014
8015 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8016 uuid_e = 16*b'\x11'
8017 e_nonce = 16*b'\x22'
8018 own_private, e_pk = wsc_dh_init()
8019
8020 logger.debug("Send M1 to AP")
8021 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8022 e_nonce, e_pk)
8023 send_wsc_msg(hapd, addr, m1)
8024
8025 logger.debug("Receive M2 from AP")
8026 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8027 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8028 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8029
8030 authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8031 r_nonce)
8032 e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8033
8034 logger.debug("Send M3 to AP")
8035 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8036 attrs += build_attr_msg_type(WPS_M3)
8037 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8038 attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
8039 #attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
8040 attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
8041 raw_m3_attrs = attrs
8042 m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
8043 send_wsc_msg(hapd, addr, m3)
8044
8045 wps_wait_ap_nack(hapd, dev[0], e_nonce, r_nonce)
8046
8047 @remote_compatible
8048 def test_wps_ext_m5_missing_e_snonce1(dev, apdev):
8049 """WPS proto: M5 missing E-SNonce1"""
8050 pin = "12345670"
8051 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8052 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8053 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8054
8055 logger.debug("Receive WSC/Start from AP")
8056 msg = get_wsc_msg(hapd)
8057 if msg['wsc_opcode'] != WSC_Start:
8058 raise Exception("Unexpected Op-Code for WSC/Start")
8059
8060 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8061 uuid_e = 16*b'\x11'
8062 e_nonce = 16*b'\x22'
8063 own_private, e_pk = wsc_dh_init()
8064
8065 logger.debug("Send M1 to AP")
8066 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8067 e_nonce, e_pk)
8068 send_wsc_msg(hapd, addr, m1)
8069
8070 logger.debug("Receive M2 from AP")
8071 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8072 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8073 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8074
8075 authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8076 r_nonce)
8077 e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8078
8079 logger.debug("Send M3 to AP")
8080 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8081 attrs += build_attr_msg_type(WPS_M3)
8082 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8083 attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
8084 attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
8085 attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
8086 raw_m3_attrs = attrs
8087 m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
8088 send_wsc_msg(hapd, addr, m3)
8089
8090 logger.debug("Receive M4 from AP")
8091 msg, m4_attrs, raw_m4_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M4)
8092
8093 logger.debug("Send M5 to AP")
8094 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8095 attrs += build_attr_msg_type(WPS_M5)
8096 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8097 #data = build_wsc_attr(ATTR_E_SNONCE1, e_s1)
8098 data = b''
8099 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
8100 attrs += build_attr_authenticator(authkey, raw_m4_attrs, attrs)
8101 raw_m5_attrs = attrs
8102 m5 = build_eap_wsc(2, msg['eap_identifier'], attrs)
8103 send_wsc_msg(hapd, addr, m5)
8104
8105 wps_wait_ap_nack(hapd, dev[0], e_nonce, r_nonce)
8106
8107 @remote_compatible
8108 def test_wps_ext_m5_e_snonce1_mismatch(dev, apdev):
8109 """WPS proto: M5 E-SNonce1 mismatch"""
8110 pin = "12345670"
8111 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8112 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8113 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8114
8115 logger.debug("Receive WSC/Start from AP")
8116 msg = get_wsc_msg(hapd)
8117 if msg['wsc_opcode'] != WSC_Start:
8118 raise Exception("Unexpected Op-Code for WSC/Start")
8119
8120 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8121 uuid_e = 16*b'\x11'
8122 e_nonce = 16*b'\x22'
8123 own_private, e_pk = wsc_dh_init()
8124
8125 logger.debug("Send M1 to AP")
8126 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8127 e_nonce, e_pk)
8128 send_wsc_msg(hapd, addr, m1)
8129
8130 logger.debug("Receive M2 from AP")
8131 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8132 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8133 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8134
8135 authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8136 r_nonce)
8137 e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8138
8139 logger.debug("Send M3 to AP")
8140 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8141 attrs += build_attr_msg_type(WPS_M3)
8142 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8143 attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
8144 attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
8145 attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
8146 raw_m3_attrs = attrs
8147 m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
8148 send_wsc_msg(hapd, addr, m3)
8149
8150 logger.debug("Receive M4 from AP")
8151 msg, m4_attrs, raw_m4_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M4)
8152
8153 logger.debug("Send M5 to AP")
8154 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8155 attrs += build_attr_msg_type(WPS_M5)
8156 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8157 data = build_wsc_attr(ATTR_E_SNONCE1, 16*'\x00')
8158 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
8159 attrs += build_attr_authenticator(authkey, raw_m4_attrs, attrs)
8160 raw_m5_attrs = attrs
8161 m5 = build_eap_wsc(2, msg['eap_identifier'], attrs)
8162 send_wsc_msg(hapd, addr, m5)
8163
8164 wps_wait_ap_nack(hapd, dev[0], e_nonce, r_nonce)
8165
8166 def test_wps_ext_m7_missing_e_snonce2(dev, apdev):
8167 """WPS proto: M7 missing E-SNonce2"""
8168 pin = "12345670"
8169 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8170 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8171 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8172
8173 logger.debug("Receive WSC/Start from AP")
8174 msg = get_wsc_msg(hapd)
8175 if msg['wsc_opcode'] != WSC_Start:
8176 raise Exception("Unexpected Op-Code for WSC/Start")
8177
8178 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8179 uuid_e = 16*b'\x11'
8180 e_nonce = 16*b'\x22'
8181 own_private, e_pk = wsc_dh_init()
8182
8183 logger.debug("Send M1 to AP")
8184 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8185 e_nonce, e_pk)
8186 send_wsc_msg(hapd, addr, m1)
8187
8188 logger.debug("Receive M2 from AP")
8189 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8190 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8191 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8192
8193 authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8194 r_nonce)
8195 e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8196
8197 logger.debug("Send M3 to AP")
8198 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8199 attrs += build_attr_msg_type(WPS_M3)
8200 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8201 attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
8202 attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
8203 attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
8204 raw_m3_attrs = attrs
8205 m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
8206 send_wsc_msg(hapd, addr, m3)
8207
8208 logger.debug("Receive M4 from AP")
8209 msg, m4_attrs, raw_m4_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M4)
8210
8211 logger.debug("Send M5 to AP")
8212 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8213 attrs += build_attr_msg_type(WPS_M5)
8214 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8215 data = build_wsc_attr(ATTR_E_SNONCE1, e_s1)
8216 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
8217 attrs += build_attr_authenticator(authkey, raw_m4_attrs, attrs)
8218 raw_m5_attrs = attrs
8219 m5 = build_eap_wsc(2, msg['eap_identifier'], attrs)
8220 send_wsc_msg(hapd, addr, m5)
8221
8222 logger.debug("Receive M6 from AP")
8223 msg, m6_attrs, raw_m6_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M6)
8224
8225 logger.debug("Send M7 to AP")
8226 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8227 attrs += build_attr_msg_type(WPS_M7)
8228 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8229 #data = build_wsc_attr(ATTR_E_SNONCE2, e_s2)
8230 data = b''
8231 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
8232 attrs += build_attr_authenticator(authkey, raw_m6_attrs, attrs)
8233 m7 = build_eap_wsc(2, msg['eap_identifier'], attrs)
8234 raw_m7_attrs = attrs
8235 send_wsc_msg(hapd, addr, m7)
8236
8237 wps_wait_ap_nack(hapd, dev[0], e_nonce, r_nonce)
8238
8239 @remote_compatible
8240 def test_wps_ext_m7_e_snonce2_mismatch(dev, apdev):
8241 """WPS proto: M7 E-SNonce2 mismatch"""
8242 pin = "12345670"
8243 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8244 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8245 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8246
8247 logger.debug("Receive WSC/Start from AP")
8248 msg = get_wsc_msg(hapd)
8249 if msg['wsc_opcode'] != WSC_Start:
8250 raise Exception("Unexpected Op-Code for WSC/Start")
8251
8252 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8253 uuid_e = 16*b'\x11'
8254 e_nonce = 16*b'\x22'
8255 own_private, e_pk = wsc_dh_init()
8256
8257 logger.debug("Send M1 to AP")
8258 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8259 e_nonce, e_pk)
8260 send_wsc_msg(hapd, addr, m1)
8261
8262 logger.debug("Receive M2 from AP")
8263 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8264 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8265 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8266
8267 authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8268 r_nonce)
8269 e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8270
8271 logger.debug("Send M3 to AP")
8272 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8273 attrs += build_attr_msg_type(WPS_M3)
8274 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8275 attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
8276 attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
8277 attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
8278 raw_m3_attrs = attrs
8279 m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
8280 send_wsc_msg(hapd, addr, m3)
8281
8282 logger.debug("Receive M4 from AP")
8283 msg, m4_attrs, raw_m4_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M4)
8284
8285 logger.debug("Send M5 to AP")
8286 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8287 attrs += build_attr_msg_type(WPS_M5)
8288 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8289 data = build_wsc_attr(ATTR_E_SNONCE1, e_s1)
8290 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
8291 attrs += build_attr_authenticator(authkey, raw_m4_attrs, attrs)
8292 raw_m5_attrs = attrs
8293 m5 = build_eap_wsc(2, msg['eap_identifier'], attrs)
8294 send_wsc_msg(hapd, addr, m5)
8295
8296 logger.debug("Receive M6 from AP")
8297 msg, m6_attrs, raw_m6_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M6)
8298
8299 logger.debug("Send M7 to AP")
8300 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8301 attrs += build_attr_msg_type(WPS_M7)
8302 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8303 data = build_wsc_attr(ATTR_E_SNONCE2, 16*'\x00')
8304 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
8305 attrs += build_attr_authenticator(authkey, raw_m6_attrs, attrs)
8306 m7 = build_eap_wsc(2, msg['eap_identifier'], attrs)
8307 raw_m7_attrs = attrs
8308 send_wsc_msg(hapd, addr, m7)
8309
8310 wps_wait_ap_nack(hapd, dev[0], e_nonce, r_nonce)
8311
8312 @remote_compatible
8313 def test_wps_ext_m1_pubkey_oom(dev, apdev):
8314 """WPS proto: M1 PubKey OOM"""
8315 pin = "12345670"
8316 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8317 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8318 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8319
8320 logger.debug("Receive WSC/Start from AP")
8321 msg = get_wsc_msg(hapd)
8322 if msg['wsc_opcode'] != WSC_Start:
8323 raise Exception("Unexpected Op-Code for WSC/Start")
8324
8325 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8326 uuid_e = 16*'\x11'
8327 e_nonce = 16*'\x22'
8328 own_private, e_pk = wsc_dh_init()
8329
8330 logger.debug("Send M1 to AP")
8331 with alloc_fail(hapd, 1, "wpabuf_alloc_copy;wps_process_pubkey"):
8332 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8333 e_nonce, e_pk)
8334 send_wsc_msg(hapd, addr, m1)
8335 wps_wait_eap_failure(hapd, dev[0])
8336
8337 def wps_wait_eap_failure(hapd, dev):
8338 ev = hapd.wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=5)
8339 if ev is None:
8340 raise Exception("EAP-Failure not reported")
8341 dev.wait_disconnected()
8342
8343 @remote_compatible
8344 def test_wps_ext_m3_m1(dev, apdev):
8345 """WPS proto: M3 replaced with M1"""
8346 pin = "12345670"
8347 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8348 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8349 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8350
8351 logger.debug("Receive WSC/Start from AP")
8352 msg = get_wsc_msg(hapd)
8353 if msg['wsc_opcode'] != WSC_Start:
8354 raise Exception("Unexpected Op-Code for WSC/Start")
8355
8356 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8357 uuid_e = 16*b'\x11'
8358 e_nonce = 16*b'\x22'
8359 own_private, e_pk = wsc_dh_init()
8360
8361 logger.debug("Send M1 to AP")
8362 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8363 e_nonce, e_pk)
8364 send_wsc_msg(hapd, addr, m1)
8365
8366 logger.debug("Receive M2 from AP")
8367 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8368 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8369 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8370
8371 authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8372 r_nonce)
8373 e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8374
8375 logger.debug("Send M3(M1) to AP")
8376 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8377 attrs += build_attr_msg_type(WPS_M1)
8378 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8379 attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
8380 attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
8381 attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
8382 raw_m3_attrs = attrs
8383 m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
8384 send_wsc_msg(hapd, addr, m3)
8385
8386 wps_wait_eap_failure(hapd, dev[0])
8387
8388 @remote_compatible
8389 def test_wps_ext_m5_m3(dev, apdev):
8390 """WPS proto: M5 replaced with M3"""
8391 pin = "12345670"
8392 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8393 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8394 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8395
8396 logger.debug("Receive WSC/Start from AP")
8397 msg = get_wsc_msg(hapd)
8398 if msg['wsc_opcode'] != WSC_Start:
8399 raise Exception("Unexpected Op-Code for WSC/Start")
8400
8401 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8402 uuid_e = 16*b'\x11'
8403 e_nonce = 16*b'\x22'
8404 own_private, e_pk = wsc_dh_init()
8405
8406 logger.debug("Send M1 to AP")
8407 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8408 e_nonce, e_pk)
8409 send_wsc_msg(hapd, addr, m1)
8410
8411 logger.debug("Receive M2 from AP")
8412 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8413 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8414 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8415
8416 authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8417 r_nonce)
8418 e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8419
8420 logger.debug("Send M3 to AP")
8421 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8422 attrs += build_attr_msg_type(WPS_M3)
8423 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8424 attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
8425 attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
8426 attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
8427 raw_m3_attrs = attrs
8428 m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
8429 send_wsc_msg(hapd, addr, m3)
8430
8431 logger.debug("Receive M4 from AP")
8432 msg, m4_attrs, raw_m4_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M4)
8433
8434 logger.debug("Send M5(M3) to AP")
8435 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8436 attrs += build_attr_msg_type(WPS_M3)
8437 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8438 data = build_wsc_attr(ATTR_E_SNONCE1, e_s1)
8439 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
8440 attrs += build_attr_authenticator(authkey, raw_m4_attrs, attrs)
8441 raw_m5_attrs = attrs
8442 m5 = build_eap_wsc(2, msg['eap_identifier'], attrs)
8443 send_wsc_msg(hapd, addr, m5)
8444
8445 wps_wait_ap_nack(hapd, dev[0], e_nonce, r_nonce)
8446
8447 @remote_compatible
8448 def test_wps_ext_m3_m2(dev, apdev):
8449 """WPS proto: M3 replaced with M2"""
8450 pin = "12345670"
8451 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8452 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8453 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8454
8455 logger.debug("Receive WSC/Start from AP")
8456 msg = get_wsc_msg(hapd)
8457 if msg['wsc_opcode'] != WSC_Start:
8458 raise Exception("Unexpected Op-Code for WSC/Start")
8459
8460 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8461 uuid_e = 16*b'\x11'
8462 e_nonce = 16*b'\x22'
8463 own_private, e_pk = wsc_dh_init()
8464
8465 logger.debug("Send M1 to AP")
8466 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8467 e_nonce, e_pk)
8468 send_wsc_msg(hapd, addr, m1)
8469
8470 logger.debug("Receive M2 from AP")
8471 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8472 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8473 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8474
8475 authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8476 r_nonce)
8477 e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8478
8479 logger.debug("Send M3(M2) to AP")
8480 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8481 attrs += build_attr_msg_type(WPS_M2)
8482 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8483 attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
8484 raw_m3_attrs = attrs
8485 m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
8486 send_wsc_msg(hapd, addr, m3)
8487
8488 wps_wait_eap_failure(hapd, dev[0])
8489
8490 @remote_compatible
8491 def test_wps_ext_m3_m5(dev, apdev):
8492 """WPS proto: M3 replaced with M5"""
8493 pin = "12345670"
8494 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8495 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8496 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8497
8498 logger.debug("Receive WSC/Start from AP")
8499 msg = get_wsc_msg(hapd)
8500 if msg['wsc_opcode'] != WSC_Start:
8501 raise Exception("Unexpected Op-Code for WSC/Start")
8502
8503 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8504 uuid_e = 16*b'\x11'
8505 e_nonce = 16*b'\x22'
8506 own_private, e_pk = wsc_dh_init()
8507
8508 logger.debug("Send M1 to AP")
8509 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8510 e_nonce, e_pk)
8511 send_wsc_msg(hapd, addr, m1)
8512
8513 logger.debug("Receive M2 from AP")
8514 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8515 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8516 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8517
8518 authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8519 r_nonce)
8520 e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8521
8522 logger.debug("Send M3(M5) to AP")
8523 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8524 attrs += build_attr_msg_type(WPS_M5)
8525 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8526 attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
8527 attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
8528 attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
8529 raw_m3_attrs = attrs
8530 m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
8531 send_wsc_msg(hapd, addr, m3)
8532
8533 wps_wait_ap_nack(hapd, dev[0], e_nonce, r_nonce)
8534
8535 @remote_compatible
8536 def test_wps_ext_m3_m7(dev, apdev):
8537 """WPS proto: M3 replaced with M7"""
8538 pin = "12345670"
8539 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8540 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8541 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8542
8543 logger.debug("Receive WSC/Start from AP")
8544 msg = get_wsc_msg(hapd)
8545 if msg['wsc_opcode'] != WSC_Start:
8546 raise Exception("Unexpected Op-Code for WSC/Start")
8547
8548 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8549 uuid_e = 16*b'\x11'
8550 e_nonce = 16*b'\x22'
8551 own_private, e_pk = wsc_dh_init()
8552
8553 logger.debug("Send M1 to AP")
8554 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8555 e_nonce, e_pk)
8556 send_wsc_msg(hapd, addr, m1)
8557
8558 logger.debug("Receive M2 from AP")
8559 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8560 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8561 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8562
8563 authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8564 r_nonce)
8565 e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8566
8567 logger.debug("Send M3(M7) to AP")
8568 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8569 attrs += build_attr_msg_type(WPS_M7)
8570 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8571 attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
8572 attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
8573 attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
8574 raw_m3_attrs = attrs
8575 m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
8576 send_wsc_msg(hapd, addr, m3)
8577
8578 wps_wait_ap_nack(hapd, dev[0], e_nonce, r_nonce)
8579
8580 @remote_compatible
8581 def test_wps_ext_m3_done(dev, apdev):
8582 """WPS proto: M3 replaced with WSC_Done"""
8583 pin = "12345670"
8584 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8585 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8586 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8587
8588 logger.debug("Receive WSC/Start from AP")
8589 msg = get_wsc_msg(hapd)
8590 if msg['wsc_opcode'] != WSC_Start:
8591 raise Exception("Unexpected Op-Code for WSC/Start")
8592
8593 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8594 uuid_e = 16*b'\x11'
8595 e_nonce = 16*b'\x22'
8596 own_private, e_pk = wsc_dh_init()
8597
8598 logger.debug("Send M1 to AP")
8599 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8600 e_nonce, e_pk)
8601 send_wsc_msg(hapd, addr, m1)
8602
8603 logger.debug("Receive M2 from AP")
8604 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8605 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8606 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8607
8608 authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8609 r_nonce)
8610 e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8611
8612 logger.debug("Send M3(WSC_Done) to AP")
8613 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8614 attrs += build_attr_msg_type(WPS_WSC_DONE)
8615 attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
8616 raw_m3_attrs = attrs
8617 m3 = build_eap_wsc(2, msg['eap_identifier'], attrs, opcode=WSC_Done)
8618 send_wsc_msg(hapd, addr, m3)
8619
8620 wps_wait_eap_failure(hapd, dev[0])
8621
8622 @remote_compatible
8623 def test_wps_ext_m2_nack_invalid(dev, apdev):
8624 """WPS proto: M2 followed by invalid NACK"""
8625 pin = "12345670"
8626 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8627 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8628 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8629
8630 logger.debug("Receive WSC/Start from AP")
8631 msg = get_wsc_msg(hapd)
8632 if msg['wsc_opcode'] != WSC_Start:
8633 raise Exception("Unexpected Op-Code for WSC/Start")
8634
8635 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8636 uuid_e = 16*b'\x11'
8637 e_nonce = 16*b'\x22'
8638 own_private, e_pk = wsc_dh_init()
8639
8640 logger.debug("Send M1 to AP")
8641 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8642 e_nonce, e_pk)
8643 send_wsc_msg(hapd, addr, m1)
8644
8645 logger.debug("Receive M2 from AP")
8646 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8647 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8648 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8649
8650 authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8651 r_nonce)
8652 e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8653
8654 logger.debug("Send WSC_NACK to AP")
8655 attrs = b'\x10\x00\x00'
8656 nack = build_eap_wsc(2, msg['eap_identifier'], attrs, opcode=WSC_NACK)
8657 send_wsc_msg(hapd, addr, nack)
8658
8659 wps_wait_eap_failure(hapd, dev[0])
8660
8661 @remote_compatible
8662 def test_wps_ext_m2_nack_no_msg_type(dev, apdev):
8663 """WPS proto: M2 followed by NACK without Msg Type"""
8664 pin = "12345670"
8665 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8666 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8667 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8668
8669 logger.debug("Receive WSC/Start from AP")
8670 msg = get_wsc_msg(hapd)
8671 if msg['wsc_opcode'] != WSC_Start:
8672 raise Exception("Unexpected Op-Code for WSC/Start")
8673
8674 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8675 uuid_e = 16*b'\x11'
8676 e_nonce = 16*b'\x22'
8677 own_private, e_pk = wsc_dh_init()
8678
8679 logger.debug("Send M1 to AP")
8680 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8681 e_nonce, e_pk)
8682 send_wsc_msg(hapd, addr, m1)
8683
8684 logger.debug("Receive M2 from AP")
8685 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8686 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8687 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8688
8689 authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8690 r_nonce)
8691 e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8692
8693 logger.debug("Send WSC_NACK to AP")
8694 nack, attrs = build_nack(msg['eap_identifier'], e_nonce, r_nonce,
8695 msg_type=None, eap_code=2)
8696 send_wsc_msg(hapd, addr, nack)
8697
8698 wps_wait_eap_failure(hapd, dev[0])
8699
8700 @remote_compatible
8701 def test_wps_ext_m2_nack_invalid_msg_type(dev, apdev):
8702 """WPS proto: M2 followed by NACK with invalid Msg Type"""
8703 pin = "12345670"
8704 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8705 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8706 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8707
8708 logger.debug("Receive WSC/Start from AP")
8709 msg = get_wsc_msg(hapd)
8710 if msg['wsc_opcode'] != WSC_Start:
8711 raise Exception("Unexpected Op-Code for WSC/Start")
8712
8713 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8714 uuid_e = 16*b'\x11'
8715 e_nonce = 16*b'\x22'
8716 own_private, e_pk = wsc_dh_init()
8717
8718 logger.debug("Send M1 to AP")
8719 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8720 e_nonce, e_pk)
8721 send_wsc_msg(hapd, addr, m1)
8722
8723 logger.debug("Receive M2 from AP")
8724 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8725 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8726 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8727
8728 authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8729 r_nonce)
8730 e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8731
8732 logger.debug("Send WSC_NACK to AP")
8733 nack, attrs = build_nack(msg['eap_identifier'], e_nonce, r_nonce,
8734 msg_type=WPS_WSC_ACK, eap_code=2)
8735 send_wsc_msg(hapd, addr, nack)
8736
8737 wps_wait_eap_failure(hapd, dev[0])
8738
8739 @remote_compatible
8740 def test_wps_ext_m2_nack_e_nonce_mismatch(dev, apdev):
8741 """WPS proto: M2 followed by NACK with e-nonce mismatch"""
8742 pin = "12345670"
8743 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8744 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8745 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8746
8747 logger.debug("Receive WSC/Start from AP")
8748 msg = get_wsc_msg(hapd)
8749 if msg['wsc_opcode'] != WSC_Start:
8750 raise Exception("Unexpected Op-Code for WSC/Start")
8751
8752 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8753 uuid_e = 16*b'\x11'
8754 e_nonce = 16*b'\x22'
8755 own_private, e_pk = wsc_dh_init()
8756
8757 logger.debug("Send M1 to AP")
8758 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8759 e_nonce, e_pk)
8760 send_wsc_msg(hapd, addr, m1)
8761
8762 logger.debug("Receive M2 from AP")
8763 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8764 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8765 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8766
8767 authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8768 r_nonce)
8769 e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8770
8771 logger.debug("Send WSC_NACK to AP")
8772 nack, attrs = build_nack(msg['eap_identifier'], 16*b'\x00', r_nonce,
8773 eap_code=2)
8774 send_wsc_msg(hapd, addr, nack)
8775
8776 wps_wait_eap_failure(hapd, dev[0])
8777
8778 @remote_compatible
8779 def test_wps_ext_m2_nack_no_config_error(dev, apdev):
8780 """WPS proto: M2 followed by NACK without Config Error"""
8781 pin = "12345670"
8782 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8783 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8784 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8785
8786 logger.debug("Receive WSC/Start from AP")
8787 msg = get_wsc_msg(hapd)
8788 if msg['wsc_opcode'] != WSC_Start:
8789 raise Exception("Unexpected Op-Code for WSC/Start")
8790
8791 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8792 uuid_e = 16*b'\x11'
8793 e_nonce = 16*b'\x22'
8794 own_private, e_pk = wsc_dh_init()
8795
8796 logger.debug("Send M1 to AP")
8797 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8798 e_nonce, e_pk)
8799 send_wsc_msg(hapd, addr, m1)
8800
8801 logger.debug("Receive M2 from AP")
8802 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8803 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8804 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8805
8806 authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8807 r_nonce)
8808 e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8809
8810 logger.debug("Send WSC_NACK to AP")
8811 nack, attrs = build_nack(msg['eap_identifier'], e_nonce, r_nonce,
8812 config_error=None, eap_code=2)
8813 send_wsc_msg(hapd, addr, nack)
8814
8815 wps_wait_eap_failure(hapd, dev[0])
8816
8817 @remote_compatible
8818 def test_wps_ext_m2_ack_invalid(dev, apdev):
8819 """WPS proto: M2 followed by invalid ACK"""
8820 pin = "12345670"
8821 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8822 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8823 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8824
8825 logger.debug("Receive WSC/Start from AP")
8826 msg = get_wsc_msg(hapd)
8827 if msg['wsc_opcode'] != WSC_Start:
8828 raise Exception("Unexpected Op-Code for WSC/Start")
8829
8830 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8831 uuid_e = 16*b'\x11'
8832 e_nonce = 16*b'\x22'
8833 own_private, e_pk = wsc_dh_init()
8834
8835 logger.debug("Send M1 to AP")
8836 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8837 e_nonce, e_pk)
8838 send_wsc_msg(hapd, addr, m1)
8839
8840 logger.debug("Receive M2 from AP")
8841 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8842 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8843 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8844
8845 authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8846 r_nonce)
8847 e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8848
8849 logger.debug("Send WSC_ACK to AP")
8850 attrs = b'\x10\x00\x00'
8851 ack = build_eap_wsc(2, msg['eap_identifier'], attrs, opcode=WSC_ACK)
8852 send_wsc_msg(hapd, addr, ack)
8853
8854 wps_wait_eap_failure(hapd, dev[0])
8855
8856 @remote_compatible
8857 def test_wps_ext_m2_ack(dev, apdev):
8858 """WPS proto: M2 followed by ACK"""
8859 pin = "12345670"
8860 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8861 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8862 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8863
8864 logger.debug("Receive WSC/Start from AP")
8865 msg = get_wsc_msg(hapd)
8866 if msg['wsc_opcode'] != WSC_Start:
8867 raise Exception("Unexpected Op-Code for WSC/Start")
8868
8869 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8870 uuid_e = 16*b'\x11'
8871 e_nonce = 16*b'\x22'
8872 own_private, e_pk = wsc_dh_init()
8873
8874 logger.debug("Send M1 to AP")
8875 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8876 e_nonce, e_pk)
8877 send_wsc_msg(hapd, addr, m1)
8878
8879 logger.debug("Receive M2 from AP")
8880 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8881 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8882 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8883
8884 authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8885 r_nonce)
8886 e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8887
8888 logger.debug("Send WSC_ACK to AP")
8889 ack, attrs = build_ack(msg['eap_identifier'], e_nonce, r_nonce, eap_code=2)
8890 send_wsc_msg(hapd, addr, ack)
8891
8892 wps_wait_eap_failure(hapd, dev[0])
8893
8894 @remote_compatible
8895 def test_wps_ext_m2_ack_no_msg_type(dev, apdev):
8896 """WPS proto: M2 followed by ACK missing Msg Type"""
8897 pin = "12345670"
8898 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8899 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8900 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8901
8902 logger.debug("Receive WSC/Start from AP")
8903 msg = get_wsc_msg(hapd)
8904 if msg['wsc_opcode'] != WSC_Start:
8905 raise Exception("Unexpected Op-Code for WSC/Start")
8906
8907 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8908 uuid_e = 16*b'\x11'
8909 e_nonce = 16*b'\x22'
8910 own_private, e_pk = wsc_dh_init()
8911
8912 logger.debug("Send M1 to AP")
8913 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8914 e_nonce, e_pk)
8915 send_wsc_msg(hapd, addr, m1)
8916
8917 logger.debug("Receive M2 from AP")
8918 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8919 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8920 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8921
8922 authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8923 r_nonce)
8924 e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8925
8926 logger.debug("Send WSC_ACK to AP")
8927 ack, attrs = build_ack(msg['eap_identifier'], e_nonce, r_nonce,
8928 msg_type=None, eap_code=2)
8929 send_wsc_msg(hapd, addr, ack)
8930
8931 wps_wait_eap_failure(hapd, dev[0])
8932
8933 @remote_compatible
8934 def test_wps_ext_m2_ack_invalid_msg_type(dev, apdev):
8935 """WPS proto: M2 followed by ACK with invalid Msg Type"""
8936 pin = "12345670"
8937 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8938 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8939 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8940
8941 logger.debug("Receive WSC/Start from AP")
8942 msg = get_wsc_msg(hapd)
8943 if msg['wsc_opcode'] != WSC_Start:
8944 raise Exception("Unexpected Op-Code for WSC/Start")
8945
8946 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8947 uuid_e = 16*b'\x11'
8948 e_nonce = 16*b'\x22'
8949 own_private, e_pk = wsc_dh_init()
8950
8951 logger.debug("Send M1 to AP")
8952 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8953 e_nonce, e_pk)
8954 send_wsc_msg(hapd, addr, m1)
8955
8956 logger.debug("Receive M2 from AP")
8957 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8958 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8959 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8960
8961 authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8962 r_nonce)
8963 e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8964
8965 logger.debug("Send WSC_ACK to AP")
8966 ack, attrs = build_ack(msg['eap_identifier'], e_nonce, r_nonce,
8967 msg_type=WPS_WSC_NACK, eap_code=2)
8968 send_wsc_msg(hapd, addr, ack)
8969
8970 wps_wait_eap_failure(hapd, dev[0])
8971
8972 @remote_compatible
8973 def test_wps_ext_m2_ack_e_nonce_mismatch(dev, apdev):
8974 """WPS proto: M2 followed by ACK with e-nonce mismatch"""
8975 pin = "12345670"
8976 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8977 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8978 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8979
8980 logger.debug("Receive WSC/Start from AP")
8981 msg = get_wsc_msg(hapd)
8982 if msg['wsc_opcode'] != WSC_Start:
8983 raise Exception("Unexpected Op-Code for WSC/Start")
8984
8985 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8986 uuid_e = 16*b'\x11'
8987 e_nonce = 16*b'\x22'
8988 own_private, e_pk = wsc_dh_init()
8989
8990 logger.debug("Send M1 to AP")
8991 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8992 e_nonce, e_pk)
8993 send_wsc_msg(hapd, addr, m1)
8994
8995 logger.debug("Receive M2 from AP")
8996 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8997 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8998 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8999
9000 authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
9001 r_nonce)
9002 e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
9003
9004 logger.debug("Send WSC_ACK to AP")
9005 ack, attrs = build_ack(msg['eap_identifier'], 16*b'\x00', r_nonce,
9006 eap_code=2)
9007 send_wsc_msg(hapd, addr, ack)
9008
9009 wps_wait_eap_failure(hapd, dev[0])
9010
9011 @remote_compatible
9012 def test_wps_ext_m1_invalid(dev, apdev):
9013 """WPS proto: M1 failing parsing"""
9014 pin = "12345670"
9015 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
9016 wps_ext_eap_identity_req(dev[0], hapd, bssid)
9017 wps_ext_eap_identity_resp(hapd, dev[0], addr)
9018
9019 logger.debug("Receive WSC/Start from AP")
9020 msg = get_wsc_msg(hapd)
9021 if msg['wsc_opcode'] != WSC_Start:
9022 raise Exception("Unexpected Op-Code for WSC/Start")
9023
9024 logger.debug("Send M1 to AP")
9025 attrs = b'\x10\x00\x00'
9026 m1 = build_eap_wsc(2, msg['eap_identifier'], attrs)
9027 send_wsc_msg(hapd, addr, m1)
9028
9029 wps_wait_eap_failure(hapd, dev[0])
9030
9031 def test_wps_ext_m1_missing_msg_type(dev, apdev):
9032 """WPS proto: M1 missing Msg Type"""
9033 pin = "12345670"
9034 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
9035 wps_ext_eap_identity_req(dev[0], hapd, bssid)
9036 wps_ext_eap_identity_resp(hapd, dev[0], addr)
9037
9038 logger.debug("Receive WSC/Start from AP")
9039 msg = get_wsc_msg(hapd)
9040 if msg['wsc_opcode'] != WSC_Start:
9041 raise Exception("Unexpected Op-Code for WSC/Start")
9042
9043 logger.debug("Send M1 to AP")
9044 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
9045 m1 = build_eap_wsc(2, msg['eap_identifier'], attrs)
9046 send_wsc_msg(hapd, addr, m1)
9047
9048 wps_wait_ap_nack(hapd, dev[0], 16*b'\x00', 16*b'\x00')
9049
9050 def wps_ext_wsc_done(dev, apdev):
9051 pin = "12345670"
9052 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
9053 wps_ext_eap_identity_req(dev[0], hapd, bssid)
9054 wps_ext_eap_identity_resp(hapd, dev[0], addr)
9055
9056 logger.debug("Receive WSC/Start from AP")
9057 msg = get_wsc_msg(hapd)
9058 if msg['wsc_opcode'] != WSC_Start:
9059 raise Exception("Unexpected Op-Code for WSC/Start")
9060
9061 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
9062 uuid_e = 16*b'\x11'
9063 e_nonce = 16*b'\x22'
9064 own_private, e_pk = wsc_dh_init()
9065
9066 logger.debug("Send M1 to AP")
9067 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
9068 e_nonce, e_pk)
9069 send_wsc_msg(hapd, addr, m1)
9070
9071 logger.debug("Receive M2 from AP")
9072 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
9073 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
9074 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
9075
9076 authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
9077 r_nonce)
9078 e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
9079
9080 logger.debug("Send M3 to AP")
9081 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
9082 attrs += build_attr_msg_type(WPS_M3)
9083 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
9084 attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
9085 attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
9086 attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
9087 raw_m3_attrs = attrs
9088 m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
9089 send_wsc_msg(hapd, addr, m3)
9090
9091 logger.debug("Receive M4 from AP")
9092 msg, m4_attrs, raw_m4_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M4)
9093
9094 logger.debug("Send M5 to AP")
9095 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
9096 attrs += build_attr_msg_type(WPS_M5)
9097 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
9098 data = build_wsc_attr(ATTR_E_SNONCE1, e_s1)
9099 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
9100 attrs += build_attr_authenticator(authkey, raw_m4_attrs, attrs)
9101 raw_m5_attrs = attrs
9102 m5 = build_eap_wsc(2, msg['eap_identifier'], attrs)
9103 send_wsc_msg(hapd, addr, m5)
9104
9105 logger.debug("Receive M6 from AP")
9106 msg, m6_attrs, raw_m6_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M6)
9107
9108 logger.debug("Send M7 to AP")
9109 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
9110 attrs += build_attr_msg_type(WPS_M7)
9111 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
9112 data = build_wsc_attr(ATTR_E_SNONCE2, e_s2)
9113 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
9114 attrs += build_attr_authenticator(authkey, raw_m6_attrs, attrs)
9115 m7 = build_eap_wsc(2, msg['eap_identifier'], attrs)
9116 raw_m7_attrs = attrs
9117 send_wsc_msg(hapd, addr, m7)
9118
9119 logger.debug("Receive M8 from AP")
9120 msg, m8_attrs, raw_m8_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M8)
9121 return hapd, msg, e_nonce, r_nonce
9122
9123 @remote_compatible
9124 def test_wps_ext_wsc_done_invalid(dev, apdev):
9125 """WPS proto: invalid WSC_Done"""
9126 hapd, msg, e_nonce, r_nonce = wps_ext_wsc_done(dev, apdev)
9127
9128 logger.debug("Send WSC_Done to AP")
9129 attrs = b'\x10\x00\x00'
9130 wsc_done = build_eap_wsc(2, msg['eap_identifier'], attrs, opcode=WSC_Done)
9131 send_wsc_msg(hapd, dev[0].own_addr(), wsc_done)
9132
9133 wps_wait_eap_failure(hapd, dev[0])
9134
9135 @remote_compatible
9136 def test_wps_ext_wsc_done_no_msg_type(dev, apdev):
9137 """WPS proto: invalid WSC_Done"""
9138 hapd, msg, e_nonce, r_nonce = wps_ext_wsc_done(dev, apdev)
9139
9140 logger.debug("Send WSC_Done to AP")
9141 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
9142 #attrs += build_attr_msg_type(WPS_WSC_DONE)
9143 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
9144 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
9145 wsc_done = build_eap_wsc(2, msg['eap_identifier'], attrs, opcode=WSC_Done)
9146 send_wsc_msg(hapd, dev[0].own_addr(), wsc_done)
9147
9148 wps_wait_eap_failure(hapd, dev[0])
9149
9150 @remote_compatible
9151 def test_wps_ext_wsc_done_wrong_msg_type(dev, apdev):
9152 """WPS proto: WSC_Done with wrong Msg Type"""
9153 hapd, msg, e_nonce, r_nonce = wps_ext_wsc_done(dev, apdev)
9154
9155 logger.debug("Send WSC_Done to AP")
9156 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
9157 attrs += build_attr_msg_type(WPS_WSC_ACK)
9158 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
9159 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
9160 wsc_done = build_eap_wsc(2, msg['eap_identifier'], attrs, opcode=WSC_Done)
9161 send_wsc_msg(hapd, dev[0].own_addr(), wsc_done)
9162
9163 wps_wait_eap_failure(hapd, dev[0])
9164
9165 @remote_compatible
9166 def test_wps_ext_wsc_done_no_e_nonce(dev, apdev):
9167 """WPS proto: WSC_Done without e_nonce"""
9168 hapd, msg, e_nonce, r_nonce = wps_ext_wsc_done(dev, apdev)
9169
9170 logger.debug("Send WSC_Done to AP")
9171 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
9172 attrs += build_attr_msg_type(WPS_WSC_DONE)
9173 #attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
9174 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
9175 wsc_done = build_eap_wsc(2, msg['eap_identifier'], attrs, opcode=WSC_Done)
9176 send_wsc_msg(hapd, dev[0].own_addr(), wsc_done)
9177
9178 wps_wait_eap_failure(hapd, dev[0])
9179
9180 def test_wps_ext_wsc_done_no_r_nonce(dev, apdev):
9181 """WPS proto: WSC_Done without r_nonce"""
9182 hapd, msg, e_nonce, r_nonce = wps_ext_wsc_done(dev, apdev)
9183
9184 logger.debug("Send WSC_Done to AP")
9185 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
9186 attrs += build_attr_msg_type(WPS_WSC_DONE)
9187 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
9188 #attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
9189 wsc_done = build_eap_wsc(2, msg['eap_identifier'], attrs, opcode=WSC_Done)
9190 send_wsc_msg(hapd, dev[0].own_addr(), wsc_done)
9191
9192 wps_wait_eap_failure(hapd, dev[0])
9193
9194 @remote_compatible
9195 def test_wps_ext_m7_no_encr_settings(dev, apdev):
9196 """WPS proto: M7 without Encr Settings"""
9197 pin = "12345670"
9198 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
9199 wps_ext_eap_identity_req(dev[0], hapd, bssid)
9200 wps_ext_eap_identity_resp(hapd, dev[0], addr)
9201
9202 logger.debug("Receive WSC/Start from AP")
9203 msg = get_wsc_msg(hapd)
9204 if msg['wsc_opcode'] != WSC_Start:
9205 raise Exception("Unexpected Op-Code for WSC/Start")
9206
9207 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
9208 uuid_e = 16*b'\x11'
9209 e_nonce = 16*b'\x22'
9210 own_private, e_pk = wsc_dh_init()
9211
9212 logger.debug("Send M1 to AP")
9213 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
9214 e_nonce, e_pk)
9215 send_wsc_msg(hapd, addr, m1)
9216
9217 logger.debug("Receive M2 from AP")
9218 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
9219 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
9220 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
9221
9222 authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
9223 r_nonce)
9224 e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
9225
9226 logger.debug("Send M3 to AP")
9227 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
9228 attrs += build_attr_msg_type(WPS_M3)
9229 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
9230 attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
9231 attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
9232 attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
9233 raw_m3_attrs = attrs
9234 m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
9235 send_wsc_msg(hapd, addr, m3)
9236
9237 logger.debug("Receive M4 from AP")
9238 msg, m4_attrs, raw_m4_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M4)
9239
9240 logger.debug("Send M5 to AP")
9241 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
9242 attrs += build_attr_msg_type(WPS_M5)
9243 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
9244 data = build_wsc_attr(ATTR_E_SNONCE1, e_s1)
9245 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
9246 attrs += build_attr_authenticator(authkey, raw_m4_attrs, attrs)
9247 raw_m5_attrs = attrs
9248 m5 = build_eap_wsc(2, msg['eap_identifier'], attrs)
9249 send_wsc_msg(hapd, addr, m5)
9250
9251 logger.debug("Receive M6 from AP")
9252 msg, m6_attrs, raw_m6_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M6)
9253
9254 logger.debug("Send M7 to AP")
9255 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
9256 attrs += build_attr_msg_type(WPS_M7)
9257 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
9258 #data = build_wsc_attr(ATTR_E_SNONCE2, e_s2)
9259 #attrs += build_attr_encr_settings(authkey, keywrapkey, data)
9260 attrs += build_attr_authenticator(authkey, raw_m6_attrs, attrs)
9261 m7 = build_eap_wsc(2, msg['eap_identifier'], attrs)
9262 raw_m7_attrs = attrs
9263 send_wsc_msg(hapd, addr, m7)
9264
9265 wps_wait_ap_nack(hapd, dev[0], e_nonce, r_nonce)
9266
9267 @remote_compatible
9268 def test_wps_ext_m1_workaround(dev, apdev):
9269 """WPS proto: M1 Manufacturer/Model workaround"""
9270 pin = "12345670"
9271 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
9272 wps_ext_eap_identity_req(dev[0], hapd, bssid)
9273 wps_ext_eap_identity_resp(hapd, dev[0], addr)
9274
9275 logger.debug("Receive WSC/Start from AP")
9276 msg = get_wsc_msg(hapd)
9277 if msg['wsc_opcode'] != WSC_Start:
9278 raise Exception("Unexpected Op-Code for WSC/Start")
9279
9280 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
9281 uuid_e = 16*b'\x11'
9282 e_nonce = 16*b'\x22'
9283 own_private, e_pk = wsc_dh_init()
9284
9285 logger.debug("Send M1 to AP")
9286 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
9287 e_nonce, e_pk, manufacturer='Apple TEST',
9288 model_name='AirPort', config_methods=b'\xff\xff')
9289 send_wsc_msg(hapd, addr, m1)
9290
9291 logger.debug("Receive M2 from AP")
9292 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
9293
9294 @remote_compatible
9295 def test_ap_wps_disable_enable(dev, apdev):
9296 """WPS and DISABLE/ENABLE AP"""
9297 hapd = wps_start_ap(apdev[0])
9298 hapd.disable()
9299 hapd.enable()
9300 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
9301
9302 def test_ap_wps_upnp_web_oom(dev, apdev, params):
9303 """hostapd WPS UPnP web OOM"""
9304 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
9305 hapd = add_ssdp_ap(apdev[0], ap_uuid)
9306
9307 location = ssdp_get_location(ap_uuid)
9308 url = urlparse(location)
9309 urls = upnp_get_urls(location)
9310 eventurl = urlparse(urls['event_sub_url'])
9311 ctrlurl = urlparse(urls['control_url'])
9312
9313 conn = HTTPConnection(url.netloc)
9314 with alloc_fail(hapd, 1, "web_connection_parse_get"):
9315 conn.request("GET", "/wps_device.xml")
9316 try:
9317 resp = conn.getresponse()
9318 except:
9319 pass
9320
9321 conn = HTTPConnection(url.netloc)
9322 conn.request("GET", "/unknown")
9323 resp = conn.getresponse()
9324 if resp.status != 404:
9325 raise Exception("Unexpected HTTP result for unknown URL: %d" + resp.status)
9326
9327 with alloc_fail(hapd, 1, "web_connection_parse_get"):
9328 conn.request("GET", "/unknown")
9329 try:
9330 resp = conn.getresponse()
9331 print(resp.status)
9332 except:
9333 pass
9334
9335 conn = HTTPConnection(url.netloc)
9336 conn.request("GET", "/wps_device.xml")
9337 resp = conn.getresponse()
9338 if resp.status != 200:
9339 raise Exception("GET /wps_device.xml failed")
9340
9341 conn = HTTPConnection(url.netloc)
9342 resp = upnp_soap_action(conn, ctrlurl.path, "GetDeviceInfo")
9343 if resp.status != 200:
9344 raise Exception("GetDeviceInfo failed")
9345
9346 with alloc_fail(hapd, 1, "web_process_get_device_info"):
9347 conn = HTTPConnection(url.netloc)
9348 resp = upnp_soap_action(conn, ctrlurl.path, "GetDeviceInfo")
9349 if resp.status != 500:
9350 raise Exception("Internal error not reported from GetDeviceInfo OOM")
9351
9352 with alloc_fail(hapd, 1, "wps_build_m1;web_process_get_device_info"):
9353 conn = HTTPConnection(url.netloc)
9354 resp = upnp_soap_action(conn, ctrlurl.path, "GetDeviceInfo")
9355 if resp.status != 500:
9356 raise Exception("Internal error not reported from GetDeviceInfo OOM")
9357
9358 with alloc_fail(hapd, 1, "wpabuf_alloc;web_connection_send_reply"):
9359 conn = HTTPConnection(url.netloc)
9360 try:
9361 resp = upnp_soap_action(conn, ctrlurl.path, "GetDeviceInfo")
9362 except:
9363 pass
9364
9365 conn = HTTPConnection(url.netloc)
9366 resp = upnp_soap_action(conn, ctrlurl.path, "GetDeviceInfo")
9367 if resp.status != 200:
9368 raise Exception("GetDeviceInfo failed")
9369
9370 # No NewWLANEventType in PutWLANResponse NewMessage
9371 conn = HTTPConnection(url.netloc)
9372 resp = upnp_soap_action(conn, ctrlurl.path, "PutWLANResponse", newmsg="foo")
9373 if resp.status != 600:
9374 raise Exception("Unexpected HTTP response: %d" % resp.status)
9375
9376 # No NewWLANEventMAC in PutWLANResponse NewMessage
9377 conn = HTTPConnection(url.netloc)
9378 resp = upnp_soap_action(conn, ctrlurl.path, "PutWLANResponse",
9379 newmsg="foo", neweventtype="1")
9380 if resp.status != 600:
9381 raise Exception("Unexpected HTTP response: %d" % resp.status)
9382
9383 # Invalid NewWLANEventMAC in PutWLANResponse NewMessage
9384 conn = HTTPConnection(url.netloc)
9385 resp = upnp_soap_action(conn, ctrlurl.path, "PutWLANResponse",
9386 newmsg="foo", neweventtype="1",
9387 neweventmac="foo")
9388 if resp.status != 600:
9389 raise Exception("Unexpected HTTP response: %d" % resp.status)
9390
9391 # Workaround for NewWLANEventMAC in PutWLANResponse NewMessage
9392 # Ignored unexpected PutWLANResponse WLANEventType 1
9393 conn = HTTPConnection(url.netloc)
9394 resp = upnp_soap_action(conn, ctrlurl.path, "PutWLANResponse",
9395 newmsg="foo", neweventtype="1",
9396 neweventmac="00.11.22.33.44.55")
9397 if resp.status != 500:
9398 raise Exception("Unexpected HTTP response: %d" % resp.status)
9399
9400 # PutWLANResponse NewMessage with invalid EAP message
9401 conn = HTTPConnection(url.netloc)
9402 resp = upnp_soap_action(conn, ctrlurl.path, "PutWLANResponse",
9403 newmsg="foo", neweventtype="2",
9404 neweventmac="00:11:22:33:44:55")
9405 if resp.status != 200:
9406 raise Exception("Unexpected HTTP response: %d" % resp.status)
9407
9408 with alloc_fail(hapd, 1, "web_connection_parse_subscribe"):
9409 conn = HTTPConnection(url.netloc)
9410 headers = {"callback": '<http://127.0.0.1:12345/event>',
9411 "NT": "upnp:event",
9412 "timeout": "Second-1234"}
9413 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
9414 try:
9415 resp = conn.getresponse()
9416 except:
9417 pass
9418
9419 with alloc_fail(hapd, 1, "dup_binstr;web_connection_parse_subscribe"):
9420 conn = HTTPConnection(url.netloc)
9421 headers = {"callback": '<http://127.0.0.1:12345/event>',
9422 "NT": "upnp:event",
9423 "timeout": "Second-1234"}
9424 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
9425 resp = conn.getresponse()
9426 if resp.status != 500:
9427 raise Exception("Unexpected HTTP response: %d" % resp.status)
9428
9429 with alloc_fail(hapd, 1, "wpabuf_alloc;web_connection_parse_unsubscribe"):
9430 conn = HTTPConnection(url.netloc)
9431 headers = {"callback": '<http://127.0.0.1:12345/event>',
9432 "NT": "upnp:event",
9433 "timeout": "Second-1234"}
9434 conn.request("UNSUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
9435 try:
9436 resp = conn.getresponse()
9437 except:
9438 pass
9439
9440 with alloc_fail(hapd, 1, "web_connection_unimplemented"):
9441 conn = HTTPConnection(url.netloc)
9442 conn.request("HEAD", "/wps_device.xml")
9443 try:
9444 resp = conn.getresponse()
9445 except:
9446 pass
9447
9448 def test_ap_wps_frag_ack_oom(dev, apdev):
9449 """WPS and fragment ack OOM"""
9450 dev[0].request("SET wps_fragment_size 50")
9451 hapd = wps_start_ap(apdev[0])
9452 with alloc_fail(hapd, 1, "eap_wsc_build_frag_ack"):
9453 wps_run_pbc_fail_ap(apdev[0], dev[0], hapd)
9454
9455 def wait_scan_stopped(dev):
9456 dev.request("ABORT_SCAN")
9457 for i in range(50):
9458 res = dev.get_driver_status_field("scan_state")
9459 if "SCAN_STARTED" not in res and "SCAN_REQUESTED" not in res:
9460 break
9461 logger.debug("Waiting for scan to complete")
9462 time.sleep(0.1)
9463
9464 @remote_compatible
9465 def test_ap_wps_eap_wsc_errors(dev, apdev):
9466 """WPS and EAP-WSC error cases"""
9467 ssid = "test-wps-conf-pin"
9468 appin = "12345670"
9469 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
9470 "wpa_passphrase": "12345678", "wpa": "2",
9471 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
9472 "fragment_size": "300", "ap_pin": appin}
9473 hapd = hostapd.add_ap(apdev[0], params)
9474 bssid = apdev[0]['bssid']
9475
9476 pin = dev[0].wps_read_pin()
9477 hapd.request("WPS_PIN any " + pin)
9478 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
9479 dev[0].dump_monitor()
9480
9481 dev[0].wps_reg(bssid, appin + " new_ssid=a", "new ssid", "WPA2PSK", "CCMP",
9482 "new passphrase", no_wait=True)
9483 ev = dev[0].wait_event(["WPS-FAIL"], timeout=10)
9484 if ev is None:
9485 raise Exception("WPS-FAIL not reported")
9486 dev[0].request("WPS_CANCEL")
9487 dev[0].wait_disconnected()
9488 wait_scan_stopped(dev[0])
9489 dev[0].dump_monitor()
9490
9491 dev[0].wps_reg(bssid, appin, "new ssid", "FOO", "CCMP",
9492 "new passphrase", no_wait=True)
9493 ev = dev[0].wait_event(["WPS-FAIL"], timeout=10)
9494 if ev is None:
9495 raise Exception("WPS-FAIL not reported")
9496 dev[0].request("WPS_CANCEL")
9497 dev[0].wait_disconnected()
9498 wait_scan_stopped(dev[0])
9499 dev[0].dump_monitor()
9500
9501 dev[0].wps_reg(bssid, appin, "new ssid", "WPA2PSK", "FOO",
9502 "new passphrase", no_wait=True)
9503 ev = dev[0].wait_event(["WPS-FAIL"], timeout=10)
9504 if ev is None:
9505 raise Exception("WPS-FAIL not reported")
9506 dev[0].request("WPS_CANCEL")
9507 dev[0].wait_disconnected()
9508 wait_scan_stopped(dev[0])
9509 dev[0].dump_monitor()
9510
9511 dev[0].wps_reg(bssid, appin + "new_key=a", "new ssid", "WPA2PSK", "CCMP",
9512 "new passphrase", no_wait=True)
9513 ev = dev[0].wait_event(["WPS-FAIL"], timeout=10)
9514 if ev is None:
9515 raise Exception("WPS-FAIL not reported")
9516 dev[0].request("WPS_CANCEL")
9517 dev[0].wait_disconnected()
9518 wait_scan_stopped(dev[0])
9519 dev[0].dump_monitor()
9520
9521 tests = ["eap_wsc_init",
9522 "eap_msg_alloc;eap_wsc_build_msg",
9523 "wpabuf_alloc;eap_wsc_process_fragment"]
9524 for func in tests:
9525 with alloc_fail(dev[0], 1, func):
9526 dev[0].request("WPS_PIN %s %s" % (bssid, pin))
9527 wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
9528 dev[0].request("WPS_CANCEL")
9529 dev[0].wait_disconnected()
9530 wait_scan_stopped(dev[0])
9531 dev[0].dump_monitor()
9532
9533 tests = [(1, "wps_decrypt_encr_settings"),
9534 (2, "hmac_sha256;wps_derive_psk")]
9535 for count, func in tests:
9536 hapd.request("WPS_PIN any " + pin)
9537 with fail_test(dev[0], count, func):
9538 dev[0].request("WPS_PIN %s %s" % (bssid, pin))
9539 wait_fail_trigger(dev[0], "GET_FAIL")
9540 dev[0].request("WPS_CANCEL")
9541 dev[0].wait_disconnected()
9542 wait_scan_stopped(dev[0])
9543 dev[0].dump_monitor()
9544
9545 with alloc_fail(dev[0], 1, "eap_msg_alloc;eap_sm_build_expanded_nak"):
9546 dev[0].wps_reg(bssid, appin + " new_ssid=a", "new ssid", "WPA2PSK",
9547 "CCMP", "new passphrase", no_wait=True)
9548 wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
9549 dev[0].request("WPS_CANCEL")
9550 dev[0].wait_disconnected()
9551 wait_scan_stopped(dev[0])
9552 dev[0].dump_monitor()
9553
9554 def test_ap_wps_eap_wsc(dev, apdev):
9555 """WPS and EAP-WSC in network profile"""
9556 params = int_eap_server_params()
9557 params["wps_state"] = "2"
9558 hapd = hostapd.add_ap(apdev[0], params)
9559 bssid = apdev[0]['bssid']
9560
9561 logger.info("Unexpected identity")
9562 dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", scan_freq="2412",
9563 eap="WSC", identity="WFA-SimpleConfig-Enrollee-unexpected",
9564 wait_connect=False)
9565 ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=5)
9566 if ev is None:
9567 raise Exception("No EAP-Failure seen")
9568 dev[0].request("REMOVE_NETWORK all")
9569 dev[0].wait_disconnected()
9570
9571 logger.info("No phase1 parameter")
9572 dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", scan_freq="2412",
9573 eap="WSC", identity="WFA-SimpleConfig-Enrollee-1-0",
9574 wait_connect=False)
9575 ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=5)
9576 if ev is None:
9577 raise Exception("Timeout on EAP method start")
9578 ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=5)
9579 if ev is None:
9580 raise Exception("No EAP-Failure seen")
9581 dev[0].request("REMOVE_NETWORK all")
9582 dev[0].wait_disconnected()
9583
9584 logger.info("No PIN/PBC in phase1")
9585 dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", scan_freq="2412",
9586 eap="WSC", identity="WFA-SimpleConfig-Enrollee-1-0",
9587 phase1="foo", wait_connect=False)
9588 ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=5)
9589 if ev is None:
9590 raise Exception("Timeout on EAP method start")
9591 ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=5)
9592 if ev is None:
9593 raise Exception("No EAP-Failure seen")
9594 dev[0].request("REMOVE_NETWORK all")
9595 dev[0].wait_disconnected()
9596
9597 logger.info("Invalid pkhash in phase1")
9598 dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", scan_freq="2412",
9599 eap="WSC", identity="WFA-SimpleConfig-Enrollee-1-0",
9600 phase1="foo pkhash=q pbc=1", wait_connect=False)
9601 ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=5)
9602 if ev is None:
9603 raise Exception("Timeout on EAP method start")
9604 ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=5)
9605 if ev is None:
9606 raise Exception("No EAP-Failure seen")
9607 dev[0].request("REMOVE_NETWORK all")
9608 dev[0].wait_disconnected()
9609
9610 logger.info("Zero fragment_size")
9611 dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", scan_freq="2412",
9612 eap="WSC", identity="WFA-SimpleConfig-Enrollee-1-0",
9613 fragment_size="0", phase1="pin=12345670", wait_connect=False)
9614 ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=5)
9615 if ev is None:
9616 raise Exception("Timeout on EAP method start")
9617 ev = dev[0].wait_event(["WPS-M2D"], timeout=5)
9618 if ev is None:
9619 raise Exception("No M2D seen")
9620 ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=5)
9621 if ev is None:
9622 raise Exception("No EAP-Failure seen")
9623 dev[0].request("REMOVE_NETWORK all")
9624 dev[0].wait_disconnected()
9625
9626 logger.info("Missing new_auth")
9627 dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", scan_freq="2412",
9628 eap="WSC", identity="WFA-SimpleConfig-Enrollee-1-0",
9629 phase1="pin=12345670 new_ssid=aa", wait_connect=False)
9630 ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=5)
9631 if ev is None:
9632 raise Exception("Timeout on EAP method start")
9633 ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=5)
9634 if ev is None:
9635 raise Exception("No EAP-Failure seen")
9636 dev[0].request("REMOVE_NETWORK all")
9637 dev[0].wait_disconnected()
9638
9639 logger.info("Missing new_encr")
9640 dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", scan_freq="2412",
9641 eap="WSC", identity="WFA-SimpleConfig-Enrollee-1-0",
9642 phase1="pin=12345670 new_auth=WPA2PSK new_ssid=aa", wait_connect=False)
9643 ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=5)
9644 if ev is None:
9645 raise Exception("Timeout on EAP method start")
9646 ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=5)
9647 if ev is None:
9648 raise Exception("No EAP-Failure seen")
9649 dev[0].request("REMOVE_NETWORK all")
9650 dev[0].wait_disconnected()
9651
9652 logger.info("Missing new_key")
9653 dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", scan_freq="2412",
9654 eap="WSC", identity="WFA-SimpleConfig-Enrollee-1-0",
9655 phase1="pin=12345670 new_auth=WPA2PSK new_ssid=aa new_encr=CCMP",
9656 wait_connect=False)
9657 ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=5)
9658 if ev is None:
9659 raise Exception("Timeout on EAP method start")
9660 ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=5)
9661 if ev is None:
9662 raise Exception("No EAP-Failure seen")
9663 dev[0].request("REMOVE_NETWORK all")
9664 dev[0].wait_disconnected()
9665
9666 def test_ap_wps_and_bss_limit(dev, apdev):
9667 """WPS and wpa_supplicant BSS entry limit"""
9668 try:
9669 _test_ap_wps_and_bss_limit(dev, apdev)
9670 finally:
9671 dev[0].request("SET bss_max_count 200")
9672 pass
9673
9674 def _test_ap_wps_and_bss_limit(dev, apdev):
9675 params = {"ssid": "test-wps", "eap_server": "1", "wps_state": "2",
9676 "wpa_passphrase": "12345678", "wpa": "2",
9677 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"}
9678 hapd = hostapd.add_ap(apdev[0], params)
9679
9680 params = {"ssid": "test-wps-2", "eap_server": "1", "wps_state": "2",
9681 "wpa_passphrase": "1234567890", "wpa": "2",
9682 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"}
9683 hapd2 = hostapd.add_ap(apdev[1], params)
9684
9685 id = dev[1].add_network()
9686 dev[1].set_network(id, "mode", "2")
9687 dev[1].set_network_quoted(id, "ssid", "wpas-ap-no-wps")
9688 dev[1].set_network_quoted(id, "psk", "12345678")
9689 dev[1].set_network(id, "frequency", "2462")
9690 dev[1].set_network(id, "scan_freq", "2462")
9691 dev[1].set_network(id, "wps_disabled", "1")
9692 dev[1].select_network(id)
9693
9694 id = dev[2].add_network()
9695 dev[2].set_network(id, "mode", "2")
9696 dev[2].set_network_quoted(id, "ssid", "wpas-ap")
9697 dev[2].set_network_quoted(id, "psk", "12345678")
9698 dev[2].set_network(id, "frequency", "2437")
9699 dev[2].set_network(id, "scan_freq", "2437")
9700 dev[2].select_network(id)
9701
9702 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
9703 wpas.interface_add("wlan5")
9704 id = wpas.add_network()
9705 wpas.set_network(id, "mode", "2")
9706 wpas.set_network_quoted(id, "ssid", "wpas-ap")
9707 wpas.set_network_quoted(id, "psk", "12345678")
9708 wpas.set_network(id, "frequency", "2437")
9709 wpas.set_network(id, "scan_freq", "2437")
9710 wpas.select_network(id)
9711
9712 dev[1].wait_connected()
9713 dev[2].wait_connected()
9714 wpas.wait_connected()
9715 wpas.request("WPS_PIN any 12345670")
9716
9717 hapd.request("WPS_PBC")
9718 hapd2.request("WPS_PBC")
9719
9720 dev[0].request("SET bss_max_count 1")
9721
9722 id = dev[0].add_network()
9723 dev[0].set_network_quoted(id, "ssid", "testing")
9724
9725 id = dev[0].add_network()
9726 dev[0].set_network_quoted(id, "ssid", "testing")
9727 dev[0].set_network(id, "key_mgmt", "WPS")
9728
9729 dev[0].request("WPS_PBC")
9730 ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=10)
9731 dev[0].request("WPS_CANCEL")
9732
9733 id = dev[0].add_network()
9734 dev[0].set_network_quoted(id, "ssid", "testing")
9735 dev[0].set_network(id, "key_mgmt", "WPS")
9736
9737 dev[0].scan(freq="2412")
9738
9739 def test_ap_wps_pbc_2ap(dev, apdev):
9740 """WPS PBC with two APs advertising same SSID"""
9741 params = {"ssid": "wps", "eap_server": "1", "wps_state": "2",
9742 "wpa_passphrase": "12345678", "wpa": "2",
9743 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
9744 "wps_independent": "1"}
9745 hapd = hostapd.add_ap(apdev[0], params)
9746 params = {"ssid": "wps", "eap_server": "1", "wps_state": "2",
9747 "wpa_passphrase": "123456789", "wpa": "2",
9748 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
9749 "wps_independent": "1"}
9750 hapd2 = hostapd.add_ap(apdev[1], params)
9751 hapd.request("WPS_PBC")
9752
9753 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
9754 wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
9755 wpas.dump_monitor()
9756 wpas.flush_scan_cache()
9757
9758 wpas.scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True)
9759 wpas.scan_for_bss(apdev[1]['bssid'], freq="2412")
9760 wpas.request("WPS_PBC")
9761 wpas.wait_connected()
9762 wpas.request("DISCONNECT")
9763 hapd.request("DISABLE")
9764 hapd2.request("DISABLE")
9765 wpas.flush_scan_cache()
9766
9767 def test_ap_wps_er_enrollee_to_conf_ap(dev, apdev):
9768 """WPS ER enrolling a new device to a configured AP"""
9769 try:
9770 _test_ap_wps_er_enrollee_to_conf_ap(dev, apdev)
9771 finally:
9772 dev[0].request("WPS_ER_STOP")
9773
9774 def _test_ap_wps_er_enrollee_to_conf_ap(dev, apdev):
9775 ssid = "wps-er-enrollee-to-conf-ap"
9776 ap_pin = "12345670"
9777 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
9778 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
9779 "wpa_passphrase": "12345678", "wpa": "2",
9780 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
9781 "device_name": "Wireless AP", "manufacturer": "Company",
9782 "model_name": "WAP", "model_number": "123",
9783 "serial_number": "12345", "device_type": "6-0050F204-1",
9784 "os_version": "01020300",
9785 "config_methods": "label push_button",
9786 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"}
9787 hapd = hostapd.add_ap(apdev[0], params)
9788 bssid = hapd.own_addr()
9789
9790 id = dev[0].connect(ssid, psk="12345678", scan_freq="2412")
9791 dev[0].dump_monitor()
9792
9793 dev[0].request("WPS_ER_START ifname=lo")
9794 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
9795 if ev is None:
9796 raise Exception("AP discovery timed out")
9797 if ap_uuid not in ev:
9798 raise Exception("Expected AP UUID not found")
9799
9800 pin = dev[2].wps_read_pin()
9801 addr2 = dev[2].own_addr()
9802 dev[0].dump_monitor()
9803 dev[2].scan_for_bss(bssid, freq=2412)
9804 dev[2].dump_monitor()
9805 dev[2].request("WPS_PIN %s %s" % (bssid, pin))
9806
9807 for i in range(3):
9808 ev = dev[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout=10)
9809 if ev is None:
9810 raise Exception("Enrollee not seen")
9811 if addr2 in ev:
9812 break
9813 if addr2 not in ev:
9814 raise Exception("Unexpected Enrollee MAC address")
9815 dev[0].dump_monitor()
9816
9817 dev[0].request("WPS_ER_SET_CONFIG " + ap_uuid + " " + str(id))
9818 dev[0].request("WPS_ER_PIN " + addr2 + " " + pin + " " + addr2)
9819 dev[2].wait_connected(timeout=30)
9820 ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15)
9821 if ev is None:
9822 raise Exception("WPS ER did not report success")
9823
9824 def test_ap_wps_er_enrollee_to_conf_ap2(dev, apdev):
9825 """WPS ER enrolling a new device to a configured AP (2)"""
9826 try:
9827 _test_ap_wps_er_enrollee_to_conf_ap2(dev, apdev)
9828 finally:
9829 dev[0].request("WPS_ER_STOP")
9830
9831 def _test_ap_wps_er_enrollee_to_conf_ap2(dev, apdev):
9832 ssid = "wps-er-enrollee-to-conf-ap"
9833 ap_pin = "12345670"
9834 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
9835 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
9836 "wpa_passphrase": "12345678", "wpa": "2",
9837 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
9838 "device_name": "Wireless AP", "manufacturer": "Company",
9839 "model_name": "WAP", "model_number": "123",
9840 "serial_number": "12345", "device_type": "6-0050F204-1",
9841 "os_version": "01020300",
9842 "config_methods": "label push_button",
9843 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"}
9844 hapd = hostapd.add_ap(apdev[0], params)
9845 bssid = hapd.own_addr()
9846
9847 id = dev[0].connect(ssid, psk="12345678", scan_freq="2412")
9848 dev[0].dump_monitor()
9849
9850 dev[0].request("WPS_ER_START ifname=lo")
9851 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
9852 if ev is None:
9853 raise Exception("AP discovery timed out")
9854 if ap_uuid not in ev:
9855 raise Exception("Expected AP UUID not found")
9856
9857 dev[0].request("WPS_ER_LEARN " + ap_uuid + " " + ap_pin)
9858 ev = dev[0].wait_event(["WPS-ER-AP-SETTINGS"], timeout=15)
9859 if ev is None:
9860 raise Exception("AP learn timed out")
9861 if ap_uuid not in ev:
9862 raise Exception("Expected AP UUID not in settings")
9863 ev = dev[0].wait_event(["WPS-FAIL"], timeout=15)
9864 if ev is None:
9865 raise Exception("WPS-FAIL after AP learn timed out")
9866 time.sleep(0.1)
9867
9868 pin = dev[1].wps_read_pin()
9869 addr1 = dev[1].own_addr()
9870 dev[0].dump_monitor()
9871 dev[0].request("WPS_ER_PIN any " + pin)
9872 time.sleep(0.1)
9873 dev[1].scan_for_bss(bssid, freq=2412)
9874 dev[1].request("WPS_PIN any %s" % pin)
9875 ev = dev[1].wait_event(["WPS-SUCCESS"], timeout=30)
9876 if ev is None:
9877 raise Exception("Enrollee did not report success")
9878 dev[1].wait_connected(timeout=15)
9879 ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15)
9880 if ev is None:
9881 raise Exception("WPS ER did not report success")
9882
9883 def test_ap_wps_ignore_broadcast_ssid(dev, apdev):
9884 """WPS AP trying to ignore broadcast SSID"""
9885 ssid = "test-wps"
9886 hapd = hostapd.add_ap(apdev[0],
9887 {"ssid": ssid, "eap_server": "1", "wps_state": "1",
9888 "ignore_broadcast_ssid": "1"})
9889 if "FAIL" not in hapd.request("WPS_PBC"):
9890 raise Exception("WPS unexpectedly enabled")
9891
9892 def test_ap_wps_wep(dev, apdev):
9893 """WPS AP trying to enable WEP"""
9894 ssid = "test-wps"
9895 hapd = hostapd.add_ap(apdev[0],
9896 {"ssid": ssid, "eap_server": "1", "wps_state": "1",
9897 "ieee80211n": "0", "wep_key0": '"hello"'})
9898 if "FAIL" not in hapd.request("WPS_PBC"):
9899 raise Exception("WPS unexpectedly enabled")
9900
9901 def test_ap_wps_tkip(dev, apdev):
9902 """WPS AP trying to enable TKIP"""
9903 ssid = "test-wps"
9904 hapd = hostapd.add_ap(apdev[0],
9905 {"ssid": ssid, "eap_server": "1", "wps_state": "1",
9906 "ieee80211n": "0", "wpa": '1',
9907 "wpa_key_mgmt": "WPA-PSK",
9908 "wpa_passphrase": "12345678"})
9909 if "FAIL" not in hapd.request("WPS_PBC"):
9910 raise Exception("WPS unexpectedly enabled")
9911
9912 def test_ap_wps_conf_dummy_cred(dev, apdev):
9913 """WPS PIN provisioning with configured AP using dummy cred"""
9914 ssid = "test-wps-conf"
9915 hapd = hostapd.add_ap(apdev[0],
9916 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
9917 "wpa_passphrase": "12345678", "wpa": "2",
9918 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
9919 hapd.request("WPS_PIN any 12345670")
9920 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
9921 dev[0].dump_monitor()
9922 try:
9923 hapd.set("wps_testing_dummy_cred", "1")
9924 dev[0].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
9925 for i in range(1, 3):
9926 ev = dev[0].wait_event(["WPS-CRED-RECEIVED"], timeout=15)
9927 if ev is None:
9928 raise Exception("WPS credential %d not received" % i)
9929 dev[0].wait_connected(timeout=30)
9930 finally:
9931 hapd.set("wps_testing_dummy_cred", "0")
9932
9933 def test_ap_wps_rf_bands(dev, apdev):
9934 """WPS and wps_rf_bands configuration"""
9935 ssid = "test-wps-conf"
9936 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
9937 "wpa_passphrase": "12345678", "wpa": "2",
9938 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
9939 "wps_rf_bands": "ag"}
9940
9941 hapd = hostapd.add_ap(apdev[0], params)
9942 bssid = hapd.own_addr()
9943 hapd.request("WPS_PBC")
9944 dev[0].scan_for_bss(bssid, freq="2412")
9945 dev[0].dump_monitor()
9946 dev[0].request("WPS_PBC " + bssid)
9947 dev[0].wait_connected(timeout=30)
9948 bss = dev[0].get_bss(bssid)
9949 logger.info("BSS: " + str(bss))
9950 if "103c000103" not in bss['ie']:
9951 raise Exception("RF Bands attribute with expected values not found")
9952 dev[0].request("DISCONNECT")
9953 dev[0].wait_disconnected()
9954 hapd.set("wps_rf_bands", "ad")
9955 hapd.set("wps_rf_bands", "a")
9956 hapd.set("wps_rf_bands", "g")
9957 hapd.set("wps_rf_bands", "b")
9958 hapd.set("wps_rf_bands", "ga")
9959 hapd.disable()
9960 dev[0].dump_monitor()
9961 dev[0].flush_scan_cache()
9962
9963 def test_ap_wps_pbc_in_m1(dev, apdev):
9964 """WPS and pbc_in_m1"""
9965 ssid = "test-wps-conf"
9966 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
9967 "wpa_passphrase": "12345678", "wpa": "2",
9968 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
9969 "config_methods": "virtual_push_button virtual_display",
9970 "pbc_in_m1": "1"}
9971
9972 hapd = hostapd.add_ap(apdev[0], params)
9973 bssid = hapd.own_addr()
9974 hapd.request("WPS_PBC")
9975 dev[0].scan_for_bss(bssid, freq="2412")
9976 dev[0].dump_monitor()
9977 dev[0].request("WPS_PBC " + bssid)
9978 dev[0].wait_connected(timeout=30)
9979 dev[0].request("DISCONNECT")
9980 dev[0].wait_disconnected()
9981 hapd.disable()
9982 dev[0].dump_monitor()
9983 dev[0].flush_scan_cache()
9984
9985 def test_ap_wps_pbc_mac_addr_change(dev, apdev, params):
9986 """WPS M1 with MAC address change"""
9987 ssid = "test-wps-mac-addr-change"
9988 hapd = hostapd.add_ap(apdev[0],
9989 {"ssid": ssid, "eap_server": "1", "wps_state": "1"})
9990 hapd.request("WPS_PBC")
9991 if "PBC Status: Active" not in hapd.request("WPS_GET_STATUS"):
9992 raise Exception("PBC status not shown correctly")
9993 dev[0].flush_scan_cache()
9994
9995 test_addr = '02:11:22:33:44:55'
9996 addr = dev[0].get_status_field("address")
9997 if addr == test_addr:
9998 raise Exception("Unexpected initial MAC address")
9999
10000 try:
10001 subprocess.call(['ip', 'link', 'set', 'dev', dev[0].ifname, 'down'])
10002 subprocess.call(['ip', 'link', 'set', 'dev', dev[0].ifname, 'address',
10003 test_addr])
10004 subprocess.call(['ip', 'link', 'set', 'dev', dev[0].ifname, 'up'])
10005 addr1 = dev[0].get_status_field("address")
10006 if addr1 != test_addr:
10007 raise Exception("Failed to change MAC address")
10008
10009 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True)
10010 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
10011 dev[0].wait_connected(timeout=30)
10012 status = dev[0].get_status()
10013 if status['wpa_state'] != 'COMPLETED' or \
10014 status['bssid'] != apdev[0]['bssid']:
10015 raise Exception("Not fully connected")
10016
10017 out = run_tshark(os.path.join(params['logdir'], "hwsim0.pcapng"),
10018 "wps.message_type == 0x04",
10019 display=["wps.mac_address"])
10020 res = out.splitlines()
10021
10022 if len(res) < 1:
10023 raise Exception("No M1 message with MAC address found")
10024 if res[0] != addr1:
10025 raise Exception("Wrong M1 MAC address")
10026 dev[0].request("DISCONNECT")
10027 dev[0].wait_disconnected()
10028 hapd.disable()
10029 dev[0].dump_monitor()
10030 dev[0].flush_scan_cache()
10031 finally:
10032 # Restore MAC address
10033 subprocess.call(['ip', 'link', 'set', 'dev', dev[0].ifname, 'down'])
10034 subprocess.call(['ip', 'link', 'set', 'dev', dev[0].ifname, 'address',
10035 addr])
10036 subprocess.call(['ip', 'link', 'set', 'dev', dev[0].ifname, 'up'])
10037
10038 def test_ap_wps_pin_start_failure(dev, apdev):
10039 """WPS_PIN start failure"""
10040 with alloc_fail(dev[0], 1, "wpas_wps_start_dev_pw"):
10041 if "FAIL" not in dev[0].request("WPS_PIN any 12345670"):
10042 raise Exception("WPS_PIN not rejected during OOM")
10043 with alloc_fail(dev[0], 1, "wpas_wps_start_dev_pw"):
10044 if "FAIL" not in dev[0].request("WPS_PIN any"):
10045 raise Exception("WPS_PIN not rejected during OOM")
10046
10047 def test_ap_wps_ap_pin_failure(dev, apdev):
10048 """WPS_AP_PIN failure"""
10049 id = dev[0].add_network()
10050 dev[0].set_network(id, "mode", "2")
10051 dev[0].set_network_quoted(id, "ssid", "wpas-ap-wps")
10052 dev[0].set_network_quoted(id, "psk", "1234567890")
10053 dev[0].set_network(id, "frequency", "2412")
10054 dev[0].set_network(id, "scan_freq", "2412")
10055 dev[0].select_network(id)
10056 dev[0].wait_connected()
10057
10058 with fail_test(dev[0], 1,
10059 "os_get_random;wpa_supplicant_ctrl_iface_wps_ap_pin"):
10060 if "FAIL" not in dev[0].request("WPS_AP_PIN random"):
10061 raise Exception("WPS_AP_PIN random accepted")
10062 with alloc_fail(dev[0], 1, "wpas_wps_ap_pin_set"):
10063 if "FAIL" not in dev[0].request("WPS_AP_PIN set 12345670"):
10064 raise Exception("WPS_AP_PIN set accepted")
10065
10066 dev[0].request("DISCONNECT")
10067 dev[0].wait_disconnected()
10068
10069 def test_ap_wps_random_uuid(dev, apdev, params):
10070 """WPS and random UUID on Enrollee"""
10071 ssid = "test-wps-conf"
10072 hapd = hostapd.add_ap(apdev[0],
10073 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
10074 "wpa_passphrase": "12345678", "wpa": "2",
10075 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
10076
10077 config = os.path.join(params['logdir'], 'ap_wps_random_uuid.conf')
10078 with open(config, "w") as f:
10079 f.write("auto_uuid=1\n")
10080
10081 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
10082
10083 uuid = []
10084 for i in range(3):
10085 wpas.interface_add("wlan5", config=config)
10086
10087 wpas.scan_for_bss(apdev[0]['bssid'], freq="2412")
10088 wpas.dump_monitor()
10089 wpas.request("WPS_PBC " + apdev[0]['bssid'])
10090
10091 ev = hapd.wait_event(["WPS-ENROLLEE-SEEN"], timeout=10)
10092 if ev is None:
10093 raise Exception("Enrollee not seen")
10094 uuid.append(ev.split(' ')[2])
10095 wpas.request("WPS_CANCEL")
10096 wpas.dump_monitor()
10097
10098 wpas.interface_remove("wlan5")
10099
10100 hapd.dump_monitor()
10101
10102 logger.info("Seen UUIDs: " + str(uuid))
10103 if uuid[0] == uuid[1] or uuid[0] == uuid[2] or uuid[1] == uuid[2]:
10104 raise Exception("Same UUID used multiple times")
10105
10106 def test_ap_wps_conf_pin_gcmp_128(dev, apdev):
10107 """WPS PIN provisioning with configured AP using GCMP-128"""
10108 run_ap_wps_conf_pin_cipher(dev, apdev, "GCMP")
10109
10110 def test_ap_wps_conf_pin_gcmp_256(dev, apdev):
10111 """WPS PIN provisioning with configured AP using GCMP-256"""
10112 run_ap_wps_conf_pin_cipher(dev, apdev, "GCMP-256")
10113
10114 def test_ap_wps_conf_pin_ccmp_256(dev, apdev):
10115 """WPS PIN provisioning with configured AP using CCMP-256"""
10116 run_ap_wps_conf_pin_cipher(dev, apdev, "CCMP-256")
10117
10118 def run_ap_wps_conf_pin_cipher(dev, apdev, cipher):
10119 if cipher not in dev[0].get_capability("pairwise"):
10120 raise HwsimSkip("Cipher %s not supported" % cipher)
10121 ssid = "test-wps-conf-pin"
10122 hapd = hostapd.add_ap(apdev[0],
10123 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
10124 "wpa_passphrase": "12345678", "wpa": "2",
10125 "wpa_key_mgmt": "WPA-PSK",
10126 "rsn_pairwise": cipher})
10127 logger.info("WPS provisioning step")
10128 pin = dev[0].wps_read_pin()
10129 hapd.request("WPS_PIN any " + pin)
10130 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
10131 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
10132 dev[0].wait_connected(timeout=15)
10133
10134 def test_ap_wps_and_sae(dev, apdev):
10135 """Initial AP configuration with first WPS Enrollee and adding SAE"""
10136 try:
10137 run_ap_wps_and_sae(dev, apdev)
10138 finally:
10139 dev[0].set("wps_cred_add_sae", "0")
10140
10141 def run_ap_wps_and_sae(dev, apdev):
10142 ssid = "test-wps-sae"
10143 hapd = hostapd.add_ap(apdev[0],
10144 {"ssid": ssid, "eap_server": "1", "wps_state": "1",
10145 "wps_cred_add_sae": "1"})
10146 logger.info("WPS provisioning step")
10147 pin = dev[0].wps_read_pin()
10148 hapd.request("WPS_PIN any " + pin)
10149
10150 dev[0].set("wps_cred_add_sae", "1")
10151 dev[0].request("SET sae_groups ")
10152 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True)
10153 dev[0].request("WPS_PIN " + apdev[0]['bssid'] + " " + pin)
10154 dev[0].wait_connected(timeout=30)
10155 status = dev[0].get_status()
10156 if status['key_mgmt'] != "SAE":
10157 raise Exception("SAE not used")
10158 if 'pmf' not in status or status['pmf'] != "1":
10159 raise Exception("PMF not enabled")
10160
10161 pin = dev[1].wps_read_pin()
10162 hapd.request("WPS_PIN any " + pin)
10163 dev[1].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True)
10164 dev[1].request("WPS_PIN " + apdev[0]['bssid'] + " " + pin)
10165 dev[1].wait_connected(timeout=30)
10166 status = dev[1].get_status()
10167 if status['key_mgmt'] != "WPA2-PSK":
10168 raise Exception("WPA2-PSK not used")
10169 if 'pmf' in status:
10170 raise Exception("PMF enabled")
10171
10172 def test_ap_wps_conf_and_sae(dev, apdev):
10173 """WPS PBC provisioning with configured AP using PSK+SAE"""
10174 try:
10175 run_ap_wps_conf_and_sae(dev, apdev)
10176 finally:
10177 dev[0].set("wps_cred_add_sae", "0")
10178
10179 def run_ap_wps_conf_and_sae(dev, apdev):
10180 ssid = "test-wps-conf-sae"
10181 hapd = hostapd.add_ap(apdev[0],
10182 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
10183 "wpa_passphrase": "12345678", "wpa": "2",
10184 "ieee80211w": "1", "sae_require_mfp": "1",
10185 "wpa_key_mgmt": "WPA-PSK SAE",
10186 "rsn_pairwise": "CCMP"})
10187
10188 dev[0].set("wps_cred_add_sae", "1")
10189 dev[0].request("SET sae_groups ")
10190 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
10191 pin = dev[0].wps_read_pin()
10192 hapd.request("WPS_PIN any " + pin)
10193 dev[0].request("WPS_PIN " + apdev[0]['bssid'] + " " + pin)
10194 dev[0].wait_connected(timeout=30)
10195 status = dev[0].get_status()
10196 if status['key_mgmt'] != "SAE":
10197 raise Exception("SAE not used")
10198 if 'pmf' not in status or status['pmf'] != "1":
10199 raise Exception("PMF not enabled")
10200
10201 dev[1].connect(ssid, psk="12345678", scan_freq="2412", proto="WPA2",
10202 key_mgmt="WPA-PSK", ieee80211w="0")
10203
10204 def test_ap_wps_reg_config_and_sae(dev, apdev):
10205 """WPS registrar configuring an AP using AP PIN and using PSK+SAE"""
10206 try:
10207 run_ap_wps_reg_config_and_sae(dev, apdev)
10208 finally:
10209 dev[0].set("wps_cred_add_sae", "0")
10210
10211 def run_ap_wps_reg_config_and_sae(dev, apdev):
10212 ssid = "test-wps-init-ap-pin-sae"
10213 appin = "12345670"
10214 hostapd.add_ap(apdev[0],
10215 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
10216 "ap_pin": appin, "wps_cred_add_sae": "1"})
10217 logger.info("WPS configuration step")
10218 dev[0].set("wps_cred_add_sae", "1")
10219 dev[0].request("SET sae_groups ")
10220 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
10221 dev[0].dump_monitor()
10222 new_ssid = "wps-new-ssid"
10223 new_passphrase = "1234567890"
10224 dev[0].wps_reg(apdev[0]['bssid'], appin, new_ssid, "WPA2PSK", "CCMP",
10225 new_passphrase)
10226 status = dev[0].get_status()
10227 if status['key_mgmt'] != "SAE":
10228 raise Exception("SAE not used")
10229 if 'pmf' not in status or status['pmf'] != "1":
10230 raise Exception("PMF not enabled")
10231
10232 dev[1].connect(new_ssid, psk=new_passphrase, scan_freq="2412", proto="WPA2",
10233 key_mgmt="WPA-PSK", ieee80211w="0")
Unnamed repository; edit this file 'description' to name the repository.